From: Christian Ebner <c.ebner@proxmox.com>
To: Robert Obkircher <r.obkircher@proxmox.com>, pbs-devel@lists.proxmox.com
Subject: Re: [PATCH v1 proxmox 2/2] fix #7690: proxmox-sys: close fd before rename/unlink in replace_file
Date: Mon, 29 Jun 2026 13:18:21 +0200 [thread overview]
Message-ID: <0fb3fc84-c8cc-4cc8-be71-5bcdf4e95132@proxmox.com> (raw)
In-Reply-To: <20260617105000.232928-3-r.obkircher@proxmox.com>
On 6/17/26 12:49 PM, Robert Obkircher wrote:
> Fix the rename operation on WORM file systems and allow FUSE file
> systems to unlink without creating temporary .fuse_hidden files.
question: what about other helpers using a similar pattern when removing
a temp file in error case, e.g. unlink() after file content writing or
fsync() failed while still holding an open file descriptor in
atomic_open_or_create_file()? These will produce the .fuse_hidden files
as well?
> Closing the fd earlier shouldn't have any noticeable effects on normal
> file systems, because the path-based rename and unlink operations are
> completely separate from the content.
>
> Link: https://bugzilla.proxmox.com/show_bug.cgi?id=7690
> Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
> ---
> proxmox-sys/src/fs/file.rs | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/proxmox-sys/src/fs/file.rs b/proxmox-sys/src/fs/file.rs
> index 533e0896..03223e5a 100644
> --- a/proxmox-sys/src/fs/file.rs
> +++ b/proxmox-sys/src/fs/file.rs
> @@ -180,6 +180,7 @@ pub fn replace_file<P: AsRef<Path>>(
> let (mut file, tmp_path) = make_tmp_file(&path, options)?;
>
> if let Err(err) = file.write_all(data) {
> + drop(file);
> let _ = unistd::unlink(&tmp_path);
> bail!("write failed: {}", err);
> }
> @@ -187,11 +188,16 @@ pub fn replace_file<P: AsRef<Path>>(
> if fsync {
> // make sure data is on disk
> if let Err(err) = nix::unistd::fsync(file.as_raw_fd()) {
> + drop(file);
> let _ = unistd::unlink(&tmp_path);
> bail!("fsync failed: {}", err);
> }
> }
>
> + // Allow WORM file systems to commit the contents before the rename
> + // and prevent temporary .fuse_hidden* files created by unlink.
> + drop(file);
> +
> if let Err(err) = std::fs::rename(&tmp_path, &path) {
> let _ = unistd::unlink(&tmp_path);
> bail!(
next prev parent reply other threads:[~2026-06-29 11:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 10:49 [PATCH v1 proxmox 0/2] improve proxmox-sys::fs::replace_file Robert Obkircher
2026-06-17 10:49 ` [PATCH v1 proxmox 1/2] proxmox-sys: avoid unnecessary conversion in replace_file Robert Obkircher
2026-06-29 11:12 ` Christian Ebner
2026-06-17 10:49 ` [PATCH v1 proxmox 2/2] fix #7690: proxmox-sys: close fd before rename/unlink " Robert Obkircher
2026-06-29 11:18 ` Christian Ebner [this message]
2026-06-30 13:24 ` Robert Obkircher
2026-06-30 15:02 ` Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0fb3fc84-c8cc-4cc8-be71-5bcdf4e95132@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=r.obkircher@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox