Date: Fri, 06 Dec 2002 12:00:06 -0800 From: Kirk McKusick <mckusick@beastie.mckusick.com> To: Archie Cobbs <archie@dellroad.org> Cc: Dan Nelson <dnelson@allantgroup.com>, freebsd-current@FreeBSD.ORG Subject: Re: backgroud fsck is still locking up system (fwd) Message-ID: <200212062000.gB6K0659093727@beastie.mckusick.com> In-Reply-To: Your message of "Fri, 06 Dec 2002 11:28:52 PST." <200212061928.gB6JSqn0065389@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The loss of files under soft updates is possible if your editor
fails to fsync the new file before unlinking the old file. The
`vi' editor always does an `fsync' after writing the new copy and
before removing the old copy. I have not checked with other editors
such as emacs to see if they properly use fsync. Note that there
is also a vulnerability without soft updates, it is just that the
window of vulnerability is shorter. So, editors should always do
fsync's, it is just more critical if you are using soft updates (or
journalling for that matter).
The main reason for not using soft updates on the root filesystem
was because of the delay between removing files and having the
space show up. The result was that world installs on the root
filesystem often failed if the root was nearly full (as is so
often the case). That problem has now been fixed in 5.0 with a
callback to soft updates if a filesystem full error is about to
be generated. When called back, soft updates expedites the freeing
of space so that the new allocation can succeed. So, the primary
reason for not using soft updates on the root is now fixed. If
however, mainline editors are not doing fsync's, then there is
still a good reason not to use soft updates on the root filesystem.
Kirk McKusick
=-=-=-=-=
From: Archie Cobbs <archie@dellroad.org>
Subject: Re: backgroud fsck is still locking up system (fwd)
In-Reply-To: <20021206191024.GA1646@dan.emsphone.com>
To: Dan Nelson <dnelson@allantgroup.com>
Date: Fri, 6 Dec 2002 11:28:52 -0800 (PST)
CC: mckusick@beastie.mckusick.com, freebsd-current@FreeBSD.ORG
X-ASK-Info: Whitelist match
Dan Nelson wrote:
> > Why does softupdates not get enabled on / , by default on the
> > install?
>
> Softupdates updates on-disk structures in the background, and
> background fsck cannot relink unreferenced files into lost+found, so
> you run the risk of losing both the original and backup copies of
> important files in case of a sudden reboot. Imagine you edited
> /etc/rc.conf, saved it, and 5 seconds later the system panic'ed.
> Because the default metadata flush time is 28 seconds, there's a pretty
> good chance that neither the new file or the original is in /etc after
> a reboot. I got bit by this three times before I learned my lesson. I
I don't understand this.. presumably vi updates the file contents by
opening and writing into the file; why would this cause the file's
directory entry to disappear?
On the other hand, if you do "mv rc.conf.new rc.conf" then you are
supposedly guaranteed that the file exists in some form; see rename(2).
In any case, you seem to be implying that with respect to modifying
files just before a system crash:
(a) Softupdates is more 'dangerous' than non-softupdates
(b) Background fsck is more 'dangerous' than normal fsck
Is this really true? I thought if anything the reverse of (a) would be true.
-Archie
__________________________________________________________________________
Archie Cobbs * Packet Design * http://www.packetdesign.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212062000.gB6K0659093727>