]>
Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
87c199c2 | 2 | * Copyright (c) 2000-2006 Silicon Graphics, Inc. |
7b718769 | 3 | * All Rights Reserved. |
1da177e4 | 4 | * |
7b718769 NS |
5 | * This program is free software; you can redistribute it and/or |
6 | * modify it under the terms of the GNU General Public License as | |
1da177e4 LT |
7 | * published by the Free Software Foundation. |
8 | * | |
7b718769 NS |
9 | * This program is distributed in the hope that it would be useful, |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | * GNU General Public License for more details. | |
1da177e4 | 13 | * |
7b718769 NS |
14 | * You should have received a copy of the GNU General Public License |
15 | * along with this program; if not, write the Free Software Foundation, | |
16 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
1da177e4 | 17 | */ |
1da177e4 | 18 | #include "xfs.h" |
a844f451 | 19 | #include "xfs_fs.h" |
70a9883c | 20 | #include "xfs_shared.h" |
239880ef DC |
21 | #include "xfs_format.h" |
22 | #include "xfs_log_format.h" | |
23 | #include "xfs_trans_resv.h" | |
a844f451 | 24 | #include "xfs_bit.h" |
a844f451 | 25 | #include "xfs_sb.h" |
1da177e4 | 26 | #include "xfs_mount.h" |
57062787 | 27 | #include "xfs_da_format.h" |
9a2cc41c | 28 | #include "xfs_da_btree.h" |
1da177e4 | 29 | #include "xfs_inode.h" |
239880ef | 30 | #include "xfs_trans.h" |
239880ef | 31 | #include "xfs_log.h" |
1da177e4 | 32 | #include "xfs_log_priv.h" |
1da177e4 | 33 | #include "xfs_log_recover.h" |
a4fbe6ab | 34 | #include "xfs_inode_item.h" |
1da177e4 LT |
35 | #include "xfs_extfree_item.h" |
36 | #include "xfs_trans_priv.h" | |
a4fbe6ab DC |
37 | #include "xfs_alloc.h" |
38 | #include "xfs_ialloc.h" | |
1da177e4 | 39 | #include "xfs_quota.h" |
0e446be4 | 40 | #include "xfs_cksum.h" |
0b1b213f | 41 | #include "xfs_trace.h" |
33479e05 | 42 | #include "xfs_icache.h" |
a4fbe6ab | 43 | #include "xfs_bmap_btree.h" |
a4fbe6ab | 44 | #include "xfs_error.h" |
2b9ab5ab | 45 | #include "xfs_dir2.h" |
9e88b5d8 | 46 | #include "xfs_rmap_item.h" |
60a4a222 | 47 | #include "xfs_buf_item.h" |
1da177e4 | 48 | |
fc06c6d0 DC |
49 | #define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1) |
50 | ||
9a8d2fdb MT |
51 | STATIC int |
52 | xlog_find_zeroed( | |
53 | struct xlog *, | |
54 | xfs_daddr_t *); | |
55 | STATIC int | |
56 | xlog_clear_stale_blocks( | |
57 | struct xlog *, | |
58 | xfs_lsn_t); | |
1da177e4 | 59 | #if defined(DEBUG) |
9a8d2fdb MT |
60 | STATIC void |
61 | xlog_recover_check_summary( | |
62 | struct xlog *); | |
1da177e4 LT |
63 | #else |
64 | #define xlog_recover_check_summary(log) | |
1da177e4 | 65 | #endif |
7088c413 BF |
66 | STATIC int |
67 | xlog_do_recovery_pass( | |
68 | struct xlog *, xfs_daddr_t, xfs_daddr_t, int, xfs_daddr_t *); | |
1da177e4 | 69 | |
d5689eaa CH |
70 | /* |
71 | * This structure is used during recovery to record the buf log items which | |
72 | * have been canceled and should not be replayed. | |
73 | */ | |
74 | struct xfs_buf_cancel { | |
75 | xfs_daddr_t bc_blkno; | |
76 | uint bc_len; | |
77 | int bc_refcount; | |
78 | struct list_head bc_list; | |
79 | }; | |
80 | ||
1da177e4 LT |
81 | /* |
82 | * Sector aligned buffer routines for buffer create/read/write/access | |
83 | */ | |
84 | ||
ff30a622 AE |
85 | /* |
86 | * Verify the given count of basic blocks is valid number of blocks | |
87 | * to specify for an operation involving the given XFS log buffer. | |
88 | * Returns nonzero if the count is valid, 0 otherwise. | |
89 | */ | |
90 | ||
91 | static inline int | |
92 | xlog_buf_bbcount_valid( | |
9a8d2fdb | 93 | struct xlog *log, |
ff30a622 AE |
94 | int bbcount) |
95 | { | |
96 | return bbcount > 0 && bbcount <= log->l_logBBsize; | |
97 | } | |
98 | ||
36adecff AE |
99 | /* |
100 | * Allocate a buffer to hold log data. The buffer needs to be able | |
101 | * to map to a range of nbblks basic blocks at any valid (basic | |
102 | * block) offset within the log. | |
103 | */ | |
5d77c0dc | 104 | STATIC xfs_buf_t * |
1da177e4 | 105 | xlog_get_bp( |
9a8d2fdb | 106 | struct xlog *log, |
3228149c | 107 | int nbblks) |
1da177e4 | 108 | { |
c8da0faf CH |
109 | struct xfs_buf *bp; |
110 | ||
ff30a622 | 111 | if (!xlog_buf_bbcount_valid(log, nbblks)) { |
a0fa2b67 | 112 | xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer", |
ff30a622 AE |
113 | nbblks); |
114 | XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp); | |
3228149c DC |
115 | return NULL; |
116 | } | |
1da177e4 | 117 | |
36adecff AE |
118 | /* |
119 | * We do log I/O in units of log sectors (a power-of-2 | |
120 | * multiple of the basic block size), so we round up the | |
25985edc | 121 | * requested size to accommodate the basic blocks required |
36adecff AE |
122 | * for complete log sectors. |
123 | * | |
124 | * In addition, the buffer may be used for a non-sector- | |
125 | * aligned block offset, in which case an I/O of the | |
126 | * requested size could extend beyond the end of the | |
127 | * buffer. If the requested size is only 1 basic block it | |
128 | * will never straddle a sector boundary, so this won't be | |
129 | * an issue. Nor will this be a problem if the log I/O is | |
130 | * done in basic blocks (sector size 1). But otherwise we | |
131 | * extend the buffer by one extra log sector to ensure | |
25985edc | 132 | * there's space to accommodate this possibility. |
36adecff | 133 | */ |
69ce58f0 AE |
134 | if (nbblks > 1 && log->l_sectBBsize > 1) |
135 | nbblks += log->l_sectBBsize; | |
136 | nbblks = round_up(nbblks, log->l_sectBBsize); | |
36adecff | 137 | |
e70b73f8 | 138 | bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0); |
c8da0faf CH |
139 | if (bp) |
140 | xfs_buf_unlock(bp); | |
141 | return bp; | |
1da177e4 LT |
142 | } |
143 | ||
5d77c0dc | 144 | STATIC void |
1da177e4 LT |
145 | xlog_put_bp( |
146 | xfs_buf_t *bp) | |
147 | { | |
148 | xfs_buf_free(bp); | |
149 | } | |
150 | ||
48389ef1 AE |
151 | /* |
152 | * Return the address of the start of the given block number's data | |
153 | * in a log buffer. The buffer covers a log sector-aligned region. | |
154 | */ | |
b2a922cd | 155 | STATIC char * |
076e6acb | 156 | xlog_align( |
9a8d2fdb | 157 | struct xlog *log, |
076e6acb CH |
158 | xfs_daddr_t blk_no, |
159 | int nbblks, | |
9a8d2fdb | 160 | struct xfs_buf *bp) |
076e6acb | 161 | { |
fdc07f44 | 162 | xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1); |
076e6acb | 163 | |
4e94b71b | 164 | ASSERT(offset + nbblks <= bp->b_length); |
62926044 | 165 | return bp->b_addr + BBTOB(offset); |
076e6acb CH |
166 | } |
167 | ||
1da177e4 LT |
168 | |
169 | /* | |
170 | * nbblks should be uint, but oh well. Just want to catch that 32-bit length. | |
171 | */ | |
076e6acb CH |
172 | STATIC int |
173 | xlog_bread_noalign( | |
9a8d2fdb | 174 | struct xlog *log, |
1da177e4 LT |
175 | xfs_daddr_t blk_no, |
176 | int nbblks, | |
9a8d2fdb | 177 | struct xfs_buf *bp) |
1da177e4 LT |
178 | { |
179 | int error; | |
180 | ||
ff30a622 | 181 | if (!xlog_buf_bbcount_valid(log, nbblks)) { |
a0fa2b67 | 182 | xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer", |
ff30a622 AE |
183 | nbblks); |
184 | XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp); | |
2451337d | 185 | return -EFSCORRUPTED; |
3228149c DC |
186 | } |
187 | ||
69ce58f0 AE |
188 | blk_no = round_down(blk_no, log->l_sectBBsize); |
189 | nbblks = round_up(nbblks, log->l_sectBBsize); | |
1da177e4 LT |
190 | |
191 | ASSERT(nbblks > 0); | |
4e94b71b | 192 | ASSERT(nbblks <= bp->b_length); |
1da177e4 LT |
193 | |
194 | XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no); | |
0cac682f | 195 | bp->b_flags |= XBF_READ; |
aa0e8833 | 196 | bp->b_io_length = nbblks; |
0e95f19a | 197 | bp->b_error = 0; |
1da177e4 | 198 | |
595bff75 DC |
199 | error = xfs_buf_submit_wait(bp); |
200 | if (error && !XFS_FORCED_SHUTDOWN(log->l_mp)) | |
901796af | 201 | xfs_buf_ioerror_alert(bp, __func__); |
1da177e4 LT |
202 | return error; |
203 | } | |
204 | ||
076e6acb CH |
205 | STATIC int |
206 | xlog_bread( | |
9a8d2fdb | 207 | struct xlog *log, |
076e6acb CH |
208 | xfs_daddr_t blk_no, |
209 | int nbblks, | |
9a8d2fdb | 210 | struct xfs_buf *bp, |
b2a922cd | 211 | char **offset) |
076e6acb CH |
212 | { |
213 | int error; | |
214 | ||
215 | error = xlog_bread_noalign(log, blk_no, nbblks, bp); | |
216 | if (error) | |
217 | return error; | |
218 | ||
219 | *offset = xlog_align(log, blk_no, nbblks, bp); | |
220 | return 0; | |
221 | } | |
222 | ||
44396476 DC |
223 | /* |
224 | * Read at an offset into the buffer. Returns with the buffer in it's original | |
225 | * state regardless of the result of the read. | |
226 | */ | |
227 | STATIC int | |
228 | xlog_bread_offset( | |
9a8d2fdb | 229 | struct xlog *log, |
44396476 DC |
230 | xfs_daddr_t blk_no, /* block to read from */ |
231 | int nbblks, /* blocks to read */ | |
9a8d2fdb | 232 | struct xfs_buf *bp, |
b2a922cd | 233 | char *offset) |
44396476 | 234 | { |
b2a922cd | 235 | char *orig_offset = bp->b_addr; |
4e94b71b | 236 | int orig_len = BBTOB(bp->b_length); |
44396476 DC |
237 | int error, error2; |
238 | ||
02fe03d9 | 239 | error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks)); |
44396476 DC |
240 | if (error) |
241 | return error; | |
242 | ||
243 | error = xlog_bread_noalign(log, blk_no, nbblks, bp); | |
244 | ||
245 | /* must reset buffer pointer even on error */ | |
02fe03d9 | 246 | error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len); |
44396476 DC |
247 | if (error) |
248 | return error; | |
249 | return error2; | |
250 | } | |
251 | ||
1da177e4 LT |
252 | /* |
253 | * Write out the buffer at the given block for the given number of blocks. | |
254 | * The buffer is kept locked across the write and is returned locked. | |
255 | * This can only be used for synchronous log writes. | |
256 | */ | |
ba0f32d4 | 257 | STATIC int |
1da177e4 | 258 | xlog_bwrite( |
9a8d2fdb | 259 | struct xlog *log, |
1da177e4 LT |
260 | xfs_daddr_t blk_no, |
261 | int nbblks, | |
9a8d2fdb | 262 | struct xfs_buf *bp) |
1da177e4 LT |
263 | { |
264 | int error; | |
265 | ||
ff30a622 | 266 | if (!xlog_buf_bbcount_valid(log, nbblks)) { |
a0fa2b67 | 267 | xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer", |
ff30a622 AE |
268 | nbblks); |
269 | XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp); | |
2451337d | 270 | return -EFSCORRUPTED; |
3228149c DC |
271 | } |
272 | ||
69ce58f0 AE |
273 | blk_no = round_down(blk_no, log->l_sectBBsize); |
274 | nbblks = round_up(nbblks, log->l_sectBBsize); | |
1da177e4 LT |
275 | |
276 | ASSERT(nbblks > 0); | |
4e94b71b | 277 | ASSERT(nbblks <= bp->b_length); |
1da177e4 LT |
278 | |
279 | XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no); | |
72790aa1 | 280 | xfs_buf_hold(bp); |
0c842ad4 | 281 | xfs_buf_lock(bp); |
aa0e8833 | 282 | bp->b_io_length = nbblks; |
0e95f19a | 283 | bp->b_error = 0; |
1da177e4 | 284 | |
c2b006c1 | 285 | error = xfs_bwrite(bp); |
901796af CH |
286 | if (error) |
287 | xfs_buf_ioerror_alert(bp, __func__); | |
c2b006c1 | 288 | xfs_buf_relse(bp); |
1da177e4 LT |
289 | return error; |
290 | } | |
291 | ||
1da177e4 LT |
292 | #ifdef DEBUG |
293 | /* | |
294 | * dump debug superblock and log record information | |
295 | */ | |
296 | STATIC void | |
297 | xlog_header_check_dump( | |
298 | xfs_mount_t *mp, | |
299 | xlog_rec_header_t *head) | |
300 | { | |
08e96e1a | 301 | xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d", |
03daa57c | 302 | __func__, &mp->m_sb.sb_uuid, XLOG_FMT); |
08e96e1a | 303 | xfs_debug(mp, " log : uuid = %pU, fmt = %d", |
03daa57c | 304 | &head->h_fs_uuid, be32_to_cpu(head->h_fmt)); |
1da177e4 LT |
305 | } |
306 | #else | |
307 | #define xlog_header_check_dump(mp, head) | |
308 | #endif | |
309 | ||
310 | /* | |
311 | * check log record header for recovery | |
312 | */ | |
313 | STATIC int | |
314 | xlog_header_check_recover( | |
315 | xfs_mount_t *mp, | |
316 | xlog_rec_header_t *head) | |
317 | { | |
69ef921b | 318 | ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)); |
1da177e4 LT |
319 | |
320 | /* | |
321 | * IRIX doesn't write the h_fmt field and leaves it zeroed | |
322 | * (XLOG_FMT_UNKNOWN). This stops us from trying to recover | |
323 | * a dirty log created in IRIX. | |
324 | */ | |
69ef921b | 325 | if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) { |
a0fa2b67 DC |
326 | xfs_warn(mp, |
327 | "dirty log written in incompatible format - can't recover"); | |
1da177e4 LT |
328 | xlog_header_check_dump(mp, head); |
329 | XFS_ERROR_REPORT("xlog_header_check_recover(1)", | |
330 | XFS_ERRLEVEL_HIGH, mp); | |
2451337d | 331 | return -EFSCORRUPTED; |
1da177e4 | 332 | } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) { |
a0fa2b67 DC |
333 | xfs_warn(mp, |
334 | "dirty log entry has mismatched uuid - can't recover"); | |
1da177e4 LT |
335 | xlog_header_check_dump(mp, head); |
336 | XFS_ERROR_REPORT("xlog_header_check_recover(2)", | |
337 | XFS_ERRLEVEL_HIGH, mp); | |
2451337d | 338 | return -EFSCORRUPTED; |
1da177e4 LT |
339 | } |
340 | return 0; | |
341 | } | |
342 | ||
343 | /* | |
344 | * read the head block of the log and check the header | |
345 | */ | |
346 | STATIC int | |
347 | xlog_header_check_mount( | |
348 | xfs_mount_t *mp, | |
349 | xlog_rec_header_t *head) | |
350 | { | |
69ef921b | 351 | ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)); |
1da177e4 LT |
352 | |
353 | if (uuid_is_nil(&head->h_fs_uuid)) { | |
354 | /* | |
355 | * IRIX doesn't write the h_fs_uuid or h_fmt fields. If | |
356 | * h_fs_uuid is nil, we assume this log was last mounted | |
357 | * by IRIX and continue. | |
358 | */ | |
a0fa2b67 | 359 | xfs_warn(mp, "nil uuid in log - IRIX style log"); |
1da177e4 | 360 | } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) { |
a0fa2b67 | 361 | xfs_warn(mp, "log has mismatched uuid - can't recover"); |
1da177e4 LT |
362 | xlog_header_check_dump(mp, head); |
363 | XFS_ERROR_REPORT("xlog_header_check_mount", | |
364 | XFS_ERRLEVEL_HIGH, mp); | |
2451337d | 365 | return -EFSCORRUPTED; |
1da177e4 LT |
366 | } |
367 | return 0; | |
368 | } | |
369 | ||
370 | STATIC void | |
371 | xlog_recover_iodone( | |
372 | struct xfs_buf *bp) | |
373 | { | |
5a52c2a5 | 374 | if (bp->b_error) { |
1da177e4 LT |
375 | /* |
376 | * We're not going to bother about retrying | |
377 | * this during recovery. One strike! | |
378 | */ | |
595bff75 DC |
379 | if (!XFS_FORCED_SHUTDOWN(bp->b_target->bt_mount)) { |
380 | xfs_buf_ioerror_alert(bp, __func__); | |
381 | xfs_force_shutdown(bp->b_target->bt_mount, | |
382 | SHUTDOWN_META_IO_ERROR); | |
383 | } | |
1da177e4 | 384 | } |
60a4a222 BF |
385 | |
386 | /* | |
387 | * On v5 supers, a bli could be attached to update the metadata LSN. | |
388 | * Clean it up. | |
389 | */ | |
390 | if (bp->b_fspriv) | |
391 | xfs_buf_item_relse(bp); | |
392 | ASSERT(bp->b_fspriv == NULL); | |
393 | ||
cb669ca5 | 394 | bp->b_iodone = NULL; |
e8aaba9a | 395 | xfs_buf_ioend(bp); |
1da177e4 LT |
396 | } |
397 | ||
398 | /* | |
399 | * This routine finds (to an approximation) the first block in the physical | |
400 | * log which contains the given cycle. It uses a binary search algorithm. | |
401 | * Note that the algorithm can not be perfect because the disk will not | |
402 | * necessarily be perfect. | |
403 | */ | |
a8272ce0 | 404 | STATIC int |
1da177e4 | 405 | xlog_find_cycle_start( |
9a8d2fdb MT |
406 | struct xlog *log, |
407 | struct xfs_buf *bp, | |
1da177e4 LT |
408 | xfs_daddr_t first_blk, |
409 | xfs_daddr_t *last_blk, | |
410 | uint cycle) | |
411 | { | |
b2a922cd | 412 | char *offset; |
1da177e4 | 413 | xfs_daddr_t mid_blk; |
e3bb2e30 | 414 | xfs_daddr_t end_blk; |
1da177e4 LT |
415 | uint mid_cycle; |
416 | int error; | |
417 | ||
e3bb2e30 AE |
418 | end_blk = *last_blk; |
419 | mid_blk = BLK_AVG(first_blk, end_blk); | |
420 | while (mid_blk != first_blk && mid_blk != end_blk) { | |
076e6acb CH |
421 | error = xlog_bread(log, mid_blk, 1, bp, &offset); |
422 | if (error) | |
1da177e4 | 423 | return error; |
03bea6fe | 424 | mid_cycle = xlog_get_cycle(offset); |
e3bb2e30 AE |
425 | if (mid_cycle == cycle) |
426 | end_blk = mid_blk; /* last_half_cycle == mid_cycle */ | |
427 | else | |
428 | first_blk = mid_blk; /* first_half_cycle == mid_cycle */ | |
429 | mid_blk = BLK_AVG(first_blk, end_blk); | |
1da177e4 | 430 | } |
e3bb2e30 AE |
431 | ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) || |
432 | (mid_blk == end_blk && mid_blk-1 == first_blk)); | |
433 | ||
434 | *last_blk = end_blk; | |
1da177e4 LT |
435 | |
436 | return 0; | |
437 | } | |
438 | ||
439 | /* | |
3f943d85 AE |
440 | * Check that a range of blocks does not contain stop_on_cycle_no. |
441 | * Fill in *new_blk with the block offset where such a block is | |
442 | * found, or with -1 (an invalid block number) if there is no such | |
443 | * block in the range. The scan needs to occur from front to back | |
444 | * and the pointer into the region must be updated since a later | |
445 | * routine will need to perform another test. | |
1da177e4 LT |
446 | */ |
447 | STATIC int | |
448 | xlog_find_verify_cycle( | |
9a8d2fdb | 449 | struct xlog *log, |
1da177e4 LT |
450 | xfs_daddr_t start_blk, |
451 | int nbblks, | |
452 | uint stop_on_cycle_no, | |
453 | xfs_daddr_t *new_blk) | |
454 | { | |
455 | xfs_daddr_t i, j; | |
456 | uint cycle; | |
457 | xfs_buf_t *bp; | |
458 | xfs_daddr_t bufblks; | |
b2a922cd | 459 | char *buf = NULL; |
1da177e4 LT |
460 | int error = 0; |
461 | ||
6881a229 AE |
462 | /* |
463 | * Greedily allocate a buffer big enough to handle the full | |
464 | * range of basic blocks we'll be examining. If that fails, | |
465 | * try a smaller size. We need to be able to read at least | |
466 | * a log sector, or we're out of luck. | |
467 | */ | |
1da177e4 | 468 | bufblks = 1 << ffs(nbblks); |
81158e0c DC |
469 | while (bufblks > log->l_logBBsize) |
470 | bufblks >>= 1; | |
1da177e4 | 471 | while (!(bp = xlog_get_bp(log, bufblks))) { |
1da177e4 | 472 | bufblks >>= 1; |
69ce58f0 | 473 | if (bufblks < log->l_sectBBsize) |
2451337d | 474 | return -ENOMEM; |
1da177e4 LT |
475 | } |
476 | ||
477 | for (i = start_blk; i < start_blk + nbblks; i += bufblks) { | |
478 | int bcount; | |
479 | ||
480 | bcount = min(bufblks, (start_blk + nbblks - i)); | |
481 | ||
076e6acb CH |
482 | error = xlog_bread(log, i, bcount, bp, &buf); |
483 | if (error) | |
1da177e4 LT |
484 | goto out; |
485 | ||
1da177e4 | 486 | for (j = 0; j < bcount; j++) { |
03bea6fe | 487 | cycle = xlog_get_cycle(buf); |
1da177e4 LT |
488 | if (cycle == stop_on_cycle_no) { |
489 | *new_blk = i+j; | |
490 | goto out; | |
491 | } | |
492 | ||
493 | buf += BBSIZE; | |
494 | } | |
495 | } | |
496 | ||
497 | *new_blk = -1; | |
498 | ||
499 | out: | |
500 | xlog_put_bp(bp); | |
501 | return error; | |
502 | } | |
503 | ||
504 | /* | |
505 | * Potentially backup over partial log record write. | |
506 | * | |
507 | * In the typical case, last_blk is the number of the block directly after | |
508 | * a good log record. Therefore, we subtract one to get the block number | |
509 | * of the last block in the given buffer. extra_bblks contains the number | |
510 | * of blocks we would have read on a previous read. This happens when the | |
511 | * last log record is split over the end of the physical log. | |
512 | * | |
513 | * extra_bblks is the number of blocks potentially verified on a previous | |
514 | * call to this routine. | |
515 | */ | |
516 | STATIC int | |
517 | xlog_find_verify_log_record( | |
9a8d2fdb | 518 | struct xlog *log, |
1da177e4 LT |
519 | xfs_daddr_t start_blk, |
520 | xfs_daddr_t *last_blk, | |
521 | int extra_bblks) | |
522 | { | |
523 | xfs_daddr_t i; | |
524 | xfs_buf_t *bp; | |
b2a922cd | 525 | char *offset = NULL; |
1da177e4 LT |
526 | xlog_rec_header_t *head = NULL; |
527 | int error = 0; | |
528 | int smallmem = 0; | |
529 | int num_blks = *last_blk - start_blk; | |
530 | int xhdrs; | |
531 | ||
532 | ASSERT(start_blk != 0 || *last_blk != start_blk); | |
533 | ||
534 | if (!(bp = xlog_get_bp(log, num_blks))) { | |
535 | if (!(bp = xlog_get_bp(log, 1))) | |
2451337d | 536 | return -ENOMEM; |
1da177e4 LT |
537 | smallmem = 1; |
538 | } else { | |
076e6acb CH |
539 | error = xlog_bread(log, start_blk, num_blks, bp, &offset); |
540 | if (error) | |
1da177e4 | 541 | goto out; |
1da177e4 LT |
542 | offset += ((num_blks - 1) << BBSHIFT); |
543 | } | |
544 | ||
545 | for (i = (*last_blk) - 1; i >= 0; i--) { | |
546 | if (i < start_blk) { | |
547 | /* valid log record not found */ | |
a0fa2b67 DC |
548 | xfs_warn(log->l_mp, |
549 | "Log inconsistent (didn't find previous header)"); | |
1da177e4 | 550 | ASSERT(0); |
2451337d | 551 | error = -EIO; |
1da177e4 LT |
552 | goto out; |
553 | } | |
554 | ||
555 | if (smallmem) { | |
076e6acb CH |
556 | error = xlog_bread(log, i, 1, bp, &offset); |
557 | if (error) | |
1da177e4 | 558 | goto out; |
1da177e4 LT |
559 | } |
560 | ||
561 | head = (xlog_rec_header_t *)offset; | |
562 | ||
69ef921b | 563 | if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) |
1da177e4 LT |
564 | break; |
565 | ||
566 | if (!smallmem) | |
567 | offset -= BBSIZE; | |
568 | } | |
569 | ||
570 | /* | |
571 | * We hit the beginning of the physical log & still no header. Return | |
572 | * to caller. If caller can handle a return of -1, then this routine | |
573 | * will be called again for the end of the physical log. | |
574 | */ | |
575 | if (i == -1) { | |
2451337d | 576 | error = 1; |
1da177e4 LT |
577 | goto out; |
578 | } | |
579 | ||
580 | /* | |
581 | * We have the final block of the good log (the first block | |
582 | * of the log record _before_ the head. So we check the uuid. | |
583 | */ | |
584 | if ((error = xlog_header_check_mount(log->l_mp, head))) | |
585 | goto out; | |
586 | ||
587 | /* | |
588 | * We may have found a log record header before we expected one. | |
589 | * last_blk will be the 1st block # with a given cycle #. We may end | |
590 | * up reading an entire log record. In this case, we don't want to | |
591 | * reset last_blk. Only when last_blk points in the middle of a log | |
592 | * record do we update last_blk. | |
593 | */ | |
62118709 | 594 | if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) { |
b53e675d | 595 | uint h_size = be32_to_cpu(head->h_size); |
1da177e4 LT |
596 | |
597 | xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE; | |
598 | if (h_size % XLOG_HEADER_CYCLE_SIZE) | |
599 | xhdrs++; | |
600 | } else { | |
601 | xhdrs = 1; | |
602 | } | |
603 | ||
b53e675d CH |
604 | if (*last_blk - i + extra_bblks != |
605 | BTOBB(be32_to_cpu(head->h_len)) + xhdrs) | |
1da177e4 LT |
606 | *last_blk = i; |
607 | ||
608 | out: | |
609 | xlog_put_bp(bp); | |
610 | return error; | |
611 | } | |
612 | ||
613 | /* | |
614 | * Head is defined to be the point of the log where the next log write | |
0a94da24 | 615 | * could go. This means that incomplete LR writes at the end are |
1da177e4 LT |
616 | * eliminated when calculating the head. We aren't guaranteed that previous |
617 | * LR have complete transactions. We only know that a cycle number of | |
618 | * current cycle number -1 won't be present in the log if we start writing | |
619 | * from our current block number. | |
620 | * | |
621 | * last_blk contains the block number of the first block with a given | |
622 | * cycle number. | |
623 | * | |
624 | * Return: zero if normal, non-zero if error. | |
625 | */ | |
ba0f32d4 | 626 | STATIC int |
1da177e4 | 627 | xlog_find_head( |
9a8d2fdb | 628 | struct xlog *log, |
1da177e4 LT |
629 | xfs_daddr_t *return_head_blk) |
630 | { | |
631 | xfs_buf_t *bp; | |
b2a922cd | 632 | char *offset; |
1da177e4 LT |
633 | xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk; |
634 | int num_scan_bblks; | |
635 | uint first_half_cycle, last_half_cycle; | |
636 | uint stop_on_cycle; | |
637 | int error, log_bbnum = log->l_logBBsize; | |
638 | ||
639 | /* Is the end of the log device zeroed? */ | |
2451337d DC |
640 | error = xlog_find_zeroed(log, &first_blk); |
641 | if (error < 0) { | |
642 | xfs_warn(log->l_mp, "empty log check failed"); | |
643 | return error; | |
644 | } | |
645 | if (error == 1) { | |
1da177e4 LT |
646 | *return_head_blk = first_blk; |
647 | ||
648 | /* Is the whole lot zeroed? */ | |
649 | if (!first_blk) { | |
650 | /* Linux XFS shouldn't generate totally zeroed logs - | |
651 | * mkfs etc write a dummy unmount record to a fresh | |
652 | * log so we can store the uuid in there | |
653 | */ | |
a0fa2b67 | 654 | xfs_warn(log->l_mp, "totally zeroed log"); |
1da177e4 LT |
655 | } |
656 | ||
657 | return 0; | |
1da177e4 LT |
658 | } |
659 | ||
660 | first_blk = 0; /* get cycle # of 1st block */ | |
661 | bp = xlog_get_bp(log, 1); | |
662 | if (!bp) | |
2451337d | 663 | return -ENOMEM; |
076e6acb CH |
664 | |
665 | error = xlog_bread(log, 0, 1, bp, &offset); | |
666 | if (error) | |
1da177e4 | 667 | goto bp_err; |
076e6acb | 668 | |
03bea6fe | 669 | first_half_cycle = xlog_get_cycle(offset); |
1da177e4 LT |
670 | |
671 | last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */ | |
076e6acb CH |
672 | error = xlog_bread(log, last_blk, 1, bp, &offset); |
673 | if (error) | |
1da177e4 | 674 | goto bp_err; |
076e6acb | 675 | |
03bea6fe | 676 | last_half_cycle = xlog_get_cycle(offset); |
1da177e4 LT |
677 | ASSERT(last_half_cycle != 0); |
678 | ||
679 | /* | |
680 | * If the 1st half cycle number is equal to the last half cycle number, | |
681 | * then the entire log is stamped with the same cycle number. In this | |
682 | * case, head_blk can't be set to zero (which makes sense). The below | |
683 | * math doesn't work out properly with head_blk equal to zero. Instead, | |
684 | * we set it to log_bbnum which is an invalid block number, but this | |
685 | * value makes the math correct. If head_blk doesn't changed through | |
686 | * all the tests below, *head_blk is set to zero at the very end rather | |
687 | * than log_bbnum. In a sense, log_bbnum and zero are the same block | |
688 | * in a circular file. | |
689 | */ | |
690 | if (first_half_cycle == last_half_cycle) { | |
691 | /* | |
692 | * In this case we believe that the entire log should have | |
693 | * cycle number last_half_cycle. We need to scan backwards | |
694 | * from the end verifying that there are no holes still | |
695 | * containing last_half_cycle - 1. If we find such a hole, | |
696 | * then the start of that hole will be the new head. The | |
697 | * simple case looks like | |
698 | * x | x ... | x - 1 | x | |
699 | * Another case that fits this picture would be | |
700 | * x | x + 1 | x ... | x | |
c41564b5 | 701 | * In this case the head really is somewhere at the end of the |
1da177e4 LT |
702 | * log, as one of the latest writes at the beginning was |
703 | * incomplete. | |
704 | * One more case is | |
705 | * x | x + 1 | x ... | x - 1 | x | |
706 | * This is really the combination of the above two cases, and | |
707 | * the head has to end up at the start of the x-1 hole at the | |
708 | * end of the log. | |
709 | * | |
710 | * In the 256k log case, we will read from the beginning to the | |
711 | * end of the log and search for cycle numbers equal to x-1. | |
712 | * We don't worry about the x+1 blocks that we encounter, | |
713 | * because we know that they cannot be the head since the log | |
714 | * started with x. | |
715 | */ | |
716 | head_blk = log_bbnum; | |
717 | stop_on_cycle = last_half_cycle - 1; | |
718 | } else { | |
719 | /* | |
720 | * In this case we want to find the first block with cycle | |
721 | * number matching last_half_cycle. We expect the log to be | |
722 | * some variation on | |
3f943d85 | 723 | * x + 1 ... | x ... | x |
1da177e4 LT |
724 | * The first block with cycle number x (last_half_cycle) will |
725 | * be where the new head belongs. First we do a binary search | |
726 | * for the first occurrence of last_half_cycle. The binary | |
727 | * search may not be totally accurate, so then we scan back | |
728 | * from there looking for occurrences of last_half_cycle before | |
729 | * us. If that backwards scan wraps around the beginning of | |
730 | * the log, then we look for occurrences of last_half_cycle - 1 | |
731 | * at the end of the log. The cases we're looking for look | |
732 | * like | |
3f943d85 AE |
733 | * v binary search stopped here |
734 | * x + 1 ... | x | x + 1 | x ... | x | |
735 | * ^ but we want to locate this spot | |
1da177e4 | 736 | * or |
1da177e4 | 737 | * <---------> less than scan distance |
3f943d85 AE |
738 | * x + 1 ... | x ... | x - 1 | x |
739 | * ^ we want to locate this spot | |
1da177e4 LT |
740 | */ |
741 | stop_on_cycle = last_half_cycle; | |
742 | if ((error = xlog_find_cycle_start(log, bp, first_blk, | |
743 | &head_blk, last_half_cycle))) | |
744 | goto bp_err; | |
745 | } | |
746 | ||
747 | /* | |
748 | * Now validate the answer. Scan back some number of maximum possible | |
749 | * blocks and make sure each one has the expected cycle number. The | |
750 | * maximum is determined by the total possible amount of buffering | |
751 | * in the in-core log. The following number can be made tighter if | |
752 | * we actually look at the block size of the filesystem. | |
753 | */ | |
754 | num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log); | |
755 | if (head_blk >= num_scan_bblks) { | |
756 | /* | |
757 | * We are guaranteed that the entire check can be performed | |
758 | * in one buffer. | |
759 | */ | |
760 | start_blk = head_blk - num_scan_bblks; | |
761 | if ((error = xlog_find_verify_cycle(log, | |
762 | start_blk, num_scan_bblks, | |
763 | stop_on_cycle, &new_blk))) | |
764 | goto bp_err; | |
765 | if (new_blk != -1) | |
766 | head_blk = new_blk; | |
767 | } else { /* need to read 2 parts of log */ | |
768 | /* | |
769 | * We are going to scan backwards in the log in two parts. | |
770 | * First we scan the physical end of the log. In this part | |
771 | * of the log, we are looking for blocks with cycle number | |
772 | * last_half_cycle - 1. | |
773 | * If we find one, then we know that the log starts there, as | |
774 | * we've found a hole that didn't get written in going around | |
775 | * the end of the physical log. The simple case for this is | |
776 | * x + 1 ... | x ... | x - 1 | x | |
777 | * <---------> less than scan distance | |
778 | * If all of the blocks at the end of the log have cycle number | |
779 | * last_half_cycle, then we check the blocks at the start of | |
780 | * the log looking for occurrences of last_half_cycle. If we | |
781 | * find one, then our current estimate for the location of the | |
782 | * first occurrence of last_half_cycle is wrong and we move | |
783 | * back to the hole we've found. This case looks like | |
784 | * x + 1 ... | x | x + 1 | x ... | |
785 | * ^ binary search stopped here | |
786 | * Another case we need to handle that only occurs in 256k | |
787 | * logs is | |
788 | * x + 1 ... | x ... | x+1 | x ... | |
789 | * ^ binary search stops here | |
790 | * In a 256k log, the scan at the end of the log will see the | |
791 | * x + 1 blocks. We need to skip past those since that is | |
792 | * certainly not the head of the log. By searching for | |
793 | * last_half_cycle-1 we accomplish that. | |
794 | */ | |
1da177e4 | 795 | ASSERT(head_blk <= INT_MAX && |
3f943d85 AE |
796 | (xfs_daddr_t) num_scan_bblks >= head_blk); |
797 | start_blk = log_bbnum - (num_scan_bblks - head_blk); | |
1da177e4 LT |
798 | if ((error = xlog_find_verify_cycle(log, start_blk, |
799 | num_scan_bblks - (int)head_blk, | |
800 | (stop_on_cycle - 1), &new_blk))) | |
801 | goto bp_err; | |
802 | if (new_blk != -1) { | |
803 | head_blk = new_blk; | |
9db127ed | 804 | goto validate_head; |
1da177e4 LT |
805 | } |
806 | ||
807 | /* | |
808 | * Scan beginning of log now. The last part of the physical | |
809 | * log is good. This scan needs to verify that it doesn't find | |
810 | * the last_half_cycle. | |
811 | */ | |
812 | start_blk = 0; | |
813 | ASSERT(head_blk <= INT_MAX); | |
814 | if ((error = xlog_find_verify_cycle(log, | |
815 | start_blk, (int)head_blk, | |
816 | stop_on_cycle, &new_blk))) | |
817 | goto bp_err; | |
818 | if (new_blk != -1) | |
819 | head_blk = new_blk; | |
820 | } | |
821 | ||
9db127ed | 822 | validate_head: |
1da177e4 LT |
823 | /* |
824 | * Now we need to make sure head_blk is not pointing to a block in | |
825 | * the middle of a log record. | |
826 | */ | |
827 | num_scan_bblks = XLOG_REC_SHIFT(log); | |
828 | if (head_blk >= num_scan_bblks) { | |
829 | start_blk = head_blk - num_scan_bblks; /* don't read head_blk */ | |
830 | ||
831 | /* start ptr at last block ptr before head_blk */ | |
2451337d DC |
832 | error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0); |
833 | if (error == 1) | |
834 | error = -EIO; | |
835 | if (error) | |
1da177e4 LT |
836 | goto bp_err; |
837 | } else { | |
838 | start_blk = 0; | |
839 | ASSERT(head_blk <= INT_MAX); | |
2451337d DC |
840 | error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0); |
841 | if (error < 0) | |
842 | goto bp_err; | |
843 | if (error == 1) { | |
1da177e4 | 844 | /* We hit the beginning of the log during our search */ |
3f943d85 | 845 | start_blk = log_bbnum - (num_scan_bblks - head_blk); |
1da177e4 LT |
846 | new_blk = log_bbnum; |
847 | ASSERT(start_blk <= INT_MAX && | |
848 | (xfs_daddr_t) log_bbnum-start_blk >= 0); | |
849 | ASSERT(head_blk <= INT_MAX); | |
2451337d DC |
850 | error = xlog_find_verify_log_record(log, start_blk, |
851 | &new_blk, (int)head_blk); | |
852 | if (error == 1) | |
853 | error = -EIO; | |
854 | if (error) | |
1da177e4 LT |
855 | goto bp_err; |
856 | if (new_blk != log_bbnum) | |
857 | head_blk = new_blk; | |
858 | } else if (error) | |
859 | goto bp_err; | |
860 | } | |
861 | ||
862 | xlog_put_bp(bp); | |
863 | if (head_blk == log_bbnum) | |
864 | *return_head_blk = 0; | |
865 | else | |
866 | *return_head_blk = head_blk; | |
867 | /* | |
868 | * When returning here, we have a good block number. Bad block | |
869 | * means that during a previous crash, we didn't have a clean break | |
870 | * from cycle number N to cycle number N-1. In this case, we need | |
871 | * to find the first block with cycle number N-1. | |
872 | */ | |
873 | return 0; | |
874 | ||
875 | bp_err: | |
876 | xlog_put_bp(bp); | |
877 | ||
878 | if (error) | |
a0fa2b67 | 879 | xfs_warn(log->l_mp, "failed to find log head"); |
1da177e4 LT |
880 | return error; |
881 | } | |
882 | ||
eed6b462 BF |
883 | /* |
884 | * Seek backwards in the log for log record headers. | |
885 | * | |
886 | * Given a starting log block, walk backwards until we find the provided number | |
887 | * of records or hit the provided tail block. The return value is the number of | |
888 | * records encountered or a negative error code. The log block and buffer | |
889 | * pointer of the last record seen are returned in rblk and rhead respectively. | |
890 | */ | |
891 | STATIC int | |
892 | xlog_rseek_logrec_hdr( | |
893 | struct xlog *log, | |
894 | xfs_daddr_t head_blk, | |
895 | xfs_daddr_t tail_blk, | |
896 | int count, | |
897 | struct xfs_buf *bp, | |
898 | xfs_daddr_t *rblk, | |
899 | struct xlog_rec_header **rhead, | |
900 | bool *wrapped) | |
901 | { | |
902 | int i; | |
903 | int error; | |
904 | int found = 0; | |
905 | char *offset = NULL; | |
906 | xfs_daddr_t end_blk; | |
907 | ||
908 | *wrapped = false; | |
909 | ||
910 | /* | |
911 | * Walk backwards from the head block until we hit the tail or the first | |
912 | * block in the log. | |
913 | */ | |
914 | end_blk = head_blk > tail_blk ? tail_blk : 0; | |
915 | for (i = (int) head_blk - 1; i >= end_blk; i--) { | |
916 | error = xlog_bread(log, i, 1, bp, &offset); | |
917 | if (error) | |
918 | goto out_error; | |
919 | ||
920 | if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) { | |
921 | *rblk = i; | |
922 | *rhead = (struct xlog_rec_header *) offset; | |
923 | if (++found == count) | |
924 | break; | |
925 | } | |
926 | } | |
927 | ||
928 | /* | |
929 | * If we haven't hit the tail block or the log record header count, | |
930 | * start looking again from the end of the physical log. Note that | |
931 | * callers can pass head == tail if the tail is not yet known. | |
932 | */ | |
933 | if (tail_blk >= head_blk && found != count) { | |
934 | for (i = log->l_logBBsize - 1; i >= (int) tail_blk; i--) { | |
935 | error = xlog_bread(log, i, 1, bp, &offset); | |
936 | if (error) | |
937 | goto out_error; | |
938 | ||
939 | if (*(__be32 *)offset == | |
940 | cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) { | |
941 | *wrapped = true; | |
942 | *rblk = i; | |
943 | *rhead = (struct xlog_rec_header *) offset; | |
944 | if (++found == count) | |
945 | break; | |
946 | } | |
947 | } | |
948 | } | |
949 | ||
950 | return found; | |
951 | ||
952 | out_error: | |
953 | return error; | |
954 | } | |
955 | ||
7088c413 BF |
956 | /* |
957 | * Seek forward in the log for log record headers. | |
958 | * | |
959 | * Given head and tail blocks, walk forward from the tail block until we find | |
960 | * the provided number of records or hit the head block. The return value is the | |
961 | * number of records encountered or a negative error code. The log block and | |
962 | * buffer pointer of the last record seen are returned in rblk and rhead | |
963 | * respectively. | |
964 | */ | |
965 | STATIC int | |
966 | xlog_seek_logrec_hdr( | |
967 | struct xlog *log, | |
968 | xfs_daddr_t head_blk, | |
969 | xfs_daddr_t tail_blk, | |
970 | int count, | |
971 | struct xfs_buf *bp, | |
972 | xfs_daddr_t *rblk, | |
973 | struct xlog_rec_header **rhead, | |
974 | bool *wrapped) | |
975 | { | |
976 | int i; | |
977 | int error; | |
978 | int found = 0; | |
979 | char *offset = NULL; | |
980 | xfs_daddr_t end_blk; | |
981 | ||
982 | *wrapped = false; | |
983 | ||
984 | /* | |
985 | * Walk forward from the tail block until we hit the head or the last | |
986 | * block in the log. | |
987 | */ | |
988 | end_blk = head_blk > tail_blk ? head_blk : log->l_logBBsize - 1; | |
989 | for (i = (int) tail_blk; i <= end_blk; i++) { | |
990 | error = xlog_bread(log, i, 1, bp, &offset); | |
991 | if (error) | |
992 | goto out_error; | |
993 | ||
994 | if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) { | |
995 | *rblk = i; | |
996 | *rhead = (struct xlog_rec_header *) offset; | |
997 | if (++found == count) | |
998 | break; | |
999 | } | |
1000 | } | |
1001 | ||
1002 | /* | |
1003 | * If we haven't hit the head block or the log record header count, | |
1004 | * start looking again from the start of the physical log. | |
1005 | */ | |
1006 | if (tail_blk > head_blk && found != count) { | |
1007 | for (i = 0; i < (int) head_blk; i++) { | |
1008 | error = xlog_bread(log, i, 1, bp, &offset); | |
1009 | if (error) | |
1010 | goto out_error; | |
1011 | ||
1012 | if (*(__be32 *)offset == | |
1013 | cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) { | |
1014 | *wrapped = true; | |
1015 | *rblk = i; | |
1016 | *rhead = (struct xlog_rec_header *) offset; | |
1017 | if (++found == count) | |
1018 | break; | |
1019 | } | |
1020 | } | |
1021 | } | |
1022 | ||
1023 | return found; | |
1024 | ||
1025 | out_error: | |
1026 | return error; | |
1027 | } | |
1028 | ||
1029 | /* | |
1030 | * Check the log tail for torn writes. This is required when torn writes are | |
1031 | * detected at the head and the head had to be walked back to a previous record. | |
1032 | * The tail of the previous record must now be verified to ensure the torn | |
1033 | * writes didn't corrupt the previous tail. | |
1034 | * | |
1035 | * Return an error if CRC verification fails as recovery cannot proceed. | |
1036 | */ | |
1037 | STATIC int | |
1038 | xlog_verify_tail( | |
1039 | struct xlog *log, | |
1040 | xfs_daddr_t head_blk, | |
1041 | xfs_daddr_t tail_blk) | |
1042 | { | |
1043 | struct xlog_rec_header *thead; | |
1044 | struct xfs_buf *bp; | |
1045 | xfs_daddr_t first_bad; | |
1046 | int count; | |
1047 | int error = 0; | |
1048 | bool wrapped; | |
1049 | xfs_daddr_t tmp_head; | |
1050 | ||
1051 | bp = xlog_get_bp(log, 1); | |
1052 | if (!bp) | |
1053 | return -ENOMEM; | |
1054 | ||
1055 | /* | |
1056 | * Seek XLOG_MAX_ICLOGS + 1 records past the current tail record to get | |
1057 | * a temporary head block that points after the last possible | |
1058 | * concurrently written record of the tail. | |
1059 | */ | |
1060 | count = xlog_seek_logrec_hdr(log, head_blk, tail_blk, | |
1061 | XLOG_MAX_ICLOGS + 1, bp, &tmp_head, &thead, | |
1062 | &wrapped); | |
1063 | if (count < 0) { | |
1064 | error = count; | |
1065 | goto out; | |
1066 | } | |
1067 | ||
1068 | /* | |
1069 | * If the call above didn't find XLOG_MAX_ICLOGS + 1 records, we ran | |
1070 | * into the actual log head. tmp_head points to the start of the record | |
1071 | * so update it to the actual head block. | |
1072 | */ | |
1073 | if (count < XLOG_MAX_ICLOGS + 1) | |
1074 | tmp_head = head_blk; | |
1075 | ||
1076 | /* | |
1077 | * We now have a tail and temporary head block that covers at least | |
1078 | * XLOG_MAX_ICLOGS records from the tail. We need to verify that these | |
1079 | * records were completely written. Run a CRC verification pass from | |
1080 | * tail to head and return the result. | |
1081 | */ | |
1082 | error = xlog_do_recovery_pass(log, tmp_head, tail_blk, | |
1083 | XLOG_RECOVER_CRCPASS, &first_bad); | |
1084 | ||
1085 | out: | |
1086 | xlog_put_bp(bp); | |
1087 | return error; | |
1088 | } | |
1089 | ||
1090 | /* | |
1091 | * Detect and trim torn writes from the head of the log. | |
1092 | * | |
1093 | * Storage without sector atomicity guarantees can result in torn writes in the | |
1094 | * log in the event of a crash. Our only means to detect this scenario is via | |
1095 | * CRC verification. While we can't always be certain that CRC verification | |
1096 | * failure is due to a torn write vs. an unrelated corruption, we do know that | |
1097 | * only a certain number (XLOG_MAX_ICLOGS) of log records can be written out at | |
1098 | * one time. Therefore, CRC verify up to XLOG_MAX_ICLOGS records at the head of | |
1099 | * the log and treat failures in this range as torn writes as a matter of | |
1100 | * policy. In the event of CRC failure, the head is walked back to the last good | |
1101 | * record in the log and the tail is updated from that record and verified. | |
1102 | */ | |
1103 | STATIC int | |
1104 | xlog_verify_head( | |
1105 | struct xlog *log, | |
1106 | xfs_daddr_t *head_blk, /* in/out: unverified head */ | |
1107 | xfs_daddr_t *tail_blk, /* out: tail block */ | |
1108 | struct xfs_buf *bp, | |
1109 | xfs_daddr_t *rhead_blk, /* start blk of last record */ | |
1110 | struct xlog_rec_header **rhead, /* ptr to last record */ | |
1111 | bool *wrapped) /* last rec. wraps phys. log */ | |
1112 | { | |
1113 | struct xlog_rec_header *tmp_rhead; | |
1114 | struct xfs_buf *tmp_bp; | |
1115 | xfs_daddr_t first_bad; | |
1116 | xfs_daddr_t tmp_rhead_blk; | |
1117 | int found; | |
1118 | int error; | |
1119 | bool tmp_wrapped; | |
1120 | ||
1121 | /* | |
82ff6cc2 BF |
1122 | * Check the head of the log for torn writes. Search backwards from the |
1123 | * head until we hit the tail or the maximum number of log record I/Os | |
1124 | * that could have been in flight at one time. Use a temporary buffer so | |
1125 | * we don't trash the rhead/bp pointers from the caller. | |
7088c413 BF |
1126 | */ |
1127 | tmp_bp = xlog_get_bp(log, 1); | |
1128 | if (!tmp_bp) | |
1129 | return -ENOMEM; | |
1130 | error = xlog_rseek_logrec_hdr(log, *head_blk, *tail_blk, | |
1131 | XLOG_MAX_ICLOGS, tmp_bp, &tmp_rhead_blk, | |
1132 | &tmp_rhead, &tmp_wrapped); | |
1133 | xlog_put_bp(tmp_bp); | |
1134 | if (error < 0) | |
1135 | return error; | |
1136 | ||
1137 | /* | |
1138 | * Now run a CRC verification pass over the records starting at the | |
1139 | * block found above to the current head. If a CRC failure occurs, the | |
1140 | * log block of the first bad record is saved in first_bad. | |
1141 | */ | |
1142 | error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk, | |
1143 | XLOG_RECOVER_CRCPASS, &first_bad); | |
1144 | if (error == -EFSBADCRC) { | |
1145 | /* | |
1146 | * We've hit a potential torn write. Reset the error and warn | |
1147 | * about it. | |
1148 | */ | |
1149 | error = 0; | |
1150 | xfs_warn(log->l_mp, | |
1151 | "Torn write (CRC failure) detected at log block 0x%llx. Truncating head block from 0x%llx.", | |
1152 | first_bad, *head_blk); | |
1153 | ||
1154 | /* | |
1155 | * Get the header block and buffer pointer for the last good | |
1156 | * record before the bad record. | |
1157 | * | |
1158 | * Note that xlog_find_tail() clears the blocks at the new head | |
1159 | * (i.e., the records with invalid CRC) if the cycle number | |
1160 | * matches the the current cycle. | |
1161 | */ | |
1162 | found = xlog_rseek_logrec_hdr(log, first_bad, *tail_blk, 1, bp, | |
1163 | rhead_blk, rhead, wrapped); | |
1164 | if (found < 0) | |
1165 | return found; | |
1166 | if (found == 0) /* XXX: right thing to do here? */ | |
1167 | return -EIO; | |
1168 | ||
1169 | /* | |
1170 | * Reset the head block to the starting block of the first bad | |
1171 | * log record and set the tail block based on the last good | |
1172 | * record. | |
1173 | * | |
1174 | * Bail out if the updated head/tail match as this indicates | |
1175 | * possible corruption outside of the acceptable | |
1176 | * (XLOG_MAX_ICLOGS) range. This is a job for xfs_repair... | |
1177 | */ | |
1178 | *head_blk = first_bad; | |
1179 | *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn)); | |
1180 | if (*head_blk == *tail_blk) { | |
1181 | ASSERT(0); | |
1182 | return 0; | |
1183 | } | |
1184 | ||
1185 | /* | |
1186 | * Now verify the tail based on the updated head. This is | |
1187 | * required because the torn writes trimmed from the head could | |
1188 | * have been written over the tail of a previous record. Return | |
1189 | * any errors since recovery cannot proceed if the tail is | |
1190 | * corrupt. | |
1191 | * | |
1192 | * XXX: This leaves a gap in truly robust protection from torn | |
1193 | * writes in the log. If the head is behind the tail, the tail | |
1194 | * pushes forward to create some space and then a crash occurs | |
1195 | * causing the writes into the previous record's tail region to | |
1196 | * tear, log recovery isn't able to recover. | |
1197 | * | |
1198 | * How likely is this to occur? If possible, can we do something | |
1199 | * more intelligent here? Is it safe to push the tail forward if | |
1200 | * we can determine that the tail is within the range of the | |
1201 | * torn write (e.g., the kernel can only overwrite the tail if | |
1202 | * it has actually been pushed forward)? Alternatively, could we | |
1203 | * somehow prevent this condition at runtime? | |
1204 | */ | |
1205 | error = xlog_verify_tail(log, *head_blk, *tail_blk); | |
1206 | } | |
1207 | ||
1208 | return error; | |
1209 | } | |
1210 | ||
65b99a08 BF |
1211 | /* |
1212 | * Check whether the head of the log points to an unmount record. In other | |
1213 | * words, determine whether the log is clean. If so, update the in-core state | |
1214 | * appropriately. | |
1215 | */ | |
1216 | static int | |
1217 | xlog_check_unmount_rec( | |
1218 | struct xlog *log, | |
1219 | xfs_daddr_t *head_blk, | |
1220 | xfs_daddr_t *tail_blk, | |
1221 | struct xlog_rec_header *rhead, | |
1222 | xfs_daddr_t rhead_blk, | |
1223 | struct xfs_buf *bp, | |
1224 | bool *clean) | |
1225 | { | |
1226 | struct xlog_op_header *op_head; | |
1227 | xfs_daddr_t umount_data_blk; | |
1228 | xfs_daddr_t after_umount_blk; | |
1229 | int hblks; | |
1230 | int error; | |
1231 | char *offset; | |
1232 | ||
1233 | *clean = false; | |
1234 | ||
1235 | /* | |
1236 | * Look for unmount record. If we find it, then we know there was a | |
1237 | * clean unmount. Since 'i' could be the last block in the physical | |
1238 | * log, we convert to a log block before comparing to the head_blk. | |
1239 | * | |
1240 | * Save the current tail lsn to use to pass to xlog_clear_stale_blocks() | |
1241 | * below. We won't want to clear the unmount record if there is one, so | |
1242 | * we pass the lsn of the unmount record rather than the block after it. | |
1243 | */ | |
1244 | if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) { | |
1245 | int h_size = be32_to_cpu(rhead->h_size); | |
1246 | int h_version = be32_to_cpu(rhead->h_version); | |
1247 | ||
1248 | if ((h_version & XLOG_VERSION_2) && | |
1249 | (h_size > XLOG_HEADER_CYCLE_SIZE)) { | |
1250 | hblks = h_size / XLOG_HEADER_CYCLE_SIZE; | |
1251 | if (h_size % XLOG_HEADER_CYCLE_SIZE) | |
1252 | hblks++; | |
1253 | } else { | |
1254 | hblks = 1; | |
1255 | } | |
1256 | } else { | |
1257 | hblks = 1; | |
1258 | } | |
1259 | after_umount_blk = rhead_blk + hblks + BTOBB(be32_to_cpu(rhead->h_len)); | |
1260 | after_umount_blk = do_mod(after_umount_blk, log->l_logBBsize); | |
1261 | if (*head_blk == after_umount_blk && | |
1262 | be32_to_cpu(rhead->h_num_logops) == 1) { | |
1263 | umount_data_blk = rhead_blk + hblks; | |
1264 | umount_data_blk = do_mod(umount_data_blk, log->l_logBBsize); | |
1265 | error = xlog_bread(log, umount_data_blk, 1, bp, &offset); | |
1266 | if (error) | |
1267 | return error; | |
1268 | ||
1269 | op_head = (struct xlog_op_header *)offset; | |
1270 | if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) { | |
1271 | /* | |
1272 | * Set tail and last sync so that newly written log | |
1273 | * records will point recovery to after the current | |
1274 | * unmount record. | |
1275 | */ | |
1276 | xlog_assign_atomic_lsn(&log->l_tail_lsn, | |
1277 | log->l_curr_cycle, after_umount_blk); | |
1278 | xlog_assign_atomic_lsn(&log->l_last_sync_lsn, | |
1279 | log->l_curr_cycle, after_umount_blk); | |
1280 | *tail_blk = after_umount_blk; | |
1281 | ||
1282 | *clean = true; | |
1283 | } | |
1284 | } | |
1285 | ||
1286 | return 0; | |
1287 | } | |
1288 | ||
717bc0eb BF |
1289 | static void |
1290 | xlog_set_state( | |
1291 | struct xlog *log, | |
1292 | xfs_daddr_t head_blk, | |
1293 | struct xlog_rec_header *rhead, | |
1294 | xfs_daddr_t rhead_blk, | |
1295 | bool bump_cycle) | |
1296 | { | |
1297 | /* | |
1298 | * Reset log values according to the state of the log when we | |
1299 | * crashed. In the case where head_blk == 0, we bump curr_cycle | |
1300 | * one because the next write starts a new cycle rather than | |
1301 | * continuing the cycle of the last good log record. At this | |
1302 | * point we have guaranteed that all partial log records have been | |
1303 | * accounted for. Therefore, we know that the last good log record | |
1304 | * written was complete and ended exactly on the end boundary | |
1305 | * of the physical log. | |
1306 | */ | |
1307 | log->l_prev_block = rhead_blk; | |
1308 | log->l_curr_block = (int)head_blk; | |
1309 | log->l_curr_cycle = be32_to_cpu(rhead->h_cycle); | |
1310 | if (bump_cycle) | |
1311 | log->l_curr_cycle++; | |
1312 | atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn)); | |
1313 | atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn)); | |
1314 | xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle, | |
1315 | BBTOB(log->l_curr_block)); | |
1316 | xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle, | |
1317 | BBTOB(log->l_curr_block)); | |
1318 | } | |
1319 | ||
1da177e4 LT |
1320 | /* |
1321 | * Find the sync block number or the tail of the log. | |
1322 | * | |
1323 | * This will be the block number of the last record to have its | |
1324 | * associated buffers synced to disk. Every log record header has | |
1325 | * a sync lsn embedded in it. LSNs hold block numbers, so it is easy | |
1326 | * to get a sync block number. The only concern is to figure out which | |
1327 | * log record header to believe. | |
1328 | * | |
1329 | * The following algorithm uses the log record header with the largest | |
1330 | * lsn. The entire log record does not need to be valid. We only care | |
1331 | * that the header is valid. | |
1332 | * | |
1333 | * We could speed up search by using current head_blk buffer, but it is not | |
1334 | * available. | |
1335 | */ | |
5d77c0dc | 1336 | STATIC int |
1da177e4 | 1337 | xlog_find_tail( |
9a8d2fdb | 1338 | struct xlog *log, |
1da177e4 | 1339 | xfs_daddr_t *head_blk, |
65be6054 | 1340 | xfs_daddr_t *tail_blk) |
1da177e4 LT |
1341 | { |
1342 | xlog_rec_header_t *rhead; | |
b2a922cd | 1343 | char *offset = NULL; |
1da177e4 | 1344 | xfs_buf_t *bp; |
7088c413 | 1345 | int error; |
7088c413 | 1346 | xfs_daddr_t rhead_blk; |
1da177e4 | 1347 | xfs_lsn_t tail_lsn; |
eed6b462 | 1348 | bool wrapped = false; |
65b99a08 | 1349 | bool clean = false; |
1da177e4 LT |
1350 | |
1351 | /* | |
1352 | * Find previous log record | |
1353 | */ | |
1354 | if ((error = xlog_find_head(log, head_blk))) | |
1355 | return error; | |
82ff6cc2 | 1356 | ASSERT(*head_blk < INT_MAX); |
1da177e4 LT |
1357 | |
1358 | bp = xlog_get_bp(log, 1); | |
1359 | if (!bp) | |
2451337d | 1360 | return -ENOMEM; |
1da177e4 | 1361 | if (*head_blk == 0) { /* special case */ |
076e6acb CH |
1362 | error = xlog_bread(log, 0, 1, bp, &offset); |
1363 | if (error) | |
9db127ed | 1364 | goto done; |
076e6acb | 1365 | |
03bea6fe | 1366 | if (xlog_get_cycle(offset) == 0) { |
1da177e4 LT |
1367 | *tail_blk = 0; |
1368 | /* leave all other log inited values alone */ | |
9db127ed | 1369 | goto done; |
1da177e4 LT |
1370 | } |
1371 | } | |
1372 | ||
1373 | /* | |
82ff6cc2 BF |
1374 | * Search backwards through the log looking for the log record header |
1375 | * block. This wraps all the way back around to the head so something is | |
1376 | * seriously wrong if we can't find it. | |
1da177e4 | 1377 | */ |
82ff6cc2 BF |
1378 | error = xlog_rseek_logrec_hdr(log, *head_blk, *head_blk, 1, bp, |
1379 | &rhead_blk, &rhead, &wrapped); | |
1380 | if (error < 0) | |
1381 | return error; | |
1382 | if (!error) { | |
1383 | xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__); | |
1384 | return -EIO; | |
1385 | } | |
1386 | *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn)); | |
1da177e4 LT |
1387 | |
1388 | /* | |
717bc0eb | 1389 | * Set the log state based on the current head record. |
1da177e4 | 1390 | */ |
717bc0eb | 1391 | xlog_set_state(log, *head_blk, rhead, rhead_blk, wrapped); |
65b99a08 | 1392 | tail_lsn = atomic64_read(&log->l_tail_lsn); |
1da177e4 LT |
1393 | |
1394 | /* | |
65b99a08 BF |
1395 | * Look for an unmount record at the head of the log. This sets the log |
1396 | * state to determine whether recovery is necessary. | |
1da177e4 | 1397 | */ |
65b99a08 BF |
1398 | error = xlog_check_unmount_rec(log, head_blk, tail_blk, rhead, |
1399 | rhead_blk, bp, &clean); | |
1400 | if (error) | |
1401 | goto done; | |
1da177e4 LT |
1402 | |
1403 | /* | |
7f6aff3a BF |
1404 | * Verify the log head if the log is not clean (e.g., we have anything |
1405 | * but an unmount record at the head). This uses CRC verification to | |
1406 | * detect and trim torn writes. If discovered, CRC failures are | |
1407 | * considered torn writes and the log head is trimmed accordingly. | |
1da177e4 | 1408 | * |
7f6aff3a BF |
1409 | * Note that we can only run CRC verification when the log is dirty |
1410 | * because there's no guarantee that the log data behind an unmount | |
1411 | * record is compatible with the current architecture. | |
1da177e4 | 1412 | */ |
7f6aff3a BF |
1413 | if (!clean) { |
1414 | xfs_daddr_t orig_head = *head_blk; | |
1da177e4 | 1415 | |
7f6aff3a BF |
1416 | error = xlog_verify_head(log, head_blk, tail_blk, bp, |
1417 | &rhead_blk, &rhead, &wrapped); | |
076e6acb | 1418 | if (error) |
9db127ed | 1419 | goto done; |
076e6acb | 1420 | |
7f6aff3a BF |
1421 | /* update in-core state again if the head changed */ |
1422 | if (*head_blk != orig_head) { | |
1423 | xlog_set_state(log, *head_blk, rhead, rhead_blk, | |
1424 | wrapped); | |
1425 | tail_lsn = atomic64_read(&log->l_tail_lsn); | |
1426 | error = xlog_check_unmount_rec(log, head_blk, tail_blk, | |
1427 | rhead, rhead_blk, bp, | |
1428 | &clean); | |
1429 | if (error) | |
1430 | goto done; | |
1da177e4 LT |
1431 | } |
1432 | } | |
1433 | ||
65b99a08 BF |
1434 | /* |
1435 | * Note that the unmount was clean. If the unmount was not clean, we | |
1436 | * need to know this to rebuild the superblock counters from the perag | |
1437 | * headers if we have a filesystem using non-persistent counters. | |
1438 | */ | |
1439 | if (clean) | |
1440 | log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN; | |
1da177e4 LT |
1441 | |
1442 | /* | |
1443 | * Make sure that there are no blocks in front of the head | |
1444 | * with the same cycle number as the head. This can happen | |
1445 | * because we allow multiple outstanding log writes concurrently, | |
1446 | * and the later writes might make it out before earlier ones. | |
1447 | * | |
1448 | * We use the lsn from before modifying it so that we'll never | |
1449 | * overwrite the unmount record after a clean unmount. | |
1450 | * | |
1451 | * Do this only if we are going to recover the filesystem | |
1452 | * | |
1453 | * NOTE: This used to say "if (!readonly)" | |
1454 | * However on Linux, we can & do recover a read-only filesystem. | |
1455 | * We only skip recovery if NORECOVERY is specified on mount, | |
1456 | * in which case we would not be here. | |
1457 | * | |
1458 | * But... if the -device- itself is readonly, just skip this. | |
1459 | * We can't recover this device anyway, so it won't matter. | |
1460 | */ | |
9db127ed | 1461 | if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp)) |
1da177e4 | 1462 | error = xlog_clear_stale_blocks(log, tail_lsn); |
1da177e4 | 1463 | |
9db127ed | 1464 | done: |
1da177e4 LT |
1465 | xlog_put_bp(bp); |
1466 | ||
1467 | if (error) | |
a0fa2b67 | 1468 | xfs_warn(log->l_mp, "failed to locate log tail"); |
1da177e4 LT |
1469 | return error; |
1470 | } | |
1471 | ||
1472 | /* | |
1473 | * Is the log zeroed at all? | |
1474 | * | |
1475 | * The last binary search should be changed to perform an X block read | |
1476 | * once X becomes small enough. You can then search linearly through | |
1477 | * the X blocks. This will cut down on the number of reads we need to do. | |
1478 | * | |
1479 | * If the log is partially zeroed, this routine will pass back the blkno | |
1480 | * of the first block with cycle number 0. It won't have a complete LR | |
1481 | * preceding it. | |
1482 | * | |
1483 | * Return: | |
1484 | * 0 => the log is completely written to | |
2451337d DC |
1485 | * 1 => use *blk_no as the first block of the log |
1486 | * <0 => error has occurred | |
1da177e4 | 1487 | */ |
a8272ce0 | 1488 | STATIC int |
1da177e4 | 1489 | xlog_find_zeroed( |
9a8d2fdb | 1490 | struct xlog *log, |
1da177e4 LT |
1491 | xfs_daddr_t *blk_no) |
1492 | { | |
1493 | xfs_buf_t *bp; | |
b2a922cd | 1494 | char *offset; |
1da177e4 LT |
1495 | uint first_cycle, last_cycle; |
1496 | xfs_daddr_t new_blk, last_blk, start_blk; | |
1497 | xfs_daddr_t num_scan_bblks; | |
1498 | int error, log_bbnum = log->l_logBBsize; | |
1499 | ||
6fdf8ccc NS |
1500 | *blk_no = 0; |
1501 | ||
1da177e4 LT |
1502 | /* check totally zeroed log */ |
1503 | bp = xlog_get_bp(log, 1); | |
1504 | if (!bp) | |
2451337d | 1505 | return -ENOMEM; |
076e6acb CH |
1506 | error = xlog_bread(log, 0, 1, bp, &offset); |
1507 | if (error) | |
1da177e4 | 1508 | goto bp_err; |
076e6acb | 1509 | |
03bea6fe | 1510 | first_cycle = xlog_get_cycle(offset); |
1da177e4 LT |
1511 | if (first_cycle == 0) { /* completely zeroed log */ |
1512 | *blk_no = 0; | |
1513 | xlog_put_bp(bp); | |
2451337d | 1514 | return 1; |
1da177e4 LT |
1515 | } |
1516 | ||
1517 | /* check partially zeroed log */ | |
076e6acb CH |
1518 | error = xlog_bread(log, log_bbnum-1, 1, bp, &offset); |
1519 | if (error) | |
1da177e4 | 1520 | goto bp_err; |
076e6acb | 1521 | |
03bea6fe | 1522 | last_cycle = xlog_get_cycle(offset); |
1da177e4 LT |
1523 | if (last_cycle != 0) { /* log completely written to */ |
1524 | xlog_put_bp(bp); | |
1525 | return 0; | |
1526 | } else if (first_cycle != 1) { | |
1527 | /* | |
1528 | * If the cycle of the last block is zero, the cycle of | |
1529 | * the first block must be 1. If it's not, maybe we're | |
1530 | * not looking at a log... Bail out. | |
1531 | */ | |
a0fa2b67 DC |
1532 | xfs_warn(log->l_mp, |
1533 | "Log inconsistent or not a log (last==0, first!=1)"); | |
2451337d | 1534 | error = -EINVAL; |
5d0a6549 | 1535 | goto bp_err; |
1da177e4 LT |
1536 | } |
1537 | ||
1538 | /* we have a partially zeroed log */ | |
1539 | last_blk = log_bbnum-1; | |
1540 | if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0))) | |
1541 | goto bp_err; | |
1542 | ||
1543 | /* | |
1544 | * Validate the answer. Because there is no way to guarantee that | |
1545 | * the entire log is made up of log records which are the same size, | |
1546 | * we scan over the defined maximum blocks. At this point, the maximum | |
1547 | * is not chosen to mean anything special. XXXmiken | |
1548 | */ | |
1549 | num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log); | |
1550 | ASSERT(num_scan_bblks <= INT_MAX); | |
1551 | ||
1552 | if (last_blk < num_scan_bblks) | |
1553 | num_scan_bblks = last_blk; | |
1554 | start_blk = last_blk - num_scan_bblks; | |
1555 | ||
1556 | /* | |
1557 | * We search for any instances of cycle number 0 that occur before | |
1558 | * our current estimate of the head. What we're trying to detect is | |
1559 | * 1 ... | 0 | 1 | 0... | |
1560 | * ^ binary search ends here | |
1561 | */ | |
1562 | if ((error = xlog_find_verify_cycle(log, start_blk, | |
1563 | (int)num_scan_bblks, 0, &new_blk))) | |
1564 | goto bp_err; | |
1565 | if (new_blk != -1) | |
1566 | last_blk = new_blk; | |
1567 | ||
1568 | /* | |
1569 | * Potentially backup over partial log record write. We don't need | |
1570 | * to search the end of the log because we know it is zero. | |
1571 | */ | |
2451337d DC |
1572 | error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0); |
1573 | if (error == 1) | |
1574 | error = -EIO; | |
1575 | if (error) | |
1576 | goto bp_err; | |
1da177e4 LT |
1577 | |
1578 | *blk_no = last_blk; | |
1579 | bp_err: | |
1580 | xlog_put_bp(bp); | |
1581 | if (error) | |
1582 | return error; | |
2451337d | 1583 | return 1; |
1da177e4 LT |
1584 | } |
1585 | ||
1586 | /* | |
1587 | * These are simple subroutines used by xlog_clear_stale_blocks() below | |
1588 | * to initialize a buffer full of empty log record headers and write | |
1589 | * them into the log. | |
1590 | */ | |
1591 | STATIC void | |
1592 | xlog_add_record( | |
9a8d2fdb | 1593 | struct xlog *log, |
b2a922cd | 1594 | char *buf, |
1da177e4 LT |
1595 | int cycle, |
1596 | int block, | |
1597 | int tail_cycle, | |
1598 | int tail_block) | |
1599 | { | |
1600 | xlog_rec_header_t *recp = (xlog_rec_header_t *)buf; | |
1601 | ||
1602 | memset(buf, 0, BBSIZE); | |
b53e675d CH |
1603 | recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM); |
1604 | recp->h_cycle = cpu_to_be32(cycle); | |
1605 | recp->h_version = cpu_to_be32( | |
62118709 | 1606 | xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1); |
b53e675d CH |
1607 | recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block)); |
1608 | recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block)); | |
1609 | recp->h_fmt = cpu_to_be32(XLOG_FMT); | |
1da177e4 LT |
1610 | memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t)); |
1611 | } | |
1612 | ||
1613 | STATIC int | |
1614 | xlog_write_log_records( | |
9a8d2fdb | 1615 | struct xlog *log, |
1da177e4 LT |
1616 | int cycle, |
1617 | int start_block, | |
1618 | int blocks, | |
1619 | int tail_cycle, | |
1620 | int tail_block) | |
1621 | { | |
b2a922cd | 1622 | char *offset; |
1da177e4 LT |
1623 | xfs_buf_t *bp; |
1624 | int balign, ealign; | |
69ce58f0 | 1625 | int sectbb = log->l_sectBBsize; |
1da177e4 LT |
1626 | int end_block = start_block + blocks; |
1627 | int bufblks; | |
1628 | int error = 0; | |
1629 | int i, j = 0; | |
1630 | ||
6881a229 AE |
1631 | /* |
1632 | * Greedily allocate a buffer big enough to handle the full | |
1633 | * range of basic blocks to be written. If that fails, try | |
1634 | * a smaller size. We need to be able to write at least a | |
1635 | * log sector, or we're out of luck. | |
1636 | */ | |
1da177e4 | 1637 | bufblks = 1 << ffs(blocks); |
81158e0c DC |
1638 | while (bufblks > log->l_logBBsize) |
1639 | bufblks >>= 1; | |
1da177e4 LT |
1640 | while (!(bp = xlog_get_bp(log, bufblks))) { |
1641 | bufblks >>= 1; | |
69ce58f0 | 1642 | if (bufblks < sectbb) |
2451337d | 1643 | return -ENOMEM; |
1da177e4 LT |
1644 | } |
1645 | ||
1646 | /* We may need to do a read at the start to fill in part of | |
1647 | * the buffer in the starting sector not covered by the first | |
1648 | * write below. | |
1649 | */ | |
5c17f533 | 1650 | balign = round_down(start_block, sectbb); |
1da177e4 | 1651 | if (balign != start_block) { |
076e6acb CH |
1652 | error = xlog_bread_noalign(log, start_block, 1, bp); |
1653 | if (error) | |
1654 | goto out_put_bp; | |
1655 | ||
1da177e4 LT |
1656 | j = start_block - balign; |
1657 | } | |
1658 | ||
1659 | for (i = start_block; i < end_block; i += bufblks) { | |
1660 | int bcount, endcount; | |
1661 | ||
1662 | bcount = min(bufblks, end_block - start_block); | |
1663 | endcount = bcount - j; | |
1664 | ||
1665 | /* We may need to do a read at the end to fill in part of | |
1666 | * the buffer in the final sector not covered by the write. | |
1667 | * If this is the same sector as the above read, skip it. | |
1668 | */ | |
5c17f533 | 1669 | ealign = round_down(end_block, sectbb); |
1da177e4 | 1670 | if (j == 0 && (start_block + endcount > ealign)) { |
62926044 | 1671 | offset = bp->b_addr + BBTOB(ealign - start_block); |
44396476 DC |
1672 | error = xlog_bread_offset(log, ealign, sectbb, |
1673 | bp, offset); | |
076e6acb CH |
1674 | if (error) |
1675 | break; | |
1676 | ||
1da177e4 LT |
1677 | } |
1678 | ||
1679 | offset = xlog_align(log, start_block, endcount, bp); | |
1680 | for (; j < endcount; j++) { | |
1681 | xlog_add_record(log, offset, cycle, i+j, | |
1682 | tail_cycle, tail_block); | |
1683 | offset += BBSIZE; | |
1684 | } | |
1685 | error = xlog_bwrite(log, start_block, endcount, bp); | |
1686 | if (error) | |
1687 | break; | |
1688 | start_block += endcount; | |
1689 | j = 0; | |
1690 | } | |
076e6acb CH |
1691 | |
1692 | out_put_bp: | |
1da177e4 LT |
1693 | xlog_put_bp(bp); |
1694 | return error; | |
1695 | } | |
1696 | ||
1697 | /* | |
1698 | * This routine is called to blow away any incomplete log writes out | |
1699 | * in front of the log head. We do this so that we won't become confused | |
1700 | * if we come up, write only a little bit more, and then crash again. | |
1701 | * If we leave the partial log records out there, this situation could | |
1702 | * cause us to think those partial writes are valid blocks since they | |
1703 | * have the current cycle number. We get rid of them by overwriting them | |
1704 | * with empty log records with the old cycle number rather than the | |
1705 | * current one. | |
1706 | * | |
1707 | * The tail lsn is passed in rather than taken from | |
1708 | * the log so that we will not write over the unmount record after a | |
1709 | * clean unmount in a 512 block log. Doing so would leave the log without | |
1710 | * any valid log records in it until a new one was written. If we crashed | |
1711 | * during that time we would not be able to recover. | |
1712 | */ | |
1713 | STATIC int | |
1714 | xlog_clear_stale_blocks( | |
9a8d2fdb | 1715 | struct xlog *log, |
1da177e4 LT |
1716 | xfs_lsn_t tail_lsn) |
1717 | { | |
1718 | int tail_cycle, head_cycle; | |
1719 | int tail_block, head_block; | |
1720 | int tail_distance, max_distance; | |
1721 | int distance; | |
1722 | int error; | |
1723 | ||
1724 | tail_cycle = CYCLE_LSN(tail_lsn); | |
1725 | tail_block = BLOCK_LSN(tail_lsn); | |
1726 | head_cycle = log->l_curr_cycle; | |
1727 | head_block = log->l_curr_block; | |
1728 | ||
1729 | /* | |
1730 | * Figure out the distance between the new head of the log | |
1731 | * and the tail. We want to write over any blocks beyond the | |
1732 | * head that we may have written just before the crash, but | |
1733 | * we don't want to overwrite the tail of the log. | |
1734 | */ | |
1735 | if (head_cycle == tail_cycle) { | |
1736 | /* | |
1737 | * The tail is behind the head in the physical log, | |
1738 | * so the distance from the head to the tail is the | |
1739 | * distance from the head to the end of the log plus | |
1740 | * the distance from the beginning of the log to the | |
1741 | * tail. | |
1742 | */ | |
1743 | if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) { | |
1744 | XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)", | |
1745 | XFS_ERRLEVEL_LOW, log->l_mp); | |
2451337d | 1746 | return -EFSCORRUPTED; |
1da177e4 LT |
1747 | } |
1748 | tail_distance = tail_block + (log->l_logBBsize - head_block); | |
1749 | } else { | |
1750 | /* | |
1751 | * The head is behind the tail in the physical log, | |
1752 | * so the distance from the head to the tail is just | |
1753 | * the tail block minus the head block. | |
1754 | */ | |
1755 | if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){ | |
1756 | XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)", | |
1757 | XFS_ERRLEVEL_LOW, log->l_mp); | |
2451337d | 1758 | return -EFSCORRUPTED; |
1da177e4 LT |
1759 | } |
1760 | tail_distance = tail_block - head_block; | |
1761 | } | |
1762 | ||
1763 | /* | |
1764 | * If the head is right up against the tail, we can't clear | |
1765 | * anything. | |
1766 | */ | |
1767 | if (tail_distance <= 0) { | |
1768 | ASSERT(tail_distance == 0); | |
1769 | return 0; | |
1770 | } | |
1771 | ||
1772 | max_distance = XLOG_TOTAL_REC_SHIFT(log); | |
1773 | /* | |
1774 | * Take the smaller of the maximum amount of outstanding I/O | |
1775 | * we could have and the distance to the tail to clear out. | |
1776 | * We take the smaller so that we don't overwrite the tail and | |
1777 | * we don't waste all day writing from the head to the tail | |
1778 | * for no reason. | |
1779 | */ | |
1780 | max_distance = MIN(max_distance, tail_distance); | |
1781 | ||
1782 | if ((head_block + max_distance) <= log->l_logBBsize) { | |
1783 | /* | |
1784 | * We can stomp all the blocks we need to without | |
1785 | * wrapping around the end of the log. Just do it | |
1786 | * in a single write. Use the cycle number of the | |
1787 | * current cycle minus one so that the log will look like: | |
1788 | * n ... | n - 1 ... | |
1789 | */ | |
1790 | error = xlog_write_log_records(log, (head_cycle - 1), | |
1791 | head_block, max_distance, tail_cycle, | |
1792 | tail_block); | |
1793 | if (error) | |
1794 | return error; | |
1795 | } else { | |
1796 | /* | |
1797 | * We need to wrap around the end of the physical log in | |
1798 | * order to clear all the blocks. Do it in two separate | |
1799 | * I/Os. The first write should be from the head to the | |
1800 | * end of the physical log, and it should use the current | |
1801 | * cycle number minus one just like above. | |
1802 | */ | |
1803 | distance = log->l_logBBsize - head_block; | |
1804 | error = xlog_write_log_records(log, (head_cycle - 1), | |
1805 | head_block, distance, tail_cycle, | |
1806 | tail_block); | |
1807 | ||
1808 | if (error) | |
1809 | return error; | |
1810 | ||
1811 | /* | |
1812 | * Now write the blocks at the start of the physical log. | |
1813 | * This writes the remainder of the blocks we want to clear. | |
1814 | * It uses the current cycle number since we're now on the | |
1815 | * same cycle as the head so that we get: | |
1816 | * n ... n ... | n - 1 ... | |
1817 | * ^^^^^ blocks we're writing | |
1818 | */ | |
1819 | distance = max_distance - (log->l_logBBsize - head_block); | |
1820 | error = xlog_write_log_records(log, head_cycle, 0, distance, | |
1821 | tail_cycle, tail_block); | |
1822 | if (error) | |
1823 | return error; | |
1824 | } | |
1825 | ||
1826 | return 0; | |
1827 | } | |
1828 | ||
1829 | /****************************************************************************** | |
1830 | * | |
1831 | * Log recover routines | |
1832 | * | |
1833 | ****************************************************************************** | |
1834 | */ | |
1835 | ||
f0a76953 | 1836 | /* |
a775ad77 DC |
1837 | * Sort the log items in the transaction. |
1838 | * | |
1839 | * The ordering constraints are defined by the inode allocation and unlink | |
1840 | * behaviour. The rules are: | |
1841 | * | |
1842 | * 1. Every item is only logged once in a given transaction. Hence it | |
1843 | * represents the last logged state of the item. Hence ordering is | |
1844 | * dependent on the order in which operations need to be performed so | |
1845 | * required initial conditions are always met. | |
1846 | * | |
1847 | * 2. Cancelled buffers are recorded in pass 1 in a separate table and | |
1848 | * there's nothing to replay from them so we can simply cull them | |
1849 | * from the transaction. However, we can't do that until after we've | |
1850 | * replayed all the other items because they may be dependent on the | |
1851 | * cancelled buffer and replaying the cancelled buffer can remove it | |
1852 | * form the cancelled buffer table. Hence they have tobe done last. | |
1853 | * | |
1854 | * 3. Inode allocation buffers must be replayed before inode items that | |
28c8e41a DC |
1855 | * read the buffer and replay changes into it. For filesystems using the |
1856 | * ICREATE transactions, this means XFS_LI_ICREATE objects need to get | |
1857 | * treated the same as inode allocation buffers as they create and | |
1858 | * initialise the buffers directly. | |
a775ad77 DC |
1859 | * |
1860 | * 4. Inode unlink buffers must be replayed after inode items are replayed. | |
1861 | * This ensures that inodes are completely flushed to the inode buffer | |
1862 | * in a "free" state before we remove the unlinked inode list pointer. | |
1863 | * | |
1864 | * Hence the ordering needs to be inode allocation buffers first, inode items | |
1865 | * second, inode unlink buffers third and cancelled buffers last. | |
1866 | * | |
1867 | * But there's a problem with that - we can't tell an inode allocation buffer | |
1868 | * apart from a regular buffer, so we can't separate them. We can, however, | |
1869 | * tell an inode unlink buffer from the others, and so we can separate them out | |
1870 | * from all the other buffers and move them to last. | |
1871 | * | |
1872 | * Hence, 4 lists, in order from head to tail: | |
28c8e41a DC |
1873 | * - buffer_list for all buffers except cancelled/inode unlink buffers |
1874 | * - item_list for all non-buffer items | |
1875 | * - inode_buffer_list for inode unlink buffers | |
1876 | * - cancel_list for the cancelled buffers | |
1877 | * | |
1878 | * Note that we add objects to the tail of the lists so that first-to-last | |
1879 | * ordering is preserved within the lists. Adding objects to the head of the | |
1880 | * list means when we traverse from the head we walk them in last-to-first | |
1881 | * order. For cancelled buffers and inode unlink buffers this doesn't matter, | |
1882 | * but for all other items there may be specific ordering that we need to | |
1883 | * preserve. | |
f0a76953 | 1884 | */ |
1da177e4 LT |
1885 | STATIC int |
1886 | xlog_recover_reorder_trans( | |
ad223e60 MT |
1887 | struct xlog *log, |
1888 | struct xlog_recover *trans, | |
9abbc539 | 1889 | int pass) |
1da177e4 | 1890 | { |
f0a76953 | 1891 | xlog_recover_item_t *item, *n; |
2a84108f | 1892 | int error = 0; |
f0a76953 | 1893 | LIST_HEAD(sort_list); |
a775ad77 DC |
1894 | LIST_HEAD(cancel_list); |
1895 | LIST_HEAD(buffer_list); | |
1896 | LIST_HEAD(inode_buffer_list); | |
1897 | LIST_HEAD(inode_list); | |
f0a76953 DC |
1898 | |
1899 | list_splice_init(&trans->r_itemq, &sort_list); | |
1900 | list_for_each_entry_safe(item, n, &sort_list, ri_list) { | |
4e0d5f92 | 1901 | xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr; |
1da177e4 | 1902 | |
f0a76953 | 1903 | switch (ITEM_TYPE(item)) { |
28c8e41a DC |
1904 | case XFS_LI_ICREATE: |
1905 | list_move_tail(&item->ri_list, &buffer_list); | |
1906 | break; | |
1da177e4 | 1907 | case XFS_LI_BUF: |
a775ad77 | 1908 | if (buf_f->blf_flags & XFS_BLF_CANCEL) { |
9abbc539 DC |
1909 | trace_xfs_log_recover_item_reorder_head(log, |
1910 | trans, item, pass); | |
a775ad77 | 1911 | list_move(&item->ri_list, &cancel_list); |
1da177e4 LT |
1912 | break; |
1913 | } | |
a775ad77 DC |
1914 | if (buf_f->blf_flags & XFS_BLF_INODE_BUF) { |
1915 | list_move(&item->ri_list, &inode_buffer_list); | |
1916 | break; | |
1917 | } | |
1918 | list_move_tail(&item->ri_list, &buffer_list); | |
1919 | break; | |
1da177e4 | 1920 | case XFS_LI_INODE: |
1da177e4 LT |
1921 | case XFS_LI_DQUOT: |
1922 | case XFS_LI_QUOTAOFF: | |
1923 | case XFS_LI_EFD: | |
1924 | case XFS_LI_EFI: | |
9e88b5d8 DW |
1925 | case XFS_LI_RUI: |
1926 | case XFS_LI_RUD: | |
9abbc539 DC |
1927 | trace_xfs_log_recover_item_reorder_tail(log, |
1928 | trans, item, pass); | |
a775ad77 | 1929 | list_move_tail(&item->ri_list, &inode_list); |
1da177e4 LT |
1930 | break; |
1931 | default: | |
a0fa2b67 DC |
1932 | xfs_warn(log->l_mp, |
1933 | "%s: unrecognized type of log operation", | |
1934 | __func__); | |
1da177e4 | 1935 | ASSERT(0); |
2a84108f MT |
1936 | /* |
1937 | * return the remaining items back to the transaction | |
1938 | * item list so they can be freed in caller. | |
1939 | */ | |
1940 | if (!list_empty(&sort_list)) | |
1941 | list_splice_init(&sort_list, &trans->r_itemq); | |
2451337d | 1942 | error = -EIO; |
2a84108f | 1943 | goto out; |
1da177e4 | 1944 | } |
f0a76953 | 1945 | } |
2a84108f | 1946 | out: |
f0a76953 | 1947 | ASSERT(list_empty(&sort_list)); |
a775ad77 DC |
1948 | if (!list_empty(&buffer_list)) |
1949 | list_splice(&buffer_list, &trans->r_itemq); | |
1950 | if (!list_empty(&inode_list)) | |
1951 | list_splice_tail(&inode_list, &trans->r_itemq); | |
1952 | if (!list_empty(&inode_buffer_list)) | |
1953 | list_splice_tail(&inode_buffer_list, &trans->r_itemq); | |
1954 | if (!list_empty(&cancel_list)) | |
1955 | list_splice_tail(&cancel_list, &trans->r_itemq); | |
2a84108f | 1956 | return error; |
1da177e4 LT |
1957 | } |
1958 | ||
1959 | /* | |
1960 | * Build up the table of buf cancel records so that we don't replay | |
1961 | * cancelled data in the second pass. For buffer records that are | |
1962 | * not cancel records, there is nothing to do here so we just return. | |
1963 | * | |
1964 | * If we get a cancel record which is already in the table, this indicates | |
1965 | * that the buffer was cancelled multiple times. In order to ensure | |
1966 | * that during pass 2 we keep the record in the table until we reach its | |
1967 | * last occurrence in the log, we keep a reference count in the cancel | |
1968 | * record in the table to tell us how many times we expect to see this | |
1969 | * record during the second pass. | |
1970 | */ | |
c9f71f5f CH |
1971 | STATIC int |
1972 | xlog_recover_buffer_pass1( | |
ad223e60 MT |
1973 | struct xlog *log, |
1974 | struct xlog_recover_item *item) | |
1da177e4 | 1975 | { |
c9f71f5f | 1976 | xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr; |
d5689eaa CH |
1977 | struct list_head *bucket; |
1978 | struct xfs_buf_cancel *bcp; | |
1da177e4 LT |
1979 | |
1980 | /* | |
1981 | * If this isn't a cancel buffer item, then just return. | |
1982 | */ | |
e2714bf8 | 1983 | if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) { |
9abbc539 | 1984 | trace_xfs_log_recover_buf_not_cancel(log, buf_f); |
c9f71f5f | 1985 | return 0; |
9abbc539 | 1986 | } |
1da177e4 LT |
1987 | |
1988 | /* | |
d5689eaa CH |
1989 | * Insert an xfs_buf_cancel record into the hash table of them. |
1990 | * If there is already an identical record, bump its reference count. | |
1da177e4 | 1991 | */ |
d5689eaa CH |
1992 | bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno); |
1993 | list_for_each_entry(bcp, bucket, bc_list) { | |
1994 | if (bcp->bc_blkno == buf_f->blf_blkno && | |
1995 | bcp->bc_len == buf_f->blf_len) { | |
1996 | bcp->bc_refcount++; | |
9abbc539 | 1997 | trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f); |
c9f71f5f | 1998 | return 0; |
1da177e4 | 1999 | } |
d5689eaa CH |
2000 | } |
2001 | ||
2002 | bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP); | |
2003 | bcp->bc_blkno = buf_f->blf_blkno; | |
2004 | bcp->bc_len = buf_f->blf_len; | |
1da177e4 | 2005 | bcp->bc_refcount = 1; |
d5689eaa CH |
2006 | list_add_tail(&bcp->bc_list, bucket); |
2007 | ||
9abbc539 | 2008 | trace_xfs_log_recover_buf_cancel_add(log, buf_f); |
c9f71f5f | 2009 | return 0; |
1da177e4 LT |
2010 | } |
2011 | ||
2012 | /* | |
2013 | * Check to see whether the buffer being recovered has a corresponding | |
84a5b730 DC |
2014 | * entry in the buffer cancel record table. If it is, return the cancel |
2015 | * buffer structure to the caller. | |
1da177e4 | 2016 | */ |
84a5b730 DC |
2017 | STATIC struct xfs_buf_cancel * |
2018 | xlog_peek_buffer_cancelled( | |
ad223e60 | 2019 | struct xlog *log, |
1da177e4 LT |
2020 | xfs_daddr_t blkno, |
2021 | uint len, | |
2022 | ushort flags) | |
2023 | { | |
d5689eaa CH |
2024 | struct list_head *bucket; |
2025 | struct xfs_buf_cancel *bcp; | |
1da177e4 | 2026 | |
84a5b730 DC |
2027 | if (!log->l_buf_cancel_table) { |
2028 | /* empty table means no cancelled buffers in the log */ | |
c1155410 | 2029 | ASSERT(!(flags & XFS_BLF_CANCEL)); |
84a5b730 | 2030 | return NULL; |
1da177e4 LT |
2031 | } |
2032 | ||
d5689eaa CH |
2033 | bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno); |
2034 | list_for_each_entry(bcp, bucket, bc_list) { | |
2035 | if (bcp->bc_blkno == blkno && bcp->bc_len == len) | |
84a5b730 | 2036 | return bcp; |
1da177e4 | 2037 | } |
d5689eaa | 2038 | |
1da177e4 | 2039 | /* |
d5689eaa CH |
2040 | * We didn't find a corresponding entry in the table, so return 0 so |
2041 | * that the buffer is NOT cancelled. | |
1da177e4 | 2042 | */ |
c1155410 | 2043 | ASSERT(!(flags & XFS_BLF_CANCEL)); |
84a5b730 DC |
2044 | return NULL; |
2045 | } | |
2046 | ||
2047 | /* | |
2048 | * If the buffer is being cancelled then return 1 so that it will be cancelled, | |
2049 | * otherwise return 0. If the buffer is actually a buffer cancel item | |
2050 | * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the | |
2051 | * table and remove it from the table if this is the last reference. | |
2052 | * | |
2053 | * We remove the cancel record from the table when we encounter its last | |
2054 | * occurrence in the log so that if the same buffer is re-used again after its | |
2055 | * last cancellation we actually replay the changes made at that point. | |
2056 | */ | |
2057 | STATIC int | |
2058 | xlog_check_buffer_cancelled( | |
2059 | struct xlog *log, | |
2060 | xfs_daddr_t blkno, | |
2061 | uint len, | |
2062 | ushort flags) | |
2063 | { | |
2064 | struct xfs_buf_cancel *bcp; | |
2065 | ||
2066 | bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags); | |
2067 | if (!bcp) | |
2068 | return 0; | |
d5689eaa | 2069 | |
d5689eaa CH |
2070 | /* |
2071 | * We've go a match, so return 1 so that the recovery of this buffer | |
2072 | * is cancelled. If this buffer is actually a buffer cancel log | |
2073 | * item, then decrement the refcount on the one in the table and | |
2074 | * remove it if this is the last reference. | |
2075 | */ | |
2076 | if (flags & XFS_BLF_CANCEL) { | |
2077 | if (--bcp->bc_refcount == 0) { | |
2078 | list_del(&bcp->bc_list); | |
2079 | kmem_free(bcp); | |
2080 | } | |
2081 | } | |
2082 | return 1; | |
1da177e4 LT |
2083 | } |
2084 | ||
1da177e4 | 2085 | /* |
e2714bf8 CH |
2086 | * Perform recovery for a buffer full of inodes. In these buffers, the only |
2087 | * data which should be recovered is that which corresponds to the | |
2088 | * di_next_unlinked pointers in the on disk inode structures. The rest of the | |
2089 | * data for the inodes is always logged through the inodes themselves rather | |
2090 | * than the inode buffer and is recovered in xlog_recover_inode_pass2(). | |
1da177e4 | 2091 | * |
e2714bf8 CH |
2092 | * The only time when buffers full of inodes are fully recovered is when the |
2093 | * buffer is full of newly allocated inodes. In this case the buffer will | |
2094 | * not be marked as an inode buffer and so will be sent to | |
2095 | * xlog_recover_do_reg_buffer() below during recovery. | |
1da177e4 LT |
2096 | */ |
2097 | STATIC int | |
2098 | xlog_recover_do_inode_buffer( | |
e2714bf8 | 2099 | struct xfs_mount *mp, |
1da177e4 | 2100 | xlog_recover_item_t *item, |
e2714bf8 | 2101 | struct xfs_buf *bp, |
1da177e4 LT |
2102 | xfs_buf_log_format_t *buf_f) |
2103 | { | |
2104 | int i; | |
e2714bf8 CH |
2105 | int item_index = 0; |
2106 | int bit = 0; | |
2107 | int nbits = 0; | |
2108 | int reg_buf_offset = 0; | |
2109 | int reg_buf_bytes = 0; | |
1da177e4 LT |
2110 | int next_unlinked_offset; |
2111 | int inodes_per_buf; | |
2112 | xfs_agino_t *logged_nextp; | |
2113 | xfs_agino_t *buffer_nextp; | |
1da177e4 | 2114 | |
9abbc539 | 2115 | trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f); |
9222a9cf DC |
2116 | |
2117 | /* | |
2118 | * Post recovery validation only works properly on CRC enabled | |
2119 | * filesystems. | |
2120 | */ | |
2121 | if (xfs_sb_version_hascrc(&mp->m_sb)) | |
2122 | bp->b_ops = &xfs_inode_buf_ops; | |
9abbc539 | 2123 | |
aa0e8833 | 2124 | inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog; |
1da177e4 LT |
2125 | for (i = 0; i < inodes_per_buf; i++) { |
2126 | next_unlinked_offset = (i * mp->m_sb.sb_inodesize) + | |
2127 | offsetof(xfs_dinode_t, di_next_unlinked); | |
2128 | ||
2129 | while (next_unlinked_offset >= | |
2130 | (reg_buf_offset + reg_buf_bytes)) { | |
2131 | /* | |
2132 | * The next di_next_unlinked field is beyond | |
2133 | * the current logged region. Find the next | |
2134 | * logged region that contains or is beyond | |
2135 | * the current di_next_unlinked field. | |
2136 | */ | |
2137 | bit += nbits; | |
e2714bf8 CH |
2138 | bit = xfs_next_bit(buf_f->blf_data_map, |
2139 | buf_f->blf_map_size, bit); | |
1da177e4 LT |
2140 | |
2141 | /* | |
2142 | * If there are no more logged regions in the | |
2143 | * buffer, then we're done. | |
2144 | */ | |
e2714bf8 | 2145 | if (bit == -1) |
1da177e4 | 2146 | return 0; |
1da177e4 | 2147 | |
e2714bf8 CH |
2148 | nbits = xfs_contig_bits(buf_f->blf_data_map, |
2149 | buf_f->blf_map_size, bit); | |
1da177e4 | 2150 | ASSERT(nbits > 0); |
c1155410 DC |
2151 | reg_buf_offset = bit << XFS_BLF_SHIFT; |
2152 | reg_buf_bytes = nbits << XFS_BLF_SHIFT; | |
1da177e4 LT |
2153 | item_index++; |
2154 | } | |
2155 | ||
2156 | /* | |
2157 | * If the current logged region starts after the current | |
2158 | * di_next_unlinked field, then move on to the next | |
2159 | * di_next_unlinked field. | |
2160 | */ | |
e2714bf8 | 2161 | if (next_unlinked_offset < reg_buf_offset) |
1da177e4 | 2162 | continue; |
1da177e4 LT |
2163 | |
2164 | ASSERT(item->ri_buf[item_index].i_addr != NULL); | |
c1155410 | 2165 | ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0); |
aa0e8833 DC |
2166 | ASSERT((reg_buf_offset + reg_buf_bytes) <= |
2167 | BBTOB(bp->b_io_length)); | |
1da177e4 LT |
2168 | |
2169 | /* | |
2170 | * The current logged region contains a copy of the | |
2171 | * current di_next_unlinked field. Extract its value | |
2172 | * and copy it to the buffer copy. | |
2173 | */ | |
4e0d5f92 CH |
2174 | logged_nextp = item->ri_buf[item_index].i_addr + |
2175 | next_unlinked_offset - reg_buf_offset; | |
1da177e4 | 2176 | if (unlikely(*logged_nextp == 0)) { |
a0fa2b67 DC |
2177 | xfs_alert(mp, |
2178 | "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). " | |
2179 | "Trying to replay bad (0) inode di_next_unlinked field.", | |
1da177e4 LT |
2180 | item, bp); |
2181 | XFS_ERROR_REPORT("xlog_recover_do_inode_buf", | |
2182 | XFS_ERRLEVEL_LOW, mp); | |
2451337d | 2183 | return -EFSCORRUPTED; |
1da177e4 LT |
2184 | } |
2185 | ||
88ee2df7 | 2186 | buffer_nextp = xfs_buf_offset(bp, next_unlinked_offset); |
87c199c2 | 2187 | *buffer_nextp = *logged_nextp; |
0a32c26e DC |
2188 | |
2189 | /* | |
2190 | * If necessary, recalculate the CRC in the on-disk inode. We | |
2191 | * have to leave the inode in a consistent state for whoever | |
2192 | * reads it next.... | |
2193 | */ | |
88ee2df7 | 2194 | xfs_dinode_calc_crc(mp, |
0a32c26e DC |
2195 | xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize)); |
2196 | ||
1da177e4 LT |
2197 | } |
2198 | ||
2199 | return 0; | |
2200 | } | |
2201 | ||
50d5c8d8 DC |
2202 | /* |
2203 | * V5 filesystems know the age of the buffer on disk being recovered. We can | |
2204 | * have newer objects on disk than we are replaying, and so for these cases we | |
2205 | * don't want to replay the current change as that will make the buffer contents | |
2206 | * temporarily invalid on disk. | |
2207 | * | |
2208 | * The magic number might not match the buffer type we are going to recover | |
2209 | * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence | |
2210 | * extract the LSN of the existing object in the buffer based on it's current | |
2211 | * magic number. If we don't recognise the magic number in the buffer, then | |
2212 | * return a LSN of -1 so that the caller knows it was an unrecognised block and | |
2213 | * so can recover the buffer. | |
566055d3 DC |
2214 | * |
2215 | * Note: we cannot rely solely on magic number matches to determine that the | |
2216 | * buffer has a valid LSN - we also need to verify that it belongs to this | |
2217 | * filesystem, so we need to extract the object's LSN and compare it to that | |
2218 | * which we read from the superblock. If the UUIDs don't match, then we've got a | |
2219 | * stale metadata block from an old filesystem instance that we need to recover | |
2220 | * over the top of. | |
50d5c8d8 DC |
2221 | */ |
2222 | static xfs_lsn_t | |
2223 | xlog_recover_get_buf_lsn( | |
2224 | struct xfs_mount *mp, | |
2225 | struct xfs_buf *bp) | |
2226 | { | |
2227 | __uint32_t magic32; | |
2228 | __uint16_t magic16; | |
2229 | __uint16_t magicda; | |
2230 | void *blk = bp->b_addr; | |
566055d3 DC |
2231 | uuid_t *uuid; |
2232 | xfs_lsn_t lsn = -1; | |
50d5c8d8 DC |
2233 | |
2234 | /* v4 filesystems always recover immediately */ | |
2235 | if (!xfs_sb_version_hascrc(&mp->m_sb)) | |
2236 | goto recover_immediately; | |
2237 | ||
2238 | magic32 = be32_to_cpu(*(__be32 *)blk); | |
2239 | switch (magic32) { | |
2240 | case XFS_ABTB_CRC_MAGIC: | |
2241 | case XFS_ABTC_CRC_MAGIC: | |
2242 | case XFS_ABTB_MAGIC: | |
2243 | case XFS_ABTC_MAGIC: | |
a650e8f9 | 2244 | case XFS_RMAP_CRC_MAGIC: |
50d5c8d8 | 2245 | case XFS_IBT_CRC_MAGIC: |
566055d3 DC |
2246 | case XFS_IBT_MAGIC: { |
2247 | struct xfs_btree_block *btb = blk; | |
2248 | ||
2249 | lsn = be64_to_cpu(btb->bb_u.s.bb_lsn); | |
2250 | uuid = &btb->bb_u.s.bb_uuid; | |
2251 | break; | |
2252 | } | |
50d5c8d8 | 2253 | case XFS_BMAP_CRC_MAGIC: |
566055d3 DC |
2254 | case XFS_BMAP_MAGIC: { |
2255 | struct xfs_btree_block *btb = blk; | |
2256 | ||
2257 | lsn = be64_to_cpu(btb->bb_u.l.bb_lsn); | |
2258 | uuid = &btb->bb_u.l.bb_uuid; | |
2259 | break; | |
2260 | } | |
50d5c8d8 | 2261 | case XFS_AGF_MAGIC: |
566055d3 DC |
2262 | lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn); |
2263 | uuid = &((struct xfs_agf *)blk)->agf_uuid; | |
2264 | break; | |
50d5c8d8 | 2265 | case XFS_AGFL_MAGIC: |
566055d3 DC |
2266 | lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn); |
2267 | uuid = &((struct xfs_agfl *)blk)->agfl_uuid; | |
2268 | break; | |
50d5c8d8 | 2269 | case XFS_AGI_MAGIC: |
566055d3 DC |
2270 | lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn); |
2271 | uuid = &((struct xfs_agi *)blk)->agi_uuid; | |
2272 | break; | |
50d5c8d8 | 2273 | case XFS_SYMLINK_MAGIC: |
566055d3 DC |
2274 | lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn); |
2275 | uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid; | |
2276 | break; | |
50d5c8d8 DC |
2277 | case XFS_DIR3_BLOCK_MAGIC: |
2278 | case XFS_DIR3_DATA_MAGIC: | |
2279 | case XFS_DIR3_FREE_MAGIC: | |
566055d3 DC |
2280 | lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn); |
2281 | uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid; | |
2282 | break; | |
50d5c8d8 | 2283 | case XFS_ATTR3_RMT_MAGIC: |
e3c32ee9 DC |
2284 | /* |
2285 | * Remote attr blocks are written synchronously, rather than | |
2286 | * being logged. That means they do not contain a valid LSN | |
2287 | * (i.e. transactionally ordered) in them, and hence any time we | |
2288 | * see a buffer to replay over the top of a remote attribute | |
2289 | * block we should simply do so. | |
2290 | */ | |
2291 | goto recover_immediately; | |
50d5c8d8 | 2292 | case XFS_SB_MAGIC: |
fcfbe2c4 DC |
2293 | /* |
2294 | * superblock uuids are magic. We may or may not have a | |
2295 | * sb_meta_uuid on disk, but it will be set in the in-core | |
2296 | * superblock. We set the uuid pointer for verification | |
2297 | * according to the superblock feature mask to ensure we check | |
2298 | * the relevant UUID in the superblock. | |
2299 | */ | |
566055d3 | 2300 | lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn); |
fcfbe2c4 DC |
2301 | if (xfs_sb_version_hasmetauuid(&mp->m_sb)) |
2302 | uuid = &((struct xfs_dsb *)blk)->sb_meta_uuid; | |
2303 | else | |
2304 | uuid = &((struct xfs_dsb *)blk)->sb_uuid; | |
566055d3 | 2305 | break; |
50d5c8d8 DC |
2306 | default: |
2307 | break; | |
2308 | } | |
2309 | ||
566055d3 | 2310 | if (lsn != (xfs_lsn_t)-1) { |
fcfbe2c4 | 2311 | if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid)) |
566055d3 DC |
2312 | goto recover_immediately; |
2313 | return lsn; | |
2314 | } | |
2315 | ||
50d5c8d8 DC |
2316 | magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic); |
2317 | switch (magicda) { | |
2318 | case XFS_DIR3_LEAF1_MAGIC: | |
2319 | case XFS_DIR3_LEAFN_MAGIC: | |
2320 | case XFS_DA3_NODE_MAGIC: | |
566055d3 DC |
2321 | lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn); |
2322 | uuid = &((struct xfs_da3_blkinfo *)blk)->uuid; | |
2323 | break; | |
50d5c8d8 DC |
2324 | default: |
2325 | break; | |
2326 | } | |
2327 | ||
566055d3 DC |
2328 | if (lsn != (xfs_lsn_t)-1) { |
2329 | if (!uuid_equal(&mp->m_sb.sb_uuid, uuid)) | |
2330 | goto recover_immediately; | |
2331 | return lsn; | |
2332 | } | |
2333 | ||
50d5c8d8 DC |
2334 | /* |
2335 | * We do individual object checks on dquot and inode buffers as they | |
2336 | * have their own individual LSN records. Also, we could have a stale | |
2337 | * buffer here, so we have to at least recognise these buffer types. | |
2338 | * | |
2339 | * A notd complexity here is inode unlinked list processing - it logs | |
2340 | * the inode directly in the buffer, but we don't know which inodes have | |
2341 | * been modified, and there is no global buffer LSN. Hence we need to | |
2342 | * recover all inode buffer types immediately. This problem will be | |
2343 | * fixed by logical logging of the unlinked list modifications. | |
2344 | */ | |
2345 | magic16 = be16_to_cpu(*(__be16 *)blk); | |
2346 | switch (magic16) { | |
2347 | case XFS_DQUOT_MAGIC: | |
2348 | case XFS_DINODE_MAGIC: | |
2349 | goto recover_immediately; | |
2350 | default: | |
2351 | break; | |
2352 | } | |
2353 | ||
2354 | /* unknown buffer contents, recover immediately */ | |
2355 | ||
2356 | recover_immediately: | |
2357 | return (xfs_lsn_t)-1; | |
2358 | ||
2359 | } | |
2360 | ||
1da177e4 | 2361 | /* |
d75afeb3 DC |
2362 | * Validate the recovered buffer is of the correct type and attach the |
2363 | * appropriate buffer operations to them for writeback. Magic numbers are in a | |
2364 | * few places: | |
2365 | * the first 16 bits of the buffer (inode buffer, dquot buffer), | |
2366 | * the first 32 bits of the buffer (most blocks), | |
2367 | * inside a struct xfs_da_blkinfo at the start of the buffer. | |
1da177e4 | 2368 | */ |
d75afeb3 | 2369 | static void |
50d5c8d8 | 2370 | xlog_recover_validate_buf_type( |
9abbc539 | 2371 | struct xfs_mount *mp, |
e2714bf8 | 2372 | struct xfs_buf *bp, |
22db9af2 BF |
2373 | xfs_buf_log_format_t *buf_f, |
2374 | xfs_lsn_t current_lsn) | |
1da177e4 | 2375 | { |
d75afeb3 DC |
2376 | struct xfs_da_blkinfo *info = bp->b_addr; |
2377 | __uint32_t magic32; | |
2378 | __uint16_t magic16; | |
2379 | __uint16_t magicda; | |
040c52c0 | 2380 | char *warnmsg = NULL; |
d75afeb3 | 2381 | |
67dc288c DC |
2382 | /* |
2383 | * We can only do post recovery validation on items on CRC enabled | |
2384 | * fielsystems as we need to know when the buffer was written to be able | |
2385 | * to determine if we should have replayed the item. If we replay old | |
2386 | * metadata over a newer buffer, then it will enter a temporarily | |
2387 | * inconsistent state resulting in verification failures. Hence for now | |
2388 | * just avoid the verification stage for non-crc filesystems | |
2389 | */ | |
2390 | if (!xfs_sb_version_hascrc(&mp->m_sb)) | |
2391 | return; | |
2392 | ||
d75afeb3 DC |
2393 | magic32 = be32_to_cpu(*(__be32 *)bp->b_addr); |
2394 | magic16 = be16_to_cpu(*(__be16*)bp->b_addr); | |
2395 | magicda = be16_to_cpu(info->magic); | |
61fe135c DC |
2396 | switch (xfs_blft_from_flags(buf_f)) { |
2397 | case XFS_BLFT_BTREE_BUF: | |
d75afeb3 | 2398 | switch (magic32) { |
ee1a47ab CH |
2399 | case XFS_ABTB_CRC_MAGIC: |
2400 | case XFS_ABTC_CRC_MAGIC: | |
2401 | case XFS_ABTB_MAGIC: | |
2402 | case XFS_ABTC_MAGIC: | |
2403 | bp->b_ops = &xfs_allocbt_buf_ops; | |
2404 | break; | |
2405 | case XFS_IBT_CRC_MAGIC: | |
aafc3c24 | 2406 | case XFS_FIBT_CRC_MAGIC: |
ee1a47ab | 2407 | case XFS_IBT_MAGIC: |
aafc3c24 | 2408 | case XFS_FIBT_MAGIC: |
ee1a47ab CH |
2409 | bp->b_ops = &xfs_inobt_buf_ops; |
2410 | break; | |
2411 | case XFS_BMAP_CRC_MAGIC: | |
2412 | case XFS_BMAP_MAGIC: | |
2413 | bp->b_ops = &xfs_bmbt_buf_ops; | |
2414 | break; | |
a650e8f9 DW |
2415 | case XFS_RMAP_CRC_MAGIC: |
2416 | bp->b_ops = &xfs_rmapbt_buf_ops; | |
2417 | break; | |
ee1a47ab | 2418 | default: |
040c52c0 | 2419 | warnmsg = "Bad btree block magic!"; |
ee1a47ab CH |
2420 | break; |
2421 | } | |
2422 | break; | |
61fe135c | 2423 | case XFS_BLFT_AGF_BUF: |
d75afeb3 | 2424 | if (magic32 != XFS_AGF_MAGIC) { |
040c52c0 | 2425 | warnmsg = "Bad AGF block magic!"; |
4e0e6040 DC |
2426 | break; |
2427 | } | |
2428 | bp->b_ops = &xfs_agf_buf_ops; | |
2429 | break; | |
61fe135c | 2430 | case XFS_BLFT_AGFL_BUF: |
d75afeb3 | 2431 | if (magic32 != XFS_AGFL_MAGIC) { |
040c52c0 | 2432 | warnmsg = "Bad AGFL block magic!"; |
77c95bba CH |
2433 | break; |
2434 | } | |
2435 | bp->b_ops = &xfs_agfl_buf_ops; | |
2436 | break; | |
61fe135c | 2437 | case XFS_BLFT_AGI_BUF: |
d75afeb3 | 2438 | if (magic32 != XFS_AGI_MAGIC) { |
040c52c0 | 2439 | warnmsg = "Bad AGI block magic!"; |
983d09ff DC |
2440 | break; |
2441 | } | |
2442 | bp->b_ops = &xfs_agi_buf_ops; | |
2443 | break; | |
61fe135c DC |
2444 | case XFS_BLFT_UDQUOT_BUF: |
2445 | case XFS_BLFT_PDQUOT_BUF: | |
2446 | case XFS_BLFT_GDQUOT_BUF: | |
123887e8 | 2447 | #ifdef CONFIG_XFS_QUOTA |
d75afeb3 | 2448 | if (magic16 != XFS_DQUOT_MAGIC) { |
040c52c0 | 2449 | warnmsg = "Bad DQUOT block magic!"; |
3fe58f30 CH |
2450 | break; |
2451 | } | |
2452 | bp->b_ops = &xfs_dquot_buf_ops; | |
123887e8 DC |
2453 | #else |
2454 | xfs_alert(mp, | |
2455 | "Trying to recover dquots without QUOTA support built in!"); | |
2456 | ASSERT(0); | |
2457 | #endif | |
3fe58f30 | 2458 | break; |
61fe135c | 2459 | case XFS_BLFT_DINO_BUF: |
d75afeb3 | 2460 | if (magic16 != XFS_DINODE_MAGIC) { |
040c52c0 | 2461 | warnmsg = "Bad INODE block magic!"; |
93848a99 CH |
2462 | break; |
2463 | } | |
2464 | bp->b_ops = &xfs_inode_buf_ops; | |
2465 | break; | |
61fe135c | 2466 | case XFS_BLFT_SYMLINK_BUF: |
d75afeb3 | 2467 | if (magic32 != XFS_SYMLINK_MAGIC) { |
040c52c0 | 2468 | warnmsg = "Bad symlink block magic!"; |
f948dd76 DC |
2469 | break; |
2470 | } | |
2471 | bp->b_ops = &xfs_symlink_buf_ops; | |
2472 | break; | |
61fe135c | 2473 | case XFS_BLFT_DIR_BLOCK_BUF: |
d75afeb3 DC |
2474 | if (magic32 != XFS_DIR2_BLOCK_MAGIC && |
2475 | magic32 != XFS_DIR3_BLOCK_MAGIC) { | |
040c52c0 | 2476 | warnmsg = "Bad dir block magic!"; |
d75afeb3 DC |
2477 | break; |
2478 | } | |
2479 | bp->b_ops = &xfs_dir3_block_buf_ops; | |
2480 | break; | |
61fe135c | 2481 | case XFS_BLFT_DIR_DATA_BUF: |
d75afeb3 DC |
2482 | if (magic32 != XFS_DIR2_DATA_MAGIC && |
2483 | magic32 != XFS_DIR3_DATA_MAGIC) { | |
040c52c0 | 2484 | warnmsg = "Bad dir data magic!"; |
d75afeb3 DC |
2485 | break; |
2486 | } | |
2487 | bp->b_ops = &xfs_dir3_data_buf_ops; | |
2488 | break; | |
61fe135c | 2489 | case XFS_BLFT_DIR_FREE_BUF: |
d75afeb3 DC |
2490 | if (magic32 != XFS_DIR2_FREE_MAGIC && |
2491 | magic32 != XFS_DIR3_FREE_MAGIC) { | |
040c52c0 | 2492 | warnmsg = "Bad dir3 free magic!"; |
d75afeb3 DC |
2493 | break; |
2494 | } | |
2495 | bp->b_ops = &xfs_dir3_free_buf_ops; | |
2496 | break; | |
61fe135c | 2497 | case XFS_BLFT_DIR_LEAF1_BUF: |
d75afeb3 DC |
2498 | if (magicda != XFS_DIR2_LEAF1_MAGIC && |
2499 | magicda != XFS_DIR3_LEAF1_MAGIC) { | |
040c52c0 | 2500 | warnmsg = "Bad dir leaf1 magic!"; |
d75afeb3 DC |
2501 | break; |
2502 | } | |
2503 | bp->b_ops = &xfs_dir3_leaf1_buf_ops; | |
2504 | break; | |
61fe135c | 2505 | case XFS_BLFT_DIR_LEAFN_BUF: |
d75afeb3 DC |
2506 | if (magicda != XFS_DIR2_LEAFN_MAGIC && |
2507 | magicda != XFS_DIR3_LEAFN_MAGIC) { | |
040c52c0 | 2508 | warnmsg = "Bad dir leafn magic!"; |
d75afeb3 DC |
2509 | break; |
2510 | } | |
2511 | bp->b_ops = &xfs_dir3_leafn_buf_ops; | |
2512 | break; | |
61fe135c | 2513 | case XFS_BLFT_DA_NODE_BUF: |
d75afeb3 DC |
2514 | if (magicda != XFS_DA_NODE_MAGIC && |
2515 | magicda != XFS_DA3_NODE_MAGIC) { | |
040c52c0 | 2516 | warnmsg = "Bad da node magic!"; |
d75afeb3 DC |
2517 | break; |
2518 | } | |
2519 | bp->b_ops = &xfs_da3_node_buf_ops; | |
2520 | break; | |
61fe135c | 2521 | case XFS_BLFT_ATTR_LEAF_BUF: |
d75afeb3 DC |
2522 | if (magicda != XFS_ATTR_LEAF_MAGIC && |
2523 | magicda != XFS_ATTR3_LEAF_MAGIC) { | |
040c52c0 | 2524 | warnmsg = "Bad attr leaf magic!"; |
d75afeb3 DC |
2525 | break; |
2526 | } | |
2527 | bp->b_ops = &xfs_attr3_leaf_buf_ops; | |
2528 | break; | |
61fe135c | 2529 | case XFS_BLFT_ATTR_RMT_BUF: |
cab09a81 | 2530 | if (magic32 != XFS_ATTR3_RMT_MAGIC) { |
040c52c0 | 2531 | warnmsg = "Bad attr remote magic!"; |
d75afeb3 DC |
2532 | break; |
2533 | } | |
2534 | bp->b_ops = &xfs_attr3_rmt_buf_ops; | |
2535 | break; | |
04a1e6c5 DC |
2536 | case XFS_BLFT_SB_BUF: |
2537 | if (magic32 != XFS_SB_MAGIC) { | |
040c52c0 | 2538 | warnmsg = "Bad SB block magic!"; |
04a1e6c5 DC |
2539 | break; |
2540 | } | |
2541 | bp->b_ops = &xfs_sb_buf_ops; | |
2542 | break; | |
f67ca6ec DC |
2543 | #ifdef CONFIG_XFS_RT |
2544 | case XFS_BLFT_RTBITMAP_BUF: | |
2545 | case XFS_BLFT_RTSUMMARY_BUF: | |
bf85e099 DC |
2546 | /* no magic numbers for verification of RT buffers */ |
2547 | bp->b_ops = &xfs_rtbuf_ops; | |
f67ca6ec DC |
2548 | break; |
2549 | #endif /* CONFIG_XFS_RT */ | |
ee1a47ab | 2550 | default: |
61fe135c DC |
2551 | xfs_warn(mp, "Unknown buffer type %d!", |
2552 | xfs_blft_from_flags(buf_f)); | |
ee1a47ab CH |
2553 | break; |
2554 | } | |
040c52c0 BF |
2555 | |
2556 | /* | |
60a4a222 BF |
2557 | * Nothing else to do in the case of a NULL current LSN as this means |
2558 | * the buffer is more recent than the change in the log and will be | |
2559 | * skipped. | |
040c52c0 | 2560 | */ |
60a4a222 BF |
2561 | if (current_lsn == NULLCOMMITLSN) |
2562 | return; | |
2563 | ||
2564 | if (warnmsg) { | |
040c52c0 BF |
2565 | xfs_warn(mp, warnmsg); |
2566 | ASSERT(0); | |
2567 | } | |
60a4a222 BF |
2568 | |
2569 | /* | |
2570 | * We must update the metadata LSN of the buffer as it is written out to | |
2571 | * ensure that older transactions never replay over this one and corrupt | |
2572 | * the buffer. This can occur if log recovery is interrupted at some | |
2573 | * point after the current transaction completes, at which point a | |
2574 | * subsequent mount starts recovery from the beginning. | |
2575 | * | |
2576 | * Write verifiers update the metadata LSN from log items attached to | |
2577 | * the buffer. Therefore, initialize a bli purely to carry the LSN to | |
2578 | * the verifier. We'll clean it up in our ->iodone() callback. | |
2579 | */ | |
2580 | if (bp->b_ops) { | |
2581 | struct xfs_buf_log_item *bip; | |
2582 | ||
2583 | ASSERT(!bp->b_iodone || bp->b_iodone == xlog_recover_iodone); | |
2584 | bp->b_iodone = xlog_recover_iodone; | |
2585 | xfs_buf_item_init(bp, mp); | |
2586 | bip = bp->b_fspriv; | |
2587 | bip->bli_item.li_lsn = current_lsn; | |
2588 | } | |
1da177e4 LT |
2589 | } |
2590 | ||
d75afeb3 DC |
2591 | /* |
2592 | * Perform a 'normal' buffer recovery. Each logged region of the | |
2593 | * buffer should be copied over the corresponding region in the | |
2594 | * given buffer. The bitmap in the buf log format structure indicates | |
2595 | * where to place the logged data. | |
2596 | */ | |
2597 | STATIC void | |
2598 | xlog_recover_do_reg_buffer( | |
2599 | struct xfs_mount *mp, | |
2600 | xlog_recover_item_t *item, | |
2601 | struct xfs_buf *bp, | |
22db9af2 BF |
2602 | xfs_buf_log_format_t *buf_f, |
2603 | xfs_lsn_t current_lsn) | |
d75afeb3 DC |
2604 | { |
2605 | int i; | |
2606 | int bit; | |
2607 | int nbits; | |
2608 | int error; | |
2609 | ||
2610 | trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f); | |
2611 | ||
2612 | bit = 0; | |
2613 | i = 1; /* 0 is the buf format structure */ | |
2614 | while (1) { | |
2615 | bit = xfs_next_bit(buf_f->blf_data_map, | |
2616 | buf_f->blf_map_size, bit); | |
2617 | if (bit == -1) | |
2618 | break; | |
2619 | nbits = xfs_contig_bits(buf_f->blf_data_map, | |
2620 | buf_f->blf_map_size, bit); | |
2621 | ASSERT(nbits > 0); | |
2622 | ASSERT(item->ri_buf[i].i_addr != NULL); | |
2623 | ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0); | |
2624 | ASSERT(BBTOB(bp->b_io_length) >= | |
2625 | ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT)); | |
2626 | ||
709da6a6 DC |
2627 | /* |
2628 | * The dirty regions logged in the buffer, even though | |
2629 | * contiguous, may span multiple chunks. This is because the | |
2630 | * dirty region may span a physical page boundary in a buffer | |
2631 | * and hence be split into two separate vectors for writing into | |
2632 | * the log. Hence we need to trim nbits back to the length of | |
2633 | * the current region being copied out of the log. | |
2634 | */ | |
2635 | if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT)) | |
2636 | nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT; | |
2637 | ||
d75afeb3 DC |
2638 | /* |
2639 | * Do a sanity check if this is a dquot buffer. Just checking | |
2640 | * the first dquot in the buffer should do. XXXThis is | |
2641 | * probably a good thing to do for other buf types also. | |
2642 | */ | |
2643 | error = 0; | |
2644 | if (buf_f->blf_flags & | |
2645 | (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) { | |
2646 | if (item->ri_buf[i].i_addr == NULL) { | |
2647 | xfs_alert(mp, | |
2648 | "XFS: NULL dquot in %s.", __func__); | |
2649 | goto next; | |
2650 | } | |
2651 | if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) { | |
2652 | xfs_alert(mp, | |
2653 | "XFS: dquot too small (%d) in %s.", | |
2654 | item->ri_buf[i].i_len, __func__); | |
2655 | goto next; | |
2656 | } | |
9aede1d8 | 2657 | error = xfs_dqcheck(mp, item->ri_buf[i].i_addr, |
d75afeb3 DC |
2658 | -1, 0, XFS_QMOPT_DOWARN, |
2659 | "dquot_buf_recover"); | |
2660 | if (error) | |
2661 | goto next; | |
2662 | } | |
2663 | ||
2664 | memcpy(xfs_buf_offset(bp, | |
2665 | (uint)bit << XFS_BLF_SHIFT), /* dest */ | |
2666 | item->ri_buf[i].i_addr, /* source */ | |
2667 | nbits<<XFS_BLF_SHIFT); /* length */ | |
2668 | next: | |
2669 | i++; | |
2670 | bit += nbits; | |
2671 | } | |
2672 | ||
2673 | /* Shouldn't be any more regions */ | |
2674 | ASSERT(i == item->ri_total); | |
2675 | ||
22db9af2 | 2676 | xlog_recover_validate_buf_type(mp, bp, buf_f, current_lsn); |
d75afeb3 DC |
2677 | } |
2678 | ||
1da177e4 LT |
2679 | /* |
2680 | * Perform a dquot buffer recovery. | |
8ba701ee | 2681 | * Simple algorithm: if we have found a QUOTAOFF log item of the same type |
1da177e4 LT |
2682 | * (ie. USR or GRP), then just toss this buffer away; don't recover it. |
2683 | * Else, treat it as a regular buffer and do recovery. | |
ad3714b8 DC |
2684 | * |
2685 | * Return false if the buffer was tossed and true if we recovered the buffer to | |
2686 | * indicate to the caller if the buffer needs writing. | |
1da177e4 | 2687 | */ |
ad3714b8 | 2688 | STATIC bool |
1da177e4 | 2689 | xlog_recover_do_dquot_buffer( |
9a8d2fdb MT |
2690 | struct xfs_mount *mp, |
2691 | struct xlog *log, | |
2692 | struct xlog_recover_item *item, | |
2693 | struct xfs_buf *bp, | |
2694 | struct xfs_buf_log_format *buf_f) | |
1da177e4 LT |
2695 | { |
2696 | uint type; | |
2697 | ||
9abbc539 DC |
2698 | trace_xfs_log_recover_buf_dquot_buf(log, buf_f); |
2699 | ||
1da177e4 LT |
2700 | /* |
2701 | * Filesystems are required to send in quota flags at mount time. | |
2702 | */ | |
ad3714b8 DC |
2703 | if (!mp->m_qflags) |
2704 | return false; | |
1da177e4 LT |
2705 | |
2706 | type = 0; | |
c1155410 | 2707 | if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF) |
1da177e4 | 2708 | type |= XFS_DQ_USER; |
c1155410 | 2709 | if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF) |
c8ad20ff | 2710 | type |= XFS_DQ_PROJ; |
c1155410 | 2711 | if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF) |
1da177e4 LT |
2712 | type |= XFS_DQ_GROUP; |
2713 | /* | |
2714 | * This type of quotas was turned off, so ignore this buffer | |
2715 | */ | |
2716 | if (log->l_quotaoffs_flag & type) | |
ad3714b8 | 2717 | return false; |
1da177e4 | 2718 | |
22db9af2 | 2719 | xlog_recover_do_reg_buffer(mp, item, bp, buf_f, NULLCOMMITLSN); |
ad3714b8 | 2720 | return true; |
1da177e4 LT |
2721 | } |
2722 | ||
2723 | /* | |
2724 | * This routine replays a modification made to a buffer at runtime. | |
2725 | * There are actually two types of buffer, regular and inode, which | |
2726 | * are handled differently. Inode buffers are handled differently | |
2727 | * in that we only recover a specific set of data from them, namely | |
2728 | * the inode di_next_unlinked fields. This is because all other inode | |
2729 | * data is actually logged via inode records and any data we replay | |
2730 | * here which overlaps that may be stale. | |
2731 | * | |
2732 | * When meta-data buffers are freed at run time we log a buffer item | |
c1155410 | 2733 | * with the XFS_BLF_CANCEL bit set to indicate that previous copies |
1da177e4 LT |
2734 | * of the buffer in the log should not be replayed at recovery time. |
2735 | * This is so that if the blocks covered by the buffer are reused for | |
2736 | * file data before we crash we don't end up replaying old, freed | |
2737 | * meta-data into a user's file. | |
2738 | * | |
2739 | * To handle the cancellation of buffer log items, we make two passes | |
2740 | * over the log during recovery. During the first we build a table of | |
2741 | * those buffers which have been cancelled, and during the second we | |
2742 | * only replay those buffers which do not have corresponding cancel | |
34be5ff3 | 2743 | * records in the table. See xlog_recover_buffer_pass[1,2] above |
1da177e4 LT |
2744 | * for more details on the implementation of the table of cancel records. |
2745 | */ | |
2746 | STATIC int | |
c9f71f5f | 2747 | xlog_recover_buffer_pass2( |
9a8d2fdb MT |
2748 | struct xlog *log, |
2749 | struct list_head *buffer_list, | |
50d5c8d8 DC |
2750 | struct xlog_recover_item *item, |
2751 | xfs_lsn_t current_lsn) | |
1da177e4 | 2752 | { |
4e0d5f92 | 2753 | xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr; |
e2714bf8 | 2754 | xfs_mount_t *mp = log->l_mp; |
1da177e4 LT |
2755 | xfs_buf_t *bp; |
2756 | int error; | |
6ad112bf | 2757 | uint buf_flags; |
50d5c8d8 | 2758 | xfs_lsn_t lsn; |
1da177e4 | 2759 | |
c9f71f5f CH |
2760 | /* |
2761 | * In this pass we only want to recover all the buffers which have | |
2762 | * not been cancelled and are not cancellation buffers themselves. | |
2763 | */ | |
2764 | if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno, | |
2765 | buf_f->blf_len, buf_f->blf_flags)) { | |
2766 | trace_xfs_log_recover_buf_cancel(log, buf_f); | |
1da177e4 | 2767 | return 0; |
1da177e4 | 2768 | } |
c9f71f5f | 2769 | |
9abbc539 | 2770 | trace_xfs_log_recover_buf_recover(log, buf_f); |
1da177e4 | 2771 | |
a8acad70 | 2772 | buf_flags = 0; |
611c9946 DC |
2773 | if (buf_f->blf_flags & XFS_BLF_INODE_BUF) |
2774 | buf_flags |= XBF_UNMAPPED; | |
6ad112bf | 2775 | |
e2714bf8 | 2776 | bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len, |
c3f8fc73 | 2777 | buf_flags, NULL); |
ac4d6888 | 2778 | if (!bp) |
2451337d | 2779 | return -ENOMEM; |
e5702805 | 2780 | error = bp->b_error; |
5a52c2a5 | 2781 | if (error) { |
901796af | 2782 | xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)"); |
50d5c8d8 | 2783 | goto out_release; |
1da177e4 LT |
2784 | } |
2785 | ||
50d5c8d8 | 2786 | /* |
67dc288c | 2787 | * Recover the buffer only if we get an LSN from it and it's less than |
50d5c8d8 | 2788 | * the lsn of the transaction we are replaying. |
67dc288c DC |
2789 | * |
2790 | * Note that we have to be extremely careful of readahead here. | |
2791 | * Readahead does not attach verfiers to the buffers so if we don't | |
2792 | * actually do any replay after readahead because of the LSN we found | |
2793 | * in the buffer if more recent than that current transaction then we | |
2794 | * need to attach the verifier directly. Failure to do so can lead to | |
2795 | * future recovery actions (e.g. EFI and unlinked list recovery) can | |
2796 | * operate on the buffers and they won't get the verifier attached. This | |
2797 | * can lead to blocks on disk having the correct content but a stale | |
2798 | * CRC. | |
2799 | * | |
2800 | * It is safe to assume these clean buffers are currently up to date. | |
2801 | * If the buffer is dirtied by a later transaction being replayed, then | |
2802 | * the verifier will be reset to match whatever recover turns that | |
2803 | * buffer into. | |
50d5c8d8 DC |
2804 | */ |
2805 | lsn = xlog_recover_get_buf_lsn(mp, bp); | |
67dc288c | 2806 | if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) { |
22db9af2 | 2807 | xlog_recover_validate_buf_type(mp, bp, buf_f, NULLCOMMITLSN); |
50d5c8d8 | 2808 | goto out_release; |
67dc288c | 2809 | } |
50d5c8d8 | 2810 | |
e2714bf8 | 2811 | if (buf_f->blf_flags & XFS_BLF_INODE_BUF) { |
1da177e4 | 2812 | error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f); |
ad3714b8 DC |
2813 | if (error) |
2814 | goto out_release; | |
e2714bf8 | 2815 | } else if (buf_f->blf_flags & |
c1155410 | 2816 | (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) { |
ad3714b8 DC |
2817 | bool dirty; |
2818 | ||
2819 | dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f); | |
2820 | if (!dirty) | |
2821 | goto out_release; | |
1da177e4 | 2822 | } else { |
22db9af2 | 2823 | xlog_recover_do_reg_buffer(mp, item, bp, buf_f, current_lsn); |
1da177e4 | 2824 | } |
1da177e4 LT |
2825 | |
2826 | /* | |
2827 | * Perform delayed write on the buffer. Asynchronous writes will be | |
2828 | * slower when taking into account all the buffers to be flushed. | |
2829 | * | |
2830 | * Also make sure that only inode buffers with good sizes stay in | |
2831 | * the buffer cache. The kernel moves inodes in buffers of 1 block | |
0f49efd8 | 2832 | * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode |
1da177e4 LT |
2833 | * buffers in the log can be a different size if the log was generated |
2834 | * by an older kernel using unclustered inode buffers or a newer kernel | |
2835 | * running with a different inode cluster size. Regardless, if the | |
0f49efd8 JL |
2836 | * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size) |
2837 | * for *our* value of mp->m_inode_cluster_size, then we need to keep | |
1da177e4 LT |
2838 | * the buffer out of the buffer cache so that the buffer won't |
2839 | * overlap with future reads of those inodes. | |
2840 | */ | |
2841 | if (XFS_DINODE_MAGIC == | |
b53e675d | 2842 | be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) && |
aa0e8833 | 2843 | (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize, |
0f49efd8 | 2844 | (__uint32_t)log->l_mp->m_inode_cluster_size))) { |
c867cb61 | 2845 | xfs_buf_stale(bp); |
c2b006c1 | 2846 | error = xfs_bwrite(bp); |
1da177e4 | 2847 | } else { |
ebad861b | 2848 | ASSERT(bp->b_target->bt_mount == mp); |
cb669ca5 | 2849 | bp->b_iodone = xlog_recover_iodone; |
43ff2122 | 2850 | xfs_buf_delwri_queue(bp, buffer_list); |
1da177e4 LT |
2851 | } |
2852 | ||
50d5c8d8 | 2853 | out_release: |
c2b006c1 CH |
2854 | xfs_buf_relse(bp); |
2855 | return error; | |
1da177e4 LT |
2856 | } |
2857 | ||
638f4416 DC |
2858 | /* |
2859 | * Inode fork owner changes | |
2860 | * | |
2861 | * If we have been told that we have to reparent the inode fork, it's because an | |
2862 | * extent swap operation on a CRC enabled filesystem has been done and we are | |
2863 | * replaying it. We need to walk the BMBT of the appropriate fork and change the | |
2864 | * owners of it. | |
2865 | * | |
2866 | * The complexity here is that we don't have an inode context to work with, so | |
2867 | * after we've replayed the inode we need to instantiate one. This is where the | |
2868 | * fun begins. | |
2869 | * | |
2870 | * We are in the middle of log recovery, so we can't run transactions. That | |
2871 | * means we cannot use cache coherent inode instantiation via xfs_iget(), as | |
2872 | * that will result in the corresponding iput() running the inode through | |
2873 | * xfs_inactive(). If we've just replayed an inode core that changes the link | |
2874 | * count to zero (i.e. it's been unlinked), then xfs_inactive() will run | |
2875 | * transactions (bad!). | |
2876 | * | |
2877 | * So, to avoid this, we instantiate an inode directly from the inode core we've | |
2878 | * just recovered. We have the buffer still locked, and all we really need to | |
2879 | * instantiate is the inode core and the forks being modified. We can do this | |
2880 | * manually, then run the inode btree owner change, and then tear down the | |
2881 | * xfs_inode without having to run any transactions at all. | |
2882 | * | |
2883 | * Also, because we don't have a transaction context available here but need to | |
2884 | * gather all the buffers we modify for writeback so we pass the buffer_list | |
2885 | * instead for the operation to use. | |
2886 | */ | |
2887 | ||
2888 | STATIC int | |
2889 | xfs_recover_inode_owner_change( | |
2890 | struct xfs_mount *mp, | |
2891 | struct xfs_dinode *dip, | |
2892 | struct xfs_inode_log_format *in_f, | |
2893 | struct list_head *buffer_list) | |
2894 | { | |
2895 | struct xfs_inode *ip; | |
2896 | int error; | |
2897 | ||
2898 | ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER)); | |
2899 | ||
2900 | ip = xfs_inode_alloc(mp, in_f->ilf_ino); | |
2901 | if (!ip) | |
2451337d | 2902 | return -ENOMEM; |
638f4416 DC |
2903 | |
2904 | /* instantiate the inode */ | |
3987848c | 2905 | xfs_inode_from_disk(ip, dip); |
638f4416 DC |
2906 | ASSERT(ip->i_d.di_version >= 3); |
2907 | ||
2908 | error = xfs_iformat_fork(ip, dip); | |
2909 | if (error) | |
2910 | goto out_free_ip; | |
2911 | ||
2912 | ||
2913 | if (in_f->ilf_fields & XFS_ILOG_DOWNER) { | |
2914 | ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT); | |
2915 | error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK, | |
2916 | ip->i_ino, buffer_list); | |
2917 | if (error) | |
2918 | goto out_free_ip; | |
2919 | } | |
2920 | ||
2921 | if (in_f->ilf_fields & XFS_ILOG_AOWNER) { | |
2922 | ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT); | |
2923 | error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK, | |
2924 | ip->i_ino, buffer_list); | |
2925 | if (error) | |
2926 | goto out_free_ip; | |
2927 | } | |
2928 | ||
2929 | out_free_ip: | |
2930 | xfs_inode_free(ip); | |
2931 | return error; | |
2932 | } | |
2933 | ||
1da177e4 | 2934 | STATIC int |
c9f71f5f | 2935 | xlog_recover_inode_pass2( |
9a8d2fdb MT |
2936 | struct xlog *log, |
2937 | struct list_head *buffer_list, | |
50d5c8d8 DC |
2938 | struct xlog_recover_item *item, |
2939 | xfs_lsn_t current_lsn) | |
1da177e4 LT |
2940 | { |
2941 | xfs_inode_log_format_t *in_f; | |
c9f71f5f | 2942 | xfs_mount_t *mp = log->l_mp; |
1da177e4 | 2943 | xfs_buf_t *bp; |
1da177e4 | 2944 | xfs_dinode_t *dip; |
1da177e4 | 2945 | int len; |
b2a922cd CH |
2946 | char *src; |
2947 | char *dest; | |
1da177e4 LT |
2948 | int error; |
2949 | int attr_index; | |
2950 | uint fields; | |
f8d55aa0 | 2951 | struct xfs_log_dinode *ldip; |
93848a99 | 2952 | uint isize; |
6d192a9b | 2953 | int need_free = 0; |
1da177e4 | 2954 | |
6d192a9b | 2955 | if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) { |
4e0d5f92 | 2956 | in_f = item->ri_buf[0].i_addr; |
6d192a9b | 2957 | } else { |
4e0d5f92 | 2958 | in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP); |
6d192a9b TS |
2959 | need_free = 1; |
2960 | error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f); | |
2961 | if (error) | |
2962 | goto error; | |
2963 | } | |
1da177e4 LT |
2964 | |
2965 | /* | |
2966 | * Inode buffers can be freed, look out for it, | |
2967 | * and do not replay the inode. | |
2968 | */ | |
a1941895 CH |
2969 | if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno, |
2970 | in_f->ilf_len, 0)) { | |
6d192a9b | 2971 | error = 0; |
9abbc539 | 2972 | trace_xfs_log_recover_inode_cancel(log, in_f); |
6d192a9b TS |
2973 | goto error; |
2974 | } | |
9abbc539 | 2975 | trace_xfs_log_recover_inode_recover(log, in_f); |
1da177e4 | 2976 | |
c3f8fc73 | 2977 | bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0, |
93848a99 | 2978 | &xfs_inode_buf_ops); |
ac4d6888 | 2979 | if (!bp) { |
2451337d | 2980 | error = -ENOMEM; |
ac4d6888 CS |
2981 | goto error; |
2982 | } | |
e5702805 | 2983 | error = bp->b_error; |
5a52c2a5 | 2984 | if (error) { |
901796af | 2985 | xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)"); |
638f4416 | 2986 | goto out_release; |
1da177e4 | 2987 | } |
1da177e4 | 2988 | ASSERT(in_f->ilf_fields & XFS_ILOG_CORE); |
88ee2df7 | 2989 | dip = xfs_buf_offset(bp, in_f->ilf_boffset); |
1da177e4 LT |
2990 | |
2991 | /* | |
2992 | * Make sure the place we're flushing out to really looks | |
2993 | * like an inode! | |
2994 | */ | |
69ef921b | 2995 | if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) { |
a0fa2b67 DC |
2996 | xfs_alert(mp, |
2997 | "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld", | |
2998 | __func__, dip, bp, in_f->ilf_ino); | |
c9f71f5f | 2999 | XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)", |
1da177e4 | 3000 | XFS_ERRLEVEL_LOW, mp); |
2451337d | 3001 | error = -EFSCORRUPTED; |
638f4416 | 3002 | goto out_release; |
1da177e4 | 3003 | } |
f8d55aa0 DC |
3004 | ldip = item->ri_buf[1].i_addr; |
3005 | if (unlikely(ldip->di_magic != XFS_DINODE_MAGIC)) { | |
a0fa2b67 DC |
3006 | xfs_alert(mp, |
3007 | "%s: Bad inode log record, rec ptr 0x%p, ino %Ld", | |
3008 | __func__, item, in_f->ilf_ino); | |
c9f71f5f | 3009 | XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)", |
1da177e4 | 3010 | XFS_ERRLEVEL_LOW, mp); |
2451337d | 3011 | error = -EFSCORRUPTED; |
638f4416 | 3012 | goto out_release; |
1da177e4 LT |
3013 | } |
3014 | ||
50d5c8d8 DC |
3015 | /* |
3016 | * If the inode has an LSN in it, recover the inode only if it's less | |
638f4416 DC |
3017 | * than the lsn of the transaction we are replaying. Note: we still |
3018 | * need to replay an owner change even though the inode is more recent | |
3019 | * than the transaction as there is no guarantee that all the btree | |
3020 | * blocks are more recent than this transaction, too. | |
50d5c8d8 DC |
3021 | */ |
3022 | if (dip->di_version >= 3) { | |
3023 | xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn); | |
3024 | ||
3025 | if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) { | |
3026 | trace_xfs_log_recover_inode_skip(log, in_f); | |
3027 | error = 0; | |
638f4416 | 3028 | goto out_owner_change; |
50d5c8d8 DC |
3029 | } |
3030 | } | |
3031 | ||
e60896d8 DC |
3032 | /* |
3033 | * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes | |
3034 | * are transactional and if ordering is necessary we can determine that | |
3035 | * more accurately by the LSN field in the V3 inode core. Don't trust | |
3036 | * the inode versions we might be changing them here - use the | |
3037 | * superblock flag to determine whether we need to look at di_flushiter | |
3038 | * to skip replay when the on disk inode is newer than the log one | |
3039 | */ | |
3040 | if (!xfs_sb_version_hascrc(&mp->m_sb) && | |
f8d55aa0 | 3041 | ldip->di_flushiter < be16_to_cpu(dip->di_flushiter)) { |
1da177e4 LT |
3042 | /* |
3043 | * Deal with the wrap case, DI_MAX_FLUSH is less | |
3044 | * than smaller numbers | |
3045 | */ | |
81591fe2 | 3046 | if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH && |
f8d55aa0 | 3047 | ldip->di_flushiter < (DI_MAX_FLUSH >> 1)) { |
1da177e4 LT |
3048 | /* do nothing */ |
3049 | } else { | |
9abbc539 | 3050 | trace_xfs_log_recover_inode_skip(log, in_f); |
6d192a9b | 3051 | error = 0; |
638f4416 | 3052 | goto out_release; |
1da177e4 LT |
3053 | } |
3054 | } | |
e60896d8 | 3055 | |
1da177e4 | 3056 | /* Take the opportunity to reset the flush iteration count */ |
f8d55aa0 | 3057 | ldip->di_flushiter = 0; |
1da177e4 | 3058 | |
f8d55aa0 DC |
3059 | if (unlikely(S_ISREG(ldip->di_mode))) { |
3060 | if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) && | |
3061 | (ldip->di_format != XFS_DINODE_FMT_BTREE)) { | |
c9f71f5f | 3062 | XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)", |
f8d55aa0 | 3063 | XFS_ERRLEVEL_LOW, mp, ldip); |
a0fa2b67 DC |
3064 | xfs_alert(mp, |
3065 | "%s: Bad regular inode log record, rec ptr 0x%p, " | |
3066 | "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld", | |
3067 | __func__, item, dip, bp, in_f->ilf_ino); | |
2451337d | 3068 | error = -EFSCORRUPTED; |
638f4416 | 3069 | goto out_release; |
1da177e4 | 3070 | } |
f8d55aa0 DC |
3071 | } else if (unlikely(S_ISDIR(ldip->di_mode))) { |
3072 | if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) && | |
3073 | (ldip->di_format != XFS_DINODE_FMT_BTREE) && | |
3074 | (ldip->di_format != XFS_DINODE_FMT_LOCAL)) { | |
c9f71f5f | 3075 | XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)", |
f8d55aa0 | 3076 | XFS_ERRLEVEL_LOW, mp, ldip); |
a0fa2b67 DC |
3077 | xfs_alert(mp, |
3078 | "%s: Bad dir inode log record, rec ptr 0x%p, " | |
3079 | "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld", | |
3080 | __func__, item, dip, bp, in_f->ilf_ino); | |
2451337d | 3081 | error = -EFSCORRUPTED; |
638f4416 | 3082 | goto out_release; |
1da177e4 LT |
3083 | } |
3084 | } | |
f8d55aa0 | 3085 | if (unlikely(ldip->di_nextents + ldip->di_anextents > ldip->di_nblocks)){ |
c9f71f5f | 3086 | XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)", |
f8d55aa0 | 3087 | XFS_ERRLEVEL_LOW, mp, ldip); |
a0fa2b67 DC |
3088 | xfs_alert(mp, |
3089 | "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, " | |
3090 | "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld", | |
3091 | __func__, item, dip, bp, in_f->ilf_ino, | |
f8d55aa0 DC |
3092 | ldip->di_nextents + ldip->di_anextents, |
3093 | ldip->di_nblocks); | |
2451337d | 3094 | error = -EFSCORRUPTED; |
638f4416 | 3095 | goto out_release; |
1da177e4 | 3096 | } |
f8d55aa0 | 3097 | if (unlikely(ldip->di_forkoff > mp->m_sb.sb_inodesize)) { |
c9f71f5f | 3098 | XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)", |
f8d55aa0 | 3099 | XFS_ERRLEVEL_LOW, mp, ldip); |
a0fa2b67 DC |
3100 | xfs_alert(mp, |
3101 | "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, " | |
3102 | "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__, | |
f8d55aa0 | 3103 | item, dip, bp, in_f->ilf_ino, ldip->di_forkoff); |
2451337d | 3104 | error = -EFSCORRUPTED; |
638f4416 | 3105 | goto out_release; |
1da177e4 | 3106 | } |
f8d55aa0 | 3107 | isize = xfs_log_dinode_size(ldip->di_version); |
93848a99 | 3108 | if (unlikely(item->ri_buf[1].i_len > isize)) { |
c9f71f5f | 3109 | XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)", |
f8d55aa0 | 3110 | XFS_ERRLEVEL_LOW, mp, ldip); |
a0fa2b67 DC |
3111 | xfs_alert(mp, |
3112 | "%s: Bad inode log record length %d, rec ptr 0x%p", | |
3113 | __func__, item->ri_buf[1].i_len, item); | |
2451337d | 3114 | error = -EFSCORRUPTED; |
638f4416 | 3115 | goto out_release; |
1da177e4 LT |
3116 | } |
3117 | ||
3987848c DC |
3118 | /* recover the log dinode inode into the on disk inode */ |
3119 | xfs_log_dinode_to_disk(ldip, dip); | |
1da177e4 LT |
3120 | |
3121 | /* the rest is in on-disk format */ | |
93848a99 CH |
3122 | if (item->ri_buf[1].i_len > isize) { |
3123 | memcpy((char *)dip + isize, | |
3124 | item->ri_buf[1].i_addr + isize, | |
3125 | item->ri_buf[1].i_len - isize); | |
1da177e4 LT |
3126 | } |
3127 | ||
3128 | fields = in_f->ilf_fields; | |
3129 | switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) { | |
3130 | case XFS_ILOG_DEV: | |
81591fe2 | 3131 | xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev); |
1da177e4 LT |
3132 | break; |
3133 | case XFS_ILOG_UUID: | |
81591fe2 CH |
3134 | memcpy(XFS_DFORK_DPTR(dip), |
3135 | &in_f->ilf_u.ilfu_uuid, | |
3136 | sizeof(uuid_t)); | |
1da177e4 LT |
3137 | break; |
3138 | } | |
3139 | ||
3140 | if (in_f->ilf_size == 2) | |
638f4416 | 3141 | goto out_owner_change; |
1da177e4 LT |
3142 | len = item->ri_buf[2].i_len; |
3143 | src = item->ri_buf[2].i_addr; | |
3144 | ASSERT(in_f->ilf_size <= 4); | |
3145 | ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK)); | |
3146 | ASSERT(!(fields & XFS_ILOG_DFORK) || | |
3147 | (len == in_f->ilf_dsize)); | |
3148 | ||
3149 | switch (fields & XFS_ILOG_DFORK) { | |
3150 | case XFS_ILOG_DDATA: | |
3151 | case XFS_ILOG_DEXT: | |
81591fe2 | 3152 | memcpy(XFS_DFORK_DPTR(dip), src, len); |
1da177e4 LT |
3153 | break; |
3154 | ||
3155 | case XFS_ILOG_DBROOT: | |
7cc95a82 | 3156 | xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len, |
81591fe2 | 3157 | (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip), |
1da177e4 LT |
3158 | XFS_DFORK_DSIZE(dip, mp)); |
3159 | break; | |
3160 | ||
3161 | default: | |
3162 | /* | |
3163 | * There are no data fork flags set. | |
3164 | */ | |
3165 | ASSERT((fields & XFS_ILOG_DFORK) == 0); | |
3166 | break; | |
3167 | } | |
3168 | ||
3169 | /* | |
3170 | * If we logged any attribute data, recover it. There may or | |
3171 | * may not have been any other non-core data logged in this | |
3172 | * transaction. | |
3173 | */ | |
3174 | if (in_f->ilf_fields & XFS_ILOG_AFORK) { | |
3175 | if (in_f->ilf_fields & XFS_ILOG_DFORK) { | |
3176 | attr_index = 3; | |
3177 | } else { | |
3178 | attr_index = 2; | |
3179 | } | |
3180 | len = item->ri_buf[attr_index].i_len; | |
3181 | src = item->ri_buf[attr_index].i_addr; | |
3182 | ASSERT(len == in_f->ilf_asize); | |
3183 | ||
3184 | switch (in_f->ilf_fields & XFS_ILOG_AFORK) { | |
3185 | case XFS_ILOG_ADATA: | |
3186 | case XFS_ILOG_AEXT: | |
3187 | dest = XFS_DFORK_APTR(dip); | |
3188 | ASSERT(len <= XFS_DFORK_ASIZE(dip, mp)); | |
3189 | memcpy(dest, src, len); | |
3190 | break; | |
3191 | ||
3192 | case XFS_ILOG_ABROOT: | |
3193 | dest = XFS_DFORK_APTR(dip); | |
7cc95a82 CH |
3194 | xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, |
3195 | len, (xfs_bmdr_block_t*)dest, | |
1da177e4 LT |
3196 | XFS_DFORK_ASIZE(dip, mp)); |
3197 | break; | |
3198 | ||
3199 | default: | |
a0fa2b67 | 3200 | xfs_warn(log->l_mp, "%s: Invalid flag", __func__); |
1da177e4 | 3201 | ASSERT(0); |
2451337d | 3202 | error = -EIO; |
638f4416 | 3203 | goto out_release; |
1da177e4 LT |
3204 | } |
3205 | } | |
3206 | ||
638f4416 DC |
3207 | out_owner_change: |
3208 | if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER)) | |
3209 | error = xfs_recover_inode_owner_change(mp, dip, in_f, | |
3210 | buffer_list); | |
93848a99 CH |
3211 | /* re-generate the checksum. */ |
3212 | xfs_dinode_calc_crc(log->l_mp, dip); | |
3213 | ||
ebad861b | 3214 | ASSERT(bp->b_target->bt_mount == mp); |
cb669ca5 | 3215 | bp->b_iodone = xlog_recover_iodone; |
43ff2122 | 3216 | xfs_buf_delwri_queue(bp, buffer_list); |
50d5c8d8 DC |
3217 | |
3218 | out_release: | |
61551f1e | 3219 | xfs_buf_relse(bp); |
6d192a9b TS |
3220 | error: |
3221 | if (need_free) | |
f0e2d93c | 3222 | kmem_free(in_f); |
b474c7ae | 3223 | return error; |
1da177e4 LT |
3224 | } |
3225 | ||
3226 | /* | |
9a8d2fdb | 3227 | * Recover QUOTAOFF records. We simply make a note of it in the xlog |
1da177e4 LT |
3228 | * structure, so that we know not to do any dquot item or dquot buffer recovery, |
3229 | * of that type. | |
3230 | */ | |
3231 | STATIC int | |
c9f71f5f | 3232 | xlog_recover_quotaoff_pass1( |
9a8d2fdb MT |
3233 | struct xlog *log, |
3234 | struct xlog_recover_item *item) | |
1da177e4 | 3235 | { |
c9f71f5f | 3236 | xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr; |
1da177e4 LT |
3237 | ASSERT(qoff_f); |
3238 | ||
3239 | /* | |
3240 | * The logitem format's flag tells us if this was user quotaoff, | |
77a7cce4 | 3241 | * group/project quotaoff or both. |
1da177e4 LT |
3242 | */ |
3243 | if (qoff_f->qf_flags & XFS_UQUOTA_ACCT) | |
3244 | log->l_quotaoffs_flag |= XFS_DQ_USER; | |
77a7cce4 NS |
3245 | if (qoff_f->qf_flags & XFS_PQUOTA_ACCT) |
3246 | log->l_quotaoffs_flag |= XFS_DQ_PROJ; | |
1da177e4 LT |
3247 | if (qoff_f->qf_flags & XFS_GQUOTA_ACCT) |
3248 | log->l_quotaoffs_flag |= XFS_DQ_GROUP; | |
3249 | ||
d99831ff | 3250 | return 0; |
1da177e4 LT |
3251 | } |
3252 | ||
3253 | /* | |
3254 | * Recover a dquot record | |
3255 | */ | |
3256 | STATIC int | |
c9f71f5f | 3257 | xlog_recover_dquot_pass2( |
9a8d2fdb MT |
3258 | struct xlog *log, |
3259 | struct list_head *buffer_list, | |
50d5c8d8 DC |
3260 | struct xlog_recover_item *item, |
3261 | xfs_lsn_t current_lsn) | |
1da177e4 | 3262 | { |
c9f71f5f | 3263 | xfs_mount_t *mp = log->l_mp; |
1da177e4 LT |
3264 | xfs_buf_t *bp; |
3265 | struct xfs_disk_dquot *ddq, *recddq; | |
3266 | int error; | |
3267 | xfs_dq_logformat_t *dq_f; | |
3268 | uint type; | |
3269 | ||
1da177e4 LT |
3270 | |
3271 | /* | |
3272 | * Filesystems are required to send in quota flags at mount time. | |
3273 | */ | |
3274 | if (mp->m_qflags == 0) | |
d99831ff | 3275 | return 0; |
1da177e4 | 3276 | |
4e0d5f92 CH |
3277 | recddq = item->ri_buf[1].i_addr; |
3278 | if (recddq == NULL) { | |
a0fa2b67 | 3279 | xfs_alert(log->l_mp, "NULL dquot in %s.", __func__); |
2451337d | 3280 | return -EIO; |
0c5e1ce8 | 3281 | } |
8ec6dba2 | 3282 | if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) { |
a0fa2b67 | 3283 | xfs_alert(log->l_mp, "dquot too small (%d) in %s.", |
0c5e1ce8 | 3284 | item->ri_buf[1].i_len, __func__); |
2451337d | 3285 | return -EIO; |
0c5e1ce8 CH |
3286 | } |
3287 | ||
1da177e4 LT |
3288 | /* |
3289 | * This type of quotas was turned off, so ignore this record. | |
3290 | */ | |
b53e675d | 3291 | type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP); |
1da177e4 LT |
3292 | ASSERT(type); |
3293 | if (log->l_quotaoffs_flag & type) | |
d99831ff | 3294 | return 0; |
1da177e4 LT |
3295 | |
3296 | /* | |
3297 | * At this point we know that quota was _not_ turned off. | |
3298 | * Since the mount flags are not indicating to us otherwise, this | |
3299 | * must mean that quota is on, and the dquot needs to be replayed. | |
3300 | * Remember that we may not have fully recovered the superblock yet, | |
3301 | * so we can't do the usual trick of looking at the SB quota bits. | |
3302 | * | |
3303 | * The other possibility, of course, is that the quota subsystem was | |
3304 | * removed since the last mount - ENOSYS. | |
3305 | */ | |
4e0d5f92 | 3306 | dq_f = item->ri_buf[0].i_addr; |
1da177e4 | 3307 | ASSERT(dq_f); |
9aede1d8 | 3308 | error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN, |
a0fa2b67 DC |
3309 | "xlog_recover_dquot_pass2 (log copy)"); |
3310 | if (error) | |
2451337d | 3311 | return -EIO; |
1da177e4 LT |
3312 | ASSERT(dq_f->qlf_len == 1); |
3313 | ||
ad3714b8 DC |
3314 | /* |
3315 | * At this point we are assuming that the dquots have been allocated | |
3316 | * and hence the buffer has valid dquots stamped in it. It should, | |
3317 | * therefore, pass verifier validation. If the dquot is bad, then the | |
3318 | * we'll return an error here, so we don't need to specifically check | |
3319 | * the dquot in the buffer after the verifier has run. | |
3320 | */ | |
7ca790a5 | 3321 | error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno, |
c3f8fc73 | 3322 | XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp, |
ad3714b8 | 3323 | &xfs_dquot_buf_ops); |
7ca790a5 | 3324 | if (error) |
1da177e4 | 3325 | return error; |
7ca790a5 | 3326 | |
1da177e4 | 3327 | ASSERT(bp); |
88ee2df7 | 3328 | ddq = xfs_buf_offset(bp, dq_f->qlf_boffset); |
1da177e4 | 3329 | |
50d5c8d8 DC |
3330 | /* |
3331 | * If the dquot has an LSN in it, recover the dquot only if it's less | |
3332 | * than the lsn of the transaction we are replaying. | |
3333 | */ | |
3334 | if (xfs_sb_version_hascrc(&mp->m_sb)) { | |
3335 | struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq; | |
3336 | xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn); | |
3337 | ||
3338 | if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) { | |
3339 | goto out_release; | |
3340 | } | |
3341 | } | |
3342 | ||
1da177e4 | 3343 | memcpy(ddq, recddq, item->ri_buf[1].i_len); |
6fcdc59d DC |
3344 | if (xfs_sb_version_hascrc(&mp->m_sb)) { |
3345 | xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk), | |
3346 | XFS_DQUOT_CRC_OFF); | |
3347 | } | |
1da177e4 LT |
3348 | |
3349 | ASSERT(dq_f->qlf_size == 2); | |
ebad861b | 3350 | ASSERT(bp->b_target->bt_mount == mp); |
cb669ca5 | 3351 | bp->b_iodone = xlog_recover_iodone; |
43ff2122 | 3352 | xfs_buf_delwri_queue(bp, buffer_list); |
1da177e4 | 3353 | |
50d5c8d8 DC |
3354 | out_release: |
3355 | xfs_buf_relse(bp); | |
3356 | return 0; | |
1da177e4 LT |
3357 | } |
3358 | ||
3359 | /* | |
3360 | * This routine is called to create an in-core extent free intent | |
3361 | * item from the efi format structure which was logged on disk. | |
3362 | * It allocates an in-core efi, copies the extents from the format | |
3363 | * structure into it, and adds the efi to the AIL with the given | |
3364 | * LSN. | |
3365 | */ | |
6d192a9b | 3366 | STATIC int |
c9f71f5f | 3367 | xlog_recover_efi_pass2( |
9a8d2fdb MT |
3368 | struct xlog *log, |
3369 | struct xlog_recover_item *item, | |
3370 | xfs_lsn_t lsn) | |
1da177e4 | 3371 | { |
e32a1d1f BF |
3372 | int error; |
3373 | struct xfs_mount *mp = log->l_mp; | |
3374 | struct xfs_efi_log_item *efip; | |
3375 | struct xfs_efi_log_format *efi_formatp; | |
1da177e4 | 3376 | |
4e0d5f92 | 3377 | efi_formatp = item->ri_buf[0].i_addr; |
1da177e4 | 3378 | |
1da177e4 | 3379 | efip = xfs_efi_init(mp, efi_formatp->efi_nextents); |
e32a1d1f BF |
3380 | error = xfs_efi_copy_format(&item->ri_buf[0], &efip->efi_format); |
3381 | if (error) { | |
6d192a9b TS |
3382 | xfs_efi_item_free(efip); |
3383 | return error; | |
3384 | } | |
b199c8a4 | 3385 | atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents); |
1da177e4 | 3386 | |
a9c21c1b | 3387 | spin_lock(&log->l_ailp->xa_lock); |
1da177e4 | 3388 | /* |
e32a1d1f BF |
3389 | * The EFI has two references. One for the EFD and one for EFI to ensure |
3390 | * it makes it into the AIL. Insert the EFI into the AIL directly and | |
3391 | * drop the EFI reference. Note that xfs_trans_ail_update() drops the | |
3392 | * AIL lock. | |
1da177e4 | 3393 | */ |
e6059949 | 3394 | xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn); |
e32a1d1f | 3395 | xfs_efi_release(efip); |
6d192a9b | 3396 | return 0; |
1da177e4 LT |
3397 | } |
3398 | ||
3399 | ||
3400 | /* | |
e32a1d1f BF |
3401 | * This routine is called when an EFD format structure is found in a committed |
3402 | * transaction in the log. Its purpose is to cancel the corresponding EFI if it | |
3403 | * was still in the log. To do this it searches the AIL for the EFI with an id | |
3404 | * equal to that in the EFD format structure. If we find it we drop the EFD | |
3405 | * reference, which removes the EFI from the AIL and frees it. | |
1da177e4 | 3406 | */ |
c9f71f5f CH |
3407 | STATIC int |
3408 | xlog_recover_efd_pass2( | |
9a8d2fdb MT |
3409 | struct xlog *log, |
3410 | struct xlog_recover_item *item) | |
1da177e4 | 3411 | { |
1da177e4 LT |
3412 | xfs_efd_log_format_t *efd_formatp; |
3413 | xfs_efi_log_item_t *efip = NULL; | |
3414 | xfs_log_item_t *lip; | |
1da177e4 | 3415 | __uint64_t efi_id; |
27d8d5fe | 3416 | struct xfs_ail_cursor cur; |
783a2f65 | 3417 | struct xfs_ail *ailp = log->l_ailp; |
1da177e4 | 3418 | |
4e0d5f92 | 3419 | efd_formatp = item->ri_buf[0].i_addr; |
6d192a9b TS |
3420 | ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) + |
3421 | ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) || | |
3422 | (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) + | |
3423 | ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t))))); | |
1da177e4 LT |
3424 | efi_id = efd_formatp->efd_efi_id; |
3425 | ||
3426 | /* | |
e32a1d1f BF |
3427 | * Search for the EFI with the id in the EFD format structure in the |
3428 | * AIL. | |
1da177e4 | 3429 | */ |
a9c21c1b DC |
3430 | spin_lock(&ailp->xa_lock); |
3431 | lip = xfs_trans_ail_cursor_first(ailp, &cur, 0); | |
1da177e4 LT |
3432 | while (lip != NULL) { |
3433 | if (lip->li_type == XFS_LI_EFI) { | |
3434 | efip = (xfs_efi_log_item_t *)lip; | |
3435 | if (efip->efi_format.efi_id == efi_id) { | |
3436 | /* | |
e32a1d1f BF |
3437 | * Drop the EFD reference to the EFI. This |
3438 | * removes the EFI from the AIL and frees it. | |
1da177e4 | 3439 | */ |
e32a1d1f BF |
3440 | spin_unlock(&ailp->xa_lock); |
3441 | xfs_efi_release(efip); | |
a9c21c1b | 3442 | spin_lock(&ailp->xa_lock); |
27d8d5fe | 3443 | break; |
1da177e4 LT |
3444 | } |
3445 | } | |
a9c21c1b | 3446 | lip = xfs_trans_ail_cursor_next(ailp, &cur); |
1da177e4 | 3447 | } |
e32a1d1f | 3448 | |
e4a1e29c | 3449 | xfs_trans_ail_cursor_done(&cur); |
a9c21c1b | 3450 | spin_unlock(&ailp->xa_lock); |
c9f71f5f CH |
3451 | |
3452 | return 0; | |
1da177e4 LT |
3453 | } |
3454 | ||
9e88b5d8 DW |
3455 | /* |
3456 | * This routine is called to create an in-core extent rmap update | |
3457 | * item from the rui format structure which was logged on disk. | |
3458 | * It allocates an in-core rui, copies the extents from the format | |
3459 | * structure into it, and adds the rui to the AIL with the given | |
3460 | * LSN. | |
3461 | */ | |
3462 | STATIC int | |
3463 | xlog_recover_rui_pass2( | |
3464 | struct xlog *log, | |
3465 | struct xlog_recover_item *item, | |
3466 | xfs_lsn_t lsn) | |
3467 | { | |
3468 | int error; | |
3469 | struct xfs_mount *mp = log->l_mp; | |
3470 | struct xfs_rui_log_item *ruip; | |
3471 | struct xfs_rui_log_format *rui_formatp; | |
3472 | ||
3473 | rui_formatp = item->ri_buf[0].i_addr; | |
3474 | ||
3475 | ruip = xfs_rui_init(mp, rui_formatp->rui_nextents); | |
3476 | error = xfs_rui_copy_format(&item->ri_buf[0], &ruip->rui_format); | |
3477 | if (error) { | |
3478 | xfs_rui_item_free(ruip); | |
3479 | return error; | |
3480 | } | |
3481 | atomic_set(&ruip->rui_next_extent, rui_formatp->rui_nextents); | |
3482 | ||
3483 | spin_lock(&log->l_ailp->xa_lock); | |
3484 | /* | |
3485 | * The RUI has two references. One for the RUD and one for RUI to ensure | |
3486 | * it makes it into the AIL. Insert the RUI into the AIL directly and | |
3487 | * drop the RUI reference. Note that xfs_trans_ail_update() drops the | |
3488 | * AIL lock. | |
3489 | */ | |
3490 | xfs_trans_ail_update(log->l_ailp, &ruip->rui_item, lsn); | |
3491 | xfs_rui_release(ruip); | |
3492 | return 0; | |
3493 | } | |
3494 | ||
3495 | ||
3496 | /* | |
3497 | * This routine is called when an RUD format structure is found in a committed | |
3498 | * transaction in the log. Its purpose is to cancel the corresponding RUI if it | |
3499 | * was still in the log. To do this it searches the AIL for the RUI with an id | |
3500 | * equal to that in the RUD format structure. If we find it we drop the RUD | |
3501 | * reference, which removes the RUI from the AIL and frees it. | |
3502 | */ | |
3503 | STATIC int | |
3504 | xlog_recover_rud_pass2( | |
3505 | struct xlog *log, | |
3506 | struct xlog_recover_item *item) | |
3507 | { | |
3508 | struct xfs_rud_log_format *rud_formatp; | |
3509 | struct xfs_rui_log_item *ruip = NULL; | |
3510 | struct xfs_log_item *lip; | |
3511 | __uint64_t rui_id; | |
3512 | struct xfs_ail_cursor cur; | |
3513 | struct xfs_ail *ailp = log->l_ailp; | |
3514 | ||
3515 | rud_formatp = item->ri_buf[0].i_addr; | |
722e2517 | 3516 | ASSERT(item->ri_buf[0].i_len == sizeof(struct xfs_rud_log_format)); |
9e88b5d8 DW |
3517 | rui_id = rud_formatp->rud_rui_id; |
3518 | ||
3519 | /* | |
3520 | * Search for the RUI with the id in the RUD format structure in the | |
3521 | * AIL. | |
3522 | */ | |
3523 | spin_lock(&ailp->xa_lock); | |
3524 | lip = xfs_trans_ail_cursor_first(ailp, &cur, 0); | |
3525 | while (lip != NULL) { | |
3526 | if (lip->li_type == XFS_LI_RUI) { | |
3527 | ruip = (struct xfs_rui_log_item *)lip; | |
3528 | if (ruip->rui_format.rui_id == rui_id) { | |
3529 | /* | |
3530 | * Drop the RUD reference to the RUI. This | |
3531 | * removes the RUI from the AIL and frees it. | |
3532 | */ | |
3533 | spin_unlock(&ailp->xa_lock); | |
3534 | xfs_rui_release(ruip); | |
3535 | spin_lock(&ailp->xa_lock); | |
3536 | break; | |
3537 | } | |
3538 | } | |
3539 | lip = xfs_trans_ail_cursor_next(ailp, &cur); | |
3540 | } | |
3541 | ||
3542 | xfs_trans_ail_cursor_done(&cur); | |
3543 | spin_unlock(&ailp->xa_lock); | |
3544 | ||
3545 | return 0; | |
3546 | } | |
3547 | ||
28c8e41a DC |
3548 | /* |
3549 | * This routine is called when an inode create format structure is found in a | |
3550 | * committed transaction in the log. It's purpose is to initialise the inodes | |
3551 | * being allocated on disk. This requires us to get inode cluster buffers that | |
3552 | * match the range to be intialised, stamped with inode templates and written | |
3553 | * by delayed write so that subsequent modifications will hit the cached buffer | |
3554 | * and only need writing out at the end of recovery. | |
3555 | */ | |
3556 | STATIC int | |
3557 | xlog_recover_do_icreate_pass2( | |
3558 | struct xlog *log, | |
3559 | struct list_head *buffer_list, | |
3560 | xlog_recover_item_t *item) | |
3561 | { | |
3562 | struct xfs_mount *mp = log->l_mp; | |
3563 | struct xfs_icreate_log *icl; | |
3564 | xfs_agnumber_t agno; | |
3565 | xfs_agblock_t agbno; | |
3566 | unsigned int count; | |
3567 | unsigned int isize; | |
3568 | xfs_agblock_t length; | |
fc0d1656 BF |
3569 | int blks_per_cluster; |
3570 | int bb_per_cluster; | |
3571 | int cancel_count; | |
3572 | int nbufs; | |
3573 | int i; | |
28c8e41a DC |
3574 | |
3575 | icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr; | |
3576 | if (icl->icl_type != XFS_LI_ICREATE) { | |
3577 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type"); | |
2451337d | 3578 | return -EINVAL; |
28c8e41a DC |
3579 | } |
3580 | ||
3581 | if (icl->icl_size != 1) { | |
3582 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size"); | |
2451337d | 3583 | return -EINVAL; |
28c8e41a DC |
3584 | } |
3585 | ||
3586 | agno = be32_to_cpu(icl->icl_ag); | |
3587 | if (agno >= mp->m_sb.sb_agcount) { | |
3588 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno"); | |
2451337d | 3589 | return -EINVAL; |
28c8e41a DC |
3590 | } |
3591 | agbno = be32_to_cpu(icl->icl_agbno); | |
3592 | if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) { | |
3593 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno"); | |
2451337d | 3594 | return -EINVAL; |
28c8e41a DC |
3595 | } |
3596 | isize = be32_to_cpu(icl->icl_isize); | |
3597 | if (isize != mp->m_sb.sb_inodesize) { | |
3598 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize"); | |
2451337d | 3599 | return -EINVAL; |
28c8e41a DC |
3600 | } |
3601 | count = be32_to_cpu(icl->icl_count); | |
3602 | if (!count) { | |
3603 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count"); | |
2451337d | 3604 | return -EINVAL; |
28c8e41a DC |
3605 | } |
3606 | length = be32_to_cpu(icl->icl_length); | |
3607 | if (!length || length >= mp->m_sb.sb_agblocks) { | |
3608 | xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length"); | |
2451337d | 3609 | return -EINVAL; |
28c8e41a DC |
3610 | } |
3611 | ||
7f43c907 BF |
3612 | /* |
3613 | * The inode chunk is either full or sparse and we only support | |
3614 | * m_ialloc_min_blks sized sparse allocations at this time. | |
3615 | */ | |
3616 | if (length != mp->m_ialloc_blks && | |
3617 | length != mp->m_ialloc_min_blks) { | |
3618 | xfs_warn(log->l_mp, | |
3619 | "%s: unsupported chunk length", __FUNCTION__); | |
3620 | return -EINVAL; | |
3621 | } | |
3622 | ||
3623 | /* verify inode count is consistent with extent length */ | |
3624 | if ((count >> mp->m_sb.sb_inopblog) != length) { | |
3625 | xfs_warn(log->l_mp, | |
3626 | "%s: inconsistent inode count and chunk length", | |
3627 | __FUNCTION__); | |
2451337d | 3628 | return -EINVAL; |
28c8e41a DC |
3629 | } |
3630 | ||
3631 | /* | |
fc0d1656 BF |
3632 | * The icreate transaction can cover multiple cluster buffers and these |
3633 | * buffers could have been freed and reused. Check the individual | |
3634 | * buffers for cancellation so we don't overwrite anything written after | |
3635 | * a cancellation. | |
3636 | */ | |
3637 | blks_per_cluster = xfs_icluster_size_fsb(mp); | |
3638 | bb_per_cluster = XFS_FSB_TO_BB(mp, blks_per_cluster); | |
3639 | nbufs = length / blks_per_cluster; | |
3640 | for (i = 0, cancel_count = 0; i < nbufs; i++) { | |
3641 | xfs_daddr_t daddr; | |
3642 | ||
3643 | daddr = XFS_AGB_TO_DADDR(mp, agno, | |
3644 | agbno + i * blks_per_cluster); | |
3645 | if (xlog_check_buffer_cancelled(log, daddr, bb_per_cluster, 0)) | |
3646 | cancel_count++; | |
3647 | } | |
3648 | ||
3649 | /* | |
3650 | * We currently only use icreate for a single allocation at a time. This | |
3651 | * means we should expect either all or none of the buffers to be | |
3652 | * cancelled. Be conservative and skip replay if at least one buffer is | |
3653 | * cancelled, but warn the user that something is awry if the buffers | |
3654 | * are not consistent. | |
28c8e41a | 3655 | * |
fc0d1656 BF |
3656 | * XXX: This must be refined to only skip cancelled clusters once we use |
3657 | * icreate for multiple chunk allocations. | |
28c8e41a | 3658 | */ |
fc0d1656 BF |
3659 | ASSERT(!cancel_count || cancel_count == nbufs); |
3660 | if (cancel_count) { | |
3661 | if (cancel_count != nbufs) | |
3662 | xfs_warn(mp, | |
3663 | "WARNING: partial inode chunk cancellation, skipped icreate."); | |
78d57e45 | 3664 | trace_xfs_log_recover_icreate_cancel(log, icl); |
28c8e41a | 3665 | return 0; |
78d57e45 | 3666 | } |
28c8e41a | 3667 | |
78d57e45 | 3668 | trace_xfs_log_recover_icreate_recover(log, icl); |
fc0d1656 BF |
3669 | return xfs_ialloc_inode_init(mp, NULL, buffer_list, count, agno, agbno, |
3670 | length, be32_to_cpu(icl->icl_gen)); | |
28c8e41a DC |
3671 | } |
3672 | ||
00574da1 ZYW |
3673 | STATIC void |
3674 | xlog_recover_buffer_ra_pass2( | |
3675 | struct xlog *log, | |
3676 | struct xlog_recover_item *item) | |
3677 | { | |
3678 | struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr; | |
3679 | struct xfs_mount *mp = log->l_mp; | |
3680 | ||
84a5b730 | 3681 | if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno, |
00574da1 ZYW |
3682 | buf_f->blf_len, buf_f->blf_flags)) { |
3683 | return; | |
3684 | } | |
3685 | ||
3686 | xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno, | |
3687 | buf_f->blf_len, NULL); | |
3688 | } | |
3689 | ||
3690 | STATIC void | |
3691 | xlog_recover_inode_ra_pass2( | |
3692 | struct xlog *log, | |
3693 | struct xlog_recover_item *item) | |
3694 | { | |
3695 | struct xfs_inode_log_format ilf_buf; | |
3696 | struct xfs_inode_log_format *ilfp; | |
3697 | struct xfs_mount *mp = log->l_mp; | |
3698 | int error; | |
3699 | ||
3700 | if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) { | |
3701 | ilfp = item->ri_buf[0].i_addr; | |
3702 | } else { | |
3703 | ilfp = &ilf_buf; | |
3704 | memset(ilfp, 0, sizeof(*ilfp)); | |
3705 | error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp); | |
3706 | if (error) | |
3707 | return; | |
3708 | } | |
3709 | ||
84a5b730 | 3710 | if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0)) |
00574da1 ZYW |
3711 | return; |
3712 | ||
3713 | xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno, | |
d8914002 | 3714 | ilfp->ilf_len, &xfs_inode_buf_ra_ops); |
00574da1 ZYW |
3715 | } |
3716 | ||
3717 | STATIC void | |
3718 | xlog_recover_dquot_ra_pass2( | |
3719 | struct xlog *log, | |
3720 | struct xlog_recover_item *item) | |
3721 | { | |
3722 | struct xfs_mount *mp = log->l_mp; | |
3723 | struct xfs_disk_dquot *recddq; | |
3724 | struct xfs_dq_logformat *dq_f; | |
3725 | uint type; | |
7d6a13f0 | 3726 | int len; |
00574da1 ZYW |
3727 | |
3728 | ||
3729 | if (mp->m_qflags == 0) | |
3730 | return; | |
3731 | ||
3732 | recddq = item->ri_buf[1].i_addr; | |
3733 | if (recddq == NULL) | |
3734 | return; | |
3735 | if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot)) | |
3736 | return; | |
3737 | ||
3738 | type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP); | |
3739 | ASSERT(type); | |
3740 | if (log->l_quotaoffs_flag & type) | |
3741 | return; | |
3742 | ||
3743 | dq_f = item->ri_buf[0].i_addr; | |
3744 | ASSERT(dq_f); | |
3745 | ASSERT(dq_f->qlf_len == 1); | |
3746 | ||
7d6a13f0 DC |
3747 | len = XFS_FSB_TO_BB(mp, dq_f->qlf_len); |
3748 | if (xlog_peek_buffer_cancelled(log, dq_f->qlf_blkno, len, 0)) | |
3749 | return; | |
3750 | ||
3751 | xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno, len, | |
3752 | &xfs_dquot_buf_ra_ops); | |
00574da1 ZYW |
3753 | } |
3754 | ||
3755 | STATIC void | |
3756 | xlog_recover_ra_pass2( | |
3757 | struct xlog *log, | |
3758 | struct xlog_recover_item *item) | |
3759 | { | |
3760 | switch (ITEM_TYPE(item)) { | |
3761 | case XFS_LI_BUF: | |
3762 | xlog_recover_buffer_ra_pass2(log, item); | |
3763 | break; | |
3764 | case XFS_LI_INODE: | |
3765 | xlog_recover_inode_ra_pass2(log, item); | |
3766 | break; | |
3767 | case XFS_LI_DQUOT: | |
3768 | xlog_recover_dquot_ra_pass2(log, item); | |
3769 | break; | |
3770 | case XFS_LI_EFI: | |
3771 | case XFS_LI_EFD: | |
3772 | case XFS_LI_QUOTAOFF: | |
9e88b5d8 DW |
3773 | case XFS_LI_RUI: |
3774 | case XFS_LI_RUD: | |
00574da1 ZYW |
3775 | default: |
3776 | break; | |
3777 | } | |
3778 | } | |
3779 | ||
d0450948 | 3780 | STATIC int |
c9f71f5f | 3781 | xlog_recover_commit_pass1( |
ad223e60 MT |
3782 | struct xlog *log, |
3783 | struct xlog_recover *trans, | |
3784 | struct xlog_recover_item *item) | |
d0450948 | 3785 | { |
c9f71f5f | 3786 | trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1); |
d0450948 CH |
3787 | |
3788 | switch (ITEM_TYPE(item)) { | |
3789 | case XFS_LI_BUF: | |
c9f71f5f CH |
3790 | return xlog_recover_buffer_pass1(log, item); |
3791 | case XFS_LI_QUOTAOFF: | |
3792 | return xlog_recover_quotaoff_pass1(log, item); | |
d0450948 | 3793 | case XFS_LI_INODE: |
d0450948 | 3794 | case XFS_LI_EFI: |
d0450948 | 3795 | case XFS_LI_EFD: |
c9f71f5f | 3796 | case XFS_LI_DQUOT: |
28c8e41a | 3797 | case XFS_LI_ICREATE: |
9e88b5d8 DW |
3798 | case XFS_LI_RUI: |
3799 | case XFS_LI_RUD: | |
c9f71f5f | 3800 | /* nothing to do in pass 1 */ |
d0450948 | 3801 | return 0; |
c9f71f5f | 3802 | default: |
a0fa2b67 DC |
3803 | xfs_warn(log->l_mp, "%s: invalid item type (%d)", |
3804 | __func__, ITEM_TYPE(item)); | |
c9f71f5f | 3805 | ASSERT(0); |
2451337d | 3806 | return -EIO; |
c9f71f5f CH |
3807 | } |
3808 | } | |
3809 | ||
3810 | STATIC int | |
3811 | xlog_recover_commit_pass2( | |
ad223e60 MT |
3812 | struct xlog *log, |
3813 | struct xlog_recover *trans, | |
3814 | struct list_head *buffer_list, | |
3815 | struct xlog_recover_item *item) | |
c9f71f5f CH |
3816 | { |
3817 | trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2); | |
3818 | ||
3819 | switch (ITEM_TYPE(item)) { | |
3820 | case XFS_LI_BUF: | |
50d5c8d8 DC |
3821 | return xlog_recover_buffer_pass2(log, buffer_list, item, |
3822 | trans->r_lsn); | |
c9f71f5f | 3823 | case XFS_LI_INODE: |
50d5c8d8 DC |
3824 | return xlog_recover_inode_pass2(log, buffer_list, item, |
3825 | trans->r_lsn); | |
c9f71f5f CH |
3826 | case XFS_LI_EFI: |
3827 | return xlog_recover_efi_pass2(log, item, trans->r_lsn); | |
3828 | case XFS_LI_EFD: | |
3829 | return xlog_recover_efd_pass2(log, item); | |
9e88b5d8 DW |
3830 | case XFS_LI_RUI: |
3831 | return xlog_recover_rui_pass2(log, item, trans->r_lsn); | |
3832 | case XFS_LI_RUD: | |
3833 | return xlog_recover_rud_pass2(log, item); | |
d0450948 | 3834 | case XFS_LI_DQUOT: |
50d5c8d8 DC |
3835 | return xlog_recover_dquot_pass2(log, buffer_list, item, |
3836 | trans->r_lsn); | |
28c8e41a DC |
3837 | case XFS_LI_ICREATE: |
3838 | return xlog_recover_do_icreate_pass2(log, buffer_list, item); | |
d0450948 | 3839 | case XFS_LI_QUOTAOFF: |
c9f71f5f CH |
3840 | /* nothing to do in pass2 */ |
3841 | return 0; | |
d0450948 | 3842 | default: |
a0fa2b67 DC |
3843 | xfs_warn(log->l_mp, "%s: invalid item type (%d)", |
3844 | __func__, ITEM_TYPE(item)); | |
d0450948 | 3845 | ASSERT(0); |
2451337d | 3846 | return -EIO; |
d0450948 CH |
3847 | } |
3848 | } | |
3849 | ||
00574da1 ZYW |
3850 | STATIC int |
3851 | xlog_recover_items_pass2( | |
3852 | struct xlog *log, | |
3853 | struct xlog_recover *trans, | |
3854 | struct list_head *buffer_list, | |
3855 | struct list_head *item_list) | |
3856 | { | |
3857 | struct xlog_recover_item *item; | |
3858 | int error = 0; | |
3859 | ||
3860 | list_for_each_entry(item, item_list, ri_list) { | |
3861 | error = xlog_recover_commit_pass2(log, trans, | |
3862 | buffer_list, item); | |
3863 | if (error) | |
3864 | return error; | |
3865 | } | |
3866 | ||
3867 | return error; | |
3868 | } | |
3869 | ||
d0450948 CH |
3870 | /* |
3871 | * Perform the transaction. | |
3872 | * | |
3873 | * If the transaction modifies a buffer or inode, do it now. Otherwise, | |
3874 | * EFIs and EFDs get queued up by adding entries into the AIL for them. | |
3875 | */ | |
1da177e4 LT |
3876 | STATIC int |
3877 | xlog_recover_commit_trans( | |
ad223e60 | 3878 | struct xlog *log, |
d0450948 | 3879 | struct xlog_recover *trans, |
12818d24 BF |
3880 | int pass, |
3881 | struct list_head *buffer_list) | |
1da177e4 | 3882 | { |
00574da1 | 3883 | int error = 0; |
00574da1 ZYW |
3884 | int items_queued = 0; |
3885 | struct xlog_recover_item *item; | |
3886 | struct xlog_recover_item *next; | |
00574da1 ZYW |
3887 | LIST_HEAD (ra_list); |
3888 | LIST_HEAD (done_list); | |
3889 | ||
3890 | #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100 | |
1da177e4 | 3891 | |
f0a76953 | 3892 | hlist_del(&trans->r_list); |
d0450948 CH |
3893 | |
3894 | error = xlog_recover_reorder_trans(log, trans, pass); | |
3895 | if (error) | |
1da177e4 | 3896 | return error; |
d0450948 | 3897 | |
00574da1 | 3898 | list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) { |
43ff2122 CH |
3899 | switch (pass) { |
3900 | case XLOG_RECOVER_PASS1: | |
c9f71f5f | 3901 | error = xlog_recover_commit_pass1(log, trans, item); |
43ff2122 CH |
3902 | break; |
3903 | case XLOG_RECOVER_PASS2: | |
00574da1 ZYW |
3904 | xlog_recover_ra_pass2(log, item); |
3905 | list_move_tail(&item->ri_list, &ra_list); | |
3906 | items_queued++; | |
3907 | if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) { | |
3908 | error = xlog_recover_items_pass2(log, trans, | |
12818d24 | 3909 | buffer_list, &ra_list); |
00574da1 ZYW |
3910 | list_splice_tail_init(&ra_list, &done_list); |
3911 | items_queued = 0; | |
3912 | } | |
3913 | ||
43ff2122 CH |
3914 | break; |
3915 | default: | |
3916 | ASSERT(0); | |
3917 | } | |
3918 | ||
d0450948 | 3919 | if (error) |
43ff2122 | 3920 | goto out; |
d0450948 CH |
3921 | } |
3922 | ||
00574da1 ZYW |
3923 | out: |
3924 | if (!list_empty(&ra_list)) { | |
3925 | if (!error) | |
3926 | error = xlog_recover_items_pass2(log, trans, | |
12818d24 | 3927 | buffer_list, &ra_list); |
00574da1 ZYW |
3928 | list_splice_tail_init(&ra_list, &done_list); |
3929 | } | |
3930 | ||
3931 | if (!list_empty(&done_list)) | |
3932 | list_splice_init(&done_list, &trans->r_itemq); | |
3933 | ||
12818d24 | 3934 | return error; |
1da177e4 LT |
3935 | } |
3936 | ||
76560669 DC |
3937 | STATIC void |
3938 | xlog_recover_add_item( | |
3939 | struct list_head *head) | |
3940 | { | |
3941 | xlog_recover_item_t *item; | |
3942 | ||
3943 | item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP); | |
3944 | INIT_LIST_HEAD(&item->ri_list); | |
3945 | list_add_tail(&item->ri_list, head); | |
3946 | } | |
3947 | ||
1da177e4 | 3948 | STATIC int |
76560669 DC |
3949 | xlog_recover_add_to_cont_trans( |
3950 | struct xlog *log, | |
3951 | struct xlog_recover *trans, | |
b2a922cd | 3952 | char *dp, |
76560669 | 3953 | int len) |
1da177e4 | 3954 | { |
76560669 | 3955 | xlog_recover_item_t *item; |
b2a922cd | 3956 | char *ptr, *old_ptr; |
76560669 DC |
3957 | int old_len; |
3958 | ||
89cebc84 BF |
3959 | /* |
3960 | * If the transaction is empty, the header was split across this and the | |
3961 | * previous record. Copy the rest of the header. | |
3962 | */ | |
76560669 | 3963 | if (list_empty(&trans->r_itemq)) { |
848ccfc8 | 3964 | ASSERT(len <= sizeof(struct xfs_trans_header)); |
89cebc84 BF |
3965 | if (len > sizeof(struct xfs_trans_header)) { |
3966 | xfs_warn(log->l_mp, "%s: bad header length", __func__); | |
3967 | return -EIO; | |
3968 | } | |
3969 | ||
76560669 | 3970 | xlog_recover_add_item(&trans->r_itemq); |
b2a922cd | 3971 | ptr = (char *)&trans->r_theader + |
89cebc84 | 3972 | sizeof(struct xfs_trans_header) - len; |
76560669 DC |
3973 | memcpy(ptr, dp, len); |
3974 | return 0; | |
3975 | } | |
89cebc84 | 3976 | |
76560669 DC |
3977 | /* take the tail entry */ |
3978 | item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list); | |
3979 | ||
3980 | old_ptr = item->ri_buf[item->ri_cnt-1].i_addr; | |
3981 | old_len = item->ri_buf[item->ri_cnt-1].i_len; | |
3982 | ||
664b60f6 | 3983 | ptr = kmem_realloc(old_ptr, len + old_len, KM_SLEEP); |
76560669 DC |
3984 | memcpy(&ptr[old_len], dp, len); |
3985 | item->ri_buf[item->ri_cnt-1].i_len += len; | |
3986 | item->ri_buf[item->ri_cnt-1].i_addr = ptr; | |
3987 | trace_xfs_log_recover_item_add_cont(log, trans, item, 0); | |
1da177e4 LT |
3988 | return 0; |
3989 | } | |
3990 | ||
76560669 DC |
3991 | /* |
3992 | * The next region to add is the start of a new region. It could be | |
3993 | * a whole region or it could be the first part of a new region. Because | |
3994 | * of this, the assumption here is that the type and size fields of all | |
3995 | * format structures fit into the first 32 bits of the structure. | |
3996 | * | |
3997 | * This works because all regions must be 32 bit aligned. Therefore, we | |
3998 | * either have both fields or we have neither field. In the case we have | |
3999 | * neither field, the data part of the region is zero length. We only have | |
4000 | * a log_op_header and can throw away the header since a new one will appear | |
4001 | * later. If we have at least 4 bytes, then we can determine how many regions | |
4002 | * will appear in the current log item. | |
4003 | */ | |
4004 | STATIC int | |
4005 | xlog_recover_add_to_trans( | |
4006 | struct xlog *log, | |
4007 | struct xlog_recover *trans, | |
b2a922cd | 4008 | char *dp, |
76560669 DC |
4009 | int len) |
4010 | { | |
4011 | xfs_inode_log_format_t *in_f; /* any will do */ | |
4012 | xlog_recover_item_t *item; | |
b2a922cd | 4013 | char *ptr; |
76560669 DC |
4014 | |
4015 | if (!len) | |
4016 | return 0; | |
4017 | if (list_empty(&trans->r_itemq)) { | |
4018 | /* we need to catch log corruptions here */ | |
4019 | if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) { | |
4020 | xfs_warn(log->l_mp, "%s: bad header magic number", | |
4021 | __func__); | |
4022 | ASSERT(0); | |
4023 | return -EIO; | |
4024 | } | |
89cebc84 BF |
4025 | |
4026 | if (len > sizeof(struct xfs_trans_header)) { | |
4027 | xfs_warn(log->l_mp, "%s: bad header length", __func__); | |
4028 | ASSERT(0); | |
4029 | return -EIO; | |
4030 | } | |
4031 | ||
4032 | /* | |
4033 | * The transaction header can be arbitrarily split across op | |
4034 | * records. If we don't have the whole thing here, copy what we | |
4035 | * do have and handle the rest in the next record. | |
4036 | */ | |
4037 | if (len == sizeof(struct xfs_trans_header)) | |
76560669 DC |
4038 | xlog_recover_add_item(&trans->r_itemq); |
4039 | memcpy(&trans->r_theader, dp, len); | |
4040 | return 0; | |
4041 | } | |
4042 | ||
4043 | ptr = kmem_alloc(len, KM_SLEEP); | |
4044 | memcpy(ptr, dp, len); | |
4045 | in_f = (xfs_inode_log_format_t *)ptr; | |
4046 | ||
4047 | /* take the tail entry */ | |
4048 | item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list); | |
4049 | if (item->ri_total != 0 && | |
4050 | item->ri_total == item->ri_cnt) { | |
4051 | /* tail item is in use, get a new one */ | |
4052 | xlog_recover_add_item(&trans->r_itemq); | |
4053 | item = list_entry(trans->r_itemq.prev, | |
4054 | xlog_recover_item_t, ri_list); | |
4055 | } | |
4056 | ||
4057 | if (item->ri_total == 0) { /* first region to be added */ | |
4058 | if (in_f->ilf_size == 0 || | |
4059 | in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) { | |
4060 | xfs_warn(log->l_mp, | |
4061 | "bad number of regions (%d) in inode log format", | |
4062 | in_f->ilf_size); | |
4063 | ASSERT(0); | |
4064 | kmem_free(ptr); | |
4065 | return -EIO; | |
4066 | } | |
4067 | ||
4068 | item->ri_total = in_f->ilf_size; | |
4069 | item->ri_buf = | |
4070 | kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t), | |
4071 | KM_SLEEP); | |
4072 | } | |
4073 | ASSERT(item->ri_total > item->ri_cnt); | |
4074 | /* Description region is ri_buf[0] */ | |
4075 | item->ri_buf[item->ri_cnt].i_addr = ptr; | |
4076 | item->ri_buf[item->ri_cnt].i_len = len; | |
4077 | item->ri_cnt++; | |
4078 | trace_xfs_log_recover_item_add(log, trans, item, 0); | |
4079 | return 0; | |
4080 | } | |
b818cca1 | 4081 | |
76560669 DC |
4082 | /* |
4083 | * Free up any resources allocated by the transaction | |
4084 | * | |
4085 | * Remember that EFIs, EFDs, and IUNLINKs are handled later. | |
4086 | */ | |
4087 | STATIC void | |
4088 | xlog_recover_free_trans( | |
4089 | struct xlog_recover *trans) | |
4090 | { | |
4091 | xlog_recover_item_t *item, *n; | |
4092 | int i; | |
4093 | ||
4094 | list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) { | |
4095 | /* Free the regions in the item. */ | |
4096 | list_del(&item->ri_list); | |
4097 | for (i = 0; i < item->ri_cnt; i++) | |
4098 | kmem_free(item->ri_buf[i].i_addr); | |
4099 | /* Free the item itself */ | |
4100 | kmem_free(item->ri_buf); | |
4101 | kmem_free(item); | |
4102 | } | |
4103 | /* Free the transaction recover structure */ | |
4104 | kmem_free(trans); | |
4105 | } | |
4106 | ||
e9131e50 DC |
4107 | /* |
4108 | * On error or completion, trans is freed. | |
4109 | */ | |
1da177e4 | 4110 | STATIC int |
eeb11688 DC |
4111 | xlog_recovery_process_trans( |
4112 | struct xlog *log, | |
4113 | struct xlog_recover *trans, | |
b2a922cd | 4114 | char *dp, |
eeb11688 DC |
4115 | unsigned int len, |
4116 | unsigned int flags, | |
12818d24 BF |
4117 | int pass, |
4118 | struct list_head *buffer_list) | |
1da177e4 | 4119 | { |
e9131e50 DC |
4120 | int error = 0; |
4121 | bool freeit = false; | |
eeb11688 DC |
4122 | |
4123 | /* mask off ophdr transaction container flags */ | |
4124 | flags &= ~XLOG_END_TRANS; | |
4125 | if (flags & XLOG_WAS_CONT_TRANS) | |
4126 | flags &= ~XLOG_CONTINUE_TRANS; | |
4127 | ||
88b863db DC |
4128 | /* |
4129 | * Callees must not free the trans structure. We'll decide if we need to | |
4130 | * free it or not based on the operation being done and it's result. | |
4131 | */ | |
eeb11688 DC |
4132 | switch (flags) { |
4133 | /* expected flag values */ | |
4134 | case 0: | |
4135 | case XLOG_CONTINUE_TRANS: | |
4136 | error = xlog_recover_add_to_trans(log, trans, dp, len); | |
4137 | break; | |
4138 | case XLOG_WAS_CONT_TRANS: | |
4139 | error = xlog_recover_add_to_cont_trans(log, trans, dp, len); | |
4140 | break; | |
4141 | case XLOG_COMMIT_TRANS: | |
12818d24 BF |
4142 | error = xlog_recover_commit_trans(log, trans, pass, |
4143 | buffer_list); | |
88b863db DC |
4144 | /* success or fail, we are now done with this transaction. */ |
4145 | freeit = true; | |
eeb11688 DC |
4146 | break; |
4147 | ||
4148 | /* unexpected flag values */ | |
4149 | case XLOG_UNMOUNT_TRANS: | |
e9131e50 | 4150 | /* just skip trans */ |
eeb11688 | 4151 | xfs_warn(log->l_mp, "%s: Unmount LR", __func__); |
e9131e50 | 4152 | freeit = true; |
eeb11688 DC |
4153 | break; |
4154 | case XLOG_START_TRANS: | |
eeb11688 DC |
4155 | default: |
4156 | xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags); | |
4157 | ASSERT(0); | |
e9131e50 | 4158 | error = -EIO; |
eeb11688 DC |
4159 | break; |
4160 | } | |
e9131e50 DC |
4161 | if (error || freeit) |
4162 | xlog_recover_free_trans(trans); | |
eeb11688 DC |
4163 | return error; |
4164 | } | |
4165 | ||
b818cca1 DC |
4166 | /* |
4167 | * Lookup the transaction recovery structure associated with the ID in the | |
4168 | * current ophdr. If the transaction doesn't exist and the start flag is set in | |
4169 | * the ophdr, then allocate a new transaction for future ID matches to find. | |
4170 | * Either way, return what we found during the lookup - an existing transaction | |
4171 | * or nothing. | |
4172 | */ | |
eeb11688 DC |
4173 | STATIC struct xlog_recover * |
4174 | xlog_recover_ophdr_to_trans( | |
4175 | struct hlist_head rhash[], | |
4176 | struct xlog_rec_header *rhead, | |
4177 | struct xlog_op_header *ohead) | |
4178 | { | |
4179 | struct xlog_recover *trans; | |
4180 | xlog_tid_t tid; | |
4181 | struct hlist_head *rhp; | |
4182 | ||
4183 | tid = be32_to_cpu(ohead->oh_tid); | |
4184 | rhp = &rhash[XLOG_RHASH(tid)]; | |
b818cca1 DC |
4185 | hlist_for_each_entry(trans, rhp, r_list) { |
4186 | if (trans->r_log_tid == tid) | |
4187 | return trans; | |
4188 | } | |
eeb11688 DC |
4189 | |
4190 | /* | |
b818cca1 DC |
4191 | * skip over non-start transaction headers - we could be |
4192 | * processing slack space before the next transaction starts | |
4193 | */ | |
4194 | if (!(ohead->oh_flags & XLOG_START_TRANS)) | |
4195 | return NULL; | |
4196 | ||
4197 | ASSERT(be32_to_cpu(ohead->oh_len) == 0); | |
4198 | ||
4199 | /* | |
4200 | * This is a new transaction so allocate a new recovery container to | |
4201 | * hold the recovery ops that will follow. | |
4202 | */ | |
4203 | trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP); | |
4204 | trans->r_log_tid = tid; | |
4205 | trans->r_lsn = be64_to_cpu(rhead->h_lsn); | |
4206 | INIT_LIST_HEAD(&trans->r_itemq); | |
4207 | INIT_HLIST_NODE(&trans->r_list); | |
4208 | hlist_add_head(&trans->r_list, rhp); | |
4209 | ||
4210 | /* | |
4211 | * Nothing more to do for this ophdr. Items to be added to this new | |
4212 | * transaction will be in subsequent ophdr containers. | |
eeb11688 | 4213 | */ |
eeb11688 DC |
4214 | return NULL; |
4215 | } | |
4216 | ||
4217 | STATIC int | |
4218 | xlog_recover_process_ophdr( | |
4219 | struct xlog *log, | |
4220 | struct hlist_head rhash[], | |
4221 | struct xlog_rec_header *rhead, | |
4222 | struct xlog_op_header *ohead, | |
b2a922cd CH |
4223 | char *dp, |
4224 | char *end, | |
12818d24 BF |
4225 | int pass, |
4226 | struct list_head *buffer_list) | |
eeb11688 DC |
4227 | { |
4228 | struct xlog_recover *trans; | |
eeb11688 | 4229 | unsigned int len; |
12818d24 | 4230 | int error; |
eeb11688 DC |
4231 | |
4232 | /* Do we understand who wrote this op? */ | |
4233 | if (ohead->oh_clientid != XFS_TRANSACTION && | |
4234 | ohead->oh_clientid != XFS_LOG) { | |
4235 | xfs_warn(log->l_mp, "%s: bad clientid 0x%x", | |
4236 | __func__, ohead->oh_clientid); | |
4237 | ASSERT(0); | |
4238 | return -EIO; | |
4239 | } | |
4240 | ||
4241 | /* | |
4242 | * Check the ophdr contains all the data it is supposed to contain. | |
4243 | */ | |
4244 | len = be32_to_cpu(ohead->oh_len); | |
4245 | if (dp + len > end) { | |
4246 | xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len); | |
4247 | WARN_ON(1); | |
4248 | return -EIO; | |
4249 | } | |
4250 | ||
4251 | trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead); | |
4252 | if (!trans) { | |
4253 | /* nothing to do, so skip over this ophdr */ | |
4254 | return 0; | |
4255 | } | |
4256 | ||
12818d24 BF |
4257 | /* |
4258 | * The recovered buffer queue is drained only once we know that all | |
4259 | * recovery items for the current LSN have been processed. This is | |
4260 | * required because: | |
4261 | * | |
4262 | * - Buffer write submission updates the metadata LSN of the buffer. | |
4263 | * - Log recovery skips items with a metadata LSN >= the current LSN of | |
4264 | * the recovery item. | |
4265 | * - Separate recovery items against the same metadata buffer can share | |
4266 | * a current LSN. I.e., consider that the LSN of a recovery item is | |
4267 | * defined as the starting LSN of the first record in which its | |
4268 | * transaction appears, that a record can hold multiple transactions, | |
4269 | * and/or that a transaction can span multiple records. | |
4270 | * | |
4271 | * In other words, we are allowed to submit a buffer from log recovery | |
4272 | * once per current LSN. Otherwise, we may incorrectly skip recovery | |
4273 | * items and cause corruption. | |
4274 | * | |
4275 | * We don't know up front whether buffers are updated multiple times per | |
4276 | * LSN. Therefore, track the current LSN of each commit log record as it | |
4277 | * is processed and drain the queue when it changes. Use commit records | |
4278 | * because they are ordered correctly by the logging code. | |
4279 | */ | |
4280 | if (log->l_recovery_lsn != trans->r_lsn && | |
4281 | ohead->oh_flags & XLOG_COMMIT_TRANS) { | |
4282 | error = xfs_buf_delwri_submit(buffer_list); | |
4283 | if (error) | |
4284 | return error; | |
4285 | log->l_recovery_lsn = trans->r_lsn; | |
4286 | } | |
4287 | ||
e9131e50 | 4288 | return xlog_recovery_process_trans(log, trans, dp, len, |
12818d24 | 4289 | ohead->oh_flags, pass, buffer_list); |
1da177e4 LT |
4290 | } |
4291 | ||
4292 | /* | |
4293 | * There are two valid states of the r_state field. 0 indicates that the | |
4294 | * transaction structure is in a normal state. We have either seen the | |
4295 | * start of the transaction or the last operation we added was not a partial | |
4296 | * operation. If the last operation we added to the transaction was a | |
4297 | * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS. | |
4298 | * | |
4299 | * NOTE: skip LRs with 0 data length. | |
4300 | */ | |
4301 | STATIC int | |
4302 | xlog_recover_process_data( | |
9a8d2fdb | 4303 | struct xlog *log, |
f0a76953 | 4304 | struct hlist_head rhash[], |
9a8d2fdb | 4305 | struct xlog_rec_header *rhead, |
b2a922cd | 4306 | char *dp, |
12818d24 BF |
4307 | int pass, |
4308 | struct list_head *buffer_list) | |
1da177e4 | 4309 | { |
eeb11688 | 4310 | struct xlog_op_header *ohead; |
b2a922cd | 4311 | char *end; |
1da177e4 | 4312 | int num_logops; |
1da177e4 | 4313 | int error; |
1da177e4 | 4314 | |
eeb11688 | 4315 | end = dp + be32_to_cpu(rhead->h_len); |
b53e675d | 4316 | num_logops = be32_to_cpu(rhead->h_num_logops); |
1da177e4 LT |
4317 | |
4318 | /* check the log format matches our own - else we can't recover */ | |
4319 | if (xlog_header_check_recover(log->l_mp, rhead)) | |
2451337d | 4320 | return -EIO; |
1da177e4 | 4321 | |
eeb11688 DC |
4322 | while ((dp < end) && num_logops) { |
4323 | ||
4324 | ohead = (struct xlog_op_header *)dp; | |
4325 | dp += sizeof(*ohead); | |
4326 | ASSERT(dp <= end); | |
4327 | ||
4328 | /* errors will abort recovery */ | |
4329 | error = xlog_recover_process_ophdr(log, rhash, rhead, ohead, | |
12818d24 | 4330 | dp, end, pass, buffer_list); |
eeb11688 DC |
4331 | if (error) |
4332 | return error; | |
4333 | ||
67fcb7bf | 4334 | dp += be32_to_cpu(ohead->oh_len); |
1da177e4 LT |
4335 | num_logops--; |
4336 | } | |
4337 | return 0; | |
4338 | } | |
4339 | ||
dc42375d | 4340 | /* Recover the EFI if necessary. */ |
3c1e2bbe | 4341 | STATIC int |
1da177e4 | 4342 | xlog_recover_process_efi( |
dc42375d DW |
4343 | struct xfs_mount *mp, |
4344 | struct xfs_ail *ailp, | |
4345 | struct xfs_log_item *lip) | |
1da177e4 | 4346 | { |
dc42375d DW |
4347 | struct xfs_efi_log_item *efip; |
4348 | int error; | |
1da177e4 LT |
4349 | |
4350 | /* | |
dc42375d | 4351 | * Skip EFIs that we've already processed. |
1da177e4 | 4352 | */ |
dc42375d DW |
4353 | efip = container_of(lip, struct xfs_efi_log_item, efi_item); |
4354 | if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags)) | |
4355 | return 0; | |
1da177e4 | 4356 | |
dc42375d DW |
4357 | spin_unlock(&ailp->xa_lock); |
4358 | error = xfs_efi_recover(mp, efip); | |
4359 | spin_lock(&ailp->xa_lock); | |
1da177e4 | 4360 | |
dc42375d DW |
4361 | return error; |
4362 | } | |
6bc43af3 | 4363 | |
dc42375d DW |
4364 | /* Release the EFI since we're cancelling everything. */ |
4365 | STATIC void | |
4366 | xlog_recover_cancel_efi( | |
4367 | struct xfs_mount *mp, | |
4368 | struct xfs_ail *ailp, | |
4369 | struct xfs_log_item *lip) | |
4370 | { | |
4371 | struct xfs_efi_log_item *efip; | |
1da177e4 | 4372 | |
dc42375d | 4373 | efip = container_of(lip, struct xfs_efi_log_item, efi_item); |
fc6149d8 | 4374 | |
dc42375d DW |
4375 | spin_unlock(&ailp->xa_lock); |
4376 | xfs_efi_release(efip); | |
4377 | spin_lock(&ailp->xa_lock); | |
4378 | } | |
4379 | ||
9e88b5d8 DW |
4380 | /* Recover the RUI if necessary. */ |
4381 | STATIC int | |
4382 | xlog_recover_process_rui( | |
4383 | struct xfs_mount *mp, | |
4384 | struct xfs_ail *ailp, | |
4385 | struct xfs_log_item *lip) | |
4386 | { | |
4387 | struct xfs_rui_log_item *ruip; | |
4388 | int error; | |
4389 | ||
4390 | /* | |
4391 | * Skip RUIs that we've already processed. | |
4392 | */ | |
4393 | ruip = container_of(lip, struct xfs_rui_log_item, rui_item); | |
4394 | if (test_bit(XFS_RUI_RECOVERED, &ruip->rui_flags)) | |
4395 | return 0; | |
4396 | ||
4397 | spin_unlock(&ailp->xa_lock); | |
4398 | error = xfs_rui_recover(mp, ruip); | |
4399 | spin_lock(&ailp->xa_lock); | |
4400 | ||
4401 | return error; | |
4402 | } | |
4403 | ||
4404 | /* Release the RUI since we're cancelling everything. */ | |
4405 | STATIC void | |
4406 | xlog_recover_cancel_rui( | |
4407 | struct xfs_mount *mp, | |
4408 | struct xfs_ail *ailp, | |
4409 | struct xfs_log_item *lip) | |
4410 | { | |
4411 | struct xfs_rui_log_item *ruip; | |
4412 | ||
4413 | ruip = container_of(lip, struct xfs_rui_log_item, rui_item); | |
4414 | ||
4415 | spin_unlock(&ailp->xa_lock); | |
4416 | xfs_rui_release(ruip); | |
4417 | spin_lock(&ailp->xa_lock); | |
4418 | } | |
4419 | ||
dc42375d DW |
4420 | /* Is this log item a deferred action intent? */ |
4421 | static inline bool xlog_item_is_intent(struct xfs_log_item *lip) | |
4422 | { | |
4423 | switch (lip->li_type) { | |
4424 | case XFS_LI_EFI: | |
9e88b5d8 | 4425 | case XFS_LI_RUI: |
dc42375d DW |
4426 | return true; |
4427 | default: | |
4428 | return false; | |
4429 | } | |
1da177e4 LT |
4430 | } |
4431 | ||
1da177e4 | 4432 | /* |
dc42375d DW |
4433 | * When this is called, all of the log intent items which did not have |
4434 | * corresponding log done items should be in the AIL. What we do now | |
4435 | * is update the data structures associated with each one. | |
1da177e4 | 4436 | * |
dc42375d DW |
4437 | * Since we process the log intent items in normal transactions, they |
4438 | * will be removed at some point after the commit. This prevents us | |
4439 | * from just walking down the list processing each one. We'll use a | |
4440 | * flag in the intent item to skip those that we've already processed | |
4441 | * and use the AIL iteration mechanism's generation count to try to | |
4442 | * speed this up at least a bit. | |
1da177e4 | 4443 | * |
dc42375d DW |
4444 | * When we start, we know that the intents are the only things in the |
4445 | * AIL. As we process them, however, other items are added to the | |
4446 | * AIL. | |
1da177e4 | 4447 | */ |
3c1e2bbe | 4448 | STATIC int |
dc42375d | 4449 | xlog_recover_process_intents( |
f0b2efad | 4450 | struct xlog *log) |
1da177e4 | 4451 | { |
f0b2efad | 4452 | struct xfs_log_item *lip; |
3c1e2bbe | 4453 | int error = 0; |
27d8d5fe | 4454 | struct xfs_ail_cursor cur; |
a9c21c1b | 4455 | struct xfs_ail *ailp; |
dc42375d | 4456 | xfs_lsn_t last_lsn; |
1da177e4 | 4457 | |
a9c21c1b DC |
4458 | ailp = log->l_ailp; |
4459 | spin_lock(&ailp->xa_lock); | |
4460 | lip = xfs_trans_ail_cursor_first(ailp, &cur, 0); | |
dc42375d | 4461 | last_lsn = xlog_assign_lsn(log->l_curr_cycle, log->l_curr_block); |
1da177e4 LT |
4462 | while (lip != NULL) { |
4463 | /* | |
dc42375d DW |
4464 | * We're done when we see something other than an intent. |
4465 | * There should be no intents left in the AIL now. | |
1da177e4 | 4466 | */ |
dc42375d | 4467 | if (!xlog_item_is_intent(lip)) { |
27d8d5fe | 4468 | #ifdef DEBUG |
a9c21c1b | 4469 | for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur)) |
dc42375d | 4470 | ASSERT(!xlog_item_is_intent(lip)); |
27d8d5fe | 4471 | #endif |
1da177e4 LT |
4472 | break; |
4473 | } | |
4474 | ||
4475 | /* | |
dc42375d DW |
4476 | * We should never see a redo item with a LSN higher than |
4477 | * the last transaction we found in the log at the start | |
4478 | * of recovery. | |
1da177e4 | 4479 | */ |
dc42375d | 4480 | ASSERT(XFS_LSN_CMP(last_lsn, lip->li_lsn) >= 0); |
1da177e4 | 4481 | |
dc42375d DW |
4482 | switch (lip->li_type) { |
4483 | case XFS_LI_EFI: | |
4484 | error = xlog_recover_process_efi(log->l_mp, ailp, lip); | |
4485 | break; | |
9e88b5d8 DW |
4486 | case XFS_LI_RUI: |
4487 | error = xlog_recover_process_rui(log->l_mp, ailp, lip); | |
4488 | break; | |
dc42375d | 4489 | } |
27d8d5fe DC |
4490 | if (error) |
4491 | goto out; | |
a9c21c1b | 4492 | lip = xfs_trans_ail_cursor_next(ailp, &cur); |
1da177e4 | 4493 | } |
27d8d5fe | 4494 | out: |
e4a1e29c | 4495 | xfs_trans_ail_cursor_done(&cur); |
a9c21c1b | 4496 | spin_unlock(&ailp->xa_lock); |
3c1e2bbe | 4497 | return error; |
1da177e4 LT |
4498 | } |
4499 | ||
f0b2efad | 4500 | /* |
dc42375d DW |
4501 | * A cancel occurs when the mount has failed and we're bailing out. |
4502 | * Release all pending log intent items so they don't pin the AIL. | |
f0b2efad BF |
4503 | */ |
4504 | STATIC int | |
dc42375d | 4505 | xlog_recover_cancel_intents( |
f0b2efad BF |
4506 | struct xlog *log) |
4507 | { | |
4508 | struct xfs_log_item *lip; | |
f0b2efad BF |
4509 | int error = 0; |
4510 | struct xfs_ail_cursor cur; | |
4511 | struct xfs_ail *ailp; | |
4512 | ||
4513 | ailp = log->l_ailp; | |
4514 | spin_lock(&ailp->xa_lock); | |
4515 | lip = xfs_trans_ail_cursor_first(ailp, &cur, 0); | |
4516 | while (lip != NULL) { | |
4517 | /* | |
dc42375d DW |
4518 | * We're done when we see something other than an intent. |
4519 | * There should be no intents left in the AIL now. | |
f0b2efad | 4520 | */ |
dc42375d | 4521 | if (!xlog_item_is_intent(lip)) { |
f0b2efad BF |
4522 | #ifdef DEBUG |
4523 | for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur)) | |
dc42375d | 4524 | ASSERT(!xlog_item_is_intent(lip)); |
f0b2efad BF |
4525 | #endif |
4526 | break; | |
4527 | } | |
4528 | ||
dc42375d DW |
4529 | switch (lip->li_type) { |
4530 | case XFS_LI_EFI: | |
4531 | xlog_recover_cancel_efi(log->l_mp, ailp, lip); | |
4532 | break; | |
9e88b5d8 DW |
4533 | case XFS_LI_RUI: |
4534 | xlog_recover_cancel_rui(log->l_mp, ailp, lip); | |
4535 | break; | |
dc42375d | 4536 | } |
f0b2efad BF |
4537 | |
4538 | lip = xfs_trans_ail_cursor_next(ailp, &cur); | |
4539 | } | |
4540 | ||
4541 | xfs_trans_ail_cursor_done(&cur); | |
4542 | spin_unlock(&ailp->xa_lock); | |
4543 | return error; | |
4544 | } | |
4545 | ||
1da177e4 LT |
4546 | /* |
4547 | * This routine performs a transaction to null out a bad inode pointer | |
4548 | * in an agi unlinked inode hash bucket. | |
4549 | */ | |
4550 | STATIC void | |
4551 | xlog_recover_clear_agi_bucket( | |
4552 | xfs_mount_t *mp, | |
4553 | xfs_agnumber_t agno, | |
4554 | int bucket) | |
4555 | { | |
4556 | xfs_trans_t *tp; | |
4557 | xfs_agi_t *agi; | |
4558 | xfs_buf_t *agibp; | |
4559 | int offset; | |
4560 | int error; | |
4561 | ||
253f4911 | 4562 | error = xfs_trans_alloc(mp, &M_RES(mp)->tr_clearagi, 0, 0, 0, &tp); |
e5720eec | 4563 | if (error) |
253f4911 | 4564 | goto out_error; |
1da177e4 | 4565 | |
5e1be0fb CH |
4566 | error = xfs_read_agi(mp, tp, agno, &agibp); |
4567 | if (error) | |
e5720eec | 4568 | goto out_abort; |
1da177e4 | 4569 | |
5e1be0fb | 4570 | agi = XFS_BUF_TO_AGI(agibp); |
16259e7d | 4571 | agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO); |
1da177e4 LT |
4572 | offset = offsetof(xfs_agi_t, agi_unlinked) + |
4573 | (sizeof(xfs_agino_t) * bucket); | |
4574 | xfs_trans_log_buf(tp, agibp, offset, | |
4575 | (offset + sizeof(xfs_agino_t) - 1)); | |
4576 | ||
70393313 | 4577 | error = xfs_trans_commit(tp); |
e5720eec DC |
4578 | if (error) |
4579 | goto out_error; | |
4580 | return; | |
4581 | ||
4582 | out_abort: | |
4906e215 | 4583 | xfs_trans_cancel(tp); |
e5720eec | 4584 | out_error: |
a0fa2b67 | 4585 | xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno); |
e5720eec | 4586 | return; |
1da177e4 LT |
4587 | } |
4588 | ||
23fac50f CH |
4589 | STATIC xfs_agino_t |
4590 | xlog_recover_process_one_iunlink( | |
4591 | struct xfs_mount *mp, | |
4592 | xfs_agnumber_t agno, | |
4593 | xfs_agino_t agino, | |
4594 | int bucket) | |
4595 | { | |
4596 | struct xfs_buf *ibp; | |
4597 | struct xfs_dinode *dip; | |
4598 | struct xfs_inode *ip; | |
4599 | xfs_ino_t ino; | |
4600 | int error; | |
4601 | ||
4602 | ino = XFS_AGINO_TO_INO(mp, agno, agino); | |
7b6259e7 | 4603 | error = xfs_iget(mp, NULL, ino, 0, 0, &ip); |
23fac50f CH |
4604 | if (error) |
4605 | goto fail; | |
4606 | ||
4607 | /* | |
4608 | * Get the on disk inode to find the next inode in the bucket. | |
4609 | */ | |
475ee413 | 4610 | error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0); |
23fac50f | 4611 | if (error) |
0e446673 | 4612 | goto fail_iput; |
23fac50f | 4613 | |
54d7b5c1 | 4614 | ASSERT(VFS_I(ip)->i_nlink == 0); |
c19b3b05 | 4615 | ASSERT(VFS_I(ip)->i_mode != 0); |
23fac50f CH |
4616 | |
4617 | /* setup for the next pass */ | |
4618 | agino = be32_to_cpu(dip->di_next_unlinked); | |
4619 | xfs_buf_relse(ibp); | |
4620 | ||
4621 | /* | |
4622 | * Prevent any DMAPI event from being sent when the reference on | |
4623 | * the inode is dropped. | |
4624 | */ | |
4625 | ip->i_d.di_dmevmask = 0; | |
4626 | ||
0e446673 | 4627 | IRELE(ip); |
23fac50f CH |
4628 | return agino; |
4629 | ||
0e446673 CH |
4630 | fail_iput: |
4631 | IRELE(ip); | |
23fac50f CH |
4632 | fail: |
4633 | /* | |
4634 | * We can't read in the inode this bucket points to, or this inode | |
4635 | * is messed up. Just ditch this bucket of inodes. We will lose | |
4636 | * some inodes and space, but at least we won't hang. | |
4637 | * | |
4638 | * Call xlog_recover_clear_agi_bucket() to perform a transaction to | |
4639 | * clear the inode pointer in the bucket. | |
4640 | */ | |
4641 | xlog_recover_clear_agi_bucket(mp, agno, bucket); | |
4642 | return NULLAGINO; | |
4643 | } | |
4644 | ||
1da177e4 LT |
4645 | /* |
4646 | * xlog_iunlink_recover | |
4647 | * | |
4648 | * This is called during recovery to process any inodes which | |
4649 | * we unlinked but not freed when the system crashed. These | |
4650 | * inodes will be on the lists in the AGI blocks. What we do | |
4651 | * here is scan all the AGIs and fully truncate and free any | |
4652 | * inodes found on the lists. Each inode is removed from the | |
4653 | * lists when it has been fully truncated and is freed. The | |
4654 | * freeing of the inode and its removal from the list must be | |
4655 | * atomic. | |
4656 | */ | |
d96f8f89 | 4657 | STATIC void |
1da177e4 | 4658 | xlog_recover_process_iunlinks( |
9a8d2fdb | 4659 | struct xlog *log) |
1da177e4 LT |
4660 | { |
4661 | xfs_mount_t *mp; | |
4662 | xfs_agnumber_t agno; | |
4663 | xfs_agi_t *agi; | |
4664 | xfs_buf_t *agibp; | |
1da177e4 | 4665 | xfs_agino_t agino; |
1da177e4 LT |
4666 | int bucket; |
4667 | int error; | |
4668 | uint mp_dmevmask; | |
4669 | ||
4670 | mp = log->l_mp; | |
4671 | ||
4672 | /* | |
4673 | * Prevent any DMAPI event from being sent while in this function. | |
4674 | */ | |
4675 | mp_dmevmask = mp->m_dmevmask; | |
4676 | mp->m_dmevmask = 0; | |
4677 | ||
4678 | for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { | |
4679 | /* | |
4680 | * Find the agi for this ag. | |
4681 | */ | |
5e1be0fb CH |
4682 | error = xfs_read_agi(mp, NULL, agno, &agibp); |
4683 | if (error) { | |
4684 | /* | |
4685 | * AGI is b0rked. Don't process it. | |
4686 | * | |
4687 | * We should probably mark the filesystem as corrupt | |
4688 | * after we've recovered all the ag's we can.... | |
4689 | */ | |
4690 | continue; | |
1da177e4 | 4691 | } |
d97d32ed JK |
4692 | /* |
4693 | * Unlock the buffer so that it can be acquired in the normal | |
4694 | * course of the transaction to truncate and free each inode. | |
4695 | * Because we are not racing with anyone else here for the AGI | |
4696 | * buffer, we don't even need to hold it locked to read the | |
4697 | * initial unlinked bucket entries out of the buffer. We keep | |
4698 | * buffer reference though, so that it stays pinned in memory | |
4699 | * while we need the buffer. | |
4700 | */ | |
1da177e4 | 4701 | agi = XFS_BUF_TO_AGI(agibp); |
d97d32ed | 4702 | xfs_buf_unlock(agibp); |
1da177e4 LT |
4703 | |
4704 | for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) { | |
16259e7d | 4705 | agino = be32_to_cpu(agi->agi_unlinked[bucket]); |
1da177e4 | 4706 | while (agino != NULLAGINO) { |
23fac50f CH |
4707 | agino = xlog_recover_process_one_iunlink(mp, |
4708 | agno, agino, bucket); | |
1da177e4 LT |
4709 | } |
4710 | } | |
d97d32ed | 4711 | xfs_buf_rele(agibp); |
1da177e4 LT |
4712 | } |
4713 | ||
4714 | mp->m_dmevmask = mp_dmevmask; | |
4715 | } | |
4716 | ||
0e446be4 | 4717 | STATIC int |
1da177e4 | 4718 | xlog_unpack_data( |
9a8d2fdb | 4719 | struct xlog_rec_header *rhead, |
b2a922cd | 4720 | char *dp, |
9a8d2fdb | 4721 | struct xlog *log) |
1da177e4 LT |
4722 | { |
4723 | int i, j, k; | |
1da177e4 | 4724 | |
b53e675d | 4725 | for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) && |
1da177e4 | 4726 | i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) { |
b53e675d | 4727 | *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i]; |
1da177e4 LT |
4728 | dp += BBSIZE; |
4729 | } | |
4730 | ||
62118709 | 4731 | if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) { |
b28708d6 | 4732 | xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead; |
b53e675d | 4733 | for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) { |
1da177e4 LT |
4734 | j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE); |
4735 | k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE); | |
b53e675d | 4736 | *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k]; |
1da177e4 LT |
4737 | dp += BBSIZE; |
4738 | } | |
4739 | } | |
0e446be4 CH |
4740 | |
4741 | return 0; | |
1da177e4 LT |
4742 | } |
4743 | ||
9d94901f | 4744 | /* |
b94fb2d1 | 4745 | * CRC check, unpack and process a log record. |
9d94901f BF |
4746 | */ |
4747 | STATIC int | |
4748 | xlog_recover_process( | |
4749 | struct xlog *log, | |
4750 | struct hlist_head rhash[], | |
4751 | struct xlog_rec_header *rhead, | |
4752 | char *dp, | |
12818d24 BF |
4753 | int pass, |
4754 | struct list_head *buffer_list) | |
9d94901f BF |
4755 | { |
4756 | int error; | |
b94fb2d1 BF |
4757 | __le32 crc; |
4758 | ||
6528250b BF |
4759 | crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); |
4760 | ||
b94fb2d1 | 4761 | /* |
6528250b BF |
4762 | * Nothing else to do if this is a CRC verification pass. Just return |
4763 | * if this a record with a non-zero crc. Unfortunately, mkfs always | |
4764 | * sets h_crc to 0 so we must consider this valid even on v5 supers. | |
4765 | * Otherwise, return EFSBADCRC on failure so the callers up the stack | |
4766 | * know precisely what failed. | |
4767 | */ | |
4768 | if (pass == XLOG_RECOVER_CRCPASS) { | |
8e0bd492 | 4769 | if (rhead->h_crc && crc != rhead->h_crc) |
6528250b BF |
4770 | return -EFSBADCRC; |
4771 | return 0; | |
4772 | } | |
4773 | ||
4774 | /* | |
4775 | * We're in the normal recovery path. Issue a warning if and only if the | |
4776 | * CRC in the header is non-zero. This is an advisory warning and the | |
4777 | * zero CRC check prevents warnings from being emitted when upgrading | |
4778 | * the kernel from one that does not add CRCs by default. | |
b94fb2d1 | 4779 | */ |
8e0bd492 | 4780 | if (crc != rhead->h_crc) { |
b94fb2d1 BF |
4781 | if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) { |
4782 | xfs_alert(log->l_mp, | |
4783 | "log record CRC mismatch: found 0x%x, expected 0x%x.", | |
4784 | le32_to_cpu(rhead->h_crc), | |
4785 | le32_to_cpu(crc)); | |
4786 | xfs_hex_dump(dp, 32); | |
4787 | } | |
4788 | ||
4789 | /* | |
4790 | * If the filesystem is CRC enabled, this mismatch becomes a | |
4791 | * fatal log corruption failure. | |
4792 | */ | |
4793 | if (xfs_sb_version_hascrc(&log->l_mp->m_sb)) | |
4794 | return -EFSCORRUPTED; | |
4795 | } | |
9d94901f BF |
4796 | |
4797 | error = xlog_unpack_data(rhead, dp, log); | |
4798 | if (error) | |
4799 | return error; | |
4800 | ||
12818d24 BF |
4801 | return xlog_recover_process_data(log, rhash, rhead, dp, pass, |
4802 | buffer_list); | |
9d94901f BF |
4803 | } |
4804 | ||
1da177e4 LT |
4805 | STATIC int |
4806 | xlog_valid_rec_header( | |
9a8d2fdb MT |
4807 | struct xlog *log, |
4808 | struct xlog_rec_header *rhead, | |
1da177e4 LT |
4809 | xfs_daddr_t blkno) |
4810 | { | |
4811 | int hlen; | |
4812 | ||
69ef921b | 4813 | if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) { |
1da177e4 LT |
4814 | XFS_ERROR_REPORT("xlog_valid_rec_header(1)", |
4815 | XFS_ERRLEVEL_LOW, log->l_mp); | |
2451337d | 4816 | return -EFSCORRUPTED; |
1da177e4 LT |
4817 | } |
4818 | if (unlikely( | |
4819 | (!rhead->h_version || | |
b53e675d | 4820 | (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) { |
a0fa2b67 | 4821 | xfs_warn(log->l_mp, "%s: unrecognised log version (%d).", |
34a622b2 | 4822 | __func__, be32_to_cpu(rhead->h_version)); |
2451337d | 4823 | return -EIO; |
1da177e4 LT |
4824 | } |
4825 | ||
4826 | /* LR body must have data or it wouldn't have been written */ | |
b53e675d | 4827 | hlen = be32_to_cpu(rhead->h_len); |
1da177e4 LT |
4828 | if (unlikely( hlen <= 0 || hlen > INT_MAX )) { |
4829 | XFS_ERROR_REPORT("xlog_valid_rec_header(2)", | |
4830 | XFS_ERRLEVEL_LOW, log->l_mp); | |
2451337d | 4831 | return -EFSCORRUPTED; |
1da177e4 LT |
4832 | } |
4833 | if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) { | |
4834 | XFS_ERROR_REPORT("xlog_valid_rec_header(3)", | |
4835 | XFS_ERRLEVEL_LOW, log->l_mp); | |
2451337d | 4836 | return -EFSCORRUPTED; |
1da177e4 LT |
4837 | } |
4838 | return 0; | |
4839 | } | |
4840 | ||
4841 | /* | |
4842 | * Read the log from tail to head and process the log records found. | |
4843 | * Handle the two cases where the tail and head are in the same cycle | |
4844 | * and where the active portion of the log wraps around the end of | |
4845 | * the physical log separately. The pass parameter is passed through | |
4846 | * to the routines called to process the data and is not looked at | |
4847 | * here. | |
4848 | */ | |
4849 | STATIC int | |
4850 | xlog_do_recovery_pass( | |
9a8d2fdb | 4851 | struct xlog *log, |
1da177e4 LT |
4852 | xfs_daddr_t head_blk, |
4853 | xfs_daddr_t tail_blk, | |
d7f37692 BF |
4854 | int pass, |
4855 | xfs_daddr_t *first_bad) /* out: first bad log rec */ | |
1da177e4 LT |
4856 | { |
4857 | xlog_rec_header_t *rhead; | |
4858 | xfs_daddr_t blk_no; | |
d7f37692 | 4859 | xfs_daddr_t rhead_blk; |
b2a922cd | 4860 | char *offset; |
1da177e4 | 4861 | xfs_buf_t *hbp, *dbp; |
a70f9fe5 | 4862 | int error = 0, h_size, h_len; |
12818d24 | 4863 | int error2 = 0; |
1da177e4 LT |
4864 | int bblks, split_bblks; |
4865 | int hblks, split_hblks, wrapped_hblks; | |
f0a76953 | 4866 | struct hlist_head rhash[XLOG_RHASH_SIZE]; |
12818d24 | 4867 | LIST_HEAD (buffer_list); |
1da177e4 LT |
4868 | |
4869 | ASSERT(head_blk != tail_blk); | |
d7f37692 | 4870 | rhead_blk = 0; |
1da177e4 LT |
4871 | |
4872 | /* | |
4873 | * Read the header of the tail block and get the iclog buffer size from | |
4874 | * h_size. Use this to tell how many sectors make up the log header. | |
4875 | */ | |
62118709 | 4876 | if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) { |
1da177e4 LT |
4877 | /* |
4878 | * When using variable length iclogs, read first sector of | |
4879 | * iclog header and extract the header size from it. Get a | |
4880 | * new hbp that is the correct size. | |
4881 | */ | |
4882 | hbp = xlog_get_bp(log, 1); | |
4883 | if (!hbp) | |
2451337d | 4884 | return -ENOMEM; |
076e6acb CH |
4885 | |
4886 | error = xlog_bread(log, tail_blk, 1, hbp, &offset); | |
4887 | if (error) | |
1da177e4 | 4888 | goto bread_err1; |
076e6acb | 4889 | |
1da177e4 LT |
4890 | rhead = (xlog_rec_header_t *)offset; |
4891 | error = xlog_valid_rec_header(log, rhead, tail_blk); | |
4892 | if (error) | |
4893 | goto bread_err1; | |
a70f9fe5 BF |
4894 | |
4895 | /* | |
4896 | * xfsprogs has a bug where record length is based on lsunit but | |
4897 | * h_size (iclog size) is hardcoded to 32k. Now that we | |
4898 | * unconditionally CRC verify the unmount record, this means the | |
4899 | * log buffer can be too small for the record and cause an | |
4900 | * overrun. | |
4901 | * | |
4902 | * Detect this condition here. Use lsunit for the buffer size as | |
4903 | * long as this looks like the mkfs case. Otherwise, return an | |
4904 | * error to avoid a buffer overrun. | |
4905 | */ | |
b53e675d | 4906 | h_size = be32_to_cpu(rhead->h_size); |
a70f9fe5 BF |
4907 | h_len = be32_to_cpu(rhead->h_len); |
4908 | if (h_len > h_size) { | |
4909 | if (h_len <= log->l_mp->m_logbsize && | |
4910 | be32_to_cpu(rhead->h_num_logops) == 1) { | |
4911 | xfs_warn(log->l_mp, | |
4912 | "invalid iclog size (%d bytes), using lsunit (%d bytes)", | |
4913 | h_size, log->l_mp->m_logbsize); | |
4914 | h_size = log->l_mp->m_logbsize; | |
4915 | } else | |
4916 | return -EFSCORRUPTED; | |
4917 | } | |
4918 | ||
b53e675d | 4919 | if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) && |
1da177e4 LT |
4920 | (h_size > XLOG_HEADER_CYCLE_SIZE)) { |
4921 | hblks = h_size / XLOG_HEADER_CYCLE_SIZE; | |
4922 | if (h_size % XLOG_HEADER_CYCLE_SIZE) | |
4923 | hblks++; | |
4924 | xlog_put_bp(hbp); | |
4925 | hbp = xlog_get_bp(log, hblks); | |
4926 | } else { | |
4927 | hblks = 1; | |
4928 | } | |
4929 | } else { | |
69ce58f0 | 4930 | ASSERT(log->l_sectBBsize == 1); |
1da177e4 LT |
4931 | hblks = 1; |
4932 | hbp = xlog_get_bp(log, 1); | |
4933 | h_size = XLOG_BIG_RECORD_BSIZE; | |
4934 | } | |
4935 | ||
4936 | if (!hbp) | |
2451337d | 4937 | return -ENOMEM; |
1da177e4 LT |
4938 | dbp = xlog_get_bp(log, BTOBB(h_size)); |
4939 | if (!dbp) { | |
4940 | xlog_put_bp(hbp); | |
2451337d | 4941 | return -ENOMEM; |
1da177e4 LT |
4942 | } |
4943 | ||
4944 | memset(rhash, 0, sizeof(rhash)); | |
d7f37692 | 4945 | blk_no = rhead_blk = tail_blk; |
970fd3f0 | 4946 | if (tail_blk > head_blk) { |
1da177e4 LT |
4947 | /* |
4948 | * Perform recovery around the end of the physical log. | |
4949 | * When the head is not on the same cycle number as the tail, | |
970fd3f0 | 4950 | * we can't do a sequential recovery. |
1da177e4 | 4951 | */ |
1da177e4 LT |
4952 | while (blk_no < log->l_logBBsize) { |
4953 | /* | |
4954 | * Check for header wrapping around physical end-of-log | |
4955 | */ | |
62926044 | 4956 | offset = hbp->b_addr; |
1da177e4 LT |
4957 | split_hblks = 0; |
4958 | wrapped_hblks = 0; | |
4959 | if (blk_no + hblks <= log->l_logBBsize) { | |
4960 | /* Read header in one read */ | |
076e6acb CH |
4961 | error = xlog_bread(log, blk_no, hblks, hbp, |
4962 | &offset); | |
1da177e4 LT |
4963 | if (error) |
4964 | goto bread_err2; | |
1da177e4 LT |
4965 | } else { |
4966 | /* This LR is split across physical log end */ | |
4967 | if (blk_no != log->l_logBBsize) { | |
4968 | /* some data before physical log end */ | |
4969 | ASSERT(blk_no <= INT_MAX); | |
4970 | split_hblks = log->l_logBBsize - (int)blk_no; | |
4971 | ASSERT(split_hblks > 0); | |
076e6acb CH |
4972 | error = xlog_bread(log, blk_no, |
4973 | split_hblks, hbp, | |
4974 | &offset); | |
4975 | if (error) | |
1da177e4 | 4976 | goto bread_err2; |
1da177e4 | 4977 | } |
076e6acb | 4978 | |
1da177e4 LT |
4979 | /* |
4980 | * Note: this black magic still works with | |
4981 | * large sector sizes (non-512) only because: | |
4982 | * - we increased the buffer size originally | |
4983 | * by 1 sector giving us enough extra space | |
4984 | * for the second read; | |
4985 | * - the log start is guaranteed to be sector | |
4986 | * aligned; | |
4987 | * - we read the log end (LR header start) | |
4988 | * _first_, then the log start (LR header end) | |
4989 | * - order is important. | |
4990 | */ | |
234f56ac | 4991 | wrapped_hblks = hblks - split_hblks; |
44396476 DC |
4992 | error = xlog_bread_offset(log, 0, |
4993 | wrapped_hblks, hbp, | |
4994 | offset + BBTOB(split_hblks)); | |
1da177e4 LT |
4995 | if (error) |
4996 | goto bread_err2; | |
1da177e4 LT |
4997 | } |
4998 | rhead = (xlog_rec_header_t *)offset; | |
4999 | error = xlog_valid_rec_header(log, rhead, | |
5000 | split_hblks ? blk_no : 0); | |
5001 | if (error) | |
5002 | goto bread_err2; | |
5003 | ||
b53e675d | 5004 | bblks = (int)BTOBB(be32_to_cpu(rhead->h_len)); |
1da177e4 LT |
5005 | blk_no += hblks; |
5006 | ||
5007 | /* Read in data for log record */ | |
5008 | if (blk_no + bblks <= log->l_logBBsize) { | |
076e6acb CH |
5009 | error = xlog_bread(log, blk_no, bblks, dbp, |
5010 | &offset); | |
1da177e4 LT |
5011 | if (error) |
5012 | goto bread_err2; | |
1da177e4 LT |
5013 | } else { |
5014 | /* This log record is split across the | |
5015 | * physical end of log */ | |
62926044 | 5016 | offset = dbp->b_addr; |
1da177e4 LT |
5017 | split_bblks = 0; |
5018 | if (blk_no != log->l_logBBsize) { | |
5019 | /* some data is before the physical | |
5020 | * end of log */ | |
5021 | ASSERT(!wrapped_hblks); | |
5022 | ASSERT(blk_no <= INT_MAX); | |
5023 | split_bblks = | |
5024 | log->l_logBBsize - (int)blk_no; | |
5025 | ASSERT(split_bblks > 0); | |
076e6acb CH |
5026 | error = xlog_bread(log, blk_no, |
5027 | split_bblks, dbp, | |
5028 | &offset); | |
5029 | if (error) | |
1da177e4 | 5030 | goto bread_err2; |
1da177e4 | 5031 | } |
076e6acb | 5032 | |
1da177e4 LT |
5033 | /* |
5034 | * Note: this black magic still works with | |
5035 | * large sector sizes (non-512) only because: | |
5036 | * - we increased the buffer size originally | |
5037 | * by 1 sector giving us enough extra space | |
5038 | * for the second read; | |
5039 | * - the log start is guaranteed to be sector | |
5040 | * aligned; | |
5041 | * - we read the log end (LR header start) | |
5042 | * _first_, then the log start (LR header end) | |
5043 | * - order is important. | |
5044 | */ | |
44396476 | 5045 | error = xlog_bread_offset(log, 0, |
009507b0 | 5046 | bblks - split_bblks, dbp, |
44396476 | 5047 | offset + BBTOB(split_bblks)); |
076e6acb CH |
5048 | if (error) |
5049 | goto bread_err2; | |
1da177e4 | 5050 | } |
0e446be4 | 5051 | |
9d94901f | 5052 | error = xlog_recover_process(log, rhash, rhead, offset, |
12818d24 | 5053 | pass, &buffer_list); |
0e446be4 | 5054 | if (error) |
1da177e4 | 5055 | goto bread_err2; |
d7f37692 | 5056 | |
1da177e4 | 5057 | blk_no += bblks; |
d7f37692 | 5058 | rhead_blk = blk_no; |
1da177e4 LT |
5059 | } |
5060 | ||
5061 | ASSERT(blk_no >= log->l_logBBsize); | |
5062 | blk_no -= log->l_logBBsize; | |
d7f37692 | 5063 | rhead_blk = blk_no; |
970fd3f0 | 5064 | } |
1da177e4 | 5065 | |
970fd3f0 ES |
5066 | /* read first part of physical log */ |
5067 | while (blk_no < head_blk) { | |
5068 | error = xlog_bread(log, blk_no, hblks, hbp, &offset); | |
5069 | if (error) | |
5070 | goto bread_err2; | |
076e6acb | 5071 | |
970fd3f0 ES |
5072 | rhead = (xlog_rec_header_t *)offset; |
5073 | error = xlog_valid_rec_header(log, rhead, blk_no); | |
5074 | if (error) | |
5075 | goto bread_err2; | |
076e6acb | 5076 | |
970fd3f0 ES |
5077 | /* blocks in data section */ |
5078 | bblks = (int)BTOBB(be32_to_cpu(rhead->h_len)); | |
5079 | error = xlog_bread(log, blk_no+hblks, bblks, dbp, | |
5080 | &offset); | |
5081 | if (error) | |
5082 | goto bread_err2; | |
076e6acb | 5083 | |
12818d24 BF |
5084 | error = xlog_recover_process(log, rhash, rhead, offset, pass, |
5085 | &buffer_list); | |
970fd3f0 ES |
5086 | if (error) |
5087 | goto bread_err2; | |
d7f37692 | 5088 | |
970fd3f0 | 5089 | blk_no += bblks + hblks; |
d7f37692 | 5090 | rhead_blk = blk_no; |
1da177e4 LT |
5091 | } |
5092 | ||
5093 | bread_err2: | |
5094 | xlog_put_bp(dbp); | |
5095 | bread_err1: | |
5096 | xlog_put_bp(hbp); | |
d7f37692 | 5097 | |
12818d24 BF |
5098 | /* |
5099 | * Submit buffers that have been added from the last record processed, | |
5100 | * regardless of error status. | |
5101 | */ | |
5102 | if (!list_empty(&buffer_list)) | |
5103 | error2 = xfs_buf_delwri_submit(&buffer_list); | |
5104 | ||
d7f37692 BF |
5105 | if (error && first_bad) |
5106 | *first_bad = rhead_blk; | |
5107 | ||
12818d24 | 5108 | return error ? error : error2; |
1da177e4 LT |
5109 | } |
5110 | ||
5111 | /* | |
5112 | * Do the recovery of the log. We actually do this in two phases. | |
5113 | * The two passes are necessary in order to implement the function | |
5114 | * of cancelling a record written into the log. The first pass | |
5115 | * determines those things which have been cancelled, and the | |
5116 | * second pass replays log items normally except for those which | |
5117 | * have been cancelled. The handling of the replay and cancellations | |
5118 | * takes place in the log item type specific routines. | |
5119 | * | |
5120 | * The table of items which have cancel records in the log is allocated | |
5121 | * and freed at this level, since only here do we know when all of | |
5122 | * the log recovery has been completed. | |
5123 | */ | |
5124 | STATIC int | |
5125 | xlog_do_log_recovery( | |
9a8d2fdb | 5126 | struct xlog *log, |
1da177e4 LT |
5127 | xfs_daddr_t head_blk, |
5128 | xfs_daddr_t tail_blk) | |
5129 | { | |
d5689eaa | 5130 | int error, i; |
1da177e4 LT |
5131 | |
5132 | ASSERT(head_blk != tail_blk); | |
5133 | ||
5134 | /* | |
5135 | * First do a pass to find all of the cancelled buf log items. | |
5136 | * Store them in the buf_cancel_table for use in the second pass. | |
5137 | */ | |
d5689eaa CH |
5138 | log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE * |
5139 | sizeof(struct list_head), | |
1da177e4 | 5140 | KM_SLEEP); |
d5689eaa CH |
5141 | for (i = 0; i < XLOG_BC_TABLE_SIZE; i++) |
5142 | INIT_LIST_HEAD(&log->l_buf_cancel_table[i]); | |
5143 | ||
1da177e4 | 5144 | error = xlog_do_recovery_pass(log, head_blk, tail_blk, |
d7f37692 | 5145 | XLOG_RECOVER_PASS1, NULL); |
1da177e4 | 5146 | if (error != 0) { |
f0e2d93c | 5147 | kmem_free(log->l_buf_cancel_table); |
1da177e4 LT |
5148 | log->l_buf_cancel_table = NULL; |
5149 | return error; | |
5150 | } | |
5151 | /* | |
5152 | * Then do a second pass to actually recover the items in the log. | |
5153 | * When it is complete free the table of buf cancel items. | |
5154 | */ | |
5155 | error = xlog_do_recovery_pass(log, head_blk, tail_blk, | |
d7f37692 | 5156 | XLOG_RECOVER_PASS2, NULL); |
1da177e4 | 5157 | #ifdef DEBUG |
6d192a9b | 5158 | if (!error) { |
1da177e4 LT |
5159 | int i; |
5160 | ||
5161 | for (i = 0; i < XLOG_BC_TABLE_SIZE; i++) | |
d5689eaa | 5162 | ASSERT(list_empty(&log->l_buf_cancel_table[i])); |
1da177e4 LT |
5163 | } |
5164 | #endif /* DEBUG */ | |
5165 | ||
f0e2d93c | 5166 | kmem_free(log->l_buf_cancel_table); |
1da177e4 LT |
5167 | log->l_buf_cancel_table = NULL; |
5168 | ||
5169 | return error; | |
5170 | } | |
5171 | ||
5172 | /* | |
5173 | * Do the actual recovery | |
5174 | */ | |
5175 | STATIC int | |
5176 | xlog_do_recover( | |
9a8d2fdb | 5177 | struct xlog *log, |
1da177e4 LT |
5178 | xfs_daddr_t head_blk, |
5179 | xfs_daddr_t tail_blk) | |
5180 | { | |
a798011c | 5181 | struct xfs_mount *mp = log->l_mp; |
1da177e4 LT |
5182 | int error; |
5183 | xfs_buf_t *bp; | |
5184 | xfs_sb_t *sbp; | |
5185 | ||
5186 | /* | |
5187 | * First replay the images in the log. | |
5188 | */ | |
5189 | error = xlog_do_log_recovery(log, head_blk, tail_blk); | |
43ff2122 | 5190 | if (error) |
1da177e4 | 5191 | return error; |
1da177e4 LT |
5192 | |
5193 | /* | |
5194 | * If IO errors happened during recovery, bail out. | |
5195 | */ | |
a798011c | 5196 | if (XFS_FORCED_SHUTDOWN(mp)) { |
2451337d | 5197 | return -EIO; |
1da177e4 LT |
5198 | } |
5199 | ||
5200 | /* | |
5201 | * We now update the tail_lsn since much of the recovery has completed | |
5202 | * and there may be space available to use. If there were no extent | |
5203 | * or iunlinks, we can free up the entire log and set the tail_lsn to | |
5204 | * be the last_sync_lsn. This was set in xlog_find_tail to be the | |
5205 | * lsn of the last known good LR on disk. If there are extent frees | |
5206 | * or iunlinks they will have some entries in the AIL; so we look at | |
5207 | * the AIL to determine how to set the tail_lsn. | |
5208 | */ | |
a798011c | 5209 | xlog_assign_tail_lsn(mp); |
1da177e4 LT |
5210 | |
5211 | /* | |
5212 | * Now that we've finished replaying all buffer and inode | |
98021821 | 5213 | * updates, re-read in the superblock and reverify it. |
1da177e4 | 5214 | */ |
a798011c | 5215 | bp = xfs_getsb(mp, 0); |
1157b32c | 5216 | bp->b_flags &= ~(XBF_DONE | XBF_ASYNC); |
b68c0821 | 5217 | ASSERT(!(bp->b_flags & XBF_WRITE)); |
0cac682f | 5218 | bp->b_flags |= XBF_READ; |
1813dd64 | 5219 | bp->b_ops = &xfs_sb_buf_ops; |
83a0adc3 | 5220 | |
595bff75 | 5221 | error = xfs_buf_submit_wait(bp); |
d64e31a2 | 5222 | if (error) { |
a798011c | 5223 | if (!XFS_FORCED_SHUTDOWN(mp)) { |
595bff75 DC |
5224 | xfs_buf_ioerror_alert(bp, __func__); |
5225 | ASSERT(0); | |
5226 | } | |
1da177e4 LT |
5227 | xfs_buf_relse(bp); |
5228 | return error; | |
5229 | } | |
5230 | ||
5231 | /* Convert superblock from on-disk format */ | |
a798011c | 5232 | sbp = &mp->m_sb; |
98021821 | 5233 | xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp)); |
1da177e4 LT |
5234 | xfs_buf_relse(bp); |
5235 | ||
a798011c DC |
5236 | /* re-initialise in-core superblock and geometry structures */ |
5237 | xfs_reinit_percpu_counters(mp); | |
5238 | error = xfs_initialize_perag(mp, sbp->sb_agcount, &mp->m_maxagi); | |
5239 | if (error) { | |
5240 | xfs_warn(mp, "Failed post-recovery per-ag init: %d", error); | |
5241 | return error; | |
5242 | } | |
52548852 | 5243 | mp->m_alloc_set_aside = xfs_alloc_set_aside(mp); |
5478eead | 5244 | |
1da177e4 LT |
5245 | xlog_recover_check_summary(log); |
5246 | ||
5247 | /* Normal transactions can now occur */ | |
5248 | log->l_flags &= ~XLOG_ACTIVE_RECOVERY; | |
5249 | return 0; | |
5250 | } | |
5251 | ||
5252 | /* | |
5253 | * Perform recovery and re-initialize some log variables in xlog_find_tail. | |
5254 | * | |
5255 | * Return error or zero. | |
5256 | */ | |
5257 | int | |
5258 | xlog_recover( | |
9a8d2fdb | 5259 | struct xlog *log) |
1da177e4 LT |
5260 | { |
5261 | xfs_daddr_t head_blk, tail_blk; | |
5262 | int error; | |
5263 | ||
5264 | /* find the tail of the log */ | |
a45086e2 BF |
5265 | error = xlog_find_tail(log, &head_blk, &tail_blk); |
5266 | if (error) | |
1da177e4 LT |
5267 | return error; |
5268 | ||
a45086e2 BF |
5269 | /* |
5270 | * The superblock was read before the log was available and thus the LSN | |
5271 | * could not be verified. Check the superblock LSN against the current | |
5272 | * LSN now that it's known. | |
5273 | */ | |
5274 | if (xfs_sb_version_hascrc(&log->l_mp->m_sb) && | |
5275 | !xfs_log_check_lsn(log->l_mp, log->l_mp->m_sb.sb_lsn)) | |
5276 | return -EINVAL; | |
5277 | ||
1da177e4 LT |
5278 | if (tail_blk != head_blk) { |
5279 | /* There used to be a comment here: | |
5280 | * | |
5281 | * disallow recovery on read-only mounts. note -- mount | |
5282 | * checks for ENOSPC and turns it into an intelligent | |
5283 | * error message. | |
5284 | * ...but this is no longer true. Now, unless you specify | |
5285 | * NORECOVERY (in which case this function would never be | |
5286 | * called), we just go ahead and recover. We do this all | |
5287 | * under the vfs layer, so we can get away with it unless | |
5288 | * the device itself is read-only, in which case we fail. | |
5289 | */ | |
3a02ee18 | 5290 | if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) { |
1da177e4 LT |
5291 | return error; |
5292 | } | |
5293 | ||
e721f504 DC |
5294 | /* |
5295 | * Version 5 superblock log feature mask validation. We know the | |
5296 | * log is dirty so check if there are any unknown log features | |
5297 | * in what we need to recover. If there are unknown features | |
5298 | * (e.g. unsupported transactions, then simply reject the | |
5299 | * attempt at recovery before touching anything. | |
5300 | */ | |
5301 | if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 && | |
5302 | xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb, | |
5303 | XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) { | |
5304 | xfs_warn(log->l_mp, | |
f41febd2 | 5305 | "Superblock has unknown incompatible log features (0x%x) enabled.", |
e721f504 DC |
5306 | (log->l_mp->m_sb.sb_features_log_incompat & |
5307 | XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)); | |
f41febd2 JP |
5308 | xfs_warn(log->l_mp, |
5309 | "The log can not be fully and/or safely recovered by this kernel."); | |
5310 | xfs_warn(log->l_mp, | |
5311 | "Please recover the log on a kernel that supports the unknown features."); | |
2451337d | 5312 | return -EINVAL; |
e721f504 DC |
5313 | } |
5314 | ||
2e227178 BF |
5315 | /* |
5316 | * Delay log recovery if the debug hook is set. This is debug | |
5317 | * instrumention to coordinate simulation of I/O failures with | |
5318 | * log recovery. | |
5319 | */ | |
5320 | if (xfs_globals.log_recovery_delay) { | |
5321 | xfs_notice(log->l_mp, | |
5322 | "Delaying log recovery for %d seconds.", | |
5323 | xfs_globals.log_recovery_delay); | |
5324 | msleep(xfs_globals.log_recovery_delay * 1000); | |
5325 | } | |
5326 | ||
a0fa2b67 DC |
5327 | xfs_notice(log->l_mp, "Starting recovery (logdev: %s)", |
5328 | log->l_mp->m_logname ? log->l_mp->m_logname | |
5329 | : "internal"); | |
1da177e4 LT |
5330 | |
5331 | error = xlog_do_recover(log, head_blk, tail_blk); | |
5332 | log->l_flags |= XLOG_RECOVERY_NEEDED; | |
5333 | } | |
5334 | return error; | |
5335 | } | |
5336 | ||
5337 | /* | |
5338 | * In the first part of recovery we replay inodes and buffers and build | |
5339 | * up the list of extent free items which need to be processed. Here | |
5340 | * we process the extent free items and clean up the on disk unlinked | |
5341 | * inode lists. This is separated from the first part of recovery so | |
5342 | * that the root and real-time bitmap inodes can be read in from disk in | |
5343 | * between the two stages. This is necessary so that we can free space | |
5344 | * in the real-time portion of the file system. | |
5345 | */ | |
5346 | int | |
5347 | xlog_recover_finish( | |
9a8d2fdb | 5348 | struct xlog *log) |
1da177e4 LT |
5349 | { |
5350 | /* | |
5351 | * Now we're ready to do the transactions needed for the | |
5352 | * rest of recovery. Start with completing all the extent | |
5353 | * free intent records and then process the unlinked inode | |
5354 | * lists. At this point, we essentially run in normal mode | |
5355 | * except that we're still performing recovery actions | |
5356 | * rather than accepting new requests. | |
5357 | */ | |
5358 | if (log->l_flags & XLOG_RECOVERY_NEEDED) { | |
3c1e2bbe | 5359 | int error; |
dc42375d | 5360 | error = xlog_recover_process_intents(log); |
3c1e2bbe | 5361 | if (error) { |
dc42375d | 5362 | xfs_alert(log->l_mp, "Failed to recover intents"); |
3c1e2bbe DC |
5363 | return error; |
5364 | } | |
9e88b5d8 | 5365 | |
1da177e4 | 5366 | /* |
dc42375d | 5367 | * Sync the log to get all the intents out of the AIL. |
1da177e4 LT |
5368 | * This isn't absolutely necessary, but it helps in |
5369 | * case the unlink transactions would have problems | |
dc42375d | 5370 | * pushing the intents out of the way. |
1da177e4 | 5371 | */ |
a14a348b | 5372 | xfs_log_force(log->l_mp, XFS_LOG_SYNC); |
1da177e4 | 5373 | |
4249023a | 5374 | xlog_recover_process_iunlinks(log); |
1da177e4 LT |
5375 | |
5376 | xlog_recover_check_summary(log); | |
5377 | ||
a0fa2b67 DC |
5378 | xfs_notice(log->l_mp, "Ending recovery (logdev: %s)", |
5379 | log->l_mp->m_logname ? log->l_mp->m_logname | |
5380 | : "internal"); | |
1da177e4 LT |
5381 | log->l_flags &= ~XLOG_RECOVERY_NEEDED; |
5382 | } else { | |
a0fa2b67 | 5383 | xfs_info(log->l_mp, "Ending clean mount"); |
1da177e4 LT |
5384 | } |
5385 | return 0; | |
5386 | } | |
5387 | ||
f0b2efad BF |
5388 | int |
5389 | xlog_recover_cancel( | |
5390 | struct xlog *log) | |
5391 | { | |
5392 | int error = 0; | |
5393 | ||
5394 | if (log->l_flags & XLOG_RECOVERY_NEEDED) | |
dc42375d | 5395 | error = xlog_recover_cancel_intents(log); |
f0b2efad BF |
5396 | |
5397 | return error; | |
5398 | } | |
1da177e4 LT |
5399 | |
5400 | #if defined(DEBUG) | |
5401 | /* | |
5402 | * Read all of the agf and agi counters and check that they | |
5403 | * are consistent with the superblock counters. | |
5404 | */ | |
5405 | void | |
5406 | xlog_recover_check_summary( | |
9a8d2fdb | 5407 | struct xlog *log) |
1da177e4 LT |
5408 | { |
5409 | xfs_mount_t *mp; | |
5410 | xfs_agf_t *agfp; | |
1da177e4 LT |
5411 | xfs_buf_t *agfbp; |
5412 | xfs_buf_t *agibp; | |
1da177e4 LT |
5413 | xfs_agnumber_t agno; |
5414 | __uint64_t freeblks; | |
5415 | __uint64_t itotal; | |
5416 | __uint64_t ifree; | |
5e1be0fb | 5417 | int error; |
1da177e4 LT |
5418 | |
5419 | mp = log->l_mp; | |
5420 | ||
5421 | freeblks = 0LL; | |
5422 | itotal = 0LL; | |
5423 | ifree = 0LL; | |
5424 | for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { | |
4805621a CH |
5425 | error = xfs_read_agf(mp, NULL, agno, 0, &agfbp); |
5426 | if (error) { | |
a0fa2b67 DC |
5427 | xfs_alert(mp, "%s agf read failed agno %d error %d", |
5428 | __func__, agno, error); | |
4805621a CH |
5429 | } else { |
5430 | agfp = XFS_BUF_TO_AGF(agfbp); | |
5431 | freeblks += be32_to_cpu(agfp->agf_freeblks) + | |
5432 | be32_to_cpu(agfp->agf_flcount); | |
5433 | xfs_buf_relse(agfbp); | |
1da177e4 | 5434 | } |
1da177e4 | 5435 | |
5e1be0fb | 5436 | error = xfs_read_agi(mp, NULL, agno, &agibp); |
a0fa2b67 DC |
5437 | if (error) { |
5438 | xfs_alert(mp, "%s agi read failed agno %d error %d", | |
5439 | __func__, agno, error); | |
5440 | } else { | |
5e1be0fb | 5441 | struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp); |
16259e7d | 5442 | |
5e1be0fb CH |
5443 | itotal += be32_to_cpu(agi->agi_count); |
5444 | ifree += be32_to_cpu(agi->agi_freecount); | |
5445 | xfs_buf_relse(agibp); | |
5446 | } | |
1da177e4 | 5447 | } |
1da177e4 LT |
5448 | } |
5449 | #endif /* DEBUG */ |