>> Rejecting won't help much, there are so many other parts that may be
>> corrupt that you cannot validate on mount.
> For start we want to stop the kernel from crashing on mount.
So you'd rather have it crash at some unpredictable time after mount?
Okay, that's mostly snark, but there's a serious point lurking.
>> The goal should be to gracefully handle corrupted data structures by
>> returning errors instead of crashing the kernel.
> mbouyer@ wants to panic always, after a successful mount.
And, sometimes, I think that's the rightest choice. But I also would
like to be able to get errors instead of panics.
Want to pull something off a thumbdrive? I'd rather have an error just
forcibly unmount the filesystem and flush everything using it:
mount -o onerror=unmount /dev/sd1e /mnt
But for the machine's own filesystems? Corruption should panic:
mount -o onerror=panic /dev/wd2a /builds
Of course, actually making that work, well, I don't have any
suggestions for cat-bellers. Unless and until I have a significant
amount of spare time, it's all just "it might be nice if".
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mo...@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
