On Thu, 14 Feb 2013, Dave Chinner wrote:
> Date: Thu, 14 Feb 2013 22:04:23 +1100
> From: Dave Chinner <david@xxxxxxxxxxxxx>
> To: LukÃÅ Czerner <lczerner@xxxxxxxxxx>
> Cc: Chris Murphy <lists@xxxxxxxxxxxxxxxxx>, Karel Zak <kzak@xxxxxxxxxx>,
> xfs@xxxxxxxxxxx, sandeen@xxxxxxxxxx, Zach Brown <zabrown@xxxxxxxxxx>,
> Subject: Re: [PATCH] xfs_mkfs: wipe old signatures from the device
> On Thu, Feb 14, 2013 at 09:36:38AM +0100, LukÃÅ Czerner wrote:
> > On Thu, 14 Feb 2013, Chris Murphy wrote:
> > > Date: Thu, 14 Feb 2013 00:29:59 -0700
> > > From: Chris Murphy <lists@xxxxxxxxxxxxxxxxx>
> > > To: Dave Chinner <david@xxxxxxxxxxxxx>
> > > Cc: Karel Zak <kzak@xxxxxxxxxx>, LukÃÅ Czerner <lczerner@xxxxxxxxxx>,
> > > xfs@xxxxxxxxxxx, sandeen@xxxxxxxxxx, Zach Brown <zabrown@xxxxxxxxxx>,
> > > linux-btrfs@xxxxxxxxxxxxxxx
> > > Subject: Re: [PATCH] xfs_mkfs: wipe old signatures from the device
> > >
> > >
> > > On Feb 13, 2013, at 3:17 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote:
> > > > it is the responsibility of filesystem
> > > > tools to behave sanely, not for the rest of the world to have to
> > > > work around the dangerous behaviour of a specific filesystems'
> > > > toolset.
> > >
> > > I appreciate this, and in particular that mkfs.xfs doesn't nerf a file
> > > system without the use of -f; even an existing XFS file system.
> > > Considering most data loss is user induced, I'd appreciate it if other
> > > file systems's tools weren't so easily made belligerent by (hopefully
> > > temporarily) confused apes wearing pants.
> > >
> > > Chris Murphy
> > I would not be so optimistic about it. The reason being that there
> > are almost _always_ old file system signatures on the device.
> That assumption is way off the mark. What you do as a filesystem
> developer (remake filesystems on the same block device hundreds of
> times a day) is not at all typical, so you cannot extrapolate from
> your usage habits to what typically happens in production
> Admins don't tend to use "force" options by default (especially for
> destructive comands like mkfs) as 1) they are rarely necessary in the
> real world and 2) the consequences of errors are severe. The most
> common filesystem creation pattern in production systems (be it
> desktop, workstation or server) is that storage, devices and
> filesystems are set up once and then used for the entire lifetime
> ofthe system without ever having mkfs run on them again. i.e on
> pristine, empty hardware. Hence users rarely, if ever, need to use
> the force option for mkfs.xfs.
> > So I
> > think that it got to the point where users will usually use mkfs.xfs
> > -f all the time. And even if they did not and they would use a wrong
> > device they would probably get the same warning even for the device
> > they wanted to use in the first place.
> I get a couple of queries a year from people saying they
> accidentally ran mkfs.ext4 on the wrong device and want to know if
> they can recover their XFS filesystem. The next question is usually
> "why didn't mkfs.ext4 warn me there was an existing filesystem on
> the device like mkfs.xfs does?".
> That is why the "don't overwrite an existing filesystem by default"
> behaviour is important. Users like to be protected from mistakes
> they weren't aware they made, and far too few of our filesystem
> utilities provide that safety net.
> A couple of users a year losing data like this is a couple of users
> too many. Especially when it would only take a couple of hours of
> your time to implement....
> > So even thoug it might help in some cases I do not think that we
> > should go and change all file systems to do that as well, it would
> > not be very useful anyway.
> Tell that to the next user that trashes their data because a
> filesystem tool simply assumed in correctly that it owned the block
I am not sure whether using a single file system for the
lifetime of the hardware is really the case, it seems unlikely to
me, but you have more experience than I do... But I am not talking
about remaking the file system hundreds of times a day, because once
is just enough to hit this.
mkfs.ext4 actually does have 'undo' functionality which can store
the changes made to the device on the file system itself. It is not
enabled by default, but exactly for this reason I've been thinking
of ways to make this default and possible delete the data when it's
not likely to be needed anymore (first mount ? write ?).
I was also thinking about checking /etc/fstab prior the file system
creation, this might rule out most of the false positives that
mkfs.xfs can generate I guess.