WO2000020971A1 - Recovery of file systems after modification failure - Google Patents

Recovery of file systems after modification failure Download PDF

Info

Publication number
WO2000020971A1
WO2000020971A1 PCT/US1999/023110 US9923110W WO0020971A1 WO 2000020971 A1 WO2000020971 A1 WO 2000020971A1 US 9923110 W US9923110 W US 9923110W WO 0020971 A1 WO0020971 A1 WO 0020971A1
Authority
WO
WIPO (PCT)
Prior art keywords
file system
system structure
modification
boot record
attempted
Prior art date
Application number
PCT/US1999/023110
Other languages
French (fr)
Inventor
William E. Sobel
Original Assignee
Symantec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symantec Corporation filed Critical Symantec Corporation
Publication of WO2000020971A1 publication Critical patent/WO2000020971A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1435Saving, restoring, recovering or retrying at system level using file system or storage system metadata
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99951File or database maintenance
    • Y10S707/99952Coherency, e.g. same view to multiple users
    • Y10S707/99953Recoverability

Definitions

  • This invention pertains to the field of file system modification in a digital computer system. More specifically, this invention pertains to automatic recovery from failure of file system modification.
  • ROM startup program determines which, if any, of the attached storage devices contain or contains information sufficient to boot the operating system.
  • the ROM startup program generally begins by looking to any removable storage media, generally a removable disk. If there are no removable storage media configured for booting the operating system, the ROM startup program checks a fixed storage medium, which is generally a hard-disk. Although other types of storage media are in use, for the purposes of this discussion the storage media will be assumed to be magnetic disks.
  • the ROM startup program executes a program found at the first physical sectors of the disk. For removable disks, these first sectors make up a boot record.
  • a boot record contains a boot program that loads and executes system files on the disk for booting the operating system.
  • these first sectors make up a master boot record.
  • the data storage space on hard-disks can generally be divided into partitions, each of which appears to the operating system as a separate disk.
  • the master boot record contains a master boot program which determines which partition is to be booted from. Typically, each partition includes a boot record at the first sectors of that partition, and the boot record contains a boot program like that of removable disks. The master boot program transfers control to the boot program contained in the appropriate partition.
  • file systems there are a variety of file systems in use by different operating systems. Each of these file systems uses a different file system structure to manage data on disks.
  • a file system structure stores information about files on the disk. Sometimes the file system structure is located at the beginning of a disk or partition, and sometimes it is located at various places throughout a disk or partition.
  • the data on disks is generally divided into files, and the information stored in the file system structure generally includes the name and location of each file, in addition to other attributes of the files.
  • FAT File Allocation Table
  • the FAT contains information for every cluster of sectors on the disk or partition, and is used as a map to indicate which clusters contain which computer-readable files.
  • a directory structure which maps specific file names to corresponding entries in the FAT.
  • the boot program loads system files to boot the operating system, it relies on the file system structure being intact.
  • the file system structure would include the FAT and the directory structure.
  • NTFS for Windows NT
  • ODS-2 for VMS
  • HPFS for OS/2
  • Ext2fs for Linux
  • the present invention provides for recovery from a failure of a file system structure modification procedure (406).
  • a file system structure modification procedure prior to execution of any file system structure modification procedure (406) which can leave the file system structure in an invalid state, a copy is made of a boot record (110), and the boot record (110) is replaced by a recovery program (130).
  • the boot record (110) is a master boot record. If the file system structure modification procedure (406) fails, leaving the file system structure in an invalid state, the recovery program (130) is automatically executed when the computer is restarted (414). In one embodiment, the recovery program (130) completes the failed file system structure modification (406). In another embodiment, the recovery program (130) rolls the file system structure back to a valid state which predates the attempted file system structure modification (406).
  • the recovery program (130) uses the copy of the boot record (110) to restore the boot record (110) to its original state. This allows for recovery of the file system structure without intervention by a user, and without loss of information.
  • Fig. 1 illustrates a sequence of disk states A - D prior to an attempted file system structure modification procedure 406.
  • Fig. 2 illustrates a sequence of disk states E - G following a successful file system structure modification 406.
  • Fig. 3 illustrates a sequence of disk states H - K following a failed file system structure modification 406.
  • Figs. 4 and 5 are flowcharts which illustrate the operation of one embodiment of the invention.
  • Fig. 6 is a schematic illustration of a computer 600 used in one embodiment of the invention.
  • Disk state A corresponds to an ordinary, functional bootable disk, such as primary hard-disk 604 in computer 600.
  • Computer 600 includes random access memory 604 as well as central processing unit (CPU) 602. All of the procedures described are carried out by CPU 602 under the direction of a program stored in memory 604.
  • CPU 602 central processing unit
  • the first sectors on disk 604 in state A are occupied by master boot record 110 (information at the top of the disk layouts of Fig. 1 represent the first sectors on disk 604).
  • master boot record 110 is partition table 112, which indicates where each partition 114 is, and which partition 114 is to be booted from.
  • Partition 114 follows partition table 112. At the start of partition 114 is boot record 120, which contains the boot program for partition 114. Following boot record 120 in partition 114 is FAT 122 and directory structure 124. Although the file system of the illustrative embodiment is one which relies on a FAT, this is for illustrative purposes only, and the method described can also be applied to other file systems, such as NTFS, ODS-2, HPFS, and Ext2f s, which use other kinds of file system structures. FAT 122 and directory structure 124 constitute the file system structure for partition 114. This file system structure allows access to data 126 in partition 114, which makes up the rest of partition 114. The disk layout described represents a common disk layout for a functional bootable disk.
  • partition 114 is repeated once for each partition.
  • a file system structure modification consists of new FAT 128 being substituted for old FAT 122. This takes place, for example, where the file system is changed from the FAT32 file system to the FAT16 file system. Such a change requires substantial modification of FAT 122, which can take a substantial amount of time to complete. Should there be a failure of the modification after it has begun, FAT 122 would likely be left in an unusable state.
  • replacement FAT 128 Prior to beginning the update of FAT 122, replacement FAT 128 is determined. The method for determining replacement FAT 128 is dependent upon the type of modification being performed, and many FAT modification procedures are known to those skilled in the art. Referring now to Fig. 4, this new FAT 128 is stored 400 somewhere in data 126. State B corresponds to the disk layout after operation 400 has been carried out. Note that at state B, new FAT 128 is illustrated at the end of data 126 for convenience, and can in reality be stored in any free area of data 126, or even in a place other than disk 604. Next, a copy of master boot record 110 is made, and stored 402 in data 126. State C corresponds to the disk layout following operation 402. Note that no changes have thus far been made to master boot record 110, boot record 120, FAT 122, or directory structure 124. A failure during any of the operations described would not ordinarily impair the file system structure, or the ability to boot up the operating system.
  • the first operation which affects the ability of the operating system to boot up is the copying 404 of recovery program 130 into the portion of the disk previously storing master boot record 110.
  • recovery program 130 Prior to this copying 404, recovery program 130 can be stored in any location convenient to the program performing the file system structure modification.
  • State D in Fig. 1 corresponds to a disk layout in which recovery program 130 has replaced master boot record 110 in the first sectors of the disk.
  • a system reset would cause the execution of recovery program 130, rather than the master boot program in master boot record 110.
  • the operation of recovery program 130 is explained below. At this point, the actual file system structure modification is attempted.
  • 602 attempts 406 to copy FAT 128 from data 126 to the location previously occupied by master boot record 110. A determination is made 408 as to whether the attempted operation 406 was successful. If it was, the normal cleanup routine is implemented. Otherwise, computer 600 is rebooted 414, as shown in Fig. 5. This rebooting 414 can be carried out either by CPU 602, upon detecting a failed modification attempt, or by a user. In some instances, an untimely rebooting 414 can be the cause of the modification failure. In that case CPU 602 never reaches determination 408.
  • states E through G of disk 604 are illustrated, corresponding to a successful modification 406 of the file system structure.
  • state E the file system structure modification procedure 406 has been completed, and new FAT 128 has replaced FAT 122 in partition 114.
  • state F corresponds to the disk layout following operation 410.
  • data 126 is cleaned up, by deleting 412 the copy of master boot record 110 and new FAT 128 from data 126.
  • State G corresponds to the final version of the disk layout.
  • state G The only difference between state G and state A is the substitution of new FAT 128 for FAT 122. Substitution of a new directory structure for directory structure 124 or a new boot record for boot record 120 would be accomplished in substantially the same manner as described. The method described can be used to accomplish a file system structure modification under any file system.
  • transitions 400 and 402 no change is made to the file system structure. Consequently, these are safe transitions, and there should be no harm to the file system structure resulting from a failure during these transitions.
  • transition 412 involves no changes to the file system structure, and is therefore safe. During the transitions 404 and 410, the portion of the disk ordinarily occupied by master boot record 110 is modified.
  • a system failure during either of these transitions can lead to a system failure, because upon system startup or reboot, the system will attempt to execute code located on this portion the disk. If the operation which writes code to this portion is terminated while only partially finished, the code will likely be erroneous, leading to a failure of the system to boot.
  • the size of master boot record 110 is generally very small. Therefore, transitions 404 and 410 will ordinarily be accomplished quickly, minimizing the risk of a failure during either transition. If such a failure does occur during one of these transitions, however, it might be possible to boot from another disk, such as a removable disk. If this can be done, the information in master boot record 110 might be reconstructed, by reinstalling the original system boot record 110. Because the file system structure is not affected by such a failure, there should be no loss of data.
  • transition 406 the actual copying of new FAT 128 over FAT 122. If a failure occurs during this operation, the result will likely be an invalid FAT 134, as illustrated in state H of Fig. 3. As described above, such an invalid file system structure generally leads to a catastrophic failure, and possible loss of data 126. In this case being described, however, the preventive measures carried out prior to the attempted file system structure modification 406 provide a mechanism for recovery.
  • control is passed to the first sectors of the disk, which are occupied by recovery program 130.
  • Recovery program 130 instructs CPU 602 to take steps necessary to achieve a valid file system structure. In the embodiment illustrated in Fig.
  • recovery program 130 carries out 416 the file system structure modification which was being attempted at the time of failure. By copying new FAT 128 from the location in data 126 to the location currently occupied by invalid FAT 134, recovery program 130 is able to complete the failed file system structure modification 406. State I corresponds to the result of such a procedure.
  • CPU 602 determines 418 whether modification 416 was successful. If it was not successful, or there was another failure while recovery program 130 was running, recovery program 130 would restart upon the next system reboot 414, and again attempt to complete the copying of new FAT 128.
  • recovery program replaces 420 itself with master boot record 110, by copying the version in data 126 to the first sectors of the disk.
  • disk 604 will correspond to state J in Fig. 3.
  • a disk in state J has a functioning file system structure, and a normal master boot record 110, allowing it to boot properly when reset.
  • the copies of master boot record 110 and new FAT 128 in data 126 are erased 422, to clean up the disk.
  • This cleanup 422 can be performed by recovery program 130, or control can be passed to other system software for performing this function.
  • the cleaned-up disk corresponds to state K in Fig. 3.
  • Disk 604 in state K has the updated file system structure, and is the same as state G, the result of an initially successful modification 406.
  • Transition 416 affects the file system structure, as new FAT 128 is written over invalid FAT 134. However, this transition is not critical, since the file system structure is already invalid at this point. Any failure during this transition would merely result in recovery program 130 starting up at the next reset, and attempting to complete the modification.
  • Transition 420 is the same as transition 410 in a successful file system structure modification, as described above.
  • transition 422 is the same as transition 412 described above.
  • recovery program 130 can perform other functions to achieve a valid file system structure. For example, instead of completing the attempted file system structure modification 406, recovery program 130 can return the file system structure to an earlier state. In such a case, instead of storing a copy of new FAT 128 in data 126, a copy of an earlier, valid FAT would be stored. Upon failure of file system structure modification 406, the system would be returned to the earlier, valid state. Although the replacement of a FAT has been illustrated, the invention provides a relatively safe method for modifying other file system structures. File system structure modifications can also include partitioning a hard drive, changing the partition of a hard drive and changing from one operating system to another.
  • file system modification functions which can benefit from being performed in the manner described.
  • the invention can be practiced with file systems such as NTFS, ODS-2, HPFS, and Ext2fs, which use file system structures file system structures which do not include a FAT. It is not necessary that the information stored prior to attempted file system structure modification 406 be stored in data area 126 of the disk on which the modification is being carried out. Depending on the organization of the computer system 600, such recovery information could be stored in another location, such as another hard disk, a removable disk, or elsewhere on a computer network.
  • boot record 120 which is part of partition 114, could be replaced instead, as long as partition 114 is the active partition. If another partition is the active partition, the corresponding boot record 120 would be replaced with recovery program 130. Similarly, for systems which can boot from a removable disk, recovery program 130 can be installed on a removable disk, in place of the boot record 120 on that disk.

Abstract

Prior to execution of a file system structure modification procedure (406) which can leave the file system structure in an invalid state, a copy is made of a boot record (110), and the boot record (110) is replaced by a recovery program (130). If the file system structure modification procedure (406) fails, leaving the file system structure in an invalid state, the recovery program (130) is automatically executed when the computer is rebooted (414). In one embodiment, the recovery program (130) completes the failed file system structure modification (406). In another embodiment, the recovery program (130) rolls the file system structure back to a valid state which predates the attempted file system structure modification (406). After restoring the file system structure to an intact state, the recovery program (130) uses the copy of the boot record (110) to restore the boot record (110) to its original state. This allows for the recovery of the file system structure without intervention by a user, and without loss of information.

Description

RECOVERY OF FILE SYSTEMS AFTER MODIFICATION FAILURE
FIELD OF INVENTION This invention pertains to the field of file system modification in a digital computer system. More specifically, this invention pertains to automatic recovery from failure of file system modification.
BACKGROUND OF THE INVENTION
Typically, when a computer is powered up or reset, a sequence of events must occur in order for the operating system to "boot" (begin operation). Generally, this sequence of events occurs when a Read Only Memory (ROM) startup program is executed. The ROM startup program determines which, if any, of the attached storage devices contain or contains information sufficient to boot the operating system. For IBM PC type computers, the ROM startup program generally begins by looking to any removable storage media, generally a removable disk. If there are no removable storage media configured for booting the operating system, the ROM startup program checks a fixed storage medium, which is generally a hard-disk. Although other types of storage media are in use, for the purposes of this discussion the storage media will be assumed to be magnetic disks. Finding a disk which is configured to boot the operating system, the ROM startup program executes a program found at the first physical sectors of the disk. For removable disks, these first sectors make up a boot record. A boot record contains a boot program that loads and executes system files on the disk for booting the operating system. For hard-disks, these first sectors make up a master boot record. The data storage space on hard-disks can generally be divided into partitions, each of which appears to the operating system as a separate disk. In order to support multiple partitions, the master boot record contains a master boot program which determines which partition is to be booted from. Typically, each partition includes a boot record at the first sectors of that partition, and the boot record contains a boot program like that of removable disks. The master boot program transfers control to the boot program contained in the appropriate partition.
There are a variety of file systems in use by different operating systems. Each of these file systems uses a different file system structure to manage data on disks. A file system structure stores information about files on the disk. Sometimes the file system structure is located at the beginning of a disk or partition, and sometimes it is located at various places throughout a disk or partition. The data on disks is generally divided into files, and the information stored in the file system structure generally includes the name and location of each file, in addition to other attributes of the files.
One common type of file system is based on a File Allocation Table (FAT). In such a file system, following the boot record on each disk or partition is a File Allocation Table (FAT). The FAT contains information for every cluster of sectors on the disk or partition, and is used as a map to indicate which clusters contain which computer-readable files. Following the FAT is a directory structure which maps specific file names to corresponding entries in the FAT. In order to locate files on a disk or partition, both the FAT and the directory structure must be intact. When the boot program loads system files to boot the operating system, it relies on the file system structure being intact. In this example, the file system structure would include the FAT and the directory structure. As the operating system is booted, it also relies on the file system structure being intact, in order to find and update files as needed. If the file system structure is damaged, or altered in an unexpected way, the operating system will likely not be able to boot from that disk. In most circumstances, a damaged FAT will result in the loss of at least some, if not all, data on the disk. There are at least three different file systems which utilize the FAT as part of a file system structure: FAT12, FAT16, and FAT32. These file systems correspond to various versions of DOS and Windows operating systems. There are other file systems, such as NTFS (for Windows NT), ODS-2 (for VMS), HPFS (for OS/2) and Ext2fs (for Linux), which use different kinds of file system structures. For example, NTFS uses a Master File Table (MFT), rather than a FAT, to keep track of files. All of these file systems, however, rely on information which constitutes a file system structure.
Many hard disk utility programs make significant modifications to file system structures. For example, a utility which converts a FAT from one format to another must reorganize the information in the FAT, as well as the directory structure. Also, utilities which change the size of partitions on a disk must significantly alter the FAT and directory structure. These operations are generally complicated, and can take a significant amount of time to complete. If there is an unexpected shut-down or reset of the system during any of these procedures, the result is often a file system structure which does not entirely conform to either the pre-modification state or the post-modification state. This resulting state is generally an invalid state. As noted above, this generally results in an unusable file system structure, and a disk which cannot boot. This is also generally accompanied by a loss of data on the disk.
Current file system structure modification programs attempt to reduce the chances of such a catastrophic failure by reducing the amount of time that a file system structure is in an invalid state. However, because some of the operations which must be performed on the file system structure are not atomic operations (which can be executed quickly and do not rely on other procedures), the possibility of a shutdown during one of these operations remains significant. Also, some of the atomic operations are themselves lengthy, and there is a chance of a failure during one of these operations.
What is needed is a method for providing for recovery from a failure of a file system structure modification.
SUMMARY OF THE INVENTION The present invention provides for recovery from a failure of a file system structure modification procedure (406). In one embodiment of the invention, prior to execution of any file system structure modification procedure (406) which can leave the file system structure in an invalid state, a copy is made of a boot record (110), and the boot record (110) is replaced by a recovery program (130). In some implementations the boot record (110) is a master boot record. If the file system structure modification procedure (406) fails, leaving the file system structure in an invalid state, the recovery program (130) is automatically executed when the computer is restarted (414). In one embodiment, the recovery program (130) completes the failed file system structure modification (406). In another embodiment, the recovery program (130) rolls the file system structure back to a valid state which predates the attempted file system structure modification (406).
After restoring the file system structure to an intact state, the recovery program (130) uses the copy of the boot record (110) to restore the boot record (110) to its original state. This allows for recovery of the file system structure without intervention by a user, and without loss of information.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 illustrates a sequence of disk states A - D prior to an attempted file system structure modification procedure 406.
Fig. 2 illustrates a sequence of disk states E - G following a successful file system structure modification 406.
Fig. 3 illustrates a sequence of disk states H - K following a failed file system structure modification 406.
Figs. 4 and 5 are flowcharts which illustrate the operation of one embodiment of the invention. Fig. 6 is a schematic illustration of a computer 600 used in one embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring now to Figs. 1 and 6, a series of hard-disk states A through D are illustrated. Disk state A corresponds to an ordinary, functional bootable disk, such as primary hard-disk 604 in computer 600. Computer 600 includes random access memory 604 as well as central processing unit (CPU) 602. All of the procedures described are carried out by CPU 602 under the direction of a program stored in memory 604. There is only one partition 114 in disk 604 of state A, but it is understood that the present invention can be applied to systems with multiple partitions 114 as well. The first sectors on disk 604 in state A are occupied by master boot record 110 (information at the top of the disk layouts of Fig. 1 represent the first sectors on disk 604). After master boot record 110 is partition table 112, which indicates where each partition 114 is, and which partition 114 is to be booted from.
Partition 114 follows partition table 112. At the start of partition 114 is boot record 120, which contains the boot program for partition 114. Following boot record 120 in partition 114 is FAT 122 and directory structure 124. Although the file system of the illustrative embodiment is one which relies on a FAT, this is for illustrative purposes only, and the method described can also be applied to other file systems, such as NTFS, ODS-2, HPFS, and Ext2f s, which use other kinds of file system structures. FAT 122 and directory structure 124 constitute the file system structure for partition 114. This file system structure allows access to data 126 in partition 114, which makes up the rest of partition 114. The disk layout described represents a common disk layout for a functional bootable disk. Where disk 604 is divided into multiple partitions, the structure of partition 114 is repeated once for each partition. In the embodiment described, a file system structure modification consists of new FAT 128 being substituted for old FAT 122. This takes place, for example, where the file system is changed from the FAT32 file system to the FAT16 file system. Such a change requires substantial modification of FAT 122, which can take a substantial amount of time to complete. Should there be a failure of the modification after it has begun, FAT 122 would likely be left in an unusable state.
Prior to beginning the update of FAT 122, replacement FAT 128 is determined. The method for determining replacement FAT 128 is dependent upon the type of modification being performed, and many FAT modification procedures are known to those skilled in the art. Referring now to Fig. 4, this new FAT 128 is stored 400 somewhere in data 126. State B corresponds to the disk layout after operation 400 has been carried out. Note that at state B, new FAT 128 is illustrated at the end of data 126 for convenience, and can in reality be stored in any free area of data 126, or even in a place other than disk 604. Next, a copy of master boot record 110 is made, and stored 402 in data 126. State C corresponds to the disk layout following operation 402. Note that no changes have thus far been made to master boot record 110, boot record 120, FAT 122, or directory structure 124. A failure during any of the operations described would not ordinarily impair the file system structure, or the ability to boot up the operating system.
The first operation which affects the ability of the operating system to boot up is the copying 404 of recovery program 130 into the portion of the disk previously storing master boot record 110. Prior to this copying 404, recovery program 130 can be stored in any location convenient to the program performing the file system structure modification. State D in Fig. 1 corresponds to a disk layout in which recovery program 130 has replaced master boot record 110 in the first sectors of the disk. At this point, a system reset would cause the execution of recovery program 130, rather than the master boot program in master boot record 110. The operation of recovery program 130 is explained below. At this point, the actual file system structure modification is attempted. CPU
602 attempts 406 to copy FAT 128 from data 126 to the location previously occupied by master boot record 110. A determination is made 408 as to whether the attempted operation 406 was successful. If it was, the normal cleanup routine is implemented. Otherwise, computer 600 is rebooted 414, as shown in Fig. 5. This rebooting 414 can be carried out either by CPU 602, upon detecting a failed modification attempt, or by a user. In some instances, an untimely rebooting 414 can be the cause of the modification failure. In that case CPU 602 never reaches determination 408.
The case in which modification 406 completes successfully is described next. Referring now to Fig. 2, states E through G of disk 604 are illustrated, corresponding to a successful modification 406 of the file system structure. In state E, the file system structure modification procedure 406 has been completed, and new FAT 128 has replaced FAT 122 in partition 114. Next, the copy of master boot record 110 stored in data 126 is copied 410 back to its original location on disk 406, overwriting recovery program 130. State F corresponds to the disk layout following operation 410. Finally, data 126 is cleaned up, by deleting 412 the copy of master boot record 110 and new FAT 128 from data 126. State G corresponds to the final version of the disk layout. The only difference between state G and state A is the substitution of new FAT 128 for FAT 122. Substitution of a new directory structure for directory structure 124 or a new boot record for boot record 120 would be accomplished in substantially the same manner as described. The method described can be used to accomplish a file system structure modification under any file system.
In the method described so far, discrete steps were taken at each transition between disk layout states. If there is a system failure at a time when no transition is taking place, the file system structure should remain in a valid state. It is when a failure occurs during a transition from one state to another that there is a danger of corrupting a file system structure. As noted above, during transitions 400 and 402 no change is made to the file system structure. Consequently, these are safe transitions, and there should be no harm to the file system structure resulting from a failure during these transitions. Similarly, transition 412 involves no changes to the file system structure, and is therefore safe. During the transitions 404 and 410, the portion of the disk ordinarily occupied by master boot record 110 is modified. A system failure during either of these transitions can lead to a system failure, because upon system startup or reboot, the system will attempt to execute code located on this portion the disk. If the operation which writes code to this portion is terminated while only partially finished, the code will likely be erroneous, leading to a failure of the system to boot. The size of master boot record 110 is generally very small. Therefore, transitions 404 and 410 will ordinarily be accomplished quickly, minimizing the risk of a failure during either transition. If such a failure does occur during one of these transitions, however, it might be possible to boot from another disk, such as a removable disk. If this can be done, the information in master boot record 110 might be reconstructed, by reinstalling the original system boot record 110. Because the file system structure is not affected by such a failure, there should be no loss of data.
The only transition which has not thus far been addressed is transition 406, the actual copying of new FAT 128 over FAT 122. If a failure occurs during this operation, the result will likely be an invalid FAT 134, as illustrated in state H of Fig. 3. As described above, such an invalid file system structure generally leads to a catastrophic failure, and possible loss of data 126. In this case being described, however, the preventive measures carried out prior to the attempted file system structure modification 406 provide a mechanism for recovery. Upon rebooting 414 the system, control is passed to the first sectors of the disk, which are occupied by recovery program 130. Recovery program 130 instructs CPU 602 to take steps necessary to achieve a valid file system structure. In the embodiment illustrated in Fig. 3, recovery program 130 carries out 416 the file system structure modification which was being attempted at the time of failure. By copying new FAT 128 from the location in data 126 to the location currently occupied by invalid FAT 134, recovery program 130 is able to complete the failed file system structure modification 406. State I corresponds to the result of such a procedure. CPU 602 then determines 418 whether modification 416 was successful. If it was not successful, or there was another failure while recovery program 130 was running, recovery program 130 would restart upon the next system reboot 414, and again attempt to complete the copying of new FAT 128.
When the copying of FAT 128 is successfully completed, recovery program replaces 420 itself with master boot record 110, by copying the version in data 126 to the first sectors of the disk. When that has been done, disk 604 will correspond to state J in Fig. 3. A disk in state J has a functioning file system structure, and a normal master boot record 110, allowing it to boot properly when reset. At this point, the copies of master boot record 110 and new FAT 128 in data 126 are erased 422, to clean up the disk. This cleanup 422 can be performed by recovery program 130, or control can be passed to other system software for performing this function. The cleaned-up disk corresponds to state K in Fig. 3. Disk 604 in state K has the updated file system structure, and is the same as state G, the result of an initially successful modification 406.
Transition 416 affects the file system structure, as new FAT 128 is written over invalid FAT 134. However, this transition is not critical, since the file system structure is already invalid at this point. Any failure during this transition would merely result in recovery program 130 starting up at the next reset, and attempting to complete the modification. Transition 420 is the same as transition 410 in a successful file system structure modification, as described above. Similarly, transition 422 is the same as transition 412 described above.
In other embodiments, recovery program 130 can perform other functions to achieve a valid file system structure. For example, instead of completing the attempted file system structure modification 406, recovery program 130 can return the file system structure to an earlier state. In such a case, instead of storing a copy of new FAT 128 in data 126, a copy of an earlier, valid FAT would be stored. Upon failure of file system structure modification 406, the system would be returned to the earlier, valid state. Although the replacement of a FAT has been illustrated, the invention provides a relatively safe method for modifying other file system structures. File system structure modifications can also include partitioning a hard drive, changing the partition of a hard drive and changing from one operating system to another. Those skilled in the art to which this invention pertains will understand that there are many useful file system modification functions which can benefit from being performed in the manner described. In addition to being practiced with file systems which utilize a FAT, the invention can be practiced with file systems such as NTFS, ODS-2, HPFS, and Ext2fs, which use file system structures file system structures which do not include a FAT. It is not necessary that the information stored prior to attempted file system structure modification 406 be stored in data area 126 of the disk on which the modification is being carried out. Depending on the organization of the computer system 600, such recovery information could be stored in another location, such as another hard disk, a removable disk, or elsewhere on a computer network. Although the example illustrated replacement of master boot record 110 with recovery program 130, boot record 120, which is part of partition 114, could be replaced instead, as long as partition 114 is the active partition. If another partition is the active partition, the corresponding boot record 120 would be replaced with recovery program 130. Similarly, for systems which can boot from a removable disk, recovery program 130 can be installed on a removable disk, in place of the boot record 120 on that disk. The above description is included to illustrate the operation of exemplary embodiments and is not meant to limit the scope of the invention. The scope of the invention is to be limited only by the following claims. From the above description, many variations will be apparent to one skilled in the art that would yet be encompassed by the spirit and scope of the present invention.
What is claimed is:

