Josef Bacik wrote:
One of the things that came up consistently in talking with Fedora about switching to btrfs as default is that btrfs is particularly vulnerable to metadata corruption. If any of the core global roots are corrupted, the fs is unmountable and fsck can't usually do anything for you without some special options. Qu addressed this sort of with rescue=skipbg, but that's poorly named as what it really does is just allow you to operate without an extent root. However there are a lot of other roots, and I'd rather not have to do mount -o rescue=skipbg,rescue=nocsum,rescue=nofreespacetree,rescue=blah Instead take his original idea and modify it so it just works for everything. Turn it into rescue=onlyfs, and then any major root we fail to read just gets left empty and we carry on. Obviously if the fs roots are screwed then the user is in trouble, but otherwise this makes it much easier to pull stuff off the disk without needing our special rescue tools. I tested this with my TEST_DEV that had a bunch of data on it by corrupting the csum tree and then reading files off the disk. Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx> ---
Just an idea inspired from RAID1c3 and RAID1c3, how about introducing DUP2 and/or even DUP3 making multiple copies of the metadata to increase the chance to recover metadata on even a single storage device?
