On Tue, Jul 04, 2006 at 03:32:36PM -0400, der Mouse wrote:
> >>> This one could be solved by deleting the file on disk when the
> >>> filesystem is made read-only, I think.
> >> That will [...] not, however, preserve the long-standing Unix
> >> semantics of continuing to use open-but-unlinked files.
> > Why couldn't the file continue to be used, even if it is deleted on
> > disk?  Remember, the filesystem is now RO, so nothing can reuse the
> > freed data and metadata for another purpose.
> 
> This depends on the filesystem, of course.
> 
> For FFS, I think this would work: the inode is cleared, but the inode
> is locked in core anyway while the file is open - and the data and
> indirect blocks will be marked free but, as you say, their contents
> will be undisturbed.

Maybe this strategy could be used even for journalling. The filesystem
could mark the inode, data and indirect blocks as free on disk, but
maintain a different map of allocated resources in core, which would still
have them as used, preventing their re-use. In the case of a crash, the in
core allocation info would disappear and the newly booted system would 
consider them free, as it should.

Pavel