xfs: handle -EFSCORRUPTED during head/tail verification
authorBrian Foster <bfoster@redhat.com>
Wed, 9 Aug 2017 01:21:53 +0000 (18:21 -0700)
committerDarrick J. Wong <darrick.wong@oracle.com>
Tue, 22 Aug 2017 16:22:24 +0000 (09:22 -0700)
Torn write and tail overwrite detection both trigger only on
-EFSBADCRC errors. While this is the most likely failure scenario
for each condition, -EFSCORRUPTED is still possible in certain cases
depending on what ends up on disk when a torn write or partial tail
overwrite occurs. For example, an invalid log record h_len can lead
to an -EFSCORRUPTED error when running the log recovery CRC pass.

Therefore, update log head and tail verification to trigger the
associated head/tail fixups in the event of -EFSCORRUPTED errors
along with -EFSBADCRC. Also, -EFSCORRUPTED can currently be returned
from xlog_do_recovery_pass() before rhead_blk is initialized if the
first record encountered happens to be corrupted. This leads to an
incorrect 'first_bad' return value. Initialize rhead_blk earlier in
the function to address that problem as well.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
fs/xfs/xfs_log_recover.c

index a5e2ca8f5cd637ef44ed3d7257c027178d3689c9..43d5df3a563f7aa3b234356f29c64b341fd22ccc 100644 (file)
@@ -1102,7 +1102,7 @@ xlog_verify_tail(
        first_bad = 0;
        error = xlog_do_recovery_pass(log, head_blk, *tail_blk,
                                      XLOG_RECOVER_CRCPASS, &first_bad);
-       while (error == -EFSBADCRC && first_bad) {
+       while ((error == -EFSBADCRC || error == -EFSCORRUPTED) && first_bad) {
                int     tail_distance;
 
                /*
@@ -1188,7 +1188,7 @@ xlog_verify_head(
         */
        error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk,
                                      XLOG_RECOVER_CRCPASS, &first_bad);
-       if (error == -EFSBADCRC) {
+       if ((error == -EFSBADCRC || error == -EFSCORRUPTED) && first_bad) {
                /*
                 * We've hit a potential torn write. Reset the error and warn
                 * about it.
@@ -5257,7 +5257,7 @@ xlog_do_recovery_pass(
        LIST_HEAD               (buffer_list);
 
        ASSERT(head_blk != tail_blk);
-       rhead_blk = 0;
+       blk_no = rhead_blk = tail_blk;
 
        for (i = 0; i < XLOG_RHASH_SIZE; i++)
                INIT_HLIST_HEAD(&rhash[i]);
@@ -5335,7 +5335,6 @@ xlog_do_recovery_pass(
        }
 
        memset(rhash, 0, sizeof(rhash));
-       blk_no = rhead_blk = tail_blk;
        if (tail_blk > head_blk) {
                /*
                 * Perform recovery around the end of the physical log.