On 09/11/2023 15:46, Christoph Hellwig wrote:
On Thu, Nov 09, 2023 at 03:42:40PM +0000, Matthew Wilcox wrote:
That wasn't the model we had in mind. In our thinking, it was fine to
send a write that crossed the atomic write limit, but the drive wouldn't
guarantee that it was atomic except at the atomic write boundary.
Eg with an AWUN of 16kB, you could send five 16kB writes, combine them
into a single 80kB write, and if the power failed midway through, the
drive would guarantee that it had written 0, 16kB, 32kB, 48kB, 64kB or
all 80kB. Not necessarily in order; it might have written bytes 16-32kB,
64-80kB and not the other three.
I didn't think that there are any atomic write guarantees at all if we
ever exceed AWUN or AWUPF or cross the atomic write boundary (if any).
I can see some use for that, but I'm really worried that debugging
problems in the I/O merging and splitting will be absolute hell.
Even if bios were merged for NVMe the total request length still should
not exceed AWUPF. However a check can be added to ensure this for a
submitted atomic write request.
As for splitting, it is not permitted for atomic writes and only a
single bio is permitted to be created per write. Are more integrity
checks required?
Thanks,
John