Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Sep 2004 16:20:50 -0700 (PDT)
From:      Joseph Davida <jd10008@yahoo.com>
To:        Stefan "Eßer" <se@FreeBSD.org>
Cc:        freebsd-mobile@freebsd.org
Subject:   Re: How to get usbd to umount fle systems without crashing ?
Message-ID:  <20040920232050.81796.qmail@web42301.mail.yahoo.com>
In-Reply-To: <20040920204151.GB4299@StefanEsser.FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Providing an FS option to mount such devices
with all synchronous updates (data and metadata)
is a much safer and easier. All that you would
need here is that unplugging the device would
trigger an event which would lead to unmounting
the device automatically with a much
lesser chance of losing
any data from unwritten buffers belonging to the
device. Data could still be lost if say you
were copying large files from some other
drive to the USB stick device. Of course, if
processes had open file descriptors in such
a filesystem , an unplug event should be
handled by returning an error to all
processes with open file descriptors that
attempt to read/write such files, but should
still lead to unmonting the device.

Seems to me the scheme you describe
requires yet another facility in the
kernel to monitor activity
(or inactivity) of a filesystem, change the
superblock fs structure contents
(fs->fs_ronly)...etc which would require yet
another slowdown in the kernel: i.e.
synchronizing with processes.
I imagine it would require that a kernel
watchdog timer (which would set the FS to RO)
synchronize with the sync()er, softupdates,
the pagedaemon, the bufdaemon, and possibly
others, in order to implement the safe
transition of fs_ronly from
0 to 1, and back again from 1 to 0.

Also, what if the device is mounted read only
for the purpose that no one should modify it's
files? The scheme you describe, even if it were
cleanly implementable, would override
that and defeat the purpose.

My $.02's worth :)

Cheers,

Joe

--- Stefan Eßer <se@FreeBSD.org> wrote:

> On 2004-09-20 10:49 -0700, Joseph Davida <jd10008@yahoo.com> wrote:
> > For these devices (memory sticks), a new
> > option to mount is needed.
> > Currently the default mount is
> > noasync. From mount(8) man page:
> > noasync
> >         Metadata I/O should be done synchronously,
> >         while data I/O should be done asynchronously.
> >         This is the default.
> > 
> > What we need is an option like "noasynchdata"
> > or "synchdata" to force all IO (data and metadata)
> > to be synchronous to these USB memory sticks.
> > This will enable us to hot unplug a memory stick
> > and the OS should automatically unmount
> > the device (I dont know if automatic umount
> > is currently implemented).
> 
> I'd often wanted to have an option that re-mounts a drive R/O after
> some period of inactivity (say, one to three seconds), and which
> switches back to a R/W for the next write request. An implicit fsync
> of all files open for writing on that device is required (which may
> possibly restart the time-out, if (meta-)data has to be written).
> 
> Different from an "mount -u -r" is that files may still be open for
> writing (next write to the device should immediately cause the in-core
> superblock to be marked dirty again and to be written to disk).
> 
> The intent is to mount any removable media (USB stick, hot-pluggable
> disk drive, floppy) with that option and to have the filesystem
> super-block marked clean as soon as the device has not been written to
> for a few seconds.
> 
> I have not thoroughly looked at the complexity of implementing such a
> filesystem option, but I guess that most of the functionality is already
> there:
> 
> An implementation could consist of a time-out handler that calls VFS_SYNC
> when there haven't been any writes during the configured period of time.
> 
> Initially and as long as the super-block is marked clean, fs->fs_ronly
> should be set.
> 
> In the error handler that is invoked when attempting to write to a R/O
> filesystem, the new mount option should be checked, causing an update to
> R/W and the start of the time-out mechanism that will eventually cause
> the downgrade to R/O, completing one iteration of the loop.
> 
> During an attempt to upgrade the mount to R/W, the super-block must be
> verified to match the actual device (it could have been exchanged). In
> case of a mis-match (or the device or media having been removed), a forced
> unmount of the filesystem is required, which will cause all further attempts
> to read or write files on that filesystem to fail.
> 
> Did I miss anything?
> 
> Regards, STefan
> _______________________________________________
> freebsd-mobile@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
> To unsubscribe, send any mail to "freebsd-mobile-unsubscribe@freebsd.org"
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040920232050.81796.qmail>