Subject: Re: kern/29898: mount(2) can corrupt filesystem
To: None <christos@zoulas.com>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 04/07/2005 11:04:33
[ adding Cc: tech-kern@ ]

> On Apr 6, 11:23pm, yamt@mwd.biglobe.ne.jp (YAMAMOTO Takashi) wrote:
> -- Subject: Re: kern/29898: mount(2) can corrupt filesystem
> 
> | hi,
> | 
> | > | 	restructure mount related code so that the caller of
> | > | 	VFS_MOUNT doesn't need to alter mnt_flag/iflag.
> | > | 	maybe by adding more arguments to VFS_MOUNT to describe the operation.
> | > 
> | > Isn't is as simple as doing:
> | 
> | well, while i've committed the similar change,
> | i don't think it's that simple.  it isn't MNT_GETARGS specific.
> | 
> | eg. consider updating !MNT_SOFTDEP to MNT_SOFTDEP.
> | until ffs_mount notices the attempt and prevents it by setting MNT_SOFTDEP,
> | MNT_SOFTDEP is left cleared.
> | 
> | i think either of the following is needed.
> | - change VFS_MOUNT as i suggested above.
> 
> This is too intrusive.
> 
> | - don't share mnt_flag between filesystem independent code and
> |   filesystem code.
> 
> I think that this is better because then the filesystem specific
> code can veto the flag settings before applying them.
> 
> christos

i have a different opinion.
it's sometimes better to fix intrusively and it's the case now.
there's no good reason to have operational flags like MNT_UPDATE in mnt_flag.
accumulating kludgy fixes is not the way to go.

YAMAMOTO Takashi