Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2905843imm; Tue, 4 Sep 2018 11:55:32 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbPvMPJkJZt2gkyLE8ML0uSvvwf5ZFR/cdEYsGozDH7wd5ciVs8LXdicgoI4wthWwVx+KWi X-Received: by 2002:a17:902:286a:: with SMTP id e97-v6mr35160910plb.340.1536087332940; Tue, 04 Sep 2018 11:55:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536087332; cv=none; d=google.com; s=arc-20160816; b=j6BcLnmzOpPLiPXSFVay2G9JtAno871idslpH2v0+vafa+BIiQn5kGG2MCjr8tVj2s saW6UryWvxg0gC+pSRpzjC/IPDPWXmR7M/AA3Lw8HEKJD3bcUDfZZeoSVGOPKHwFQrB7 gooO8QfKES0fwDbS3wOj0EPrA2lOwA1A9iv0d4KnEf2jDw6uSKVmrNbS3pZDt076kDJ7 XIJQ5tI9FhrJ5Z47T2lCHq/uPuoBRaxgj+SaaKHD2t2kT6t9ZHCcM4lxRzV7yMZzyvs2 bizwQrarvH+FrOznLY1Ps14554vBOQFlO3Cj7fAt+zk3KHrLpPrIRagtxfLEZXzp1Y/D Hc7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=Au5gPBtc3nVKO1FQPJzYDFUv1s6RDhZndZyjRteFSMk=; b=uEqlBVY1F3syMAEnBNpnrZhOzvMFEh0LXnvMJugzksgjXWpiFJCzjHoLdXxWRLKHec j+TB/oYSGi8HO+uE/cwf9ZlPzfoEko8KYzb167RsfrXZdEyWgDD6T2+h0uufQMOoKgoR t2eAqpgbiUA8fD9Y/Qb8IH0n4L0bsVdQplDIa0ymLsTbZLjD5UypKefIf4CDECRqagLP wBDUap1tOH3AmoB0sIycbWm0QgXWFvY0nubhpePM/vxkS0hNXZNRMttIACd6HotujZMM zKtmQAxHJRNEazFtgkm54sY1YhTL5Sumxl/LD8v9SA96ovAh1g4/iio4JGAvvs0coVSo TH5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q8-v6si19346065pls.482.2018.09.04.11.55.16; Tue, 04 Sep 2018 11:55:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727799AbeIDXUf (ORCPT + 99 others); Tue, 4 Sep 2018 19:20:35 -0400 Received: from fieldses.org ([173.255.197.46]:56578 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727315AbeIDXUf (ORCPT ); Tue, 4 Sep 2018 19:20:35 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 7BE451DCB; Tue, 4 Sep 2018 14:54:11 -0400 (EDT) Date: Tue, 4 Sep 2018 14:54:11 -0400 From: "J. Bruce Fields" To: Rogier Wolff Cc: Jeff Layton , =?utf-8?B?54Sm5pmT5Yas?= , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: POSIX violation by writeback error Message-ID: <20180904185411.GA22166@fieldses.org> References: <20180904075347.GH11854@BitWizard.nl> <82ffc434137c2ca47a8edefbe7007f5cbecd1cca.camel@redhat.com> <20180904161203.GD17478@fieldses.org> <20180904162348.GN17123@BitWizard.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180904162348.GN17123@BitWizard.nl> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 04, 2018 at 06:23:48PM +0200, Rogier Wolff wrote: > On Tue, Sep 04, 2018 at 12:12:03PM -0400, J. Bruce Fields wrote: > > Well, I think the point was that in the above examples you'd prefer that > > the read just fail--no need to keep the data. A bit marking the file > > (or even the entire filesystem) unreadable would satisfy posix, I guess. > > Whether that's practical, I don't know. > > When you would do it like that (mark the whole filesystem as "in > error") things go from bad to worse even faster. The Linux kernel > tries to keep the system up even in the face of errors. > > With that suggestion, having one application run into a writeback > error would effectively crash the whole system because the filesystem > may be the root filesystem and stuff like "sshd" that you need to > diagnose the problem needs to be read from the disk.... Well, the absolutist position on posix compliance here would be that a crash is still preferable to returning the wrong data. And for the cases 焦晓冬 gives, that sounds right? Maybe it's the wrong balance in general, I don't know. And we do already have filesystems with panic-on-error options, so if they aren't used maybe then maybe users have already voted against that level of strictness. --b.