d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/ufs/ufs
History
Chuck Silvers d79ff54b5c This commit enables a UFS filesystem to do a forcible unmount when 
the underlying media fails or becomes inaccessible. For example
when a USB flash memory card hosting a UFS filesystem is unplugged.

The strategy for handling disk I/O errors when soft updates are
enabled is to stop writing to the disk of the affected file system
but continue to accept I/O requests and report that all future
writes by the file system to that disk actually succeed. Then
initiate an asynchronous forced unmount of the affected file system.

There are two cases for disk I/O errors:

   - ENXIO, which means that this disk is gone and the lower layers
     of the storage stack already guarantee that no future I/O to
     this disk will succeed.

   - EIO (or most other errors), which means that this particular
     I/O request has failed but subsequent I/O requests to this
     disk might still succeed.

For ENXIO, we can just clear the error and continue, because we
know that the file system cannot affect the on-disk state after we
see this error. For EIO or other errors, we arrange for the geom_vfs
layer to reject all future I/O requests with ENXIO just like is
done when the geom_vfs is orphaned. In both cases, the file system
code can just clear the error and proceed with the forcible unmount.

This new treatment of I/O errors is needed for writes of any buffer
that is involved in a dependency. Most dependencies are described
by a structure attached to the buffer's b_dep field. But some are
created and processed as a result of the completion of the dependencies
attached to the buffer.

Clearing of some dependencies require a read. For example if there
is a dependency that requires an inode to be written, the disk block
containing that inode must be read, the updated inode copied into
place in that buffer, and the buffer then written back to disk.

Often the needed buffer is already in memory and can be used. But
if it needs to be read from the disk, the read will fail, so we
fabricate a buffer full of zeroes and pretend that the read succeeded.
This zero'ed buffer can be updated and written back to disk.

The only case where a buffer full of zeros causes the code to do
the wrong thing is when reading an inode buffer containing an inode
that still has an inode dependency in memory that will reinitialize
the effective link count (i_effnlink) based on the actual link count
(i_nlink) that we read. To handle this case we now store the i_nlink
value that we wrote in the inode dependency so that it can be
restored into the zero'ed buffer thus keeping the tracking of the
inode link count consistent.

Because applications depend on knowing when an attempt to write
their data to stable storage has failed, the fsync(2) and msync(2)
system calls need to return errors if data fails to be written to
stable storage. So these operations return ENXIO for every call
made on files in a file system where we have otherwise been ignoring
I/O errors.

Coauthered by: mckusick
Reviewed by:   kib
Tested by:     Peter Holm
Approved by:   mckusick (mentor)
Sponsored by:  Netflix
Differential Revision:  https://reviews.freebsd.org/D24088
2020-05-25 23:47:31 +00:00
..
acl.h
dinode.h
Continuing efforts to provide hardening of FFS. This change adds a
2018-12-11 22:14:37 +00:00
dir.h
Simplify calculation of DIRECTSIZ. No functional change intended.
2019-05-03 21:46:25 +00:00
dirhash.h
extattr.h
gjournal.h
inode.h
Convert DOINGSOFTDEP, MOUNTEDSOFTDEP, DOINGSUJ, and MOUNTEDSUJ to being
2020-04-03 20:30:45 +00:00
quota.h
README.acls
README.extattr
ufs_acl.c
ufs: add a setter for inode i_flag field
2020-01-13 02:31:51 +00:00
ufs_bmap.c
The error reported in FS-14-UFS-3 can only happen on UFS/FFS
2019-07-17 22:07:43 +00:00
ufs_dirhash.c
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)
2020-02-26 14:26:36 +00:00
ufs_extattr.c
vfs: drop the mostly unused flags argument from VOP_UNLOCK
2020-01-03 22:29:58 +00:00
ufs_extern.h
UFS: implement VOP_INACTIVE()
2019-12-10 14:07:05 +00:00
ufs_gjournal.c
Update ffs_getcg() function to accept a flags parameter to be passed
2019-10-04 05:28:36 +00:00
ufs_inode.c
ufs: add the missing vn_need_pageq_flush call to ufs_need_inactive
2020-01-30 05:37:35 +00:00
ufs_lookup.c
ufs: add a setter for inode i_flag field
2020-01-13 02:31:51 +00:00
ufs_quota.c
vfs: rework vnode list management
2020-01-13 02:37:25 +00:00
ufs_vfsops.c
Fix state of dquot-less vnodes after failed quotaoff.
2018-09-19 14:36:57 +00:00
ufs_vnops.c
This commit enables a UFS filesystem to do a forcible unmount when
2020-05-25 23:47:31 +00:00
ufsmount.h
This commit enables a UFS filesystem to do a forcible unmount when
2020-05-25 23:47:31 +00:00

