logfs.txt 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242
  1. The LogFS Flash Filesystem
  2. ==========================
  3. Specification
  4. =============
  5. Superblocks
  6. -----------
  7. Two superblocks exist at the beginning and end of the filesystem.
  8. Each superblock is 256 Bytes large, with another 3840 Bytes reserved
  9. for future purposes, making a total of 4096 Bytes.
  10. Superblock locations may differ for MTD and block devices. On MTD the
  11. first non-bad block contains a superblock in the first 4096 Bytes and
  12. the last non-bad block contains a superblock in the last 4096 Bytes.
  13. On block devices, the first 4096 Bytes of the device contain the first
  14. superblock and the last aligned 4096 Byte-block contains the second
  15. superblock.
  16. For the most part, the superblocks can be considered read-only. They
  17. are written only to correct errors detected within the superblocks,
  18. move the journal and change the filesystem parameters through tunefs.
  19. As a result, the superblock does not contain any fields that require
  20. constant updates, like the amount of free space, etc.
  21. Segments
  22. --------
  23. The space in the device is split up into equal-sized segments.
  24. Segments are the primary write unit of LogFS. Within each segments,
  25. writes happen from front (low addresses) to back (high addresses. If
  26. only a partial segment has been written, the segment number, the
  27. current position within and optionally a write buffer are stored in
  28. the journal.
  29. Segments are erased as a whole. Therefore Garbage Collection may be
  30. required to completely free a segment before doing so.
  31. Journal
  32. --------
  33. The journal contains all global information about the filesystem that
  34. is subject to frequent change. At mount time, it has to be scanned
  35. for the most recent commit entry, which contains a list of pointers to
  36. all currently valid entries.
  37. Object Store
  38. ------------
  39. All space except for the superblocks and journal is part of the object
  40. store. Each segment contains a segment header and a number of
  41. objects, each consisting of the object header and the payload.
  42. Objects are either inodes, directory entries (dentries), file data
  43. blocks or indirect blocks.
  44. Levels
  45. ------
  46. Garbage collection (GC) may fail if all data is written
  47. indiscriminately. One requirement of GC is that data is separated
  48. roughly according to the distance between the tree root and the data.
  49. Effectively that means all file data is on level 0, indirect blocks
  50. are on levels 1, 2, 3 4 or 5 for 1x, 2x, 3x, 4x or 5x indirect blocks,
  51. respectively. Inode file data is on level 6 for the inodes and 7-11
  52. for indirect blocks.
  53. Each segment contains objects of a single level only. As a result,
  54. each level requires its own separate segment to be open for writing.
  55. Inode File
  56. ----------
  57. All inodes are stored in a special file, the inode file. Single
  58. exception is the inode file's inode (master inode) which for obvious
  59. reasons is stored in the journal instead. Instead of data blocks, the
  60. leaf nodes of the inode files are inodes.
  61. Aliases
  62. -------
  63. Writes in LogFS are done by means of a wandering tree. A naïve
  64. implementation would require that for each write or a block, all
  65. parent blocks are written as well, since the block pointers have
  66. changed. Such an implementation would not be very efficient.
  67. In LogFS, the block pointer changes are cached in the journal by means
  68. of alias entries. Each alias consists of its logical address - inode
  69. number, block index, level and child number (index into block) - and
  70. the changed data. Any 8-byte word can be changes in this manner.
  71. Currently aliases are used for block pointers, file size, file used
  72. bytes and the height of an inodes indirect tree.
  73. Segment Aliases
  74. ---------------
  75. Related to regular aliases, these are used to handle bad blocks.
  76. Initially, bad blocks are handled by moving the affected segment
  77. content to a spare segment and noting this move in the journal with a
  78. segment alias, a simple (to, from) tupel. GC will later empty this
  79. segment and the alias can be removed again. This is used on MTD only.
  80. Vim
  81. ---
  82. By cleverly predicting the life time of data, it is possible to
  83. separate long-living data from short-living data and thereby reduce
  84. the GC overhead later. Each type of distinc life expectency (vim) can
  85. have a separate segment open for writing. Each (level, vim) tupel can
  86. be open just once. If an open segment with unknown vim is encountered
  87. at mount time, it is closed and ignored henceforth.
  88. Indirect Tree
  89. -------------
  90. Inodes in LogFS are similar to FFS-style filesystems with direct and
  91. indirect block pointers. One difference is that LogFS uses a single
  92. indirect pointer that can be either a 1x, 2x, etc. indirect pointer.
  93. A height field in the inode defines the height of the indirect tree
  94. and thereby the indirection of the pointer.
  95. Another difference is the addressing of indirect blocks. In LogFS,
  96. the first 16 pointers in the first indirect block are left empty,
  97. corresponding to the 16 direct pointers in the inode. In ext2 (maybe
  98. others as well) the first pointer in the first indirect block
  99. corresponds to logical block 12, skipping the 12 direct pointers.
  100. So where ext2 is using arithmetic to better utilize space, LogFS keeps
  101. arithmetic simple and uses compression to save space.
  102. Compression
  103. -----------
  104. Both file data and metadata can be compressed. Compression for file
  105. data can be enabled with chattr +c and disabled with chattr -c. Doing
  106. so has no effect on existing data, but new data will be stored
  107. accordingly. New inodes will inherit the compression flag of the
  108. parent directory.
  109. Metadata is always compressed. However, the space accounting ignores
  110. this and charges for the uncompressed size. Failing to do so could
  111. result in GC failures when, after moving some data, indirect blocks
  112. compress worse than previously. Even on a 100% full medium, GC may
  113. not consume any extra space, so the compression gains are lost space
  114. to the user.
  115. However, they are not lost space to the filesystem internals. By
  116. cheating the user for those bytes, the filesystem gained some slack
  117. space and GC will run less often and faster.
  118. Garbage Collection and Wear Leveling
  119. ------------------------------------
  120. Garbage collection is invoked whenever the number of free segments
  121. falls below a threshold. The best (known) candidate is picked based
  122. on the least amount of valid data contained in the segment. All
  123. remaining valid data is copied elsewhere, thereby invalidating it.
  124. The GC code also checks for aliases and writes then back if their
  125. number gets too large.
  126. Wear leveling is done by occasionally picking a suboptimal segment for
  127. garbage collection. If a stale segments erase count is significantly
  128. lower than the active segments' erase counts, it will be picked. Wear
  129. leveling is rate limited, so it will never monopolize the device for
  130. more than one segment worth at a time.
  131. Values for "occasionally", "significantly lower" are compile time
  132. constants.
  133. Hashed directories
  134. ------------------
  135. To satisfy efficient lookup(), directory entries are hashed and
  136. located based on the hash. In order to both support large directories
  137. and not be overly inefficient for small directories, several hash
  138. tables of increasing size are used. For each table, the hash value
  139. modulo the table size gives the table index.
  140. Tables sizes are chosen to limit the number of indirect blocks with a
  141. fully populated table to 0, 1, 2 or 3 respectively. So the first
  142. table contains 16 entries, the second 512-16, etc.
  143. The last table is special in several ways. First its size depends on
  144. the effective 32bit limit on telldir/seekdir cookies. Since logfs
  145. uses the upper half of the address space for indirect blocks, the size
  146. is limited to 2^31. Secondly the table contains hash buckets with 16
  147. entries each.
  148. Using single-entry buckets would result in birthday "attacks". At
  149. just 2^16 used entries, hash collisions would be likely (P >= 0.5).
  150. My math skills are insufficient to do the combinatorics for the 17x
  151. collisions necessary to overflow a bucket, but testing showed that in
  152. 10,000 runs the lowest directory fill before a bucket overflow was
  153. 188,057,130 entries with an average of 315,149,915 entries. So for
  154. directory sizes of up to a million, bucket overflows should be
  155. virtually impossible under normal circumstances.
  156. With carefully chosen filenames, it is obviously possible to cause an
  157. overflow with just 21 entries (4 higher tables + 16 entries + 1). So
  158. there may be a security concern if a malicious user has write access
  159. to a directory.
  160. Open For Discussion
  161. ===================
  162. Device Address Space
  163. --------------------
  164. A device address space is used for caching. Both block devices and
  165. MTD provide functions to either read a single page or write a segment.
  166. Partial segments may be written for data integrity, but where possible
  167. complete segments are written for performance on simple block device
  168. flash media.
  169. Meta Inodes
  170. -----------
  171. Inodes are stored in the inode file, which is just a regular file for
  172. most purposes. At umount time, however, the inode file needs to
  173. remain open until all dirty inodes are written. So
  174. generic_shutdown_super() may not close this inode, but shouldn't
  175. complain about remaining inodes due to the inode file either. Same
  176. goes for mapping inode of the device address space.
  177. Currently logfs uses a hack that essentially copies part of fs/inode.c
  178. code over. A general solution would be preferred.
  179. Indirect block mapping
  180. ----------------------
  181. With compression, the block device (or mapping inode) cannot be used
  182. to cache indirect blocks. Some other place is required. Currently
  183. logfs uses the top half of each inode's address space. The low 8TB
  184. (on 32bit) are filled with file data, the high 8TB are used for
  185. indirect blocks.
  186. One problem is that 16TB files created on 64bit systems actually have
  187. data in the top 8TB. But files >16TB would cause problems anyway, so
  188. only the limit has changed.