-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010/03/31 05:13, Darren J Moffat wrote: > On 31/03/2010 10:27, Erik Trimble wrote: >> Orvar's post over in opensol-discuss has me thinking: >> >> After reading the paper and looking at design docs, I'm wondering if >> there is some facility to allow for comparing data in the ARC to it's >> corresponding checksum. That is, if I've got the data I want in the ARC, >> how can I be sure it's correct (and free of hardware memory errors)? I'd >> assume the way is to also store absolutely all the checksums for all >> blocks/metadatas being read/written in the ARC (which, of course, means >> that only so much RAM corruption can be compensated for), and do a >> validation when that every time that block is used/written from the ARC. >> You'd likely have to do constant metadata consistency checking, and >> likely have to hold multiple copies of metadata in-ARC to compensate for >> possible corruption. I'm assuming that this has at least been explored, >> right? > > A subset of this is already done. The ARC keeps its own in memory > checksum (because some buffers in the ARC are not yet on stable storage > so don't have a block pointer checksum yet). > > http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/fs/zfs/arc.c > > > arc_buf_freeze() > arc_buf_thaw() > arc_cksum_verify() > arc_cksum_compute() > > It isn't done on every access but it can detect in memory corruption - > I've seen it happen on several occasions but all due to errors in my > code not bad physical memory. > > Doing in more frequently could cause a significant performance problem.
Agreed. I think it's probably not a very good idea to check it everywhere. It would be great if we can do some checks occasionally especially for critical data structures, but, if it's the memory we can not trust, how can we trust that the checksum checker to behave correctly? I had some questions about the FAST paper mentioned by Erik, which was not answered during the conference which makes me feel that the paper, while pointed out some interesting issues, but failed to prove it being a real world problem: - How much probability a bit flipping can happen on a non-ECC system? say, how much bits would be flipped per terabytes processed, or transactions or something? - Among these flipped bits, how much would happen on a file system buffer? What happens when, say, the application's memory hit a flipped bit, and when the file system itself have no problem with its buffer? - How much performance penalty would be if we check the checksums every time the data is being accessed? How good will the check be compared to an ECC in terms of correctness? Cheers, - -- Xin LI <delp...@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLs+UZAAoJEATO+BI/yjfBfE0H/0+iG/pgrs/JNId814g5JMki eZ2tJx2Lf7+DIlrHczvcwyWAtAke7ojUMeNEw6HIqMfTQHVcgMk2XNdxWZn0sJsy PUPj9Qcg+nkHcewAoWvG0VUZN0fSBX1OtJcVG78Kt5drWmT+g5jiMH+BFCEAiISJ Kcfswp9r0JbYmI010fwqugc74bAZnMhUXMCvvplJZUE3iaDCq499TanKIVmKu4vq JsDNYXZT9Nqbb20DB4TKluauP1QVUJnBAeqfQCYZ/+CqK5+phnUgzyaBTiMKBHd0 Q0l1bvGEvjLRarlGk7/702Udu7HC4UKs09pKtBIb+cw8CmyYaZ8Vuth0Ri0drzM= =S5WS -----END PGP SIGNATURE----- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
