Re: [RFC PATCH 06/10] ftrfs: add block and inode allocator

Next message: Selvarasu Ganesan: "Re: [PATCH] usb: dwc3: Fix GUID register programming order"
Previous message: Mark Brown: "Re: [PATCH v1 2/3] ASoC: codecs: lpass-va-macro: Switch to PM clock framework for runtime PM"
In reply to: Darrick J. Wong: "Re: [RFC PATCH 06/10] ftrfs: add block and inode allocator"
Next in thread: Aurelien DESBRIERES: "[RFC PATCH 08/10] ftrfs: add CRC32 checksumming and Reed-Solomon FEC skeleton"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Aurelien DESBRIERES

Date: Tue Apr 14 2026 - 08:12:53 EST

On Mon, Apr 13, 2026 at 08:21:01AM -0700, Darrick J. Wong wrote:
> No journalling? Or even COW metadata? How is this fault tolerant??

Fair question. The answer is that FTRFS fault tolerance is at the
block data layer via Reed-Solomon FEC, not at the metadata consistency
layer via journalling or COW.

The threat model is radiation-induced single-event upsets (SEU) causing
silent bit flips in data at rest on MRAM or NOR flash. Journalling
protects against crash consistency (power loss mid-write). COW protects
against torn writes. Neither corrects a bit flip that occurred while
the device was idle and powered.

RS FEC corrects up to 8 symbol errors per 255-byte subblock in place,
without requiring a redundant copy. That is the specific gap that
FTRFS addresses. The Radiation Event Journal (added in v3) provides a
persistent log of every correction event in the superblock, giving
operators a map of physical degradation over time.

Journalling for crash consistency is a valid concern for v4. The
current design assumes the target environment (space, avionics) has
well-defined power cycles and controlled shutdown procedures, which
reduces the crash consistency risk relative to general-purpose use.
This will be documented explicitly in v4.

Aurelien DESBRIERES <aurelien@xxxxxxxxxxxx>