From: Neeraj Singh <nksingh85@gmail.com>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: Patrick Steinhardt <ps@pks.im>,
git@vger.kernel.org, Jeff King <peff@peff.net>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Junio C Hamano <gitster@pobox.com>, Eric Wong <e@80x24.org>,
"Neeraj K. Singh" <neerajsi@microsoft.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2 3/3] refs: add configuration to enable flushing of refs
Date: Wed, 10 Nov 2021 11:15:33 -0800 [thread overview]
Message-ID: <20211110191533.GA484@neerajsi-x1.localdomain> (raw)
In-Reply-To: <211110.86v910gi9a.gmgdl@evledraar.gmail.com>
On Wed, Nov 10, 2021 at 03:49:02PM +0100, Ævar Arnfjörð Bjarmason wrote:
>
> On Wed, Nov 10 2021, Patrick Steinhardt wrote:
>
> > + shutdown. This setting currently only controls loose refs in the object
> > + store, so updates to packed refs may not be equally durable. Takes the
> > + same parameters as `core.fsyncObjectFiles`.
> > +
>
> ...my understanding of it is basically a way of going back to what Linus
> pointed out way back in aafe9fbaf4f (Add config option to enable
> 'fsync()' of object files, 2008-06-18).
>
> I.e. we've got files x and y. POSIX sayeth we'd need to fsync them all
> and the directory entry, but on some FS's it would be sufficient to
> fsync() just y if they're created in that order. It'll imply an fsync of
> both x and y, is that accurate?
>
> If not you can probably discard the rest, but forging on:
>
> Why do we then need to fsync() a "z" file in get_object_directory()
> (i.e. .git/objects) then? That's a new "z", wasn't flushing "y" enough?
>
> Or if you've written .git/objects/x and .git/refs/y I can imagine
> wanting to create and sync a .git/z if the FS's semantics are to then
> flush all remaining updates from that tree up, but here it's
> .git/objects, not .git. That also seems to contract this above:
We're breaking through the abstraction provided by POSIX in 'batch' mode,
since the POSIX abstraction does not give us any option to be both safe
and reasonably fast on hardware that does something expensive upon fsync().
We need to ensure that 'x' and 'y' are handed off to the storage device via
a non-flushing pagecache cleaning call (e.g. sync_file_ranges or macOS fsync).
Then creating and flushing 'z' ensures that 'x' and 'y' will be visible after
successful completion. On FSes with a single journal that is flushed on fsync,
this should also ensure that any other files that have been cleaned out of the
pagecache and any other metadata updates are also persisted. The fsync provides
a barrier in addition to the durability.
> > ensure its data is persisted. After all refs have been written,
> > the directories which host refs are flushed.
>
> I.e. that would be .git/refs (let's ignore .git/HEAD and the like for
> now), not .git/objects or .git?
>
> And again, forging on but more generally [continued below]...
>
> > + if (!strcmp(var, "core.fsyncreffiles")) {
>
> UX side: now we've got a core.fsyncRefFiles and
> core.fsyncWhateverItWasCalled in Neeraj series. Let's make sure those
> work together like say "fsck.*" and "fetch.fsck.*" do, i.e. you'd be
> able to configure this once for objects and refs, or in two variables,
> one for objects, one for refs...
>
I agree with this feedback. We should have a core.fsync flag to control everything
that might be synced in the repo. However, we'd have to decide what we want
to do with packfiles and the index which are currently always fsynced.
> ...[continued from above]: Again, per my potentially wrong understanding
> of syncing a "x" and "y" via an fsync of a subsequent "z" that's
> adjacent on the FS to those two.
I suspect Patrick is concerned about the case where the worktree is on
a separate filesystem from the main repo, so there might be a motivation
to sync the worktree refs separately. Is that right, Patrick?
>
> Isn't this setting us up for a really bad interaction between this
> series and Neeraj's work? Well "bad" as in "bad for performance".
>
> I.e. you'll turn on "use the batch thing for objects and refs" and we'll
> do two fsyncs, one for the object update, and one for refs. The common
> case is that we'll have both in play.
>
> So shouldn't this go to a higher level for both so we only create a "z"
> .git/sync-it-now-please.txt or whatever once we do all pending updates
> on the .git/ directory?
>
> I can also imagine that we'd want that at an even higher level, e.g. for
> "git pull" surely we'd want it not for refs or objects, but in
> builtin/pull.c somewhere because we'll be updating the .git/index after
> we do both refs and objects, and you'd want to fsync at the very end,
> no?
