Re: safe file systems

Chris Wedgwood (
Wed, 24 Sep 1997 09:35:16 -0400

From: Larry McVoy <>
Subject: safe file systems

Do you think it would be possible to build a safe, slow file system? By
safe, I mean that I could hit reset in the middle of 50 parallel un-tars
and reboot the system and the file system comes up clean (no fsck, but
data loss)?

NO fsck - or just a very quick fsck?

And 'hit the reset' is not the only kind of breakage. Do you mean only hit
the reset, or do you wish to allow for 'the cat was chewing on the power
cable'? (Read below).

Has anyone thought about this very much? If so, is there a mailing list
or archive that I can browse?

I thought about it a couple of years back (hmm... actually maybe more) when
I was stuffing about with Ultrix. (I was started by writing a defragger, and
wanted to change big chunks of the file system around, without sync'ing and
still be totally fault tolerant. I never coded a FS, which I'm told for
Ultrix is a good thing not to do). It's amazing how easy it is to develop
stuff on a modern Linux box :) It would be painful to go back to a machine
ten times slower with a fraction on the disk storage and memory....

If you have ordered writes, then surely its possible with no fsck and
possibly considerable data-loss... ?

If you wanted a full fsck you could have much lower data-loss. And there are
steps in between where a smaller fsck would result in perhaps only moderate

I presume the latter is essentially just a journalling file-system.

Also, your writes have to be very strictly ordered. Some intelligent IO
subsystems will reorder your write operations on you, which I guess could
cause lots of really obscure hard to track down funnies if you were unaware
of you IO doing this.

A DPT SCSI card with 64MB of ram (probably with less too) I'm fairly sure
does this. (Create a file several GB long, and then update the ends of the
file and sync all the time - the HD does not trash). These controllers also
delay writes, which for performance is really nice - but in the case of
power-loss could be a pain. (Although if writes are ordered it will just
mean more data loss that otherwise in this case).

I think even my cheapish SCSI disks (which have a 1 (maybe 2?) MB cache)
will do this. I assume here a system reset will not affect them, but
power-failure did last time I checked. (But you can twiddle with the tables
on them and modify the way it writes data back, etc).