From: Omar Sandoval <osandov@osandov.com>
To: Dave Chinner <david@fromorbit.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Amir Goldstein <amir73il@gmail.com>,
Trond Myklebust <trondmy@hammerspace.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"lsf-pc@lists.linux-foundation.org"
<lsf-pc@lists.linux-foundation.org>, "hch@lst.de" <hch@lst.de>,
"miklos@szeredi.hu" <miklos@szeredi.hu>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"Darrick J. Wong" <darrick.wong@oracle.com>
Subject: Re: [LSF/MM/BPF TOPIC] Allowing linkat() to replace the destination
Date: Mon, 27 Jan 2020 17:27:47 -0800 [thread overview]
Message-ID: <20200128012747.GB683123@vader> (raw)
In-Reply-To: <20200123071639.GA7216@dread.disaster.area>
On Thu, Jan 23, 2020 at 06:16:39PM +1100, Dave Chinner wrote:
> On Thu, Jan 23, 2020 at 03:47:45AM +0000, Al Viro wrote:
> > On Wed, Jan 22, 2020 at 02:10:03PM -0800, Omar Sandoval wrote:
> >
> > > > Sorry for not reading all the thread again, some API questions:
> > > > - We intend to allow AT_REPLACE only with O_TMPFILE src. Right?
> > >
> > > I wasn't planning on having that restriction. It's not too much effort
> > > for filesystems to support it for normal files, so I wouldn't want to
> > > place an artificial restriction on a useful primitive.
> >
> > I'm not sure; that's how we ended up with the unspeakable APIs like
> > rename(2), after all...
>
> Yet it is just rename(2) with the serial numbers filed off -
> complete with all the same data vs metadata ordering problems that
> rename(2) comes along with. i.e. it needs fsync to guarantee data
> integrity of the source file before the linkat() call is made.
>
> If we can forsee that users are going to complain that
> linkat(AT_REPLACE) using O_TMPFILE files is not atomic because it
> leaves zero length files behind after a crash just like rename()
> does, then we haven't really improved anything at all...
>
> And, really, I don't think anyone wants another API that requires
> multiple fsync calls to use correctly for crash-safe file
> replacement, let alone try to teach people who still cant rename a
> file safely how to use it....
AT_REPLACE would have a leg up in that we can at least mention the (lack
of) integrity guarantees in the man page. It's no suprise that no one
gets rename right when the documentation make no mention of
integrity/durability/crash safety.
Sure, if everyone wants AT_REPLACE to guarantee integrity, we can do
that. But I'm going to start with the simplest proposal that makes no
such guarantees.
next prev parent reply other threads:[~2020-01-28 1:27 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-17 12:49 [LSF/MM/BPF TOPIC] Allowing linkat() to replace the destination David Howells
2020-01-17 14:33 ` Trond Myklebust
2020-01-17 15:46 ` Al Viro
2020-01-17 16:12 ` Trond Myklebust
2020-01-17 16:48 ` Al Viro
2020-01-17 16:36 ` Omar Sandoval
2020-01-17 16:59 ` Al Viro
2020-01-17 17:28 ` Omar Sandoval
2020-01-17 18:17 ` Al Viro
2020-01-17 20:22 ` Omar Sandoval
2020-01-17 22:22 ` Al Viro
2020-01-17 23:54 ` Omar Sandoval
2020-01-18 0:47 ` Al Viro
2020-01-18 1:17 ` Omar Sandoval
2020-01-18 2:20 ` Al Viro
2020-01-21 23:05 ` Omar Sandoval
2020-01-22 6:57 ` Amir Goldstein
2020-01-22 22:10 ` Omar Sandoval
2020-01-23 3:47 ` Al Viro
2020-01-23 7:16 ` Dave Chinner
2020-01-23 7:47 ` Amir Goldstein
2020-01-24 21:25 ` Dave Chinner
2020-01-31 5:24 ` Darrick J. Wong
2020-01-31 5:29 ` hch
2020-01-31 7:00 ` Amir Goldstein
2020-01-31 20:33 ` Omar Sandoval
2020-01-31 21:55 ` Amir Goldstein
2020-01-28 1:27 ` Omar Sandoval [this message]
2020-01-28 14:35 ` David Howells
2020-01-31 5:31 ` hch
2020-01-31 8:04 ` David Howells
2020-01-31 8:56 ` Amir Goldstein
2020-01-22 9:53 ` David Howells
2020-01-17 14:47 ` David Howells
2020-01-17 14:56 ` Trond Myklebust
2020-01-17 16:01 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200128012747.GB683123@vader \
--to=osandov@osandov.com \
--cc=amir73il@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=dhowells@redhat.com \
--cc=hch@lst.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=miklos@szeredi.hu \
--cc=trondmy@hammerspace.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).