Re: FFS: wrong superblock check ~> crash

To: Christos Zoulas <christos%astron.com@localhost>
Subject: Re: FFS: wrong superblock check ~> crash
From: Masao Uebayashi <uebayasi%gmail.com@localhost>
Date: Tue, 21 Oct 2014 03:22:47 +0900

On Tue, Oct 21, 2014 at 1:46 AM, Christos Zoulas <christos%astron.com@localhost> wrote:
> In article <20141020154606.GA10443%asim.lip6.fr@localhost>,
> Manuel Bouyer  <bouyer%antioche.eu.org@localhost> wrote:
>>On Mon, Oct 20, 2014 at 03:38:11PM +0200, Maxime Villard wrote:
>>> [...]
>>> With a broken superblock the kernel will read far beyond the allocated
>>> area, which mostly means it will crash.
>>
>>Sure. There's lot of other ways to crash the kernel with a broken ffs.
>>In this specific case it's OK to return an error, but in the general
>>case I prefer to have the kernel panic when an inconsistency is
>>detected in ffs, than return an error and try to continue running with
>>a bogus filesystem.
>
> Well, this was the mentality 30 years ago (let's panic), and this is why
> we are here today. Sure it is fine and safe to panic(), but if I can
> prevent the whole system from crashing and I can keep running in degraded
> mode (isolating the broken filesystem), I'd rather have the choice to do
> so. I.e. The best thing would be to choose the panic or isolate behavior
> via a sysctl or a compilation time kernel define.

Have you heard minix3?

:)

References:
- FFS: wrong superblock check ~> crash
  - From: Maxime Villard
- Re: FFS: wrong superblock check ~> crash
  - From: Manuel Bouyer
- Re: FFS: wrong superblock check ~> crash
  - From: Christos Zoulas

Prev by Date: Re: FFS: wrong superblock check ~> crash
Next by Date: Re: FFS: wrong superblock check ~> crash
Previous by Thread: Re: FFS: wrong superblock check ~> crash
Next by Thread: Re: FFS: wrong superblock check ~> crash
Indexes:

Home | Main Index | Thread Index | Old Index