2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
26 #include "xfs_mount.h"
27 #include "xfs_da_format.h"
28 #include "xfs_da_btree.h"
29 #include "xfs_inode.h"
30 #include "xfs_trans.h"
32 #include "xfs_log_priv.h"
33 #include "xfs_log_recover.h"
34 #include "xfs_inode_item.h"
35 #include "xfs_extfree_item.h"
36 #include "xfs_trans_priv.h"
37 #include "xfs_alloc.h"
38 #include "xfs_ialloc.h"
39 #include "xfs_quota.h"
40 #include "xfs_cksum.h"
41 #include "xfs_trace.h"
42 #include "xfs_icache.h"
43 #include "xfs_bmap_btree.h"
44 #include "xfs_error.h"
47 #define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1)
54 xlog_clear_stale_blocks(
59 xlog_recover_check_summary(
62 #define xlog_recover_check_summary(log)
65 xlog_do_recovery_pass(
66 struct xlog *, xfs_daddr_t, xfs_daddr_t, int, xfs_daddr_t *);
69 * This structure is used during recovery to record the buf log items which
70 * have been canceled and should not be replayed.
72 struct xfs_buf_cancel {
76 struct list_head bc_list;
80 * Sector aligned buffer routines for buffer create/read/write/access
84 * Verify the given count of basic blocks is valid number of blocks
85 * to specify for an operation involving the given XFS log buffer.
86 * Returns nonzero if the count is valid, 0 otherwise.
90 xlog_buf_bbcount_valid(
94 return bbcount > 0 && bbcount <= log->l_logBBsize;
98 * Allocate a buffer to hold log data. The buffer needs to be able
99 * to map to a range of nbblks basic blocks at any valid (basic
100 * block) offset within the log.
109 if (!xlog_buf_bbcount_valid(log, nbblks)) {
110 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
112 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
117 * We do log I/O in units of log sectors (a power-of-2
118 * multiple of the basic block size), so we round up the
119 * requested size to accommodate the basic blocks required
120 * for complete log sectors.
122 * In addition, the buffer may be used for a non-sector-
123 * aligned block offset, in which case an I/O of the
124 * requested size could extend beyond the end of the
125 * buffer. If the requested size is only 1 basic block it
126 * will never straddle a sector boundary, so this won't be
127 * an issue. Nor will this be a problem if the log I/O is
128 * done in basic blocks (sector size 1). But otherwise we
129 * extend the buffer by one extra log sector to ensure
130 * there's space to accommodate this possibility.
132 if (nbblks > 1 && log->l_sectBBsize > 1)
133 nbblks += log->l_sectBBsize;
134 nbblks = round_up(nbblks, log->l_sectBBsize);
136 bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0);
150 * Return the address of the start of the given block number's data
151 * in a log buffer. The buffer covers a log sector-aligned region.
160 xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1);
162 ASSERT(offset + nbblks <= bp->b_length);
163 return bp->b_addr + BBTOB(offset);
168 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
179 if (!xlog_buf_bbcount_valid(log, nbblks)) {
180 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
182 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
183 return -EFSCORRUPTED;
186 blk_no = round_down(blk_no, log->l_sectBBsize);
187 nbblks = round_up(nbblks, log->l_sectBBsize);
190 ASSERT(nbblks <= bp->b_length);
192 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
193 bp->b_flags |= XBF_READ;
194 bp->b_io_length = nbblks;
197 error = xfs_buf_submit_wait(bp);
198 if (error && !XFS_FORCED_SHUTDOWN(log->l_mp))
199 xfs_buf_ioerror_alert(bp, __func__);
213 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
217 *offset = xlog_align(log, blk_no, nbblks, bp);
222 * Read at an offset into the buffer. Returns with the buffer in it's original
223 * state regardless of the result of the read.
228 xfs_daddr_t blk_no, /* block to read from */
229 int nbblks, /* blocks to read */
233 char *orig_offset = bp->b_addr;
234 int orig_len = BBTOB(bp->b_length);
237 error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks));
241 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
243 /* must reset buffer pointer even on error */
244 error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len);
251 * Write out the buffer at the given block for the given number of blocks.
252 * The buffer is kept locked across the write and is returned locked.
253 * This can only be used for synchronous log writes.
264 if (!xlog_buf_bbcount_valid(log, nbblks)) {
265 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
267 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
268 return -EFSCORRUPTED;
271 blk_no = round_down(blk_no, log->l_sectBBsize);
272 nbblks = round_up(nbblks, log->l_sectBBsize);
275 ASSERT(nbblks <= bp->b_length);
277 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
280 bp->b_io_length = nbblks;
283 error = xfs_bwrite(bp);
285 xfs_buf_ioerror_alert(bp, __func__);
292 * dump debug superblock and log record information
295 xlog_header_check_dump(
297 xlog_rec_header_t *head)
299 xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d",
300 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
301 xfs_debug(mp, " log : uuid = %pU, fmt = %d",
302 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
305 #define xlog_header_check_dump(mp, head)
309 * check log record header for recovery
312 xlog_header_check_recover(
314 xlog_rec_header_t *head)
316 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
319 * IRIX doesn't write the h_fmt field and leaves it zeroed
320 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
321 * a dirty log created in IRIX.
323 if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) {
325 "dirty log written in incompatible format - can't recover");
326 xlog_header_check_dump(mp, head);
327 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
328 XFS_ERRLEVEL_HIGH, mp);
329 return -EFSCORRUPTED;
330 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
332 "dirty log entry has mismatched uuid - can't recover");
333 xlog_header_check_dump(mp, head);
334 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
335 XFS_ERRLEVEL_HIGH, mp);
336 return -EFSCORRUPTED;
342 * read the head block of the log and check the header
345 xlog_header_check_mount(
347 xlog_rec_header_t *head)
349 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
351 if (uuid_is_nil(&head->h_fs_uuid)) {
353 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
354 * h_fs_uuid is nil, we assume this log was last mounted
355 * by IRIX and continue.
357 xfs_warn(mp, "nil uuid in log - IRIX style log");
358 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
359 xfs_warn(mp, "log has mismatched uuid - can't recover");
360 xlog_header_check_dump(mp, head);
361 XFS_ERROR_REPORT("xlog_header_check_mount",
362 XFS_ERRLEVEL_HIGH, mp);
363 return -EFSCORRUPTED;
374 * We're not going to bother about retrying
375 * this during recovery. One strike!
377 if (!XFS_FORCED_SHUTDOWN(bp->b_target->bt_mount)) {
378 xfs_buf_ioerror_alert(bp, __func__);
379 xfs_force_shutdown(bp->b_target->bt_mount,
380 SHUTDOWN_META_IO_ERROR);
388 * This routine finds (to an approximation) the first block in the physical
389 * log which contains the given cycle. It uses a binary search algorithm.
390 * Note that the algorithm can not be perfect because the disk will not
391 * necessarily be perfect.
394 xlog_find_cycle_start(
397 xfs_daddr_t first_blk,
398 xfs_daddr_t *last_blk,
408 mid_blk = BLK_AVG(first_blk, end_blk);
409 while (mid_blk != first_blk && mid_blk != end_blk) {
410 error = xlog_bread(log, mid_blk, 1, bp, &offset);
413 mid_cycle = xlog_get_cycle(offset);
414 if (mid_cycle == cycle)
415 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
417 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
418 mid_blk = BLK_AVG(first_blk, end_blk);
420 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
421 (mid_blk == end_blk && mid_blk-1 == first_blk));
429 * Check that a range of blocks does not contain stop_on_cycle_no.
430 * Fill in *new_blk with the block offset where such a block is
431 * found, or with -1 (an invalid block number) if there is no such
432 * block in the range. The scan needs to occur from front to back
433 * and the pointer into the region must be updated since a later
434 * routine will need to perform another test.
437 xlog_find_verify_cycle(
439 xfs_daddr_t start_blk,
441 uint stop_on_cycle_no,
442 xfs_daddr_t *new_blk)
452 * Greedily allocate a buffer big enough to handle the full
453 * range of basic blocks we'll be examining. If that fails,
454 * try a smaller size. We need to be able to read at least
455 * a log sector, or we're out of luck.
457 bufblks = 1 << ffs(nbblks);
458 while (bufblks > log->l_logBBsize)
460 while (!(bp = xlog_get_bp(log, bufblks))) {
462 if (bufblks < log->l_sectBBsize)
466 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
469 bcount = min(bufblks, (start_blk + nbblks - i));
471 error = xlog_bread(log, i, bcount, bp, &buf);
475 for (j = 0; j < bcount; j++) {
476 cycle = xlog_get_cycle(buf);
477 if (cycle == stop_on_cycle_no) {
494 * Potentially backup over partial log record write.
496 * In the typical case, last_blk is the number of the block directly after
497 * a good log record. Therefore, we subtract one to get the block number
498 * of the last block in the given buffer. extra_bblks contains the number
499 * of blocks we would have read on a previous read. This happens when the
500 * last log record is split over the end of the physical log.
502 * extra_bblks is the number of blocks potentially verified on a previous
503 * call to this routine.
506 xlog_find_verify_log_record(
508 xfs_daddr_t start_blk,
509 xfs_daddr_t *last_blk,
515 xlog_rec_header_t *head = NULL;
518 int num_blks = *last_blk - start_blk;
521 ASSERT(start_blk != 0 || *last_blk != start_blk);
523 if (!(bp = xlog_get_bp(log, num_blks))) {
524 if (!(bp = xlog_get_bp(log, 1)))
528 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
531 offset += ((num_blks - 1) << BBSHIFT);
534 for (i = (*last_blk) - 1; i >= 0; i--) {
536 /* valid log record not found */
538 "Log inconsistent (didn't find previous header)");
545 error = xlog_bread(log, i, 1, bp, &offset);
550 head = (xlog_rec_header_t *)offset;
552 if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
560 * We hit the beginning of the physical log & still no header. Return
561 * to caller. If caller can handle a return of -1, then this routine
562 * will be called again for the end of the physical log.
570 * We have the final block of the good log (the first block
571 * of the log record _before_ the head. So we check the uuid.
573 if ((error = xlog_header_check_mount(log->l_mp, head)))
577 * We may have found a log record header before we expected one.
578 * last_blk will be the 1st block # with a given cycle #. We may end
579 * up reading an entire log record. In this case, we don't want to
580 * reset last_blk. Only when last_blk points in the middle of a log
581 * record do we update last_blk.
583 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
584 uint h_size = be32_to_cpu(head->h_size);
586 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
587 if (h_size % XLOG_HEADER_CYCLE_SIZE)
593 if (*last_blk - i + extra_bblks !=
594 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
603 * Head is defined to be the point of the log where the next log write
604 * could go. This means that incomplete LR writes at the end are
605 * eliminated when calculating the head. We aren't guaranteed that previous
606 * LR have complete transactions. We only know that a cycle number of
607 * current cycle number -1 won't be present in the log if we start writing
608 * from our current block number.
610 * last_blk contains the block number of the first block with a given
613 * Return: zero if normal, non-zero if error.
618 xfs_daddr_t *return_head_blk)
622 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
624 uint first_half_cycle, last_half_cycle;
626 int error, log_bbnum = log->l_logBBsize;
628 /* Is the end of the log device zeroed? */
629 error = xlog_find_zeroed(log, &first_blk);
631 xfs_warn(log->l_mp, "empty log check failed");
635 *return_head_blk = first_blk;
637 /* Is the whole lot zeroed? */
639 /* Linux XFS shouldn't generate totally zeroed logs -
640 * mkfs etc write a dummy unmount record to a fresh
641 * log so we can store the uuid in there
643 xfs_warn(log->l_mp, "totally zeroed log");
649 first_blk = 0; /* get cycle # of 1st block */
650 bp = xlog_get_bp(log, 1);
654 error = xlog_bread(log, 0, 1, bp, &offset);
658 first_half_cycle = xlog_get_cycle(offset);
660 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
661 error = xlog_bread(log, last_blk, 1, bp, &offset);
665 last_half_cycle = xlog_get_cycle(offset);
666 ASSERT(last_half_cycle != 0);
669 * If the 1st half cycle number is equal to the last half cycle number,
670 * then the entire log is stamped with the same cycle number. In this
671 * case, head_blk can't be set to zero (which makes sense). The below
672 * math doesn't work out properly with head_blk equal to zero. Instead,
673 * we set it to log_bbnum which is an invalid block number, but this
674 * value makes the math correct. If head_blk doesn't changed through
675 * all the tests below, *head_blk is set to zero at the very end rather
676 * than log_bbnum. In a sense, log_bbnum and zero are the same block
677 * in a circular file.
679 if (first_half_cycle == last_half_cycle) {
681 * In this case we believe that the entire log should have
682 * cycle number last_half_cycle. We need to scan backwards
683 * from the end verifying that there are no holes still
684 * containing last_half_cycle - 1. If we find such a hole,
685 * then the start of that hole will be the new head. The
686 * simple case looks like
687 * x | x ... | x - 1 | x
688 * Another case that fits this picture would be
689 * x | x + 1 | x ... | x
690 * In this case the head really is somewhere at the end of the
691 * log, as one of the latest writes at the beginning was
694 * x | x + 1 | x ... | x - 1 | x
695 * This is really the combination of the above two cases, and
696 * the head has to end up at the start of the x-1 hole at the
699 * In the 256k log case, we will read from the beginning to the
700 * end of the log and search for cycle numbers equal to x-1.
701 * We don't worry about the x+1 blocks that we encounter,
702 * because we know that they cannot be the head since the log
705 head_blk = log_bbnum;
706 stop_on_cycle = last_half_cycle - 1;
709 * In this case we want to find the first block with cycle
710 * number matching last_half_cycle. We expect the log to be
712 * x + 1 ... | x ... | x
713 * The first block with cycle number x (last_half_cycle) will
714 * be where the new head belongs. First we do a binary search
715 * for the first occurrence of last_half_cycle. The binary
716 * search may not be totally accurate, so then we scan back
717 * from there looking for occurrences of last_half_cycle before
718 * us. If that backwards scan wraps around the beginning of
719 * the log, then we look for occurrences of last_half_cycle - 1
720 * at the end of the log. The cases we're looking for look
722 * v binary search stopped here
723 * x + 1 ... | x | x + 1 | x ... | x
724 * ^ but we want to locate this spot
726 * <---------> less than scan distance
727 * x + 1 ... | x ... | x - 1 | x
728 * ^ we want to locate this spot
730 stop_on_cycle = last_half_cycle;
731 if ((error = xlog_find_cycle_start(log, bp, first_blk,
732 &head_blk, last_half_cycle)))
737 * Now validate the answer. Scan back some number of maximum possible
738 * blocks and make sure each one has the expected cycle number. The
739 * maximum is determined by the total possible amount of buffering
740 * in the in-core log. The following number can be made tighter if
741 * we actually look at the block size of the filesystem.
743 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
744 if (head_blk >= num_scan_bblks) {
746 * We are guaranteed that the entire check can be performed
749 start_blk = head_blk - num_scan_bblks;
750 if ((error = xlog_find_verify_cycle(log,
751 start_blk, num_scan_bblks,
752 stop_on_cycle, &new_blk)))
756 } else { /* need to read 2 parts of log */
758 * We are going to scan backwards in the log in two parts.
759 * First we scan the physical end of the log. In this part
760 * of the log, we are looking for blocks with cycle number
761 * last_half_cycle - 1.
762 * If we find one, then we know that the log starts there, as
763 * we've found a hole that didn't get written in going around
764 * the end of the physical log. The simple case for this is
765 * x + 1 ... | x ... | x - 1 | x
766 * <---------> less than scan distance
767 * If all of the blocks at the end of the log have cycle number
768 * last_half_cycle, then we check the blocks at the start of
769 * the log looking for occurrences of last_half_cycle. If we
770 * find one, then our current estimate for the location of the
771 * first occurrence of last_half_cycle is wrong and we move
772 * back to the hole we've found. This case looks like
773 * x + 1 ... | x | x + 1 | x ...
