From: NeilBrown <neilb@suse.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Jeff Layton <jlayton@kernel.org>,
Bruce Fields <bfields@fieldses.org>,
Joshua Watt <jpewhacker@gmail.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: NFS Force Unmounting
Date: Fri, 03 Nov 2017 08:51:16 +1100 [thread overview]
Message-ID: <87tvyctkmj.fsf@notabene.neil.brown.name> (raw)
In-Reply-To: <D32FC586-C351-4810-A4A0-1B2208307A55@oracle.com>
[-- Attachment #1: Type: text/plain, Size: 2936 bytes --]
On Thu, Nov 02 2017, Chuck Lever wrote:
>> On Nov 1, 2017, at 8:15 PM, NeilBrown <neilb@suse.com> wrote:
>>
>> On Tue, Oct 31 2017, Chuck Lever wrote:
>>
>>>> On Oct 31, 2017, at 8:53 PM, NeilBrown <neilb@suse.com> wrote:
>>>
>>>> Maybe I could just sweep the problem under the carpet and use lazy
>>>> unmounts. That hides some of the problem, but doesn't stop sync(2) from
>>>> blocking indefinitely. And once you have done the lazy unmount, there
>>>> is no longer any opportunity to use MNT_FORCE.
>>>
>>> IMO a partial answer could be data caching in local files. If
>>> the client can't flush, then it can preserve the files until
>>> after the umount and reboot (using, say, fscache). Multi-client
>>> sharing is still hazardous, but that isn't a very frequent use
>>> case.
>>
>> What data is it, exactly, that we are worried about here?
>> Data that an application has written, but that it hasn't called fsync()
>> on? Do it isn't really all that important. It might just be scratch
>> data. It might be event logs. It certainly isn't committed database
>> data, or an incoming email message, or data saved by an editor, or
>> really anything else important.
>> It is data that would be lost if you kicked the powerplug out by
>> mistake.
>> It is data that we would rather save if we could, but data that is not
>> worth bending over backwards to keep a copy of in a non-standard
>> location just in case someone really cares.
>>
>> That's how I see it anyway.
>
> The assumption here is that any data loss or corruption when a
> mount is forcibly removed is strictly the responsibility of
> inadequate application design. Fair enough.
>
> One of my concerns (and I suspect Jeff is also worried about this
> use case) is what to do when tearing down containers that have
> stuck NFS mounts. Here, the host system is not being shut down,
> but the guests need to be shutdown cleanly so they can be destroyed.
Container-shutdown is a strong argument that MNT_FORCE is not enough and
that we need SIGKILL to actually remove the process.
Currently if there is pending dirty data on the final unmount of an NFS
filesystem, the superblock hangs around until the data is gone. This
is good for shutting down containers, but it is a little weird - totally
different to every other filesystem.
If NFS were changed so that unmount blocked on the last unmount when
there is dirty data - just like every other filesystem - then we
probably need a way to "force" that unmount even in a container.
Thanks,
NeilBrown
>
> These containers may be sharing page cache data or a transport
> with other users on the host. In this case, we are trying to
> avoid a host shutdown to recover the stuck resources, and we
> do have the (possibly unnecessary) luxury of having a human
> being present to ask what to do to complete the recovery.
>
>
> --
> Chuck Lever
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2017-11-02 21:51 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 17:11 NFS Force Unmounting Joshua Watt
2017-10-30 20:20 ` J. Bruce Fields
2017-10-30 21:04 ` Joshua Watt
2017-10-30 21:09 ` NeilBrown
2017-10-31 14:41 ` Jeff Layton
2017-10-31 14:55 ` Chuck Lever
2017-10-31 17:04 ` Joshua Watt
2017-10-31 19:46 ` Chuck Lever
2017-11-01 0:53 ` NeilBrown
2017-11-01 2:22 ` Chuck Lever
2017-11-01 14:38 ` Joshua Watt
2017-11-02 0:15 ` NeilBrown
2017-11-02 19:46 ` Chuck Lever
2017-11-02 21:51 ` NeilBrown [this message]
2017-11-01 17:24 ` Jeff Layton
2017-11-01 23:13 ` NeilBrown
2017-11-02 12:09 ` Jeff Layton
2017-11-02 14:54 ` Joshua Watt
2017-11-08 3:30 ` NeilBrown
2017-11-08 12:08 ` Jeff Layton
2017-11-08 15:52 ` J. Bruce Fields
2017-11-08 22:34 ` NeilBrown
2017-11-08 23:52 ` Trond Myklebust
2017-11-09 19:48 ` Joshua Watt
2017-11-10 0:16 ` NeilBrown
2017-11-08 14:59 ` [RFC 0/4] " Joshua Watt
2017-11-08 14:59 ` [RFC 1/4] SUNRPC: Add flag to kill new tasks Joshua Watt
2017-11-10 1:39 ` NeilBrown
2017-11-08 14:59 ` [RFC 2/4] SUNRPC: Kill client tasks from debugfs Joshua Watt
2017-11-10 1:47 ` NeilBrown
2017-11-10 14:13 ` Joshua Watt
2017-11-08 14:59 ` [RFC 3/4] SUNRPC: Simplify client shutdown Joshua Watt
2017-11-10 1:50 ` NeilBrown
2017-11-08 14:59 ` [RFC 4/4] NFS: Add forcekill mount option Joshua Watt
2017-11-10 2:01 ` NeilBrown
2017-11-10 14:16 ` Joshua Watt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tvyctkmj.fsf@notabene.neil.brown.name \
--to=neilb@suse.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=jpewhacker@gmail.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).