From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Brian Foster <bfoster@redhat.com>, linux-xfs@vger.kernel.org
Subject: Re: [PATCH RFC] xfs: warn instead of fail verifier on empty attr3 leaf block
Date: Tue, 12 May 2020 08:53:20 -0700 [thread overview]
Message-ID: <20200512155320.GD6714@magnolia> (raw)
In-Reply-To: <20200512081037.GB28206@infradead.org>
On Tue, May 12, 2020 at 01:10:37AM -0700, Christoph Hellwig wrote:
> On Mon, May 11, 2020 at 02:50:16PM -0400, Brian Foster wrote:
> > Signed-off-by: Brian Foster <bfoster@redhat.com>
> > ---
> >
> > What do folks think of something like this? We have a user report of a
> > corresponding read verifier failure while processing unlinked inodes.
> > This presumably means the attr fork was put in this state because the
> > format conversion and xattr set are not atomic. For example, the
> > filesystem crashed after the format conversion transaction hit the log
> > but before the xattr set transaction. The subsequent recovery succeeds
> > according to the logic below, but if the attr didn't hit the log the
> > leaf block remains empty and sets a landmine for the next read attempt.
> > This either prevents further xattr operations on the inode or prevents
> > the inode from being removed from the unlinked list due to xattr
> > inactivation failure.
> >
> > I've not confirmed that this is how the user got into this state, but
> > I've confirmed that it's possible. We have a couple band aids now (this
> > and the writeback variant) that intend to deal with this problem and
> > still haven't quite got it right, so personally I'm inclined to accept
> > the reality that an empty attr leaf block is an expected state based on
> > our current xattr implementation and just remove the check from the
> > verifier (at least until we have atomic sets). I turned it into a
> > warning/comment for the purpose of discussion. Thoughts?
>
> If the transaction is not atomic I don't think we should even
> warn in this case, even if it is unlikely to happen..
I was gonna say, I think we've messed this up enough that I think we
just have to accept empty attr leaf blocks. :/
I also think we should improve the ability to scan for and invalidate
incore buffers so that we can invalidate and truncate the attr fork
extents directly from an extent walk loop. It seems a little silly that
we have to walk the dabtree just to find out where multiblock remote
attr value structures might be hiding.
--D
next prev parent reply other threads:[~2020-05-12 15:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 18:50 [PATCH RFC] xfs: warn instead of fail verifier on empty attr3 leaf block Brian Foster
2020-05-12 8:10 ` Christoph Hellwig
2020-05-12 15:53 ` Darrick J. Wong [this message]
2020-05-12 16:03 ` Christoph Hellwig
2020-05-12 16:19 ` Darrick J. Wong
2020-05-12 17:20 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200512155320.GD6714@magnolia \
--to=darrick.wong@oracle.com \
--cc=bfoster@redhat.com \
--cc=hch@infradead.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.