* [PATCH] btrfs: abort unlink trans in missed error case
@ 2013-04-02 21:02 Zach Brown
2013-04-03 14:36 ` Eric Sandeen
0 siblings, 1 reply; 4+ messages in thread
From: Zach Brown @ 2013-04-02 21:02 UTC (permalink / raw)
To: linux-btrfs
__btrfs_unlink_inode() aborts its transaction when it sees errors after
it removes the directory item. But it missed the case where
btrfs_del_dir_entries_in_log() returns an error. If this happens then
the unlink appears to fail but the items have been removed without
updating the directory size. The directory then has leaked bytes in
i_size and can never be removed.
Adding the missing transaction abort at least makes this failure
consistent with the other failure cases.
I noticed this while reading the code after someone on irc reported
having a directory with i_size but no entries. I tested it by forcing
btrfs_del_dir_entries_in_log() to return -ENOMEM.
Signed-off-by: Zach Brown <zab@redhat.com>
---
fs/btrfs/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d96ee30..80676ee 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3619,6 +3619,8 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans,
dir, index);
if (ret == -ENOENT)
ret = 0;
+ else if (ret)
+ btrfs_abort_transaction(trans, root, ret);
err:
btrfs_free_path(path);
if (ret)
--
1.8.1.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] btrfs: abort unlink trans in missed error case
2013-04-02 21:02 [PATCH] btrfs: abort unlink trans in missed error case Zach Brown
@ 2013-04-03 14:36 ` Eric Sandeen
2013-04-03 16:04 ` Zach Brown
0 siblings, 1 reply; 4+ messages in thread
From: Eric Sandeen @ 2013-04-03 14:36 UTC (permalink / raw)
To: Zach Brown; +Cc: linux-btrfs
On 4/2/13 4:02 PM, Zach Brown wrote:
> __btrfs_unlink_inode() aborts its transaction when it sees errors after
> it removes the directory item. But it missed the case where
> btrfs_del_dir_entries_in_log() returns an error. If this happens then
> the unlink appears to fail but the items have been removed without
> updating the directory size. The directory then has leaked bytes in
> i_size and can never be removed.
>
> Adding the missing transaction abort at least makes this failure
> consistent with the other failure cases.
>
> I noticed this while reading the code after someone on irc reported
> having a directory with i_size but no entries. I tested it by forcing
> btrfs_del_dir_entries_in_log() to return -ENOMEM.
I was wondering if the transaction support should just be in the
err: goto case, and went looking.
I'm not familiar enough with this stuff yet, but what if i.e.
btrfs_delete_one_dir_name fails, should that also abort the transaction?
> Signed-off-by: Zach Brown <zab@redhat.com>
> ---
> fs/btrfs/inode.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
> index d96ee30..80676ee 100644
> --- a/fs/btrfs/inode.c
> +++ b/fs/btrfs/inode.c
> @@ -3619,6 +3619,8 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans,
> dir, index);
> if (ret == -ENOENT)
> ret = 0;
> + else if (ret)
> + btrfs_abort_transaction(trans, root, ret);
> err:
> btrfs_free_path(path);
> if (ret)
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] btrfs: abort unlink trans in missed error case
2013-04-03 14:36 ` Eric Sandeen
@ 2013-04-03 16:04 ` Zach Brown
2013-04-03 16:18 ` Eric Sandeen
0 siblings, 1 reply; 4+ messages in thread
From: Zach Brown @ 2013-04-03 16:04 UTC (permalink / raw)
To: Eric Sandeen; +Cc: linux-btrfs
>
> I was wondering if the transaction support should just be in the
> err: goto case, and went looking.
Yeah, it's tempting. In the end I decided against it because this
shouldn't be so willing to freak out and make the file system read only.
It should try and undo the partial unlink and if *that* fails it should
go read only. I went for the minimal fix for now.
> I'm not familiar enough with this stuff yet, but what if i.e.
> btrfs_delete_one_dir_name fails, should that also abort the
> transaction?
It doesn't abort because its the first thing that can fail. It can
cleanly return an error without leaving partial state around.
- z
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] btrfs: abort unlink trans in missed error case
2013-04-03 16:04 ` Zach Brown
@ 2013-04-03 16:18 ` Eric Sandeen
0 siblings, 0 replies; 4+ messages in thread
From: Eric Sandeen @ 2013-04-03 16:18 UTC (permalink / raw)
To: Zach Brown; +Cc: linux-btrfs
On 4/3/13 11:04 AM, Zach Brown wrote:
>>
>> I was wondering if the transaction support should just be in the
>> err: goto case, and went looking.
>
> Yeah, it's tempting. In the end I decided against it because this
> shouldn't be so willing to freak out and make the file system read only.
> It should try and undo the partial unlink and if *that* fails it should
> go read only. I went for the minimal fix for now.
>
>> I'm not familiar enough with this stuff yet, but what if i.e.
>> btrfs_delete_one_dir_name fails, should that also abort the
>> transaction?
>
> It doesn't abort because its the first thing that can fail. It can
> cleanly return an error without leaving partial state around.
>
> - z
>
Oh, sure. thanks -
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-04-03 16:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-02 21:02 [PATCH] btrfs: abort unlink trans in missed error case Zach Brown
2013-04-03 14:36 ` Eric Sandeen
2013-04-03 16:04 ` Zach Brown
2013-04-03 16:18 ` Eric Sandeen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.