Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp7395715rwp; Tue, 18 Jul 2023 14:54:00 -0700 (PDT) X-Google-Smtp-Source: APBJJlHJdRNlJ2RG8thKOlAq7uiUvrROCqJW5Pfe8DrVHlS95cHBZqk0P2GYPlo6LdZGLG4FQCxc X-Received: by 2002:a05:6e02:1bea:b0:346:4f3d:9133 with SMTP id y10-20020a056e021bea00b003464f3d9133mr3760506ilv.20.1689717240312; Tue, 18 Jul 2023 14:54:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689717240; cv=none; d=google.com; s=arc-20160816; b=LgBgcgtNivc5C6UiZa/3dYG5Q7pgnC58a9crGFT8Mpxn3QFNLTVMgMseEXHoJOlU/c b7PlIXw7I17vptb/avTkwtoIb5fQPpxIPkWO44K+vOJ9NAXasNk9dLvlU9zMzozTb7dI P+6Hj8rB5Z5F2JLnwK42NTSmOuXSFp72ydVgmGgau7hmMiEka35NLRhSnDtQWlUHBBlW bj8gyKl5kY+u5EbR/QpprvxmeqjM5OfEBrGAhXryaN7cmaO4rLtpOXEfNtmXciQojs3L njHYDE3safRejHvpwh9bGt5AmoX80ZZLp1LaJ24iQYSPPK3tdlicgrxyYjOAqD/+gamv tvKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=60OkbbKeTbip62zLW81bcGNdcbyOjtefyk1+2g/3VaE=; fh=HM//71DaqSh0yFugjC8HJzublLwuSTIOcRicMRSpcZE=; b=n5NQZ/+ev9whmsY46l69KquKSIk9ymqET047RB0+MjBC3sR07wLaS1mMD+yHhBxGgb mF/2H8YDZt3sb98JBffyST1ho/S9tblOtZ4XelBplMAthh0Uy2aFaUmEbrTVaiuEqJuI hhvTkImvI3B2zcgEM1d8/j6r2lbOXJraK2FUMSoVIDrlV2t8LyHjZOds+Tr+yzJaf25x p666a9b5kex75gMUaUUY9uOHVesOWTn2++qVpiPOwJFRlXqxtrZFGN26xWMdAFDicy2G nFQfvIcFy5cMCLvz4slERxjwyOKE4LSeYKkwrHUaj2506LKCbLiTczPijtaTZOmSsoCl x2dw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=YHXOEGyd; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lb1-20020a17090b4a4100b0025327b5caefsi91718pjb.165.2023.07.18.14.53.37; Tue, 18 Jul 2023 14:54:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=YHXOEGyd; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230375AbjGRVci (ORCPT + 99 others); Tue, 18 Jul 2023 17:32:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230197AbjGRVcf (ORCPT ); Tue, 18 Jul 2023 17:32:35 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 478AF19B0 for ; Tue, 18 Jul 2023 14:32:31 -0700 (PDT) Received: from cwcc.thunk.org (pool-173-48-116-181.bstnma.fios.verizon.net [173.48.116.181]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 36ILWCmR016366 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 18 Jul 2023 17:32:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1689715935; bh=60OkbbKeTbip62zLW81bcGNdcbyOjtefyk1+2g/3VaE=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=YHXOEGydXdG+I3F0VyUNF2MN5/PxUaZPy4Paf0QoCqgp76+4r2PMam19alPa0Yayu cEe6xRFB1x/ZOYUzCDshBQMRt8KOeHb5gt7YXH3vJ54PPhpqotd6HQoTn+zIcSru13 qCoA+IMID7JVL2611GvDX4kuoaI/VcpHIVAIcATq7GpTE+laMHT+aescxDdpRWFAjq DxU7ruFUnMi1iRGN9e4xTBtvPbPVMeoFvjuFMSlazdJj0rFLiukQpOT5Mj7qtHGM3b 60+kdhQpcH6iswdsxJ4Qx3zHCD5N4HHwcamnHhFgNU8bmgmJuldn2SAgEWCXlztYcY poBQVBGfuK6vQ== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 5D34B15C026A; Tue, 18 Jul 2023 17:32:12 -0400 (EDT) Date: Tue, 18 Jul 2023 17:32:12 -0400 From: "Theodore Ts'o" To: "Alan C. Assis" Cc: =?iso-8859-1?Q?Bj=F8rn?= Forsman , Kai Tomerius , linux-embedded@vger.kernel.org, Ext4 Developers List , dm-devel@redhat.com Subject: Re: File system robustness Message-ID: <20230718213212.GE3842864@mit.edu> References: <20230717075035.GA9549@tomerius.de> <20230718053017.GB6042@tomerius.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, Jul 18, 2023 at 10:04:55AM -0300, Alan C. Assis wrote: > > You are right, for NAND there is an old (but gold) presentation here: > > https://elinux.org/images/7/7e/ELC2009-FlashFS-Toshiba.pdf > > UBIFS and YAFFS2 are the way to go. This presentation is specifically talking about flash devices that do not have a flash translation layer (that is, they are using the MTD interface). There are multiple kinds of flash devices, that can be exported via different interfaces: MTD, USB Storage, eMMC, UFS, SATA, SCSI, NVMe, etc. There are also differences in terms of the sophistication of the Flash Translation Layer in terms of how powerful is the microcontroller, how much memory and persistant storage for flash metadata is available to the FTL, etc. F2FS is a good choice for "low end flash", especially those flash devices that use a very simplistic mapping between LBA (block/sector numbers) and the physical flash to be used, and may have a very limited number of flash blocks that can be open for modification at a time. For more sophiscated flash storage devices (e.g., SSD's and higher end flash devices), this consideration won't matter, and then the best file system to use will be very dependant on your workload. In answer to Kai's original question, the setup that was described should be fine --- assuming high quality hardware. There are some flash devices that designed to handle power failures correctly; which is to say, if power is cut suddenly, the data used by the Flash Translation Layer can be corrupted, in which case data written months or years ago (not just recent data) could be lost. There have been horror stories about wedding photographers who dropped their camera, and the SD Card came shooting out, and *all* of the data that was shot on some couple's special day was completely *gone*. Assuming that you have valid, power drop safe hardware, running fsck after a power cut is not necessary, at least as far as file system consistency is concerned. If you have badly written userspace application code, then all bets can be off. For example, consider the following sequence of events: 1) An application like Tuxracer truncates the top-ten score file 2) It then writes a new top-ten score file 3) 4) Ut then closes the Open GL library, triggering a bug in the cruddy proprietary binary-only kernel module video driver, leading to an immediate system crash. 5) Complain to the file system developers that users' top-ten score file was lost, and what are the file system developers going to do about it? 6) File system developers start creating T-shirts saying that what userspace applications really are asking for is a new open(2) flag, O_PONIES[1] [1] https://blahg.josefsipek.net/?p=364 So when you talk about overall system robustness, you need robust hardware, you need a robust file aystem, you need to use the file system correctly, and you have robust userspace applications. If you get it all right, you'll be fine. On the other hand, if you have crappy hardware (such as might be found for cheap in the checkout counter of the local Micro Center, or in a back alley vendor in Shenzhen, China), or if you do something like misconfigure the file system such as using the "nobarrier" mount option "to speed things up", or if you have applications that update files in an unsafe manner, then you will have problems. Welcome to systems engineering. :-) - Ted