On 09/10/2010 07:06 AM, Avi Kivity wrote:
On 09/10/2010 02:43 PM, Stefan Hajnoczi wrote:
and/or enterprise storage.
That doesn't eliminate undiscovered errors (they can still come from
the
transport).
Eliminating silent data corruption is currently not a goal for any
disk image format I know of. For filesystems, I know that ZFS and
btrfs will try to detect corruption using data checksumming.
The guest filesystem, the disk image format, or the host filesystem
could do checksumming. The hypervisor should keep out of the way in
the interest of performance and emulation fidelity. Why does
checksumming need to be done in the image format? Isn't the choice
between host and guest filesystem checksumming already enough?
You're correct about the data. It's better to do it at the end-point
in any case.
The metadata is something else - an error in a cluster table is
magnified so it is likely to cause the loss of an entire image, and
there's nothing the guest can do about it. btrfs duplicates metadata
to avoid this (but if we have btrfs underneath, we can just use raw).
What it really comes down to is that checksumming is a filesystem
feature that requires a sophisticated way of handling metadata which
puts it beyond the scope of what an image format should be.
The point of an image format is to make it a filesystem from 10 years
ago in terms of sophistication and leave the cutting edge file system
research to file system developers.
Regards,
Anthony Liguori