Hi Ken,
----- Original Message -----
> [..]
> 1. temporary files are in the same directory as the input archive, so
> renaming does not imply any copying, just directory updates
>
> 2. the input archive is never overwritten
>
> 3. the input archive files is maintained via hard links (using a second set
> of temporary names) throughout and any error causes the old names to be
> reinstated
>
There is a metadata vs data ordering assumption, I believe. We need to fsync
the newly created data files before the rename otherwise we could end up with
empty files on-disk - or files-filled-with-zeroes depending on the filesystem
implementation (in this case: directory metadata IO & new file inode metadata
IO completes up to the open(O_CREAT), but no data writes/allocation happen).
> Feedback from others would be welcome, but I think the concerns raised at the
> meeting are not substantiated by the code.
I suspect I obfuscated the matter by incorrectly thinking that the temporary
file creation was happening in some other TMPDIR - I was totally wrong there,
as your audit found - apologies for the misunderstanding!
cheers.
--
Nathan
|