Hi,

> > What I meant to say was that code of the various filesystems currently
> > assumes that the data on the media is somewhat consistent.  Since the
> > intention is that Joe User can mount some arbitrary floppy (or zip disk,
> > or ...), the in kernel filesystem code needs to check any data it
> > reads off the media for plausibility.

[...]

> Solving this is not trivial, I don't think changing the panic() to
> return(appropriate_error_code) is the rigth thing to do, in some case
> you want to panic if a filesystem gets corrupted. This could probably
> be switched on/off for root/non-root mounts.
> Also I think there are some cases where it's too late to recover gracefully.

Hmm, I think the appropriate thing to do is some equivalent of "panic"ing,
but only for the filesystem in question.  I.e. something like forcibly
unmounting that filesystem (but maybe continue to return EIO on access to
anything below the mountpoint?).  Whether to flush dirty buffers for the
filesystem in question out or not, I'm not sure about either.

Ciao,
Wolfgang
-- 
ws@TooLs.DE     (Wolfgang Solfrank, TooLs GmbH) 	+49-228-985800