2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_types.h"
24 #include "xfs_trans.h"
28 #include "xfs_dmapi.h"
29 #include "xfs_mount.h"
30 #include "xfs_error.h"
31 #include "xfs_bmap_btree.h"
32 #include "xfs_alloc_btree.h"
33 #include "xfs_ialloc_btree.h"
34 #include "xfs_dir2_sf.h"
35 #include "xfs_attr_sf.h"
36 #include "xfs_dinode.h"
37 #include "xfs_inode.h"
38 #include "xfs_inode_item.h"
39 #include "xfs_alloc.h"
40 #include "xfs_ialloc.h"
41 #include "xfs_log_priv.h"
42 #include "xfs_buf_item.h"
43 #include "xfs_log_recover.h"
44 #include "xfs_extfree_item.h"
45 #include "xfs_trans_priv.h"
46 #include "xfs_quota.h"
48 #include "xfs_utils.h"
49 #include "xfs_trace.h"
51 STATIC int xlog_find_zeroed(xlog_t *, xfs_daddr_t *);
52 STATIC int xlog_clear_stale_blocks(xlog_t *, xfs_lsn_t);
54 STATIC void xlog_recover_check_summary(xlog_t *);
56 #define xlog_recover_check_summary(log)
60 * Sector aligned buffer routines for buffer create/read/write/access
64 * Verify the given count of basic blocks is valid number of blocks
65 * to specify for an operation involving the given XFS log buffer.
66 * Returns nonzero if the count is valid, 0 otherwise.
70 xlog_buf_bbcount_valid(
74 return bbcount > 0 && bbcount <= log->l_logBBsize;
78 * Allocate a buffer to hold log data. The buffer needs to be able
79 * to map to a range of nbblks basic blocks at any valid (basic
80 * block) offset within the log.
87 if (!xlog_buf_bbcount_valid(log, nbblks)) {
88 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
90 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
95 * We do log I/O in units of log sectors (a power-of-2
96 * multiple of the basic block size), so we round up the
97 * requested size to acommodate the basic blocks required
98 * for complete log sectors.
100 * In addition, the buffer may be used for a non-sector-
101 * aligned block offset, in which case an I/O of the
102 * requested size could extend beyond the end of the
103 * buffer. If the requested size is only 1 basic block it
104 * will never straddle a sector boundary, so this won't be
105 * an issue. Nor will this be a problem if the log I/O is
106 * done in basic blocks (sector size 1). But otherwise we
107 * extend the buffer by one extra log sector to ensure
108 * there's space to accomodate this possiblility.
110 if (nbblks > 1 && log->l_sectBBsize > 1)
111 nbblks += log->l_sectBBsize;
112 nbblks = round_up(nbblks, log->l_sectBBsize);
114 return xfs_buf_get_noaddr(BBTOB(nbblks), log->l_mp->m_logdev_targp);
125 * Return the address of the start of the given block number's data
126 * in a log buffer. The buffer covers a log sector-aligned region.
138 offset = blk_no & ((xfs_daddr_t) log->l_sectBBsize - 1);
139 ptr = XFS_BUF_PTR(bp) + BBTOB(offset);
141 ASSERT(ptr + BBTOB(nbblks) <= XFS_BUF_PTR(bp) + XFS_BUF_SIZE(bp));
148 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
159 if (!xlog_buf_bbcount_valid(log, nbblks)) {
160 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
162 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
166 blk_no = round_down(blk_no, log->l_sectBBsize);
167 nbblks = round_up(nbblks, log->l_sectBBsize);
170 ASSERT(BBTOB(nbblks) <= XFS_BUF_SIZE(bp));
172 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
175 XFS_BUF_SET_COUNT(bp, BBTOB(nbblks));
176 XFS_BUF_SET_TARGET(bp, log->l_mp->m_logdev_targp);
178 xfsbdstrat(log->l_mp, bp);
179 error = xfs_iowait(bp);
181 xfs_ioerror_alert("xlog_bread", log->l_mp,
182 bp, XFS_BUF_ADDR(bp));
196 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
200 *offset = xlog_align(log, blk_no, nbblks, bp);
205 * Write out the buffer at the given block for the given number of blocks.
206 * The buffer is kept locked across the write and is returned locked.
207 * This can only be used for synchronous log writes.
218 if (!xlog_buf_bbcount_valid(log, nbblks)) {
219 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
221 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
225 blk_no = round_down(blk_no, log->l_sectBBsize);
226 nbblks = round_up(nbblks, log->l_sectBBsize);
229 ASSERT(BBTOB(nbblks) <= XFS_BUF_SIZE(bp));
231 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
232 XFS_BUF_ZEROFLAGS(bp);
235 XFS_BUF_PSEMA(bp, PRIBIO);
236 XFS_BUF_SET_COUNT(bp, BBTOB(nbblks));
237 XFS_BUF_SET_TARGET(bp, log->l_mp->m_logdev_targp);
239 if ((error = xfs_bwrite(log->l_mp, bp)))
240 xfs_ioerror_alert("xlog_bwrite", log->l_mp,
241 bp, XFS_BUF_ADDR(bp));
247 * dump debug superblock and log record information
250 xlog_header_check_dump(
252 xlog_rec_header_t *head)
254 cmn_err(CE_DEBUG, "%s: SB : uuid = %pU, fmt = %d\n",
255 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
256 cmn_err(CE_DEBUG, " log : uuid = %pU, fmt = %d\n",
257 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
260 #define xlog_header_check_dump(mp, head)
264 * check log record header for recovery
267 xlog_header_check_recover(
269 xlog_rec_header_t *head)
271 ASSERT(be32_to_cpu(head->h_magicno) == XLOG_HEADER_MAGIC_NUM);
274 * IRIX doesn't write the h_fmt field and leaves it zeroed
275 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
276 * a dirty log created in IRIX.
278 if (unlikely(be32_to_cpu(head->h_fmt) != XLOG_FMT)) {
280 "XFS: dirty log written in incompatible format - can't recover");
281 xlog_header_check_dump(mp, head);
282 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
283 XFS_ERRLEVEL_HIGH, mp);
284 return XFS_ERROR(EFSCORRUPTED);
285 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
287 "XFS: dirty log entry has mismatched uuid - can't recover");
288 xlog_header_check_dump(mp, head);
289 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
290 XFS_ERRLEVEL_HIGH, mp);
291 return XFS_ERROR(EFSCORRUPTED);
297 * read the head block of the log and check the header
300 xlog_header_check_mount(
302 xlog_rec_header_t *head)
304 ASSERT(be32_to_cpu(head->h_magicno) == XLOG_HEADER_MAGIC_NUM);
306 if (uuid_is_nil(&head->h_fs_uuid)) {
308 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
309 * h_fs_uuid is nil, we assume this log was last mounted
310 * by IRIX and continue.
312 xlog_warn("XFS: nil uuid in log - IRIX style log");
313 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
314 xlog_warn("XFS: log has mismatched uuid - can't recover");
315 xlog_header_check_dump(mp, head);
316 XFS_ERROR_REPORT("xlog_header_check_mount",
317 XFS_ERRLEVEL_HIGH, mp);
318 return XFS_ERROR(EFSCORRUPTED);
327 if (XFS_BUF_GETERROR(bp)) {
329 * We're not going to bother about retrying
330 * this during recovery. One strike!
332 xfs_ioerror_alert("xlog_recover_iodone",
333 bp->b_mount, bp, XFS_BUF_ADDR(bp));
334 xfs_force_shutdown(bp->b_mount, SHUTDOWN_META_IO_ERROR);
337 XFS_BUF_CLR_IODONE_FUNC(bp);
342 * This routine finds (to an approximation) the first block in the physical
343 * log which contains the given cycle. It uses a binary search algorithm.
344 * Note that the algorithm can not be perfect because the disk will not
345 * necessarily be perfect.
348 xlog_find_cycle_start(
351 xfs_daddr_t first_blk,
352 xfs_daddr_t *last_blk,
362 mid_blk = BLK_AVG(first_blk, end_blk);
363 while (mid_blk != first_blk && mid_blk != end_blk) {
364 error = xlog_bread(log, mid_blk, 1, bp, &offset);
367 mid_cycle = xlog_get_cycle(offset);
368 if (mid_cycle == cycle)
369 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
371 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
372 mid_blk = BLK_AVG(first_blk, end_blk);
374 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
375 (mid_blk == end_blk && mid_blk-1 == first_blk));
383 * Check that a range of blocks does not contain stop_on_cycle_no.
384 * Fill in *new_blk with the block offset where such a block is
385 * found, or with -1 (an invalid block number) if there is no such
386 * block in the range. The scan needs to occur from front to back
387 * and the pointer into the region must be updated since a later
388 * routine will need to perform another test.
391 xlog_find_verify_cycle(
393 xfs_daddr_t start_blk,
395 uint stop_on_cycle_no,
396 xfs_daddr_t *new_blk)
402 xfs_caddr_t buf = NULL;
406 * Greedily allocate a buffer big enough to handle the full
407 * range of basic blocks we'll be examining. If that fails,
408 * try a smaller size. We need to be able to read at least
409 * a log sector, or we're out of luck.
411 bufblks = 1 << ffs(nbblks);
412 while (!(bp = xlog_get_bp(log, bufblks))) {
414 if (bufblks < log->l_sectBBsize)
418 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
421 bcount = min(bufblks, (start_blk + nbblks - i));
423 error = xlog_bread(log, i, bcount, bp, &buf);
427 for (j = 0; j < bcount; j++) {
428 cycle = xlog_get_cycle(buf);
429 if (cycle == stop_on_cycle_no) {
446 * Potentially backup over partial log record write.
448 * In the typical case, last_blk is the number of the block directly after
449 * a good log record. Therefore, we subtract one to get the block number
450 * of the last block in the given buffer. extra_bblks contains the number
451 * of blocks we would have read on a previous read. This happens when the
452 * last log record is split over the end of the physical log.
454 * extra_bblks is the number of blocks potentially verified on a previous
455 * call to this routine.
458 xlog_find_verify_log_record(
460 xfs_daddr_t start_blk,
461 xfs_daddr_t *last_blk,
466 xfs_caddr_t offset = NULL;
467 xlog_rec_header_t *head = NULL;
470 int num_blks = *last_blk - start_blk;
473 ASSERT(start_blk != 0 || *last_blk != start_blk);
475 if (!(bp = xlog_get_bp(log, num_blks))) {
476 if (!(bp = xlog_get_bp(log, 1)))
480 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
483 offset += ((num_blks - 1) << BBSHIFT);
486 for (i = (*last_blk) - 1; i >= 0; i--) {
488 /* valid log record not found */
490 "XFS: Log inconsistent (didn't find previous header)");
492 error = XFS_ERROR(EIO);
497 error = xlog_bread(log, i, 1, bp, &offset);
502 head = (xlog_rec_header_t *)offset;
504 if (XLOG_HEADER_MAGIC_NUM == be32_to_cpu(head->h_magicno))
512 * We hit the beginning of the physical log & still no header. Return
513 * to caller. If caller can handle a return of -1, then this routine
514 * will be called again for the end of the physical log.
522 * We have the final block of the good log (the first block
523 * of the log record _before_ the head. So we check the uuid.
525 if ((error = xlog_header_check_mount(log->l_mp, head)))
529 * We may have found a log record header before we expected one.
530 * last_blk will be the 1st block # with a given cycle #. We may end
531 * up reading an entire log record. In this case, we don't want to
532 * reset last_blk. Only when last_blk points in the middle of a log
533 * record do we update last_blk.
535 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
536 uint h_size = be32_to_cpu(head->h_size);
538 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
539 if (h_size % XLOG_HEADER_CYCLE_SIZE)
545 if (*last_blk - i + extra_bblks !=
546 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
555 * Head is defined to be the point of the log where the next log write
556 * write could go. This means that incomplete LR writes at the end are
557 * eliminated when calculating the head. We aren't guaranteed that previous
558 * LR have complete transactions. We only know that a cycle number of
559 * current cycle number -1 won't be present in the log if we start writing
560 * from our current block number.
562 * last_blk contains the block number of the first block with a given
565 * Return: zero if normal, non-zero if error.
570 xfs_daddr_t *return_head_blk)
574 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
576 uint first_half_cycle, last_half_cycle;
578 int error, log_bbnum = log->l_logBBsize;
580 /* Is the end of the log device zeroed? */
581 if ((error = xlog_find_zeroed(log, &first_blk)) == -1) {
582 *return_head_blk = first_blk;
584 /* Is the whole lot zeroed? */
586 /* Linux XFS shouldn't generate totally zeroed logs -
587 * mkfs etc write a dummy unmount record to a fresh
588 * log so we can store the uuid in there
590 xlog_warn("XFS: totally zeroed log");
595 xlog_warn("XFS: empty log check failed");
599 first_blk = 0; /* get cycle # of 1st block */
600 bp = xlog_get_bp(log, 1);
604 error = xlog_bread(log, 0, 1, bp, &offset);
608 first_half_cycle = xlog_get_cycle(offset);
610 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
611 error = xlog_bread(log, last_blk, 1, bp, &offset);
615 last_half_cycle = xlog_get_cycle(offset);
616 ASSERT(last_half_cycle != 0);
619 * If the 1st half cycle number is equal to the last half cycle number,
620 * then the entire log is stamped with the same cycle number. In this
621 * case, head_blk can't be set to zero (which makes sense). The below
622 * math doesn't work out properly with head_blk equal to zero. Instead,
623 * we set it to log_bbnum which is an invalid block number, but this
624 * value makes the math correct. If head_blk doesn't changed through
625 * all the tests below, *head_blk is set to zero at the very end rather
626 * than log_bbnum. In a sense, log_bbnum and zero are the same block
627 * in a circular file.
629 if (first_half_cycle == last_half_cycle) {
631 * In this case we believe that the entire log should have
632 * cycle number last_half_cycle. We need to scan backwards
633 * from the end verifying that there are no holes still
634 * containing last_half_cycle - 1. If we find such a hole,
635 * then the start of that hole will be the new head. The
636 * simple case looks like
637 * x | x ... | x - 1 | x
638 * Another case that fits this picture would be
639 * x | x + 1 | x ... | x
640 * In this case the head really is somewhere at the end of the
641 * log, as one of the latest writes at the beginning was
644 * x | x + 1 | x ... | x - 1 | x
645 * This is really the combination of the above two cases, and
646 * the head has to end up at the start of the x-1 hole at the
649 * In the 256k log case, we will read from the beginning to the
650 * end of the log and search for cycle numbers equal to x-1.
651 * We don't worry about the x+1 blocks that we encounter,
652 * because we know that they cannot be the head since the log
655 head_blk = log_bbnum;
656 stop_on_cycle = last_half_cycle - 1;
659 * In this case we want to find the first block with cycle
660 * number matching last_half_cycle. We expect the log to be
662 * x + 1 ... | x ... | x
663 * The first block with cycle number x (last_half_cycle) will
664 * be where the new head belongs. First we do a binary search
665 * for the first occurrence of last_half_cycle. The binary
666 * search may not be totally accurate, so then we scan back
667 * from there looking for occurrences of last_half_cycle before
668 * us. If that backwards scan wraps around the beginning of
669 * the log, then we look for occurrences of last_half_cycle - 1
670 * at the end of the log. The cases we're looking for look
672 * v binary search stopped here
673 * x + 1 ... | x | x + 1 | x ... | x
674 * ^ but we want to locate this spot
676 * <---------> less than scan distance
677 * x + 1 ... | x ... | x - 1 | x
678 * ^ we want to locate this spot
680 stop_on_cycle = last_half_cycle;
681 if ((error = xlog_find_cycle_start(log, bp, first_blk,
682 &head_blk, last_half_cycle)))
687 * Now validate the answer. Scan back some number of maximum possible
688 * blocks and make sure each one has the expected cycle number. The
689 * maximum is determined by the total possible amount of buffering
690 * in the in-core log. The following number can be made tighter if
691 * we actually look at the block size of the filesystem.
693 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
694 if (head_blk >= num_scan_bblks) {
696 * We are guaranteed that the entire check can be performed
699 start_blk = head_blk - num_scan_bblks;
700 if ((error = xlog_find_verify_cycle(log,
701 start_blk, num_scan_bblks,
702 stop_on_cycle, &new_blk)))
706 } else { /* need to read 2 parts of log */
708 * We are going to scan backwards in the log in two parts.
709 * First we scan the physical end of the log. In this part
710 * of the log, we are looking for blocks with cycle number
711 * last_half_cycle - 1.
712 * If we find one, then we know that the log starts there, as
713 * we've found a hole that didn't get written in going around
714 * the end of the physical log. The simple case for this is
715 * x + 1 ... | x ... | x - 1 | x
716 * <---------> less than scan distance
717 * If all of the blocks at the end of the log have cycle number
718 * last_half_cycle, then we check the blocks at the start of
719 * the log looking for occurrences of last_half_cycle. If we
720 * find one, then our current estimate for the location of the
721 * first occurrence of last_half_cycle is wrong and we move
722 * back to the hole we've found. This case looks like
723 * x + 1 ... | x | x + 1 | x ...
724 * ^ binary search stopped here
725 * Another case we need to handle that only occurs in 256k
727 * x + 1 ... | x ... | x+1 | x ...
728 * ^ binary search stops here
729 * In a 256k log, the scan at the end of the log will see the
730 * x + 1 blocks. We need to skip past those since that is
731 * certainly not the head of the log. By searching for
732 * last_half_cycle-1 we accomplish that.
734 ASSERT(head_blk <= INT_MAX &&
735 (xfs_daddr_t) num_scan_bblks >= head_blk);
736 start_blk = log_bbnum - (num_scan_bblks - head_blk);
737 if ((error = xlog_find_verify_cycle(log, start_blk,
738 num_scan_bblks - (int)head_blk,
739 (stop_on_cycle - 1), &new_blk)))
747 * Scan beginning of log now. The last part of the physical
748 * log is good. This scan needs to verify that it doesn't find
749 * the last_half_cycle.
752 ASSERT(head_blk <= INT_MAX);
753 if ((error = xlog_find_verify_cycle(log,
754 start_blk, (int)head_blk,
755 stop_on_cycle, &new_blk)))
763 * Now we need to make sure head_blk is not pointing to a block in
764 * the middle of a log record.
766 num_scan_bblks = XLOG_REC_SHIFT(log);
767 if (head_blk >= num_scan_bblks) {
768 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
770 /* start ptr at last block ptr before head_blk */
771 if ((error = xlog_find_verify_log_record(log, start_blk,
772 &head_blk, 0)) == -1) {
773 error = XFS_ERROR(EIO);
779 ASSERT(head_blk <= INT_MAX);
780 if ((error = xlog_find_verify_log_record(log, start_blk,
781 &head_blk, 0)) == -1) {
782 /* We hit the beginning of the log during our search */
783 start_blk = log_bbnum - (num_scan_bblks - head_blk);
785 ASSERT(start_blk <= INT_MAX &&
786 (xfs_daddr_t) log_bbnum-start_blk >= 0);
787 ASSERT(head_blk <= INT_MAX);
788 if ((error = xlog_find_verify_log_record(log,
790 (int)head_blk)) == -1) {
791 error = XFS_ERROR(EIO);
795 if (new_blk != log_bbnum)
802 if (head_blk == log_bbnum)
803 *return_head_blk = 0;
805 *return_head_blk = head_blk;
807 * When returning here, we have a good block number. Bad block
808 * means that during a previous crash, we didn't have a clean break
809 * from cycle number N to cycle number N-1. In this case, we need
810 * to find the first block with cycle number N-1.
818 xlog_warn("XFS: failed to find log head");
823 * Find the sync block number or the tail of the log.
825 * This will be the block number of the last record to have its
826 * associated buffers synced to disk. Every log record header has
827 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
828 * to get a sync block number. The only concern is to figure out which
829 * log record header to believe.
831 * The following algorithm uses the log record header with the largest
832 * lsn. The entire log record does not need to be valid. We only care
833 * that the header is valid.
835 * We could speed up search by using current head_blk buffer, but it is not
841 xfs_daddr_t *head_blk,
842 xfs_daddr_t *tail_blk)
844 xlog_rec_header_t *rhead;
845 xlog_op_header_t *op_head;
846 xfs_caddr_t offset = NULL;
849 xfs_daddr_t umount_data_blk;
850 xfs_daddr_t after_umount_blk;
857 * Find previous log record
859 if ((error = xlog_find_head(log, head_blk)))
862 bp = xlog_get_bp(log, 1);
865 if (*head_blk == 0) { /* special case */
866 error = xlog_bread(log, 0, 1, bp, &offset);
870 if (xlog_get_cycle(offset) == 0) {
872 /* leave all other log inited values alone */
878 * Search backwards looking for log record header block
880 ASSERT(*head_blk < INT_MAX);
881 for (i = (int)(*head_blk) - 1; i >= 0; i--) {
882 error = xlog_bread(log, i, 1, bp, &offset);
886 if (XLOG_HEADER_MAGIC_NUM == be32_to_cpu(*(__be32 *)offset)) {
892 * If we haven't found the log record header block, start looking
893 * again from the end of the physical log. XXXmiken: There should be
894 * a check here to make sure we didn't search more than N blocks in
898 for (i = log->l_logBBsize - 1; i >= (int)(*head_blk); i--) {
899 error = xlog_bread(log, i, 1, bp, &offset);
903 if (XLOG_HEADER_MAGIC_NUM ==
904 be32_to_cpu(*(__be32 *)offset)) {
911 xlog_warn("XFS: xlog_find_tail: couldn't find sync record");
913 return XFS_ERROR(EIO);
916 /* find blk_no of tail of log */
917 rhead = (xlog_rec_header_t *)offset;
918 *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn));
921 * Reset log values according to the state of the log when we
922 * crashed. In the case where head_blk == 0, we bump curr_cycle
923 * one because the next write starts a new cycle rather than
924 * continuing the cycle of the last good log record. At this
925 * point we have guaranteed that all partial log records have been
926 * accounted for. Therefore, we know that the last good log record
927 * written was complete and ended exactly on the end boundary
928 * of the physical log.
930 log->l_prev_block = i;
931 log->l_curr_block = (int)*head_blk;
932 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
935 log->l_tail_lsn = be64_to_cpu(rhead->h_tail_lsn);
936 log->l_last_sync_lsn = be64_to_cpu(rhead->h_lsn);
937 log->l_grant_reserve_cycle = log->l_curr_cycle;
938 log->l_grant_reserve_bytes = BBTOB(log->l_curr_block);
939 log->l_grant_write_cycle = log->l_curr_cycle;
940 log->l_grant_write_bytes = BBTOB(log->l_curr_block);
943 * Look for unmount record. If we find it, then we know there
944 * was a clean unmount. Since 'i' could be the last block in
945 * the physical log, we convert to a log block before comparing
948 * Save the current tail lsn to use to pass to
949 * xlog_clear_stale_blocks() below. We won't want to clear the
950 * unmount record if there is one, so we pass the lsn of the
951 * unmount record rather than the block after it.
953 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
954 int h_size = be32_to_cpu(rhead->h_size);
955 int h_version = be32_to_cpu(rhead->h_version);
957 if ((h_version & XLOG_VERSION_2) &&
958 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
959 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
960 if (h_size % XLOG_HEADER_CYCLE_SIZE)
968 after_umount_blk = (i + hblks + (int)
969 BTOBB(be32_to_cpu(rhead->h_len))) % log->l_logBBsize;
970 tail_lsn = log->l_tail_lsn;
971 if (*head_blk == after_umount_blk &&
972 be32_to_cpu(rhead->h_num_logops) == 1) {
973 umount_data_blk = (i + hblks) % log->l_logBBsize;
974 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
978 op_head = (xlog_op_header_t *)offset;
979 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
981 * Set tail and last sync so that newly written
982 * log records will point recovery to after the
983 * current unmount record.
986 xlog_assign_lsn(log->l_curr_cycle,
988 log->l_last_sync_lsn =
989 xlog_assign_lsn(log->l_curr_cycle,
991 *tail_blk = after_umount_blk;
994 * Note that the unmount was clean. If the unmount
995 * was not clean, we need to know this to rebuild the
996 * superblock counters from the perag headers if we
997 * have a filesystem using non-persistent counters.
999 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1004 * Make sure that there are no blocks in front of the head
1005 * with the same cycle number as the head. This can happen
1006 * because we allow multiple outstanding log writes concurrently,
1007 * and the later writes might make it out before earlier ones.
1009 * We use the lsn from before modifying it so that we'll never
1010 * overwrite the unmount record after a clean unmount.
1012 * Do this only if we are going to recover the filesystem
1014 * NOTE: This used to say "if (!readonly)"
1015 * However on Linux, we can & do recover a read-only filesystem.
1016 * We only skip recovery if NORECOVERY is specified on mount,
1017 * in which case we would not be here.
1019 * But... if the -device- itself is readonly, just skip this.
1020 * We can't recover this device anyway, so it won't matter.
1022 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1023 error = xlog_clear_stale_blocks(log, tail_lsn);
1029 xlog_warn("XFS: failed to locate log tail");
1034 * Is the log zeroed at all?
1036 * The last binary search should be changed to perform an X block read
1037 * once X becomes small enough. You can then search linearly through
1038 * the X blocks. This will cut down on the number of reads we need to do.
