On 05/26/09 03:23, casper....@sun.com wrote:
And where exactly do you get the second good copy of the data?
From the first. And if it is already bad, as noted previously, this
is no worse than the UFS/ext3 case. If you want total freedom from
this class of errors, use ECC.
If you copy the code you've just doubled your chance of using bad memory.
The original copy can be good or bad; the second copy cannot be better
than the first copy.
The whole point is that the memory isn't bad. About once a month, 4GB
of memory of any quality can experience 1 bit being flipped, perhaps
more or less often. If that bit happens to be in the checksummed buffer
then you'll get an unrecoverable error on a mirrored drive. And if I
understand correctly, ZFS keeps data in memory for a lot longer than
other file systems and uses more memory doing so. Good features, but
makes it more vulnerable to random bit flips. This is why decent
machine have ECC. To argue that ZFS should work reliably on machines
without ECC flies in the face of statistical reality and the reason
for ECC in the first place.
You can disable the checksums if you don't care.
But I do care. I'd like to know if my files have been corrupted, or at
least as much as possible. But there are huge classes of files for
which the odd flipped bit doesn't matter and the loss of which would
be very painful. Email archives and videos come to mind. An easy
workaround is to simply store all important stuff on a machine with
ECC. Problem solved...
One broken bit may not have cause serious damage "most things work".
Exactly.
Absolutely, memory diags are essential. And you certainly run them if
you see unexpected behaviour that has no other obvious cause.
Runs for days, as noted.
Doesn't proof anything.
Quite. But nonetheless, the unrecoverable errors did occur on mirrored
drives and it seems to defeat the whole purpose of mirroring, which is
AFAIK, keeping two independent copies of every file in case one gets lost.
Writing both images from one buffer appears to violate the premise. I
can think of two RFEs
1) Add an option to buffer writes on machines without ECC memory to
avoid the possibility of random memory flips causing unrecoverable
errors with mirrored drives.
2) An option to read files even if they have failed checksums.
1) could be fixed in the documentation - "ZFS should be used with caution
on machines with no ECC since random bit flips can cause unrecoverable
checksum failures on mirrored drives". Or "ZFS isn't supported on
machines with memory that has no ECC".
Disabling checksums is one way of working around 2). But it also disables
a cool feature. I suppose you could optionally change checksum failure
from an error to a warning, but ideally it would be file by file...
Ironically, I wonder if this is even a problem with raidz? But grotty
machines like these can't really support 3 or more internal drives...
Cheers -- Frank
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
