Date: Wed, 28 Nov 2018 01:31:23 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Warner Losh <imp@bsdimp.com>, Kirk McKusick <mckusick@mckusick.com> Cc: Konstantin Belousov <kostikbel@gmail.com>, FreeBSD FS <freebsd-fs@freebsd.org>, "Julian H. Stacey" <jhs@berklix.com>, "soralx@cydem.org" <soralx@cydem.org> Subject: Re: [bug] fsck refuses to repair damaged UFS using backup superblock Message-ID: <YTOPR0101MB11624C6EA47C4AA2F14945A1DDD10@YTOPR0101MB1162.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <201811280125.wAS1PZAG034119@chez.mckusick.com> References: <CANCZdfouJC6JxTGTE9WKWrfh=McMs5mPRqKrsW9nKT7xHpYDxQ@mail.gmail.com>, <201811280125.wAS1PZAG034119@chez.mckusick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kirk McKusick wrote: >> From: Warner Losh <imp@bsdimp.com> >> Date: Sun, 25 Nov 2018 12:01:45 -0700 >> Subject: Re: [bug] fsck refuses to repair damaged UFS using backup superblock >> To: Kirk McKusick <mckusick@mckusick.com> >> Cc: Rick Macklem <rmacklem@uoguelph.ca>, FreeBSD FS <freebsd-fs@freebsd.org>, >> "Julian H. Stacey" <jhs@berklix.com>, >> "soralx@cydem.org" <soralx@cydem.org> >> >> On Sun, Nov 25, 2018, 11:35 AM Kirk McKusick <mckusick@mckusick.com wrote: >> >>>> From: Rick Macklem <rmacklem@uoguelph.ca> >>>> To: "soralx@cydem.org" <soralx@cydem.org>, >>>> Kirk McKusick <mckusick@mckusick.com> >>>> CC: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org>, >>>> "Julian H. Stacey" >>>> <jhs@berklix.com> >>>> Subject: Re: [bug] fsck refuses to repair damaged UFS using backup >>> superblock >>>> Date: Sun, 25 Nov 2018 15:25:21 +0000 >>>> >>>> It would be nice if there was a way to override the check and boot >>>> the system. (Is a loader tunable reasonable for this?) >>>> >>>> rick >>> >>> Rather than adding a loader tunable to override the check (which people >>> would have to track down in the midst of a crisis), it might be better >>> to simply have the loader print a warning when there is a mismatch and >>> proceed to try using the filesystem. If successful, an fsck could then >>> be run to try and clean it up. Does this seem reasonable? >>> >>> Kirk McKusick >> >> Yes. You have a big chicken and egg issue otherwise. And not booting >> seems like an extreme overreaction to a bad checksum. I can think >> of no use case where you'd want it. Let's let people ask for it >> with a decent use case before we do anything more than print a >> warning and soldier on... >> >> Warner > >My proposal is that when a filesystem is being mounted read-only >that superblock check-hash failures should be warnings only. This >is true not just at boot time, but always. We should probably set >the FS_NEEDSFSCK flag so that if it is updated to read-write a >warning will get printed. Since booting always starts up with >the filesystem in read-only mode, this should solve the booting >problem. Does this seem like a sensible solution? Is there a concern that a read-only mount of a corrupted non-root fs could cause the system to panic/crash? For booting, I think Warner is correct to suggest "print a warning and soldier on..". However, once the system has booted (maybe only single user), I'd think it would be better to fail the mount at least until an fsck is done on it than allow it to be mounted read-only, unless there is no risk that doing this mount could cause a crash/panic. Obviously, just my opinion given that I don't know UFS. rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTOPR0101MB11624C6EA47C4AA2F14945A1DDD10>