Is NTFS fail-safe in case of a power outage?

13

4

In case of a power outage, can the NTFS filesystem be harmed? E.g be broken or cause file corruption? And is the NTFS built-in mirroring on dynamic disks guaranteed to keep the files in a consistent state in case of a power outage?

My point of view of this is that journaling file systems is specifictly designed to tolerate such kind of problems. The user data is not guaranteed by the NTFS file system, but applications like database management system has transaction managers that protects the data.

A few quotes from the great book Microsoft Windows Internals:

NTFS

NTFS includes a number of advanced features. One of its most significant features is recoverability. If a system is halted unexpectedly, the metadata of a FAT volume can be left in an inconsistent state, leading to the corruption of large amounts of file and directory data. NTFS logs changes to metadata in a transactional manner so that file system structures can be repaired to a consistent state with no loss of file or directory structure information. (File data can be lost, however.)

NTFS Design Goals and Features

High-End File System Requirements

From the start, NTFS was designed to include features required of an enterprise-class file system. To minimiza data loss in the face of an unexpected system outage or crash, a file system must ensure that the integrity of its metadata is guaranteed at all times. Finally, a file system must allow for software-based data redundancy as a low-cost alternative to hardware-redundant solutions for protecting user data.

Recoverability

NTFS uses atomic transactions to implement its file system recovery features. If a program initiates an I/O operation that alters the structure of an NTFS volume - that is, changes the directory structure, extends a file, allocates space for a new file, and so on - NTFS treats that operation as an atomic transaction. It guarantees that the transaction os either completed or, if the system fails while executing the transaction, rolled back.

In addition, NTFS uses redundant storage for vital file system information so that if a sector on the disk goes bad, NTFS can still access the volume's critical file system data.

Data Redundancy and Fault Tolerance

In addition to recoverability of file system data, some customers require that their own data not be endangered by a power outage or a catastrophic disk failure. The NTFS recovery capabilities do ensure that the file system on a volume remains accessible, but they make no guarantees for complete recovery of user files. Protection for applications that can't risk losing data is provided through data redundancy.

Data redundancy for user files is implemented via the Windows layered driver model, which provides fault-tolerant disk support. A volume manager can mirror, or duplicate, data from one disk onto another disk so that a redundant copy can always be retrieved.

NTFS Recovery Support

NTFS recovery support ensures that if a power failure or a system failure occurs, no file system operations (transactions) will be left incomplete and the structure of the disk volume will remain intact without the need to run a disk repair utility. The NTFS Chkdsk utility is used to repair catastrophic disk corruption caused by I/O errors (bad sectors, electrical anomalies, or disk failures, for example) or software bugs. But with the NTFS recovery capabilities in place, Chkdsk is rarely needed.

Recoverable File Systems

Although NTFS doesn't guarantee protection of user data in the event of a system crash - some changes can be lost from the cache - applications can take advantage of the NTFS write-through and cash-flushing capabilities to ensure that file modifications are recorded on disk at appropriate intervals. Both cache write-through - forcing the write operations to be immediately recorded on disk - and cash flushing - forcing contents to be written to disk - are efficient operations. Furthermore, unlike the FAT file system, NTFS guarantees that user data will be consistent and available immediately after a write-through operation or a cash flush, even if the system subsequently fails.

Jonas

Posted 2010-09-30T13:26:33.433

Reputation: 21 007

Looks like you have your answer... – r0ca – 2010-09-30T14:21:17.203

Answers

7

Theory aside, there are so many problems to be found on this site, caused on NTFS by power outage, that the answer has to be : NO.

I have personally handled on this site problems that went from suddenly appearing bad sectors and up to Windows installation completely hosed.

A computer is an extremely complex hardware, and modern hard disks have also become small computers of their own. Each has its own processor and memory, so each is vulnerable to power glitches happening at the wrong moment.

Even if NTFS is fail-safe (which I don't really believe), the components that handle changes to the hard disk are certainly not fail-safe. So the whole question is quite academical and doesn't relate to the real world.

The answer then has to be that NTFS is safer, but not fail-safe.

harrymc

Posted 2010-09-30T13:26:33.433

Reputation: 306 093

7+1 There is no substitute for a good UPS that automatically shuts down on power fail and good backups of data. – Dave M – 2010-09-30T15:26:58.703

Couldn't disk mirroring be a solution for "suddenly apearing bad sectors"? – Jonas – 2010-09-30T17:17:36.617

I agree with the above commenter; anecdotal evidence of data loss because of who-knows-what (possibly disk failure) isn't really evidence that NTFS isn't being power loss resilient. Anyone who lived through the era when FAT was the norm (and had to incessantly try to recover disk data) knows that NTFS is quite robust by comparison. That being said, ReFS is supposed to be even better. I've been running ReFS for years on a backup drive. – NoelC – 2018-08-01T13:18:20.927

I found an interesting article about the topic; How Microsoft puts your data at risk

– Jonas – 2010-10-28T00:05:57.040

Very interesting - I downloaded the thesis. – harrymc – 2010-10-28T05:47:10.527

I agree. There is also an interesting thesis about ZFS: ZFS data integrity tested. I think that I will have a look on Nexenta

– Jonas – 2010-10-28T13:55:20.483

4Bad sectors are not an NTFS issue. I also object to the anecdotal evidence given here. NTFS is crash safe under the assumption that hardware obeys typical guarantees regarding writes. These were probably violated in your case. – usr – 2013-10-13T12:47:59.313

4

NTFS only journals metadata, which prevents corruption of the file system, but God help you with the data, which is not journaled. If a power outage occurs during write, data is lost.

Mircea Chirea

Posted 2010-09-30T13:26:33.433

Reputation: 1 365

True, but e.g. a database management system uses a transaction manager for user data, so the is durable when it's commited. Data that aren't 100% written aren't reported as "written" to the user. – Jonas – 2010-09-30T16:34:43.237

2@Jonas, yes, of course, but that's a feature of the application, not the file system. – Mircea Chirea – 2010-10-01T03:09:22.277

3

After writing code that reads and write NTFS, I came to the conclusion that the NTFS recovery feature is designed / implemented in a flawed manner.

The NTFS journal contains a log entry for the operation that caused the write, it usually contains just enough information to undo / redo that operation, however, if the sector is corrupted during the write (due to power failure), the log entry is not necessarily enough to recover all the metadata in that sector.

The Windows NTFS driver implementers assume that any write operation will either completely succeed or not happen at all (this is only true in some enterprise environments).

Tal Aloni

Posted 2010-09-30T13:26:33.433

Reputation: 138