diff options
| author | Dave Chinner <dchinner@redhat.com> | 2013-06-11 22:19:06 -0400 |
|---|---|---|
| committer | Ben Myers <bpm@sgi.com> | 2013-06-14 16:59:45 -0400 |
| commit | d302cf1d316dca5f567e89872cf5d475c9a55f74 (patch) | |
| tree | 63912ef184e6494b6a810290e1d706aeef1da8a2 /fs | |
| parent | 088c9f67c3f53339d2bc20b42a9cb904901fdc5d (diff) | |
xfs: don't shutdown log recovery on validation errors
Unfortunately, we cannot guarantee that items logged multiple times
and replayed by log recovery do not take objects back in time. When
they are taken back in time, the go into an intermediate state which
is corrupt, and hence verification that occurs on this intermediate
state causes log recovery to abort with a corruption shutdown.
Instead of causing a shutdown and unmountable filesystem, don't
verify post-recovery items before they are written to disk. This is
less than optimal, but there is no way to detect this issue for
non-CRC filesystems If log recovery successfully completes, this
will be undone and the object will be consistent by subsequent
transactions that are replayed, so in most cases we don't need to
take drastic action.
For CRC enabled filesystems, leave the verifiers in place - we need
to call them to recalculate the CRCs on the objects anyway. This
recovery problem can be solved for such filesystems - we have a LSN
stamped in all metadata at writeback time that we can to determine
whether the item should be replayed or not. This is a separate piece
of work, so is not addressed by this patch.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
(cherry picked from commit 9222a9cf86c0d64ffbedf567412b55da18763aa3)
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/xfs/xfs_log_recover.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 45a85ff84da1..7cf5e4eafe28 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c | |||
| @@ -1845,7 +1845,13 @@ xlog_recover_do_inode_buffer( | |||
| 1845 | xfs_agino_t *buffer_nextp; | 1845 | xfs_agino_t *buffer_nextp; |
| 1846 | 1846 | ||
| 1847 | trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f); | 1847 | trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f); |
| 1848 | bp->b_ops = &xfs_inode_buf_ops; | 1848 | |
| 1849 | /* | ||
| 1850 | * Post recovery validation only works properly on CRC enabled | ||
| 1851 | * filesystems. | ||
| 1852 | */ | ||
| 1853 | if (xfs_sb_version_hascrc(&mp->m_sb)) | ||
| 1854 | bp->b_ops = &xfs_inode_buf_ops; | ||
| 1849 | 1855 | ||
| 1850 | inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog; | 1856 | inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog; |
| 1851 | for (i = 0; i < inodes_per_buf; i++) { | 1857 | for (i = 0; i < inodes_per_buf; i++) { |
| @@ -2205,7 +2211,16 @@ xlog_recover_do_reg_buffer( | |||
| 2205 | /* Shouldn't be any more regions */ | 2211 | /* Shouldn't be any more regions */ |
| 2206 | ASSERT(i == item->ri_total); | 2212 | ASSERT(i == item->ri_total); |
| 2207 | 2213 | ||
| 2208 | xlog_recovery_validate_buf_type(mp, bp, buf_f); | 2214 | /* |
| 2215 | * We can only do post recovery validation on items on CRC enabled | ||
| 2216 | * fielsystems as we need to know when the buffer was written to be able | ||
| 2217 | * to determine if we should have replayed the item. If we replay old | ||
| 2218 | * metadata over a newer buffer, then it will enter a temporarily | ||
| 2219 | * inconsistent state resulting in verification failures. Hence for now | ||
| 2220 | * just avoid the verification stage for non-crc filesystems | ||
| 2221 | */ | ||
| 2222 | if (xfs_sb_version_hascrc(&mp->m_sb)) | ||
| 2223 | xlog_recovery_validate_buf_type(mp, bp, buf_f); | ||
| 2209 | } | 2224 | } |
| 2210 | 2225 | ||
| 2211 | /* | 2226 | /* |