From: Theodore Tso <tytso@mit.edu>
To: Eric Sandeen <sandeen@redhat.com>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: Add a norecovery option to ext3/4?
Date: Mon, 9 Apr 2007 10:00:55 -0400 [thread overview]
Message-ID: <20070409140055.GD18580@thunk.org> (raw)
In-Reply-To: <4619B60B.6030405@redhat.com>
On Sun, Apr 08, 2007 at 10:42:03PM -0500, Eric Sandeen wrote:
> Samuel Thibault wrote:
>
> >>Hm, so the root cause there seems that the installer found 2 legs of a
> >>mirror and mounted them independently, recovering them independently...
> >>But why did that cause problems?
> >
> >Because that thrashed his data (or at least it didn't help to keep data
> >safe).
Actually, reading through the Debian bug report, there is no proof
that is what actually caused the data loss. I certainly can't think
of any explanation for why that would have happened. See the summary
from Steve Langasek::
>Checkpoint of the IRC discussion:
>
>- The submitter says that after reboot, the RAID was reported as out of
> sync.
>- The logs show that the ext3 filesystem was automatically mounted rw for
> journal recovery by the kernel driver.
>- There is no evidence in the logs that the RAID was ever assembled within
> d-i, so it shouldn't be the case that the RAID superblocks were out of
> sync as a result of d-i itself.
>- This leaves two possible reasons for the out-of-sync state of the RAID:
> either mounting the individual partitions as ext3 filesystems somehow
> overwrote the RAID superblock just the right way (unlikely since it would
> require the ext3 driver to write past the end of the declared filesystem),
> or the RAID superblocks were out of sync /before/ booting d-i. The latter
> is consistent with the fact that the ext3 driver had to do a journal
> recovery, suggesting that both the ext3 fs and the RAID were not cleanly
> shut down.
>- If mounting as ext3 overwrote the RAID superblock, that seems to be a
> kernel bug, and we have no good explanation for how that would happen.
>- If the RAID was unclean before booting d-i, all bets are off as to the
> state of the filesystem at the beginning of this journal recovery, and it
> may be difficult to ever reproduce this bug.
> The reason I suggest other options is because intentionally mounting a
> corrupted FS may not really be the way you want to go... norecovery on
> xfs at least is an option of last resort, not something to use by default.
This would also be true for ext3; I am extremely uncomfortable with
people thinking that a norecovery option is something that should be
routinely used by programs. It's something that should only be used
by experts, who know what they are doing and who are willing to accept
the potential risks.
- Ted
next prev parent reply other threads:[~2007-04-09 14:00 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-09 0:05 Add a norecovery option to ext3/4? Samuel Thibault
2007-04-09 3:24 ` Eric Sandeen
2007-04-09 3:31 ` Samuel Thibault
2007-04-09 3:42 ` Eric Sandeen
2007-04-09 14:00 ` Theodore Tso [this message]
2007-04-09 4:29 ` Brad Campbell
2007-04-09 10:14 ` Andreas Dilger
2007-04-09 13:42 ` Valdis.Kletnieks
2007-04-09 16:37 ` Jan Engelhardt
2007-04-11 20:06 ` Pavel Machek
2007-04-09 15:43 ` Phillip Susi
2007-04-09 16:20 ` Kyle Moffett
2007-04-09 17:21 ` Eric Sandeen
2007-04-10 7:22 ` Jörn Engel
2007-04-10 11:27 ` Theodore Tso
2007-04-10 12:08 ` Jörn Engel
2007-04-10 16:44 ` Matt Mackall
2007-04-10 18:54 ` Phillip Susi
2007-04-10 19:18 ` Eric Sandeen
2007-04-10 22:04 ` Phillip Susi
2007-04-11 20:09 ` Bill Davidsen
2007-04-12 13:54 ` Benny Amorsen
2007-04-15 18:49 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070409140055.GD18580@thunk.org \
--to=tytso@mit.edu \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samuel.thibault@ens-lyon.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).