OpenCloudOS-Kernel/fs/xfs
Brian Foster 4a4f66eac4 xfs: fix log recovery corruption error due to tail overwrite
If we consider the case where the tail (T) of the log is pinned long
enough for the head (H) to push and block behind the tail, we can
end up blocked in the following state without enough free space (f)
in the log to satisfy a transaction reservation:

	0	phys. log	N
	[-------HffT---H'--T'---]

The last good record in the log (before H) refers to T. The tail
eventually pushes forward (T') leaving more free space in the log
for writes to H. At this point, suppose space frees up in the log
for the maximum of 8 in-core log buffers to start flushing out to
the log. If this pushes the head from H to H', these next writes
overwrite the previous tail T. This is safe because the items logged
from T to T' have been written back and removed from the AIL.

If the next log writes (H -> H') happen to fail and result in
partial records in the log, the filesystem shuts down having
overwritten T with invalid data. Log recovery correctly locates H on
the subsequent mount, but H still refers to the now corrupted tail
T. This results in log corruption errors and recovery failure.

Since the tail overwrite results from otherwise correct runtime
behavior, it is up to log recovery to try and deal with this
situation. Update log recovery tail verification to run a CRC pass
from the first record past the tail to the head. This facilitates
error detection at T and moves the recovery tail to the first good
record past H' (similar to truncating the head on torn write
detection). If corruption is detected beyond the range possibly
affected by the max number of iclogs, the log is legitimately
corrupted and log recovery failure is expected.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2017-08-22 09:22:23 -07:00
..
libxfs xfs: fix inobt inode allocation search optimization 2017-08-11 16:56:33 -07:00
Kconfig xfs: define fatal assert build time tunable 2017-06-19 08:59:10 -07:00
Makefile xfs: use the common helper uuid_is_null() 2017-06-05 16:59:08 +02:00
kmem.c mm, vmalloc: use __GFP_HIGHMEM implicitly 2017-05-08 17:15:13 -07:00
kmem.h xfs: map KM_MAYFAIL to __GFP_RETRY_MAYFAIL 2017-07-12 16:26:03 -07:00
mrlock.h
xfs.h xfs: define fatal assert build time tunable 2017-06-19 08:59:10 -07:00
xfs_acl.c xfs: Don't clear SGID when inheriting ACLs 2017-06-27 18:23:21 -07:00
xfs_acl.h xfs: Don't clear SGID when inheriting ACLs 2017-06-27 18:23:21 -07:00
xfs_aops.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_aops.h xfs: use iomap_dio_rw 2016-11-30 14:37:15 +11:00
xfs_attr.h xfs: pass along transaction context when reading xattr block buffers 2017-06-20 10:45:22 -07:00
xfs_attr_inactive.c xfs: make several functions static 2016-06-01 17:38:15 +10:00
xfs_attr_list.c xfs: assert locking precondіtion in xfs_attr_list_int_ilocked 2017-07-13 14:55:05 -07:00
xfs_bmap_item.c xfs: try to avoid blowing out the transaction reservation when bunmaping a shared extent 2017-06-19 08:59:10 -07:00
xfs_bmap_item.h xfs: log bmap intent items 2016-10-04 11:05:44 -07:00
xfs_bmap_util.c xfs: refactor the ifork block counting function 2017-06-20 10:45:21 -07:00
xfs_bmap_util.h xfs: refactor the ifork block counting function 2017-06-20 10:45:21 -07:00
xfs_buf.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_buf.h xfs: push buffer of flush locked dquot to avoid quotacheck deadlock 2017-06-19 08:59:10 -07:00
xfs_buf_item.c xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_buf_item.h xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_dir2_readdir.c xfs: pass along transaction context when reading directory block buffers 2017-06-20 10:45:22 -07:00
xfs_discard.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_discard.h xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_dquot.c Revert "xfs: grab dquots without taking the ilock" 2017-07-13 14:55:05 -07:00
xfs_dquot.h xfs: fix implicit bool to int conversion 2015-01-09 10:48:58 +11:00
xfs_dquot_item.c xfs: allocate log vector buffers outside CIL context lock 2016-07-22 09:52:35 +10:00
xfs_dquot_item.h
xfs_error.c xfs: Check for m_errortag initialization in xfs_errortag_test 2017-07-01 21:08:47 -07:00
xfs_error.h xfs: replace log_badcrc_factor knob with error injection tag 2017-06-27 18:23:21 -07:00
xfs_export.c xfs: abstract block export operations from nfsd layouts 2016-07-15 15:31:29 -04:00
xfs_export.h
xfs_extent_busy.c xfs: fix len comparison in xfs_extent_busy_trim 2017-02-16 17:20:12 -08:00
xfs_extent_busy.h xfs: improve handling of busy extents in the low-level allocator 2017-02-09 10:50:25 -08:00
xfs_extfree_item.c xfs: better log intent item refcount checking 2017-04-25 09:40:42 -07:00
xfs_extfree_item.h xfs: refactor redo intent item processing 2016-08-03 11:23:49 +10:00
xfs_file.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_filestream.c Merge branch 'xfs-4.9-log-recovery-fixes' into for-next 2016-10-03 09:56:28 +11:00
xfs_filestream.h
xfs_fsmap.c xfs: only return detailed fsmap info if the caller has CAP_SYS_ADMIN 2017-05-16 12:26:16 -07:00
xfs_fsmap.h xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_fsops.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_fsops.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_globals.c xfs: define fatal assert build time tunable 2017-06-19 08:59:10 -07:00
xfs_icache.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_icache.h xfs: check if an inode is cached and allocated 2017-06-19 14:11:34 -07:00
xfs_icreate_item.c fs: xfs: xfs_icreate_item: constify xfs_item_ops structure 2016-11-28 14:57:42 +11:00
xfs_icreate_item.h
xfs_inode.c xfs: Fix per-inode DAX flag inheritance 2017-08-04 13:43:36 -07:00
xfs_inode.h xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA 2017-07-02 22:46:13 -07:00
xfs_inode_item.c xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_inode_item.h xfs: remove timestamps from incore inode 2016-02-09 16:54:58 +11:00
xfs_ioctl.c xfs: make errortag a per-mountpoint structure 2017-06-27 18:23:19 -07:00
xfs_ioctl.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_ioctl32.c xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_ioctl32.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_iomap.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_iomap.h xfs: introduce xfs_aligned_fsb_count 2017-02-06 17:47:46 -08:00
xfs_iops.c xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN 2017-07-07 08:37:26 -07:00
xfs_iops.h xfs: Propagate dentry down to inode_change_ok() 2016-09-22 10:56:19 +02:00
xfs_itable.c xfs: export various function for the online scrubber 2017-06-19 14:11:34 -07:00
xfs_itable.h xfs: export various function for the online scrubber 2017-06-19 14:11:34 -07:00
xfs_linux.h Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_log.c xfs: toggle readonly state around xfs_log_mount_finish 2017-08-22 09:22:23 -07:00
xfs_log.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_log_cil.c xfs: Fix leak of discard bio 2017-08-04 13:43:36 -07:00
xfs_log_priv.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_log_recover.c xfs: fix log recovery corruption error due to tail overwrite 2017-08-22 09:22:23 -07:00
xfs_message.c xfs: define bug_on_assert debug mode sysfs tunable 2017-06-19 08:59:10 -07:00
xfs_message.h
xfs_mount.c xfs: don't leak quotacheck dquots when cow recovery 2017-08-17 12:40:33 -07:00
