On Wed, Dec 2, 2020 at 11:27 AM Sargun Dhillon <sargun@xxxxxxxxx> wrote: > > Overlayfs's volatile option allows the user to bypass all forced sync calls > to the upperdir filesystem. This comes at the cost of safety. We can never > ensure that the user's data is intact, but we can make a best effort to > expose whether or not the data is likely to be in a bad state. > > We decided[1] that the best way to handle this in the time being is that if > an overlayfs's upperdir experiences an error after a volatile mount occurs, > that error will be returned on fsync, fdatasync, sync, and syncfs. This is > contradictory to the traditional behaviour of VFS which fails the call > once, and only raises an error if a subsequent fsync error has occured, > and been raised by the filesystem. > > One awkward aspect of the patch is that we have to manually set the > superblock's errseq_t after the sync_fs callback as opposed to just > returning an error from syncfs. This is because the call chain looks > something like this: > > sys_syncfs -> > sync_filesystem -> > __sync_filesystem -> > /* The return value is ignored here > sb->s_op->sync_fs(sb) > _sync_blockdev > /* Where the VFS fetches the error to raise to userspace */ > errseq_check_and_advance > > Because of this we call errseq_set every time the sync_fs callback occurs. > > [1]: https://lore.kernel.org/linux-fsdevel/36d820394c3e7cd1faa1b28a8135136d5001dadd.camel@xxxxxxxxxx/T/#u > > Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx> > Suggested-by: Amir Goldstein <amir73il@xxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Cc: linux-unionfs@xxxxxxxxxxxxxxx > Cc: Jeff Layton <jlayton@xxxxxxxxxx> > Cc: Miklos Szeredi <miklos@xxxxxxxxxx> > Cc: Amir Goldstein <amir73il@xxxxxxxxx> > Cc: Vivek Goyal <vgoyal@xxxxxxxxxx> > --- Looks safe :-) Reviewed-by: Amir Goldstein <amir73il@xxxxxxxxx> We should consider sending this to stable, but maybe let's merge first and let it run in master for a while before because it is not a clear and immediate danger and if anyone is using volatile already I hope they read all the warnings on the box. Thanks, Amir.
