Subject: Re: Misc things on pre1.1
To: Kevin P. Neal <>
From: Don Lewis <>
List: current-users
Date: 11/22/1995 21:00:20
On Nov 22,  7:01pm, "Kevin P. Neal" wrote:
} Subject: Re: Misc things on pre1.1
} A real working lfs would be cool. Then again, a jfs would also be cool. 
} I've seen so many people go up to an RS/6000 and just cut it off. Then 
} they wonder why I have this pained look on my face. 

I see two types of damage when power fails on our news server.  One is
a whole crop of zero length article files because their pages haven't
been flushed from the buffer cache to the disk and their inodes updated
with their correct length.  The second is truncation of the history
file (records missing at the end, and the last record in the file is
incomplete).  The latter is quite likely due to the last block of
the file still in INN's stdio buffer, and isn't fixable by jfs.

} Here's a question: How can I implement an atomic system for CVS that will 
} be able to restart an operation even if the system goes down in the 
} middle. If the filesystem goes foom, and one of my files goes away in the 
} middle of the transaction, what can I do? Just assume that this will not 
} happen? What? If an important file goes away, then the ability to back 
} out of the halfway transaction will be destroyed. So how can I *ensure* 
} the correctness of the filesystem? Can I make sync() calls *extremely* 
} often? What?

Sync() won't help, since it only schedules the bits to be written to
disk.  What you should do write all data to a temporary file, and fsync()
each file before close().  The fsync() call will not return until all
the data is safely on the disk.  Don't forget to fflush() first if you're
using stdio.  After the file is closed, rename() the file to it's real name.
Depending on the order rename() does it's stuff, there might be a small
window where the directory entry for the target file doesn't exist (though
I can't think of any reason that it's not possible to implement this safely),
but at least the data is on the disk and should be recoverable under the
temporary name or at worst fsck should put it in lost+found.  If you're
really paranoid, you could wrap the rename() in your own transaction log,
and redo it if there is a crash in the middle.

			---  Truck