• Brian Foster's avatar
    xfs: fix broken icreate log item cancellation · fc0d1656
    Brian Foster authored
    Inode cluster buffers are invalidated and cancelled when inode chunks
    are freed to notify log recovery that previous logged updates to the
    metadata buffer should be skipped. This ensures that log recovery does
    not overwrite buffers that might have already been reused.
    
    On v4 filesystems, inode chunk allocation and inode updates are logged
    via the cluster buffers and thus cancellation is easily detected via
    buffer cancellation items. v5 filesystems use the new icreate
    transaction, which uses logical logging and ordered buffers to log a
    full inode chunk allocation at once. The resulting icreate item often
    spans multiple inode cluster buffers.
    
    Log recovery checks for cancelled buffers when processing icreate log
    items, but it has a couple problems. First, it uses the full length of
    the inode chunk rather than the cluster size. Second, it uses the length
    in FSB units rather than BB units. Either of these problems prevent
    icreate recovery from identifying cancelled buffers and thus inode
    initialization proceeds unconditionally.
    
    Update xlog_recover_do_icreate_pass2() to iterate the icreate range in
    cluster sized increments and check each increment for cancellation.
    Since icreate is currently only used for the minimum atomic inode chunk
    allocation, we expect that either all or none of the buffers will be
    cancelled. Cancel the icreate if at least one buffer is cancelled to
    avoid making a bad situation worse by initializing a partial inode
    chunk, but detect such anomalies and warn the user.
    Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
    Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
    Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
    fc0d1656
xfs_log_recover.c 130 KB