From: Jan Kara <jack@suse.cz>
To: Wu Fengguang <fengguang.wu@intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Jan Kara <jack@suse.cz>, Christoph Hellwig <hch@infradead.org>,
Al Viro <viro@ZenIV.linux.org.uk>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH 2/2] fs: Make write(2) interruptible by a signal
Date: Wed, 23 Nov 2011 14:08:03 +0100 [thread overview]
Message-ID: <20111123130803.GD9775@quack.suse.cz> (raw)
In-Reply-To: <20111123090533.GA22420@localhost>
On Wed 23-11-11 17:05:33, Wu Fengguang wrote:
> On Wed, Nov 23, 2011 at 06:28:05AM +0800, Andrew Morton wrote:
> > On Wed, 16 Nov 2011 19:44:21 +0800
> > Wu Fengguang <fengguang.wu@intel.com> wrote:
> >
> > > Due to the (very low) possibility of data loss by partial writes, IMHO
> > > it would safer to test this patch in linux-next until next merge window,
> >
> > Any such bugs will not be discovered in linux-next testing.
>
> Yup, I'm afraid.
>
> > The only way to find these things in a reasonable period of time is to
> > go in and find them. For example, intensive fsx-linux testing with
> > concurrent heavy memory pressure on various filesystems with various
> > block sizes. And of course concurrent signalling. If you're talking
> > about O_DIRECT then iirc I hacked support for that into fsx-linux. I
> > think.
>
> How are we going to measure the success/failure? Check if it
> eventually resulted in filesystem corruption or whatever?
There are a few different questions:
1) Checking for filesystem corruption via fsck - I find such corruption
caused by stopping write early extremely unlikely.
2) Checking that we do not expose uninitialized data after a partial
(possibly DIRECT_IO) write - I did not find a place where that could happen
but this would be worth testing. I think I can write a test for this if
people are afraid of data exposure problems.
3) Is it acceptable for write(2) to be interrupted by SIGKILL in the
middle? That obviously does happen with my patches so there's no reason
to test that. The question is whether someone cares or not and that can be
tested only by reality check :). Since the signal is SIGKILL, the process
itself cannot notice the interrupted write but someone else can. But as I
already said earlier, partial writes can already be observed when the
machine crashes, filesystem is close to ENOSPC or so. Arguably these are
more severe error conditions than application catching SIGKILL so my
patch lowers the bar for observing partial writes. But I wouldn't like to
throw away a sensible thing - allow SIGKILL to interrupt a system call -
just because of fear of possibility some broken app could rely on this.
Sure if the reality check shows there are such broken apps and users who
care enough to report, then I have nothing against biting the bullet
and reverting the change... Opinions?
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2011-11-23 13:08 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-16 11:12 [PATCH 0/2 v3] Make task in balance_dirty_pages() killable Jan Kara
2011-11-16 11:12 ` [PATCH 1/2] mm: " Jan Kara
2011-11-16 11:28 ` Wu Fengguang
2011-11-16 12:58 ` Jan Kara
2011-11-16 11:12 ` [PATCH 2/2] fs: Make write(2) interruptible by a signal Jan Kara
2011-11-16 11:44 ` Wu Fengguang
2011-11-16 12:54 ` Jan Kara
2011-11-16 13:11 ` Wu Fengguang
2011-11-22 22:28 ` Andrew Morton
2011-11-23 9:05 ` Wu Fengguang
2011-11-23 9:50 ` Andrew Morton
2011-11-23 12:27 ` [PATCH 2/2] " Theodore Tso
2011-11-23 20:29 ` Andrew Morton
2011-11-24 19:27 ` Matthew Wilcox
2011-11-24 20:53 ` Ted Ts'o
2011-11-25 0:10 ` Matthew Wilcox
2011-11-24 20:53 ` Jan Kara
2011-11-23 13:08 ` Jan Kara [this message]
2011-11-23 13:27 ` [PATCH 2/2] fs: " Wu Fengguang
2011-11-23 15:06 ` Theodore Tso
2011-11-28 3:08 ` Wu Fengguang
2011-11-28 3:33 ` [PATCH] writeback: add a safety limit to the SIGKILL abort Wu Fengguang
2011-11-29 14:18 ` Jan Kara
2011-11-29 14:16 ` [PATCH 2/2] fs: Make write(2) interruptible by a signal Jan Kara
2011-11-16 11:23 ` [PATCH 0/2 v3] Make task in balance_dirty_pages() killable Wu Fengguang
-- strict thread matches above, loose matches on Subject: below --
2011-11-14 16:15 [PATCH 0/2 v2] " Jan Kara
2011-11-14 16:15 ` [PATCH 2/2] fs: Make write(2) interruptible by a signal Jan Kara
2011-11-14 16:26 ` Christoph Hellwig
2011-11-14 16:46 ` Jan Kara
2011-11-14 20:13 ` Christoph Hellwig
2011-11-14 22:19 ` Andrew Morton
2011-11-15 11:23 ` Jan Kara
2011-11-14 11:10 [PATCH 0/2] Make task doing heavy writing killable Jan Kara
2011-11-14 11:10 ` [PATCH 2/2] fs: Make write(2) interruptible by a signal Jan Kara
2011-11-14 12:12 ` Matthew Wilcox
2011-11-14 12:15 ` Wu Fengguang
2011-11-14 12:34 ` Jan Kara
2011-11-14 14:16 ` Matthew Wilcox
2011-11-14 15:30 ` Jan Kara
2011-11-14 18:44 ` Jeremy Allison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111123130803.GD9775@quack.suse.cz \
--to=jack@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=fengguang.wu@intel.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).