diff options
| author | Daeho Jeong <daeho.jeong@samsung.com> | 2015-10-18 17:02:56 -0400 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2015-11-27 12:48:21 +0000 |
| commit | 08c89a611041ac892e150dbed3e745c1bb255baa (patch) | |
| tree | 7c0869c57a940c2cb085aae8551538dbeaff89ab /fs | |
| parent | 2a97932f99303b32c6683f136628298da7f85323 (diff) | |
ext4, jbd2: ensure entering into panic after recording an error in superblock
commit 4327ba52afd03fc4b5afa0ee1d774c9c5b0e85c5 upstream.
If a EXT4 filesystem utilizes JBD2 journaling and an error occurs, the
journaling will be aborted first and the error number will be recorded
into JBD2 superblock and, finally, the system will enter into the
panic state in "errors=panic" option. But, in the rare case, this
sequence is little twisted like the below figure and it will happen
that the system enters into panic state, which means the system reset
in mobile environment, before completion of recording an error in the
journal superblock. In this case, e2fsck cannot recognize that the
filesystem failure occurred in the previous run and the corruption
wouldn't be fixed.
Task A Task B
ext4_handle_error()
-> jbd2_journal_abort()
-> __journal_abort_soft()
-> __jbd2_journal_abort_hard()
| -> journal->j_flags |= JBD2_ABORT;
|
| __ext4_abort()
| -> jbd2_journal_abort()
| | -> __journal_abort_soft()
| | -> if (journal->j_flags & JBD2_ABORT)
| | return;
| -> panic()
|
-> jbd2_journal_update_sb_errno()
Tested-by: Hobin Woo <hobin.woo@samsung.com>
Signed-off-by: Daeho Jeong <daeho.jeong@samsung.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ext4/super.c | 12 | ||||
| -rw-r--r-- | fs/jbd2/journal.c | 6 |
2 files changed, 15 insertions, 3 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index e2cf43bc689f..52b8ac740201 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -463,9 +463,13 @@ static void ext4_handle_error(struct super_block *sb) ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); sb->s_flags |= MS_RDONLY; } - if (test_opt(sb, ERRORS_PANIC)) + if (test_opt(sb, ERRORS_PANIC)) { + if (EXT4_SB(sb)->s_journal && + !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) + return; panic("EXT4-fs (device %s): panic forced after error\n", sb->s_id); + } } void __ext4_error(struct super_block *sb, const char *function, @@ -628,8 +632,12 @@ void __ext4_abort(struct super_block *sb, const char *function, jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); save_error_info(sb, function, line); } - if (test_opt(sb, ERRORS_PANIC)) + if (test_opt(sb, ERRORS_PANIC)) { + if (EXT4_SB(sb)->s_journal && + !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) + return; panic("EXT4-fs panic from previous error\n"); + } } void ext4_msg(struct super_block *sb, const char *prefix, const char *fmt, ...) diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 7b7607e21815..c19b8cecbfe1 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -1956,8 +1956,12 @@ static void __journal_abort_soft (journal_t *journal, int errno) __jbd2_journal_abort_hard(journal); - if (errno) + if (errno) { jbd2_journal_update_sb_errno(journal); + write_lock(&journal->j_state_lock); + journal->j_flags |= JBD2_REC_ERR; + write_unlock(&journal->j_state_lock); + } } /** |