Re: [man-pages RFC PATCH v4] statx, inode: document the new STATX_INO_VERSION field

From: J. Bruce Fields
Date: Thu Sep 08 2022 - 11:44:13 EST


On Thu, Sep 08, 2022 at 11:21:49AM -0400, Theodore Ts'o wrote:
> On Thu, Sep 08, 2022 at 10:33:26AM +0200, Jan Kara wrote:
> > It boils down to the fact that we don't want to call mark_inode_dirty()
> > from IOCB_NOWAIT path because for lots of filesystems that means journal
> > operation and there are high chances that may block.
> >
> > Presumably we could treat inode dirtying after i_version change similarly
> > to how we handle timestamp updates with lazytime mount option (i.e., not
> > dirty the inode immediately but only with a delay) but then the time window
> > for i_version inconsistencies due to a crash would be much larger.
>
> Perhaps this is a radical suggestion, but there seems to be a lot of
> the problems which are due to the concern "what if the file system
> crashes" (and so we need to worry about making sure that any
> increments to i_version MUST be persisted after it is incremented).
>
> Well, if we assume that unclean shutdowns are rare, then perhaps we
> shouldn't be optimizing for that case. So.... what if a file system
> had a counter which got incremented each time its journal is replayed
> representing an unclean shutdown. That shouldn't happen often, but if
> it does, there might be any number of i_version updates that may have
> gotten lost. So in that case, the NFS client should invalidate all of
> its caches.
>
> If the i_version field was large enough, we could just prefix the
> "unclean shutdown counter" with the existing i_version number when it
> is sent over the NFS protocol to the client. But if that field is too
> small,

The NFSv4 change attribute is 64 bits. Not sure exactly how to use
that, but I think it should be large enough.

> and if (as I understand things) NFS just needs to know when
> i_version is different, we could just simply hash the "unclean
> shtudown counter" with the inode's "i_version counter", and let that
> be the version which is sent from the NFS client to the server.

Yes, invalidating all caches could be painful, but as you say, also
rare.

We could also consider factoring the "unclean shutdown counter" on
creating (and writing) the new value, instead of on returning it.

That would mean it could go backward after a reboot, but at least it
would never repeat a previously used value. (Since the new "unclean
shutdown counter" will be factored in on first modification of the file
after restart.)

> If we could do that, then it doesn't become critical that every single
> i_version bump has to be persisted to disk, and we could treat it like
> a lazytime update; it's guaranteed to updated when we do an clean
> unmount of the file system (and when the file system is frozen), but
> on a crash, there is no guaranteee that all i_version bumps will be
> persisted, but we do have this "unclean shutdown" counter to deal with
> that case.
>
> Would this make life easier for folks?

Anyway, yes, seems helpful to me, and not too complicated. (I say,
having no idea how to implement the filesystem side.)

--b.