Fix incomplete freed list head recovery in dirty_alloc_blocks

dirty_alloc_blocks saves the freed list state before modifying it so
it can roll back on error.  But it only saved the block_ref (blkno
+ seq), not the full alloc_list_head which also includes first_nr,
total_nr, and flags.

When the freed list's head block is nearly full, dirty_alloc_blocks
forces allocation of a new empty head block. It zeros alloc->freed.ref
and sets alloc->freed.first_nr = 0.  dirty_list_block then sees the
empty ref, allocates a fresh block, and updates alloc->freed.ref to
point at it. first_nr = 0 correctly describes that new empty block. All
good so far.

If the subsequent avail dirty_list_block fails, the error path restores
alloc->freed.ref to orig_freed but leaves alloc->freed.first_nr at 0.
The original head block still holds its N entries on disk, but the
in-memory head now claims first_nr = 0 -- the recovery should have
rewound first_nr back to N along with the ref, but had no saved copy
to rewind from.

On the next dirty_alloc_blocks call the threshold check sees first_nr =
0! (full empty space) and skips the new-block path.  dirty_list_block
CoWs the existing head block and list_block_add writes new entries
past the N already-present blknos while incrementing first_nr from 0.
The head's first_nr drifts permanently below the block's actual nr.
This leads to the alloc list head/block mismatch BUG_ON at alloc.c:375
and downstream extent overlap errors that permanently stall the server.

Fix by saving and restoring the full scoutfs_alloc_list_head struct
instead of just the scoutfs_block_ref. Exposed by stress testing.

Signed-off-by: Auke Kok <auke.kok@versity.com>

ReleaseNotes.md

@@ -1,20 +1,6 @@
 Versity ScoutFS Release Notes
 =============================
 
----
-v1.32
-\
-*June 2, 2026*
-
-Fix writing POSIX ACLs over NFS mounts that export the scoutfs
-filesystem.
-
-Add support for kernels in the RHEL 9.8 minor release.
-
-Reduce unneeded block allocation when data\_prealloc\_contig\_only was
-set to 0. This will help achieve more efficient data space usage when
-writing small files.
-
 ---
 v1.31
 \

kmod/src/Makefile.kernelcompat

@@ -479,16 +479,6 @@ ifneq (,$(shell grep '^unsigned int stack_trace_save' include/linux/stacktrace.h
 ccflags-y += -DKC_STACK_TRACE_SAVE
 endif
 
-#
-# v3.14-rc1-7-g4e34e719e457
-#
-# .set_acl callback added to struct inode_operations.  Most kernels
-# we target have it, but el7 (3.10 base) does not, so detect.
-#
-ifneq (,$(shell grep 'int ..set_acl..struct' include/linux/fs.h))
-ccflags-y += -DKC_HAS_SET_ACL
-endif
-
 #
 # v6.1-rc1-2-g138060ba92b3
 #
@@ -506,12 +496,3 @@ endif
 ifneq (,$(shell grep 'struct posix_acl.*get_inode_acl' include/linux/fs.h))
 ccflags-y += -DKC_GET_INODE_ACL
 endif
-
-#
-# v6.15-13744-g41cb08555c41
-#
-# from_timer renamed to timer_container_of.
-#
-ifneq (,$(shell grep 'define timer_container_of' include/linux/timer.h))
-ccflags-y += -DKC_TIMER_CONTAINER_OF
-endif

kmod/src/acl.c

@@ -216,8 +216,7 @@ int scoutfs_set_acl(KC_VFS_NS_DEF
 {
 	struct inode *inode = dentry->d_inode;
 #else
-int scoutfs_set_acl(KC_VFS_NS_DEF
-		    struct inode *inode, struct posix_acl *acl, int type)
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 {
 #endif
 	struct super_block *sb = inode->i_sb;
@@ -310,7 +309,7 @@ int scoutfs_acl_set_xattr(struct dentry *dentry, const char *name, const void *v
 #ifdef KC_SET_ACL_DENTRY
 	ret = scoutfs_set_acl(KC_VFS_INIT_NS dentry, acl, type);
 #else
-	ret = scoutfs_set_acl(KC_VFS_INIT_NS dentry->d_inode, acl, type);
+	ret = scoutfs_set_acl(dentry->d_inode, acl, type);
 #endif
 out:
 	posix_acl_release(acl);

