1LIBPMEM2_UNSAFE_SHUTDOWN(7)PMDK Programmer's ManualLIBPMEM2_UNSAFE_SHUTDOWN(7)
2
6 libpmem2_unsafe_shutdown - libpmem2 unsafe shutdown
7
9 In systems with the persistent memory support, a power-fail protected
10 domain covers a set of resources from which the platform will flush da‐
11 ta to the persistent medium in case of a power-failure. Data stored on
12 the persistent medium is preserved across power cycles.
13 The hardware guarantees the feature to flush all data stored in the
15 power-fail protected domain to the persistent medium. However, nothing
16 is infallible, and Persistent Memory hardware can expose a monotonical‐
17 ly increasing unsafe shutdown counter (USC) that is incremented every
18 time a failure of the mechanism above is detected. This allows soft‐
19 ware to discover situations where a running application was interrupted
20 by a power failure that led to an unsafe shutdown. Undiscovered unsafe
21 shutdowns might cause silent data corruption.
22 Note: The unsafe shutdown may corrupt data stored on a device,
24 in a file, in a set of files, and a mapping spanning only a part
25 of a file. For the sake of simplicity, all of the above cases
26 will be called file below.
27
29 Software can detect an unsafe shutdown by watching for the change be‐
30 tween unsafe shutdown count value across application startups. Any
31 changes can be indicative of unsafe shutdown occurrence.
32 Applications can implement a detection mechanism by storing the USC re‐
34 trieved from pmem2_source_device_usc(3) in Persistent Memory. Then, on
35 subsequent startups, the stored value must be compared with a newly re‐
36 trieved one.
37 However, this detection method can result in false-positives. Moving
39 the file to different Persistent Memory devices with possibly different
40 USC values would lead to false unsafe shutdown detection.
41 Additionally, relying on USC value alone could result in the detection
43 of unsafe shutdown events that occur when such a shutdown has no chance
44 of impacting the data used by the application, e.g., when nothing is
45 actively using the file.
46 Applications can avoid false-positives associated with moving the file
48 by storing device identification, obtained through pmem2_source_de‐
49 vice_id(3), alongside the USC. This enables the software to check if
50 the underlying device has changed, and reinitialize the stored USC in
51 such cases.
52 The second behavior, detection of possibly irrelevant unsafe shutdown
54 events, if undesirable, can be prevented by storing a flag indicating
55 whether the file is in use, alongside all the rest of the relevant in‐
56 formation.
57 The application should use pmem2_deep_flush(3) when storing any data
59 related to unsafe shutdown detection for higher reliability. This
60 helps ensure that the detection mechanism is not reliant on the correct
61 functioning of the same hardware features it is designed to safeguard.
62 General-purpose software should not assume the presence of USC on the
64 platform, and should instead appropriately handle any PMEM2_E_NOSUPP it
65 encounters. Doing otherwise might cause the software to be unnecessar‐
66 ily restrictive about the hardware it supports and would prevent, e.g.,
67 testing on emulated PMEM.
68
70 pmem2_deep_flush(3), pmem2_persist_fn(3), pmem2_source_device_id(3),
71 pmem2_source_device_usc(3) and <https://pmem.io>
72PMDK - pmem2 API version 1.0 2022-08-25 LIBPMEM2_UNSAFE_SHUTDOWN(7)