From: Dave Chinner <david@fromorbit.com>
To: cheng.lin130@zte.com.cn
Cc: djwong@kernel.org, linux-xfs@vger.kernel.org,
linux-kernel@vger.kernel.org, jiang.yong5@zte.com.cn,
wang.liang82@zte.com.cn, liu.dong3@zte.com.cn
Subject: Re: [PATCH v3] xfs: introduce protection for drop nlink
Date: Mon, 18 Sep 2023 08:44:51 +1000 [thread overview]
Message-ID: <ZQeBY3kmww8qAjfP@dread.disaster.area> (raw)
In-Reply-To: <202309151750563356840@zte.com.cn>
On Fri, Sep 15, 2023 at 05:50:56PM +0800, cheng.lin130@zte.com.cn wrote:
> > On Wed, Sep 13, 2023 at 05:44:45PM +0800, cheng.lin130@zte.com.cn wrote:
> > > From: Cheng Lin <cheng.lin130@zte.com.cn>
> > >
> > > When abnormal drop_nlink are detected on the inode,
> > > shutdown filesystem, to avoid corruption propagation.
> > >
> > > Signed-off-by: Cheng Lin <cheng.lin130@zte.com.cn>
> > > ---
> > > fs/xfs/xfs_inode.c | 9 +++++++++
> > > 1 file changed, 9 insertions(+)
> > >
> > > diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
> > > index 9e62cc500..40cc106ae 100644
> > > --- a/fs/xfs/xfs_inode.c
> > > +++ b/fs/xfs/xfs_inode.c
> > > @@ -919,6 +919,15 @@ xfs_droplink(
> > > xfs_trans_t *tp,
> > > xfs_inode_t *ip)
> > > {
> > > +
> > > + if (VFS_I(ip)->i_nlink == 0) {
> > > + xfs_alert(ip->i_mount,
> > > + "%s: Deleting inode %llu with no links.",
> > > + __func__, ip->i_ino);
> > > + tp->t_flags |= XFS_TRANS_DIRTY;
> > Marking the transaction dirty is not necessary.
> > Otherwise this seems fine.
> Another strategy:
> Set nlink to an invalid value(like XFS_NLINK_PINNED), and
> Complete this transaction before shutdown fs. To make sure
> nlink not be zero. If the nlink of a directory are zero, it may
> be cleaned up.
> Is that appropriate?
No, all I'm asking you to do is drop dirtying of the transaction
from this patch because it is a) unnecessary and b) a layering
violation.
It is unnecessary because the transaction will almost always be
dirty before we get to xfs_droplink(). In the cases where it isn't
dirty (e.g. xfs_remove() on a directory) we explicitly check that
nlink == 2 before proceeding to call xfs_droplink(). Hence we can't
actually get to xfs_droplink() with a clean transaction, and so
marking it dirty here on underrun is unnecessary as returning an
error from xfs_droplink() will result in shutting down the
filesystem when the transaction is cancelled.
-Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2023-09-17 22:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 9:44 [PATCH v3] xfs: introduce protection for drop nlink cheng.lin130
2023-09-13 23:42 ` Dave Chinner
2023-09-15 8:20 ` cheng.lin130
2023-09-15 9:50 ` cheng.lin130
2023-09-17 22:44 ` Dave Chinner [this message]
2023-09-18 3:44 ` cheng.lin130
2023-09-18 5:48 ` Dave Chinner
2023-09-18 6:34 ` cheng.lin130
2023-09-19 3:33 ` Darrick J. Wong
2023-09-20 5:53 ` Dave Chinner
2023-10-03 17:33 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZQeBY3kmww8qAjfP@dread.disaster.area \
--to=david@fromorbit.com \
--cc=cheng.lin130@zte.com.cn \
--cc=djwong@kernel.org \
--cc=jiang.yong5@zte.com.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=liu.dong3@zte.com.cn \
--cc=wang.liang82@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox