From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 2 01:19:26 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4216A16A4CE for ; Fri, 2 Jul 2004 01:19:26 +0000 (GMT) Received: from kozubik.com (kozubik.com [65.248.2.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29EDC43D55 for ; Fri, 2 Jul 2004 01:19:26 +0000 (GMT) (envelope-from john@kozubik.com) Received: from kozubik.com (john@localhost [IPv6:::1]) by kozubik.com (8.12.3/8.12.3) with ESMTP id i621GoBx052925 for ; Thu, 1 Jul 2004 18:16:50 -0700 (PDT) (envelope-from john@kozubik.com) Received: from localhost (john@localhost) by kozubik.com (8.12.3/8.12.3/Submit) with ESMTP id i621GoDR052922 for ; Thu, 1 Jul 2004 18:16:50 -0700 (PDT) Date: Thu, 1 Jul 2004 18:16:50 -0700 (PDT) From: John Kozubik To: freebsd-hackers@freebsd.org In-Reply-To: Message-ID: <20040701172211.K806-100000@kozubik.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: writing to RW-mounted UFS2 snapshots - confirmed. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2004 01:19:26 -0000 On Thu, 1 Jul 2004, Q wrote: > > While this may not be "expected" behavior, I am curious why this is > > something that should be prevented, rather than verified for > > correctness? By "correct" I mean, that the copy on write process is > > performed correctly and modifications made to the snapshot don't > > modify the underlying filesystem elements also. > > Ok, I decided to be self sufficient and read Marshall McKusick's paper > on background fsck (which also covers snapshots) to answer my own > question. > > Firstly, one of the stated requirements for snapshots to function as > outlined in the paper is that they must be read only. The reason they > need to be read only is because the support for multiple snapshots > assumes that they cannot change, and handles block allocation of freed > blocks with this in mind. Supporting snapshot modification is outside > the scope of the original implementation and would require further > thought. This was the main reason that I decided to go back and see if this was really happening or not. I read the USENIX paper (McKusick) to be quite clear that snapshots must be read-only: "Writes to snapshot files are not permitted". However, nothing is said about writing files to, or changing files within, a mounted snapshot file. My initial assumption is that both activities are equally incorrect (and dangerous - especially for subsequent snapshots created after altering the first one). As for a solution, I suppose a quick fix would be to alter `mount` to disallow the read/write mount of a snapshot file. This is similar to the exception that is already coded into `unlink` to accomodate snapshot files. I just submitted a PR for this. ----- John Kozubik - john@kozubik.com - http://www.kozubik.com