<tt><font size=2>> From: Frederick Grose <fgrose@gmail.com></font></tt>
<br><tt><font size=2>> On Wed, Mar 6, 2013 at 3:59 PM, <John.Florian@dart.biz>
wrote:</font></tt>
<br><tt><font size=2><snip></font></tt>
<br><tt><font size=2>> root@aos-61:46 # # Lets now make it all go wonky:
<br>
> root@aos-61:46 # time dd if=/dev/zero of=/foo <br>
> Bus error <br>
> <br>
> real 1m15.775s <br>
> user 0m2.818s <br>
> sys 0m24.129s <br>
> root@aos-61:46 # <br>
> root@aos-61:46 # ls /root <br>
> -bash: /bin/ls: Input/output error <br>
> root@aos-61:46 # df -h <br>
> -bash: /usr/bin/df: Input/output error
<br>
>
<br>
> root@aos-61:46 # mount
<br>
>
<br>
> -bash: /usr/bin/mount: Input/output error
<br>
>
<br>
> root@aos-61:46 # cat /proc/meminfo
<br>
>
<br>
> -bash: /usr/bin/cat: Input/output error
<br>
>
<br>
> <br>
> Is this expected? Is there anything I can do, e.g., configuration-<br>
> wise, that can prevent this? Ideally this would fail much like
any <br>
> other full disk situation. I understand that the overlay consumes
<br>
> space, i.e., memory, for this file growth, including file removals,
<br>
> but I'd at least like to be able to remotely reboot a system when
in<br>
> this state, however I can't even do that because the reboot command
<br>
> will either return the same I/O error or it may succeed but get the
<br>
> I/O error when systemd tries to read /usr/lib/systemd/system/reboot.target.
<br>
> <br>
> I dug around in bugzilla, but found nothing there. I can file
a <br>
> bug, but which package is likely at fault here?<br>
> --<br>
> John Florian</font></tt>
<br><tt><font size=2>> <br>
> See https://fedoraproject.org/wiki/LiveOS_image for some
background <br>
> and potential workarounds.</font></tt>
<br><tt><font size=2>> <br>
> --Fred --</font></tt>
<br>
<br>
<br><tt><font size=2>There's really not much on that page that helps me
here. I'm trying to use Live images for a mostly-stateless embedded
appliance OS deployed to hundreds or thousands of devices. I realize
that the COW design is always going to be limited, but a more graceful
failure mode is really needed, somehow. For our use, the biggest
gain in stability here actually comes from systemd's journal with its trim-before-write
approach instead of the legacy write now, trim asynchronously approach
we used to have. However, that only covers one specific use case:
logging. Writing to proper persistent storage allows me to avoid
the root file system overlay, but most of these embedded devices use CF
or SD cards for storage, which have limited write cycles that must be respected.</font></tt>
<br>
<br><tt><font size=2>Is there a way to implement an artificial capacity
limit that would prevent processes from exhausting the overlay so that
the reserve might be used for recording the event and rebooting back to
a safer state?</font></tt>
<br>
<br><tt><font size=2>At the very least, I think this page could benefit
from a little stronger, more explicit wording of this failure case. While
it talks a little about some work-arounds, it actually says very little
about why they are needed. Only in the "Overlay Recovery"
section does it hint at the crash potential.</font></tt>
<br><font size=2 face="sans-serif"><br>
--<br>
John Florian</font>
<br>