I am asking this question on behalf of another user who raised the issue in the Ubuntu chat room.
Do journaling filesystems guarantee that no corruption will occur if a power failure occurs?
If this answer depends on the filesystem, please indicate which ones do protect against corruption and which ones don’t.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
There are no guarantees. A Journaling File System is more resilient and is less prone to corruption, but not immune.
All a journal is is a list of operations which have recently been done to the file system. The crucial part is that the journal entry is made before the operations take place. Most operations have multiple steps. Deleting a file, for example might entail deleting the file’s entry in the file system’s table of contents and then marking the sectors on the drive as free. If something happens between the two steps, a journaled file system can tell immediately and perform the necessary clean up to keep everything consistent. This is not the case with a non-journaled file system which has to look at the entire contents of the volume to find errors.
While this journaling is much less prone to corruption than not journaling, corruption can still occur. For example, if the hard drive is mechanically malfunctioning or if writes to the journal itself are failing or interrupted.
The basic premise of journaling is that writing a journal entry is much quicker, usually, than the actual transaction it describes will be. So, the period between the OS ordering a (journal) write and the hard drive fulfilling it is much shorter than for a normal write: a narrower window for things to go wrong in, but there’s still a window.
Method 2
No.
The most common type of journaling, called metadata journaling, only protects the integrity of the file system, not of data. This includes xfs, and ext3/ext4 in the default data=ordered mode.
If a non-journaling file system suffers a crash, it will be checked using fsck on the next boot. fsck scans every inode on the file system, looking for blocks that are marked as used but are not reachable (i.e. have no file name), and marks those blocks as unused. Doing this takes a long time.
With a metadata journaling file system, instead of doing an fsck, it knows which blocks it was in the middle of changing, so it can mark them as free without searching the whole partition for them.
There is a less common type of journaling, called data journaling, which is what ext3 does if you mount it with the data=journal option.
It attempts to protect all your data by writing not just a list of logical operations, but also the entire contents of each write to the journal. But because it’s writing your data twice, it can be much slower.
As others have pointed out, even this is not a guarantee, because the hard drive might have told the operating system it had stored the data, when it fact it was still in the hard drive’s cache.
For more information, take a look at the Wikipedia Journaling File System article and the Data Mode section of the ext4 documentation.
Method 3
A filesystem cannot guarantee the consistency of its filesystem if a power failure occurs, because it does not know what the hardware will do.
If a hard drive buffers data for write but tells the OS that it has written the data and does not support the appropriate write barriers, then out-of-order writes can occur where an earlier write has not hit the platter, but a later one has. See this serverfault answer for more details.
Also, the position of the head on a magnetic HDD is controlled with electro-magnets. If power fails in the middle of a write, it is possible for some data to continue to be written while the heads move, corrupting data on blocks that the filesystem never intended to be written.
Method 4
ZFS, which is close but not exactly a journaling filesystem, is guaranteeing by design against corruption after a power failure.
It doesn’t matter if an ongoing write is interrupted in the middle as in such case, its checksum will be certainly incorrect so the block will be ignored. As the file system is copy on write, the previous correct data (or meta-data) is still on disk and will be used instead.
Method 5
The answer is in most cases no:
- As already mikel said, most journaling file systems can only protect file metadata (information like the name of a file, its size, its permissions, etc.), not file data (the file’s contents). This is happening because protecting file data results in a very slow (in practice useless) file system.
- Since the journal is also a special kind of file stored on the hard disk, it can be damaged after a power failure. Thus if the journal is corrupted the file system cannot complete any incomplete transactions that were taking place when the power failure occured.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0