Question about Cyrus, ext3, and Linux kernel 2.4.18 bug

[Michael Fair]

> Data journals are protection against badly written programs. Most people
use
> them to try to get a bit more performance in certain configurations, not
as
> a dataloss protection.

I do not consider programs that do:
1) copy main file to temp
2) modify temp
3) replace main file

"badly written" perhaps it's just a difference of opinion.
Other scenarios that I don't consider "badly written" end
up with files having garbage in them (as you appended to
the end of the file, but the data hasn't been written) or
truncated (you removed some data from the file, and again
the new file data hasn't been written).

If after step 3, but before the data actually makes it to
the disk, the server should crash, then your main file will
end up empty.  While doing an fsync() reduces the window
of opportunity from (at worst) 20 seconds to something
in the milliseconds (unless your server has become I/O
bound and is swapping like crazy under the load and the
liklihood that it is going to crash has just gone up),
the very nature of having a metadata journal without a
data journal (as both Reiser and XFS do) increases the
opportunity for corruption and data loss.

Putting the spool directory in "sync" mode does alleviate
these problems as all data is immediately flushed to disk.
But then this omewhat removes the benefits of having a
journaled FS to begin with.

-- Michael --