Re: FFS: wrong superblock check ~> crash

To: tech-kern%netbsd.org@localhost
Subject: Re: FFS: wrong superblock check ~> crash
From: christos%astron.com@localhost (Christos Zoulas)
Date: Mon, 20 Oct 2014 16:46:23 +0000 (UTC)

In article <20141020154606.GA10443%asim.lip6.fr@localhost>,
Manuel Bouyer  <bouyer%antioche.eu.org@localhost> wrote:
>On Mon, Oct 20, 2014 at 03:38:11PM +0200, Maxime Villard wrote:
>> [...]
>> With a broken superblock the kernel will read far beyond the allocated
>> area, which mostly means it will crash.
>
>Sure. There's lot of other ways to crash the kernel with a broken ffs.
>In this specific case it's OK to return an error, but in the general
>case I prefer to have the kernel panic when an inconsistency is
>detected in ffs, than return an error and try to continue running with
>a bogus filesystem.

Well, this was the mentality 30 years ago (let's panic), and this is why
we are here today. Sure it is fine and safe to panic(), but if I can
prevent the whole system from crashing and I can keep running in degraded
mode (isolating the broken filesystem), I'd rather have the choice to do
so. I.e. The best thing would be to choose the panic or isolate behavior
via a sysctl or a compilation time kernel define.

christos

Follow-Ups:
- Re: FFS: wrong superblock check ~> crash
  - From: Masao Uebayashi

References:
- FFS: wrong superblock check ~> crash
  - From: Maxime Villard
- Re: FFS: wrong superblock check ~> crash
  - From: Manuel Bouyer

Prev by Date: Re: FFS: wrong superblock check ~> crash
Next by Date: Re: FFS: wrong superblock check ~> crash
Previous by Thread: Re: FFS: wrong superblock check ~> crash
Next by Thread: Re: FFS: wrong superblock check ~> crash
Indexes:

Home | Main Index | Thread Index | Old Index