Re: Revoking filesystems [was Re: Sysfs attributes racing withunregistration]

[Alan Stern]

On Thu, 5 Jan 2012, Eric W. Biederman wrote:

> > Ummm.... I could be missing something but filesystems need to be able
> > to deal with partial device failures (ie. some block can't be read)
> > and hot-unplug or handling full failure is a logical extension of
> > that.  That's how it already works, so I don't really think that is a
> > particularly good application for the revoke mechanism.
> 
> Well the choices are really:
> a) On a block device hotunplug keep the device and have it simply report
>    everything as errors, to the filesystem.  Maybe with a hint to the
>    filesystem that something is wrong.
> b) Have a filesystem revoke method so that we don't have to keep the
>    unplugged block device structure around indefinitely.

When I asked Ted about this, he strongly indicated that he preferred 
b).

> It seems clear that we are neither doing (a) or (b) which results in
> periodic and spectacular failures when block devices are unplugged,
> because we try and access block devices that no longer exist.

Actually we are doing a).  But we aren't doing it well enough.

One problem (which was reported by a user last spring) is that
del_gendisk() calls device_del() for the disk and bdi_unregister() for
the disk's backing_dev_info structure.  Now, del_gendisk will leave the
data structure in memory until the disk's refcount drops to 0, but
bdi_unregister ignores refcounts and simply erases the bdi->dev
pointer.  Once this happens, any attempt to call mark_buffer_dirty()
(for example, by ext4_commit_super) will cause an oops.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/