Ubuntu
linux package

Bug #317781
Comment #50

Comment 50 for bug 317781

Revision history for this message

Theodore Ts'o (tytso) wrote on 2009-03-06:

#50

@3vi1

If you really want to make sure the data in on disk, you have to use fsync() or fdatasync(). Even with ext3, if you crash at the wrong time, you will also lose data. So it's not the case with ext4 that "it's going to truncate files every time a non-redundant component dies". It's not every time. If you fdatasync() or fsync() the file, once the system call returns you know it will be safely on disk. With the patches, the blocks will be forcibly allocated in the case where you are replacing an existing file, so if you crash, you'll either get the old version (if the commit didn't make it) or the new version (if the commit did make it). If you really care, you could write a program which runs sync() every 5 seconds, or even every 1 second. Your performance will be completely trashed, but that's the way things break.

Or you can be smart about how you write your application, so you fsync() or fdatasync() at critical points, so you have a good tradeoff between performance and data being reliably written to disk; very often it's not necessarily that data be always written to disk at that very instant; just under the right controlled circumstances. And if it's too much of a performance hit, then you can be more clever about how you write your application, or you can make your system more redundant. There's an old saying, "fast", "good", "cheap". Choose two. In this particular case, replace "good" with "reliable", and that's the fundamental tradeoff. With the patches, we are as close as possible to ext3 for the common workloads for crappy desktop applications that like to constantly rewrite hundreds of dotfiles. Editors like emacs already call fsync() when the save a file. And Mail Transfer Agents also call fsync() before they return the SMTP code meaning, "I've got the e-mail, now it's my responsibility". So most programs do the right thing. But if you want to make sure every single write is guaranteed to make it onto disk the moment the program writes it, change your application to open the file with O_SYNC. Performance will be crap, but that's the tradeoff.

@3vi1

If you really want to make sure the data in on disk, you have to use fsync() or fdatasync(). Even with ext3, if you crash at the wrong time, you will also lose data. So it's not the case with ext4 that "it's going to truncate files every time a non-redundant component dies". It's not every time. If you fdatasync() or fsync() the file, once the system call returns you know it will be safely on disk. With the patches, the blocks will be forcibly allocated in the case where you are replacing an existing file, so if you crash, you'll either get the old version (if the commit didn't make it) or the new version (if the commit did make it). If you really care, you could write a program which runs sync() every 5 seconds, or even every 1 second. Your performance will be completely trashed, but that's the way things break.

Or you can be smart about how you write your application, so you fsync() or fdatasync() at critical points, so you have a good tradeoff between performance and data being reliably written to disk; very often it's not necessarily that data be always written to disk at that very instant; just under the right controlled circumstances.   And if it's too much of a performance hit, then you can be more clever about how you write your application, or you can make your system more redundant.    There's an old saying, "fast", "good", "cheap".   Choose two.     In this particular case, replace "good" with "reliable", and that's the fundamental tradeoff.   With the patches, we are as close as possible to ext3 for the common workloads for crappy desktop applications that like to constantly rewrite hundreds of dotfiles.   Editors like emacs already call fsync()  when the save a file.   And Mail Transfer Agents also call fsync() before they return the SMTP code meaning, "I've got the e-mail, now it's my responsibility".   So most programs do the right thing.   But if you want to make sure every single write is guaranteed to make it onto disk the moment the program writes it, change your application to open the file with O_SYNC.   Performance will be crap, but that's the tradeoff.

Ubuntulinux package

Comment 50 for bug 317781

Ubuntu
linux package