From: Christoph Hellwig <hch@infradead.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Martin Steigerwald <martin@lichtvoll.de>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
"Joshua D. Drake" <jd@commandprompt.com>,
linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: fsync() errors is unsafe and risks data loss
Date: Thu, 19 Apr 2018 01:39:04 -0700 [thread overview]
Message-ID: <20180419083904.GA18239@infradead.org> (raw)
In-Reply-To: <20180418165219.GC9897@fieldses.org>
On Wed, Apr 18, 2018 at 12:52:19PM -0400, J. Bruce Fields wrote:
> > Theodore Y. Ts'o - 10.04.18, 20:43:
> > > First of all, what storage devices will do when they hit an exception
> > > condition is quite non-deterministic. For example, the vast majority
> > > of SSD's are not power fail certified. What this means is that if
> > > they suffer a power drop while they are doing a GC, it is quite
> > > possible for data written six months ago to be lost as a result. The
> > > LBA could potentialy be far, far away from any LBA's that were
> > > recently written, and there could have been multiple CACHE FLUSH
> > > operations in the since the LBA in question was last written six
> > > months ago. No matter; for a consumer-grade SSD, it's possible for
> > > that LBA to be trashed after an unexpected power drop.
>
> Pointers to documentation or papers or anything? The only google
> results I can find for "power fail certified" are your posts.
>
> I've always been confused by SSD power-loss protection, as nobody seems
> completely clear whether it's a safety or a performance feature.
Devices from reputable vendors should always be power fail safe, bugs
notwithstanding. What power-loss protection in marketing slides usually
means is that an SSD has a non-volatile write cache. That is once a
write is ACKed data is persisted and no additional cache flush needs to
be sent. This is a feature only available in expensive eterprise SSDs
as the required capacitors are expensive. Cheaper consumer or boot
driver SSDs have a volatile write cache, that is we need to do a
separate cache flush to persist data (REQ_OP_FLUSH in Linux). But
a reasonable implementation of those still won't corrupt previously
written data, they will just lose the volatile write cache that hasn't
been flushed. Occasional bugs, bad actors or other issues might still
happen.
>
> --b.
---end quoted text---
next prev parent reply other threads:[~2018-04-19 8:39 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8da874c9-cf9c-d40a-3474-b773190878e7@commandprompt.com>
[not found] ` <20180410184356.GD3563@thunk.org>
2018-04-10 19:47 ` fsync() errors is unsafe and risks data loss Martin Steigerwald
2018-04-18 16:52 ` J. Bruce Fields
2018-04-19 8:39 ` Christoph Hellwig [this message]
2018-04-19 14:10 ` J. Bruce Fields
2018-04-10 22:07 Andres Freund
2018-04-11 21:52 ` Andreas Dilger
2018-04-12 0:09 ` Dave Chinner
2018-04-12 2:32 ` Andres Freund
2018-04-12 2:51 ` Andres Freund
2018-04-12 5:09 ` Theodore Y. Ts'o
2018-04-12 5:45 ` Dave Chinner
2018-04-12 11:24 ` Jeff Layton
2018-04-12 21:11 ` Andres Freund
2018-04-12 10:19 ` Lukas Czerner
2018-04-12 19:46 ` Andres Freund
2018-04-12 2:17 ` Andres Freund
2018-04-12 3:02 ` Matthew Wilcox
2018-04-12 11:09 ` Jeff Layton
2018-04-12 11:19 ` Matthew Wilcox
2018-04-12 12:01 ` Dave Chinner
2018-04-12 15:08 ` Jeff Layton
2018-04-12 22:44 ` Dave Chinner
2018-04-13 13:18 ` Jeff Layton
2018-04-13 13:25 ` Andres Freund
2018-04-13 14:02 ` Matthew Wilcox
2018-04-14 1:47 ` Dave Chinner
2018-04-14 2:04 ` Andres Freund
2018-04-18 23:59 ` Dave Chinner
2018-04-19 0:23 ` Eric Sandeen
2018-04-14 2:38 ` Matthew Wilcox
2018-04-19 0:13 ` Dave Chinner
2018-04-19 0:40 ` Matthew Wilcox
2018-04-19 1:08 ` Theodore Y. Ts'o
2018-04-19 17:40 ` Matthew Wilcox
2018-04-19 23:27 ` Theodore Y. Ts'o
2018-04-19 23:28 ` Dave Chinner
2018-04-12 15:16 ` Theodore Y. Ts'o
2018-04-12 20:13 ` Andres Freund
2018-04-12 20:28 ` Matthew Wilcox
2018-04-12 21:14 ` Jeff Layton
2018-04-12 21:31 ` Matthew Wilcox
2018-04-13 12:56 ` Jeff Layton
2018-04-12 21:21 ` Theodore Y. Ts'o
2018-04-12 21:24 ` Matthew Wilcox
2018-04-12 21:37 ` Andres Freund
2018-04-12 20:24 ` Andres Freund
2018-04-12 21:27 ` Jeff Layton
2018-04-12 21:53 ` Andres Freund
2018-04-12 21:57 ` Theodore Y. Ts'o
2018-04-21 18:14 ` Jan Kara
2018-04-12 5:34 ` Theodore Y. Ts'o
2018-04-12 19:55 ` Andres Freund
2018-04-12 21:52 ` Theodore Y. Ts'o
2018-04-12 22:03 ` Andres Freund
2018-04-18 18:09 ` J. Bruce Fields
2018-04-13 14:48 ` Matthew Wilcox
2018-04-21 16:59 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180419083904.GA18239@infradead.org \
--to=hch@infradead.org \
--cc=bfields@fieldses.org \
--cc=jd@commandprompt.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=martin@lichtvoll.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).