Re: Ext4 and the "30 second window of death"

From: Matthew Garrett
Date: Wed Apr 01 2009 - 13:43:54 EST

Next message: Ingo Molnar: "Re: [PATCH -tip 0/4 V3] tracing: kprobe-based event tracer"
Previous message: Herrera-Bendezu, Luis: "UIO: uio_mem does not handle devices above 4 GB address"
In reply to: Theodore Tso: "Re: Ext4 and the "30 second window of death""
Next in thread: Ray Lee: "Re: Ext4 and the "30 second window of death""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 01, 2009 at 01:35:21PM -0400, Theodore Tso wrote:
> On Wed, Apr 01, 2009 at 04:12:21PM +0100, Matthew Garrett wrote:
> > On Wed, Apr 01, 2009 at 06:20:50AM +0100, Sitsofe Wheeler wrote:
> >
> > > Just out of curiosity, when laptop mode is happening is there a
> > > guarantee that writes to other files won't be reordered to before the
> > > fsync?
> >
> > laptop-mode does two things - tweak the dirty page semantics slightly
> > (not in an interestingly relevant way) and call sys_sync() a few seconds
> > after something hits disk rather than cache. In contrast to Ted's
> > suggestion that laptop-mode reduces data integrity, it actually enhances
> > it by opportunistically ensuring that data hits disk. It's the
> > lengthening of the commit intervals that usually accompanies it that
> > increases the risk of data loss.
>
> It *can* reduce data integrity; it really depends on how it's tuned
> and what scenario you're talking about. To the extent that it uses
> sys_sync(), it could help in some cases as well, since filesystems
> that do delayed allocation will wake up when the commit interval
> fires, and then force out all writes to the disk, yes. But before the
> commit interval, there is an increased risk of data loss --- which the
> user requested.

Not from laptop-mode. Let's separate the functionality from the typical
use case.

> The other subtlety comes if we add fsync() suppression to laptop mode
> --- which is something that Bart Samwel is very interested in doing
> and I talked to him at FOSDEM about this. As Jeff Garzik recently
> pointed out, however, if we let the system reorder writes across
> fsync() boundaries, or if we combine two writes to the same block
> separated by an fsync(), and the system crashes in the middle of
> pushing all of these blocks out to the disk, we can end up trashing
> the consistency guarantees of a database such as mysql or postgres.
> It's a good point, but it only applies if we add fsync() suppression
> to laptop mode --- which we haven't done yet.

I've got absolutely no idea why anyone would want fsync() to stop
meaning "Put my data on the disk please". laptop-mode isn't intended to
reduce data integrity - it's intended to batch disk write-outs such that
there's a lower risk of needing to perform further write-outs in future.
It makes sense for applications which really desperately want
information on disk to fsync() (for instance, saving a file in
OpenOffice).

laptop-mode is something that makes sense as a default behaviour under a
lot of circumstances. Adding fsync() suppression means it's utterly
impossible to use it in that way. An additional mode would be perfectly
reasonable, as long as it's made clear that it's really a request for
data to be discarded at some point. The current mode isn't.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH -tip 0/4 V3] tracing: kprobe-based event tracer"
Previous message: Herrera-Bendezu, Luis: "UIO: uio_mem does not handle devices above 4 GB address"
In reply to: Theodore Tso: "Re: Ext4 and the "30 second window of death""
Next in thread: Ray Lee: "Re: Ext4 and the "30 second window of death""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]