Claims

1. A method of providing for recovery from a failure of a file system structure modification procedure, the method comprising the steps of: making a copy of a boot record; replacing the boot record with a recovery program; and subsequent to replacing the boot record, attempting to perform a modification of a file system structure.
2. The method of claim 1, wherein the recovery program comprises a set of instructions which, when executed by a processor, cause the processor to perform the steps of: recovering from a failure of the attempted modification of the file system structure; and replacing the recovery program with the copy of the boot record.
3. The method of claim 2, wherein the step of recovering from the failure of the attempted modification of the file system structure comprises the sub-step of: executing the modification of the file system structure.
4. The method of claim 2, wherein the step of recovering from the failure of the attempted modification of the file system structure comprises the sub-step of: returning the file system structure to a state preceding the attempted modification of the file system structure.
5. The method of claim 1, wherein the attempted modification of the file system structure comprises attempting to change a format of a file allocation table (FAT).
6. The method of claim 1, wherein the file system structure is selected from the group consisting of FAT12, FAT16, FAT32, NTFS, ODS-2, HPFS, and Ext2fs.
7. The method of claim 1, wherein the boot record resides on a fixed storage medium.
8. The method of claim 7, wherein the fixed storage medium is a non-removable storage medium from which a computer system attempts to boot.
9. The method of claim 1, wherein the boot record resides on a removable storage medium.
5 10. The method of claim 1, wherein the boot record resides in the same storage device as the file system structure.
11. The method of claim 1, further comprising the step of: responsive to the attempted modification of the file system structure being successfully executed, replacing the recovery program with the copy of w the boot record.
12. The method of claim 1, wherein the attempted modification of the file system structure comprises attempting to copy data from a first storage location to a second storage location.
13. A computer apparatus comprising: 15 a central processing unit; coupled to the central processing unit, a first data storage device; and coupled to the central processing unit, a random access memory containing a set of instructions which, when executed by the central processing unit, cause the central processing unit to perform the steps of: 20 making a copy of a boot record stored in the first data storage device; replacing the boot record in the first data storage device with a recovery program; and subsequent to the replacement of the boot record, attempting to perform a modification of a file system structure.
25 14. The computer apparatus of claim 13, wherein the file system structure resides on the first data storage device.
15. The computer apparatus of claim 13, wherein the file system structure resides on a second data storage device.
16. The computer apparatus of claim 13, wherein the recovery program comprises a set of instructions which, when executed by the central processing unit, cause the central processing unit to perform the steps of: recovering from a failure of the attempted file system structure modification; and replacing the recovery program with the copy of the boot record.
17. The computer apparatus of claim 16, wherein recovering from a failure of the attempted file system structure modification comprises: performing the file system structure modification.
18. The computer apparatus of claim 16, wherein recovering from a failure of the attempted file system structure modification comprises: returning the file system structure to a state preceding the failed file system structure modification.
19. The computer apparatus of claim 13, wherein the attempted file system structure modification comprises changing a format of a file allocation table (FAT).
20. The computer apparatus of claim 13, wherein the file system structure is selected from the group consisting of FAT12, FAT16, FAT32, NTFS, ODS-2,
HPFS, and Ext2fs.
21. A computer readable medium containing instructions which, when executed by a processor, cause the processor to perform the steps of: making a copy of a boot record; replacing the boot record with a recovery program; and subsequent to replacing the boot record, attempting to modify a file system structure.
22. The computer readable medium of claim 21, wherein the recovery program comprises a set of instructions which, when executed by the processor, cause the processor to perform the steps of: recovering from a failure of the attempted modification of the file system structure; and replacing the recovery program with the copy of the boot record.
23. The computer readable medium of claim 22, wherein recovering from the failure of the attempted modification of the file system structure comprises: executing the modification of the file system structure.
24. The computer readable medium of claim 22, wherein recovering from the failure of the attempted modification of the file system structure comprises: returning the file system structure to a state preceding the attempted modification of the file system structure.
25. The computer readable medium of claim 21, wherein the attempted modification of the file system structure comprises attempting to change a format of a file allocation table (FAT).
26. The computer readable medium of claim 21, wherein the attempted modification of the file system structure comprises attempting to change at least one partition of the file system structure.
27. The computer readable medium of claim 21, wherein the instructions, when executed by the processor, cause the processor to perform the further step of: responsive to the attempted modification of the file system structure being successfully executed, replacing the recovery program with the copy of the boot record.
PCT/US1999/023110 1998-10-07 1999-10-05 Recovery of file systems after modification failure WO2000020971A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/167,879 US6205558B1 (en) 1998-10-07 1998-10-07 Recovery of file systems after modification failure
US09/167,879 1998-10-07

Publications (1)

Publication Number Publication Date
WO2000020971A1 true WO2000020971A1 (en) 2000-04-13

Family

ID=22609192

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/023110 WO2000020971A1 (en) 1998-10-07 1999-10-05 Recovery of file systems after modification failure

Country Status (2)

Country Link
US (1) US6205558B1 (en)
WO (1) WO2000020971A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2428895A1 (en) * 2009-06-15 2012-03-14 ZTE Corporation Key information area in file system maintaining method and apparatus

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6529992B1 (en) * 1999-07-26 2003-03-04 Iomega Corporation Self-contained application disk for automatically launching application software or starting devices and peripherals
US6513075B1 (en) * 1999-08-24 2003-01-28 Oak Technology Method for preserving data through a processor softboot
US6681325B1 (en) * 1999-09-15 2004-01-20 Powerquest Corporation Providing disk layout information to an operating system for booting after disk repartitioning
US6496944B1 (en) * 1999-10-06 2002-12-17 International Business Machines Corporation Method for database assisted file system restore
US7337360B2 (en) * 1999-10-19 2008-02-26 Idocrase Investments Llc Stored memory recovery system
US6594780B1 (en) 1999-10-19 2003-07-15 Inasoft, Inc. Operating system and data protection
KR100385021B1 (en) * 1999-11-23 2003-05-22 삼성전자주식회사 Computer for inputting product key of operating system program automatically when operating system program is reinstalled and method of the same
US6963951B2 (en) * 2000-07-12 2005-11-08 Seagate Technology Llc Partition recovery method
US20040044886A1 (en) * 2000-07-12 2004-03-04 Ng Weiloon Partition recovery method
TW527802B (en) * 2000-11-14 2003-04-11 Farstone Technology Inc Network recovery system and its backup/recovery method
US6760862B1 (en) * 2001-05-22 2004-07-06 Emc Corporation Methods and apparatus for performing a maintenance procedure on a data storage system
US6862681B2 (en) * 2001-07-16 2005-03-01 International Business Machines Corporation Method and system for master boot record recovery
US7191464B2 (en) * 2001-10-16 2007-03-13 Lenovo Pte. Ltd. Method and system for tracking a secure boot in a trusted computing environment
EP1446720B1 (en) * 2001-10-24 2006-03-22 Koninklijke Philips Electronics N.V. Security device for a mass storage
US6883114B2 (en) * 2001-11-08 2005-04-19 M-Systems Flash Disk Pioneers Ltd. Block device driver enabling a ruggedized file system
JP3722057B2 (en) * 2001-11-30 2005-11-30 ソニー株式会社 Data recording / reproducing apparatus, data recording / reproducing method, and digital camera
US8069480B1 (en) * 2002-09-30 2011-11-29 Mcafee, Inc. Method and system for defining a safe storage area for use in recovering a computer system
US8336044B2 (en) 2002-10-09 2012-12-18 Rpx Corporation Method and system for deploying a software image
US7024581B1 (en) 2002-10-09 2006-04-04 Xpoint Technologies, Inc. Data processing recovery system and method spanning multiple operating system
US7363540B2 (en) 2002-10-22 2008-04-22 Microsoft Corporation Transaction-safe FAT file system improvements
US7174420B2 (en) * 2002-10-22 2007-02-06 Microsoft Corporation Transaction-safe FAT file system
US7234077B2 (en) 2003-06-24 2007-06-19 International Business Machines Corporation Rapid restoration of file system usage in very large file systems
US7921082B2 (en) * 2004-01-23 2011-04-05 Lsi Corporation File recovery under linux operating system
US7467378B1 (en) * 2004-02-09 2008-12-16 Symantec Corporation System state rollback after modification failure
US7440966B2 (en) * 2004-02-12 2008-10-21 International Business Machines Corporation Method and apparatus for file system snapshot persistence
US7668883B2 (en) * 2004-11-30 2010-02-23 Kabushiki Kaisha Toshiba System for secure erasing of files
US8606830B2 (en) 2004-12-17 2013-12-10 Microsoft Corporation Contiguous file allocation in an extensible file system
US9639554B2 (en) 2004-12-17 2017-05-02 Microsoft Technology Licensing, Llc Extensible file system
US8321439B2 (en) 2004-12-17 2012-11-27 Microsoft Corporation Quick filename lookup using name hash
US7873596B2 (en) 2006-05-23 2011-01-18 Microsoft Corporation Extending cluster allocations in an extensible file system
US7987158B2 (en) * 2005-02-09 2011-07-26 International Business Machines Corporation Method, system and article of manufacture for metadata replication and restoration
GB0504390D0 (en) * 2005-03-02 2005-04-06 Ibm Storage system with cascaded copy targeting and enhanced integrity
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
KR100750132B1 (en) * 2005-09-27 2007-08-21 삼성전자주식회사 Method and system for booting, updating software automatically and recovering update error, and computer readable medium recording the method
CN101004769B (en) * 2006-01-20 2010-08-25 株式会社东芝 System for secure erasing of files and method
US7757112B2 (en) * 2006-03-29 2010-07-13 Lenovo (Singapore) Pte. Ltd. System and method for booting alternate MBR in event of virus attack
US7747664B2 (en) * 2007-01-16 2010-06-29 Microsoft Corporation Storage system format for transaction safe file system
US7613738B2 (en) 2007-01-16 2009-11-03 Microsoft Corporation FAT directory structure for use in transaction safe file system
US8037291B2 (en) * 2007-01-29 2011-10-11 Hewlett-Packard Development Company, L.P. Master boot record management
US7702662B2 (en) * 2007-05-16 2010-04-20 International Business Machines Corporation Method and system for handling reallocated blocks in a file system
US8190574B2 (en) 2010-03-02 2012-05-29 Storagecraft Technology Corporation Systems, methods, and computer-readable media for backup and restoration of computer information
CN104516791B (en) * 2013-09-30 2018-09-28 北京猎豹移动科技有限公司 Data processing method, device and electronic equipment
US20160299703A1 (en) * 2015-04-07 2016-10-13 Avago Technologies General Ip (Singapore) Pte. Ltd. I/o performance in raid storage systems that have inconsistent data
CN110389853B (en) * 2019-06-26 2024-01-02 威胜信息技术股份有限公司 Protection and recovery method for embedded file system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241672A (en) * 1991-04-01 1993-08-31 Xerox Corporation System using the storage level of file updates in nonvolatile memory to trigger saving of RAM to disk and using the file updates to reboot after crash

