Commit 74ad4693 authored by Darrick J. Wong's avatar Darrick J. Wong

xfs: fix log recovery when unknown rocompat bits are set

Log recovery has always run on read only mounts, even where the primary
superblock advertises unknown rocompat bits.  Due to a misunderstanding
between Eric and Darrick back in 2018, we accidentally changed the
superblock write verifier to shutdown the fs over that exact scenario.
As a result, the log cleaning that occurs at the end of the mounting
process fails if there are unknown rocompat bits set.

As we now allow writing of the superblock if there are unknown rocompat
bits set on a RO mount, we no longer want to turn off RO state to allow
log recovery to succeed on a RO mount.  Hence we also remove all the
(now unnecessary) RO state toggling from the log recovery path.

Fixes: 9e037cb7 ("xfs: check for unknown v5 feature bits in superblock write verifier"
Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
parent 76e58901
...@@ -266,7 +266,8 @@ xfs_validate_sb_write( ...@@ -266,7 +266,8 @@ xfs_validate_sb_write(
return -EFSCORRUPTED; return -EFSCORRUPTED;
} }
if (xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) { if (!xfs_is_readonly(mp) &&
xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
xfs_alert(mp, xfs_alert(mp,
"Corruption detected in superblock read-only compatible features (0x%x)!", "Corruption detected in superblock read-only compatible features (0x%x)!",
(sbp->sb_features_ro_compat & (sbp->sb_features_ro_compat &
......
...@@ -715,15 +715,7 @@ xfs_log_mount( ...@@ -715,15 +715,7 @@ xfs_log_mount(
* just worked. * just worked.
*/ */
if (!xfs_has_norecovery(mp)) { if (!xfs_has_norecovery(mp)) {
/*
* log recovery ignores readonly state and so we need to clear
* mount-based read only state so it can write to disk.
*/
bool readonly = test_and_clear_bit(XFS_OPSTATE_READONLY,
&mp->m_opstate);
error = xlog_recover(log); error = xlog_recover(log);
if (readonly)
set_bit(XFS_OPSTATE_READONLY, &mp->m_opstate);
if (error) { if (error) {
xfs_warn(mp, "log mount/recovery failed: error %d", xfs_warn(mp, "log mount/recovery failed: error %d",
error); error);
...@@ -772,7 +764,6 @@ xfs_log_mount_finish( ...@@ -772,7 +764,6 @@ xfs_log_mount_finish(
struct xfs_mount *mp) struct xfs_mount *mp)
{ {
struct xlog *log = mp->m_log; struct xlog *log = mp->m_log;
bool readonly;
int error = 0; int error = 0;
if (xfs_has_norecovery(mp)) { if (xfs_has_norecovery(mp)) {
...@@ -780,12 +771,6 @@ xfs_log_mount_finish( ...@@ -780,12 +771,6 @@ xfs_log_mount_finish(
return 0; return 0;
} }
/*
* log recovery ignores readonly state and so we need to clear
* mount-based read only state so it can write to disk.
*/
readonly = test_and_clear_bit(XFS_OPSTATE_READONLY, &mp->m_opstate);
/* /*
* During the second phase of log recovery, we need iget and * During the second phase of log recovery, we need iget and
* iput to behave like they do for an active filesystem. * iput to behave like they do for an active filesystem.
...@@ -835,8 +820,6 @@ xfs_log_mount_finish( ...@@ -835,8 +820,6 @@ xfs_log_mount_finish(
xfs_buftarg_drain(mp->m_ddev_targp); xfs_buftarg_drain(mp->m_ddev_targp);
clear_bit(XLOG_RECOVERY_NEEDED, &log->l_opstate); clear_bit(XLOG_RECOVERY_NEEDED, &log->l_opstate);
if (readonly)
set_bit(XFS_OPSTATE_READONLY, &mp->m_opstate);
/* Make sure the log is dead if we're returning failure. */ /* Make sure the log is dead if we're returning failure. */
ASSERT(!error || xlog_is_shutdown(log)); ASSERT(!error || xlog_is_shutdown(log));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment