On Thu, May 30, 2013 at 11:11 AM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, May 30, 2013 at 5:45 PM, Miklos Szeredi <miklos@xxxxxxxxxx> wrote: >> 1) check if destination directory is empty: upper directory contains a >> whiteout for each lower directory entry and nothing else >> 2) if empty then remove whiteouts in destination directory >> 3) and then go on with the normal rename procedure, replacing the empty >> destination directory with the source directory , >> >> This is done with directory locking, so atomicity is not usually a problem. >> But in case of a crash between 2) and 3) we just seriously corrupted the >> overlay. >> >> Suggestions for fixing that? > > Why not just do the NFS thing. That has worked forever - using a > sillyrename as a "pending deletion" instead of actually deleting > things. > > So in between (1) and (2), silly-rename the pseudo-empty target. At > that point (2) is no longer even an atomicity requirement, because you > can do the whiteout removal later. In fact, you probably want to do it > at the end, after doing the "real" rename. Okay, nice idea. More specifically we want to replace the directory containing whiteouts with an opaque empty directory, which can be done with a cross-rename. Then we are left with basically two new variants of rename: - cross rename - exchange two names - plain overwriting rename but whiteout source I'm fine with that. As for userspace interfaces I think the cross-rename is useful enough to justify a new syscall (rename/renameat don't have flags unfortunately). Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
