skip to main content
research-article

Checking the Integrity of Transactional Mechanisms

Published: 31 October 2014 Publication History

Abstract

Data corruption is the most common consequence of file-system bugs. When such corruption occurs, offline check and recovery tools must be used, but they are error prone and cause significant downtime. Previously we showed that a runtime checker for the Ext3 file system can verify that metadata updates are consistent, helping detect corruption in metadata blocks at transaction commit time. However, corruption can still occur when a bug in the file system’s transactional mechanism loses, misdirects, or corrupts writes. We show that a runtime checker must enforce the atomicity and durability properties of the file system on every write, in addition to checking transactions at commit time, to provide the strong guarantee that every block write will maintain file system consistency.
We identify the invariants that need to be enforced on journaling and shadow paging file systems to preserve the integrity of committed transactions. We also describe the key properties that make it feasible to check these invariants for a file system. Based on this characterization, we have implemented runtime checkers for Ext3 and Btrfs. Our evaluation shows that both checkers detect data corruption effectively, and they can be used during normal operation with low overhead.

References

[1]
Bairavasundaram, L. N., Sundararaman, S., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2009.Tolerating file-system mistakes with envyfs. In Proceedings of the USENIX Annual Technical Conference.
[2]
Behrens, S. 2011. BTRFs: Runtime integrity check tool. http://lwn.net/Articles/466493.
[3]
Bonwick, J. and Moore, B. 2008. ZFS - The last word in file systems. http://opensolaris.org/os/community/zfs/docs/zfs_last.pdf.
[4]
Carreira, J. A. C. M., Rodrigues, R., Candea, G., and Majumdar, R. 2012. Scalable testing of file system checkers. In Proceedings of the 7th ACM European Conference on Computer Systems (EuroSys’12). ACM, New York, NY, 239--252.
[5]
Chidambaram, V., Sharma, T., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2012. Consistency without ordering. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[6]
Custer, H. 1994. Inside the Windows NT File System. Microsoft Press.
[7]
Do, T., Harter, T., Liu, Y., Gunawi, H. S., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2013. HARDFS: Hardening HDFS with selective and lightweight versioning. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[8]
Filebench. 2011. Filebench version 1.4.9. http://filebench.sourceforge.net.
[9]
Fryer, D., Sun, K., Mahmood, R., Cheng, T., Benjamin, S., Goel, A., and Brown, A. D. 2012. Recon: Verifying file system consistency at runtime. ACM Trans. Storage 8, 4, 15:1--15:29.
[10]
Griffin, D. 2008. jbd: Correctly unescape journal data blocks. http://kerneltrap.org/mailarchive/git-commits-head/2008/3/20/1206404/thread.
[11]
Gunawi, H. S., Prabhakaran, V., Krishnan, S., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2007. Improving file system reliability with I/O shepherding. In Proceedings of the Symposium on Operating Systems Principles (SOSP). 293--306.
[12]
Gunawi, H. S., Rajimwale, A., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2008. SQCK: A declarative file system checker. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI).
[13]
Henson, V., van de Ven, A., Gud, A., and Brown, Z. 2006. Chunkfs: Using divide-and-conquer to improve file system reliability and repair. In Proceedings of the Workshop on Hot Topics in System Dependability (HotDep).
[14]
Hitz, D., Lau, J., and Malcolm, M. 1994. File system design for an NFS file server appliance. In Proceedings of the USENIX Annual Technical Conference.
[15]
Kara, J. 2010. ext4: Always journal quota file modifications. http://www.kerneltrap.org/mailarchive/linux-ext4/2010/6/2/6884775.
[16]
Kara, J. 2012. jbd: Write journal superblock with WRITE_FUA after checkpointing. https://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git/commit/?id=fd2cbd4dfa3db477dd6226d387d3f1911d36a6a9.
[17]
Lu, L., Arpaci-Dusseau, A. C., Arpaci-Dusseau, R. H., and Lu, S. 2013. A study of Linux file system evolution. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[18]
Ma, A., Dragga, C., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2013. ffsck: The fast file system checker. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[19]
Macko, P., Seltzer, M., and Smith, K. A. 2010. Tracking back references in a write-anywhere file system. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[20]
Mason, C. 2011. https://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git/commit/?id=387125fc722a8ed432066b85a552917343bdafca.
[21]
Mesnier, M., Chen, F., Luo, T., and Akers, J. B. 2011. Differentiated storage services. In Proceedings of the Symposium on Operating Systems Principles (SOSP). 57--70.
[22]
Meyer, D. T. and Bolosky, W. J. 2011. A study of practical deduplication. In Proceedings of the 9th USENIX Conference on File and Storage Technologies (FAST). 1--13.
[23]
Miller, R. 2008. Joyent services back after 8 day outage. http://www.datacenterknowledge.com/archives/2008/01/21/joyent-services-back-after-8-day-outage/.
[24]
Prabhakaran, V., Bairavasundaram, L. N., Agrawal, N., Gunawi, H. S., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2005. IRON file systems. In Proceedings of the Symposium on Operating Systems Principles (SOSP). 206--220.
[25]
Rodeh, O., Bacik, J., and Mason, C. 2013. BTRFS: The Linux B-tree filesystem. ACM Trans. Storage 9, 3, 9:1--9:32.
[26]
Sandeen, E. 2012. ext4: Fix unjournaled inode bitmap modification. https://lwn.net/Articles/521819/.
[27]
Sivathanu, G., Sundararaman, S., and Zadok, E. 2006. Type-safe disks. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI). 15--28.
[28]
Sivathanu, M., Arpaci-Dusseau, A. C., Arpaci-Dusseau, R. H., and Jha, S. 2005. A logic of file systems. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[29]
Sivathanu, M., Prabhakaran, V., Popovici, F. I., Denehy, T. E., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2003. Semantically-smart disk systems. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST). 73--88.
[30]
Sundararaman, S., Subramanian, S., Rajimwale, A., Arpaci-dusseau, A. C., Arpaci-dusseau, R. H., and Swift, M. M. 2010. Membrane: Operating system support for restartable file systems. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).
[31]
Sweeney, A., Doucette, D., Hu, W., Anderson, C., Nishimoto, M., and Peck, G. 1996. Scalability in the XFS file system. In Proceedings of the USENIX Annual Technical Conference. 1--14.
[32]
Ts’o, T. 2012. Re: Apparent serious progressive ext4 data corruption bug in 3.6.3. https://lkml.org/lkml/2012/10/23/690.
[33]
Tweedie, S. C. 1998. Journalling the ext2fs filesystem. In Proceedings of the 4th Annual Linux Expo.
[34]
Yang, J., Twohey, P., Engler, D., and Musuvathi, M. 2006. Using model checking to find serious file system errors. ACM Trans. Comput. Syst. 24, 4, 393--423.
[35]
Zhang, Y., Rajimwale, A., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. 2010. End-to-end data integrity for file systems: A ZFS case study. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST).

