29 September 2019

- Because HAMMER2 is a copy-on-write filesystem, even 'rm' operations require block allocations. H2 gives 'rm' operations extra reserve but it is still relatively easy to get into a situation where the normal copy-on-write allocation fails and the filesystem gets stuck in a ENOSPC situation that cannot be recovered from under normal operation.

We add two directives, 'emergency-mode-enable' and 'emergency-mode-disable' as a fail-safe to allow recovery of filesystems that have gotten into this situation.

- When this mode is enabled HAMMER2 will still attempt to use a copy-on-write operation for any blocks that might have been snapshotted. However, any blocks which have not been snapshotted (or if the copy-on-write fails) will now be modified in-place, allowing chflags and rm operations to be run even when the filesystem is over-full.

Such operation is fragile because the tree cannot be updated safely, so this mode can permanently destroy the filesystem if power is lost or a panic occurs during the file removal or chflags/chmod operations. Great care must be taken when using this mode.

In addition, use of this mode will likely corrupt any snapshots sharing the same meta-data. If you use this mode and have snapshots it is recommended that the snapshots be deleted.

- If you have to use this mode, be sure to disable it after the filesystem is operational again.

- The bulkfree scan now reports which PFS(es) a CRC failure occurs on. Bulkfree will attempt to alert the user as to which snapshots are corrupt, but it isn't perfect.

