2016-07-06 00:08:12

by Daeho Jeong

[permalink] [raw]
Subject: [PATCH RESEND] e2fsck: update j_tail_sequence after recovery

When journal is released, s_sequence is set to j_tail_sequence.
But, currently, even if the recovery process is successfully completed,
the j_tail_sequence and, finally, s_sequence are never changed. By this,
when we repeat doing power-off the device suddenly and executing e2fsck
without full scan before mount, the s_sequence number will never change
and, in a very rare case, newly generated journal logs will be
surprisingly grafted to the old journal logs. In this case, out-of-date
metadata log can be replayed on the filesystem area and the filesystem
can be crashed unintentionally by journal recovery process. Therefore,
we need to update j_tail_sequence after recovery process is successfully
completed in e2fsck.

Youngjin had repeated this test and found the problem. With our test,
the filesystem crash occurred within 4 hours.

Signed-off-by: Youngjin Gil <[email protected]>
Signed-off-by: Daeho Jeong <[email protected]>
---
e2fsck/journal.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/e2fsck/journal.c b/e2fsck/journal.c
index c8ac57d..83256d8 100644
--- a/e2fsck/journal.c
+++ b/e2fsck/journal.c
@@ -948,6 +948,8 @@ static errcode_t recover_ext3_journal(e2fsck_t ctx)
mark_buffer_dirty(journal->j_sb_buffer);
}

+ journal->j_tail_sequence = journal->j_transaction_sequence;
+
errout:
journal_destroy_revoke(journal);
journal_destroy_revoke_caches();
--
1.7.9.5



2016-07-06 03:11:18

by Theodore Ts'o

[permalink] [raw]
Subject: Re: [PATCH RESEND] e2fsck: update j_tail_sequence after recovery

On Wed, Jul 06, 2016 at 09:10:39AM +0900, Daeho Jeong wrote:
> When journal is released, s_sequence is set to j_tail_sequence.
> But, currently, even if the recovery process is successfully completed,
> the j_tail_sequence and, finally, s_sequence are never changed. By this,
> when we repeat doing power-off the device suddenly and executing e2fsck
> without full scan before mount, the s_sequence number will never change
> and, in a very rare case, newly generated journal logs will be
> surprisingly grafted to the old journal logs. In this case, out-of-date
> metadata log can be replayed on the filesystem area and the filesystem
> can be crashed unintentionally by journal recovery process. Therefore,
> we need to update j_tail_sequence after recovery process is successfully
> completed in e2fsck.
>
> Youngjin had repeated this test and found the problem. With our test,
> the filesystem crash occurred within 4 hours.
>
> Signed-off-by: Youngjin Gil <[email protected]>
> Signed-off-by: Daeho Jeong <[email protected]>

Applied, thanks.

- Ted