]>
Commit | Line | Data |
---|---|---|
f5166768 | 1 | // SPDX-License-Identifier: GPL-2.0+ |
470decc6 | 2 | /* |
58862699 | 3 | * linux/fs/jbd2/recovery.c |
470decc6 DK |
4 | * |
5 | * Written by Stephen C. Tweedie <sct@redhat.com>, 1999 | |
6 | * | |
7 | * Copyright 1999-2000 Red Hat Software --- All Rights Reserved | |
8 | * | |
470decc6 DK |
9 | * Journal recovery routines for the generic filesystem journaling code; |
10 | * part of the ext2fs journaling system. | |
11 | */ | |
12 | ||
13 | #ifndef __KERNEL__ | |
14 | #include "jfs_user.h" | |
15 | #else | |
16 | #include <linux/time.h> | |
17 | #include <linux/fs.h> | |
f7f4bccb | 18 | #include <linux/jbd2.h> |
470decc6 | 19 | #include <linux/errno.h> |
818d276c | 20 | #include <linux/crc32.h> |
79feb521 | 21 | #include <linux/blkdev.h> |
470decc6 DK |
22 | #endif |
23 | ||
24 | /* | |
25 | * Maintain information about the progress of the recovery job, so that | |
26 | * the different passes can carry information between them. | |
27 | */ | |
28 | struct recovery_info | |
29 | { | |
30 | tid_t start_transaction; | |
31 | tid_t end_transaction; | |
32 | ||
33 | int nr_replays; | |
34 | int nr_revokes; | |
35 | int nr_revoke_hits; | |
36 | }; | |
37 | ||
38 | enum passtype {PASS_SCAN, PASS_REVOKE, PASS_REPLAY}; | |
39 | static int do_one_pass(journal_t *journal, | |
40 | struct recovery_info *info, enum passtype pass); | |
41 | static int scan_revoke_records(journal_t *, struct buffer_head *, | |
42 | tid_t, struct recovery_info *); | |
43 | ||
44 | #ifdef __KERNEL__ | |
45 | ||
46 | /* Release readahead buffers after use */ | |
47 | static void journal_brelse_array(struct buffer_head *b[], int n) | |
48 | { | |
49 | while (--n >= 0) | |
50 | brelse (b[n]); | |
51 | } | |
52 | ||
53 | ||
54 | /* | |
55 | * When reading from the journal, we are going through the block device | |
56 | * layer directly and so there is no readahead being done for us. We | |
57 | * need to implement any readahead ourselves if we want it to happen at | |
58 | * all. Recovery is basically one long sequential read, so make sure we | |
59 | * do the IO in reasonably large chunks. | |
60 | * | |
61 | * This is not so critical that we need to be enormously clever about | |
62 | * the readahead size, though. 128K is a purely arbitrary, good-enough | |
63 | * fixed value. | |
64 | */ | |
65 | ||
66 | #define MAXBUF 8 | |
67 | static int do_readahead(journal_t *journal, unsigned int start) | |
68 | { | |
69 | int err; | |
70 | unsigned int max, nbufs, next; | |
18eba7aa | 71 | unsigned long long blocknr; |
470decc6 DK |
72 | struct buffer_head *bh; |
73 | ||
74 | struct buffer_head * bufs[MAXBUF]; | |
75 | ||
76 | /* Do up to 128K of readahead */ | |
77 | max = start + (128 * 1024 / journal->j_blocksize); | |
78 | if (max > journal->j_maxlen) | |
79 | max = journal->j_maxlen; | |
80 | ||
81 | /* Do the readahead itself. We'll submit MAXBUF buffer_heads at | |
82 | * a time to the block device IO layer. */ | |
83 | ||
84 | nbufs = 0; | |
85 | ||
86 | for (next = start; next < max; next++) { | |
f7f4bccb | 87 | err = jbd2_journal_bmap(journal, next, &blocknr); |
470decc6 DK |
88 | |
89 | if (err) { | |
f2a44523 | 90 | printk(KERN_ERR "JBD2: bad block at offset %u\n", |
470decc6 DK |
91 | next); |
92 | goto failed; | |
93 | } | |
94 | ||
95 | bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize); | |
96 | if (!bh) { | |
97 | err = -ENOMEM; | |
98 | goto failed; | |
99 | } | |
100 | ||
101 | if (!buffer_uptodate(bh) && !buffer_locked(bh)) { | |
102 | bufs[nbufs++] = bh; | |
103 | if (nbufs == MAXBUF) { | |
dfec8a14 | 104 | ll_rw_block(REQ_OP_READ, 0, nbufs, bufs); |
470decc6 DK |
105 | journal_brelse_array(bufs, nbufs); |
106 | nbufs = 0; | |
107 | } | |
108 | } else | |
109 | brelse(bh); | |
110 | } | |
