lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090402234617.GB9538@srcf.ucam.org>
Date:	Fri, 3 Apr 2009 00:46:17 +0100
From:	Matthew Garrett <mjg59@...f.ucam.org>
To:	david@...g.hm
Cc:	Theodore Tso <tytso@....edu>, Sitsofe Wheeler <sitsofe@...oo.com>,
	"Andreas T.Auer" <andreas.t.auer_lkml_73537@...us.ath.cx>,
	Alberto Gonzalez <info@...bu.es>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Ext4 and the "30 second window of death"

On Thu, Apr 02, 2009 at 11:44:20AM -0700, david@...g.hm wrote:
> On Thu, 2 Apr 2009, Matthew Garrett wrote:
> >The solution to "fsync() causes disk spinups" isn't "ignore fsync()".
> >It's "ensure that applications only use fsync() when they really need
> >it", which requires us to also be able to say "fsync() should not be
> >required to ensure that events occur in order".
> 
> ignore the issue of order on the local disk for the moment.
> 
> what should an application do to make sure it's data isn't lost?

fsync().

> however, some (many, most??) users would probably be willing to loose a 
> little e-mail to gain a significant increase in battery life on their 
> laptops.

Then they shouldn't use a mail client that fsync()s.

> today they have no choice (other than picking a mail client that doesn't 
> try to protect it's local data)
> 
> with the proposed addition to laptop mode (delaying fsync until the disk 
> is awake), the user (or more precisely the admin) gains the ability to 
> define this trade-off rather than depending on the application developers 
> all doing this right.

No. Ignoring fsync() makes it difficult for an application to 
inappropriately spin up a disk - but it also makes it *impossible* for 
an application to save data that it genuinely needs to. Doing this in 
kernel means that you have no granularity. You ignore the inappropriate 
fsync()s, but you also ignore the ones that are vitally important. I've 
no objection to the kernel supporting this functionality, but it should 
be /proc/sys/vm/fuck-my-data-harder rather than 
/proc/sys/vm/laptop-mode.

Power management is a tradeoff. Sometimes providing correct 
functionality costs more than providing incorrect functionality. In 
general we strive to carry on providing applications the behaviour they 
expect even if it costs us more power - the alternative leads to users 
disabling power management functionality because they can't trust it. 
Throwing data away isn't an acceptable tradeoff for an extra three 
minutes of battery life for most users.

-- 
Matthew Garrett | mjg59@...f.ucam.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