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5390324A (en) * 1992-10-02 1995-02-14 Compaq Computer Corporation Computer failure recovery and alert system
US5469573A (en) * 1993-02-26 1995-11-21 Sytron Corporation Disk operating system backup and recovery system
US5706472A (en) * 1995-02-23 1998-01-06 Powerquest Corporation Method for manipulating disk partitions
US5974567A (en) * 1997-06-20 1999-10-26 Compaq Computer Corporation Ghost partition

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241672A (en) * 1991-04-01 1993-08-31 Xerox Corporation System using the storage level of file updates in nonvolatile memory to trigger saving of RAM to disk and using the file updates to reboot after crash

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Enhanced Remote Network Installation", IBM TECHNICAL DISCLOSURE BULLETIN., vol. 40, no. 11, November 1997 (1997-11-01), IBM CORP. NEW YORK., US, pages 163, XP000739959, ISSN: 0018-8689 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2428895A1 (en) * 2009-06-15 2012-03-14 ZTE Corporation Key information area in file system maintaining method and apparatus
EP2428895A4 (en) * 2009-06-15 2012-12-26 Zte Corp Key information area in file system maintaining method and apparatus

Also Published As

Publication number Publication date
US6205558B1 (en) 2001-03-20

Similar Documents

Publication Publication Date Title
US6205558B1 (en) Recovery of file systems after modification failure
US6820214B1 (en) Automated system recovery via backup and restoration of system state
US6851073B1 (en) Extensible system recovery architecture
US6535998B1 (en) System recovery by restoring hardware state on non-identical systems
JP4363676B2 (en) Computer system
US8074035B1 (en) System and method for using multivolume snapshots for online data backup
USRE41011E1 (en) Apparatus and method for controlling booting operation of computer system
US8386428B2 (en) Method and system for fast generation of file system snapshot bitmap in virtual environment
US8732121B1 (en) Method and system for backup to a hidden backup storage
US7216251B2 (en) Computer imaging recovery without a working partition or a secondary medium
US8239356B2 (en) Methods and apparatuses for data protection
US6317845B1 (en) System for computer recovery using removable high capacity media
US6915420B2 (en) Method for creating and protecting a back-up operating system within existing storage that is not hidden during operation
US6996706B1 (en) Booting an operating system or running other pre-boot code from a file stored under a different operating system
US7475282B2 (en) System and method for rapid restoration of server from back up
US5086502A (en) Method of operating a data processing system
JP3593241B2 (en) How to restart the computer
US7480819B1 (en) Method for boot recovery
JP5757509B2 (en) System reset
EP3769224B1 (en) Configurable recovery states
WO2011109534A2 (en) Systems, methods and computer-readable media for backup and restoration of computer information
US6934805B2 (en) Method and apparatus for managing computer storage devices for improved operational availability
EP3769225B1 (en) Free space pass-through
US6684293B1 (en) Methods and computer readable media for preserving unique critical information during data imaging

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase