[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Journalling filesystems

From: Bas Wijnen
Subject: Journalling filesystems
Date: Sun, 13 Jun 2004 23:46:27 +0200
User-agent: Mutt/1.3.28i


While we're talking about "what really should be supported", I have an other
idea.  I went to a lecture about smartcard filesystems some time ago and it
was partly about journalling filesystems.  I think they should be implemented
in the Hurd.

Now what I mean is not ext3.  That is only part of it.  The journal of ext3
makes sure that the filesystem itself cannot corrupt (as long as there is no
hardware failure.)  What I mean is a system that makes sure the database of an
application cannot corrupt.  This can be done using the same method as ext3
uses at the lower level.  Only it is important that the journal and the data
are not written in incorrect order.  Then the application can be sure that a
write operation has either completely succeeded, or completely failed.

For that, I think some extra communication between the filesystem driver and
the application is required.  It could be implemented with "sync" calls, but
it would be very inefficient to use them all the time, because three calls
would be needed for every operation (one for the journal, one for the data,
another one for the journal.)  Probably it would be much faster anyway to have
an external journal on a different disk.  Those are details for now anyway.

So to summarise what I mean, a program should:
1 - tell the filesystem it begins a journalled operation
2 - do all kinds of disk access
3 - tell the filesystem it is finished with its journalled operation
4 - get a reply from the filesystem that it worked

If the filesystem crashes before 3, no operation has been performed at all to
the filesystem (there are likely a lot of unused sectors changed, but they
are still unused.)

If it crashes after 3, it is unknown if the operation worked, but if it did,
then it completed all of it, and if it didn't, then it didn't do any of it.  I
don't expect the program to continue if the filesystem crashes, but if it does
then it might do some recovery if it likes.  One thing it knows for sure: its
database is not corrupted by the filesystem crash.

Please let me know your thoughts.

Bas Wijnen

I encourage sending me encrypted e-mail.
Please send the central message of e-mails as plain text in the message body,
   not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
for more information, see

Attachment: pgpdznYRhM3O7.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]