Re: [nfsv4] RFC 7530: Filehandle of opened file after the REMOVE

Christoph Hellwig <> Thu, 29 December 2016 07:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 996541299BE for <>; Wed, 28 Dec 2016 23:48:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-3.1] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0rD04c_74YBN for <>; Wed, 28 Dec 2016 23:48:33 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E812E1299BC for <>; Wed, 28 Dec 2016 23:48:32 -0800 (PST)
Received: by (Postfix, from userid 2407) id 735B068C6F; Thu, 29 Dec 2016 08:48:30 +0100 (CET)
Date: Thu, 29 Dec 2016 08:48:30 +0100
From: Christoph Hellwig <>
To: Bruce James Fields <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.17 (2007-11-01)
Archived-At: <>
Cc: IETF NFSv4 WG Mailing List <>
Subject: Re: [nfsv4] RFC 7530: Filehandle of opened file after the REMOVE
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Dec 2016 07:48:34 -0000

On Wed, Dec 28, 2016 at 09:47:03PM -0500, Bruce James Fields wrote:
> I never seriously worked on it, but for a while I was in the habit of
> running it by people.  Christoph Hellwig thought it was doable (I think
> he suggested some sort of callback from the filesystem during the
> garbage collection, possibly because he had in mind some other
> application for that--but my memory may be wrong).  Chris Mason didn't
> like the idea at all.  He asked what we expect to happen on fsck, or if
> the filesystem gets mounted without nfs getting started, or... some
> other scenarios I forget.

The way open but unlinked files are handled by modern transaction
file systems is that the file system has a list of those inodes
(in XFS this is the unlinked inode list in the allocation group header,
other file systems use different terminologies and slightly different
technics, e.g. in ext4 the list is global for the whole file system).

After an unclean shutdown when file system recovery is run we'll perform
the deferred delete for all the inodes on the unlinked inode list.
At that point the file system could in theory inform NFSD about that
fact.  But at least as far as the current Linux kernel is concerned (
sorry for delving into implementation details, but I guess this is still
easier to understand than an abstract discussion) at the point where
file system performs recovery NFSD has not been started, or at least doesn't
know about the file system yet.   We could still persist that information
somewhere, or use a flag to delay the deletion of unlinked inodes until
NFSD runs.

> We could do the same silly rename tricks on the server side.  Something
> like: create a directory with an unlikely name in the root of the
> export, rename files there on REMOVE.  Possible problems:

Personally I'd love to see sillyrename die.  It's a major pain for
getting sensible semantics out of NFS.

> 	- you'll never be able to completely hide that directory.  But
> 	  maybe we could get some sort of filesystem support for a
> 	  hidden directory.

The unlinked inode list is almost a directory, except that it doesn't
have names for the entries, you can only find inodes on it by the inode
number and generation (aka NFS file handle).