xfs_mount.h xfs: convert drop_writes to use the errortag mechanism 2017-06-27 18:23:20 -07:00
xfs_mru_cache.c xfs: xfs_mru_cache_insert() should use GFP_NOFS 2015-03-25 14:57:53 +11:00
xfs_mru_cache.h
xfs_ondisk.h xfs: define the on-disk refcount btree format 2016-10-03 09:11:18 -07:00
xfs_pnfs.c xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_pnfs.h xfs: remove i_iolock and use i_rwsem in the VFS inode instead 2016-11-30 14:33:25 +11:00
xfs_qm.c xfs: fix quotacheck dquot id overflow infinite loop 2017-07-24 08:33:25 -07:00
xfs_qm.h xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_qm_bhv.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_qm_syscalls.c xfs: wait on new inodes during quotaoff dquot release 2017-04-28 08:11:08 -07:00
xfs_quota.h xfs: fix quota block reservation leak when tp allocates and frees blocks 2015-06-01 07:15:37 +10:00
xfs_quotaops.c xfs: remove a whitespace-only line from xfs_fs_get_nextdqblk 2017-07-01 21:09:33 -07:00
xfs_refcount_item.c xfs: better log intent item refcount checking 2017-04-25 09:40:42 -07:00
xfs_refcount_item.h xfs: log refcount intent items 2016-10-03 09:11:21 -07:00
xfs_reflink.c xfs: check _alloc_read_agf buffer pointer before using 2017-07-20 14:42:33 -07:00
xfs_reflink.h xfs: separate function to check if inode shares extents 2017-06-19 14:11:35 -07:00
xfs_rmap_item.c xfs: better log intent item refcount checking 2017-04-25 09:40:42 -07:00
xfs_rmap_item.h xfs: convert RUI log formats to use variable length arrays 2016-09-19 10:24:27 +10:00
xfs_rtalloc.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_rtalloc.h xfs: export various function for the online scrubber 2017-06-19 14:11:34 -07:00
xfs_stats.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_stats.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_super.c Changes for 4.13: 2017-07-10 10:51:53 -07:00
xfs_super.h xfs: don't block the log commit handler for discards 2017-02-09 11:36:40 -08:00
xfs_symlink.c xfs: assert locking precondition in xfs_readlink_bmap_ilocked 2017-07-13 14:55:05 -07:00
xfs_symlink.h xfs: allow reading of already-locked remote symbolic link 2017-06-20 10:45:22 -07:00
xfs_sysctl.c xfs: garbage collect old cowextsz reservations 2016-10-05 16:26:28 -07:00
xfs_sysctl.h xfs: define bug_on_assert debug mode sysfs tunable 2017-06-19 08:59:10 -07:00
xfs_sysfs.c xfs: replace log_badcrc_factor knob with error injection tag 2017-06-27 18:23:21 -07:00
xfs_sysfs.h xfs: configurable error behavior via sysfs 2016-05-18 10:58:51 +10:00
xfs_trace.c xfs: implement the GETFSMAP ioctl 2017-04-03 15:18:17 -07:00
xfs_trace.h xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_trans.c Changes for 4.12: 2017-05-06 11:46:16 -07:00
xfs_trans.h xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_trans_ail.c xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_trans_bmap.c xfs: try to avoid blowing out the transaction reservation when bunmaping a shared extent 2017-06-19 08:59:10 -07:00
xfs_trans_buf.c xfs: release bli from transaction properly on fs shutdown 2017-06-19 08:59:10 -07:00
xfs_trans_dquot.c xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_trans_extfree.c xfs: set up per-AG free space reservations 2016-09-19 10:30:52 +10:00
xfs_trans_inode.c fs: Replace current_fs_time() with current_time() 2016-09-27 21:06:22 -04:00
xfs_trans_priv.h xfs: Properly retry failed inode items in case of error during buffer writeback 2017-08-22 09:22:23 -07:00
xfs_trans_refcount.c xfs: connect refcount adjust functions to upper layers 2016-10-03 09:11:22 -07:00
xfs_trans_rmap.c xfs: remove double-underscore integer types 2017-06-19 14:11:33 -07:00
xfs_xattr.c xfs: several xattr functions can be void 2016-12-05 12:32:14 +11:00