Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ad694821 authored by Joseph Qi's avatar Joseph Qi Committed by Linus Torvalds
Browse files

ocfs2: fix race between crashed dio and rm 



There is a race case between crashed dio and rm, which will lead to
OCFS2_VALID_FL not set read-only.

  N1                              N2
  ------------------------------------------------------------------------
  dd with direct flag
                                  rm file
  crashed with an dio entry left
  in orphan dir
                                  clear OCFS2_VALID_FL in
                                  ocfs2_remove_inode
                                  recover N1 and read the corrupted inode,
                                  and set filesystem read-only

So we skip the inode deletion this time and wait for dio entry recovered
first.

Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent f57a22dd

fs/ocfs2/inode.c

+9 −0
Original line number Original line Diff line number Diff line
@@ -971,6 +971,7 @@ static void ocfs2_delete_inode(struct inode *inode) 
	int wipe, status;

	int wipe, status;

	sigset_t oldset;

	sigset_t oldset;

	struct buffer_head *di_bh = NULL;

	struct buffer_head *di_bh = NULL;

	struct ocfs2_dinode *di = NULL;





	trace_ocfs2_delete_inode(inode->i_ino,

	trace_ocfs2_delete_inode(inode->i_ino,

				 (unsigned long long)OCFS2_I(inode)->ip_blkno,

				 (unsigned long long)OCFS2_I(inode)->ip_blkno,
@@ -1025,6 +1026,14 @@ static void ocfs2_delete_inode(struct inode *inode) 
		goto bail_unlock_nfs_sync;

		goto bail_unlock_nfs_sync;

	}

	}





	di = (struct ocfs2_dinode *)di_bh->b_data;

	/* Skip inode deletion and wait for dio orphan entry recovered

	 * first */

	if (unlikely(di->i_flags & cpu_to_le32(OCFS2_DIO_ORPHANED_FL))) {

		ocfs2_cleanup_delete_inode(inode, 0);

		goto bail_unlock_inode;

	}



	/* Query the cluster. This will be the final decision made

	/* Query the cluster. This will be the final decision made

	 * before we go ahead and wipe the inode. */

	 * before we go ahead and wipe the inode. */

	status = ocfs2_query_inode_wipe(inode, di_bh, &wipe);

	status = ocfs2_query_inode_wipe(inode, di_bh, &wipe);

fs/ocfs2/journal.c

+3 −1
Original line number Original line Diff line number Diff line
@@ -2210,7 +2210,9 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb, 
			 * ocfs2_delete_inode. */

			 * ocfs2_delete_inode. */

			oi->ip_flags |= OCFS2_INODE_MAYBE_ORPHANED;

			oi->ip_flags |= OCFS2_INODE_MAYBE_ORPHANED;

			spin_unlock(&oi->ip_lock);

			spin_unlock(&oi->ip_lock);

		} else if ((orphan_reco_type == ORPHAN_NEED_TRUNCATE) &&

		}



		if ((orphan_reco_type == ORPHAN_NEED_TRUNCATE) &&

				(di->i_flags & cpu_to_le32(OCFS2_DIO_ORPHANED_FL))) {

				(di->i_flags & cpu_to_le32(OCFS2_DIO_ORPHANED_FL))) {

			ret = ocfs2_truncate_file(inode, di_bh,

			ret = ocfs2_truncate_file(inode, di_bh,

					i_size_read(inode));

					i_size_read(inode));