Re: fsync error reporting

[David Holland <dholland-tech%netbsd.org@localhost>]

On Fri, Feb 19, 2021 at 08:33:03AM -0500, Greg Troxel wrote:
 > Maybe I'm way off in space, but I'd like to see us be careful about
 > 
 >   1) operating system has a succcessful return from a write transaction to
 >   a disk controller (perhaps via a controller that has a write-back
 >   cache)
 > 
 >   2) operating system has been told by the controller that the write has
 >   actually completed to stable storage (guaranteed even if OS crashes or
 >   power fails, so actually written or perhaps in battery-backed cache)
 > 
 >   A) for stacked filesystems like raid, cgd, and for things like NFS,
 >   there's basically and e2e ack of the above condition.

Disk controllers don't in general tell you (2); all you can really do
is flush the cache, and sometimes if you tell them to flush the cache
they just ignore it anyway. Not to mention that, consumer-grade SSDs
are likely to turn to swiss cheese on a power failure (regardless of
flushing) if they aren't fully quiescent, and sometimes maybe even
then.

There is not much we can do about this, but we can at least make the
reporting chain as far as the disk controller and back, which is (1),
work reliably.

-- 
David A. Holland
dholland%netbsd.org@localhost