From: Jan Kara <jack@suse.cz>
To: Ted Ts'o <tytso@mit.edu>
Cc: Jan Kara <jack@suse.cz>, Andreas Dilger <adilger@dilger.ca>,
Manish Katiyar <mkatiyar@gmail.com>,
linux-ext4@vger.kernel.org
Subject: Re: [PATCH 2/3] jbd2 : Fix journal start by passing a parameter to specify if the caller can deal with ENOMEM
Date: Thu, 26 May 2011 17:37:58 +0200 [thread overview]
Message-ID: <20110526153758.GG5123@quack.suse.cz> (raw)
In-Reply-To: <20110526150846.GL9520@thunk.org>
On Thu 26-05-11 11:08:46, Ted Tso wrote:
> On Thu, May 26, 2011 at 04:49:56PM +0200, Jan Kara wrote:
> > But if we just fail all transaction allocations with say 10% probability,
> > it should work as well, shouldn't it? We'd just retry those allocations
> > whose failure we cannot handle and eventually succeed. Or do I miss
> > something?
>
> The reason why I only wanted to fail the transactions relating to the
> writeback path is because other failures will get reflected back to
> userspace, and would thus change the behavior of the stress test. (If
> we used fsstress, it would cause fsstress to immediately stop and
> fail, for example.)
Ah, I see. OK.
> That is the one thing that worries me a little about this patch series
> in general. If we suddenly start failing open() or rename() or
> chmod() syscalls with ENOMEM in low memory situations, what of
> programs that aren't doing adequate error checking? Sure, other file
> systems will do this, but the bulk of the users use ext3/ext4, and
> remember how much kvetching and complaining when xfs was the first
> file system to require user space applications to actually use fsync()
> if they wanted their files to be safe after a power failure.
Yeah, I know and it's painful to fight these fights. But ultimately, I
belive, it results in better / faster code so that's a good thing.
> I worry that there are a lot of incompetently written editors out
> there that aren't doing error checking, or worse yet, package managers
> or other security-critical programs that aren't doing error checking,
> and which won't notice when an syscall fails in a low-memory
> situation, leading to either (a) user data loss (which the application
> programers will lay at the feet of the file system developers, don't
> doubt it), or (b) security holes.
But OTOH it allows good applications to do something (if nothing at least
displaying a dialog with error) instead of just being stuck in the kernel
which is a good thing IMHO. So I believe it is a move in the right
direction (although I agree there will be probably people bitching about it
;).
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2011-05-26 15:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-25 7:26 [PATCH 2/3] jbd2 : Fix journal start by passing a parameter to specify if the caller can deal with ENOMEM Manish Katiyar
2011-05-25 7:44 ` Jan Kara
2011-05-25 7:47 ` Manish Katiyar
2011-05-25 8:13 ` Jan Kara
2011-05-26 2:22 ` Ted Ts'o
2011-05-26 4:07 ` Andreas Dilger
2011-05-26 14:05 ` Ted Ts'o
2011-05-26 14:49 ` Jan Kara
2011-05-26 15:08 ` Ted Ts'o
2011-05-26 15:37 ` Jan Kara [this message]
2011-05-27 4:11 ` Manish Katiyar
2011-05-26 5:29 ` Manish Katiyar
2011-05-26 14:51 ` Jan Kara
2011-05-28 6:16 ` Manish Katiyar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110526153758.GG5123@quack.suse.cz \
--to=jack@suse.cz \
--cc=adilger@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=mkatiyar@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).