Subject: Re: kern/29898: mount(2) can corrupt filesystem
To: None <christos@zoulas.com>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 04/07/2005 11:04:33
[ adding Cc: tech-kern@ ]
> On Apr 6, 11:23pm, yamt@mwd.biglobe.ne.jp (YAMAMOTO Takashi) wrote:
> -- Subject: Re: kern/29898: mount(2) can corrupt filesystem
>
> | hi,
> |
> | > | restructure mount related code so that the caller of
> | > | VFS_MOUNT doesn't need to alter mnt_flag/iflag.
> | > | maybe by adding more arguments to VFS_MOUNT to describe the operation.
> | >
> | > Isn't is as simple as doing:
> |
> | well, while i've committed the similar change,
> | i don't think it's that simple. it isn't MNT_GETARGS specific.
> |
> | eg. consider updating !MNT_SOFTDEP to MNT_SOFTDEP.
> | until ffs_mount notices the attempt and prevents it by setting MNT_SOFTDEP,
> | MNT_SOFTDEP is left cleared.
> |
> | i think either of the following is needed.
> | - change VFS_MOUNT as i suggested above.
>
> This is too intrusive.
>
> | - don't share mnt_flag between filesystem independent code and
> | filesystem code.
>
> I think that this is better because then the filesystem specific
> code can veto the flag settings before applying them.
>
> christos
i have a different opinion.
it's sometimes better to fix intrusively and it's the case now.
there's no good reason to have operational flags like MNT_UPDATE in mnt_flag.
accumulating kludgy fixes is not the way to go.
YAMAMOTO Takashi