From: Goffredo Baroncelli <kreijack@inwind.it>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: "linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Subject: Re: Ongoing Btrfs stability issues
Date: Mon, 12 Mar 2018 22:22:18 +0100 [thread overview]
Message-ID: <3fd8f21b-2e4d-3696-8e92-a20e4dda13ec@inwind.it> (raw)
In-Reply-To: <1520807872.4281.11.camel@scientia.net>
On 03/11/2018 11:37 PM, Christoph Anton Mitterer wrote:
> On Sun, 2018-03-11 at 18:51 +0100, Goffredo Baroncelli wrote:
>>
>> COW is needed to properly checksum the data. Otherwise is not
>> possible to ensure the coherency between data and checksum (however I
>> have to point out that BTRFS fails even in this case [*]).
>> We could rearrange this sentence, saying that: if you want checksum,
>> you need COW...
>
> No,... not really... the meta-data is anyway always CoWed... so if you
> do checksum *and* notdatacow,..., the only thing that could possibly
> happen (in the worst case) is, that data that actually made it
> correctly to the disk is falsely determined bad, as the metadata (i.e.
> the checksums) weren't upgraded correctly.
>
> That however is probably much less likely than the other way round,..
> i.e. bad data went to disk and would be detected with checksuming.
Unfortunately no, the likelihood might be 100%: there are some patterns which trigger this problem quite easily. See The link which I posted in my previous email. There was a program which creates a bad checksum (in COW+DATASUM mode), and the file became unreadable.
>
>
> I had lots of discussions about this here on the list, and no one ever
> brought up a real argument against it... I also had an off-list
> discussion with Chris Mason who IIRC confirmed that it would actually
> work as I imagine it... with the only two problems:
> - good data possibly be marked bad because of bad checksums
> - reads giving back EIO where people would rather prefer bad data
If you cannot know if a checksum is bad or the data is bad, the checksum is not useful at all!
If I read correctly what you wrote, it seems that you consider a "minor issue" the fact that the checksum is not correct. If you accept the possibility that a checksum might be wrong, you wont trust anymore the checksum; so the checksum became not useful.
> (not really sure if this were really his two arguments,... I'd have to
> look it up, so don't nail me down).
>
>
> Long story short:
>
> In any case, I think giving back bad data without EIO is unacceptable.
> If someone really doesn't care (e.g. because he has higher level
> checksumming and possibly even repair) he could still manually disable
> checksumming.
>
> The little chance of having a false positive weights IMO far less that
> have very large amounts of data (DBs, VM images are our typical cases)
> completely unprotected.
Again, you are assuming that the likelihood of having a bad checksum is low. Unfortunately this is not true. There are pattern which exploits this bug with a likelihood=100%.
>
> And not having checksumming with notdatacow breaks any safe raid repair
> (so in that case "repair" may even overwrite good data),... which is
> IMO also unacceptable.
> And the typical use cases for nodatacow (VMs, DBs) are in turn not so
> uncommon to want RAID.
>
>
> I really like btrfs,... and it's not that other fs (which typically
> have no checksumming at all) would perform better here... but not
> having it for these major use case is a big disappointment for me.
>
>
> Cheers,
> Chris.
>
--
gpg @keyserver.linux.it: Goffredo Baroncelli <kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D 17B2 0EDA 9B37 8B82 E0B5
next prev parent reply other threads:[~2018-03-12 21:22 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 16:18 Ongoing Btrfs stability issues Alex Adriaanse
2018-02-15 18:00 ` Nikolay Borisov
2018-02-15 19:41 ` Alex Adriaanse
2018-02-15 20:42 ` Nikolay Borisov
2018-02-16 4:54 ` Alex Adriaanse
2018-02-16 7:40 ` Nikolay Borisov
2018-02-16 19:44 ` Austin S. Hemmelgarn
2018-02-17 3:03 ` Duncan
2018-02-17 4:34 ` Shehbaz Jaffer
2018-02-17 15:18 ` Hans van Kranenburg
2018-02-17 16:42 ` Shehbaz Jaffer
2018-03-01 19:04 ` Alex Adriaanse
2018-03-01 19:40 ` Nikolay Borisov
2018-03-02 17:29 ` Liu Bo
2018-03-08 17:40 ` Alex Adriaanse
2018-03-09 9:54 ` Nikolay Borisov
2018-03-09 19:05 ` Alex Adriaanse
2018-03-10 12:04 ` Nikolay Borisov
2018-03-10 14:29 ` Christoph Anton Mitterer
2018-03-11 17:51 ` Goffredo Baroncelli
2018-03-11 22:37 ` Christoph Anton Mitterer
2018-03-12 21:22 ` Goffredo Baroncelli [this message]
2018-03-12 21:48 ` Christoph Anton Mitterer
2018-03-13 19:36 ` Goffredo Baroncelli
2018-03-13 20:10 ` Christoph Anton Mitterer
2018-03-14 12:02 ` Austin S. Hemmelgarn
2018-03-14 18:39 ` Goffredo Baroncelli
2018-03-14 19:27 ` Austin S. Hemmelgarn
2018-03-14 22:17 ` Goffredo Baroncelli
2018-03-13 13:47 ` Patrik Lundquist
2018-03-02 4:02 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3fd8f21b-2e4d-3696-8e92-a20e4dda13ec@inwind.it \
--to=kreijack@inwind.it \
--cc=calestyo@scientia.net \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.