Commit a07b4557 authored by Darrick J. Wong's avatar Darrick J. Wong

xfs: scan the filesystem to repair a directory dotdot entry

Teach the online directory repair code to scan the filesystem so that we
can set the dotdot entry when we're rebuilding a directory.  This
involves dropping ILOCK on the directory that we're repairing, which
means that the VFS can sneak in and tell us to update dotdot at any
time.  Deal with these races by using a dirent hook to absorb dotdot
updates, and be careful not to check the scan results until after we've
retaken the ILOCK.
Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent b1991ee3
......@@ -199,6 +199,7 @@ xfs-y += $(addprefix scrub/, \
bmap_repair.o \
cow_repair.o \
dir_repair.o \
findparent.o \
fscounters_repair.o \
ialloc_repair.o \
inode_repair.o \
......
......@@ -38,8 +38,10 @@
#include "scrub/xfile.h"
#include "scrub/xfarray.h"
#include "scrub/xfblob.h"
#include "scrub/iscan.h"
#include "scrub/readdir.h"
#include "scrub/reap.h"
#include "scrub/findparent.h"
/*
* Directory Repair
......@@ -108,10 +110,10 @@ struct xrep_dir {
struct xfs_da_args args;
/*
* This is the parent that we're going to set on the reconstructed
* directory.
* Information used to scan the filesystem to find the inumber of the
* dotdot entry for this directory.
*/
xfs_ino_t parent_ino;
struct xrep_parent_scan_info pscan;
/* How many subdirectories did we find? */
uint64_t subdirs;
......@@ -131,6 +133,7 @@ xrep_dir_teardown(
{
struct xrep_dir *rd = sc->buf;
xrep_findparent_scan_teardown(&rd->pscan);
xfblob_destroy(rd->dir_names);
xfarray_destroy(rd->dir_entries);
}
......@@ -143,6 +146,8 @@ xrep_setup_directory(
struct xrep_dir *rd;
int error;
xchk_fsgates_enable(sc, XCHK_FSGATES_DIRENTS);
error = xrep_tempfile_create(sc, S_IFDIR);
if (error)
return error;
......@@ -179,8 +184,8 @@ xrep_dir_self_parent(
}
/*
* Look up the dotdot entry. Returns NULLFSINO if we don't know what to do.
* The next patch will check this more carefully.
* Look up the dotdot entry and confirm that it's really the parent.
* Returns NULLFSINO if we don't know what to do.
*/
static inline xfs_ino_t
xrep_dir_lookup_parent(
......@@ -196,37 +201,39 @@ xrep_dir_lookup_parent(
if (!xfs_verify_dir_ino(sc->mp, ino))
return NULLFSINO;
error = xrep_findparent_confirm(sc, &ino);
if (error)
return NULLFSINO;
return ino;
}
/*
* Try to find the parent of the directory being repaired.
*
* NOTE: This function will someday be augmented by the directory parent repair
* code, which will know how to check the parent and scan the filesystem if
* we cannot find anything. Inode scans will have to be done before we start
* salvaging directory entries, so we do this now.
*/
/* Try to find the parent of the directory being repaired. */
STATIC int
xrep_dir_find_parent(
struct xrep_dir *rd)
{
xfs_ino_t ino;
ino = xrep_dir_self_parent(rd);
ino = xrep_findparent_self_reference(rd->sc);
if (ino != NULLFSINO) {
rd->parent_ino = ino;
xrep_findparent_scan_finish_early(&rd->pscan, ino);
return 0;
}
ino = xrep_dir_lookup_parent(rd);
if (ino != NULLFSINO) {
rd->parent_ino = ino;
xrep_findparent_scan_finish_early(&rd->pscan, ino);
return 0;
}
/* NOTE: A future patch will deal with moving orphans. */
return -EFSCORRUPTED;
/*
* A full filesystem scan is the last resort. On a busy filesystem,
* the scan can fail with -EBUSY if we cannot grab IOLOCKs. That means
* that we don't know what who the parent is, so we should return to
* userspace.
*/
return xrep_findparent_scan(&rd->pscan);
}
/*
......@@ -931,6 +938,10 @@ xrep_dir_salvage_entries(
* the directory until we're ready for the exchange operation. Reads
* will return -EIO without shutting down the fs, so we're ok with
* that.
*
* The VFS can change dotdot on us, but the findparent scan will keep
* our incore parent inode up to date. See the note on locking issues
* for more details.
*/
error = xrep_trans_commit(sc);
if (error)
......@@ -1154,6 +1165,14 @@ xrep_dir_swap(
if (rd->subdirs + 2 > XFS_MAXLINK)
return -EFSCORRUPTED;
/*
* If we never found the parent for this directory, we can't fix this
* directory.
*/
ASSERT(sc->ilock_flags & XFS_ILOCK_EXCL);
if (rd->pscan.parent_ino == NULLFSINO)
return -EFSCORRUPTED;
/*
* Reset the temporary directory's '..' entry to point to the parent
* that we found. The temporary directory was created with the root
......@@ -1163,9 +1182,9 @@ xrep_dir_swap(
* It's also possible that this replacement could also expand a sf
* tempdir into block format.
