| From: | Jeff Layton <jlayton-AT-redhat.com> |
| To: | Dave Chinner <david-AT-fromorbit.com> |
| Subject: | Re: fsync() errors is unsafe and risks data loss |
| Date: | Fri, 13 Apr 2018 09:18:56 -0400 |
| Message-ID: | <1523625536.4847.21.camel@redhat.com> |
| Cc: | lsf-pc <lsf-pc-AT-lists.linuxfoundation.org>, Matthew Wilcox <willy-AT-infradead.org>, Andres Freund <andres-AT-anarazel.de>, Andreas Dilger <adilger-AT-dilger.ca>, "Theodore Y. Ts'o" <tytso-AT-mit.edu>, Ext4 Developers List <linux-ext4-AT-vger.kernel.org>, Linux FS Devel <linux-fsdevel-AT-vger.kernel.org>, "Joshua D. Drake" <jd-AT-commandprompt.com> |
On Fri, 2018-04-13 at 08:44 +1000, Dave Chinner wrote: Got it, thanks. Yes, I think we ought to probably do the same thing globally. It's nice to know that xfs has already been doing this. That makes me feel better about making this behavior the gold standard for Linux filesystems. So to summarize, at this point in the discussion, I think we want to consider doing the following: * better reporting from syncfs (report an error when even one inode failed to be written back since last syncfs call). We'll probably implement this via a per-sb errseq_t in some fashion, though there are some implementation issues to work out. * invalidate or clear uptodate flag on pages that experience writeback errors, across filesystems. Encourage this as standard behavior for filesystems and maybe add helpers to make it easier to do this. Did I miss anything? Would that be enough to help the Pg usecase? I don't see us ever being able to reasonably support its current expectation that writeback errors will be seen on fd's that were opened after the error occurred. That's a really thorny problem from an object lifetime perspective. -- Jeff Layton <jlayton@redhat.com>