Subject: Re: Puzzling questions about FFS
To: Gordon Ross <gwr@mc.com>
From: Chris G. Demetriou <cgd@alpha.bostic.com>
List: tech-kern
Date: 10/31/1994 12:30:02
> > >It was written in one article:
> > >>As someone pointed out, the only way to ensure file system integrity is to
> > >>write out first data blocks, then indirect blocks and then the inode. FFS
> > >>does the opposite which is at best useless, at worst wrong.
> > >
> > >(This is supposed to be the way linux does it)
> > >
> > >How can this model be better then the opposite .
> > >I would think that it mainly were a question of locking the datablocks, 
>
> [ ... ]
> 
> You are better off in that the only recovery work needed is to link
> the inode somewhere (free, or in lost+found).  You know that if the
> file exists (in its correct location) then it contains valid data.

actually, depending on how the "write out the data blocks" portion is
done, you may end up with garbage, too...

if you write out the data blocks, but write them over the _existing_
data blocks, and crash somewhere during the process, you're likely
going to get undetectable garbage with either method.

it's not really practical to 'fix' this in any file system (unless
you're doing real transactions, which is another story), because if
you do, you need to reserve up to half of the blocks on the disk for
a file's new contents...


chris