ubi_eba_init_scan: cannot reserve enough PEBs

[Artem Bityutskiy]

Hi,

On Tue, 2010-08-31 at 14:09 +0200, Stefani Seibold wrote:
> Am Sonntag, den 22.08.2010, 18:04 +0300 schrieb Artem Bityutskiy:
> > 
> > Yes, but your patch fixes the symptom, unfortunately. It is ok for you
> > to use as a work-around, but I still hope to find the root cause.

> True, but also if we fix the cause, this could happen. Imagine that one
> of the two master LEB will get corrupted, due a flash error or a power
> fail during a write access. Than the system should able to mount this
> damaged file system and restore the lost master LEB.

Firs of all, UBIFS _does_ handle the situation when on master LEB is
corrupted. It is designed for this and this part was tested. _But_ UBIFS
expects that the master LEB is corrupted in _certain way_. If it is
corrupted in an unexpected way - we panic.

To put it differently, we do not handle random corruptions, we handle
only corruptions which _look_ like corruptions caused by power cuts.

In your case you have very strange corruption. We can apply your patch,
problem solved, but will you be 100% comfortable with this? There is a
chance that you have some issues which can later have different
symptoms. I am still interested to find out the real root reason.

I will look at your issue as soon as I have time. I'm currently in
Brazil at the LinuxCon and do not have enough time to look at large
things so far.

> We should try to make UBIFS as robustly as possible and handle all
> possible errors.

Yes. But again, your case is a failure which does not look like a
corruption due to power cuts. In UBIFS we have certain expectations
about how Flash behaves, and we designed UBI/UBIFS around these
expectations. In your the corruption does not fit our expectations. So
we need to understand what happens. Then we can amend UBIFS expectation.

Thus, I think your patch should not be applied to upstream UBIFS
_before_ the reasons of the issue are fully understood.

Lets at least _try_, there is no guarantee we can find out what
happened, but lets try anyway.

> I think it is important to be a bit more defensive and assume the worst
> case.

We do try to be defensive - we refuse mounting if we see that the FS is
screwed in unexpected way. Instead of swallowing corrupted FS and
corrupting it even more - we refuse it. That's very defensive!

As I explained, we recover only if we see that the corruption looks like
the power-cut corruption.

I am actually trying to help you to find the real root cause. Sorry for
my stubbornness, but I really try to help.

-- 
Best Regards,
Artem Bityutskiy (Битюцкий Артём)