2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
28 #include "xfs_mount.h"
29 #include "xfs_da_format.h"
30 #include "xfs_inode.h"
31 #include "xfs_trans.h"
33 #include "xfs_log_priv.h"
34 #include "xfs_log_recover.h"
35 #include "xfs_inode_item.h"
36 #include "xfs_extfree_item.h"
37 #include "xfs_trans_priv.h"
38 #include "xfs_alloc.h"
39 #include "xfs_ialloc.h"
40 #include "xfs_quota.h"
41 #include "xfs_cksum.h"
42 #include "xfs_trace.h"
43 #include "xfs_icache.h"
44 #include "xfs_bmap_btree.h"
45 #include "xfs_dinode.h"
46 #include "xfs_error.h"
49 #define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1)
56 xlog_clear_stale_blocks(
61 xlog_recover_check_summary(
64 #define xlog_recover_check_summary(log)
68 * This structure is used during recovery to record the buf log items which
69 * have been canceled and should not be replayed.
71 struct xfs_buf_cancel {
75 struct list_head bc_list;
79 * Sector aligned buffer routines for buffer create/read/write/access
83 * Verify the given count of basic blocks is valid number of blocks
84 * to specify for an operation involving the given XFS log buffer.
85 * Returns nonzero if the count is valid, 0 otherwise.
89 xlog_buf_bbcount_valid(
93 return bbcount > 0 && bbcount <= log->l_logBBsize;
97 * Allocate a buffer to hold log data. The buffer needs to be able
98 * to map to a range of nbblks basic blocks at any valid (basic
99 * block) offset within the log.
108 if (!xlog_buf_bbcount_valid(log, nbblks)) {
109 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
111 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
116 * We do log I/O in units of log sectors (a power-of-2
117 * multiple of the basic block size), so we round up the
118 * requested size to accommodate the basic blocks required
119 * for complete log sectors.
121 * In addition, the buffer may be used for a non-sector-
122 * aligned block offset, in which case an I/O of the
123 * requested size could extend beyond the end of the
124 * buffer. If the requested size is only 1 basic block it
125 * will never straddle a sector boundary, so this won't be
126 * an issue. Nor will this be a problem if the log I/O is
127 * done in basic blocks (sector size 1). But otherwise we
128 * extend the buffer by one extra log sector to ensure
129 * there's space to accommodate this possibility.
131 if (nbblks > 1 && log->l_sectBBsize > 1)
132 nbblks += log->l_sectBBsize;
133 nbblks = round_up(nbblks, log->l_sectBBsize);
135 bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0);
149 * Return the address of the start of the given block number's data
150 * in a log buffer. The buffer covers a log sector-aligned region.
159 xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1);
161 ASSERT(offset + nbblks <= bp->b_length);
162 return bp->b_addr + BBTOB(offset);
167 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
178 if (!xlog_buf_bbcount_valid(log, nbblks)) {
179 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
181 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
182 return -EFSCORRUPTED;
185 blk_no = round_down(blk_no, log->l_sectBBsize);
186 nbblks = round_up(nbblks, log->l_sectBBsize);
189 ASSERT(nbblks <= bp->b_length);
191 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
193 bp->b_io_length = nbblks;
196 if (XFS_FORCED_SHUTDOWN(log->l_mp))
199 xfs_buf_iorequest(bp);
200 error = xfs_buf_iowait(bp);
202 xfs_buf_ioerror_alert(bp, __func__);
216 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
220 *offset = xlog_align(log, blk_no, nbblks, bp);
225 * Read at an offset into the buffer. Returns with the buffer in it's original
226 * state regardless of the result of the read.
231 xfs_daddr_t blk_no, /* block to read from */
232 int nbblks, /* blocks to read */
236 xfs_caddr_t orig_offset = bp->b_addr;
237 int orig_len = BBTOB(bp->b_length);
240 error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks));
244 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
246 /* must reset buffer pointer even on error */
247 error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len);
254 * Write out the buffer at the given block for the given number of blocks.
255 * The buffer is kept locked across the write and is returned locked.
256 * This can only be used for synchronous log writes.
267 if (!xlog_buf_bbcount_valid(log, nbblks)) {
268 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
270 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
271 return -EFSCORRUPTED;
274 blk_no = round_down(blk_no, log->l_sectBBsize);
275 nbblks = round_up(nbblks, log->l_sectBBsize);
278 ASSERT(nbblks <= bp->b_length);
280 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
281 XFS_BUF_ZEROFLAGS(bp);
284 bp->b_io_length = nbblks;
287 error = xfs_bwrite(bp);
289 xfs_buf_ioerror_alert(bp, __func__);
296 * dump debug superblock and log record information
299 xlog_header_check_dump(
301 xlog_rec_header_t *head)
303 xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d",
304 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
305 xfs_debug(mp, " log : uuid = %pU, fmt = %d",
306 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
309 #define xlog_header_check_dump(mp, head)
313 * check log record header for recovery
316 xlog_header_check_recover(
318 xlog_rec_header_t *head)
320 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
323 * IRIX doesn't write the h_fmt field and leaves it zeroed
324 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
325 * a dirty log created in IRIX.
327 if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) {
329 "dirty log written in incompatible format - can't recover");
330 xlog_header_check_dump(mp, head);
331 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
332 XFS_ERRLEVEL_HIGH, mp);
333 return -EFSCORRUPTED;
334 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
336 "dirty log entry has mismatched uuid - can't recover");
337 xlog_header_check_dump(mp, head);
338 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
339 XFS_ERRLEVEL_HIGH, mp);
340 return -EFSCORRUPTED;
346 * read the head block of the log and check the header
349 xlog_header_check_mount(
351 xlog_rec_header_t *head)
353 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
355 if (uuid_is_nil(&head->h_fs_uuid)) {
357 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
358 * h_fs_uuid is nil, we assume this log was last mounted
359 * by IRIX and continue.
361 xfs_warn(mp, "nil uuid in log - IRIX style log");
362 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
363 xfs_warn(mp, "log has mismatched uuid - can't recover");
364 xlog_header_check_dump(mp, head);
365 XFS_ERROR_REPORT("xlog_header_check_mount",
366 XFS_ERRLEVEL_HIGH, mp);
367 return -EFSCORRUPTED;
378 * We're not going to bother about retrying
379 * this during recovery. One strike!
381 xfs_buf_ioerror_alert(bp, __func__);
382 xfs_force_shutdown(bp->b_target->bt_mount,
383 SHUTDOWN_META_IO_ERROR);
386 xfs_buf_ioend(bp, 0);
390 * This routine finds (to an approximation) the first block in the physical
391 * log which contains the given cycle. It uses a binary search algorithm.
392 * Note that the algorithm can not be perfect because the disk will not
393 * necessarily be perfect.
396 xlog_find_cycle_start(
399 xfs_daddr_t first_blk,
400 xfs_daddr_t *last_blk,
410 mid_blk = BLK_AVG(first_blk, end_blk);
411 while (mid_blk != first_blk && mid_blk != end_blk) {
412 error = xlog_bread(log, mid_blk, 1, bp, &offset);
415 mid_cycle = xlog_get_cycle(offset);
416 if (mid_cycle == cycle)
417 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
419 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
420 mid_blk = BLK_AVG(first_blk, end_blk);
422 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
423 (mid_blk == end_blk && mid_blk-1 == first_blk));
431 * Check that a range of blocks does not contain stop_on_cycle_no.
432 * Fill in *new_blk with the block offset where such a block is
433 * found, or with -1 (an invalid block number) if there is no such
434 * block in the range. The scan needs to occur from front to back
435 * and the pointer into the region must be updated since a later
436 * routine will need to perform another test.
439 xlog_find_verify_cycle(
441 xfs_daddr_t start_blk,
443 uint stop_on_cycle_no,
444 xfs_daddr_t *new_blk)
450 xfs_caddr_t buf = NULL;
454 * Greedily allocate a buffer big enough to handle the full
455 * range of basic blocks we'll be examining. If that fails,
456 * try a smaller size. We need to be able to read at least
457 * a log sector, or we're out of luck.
459 bufblks = 1 << ffs(nbblks);
460 while (bufblks > log->l_logBBsize)
462 while (!(bp = xlog_get_bp(log, bufblks))) {
464 if (bufblks < log->l_sectBBsize)
468 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
471 bcount = min(bufblks, (start_blk + nbblks - i));
473 error = xlog_bread(log, i, bcount, bp, &buf);
477 for (j = 0; j < bcount; j++) {
478 cycle = xlog_get_cycle(buf);
479 if (cycle == stop_on_cycle_no) {
496 * Potentially backup over partial log record write.
498 * In the typical case, last_blk is the number of the block directly after
499 * a good log record. Therefore, we subtract one to get the block number
500 * of the last block in the given buffer. extra_bblks contains the number
501 * of blocks we would have read on a previous read. This happens when the
502 * last log record is split over the end of the physical log.
504 * extra_bblks is the number of blocks potentially verified on a previous
505 * call to this routine.
508 xlog_find_verify_log_record(
510 xfs_daddr_t start_blk,
511 xfs_daddr_t *last_blk,
516 xfs_caddr_t offset = NULL;
517 xlog_rec_header_t *head = NULL;
520 int num_blks = *last_blk - start_blk;
523 ASSERT(start_blk != 0 || *last_blk != start_blk);
525 if (!(bp = xlog_get_bp(log, num_blks))) {
526 if (!(bp = xlog_get_bp(log, 1)))
530 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
533 offset += ((num_blks - 1) << BBSHIFT);
536 for (i = (*last_blk) - 1; i >= 0; i--) {
538 /* valid log record not found */
540 "Log inconsistent (didn't find previous header)");
547 error = xlog_bread(log, i, 1, bp, &offset);
552 head = (xlog_rec_header_t *)offset;
554 if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
562 * We hit the beginning of the physical log & still no header. Return
563 * to caller. If caller can handle a return of -1, then this routine
564 * will be called again for the end of the physical log.
572 * We have the final block of the good log (the first block
573 * of the log record _before_ the head. So we check the uuid.
575 if ((error = xlog_header_check_mount(log->l_mp, head)))
579 * We may have found a log record header before we expected one.
580 * last_blk will be the 1st block # with a given cycle #. We may end
581 * up reading an entire log record. In this case, we don't want to
582 * reset last_blk. Only when last_blk points in the middle of a log
583 * record do we update last_blk.
585 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
586 uint h_size = be32_to_cpu(head->h_size);
588 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
589 if (h_size % XLOG_HEADER_CYCLE_SIZE)
595 if (*last_blk - i + extra_bblks !=
596 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
605 * Head is defined to be the point of the log where the next log write
606 * could go. This means that incomplete LR writes at the end are
607 * eliminated when calculating the head. We aren't guaranteed that previous
608 * LR have complete transactions. We only know that a cycle number of
609 * current cycle number -1 won't be present in the log if we start writing
610 * from our current block number.
612 * last_blk contains the block number of the first block with a given
615 * Return: zero if normal, non-zero if error.
620 xfs_daddr_t *return_head_blk)
624 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
626 uint first_half_cycle, last_half_cycle;
628 int error, log_bbnum = log->l_logBBsize;
630 /* Is the end of the log device zeroed? */
631 error = xlog_find_zeroed(log, &first_blk);
633 xfs_warn(log->l_mp, "empty log check failed");
637 *return_head_blk = first_blk;
639 /* Is the whole lot zeroed? */
641 /* Linux XFS shouldn't generate totally zeroed logs -
642 * mkfs etc write a dummy unmount record to a fresh
643 * log so we can store the uuid in there
645 xfs_warn(log->l_mp, "totally zeroed log");
651 first_blk = 0; /* get cycle # of 1st block */
652 bp = xlog_get_bp(log, 1);
656 error = xlog_bread(log, 0, 1, bp, &offset);
660 first_half_cycle = xlog_get_cycle(offset);
662 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
663 error = xlog_bread(log, last_blk, 1, bp, &offset);
667 last_half_cycle = xlog_get_cycle(offset);
668 ASSERT(last_half_cycle != 0);
671 * If the 1st half cycle number is equal to the last half cycle number,
672 * then the entire log is stamped with the same cycle number. In this
673 * case, head_blk can't be set to zero (which makes sense). The below
674 * math doesn't work out properly with head_blk equal to zero. Instead,
675 * we set it to log_bbnum which is an invalid block number, but this
676 * value makes the math correct. If head_blk doesn't changed through
677 * all the tests below, *head_blk is set to zero at the very end rather
678 * than log_bbnum. In a sense, log_bbnum and zero are the same block
679 * in a circular file.
681 if (first_half_cycle == last_half_cycle) {
683 * In this case we believe that the entire log should have
684 * cycle number last_half_cycle. We need to scan backwards
685 * from the end verifying that there are no holes still
686 * containing last_half_cycle - 1. If we find such a hole,
687 * then the start of that hole will be the new head. The
688 * simple case looks like
689 * x | x ... | x - 1 | x
690 * Another case that fits this picture would be
691 * x | x + 1 | x ... | x
692 * In this case the head really is somewhere at the end of the
693 * log, as one of the latest writes at the beginning was
696 * x | x + 1 | x ... | x - 1 | x
697 * This is really the combination of the above two cases, and
698 * the head has to end up at the start of the x-1 hole at the
701 * In the 256k log case, we will read from the beginning to the
702 * end of the log and search for cycle numbers equal to x-1.
703 * We don't worry about the x+1 blocks that we encounter,
704 * because we know that they cannot be the head since the log
707 head_blk = log_bbnum;
708 stop_on_cycle = last_half_cycle - 1;
711 * In this case we want to find the first block with cycle
712 * number matching last_half_cycle. We expect the log to be
714 * x + 1 ... | x ... | x
715 * The first block with cycle number x (last_half_cycle) will
716 * be where the new head belongs. First we do a binary search
717 * for the first occurrence of last_half_cycle. The binary
718 * search may not be totally accurate, so then we scan back
719 * from there looking for occurrences of last_half_cycle before
720 * us. If that backwards scan wraps around the beginning of
721 * the log, then we look for occurrences of last_half_cycle - 1
722 * at the end of the log. The cases we're looking for look
724 * v binary search stopped here
725 * x + 1 ... | x | x + 1 | x ... | x
726 * ^ but we want to locate this spot
728 * <---------> less than scan distance
729 * x + 1 ... | x ... | x - 1 | x
730 * ^ we want to locate this spot
732 stop_on_cycle = last_half_cycle;
733 if ((error = xlog_find_cycle_start(log, bp, first_blk,
734 &head_blk, last_half_cycle)))
739 * Now validate the answer. Scan back some number of maximum possible
740 * blocks and make sure each one has the expected cycle number. The
741 * maximum is determined by the total possible amount of buffering
742 * in the in-core log. The following number can be made tighter if
743 * we actually look at the block size of the filesystem.
745 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
746 if (head_blk >= num_scan_bblks) {
748 * We are guaranteed that the entire check can be performed
751 start_blk = head_blk - num_scan_bblks;
752 if ((error = xlog_find_verify_cycle(log,
753 start_blk, num_scan_bblks,
754 stop_on_cycle, &new_blk)))
758 } else { /* need to read 2 parts of log */
760 * We are going to scan backwards in the log in two parts.
761 * First we scan the physical end of the log. In this part
762 * of the log, we are looking for blocks with cycle number
763 * last_half_cycle - 1.
764 * If we find one, then we know that the log starts there, as
765 * we've found a hole that didn't get written in going around
766 * the end of the physical log. The simple case for this is
767 * x + 1 ... | x ... | x - 1 | x
768 * <---------> less than scan distance
769 * If all of the blocks at the end of the log have cycle number
770 * last_half_cycle, then we check the blocks at the start of
771 * the log looking for occurrences of last_half_cycle. If we
772 * find one, then our current estimate for the location of the
773 * first occurrence of last_half_cycle is wrong and we move
774 * back to the hole we've found. This case looks like
775 * x + 1 ... | x | x + 1 | x ...
776 * ^ binary search stopped here
777 * Another case we need to handle that only occurs in 256k
779 * x + 1 ... | x ... | x+1 | x ...
780 * ^ binary search stops here
781 * In a 256k log, the scan at the end of the log will see the
782 * x + 1 blocks. We need to skip past those since that is
783 * certainly not the head of the log. By searching for
784 * last_half_cycle-1 we accomplish that.
786 ASSERT(head_blk <= INT_MAX &&
787 (xfs_daddr_t) num_scan_bblks >= head_blk);
788 start_blk = log_bbnum - (num_scan_bblks - head_blk);
789 if ((error = xlog_find_verify_cycle(log, start_blk,
790 num_scan_bblks - (int)head_blk,
791 (stop_on_cycle - 1), &new_blk)))
799 * Scan beginning of log now. The last part of the physical
800 * log is good. This scan needs to verify that it doesn't find
801 * the last_half_cycle.
804 ASSERT(head_blk <= INT_MAX);
805 if ((error = xlog_find_verify_cycle(log,
806 start_blk, (int)head_blk,
807 stop_on_cycle, &new_blk)))
815 * Now we need to make sure head_blk is not pointing to a block in
816 * the middle of a log record.
818 num_scan_bblks = XLOG_REC_SHIFT(log);
819 if (head_blk >= num_scan_bblks) {
820 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
822 /* start ptr at last block ptr before head_blk */
823 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
830 ASSERT(head_blk <= INT_MAX);
831 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
835 /* We hit the beginning of the log during our search */
836 start_blk = log_bbnum - (num_scan_bblks - head_blk);
838 ASSERT(start_blk <= INT_MAX &&
839 (xfs_daddr_t) log_bbnum-start_blk >= 0);
840 ASSERT(head_blk <= INT_MAX);
841 error = xlog_find_verify_log_record(log, start_blk,
842 &new_blk, (int)head_blk);
847 if (new_blk != log_bbnum)
854 if (head_blk == log_bbnum)
855 *return_head_blk = 0;
857 *return_head_blk = head_blk;
859 * When returning here, we have a good block number. Bad block
860 * means that during a previous crash, we didn't have a clean break
861 * from cycle number N to cycle number N-1. In this case, we need
862 * to find the first block with cycle number N-1.
870 xfs_warn(log->l_mp, "failed to find log head");
875 * Find the sync block number or the tail of the log.
877 * This will be the block number of the last record to have its
878 * associated buffers synced to disk. Every log record header has
879 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
880 * to get a sync block number. The only concern is to figure out which
881 * log record header to believe.
883 * The following algorithm uses the log record header with the largest
884 * lsn. The entire log record does not need to be valid. We only care
885 * that the header is valid.
887 * We could speed up search by using current head_blk buffer, but it is not
893 xfs_daddr_t *head_blk,
894 xfs_daddr_t *tail_blk)
896 xlog_rec_header_t *rhead;
897 xlog_op_header_t *op_head;
898 xfs_caddr_t offset = NULL;
901 xfs_daddr_t umount_data_blk;
902 xfs_daddr_t after_umount_blk;
909 * Find previous log record
911 if ((error = xlog_find_head(log, head_blk)))
914 bp = xlog_get_bp(log, 1);
917 if (*head_blk == 0) { /* special case */
918 error = xlog_bread(log, 0, 1, bp, &offset);
922 if (xlog_get_cycle(offset) == 0) {
924 /* leave all other log inited values alone */
930 * Search backwards looking for log record header block
932 ASSERT(*head_blk < INT_MAX);
933 for (i = (int)(*head_blk) - 1; i >= 0; i--) {
934 error = xlog_bread(log, i, 1, bp, &offset);
938 if (*(__be32 *)offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
944 * If we haven't found the log record header block, start looking
945 * again from the end of the physical log. XXXmiken: There should be
946 * a check here to make sure we didn't search more than N blocks in
950 for (i = log->l_logBBsize - 1; i >= (int)(*head_blk); i--) {
951 error = xlog_bread(log, i, 1, bp, &offset);
955 if (*(__be32 *)offset ==
956 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
963 xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__);
969 /* find blk_no of tail of log */
970 rhead = (xlog_rec_header_t *)offset;
971 *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn));
974 * Reset log values according to the state of the log when we
975 * crashed. In the case where head_blk == 0, we bump curr_cycle
976 * one because the next write starts a new cycle rather than
977 * continuing the cycle of the last good log record. At this
978 * point we have guaranteed that all partial log records have been
979 * accounted for. Therefore, we know that the last good log record
980 * written was complete and ended exactly on the end boundary
981 * of the physical log.
983 log->l_prev_block = i;
984 log->l_curr_block = (int)*head_blk;
985 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
988 atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn));
989 atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn));
990 xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle,
991 BBTOB(log->l_curr_block));
992 xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle,
993 BBTOB(log->l_curr_block));
996 * Look for unmount record. If we find it, then we know there
997 * was a clean unmount. Since 'i' could be the last block in
998 * the physical log, we convert to a log block before comparing
1001 * Save the current tail lsn to use to pass to
1002 * xlog_clear_stale_blocks() below. We won't want to clear the
1003 * unmount record if there is one, so we pass the lsn of the
1004 * unmount record rather than the block after it.
1006 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1007 int h_size = be32_to_cpu(rhead->h_size);
1008 int h_version = be32_to_cpu(rhead->h_version);
1010 if ((h_version & XLOG_VERSION_2) &&
1011 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
1012 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
1013 if (h_size % XLOG_HEADER_CYCLE_SIZE)
1021 after_umount_blk = (i + hblks + (int)
1022 BTOBB(be32_to_cpu(rhead->h_len))) % log->l_logBBsize;
1023 tail_lsn = atomic64_read(&log->l_tail_lsn);
1024 if (*head_blk == after_umount_blk &&
1025 be32_to_cpu(rhead->h_num_logops) == 1) {
1026 umount_data_blk = (i + hblks) % log->l_logBBsize;
1027 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
1031 op_head = (xlog_op_header_t *)offset;
1032 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
1034 * Set tail and last sync so that newly written
1035 * log records will point recovery to after the
1036 * current unmount record.
1038 xlog_assign_atomic_lsn(&log->l_tail_lsn,
1039 log->l_curr_cycle, after_umount_blk);
1040 xlog_assign_atomic_lsn(&log->l_last_sync_lsn,
1041 log->l_curr_cycle, after_umount_blk);
1042 *tail_blk = after_umount_blk;
1045 * Note that the unmount was clean. If the unmount
1046 * was not clean, we need to know this to rebuild the
1047 * superblock counters from the perag headers if we
1048 * have a filesystem using non-persistent counters.
1050 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1055 * Make sure that there are no blocks in front of the head
1056 * with the same cycle number as the head. This can happen
1057 * because we allow multiple outstanding log writes concurrently,
1058 * and the later writes might make it out before earlier ones.
1060 * We use the lsn from before modifying it so that we'll never
1061 * overwrite the unmount record after a clean unmount.
1063 * Do this only if we are going to recover the filesystem
1065 * NOTE: This used to say "if (!readonly)"
1066 * However on Linux, we can & do recover a read-only filesystem.
1067 * We only skip recovery if NORECOVERY is specified on mount,
1068 * in which case we would not be here.
1070 * But... if the -device- itself is readonly, just skip this.
1071 * We can't recover this device anyway, so it won't matter.
1073 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1074 error = xlog_clear_stale_blocks(log, tail_lsn);
1080 xfs_warn(log->l_mp, "failed to locate log tail");
1085 * Is the log zeroed at all?
1087 * The last binary search should be changed to perform an X block read
1088 * once X becomes small enough. You can then search linearly through
1089 * the X blocks. This will cut down on the number of reads we need to do.
1091 * If the log is partially zeroed, this routine will pass back the blkno
1092 * of the first block with cycle number 0. It won't have a complete LR
1096 * 0 => the log is completely written to
1097 * 1 => use *blk_no as the first block of the log
1098 * <0 => error has occurred
1103 xfs_daddr_t *blk_no)
1107 uint first_cycle, last_cycle;
1108 xfs_daddr_t new_blk, last_blk, start_blk;
1109 xfs_daddr_t num_scan_bblks;
1110 int error, log_bbnum = log->l_logBBsize;
1114 /* check totally zeroed log */
1115 bp = xlog_get_bp(log, 1);
1118 error = xlog_bread(log, 0, 1, bp, &offset);
1122 first_cycle = xlog_get_cycle(offset);
1123 if (first_cycle == 0) { /* completely zeroed log */
1129 /* check partially zeroed log */
1130 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1134 last_cycle = xlog_get_cycle(offset);
1135 if (last_cycle != 0) { /* log completely written to */
1138 } else if (first_cycle != 1) {
1140 * If the cycle of the last block is zero, the cycle of
1141 * the first block must be 1. If it's not, maybe we're
1142 * not looking at a log... Bail out.
1145 "Log inconsistent or not a log (last==0, first!=1)");
1150 /* we have a partially zeroed log */
1151 last_blk = log_bbnum-1;
1152 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1156 * Validate the answer. Because there is no way to guarantee that
1157 * the entire log is made up of log records which are the same size,
1158 * we scan over the defined maximum blocks. At this point, the maximum
1159 * is not chosen to mean anything special. XXXmiken
1161 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1162 ASSERT(num_scan_bblks <= INT_MAX);
1164 if (last_blk < num_scan_bblks)
1165 num_scan_bblks = last_blk;
1166 start_blk = last_blk - num_scan_bblks;
1169 * We search for any instances of cycle number 0 that occur before
1170 * our current estimate of the head. What we're trying to detect is
1171 * 1 ... | 0 | 1 | 0...
1172 * ^ binary search ends here
1174 if ((error = xlog_find_verify_cycle(log, start_blk,
1175 (int)num_scan_bblks, 0, &new_blk)))
1181 * Potentially backup over partial log record write. We don't need
1182 * to search the end of the log because we know it is zero.
1184 error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0);
1199 * These are simple subroutines used by xlog_clear_stale_blocks() below
1200 * to initialize a buffer full of empty log record headers and write
1201 * them into the log.
1212 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1214 memset(buf, 0, BBSIZE);
1215 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1216 recp->h_cycle = cpu_to_be32(cycle);
1217 recp->h_version = cpu_to_be32(
1218 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1219 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1220 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1221 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1222 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1226 xlog_write_log_records(
1237 int sectbb = log->l_sectBBsize;
1238 int end_block = start_block + blocks;
1244 * Greedily allocate a buffer big enough to handle the full
1245 * range of basic blocks to be written. If that fails, try
1246 * a smaller size. We need to be able to write at least a
1247 * log sector, or we're out of luck.
1249 bufblks = 1 << ffs(blocks);
1250 while (bufblks > log->l_logBBsize)
1252 while (!(bp = xlog_get_bp(log, bufblks))) {
1254 if (bufblks < sectbb)
1258 /* We may need to do a read at the start to fill in part of
1259 * the buffer in the starting sector not covered by the first
1262 balign = round_down(start_block, sectbb);
1263 if (balign != start_block) {
1264 error = xlog_bread_noalign(log, start_block, 1, bp);
1268 j = start_block - balign;
1271 for (i = start_block; i < end_block; i += bufblks) {
1272 int bcount, endcount;
1274 bcount = min(bufblks, end_block - start_block);
1275 endcount = bcount - j;
1277 /* We may need to do a read at the end to fill in part of
1278 * the buffer in the final sector not covered by the write.
1279 * If this is the same sector as the above read, skip it.
1281 ealign = round_down(end_block, sectbb);
1282 if (j == 0 && (start_block + endcount > ealign)) {
1283 offset = bp->b_addr + BBTOB(ealign - start_block);
1284 error = xlog_bread_offset(log, ealign, sectbb,
1291 offset = xlog_align(log, start_block, endcount, bp);
1292 for (; j < endcount; j++) {
1293 xlog_add_record(log, offset, cycle, i+j,
1294 tail_cycle, tail_block);
1297 error = xlog_bwrite(log, start_block, endcount, bp);
1300 start_block += endcount;
1310 * This routine is called to blow away any incomplete log writes out
1311 * in front of the log head. We do this so that we won't become confused
1312 * if we come up, write only a little bit more, and then crash again.
1313 * If we leave the partial log records out there, this situation could
1314 * cause us to think those partial writes are valid blocks since they
1315 * have the current cycle number. We get rid of them by overwriting them
1316 * with empty log records with the old cycle number rather than the
1319 * The tail lsn is passed in rather than taken from
1320 * the log so that we will not write over the unmount record after a
1321 * clean unmount in a 512 block log. Doing so would leave the log without
1322 * any valid log records in it until a new one was written. If we crashed
1323 * during that time we would not be able to recover.
1326 xlog_clear_stale_blocks(
1330 int tail_cycle, head_cycle;
1331 int tail_block, head_block;
1332 int tail_distance, max_distance;
1336 tail_cycle = CYCLE_LSN(tail_lsn);
1337 tail_block = BLOCK_LSN(tail_lsn);
1338 head_cycle = log->l_curr_cycle;
1339 head_block = log->l_curr_block;
1342 * Figure out the distance between the new head of the log
1343 * and the tail. We want to write over any blocks beyond the
1344 * head that we may have written just before the crash, but
1345 * we don't want to overwrite the tail of the log.
1347 if (head_cycle == tail_cycle) {
1349 * The tail is behind the head in the physical log,
1350 * so the distance from the head to the tail is the
1351 * distance from the head to the end of the log plus
1352 * the distance from the beginning of the log to the
1355 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1356 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1357 XFS_ERRLEVEL_LOW, log->l_mp);
1358 return -EFSCORRUPTED;
1360 tail_distance = tail_block + (log->l_logBBsize - head_block);
1363 * The head is behind the tail in the physical log,
1364 * so the distance from the head to the tail is just
1365 * the tail block minus the head block.
1367 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1368 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1369 XFS_ERRLEVEL_LOW, log->l_mp);
1370 return -EFSCORRUPTED;
1372 tail_distance = tail_block - head_block;
1376 * If the head is right up against the tail, we can't clear
1379 if (tail_distance <= 0) {
1380 ASSERT(tail_distance == 0);
1384 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1386 * Take the smaller of the maximum amount of outstanding I/O
1387 * we could have and the distance to the tail to clear out.
1388 * We take the smaller so that we don't overwrite the tail and
1389 * we don't waste all day writing from the head to the tail
1392 max_distance = MIN(max_distance, tail_distance);
1394 if ((head_block + max_distance) <= log->l_logBBsize) {
1396 * We can stomp all the blocks we need to without
1397 * wrapping around the end of the log. Just do it
1398 * in a single write. Use the cycle number of the
1399 * current cycle minus one so that the log will look like:
1402 error = xlog_write_log_records(log, (head_cycle - 1),
1403 head_block, max_distance, tail_cycle,
1409 * We need to wrap around the end of the physical log in
1410 * order to clear all the blocks. Do it in two separate
1411 * I/Os. The first write should be from the head to the
1412 * end of the physical log, and it should use the current
1413 * cycle number minus one just like above.
1415 distance = log->l_logBBsize - head_block;
1416 error = xlog_write_log_records(log, (head_cycle - 1),
1417 head_block, distance, tail_cycle,
1424 * Now write the blocks at the start of the physical log.
1425 * This writes the remainder of the blocks we want to clear.
1426 * It uses the current cycle number since we're now on the
1427 * same cycle as the head so that we get:
1428 * n ... n ... | n - 1 ...
1429 * ^^^^^ blocks we're writing
1431 distance = max_distance - (log->l_logBBsize - head_block);
1432 error = xlog_write_log_records(log, head_cycle, 0, distance,
1433 tail_cycle, tail_block);
1441 /******************************************************************************
1443 * Log recover routines
1445 ******************************************************************************
1449 * Sort the log items in the transaction.
1451 * The ordering constraints are defined by the inode allocation and unlink
1452 * behaviour. The rules are:
1454 * 1. Every item is only logged once in a given transaction. Hence it
1455 * represents the last logged state of the item. Hence ordering is
1456 * dependent on the order in which operations need to be performed so
1457 * required initial conditions are always met.
1459 * 2. Cancelled buffers are recorded in pass 1 in a separate table and
1460 * there's nothing to replay from them so we can simply cull them
1461 * from the transaction. However, we can't do that until after we've
1462 * replayed all the other items because they may be dependent on the
1463 * cancelled buffer and replaying the cancelled buffer can remove it
1464 * form the cancelled buffer table. Hence they have tobe done last.
1466 * 3. Inode allocation buffers must be replayed before inode items that
1467 * read the buffer and replay changes into it. For filesystems using the
1468 * ICREATE transactions, this means XFS_LI_ICREATE objects need to get
1469 * treated the same as inode allocation buffers as they create and
1470 * initialise the buffers directly.
1472 * 4. Inode unlink buffers must be replayed after inode items are replayed.
1473 * This ensures that inodes are completely flushed to the inode buffer
1474 * in a "free" state before we remove the unlinked inode list pointer.
1476 * Hence the ordering needs to be inode allocation buffers first, inode items
1477 * second, inode unlink buffers third and cancelled buffers last.
1479 * But there's a problem with that - we can't tell an inode allocation buffer
1480 * apart from a regular buffer, so we can't separate them. We can, however,
1481 * tell an inode unlink buffer from the others, and so we can separate them out
1482 * from all the other buffers and move them to last.
1484 * Hence, 4 lists, in order from head to tail:
1485 * - buffer_list for all buffers except cancelled/inode unlink buffers
1486 * - item_list for all non-buffer items
1487 * - inode_buffer_list for inode unlink buffers
1488 * - cancel_list for the cancelled buffers
1490 * Note that we add objects to the tail of the lists so that first-to-last
1491 * ordering is preserved within the lists. Adding objects to the head of the
1492 * list means when we traverse from the head we walk them in last-to-first
1493 * order. For cancelled buffers and inode unlink buffers this doesn't matter,
1494 * but for all other items there may be specific ordering that we need to
1498 xlog_recover_reorder_trans(
1500 struct xlog_recover *trans,
1503 xlog_recover_item_t *item, *n;
1505 LIST_HEAD(sort_list);
1506 LIST_HEAD(cancel_list);
1507 LIST_HEAD(buffer_list);
1508 LIST_HEAD(inode_buffer_list);
1509 LIST_HEAD(inode_list);
1511 list_splice_init(&trans->r_itemq, &sort_list);
1512 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1513 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1515 switch (ITEM_TYPE(item)) {
1516 case XFS_LI_ICREATE:
1517 list_move_tail(&item->ri_list, &buffer_list);
1520 if (buf_f->blf_flags & XFS_BLF_CANCEL) {
1521 trace_xfs_log_recover_item_reorder_head(log,
1523 list_move(&item->ri_list, &cancel_list);
1526 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1527 list_move(&item->ri_list, &inode_buffer_list);
1530 list_move_tail(&item->ri_list, &buffer_list);
1534 case XFS_LI_QUOTAOFF:
1537 trace_xfs_log_recover_item_reorder_tail(log,
1539 list_move_tail(&item->ri_list, &inode_list);
1543 "%s: unrecognized type of log operation",
1547 * return the remaining items back to the transaction
1548 * item list so they can be freed in caller.
1550 if (!list_empty(&sort_list))
1551 list_splice_init(&sort_list, &trans->r_itemq);
1557 ASSERT(list_empty(&sort_list));
1558 if (!list_empty(&buffer_list))
1559 list_splice(&buffer_list, &trans->r_itemq);
1560 if (!list_empty(&inode_list))
1561 list_splice_tail(&inode_list, &trans->r_itemq);
1562 if (!list_empty(&inode_buffer_list))
1563 list_splice_tail(&inode_buffer_list, &trans->r_itemq);
1564 if (!list_empty(&cancel_list))
1565 list_splice_tail(&cancel_list, &trans->r_itemq);
1570 * Build up the table of buf cancel records so that we don't replay
1571 * cancelled data in the second pass. For buffer records that are
1572 * not cancel records, there is nothing to do here so we just return.
1574 * If we get a cancel record which is already in the table, this indicates
1575 * that the buffer was cancelled multiple times. In order to ensure
1576 * that during pass 2 we keep the record in the table until we reach its
1577 * last occurrence in the log, we keep a reference count in the cancel
1578 * record in the table to tell us how many times we expect to see this
1579 * record during the second pass.
1582 xlog_recover_buffer_pass1(
1584 struct xlog_recover_item *item)
1586 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1587 struct list_head *bucket;
1588 struct xfs_buf_cancel *bcp;
1591 * If this isn't a cancel buffer item, then just return.
1593 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
1594 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1599 * Insert an xfs_buf_cancel record into the hash table of them.
1600 * If there is already an identical record, bump its reference count.
1602 bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno);
1603 list_for_each_entry(bcp, bucket, bc_list) {
1604 if (bcp->bc_blkno == buf_f->blf_blkno &&
1605 bcp->bc_len == buf_f->blf_len) {
1607 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1612 bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP);
1613 bcp->bc_blkno = buf_f->blf_blkno;
1614 bcp->bc_len = buf_f->blf_len;
1615 bcp->bc_refcount = 1;
1616 list_add_tail(&bcp->bc_list, bucket);
1618 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
1623 * Check to see whether the buffer being recovered has a corresponding
1624 * entry in the buffer cancel record table. If it is, return the cancel
1625 * buffer structure to the caller.
1627 STATIC struct xfs_buf_cancel *
1628 xlog_peek_buffer_cancelled(
1634 struct list_head *bucket;
1635 struct xfs_buf_cancel *bcp;
1637 if (!log->l_buf_cancel_table) {
1638 /* empty table means no cancelled buffers in the log */
1639 ASSERT(!(flags & XFS_BLF_CANCEL));
1643 bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno);
1644 list_for_each_entry(bcp, bucket, bc_list) {
1645 if (bcp->bc_blkno == blkno && bcp->bc_len == len)
1650 * We didn't find a corresponding entry in the table, so return 0 so
1651 * that the buffer is NOT cancelled.
1653 ASSERT(!(flags & XFS_BLF_CANCEL));
1658 * If the buffer is being cancelled then return 1 so that it will be cancelled,
1659 * otherwise return 0. If the buffer is actually a buffer cancel item
1660 * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the
1661 * table and remove it from the table if this is the last reference.
1663 * We remove the cancel record from the table when we encounter its last
1664 * occurrence in the log so that if the same buffer is re-used again after its
1665 * last cancellation we actually replay the changes made at that point.
1668 xlog_check_buffer_cancelled(
1674 struct xfs_buf_cancel *bcp;
1676 bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags);
1681 * We've go a match, so return 1 so that the recovery of this buffer
1682 * is cancelled. If this buffer is actually a buffer cancel log
1683 * item, then decrement the refcount on the one in the table and
1684 * remove it if this is the last reference.
1686 if (flags & XFS_BLF_CANCEL) {
1687 if (--bcp->bc_refcount == 0) {
1688 list_del(&bcp->bc_list);
1696 * Perform recovery for a buffer full of inodes. In these buffers, the only
1697 * data which should be recovered is that which corresponds to the
1698 * di_next_unlinked pointers in the on disk inode structures. The rest of the
1699 * data for the inodes is always logged through the inodes themselves rather
1700 * than the inode buffer and is recovered in xlog_recover_inode_pass2().
1702 * The only time when buffers full of inodes are fully recovered is when the
1703 * buffer is full of newly allocated inodes. In this case the buffer will
1704 * not be marked as an inode buffer and so will be sent to
1705 * xlog_recover_do_reg_buffer() below during recovery.
1708 xlog_recover_do_inode_buffer(
1709 struct xfs_mount *mp,
1710 xlog_recover_item_t *item,
1712 xfs_buf_log_format_t *buf_f)
1718 int reg_buf_offset = 0;
1719 int reg_buf_bytes = 0;
1720 int next_unlinked_offset;
1722 xfs_agino_t *logged_nextp;
1723 xfs_agino_t *buffer_nextp;
1725 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
1728 * Post recovery validation only works properly on CRC enabled
1731 if (xfs_sb_version_hascrc(&mp->m_sb))
1732 bp->b_ops = &xfs_inode_buf_ops;
1734 inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog;
1735 for (i = 0; i < inodes_per_buf; i++) {
1736 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
1737 offsetof(xfs_dinode_t, di_next_unlinked);
1739 while (next_unlinked_offset >=
1740 (reg_buf_offset + reg_buf_bytes)) {
1742 * The next di_next_unlinked field is beyond
1743 * the current logged region. Find the next
1744 * logged region that contains or is beyond
1745 * the current di_next_unlinked field.
1748 bit = xfs_next_bit(buf_f->blf_data_map,
1749 buf_f->blf_map_size, bit);
1752 * If there are no more logged regions in the
1753 * buffer, then we're done.
1758 nbits = xfs_contig_bits(buf_f->blf_data_map,
1759 buf_f->blf_map_size, bit);
1761 reg_buf_offset = bit << XFS_BLF_SHIFT;
1762 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
1767 * If the current logged region starts after the current
1768 * di_next_unlinked field, then move on to the next
1769 * di_next_unlinked field.
1771 if (next_unlinked_offset < reg_buf_offset)
1774 ASSERT(item->ri_buf[item_index].i_addr != NULL);
1775 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
1776 ASSERT((reg_buf_offset + reg_buf_bytes) <=
1777 BBTOB(bp->b_io_length));
1780 * The current logged region contains a copy of the
1781 * current di_next_unlinked field. Extract its value
1782 * and copy it to the buffer copy.
1784 logged_nextp = item->ri_buf[item_index].i_addr +
1785 next_unlinked_offset - reg_buf_offset;
1786 if (unlikely(*logged_nextp == 0)) {
1788 "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). "
1789 "Trying to replay bad (0) inode di_next_unlinked field.",
1791 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
1792 XFS_ERRLEVEL_LOW, mp);
1793 return -EFSCORRUPTED;
1796 buffer_nextp = (xfs_agino_t *)xfs_buf_offset(bp,
1797 next_unlinked_offset);
1798 *buffer_nextp = *logged_nextp;
1801 * If necessary, recalculate the CRC in the on-disk inode. We
1802 * have to leave the inode in a consistent state for whoever
1805 xfs_dinode_calc_crc(mp, (struct xfs_dinode *)
1806 xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize));
1814 * V5 filesystems know the age of the buffer on disk being recovered. We can
1815 * have newer objects on disk than we are replaying, and so for these cases we
1816 * don't want to replay the current change as that will make the buffer contents
1817 * temporarily invalid on disk.
1819 * The magic number might not match the buffer type we are going to recover
1820 * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence
1821 * extract the LSN of the existing object in the buffer based on it's current
1822 * magic number. If we don't recognise the magic number in the buffer, then
1823 * return a LSN of -1 so that the caller knows it was an unrecognised block and
1824 * so can recover the buffer.
1826 * Note: we cannot rely solely on magic number matches to determine that the
1827 * buffer has a valid LSN - we also need to verify that it belongs to this
1828 * filesystem, so we need to extract the object's LSN and compare it to that
1829 * which we read from the superblock. If the UUIDs don't match, then we've got a
1830 * stale metadata block from an old filesystem instance that we need to recover
1834 xlog_recover_get_buf_lsn(
1835 struct xfs_mount *mp,
1841 void *blk = bp->b_addr;
1845 /* v4 filesystems always recover immediately */
1846 if (!xfs_sb_version_hascrc(&mp->m_sb))
1847 goto recover_immediately;
1849 magic32 = be32_to_cpu(*(__be32 *)blk);
1851 case XFS_ABTB_CRC_MAGIC:
1852 case XFS_ABTC_CRC_MAGIC:
1853 case XFS_ABTB_MAGIC:
1854 case XFS_ABTC_MAGIC:
1855 case XFS_IBT_CRC_MAGIC:
1856 case XFS_IBT_MAGIC: {
1857 struct xfs_btree_block *btb = blk;
1859 lsn = be64_to_cpu(btb->bb_u.s.bb_lsn);
1860 uuid = &btb->bb_u.s.bb_uuid;
1863 case XFS_BMAP_CRC_MAGIC:
1864 case XFS_BMAP_MAGIC: {
1865 struct xfs_btree_block *btb = blk;
1867 lsn = be64_to_cpu(btb->bb_u.l.bb_lsn);
1868 uuid = &btb->bb_u.l.bb_uuid;
1872 lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn);
1873 uuid = &((struct xfs_agf *)blk)->agf_uuid;
1875 case XFS_AGFL_MAGIC:
1876 lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn);
1877 uuid = &((struct xfs_agfl *)blk)->agfl_uuid;
1880 lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn);
1881 uuid = &((struct xfs_agi *)blk)->agi_uuid;
1883 case XFS_SYMLINK_MAGIC:
1884 lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn);
1885 uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid;
1887 case XFS_DIR3_BLOCK_MAGIC:
1888 case XFS_DIR3_DATA_MAGIC:
1889 case XFS_DIR3_FREE_MAGIC:
1890 lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn);
1891 uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid;
1893 case XFS_ATTR3_RMT_MAGIC:
1894 lsn = be64_to_cpu(((struct xfs_attr3_rmt_hdr *)blk)->rm_lsn);
1895 uuid = &((struct xfs_attr3_rmt_hdr *)blk)->rm_uuid;
1898 lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn);
1899 uuid = &((struct xfs_dsb *)blk)->sb_uuid;
1905 if (lsn != (xfs_lsn_t)-1) {
1906 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
1907 goto recover_immediately;
1911 magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic);
1913 case XFS_DIR3_LEAF1_MAGIC:
1914 case XFS_DIR3_LEAFN_MAGIC:
1915 case XFS_DA3_NODE_MAGIC:
1916 lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn);
1917 uuid = &((struct xfs_da3_blkinfo *)blk)->uuid;
1923 if (lsn != (xfs_lsn_t)-1) {
1924 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
1925 goto recover_immediately;
1930 * We do individual object checks on dquot and inode buffers as they
1931 * have their own individual LSN records. Also, we could have a stale
1932 * buffer here, so we have to at least recognise these buffer types.
1934 * A notd complexity here is inode unlinked list processing - it logs
1935 * the inode directly in the buffer, but we don't know which inodes have
1936 * been modified, and there is no global buffer LSN. Hence we need to
1937 * recover all inode buffer types immediately. This problem will be
1938 * fixed by logical logging of the unlinked list modifications.
1940 magic16 = be16_to_cpu(*(__be16 *)blk);
1942 case XFS_DQUOT_MAGIC:
1943 case XFS_DINODE_MAGIC:
1944 goto recover_immediately;
1949 /* unknown buffer contents, recover immediately */
1951 recover_immediately:
1952 return (xfs_lsn_t)-1;
1957 * Validate the recovered buffer is of the correct type and attach the
1958 * appropriate buffer operations to them for writeback. Magic numbers are in a
1960 * the first 16 bits of the buffer (inode buffer, dquot buffer),
1961 * the first 32 bits of the buffer (most blocks),
1962 * inside a struct xfs_da_blkinfo at the start of the buffer.
1965 xlog_recover_validate_buf_type(
1966 struct xfs_mount *mp,
1968 xfs_buf_log_format_t *buf_f)
1970 struct xfs_da_blkinfo *info = bp->b_addr;
1976 * We can only do post recovery validation on items on CRC enabled
1977 * fielsystems as we need to know when the buffer was written to be able
1978 * to determine if we should have replayed the item. If we replay old
1979 * metadata over a newer buffer, then it will enter a temporarily
1980 * inconsistent state resulting in verification failures. Hence for now
1981 * just avoid the verification stage for non-crc filesystems
1983 if (!xfs_sb_version_hascrc(&mp->m_sb))
1986 magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
1987 magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
1988 magicda = be16_to_cpu(info->magic);
1989 switch (xfs_blft_from_flags(buf_f)) {
1990 case XFS_BLFT_BTREE_BUF:
1992 case XFS_ABTB_CRC_MAGIC:
1993 case XFS_ABTC_CRC_MAGIC:
1994 case XFS_ABTB_MAGIC:
1995 case XFS_ABTC_MAGIC:
1996 bp->b_ops = &xfs_allocbt_buf_ops;
1998 case XFS_IBT_CRC_MAGIC:
1999 case XFS_FIBT_CRC_MAGIC:
2001 case XFS_FIBT_MAGIC:
2002 bp->b_ops = &xfs_inobt_buf_ops;
2004 case XFS_BMAP_CRC_MAGIC:
2005 case XFS_BMAP_MAGIC:
2006 bp->b_ops = &xfs_bmbt_buf_ops;
2009 xfs_warn(mp, "Bad btree block magic!");
2014 case XFS_BLFT_AGF_BUF:
2015 if (magic32 != XFS_AGF_MAGIC) {
2016 xfs_warn(mp, "Bad AGF block magic!");
2020 bp->b_ops = &xfs_agf_buf_ops;
2022 case XFS_BLFT_AGFL_BUF:
2023 if (magic32 != XFS_AGFL_MAGIC) {
2024 xfs_warn(mp, "Bad AGFL block magic!");
2028 bp->b_ops = &xfs_agfl_buf_ops;
2030 case XFS_BLFT_AGI_BUF:
2031 if (magic32 != XFS_AGI_MAGIC) {
2032 xfs_warn(mp, "Bad AGI block magic!");
2036 bp->b_ops = &xfs_agi_buf_ops;
2038 case XFS_BLFT_UDQUOT_BUF:
2039 case XFS_BLFT_PDQUOT_BUF:
2040 case XFS_BLFT_GDQUOT_BUF:
2041 #ifdef CONFIG_XFS_QUOTA
2042 if (magic16 != XFS_DQUOT_MAGIC) {
2043 xfs_warn(mp, "Bad DQUOT block magic!");
2047 bp->b_ops = &xfs_dquot_buf_ops;
2050 "Trying to recover dquots without QUOTA support built in!");
2054 case XFS_BLFT_DINO_BUF:
2055 if (magic16 != XFS_DINODE_MAGIC) {
2056 xfs_warn(mp, "Bad INODE block magic!");
2060 bp->b_ops = &xfs_inode_buf_ops;
2062 case XFS_BLFT_SYMLINK_BUF:
2063 if (magic32 != XFS_SYMLINK_MAGIC) {
2064 xfs_warn(mp, "Bad symlink block magic!");
2068 bp->b_ops = &xfs_symlink_buf_ops;
2070 case XFS_BLFT_DIR_BLOCK_BUF:
2071 if (magic32 != XFS_DIR2_BLOCK_MAGIC &&
2072 magic32 != XFS_DIR3_BLOCK_MAGIC) {
2073 xfs_warn(mp, "Bad dir block magic!");
2077 bp->b_ops = &xfs_dir3_block_buf_ops;
2079 case XFS_BLFT_DIR_DATA_BUF:
2080 if (magic32 != XFS_DIR2_DATA_MAGIC &&
2081 magic32 != XFS_DIR3_DATA_MAGIC) {
2082 xfs_warn(mp, "Bad dir data magic!");
2086 bp->b_ops = &xfs_dir3_data_buf_ops;
2088 case XFS_BLFT_DIR_FREE_BUF:
2089 if (magic32 != XFS_DIR2_FREE_MAGIC &&
2090 magic32 != XFS_DIR3_FREE_MAGIC) {
2091 xfs_warn(mp, "Bad dir3 free magic!");
2095 bp->b_ops = &xfs_dir3_free_buf_ops;
2097 case XFS_BLFT_DIR_LEAF1_BUF:
2098 if (magicda != XFS_DIR2_LEAF1_MAGIC &&
2099 magicda != XFS_DIR3_LEAF1_MAGIC) {
2100 xfs_warn(mp, "Bad dir leaf1 magic!");
2104 bp->b_ops = &xfs_dir3_leaf1_buf_ops;
2106 case XFS_BLFT_DIR_LEAFN_BUF:
2107 if (magicda != XFS_DIR2_LEAFN_MAGIC &&
2108 magicda != XFS_DIR3_LEAFN_MAGIC) {
2109 xfs_warn(mp, "Bad dir leafn magic!");
2113 bp->b_ops = &xfs_dir3_leafn_buf_ops;
2115 case XFS_BLFT_DA_NODE_BUF:
2116 if (magicda != XFS_DA_NODE_MAGIC &&
2117 magicda != XFS_DA3_NODE_MAGIC) {
2118 xfs_warn(mp, "Bad da node magic!");
2122 bp->b_ops = &xfs_da3_node_buf_ops;
2124 case XFS_BLFT_ATTR_LEAF_BUF:
2125 if (magicda != XFS_ATTR_LEAF_MAGIC &&
2126 magicda != XFS_ATTR3_LEAF_MAGIC) {
2127 xfs_warn(mp, "Bad attr leaf magic!");
2131 bp->b_ops = &xfs_attr3_leaf_buf_ops;
2133 case XFS_BLFT_ATTR_RMT_BUF:
2134 if (magic32 != XFS_ATTR3_RMT_MAGIC) {
2135 xfs_warn(mp, "Bad attr remote magic!");
2139 bp->b_ops = &xfs_attr3_rmt_buf_ops;
2141 case XFS_BLFT_SB_BUF:
2142 if (magic32 != XFS_SB_MAGIC) {
2143 xfs_warn(mp, "Bad SB block magic!");
2147 bp->b_ops = &xfs_sb_buf_ops;
2150 xfs_warn(mp, "Unknown buffer type %d!",
2151 xfs_blft_from_flags(buf_f));
2157 * Perform a 'normal' buffer recovery. Each logged region of the
2158 * buffer should be copied over the corresponding region in the
2159 * given buffer. The bitmap in the buf log format structure indicates
2160 * where to place the logged data.
2163 xlog_recover_do_reg_buffer(
2164 struct xfs_mount *mp,
2165 xlog_recover_item_t *item,
2167 xfs_buf_log_format_t *buf_f)
2174 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
2177 i = 1; /* 0 is the buf format structure */
2179 bit = xfs_next_bit(buf_f->blf_data_map,
2180 buf_f->blf_map_size, bit);
2183 nbits = xfs_contig_bits(buf_f->blf_data_map,
2184 buf_f->blf_map_size, bit);
2186 ASSERT(item->ri_buf[i].i_addr != NULL);
2187 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
2188 ASSERT(BBTOB(bp->b_io_length) >=
2189 ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT));
2192 * The dirty regions logged in the buffer, even though
2193 * contiguous, may span multiple chunks. This is because the
2194 * dirty region may span a physical page boundary in a buffer
2195 * and hence be split into two separate vectors for writing into
2196 * the log. Hence we need to trim nbits back to the length of
2197 * the current region being copied out of the log.