README.extattr 

$FreeBSD$

  UFS Extended Attributes Copyright

The UFS Extended Attributes implementation is copyright Robert Watson, and
is made available under a Berkeley-style license.

  About UFS Extended Attributes

Extended attributes allow the association of additional arbitrary
meta-data with files and directories.  Extended attributes are defined in
the form name=value, where name is an nul-terminated string in the style
of a filename, and value is a binary blob of zero or more bytes. The UFS
extended attribute service layers support for extended attributes onto a
backing file, in the style of the quota implementation, meaning that it
requires no underlying format changes in the filesystem.  This design
choice exchanges simplicity, usability and easy deployment for
performance.  When defined, extended attribute names exist in a series of
disjoint namespaces: currently, two namespaces are defined:
EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER.  The primary
distinction lies in the protection model: USER EAs are protected using the
normal inode protections, whereas SYSTEM EAs require privilege to access
or modify.

  Using UFS Extended Attributes

Support for UFS extended attributes is natively available in UFS2, and
requires no special configuration.  For reliability, administrative,
and performance reasons, if you plan to use extended attributes, it
is recommended that you use UFS2 in preference to UFS1.

Support for UFS extended attributes may be enabled for UFS1 by adding:

	options UFS_EXTATTR

to your kernel configuration file.  This allows UFS-based filesystems to
support extended attributes, but requires manual administration of EAs
using the extattrctl tool, including the starting of EA support for each
filesystem, and the enabling of individual attributes for the file
system.  The extattrctl utility may be used to initialize backing files
before first use, to start and stop EA service on a filesystem, and to
enable and disable named attributes.  The command lines for extattrctl
take the following forms:

  extattrctl start [path]
  extattrctl stop [path]
  extattrctl initattr [-f] [-p path] [attrsize] [attrfile]
  extattrctl enable [path] [attrnamespace] [attrname] [attrfile]
  extattrctl disable [path] [attrnamespace] [attrname]

In each case, [path] is used to indicate the mounted filesystem on which
to perform the operation.  [attrnamespace] refers to the namespace in
which the attribute is being manipulated, and may be "system" or "user".  
The [attrname] is the attribute name to use for the operation. The
[attrfile] argument specifies the attribute backing file to use. When
using the "initattr" function to initialize a backing file, the maximum
size of attribute data must be defined in bytes using the [attrsize]
field.  Optionally, the [-p path] argument may be used to indicate to
extattrctl that it should pre-allocate space for EA data, rather than
creating a sparse backing file.  This prevents attribute operations from
failing in low disk-space conditions (which can be important when EAs are
used for security purposes), but pre-allocation will consume space
proportional to the product of the defined maximum attribute size and
number of attributes on the specified filesystem.

Manual configuration increases administrative overhead, but also
introduces the possibility of race conditions during filesystem mount, if
EAs are used to support other features, as starting the EAs manually is
not atomic with the mount operation.  To address this problem, an
additional kernel option may be defined to auto-start EAs on a UFS file
system based on special directories at mount-time:

	options UFS_EXTATTR_AUTOSTART

If this option is defined, UFS will search for a ".attribute"
sub-directory of the filesystem root during the mount operation.  If it
is found, EA support will be started for the filesystem.  UFS will then
search for "system" and "user" sub-directories of the ".attribute"
directory for any potential backing files, and enable an EA for each valid
backing file with the name of the backing file as the attribute name.  
For example, by creating the following tree, the two EAs,
posix1e.acl_access and posix1e.acl_default will be enabled in the system
namespace of the root filesystem, reserving space for attribute data:

  mkdir -p /.attribute/system
  cd /.attribute/system
  extattrctl initattr -p / 388 posix1e.acl_access
  extattrctl initattr -p / 388 posix1e.acl_default

On the next mount of the root filesystem, the attributes will be
automatically started.