From: Rob Landley <rob@landley.net>
To: Pavel Machek <pavel@suse.cz>
Cc: kernel list <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>,
tytso@mit.edu, mtk.manpages@gmail.com, rdunlap@xenotime.net,
linux-doc@vger.kernel.org
Subject: Re: document ext3 requirements
Date: Sun, 4 Jan 2009 19:50:11 -0600 [thread overview]
Message-ID: <200901041950.12331.rob@landley.net> (raw)
In-Reply-To: <20090104225545.GF1913@elf.ucw.cz>
On Sunday 04 January 2009 16:55:45 Pavel Machek wrote:
> On Sun 2009-01-04 13:49:49, Rob Landley wrote:
> > On Saturday 03 January 2009 06:38:15 Pavel Machek wrote:
> > > +Ext3 expects disk/storage subsystem to behave sanely. On sanely
> > > +behaving disk subsystem, data that have been successfully synced will
> > > +stay on the disk. Sane means:
> > > +
> > > +* writes to media never fail. Even if disk returns error condition
> > > during + write, ext3 can't handle that correctly, because success on
> > > fsync was already + returned when data hit the journal.
> > > +
> > > + (Fortunately writes failing are very uncommon on disks, as they
> > > + have spare sectors they use when write fails.)
> > > +
> > > +* either whole sector is correctly written or nothing is written
> > > during + powerfail.
> > > +
> > > + (Unfortuantely, none of the cheap USB/SD flash cards I seen do
> > > behave + like this, and are unsuitable for ext3.
> >
> > Want to document the granularity issues with flash, while you're at it?
> >
> > An inherent problem with using flash as a normal block device is that the
> > flash erase size is bigger than most filesystem sector sizes. So when
> > you request a write, it may erase and rewrite the next 64k, 128k, or even
> > a couple megabytes on the really _big_ ones.
> >
> > If you lose power in the middle of that, ext3 won't notice that data in
> > the "sectors" _after_ the one your were trying to write to got trashed.
> >
> > The flash filesystems take this into account as part of their wear
> > levelling stuff (they normally copy the entire chunk into a new chunk,
> > leaving the old one in place until it's no longer needed), but they need
> > to query the device to get the erase granularity in order to do that,
> > which is why they don't work on non-flash block devices.
>
> Is there linux filesystem that can handle that? I know jffs2, but
> that's unsuitable for stuff like USB thumb drives, right?
Any of the flash filesystems should handle that. The main problem with jffs2
is it doesn't scale well to large device sizes. UBIFS is supposed to scale
much better, but I haven't played with it yet.
And the thing about USB thumb drives is they present as a normal block device,
_not_ as flash, so you can't _query_ their erase granularity. (It's like
those hardware raid cards that wouldn't tell you they were striping and such
so you had to figure out a well-performing layout all by yourself.) They do
it magically behind the scenes, and if the power goes out (or you yank the
device out unexpectedly) if they haven't got a built-in capacitor or battery
to have enough power to complete their pending transaction, you're screwed.
Plus they do horrible wear levelling, the lot of 'em. Read Val Henson's
livejournal entry about it: http://valhenson.livejournal.com/25228.html
There was also a marvelous thread Linus participated in on some hardware
industry web message board, but I have no idea where it's gone...
> Does this sound like a fair summary?
See Ted's comment. The summary's fine, the question is where to put this sort
of thing...
> If you lose power in the middle of that, filesystem
> won't notice that data in the "sectors" _after_ the
> one your were trying to write to got trashed.
Well, the journal won't notice. An e2fsck will notice huge swaths of missing
metadata, but won't be able to do anything about it. (And if what got zapped
was file _contents_ rather than metadata, you're on your own finding it. Fun,
isn't it?)
> Pavel
Rob
next prev parent reply other threads:[~2009-01-05 1:50 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-03 12:38 document ext3 requirements Pavel Machek
2009-01-03 21:17 ` Martin MOKREJŠ
2009-01-03 22:06 ` Pavel Machek
2009-01-03 22:17 ` Duane Griffin
