From owner-freebsd-chat  Fri Sep 29 11:10:59 2000
Delivered-To: freebsd-chat@freebsd.org
Received: from hand.dotat.at (hand.dotat.at [212.240.134.135])
	by hub.freebsd.org (Postfix) with ESMTP id CADA837B505
	for <chat@freebsd.org>; Fri, 29 Sep 2000 11:10:33 -0700 (PDT)
Received: from fanf by hand.dotat.at with local (Exim 3.15 #3)
	id 13f4bn-0000se-00; Fri, 29 Sep 2000 18:10:07 +0000
Date: Fri, 29 Sep 2000 18:10:07 +0000
From: Tony Finch <dot@dotat.at>
To: Terry Lambert <tlambert@primenet.com>
Cc: John Sconiers <jrs@enteract.com>, Brad Knowles <blk@skynet.be>,
	Johann Visagie <wjv@cityip.co.za>, chat@FreeBSD.ORG
Subject: Re: SGI releases XFS under GPL
Message-ID: <20000929181007.A3345@hand.dotat.at>
References: <Pine.NEB.3.96.1000928091033.6947A-100000@shell-1.enteract.com> <200009290115.SAA06192@usr05.primenet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200009290115.SAA06192@usr05.primenet.com>
Organization: Covalent Technologies, Inc
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Terry Lambert <tlambert@primenet.com> wrote:
>
>A common misconception about soft updates is that you can get
>the same failure recovery that you would get from journalling
>or logging. [...]
>
>The flaw with this theory is that a power failure is not the
>only type of crash you could have, and running after any
>crash that can corrupt any portion of the disk (e.g. most
>disks corrupt sectors if power is lost during a write, and
>in the evnt of a kernel panic, you don't know what data was
>corrupted in core, then erroneously written to disk before
>the actual panic, etc.), puts you at risk of further disk
>corruption and user space software failures.  In the worst
>case, the crash was the result of a hardware failure of the
>disk subsystem (disk, controller, cables, terminator, etc.).
>So it is impossible to recover without an exterior log of
>the events leading up to the crash (this is how the WAFL
>file system from Network Appliance works: it uses an NVRAM
>intention log).

I'm not sure this argument is entirely sound: it also applies to
journalling filesystems where the log is kept on disk. Even if the
journal isn't on disk (the WAFL case) you can still be vulnerable to
hardware failures -- I've heard of a NetApp becoming completely
unusable after a disk decided to fail silently, the only way to
recover being to copy the parts of the filesystem that didn't crash the
NetApp to another machine.

Tony.
-- 
en oeccget g mtcaa    f.a.n.finch
v spdlkishrhtewe y    dot@dotat.at
eatp o v eiti i d.    fanf@covalent.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message