1040 * If the log is partially zeroed, this routine will pass back the blkno
1041 * of the first block with cycle number 0. It won't have a complete LR
1045 * 0 => the log is completely written to
1046 * -1 => use *blk_no as the first block of the log
1047 * >0 => error has occurred
1052 xfs_daddr_t *blk_no)
1056 uint first_cycle, last_cycle;
1057 xfs_daddr_t new_blk, last_blk, start_blk;
1058 xfs_daddr_t num_scan_bblks;
1059 int error, log_bbnum = log->l_logBBsize;
1063 /* check totally zeroed log */
1064 bp = xlog_get_bp(log, 1);
1067 error = xlog_bread(log, 0, 1, bp, &offset);
1071 first_cycle = xlog_get_cycle(offset);
1072 if (first_cycle == 0) { /* completely zeroed log */
1078 /* check partially zeroed log */
1079 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1083 last_cycle = xlog_get_cycle(offset);
1084 if (last_cycle != 0) { /* log completely written to */
1087 } else if (first_cycle != 1) {
1089 * If the cycle of the last block is zero, the cycle of
1090 * the first block must be 1. If it's not, maybe we're
1091 * not looking at a log... Bail out.
1093 xlog_warn("XFS: Log inconsistent or not a log (last==0, first!=1)");
1094 return XFS_ERROR(EINVAL);
1097 /* we have a partially zeroed log */
1098 last_blk = log_bbnum-1;
1099 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1103 * Validate the answer. Because there is no way to guarantee that
1104 * the entire log is made up of log records which are the same size,
1105 * we scan over the defined maximum blocks. At this point, the maximum
1106 * is not chosen to mean anything special. XXXmiken
1108 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1109 ASSERT(num_scan_bblks <= INT_MAX);
1111 if (last_blk < num_scan_bblks)
1112 num_scan_bblks = last_blk;
1113 start_blk = last_blk - num_scan_bblks;
1116 * We search for any instances of cycle number 0 that occur before
1117 * our current estimate of the head. What we're trying to detect is
1118 * 1 ... | 0 | 1 | 0...
1119 * ^ binary search ends here
1121 if ((error = xlog_find_verify_cycle(log, start_blk,
1122 (int)num_scan_bblks, 0, &new_blk)))
1128 * Potentially backup over partial log record write. We don't need
1129 * to search the end of the log because we know it is zero.
1131 if ((error = xlog_find_verify_log_record(log, start_blk,
1132 &last_blk, 0)) == -1) {
1133 error = XFS_ERROR(EIO);
1147 * These are simple subroutines used by xlog_clear_stale_blocks() below
1148 * to initialize a buffer full of empty log record headers and write
1149 * them into the log.
1160 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1162 memset(buf, 0, BBSIZE);
1163 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1164 recp->h_cycle = cpu_to_be32(cycle);
1165 recp->h_version = cpu_to_be32(
1166 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1167 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1168 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1169 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1170 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1174 xlog_write_log_records(
1185 int sectbb = log->l_sectBBsize;
1186 int end_block = start_block + blocks;
1192 * Greedily allocate a buffer big enough to handle the full
1193 * range of basic blocks to be written. If that fails, try
1194 * a smaller size. We need to be able to write at least a
1195 * log sector, or we're out of luck.
1197 bufblks = 1 << ffs(blocks);
1198 while (!(bp = xlog_get_bp(log, bufblks))) {
1200 if (bufblks < sectbb)
1204 /* We may need to do a read at the start to fill in part of
1205 * the buffer in the starting sector not covered by the first
1208 balign = round_down(start_block, sectbb);
1209 if (balign != start_block) {
1210 error = xlog_bread_noalign(log, start_block, 1, bp);
1214 j = start_block - balign;
1217 for (i = start_block; i < end_block; i += bufblks) {
1218 int bcount, endcount;
1220 bcount = min(bufblks, end_block - start_block);
1221 endcount = bcount - j;
1223 /* We may need to do a read at the end to fill in part of
1224 * the buffer in the final sector not covered by the write.
1225 * If this is the same sector as the above read, skip it.
1227 ealign = round_down(end_block, sectbb);
1228 if (j == 0 && (start_block + endcount > ealign)) {
1229 offset = XFS_BUF_PTR(bp);
1230 balign = BBTOB(ealign - start_block);
1231 error = XFS_BUF_SET_PTR(bp, offset + balign,
1236 error = xlog_bread_noalign(log, ealign, sectbb, bp);
1240 error = XFS_BUF_SET_PTR(bp, offset, bufblks);
1245 offset = xlog_align(log, start_block, endcount, bp);
1246 for (; j < endcount; j++) {
1247 xlog_add_record(log, offset, cycle, i+j,
1248 tail_cycle, tail_block);
1251 error = xlog_bwrite(log, start_block, endcount, bp);
1254 start_block += endcount;
1264 * This routine is called to blow away any incomplete log writes out
1265 * in front of the log head. We do this so that we won't become confused
1266 * if we come up, write only a little bit more, and then crash again.
1267 * If we leave the partial log records out there, this situation could
1268 * cause us to think those partial writes are valid blocks since they
1269 * have the current cycle number. We get rid of them by overwriting them
1270 * with empty log records with the old cycle number rather than the
1273 * The tail lsn is passed in rather than taken from
1274 * the log so that we will not write over the unmount record after a
1275 * clean unmount in a 512 block log. Doing so would leave the log without
1276 * any valid log records in it until a new one was written. If we crashed
1277 * during that time we would not be able to recover.
1280 xlog_clear_stale_blocks(
1284 int tail_cycle, head_cycle;
1285 int tail_block, head_block;
1286 int tail_distance, max_distance;
1290 tail_cycle = CYCLE_LSN(tail_lsn);
1291 tail_block = BLOCK_LSN(tail_lsn);
1292 head_cycle = log->l_curr_cycle;
1293 head_block = log->l_curr_block;
1296 * Figure out the distance between the new head of the log
1297 * and the tail. We want to write over any blocks beyond the
1298 * head that we may have written just before the crash, but
1299 * we don't want to overwrite the tail of the log.
1301 if (head_cycle == tail_cycle) {
1303 * The tail is behind the head in the physical log,
1304 * so the distance from the head to the tail is the
1305 * distance from the head to the end of the log plus
1306 * the distance from the beginning of the log to the
1309 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1310 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1311 XFS_ERRLEVEL_LOW, log->l_mp);
1312 return XFS_ERROR(EFSCORRUPTED);
1314 tail_distance = tail_block + (log->l_logBBsize - head_block);
1317 * The head is behind the tail in the physical log,
1318 * so the distance from the head to the tail is just
1319 * the tail block minus the head block.
1321 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1322 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1323 XFS_ERRLEVEL_LOW, log->l_mp);
1324 return XFS_ERROR(EFSCORRUPTED);
1326 tail_distance = tail_block - head_block;
1330 * If the head is right up against the tail, we can't clear
1333 if (tail_distance <= 0) {
1334 ASSERT(tail_distance == 0);
1338 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1340 * Take the smaller of the maximum amount of outstanding I/O
1341 * we could have and the distance to the tail to clear out.
1342 * We take the smaller so that we don't overwrite the tail and
1343 * we don't waste all day writing from the head to the tail
1346 max_distance = MIN(max_distance, tail_distance);
1348 if ((head_block + max_distance) <= log->l_logBBsize) {
1350 * We can stomp all the blocks we need to without
1351 * wrapping around the end of the log. Just do it
1352 * in a single write. Use the cycle number of the
1353 * current cycle minus one so that the log will look like:
1356 error = xlog_write_log_records(log, (head_cycle - 1),
1357 head_block, max_distance, tail_cycle,
1363 * We need to wrap around the end of the physical log in
1364 * order to clear all the blocks. Do it in two separate
1365 * I/Os. The first write should be from the head to the
1366 * end of the physical log, and it should use the current
1367 * cycle number minus one just like above.
1369 distance = log->l_logBBsize - head_block;
1370 error = xlog_write_log_records(log, (head_cycle - 1),
1371 head_block, distance, tail_cycle,
1378 * Now write the blocks at the start of the physical log.
1379 * This writes the remainder of the blocks we want to clear.
1380 * It uses the current cycle number since we're now on the
1381 * same cycle as the head so that we get:
1382 * n ... n ... | n - 1 ...
1383 * ^^^^^ blocks we're writing
1385 distance = max_distance - (log->l_logBBsize - head_block);
1386 error = xlog_write_log_records(log, head_cycle, 0, distance,
1387 tail_cycle, tail_block);
1395 /******************************************************************************
1397 * Log recover routines
1399 ******************************************************************************
1402 STATIC xlog_recover_t *
1403 xlog_recover_find_tid(
1404 struct hlist_head *head,
1407 xlog_recover_t *trans;
1408 struct hlist_node *n;
1410 hlist_for_each_entry(trans, n, head, r_list) {
1411 if (trans->r_log_tid == tid)
1418 xlog_recover_new_tid(
1419 struct hlist_head *head,
1423 xlog_recover_t *trans;
1425 trans = kmem_zalloc(sizeof(xlog_recover_t), KM_SLEEP);
1426 trans->r_log_tid = tid;
1428 INIT_LIST_HEAD(&trans->r_itemq);
1430 INIT_HLIST_NODE(&trans->r_list);
1431 hlist_add_head(&trans->r_list, head);
1435 xlog_recover_add_item(
1436 struct list_head *head)
1438 xlog_recover_item_t *item;
1440 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
1441 INIT_LIST_HEAD(&item->ri_list);
1442 list_add_tail(&item->ri_list, head);
1446 xlog_recover_add_to_cont_trans(
1448 xlog_recover_t *trans,
1452 xlog_recover_item_t *item;
1453 xfs_caddr_t ptr, old_ptr;
1456 if (list_empty(&trans->r_itemq)) {
1457 /* finish copying rest of trans header */
1458 xlog_recover_add_item(&trans->r_itemq);
1459 ptr = (xfs_caddr_t) &trans->r_theader +
1460 sizeof(xfs_trans_header_t) - len;
1461 memcpy(ptr, dp, len); /* d, s, l */
1464 /* take the tail entry */
1465 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
1467 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
1468 old_len = item->ri_buf[item->ri_cnt-1].i_len;
1470 ptr = kmem_realloc(old_ptr, len+old_len, old_len, 0u);
1471 memcpy(&ptr[old_len], dp, len); /* d, s, l */
1472 item->ri_buf[item->ri_cnt-1].i_len += len;
1473 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
1474 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
1479 * The next region to add is the start of a new region. It could be
1480 * a whole region or it could be the first part of a new region. Because
1481 * of this, the assumption here is that the type and size fields of all
1482 * format structures fit into the first 32 bits of the structure.
1484 * This works because all regions must be 32 bit aligned. Therefore, we
1485 * either have both fields or we have neither field. In the case we have
1486 * neither field, the data part of the region is zero length. We only have
1487 * a log_op_header and can throw away the header since a new one will appear
1488 * later. If we have at least 4 bytes, then we can determine how many regions
1489 * will appear in the current log item.
1492 xlog_recover_add_to_trans(
1494 xlog_recover_t *trans,
1498 xfs_inode_log_format_t *in_f; /* any will do */
1499 xlog_recover_item_t *item;
1504 if (list_empty(&trans->r_itemq)) {
1505 /* we need to catch log corruptions here */
1506 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
1507 xlog_warn("XFS: xlog_recover_add_to_trans: "
1508 "bad header magic number");
1510 return XFS_ERROR(EIO);
1512 if (len == sizeof(xfs_trans_header_t))
1513 xlog_recover_add_item(&trans->r_itemq);
1514 memcpy(&trans->r_theader, dp, len); /* d, s, l */
1518 ptr = kmem_alloc(len, KM_SLEEP);
1519 memcpy(ptr, dp, len);
1520 in_f = (xfs_inode_log_format_t *)ptr;
1522 /* take the tail entry */
1523 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
1524 if (item->ri_total != 0 &&
1525 item->ri_total == item->ri_cnt) {
1526 /* tail item is in use, get a new one */
1527 xlog_recover_add_item(&trans->r_itemq);
1528 item = list_entry(trans->r_itemq.prev,
1529 xlog_recover_item_t, ri_list);
1532 if (item->ri_total == 0) { /* first region to be added */
1533 if (in_f->ilf_size == 0 ||
1534 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
1536 "XFS: bad number of regions (%d) in inode log format",
1539 return XFS_ERROR(EIO);
1542 item->ri_total = in_f->ilf_size;
1544 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
1547 ASSERT(item->ri_total > item->ri_cnt);
1548 /* Description region is ri_buf[0] */
1549 item->ri_buf[item->ri_cnt].i_addr = ptr;
1550 item->ri_buf[item->ri_cnt].i_len = len;
1552 trace_xfs_log_recover_item_add(log, trans, item, 0);
1557 * Sort the log items in the transaction. Cancelled buffers need
1558 * to be put first so they are processed before any items that might
1559 * modify the buffers. If they are cancelled, then the modifications
1560 * don't need to be replayed.
1563 xlog_recover_reorder_trans(
1565 xlog_recover_t *trans,
1568 xlog_recover_item_t *item, *n;
1569 LIST_HEAD(sort_list);
1571 list_splice_init(&trans->r_itemq, &sort_list);
1572 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1573 xfs_buf_log_format_t *buf_f;
1575 buf_f = (xfs_buf_log_format_t *)item->ri_buf[0].i_addr;
1577 switch (ITEM_TYPE(item)) {
1579 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
1580 trace_xfs_log_recover_item_reorder_head(log,
1582 list_move(&item->ri_list, &trans->r_itemq);
1587 case XFS_LI_QUOTAOFF:
1590 trace_xfs_log_recover_item_reorder_tail(log,
1592 list_move_tail(&item->ri_list, &trans->r_itemq);
1596 "XFS: xlog_recover_reorder_trans: unrecognized type of log operation");
1598 return XFS_ERROR(EIO);
1601 ASSERT(list_empty(&sort_list));
1606 * Build up the table of buf cancel records so that we don't replay
1607 * cancelled data in the second pass. For buffer records that are
1608 * not cancel records, there is nothing to do here so we just return.
1610 * If we get a cancel record which is already in the table, this indicates
1611 * that the buffer was cancelled multiple times. In order to ensure
1612 * that during pass 2 we keep the record in the table until we reach its
1613 * last occurrence in the log, we keep a reference count in the cancel
1614 * record in the table to tell us how many times we expect to see this
1615 * record during the second pass.
1618 xlog_recover_do_buffer_pass1(
1620 xfs_buf_log_format_t *buf_f)
1622 xfs_buf_cancel_t *bcp;
1623 xfs_buf_cancel_t *nextp;
1624 xfs_buf_cancel_t *prevp;
1625 xfs_buf_cancel_t **bucket;
1626 xfs_daddr_t blkno = 0;
1630 switch (buf_f->blf_type) {
1632 blkno = buf_f->blf_blkno;
1633 len = buf_f->blf_len;
1634 flags = buf_f->blf_flags;
1639 * If this isn't a cancel buffer item, then just return.
1641 if (!(flags & XFS_BLF_CANCEL)) {
1642 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1647 * Insert an xfs_buf_cancel record into the hash table of
1648 * them. If there is already an identical record, bump
1649 * its reference count.
1651 bucket = &log->l_buf_cancel_table[(__uint64_t)blkno %
1652 XLOG_BC_TABLE_SIZE];
1654 * If the hash bucket is empty then just insert a new record into
1657 if (*bucket == NULL) {
1658 bcp = (xfs_buf_cancel_t *)kmem_alloc(sizeof(xfs_buf_cancel_t),
1660 bcp->bc_blkno = blkno;
1662 bcp->bc_refcount = 1;
1663 bcp->bc_next = NULL;
1669 * The hash bucket is not empty, so search for duplicates of our
1670 * record. If we find one them just bump its refcount. If not
1671 * then add us at the end of the list.
1675 while (nextp != NULL) {
1676 if (nextp->bc_blkno == blkno && nextp->bc_len == len) {
1677 nextp->bc_refcount++;
1678 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1682 nextp = nextp->bc_next;
1684 ASSERT(prevp != NULL);
1685 bcp = (xfs_buf_cancel_t *)kmem_alloc(sizeof(xfs_buf_cancel_t),
1687 bcp->bc_blkno = blkno;
1689 bcp->bc_refcount = 1;
1690 bcp->bc_next = NULL;
1691 prevp->bc_next = bcp;
1692 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
1696 * Check to see whether the buffer being recovered has a corresponding
1697 * entry in the buffer cancel record table. If it does then return 1
1698 * so that it will be cancelled, otherwise return 0. If the buffer is
1699 * actually a buffer cancel item (XFS_BLF_CANCEL is set), then decrement
1700 * the refcount on the entry in the table and remove it from the table
1701 * if this is the last reference.
1703 * We remove the cancel record from the table when we encounter its
1704 * last occurrence in the log so that if the same buffer is re-used
1705 * again after its last cancellation we actually replay the changes
1706 * made at that point.
1709 xlog_check_buffer_cancelled(
1715 xfs_buf_cancel_t *bcp;
1716 xfs_buf_cancel_t *prevp;
1717 xfs_buf_cancel_t **bucket;
1719 if (log->l_buf_cancel_table == NULL) {
1721 * There is nothing in the table built in pass one,
1722 * so this buffer must not be cancelled.
1724 ASSERT(!(flags & XFS_BLF_CANCEL));
1728 bucket = &log->l_buf_cancel_table[(__uint64_t)blkno %
1729 XLOG_BC_TABLE_SIZE];
1733 * There is no corresponding entry in the table built
1734 * in pass one, so this buffer has not been cancelled.
1736 ASSERT(!(flags & XFS_BLF_CANCEL));
1741 * Search for an entry in the buffer cancel table that
1742 * matches our buffer.
1745 while (bcp != NULL) {
1746 if (bcp->bc_blkno == blkno && bcp->bc_len == len) {
1748 * We've go a match, so return 1 so that the
1749 * recovery of this buffer is cancelled.
1750 * If this buffer is actually a buffer cancel
1751 * log item, then decrement the refcount on the
1752 * one in the table and remove it if this is the
1755 if (flags & XFS_BLF_CANCEL) {
1757 if (bcp->bc_refcount == 0) {
1758 if (prevp == NULL) {
1759 *bucket = bcp->bc_next;
1761 prevp->bc_next = bcp->bc_next;
1772 * We didn't find a corresponding entry in the table, so
1773 * return 0 so that the buffer is NOT cancelled.
1775 ASSERT(!(flags & XFS_BLF_CANCEL));
1780 xlog_recover_do_buffer_pass2(
1782 xfs_buf_log_format_t *buf_f)
1784 xfs_daddr_t blkno = 0;
1788 switch (buf_f->blf_type) {
1790 blkno = buf_f->blf_blkno;
1791 flags = buf_f->blf_flags;
1792 len = buf_f->blf_len;
1796 return xlog_check_buffer_cancelled(log, blkno, len, flags);
1800 * Perform recovery for a buffer full of inodes. In these buffers,
1801 * the only data which should be recovered is that which corresponds
1802 * to the di_next_unlinked pointers in the on disk inode structures.
1803 * The rest of the data for the inodes is always logged through the
1804 * inodes themselves rather than the inode buffer and is recovered
1805 * in xlog_recover_do_inode_trans().
1807 * The only time when buffers full of inodes are fully recovered is
1808 * when the buffer is full of newly allocated inodes. In this case
1809 * the buffer will not be marked as an inode buffer and so will be
1810 * sent to xlog_recover_do_reg_buffer() below during recovery.
1813 xlog_recover_do_inode_buffer(
1815 xlog_recover_item_t *item,
1817 xfs_buf_log_format_t *buf_f)
1825 int next_unlinked_offset;
1827 xfs_agino_t *logged_nextp;
1828 xfs_agino_t *buffer_nextp;
1829 unsigned int *data_map = NULL;
1830 unsigned int map_size = 0;
1832 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
1834 switch (buf_f->blf_type) {
1836 data_map = buf_f->blf_data_map;
1837 map_size = buf_f->blf_map_size;
1841 * Set the variables corresponding to the current region to
1842 * 0 so that we'll initialize them on the first pass through
1850 inodes_per_buf = XFS_BUF_COUNT(bp) >> mp->m_sb.sb_inodelog;
1851 for (i = 0; i < inodes_per_buf; i++) {
1852 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
1853 offsetof(xfs_dinode_t, di_next_unlinked);
1855 while (next_unlinked_offset >=
1856 (reg_buf_offset + reg_buf_bytes)) {
1858 * The next di_next_unlinked field is beyond
1859 * the current logged region. Find the next
1860 * logged region that contains or is beyond
1861 * the current di_next_unlinked field.
1864 bit = xfs_next_bit(data_map, map_size, bit);
1867 * If there are no more logged regions in the
1868 * buffer, then we're done.
1874 nbits = xfs_contig_bits(data_map, map_size,
1877 reg_buf_offset = bit << XFS_BLF_SHIFT;
1878 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
1883 * If the current logged region starts after the current
1884 * di_next_unlinked field, then move on to the next
1885 * di_next_unlinked field.
1887 if (next_unlinked_offset < reg_buf_offset) {
1891 ASSERT(item->ri_buf[item_index].i_addr != NULL);
1892 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
1893 ASSERT((reg_buf_offset + reg_buf_bytes) <= XFS_BUF_COUNT(bp));
1896 * The current logged region contains a copy of the
1897 * current di_next_unlinked field. Extract its value
1898 * and copy it to the buffer copy.
1900 logged_nextp = (xfs_agino_t *)
1901 ((char *)(item->ri_buf[item_index].i_addr) +
1902 (next_unlinked_offset - reg_buf_offset));
1903 if (unlikely(*logged_nextp == 0)) {
1904 xfs_fs_cmn_err(CE_ALERT, mp,
1905 "bad inode buffer log record (ptr = 0x%p, bp = 0x%p). XFS trying to replay bad (0) inode di_next_unlinked field",
1907 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
1908 XFS_ERRLEVEL_LOW, mp);
1909 return XFS_ERROR(EFSCORRUPTED);
1912 buffer_nextp = (xfs_agino_t *)xfs_buf_offset(bp,
1913 next_unlinked_offset);
1914 *buffer_nextp = *logged_nextp;
1921 * Perform a 'normal' buffer recovery. Each logged region of the
1922 * buffer should be copied over the corresponding region in the
1923 * given buffer. The bitmap in the buf log format structure indicates
1924 * where to place the logged data.
1928 xlog_recover_do_reg_buffer(
1929 struct xfs_mount *mp,
1930 xlog_recover_item_t *item,
1932 xfs_buf_log_format_t *buf_f)
1937 unsigned int *data_map = NULL;
1938 unsigned int map_size = 0;
1941 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
1943 switch (buf_f->blf_type) {
1945 data_map = buf_f->blf_data_map;
1946 map_size = buf_f->blf_map_size;
1950 i = 1; /* 0 is the buf format structure */
1952 bit = xfs_next_bit(data_map, map_size, bit);
1955 nbits = xfs_contig_bits(data_map, map_size, bit);
1957 ASSERT(item->ri_buf[i].i_addr != NULL);
1958 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
1959 ASSERT(XFS_BUF_COUNT(bp) >=
1960 ((uint)bit << XFS_BLF_SHIFT)+(nbits<<XFS_BLF_SHIFT));
1963 * Do a sanity check if this is a dquot buffer. Just checking
1964 * the first dquot in the buffer should do. XXXThis is
1965 * probably a good thing to do for other buf types also.
1968 if (buf_f->blf_flags &
1969 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
1970 if (item->ri_buf[i].i_addr == NULL) {
1972 "XFS: NULL dquot in %s.", __func__);
1975 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
1977 "XFS: dquot too small (%d) in %s.",
1978 item->ri_buf[i].i_len, __func__);
1981 error = xfs_qm_dqcheck((xfs_disk_dquot_t *)
1982 item->ri_buf[i].i_addr,
1983 -1, 0, XFS_QMOPT_DOWARN,
1984 "dquot_buf_recover");
1989 memcpy(xfs_buf_offset(bp,
1990 (uint)bit << XFS_BLF_SHIFT), /* dest */
1991 item->ri_buf[i].i_addr, /* source */
1992 nbits<<XFS_BLF_SHIFT); /* length */
1998 /* Shouldn't be any more regions */
1999 ASSERT(i == item->ri_total);
2003 * Do some primitive error checking on ondisk dquot data structures.
2007 xfs_disk_dquot_t *ddq,
2009 uint type, /* used only when IO_dorepair is true */
2013 xfs_dqblk_t *d = (xfs_dqblk_t *)ddq;
2017 * We can encounter an uninitialized dquot buffer for 2 reasons:
2018 * 1. If we crash while deleting the quotainode(s), and those blks got
2019 * used for user data. This is because we take the path of regular
2020 * file deletion; however, the size field of quotainodes is never
2021 * updated, so all the tricks that we play in itruncate_finish
2022 * don't quite matter.
2024 * 2. We don't play the quota buffers when there's a quotaoff logitem.
2025 * But the allocation will be replayed so we'll end up with an
2026 * uninitialized quota block.
2028 * This is all fine; things are still consistent, and we haven't lost
2029 * any quota information. Just don't complain about bad dquot blks.
2031 if (be16_to_cpu(ddq->d_magic) != XFS_DQUOT_MAGIC) {
2032 if (flags & XFS_QMOPT_DOWARN)
2034 "%s : XFS dquot ID 0x%x, magic 0x%x != 0x%x",
2035 str, id, be16_to_cpu(ddq->d_magic), XFS_DQUOT_MAGIC);
2038 if (ddq->d_version != XFS_DQUOT_VERSION) {
2039 if (flags & XFS_QMOPT_DOWARN)
2041 "%s : XFS dquot ID 0x%x, version 0x%x != 0x%x",
2042 str, id, ddq->d_version, XFS_DQUOT_VERSION);
2046 if (ddq->d_flags != XFS_DQ_USER &&
2047 ddq->d_flags != XFS_DQ_PROJ &&
2048 ddq->d_flags != XFS_DQ_GROUP) {
2049 if (flags & XFS_QMOPT_DOWARN)
2051 "%s : XFS dquot ID 0x%x, unknown flags 0x%x",
2052 str, id, ddq->d_flags);
2056 if (id != -1 && id != be32_to_cpu(ddq->d_id)) {
2057 if (flags & XFS_QMOPT_DOWARN)
2059 "%s : ondisk-dquot 0x%p, ID mismatch: "
2060 "0x%x expected, found id 0x%x",
2061 str, ddq, id, be32_to_cpu(ddq->d_id));
2065 if (!errs && ddq->d_id) {
2066 if (ddq->d_blk_softlimit &&
2067 be64_to_cpu(ddq->d_bcount) >=
2068 be64_to_cpu(ddq->d_blk_softlimit)) {
2069 if (!ddq->d_btimer) {
2070 if (flags & XFS_QMOPT_DOWARN)
2072 "%s : Dquot ID 0x%x (0x%p) "
2073 "BLK TIMER NOT STARTED",
2074 str, (int)be32_to_cpu(ddq->d_id), ddq);
2078 if (ddq->d_ino_softlimit &&
2079 be64_to_cpu(ddq->d_icount) >=
2080 be64_to_cpu(ddq->d_ino_softlimit)) {
2081 if (!ddq->d_itimer) {
2082 if (flags & XFS_QMOPT_DOWARN)
2084 "%s : Dquot ID 0x%x (0x%p) "
2085 "INODE TIMER NOT STARTED",
2086 str, (int)be32_to_cpu(ddq->d_id), ddq);
2090 if (ddq->d_rtb_softlimit &&
2091 be64_to_cpu(ddq->d_rtbcount) >=
2092 be64_to_cpu(ddq->d_rtb_softlimit)) {
2093 if (!ddq->d_rtbtimer) {
2094 if (flags & XFS_QMOPT_DOWARN)
2096 "%s : Dquot ID 0x%x (0x%p) "
2097 "RTBLK TIMER NOT STARTED",
2098 str, (int)be32_to_cpu(ddq->d_id), ddq);
2104 if (!errs || !(flags & XFS_QMOPT_DQREPAIR))
2107 if (flags & XFS_QMOPT_DOWARN)
2108 cmn_err(CE_NOTE, "Re-initializing dquot ID 0x%x", id);
2111 * Typically, a repair is only requested by quotacheck.
2114 ASSERT(flags & XFS_QMOPT_DQREPAIR);
2115 memset(d, 0, sizeof(xfs_dqblk_t));
2117 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
2118 d->dd_diskdq.d_version = XFS_DQUOT_VERSION;
2119 d->dd_diskdq.d_flags = type;
2120 d->dd_diskdq.d_id = cpu_to_be32(id);
2126 * Perform a dquot buffer recovery.
2127 * Simple algorithm: if we have found a QUOTAOFF logitem of the same type
2128 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2129 * Else, treat it as a regular buffer and do recovery.
2132 xlog_recover_do_dquot_buffer(
2135 xlog_recover_item_t *item,
2137 xfs_buf_log_format_t *buf_f)
2141 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2144 * Filesystems are required to send in quota flags at mount time.
2146 if (mp->m_qflags == 0) {
2151 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
2152 type |= XFS_DQ_USER;
2153 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
2154 type |= XFS_DQ_PROJ;
2155 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
2156 type |= XFS_DQ_GROUP;
2158 * This type of quotas was turned off, so ignore this buffer
2160 if (log->l_quotaoffs_flag & type)
2163 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2167 * This routine replays a modification made to a buffer at runtime.
2168 * There are actually two types of buffer, regular and inode, which
2169 * are handled differently. Inode buffers are handled differently
2170 * in that we only recover a specific set of data from them, namely
2171 * the inode di_next_unlinked fields. This is because all other inode
2172 * data is actually logged via inode records and any data we replay
2173 * here which overlaps that may be stale.
2175 * When meta-data buffers are freed at run time we log a buffer item
2176 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
2177 * of the buffer in the log should not be replayed at recovery time.
2178 * This is so that if the blocks covered by the buffer are reused for
2179 * file data before we crash we don't end up replaying old, freed
2180 * meta-data into a user's file.
2182 * To handle the cancellation of buffer log items, we make two passes
2183 * over the log during recovery. During the first we build a table of
2184 * those buffers which have been cancelled, and during the second we
2185 * only replay those buffers which do not have corresponding cancel
2186 * records in the table. See xlog_recover_do_buffer_pass[1,2] above
2187 * for more details on the implementation of the table of cancel records.
2190 xlog_recover_do_buffer_trans(
2192 xlog_recover_item_t *item,
2195 xfs_buf_log_format_t *buf_f;
2205 buf_f = (xfs_buf_log_format_t *)item->ri_buf[0].i_addr;
2207 if (pass == XLOG_RECOVER_PASS1) {
2209 * In this pass we're only looking for buf items
2210 * with the XFS_BLF_CANCEL bit set.
2212 xlog_recover_do_buffer_pass1(log, buf_f);
2216 * In this pass we want to recover all the buffers
2217 * which have not been cancelled and are not
2218 * cancellation buffers themselves. The routine
2219 * we call here will tell us whether or not to
2220 * continue with the replay of this buffer.
2222 cancel = xlog_recover_do_buffer_pass2(log, buf_f);
2224 trace_xfs_log_recover_buf_cancel(log, buf_f);
2228 trace_xfs_log_recover_buf_recover(log, buf_f);
2229 switch (buf_f->blf_type) {
2231 blkno = buf_f->blf_blkno;
2232 len = buf_f->blf_len;
2233 flags = buf_f->blf_flags;
2236 xfs_fs_cmn_err(CE_ALERT, log->l_mp,
2237 "xfs_log_recover: unknown buffer type 0x%x, logdev %s",
2238 buf_f->blf_type, log->l_mp->m_logname ?
2239 log->l_mp->m_logname : "internal");
2240 XFS_ERROR_REPORT("xlog_recover_do_buffer_trans",
2241 XFS_ERRLEVEL_LOW, log->l_mp);
2242 return XFS_ERROR(EFSCORRUPTED);
2246 buf_flags = XBF_LOCK;
2247 if (!(flags & XFS_BLF_INODE_BUF))
2248 buf_flags |= XBF_MAPPED;
2250 bp = xfs_buf_read(mp->m_ddev_targp, blkno, len, buf_flags);
2251 if (XFS_BUF_ISERROR(bp)) {
2252 xfs_ioerror_alert("xlog_recover_do..(read#1)", log->l_mp,
2254 error = XFS_BUF_GETERROR(bp);
2260 if (flags & XFS_BLF_INODE_BUF) {
2261 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2263 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2264 xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2266 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2269 return XFS_ERROR(error);
2272 * Perform delayed write on the buffer. Asynchronous writes will be
2273 * slower when taking into account all the buffers to be flushed.
2275 * Also make sure that only inode buffers with good sizes stay in
2276 * the buffer cache. The kernel moves inodes in buffers of 1 block
2277 * or XFS_INODE_CLUSTER_SIZE bytes, whichever is bigger. The inode
2278 * buffers in the log can be a different size if the log was generated
2279 * by an older kernel using unclustered inode buffers or a newer kernel
2280 * running with a different inode cluster size. Regardless, if the
2281 * the inode buffer size isn't MAX(blocksize, XFS_INODE_CLUSTER_SIZE)
2282 * for *our* value of XFS_INODE_CLUSTER_SIZE, then we need to keep
2283 * the buffer out of the buffer cache so that the buffer won't
2284 * overlap with future reads of those inodes.
2286 if (XFS_DINODE_MAGIC ==
2287 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2288 (XFS_BUF_COUNT(bp) != MAX(log->l_mp->m_sb.sb_blocksize,
2289 (__uint32_t)XFS_INODE_CLUSTER_SIZE(log->l_mp)))) {
2291 error = xfs_bwrite(mp, bp);
2293 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2295 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2296 xfs_bdwrite(mp, bp);
2303 xlog_recover_do_inode_trans(
2305 xlog_recover_item_t *item,
2308 xfs_inode_log_format_t *in_f;
2319 xfs_icdinode_t *dicp;
2322 if (pass == XLOG_RECOVER_PASS1) {
2326 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2327 in_f = (xfs_inode_log_format_t *)item->ri_buf[0].i_addr;
2329 in_f = (xfs_inode_log_format_t *)kmem_alloc(
2330 sizeof(xfs_inode_log_format_t), KM_SLEEP);
2332 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2336 ino = in_f->ilf_ino;
2340 * Inode buffers can be freed, look out for it,
2341 * and do not replay the inode.
2343 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2344 in_f->ilf_len, 0)) {
2346 trace_xfs_log_recover_inode_cancel(log, in_f);
2349 trace_xfs_log_recover_inode_recover(log, in_f);
2351 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len,
2353 if (XFS_BUF_ISERROR(bp)) {
2354 xfs_ioerror_alert("xlog_recover_do..(read#2)", mp,
2355 bp, in_f->ilf_blkno);
2356 error = XFS_BUF_GETERROR(bp);
2361 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2362 dip = (xfs_dinode_t *)xfs_buf_offset(bp, in_f->ilf_boffset);
2365 * Make sure the place we're flushing out to really looks
2368 if (unlikely(be16_to_cpu(dip->di_magic) != XFS_DINODE_MAGIC)) {
2370 xfs_fs_cmn_err(CE_ALERT, mp,
2371 "xfs_inode_recover: Bad inode magic number, dino ptr = 0x%p, dino bp = 0x%p, ino = %Ld",
2373 XFS_ERROR_REPORT("xlog_recover_do_inode_trans(1)",
2374 XFS_ERRLEVEL_LOW, mp);
2375 error = EFSCORRUPTED;
2378 dicp = (xfs_icdinode_t *)(item->ri_buf[1].i_addr);
2379 if (unlikely(dicp->di_magic != XFS_DINODE_MAGIC)) {
2381 xfs_fs_cmn_err(CE_ALERT, mp,
2382 "xfs_inode_recover: Bad inode log record, rec ptr 0x%p, ino %Ld",
2384 XFS_ERROR_REPORT("xlog_recover_do_inode_trans(2)",
2385 XFS_ERRLEVEL_LOW, mp);
2386 error = EFSCORRUPTED;
2390 /* Skip replay when the on disk inode is newer than the log one */
2391 if (dicp->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
2393 * Deal with the wrap case, DI_MAX_FLUSH is less
2394 * than smaller numbers
2396 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
2397 dicp->di_flushiter < (DI_MAX_FLUSH >> 1)) {
2401 trace_xfs_log_recover_inode_skip(log, in_f);
2406 /* Take the opportunity to reset the flush iteration count */
2407 dicp->di_flushiter = 0;
2409 if (unlikely((dicp->di_mode & S_IFMT) == S_IFREG)) {
2410 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2411 (dicp->di_format != XFS_DINODE_FMT_BTREE)) {
2412 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(3)",
2413 XFS_ERRLEVEL_LOW, mp, dicp);
2415 xfs_fs_cmn_err(CE_ALERT, mp,
2416 "xfs_inode_recover: Bad regular inode log record, rec ptr 0x%p, ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2417 item, dip, bp, ino);
2418 error = EFSCORRUPTED;
2421 } else if (unlikely((dicp->di_mode & S_IFMT) == S_IFDIR)) {
2422 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2423 (dicp->di_format != XFS_DINODE_FMT_BTREE) &&
2424 (dicp->di_format != XFS_DINODE_FMT_LOCAL)) {
2425 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(4)",
2426 XFS_ERRLEVEL_LOW, mp, dicp);
2428 xfs_fs_cmn_err(CE_ALERT, mp,
2429 "xfs_inode_recover: Bad dir inode log record, rec ptr 0x%p, ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2430 item, dip, bp, ino);
2431 error = EFSCORRUPTED;
2435 if (unlikely(dicp->di_nextents + dicp->di_anextents > dicp->di_nblocks)){
2436 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(5)",
2437 XFS_ERRLEVEL_LOW, mp, dicp);
2439 xfs_fs_cmn_err(CE_ALERT, mp,
2440 "xfs_inode_recover: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
2442 dicp->di_nextents + dicp->di_anextents,
2444 error = EFSCORRUPTED;
2447 if (unlikely(dicp->di_forkoff > mp->m_sb.sb_inodesize)) {
2448 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(6)",
2449 XFS_ERRLEVEL_LOW, mp, dicp);
2451 xfs_fs_cmn_err(CE_ALERT, mp,
2452 "xfs_inode_recover: Bad inode log rec ptr 0x%p, dino ptr 0x%p, dino bp 0x%p, ino %Ld, forkoff 0x%x",
2453 item, dip, bp, ino, dicp->di_forkoff);
2454 error = EFSCORRUPTED;
2457 if (unlikely(item->ri_buf[1].i_len > sizeof(struct xfs_icdinode))) {
2458 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(7)",
2459 XFS_ERRLEVEL_LOW, mp, dicp);
2461 xfs_fs_cmn_err(CE_ALERT, mp,
2462 "xfs_inode_recover: Bad inode log record length %d, rec ptr 0x%p",
2463 item->ri_buf[1].i_len, item);
2464 error = EFSCORRUPTED;
2468 /* The core is in in-core format */
2469 xfs_dinode_to_disk(dip, (xfs_icdinode_t *)item->ri_buf[1].i_addr);
2471 /* the rest is in on-disk format */
2472 if (item->ri_buf[1].i_len > sizeof(struct xfs_icdinode)) {
2473 memcpy((xfs_caddr_t) dip + sizeof(struct xfs_icdinode),
2474 item->ri_buf[1].i_addr + sizeof(struct xfs_icdinode),
2475 item->ri_buf[1].i_len - sizeof(struct xfs_icdinode));
2478 fields = in_f->ilf_fields;
2479 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
2481 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
2484 memcpy(XFS_DFORK_DPTR(dip),
2485 &in_f->ilf_u.ilfu_uuid,
2490 if (in_f->ilf_size == 2)
2491 goto write_inode_buffer;
2492 len = item->ri_buf[2].i_len;
2493 src = item->ri_buf[2].i_addr;
2494 ASSERT(in_f->ilf_size <= 4);
2495 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
2496 ASSERT(!(fields & XFS_ILOG_DFORK) ||
2497 (len == in_f->ilf_dsize));
2499 switch (fields & XFS_ILOG_DFORK) {
2500 case XFS_ILOG_DDATA:
2502 memcpy(XFS_DFORK_DPTR(dip), src, len);
2505 case XFS_ILOG_DBROOT:
2506 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
2507 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
2508 XFS_DFORK_DSIZE(dip, mp));
2513 * There are no data fork flags set.
2515 ASSERT((fields & XFS_ILOG_DFORK) == 0);
2520 * If we logged any attribute data, recover it. There may or
2521 * may not have been any other non-core data logged in this
2524 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
2525 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
2530 len = item->ri_buf[attr_index].i_len;
2531 src = item->ri_buf[attr_index].i_addr;
2532 ASSERT(len == in_f->ilf_asize);
2534 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
2535 case XFS_ILOG_ADATA:
2537 dest = XFS_DFORK_APTR(dip);
2538 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
2539 memcpy(dest, src, len);
2542 case XFS_ILOG_ABROOT:
2543 dest = XFS_DFORK_APTR(dip);
2544 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
2545 len, (xfs_bmdr_block_t*)dest,
2546 XFS_DFORK_ASIZE(dip, mp));
2550 xlog_warn("XFS: xlog_recover_do_inode_trans: Invalid flag");
2559 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2561 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2562 xfs_bdwrite(mp, bp);
2566 return XFS_ERROR(error);
2570 * Recover QUOTAOFF records. We simply make a note of it in the xlog_t
2571 * structure, so that we know not to do any dquot item or dquot buffer recovery,
2575 xlog_recover_do_quotaoff_trans(
2577 xlog_recover_item_t *item,
2580 xfs_qoff_logformat_t *qoff_f;
2582 if (pass == XLOG_RECOVER_PASS2) {
2586 qoff_f = (xfs_qoff_logformat_t *)item->ri_buf[0].i_addr;
2590 * The logitem format's flag tells us if this was user quotaoff,
2591 * group/project quotaoff or both.
2593 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
2594 log->l_quotaoffs_flag |= XFS_DQ_USER;
2595 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
2596 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
2597 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
2598 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
2604 * Recover a dquot record
2607 xlog_recover_do_dquot_trans(
2609 xlog_recover_item_t *item,
2614 struct xfs_disk_dquot *ddq, *recddq;
2616 xfs_dq_logformat_t *dq_f;
2619 if (pass == XLOG_RECOVER_PASS1) {
2625 * Filesystems are required to send in quota flags at mount time.
2627 if (mp->m_qflags == 0)
2630 recddq = (xfs_disk_dquot_t *)item->ri_buf[1].i_addr;
2632 if (item->ri_buf[1].i_addr == NULL) {
2634 "XFS: NULL dquot in %s.", __func__);
2635 return XFS_ERROR(EIO);
2637 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
2639 "XFS: dquot too small (%d) in %s.",
2640 item->ri_buf[1].i_len, __func__);
2641 return XFS_ERROR(EIO);
2645 * This type of quotas was turned off, so ignore this record.
2647 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
2649 if (log->l_quotaoffs_flag & type)
2653 * At this point we know that quota was _not_ turned off.
2654 * Since the mount flags are not indicating to us otherwise, this
2655 * must mean that quota is on, and the dquot needs to be replayed.
2656 * Remember that we may not have fully recovered the superblock yet,
2657 * so we can't do the usual trick of looking at the SB quota bits.
2659 * The other possibility, of course, is that the quota subsystem was
2660 * removed since the last mount - ENOSYS.
2662 dq_f = (xfs_dq_logformat_t *)item->ri_buf[0].i_addr;
2664 if ((error = xfs_qm_dqcheck(recddq,
2666 0, XFS_QMOPT_DOWARN,
2667 "xlog_recover_do_dquot_trans (log copy)"))) {
2668 return XFS_ERROR(EIO);
2670 ASSERT(dq_f->qlf_len == 1);
2672 error = xfs_read_buf(mp, mp->m_ddev_targp,
2674 XFS_FSB_TO_BB(mp, dq_f->qlf_len),
2677 xfs_ioerror_alert("xlog_recover_do..(read#3)", mp,
2678 bp, dq_f->qlf_blkno);
2682 ddq = (xfs_disk_dquot_t *)xfs_buf_offset(bp, dq_f->qlf_boffset);
2685 * At least the magic num portion should be on disk because this
2686 * was among a chunk of dquots created earlier, and we did some
2687 * minimal initialization then.
2689 if (xfs_qm_dqcheck(ddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
2690 "xlog_recover_do_dquot_trans")) {
2692 return XFS_ERROR(EIO);
2695 memcpy(ddq, recddq, item->ri_buf[1].i_len);
2697 ASSERT(dq_f->qlf_size == 2);
2698 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2700 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2701 xfs_bdwrite(mp, bp);
2707 * This routine is called to create an in-core extent free intent
2708 * item from the efi format structure which was logged on disk.
2709 * It allocates an in-core efi, copies the extents from the format
2710 * structure into it, and adds the efi to the AIL with the given
2714 xlog_recover_do_efi_trans(
2716 xlog_recover_item_t *item,
2722 xfs_efi_log_item_t *efip;
2723 xfs_efi_log_format_t *efi_formatp;
2725 if (pass == XLOG_RECOVER_PASS1) {
2729 efi_formatp = (xfs_efi_log_format_t *)item->ri_buf[0].i_addr;
2732 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
2733 if ((error = xfs_efi_copy_format(&(item->ri_buf[0]),
2734 &(efip->efi_format)))) {
2735 xfs_efi_item_free(efip);
2738 efip->efi_next_extent = efi_formatp->efi_nextents;
2739 efip->efi_flags |= XFS_EFI_COMMITTED;
2741 spin_lock(&log->l_ailp->xa_lock);
2743 * xfs_trans_ail_update() drops the AIL lock.
2745 xfs_trans_ail_update(log->l_ailp, (xfs_log_item_t *)efip, lsn);
2751 * This routine is called when an efd format structure is found in
2752 * a committed transaction in the log. It's purpose is to cancel
2753 * the corresponding efi if it was still in the log. To do this
2754 * it searches the AIL for the efi with an id equal to that in the
2755 * efd format structure. If we find it, we remove the efi from the
2759 xlog_recover_do_efd_trans(
2761 xlog_recover_item_t *item,
2764 xfs_efd_log_format_t *efd_formatp;
2765 xfs_efi_log_item_t *efip = NULL;
2766 xfs_log_item_t *lip;
2768 struct xfs_ail_cursor cur;
2769 struct xfs_ail *ailp = log->l_ailp;
2771 if (pass == XLOG_RECOVER_PASS1) {
2775 efd_formatp = (xfs_efd_log_format_t *)item->ri_buf[0].i_addr;
2776 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
2777 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
2778 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
2779 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
2780 efi_id = efd_formatp->efd_efi_id;
2783 * Search for the efi with the id in the efd format structure
2786 spin_lock(&ailp->xa_lock);
2787 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
2788 while (lip != NULL) {
2789 if (lip->li_type == XFS_LI_EFI) {
2790 efip = (xfs_efi_log_item_t *)lip;
2791 if (efip->efi_format.efi_id == efi_id) {
2793 * xfs_trans_ail_delete() drops the
2796 xfs_trans_ail_delete(ailp, lip);
2797 xfs_efi_item_free(efip);
2798 spin_lock(&ailp->xa_lock);
2802 lip = xfs_trans_ail_cursor_next(ailp, &cur);
2804 xfs_trans_ail_cursor_done(ailp, &cur);
2805 spin_unlock(&ailp->xa_lock);
2809 * Perform the transaction
2811 * If the transaction modifies a buffer or inode, do it now. Otherwise,
2812 * EFIs and EFDs get queued up by adding entries into the AIL for them.
2815 xlog_recover_do_trans(
2817 xlog_recover_t *trans,
2821 xlog_recover_item_t *item;
2823 error = xlog_recover_reorder_trans(log, trans, pass);
2827 list_for_each_entry(item, &trans->r_itemq, ri_list) {
2828 trace_xfs_log_recover_item_recover(log, trans, item, pass);
2829 switch (ITEM_TYPE(item)) {
2831 error = xlog_recover_do_buffer_trans(log, item, pass);
2834 error = xlog_recover_do_inode_trans(log, item, pass);
2837 error = xlog_recover_do_efi_trans(log, item,
2838 trans->r_lsn, pass);
2841 xlog_recover_do_efd_trans(log, item, pass);
2845 error = xlog_recover_do_dquot_trans(log, item, pass);
2847 case XFS_LI_QUOTAOFF:
2848 error = xlog_recover_do_quotaoff_trans(log, item,
2853 "XFS: invalid item type (%d) xlog_recover_do_trans", ITEM_TYPE(item));
2855 error = XFS_ERROR(EIO);
2867 * Free up any resources allocated by the transaction
2869 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
2872 xlog_recover_free_trans(
2873 xlog_recover_t *trans)
2875 xlog_recover_item_t *item, *n;
2878 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
2879 /* Free the regions in the item. */
2880 list_del(&item->ri_list);
2881 for (i = 0; i < item->ri_cnt; i++)
2882 kmem_free(item->ri_buf[i].i_addr);
2883 /* Free the item itself */
2884 kmem_free(item->ri_buf);
2887 /* Free the transaction recover structure */
2892 xlog_recover_commit_trans(
2894 xlog_recover_t *trans,
2899 hlist_del(&trans->r_list);
2900 if ((error = xlog_recover_do_trans(log, trans, pass)))
2902 xlog_recover_free_trans(trans); /* no error */
2907 xlog_recover_unmount_trans(
2908 xlog_recover_t *trans)
2910 /* Do nothing now */
2911 xlog_warn("XFS: xlog_recover_unmount_trans: Unmount LR");
2916 * There are two valid states of the r_state field. 0 indicates that the
2917 * transaction structure is in a normal state. We have either seen the
2918 * start of the transaction or the last operation we added was not a partial
2919 * operation. If the last operation we added to the transaction was a
2920 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
2922 * NOTE: skip LRs with 0 data length.
2925 xlog_recover_process_data(
2927 struct hlist_head rhash[],
2928 xlog_rec_header_t *rhead,
2934 xlog_op_header_t *ohead;
2935 xlog_recover_t *trans;
2941 lp = dp + be32_to_cpu(rhead->h_len);
2942 num_logops = be32_to_cpu(rhead->h_num_logops);
2944 /* check the log format matches our own - else we can't recover */
2945 if (xlog_header_check_recover(log->l_mp, rhead))
2946 return (XFS_ERROR(EIO));
2948 while ((dp < lp) && num_logops) {
2949 ASSERT(dp + sizeof(xlog_op_header_t) <= lp);
2950 ohead = (xlog_op_header_t *)dp;
2951 dp += sizeof(xlog_op_header_t);
2952 if (ohead->oh_clientid != XFS_TRANSACTION &&
2953 ohead->oh_clientid != XFS_LOG) {
2955 "XFS: xlog_recover_process_data: bad clientid");
2957 return (XFS_ERROR(EIO));
2959 tid = be32_to_cpu(ohead->oh_tid);
2960 hash = XLOG_RHASH(tid);
2961 trans = xlog_recover_find_tid(&rhash[hash], tid);
2962 if (trans == NULL) { /* not found; add new tid */
2963 if (ohead->oh_flags & XLOG_START_TRANS)
2964 xlog_recover_new_tid(&rhash[hash], tid,
2965 be64_to_cpu(rhead->h_lsn));
2967 if (dp + be32_to_cpu(ohead->oh_len) > lp) {
2969 "XFS: xlog_recover_process_data: bad length");
2971 return (XFS_ERROR(EIO));
2973 flags = ohead->oh_flags & ~XLOG_END_TRANS;
2974 if (flags & XLOG_WAS_CONT_TRANS)
2975 flags &= ~XLOG_CONTINUE_TRANS;
2977 case XLOG_COMMIT_TRANS:
2978 error = xlog_recover_commit_trans(log,
2981 case XLOG_UNMOUNT_TRANS:
2982 error = xlog_recover_unmount_trans(trans);
2984 case XLOG_WAS_CONT_TRANS:
2985 error = xlog_recover_add_to_cont_trans(log,
2987 be32_to_cpu(ohead->oh_len));
2989 case XLOG_START_TRANS:
2991 "XFS: xlog_recover_process_data: bad transaction");
2993 error = XFS_ERROR(EIO);
2996 case XLOG_CONTINUE_TRANS:
2997 error = xlog_recover_add_to_trans(log, trans,
2998 dp, be32_to_cpu(ohead->oh_len));
3002 "XFS: xlog_recover_process_data: bad flag");
3004 error = XFS_ERROR(EIO);
3010 dp += be32_to_cpu(ohead->oh_len);
3017 * Process an extent free intent item that was recovered from
3018 * the log. We need to free the extents that it describes.
3021 xlog_recover_process_efi(
3023 xfs_efi_log_item_t *efip)
3025 xfs_efd_log_item_t *efdp;
3030 xfs_fsblock_t startblock_fsb;
3032 ASSERT(!(efip->efi_flags & XFS_EFI_RECOVERED));
3035 * First check the validity of the extents described by the
3036 * EFI. If any are bad, then assume that all are bad and
3037 * just toss the EFI.
3039 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3040 extp = &(efip->efi_format.efi_extents[i]);
3041 startblock_fsb = XFS_BB_TO_FSB(mp,
3042 XFS_FSB_TO_DADDR(mp, extp->ext_start));
3043 if ((startblock_fsb == 0) ||
3044 (extp->ext_len == 0) ||
3045 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
3046 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
3048 * This will pull the EFI from the AIL and
3049 * free the memory associated with it.
3051 xfs_efi_release(efip, efip->efi_format.efi_nextents);
3052 return XFS_ERROR(EIO);
3056 tp = xfs_trans_alloc(mp, 0);
3057 error = xfs_trans_reserve(tp, 0, XFS_ITRUNCATE_LOG_RES(mp), 0, 0, 0);
3060 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
3062 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3063 extp = &(efip->efi_format.efi_extents[i]);
3064 error = xfs_free_extent(tp, extp->ext_start, extp->ext_len);
3067 xfs_trans_log_efd_extent(tp, efdp, extp->ext_start,
3071 efip->efi_flags |= XFS_EFI_RECOVERED;
3072 error = xfs_trans_commit(tp, 0);
3076 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3081 * When this is called, all of the EFIs which did not have
3082 * corresponding EFDs should be in the AIL. What we do now
3083 * is free the extents associated with each one.
3085 * Since we process the EFIs in normal transactions, they
3086 * will be removed at some point after the commit. This prevents
3087 * us from just walking down the list processing each one.
3088 * We'll use a flag in the EFI to skip those that we've already
3089 * processed and use the AIL iteration mechanism's generation
3090 * count to try to speed this up at least a bit.
3092 * When we start, we know that the EFIs are the only things in
3093 * the AIL. As we process them, however, other items are added
3094 * to the AIL. Since everything added to the AIL must come after
3095 * everything already in the AIL, we stop processing as soon as
3096 * we see something other than an EFI in the AIL.
3099 xlog_recover_process_efis(
3102 xfs_log_item_t *lip;
3103 xfs_efi_log_item_t *efip;
3105 struct xfs_ail_cursor cur;
3106 struct xfs_ail *ailp;
3109 spin_lock(&ailp->xa_lock);
3110 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3111 while (lip != NULL) {
3113 * We're done when we see something other than an EFI.
3114 * There should be no EFIs left in the AIL now.
3116 if (lip->li_type != XFS_LI_EFI) {
3118 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
3119 ASSERT(lip->li_type != XFS_LI_EFI);
3125 * Skip EFIs that we've already processed.
3127 efip = (xfs_efi_log_item_t *)lip;
3128 if (efip->efi_flags & XFS_EFI_RECOVERED) {
3129 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3133 spin_unlock(&ailp->xa_lock);
3134 error = xlog_recover_process_efi(log->l_mp, efip);
3135 spin_lock(&ailp->xa_lock);
3138 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3141 xfs_trans_ail_cursor_done(ailp, &cur);
3142 spin_unlock(&ailp->xa_lock);
3147 * This routine performs a transaction to null out a bad inode pointer
3148 * in an agi unlinked inode hash bucket.
3151 xlog_recover_clear_agi_bucket(
3153 xfs_agnumber_t agno,
3162 tp = xfs_trans_alloc(mp, XFS_TRANS_CLEAR_AGI_BUCKET);
3163 error = xfs_trans_reserve(tp, 0, XFS_CLEAR_AGI_BUCKET_LOG_RES(mp),
3168 error = xfs_read_agi(mp, tp, agno, &agibp);
3172 agi = XFS_BUF_TO_AGI(agibp);
3173 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
3174 offset = offsetof(xfs_agi_t, agi_unlinked) +
3175 (sizeof(xfs_agino_t) * bucket);
3176 xfs_trans_log_buf(tp, agibp, offset,
3177 (offset + sizeof(xfs_agino_t) - 1));
3179 error = xfs_trans_commit(tp, 0);
3185 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3187 xfs_fs_cmn_err(CE_WARN, mp, "xlog_recover_clear_agi_bucket: "
3188 "failed to clear agi %d. Continuing.", agno);
3193 xlog_recover_process_one_iunlink(
3194 struct xfs_mount *mp,
3195 xfs_agnumber_t agno,
3199 struct xfs_buf *ibp;
3200 struct xfs_dinode *dip;
3201 struct xfs_inode *ip;
3205 ino = XFS_AGINO_TO_INO(mp, agno, agino);
3206 error = xfs_iget(mp, NULL, ino, 0, 0, &ip, 0);
3211 * Get the on disk inode to find the next inode in the bucket.
3213 error = xfs_itobp(mp, NULL, ip, &dip, &ibp, XBF_LOCK);
3217 ASSERT(ip->i_d.di_nlink == 0);
3218 ASSERT(ip->i_d.di_mode != 0);
3220 /* setup for the next pass */
3221 agino = be32_to_cpu(dip->di_next_unlinked);
3225 * Prevent any DMAPI event from being sent when the reference on
3226 * the inode is dropped.
3228 ip->i_d.di_dmevmask = 0;
3237 * We can't read in the inode this bucket points to, or this inode
3238 * is messed up. Just ditch this bucket of inodes. We will lose
3239 * some inodes and space, but at least we won't hang.
3241 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
3242 * clear the inode pointer in the bucket.
3244 xlog_recover_clear_agi_bucket(mp, agno, bucket);
3249 * xlog_iunlink_recover
3251 * This is called during recovery to process any inodes which
3252 * we unlinked but not freed when the system crashed. These
3253 * inodes will be on the lists in the AGI blocks. What we do
3254 * here is scan all the AGIs and fully truncate and free any
3255 * inodes found on the lists. Each inode is removed from the
3256 * lists when it has been fully truncated and is freed. The
3257 * freeing of the inode and its removal from the list must be
3261 xlog_recover_process_iunlinks(
3265 xfs_agnumber_t agno;
3276 * Prevent any DMAPI event from being sent while in this function.
3278 mp_dmevmask = mp->m_dmevmask;
3281 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3283 * Find the agi for this ag.
3285 error = xfs_read_agi(mp, NULL, agno, &agibp);
3288 * AGI is b0rked. Don't process it.
3290 * We should probably mark the filesystem as corrupt
3291 * after we've recovered all the ag's we can....
3295 agi = XFS_BUF_TO_AGI(agibp);
3297 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
3298 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
3299 while (agino != NULLAGINO) {
3301 * Release the agi buffer so that it can
3302 * be acquired in the normal course of the
3303 * transaction to truncate and free the inode.
3305 xfs_buf_relse(agibp);
3307 agino = xlog_recover_process_one_iunlink(mp,
3308 agno, agino, bucket);
3311 * Reacquire the agibuffer and continue around
3312 * the loop. This should never fail as we know
3313 * the buffer was good earlier on.
3315 error = xfs_read_agi(mp, NULL, agno, &agibp);
3317 agi = XFS_BUF_TO_AGI(agibp);
3322 * Release the buffer for the current agi so we can
3323 * go on to the next one.
3325 xfs_buf_relse(agibp);
3328 mp->m_dmevmask = mp_dmevmask;
3334 xlog_pack_data_checksum(
3336 xlog_in_core_t *iclog,
3343 up = (__be32 *)iclog->ic_datap;
3344 /* divide length by 4 to get # words */
3345 for (i = 0; i < (size >> 2); i++) {
3346 chksum ^= be32_to_cpu(*up);
3349 iclog->ic_header.h_chksum = cpu_to_be32(chksum);
3352 #define xlog_pack_data_checksum(log, iclog, size)
3356 * Stamp cycle number in every block
3361 xlog_in_core_t *iclog,
3365 int size = iclog->ic_offset + roundoff;
3369 xlog_pack_data_checksum(log, iclog, size);
3371 cycle_lsn = CYCLE_LSN_DISK(iclog->ic_header.h_lsn);
3373 dp = iclog->ic_datap;
3374 for (i = 0; i < BTOBB(size) &&
3375 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
3376 iclog->ic_header.h_cycle_data[i] = *(__be32 *)dp;
3377 *(__be32 *)dp = cycle_lsn;
3381 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3382 xlog_in_core_2_t *xhdr = iclog->ic_data;
3384 for ( ; i < BTOBB(size); i++) {
3385 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3386 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3387 xhdr[j].hic_xheader.xh_cycle_data[k] = *(__be32 *)dp;
3388 *(__be32 *)dp = cycle_lsn;
3392 for (i = 1; i < log->l_iclog_heads; i++) {
3393 xhdr[i].hic_xheader.xh_cycle = cycle_lsn;
3400 xlog_rec_header_t *rhead,
3406 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
3407 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
3408 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
3412 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3413 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
3414 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
3415 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3416 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3417 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
3424 xlog_valid_rec_header(
3426 xlog_rec_header_t *rhead,
3431 if (unlikely(be32_to_cpu(rhead->h_magicno) != XLOG_HEADER_MAGIC_NUM)) {
3432 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
3433 XFS_ERRLEVEL_LOW, log->l_mp);
3434 return XFS_ERROR(EFSCORRUPTED);
3437 (!rhead->h_version ||
3438 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
3439 xlog_warn("XFS: %s: unrecognised log version (%d).",
3440 __func__, be32_to_cpu(rhead->h_version));
3441 return XFS_ERROR(EIO);
3444 /* LR body must have data or it wouldn't have been written */
3445 hlen = be32_to_cpu(rhead->h_len);
3446 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
3447 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
3448 XFS_ERRLEVEL_LOW, log->l_mp);
3449 return XFS_ERROR(EFSCORRUPTED);
3451 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
3452 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
3453 XFS_ERRLEVEL_LOW, log->l_mp);
3454 return XFS_ERROR(EFSCORRUPTED);
3460 * Read the log from tail to head and process the log records found.
3461 * Handle the two cases where the tail and head are in the same cycle
3462 * and where the active portion of the log wraps around the end of
3463 * the physical log separately. The pass parameter is passed through
3464 * to the routines called to process the data and is not looked at
3468 xlog_do_recovery_pass(
3470 xfs_daddr_t head_blk,
3471 xfs_daddr_t tail_blk,
3474 xlog_rec_header_t *rhead;
3477 xfs_buf_t *hbp, *dbp;
3478 int error = 0, h_size;
3479 int bblks, split_bblks;
3480 int hblks, split_hblks, wrapped_hblks;
3481 struct hlist_head rhash[XLOG_RHASH_SIZE];
3483 ASSERT(head_blk != tail_blk);
3486 * Read the header of the tail block and get the iclog buffer size from
3487 * h_size. Use this to tell how many sectors make up the log header.
3489 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3491 * When using variable length iclogs, read first sector of
3492 * iclog header and extract the header size from it. Get a
3493 * new hbp that is the correct size.
3495 hbp = xlog_get_bp(log, 1);
3499 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
3503 rhead = (xlog_rec_header_t *)offset;
3504 error = xlog_valid_rec_header(log, rhead, tail_blk);
3507 h_size = be32_to_cpu(rhead->h_size);
3508 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
3509 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
3510 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
3511 if (h_size % XLOG_HEADER_CYCLE_SIZE)
3514 hbp = xlog_get_bp(log, hblks);
3519 ASSERT(log->l_sectBBsize == 1);
3521 hbp = xlog_get_bp(log, 1);
3522 h_size = XLOG_BIG_RECORD_BSIZE;
3527 dbp = xlog_get_bp(log, BTOBB(h_size));
3533 memset(rhash, 0, sizeof(rhash));
3534 if (tail_blk <= head_blk) {
3535 for (blk_no = tail_blk; blk_no < head_blk; ) {
3536 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
3540 rhead = (xlog_rec_header_t *)offset;
3541 error = xlog_valid_rec_header(log, rhead, blk_no);
3545 /* blocks in data section */
3546 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3547 error = xlog_bread(log, blk_no + hblks, bblks, dbp,
3552 xlog_unpack_data(rhead, offset, log);
3553 if ((error = xlog_recover_process_data(log,
3554 rhash, rhead, offset, pass)))
3556 blk_no += bblks + hblks;
3560 * Perform recovery around the end of the physical log.
3561 * When the head is not on the same cycle number as the tail,
3562 * we can't do a sequential recovery as above.
3565 while (blk_no < log->l_logBBsize) {
3567 * Check for header wrapping around physical end-of-log
3569 offset = XFS_BUF_PTR(hbp);
3572 if (blk_no + hblks <= log->l_logBBsize) {
3573 /* Read header in one read */
3574 error = xlog_bread(log, blk_no, hblks, hbp,
3579 /* This LR is split across physical log end */
3580 if (blk_no != log->l_logBBsize) {
3581 /* some data before physical log end */
3582 ASSERT(blk_no <= INT_MAX);
3583 split_hblks = log->l_logBBsize - (int)blk_no;
3584 ASSERT(split_hblks > 0);
3585 error = xlog_bread(log, blk_no,
3593 * Note: this black magic still works with
3594 * large sector sizes (non-512) only because:
3595 * - we increased the buffer size originally
3596 * by 1 sector giving us enough extra space
3597 * for the second read;
3598 * - the log start is guaranteed to be sector
3600 * - we read the log end (LR header start)
3601 * _first_, then the log start (LR header end)
3602 * - order is important.
3604 wrapped_hblks = hblks - split_hblks;
3605 error = XFS_BUF_SET_PTR(hbp,
3606 offset + BBTOB(split_hblks),
3607 BBTOB(hblks - split_hblks));
3611 error = xlog_bread_noalign(log, 0,
3612 wrapped_hblks, hbp);
3616 error = XFS_BUF_SET_PTR(hbp, offset,
3621 rhead = (xlog_rec_header_t *)offset;
3622 error = xlog_valid_rec_header(log, rhead,
3623 split_hblks ? blk_no : 0);
3627 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3630 /* Read in data for log record */
3631 if (blk_no + bblks <= log->l_logBBsize) {
3632 error = xlog_bread(log, blk_no, bblks, dbp,
3637 /* This log record is split across the
3638 * physical end of log */
3639 offset = XFS_BUF_PTR(dbp);
3641 if (blk_no != log->l_logBBsize) {
3642 /* some data is before the physical
3644 ASSERT(!wrapped_hblks);
3645 ASSERT(blk_no <= INT_MAX);
3647 log->l_logBBsize - (int)blk_no;
3648 ASSERT(split_bblks > 0);
3649 error = xlog_bread(log, blk_no,
3657 * Note: this black magic still works with
3658 * large sector sizes (non-512) only because:
3659 * - we increased the buffer size originally
3660 * by 1 sector giving us enough extra space
3661 * for the second read;
3662 * - the log start is guaranteed to be sector
3664 * - we read the log end (LR header start)
3665 * _first_, then the log start (LR header end)
3666 * - order is important.
3668 error = XFS_BUF_SET_PTR(dbp,
3669 offset + BBTOB(split_bblks),
3670 BBTOB(bblks - split_bblks));
3674 error = xlog_bread_noalign(log, wrapped_hblks,
3675 bblks - split_bblks,
3680 error = XFS_BUF_SET_PTR(dbp, offset, h_size);
3684 xlog_unpack_data(rhead, offset, log);
3685 if ((error = xlog_recover_process_data(log, rhash,
3686 rhead, offset, pass)))
3691 ASSERT(blk_no >= log->l_logBBsize);
3692 blk_no -= log->l_logBBsize;
3694 /* read first part of physical log */
3695 while (blk_no < head_blk) {
3696 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
3700 rhead = (xlog_rec_header_t *)offset;
3701 error = xlog_valid_rec_header(log, rhead, blk_no);
3705 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3706 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
3711 xlog_unpack_data(rhead, offset, log);
3712 if ((error = xlog_recover_process_data(log, rhash,
3713 rhead, offset, pass)))
3715 blk_no += bblks + hblks;
3727 * Do the recovery of the log. We actually do this in two phases.
3728 * The two passes are necessary in order to implement the function
3729 * of cancelling a record written into the log. The first pass
3730 * determines those things which have been cancelled, and the
3731 * second pass replays log items normally except for those which
3732 * have been cancelled. The handling of the replay and cancellations
3733 * takes place in the log item type specific routines.
3735 * The table of items which have cancel records in the log is allocated
3736 * and freed at this level, since only here do we know when all of
3737 * the log recovery has been completed.
3740 xlog_do_log_recovery(
3742 xfs_daddr_t head_blk,
3743 xfs_daddr_t tail_blk)
3747 ASSERT(head_blk != tail_blk);
3750 * First do a pass to find all of the cancelled buf log items.
3751 * Store them in the buf_cancel_table for use in the second pass.
3753 log->l_buf_cancel_table =
3754 (xfs_buf_cancel_t **)kmem_zalloc(XLOG_BC_TABLE_SIZE *
3755 sizeof(xfs_buf_cancel_t*),
3757 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
3758 XLOG_RECOVER_PASS1);
3760 kmem_free(log->l_buf_cancel_table);
3761 log->l_buf_cancel_table = NULL;
3765 * Then do a second pass to actually recover the items in the log.
3766 * When it is complete free the table of buf cancel items.
3768 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
3769 XLOG_RECOVER_PASS2);
3774 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
3775 ASSERT(log->l_buf_cancel_table[i] == NULL);
3779 kmem_free(log->l_buf_cancel_table);
3780 log->l_buf_cancel_table = NULL;
3786 * Do the actual recovery
3791 xfs_daddr_t head_blk,
3792 xfs_daddr_t tail_blk)
3799 * First replay the images in the log.
3801 error = xlog_do_log_recovery(log, head_blk, tail_blk);
3806 XFS_bflush(log->l_mp->m_ddev_targp);
3809 * If IO errors happened during recovery, bail out.
3811 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
3816 * We now update the tail_lsn since much of the recovery has completed
3817 * and there may be space available to use. If there were no extent
3818 * or iunlinks, we can free up the entire log and set the tail_lsn to
3819 * be the last_sync_lsn. This was set in xlog_find_tail to be the
3820 * lsn of the last known good LR on disk. If there are extent frees
3821 * or iunlinks they will have some entries in the AIL; so we look at
3822 * the AIL to determine how to set the tail_lsn.
3824 xlog_assign_tail_lsn(log->l_mp);
3827 * Now that we've finished replaying all buffer and inode
3828 * updates, re-read in the superblock.
3830 bp = xfs_getsb(log->l_mp, 0);
3832 ASSERT(!(XFS_BUF_ISWRITE(bp)));
3833 ASSERT(!(XFS_BUF_ISDELAYWRITE(bp)));
3835 XFS_BUF_UNASYNC(bp);
3836 xfsbdstrat(log->l_mp, bp);
3837 error = xfs_iowait(bp);
3839 xfs_ioerror_alert("xlog_do_recover",
3840 log->l_mp, bp, XFS_BUF_ADDR(bp));
3846 /* Convert superblock from on-disk format */
3847 sbp = &log->l_mp->m_sb;
3848 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
3849 ASSERT(sbp->sb_magicnum == XFS_SB_MAGIC);
3850 ASSERT(xfs_sb_good_version(sbp));
3853 /* We've re-read the superblock so re-initialize per-cpu counters */
3854 xfs_icsb_reinit_counters(log->l_mp);
3856 xlog_recover_check_summary(log);
3858 /* Normal transactions can now occur */
3859 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
3864 * Perform recovery and re-initialize some log variables in xlog_find_tail.
3866 * Return error or zero.
3872 xfs_daddr_t head_blk, tail_blk;
3875 /* find the tail of the log */
3876 if ((error = xlog_find_tail(log, &head_blk, &tail_blk)))
3879 if (tail_blk != head_blk) {
3880 /* There used to be a comment here:
3882 * disallow recovery on read-only mounts. note -- mount
3883 * checks for ENOSPC and turns it into an intelligent
3885 * ...but this is no longer true. Now, unless you specify
3886 * NORECOVERY (in which case this function would never be
3887 * called), we just go ahead and recover. We do this all
3888 * under the vfs layer, so we can get away with it unless
3889 * the device itself is read-only, in which case we fail.
3891 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
3896 "Starting XFS recovery on filesystem: %s (logdev: %s)",
3897 log->l_mp->m_fsname, log->l_mp->m_logname ?
3898 log->l_mp->m_logname : "internal");
3900 error = xlog_do_recover(log, head_blk, tail_blk);
3901 log->l_flags |= XLOG_RECOVERY_NEEDED;
3907 * In the first part of recovery we replay inodes and buffers and build
3908 * up the list of extent free items which need to be processed. Here
3909 * we process the extent free items and clean up the on disk unlinked
3910 * inode lists. This is separated from the first part of recovery so
3911 * that the root and real-time bitmap inodes can be read in from disk in
3912 * between the two stages. This is necessary so that we can free space
3913 * in the real-time portion of the file system.
3916 xlog_recover_finish(
3920 * Now we're ready to do the transactions needed for the
3921 * rest of recovery. Start with completing all the extent
3922 * free intent records and then process the unlinked inode
3923 * lists. At this point, we essentially run in normal mode
3924 * except that we're still performing recovery actions
3925 * rather than accepting new requests.
3927 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
3929 error = xlog_recover_process_efis(log);
3932 "Failed to recover EFIs on filesystem: %s",
3933 log->l_mp->m_fsname);
3937 * Sync the log to get all the EFIs out of the AIL.
3938 * This isn't absolutely necessary, but it helps in
3939 * case the unlink transactions would have problems
3940 * pushing the EFIs out of the way.
3942 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
3944 xlog_recover_process_iunlinks(log);
3946 xlog_recover_check_summary(log);
3949 "Ending XFS recovery on filesystem: %s (logdev: %s)",
3950 log->l_mp->m_fsname, log->l_mp->m_logname ?
3951 log->l_mp->m_logname : "internal");
3952 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
3955 "!Ending clean XFS mount for filesystem: %s\n",
3956 log->l_mp->m_fsname);
3964 * Read all of the agf and agi counters and check that they
3965 * are consistent with the superblock counters.
3968 xlog_recover_check_summary(
3975 xfs_agnumber_t agno;
3976 __uint64_t freeblks;
3986 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3987 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
3989 xfs_fs_cmn_err(CE_ALERT, mp,
3990 "xlog_recover_check_summary(agf)"
3991 "agf read failed agno %d error %d",
3994 agfp = XFS_BUF_TO_AGF(agfbp);
3995 freeblks += be32_to_cpu(agfp->agf_freeblks) +
3996 be32_to_cpu(agfp->agf_flcount);
3997 xfs_buf_relse(agfbp);
4000 error = xfs_read_agi(mp, NULL, agno, &agibp);
4002 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
4004 itotal += be32_to_cpu(agi->agi_count);
4005 ifree += be32_to_cpu(agi->agi_freecount);
4006 xfs_buf_relse(agibp);
git.samba.org / sfrench / cifs-2.6.git / blob