111 | ||
112 | if (nbufs) | |
dfec8a14 | 113 | ll_rw_block(REQ_OP_READ, 0, nbufs, bufs); |
470decc6 DK |
114 | err = 0; |
115 | ||
116 | failed: | |
117 | if (nbufs) | |
118 | journal_brelse_array(bufs, nbufs); | |
119 | return err; | |
120 | } | |
121 | ||
122 | #endif /* __KERNEL__ */ | |
123 | ||
124 | ||
125 | /* | |
126 | * Read a block from the journal | |
127 | */ | |
128 | ||
129 | static int jread(struct buffer_head **bhp, journal_t *journal, | |
130 | unsigned int offset) | |
131 | { | |
132 | int err; | |
18eba7aa | 133 | unsigned long long blocknr; |
470decc6 DK |
134 | struct buffer_head *bh; |
135 | ||
136 | *bhp = NULL; | |
137 | ||
138 | if (offset >= journal->j_maxlen) { | |
f2a44523 | 139 | printk(KERN_ERR "JBD2: corrupted journal superblock\n"); |
6a797d27 | 140 | return -EFSCORRUPTED; |
470decc6 DK |
141 | } |
142 | ||
f7f4bccb | 143 | err = jbd2_journal_bmap(journal, offset, &blocknr); |
470decc6 DK |
144 | |
145 | if (err) { | |
f2a44523 | 146 | printk(KERN_ERR "JBD2: bad block at offset %u\n", |
470decc6 DK |
147 | offset); |
148 | return err; | |
149 | } | |
150 | ||
151 | bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize); | |
152 | if (!bh) | |
153 | return -ENOMEM; | |
154 | ||
155 | if (!buffer_uptodate(bh)) { | |
156 | /* If this is a brand new buffer, start readahead. | |
157 | Otherwise, we assume we are already reading it. */ | |
158 | if (!buffer_req(bh)) | |
159 | do_readahead(journal, offset); | |
160 | wait_on_buffer(bh); | |
161 | } | |
162 | ||
163 | if (!buffer_uptodate(bh)) { | |
f2a44523 | 164 | printk(KERN_ERR "JBD2: Failed to read block at offset %u\n", |
470decc6 DK |
165 | offset); |
166 | brelse(bh); | |
167 | return -EIO; | |
168 | } | |
169 | ||
170 | *bhp = bh; | |
171 | return 0; | |
172 | } | |
173 | ||
1101cd4d | 174 | static int jbd2_descriptor_block_csum_verify(journal_t *j, void *buf) |
3caa487f DW |
175 | { |
176 | struct jbd2_journal_block_tail *tail; | |
18a6ea1e DW |
177 | __be32 provided; |
178 | __u32 calculated; | |
3caa487f | 179 | |
db9ee220 | 180 | if (!jbd2_journal_has_csum_v2or3(j)) |
3caa487f DW |
181 | return 1; |
182 | ||
183 | tail = (struct jbd2_journal_block_tail *)(buf + j->j_blocksize - | |
184 | sizeof(struct jbd2_journal_block_tail)); | |
185 | provided = tail->t_checksum; | |
186 | tail->t_checksum = 0; | |
187 | calculated = jbd2_chksum(j, j->j_csum_seed, buf, j->j_blocksize); | |
188 | tail->t_checksum = provided; | |
189 | ||
18a6ea1e | 190 | return provided == cpu_to_be32(calculated); |
3caa487f | 191 | } |
470decc6 DK |
192 | |
193 | /* | |
194 | * Count the number of in-use tags in a journal descriptor block. | |
195 | */ | |
196 | ||
b517bea1 | 197 | static int count_tags(journal_t *journal, struct buffer_head *bh) |
470decc6 DK |
198 | { |
199 | char * tagp; | |
200 | journal_block_tag_t * tag; | |
b517bea1 ZB |
201 | int nr = 0, size = journal->j_blocksize; |
202 | int tag_bytes = journal_tag_bytes(journal); | |
470decc6 | 203 | |
db9ee220 | 204 | if (jbd2_journal_has_csum_v2or3(journal)) |
3caa487f DW |
205 | size -= sizeof(struct jbd2_journal_block_tail); |
206 | ||
470decc6 DK |
207 | tagp = &bh->b_data[sizeof(journal_header_t)]; |
208 | ||
b517bea1 | 209 | while ((tagp - bh->b_data + tag_bytes) <= size) { |
470decc6 DK |
210 | tag = (journal_block_tag_t *) tagp; |
211 | ||
212 | nr++; | |
b517bea1 | 213 | tagp += tag_bytes; |
8f888ef8 | 214 | if (!(tag->t_flags & cpu_to_be16(JBD2_FLAG_SAME_UUID))) |
470decc6 DK |
215 | tagp += 16; |
216 | ||
8f888ef8 | 217 | if (tag->t_flags & cpu_to_be16(JBD2_FLAG_LAST_TAG)) |
470decc6 DK |
218 | break; |
219 | } | |
220 | ||
221 | return nr; | |
222 | } | |
223 | ||
224 | ||
225 | /* Make sure we wrap around the log correctly! */ | |
226 | #define wrap(journal, var) \ | |
227 | do { \ | |
228 | if (var >= (journal)->j_last) \ | |
229 | var -= ((journal)->j_last - (journal)->j_first); \ | |
230 | } while (0) | |
231 | ||
232 | /** | |
f7f4bccb | 233 | * jbd2_journal_recover - recovers a on-disk journal |
470decc6 DK |
234 | * @journal: the journal to recover |
235 | * | |
236 | * The primary function for recovering the log contents when mounting a | |
237 | * journaled device. | |
238 | * | |
239 | * Recovery is done in three passes. In the first pass, we look for the | |
240 | * end of the log. In the second, we assemble the list of revoke | |
241 | * blocks. In the third and final pass, we replay any un-revoked blocks | |
242 | * in the log. | |
243 | */ | |
f7f4bccb | 244 | int jbd2_journal_recover(journal_t *journal) |
470decc6 | 245 | { |
44519faf | 246 | int err, err2; |
470decc6 DK |
247 | journal_superblock_t * sb; |
248 | ||
249 | struct recovery_info info; | |
250 | ||
251 | memset(&info, 0, sizeof(info)); | |
252 | sb = journal->j_superblock; | |
253 | ||
254 | /* | |
255 | * The journal superblock's s_start field (the current log head) | |
256 | * is always zero if, and only if, the journal was cleanly | |
257 | * unmounted. | |
258 | */ | |
259 | ||
260 | if (!sb->s_start) { | |
261 | jbd_debug(1, "No recovery required, last transaction %d\n", | |
262 | be32_to_cpu(sb->s_sequence)); | |
263 | journal->j_transaction_sequence = be32_to_cpu(sb->s_sequence) + 1; | |
264 | return 0; | |
265 | } | |
266 | ||
267 | err = do_one_pass(journal, &info, PASS_SCAN); | |
268 | if (!err) | |
269 | err = do_one_pass(journal, &info, PASS_REVOKE); | |
270 | if (!err) | |
271 | err = do_one_pass(journal, &info, PASS_REPLAY); | |
272 | ||
f2a44523 | 273 | jbd_debug(1, "JBD2: recovery, exit status %d, " |
470decc6 DK |
274 | "recovered transactions %u to %u\n", |
275 | err, info.start_transaction, info.end_transaction); | |
f2a44523 | 276 | jbd_debug(1, "JBD2: Replayed %d and revoked %d/%d blocks\n", |
470decc6 DK |
277 | info.nr_replays, info.nr_revoke_hits, info.nr_revokes); |
278 | ||
279 | /* Restart the log at the next transaction ID, thus invalidating | |
280 | * any existing commit records in the log. */ | |
281 | journal->j_transaction_sequence = ++info.end_transaction; | |
282 | ||
f7f4bccb | 283 | jbd2_journal_clear_revoke(journal); |
44519faf HK |
284 | err2 = sync_blockdev(journal->j_fs_dev); |
285 | if (!err) | |
286 | err = err2; | |
79feb521 | 287 | /* Make sure all replayed data is on permanent storage */ |
316e4cfd TT |
288 | if (journal->j_flags & JBD2_BARRIER) { |
289 | err2 = blkdev_issue_flush(journal->j_fs_dev, GFP_KERNEL, NULL); | |
290 | if (!err) | |
291 | err = err2; | |
292 | } | |
470decc6 DK |
293 | return err; |
294 | } | |
295 | ||
296 | /** | |
f7f4bccb | 297 | * jbd2_journal_skip_recovery - Start journal and wipe exiting records |
470decc6 DK |
298 | * @journal: journal to startup |
299 | * | |
300 | * Locate any valid recovery information from the journal and set up the | |
301 | * journal structures in memory to ignore it (presumably because the | |
302 | * caller has evidence that it is out of date). | |
bd7ced98 | 303 | * This function doesn't appear to be exported.. |
470decc6 DK |
304 | * |
305 | * We perform one pass over the journal to allow us to tell the user how | |
306 | * much recovery information is being erased, and to let us initialise | |
307 | * the journal transaction sequence numbers to the next unused ID. | |
308 | */ | |
f7f4bccb | 309 | int jbd2_journal_skip_recovery(journal_t *journal) |
470decc6 DK |
310 | { |
311 | int err; | |
470decc6 DK |
312 | |
313 | struct recovery_info info; | |
314 | ||
315 | memset (&info, 0, sizeof(info)); | |
470decc6 DK |
316 | |
317 | err = do_one_pass(journal, &info, PASS_SCAN); | |
318 | ||
319 | if (err) { | |
f2a44523 | 320 | printk(KERN_ERR "JBD2: error %d scanning journal\n", err); |
470decc6 DK |
321 | ++journal->j_transaction_sequence; |
322 | } else { | |
e23291b9 | 323 | #ifdef CONFIG_JBD2_DEBUG |
5a0790c2 AK |
324 | int dropped = info.end_transaction - |
325 | be32_to_cpu(journal->j_superblock->s_sequence); | |
b38bd33a | 326 | jbd_debug(1, |
f2a44523 | 327 | "JBD2: ignoring %d transaction%s from the journal.\n", |
470decc6 | 328 | dropped, (dropped == 1) ? "" : "s"); |
9a4f6271 | 329 | #endif |
470decc6 DK |
330 | journal->j_transaction_sequence = ++info.end_transaction; |
331 | } | |
332 | ||
333 | journal->j_tail = 0; | |
334 | return err; | |
335 | } | |
336 | ||
db9ee220 DW |
337 | static inline unsigned long long read_tag_block(journal_t *journal, |
338 | journal_block_tag_t *tag) | |
b517bea1 | 339 | { |
18eba7aa | 340 | unsigned long long block = be32_to_cpu(tag->t_blocknr); |
56316a0d | 341 | if (jbd2_has_feature_64bit(journal)) |
b517bea1 ZB |
342 | block |= (u64)be32_to_cpu(tag->t_blocknr_high) << 32; |
343 | return block; | |
344 | } | |
345 | ||
818d276c GS |
346 | /* |
347 | * calc_chksums calculates the checksums for the blocks described in the | |
348 | * descriptor block. | |
349 | */ | |
350 | static int calc_chksums(journal_t *journal, struct buffer_head *bh, | |
351 | unsigned long *next_log_block, __u32 *crc32_sum) | |
352 | { | |
353 | int i, num_blks, err; | |
354 | unsigned long io_block; | |
355 | struct buffer_head *obh; | |
356 | ||
357 | num_blks = count_tags(journal, bh); | |
358 | /* Calculate checksum of the descriptor block. */ | |
359 | *crc32_sum = crc32_be(*crc32_sum, (void *)bh->b_data, bh->b_size); | |
360 | ||
361 | for (i = 0; i < num_blks; i++) { | |
362 | io_block = (*next_log_block)++; | |
363 | wrap(journal, *next_log_block); | |
364 | err = jread(&obh, journal, io_block); | |
365 | if (err) { | |
f2a44523 | 366 | printk(KERN_ERR "JBD2: IO error %d recovering block " |
818d276c GS |
367 | "%lu in log\n", err, io_block); |
368 | return 1; | |
369 | } else { | |
370 | *crc32_sum = crc32_be(*crc32_sum, (void *)obh->b_data, | |
371 | obh->b_size); | |
372 | } | |
8ea76900 | 373 | put_bh(obh); |
818d276c GS |
374 | } |
375 | return 0; | |
376 | } | |
377 | ||
1f56c589 DW |
378 | static int jbd2_commit_block_csum_verify(journal_t *j, void *buf) |
379 | { | |
380 | struct commit_header *h; | |
18a6ea1e DW |
381 | __be32 provided; |
382 | __u32 calculated; | |
1f56c589 | 383 | |
db9ee220 | 384 | if (!jbd2_journal_has_csum_v2or3(j)) |
1f56c589 DW |
385 | return 1; |
386 | ||
387 | h = buf; | |
388 | provided = h->h_chksum[0]; | |
389 | h->h_chksum[0] = 0; | |
390 | calculated = jbd2_chksum(j, j->j_csum_seed, buf, j->j_blocksize); | |
391 | h->h_chksum[0] = provided; | |
392 | ||
18a6ea1e | 393 | return provided == cpu_to_be32(calculated); |
1f56c589 DW |
394 | } |
395 | ||
c3900875 DW |
396 | static int jbd2_block_tag_csum_verify(journal_t *j, journal_block_tag_t *tag, |
397 | void *buf, __u32 sequence) | |
398 | { | |
db9ee220 | 399 | journal_block_tag3_t *tag3 = (journal_block_tag3_t *)tag; |
eee06c56 | 400 | __u32 csum32; |
18a6ea1e | 401 | __be32 seq; |
c3900875 | 402 | |
db9ee220 | 403 | if (!jbd2_journal_has_csum_v2or3(j)) |
c3900875 DW |
404 | return 1; |
405 | ||
18a6ea1e DW |
406 | seq = cpu_to_be32(sequence); |
407 | csum32 = jbd2_chksum(j, j->j_csum_seed, (__u8 *)&seq, sizeof(seq)); | |
eee06c56 | 408 | csum32 = jbd2_chksum(j, csum32, buf, j->j_blocksize); |
c3900875 | 409 | |
56316a0d | 410 | if (jbd2_has_feature_csum3(j)) |
db9ee220 DW |
411 | return tag3->t_checksum == cpu_to_be32(csum32); |
412 | else | |
413 | return tag->t_checksum == cpu_to_be16(csum32); | |
c3900875 DW |
414 | } |
415 | ||
470decc6 DK |
416 | static int do_one_pass(journal_t *journal, |
417 | struct recovery_info *info, enum passtype pass) | |
418 | { | |
419 | unsigned int first_commit_ID, next_commit_ID; | |
420 | unsigned long next_log_block; | |
421 | int err, success = 0; | |
422 | journal_superblock_t * sb; | |
423 | journal_header_t * tmp; | |
424 | struct buffer_head * bh; | |
425 | unsigned int sequence; | |
426 | int blocktype; | |
b517bea1 | 427 | int tag_bytes = journal_tag_bytes(journal); |
818d276c | 428 | __u32 crc32_sum = ~0; /* Transactional Checksums */ |
3caa487f | 429 | int descr_csum_size = 0; |
022eaa75 | 430 | int block_error = 0; |
470decc6 | 431 | |
470decc6 DK |
432 | /* |
433 | * First thing is to establish what we expect to find in the log | |
434 | * (in terms of transaction IDs), and where (in terms of log | |
435 | * block offsets): query the superblock. | |
436 | */ | |
437 | ||
438 | sb = journal->j_superblock; | |
439 | next_commit_ID = be32_to_cpu(sb->s_sequence); | |
440 | next_log_block = be32_to_cpu(sb->s_start); | |
441 | ||
442 | first_commit_ID = next_commit_ID; | |
443 | if (pass == PASS_SCAN) | |
444 | info->start_transaction = first_commit_ID; | |
445 | ||
446 | jbd_debug(1, "Starting recovery pass %d\n", pass); | |
447 | ||
448 | /* | |
449 | * Now we walk through the log, transaction by transaction, | |
450 | * making sure that each transaction has a commit block in the | |
451 | * expected place. Each complete transaction gets replayed back | |
452 | * into the main filesystem. | |
453 | */ | |
454 | ||
455 | while (1) { | |
456 | int flags; | |
457 | char * tagp; | |
458 | journal_block_tag_t * tag; | |
459 | struct buffer_head * obh; | |
460 | struct buffer_head * nbh; | |
461 | ||
e86e1438 | 462 | cond_resched(); |
470decc6 DK |
463 | |
464 | /* If we already know where to stop the log traversal, | |
465 | * check right now that we haven't gone past the end of | |
466 | * the log. */ | |
467 | ||
468 | if (pass != PASS_SCAN) | |
469 | if (tid_geq(next_commit_ID, info->end_transaction)) | |
470 | break; | |
471 | ||
472 | jbd_debug(2, "Scanning for sequence ID %u at %lu/%lu\n", | |
473 | next_commit_ID, next_log_block, journal->j_last); | |
474 | ||
475 | /* Skip over each chunk of the transaction looking | |
476 | * either the next descriptor block or the final commit | |
477 | * record. */ | |
478 | ||
f2a44523 | 479 | jbd_debug(3, "JBD2: checking block %ld\n", next_log_block); |
470decc6 DK |
480 | err = jread(&bh, journal, next_log_block); |
481 | if (err) | |
482 | goto failed; | |
483 | ||
484 | next_log_block++; | |
485 | wrap(journal, next_log_block); | |
486 | ||
487 | /* What kind of buffer is it? | |
488 | * | |
489 | * If it is a descriptor block, check that it has the | |
490 | * expected sequence number. Otherwise, we're all done | |
491 | * here. */ | |
492 | ||
493 | tmp = (journal_header_t *)bh->b_data; | |
494 | ||
f7f4bccb | 495 | if (tmp->h_magic != cpu_to_be32(JBD2_MAGIC_NUMBER)) { |
470decc6 DK |
496 | brelse(bh); |
497 | break; | |
498 | } | |
499 | ||
500 | blocktype = be32_to_cpu(tmp->h_blocktype); | |
501 | sequence = be32_to_cpu(tmp->h_sequence); | |
502 | jbd_debug(3, "Found magic %d, sequence %d\n", | |
503 | blocktype, sequence); | |
504 | ||
505 | if (sequence != next_commit_ID) { | |
506 | brelse(bh); | |
507 | break; | |
508 | } | |
509 | ||
510 | /* OK, we have a valid descriptor block which matches | |
511 | * all of the sequence number checks. What are we going | |
512 | * to do with it? That depends on the pass... */ | |
513 | ||
514 | switch(blocktype) { | |
f7f4bccb | 515 | case JBD2_DESCRIPTOR_BLOCK: |
3caa487f | 516 | /* Verify checksum first */ |
db9ee220 | 517 | if (jbd2_journal_has_csum_v2or3(journal)) |
3caa487f DW |
518 | descr_csum_size = |
519 | sizeof(struct jbd2_journal_block_tail); | |
520 | if (descr_csum_size > 0 && | |
1101cd4d JK |
521 | !jbd2_descriptor_block_csum_verify(journal, |
522 | bh->b_data)) { | |
b6924225 DW |
523 | printk(KERN_ERR "JBD2: Invalid checksum " |
524 | "recovering block %lu in log\n", | |
525 | next_log_block); | |
6a797d27 | 526 | err = -EFSBADCRC; |
064d8389 | 527 | brelse(bh); |
3caa487f DW |
528 | goto failed; |
529 | } | |
530 | ||
470decc6 | 531 | /* If it is a valid descriptor block, replay it |
818d276c GS |
532 | * in pass REPLAY; if journal_checksums enabled, then |
533 | * calculate checksums in PASS_SCAN, otherwise, | |
534 | * just skip over the blocks it describes. */ | |
470decc6 | 535 | if (pass != PASS_REPLAY) { |
818d276c | 536 | if (pass == PASS_SCAN && |
56316a0d | 537 | jbd2_has_feature_checksum(journal) && |
818d276c GS |
538 | !info->end_transaction) { |
539 | if (calc_chksums(journal, bh, | |
540 | &next_log_block, | |
541 | &crc32_sum)) { | |
542 | put_bh(bh); | |
543 | break; | |
544 | } | |
545 | put_bh(bh); | |
546 | continue; | |
547 | } | |
b517bea1 | 548 | next_log_block += count_tags(journal, bh); |
470decc6 | 549 | wrap(journal, next_log_block); |
818d276c | 550 | put_bh(bh); |
470decc6 DK |
551 | continue; |
552 | } | |
553 | ||
554 | /* A descriptor block: we can now write all of | |
555 | * the data blocks. Yay, useful work is finally | |
556 | * getting done here! */ | |
557 | ||
558 | tagp = &bh->b_data[sizeof(journal_header_t)]; | |
b517bea1 | 559 | while ((tagp - bh->b_data + tag_bytes) |
3caa487f | 560 | <= journal->j_blocksize - descr_csum_size) { |
470decc6 DK |
561 | unsigned long io_block; |
562 | ||
563 | tag = (journal_block_tag_t *) tagp; | |
8f888ef8 | 564 | flags = be16_to_cpu(tag->t_flags); |
470decc6 DK |
565 | |
566 | io_block = next_log_block++; | |
567 | wrap(journal, next_log_block); | |
568 | err = jread(&obh, journal, io_block); | |
569 | if (err) { | |
570 | /* Recover what we can, but | |
571 | * report failure at the end. */ | |
572 | success = err; | |
f2a44523 EG |
573 | printk(KERN_ERR |
574 | "JBD2: IO error %d recovering " | |
470decc6 DK |
575 | "block %ld in log\n", |
576 | err, io_block); | |
577 | } else { | |
18eba7aa | 578 | unsigned long long blocknr; |
470decc6 DK |
579 | |
580 | J_ASSERT(obh != NULL); | |
db9ee220 | 581 | blocknr = read_tag_block(journal, |
b517bea1 | 582 | tag); |
470decc6 DK |
583 | |
584 | /* If the block has been | |
585 | * revoked, then we're all done | |
586 | * here. */ | |
f7f4bccb | 587 | if (jbd2_journal_test_revoke |
470decc6 DK |
588 | (journal, blocknr, |
589 | next_commit_ID)) { | |
590 | brelse(obh); | |
591 | ++info->nr_revoke_hits; | |
592 | goto skip_write; | |
593 | } | |
594 | ||
c3900875 DW |
595 | /* Look for block corruption */ |
596 | if (!jbd2_block_tag_csum_verify( | |
597 | journal, tag, obh->b_data, | |
598 | be32_to_cpu(tmp->h_sequence))) { | |
599 | brelse(obh); | |
6a797d27 | 600 | success = -EFSBADCRC; |
a67c848a | 601 | printk(KERN_ERR "JBD2: Invalid " |
c3900875 | 602 | "checksum recovering " |
ed65b00f TT |
603 | "data block %llu in " |
604 | "log\n", blocknr); | |
022eaa75 DW |
605 | block_error = 1; |
606 | goto skip_write; | |
c3900875 DW |
607 | } |
608 | ||
470decc6 DK |
609 | /* Find a buffer for the new |
610 | * data being restored */ | |
611 | nbh = __getblk(journal->j_fs_dev, | |
612 | blocknr, | |
613 | journal->j_blocksize); | |
614 | if (nbh == NULL) { | |
615 | printk(KERN_ERR | |
f2a44523 | 616 | "JBD2: Out of memory " |
470decc6 DK |
617 | "during recovery.\n"); |
618 | err = -ENOMEM; | |
619 | brelse(bh); | |
620 | brelse(obh); | |
621 | goto failed; | |
622 | } | |
623 | ||
624 | lock_buffer(nbh); | |
625 | memcpy(nbh->b_data, obh->b_data, | |
626 | journal->j_blocksize); | |
f7f4bccb | 627 | if (flags & JBD2_FLAG_ESCAPE) { |
d0025676 | 628 | *((__be32 *)nbh->b_data) = |
f7f4bccb | 629 | cpu_to_be32(JBD2_MAGIC_NUMBER); |
470decc6 DK |
630 | } |
631 | ||
632 | BUFFER_TRACE(nbh, "marking dirty"); | |
633 | set_buffer_uptodate(nbh); | |
634 | mark_buffer_dirty(nbh); | |
635 | BUFFER_TRACE(nbh, "marking uptodate"); | |
636 | ++info->nr_replays; | |
637 | /* ll_rw_block(WRITE, 1, &nbh); */ | |
638 | unlock_buffer(nbh); | |
639 | brelse(obh); | |
640 | brelse(nbh); | |
641 | } | |
642 | ||
643 | skip_write: | |
b517bea1 | 644 | tagp += tag_bytes; |
f7f4bccb | 645 | if (!(flags & JBD2_FLAG_SAME_UUID)) |
470decc6 DK |
646 | tagp += 16; |
647 | ||
f7f4bccb | 648 | if (flags & JBD2_FLAG_LAST_TAG) |
470decc6 DK |
649 | break; |
650 | } | |
651 | ||
652 | brelse(bh); | |
653 | continue; | |
654 | ||
f7f4bccb | 655 | case JBD2_COMMIT_BLOCK: |
818d276c GS |
656 | /* How to differentiate between interrupted commit |
657 | * and journal corruption ? | |
658 | * | |
659 | * {nth transaction} | |
660 | * Checksum Verification Failed | |
661 | * | | |
662 | * ____________________ | |
663 | * | | | |
664 | * async_commit sync_commit | |
665 | * | | | |
666 | * | GO TO NEXT "Journal Corruption" | |
667 | * | TRANSACTION | |
668 | * | | |
669 | * {(n+1)th transanction} | |
670 | * | | |
671 | * _______|______________ | |
672 | * | | | |
673 | * Commit block found Commit block not found | |
674 | * | | | |
675 | * "Journal Corruption" | | |
676 | * _____________|_________ | |
677 | * | | | |
678 | * nth trans corrupt OR nth trans | |
679 | * and (n+1)th interrupted interrupted | |
680 | * before commit block | |
681 | * could reach the disk. | |
682 | * (Cannot find the difference in above | |
683 | * mentioned conditions. Hence assume | |
684 | * "Interrupted Commit".) | |
685 | */ | |
686 | ||
687 | /* Found an expected commit block: if checksums | |
688 | * are present verify them in PASS_SCAN; else not | |
689 | * much to do other than move on to the next sequence | |
470decc6 | 690 | * number. */ |
818d276c | 691 | if (pass == PASS_SCAN && |
56316a0d | 692 | jbd2_has_feature_checksum(journal)) { |
818d276c GS |
693 | int chksum_err, chksum_seen; |
694 | struct commit_header *cbh = | |
695 | (struct commit_header *)bh->b_data; | |
696 | unsigned found_chksum = | |
697 | be32_to_cpu(cbh->h_chksum[0]); | |
698 | ||
699 | chksum_err = chksum_seen = 0; | |
700 | ||
701 | if (info->end_transaction) { | |
624080ed TT |
702 | journal->j_failed_commit = |
703 | info->end_transaction; | |
818d276c GS |
704 | brelse(bh); |
705 | break; | |
706 | } | |
707 | ||
708 | if (crc32_sum == found_chksum && | |
709 | cbh->h_chksum_type == JBD2_CRC32_CHKSUM && | |
710 | cbh->h_chksum_size == | |
711 | JBD2_CRC32_CHKSUM_SIZE) | |
712 | chksum_seen = 1; | |
713 | else if (!(cbh->h_chksum_type == 0 && | |
714 | cbh->h_chksum_size == 0 && | |
715 | found_chksum == 0 && | |
716 | !chksum_seen)) | |
717 | /* | |
718 | * If fs is mounted using an old kernel and then | |
719 | * kernel with journal_chksum is used then we | |
720 | * get a situation where the journal flag has | |
721 | * checksum flag set but checksums are not | |
722 | * present i.e chksum = 0, in the individual | |
723 | * commit blocks. | |
724 | * Hence to avoid checksum failures, in this | |
725 | * situation, this extra check is added. | |
726 | */ | |
727 | chksum_err = 1; | |
728 | ||
729 | if (chksum_err) { | |
730 | info->end_transaction = next_commit_ID; | |
731 | ||
56316a0d | 732 | if (!jbd2_has_feature_async_commit(journal)) { |
624080ed TT |
733 | journal->j_failed_commit = |
734 | next_commit_ID; | |
818d276c GS |
735 | brelse(bh); |
736 | break; | |
737 | } | |
738 | } | |
739 | crc32_sum = ~0; | |
740 | } | |
1f56c589 DW |
741 | if (pass == PASS_SCAN && |
742 | !jbd2_commit_block_csum_verify(journal, | |
743 | bh->b_data)) { | |
744 | info->end_transaction = next_commit_ID; | |
745 | ||
56316a0d | 746 | if (!jbd2_has_feature_async_commit(journal)) { |
1f56c589 DW |
747 | journal->j_failed_commit = |
748 | next_commit_ID; | |
749 | brelse(bh); | |
750 | break; | |
751 | } | |
752 | } | |
470decc6 DK |
753 | brelse(bh); |
754 | next_commit_ID++; | |
755 | continue; | |
756 | ||
f7f4bccb | 757 | case JBD2_REVOKE_BLOCK: |
470decc6 DK |
758 | /* If we aren't in the REVOKE pass, then we can |
759 | * just skip over this block. */ | |
760 | if (pass != PASS_REVOKE) { | |
761 | brelse(bh); | |
762 | continue; | |
763 | } | |
764 | ||
765 | err = scan_revoke_records(journal, bh, | |
766 | next_commit_ID, info); | |
767 | brelse(bh); | |
768 | if (err) | |
769 | goto failed; | |
770 | continue; | |
771 | ||
772 | default: | |
773 | jbd_debug(3, "Unrecognised magic %d, end of scan.\n", | |
774 | blocktype); | |
775 | brelse(bh); | |
776 | goto done; | |
777 | } | |
778 | } | |
779 | ||
780 | done: | |
781 | /* | |
782 | * We broke out of the log scan loop: either we came to the | |
783 | * known end of the log or we found an unexpected block in the | |
784 | * log. If the latter happened, then we know that the "current" | |
785 | * transaction marks the end of the valid log. | |
786 | */ | |
787 | ||
818d276c GS |
788 | if (pass == PASS_SCAN) { |
789 | if (!info->end_transaction) | |
790 | info->end_transaction = next_commit_ID; | |
791 | } else { | |
470decc6 DK |
792 | /* It's really bad news if different passes end up at |
793 | * different places (but possible due to IO errors). */ | |
794 | if (info->end_transaction != next_commit_ID) { | |
f2a44523 | 795 | printk(KERN_ERR "JBD2: recovery pass %d ended at " |
470decc6 DK |
796 | "transaction %u, expected %u\n", |
797 | pass, next_commit_ID, info->end_transaction); | |
798 | if (!success) | |
799 | success = -EIO; | |
800 | } | |
801 | } | |
022eaa75 DW |
802 | if (block_error && success == 0) |
803 | success = -EIO; | |
470decc6 DK |
804 | return success; |
805 | ||
806 | failed: | |
807 | return err; | |
808 | } | |
809 | ||
470decc6 DK |
810 | /* Scan a revoke record, marking all blocks mentioned as revoked. */ |
811 | ||
812 | static int scan_revoke_records(journal_t *journal, struct buffer_head *bh, | |
813 | tid_t sequence, struct recovery_info *info) | |
814 | { | |
f7f4bccb | 815 | jbd2_journal_revoke_header_t *header; |
470decc6 | 816 | int offset, max; |
e531d0bc DW |
817 | int csum_size = 0; |
818 | __u32 rcount; | |
b517bea1 | 819 | int record_len = 4; |
470decc6 | 820 | |
f7f4bccb MC |
821 | header = (jbd2_journal_revoke_header_t *) bh->b_data; |
822 | offset = sizeof(jbd2_journal_revoke_header_t); | |
e531d0bc | 823 | rcount = be32_to_cpu(header->r_count); |
470decc6 | 824 | |
1101cd4d | 825 | if (!jbd2_descriptor_block_csum_verify(journal, header)) |
6a797d27 | 826 | return -EFSBADCRC; |
42a7106d | 827 | |
e531d0bc | 828 | if (jbd2_journal_has_csum_v2or3(journal)) |
1101cd4d | 829 | csum_size = sizeof(struct jbd2_journal_block_tail); |
e531d0bc DW |
830 | if (rcount > journal->j_blocksize - csum_size) |
831 | return -EINVAL; | |
832 | max = rcount; | |
833 | ||
56316a0d | 834 | if (jbd2_has_feature_64bit(journal)) |
b517bea1 ZB |
835 | record_len = 8; |
836 | ||
837 | while (offset + record_len <= max) { | |
18eba7aa | 838 | unsigned long long blocknr; |
470decc6 DK |
839 | int err; |
840 | ||
b517bea1 ZB |
841 | if (record_len == 4) |
842 | blocknr = be32_to_cpu(* ((__be32 *) (bh->b_data+offset))); | |
843 | else | |
844 | blocknr = be64_to_cpu(* ((__be64 *) (bh->b_data+offset))); | |
845 | offset += record_len; | |
f7f4bccb | 846 | err = jbd2_journal_set_revoke(journal, blocknr, sequence); |
470decc6 DK |
847 | if (err) |
848 | return err; | |
849 | ++info->nr_revokes; | |
850 | } | |
851 | return 0; | |
852 | } |