dangerous situation with shutdown process
David Taylor
davidt at yadt.co.uk
Sat Jul 16 13:35:42 GMT 2005
On Sat, 16 Jul 2005, Matthias Buelow wrote:
> David Taylor <davidt at yadt.co.uk> writes:
>
> >> A corrupted journal can be detected. If it's corrupted, discard
> >> the whole thing, or only the relevant entry. The filesystem will
> >> remain consistent.
> >> If track corruption occurs after the journal is written, it doesn't
> >> matter, since at boot the journal will be replayed and all operations
> >> will be performed once more.
> >
> >The track which is corrupted could contain data that wasn't written
> >to in months. How would the journal help?
>
> I don't understand this question.
When the drive is powered off, the track being written to at that point
may be corrupted, right? That track may contain sectors that the OS
did't change. These sectors would not be mentioned in the journal.
How would a journaling fs fix the corruption?
I suppose this could be avoided by requiring that all writes (and
journal entries) somehow correspond to a full track. (Which I suppose
they may do already, but I don't think so).
> >I still don't trust ATA drives. Can you guarantee (or show any
> >reason to believe) that disabling the write cache will actually
> >wait for the cache to be flushed before returning?
> >Otherwise a <disable cache><enable cache> sequence is exactly
> >the same as a <flush cache> command. If the drive executes
> >both immediately, without waiting for the cache to be
> >flushed _before_ returning, what's the difference?
>
> You imply that, because there exists one drive for which it doesn't
> work, that it follows that it won't work for all drives? Or what is your
> point?
No. I'm just asking if you know of ANY ata drives that will wait for the
cache to be flushed before claiming the disable cache command has
succeeded. I don't, but I haven't looked.
--
David Taylor
More information about the freebsd-stable
mailing list