bug#22768: Crash safety

bug-gzip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22768: Crash safety

From:	Antonio Diaz Diaz
Subject:	bug#22768: Crash safety
Date:	Mon, 29 Feb 2016 18:12:51 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.8.1.4) Gecko/20070601 SeaMonkey/1.1.2

Paul Eggert wrote:

Feature creep is something we should avoid. Here, though, it's a realpain to synchronize correctly and many people will get it wrong.

The problem is that it is impossible to get it right unless one doessomething as extreme as unmounting-then-remounting the filesystem, oreven making a backup copy on a removable device and then verifying thecopy on a different computer.

Sure, as some file systems do not support fsync. Still, gzip should dowhat it can.

I am not so sure. There seems to be an arms race between tools that dowhat they can and ways of preventing those tools from doing it. Justsearch for "disable fsync".

Even if invoked optionally, all this complication to perhaps achievenothing but a false sense of safety goes against my KISS philosophy.

Imagine if some backup tool begins calling 'gzip --synchronous', andusers are forced to install libeatmydata to disable it.

it may become an endless source of bug reports.
I doubt it. gzip has run unsafely for decades, and this is the firstbug report about it -- one discovered by code inspection, not by actualfailure.

Publish or perish may be the cause of such an endless source of bugreports. The next one might be titled "On why 'gzip --synchronous' doesnot work on some filesystems".

(fsyncing also the destination's directory,


Yes, that needs fixing.  Done in the patches I just now emailed to you.

Thanks. But I was not asking for a fix. Just pointing out what othersmight ask.

True, fsync is a bad design. But that is no excuse for gzip losing data.

As I see it, it is not gzip the one losing the data, but the filesystemthat does not respect the write order, or even the user that chose suchfilesystem (perhaps because of a good reason).

1) gzip --keep file     # don't delete input
2) sync                 # commit output and directory to disk
3) zcmp file file.gz    # verify output
4) rm file              # then remove input
That approach does not suffice, because 'sync' does not guarantee thatthe output data has been synchronized to disk.

I know, but how can you guarantee that 'gzip --synchronous' will work ona system where the 'sync' above does not even guarantee that 'file.gz'is written to disk before 'file' is deleted?

I still think that the right thing to do is to not implement any kind offsync functionality in gzip/lzip, and achieve permanence (when it isneeded) by some other means. As you said, gzip has run unsafely fordecades without a failure.



Best regards,
Antonio.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#22768: Crash safety, (continued)
- bug#22768: Crash safety, Paul Eggert, 2016/02/23
  - bug#22768: Crash safety, Antonio Diaz Diaz, 2016/02/26
    - bug#22768: Crash safety, Paul Eggert, 2016/02/26
    - bug#22768: Crash safety, Antonio Diaz Diaz, 2016/02/26
    - bug#22768: Crash safety, Paul Eggert, 2016/02/26
    - bug#22768: Crash safety, Antonio Diaz Diaz, 2016/02/26
    - bug#22768: Crash safety, Antonio Diaz Diaz, 2016/02/26
    - bug#22768: Crash safety, Bob Proulx, 2016/02/26
    - bug#22768: Crash safety, Antonio Diaz Diaz, 2016/02/27
    - bug#22768: Crash safety, Paul Eggert, 2016/02/28
    - bug#22768: Crash safety, Antonio Diaz Diaz <=
    - bug#22768: Crash safety, Paul Eggert, 2016/02/29
    - bug#22768: Crash safety, Paul Eggert, 2016/02/28

Prev by Date: bug#22852: gzip-1.7 release coming soon
Next by Date: bug#22768: Crash safety
Previous by thread: bug#22768: Crash safety
Next by thread: bug#22768: Crash safety
Index(es):
- Date
- Thread