Re: [RFD] What error should FS return when I/O failure occurs?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Elladan <elladan@eskimo.com>
To: Kenichi Okuyama <okuyamak@dd.iij4u.or.jp>
Cc: Valdis.Kletnieks@vt.edu, fs@ercist.iscas.ac.cn,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [RFD] What error should FS return when I/O failure occurs?
Date: Mon, 16 May 2005 15:30:58 -0700	[thread overview]
Message-ID: <20050516223058.GG18792@eskimo.com> (raw)
In-Reply-To: <20050517.063931.91280786.okuyamak@dd.iij4u.or.jp>

On Tue, May 17, 2005 at 06:39:31AM +0900, Kenichi Okuyama wrote:
> >>>>> "Valdis" == Valdis Kletnieks <Valdis.Kletnieks@vt.edu> writes:
> 
> Valdis> Why?  If the disk disappeared out from under us because it was an unplugged USB
> Valdis> device, there's at least a possibility of it reappearing via hotplug - presumably
> Valdis> if you verify the UUID that it's the *same* file system, hotplug could do a
> Valdis> 'mount -o remount' and recover the situation....
> 
> I don't think that's good idea.
> 
> USB storage is gone. And it SEEMS to came back.
> But how do you know that it's images were not changed.
> 
> Blocks you have cached might have different image. If you remount
> the file system, the cache image should be updated as well.
> 
> But very fact that *cache image should be updated* means, old cache
> image was invalid. And when did it become invalid?

[...]

> You'll, at least, see that there is some inconsistency about cache
> handling when we *umount->mount* and *remount*.

This is basically the problem people have had with removable storage for
years...  You can't really solve it perfectly, since as you note one
could always place the storage in another machine and change it.

But I think it's instructive to note what most other systems have done
in this situation...  The solution seems similar in most cases, from eg.
Mac, Amiga, DOS, Windows, etc.

The typical solution is, when a removable device is yanked when dirty
blocks exist, is to keep the dirty blocks around, and put the device
into some sort of pending-reinsert state.

Then most systems typically display a large message to the user of the
form: "You idiot!  Put the disk/cd/flash/etc. back in!"

The cache and dirty blocks would then only be cleared on a user cancel.
If the same device (according to some ID test) reappears, then it's
reactivated and usage continues normally.

Obviously, this sort of approach requires some user interaction to get
right.  It has the distinct advantage of not throwing away the data the
user wrote after an inadvertant disconnect, for example if they thought
the device was done writing when it really wasn't.  It can also keep
from corrupting the FS metadata.

The downside is that it might not really work, if there wasn't a good
way to know when sectors actually are in stable storage, since a few
blocks could be lost around the time the device was pulled.

-J

next prev parent reply	other threads:[~2005-05-16 22:35 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-16 17:14 [RFD] What error should FS return when I/O failure occurs? fs
2005-05-16  6:35 ` Valdis.Kletnieks
2005-05-16 18:04   ` fs
2005-05-16 17:58     ` Valdis.Kletnieks
2005-05-17 16:47       ` fs
     [not found]         ` <200505171057.10540.vda@ilport.com.ua>
2005-05-17 19:41           ` fs
2005-05-16 20:11   ` Kenichi Okuyama
2005-05-16 20:35     ` Valdis.Kletnieks
2005-05-16 21:39       ` Kenichi Okuyama
2005-05-16 22:04         ` Brad Boyer
2005-05-16 22:30         ` Elladan [this message]
2005-05-17  6:17           ` Denis Vlasenko
2005-05-17 21:26           ` Kenichi Okuyama
2005-05-19 15:44             ` Elladan
2005-05-16 22:57         ` Coywolf Qi Hunt
2005-05-16 22:54     ` Coywolf Qi Hunt
2005-05-17 16:06       ` fs
2005-05-16 17:36 ` Hans Reiser
  -- strict thread matches above, loose matches on Subject: below --
2005-05-17  5:36 Hua Zhong (hzhong)
2005-05-17 16:55 ` fs
2005-05-17  6:00 Hua Zhong (hzhong)
2005-05-17 17:20 ` fs
     [not found] <05May16.114248edt.32448@gpu.utcc.utoronto.ca>
2005-05-17 15:43 ` fs
     [not found] <OF18BF4790.4053D6B0-ON88257004.0063F34D-88257004.006557CA@us.ibm.com>
2005-05-18 17:10 ` fs
2005-05-18  7:57   ` Valdis.Kletnieks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050516223058.GG18792@eskimo.com \
    --to=elladan@eskimo.com \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=fs@ercist.iscas.ac.cn \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=okuyamak@dd.iij4u.or.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox