| 1 |
On Wed, Aug 31, 2016 at 10:33 AM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> On Wednesday, August 31, 2016 12:12:15 AM Volker Armin Hemmann wrote: |
| 3 |
>> Am 30.08.2016 um 23:59 schrieb Rich Freeman: |
| 4 |
>> > |
| 5 |
>> > That depends on the mode of operation. In journal=data I believe |
| 6 |
>> > everything gets written twice, which should make it fairly immune to |
| 7 |
>> > most forms of corruption. |
| 8 |
>> |
| 9 |
>> nope. Crash at the wrong time, data gone. FS hopefully sane. |
| 10 |
> |
| 11 |
> In data=journal mode, the contents of files pass through the journal as well, |
| 12 |
> ensuring that, at least as far as the filesystem's responsibility is concerned, |
| 13 |
> the data will be intact in the event of a crash. |
| 14 |
> |
| 15 |
|
| 16 |
Correct. As with any other sane filesystem if you're using |
| 17 |
data=journal mode with ext4 then your filesystem will always reflect |
| 18 |
the state of data and metadata on a transaction boundary. |
| 19 |
|
| 20 |
If you write something to disk and pull the power after fsck the disk |
| 21 |
will either contain the contents of your files before you did the |
| 22 |
write, or after the write was completed, and never anything |
| 23 |
in-between. |
| 24 |
|
| 25 |
This is barring silent corruption, which ext4 does not protect against. |
| 26 |
|
| 27 |
> Now, I can still think of ways you can lose data in data=journal mode: |
| 28 |
|
| 29 |
Agree, though all of those concerns apply to any filesystem. If you |
| 30 |
unplug an unmounted device, or pull the power when writes are pending, |
| 31 |
or never hit save, or whatever, then your data won't end up on disk. |
| 32 |
Now, a good filesystem should ensure that the data which is on disk is |
| 33 |
completely consistent. That is, you won't get half of a write, just |
| 34 |
all or nothing. |
| 35 |
|
| 36 |
>> >> If you want an fs that cares about your data: zfs. |
| 37 |
>> > |
| 38 |
>> > I won't argue that the COW filesystems have better data security |
| 39 |
>> > features. It will be nice when they're stable in the main kernel. |
| 40 |
>> |
| 41 |
>> it is not so much about cow, but integrity checks all the way from the |
| 42 |
>> moment the cpu spends some cycles on it. |
| 43 |
|
| 44 |
What COW does get you is the security of data=journal without the |
| 45 |
additional cost of writing it twice. Since data is not overwritten in |
| 46 |
place you ensure that on an fsck the system can either roll the write |
| 47 |
completely forwards or backwards. |
| 48 |
|
| 49 |
With data=ordered on ext4 there is always the risk of a |
| 50 |
half-overwritten file if you are overwriting in place. |
| 51 |
|
| 52 |
But I agree that many of the zfs/btrfs data integrity features could |
| 53 |
be implemented on a non-cow filesystem. Maybe ext5 will have some of |
| 54 |
them, though I'm not sure how much work is going into that vs just |
| 55 |
fixing btrfs, or begging Oracle to re-license zfs. |
| 56 |
|
| 57 |
>> Caught some silent file |
| 58 |
>> corruptions that way. Switched to ECC ram and never saw them again. |
| 59 |
> |
| 60 |
> In-memory corruption of a data is a universal hazard. ECC should be the norm, |
| 61 |
> not the exception, honestly. |
| 62 |
> |
| 63 |
|
| 64 |
Couldn't agree more here. The hardware vendors aren't helping here |
| 65 |
though, in their quest to try to make more money from those sensitive |
| 66 |
to such things. I believe Intel disables ECC on anything less than an |
| 67 |
i7. As I understand it most of the mainline AMD offerings support it |
| 68 |
(basically anything over $80 or so), but it isn't clear to me what |
| 69 |
motherboard support is required and the vendors almost never make a |
| 70 |
mention of it on anything reasonably-priced. |
| 71 |
|
| 72 |
If your RAM gets hosed than any filesystem is going to store bad data |
| 73 |
or metadata for a multitude of reasons. The typical x86+ arch wasn't |
| 74 |
designed to handle hardware failures around anything associated with |
| 75 |
cpu/ram. |
| 76 |
|
| 77 |
The ZFS folks tend to make a really big deal out of ECC, but as far as |
| 78 |
I'm aware it isn't any more important for ZFS than anything else. I |
| 79 |
think ZFS just tends to draw people really concerned with data |
| 80 |
integrity, and once you've controlled everything that happens after |
| 81 |
the data gets sent to the hard drive you tend to start thinking about |
| 82 |
what happens to it beforehand. I had to completely reinstall a |
| 83 |
windows system not long ago due to memory failure and drive |
| 84 |
corruption. Wasn't that big a deal since I don't keep anything on a |
| 85 |
windows box that isn't disposable, or backed up to something else. |
| 86 |
|
| 87 |
-- |
| 88 |
Rich |
Archives