From: "Darrick J. Wong" <djwong@kernel.org>
To: Brian Foster <bfoster@redhat.com>
Cc: sandeen@sandeen.net, linux-xfs@vger.kernel.org
Subject: Re: [PATCH 07/10] xfs_repair: set NEEDSREPAIR when we deliberately corrupt directories
Date: Tue, 9 Feb 2021 10:35:42 -0800 [thread overview]
Message-ID: <20210209183542.GW7193@magnolia> (raw)
In-Reply-To: <20210209172059.GE14273@bfoster>
On Tue, Feb 09, 2021 at 12:20:59PM -0500, Brian Foster wrote:
> On Mon, Feb 08, 2021 at 08:10:44PM -0800, Darrick J. Wong wrote:
> > From: Darrick J. Wong <djwong@kernel.org>
> >
> > There are a few places in xfs_repair's directory checking code where we
> > deliberately corrupt a directory entry as a sentinel to trigger a
> > correction in later repair phase. In the mean time, the filesystem is
> > inconsistent, so set the needsrepair flag to force a re-run of repair if
> > the system goes down.
> >
> > Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> > ---
>
> Hmm.. this seems orthogonal to the rest of the series. I'm sure we can
> come up with various additional uses for the bit, but it seems a little
> odd to me that repair might set it in some cases after a crash but not
> others (if the filesystem happens to already be corrupt, for example).
<nod> Another option I thought of is to add a hook to the buffer cache
so that the first time anyone tries to bwrite a buffer (either directly
or via a delwri list or normal buffer cache writeback) we'll also set
needsrepair on the ondisk primary super. That would protect us against
other scenarios like crashing after writing a new AGF but before writing
the new AGI, where the fs is left in an indeterminate state.
Hmm, maybe I should pursue /that/ instead.
--D
> Brian
>
> > repair/agheader.h | 2 ++
> > repair/dir2.c | 3 +++
> > repair/phase6.c | 7 +++++++
> > repair/xfs_repair.c | 37 +++++++++++++++++++++++++++++++++++++
> > 4 files changed, 49 insertions(+)
> >
> >
> > diff --git a/repair/agheader.h b/repair/agheader.h
> > index a63827c8..fa6fe596 100644
> > --- a/repair/agheader.h
> > +++ b/repair/agheader.h
> > @@ -82,3 +82,5 @@ typedef struct fs_geo_list {
> > #define XR_AG_AGF 0x2
> > #define XR_AG_AGI 0x4
> > #define XR_AG_SB_SEC 0x8
> > +
> > +void force_needsrepair(struct xfs_mount *mp);
> > diff --git a/repair/dir2.c b/repair/dir2.c
> > index eabdb4f2..922b8a3e 100644
> > --- a/repair/dir2.c
> > +++ b/repair/dir2.c
> > @@ -15,6 +15,7 @@
> > #include "da_util.h"
> > #include "prefetch.h"
> > #include "progress.h"
> > +#include "agheader.h"
> >
> > /*
> > * Known bad inode list. These are seen when the leaf and node
> > @@ -774,6 +775,7 @@ _("entry at block %u offset %" PRIdPTR " in directory inode %" PRIu64
> > do_warn(
> > _("\tclearing inode number in entry at offset %" PRIdPTR "...\n"),
> > (intptr_t)ptr - (intptr_t)d);
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > *dirty = 1;
> > } else {
> > @@ -914,6 +916,7 @@ _("entry \"%*.*s\" in directory inode %" PRIu64 " points to self: "),
> > */
> > if (junkit) {
> > if (!no_modify) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > *dirty = 1;
> > do_warn(_("clearing entry\n"));
> > diff --git a/repair/phase6.c b/repair/phase6.c
> > index 14464bef..5ecbe9b2 100644
> > --- a/repair/phase6.c
> > +++ b/repair/phase6.c
> > @@ -1649,6 +1649,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("entry \"%s\" in directory inode %" PRIu64 " points to non-existent inode %" PRIu64 ""),
> > fname, ip->i_ino, inum)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1666,6 +1667,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("entry \"%s\" in directory inode %" PRIu64 " points to free inode %" PRIu64),
> > fname, ip->i_ino, inum)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1684,6 +1686,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("%s (ino %" PRIu64 ") in root (%" PRIu64 ") is not a directory"),
> > ORPHANAGE, inum, ip->i_ino)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1706,6 +1709,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("entry \"%s\" (ino %" PRIu64 ") in dir %" PRIu64 " is a duplicate name"),
> > fname, inum, ip->i_ino)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1737,6 +1741,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("entry \"%s\" (ino %" PRIu64 ") in dir %" PRIu64 " is not in the the first block"), fname,
> > inum, ip->i_ino)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1764,6 +1769,7 @@ longform_dir2_entry_check_data(
> > if (entry_junked(
> > _("entry \"%s\" in dir %" PRIu64 " is not the first entry"),
> > fname, inum, ip->i_ino)) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > }
> > @@ -1852,6 +1858,7 @@ _("entry \"%s\" in dir inode %" PRIu64 " inconsistent with .. value (%" PRIu64 "
> > orphanage_ino = 0;
> > nbad++;
> > if (!no_modify) {
> > + force_needsrepair(mp);
> > dep->name[0] = '/';
> > libxfs_dir2_data_log_entry(&da, bp, dep);
> > if (verbose)
> > diff --git a/repair/xfs_repair.c b/repair/xfs_repair.c
> > index f607afcb..9dc73854 100644
> > --- a/repair/xfs_repair.c
> > +++ b/repair/xfs_repair.c
> > @@ -754,6 +754,43 @@ clear_needsrepair(
> > libxfs_buf_relse(bp);
> > }
> >
> > +/*
> > + * Mark the filesystem as needing repair. This should only be called by code
> > + * that deliberately sets invalid sentinel values in the on-disk metadata to
> > + * trigger a later reconstruction, and only after we've settled the primary
> > + * super contents (i.e. after phase 1).
> > + */
> > +void
> > +force_needsrepair(
> > + struct xfs_mount *mp)
> > +{
> > + struct xfs_buf *bp;
> > + int error;
> > +
> > + if (!xfs_sb_version_hascrc(&mp->m_sb) ||
> > + xfs_sb_version_needsrepair(&mp->m_sb))
> > + return;
> > +
> > + bp = libxfs_getsb(mp);
> > + if (!bp || bp->b_error) {
> > + do_log(
> > + _("couldn't get superblock to set needsrepair, err=%d\n"),
> > + bp ? bp->b_error : ENOMEM);
> > + return;
> > + } else {
> > + mp->m_sb.sb_features_incompat |=
> > + XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR;
> > + libxfs_sb_to_disk(bp->b_addr, &mp->m_sb);
> > +
> > + /* Force the primary super to disk immediately. */
> > + error = -libxfs_bwrite(bp);
> > + if (error)
> > + do_log(_("couldn't force needsrepair, err=%d\n"), error);
> > + }
> > + if (bp)
> > + libxfs_buf_relse(bp);
> > +}
> > +
> > int
> > main(int argc, char **argv)
> > {
> >
>
next prev parent reply other threads:[~2021-02-09 18:50 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 4:10 [PATCHSET v4 00/10] xfs: add the ability to flag a fs for repair Darrick J. Wong
2021-02-09 4:10 ` [PATCH 01/10] xfs_admin: clean up string quoting Darrick J. Wong
2021-02-09 9:07 ` Christoph Hellwig
2021-02-09 4:10 ` [PATCH 02/10] xfs_admin: support filesystems with realtime devices Darrick J. Wong
2021-02-09 9:08 ` Christoph Hellwig
2021-02-09 17:19 ` Brian Foster
2021-02-09 4:10 ` [PATCH 03/10] xfs_db: support the needsrepair feature flag in the version command Darrick J. Wong
2021-02-09 9:09 ` Christoph Hellwig
2021-02-09 17:15 ` Darrick J. Wong
2021-02-09 17:19 ` Brian Foster
2021-02-09 4:10 ` [PATCH 04/10] xfs_repair: fix unmount error message to have a newline Darrick J. Wong
2021-02-09 9:09 ` Christoph Hellwig
2021-02-09 4:10 ` [PATCH 05/10] xfs_repair: clear quota CHKD flags on the incore superblock too Darrick J. Wong
2021-02-09 9:10 ` Christoph Hellwig
2021-02-09 17:20 ` Brian Foster
2021-02-09 17:46 ` Darrick J. Wong
2021-02-09 4:10 ` [PATCH 06/10] xfs_repair: clear the needsrepair flag Darrick J. Wong
2021-02-09 9:12 ` Christoph Hellwig
2021-02-09 17:20 ` Brian Foster
2021-02-09 18:01 ` Darrick J. Wong
2021-02-09 4:10 ` [PATCH 07/10] xfs_repair: set NEEDSREPAIR when we deliberately corrupt directories Darrick J. Wong
2021-02-09 9:13 ` Christoph Hellwig
2021-02-09 18:45 ` Darrick J. Wong
2021-02-09 17:20 ` Brian Foster
2021-02-09 18:35 ` Darrick J. Wong [this message]
2021-02-09 19:14 ` Brian Foster
2021-02-09 19:43 ` Darrick J. Wong
2021-02-10 20:19 ` Eric Sandeen
2021-02-09 4:10 ` [PATCH 08/10] xfs_repair: allow setting the needsrepair flag Darrick J. Wong
2021-02-09 9:15 ` Christoph Hellwig
2021-02-09 14:41 ` Eric Sandeen
2021-02-09 16:47 ` Darrick J. Wong
2021-02-10 20:44 ` Eric Sandeen
2021-02-09 17:21 ` Brian Foster
2021-02-09 18:10 ` Darrick J. Wong
2021-02-10 20:26 ` Eric Sandeen
2021-02-09 4:10 ` [PATCH 09/10] xfs_repair: add a testing hook for NEEDSREPAIR Darrick J. Wong
2021-02-09 9:16 ` Christoph Hellwig
2021-02-09 17:21 ` Brian Foster
2021-02-09 18:17 ` Darrick J. Wong
2021-02-09 18:59 ` Brian Foster
2021-02-09 19:59 ` Darrick J. Wong
2021-02-09 20:32 ` Brian Foster
2021-02-10 21:41 ` Eric Sandeen
2021-02-11 1:30 ` Darrick J. Wong
2021-02-09 4:11 ` [PATCH 10/10] xfs_admin: support adding features to V5 filesystems Darrick J. Wong
2021-02-09 9:18 ` Christoph Hellwig
2021-02-09 17:22 ` Brian Foster
2021-02-09 18:22 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210209183542.GW7193@magnolia \
--to=djwong@kernel.org \
--cc=bfoster@redhat.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox