On Mon, Nov 25, 2019 at 3:07 PM Brian Foster <bfoster@xxxxxxxxxx> wrote: > > On Sun, Nov 24, 2019 at 11:38:53AM -0600, Eric Sandeen wrote: > > On 11/24/19 10:40 AM, Darrick J. Wong wrote: > > > On Sun, Nov 24, 2019 at 11:13:09AM +0200, Alex Lyakas wrote: > > > > ... > > > > >>>> With the suggested patch, xfs repair is working properly also when mount-provided sunit/swidth are different. > > >>>> > > >>>> However, I am not sure whether this is the proper approach. > > >>>> Otherwise, should we not allow specifying different sunit/swidth > > >>>> during mount? > > > > > > I propose a (somewhat) different solution to this problem: > > > > > > Port to libxfs the code that determines where mkfs/repair expect the > > > root inode. Whenever we want to update the geometry information in the > > > superblock from mount options, we can test the new ones to see if that > > > would cause sb_rootino to change. If there's no change, we update > > > everything like we do now. If it would change, either we run with those > > > parameters incore only (which I think is possible for su/sw?) or refuse > > > them (because corruption is bad). > > > > > > This way we don't lose the su/sw updating behavior we have now, and we > > > also gain the ability to shut down an entire class of accidental sb > > > geometry corruptions. > > > > Indeed, I was thinking about something similar with regard to > validation. ISTM that we either need some form of runtime validation... > > > I also wonder if we should be putting so much weight on the root inode > > location in repair, or if we could get away with other consistency checks > > to be sure it's legit, since we've always been able to move the > > "expected" Location. > > > > ... or to fix xfs_repair. ;) Fixing the latter seems ideal to me, but > I'm not sure how involved that is compared to a runtime fix. Clearly the > existing repair check is not a sufficient corruption check on its own. > Perhaps we could validate the inode pointed to by the superblock in > general and if that survives, verify it looks like a root directory..? > The unexpected location thing could still be a (i.e. bad alignment) > warning, but that's probably a separate topic. > > I'm not opposed to changing runtime behavior even with a repair fix, > fwiw. I wonder if conditionally updating the superblock is the right > behavior as it might be either too subtle for users or too disruptive if > some appliance out there happens to use a mount cycle to update su/sw. > Failing the mount seems preferable, but raises similar questions wrt to > changing behavior. Yes, it is corruption otherwise, but unless I'm > missing something it seems like a pretty rare corner case (e.g. how many > people change alignment like this? of those that do, how many ever run > xfs_repair?). >To me, the ideal behavior is for mount options to always > dictate runtime behavior and for a separate admin tool or script to make > persistent changes (with associated validation) to the superblock. This sounds inline with the proposed patch. > > Brian >
