Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4311

Fsync errors are ignored in AtomicFileWritingIdiom

    XMLWordPrintableJSON

Details

    Description

      Class AtomicFileOutputStream has a non-trivial logic in its 'close' method. (code).
      It ensures that data is persistently stored on the disk via 'flush' and 'fsync' to .tmp file, then tries to rename the file. In case of any errors, .tmp file is deleted and exception is thrown.

      AtomicFileWritingIdiom, which is based on AtomicFileOutputStream, only calls 'flush' explicitly. 'close' method is called via IOUtils.closeStream (code).
      But docs says that IOUtils.closeStream ignores IOException, which can happen during fsync. (docs). As a result, in case of fsync errors, .tmp file is deleted, main file is not updated, but zookeeper ignores an exception and assumes that everything is ok.

      AtomicFileWritingIdiom is used in leader election to store 'currentEpoch' and 'acceptedEpoch' files. This bug theoreticly can lead to electing two leaders in one epoch in case of disk failures.

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1706

          Activity

            People

              Unassigned Unassigned
              dimas.kovas Dmitrii Kovalkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 40m
                  2h 40m