On Fri, Jan 24, 2020 at 12:31:52PM +1100, Dave Chinner wrote:
> On Wed, Jan 22, 2020 at 11:42:22PM -0800, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> >
> > Convert xfs_buf_read_map() to return numeric error codes like most
> > everywhere else in xfs. This involves moving the open-coded logic that
> > reports metadata IO read / corruption errors and stales the buffer into
> > xfs_buf_read_map so that the logic is all in one place.
> >
> > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> .....
>
> > diff --git a/fs/xfs/xfs_trans_buf.c b/fs/xfs/xfs_trans_buf.c
> > index b5b3a78ef31c..56e7f8126cd7 100644
> > --- a/fs/xfs/xfs_trans_buf.c
> > +++ b/fs/xfs/xfs_trans_buf.c
> > @@ -298,36 +298,17 @@ xfs_trans_read_buf_map(
> > return 0;
> > }
> >
> > - bp = xfs_buf_read_map(target, map, nmaps, flags, ops);
> > - if (!bp) {
> > - if (!(flags & XBF_TRYLOCK))
> > - return -ENOMEM;
> > - return tp ? 0 : -EAGAIN;
> > - }
> > -
> > - /*
> > - * If we've had a read error, then the contents of the buffer are
> > - * invalid and should not be used. To ensure that a followup read tries
> > - * to pull the buffer from disk again, we clear the XBF_DONE flag and
> > - * mark the buffer stale. This ensures that anyone who has a current
> > - * reference to the buffer will interpret it's contents correctly and
> > - * future cache lookups will also treat it as an empty, uninitialised
> > - * buffer.
> > - */
> > - if (bp->b_error) {
> > - error = bp->b_error;
> > - if (!XFS_FORCED_SHUTDOWN(mp))
> > - xfs_buf_ioerror_alert(bp, __func__);
> > - bp->b_flags &= ~XBF_DONE;
> > - xfs_buf_stale(bp);
> > -
> > + error = xfs_buf_read_map(target, map, nmaps, flags, &bp, ops);
> > + switch (error) {
> > + case 0:
> > + break;
> > + case -EFSCORRUPTED:
> > + case -EIO:
> > if (tp && (tp->t_flags & XFS_TRANS_DIRTY))
> > - xfs_force_shutdown(tp->t_mountp, SHUTDOWN_META_IO_ERROR);
> > - xfs_buf_relse(bp);
> > -
> > - /* bad CRC means corrupted metadata */
> > - if (error == -EFSBADCRC)
> > - error = -EFSCORRUPTED;
> > + xfs_force_shutdown(tp->t_mountp,
> > + SHUTDOWN_META_IO_ERROR);
> > + /* fall through */
> > + default:
> > return error;
> > }
>
> Same question as Christoph - we're only trying to avoid ENOMEM and
> EAGAIN errors from shutting down the filesystem here, right?
> Every other type of IO error that could end up on bp->b_error would
> result in a shutdown, so perhaps this should be the other way
> around:
>
> switch (error) {
> case 0:
> break;
> default:
> /* shutdown stuff */
> /* fall through */
> case -ENOMEM:
> case -EAGAIN:
> return error;
> }
I agree that ENOMEM ought to be on the list of things that don't
immediately cause a shutdown if the transaction is dirty.
--D
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@xxxxxxxxxxxxx
