[Bug 210316] panic after trying to r/w mount msdosfs on write protected media

Thu May 17 08:46:50 UTC 2018

On Thu, 17 May 2018, Stefan Esser wrote:

> Am 17.05.18 um 09:14 schrieb Bruce Evans:
>>
>> [.. about markvoldirty() in msdosfs not being too good]
>>
>> One idea for improving this is to delay markvoldirty() until the first
>> explicit write().  Also, don't clobber the disk to write atimes even if
>> the fs is mounted rw and without -noatime (it takes something like FAT32
>> before atimes even exist in msdosfs).  msdosfs has always had an internal
>> flag pm_fmod which was apparently intended for a similar optimization, but
>> it is useless since it is always set on successful rw mounts and not cleared
>> until unmount, and it is write-only except for a check in msdosfs_sync()
>> where it just causes a panic if it is not set.  The voldirty flag and
>> any internal dirty flags should also be set to clean if the file system
>> is not written to for some time after a successful complete sync, so that
>> the fs is usually clean if it is not written to often.  All versions of
>> Windows that I have tried seem to do this.
>
> Some 20 years ago I had to work with AIX machines, and I found that they
> offered a nice feature for accesses to removable media (floppy disks, at
> that time). If such a media was not written to for a few seconds, it could
> be removed without unmounting.
>
> I proposed to implement a timer that was triggered when the number of
> dirty buffers for a partition drops to zero and that is canceled when
> the partition is written to (this does not need to be a timer of course,
> polling for that case every few seconds works as well), at that time. And
> pre-soft-updates and journaling that feature had also been of advantage
> for UFS file systems that are rarely written but where the cause of most
> fsck delay after an unclean shutdown.
>
> In case that a media (whether removable or not) was mounted R/W and not
> written to (had no dirty buffers) for more than a few seconds, the mount
> could be downgraded to R/O (in the same way as by a "mount -u -o ro"). A
> flag that recorded the fact, that this partition may be written to could
> then be checked in the "write to R/O partition" error case, and if the
> file system was only temporarily set to R/O, it could be treated like a
> first access to a writable partition (i.e., write a dirty flag into the
> super-block or whatever action the file system performs when mounted R/W).
>
> In short, the suggestion is to down-grade the mount state of any file-system
> not used for some configurable time to R/O, with an automatic upgrade to R/W
> on the next write attempt.
> ...

I want this more for ffs too.

Anither idea is to have a per-cylinder-group (cg) dirty flag and only fsck
the dirty cg's.  Then an enormous number of cg's would be a feature.  Most
would remain clean unless locality is bad.  This is too large a project for
me.  I only have small data and just use small ffs file systems and mount most
of them ro most of the time.

Bruce