From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v2 03/12] chunk store: add unsafe signature to cache remove method
Date: Wed, 8 Oct 2025 17:21:16 +0200 [thread overview]
Message-ID: <20251008152125.849216-4-c.ebner@proxmox.com> (raw)
In-Reply-To: <20251008152125.849216-1-c.ebner@proxmox.com>
Removing a chunk file from the local datastore cache is rather unsafe
as several preconditions have to be met:
- The chunk store mutex guard has to be held, in order to avoid
concurrent operations on the chunk file
- It must be assured that the chunk to be removed is not referenced
by any visible index file.
- It must be assured that the chunk is not being indexed by an active
index writer (ongoing backup).
- It must be assured that the chunk is not being indexed by an active
index writer in an old process, still active after service reload
(ongoing backup in old process).
Add the unsafe signature to `LocalDatastoreLRUCache::remove()` to
signal these preconditions and limit the scope to be crate only.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-datastore/src/datastore.rs | 2 +-
pbs-datastore/src/local_datastore_lru_cache.rs | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/pbs-datastore/src/datastore.rs b/pbs-datastore/src/datastore.rs
index 7ef16c31e..acf22e9b0 100644
--- a/pbs-datastore/src/datastore.rs
+++ b/pbs-datastore/src/datastore.rs
@@ -1686,7 +1686,7 @@ impl DataStore {
|_status| {
if let Some(cache) = self.cache() {
// ignore errors, phase 3 will retry cleanup anyways
- let _ = cache.remove(&digest);
+ let _ = unsafe { cache.remove(&digest) };
}
delete_list.push(content.key);
Ok(())
diff --git a/pbs-datastore/src/local_datastore_lru_cache.rs b/pbs-datastore/src/local_datastore_lru_cache.rs
index c0edd3619..12b7f0aaa 100644
--- a/pbs-datastore/src/local_datastore_lru_cache.rs
+++ b/pbs-datastore/src/local_datastore_lru_cache.rs
@@ -86,8 +86,16 @@ impl LocalDatastoreLruCache {
/// Remove a chunk from the local datastore cache.
///
+ /// Callers to this method must assure that:
+ /// - no concurrent insert is being performed, the chunk store's mutex must be held.
+ /// - the chunk to be removed is no longer referenced by an index file.
+ /// - the chunk to be removed has not been inserted by an active writer (atime newer than
+ /// writer start time).
+ /// - there is no active writer in an old process, which could have inserted the chunk to be
+ /// deleted.
+ ///
/// Fails if the chunk cannot be deleted successfully.
- pub fn remove(&self, digest: &[u8; 32]) -> Result<(), Error> {
+ pub(crate) unsafe fn remove(&self, digest: &[u8; 32]) -> Result<(), Error> {
self.cache.remove(*digest);
let (path, _digest_str) = self.store.chunk_path(digest);
std::fs::remove_file(path).map_err(Error::from)
--
2.47.3
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-10-08 15:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 15:21 [pbs-devel] [PATCH proxmox-backup v2 00/12] s3 store: fix issues with chunk s3 backend upload and cache eviction Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 01/12] datastore: gc: inline single callsite method Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 02/12] gc: chunk store: rework atime check and gc status into common helper Christian Ebner
2025-10-08 15:21 ` Christian Ebner [this message]
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 04/12] local store cache: replace evicted cache chunks instead of truncate Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 05/12] local store cache: serve response fetched from s3 backend Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 06/12] local store cache: refactor fetch and insert of chunks for " Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 07/12] local store cache: rework access cache fetching and insert logic Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 08/12] local store cache: drop obsolete cacher implementation Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 09/12] chunk store: refactor method for chunk insertion Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 10/12] api: chunk upload: fix race between chunk backend upload and insert Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 11/12] api: chunk upload: fix race with garbage collection for no-cache on s3 Christian Ebner
2025-10-08 15:21 ` [pbs-devel] [PATCH proxmox-backup v2 12/12] pull: guard chunk upload and only insert into cache after upload Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008152125.849216-4-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox