Date: Fri, 27 Aug 2004 12:55:39 -0700 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Ken Smith <kensmith@cse.Buffalo.EDU> Cc: freebsd-stable@freebsd.org Subject: Re: ffs_alloc panic patch Message-ID: <6.1.0.6.1.20040827124846.03ac02d0@popserver.sfu.ca> In-Reply-To: <20040827193605.GC28442@electra.cse.Buffalo.EDU> References: <1076237332.20040827215245@kaluga.ru> <20040827193605.GC28442@electra.cse.Buffalo.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:36 27/08/2004, Ken Smith wrote: > ... Here you again wind up in a > situation where the filesystem data structures on the disk can > become corrupted. Typically at some point the ffs code will > recognize that the metadata is incorrect and again a panic is > better than trying to carry on pretending nothing is wrong. Shouldn't a corrupt filesystem be handled by forcibly dismounting it, rather than invoking panic()? We certainly don't want to keep on using a corrupt filesystem, but we should attempt to isolate a single failing piece of hardware rather than allowing it to bring down the entire system. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.1.20040827124846.03ac02d0>