On Tue, 26 Oct 2004, Alexandre Oliva wrote: > On Oct 26, 2004, "Robert P. J. Day" <rpjday@xxxxxxxxxxxxxx> wrote: > > > On Tue, 26 Oct 2004, Alexandre Oliva wrote: > > >> All it takes is a bit of incorrect memory management in the kernel. > >> As soon as you corrupt kernel data structures, all bets are off. Say, > >> double-free of a pointer to an ntfs read-only buffer could corrupt > >> whatever data structure that buffer was being reused for after the > >> first free. > > > i've always wondered about this -- i still don't see how that could > > corrupt the NTFS structure *on* *disk*. sure, it's entirely possible > > that the cached NTFS info in RAM might get screwed, you might lose the > > ability to *read* files from the hard drive. > > Not only that. It may screw any data structures whatsoever. It > could, for example, mark as dirty another unrelated page that was not > supposed to be dirty, and then, if that page happens to get a bit of > the memory corruption too, it will eventually make it to disk (if the > system doesn't crash first). but, once again, if the FS is mounted read only, how will that page "eventually make it to disk", as you describe it? i guess, the way i'm looking at it, the read-only mount setting should take precedence over *all* operations and should be the ultimate authority, preventing any writes to disk, no matter how corrupted the internal data structures get. anyway, i guess that's just looking at things as if it were a perfect world. rday