Subject: Puzzling questions about FFS
To: None <cgd@alpha.bostic.com>
From: Gordon W. Ross <gwr@jericho.mc.com>
List: tech-kern
Date: 10/31/1994 12:46:02
> Precedence: special-delivery
> X-Notice: Do not redistribute in any form without prior explicit
>           consent of the author.
> Date: Mon, 31 Oct 1994 12:30:02 -0500
> From: "Chris G. Demetriou" <cgd@alpha.bostic.com>
> 
[ about writing data blocks before meta-data ]

> > You are better off in that the only recovery work needed is to link
> > the inode somewhere (free, or in lost+found).  You know that if the
> > file exists (in its correct location) then it contains valid data.
> 
> actually, depending on how the "write out the data blocks" portion is
> done, you may end up with garbage, too...

I'm don't see how.  Can you enlighten?  The general rule for hardening
is simply "write anything that is pointed at before the object that
points to it".  With file updates, you can end up with a partial
update, but you should never get random, old disk block contents.

> if you write out the data blocks, but write them over the _existing_
> data blocks, and crash somewhere during the process, you're likely
> going to get undetectable garbage with either method.

I consider that a hardware issue.  Some machines deal with this by
driving a "power good" line from the power supply into the CPU board,
and can hold the reset line active while power is going down.  A disk
should normally have time to finish whatever it was doing, park, etc.

> it's not really practical to 'fix' this in any file system (unless
> you're doing real transactions, which is another story), because if
> you do, you need to reserve up to half of the blocks on the disk for
> a file's new contents...

In any case, this type of damage is rare compared with FS damage
caused by FS operation being halted unexpectedly.  (i.e. reboot :-)

Gordon