Commit 4e6b8270 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: force the log offline when log intent item recovery fails 



If any part of log intent item recovery fails, we should shut down the
log immediately to stop the log from writing a clean unmount record to
disk, because the metadata is not consistent.  The inability to cancel a
dirty transaction catches most of these cases, but there are a few
things that have slipped through the cracks, such as ENOSPC from a
transaction allocation, or runtime errors that result in cancellation of
a non-dirty transaction.

This solves some weird behaviors reported by customers where a system
goes down, the first mount fails, the second succeeds, but then the fs
goes down later because of inconsistent metadata.

Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent 81ed9475

fs/xfs/xfs_log.c

+3 −0
Original line number Diff line number Diff line
@@ -755,6 +755,9 @@ xfs_log_mount_finish( 
	if (readonly)

		mp->m_flags |= XFS_MOUNT_RDONLY;



	/* Make sure the log is dead if we're returning failure. */

	ASSERT(!error || (mp->m_log->l_flags & XLOG_IO_ERROR));



	return error;

}

fs/xfs/xfs_log_recover.c

+4 −1
Original line number Diff line number Diff line
@@ -2458,8 +2458,10 @@ xlog_finish_defer_ops( 


		error = xfs_trans_alloc(mp, &resv, dfc->dfc_blkres,

				dfc->dfc_rtxres, XFS_TRANS_RESERVE, &tp);

		if (error)

		if (error) {

			xfs_force_shutdown(mp, SHUTDOWN_LOG_IO_ERROR);

			return error;

		}



		/*

		 * Transfer to this new transaction all the dfops we captured
@@ -3449,6 +3451,7 @@ xlog_recover_finish( 
			 * this) before we get around to xfs_log_mount_cancel.

			 */

			xlog_recover_cancel_intents(log);

			xfs_force_shutdown(log->l_mp, SHUTDOWN_LOG_IO_ERROR);

			xfs_alert(log->l_mp, "Failed to recover intents");

			return error;

		}