diff options
| author | Dave Chinner <dchinner@redhat.com> | 2013-06-03 01:28:46 -0400 |
|---|---|---|
| committer | Ben Myers <bpm@sgi.com> | 2013-06-04 18:35:51 -0400 |
| commit | 6fcdc59de28817d1fbf1bd58cc01f4f3fac858fb (patch) | |
| tree | a006da6d17f126e1b5819e488987a09c6e5ea384 /fs/xfs/xfs_qm.c | |
| parent | 5ae6e6a401957698f2bd8c9f4a86d86d02199fea (diff) | |
xfs: rework dquot CRCs
Calculating dquot CRCs when the backing buffer is written back just
doesn't work reliably. There are several places which manipulate
dquots directly in the buffers, and they don't calculate CRCs
appropriately, nor do they always set the buffer up to calculate
CRCs appropriately.
Firstly, if we log a dquot buffer (e.g. during allocation) it gets
logged without valid CRC, and so on recovery we end up with a dquot
that is not valid.
Secondly, if we recover/repair a dquot, we don't have a verifier
attached to the buffer and hence CRCs are not calculated on the way
down to disk.
Thirdly, calculating the CRC after we've changed the contents means
that if we re-read the dquot from the buffer, we cannot verify the
contents of the dquot are valid, as the CRC is invalid.
So, to avoid all the dquot CRC errors that are being detected by the
read verifier, change to using the same model as for inodes. That
is, dquot CRCs are calculated and written to the backing buffer at
the time the dquot is flushed to the backing buffer. If we modify
the dquot directly in the backing buffer, calculate the CRC
immediately after the modification is complete. Hence the dquot in
the on-disk buffer should always have a valid CRC.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Diffstat (limited to 'fs/xfs/xfs_qm.c')
| -rw-r--r-- | fs/xfs/xfs_qm.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c index f41702b43003..b75c9bb6e71e 100644 --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c | |||
| @@ -41,6 +41,7 @@ | |||
| 41 | #include "xfs_qm.h" | 41 | #include "xfs_qm.h" |
| 42 | #include "xfs_trace.h" | 42 | #include "xfs_trace.h" |
| 43 | #include "xfs_icache.h" | 43 | #include "xfs_icache.h" |
| 44 | #include "xfs_cksum.h" | ||
| 44 | 45 | ||
| 45 | /* | 46 | /* |
| 46 | * The global quota manager. There is only one of these for the entire | 47 | * The global quota manager. There is only one of these for the entire |
| @@ -839,7 +840,7 @@ xfs_qm_reset_dqcounts( | |||
| 839 | xfs_dqid_t id, | 840 | xfs_dqid_t id, |
| 840 | uint type) | 841 | uint type) |
| 841 | { | 842 | { |
| 842 | xfs_disk_dquot_t *ddq; | 843 | struct xfs_dqblk *dqb; |
| 843 | int j; | 844 | int j; |
| 844 | 845 | ||
| 845 | trace_xfs_reset_dqcounts(bp, _RET_IP_); | 846 | trace_xfs_reset_dqcounts(bp, _RET_IP_); |
| @@ -853,8 +854,12 @@ xfs_qm_reset_dqcounts( | |||
| 853 | do_div(j, sizeof(xfs_dqblk_t)); | 854 | do_div(j, sizeof(xfs_dqblk_t)); |
| 854 | ASSERT(mp->m_quotainfo->qi_dqperchunk == j); | 855 | ASSERT(mp->m_quotainfo->qi_dqperchunk == j); |
| 855 | #endif | 856 | #endif |
| 856 | ddq = bp->b_addr; | 857 | dqb = bp->b_addr; |
| 857 | for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { | 858 | for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { |
| 859 | struct xfs_disk_dquot *ddq; | ||
| 860 | |||
| 861 | ddq = (struct xfs_disk_dquot *)&dqb[j]; | ||
| 862 | |||
| 858 | /* | 863 | /* |
| 859 | * Do a sanity check, and if needed, repair the dqblk. Don't | 864 | * Do a sanity check, and if needed, repair the dqblk. Don't |
| 860 | * output any warnings because it's perfectly possible to | 865 | * output any warnings because it's perfectly possible to |
| @@ -871,7 +876,12 @@ xfs_qm_reset_dqcounts( | |||
| 871 | ddq->d_bwarns = 0; | 876 | ddq->d_bwarns = 0; |
| 872 | ddq->d_iwarns = 0; | 877 | ddq->d_iwarns = 0; |
| 873 | ddq->d_rtbwarns = 0; | 878 | ddq->d_rtbwarns = 0; |
| 874 | ddq = (xfs_disk_dquot_t *) ((xfs_dqblk_t *)ddq + 1); | 879 | |
| 880 | if (xfs_sb_version_hascrc(&mp->m_sb)) { | ||
| 881 | xfs_update_cksum((char *)&dqb[j], | ||
| 882 | sizeof(struct xfs_dqblk), | ||
| 883 | XFS_DQUOT_CRC_OFF); | ||
| 884 | } | ||
| 875 | } | 885 | } |
| 876 | } | 886 | } |
| 877 | 887 | ||
| @@ -907,19 +917,29 @@ xfs_qm_dqiter_bufs( | |||
| 907 | XFS_FSB_TO_DADDR(mp, bno), | 917 | XFS_FSB_TO_DADDR(mp, bno), |
| 908 | mp->m_quotainfo->qi_dqchunklen, 0, &bp, | 918 | mp->m_quotainfo->qi_dqchunklen, 0, &bp, |
| 909 | &xfs_dquot_buf_ops); | 919 | &xfs_dquot_buf_ops); |
| 910 | if (error) | ||
| 911 | break; | ||
| 912 | 920 | ||
| 913 | /* | 921 | /* |
| 914 | * XXX(hch): need to figure out if it makes sense to validate | 922 | * CRC and validation errors will return a EFSCORRUPTED here. If |
| 915 | * the CRC here. | 923 | * this occurs, re-read without CRC validation so that we can |
| 924 | * repair the damage via xfs_qm_reset_dqcounts(). This process | ||
| 925 | * will leave a trace in the log indicating corruption has | ||
| 926 | * been detected. | ||
| 916 | */ | 927 | */ |
| 928 | if (error == EFSCORRUPTED) { | ||
| 929 | error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, | ||
| 930 | XFS_FSB_TO_DADDR(mp, bno), | ||
| 931 | mp->m_quotainfo->qi_dqchunklen, 0, &bp, | ||
| 932 | NULL); | ||
| 933 | } | ||
| 934 | |||
| 935 | if (error) | ||
| 936 | break; | ||
| 937 | |||
| 917 | xfs_qm_reset_dqcounts(mp, bp, firstid, type); | 938 | xfs_qm_reset_dqcounts(mp, bp, firstid, type); |
| 918 | xfs_buf_delwri_queue(bp, buffer_list); | 939 | xfs_buf_delwri_queue(bp, buffer_list); |
| 919 | xfs_buf_relse(bp); | 940 | xfs_buf_relse(bp); |
| 920 | /* | 941 | |
| 921 | * goto the next block. | 942 | /* goto the next block. */ |
| 922 | */ | ||
| 923 | bno++; | 943 | bno++; |
| 924 | firstid += mp->m_quotainfo->qi_dqperchunk; | 944 | firstid += mp->m_quotainfo->qi_dqperchunk; |
| 925 | } | 945 | } |