[PATCH RFC] xfs: warn instead of fail verifier on empty attr3 leaf block

[Brian Foster <bfoster@redhat.com>]

Signed-off-by: Brian Foster <bfoster@redhat.com>
---

What do folks think of something like this? We have a user report of a
corresponding read verifier failure while processing unlinked inodes.
This presumably means the attr fork was put in this state because the
format conversion and xattr set are not atomic. For example, the
filesystem crashed after the format conversion transaction hit the log
but before the xattr set transaction. The subsequent recovery succeeds
according to the logic below, but if the attr didn't hit the log the
leaf block remains empty and sets a landmine for the next read attempt.
This either prevents further xattr operations on the inode or prevents
the inode from being removed from the unlinked list due to xattr
inactivation failure.

I've not confirmed that this is how the user got into this state, but
I've confirmed that it's possible. We have a couple band aids now (this
and the writeback variant) that intend to deal with this problem and
still haven't quite got it right, so personally I'm inclined to accept
the reality that an empty attr leaf block is an expected state based on
our current xattr implementation and just remove the check from the
verifier (at least until we have atomic sets). I turned it into a
warning/comment for the purpose of discussion. Thoughts?

Brian

 fs/xfs/libxfs/xfs_attr_leaf.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index 863444e2dda7..71cee43669e1 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -309,12 +309,18 @@ xfs_attr3_leaf_verify(
 		return fa;
 
 	/*
-	 * In recovery there is a transient state where count == 0 is valid
-	 * because we may have transitioned an empty shortform attr to a leaf
-	 * if the attr didn't fit in shortform.
+	 * There is a valid count == 0 state if we transitioned an empty
+	 * shortform attr to leaf format because an attr didn't fit in
+	 * shortform. This is intended to transient during recovery, but in
+	 * reality is not because the attr comes in a separate transaction from
+	 * format conversion and may not have hit the log. Warn if we encounter
+	 * this outside of recovery just to inform the user something might be
+	 * off.
 	 */
 	if (!xfs_log_in_recovery(mp) && ichdr.count == 0)
-		return __this_address;
+		xfs_warn(mp,
+	"Empty attr leaf block (bno 0x%llx). attr fork in unexpected format\n",
+			 bp->b_bn);
 
 	/*
 	 * firstused is the block offset of the first name info structure.
-- 
2.21.1