> > > > > I still disagree with this whole patch. There is not reason to let
> > > > > the freeze request timeout - an auto-unfreezing will only confuse the
> > > > > hell out of the caller. The only reason where the current XFS freeze
> > > > > call can hang and this would be theoretically useful is when the
> > > >
> > > > What happens when someone dirties so much data that vm swaps out
> > > > whatever process that frozen the filesystem?
> > >
> > > a) you can't dirty a frozen filesystem - by definition a frozen
> > > filesystem is a *clean filesystem* and *cannot be dirtied*.
> > Can you stop me?
> > mmap("/some/huge_file", MAP_SHARED);
> > then write to memory mapping?
> Sure - we can put a hook in ->page_mkwrite() to prevent it. We
> don't right now because nobody in the real world really cares if one
> half of a concurrent user data change is in the old snapshot or the
> new one......
> > > b) Swap doesn't write through the filesystem
> > > c) you can still read from a frozen filesystem to page your
> > > executable?? in.
> > atime modification should mean dirty data, right?
> Metadata, not data. If that's really a problem (and it never has
> been for XFS because we always allow in memory changes to atime)
> then touch_atime could be easily changed to avoid this...
> > And dirty data mean
> > memory pressure, right?
> If you walk enough inodes while the filesystem is frozen, it
> theoretically could happen. Typically a filesystem is only for a
> few seconds at a time so in the real world this has never, ever been
> a problem.
So we have freezing interface that does not really freeze, and
that can break the system when filesystem is frozen for too long...
Maybe you could use process freezer -- cgroup people are adding
userspace interface to that -- to solve those... but that would mean
stopping everyone but thread doing freezing...