ID: q101670
The Windows NT file system (NTFS) provided by Microsoft Windows NT and Windows NT Advanced Server use transaction logging to ensure recoverability. The text below details how Windows NT implements this feature.
The file system processes each I/O operation that modifies a file on an NTFS volume as a transaction. Each file on an NTFS volume is listed as a record in a special file called the Master File Table (MFT). The first record in the table describes the MFT itself and the second record is an MFT "mirror" record. If the first MFT record is corrupted, NTFS uses the second record to find the MFT mirror file, the first record of which is identical to the first record of the MFT. The boot sector records the locations of the MFT and MFT mirror file. Windows NT stores a duplicate copy of the boot sector at the logical center of the disk.
The third record in the MFT is the log file which records all file transaction information. NTFS and the Log File Service use the DATA attribute of the log file to implement file system recoverability. The Log File Service is a component of the Windows NT Executive and the text below describes it in greater detail. Because the log file is a system file, it can be found early in the boot process and used to recover the disk volume, if necessary. When a user updates a file, the Log File Service records all redo and undo information for the transaction. For recoverability, redo information allows NTFS to roll the transaction forward (repeat the transaction if necessary), and undo allows NTFS to roll the transaction back if an error occurs.
If a transaction completes successfully, NTFS commits the file update to disk. If the transaction is not complete, NTFS ends or rolls back the transaction according to the undo information. If NTFS detects an error in the transaction, it rolls back the transaction. If NTFS cannot guarantee that a transaction completed successfully, it rolls the transaction back. Incomplete modifications to the volume are not allowed.
If the system crashes (due to power failure or other cause), NTFS performs three passes through the data on the disk: an analysis pass, a redo pass, and an undo pass. During the analysis pass, NTFS appraises the damage, if any, and determines which clusters it must update using the information in the log file. The redo pass performs any steps logged from the last checkpoint. Then the undo pass rolls back any incomplete (uncommitted) transactions.
The NTFS recovery pass involves the following six steps:
1. When Windows NT recognizes an NTFS volume, it reads the MFT.
2. NTFS calls the Log File Service to open the log file. This causes
the Log File Service Recovery to take place.
3. NTFS calls the Log File Service to read its restart area and reads
all the data from the last checkpoint operation. This data
initializes the transaction table, dirty pages table, and open file
table so they can be used in the recovery process.
4. NTFS performs an analysis pass on its last checkpoint record. At
the end of this pass, the transaction table contains only
transactions that were active when the crash occurred.
5. NTFS performs a redo pass. At the end of this pass, the cache
reflects the state of the volume when the crash occurred.
6. NTFS performs an undo pass. At the end of this pass, the volume is
recovered to a stable state.
The Log File Service maintains two objects to support its functions:
Keywords : kbother
Version : 3.1
Platform : WINDOWS
Last Reviewed: August 13, 1998