|
|
|
|
|
|
by vaurora
4273 days ago
|
|
|
It was safe to rename() a file and expect the data it contained after crash to either be (1) the data before the rename(), (2) the data after the rename(). What changing the ext4 default logging mode to "data=writeback" did is add two more options, (3) nothing (0 bytes), and (4) whatever random garbage it found on disk, potentially including a copy of /etc/shadow. No-one misread the docs, the behavior changed. But hey, if you're angling to be hired by a YC-funded storage startup, this is certainly a post. |
|
|
I write this without a hint of snarkiness or ill will. Please keep this fact in mind as you read on.
If you read the message by Lortie [0] that Ts'o responded to [1] you find that Lortie was specifically talking about the guarantees made by ext4 in regards to rename behavior. In that message Lortie says "[the documentation of ext4 in Documentation/filesystems/ext4.txt] says to me "replace by rename is guaranteed safe in modern ext4, under default mount options"." Ts'o opens his message with "It's not _guaranteed_ safe."
I understand that people are frustrated about ext4's default options. In the referenced exchange, neither Lortie nor Ts'o were talking about the merits of the differences between the rename robustness guarantees of ext4 and other filesystems. Lortie was double-checking his understanding of the documentation of the guarantees that ext4 provides with its default options. Ts'o was correcting Lortie's misunderstanding of that documentation.
[0] http://www.spinics.net/lists/linux-ext4/msg38774.html
[1] http://www.spinics.net/lists/linux-ext4/msg38778.html