On Wed, Sep 20, 2017 at 05:18:26PM -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > Create a function that can check the shape of a btree -- each block > passes basic inspection and all the pointers look ok. In the next patch > we'll add the ability to check the actual keys and records stored within > the btree. Add some helper functions so that we report detailed scrub > errors in a uniform manner in dmesg. These are helper functions for > subsequent patches. > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > --- > fs/xfs/libxfs/xfs_btree.c | 16 +++ > fs/xfs/libxfs/xfs_btree.h | 7 + > fs/xfs/scrub/btree.c | 236 +++++++++++++++++++++++++++++++++++++++++++++ > fs/xfs/scrub/common.h | 13 ++ > 4 files changed, 268 insertions(+), 4 deletions(-) > > ... > diff --git a/fs/xfs/scrub/btree.c b/fs/xfs/scrub/btree.c > index adf5d09..a9c2bf3 100644 > --- a/fs/xfs/scrub/btree.c > +++ b/fs/xfs/scrub/btree.c ... > @@ -109,6 +255,92 @@ xfs_scrub_btree( > struct xfs_owner_info *oinfo, > void *private) > { > - xfs_scrub_btree_op_ok(sc, cur, 0, false); > - return -EOPNOTSUPP; > + struct xfs_scrub_btree bs = {0}; > + union xfs_btree_ptr ptr; > + union xfs_btree_ptr *pp; > + struct xfs_btree_block *block; > + int level; > + struct xfs_buf *bp; > + int i; > + int error = 0; > + > + /* Initialize scrub state */ > + bs.cur = cur; > + bs.scrub_rec = scrub_fn; > + bs.oinfo = oinfo; > + bs.firstrec = true; > + bs.private = private; > + bs.sc = sc; > + for (i = 0; i < XFS_BTREE_MAXLEVELS; i++) > + bs.firstkey[i] = true; > + INIT_LIST_HEAD(&bs.to_check); > + > + /* Don't try to check a tree with a height we can't handle. */ > + if (!xfs_scrub_btree_check_ok(sc, cur, 0, cur->bc_nlevels > 0 && > + cur->bc_nlevels <= XFS_BTREE_MAXLEVELS)) > + goto out; > + > + /* Make sure the root isn't in the superblock. */ > + if (!(cur->bc_flags & XFS_BTREE_ROOT_IN_INODE)) { > + cur->bc_ops->init_ptr_from_cur(cur, &ptr); > + error = xfs_scrub_btree_ptr(&bs, cur->bc_nlevels, &ptr); > + if (!xfs_scrub_btree_op_ok(sc, cur, cur->bc_nlevels - 1, &error)) > + goto out; > + } > + This is kind of in line with Dave's comments on the previous patch that introduce some of these helpers. I just glanced over them for now because I didn't have enough context to grok the error processing. FWIW, the btree_op_ok()/btree_check_ok() stuff kind of makes my eyes cross a bit because I can't easily see the logic checks or distinguish between those and error code checks. This is also a bit confusing because it looks like we overload return codes for various things. E.g., we generate -EFSCORRUPTED in some cases just so the caller can set the state on the context and clear it, but then we still use the fact that an error _was_ set to control the flow of the task via the op_ok() return value. This makes some of the code flow/decision making logic hard to follow, particularly since some of that state looks like it can be lost. Case in point.. what happens if say xfs_btree_increment() returns -EFSCORRUPTED back to xfs_scrub_btree_block_check_sibling()? It looks to me that the latter calls btree_op_ok() to set the corrupt state, clears the error code and skips out appropriately. xfs_scrub_btree_block_check_sibling() now returns zero, which potentially bubbles up to xfs_scrub_btree() where we check the error code again. Is it expected that error == 0 here? What is supposed to happen here? I'm wondering if this could all be made more clear by trying to explicitly separate out operational errors, scrub failures and whatever we want to call the logic that clears an -EFSCORRUPTED/-EFSBADCRC error code but still indicates something happened. :P For starters, rather than wrap every logic check with btree_op_check(), could we use explicit logic and let each function update the context based on problems it found? For example, something like the following is much more easy to read for me than the associated logic above: /* Don't try to check a tree with a height we can't handle. */ if (!(cur->bc_nlevels > 0 && cur->bc_nlevels <= XFS_BTREE_MAXLEVELS)) { xfs_scrub_sc_corrupt(...); goto out; } And of course the context update calls could be factored into an out_corrupt label or something where appropriate. Beyond that, where we need to identify a bit of metadata is busted to perhaps do something like skip it but not abort (as we may have filtered out an -EFSCORRUPTED) return code, could we pass a flag down a particular callchain (i.e., think 'bool *bad' or 'int *stat' a la the core btree code)? Then we can still transfer that state back up the chain and the caller(s) can distinguish operational errors from "this thing is corrupted, act accordingly," regardless of how the corruption was detected. Brian > + /* Load the root of the btree. */ > + level = cur->bc_nlevels - 1; > + cur->bc_ops->init_ptr_from_cur(cur, &ptr); > + error = xfs_scrub_btree_block(&bs, level, &ptr, &block, &bp); > + if (!xfs_scrub_btree_op_ok(sc, cur, cur->bc_nlevels - 1, &error)) > + goto out; > + > + cur->bc_ptrs[level] = 1; > + > + while (level < cur->bc_nlevels) { > + block = xfs_btree_get_block(cur, level, &bp); > + > + if (level == 0) { > + /* End of leaf, pop back towards the root. */ > + if (cur->bc_ptrs[level] > > + be16_to_cpu(block->bb_numrecs)) { > + if (level < cur->bc_nlevels - 1) > + cur->bc_ptrs[level + 1]++; > + level++; > + continue; > + } > + > + if (xfs_scrub_should_terminate(&error)) > + break; > + > + cur->bc_ptrs[level]++; > + continue; > + } > + > + /* End of node, pop back towards the root. */ > + if (cur->bc_ptrs[level] > be16_to_cpu(block->bb_numrecs)) { > + if (level < cur->bc_nlevels - 1) > + cur->bc_ptrs[level + 1]++; > + level++; > + continue; > + } > + > + /* Drill another level deeper. */ > + pp = xfs_btree_ptr_addr(cur, cur->bc_ptrs[level], block); > + error = xfs_scrub_btree_ptr(&bs, level, pp); > + if (error) { > + error = 0; > + cur->bc_ptrs[level]++; > + continue; > + } > + level--; > + error = xfs_scrub_btree_block(&bs, level, pp, &block, &bp); > + if (!xfs_scrub_btree_op_ok(sc, cur, level, &error)) > + goto out; > + > + cur->bc_ptrs[level] = 1; > + } > + > +out: > + return error; > } > diff --git a/fs/xfs/scrub/common.h b/fs/xfs/scrub/common.h > index e1bb14b..9920488 100644 > --- a/fs/xfs/scrub/common.h > +++ b/fs/xfs/scrub/common.h > @@ -20,6 +20,19 @@ > #ifndef __XFS_SCRUB_COMMON_H__ > #define __XFS_SCRUB_COMMON_H__ > > +/* Should we end the scrub early? */ > +static inline bool > +xfs_scrub_should_terminate( > + int *error) > +{ > + if (fatal_signal_pending(current)) { > + if (*error == 0) > + *error = -EAGAIN; > + return true; > + } > + return false; > +} > + > /* > * Grab a transaction. If we're going to repair something, we need to > * ensure there's enough reservation to make all the changes. If not, > > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html