From: "yebin (H)" <yebin10@huawei.com>
To: <jack@suse.cz>
Cc: <tytso@mit.edu>, <linux-ext4@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 0/2] jbd2: audit and convert legacy J_ASSERT usage
Date: Tue, 3 Mar 2026 10:11:27 +0800 [thread overview]
Message-ID: <69A6434F.9070205@huawei.com> (raw)
In-Reply-To: <20260303005502.337108-1-nikic.milos@gmail.com>
The macro `J_ASSERT_JH` is a rather troublesome implementation. There
are numerous calls to `J_ASSERT_JH` within
`jbd2_journal_commit_transaction()`, and after compilation, these may
all jump to the same address for execution, making it difficult to
determine exactly where the assertion is being triggered. If there is a
functional issue in just a single file system, using `BUG_ON` to handle
it seems a bit too aggressive.
I wonder if you all have any good ideas or suggestions.
On 2026/3/3 8:55, Milos Nikic wrote:
> Hello Jan and the ext4 team,
>
> This patch series follows up on the previous discussion regarding
> converting hard J_ASSERT panics into graceful journal aborts.
>
> In v1, we addressed a specific panic on unlock. Per Jan's suggestion,
> I have audited fs/jbd2/transaction.c for other low-hanging fruit
> where state machine invariants are enforced by J_ASSERT inside
> functions that natively support error returns.
>
> Changes in v3:
>
> Patch 2: Added pr_err() statements inside the ambiguous WARN_ON_ONCE()
> blocks (where multiple conditions are checked via logical OR/AND) to
> explicitly dump the b_transaction, b_next_transaction, and
> j_committing_transaction pointers. This provides necessary context for
> debugging state machine corruptions from the dmesg stack trace.
>
> Changes in v2:
>
> Patch 1: Unmodified from v1. Collected Reviewed-by tags.
>
> Patch 2: New patch resulting from the broader audit. Systematically
> replaces J_ASSERTs with WARN_ON_ONCE and graceful -EINVAL returns
> across 6 core transaction lifecycle functions. Careful attention was
> paid to ensuring spinlocks are safely dropped before triggering
> jbd2_journal_abort(), and no memory is leaked on the error paths.
>
> Milos Nikic (2):
> jbd2: gracefully abort instead of panicking on unlocked buffer
> jbd2: gracefully abort on transaction state corruptions
>
> fs/jbd2/transaction.c | 115 +++++++++++++++++++++++++++++++++---------
> 1 file changed, 91 insertions(+), 24 deletions(-)
>
prev parent reply other threads:[~2026-03-03 2:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 0:55 [PATCH v3 0/2] jbd2: audit and convert legacy J_ASSERT usage Milos Nikic
2026-03-03 0:55 ` [PATCH v3 1/2] jbd2: gracefully abort instead of panicking on unlocked buffer Milos Nikic
2026-03-03 1:05 ` Andreas Dilger
2026-03-03 0:55 ` [PATCH v3 2/2] jbd2: gracefully abort on transaction state corruptions Milos Nikic
2026-03-03 6:16 ` kernel test robot
2026-03-03 2:11 ` yebin (H) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69A6434F.9070205@huawei.com \
--to=yebin10@huawei.com \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.