From: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
To: akpm@linux-foundation.org, sct@redhat.com, adilger@clusterfs.com
Cc: linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org,
jack@suse.cz, jbacik@redhat.com, cmm@us.ibm.com, tytso@mit.edu,
sugita <yumiko.sugita.yf@hitachi.com>,
Satoshi OSHIMA <satoshi.oshima.fk@hitachi.com>
Subject: [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2)
Date: Mon, 02 Jun 2008 19:40:21 +0900 [thread overview]
Message-ID: <4843CE15.6080506@hitachi.com> (raw)
Subject: [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2)
This patch set is the take 2 of fixing error handling problem in
ext3/JBD. The previous discussion can be found here:
http://lkml.org/lkml/2008/5/14/10
The same problem should also be in ext4/JBD, but I haven't prepared
it yet.
Problem
=======
Currently some error checkings are missing, so the journal cannot abort
correctly. This causes breakage of the ordered mode rule and filesystem
corruption. Missing error checkings are:
(1) error check for dirty buffers flushed before the commit
(addressed by PATCH 1/5 and 2/5)
(2) error check for the metadata writes to the journal before the
commit (addressed by PATCH 3/5)
(3) error check for checkpointing and replay (addressed by PATCH 4/5
and 5/5)
Changes from take 1
===================
[PATCH 1/5]
o not changed
[PATCH 2/5]
o rewrite my coment in journal_dirty_data() comprehensibly
[PATCH 3/5]
o check for errors and abort the journal just before
journal_write_commit_record() instead of after writing metadata
buffers
[PATCH 4/5 and 5/5]
o separate the ext3 part from the jbd part in a patch
o use JFS_ABORT for checkpointing failures instead of introducing
JFS_CP_ABORT flag
o don't update only the journal super block, but also j_tail and
j_tail_sequence when the journal has aborted (at least we only
have to avoid updating the super block, but keeping j_tail*'s
values will be good thing because it may protect someone from
adding bugs in the future)
o journal_destroy() returns -EIO when the journal has aborted so that
ext3_put_super() can detect the abort
o journal_flush() uses j_checkpoint_mutex to avoid a race with
__log_wait_for_space()
The last item targets a newly found problem. journal_flush() can be
called while processing __log_wait_for_space(). In this case,
cleanup_journal_tail() can be called between
__journal_drop_transaction() and journal_abort(), then
the transaction with checkpointing failure is lost from the journal.
Using j_checkpoint_mutex which is used by __log_wait_for_space(),
we should avoid the race condition. But the test is not so sufficient
because it is very difficult to produce this race. So I hope that
this locking is reviewed carefully (including a possibility of
deadlock.)
Regards,
--
Hidehiro Kawai
Hitachi, Systems Development Laboratory
Linux Technology Center
next reply other threads:[~2008-06-02 10:40 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-02 10:40 Hidehiro Kawai [this message]
2008-06-02 10:43 ` [PATCH 1/5] jbd: strictly check for write errors on data buffers Hidehiro Kawai
2008-06-03 22:30 ` Andrew Morton
2008-06-04 10:19 ` Jan Kara
2008-06-04 18:19 ` Andrew Morton
2008-06-04 21:22 ` Theodore Tso
2008-06-04 21:58 ` Andrew Morton
2008-06-04 22:51 ` Theodore Tso
2008-06-05 9:35 ` Jan Kara
2008-06-05 9:35 ` Jan Kara
2008-06-05 11:33 ` Hidehiro Kawai
2008-06-05 14:29 ` Theodore Tso
2008-06-05 16:20 ` Andrew Morton
2008-06-05 18:49 ` Andreas Dilger
2008-06-09 10:09 ` Hidehiro Kawai
2008-06-11 12:35 ` Jan Kara
2008-06-12 13:19 ` Hidehiro Kawai
2008-06-05 3:28 ` Mike Snitzer
2008-06-05 3:28 ` Mike Snitzer
2008-06-04 21:58 ` Andreas Dilger
2008-06-04 10:53 ` Hidehiro Kawai
2008-06-02 10:45 ` [PATCH 2/5] jbd: ordered data integrity fix Hidehiro Kawai
2008-06-02 11:59 ` Jan Kara
2008-06-03 22:33 ` Andrew Morton
2008-06-04 10:55 ` Hidehiro Kawai
2008-06-02 10:46 ` [PATCH 3/5] jbd: abort when failed to log metadata buffers Hidehiro Kawai
2008-06-02 12:00 ` Jan Kara
2008-06-03 22:35 ` Andrew Morton
2008-06-04 10:57 ` Hidehiro Kawai
2008-06-02 10:47 ` [PATCH 4/5] jbd: fix error handling for checkpoint io Hidehiro Kawai
2008-06-02 12:44 ` Jan Kara
2008-06-03 4:31 ` Hidehiro Kawai
2008-06-03 4:40 ` Hidehiro Kawai
2008-06-03 5:11 ` Hidehiro Kawai
2008-06-03 5:20 ` Andrew Morton
2008-06-03 8:02 ` Jan Kara
2008-06-23 11:14 ` Hidehiro Kawai
2008-06-23 12:22 ` Jan Kara
2008-06-24 11:52 ` Hidehiro Kawai
2008-06-24 13:33 ` Jan Kara
2008-06-27 8:06 ` Hidehiro Kawai
2008-06-27 10:24 ` Jan Kara
2008-06-30 5:09 ` Hidehiro Kawai
2008-07-07 10:07 ` Jan Kara
2008-06-02 10:48 ` [PATCH 5/5] ext3: abort ext3 if the journal has aborted Hidehiro Kawai
2008-06-02 12:49 ` Jan Kara
2008-06-02 12:05 ` [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2) Jan Kara
2008-06-03 4:30 ` Hidehiro Kawai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4843CE15.6080506@hitachi.com \
--to=hidehiro.kawai.ez@hitachi.com \
--cc=adilger@clusterfs.com \
--cc=akpm@linux-foundation.org \
--cc=cmm@us.ibm.com \
--cc=jack@suse.cz \
--cc=jbacik@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=satoshi.oshima.fk@hitachi.com \
--cc=sct@redhat.com \
--cc=tytso@mit.edu \
--cc=yumiko.sugita.yf@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.