How much are filesystem images trusted?

Matthew Dillon dillon at apollo.backplane.com
Fri Jul 25 09:21:56 PDT 2008


:
:Sounds good.  I was struggling to make sure a forced read-only mount
:would not clean up the undo FIFO and flush.  My attempts would result
:in a flush somewhere (unmount?) and then the second time the image was
:mounted, it would mount cleanly (having emptied the FIFO).  I didn't
:get as much time this week to read through the code as I had hoped.

    It isn't supposed to do that.  The recovered buffers are B_LOCKED
    if the kernel tries to write them out, so only HAMMER itself should
    be able to flush them.

    The recovery code is fairly careful to not update the root_volume
    header on a read-only mount.  If the volume header is getting updated
    anyway at some point there could be a bug in the normal flusher
    operation.

:Yes, I believe so.  Could you explain that flag (io.recovered)?  I
:thought it was just to designate that some recovery had been done on a
:volume, but I'm not sure.
:
:-- Dion

    When the recovery code modifies a buffer as part of the recovery
    operation it adds an extra ref to the buffer (buffer->io.lock.refs)
    and sets io.recovered.  The io.recovered bit flags the extra the ref.
    The extra ref prevents the buffer from being flushed by the kernel.

    Theoretically a read-only mount then also prevents HAMMER from flushing
    any dirty buffers, referenced or otherwise (the only dirty buffers
    that might exist when you do a read-only mount would be io.recovered
    buffers).

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Kernel mailing list