]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - fs/xfs/xfs_log_recover.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xfs: update metadata LSN in buffers during log recovery
[mirror_ubuntu-bionic-kernel.git] / fs / xfs / xfs_log_recover.c
CommitLineData
1da177e4 1/*
87c199c2 2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
7b718769 3 * All Rights Reserved.
1da177e4 4 *
7b718769
NS		 5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
1da177e4
LT		 7 * published by the Free Software Foundation.
8 *
7b718769
NS		 9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
1da177e4 13 *
7b718769
NS		 14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
1da177e4 17 */
1da177e4 18#include "xfs.h"
a844f451 19#include "xfs_fs.h"
70a9883c 20#include "xfs_shared.h"
239880ef
DC		 21#include "xfs_format.h"
22#include "xfs_log_format.h"
23#include "xfs_trans_resv.h"
a844f451 24#include "xfs_bit.h"
a844f451 25#include "xfs_sb.h"
1da177e4 26#include "xfs_mount.h"
57062787 27#include "xfs_da_format.h"
9a2cc41c 28#include "xfs_da_btree.h"
1da177e4 29#include "xfs_inode.h"
239880ef 30#include "xfs_trans.h"
239880ef 31#include "xfs_log.h"
1da177e4 32#include "xfs_log_priv.h"
1da177e4 33#include "xfs_log_recover.h"
a4fbe6ab 34#include "xfs_inode_item.h"
1da177e4
LT		 35#include "xfs_extfree_item.h"
36#include "xfs_trans_priv.h"
a4fbe6ab
DC		 37#include "xfs_alloc.h"
38#include "xfs_ialloc.h"
1da177e4 39#include "xfs_quota.h"
0e446be4 40#include "xfs_cksum.h"
0b1b213f 41#include "xfs_trace.h"
33479e05 42#include "xfs_icache.h"
a4fbe6ab 43#include "xfs_bmap_btree.h"
a4fbe6ab 44#include "xfs_error.h"
2b9ab5ab 45#include "xfs_dir2.h"
9e88b5d8 46#include "xfs_rmap_item.h"
60a4a222 47#include "xfs_buf_item.h"
1da177e4 48
fc06c6d0
DC		 49#define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1)
50
9a8d2fdb
MT		 51STATIC int
52xlog_find_zeroed(
53 struct xlog *,
54 xfs_daddr_t *);
55STATIC int
56xlog_clear_stale_blocks(
57 struct xlog *,
58 xfs_lsn_t);
1da177e4 59#if defined(DEBUG)
9a8d2fdb
MT		 60STATIC void
61xlog_recover_check_summary(
62 struct xlog *);
1da177e4
LT		 63#else
64#define xlog_recover_check_summary(log)
1da177e4 65#endif
7088c413
BF		 66STATIC int
67xlog_do_recovery_pass(
68 struct xlog *, xfs_daddr_t, xfs_daddr_t, int, xfs_daddr_t *);
1da177e4 69
d5689eaa
CH		 70/*
71 * This structure is used during recovery to record the buf log items which
72 * have been canceled and should not be replayed.
73 */
74struct xfs_buf_cancel {
75 xfs_daddr_t bc_blkno;
76 uint bc_len;
77 int bc_refcount;
78 struct list_head bc_list;
79};
80
1da177e4
LT		 81/*
82 * Sector aligned buffer routines for buffer create/read/write/access
83 */
84
ff30a622
AE		 85/*
86 * Verify the given count of basic blocks is valid number of blocks
87 * to specify for an operation involving the given XFS log buffer.
88 * Returns nonzero if the count is valid, 0 otherwise.
89 */
90
91static inline int
92xlog_buf_bbcount_valid(
9a8d2fdb 93 struct xlog *log,
ff30a622
AE		 94 int bbcount)
95{
96 return bbcount > 0 && bbcount <= log->l_logBBsize;
97}
98
36adecff
AE		 99/*
100 * Allocate a buffer to hold log data. The buffer needs to be able
101 * to map to a range of nbblks basic blocks at any valid (basic
102 * block) offset within the log.
103 */
5d77c0dc 104STATIC xfs_buf_t *
1da177e4 105xlog_get_bp(
9a8d2fdb 106 struct xlog *log,
3228149c 107 int nbblks)
1da177e4 108{
c8da0faf
CH		 109 struct xfs_buf *bp;
110
ff30a622 111 if (!xlog_buf_bbcount_valid(log, nbblks)) {
a0fa2b67 112 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
ff30a622
AE		 113 nbblks);
114 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
3228149c
DC		 115 return NULL;
116 }
1da177e4 117
36adecff
AE		 118 /*
119 * We do log I/O in units of log sectors (a power-of-2
120 * multiple of the basic block size), so we round up the
25985edc 121 * requested size to accommodate the basic blocks required
36adecff
AE		 122 * for complete log sectors.
123 *
124 * In addition, the buffer may be used for a non-sector-
125 * aligned block offset, in which case an I/O of the
126 * requested size could extend beyond the end of the
127 * buffer. If the requested size is only 1 basic block it
128 * will never straddle a sector boundary, so this won't be
129 * an issue. Nor will this be a problem if the log I/O is
130 * done in basic blocks (sector size 1). But otherwise we
131 * extend the buffer by one extra log sector to ensure
25985edc 132 * there's space to accommodate this possibility.
36adecff 133 */
69ce58f0
AE		 134 if (nbblks > 1 && log->l_sectBBsize > 1)
135 nbblks += log->l_sectBBsize;
136 nbblks = round_up(nbblks, log->l_sectBBsize);
36adecff 137
e70b73f8 138 bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0);
c8da0faf
CH		 139 if (bp)
140 xfs_buf_unlock(bp);
141 return bp;
1da177e4
LT		 142}
143
5d77c0dc 144STATIC void
1da177e4
LT		 145xlog_put_bp(
146 xfs_buf_t *bp)
147{
148 xfs_buf_free(bp);
149}
150
48389ef1
AE		 151/*
152 * Return the address of the start of the given block number's data
153 * in a log buffer. The buffer covers a log sector-aligned region.
154 */
b2a922cd 155STATIC char *
076e6acb 156xlog_align(
9a8d2fdb 157 struct xlog *log,
076e6acb
CH		 158 xfs_daddr_t blk_no,
159 int nbblks,
9a8d2fdb 160 struct xfs_buf *bp)
076e6acb 161{
fdc07f44 162 xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1);
076e6acb 163
4e94b71b 164 ASSERT(offset + nbblks <= bp->b_length);
62926044 165 return bp->b_addr + BBTOB(offset);
076e6acb
CH		 166}
167
1da177e4
LT		 168
169/*
170 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
171 */
076e6acb
CH		 172STATIC int
173xlog_bread_noalign(
9a8d2fdb 174 struct xlog *log,
1da177e4
LT		 175 xfs_daddr_t blk_no,
176 int nbblks,
9a8d2fdb 177 struct xfs_buf *bp)
1da177e4
LT		 178{
179 int error;
180
ff30a622 181 if (!xlog_buf_bbcount_valid(log, nbblks)) {
a0fa2b67 182 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
ff30a622
AE		 183 nbblks);
184 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
2451337d 185 return -EFSCORRUPTED;
3228149c
DC		 186 }
187
69ce58f0
AE		 188 blk_no = round_down(blk_no, log->l_sectBBsize);
189 nbblks = round_up(nbblks, log->l_sectBBsize);
1da177e4
LT		 190
191 ASSERT(nbblks > 0);
4e94b71b 192 ASSERT(nbblks <= bp->b_length);
1da177e4
LT		 193
194 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
0cac682f 195 bp->b_flags |= XBF_READ;
aa0e8833 196 bp->b_io_length = nbblks;
0e95f19a 197 bp->b_error = 0;
1da177e4 198
595bff75
DC		 199 error = xfs_buf_submit_wait(bp);
200 if (error && !XFS_FORCED_SHUTDOWN(log->l_mp))
901796af 201 xfs_buf_ioerror_alert(bp, __func__);
1da177e4
LT		 202 return error;
203}
204
076e6acb
CH		 205STATIC int
206xlog_bread(
9a8d2fdb 207 struct xlog *log,
076e6acb
CH		 208 xfs_daddr_t blk_no,
209 int nbblks,
9a8d2fdb 210 struct xfs_buf *bp,
b2a922cd 211 char **offset)
076e6acb
CH		 212{
213 int error;
214
215 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
216 if (error)
217 return error;
218
219 *offset = xlog_align(log, blk_no, nbblks, bp);
220 return 0;
221}
222
44396476
DC		 223/*
224 * Read at an offset into the buffer. Returns with the buffer in it's original
225 * state regardless of the result of the read.
226 */
227STATIC int
228xlog_bread_offset(
9a8d2fdb 229 struct xlog *log,
44396476
DC		 230 xfs_daddr_t blk_no, /* block to read from */
231 int nbblks, /* blocks to read */
9a8d2fdb 232 struct xfs_buf *bp,
b2a922cd 233 char *offset)
44396476 234{
b2a922cd 235 char *orig_offset = bp->b_addr;
4e94b71b 236 int orig_len = BBTOB(bp->b_length);
44396476
DC		 237 int error, error2;
238
02fe03d9 239 error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks));
44396476
DC		 240 if (error)
241 return error;
242
243 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
244
245 /* must reset buffer pointer even on error */
02fe03d9 246 error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len);
44396476
DC		 247 if (error)
248 return error;
249 return error2;
250}
251
1da177e4
LT		 252/*
253 * Write out the buffer at the given block for the given number of blocks.
254 * The buffer is kept locked across the write and is returned locked.
255 * This can only be used for synchronous log writes.
256 */
ba0f32d4 257STATIC int
1da177e4 258xlog_bwrite(
9a8d2fdb 259 struct xlog *log,
1da177e4
LT		 260 xfs_daddr_t blk_no,
261 int nbblks,
9a8d2fdb 262 struct xfs_buf *bp)
1da177e4
LT		 263{
264 int error;
265
ff30a622 266 if (!xlog_buf_bbcount_valid(log, nbblks)) {
a0fa2b67 267 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
ff30a622
AE		 268 nbblks);
269 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
2451337d 270 return -EFSCORRUPTED;
3228149c
DC		 271 }
272
69ce58f0
AE		 273 blk_no = round_down(blk_no, log->l_sectBBsize);
274 nbblks = round_up(nbblks, log->l_sectBBsize);
1da177e4
LT		 275
276 ASSERT(nbblks > 0);
4e94b71b 277 ASSERT(nbblks <= bp->b_length);
1da177e4
LT		 278
279 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
72790aa1 280 xfs_buf_hold(bp);
0c842ad4 281 xfs_buf_lock(bp);
aa0e8833 282 bp->b_io_length = nbblks;
0e95f19a 283 bp->b_error = 0;
1da177e4 284
c2b006c1 285 error = xfs_bwrite(bp);
901796af
CH		 286 if (error)
287 xfs_buf_ioerror_alert(bp, __func__);
c2b006c1 288 xfs_buf_relse(bp);
1da177e4
LT		 289 return error;
290}
291
1da177e4
LT		 292#ifdef DEBUG
293/*
294 * dump debug superblock and log record information
295 */
296STATIC void
297xlog_header_check_dump(
298 xfs_mount_t *mp,
299 xlog_rec_header_t *head)
300{
08e96e1a 301 xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d",
03daa57c 302 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
08e96e1a 303 xfs_debug(mp, " log : uuid = %pU, fmt = %d",
03daa57c 304 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
1da177e4
LT		 305}
306#else
307#define xlog_header_check_dump(mp, head)
308#endif
309
310/*
311 * check log record header for recovery
312 */
313STATIC int
314xlog_header_check_recover(
315 xfs_mount_t *mp,
316 xlog_rec_header_t *head)
317{
69ef921b 318 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
1da177e4
LT		 319
320 /*
321 * IRIX doesn't write the h_fmt field and leaves it zeroed
322 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
323 * a dirty log created in IRIX.
324 */
69ef921b 325 if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) {
a0fa2b67
DC		 326 xfs_warn(mp,
327 "dirty log written in incompatible format - can't recover");
1da177e4
LT		 328 xlog_header_check_dump(mp, head);
329 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
330 XFS_ERRLEVEL_HIGH, mp);
2451337d 331 return -EFSCORRUPTED;
1da177e4 332 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
a0fa2b67
DC		 333 xfs_warn(mp,
334 "dirty log entry has mismatched uuid - can't recover");
1da177e4
LT		 335 xlog_header_check_dump(mp, head);
336 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
337 XFS_ERRLEVEL_HIGH, mp);
2451337d 338 return -EFSCORRUPTED;
1da177e4
LT		 339 }
340 return 0;
341}
342
343/*
344 * read the head block of the log and check the header
345 */
346STATIC int
347xlog_header_check_mount(
348 xfs_mount_t *mp,
349 xlog_rec_header_t *head)
350{
69ef921b 351 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
1da177e4
LT		 352
353 if (uuid_is_nil(&head->h_fs_uuid)) {
354 /*
355 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
356 * h_fs_uuid is nil, we assume this log was last mounted
357 * by IRIX and continue.
358 */
a0fa2b67 359 xfs_warn(mp, "nil uuid in log - IRIX style log");
1da177e4 360 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
a0fa2b67 361 xfs_warn(mp, "log has mismatched uuid - can't recover");
1da177e4
LT		 362 xlog_header_check_dump(mp, head);
363 XFS_ERROR_REPORT("xlog_header_check_mount",
364 XFS_ERRLEVEL_HIGH, mp);
2451337d 365 return -EFSCORRUPTED;
1da177e4
LT		 366 }
367 return 0;
368}
369
370STATIC void
371xlog_recover_iodone(
372 struct xfs_buf *bp)
373{
5a52c2a5 374 if (bp->b_error) {
1da177e4
LT		 375 /*
376 * We're not going to bother about retrying
377 * this during recovery. One strike!
378 */
595bff75
DC		 379 if (!XFS_FORCED_SHUTDOWN(bp->b_target->bt_mount)) {
380 xfs_buf_ioerror_alert(bp, __func__);
381 xfs_force_shutdown(bp->b_target->bt_mount,
382 SHUTDOWN_META_IO_ERROR);
383 }
1da177e4 384 }
60a4a222
BF		 385
386 /*
387 * On v5 supers, a bli could be attached to update the metadata LSN.
388 * Clean it up.
389 */
390 if (bp->b_fspriv)
391 xfs_buf_item_relse(bp);
392 ASSERT(bp->b_fspriv == NULL);
393
cb669ca5 394 bp->b_iodone = NULL;
e8aaba9a 395 xfs_buf_ioend(bp);
1da177e4
LT		 396}
397
398/*
399 * This routine finds (to an approximation) the first block in the physical
400 * log which contains the given cycle. It uses a binary search algorithm.
401 * Note that the algorithm can not be perfect because the disk will not
402 * necessarily be perfect.
403 */
a8272ce0 404STATIC int
1da177e4 405xlog_find_cycle_start(
9a8d2fdb
MT		 406 struct xlog *log,
407 struct xfs_buf *bp,
1da177e4
LT		 408 xfs_daddr_t first_blk,
409 xfs_daddr_t *last_blk,
410 uint cycle)
411{
b2a922cd 412 char *offset;
1da177e4 413 xfs_daddr_t mid_blk;
e3bb2e30 414 xfs_daddr_t end_blk;
1da177e4
LT		 415 uint mid_cycle;
416 int error;
417
e3bb2e30
AE		 418 end_blk = *last_blk;
419 mid_blk = BLK_AVG(first_blk, end_blk);
420 while (mid_blk != first_blk && mid_blk != end_blk) {
076e6acb
CH		 421 error = xlog_bread(log, mid_blk, 1, bp, &offset);
422 if (error)
1da177e4 423 return error;
03bea6fe 424 mid_cycle = xlog_get_cycle(offset);
e3bb2e30
AE		 425 if (mid_cycle == cycle)
426 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
427 else
428 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
429 mid_blk = BLK_AVG(first_blk, end_blk);
1da177e4 430 }
e3bb2e30
AE		 431 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
432 (mid_blk == end_blk && mid_blk-1 == first_blk));
433
434 *last_blk = end_blk;
1da177e4
LT		 435
436 return 0;
437}
438
439/*
3f943d85
AE		 440 * Check that a range of blocks does not contain stop_on_cycle_no.
441 * Fill in *new_blk with the block offset where such a block is
442 * found, or with -1 (an invalid block number) if there is no such
443 * block in the range. The scan needs to occur from front to back
444 * and the pointer into the region must be updated since a later
445 * routine will need to perform another test.
1da177e4
LT		 446 */
447STATIC int
448xlog_find_verify_cycle(
9a8d2fdb 449 struct xlog *log,
1da177e4
LT		 450 xfs_daddr_t start_blk,
451 int nbblks,
452 uint stop_on_cycle_no,
453 xfs_daddr_t *new_blk)
454{
455 xfs_daddr_t i, j;
456 uint cycle;
457 xfs_buf_t *bp;
458 xfs_daddr_t bufblks;
b2a922cd 459 char *buf = NULL;
1da177e4
LT		 460 int error = 0;
461
6881a229
AE		 462 /*
463 * Greedily allocate a buffer big enough to handle the full
464 * range of basic blocks we'll be examining. If that fails,
465 * try a smaller size. We need to be able to read at least
466 * a log sector, or we're out of luck.
467 */
1da177e4 468 bufblks = 1 << ffs(nbblks);
81158e0c
DC		 469 while (bufblks > log->l_logBBsize)
470 bufblks >>= 1;
1da177e4 471 while (!(bp = xlog_get_bp(log, bufblks))) {
1da177e4 472 bufblks >>= 1;
69ce58f0 473 if (bufblks < log->l_sectBBsize)
2451337d 474 return -ENOMEM;
1da177e4
LT		 475 }
476
477 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
478 int bcount;
479
480 bcount = min(bufblks, (start_blk + nbblks - i));
481
076e6acb
CH		 482 error = xlog_bread(log, i, bcount, bp, &buf);
483 if (error)
1da177e4
LT		 484 goto out;
485
1da177e4 486 for (j = 0; j < bcount; j++) {
03bea6fe 487 cycle = xlog_get_cycle(buf);
1da177e4
LT		 488 if (cycle == stop_on_cycle_no) {
489 *new_blk = i+j;
490 goto out;
491 }
492
493 buf += BBSIZE;
494 }
495 }
496
497 *new_blk = -1;
498
499out:
500 xlog_put_bp(bp);
501 return error;
502}
503
504/*
505 * Potentially backup over partial log record write.
506 *
507 * In the typical case, last_blk is the number of the block directly after
508 * a good log record. Therefore, we subtract one to get the block number
509 * of the last block in the given buffer. extra_bblks contains the number
510 * of blocks we would have read on a previous read. This happens when the
511 * last log record is split over the end of the physical log.
512 *
513 * extra_bblks is the number of blocks potentially verified on a previous
514 * call to this routine.
515 */
516STATIC int
517xlog_find_verify_log_record(
9a8d2fdb 518 struct xlog *log,
1da177e4
LT		 519 xfs_daddr_t start_blk,
520 xfs_daddr_t *last_blk,
521 int extra_bblks)
522{
523 xfs_daddr_t i;
524 xfs_buf_t *bp;
b2a922cd 525 char *offset = NULL;
1da177e4
LT		 526 xlog_rec_header_t *head = NULL;
527 int error = 0;
528 int smallmem = 0;
529 int num_blks = *last_blk - start_blk;
530 int xhdrs;
531
532 ASSERT(start_blk != 0 || *last_blk != start_blk);
533
534 if (!(bp = xlog_get_bp(log, num_blks))) {
535 if (!(bp = xlog_get_bp(log, 1)))
2451337d 536 return -ENOMEM;
1da177e4
LT		 537 smallmem = 1;
538 } else {
076e6acb
CH		 539 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
540 if (error)
1da177e4 541 goto out;
1da177e4
LT		 542 offset += ((num_blks - 1) << BBSHIFT);
543 }
544
545 for (i = (*last_blk) - 1; i >= 0; i--) {
546 if (i < start_blk) {
547 /* valid log record not found */
a0fa2b67
DC		 548 xfs_warn(log->l_mp,
549 "Log inconsistent (didn't find previous header)");
1da177e4 550 ASSERT(0);
2451337d 551 error = -EIO;
1da177e4
LT		 552 goto out;
553 }
554
555 if (smallmem) {
076e6acb
CH		 556 error = xlog_bread(log, i, 1, bp, &offset);
557 if (error)
1da177e4 558 goto out;
1da177e4
LT		 559 }
560
561 head = (xlog_rec_header_t *)offset;
562
69ef921b 563 if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
1da177e4
LT		 564 break;
565
566 if (!smallmem)
567 offset -= BBSIZE;
568 }
569
570 /*
571 * We hit the beginning of the physical log & still no header. Return
572 * to caller. If caller can handle a return of -1, then this routine
573 * will be called again for the end of the physical log.
574 */
575 if (i == -1) {
2451337d 576 error = 1;
1da177e4
LT		 577 goto out;
578 }
579
580 /*
581 * We have the final block of the good log (the first block
582 * of the log record _before_ the head. So we check the uuid.
583 */
584 if ((error = xlog_header_check_mount(log->l_mp, head)))
585 goto out;
586
587 /*
588 * We may have found a log record header before we expected one.
589 * last_blk will be the 1st block # with a given cycle #. We may end
590 * up reading an entire log record. In this case, we don't want to
591 * reset last_blk. Only when last_blk points in the middle of a log
592 * record do we update last_blk.
593 */
62118709 594 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
b53e675d 595 uint h_size = be32_to_cpu(head->h_size);
1da177e4
LT		 596
597 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
598 if (h_size % XLOG_HEADER_CYCLE_SIZE)
599 xhdrs++;
600 } else {
601 xhdrs = 1;
602 }
603
b53e675d
CH		 604 if (*last_blk - i + extra_bblks !=
605 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
1da177e4
LT		 606 *last_blk = i;
607
608out:
609 xlog_put_bp(bp);
610 return error;
611}
612
613/*
614 * Head is defined to be the point of the log where the next log write
0a94da24 615 * could go. This means that incomplete LR writes at the end are
1da177e4
LT		 616 * eliminated when calculating the head. We aren't guaranteed that previous
617 * LR have complete transactions. We only know that a cycle number of
618 * current cycle number -1 won't be present in the log if we start writing
619 * from our current block number.
620 *
621 * last_blk contains the block number of the first block with a given
622 * cycle number.
623 *
624 * Return: zero if normal, non-zero if error.
625 */
ba0f32d4 626STATIC int
1da177e4 627xlog_find_head(
9a8d2fdb 628 struct xlog *log,
1da177e4
LT		 629 xfs_daddr_t *return_head_blk)
630{
631 xfs_buf_t *bp;
b2a922cd 632 char *offset;
1da177e4
LT		 633 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
634 int num_scan_bblks;
635 uint first_half_cycle, last_half_cycle;
636 uint stop_on_cycle;
637 int error, log_bbnum = log->l_logBBsize;
638
639 /* Is the end of the log device zeroed? */
2451337d
DC		 640 error = xlog_find_zeroed(log, &first_blk);
641 if (error < 0) {
642 xfs_warn(log->l_mp, "empty log check failed");
643 return error;
644 }
645 if (error == 1) {
1da177e4
LT		 646 *return_head_blk = first_blk;
647
648 /* Is the whole lot zeroed? */
649 if (!first_blk) {
650 /* Linux XFS shouldn't generate totally zeroed logs -
651 * mkfs etc write a dummy unmount record to a fresh
652 * log so we can store the uuid in there
653 */
a0fa2b67 654 xfs_warn(log->l_mp, "totally zeroed log");
1da177e4
LT		 655 }
656
657 return 0;
1da177e4
LT		 658 }
659
660 first_blk = 0; /* get cycle # of 1st block */
661 bp = xlog_get_bp(log, 1);
662 if (!bp)
2451337d 663 return -ENOMEM;
076e6acb
CH		 664
665 error = xlog_bread(log, 0, 1, bp, &offset);
666 if (error)
1da177e4 667 goto bp_err;
076e6acb 668
03bea6fe 669 first_half_cycle = xlog_get_cycle(offset);
1da177e4
LT		 670
671 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
076e6acb
CH		 672 error = xlog_bread(log, last_blk, 1, bp, &offset);
673 if (error)
1da177e4 674 goto bp_err;
076e6acb 675
03bea6fe 676 last_half_cycle = xlog_get_cycle(offset);
1da177e4
LT		 677 ASSERT(last_half_cycle != 0);
678
679 /*
680 * If the 1st half cycle number is equal to the last half cycle number,
681 * then the entire log is stamped with the same cycle number. In this
682 * case, head_blk can't be set to zero (which makes sense). The below
683 * math doesn't work out properly with head_blk equal to zero. Instead,
684 * we set it to log_bbnum which is an invalid block number, but this
685 * value makes the math correct. If head_blk doesn't changed through
686 * all the tests below, *head_blk is set to zero at the very end rather
687 * than log_bbnum. In a sense, log_bbnum and zero are the same block
688 * in a circular file.
689 */
690 if (first_half_cycle == last_half_cycle) {
691 /*
692 * In this case we believe that the entire log should have
693 * cycle number last_half_cycle. We need to scan backwards
694 * from the end verifying that there are no holes still
695 * containing last_half_cycle - 1. If we find such a hole,
696 * then the start of that hole will be the new head. The
697 * simple case looks like
698 * x | x ... | x - 1 | x
699 * Another case that fits this picture would be
700 * x | x + 1 | x ... | x
c41564b5 701 * In this case the head really is somewhere at the end of the
1da177e4
LT		 702 * log, as one of the latest writes at the beginning was
703 * incomplete.
704 * One more case is
705 * x | x + 1 | x ... | x - 1 | x
706 * This is really the combination of the above two cases, and
707 * the head has to end up at the start of the x-1 hole at the
708 * end of the log.
709 *
710 * In the 256k log case, we will read from the beginning to the
711 * end of the log and search for cycle numbers equal to x-1.
712 * We don't worry about the x+1 blocks that we encounter,
713 * because we know that they cannot be the head since the log
714 * started with x.
715 */
716 head_blk = log_bbnum;
717 stop_on_cycle = last_half_cycle - 1;
718 } else {
719 /*
720 * In this case we want to find the first block with cycle
721 * number matching last_half_cycle. We expect the log to be
722 * some variation on
3f943d85 723 * x + 1 ... | x ... | x
1da177e4
LT		 724 * The first block with cycle number x (last_half_cycle) will
725 * be where the new head belongs. First we do a binary search
726 * for the first occurrence of last_half_cycle. The binary
727 * search may not be totally accurate, so then we scan back
728 * from there looking for occurrences of last_half_cycle before
729 * us. If that backwards scan wraps around the beginning of
730 * the log, then we look for occurrences of last_half_cycle - 1
731 * at the end of the log. The cases we're looking for look
732 * like
3f943d85
AE		 733 * v binary search stopped here
734 * x + 1 ... | x | x + 1 | x ... | x
735 * ^ but we want to locate this spot
1da177e4 736 * or
1da177e4 737 * <---------> less than scan distance
3f943d85
AE		 738 * x + 1 ... | x ... | x - 1 | x
739 * ^ we want to locate this spot
1da177e4
LT		 740 */
741 stop_on_cycle = last_half_cycle;
742 if ((error = xlog_find_cycle_start(log, bp, first_blk,
743 &head_blk, last_half_cycle)))
744 goto bp_err;
745 }
746
747 /*
748 * Now validate the answer. Scan back some number of maximum possible
749 * blocks and make sure each one has the expected cycle number. The
750 * maximum is determined by the total possible amount of buffering
751 * in the in-core log. The following number can be made tighter if
752 * we actually look at the block size of the filesystem.
753 */
754 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
755 if (head_blk >= num_scan_bblks) {
756 /*
757 * We are guaranteed that the entire check can be performed
758 * in one buffer.
759 */
760 start_blk = head_blk - num_scan_bblks;
761 if ((error = xlog_find_verify_cycle(log,
762 start_blk, num_scan_bblks,
763 stop_on_cycle, &new_blk)))
764 goto bp_err;
765 if (new_blk != -1)
766 head_blk = new_blk;
767 } else { /* need to read 2 parts of log */
768 /*
769 * We are going to scan backwards in the log in two parts.
770 * First we scan the physical end of the log. In this part
771 * of the log, we are looking for blocks with cycle number
772 * last_half_cycle - 1.
773 * If we find one, then we know that the log starts there, as
774 * we've found a hole that didn't get written in going around
775 * the end of the physical log. The simple case for this is
776 * x + 1 ... | x ... | x - 1 | x
777 * <---------> less than scan distance
778 * If all of the blocks at the end of the log have cycle number
779 * last_half_cycle, then we check the blocks at the start of
780 * the log looking for occurrences of last_half_cycle. If we
781 * find one, then our current estimate for the location of the
782 * first occurrence of last_half_cycle is wrong and we move
783 * back to the hole we've found. This case looks like
784 * x + 1 ... | x | x + 1 | x ...
785 * ^ binary search stopped here
786 * Another case we need to handle that only occurs in 256k
787 * logs is
788 * x + 1 ... | x ... | x+1 | x ...
789 * ^ binary search stops here
790 * In a 256k log, the scan at the end of the log will see the
791 * x + 1 blocks. We need to skip past those since that is
792 * certainly not the head of the log. By searching for
793 * last_half_cycle-1 we accomplish that.
794 */
1da177e4 795 ASSERT(head_blk <= INT_MAX &&
3f943d85
AE		 796 (xfs_daddr_t) num_scan_bblks >= head_blk);
797 start_blk = log_bbnum - (num_scan_bblks - head_blk);
1da177e4
LT		 798 if ((error = xlog_find_verify_cycle(log, start_blk,
799 num_scan_bblks - (int)head_blk,
800 (stop_on_cycle - 1), &new_blk)))
801 goto bp_err;
802 if (new_blk != -1) {
803 head_blk = new_blk;
9db127ed 804 goto validate_head;
1da177e4
LT		 805 }
806
807 /*
808 * Scan beginning of log now. The last part of the physical
809 * log is good. This scan needs to verify that it doesn't find
810 * the last_half_cycle.
811 */
812 start_blk = 0;
813 ASSERT(head_blk <= INT_MAX);
814 if ((error = xlog_find_verify_cycle(log,
815 start_blk, (int)head_blk,
816 stop_on_cycle, &new_blk)))
817 goto bp_err;
818 if (new_blk != -1)
819 head_blk = new_blk;
820 }
821
9db127ed 822validate_head:
1da177e4
LT		 823 /*
824 * Now we need to make sure head_blk is not pointing to a block in
825 * the middle of a log record.
826 */
827 num_scan_bblks = XLOG_REC_SHIFT(log);
828 if (head_blk >= num_scan_bblks) {
829 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
830
831 /* start ptr at last block ptr before head_blk */
2451337d
DC		 832 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
833 if (error == 1)
834 error = -EIO;
835 if (error)
1da177e4
LT		 836 goto bp_err;
837 } else {
838 start_blk = 0;
839 ASSERT(head_blk <= INT_MAX);
2451337d
DC		 840 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
841 if (error < 0)
842 goto bp_err;
843 if (error == 1) {
1da177e4 844 /* We hit the beginning of the log during our search */
3f943d85 845 start_blk = log_bbnum - (num_scan_bblks - head_blk);
1da177e4
LT		 846 new_blk = log_bbnum;
847 ASSERT(start_blk <= INT_MAX &&
848 (xfs_daddr_t) log_bbnum-start_blk >= 0);
849 ASSERT(head_blk <= INT_MAX);
2451337d
DC		 850 error = xlog_find_verify_log_record(log, start_blk,
851 &new_blk, (int)head_blk);
852 if (error == 1)
853 error = -EIO;
854 if (error)
1da177e4
LT		 855 goto bp_err;
856 if (new_blk != log_bbnum)
857 head_blk = new_blk;
858 } else if (error)
859 goto bp_err;
860 }
861
862 xlog_put_bp(bp);
863 if (head_blk == log_bbnum)
864 *return_head_blk = 0;
865 else
866 *return_head_blk = head_blk;
867 /*
868 * When returning here, we have a good block number. Bad block
869 * means that during a previous crash, we didn't have a clean break
870 * from cycle number N to cycle number N-1. In this case, we need
871 * to find the first block with cycle number N-1.
872 */
873 return 0;
874
875 bp_err:
876 xlog_put_bp(bp);
877
878 if (error)
a0fa2b67 879 xfs_warn(log->l_mp, "failed to find log head");
1da177e4
LT		 880 return error;
881}
882
eed6b462
BF		 883/*
884 * Seek backwards in the log for log record headers.
885 *
886 * Given a starting log block, walk backwards until we find the provided number
887 * of records or hit the provided tail block. The return value is the number of
888 * records encountered or a negative error code. The log block and buffer
889 * pointer of the last record seen are returned in rblk and rhead respectively.
890 */
891STATIC int
892xlog_rseek_logrec_hdr(
893 struct xlog *log,
894 xfs_daddr_t head_blk,
895 xfs_daddr_t tail_blk,
896 int count,
897 struct xfs_buf *bp,
898 xfs_daddr_t *rblk,
899 struct xlog_rec_header **rhead,
900 bool *wrapped)
901{
902 int i;
903 int error;
904 int found = 0;
905 char *offset = NULL;
906 xfs_daddr_t end_blk;
907
908 *wrapped = false;
909
910 /*
911 * Walk backwards from the head block until we hit the tail or the first
912 * block in the log.
913 */
914 end_blk = head_blk > tail_blk ? tail_blk : 0;
915 for (i = (int) head_blk - 1; i >= end_blk; i--) {
916 error = xlog_bread(log, i, 1, bp, &offset);
917 if (error)
918 goto out_error;
919
920 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
921 *rblk = i;
922 *rhead = (struct xlog_rec_header *) offset;
923 if (++found == count)
924 break;
925 }
926 }
927
928 /*
929 * If we haven't hit the tail block or the log record header count,
930 * start looking again from the end of the physical log. Note that
931 * callers can pass head == tail if the tail is not yet known.
932 */
933 if (tail_blk >= head_blk && found != count) {
934 for (i = log->l_logBBsize - 1; i >= (int) tail_blk; i--) {
935 error = xlog_bread(log, i, 1, bp, &offset);
936 if (error)
937 goto out_error;
938
939 if (*(__be32 *)offset ==
940 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
941 *wrapped = true;
942 *rblk = i;
943 *rhead = (struct xlog_rec_header *) offset;
944 if (++found == count)
945 break;
946 }
947 }
948 }
949
950 return found;
951
952out_error:
953 return error;
954}
955
7088c413
BF		 956/*
957 * Seek forward in the log for log record headers.
958 *
959 * Given head and tail blocks, walk forward from the tail block until we find
960 * the provided number of records or hit the head block. The return value is the
961 * number of records encountered or a negative error code. The log block and
962 * buffer pointer of the last record seen are returned in rblk and rhead
963 * respectively.
964 */
965STATIC int
966xlog_seek_logrec_hdr(
967 struct xlog *log,
968 xfs_daddr_t head_blk,
969 xfs_daddr_t tail_blk,
970 int count,
971 struct xfs_buf *bp,
972 xfs_daddr_t *rblk,
973 struct xlog_rec_header **rhead,
974 bool *wrapped)
975{
976 int i;
977 int error;
978 int found = 0;
979 char *offset = NULL;
980 xfs_daddr_t end_blk;
981
982 *wrapped = false;
983
984 /*
985 * Walk forward from the tail block until we hit the head or the last
986 * block in the log.
987 */
988 end_blk = head_blk > tail_blk ? head_blk : log->l_logBBsize - 1;
989 for (i = (int) tail_blk; i <= end_blk; i++) {
990 error = xlog_bread(log, i, 1, bp, &offset);
991 if (error)
992 goto out_error;
993
994 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
995 *rblk = i;
996 *rhead = (struct xlog_rec_header *) offset;
997 if (++found == count)
998 break;
999 }
1000 }
1001
1002 /*
1003 * If we haven't hit the head block or the log record header count,
1004 * start looking again from the start of the physical log.
1005 */
1006 if (tail_blk > head_blk && found != count) {
1007 for (i = 0; i < (int) head_blk; i++) {
1008 error = xlog_bread(log, i, 1, bp, &offset);
1009 if (error)
1010 goto out_error;
1011
1012 if (*(__be32 *)offset ==
1013 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
1014 *wrapped = true;
1015 *rblk = i;
1016 *rhead = (struct xlog_rec_header *) offset;
1017 if (++found == count)
1018 break;
1019 }
1020 }
1021 }
1022
1023 return found;
1024
1025out_error:
1026 return error;
1027}
1028
1029/*
1030 * Check the log tail for torn writes. This is required when torn writes are
1031 * detected at the head and the head had to be walked back to a previous record.
1032 * The tail of the previous record must now be verified to ensure the torn
1033 * writes didn't corrupt the previous tail.
1034 *
1035 * Return an error if CRC verification fails as recovery cannot proceed.
1036 */
1037STATIC int
1038xlog_verify_tail(
1039 struct xlog *log,
1040 xfs_daddr_t head_blk,
1041 xfs_daddr_t tail_blk)
1042{
1043 struct xlog_rec_header *thead;
1044 struct xfs_buf *bp;
1045 xfs_daddr_t first_bad;
1046 int count;
1047 int error = 0;
1048 bool wrapped;
1049 xfs_daddr_t tmp_head;
1050
1051 bp = xlog_get_bp(log, 1);
1052 if (!bp)
1053 return -ENOMEM;
1054
1055 /*
1056 * Seek XLOG_MAX_ICLOGS + 1 records past the current tail record to get
1057 * a temporary head block that points after the last possible
1058 * concurrently written record of the tail.
1059 */
1060 count = xlog_seek_logrec_hdr(log, head_blk, tail_blk,
1061 XLOG_MAX_ICLOGS + 1, bp, &tmp_head, &thead,
1062 &wrapped);
1063 if (count < 0) {
1064 error = count;
1065 goto out;
1066 }
1067
1068 /*
1069 * If the call above didn't find XLOG_MAX_ICLOGS + 1 records, we ran
1070 * into the actual log head. tmp_head points to the start of the record
1071 * so update it to the actual head block.
1072 */
1073 if (count < XLOG_MAX_ICLOGS + 1)
1074 tmp_head = head_blk;
1075
1076 /*
1077 * We now have a tail and temporary head block that covers at least
1078 * XLOG_MAX_ICLOGS records from the tail. We need to verify that these
1079 * records were completely written. Run a CRC verification pass from
1080 * tail to head and return the result.
1081 */
1082 error = xlog_do_recovery_pass(log, tmp_head, tail_blk,
1083 XLOG_RECOVER_CRCPASS, &first_bad);
1084
1085out:
1086 xlog_put_bp(bp);
1087 return error;
1088}
1089
1090/*
1091 * Detect and trim torn writes from the head of the log.
1092 *
1093 * Storage without sector atomicity guarantees can result in torn writes in the
1094 * log in the event of a crash. Our only means to detect this scenario is via
1095 * CRC verification. While we can't always be certain that CRC verification
1096 * failure is due to a torn write vs. an unrelated corruption, we do know that
1097 * only a certain number (XLOG_MAX_ICLOGS) of log records can be written out at
1098 * one time. Therefore, CRC verify up to XLOG_MAX_ICLOGS records at the head of
1099 * the log and treat failures in this range as torn writes as a matter of
1100 * policy. In the event of CRC failure, the head is walked back to the last good
1101 * record in the log and the tail is updated from that record and verified.
1102 */
1103STATIC int
1104xlog_verify_head(
1105 struct xlog *log,
1106 xfs_daddr_t *head_blk, /* in/out: unverified head */
1107 xfs_daddr_t *tail_blk, /* out: tail block */
1108 struct xfs_buf *bp,
1109 xfs_daddr_t *rhead_blk, /* start blk of last record */
1110 struct xlog_rec_header **rhead, /* ptr to last record */
1111 bool *wrapped) /* last rec. wraps phys. log */
1112{
1113 struct xlog_rec_header *tmp_rhead;
1114 struct xfs_buf *tmp_bp;
1115 xfs_daddr_t first_bad;
1116 xfs_daddr_t tmp_rhead_blk;
1117 int found;
1118 int error;
1119 bool tmp_wrapped;
1120
1121 /*
82ff6cc2
BF		 1122 * Check the head of the log for torn writes. Search backwards from the
1123 * head until we hit the tail or the maximum number of log record I/Os
1124 * that could have been in flight at one time. Use a temporary buffer so
1125 * we don't trash the rhead/bp pointers from the caller.
7088c413
BF		 1126 */
1127 tmp_bp = xlog_get_bp(log, 1);
1128 if (!tmp_bp)
1129 return -ENOMEM;
1130 error = xlog_rseek_logrec_hdr(log, *head_blk, *tail_blk,
1131 XLOG_MAX_ICLOGS, tmp_bp, &tmp_rhead_blk,
1132 &tmp_rhead, &tmp_wrapped);
1133 xlog_put_bp(tmp_bp);
1134 if (error < 0)
1135 return error;
1136
1137 /*
1138 * Now run a CRC verification pass over the records starting at the
1139 * block found above to the current head. If a CRC failure occurs, the
1140 * log block of the first bad record is saved in first_bad.
1141 */
1142 error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk,
1143 XLOG_RECOVER_CRCPASS, &first_bad);
1144 if (error == -EFSBADCRC) {
1145 /*
1146 * We've hit a potential torn write. Reset the error and warn
1147 * about it.
1148 */
1149 error = 0;
1150 xfs_warn(log->l_mp,
1151"Torn write (CRC failure) detected at log block 0x%llx. Truncating head block from 0x%llx.",
1152 first_bad, *head_blk);
1153
1154 /*
1155 * Get the header block and buffer pointer for the last good
1156 * record before the bad record.
1157 *
1158 * Note that xlog_find_tail() clears the blocks at the new head
1159 * (i.e., the records with invalid CRC) if the cycle number
1160 * matches the the current cycle.
1161 */
1162 found = xlog_rseek_logrec_hdr(log, first_bad, *tail_blk, 1, bp,
1163 rhead_blk, rhead, wrapped);
1164 if (found < 0)
1165 return found;
1166 if (found == 0) /* XXX: right thing to do here? */
1167 return -EIO;
1168
1169 /*
1170 * Reset the head block to the starting block of the first bad
1171 * log record and set the tail block based on the last good
1172 * record.
1173 *
1174 * Bail out if the updated head/tail match as this indicates
1175 * possible corruption outside of the acceptable
1176 * (XLOG_MAX_ICLOGS) range. This is a job for xfs_repair...
1177 */
1178 *head_blk = first_bad;
1179 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1180 if (*head_blk == *tail_blk) {
1181 ASSERT(0);
1182 return 0;
1183 }
1184
1185 /*
1186 * Now verify the tail based on the updated head. This is
1187 * required because the torn writes trimmed from the head could
1188 * have been written over the tail of a previous record. Return
1189 * any errors since recovery cannot proceed if the tail is
1190 * corrupt.
1191 *
1192 * XXX: This leaves a gap in truly robust protection from torn
1193 * writes in the log. If the head is behind the tail, the tail
1194 * pushes forward to create some space and then a crash occurs
1195 * causing the writes into the previous record's tail region to
1196 * tear, log recovery isn't able to recover.
1197 *
1198 * How likely is this to occur? If possible, can we do something
1199 * more intelligent here? Is it safe to push the tail forward if
1200 * we can determine that the tail is within the range of the
1201 * torn write (e.g., the kernel can only overwrite the tail if
1202 * it has actually been pushed forward)? Alternatively, could we
1203 * somehow prevent this condition at runtime?
1204 */
1205 error = xlog_verify_tail(log, *head_blk, *tail_blk);
1206 }
1207
1208 return error;
1209}
1210
65b99a08
BF		 1211/*
1212 * Check whether the head of the log points to an unmount record. In other
1213 * words, determine whether the log is clean. If so, update the in-core state
1214 * appropriately.
1215 */
1216static int
1217xlog_check_unmount_rec(
1218 struct xlog *log,
1219 xfs_daddr_t *head_blk,
1220 xfs_daddr_t *tail_blk,
1221 struct xlog_rec_header *rhead,
1222 xfs_daddr_t rhead_blk,
1223 struct xfs_buf *bp,
1224 bool *clean)
1225{
1226 struct xlog_op_header *op_head;
1227 xfs_daddr_t umount_data_blk;
1228 xfs_daddr_t after_umount_blk;
1229 int hblks;
1230 int error;
1231 char *offset;
1232
1233 *clean = false;
1234
1235 /*
1236 * Look for unmount record. If we find it, then we know there was a
1237 * clean unmount. Since 'i' could be the last block in the physical
1238 * log, we convert to a log block before comparing to the head_blk.
1239 *
1240 * Save the current tail lsn to use to pass to xlog_clear_stale_blocks()
1241 * below. We won't want to clear the unmount record if there is one, so
1242 * we pass the lsn of the unmount record rather than the block after it.
1243 */
1244 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1245 int h_size = be32_to_cpu(rhead->h_size);
1246 int h_version = be32_to_cpu(rhead->h_version);
1247
1248 if ((h_version & XLOG_VERSION_2) &&
1249 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
1250 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
1251 if (h_size % XLOG_HEADER_CYCLE_SIZE)
1252 hblks++;
1253 } else {
1254 hblks = 1;
1255 }
1256 } else {
1257 hblks = 1;
1258 }
1259 after_umount_blk = rhead_blk + hblks + BTOBB(be32_to_cpu(rhead->h_len));
1260 after_umount_blk = do_mod(after_umount_blk, log->l_logBBsize);
1261 if (*head_blk == after_umount_blk &&
1262 be32_to_cpu(rhead->h_num_logops) == 1) {
1263 umount_data_blk = rhead_blk + hblks;
1264 umount_data_blk = do_mod(umount_data_blk, log->l_logBBsize);
1265 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
1266 if (error)
1267 return error;
1268
1269 op_head = (struct xlog_op_header *)offset;
1270 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
1271 /*
1272 * Set tail and last sync so that newly written log
1273 * records will point recovery to after the current
1274 * unmount record.
1275 */
1276 xlog_assign_atomic_lsn(&log->l_tail_lsn,
1277 log->l_curr_cycle, after_umount_blk);
1278 xlog_assign_atomic_lsn(&log->l_last_sync_lsn,
1279 log->l_curr_cycle, after_umount_blk);
1280 *tail_blk = after_umount_blk;
1281
1282 *clean = true;
1283 }
1284 }
1285
1286 return 0;
1287}
1288
717bc0eb
BF		 1289static void
1290xlog_set_state(
1291 struct xlog *log,
1292 xfs_daddr_t head_blk,
1293 struct xlog_rec_header *rhead,
1294 xfs_daddr_t rhead_blk,
1295 bool bump_cycle)
1296{
1297 /*
1298 * Reset log values according to the state of the log when we
1299 * crashed. In the case where head_blk == 0, we bump curr_cycle
1300 * one because the next write starts a new cycle rather than
1301 * continuing the cycle of the last good log record. At this
1302 * point we have guaranteed that all partial log records have been
1303 * accounted for. Therefore, we know that the last good log record
1304 * written was complete and ended exactly on the end boundary
1305 * of the physical log.
1306 */
1307 log->l_prev_block = rhead_blk;
1308 log->l_curr_block = (int)head_blk;
1309 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
1310 if (bump_cycle)
1311 log->l_curr_cycle++;
1312 atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn));
1313 atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn));
1314 xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle,
1315 BBTOB(log->l_curr_block));
1316 xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle,
1317 BBTOB(log->l_curr_block));
1318}
1319
1da177e4
LT		 1320/*
1321 * Find the sync block number or the tail of the log.
1322 *
1323 * This will be the block number of the last record to have its
1324 * associated buffers synced to disk. Every log record header has
1325 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
1326 * to get a sync block number. The only concern is to figure out which
1327 * log record header to believe.
1328 *
1329 * The following algorithm uses the log record header with the largest
1330 * lsn. The entire log record does not need to be valid. We only care
1331 * that the header is valid.
1332 *
1333 * We could speed up search by using current head_blk buffer, but it is not
1334 * available.
1335 */
5d77c0dc 1336STATIC int
1da177e4 1337xlog_find_tail(
9a8d2fdb 1338 struct xlog *log,
1da177e4 1339 xfs_daddr_t *head_blk,
65be6054 1340 xfs_daddr_t *tail_blk)
1da177e4
LT		 1341{
1342 xlog_rec_header_t *rhead;
b2a922cd 1343 char *offset = NULL;
1da177e4 1344 xfs_buf_t *bp;
7088c413 1345 int error;
7088c413 1346 xfs_daddr_t rhead_blk;
1da177e4 1347 xfs_lsn_t tail_lsn;
eed6b462 1348 bool wrapped = false;
65b99a08 1349 bool clean = false;
1da177e4
LT		 1350
1351 /*
1352 * Find previous log record
1353 */
1354 if ((error = xlog_find_head(log, head_blk)))
1355 return error;
82ff6cc2 1356 ASSERT(*head_blk < INT_MAX);
1da177e4
LT		 1357
1358 bp = xlog_get_bp(log, 1);
1359 if (!bp)
2451337d 1360 return -ENOMEM;
1da177e4 1361 if (*head_blk == 0) { /* special case */
076e6acb
CH		 1362 error = xlog_bread(log, 0, 1, bp, &offset);
1363 if (error)
9db127ed 1364 goto done;
076e6acb 1365
03bea6fe 1366 if (xlog_get_cycle(offset) == 0) {
1da177e4
LT		 1367 *tail_blk = 0;
1368 /* leave all other log inited values alone */
9db127ed 1369 goto done;
1da177e4
LT		 1370 }
1371 }
1372
1373 /*
82ff6cc2
BF		 1374 * Search backwards through the log looking for the log record header
1375 * block. This wraps all the way back around to the head so something is
1376 * seriously wrong if we can't find it.
1da177e4 1377 */
82ff6cc2
BF		 1378 error = xlog_rseek_logrec_hdr(log, *head_blk, *head_blk, 1, bp,
1379 &rhead_blk, &rhead, &wrapped);
1380 if (error < 0)
1381 return error;
1382 if (!error) {
1383 xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__);
1384 return -EIO;
1385 }
1386 *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn));
1da177e4
LT		 1387
1388 /*
717bc0eb 1389 * Set the log state based on the current head record.
1da177e4 1390 */
717bc0eb 1391 xlog_set_state(log, *head_blk, rhead, rhead_blk, wrapped);
65b99a08 1392 tail_lsn = atomic64_read(&log->l_tail_lsn);
1da177e4
LT		 1393
1394 /*
65b99a08
BF		 1395 * Look for an unmount record at the head of the log. This sets the log
1396 * state to determine whether recovery is necessary.
1da177e4 1397 */
65b99a08
BF		 1398 error = xlog_check_unmount_rec(log, head_blk, tail_blk, rhead,
1399 rhead_blk, bp, &clean);
1400 if (error)
1401 goto done;
1da177e4
LT		 1402
1403 /*
7f6aff3a
BF		 1404 * Verify the log head if the log is not clean (e.g., we have anything
1405 * but an unmount record at the head). This uses CRC verification to
1406 * detect and trim torn writes. If discovered, CRC failures are
1407 * considered torn writes and the log head is trimmed accordingly.
1da177e4 1408 *
7f6aff3a
BF		 1409 * Note that we can only run CRC verification when the log is dirty
1410 * because there's no guarantee that the log data behind an unmount
1411 * record is compatible with the current architecture.
1da177e4 1412 */
7f6aff3a
BF		 1413 if (!clean) {
1414 xfs_daddr_t orig_head = *head_blk;
1da177e4 1415
7f6aff3a
BF		 1416 error = xlog_verify_head(log, head_blk, tail_blk, bp,
1417 &rhead_blk, &rhead, &wrapped);
076e6acb 1418 if (error)
9db127ed 1419 goto done;
076e6acb 1420
7f6aff3a
BF		 1421 /* update in-core state again if the head changed */
1422 if (*head_blk != orig_head) {
1423 xlog_set_state(log, *head_blk, rhead, rhead_blk,
1424 wrapped);
1425 tail_lsn = atomic64_read(&log->l_tail_lsn);
1426 error = xlog_check_unmount_rec(log, head_blk, tail_blk,
1427 rhead, rhead_blk, bp,
1428 &clean);
1429 if (error)
1430 goto done;
1da177e4
LT		 1431 }
1432 }
1433
65b99a08
BF		 1434 /*
1435 * Note that the unmount was clean. If the unmount was not clean, we
1436 * need to know this to rebuild the superblock counters from the perag
1437 * headers if we have a filesystem using non-persistent counters.
1438 */
1439 if (clean)
1440 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1da177e4
LT		 1441
1442 /*
1443 * Make sure that there are no blocks in front of the head
1444 * with the same cycle number as the head. This can happen
1445 * because we allow multiple outstanding log writes concurrently,
1446 * and the later writes might make it out before earlier ones.
1447 *
1448 * We use the lsn from before modifying it so that we'll never
1449 * overwrite the unmount record after a clean unmount.
1450 *
1451 * Do this only if we are going to recover the filesystem
1452 *
1453 * NOTE: This used to say "if (!readonly)"
1454 * However on Linux, we can & do recover a read-only filesystem.
1455 * We only skip recovery if NORECOVERY is specified on mount,
1456 * in which case we would not be here.
1457 *
1458 * But... if the -device- itself is readonly, just skip this.
1459 * We can't recover this device anyway, so it won't matter.
1460 */
9db127ed 1461 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1da177e4 1462 error = xlog_clear_stale_blocks(log, tail_lsn);
1da177e4 1463
9db127ed 1464done:
1da177e4
LT		 1465 xlog_put_bp(bp);
1466
1467 if (error)
a0fa2b67 1468 xfs_warn(log->l_mp, "failed to locate log tail");
1da177e4
LT		 1469 return error;
1470}
1471
1472/*
1473 * Is the log zeroed at all?
1474 *
1475 * The last binary search should be changed to perform an X block read
1476 * once X becomes small enough. You can then search linearly through
1477 * the X blocks. This will cut down on the number of reads we need to do.
1478 *
1479 * If the log is partially zeroed, this routine will pass back the blkno
1480 * of the first block with cycle number 0. It won't have a complete LR
1481 * preceding it.
1482 *
1483 * Return:
1484 * 0 => the log is completely written to
2451337d
DC		 1485 * 1 => use *blk_no as the first block of the log
1486 * <0 => error has occurred
1da177e4 1487 */
a8272ce0 1488STATIC int
1da177e4 1489xlog_find_zeroed(
9a8d2fdb 1490 struct xlog *log,
1da177e4
LT		 1491 xfs_daddr_t *blk_no)
1492{
1493 xfs_buf_t *bp;
b2a922cd 1494 char *offset;
1da177e4
LT		 1495 uint first_cycle, last_cycle;
1496 xfs_daddr_t new_blk, last_blk, start_blk;
1497 xfs_daddr_t num_scan_bblks;
1498 int error, log_bbnum = log->l_logBBsize;
1499
6fdf8ccc
NS		 1500 *blk_no = 0;
1501
1da177e4
LT		 1502 /* check totally zeroed log */
1503 bp = xlog_get_bp(log, 1);
1504 if (!bp)
2451337d 1505 return -ENOMEM;
076e6acb
CH		 1506 error = xlog_bread(log, 0, 1, bp, &offset);
1507 if (error)
1da177e4 1508 goto bp_err;
076e6acb 1509
03bea6fe 1510 first_cycle = xlog_get_cycle(offset);
1da177e4
LT		 1511 if (first_cycle == 0) { /* completely zeroed log */
1512 *blk_no = 0;
1513 xlog_put_bp(bp);
2451337d 1514 return 1;
1da177e4
LT		 1515 }
1516
1517 /* check partially zeroed log */
076e6acb
CH		 1518 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1519 if (error)
1da177e4 1520 goto bp_err;
076e6acb 1521
03bea6fe 1522 last_cycle = xlog_get_cycle(offset);
1da177e4
LT		 1523 if (last_cycle != 0) { /* log completely written to */
1524 xlog_put_bp(bp);
1525 return 0;
1526 } else if (first_cycle != 1) {
1527 /*
1528 * If the cycle of the last block is zero, the cycle of
1529 * the first block must be 1. If it's not, maybe we're
1530 * not looking at a log... Bail out.
1531 */
a0fa2b67
DC		 1532 xfs_warn(log->l_mp,
1533 "Log inconsistent or not a log (last==0, first!=1)");
2451337d 1534 error = -EINVAL;
5d0a6549 1535 goto bp_err;
1da177e4
LT		 1536 }
1537
1538 /* we have a partially zeroed log */
1539 last_blk = log_bbnum-1;
1540 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1541 goto bp_err;
1542
1543 /*
1544 * Validate the answer. Because there is no way to guarantee that
1545 * the entire log is made up of log records which are the same size,
1546 * we scan over the defined maximum blocks. At this point, the maximum
1547 * is not chosen to mean anything special. XXXmiken
1548 */
1549 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1550 ASSERT(num_scan_bblks <= INT_MAX);
1551
1552 if (last_blk < num_scan_bblks)
1553 num_scan_bblks = last_blk;
1554 start_blk = last_blk - num_scan_bblks;
1555
1556 /*
1557 * We search for any instances of cycle number 0 that occur before
1558 * our current estimate of the head. What we're trying to detect is
1559 * 1 ... | 0 | 1 | 0...
1560 * ^ binary search ends here
1561 */
1562 if ((error = xlog_find_verify_cycle(log, start_blk,
1563 (int)num_scan_bblks, 0, &new_blk)))
1564 goto bp_err;
1565 if (new_blk != -1)
1566 last_blk = new_blk;
1567
1568 /*
1569 * Potentially backup over partial log record write. We don't need
1570 * to search the end of the log because we know it is zero.
1571 */
2451337d
DC		 1572 error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0);
1573 if (error == 1)
1574 error = -EIO;
1575 if (error)
1576 goto bp_err;
1da177e4
LT		 1577
1578 *blk_no = last_blk;
1579bp_err:
1580 xlog_put_bp(bp);
1581 if (error)
1582 return error;
2451337d 1583 return 1;
1da177e4
LT		 1584}
1585
1586/*
1587 * These are simple subroutines used by xlog_clear_stale_blocks() below
1588 * to initialize a buffer full of empty log record headers and write
1589 * them into the log.
1590 */
1591STATIC void
1592xlog_add_record(
9a8d2fdb 1593 struct xlog *log,
b2a922cd 1594 char *buf,
1da177e4
LT		 1595 int cycle,
1596 int block,
1597 int tail_cycle,
1598 int tail_block)
1599{
1600 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1601
1602 memset(buf, 0, BBSIZE);
b53e675d
CH		 1603 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1604 recp->h_cycle = cpu_to_be32(cycle);
1605 recp->h_version = cpu_to_be32(
62118709 1606 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
b53e675d
CH		 1607 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1608 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1609 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1da177e4
LT		 1610 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1611}
1612
1613STATIC int
1614xlog_write_log_records(
9a8d2fdb 1615 struct xlog *log,
1da177e4
LT		 1616 int cycle,
1617 int start_block,
1618 int blocks,
1619 int tail_cycle,
1620 int tail_block)
1621{
b2a922cd 1622 char *offset;
1da177e4
LT		 1623 xfs_buf_t *bp;
1624 int balign, ealign;
69ce58f0 1625 int sectbb = log->l_sectBBsize;
1da177e4
LT		 1626 int end_block = start_block + blocks;
1627 int bufblks;
1628 int error = 0;
1629 int i, j = 0;
1630
6881a229
AE		 1631 /*
1632 * Greedily allocate a buffer big enough to handle the full
1633 * range of basic blocks to be written. If that fails, try
1634 * a smaller size. We need to be able to write at least a
1635 * log sector, or we're out of luck.
1636 */
1da177e4 1637 bufblks = 1 << ffs(blocks);
81158e0c
DC		 1638 while (bufblks > log->l_logBBsize)
1639 bufblks >>= 1;
1da177e4
LT		 1640 while (!(bp = xlog_get_bp(log, bufblks))) {
1641 bufblks >>= 1;
69ce58f0 1642 if (bufblks < sectbb)
2451337d 1643 return -ENOMEM;
1da177e4
LT		 1644 }
1645
1646 /* We may need to do a read at the start to fill in part of
1647 * the buffer in the starting sector not covered by the first
1648 * write below.
1649 */
5c17f533 1650 balign = round_down(start_block, sectbb);
1da177e4 1651 if (balign != start_block) {
076e6acb
CH		 1652 error = xlog_bread_noalign(log, start_block, 1, bp);
1653 if (error)
1654 goto out_put_bp;
1655
1da177e4
LT		 1656 j = start_block - balign;
1657 }
1658
1659 for (i = start_block; i < end_block; i += bufblks) {
1660 int bcount, endcount;
1661
1662 bcount = min(bufblks, end_block - start_block);
1663 endcount = bcount - j;
1664
1665 /* We may need to do a read at the end to fill in part of
1666 * the buffer in the final sector not covered by the write.
1667 * If this is the same sector as the above read, skip it.
1668 */
5c17f533 1669 ealign = round_down(end_block, sectbb);
1da177e4 1670 if (j == 0 && (start_block + endcount > ealign)) {
62926044 1671 offset = bp->b_addr + BBTOB(ealign - start_block);
44396476
DC		 1672 error = xlog_bread_offset(log, ealign, sectbb,
1673 bp, offset);
076e6acb
CH		 1674 if (error)
1675 break;
1676
1da177e4
LT		 1677 }
1678
1679 offset = xlog_align(log, start_block, endcount, bp);
1680 for (; j < endcount; j++) {
1681 xlog_add_record(log, offset, cycle, i+j,
1682 tail_cycle, tail_block);
1683 offset += BBSIZE;
1684 }
1685 error = xlog_bwrite(log, start_block, endcount, bp);
1686 if (error)
1687 break;
1688 start_block += endcount;
1689 j = 0;
1690 }
076e6acb
CH		 1691
1692 out_put_bp:
1da177e4
LT		 1693 xlog_put_bp(bp);
1694 return error;
1695}
1696
1697/*
1698 * This routine is called to blow away any incomplete log writes out
1699 * in front of the log head. We do this so that we won't become confused
1700 * if we come up, write only a little bit more, and then crash again.
1701 * If we leave the partial log records out there, this situation could
1702 * cause us to think those partial writes are valid blocks since they
1703 * have the current cycle number. We get rid of them by overwriting them
1704 * with empty log records with the old cycle number rather than the
1705 * current one.
1706 *
1707 * The tail lsn is passed in rather than taken from
1708 * the log so that we will not write over the unmount record after a
1709 * clean unmount in a 512 block log. Doing so would leave the log without
1710 * any valid log records in it until a new one was written. If we crashed
1711 * during that time we would not be able to recover.
1712 */
1713STATIC int
1714xlog_clear_stale_blocks(
9a8d2fdb 1715 struct xlog *log,
1da177e4
LT		 1716 xfs_lsn_t tail_lsn)
1717{
1718 int tail_cycle, head_cycle;
1719 int tail_block, head_block;
1720 int tail_distance, max_distance;
1721 int distance;
1722 int error;
1723
1724 tail_cycle = CYCLE_LSN(tail_lsn);
1725 tail_block = BLOCK_LSN(tail_lsn);
1726 head_cycle = log->l_curr_cycle;
1727 head_block = log->l_curr_block;
1728
1729 /*
1730 * Figure out the distance between the new head of the log
1731 * and the tail. We want to write over any blocks beyond the
1732 * head that we may have written just before the crash, but
1733 * we don't want to overwrite the tail of the log.
1734 */
1735 if (head_cycle == tail_cycle) {
1736 /*
1737 * The tail is behind the head in the physical log,
1738 * so the distance from the head to the tail is the
1739 * distance from the head to the end of the log plus
1740 * the distance from the beginning of the log to the
1741 * tail.
1742 */
1743 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1744 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1745 XFS_ERRLEVEL_LOW, log->l_mp);
2451337d 1746 return -EFSCORRUPTED;
1da177e4
LT		 1747 }
1748 tail_distance = tail_block + (log->l_logBBsize - head_block);
1749 } else {
1750 /*
1751 * The head is behind the tail in the physical log,
1752 * so the distance from the head to the tail is just
1753 * the tail block minus the head block.
1754 */
1755 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1756 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1757 XFS_ERRLEVEL_LOW, log->l_mp);
2451337d 1758 return -EFSCORRUPTED;
1da177e4
LT		 1759 }
1760 tail_distance = tail_block - head_block;
1761 }
1762
1763 /*
1764 * If the head is right up against the tail, we can't clear
1765 * anything.
1766 */
1767 if (tail_distance <= 0) {
1768 ASSERT(tail_distance == 0);
1769 return 0;
1770 }
1771
1772 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1773 /*
1774 * Take the smaller of the maximum amount of outstanding I/O
1775 * we could have and the distance to the tail to clear out.
1776 * We take the smaller so that we don't overwrite the tail and
1777 * we don't waste all day writing from the head to the tail
1778 * for no reason.
1779 */
1780 max_distance = MIN(max_distance, tail_distance);
1781
1782 if ((head_block + max_distance) <= log->l_logBBsize) {
1783 /*
1784 * We can stomp all the blocks we need to without
1785 * wrapping around the end of the log. Just do it
1786 * in a single write. Use the cycle number of the
1787 * current cycle minus one so that the log will look like:
1788 * n ... | n - 1 ...
1789 */
1790 error = xlog_write_log_records(log, (head_cycle - 1),
1791 head_block, max_distance, tail_cycle,
1792 tail_block);
1793 if (error)
1794 return error;
1795 } else {
1796 /*
1797 * We need to wrap around the end of the physical log in
1798 * order to clear all the blocks. Do it in two separate
1799 * I/Os. The first write should be from the head to the
1800 * end of the physical log, and it should use the current
1801 * cycle number minus one just like above.
1802 */
1803 distance = log->l_logBBsize - head_block;
1804 error = xlog_write_log_records(log, (head_cycle - 1),
1805 head_block, distance, tail_cycle,
1806 tail_block);
1807
1808 if (error)
1809 return error;
1810
1811 /*
1812 * Now write the blocks at the start of the physical log.
1813 * This writes the remainder of the blocks we want to clear.
1814 * It uses the current cycle number since we're now on the
1815 * same cycle as the head so that we get:
1816 * n ... n ... | n - 1 ...
1817 * ^^^^^ blocks we're writing
1818 */
1819 distance = max_distance - (log->l_logBBsize - head_block);
1820 error = xlog_write_log_records(log, head_cycle, 0, distance,
1821 tail_cycle, tail_block);
1822 if (error)
1823 return error;
1824 }
1825
1826 return 0;
1827}
1828
1829/******************************************************************************
1830 *
1831 * Log recover routines
1832 *
1833 ******************************************************************************
1834 */
1835
f0a76953 1836/*
a775ad77
DC		 1837 * Sort the log items in the transaction.
1838 *
1839 * The ordering constraints are defined by the inode allocation and unlink
1840 * behaviour. The rules are:
1841 *
1842 * 1. Every item is only logged once in a given transaction. Hence it
1843 * represents the last logged state of the item. Hence ordering is
1844 * dependent on the order in which operations need to be performed so
1845 * required initial conditions are always met.
1846 *
1847 * 2. Cancelled buffers are recorded in pass 1 in a separate table and
1848 * there's nothing to replay from them so we can simply cull them
1849 * from the transaction. However, we can't do that until after we've
1850 * replayed all the other items because they may be dependent on the
1851 * cancelled buffer and replaying the cancelled buffer can remove it
1852 * form the cancelled buffer table. Hence they have tobe done last.
1853 *
1854 * 3. Inode allocation buffers must be replayed before inode items that
28c8e41a
DC		 1855 * read the buffer and replay changes into it. For filesystems using the
1856 * ICREATE transactions, this means XFS_LI_ICREATE objects need to get
1857 * treated the same as inode allocation buffers as they create and
1858 * initialise the buffers directly.
a775ad77
DC		 1859 *
1860 * 4. Inode unlink buffers must be replayed after inode items are replayed.
1861 * This ensures that inodes are completely flushed to the inode buffer
1862 * in a "free" state before we remove the unlinked inode list pointer.
1863 *
1864 * Hence the ordering needs to be inode allocation buffers first, inode items
1865 * second, inode unlink buffers third and cancelled buffers last.
1866 *
1867 * But there's a problem with that - we can't tell an inode allocation buffer
1868 * apart from a regular buffer, so we can't separate them. We can, however,
1869 * tell an inode unlink buffer from the others, and so we can separate them out
1870 * from all the other buffers and move them to last.
1871 *
1872 * Hence, 4 lists, in order from head to tail:
28c8e41a
DC		 1873 * - buffer_list for all buffers except cancelled/inode unlink buffers
1874 * - item_list for all non-buffer items
1875 * - inode_buffer_list for inode unlink buffers
1876 * - cancel_list for the cancelled buffers
1877 *
1878 * Note that we add objects to the tail of the lists so that first-to-last
1879 * ordering is preserved within the lists. Adding objects to the head of the
1880 * list means when we traverse from the head we walk them in last-to-first
1881 * order. For cancelled buffers and inode unlink buffers this doesn't matter,
1882 * but for all other items there may be specific ordering that we need to
1883 * preserve.
f0a76953 1884 */
1da177e4
LT		 1885STATIC int
1886xlog_recover_reorder_trans(
ad223e60
MT		 1887 struct xlog *log,
1888 struct xlog_recover *trans,
9abbc539 1889 int pass)
1da177e4 1890{
f0a76953 1891 xlog_recover_item_t *item, *n;
2a84108f 1892 int error = 0;
f0a76953 1893 LIST_HEAD(sort_list);
a775ad77
DC		 1894 LIST_HEAD(cancel_list);
1895 LIST_HEAD(buffer_list);
1896 LIST_HEAD(inode_buffer_list);
1897 LIST_HEAD(inode_list);
f0a76953
DC		 1898
1899 list_splice_init(&trans->r_itemq, &sort_list);
1900 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
4e0d5f92 1901 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1da177e4 1902
f0a76953 1903 switch (ITEM_TYPE(item)) {
28c8e41a
DC		 1904 case XFS_LI_ICREATE:
1905 list_move_tail(&item->ri_list, &buffer_list);
1906 break;
1da177e4 1907 case XFS_LI_BUF:
a775ad77 1908 if (buf_f->blf_flags & XFS_BLF_CANCEL) {
9abbc539
DC		 1909 trace_xfs_log_recover_item_reorder_head(log,
1910 trans, item, pass);
a775ad77 1911 list_move(&item->ri_list, &cancel_list);
1da177e4
LT		 1912 break;
1913 }
a775ad77
DC		 1914 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1915 list_move(&item->ri_list, &inode_buffer_list);
1916 break;
1917 }
1918 list_move_tail(&item->ri_list, &buffer_list);
1919 break;
1da177e4 1920 case XFS_LI_INODE:
1da177e4
LT		 1921 case XFS_LI_DQUOT:
1922 case XFS_LI_QUOTAOFF:
1923 case XFS_LI_EFD:
1924 case XFS_LI_EFI:
9e88b5d8
DW		 1925 case XFS_LI_RUI:
1926 case XFS_LI_RUD:
9abbc539
DC		 1927 trace_xfs_log_recover_item_reorder_tail(log,
1928 trans, item, pass);
a775ad77 1929 list_move_tail(&item->ri_list, &inode_list);
1da177e4
LT		 1930 break;
1931 default:
a0fa2b67
DC		 1932 xfs_warn(log->l_mp,
1933 "%s: unrecognized type of log operation",
1934 __func__);
1da177e4 1935 ASSERT(0);
2a84108f
MT		 1936 /*
1937 * return the remaining items back to the transaction
1938 * item list so they can be freed in caller.
1939 */
1940 if (!list_empty(&sort_list))
1941 list_splice_init(&sort_list, &trans->r_itemq);
2451337d 1942 error = -EIO;
2a84108f 1943 goto out;
1da177e4 1944 }
f0a76953 1945 }
2a84108f 1946out:
f0a76953 1947 ASSERT(list_empty(&sort_list));
a775ad77
DC		 1948 if (!list_empty(&buffer_list))
1949 list_splice(&buffer_list, &trans->r_itemq);
1950 if (!list_empty(&inode_list))
1951 list_splice_tail(&inode_list, &trans->r_itemq);
1952 if (!list_empty(&inode_buffer_list))
1953 list_splice_tail(&inode_buffer_list, &trans->r_itemq);
1954 if (!list_empty(&cancel_list))
1955 list_splice_tail(&cancel_list, &trans->r_itemq);
2a84108f 1956 return error;
1da177e4
LT		 1957}
1958
1959/*
1960 * Build up the table of buf cancel records so that we don't replay
1961 * cancelled data in the second pass. For buffer records that are
1962 * not cancel records, there is nothing to do here so we just return.
1963 *
1964 * If we get a cancel record which is already in the table, this indicates
1965 * that the buffer was cancelled multiple times. In order to ensure
1966 * that during pass 2 we keep the record in the table until we reach its
1967 * last occurrence in the log, we keep a reference count in the cancel
1968 * record in the table to tell us how many times we expect to see this
1969 * record during the second pass.
1970 */
c9f71f5f
CH		 1971STATIC int
1972xlog_recover_buffer_pass1(
ad223e60
MT		 1973 struct xlog *log,
1974 struct xlog_recover_item *item)
1da177e4 1975{
c9f71f5f 1976 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
d5689eaa
CH		 1977 struct list_head *bucket;
1978 struct xfs_buf_cancel *bcp;
1da177e4
LT		 1979
1980 /*
1981 * If this isn't a cancel buffer item, then just return.
1982 */
e2714bf8 1983 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
9abbc539 1984 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
c9f71f5f 1985 return 0;
9abbc539 1986 }
1da177e4
LT		 1987
1988 /*
d5689eaa
CH		 1989 * Insert an xfs_buf_cancel record into the hash table of them.
1990 * If there is already an identical record, bump its reference count.
1da177e4 1991 */
d5689eaa
CH		 1992 bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno);
1993 list_for_each_entry(bcp, bucket, bc_list) {
1994 if (bcp->bc_blkno == buf_f->blf_blkno &&
1995 bcp->bc_len == buf_f->blf_len) {
1996 bcp->bc_refcount++;
9abbc539 1997 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
c9f71f5f 1998 return 0;
1da177e4 1999 }
d5689eaa
CH		 2000 }
2001
2002 bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP);
2003 bcp->bc_blkno = buf_f->blf_blkno;
2004 bcp->bc_len = buf_f->blf_len;
1da177e4 2005 bcp->bc_refcount = 1;
d5689eaa
CH		 2006 list_add_tail(&bcp->bc_list, bucket);
2007
9abbc539 2008 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
c9f71f5f 2009 return 0;
1da177e4
LT		 2010}
2011
2012/*
2013 * Check to see whether the buffer being recovered has a corresponding
84a5b730
DC		 2014 * entry in the buffer cancel record table. If it is, return the cancel
2015 * buffer structure to the caller.
1da177e4 2016 */
84a5b730
DC		 2017STATIC struct xfs_buf_cancel *
2018xlog_peek_buffer_cancelled(
ad223e60 2019 struct xlog *log,
1da177e4
LT		 2020 xfs_daddr_t blkno,
2021 uint len,
2022 ushort flags)
2023{
d5689eaa
CH		 2024 struct list_head *bucket;
2025 struct xfs_buf_cancel *bcp;
1da177e4 2026
84a5b730
DC		 2027 if (!log->l_buf_cancel_table) {
2028 /* empty table means no cancelled buffers in the log */
c1155410 2029 ASSERT(!(flags & XFS_BLF_CANCEL));
84a5b730 2030 return NULL;
1da177e4
LT		 2031 }
2032
d5689eaa
CH		 2033 bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno);
2034 list_for_each_entry(bcp, bucket, bc_list) {
2035 if (bcp->bc_blkno == blkno && bcp->bc_len == len)
84a5b730 2036 return bcp;
1da177e4 2037 }
d5689eaa 2038
1da177e4 2039 /*
d5689eaa
CH		 2040 * We didn't find a corresponding entry in the table, so return 0 so
2041 * that the buffer is NOT cancelled.
1da177e4 2042 */
c1155410 2043 ASSERT(!(flags & XFS_BLF_CANCEL));
84a5b730
DC		 2044 return NULL;
2045}
2046
2047/*
2048 * If the buffer is being cancelled then return 1 so that it will be cancelled,
2049 * otherwise return 0. If the buffer is actually a buffer cancel item
2050 * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the
2051 * table and remove it from the table if this is the last reference.
2052 *
2053 * We remove the cancel record from the table when we encounter its last
2054 * occurrence in the log so that if the same buffer is re-used again after its
2055 * last cancellation we actually replay the changes made at that point.
2056 */
2057STATIC int
2058xlog_check_buffer_cancelled(
2059 struct xlog *log,
2060 xfs_daddr_t blkno,
2061 uint len,
2062 ushort flags)
2063{
2064 struct xfs_buf_cancel *bcp;
2065
2066 bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags);
2067 if (!bcp)
2068 return 0;
d5689eaa 2069
d5689eaa
CH		 2070 /*
2071 * We've go a match, so return 1 so that the recovery of this buffer
2072 * is cancelled. If this buffer is actually a buffer cancel log
2073 * item, then decrement the refcount on the one in the table and
2074 * remove it if this is the last reference.
2075 */
2076 if (flags & XFS_BLF_CANCEL) {
2077 if (--bcp->bc_refcount == 0) {
2078 list_del(&bcp->bc_list);
2079 kmem_free(bcp);
2080 }
2081 }
2082 return 1;
1da177e4
LT		 2083}
2084
1da177e4 2085/*
e2714bf8
CH		 2086 * Perform recovery for a buffer full of inodes. In these buffers, the only
2087 * data which should be recovered is that which corresponds to the
2088 * di_next_unlinked pointers in the on disk inode structures. The rest of the
2089 * data for the inodes is always logged through the inodes themselves rather
2090 * than the inode buffer and is recovered in xlog_recover_inode_pass2().
1da177e4 2091 *
e2714bf8
CH		 2092 * The only time when buffers full of inodes are fully recovered is when the
2093 * buffer is full of newly allocated inodes. In this case the buffer will
2094 * not be marked as an inode buffer and so will be sent to
2095 * xlog_recover_do_reg_buffer() below during recovery.
1da177e4
LT		 2096 */
2097STATIC int
2098xlog_recover_do_inode_buffer(
e2714bf8 2099 struct xfs_mount *mp,
1da177e4 2100 xlog_recover_item_t *item,
e2714bf8 2101 struct xfs_buf *bp,
1da177e4
LT		 2102 xfs_buf_log_format_t *buf_f)
2103{
2104 int i;
e2714bf8
CH		 2105 int item_index = 0;
2106 int bit = 0;
2107 int nbits = 0;
2108 int reg_buf_offset = 0;
2109 int reg_buf_bytes = 0;
1da177e4
LT		 2110 int next_unlinked_offset;
2111 int inodes_per_buf;
2112 xfs_agino_t *logged_nextp;
2113 xfs_agino_t *buffer_nextp;
1da177e4 2114
9abbc539 2115 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
9222a9cf
DC		 2116
2117 /*
2118 * Post recovery validation only works properly on CRC enabled
2119 * filesystems.
2120 */
2121 if (xfs_sb_version_hascrc(&mp->m_sb))
2122 bp->b_ops = &xfs_inode_buf_ops;
9abbc539 2123
aa0e8833 2124 inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog;
1da177e4
LT		 2125 for (i = 0; i < inodes_per_buf; i++) {
2126 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
2127 offsetof(xfs_dinode_t, di_next_unlinked);
2128
2129 while (next_unlinked_offset >=
2130 (reg_buf_offset + reg_buf_bytes)) {
2131 /*
2132 * The next di_next_unlinked field is beyond
2133 * the current logged region. Find the next
2134 * logged region that contains or is beyond
2135 * the current di_next_unlinked field.
2136 */
2137 bit += nbits;
e2714bf8
CH		 2138 bit = xfs_next_bit(buf_f->blf_data_map,
2139 buf_f->blf_map_size, bit);
1da177e4
LT		 2140
2141 /*
2142 * If there are no more logged regions in the
2143 * buffer, then we're done.
2144 */
e2714bf8 2145 if (bit == -1)
1da177e4 2146 return 0;
1da177e4 2147
e2714bf8
CH		 2148 nbits = xfs_contig_bits(buf_f->blf_data_map,
2149 buf_f->blf_map_size, bit);
1da177e4 2150 ASSERT(nbits > 0);
c1155410
DC		 2151 reg_buf_offset = bit << XFS_BLF_SHIFT;
2152 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
1da177e4
LT		 2153 item_index++;
2154 }
2155
2156 /*
2157 * If the current logged region starts after the current
2158 * di_next_unlinked field, then move on to the next
2159 * di_next_unlinked field.
2160 */
e2714bf8 2161 if (next_unlinked_offset < reg_buf_offset)
1da177e4 2162 continue;
1da177e4
LT		 2163
2164 ASSERT(item->ri_buf[item_index].i_addr != NULL);
c1155410 2165 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
aa0e8833
DC		 2166 ASSERT((reg_buf_offset + reg_buf_bytes) <=
2167 BBTOB(bp->b_io_length));
1da177e4
LT		 2168
2169 /*
2170 * The current logged region contains a copy of the
2171 * current di_next_unlinked field. Extract its value
2172 * and copy it to the buffer copy.
2173 */
4e0d5f92
CH		 2174 logged_nextp = item->ri_buf[item_index].i_addr +
2175 next_unlinked_offset - reg_buf_offset;
1da177e4 2176 if (unlikely(*logged_nextp == 0)) {
a0fa2b67
DC		 2177 xfs_alert(mp,
2178 "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). "
2179 "Trying to replay bad (0) inode di_next_unlinked field.",
1da177e4
LT		 2180 item, bp);
2181 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
2182 XFS_ERRLEVEL_LOW, mp);
2451337d 2183 return -EFSCORRUPTED;
1da177e4
LT		 2184 }
2185
88ee2df7 2186 buffer_nextp = xfs_buf_offset(bp, next_unlinked_offset);
87c199c2 2187 *buffer_nextp = *logged_nextp;
0a32c26e
DC		 2188
2189 /*
2190 * If necessary, recalculate the CRC in the on-disk inode. We
2191 * have to leave the inode in a consistent state for whoever
2192 * reads it next....
2193 */
88ee2df7 2194 xfs_dinode_calc_crc(mp,
0a32c26e
DC		 2195 xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize));
2196
1da177e4
LT		 2197 }
2198
2199 return 0;
2200}
2201
50d5c8d8
DC		 2202/*
2203 * V5 filesystems know the age of the buffer on disk being recovered. We can
2204 * have newer objects on disk than we are replaying, and so for these cases we
2205 * don't want to replay the current change as that will make the buffer contents
2206 * temporarily invalid on disk.
2207 *
2208 * The magic number might not match the buffer type we are going to recover
2209 * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence
2210 * extract the LSN of the existing object in the buffer based on it's current
2211 * magic number. If we don't recognise the magic number in the buffer, then
2212 * return a LSN of -1 so that the caller knows it was an unrecognised block and
2213 * so can recover the buffer.
566055d3
DC		 2214 *
2215 * Note: we cannot rely solely on magic number matches to determine that the
2216 * buffer has a valid LSN - we also need to verify that it belongs to this
2217 * filesystem, so we need to extract the object's LSN and compare it to that
2218 * which we read from the superblock. If the UUIDs don't match, then we've got a
2219 * stale metadata block from an old filesystem instance that we need to recover
2220 * over the top of.
50d5c8d8
DC		 2221 */
2222static xfs_lsn_t
2223xlog_recover_get_buf_lsn(
2224 struct xfs_mount *mp,
2225 struct xfs_buf *bp)
2226{
2227 __uint32_t magic32;
2228 __uint16_t magic16;
2229 __uint16_t magicda;
2230 void *blk = bp->b_addr;
566055d3
DC		 2231 uuid_t *uuid;
2232 xfs_lsn_t lsn = -1;
50d5c8d8
DC		 2233
2234 /* v4 filesystems always recover immediately */
2235 if (!xfs_sb_version_hascrc(&mp->m_sb))
2236 goto recover_immediately;
2237
2238 magic32 = be32_to_cpu(*(__be32 *)blk);
2239 switch (magic32) {
2240 case XFS_ABTB_CRC_MAGIC:
2241 case XFS_ABTC_CRC_MAGIC:
2242 case XFS_ABTB_MAGIC:
2243 case XFS_ABTC_MAGIC:
a650e8f9 2244 case XFS_RMAP_CRC_MAGIC:
50d5c8d8 2245 case XFS_IBT_CRC_MAGIC:
566055d3
DC		 2246 case XFS_IBT_MAGIC: {
2247 struct xfs_btree_block *btb = blk;
2248
2249 lsn = be64_to_cpu(btb->bb_u.s.bb_lsn);
2250 uuid = &btb->bb_u.s.bb_uuid;
2251 break;
2252 }
50d5c8d8 2253 case XFS_BMAP_CRC_MAGIC:
566055d3
DC		 2254 case XFS_BMAP_MAGIC: {
2255 struct xfs_btree_block *btb = blk;
2256
2257 lsn = be64_to_cpu(btb->bb_u.l.bb_lsn);
2258 uuid = &btb->bb_u.l.bb_uuid;
2259 break;
2260 }
50d5c8d8 2261 case XFS_AGF_MAGIC:
566055d3
DC		 2262 lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn);
2263 uuid = &((struct xfs_agf *)blk)->agf_uuid;
2264 break;
50d5c8d8 2265 case XFS_AGFL_MAGIC:
566055d3
DC		 2266 lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn);
2267 uuid = &((struct xfs_agfl *)blk)->agfl_uuid;
2268 break;
50d5c8d8 2269 case XFS_AGI_MAGIC:
566055d3
DC		 2270 lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn);
2271 uuid = &((struct xfs_agi *)blk)->agi_uuid;
2272 break;
50d5c8d8 2273 case XFS_SYMLINK_MAGIC:
566055d3
DC		 2274 lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn);
2275 uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid;
2276 break;
50d5c8d8
DC		 2277 case XFS_DIR3_BLOCK_MAGIC:
2278 case XFS_DIR3_DATA_MAGIC:
2279 case XFS_DIR3_FREE_MAGIC:
566055d3
DC		 2280 lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn);
2281 uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid;
2282 break;
50d5c8d8 2283 case XFS_ATTR3_RMT_MAGIC:
e3c32ee9
DC		 2284 /*
2285 * Remote attr blocks are written synchronously, rather than
2286 * being logged. That means they do not contain a valid LSN
2287 * (i.e. transactionally ordered) in them, and hence any time we
2288 * see a buffer to replay over the top of a remote attribute
2289 * block we should simply do so.
2290 */
2291 goto recover_immediately;
50d5c8d8 2292 case XFS_SB_MAGIC:
fcfbe2c4
DC		 2293 /*
2294 * superblock uuids are magic. We may or may not have a
2295 * sb_meta_uuid on disk, but it will be set in the in-core
2296 * superblock. We set the uuid pointer for verification
2297 * according to the superblock feature mask to ensure we check
2298 * the relevant UUID in the superblock.
2299 */
566055d3 2300 lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn);
fcfbe2c4
DC		 2301 if (xfs_sb_version_hasmetauuid(&mp->m_sb))
2302 uuid = &((struct xfs_dsb *)blk)->sb_meta_uuid;
2303 else
2304 uuid = &((struct xfs_dsb *)blk)->sb_uuid;
566055d3 2305 break;
50d5c8d8
DC		 2306 default:
2307 break;
2308 }
2309
566055d3 2310 if (lsn != (xfs_lsn_t)-1) {
fcfbe2c4 2311 if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid))
566055d3
DC		 2312 goto recover_immediately;
2313 return lsn;
2314 }
2315
50d5c8d8
DC		 2316 magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic);
2317 switch (magicda) {
2318 case XFS_DIR3_LEAF1_MAGIC:
2319 case XFS_DIR3_LEAFN_MAGIC:
2320 case XFS_DA3_NODE_MAGIC:
566055d3
DC		 2321 lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn);
2322 uuid = &((struct xfs_da3_blkinfo *)blk)->uuid;
2323 break;
50d5c8d8
DC		 2324 default:
2325 break;
2326 }
2327
566055d3
DC		 2328 if (lsn != (xfs_lsn_t)-1) {
2329 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
2330 goto recover_immediately;
2331 return lsn;
2332 }
2333
50d5c8d8
DC		 2334 /*
2335 * We do individual object checks on dquot and inode buffers as they
2336 * have their own individual LSN records. Also, we could have a stale
2337 * buffer here, so we have to at least recognise these buffer types.
2338 *
2339 * A notd complexity here is inode unlinked list processing - it logs
2340 * the inode directly in the buffer, but we don't know which inodes have
2341 * been modified, and there is no global buffer LSN. Hence we need to
2342 * recover all inode buffer types immediately. This problem will be
2343 * fixed by logical logging of the unlinked list modifications.
2344 */
2345 magic16 = be16_to_cpu(*(__be16 *)blk);
2346 switch (magic16) {
2347 case XFS_DQUOT_MAGIC:
2348 case XFS_DINODE_MAGIC:
2349 goto recover_immediately;
2350 default:
2351 break;
2352 }
2353
2354 /* unknown buffer contents, recover immediately */
2355
2356recover_immediately:
2357 return (xfs_lsn_t)-1;
2358
2359}
2360
1da177e4 2361/*
d75afeb3
DC		 2362 * Validate the recovered buffer is of the correct type and attach the
2363 * appropriate buffer operations to them for writeback. Magic numbers are in a
2364 * few places:
2365 * the first 16 bits of the buffer (inode buffer, dquot buffer),
2366 * the first 32 bits of the buffer (most blocks),
2367 * inside a struct xfs_da_blkinfo at the start of the buffer.
1da177e4 2368 */
d75afeb3 2369static void
50d5c8d8 2370xlog_recover_validate_buf_type(
9abbc539 2371 struct xfs_mount *mp,
e2714bf8 2372 struct xfs_buf *bp,
22db9af2
BF		 2373 xfs_buf_log_format_t *buf_f,
2374 xfs_lsn_t current_lsn)
1da177e4 2375{
d75afeb3
DC		 2376 struct xfs_da_blkinfo *info = bp->b_addr;
2377 __uint32_t magic32;
2378 __uint16_t magic16;
2379 __uint16_t magicda;
040c52c0 2380 char *warnmsg = NULL;
d75afeb3 2381
67dc288c
DC		 2382 /*
2383 * We can only do post recovery validation on items on CRC enabled
2384 * fielsystems as we need to know when the buffer was written to be able
2385 * to determine if we should have replayed the item. If we replay old
2386 * metadata over a newer buffer, then it will enter a temporarily
2387 * inconsistent state resulting in verification failures. Hence for now
2388 * just avoid the verification stage for non-crc filesystems
2389 */
2390 if (!xfs_sb_version_hascrc(&mp->m_sb))
2391 return;
2392
d75afeb3
DC		 2393 magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
2394 magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
2395 magicda = be16_to_cpu(info->magic);
61fe135c
DC		 2396 switch (xfs_blft_from_flags(buf_f)) {
2397 case XFS_BLFT_BTREE_BUF:
d75afeb3 2398 switch (magic32) {
ee1a47ab
CH		 2399 case XFS_ABTB_CRC_MAGIC:
2400 case XFS_ABTC_CRC_MAGIC:
2401 case XFS_ABTB_MAGIC:
2402 case XFS_ABTC_MAGIC:
2403 bp->b_ops = &xfs_allocbt_buf_ops;
2404 break;
2405 case XFS_IBT_CRC_MAGIC:
aafc3c24 2406 case XFS_FIBT_CRC_MAGIC:
ee1a47ab 2407 case XFS_IBT_MAGIC:
aafc3c24 2408 case XFS_FIBT_MAGIC:
ee1a47ab
CH		 2409 bp->b_ops = &xfs_inobt_buf_ops;
2410 break;
2411 case XFS_BMAP_CRC_MAGIC:
2412 case XFS_BMAP_MAGIC:
2413 bp->b_ops = &xfs_bmbt_buf_ops;
2414 break;
a650e8f9
DW		 2415 case XFS_RMAP_CRC_MAGIC:
2416 bp->b_ops = &xfs_rmapbt_buf_ops;
2417 break;
ee1a47ab 2418 default:
040c52c0 2419 warnmsg = "Bad btree block magic!";
ee1a47ab
CH		 2420 break;
2421 }
2422 break;
61fe135c 2423 case XFS_BLFT_AGF_BUF:
d75afeb3 2424 if (magic32 != XFS_AGF_MAGIC) {
040c52c0 2425 warnmsg = "Bad AGF block magic!";
4e0e6040
DC		 2426 break;
2427 }
2428 bp->b_ops = &xfs_agf_buf_ops;
2429 break;
61fe135c 2430 case XFS_BLFT_AGFL_BUF:
d75afeb3 2431 if (magic32 != XFS_AGFL_MAGIC) {
040c52c0 2432 warnmsg = "Bad AGFL block magic!";
77c95bba
CH		 2433 break;
2434 }
2435 bp->b_ops = &xfs_agfl_buf_ops;
2436 break;
61fe135c 2437 case XFS_BLFT_AGI_BUF:
d75afeb3 2438 if (magic32 != XFS_AGI_MAGIC) {
040c52c0 2439 warnmsg = "Bad AGI block magic!";
983d09ff
DC		 2440 break;
2441 }
2442 bp->b_ops = &xfs_agi_buf_ops;
2443 break;
61fe135c
DC		 2444 case XFS_BLFT_UDQUOT_BUF:
2445 case XFS_BLFT_PDQUOT_BUF:
2446 case XFS_BLFT_GDQUOT_BUF:
123887e8 2447#ifdef CONFIG_XFS_QUOTA
d75afeb3 2448 if (magic16 != XFS_DQUOT_MAGIC) {
040c52c0 2449 warnmsg = "Bad DQUOT block magic!";
3fe58f30
CH		 2450 break;
2451 }
2452 bp->b_ops = &xfs_dquot_buf_ops;
123887e8
DC		 2453#else
2454 xfs_alert(mp,
2455 "Trying to recover dquots without QUOTA support built in!");
2456 ASSERT(0);
2457#endif
3fe58f30 2458 break;
61fe135c 2459 case XFS_BLFT_DINO_BUF:
d75afeb3 2460 if (magic16 != XFS_DINODE_MAGIC) {
040c52c0 2461 warnmsg = "Bad INODE block magic!";
93848a99
CH		 2462 break;
2463 }
2464 bp->b_ops = &xfs_inode_buf_ops;
2465 break;
61fe135c 2466 case XFS_BLFT_SYMLINK_BUF:
d75afeb3 2467 if (magic32 != XFS_SYMLINK_MAGIC) {
040c52c0 2468 warnmsg = "Bad symlink block magic!";
f948dd76
DC		 2469 break;
2470 }
2471 bp->b_ops = &xfs_symlink_buf_ops;
2472 break;
61fe135c 2473 case XFS_BLFT_DIR_BLOCK_BUF:
d75afeb3
DC		 2474 if (magic32 != XFS_DIR2_BLOCK_MAGIC &&
2475 magic32 != XFS_DIR3_BLOCK_MAGIC) {
040c52c0 2476 warnmsg = "Bad dir block magic!";
d75afeb3
DC		 2477 break;
2478 }
2479 bp->b_ops = &xfs_dir3_block_buf_ops;
2480 break;
61fe135c 2481 case XFS_BLFT_DIR_DATA_BUF:
d75afeb3
DC		 2482 if (magic32 != XFS_DIR2_DATA_MAGIC &&
2483 magic32 != XFS_DIR3_DATA_MAGIC) {
040c52c0 2484 warnmsg = "Bad dir data magic!";
d75afeb3
DC		 2485 break;
2486 }
2487 bp->b_ops = &xfs_dir3_data_buf_ops;
2488 break;
61fe135c 2489 case XFS_BLFT_DIR_FREE_BUF:
d75afeb3
DC		 2490 if (magic32 != XFS_DIR2_FREE_MAGIC &&
2491 magic32 != XFS_DIR3_FREE_MAGIC) {
040c52c0 2492 warnmsg = "Bad dir3 free magic!";
d75afeb3
DC		 2493 break;
2494 }
2495 bp->b_ops = &xfs_dir3_free_buf_ops;
2496 break;
61fe135c 2497 case XFS_BLFT_DIR_LEAF1_BUF:
d75afeb3
DC		 2498 if (magicda != XFS_DIR2_LEAF1_MAGIC &&
2499 magicda != XFS_DIR3_LEAF1_MAGIC) {
040c52c0 2500 warnmsg = "Bad dir leaf1 magic!";
d75afeb3
DC		 2501 break;
2502 }
2503 bp->b_ops = &xfs_dir3_leaf1_buf_ops;
2504 break;
61fe135c 2505 case XFS_BLFT_DIR_LEAFN_BUF:
d75afeb3
DC		 2506 if (magicda != XFS_DIR2_LEAFN_MAGIC &&
2507 magicda != XFS_DIR3_LEAFN_MAGIC) {
040c52c0 2508 warnmsg = "Bad dir leafn magic!";
d75afeb3
DC		 2509 break;
2510 }
2511 bp->b_ops = &xfs_dir3_leafn_buf_ops;
2512 break;
61fe135c 2513 case XFS_BLFT_DA_NODE_BUF:
d75afeb3
DC		 2514 if (magicda != XFS_DA_NODE_MAGIC &&
2515 magicda != XFS_DA3_NODE_MAGIC) {
040c52c0 2516 warnmsg = "Bad da node magic!";
d75afeb3
DC		 2517 break;
2518 }
2519 bp->b_ops = &xfs_da3_node_buf_ops;
2520 break;
61fe135c 2521 case XFS_BLFT_ATTR_LEAF_BUF:
d75afeb3
DC		 2522 if (magicda != XFS_ATTR_LEAF_MAGIC &&
2523 magicda != XFS_ATTR3_LEAF_MAGIC) {
040c52c0 2524 warnmsg = "Bad attr leaf magic!";
d75afeb3
DC		 2525 break;
2526 }
2527 bp->b_ops = &xfs_attr3_leaf_buf_ops;
2528 break;
61fe135c 2529 case XFS_BLFT_ATTR_RMT_BUF:
cab09a81 2530 if (magic32 != XFS_ATTR3_RMT_MAGIC) {
040c52c0 2531 warnmsg = "Bad attr remote magic!";
d75afeb3
DC		 2532 break;
2533 }
2534 bp->b_ops = &xfs_attr3_rmt_buf_ops;
2535 break;
04a1e6c5
DC		 2536 case XFS_BLFT_SB_BUF:
2537 if (magic32 != XFS_SB_MAGIC) {
040c52c0 2538 warnmsg = "Bad SB block magic!";
04a1e6c5
DC		 2539 break;
2540 }
2541 bp->b_ops = &xfs_sb_buf_ops;
2542 break;
f67ca6ec
DC		 2543#ifdef CONFIG_XFS_RT
2544 case XFS_BLFT_RTBITMAP_BUF:
2545 case XFS_BLFT_RTSUMMARY_BUF:
bf85e099
DC		 2546 /* no magic numbers for verification of RT buffers */
2547 bp->b_ops = &xfs_rtbuf_ops;
f67ca6ec
DC		 2548 break;
2549#endif /* CONFIG_XFS_RT */
ee1a47ab 2550 default:
61fe135c
DC		 2551 xfs_warn(mp, "Unknown buffer type %d!",
2552 xfs_blft_from_flags(buf_f));
ee1a47ab
CH		 2553 break;
2554 }
040c52c0
BF		 2555
2556 /*
60a4a222
BF		 2557 * Nothing else to do in the case of a NULL current LSN as this means
2558 * the buffer is more recent than the change in the log and will be
2559 * skipped.
040c52c0 2560 */
60a4a222
BF		 2561 if (current_lsn == NULLCOMMITLSN)
2562 return;
2563
2564 if (warnmsg) {
040c52c0
BF		 2565 xfs_warn(mp, warnmsg);
2566 ASSERT(0);
2567 }
60a4a222
BF		 2568
2569 /*
2570 * We must update the metadata LSN of the buffer as it is written out to
2571 * ensure that older transactions never replay over this one and corrupt
2572 * the buffer. This can occur if log recovery is interrupted at some
2573 * point after the current transaction completes, at which point a
2574 * subsequent mount starts recovery from the beginning.
2575 *
2576 * Write verifiers update the metadata LSN from log items attached to
2577 * the buffer. Therefore, initialize a bli purely to carry the LSN to
2578 * the verifier. We'll clean it up in our ->iodone() callback.
2579 */
2580 if (bp->b_ops) {
2581 struct xfs_buf_log_item *bip;
2582
2583 ASSERT(!bp->b_iodone || bp->b_iodone == xlog_recover_iodone);
2584 bp->b_iodone = xlog_recover_iodone;
2585 xfs_buf_item_init(bp, mp);
2586 bip = bp->b_fspriv;
2587 bip->bli_item.li_lsn = current_lsn;
2588 }
1da177e4
LT		 2589}
2590
d75afeb3
DC		 2591/*
2592 * Perform a 'normal' buffer recovery. Each logged region of the
2593 * buffer should be copied over the corresponding region in the
2594 * given buffer. The bitmap in the buf log format structure indicates
2595 * where to place the logged data.
2596 */
2597STATIC void
2598xlog_recover_do_reg_buffer(
2599 struct xfs_mount *mp,
2600 xlog_recover_item_t *item,
2601 struct xfs_buf *bp,
22db9af2
BF		 2602 xfs_buf_log_format_t *buf_f,
2603 xfs_lsn_t current_lsn)
d75afeb3
DC		 2604{
2605 int i;
2606 int bit;
2607 int nbits;
2608 int error;
2609
2610 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
2611
2612 bit = 0;
2613 i = 1; /* 0 is the buf format structure */
2614 while (1) {
2615 bit = xfs_next_bit(buf_f->blf_data_map,
2616 buf_f->blf_map_size, bit);
2617 if (bit == -1)
2618 break;
2619 nbits = xfs_contig_bits(buf_f->blf_data_map,
2620 buf_f->blf_map_size, bit);
2621 ASSERT(nbits > 0);
2622 ASSERT(item->ri_buf[i].i_addr != NULL);
2623 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
2624 ASSERT(BBTOB(bp->b_io_length) >=
2625 ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT));
2626
709da6a6
DC		 2627 /*
2628 * The dirty regions logged in the buffer, even though
2629 * contiguous, may span multiple chunks. This is because the
2630 * dirty region may span a physical page boundary in a buffer
2631 * and hence be split into two separate vectors for writing into
2632 * the log. Hence we need to trim nbits back to the length of
2633 * the current region being copied out of the log.
2634 */
2635 if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT))
2636 nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT;
2637
d75afeb3
DC		 2638 /*
2639 * Do a sanity check if this is a dquot buffer. Just checking
2640 * the first dquot in the buffer should do. XXXThis is
2641 * probably a good thing to do for other buf types also.
2642 */
2643 error = 0;
2644 if (buf_f->blf_flags &
2645 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2646 if (item->ri_buf[i].i_addr == NULL) {
2647 xfs_alert(mp,
2648 "XFS: NULL dquot in %s.", __func__);
2649 goto next;
2650 }
2651 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
2652 xfs_alert(mp,
2653 "XFS: dquot too small (%d) in %s.",
2654 item->ri_buf[i].i_len, __func__);
2655 goto next;
2656 }
9aede1d8 2657 error = xfs_dqcheck(mp, item->ri_buf[i].i_addr,
d75afeb3
DC		 2658 -1, 0, XFS_QMOPT_DOWARN,
2659 "dquot_buf_recover");
2660 if (error)
2661 goto next;
2662 }
2663
2664 memcpy(xfs_buf_offset(bp,
2665 (uint)bit << XFS_BLF_SHIFT), /* dest */
2666 item->ri_buf[i].i_addr, /* source */
2667 nbits<<XFS_BLF_SHIFT); /* length */
2668 next:
2669 i++;
2670 bit += nbits;
2671 }
2672
2673 /* Shouldn't be any more regions */
2674 ASSERT(i == item->ri_total);
2675
22db9af2 2676 xlog_recover_validate_buf_type(mp, bp, buf_f, current_lsn);
d75afeb3
DC		 2677}
2678
1da177e4
LT		 2679/*
2680 * Perform a dquot buffer recovery.
8ba701ee 2681 * Simple algorithm: if we have found a QUOTAOFF log item of the same type
1da177e4
LT		 2682 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2683 * Else, treat it as a regular buffer and do recovery.
ad3714b8
DC		 2684 *
2685 * Return false if the buffer was tossed and true if we recovered the buffer to
2686 * indicate to the caller if the buffer needs writing.
1da177e4 2687 */
ad3714b8 2688STATIC bool
1da177e4 2689xlog_recover_do_dquot_buffer(
9a8d2fdb
MT		 2690 struct xfs_mount *mp,
2691 struct xlog *log,
2692 struct xlog_recover_item *item,
2693 struct xfs_buf *bp,
2694 struct xfs_buf_log_format *buf_f)
1da177e4
LT		 2695{
2696 uint type;
2697
9abbc539
DC		 2698 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2699
1da177e4
LT		 2700 /*
2701 * Filesystems are required to send in quota flags at mount time.
2702 */
ad3714b8
DC		 2703 if (!mp->m_qflags)
2704 return false;
1da177e4
LT		 2705
2706 type = 0;
c1155410 2707 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
1da177e4 2708 type |= XFS_DQ_USER;
c1155410 2709 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
c8ad20ff 2710 type |= XFS_DQ_PROJ;
c1155410 2711 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
1da177e4
LT		 2712 type |= XFS_DQ_GROUP;
2713 /*
2714 * This type of quotas was turned off, so ignore this buffer
2715 */
2716 if (log->l_quotaoffs_flag & type)
ad3714b8 2717 return false;
1da177e4 2718
22db9af2 2719 xlog_recover_do_reg_buffer(mp, item, bp, buf_f, NULLCOMMITLSN);
ad3714b8 2720 return true;
1da177e4
LT		 2721}
2722
2723/*
2724 * This routine replays a modification made to a buffer at runtime.
2725 * There are actually two types of buffer, regular and inode, which
2726 * are handled differently. Inode buffers are handled differently
2727 * in that we only recover a specific set of data from them, namely
2728 * the inode di_next_unlinked fields. This is because all other inode
2729 * data is actually logged via inode records and any data we replay
2730 * here which overlaps that may be stale.
2731 *
2732 * When meta-data buffers are freed at run time we log a buffer item
c1155410 2733 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
1da177e4
LT		 2734 * of the buffer in the log should not be replayed at recovery time.
2735 * This is so that if the blocks covered by the buffer are reused for
2736 * file data before we crash we don't end up replaying old, freed
2737 * meta-data into a user's file.
2738 *
2739 * To handle the cancellation of buffer log items, we make two passes
2740 * over the log during recovery. During the first we build a table of
2741 * those buffers which have been cancelled, and during the second we
2742 * only replay those buffers which do not have corresponding cancel
34be5ff3 2743 * records in the table. See xlog_recover_buffer_pass[1,2] above
1da177e4
LT		 2744 * for more details on the implementation of the table of cancel records.
2745 */
2746STATIC int
c9f71f5f 2747xlog_recover_buffer_pass2(
9a8d2fdb
MT		 2748 struct xlog *log,
2749 struct list_head *buffer_list,
50d5c8d8
DC		 2750 struct xlog_recover_item *item,
2751 xfs_lsn_t current_lsn)
1da177e4 2752{
4e0d5f92 2753 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
e2714bf8 2754 xfs_mount_t *mp = log->l_mp;
1da177e4
LT		 2755 xfs_buf_t *bp;
2756 int error;
6ad112bf 2757 uint buf_flags;
50d5c8d8 2758 xfs_lsn_t lsn;
1da177e4 2759
c9f71f5f
CH		 2760 /*
2761 * In this pass we only want to recover all the buffers which have
2762 * not been cancelled and are not cancellation buffers themselves.
2763 */
2764 if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno,
2765 buf_f->blf_len, buf_f->blf_flags)) {
2766 trace_xfs_log_recover_buf_cancel(log, buf_f);
1da177e4 2767 return 0;
1da177e4 2768 }
c9f71f5f 2769
9abbc539 2770 trace_xfs_log_recover_buf_recover(log, buf_f);
1da177e4 2771
a8acad70 2772 buf_flags = 0;
611c9946
DC		 2773 if (buf_f->blf_flags & XFS_BLF_INODE_BUF)
2774 buf_flags |= XBF_UNMAPPED;
6ad112bf 2775
e2714bf8 2776 bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len,
c3f8fc73 2777 buf_flags, NULL);
ac4d6888 2778 if (!bp)
2451337d 2779 return -ENOMEM;
e5702805 2780 error = bp->b_error;
5a52c2a5 2781 if (error) {
901796af 2782 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)");
50d5c8d8 2783 goto out_release;
1da177e4
LT		 2784 }
2785
50d5c8d8 2786 /*
67dc288c 2787 * Recover the buffer only if we get an LSN from it and it's less than
50d5c8d8 2788 * the lsn of the transaction we are replaying.
67dc288c
DC		 2789 *
2790 * Note that we have to be extremely careful of readahead here.
2791 * Readahead does not attach verfiers to the buffers so if we don't
2792 * actually do any replay after readahead because of the LSN we found
2793 * in the buffer if more recent than that current transaction then we
2794 * need to attach the verifier directly. Failure to do so can lead to
2795 * future recovery actions (e.g. EFI and unlinked list recovery) can
2796 * operate on the buffers and they won't get the verifier attached. This
2797 * can lead to blocks on disk having the correct content but a stale
2798 * CRC.
2799 *
2800 * It is safe to assume these clean buffers are currently up to date.
2801 * If the buffer is dirtied by a later transaction being replayed, then
2802 * the verifier will be reset to match whatever recover turns that
2803 * buffer into.
50d5c8d8
DC		 2804 */
2805 lsn = xlog_recover_get_buf_lsn(mp, bp);
67dc288c 2806 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
22db9af2 2807 xlog_recover_validate_buf_type(mp, bp, buf_f, NULLCOMMITLSN);
50d5c8d8 2808 goto out_release;
67dc288c 2809 }
50d5c8d8 2810
e2714bf8 2811 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1da177e4 2812 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
ad3714b8
DC		 2813 if (error)
2814 goto out_release;
e2714bf8 2815 } else if (buf_f->blf_flags &
c1155410 2816 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
ad3714b8
DC		 2817 bool dirty;
2818
2819 dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2820 if (!dirty)
2821 goto out_release;
1da177e4 2822 } else {
22db9af2 2823 xlog_recover_do_reg_buffer(mp, item, bp, buf_f, current_lsn);
1da177e4 2824 }
1da177e4
LT		 2825
2826 /*
2827 * Perform delayed write on the buffer. Asynchronous writes will be
2828 * slower when taking into account all the buffers to be flushed.
2829 *
2830 * Also make sure that only inode buffers with good sizes stay in
2831 * the buffer cache. The kernel moves inodes in buffers of 1 block
0f49efd8 2832 * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode
1da177e4
LT		 2833 * buffers in the log can be a different size if the log was generated
2834 * by an older kernel using unclustered inode buffers or a newer kernel
2835 * running with a different inode cluster size. Regardless, if the
0f49efd8
JL		 2836 * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size)
2837 * for *our* value of mp->m_inode_cluster_size, then we need to keep
1da177e4
LT		 2838 * the buffer out of the buffer cache so that the buffer won't
2839 * overlap with future reads of those inodes.
2840 */
2841 if (XFS_DINODE_MAGIC ==
b53e675d 2842 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
aa0e8833 2843 (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize,
0f49efd8 2844 (__uint32_t)log->l_mp->m_inode_cluster_size))) {
c867cb61 2845 xfs_buf_stale(bp);
c2b006c1 2846 error = xfs_bwrite(bp);
1da177e4 2847 } else {
ebad861b 2848 ASSERT(bp->b_target->bt_mount == mp);
cb669ca5 2849 bp->b_iodone = xlog_recover_iodone;
43ff2122 2850 xfs_buf_delwri_queue(bp, buffer_list);
1da177e4
LT		 2851 }
2852
50d5c8d8 2853out_release:
c2b006c1
CH		 2854 xfs_buf_relse(bp);
2855 return error;
1da177e4
LT		 2856}
2857
638f4416
DC		 2858/*
2859 * Inode fork owner changes
2860 *
2861 * If we have been told that we have to reparent the inode fork, it's because an
2862 * extent swap operation on a CRC enabled filesystem has been done and we are
2863 * replaying it. We need to walk the BMBT of the appropriate fork and change the
2864 * owners of it.
2865 *
2866 * The complexity here is that we don't have an inode context to work with, so
2867 * after we've replayed the inode we need to instantiate one. This is where the
2868 * fun begins.
2869 *
2870 * We are in the middle of log recovery, so we can't run transactions. That
2871 * means we cannot use cache coherent inode instantiation via xfs_iget(), as
2872 * that will result in the corresponding iput() running the inode through
2873 * xfs_inactive(). If we've just replayed an inode core that changes the link
2874 * count to zero (i.e. it's been unlinked), then xfs_inactive() will run
2875 * transactions (bad!).
2876 *
2877 * So, to avoid this, we instantiate an inode directly from the inode core we've
2878 * just recovered. We have the buffer still locked, and all we really need to
2879 * instantiate is the inode core and the forks being modified. We can do this
2880 * manually, then run the inode btree owner change, and then tear down the
2881 * xfs_inode without having to run any transactions at all.
2882 *
2883 * Also, because we don't have a transaction context available here but need to
2884 * gather all the buffers we modify for writeback so we pass the buffer_list
2885 * instead for the operation to use.
2886 */
2887
2888STATIC int
2889xfs_recover_inode_owner_change(
2890 struct xfs_mount *mp,
2891 struct xfs_dinode *dip,
2892 struct xfs_inode_log_format *in_f,
2893 struct list_head *buffer_list)
2894{
2895 struct xfs_inode *ip;
2896 int error;
2897
2898 ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER));
2899
2900 ip = xfs_inode_alloc(mp, in_f->ilf_ino);
2901 if (!ip)
2451337d 2902 return -ENOMEM;
638f4416
DC		 2903
2904 /* instantiate the inode */
3987848c 2905 xfs_inode_from_disk(ip, dip);
638f4416
DC		 2906 ASSERT(ip->i_d.di_version >= 3);
2907
2908 error = xfs_iformat_fork(ip, dip);
2909 if (error)
2910 goto out_free_ip;
2911
2912
2913 if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
2914 ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
2915 error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK,
2916 ip->i_ino, buffer_list);
2917 if (error)
2918 goto out_free_ip;
2919 }
2920
2921 if (in_f->ilf_fields & XFS_ILOG_AOWNER) {
2922 ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT);
2923 error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK,
2924 ip->i_ino, buffer_list);
2925 if (error)
2926 goto out_free_ip;
2927 }
2928
2929out_free_ip:
2930 xfs_inode_free(ip);
2931 return error;
2932}
2933
1da177e4 2934STATIC int
c9f71f5f 2935xlog_recover_inode_pass2(
9a8d2fdb
MT		 2936 struct xlog *log,
2937 struct list_head *buffer_list,
50d5c8d8
DC		 2938 struct xlog_recover_item *item,
2939 xfs_lsn_t current_lsn)
1da177e4
LT		 2940{
2941 xfs_inode_log_format_t *in_f;
c9f71f5f 2942 xfs_mount_t *mp = log->l_mp;
1da177e4 2943 xfs_buf_t *bp;
1da177e4 2944 xfs_dinode_t *dip;
1da177e4 2945 int len;
b2a922cd
CH		 2946 char *src;
2947 char *dest;
1da177e4
LT		 2948 int error;
2949 int attr_index;
2950 uint fields;
f8d55aa0 2951 struct xfs_log_dinode *ldip;
93848a99 2952 uint isize;
6d192a9b 2953 int need_free = 0;
1da177e4 2954
6d192a9b 2955 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
4e0d5f92 2956 in_f = item->ri_buf[0].i_addr;
6d192a9b 2957 } else {
4e0d5f92 2958 in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP);
6d192a9b
TS		 2959 need_free = 1;
2960 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2961 if (error)
2962 goto error;
2963 }
1da177e4
LT		 2964
2965 /*
2966 * Inode buffers can be freed, look out for it,
2967 * and do not replay the inode.
2968 */
a1941895
CH		 2969 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2970 in_f->ilf_len, 0)) {
6d192a9b 2971 error = 0;
9abbc539 2972 trace_xfs_log_recover_inode_cancel(log, in_f);
6d192a9b
TS		 2973 goto error;
2974 }
9abbc539 2975 trace_xfs_log_recover_inode_recover(log, in_f);
1da177e4 2976
c3f8fc73 2977 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0,
93848a99 2978 &xfs_inode_buf_ops);
ac4d6888 2979 if (!bp) {
2451337d 2980 error = -ENOMEM;
ac4d6888
CS		 2981 goto error;
2982 }
e5702805 2983 error = bp->b_error;
5a52c2a5 2984 if (error) {
901796af 2985 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)");
638f4416 2986 goto out_release;
1da177e4 2987 }
1da177e4 2988 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
88ee2df7 2989 dip = xfs_buf_offset(bp, in_f->ilf_boffset);
1da177e4
LT		 2990
2991 /*
2992 * Make sure the place we're flushing out to really looks
2993 * like an inode!
2994 */
69ef921b 2995 if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) {
a0fa2b67
DC		 2996 xfs_alert(mp,
2997 "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld",
2998 __func__, dip, bp, in_f->ilf_ino);
c9f71f5f 2999 XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)",
1da177e4 3000 XFS_ERRLEVEL_LOW, mp);
2451337d 3001 error = -EFSCORRUPTED;
638f4416 3002 goto out_release;
1da177e4 3003 }
f8d55aa0
DC		 3004 ldip = item->ri_buf[1].i_addr;
3005 if (unlikely(ldip->di_magic != XFS_DINODE_MAGIC)) {
a0fa2b67
DC		 3006 xfs_alert(mp,
3007 "%s: Bad inode log record, rec ptr 0x%p, ino %Ld",
3008 __func__, item, in_f->ilf_ino);
c9f71f5f 3009 XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)",
1da177e4 3010 XFS_ERRLEVEL_LOW, mp);
2451337d 3011 error = -EFSCORRUPTED;
638f4416 3012 goto out_release;
1da177e4
LT		 3013 }
3014
50d5c8d8
DC		 3015 /*
3016 * If the inode has an LSN in it, recover the inode only if it's less
638f4416
DC		 3017 * than the lsn of the transaction we are replaying. Note: we still
3018 * need to replay an owner change even though the inode is more recent
3019 * than the transaction as there is no guarantee that all the btree
3020 * blocks are more recent than this transaction, too.
50d5c8d8
DC		 3021 */
3022 if (dip->di_version >= 3) {
3023 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
3024
3025 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
3026 trace_xfs_log_recover_inode_skip(log, in_f);
3027 error = 0;
638f4416 3028 goto out_owner_change;
50d5c8d8
DC		 3029 }
3030 }
3031
e60896d8
DC		 3032 /*
3033 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
3034 * are transactional and if ordering is necessary we can determine that
3035 * more accurately by the LSN field in the V3 inode core. Don't trust
3036 * the inode versions we might be changing them here - use the
3037 * superblock flag to determine whether we need to look at di_flushiter
3038 * to skip replay when the on disk inode is newer than the log one
3039 */
3040 if (!xfs_sb_version_hascrc(&mp->m_sb) &&
f8d55aa0 3041 ldip->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
1da177e4
LT		 3042 /*
3043 * Deal with the wrap case, DI_MAX_FLUSH is less
3044 * than smaller numbers
3045 */
81591fe2 3046 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
f8d55aa0 3047 ldip->di_flushiter < (DI_MAX_FLUSH >> 1)) {
1da177e4
LT		 3048 /* do nothing */
3049 } else {
9abbc539 3050 trace_xfs_log_recover_inode_skip(log, in_f);
6d192a9b 3051 error = 0;
638f4416 3052 goto out_release;
1da177e4
LT		 3053 }
3054 }
e60896d8 3055
1da177e4 3056 /* Take the opportunity to reset the flush iteration count */
f8d55aa0 3057 ldip->di_flushiter = 0;
1da177e4 3058
f8d55aa0
DC		 3059 if (unlikely(S_ISREG(ldip->di_mode))) {
3060 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
3061 (ldip->di_format != XFS_DINODE_FMT_BTREE)) {
c9f71f5f 3062 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
f8d55aa0 3063 XFS_ERRLEVEL_LOW, mp, ldip);
a0fa2b67
DC		 3064 xfs_alert(mp,
3065 "%s: Bad regular inode log record, rec ptr 0x%p, "
3066 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
3067 __func__, item, dip, bp, in_f->ilf_ino);
2451337d 3068 error = -EFSCORRUPTED;
638f4416 3069 goto out_release;
1da177e4 3070 }
f8d55aa0
DC		 3071 } else if (unlikely(S_ISDIR(ldip->di_mode))) {
3072 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
3073 (ldip->di_format != XFS_DINODE_FMT_BTREE) &&
3074 (ldip->di_format != XFS_DINODE_FMT_LOCAL)) {
c9f71f5f 3075 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
f8d55aa0 3076 XFS_ERRLEVEL_LOW, mp, ldip);
a0fa2b67
DC		 3077 xfs_alert(mp,
3078 "%s: Bad dir inode log record, rec ptr 0x%p, "
3079 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
3080 __func__, item, dip, bp, in_f->ilf_ino);
2451337d 3081 error = -EFSCORRUPTED;
638f4416 3082 goto out_release;
1da177e4
LT		 3083 }
3084 }
f8d55aa0 3085 if (unlikely(ldip->di_nextents + ldip->di_anextents > ldip->di_nblocks)){
c9f71f5f 3086 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
f8d55aa0 3087 XFS_ERRLEVEL_LOW, mp, ldip);
a0fa2b67
DC		 3088 xfs_alert(mp,
3089 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
3090 "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
3091 __func__, item, dip, bp, in_f->ilf_ino,
f8d55aa0
DC		 3092 ldip->di_nextents + ldip->di_anextents,
3093 ldip->di_nblocks);
2451337d 3094 error = -EFSCORRUPTED;
638f4416 3095 goto out_release;
1da177e4 3096 }
f8d55aa0 3097 if (unlikely(ldip->di_forkoff > mp->m_sb.sb_inodesize)) {
c9f71f5f 3098 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
f8d55aa0 3099 XFS_ERRLEVEL_LOW, mp, ldip);
a0fa2b67
DC		 3100 xfs_alert(mp,
3101 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
3102 "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__,
f8d55aa0 3103 item, dip, bp, in_f->ilf_ino, ldip->di_forkoff);
2451337d 3104 error = -EFSCORRUPTED;
638f4416 3105 goto out_release;
1da177e4 3106 }
f8d55aa0 3107 isize = xfs_log_dinode_size(ldip->di_version);
93848a99 3108 if (unlikely(item->ri_buf[1].i_len > isize)) {
c9f71f5f 3109 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
f8d55aa0 3110 XFS_ERRLEVEL_LOW, mp, ldip);
a0fa2b67
DC		 3111 xfs_alert(mp,
3112 "%s: Bad inode log record length %d, rec ptr 0x%p",
3113 __func__, item->ri_buf[1].i_len, item);
2451337d 3114 error = -EFSCORRUPTED;
638f4416 3115 goto out_release;
1da177e4
LT		 3116 }
3117
3987848c
DC		 3118 /* recover the log dinode inode into the on disk inode */
3119 xfs_log_dinode_to_disk(ldip, dip);
1da177e4
LT		 3120
3121 /* the rest is in on-disk format */
93848a99
CH		 3122 if (item->ri_buf[1].i_len > isize) {
3123 memcpy((char *)dip + isize,
3124 item->ri_buf[1].i_addr + isize,
3125 item->ri_buf[1].i_len - isize);
1da177e4
LT		 3126 }
3127
3128 fields = in_f->ilf_fields;
3129 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
3130 case XFS_ILOG_DEV:
81591fe2 3131 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
1da177e4
LT		 3132 break;
3133 case XFS_ILOG_UUID:
81591fe2
CH		 3134 memcpy(XFS_DFORK_DPTR(dip),
3135 &in_f->ilf_u.ilfu_uuid,
3136 sizeof(uuid_t));
1da177e4
LT		 3137 break;
3138 }
3139
3140 if (in_f->ilf_size == 2)
638f4416 3141 goto out_owner_change;
1da177e4
LT		 3142 len = item->ri_buf[2].i_len;
3143 src = item->ri_buf[2].i_addr;
3144 ASSERT(in_f->ilf_size <= 4);
3145 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
3146 ASSERT(!(fields & XFS_ILOG_DFORK) ||
3147 (len == in_f->ilf_dsize));
3148
3149 switch (fields & XFS_ILOG_DFORK) {
3150 case XFS_ILOG_DDATA:
3151 case XFS_ILOG_DEXT:
81591fe2 3152 memcpy(XFS_DFORK_DPTR(dip), src, len);
1da177e4
LT		 3153 break;
3154
3155 case XFS_ILOG_DBROOT:
7cc95a82 3156 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
81591fe2 3157 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
1da177e4
LT		 3158 XFS_DFORK_DSIZE(dip, mp));
3159 break;
3160
3161 default:
3162 /*
3163 * There are no data fork flags set.
3164 */
3165 ASSERT((fields & XFS_ILOG_DFORK) == 0);
3166 break;
3167 }
3168
3169 /*
3170 * If we logged any attribute data, recover it. There may or
3171 * may not have been any other non-core data logged in this
3172 * transaction.
3173 */
3174 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
3175 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
3176 attr_index = 3;
3177 } else {
3178 attr_index = 2;
3179 }
3180 len = item->ri_buf[attr_index].i_len;
3181 src = item->ri_buf[attr_index].i_addr;
3182 ASSERT(len == in_f->ilf_asize);
3183
3184 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
3185 case XFS_ILOG_ADATA:
3186 case XFS_ILOG_AEXT:
3187 dest = XFS_DFORK_APTR(dip);
3188 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
3189 memcpy(dest, src, len);
3190 break;
3191
3192 case XFS_ILOG_ABROOT:
3193 dest = XFS_DFORK_APTR(dip);
7cc95a82
CH		 3194 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
3195 len, (xfs_bmdr_block_t*)dest,
1da177e4
LT		 3196 XFS_DFORK_ASIZE(dip, mp));
3197 break;
3198
3199 default:
a0fa2b67 3200 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
1da177e4 3201 ASSERT(0);
2451337d 3202 error = -EIO;
638f4416 3203 goto out_release;
1da177e4
LT		 3204 }
3205 }
3206
638f4416
DC		 3207out_owner_change:
3208 if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER))
3209 error = xfs_recover_inode_owner_change(mp, dip, in_f,
3210 buffer_list);
93848a99
CH		 3211 /* re-generate the checksum. */
3212 xfs_dinode_calc_crc(log->l_mp, dip);
3213
ebad861b 3214 ASSERT(bp->b_target->bt_mount == mp);
cb669ca5 3215 bp->b_iodone = xlog_recover_iodone;
43ff2122 3216 xfs_buf_delwri_queue(bp, buffer_list);
50d5c8d8
DC		 3217
3218out_release:
61551f1e 3219 xfs_buf_relse(bp);
6d192a9b
TS		 3220error:
3221 if (need_free)
f0e2d93c 3222 kmem_free(in_f);
b474c7ae 3223 return error;
1da177e4
LT		 3224}
3225
3226/*
9a8d2fdb 3227 * Recover QUOTAOFF records. We simply make a note of it in the xlog
1da177e4
LT		 3228 * structure, so that we know not to do any dquot item or dquot buffer recovery,
3229 * of that type.
3230 */
3231STATIC int
c9f71f5f 3232xlog_recover_quotaoff_pass1(
9a8d2fdb
MT		 3233 struct xlog *log,
3234 struct xlog_recover_item *item)
1da177e4 3235{
c9f71f5f 3236 xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr;
1da177e4
LT		 3237 ASSERT(qoff_f);
3238
3239 /*
3240 * The logitem format's flag tells us if this was user quotaoff,
77a7cce4 3241 * group/project quotaoff or both.
1da177e4
LT		 3242 */
3243 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
3244 log->l_quotaoffs_flag |= XFS_DQ_USER;
77a7cce4
NS		 3245 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
3246 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
1da177e4
LT		 3247 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
3248 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
3249
d99831ff 3250 return 0;
1da177e4
LT		 3251}
3252
3253/*
3254 * Recover a dquot record
3255 */
3256STATIC int
c9f71f5f 3257xlog_recover_dquot_pass2(
9a8d2fdb
MT		 3258 struct xlog *log,
3259 struct list_head *buffer_list,
50d5c8d8
DC		 3260 struct xlog_recover_item *item,
3261 xfs_lsn_t current_lsn)
1da177e4 3262{
c9f71f5f 3263 xfs_mount_t *mp = log->l_mp;
1da177e4
LT		 3264 xfs_buf_t *bp;
3265 struct xfs_disk_dquot *ddq, *recddq;
3266 int error;
3267 xfs_dq_logformat_t *dq_f;
3268 uint type;
3269
1da177e4
LT		 3270
3271 /*
3272 * Filesystems are required to send in quota flags at mount time.
3273 */
3274 if (mp->m_qflags == 0)
d99831ff 3275 return 0;
1da177e4 3276
4e0d5f92
CH		 3277 recddq = item->ri_buf[1].i_addr;
3278 if (recddq == NULL) {
a0fa2b67 3279 xfs_alert(log->l_mp, "NULL dquot in %s.", __func__);
2451337d 3280 return -EIO;
0c5e1ce8 3281 }
8ec6dba2 3282 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
a0fa2b67 3283 xfs_alert(log->l_mp, "dquot too small (%d) in %s.",
0c5e1ce8 3284 item->ri_buf[1].i_len, __func__);
2451337d 3285 return -EIO;
0c5e1ce8
CH		 3286 }
3287
1da177e4
LT		 3288 /*
3289 * This type of quotas was turned off, so ignore this record.
3290 */
b53e675d 3291 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
1da177e4
LT		 3292 ASSERT(type);
3293 if (log->l_quotaoffs_flag & type)
d99831ff 3294 return 0;
1da177e4
LT		 3295
3296 /*
3297 * At this point we know that quota was _not_ turned off.
3298 * Since the mount flags are not indicating to us otherwise, this
3299 * must mean that quota is on, and the dquot needs to be replayed.
3300 * Remember that we may not have fully recovered the superblock yet,
3301 * so we can't do the usual trick of looking at the SB quota bits.
3302 *
3303 * The other possibility, of course, is that the quota subsystem was
3304 * removed since the last mount - ENOSYS.
3305 */
4e0d5f92 3306 dq_f = item->ri_buf[0].i_addr;
1da177e4 3307 ASSERT(dq_f);
9aede1d8 3308 error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
a0fa2b67
DC		 3309 "xlog_recover_dquot_pass2 (log copy)");
3310 if (error)
2451337d 3311 return -EIO;
1da177e4
LT		 3312 ASSERT(dq_f->qlf_len == 1);
3313
ad3714b8
DC		 3314 /*
3315 * At this point we are assuming that the dquots have been allocated
3316 * and hence the buffer has valid dquots stamped in it. It should,
3317 * therefore, pass verifier validation. If the dquot is bad, then the
3318 * we'll return an error here, so we don't need to specifically check
3319 * the dquot in the buffer after the verifier has run.
3320 */
7ca790a5 3321 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno,
c3f8fc73 3322 XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp,
ad3714b8 3323 &xfs_dquot_buf_ops);
7ca790a5 3324 if (error)
1da177e4 3325 return error;
7ca790a5 3326
1da177e4 3327 ASSERT(bp);
88ee2df7 3328 ddq = xfs_buf_offset(bp, dq_f->qlf_boffset);
1da177e4 3329
50d5c8d8
DC		 3330 /*
3331 * If the dquot has an LSN in it, recover the dquot only if it's less
3332 * than the lsn of the transaction we are replaying.
3333 */
3334 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3335 struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
3336 xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
3337
3338 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
3339 goto out_release;
3340 }
3341 }
3342
1da177e4 3343 memcpy(ddq, recddq, item->ri_buf[1].i_len);
6fcdc59d
DC		 3344 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3345 xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
3346 XFS_DQUOT_CRC_OFF);
3347 }
1da177e4
LT		 3348
3349 ASSERT(dq_f->qlf_size == 2);
ebad861b 3350 ASSERT(bp->b_target->bt_mount == mp);
cb669ca5 3351 bp->b_iodone = xlog_recover_iodone;
43ff2122 3352 xfs_buf_delwri_queue(bp, buffer_list);
1da177e4 3353
50d5c8d8
DC		 3354out_release:
3355 xfs_buf_relse(bp);
3356 return 0;
1da177e4
LT		 3357}
3358
3359/*
3360 * This routine is called to create an in-core extent free intent
3361 * item from the efi format structure which was logged on disk.
3362 * It allocates an in-core efi, copies the extents from the format
3363 * structure into it, and adds the efi to the AIL with the given
3364 * LSN.
3365 */
6d192a9b 3366STATIC int
c9f71f5f 3367xlog_recover_efi_pass2(
9a8d2fdb
MT		 3368 struct xlog *log,
3369 struct xlog_recover_item *item,
3370 xfs_lsn_t lsn)
1da177e4 3371{
e32a1d1f
BF		 3372 int error;
3373 struct xfs_mount *mp = log->l_mp;
3374 struct xfs_efi_log_item *efip;
3375 struct xfs_efi_log_format *efi_formatp;
1da177e4 3376
4e0d5f92 3377 efi_formatp = item->ri_buf[0].i_addr;
1da177e4 3378
1da177e4 3379 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
e32a1d1f
BF		 3380 error = xfs_efi_copy_format(&item->ri_buf[0], &efip->efi_format);
3381 if (error) {
6d192a9b
TS		 3382 xfs_efi_item_free(efip);
3383 return error;
3384 }
b199c8a4 3385 atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
1da177e4 3386
a9c21c1b 3387 spin_lock(&log->l_ailp->xa_lock);
1da177e4 3388 /*
e32a1d1f
BF		 3389 * The EFI has two references. One for the EFD and one for EFI to ensure
3390 * it makes it into the AIL. Insert the EFI into the AIL directly and
3391 * drop the EFI reference. Note that xfs_trans_ail_update() drops the
3392 * AIL lock.
1da177e4 3393 */
e6059949 3394 xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn);
e32a1d1f 3395 xfs_efi_release(efip);
6d192a9b 3396 return 0;
1da177e4
LT		 3397}
3398
3399
3400/*
e32a1d1f
BF		 3401 * This routine is called when an EFD format structure is found in a committed
3402 * transaction in the log. Its purpose is to cancel the corresponding EFI if it
3403 * was still in the log. To do this it searches the AIL for the EFI with an id
3404 * equal to that in the EFD format structure. If we find it we drop the EFD
3405 * reference, which removes the EFI from the AIL and frees it.
1da177e4 3406 */
c9f71f5f
CH		 3407STATIC int
3408xlog_recover_efd_pass2(
9a8d2fdb
MT		 3409 struct xlog *log,
3410 struct xlog_recover_item *item)
1da177e4 3411{
1da177e4
LT		 3412 xfs_efd_log_format_t *efd_formatp;
3413 xfs_efi_log_item_t *efip = NULL;
3414 xfs_log_item_t *lip;
1da177e4 3415 __uint64_t efi_id;
27d8d5fe 3416 struct xfs_ail_cursor cur;
783a2f65 3417 struct xfs_ail *ailp = log->l_ailp;
1da177e4 3418
4e0d5f92 3419 efd_formatp = item->ri_buf[0].i_addr;
6d192a9b
TS		 3420 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
3421 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
3422 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
3423 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
1da177e4
LT		 3424 efi_id = efd_formatp->efd_efi_id;
3425
3426 /*
e32a1d1f
BF		 3427 * Search for the EFI with the id in the EFD format structure in the
3428 * AIL.
1da177e4 3429 */
a9c21c1b
DC		 3430 spin_lock(&ailp->xa_lock);
3431 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
1da177e4
LT		 3432 while (lip != NULL) {
3433 if (lip->li_type == XFS_LI_EFI) {
3434 efip = (xfs_efi_log_item_t *)lip;
3435 if (efip->efi_format.efi_id == efi_id) {
3436 /*
e32a1d1f
BF		 3437 * Drop the EFD reference to the EFI. This
3438 * removes the EFI from the AIL and frees it.
1da177e4 3439 */
e32a1d1f
BF		 3440 spin_unlock(&ailp->xa_lock);
3441 xfs_efi_release(efip);
a9c21c1b 3442 spin_lock(&ailp->xa_lock);
27d8d5fe 3443 break;
1da177e4
LT		 3444 }
3445 }
a9c21c1b 3446 lip = xfs_trans_ail_cursor_next(ailp, &cur);
1da177e4 3447 }
e32a1d1f 3448
e4a1e29c 3449 xfs_trans_ail_cursor_done(&cur);
a9c21c1b 3450 spin_unlock(&ailp->xa_lock);
c9f71f5f
CH		 3451
3452 return 0;
1da177e4
LT		 3453}
3454
9e88b5d8
DW		 3455/*
3456 * This routine is called to create an in-core extent rmap update
3457 * item from the rui format structure which was logged on disk.
3458 * It allocates an in-core rui, copies the extents from the format
3459 * structure into it, and adds the rui to the AIL with the given
3460 * LSN.
3461 */
3462STATIC int
3463xlog_recover_rui_pass2(
3464 struct xlog *log,
3465 struct xlog_recover_item *item,
3466 xfs_lsn_t lsn)
3467{
3468 int error;
3469 struct xfs_mount *mp = log->l_mp;
3470 struct xfs_rui_log_item *ruip;
3471 struct xfs_rui_log_format *rui_formatp;
3472
3473 rui_formatp = item->ri_buf[0].i_addr;
3474
3475 ruip = xfs_rui_init(mp, rui_formatp->rui_nextents);
3476 error = xfs_rui_copy_format(&item->ri_buf[0], &ruip->rui_format);
3477 if (error) {
3478 xfs_rui_item_free(ruip);
3479 return error;
3480 }
3481 atomic_set(&ruip->rui_next_extent, rui_formatp->rui_nextents);
3482
3483 spin_lock(&log->l_ailp->xa_lock);
3484 /*
3485 * The RUI has two references. One for the RUD and one for RUI to ensure
3486 * it makes it into the AIL. Insert the RUI into the AIL directly and
3487 * drop the RUI reference. Note that xfs_trans_ail_update() drops the
3488 * AIL lock.
3489 */
3490 xfs_trans_ail_update(log->l_ailp, &ruip->rui_item, lsn);
3491 xfs_rui_release(ruip);
3492 return 0;
3493}
3494
3495
3496/*
3497 * This routine is called when an RUD format structure is found in a committed
3498 * transaction in the log. Its purpose is to cancel the corresponding RUI if it
3499 * was still in the log. To do this it searches the AIL for the RUI with an id
3500 * equal to that in the RUD format structure. If we find it we drop the RUD
3501 * reference, which removes the RUI from the AIL and frees it.
3502 */
3503STATIC int
3504xlog_recover_rud_pass2(
3505 struct xlog *log,
3506 struct xlog_recover_item *item)
3507{
3508 struct xfs_rud_log_format *rud_formatp;
3509 struct xfs_rui_log_item *ruip = NULL;
3510 struct xfs_log_item *lip;
3511 __uint64_t rui_id;
3512 struct xfs_ail_cursor cur;
3513 struct xfs_ail *ailp = log->l_ailp;
3514
3515 rud_formatp = item->ri_buf[0].i_addr;
722e2517 3516 ASSERT(item->ri_buf[0].i_len == sizeof(struct xfs_rud_log_format));
9e88b5d8
DW		 3517 rui_id = rud_formatp->rud_rui_id;
3518
3519 /*
3520 * Search for the RUI with the id in the RUD format structure in the
3521 * AIL.
3522 */
3523 spin_lock(&ailp->xa_lock);
3524 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3525 while (lip != NULL) {
3526 if (lip->li_type == XFS_LI_RUI) {
3527 ruip = (struct xfs_rui_log_item *)lip;
3528 if (ruip->rui_format.rui_id == rui_id) {
3529 /*
3530 * Drop the RUD reference to the RUI. This
3531 * removes the RUI from the AIL and frees it.
3532 */
3533 spin_unlock(&ailp->xa_lock);
3534 xfs_rui_release(ruip);
3535 spin_lock(&ailp->xa_lock);
3536 break;
3537 }
3538 }
3539 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3540 }
3541
3542 xfs_trans_ail_cursor_done(&cur);
3543 spin_unlock(&ailp->xa_lock);
3544
3545 return 0;
3546}
3547
28c8e41a
DC		 3548/*
3549 * This routine is called when an inode create format structure is found in a
3550 * committed transaction in the log. It's purpose is to initialise the inodes
3551 * being allocated on disk. This requires us to get inode cluster buffers that
3552 * match the range to be intialised, stamped with inode templates and written
3553 * by delayed write so that subsequent modifications will hit the cached buffer
3554 * and only need writing out at the end of recovery.
3555 */
3556STATIC int
3557xlog_recover_do_icreate_pass2(
3558 struct xlog *log,
3559 struct list_head *buffer_list,
3560 xlog_recover_item_t *item)
3561{
3562 struct xfs_mount *mp = log->l_mp;
3563 struct xfs_icreate_log *icl;
3564 xfs_agnumber_t agno;
3565 xfs_agblock_t agbno;
3566 unsigned int count;
3567 unsigned int isize;
3568 xfs_agblock_t length;
fc0d1656
BF		 3569 int blks_per_cluster;
3570 int bb_per_cluster;
3571 int cancel_count;
3572 int nbufs;
3573 int i;
28c8e41a
DC		 3574
3575 icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr;
3576 if (icl->icl_type != XFS_LI_ICREATE) {
3577 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type");
2451337d 3578 return -EINVAL;
28c8e41a
DC		 3579 }
3580
3581 if (icl->icl_size != 1) {
3582 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size");
2451337d 3583 return -EINVAL;
28c8e41a
DC		 3584 }
3585
3586 agno = be32_to_cpu(icl->icl_ag);
3587 if (agno >= mp->m_sb.sb_agcount) {
3588 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno");
2451337d 3589 return -EINVAL;
28c8e41a
DC		 3590 }
3591 agbno = be32_to_cpu(icl->icl_agbno);
3592 if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) {
3593 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno");
2451337d 3594 return -EINVAL;
28c8e41a
DC		 3595 }
3596 isize = be32_to_cpu(icl->icl_isize);
3597 if (isize != mp->m_sb.sb_inodesize) {
3598 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize");
2451337d 3599 return -EINVAL;
28c8e41a
DC		 3600 }
3601 count = be32_to_cpu(icl->icl_count);
3602 if (!count) {
3603 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count");
2451337d 3604 return -EINVAL;
28c8e41a
DC		 3605 }
3606 length = be32_to_cpu(icl->icl_length);
3607 if (!length || length >= mp->m_sb.sb_agblocks) {
3608 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length");
2451337d 3609 return -EINVAL;
28c8e41a
DC		 3610 }
3611
7f43c907
BF		 3612 /*
3613 * The inode chunk is either full or sparse and we only support
3614 * m_ialloc_min_blks sized sparse allocations at this time.
3615 */
3616 if (length != mp->m_ialloc_blks &&
3617 length != mp->m_ialloc_min_blks) {
3618 xfs_warn(log->l_mp,
3619 "%s: unsupported chunk length", __FUNCTION__);
3620 return -EINVAL;
3621 }
3622
3623 /* verify inode count is consistent with extent length */
3624 if ((count >> mp->m_sb.sb_inopblog) != length) {
3625 xfs_warn(log->l_mp,
3626 "%s: inconsistent inode count and chunk length",
3627 __FUNCTION__);
2451337d 3628 return -EINVAL;
28c8e41a
DC		 3629 }
3630
3631 /*
fc0d1656
BF		 3632 * The icreate transaction can cover multiple cluster buffers and these
3633 * buffers could have been freed and reused. Check the individual
3634 * buffers for cancellation so we don't overwrite anything written after
3635 * a cancellation.
3636 */
3637 blks_per_cluster = xfs_icluster_size_fsb(mp);
3638 bb_per_cluster = XFS_FSB_TO_BB(mp, blks_per_cluster);
3639 nbufs = length / blks_per_cluster;
3640 for (i = 0, cancel_count = 0; i < nbufs; i++) {
3641 xfs_daddr_t daddr;
3642
3643 daddr = XFS_AGB_TO_DADDR(mp, agno,
3644 agbno + i * blks_per_cluster);
3645 if (xlog_check_buffer_cancelled(log, daddr, bb_per_cluster, 0))
3646 cancel_count++;
3647 }
3648
3649 /*
3650 * We currently only use icreate for a single allocation at a time. This
3651 * means we should expect either all or none of the buffers to be
3652 * cancelled. Be conservative and skip replay if at least one buffer is
3653 * cancelled, but warn the user that something is awry if the buffers
3654 * are not consistent.
28c8e41a 3655 *
fc0d1656
BF		 3656 * XXX: This must be refined to only skip cancelled clusters once we use
3657 * icreate for multiple chunk allocations.
28c8e41a 3658 */
fc0d1656
BF		 3659 ASSERT(!cancel_count || cancel_count == nbufs);
3660 if (cancel_count) {
3661 if (cancel_count != nbufs)
3662 xfs_warn(mp,
3663 "WARNING: partial inode chunk cancellation, skipped icreate.");
78d57e45 3664 trace_xfs_log_recover_icreate_cancel(log, icl);
28c8e41a 3665 return 0;
78d57e45 3666 }
28c8e41a 3667
78d57e45 3668 trace_xfs_log_recover_icreate_recover(log, icl);
fc0d1656
BF		 3669 return xfs_ialloc_inode_init(mp, NULL, buffer_list, count, agno, agbno,
3670 length, be32_to_cpu(icl->icl_gen));
28c8e41a
DC		 3671}
3672
00574da1
ZYW		 3673STATIC void
3674xlog_recover_buffer_ra_pass2(
3675 struct xlog *log,
3676 struct xlog_recover_item *item)
3677{
3678 struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr;
3679 struct xfs_mount *mp = log->l_mp;
3680
84a5b730 3681 if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno,
00574da1
ZYW		 3682 buf_f->blf_len, buf_f->blf_flags)) {
3683 return;
3684 }
3685
3686 xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno,
3687 buf_f->blf_len, NULL);
3688}
3689
3690STATIC void
3691xlog_recover_inode_ra_pass2(
3692 struct xlog *log,
3693 struct xlog_recover_item *item)
3694{
3695 struct xfs_inode_log_format ilf_buf;
3696 struct xfs_inode_log_format *ilfp;
3697 struct xfs_mount *mp = log->l_mp;
3698 int error;
3699
3700 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
3701 ilfp = item->ri_buf[0].i_addr;
3702 } else {
3703 ilfp = &ilf_buf;
3704 memset(ilfp, 0, sizeof(*ilfp));
3705 error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp);
3706 if (error)
3707 return;
3708 }
3709
84a5b730 3710 if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0))
00574da1
ZYW		 3711 return;
3712
3713 xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno,
d8914002 3714 ilfp->ilf_len, &xfs_inode_buf_ra_ops);
00574da1
ZYW		 3715}
3716
3717STATIC void
3718xlog_recover_dquot_ra_pass2(
3719 struct xlog *log,
3720 struct xlog_recover_item *item)
3721{
3722 struct xfs_mount *mp = log->l_mp;
3723 struct xfs_disk_dquot *recddq;
3724 struct xfs_dq_logformat *dq_f;
3725 uint type;
7d6a13f0 3726 int len;
00574da1
ZYW		 3727
3728
3729 if (mp->m_qflags == 0)
3730 return;
3731
3732 recddq = item->ri_buf[1].i_addr;
3733 if (recddq == NULL)
3734 return;
3735 if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot))
3736 return;
3737
3738 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3739 ASSERT(type);
3740 if (log->l_quotaoffs_flag & type)
3741 return;
3742
3743 dq_f = item->ri_buf[0].i_addr;
3744 ASSERT(dq_f);
3745 ASSERT(dq_f->qlf_len == 1);
3746
7d6a13f0
DC		 3747 len = XFS_FSB_TO_BB(mp, dq_f->qlf_len);
3748 if (xlog_peek_buffer_cancelled(log, dq_f->qlf_blkno, len, 0))
3749 return;
3750
3751 xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno, len,
3752 &xfs_dquot_buf_ra_ops);
00574da1
ZYW		 3753}
3754
3755STATIC void
3756xlog_recover_ra_pass2(
3757 struct xlog *log,
3758 struct xlog_recover_item *item)
3759{
3760 switch (ITEM_TYPE(item)) {
3761 case XFS_LI_BUF:
3762 xlog_recover_buffer_ra_pass2(log, item);
3763 break;
3764 case XFS_LI_INODE:
3765 xlog_recover_inode_ra_pass2(log, item);
3766 break;
3767 case XFS_LI_DQUOT:
3768 xlog_recover_dquot_ra_pass2(log, item);
3769 break;
3770 case XFS_LI_EFI:
3771 case XFS_LI_EFD:
3772 case XFS_LI_QUOTAOFF:
9e88b5d8
DW		 3773 case XFS_LI_RUI:
3774 case XFS_LI_RUD:
00574da1
ZYW		 3775 default:
3776 break;
3777 }
3778}
3779
d0450948 3780STATIC int
c9f71f5f 3781xlog_recover_commit_pass1(
ad223e60
MT		 3782 struct xlog *log,
3783 struct xlog_recover *trans,
3784 struct xlog_recover_item *item)
d0450948 3785{
c9f71f5f 3786 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1);
d0450948
CH		 3787
3788 switch (ITEM_TYPE(item)) {
3789 case XFS_LI_BUF:
c9f71f5f
CH		 3790 return xlog_recover_buffer_pass1(log, item);
3791 case XFS_LI_QUOTAOFF:
3792 return xlog_recover_quotaoff_pass1(log, item);
d0450948 3793 case XFS_LI_INODE:
d0450948 3794 case XFS_LI_EFI:
d0450948 3795 case XFS_LI_EFD:
c9f71f5f 3796 case XFS_LI_DQUOT:
28c8e41a 3797 case XFS_LI_ICREATE:
9e88b5d8
DW		 3798 case XFS_LI_RUI:
3799 case XFS_LI_RUD:
c9f71f5f 3800 /* nothing to do in pass 1 */
d0450948 3801 return 0;
c9f71f5f 3802 default:
a0fa2b67
DC		 3803 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3804 __func__, ITEM_TYPE(item));
c9f71f5f 3805 ASSERT(0);
2451337d 3806 return -EIO;
c9f71f5f
CH		 3807 }
3808}
3809
3810STATIC int
3811xlog_recover_commit_pass2(
ad223e60
MT		 3812 struct xlog *log,
3813 struct xlog_recover *trans,
3814 struct list_head *buffer_list,
3815 struct xlog_recover_item *item)
c9f71f5f
CH		 3816{
3817 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2);
3818
3819 switch (ITEM_TYPE(item)) {
3820 case XFS_LI_BUF:
50d5c8d8
DC		 3821 return xlog_recover_buffer_pass2(log, buffer_list, item,
3822 trans->r_lsn);
c9f71f5f 3823 case XFS_LI_INODE:
50d5c8d8
DC		 3824 return xlog_recover_inode_pass2(log, buffer_list, item,
3825 trans->r_lsn);
c9f71f5f
CH		 3826 case XFS_LI_EFI:
3827 return xlog_recover_efi_pass2(log, item, trans->r_lsn);
3828 case XFS_LI_EFD:
3829 return xlog_recover_efd_pass2(log, item);
9e88b5d8
DW		 3830 case XFS_LI_RUI:
3831 return xlog_recover_rui_pass2(log, item, trans->r_lsn);
3832 case XFS_LI_RUD:
3833 return xlog_recover_rud_pass2(log, item);
d0450948 3834 case XFS_LI_DQUOT:
50d5c8d8
DC		 3835 return xlog_recover_dquot_pass2(log, buffer_list, item,
3836 trans->r_lsn);
28c8e41a
DC		 3837 case XFS_LI_ICREATE:
3838 return xlog_recover_do_icreate_pass2(log, buffer_list, item);
d0450948 3839 case XFS_LI_QUOTAOFF:
c9f71f5f
CH		 3840 /* nothing to do in pass2 */
3841 return 0;
d0450948 3842 default:
a0fa2b67
DC		 3843 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3844 __func__, ITEM_TYPE(item));
d0450948 3845 ASSERT(0);
2451337d 3846 return -EIO;
d0450948
CH		 3847 }
3848}
3849
00574da1
ZYW		 3850STATIC int
3851xlog_recover_items_pass2(
3852 struct xlog *log,
3853 struct xlog_recover *trans,
3854 struct list_head *buffer_list,
3855 struct list_head *item_list)
3856{
3857 struct xlog_recover_item *item;
3858 int error = 0;
3859
3860 list_for_each_entry(item, item_list, ri_list) {
3861 error = xlog_recover_commit_pass2(log, trans,
3862 buffer_list, item);
3863 if (error)
3864 return error;
3865 }
3866
3867 return error;
3868}
3869
d0450948
CH		 3870/*
3871 * Perform the transaction.
3872 *
3873 * If the transaction modifies a buffer or inode, do it now. Otherwise,
3874 * EFIs and EFDs get queued up by adding entries into the AIL for them.
3875 */
1da177e4
LT		 3876STATIC int
3877xlog_recover_commit_trans(
ad223e60 3878 struct xlog *log,
d0450948 3879 struct xlog_recover *trans,
12818d24
BF		 3880 int pass,
3881 struct list_head *buffer_list)
1da177e4 3882{
00574da1 3883 int error = 0;
00574da1
ZYW		 3884 int items_queued = 0;
3885 struct xlog_recover_item *item;
3886 struct xlog_recover_item *next;
00574da1
ZYW		 3887 LIST_HEAD (ra_list);
3888 LIST_HEAD (done_list);
3889
3890 #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100
1da177e4 3891
f0a76953 3892 hlist_del(&trans->r_list);
d0450948
CH		 3893
3894 error = xlog_recover_reorder_trans(log, trans, pass);
3895 if (error)
1da177e4 3896 return error;
d0450948 3897
00574da1 3898 list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) {
43ff2122
CH		 3899 switch (pass) {
3900 case XLOG_RECOVER_PASS1:
c9f71f5f 3901 error = xlog_recover_commit_pass1(log, trans, item);
43ff2122
CH		 3902 break;
3903 case XLOG_RECOVER_PASS2:
00574da1
ZYW		 3904 xlog_recover_ra_pass2(log, item);
3905 list_move_tail(&item->ri_list, &ra_list);
3906 items_queued++;
3907 if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) {
3908 error = xlog_recover_items_pass2(log, trans,
12818d24 3909 buffer_list, &ra_list);
00574da1
ZYW		 3910 list_splice_tail_init(&ra_list, &done_list);
3911 items_queued = 0;
3912 }
3913
43ff2122
CH		 3914 break;
3915 default:
3916 ASSERT(0);
3917 }
3918
d0450948 3919 if (error)
43ff2122 3920 goto out;
d0450948
CH		 3921 }
3922
00574da1
ZYW		 3923out:
3924 if (!list_empty(&ra_list)) {
3925 if (!error)
3926 error = xlog_recover_items_pass2(log, trans,
12818d24 3927 buffer_list, &ra_list);
00574da1
ZYW		 3928 list_splice_tail_init(&ra_list, &done_list);
3929 }
3930
3931 if (!list_empty(&done_list))
3932 list_splice_init(&done_list, &trans->r_itemq);
3933
12818d24 3934 return error;
1da177e4
LT		 3935}
3936
76560669
DC		 3937STATIC void
3938xlog_recover_add_item(
3939 struct list_head *head)
3940{
3941 xlog_recover_item_t *item;
3942
3943 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
3944 INIT_LIST_HEAD(&item->ri_list);
3945 list_add_tail(&item->ri_list, head);
3946}
3947
1da177e4 3948STATIC int
76560669
DC		 3949xlog_recover_add_to_cont_trans(
3950 struct xlog *log,
3951 struct xlog_recover *trans,
b2a922cd 3952 char *dp,
76560669 3953 int len)
1da177e4 3954{
76560669 3955 xlog_recover_item_t *item;
b2a922cd 3956 char *ptr, *old_ptr;
76560669
DC		 3957 int old_len;
3958
89cebc84
BF		 3959 /*
3960 * If the transaction is empty, the header was split across this and the
3961 * previous record. Copy the rest of the header.
3962 */
76560669 3963 if (list_empty(&trans->r_itemq)) {
848ccfc8 3964 ASSERT(len <= sizeof(struct xfs_trans_header));
89cebc84
BF		 3965 if (len > sizeof(struct xfs_trans_header)) {
3966 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3967 return -EIO;
3968 }
3969
76560669 3970 xlog_recover_add_item(&trans->r_itemq);
b2a922cd 3971 ptr = (char *)&trans->r_theader +
89cebc84 3972 sizeof(struct xfs_trans_header) - len;
76560669
DC		 3973 memcpy(ptr, dp, len);
3974 return 0;
3975 }
89cebc84 3976
76560669
DC		 3977 /* take the tail entry */
3978 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3979
3980 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
3981 old_len = item->ri_buf[item->ri_cnt-1].i_len;
3982
664b60f6 3983 ptr = kmem_realloc(old_ptr, len + old_len, KM_SLEEP);
76560669
DC		 3984 memcpy(&ptr[old_len], dp, len);
3985 item->ri_buf[item->ri_cnt-1].i_len += len;
3986 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
3987 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
1da177e4
LT		 3988 return 0;
3989}
3990
76560669
DC		 3991/*
3992 * The next region to add is the start of a new region. It could be
3993 * a whole region or it could be the first part of a new region. Because
3994 * of this, the assumption here is that the type and size fields of all
3995 * format structures fit into the first 32 bits of the structure.
3996 *
3997 * This works because all regions must be 32 bit aligned. Therefore, we
3998 * either have both fields or we have neither field. In the case we have
3999 * neither field, the data part of the region is zero length. We only have
4000 * a log_op_header and can throw away the header since a new one will appear
4001 * later. If we have at least 4 bytes, then we can determine how many regions
4002 * will appear in the current log item.
4003 */
4004STATIC int
4005xlog_recover_add_to_trans(
4006 struct xlog *log,
4007 struct xlog_recover *trans,
b2a922cd 4008 char *dp,
76560669
DC		 4009 int len)
4010{
4011 xfs_inode_log_format_t *in_f; /* any will do */
4012 xlog_recover_item_t *item;
b2a922cd 4013 char *ptr;
76560669
DC		 4014
4015 if (!len)
4016 return 0;
4017 if (list_empty(&trans->r_itemq)) {
4018 /* we need to catch log corruptions here */
4019 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
4020 xfs_warn(log->l_mp, "%s: bad header magic number",
4021 __func__);
4022 ASSERT(0);
4023 return -EIO;
4024 }
89cebc84
BF		 4025
4026 if (len > sizeof(struct xfs_trans_header)) {
4027 xfs_warn(log->l_mp, "%s: bad header length", __func__);
4028 ASSERT(0);
4029 return -EIO;
4030 }
4031
4032 /*
4033 * The transaction header can be arbitrarily split across op
4034 * records. If we don't have the whole thing here, copy what we
4035 * do have and handle the rest in the next record.
4036 */
4037 if (len == sizeof(struct xfs_trans_header))
76560669
DC		 4038 xlog_recover_add_item(&trans->r_itemq);
4039 memcpy(&trans->r_theader, dp, len);
4040 return 0;
4041 }
4042
4043 ptr = kmem_alloc(len, KM_SLEEP);
4044 memcpy(ptr, dp, len);
4045 in_f = (xfs_inode_log_format_t *)ptr;
4046
4047 /* take the tail entry */
4048 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
4049 if (item->ri_total != 0 &&
4050 item->ri_total == item->ri_cnt) {
4051 /* tail item is in use, get a new one */
4052 xlog_recover_add_item(&trans->r_itemq);
4053 item = list_entry(trans->r_itemq.prev,
4054 xlog_recover_item_t, ri_list);
4055 }
4056
4057 if (item->ri_total == 0) { /* first region to be added */
4058 if (in_f->ilf_size == 0 ||
4059 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
4060 xfs_warn(log->l_mp,
4061 "bad number of regions (%d) in inode log format",
4062 in_f->ilf_size);
4063 ASSERT(0);
4064 kmem_free(ptr);
4065 return -EIO;
4066 }
4067
4068 item->ri_total = in_f->ilf_size;
4069 item->ri_buf =
4070 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
4071 KM_SLEEP);
4072 }
4073 ASSERT(item->ri_total > item->ri_cnt);
4074 /* Description region is ri_buf[0] */
4075 item->ri_buf[item->ri_cnt].i_addr = ptr;
4076 item->ri_buf[item->ri_cnt].i_len = len;
4077 item->ri_cnt++;
4078 trace_xfs_log_recover_item_add(log, trans, item, 0);
4079 return 0;
4080}
b818cca1 4081
76560669
DC		 4082/*
4083 * Free up any resources allocated by the transaction
4084 *
4085 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
4086 */
4087STATIC void
4088xlog_recover_free_trans(
4089 struct xlog_recover *trans)
4090{
4091 xlog_recover_item_t *item, *n;
4092 int i;
4093
4094 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
4095 /* Free the regions in the item. */
4096 list_del(&item->ri_list);
4097 for (i = 0; i < item->ri_cnt; i++)
4098 kmem_free(item->ri_buf[i].i_addr);
4099 /* Free the item itself */
4100 kmem_free(item->ri_buf);
4101 kmem_free(item);
4102 }
4103 /* Free the transaction recover structure */
4104 kmem_free(trans);
4105}
4106
e9131e50
DC		 4107/*
4108 * On error or completion, trans is freed.
