On Nov 6, 2013, at 2:24 PM, Warner Losh <imp%bsdimp.com@localhost> wrote:
Panic now to prevent crazy later. If the structures are
inconsistent, then relying on underlying assumptions in the code is
so unsafe we simply can't do it at all. How do we know that going
to read-only doesn't create some kind of excess data disclosure
path?
What I am saying is that you shouldn't trust it. We shouldn't have
underlying assumptions in the code. We don't in the networking code.
Treat it as if it's probably trying to cause a denial of service.
I'm saying don't panic, either forcibly unmount or treat it as
uncacheable and read-only.