If we've read a buffer and it's had an error (e.g a bad CRC) and the
caller corrects the problem with the buffer and writes it via
libxfs_writebuf() without clearing the error on the buffer,
subsequent reads of the buffer while it is still in cache can see
that error and fail inappropriately.
xfs/033 demonstrates this error, where phase 3 detects the corrupted
root inode and clears, but doesn't clear the b_error field. Later in
phase 6, the code that rebuilds the root directory tries to read the
root inode and sees a buffer with an error on it, thereby triggering
a fatal repair failure:
Phase 3 - for each AG...
- scan and clear agi unlinked lists...
- process known inodes and perform inode discovery...
- agno = 0
xfs_inode_buf_verify: XFS_CORRUPTION_ERROR
bad magic number 0x0 on inode 64
....
cleared root inode 64
....
Phase 6 - check inode connectivity...
reinitializing root directory
xfs_imap_to_bp: xfs_trans_read_buf() returned error 117.
fatal error -- could not iget root inode -- error - 117
#
Fix this by assuming buffers that are written are clean and correct
and hence we can zero the b_error field before retiring the buffer
to the cache.
Reported-by: Eric Sandeen <esandeen@redhat.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Sandeen <esandeen@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
int
libxfs_writebuf_int(xfs_buf_t *bp, int flags)
{
+ /*
+ * Clear any error hanging over from reading the buffer. This prevents
+ * subsequent reads after this write from seeing stale errors.
+ */
+ bp->b_error = 0;
bp->b_flags |= (LIBXFS_B_DIRTY | flags);
return 0;
}
(long long)LIBXFS_BBTOOFF64(bp->b_bn),
(long long)bp->b_bn);
#endif
+ /*
+ * Clear any error hanging over from reading the buffer. This prevents
+ * subsequent reads after this write from seeing stale errors.
+ */
+ bp->b_error = 0;
bp->b_flags |= (LIBXFS_B_DIRTY | flags);
libxfs_putbuf(bp);
return 0;
projects / thirdparty / xfsprogs-dev.git / commitdiff
