Re: [PATCH] nfsd: reset write verifier on deferred writeback errors

[Jeff Layton]

On Fri, 2026-05-22 at 14:36 -0400, Chuck Lever wrote:
> 
> On Fri, May 22, 2026, at 12:44 PM, Jeff Layton wrote:
> > nfsd_vfs_write() and nfsd_commit() both call filemap_check_wb_err() to
> > detect deferred writeback errors, but neither rotates the server's write
> > verifier (nn->writeverf) when this check fails. Every other
> > durable-storage-failure path in these functions calls
> > commit_reset_write_verifier() before returning an error.
> > 
> > The missing rotation means clients holding UNSTABLE write data under the
> > current verifier will COMMIT, receive the unchanged verifier back, and
> > conclude their data is durable — silently dropping data that failed
> > writeback. This violates the UNSTABLE+COMMIT durability contract
> > (RFC 1813 §3.3.7, RFC 8881 §18.32).
> > 
> > Add commit_reset_write_verifier() calls at both filemap_check_wb_err()
> > error sites, matching the pattern used by adjacent error paths in the
> > same functions. The helper already filters -EAGAIN and -ESTALE
> > internally, so the calls are unconditionally safe.
> > 
> > Reported-by: Chris Mason <clm@xxxxxxxx>
> > Assisted-by: kres:claude-opus-4-6
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> >  fs/nfsd/vfs.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> > index cba473969429..7e6468bdc723 100644
> > --- a/fs/nfsd/vfs.c
> > +++ b/fs/nfsd/vfs.c
> > @@ -1513,8 +1513,10 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct 
> > svc_fh *fhp,
> >  	nfsd_stats_io_write_add(nn, exp, *cnt);
> >  	fsnotify_modify(file);
> >  	host_err = filemap_check_wb_err(file->f_mapping, since);
> > -	if (host_err < 0)
> > +	if (host_err < 0) {
> > +		commit_reset_write_verifier(nn, rqstp, host_err);
> >  		goto out_nfserr;
> > +	}
> > 
> >  	if (stable && fhp->fh_use_wgather) {
> >  		host_err = wait_for_concurrent_writes(file);
> > @@ -1694,6 +1696,8 @@ nfsd_commit(struct svc_rqst *rqstp, struct svc_fh 
> > *fhp, struct nfsd_file *nf,
> >  			nfsd_copy_write_verifier(verf, nn);
> >  			err2 = filemap_check_wb_err(nf->nf_file->f_mapping,
> >  						    since);
> > +			if (err2 < 0)
> > +				commit_reset_write_verifier(nn, rqstp, err2);
> >  			err = nfserrno(err2);
> >  			break;
> >  		case -EINVAL:
> > 
> > ---
> > base-commit: 6167e81847ba3adca17d8881ed9415beae993e2d
> > change-id: 20260522-missing_verifier_reset_on_wb_err-480eb64a4ebe
> > 
> > Best regards,
> > -- 
> > Jeff Layton <jlayton@xxxxxxxxxx>
> 
> Do you have an additional fix pending that addresses the same bug
> in the async COPY path? If not, I can post one.
> 

No, I don't. I didn't spot that one before.

Handling it separately is probably good. That case isn't being called
from nfsd context, so it'll need different handling.
-- 
Jeff Layton <jlayton@xxxxxxxxxx>