On Wed, Apr 21, 2021 at 05:49:13PM -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@xxxxxxxxxx> > > Make sure that the needsrepair feature flag can be cleared only by > repair and that mounts are prohibited when the feature is set. > > Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> > --- > v5.1: add a little randomness to x/770, fix the hook check function > --- Looks good, thanks for the tweaks: Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx> > common/xfs | 29 +++++++++++++++++ > tests/xfs/768 | 80 +++++++++++++++++++++++++++++++++++++++++++++++ > tests/xfs/768.out | 4 ++ > tests/xfs/770 | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++ > tests/xfs/770.out | 2 + > tests/xfs/group | 2 + > 6 files changed, 208 insertions(+) > create mode 100755 tests/xfs/768 > create mode 100644 tests/xfs/768.out > create mode 100755 tests/xfs/770 > create mode 100644 tests/xfs/770.out > > diff --git a/common/xfs b/common/xfs > index 2e78fd4f..ba6523ad 100644 > --- a/common/xfs > +++ b/common/xfs > @@ -312,6 +312,14 @@ _scratch_xfs_check() > _xfs_check $SCRATCH_OPTIONS $* $SCRATCH_DEV > } > > +# Check for secret debugging hooks in xfs_repair > +_require_libxfs_debug_flag() { > + local hook="$1" > + > + grep -q "$hook" "$(type -P xfs_repair)" || \ > + _notrun "libxfs debug hook $hook not detected?" > +} > + > _scratch_xfs_repair() > { > SCRATCH_OPTIONS="" > @@ -1099,3 +1107,24 @@ _xfs_get_cowgc_interval() { > _fail "Can't find cowgc interval procfs knob?" > fi > } > + > +# Print the status of the given features on the scratch filesystem. > +# Returns 0 if all features are found, 1 otherwise. > +_check_scratch_xfs_features() > +{ > + local features="$(_scratch_xfs_db -c 'version')" > + local output=("FEATURES:") > + local found=0 > + > + for feature in "$@"; do > + local status="NO" > + if echo "${features}" | grep -q -w "${feature}"; then > + status="YES" > + found=$((found + 1)) > + fi > + output+=("${feature}:${status}") > + done > + > + echo "${output[@]}" > + test "${found}" -eq "$#" > +} > diff --git a/tests/xfs/768 b/tests/xfs/768 > new file mode 100755 > index 00000000..84c54a6e > --- /dev/null > +++ b/tests/xfs/768 > @@ -0,0 +1,80 @@ > +#! /bin/bash > +# SPDX-License-Identifier: GPL-2.0-or-later > +# Copyright (c) 2021 Oracle. All Rights Reserved. > +# > +# FS QA Test No. 768 > +# > +# Make sure that the kernel won't mount a filesystem if repair forcibly sets > +# NEEDSREPAIR while fixing metadata. Corrupt a directory in such a way as > +# to force repair to write an invalid dirent value as a sentinel to trigger a > +# repair activity in a later phase. Use a debug knob in xfs_repair to abort > +# the repair immediately after forcing the flag on. > + > +seq=`basename $0` > +seqres=$RESULT_DIR/$seq > +echo "QA output created by $seq" > + > +here=`pwd` > +tmp=/tmp/$$ > +status=1 # failure is the default! > +trap "_cleanup; exit \$status" 0 1 2 3 15 > + > +_cleanup() > +{ > + cd / > + rm -f $tmp.* > +} > + > +# get standard environment, filters and checks > +. ./common/rc > +. ./common/filter > + > +# real QA test starts here > +_supported_fs xfs > +_require_scratch_nocheck > +_require_scratch_xfs_crc # needsrepair only exists for v5 > +_require_libxfs_debug_flag LIBXFS_DEBUG_WRITE_CRASH > + > +rm -f $seqres.full > + > +# Set up a real filesystem for our actual test > +_scratch_mkfs >> $seqres.full > + > +# Create a directory large enough to have a dir data block. 2k worth of > +# dirent names ought to do it. > +_scratch_mount > +mkdir -p $SCRATCH_MNT/fubar > +for i in $(seq 0 256 2048); do > + fname=$(printf "%0255d" $i) > + ln -s -f urk $SCRATCH_MNT/fubar/$fname > +done > +inum=$(stat -c '%i' $SCRATCH_MNT/fubar) > +_scratch_unmount > + > +# Fuzz the directory > +_scratch_xfs_db -x -c "inode $inum" -c "dblock 0" \ > + -c "fuzz -d bu[2].inumber add" >> $seqres.full > + > +# Try to repair the directory, force it to crash after setting needsrepair > +LIBXFS_DEBUG_WRITE_CRASH=ddev=2 _scratch_xfs_repair 2>> $seqres.full > +test $? -eq 137 || echo "repair should have been killed??" > + > +# We can't mount, right? > +_check_scratch_xfs_features NEEDSREPAIR > +_try_scratch_mount &> $tmp.mount > +res=$? > +_filter_scratch < $tmp.mount > +if [ $res -eq 0 ]; then > + echo "Should not be able to mount after needsrepair crash" > + _scratch_unmount > +fi > + > +# Repair properly this time and retry the mount > +_scratch_xfs_repair 2>> $seqres.full > +_check_scratch_xfs_features NEEDSREPAIR > + > +_scratch_mount > + > +# success, all done > +status=0 > +exit > diff --git a/tests/xfs/768.out b/tests/xfs/768.out > new file mode 100644 > index 00000000..1168ba25 > --- /dev/null > +++ b/tests/xfs/768.out > @@ -0,0 +1,4 @@ > +QA output created by 768 > +FEATURES: NEEDSREPAIR:YES > +mount: SCRATCH_MNT: mount(2) system call failed: Structure needs cleaning. > +FEATURES: NEEDSREPAIR:NO > diff --git a/tests/xfs/770 b/tests/xfs/770 > new file mode 100755 > index 00000000..5265eaca > --- /dev/null > +++ b/tests/xfs/770 > @@ -0,0 +1,91 @@ > +#! /bin/bash > +# SPDX-License-Identifier: GPL-2.0-or-later > +# Copyright (c) 2021 Oracle. All Rights Reserved. > +# > +# FS QA Test No. 770 > +# > +# Populate a filesystem with all types of metadata, then run repair with the > +# libxfs write failure trigger set to go after a single write. Check that the > +# injected error trips, causing repair to abort, that needsrepair is set on the > +# fs, the kernel won't mount; and that a non-injecting repair run clears > +# needsrepair and makes the filesystem mountable again. > +# > +# Repeat with the trip point set to successively higher numbers of writes until > +# we hit ~200 writes or repair manages to run to completion without tripping. > + > +seq=`basename $0` > +seqres=$RESULT_DIR/$seq > +echo "QA output created by $seq" > + > +here=`pwd` > +tmp=/tmp/$$ > +status=1 # failure is the default! > +trap "_cleanup; exit \$status" 0 1 2 3 15 > + > +_cleanup() > +{ > + cd / > + rm -f $tmp.* > +} > + > +# get standard environment, filters and checks > +. ./common/rc > +. ./common/populate > +. ./common/filter > + > +# real QA test starts here > +_supported_fs xfs > +_require_scratch_nocheck > +_require_scratch_xfs_crc # needsrepair only exists for v5 > +_require_populate_commands > +_require_libxfs_debug_flag LIBXFS_DEBUG_WRITE_CRASH > + > +rm -f $seqres.full > + > +# Populate the filesystem > +_scratch_populate_cached nofill >> $seqres.full 2>&1 > + > +max_writes=200 # 200 loops should be enough for anyone > +nr_incr=$((13 / TIME_FACTOR)) > +test $nr_incr -lt 1 && nr_incr=1 > +for ((nr_writes = 1; nr_writes < max_writes; nr_writes += nr_incr)); do > + # Add a tiny bit of randomness into each run > + allowed_writes=$(( nr_writes + (RANDOM % 7) )) > + echo "Setting debug hook to crash after $allowed_writes writes." >> $seqres.full > + > + # Start a repair and force it to abort after some number of writes > + LIBXFS_DEBUG_WRITE_CRASH=ddev=$allowed_writes \ > + _scratch_xfs_repair 2>> $seqres.full > + res=$? > + if [ $res -ne 0 ] && [ $res -ne 137 ]; then > + echo "repair failed with $res??" > + break > + elif [ $res -eq 0 ]; then > + [ $nr_writes -eq 1 ] && \ > + echo "ran to completion on the first try?" > + break > + fi > + > + # Check the state of NEEDSREPAIR after repair fails. If it isn't set > + # but repair -n says the fs is clean, then it's possible that the > + # injected error caused it to abort immediately after the write that > + # cleared NEEDSREPAIR. > + if ! _check_scratch_xfs_features NEEDSREPAIR > /dev/null && > + ! _scratch_xfs_repair -n &>> $seqres.full; then > + echo "NEEDSREPAIR should be set on corrupt fs" > + fi > +done > + > +# If NEEDSREPAIR is still set on the filesystem, ensure that a full run > +# cleans everything up. > +if _check_scratch_xfs_features NEEDSREPAIR > /dev/null; then > + echo "Clearing NEEDSREPAIR" >> $seqres.full > + _scratch_xfs_repair 2>> $seqres.full > + _check_scratch_xfs_features NEEDSREPAIR > /dev/null && \ > + echo "Repair failed to clear NEEDSREPAIR on the $nr_writes writes test" > +fi > + > +# success, all done > +echo Silence is golden. > +status=0 > +exit > diff --git a/tests/xfs/770.out b/tests/xfs/770.out > new file mode 100644 > index 00000000..725d740b > --- /dev/null > +++ b/tests/xfs/770.out > @@ -0,0 +1,2 @@ > +QA output created by 770 > +Silence is golden. > diff --git a/tests/xfs/group b/tests/xfs/group > index d1b1456b..461ae2b2 100644 > --- a/tests/xfs/group > +++ b/tests/xfs/group > @@ -522,3 +522,5 @@ > 537 auto quick > 538 auto stress > 539 auto quick mount > +768 auto quick repair > +770 auto repair >