774 * ^ binary search stopped here
775 * Another case we need to handle that only occurs in 256k
777 * x + 1 ... | x ... | x+1 | x ...
778 * ^ binary search stops here
779 * In a 256k log, the scan at the end of the log will see the
780 * x + 1 blocks. We need to skip past those since that is
781 * certainly not the head of the log. By searching for
782 * last_half_cycle-1 we accomplish that.
784 ASSERT(head_blk <= INT_MAX &&
785 (xfs_daddr_t) num_scan_bblks >= head_blk);
786 start_blk = log_bbnum - (num_scan_bblks - head_blk);
787 if ((error = xlog_find_verify_cycle(log, start_blk,
788 num_scan_bblks - (int)head_blk,
789 (stop_on_cycle - 1), &new_blk)))
797 * Scan beginning of log now. The last part of the physical
798 * log is good. This scan needs to verify that it doesn't find
799 * the last_half_cycle.
802 ASSERT(head_blk <= INT_MAX);
803 if ((error = xlog_find_verify_cycle(log,
804 start_blk, (int)head_blk,
805 stop_on_cycle, &new_blk)))
813 * Now we need to make sure head_blk is not pointing to a block in
814 * the middle of a log record.
816 num_scan_bblks = XLOG_REC_SHIFT(log);
817 if (head_blk >= num_scan_bblks) {
818 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
820 /* start ptr at last block ptr before head_blk */
821 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
828 ASSERT(head_blk <= INT_MAX);
829 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
833 /* We hit the beginning of the log during our search */
834 start_blk = log_bbnum - (num_scan_bblks - head_blk);
836 ASSERT(start_blk <= INT_MAX &&
837 (xfs_daddr_t) log_bbnum-start_blk >= 0);
838 ASSERT(head_blk <= INT_MAX);
839 error = xlog_find_verify_log_record(log, start_blk,
840 &new_blk, (int)head_blk);
845 if (new_blk != log_bbnum)
852 if (head_blk == log_bbnum)
853 *return_head_blk = 0;
855 *return_head_blk = head_blk;
857 * When returning here, we have a good block number. Bad block
858 * means that during a previous crash, we didn't have a clean break
859 * from cycle number N to cycle number N-1. In this case, we need
860 * to find the first block with cycle number N-1.
868 xfs_warn(log->l_mp, "failed to find log head");
873 * Seek backwards in the log for log record headers.
875 * Given a starting log block, walk backwards until we find the provided number
876 * of records or hit the provided tail block. The return value is the number of
877 * records encountered or a negative error code. The log block and buffer
878 * pointer of the last record seen are returned in rblk and rhead respectively.
881 xlog_rseek_logrec_hdr(
883 xfs_daddr_t head_blk,
884 xfs_daddr_t tail_blk,
888 struct xlog_rec_header **rhead,
900 * Walk backwards from the head block until we hit the tail or the first
903 end_blk = head_blk > tail_blk ? tail_blk : 0;
904 for (i = (int) head_blk - 1; i >= end_blk; i--) {
905 error = xlog_bread(log, i, 1, bp, &offset);
909 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
911 *rhead = (struct xlog_rec_header *) offset;
912 if (++found == count)
918 * If we haven't hit the tail block or the log record header count,
919 * start looking again from the end of the physical log. Note that
920 * callers can pass head == tail if the tail is not yet known.
922 if (tail_blk >= head_blk && found != count) {
923 for (i = log->l_logBBsize - 1; i >= (int) tail_blk; i--) {
924 error = xlog_bread(log, i, 1, bp, &offset);
928 if (*(__be32 *)offset ==
929 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
932 *rhead = (struct xlog_rec_header *) offset;
933 if (++found == count)
946 * Seek forward in the log for log record headers.
948 * Given head and tail blocks, walk forward from the tail block until we find
949 * the provided number of records or hit the head block. The return value is the
950 * number of records encountered or a negative error code. The log block and
951 * buffer pointer of the last record seen are returned in rblk and rhead
955 xlog_seek_logrec_hdr(
957 xfs_daddr_t head_blk,
958 xfs_daddr_t tail_blk,
962 struct xlog_rec_header **rhead,
974 * Walk forward from the tail block until we hit the head or the last
977 end_blk = head_blk > tail_blk ? head_blk : log->l_logBBsize - 1;
978 for (i = (int) tail_blk; i <= end_blk; i++) {
979 error = xlog_bread(log, i, 1, bp, &offset);
983 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
985 *rhead = (struct xlog_rec_header *) offset;
986 if (++found == count)
992 * If we haven't hit the head block or the log record header count,
993 * start looking again from the start of the physical log.
995 if (tail_blk > head_blk && found != count) {
996 for (i = 0; i < (int) head_blk; i++) {
997 error = xlog_bread(log, i, 1, bp, &offset);
1001 if (*(__be32 *)offset ==
1002 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
1005 *rhead = (struct xlog_rec_header *) offset;
1006 if (++found == count)
1019 * Check the log tail for torn writes. This is required when torn writes are
1020 * detected at the head and the head had to be walked back to a previous record.
1021 * The tail of the previous record must now be verified to ensure the torn
1022 * writes didn't corrupt the previous tail.
1024 * Return an error if CRC verification fails as recovery cannot proceed.
1029 xfs_daddr_t head_blk,
1030 xfs_daddr_t tail_blk)
1032 struct xlog_rec_header *thead;
1034 xfs_daddr_t first_bad;
1038 xfs_daddr_t tmp_head;
1040 bp = xlog_get_bp(log, 1);
1045 * Seek XLOG_MAX_ICLOGS + 1 records past the current tail record to get
1046 * a temporary head block that points after the last possible
1047 * concurrently written record of the tail.
1049 count = xlog_seek_logrec_hdr(log, head_blk, tail_blk,
1050 XLOG_MAX_ICLOGS + 1, bp, &tmp_head, &thead,
1058 * If the call above didn't find XLOG_MAX_ICLOGS + 1 records, we ran
1059 * into the actual log head. tmp_head points to the start of the record
1060 * so update it to the actual head block.
1062 if (count < XLOG_MAX_ICLOGS + 1)
1063 tmp_head = head_blk;
1066 * We now have a tail and temporary head block that covers at least
1067 * XLOG_MAX_ICLOGS records from the tail. We need to verify that these
1068 * records were completely written. Run a CRC verification pass from
1069 * tail to head and return the result.
1071 error = xlog_do_recovery_pass(log, tmp_head, tail_blk,
1072 XLOG_RECOVER_CRCPASS, &first_bad);
1080 * Detect and trim torn writes from the head of the log.
1082 * Storage without sector atomicity guarantees can result in torn writes in the
1083 * log in the event of a crash. Our only means to detect this scenario is via
1084 * CRC verification. While we can't always be certain that CRC verification
1085 * failure is due to a torn write vs. an unrelated corruption, we do know that
1086 * only a certain number (XLOG_MAX_ICLOGS) of log records can be written out at
1087 * one time. Therefore, CRC verify up to XLOG_MAX_ICLOGS records at the head of
1088 * the log and treat failures in this range as torn writes as a matter of
1089 * policy. In the event of CRC failure, the head is walked back to the last good
1090 * record in the log and the tail is updated from that record and verified.
1095 xfs_daddr_t *head_blk, /* in/out: unverified head */
1096 xfs_daddr_t *tail_blk, /* out: tail block */
1098 xfs_daddr_t *rhead_blk, /* start blk of last record */
1099 struct xlog_rec_header **rhead, /* ptr to last record */
1100 bool *wrapped) /* last rec. wraps phys. log */
1102 struct xlog_rec_header *tmp_rhead;
1103 struct xfs_buf *tmp_bp;
1104 xfs_daddr_t first_bad;
1105 xfs_daddr_t tmp_rhead_blk;
1111 * Search backwards through the log looking for the log record header
1112 * block. This wraps all the way back around to the head so something is
1113 * seriously wrong if we can't find it.
1115 found = xlog_rseek_logrec_hdr(log, *head_blk, *head_blk, 1, bp, rhead_blk,
1120 xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__);
1124 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1127 * Now that we have a tail block, check the head of the log for torn
1128 * writes. Search again until we hit the tail or the maximum number of
1129 * log record I/Os that could have been in flight at one time. Use a
1130 * temporary buffer so we don't trash the rhead/bp pointer from the
1133 tmp_bp = xlog_get_bp(log, 1);
1136 error = xlog_rseek_logrec_hdr(log, *head_blk, *tail_blk,
1137 XLOG_MAX_ICLOGS, tmp_bp, &tmp_rhead_blk,
1138 &tmp_rhead, &tmp_wrapped);
1139 xlog_put_bp(tmp_bp);
1144 * Now run a CRC verification pass over the records starting at the
1145 * block found above to the current head. If a CRC failure occurs, the
1146 * log block of the first bad record is saved in first_bad.
1148 error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk,
1149 XLOG_RECOVER_CRCPASS, &first_bad);
1150 if (error == -EFSBADCRC) {
1152 * We've hit a potential torn write. Reset the error and warn
1157 "Torn write (CRC failure) detected at log block 0x%llx. Truncating head block from 0x%llx.",
1158 first_bad, *head_blk);
1161 * Get the header block and buffer pointer for the last good
1162 * record before the bad record.
1164 * Note that xlog_find_tail() clears the blocks at the new head
1165 * (i.e., the records with invalid CRC) if the cycle number
1166 * matches the the current cycle.
1168 found = xlog_rseek_logrec_hdr(log, first_bad, *tail_blk, 1, bp,
1169 rhead_blk, rhead, wrapped);
1172 if (found == 0) /* XXX: right thing to do here? */
1176 * Reset the head block to the starting block of the first bad
1177 * log record and set the tail block based on the last good
1180 * Bail out if the updated head/tail match as this indicates
1181 * possible corruption outside of the acceptable
1182 * (XLOG_MAX_ICLOGS) range. This is a job for xfs_repair...
1184 *head_blk = first_bad;
1185 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1186 if (*head_blk == *tail_blk) {
1192 * Now verify the tail based on the updated head. This is
1193 * required because the torn writes trimmed from the head could
1194 * have been written over the tail of a previous record. Return
1195 * any errors since recovery cannot proceed if the tail is
1198 * XXX: This leaves a gap in truly robust protection from torn
1199 * writes in the log. If the head is behind the tail, the tail
1200 * pushes forward to create some space and then a crash occurs
1201 * causing the writes into the previous record's tail region to
1202 * tear, log recovery isn't able to recover.
1204 * How likely is this to occur? If possible, can we do something
1205 * more intelligent here? Is it safe to push the tail forward if
1206 * we can determine that the tail is within the range of the
1207 * torn write (e.g., the kernel can only overwrite the tail if
1208 * it has actually been pushed forward)? Alternatively, could we
1209 * somehow prevent this condition at runtime?
1211 error = xlog_verify_tail(log, *head_blk, *tail_blk);
1218 * Find the sync block number or the tail of the log.
1220 * This will be the block number of the last record to have its
1221 * associated buffers synced to disk. Every log record header has
1222 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
1223 * to get a sync block number. The only concern is to figure out which
1224 * log record header to believe.
1226 * The following algorithm uses the log record header with the largest
1227 * lsn. The entire log record does not need to be valid. We only care
1228 * that the header is valid.
1230 * We could speed up search by using current head_blk buffer, but it is not
1236 xfs_daddr_t *head_blk,
1237 xfs_daddr_t *tail_blk)
1239 xlog_rec_header_t *rhead;
1240 xlog_op_header_t *op_head;
1241 char *offset = NULL;
1244 xfs_daddr_t umount_data_blk;
1245 xfs_daddr_t after_umount_blk;
1246 xfs_daddr_t rhead_blk;
1249 bool wrapped = false;
1252 * Find previous log record
1254 if ((error = xlog_find_head(log, head_blk)))
1257 bp = xlog_get_bp(log, 1);
1260 if (*head_blk == 0) { /* special case */
1261 error = xlog_bread(log, 0, 1, bp, &offset);
1265 if (xlog_get_cycle(offset) == 0) {
1267 /* leave all other log inited values alone */
1273 * Trim the head block back to skip over torn records. We can have
1274 * multiple log I/Os in flight at any time, so we assume CRC failures
1275 * back through the previous several records are torn writes and skip
1278 ASSERT(*head_blk < INT_MAX);
1279 error = xlog_verify_head(log, head_blk, tail_blk, bp, &rhead_blk,
1285 * Reset log values according to the state of the log when we
1286 * crashed. In the case where head_blk == 0, we bump curr_cycle
1287 * one because the next write starts a new cycle rather than
1288 * continuing the cycle of the last good log record. At this
1289 * point we have guaranteed that all partial log records have been
1290 * accounted for. Therefore, we know that the last good log record
1291 * written was complete and ended exactly on the end boundary
1292 * of the physical log.
1294 log->l_prev_block = rhead_blk;
1295 log->l_curr_block = (int)*head_blk;
1296 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
1298 log->l_curr_cycle++;
1299 atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn));
1300 atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn));
1301 xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle,
1302 BBTOB(log->l_curr_block));
1303 xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle,
1304 BBTOB(log->l_curr_block));
1307 * Look for unmount record. If we find it, then we know there
1308 * was a clean unmount. Since 'i' could be the last block in
1309 * the physical log, we convert to a log block before comparing
1312 * Save the current tail lsn to use to pass to
1313 * xlog_clear_stale_blocks() below. We won't want to clear the
1314 * unmount record if there is one, so we pass the lsn of the
1315 * unmount record rather than the block after it.
1317 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1318 int h_size = be32_to_cpu(rhead->h_size);
1319 int h_version = be32_to_cpu(rhead->h_version);
1321 if ((h_version & XLOG_VERSION_2) &&
1322 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
1323 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
1324 if (h_size % XLOG_HEADER_CYCLE_SIZE)
1332 after_umount_blk = rhead_blk + hblks + BTOBB(be32_to_cpu(rhead->h_len));
1333 after_umount_blk = do_mod(after_umount_blk, log->l_logBBsize);
1334 tail_lsn = atomic64_read(&log->l_tail_lsn);
1335 if (*head_blk == after_umount_blk &&
1336 be32_to_cpu(rhead->h_num_logops) == 1) {
1337 umount_data_blk = rhead_blk + hblks;
1338 umount_data_blk = do_mod(umount_data_blk, log->l_logBBsize);
1339 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
1343 op_head = (xlog_op_header_t *)offset;
1344 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
1346 * Set tail and last sync so that newly written
1347 * log records will point recovery to after the
1348 * current unmount record.
1350 xlog_assign_atomic_lsn(&log->l_tail_lsn,
1351 log->l_curr_cycle, after_umount_blk);
1352 xlog_assign_atomic_lsn(&log->l_last_sync_lsn,
1353 log->l_curr_cycle, after_umount_blk);
1354 *tail_blk = after_umount_blk;
1357 * Note that the unmount was clean. If the unmount
1358 * was not clean, we need to know this to rebuild the
1359 * superblock counters from the perag headers if we
1360 * have a filesystem using non-persistent counters.
1362 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1367 * Make sure that there are no blocks in front of the head
1368 * with the same cycle number as the head. This can happen
1369 * because we allow multiple outstanding log writes concurrently,
1370 * and the later writes might make it out before earlier ones.
1372 * We use the lsn from before modifying it so that we'll never
1373 * overwrite the unmount record after a clean unmount.
1375 * Do this only if we are going to recover the filesystem
1377 * NOTE: This used to say "if (!readonly)"
1378 * However on Linux, we can & do recover a read-only filesystem.
1379 * We only skip recovery if NORECOVERY is specified on mount,
1380 * in which case we would not be here.
1382 * But... if the -device- itself is readonly, just skip this.
1383 * We can't recover this device anyway, so it won't matter.
1385 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1386 error = xlog_clear_stale_blocks(log, tail_lsn);
1392 xfs_warn(log->l_mp, "failed to locate log tail");
1397 * Is the log zeroed at all?
