What Really Happens to Files and Disks During a Power Outage?

This article, originally from a Zhihu Q&A, explains what occurs at the system and hardware levels when a sudden power loss interrupts a file write, and how different file systems try to preserve data integrity.

Uncertainties at the moment of power loss

You cannot know whether the write command sent to the device driver succeeded; drivers usually have their own caches.

Even if the write command returns successfully, the device may still have cached data, and no storage device can guarantee that all data is physically on the medium after a return.

Success and failure may be out of order; for example, request A may be lost while request B succeeds due to NCQ.

Mechanical disks can lose part of a sector (e.g., only 100 bytes of a 512‑byte sector written), though such errors are often detected by checksum bits.

Typical file‑system strategies

Do nothing and accept errors.

Mark suspect areas and rely on disk‑level checks to recover later.

Design the file‑system structure to be recoverable, though user data may not be.

Guarantee absolute correctness of user data, usually in conjunction with special storage drivers (common on flash‑based file systems).

Older FAT‑type systems fall into the first two categories, mainstream file systems like NTFS provide the third, and the fourth is rare and hardware‑specific.

Common techniques to protect data

Solution 1: Copy‑On‑Write (COW) – Instead of overwriting the original location, the system writes a new copy elsewhere and, after successful write, updates the pointer to the new location.

In practice the situation is more complex because metadata (e.g., timestamps) also changes, affecting many blocks.

Solution 2: Journaling – The file system records metadata (and sometimes data) changes in a journal (e.g., NTFS). After a power loss, the journal can be replayed to bring the file system back to a consistent state.

These two approaches are the most common; other, more sophisticated methods exist but generally trade performance for structural stability.

Ext4 data modes (Linux example)

data=writeback

: Metadata is written without waiting for data, so after a crash data may be corrupted. data=ordered: Data is flushed before metadata, offering better safety but still not absolute. data=journal: Both data and metadata are written to the journal first (double write), providing the highest integrity at the cost of speed.

Details can be found in the mount(8) manual.

Disk‑level guarantees

Hard drives expose a flush command that forces cached data to be written to the medium. Some drives have capacitors to preserve cache during power loss, but most rely on the host to issue flush after critical writes. Advanced commands like FUA (Force Unit Access) further control write ordering.

Application write paths

If an application uses buffered I/O, data may reside in the OS page cache for an indeterminate time before being flushed, so a power loss can erase recent writes. Direct I/O bypasses the cache, so only the data being written at the exact moment of loss is at risk, though behavior also depends on the file system’s implementation.

In summary, neither the file system nor the storage device can guarantee that every user‑level byte survives a sudden power loss; they can only ensure structural consistency and, with appropriate configurations, improve the odds of data preservation.