2009-01-03 22:29 ` Pavel Machek
2009-01-03 23:01 ` Martin MOKREJŠ
2009-01-03 23:38 ` Duane Griffin
2009-01-03 23:50 ` Martin MOKREJŠ
2009-01-03 23:58 ` Robert Hancock
2009-01-04 0:08 ` Martin MOKREJŠ
2009-01-04 21:49 ` Ingo Oeser
2009-01-04 0:00 ` Duane Griffin
2009-01-04 0:11 ` Martin MOKREJŠ
2009-01-04 0:41 ` Duane Griffin
2009-01-04 3:52 ` Valdis.Kletnieks
2009-01-04 14:24 ` Duane Griffin
2009-01-04 18:40 ` Theodore Tso
2009-01-04 19:21 ` Geert Uytterhoeven
2009-01-04 19:36 ` Theodore Tso
2009-01-04 19:51 ` Duane Griffin
2009-01-04 21:55 ` Theodore Tso
2009-01-04 22:06 ` Duane Griffin
2009-01-04 22:42 ` Bron Gondwana
2009-01-05 3:22 ` Rob Landley
2009-01-04 0:19 ` Pavel Machek
2009-01-05 2:55 ` Rob Landley
2009-01-04 19:56 ` Rob Landley
2009-01-05 19:16 ` Theodore Tso
2009-01-06 19:20 ` Rob Landley
2009-01-06 10:08 ` Matthias Andree
2009-01-06 15:23 ` Theodore Tso
2009-01-03 23:12 ` Duane Griffin
2009-01-06 10:06 ` Matthias Andree
2009-01-04 2:32 ` Theodore Tso
2009-01-04 22:33 ` Pavel Machek
2009-01-04 22:34 ` [patch] document ext3 a bit better Pavel Machek
2009-01-05 14:57 ` Theodore Tso
2009-01-06 9:21 ` Pavel Machek
2009-01-09 23:24 ` Jiri Kosina
2009-01-09 23:36 ` Randy Dunlap
2009-01-09 23:47 ` Jiri Kosina
2009-01-04 13:35 ` document ext3 requirements Alexander E. Patrakov
2009-01-04 13:53 ` Valdis.Kletnieks
2009-01-04 18:21 ` Michael Tokarev
2009-01-04 18:38 ` Theodore Tso
2009-01-04 22:37 ` Pavel Machek
2009-01-04 23:58 ` Theodore Tso
2009-01-05 11:43 ` Alan Cox
2009-01-07 11:59 ` Rob Landley
2009-01-04 20:10 ` Pavel Machek
2009-01-04 19:49 ` Rob Landley
2009-01-04 22:06 ` Theodore Tso
2009-01-04 22:25 ` Pavel Machek
2009-01-04 23:00 ` [patch] " Pavel Machek
2009-01-05 2:42 ` Rob Landley
2009-01-05 9:54 ` Pavel Machek
2009-01-04 23:07 ` Pavel Machek
2009-01-05 1:38 ` Rob Landley
2009-01-04 22:55 ` Pavel Machek
2009-01-05 0:16 ` david
2009-01-05 9:38 ` Pavel Machek
2009-01-05 1:50 ` Rob Landley [this message]
2009-01-05 3:20 ` Martin K. Petersen
2009-01-05 9:45 ` Pavel Machek
2009-01-05 11:28 ` Alan Cox
2009-01-05 19:15 ` Martin K. Petersen
2009-01-05 20:19 ` Theodore Tso
[not found] <fa.pmCH9X+XujDl6RH6/TpkNtsTnbk@ifi.uio.no>
[not found] ` <fa.b62zZFe5e154PhgA+0sdwVXD9F0@ifi.uio.no>
[not found] ` <fa.ZTpiSvxEhp3YJDepiUQs+cU0C98@ifi.uio.no>
[not found] ` <fa.xvvufQC6zTpU9R6vhDl51DR5V7A@ifi.uio.no>
[not found] ` <fa.pkV69eXC76Pb9fnmERdAwXX9OKA@ifi.uio.no>
[not found] ` <fa.hQTLXdIllf+hs4yQb092u6fowq0@ifi.uio.no>
2009-01-04 19:08 ` Sitsofe Wheeler
2009-01-04 19:31 ` Theodore Tso
2009-01-04 22:40 ` Pavel Machek
2009-01-04 23:30 ` Theodore Tso
2009-01-05 3:49 ` Rob Landley
2009-01-05 4:31 ` Robert Hancock
2009-01-05 5:00 ` david
2009-01-05 11:19 ` Alan Cox
2009-01-05 19:00 ` Rob Landley
2009-01-05 19:27 ` Martin K. Petersen
2009-01-06 10:41 ` Matthias Andree
2009-01-06 15:30 ` Theodore Tso
[not found] ` <20090106153020.GB13086__11022.1833143898$1231255950$gmane$org@mit.edu>
2009-01-06 15:40 ` Andi Kleen
2009-01-06 15:57 ` Theodore Tso
2009-01-06 17:31 ` Andi Kleen
2009-01-06 19:31 ` Rob Landley
2009-01-27 13:24 ` Thierry Vignaud
2009-01-27 13:37 ` Alan Cox
2009-01-06 10:36 ` Matthias Andree
[not found] <fa.P4z5CJpM0xT37PWJuOuCHDkO76o@ifi.uio.no>
[not found] ` <fa.eOwOqydZi0qs6K1nmNxBFGQMV40@ifi.uio.no>
[not found] ` <fa.26o5IHCAC3TQdXupl62CLYwQ+Wk@ifi.uio.no>
2009-01-04 23:13 ` Sitsofe Wheeler
2009-01-05 2:51 ` Rob Landley
2009-01-05 3:33 ` Martin K. Petersen
2009-01-05 4:02 ` david
2009-01-05 3:52 ` Rob Landley
[not found] ` <fa.GBkQuKdRj+YRVczlNLFhGvaw3WY@ifi.uio.no>
[not found] ` <fa.rCyCghh/+staAmYi/+gwYvefIS0@ifi.uio.no>
[not found] ` <fa.c5j7jAMUnJPvgI9Oj/VczSDNakE@ifi.uio.no>
[not found] ` <fa.377DMq2lPMyaHxadPnApFSJFoCg@ifi.uio.no>
2009-01-05 20:36 ` Sitsofe Wheeler
2009-01-05 23:09 ` Theodore Tso
[not found] ` <fa.ucJLoSQwk9OAj6T6x60tbWaiTAo@ifi.uio.no>
2009-01-05 22:25 ` Sitsofe Wheeler
2009-01-06 4:08 ` Rob Landley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200901041950.12331.rob@landley.net \
--to=rob@landley.net \
--cc=akpm@osdl.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=pavel@suse.cz \
--cc=rdunlap@xenotime.net \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox