From owner-freebsd-fs@FreeBSD.ORG Thu Apr 23 11:14:39 2009 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3EE3106564A for ; Thu, 23 Apr 2009 11:14:39 +0000 (UTC) (envelope-from scott@bqinternet.com) Received: from mail.bqinternet.com (mail.bqinternet.com [69.9.32.203]) by mx1.freebsd.org (Postfix) with ESMTP id BB1688FC13 for ; Thu, 23 Apr 2009 11:14:39 +0000 (UTC) (envelope-from scott@bqinternet.com) Received: from localhost (mail [69.9.32.203]) by mail.bqinternet.com (Postfix) with ESMTP id 22E3C409A24 for ; Thu, 23 Apr 2009 10:54:55 +0000 (GMT) Received: from mail.bqinternet.com ([69.9.32.203]) by localhost (mail.bqinternet.com [69.9.32.203]) (amavisd-new, port 10024) with ESMTP id 32x7jVu+XNkg for ; Thu, 23 Apr 2009 10:54:54 +0000 (GMT) Received: from scott-burnss-macbook-air.local (mail [69.9.32.203]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bqinternet.com (Postfix) with ESMTP id 1C6BD409A23 for ; Thu, 23 Apr 2009 10:54:54 +0000 (GMT) Message-ID: <49F048FB.6000401@bqinternet.com> Date: Thu, 23 Apr 2009 06:54:51 -0400 From: Scott Burns User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: freebsd-fs@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: UFS2 metadata checksums X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2009 11:14:40 -0000 Hi guys, I have spent some time writing a kernel module which calculates a checksum of a UFS2 dinode structure and stores it in the reserved space of the inode when writing it to disk. It is then verified when the inode is read from disk. If the checksum verification fails, the read returns an error (currently EIO). I believe that protecting metadata integrity is important, especially as storage capacity grows. Bitrot is a fact of life, and bad things can happen if the kernel acts on a corrupted inode. Not only does this module improve the stability of a server, but it also helps to prevent additional damage to the filesystem that can be caused by metadata corruption. I'm aware that data integrity issues are addressed with ZFS, but unfortunately ZFS is still not yet suitable for many workloads. I'm also aware that integrity checking can be done by using GELI between the filesystem and the disk, but at a noticeable cost in performance and space utilization. The method this module uses is fast and does not use any additional space. Most importantly, it builds on mature code that has worked well for decades. Before I spend much more time on it, I have some questions: 1) Has anyone else done any work in this area? 2) Is there a demand for this in FreeBSD? -- Scott Burns System Administrator BQ Internet Corporation