*/
if (rd->parent_ino != sc->mp->m_rootip->i_ino) {
if (rd->pscan.parent_ino != sc->mp->m_rootip->i_ino) {
error = xrep_dir_replace(rd, rd->sc->tempip, &xfs_name_dotdot,
rd->parent_ino, rd->tx.req.resblks);
rd->pscan.parent_ino, rd->tx.req.resblks);
if (error)
return error;
}
......@@ -1224,7 +1243,7 @@ xrep_dir_rebuild_tree(
struct xfs_scrub *sc = rd->sc;
int error;
trace_xrep_dir_rebuild_tree(sc->ip, rd->parent_ino);
trace_xrep_dir_rebuild_tree(sc->ip, rd->pscan.parent_ino);
/*
* Take the IOLOCK on the temporary file so that we can run dir
......@@ -1281,8 +1300,6 @@ xrep_dir_setup_scan(
char *descr;
int error;
rd->parent_ino = NULLFSINO;
/* Set up some staging memory for salvaging dirents. */
descr = xchk_xfile_ino_descr(sc, "directory entries");
error = xfarray_create(descr, 0, sizeof(struct xrep_dirent),
......@@ -1297,8 +1314,15 @@ xrep_dir_setup_scan(
if (error)
goto out_xfarray;
error = xrep_findparent_scan_start(sc, &rd->pscan);
if (error)
goto out_xfblob;
return 0;
out_xfblob:
xfblob_destroy(rd->dir_names);
rd->dir_names = NULL;
out_xfarray:
xfarray_destroy(rd->dir_entries);
rd->dir_entries = NULL;
......
This diff is collapsed.
/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Copyright (c) 2020-2024 Oracle. All Rights Reserved.
* Author: Darrick J. Wong <djwong@kernel.org>
*/
#ifndef __XFS_SCRUB_FINDPARENT_H__
#define __XFS_SCRUB_FINDPARENT_H__
struct xrep_parent_scan_info {
struct xfs_scrub *sc;
/* Inode scan cursor. */
struct xchk_iscan iscan;
/* Hook to capture directory entry updates. */
struct xfs_dir_hook dhook;
/* Lock protecting parent_ino. */
struct mutex lock;
/* Parent inode that we've found. */
xfs_ino_t parent_ino;
bool lookup_parent;
};
int xrep_findparent_scan_start(struct xfs_scrub *sc,
struct xrep_parent_scan_info *pscan);
int xrep_findparent_scan(struct xrep_parent_scan_info *pscan);
void xrep_findparent_scan_teardown(struct xrep_parent_scan_info *pscan);
static inline void
xrep_findparent_scan_found(
struct xrep_parent_scan_info *pscan,
xfs_ino_t ino)
{
mutex_lock(&pscan->lock);
pscan->parent_ino = ino;
mutex_unlock(&pscan->lock);
}
void xrep_findparent_scan_finish_early(struct xrep_parent_scan_info *pscan,
xfs_ino_t ino);
int xrep_findparent_confirm(struct xfs_scrub *sc, xfs_ino_t *parent_ino);
xfs_ino_t xrep_findparent_self_reference(struct xfs_scrub *sc);
#endif /* __XFS_SCRUB_FINDPARENT_H__ */
......@@ -243,6 +243,17 @@ xchk_iscan_finish(
mutex_unlock(&iscan->lock);
}
/* Mark an inode scan finished before we actually scan anything. */
void
xchk_iscan_finish_early(
struct xchk_iscan *iscan)
{
ASSERT(iscan->cursor_ino == iscan->scan_start_ino);
ASSERT(iscan->__visited_ino == iscan->scan_start_ino);
xchk_iscan_finish(iscan);
}
/*
* Grab the AGI to advance the inode scan. Returns 0 if *agi_bpp is now set,
* -ECANCELED if the live scan aborted, -EBUSY if the AGI could not be grabbed,
......@@ -436,7 +447,12 @@ xchk_iscan_iget(
* It's possible that this inode has lost all of its links but
* hasn't yet been inactivated. If we don't have a transaction
* or it's not writable, flush the inodegc workers and wait.
* If we have a non-empty transaction, we must not block on
* inodegc, which allocates its own transactions.
*/
if (sc->tp && !(sc->tp->t_flags & XFS_TRANS_NO_WRITECOUNT))
xfs_inodegc_push(mp);
else
xfs_inodegc_flush(mp);
return xchk_iscan_iget_retry(iscan, true);
}
......
......@@ -88,6 +88,7 @@ xchk_iscan_set_agi_trylock(struct xchk_iscan *iscan)
void xchk_iscan_start(struct xfs_scrub *sc, unsigned int iget_timeout,
unsigned int iget_retry_delay, struct xchk_iscan *iscan);
void xchk_iscan_finish_early(struct xchk_iscan *iscan);
void xchk_iscan_teardown(struct xchk_iscan *iscan);
int xchk_iscan_iter(struct xchk_iscan *iscan, struct xfs_inode **ipp);
......
......@@ -2611,6 +2611,7 @@ DEFINE_EVENT(xrep_parent_salvage_class, name, \
TP_PROTO(struct xfs_inode *dp, xfs_ino_t ino), \
TP_ARGS(dp, ino))
DEFINE_XREP_PARENT_SALVAGE_EVENT(xrep_dir_salvaged_parent);
DEFINE_XREP_PARENT_SALVAGE_EVENT(xrep_findparent_dirent);
#endif /* IS_ENABLED(CONFIG_XFS_ONLINE_REPAIR) */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment