diff options
author | liubo <liubo2009@cn.fujitsu.com> | 2011-01-06 19:30:25 +0800 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2011-01-17 15:13:08 -0500 |
commit | acce952b0263825da32cf10489413dec78053347 (patch) | |
tree | d934881f247484d7b6917bebc40828600bb6b76c /fs/btrfs/file.c | |
parent | 6f88a4403def422bd8e276ddf6863d6ac71435d2 (diff) | |
download | lwn-acce952b0263825da32cf10489413dec78053347.tar.gz lwn-acce952b0263825da32cf10489413dec78053347.zip |
Btrfs: forced readonly mounts on errors
This patch comes from "Forced readonly mounts on errors" ideas.
As we know, this is the first step in being more fault tolerant of disk
corruptions instead of just using BUG() statements.
The major content:
- add a framework for generating errors that should result in filesystems
going readonly.
- keep FS state in disk super block.
- make sure that all of resource will be freed and released at umount time.
- make sure that fter FS is forced readonly on error, there will be no more
disk change before FS is corrected. For this, we should stop write operation.
After this patch is applied, the conversion from BUG() to such a framework can
happen incrementally.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs/file.c')
-rw-r--r-- | fs/btrfs/file.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 05df688c96f4..f903433f5bdf 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -892,6 +892,17 @@ static ssize_t btrfs_file_aio_write(struct kiocb *iocb, if (err) goto out; + /* + * If BTRFS flips readonly due to some impossible error + * (fs_info->fs_state now has BTRFS_SUPER_FLAG_ERROR), + * although we have opened a file as writable, we have + * to stop this write operation to ensure FS consistency. + */ + if (root->fs_info->fs_state & BTRFS_SUPER_FLAG_ERROR) { + err = -EROFS; + goto out; + } + file_update_time(file); BTRFS_I(inode)->sequence++; |