Xref: utzoo comp.unix.questions:25732 comp.unix.sysv386:704 Path: utzoo!attcan!uunet!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!ncar!ico!rcd From: rcd@ico.isc.com (Dick Dunn) Newsgroups: comp.unix.questions,comp.unix.sysv386 Subject: Reliability of (Sys V) file systems on power failure Summary: should recover gracefully from power outrages Message-ID: <1990Sep24.231148.18053@ico.isc.com> Date: 24 Sep 90 23:11:48 GMT References: <5869@suns302.cel.co.uk> <1990Sep22.041723.1599@pilikia.pegasus.com> Organization: Interactive Systems Corporation, Boulder, CO Lines: 60 art@pilikia.pegasus.com (Art Neilson) writes: > ...ir@cel.co.uk (ian reid) writes: > > [ stuff about file system getting hosed when power is cycled > > without performing graceful shutdown ... ] > Every UNIX I have seen behaves in the manner you describe. If you > hit the red switch or experience a power outage without performing a > graceful shutdown, you deserve whatever you get... Years ago, that was generally true...and it was one of the major objections to using UNIX in "commercial" systems. As a result, essentially all variants of UNIX have had file system changes to "harden" them against problems caused by power failure. Damage from a power outage should be limited to files being written at the time the power went away, and should be localized (e.g., a frozzed/missing block of data, not an entire file gone or destroyed). Going back to the original question: If you're seeing major file system damage due to power failures, there's something wrong that should be fixed. I'm not just spouting applehood/motherpie; I haven't seen a file system damaged by power failure in years. I've even tried to damage file systems by getting things as busy as I could, then turning off machines. (Of course, the T-storm just now gathering over the hills will probably destroy all my files and prove me to be drastically wrong.:-) The software in hardened file systems is pretty good at ensuring that things get written when they should, as they should, so that fsck can pick up the pieces. This leaves some questions about hardware which were brought up in a couple other postings on this topic. There are old but unfortunately-not-apocry- phal stories about disk controllers which would start writing zeros as power dropped. That was a hardware bug; if it happened to you nowadays you'd need to get your disk controller fixed or replaced. Taking the 386 PCish world in particular, there is no excuse for a controller writing because of a power failure. (Detail: One pin out of a PC power supply is POWER GOOD. On a low- voltage condition, the power supply is expected to drop POWER GOOD; the motherboard logic must use this to drive RESET on the bus. Bus cards must honor RESET as an indication of either system start-up or power failure. If this doesn't work, you've got a hardware problem.) > ...If your UNIX box is used for real > production work, you are quite foolish not to put it on an UPS... Neilson signs himself from "Bank of Hawaii"--and I'm glad that someone associated with banking is taking a conservative attitude on system failure! I hate to argue against cautiousness, but not all applications are critical enough to make an UPS worthwhile. (The cost of an UPS might be 10-25% of the cost of the rest of the hardware. They're getting more affordable, but they're not cheap.) If you need constant availability of systems, an UPS is essential. If data integrity is paramount, an UPS helps but there are other things you need to do as well. My point is that file systems and hardware are expected to be robust enough that you should *not* tolerate power failures corrupting file systems. -- Dick Dunn rcd@ico.isc.com -or- ico!rcd Boulder, CO (303)449-2870 ...Worst-case analysis must never begin with "No one would ever want..."