On Sun, Apr 07, 2019 at 01:10:55PM -0500, Eric Sandeen wrote: > On 4/6/19 6:27 PM, Theodore Ts'o wrote: > > On Mon, Apr 01, 2019 at 09:55:19PM -0700, Darrick J. Wong wrote: > >> > >> When Ted is done laughing, I really would like to consider something > >> like this to solve the problem of grub-style bootloaders requiring a > >> lease on the blocks underneath a file with a term exceeding that of the > >> running kernel. > >> > >> We can probably skip the harsh synchronous writes in favor of fsync on > >> close, but we would need to keep the critical component of checkpointing > >> the journal on fsync and syncfs. > > > > At least for ext4, we don't need to add anything new, since FIFREEZE > > force a journal checkpoint. So we could try to get a patch into grub > > which causes update_grub to open each kernel that it finds, and calls > > fsync(2) on it, and then for all file systems where it finds a kernel, > > it can call FIFREEZE and FITHAW on it, and that would be that. > > Certain operating systems have hacked this in. My concern would be when > /boot is on / ... calling FIFREEZE on the root fs would most likely be > a bad thing. Certain operating systems avoid calling FIFREEZE for > /boot-on-root. ;) > > Doing it for a standalone /boot seems like a reasonable (if hacky) > workaround as long as we lack a more targeted quiesce interface... The other problem we noticed is that neither the grub scripts nor the rpm package scripts bother to call fsync on the files they write (or sync after they're done to mop up after everyone else), so I figured as long as I'm ("jokingly") working around it all in kernel space, why not just go all the way? :P Ok, I'll go work on an ioctl or something. --D > -Eric > > > That's not guaranteed to work for all file systems, of course. So the > > right answer may be to define a new IOCTL which causes all file system > > to do whatever log truncation is needed so that grub will do the right > > thing. > > > > - Ted > >