linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Amir Goldstein <amir73il@gmail.com>
To: Vijay Chidambaram <vijay@cs.utexas.edu>
Cc: lsf-pc@lists.linux-foundation.org,
	Dave Chinner <david@fromorbit.com>,
	"Darrick J. Wong" <darrick.wong@oracle.com>,
	Theodore Tso <tytso@mit.edu>, Jan Kara <jack@suse.cz>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	Jayashree Mohan <jaya@cs.utexas.edu>,
	Filipe Manana <fdmanana@suse.com>, Chris Mason <clm@fb.com>,
	lwn@lwn.net
Subject: Re: [TOPIC] Extending the filesystem crash recovery guaranties contract
Date: Thu, 2 May 2019 13:39:47 -0400	[thread overview]
Message-ID: <CAOQ4uxjNWLvh7EmizA7PjmViG5nPMsvB2UbHW6-hhbZiLadQTA@mail.gmail.com> (raw)
In-Reply-To: <CAHWVdUXS+e71QNFAyhFUY4W7o3mzVCb=8UrRZAN=v9bv7j6ssA@mail.gmail.com>

On Thu, May 2, 2019 at 1:11 PM Vijay Chidambaram <vijay@cs.utexas.edu> wrote:
>
> Thank you for driving this discussion Amir. I'm glad ext4 and btrfs
> developers want to provide these semantics.
>
> If I'm understanding this correctly, the new semantics will be: any
> data changes to files written with O_TMPFILE will be visible if the
> associated metadata is also visible. Basically, there will be a
> barrier between O_TMPFILE data and O_TMPFILE metadata.

Mmm, this phrasing deviates from what I wrote.
The agreement is that we should document something *minimal*
that users can understand. I was hoping that this phrasing meets
those requirements:

""The filesystem provided the guaranty that after a crash, if the linked
 O_TMPFILE is observed in the target directory, than all the data and
 metadata modifications made to the file before being linked are also
 observed."

No more, no less.

>
> The expectation is that applications will use this, and then rename
> the O_TMPFILE file over the original file. Is this correct? If so, is
> there also an implied barrier between O_TMPFILE metadata and the
> rename?

Not really, the use case is when users want to create a file to apear
"atomically" in the namespace with certain data and metadata.

For replacing an existing file with another the same could be
achieved with renameat2(AT_FDCWD, tempname, AT_FDCWD, newname,
RENAME_ATOMIC). There is no need to create the tempname
file using O_TMPFILE in that case, but if you do, the RENAME_ATOMIC
flag would be redundant.

RENAME_ATOMIC flag is needed because directories and non regular
files cannot be created using O_TMPFILE.

>
> Where does this land us on the discussion about documenting
> file-system crash-recovery guarantees? Has that been deemed not
> necessary?
>

Can't say for sure.
Some filesystem maintainers hold on to the opinion that they do
NOT wish to have a document describing existing behavior of specific
filesystems, which is large parts of the document that your group posted.

They would rather that only the guaranties of the APIs are documented
and those should already be documented in man pages anyway - if they
are not, man pages could be improved.

I am not saying there is no room for a document that elaborates on those
guaranties. I personally think that could be useful and certainly think that
your group's work for adding xfstest coverage for API guaranties is useful.

Thanks,
Amir.

  reply	other threads:[~2019-05-02 17:40 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-27 21:00 [TOPIC] Extending the filesystem crash recovery guaranties contract Amir Goldstein
2019-05-02 16:12 ` Amir Goldstein
2019-05-02 17:11   ` Vijay Chidambaram
2019-05-02 17:39     ` Amir Goldstein [this message]
2019-05-03  2:30       ` Theodore Ts'o
2019-05-03  3:15         ` Vijay Chidambaram
2019-05-03  9:45           ` Theodore Ts'o
2019-05-04  0:17             ` Vijay Chidambaram
2019-05-04  1:43               ` Theodore Ts'o
2019-05-07 18:38                 ` Jan Kara
2019-05-03  4:16         ` Amir Goldstein
2019-05-03  9:58           ` Theodore Ts'o
2019-05-03 14:18             ` Amir Goldstein
2019-05-09  2:36             ` Dave Chinner
2019-05-09  1:43         ` Dave Chinner
2019-05-09  2:20           ` Theodore Ts'o
2019-05-09  2:58             ` Dave Chinner
2019-05-09  3:31               ` Theodore Ts'o
2019-05-09  5:19                 ` Darrick J. Wong
2019-05-09  5:02             ` Vijay Chidambaram
2019-05-09  5:37               ` Darrick J. Wong
2019-05-09 15:46               ` Theodore Ts'o
2019-05-09  8:47           ` Amir Goldstein
2019-05-02 21:05   ` Darrick J. Wong
2019-05-02 22:19     ` Amir Goldstein

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOQ4uxjNWLvh7EmizA7PjmViG5nPMsvB2UbHW6-hhbZiLadQTA@mail.gmail.com \
    --to=amir73il@gmail.com \
    --cc=clm@fb.com \
    --cc=darrick.wong@oracle.com \
    --cc=david@fromorbit.com \
    --cc=fdmanana@suse.com \
    --cc=jack@suse.cz \
    --cc=jaya@cs.utexas.edu \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=lsf-pc@lists.linux-foundation.org \
    --cc=lwn@lwn.net \
    --cc=tytso@mit.edu \
    --cc=vijay@cs.utexas.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).