Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3792752imm; Wed, 5 Sep 2018 06:11:17 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbdEL74noyX5U2tWkP27aCAn7QQ2690CEX8akpaul2S9xTgdoNfZXhV8Se9PydycJUxD7e2 X-Received: by 2002:a63:8543:: with SMTP id u64-v6mr25913346pgd.248.1536153077356; Wed, 05 Sep 2018 06:11:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536153077; cv=none; d=google.com; s=arc-20160816; b=EOymeRjfSrQGPZZgvqgtlHtZUBcz03ZkIdLYl3neVX4DbwHS+P7c1MVQ4SZ8TIHeMs xNx5cSUZuHgQbNdC6Vh4U81ZMXxkQju9lxa2RGf70kAUh9SWPQmRSeifKHW4q0hi8GG/ FrMJU07wPPueeOPc7svbA2NJWV+tc0jn59Gg3YoptXx/aLgsL4JkIE0wKZD9rDq7+iqB ag0iu7vpQWGQRmDIkvyCkmwa9Q42bdTPUlo8/IR8zzp9fwHUs3gHxfHPlCL0H00tfKyD uRjJ6AmUWGUKrQNnk8GU56BAdKfgiZ+Myx+JH+/HvpN+UA0IixwcFkQ+uZvMSGxIXldB cCew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:mail-followup-to:message-id:subject:cc:to:from:date :dkim-signature; bh=hGD3PGefPjm9W9XJGyvau3Z42CUUVTVvQuVIGhuVj+g=; b=OoasxcRjlEZcyzNlbr2PMdbnY3fTrR+khOF3ezuk8aZFT/N90aTDtuFW72/uMpU3Yl KHhiapfcpk9lWH4VX/CiiZlg30/ba/TD/mKYYq8iO4HlHDa79HDQk8lvcuiRCw2bLdTp wVj+fy13Yj5LuPkCZmwONk3qXoSyMSox8uI0wYhsAC1gLKFt/2wlmfZZ8GHdInRhNsmn 0CDefc8n6noxgb6K/ZDmOivPCl5Z0Nj6XtkblS1Yv6HYAjPQ4qvXlYCr4TqWiYfb76Af DZdNHXF+SbzqeuqBcI+p9NZe0rpw6GwPp2QQBsMkuLnCwWQ1R+e9qKwP8FR1vkksvqui hbRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=AbaDsnEy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v66-v6si1990370pfb.368.2018.09.05.06.11.01; Wed, 05 Sep 2018 06:11:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=AbaDsnEy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727621AbeIERjD (ORCPT + 99 others); Wed, 5 Sep 2018 13:39:03 -0400 Received: from imap.thunk.org ([74.207.234.97]:53160 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725868AbeIERjD (ORCPT ); Wed, 5 Sep 2018 13:39:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hGD3PGefPjm9W9XJGyvau3Z42CUUVTVvQuVIGhuVj+g=; b=AbaDsnEyu/E7Js+EXcIxwgmW28 M7bI0A+ViAjd0v76nDIuA+k5d2DzWkt7kr+8HaHtsL+pUBikhDLeC2rW6X4whvi+ZLu9YYNbjisnx FuZCxrPautwLmDCvS3TJIinJ6ExnqGoHxkxbEY350cSEthEWFfzxIVFdhWe3tnyHz5xg=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1fxXY7-0003kf-I0; Wed, 05 Sep 2018 13:08:47 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id 71DB97A0068; Wed, 5 Sep 2018 09:08:45 -0400 (EDT) Date: Wed, 5 Sep 2018 09:08:45 -0400 From: "Theodore Y. Ts'o" To: =?utf-8?B?54Sm5pmT5Yas?= Cc: jlayton@redhat.com, R.E.Wolff@bitwizard.nl, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: POSIX violation by writeback error Message-ID: <20180905130845.GE23909@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , =?utf-8?B?54Sm5pmT5Yas?= , jlayton@redhat.com, R.E.Wolff@bitwizard.nl, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20180904075347.GH11854@BitWizard.nl> <82ffc434137c2ca47a8edefbe7007f5cbecd1cca.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 05, 2018 at 04:09:42PM +0800, 焦晓冬 wrote: > Well, since the reader application and the writer application are reading > a same file, they are indeed related. The reader here is expecting > to read the lasted data the writer offers, not any data available. The > reader is surely not expecting to read partially new and partially old data. > Right? And, that `read() should return the lasted write()` by POSIX > supports this expectation. Unix, and therefore Linux's, core assumption is that the primary abstraction is the file. So if you say that all applications which read or write the same file, that's equivalent of saying, "all applications are related". Consider that a text editor can read a config file, or a source file, or any other text file. Consider shell script commands such as "cat", "sort", "uniq". Heck /bin/cp copies any type of file. Does that mean that /bin/cp, as a reader application, is related to all applications on the system. The real problem here is that we're trying to guess the motivations and usage of programs that are reading the file, and there's no good way to do that. It could be that the reader is someone who wants to be informed that file is in page cache, but was never persisted to disk. It could be that the user has figured out something has gone terribly wrong, and is desperately trying to rescue all the data she can by copying it to another disk. In that case, stopping the reader from being able to access the contents is exactly the wrong thing to do if what you care about is preventing data loss. The other thing which you seem to be assuming is that applications which care about precious data won't use fsync(2). And in general, it's been fairly well known for decades that if you care about your data, you have to use fsync(2) or O_DIRECT writes; and you *must* check the error return of both the fsync(2) and the close(2) system calls. Emacs got that right in the mid-1980's --- over 30 years ago. We mocked GNOME and KDE's toy notepad applications for getting this wrong a decade ago, and they've since fixed it. Actually, the GNOME and KDE applications, because they were too lazy to persist the xattr and ACL's, decided it was better to truncate the file and then rewrite it. So if you crashed after the truncate... your data was toast. This was a decade ago, and again, it was considered spectacular bad application programming then, and it's since been fixed. The point here is that there will always be lousy application programs. And it is a genuine systems design question how much should we sacrifice performance and efficiency to accomodate stupid application programs. For example, we could make close(2) imply an fsync(2), and return the error in close(2). But *that* assumes that applications actually check the return value for close(2) --- and there will be those that don't. This would completely trash performance for builds, since it would slow down writing generated files such as all the *.o object files. Which since they are generated files, they aren't precious. So forcing an fsync(2) after writing all of those files will destroy your system performance. - Ted