From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from bombadil.infradead.org ([198.137.202.133]:37814 "EHLO
        bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751630AbeDLVbP (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Thu, 12 Apr 2018 17:31:15 -0400
Date: Thu, 12 Apr 2018 14:31:10 -0700
From: Matthew Wilcox <willy@infradead.org>
To: Jeff Layton <jlayton@redhat.com>
Cc: Andres Freund <andres@anarazel.de>,
        "Theodore Y. Ts'o" <tytso@mit.edu>,
        Dave Chinner <david@fromorbit.com>,
        Andreas Dilger <adilger@dilger.ca>,
        20180410184356.GD3563@thunk.org,
        Ext4 Developers List <linux-ext4@vger.kernel.org>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        "Joshua D. Drake" <jd@commandprompt.com>
Subject: Re: fsync() errors is unsafe and risks data loss
Message-ID: <20180412213110.GF18364@bombadil.infradead.org>
References: <20180410220726.vunhvwuzxi5bm6e5@alap3.anarazel.de>
 <190CF56C-C03D-4504-8B35-5DB479801513@dilger.ca>
 <20180412021752.2wykkutkmzh4ikbf@alap3.anarazel.de>
 <20180412030248.GA8509@bombadil.infradead.org>
 <1523531354.4532.21.camel@redhat.com>
 <20180412120122.GE23861@dastard>
 <20180412151646.GQ2801@thunk.org>
 <20180412201322.77igwnxfqbmnsxkf@alap3.anarazel.de>
 <20180412202830.GA18364@bombadil.infradead.org>
 <1523567694.7617.8.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1523567694.7617.8.camel@redhat.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Thu, Apr 12, 2018 at 05:14:54PM -0400, Jeff Layton wrote:
> On Thu, 2018-04-12 at 13:28 -0700, Matthew Wilcox wrote:
> > On Thu, Apr 12, 2018 at 01:13:22PM -0700, Andres Freund wrote:
> > > I think a per-file or even per-blockdev/fs error state that'd be
> > > returned by fsync() would be more than sufficient.
> >
> > Ah; this was my suggestion to Jeff on IRC.  That we add a per-
> > superblock
> > wb_err and then allow syncfs() to return it.  So you'd open an fd on
> > a directory (for example), and call syncfs() which would return -EIO
> > or -ENOSPC if either of those conditions had occurred since you
> > opened
> > the fd.
> 
> Not a bad idea and shouldn't be too costly. mapping_set_error could
> flag the superblock one before or after the one in the mapping.
> 
> We'd need to define what happens if you interleave fsync and syncfs
> calls on the same inode though. How do we handle file->f_wb_err in that
> case? Would we need a second field in struct file to act as the per-sb
> error cursor?

Ooh.  I hadn't thought that through.  Bleh.  I don't want to add a field
to struct file for this uncommon case.

Maybe O_PATH could be used for this?  It gets you a file descriptor on
a particular filesystem, so syncfs() is defined, but it can't report
a writeback error.  So if you open something O_PATH, you can use the
file's f_wb_err for the mapping's error cursor.