fix(erofs): write per-instance VMDK descriptor to bundle dir; use atomic write#212
Merged
dmcgowan merged 1 commit intoJun 2, 2026
Conversation
There was a problem hiding this comment.
Pull request overview
Adds self-healing for the cached merged_fs.vmdk descriptor in the erofs snapshotter: descriptors are now validated on each mount, regenerated when stale, written with extent paths relative to the descriptor directory, and persisted via an atomic temp-file + rename.
Changes:
internal/erofs/vmdk.go: NewParseVMDKDescriptorExtents;DumpVMDKDescriptortakes abaseDirto resolve relative paths for stat-ing;DumpVMDKDescriptorToFilewrites atomically via.tmp+ rename.internal/shim/task/mount.go: Computes per-descriptor relative device paths, validates the existing descriptor via newvmdkDescriptorIsStale, and regenerates on stale/parse failure.internal/erofs/vmdk_test.go: Adds round-trip, stale-detection, relative-path, large-extent, and atomic-write tests.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| internal/erofs/vmdk.go | Adds parser, atomic write, baseDir-aware stat, and relative-path support for descriptor writing. |
| internal/shim/task/mount.go | Builds relative extent paths, validates the cached descriptor, and triggers regeneration on stale/parse failure. |
| internal/erofs/vmdk_test.go | New unit tests covering round-trip parse, stale detection scenarios, relative-path resilience, and atomic write. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
austinvazquez
force-pushed
the
fix/erofs-vmdk-stale-descriptor
branch
from
b27d0b0 to
d5a569c
Compare
Member
|
Ugh, this is still way too fragile |
dmcgowan
approved these changes
Jun 1, 2026
hsiangkao
reviewed
Jun 1, 2026
Member
Author
|
Agreed on both fronts — generating per-instance and never persisting is the cleaner shape, and matches what the rest of the producer code in mount.go does (the bundle dir is already the natural home for ephemeral per-VM state). I'll rework this PR to:
|
austinvazquez
force-pushed
the
fix/erofs-vmdk-stale-descriptor
branch
from
d5a569c to
c51364d
Compare
…mic write The merged_fs.vmdk descriptor was written to the snapshotter directory and reused across mounts via an existence check. If the backing extent files moved or were cleaned up, the cached descriptor became permanently stale with no recovery path. Switch to a simpler, more correct design: - Write the descriptor to the per-instance OCI bundle directory so it is naturally scoped to one container lifetime and torn down with the bundle. No descriptor is ever shared across instances. - Regenerate unconditionally on every transformMounts call. There is no cache to validate, so there is no stale state possible. - Use an atomic write (os.CreateTemp + fsync + os.Rename) so concurrent writers each get a unique temporary file name and a reader never observes a partially-written descriptor. Thread bundleDir through setupMounts and transformMounts so the erofs branch can place the file at filepath.Join(bundleDir, "merged_fs.vmdk"). No new public API is introduced. Signed-off-by: Austin Vazquez <austinvazquez@users.noreply.github.com>
austinvazquez
force-pushed
the
fix/erofs-vmdk-stale-descriptor
branch
from
c51364d to
c9d57bc
Compare
austinvazquez
changed the title
hsiangkao
approved these changes
Jun 1, 2026
Member
hsiangkao
left a comment
hsiangkao
left a comment
There was a problem hiding this comment.
If vmdks are generated in the bundle dirs, I think there is no concurrent write anyway.
but leaving write+fsync+rename is also fine.
dmcgowan
approved these changes
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
merged_fs.vmdkdescriptor was written to the snapshotter directory and reused across mounts via a bare existence check. If the backing extent files moved or were cleaned up, the cached descriptor became permanently stale with no recovery path.Switch to a simpler, more correct design:
filepath.Join(bundleDir, "merged_fs.vmdk")) so the file is scoped to one container lifetime and torn down with the bundle. No descriptor is shared across instances.transformMountscall — no existence check, no cache, no stale state possible.os.CreateTemp+fsync+os.Renameso concurrent writers each get a unique temporary filename and a reader never observes a partially-written file.bundleDiris threaded throughsetupMountsandtransformMounts; the erofs branch writes the descriptor tofilepath.Join(bundleDir, "merged_fs.vmdk").No new public API is introduced.