Re: [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic forced after error (3)

["Theodore Ts'o" <tytso@mit.edu>]

On Thu, Aug 17, 2023 at 07:52:55PM -0700, Eric Biggers wrote:
> Obviously it's up to the system administrator; that should have been clear since
> I suggested a sysctl.  Sorry if I wasn't clear.  The point is that there are
> certain conventions for what is allowed to break the safety guarantees that the
> kernel provides to userspace, which includes causing a kernel panic.  Panics on
> various problems are configured by /proc/sys/kernel/panic_*.  So having to
> opt-in to panic-on-error, or at least being able to opt-out, by setting a sysctl
> seems natural.  Whereas having mount() being able to automatically panic the
> kernel with no way to opt-out seems like a violation of broader kernel
> conventions, even if it happens to be "working as intended" in the ext4 context.

The reason why a sysctl isn't really great is because the system
administrator might want to configure the behavior on a per-file
system basis.  And you *can* configure it as a mount option, via
"mount -o errors=continue" or "mount -o "errors=panic".  The
superblock setting is just the default if something isn't explicitly
specified as a mount option (either on the command line or in
/etc/fstab).

So mount does not "automatically" panic the kernel, and there are
*plenty* of ways to opt-out.  You can use the mount option; you can
run "tune2fs -e continue"; you can just !@#!?! run fsck.ext4 before
mounting the file system.  There are all ways of "opting out."  Some
of them, such as the last, is even considered best practice --- just
as picking up a USB stick, or worse, a firewire drive, in a parking
lot, and *not* plugging it into your laptop is considered best practice.

	     	  	    	      	       - Ted