1399 * The last binary search should be changed to perform an X block read
1400 * once X becomes small enough. You can then search linearly through
1401 * the X blocks. This will cut down on the number of reads we need to do.
1403 * If the log is partially zeroed, this routine will pass back the blkno
1404 * of the first block with cycle number 0. It won't have a complete LR
1408 * 0 => the log is completely written to
1409 * 1 => use *blk_no as the first block of the log
1410 * <0 => error has occurred
1415 xfs_daddr_t *blk_no)
1419 uint first_cycle, last_cycle;
1420 xfs_daddr_t new_blk, last_blk, start_blk;
1421 xfs_daddr_t num_scan_bblks;
1422 int error, log_bbnum = log->l_logBBsize;
1426 /* check totally zeroed log */
1427 bp = xlog_get_bp(log, 1);
1430 error = xlog_bread(log, 0, 1, bp, &offset);
1434 first_cycle = xlog_get_cycle(offset);
1435 if (first_cycle == 0) { /* completely zeroed log */
1441 /* check partially zeroed log */
1442 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1446 last_cycle = xlog_get_cycle(offset);
1447 if (last_cycle != 0) { /* log completely written to */
1450 } else if (first_cycle != 1) {
1452 * If the cycle of the last block is zero, the cycle of
1453 * the first block must be 1. If it's not, maybe we're
1454 * not looking at a log... Bail out.
1457 "Log inconsistent or not a log (last==0, first!=1)");
1462 /* we have a partially zeroed log */
1463 last_blk = log_bbnum-1;
1464 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1468 * Validate the answer. Because there is no way to guarantee that
1469 * the entire log is made up of log records which are the same size,
1470 * we scan over the defined maximum blocks. At this point, the maximum
1471 * is not chosen to mean anything special. XXXmiken
1473 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1474 ASSERT(num_scan_bblks <= INT_MAX);
1476 if (last_blk < num_scan_bblks)
1477 num_scan_bblks = last_blk;
1478 start_blk = last_blk - num_scan_bblks;
1481 * We search for any instances of cycle number 0 that occur before
1482 * our current estimate of the head. What we're trying to detect is
1483 * 1 ... | 0 | 1 | 0...
1484 * ^ binary search ends here
1486 if ((error = xlog_find_verify_cycle(log, start_blk,
1487 (int)num_scan_bblks, 0, &new_blk)))
1493 * Potentially backup over partial log record write. We don't need
1494 * to search the end of the log because we know it is zero.
1496 error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0);
1511 * These are simple subroutines used by xlog_clear_stale_blocks() below
1512 * to initialize a buffer full of empty log record headers and write
1513 * them into the log.
1524 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1526 memset(buf, 0, BBSIZE);
1527 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1528 recp->h_cycle = cpu_to_be32(cycle);
1529 recp->h_version = cpu_to_be32(
1530 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1531 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1532 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1533 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1534 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1538 xlog_write_log_records(
1549 int sectbb = log->l_sectBBsize;
1550 int end_block = start_block + blocks;
1556 * Greedily allocate a buffer big enough to handle the full
1557 * range of basic blocks to be written. If that fails, try
1558 * a smaller size. We need to be able to write at least a
1559 * log sector, or we're out of luck.
1561 bufblks = 1 << ffs(blocks);
1562 while (bufblks > log->l_logBBsize)
1564 while (!(bp = xlog_get_bp(log, bufblks))) {
1566 if (bufblks < sectbb)
1570 /* We may need to do a read at the start to fill in part of
1571 * the buffer in the starting sector not covered by the first
1574 balign = round_down(start_block, sectbb);
1575 if (balign != start_block) {
1576 error = xlog_bread_noalign(log, start_block, 1, bp);
1580 j = start_block - balign;
1583 for (i = start_block; i < end_block; i += bufblks) {
1584 int bcount, endcount;
1586 bcount = min(bufblks, end_block - start_block);
1587 endcount = bcount - j;
1589 /* We may need to do a read at the end to fill in part of
1590 * the buffer in the final sector not covered by the write.
1591 * If this is the same sector as the above read, skip it.
1593 ealign = round_down(end_block, sectbb);
1594 if (j == 0 && (start_block + endcount > ealign)) {
1595 offset = bp->b_addr + BBTOB(ealign - start_block);
1596 error = xlog_bread_offset(log, ealign, sectbb,
1603 offset = xlog_align(log, start_block, endcount, bp);
1604 for (; j < endcount; j++) {
1605 xlog_add_record(log, offset, cycle, i+j,
1606 tail_cycle, tail_block);
1609 error = xlog_bwrite(log, start_block, endcount, bp);
1612 start_block += endcount;
1622 * This routine is called to blow away any incomplete log writes out
1623 * in front of the log head. We do this so that we won't become confused
1624 * if we come up, write only a little bit more, and then crash again.
1625 * If we leave the partial log records out there, this situation could
1626 * cause us to think those partial writes are valid blocks since they
1627 * have the current cycle number. We get rid of them by overwriting them
1628 * with empty log records with the old cycle number rather than the
1631 * The tail lsn is passed in rather than taken from
1632 * the log so that we will not write over the unmount record after a
1633 * clean unmount in a 512 block log. Doing so would leave the log without
1634 * any valid log records in it until a new one was written. If we crashed
1635 * during that time we would not be able to recover.
1638 xlog_clear_stale_blocks(
1642 int tail_cycle, head_cycle;
1643 int tail_block, head_block;
1644 int tail_distance, max_distance;
1648 tail_cycle = CYCLE_LSN(tail_lsn);
1649 tail_block = BLOCK_LSN(tail_lsn);
1650 head_cycle = log->l_curr_cycle;
1651 head_block = log->l_curr_block;
1654 * Figure out the distance between the new head of the log
1655 * and the tail. We want to write over any blocks beyond the
1656 * head that we may have written just before the crash, but
1657 * we don't want to overwrite the tail of the log.
1659 if (head_cycle == tail_cycle) {
1661 * The tail is behind the head in the physical log,
1662 * so the distance from the head to the tail is the
1663 * distance from the head to the end of the log plus
1664 * the distance from the beginning of the log to the
1667 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1668 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1669 XFS_ERRLEVEL_LOW, log->l_mp);
1670 return -EFSCORRUPTED;
1672 tail_distance = tail_block + (log->l_logBBsize - head_block);
1675 * The head is behind the tail in the physical log,
1676 * so the distance from the head to the tail is just
1677 * the tail block minus the head block.
1679 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1680 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1681 XFS_ERRLEVEL_LOW, log->l_mp);
1682 return -EFSCORRUPTED;
1684 tail_distance = tail_block - head_block;
1688 * If the head is right up against the tail, we can't clear
1691 if (tail_distance <= 0) {
1692 ASSERT(tail_distance == 0);
1696 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1698 * Take the smaller of the maximum amount of outstanding I/O
1699 * we could have and the distance to the tail to clear out.
1700 * We take the smaller so that we don't overwrite the tail and
1701 * we don't waste all day writing from the head to the tail
1704 max_distance = MIN(max_distance, tail_distance);
1706 if ((head_block + max_distance) <= log->l_logBBsize) {
1708 * We can stomp all the blocks we need to without
1709 * wrapping around the end of the log. Just do it
1710 * in a single write. Use the cycle number of the
1711 * current cycle minus one so that the log will look like:
1714 error = xlog_write_log_records(log, (head_cycle - 1),
1715 head_block, max_distance, tail_cycle,
1721 * We need to wrap around the end of the physical log in
1722 * order to clear all the blocks. Do it in two separate
1723 * I/Os. The first write should be from the head to the
1724 * end of the physical log, and it should use the current
1725 * cycle number minus one just like above.
1727 distance = log->l_logBBsize - head_block;
1728 error = xlog_write_log_records(log, (head_cycle - 1),
1729 head_block, distance, tail_cycle,
1736 * Now write the blocks at the start of the physical log.
1737 * This writes the remainder of the blocks we want to clear.
1738 * It uses the current cycle number since we're now on the
1739 * same cycle as the head so that we get:
1740 * n ... n ... | n - 1 ...
1741 * ^^^^^ blocks we're writing
1743 distance = max_distance - (log->l_logBBsize - head_block);
1744 error = xlog_write_log_records(log, head_cycle, 0, distance,
1745 tail_cycle, tail_block);
1753 /******************************************************************************
1755 * Log recover routines
1757 ******************************************************************************
1761 * Sort the log items in the transaction.
1763 * The ordering constraints are defined by the inode allocation and unlink
1764 * behaviour. The rules are:
1766 * 1. Every item is only logged once in a given transaction. Hence it
1767 * represents the last logged state of the item. Hence ordering is
1768 * dependent on the order in which operations need to be performed so
1769 * required initial conditions are always met.
1771 * 2. Cancelled buffers are recorded in pass 1 in a separate table and
1772 * there's nothing to replay from them so we can simply cull them
1773 * from the transaction. However, we can't do that until after we've
1774 * replayed all the other items because they may be dependent on the
1775 * cancelled buffer and replaying the cancelled buffer can remove it
1776 * form the cancelled buffer table. Hence they have tobe done last.
1778 * 3. Inode allocation buffers must be replayed before inode items that
1779 * read the buffer and replay changes into it. For filesystems using the
1780 * ICREATE transactions, this means XFS_LI_ICREATE objects need to get
1781 * treated the same as inode allocation buffers as they create and
1782 * initialise the buffers directly.
1784 * 4. Inode unlink buffers must be replayed after inode items are replayed.
1785 * This ensures that inodes are completely flushed to the inode buffer
1786 * in a "free" state before we remove the unlinked inode list pointer.
1788 * Hence the ordering needs to be inode allocation buffers first, inode items
1789 * second, inode unlink buffers third and cancelled buffers last.
1791 * But there's a problem with that - we can't tell an inode allocation buffer
1792 * apart from a regular buffer, so we can't separate them. We can, however,
1793 * tell an inode unlink buffer from the others, and so we can separate them out
1794 * from all the other buffers and move them to last.
1796 * Hence, 4 lists, in order from head to tail:
1797 * - buffer_list for all buffers except cancelled/inode unlink buffers
1798 * - item_list for all non-buffer items
1799 * - inode_buffer_list for inode unlink buffers
1800 * - cancel_list for the cancelled buffers
1802 * Note that we add objects to the tail of the lists so that first-to-last
1803 * ordering is preserved within the lists. Adding objects to the head of the
1804 * list means when we traverse from the head we walk them in last-to-first
1805 * order. For cancelled buffers and inode unlink buffers this doesn't matter,
1806 * but for all other items there may be specific ordering that we need to
1810 xlog_recover_reorder_trans(
1812 struct xlog_recover *trans,
1815 xlog_recover_item_t *item, *n;
1817 LIST_HEAD(sort_list);
1818 LIST_HEAD(cancel_list);
1819 LIST_HEAD(buffer_list);
1820 LIST_HEAD(inode_buffer_list);
1821 LIST_HEAD(inode_list);
1823 list_splice_init(&trans->r_itemq, &sort_list);
1824 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1825 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1827 switch (ITEM_TYPE(item)) {
1828 case XFS_LI_ICREATE:
1829 list_move_tail(&item->ri_list, &buffer_list);
1832 if (buf_f->blf_flags & XFS_BLF_CANCEL) {
1833 trace_xfs_log_recover_item_reorder_head(log,
1835 list_move(&item->ri_list, &cancel_list);
1838 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1839 list_move(&item->ri_list, &inode_buffer_list);
1842 list_move_tail(&item->ri_list, &buffer_list);
1846 case XFS_LI_QUOTAOFF:
1849 trace_xfs_log_recover_item_reorder_tail(log,
1851 list_move_tail(&item->ri_list, &inode_list);
1855 "%s: unrecognized type of log operation",
1859 * return the remaining items back to the transaction
1860 * item list so they can be freed in caller.
1862 if (!list_empty(&sort_list))
1863 list_splice_init(&sort_list, &trans->r_itemq);
1869 ASSERT(list_empty(&sort_list));
1870 if (!list_empty(&buffer_list))
1871 list_splice(&buffer_list, &trans->r_itemq);
1872 if (!list_empty(&inode_list))
1873 list_splice_tail(&inode_list, &trans->r_itemq);
1874 if (!list_empty(&inode_buffer_list))
1875 list_splice_tail(&inode_buffer_list, &trans->r_itemq);
1876 if (!list_empty(&cancel_list))
1877 list_splice_tail(&cancel_list, &trans->r_itemq);
1882 * Build up the table of buf cancel records so that we don't replay
1883 * cancelled data in the second pass. For buffer records that are
1884 * not cancel records, there is nothing to do here so we just return.
1886 * If we get a cancel record which is already in the table, this indicates
1887 * that the buffer was cancelled multiple times. In order to ensure
1888 * that during pass 2 we keep the record in the table until we reach its
1889 * last occurrence in the log, we keep a reference count in the cancel
1890 * record in the table to tell us how many times we expect to see this
1891 * record during the second pass.
1894 xlog_recover_buffer_pass1(
1896 struct xlog_recover_item *item)
1898 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1899 struct list_head *bucket;
1900 struct xfs_buf_cancel *bcp;
1903 * If this isn't a cancel buffer item, then just return.
1905 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
1906 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1911 * Insert an xfs_buf_cancel record into the hash table of them.
1912 * If there is already an identical record, bump its reference count.
1914 bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno);
1915 list_for_each_entry(bcp, bucket, bc_list) {
1916 if (bcp->bc_blkno == buf_f->blf_blkno &&
1917 bcp->bc_len == buf_f->blf_len) {
1919 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1924 bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP);
1925 bcp->bc_blkno = buf_f->blf_blkno;
1926 bcp->bc_len = buf_f->blf_len;
1927 bcp->bc_refcount = 1;
1928 list_add_tail(&bcp->bc_list, bucket);
1930 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
1935 * Check to see whether the buffer being recovered has a corresponding
1936 * entry in the buffer cancel record table. If it is, return the cancel
1937 * buffer structure to the caller.
1939 STATIC struct xfs_buf_cancel *
1940 xlog_peek_buffer_cancelled(
1946 struct list_head *bucket;
1947 struct xfs_buf_cancel *bcp;
1949 if (!log->l_buf_cancel_table) {
1950 /* empty table means no cancelled buffers in the log */
1951 ASSERT(!(flags & XFS_BLF_CANCEL));
1955 bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno);
1956 list_for_each_entry(bcp, bucket, bc_list) {
1957 if (bcp->bc_blkno == blkno && bcp->bc_len == len)
1962 * We didn't find a corresponding entry in the table, so return 0 so
1963 * that the buffer is NOT cancelled.
1965 ASSERT(!(flags & XFS_BLF_CANCEL));
1970 * If the buffer is being cancelled then return 1 so that it will be cancelled,
1971 * otherwise return 0. If the buffer is actually a buffer cancel item
1972 * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the
1973 * table and remove it from the table if this is the last reference.
1975 * We remove the cancel record from the table when we encounter its last
1976 * occurrence in the log so that if the same buffer is re-used again after its
1977 * last cancellation we actually replay the changes made at that point.
1980 xlog_check_buffer_cancelled(
1986 struct xfs_buf_cancel *bcp;
1988 bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags);
1993 * We've go a match, so return 1 so that the recovery of this buffer
1994 * is cancelled. If this buffer is actually a buffer cancel log
1995 * item, then decrement the refcount on the one in the table and
1996 * remove it if this is the last reference.
1998 if (flags & XFS_BLF_CANCEL) {
1999 if (--bcp->bc_refcount == 0) {
2000 list_del(&bcp->bc_list);
2008 * Perform recovery for a buffer full of inodes. In these buffers, the only
2009 * data which should be recovered is that which corresponds to the
2010 * di_next_unlinked pointers in the on disk inode structures. The rest of the
2011 * data for the inodes is always logged through the inodes themselves rather
2012 * than the inode buffer and is recovered in xlog_recover_inode_pass2().
2014 * The only time when buffers full of inodes are fully recovered is when the
2015 * buffer is full of newly allocated inodes. In this case the buffer will
2016 * not be marked as an inode buffer and so will be sent to
2017 * xlog_recover_do_reg_buffer() below during recovery.
2020 xlog_recover_do_inode_buffer(
2021 struct xfs_mount *mp,
2022 xlog_recover_item_t *item,
2024 xfs_buf_log_format_t *buf_f)
2030 int reg_buf_offset = 0;
2031 int reg_buf_bytes = 0;
2032 int next_unlinked_offset;
2034 xfs_agino_t *logged_nextp;
2035 xfs_agino_t *buffer_nextp;
2037 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
2040 * Post recovery validation only works properly on CRC enabled
2043 if (xfs_sb_version_hascrc(&mp->m_sb))
2044 bp->b_ops = &xfs_inode_buf_ops;
2046 inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog;
2047 for (i = 0; i < inodes_per_buf; i++) {
2048 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
2049 offsetof(xfs_dinode_t, di_next_unlinked);
2051 while (next_unlinked_offset >=
2052 (reg_buf_offset + reg_buf_bytes)) {
2054 * The next di_next_unlinked field is beyond
2055 * the current logged region. Find the next
2056 * logged region that contains or is beyond
2057 * the current di_next_unlinked field.
2060 bit = xfs_next_bit(buf_f->blf_data_map,
2061 buf_f->blf_map_size, bit);
2064 * If there are no more logged regions in the
2065 * buffer, then we're done.
2070 nbits = xfs_contig_bits(buf_f->blf_data_map,
2071 buf_f->blf_map_size, bit);
2073 reg_buf_offset = bit << XFS_BLF_SHIFT;
2074 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
2079 * If the current logged region starts after the current
2080 * di_next_unlinked field, then move on to the next
2081 * di_next_unlinked field.
2083 if (next_unlinked_offset < reg_buf_offset)
2086 ASSERT(item->ri_buf[item_index].i_addr != NULL);
2087 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
2088 ASSERT((reg_buf_offset + reg_buf_bytes) <=
2089 BBTOB(bp->b_io_length));
2092 * The current logged region contains a copy of the
2093 * current di_next_unlinked field. Extract its value
2094 * and copy it to the buffer copy.
2096 logged_nextp = item->ri_buf[item_index].i_addr +
2097 next_unlinked_offset - reg_buf_offset;
2098 if (unlikely(*logged_nextp == 0)) {
2100 "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). "
2101 "Trying to replay bad (0) inode di_next_unlinked field.",
2103 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
2104 XFS_ERRLEVEL_LOW, mp);
2105 return -EFSCORRUPTED;
2108 buffer_nextp = xfs_buf_offset(bp, next_unlinked_offset);
2109 *buffer_nextp = *logged_nextp;
2112 * If necessary, recalculate the CRC in the on-disk inode. We
2113 * have to leave the inode in a consistent state for whoever
2116 xfs_dinode_calc_crc(mp,
2117 xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize));
2125 * V5 filesystems know the age of the buffer on disk being recovered. We can
2126 * have newer objects on disk than we are replaying, and so for these cases we
2127 * don't want to replay the current change as that will make the buffer contents
2128 * temporarily invalid on disk.
2130 * The magic number might not match the buffer type we are going to recover
2131 * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence
2132 * extract the LSN of the existing object in the buffer based on it's current
2133 * magic number. If we don't recognise the magic number in the buffer, then
2134 * return a LSN of -1 so that the caller knows it was an unrecognised block and
2135 * so can recover the buffer.
2137 * Note: we cannot rely solely on magic number matches to determine that the
2138 * buffer has a valid LSN - we also need to verify that it belongs to this
2139 * filesystem, so we need to extract the object's LSN and compare it to that
2140 * which we read from the superblock. If the UUIDs don't match, then we've got a
2141 * stale metadata block from an old filesystem instance that we need to recover
2145 xlog_recover_get_buf_lsn(
2146 struct xfs_mount *mp,
2152 void *blk = bp->b_addr;
2156 /* v4 filesystems always recover immediately */
2157 if (!xfs_sb_version_hascrc(&mp->m_sb))
2158 goto recover_immediately;
2160 magic32 = be32_to_cpu(*(__be32 *)blk);
2162 case XFS_ABTB_CRC_MAGIC:
2163 case XFS_ABTC_CRC_MAGIC:
2164 case XFS_ABTB_MAGIC:
2165 case XFS_ABTC_MAGIC:
2166 case XFS_IBT_CRC_MAGIC:
2167 case XFS_IBT_MAGIC: {
2168 struct xfs_btree_block *btb = blk;
2170 lsn = be64_to_cpu(btb->bb_u.s.bb_lsn);
2171 uuid = &btb->bb_u.s.bb_uuid;
2174 case XFS_BMAP_CRC_MAGIC:
2175 case XFS_BMAP_MAGIC: {
2176 struct xfs_btree_block *btb = blk;
2178 lsn = be64_to_cpu(btb->bb_u.l.bb_lsn);
2179 uuid = &btb->bb_u.l.bb_uuid;
2183 lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn);
2184 uuid = &((struct xfs_agf *)blk)->agf_uuid;
2186 case XFS_AGFL_MAGIC:
2187 lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn);
2188 uuid = &((struct xfs_agfl *)blk)->agfl_uuid;
2191 lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn);
2192 uuid = &((struct xfs_agi *)blk)->agi_uuid;
2194 case XFS_SYMLINK_MAGIC:
2195 lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn);
2196 uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid;
2198 case XFS_DIR3_BLOCK_MAGIC:
2199 case XFS_DIR3_DATA_MAGIC:
2200 case XFS_DIR3_FREE_MAGIC:
2201 lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn);
2202 uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid;
2204 case XFS_ATTR3_RMT_MAGIC:
2206 * Remote attr blocks are written synchronously, rather than
2207 * being logged. That means they do not contain a valid LSN
2208 * (i.e. transactionally ordered) in them, and hence any time we
2209 * see a buffer to replay over the top of a remote attribute
2210 * block we should simply do so.
2212 goto recover_immediately;
2215 * superblock uuids are magic. We may or may not have a
2216 * sb_meta_uuid on disk, but it will be set in the in-core
2217 * superblock. We set the uuid pointer for verification
2218 * according to the superblock feature mask to ensure we check
2219 * the relevant UUID in the superblock.
2221 lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn);
2222 if (xfs_sb_version_hasmetauuid(&mp->m_sb))
2223 uuid = &((struct xfs_dsb *)blk)->sb_meta_uuid;
2225 uuid = &((struct xfs_dsb *)blk)->sb_uuid;
2231 if (lsn != (xfs_lsn_t)-1) {
2232 if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid))
2233 goto recover_immediately;
2237 magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic);
2239 case XFS_DIR3_LEAF1_MAGIC:
2240 case XFS_DIR3_LEAFN_MAGIC:
2241 case XFS_DA3_NODE_MAGIC:
2242 lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn);
2243 uuid = &((struct xfs_da3_blkinfo *)blk)->uuid;
2249 if (lsn != (xfs_lsn_t)-1) {
2250 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
2251 goto recover_immediately;
2256 * We do individual object checks on dquot and inode buffers as they
2257 * have their own individual LSN records. Also, we could have a stale
2258 * buffer here, so we have to at least recognise these buffer types.
2260 * A notd complexity here is inode unlinked list processing - it logs
2261 * the inode directly in the buffer, but we don't know which inodes have
2262 * been modified, and there is no global buffer LSN. Hence we need to
2263 * recover all inode buffer types immediately. This problem will be
2264 * fixed by logical logging of the unlinked list modifications.
2266 magic16 = be16_to_cpu(*(__be16 *)blk);
2268 case XFS_DQUOT_MAGIC:
2269 case XFS_DINODE_MAGIC:
2270 goto recover_immediately;
2275 /* unknown buffer contents, recover immediately */
2277 recover_immediately:
2278 return (xfs_lsn_t)-1;
2283 * Validate the recovered buffer is of the correct type and attach the
2284 * appropriate buffer operations to them for writeback. Magic numbers are in a
2286 * the first 16 bits of the buffer (inode buffer, dquot buffer),
2287 * the first 32 bits of the buffer (most blocks),
2288 * inside a struct xfs_da_blkinfo at the start of the buffer.
2291 xlog_recover_validate_buf_type(
2292 struct xfs_mount *mp,
2294 xfs_buf_log_format_t *buf_f)
2296 struct xfs_da_blkinfo *info = bp->b_addr;
2302 * We can only do post recovery validation on items on CRC enabled
2303 * fielsystems as we need to know when the buffer was written to be able
2304 * to determine if we should have replayed the item. If we replay old
2305 * metadata over a newer buffer, then it will enter a temporarily
2306 * inconsistent state resulting in verification failures. Hence for now
2307 * just avoid the verification stage for non-crc filesystems
2309 if (!xfs_sb_version_hascrc(&mp->m_sb))
2312 magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
2313 magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
2314 magicda = be16_to_cpu(info->magic);
2315 switch (xfs_blft_from_flags(buf_f)) {
2316 case XFS_BLFT_BTREE_BUF:
2318 case XFS_ABTB_CRC_MAGIC:
2319 case XFS_ABTC_CRC_MAGIC:
2320 case XFS_ABTB_MAGIC:
2321 case XFS_ABTC_MAGIC:
2322 bp->b_ops = &xfs_allocbt_buf_ops;
2324 case XFS_IBT_CRC_MAGIC:
2325 case XFS_FIBT_CRC_MAGIC:
2327 case XFS_FIBT_MAGIC:
2328 bp->b_ops = &xfs_inobt_buf_ops;
2330 case XFS_BMAP_CRC_MAGIC:
2331 case XFS_BMAP_MAGIC:
2332 bp->b_ops = &xfs_bmbt_buf_ops;
2335 xfs_warn(mp, "Bad btree block magic!");
2340 case XFS_BLFT_AGF_BUF:
2341 if (magic32 != XFS_AGF_MAGIC) {
2342 xfs_warn(mp, "Bad AGF block magic!");
2346 bp->b_ops = &xfs_agf_buf_ops;
2348 case XFS_BLFT_AGFL_BUF:
2349 if (magic32 != XFS_AGFL_MAGIC) {
2350 xfs_warn(mp, "Bad AGFL block magic!");
2354 bp->b_ops = &xfs_agfl_buf_ops;
2356 case XFS_BLFT_AGI_BUF:
2357 if (magic32 != XFS_AGI_MAGIC) {
2358 xfs_warn(mp, "Bad AGI block magic!");
2362 bp->b_ops = &xfs_agi_buf_ops;
2364 case XFS_BLFT_UDQUOT_BUF:
2365 case XFS_BLFT_PDQUOT_BUF:
2366 case XFS_BLFT_GDQUOT_BUF:
2367 #ifdef CONFIG_XFS_QUOTA
2368 if (magic16 != XFS_DQUOT_MAGIC) {
2369 xfs_warn(mp, "Bad DQUOT block magic!");
2373 bp->b_ops = &xfs_dquot_buf_ops;
2376 "Trying to recover dquots without QUOTA support built in!");
2380 case XFS_BLFT_DINO_BUF:
2381 if (magic16 != XFS_DINODE_MAGIC) {
2382 xfs_warn(mp, "Bad INODE block magic!");
2386 bp->b_ops = &xfs_inode_buf_ops;
2388 case XFS_BLFT_SYMLINK_BUF:
2389 if (magic32 != XFS_SYMLINK_MAGIC) {
2390 xfs_warn(mp, "Bad symlink block magic!");
2394 bp->b_ops = &xfs_symlink_buf_ops;
2396 case XFS_BLFT_DIR_BLOCK_BUF:
2397 if (magic32 != XFS_DIR2_BLOCK_MAGIC &&
2398 magic32 != XFS_DIR3_BLOCK_MAGIC) {
2399 xfs_warn(mp, "Bad dir block magic!");
2403 bp->b_ops = &xfs_dir3_block_buf_ops;
2405 case XFS_BLFT_DIR_DATA_BUF:
2406 if (magic32 != XFS_DIR2_DATA_MAGIC &&
2407 magic32 != XFS_DIR3_DATA_MAGIC) {
2408 xfs_warn(mp, "Bad dir data magic!");
2412 bp->b_ops = &xfs_dir3_data_buf_ops;
2414 case XFS_BLFT_DIR_FREE_BUF:
2415 if (magic32 != XFS_DIR2_FREE_MAGIC &&
2416 magic32 != XFS_DIR3_FREE_MAGIC) {
2417 xfs_warn(mp, "Bad dir3 free magic!");
2421 bp->b_ops = &xfs_dir3_free_buf_ops;
2423 case XFS_BLFT_DIR_LEAF1_BUF:
2424 if (magicda != XFS_DIR2_LEAF1_MAGIC &&
2425 magicda != XFS_DIR3_LEAF1_MAGIC) {
2426 xfs_warn(mp, "Bad dir leaf1 magic!");
2430 bp->b_ops = &xfs_dir3_leaf1_buf_ops;
2432 case XFS_BLFT_DIR_LEAFN_BUF:
2433 if (magicda != XFS_DIR2_LEAFN_MAGIC &&
2434 magicda != XFS_DIR3_LEAFN_MAGIC) {
2435 xfs_warn(mp, "Bad dir leafn magic!");
2439 bp->b_ops = &xfs_dir3_leafn_buf_ops;
2441 case XFS_BLFT_DA_NODE_BUF:
2442 if (magicda != XFS_DA_NODE_MAGIC &&
2443 magicda != XFS_DA3_NODE_MAGIC) {
2444 xfs_warn(mp, "Bad da node magic!");
2448 bp->b_ops = &xfs_da3_node_buf_ops;
2450 case XFS_BLFT_ATTR_LEAF_BUF:
2451 if (magicda != XFS_ATTR_LEAF_MAGIC &&
2452 magicda != XFS_ATTR3_LEAF_MAGIC) {
2453 xfs_warn(mp, "Bad attr leaf magic!");
2457 bp->b_ops = &xfs_attr3_leaf_buf_ops;
2459 case XFS_BLFT_ATTR_RMT_BUF:
2460 if (magic32 != XFS_ATTR3_RMT_MAGIC) {
2461 xfs_warn(mp, "Bad attr remote magic!");
2465 bp->b_ops = &xfs_attr3_rmt_buf_ops;
2467 case XFS_BLFT_SB_BUF:
2468 if (magic32 != XFS_SB_MAGIC) {
2469 xfs_warn(mp, "Bad SB block magic!");
2473 bp->b_ops = &xfs_sb_buf_ops;
2475 #ifdef CONFIG_XFS_RT
2476 case XFS_BLFT_RTBITMAP_BUF:
2477 case XFS_BLFT_RTSUMMARY_BUF:
2478 /* no magic numbers for verification of RT buffers */
2479 bp->b_ops = &xfs_rtbuf_ops;
2481 #endif /* CONFIG_XFS_RT */
2483 xfs_warn(mp, "Unknown buffer type %d!",
2484 xfs_blft_from_flags(buf_f));
2490 * Perform a 'normal' buffer recovery. Each logged region of the
2491 * buffer should be copied over the corresponding region in the
2492 * given buffer. The bitmap in the buf log format structure indicates
2493 * where to place the logged data.
2496 xlog_recover_do_reg_buffer(
2497 struct xfs_mount *mp,
2498 xlog_recover_item_t *item,
2500 xfs_buf_log_format_t *buf_f)
2507 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
2510 i = 1; /* 0 is the buf format structure */
2512 bit = xfs_next_bit(buf_f->blf_data_map,
2513 buf_f->blf_map_size, bit);
2516 nbits = xfs_contig_bits(buf_f->blf_data_map,
2517 buf_f->blf_map_size, bit);
2519 ASSERT(item->ri_buf[i].i_addr != NULL);
2520 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
2521 ASSERT(BBTOB(bp->b_io_length) >=
2522 ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT));
2525 * The dirty regions logged in the buffer, even though
2526 * contiguous, may span multiple chunks. This is because the
2527 * dirty region may span a physical page boundary in a buffer
2528 * and hence be split into two separate vectors for writing into
2529 * the log. Hence we need to trim nbits back to the length of
2530 * the current region being copied out of the log.
2532 if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT))
2533 nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT;
2536 * Do a sanity check if this is a dquot buffer. Just checking
2537 * the first dquot in the buffer should do. XXXThis is
2538 * probably a good thing to do for other buf types also.
2541 if (buf_f->blf_flags &
2542 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2543 if (item->ri_buf[i].i_addr == NULL) {
2545 "XFS: NULL dquot in %s.", __func__);
2548 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
2550 "XFS: dquot too small (%d) in %s.",
2551 item->ri_buf[i].i_len, __func__);
2554 error = xfs_dqcheck(mp, item->ri_buf[i].i_addr,
2555 -1, 0, XFS_QMOPT_DOWARN,
2556 "dquot_buf_recover");
2561 memcpy(xfs_buf_offset(bp,
2562 (uint)bit << XFS_BLF_SHIFT), /* dest */
2563 item->ri_buf[i].i_addr, /* source */
2564 nbits<<XFS_BLF_SHIFT); /* length */
2570 /* Shouldn't be any more regions */
2571 ASSERT(i == item->ri_total);
2573 xlog_recover_validate_buf_type(mp, bp, buf_f);
2577 * Perform a dquot buffer recovery.
2578 * Simple algorithm: if we have found a QUOTAOFF log item of the same type
2579 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2580 * Else, treat it as a regular buffer and do recovery.
2582 * Return false if the buffer was tossed and true if we recovered the buffer to
2583 * indicate to the caller if the buffer needs writing.
2586 xlog_recover_do_dquot_buffer(
2587 struct xfs_mount *mp,
2589 struct xlog_recover_item *item,
2591 struct xfs_buf_log_format *buf_f)
2595 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2598 * Filesystems are required to send in quota flags at mount time.
2604 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
2605 type |= XFS_DQ_USER;
2606 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
2607 type |= XFS_DQ_PROJ;
2608 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
2609 type |= XFS_DQ_GROUP;
2611 * This type of quotas was turned off, so ignore this buffer
2613 if (log->l_quotaoffs_flag & type)
2616 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2621 * This routine replays a modification made to a buffer at runtime.
2622 * There are actually two types of buffer, regular and inode, which
2623 * are handled differently. Inode buffers are handled differently
2624 * in that we only recover a specific set of data from them, namely
2625 * the inode di_next_unlinked fields. This is because all other inode
2626 * data is actually logged via inode records and any data we replay
2627 * here which overlaps that may be stale.
2629 * When meta-data buffers are freed at run time we log a buffer item
2630 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
2631 * of the buffer in the log should not be replayed at recovery time.
2632 * This is so that if the blocks covered by the buffer are reused for
2633 * file data before we crash we don't end up replaying old, freed
2634 * meta-data into a user's file.
2636 * To handle the cancellation of buffer log items, we make two passes
2637 * over the log during recovery. During the first we build a table of
2638 * those buffers which have been cancelled, and during the second we
2639 * only replay those buffers which do not have corresponding cancel
2640 * records in the table. See xlog_recover_buffer_pass[1,2] above
2641 * for more details on the implementation of the table of cancel records.
2644 xlog_recover_buffer_pass2(
2646 struct list_head *buffer_list,
2647 struct xlog_recover_item *item,
2648 xfs_lsn_t current_lsn)
2650 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
2651 xfs_mount_t *mp = log->l_mp;
2658 * In this pass we only want to recover all the buffers which have
2659 * not been cancelled and are not cancellation buffers themselves.
2661 if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno,
2662 buf_f->blf_len, buf_f->blf_flags)) {
2663 trace_xfs_log_recover_buf_cancel(log, buf_f);
2667 trace_xfs_log_recover_buf_recover(log, buf_f);
2670 if (buf_f->blf_flags & XFS_BLF_INODE_BUF)
2671 buf_flags |= XBF_UNMAPPED;
2673 bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len,
2677 error = bp->b_error;
2679 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)");
2684 * Recover the buffer only if we get an LSN from it and it's less than
2685 * the lsn of the transaction we are replaying.
2687 * Note that we have to be extremely careful of readahead here.
2688 * Readahead does not attach verfiers to the buffers so if we don't
2689 * actually do any replay after readahead because of the LSN we found
2690 * in the buffer if more recent than that current transaction then we
2691 * need to attach the verifier directly. Failure to do so can lead to
2692 * future recovery actions (e.g. EFI and unlinked list recovery) can
2693 * operate on the buffers and they won't get the verifier attached. This
2694 * can lead to blocks on disk having the correct content but a stale
2697 * It is safe to assume these clean buffers are currently up to date.
2698 * If the buffer is dirtied by a later transaction being replayed, then
2699 * the verifier will be reset to match whatever recover turns that
2702 lsn = xlog_recover_get_buf_lsn(mp, bp);
2703 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2704 xlog_recover_validate_buf_type(mp, bp, buf_f);
2708 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
2709 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2712 } else if (buf_f->blf_flags &
2713 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2716 dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2720 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2724 * Perform delayed write on the buffer. Asynchronous writes will be
2725 * slower when taking into account all the buffers to be flushed.
2727 * Also make sure that only inode buffers with good sizes stay in
2728 * the buffer cache. The kernel moves inodes in buffers of 1 block
2729 * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode
2730 * buffers in the log can be a different size if the log was generated
2731 * by an older kernel using unclustered inode buffers or a newer kernel
2732 * running with a different inode cluster size. Regardless, if the
2733 * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size)
2734 * for *our* value of mp->m_inode_cluster_size, then we need to keep
2735 * the buffer out of the buffer cache so that the buffer won't
2736 * overlap with future reads of those inodes.
2738 if (XFS_DINODE_MAGIC ==
2739 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2740 (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize,
2741 (__uint32_t)log->l_mp->m_inode_cluster_size))) {
2743 error = xfs_bwrite(bp);
2745 ASSERT(bp->b_target->bt_mount == mp);
2746 bp->b_iodone = xlog_recover_iodone;
2747 xfs_buf_delwri_queue(bp, buffer_list);
2756 * Inode fork owner changes
2758 * If we have been told that we have to reparent the inode fork, it's because an
2759 * extent swap operation on a CRC enabled filesystem has been done and we are
2760 * replaying it. We need to walk the BMBT of the appropriate fork and change the
2763 * The complexity here is that we don't have an inode context to work with, so
2764 * after we've replayed the inode we need to instantiate one. This is where the
2767 * We are in the middle of log recovery, so we can't run transactions. That
2768 * means we cannot use cache coherent inode instantiation via xfs_iget(), as
2769 * that will result in the corresponding iput() running the inode through
2770 * xfs_inactive(). If we've just replayed an inode core that changes the link
2771 * count to zero (i.e. it's been unlinked), then xfs_inactive() will run
2772 * transactions (bad!).
2774 * So, to avoid this, we instantiate an inode directly from the inode core we've
2775 * just recovered. We have the buffer still locked, and all we really need to
2776 * instantiate is the inode core and the forks being modified. We can do this
2777 * manually, then run the inode btree owner change, and then tear down the
2778 * xfs_inode without having to run any transactions at all.
2780 * Also, because we don't have a transaction context available here but need to
2781 * gather all the buffers we modify for writeback so we pass the buffer_list
2782 * instead for the operation to use.
2786 xfs_recover_inode_owner_change(
2787 struct xfs_mount *mp,
2788 struct xfs_dinode *dip,
2789 struct xfs_inode_log_format *in_f,
2790 struct list_head *buffer_list)
2792 struct xfs_inode *ip;
2795 ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER));
2797 ip = xfs_inode_alloc(mp, in_f->ilf_ino);
2801 /* instantiate the inode */
2802 xfs_inode_from_disk(ip, dip);
2803 ASSERT(ip->i_d.di_version >= 3);
2805 error = xfs_iformat_fork(ip, dip);
2810 if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
2811 ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
2812 error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK,
2813 ip->i_ino, buffer_list);
2818 if (in_f->ilf_fields & XFS_ILOG_AOWNER) {
2819 ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT);
2820 error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK,
2821 ip->i_ino, buffer_list);
2832 xlog_recover_inode_pass2(
2834 struct list_head *buffer_list,
2835 struct xlog_recover_item *item,
2836 xfs_lsn_t current_lsn)
2838 xfs_inode_log_format_t *in_f;
2839 xfs_mount_t *mp = log->l_mp;
2848 struct xfs_log_dinode *ldip;
2852 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2853 in_f = item->ri_buf[0].i_addr;
2855 in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP);
2857 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2863 * Inode buffers can be freed, look out for it,
2864 * and do not replay the inode.
2866 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2867 in_f->ilf_len, 0)) {
2869 trace_xfs_log_recover_inode_cancel(log, in_f);
2872 trace_xfs_log_recover_inode_recover(log, in_f);
2874 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0,
2875 &xfs_inode_buf_ops);
2880 error = bp->b_error;
2882 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)");
2885 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2886 dip = xfs_buf_offset(bp, in_f->ilf_boffset);
2889 * Make sure the place we're flushing out to really looks
2892 if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) {
2894 "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld",
2895 __func__, dip, bp, in_f->ilf_ino);
2896 XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)",
2897 XFS_ERRLEVEL_LOW, mp);
2898 error = -EFSCORRUPTED;
2901 ldip = item->ri_buf[1].i_addr;
2902 if (unlikely(ldip->di_magic != XFS_DINODE_MAGIC)) {
2904 "%s: Bad inode log record, rec ptr 0x%p, ino %Ld",
2905 __func__, item, in_f->ilf_ino);
2906 XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)",
2907 XFS_ERRLEVEL_LOW, mp);
2908 error = -EFSCORRUPTED;
2913 * If the inode has an LSN in it, recover the inode only if it's less
2914 * than the lsn of the transaction we are replaying. Note: we still
2915 * need to replay an owner change even though the inode is more recent
2916 * than the transaction as there is no guarantee that all the btree
2917 * blocks are more recent than this transaction, too.
2919 if (dip->di_version >= 3) {
2920 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
2922 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2923 trace_xfs_log_recover_inode_skip(log, in_f);
2925 goto out_owner_change;
2930 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
2931 * are transactional and if ordering is necessary we can determine that
2932 * more accurately by the LSN field in the V3 inode core. Don't trust
2933 * the inode versions we might be changing them here - use the
2934 * superblock flag to determine whether we need to look at di_flushiter
2935 * to skip replay when the on disk inode is newer than the log one
2937 if (!xfs_sb_version_hascrc(&mp->m_sb) &&
2938 ldip->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
2940 * Deal with the wrap case, DI_MAX_FLUSH is less
2941 * than smaller numbers
2943 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
2944 ldip->di_flushiter < (DI_MAX_FLUSH >> 1)) {
2947 trace_xfs_log_recover_inode_skip(log, in_f);
2953 /* Take the opportunity to reset the flush iteration count */
2954 ldip->di_flushiter = 0;
2956 if (unlikely(S_ISREG(ldip->di_mode))) {
2957 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
2958 (ldip->di_format != XFS_DINODE_FMT_BTREE)) {
2959 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
2960 XFS_ERRLEVEL_LOW, mp, ldip);
2962 "%s: Bad regular inode log record, rec ptr 0x%p, "
2963 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2964 __func__, item, dip, bp, in_f->ilf_ino);
2965 error = -EFSCORRUPTED;
2968 } else if (unlikely(S_ISDIR(ldip->di_mode))) {
2969 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
2970 (ldip->di_format != XFS_DINODE_FMT_BTREE) &&
2971 (ldip->di_format != XFS_DINODE_FMT_LOCAL)) {
2972 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
2973 XFS_ERRLEVEL_LOW, mp, ldip);
2975 "%s: Bad dir inode log record, rec ptr 0x%p, "
2976 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2977 __func__, item, dip, bp, in_f->ilf_ino);
2978 error = -EFSCORRUPTED;
2982 if (unlikely(ldip->di_nextents + ldip->di_anextents > ldip->di_nblocks)){
2983 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
2984 XFS_ERRLEVEL_LOW, mp, ldip);
2986 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2987 "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
2988 __func__, item, dip, bp, in_f->ilf_ino,
2989 ldip->di_nextents + ldip->di_anextents,
2991 error = -EFSCORRUPTED;
2994 if (unlikely(ldip->di_forkoff > mp->m_sb.sb_inodesize)) {
2995 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
2996 XFS_ERRLEVEL_LOW, mp, ldip);
2998 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2999 "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__,
3000 item, dip, bp, in_f->ilf_ino, ldip->di_forkoff);
3001 error = -EFSCORRUPTED;
3004 isize = xfs_log_dinode_size(ldip->di_version);
3005 if (unlikely(item->ri_buf[1].i_len > isize)) {
3006 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
3007 XFS_ERRLEVEL_LOW, mp, ldip);
3009 "%s: Bad inode log record length %d, rec ptr 0x%p",
3010 __func__, item->ri_buf[1].i_len, item);
3011 error = -EFSCORRUPTED;
3015 /* recover the log dinode inode into the on disk inode */
3016 xfs_log_dinode_to_disk(ldip, dip);
3018 /* the rest is in on-disk format */
3019 if (item->ri_buf[1].i_len > isize) {
3020 memcpy((char *)dip + isize,
3021 item->ri_buf[1].i_addr + isize,
3022 item->ri_buf[1].i_len - isize);
3025 fields = in_f->ilf_fields;
3026 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
3028 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
3031 memcpy(XFS_DFORK_DPTR(dip),
3032 &in_f->ilf_u.ilfu_uuid,
3037 if (in_f->ilf_size == 2)
3038 goto out_owner_change;
3039 len = item->ri_buf[2].i_len;
3040 src = item->ri_buf[2].i_addr;
3041 ASSERT(in_f->ilf_size <= 4);
3042 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
3043 ASSERT(!(fields & XFS_ILOG_DFORK) ||
3044 (len == in_f->ilf_dsize));
3046 switch (fields & XFS_ILOG_DFORK) {
3047 case XFS_ILOG_DDATA:
3049 memcpy(XFS_DFORK_DPTR(dip), src, len);
3052 case XFS_ILOG_DBROOT:
3053 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
3054 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
3055 XFS_DFORK_DSIZE(dip, mp));
3060 * There are no data fork flags set.
3062 ASSERT((fields & XFS_ILOG_DFORK) == 0);
3067 * If we logged any attribute data, recover it. There may or
3068 * may not have been any other non-core data logged in this
3071 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
3072 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
3077 len = item->ri_buf[attr_index].i_len;
3078 src = item->ri_buf[attr_index].i_addr;
3079 ASSERT(len == in_f->ilf_asize);
3081 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
3082 case XFS_ILOG_ADATA:
3084 dest = XFS_DFORK_APTR(dip);
3085 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
3086 memcpy(dest, src, len);
3089 case XFS_ILOG_ABROOT:
3090 dest = XFS_DFORK_APTR(dip);
3091 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
3092 len, (xfs_bmdr_block_t*)dest,
3093 XFS_DFORK_ASIZE(dip, mp));
3097 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
3105 if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER))
3106 error = xfs_recover_inode_owner_change(mp, dip, in_f,
3108 /* re-generate the checksum. */
3109 xfs_dinode_calc_crc(log->l_mp, dip);
3111 ASSERT(bp->b_target->bt_mount == mp);
3112 bp->b_iodone = xlog_recover_iodone;
3113 xfs_buf_delwri_queue(bp, buffer_list);
3124 * Recover QUOTAOFF records. We simply make a note of it in the xlog
3125 * structure, so that we know not to do any dquot item or dquot buffer recovery,
3129 xlog_recover_quotaoff_pass1(
3131 struct xlog_recover_item *item)
3133 xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr;
3137 * The logitem format's flag tells us if this was user quotaoff,
3138 * group/project quotaoff or both.
3140 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
3141 log->l_quotaoffs_flag |= XFS_DQ_USER;
3142 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
3143 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
3144 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
3145 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
3151 * Recover a dquot record
3154 xlog_recover_dquot_pass2(
3156 struct list_head *buffer_list,
3157 struct xlog_recover_item *item,
3158 xfs_lsn_t current_lsn)
3160 xfs_mount_t *mp = log->l_mp;
3162 struct xfs_disk_dquot *ddq, *recddq;
3164 xfs_dq_logformat_t *dq_f;
3169 * Filesystems are required to send in quota flags at mount time.
3171 if (mp->m_qflags == 0)
3174 recddq = item->ri_buf[1].i_addr;
3175 if (recddq == NULL) {
3176 xfs_alert(log->l_mp, "NULL dquot in %s.", __func__);
3179 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
3180 xfs_alert(log->l_mp, "dquot too small (%d) in %s.",
3181 item->ri_buf[1].i_len, __func__);
3186 * This type of quotas was turned off, so ignore this record.
3188 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3190 if (log->l_quotaoffs_flag & type)
3194 * At this point we know that quota was _not_ turned off.
3195 * Since the mount flags are not indicating to us otherwise, this
3196 * must mean that quota is on, and the dquot needs to be replayed.
3197 * Remember that we may not have fully recovered the superblock yet,
3198 * so we can't do the usual trick of looking at the SB quota bits.
3200 * The other possibility, of course, is that the quota subsystem was
3201 * removed since the last mount - ENOSYS.
3203 dq_f = item->ri_buf[0].i_addr;
3205 error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
3206 "xlog_recover_dquot_pass2 (log copy)");
3209 ASSERT(dq_f->qlf_len == 1);
3212 * At this point we are assuming that the dquots have been allocated
3213 * and hence the buffer has valid dquots stamped in it. It should,
3214 * therefore, pass verifier validation. If the dquot is bad, then the
3215 * we'll return an error here, so we don't need to specifically check
3216 * the dquot in the buffer after the verifier has run.
3218 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno,
3219 XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp,
3220 &xfs_dquot_buf_ops);
3225 ddq = xfs_buf_offset(bp, dq_f->qlf_boffset);
3228 * If the dquot has an LSN in it, recover the dquot only if it's less
3229 * than the lsn of the transaction we are replaying.
3231 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3232 struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
3233 xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
3235 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
3240 memcpy(ddq, recddq, item->ri_buf[1].i_len);
3241 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3242 xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
3246 ASSERT(dq_f->qlf_size == 2);
3247 ASSERT(bp->b_target->bt_mount == mp);
3248 bp->b_iodone = xlog_recover_iodone;
3249 xfs_buf_delwri_queue(bp, buffer_list);
3257 * This routine is called to create an in-core extent free intent
3258 * item from the efi format structure which was logged on disk.
3259 * It allocates an in-core efi, copies the extents from the format
3260 * structure into it, and adds the efi to the AIL with the given
3264 xlog_recover_efi_pass2(
3266 struct xlog_recover_item *item,
3270 struct xfs_mount *mp = log->l_mp;
3271 struct xfs_efi_log_item *efip;
3272 struct xfs_efi_log_format *efi_formatp;
3274 efi_formatp = item->ri_buf[0].i_addr;
3276 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
3277 error = xfs_efi_copy_format(&item->ri_buf[0], &efip->efi_format);
3279 xfs_efi_item_free(efip);
3282 atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
3284 spin_lock(&log->l_ailp->xa_lock);
3286 * The EFI has two references. One for the EFD and one for EFI to ensure
3287 * it makes it into the AIL. Insert the EFI into the AIL directly and
3288 * drop the EFI reference. Note that xfs_trans_ail_update() drops the
3291 xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn);
3292 xfs_efi_release(efip);
3298 * This routine is called when an EFD format structure is found in a committed
3299 * transaction in the log. Its purpose is to cancel the corresponding EFI if it
3300 * was still in the log. To do this it searches the AIL for the EFI with an id
3301 * equal to that in the EFD format structure. If we find it we drop the EFD
3302 * reference, which removes the EFI from the AIL and frees it.
3305 xlog_recover_efd_pass2(
3307 struct xlog_recover_item *item)
3309 xfs_efd_log_format_t *efd_formatp;
3310 xfs_efi_log_item_t *efip = NULL;
3311 xfs_log_item_t *lip;
3313 struct xfs_ail_cursor cur;
3314 struct xfs_ail *ailp = log->l_ailp;
3316 efd_formatp = item->ri_buf[0].i_addr;
3317 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
3318 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
3319 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
3320 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
3321 efi_id = efd_formatp->efd_efi_id;
3324 * Search for the EFI with the id in the EFD format structure in the
3327 spin_lock(&ailp->xa_lock);
3328 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3329 while (lip != NULL) {
3330 if (lip->li_type == XFS_LI_EFI) {
3331 efip = (xfs_efi_log_item_t *)lip;
3332 if (efip->efi_format.efi_id == efi_id) {
3334 * Drop the EFD reference to the EFI. This
3335 * removes the EFI from the AIL and frees it.
3337 spin_unlock(&ailp->xa_lock);
3338 xfs_efi_release(efip);
3339 spin_lock(&ailp->xa_lock);
3343 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3346 xfs_trans_ail_cursor_done(&cur);
3347 spin_unlock(&ailp->xa_lock);
3353 * This routine is called when an inode create format structure is found in a
3354 * committed transaction in the log. It's purpose is to initialise the inodes
3355 * being allocated on disk. This requires us to get inode cluster buffers that
3356 * match the range to be intialised, stamped with inode templates and written
3357 * by delayed write so that subsequent modifications will hit the cached buffer
3358 * and only need writing out at the end of recovery.
3361 xlog_recover_do_icreate_pass2(
3363 struct list_head *buffer_list,
3364 xlog_recover_item_t *item)
3366 struct xfs_mount *mp = log->l_mp;
3367 struct xfs_icreate_log *icl;
3368 xfs_agnumber_t agno;
3369 xfs_agblock_t agbno;
3372 xfs_agblock_t length;
3373 int blks_per_cluster;
3379 icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr;
3380 if (icl->icl_type != XFS_LI_ICREATE) {
3381 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type");
3385 if (icl->icl_size != 1) {
3386 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size");
3390 agno = be32_to_cpu(icl->icl_ag);
3391 if (agno >= mp->m_sb.sb_agcount) {
3392 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno");
3395 agbno = be32_to_cpu(icl->icl_agbno);
3396 if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) {
3397 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno");
3400 isize = be32_to_cpu(icl->icl_isize);
3401 if (isize != mp->m_sb.sb_inodesize) {
3402 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize");
3405 count = be32_to_cpu(icl->icl_count);
3407 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count");
3410 length = be32_to_cpu(icl->icl_length);
3411 if (!length || length >= mp->m_sb.sb_agblocks) {
3412 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length");
3417 * The inode chunk is either full or sparse and we only support
3418 * m_ialloc_min_blks sized sparse allocations at this time.
3420 if (length != mp->m_ialloc_blks &&
3421 length != mp->m_ialloc_min_blks) {
3423 "%s: unsupported chunk length", __FUNCTION__);
3427 /* verify inode count is consistent with extent length */
3428 if ((count >> mp->m_sb.sb_inopblog) != length) {
3430 "%s: inconsistent inode count and chunk length",
3436 * The icreate transaction can cover multiple cluster buffers and these
3437 * buffers could have been freed and reused. Check the individual
3438 * buffers for cancellation so we don't overwrite anything written after
3441 blks_per_cluster = xfs_icluster_size_fsb(mp);
3442 bb_per_cluster = XFS_FSB_TO_BB(mp, blks_per_cluster);
3443 nbufs = length / blks_per_cluster;
3444 for (i = 0, cancel_count = 0; i < nbufs; i++) {
3447 daddr = XFS_AGB_TO_DADDR(mp, agno,
3448 agbno + i * blks_per_cluster);
3449 if (xlog_check_buffer_cancelled(log, daddr, bb_per_cluster, 0))
3454 * We currently only use icreate for a single allocation at a time. This
3455 * means we should expect either all or none of the buffers to be
3456 * cancelled. Be conservative and skip replay if at least one buffer is
3457 * cancelled, but warn the user that something is awry if the buffers
3458 * are not consistent.
3460 * XXX: This must be refined to only skip cancelled clusters once we use
3461 * icreate for multiple chunk allocations.
3463 ASSERT(!cancel_count || cancel_count == nbufs);
3465 if (cancel_count != nbufs)
3467 "WARNING: partial inode chunk cancellation, skipped icreate.");
3468 trace_xfs_log_recover_icreate_cancel(log, icl);
3472 trace_xfs_log_recover_icreate_recover(log, icl);
3473 return xfs_ialloc_inode_init(mp, NULL, buffer_list, count, agno, agbno,
3474 length, be32_to_cpu(icl->icl_gen));
3478 xlog_recover_buffer_ra_pass2(
3480 struct xlog_recover_item *item)
3482 struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr;
3483 struct xfs_mount *mp = log->l_mp;
3485 if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno,
3486 buf_f->blf_len, buf_f->blf_flags)) {
3490 xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno,
3491 buf_f->blf_len, NULL);
3495 xlog_recover_inode_ra_pass2(
3497 struct xlog_recover_item *item)
3499 struct xfs_inode_log_format ilf_buf;
3500 struct xfs_inode_log_format *ilfp;
3501 struct xfs_mount *mp = log->l_mp;
3504 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
3505 ilfp = item->ri_buf[0].i_addr;
3508 memset(ilfp, 0, sizeof(*ilfp));
3509 error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp);
3514 if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0))
3517 xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno,
3518 ilfp->ilf_len, &xfs_inode_buf_ra_ops);
3522 xlog_recover_dquot_ra_pass2(
3524 struct xlog_recover_item *item)
3526 struct xfs_mount *mp = log->l_mp;
3527 struct xfs_disk_dquot *recddq;
3528 struct xfs_dq_logformat *dq_f;
3533 if (mp->m_qflags == 0)
3536 recddq = item->ri_buf[1].i_addr;
3539 if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot))
3542 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3544 if (log->l_quotaoffs_flag & type)
3547 dq_f = item->ri_buf[0].i_addr;
3549 ASSERT(dq_f->qlf_len == 1);
3551 len = XFS_FSB_TO_BB(mp, dq_f->qlf_len);
3552 if (xlog_peek_buffer_cancelled(log, dq_f->qlf_blkno, len, 0))
3555 xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno, len,
3556 &xfs_dquot_buf_ra_ops);
3560 xlog_recover_ra_pass2(
3562 struct xlog_recover_item *item)
3564 switch (ITEM_TYPE(item)) {
3566 xlog_recover_buffer_ra_pass2(log, item);
3569 xlog_recover_inode_ra_pass2(log, item);
3572 xlog_recover_dquot_ra_pass2(log, item);
3576 case XFS_LI_QUOTAOFF:
3583 xlog_recover_commit_pass1(
3585 struct xlog_recover *trans,
3586 struct xlog_recover_item *item)
3588 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1);
3590 switch (ITEM_TYPE(item)) {
3592 return xlog_recover_buffer_pass1(log, item);
3593 case XFS_LI_QUOTAOFF:
3594 return xlog_recover_quotaoff_pass1(log, item);
3599 case XFS_LI_ICREATE:
3600 /* nothing to do in pass 1 */
3603 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3604 __func__, ITEM_TYPE(item));
3611 xlog_recover_commit_pass2(
3613 struct xlog_recover *trans,
3614 struct list_head *buffer_list,
3615 struct xlog_recover_item *item)
3617 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2);
3619 switch (ITEM_TYPE(item)) {
3621 return xlog_recover_buffer_pass2(log, buffer_list, item,
3624 return xlog_recover_inode_pass2(log, buffer_list, item,
3627 return xlog_recover_efi_pass2(log, item, trans->r_lsn);
3629 return xlog_recover_efd_pass2(log, item);
3631 return xlog_recover_dquot_pass2(log, buffer_list, item,
3633 case XFS_LI_ICREATE:
3634 return xlog_recover_do_icreate_pass2(log, buffer_list, item);
3635 case XFS_LI_QUOTAOFF:
3636 /* nothing to do in pass2 */
3639 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3640 __func__, ITEM_TYPE(item));
3647 xlog_recover_items_pass2(
3649 struct xlog_recover *trans,
3650 struct list_head *buffer_list,
3651 struct list_head *item_list)
3653 struct xlog_recover_item *item;
3656 list_for_each_entry(item, item_list, ri_list) {
3657 error = xlog_recover_commit_pass2(log, trans,
3667 * Perform the transaction.
3669 * If the transaction modifies a buffer or inode, do it now. Otherwise,
3670 * EFIs and EFDs get queued up by adding entries into the AIL for them.
3673 xlog_recover_commit_trans(
3675 struct xlog_recover *trans,
3680 int items_queued = 0;
3681 struct xlog_recover_item *item;
3682 struct xlog_recover_item *next;
3683 LIST_HEAD (buffer_list);
3684 LIST_HEAD (ra_list);
3685 LIST_HEAD (done_list);
3687 #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100
3689 hlist_del(&trans->r_list);
3691 error = xlog_recover_reorder_trans(log, trans, pass);
3695 list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) {
3697 case XLOG_RECOVER_PASS1:
3698 error = xlog_recover_commit_pass1(log, trans, item);
3700 case XLOG_RECOVER_PASS2:
3701 xlog_recover_ra_pass2(log, item);
3702 list_move_tail(&item->ri_list, &ra_list);
3704 if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) {
3705 error = xlog_recover_items_pass2(log, trans,
3706 &buffer_list, &ra_list);
3707 list_splice_tail_init(&ra_list, &done_list);
3721 if (!list_empty(&ra_list)) {
3723 error = xlog_recover_items_pass2(log, trans,
3724 &buffer_list, &ra_list);
3725 list_splice_tail_init(&ra_list, &done_list);
3728 if (!list_empty(&done_list))
3729 list_splice_init(&done_list, &trans->r_itemq);
3731 error2 = xfs_buf_delwri_submit(&buffer_list);
3732 return error ? error : error2;
3736 xlog_recover_add_item(
3737 struct list_head *head)
3739 xlog_recover_item_t *item;
3741 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
3742 INIT_LIST_HEAD(&item->ri_list);
3743 list_add_tail(&item->ri_list, head);
3747 xlog_recover_add_to_cont_trans(
3749 struct xlog_recover *trans,
3753 xlog_recover_item_t *item;
3754 char *ptr, *old_ptr;
3758 * If the transaction is empty, the header was split across this and the
3759 * previous record. Copy the rest of the header.
3761 if (list_empty(&trans->r_itemq)) {
3762 ASSERT(len <= sizeof(struct xfs_trans_header));
3763 if (len > sizeof(struct xfs_trans_header)) {
3764 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3768 xlog_recover_add_item(&trans->r_itemq);
3769 ptr = (char *)&trans->r_theader +
3770 sizeof(struct xfs_trans_header) - len;
3771 memcpy(ptr, dp, len);
3775 /* take the tail entry */
3776 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3778 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
3779 old_len = item->ri_buf[item->ri_cnt-1].i_len;
3781 ptr = kmem_realloc(old_ptr, len+old_len, old_len, KM_SLEEP);
3782 memcpy(&ptr[old_len], dp, len);
3783 item->ri_buf[item->ri_cnt-1].i_len += len;
3784 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
3785 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
3790 * The next region to add is the start of a new region. It could be
3791 * a whole region or it could be the first part of a new region. Because
3792 * of this, the assumption here is that the type and size fields of all
3793 * format structures fit into the first 32 bits of the structure.
3795 * This works because all regions must be 32 bit aligned. Therefore, we
3796 * either have both fields or we have neither field. In the case we have
3797 * neither field, the data part of the region is zero length. We only have
3798 * a log_op_header and can throw away the header since a new one will appear
3799 * later. If we have at least 4 bytes, then we can determine how many regions
3800 * will appear in the current log item.
3803 xlog_recover_add_to_trans(
3805 struct xlog_recover *trans,
3809 xfs_inode_log_format_t *in_f; /* any will do */
3810 xlog_recover_item_t *item;
3815 if (list_empty(&trans->r_itemq)) {
3816 /* we need to catch log corruptions here */
3817 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
3818 xfs_warn(log->l_mp, "%s: bad header magic number",
3824 if (len > sizeof(struct xfs_trans_header)) {
3825 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3831 * The transaction header can be arbitrarily split across op
3832 * records. If we don't have the whole thing here, copy what we
3833 * do have and handle the rest in the next record.
3835 if (len == sizeof(struct xfs_trans_header))
3836 xlog_recover_add_item(&trans->r_itemq);
3837 memcpy(&trans->r_theader, dp, len);
3841 ptr = kmem_alloc(len, KM_SLEEP);
3842 memcpy(ptr, dp, len);
3843 in_f = (xfs_inode_log_format_t *)ptr;
3845 /* take the tail entry */
3846 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3847 if (item->ri_total != 0 &&
3848 item->ri_total == item->ri_cnt) {
3849 /* tail item is in use, get a new one */
3850 xlog_recover_add_item(&trans->r_itemq);
3851 item = list_entry(trans->r_itemq.prev,
3852 xlog_recover_item_t, ri_list);
3855 if (item->ri_total == 0) { /* first region to be added */
3856 if (in_f->ilf_size == 0 ||
3857 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
3859 "bad number of regions (%d) in inode log format",
3866 item->ri_total = in_f->ilf_size;
3868 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
3871 ASSERT(item->ri_total > item->ri_cnt);
3872 /* Description region is ri_buf[0] */
3873 item->ri_buf[item->ri_cnt].i_addr = ptr;
3874 item->ri_buf[item->ri_cnt].i_len = len;
3876 trace_xfs_log_recover_item_add(log, trans, item, 0);
3881 * Free up any resources allocated by the transaction
3883 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
3886 xlog_recover_free_trans(
3887 struct xlog_recover *trans)
3889 xlog_recover_item_t *item, *n;
3892 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
3893 /* Free the regions in the item. */
3894 list_del(&item->ri_list);
3895 for (i = 0; i < item->ri_cnt; i++)
3896 kmem_free(item->ri_buf[i].i_addr);
3897 /* Free the item itself */
3898 kmem_free(item->ri_buf);
3901 /* Free the transaction recover structure */
3906 * On error or completion, trans is freed.
3909 xlog_recovery_process_trans(
3911 struct xlog_recover *trans,
3918 bool freeit = false;
3920 /* mask off ophdr transaction container flags */
3921 flags &= ~XLOG_END_TRANS;
3922 if (flags & XLOG_WAS_CONT_TRANS)
3923 flags &= ~XLOG_CONTINUE_TRANS;
3926 * Callees must not free the trans structure. We'll decide if we need to
3927 * free it or not based on the operation being done and it's result.
3930 /* expected flag values */
3932 case XLOG_CONTINUE_TRANS:
3933 error = xlog_recover_add_to_trans(log, trans, dp, len);
3935 case XLOG_WAS_CONT_TRANS:
3936 error = xlog_recover_add_to_cont_trans(log, trans, dp, len);
3938 case XLOG_COMMIT_TRANS:
3939 error = xlog_recover_commit_trans(log, trans, pass);
3940 /* success or fail, we are now done with this transaction. */
3944 /* unexpected flag values */
3945 case XLOG_UNMOUNT_TRANS:
3946 /* just skip trans */
3947 xfs_warn(log->l_mp, "%s: Unmount LR", __func__);
3950 case XLOG_START_TRANS:
3952 xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags);
3957 if (error || freeit)
3958 xlog_recover_free_trans(trans);
3963 * Lookup the transaction recovery structure associated with the ID in the
3964 * current ophdr. If the transaction doesn't exist and the start flag is set in
3965 * the ophdr, then allocate a new transaction for future ID matches to find.
3966 * Either way, return what we found during the lookup - an existing transaction
3969 STATIC struct xlog_recover *
3970 xlog_recover_ophdr_to_trans(
3971 struct hlist_head rhash[],
3972 struct xlog_rec_header *rhead,
3973 struct xlog_op_header *ohead)
3975 struct xlog_recover *trans;
3977 struct hlist_head *rhp;
3979 tid = be32_to_cpu(ohead->oh_tid);
3980 rhp = &rhash[XLOG_RHASH(tid)];
3981 hlist_for_each_entry(trans, rhp, r_list) {
3982 if (trans->r_log_tid == tid)
3987 * skip over non-start transaction headers - we could be
3988 * processing slack space before the next transaction starts
3990 if (!(ohead->oh_flags & XLOG_START_TRANS))
3993 ASSERT(be32_to_cpu(ohead->oh_len) == 0);
3996 * This is a new transaction so allocate a new recovery container to
3997 * hold the recovery ops that will follow.
3999 trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP);
4000 trans->r_log_tid = tid;
4001 trans->r_lsn = be64_to_cpu(rhead->h_lsn);
4002 INIT_LIST_HEAD(&trans->r_itemq);
4003 INIT_HLIST_NODE(&trans->r_list);
4004 hlist_add_head(&trans->r_list, rhp);
4007 * Nothing more to do for this ophdr. Items to be added to this new
4008 * transaction will be in subsequent ophdr containers.
4014 xlog_recover_process_ophdr(
4016 struct hlist_head rhash[],
4017 struct xlog_rec_header *rhead,
4018 struct xlog_op_header *ohead,
4023 struct xlog_recover *trans;
4026 /* Do we understand who wrote this op? */
4027 if (ohead->oh_clientid != XFS_TRANSACTION &&
4028 ohead->oh_clientid != XFS_LOG) {
4029 xfs_warn(log->l_mp, "%s: bad clientid 0x%x",
4030 __func__, ohead->oh_clientid);
4036 * Check the ophdr contains all the data it is supposed to contain.
4038 len = be32_to_cpu(ohead->oh_len);
4039 if (dp + len > end) {
4040 xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len);
4045 trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead);
4047 /* nothing to do, so skip over this ophdr */
4051 return xlog_recovery_process_trans(log, trans, dp, len,
4052 ohead->oh_flags, pass);
4056 * There are two valid states of the r_state field. 0 indicates that the
4057 * transaction structure is in a normal state. We have either seen the
4058 * start of the transaction or the last operation we added was not a partial
4059 * operation. If the last operation we added to the transaction was a
4060 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
4062 * NOTE: skip LRs with 0 data length.
4065 xlog_recover_process_data(
4067 struct hlist_head rhash[],
4068 struct xlog_rec_header *rhead,
4072 struct xlog_op_header *ohead;
4077 end = dp + be32_to_cpu(rhead->h_len);
4078 num_logops = be32_to_cpu(rhead->h_num_logops);
4080 /* check the log format matches our own - else we can't recover */
4081 if (xlog_header_check_recover(log->l_mp, rhead))
4084 while ((dp < end) && num_logops) {
4086 ohead = (struct xlog_op_header *)dp;
4087 dp += sizeof(*ohead);
4090 /* errors will abort recovery */
4091 error = xlog_recover_process_ophdr(log, rhash, rhead, ohead,
4096 dp += be32_to_cpu(ohead->oh_len);
4103 * Process an extent free intent item that was recovered from
4104 * the log. We need to free the extents that it describes.
4107 xlog_recover_process_efi(
4109 xfs_efi_log_item_t *efip)
4111 xfs_efd_log_item_t *efdp;
4116 xfs_fsblock_t startblock_fsb;
4118 ASSERT(!test_bit(XFS_EFI_RECOVERED, &efip->efi_flags));
4121 * First check the validity of the extents described by the
4122 * EFI. If any are bad, then assume that all are bad and
4123 * just toss the EFI.
4125 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4126 extp = &(efip->efi_format.efi_extents[i]);
4127 startblock_fsb = XFS_BB_TO_FSB(mp,
4128 XFS_FSB_TO_DADDR(mp, extp->ext_start));
4129 if ((startblock_fsb == 0) ||
4130 (extp->ext_len == 0) ||
4131 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
4132 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
4134 * This will pull the EFI from the AIL and
4135 * free the memory associated with it.
4137 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4138 xfs_efi_release(efip);
4143 tp = xfs_trans_alloc(mp, 0);
4144 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0);
4147 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
4149 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4150 extp = &(efip->efi_format.efi_extents[i]);
4151 error = xfs_trans_free_extent(tp, efdp, extp->ext_start,
4158 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4159 error = xfs_trans_commit(tp);
4163 xfs_trans_cancel(tp);
4168 * When this is called, all of the EFIs which did not have
4169 * corresponding EFDs should be in the AIL. What we do now
4170 * is free the extents associated with each one.
4172 * Since we process the EFIs in normal transactions, they
4173 * will be removed at some point after the commit. This prevents
4174 * us from just walking down the list processing each one.
4175 * We'll use a flag in the EFI to skip those that we've already
4176 * processed and use the AIL iteration mechanism's generation
4177 * count to try to speed this up at least a bit.
4179 * When we start, we know that the EFIs are the only things in
4180 * the AIL. As we process them, however, other items are added
4181 * to the AIL. Since everything added to the AIL must come after
4182 * everything already in the AIL, we stop processing as soon as
4183 * we see something other than an EFI in the AIL.
4186 xlog_recover_process_efis(
4189 struct xfs_log_item *lip;
4190 struct xfs_efi_log_item *efip;
4192 struct xfs_ail_cursor cur;
4193 struct xfs_ail *ailp;
4196 spin_lock(&ailp->xa_lock);
4197 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4198 while (lip != NULL) {
4200 * We're done when we see something other than an EFI.
4201 * There should be no EFIs left in the AIL now.
4203 if (lip->li_type != XFS_LI_EFI) {
4205 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4206 ASSERT(lip->li_type != XFS_LI_EFI);
4212 * Skip EFIs that we've already processed.
4214 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4215 if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags)) {
4216 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4220 spin_unlock(&ailp->xa_lock);
4221 error = xlog_recover_process_efi(log->l_mp, efip);
4222 spin_lock(&ailp->xa_lock);
4225 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4228 xfs_trans_ail_cursor_done(&cur);
4229 spin_unlock(&ailp->xa_lock);
4234 * A cancel occurs when the mount has failed and we're bailing out. Release all
4235 * pending EFIs so they don't pin the AIL.
4238 xlog_recover_cancel_efis(
4241 struct xfs_log_item *lip;
4242 struct xfs_efi_log_item *efip;
4244 struct xfs_ail_cursor cur;
4245 struct xfs_ail *ailp;
4248 spin_lock(&ailp->xa_lock);
4249 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4250 while (lip != NULL) {
4252 * We're done when we see something other than an EFI.
4253 * There should be no EFIs left in the AIL now.
4255 if (lip->li_type != XFS_LI_EFI) {
4257 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4258 ASSERT(lip->li_type != XFS_LI_EFI);
4263 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4265 spin_unlock(&ailp->xa_lock);
4266 xfs_efi_release(efip);
4267 spin_lock(&ailp->xa_lock);
4269 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4272 xfs_trans_ail_cursor_done(&cur);
4273 spin_unlock(&ailp->xa_lock);
4278 * This routine performs a transaction to null out a bad inode pointer
4279 * in an agi unlinked inode hash bucket.
4282 xlog_recover_clear_agi_bucket(
4284 xfs_agnumber_t agno,
4293 tp = xfs_trans_alloc(mp, XFS_TRANS_CLEAR_AGI_BUCKET);
4294 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_clearagi, 0, 0);
4298 error = xfs_read_agi(mp, tp, agno, &agibp);
4302 agi = XFS_BUF_TO_AGI(agibp);
4303 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
4304 offset = offsetof(xfs_agi_t, agi_unlinked) +
4305 (sizeof(xfs_agino_t) * bucket);
4306 xfs_trans_log_buf(tp, agibp, offset,
4307 (offset + sizeof(xfs_agino_t) - 1));
4309 error = xfs_trans_commit(tp);
4315 xfs_trans_cancel(tp);
4317 xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno);
4322 xlog_recover_process_one_iunlink(
4323 struct xfs_mount *mp,
4324 xfs_agnumber_t agno,
4328 struct xfs_buf *ibp;
4329 struct xfs_dinode *dip;
4330 struct xfs_inode *ip;
4334 ino = XFS_AGINO_TO_INO(mp, agno, agino);
4335 error = xfs_iget(mp, NULL, ino, 0, 0, &ip);
4340 * Get the on disk inode to find the next inode in the bucket.
4342 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0);
4346 ASSERT(VFS_I(ip)->i_nlink == 0);
4347 ASSERT(VFS_I(ip)->i_mode != 0);
4349 /* setup for the next pass */
4350 agino = be32_to_cpu(dip->di_next_unlinked);
4354 * Prevent any DMAPI event from being sent when the reference on
4355 * the inode is dropped.
4357 ip->i_d.di_dmevmask = 0;
4366 * We can't read in the inode this bucket points to, or this inode
4367 * is messed up. Just ditch this bucket of inodes. We will lose
4368 * some inodes and space, but at least we won't hang.
4370 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
4371 * clear the inode pointer in the bucket.
4373 xlog_recover_clear_agi_bucket(mp, agno, bucket);
4378 * xlog_iunlink_recover
4380 * This is called during recovery to process any inodes which
4381 * we unlinked but not freed when the system crashed. These
4382 * inodes will be on the lists in the AGI blocks. What we do
4383 * here is scan all the AGIs and fully truncate and free any
4384 * inodes found on the lists. Each inode is removed from the
4385 * lists when it has been fully truncated and is freed. The
4386 * freeing of the inode and its removal from the list must be
4390 xlog_recover_process_iunlinks(
4394 xfs_agnumber_t agno;
4405 * Prevent any DMAPI event from being sent while in this function.
4407 mp_dmevmask = mp->m_dmevmask;
4410 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4412 * Find the agi for this ag.
4414 error = xfs_read_agi(mp, NULL, agno, &agibp);
4417 * AGI is b0rked. Don't process it.
4419 * We should probably mark the filesystem as corrupt
4420 * after we've recovered all the ag's we can....
4425 * Unlock the buffer so that it can be acquired in the normal
4426 * course of the transaction to truncate and free each inode.
4427 * Because we are not racing with anyone else here for the AGI
4428 * buffer, we don't even need to hold it locked to read the
4429 * initial unlinked bucket entries out of the buffer. We keep
4430 * buffer reference though, so that it stays pinned in memory
4431 * while we need the buffer.
4433 agi = XFS_BUF_TO_AGI(agibp);
4434 xfs_buf_unlock(agibp);
4436 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
4437 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
4438 while (agino != NULLAGINO) {
4439 agino = xlog_recover_process_one_iunlink(mp,
4440 agno, agino, bucket);
4443 xfs_buf_rele(agibp);
4446 mp->m_dmevmask = mp_dmevmask;
4451 struct xlog_rec_header *rhead,
4457 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
4458 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
4459 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
4463 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4464 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
4465 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
4466 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4467 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4468 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
4477 * CRC check, unpack and process a log record.
4480 xlog_recover_process(
4482 struct hlist_head rhash[],
4483 struct xlog_rec_header *rhead,
4490 crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len));
4493 * Nothing else to do if this is a CRC verification pass. Just return
4494 * if this a record with a non-zero crc. Unfortunately, mkfs always
4495 * sets h_crc to 0 so we must consider this valid even on v5 supers.
4496 * Otherwise, return EFSBADCRC on failure so the callers up the stack
4497 * know precisely what failed.
4499 if (pass == XLOG_RECOVER_CRCPASS) {
4500 if (rhead->h_crc && crc != rhead->h_crc)
4506 * We're in the normal recovery path. Issue a warning if and only if the
4507 * CRC in the header is non-zero. This is an advisory warning and the
4508 * zero CRC check prevents warnings from being emitted when upgrading
4509 * the kernel from one that does not add CRCs by default.
