On Fri, Jan 8, 2021 at 1:10 AM Sargun Dhillon <sargun@xxxxxxxxx> wrote: > > Overlayfs's volatile option allows the user to bypass all forced sync calls > to the upperdir filesystem. This comes at the cost of safety. We can never > ensure that the user's data is intact, but we can make a best effort to > expose whether or not the data is likely to be in a bad state. > > The best way to handle this in the time being is that if an overlayfs's > upperdir experiences an error after a volatile mount occurs, that error > will be returned on fsync, fdatasync, sync, and syncfs. This is > contradictory to the traditional behaviour of VFS which fails the call > once, and only raises an error if a subsequent fsync error has occurred, > and been raised by the filesystem. > > One awkward aspect of the patch is that we have to manually set the > superblock's errseq_t after the sync_fs callback as opposed to just > returning an error from syncfs. This is because the call chain looks > something like this: > > sys_syncfs -> > sync_filesystem -> > __sync_filesystem -> > /* The return value is ignored here > sb->s_op->sync_fs(sb) > _sync_blockdev > /* Where the VFS fetches the error to raise to userspace */ > errseq_check_and_advance > > Because of this we call errseq_set every time the sync_fs callback occurs. > Due to the nature of this seen / unseen dichotomy, if the upperdir is an > inconsistent state at the initial mount time, overlayfs will refuse to > mount, as overlayfs cannot get a snapshot of the upperdir's errseq that > will increment on error until the user calls syncfs. Thanks, this makes sense. Queued for v4.11. Miklos
