From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Hellwig Subject: Re: [PATCH[RFC] kill sysrq-u (emergency remount r/o) Date: Tue, 6 Feb 2007 09:44:38 +0000 Message-ID: <20070206094438.GA5328@infradead.org> References: <20070205173247.GA25790@lst.de> <20070206031744.GA11018@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii To: Theodore Tso , Jan Engelhardt , Christoph Hellwig , akpm@osdl.org, haveblue@us.ibm.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Return-path: Received: from pentafluge.infradead.org ([213.146.154.40]:54205 "EHLO pentafluge.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751956AbXBFJpE (ORCPT ); Tue, 6 Feb 2007 04:45:04 -0500 Content-Disposition: inline In-Reply-To: <20070206031744.GA11018@thunk.org> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Mon, Feb 05, 2007 at 10:17:44PM -0500, Theodore Tso wrote: > > sysrq+u is helpful. It is like \( sysrq+s && make sure no further writes > > go to disk \). > > I agree it is useful, but if we're going to do it we really should do > it right. We should have real revoke() functionality on file > descriptors, which revokes all of the mmap()'s (any attempt to write > into a previously read/write mmap will cause a SEGV) as well as > changing f_mode, and then use that to implement emergency read-only > remount. Revoke is only part of it. What we really need is proper forced unmount support. That means revoking any kind of userspace access, blocking new access and making sure the ondisk image is coherent. This would definitly be a useful feature, but it's a lot of work.