From: Gao Xiang <hsiangkao@linux.alibaba.com>
To: Andreas Dilger <adilger@dilger.ca>, Pedro Falcato <pfalcato@suse.de>
Cc: Aurelien DESBRIERES <aurelien@hackers.camp>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
viro@zeniv.linux.org.uk, brauner@kernel.org
Subject: Re: [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem
Date: Tue, 14 Apr 2026 10:56:36 +0800 [thread overview]
Message-ID: <8045f0a1-bda8-4c79-b488-3b48cd3bcb18@linux.alibaba.com> (raw)
In-Reply-To: <B1515863-5EA3-44A7-BEC2-40A49BEDE7DD@dilger.ca>
On 2026/4/14 02:03, Andreas Dilger wrote:
> On Apr 13, 2026, at 09:04, Pedro Falcato <pfalcato@suse.de> wrote:
>>
>> On Mon, Apr 13, 2026 at 04:23:46PM +0200, Aurelien DESBRIERES wrote:
>>> From: Aurélien DESBRIERES <aurelien@hackers.camp>
>>>
>>> This RFC introduces FTRFS, a new Linux filesystem designed for dependable
>>> storage in radiation-intensive environments, targeting embedded Linux systems
>>> operating in space or other harsh conditions.
>>>
>>> FTRFS was originally described in:
>>>
>>> Fuchs, C.M., Langer, M., Trinitis, C. (2015).
>>> FTRFS: A Fault-Tolerant Radiation-Robust Filesystem for Space Use.
>>> ARCS 2015, LNCS vol 9017, Springer.
>>> https://doi.org/10.1007/978-3-319-16086-3_8
>>>
>>> This implementation is an independent open-source realization of the
>>> concepts described in that paper, developed for the Linux kernel.
>>
>> Well, here's the obvious question: do you have a usecase for this?
>>
>>>
>>> == Design ==
>>>
>>> FTRFS provides three layers of data integrity:
>>>
>>> - CRC32 per block and per inode (hardware-accelerated via crc32_le)
>>> - Reed-Solomon FEC (encoder implemented, decoder planned)
>>> - EDAC-compatible error tracking
>>>
>>> On-disk layout:
>>>
>>> Block 0 : superblock (magic 0x46545246, CRC32-protected)
>>> Block 1..N : inode table (128 bytes/inode, CRC32 per inode)
>>> Block N+1..end : data blocks (CRC32 + RS FEC per block)
>>>
>>> Inodes use direct addressing (12 direct block pointers) plus single
>>> and double indirection. Directory entries are fixed-size (268 bytes)
>>> stored in direct blocks.
>>>
>>>
>>> Compile-tested on x86_64 with Linux 7.0 (this series).
>>> checkpatch.pl: 0 errors on all patches.
>>>
>>> == Feedback Requested ==
>>>
>>> This is an RFC. Feedback is welcome on:
>>>
>>> 1. On-disk format: is the superblock/inode layout reasonable?
>>
>> The layout itself is super unix-filesystem/ext2 reminiscent, so if something
>> like this is really needed, I would strongly recommend you perhaps add this
>> there. One feature (crc32c checksums over several metadata structures) already
>> exists on ext4.
>
> This was my first question as well. If this was some existing filesystem
> that was widely used in satellites or something, it might make sense to
> add support for that format (though a FUSE plugin might be better if the
> performance is not critical). But it doesn't necessarily make sense to
> implement a greenfield filesystem that doesn't extend the boundaries over
> existing filesystems very far.
>
> Modern ext4 has metadata checksums for many years, and fsverity can be used
> to add Merkle-tree checksums for file data. Data redundancy can be handled
> by the block layer.
>
> If code size/complexity is a significant issue for new embedded satellite
> controllers, then implementing "read-only" support for ext4 could be fairly
> straight forward development to put large chunks of the code under a CONFIG
> option.
According to the patchset, they need read-write support, but
I think the ext2 codebase is more suitable for embedded use
(if they don't need journalling) and to isolate unneeded
features.
However, I don't think an RO Kconfig option is useful for
isolating filesystem complexity concerns, unless the ondisk
layout and related runtime codepath can be separated by
design rather than gathering random RO pieces together:
because in that way, the new RO Kconfig option can only
make the testing and new development worse.
>
> You also have to consider that filesystems are critical components of any
> computer, and having bugs in newly-developed filesystem code could be as
> fatal to the satellite as the radiation. The general rule of thumb is that
> filesystems take about 10 years to mature.
Just a wild guess, I'm not sure if it's part of the AI work
(because it seems even there is no page cache for mmap()):
with new AI tools like Claude, it's pretty easy for everyone
to "write" and publish something now and in the future.
Thanks,
Gao Xiang
>
> Cheers, Andreas
>
>
>
>
>
next prev parent reply other threads:[~2026-04-14 2:56 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 14:23 [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 01/10] ftrfs: add on-disk format and in-memory data structures Aurelien DESBRIERES
2026-04-13 15:11 ` Darrick J. Wong
2026-04-13 17:26 ` Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 02/10] ftrfs: add superblock operations Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 03/10] ftrfs: add inode operations Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 04/10] ftrfs: add directory operations Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 05/10] ftrfs: add file operations Aurelien DESBRIERES
2026-04-13 15:09 ` Matthew Wilcox
[not found] ` <CAM=40tU5NppEZ9x07qDVkSxLw6Ga4nVg7sDCqcvhfQ51VbsS9Q@mail.gmail.com>
2026-04-13 17:41 ` Matthew Wilcox
2026-04-13 14:23 ` [RFC PATCH 06/10] ftrfs: add block and inode allocator Aurelien DESBRIERES
2026-04-13 15:21 ` Darrick J. Wong
2026-04-14 14:11 ` Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 07/10] ftrfs: add filename and directory entry operations Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 08/10] ftrfs: add CRC32 checksumming and Reed-Solomon FEC skeleton Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 09/10] ftrfs: add Kconfig, Makefile and fs/ tree integration Aurelien DESBRIERES
2026-04-13 14:23 ` [RFC PATCH 10/10] MAINTAINERS: add entry for FTRFS filesystem Aurelien DESBRIERES
2026-04-13 15:04 ` [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem Pedro Falcato
2026-04-13 18:03 ` Andreas Dilger
2026-04-14 2:56 ` Gao Xiang [this message]
2026-04-14 14:11 ` Aurelien DESBRIERES
2026-04-14 13:30 ` Aurelien DESBRIERES
2026-04-13 15:06 ` Matthew Wilcox
2026-04-13 18:11 ` Darrick J. Wong
2026-04-14 14:11 ` Aurelien DESBRIERES
2026-04-14 13:31 ` Aurelien DESBRIERES
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8045f0a1-bda8-4c79-b488-3b48cd3bcb18@linux.alibaba.com \
--to=hsiangkao@linux.alibaba.com \
--cc=adilger@dilger.ca \
--cc=aurelien@hackers.camp \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pfalcato@suse.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox