From owner-freebsd-questions Mon Apr 17 12:35:42 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hermes.avantgo.com (ws1.avantgo.com [207.214.200.194]) by hub.freebsd.org (Postfix) with ESMTP id 0CEEC37B55B for ; Mon, 17 Apr 2000 12:35:40 -0700 (PDT) (envelope-from scott@avantgo.com) Received: from river.avantgo.com (river.avantgo.com [10.0.128.30]) by hermes.avantgo.com (Postfix) with ESMTP id BCAE726; Mon, 17 Apr 2000 12:35:39 -0700 (PDT) Date: Mon, 17 Apr 2000 12:34:49 -0700 (PDT) From: Scott Hess To: Alfred Perlstein Cc: Rahul Siddharthan , Rasmus Skaarup , freebsd-questions@FreeBSD.ORG Subject: Re: disc io - sync and async Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Sorry if you got a duplicate, I got a bounce due to mail server misconfiguration on my end. -scott] On Mon, Apr 17, 2000 at 08:45:52AM -0700, Alfred Perlstein wrote: > Let's take the worst case scenario and assume that you just rebuilt > the password file database under Linux and at the same time a user > just created a somewhat large file: > > Now since meta-data isn't consistant under async it's quite possible > that the password file's inode hasn't been truncated to free it's > blocks while the user's file's inode has been given ownership of > the blocks on disk. > > *power goes out* > *machine comes back up* > *user suprised to find bits of your password file in his tempfile* > *administrator suprised to find instance of 'crack' running on > system* > > oh joy. > > Ok, considering that which do you think is a more reasonable default? Unfortunately, sync versus async doesn't address that issue. Even without an async mount, a file can be allocated blocks on the disk without having written to those blocks. Say the program writes 8k of data to a file with 8k of data. The kernel allocates a new block out of the free bitmap, and immediately writes the updated inode - but doesn't necessarily immediately write the new data block. If the system crashes at that point, and the newly-reserved block was part of the newly-freed /etc/passwd... I've actually been bitten by this. I had written a storage subsystem which, by virtue of carefully arranged rename calls, should have made file updates atomic (you either got the old file or the new file, but always a valid file). We once had a system crash, and after fsck had completed, a large number of the files were corrupt. The system had been running for months and terabytes of transfers, with zero detected corruption. Inspection indicated that corruption was data that should under no circumstances have existed in the files in question. The only explaination I could find was that the rename had been synced to disk before the data blocks were sync'ed. This is one of the things softupdates is supposed to fix. [Since I didn't trust softupdates at that time, I fixed my problem by explicitely fsync'ing the file before renaming it.] Later, scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message