Re: [RFC RFT PATCH] ocfs2: Mark inode bad upon validation failure during read

[Heming Zhao]

On Thu, Oct 30, 2025 at 11:59:08PM -0400, Albin Babu Varghese wrote:
> Hi Heming, Thanks for the feedback.
> 
> > > I had one question about your proposal to combine this patch with
> > > Albin's [1]. When you mentioned, "We should forbid any write
> > > operations," were you referring to Albin's read-only check in
> > > ocfs2_setattr as the mechanism to "forbid" the operation? Or
> > > were you suggesting we should use the inode size sanity check
> > > itself (e.g., by converting the BUG_ON to an -EIO return)
> > > as that mechanism?
> > > 
> > 
> > The 'forbid' refers to the read-only check in ocfs2_setattr.
> > We can refer to ext4_setattr(), which calls ext4_emergency_state()
> > to forbid write operations.
> 
> I just looked at the ext4 implementation you mentioned. When we were working on
> it, I actually referenced how XFS's setattr was handling this because I
> couldn't find the exact ext4 implementation for this at the time, so I wasn't
> sure. From what I understand now, ext4 is doing something similar too.
> 
> If everything looks good, we can combine these two patches and send them as a
> patch series.
> 
> Best,
> 	Albin

I support adding make_bad_inode() in ocfs2_read_inode_block_full().
ocfs2_read_locked_inode() calls ocfs2_read_inode_block[_full] to read the inode
from disk. However, ocfs2_read_inode_block[_full] have many callers, and in
current code, only ocfs2_read_locked_inode() marks the inode as bad. All others
forget to set the bad_inode.

The 'forbid' write operations when read-only mode is worth another patch, and
I plan to create this patch. This patch adds a similar ext4_emergency_state()
function for ocfs2.
Therefore, your original patch looks good to me. I will provide my Reivewed-by
for it.

Thanks,
Heming