From: Jeff Layton <jlayton@redhat.com>
To: Matthew Wilcox <willy@infradead.org>, Andres Freund <andres@anarazel.de>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>,
Dave Chinner <david@fromorbit.com>,
Andreas Dilger <adilger@dilger.ca>,
20180410184356.GD3563@thunk.org,
Ext4 Developers List <linux-ext4@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
"Joshua D. Drake" <jd@commandprompt.com>
Subject: Re: fsync() errors is unsafe and risks data loss
Date: Thu, 12 Apr 2018 17:14:54 -0400 [thread overview]
Message-ID: <1523567694.7617.8.camel@redhat.com> (raw)
In-Reply-To: <20180412202830.GA18364@bombadil.infradead.org>
On Thu, 2018-04-12 at 13:28 -0700, Matthew Wilcox wrote:
> On Thu, Apr 12, 2018 at 01:13:22PM -0700, Andres Freund wrote:
> > I think a per-file or even per-blockdev/fs error state that'd be
> > returned by fsync() would be more than sufficient.
>
> Ah; this was my suggestion to Jeff on IRC. That we add a per-
> superblock
> wb_err and then allow syncfs() to return it. So you'd open an fd on
> a directory (for example), and call syncfs() which would return -EIO
> or -ENOSPC if either of those conditions had occurred since you
> opened
> the fd.
Not a bad idea and shouldn't be too costly. mapping_set_error could
flag the superblock one before or after the one in the mapping.
We'd need to define what happens if you interleave fsync and syncfs
calls on the same inode though. How do we handle file->f_wb_err in that
case? Would we need a second field in struct file to act as the per-sb
error cursor?
> > I don't see that
> > that'd realistically would trigger OOM or the inability to unmount
> > a
> > filesystem.
>
> Ted's referring to the current state of affairs where the writeback
> error
> is held in the inode; if we can't evict the inode because it's
> holding
> the error indicator, that can send us OOM. If instead we transfer
> the
> error indicator to the superblock, then there's no problem.
>
--
Jeff Layton <jlayton@redhat.com>
next prev parent reply other threads:[~2018-04-12 21:14 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-10 22:07 fsync() errors is unsafe and risks data loss Andres Freund
2018-04-11 21:52 ` Andreas Dilger
2018-04-12 0:09 ` Dave Chinner
2018-04-12 2:32 ` Andres Freund
2018-04-12 2:51 ` Andres Freund
2018-04-12 5:09 ` Theodore Y. Ts'o
2018-04-12 5:45 ` Dave Chinner
2018-04-12 11:24 ` Jeff Layton
2018-04-12 21:11 ` Andres Freund
2018-04-12 10:19 ` Lukas Czerner
2018-04-12 19:46 ` Andres Freund
2018-04-12 2:17 ` Andres Freund
2018-04-12 3:02 ` Matthew Wilcox
2018-04-12 11:09 ` Jeff Layton
2018-04-12 11:19 ` Matthew Wilcox
2018-04-12 12:01 ` Dave Chinner
2018-04-12 15:08 ` Jeff Layton
2018-04-12 22:44 ` Dave Chinner
2018-04-13 13:18 ` Jeff Layton
2018-04-13 13:25 ` Andres Freund
2018-04-13 14:02 ` Matthew Wilcox
2018-04-14 1:47 ` Dave Chinner
2018-04-14 2:04 ` Andres Freund
2018-04-18 23:59 ` Dave Chinner
2018-04-19 0:23 ` Eric Sandeen
2018-04-14 2:38 ` Matthew Wilcox
2018-04-19 0:13 ` Dave Chinner
2018-04-19 0:40 ` Matthew Wilcox
2018-04-19 1:08 ` Theodore Y. Ts'o
2018-04-19 17:40 ` Matthew Wilcox
2018-04-19 23:27 ` Theodore Y. Ts'o
2018-04-19 23:28 ` Dave Chinner
2018-04-12 15:16 ` Theodore Y. Ts'o
2018-04-12 20:13 ` Andres Freund
2018-04-12 20:28 ` Matthew Wilcox
2018-04-12 21:14 ` Jeff Layton [this message]
2018-04-12 21:31 ` Matthew Wilcox
2018-04-13 12:56 ` Jeff Layton
2018-04-12 21:21 ` Theodore Y. Ts'o
2018-04-12 21:24 ` Matthew Wilcox
2018-04-12 21:37 ` Andres Freund
2018-04-12 20:24 ` Andres Freund
2018-04-12 21:27 ` Jeff Layton
2018-04-12 21:53 ` Andres Freund
2018-04-12 21:57 ` Theodore Y. Ts'o
2018-04-21 18:14 ` Jan Kara
2018-04-12 5:34 ` Theodore Y. Ts'o
2018-04-12 19:55 ` Andres Freund
2018-04-12 21:52 ` Theodore Y. Ts'o
2018-04-12 22:03 ` Andres Freund
2018-04-18 18:09 ` J. Bruce Fields
2018-04-13 14:48 ` Matthew Wilcox
2018-04-21 16:59 ` Jan Kara
[not found] <8da874c9-cf9c-d40a-3474-b773190878e7@commandprompt.com>
[not found] ` <20180410184356.GD3563@thunk.org>
2018-04-10 19:47 ` Martin Steigerwald
2018-04-18 16:52 ` J. Bruce Fields
2018-04-19 8:39 ` Christoph Hellwig
2018-04-19 14:10 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1523567694.7617.8.camel@redhat.com \
--to=jlayton@redhat.com \
--cc=20180410184356.GD3563@thunk.org \
--cc=adilger@dilger.ca \
--cc=andres@anarazel.de \
--cc=david@fromorbit.com \
--cc=jd@commandprompt.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.