From: Theodore Ts'o <tytso@mit.edu>
To: Ryan Lortie <desrt@desrt.ca>
Cc: linux-ext4@vger.kernel.org
Subject: Re: ext4 file replace guarantees
Date: Thu, 20 Jun 2013 20:59:37 -0400 [thread overview]
Message-ID: <20130621005937.GB10730@thunk.org> (raw)
In-Reply-To: <1371764058.18527.140661246414097.671B4999@webmail.messagingengine.com>
On Thu, Jun 20, 2013 at 05:34:18PM -0400, Ryan Lortie wrote:
>
> in https://www.kernel.org/doc/Documentation/filesystems/ext4.txt
>
> which says to me "replace by rename is guaranteed safe in modern ext4,
> under default mount options".
It's not _guaranteed_ safe. It significantly reduces the chances of
data loss in case of a crash, but it's possible for the transaction
containing the rename to close before the blocks are written back. So
if the transaction is almost full, or there is a fsync() racing with
the rename(), such that the file system operation to allocate the
delayed allocation blocks ends up in a different transaction than the
transaction where the rename took place (race #1), and then you crash
before the second transaction completes (race #2), you could lose
data.
You'll have to make your own decision about how likely this
combination is to happen. The failure scenario would probably be
something like the user who plays tux racer all the time, and uses
crappy proprietary drivers that crash the system every single time an
OpenGL application exits. If they think that's normal, and are
willing to live with the crap proprietary drivers, and they are also
the sort of people who carefully position all of their windows to be
precisely just so, and if the !@#!?! desktop libraries are still
bogusly rewriting the entire contents of every single registry file,
regardless of whether the application changed anything --- then
eventually, said user will whine about how the hours she spent
obsessively setting up their window layout got lost after Tux Racer
creashed their system *again*.
(Unfortunately, this example is not entirely hypothetical....)
Regards,
- Ted
next prev parent reply other threads:[~2013-06-21 0:59 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-20 21:34 ext4 file replace guarantees Ryan Lortie
2013-06-21 0:59 ` Theodore Ts'o [this message]
2013-06-21 12:43 ` Ryan Lortie
2013-06-21 13:15 ` Theodore Ts'o
2013-06-21 13:51 ` Ryan Lortie
2013-06-21 14:33 ` Theodore Ts'o
2013-06-21 15:24 ` Ryan Lortie
2013-06-21 20:35 ` Theodore Ts'o
2013-06-22 3:29 ` Dave Chinner
2013-06-22 4:47 ` Theodore Ts'o
2013-06-22 13:40 ` Sidorov, Andrei
2013-06-22 14:06 ` Theodore Ts'o
2013-06-22 14:41 ` Sidorov, Andrei
2013-06-23 1:58 ` Dave Chinner
2013-06-21 16:25 ` Joseph D. Wagner
2013-06-21 21:05 ` Theodore Ts'o
2013-06-21 21:49 ` Sidorov, Andrei
2013-06-22 12:56 ` Theodore Ts'o
2013-06-22 14:01 ` Sidorov, Andrei
2013-06-22 14:30 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130621005937.GB10730@thunk.org \
--to=tytso@mit.edu \
--cc=desrt@desrt.ca \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.