From: Eric Sandeen <sandeen@redhat.com>
To: Andreas Dilger <adilger@clusterfs.com>
Cc: ext4 development <linux-ext4@vger.kernel.org>
Subject: Re: [PATCH/RFC] - make ext3 more robust in the face of filesystem corruption
Date: Wed, 18 Oct 2006 16:56:47 -0500 [thread overview]
Message-ID: <4536A31F.5050604@redhat.com> (raw)
In-Reply-To: <20061018214022.GJ3509@schatzie.adilger.int>
Andreas Dilger wrote:
> On Oct 18, 2006 16:11 -0500, Eric Sandeen wrote:
>> First, we had a corrupted index directory that was never checked
>> for consistency... it was corrupt, and pointed to another "entry"
>> of length 0. The for() loop looped forever, since the length
>> of ext3_next_entry(de) was 0, and we kept looking at the same
>> pointer over and over and over and over... I modeled this check
>> and subsequent action on what is done for non-index directories
>> in ext3_readdir... but I also see a few places where this check
>> is deemed "too expensive" - any thoughts?
>
> Hmm, in 2.6 ext2 this is handled somewhat differently - one of the main
> places where ext2 and ext3 differ. The directory leaf data is kept in
> the page cache and there is a helper function ext2_check_page() to mark
> the page "checked". That means the page only needs to be checked once
> after being read from disk, instead of each time through readdir.
ah, sure. Hm... well, this might be a bit of a performance hit if it's
checking cached data... let me think on that.
<... next patch ...>
> I'm not sure whether this is a win or not. It means that if there is ever
> a directory with a bad leaf block any entries beyond that block are not
> accessible anymore.
I'm amazed at how hard ext3 works to cope with bad blocks ;-)
Hm, yes, so just bailing out may not be so good.
> The existing !bh case already marks the filesystem in
> error. Maybe as a special case we can check in "if (!bh)" if i_size and
> i_blocks make sense. Something like:
>
> if (!bh) {
> :
> :
> + if (filp->f_pos > inode->i_blocks << 9) {
> + break;
> filp->f_pos += sb->s_blocksize - offset;
> continue;
> }
>
> This obviously won't help if the whole inode is bogus, but then nothing
> will catch all errors.
Yep, I'd thought maybe a size vs. blocks test might make sense; I think
there can never legitimately be a sparse directory?
I guess if the intent is to soldier on in the face of adversity, it
doesn't matter if it's an umappable offset or an IO error; ext3 wants to
go ahead & try the next one block anyway. So the size test probably
makes sense as a stopping point.
Thanks for the comments,
-Eric
next prev parent reply other threads:[~2006-10-18 21:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-18 21:11 [PATCH/RFC] - make ext3 more robust in the face of filesystem corruption Eric Sandeen
2006-10-18 21:40 ` Andreas Dilger
2006-10-18 21:56 ` Eric Sandeen [this message]
2006-10-18 22:24 ` Andreas Dilger
2006-10-19 0:26 ` Eric Sandeen
2006-10-19 7:35 ` Andreas Dilger
2006-10-19 16:04 ` Eric Sandeen
2006-10-19 22:43 ` Eric Sandeen
2006-10-20 3:50 ` Andreas Dilger
2006-10-20 4:00 ` Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4536A31F.5050604@redhat.com \
--to=sandeen@redhat.com \
--cc=adilger@clusterfs.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox