Upon a filesystem error the XFS filesystem normally unmounts the fs and
often takes the box along with it.
What I would like to see is XFS remounting the fs readonly upon error, or
at least on the not so severe errors.
One of my remote boxen (200Km and a 1:30 drive at 160km/h) played this
trick once because a one of the disks from the raid set dissapeared from
underneath. The filesystem was intact and did not need to be repaired. The
box just needed to be rebooted.
On another occasion the root fs of our database server had a duplicate
inode error which was triggered by trying to xfsdump the root fs. If the
root filesystem was remounted ro instead of unmounted the database server
would have survived and we had a chance to stop everything and prevent
dataloss since all the databases and log files and such live on another fs.
I think this is a good compromise instead of unmounting. It might be wise
to make it a mount option if possible to not break existing behaviour.
ext2/3 does this same way afaik.
It might just be your lucky day, if you only knew.