1 |
On Wed, Aug 31, 2016 at 10:33 AM, Michael Mol <mikemol@×××××.com> wrote: |
2 |
> On Wednesday, August 31, 2016 12:12:15 AM Volker Armin Hemmann wrote: |
3 |
>> Am 30.08.2016 um 23:59 schrieb Rich Freeman: |
4 |
>> > |
5 |
>> > That depends on the mode of operation. In journal=data I believe |
6 |
>> > everything gets written twice, which should make it fairly immune to |
7 |
>> > most forms of corruption. |
8 |
>> |
9 |
>> nope. Crash at the wrong time, data gone. FS hopefully sane. |
10 |
> |
11 |
> In data=journal mode, the contents of files pass through the journal as well, |
12 |
> ensuring that, at least as far as the filesystem's responsibility is concerned, |
13 |
> the data will be intact in the event of a crash. |
14 |
> |
15 |
|
16 |
Correct. As with any other sane filesystem if you're using |
17 |
data=journal mode with ext4 then your filesystem will always reflect |
18 |
the state of data and metadata on a transaction boundary. |
19 |
|
20 |
If you write something to disk and pull the power after fsck the disk |
21 |
will either contain the contents of your files before you did the |
22 |
write, or after the write was completed, and never anything |
23 |
in-between. |
24 |
|
25 |
This is barring silent corruption, which ext4 does not protect against. |
26 |
|
27 |
> Now, I can still think of ways you can lose data in data=journal mode: |
28 |
|
29 |
Agree, though all of those concerns apply to any filesystem. If you |
30 |
unplug an unmounted device, or pull the power when writes are pending, |
31 |
or never hit save, or whatever, then your data won't end up on disk. |
32 |
Now, a good filesystem should ensure that the data which is on disk is |
33 |
completely consistent. That is, you won't get half of a write, just |
34 |
all or nothing. |
35 |
|
36 |
>> >> If you want an fs that cares about your data: zfs. |
37 |
>> > |
38 |
>> > I won't argue that the COW filesystems have better data security |
39 |
>> > features. It will be nice when they're stable in the main kernel. |
40 |
>> |
41 |
>> it is not so much about cow, but integrity checks all the way from the |
42 |
>> moment the cpu spends some cycles on it. |
43 |
|
44 |
What COW does get you is the security of data=journal without the |
45 |
additional cost of writing it twice. Since data is not overwritten in |
46 |
place you ensure that on an fsck the system can either roll the write |
47 |
completely forwards or backwards. |
48 |
|
49 |
With data=ordered on ext4 there is always the risk of a |
50 |
half-overwritten file if you are overwriting in place. |
51 |
|
52 |
But I agree that many of the zfs/btrfs data integrity features could |
53 |
be implemented on a non-cow filesystem. Maybe ext5 will have some of |
54 |
them, though I'm not sure how much work is going into that vs just |
55 |
fixing btrfs, or begging Oracle to re-license zfs. |
56 |
|
57 |
>> Caught some silent file |
58 |
>> corruptions that way. Switched to ECC ram and never saw them again. |
59 |
> |
60 |
> In-memory corruption of a data is a universal hazard. ECC should be the norm, |
61 |
> not the exception, honestly. |
62 |
> |
63 |
|
64 |
Couldn't agree more here. The hardware vendors aren't helping here |
65 |
though, in their quest to try to make more money from those sensitive |
66 |
to such things. I believe Intel disables ECC on anything less than an |
67 |
i7. As I understand it most of the mainline AMD offerings support it |
68 |
(basically anything over $80 or so), but it isn't clear to me what |
69 |
motherboard support is required and the vendors almost never make a |
70 |
mention of it on anything reasonably-priced. |
71 |
|
72 |
If your RAM gets hosed than any filesystem is going to store bad data |
73 |
or metadata for a multitude of reasons. The typical x86+ arch wasn't |
74 |
designed to handle hardware failures around anything associated with |
75 |
cpu/ram. |
76 |
|
77 |
The ZFS folks tend to make a really big deal out of ECC, but as far as |
78 |
I'm aware it isn't any more important for ZFS than anything else. I |
79 |
think ZFS just tends to draw people really concerned with data |
80 |
integrity, and once you've controlled everything that happens after |
81 |
the data gets sent to the hard drive you tend to start thinking about |
82 |
what happens to it beforehand. I had to completely reinstall a |
83 |
windows system not long ago due to memory failure and drive |
84 |
corruption. Wasn't that big a deal since I don't keep anything on a |
85 |
windows box that isn't disposable, or backed up to something else. |
86 |
|
87 |
-- |
88 |
Rich |