From the kernel patch that this test examines ("xfs: detect agfl
count corruption and reset agfl"):
"The struct xfs_agfl v5 header was originally introduced with
unexpected padding that caused the AGFL to operate with one less
slot than intended. The header has since been packed, but the fix
left an incompatibility for users who upgrade from an old kernel
with the unpacked header to a newer kernel with the packed header
while the AGFL happens to wrap around the end. The newer kernel
recognizes one extra slot at the physical end of the AGFL that the
previous kernel did not. The new kernel will eventually attempt to
allocate a block from that slot, which contains invalid data, and
cause a crash.
"This condition can be detected by comparing the active range of the
AGFL to the count. While this detects a padding mismatch, it can
also trigger false positives for unrelated flcount corruption. Since
we cannot distinguish a size mismatch due to padding from unrelated
corruption, we can't trust the AGFL enough to simply repopulate the
empty slot.
"Instead, avoid unnecessarily complex detection logic and and use a
solution that can handle any form of flcount corruption that slips
through read verifiers: distrust the entire AGFL and reset it to an
empty state. Any valid blocks within the AGFL are intentionally
leaked. This requires xfs_repair to rectify (which was already
necessary based on the state the AGFL was found in). The reset
mitigates the side effect of the padding mismatch problem from a
filesystem crash to a free space accounting inconsistency."
This test exercises the reset code by mutating a fresh filesystem to
contain an agfl with various list configurations of correctly wrapped,
incorrectly wrapped, not wrapped, and actually corrupt free lists; then
checks the success of the reset operation by fragmenting the free space
btrees to exercise the agfl. Kernels without this reset fix will shut
down the filesystem with corruption errors.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
The XFS rmapbt extent swap mechanism performs an extent by extent
swap to ensure the rmapbt is rectified with the appropriate extent
owner information after the operation. This implementation suffers
from a corner case that requires extra reservation if the swap
operation results in bouncing one of the associated inodes between
extent and btree formats. When this corner case occurs, it results
in a transaction block reservation overrun and possible corruption
of the free space accounting.
This regression test provides coverage for this corner case. It
creates two files with a large enough extent count to require btree
format, regardless of inode size, and performs a sequence of extent
swaps between them with a decreasing extent count until all extents
are removed from the file(s). This ensures that one of the swaps
covers the btree <-> extent fork format boundary case.
This test reproduces fs corruption on rmapbt enabled filesystems
running on kernels without the associated extent swap fix.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Add three tests to look for quota bugs in xfs reflink. The first
test looks for problems when we have speculative cow reservations in
memory, we chown the file, but the reservations don't move to the
new owner. The second test checks that we remembered to dqattach
the inodes before performing reflink operations. The third is a
stress test for reflink quota handling near enospc and helped us to
find a directio cow write corruption bug when free space is
fragmented.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
If log stripe unit isn't a multiple of the fs blocksize and
mounting, the invalid sb_logsunit leads to crash as soon as we try
to write to the log.
Signed-off-by: xiao yang <yangx.jy@cn.fujitsu.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
When the first writeback and the retried writeback of dquota buffer
get the same IO error, XFS will let xfsaild to restart the writeback
and xfs_qm_dqflush_done() will not be invoked. xfsaild will try to
re-push the quota log item in AIL, the push will return early
everytime after checking xfs_dqflock_nowait(), and xfsaild will try
to push it again.
IOWs, AIL will never be empty, and the umount process will wait for
the drain of AIL, so the umount process hangs.
Signed-off-by: Hou Tao <houtao1@huawei.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Add a couple of tests to check that we don't leak inodes or dquots
if CoW recovery fails and therefore the mount fails.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
XFS had a bug that resulted in an unexpected NULL buffer during
unlink of an inode with a multi-level attr fork tree. This occurred
due to a stale reference to content in a released/reclaimed buffer.
Use the XFS buffer LRU reference count error injection tag to
recreate the conditions for the bug. Create a file with a
multi-level attr fork tree and then unlink it with buffer caching
disabled.
Commit f35c5e10c6ed ("xfs: reinit btree pointer on attr tree
inactivation walk") fixed the bug.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
As of 2007, metadump has an interesting "feature" where it discards
directory extents that are longer than 1000 (originally 20) blocks.
This ostensibly was to protect metadump from corrupt bmbt records, but
it also has the effect of omitting from the metadump valid long extents.
The end result is that we create incomplete metadumps, which is
exacerbated by the lack of warning unless -w is passed.
So now that we've fixed the default threshold to MAXEXTLEN, check that
the installed metadump no longer exhibits this behavior.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Verify kernel doesn't panic when user attempts to set realtime flags
on non-realtime FS, using kernel compiled with CONFIG_XFS_RT.
Unpatched kernels will panic during this test. Kernels not compiled
with CONFIG_XFS_RT should pass test.
This bug was fixed via commit b31ff3cdf540 ("xfs:
XFS_IS_REALTIME_INODE() should be false if no rt device present") on
the main kernel tree.
[eguan: don't assume fixed position when grepping 't' and add some
comments about why we do this, also remove testfile after test]
Signed-off-by: Richard Wareing <rwareing@fb.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Make sure that we update the rmapbt correctly when we collapse-range
a file and the extents on both sides of the hole can be merged. We
can construct this pretty trivially with insert-range and write, so
test that too.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Ensure that the fuzz command does what it says.
[eguan: fixed test failures on non-CRC XFS]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
XFS is susceptible to log recovery problems if the fs crashes under
certain circumstances. If the tail has been pinned for long enough
to the log to fill and the next batch of log buffer submissions
happen to fail, the filesystem shuts down having potentially
overwritten part of the range between the last good tail->head range
in the log. This causes log recovery to fail with crc mismatch or
invalid log record errors.
Add a test that uses XFS DEBUG mode error injection to force the
tail overwrite condition with a known bad (crc mismatch) log write
and tests that log recovery succeeds. Note that this problem is
currently only reproducible with larger (non-default) log buffer
sizes (i.e., '-o logbsize=256k') or smaller block sizes (1k).
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
xfs_db should take type size into account when setting type.
If type size isn't updated whenever type is set, a false crc
error can occur due to the stale size. This test checks for
that false crc error.
Signed-off-by: Bill O'Donnell <billodo@redhat.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
These two IRIX and XFS-specific tests were just placeholders which
didn't actually test anything. It also seems they were meant to use the
acl_get and acl_test programs, but those weren't even being compiled.
Get rid of all this unused stuff.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
These two IRIX and XFS-specific tests tested the "parent pointer"
feature which is not implemented by XFS on Linux. Just remove them.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
It turns out that there was a bug in xfs_bmap_count_blocks wherein
the block count returned would count or not count delalloc blocks
depending on the fork format. This is a bug that is easily exposed
via scrub, so check the output of that function here -- the buggy
version of the function produces online fsck errors.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
The rmapbt repair code plays some dirty tricks with the fs freezer
to avoid running afoul of regular xfs locking requirements. Add a
test to check that filesystem write activities do not deadlock with
the repair program.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Create a file with a hole in the data fork and CoW reservations in the
same region in the CoW fork. Ensure that SEEK_HOLE/DATA find the data.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Linux swapfiles use bmap which has no ability to tell the swap code
that the blocks its reporting aren't actually on the data device.
Therefore, swapon on a realtime file could corrupt random blocks on
the data device, so we must ensure that swapon cannot happen.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Regression test for kernel commit:
023cc840 xfs: handle array index overrun in xfs_dir2_leaf_readbuf()
See commit for detailed problem description.
tl;dr: readahead on weirdly fragmented multi-block directories
was broken.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
xfs_growfs manpage clearly states that the target path must be an
active xfs mountpoint. This is a test to ensure that if the target
path isn't an active xfs mountpoint, the command is rejected. The
purpose is to check the command response, but not necessarily the
functionality of xfs_growfs. Test cases include absolute paths,
relative paths, symbolic links, and bind mounts.
Signed-off-by: Bill O'Donnell <billodo@redhat.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Darrick J. Wong
Brian Foster
xiao yang
Hou Tao
Xiong Zhou
Richard Wareing
Bill O'Donnell
Eric Biggers
Eric Sandeen