From: Neil Brown <neilb@suse.de>
To: Redeeman <redeeman@metanurb.dk>
Cc: "Michał Przyłuski" <mikylie@gmail.com>, linux-raid@vger.kernel.org
Subject: Re: detection/correction of corruption with raid6
Date: Tue, 16 Dec 2008 13:33:26 +1100 [thread overview]
Message-ID: <18759.4982.86181.792757@notabene.brown> (raw)
In-Reply-To: message from Redeeman on Friday December 12
On Friday December 12, redeeman@metanurb.dk wrote:
> >
> > It is possible (by the theory of Q syndrome, per the article you
> > linked) to detect which drive is doing a silent corruption with raid6
> > (and with some extra assumption, that just one drive is doing that).
> > But it's not implemented.
>
> thats a shame, it seems like a KILLER feature, but i guess its not too
> simple to do, or it would have been done already :)
The reason that it hasn't been done is not that it is difficult.
Certainly it is not trivial, but more complicated things have been
implemented.
The reason that it is not even on my TODO list is that I don't think
it is justifiable.
As has been said elsewhere in this thread, silent corruption is rarely
if ever caused by the storage device. They tend to have strong CRCs
etc which detect bit-flips with greater reliability than the RAID6
algorithm would detect them.
If the silent corruption comes from anywhere else in the system, it is
not clear what if anything should be done.
e.g. if the corruption was due to bad memory, there is no behaviour
that will reliably do the "right" thing.
In that case, the best that can be done is simply to log any error
that is found and let some human figure it out. That is part of the
motivation for a monthly 'check'.
I like to think about raid in a similar way to thinking about security
issues (after all, we are dealing with data security).
So before implementing any mechanism that might enhance security, I
need to have a clear understanding of what the threat model is. In
this case, what is the source of corruption.
Then I need a clear understanding on how the enhancement neutralises
or logs the threat, and a credible explanation of why it won't increase
the risk from some other threat.
If silent corruption is an issue for you then you really need to be
doing checks at a much higher level than the md level. A filesystem
that does checksums on all blocks (e.g. btrfs), or an application that
does them an all files (tripwire) are much more likely to be
beneficial than trying to leverage a side-effect of raid6.
I have a similar attitude to 3-way raid1 and voting on the result. I
simply don't think it is the right solution.
NeilBrown
next prev parent reply other threads:[~2008-12-16 2:33 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-05 21:00 detection/correction of corruption with raid6 Redeeman
2008-12-05 21:02 ` Justin Piszcz
2008-12-05 21:06 ` Redeeman
2008-12-05 21:09 ` Justin Piszcz
2008-12-05 21:12 ` Redeeman
2008-12-05 21:17 ` Justin Piszcz
2008-12-05 21:30 ` Michał Przyłuski
2008-12-05 22:12 ` Peter Rabbitson
2008-12-05 22:26 ` Michał Przyłuski
2008-12-05 22:43 ` Greg Freemyer
2008-12-06 0:39 ` Roger Heflin
2008-12-12 15:31 ` Redeeman
2008-12-16 2:33 ` Neil Brown [this message]
2008-12-16 6:33 ` Redeeman
2008-12-16 7:59 ` Mattias Wadenstein
2008-12-16 22:20 ` Chris Worley
-- strict thread matches above, loose matches on Subject: below --
2008-12-16 21:58 Piergiorgio Sartor
2008-12-16 22:25 ` Redeeman
2008-12-17 21:52 ` Piergiorgio Sartor
2008-12-19 4:39 ` Neil Brown
2008-12-19 5:38 ` Redeeman
2008-12-17 14:48 ` Bill Davidsen
2008-12-17 15:50 ` David Lethe
[not found] ` <494960E8.8020407@tmr.com>
2008-12-17 21:47 ` David Lethe
2008-12-19 8:40 piergiorgio.sartor
2008-12-19 13:10 ` Redeeman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18759.4982.86181.792757@notabene.brown \
--to=neilb@suse.de \
--cc=linux-raid@vger.kernel.org \
--cc=mikylie@gmail.com \
--cc=redeeman@metanurb.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).