jbd2: discard dirty data when forgetting an un-journalled buffer

We do not unmap and clear dirty flag when forgetting a buffer without
journal or does not belongs to any transaction, so the invalid dirty
data may still be written to the disk later. It's fine if the
corresponding block is never used before the next mount, and it's also
fine that we invoke clean_bdev_aliases() related functions to unmap
the block device mapping when re-allocating such freed block as data
block. But this logic is somewhat fragile and risky that may lead to
data corruption if we forget to clean bdev aliases. So, It's better to
discard dirty data during forget time.

We have been already handled all the cases of forgetting journalled
buffer, this patch deal with the remaining two cases.

- buffer is not journalled yet,
- buffer is journalled but doesn't belongs to any transaction.

We invoke __bforget() instead of __brelese() when forgetting an
un-journalled buffer in jbd2_journal_forget(). After this patch we can
remove all clean_bdev_aliases() related calls in ext4.

Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>

1 files changed, 38 insertions, 4 deletions

diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index 6f4dff182c91..135f0a10f557 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1597,9 +1597,7 @@ int jbd2_journal_forget (handle_t *handle, struct buffer_head *bh)
                         __jbd2_journal_unfile_buffer(jh);
                         if (!buffer_jbd(bh)) {
                                 spin_unlock(&journal->j_list_lock);
-                                jbd_unlock_bh_state(bh);
-                                __bforget(bh);
-                                goto drop;
+                                goto not_jbd;
                         }
                 }
                 spin_unlock(&journal->j_list_lock);
@@ -1632,9 +1630,40 @@ int jbd2_journal_forget (handle_t *handle, struct buffer_head *bh)
                         if (was_modified)
                                 drop_reserve = 1;
                 }
+        } else {
+                /*
+                 * Finally, if the buffer is not belongs to any
+                 * transaction, we can just drop it now if it has no
+                 * checkpoint.
+                 */
+                spin_lock(&journal->j_list_lock);
+                if (!jh->b_cp_transaction) {
+                        JBUFFER_TRACE(jh, "belongs to none transaction");
+                        spin_unlock(&journal->j_list_lock);
+                        goto not_jbd;
+                }
+
+                /*
+                 * Otherwise, if the buffer has been written to disk,
+                 * it is safe to remove the checkpoint and drop it.
+                 */
+                if (!buffer_dirty(bh)) {
+                        __jbd2_journal_remove_checkpoint(jh);
+                        spin_unlock(&journal->j_list_lock);
+                        goto not_jbd;
+                }
+
+                /*
+                 * The buffer is still not written to disk, we should
+                 * attach this buffer to current transaction so that the
+                 * buffer can be checkpointed only after the current
+                 * transaction commits.
+                 */
+                clear_buffer_dirty(bh);
+                __jbd2_journal_file_buffer(jh, transaction, BJ_Forget);
+                spin_unlock(&journal->j_list_lock);
         }
 
-not_jbd:
         jbd_unlock_bh_state(bh);
         __brelse(bh);
 drop:
@@ -1643,6 +1672,11 @@ drop:
                 handle->h_buffer_credits++;
         }
         return err;
+
+not_jbd:
+        jbd_unlock_bh_state(bh);
+        __bforget(bh);
+        goto drop;
 }
 
 /**