In message <m1HaAK1-000kmbC@most.weird.com>, "Greg A. Woods" writes:

> > > Then for the real test start over and do it all again, but this time
> > > after "systat bufcache" shows that most of available RAM is used up
> > > for metadata an file data, pull the power plugs.  Then try to clean
> > > up the mess.
> >=20
> > What mess?  My understanding is that with soft updates, the only
> > thing that can possibly happen is that disk space can be lost.
> > The background fsck is for reclaiming this lost space.
> 
> Huh?  I think you missed the point.
> 
> If there are _tens_ of seconds worth of pure _write_ activity still in
> _metadata_ buffers in core when the power plug is pulled then you can
> lose megabytes of _metadata_ alone, never minde the potentially hundreds
> of megabytes of file data from dirty file cache buffers too.

To avoid this you have to use mount -o sync.

> The very concept of delaying metadata writes guarantees less safety,
> regardless of whether they are eventualy done in the correct order or
> not.

For me, the point of softdeps is that it forces the writes to be done
in the correct order, to protect the integrity of the filesystem.
So you are safe from seeing "run fsck manually".  I used to get this,
but I haven't seen it since I switched to softdeps.

If your idea of safety is to never ever have data in memory that hasn't
been written to disk, the best you can do is mount -o sync.