xfs: ensure EFD trans aborts on log recovery extent free failure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Log recovery attempts to free extents with leftover EFIs in the AIL
after initial processing. If the extent free fails (e.g., due to
unrelated fs corruption), the transaction is cancelled, though it
might not be dirtied at the time. If this is the case, the EFD does
not abort and thus does not release the EFI. This can lead to hangs
as the EFI pins the AIL.

Update xlog_recover_process_efi() to log the EFD in the transaction
before xfs_free_extent() errors are handled to ensure the
transaction is dirty, aborts the EFD and releases the EFI on error.
Since this is a requirement for EFD processing (and consistent with
xfs_bmap_finish()), update the EFD logging helper to do the extent
free and unconditionally log the EFD. This encodes the required EFD
logging behavior into the helper and reduces the likelihood of
errors down the road.

[dchinner: re-add xfs_alloc.h to xfs_log_recover.c to fix build
failure.]

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>

authored by

Brian Foster and committed by

Dave Chinner 10 years ago 6bc43af3 8d99fe92

+36 -30

4 changed files

expand all

xfs

xfs_bmap_util.c

xfs_log_recover.c

xfs_trans.h

xfs_trans_extfree.c

+7 -14

fs/xfs/xfs_bmap_util.c

··· 112 112 return error; 113 113 } 114 114 115 + /* 116 + * Get an EFD and free each extent in the list, logging to the EFD in 117 + * the process. The remaining bmap free list is cleaned up by the caller 118 + * on error. 119 + */ 115 120 efd = xfs_trans_get_efd(*tp, efi, flist->xbf_count); 116 121 for (free = flist->xbf_first; free != NULL; free = next) { 117 122 next = free->xbfi_next; 118 123 119 - /* 120 - * Free the extent and log the EFD to dirty the transaction 121 - * before handling errors. This ensures that the transaction is 122 - * aborted, which: 123 - * 124 - * 1.) releases the EFI and frees the EFD 125 - * 2.) shuts down the filesystem 126 - * 127 - * The bmap free list is cleaned up at a higher level. 128 - */ 129 - error = xfs_free_extent(*tp, free->xbfi_startblock, 130 - free->xbfi_blockcount); 131 - xfs_trans_log_efd_extent(*tp, efd, free->xbfi_startblock, 132 - free->xbfi_blockcount); 124 + error = xfs_trans_free_extent(*tp, efd, free->xbfi_startblock, 125 + free->xbfi_blockcount); 133 126 if (error) 134 127 return error; 135 128

+3 -3

fs/xfs/xfs_log_recover.c

··· 3752 3752 3753 3753 for (i = 0; i < efip->efi_format.efi_nextents; i++) { 3754 3754 extp = &(efip->efi_format.efi_extents[i]); 3755 - error = xfs_free_extent(tp, extp->ext_start, extp->ext_len); 3755 + error = xfs_trans_free_extent(tp, efdp, extp->ext_start, 3756 + extp->ext_len); 3756 3757 if (error) 3757 3758 goto abort_error; 3758 - xfs_trans_log_efd_extent(tp, efdp, extp->ext_start, 3759 - extp->ext_len); 3759 + 3760 3760 } 3761 3761 3762 3762 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);

+3 -4

fs/xfs/xfs_trans.h

··· 220 220 struct xfs_efd_log_item *xfs_trans_get_efd(xfs_trans_t *, 221 221 struct xfs_efi_log_item *, 222 222 uint); 223 - void xfs_trans_log_efd_extent(xfs_trans_t *, 224 - struct xfs_efd_log_item *, 225 - xfs_fsblock_t, 226 - xfs_extlen_t); 223 + int xfs_trans_free_extent(struct xfs_trans *, 224 + struct xfs_efd_log_item *, xfs_fsblock_t, 225 + xfs_extlen_t); 227 226 int xfs_trans_commit(struct xfs_trans *); 228 227 int __xfs_trans_roll(struct xfs_trans **, struct xfs_inode *, int *); 229 228 int xfs_trans_roll(struct xfs_trans **, struct xfs_inode *);

+23 -9

fs/xfs/xfs_trans_extfree.c

··· 25 25 #include "xfs_trans.h" 26 26 #include "xfs_trans_priv.h" 27 27 #include "xfs_extfree_item.h" 28 + #include "xfs_alloc.h" 28 29 29 30 /* 30 31 * This routine is called to allocate an "extent free intention" ··· 109 108 } 110 109 111 110 /* 112 - * This routine is called to indicate that the described 113 - * extent is to be logged as having been freed. It should 114 - * be called once for each extent freed. 111 + * Free an extent and log it to the EFD. Note that the transaction is marked 112 + * dirty regardless of whether the extent free succeeds or fails to support the 113 + * EFI/EFD lifecycle rules. 115 114 */ 116 - void 117 - xfs_trans_log_efd_extent(xfs_trans_t *tp, 118 - xfs_efd_log_item_t *efdp, 119 - xfs_fsblock_t start_block, 120 - xfs_extlen_t ext_len) 115 + int 116 + xfs_trans_free_extent( 117 + struct xfs_trans *tp, 118 + struct xfs_efd_log_item *efdp, 119 + xfs_fsblock_t start_block, 120 + xfs_extlen_t ext_len) 121 121 { 122 122 uint next_extent; 123 - xfs_extent_t *extp; 123 + struct xfs_extent *extp; 124 + int error; 124 125 126 + error = xfs_free_extent(tp, start_block, ext_len); 127 + 128 + /* 129 + * Mark the transaction dirty, even on error. This ensures the 130 + * transaction is aborted, which: 131 + * 132 + * 1.) releases the EFI and frees the EFD 133 + * 2.) shuts down the filesystem 134 + */ 125 135 tp->t_flags |= XFS_TRANS_DIRTY; 126 136 efdp->efd_item.li_desc->lid_flags |= XFS_LID_DIRTY; 127 137 ··· 142 130 extp->ext_start = start_block; 143 131 extp->ext_len = ext_len; 144 132 efdp->efd_next_extent++; 133 + 134 + return error; 145 135 }