On Wed, May 11, 2022 at 11:38:51AM +1000, Dave Chinner wrote:
> On Tue, May 10, 2022 at 06:08:48PM -0700, Darrick J. Wong wrote:
> > On Wed, May 11, 2022 at 11:06:51AM +1000, Dave Chinner wrote:
> > > On Tue, May 10, 2022 at 04:12:34PM -0700, Darrick J. Wong wrote:
> > > > On Mon, May 09, 2022 at 10:41:25AM +1000, Dave Chinner wrote:
> > > > > diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h
> > > > > index c9c867e3406c..ad52b5dc59e4 100644
> > > > > --- a/fs/xfs/libxfs/xfs_attr.h
> > > > > +++ b/fs/xfs/libxfs/xfs_attr.h
> > > > > @@ -530,4 +553,35 @@ void xfs_attri_destroy_cache(void);
> > > > > int __init xfs_attrd_init_cache(void);
> > > > > void xfs_attrd_destroy_cache(void);
> > > > >
> > > > > +/*
> > > > > + * Check to see if the attr should be upgraded from non-existent or shortform to
> > > > > + * single-leaf-block attribute list.
> > > > > + */
> > > > > +static inline bool
> > > > > +xfs_attr_is_shortform(
> > > > > + struct xfs_inode *ip)
> > > > > +{
> > > > > + return ip->i_afp->if_format == XFS_DINODE_FMT_LOCAL ||
> > > > > + (ip->i_afp->if_format == XFS_DINODE_FMT_EXTENTS &&
> > > > > + ip->i_afp->if_nextents == 0);
> > > > > +}
> > > > > +
> > > > > +static inline enum xfs_delattr_state
> > > > > +xfs_attr_init_add_state(struct xfs_da_args *args)
> > > > > +{
> > > > > + if (!args->dp->i_afp)
> > > > > + return XFS_DAS_DONE;
> > > >
> > > > If we're in add/replace attr call without an attr fork, why do we go
> > > > straight to finished?
> > >
> > > I suspect I've fixed all the issues that triggered crashes here
> > > because args->dp->i_afp was null. THere were transient states in a
> > > replace operaiton when the remove takes away the last attr, removes
> > > the attr fork, then calls the ADD operation. The add operation
> > > assumes that the attr fork has already been set up, and so bad
> > > things happened here.
> > >
> > > This also occurred when setting up recovery operations - recovery of
> > > an add/replace could start from that same "there's no attr fork"
> > > condition, and so calling xfs_inode_has_attr() or
> > > xfs_attr_is_shortform() direct from the reocovery setup code would
> > > go splat because ip->i_afp was null.
> > >
> > > I'm going to leave this for the moment (cleanup note made) because I
> > > don't want to have to find out that I missed a corner case somewhere
> > > they hard way right now. It's basically there to stop log recovery
> > > crashing hard, which only occurs when the experimental larp code is
> > > running, so I think this is safe to leave for a later cleanup.
> >
> > Hmm, in that case, can this become:
> >
> > if (!args->dp->i_afp) {
> > ASSERT(0);
> > return XFS_DAS_DONE;
> > }
>
> OK.
Ok, now generic/051 has reminded me exactly what this was for.
Shortform attr remove will remove the attr and the attr fork from
this code:
case XFS_DAS_SF_REMOVE:
error = xfs_attr_sf_removename(args);
attr->xattri_dela_state = xfs_attr_complete_op(attr,
xfs_attr_init_add_state(args));
break;
But if we are doing this as part of a REPLACE operation and we
still need to add the new attr, it calls xfs_attr_init_add_state()
to get the add state we should start with. That then hits the
null args->dp->i_afp case because the fork got removed.
This can't happen if we are doing a replace op, so we'd then check
if it's a shortform attr fork and return XFS_DAS_SF_ADD for the
replace to then execute. But it's not a replace op, so we can
have a null attr fork.
I'm going to restore the old code with a comment so that I don't
forget this again.
/*
* If called from the completion of a attr remove to determine
* the next state, the attribute fork may be null. This can occur on
* a pure remove, but we grab the next state before we check if a
* replace operation is being performed. Hence if the attr fork is
* null, it's a pure remove operation and we are done.
*/
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
