On Tue, Aug 24, 1999 at 02:59:09PM +0200, Wolfgang Solfrank wrote:
> [...]
> What I meant to say was that code of the various filesystems currently
> assumes that the data on the media is somewhat consistent.  Since the
> intention is that Joe User can mount some arbitrary floppy (or zip disk,
> or ...), the in kernel filesystem code needs to check any data it
> reads off the media for plausibility.

Sure, at last for some filesystems it's possible to crash the machine
with a bad FS on a media.
But you trust your users don't you ? :)

Solving this is not trivial, I don't think changing the panic() to
return(appropriate_error_code) is the rigth thing to do, in some case
you want to panic if a filesystem gets corrupted. This could probably
be switched on/off for root/non-root mounts.
Also I think there are some cases where it's too late to recover gracefully.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--