xfs
[Top] [All Lists]

Re: Which FileSystem do you use on your postfix server?

To: Dave Chinner <david@xxxxxxxxxxxxx>
Subject: Re: Which FileSystem do you use on your postfix server?
From: wietse@xxxxxxxxxxxxx (Wietse Venema)
Date: Fri, 31 Oct 2008 18:56:15 -0400 (EDT)
Cc: Wietse Venema <wietse@xxxxxxxxxxxxx>, Eric Sandeen <sandeen@xxxxxxxxxxx>, Justin Piszcz <jpiszcz@xxxxxxxxxxxxxxx>, Postfix users <postfix-users@xxxxxxxxxxx>, xfs@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=porcupine.org; s=dktest; t=1225493775; bh=6C0EQML8KXt8HPbelvy83KZtemNyEbfx7mbtLWQk FxY=; h=Subject:In-Reply-To:To:Date:CC:X-Time-Zone:X-Mailer: MIME-Version:Content-Transfer-Encoding:Content-Type:Message-Id: From; b=imOV/Eo/MDPN+fMOrtJXuNxcZz0YghJ5U1f78sd8AKpfo9rDtfO1EOYoGK MY70L00zdvxUUGFNTVQPm+onJHmmDcV0BrFenLs3chKlwcAlslZRZFt2YYU0/OGpS6/ O9PR6r3e9y9sqO2qw438cdCgVvDsMdylCNytsYDdvwOGFA=
In-reply-to: <20081031221817.GD19509@disturbed> "from Dave Chinner at Nov 1, 2008 09:18:17 am"
Dave Chinner:
> On Fri, Oct 31, 2008 at 11:37:58AM -0400, Wietse Venema wrote:
> > Eric Sandeen:
> > > > This
> > > > would violate a basic requirement of Postfix (don't lose data after
> > > > fsync).  Postfix updates existing files all the time: it updates
> > > > queue files as it marks recipients as done, and it updates mailbox
> > > > files as it appends mail.
> > > 
> > > As long as postfix is looking after data properly with fsyncs etc, xfs
> > > should be perfectly safe w.r.t. data integrity on a crash.  If you see
> > > any other behavior, it's a *bug* which should be reported, and I'm sure
> > > it would be fixed.  As far as I know, though, there is no issue here.
> > 
> > The specific question is, will unclean shutdown cause loss of data
> > that was already fsynced,
> 
> No.
> 
> > when the file was updated after the fsync.
> 
> and no.
> 
> XFS guarantees that you won't lose anything you fsync()d. You might
> lose what you wrote after the fsync()), though, because you haven't
> fsync()d it. Obvious, yes?

This is how I hoped any reasonable implementation would work. The
stories about null files made me wonder if there was something
unusual about XFS that I should be aware of.

> > For example, if the on-disk file metadata is updated after the file
> > data is appended, then there is no need to have a zero-fill problem
> > after crash during append.
> 
> In case you didn't read Eric's response - that's exactly how we
> fixed XFS to prevent this problem. And please stop propagating
> this erroneous "zero-fill" meme - Eric addressed how wrong that
> FUD is as well.

Just confirming a specific case that I care about.

Here's something I would like to know regarding the order of
directory updates:

- Does fsync(file) guarantee the file's directory entry is safe?
Some file systems complete directory updates before the open/link/rename
system call returns, so fsync() doesn't have to worry about it.

- Does rename() guarantee that at least one directory entry will
exist even when the system crashes in the middle of the operation?

Postfix assumes both answers are "yes"; old ext2fs violated both
assumptions.

> > What if the crash happens after Postfix requests a 1-byte write in
> > the middle of a file, i.e. without changing the size?  A
> > reasonable implementation would not corrupt the file, but would
> > either update the file data or not change it. I can deal with
> > that.
> 
> That is exactly how XFS has always behaved for non-extending data
> overwrite. i.e. Exactly the same pretty much every filesystem that
> has ever existed.

Good. Thanks for confirming that XFS is not unusual.

        Wietse

<Prev in Thread] Current Thread [Next in Thread>