> Idea is simple. Expects that we have a clean filesystem in correct > state. We load primary/active/main FAT table (just call it FAT1) and all > changes to filesystem would be done via second non-active FAT table > (FAT2). At unmount or sync or flush buffer times, FAT2 would be copied > back to the FAT1 and filesystem would be back in clean state. Somehow, scribbling on the non-active table for actual changes sounds like a bad idea waiting to happen (partly because if you do that and crash, after the reboot you remount, and it starts up with the now-stale FAT1 because you never flagged that FAT as stale. That means that if we started using the secondary FAT, we'd change the ActiveFAT variable to indicate that. And if we do that, we need to also set num_fat to 2 because num_fat 1 and ActiveFAT pointing at the second FAT is *definitely* bogus. And that could result in us crashing and leaving the device with a header that says 'num_fat == 2', ActiveFAT == second, and the dirty bit set - and the user next uses the filesystem on a system/device that hard-codes that there's only 1 FAT, so it blindly goes on its merry way using a FAT that's stale and never realizing it. And that's actually the same failure mode as in the first paragraph - you start off using FAT1 because you don't see an indication that it's stale.
Attachment:
pgpMrMCiapN_g.pgp
Description: PGP signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
