Vojtech Pavlik wrote:
> Hmm, now that I think about it, this can be brought to data corruption
> even easier ... Imagine a case where a stripe isn't written completely.
> One of the drives (independently whether it's the xor one or one the
> other one) has thus invalid data.
>
> Now how do you decide, after boot, which drive of the set, including the
> xor drive is it the one that contains the invalid data? I think this is
> not possible.
>
A power failure might leave you with a corrupt disk block. That is
detectable (read failure) and you may then reconstruct it using the
rest of the stripe. This will get you data from either before
or after the update was supposed to happen.
There is a requirement for this to work: never ever write to more
than one disk in the same stripe simultaneously. (You can write
to all drives simultaneously, but a different stripe on each.)
I believe this is hard to achieve with the current implementation, as
raid-5 would have to override the elevator algorithms as well as
any caching internal to the drives. And performance would probably
not be fantastic.
A simple raid protects against disk breakdown, not power loss (or
kernel crash.) There are UPS'es for power loss, and
battery-backed caches for further improvement.
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Oct 07 2000 - 21:00:16 EST