Re: FFS: wrong superblock check ~> crash

To: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Subject: Re: FFS: wrong superblock check ~> crash
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Mon, 20 Oct 2014 18:18:51 +0200

On Mon, Oct 20, 2014 at 03:58:45PM +0000, Taylor R Campbell wrote:
>    Date: Mon, 20 Oct 2014 17:46:06 +0200
>    From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> 
>    Sure. There's lot of other ways to crash the kernel with a broken ffs.
>    In this specific case it's OK to return an error, but in the general
>    case I prefer to have the kernel panic when an inconsistency is
>    detected in ffs, than return an error and try to continue running with
>    a bogus filesystem.
> 
> Continuing to run with a bogus file system is no good, but panicking
> the kernel is worse.  If the kernel takes any drastic action beyond
> merely returning an error, it should remount the file system
> read-only.

definitively not. I want a panic. If the filesystsem is corrupted something
has gone really wrong and you can't trust the running system any more.
And there are cases where returning EROFS is worse than panicing (e.g.
a NFS server).

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: FFS: wrong superblock check ~> crash
  - From: Michael van Elst
- Re: FFS: wrong superblock check ~> crash
  - From: Mindaugas Rasiukevicius
- Re: FFS: wrong superblock check ~> crash
  - From: Paul_Koning
- Re: FFS: wrong superblock check ~> crash
  - From: Greg Troxel

References:
- Re: FFS: wrong superblock check ~> crash
  - From: Manuel Bouyer
- Re: FFS: wrong superblock check ~> crash
  - From: Taylor R Campbell

Prev by Date: Re: FFS: wrong superblock check ~> crash
Next by Date: Re: FFS: wrong superblock check ~> crash
Previous by Thread: Re: FFS: wrong superblock check ~> crash
Next by Thread: Re: FFS: wrong superblock check ~> crash
Indexes:

Home | Main Index | Thread Index | Old Index