2199 if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT))
2200 nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT;
2203 * Do a sanity check if this is a dquot buffer. Just checking
2204 * the first dquot in the buffer should do. XXXThis is
2205 * probably a good thing to do for other buf types also.
2208 if (buf_f->blf_flags &
2209 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2210 if (item->ri_buf[i].i_addr == NULL) {
2212 "XFS: NULL dquot in %s.", __func__);
2215 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
2217 "XFS: dquot too small (%d) in %s.",
2218 item->ri_buf[i].i_len, __func__);
2221 error = xfs_dqcheck(mp, item->ri_buf[i].i_addr,
2222 -1, 0, XFS_QMOPT_DOWARN,
2223 "dquot_buf_recover");
2228 memcpy(xfs_buf_offset(bp,
2229 (uint)bit << XFS_BLF_SHIFT), /* dest */
2230 item->ri_buf[i].i_addr, /* source */
2231 nbits<<XFS_BLF_SHIFT); /* length */
2237 /* Shouldn't be any more regions */
2238 ASSERT(i == item->ri_total);
2240 xlog_recover_validate_buf_type(mp, bp, buf_f);
2244 * Perform a dquot buffer recovery.
2245 * Simple algorithm: if we have found a QUOTAOFF log item of the same type
2246 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2247 * Else, treat it as a regular buffer and do recovery.
2249 * Return false if the buffer was tossed and true if we recovered the buffer to
2250 * indicate to the caller if the buffer needs writing.
2253 xlog_recover_do_dquot_buffer(
2254 struct xfs_mount *mp,
2256 struct xlog_recover_item *item,
2258 struct xfs_buf_log_format *buf_f)
2262 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2265 * Filesystems are required to send in quota flags at mount time.
2271 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
2272 type |= XFS_DQ_USER;
2273 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
2274 type |= XFS_DQ_PROJ;
2275 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
2276 type |= XFS_DQ_GROUP;
2278 * This type of quotas was turned off, so ignore this buffer
2280 if (log->l_quotaoffs_flag & type)
2283 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2288 * This routine replays a modification made to a buffer at runtime.
2289 * There are actually two types of buffer, regular and inode, which
2290 * are handled differently. Inode buffers are handled differently
2291 * in that we only recover a specific set of data from them, namely
2292 * the inode di_next_unlinked fields. This is because all other inode
2293 * data is actually logged via inode records and any data we replay
2294 * here which overlaps that may be stale.
2296 * When meta-data buffers are freed at run time we log a buffer item
2297 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
2298 * of the buffer in the log should not be replayed at recovery time.
2299 * This is so that if the blocks covered by the buffer are reused for
2300 * file data before we crash we don't end up replaying old, freed
2301 * meta-data into a user's file.
2303 * To handle the cancellation of buffer log items, we make two passes
2304 * over the log during recovery. During the first we build a table of
2305 * those buffers which have been cancelled, and during the second we
2306 * only replay those buffers which do not have corresponding cancel
2307 * records in the table. See xlog_recover_buffer_pass[1,2] above
2308 * for more details on the implementation of the table of cancel records.
2311 xlog_recover_buffer_pass2(
2313 struct list_head *buffer_list,
2314 struct xlog_recover_item *item,
2315 xfs_lsn_t current_lsn)
2317 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
2318 xfs_mount_t *mp = log->l_mp;
2325 * In this pass we only want to recover all the buffers which have
2326 * not been cancelled and are not cancellation buffers themselves.
2328 if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno,
2329 buf_f->blf_len, buf_f->blf_flags)) {
2330 trace_xfs_log_recover_buf_cancel(log, buf_f);
2334 trace_xfs_log_recover_buf_recover(log, buf_f);
2337 if (buf_f->blf_flags & XFS_BLF_INODE_BUF)
2338 buf_flags |= XBF_UNMAPPED;
2340 bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len,
2344 error = bp->b_error;
2346 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)");
2351 * Recover the buffer only if we get an LSN from it and it's less than
2352 * the lsn of the transaction we are replaying.
2354 * Note that we have to be extremely careful of readahead here.
2355 * Readahead does not attach verfiers to the buffers so if we don't
2356 * actually do any replay after readahead because of the LSN we found
2357 * in the buffer if more recent than that current transaction then we
2358 * need to attach the verifier directly. Failure to do so can lead to
2359 * future recovery actions (e.g. EFI and unlinked list recovery) can
2360 * operate on the buffers and they won't get the verifier attached. This
2361 * can lead to blocks on disk having the correct content but a stale
2364 * It is safe to assume these clean buffers are currently up to date.
2365 * If the buffer is dirtied by a later transaction being replayed, then
2366 * the verifier will be reset to match whatever recover turns that
2369 lsn = xlog_recover_get_buf_lsn(mp, bp);
2370 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2371 xlog_recover_validate_buf_type(mp, bp, buf_f);
2375 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
2376 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2379 } else if (buf_f->blf_flags &
2380 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2383 dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2387 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2391 * Perform delayed write on the buffer. Asynchronous writes will be
2392 * slower when taking into account all the buffers to be flushed.
2394 * Also make sure that only inode buffers with good sizes stay in
2395 * the buffer cache. The kernel moves inodes in buffers of 1 block
2396 * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode
2397 * buffers in the log can be a different size if the log was generated
2398 * by an older kernel using unclustered inode buffers or a newer kernel
2399 * running with a different inode cluster size. Regardless, if the
2400 * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size)
2401 * for *our* value of mp->m_inode_cluster_size, then we need to keep
2402 * the buffer out of the buffer cache so that the buffer won't
2403 * overlap with future reads of those inodes.
2405 if (XFS_DINODE_MAGIC ==
2406 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2407 (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize,
2408 (__uint32_t)log->l_mp->m_inode_cluster_size))) {
2410 error = xfs_bwrite(bp);
2412 ASSERT(bp->b_target->bt_mount == mp);
2413 bp->b_iodone = xlog_recover_iodone;
2414 xfs_buf_delwri_queue(bp, buffer_list);
2423 * Inode fork owner changes
2425 * If we have been told that we have to reparent the inode fork, it's because an
2426 * extent swap operation on a CRC enabled filesystem has been done and we are
2427 * replaying it. We need to walk the BMBT of the appropriate fork and change the
2430 * The complexity here is that we don't have an inode context to work with, so
2431 * after we've replayed the inode we need to instantiate one. This is where the
2434 * We are in the middle of log recovery, so we can't run transactions. That
2435 * means we cannot use cache coherent inode instantiation via xfs_iget(), as
2436 * that will result in the corresponding iput() running the inode through
2437 * xfs_inactive(). If we've just replayed an inode core that changes the link
2438 * count to zero (i.e. it's been unlinked), then xfs_inactive() will run
2439 * transactions (bad!).
2441 * So, to avoid this, we instantiate an inode directly from the inode core we've
2442 * just recovered. We have the buffer still locked, and all we really need to
2443 * instantiate is the inode core and the forks being modified. We can do this
2444 * manually, then run the inode btree owner change, and then tear down the
2445 * xfs_inode without having to run any transactions at all.
2447 * Also, because we don't have a transaction context available here but need to
2448 * gather all the buffers we modify for writeback so we pass the buffer_list
2449 * instead for the operation to use.
2453 xfs_recover_inode_owner_change(
2454 struct xfs_mount *mp,
2455 struct xfs_dinode *dip,
2456 struct xfs_inode_log_format *in_f,
2457 struct list_head *buffer_list)
2459 struct xfs_inode *ip;
2462 ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER));
2464 ip = xfs_inode_alloc(mp, in_f->ilf_ino);
2468 /* instantiate the inode */
2469 xfs_dinode_from_disk(&ip->i_d, dip);
2470 ASSERT(ip->i_d.di_version >= 3);
2472 error = xfs_iformat_fork(ip, dip);
2477 if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
2478 ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
2479 error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK,
2480 ip->i_ino, buffer_list);
2485 if (in_f->ilf_fields & XFS_ILOG_AOWNER) {
2486 ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT);
2487 error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK,
2488 ip->i_ino, buffer_list);
2499 xlog_recover_inode_pass2(
2501 struct list_head *buffer_list,
2502 struct xlog_recover_item *item,
2503 xfs_lsn_t current_lsn)
2505 xfs_inode_log_format_t *in_f;
2506 xfs_mount_t *mp = log->l_mp;
2515 xfs_icdinode_t *dicp;
2519 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2520 in_f = item->ri_buf[0].i_addr;
2522 in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP);
2524 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2530 * Inode buffers can be freed, look out for it,
2531 * and do not replay the inode.
