FreeBSD Mail Archives

Date:      Mon, 11 Jul 2016 12:30:34 -0500
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-stable@freebsd.org
Subject:   Re: Not-so stable if you take a CAM error....
Message-ID:  <f22ab40d-42f0-78a3-d3a7-945387259109@denninger.net>
In-Reply-To: <1468254746.72182.121.camel@freebsd.org>
References:  <2b0c454b-c1a0-4b5b-e778-bf0939e90ae1@denninger.net> <op.ykfe1fvbkndu52@ronaldradial.radialsg.local> <6e9c07e1-12a6-a7cd-f775-6b0fe5a706bc@denninger.net> <1468243977.72182.118.camel@freebsd.org> <877f5e8e-c1e7-6fb0-6ceb-031ce3e68582@denninger.net> <CAKFCL4WrRS1ic1CZqcmbCEnsrD2pkh4VHPBFyB%2B-3NaNJZ%2BJkw@mail.gmail.com> <1468254746.72182.121.camel@freebsd.org>


[-- Attachment #1 --]
On 7/11/2016 11:32, Ian Lepore wrote:
> On Mon, 2016-07-11 at 09:50 -0400, Brandon Allbery wrote:
>> On Mon, Jul 11, 2016 at 9:46 AM, Karl Denninger <karl@denninger.net>
>> wrote:
>>
>>> Here's the backtrace ... sounds like expected behavior, which is
>>> not-so
>>> good all-in for a situation like this.  I guess the strategy is to
>>> turn
>>> off softupdates before attempting such an update so as not to crash
>>> the
>>> host machine if there's a problem with the card.
>>>
>> I would tend to assume that removable media should not have
>> softupdates
>> enabled. Even with properly working media, it's practically begging
>> for
>> corruption.
>>
> Writing to an sdcard without softupdates enabled will be an exercise in
> patience.  Like, come back next week and maybe it'll be done.
>
> The only thing that comes to mind with this is maybe some sort of mount
> flag to say you're willing to live with any amount of filesystem
> corruption in lieu of panicking.  I'm not sure how easy/practical that
> would be to implement, though.
>
> -- Ian
Why not force-detach the volume that takes the error instead of a panic()?

That would lead to a panic if the detached volume was the system volume
(obviously) but for a data volume it would simply result in it being
forcibly unmounted (and dirty, so if it's corrupt it will get caught
when reattached.)

It seems that the current paradigm of saying "screw you, panic the
machine" violates the principle of least astonishment and is overly
punitive vis-a-vis necessity.  Refusing further I/O because the volume
may now have a corrupt filesystem appears to be facially reasonable, but
that doesn't necessarily wind up being fatal the system itself -- it is
if that's the system volume and is not covered by some sort of
redundancy, obviously, but it's not in all cases.

(Note that you can't just unmount the filesystem involved in the error;
it has to be the volume that gets forcibly detached and whatever flows
through from that you have to live with.  The reason is that on any sort
of solid-state media the OS has zero control over zoning and write
amplification means far more the data you were actually modifying may
have been lost -- it's entirely possible that *several megabytes* of
data just got trashed by the write error, and it's even possible that
the block(s) involved cross a filesystem boundary!)

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
��_0�[0�C�)0
	*�H��
0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��
	Cuda Systems LLC CA0
150421022159Z
200419022159Z0Z10	UUS10UFlorida10U
Cuda Systems LLC10UKarl Denninger (OCSP)0�"0
	*�H��
�0�
���X�@v�kY�
�T��q/v�E�]��5#�֯�MX����\8��L�J/V?�5���Da�+
��sJ��c�*��/�r�{ȼ�n��S�+�w"�)���ąZ^�Dt��dC�OZ�� ~7��Q ��'��@���a#i�j�c۴oZdB&���!�Ӝ���-�<	�?��H���N���5���y
5�}F�|ef゘��"V��لi��o��7��4���zn�">����a����1q�Wuɖ�b�F��e�GE�&�3(��K�h����ix�G�3���!��#�e_X�Ƭ����Ϝ/,��$�+�;�4y��'�B�z<qT�9����_?rRU�pn�5
��Jn&R��x/�p J�yel�*�pN�8�/#�9�u����/��YP�E��C)T����Y>��~/˘N[������v��yi���DKˉ�,�^�"� ?�$��T8����v�&�����K�%z��8�C @?�K{�9�f`��+���@,|����M��bia���0��07++0)0'+0�http://cudasystems.net:88880	U00	`�H��B�0U�0,	`�H��B
OpenSSL Generated Certificate0U��-��h\F����f ��Y0U#0�$q���}��ݽ�ʒ����m50U0�karl@denninger.net0
	*�H��
�Ow�b��a�bɺx�&��Uk�[��(O�j��!����%�p��MQ�0I�!#�Q��H��}.>~2���&D}�<�wm_>�V6�v��]�f��>=�N�n�+8;q �wfΰ����/��R�LyU��G#�b�}n�!D����ր_��up�|��_�ǰ��c��/�%ۥ���
�nN8:�d��;�-�UJ��d/�m��1~Vނי���nN I˾$t�F1&}�|?q?�\đ�X��ԑ�&\�4V�<lK������ۮ3%Am_����(��q����-(c����Ae�G�X)f}�-˥6c��v~��K�g�8m~v��;|�9�:-i�A����P��қ�6�ېn�-���.)�<[�$KJ�t�����t/L4�ᖣ�^Cm�u4v�b{+�B�G�$M���0c�\��[M�R�|�0FԸ�����P&7����8�"4p������#���}��DZ�9;V�9�#>�S�w"��[�UP7�1�0�0��0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��
	Cuda Systems LLC CA)0
	`�He��M0	*�H��
	1	*�H��
0	*�H��
	1
160711173034Z0O	*�H��
	1B@�C-E�>�����ȗ����2
�"{3�I�񴍓+dl�p����+�e�^>� W-�]��60l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��
	Cuda Systems LLC CA)0��*�H��
	1�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems LLC CA1"0 	*�H��
	Cuda Systems LLC CA)0
	*�H��
��diG�e{I�ЙPiv�l���m�Tʗ�Y���T��1�Wq�~P��ߩ�S�\��s����}��r]a��
��Hva7���<��h�����e��Y�o�@�%�N��r�U!��#���QO�y�yr���氼�v�� �e�2�~=_�����u�<s�%�%�����Q^_ݷ��~=�mn��?���,?:���d���Y�E�~���p��zm:�$5U����ES#l��#���$D�ԑ�A���0�i�Gm�;D�S���i�������=���ӄ���2wv�Hifql{��B���l_�����n:Lu��T��}�5�
�0q�������bR���C"�������V���(+��r��]�6��!�Ŏ����Y\���dD��&��VYk*H���Y�5����_"���W�[J�<�Q��H(_�ܳ�Pz�d����EW��/q&������N�W�9Ȑ����԰XҷI���;ȕ.,�iBG�?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f22ab40d-42f0-78a3-d3a7-945387259109>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation