Excerpts from liubo's message of 2011-01-06 06:30:25 -0500: > > This patch comes from "Forced readonly mounts on errors" ideas. > > As we know, this is the first step in being more fault tolerant of disk > corruptions instead of just using BUG() statements. > > The major content: > - add a framework for generating errors that should result in filesystems > going readonly. > - keep FS state in disk super block. > - make sure that all of resource will be freed and released at umount time. > - make sure that after FS is forced readonly on error, there will be no more > disk change before FS is corrected. For this, we should stop write > operation. > > After this patch is applied, the conversion from BUG() to such a framework can > happen incrementally.
I think this is a good overall framework and it will meet our needs nicely as we scale up the error handling in the filesystem. One concern I have is where we save the error state to disk: > +static void __save_error_info(struct btrfs_fs_info *fs_info) > +{ > + struct btrfs_super_block *disk_super = &fs_info->super_copy; > + > + fs_info->fs_state = BTRFS_SUPER_FLAG_ERROR; > + disk_super->flags |= cpu_to_le64(BTRFS_SUPER_FLAG_ERROR); > + > + mutex_lock(&fs_info->trans_mutex); > + memcpy(&fs_info->super_for_commit, disk_super, > + sizeof(fs_info->super_for_commit)); > + mutex_unlock(&fs_info->trans_mutex); The super_for_commit isn't changed until we have a fully consistent set of fields in the super block. The super_copy is changed as the transaction progresses. So, this memcpy isn't quite safe. We should simply set the flag on the super_for_commit and the super_copy individually. I'll make this change and pull it in. We can build from here. -chris -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html