Re: [RFC] TileFS - a proposal for scalable integrity checking

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Jörn Engel" <joern@lazybastard.org>
To: Matt Mackall <mpm@selenic.com>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: [RFC] TileFS - a proposal for scalable integrity checking
Date: Sun, 29 Apr 2007 14:21:13 +0200	[thread overview]
Message-ID: <20070429122112.GA30608@lazybastard.org> (raw)
In-Reply-To: <20070428220522.GN11166@waste.org>

On Sat, 28 April 2007 17:05:22 -0500, Matt Mackall wrote:
> 
> This is a relatively simple scheme for making a filesystem with
> incremental online consistency checks of both data and metadata.
> Overhead can be well under 1% disk space and CPU overhead may also be
> very small, while greatly improving filesystem integrity.

I like it a lot.  Until now it appears to solve more problems and cause
fewer new problems than ChunkFS.

> [...]
> 
>  Divide disk into a bunch of tiles. For each tile, allocate a one
>  block tile header that contains (inode, checksum) pairs for each
>  block in the tile. Unused blocks get marked inode -1, filesystem
>  metadata blocks -2. The first element contains a last-clean
>  timestamp, a clean flag and a checksum for the block itself. For 4K
>  blocks with 32-bit inode and CRC, that's 512 blocks per tile (2MB),
>  with ~.2% overhead.

You should add a 64bit fpos field.  That allows you to easily check for
addressing errors.

>  [Note that CRCs are optional so we can cut the overhead in half. I
>  choose CRCs here because they're capable of catching the vast
>  majority of accidental corruptions at a small cost and mostly serve
>  to protect against errors not caught by on-disk ECC (eg cable noise,
>  kernel bugs, cosmic rays). Replacing CRCs with a stronger hash like
>  SHA-n is perfectly doable.]

The checksum cannot protect against a maliciously prepared medium
anyway, so crypto makes little sense.  Crc32 can provably (if you trust
those who did the proof) detect all 1, 2 and 3-bit errors and has a
1:2^32 chance of detecting any remaining errors.  That is fairly hard to
improve on.

>  Every time we write to a tile, we must mark the tile dirty. To cut
>  down time to find dirty tiles, the clean bits can be collected into a
>  smaller set of blocks, one clean bitmap block per 64GB of data.

You can and possibly should organize this as a tree, similar to a file.
One bit at the lowest level marks a tile as dirty.  One bit for each
indirect block pointer marks some tiles behind the pointer as dirty.
That scales logarithmically to any filesystem size.

Jörn

-- 
I don't understand it. Nobody does.
-- Richard P. Feynman
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2007-04-29 12:25 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-28 22:05 [RFC] TileFS - a proposal for scalable integrity checking Matt Mackall
2007-04-29 12:21 ` Jörn Engel [this message]
2007-04-29 12:57   ` Matt Mackall
2007-04-29 15:47     ` Jörn Engel
2007-05-09  5:56   ` Valerie Henson
2007-05-09 10:12     ` Jörn Engel
2007-04-29 15:58 ` Jörn Engel
2007-04-29 16:24   ` Matt Mackall
2007-04-29 16:34 ` Andi Kleen
2007-04-29 16:05   ` Jörn Engel
2007-04-29 16:09   ` Matt Mackall
2007-04-29 23:23 ` Theodore Tso
2007-04-30  1:40   ` Matt Mackall
2007-04-30 17:26     ` Theodore Tso
2007-04-30 17:59       ` Matt Mackall
2007-05-02 13:18         ` Jörn Engel
2007-05-02 13:32     ` Jörn Engel
2007-05-02 15:37       ` Matt Mackall
2007-05-02 16:35         ` Jörn Engel
2007-05-09  7:56     ` Valerie Henson
2007-05-09 11:16       ` Nikita Danilov
2007-05-09 18:56         ` Valerie Henson
2007-05-09 19:19           ` Nikita Danilov
2007-05-09 17:06       ` Matt Mackall
2007-05-09 18:59         ` Valerie Henson
2007-05-09 19:51           ` Matt Mackall
2007-05-10  0:03             ` Jörn Engel
2007-05-11  9:46             ` Valerie Henson
2007-05-11 15:55               ` Matt Mackall
2007-05-09 19:01     ` Valerie Henson
2007-05-09 20:05       ` Matt Mackall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070429122112.GA30608@lazybastard.org \
    --to=joern@lazybastard.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=mpm@selenic.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).