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Storage
ACM Transactions on Storage  Volume 10, Issue 4
Special Issue on Usenix Fast 2014
October 2014
102 pages
ISSN:1553-3077
EISSN:1553-3093
DOI:10.1145/2685385
  • Editor:
  • Darrell Long
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2014
Accepted: 01 September 2014
Received: 01 September 2014
Published in TOS Volume 10, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Btrfs
  2. Ext3
  3. Metadata consistency
  4. atomicity
  5. durability
  6. file system checker
  7. runtime verification

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2019)DASHProceedings of the VLDB Endowment10.14778/3317315.331732112:7(793-806)Online publication date: 1-Mar-2019
  • (2019)PMTestProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304015(411-425)Online publication date: 4-Apr-2019
  • (2018)DScopeProceedings of the ACM Symposium on Cloud Computing10.1145/3267809.3267844(313-325)Online publication date: 11-Oct-2018
  • (2018)Protocol-Aware Recovery for Consensus-Based Distributed StorageACM Transactions on Storage10.1145/324106214:3(1-30)Online publication date: 3-Oct-2018
  • (2017)Redundancy Does Not Imply Fault ToleranceACM Transactions on Storage10.1145/312549713:3(1-33)Online publication date: 28-Sep-2017
  • (2016)Fine-grained metadata journaling on NVM2016 32nd Symposium on Mass Storage Systems and Technologies (MSST)10.1109/MSST.2016.7897077(1-13)Online publication date: 2016
  • (2015)Maintaining consistency of file system by monitoring file system parameters at runtime using consistency checking rules2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions)10.1109/ICRITO.2015.7359261(1-5)Online publication date: Sep-2015

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media