>> The only part that really needs to be atomic is the metadata update. That's not usually a problem so long as your on-disk inodes, or at least those fields relating to top-level data block allocation, fit within one physical sector:
> They don't and that's not how atomicity is guaranteed. Atomicity is guaranteed via the journal.
I can only assume you have a particular filesystem in mind. It is possible to arrange for inodes (or at least the data block portions) to fit within one sector, and to have atomic metadata updates without a journal. If you have a journal, great; atomic updates shouldn't be a problem. However, this system can also be retrofitted onto filesystem which do not support journals.
>> This does assume _complete_ replacement, i.e. O_ATOMIC implies O_TRUNC.
> Not really, actually. You merely have to ensure that the old state / blocks remain valid, so you have to do all writes to new blocks.
True, if you want to implement full copy-on-write semantics. I was going for a simpler approach which can be implemented by almost any filesystem with no on-disk structure changes.