xfs: force the log offline when log intent item recovery fails

mainline-inclusion from mainline-v5.13-rc4 commit 4e6b8270 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4KIAO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4e6b8270c820c8c57a73f869799a0af2b56eff3e ------------------------------------------------- If any part of log intent item recovery fails, we should shut down the log immediately to stop the log from writing a clean unmount record to disk, because the metadata is not consistent. The inability to cancel a dirty transaction catches most of these cases, but there are a few things that have slipped through the cracks, such as ENOSPC from a transaction allocation, or runtime errors that result in cancellation of a non-dirty transaction. This solves some weird behaviors reported by customers where a system goes down, the first mount fails, the second succeeds, but then the fs goes down later because of inconsistent metadata. Signed-off-by: N Darrick J. Wong <djwong@kernel.org> Reviewed-by: N Christoph Hellwig <hch@lst.de> Signed-off-by: N Guo Xuenan <guoxuenan@huawei.com> Reviewed-by: N Lihong Kou <koulihong@huawei.com> Reviewed-by: N Zhang Yi <yi.zhang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

xfs: force the log offline when log intent item recovery fails
mainline-inclusion from mainline-v5.13-rc4 commit 4e6b8270 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4KIAO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4e6b8270c820c8c57a73f869799a0af2b56eff3e ------------------------------------------------- If any part of log intent item recovery fails, we should shut down the log immediately to stop the log from writing a clean unmount record to disk, because the metadata is not consistent. The inability to cancel a dirty transaction catches most of these cases, but there are a few things that have slipped through the cracks, such as ENOSPC from a transaction allocation, or runtime errors that result in cancellation of a non-dirty transaction. This solves some weird behaviors reported by customers where a system goes down, the first mount fails, the second succeeds, but then the fs goes down later because of inconsistent metadata. Signed-off-by: N Darrick J. Wong <djwong@kernel.org> Reviewed-by: N Christoph Hellwig <hch@lst.de> Signed-off-by: N Guo Xuenan <guoxuenan@huawei.com> Reviewed-by: N Lihong Kou <koulihong@huawei.com> Reviewed-by: N Zhang Yi <yi.zhang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
6bbb9a25 · Darrick J. Wong · Zheng Zengkai · 365e8cb7 · 6bbb9a25 · 6bbb9a25
隐藏空白更改
内联并排

Showing with 7 addition and 1 deletion

fs/xfs/xfs_log.c fs/xfs/xfs_log.c +3 -0

fs/xfs/xfs_log_recover.c fs/xfs/xfs_log_recover.c +4 -1

未找到文件。
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -729,6 +729,9 @@ xfs_log_mount_finish(
 	if (readonly)
 		mp->m_flags |= XFS_MOUNT_RDONLY;
+	/* Make sure the log is dead if we're returning failure. */
+	ASSERT(!error || (mp->m_log->l_flags & XLOG_IO_ERROR));
 	return error;
 }

--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2457,8 +2457,10 @@ xlog_finish_defer_ops(
 		error = xfs_trans_alloc(mp, &resv, dfc->dfc_blkres,
 				dfc->dfc_rtxres, XFS_TRANS_RESERVE, &tp);
-		if (error)
+		if (error) {
+			xfs_force_shutdown(mp, SHUTDOWN_LOG_IO_ERROR);
 			return error;
+		}
 		/*
 		 * Transfer to this new transaction all the dfops we captured
@@ -3454,6 +3456,7 @@ xlog_recover_finish(
 			 * this) before we get around to xfs_log_mount_cancel.
 			 */
 			xlog_recover_cancel_intents(log);
+			xfs_force_shutdown(log->l_mp, SHUTDOWN_LOG_IO_ERROR);
 			xfs_alert(log->l_mp, "Failed to recover intents");
 			return error;
 		}