Re: [PATCH 3/3] xfs: freeze rw filesystems just prior to reboot

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: xfs <linux-xfs@vger.kernel.org>, Eric Sandeen <sandeen@redhat.com>
Subject: Re: [PATCH 3/3] xfs: freeze rw filesystems just prior to reboot
Date: Thu, 18 May 2017 18:34:05 +1000	[thread overview]
Message-ID: <20170518083405.GQ17542@dastard> (raw)
In-Reply-To: <20170518013242.GW4519@birch.djwong.org>

On Wed, May 17, 2017 at 06:32:42PM -0700, Darrick J. Wong wrote:
> Apparently there are certain system software configurations that do odd
> things like update the kernel and reboot without umounting the /boot fs
> or remounting it readonly, either of which would push all the AIL items
> out to disk.  As a result, a subsequent invocation of something like
> grub (which has a frightening willingness to read a fs with a dirty log)
> can read stale disk contents and/or miss files the metadata for which
> have been written to the log but not checkpointed into the filesystem.

> Granted, most of the time /boot is a separate partition and
> systemd/sysvinit/whatever actually /do/ unmount /boot before rebooting.
> This "fix" is only needed for people who have one giant filesystem.

Let me guess the series of events: grub calls "sync" and says "I'm
done", then user runs an immediate reboot/shutdown and something
still running after init has killed everything but PID 1 has an open
writeable file descriptor causing the remount-ro of / to return
EBUSY and so it just shuts down/restarts with an unflushed log?

> Therefore, add a reboot hook to freeze the rw filesystems (which
> checkpoints the log) just prior to reboot.  This is an unfortunate and
> insufficient workaround for multiple layers of inadequate external
> software, but at least it will reduce boot time surprises for the "OS
> updater failed to disengage the filesystem before rebooting" case.
> 
> Seeing as grub is unlikely ever to learn to replay the XFS log (and we
> probably don't want it doing that),

If anything other than XFS code modifies the filesystem (log,
metadata or data) then we have a tainted, unsuportable filesystem
image.....

> *LILO has been discontinued for at least 18 months,

Yet Lilo still works just fine.

> and we're not quite to the point of putting kernel
> files directly on the EFI System Partition,

Really? How have we not got there yet - we were doing this almost
15 years ago with ia64 and elilo via mounting the EFI partition on
/boot....

> this seems like the least
> crappy solution to this problem.
> 
> Yes, you're still screwed in grub if the system crashes. :)

This really sounds like the perennial "grub doesn't ensure the
information it requires to boot is safely on stable storage before
reboot" problem combined with some sub-optimal init behaviour to
expose the grub issue....

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

next prev parent reply	other threads:[~2017-05-18  8:34 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-18  1:26 [RFCRAP 0/3?] xfs: OH GOD MY EYES! Darrick J. Wong
2017-05-18  1:30 ` [PATCH 1/3] xfs: remove double-underscore integer types Darrick J. Wong
2017-05-18  6:01   ` Dave Chinner
2017-05-18  6:21     ` Darrick J. Wong
2017-05-18  6:31     ` Christoph Hellwig
2017-05-18  1:31 ` [PATCH 2/3] xfsprogs: " Darrick J. Wong
2017-05-18  6:32   ` Christoph Hellwig
2017-05-23  2:48     ` Darrick J. Wong
2017-05-23  2:24   ` Eric Sandeen
2017-05-18  1:32 ` [PATCH 3/3] xfs: freeze rw filesystems just prior to reboot Darrick J. Wong
2017-05-18  6:28   ` Christoph Hellwig
2017-05-18  8:34   ` Dave Chinner [this message]
2017-05-18 22:30     ` Darrick J. Wong
2017-05-19 19:09       ` Chris Murphy
2017-05-19 21:00         ` Darrick J. Wong
2017-05-20  0:27           ` Chris Murphy
2017-05-22  2:07             ` Dave Chinner
     [not found]           ` <20170522020112.GV17542@dastard>
2017-05-22 20:46             ` Chris Murphy
2017-05-23  3:56               ` Chris Murphy
2017-05-23  4:04                 ` Eric Sandeen
2017-05-23 11:44                   ` Dave Chinner
2017-05-24  3:19               ` Dave Chinner
2017-05-24  8:06                 ` Chris Murphy
2017-05-24  6:22               ` Chris Murphy
2017-05-24  6:25                 ` Chris Murphy
2017-05-24 23:13                   ` Dave Chinner
2017-05-25  0:03                 ` Dave Chinner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170518083405.GQ17542@dastard \
    --to=david@fromorbit.com \
    --cc=darrick.wong@oracle.com \
    --cc=linux-xfs@vger.kernel.org \
    --cc=sandeen@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.