From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 224631FF183
	for <inbox@lore.proxmox.com>; Wed,  8 Oct 2025 17:21:38 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id B4261C1B4;
	Wed,  8 Oct 2025 17:21:40 +0200 (CEST)
From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed,  8 Oct 2025 17:21:16 +0200
Message-ID: <20251008152125.849216-4-c.ebner@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20251008152125.849216-1-c.ebner@proxmox.com>
References: <20251008152125.849216-1-c.ebner@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1759936867146
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.043 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox-backup v2 03/12] chunk store: add unsafe
 signature to cache remove method
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

Removing a chunk file from the local datastore cache is rather unsafe
as several preconditions have to be met:
- The chunk store mutex guard has to be held, in order to avoid
  concurrent operations on the chunk file
- It must be assured that the chunk to be removed is not referenced
  by any visible index file.
- It must be assured that the chunk is not being indexed by an active
  index writer (ongoing backup).
- It must be assured that the chunk is not being indexed by an active
  index writer in an old process, still active after service reload
  (ongoing backup in old process).

Add the unsafe signature to `LocalDatastoreLRUCache::remove()` to
signal these preconditions and limit the scope to be crate only.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
 pbs-datastore/src/datastore.rs                 |  2 +-
 pbs-datastore/src/local_datastore_lru_cache.rs | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs
index 7ef16c31e..acf22e9b0 100644
--- a/pbs-datastore/src/datastore.rs
+++ b/pbs-datastore/src/datastore.rs
@@ -1686,7 +1686,7 @@ impl DataStore {
                         |_status| {
                             if let Some(cache) = self.cache() {
                                 // ignore errors, phase 3 will retry cleanup anyways
-                                let _ = cache.remove(&digest);
+                                let _ = unsafe { cache.remove(&digest) };
                             }
                             delete_list.push(content.key);
                             Ok(())
diff --git a/pbs-datastore/src/local_datastore_lru_cache.rs b/pbs-datastore/src/local_datastore_lru_cache.rs
index c0edd3619..12b7f0aaa 100644
--- a/pbs-datastore/src/local_datastore_lru_cache.rs
+++ b/pbs-datastore/src/local_datastore_lru_cache.rs
@@ -86,8 +86,16 @@ impl LocalDatastoreLruCache {
 
     /// Remove a chunk from the local datastore cache.
     ///
+    /// Callers to this method must assure that:
+    /// - no concurrent insert is being performed, the chunk store's mutex must be held.
+    /// - the chunk to be removed is no longer referenced by an index file.
+    /// - the chunk to be removed has not been inserted by an active writer (atime newer than
+    ///   writer start time).
+    /// - there is no active writer in an old process, which could have inserted the chunk to be
+    ///   deleted.
+    ///
     /// Fails if the chunk cannot be deleted successfully.
-    pub fn remove(&self, digest: &[u8; 32]) -> Result<(), Error> {
+    pub(crate) unsafe fn remove(&self, digest: &[u8; 32]) -> Result<(), Error> {
         self.cache.remove(*digest);
         let (path, _digest_str) = self.store.chunk_path(digest);
         std::fs::remove_file(path).map_err(Error::from)
-- 
2.47.3



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel