UBIFS data integrity

Artem Bityutskiy dedekind1 at gmail.com
Thu Jan 16 03:16:07 EST 2014 

On Thu, 2014-01-16 at 10:00 +0200, Artem Bityutskiy wrote:
> On Wed, 2014-01-15 at 19:31 +0100, rcrb rcrb wrote:
> > On Tue, Jan 14, 2014 at 10:32 AM, Mats Kärrman <Mats.Karrman at tritech.se> wrote:
> > > Hi,
> > >
> > > On Tuesday, January 14, 2014 3:51 AM, rcrb rcrb [rcrbsw at gmail.com] wrote:
> > >> I am considering using a database over UBIFS on my embedded device.
> > >> The database file is approximately 1 MiB. I wonder if I can rely on
> > >> the filesystem to be sure than this file will never have a corruption,
> > >> even in case of power cut during update. Will the filesystem guarantee
> > >> that, after reboot, the file will be either in the pre-update state or
> > >> be correctly updated ?
> > >
> > > First of all, UBIFS relies on the underlying MTD driver also
> > > doing its job so you should also make sure this works on your
> > > board.
> > > If your MTD driver works, UBIFS is supposed to guarantee
> > > that every write operation is atomic, i.e. it is either fully written or
> > > discarded.
> > > If your database is guaranteed  correct after a power-cut then
> > > depends on if it is consistent after every write or if it requires
> > > several write operations to produce a new consistent state.
> > > In general this requires that your database also is implemented
> > > in a fault tolerant way.
> > >
> > > BR // Mats
> > 
> > Thank you for you answer Mats. I checked the write system calls with
> > the database I plan to use, it appears that the transactions are
> > validated with only one write. So I think it will be OK.
> 
> UBIFS writes in 4KiB units.

I guess this is a bit confusing. The low-level flash write operations
can be bigger or smaller. However, the file data "buffers" that UBIFS
writes contain 4KiB of file data (aligned, e.g., regions of the file
would be 0-4K, 4K-8K, etc). Every such "buffer" is protected with CRC32,
and if a power cut results in the buffer not being fully written, the
CRC32 mismatches and UBIFS discards the entire buffer. And the old
contents of this file region is stays on the flash. The old contents
does not go away before the new contents reaches the flash media. So the
read operation for any aligned 4KiB region always returns the old
contents, or the new contents, nothing else.

>  So any aligned 4KiB piece of your file is
> guaranteed to either be fully written, then the read will return new
> data, or not be written at all, then the read will return old data.

-- 
Best Regards,
Artem Bityutskiy

More information about the linux-mtd mailing list