Re: [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem

Next message: Mark Brown: "Re: [PATCH v1 2/3] ASoC: codecs: lpass-va-macro: Switch to PM clock framework for runtime PM"
Previous message: Steven Rostedt: "Re: [PATCH v2] tracing/osnoise: Add option to align tlat threads"
In reply to: Darrick J. Wong: "Re: [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem"
Next in thread: Aurelien DESBRIERES: "Re: [RFC PATCH 0/10] ftrfs: Fault-Tolerant Radiation-Robust Filesystem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Aurelien DESBRIERES

Date: Tue Apr 14 2026 - 08:12:19 EST

On Mon, Apr 13, 2026 at 11:11:56AM -0700, Darrick J. Wong wrote:
> Why not add FEC to btrfs instead? Then you can concentrate on getting
> the IO paths correct, instead of burning time on ensuring that you've
> implemented all the other posix filesystemisms correctly.

Adding FEC to btrfs would produce a filesystem that cannot be certified
under DO-178C, ECSS-E-ST-40C, or IEC 61508. btrfs at ~200k lines is
not auditable under these frameworks regardless of what features are
added or removed.

The certification constraint is a hard requirement for the target
environment (space, avionics, nuclear/industrial). It is not a
preference. A smaller, purpose-built filesystem with RS FEC as a
first-class design constraint is the only viable path to certification.

btrfs also carries significant complexity in its COW B-tree allocator,
extent maps, and RAID layer that would need to be analyzed and
certified alongside the FEC addition. The audit surface would be
orders of magnitude larger than a dedicated implementation.

That said, the IO path concern is valid. v3 addresses this by
migrating the data IO path to iomap as you and Matthew Wilcox
requested. buffer_head is retained only for metadata IO (inode
table, directory blocks) pending further review.

Aurelien DESBRIERES <aurelien@xxxxxxxxxxxx>