LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Dealing with disk I/O problems

[Posted June 21, 2005 by corbet]

Filesystem authors try hard to avoid losing data. Many of them have discovered, the hard way, that failure to return a user's bits in exactly the same condition as when they were entrusted to the filesystem can lead to serious disgruntlement down the road. There are limits to what a filesystem can do, however, when the hardware starts to fail. If a disk drive begins to go bad, or somebody yanks out a hotpluggable device, problems are simply going to happen.

So what should a filesystem do in such a case? The behavior shown by most Linux filesystems (and partially enforced by the VFS layer) is to return an I/O error status (EIO) when things start to fail, then remount the filesystem in a read-only mode in an attempt to avoid any further damage. The end result is that a user-space application might see an EIO error return once - or it might not, since not all in-kernel error codes make it all the way back to user space. After that, the returned error will be EROFS (read-only filesystem), which is not entirely illuminating.

Back in the good old days, we would just look in the system log file to see what was really going on. The new crowd of Linux users would rather not have to do that, however; they expect the system to tell them, politely, that their hardware is on fire and that they are about to deeply regret not having run any backups since sometime last winter. The problem is that the POSIX API is simply not set up to return that sort of detailed error information. Breaking compatibility with POSIX is not an option, so something complicated would have to be done to return error information within the bounds of the current API. Beyond that, however, is the simple fact that the application which is currently beating its head against disk errors might not be the right one to be having a pleasant conversation with the user about those errors.

These issues have led Ted Ts'o to suggest that a different mechanism should be used. Rather than try to shove additional information through the existing API, the kernel should simply report events like disk disasters via an out-of-band mechanism. For example, errors could be reported with the user notification mechanism and fed into DBus for distribution. The user could then be informed of the trouble and given the opportunity to panic in a desktop-specific manner.

There seems to be a high level of agreement that the out-of-band notification is the right way of doing things. All that is needed is for somebody to do the hacking to actually make it happen.

(Log in to post comments)

Dealing with disk I/O problems (and that in a humorous way)

Posted Jun 24, 2005 8:16 UTC (Fri) by dmm (subscriber, #9815) [Link]

Hello,
Ted Tso is a most reasonable person and I couldn't agree more with him, but the reason I'm posting is that I found the article strike good balance between great humor and excellent reporting.
Thanks,
Dejan

Dealing with disk I/O problems

Posted Jun 25, 2005 21:20 UTC (Sat) by tres (guest, #352) [Link]

I'm just wondering what put Jon into such a mood? I've always liked his slightly dry humor but I was actually laughing out loud when I read this one. Very entertaining Jon, keep up the great work.

Best Regards

Dealing with disk I/O problems

Posted Jun 30, 2005 18:13 UTC (Thu) by xorbe (subscriber, #3165) [Link]

Yeah, it should report the problem via an out-out-bounds method, like say, the system log file! Why do we need a second system log on dbus?

System logs

Posted Jul 1, 2005 12:59 UTC (Fri) by ringerc (subscriber, #3071) [Link]

Chances are that if you've ever tried to write a program to parse the system log and notify the user of errors, it'd be fairly obvious why. Doing so is a screaming nightmare.

Having important messages broadcast out over D-Bus could be a really nice feature. Apps could listen only to messages they care about, without having to follow a log that's potentially full of reams of crud. It should be possible to do it much more reliably than tailing syslog, too.

I can see why folks would be concerned about the duplication of functionality, but I tend to see syslog (or at least klog) as a dinosaur that might be in need of a replacement. Preferably a replacement that can still write out syslog, but can also give programs access to the errors in a more useful way. This is one thing the Windows folks have the right idea with IMO - though their own implementation has its (large) fair share of issues, too.

Dealing with disk I/O problems

Posted Jul 6, 2005 18:22 UTC (Wed) by zakaelri (guest, #17928) [Link]

It seems to me that if you are having a problem with a filesystem, it would not always be the best idea to log the request in a file...

I appologize for sounding snippety. I'm spending far too much time on /.

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds