Re: ext4 features

From: Bill Davidsen
Date: Wed Jul 05 2006 - 00:07:26 EST


Peter Zijlstra wrote:
On Tue, 2006-07-04 at 11:22 +0200, Petr Tesarik wrote:
On Mon, 2006-07-03 at 23:25 +0200, Diego Calleja wrote:
El Mon, 03 Jul 2006 15:46:55 -0600,
"Jeff V. Merkey" <jmerkey@xxxxxxxxxxxxxxxxxxxxx> escribiÃ:

Add a salvagable file system to ext4, i.e. when a file is deleted, you just rename it and move it to a directory called DELETED.SAV and recycle the files as people allocate new ones. Easy to do (internal "mv" of

Easily doable in userspace, why bother with kernel programming
Yes and no. A simple mv is better done in userspace, but what I'd
_really_ appreciate would be a true kernel salvage (similar to the way
NetWare does things). That means marking the file as deleted in the
directory, marking its blocks as deleted but avoiding the use of those
blocks. The kernel would then prefer allocating new blocks from
elsewhere but once the filesystem runs out of space, it would start
allocating from the deleted files area and marking the blocks as well as
the corresponding files purged.

Salvaging files would be done with a separate tool. Of course, if you
delete more files with the same name in the same directory, you'd need
to tell that tool which one of them you want to salvage. Yes, I really
mean you'd have more than one deleted file with the same name in the
directory.

Anyway, I doubt we want such feature for ext4, because to make things
efficient, you'd need to provide some kind of pointer from the deleted
(but not yet purged) blocks to the corresponding file. Hard links are
also problematic and there is a whole lot of other troubles I haven't
even thought of.

Wouldn't such a scheme interfere with the block allocator algorithms,
and hence increase the risk of fragmentation? Schemes like this realy
put my hairs on end,

1) if you don't want to lose your data, make backups; 2) if I mean to delete a file, I want it gone proper. Silently keeping
it about is not unix like;
3) don't aid third parties in recovering your removed data. If I want
them to have it I'll give it to them.

Peter

If you wanted to add a feature which would overwrite the file when removed or truncated I'd be happy. Yes I know about attributes and dban, and I have a version of rm which does that if people use it, but would be nice to have it on the whole filesystem. It's not proof against a TLA, but nice for casual snooping.

--
Bill Davidsen <davidsen@xxxxxxx>
Obscure bug of 2004: BASH BUFFER OVERFLOW - if bash is being run by a
normal user and is setuid root, with the "vi" line edit mode selected,
and the character set is "big5," an off-by-one errors occurs during
wildcard (glob) expansion.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/