From: Zhang Yi <yi.zhang@huawei.com>
To: <linux-ext4@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
<jack@suse.cz>, <tytso@mit.edu>
Cc: <adilger.kernel@dilger.ca>, <david@fromorbit.com>,
<hch@infradead.org>, <yi.zhang@huawei.com>
Subject: [RFC PATCH v4 2/8] jbd2: ensure abort the journal if detect IO error when writing original buffer back
Date: Thu, 10 Jun 2021 19:24:34 +0800 [thread overview]
Message-ID: <20210610112440.3438139-3-yi.zhang@huawei.com> (raw)
In-Reply-To: <20210610112440.3438139-1-yi.zhang@huawei.com>
Although we merged c044f3d8360 ("jbd2: abort journal if free a async
write error metadata buffer"), there is a race between
jbd2_journal_try_to_free_buffers() and jbd2_journal_destroy(), so the
jbd2_log_do_checkpoint() may still fail to detect the buffer write
io error flag which may lead to filesystem inconsistency.
jbd2_journal_try_to_free_buffers() ext4_put_super()
jbd2_journal_destroy()
__jbd2_journal_remove_checkpoint()
detect buffer write error jbd2_log_do_checkpoint()
jbd2_cleanup_journal_tail()
<--- lead to inconsistency
jbd2_journal_abort()
Fix this issue by introducing a new atomic flag which only have one
JBD2_CHECKPOINT_IO_ERROR bit now, and set it in
__jbd2_journal_remove_checkpoint() when freeing a checkpoint buffer
which has write_io_error flag. Then jbd2_journal_destroy() will detect
this mark and abort the journal to prevent updating log tail.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
---
fs/jbd2/checkpoint.c | 12 ++++++++++++
fs/jbd2/journal.c | 14 ++++++++++++++
include/linux/jbd2.h | 11 +++++++++++
3 files changed, 37 insertions(+)
diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c
index bf5511d19ac5..d27c10f4502f 100644
--- a/fs/jbd2/checkpoint.c
+++ b/fs/jbd2/checkpoint.c
@@ -564,6 +564,7 @@ int __jbd2_journal_remove_checkpoint(struct journal_head *jh)
struct transaction_chp_stats_s *stats;
transaction_t *transaction;
journal_t *journal;
+ struct buffer_head *bh = jh2bh(jh);
JBUFFER_TRACE(jh, "entry");
@@ -575,6 +576,17 @@ int __jbd2_journal_remove_checkpoint(struct journal_head *jh)
journal = transaction->t_journal;
JBUFFER_TRACE(jh, "removing from transaction");
+
+ /*
+ * If we have failed to write the buffer out to disk, the filesystem
+ * may become inconsistent. We cannot abort the journal here since
+ * we hold j_list_lock and we have to be careful about races with
+ * jbd2_journal_destroy(). So mark the writeback IO error in the
+ * journal here and we abort the journal later from a better context.
+ */
+ if (buffer_write_io_error(bh))
+ set_bit(JBD2_CHECKPOINT_IO_ERROR, &journal->j_atomic_flags);
+
__buffer_unlink(jh);
jh->b_cp_transaction = NULL;
jbd2_journal_put_journal_head(jh);
diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 2dc944442802..90146755941f 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1618,6 +1618,10 @@ int jbd2_journal_update_sb_log_tail(journal_t *journal, tid_t tail_tid,
if (is_journal_aborted(journal))
return -EIO;
+ if (test_bit(JBD2_CHECKPOINT_IO_ERROR, &journal->j_atomic_flags)) {
+ jbd2_journal_abort(journal, -EIO);
+ return -EIO;
+ }
BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex));
jbd_debug(1, "JBD2: updating superblock (start %lu, seq %u)\n",
@@ -1995,6 +1999,16 @@ int jbd2_journal_destroy(journal_t *journal)
J_ASSERT(journal->j_checkpoint_transactions == NULL);
spin_unlock(&journal->j_list_lock);
+ /*
+ * OK, all checkpoint transactions have been checked, now check the
+ * write out io error flag and abort the journal if some buffer failed
+ * to write back to the original location, otherwise the filesystem
+ * may become inconsistent.
+ */
+ if (!is_journal_aborted(journal) &&
+ test_bit(JBD2_CHECKPOINT_IO_ERROR, &journal->j_atomic_flags))
+ jbd2_journal_abort(journal, -EIO);
+
if (journal->j_sb_buffer) {
if (!is_journal_aborted(journal)) {
mutex_lock_io(&journal->j_checkpoint_mutex);
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
index db0e1920cb12..f9b5e657b8f3 100644
--- a/include/linux/jbd2.h
+++ b/include/linux/jbd2.h
@@ -779,6 +779,11 @@ struct journal_s
*/
unsigned long j_flags;
+ /**
+ * @j_atomic_flags: Atomic journaling state flags.
+ */
+ unsigned long j_atomic_flags;
+
/**
* @j_errno:
*
@@ -1371,6 +1376,12 @@ JBD2_FEATURE_INCOMPAT_FUNCS(fast_commit, FAST_COMMIT)
#define JBD2_FAST_COMMIT_ONGOING 0x100 /* Fast commit is ongoing */
#define JBD2_FULL_COMMIT_ONGOING 0x200 /* Full commit is ongoing */
+/*
+ * Journal atomic flag definitions
+ */
+#define JBD2_CHECKPOINT_IO_ERROR 0x001 /* Detect io error while writing
+ * buffer back to disk */
+
/*
* Function declarations for the journaling transaction and buffer
* management
--
2.31.1
next prev parent reply other threads:[~2021-06-10 11:15 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-10 11:24 [RFC PATCH v4 0/8] ext4, jbd2: fix 3 issues about bdev_try_to_free_page() Zhang Yi
2021-06-10 11:24 ` [RFC PATCH v4 1/8] jbd2: remove the out label in __jbd2_journal_remove_checkpoint() Zhang Yi
2021-06-24 14:35 ` Theodore Ts'o
2021-06-10 11:24 ` Zhang Yi [this message]
2021-06-24 14:35 ` [RFC PATCH v4 2/8] jbd2: ensure abort the journal if detect IO error when writing original buffer back Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 3/8] jbd2: don't abort the journal when freeing buffers Zhang Yi
2021-06-24 14:35 ` Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 4/8] jbd2: remove redundant buffer io error checks Zhang Yi
2021-06-24 14:35 ` Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 5/8] jbd2,ext4: add a shrinker to release checkpointed buffers Zhang Yi
2021-06-10 16:12 ` Jan Kara
2021-06-16 22:25 ` [RFC PATCH v4 5/8] jbd2, ext4: " kernel test robot
2021-06-24 14:56 ` [RFC PATCH v4 5/8] jbd2,ext4: " Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 6/8] jbd2: simplify journal_clean_one_cp_list() Zhang Yi
2021-06-24 14:56 ` Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 7/8] ext4: remove bdev_try_to_free_page() callback Zhang Yi
2021-06-24 14:56 ` Theodore Ts'o
2021-06-10 11:24 ` [RFC PATCH v4 8/8] fs: remove bdev_try_to_free_page callback Zhang Yi
2021-06-24 14:56 ` Theodore Ts'o
2021-06-17 9:48 ` [RFC PATCH v4 0/8] ext4, jbd2: fix 3 issues about bdev_try_to_free_page() Christoph Hellwig
2021-06-21 15:25 ` Christoph Hellwig
2021-06-22 8:24 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210610112440.3438139-3-yi.zhang@huawei.com \
--to=yi.zhang@huawei.com \
--cc=adilger.kernel@dilger.ca \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.