Retaining undelete data on ext3

Keld Jørn Simonsen keld at dkuug.dk
Wed Sep 27 08:57:48 UTC 2006 

On Sun, Sep 24, 2006 at 04:45:13PM -0400, Theodore Tso wrote:
> On Sun, Sep 24, 2006 at 09:00:00PM +0200, Keld Jørn Simonsen wrote:
> > I have a design to improve ext3 so that one could salvage all files,
> > even if you accidently reformated the partition, Available at 
> > http://std.dkuug.dk/keld/lazy3.txt
> > This design has been reviewed by Ted.
> 
> To be fair, reviewed != to "approve of all aspects of the design".  We
> exchanged e-mails for a while on the subject, yes. 

Yes, you did not approve the design, but you looked at it and found some
things that were not implementable, and I then corrected the design.

> Note that the
> design has a number of holes in it --- for example, simply saying,
> "don't blank the inode when deleting it" is not so trivial if you also
> want to maintain ext3's consistency guarantees.  So when the design
> says things like "My idea is to not clear the inodes, when they are
> marked as free", that's roughly equivalent to saying, "My idea is to
> purify Uranium by using some really big centrifuges".  It is both
> simultaneously true and not useful.  The hard part is all in the
> engineering.  :-)

Yaeh, the remark "My idea is to not clear the inodes, when they are
marked as free" is meant to be a general outline of the idea, and then
the more practical aspects are outlined further in the paper.

Which guarantees are being breached with the design?

> > I also have some patches for debugfs to undelete files in ext3,
> > available at http://std.dkuug.dk/keld/readme-salvage.html
> 
> This should probably be turned into its own standalone program, since
> it's far more than the scope of debugfs is intended to be.  So I don't
> intend to merge them into debugfs.

yes, it is probably a standalone program. I also have some ideas for 
repairing a system with io-errors, where the inodes are intact, but my
programming is driven by myself having problems to solve, and I don't
have a damaged fs that I need to repair at the moment.

Anyway, I find that I need a number of the capabilities of debugfs when
one tries to salvage files in a damaged fs, and it would be cumbersome
to swith between debugfs and a salvage program, and a waiste to
implement and maintain the debugfs capabilities in a new salvation
program, so maybe it is best to have the rescue capabilities built into
debugfs anyway.

best regards
keld

More information about the Ext3-users mailing list