UBIFS robustness questions
Adrian Hunter
adrian.hunter at nokia.com
Fri Jul 24 05:24:28 EDT 2009
Hunter Adrian (Nokia-D/Helsinki) wrote:
> Charles Manning wrote:
>> This is probably documented somewhere but I could not find it...
>>
>> What operations in UBIFS are robust to power failure and which are not?
>
> Only sync operations guarantee that changes have reached the flash.
> There are all the usual ways to sync:
> fsync/fdatasync a file/directory
> open a file as synchronous
> mark a file with the sync flag
> sync the filesystem
> mount the file system as synchronous
>
>> I know for example that writing a file into flash does not mean it has been
>> completely written to flash until after a sync, but what about other
>> operations such as mv?
>
> After mv, the containing directory must be sync'd to be sure the change reaches the
> flash. But rename is atomic so there will always be either the old
> naming or the new naming
>
>> The reasonn I'm asking this is that I want to be able to "hot-swap" a
>> directory of files without losing any file state.
>
> Should be no problem if you sync correctly.
>
>> What I'm considerings doing is something like:
>>
>> Start with ~/runtime having a sane set of files
>>
>> untar etc into ~/updated
>> sync
>> mv ~/updated ~/run-time
>> sync
>>
>> What is unacceptable is that, at any time, a power failure/reboot results in
>> ~/runtime having a non-sane set of files.
>>
>> * Does the above sequence look safe?
>
> Yes
Well, safe but not possible. You cannot rename over the top
of a non-empty directory. Sorry I was misleading.
>> * Is the second sync required?
>
> It is required to guarantee that the mv has reached the flash at that
> point in time i.e. power loss before the second sync => same as if mv
> was not done
More information about the linux-mtd
mailing list