Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2119201pxf;
        Sat, 27 Mar 2021 03:09:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzMEn3yQP8yduXfowzMoIPS1iTcgGFsvikeSme+hBYuhTvekvY1JS/vYNdrdh1CuEAPMkvs
X-Received: by 2002:a05:6402:40d5:: with SMTP id z21mr20168070edb.20.1616839761721;
        Sat, 27 Mar 2021 03:09:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616839761; cv=none;
        d=google.com; s=arc-20160816;
        b=fNvJBt21l13WpaCSynlyhJtPQABrJZ+HEvAophALhFYD6IqPJqfZx1nI050aXinsyb
         DqJk/2ja92oDr/Ec2H/8xpJYH3Rn7qW1Qbiifq/BFqY/gTODmuPlj0CXQM+yt3ABoYfv
         c9OkHFim05eU1E9GPACTK4HgpdERRPmlfMNdxIcE+2LUHj9UXR1I7+LqfesXK1sdSpcs
         ewiFAWpRrAk/peUty0RKXIPrrK6lX33zWFrDJDQMlJCrVWGVcWU3K+SguS8CEZmlje46
         Pukr0Vppj72yEId7D8IPmVlHOaHX2Ak75rOR4P14WOplhsP9sUD9+tqV+qfikp7LIU3W
         KyXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:references:cc
         :to:from:subject;
        bh=3m8p1vRhkkAlpU87lam1ofVUxisq424++EJkwpIA8ac=;
        b=fuSkJG973rqAu6o3uVJUH5YilOZ/X2NZDYNUtKBjMdZ40XGPvInmnWc+PHTSyc4ko0
         Xd3UTQiFiVvKDBh+MiXGfGuiJNa/7fbmDgO9FLRe3eRjVq3G3xvYDcCNa6RUugvSltIq
         2e+qoDSpWfTekkbVGDtSCZdh5IL3WJEEDxBtnc537H6EkoOBAcjBgX27f0QmrsR4+tvg
         8mAY1m8bq9p4zzdXpLnuOWLagpaZm0BBf+8wOklXk+dJ8lag+RkyhJYyK1tcYCCihbkd
         By6I0SlCRdHfLgOxzwM08io0dvGYJRH3kMQMqwVuCWx8s4dAJINfx2o1j6HEv6kq0S+K
         BPQw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w19si2223671eds.331.2021.03.27.03.08.59;
        Sat, 27 Mar 2021 03:09:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231209AbhC0KEd (ORCPT <rfc822;maguicai@gmail.com> + 99 others);
        Sat, 27 Mar 2021 06:04:33 -0400
Received: from szxga04-in.huawei.com ([45.249.212.190]:15075 "EHLO
        szxga04-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230427AbhC0KDZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 27 Mar 2021 06:03:25 -0400
Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.60])
        by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4F6vW03P3dz1BHQR;
        Sat, 27 Mar 2021 18:01:16 +0800 (CST)
Received: from [10.136.110.154] (10.136.110.154) by smtp.huawei.com
 (10.3.19.210) with Microsoft SMTP Server (TLS) id 14.3.498.0; Sat, 27 Mar
 2021 18:03:16 +0800
Subject: Re: [f2fs-dev] [PATCH] Revert "f2fs: give a warning only for readonly
 partition"
From:   Chao Yu <yuchao0@huawei.com>
To:     Jaegeuk Kim <jaegeuk@kernel.org>
CC:     <linux-kernel@vger.kernel.org>,
        <linux-f2fs-devel@lists.sourceforge.net>
References: <20210323064155.12582-1-yuchao0@huawei.com>
 <YFo16ADpWJ7OUAvK@google.com>
 <107e671d-68ea-1a74-521e-ab2b6fe36416@huawei.com>
 <YFq+aQW7eihFuSst@google.com>
 <c5850f4b-ebe8-bc34-10c6-ab27d562d621@huawei.com>
 <YFvA6uzDLeD7dRdY@google.com>
 <8b0b0782-a667-9edc-5ee9-98ac9f67b7b7@huawei.com>
 <c1e48546-f61b-5db9-13b6-6430ce368661@huawei.com>
 <YF02sFKa778eomr9@google.com>
 <84688aac-75da-1226-df4d-47ac97087c51@huawei.com>
 <YF4aJYVwOVtWsAbH@google.com>
 <4b64099b-064d-43a8-461d-b54007f2c16c@huawei.com>
Message-ID: <dad9c2df-02af-5df5-1dd1-9ee1fe91d229@huawei.com>
Date:   Sat, 27 Mar 2021 18:03:16 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <4b64099b-064d-43a8-461d-b54007f2c16c@huawei.com>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.136.110.154]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2021/3/27 9:52, Chao Yu wrote:
> On 2021/3/27 1:30, Jaegeuk Kim wrote:
>> On 03/26, Chao Yu wrote:
>>> On 2021/3/26 9:19, Jaegeuk Kim wrote:
>>>> On 03/26, Chao Yu wrote:
>>>>> On 2021/3/25 9:59, Chao Yu wrote:
>>>>>> On 2021/3/25 6:44, Jaegeuk Kim wrote:
>>>>>>> On 03/24, Chao Yu wrote:
>>>>>>>> On 2021/3/24 12:22, Jaegeuk Kim wrote:
>>>>>>>>> On 03/24, Chao Yu wrote:
>>>>>>>>>> On 2021/3/24 2:39, Jaegeuk Kim wrote:
>>>>>>>>>>> On 03/23, Chao Yu wrote:
>>>>>>>>>>>> This reverts commit 938a184265d75ea474f1c6fe1da96a5196163789.
>>>>>>>>>>>>
>>>>>>>>>>>> Because that commit fails generic/050 testcase which expect failure
>>>>>>>>>>>> during mount a recoverable readonly partition.
>>>>>>>>>>>
>>>>>>>>>>> I think we need to change generic/050, since f2fs can recover this partition,
>>>>>>>>>>
>>>>>>>>>> Well, not sure we can change that testcase, since it restricts all generic
>>>>>>>>>> filesystems behavior. At least, ext4's behavior makes sense to me:
>>>>>>>>>>
>>>>>>>>>> 	journal_dev_ro = bdev_read_only(journal->j_dev);
>>>>>>>>>> 	really_read_only = bdev_read_only(sb->s_bdev) | journal_dev_ro;
>>>>>>>>>>
>>>>>>>>>> 	if (journal_dev_ro && !sb_rdonly(sb)) {
>>>>>>>>>> 		ext4_msg(sb, KERN_ERR,
>>>>>>>>>> 			 "journal device read-only, try mounting with '-o ro'");
>>>>>>>>>> 		err = -EROFS;
>>>>>>>>>> 		goto err_out;
>>>>>>>>>> 	}
>>>>>>>>>>
>>>>>>>>>> 	if (ext4_has_feature_journal_needs_recovery(sb)) {
>>>>>>>>>> 		if (sb_rdonly(sb)) {
>>>>>>>>>> 			ext4_msg(sb, KERN_INFO, "INFO: recovery "
>>>>>>>>>> 					"required on readonly filesystem");
>>>>>>>>>> 			if (really_read_only) {
>>>>>>>>>> 				ext4_msg(sb, KERN_ERR, "write access "
>>>>>>>>>> 					"unavailable, cannot proceed "
>>>>>>>>>> 					"(try mounting with noload)");
>>>>>>>>>> 				err = -EROFS;
>>>>>>>>>> 				goto err_out;
>>>>>>>>>> 			}
>>>>>>>>>> 			ext4_msg(sb, KERN_INFO, "write access will "
>>>>>>>>>> 			       "be enabled during recovery");
>>>>>>>>>> 		}
>>>>>>>>>> 	}
>>>>>>>>>>
>>>>>>>>>>> even though using it as readonly. And, valid checkpoint can allow for user to
>>>>>>>>>>> read all the data without problem.
>>>>>>>>>>
>>>>>>>>>>>>         		if (f2fs_hw_is_readonly(sbi)) {
>>>>>>>>>>
>>>>>>>>>> Since device is readonly now, all write to the device will fail, checkpoint can
>>>>>>>>>> not persist recovered data, after page cache is expired, user can see stale data.
>>>>>>>>>
>>>>>>>>> My point is, after mount with ro, there'll be no data write which preserves the
>>>>>>>>> current status. So, in the next time, we can recover fsync'ed data later, if
>>>>>>>>> user succeeds to mount as rw. Another point is, with the current checkpoint, we
>>>>>>>>> should not have any corrupted metadata. So, why not giving a chance to show what
>>>>>>>>> data remained to user? I think this can be doable only with CoW filesystems.
>>>>>>>>
>>>>>>>> I guess we're talking about the different things...
>>>>>>>>
>>>>>>>> Let me declare two different readonly status:
>>>>>>>>
>>>>>>>> 1. filesystem readonly: file system is mount with ro mount option, and
>>>>>>>> app from userspace can not modify any thing of filesystem, but filesystem
>>>>>>>> itself can modify data on device since device may be writable.
>>>>>>>>
>>>>>>>> 2. device readonly: device is set to readonly status via 'blockdev --setro'
>>>>>>>> command, and then filesystem should never issue any write IO to the device.
>>>>>>>>
>>>>>>>> So, what I mean is, *when device is readonly*, rather than f2fs mountpoint
>>>>>>>> is readonly (f2fs_hw_is_readonly() returns true as below code, instead of
>>>>>>>> f2fs_readonly() returns true), in this condition, we should not issue any
>>>>>>>> write IO to device anyway, because, AFAIK, write IO will fail due to
>>>>>>>> bio_check_ro() check.
>>>>>>>
>>>>>>> In that case, mount(2) will try readonly, no?
>>>>>>
>>>>>> Yes, if device is readonly, mount (2) can not mount/remount device to rw
>>>>>> mountpoint.
>>>>>
>>>>> Any other concern about this patch?
>>>>
>>>> Indeed we're talking about different things. :)
>>>>
>>>> This case is mount(ro) with device(ro) having some data to recover.
>>>> My point is why not giving a chance to mount(ro) to show the current data
>>>> covered by a valid checkpoint. This doesn't change anything in the disk,
>>> Got your idea.
>>>
>>> IMO, it has potential issue in above condition:
>>>
>>>>>>>>>> Since device is readonly now, all write to the device will fail, checkpoint can
>>>>>>>>>> not persist recovered data, after page cache is expired, user can see stale data.
>>>
>>> e.g.
>>>
>>> Recovery writes one inode and then triggers a checkpoint, all writes fail
>>
>> I'm confused. Currently we don't trigger the roll-forward recovery.
> 
> Oh, my miss, sorry. :-P
> 
> My point is in this condition we can return error and try to notice user to
> mount with disable_roll_forward or norecovery option, then at least user can
> know he should not expect last fsynced data in newly mounted image.
> 
> Or we can use f2fs_recover_fsync_data() to check whether there is fsynced data,
> if there is no such data, then let mount() succeed.

Something like this, maybe:

---
  fs/f2fs/super.c | 17 +++++++++++++----
  1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 954b1fe97d67..5e1a1caf412d 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3966,10 +3966,19 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
  		 * previous checkpoint was not done by clean system shutdown.
  		 */
  		if (f2fs_hw_is_readonly(sbi)) {
-			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG))
-				f2fs_err(sbi, "Need to recover fsync data, but write access unavailable");
-			else
-				f2fs_info(sbi, "write access unavailable, skipping recovery");
+			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG)) {
+				err = f2fs_recover_fsync_data(sbi, true);
+				if (!err)
+					goto reset_checkpoint;
+				else if (err < 0)
+					goto free_meta;
+				err = -EROFS;
+				f2fs_err(sbi, "Need to recover fsync data, but "
+					"write access unavailable, please try "
+					"mount w/ disable_roll_forward or norecovery");
+				goto free_meta;
+			}
+			f2fs_info(sbi, "write access unavailable, skipping recovery");
  			goto reset_checkpoint;
  		}

-- 
2.29.2

Thanks,

> 
> Thanks,
> 
>>
>>> due to device is readonly, once inode cache is reclaimed by vm, user will see
>>> old inode when reloading it, or even see corrupted fs if partial meta inode's
>>> cache is expired.
>>>
>>> Thoughts?
>>>
>>> Thanks,
>>>
>>>> and in the next time, it allows mount(rw|ro) with device(rw) to recover
>>>> the data seamlessly.
>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>>
>>>>>>> # blockdev --setro /dev/vdb
>>>>>>> # mount -t f2fs /dev/vdb /mnt/test/
>>>>>>> mount: /mnt/test: WARNING: source write-protected, mounted read-only.
>>>>>>>
>>>>>>>>
>>>>>>>>       		if (f2fs_hw_is_readonly(sbi)) {
>>>>>>>> -			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG)) {
>>>>>>>> -				err = -EROFS;
>>>>>>>> +			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG))
>>>>>>>>       				f2fs_err(sbi, "Need to recover fsync data, but write access unavailable");
>>>>>>>> -				goto free_meta;
>>>>>>>> -			}
>>>>>>>> -			f2fs_info(sbi, "write access unavailable, skipping recovery");
>>>>>>>> +			else
>>>>>>>> +				f2fs_info(sbi, "write access unavailable, skipping recovery");
>>>>>>>>       			goto reset_checkpoint;
>>>>>>>>       		}
>>>>>>>>
>>>>>>>> For the case of filesystem is readonly and device is writable, it's fine
>>>>>>>> to do recovery in order to let user to see fsynced data.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am I missing something?
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Fixes: 938a184265d7 ("f2fs: give a warning only for readonly partition")
>>>>>>>>>>>> Signed-off-by: Chao Yu <yuchao0@huawei.com>
>>>>>>>>>>>> ---
>>>>>>>>>>>>         fs/f2fs/super.c | 8 +++++---
>>>>>>>>>>>>         1 file changed, 5 insertions(+), 3 deletions(-)
>>>>>>>>>>>>
>>>>>>>>>>>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
>>>>>>>>>>>> index b48281642e98..2b78ee11f093 100644
>>>>>>>>>>>> --- a/fs/f2fs/super.c
>>>>>>>>>>>> +++ b/fs/f2fs/super.c
>>>>>>>>>>>> @@ -3952,10 +3952,12 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
>>>>>>>>>>>>         		 * previous checkpoint was not done by clean system shutdown.
>>>>>>>>>>>>         		 */
>>>>>>>>>>>>         		if (f2fs_hw_is_readonly(sbi)) {
>>>>>>>>>>>> -			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG))
>>>>>>>>>>>> +			if (!is_set_ckpt_flags(sbi, CP_UMOUNT_FLAG)) {
>>>>>>>>>>>> +				err = -EROFS;
>>>>>>>>>>>>         				f2fs_err(sbi, "Need to recover fsync data, but write access unavailable");
>>>>>>>>>>>> -			else
>>>>>>>>>>>> -				f2fs_info(sbi, "write access unavailable, skipping recovery");
>>>>>>>>>>>> +				goto free_meta;
>>>>>>>>>>>> +			}
>>>>>>>>>>>> +			f2fs_info(sbi, "write access unavailable, skipping recovery");
>>>>>>>>>>>>         			goto reset_checkpoint;
>>>>>>>>>>>>         		}
>>>>>>>>>>>> -- 
>>>>>>>>>>>> 2.29.2
>>>>>>>>>>> .
>>>>>>>>>>>
>>>>>>>>> .
>>>>>>>>>
>>>>>>> .
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Linux-f2fs-devel mailing list
>>>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>>>> .
>>>>>>
>>>> .
>>>>
>> .
>>
> 
> 
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> .
>