Date:        Wed, 15 Oct 2003 11:35:08 +0200 (CEST)
    From:        Karl Janmar <karl@utopiafoundation.org>
    Message-ID:  <Pine.NEB.4.58.0310151112370.21387@atoll.utopiafoundation.org>

  | This says if somebody puts in expensive checks, make them optional.
  | The need for expensive checks differs for different scenarios.

No, don't do that - the cost of testing whether or not to do the test
is likely to be comparable with the cost of most of the tests that
need to be done.

der Mouse was exaggerating what is needed - the kernel doesn't need to
be able to detect file system errors, let alone fix them, it just needs
to protect itself from crashing.   It doesn't even need to protect the
filesystem from further corruption (which is why I'd personally only allow
read only non-root forced mounts, not read write - that is an aspect of
"protect the user from himself").

This kind of protection is not optional, the "file system clean" bit provides
no real protection, and I certainly don't believe that "panic is the only
option" is ever really the case (though it might be the only currently
obvious option given the code structure in some places).

kre