On Mon, Feb 06, 2017 at 12:51:46PM -0700, Andreas Dilger wrote: > On Feb 5, 2017, at 12:34 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > > > Add a shutdown bit that will cause ext4 processing to fail immediately > > with EIO. > > Does it make sense to combine the checks for "shutdown", "abort", and > "read-only" into a single check, instead of sprinkling separate checks > throughout the code? It seems like many of the places where > ext4_forced_shutdown() is checked should also be checking for read-only > and abort, even if they aren't today. I've thought about that. At the moment forced_shutdown will actually return errors for some read-only operations as well --- for example, we immediately return an error in ext4_file_open() and ext4_file_mmap(). And I had considered adding it to some additional read operations (e.g., readpage, readpages, etc.) on the theory that if we know the block device should be treated as dead, maybe we should add shortcut error returns for them as well. (Especially since the SCSI layer and error handling have historically not necessarily gone together well like chocolate and peanut butter. :-) So I decided to keep the shutdown and implementation of errors=remount-ro separate for now, but it is a good question for us to consider. - Ted
