Bug #8930

zfs_zinactive: do not remove the node if the filesystem is readonly

Added by Andriy Gapon 7 months ago. Updated 7 months ago.

Status:ClosedStart date:2017-12-20
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:zfs - Zettabyte File System
Target version:-
Difficulty:Medium Tags:needs-triage

Description

We normally remove an unlinked node when its last user goes away and the
node becomes inactive. However, we should not do that if the filesystem
is mounted read-only including the case where it has its readonly
property set. The node will remain on the unlinked queue, so it will
not be leaked.

One particular scenario is when we receive an incremental stream into a
mounted read-only filesystem and that stream contains an unlinked file
(still on the unlinked queue). If that file is opened before the
receive and some time later after the receive it becomes inactive we
would remove it and, thus, modify the read-only filesystem. As a
result, the filesystem would diverge from its source and further
incremental receives would not be possible (without forcing a rollback).

Another related scenario, that may or may not be possible depending on an OS / VFS policy,
is when an open file is unlinked, then the filesystem is remounted read-only, and then the file
is closed.

History

#1 Updated by Electric Monk 7 months ago

  • % Done changed from 0 to 100
  • Status changed from New to Closed

git commit 93c618e0f4932dc0bb9a9c90d8c4a5d029de5797

commit  93c618e0f4932dc0bb9a9c90d8c4a5d029de5797
Author: Andriy Gapon <avg@FreeBSD.org>
Date:   2017-12-20T21:09:01.000Z

    8930 zfs_zinactive: do not remove the node if the filesystem is readonly
    Reviewed by: Matthew Ahrens <mahrens@delphix.com>
    Approved by: Gordon Ross <gwr@nexenta.com>

Also available in: Atom