From: Goffredo Baroncelli <kreijack@inwind.it>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: "linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Subject: Re: Ongoing Btrfs stability issues
Date: Mon, 12 Mar 2018 22:22:18 +0100 [thread overview]
Message-ID: <3fd8f21b-2e4d-3696-8e92-a20e4dda13ec@inwind.it> (raw)
In-Reply-To: <1520807872.4281.11.camel@scientia.net>
On 03/11/2018 11:37 PM, Christoph Anton Mitterer wrote:
> On Sun, 2018-03-11 at 18:51 +0100, Goffredo Baroncelli wrote:
>>
>> COW is needed to properly checksum the data. Otherwise is not
>> possible to ensure the coherency between data and checksum (however I
>> have to point out that BTRFS fails even in this case [*]).
>> We could rearrange this sentence, saying that: if you want checksum,
>> you need COW...
>
> No,... not really... the meta-data is anyway always CoWed... so if you
> do checksum *and* notdatacow,..., the only thing that could possibly
> happen (in the worst case) is, that data that actually made it
> correctly to the disk is falsely determined bad, as the metadata (i.e.
> the checksums) weren't upgraded correctly.
>
> That however is probably much less likely than the other way round,..
> i.e. bad data went to disk and would be detected with checksuming.
Unfortunately no, the likelihood might be 100%: there are some patterns which trigger this problem quite easily. See The link which I posted in my previous email. There was a program which creates a bad checksum (in COW+DATASUM mode), and the file became unreadable.
>
>
> I had lots of discussions about this here on the list, and no one ever
> brought up a real argument against it... I also had an off-list
> discussion with Chris Mason who IIRC confirmed that it would actually
> work as I imagine it... with the only two problems:
> - good data possibly be marked bad because of bad checksums
> - reads giving back EIO where people would rather prefer bad data
If you cannot know if a checksum is bad or the data is bad, the checksum is not useful at all!
If I read correctly what you wrote, it seems that you consider a "minor issue" the fact that the checksum is not correct. If you accept the possibility that a checksum might be wrong, you wont trust anymore the checksum; so the checksum became not useful.
> (not really sure if this were really his two arguments,... I'd have to
> look it up, so don't nail me down).
>
>
> Long story short:
>
> In any case, I think giving back bad data without EIO is unacceptable.
> If someone really doesn't care (e.g. because he has higher level
> checksumming and possibly even repair) he could still manually disable
> checksumming.
>
> The little chance of having a false positive weights IMO far less that
> have very large amounts of data (DBs, VM images are our typical cases)
> completely unprotected.
Again, you are assuming that the likelihood of having a bad checksum is low. Unfortunately this is not true. There are pattern which exploits this bug with a likelihood=100%.
>
> And not having checksumming with notdatacow breaks any safe raid repair
> (so in that case "repair" may even overwrite good data),... which is
> IMO also unacceptable.
> And the typical use cases for nodatacow (VMs, DBs) are in turn not so
> uncommon to want RAID.
>
>
> I really like btrfs,... and it's not that other fs (which typically
> have no checksumming at all) would perform better here... but not
> having it for these major use case is a big disappointment for me.
>
>
> Cheers,
> Chris.
>
--
gpg @keyserver.linux.it: Goffredo Baroncelli <kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5
next prev parent reply other threads:[~2018-03-12 21:22 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 16:18 Ongoing Btrfs stability issues Alex Adriaanse
2018-02-15 18:00 ` Nikolay Borisov
2018-02-15 19:41 ` Alex Adriaanse
2018-02-15 20:42 ` Nikolay Borisov
2018-02-16 4:54 ` Alex Adriaanse
2018-02-16 7:40 ` Nikolay Borisov
2018-02-16 19:44 ` Austin S. Hemmelgarn
2018-02-17 3:03 ` Duncan
2018-02-17 4:34 ` Shehbaz Jaffer
2018-02-17 15:18 ` Hans van Kranenburg
2018-02-17 16:42 ` Shehbaz Jaffer
2018-03-01 19:04 ` Alex Adriaanse
2018-03-01 19:40 ` Nikolay Borisov
2018-03-02 17:29 ` Liu Bo
2018-03-08 17:40 ` Alex Adriaanse
2018-03-09 9:54 ` Nikolay Borisov
2018-03-09 19:05 ` Alex Adriaanse
2018-03-10 12:04 ` Nikolay Borisov
2018-03-10 14:29 ` Christoph Anton Mitterer
2018-03-11 17:51 ` Goffredo Baroncelli
2018-03-11 22:37 ` Christoph Anton Mitterer
2018-03-12 21:22 ` Goffredo Baroncelli [this message]
2018-03-12 21:48 ` Christoph Anton Mitterer
2018-03-13 19:36 ` Goffredo Baroncelli
2018-03-13 20:10 ` Christoph Anton Mitterer
2018-03-14 12:02 ` Austin S. Hemmelgarn
2018-03-14 18:39 ` Goffredo Baroncelli
2018-03-14 19:27 ` Austin S. Hemmelgarn
2018-03-14 22:17 ` Goffredo Baroncelli
2018-03-13 13:47 ` Patrik Lundquist
2018-03-02 4:02 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3fd8f21b-2e4d-3696-8e92-a20e4dda13ec@inwind.it \
--to=kreijack@inwind.it \
--cc=calestyo@scientia.net \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).