Re: ffs_alloc panic patch
From: Ken Smith (kensmith_at_cse.Buffalo.EDU)
Date: 08/27/04
- Previous message: Ken Smith: "Re: ffs_alloc panic patch"
- Maybe in reply to: Pavel Merdine: "ffs_alloc panic patch"
- Next in thread: Pavel Merdine: "Re[2]: ffs_alloc panic patch"
- Reply: Pavel Merdine: "Re[2]: ffs_alloc panic patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 27 Aug 2004 16:42:17 -0400 To: Colin Percival <colin.percival@wadham.ox.ac.uk>
On Fri, Aug 27, 2004 at 12:55:39PM -0700, Colin Percival wrote:
> At 12:36 27/08/2004, Ken Smith wrote:
> > ... Here you again wind up in a
> > situation where the filesystem data structures on the disk can
> > become corrupted. Typically at some point the ffs code will
> > recognize that the metadata is incorrect and again a panic is
> > better than trying to carry on pretending nothing is wrong.
>
> Shouldn't a corrupt filesystem be handled by forcibly dismounting it,
> rather than invoking panic()? We certainly don't want to keep on using
> a corrupt filesystem, but we should attempt to isolate a single failing
> piece of hardware rather than allowing it to bring down the entire
> system.
It's too hard to decide whether the filesystem in question can be lived
without. Certainly / can't be lived without. The contents of /var
can't be lived without, it may or may not be on a separate filesystem.
Suppose I chose to have /tmp on a separate filesystem and we actually
did manage to successfully unmount it (hee hee hee :-), typically
the directory permissions of the /tmp directory as represented in the
root filesystem itself are wrong (setting it to be rwxrwxrwt was done
after it had been mounted and it's the permissions from the mounted
filesystem that are normally seen). Can we live without /usr? Did
we set up cron jobs that will do really really really nasty things if
the filesystem doesn't look the way it should because something got
unmounted we weren't expecting? Suppose we're running a mirror site
with a large repository in /ftp, it fails, but the machine remains
up and running - downstream mirror sites connect, see nothing, and
dutifully remove everything on their site.
Too many decisions the kernel shouldn't make... :-)
The isolating a single failing piece of hardware thing is RAID turf.
--
Ken Smith
- From there to here, from here to | kensmith@cse.buffalo.edu
there, funny things are everywhere. |
- Theodore Geisel |
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
- Previous message: Ken Smith: "Re: ffs_alloc panic patch"
- Maybe in reply to: Pavel Merdine: "ffs_alloc panic patch"
- Next in thread: Pavel Merdine: "Re[2]: ffs_alloc panic patch"
- Reply: Pavel Merdine: "Re[2]: ffs_alloc panic patch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- Re: [PATCH] Use of getblk differs between locations
... >> What do you mean corrupt filesystem? ... If a filesystem is
written so badly ... Linux NTFS maintainer / IRC: ... send the line "unsubscribe
linux-kernel" in ... (Linux-Kernel) - Re: [PATCH] Sanitize filesystem NLS handling
... because it can corrupt filesystem. ... Glib2 developers say) should be in the
locale encoding becomes very obvious ... (Linux-Kernel) - Re: AIX 4.3 Kernel IPLs on a corrupt filesystem, no good.
... AIX 4.3 Kernel IPL's on a corrupt filesystem, ... (AIX-L) - fsck, corrupt lost+found
... I have a corrupt filesystem on a machine ... running Solaris 2.6 ...
Running fsck on the filesystem, ... (SunManagers) - Re[2]: ffs_alloc panic patch
... >> a corrupt filesystem, but we should attempt to isolate a single failing ...
> the directory permissions of the /tmp directory as represented in the ... Suppose
we're running a mirror site ... > with a large repository in /ftp, it fails,
but the machine remains ... (freebsd-stable)