kmod/src/acl.h

@@ -5,8 +5,7 @@
 int scoutfs_set_acl(KC_VFS_NS_DEF
 		    struct dentry *dentry, struct posix_acl *acl, int type);
 #else
-int scoutfs_set_acl(KC_VFS_NS_DEF
-		    struct inode *inode, struct posix_acl *acl, int type);
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
 #endif
 #ifdef KC_GET_INODE_ACL
 struct posix_acl *scoutfs_get_acl(struct inode *inode, int type, bool rcu);

kmod/src/alloc.c

@@ -490,7 +490,7 @@ static int dirty_alloc_blocks(struct super_block *sb,
 			      struct scoutfs_alloc *alloc,
 			      struct scoutfs_block_writer *wri)
 {
-	struct scoutfs_block_ref orig_freed;
+	struct scoutfs_alloc_list_head orig_freed;
 	struct scoutfs_alloc_list_block *lblk;
 	struct scoutfs_block *av_bl = NULL;
 	struct scoutfs_block *fr_bl = NULL;
@@ -508,7 +508,7 @@ static int dirty_alloc_blocks(struct super_block *sb,
 	mutex_lock(&alloc->mutex);
 
 	/* undo dirty freed if we get an error after */
-	orig_freed = alloc->freed.ref;
+	orig_freed = alloc->freed;
 
 	if (alloc->dirty_avail_bl != NULL) {
 		ret = 0;
@@ -549,7 +549,7 @@ static int dirty_alloc_blocks(struct super_block *sb,
 	if (link_orig) {
 		/* .. and point the new block at the rest of the list */
 		lblk = fr_bl->data;
-		lblk->next = orig_freed;
+		lblk->next = orig_freed.ref;
 		lblk = NULL;
 	}
 
@@ -574,10 +574,10 @@ static int dirty_alloc_blocks(struct super_block *sb,
 	ret = 0;
 
 out:
-	if (ret < 0 && alloc->freed.ref.blkno != orig_freed.blkno) {
+	if (ret < 0 && alloc->freed.ref.blkno != orig_freed.ref.blkno) {
 		if (fr_bl)
 			scoutfs_block_writer_forget(sb, wri, fr_bl);
-		alloc->freed.ref = orig_freed;
+		alloc->freed = orig_freed;
 	}
 
 	mutex_unlock(&alloc->mutex);

kmod/src/data.c

@@ -422,8 +422,6 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 
 	mutex_lock(&datinf->mutex);
 
-	scoutfs_inode_get_onoff(inode, &online, &offline);
-
 	/* default to single allocation at the written block */
 	start = iblock;
 	count = 1;
@@ -446,6 +444,7 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 		 * the preallocation size to the number of online
 		 * blocks.
 		 */
+		scoutfs_inode_get_onoff(inode, &online, &offline);
 		if (iblock > 1 && iblock == online) {
 			ret = scoutfs_ext_next(sb, &data_ext_ops, &args,
 					       iblock, 1, &found);
@@ -487,13 +486,6 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 		/* trim count by next extent after iblock */
 		if (found.len && found.start > start && found.start < start + count)
 			count = (found.start - start);
-
-		/*
-		 * Ramp the aligned region size up proportionally with
-		 * the file's online block count rather than jumping to
-		 * the full prealloc size.
-		 */
-		count = max_t(u64, 1, min(count, online));
 	}
 
 	/* overall prealloc limit */

kmod/src/dir.c

@@ -2063,7 +2063,7 @@ const struct inode_operations scoutfs_dir_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 	.symlink	= scoutfs_symlink,

kmod/src/fence.c

@@ -222,7 +222,7 @@ static struct attribute *fence_attrs[] = {
 
 static void fence_timeout(struct timer_list *timer)
 {
-	struct pending_fence *fence = timer_container_of(fence, timer, timer);
+	struct pending_fence *fence = from_timer(fence, timer, timer);
 	struct super_block *sb = fence->sb;
 	DECLARE_FENCE_INFO(sb, fi);
 

kmod/src/inode.c

@@ -154,7 +154,7 @@ static const struct inode_operations scoutfs_file_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 	.fiemap		= scoutfs_data_fiemap,
@@ -174,7 +174,7 @@ static const struct inode_operations scoutfs_special_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 };

kmod/src/kernelcompat.h

@@ -489,9 +489,4 @@ static inline void stack_trace_print(unsigned long *entries, unsigned int nr_ent
 }
 #endif
 
-#ifndef KC_TIMER_CONTAINER_OF
-#define timer_container_of(var, callback_timer, timer_fieldname) \
-	from_timer(var, callback_timer, timer_fieldname)
-#endif
-
 #endif

kmod/src/recov.c

@@ -134,7 +134,7 @@ static int recov_finished(struct recov_info *recinf)
 
 static void timer_callback(struct timer_list *timer)
 {
-	struct recov_info *recinf = timer_container_of(recinf, timer, timer);
+	struct recov_info *recinf = from_timer(recinf, timer, timer);
 
 	recinf->timeout_fn(recinf->sb);
 }

tests/funcs/filter.sh

@@ -171,13 +171,6 @@ t_filter_dmesg()
 	# orphan log trees reclaim is handled, not an error
 	re="$re|scoutfs .* reclaiming orphan log trees"
 
-	# nfs can emit a whole range of messages we can ignore
-	re="$re|Installing knfsd .*"
-	re="$re|nfsd: .*"
-	re="$re|NFSD: .*"
-	re="$re|RPC: .*"
-	re="$re|FS-Cache: .*"
-
 	# fencing tests force unmounts and trigger timeouts
 	re="$re|scoutfs .* forcing unmount"
 	re="$re|scoutfs .* reconnect timed out"

tests/golden/basic-nfs

@@ -1,32 +0,0 @@
-== write via NFS, read both sides
-== POSIX ACL set via NFS, read both sides
-user::rw-
-user:22222:rw-
-group::r--
-mask::rw-
-other::r--
-
-user::rw-
-user:22222:rw-
-group::r--
-mask::rw-
-other::r--
-
-== POSIX ACL set on scoutfs, read via NFS
-user::rw-
-user:22222:rw-
-group::r--
-group:44444:r--
-mask::rw-
-other::r--
-
-== default ACL inheritance via NFS
-user::rw-
-user:22222:rwx	#effective:rw-
-group::r-x	#effective:r--
-mask::rw-
-other::r--
-
-== NFS read demand-stages a released file
-1
-== cleanup

tests/golden/data-prealloc

@@ -8,10 +8,10 @@
 /mnt/test/test/data-prealloc/file-1: extents: 32
 /mnt/test/test/data-prealloc/file-2: extents: 32
 == any writes to region prealloc get full extents
-/mnt/test/test/data-prealloc/file-1: extents: 8
-/mnt/test/test/data-prealloc/file-2: extents: 8
-/mnt/test/test/data-prealloc/file-1: extents: 8
-/mnt/test/test/data-prealloc/file-2: extents: 8
+/mnt/test/test/data-prealloc/file-1: extents: 4
+/mnt/test/test/data-prealloc/file-2: extents: 4
+/mnt/test/test/data-prealloc/file-1: extents: 4
+/mnt/test/test/data-prealloc/file-2: extents: 4
 == streaming offline writes get full extents either way
 /mnt/test/test/data-prealloc/file-1: extents: 4
 /mnt/test/test/data-prealloc/file-2: extents: 4
@@ -20,8 +20,8 @@
 == goofy preallocation amounts work
 /mnt/test/test/data-prealloc/file-1: extents: 6
 /mnt/test/test/data-prealloc/file-2: extents: 6
-/mnt/test/test/data-prealloc/file-1: extents: 10
-/mnt/test/test/data-prealloc/file-2: extents: 10
+/mnt/test/test/data-prealloc/file-1: extents: 6
+/mnt/test/test/data-prealloc/file-2: extents: 6
 /mnt/test/test/data-prealloc/file-1: extents: 3
 /mnt/test/test/data-prealloc/file-2: extents: 3
 == block writes into region allocs hole

tests/sequence

@@ -3,7 +3,6 @@ basic-block-counts.sh
 basic-bad-mounts.sh
 basic-posix-acl.sh
 basic-acl-consistency.sh
-basic-nfs.sh
 inode-items-updated.sh
 simple-inode-index.sh
 simple-staging.sh