4109 */
1da177e4 4110STATIC int
eeb11688
DC		 4111xlog_recovery_process_trans(
4112 struct xlog *log,
4113 struct xlog_recover *trans,
b2a922cd 4114 char *dp,
eeb11688
DC		 4115 unsigned int len,
4116 unsigned int flags,
12818d24
BF		 4117 int pass,
4118 struct list_head *buffer_list)
1da177e4 4119{
e9131e50
DC		 4120 int error = 0;
4121 bool freeit = false;
eeb11688
DC		 4122
4123 /* mask off ophdr transaction container flags */
4124 flags &= ~XLOG_END_TRANS;
4125 if (flags & XLOG_WAS_CONT_TRANS)
4126 flags &= ~XLOG_CONTINUE_TRANS;
4127
88b863db
DC		 4128 /*
4129 * Callees must not free the trans structure. We'll decide if we need to
4130 * free it or not based on the operation being done and it's result.
4131 */
eeb11688
DC		 4132 switch (flags) {
4133 /* expected flag values */
4134 case 0:
4135 case XLOG_CONTINUE_TRANS:
4136 error = xlog_recover_add_to_trans(log, trans, dp, len);
4137 break;
4138 case XLOG_WAS_CONT_TRANS:
4139 error = xlog_recover_add_to_cont_trans(log, trans, dp, len);
4140 break;
4141 case XLOG_COMMIT_TRANS:
12818d24
BF		 4142 error = xlog_recover_commit_trans(log, trans, pass,
4143 buffer_list);
88b863db
DC		 4144 /* success or fail, we are now done with this transaction. */
4145 freeit = true;
eeb11688
DC		 4146 break;
4147
4148 /* unexpected flag values */
4149 case XLOG_UNMOUNT_TRANS:
e9131e50 4150 /* just skip trans */
eeb11688 4151 xfs_warn(log->l_mp, "%s: Unmount LR", __func__);
e9131e50 4152 freeit = true;
eeb11688
DC		 4153 break;
4154 case XLOG_START_TRANS:
eeb11688
DC		 4155 default:
4156 xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags);
4157 ASSERT(0);
e9131e50 4158 error = -EIO;
eeb11688
DC		 4159 break;
4160 }
e9131e50
DC		 4161 if (error || freeit)
4162 xlog_recover_free_trans(trans);
eeb11688
DC		 4163 return error;
4164}
4165
b818cca1
DC		 4166/*
4167 * Lookup the transaction recovery structure associated with the ID in the
4168 * current ophdr. If the transaction doesn't exist and the start flag is set in
4169 * the ophdr, then allocate a new transaction for future ID matches to find.
4170 * Either way, return what we found during the lookup - an existing transaction
4171 * or nothing.
4172 */
eeb11688
DC		 4173STATIC struct xlog_recover *
4174xlog_recover_ophdr_to_trans(
4175 struct hlist_head rhash[],
4176 struct xlog_rec_header *rhead,
4177 struct xlog_op_header *ohead)
4178{
4179 struct xlog_recover *trans;
4180 xlog_tid_t tid;
4181 struct hlist_head *rhp;
4182
4183 tid = be32_to_cpu(ohead->oh_tid);
4184 rhp = &rhash[XLOG_RHASH(tid)];
b818cca1
DC		 4185 hlist_for_each_entry(trans, rhp, r_list) {
4186 if (trans->r_log_tid == tid)
4187 return trans;
4188 }
eeb11688
DC		 4189
4190 /*
b818cca1
DC		 4191 * skip over non-start transaction headers - we could be
4192 * processing slack space before the next transaction starts
4193 */
4194 if (!(ohead->oh_flags & XLOG_START_TRANS))
4195 return NULL;
4196
4197 ASSERT(be32_to_cpu(ohead->oh_len) == 0);
4198
4199 /*
4200 * This is a new transaction so allocate a new recovery container to
4201 * hold the recovery ops that will follow.
4202 */
4203 trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP);
4204 trans->r_log_tid = tid;
4205 trans->r_lsn = be64_to_cpu(rhead->h_lsn);
4206 INIT_LIST_HEAD(&trans->r_itemq);
4207 INIT_HLIST_NODE(&trans->r_list);
4208 hlist_add_head(&trans->r_list, rhp);
4209
4210 /*
4211 * Nothing more to do for this ophdr. Items to be added to this new
4212 * transaction will be in subsequent ophdr containers.
eeb11688 4213 */
eeb11688
DC		 4214 return NULL;
4215}
4216
4217STATIC int
4218xlog_recover_process_ophdr(
4219 struct xlog *log,
4220 struct hlist_head rhash[],
4221 struct xlog_rec_header *rhead,
4222 struct xlog_op_header *ohead,
b2a922cd
CH		 4223 char *dp,
4224 char *end,
12818d24
BF		 4225 int pass,
4226 struct list_head *buffer_list)
eeb11688
DC		 4227{
4228 struct xlog_recover *trans;
eeb11688 4229 unsigned int len;
12818d24 4230 int error;
eeb11688
DC		 4231
4232 /* Do we understand who wrote this op? */
4233 if (ohead->oh_clientid != XFS_TRANSACTION &&
4234 ohead->oh_clientid != XFS_LOG) {
4235 xfs_warn(log->l_mp, "%s: bad clientid 0x%x",
4236 __func__, ohead->oh_clientid);
4237 ASSERT(0);
4238 return -EIO;
4239 }
4240
4241 /*
4242 * Check the ophdr contains all the data it is supposed to contain.
4243 */
4244 len = be32_to_cpu(ohead->oh_len);
4245 if (dp + len > end) {
4246 xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len);
4247 WARN_ON(1);
4248 return -EIO;
4249 }
4250
4251 trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead);
4252 if (!trans) {
4253 /* nothing to do, so skip over this ophdr */
4254 return 0;
4255 }
4256
12818d24
BF		 4257 /*
4258 * The recovered buffer queue is drained only once we know that all
4259 * recovery items for the current LSN have been processed. This is
4260 * required because:
4261 *
4262 * - Buffer write submission updates the metadata LSN of the buffer.
4263 * - Log recovery skips items with a metadata LSN >= the current LSN of
4264 * the recovery item.
4265 * - Separate recovery items against the same metadata buffer can share
4266 * a current LSN. I.e., consider that the LSN of a recovery item is
4267 * defined as the starting LSN of the first record in which its
4268 * transaction appears, that a record can hold multiple transactions,
4269 * and/or that a transaction can span multiple records.
4270 *
4271 * In other words, we are allowed to submit a buffer from log recovery
4272 * once per current LSN. Otherwise, we may incorrectly skip recovery
4273 * items and cause corruption.
4274 *
4275 * We don't know up front whether buffers are updated multiple times per
4276 * LSN. Therefore, track the current LSN of each commit log record as it
4277 * is processed and drain the queue when it changes. Use commit records
4278 * because they are ordered correctly by the logging code.
4279 */
4280 if (log->l_recovery_lsn != trans->r_lsn &&
4281 ohead->oh_flags & XLOG_COMMIT_TRANS) {
4282 error = xfs_buf_delwri_submit(buffer_list);
4283 if (error)
4284 return error;
4285 log->l_recovery_lsn = trans->r_lsn;
4286 }
4287
e9131e50 4288 return xlog_recovery_process_trans(log, trans, dp, len,
12818d24 4289 ohead->oh_flags, pass, buffer_list);
1da177e4
LT		 4290}
4291
4292/*
4293 * There are two valid states of the r_state field. 0 indicates that the
4294 * transaction structure is in a normal state. We have either seen the
4295 * start of the transaction or the last operation we added was not a partial
4296 * operation. If the last operation we added to the transaction was a
4297 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
4298 *
4299 * NOTE: skip LRs with 0 data length.
4300 */
4301STATIC int
4302xlog_recover_process_data(
9a8d2fdb 4303 struct xlog *log,
f0a76953 4304 struct hlist_head rhash[],
9a8d2fdb 4305 struct xlog_rec_header *rhead,
b2a922cd 4306 char *dp,
12818d24
BF		 4307 int pass,
4308 struct list_head *buffer_list)
1da177e4 4309{
eeb11688 4310 struct xlog_op_header *ohead;
b2a922cd 4311 char *end;
1da177e4 4312 int num_logops;
1da177e4 4313 int error;
1da177e4 4314
eeb11688 4315 end = dp + be32_to_cpu(rhead->h_len);
b53e675d 4316 num_logops = be32_to_cpu(rhead->h_num_logops);
1da177e4
LT		 4317
4318 /* check the log format matches our own - else we can't recover */
4319 if (xlog_header_check_recover(log->l_mp, rhead))
2451337d 4320 return -EIO;
1da177e4 4321
eeb11688
DC		 4322 while ((dp < end) && num_logops) {
4323
4324 ohead = (struct xlog_op_header *)dp;
4325 dp += sizeof(*ohead);
4326 ASSERT(dp <= end);
4327
4328 /* errors will abort recovery */
4329 error = xlog_recover_process_ophdr(log, rhash, rhead, ohead,
12818d24 4330 dp, end, pass, buffer_list);
eeb11688
DC		 4331 if (error)
4332 return error;
4333
67fcb7bf 4334 dp += be32_to_cpu(ohead->oh_len);
1da177e4
LT		 4335 num_logops--;
4336 }
4337 return 0;
4338}
4339
dc42375d 4340/* Recover the EFI if necessary. */
3c1e2bbe 4341STATIC int
1da177e4 4342xlog_recover_process_efi(
dc42375d
DW		 4343 struct xfs_mount *mp,
4344 struct xfs_ail *ailp,
4345 struct xfs_log_item *lip)
1da177e4 4346{
dc42375d
DW		 4347 struct xfs_efi_log_item *efip;
4348 int error;
1da177e4
LT		 4349
4350 /*
dc42375d 4351 * Skip EFIs that we've already processed.
1da177e4 4352 */
dc42375d
DW		 4353 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4354 if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags))
4355 return 0;
1da177e4 4356
dc42375d
DW		 4357 spin_unlock(&ailp->xa_lock);
4358 error = xfs_efi_recover(mp, efip);
4359 spin_lock(&ailp->xa_lock);
1da177e4 4360
dc42375d
DW		 4361 return error;
4362}
6bc43af3 4363
dc42375d
DW		 4364/* Release the EFI since we're cancelling everything. */
4365STATIC void
4366xlog_recover_cancel_efi(
4367 struct xfs_mount *mp,
4368 struct xfs_ail *ailp,
4369 struct xfs_log_item *lip)
4370{
4371 struct xfs_efi_log_item *efip;
1da177e4 4372
dc42375d 4373 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
fc6149d8 4374
dc42375d
DW		 4375 spin_unlock(&ailp->xa_lock);
4376 xfs_efi_release(efip);
4377 spin_lock(&ailp->xa_lock);
4378}
4379
9e88b5d8
DW		 4380/* Recover the RUI if necessary. */
4381STATIC int
4382xlog_recover_process_rui(
4383 struct xfs_mount *mp,
4384 struct xfs_ail *ailp,
4385 struct xfs_log_item *lip)
4386{
4387 struct xfs_rui_log_item *ruip;
4388 int error;
4389
4390 /*
4391 * Skip RUIs that we've already processed.
4392 */
4393 ruip = container_of(lip, struct xfs_rui_log_item, rui_item);
4394 if (test_bit(XFS_RUI_RECOVERED, &ruip->rui_flags))
4395 return 0;
4396
4397 spin_unlock(&ailp->xa_lock);
4398 error = xfs_rui_recover(mp, ruip);
4399 spin_lock(&ailp->xa_lock);
4400
4401 return error;
4402}
4403
4404/* Release the RUI since we're cancelling everything. */
4405STATIC void
4406xlog_recover_cancel_rui(
4407 struct xfs_mount *mp,
4408 struct xfs_ail *ailp,
4409 struct xfs_log_item *lip)
4410{
4411 struct xfs_rui_log_item *ruip;
4412
4413 ruip = container_of(lip, struct xfs_rui_log_item, rui_item);
4414
4415 spin_unlock(&ailp->xa_lock);
4416 xfs_rui_release(ruip);
4417 spin_lock(&ailp->xa_lock);
4418}
4419
dc42375d
DW		 4420/* Is this log item a deferred action intent? */
4421static inline bool xlog_item_is_intent(struct xfs_log_item *lip)
4422{
4423 switch (lip->li_type) {
4424 case XFS_LI_EFI:
9e88b5d8 4425 case XFS_LI_RUI:
dc42375d
DW		 4426 return true;
4427 default:
4428 return false;
4429 }
1da177e4
LT		 4430}
4431
1da177e4 4432/*
dc42375d
DW		 4433 * When this is called, all of the log intent items which did not have
4434 * corresponding log done items should be in the AIL. What we do now
4435 * is update the data structures associated with each one.
1da177e4 4436 *
dc42375d
DW		 4437 * Since we process the log intent items in normal transactions, they
4438 * will be removed at some point after the commit. This prevents us
4439 * from just walking down the list processing each one. We'll use a
4440 * flag in the intent item to skip those that we've already processed
4441 * and use the AIL iteration mechanism's generation count to try to
4442 * speed this up at least a bit.
1da177e4 4443 *
dc42375d
DW		 4444 * When we start, we know that the intents are the only things in the
4445 * AIL. As we process them, however, other items are added to the
4446 * AIL.
1da177e4 4447 */
3c1e2bbe 4448STATIC int
dc42375d 4449xlog_recover_process_intents(
f0b2efad 4450 struct xlog *log)
1da177e4 4451{
f0b2efad 4452 struct xfs_log_item *lip;
3c1e2bbe 4453 int error = 0;
27d8d5fe 4454 struct xfs_ail_cursor cur;
a9c21c1b 4455 struct xfs_ail *ailp;
dc42375d 4456 xfs_lsn_t last_lsn;
1da177e4 4457
a9c21c1b
DC		 4458 ailp = log->l_ailp;
4459 spin_lock(&ailp->xa_lock);
4460 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
dc42375d 4461 last_lsn = xlog_assign_lsn(log->l_curr_cycle, log->l_curr_block);
1da177e4
LT		 4462 while (lip != NULL) {
4463 /*
dc42375d
DW		 4464 * We're done when we see something other than an intent.
4465 * There should be no intents left in the AIL now.
1da177e4 4466 */
dc42375d 4467 if (!xlog_item_is_intent(lip)) {
27d8d5fe 4468#ifdef DEBUG
a9c21c1b 4469 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
dc42375d 4470 ASSERT(!xlog_item_is_intent(lip));
27d8d5fe 4471#endif
1da177e4
LT		 4472 break;
4473 }
4474
4475 /*
dc42375d
DW		 4476 * We should never see a redo item with a LSN higher than
4477 * the last transaction we found in the log at the start
4478 * of recovery.
1da177e4 4479 */
dc42375d 4480 ASSERT(XFS_LSN_CMP(last_lsn, lip->li_lsn) >= 0);
1da177e4 4481
dc42375d
DW		 4482 switch (lip->li_type) {
4483 case XFS_LI_EFI:
4484 error = xlog_recover_process_efi(log->l_mp, ailp, lip);
4485 break;
9e88b5d8
DW		 4486 case XFS_LI_RUI:
4487 error = xlog_recover_process_rui(log->l_mp, ailp, lip);
4488 break;
dc42375d 4489 }
27d8d5fe
DC		 4490 if (error)
4491 goto out;
a9c21c1b 4492 lip = xfs_trans_ail_cursor_next(ailp, &cur);
1da177e4 4493 }
27d8d5fe 4494out:
e4a1e29c 4495 xfs_trans_ail_cursor_done(&cur);
a9c21c1b 4496 spin_unlock(&ailp->xa_lock);
3c1e2bbe 4497 return error;
1da177e4
LT		 4498}
4499
f0b2efad 4500/*
dc42375d
DW		 4501 * A cancel occurs when the mount has failed and we're bailing out.
4502 * Release all pending log intent items so they don't pin the AIL.
f0b2efad
BF		 4503 */
4504STATIC int
dc42375d 4505xlog_recover_cancel_intents(
f0b2efad
BF		 4506 struct xlog *log)
4507{
4508 struct xfs_log_item *lip;
f0b2efad
BF		 4509 int error = 0;
4510 struct xfs_ail_cursor cur;
4511 struct xfs_ail *ailp;
4512
4513 ailp = log->l_ailp;
4514 spin_lock(&ailp->xa_lock);
4515 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4516 while (lip != NULL) {
4517 /*
dc42375d
DW		 4518 * We're done when we see something other than an intent.
4519 * There should be no intents left in the AIL now.
f0b2efad 4520 */
dc42375d 4521 if (!xlog_item_is_intent(lip)) {
f0b2efad
BF		 4522#ifdef DEBUG
4523 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
dc42375d 4524 ASSERT(!xlog_item_is_intent(lip));
f0b2efad
BF		 4525#endif
4526 break;
4527 }
4528
dc42375d
DW		 4529 switch (lip->li_type) {
4530 case XFS_LI_EFI:
4531 xlog_recover_cancel_efi(log->l_mp, ailp, lip);
4532 break;
9e88b5d8
DW		 4533 case XFS_LI_RUI:
4534 xlog_recover_cancel_rui(log->l_mp, ailp, lip);
4535 break;
dc42375d 4536 }
f0b2efad
BF		 4537
4538 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4539 }
4540
4541 xfs_trans_ail_cursor_done(&cur);
4542 spin_unlock(&ailp->xa_lock);
4543 return error;
4544}
4545
1da177e4
LT		 4546/*
4547 * This routine performs a transaction to null out a bad inode pointer
4548 * in an agi unlinked inode hash bucket.
4549 */
4550STATIC void
4551xlog_recover_clear_agi_bucket(
4552 xfs_mount_t *mp,
4553 xfs_agnumber_t agno,
4554 int bucket)
4555{
4556 xfs_trans_t *tp;
4557 xfs_agi_t *agi;
4558 xfs_buf_t *agibp;
4559 int offset;
4560 int error;
4561
253f4911 4562 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_clearagi, 0, 0, 0, &tp);
e5720eec 4563 if (error)
253f4911 4564 goto out_error;
1da177e4 4565
5e1be0fb
CH		 4566 error = xfs_read_agi(mp, tp, agno, &agibp);
4567 if (error)
e5720eec 4568 goto out_abort;
1da177e4 4569
5e1be0fb 4570 agi = XFS_BUF_TO_AGI(agibp);
16259e7d 4571 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
1da177e4
LT		 4572 offset = offsetof(xfs_agi_t, agi_unlinked) +
4573 (sizeof(xfs_agino_t) * bucket);
4574 xfs_trans_log_buf(tp, agibp, offset,
4575 (offset + sizeof(xfs_agino_t) - 1));
4576
70393313 4577 error = xfs_trans_commit(tp);
e5720eec
DC		 4578 if (error)
4579 goto out_error;
4580 return;
4581
4582out_abort:
4906e215 4583 xfs_trans_cancel(tp);
e5720eec 4584out_error:
a0fa2b67 4585 xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno);
e5720eec 4586 return;
1da177e4
LT		 4587}
4588
23fac50f
CH		 4589STATIC xfs_agino_t
4590xlog_recover_process_one_iunlink(
4591 struct xfs_mount *mp,
4592 xfs_agnumber_t agno,
4593 xfs_agino_t agino,
4594 int bucket)
4595{
4596 struct xfs_buf *ibp;
4597 struct xfs_dinode *dip;
4598 struct xfs_inode *ip;
4599 xfs_ino_t ino;
4600 int error;
4601
4602 ino = XFS_AGINO_TO_INO(mp, agno, agino);
7b6259e7 4603 error = xfs_iget(mp, NULL, ino, 0, 0, &ip);
23fac50f
CH		 4604 if (error)
4605 goto fail;
4606
4607 /*
4608 * Get the on disk inode to find the next inode in the bucket.
4609 */
475ee413 4610 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0);
23fac50f 4611 if (error)
0e446673 4612 goto fail_iput;
23fac50f 4613
54d7b5c1 4614 ASSERT(VFS_I(ip)->i_nlink == 0);
c19b3b05 4615 ASSERT(VFS_I(ip)->i_mode != 0);
23fac50f
CH		 4616
4617 /* setup for the next pass */
4618 agino = be32_to_cpu(dip->di_next_unlinked);
4619 xfs_buf_relse(ibp);
4620
4621 /*
4622 * Prevent any DMAPI event from being sent when the reference on
4623 * the inode is dropped.
4624 */
4625 ip->i_d.di_dmevmask = 0;
4626
0e446673 4627 IRELE(ip);
23fac50f
CH		 4628 return agino;
4629
0e446673
CH		 4630 fail_iput:
4631 IRELE(ip);
23fac50f
CH		 4632 fail:
4633 /*
4634 * We can't read in the inode this bucket points to, or this inode
4635 * is messed up. Just ditch this bucket of inodes. We will lose
4636 * some inodes and space, but at least we won't hang.
4637 *
4638 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
4639 * clear the inode pointer in the bucket.
4640 */
4641 xlog_recover_clear_agi_bucket(mp, agno, bucket);
4642 return NULLAGINO;
4643}
4644
1da177e4
LT		 4645/*
4646 * xlog_iunlink_recover
4647 *
4648 * This is called during recovery to process any inodes which
4649 * we unlinked but not freed when the system crashed. These
4650 * inodes will be on the lists in the AGI blocks. What we do
4651 * here is scan all the AGIs and fully truncate and free any
4652 * inodes found on the lists. Each inode is removed from the
4653 * lists when it has been fully truncated and is freed. The
4654 * freeing of the inode and its removal from the list must be
4655 * atomic.
4656 */
d96f8f89 4657STATIC void
1da177e4 4658xlog_recover_process_iunlinks(
9a8d2fdb 4659 struct xlog *log)
1da177e4
LT		 4660{
4661 xfs_mount_t *mp;
4662 xfs_agnumber_t agno;
4663 xfs_agi_t *agi;
4664 xfs_buf_t *agibp;
1da177e4 4665 xfs_agino_t agino;
1da177e4
LT		 4666 int bucket;
4667 int error;
4668 uint mp_dmevmask;
4669
4670 mp = log->l_mp;
4671
4672 /*
4673 * Prevent any DMAPI event from being sent while in this function.
4674 */
4675 mp_dmevmask = mp->m_dmevmask;
4676 mp->m_dmevmask = 0;
4677
4678 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4679 /*
4680 * Find the agi for this ag.
4681 */
5e1be0fb
CH		 4682 error = xfs_read_agi(mp, NULL, agno, &agibp);
4683 if (error) {
4684 /*
4685 * AGI is b0rked. Don't process it.
4686 *
4687 * We should probably mark the filesystem as corrupt
4688 * after we've recovered all the ag's we can....
4689 */
4690 continue;
1da177e4 4691 }
d97d32ed
JK		 4692 /*
4693 * Unlock the buffer so that it can be acquired in the normal
4694 * course of the transaction to truncate and free each inode.
4695 * Because we are not racing with anyone else here for the AGI
4696 * buffer, we don't even need to hold it locked to read the
4697 * initial unlinked bucket entries out of the buffer. We keep
4698 * buffer reference though, so that it stays pinned in memory
4699 * while we need the buffer.
4700 */
1da177e4 4701 agi = XFS_BUF_TO_AGI(agibp);
d97d32ed 4702 xfs_buf_unlock(agibp);
1da177e4
LT		 4703
4704 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
16259e7d 4705 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
1da177e4 4706 while (agino != NULLAGINO) {
23fac50f
CH		 4707 agino = xlog_recover_process_one_iunlink(mp,
4708 agno, agino, bucket);
1da177e4
LT		 4709 }
4710 }
d97d32ed 4711 xfs_buf_rele(agibp);
1da177e4
LT		 4712 }
4713
4714 mp->m_dmevmask = mp_dmevmask;
4715}
4716
0e446be4 4717STATIC int
1da177e4 4718xlog_unpack_data(
9a8d2fdb 4719 struct xlog_rec_header *rhead,
b2a922cd 4720 char *dp,
9a8d2fdb 4721 struct xlog *log)
1da177e4
LT		 4722{
4723 int i, j, k;
1da177e4 4724
b53e675d 4725 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
1da177e4 4726 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
b53e675d 4727 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
1da177e4
LT		 4728 dp += BBSIZE;
4729 }
4730
62118709 4731 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
b28708d6 4732 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
b53e675d 4733 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
1da177e4
LT		 4734 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4735 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
b53e675d 4736 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
1da177e4
LT		 4737 dp += BBSIZE;
4738 }
4739 }
0e446be4
CH		 4740
4741 return 0;
1da177e4
LT		 4742}
4743
9d94901f 4744/*
b94fb2d1 4745 * CRC check, unpack and process a log record.
9d94901f
BF		 4746 */
4747STATIC int
4748xlog_recover_process(
4749 struct xlog *log,
4750 struct hlist_head rhash[],
4751 struct xlog_rec_header *rhead,
4752 char *dp,
12818d24
BF		 4753 int pass,
4754 struct list_head *buffer_list)
9d94901f
BF		 4755{
4756 int error;
b94fb2d1
BF		 4757 __le32 crc;
4758
6528250b
BF		 4759 crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len));
4760
b94fb2d1 4761 /*
6528250b
BF		 4762 * Nothing else to do if this is a CRC verification pass. Just return
4763 * if this a record with a non-zero crc. Unfortunately, mkfs always
4764 * sets h_crc to 0 so we must consider this valid even on v5 supers.
4765 * Otherwise, return EFSBADCRC on failure so the callers up the stack
4766 * know precisely what failed.
4767 */
4768 if (pass == XLOG_RECOVER_CRCPASS) {
8e0bd492 4769 if (rhead->h_crc && crc != rhead->h_crc)
6528250b
BF		 4770 return -EFSBADCRC;
4771 return 0;
4772 }
4773
4774 /*
4775 * We're in the normal recovery path. Issue a warning if and only if the
4776 * CRC in the header is non-zero. This is an advisory warning and the
4777 * zero CRC check prevents warnings from being emitted when upgrading
4778 * the kernel from one that does not add CRCs by default.
b94fb2d1 4779 */
8e0bd492 4780 if (crc != rhead->h_crc) {
b94fb2d1
BF		 4781 if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) {
4782 xfs_alert(log->l_mp,
4783 "log record CRC mismatch: found 0x%x, expected 0x%x.",
4784 le32_to_cpu(rhead->h_crc),
4785 le32_to_cpu(crc));
4786 xfs_hex_dump(dp, 32);
4787 }
4788
4789 /*
4790 * If the filesystem is CRC enabled, this mismatch becomes a
4791 * fatal log corruption failure.
4792 */
4793 if (xfs_sb_version_hascrc(&log->l_mp->m_sb))
4794 return -EFSCORRUPTED;
4795 }
9d94901f
BF		 4796
4797 error = xlog_unpack_data(rhead, dp, log);
4798 if (error)
4799 return error;
4800
12818d24
BF		 4801 return xlog_recover_process_data(log, rhash, rhead, dp, pass,
4802 buffer_list);
9d94901f
BF		 4803}
4804
1da177e4
LT		 4805STATIC int
4806xlog_valid_rec_header(
9a8d2fdb
MT		 4807 struct xlog *log,
4808 struct xlog_rec_header *rhead,
1da177e4
LT		 4809 xfs_daddr_t blkno)
4810{
4811 int hlen;
4812
69ef921b 4813 if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) {
1da177e4
LT		 4814 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
4815 XFS_ERRLEVEL_LOW, log->l_mp);
2451337d 4816 return -EFSCORRUPTED;
1da177e4
LT		 4817 }
4818 if (unlikely(
4819 (!rhead->h_version ||
b53e675d 4820 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
a0fa2b67 4821 xfs_warn(log->l_mp, "%s: unrecognised log version (%d).",
34a622b2 4822 __func__, be32_to_cpu(rhead->h_version));
2451337d 4823 return -EIO;
1da177e4
LT		 4824 }
4825
4826 /* LR body must have data or it wouldn't have been written */
b53e675d 4827 hlen = be32_to_cpu(rhead->h_len);
1da177e4
LT		 4828 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
4829 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
4830 XFS_ERRLEVEL_LOW, log->l_mp);
2451337d 4831 return -EFSCORRUPTED;
1da177e4
LT		 4832 }
4833 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
4834 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
4835 XFS_ERRLEVEL_LOW, log->l_mp);
2451337d 4836 return -EFSCORRUPTED;
1da177e4
LT		 4837 }
4838 return 0;
4839}
4840
4841/*
4842 * Read the log from tail to head and process the log records found.
4843 * Handle the two cases where the tail and head are in the same cycle
4844 * and where the active portion of the log wraps around the end of
4845 * the physical log separately. The pass parameter is passed through
4846 * to the routines called to process the data and is not looked at
4847 * here.
4848 */
4849STATIC int
4850xlog_do_recovery_pass(
9a8d2fdb 4851 struct xlog *log,
1da177e4
LT		 4852 xfs_daddr_t head_blk,
4853 xfs_daddr_t tail_blk,
d7f37692
BF		 4854 int pass,
4855 xfs_daddr_t *first_bad) /* out: first bad log rec */
1da177e4
LT		 4856{
4857 xlog_rec_header_t *rhead;
4858 xfs_daddr_t blk_no;
d7f37692 4859 xfs_daddr_t rhead_blk;
b2a922cd 4860 char *offset;
1da177e4 4861 xfs_buf_t *hbp, *dbp;
a70f9fe5 4862 int error = 0, h_size, h_len;
12818d24 4863 int error2 = 0;
1da177e4
LT		 4864 int bblks, split_bblks;
4865 int hblks, split_hblks, wrapped_hblks;
f0a76953 4866 struct hlist_head rhash[XLOG_RHASH_SIZE];
12818d24 4867 LIST_HEAD (buffer_list);
1da177e4
LT		 4868
4869 ASSERT(head_blk != tail_blk);
d7f37692 4870 rhead_blk = 0;
1da177e4
LT		 4871
4872 /*
4873 * Read the header of the tail block and get the iclog buffer size from
4874 * h_size. Use this to tell how many sectors make up the log header.
4875 */
62118709 4876 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1da177e4
LT		 4877 /*
4878 * When using variable length iclogs, read first sector of
4879 * iclog header and extract the header size from it. Get a
4880 * new hbp that is the correct size.
4881 */
4882 hbp = xlog_get_bp(log, 1);
4883 if (!hbp)
2451337d 4884 return -ENOMEM;
076e6acb
CH		 4885
4886 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
4887 if (error)
1da177e4 4888 goto bread_err1;
076e6acb 4889
1da177e4
LT		 4890 rhead = (xlog_rec_header_t *)offset;
4891 error = xlog_valid_rec_header(log, rhead, tail_blk);
4892 if (error)
4893 goto bread_err1;
a70f9fe5
BF		 4894
4895 /*
4896 * xfsprogs has a bug where record length is based on lsunit but
4897 * h_size (iclog size) is hardcoded to 32k. Now that we
4898 * unconditionally CRC verify the unmount record, this means the
4899 * log buffer can be too small for the record and cause an
4900 * overrun.
4901 *
4902 * Detect this condition here. Use lsunit for the buffer size as
4903 * long as this looks like the mkfs case. Otherwise, return an
4904 * error to avoid a buffer overrun.
4905 */
b53e675d 4906 h_size = be32_to_cpu(rhead->h_size);
a70f9fe5
BF		 4907 h_len = be32_to_cpu(rhead->h_len);
4908 if (h_len > h_size) {
4909 if (h_len <= log->l_mp->m_logbsize &&
4910 be32_to_cpu(rhead->h_num_logops) == 1) {
4911 xfs_warn(log->l_mp,
4912 "invalid iclog size (%d bytes), using lsunit (%d bytes)",
4913 h_size, log->l_mp->m_logbsize);
4914 h_size = log->l_mp->m_logbsize;
4915 } else
4916 return -EFSCORRUPTED;
4917 }
4918
b53e675d 4919 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
1da177e4
LT		 4920 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
4921 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
4922 if (h_size % XLOG_HEADER_CYCLE_SIZE)
4923 hblks++;
4924 xlog_put_bp(hbp);
4925 hbp = xlog_get_bp(log, hblks);
4926 } else {
4927 hblks = 1;
4928 }
4929 } else {
69ce58f0 4930 ASSERT(log->l_sectBBsize == 1);
1da177e4
LT		 4931 hblks = 1;
4932 hbp = xlog_get_bp(log, 1);
4933 h_size = XLOG_BIG_RECORD_BSIZE;
4934 }
4935
4936 if (!hbp)
2451337d 4937 return -ENOMEM;
1da177e4
LT		 4938 dbp = xlog_get_bp(log, BTOBB(h_size));
4939 if (!dbp) {
4940 xlog_put_bp(hbp);
2451337d 4941 return -ENOMEM;
1da177e4
LT		 4942 }
4943
4944 memset(rhash, 0, sizeof(rhash));
d7f37692 4945 blk_no = rhead_blk = tail_blk;
970fd3f0 4946 if (tail_blk > head_blk) {
1da177e4
LT		 4947 /*
4948 * Perform recovery around the end of the physical log.
4949 * When the head is not on the same cycle number as the tail,
970fd3f0 4950 * we can't do a sequential recovery.
1da177e4 4951 */
1da177e4
LT		 4952 while (blk_no < log->l_logBBsize) {
4953 /*
4954 * Check for header wrapping around physical end-of-log
4955 */
62926044 4956 offset = hbp->b_addr;
1da177e4
LT		 4957 split_hblks = 0;
4958 wrapped_hblks = 0;
4959 if (blk_no + hblks <= log->l_logBBsize) {
4960 /* Read header in one read */
076e6acb
CH		 4961 error = xlog_bread(log, blk_no, hblks, hbp,
4962 &offset);
1da177e4
LT		 4963 if (error)
4964 goto bread_err2;
1da177e4
LT		 4965 } else {
4966 /* This LR is split across physical log end */
4967 if (blk_no != log->l_logBBsize) {
4968 /* some data before physical log end */
4969 ASSERT(blk_no <= INT_MAX);
4970 split_hblks = log->l_logBBsize - (int)blk_no;
4971 ASSERT(split_hblks > 0);
076e6acb
CH		 4972 error = xlog_bread(log, blk_no,
4973 split_hblks, hbp,
4974 &offset);
4975 if (error)
1da177e4 4976 goto bread_err2;
1da177e4 4977 }
076e6acb 4978
1da177e4
LT		 4979 /*
4980 * Note: this black magic still works with
4981 * large sector sizes (non-512) only because:
4982 * - we increased the buffer size originally
4983 * by 1 sector giving us enough extra space
4984 * for the second read;
4985 * - the log start is guaranteed to be sector
4986 * aligned;
4987 * - we read the log end (LR header start)
4988 * _first_, then the log start (LR header end)
4989 * - order is important.
4990 */
234f56ac 4991 wrapped_hblks = hblks - split_hblks;
44396476
DC		 4992 error = xlog_bread_offset(log, 0,
4993 wrapped_hblks, hbp,
4994 offset + BBTOB(split_hblks));
1da177e4
LT		 4995 if (error)
4996 goto bread_err2;
1da177e4
LT		 4997 }
4998 rhead = (xlog_rec_header_t *)offset;
4999 error = xlog_valid_rec_header(log, rhead,
5000 split_hblks ? blk_no : 0);
5001 if (error)
5002 goto bread_err2;
5003
b53e675d 5004 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
1da177e4
LT		 5005 blk_no += hblks;
5006
5007 /* Read in data for log record */
5008 if (blk_no + bblks <= log->l_logBBsize) {
076e6acb
CH		 5009 error = xlog_bread(log, blk_no, bblks, dbp,
5010 &offset);
1da177e4
LT		 5011 if (error)
5012 goto bread_err2;
1da177e4
LT		 5013 } else {
5014 /* This log record is split across the
5015 * physical end of log */
62926044 5016 offset = dbp->b_addr;
1da177e4
LT		 5017 split_bblks = 0;
5018 if (blk_no != log->l_logBBsize) {
5019 /* some data is before the physical
5020 * end of log */
5021 ASSERT(!wrapped_hblks);
5022 ASSERT(blk_no <= INT_MAX);
5023 split_bblks =
5024 log->l_logBBsize - (int)blk_no;
5025 ASSERT(split_bblks > 0);
076e6acb
CH		 5026 error = xlog_bread(log, blk_no,
5027 split_bblks, dbp,
5028 &offset);
5029 if (error)
1da177e4 5030 goto bread_err2;
1da177e4 5031 }
076e6acb 5032
1da177e4
LT		 5033 /*
5034 * Note: this black magic still works with
5035 * large sector sizes (non-512) only because:
5036 * - we increased the buffer size originally
5037 * by 1 sector giving us enough extra space
5038 * for the second read;
5039 * - the log start is guaranteed to be sector
5040 * aligned;
5041 * - we read the log end (LR header start)
5042 * _first_, then the log start (LR header end)
5043 * - order is important.
5044 */
44396476 5045 error = xlog_bread_offset(log, 0,
009507b0 5046 bblks - split_bblks, dbp,
44396476 5047 offset + BBTOB(split_bblks));
076e6acb
CH		 5048 if (error)
5049 goto bread_err2;
1da177e4 5050 }
0e446be4 5051
9d94901f 5052 error = xlog_recover_process(log, rhash, rhead, offset,
12818d24 5053 pass, &buffer_list);
0e446be4 5054 if (error)
1da177e4 5055 goto bread_err2;
d7f37692 5056
1da177e4 5057 blk_no += bblks;
d7f37692 5058 rhead_blk = blk_no;
1da177e4
LT		 5059 }
5060
5061 ASSERT(blk_no >= log->l_logBBsize);
5062 blk_no -= log->l_logBBsize;
d7f37692 5063 rhead_blk = blk_no;
970fd3f0 5064 }
1da177e4 5065
970fd3f0
ES		 5066 /* read first part of physical log */
5067 while (blk_no < head_blk) {
5068 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
5069 if (error)
5070 goto bread_err2;
076e6acb 5071
970fd3f0
ES		 5072 rhead = (xlog_rec_header_t *)offset;
5073 error = xlog_valid_rec_header(log, rhead, blk_no);
5074 if (error)
5075 goto bread_err2;
076e6acb 5076
970fd3f0
ES		 5077 /* blocks in data section */
5078 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
5079 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
5080 &offset);
5081 if (error)
5082 goto bread_err2;
076e6acb 5083
12818d24
BF		 5084 error = xlog_recover_process(log, rhash, rhead, offset, pass,
5085 &buffer_list);
970fd3f0
ES		 5086 if (error)
5087 goto bread_err2;
d7f37692 5088
970fd3f0 5089 blk_no += bblks + hblks;
d7f37692 5090 rhead_blk = blk_no;
1da177e4
LT		 5091 }
5092
5093 bread_err2:
5094 xlog_put_bp(dbp);
5095 bread_err1:
5096 xlog_put_bp(hbp);
d7f37692 5097
12818d24
BF		 5098 /*
5099 * Submit buffers that have been added from the last record processed,
5100 * regardless of error status.
5101 */
5102 if (!list_empty(&buffer_list))
5103 error2 = xfs_buf_delwri_submit(&buffer_list);
5104
d7f37692
BF		 5105 if (error && first_bad)
5106 *first_bad = rhead_blk;
5107
12818d24 5108 return error ? error : error2;
1da177e4
LT		 5109}
5110
5111/*
5112 * Do the recovery of the log. We actually do this in two phases.
5113 * The two passes are necessary in order to implement the function
5114 * of cancelling a record written into the log. The first pass
5115 * determines those things which have been cancelled, and the
5116 * second pass replays log items normally except for those which
5117 * have been cancelled. The handling of the replay and cancellations
5118 * takes place in the log item type specific routines.
5119 *
5120 * The table of items which have cancel records in the log is allocated
5121 * and freed at this level, since only here do we know when all of
5122 * the log recovery has been completed.
5123 */
5124STATIC int
5125xlog_do_log_recovery(
9a8d2fdb 5126 struct xlog *log,
1da177e4
LT		 5127 xfs_daddr_t head_blk,
5128 xfs_daddr_t tail_blk)
5129{
d5689eaa 5130 int error, i;
1da177e4
LT		 5131
5132 ASSERT(head_blk != tail_blk);
5133
5134 /*
5135 * First do a pass to find all of the cancelled buf log items.
5136 * Store them in the buf_cancel_table for use in the second pass.
5137 */
d5689eaa
CH		 5138 log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE *
5139 sizeof(struct list_head),
1da177e4 5140 KM_SLEEP);
d5689eaa
CH		 5141 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
5142 INIT_LIST_HEAD(&log->l_buf_cancel_table[i]);
5143
1da177e4 5144 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
d7f37692 5145 XLOG_RECOVER_PASS1, NULL);
1da177e4 5146 if (error != 0) {
f0e2d93c 5147 kmem_free(log->l_buf_cancel_table);
1da177e4
LT		 5148 log->l_buf_cancel_table = NULL;
5149 return error;
5150 }
5151 /*
5152 * Then do a second pass to actually recover the items in the log.
5153 * When it is complete free the table of buf cancel items.
5154 */
5155 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
d7f37692 5156 XLOG_RECOVER_PASS2, NULL);
1da177e4 5157#ifdef DEBUG
6d192a9b 5158 if (!error) {
1da177e4
LT		 5159 int i;
5160
5161 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
d5689eaa 5162 ASSERT(list_empty(&log->l_buf_cancel_table[i]));
1da177e4
LT		 5163 }
5164#endif /* DEBUG */
5165
f0e2d93c 5166 kmem_free(log->l_buf_cancel_table);
1da177e4
LT		 5167 log->l_buf_cancel_table = NULL;
5168
5169 return error;
5170}
5171
5172/*
5173 * Do the actual recovery
5174 */
5175STATIC int
5176xlog_do_recover(
9a8d2fdb 5177 struct xlog *log,
1da177e4
LT		 5178 xfs_daddr_t head_blk,
5179 xfs_daddr_t tail_blk)
5180{
a798011c 5181 struct xfs_mount *mp = log->l_mp;
1da177e4
LT		 5182 int error;
5183 xfs_buf_t *bp;
5184 xfs_sb_t *sbp;
5185
5186 /*
5187 * First replay the images in the log.
5188 */
5189 error = xlog_do_log_recovery(log, head_blk, tail_blk);
43ff2122 5190 if (error)
1da177e4 5191 return error;
1da177e4
LT		 5192
5193 /*
5194 * If IO errors happened during recovery, bail out.
5195 */
a798011c 5196 if (XFS_FORCED_SHUTDOWN(mp)) {
2451337d 5197 return -EIO;
1da177e4
LT		 5198 }
5199
5200 /*
5201 * We now update the tail_lsn since much of the recovery has completed
5202 * and there may be space available to use. If there were no extent
5203 * or iunlinks, we can free up the entire log and set the tail_lsn to
5204 * be the last_sync_lsn. This was set in xlog_find_tail to be the
5205 * lsn of the last known good LR on disk. If there are extent frees
5206 * or iunlinks they will have some entries in the AIL; so we look at
5207 * the AIL to determine how to set the tail_lsn.
5208 */
a798011c 5209 xlog_assign_tail_lsn(mp);
1da177e4
LT		 5210
5211 /*
5212 * Now that we've finished replaying all buffer and inode
98021821 5213 * updates, re-read in the superblock and reverify it.
1da177e4 5214 */
a798011c 5215 bp = xfs_getsb(mp, 0);
1157b32c 5216 bp->b_flags &= ~(XBF_DONE | XBF_ASYNC);
b68c0821 5217 ASSERT(!(bp->b_flags & XBF_WRITE));
0cac682f 5218 bp->b_flags |= XBF_READ;
1813dd64 5219 bp->b_ops = &xfs_sb_buf_ops;
83a0adc3 5220
595bff75 5221 error = xfs_buf_submit_wait(bp);
d64e31a2 5222 if (error) {
a798011c 5223 if (!XFS_FORCED_SHUTDOWN(mp)) {
595bff75
DC		 5224 xfs_buf_ioerror_alert(bp, __func__);
5225 ASSERT(0);
5226 }
1da177e4
LT		 5227 xfs_buf_relse(bp);
5228 return error;
5229 }
5230
5231 /* Convert superblock from on-disk format */
a798011c 5232 sbp = &mp->m_sb;
98021821 5233 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
1da177e4
LT		 5234 xfs_buf_relse(bp);
5235
a798011c
DC		 5236 /* re-initialise in-core superblock and geometry structures */
5237 xfs_reinit_percpu_counters(mp);
5238 error = xfs_initialize_perag(mp, sbp->sb_agcount, &mp->m_maxagi);
5239 if (error) {
5240 xfs_warn(mp, "Failed post-recovery per-ag init: %d", error);
5241 return error;
5242 }
52548852 5243 mp->m_alloc_set_aside = xfs_alloc_set_aside(mp);
5478eead 5244
1da177e4
LT		 5245 xlog_recover_check_summary(log);
5246
5247 /* Normal transactions can now occur */
5248 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
5249 return 0;
5250}
5251
5252/*
5253 * Perform recovery and re-initialize some log variables in xlog_find_tail.
5254 *
5255 * Return error or zero.
5256 */
5257int
5258xlog_recover(
9a8d2fdb 5259 struct xlog *log)
1da177e4
LT		 5260{
5261 xfs_daddr_t head_blk, tail_blk;
5262 int error;
5263
5264 /* find the tail of the log */
a45086e2
BF		 5265 error = xlog_find_tail(log, &head_blk, &tail_blk);
5266 if (error)
1da177e4
LT		 5267 return error;
5268
a45086e2
BF		 5269 /*
5270 * The superblock was read before the log was available and thus the LSN
5271 * could not be verified. Check the superblock LSN against the current
5272 * LSN now that it's known.
5273 */
5274 if (xfs_sb_version_hascrc(&log->l_mp->m_sb) &&
5275 !xfs_log_check_lsn(log->l_mp, log->l_mp->m_sb.sb_lsn))
5276 return -EINVAL;
5277
1da177e4
LT		 5278 if (tail_blk != head_blk) {
5279 /* There used to be a comment here:
5280 *
5281 * disallow recovery on read-only mounts. note -- mount
5282 * checks for ENOSPC and turns it into an intelligent
5283 * error message.
5284 * ...but this is no longer true. Now, unless you specify
5285 * NORECOVERY (in which case this function would never be
5286 * called), we just go ahead and recover. We do this all
5287 * under the vfs layer, so we can get away with it unless
5288 * the device itself is read-only, in which case we fail.
5289 */
3a02ee18 5290 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
1da177e4
LT		 5291 return error;
5292 }
5293
e721f504
DC		 5294 /*
5295 * Version 5 superblock log feature mask validation. We know the
5296 * log is dirty so check if there are any unknown log features
5297 * in what we need to recover. If there are unknown features
5298 * (e.g. unsupported transactions, then simply reject the
5299 * attempt at recovery before touching anything.
5300 */
5301 if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 &&
5302 xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb,
5303 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
5304 xfs_warn(log->l_mp,
f41febd2 5305"Superblock has unknown incompatible log features (0x%x) enabled.",
e721f504
DC		 5306 (log->l_mp->m_sb.sb_features_log_incompat &
5307 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
f41febd2
JP		 5308 xfs_warn(log->l_mp,
5309"The log can not be fully and/or safely recovered by this kernel.");
5310 xfs_warn(log->l_mp,
5311"Please recover the log on a kernel that supports the unknown features.");
2451337d 5312 return -EINVAL;
e721f504
DC		 5313 }
5314
2e227178
BF		 5315 /*
5316 * Delay log recovery if the debug hook is set. This is debug
5317 * instrumention to coordinate simulation of I/O failures with
5318 * log recovery.
5319 */
5320 if (xfs_globals.log_recovery_delay) {
5321 xfs_notice(log->l_mp,
5322 "Delaying log recovery for %d seconds.",
5323 xfs_globals.log_recovery_delay);
5324 msleep(xfs_globals.log_recovery_delay * 1000);
5325 }
5326
a0fa2b67
DC		 5327 xfs_notice(log->l_mp, "Starting recovery (logdev: %s)",
5328 log->l_mp->m_logname ? log->l_mp->m_logname
5329 : "internal");
1da177e4
LT		 5330
5331 error = xlog_do_recover(log, head_blk, tail_blk);
5332 log->l_flags |= XLOG_RECOVERY_NEEDED;
5333 }
5334 return error;
5335}
5336
5337/*
5338 * In the first part of recovery we replay inodes and buffers and build
5339 * up the list of extent free items which need to be processed. Here
5340 * we process the extent free items and clean up the on disk unlinked
5341 * inode lists. This is separated from the first part of recovery so
5342 * that the root and real-time bitmap inodes can be read in from disk in
5343 * between the two stages. This is necessary so that we can free space
5344 * in the real-time portion of the file system.
5345 */
5346int
5347xlog_recover_finish(
9a8d2fdb 5348 struct xlog *log)
1da177e4
LT		 5349{
5350 /*
5351 * Now we're ready to do the transactions needed for the
5352 * rest of recovery. Start with completing all the extent
5353 * free intent records and then process the unlinked inode
5354 * lists. At this point, we essentially run in normal mode
5355 * except that we're still performing recovery actions
5356 * rather than accepting new requests.
5357 */
5358 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
3c1e2bbe 5359 int error;
dc42375d 5360 error = xlog_recover_process_intents(log);
3c1e2bbe 5361 if (error) {
dc42375d 5362 xfs_alert(log->l_mp, "Failed to recover intents");
3c1e2bbe
DC		 5363 return error;
5364 }
9e88b5d8 5365
1da177e4 5366 /*
dc42375d 5367 * Sync the log to get all the intents out of the AIL.
1da177e4
LT		 5368 * This isn't absolutely necessary, but it helps in
5369 * case the unlink transactions would have problems
dc42375d 5370 * pushing the intents out of the way.
1da177e4 5371 */
a14a348b 5372 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
1da177e4 5373
4249023a 5374 xlog_recover_process_iunlinks(log);
1da177e4
LT		 5375
5376 xlog_recover_check_summary(log);
5377
a0fa2b67
DC		 5378 xfs_notice(log->l_mp, "Ending recovery (logdev: %s)",
5379 log->l_mp->m_logname ? log->l_mp->m_logname
5380 : "internal");
1da177e4
LT		 5381 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
5382 } else {
a0fa2b67 5383 xfs_info(log->l_mp, "Ending clean mount");
1da177e4
LT		 5384 }
5385 return 0;
5386}
5387
f0b2efad
BF		 5388int
5389xlog_recover_cancel(
5390 struct xlog *log)
5391{
5392 int error = 0;
5393
5394 if (log->l_flags & XLOG_RECOVERY_NEEDED)
dc42375d 5395 error = xlog_recover_cancel_intents(log);
f0b2efad
BF		 5396
5397 return error;
5398}
1da177e4
LT		 5399
5400#if defined(DEBUG)
5401/*
5402 * Read all of the agf and agi counters and check that they
5403 * are consistent with the superblock counters.
5404 */
5405void
5406xlog_recover_check_summary(
9a8d2fdb 5407 struct xlog *log)
1da177e4
LT		 5408{
5409 xfs_mount_t *mp;
5410 xfs_agf_t *agfp;
1da177e4
LT		 5411 xfs_buf_t *agfbp;
5412 xfs_buf_t *agibp;
1da177e4
LT		 5413 xfs_agnumber_t agno;
5414 __uint64_t freeblks;
5415 __uint64_t itotal;
5416 __uint64_t ifree;
5e1be0fb 5417 int error;
1da177e4
LT		 5418
5419 mp = log->l_mp;
5420
5421 freeblks = 0LL;
5422 itotal = 0LL;
5423 ifree = 0LL;
5424 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4805621a
CH		 5425 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
5426 if (error) {
a0fa2b67
DC		 5427 xfs_alert(mp, "%s agf read failed agno %d error %d",
5428 __func__, agno, error);
4805621a
CH		 5429 } else {
5430 agfp = XFS_BUF_TO_AGF(agfbp);
5431 freeblks += be32_to_cpu(agfp->agf_freeblks) +
5432 be32_to_cpu(agfp->agf_flcount);
5433 xfs_buf_relse(agfbp);
1da177e4 5434 }
1da177e4 5435
5e1be0fb 5436 error = xfs_read_agi(mp, NULL, agno, &agibp);
a0fa2b67
DC		 5437 if (error) {
5438 xfs_alert(mp, "%s agi read failed agno %d error %d",
5439 __func__, agno, error);
5440 } else {
5e1be0fb 5441 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
16259e7d 5442
5e1be0fb
CH		 5443 itotal += be32_to_cpu(agi->agi_count);
5444 ifree += be32_to_cpu(agi->agi_freecount);
5445 xfs_buf_relse(agibp);
5446 }
1da177e4 5447 }
1da177e4
LT		 5448}
5449#endif /* DEBUG */
ubuntu-bionic-kernel mirror