translate more ways for filesystem consistency check and repair slide

Vladimir Kotal · Vladimir Kotal · commit bd1fb292fdf9 · 2018-02-04T22:43:45.000+01:00
diff --git a/files.tex b/files.tex
@@ -555,89 +555,91 @@
 
 %%%%%
 
-\pdfbookmark[1]{more ways to for ensuring filesystem consistency}{fsconsistency}
+\pdfbookmark[1]{more ways for ensuring filesystem consistency}{fsconsistency}
 
 \begin{slide}
-\sltitle{Dal�� zp�soby zaji�t�n� konzistence filesyst�mu}
+\sltitle{More ways for ensuring filesystem consistency}
 \setlength{\baselineskip}{0.8\baselineskip}
 \begin{itemize}
 \setlength{\itemsep}{0ex}
-\item tradi�n� UFS -- synchronn� z�pis metadat
+\item traditional UFS -- synchronous metadata writes
     \begin{itemize}
     \setlength{\itemsep}{0ex}
-    \item aplikace vytv��ej�c� nov� soubor �ek� na inicializaci inode na
-    disku; tyto operace pracuj� rychlost� disku a ne rychlost� CPU
-    \item asynchronn� z�pis ale �ast�ji zp�sob� nekontistenci metadat
+    \item an application creating new file is waiting till the inode is
+    initialized on disk; these operations are done with disk speed, not CPU
+    speed
+    \item however asynchronous writes more often cause metadata inconsistencies
     \end{itemize}
-\item �e�en� probl�m� s nekonzistenc� metadat na disku:
+\item solutions to metadata inconsistency problem:
     \begin{itemize}
     \setlength{\itemsep}{0ex}
-    \item \emph{journalling} -- skupina na sob� z�visl�ch operac� se
-    nejd��ve atomicky ulo�� do �urn�lu; p�i probl�mech se pak �urn�l
-    m��e ``p�ehr�t''
-    \item bloky metadat se nejd��ve zap��� do non-volatile pam�ti
-    \item \emph{soft-updates} -- sleduje z�vislosti mezi ukazately
-    na diskov� struktury a zapisuje data na disk metodou
-    \emph{write-back} tak, �e data na disku jsou v�dy konzistentn�
-    \item \emph{ZFS} je nov� filesyst�m v Solarisu, kter� pou��v�
-    \emph{copy-on-write} transak�n� model
+    \item \emph{journalling} -- one group of operations dependent on each other
+    is written to a journal first; if a problem is encountered the journal can
+    be ``replayed''
+    \item metadata blocks are written to non-volatile memory first
+    \item \emph{soft-updates} -- follows dependencies between pointers to disk
+    structures and writes the data using the \emph{write-back} method so that
+    the data are always consistent on disk.
+    \item \emph{transactions}
     \end{itemize}
 \end{itemize}
 \end{slide}
 
