Re: usb flash drive removal (Re: Desktop NetBSD needs your help)

[Antti Kantee <pooka%netbsd.org@localhost>]

On Tue Feb 10 2009 at 07:11:22 +0100, Michael van Elst wrote:
> You know, that's not necessarily true. Nothing prevents you from
> handling such failures in a graceful manner.

Nothing prevents NetBSD from being bug-free.  chip-chop-chip

> The fact that our file system code crashes and burns if presented
> 'untrusted' data shouldn't be a model for removable media.

There is a great difference between what is and what should be.  I for
one do not want to rewrite all our kernel file systems to deal with
untrusted input.

IMHO trying to do "smart" tricks for unwanted device removals along
the main code paths is the classic error of trying to handle the normal
case and worst case simultaneously.  You should try to prevent system
crash in a very KISS fashion but just forget about the file system.

If you're worried, just make all caching for removal media write-through.
That's 10 lines of code instead of 1000.

> And
> that's independent of kernel vs. userland implementation.

There should be no separate user and kernel implementations for kernel
services.