tech-kern: Re: Puzzling questions about FFS

Subject: Re: Puzzling questions about FFS
To: Kim Andersen <kim@dde.dk>
From: Brett Lymn <blymn@awadi.com.AU>
List: tech-kern
Date: 10/31/1994 12:52:13
According to Kim Andersen:
>
>
>There's a never ending discussion going on in comp.os.linux.development
>regarding problems and virtues of Linux's ext2fs filesytem and FFS.
>
>One of the things that keeps surfacing is that the synchronous writes of
>inodes are wrong, and could lead to security failures.
>

One thing not doing synchronous inode write buys you is a bit of
speed.  This is why Linux seems to win doing filesystem intensive
stuff.

>
>It was written in one article:
>>As someone pointed out, the only way to ensure file system integrity is to
>>write out first data blocks, then indirect blocks and then the inode. FFS
>>does the opposite which is at best useless, at worst wrong.
>
>(This is supposed to be the way linux does it)
>
>How can this model be better then the opposite .
>I would think that it mainly were a question of locking the datablocks, 
>

This depends - it depends on whether or not you want to know that your
file system has been damaged.  Updating the inode last is only going
to mean that getting dangling file pointers is less likely it does not
really add to the robustness of the fs.  Personally, I would like to
know when my fs is broken and that it needs fixing rather than have
things just quietly not be there.  If you consider this scenario:  the
data blocks are written but before the inodes are updated the power
dies.  How are you better off?  The data is somewhere on the disk - if
you were really persistent you could find it, maybe, but it is no
worse than having a dangling ref.

>I must say that i haven't seen any problems with FFS, even when abusing
>the file-system eg. removing power during massive writes.
>

Yeah, my experiences have been pretty good too.  From the scans I used
to do of the Linux newsgroups it seems that reloading a trashed FS is
something that is not uncommon.  If have never had a fs that has been
so trashed that fsck cannot recover it (finds bit of wood and hammers
vigorously upon it).  I have had to resort to backup superblocks
_once_ and managed to recover *most* of the fs.  I am talking not just
of my NetBSD/386BSD experience but also work.

About the only real way to protect the FS is to have a UPS to protect
from unexpected power outages.  Crashes are another matter but one
hopes they don't occur too frequently and that you have good backups.

-- 
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Aha!  Pronoun problems.  It's not `shoot you, shoot you', it's `shoot me,
 shoot me'.  So, go ahead, shoot ME, shoot ME <BLAM>... You're Despicable"
                        -- Daffy Duck