On Wed, Nov 18, 2020 at 09:24:04AM +0200, Amir Goldstein wrote: > On Tue, Nov 17, 2020 at 8:29 PM Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > > > > On Tue, Nov 17, 2020 at 08:03:16PM +0200, Amir Goldstein wrote: > > > > > C. "shutdown" the filesystem if writeback errors happened and return > > > > > EIO from any read, like some blockdev filesystems will do in face > > > > > of metadata write errors > > > > > > > > > > I happen to have a branch ready for that ;-) > > > > > https://github.com/amir73il/linux/commits/ovl-shutdown > > > > > > > > > > > > This branch seems to implement shutdown ioctl. So it will still need > > > > glue code to detect writeback failure in upper/ and trigger shutdown > > > > internally? > > > > > > > > > > Yes. > > > ovl_get_acess() can check both the administrative ofs->goingdown > > > command and the upper writeback error condition for volatile ovl > > > or something like that. > > > > This approach will not help mmaped() pages though, if I do. > > > > - Store to addr > > - msync > > - Load from addr > > > > There is a chance that I can still read back old data. > > > > msync does not go through overlay. It goes directly to upper fs, > so it will sync pages and return error on volatile overlay as well. > > Maybe there will still be weird corner cases, but the shutdown approach > should cover most or all of the interesting cases. When would we check the errseq_t of the upperdir? Only when the user calls fsync, or upon close? Periodically? > > Thanks, > Amir. We can tackle this later, but I suggest the following semantics, which follow how ext4 works: https://www.kernel.org/doc/Documentation/filesystems/ext4.txt errors=remount-ro Remount the filesystem read-only on an error. errors=continue Keep going on a filesystem error. [Sargun: We probably don't want this one] errors=panic Panic and halt the machine if an error occurs. (These mount options override the errors behavior specified in the superblock, which can be configured using tune2fs) ---- We can potentially add a fourth option, which is shutdown -- that would return something like EIO or ESHUTDOWN for all calls. In addition to that, we should pass through the right errseqs to make the errseq helpers work: int filemap_check_wb_err(struct address_space *mapping, errseq_t since) [1] errseq_t filemap_sample_wb_err(struct address_space *mapping) [2] errseq_t file_sample_sb_err(struct file *file) etc... These are used by the VFS layer to check for errors after syncfs or for interactions with mapped files. [1]: https://elixir.bootlin.com/linux/v5.9.7/source/include/linux/fs.h#L2665 [2]: https://elixir.bootlin.com/linux/v5.9.7/source/include/linux/fs.h#L2688 [3]: https://elixir.bootlin.com/linux/v5.9.7/source/include/linux/fs.h#L2700
