On Mon 09-01-23 21:45:45, Zhihao Cheng wrote: > Following process will make data lost and could lead to a filesystem > corrupted problem: > > 1. jh(bh) is inserted into T1->t_checkpoint_list, bh is dirty, and > jh->b_transaction = NULL > 2. T1 is added into journal->j_checkpoint_transactions. > 3. Get bh prepare to write while doing checkpoing: > PA PB > do_get_write_access jbd2_log_do_checkpoint > spin_lock(&jh->b_state_lock) > if (buffer_dirty(bh)) > clear_buffer_dirty(bh) // clear buffer dirty > set_buffer_jbddirty(bh) > transaction = > journal->j_checkpoint_transactions > jh = transaction->t_checkpoint_list > if (!buffer_dirty(bh)) > __jbd2_journal_remove_checkpoint(jh) > // bh won't be flushed > jbd2_cleanup_journal_tail > __jbd2_journal_file_buffer(jh, transaction, BJ_Reserved) > 4. Aborting journal/Power-cut before writing latest bh on journal area. > > In this way we get a corrupted filesystem with bh's data lost. > > Fix it by moving the clearing of buffer_dirty bit just before the call > to __jbd2_journal_file_buffer(), both bit clearing and jh->b_transaction > assignment are under journal->j_list_lock locked, so that > jbd2_log_do_checkpoint() will wait until jh's new transaction fininshed > even bh is currently not dirty. And journal_shrink_one_cp_list() won't > remove jh from checkpoint list if the buffer head is reused in > do_get_write_access(). > > Fetch a reproducer in [Link]. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=216898 > Cc: <stable@xxxxxxxxxx> > Signed-off-by: Zhihao Cheng <chengzhihao1@xxxxxxxxxx> > Signed-off-by: zhanchengbin <zhanchengbin1@xxxxxxxxxx> > Suggested-by: Jan Kara <jack@xxxxxxx> Great, the patch looks good. Feel free to add: Reviewed-by: Jan Kara <jack@xxxxxxx> Just a suggestion for rephrasing of the comment below > - /* > - * In any case we need to clean the dirty flag and we must > - * do it under the buffer lock to be sure we don't race > - * with running write-out. > + * We need to clean the dirty flag and we must do it under the > + * buffer lock to be sure we don't race with running write-out. > */ > JBUFFER_TRACE(jh, "Journalling dirty buffer"); > clear_buffer_dirty(bh); > + /* > + * Setting jbddirty after clearing buffer dirty is necessary. > + * Function jbd2_journal_restart() could keep buffer on > + * BJ_Reserved list until the transaction committing, then the > + * buffer won't be dirtied by jbd2_journal_refile_buffer() > + * after committing, the buffer couldn't fall on disk even > + * last checkpoint finished, which may corrupt filesystem. > + */ As far as I understand you want to say: /* * The buffer is going to be added to BJ_Reserved list now * and nothing guarantees jbd2_journal_dirty_metadata() * will be ever called for it. So we need to set jbddirty * bit here to make sure the buffer is dirtied and written * out when the journaling machinery is done with it. */ > set_buffer_jbddirty(bh); > } Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
