tech-kern: Re: Solution(?) to kern/28804: quotacheck crashes on FFSv2

Subject: Re: Solution(?) to kern/28804: quotacheck crashes on FFSv2
To: Bill Studenmund <wrstuden@NetBSD.org>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-kern
Date: 02/20/2007 04:59:54

    Date:        Mon, 19 Feb 2007 08:46:47 -0800
    From:        Bill Studenmund <wrstuden@NetBSD.org>
    Message-ID:  <20070219164647.GA7767@netbsd.org>

  | Our snapshopt person should chime in, but I think it's rather clear that
  | snapshots do not count towards quotas. This if we see a snapshot file, we
  | skip it.

I'm not a snapshot person, but I was once a quota person ... I suspect
that it makes no real difference what happens here (in general, not
specifically in quotacheck), as quotas and snapshots are really incompatible
with each other.

It isn't that it isn't possible to do something consistent in this case,
I just don't see that it is possible to do anything useful.

If files deleted from a filesystem that has a snapshot retuce the user's
usage count (or the group's of course) then it becomes trivial to make
use of the existence of a snapshot to (at least temporarily) exceed
the allocated quota (delete all files, use lots more space, then copy
files back from the snapshot just before the snapshot is deleted).

On the other hand, if the usage isn't reduced when a file remains in
the snapshot, then it can be close to impossible for a user to
reduce their usage when they need to create new files.  That's not
really what was ever intended.

Thus, using quotas and snapshots on the same filesystem really isn't
a good idea.

For quptacheck however, what needs to happen is whatever the kernel
does - quotacheck needs to produce the same usage counts as a
correctly functioning (not crashed) kernel would have produced - so if
the kernel is reducing the usage count even though blocks remain
in the snapshot, then quotacheck needs to do that as well.  If the
kernel doesn't reduce the usage until the blocks are freed, then
quotacheck needs to account for blocks in the snapshot.

kre

ps: I'm not sure that quotas make much sense on most systems regardless
of snapshots any more - they were designed in the days when hundreds
of users were sharing tens (or maybe small hundreds) of megabytes of
file system space, not when single (or very small numbers) of users
have hundreds of gigabytes available.