some quibbles: On Thu, Aug 18, 2016 at 05:24:53PM +0000, Eduardo Horvath wrote: > And you should be able to roll back the > filesystem to snapshots of any earlier synchronization points.
In LFS there are only two snapshots and in practice often one of them's not valid (because it was halfway through being taken when the machine went down) so rolling further back isn't that feasible. > The problem is that LFS is less a product than a research project: > > o Although there are multiple super blocks scattered across the disk just > like FFS, LFS only uses the first and last one. If both of those are > corrupt, the filesystem image cannot be recovered. LFS should be enhanced > to cycle through all the different super blocks for enhanced robustness. This should be left to fsck, like it is in ffs. I don't remember if fsck_lfs supports recovering from an alternate superblock, but it isn't going to be that hard. > o The rollback code is quite sketchy. It doesn't really work so well, so > LFS has problems recovering from failures. Rolling *back* to the last snapshot is easy. It's the roll-forward code that's dodgy, isn't it? > o LFS keeps all of its inodes in a file called the ifile. It's a regular > LFS file, so in theory you can scan back to recover earlier revisions of > that file. Also, fsck_lfs should be able to reconstruct the ifile from > scrach by scanning the disk. This is yet another feature that has not > been implemented yet. That's not how the ifile works. It's a file of inode locations, not inodes. However, that means it *can* be reconstructed. I'm not sure to what extent fsck_lfs can do this. > LFS writes data in what's called a subsegment. This is essentially an > atomic operation which contains data and metadata. The subsegments are > collected into segments, which contain more metadata, such as a current > snapshot of the ifile. All the disk sectors in a subsegment are > checksummed, so partial writes can be detected. If the checksums on the > subsegment is incorrect, LFS should roll back to a previous subsegment > that does have a correct checksum. I don't think that code exists, or if > it does I don't think it works. That's not how it works. -- David A. Holland dholl...@netbsd.org