1. Patchew
  2. linux
  3. View series

[PATCH] nfsd: reset write verifier on deferred writeback errors

Jeff Layton posted 1 patch 2 days, 2 hours ago 
fs/nfsd/vfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
[PATCH] nfsd: reset write verifier on deferred writeback errors
Posted by Jeff Layton 2 days, 2 hours ago 
nfsd_vfs_write() and nfsd_commit() both call filemap_check_wb_err() to
detect deferred writeback errors, but neither rotates the server's write
verifier (nn->writeverf) when this check fails. Every other
durable-storage-failure path in these functions calls
commit_reset_write_verifier() before returning an error.

The missing rotation means clients holding UNSTABLE write data under the
current verifier will COMMIT, receive the unchanged verifier back, and
conclude their data is durable — silently dropping data that failed
writeback. This violates the UNSTABLE+COMMIT durability contract
(RFC 1813 §3.3.7, RFC 8881 §18.32).

Add commit_reset_write_verifier() calls at both filemap_check_wb_err()
error sites, matching the pattern used by adjacent error paths in the
same functions. The helper already filters -EAGAIN and -ESTALE
internally, so the calls are unconditionally safe.

Reported-by: Chris Mason <clm@meta.com>
Assisted-by: kres:claude-opus-4-6
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
 fs/nfsd/vfs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index cba473969429..7e6468bdc723 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1513,8 +1513,10 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp,
 	nfsd_stats_io_write_add(nn, exp, *cnt);
 	fsnotify_modify(file);
 	host_err = filemap_check_wb_err(file->f_mapping, since);
-	if (host_err < 0)
+	if (host_err < 0) {
+		commit_reset_write_verifier(nn, rqstp, host_err);
 		goto out_nfserr;
+	}
 
 	if (stable && fhp->fh_use_wgather) {
 		host_err = wait_for_concurrent_writes(file);
@@ -1694,6 +1696,8 @@ nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfsd_file *nf,
 			nfsd_copy_write_verifier(verf, nn);
 			err2 = filemap_check_wb_err(nf->nf_file->f_mapping,
 						    since);
+			if (err2 < 0)
+				commit_reset_write_verifier(nn, rqstp, err2);
 			err = nfserrno(err2);
 			break;
 		case -EINVAL:

---
base-commit: 6167e81847ba3adca17d8881ed9415beae993e2d
change-id: 20260522-missing_verifier_reset_on_wb_err-480eb64a4ebe

Best regards,
-- 
Jeff Layton <jlayton@kernel.org>
Re: [PATCH] nfsd: reset write verifier on deferred writeback errors
Posted by Chuck Lever 1 day, 22 hours ago 
From: Chuck Lever <chuck.lever@oracle.com>

On Fri, 22 May 2026 12:44:19 -0400, Jeff Layton wrote:
> nfsd_vfs_write() and nfsd_commit() both call filemap_check_wb_err() to
> detect deferred writeback errors, but neither rotates the server's write
> verifier (nn->writeverf) when this check fails. Every other
> durable-storage-failure path in these functions calls
> commit_reset_write_verifier() before returning an error.
> 
> The missing rotation means clients holding UNSTABLE write data under the
> current verifier will COMMIT, receive the unchanged verifier back, and
> conclude their data is durable — silently dropping data that failed
> writeback. This violates the UNSTABLE+COMMIT durability contract
> (RFC 1813 §3.3.7, RFC 8881 §18.32).
> 
> [...]

Applied to nfsd-testing, thanks!

[1/1] nfsd: reset write verifier on deferred writeback errors
      commit: f8cf3c1c418ef04947bc16e4a2ef8074452de593

--
Chuck Lever <chuck.lever@oracle.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.