From: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
To: akpm@linux-foundation.org, sct@redhat.com, adilger@clusterfs.com
Cc: linux-kernel@vger.kernel.org, linux-ext4@vger.kernel.org,
jack@suse.cz, jbacik@redhat.com, cmm@us.ibm.com, tytso@mit.edu,
sugita <yumiko.sugita.yf@hitachi.com>,
Satoshi OSHIMA <satoshi.oshima.fk@hitachi.com>
Subject: [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2)
Date: Mon, 02 Jun 2008 19:40:21 +0900 [thread overview]
Message-ID: <4843CE15.6080506@hitachi.com> (raw)
Subject: [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2)
This patch set is the take 2 of fixing error handling problem in
ext3/JBD. The previous discussion can be found here:
http://lkml.org/lkml/2008/5/14/10
The same problem should also be in ext4/JBD, but I haven't prepared
it yet.
Problem
=======
Currently some error checkings are missing, so the journal cannot abort
correctly. This causes breakage of the ordered mode rule and filesystem
corruption. Missing error checkings are:
(1) error check for dirty buffers flushed before the commit
(addressed by PATCH 1/5 and 2/5)
(2) error check for the metadata writes to the journal before the
commit (addressed by PATCH 3/5)
(3) error check for checkpointing and replay (addressed by PATCH 4/5
and 5/5)
Changes from take 1
===================
[PATCH 1/5]
o not changed
[PATCH 2/5]
o rewrite my coment in journal_dirty_data() comprehensibly
[PATCH 3/5]
o check for errors and abort the journal just before
journal_write_commit_record() instead of after writing metadata
buffers
[PATCH 4/5 and 5/5]
o separate the ext3 part from the jbd part in a patch
o use JFS_ABORT for checkpointing failures instead of introducing
JFS_CP_ABORT flag
o don't update only the journal super block, but also j_tail and
j_tail_sequence when the journal has aborted (at least we only
have to avoid updating the super block, but keeping j_tail*'s
values will be good thing because it may protect someone from
adding bugs in the future)
o journal_destroy() returns -EIO when the journal has aborted so that
ext3_put_super() can detect the abort
o journal_flush() uses j_checkpoint_mutex to avoid a race with
__log_wait_for_space()
The last item targets a newly found problem. journal_flush() can be
called while processing __log_wait_for_space(). In this case,
cleanup_journal_tail() can be called between
__journal_drop_transaction() and journal_abort(), then
the transaction with checkpointing failure is lost from the journal.
Using j_checkpoint_mutex which is used by __log_wait_for_space(),
we should avoid the race condition. But the test is not so sufficient
because it is very difficult to produce this race. So I hope that
this locking is reviewed carefully (including a possibility of
deadlock.)
Regards,
--
Hidehiro Kawai
Hitachi, Systems Development Laboratory
Linux Technology Center
next reply other threads:[~2008-06-02 10:40 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-02 10:40 Hidehiro Kawai [this message]
2008-06-02 10:43 ` [PATCH 1/5] jbd: strictly check for write errors on data buffers Hidehiro Kawai
2008-06-03 22:30 ` Andrew Morton
2008-06-04 10:19 ` Jan Kara
2008-06-04 18:19 ` Andrew Morton
2008-06-04 21:22 ` Theodore Tso
2008-06-04 21:58 ` Andrew Morton
2008-06-04 22:51 ` Theodore Tso
2008-06-05 9:35 ` Jan Kara
2008-06-05 11:33 ` Hidehiro Kawai
2008-06-05 14:29 ` Theodore Tso
2008-06-05 16:20 ` Andrew Morton
2008-06-05 18:49 ` Andreas Dilger
2008-06-09 10:09 ` Hidehiro Kawai
2008-06-11 12:35 ` Jan Kara
2008-06-12 13:19 ` Hidehiro Kawai
2008-06-05 3:28 ` Mike Snitzer
2008-06-04 21:58 ` Andreas Dilger
2008-06-04 10:53 ` Hidehiro Kawai
2008-06-02 10:45 ` [PATCH 2/5] jbd: ordered data integrity fix Hidehiro Kawai
2008-06-02 11:59 ` Jan Kara
2008-06-03 22:33 ` Andrew Morton
2008-06-04 10:55 ` Hidehiro Kawai
2008-06-02 10:46 ` [PATCH 3/5] jbd: abort when failed to log metadata buffers Hidehiro Kawai
2008-06-02 12:00 ` Jan Kara
2008-06-03 22:35 ` Andrew Morton
2008-06-04 10:57 ` Hidehiro Kawai
2008-06-02 10:47 ` [PATCH 4/5] jbd: fix error handling for checkpoint io Hidehiro Kawai
2008-06-02 12:44 ` Jan Kara
2008-06-03 4:31 ` Hidehiro Kawai
2008-06-03 4:40 ` Hidehiro Kawai
2008-06-03 5:11 ` Hidehiro Kawai
2008-06-03 5:20 ` Andrew Morton
2008-06-03 8:02 ` Jan Kara
2008-06-23 11:14 ` Hidehiro Kawai
2008-06-23 12:22 ` Jan Kara
2008-06-24 11:52 ` Hidehiro Kawai
2008-06-24 13:33 ` Jan Kara
2008-06-27 8:06 ` Hidehiro Kawai
2008-06-27 10:24 ` Jan Kara
2008-06-30 5:09 ` Hidehiro Kawai
2008-07-07 10:07 ` Jan Kara
2008-06-02 10:48 ` [PATCH 5/5] ext3: abort ext3 if the journal has aborted Hidehiro Kawai
2008-06-02 12:49 ` Jan Kara
2008-06-02 12:05 ` [PATCH 0/5] jbd: possible filesystem corruption fixes (take 2) Jan Kara
2008-06-03 4:30 ` Hidehiro Kawai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4843CE15.6080506@hitachi.com \
--to=hidehiro.kawai.ez@hitachi.com \
--cc=adilger@clusterfs.com \
--cc=akpm@linux-foundation.org \
--cc=cmm@us.ibm.com \
--cc=jack@suse.cz \
--cc=jbacik@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=satoshi.oshima.fk@hitachi.com \
--cc=sct@redhat.com \
--cc=tytso@mit.edu \
--cc=yumiko.sugita.yf@hitachi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox