bcachefs: In debug mode, run fsck again after fixing errors

We want to ensure that fsck actually fixed all the errors it found - the
second fsck run should be clean.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/recovery.c b/fs/bcachefs/recovery.c
index dcd4f9f410ae5f72ad9fcd396116a5681a99c0e3..55a233c2c7cc7b7f8122b66c3cd32fc057658c8d 100644 (file)
--- a/fs/bcachefs/recovery.c
+++ b/fs/bcachefs/recovery.c
@@ -1458,6 +1458,29 @@ use_clean:
        if (ret)
                goto err;
 
+       /* If we fixed errors, verify that fs is actually clean now: */
+       if (IS_ENABLED(CONFIG_BCACHEFS_DEBUG) &&
+           test_bit(BCH_FS_ERRORS_FIXED, &c->flags) &&
+           !test_bit(BCH_FS_ERRORS_NOT_FIXED, &c->flags) &&
+           !test_bit(BCH_FS_ERROR, &c->flags)) {
+               bch_info(c, "Fixed errors, running fsck a second time to verify fs is clean");
+               clear_bit(BCH_FS_ERRORS_FIXED, &c->flags);
+
+               c->curr_recovery_pass = BCH_RECOVERY_PASS_check_alloc_info;
+
+               ret = bch2_run_recovery_passes(c);
+               if (ret)
+                       goto err;
+
+               if (test_bit(BCH_FS_ERRORS_FIXED, &c->flags) ||
+                   test_bit(BCH_FS_ERRORS_NOT_FIXED, &c->flags)) {
+                       bch_err(c, "Second fsck run was not clean");
+                       set_bit(BCH_FS_ERRORS_NOT_FIXED, &c->flags);
+               }
+
+               set_bit(BCH_FS_ERRORS_FIXED, &c->flags);
+       }
+
        if (enabled_qtypes(c)) {
                bch_verbose(c, "reading quotas");
                ret = bch2_fs_quota_read(c);