ext4, jbd2: ensure entering into panic after recording an error in superblock
authorDaeho Jeong <daeho.jeong@samsung.com>
Sun, 18 Oct 2015 21:02:56 +0000 (17:02 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Sun, 18 Oct 2015 21:02:56 +0000 (17:02 -0400)
If a EXT4 filesystem utilizes JBD2 journaling and an error occurs, the
journaling will be aborted first and the error number will be recorded
into JBD2 superblock and, finally, the system will enter into the
panic state in "errors=panic" option.  But, in the rare case, this
sequence is little twisted like the below figure and it will happen
that the system enters into panic state, which means the system reset
in mobile environment, before completion of recording an error in the
journal superblock. In this case, e2fsck cannot recognize that the
filesystem failure occurred in the previous run and the corruption
wouldn't be fixed.

Task A                        Task B
ext4_handle_error()
-> jbd2_journal_abort()
  -> __journal_abort_soft()
    -> __jbd2_journal_abort_hard()
    | -> journal->j_flags |= JBD2_ABORT;
    |
    |                         __ext4_abort()
    |                         -> jbd2_journal_abort()
    |                         | -> __journal_abort_soft()
    |                         |   -> if (journal->j_flags & JBD2_ABORT)
    |                         |           return;
    |                         -> panic()
    |
    -> jbd2_journal_update_sb_errno()

Tested-by: Hobin Woo <hobin.woo@samsung.com>
Signed-off-by: Daeho Jeong <daeho.jeong@samsung.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
fs/ext4/super.c
fs/jbd2/journal.c
include/linux/jbd2.h

index 49fa4d48b6a44896176db7d51324c05bbc146383..639613fe20aa9c5b39b4c981fd28a4958000f52c 100644 (file)
@@ -388,9 +388,13 @@ static void ext4_handle_error(struct super_block *sb)
                smp_wmb();
                sb->s_flags |= MS_RDONLY;
        }
-       if (test_opt(sb, ERRORS_PANIC))
+       if (test_opt(sb, ERRORS_PANIC)) {
+               if (EXT4_SB(sb)->s_journal &&
+                 !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR))
+                       return;
                panic("EXT4-fs (device %s): panic forced after error\n",
                        sb->s_id);
+       }
 }
 
 #define ext4_error_ratelimit(sb)                                       \
@@ -585,8 +589,12 @@ void __ext4_abort(struct super_block *sb, const char *function,
                        jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO);
                save_error_info(sb, function, line);
        }
-       if (test_opt(sb, ERRORS_PANIC))
+       if (test_opt(sb, ERRORS_PANIC)) {
+               if (EXT4_SB(sb)->s_journal &&
+                 !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR))
+                       return;
                panic("EXT4-fs panic from previous error\n");
+       }
 }
 
 void __ext4_msg(struct super_block *sb,
index eb8a7546e8a4c415be8b566a7c4299042280d01f..81e622681c82273aa050eb85cdb057b1fea0e79e 100644 (file)
@@ -2072,8 +2072,12 @@ static void __journal_abort_soft (journal_t *journal, int errno)
 
        __jbd2_journal_abort_hard(journal);
 
-       if (errno)
+       if (errno) {
                jbd2_journal_update_sb_errno(journal);
+               write_lock(&journal->j_state_lock);
+               journal->j_flags |= JBD2_REC_ERR;
+               write_unlock(&journal->j_state_lock);
+       }
 }
 
 /**
index b5ca2314cace27c9d21a80b2d252287685067fc5..65407f6c9120ae25e814ea98e60d170f035c8ace 100644 (file)
@@ -1112,6 +1112,7 @@ JBD2_FEATURE_INCOMPAT_FUNCS(csum3,                CSUM_V3)
 #define JBD2_ABORT_ON_SYNCDATA_ERR     0x040   /* Abort the journal on file
                                                 * data write error in ordered
                                                 * mode */
+#define JBD2_REC_ERR   0x080   /* The errno in the sb has been recorded */
 
 /*
  * Function declarations for the journaling transaction and buffer