Comment by floatboth
4 years ago
No, you won't see corruption on ZFS. Cutting power to the drive is always safe, you can slice a SATA cable with a guillotine if you want, you'll always see a consistent state of the filesystem. ZFS transactions are entirely atomic.
ZFS (and btrfs) is not "journaled", it's copy-on-write.
You won't see corruption of the filesystem itself, but you'll see data corruption as described in the thread. If the writes are delayed, the write ordering can get messed up. + Zfs has ZIL, which is basically journal equivalent.
Journals are used to protect filesystem metadata. The ZIL is used only to protect data.
You will not see any data corruption on ZFS as long as the underlying hardware implements REQ_PREFLUSH correctly and the software uses proper POSIX semantics. If no filesystem corruption is happening, then the stuff under ZFS is doing its job correctly and your problem is in userspace.
Following a crash, ZFS returns to a past good state. Any completed synchronous writes or writes protected by a completed fsync will be there. Any of those that did not complete can be expected to be lost (unless it was moments away from returning to userspace) and any non-synchronous IO that occurred in the last several seconds is allowed to disappear.
By default, non-sync IO is flushed to permanent storage every 5 seconds. A past good state is not something that I would call corruption and software is expected to be able to resume from the past under POSIX.