Date: Fri, 21 Jun 2019 17:17:58 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: Scott Long <scottl@samsco.org> Cc: Warner Losh <imp@bsdimp.com>, "Conrad E. Meyer" <cem@freebsd.org>, Alan Somers <asomers@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Reducing UFS corruption from unclean shutdowns? Message-ID: <tkrat.3b354462c27cc3ce@FreeBSD.org> In-Reply-To: <17B3F210-5101-449F-AE06-326F890C3C01@samsco.org> References: <CAOtMX2jPut4ve-Tr7DyikxXqnmqycyjEUpNmAiwUSXbQrK3iCA@mail.gmail.com> <C3016BDF-4B51-4A59-94F2-CCBD0DC4562E@samsco.org> <CAOtMX2jXiaOWpVdEg3_nBYinJWd=iwN_38hQ4eMOocgs8dMWhQ@mail.gmail.com> <F93827F6-1B99-4BDD-B245-C9594AD28ED7@samsco.org> <tkrat.bc0479d0867a8175@FreeBSD.org> <D7FC707D-B863-47F2-9580-C07881AAC866@samsco.org> <CAOtMX2heRbFONA4e7-buFgZeykCW13h1dC1DTVYOLFAier8wPg@mail.gmail.com> <CAG6CVpVZ2YaWzc7YbAoP=sY_NK4qcDbkyctDBW%2BOXoY6Du3WYQ@mail.gmail.com> <CANCZdfoEkRWqswsYj74STRByec41J5SWdvK%2BKcRqe5KJS6YV8w@mail.gmail.com> <17B3F210-5101-449F-AE06-326F890C3C01@samsco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Jun, Scott Long wrote: > > >> On Jun 21, 2019, at 4:37 PM, Warner Losh <imp@bsdimp.com> wrote: >> >> On Fri, Jun 21, 2019, 3:33 PM Conrad Meyer <cem@freebsd.org> wrote: >> >>> On Fri, Jun 21, 2019 at 2:55 PM Alan Somers <asomers@freebsd.org> wrote: >>>> I would've thought that immediately following a sync(8), the >>>> filesystem would be consistent. Why do I still see errors after a >>>> panic in files that were written before I sync()ed? >>>> -Alan >>> >>> Hi Alan, >>> >>> Contra the name, sync(2) (sync(8)) isn't synchronous. It invokes >>> VFS_SYNC() with MNT_NOWAIT across all mountpoints. >>> >> >> Yes. Sync(2) just starts the I/O, but it may be delayed if there is a lot >> of dirty buffers. The other issue is that new buffers may be dirtied… >> > > Still, the point of SU and SU+J is that the filesystem should not be > damaged and require active repair on reboot, whether or not a > sync or fsync was done. There’s certainly issues with disk lying > about out of order writes, POSIX sematics of unlinked files, and the > inherent design of UFS superblock updates, but the problems that > Alan reported should still be looked at, they’re not expected and > they undermine the usefulness of SU+J. Other that the inode hash error, the other issues should not prevent safely mounting the filesystem read-write. SU without J is able to fix these problems with a background fsck while the filesystem is mounted and in use. SU+J should be able to fix all of these except for the inode hash error by replaying the journal, but that is done by fsck. At least it can avoid the need to scan the entire filesystem. The problem of the disk lying about write completions should only be a problem if the power fails, or if we do something during the panic and recovery that tells the disk to toss its write cache. The main problem here is the inode hash error. That shouldn't be happening.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?tkrat.3b354462c27cc3ce>