The documentation of -o degraded states that it will work so long as no data is missing. However, this can cause data inconsistency! Suppose that I have an empty bcachefs filesystem with 2-way mirroring on disks nvme0n1 and nvme1n1. Then the following happens:
I mount nvme0n1 read-write with -o degraded at (say) /mnt.
echo X > /mnt/a
Unmount /mnt.
Mount nvme1n1 read-write with -o degraded at /mnt.
echo Y > /mnt/a.
Unmount /mnt.
Mount nvme0n1 and nvme1n1 together at /mnt.
cat /mnt/a.
What happens at step 8? There is no valid value for bcachefs to return, because the writes at steps 2 and 5 conflict with each other. Therefore, this must be prevented.
The only way I know to prevent this is to ensure that a quorum (strict majority) of devices for -o degraded to mount read/write. If a quorum is not present, -o degraded should mount read-only. If this is the existing behavior, it should be documented; otherwise, this is a request that bcachefs adopt this behavior.
The documentation of
-o degradedstates that it will work so long as no data is missing. However, this can cause data inconsistency! Suppose that I have an empty bcachefs filesystem with 2-way mirroring on disksnvme0n1andnvme1n1. Then the following happens:nvme0n1read-write with-o degradedat (say)/mnt.echo X > /mnt/a/mnt.nvme1n1read-write with-o degradedat/mnt.echo Y > /mnt/a./mnt.nvme0n1andnvme1n1together at/mnt.cat /mnt/a.What happens at step 8? There is no valid value for bcachefs to return, because the writes at steps 2 and 5 conflict with each other. Therefore, this must be prevented.
The only way I know to prevent this is to ensure that a quorum (strict majority) of devices for
-o degradedto mount read/write. If a quorum is not present,-o degradedshould mount read-only. If this is the existing behavior, it should be documented; otherwise, this is a request that bcachefs adopt this behavior.