Date: Mon, 9 Nov 1998 19:21:51 +1100 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, eivind@yes.no, freebsd-fs@FreeBSD.ORG, richard@jezebel.demon.co.uk Subject: Re: Should a corrupt floppy disk cause a panic? Message-ID: <199811090821.TAA12725@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> Suitably damaged ffs file systems should also cause panics (as soon as >> possible so that the damage doesn't grow). fsck_foofs must be run >> before mounting [possibly-]damaged foofs file systems. This is not so >> easy for msdosfs file systems since there is no fsck_msdosfs. > >Suitably damaged ffs file systems should block for further writes. A >panic() is not the only way of blocking for further writes, and for >high-availability systems it is a bad way. This should be tunable, of >course, as an unattended system would probably be better off panic'ing >and rebooting, to get the system to automatically come up again with >the filesystem available. However, for systems with many filesystems >active, it might be much better to loose access to that single >filesystem than to take down the entire machine for a reboot. Yes, when a panic occurs (deep in a non-ffs routine, due to memory corruption caused by using invalid data from the disk), it is easy for the system to unwind the state to when the error occurred and make ffs wait there ;-). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811090821.TAA12725>