4 * Copyright (C) 2005-2010
5 * Neil Brown <neilb@suse.de>
6 * Released under the GPL, version 2
10 * This file handles mounting of a filesystem once the superblocks
12 * It loads the root inode (the root of the filesystem, not of the
13 * directory tree) and then handles roll-forward to pick up and changes
14 * there are not in the filesystem yet, either due to a crash, or because
15 * they cannot be consistently stored easily (final segusage/quota info).
17 * Roll-forward reads write-cluster header and handle things as appropriate.
18 * Data blocks are only processed if they belong to:
22 * A data block in a regular file implies an extension of the file size
23 * to the end of the block, if it was previously at or before the start
24 * of the block. Datablocks that were just moved for cleaning are
27 * Index blocks are always ignored - they need to be recalculated.
29 * 'miniblocks' or 'updates' are always processed - they represent an
30 * atomic update that might affect multiple files - those files for which
31 * data blocks are ignored.
32 * Updates are understood:
33 * - for inodes. The update simply over-writes part of the inode metadata,
34 * which could affect the link count or size. Such inodes become
35 * orphans in case truncation or deletion is needed. This can create
36 * an inode which might affect the inode usage map.
37 * - for directories. The update identifies a name and an inode number.
38 * This can imply a change to the inode's link count and again could
39 * make it an orphan. In some cases updates are paired, possibly across
40 * different directories. This is needed for 'rename'.
42 * Each write-cluster has three levels of validation.
43 * Firstly, if the header is internally consistent, with correct tag,
44 * uuid, and sequence, then we know a write was attempted, and anything that
45 * must be written before that was successfully written.
46 * Secondly, if the header has a correct checksum, then it is all correct,
47 * and the miniblocks are valid.
48 * Thirdly, if the next or next-but-one header (depending on verify_type) is
49 * internally consistent, than we know that the data blocks in this cluster
50 * were all written successfully.
54 #include <linux/slab.h>
57 roll_valid(struct fs *fs, struct cluster_head *ch, unsigned long long addr)
59 /* return 1 if the cluster_head looks locally valid.
60 * Don't check checksum as we may not have the whole head
62 if (memcmp(ch->idtag, "LaFSHead", 8) != 0)
64 if (memcmp(fs->state->uuid, ch->uuid, 16) != 0)
66 if (le64_to_cpu(ch->this_addr) != addr)
68 switch (le16_to_cpu(ch->verify_type)) {
78 if (le16_to_cpu(ch->Clength) > fs->max_segment)
84 * roll_locate scopes out the full extent of the required roll-forward.
85 * It start at the start of the last checkpoint (recorded in the stateblock)
86 * and checks that the end of the checkpoint exists, and continues following
87 * the chain as far as valid cluster heads can be found.
88 * roll_locate returns 0 if proper endpoints were found,
89 * or -EIO if CheckpointStart and CheckpointEnd weren't found properly
90 * "next" will contain the address of the next cluster to be written to,
91 * "last" the cluster before that, and "seq" the seq number for next cluster
92 * "maxp" will be used to report the maximum size of a cluster head.
95 roll_locate(struct fs *fs, u64 start,
96 u64 *nextp, u64 *lastp, u64 *seqp,
97 int *maxp, struct page *p)
99 struct cluster_head *ch;
100 u64 this, prev, prev2, last, next;
103 int prevtype, prev2type;
105 ch = (struct cluster_head *)page_address(p);
107 this = start; prev = start;
109 /* First we walk through the checkpoint section, which should
113 if (lafs_load_page(fs, p, this, 1) != 0) {
114 printk(KERN_ERR "LaFS: Could not read cluster %llu\n",
115 (unsigned long long) this);
118 if (!roll_valid(fs, ch, this)) {
119 printk(KERN_ERR "LaFS: Bad cluster at %llu\n",
120 (unsigned long long) this);
124 seq = le64_to_cpu(ch->seq);
125 if (!(ch->flags & CH_CheckpointStart)) {
126 printk(KERN_ERR "LaFS: Cluster at %llu not CheckpointStart!!\n",
127 (unsigned long long)this);
130 } else if (seq != le64_to_cpu(ch->seq)) {
131 printk(KERN_ERR "LaFS: Cluster sequence bad at %llu: %llu->%llu\n",
132 (unsigned long long)this,
133 (unsigned long long)seq,
134 (unsigned long long)le64_to_cpu(ch->seq));
138 if (this != start && le64_to_cpu(ch->prev_addr) != prev) {
139 printk(KERN_ERR "LaFS: Cluster Linkage error at %llu: %llu != %llu\n",
140 (unsigned long long)this,
141 (unsigned long long)le64_to_cpu(ch->prev_addr),
142 (unsigned long long)prev);
145 if (!ch->flags & CH_Checkpoint) {
146 printk(KERN_ERR "LaFS: Cluster %llu not a Checkpoint cluster\n",
147 (unsigned long long)this);
150 dprintk("Found seq %llu at %llu\n",
151 (unsigned long long)seq, (unsigned long long)this);
152 if (le16_to_cpu(ch->Hlength) > max)
153 max = le16_to_cpu(ch->Hlength);
155 this = le64_to_cpu(ch->next_addr);
157 } while (!(ch->flags & CH_CheckpointEnd));
159 /* 'seq' is sequence number of 'this' */
160 dprintk("CheckpointEnd found at %llu, seq %llu\n", prev, seq-1);
162 /* now we need to step forward a bit more carefully, as any
163 * cluster we find now could easily be bad.
165 * this - address of cluster we are now considering
166 * prev - address of previous cluster
167 * prevtype - verify type of previous cluster
168 * prev2 - address of cluster before prev
169 * prev2type - verify type of that cluster.
170 * start - "next_addr" entry from last known-good cluster
178 prevtype = prev2type = VerifyNull;
181 if (lafs_load_page(fs, p, this, 1) != 0)
183 if (!roll_valid(fs, ch, this))
185 if (le64_to_cpu(ch->prev_addr) != prev)
187 if (le64_to_cpu(ch->seq) != seq)
190 /* this head looks valid, so we can possibly verify previous
193 if (le16_to_cpu(ch->Hlength) > max)
194 max = le16_to_cpu(ch->Hlength);
196 if (prev2type == VerifyNext2) {
200 if (prevtype == VerifyNext) {
205 /* shift prev info back */
207 prev2type = prevtype;
209 prevtype = le16_to_cpu(ch->verify_type);
210 this = le64_to_cpu(ch->next_addr);
211 if (prevtype == VerifyNull) {
218 dprintk("LaFS: Next address to write is %llu\n", next);
223 else if (next == prev)
225 else if (next == prev2)
233 static int __must_check
234 roll_mini(struct fs *fs, int fsnum, int inum, int trunc,
235 u32 bnum, int offset, int len, char *data)
238 struct inode *fsinode;
239 struct lafs_inode *li;
240 struct datablock *db = NULL;
247 dprintk("Roll Mini %d/%d/%lu/%d,%d\n",
248 fsnum, inum, (unsigned long) bnum,
251 /* The handling of miniblock updates is quite different for
254 * inode-files: meta-data updates, including size, are allowed.
255 * index update and data update are not (data update must
256 * go through the file). Implied creation requires
258 * regular-files: We don't create miniblocks for regular files,
259 * but we might write an inode with embedded data and want
260 * that data to be safe. When those inodes are found, at
261 * miniblock is synthesised from the data so we need to
263 * symlink,dev,pipe: as with reg-files
264 * directory: add/remove entries. Each miniblock has an address and
265 * identifies a name, an inode number, and one of:
266 * LINK - create a link with this name to the inode
267 * UNLINK - remove the link
268 * REN_SOURCE - record this info against the 'address' which must
269 * be unique in this checkpoint across all directories
270 * REN_TARGET - The source with matching 'address' is being
271 * renamed to here. So unlink the source and either create the
272 * target (if inode is zero) or replace the target. This
273 * miniblock could be in a different directory to the matching
277 inode = lafs_iget_fs(fs, fsnum, inum, SYNC);
279 return PTR_ERR(inode);
284 default: /* Any unknown type is an error */
285 printk(KERN_WARNING "LAFS impossibly file type for roll-forward: %d\n",
293 printk(KERN_WARNING "LAFS: Ignoring impossible sub-subset\n");
298 inode = lafs_iget_fs(fs, inum, bnum, SYNC);
300 err = PTR_ERR(inode);
301 if (err != -ENOENT || offset != 0) {
302 lafs_iput_fs(fsinode);
306 db = lafs_get_block(fsinode, bnum, NULL, GFP_KERNEL,
308 lafs_inode_inuse(fs, fsinode, bnum);
309 lafs_iput_fs(fsinode);
311 db = ERR_PTR(-ENOMEM);
313 lafs_iput_fs(fsinode);
314 db = lafs_inode_dblock(inode, SYNC, MKREF(roll));
316 /* Make sure block is in-sync with inode */
317 lafs_inode_fillblock(inode);
323 /* Should normally iolock the block, but we don't
324 * need that during roll-forward */
325 set_bit(B_PinPending, &db->b.flags);
326 lafs_pin_dblock(db, CleanSpace);
327 buf = map_dblock(db);
328 memcpy(buf+offset, data, len);
329 unmap_dblock(db, buf);
331 err = lafs_import_inode(inode, db);
333 inode = lafs_iget_fs(fs, inum, bnum, SYNC);
336 lafs_dirty_dblock(db);
340 /* 'bnum' is the handle for match 'rename' parts.
341 * 'offset' is the DIROP type
342 * 'len' is 4 plus length of name.
343 * data contains 4-byte inode number, then name
349 inum = le32_to_cpu(*(u32*)data);
351 err = lafs_dir_roll_mini(inode, bnum, offset, inum, name, len-4);
357 if (bnum != 0 || offset != 0) {
358 /* We currently only expect update at the very start
360 * So reject anything else.
365 err = pagecache_write_begin(NULL, inode->i_mapping,
369 char *b = kmap_atomic(page, KM_USER0);
370 memcpy(b, data, len);
371 kunmap_atomic(b, KM_USER0);
372 pagecache_write_end(NULL, inode->i_mapping,
373 0, len, len, page, fsdata);
377 /* We borrow the orphan list to keep a reference on
378 * this inode until all processing is finished
379 * to make sure inodes that are about to get linked
380 * don't get deleted early
382 if (inode->i_nlink == 0) {
384 db = lafs_inode_get_dblock(inode, MKREF(roll));
386 list_empty(&db->orphans)) {
387 list_add(&db->orphans, &fs->pending_orphans);
388 lafs_igrab_fs(inode);
389 getdref(db, MKREF(roll_orphan));
392 putdref(db, MKREF(roll));
397 static int __must_check
398 roll_block(struct fs *fs, int fsnum, int inum, int trunc,
399 u32 bnum, u64 baddr, int bytes, struct page *p)
402 struct datablock *blk = NULL;
403 struct lafs_inode *li;
406 /* We found this block during roll-forward and need to
407 * include it in the filesystem.
408 * If 'bytes' is 0, the this is a 'hole' and we should
411 if (bytes == DescHole)
414 dprintk("Roll Block %d/%d/%lu/%llu\n",
415 fsnum, inum, (unsigned long) bnum,
416 (unsigned long long)baddr);
418 /* find/load the inode */
419 inode = lafs_iget_fs(fs, fsnum, inum, SYNC);
421 return PTR_ERR(inode);
426 dprintk("Got the inode, type %d %p size %llu\n", li->type,
427 inode, inode->i_size);
430 struct la_inode *lai;
433 default: /* most filetypes are simply ignored */
437 /* The only part of an inode that might be interesting
438 * is embedded data: All metadata changes get logged
440 * Further the data can only be interesting for non-directories,
441 * as directory updates are also logged as miniblocks.
442 * So if this is a depth==0 non-directory inode,
443 * treat the data as a miniblock update.
445 if (bytes != fs->blocksize)
447 err = lafs_load_page(fs, p, baddr, 1);
448 dprintk("inode load page err %d\n", err);
451 lai = (struct la_inode *)page_address(p);
452 mdsize = le16_to_cpu(lai->metadata_size);
453 if (lai->filetype >= TypeBase &&
454 lai->filetype != TypeDir &&
456 mdsize > 1 && mdsize < fs->blocksize) {
457 u64 sz = le64_to_cpu(lai->metadata[0].file.size);
458 if (sz <= fs->blocksize - mdsize)
459 err = roll_mini(fs, inum, bnum, -1, 0, 0,
461 page_address(p) + mdsize);
467 /* These only get merged while in a checkpoint. */
468 if (fs->qphase == fs->phase)
473 /* merge into the file and possibly extend inode.size
474 * Only extend the size if it was before this block.
475 * i.e. if size was to the middle of this block, we don't
478 dprintk("FILE type\n");
480 blk = lafs_get_block(inode, bnum, NULL, GFP_KERNEL,
485 err = lafs_find_block(blk, ADOPT);
488 if (blk->b.physaddr == baddr)
489 /* already correctly indexed */
492 if (li->type >= TypeBase && bytes != DescHole &&
493 inode->i_size <= ((loff_t)bnum << inode->i_blkbits)) {
494 inode->i_size = ((loff_t)bnum << inode->i_blkbits) + bytes;
495 set_bit(I_Dirty, &LAFSI(inode)->iflags);
498 /* FIXME: we pretend this is a dirty, pinned block
499 * so the lower-level code doesn't get confused.
500 * Is this really the best approach?
501 * Do I need to release some space here?
503 set_bit(B_PinPending, &blk->b.flags); /* Don't need iolock as no io yet */
504 lafs_pin_dblock(blk, CleanSpace); /* cannot fail during ! ->rolled */
506 lafs_iolock_block(&blk->b);
507 /* The '1' in lafs_summary_update assumes SegRef is set, so
510 LAFS_BUG(!test_bit(B_SegRef, &blk->b.flags), &blk->b);
511 lafs_summary_update(fs, blk->b.inode, blk->b.physaddr, baddr,
513 blk->b.physaddr = baddr;
514 lafs_dirty_iblock(blk->b.parent, 0);
515 set_bit(B_Writeback, &blk->b.flags);
516 lafs_iounlock_block(&blk->b);
518 while (lafs_add_block_address(fs, &blk->b) == 0)
519 /* Just like in lafs_phase_flip, there is no special
520 * action required here.
524 dprintk("Allocated block %lu to %llu\n",
525 (unsigned long)bnum, baddr);
526 lafs_writeback_done(&blk->b);
528 clear_bit(B_PinPending, &blk->b.flags);
529 /* If we had previously read this block for some reason,
530 * the contents are now invalid. If they are dirty,
531 * we have a real problem as those changes cannot be saved.
533 LAFS_BUG(test_bit(B_Dirty, &blk->b.flags), &blk->b);
534 clear_bit(B_Valid, &blk->b.flags);
539 putdref(blk, MKREF(roll));
541 if (inode->i_nlink == 0) {
542 struct datablock *db = lafs_inode_get_dblock(inode, MKREF(roll));
544 list_empty(&db->orphans)) {
545 list_add(&db->orphans, &fs->pending_orphans);
546 lafs_igrab_fs(inode);
547 getdref(db, MKREF(roll_orphan));
549 putdref(db, MKREF(roll));
552 dprintk("leaving with error %d\n", err);
556 static int __must_check
557 roll_one(struct fs *fs, u64 *addrp, struct page *p, struct page *pg,
561 struct cluster_head *ch = (struct cluster_head *)page_address(p);
562 struct group_head *gh;
563 struct descriptor *desc;
567 int blocksize = fs->blocksize;
571 /* we "know" buf is big enough */
572 err = lafs_load_pages(fs, p, addr, max/blocksize);
576 /* just minimal checks, as we have looked at this already */
577 if (!roll_valid(fs, ch, addr))
579 if (lafs_calc_cluster_csum(ch) != ch->checksum)
581 *addrp = le64_to_cpu(ch->next_addr);
583 if (le16_to_cpu(ch->Hlength) > max)
586 lafs_seg_setpos(fs, &seg, addr);
587 lafs_seg_setsize(fs, &seg, le16_to_cpu(ch->Clength));
588 header_blocks = (le16_to_cpu(ch->Hlength) + blocksize - 1) / blocksize;
589 for (i = 0; i < header_blocks; i++) {
590 baddr = lafs_seg_next(fs, &seg);
591 BUG_ON(baddr != addr + i);
594 if (!(ch->flags & CH_Checkpoint))
595 fs->qphase = fs->phase;
599 while (((char *)gh - (char *)ch) < le16_to_cpu(ch->Hlength)) {
601 int inum = le32_to_cpu(gh->inum);
602 int fsnum = le32_to_cpu(gh->fsnum);
603 int trunc = le16_to_cpu(gh->truncatenum_and_flag) & 0x7fff;
604 int flg = le16_to_cpu(gh->truncatenum_and_flag) & 0x8000;
607 while (((char *)desc - (char *)gh) <
608 le16_to_cpu(gh->group_size_words)*4) {
609 if (le16_to_cpu(desc->block_bytes) <= DescMiniOffset ||
610 le16_to_cpu(desc->block_bytes) == DescIndex) {
611 u32 bnum = le32_to_cpu(desc->block_num);
612 int cnt = le16_to_cpu(desc->block_cnt);
613 int bytes = le16_to_cpu(desc->block_bytes);
615 if (le16_to_cpu(desc->block_bytes) == DescIndex
617 return -EIO; /* FIXME is this
620 /* FIXME range check count */
621 while (!err && cnt--) {
622 if (bytes != DescHole)
623 baddr = lafs_seg_next(fs, &seg);
624 if (bytes != DescHole &&
626 /* We have fallen off the end of
627 * the write-cluster - something
628 * is wrong with the header
630 printk(KERN_WARNING "LAFS: cluster size is wrong\n");
633 if (!flg && bytes != DescIndex)
634 err = roll_block(fs, fsnum, inum, trunc,
636 cnt == 0 || bytes == DescHole
644 struct miniblock *mb = (struct miniblock *)desc;
645 u32 bnum = le32_to_cpu(mb->block_num);
646 int offset = le16_to_cpu(mb->block_offset);
647 int len = le16_to_cpu(mb->length)
650 err = roll_mini(fs, fsnum, inum, trunc,
651 bnum, offset, len, (char *)(mb+1));
654 mb = (struct miniblock *)(((char*)mb)
656 desc = (struct descriptor *)mb;
662 gh = (struct group_head *)desc;
667 if (ch->flags & CH_CheckpointEnd)
668 fs->qphase = fs->phase;
672 static int roll_forward(struct fs *fs)
674 u64 first, next = 0, last = 0, seq = 0;
678 int blocksize = fs->blocksize;
683 struct list_head pending;
687 fs->checkpointing = CH_Checkpoint;
688 clear_bit(DelayYouth, &fs->fsstate);
690 first = fs->checkpointcluster;
691 p = alloc_pages(GFP_KERNEL, order);
695 err = roll_locate(fs, first, &next, &last, &seq, &max, p);
697 max = ((max + blocksize - 1) / blocksize) * blocksize;
699 if (!err && max > PAGE_SIZE) {
700 __free_pages(p, order);
701 order = get_order(max * blocksize);
702 p = alloc_pages(order, GFP_KERNEL);
707 __free_pages(p, order);
711 pg = alloc_page(GFP_KERNEL);
713 __free_pages(p, order);
717 err = lafs_cluster_init(fs, 0, next, last, seq);
719 __free_pages(p, order); put_page(pg);
722 lafs_cluster_init(fs, 1, 0, 0, 0);
724 virttoseg(fs, first, &dev, &seg, &offset);
726 while (first != next) {
730 virttoseg(fs, first, &dev2, &seg2, &offset);
731 err = roll_one(fs, &first, p, pg, max);
735 if (fs->qphase == fs->phase &&
737 fs->checkpointing = 0;
738 clear_bit(DelayYouth, &fs->fsstate);
739 lafs_seg_apply_all(fs);
742 if (dev2 != dev || seg2 != seg) {
743 /* New segment - need to make sure youth is correct */
746 /* if fs->checkpointing, seg_apply_all will do the youth
749 if (fs->checkpointing == 0)
750 lafs_update_youth(fs, dev, seg);
753 __free_pages(p, order);
756 lafs_add_active(fs, next);
758 /* pending_renames will normally be empty, but it is not
759 * impossible that we crashed and an awkward time. So just
760 * clean up whatever is there
762 while (fs->pending_renames != NULL) {
763 struct rename_roll *rr = fs->pending_renames;
764 fs->pending_renames = rr->next;
771 /* Now we release all the nlink==0 inodes that we found */
772 INIT_LIST_HEAD(&pending);
773 list_splice_init(&fs->pending_orphans, &pending);
774 while (!list_empty(&pending)) {
775 struct datablock *db = list_first_entry(&pending,
778 list_del_init(&db->orphans);
779 if (db->my_inode->i_nlink == 0)
780 lafs_make_orphan(fs, db);
781 lafs_iput_fs(db->my_inode);
782 putdref(db, MKREF(roll_orphan));
789 lafs_mount(struct fs *fs)
791 struct datablock *b = NULL;
792 struct inode *rootino;
793 struct inode *rootdir;
794 struct inode *aino, *oino;
798 struct sb_key *k = fs->prime_sb->s_fs_info;
802 fs->ss[0].root = rootino = iget_locked(fs->prime_sb, 0);
804 LAFSI(rootino)->filesys = rootino;
809 b = lafs_get_block(rootino, 0, NULL, GFP_KERNEL, MKREF(mount));
812 set_bit(B_Root, &b->b.flags);
813 b->b.physaddr = fs->ss[0].root_addr;
814 set_bit(B_PhysValid, &b->b.flags);
815 err = lafs_load_block(&b->b, NULL);
818 err = lafs_wait_block(&b->b);
822 err = lafs_import_inode(rootino, b);
825 putdref(b, MKREF(mount));
828 unlock_new_inode(rootino);
830 rootdir = lafs_iget(rootino, 2, SYNC);
831 err = PTR_ERR(rootdir);
834 de = d_alloc_root(rootdir);
840 fs->prime_sb->s_root = de;
842 oino = lafs_iget(rootino, 8, SYNC);
846 if (LAFSI(oino)->type != TypeOrphanList) {
852 for (d = 0; d < fs->devices ; d++) {
853 struct inode *sino = lafs_iget(rootino,
854 fs->devs[d].usage_inum,
859 if (LAFSI(sino)->type != TypeSegmentMap) {
864 fs->devs[d].segsum = sino;
866 orphan_count = lafs_count_orphans(fs->orphans);
867 LAFSI(fs->orphans)->md.orphan.nextfree = orphan_count;
869 lafs_checkpoint_lock(fs);
870 err = roll_forward(fs);
871 lafs_checkpoint_unlock(fs);
873 lafs_add_orphans(fs, fs->orphans, orphan_count);
875 for (d = 0; d < 4; d++) {
876 struct page *p = alloc_page(GFP_KERNEL);
879 fs->cleaner.seg[d].chead = p;
880 INIT_LIST_HEAD(&fs->cleaner.seg[d].cleaning);
883 aino = lafs_iget(rootino, 3, SYNC);
885 if (LAFSI(aino)->type != TypeAccessTime) {
889 LAFSI(fs->ss[0].root)->md.fs.accesstime = aino;
890 } else if (PTR_ERR(aino) != -ENOENT)
894 putdref(b, MKREF(mount));