Date: Tue, 27 Nov 2018 23:59:36 -0800 From: Kirk McKusick <mckusick@mckusick.com> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: Warner Losh <imp@bsdimp.com>, Konstantin Belousov <kostikbel@gmail.com>, FreeBSD FS <freebsd-fs@freebsd.org>, "Julian H. Stacey" <jhs@berklix.com>, "soralx@cydem.org" <soralx@cydem.org> Subject: Re: [bug] fsck refuses to repair damaged UFS using backup superblock Message-ID: <201811280759.wAS7xabP040527@chez.mckusick.com> In-Reply-To: <YTOPR0101MB11624C6EA47C4AA2F14945A1DDD10@YTOPR0101MB1162.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Rick Macklem <rmacklem@uoguelph.ca> > To: Warner Losh <imp@bsdimp.com>, Kirk McKusick <mckusick@mckusick.com> > CC: Konstantin Belousov <kostikbel@gmail.com>, > FreeBSD FS <freebsd-fs@freebsd.org>, > "Julian H. Stacey" <jhs@berklix.com>, > "soralx@cydem.org" <soralx@cydem.org> > Subject: Re: [bug] fsck refuses to repair damaged UFS using backup super= block > Date: Wed, 28 Nov 2018 01:31:23 +0000 > = > Kirk McKusick wrote: >> >> My proposal is that when a filesystem is being mounted read-only >> that superblock check-hash failures should be warnings only. This >> is true not just at boot time, but always. We should probably set >> the FS_NEEDSFSCK flag so that if it is updated to read-write a >> warning will get printed. Since booting always starts up with >> the filesystem in read-only mode, this should solve the booting >> problem. Does this seem like a sensible solution? > = > Is there a concern that a read-only mount of a corrupted non-root > fs could cause the system to panic/crash? > = > For booting, I think Warner is correct to suggest "print a warning > and soldier on..". However, once the system has booted (maybe only > single user), I'd think it would be better to fail the mount at > least until an fsck is done on it than allow it to be mounted > read-only, unless there is no risk that doing this mount could cause > a crash/panic. Obviously, just my opinion given that I don't know UFS. > = > rick Since the initial boot does a read-only mount, my proposal will have the effect that the boot will "print a warning and soldier on..". The root filesystem has to be intact enough to be able to read the boot code and one or more kernel and configuration files from it. If it is able to get that far, it will most likely be able to read-only mount it and get /sbin/init and /bin/sh off it to get to a single-user prompt. By setting the FS_NEEDSFSCK flag on the filesystem, a full fsck will be run as part of trying to come up and will fail to single user if the fsck is not successful. Kirk McKusick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811280759.wAS7xabP040527>