From owner-freebsd-fs  Sun Nov  8 08:42:05 1998
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA26188
          for freebsd-fs-outgoing; Sun, 8 Nov 1998 08:42:05 -0800 (PST)
          (envelope-from owner-freebsd-fs@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26183
          for <freebsd-fs@FreeBSD.ORG>; Sun, 8 Nov 1998 08:42:01 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id RAA10841;
	Sun, 8 Nov 1998 17:34:21 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id RAA06154;
	Sun, 8 Nov 1998 17:32:55 +0100 (MET)
Message-ID: <19981108173255.57550@follo.net>
Date: Sun, 8 Nov 1998 17:32:55 +0100
From: Eivind Eklund <eivind@yes.no>
To: Bruce Evans <bde@zeta.org.au>, freebsd-fs@FreeBSD.ORG,
        richard@jezebel.demon.co.uk
Subject: Re: Should a corrupt floppy disk cause a panic?
References: <199811081528.CAA07261@godzilla.zeta.org.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <199811081528.CAA07261@godzilla.zeta.org.au>; from Bruce Evans on Mon, Nov 09, 1998 at 02:28:35AM +1100
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Nov 09, 1998 at 02:28:35AM +1100, Bruce Evans wrote:
> >Subject: Should a corrupt floppy disk cause a panic?
> 
> Yes.

NO.  Not unconditonally.

> >This is question on policy.
> >
> >The msdosfs will panic and the system will die if you mount a 
> >floppy with a corrupt format. I have an image of such a floppy
> >and I can crash my system every time.
> 
> Suitably damaged ffs file systems should also cause panics (as soon as
> possible so that the damage doesn't grow).  fsck_foofs must be run
> before mounting [possibly-]damaged foofs file systems.  This is not so
> easy for msdosfs file systems since there is no fsck_msdosfs.

Suitably damaged ffs file systems should block for further writes.  A
panic() is not the only way of blocking for further writes, and for
high-availability systems it is a bad way.  This should be tunable, of
course, as an unattended system would probably be better off panic'ing
and rebooting, to get the system to automatically come up again with
the filesystem available.  However, for systems with many filesystems
active, it might be much better to loose access to that single
filesystem than to take down the entire machine for a reboot.

Eivind.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message