- File system changes involve a large number of disk writes.
- Creating a file on Unix:
- Choose a free data block and update the contents of the free block map
to show it is now in use.
- Choose a free i-node, then update the i-node map to show it's now in
use.
- Write the initial contents of the i-node (including a pointer to
the data block).
- Write a directory entry to refer to the new file.
- Other file systems are of similar complexity.
- Problem: What if the system crashes half-way through?
- The disk operations will generally be at different locations.
- Will have to occur at different times.
- The file will be left in a half-created state; some changes made
and some not.
- When a file system's structures disagree, the file system is
inconsistent
- If the i-node map is not written, an i-node is both in use and
recorded as free. It may end up part of two files, which would
be bad.
- If the i-node is not initialized, it won't contain a valid link to
the data block; all sorts of unpleasant things can happen.
- If the directory entry is not written, the file is created, but
there is no way to use it.
- Amelioration
- Some kinds of errors are more serious than others.
- Execute the steps in an order, so the errors are less serious.
- Update the free lists first, then if there's a crash the error is a
block marked used but not.
- Initialize the new i-node next.
- Update the directory last.
- Errors will be limited to wasted resource.
- Slows down operation, since disk operations cannot be executed in
parallel, or using in track order to minimize head motion.
- File system checkers: How we used to do it.
- Run after a system crash.
- Traverse the file tree to find all i-nodes, and verify against the
bit map.
- Likewise, with all data blocks. Also, verify none is used in more
than one file
- Verify that all files are recorded in a directory.
- Unix: fsck; Windows: scandisk
- Takes a while.
- Current solution: Meta-data journal
- The journal is special a region of disk written in rotation.
- Before making an update to the file system, a summary is added to
the log.
- Each log entry is inside a disk sector, so writing it is effectively
atomic.
- Log entries are collected and written often.
- After a crash, the system examines the end of the log.
Any partially-completed operations can be completed (or possibly
reversed).
- Checker available as backup.