systems a zfs case study
play

Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. - PowerPoint PPT Presentation

Jan 27, 2024 •449 likes •759 views

End-to-end Data Integrity for File Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 2/26/2010 1 End-to-end Argument Ideally, applications should

  1. End-to-end Data Integrity for File Systems: A ZFS Case Study Yupu Zhang , Abhishek Rajimwale Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 2/26/2010 1

  2. End-to-end Argument • Ideally, applications should take care of data integrity • In reality, file systems are in charge – Data is organized by metadata – Most applications rely on file systems – Applications share data 2/26/2010 2

  3. Data Integrity In Reality • Preserving data integrity is a challenge • Imperfect components – disk media, firmware, controllers, etc. • Techniques to maintain data integrity – Checksums [Stein01, Bartlett04] , RAID [Patternson88] • Enough about disk. What about memory? 2/26/2010 3

  4. Memory Corruption • Memory corruptions do exist – Old studies: 200 – 5,000 FIT per Mb *O’Gorman92, Ziegler96, Normand96, Tezzaron04+ • 14 – 359 errors per year per GB – A recent work: 25,000 – 70,000 FIT per Mb [Schroeder09] • 1794 – 5023 errors per year per GB – Reports from various software bug and vulnerability databases • Isn’t ECC enough? – Usually correct single-bit error – Many commodity systems don’t have ECC (for cost) – Can’t handle software-induced memory corruptions 2/26/2010 4

  5. The Problem • File systems cache a large amount of data in memory for performance – Memory capacity is growing • File systems may cache data for a long time – Susceptible to memory corruptions • How robust are modern file systems to memory corruptions? 2/26/2010 5

  6. A ZFS Case Study • Fault injection experiments on ZFS – What happens when disk corruption occurs? – What happens when memory corruption occurs? – How likely a bit flip would cause problems? • Why ZFS? – Many reliability mechanisms – “ provable end-to-end data integrity ” [Bonwick07] 2/26/2010 6

  7. Results • ZFS is robust to a wide range of disk corruptions • ZFS fails to maintain data integrity in the presence of memory corruptions – reading/writing corrupt data, system crash – one bit flip has non-negligible chances of causing failures • Data integrity at memory level is not preserved 2/26/2010 7

  8. Outline • Introduction • ZFS Background • Data Integrity Analysis – On-disk Analysis – In-mem Analysis • Conclusion 2/26/2010 8

  9. ZFS Reliability Features • Checksums – Detect silent data corruption Address 1 – Stored in a generic block pointer Address 2 Address 3 • Replication – Up to three copies (ditto blocks) Block – Recover from checksum mismatch Checksum • Copy-On-Write transactions – Keep disk image always consistent • Storage pool Block – Mirror, RAID-Z Block Block 2/26/2010 9

  10. Outline • Introduction • ZFS Background • Data Integrity Analysis – On-disk Analysis – In-mem Analysis • Conclusion 2/26/2010 10

  11. Summary of On-disk Analysis • ZFS detects all corruptions by using checksums • Redundant on-disk copies and in-mem caching help ZFS recover from disk corruptions • Data integrity at this level is well preserved (See our paper for more details) 2/26/2010 11

  12. Outline • Introduction • ZFS Background • Data Integrity Analysis – On-disk Analysis – In-mem Analysis • Random Test • Controlled Test • Conclusion 2/26/2010 12

  13. Random Test • Goal – What happens when random bits get flipped? – How often do those failures happen? • Fault injection – A trial: each run of a workload • Run a workload -> inject bit flips -> observe failures • Probability calculation – For each type of failure • P (failure) = # of trials with such failure / total # of trials 2/26/2010 13

  14. Result of Random Test Reading Writing Workload Crash Page Cache Corrupt Data Corrupt Data varmail 0.6% 0.0% 0.3% 31 MB oltp 1.9% 0.1% 1.1% 129 MB webserver 0.7% 1.4% 1.3% 441 MB fileserver 7.1% 3.6% 1.6% 915 MB • The probability of failures is non-negligible • The more page cache is consumed, the more likely a failure would occur

  15. Outline • Introduction • ZFS Background • Data Integrity Analysis – On-disk Analysis – In-mem Analysis • Random Test • Controlled Test • Conclusion 2/26/2010 15

  16. Controlled Test • Goal – Why do those failures happen in ZFS? – How does ZFS react to memory corruptions? • Fault injection – Metadata: field by field – Data: a random bit in a data block • Workload – For global metadata: the “zfs” command – For file system level metadata and data: POSIX API 2/26/2010 16

  17. Result Overview • General observations – Life cycle of a block • Why does bad data get read or written to disk? • Specific cases – Bad data is returned – System crashes – Operation fails 2/26/2010 17

  18. Lifecycle of a Block: READ READ CORRUPT BLOCK READ EVICTION PAGE  CACHE verify checksum DISK unbounded time unbounded time • Blocks on the disk are protected • Blocks in memory are not protected • The window of vulnerability is unbounded 2/26/2010 18

  19. Lifecycle of a Block: WRITE WRITE FLUSH CORRUPT BLOCK EVICTION PAGE CACHE generate checksum DISK <= 30s unbounded time • Corrupt blocks are written to disk permanently • Corrupt blocks are “protected” by the new checksum 2/26/2010 19

  20. Result Overview • General observations – Life cycle of a block • Why does bad data get read or written to disk? • Specific cases – Bad data is returned – System crashes – Operation fails 2/26/2010 20

  21. Case 1: Bad Data • Read (block 0) dnode  dn_nlevels == 3 (011)  return data block 0 at the leaf level × dn_nlevels == 1 (001) …  treat an indirect block as data block 0 … 0 1 2  return the indirect block BAD DATA!!! indirect block data block 2/26/2010 21

  22. Case 2: System Crash • Read (block 0) dnode  dn_nlevels == 3 (011)  return data block 0 at the leaf level × dn_nlevels == 7 (111) … …  go down to the leaf level 0 1 2  treat data block 0 as an indirect block  try to follow an invalid block pointer indirect block  later a NULL-pointer is dereferenced data block 2/26/2010 22

  23. Case 2: System Crash (cont.) uint64_t size = BP_GET_LSIZE(bp); a block pointer, now invalid ... buf->b_data = zio_buf_alloc (size); void * zio_buf_alloc (size_t size) { could be an arbitrarily large value size_t c = (size - 1) >> SPA_MINBLOCKSHIFT; ASSERT(c< SPA_MAXBLOCKSIZE void * kmem_cache_alloc ASSERT(c<256) >>SPA_MINBLOCKSHIFT); (kmem_cache_t *cp, int kmflag) disabled { return ( kmem_cache_alloc … but now c > 256 (zio_buf_cache[c],KM_PUSHPAGE)); ccp = KMEM_CPU_CACHE(cp); } … mutex_enter(&ccp->cc_ylock); NULL ... NULL-pointer dereference } ccp is also NULL CRASH!!! 2/26/2010 23

  24. Case 3: Operation Fail • Open (“file”)  zp_flags is correct  open() succeeds × the 41 st bit of zp_flags is flipped from 0 to 1  EACCES (permission denied) 2/26/2010 24

  25. Case 3: Operation Fail (cont.) 41 st bit …. 00 1 0 …. #define ZFS_AV_QUARANTINED 0x0000020000000000 … if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) { *check_privs = B_FALSE; return (EACCES); } … 2/26/2010 25

  26. Summary of Results • Blocks in memory are not protected – Checksum is only used at the disk boundary • Metadata is critical – Bad data is returned, system crashes, or operations fail • Data integrity at this level is not preserved 2/26/2010 26

  27. Outline • Introduction • ZFS Background • Data Integrity Analysis – On-disk Analysis – In-mem Analysis • Conclusion 2/26/2010 27

  28. Conclusion • A lot of effort has been put into dealing with disk failures – little into handling memory corruptions • Memory corruptions do cause problems – reading/writing bad data, system crash, operation fail • Shouldn't we protect data and metadata from memory corruptions? – to achieve end-to-end data integrity 2/26/2010 28

  29. Thank you! Questions? The ADvanced Systems Laboratory (ADSL) http://www.cs.wisc.edu/adsl/ 2/26/2010 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael Randour UMONS - University of Mons 03.09.2012 European Conference on Complex Systems Context Case study Final words Background I must confess.

606 views • 56 slides
Global Information Systems The Case Study: Development of an Asian-European Business Portal

Global Information Systems The Case Study: Development of an Asian-European Business Portal

Global Information Systems The Case Study: Development of an Asian-European Business Portal Henri Pirkkalainen, Prof. Dr. Jan M. Pawlowski 09.09.2013 Contents Introduction Case Study Contents of the case study The process of the

693 views • 21 slides
GUI Basics and Windowing Systems Using X Windows as a case study 1 CS 349: Windowing Systems CS

GUI Basics and Windowing Systems Using X Windows as a case study 1 CS 349: Windowing Systems CS

GUI Basics and Windowing Systems Using X Windows as a case study 1 CS 349: Windowing Systems CS 349: Windowing Systems 2 Evolution of GUIs Apple Macintosh (1984) Xero Star (1981) Inspired by Xerox PARC Developed at Xerox PARC Not

814 views • 37 slides
Customer Case Study Event-Based Systems Integration at QUT E B d S I i QUT Enhancing

Customer Case Study Event-Based Systems Integration at QUT E B d S I i QUT Enhancing

4/13/2011 Customer Case Study Event-Based Systems Integration at QUT E B d S I i QUT Enhancing Student Service &amp; Delivering Change Capacity Dr Wayne Oswin Ian McDonald Solutions Manager - Education Administrative Systems

511 views • 15 slides
Using XDI A Canadian Case Study ________________________________________________ Presented by :

Using XDI A Canadian Case Study ________________________________________________ Presented by :

Infrastructure Risk Assessment and Adaptation Using XDI A Canadian Case Study ________________________________________________ Presented by : Daria Smeh North America Lead xdi.systems What is XDI? Who is XDI? What does XDI do? xdi.systems

521 views • 24 slides
Hill Kinetics Meets P Systems A Case Study on Gene Regulatory Networks as Computing Agents in

Hill Kinetics Meets P Systems A Case Study on Gene Regulatory Networks as Computing Agents in

Introduction Hill Kinetics Case Study: Computational Units Discussion, Conclusion, Further Work Hill Kinetics Meets P Systems A Case Study on Gene Regulatory Networks as Computing Agents in silico and in vivo Thomas Hinze 1 Sikander Hayat 2

421 views • 30 slides
Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc

Case Study A Case fo r Use in Addic tio n Re se arc h De re k Quig le y Unive rsity o f Auc kland What We ll Co ve r T o day T he L ig htbulb Mo me nt My Ph.D Case Study Case Study Charac te ristic s Case Study Stre

424 views • 10 slides
Requirements of Persuasive Systems : Case Study of a Habit

Requirements of Persuasive Systems : Case Study of a Habit

Requirements of Persuasive Systems : Case Study of a Habit Changing Application Presented By : Noshin Nawar Sadat Outline INTRODUCTION FABULOUS : SELF PERSUASIVE

832 views • 47 slides
Sampling Effect on Performance Prediction of Configurable Systems : A Case Study Juliana Alves

Sampling Effect on Performance Prediction of Configurable Systems : A Case Study Juliana Alves

Sampling Effect on Performance Prediction of Configurable Systems : A Case Study Juliana Alves Pereira, Mathieu Acher, Hugo Martin, Jean-Marc Jezequel 1 Configurable systems 2 Configurable systems 2 Configurable systems Pros

755 views • 63 slides
Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and Semantics Aalborg University DS E02 Lec13 1 CORBA main points CORBA consists of generic services as well as a language- independent RMI

351 views • 33 slides
2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular,

2.7 Case Study: Floorplan Optimization Page 1 of 7 2.7 Case Study: Floorplan Optimization Our second case study is an example of a highly irregular, symbolic problem. The solution that we develop incorporates a task scheduling algorithm. 2.7.1

259 views • 7 slides
CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Based on ADHS 18

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Based on ADHS 18

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Based on ADHS 18 [BLCP18] Brandon Bohrer (joint work with Adriel Luo, Xuean Chuang, Andr e Platzer) Logical Systems Lab Computer Science Department Carnegie

889 views • 66 slides
Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the

Ricardo Semler Case Study Briefing Advance notice: Leading Change Case Study Please read the Case Study found in the Assignment section of M005 and be ready to present your findings in a formal presentation in week 11. Each team member

319 views • 6 slides
Case Study in System of Systems Engineering: NASAs Advanced Communications Technology Satellite

Case Study in System of Systems Engineering: NASAs Advanced Communications Technology Satellite

See Notes Page Case Study in System of Systems Engineering: NASAs Advanced Communications Technology Satellite Brian E. White, Ph.D. 30 June 2011 CAU SES (Complexity Are Us Systems Engineering Strategies) 1 5/22/2014 See

508 views • 35 slides
Self-Adaptive Quality Requirement Elicitation Process for Legacy Systems: A Case Study in

Self-Adaptive Quality Requirement Elicitation Process for Legacy Systems: A Case Study in

Self-Adaptive Quality Requirement Elicitation Process for Legacy Systems: A Case Study in HealthCare ALFONSO MARTNEZ, LORENA AYUSO &amp; ANGELINA ESPINOZA NOUR ALI UNIVERSITY OF BRIGHTON-UK UNIVERSIDAD AUTONOMA METROPOLITANA-MEXICO RE@SAC

400 views • 18 slides
Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data Integrity Defining Constraints Types of Constraints Disabling Constraints Using Defaults and Rules Deciding Which Enforcement Method

260 views • 23 slides
Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given

End-to-End Protocols Underlying best-effort network drop messages Reliable Byte-Stream (TCP) re-orders messages delivers duplicate copies of a given message limits messages to some finite size delivers messages after

303 views • 5 slides
The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System

The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System

The Internet Today Niko Matsakis Outline Summaries of: End-to-End Arguments in System Design The Design Principles of the DARPA Internet Protocols Criticisms and Commentary Conclusion The End-to-End Argument E2E

753 views • 49 slides
Service time evaluation for network protocols and routers Computer Networking Communication

Service time evaluation for network protocols and routers Computer Networking Communication

Service time evaluation for network protocols and routers Computer Networking Communication relies on a protocol stack with n layers. Layer k of an host: - communicates with layer k of remote hosts - exploits the service provided by layer k-1 -

281 views • 26 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro,

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro,

Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge Software is vulnerable use of unsafe languages is prevalent most

288 views • 25 slides
PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update

PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update

PAYE Modernisation Thesaurus Webinar December 2019 Overview PAYE Modernisation Update Data Integrity Project myAccount Enhancements 2019 Employment Detail Summary Employee Statement of Liability Transition 2019/2020

707 views • 70 slides
Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list -

Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list -

Lecture 07: Race Conditions, Deadlock, Data Integrity The job - list - broken and job - list - fixed examples from the prior slide deck highlight a key issue that comes with the introduction of signals and signal handling. Neither job -

377 views • 10 slides

More recommend