4511 if (crc != rhead->h_crc) {
4512 if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) {
4513 xfs_alert(log->l_mp,
4514 "log record CRC mismatch: found 0x%x, expected 0x%x.",
4515 le32_to_cpu(rhead->h_crc),
4517 xfs_hex_dump(dp, 32);
4521 * If the filesystem is CRC enabled, this mismatch becomes a
4522 * fatal log corruption failure.
4524 if (xfs_sb_version_hascrc(&log->l_mp->m_sb))
4525 return -EFSCORRUPTED;
4528 error = xlog_unpack_data(rhead, dp, log);
4532 return xlog_recover_process_data(log, rhash, rhead, dp, pass);
4536 xlog_valid_rec_header(
4538 struct xlog_rec_header *rhead,
4543 if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) {
4544 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
4545 XFS_ERRLEVEL_LOW, log->l_mp);
4546 return -EFSCORRUPTED;
4549 (!rhead->h_version ||
4550 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
4551 xfs_warn(log->l_mp, "%s: unrecognised log version (%d).",
4552 __func__, be32_to_cpu(rhead->h_version));
4556 /* LR body must have data or it wouldn't have been written */
4557 hlen = be32_to_cpu(rhead->h_len);
4558 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
4559 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
4560 XFS_ERRLEVEL_LOW, log->l_mp);
4561 return -EFSCORRUPTED;
4563 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
4564 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
4565 XFS_ERRLEVEL_LOW, log->l_mp);
4566 return -EFSCORRUPTED;
4572 * Read the log from tail to head and process the log records found.
4573 * Handle the two cases where the tail and head are in the same cycle
4574 * and where the active portion of the log wraps around the end of
4575 * the physical log separately. The pass parameter is passed through
4576 * to the routines called to process the data and is not looked at
4580 xlog_do_recovery_pass(
4582 xfs_daddr_t head_blk,
4583 xfs_daddr_t tail_blk,
4585 xfs_daddr_t *first_bad) /* out: first bad log rec */
4587 xlog_rec_header_t *rhead;
4589 xfs_daddr_t rhead_blk;
4591 xfs_buf_t *hbp, *dbp;
4592 int error = 0, h_size, h_len;
4593 int bblks, split_bblks;
4594 int hblks, split_hblks, wrapped_hblks;
4595 struct hlist_head rhash[XLOG_RHASH_SIZE];
4597 ASSERT(head_blk != tail_blk);
4601 * Read the header of the tail block and get the iclog buffer size from
4602 * h_size. Use this to tell how many sectors make up the log header.
4604 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4606 * When using variable length iclogs, read first sector of
4607 * iclog header and extract the header size from it. Get a
4608 * new hbp that is the correct size.
4610 hbp = xlog_get_bp(log, 1);
4614 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
4618 rhead = (xlog_rec_header_t *)offset;
4619 error = xlog_valid_rec_header(log, rhead, tail_blk);
4624 * xfsprogs has a bug where record length is based on lsunit but
4625 * h_size (iclog size) is hardcoded to 32k. Now that we
4626 * unconditionally CRC verify the unmount record, this means the
4627 * log buffer can be too small for the record and cause an
4630 * Detect this condition here. Use lsunit for the buffer size as
4631 * long as this looks like the mkfs case. Otherwise, return an
4632 * error to avoid a buffer overrun.
4634 h_size = be32_to_cpu(rhead->h_size);
4635 h_len = be32_to_cpu(rhead->h_len);
4636 if (h_len > h_size) {
4637 if (h_len <= log->l_mp->m_logbsize &&
4638 be32_to_cpu(rhead->h_num_logops) == 1) {
4640 "invalid iclog size (%d bytes), using lsunit (%d bytes)",
4641 h_size, log->l_mp->m_logbsize);
4642 h_size = log->l_mp->m_logbsize;
4644 return -EFSCORRUPTED;
4647 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
4648 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
4649 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
4650 if (h_size % XLOG_HEADER_CYCLE_SIZE)
4653 hbp = xlog_get_bp(log, hblks);
4658 ASSERT(log->l_sectBBsize == 1);
4660 hbp = xlog_get_bp(log, 1);
4661 h_size = XLOG_BIG_RECORD_BSIZE;
4666 dbp = xlog_get_bp(log, BTOBB(h_size));
4672 memset(rhash, 0, sizeof(rhash));
4673 blk_no = rhead_blk = tail_blk;
4674 if (tail_blk > head_blk) {
4676 * Perform recovery around the end of the physical log.
4677 * When the head is not on the same cycle number as the tail,
4678 * we can't do a sequential recovery.
4680 while (blk_no < log->l_logBBsize) {
4682 * Check for header wrapping around physical end-of-log
4684 offset = hbp->b_addr;
4687 if (blk_no + hblks <= log->l_logBBsize) {
4688 /* Read header in one read */
4689 error = xlog_bread(log, blk_no, hblks, hbp,
4694 /* This LR is split across physical log end */
4695 if (blk_no != log->l_logBBsize) {
4696 /* some data before physical log end */
4697 ASSERT(blk_no <= INT_MAX);
4698 split_hblks = log->l_logBBsize - (int)blk_no;
4699 ASSERT(split_hblks > 0);
4700 error = xlog_bread(log, blk_no,
4708 * Note: this black magic still works with
4709 * large sector sizes (non-512) only because:
4710 * - we increased the buffer size originally
4711 * by 1 sector giving us enough extra space
4712 * for the second read;
4713 * - the log start is guaranteed to be sector
4715 * - we read the log end (LR header start)
4716 * _first_, then the log start (LR header end)
4717 * - order is important.
4719 wrapped_hblks = hblks - split_hblks;
4720 error = xlog_bread_offset(log, 0,
4722 offset + BBTOB(split_hblks));
4726 rhead = (xlog_rec_header_t *)offset;
4727 error = xlog_valid_rec_header(log, rhead,
4728 split_hblks ? blk_no : 0);
4732 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4735 /* Read in data for log record */
4736 if (blk_no + bblks <= log->l_logBBsize) {
4737 error = xlog_bread(log, blk_no, bblks, dbp,
4742 /* This log record is split across the
4743 * physical end of log */
4744 offset = dbp->b_addr;
4746 if (blk_no != log->l_logBBsize) {
4747 /* some data is before the physical
4749 ASSERT(!wrapped_hblks);
4750 ASSERT(blk_no <= INT_MAX);
4752 log->l_logBBsize - (int)blk_no;
4753 ASSERT(split_bblks > 0);
4754 error = xlog_bread(log, blk_no,
4762 * Note: this black magic still works with
4763 * large sector sizes (non-512) only because:
4764 * - we increased the buffer size originally
4765 * by 1 sector giving us enough extra space
4766 * for the second read;
4767 * - the log start is guaranteed to be sector
4769 * - we read the log end (LR header start)
4770 * _first_, then the log start (LR header end)
4771 * - order is important.
4773 error = xlog_bread_offset(log, 0,
4774 bblks - split_bblks, dbp,
4775 offset + BBTOB(split_bblks));
4780 error = xlog_recover_process(log, rhash, rhead, offset,
4789 ASSERT(blk_no >= log->l_logBBsize);
4790 blk_no -= log->l_logBBsize;
4794 /* read first part of physical log */
4795 while (blk_no < head_blk) {
4796 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
4800 rhead = (xlog_rec_header_t *)offset;
4801 error = xlog_valid_rec_header(log, rhead, blk_no);
4805 /* blocks in data section */
4806 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4807 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
4812 error = xlog_recover_process(log, rhash, rhead, offset, pass);
4816 blk_no += bblks + hblks;
4825 if (error && first_bad)
4826 *first_bad = rhead_blk;
4832 * Do the recovery of the log. We actually do this in two phases.
4833 * The two passes are necessary in order to implement the function
4834 * of cancelling a record written into the log. The first pass
4835 * determines those things which have been cancelled, and the
4836 * second pass replays log items normally except for those which
4837 * have been cancelled. The handling of the replay and cancellations
4838 * takes place in the log item type specific routines.
4840 * The table of items which have cancel records in the log is allocated
4841 * and freed at this level, since only here do we know when all of
4842 * the log recovery has been completed.
4845 xlog_do_log_recovery(
4847 xfs_daddr_t head_blk,
4848 xfs_daddr_t tail_blk)
4852 ASSERT(head_blk != tail_blk);
4855 * First do a pass to find all of the cancelled buf log items.
4856 * Store them in the buf_cancel_table for use in the second pass.
4858 log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE *
4859 sizeof(struct list_head),
4861 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4862 INIT_LIST_HEAD(&log->l_buf_cancel_table[i]);
4864 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4865 XLOG_RECOVER_PASS1, NULL);
4867 kmem_free(log->l_buf_cancel_table);
4868 log->l_buf_cancel_table = NULL;
4872 * Then do a second pass to actually recover the items in the log.
4873 * When it is complete free the table of buf cancel items.
4875 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4876 XLOG_RECOVER_PASS2, NULL);
4881 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4882 ASSERT(list_empty(&log->l_buf_cancel_table[i]));
4886 kmem_free(log->l_buf_cancel_table);
4887 log->l_buf_cancel_table = NULL;
4893 * Do the actual recovery
4898 xfs_daddr_t head_blk,
4899 xfs_daddr_t tail_blk)
4906 * First replay the images in the log.
4908 error = xlog_do_log_recovery(log, head_blk, tail_blk);
4913 * If IO errors happened during recovery, bail out.
4915 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
4920 * We now update the tail_lsn since much of the recovery has completed
4921 * and there may be space available to use. If there were no extent
4922 * or iunlinks, we can free up the entire log and set the tail_lsn to
4923 * be the last_sync_lsn. This was set in xlog_find_tail to be the
4924 * lsn of the last known good LR on disk. If there are extent frees
4925 * or iunlinks they will have some entries in the AIL; so we look at
4926 * the AIL to determine how to set the tail_lsn.
4928 xlog_assign_tail_lsn(log->l_mp);
4931 * Now that we've finished replaying all buffer and inode
4932 * updates, re-read in the superblock and reverify it.
4934 bp = xfs_getsb(log->l_mp, 0);
4935 bp->b_flags &= ~(XBF_DONE | XBF_ASYNC);
4936 ASSERT(!(bp->b_flags & XBF_WRITE));
4937 bp->b_flags |= XBF_READ;
4938 bp->b_ops = &xfs_sb_buf_ops;
4940 error = xfs_buf_submit_wait(bp);
4942 if (!XFS_FORCED_SHUTDOWN(log->l_mp)) {
4943 xfs_buf_ioerror_alert(bp, __func__);
4950 /* Convert superblock from on-disk format */
4951 sbp = &log->l_mp->m_sb;
4952 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
4953 ASSERT(sbp->sb_magicnum == XFS_SB_MAGIC);
4954 ASSERT(xfs_sb_good_version(sbp));
4955 xfs_reinit_percpu_counters(log->l_mp);
4960 xlog_recover_check_summary(log);
4962 /* Normal transactions can now occur */
4963 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
4968 * Perform recovery and re-initialize some log variables in xlog_find_tail.
4970 * Return error or zero.
4976 xfs_daddr_t head_blk, tail_blk;
4979 /* find the tail of the log */
4980 error = xlog_find_tail(log, &head_blk, &tail_blk);
4985 * The superblock was read before the log was available and thus the LSN
4986 * could not be verified. Check the superblock LSN against the current
4987 * LSN now that it's known.
4989 if (xfs_sb_version_hascrc(&log->l_mp->m_sb) &&
4990 !xfs_log_check_lsn(log->l_mp, log->l_mp->m_sb.sb_lsn))
4993 if (tail_blk != head_blk) {
4994 /* There used to be a comment here:
4996 * disallow recovery on read-only mounts. note -- mount
4997 * checks for ENOSPC and turns it into an intelligent
4999 * ...but this is no longer true. Now, unless you specify
5000 * NORECOVERY (in which case this function would never be
5001 * called), we just go ahead and recover. We do this all
5002 * under the vfs layer, so we can get away with it unless
5003 * the device itself is read-only, in which case we fail.
5005 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
5010 * Version 5 superblock log feature mask validation. We know the
5011 * log is dirty so check if there are any unknown log features
5012 * in what we need to recover. If there are unknown features
5013 * (e.g. unsupported transactions, then simply reject the
5014 * attempt at recovery before touching anything.
5016 if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 &&
5017 xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb,
5018 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
5020 "Superblock has unknown incompatible log features (0x%x) enabled.",
5021 (log->l_mp->m_sb.sb_features_log_incompat &
5022 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
5024 "The log can not be fully and/or safely recovered by this kernel.");
5026 "Please recover the log on a kernel that supports the unknown features.");
5031 * Delay log recovery if the debug hook is set. This is debug
5032 * instrumention to coordinate simulation of I/O failures with
5035 if (xfs_globals.log_recovery_delay) {
5036 xfs_notice(log->l_mp,
5037 "Delaying log recovery for %d seconds.",
5038 xfs_globals.log_recovery_delay);
5039 msleep(xfs_globals.log_recovery_delay * 1000);
5042 xfs_notice(log->l_mp, "Starting recovery (logdev: %s)",
5043 log->l_mp->m_logname ? log->l_mp->m_logname
5046 error = xlog_do_recover(log, head_blk, tail_blk);
5047 log->l_flags |= XLOG_RECOVERY_NEEDED;
5053 * In the first part of recovery we replay inodes and buffers and build
5054 * up the list of extent free items which need to be processed. Here
5055 * we process the extent free items and clean up the on disk unlinked
5056 * inode lists. This is separated from the first part of recovery so
5057 * that the root and real-time bitmap inodes can be read in from disk in
5058 * between the two stages. This is necessary so that we can free space
5059 * in the real-time portion of the file system.
5062 xlog_recover_finish(
5066 * Now we're ready to do the transactions needed for the
5067 * rest of recovery. Start with completing all the extent
5068 * free intent records and then process the unlinked inode
5069 * lists. At this point, we essentially run in normal mode
5070 * except that we're still performing recovery actions
5071 * rather than accepting new requests.
5073 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
5075 error = xlog_recover_process_efis(log);
5077 xfs_alert(log->l_mp, "Failed to recover EFIs");
5081 * Sync the log to get all the EFIs out of the AIL.
5082 * This isn't absolutely necessary, but it helps in
5083 * case the unlink transactions would have problems
5084 * pushing the EFIs out of the way.
5086 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
5088 xlog_recover_process_iunlinks(log);
5090 xlog_recover_check_summary(log);
5092 xfs_notice(log->l_mp, "Ending recovery (logdev: %s)",
5093 log->l_mp->m_logname ? log->l_mp->m_logname
5095 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
5097 xfs_info(log->l_mp, "Ending clean mount");
5103 xlog_recover_cancel(
5108 if (log->l_flags & XLOG_RECOVERY_NEEDED)
5109 error = xlog_recover_cancel_efis(log);
5116 * Read all of the agf and agi counters and check that they
5117 * are consistent with the superblock counters.
5120 xlog_recover_check_summary(
5127 xfs_agnumber_t agno;
5128 __uint64_t freeblks;
5138 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
5139 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
5141 xfs_alert(mp, "%s agf read failed agno %d error %d",
5142 __func__, agno, error);
5144 agfp = XFS_BUF_TO_AGF(agfbp);
5145 freeblks += be32_to_cpu(agfp->agf_freeblks) +
5146 be32_to_cpu(agfp->agf_flcount);
5147 xfs_buf_relse(agfbp);
5150 error = xfs_read_agi(mp, NULL, agno, &agibp);
5152 xfs_alert(mp, "%s agi read failed agno %d error %d",
5153 __func__, agno, error);
5155 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
5157 itotal += be32_to_cpu(agi->agi_count);
5158 ifree += be32_to_cpu(agi->agi_freecount);
5159 xfs_buf_relse(agibp);
projects / karo-tx-linux.git / blob