Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752190AbbEHBXa (ORCPT ); Thu, 7 May 2015 21:23:30 -0400 Received: from mail-vn0-f41.google.com ([209.85.216.41]:41551 "EHLO mail-vn0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751739AbbEHBXZ (ORCPT ); Thu, 7 May 2015 21:23:25 -0400 MIME-Version: 1.0 In-Reply-To: References: <1430949612-21356-1-git-send-email-zab@redhat.com> <20150507002617.GJ4327@dastard> <20150507172053.GA659@lenny.home.zabbo.net> Date: Thu, 7 May 2015 21:23:24 -0400 Message-ID: Subject: Re: [PATCH RFC] vfs: add a O_NOMTIME flag From: Trond Myklebust To: Sage Weil Cc: Zach Brown , Dave Chinner , Alexander Viro , Linux FS-devel Mailing List , Linux Kernel Mailing List , Linux API Mailing List Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2745 Lines: 55 On Thu, May 7, 2015 at 9:01 PM, Sage Weil wrote: > On Thu, 7 May 2015, Zach Brown wrote: >> On Thu, May 07, 2015 at 10:26:17AM +1000, Dave Chinner wrote: >> > On Wed, May 06, 2015 at 03:00:12PM -0700, Zach Brown wrote: >> > > The criteria for using O_NOMTIME is the same as for using O_NOATIME: >> > > owning the file or having the CAP_FOWNER capability. If we're not >> > > comfortable allowing owners to prevent mtime/ctime updates then we >> > > should add a tunable to allow O_NOMTIME. Maybe a mount option? >> > >> > I dislike "turn off safety for performance" options because Joe >> > SpeedRacer will always select performance over safety. >> >> Well, for ceph there's no safety concern. They never use cmtime in >> these files. >> >> So are you suggesting not implementing this and making them rework their >> IO paths to avoid the fs maintaining mtime so that we don't give Joe >> Speedracer more rope? Or are we talking about adding some speed bumps >> that ceph can flip on that might give Joe Speedracer pause? > > I think this is the fundamental question: who do we give the ammunition > to, the user or app writer, or the sysadmin? > > One might argue that we gave the user a similar power with O_NOATIME (the > power to break applications that assume atime is accurate). Here we give > developers/users the power to not update mtime and suffer the consequences > (like, obviously, breaking mtime-based backups). It should be pretty > obvious to anyone using the flag what the consequences are. > > Note that we can suffer similar lapses in mtime with fdatasync followed by > a system crash. And as Andy points out it's semi-broken for writable > mmap. The crash case is obviously a slightly different thing, but the > idea that mtime can't always be trusted certainly isn't crazy talk. > > Or, we can be conservative and require a mount option so that the admin > has to explicitly allow behavior that might break some existing > assumptions about mtime/ctime ('-o user_noatime' I guess?). > > I'm happy either way, so long as in the end an unprivileged ceph daemon > avoids the useless work. In our case we always own the entire mount/disk, > so a mount option is just fine. > So, what is the expectation here for filesystems that cannot support this flag? NFSv3 in particular would break pretty catastrophically if someone decided on a whim to turn off mtime: they will have turned off the client's ability to detect cache incoherencies. Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/