tests/tests/basic-nfs.sh

@@ -1,86 +0,0 @@
-#
-# Test basic scoutfs-nfs interactions:
-# - read/write
-# - stage/release and data wait
-# - nfs setacl/getacl mapping
-#
-
-t_require_commands scoutfs setfacl getfacl exportfs mount.nfs umount \
-		   stat dd cmp systemctl
-
-systemctl start nfs-server >> "$T_TMPDIR/nfs.log" 2>&1 || \
-	t_skip "nfs-server not available"
-
-# Keep file creation modes deterministic for the ACL golden output.
-umask 022
-
-EXPORT_OPTS="rw,async,no_root_squash,no_subtree_check,fsid=42"
-NFS_MNT="$T_TMP.nfs"
-NFS_DIR="$NFS_MNT/test/basic-nfs"
-
-filter() { sed "s@$T_TMPDIR@T_TMPDIR@g" | t_filter_fs; }
-gf() { getfacl -n --omit-header "$@" 2>/dev/null; }
-
-teardown_nfs()
-{
-	(
-		umount "$NFS_MNT"
-		exportfs -u "127.0.0.1:$T_M0"
-		exportfs -f
-		systemctl stop nfs-server
-		rmdir "$NFS_MNT"
-	) >> "$T_TMPDIR/nfs.log" 2>&1
-}
-trap teardown_nfs EXIT
-
-exportfs -u "127.0.0.1:$T_M0" >> "$T_TMPDIR/nfs.log" 2>&1 || true
-t_quiet mkdir -p "$NFS_MNT"
-exportfs -o "$EXPORT_OPTS" "127.0.0.1:$T_M0" >> "$T_TMPDIR/nfs.log" 2>&1
-mount.nfs -o vers=3,noac,actimeo=0 "127.0.0.1:$T_M0" "$NFS_MNT" >> "$T_TMPDIR/nfs.log" 2>&1
-
-test -d "$NFS_DIR" || t_fail "test dir $NFS_DIR not visible over NFS"
-
-echo "== write via NFS, read both sides"
-dd if=/dev/urandom bs=4096 count=1 of="$T_TMP.data" status=none
-cp "$T_TMP.data" "$NFS_DIR/file"
-cmp "$T_TMP.data" "$T_D0/file"
-cmp "$T_TMP.data" "$NFS_DIR/file"
-
-echo "== POSIX ACL set via NFS, read both sides"
-setfacl -m u:22222:rw "$NFS_DIR/file" 2>&1 | filter
-gf "$NFS_DIR/file"
-gf "$T_D0/file"
-
-echo "== POSIX ACL set on scoutfs, read via NFS"
-setfacl -m g:44444:r "$T_D0/file" 2>&1 | filter
-gf "$NFS_DIR/file"
-
-echo "== default ACL inheritance via NFS"
-mkdir "$NFS_DIR/d"
-setfacl -d -m u:22222:rwx "$NFS_DIR/d" 2>&1 | filter
-touch "$NFS_DIR/d/child"
-gf "$NFS_DIR/d/child"
-
-echo "== NFS read demand-stages a released file"
-dd if=/dev/urandom bs=4096 count=1 of="$T_TMP.big" status=none
-cp "$T_TMP.big" "$T_D0/big"
-sync
-vers=$(scoutfs stat -s data_version "$T_D0/big")
-t_quiet scoutfs release "$T_D0/big" -V "$vers" -o 0 -l 4K
-
-# NFS read against the offline file blocks in scoutfs_read waiting
-# for the data to come back online.
-cat "$NFS_DIR/big" > "$T_TMP.read" &
-read_pid=$!
-sleep 1
-scoutfs data-waiting -B 0 -I 0 -p "$T_D0" | wc -l
-
-t_quiet scoutfs stage "$T_TMP.big" "$T_D0/big" -V "$vers" -o 0 -l 4096
-wait "$read_pid"
-cmp "$T_TMP.big" "$T_TMP.read"
-
-echo "== cleanup"
-rm -f "$T_D0/file" "$T_D0/big"
-rm -rf "$T_D0/d"
-
-t_pass