 \begin{itemize}
 \item filesystem \emph{metadata} = inodes, directories, free block
 maps
-\item \emph{ext2} dokonce defaultn� pou��v� asynchronn� z�pis metadat a je p�i
-pou��t� synchronn�ho z�pisu v�razn� pomalej�� ne� UFS
-\item z�visl� operace jsou nap��klad smaz�n� polo�ky z adres��e a smaz�n�
-diskov�ho inode. Pokud by se stalo, �e se nejd��ve sma�e diskov� inode a pak
-teprve polo�ka v adres��i, p�i v�padku mezi t�mito dv�mi operacemi vnik�
-nekonzistence -- link ukazuje na diskov� soubor, kter� neexistuje. Nen�
-probl�m se tomuto vyhnout p�i synchronn�m z�pisu metadat (v�me kdy a co
-zapisujeme, ur�ujeme tedy po�ad� z�pisu), ale p�i metod� write-back je ji�
-nutn� �e�it z�vislosti jednotliv�ch blok� na sebe, proto�e p�i klasick�
-synchronizaci vyrovn�vac�ch pam�t� na disk j�dro nezaj�m�, kter� blok se
-zap��e d��v a kter� pozd�ji.
-\item �asto jsou bloky na sob� z�visl� ve smy�ce. Soft updates dok�e takovou
-smy�ku rozb�t t�m, �e provede \emph{roll-back} a po z�pisu pak
-\emph{roll-forward}
-\item v�kon soft updates je srovnateln� v�konu UFS filesyst�mu s asynchronn�m
-z�pisem metadat
-\item teoreticky soft updates zaru�uj�, �e po rebootu nen� pot�eba pou��t
-\texttt{fsck}, tj. �e filesyst�m bude v takov�m stavu, �e je mo�n� nabootovat.
-Je v�ak nutn� pou��t tzv. \emph{background fsck} pro opravy nez�va�n�ch chyb
--- to je pova�ov�no st�le za velkou nev�hodu soft updates zvl�t� s t�m, jak
-rostou velikosti b�n� pou��van�ch disk�. Takovou chybou, kter� nebr�n�
-nabootov�n�, ale je nutn� ji odstranit je nap��klad blok, kter� je ozna�en
-jako pou�it�, ale ��dn� soubor ho nepou��v�.
-\item soft updates nejsou v�dy doporu�ov�ny pro root filesyst�m. Probl�m je
-to, �e ztr�ta metadat na root filesyst�mu (viz 30-ti sekundov� perioda z�pisu)
-m��e b�t v�razn� v�t�� hrozbou zde ne� na \texttt{/usr}, \texttt{/home} atd.
-Dal�� nev�hodou m��e b�t i to, �e u soft updates mi smaz�n� velk�ho souboru
-hned neuvoln� m�sto.
-\item p��klad: na bezpe�nou operaci rename pot�ebuju p�i synchronn�m z�pisu
-metadat 4 z�pisy -- zv��en� po�tu odkaz� v inode, vytvo�en� nov�
-a\-dre\-s�\-�o\-v� polo�ky, smaz�n� star�, a op�tn� sn��en� po�tu odkaz� v
-inode. Kdykoli by syst�m spadnul, nenastane nebezpe�n� situace. Nap��klad 2
-odkazy z adres��� na inode s referen�n�m po�tem 1 je probl�m, proto�e po zru�en�
-jednoho odkazu to bude vypadat, �e soubor je st�le na disku, kdy� u� byla jeho
-data d�vno smaz�na. Nen� te�k� si asi p�edstavit, co by to mohlo znamenat v
-p��pad�, �e soubor obsahoval opravdu d�le�it� data -- nap��klad z�lohu. Opa�n�
-situace, tj. jeden odkaz na inode s referenc� 2 sice tak� nen� spr�vn� situace,
-ale neohro�uje to mo�nost filesyst�m namontovat a norm�ln� pou��vat. V nejhor��m
-se stane, �e soubor vypad� �e ji� na disku nen� a p�itom st�le existuje. U soft
-updates operace rename vytvo�� kru�nici, proto�e nejd��ve je pot�eba zapsat
-zv��en� po�tu referenc�, pak adres��ov� bloky a pot� sn��en� referenc�. A
-proto�e zv��en�/sn��en� se t�k� stejn�ho inode, tak je p�i z�pisu t�eba ud�lat
-roll-back na (�ekn�me) 2, zapsat inode na disk, zapsat bloky adres�r� a pak
-roll-forward na po�et referenc� 1. P�i t�to akci je nad inodem dr�en z�mek,
-tak�e nikdo nena�te star�� data. Je jednoduch� uk�zat, �e nelze zapsat ��dn� z
-t�ch t�� blok� v kru�nici tak, jak to je na konci operace rename, �e je opravdu
-nutn� ten roll-back -- mohli bychom uva�ovat, �e inode se vlastn� nezm�nil a
-nen� t�eba �e�it zda se m��e/nem��e zapsat; z�pis nov�ho adres��ov�ho odkazu bez
-zv��en� po�tu odkaz� v inodu by n�s toti� mohl dostat p�esn� do situace, kter�
-je pops�na o p�r ��dk� v��e.
+\item \emph{ext2} uses asynchronous metadata writes even by default and when
+in synchronous mode it is much slower to UFS.
+\item Dependent operations are for example deleting an item from directory and
+deleting disk inode. If the inode is deleted first and then the directory entry
+then if there is outage between these two operations then inonsistency follows
+-- the link points to disk file that does not exist. It is not a problem to
+avoid this when using synchronous metadata writes (we know when a what is being
+written, the ordering of writes is therefore under our control) however when
+using the write-back method it is necessary to solve dependencies of the blocks
+because with classic synchronization of cache buffers the kernel is not
+interested in which blocks is written first.
+\item Often the block dependencies for a cycle. Soft updates can recognize sych
+cycle and break it by performing \emph{roll-back} and after the write is done it
+performs \emph{roll-forward}.
+\item The soft updates performance is comparable to that of UFS with
+asynchronous metadata writes.
+\item Theoreticall soft updates guratantee that it is not necessary to use
+\texttt{fsck} after the reboot, i.e. that the filesystem is in bootable state.
+It is however necessary to use so called \emph{background fsck} for correcting
+non-grave errors -- this is considered to be one of the big drawbacks of soft
+updates, especially given how sizes of disks grow over time. Example of an error
+that does not block booting would be a block that is marked as used however is
+not used by any file.
+\item soft updates are not always recommended for the root filesystem.
+The problem is that metadata loss on root file system (see the 30 second
+period of writes) can be more dangerous than in \texttt{/usr}, \texttt{/home}
+etc. Another disadvantage is that after deleting huge file soft updates do not
+free up the space immediately.
+\item Example: it is necessary 4 writes for secure rename operations when using
+synchronous writes -- increase the number of references in inode, create new
+directory entry, delete old entry, decrease the number of references.
+If a system goes down between each of these a dangerous situation will ensue.
+For example 2 references from directories to inode with reference count of 1 is
+a problem because after deleting one of the references it would look like the
+file is still on disk, when its data has been deleted already.
+It is not hard to imagine what would it mean if the file contained important
+data -- e.g. backup.
+Opposite situation, i.e. one reference to inode with reference count equal 2 is
+not correction situation either however it does not pose a threat to mount the
+filesystem and normally use it. In the worst case the file looks as it is no
+longer on disk while it still exists. For soft updates the rename operation will
+form a cycle because it is necessary to write the increased reference count
+first, then directory blocks and then decreased reference. And because
+increase/decrease is done for the same inode, then for the write it is necessary
+to do roll-back to (say) 2, write inode to disk, write directory blocks and then
+roll-forward to reference of 1. During this operation a lock is held for the
+inode so that no one will read older data. It is simple to show that it is not
+possible to write any of these 3 blocks in a cycle to match the end of the
+rename operation so that the roll-back is truly needed -- we could consider that
+the inode did not really change and it is not necessary to decide whether to
+write it or not; the write of directory reference without increasing reference
+count in the inode could get us into situation which is descibed above.
 \end{itemize}
 
 \endinput
