dangerous situation with shutdown process

David Taylor davidt at yadt.co.uk
Fri Jul 15 22:45:22 GMT 2005

On Fri, 15 Jul 2005, Matthias Buelow wrote:

> John-Mark Gurney wrote:
> >even request barries will not save the fs in a power loss if the track
> >that is getting flushed durning a power loss...  Some other FreeBSD
> >folk has a reproducable case of where blocks that were not written to
> >on ATA hardware got trashed after a power loss...
> >With non-written to sectors getting trashed with the cache enabled,
> >barriers don't mean squat...
> One more thought.. they _do_ protect against power loss during writing
> a track -- when used in combination with a journalled fs.
> A corrupted journal can be detected. If it's corrupted, discard
> the whole thing, or only the relevant entry. The filesystem will
> remain consistent.
> If track corruption occurs after the journal is written, it doesn't
> matter, since at boot the journal will be replayed and all operations
> will be performed once more.

The track which is corrupted could contain data that wasn't written
to in months.  How would the journal help?
> The combination barriers+journal really seems to be very resilient
> to filesystem corruption. When it's implemented without errors, and
> the hardware doesn't do things like change bits randomly, I can't
> think of a way this scheme can be corrupted at all.

I still don't trust ATA drives.  Can you guarantee (or show any
reason to believe) that disabling the write cache will actually
wait for the cache to be flushed before returning?

Otherwise a <disable cache><enable cache> sequence is exactly
the same as a <flush cache> command.  If the drive executes
both immediately, without waiting for the cache to be
flushed _before_ returning, what's the difference?

David Taylor 

More information about the freebsd-stable mailing list