Re: [PATCH 09/10] xfs_repair: add a testing hook for NEEDSREPAIR

From: "Darrick J. Wong" <djwong@kernel.org>
To: Brian Foster <bfoster@redhat.com>
Cc: sandeen@sandeen.net, linux-xfs@vger.kernel.org
Subject: Re: [PATCH 09/10] xfs_repair: add a testing hook for NEEDSREPAIR
Date: Tue, 9 Feb 2021 10:17:38 -0800	[thread overview]
Message-ID: <20210209181738.GU7193@magnolia> (raw)
In-Reply-To: <20210209172131.GG14273@bfoster>

On Tue, Feb 09, 2021 at 12:21:31PM -0500, Brian Foster wrote:
> On Mon, Feb 08, 2021 at 08:10:55PM -0800, Darrick J. Wong wrote:
> > From: Darrick J. Wong <djwong@kernel.org>
> > 
> > Simulate a crash when anyone calls force_needsrepair.  This is a debug
> > knob so that we can test that the kernel won't mount after setting
> > needsrepair and that a re-run of xfs_repair will clear the flag.
> > 
> > Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> > ---
> 
> Can't we just use db to manually set the bit on the superblock?

No, because the fstest uses this debug knob to simulate the following:

1) sysadmin issues 'xfs_admin -O inobtcount /dev/sda1'
2) xfs_repair flips on INOBTCOUNT and NEEDSREPAIR
3) system goes down and repair never completes
4) verify that we can't mount
5) verify that repair clears NEEDSREPAIR and gives us a clean fs
6) verify that mount works again

and the other scenario is:

1) fuzz a directory entry in such a way that repair will decide to
   blow out the dirent and rebuild the directory later
2) sysadmin issues 'xfs_repair /dev/sda1'
2) xfs_repair flips on NEEDSREPAIR at the same time it corrupts the
   dirent to trigger the rebuild later
3) system goes down and repair never completes
4) verify that we can't mount
5) verify that repair clears NEEDSREPAIR and gives us a clean fs
6) verify that mount works again

Both cases reflect what I think are the most likely failure scenarios,
hence the knob needs to be in xfs_repair to prevent it from running to
completion.

(And yes, I've been recently very bad at sending fstests out for review
the past few months; I will get that done by this afternoon.)

--D

> Brian
> 
> >  repair/globals.c    |    1 +
> >  repair/globals.h    |    2 ++
> >  repair/phase1.c     |    5 +++++
> >  repair/xfs_repair.c |    7 +++++++
> >  4 files changed, 15 insertions(+)
> > 
> > 
> > diff --git a/repair/globals.c b/repair/globals.c
> > index 699a96ee..b0e23864 100644
> > --- a/repair/globals.c
> > +++ b/repair/globals.c
> > @@ -40,6 +40,7 @@ int	dangerously;		/* live dangerously ... fix ro mount */
> >  int	isa_file;
> >  int	zap_log;
> >  int	dumpcore;		/* abort, not exit on fatal errs */
> > +bool	abort_after_force_needsrepair;
> >  int	force_geo;		/* can set geo on low confidence info */
> >  int	assume_xfs;		/* assume we have an xfs fs */
> >  char	*log_name;		/* Name of log device */
> > diff --git a/repair/globals.h b/repair/globals.h
> > index 043b3e8e..9fa73b2c 100644
> > --- a/repair/globals.h
> > +++ b/repair/globals.h
> > @@ -82,6 +82,8 @@ extern int	isa_file;
> >  extern int	zap_log;
> >  extern int	dumpcore;		/* abort, not exit on fatal errs */
> >  extern int	force_geo;		/* can set geo on low confidence info */
> > +/* Abort after forcing NEEDSREPAIR to test its functionality */
> > +extern bool	abort_after_force_needsrepair;
> >  extern int	assume_xfs;		/* assume we have an xfs fs */
> >  extern char	*log_name;		/* Name of log device */
> >  extern int	log_spec;		/* Log dev specified as option */
> > diff --git a/repair/phase1.c b/repair/phase1.c
> > index b26d25f8..57f72cd0 100644
> > --- a/repair/phase1.c
> > +++ b/repair/phase1.c
> > @@ -170,5 +170,10 @@ _("Cannot disable lazy-counters on V5 fs\n"));
> >  	 */
> >  	sb_ifree = sb_icount = sb_fdblocks = sb_frextents = 0;
> >  
> > +	/* Simulate a crash after setting needsrepair. */
> > +	if (primary_sb_modified && add_needsrepair &&
> > +	    abort_after_force_needsrepair)
> > +		exit(55);
> > +
> >  	free(sb);
> >  }
> > diff --git a/repair/xfs_repair.c b/repair/xfs_repair.c
> > index ee377e8a..ae7106a6 100644
> > --- a/repair/xfs_repair.c
> > +++ b/repair/xfs_repair.c
> > @@ -44,6 +44,7 @@ enum o_opt_nums {
> >  	BLOAD_LEAF_SLACK,
> >  	BLOAD_NODE_SLACK,
> >  	NOQUOTA,
> > +	FORCE_NEEDSREPAIR_ABORT,
> >  	O_MAX_OPTS,
> >  };
> >  
> > @@ -57,6 +58,7 @@ static char *o_opts[] = {
> >  	[BLOAD_LEAF_SLACK]	= "debug_bload_leaf_slack",
> >  	[BLOAD_NODE_SLACK]	= "debug_bload_node_slack",
> >  	[NOQUOTA]		= "noquota",
> > +	[FORCE_NEEDSREPAIR_ABORT] = "debug_force_needsrepair_abort",
> >  	[O_MAX_OPTS]		= NULL,
> >  };
> >  
> > @@ -282,6 +284,9 @@ process_args(int argc, char **argv)
> >  		_("-o debug_bload_node_slack requires a parameter\n"));
> >  					bload_node_slack = (int)strtol(val, NULL, 0);
> >  					break;
> > +				case FORCE_NEEDSREPAIR_ABORT:
> > +					abort_after_force_needsrepair = true;
> > +					break;
> >  				case NOQUOTA:
> >  					quotacheck_skip();
> >  					break;
> > @@ -795,6 +800,8 @@ force_needsrepair(
> >  		error = -libxfs_bwrite(bp);
> >  		if (error)
> >  			do_log(_("couldn't force needsrepair, err=%d\n"), error);
> > +		if (abort_after_force_needsrepair)
> > +			exit(55);
> >  	}
> >  	if (bp)
> >  		libxfs_buf_relse(bp);
> > 
> 