Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx> --- What do folks think of something like this? We have a user report of a corresponding read verifier failure while processing unlinked inodes. This presumably means the attr fork was put in this state because the format conversion and xattr set are not atomic. For example, the filesystem crashed after the format conversion transaction hit the log but before the xattr set transaction. The subsequent recovery succeeds according to the logic below, but if the attr didn't hit the log the leaf block remains empty and sets a landmine for the next read attempt. This either prevents further xattr operations on the inode or prevents the inode from being removed from the unlinked list due to xattr inactivation failure. I've not confirmed that this is how the user got into this state, but I've confirmed that it's possible. We have a couple band aids now (this and the writeback variant) that intend to deal with this problem and still haven't quite got it right, so personally I'm inclined to accept the reality that an empty attr leaf block is an expected state based on our current xattr implementation and just remove the check from the verifier (at least until we have atomic sets). I turned it into a warning/comment for the purpose of discussion. Thoughts? Brian fs/xfs/libxfs/xfs_attr_leaf.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 863444e2dda7..71cee43669e1 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -309,12 +309,18 @@ xfs_attr3_leaf_verify( return fa; /* - * In recovery there is a transient state where count == 0 is valid - * because we may have transitioned an empty shortform attr to a leaf - * if the attr didn't fit in shortform. + * There is a valid count == 0 state if we transitioned an empty + * shortform attr to leaf format because an attr didn't fit in + * shortform. This is intended to transient during recovery, but in + * reality is not because the attr comes in a separate transaction from + * format conversion and may not have hit the log. Warn if we encounter + * this outside of recovery just to inform the user something might be + * off. */ if (!xfs_log_in_recovery(mp) && ichdr.count == 0) - return __this_address; + xfs_warn(mp, + "Empty attr leaf block (bno 0x%llx). attr fork in unexpected format\n", + bp->b_bn); /* * firstused is the block offset of the first name info structure. -- 2.21.1
