I have an embedded setup using an initramfs for the root file system but using a custom ext3 partition mounted on a compact flash IDE drive. Because data integrity in the face of power loss is the most important factor in the entire setup, I have used the following options to mount (below is the entry from my /etc/fstab
file
<file system> <mount pt> <type> <options> <dump><pass>
/dev/sda2 /data ext3 auto,exec,relatime,sync,barrier=1 0 2
I came by these options from reading around on the internet. What I am worried about is that the content of /proc/mounts
give the following:
/dev/sda2 /data ext3 rw,sync,relatime,errors=continue,user_xattr,acl,
barrier=1,data=writeback 0 0
From what I understand from reading around is that I want to use data=journal
option for my mount as this offers the best protection against data corruption. However, from the man page for specific ext3 options for mount
it says the
following about the writeback option:
Data ordering is not preserved – data may be written into the main
filesystem after its metadata has been committed to the journal.
This is rumoured to be the highest-throughput option. It guarantees
internal filesystem integrity, however it can allow old data to appear
in files after a crash and journal recovery.
I am very confused about this – the man page seems to suggest that for file system integrity I want to specify data=writeback
option to mount
but most other references I have found (including some published books on embedded linux) suggest that I should be using data=journal
. What would be the best approach for me to use? Write speed is not an issue at all – data integrity is though.
Best Answer
Don't get misled by the fact that only
writeback
mentionsinternal filesystem integrity
.With
ext3
, whether you usejournal
,ordered
orwriteback
, file system metadata is always journalled and that means internal file system integrity.The data modes offer a way of control over how ordinary data is written to the file system.
In
writeback
mode, metadata changes are first recorded in the journal and a commit block is written. After the journal has been updated, metadata and data write-outs may proceed.data=writeback
can be a severe security risk: if the system crashes while appending to a file, after the metadata has been committed (and additional data blocks allocated), but before the data has been written (data blocks overwritten with new data), then after journal recovery that file may contain blocks filled with data from previously deleted files – from any user1.So, if data integrity is your main concern and speed is not important,
data=journal
is the way to go.