4 * Copyright (C) 2005-2010
5 * Neil Brown <neilb@suse.de>
6 * Released under the GPL, version 2
10 * This file handles mounting of a filesystem once the superblocks
12 * It loads the root inode (the root of the filesystem, not of the
13 * directory tree) and then handles roll-forward to pick up and changes
14 * there are not in the filesystem yet, either due to a crash, or because
15 * they cannot be consistently stored easily (final segusage/quota info).
17 * Roll-forward reads write-cluster header and handle things as appropriate.
18 * Data blocks are only processed if they belong to:
22 * A data block in a regular file implies an extension of the file size
23 * to the end of the block, if it was previously at or before the start
24 * of the block. Datablocks that were just moved for cleaning are
27 * Index blocks are always ignored - they need to be recalculated.
29 * 'miniblocks' or 'updates' are always processed - they represent an
30 * atomic update that might affect multiple files - those files for which
31 * data blocks are ignored.
32 * Updates are understood:
33 * - for inodes. The update simply over-writes part of the inode metadata,
34 * which could affect the link count or size. Such inodes become
35 * orphans in case truncation or deletion is needed. This can create
36 * an inode which might affect the inode usage map.
37 * - for directories. The update identifies a name and an inode number.
38 * This can imply a change to the inode's link count and again could
39 * make it an orphan. In some cases updates are paired, possibly across
40 * different directories. This is needed for 'rename'.
42 * Each write-cluster has three levels of validation.
43 * Firstly, if the header is internally consistent, with correct tag,
44 * uuid, and sequence, then we know a write was attempted, and anything that
45 * must be written before that was successfully written.
46 * Secondly, if the header has a correct checksum, then it is all correct,
47 * and the miniblocks are valid.
48 * Thirdly, if the next or next-but-one header (depending on verify_type) is
49 * internally consistent, than we know that the data blocks in this cluster
50 * were all written successfully.
54 #include <linux/slab.h>
57 roll_valid(struct fs *fs, struct cluster_head *ch, unsigned long long addr)
59 /* return 1 if the cluster_head looks locally valid.
60 * Don't check checksum as we may not have the whole head
62 if (memcmp(ch->idtag, "LaFSHead", 8) != 0)
64 if (memcmp(fs->state->uuid, ch->uuid, 16) != 0)
66 if (le64_to_cpu(ch->this_addr) != addr)
68 switch (le16_to_cpu(ch->verify_type)) {
78 if (le16_to_cpu(ch->Clength) > fs->max_segment)
84 * roll_locate scopes out the full extent of the required roll-forward.
85 * It start at the start of the last checkpoint (recorded in the stateblock)
86 * and checks that the end of the checkpoint exists, and continues following
87 * the chain as far as valid cluster heads can be found.
88 * roll_locate returns 0 if proper endpoints were found,
89 * or -EIO if CheckpointStart and CheckpointEnd weren't found properly
90 * "next" will contain the address of the next cluster to be written to,
91 * "last" the cluster before that, and "seq" the seq number for next cluster
92 * "maxp" will be used to report the maximum size of a cluster head.
95 roll_locate(struct fs *fs, u64 start,
96 u64 *nextp, u64 *lastp, u64 *seqp,
97 int *maxp, struct page *p)
99 struct cluster_head *ch;
100 u64 this, prev, prev2, last, next;
103 int prevtype, prev2type;
105 ch = (struct cluster_head *)page_address(p);
107 this = start; prev = start;
109 /* First we walk through the checkpoint section, which should
113 if (lafs_load_page(fs, p, this, 1) != 0) {
114 printk(KERN_ERR "LaFS: Could not read cluster %llu\n",
115 (unsigned long long) this);
118 if (!roll_valid(fs, ch, this)) {
119 printk(KERN_ERR "LaFS: Bad cluster at %llu\n",
120 (unsigned long long) this);
124 seq = le64_to_cpu(ch->seq);
125 if (!(ch->flags & CH_CheckpointStart)) {
126 printk(KERN_ERR "LaFS: Cluster at %llu not CheckpointStart!!\n",
127 (unsigned long long)this);
130 } else if (seq != le64_to_cpu(ch->seq)) {
131 printk(KERN_ERR "LaFS: Cluster sequence bad at %llu: %llu->%llu\n",
132 (unsigned long long)this,
133 (unsigned long long)seq,
134 (unsigned long long)le64_to_cpu(ch->seq));
138 if (this != start && le64_to_cpu(ch->prev_addr) != prev) {
139 printk(KERN_ERR "LaFS: Cluster Linkage error at %llu: %llu != %llu\n",
140 (unsigned long long)this,
141 (unsigned long long)le64_to_cpu(ch->prev_addr),
142 (unsigned long long)prev);
145 if (!ch->flags & CH_Checkpoint) {
146 printk(KERN_ERR "LaFS: Cluster %llu not a Checkpoint cluster\n",
147 (unsigned long long)this);
150 dprintk("Found seq %llu at %llu\n",
151 (unsigned long long)seq, (unsigned long long)this);
152 if (le16_to_cpu(ch->Hlength) > max)
153 max = le16_to_cpu(ch->Hlength);
155 this = le64_to_cpu(ch->next_addr);
157 } while (!(ch->flags & CH_CheckpointEnd));
159 /* 'seq' is sequence number of 'this' */
160 dprintk("CheckpointEnd found at %llu, seq %llu\n", prev, seq-1);
162 /* now we need to step forward a bit more carefully, as any
163 * cluster we find now could easily be bad.
165 * this - address of cluster we are now considering
166 * prev - address of previous cluster
167 * prevtype - verify type of previous cluster
168 * prev2 - address of cluster before prev
169 * prev2type - verify type of that cluster.
170 * start - "next_addr" entry from last known-good cluster
178 prevtype = prev2type = VerifyNull;
181 if (lafs_load_page(fs, p, this, 1) != 0)
183 if (!roll_valid(fs, ch, this))
185 if (le64_to_cpu(ch->prev_addr) != prev)
187 if (le64_to_cpu(ch->seq) != seq)
190 /* this head looks valid, so we can possibly verify previous
193 if (le16_to_cpu(ch->Hlength) > max)
194 max = le16_to_cpu(ch->Hlength);
196 if (prev2type == VerifyNext2) {
200 if (prevtype == VerifyNext) {
205 /* shift prev info back */
207 prev2type = prevtype;
209 prevtype = le16_to_cpu(ch->verify_type);
210 this = le64_to_cpu(ch->next_addr);
211 if (prevtype == VerifyNull) {
218 dprintk("LaFS: Next address to write is %llu\n", next);
223 else if (next == prev)
225 else if (next == prev2)
233 static int __must_check
234 roll_mini(struct fs *fs, int fsnum, int inum, int trunc,
235 u32 bnum, int offset, int len, char *data)
238 struct inode *fsinode;
239 struct lafs_inode *li;
240 struct datablock *db = NULL;
247 dprintk("Roll Mini %d/%d/%lu/%d,%d\n",
248 fsnum, inum, (unsigned long) bnum,
251 /* The handling of miniblock updates is quite different for
254 * inode-files: meta-data updates, including size, are allowed.
255 * index update and data update are not (data update must
256 * go through the file). Implied creation requires
258 * regular-files: We don't create miniblocks for regular files,
259 * but we might write an inode with embedded data and want
260 * that data to be safe. When those inodes are found, at
261 * miniblock is synthesised from the data so we need to
263 * symlink,dev,pipe: as with reg-files
264 * directory: add/remove entries. Each miniblock has an address and
265 * identifies a name, an inode number, and one of:
266 * LINK - create a link with this name to the inode
267 * UNLINK - remove the link
268 * REN_SOURCE - record this info against the 'address' which must
269 * be unique in this checkpoint across all directories
270 * REN_TARGET - The source with matching 'address' is being
271 * renamed to here. So unlink the source and either create the
272 * target (if inode is zero) or replace the target. This
273 * miniblock could be in a different directory to the matching
277 inode = lafs_iget_fs(fs, fsnum, inum, SYNC);
279 return PTR_ERR(inode);
284 default: /* Any unknown type is an error */
285 printk(KERN_WARNING "LAFS impossibly file type for roll-forward: %d\n",
293 printk(KERN_WARNING "LAFS: Ignoring impossible sub-subset\n");
298 inode = lafs_iget_fs(fs, inum, bnum, SYNC);
300 struct super_block *sb;
301 err = PTR_ERR(inode);
302 if (err != -ENOENT || offset != 0) {
303 lafs_iput_fs(fsinode);
307 db = lafs_get_block(fsinode, bnum, NULL, GFP_KERNEL,
309 sb = lafs_get_subset_sb(fsinode);
310 lafs_inode_inuse(fs, sb, bnum);
311 deactivate_super(sb);
312 lafs_iput_fs(fsinode);
314 db = ERR_PTR(-ENOMEM);
316 lafs_iput_fs(fsinode);
317 db = lafs_inode_dblock(inode, SYNC, MKREF(roll));
319 /* Make sure block is in-sync with inode */
320 lafs_inode_fillblock(inode);
326 /* Should normally iolock the block, but we don't
327 * need that during roll-forward */
328 set_bit(B_PinPending, &db->b.flags);
329 lafs_pin_dblock(db, CleanSpace);
330 buf = map_dblock(db);
331 memcpy(buf+offset, data, len);
332 unmap_dblock(db, buf);
334 err = lafs_import_inode(inode, db);
336 inode = lafs_iget_fs(fs, inum, bnum, SYNC);
339 lafs_dirty_dblock(db);
343 /* 'bnum' is the handle for match 'rename' parts.
344 * 'offset' is the DIROP type
345 * 'len' is 4 plus length of name.
346 * data contains 4-byte inode number, then name
352 inum = le32_to_cpu(*(u32*)data);
354 err = lafs_dir_roll_mini(inode, bnum, offset, inum, name, len-4);
360 if (bnum != 0 || offset != 0) {
361 /* We currently only expect update at the very start
363 * So reject anything else.
368 err = pagecache_write_begin(NULL, inode->i_mapping,
372 char *b = kmap_atomic(page, KM_USER0);
373 memcpy(b, data, len);
374 kunmap_atomic(b, KM_USER0);
375 pagecache_write_end(NULL, inode->i_mapping,
376 0, len, len, page, fsdata);
380 /* We borrow the orphan list to keep a reference on
381 * this inode until all processing is finished
382 * to make sure inodes that are about to get linked
383 * don't get deleted early
385 if (inode->i_nlink == 0) {
387 db = lafs_inode_get_dblock(inode, MKREF(roll));
389 list_empty(&db->orphans)) {
390 list_add(&db->orphans, &fs->pending_orphans);
391 lafs_igrab_fs(inode);
392 getdref(db, MKREF(roll_orphan));
395 putdref(db, MKREF(roll));
400 static int __must_check
401 roll_block(struct fs *fs, int fsnum, int inum, int trunc,
402 u32 bnum, u64 baddr, int bytes, struct page *p)
405 struct datablock *blk = NULL;
406 struct lafs_inode *li;
409 /* We found this block during roll-forward and need to
410 * include it in the filesystem.
411 * If 'bytes' is 0, the this is a 'hole' and we should
414 if (bytes == DescHole)
417 dprintk("Roll Block %d/%d/%lu/%llu\n",
418 fsnum, inum, (unsigned long) bnum,
419 (unsigned long long)baddr);
421 /* find/load the inode */
422 inode = lafs_iget_fs(fs, fsnum, inum, SYNC);
424 return PTR_ERR(inode);
429 dprintk("Got the inode, type %d %p size %llu\n", li->type,
430 inode, inode->i_size);
433 struct la_inode *lai;
436 default: /* most filetypes are simply ignored */
440 /* The only part of an inode that might be interesting
441 * is embedded data: All metadata changes get logged
443 * Further the data can only be interesting for non-directories,
444 * as directory updates are also logged as miniblocks.
445 * So if this is a depth==0 non-directory inode,
446 * treat the data as a miniblock update.
448 if (bytes != fs->blocksize)
450 err = lafs_load_page(fs, p, baddr, 1);
451 dprintk("inode load page err %d\n", err);
454 lai = (struct la_inode *)page_address(p);
455 mdsize = le16_to_cpu(lai->metadata_size);
456 if (lai->filetype >= TypeBase &&
457 lai->filetype != TypeDir &&
459 mdsize > 1 && mdsize < fs->blocksize) {
460 u64 sz = le64_to_cpu(lai->metadata[0].file.size);
461 if (sz <= fs->blocksize - mdsize)
462 err = roll_mini(fs, inum, bnum, -1, 0, 0,
464 page_address(p) + mdsize);
470 /* These only get merged while in a checkpoint. */
471 if (fs->qphase == fs->phase)
476 /* merge into the file and possibly extend inode.size
477 * Only extend the size if it was before this block.
478 * i.e. if size was to the middle of this block, we don't
481 dprintk("FILE type\n");
483 blk = lafs_get_block(inode, bnum, NULL, GFP_KERNEL,
488 err = lafs_find_block(blk, ADOPT);
491 if (blk->b.physaddr == baddr)
492 /* already correctly indexed */
495 if (li->type >= TypeBase && bytes != DescHole &&
496 inode->i_size <= ((loff_t)bnum << inode->i_blkbits)) {
497 inode->i_size = ((loff_t)bnum << inode->i_blkbits) + bytes;
498 set_bit(I_Dirty, &LAFSI(inode)->iflags);
501 /* FIXME: we pretend this is a dirty, pinned block
502 * so the lower-level code doesn't get confused.
503 * Is this really the best approach?
504 * Do I need to release some space here?
506 set_bit(B_PinPending, &blk->b.flags); /* Don't need iolock as no io yet */
507 lafs_pin_dblock(blk, CleanSpace); /* cannot fail during ! ->rolled */
509 lafs_iolock_block(&blk->b);
510 lafs_summary_update(fs, blk->b.inode, blk->b.physaddr, baddr,
512 blk->b.physaddr = baddr;
513 lafs_dirty_iblock(blk->b.parent, 0);
514 set_bit(B_Writeback, &blk->b.flags);
515 lafs_iounlock_block(&blk->b);
517 while (lafs_add_block_address(fs, &blk->b) == 0)
518 /* Just like in lafs_phase_flip, there is no special
519 * action required here.
523 dprintk("Allocated block %lu to %llu\n",
524 (unsigned long)bnum, baddr);
525 lafs_writeback_done(&blk->b);
527 clear_bit(B_PinPending, &blk->b.flags);
528 /* If we had previously read this block for some reason,
529 * the contents are now invalid. If they are dirty,
530 * we have a real problem as those changes cannot be saved.
532 LAFS_BUG(test_bit(B_Dirty, &blk->b.flags), &blk->b);
533 clear_bit(B_Valid, &blk->b.flags);
538 putdref(blk, MKREF(roll));
540 if (inode->i_nlink == 0) {
541 struct datablock *db = lafs_inode_get_dblock(inode, MKREF(roll));
543 list_empty(&db->orphans)) {
544 list_add(&db->orphans, &fs->pending_orphans);
545 lafs_igrab_fs(inode);
546 getdref(db, MKREF(roll_orphan));
548 putdref(db, MKREF(roll));
551 dprintk("leaving with error %d\n", err);
555 static int __must_check
556 roll_one(struct fs *fs, u64 *addrp, struct page *p, struct page *pg,
560 struct cluster_head *ch = (struct cluster_head *)page_address(p);
561 struct group_head *gh;
562 struct descriptor *desc;
566 int blocksize = fs->blocksize;
570 /* we "know" buf is big enough */
571 err = lafs_load_pages(fs, p, addr, max/blocksize);
575 /* just minimal checks, as we have looked at this already */
576 if (!roll_valid(fs, ch, addr))
578 if (lafs_calc_cluster_csum(ch) != ch->checksum)
580 *addrp = le64_to_cpu(ch->next_addr);
582 if (le16_to_cpu(ch->Hlength) > max)
585 lafs_seg_setpos(fs, &seg, addr);
586 lafs_seg_setsize(fs, &seg, le16_to_cpu(ch->Clength));
587 header_blocks = (le16_to_cpu(ch->Hlength) + blocksize - 1) / blocksize;
588 for (i = 0; i < header_blocks; i++) {
589 baddr = lafs_seg_next(fs, &seg);
590 BUG_ON(baddr != addr + i);
593 if (!(ch->flags & CH_Checkpoint))
594 fs->qphase = fs->phase;
598 while (((char *)gh - (char *)ch) < le16_to_cpu(ch->Hlength)) {
600 int inum = le32_to_cpu(gh->inum);
601 int fsnum = le32_to_cpu(gh->fsnum);
602 int trunc = le16_to_cpu(gh->truncatenum_and_flag) & 0x7fff;
603 int flg = le16_to_cpu(gh->truncatenum_and_flag) & 0x8000;
606 while (((char *)desc - (char *)gh) <
607 le16_to_cpu(gh->group_size_words)*4) {
608 if (le16_to_cpu(desc->block_bytes) <= DescMiniOffset ||
609 le16_to_cpu(desc->block_bytes) == DescIndex) {
610 u32 bnum = le32_to_cpu(desc->block_num);
611 int cnt = le16_to_cpu(desc->block_cnt);
612 int bytes = le16_to_cpu(desc->block_bytes);
614 if (le16_to_cpu(desc->block_bytes) == DescIndex
616 return -EIO; /* FIXME is this
619 /* FIXME range check count */
620 while (!err && cnt--) {
621 if (bytes != DescHole)
622 baddr = lafs_seg_next(fs, &seg);
623 if (bytes != DescHole &&
625 /* We have fallen off the end of
626 * the write-cluster - something
627 * is wrong with the header
629 printk(KERN_WARNING "LAFS: cluster size is wrong\n");
632 if (!flg && bytes != DescIndex)
633 err = roll_block(fs, fsnum, inum, trunc,
635 cnt == 0 || bytes == DescHole
643 struct miniblock *mb = (struct miniblock *)desc;
644 u32 bnum = le32_to_cpu(mb->block_num);
645 int offset = le16_to_cpu(mb->block_offset);
646 int len = le16_to_cpu(mb->length)
649 err = roll_mini(fs, fsnum, inum, trunc,
650 bnum, offset, len, (char *)(mb+1));
653 mb = (struct miniblock *)(((char*)mb)
655 desc = (struct descriptor *)mb;
661 gh = (struct group_head *)desc;
666 if (ch->flags & CH_CheckpointEnd)
667 fs->qphase = fs->phase;
671 static int roll_forward(struct fs *fs)
673 u64 first, next = 0, last = 0, seq = 0;
677 int blocksize = fs->blocksize;
685 fs->checkpointing = CH_Checkpoint;
686 clear_bit(DelayYouth, &fs->fsstate);
688 first = fs->checkpointcluster;
689 p = alloc_pages(GFP_KERNEL, order);
693 err = roll_locate(fs, first, &next, &last, &seq, &max, p);
695 max = ((max + blocksize - 1) / blocksize) * blocksize;
697 if (!err && max > PAGE_SIZE) {
698 __free_pages(p, order);
699 order = get_order(max * blocksize);
700 p = alloc_pages(order, GFP_KERNEL);
705 __free_pages(p, order);
709 pg = alloc_page(GFP_KERNEL);
711 __free_pages(p, order);
715 err = lafs_cluster_init(fs, 0, next, last, seq);
717 __free_pages(p, order); put_page(pg);
720 lafs_cluster_init(fs, 1, 0, 0, 0);
722 virttoseg(fs, first, &dev, &seg, &offset);
724 while (first != next) {
728 virttoseg(fs, first, &dev2, &seg2, &offset);
729 err = roll_one(fs, &first, p, pg, max);
733 if (fs->qphase == fs->phase &&
735 fs->checkpointing = 0;
736 clear_bit(DelayYouth, &fs->fsstate);
737 lafs_seg_apply_all(fs);
740 if (dev2 != dev || seg2 != seg) {
741 /* New segment - need to make sure youth is correct */
744 /* if fs->checkpointing, seg_apply_all will do the youth
747 if (fs->checkpointing == 0)
748 lafs_update_youth(fs, dev, seg);
751 __free_pages(p, order);
754 lafs_add_active(fs, next);
756 /* pending_renames will normally be empty, but it is not
757 * impossible that we crashed and an awkward time. So just
758 * clean up whatever is there
760 while (fs->pending_renames != NULL) {
761 struct rename_roll *rr = fs->pending_renames;
762 fs->pending_renames = rr->next;
769 /* Now we release all the nlink==0 inodes that we found */
770 while (!list_empty(&fs->pending_orphans)) {
771 struct datablock *db = list_entry(fs->pending_orphans.next,
774 list_del_init(&db->orphans);
775 lafs_iput_fs(db->my_inode);
776 putdref(db, MKREF(roll_orphan));
783 lafs_mount(struct fs *fs)
785 struct datablock *b = NULL;
787 struct inode *rootdir;
791 struct sb_key *k = fs->prime_sb->s_fs_info;
795 fs->ss[0].root = ino = iget_locked(fs->prime_sb, 0);
801 b = lafs_get_block(ino, 0, NULL, GFP_KERNEL, MKREF(mount));
804 set_bit(B_Root, &b->b.flags);
805 b->b.physaddr = fs->ss[0].root_addr;
806 set_bit(B_PhysValid, &b->b.flags);
807 err = lafs_load_block(&b->b, NULL);
810 err = lafs_wait_block(&b->b);
814 err = lafs_import_inode(ino, b);
817 putdref(b, MKREF(mount));
820 unlock_new_inode(ino);
822 rootdir = lafs_iget(fs->prime_sb, 2, SYNC);
823 err = PTR_ERR(rootdir);
826 de = d_alloc_root(rootdir);
832 fs->prime_sb->s_root = de;
834 ino = lafs_iget(fs->prime_sb, 8, SYNC);
838 if (LAFSI(ino)->type != TypeOrphanList) {
844 for (d = 0; d < fs->devices ; d++) {
845 ino = lafs_iget(fs->prime_sb,
846 fs->devs[d].usage_inum,
851 if (LAFSI(ino)->type != TypeSegmentMap) {
856 fs->devs[d].segsum = ino;
858 orphan_count = lafs_count_orphans(fs->orphans);
859 LAFSI(fs->orphans)->md.orphan.nextfree = orphan_count;
861 lafs_checkpoint_lock(fs);
862 err = roll_forward(fs);
863 lafs_checkpoint_unlock(fs);
865 lafs_add_orphans(fs, fs->orphans, orphan_count);
867 for (d = 0; d < 4; d++) {
868 struct page *p = alloc_page(GFP_KERNEL);
871 fs->cleaner.seg[d].chead = p;
872 INIT_LIST_HEAD(&fs->cleaner.seg[d].cleaning);
875 ino = lafs_iget(fs->prime_sb, 3, SYNC);
877 if (LAFSI(ino)->type != TypeAccessTime) {
881 LAFSI(fs->ss[0].root)->md.fs.accesstime = ino;
882 } else if (PTR_ERR(ino) != -ENOENT)
886 putdref(b, MKREF(mount));