>
> None of the above should mean we can't pursue a more narrow approach for
> now. I'm just:
>
> 1) Seeing if I understand what we're trying to do here, maybe not.
>
> 2) Encouraging you two to think about a holistic way to configure some
> logical conclusion to this topic at large, so we won't end up with
> core.fsyncConfigFiles, core.fsyncObjectFiles, core.fsyncIndexFile,
> core.fsyncRefFiles, core.fsyncTheCrapRebaseWritesOutFiles etc. :)
>
> I'll send another more generic follow-up E-Mail for #2.
In my view there are two separable concerns:
1) What durability do we want for the user's data when an entire 'git'
command completes? I.e. if I run 'git add <1000 files>; git commit' and the
system loses power after both commands return, should I see all of those files
in the committed state of the repo?
2) What internal consistency do we want in the git databases (ODB and REFS) if
we crash midway through a 'git' command? I.e. if 'git add <1000 files>' crashes
before returning, can there be an invalid object or a torn ref state?
If were only concerned with (1), then doing a single fsync at the end of the high-level
git command would be sufficient. However, (2) requires more fsyncs to provide barriers
between different phases internal to the git commands. For instance, we need a barrier
between creating the ODB state for a commit (blobs, trees, commit obj) and the refs
pointing to it.
I am not concerned with a few additional fsyncs for (2). On recent mainstream filesystems/ssds
each fsync may cost tens of milliseconds, so the difference between 1 to 3 fsyncs would not
be user perceptible. However, going from a couple fsyncs to 1000 fsyncs (one per blob added)
would become apparent to the user.
The more optimal way to handle consistency and durability is Write-ahead-logging with log
replay on crash recovery. That approach can reduce the number of fsyncs in the active workload
to at most two (one to sync the log with a commit record and then one before truncating the
log after updating the main database). At that point, however, I think it would be best to
use an existing database engine with some modifications to create a good data layout for git.
Thanks,
Neeraj
next prev parent reply other threads:[~2021-11-10 19:15 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-04 12:38 [PATCH] refs: sync loose refs to disk before committing them Patrick Steinhardt
2021-11-04 13:14 ` Ævar Arnfjörð Bjarmason
2021-11-04 14:51 ` Patrick Steinhardt
2021-11-04 21:24 ` Junio C Hamano
2021-11-04 22:36 ` Neeraj Singh
2021-11-05 1:40 ` Junio C Hamano
2021-11-05 6:36 ` Jeff King
2021-11-05 8:35 ` Ævar Arnfjörð Bjarmason
2021-11-05 9:04 ` Jeff King
2021-11-05 7:07 ` Jeff King
2021-11-05 7:17 ` Jeff King
2021-11-05 9:12 ` Johannes Schindelin
2021-11-05 9:22 ` Patrick Steinhardt
2021-11-05 9:34 ` Jeff King
2021-11-09 11:25 ` Patrick Steinhardt
2021-11-10 8:36 ` Jeff King
2021-11-10 9:16 ` Patrick Steinhardt
2021-11-10 11:40 ` [PATCH v2 0/3] " Patrick Steinhardt
2021-11-10 11:40 ` [PATCH v2 1/3] wrapper: handle EINTR in `git_fsync()` Patrick Steinhardt
2021-11-10 14:33 ` Johannes Schindelin
2021-11-10 14:39 ` Ævar Arnfjörð Bjarmason
2021-11-10 11:40 ` [PATCH v2 2/3] wrapper: provide function to sync directories Patrick Steinhardt
2021-11-10 14:40 ` Ævar Arnfjörð Bjarmason
2021-11-10 11:41 ` [PATCH v2 3/3] refs: add configuration to enable flushing of refs Patrick Steinhardt
2021-11-10 14:49 ` Ævar Arnfjörð Bjarmason
2021-11-10 19:15 ` Neeraj Singh [this message]
2021-11-10 20:23 ` Ævar Arnfjörð Bjarmason
2021-11-11 0:03 ` Neeraj Singh
2021-11-11 12:14 ` Patrick Steinhardt
2021-11-11 12:06 ` Patrick Steinhardt
2021-11-11 0:18 ` Neeraj Singh
2021-11-10 14:44 ` [PATCH v2 0/3] refs: sync loose refs to disk before committing them Johannes Schindelin
2021-11-10 20:45 ` Jeff King
2021-11-11 11:47 ` Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211110191533.GA484@neerajsi-x1.localdomain \
--to=nksingh85@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=avarab@gmail.com \
--cc=e@80x24.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=neerajsi@microsoft.com \
--cc=peff@peff.net \
--cc=ps@pks.im \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.