From owner-freebsd-stable@FreeBSD.ORG Sat Aug 28 08:43:16 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 580F216A4CE for ; Sat, 28 Aug 2004 08:43:16 +0000 (GMT) Received: from lancia.kaluga.ru (lancia.kaluga.ru [62.148.128.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A4AF43D64 for ; Sat, 28 Aug 2004 08:43:15 +0000 (GMT) (envelope-from fbsdlist@merdin.com) Received: from localhost (242.net-144.kaluga.ru [62.148.144.242] (may be forged)) by lancia.kaluga.ru (8.12.10/8.12.10) with ESMTP id i7S8hBw9058106 for ; Sat, 28 Aug 2004 12:43:12 +0400 (MSD) Received: from localhost ([127.0.0.1]) by [127.0.0.1] with ESMTP (SpamPal v1.57) sender ; 28 Aug 2004 12:43:11 +0400 Date: Sat, 28 Aug 2004 12:43:10 +0400 From: Pavel Merdine X-Mailer: The Bat! (v2.12.00) Personal X-Priority: 3 (Normal) Message-ID: <146532856.20040828124310@kaluga.ru> To: freebsd-stable@freebsd.org In-Reply-To: <6.1.0.6.1.20040827124846.03ac02d0@popserver.sfu.ca> References: <1076237332.20040827215245@kaluga.ru> <20040827193605.GC28442@electra.cse.Buffalo.EDU> <6.1.0.6.1.20040827124846.03ac02d0@popserver.sfu.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: ffs_alloc panic patch X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Aug 2004 08:43:16 -0000 Hello , Yes. That I was trying to say. For example, the Windows does not show the blue screen in such situations. In my practice I saw many times the situation of panic() when file system was not fsck'd. Actually it may even lead to security holes. E.g. a user may change an fs somehow to make it loop in panic forever... Friday, August 27, 2004, 11:55:39 PM, you wrote: > At 12:36 27/08/2004, Ken Smith wrote: >> ... Here you again wind up in a >> situation where the filesystem data structures on the disk can >> become corrupted. Typically at some point the ffs code will >> recognize that the metadata is incorrect and again a panic is >> better than trying to carry on pretending nothing is wrong. > Shouldn't a corrupt filesystem be handled by forcibly dismounting it, > rather than invoking panic()? We certainly don't want to keep on using > a corrupt filesystem, but we should attempt to isolate a single failing > piece of hardware rather than allowing it to bring down the entire > system. > Colin Percival -- / Pavel Merdine