From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Jeff Layton <jlayton@redhat.com>
Cc: "Alan Cox" <gnomes@lxorguk.ukuu.org.uk>,
焦晓冬 <milestonejxd@gmail.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
"Rogier Wolff" <R.E.Wolff@BitWizard.nl>
Subject: Re: POSIX violation by writeback error
Date: Tue, 25 Sep 2018 18:30:54 -0400 [thread overview]
Message-ID: <20180925223054.GH2933@thunk.org> (raw)
In-Reply-To: <23cd68a665d27216415dc79367ffc3bee1b60b86.camel@redhat.com>
On Tue, Sep 25, 2018 at 12:41:18PM -0400, Jeff Layton wrote:
> That's all well and good, but still doesn't quite solve the main concern
> with all of this. It's suppose we have this series of events:
>
> open file r/w
> write 1024 bytes to offset 0
> <background writeback that fails>
> read 1024 bytes from offset 0
>
> Open, write and read are successful, and there was no fsync or close in
> between them. Will that read reflect the result of the previous write or
> no?
If the background writeback hasn't happened, Posix requires that the
read returns the result of the write. And the user doesn't know when
or if the background writeback has happened unless the user calls
fsync(2).
Posix in general basically says anything is possible if the system
fails or crashes, or is dropped into molten lava, etc. Do we say that
Linux is not Posix compliant if a cosmic ray flips a few bits in the
page cache? Hardly! The *only* time Posix makes any guarantees is if
fsync(2) returns success. So the subject line, is in my opinion
incorrect. The moment we are worrying about storage errors, and the
user hasn't used fsync(2), Posix is no longer relevant for the
purposes of the discussion.
> The answer today is "it depends".
And I think that's fine. The only way we can make any guarantees is
if we do what Alan suggested, which is to imply that a read on a dirty
page *block* until the the page is successfully written back. This
would destroy performance. I know I wouldn't want to use such a
system, and if someone were to propose it, I'd strongly argue for a
switch to turn it *off*, and I suspect most system administators would
turn it off once they saw what it did to system performance. (As a
thought experiment, think about what it would do to kernel compiles.
It means that before you link the .o files, you would have to block
and wait for them to be written to disk so you could be sure the
writeback would be successful. **Ugh**.)
Given that many people would turn such a feature off once they saw
what it does to their system performance, applications in general
couldn't rely on it. which means applications who cared would have to
do what they should have done all along. If it's precious data use
fsync(2). If not, most of the time things are *fine* and it's not
worth sacrificing performance for the corner cases unless it really is
ultra-precious data and you are willing to pay the overhead.
- Ted
next prev parent reply other threads:[~2018-09-25 22:31 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAJDTihx2yaR-_-9Ks1PoFcrKNZgUOoLdN-wRTTMV76Jg_dCLrw@mail.gmail.com>
2018-09-04 10:56 ` POSIX violation by writeback error Jeff Layton
2018-09-24 23:30 ` Alan Cox
2018-09-25 11:15 ` Jeff Layton
2018-09-25 15:46 ` Theodore Y. Ts'o
2018-09-25 16:17 ` Rogier Wolff
2018-09-25 16:39 ` Alan Cox
2018-09-25 16:41 ` Jeff Layton
2018-09-25 22:30 ` Theodore Y. Ts'o [this message]
2018-09-26 18:10 ` Alan Cox
2018-09-26 21:49 ` Theodore Y. Ts'o
2018-09-27 22:48 ` Alan Cox
2018-09-27 7:18 ` Rogier Wolff
2018-09-27 12:43 ` Jeff Layton
2018-09-27 14:27 ` Theodore Y. Ts'o
2018-09-25 17:35 ` Adam Borowski
2018-09-25 22:46 ` Theodore Y. Ts'o
2018-09-04 6:32 焦晓冬
2018-09-04 7:53 ` Rogier Wolff
2018-09-04 8:58 ` 焦晓冬
2018-09-04 9:29 ` Rogier Wolff
2018-09-04 10:45 ` 焦晓冬
2018-09-04 11:09 ` Jeff Layton
2018-09-04 14:56 ` 焦晓冬
2018-09-04 15:44 ` Jeff Layton
2018-09-04 16:12 ` J. Bruce Fields
2018-09-04 16:23 ` Rogier Wolff
2018-09-04 18:54 ` J. Bruce Fields
2018-09-04 20:18 ` Jeff Layton
2018-09-04 20:35 ` Vito Caputo
2018-09-04 21:02 ` Matthew Wilcox
2018-09-05 0:51 ` Dave Chinner
2018-09-05 8:24 ` 焦晓冬
2018-09-05 10:55 ` Jeff Layton
2018-09-05 12:07 ` Rogier Wolff
2018-09-06 2:57 ` Dave Chinner
2018-09-06 9:17 ` Rogier Wolff
2018-09-24 23:09 ` Alan Cox
2018-09-05 13:53 ` J. Bruce Fields
2018-09-05 7:08 ` Rogier Wolff
2018-09-05 7:39 ` Martin Steigerwald
2018-09-05 8:04 ` Rogier Wolff
2018-09-05 8:37 ` 焦晓冬
2018-09-05 12:07 ` Austin S. Hemmelgarn
2018-09-05 12:46 ` Rogier Wolff
2018-09-05 9:32 ` Martin Steigerwald
2018-09-05 7:37 ` Martin Steigerwald
2018-09-05 11:42 ` Jeff Layton
2018-09-05 8:09 ` 焦晓冬
2018-09-05 13:08 ` Theodore Y. Ts'o
2018-09-24 23:21 ` Alan Cox
2018-09-06 7:28 ` 焦晓冬
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180925223054.GH2933@thunk.org \
--to=tytso@mit.edu \
--cc=R.E.Wolff@BitWizard.nl \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=milestonejxd@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).