| Message ID | 20201221195055.35295-2-vgoyal@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | vfs, overlayfs: Fix syncfs() to return correct errors | expand |
On Mon, Dec 21 2020, Vivek Goyal wrote: > Current implementation of __sync_filesystem() ignores the > return code from ->sync_fs(). I am not sure why that's the case. > > Ignoring ->sync_fs() return code is problematic for overlayfs where > it can return error if sync_filesystem() on upper super block failed. > That error will simply be lost and sycnfs(overlay_fd), will get > success (despite the fact it failed). > > Al Viro noticed that there are other filesystems which can sometimes > return error in ->sync_fs() and these errors will be ignored too. > > fs/btrfs/super.c:2412: .sync_fs = btrfs_sync_fs, > fs/exfat/super.c:204: .sync_fs = exfat_sync_fs, > fs/ext4/super.c:1674: .sync_fs = ext4_sync_fs, > fs/f2fs/super.c:2480: .sync_fs = f2fs_sync_fs, > fs/gfs2/super.c:1600: .sync_fs = gfs2_sync_fs, > fs/hfsplus/super.c:368: .sync_fs = hfsplus_sync_fs, > fs/nilfs2/super.c:689: .sync_fs = nilfs_sync_fs, > fs/ocfs2/super.c:139: .sync_fs = ocfs2_sync_fs, > fs/overlayfs/super.c:399: .sync_fs = ovl_sync_fs, > fs/ubifs/super.c:2052: .sync_fs = ubifs_sync_fs, > > Hence, this patch tries to fix it and capture error returned > by ->sync_fs() and return to caller. I am specifically interested > in syncfs() path and return error to user. > > I am assuming that we want to continue to call __sync_blockdev() > despite the fact that there have been errors reported from > ->sync_fs(). So this patch continues to call __sync_blockdev() > even if ->sync_fs() returns an error. > > Al noticed that there are few other callsites where ->sync_fs() error > code is being ignored. > > sync_fs_one_sb(): For this it seems desirable to ignore the return code. > > dquot_disable(): Jan Kara mentioned that ignoring return code here is fine > because we don't want to fail dquot_disable() just beacuse > caches might be incoherent. > > dquot_quota_sync(): Jan thinks that it might make some sense to capture > return code here. But I am leaving it untouched for > now. When somebody needs it, they can easily fix it. > > Signed-off-by: Vivek Goyal <vgoyal@redhat.com> > --- > fs/sync.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/sync.c b/fs/sync.c > index 1373a610dc78..b5fb83a734cd 100644 > --- a/fs/sync.c > +++ b/fs/sync.c > @@ -30,14 +30,18 @@ > */ > static int __sync_filesystem(struct super_block *sb, int wait) > { > + int ret, ret2; > + > if (wait) > sync_inodes_sb(sb); > else > writeback_inodes_sb(sb, WB_REASON_SYNC); > > if (sb->s_op->sync_fs) > - sb->s_op->sync_fs(sb, wait); > - return __sync_blockdev(sb->s_bdev, wait); > + ret = sb->s_op->sync_fs(sb, wait); > + ret2 = __sync_blockdev(sb->s_bdev, wait); > + > + return ret ? ret : ret2; I'm surprised that the compiler didn't complain that 'ret' might be used uninitialized. NeilBrown > } > > /* > -- > 2.25.4
On Tue, Dec 22, 2020 at 12:23:11PM +1100, NeilBrown wrote: [...] > > diff --git a/fs/sync.c b/fs/sync.c > > index 1373a610dc78..b5fb83a734cd 100644 > > --- a/fs/sync.c > > +++ b/fs/sync.c > > @@ -30,14 +30,18 @@ > > */ > > static int __sync_filesystem(struct super_block *sb, int wait) > > { > > + int ret, ret2; > > + > > if (wait) > > sync_inodes_sb(sb); > > else > > writeback_inodes_sb(sb, WB_REASON_SYNC); > > > > if (sb->s_op->sync_fs) > > - sb->s_op->sync_fs(sb, wait); > > - return __sync_blockdev(sb->s_bdev, wait); > > + ret = sb->s_op->sync_fs(sb, wait); > > + ret2 = __sync_blockdev(sb->s_bdev, wait); > > + > > + return ret ? ret : ret2; > > I'm surprised that the compiler didn't complain that 'ret' might be used > uninitialized. Indeed. That "ret" can be used uninitialized. Here is the fixed patch. Subject: vfs: Do not ignore return code from s_op->sync_fs Current implementation of __sync_filesystem() ignores the return code from ->sync_fs(). I am not sure why that's the case. Ignoring ->sync_fs() return code is problematic for overlayfs where it can return error if sync_filesystem() on upper super block failed. That error will simply be lost and sycnfs(overlay_fd), will get success (despite the fact it failed). Al Viro noticed that there are other filesystems which can sometimes return error in ->sync_fs() and these errors will be ignored too. fs/btrfs/super.c:2412: .sync_fs = btrfs_sync_fs, fs/exfat/super.c:204: .sync_fs = exfat_sync_fs, fs/ext4/super.c:1674: .sync_fs = ext4_sync_fs, fs/f2fs/super.c:2480: .sync_fs = f2fs_sync_fs, fs/gfs2/super.c:1600: .sync_fs = gfs2_sync_fs, fs/hfsplus/super.c:368: .sync_fs = hfsplus_sync_fs, fs/nilfs2/super.c:689: .sync_fs = nilfs_sync_fs, fs/ocfs2/super.c:139: .sync_fs = ocfs2_sync_fs, fs/overlayfs/super.c:399: .sync_fs = ovl_sync_fs, fs/ubifs/super.c:2052: .sync_fs = ubifs_sync_fs, Hence, this patch tries to fix it and capture error returned by ->sync_fs() and return to caller. I am specifically interested in syncfs() path and return error to user. I am assuming that we want to continue to call __sync_blockdev() despite the fact that there have been errors reported from ->sync_fs(). So this patch continues to call __sync_blockdev() even if ->sync_fs() returns an error. Al noticed that there are few other callsites where ->sync_fs() error code is being ignored. sync_fs_one_sb(): For this it seems desirable to ignore the return code. dquot_disable(): Jan Kara mentioned that ignoring return code here is fine because we don't want to fail dquot_disable() just beacuse caches might be incoherent. dquot_quota_sync(): Jan thinks that it might make some sense to capture return code here. But I am leaving it untouched for now. When somebody needs it, they can easily fix it. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/sync.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) Index: redhat-linux/fs/sync.c =================================================================== --- redhat-linux.orig/fs/sync.c 2020-12-22 09:56:04.543483440 -0500 +++ redhat-linux/fs/sync.c 2020-12-22 10:01:28.560483440 -0500 @@ -30,14 +30,18 @@ */ static int __sync_filesystem(struct super_block *sb, int wait) { + int ret = 0, ret2; + if (wait) sync_inodes_sb(sb); else writeback_inodes_sb(sb, WB_REASON_SYNC); if (sb->s_op->sync_fs) - sb->s_op->sync_fs(sb, wait); - return __sync_blockdev(sb->s_bdev, wait); + ret = sb->s_op->sync_fs(sb, wait); + ret2 = __sync_blockdev(sb->s_bdev, wait); + + return ret ? ret : ret2; } /*
diff --git a/fs/sync.c b/fs/sync.c index 1373a610dc78..b5fb83a734cd 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -30,14 +30,18 @@ */ static int __sync_filesystem(struct super_block *sb, int wait) { + int ret, ret2; + if (wait) sync_inodes_sb(sb); else writeback_inodes_sb(sb, WB_REASON_SYNC); if (sb->s_op->sync_fs) - sb->s_op->sync_fs(sb, wait); - return __sync_blockdev(sb->s_bdev, wait); + ret = sb->s_op->sync_fs(sb, wait); + ret2 = __sync_blockdev(sb->s_bdev, wait); + + return ret ? ret : ret2; } /*
Current implementation of __sync_filesystem() ignores the return code from ->sync_fs(). I am not sure why that's the case. Ignoring ->sync_fs() return code is problematic for overlayfs where it can return error if sync_filesystem() on upper super block failed. That error will simply be lost and sycnfs(overlay_fd), will get success (despite the fact it failed). Al Viro noticed that there are other filesystems which can sometimes return error in ->sync_fs() and these errors will be ignored too. fs/btrfs/super.c:2412: .sync_fs = btrfs_sync_fs, fs/exfat/super.c:204: .sync_fs = exfat_sync_fs, fs/ext4/super.c:1674: .sync_fs = ext4_sync_fs, fs/f2fs/super.c:2480: .sync_fs = f2fs_sync_fs, fs/gfs2/super.c:1600: .sync_fs = gfs2_sync_fs, fs/hfsplus/super.c:368: .sync_fs = hfsplus_sync_fs, fs/nilfs2/super.c:689: .sync_fs = nilfs_sync_fs, fs/ocfs2/super.c:139: .sync_fs = ocfs2_sync_fs, fs/overlayfs/super.c:399: .sync_fs = ovl_sync_fs, fs/ubifs/super.c:2052: .sync_fs = ubifs_sync_fs, Hence, this patch tries to fix it and capture error returned by ->sync_fs() and return to caller. I am specifically interested in syncfs() path and return error to user. I am assuming that we want to continue to call __sync_blockdev() despite the fact that there have been errors reported from ->sync_fs(). So this patch continues to call __sync_blockdev() even if ->sync_fs() returns an error. Al noticed that there are few other callsites where ->sync_fs() error code is being ignored. sync_fs_one_sb(): For this it seems desirable to ignore the return code. dquot_disable(): Jan Kara mentioned that ignoring return code here is fine because we don't want to fail dquot_disable() just beacuse caches might be incoherent. dquot_quota_sync(): Jan thinks that it might make some sense to capture return code here. But I am leaving it untouched for now. When somebody needs it, they can easily fix it. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/sync.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)