From a562ac209a962b05f509aab135aed455c98ec400 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 14 Mar 2019 23:47:55 -0400 Subject: [PATCH] add patch avoid-panic-during-forced-reboot --- avoid-panic-during-forced-reboot | 64 ++++++++++++++++++++++++++++++++++++++++ series | 1 + timestamps | 7 +++-- 3 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 avoid-panic-during-forced-reboot diff --git a/avoid-panic-during-forced-reboot b/avoid-panic-during-forced-reboot new file mode 100644 index 00000000..ebfaf48b --- /dev/null +++ b/avoid-panic-during-forced-reboot @@ -0,0 +1,64 @@ +ext4: avoid panic during forced reboot + +From: Jan Kara + +When admin calls "reboot -f" - i.e., does a hard system reboot by +directly calling reboot(2) - ext4 filesystem mounted with errors=panic +can panic the system. This happens because the underlying device gets +disabled without unmounting the filesystem and thus some syscall running +in parallel to reboot(2) can result in the filesystem getting IO errors. + +This is somewhat surprising to the users so try improve the behavior by +switching to errors=remount-ro behavior when the system is running +reboot(2). + +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +--- + fs/ext4/super.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 60da0a6e4d86..b7b621d5d87a 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -430,6 +430,12 @@ static void ext4_journal_commit_callback(journal_t *journal, transaction_t *txn) + spin_unlock(&sbi->s_md_lock); + } + ++static bool system_going_down(void) ++{ ++ return system_state == SYSTEM_HALT || system_state == SYSTEM_POWER_OFF ++ || system_state == SYSTEM_RESTART; ++} ++ + /* Deal with the reporting of failure conditions on a filesystem such as + * inconsistencies detected or read IO failures. + * +@@ -460,7 +466,12 @@ static void ext4_handle_error(struct super_block *sb) + if (journal) + jbd2_journal_abort(journal, -EIO); + } +- if (test_opt(sb, ERRORS_RO)) { ++ /* ++ * We force ERRORS_RO behavior when system is rebooting. Otherwise we ++ * could panic during 'reboot -f' as the underlying device got already ++ * disabled. ++ */ ++ if (test_opt(sb, ERRORS_RO) || system_going_down()) { + ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); + /* + * Make sure updated value of ->s_mount_flags will be visible +@@ -468,8 +479,7 @@ static void ext4_handle_error(struct super_block *sb) + */ + smp_wmb(); + sb->s_flags |= SB_RDONLY; +- } +- if (test_opt(sb, ERRORS_PANIC)) { ++ } else if (test_opt(sb, ERRORS_PANIC)) { + if (EXT4_SB(sb)->s_journal && + !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) + return; +-- +2.16.4 + diff --git a/series b/series index 8e3037bf..2f2ab06c 100644 --- a/series +++ b/series @@ -2,6 +2,7 @@ fix-NULL-pointer-dereference-while-journal-is-aborted fix-data-corruption-caused-by-unaligned-direct-AIO +avoid-panic-during-forced-reboot #fix-slow-writeback-under-dioread_nolock-and-nodelalloc diff --git a/timestamps b/timestamps index e8714323..c735ad3c 100755 --- a/timestamps +++ b/timestamps @@ -18,6 +18,7 @@ touch -d @1545581268 fix-slow-writeback-under-dioread_nolock-and-nodelalloc touch -d @1550767108 stable-boundary touch -d @1552619962 fix-NULL-pointer-dereference-while-journal-is-aborted touch -d @1552620025 fix-data-corruption-caused-by-unaligned-direct-AIO -touch -d @1552620730 series -touch -d @1552620736 status -touch -d @1552621571 timestamps +touch -d @1552621565 avoid-panic-during-forced-reboot +touch -d @1552621595 series +touch -d @1552621599 status +touch -d @1552621663 timestamps -- 2.11.4.GIT