David Carter dpc22 at
Tue Dec 11 05:34:13 EST 2007

On Fri, 7 Dec 2007, Janne Peltonen wrote:

>> If you feel that your filesystem/buffercache will do a good job at
>> writing things out to disk, and you've got battery-backed cache on
>> your storage, you should be relatively well off.
> But if I were to turn skiplist_unsafe on, and the OS crashed - or, say, 
> the cluster system forcibly unmounted my Cyrus spool and config 
> filesystems - wouldn't that result in horribly unrecoverable databases 
> all over the place? (I have everything in skiplist, except quota and 
> subscriptions.)

It is easy enough to find out.

Take an fsync() test rig such as Brad Fitzpatrick's and 
comment out the fsync()s. If the disk checker moans, then updates have 
been lost in buffer cache. Under Linux this is only safe if the filesystem 
is mounted with the "sync" option, even with data=journal.

Part of the point of fsync() is to make sure updates hit nonvolatile 
storage in the correct order. A specific example: skiplist commit records 
are written after an fsync(), immediately followed by another fsync() 
before the write lock is released. If writes get reordered before they hit 
disk, then there is a good chance that the database will become corrupt.

David Carter                             Email: David.Carter at
University Computing Service,            Phone: (01223) 334502
New Museums Site, Pembroke Street,       Fax:   (01223) 334679
Cambridge UK. CB2 3QH.

More information about the Info-cyrus mailing list