[PATCH 0/2] Patch to address the ext4 corruption problem

[PATCH 0/2] Patch to address the ext4 corruption problem

[Theodore Ts'o]

This is the patch series I propose to send to Linus after I get
confirmation from either Toralf or Nix that this fixes the increased
incidence rate of this problem to pre-3.6.2 levels.  (Nix has found a
way to reproduce the problem with 3.6.1, but it seems that it's much
more easy with 3.6.2 and 3.6.3.)

The second patch fixes the problem which the original commit is
attempting to address, but in a way which does not change jbd2's
behavior in the case where the journal block device is not read/only.

Please review/comment/test; thanks!!

Theodore Ts'o (2):
  ext4: revert "jbd2: don't write superblock when if its empty"
  ext4: fix I/O error when unmounting an ro file system

 fs/jbd2/journal.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

-- 
1.7.12.rc0.22.gcdd159b

[PATCH 1/2] ext4: revert "jbd2: don't write superblock when if its empty"

[Theodore Ts'o]

This reverts commit eeecef0af5ea4efd763c9554cf2bd80fc4a0efd3.

Two users have reported an increased number of file system corruptions
after v3.6.2 (which had this patch backported).  The instances of
corruptions seem to be related to unclean shutdowns as the file system
was being unmounted or by the unexpected disconnection of external
disks.  So let's back out this change while do more investigation...

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reported-by: Nix <nix@esperi.org.uk>
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Cc: stable@vger.kernel.org
---
 fs/jbd2/journal.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 0f16edd..bd23f2e 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1354,11 +1354,6 @@ static void jbd2_mark_journal_empty(journal_t *journal)
 
 	BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex));
 	read_lock(&journal->j_state_lock);
-	/* Is it already empty? */
-	if (sb->s_start == 0) {
-		read_unlock(&journal->j_state_lock);
-		return;
-	}
 	jbd_debug(1, "JBD2: Marking journal as empty (seq %d)\n",
 		  journal->j_tail_sequence);
 
-- 
1.7.12.rc0.22.gcdd159b

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] ext4: fix I/O error when unmounting an ro file system

[Theodore Ts'o]

This comment fixes commit eeecef0af5ea in a different way.  The
original bug was that the following sequence:

# truncate --size=1g fsfile
# mkfs.ext4 -F fsfile
# mount -o loop,ro fsfile /mnt
# umount /mnt
# dmesg | tail

results in an IO error when unmounting the RO filesystem:

[  318.020828] Buffer I/O error on device loop1, logical block 196608
[  318.027024] lost page write due to I/O error on loop1
[  318.032088] JBD2: Error -5 detected when updating journal superblock for l

And this was a regression introduced by commit 24bcc89c7e7c: "jbd2:
split updating of journal superblock and marking journal empty".

Here, we fix this bug by explicitly checking to see if the journal's
block device is read-only.  If it is read-only, we then do a sanity
check to make sure that sb->s_start is zero.  If it is non-zero, that
implies that one or more transactions has been committed to the
journal, which is a "can't happen" scenario if the block device is
read-only.  So we will print a warning message and abort the journal
in that case.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Nix <nix@esperi.org.uk>
Cc: Toralf Förster <toralf.foerster@gmx.de>
---
 fs/jbd2/journal.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index bd23f2e..dcea89f 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1357,6 +1357,24 @@ static void jbd2_mark_journal_empty(journal_t *journal)
 	jbd_debug(1, "JBD2: Marking journal as empty (seq %d)\n",
 		  journal->j_tail_sequence);
 
+	if (bdev_read_only(journal->j_dev)) {
+		__be32 s_start = sb->s_start;
+
+		read_unlock(&journal->j_state_lock);
+		if (s_start != 0) {
+			/*
+			 * should never happen, but aborting the
+			 * journal is nicer than a BUG_ON
+			 */
+			printk(KERN_ERR
+	"JBD2: trying to empty non-empty journal for r/o device %s\n",
+			       journal->j_devname);
+			WARN_ON(1);
+			jbd2_journal_abort(journal, -EROFS);
+		}
+		return;
+	}
+
 	sb->s_sequence = cpu_to_be32(journal->j_tail_sequence);
 	sb->s_start    = cpu_to_be32(0);
 	read_unlock(&journal->j_state_lock);
-- 
1.7.12.rc0.22.gcdd159b

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html