Conversation

Rich Felker
@RichFelker
The feature is called auto_da_alloc, and the documented purpose is correct - ensuring that, *if* the rename is seen after async power failure, the data in the new file is also seen. But then it goes and does more...
1
1
Rich Felker
@RichFelker
...which is wrong. It makes the whole rename syscall sleep until the data is committed, as if it were rename+fsync. Which makes sense if you cared about the data, but then you would have called fsync yourself!
2
1
mik
@mik235
Replying to
@RichFelker
So the ultimate desired behaviour would be: - Once rename() returns, new is replaced with old for the running system (in-memory) - Some time after rename() is called, new is fsynced then replaces old on disk (if a restart happens) The in-between time sounds scary to me?
2
Daniel Micay
@DanielMicay
Replying to
@mik235
and
@RichFelker
No, to do a transaction safely, you need to fsync the file to commit the data to storage, rename it and then fsync the containing directory to commit the transaction. By covering up the problem, ext4 is hurting performance while the bugs in software are still present and serious.
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@mik235
and
@RichFelker
Not every use of a rename pattern like this cares about having a fully atomic transaction. It's nasty to have detection of common patterns in the kernel with workarounds. It reminds me of the Windows approach to compatibility. There are some other nasty hacks like this in Linux.
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
@mik235
and
@RichFelker
The hack often doesn't solve the issue because it only works for a single file and programs doing this wrong often need to commit a transaction across multiple files. The way to do that correctly a symlink to a directory and renaming the symlink to a new (committed) directory.
1
Show replies