2533 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2534 in_f->ilf_len, 0)) {
2536 trace_xfs_log_recover_inode_cancel(log, in_f);
2539 trace_xfs_log_recover_inode_recover(log, in_f);
2541 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0,
2542 &xfs_inode_buf_ops);
2547 error = bp->b_error;
2549 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)");
2552 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2553 dip = (xfs_dinode_t *)xfs_buf_offset(bp, in_f->ilf_boffset);
2556 * Make sure the place we're flushing out to really looks
2559 if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) {
2561 "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld",
2562 __func__, dip, bp, in_f->ilf_ino);
2563 XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)",
2564 XFS_ERRLEVEL_LOW, mp);
2565 error = -EFSCORRUPTED;
2568 dicp = item->ri_buf[1].i_addr;
2569 if (unlikely(dicp->di_magic != XFS_DINODE_MAGIC)) {
2571 "%s: Bad inode log record, rec ptr 0x%p, ino %Ld",
2572 __func__, item, in_f->ilf_ino);
2573 XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)",
2574 XFS_ERRLEVEL_LOW, mp);
2575 error = -EFSCORRUPTED;
2580 * If the inode has an LSN in it, recover the inode only if it's less
2581 * than the lsn of the transaction we are replaying. Note: we still
2582 * need to replay an owner change even though the inode is more recent
2583 * than the transaction as there is no guarantee that all the btree
2584 * blocks are more recent than this transaction, too.
2586 if (dip->di_version >= 3) {
2587 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
2589 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2590 trace_xfs_log_recover_inode_skip(log, in_f);
2592 goto out_owner_change;
2597 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
2598 * are transactional and if ordering is necessary we can determine that
2599 * more accurately by the LSN field in the V3 inode core. Don't trust
2600 * the inode versions we might be changing them here - use the
2601 * superblock flag to determine whether we need to look at di_flushiter
2602 * to skip replay when the on disk inode is newer than the log one
2604 if (!xfs_sb_version_hascrc(&mp->m_sb) &&
2605 dicp->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
2607 * Deal with the wrap case, DI_MAX_FLUSH is less
2608 * than smaller numbers
2610 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
2611 dicp->di_flushiter < (DI_MAX_FLUSH >> 1)) {
2614 trace_xfs_log_recover_inode_skip(log, in_f);
2620 /* Take the opportunity to reset the flush iteration count */
2621 dicp->di_flushiter = 0;
2623 if (unlikely(S_ISREG(dicp->di_mode))) {
2624 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2625 (dicp->di_format != XFS_DINODE_FMT_BTREE)) {
2626 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
2627 XFS_ERRLEVEL_LOW, mp, dicp);
2629 "%s: Bad regular inode log record, rec ptr 0x%p, "
2630 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2631 __func__, item, dip, bp, in_f->ilf_ino);
2632 error = -EFSCORRUPTED;
2635 } else if (unlikely(S_ISDIR(dicp->di_mode))) {
2636 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2637 (dicp->di_format != XFS_DINODE_FMT_BTREE) &&
2638 (dicp->di_format != XFS_DINODE_FMT_LOCAL)) {
2639 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
2640 XFS_ERRLEVEL_LOW, mp, dicp);
2642 "%s: Bad dir inode log record, rec ptr 0x%p, "
2643 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2644 __func__, item, dip, bp, in_f->ilf_ino);
2645 error = -EFSCORRUPTED;
2649 if (unlikely(dicp->di_nextents + dicp->di_anextents > dicp->di_nblocks)){
2650 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
2651 XFS_ERRLEVEL_LOW, mp, dicp);
2653 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2654 "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
2655 __func__, item, dip, bp, in_f->ilf_ino,
2656 dicp->di_nextents + dicp->di_anextents,
2658 error = -EFSCORRUPTED;
2661 if (unlikely(dicp->di_forkoff > mp->m_sb.sb_inodesize)) {
2662 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
2663 XFS_ERRLEVEL_LOW, mp, dicp);
2665 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2666 "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__,
2667 item, dip, bp, in_f->ilf_ino, dicp->di_forkoff);
2668 error = -EFSCORRUPTED;
2671 isize = xfs_icdinode_size(dicp->di_version);
2672 if (unlikely(item->ri_buf[1].i_len > isize)) {
2673 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
2674 XFS_ERRLEVEL_LOW, mp, dicp);
2676 "%s: Bad inode log record length %d, rec ptr 0x%p",
2677 __func__, item->ri_buf[1].i_len, item);
2678 error = -EFSCORRUPTED;
2682 /* The core is in in-core format */
2683 xfs_dinode_to_disk(dip, dicp);
2685 /* the rest is in on-disk format */
2686 if (item->ri_buf[1].i_len > isize) {
2687 memcpy((char *)dip + isize,
2688 item->ri_buf[1].i_addr + isize,
2689 item->ri_buf[1].i_len - isize);
2692 fields = in_f->ilf_fields;
2693 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
2695 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
2698 memcpy(XFS_DFORK_DPTR(dip),
2699 &in_f->ilf_u.ilfu_uuid,
2704 if (in_f->ilf_size == 2)
2705 goto out_owner_change;
2706 len = item->ri_buf[2].i_len;
2707 src = item->ri_buf[2].i_addr;
2708 ASSERT(in_f->ilf_size <= 4);
2709 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
2710 ASSERT(!(fields & XFS_ILOG_DFORK) ||
2711 (len == in_f->ilf_dsize));
2713 switch (fields & XFS_ILOG_DFORK) {
2714 case XFS_ILOG_DDATA:
2716 memcpy(XFS_DFORK_DPTR(dip), src, len);
2719 case XFS_ILOG_DBROOT:
2720 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
2721 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
2722 XFS_DFORK_DSIZE(dip, mp));
2727 * There are no data fork flags set.
2729 ASSERT((fields & XFS_ILOG_DFORK) == 0);
2734 * If we logged any attribute data, recover it. There may or
2735 * may not have been any other non-core data logged in this
2738 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
2739 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
2744 len = item->ri_buf[attr_index].i_len;
2745 src = item->ri_buf[attr_index].i_addr;
2746 ASSERT(len == in_f->ilf_asize);
2748 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
2749 case XFS_ILOG_ADATA:
2751 dest = XFS_DFORK_APTR(dip);
2752 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
2753 memcpy(dest, src, len);
2756 case XFS_ILOG_ABROOT:
2757 dest = XFS_DFORK_APTR(dip);
2758 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
2759 len, (xfs_bmdr_block_t*)dest,
2760 XFS_DFORK_ASIZE(dip, mp));
2764 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
2772 if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER))
2773 error = xfs_recover_inode_owner_change(mp, dip, in_f,
2775 /* re-generate the checksum. */
2776 xfs_dinode_calc_crc(log->l_mp, dip);
2778 ASSERT(bp->b_target->bt_mount == mp);
2779 bp->b_iodone = xlog_recover_iodone;
2780 xfs_buf_delwri_queue(bp, buffer_list);
2791 * Recover QUOTAOFF records. We simply make a note of it in the xlog
2792 * structure, so that we know not to do any dquot item or dquot buffer recovery,
2796 xlog_recover_quotaoff_pass1(
2798 struct xlog_recover_item *item)
2800 xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr;
2804 * The logitem format's flag tells us if this was user quotaoff,
2805 * group/project quotaoff or both.
2807 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
2808 log->l_quotaoffs_flag |= XFS_DQ_USER;
2809 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
2810 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
2811 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
2812 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
2818 * Recover a dquot record
2821 xlog_recover_dquot_pass2(
2823 struct list_head *buffer_list,
2824 struct xlog_recover_item *item,
2825 xfs_lsn_t current_lsn)
2827 xfs_mount_t *mp = log->l_mp;
2829 struct xfs_disk_dquot *ddq, *recddq;
2831 xfs_dq_logformat_t *dq_f;
2836 * Filesystems are required to send in quota flags at mount time.
2838 if (mp->m_qflags == 0)
2841 recddq = item->ri_buf[1].i_addr;
2842 if (recddq == NULL) {
2843 xfs_alert(log->l_mp, "NULL dquot in %s.", __func__);
2846 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
2847 xfs_alert(log->l_mp, "dquot too small (%d) in %s.",
2848 item->ri_buf[1].i_len, __func__);
2853 * This type of quotas was turned off, so ignore this record.
2855 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
2857 if (log->l_quotaoffs_flag & type)
2861 * At this point we know that quota was _not_ turned off.
2862 * Since the mount flags are not indicating to us otherwise, this
2863 * must mean that quota is on, and the dquot needs to be replayed.
2864 * Remember that we may not have fully recovered the superblock yet,
2865 * so we can't do the usual trick of looking at the SB quota bits.
2867 * The other possibility, of course, is that the quota subsystem was
2868 * removed since the last mount - ENOSYS.
2870 dq_f = item->ri_buf[0].i_addr;
2872 error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
2873 "xlog_recover_dquot_pass2 (log copy)");
2876 ASSERT(dq_f->qlf_len == 1);
2879 * At this point we are assuming that the dquots have been allocated
2880 * and hence the buffer has valid dquots stamped in it. It should,
2881 * therefore, pass verifier validation. If the dquot is bad, then the
2882 * we'll return an error here, so we don't need to specifically check
2883 * the dquot in the buffer after the verifier has run.
2885 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno,
2886 XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp,
2887 &xfs_dquot_buf_ops);
2892 ddq = (xfs_disk_dquot_t *)xfs_buf_offset(bp, dq_f->qlf_boffset);
2895 * If the dquot has an LSN in it, recover the dquot only if it's less
2896 * than the lsn of the transaction we are replaying.
2898 if (xfs_sb_version_hascrc(&mp->m_sb)) {
2899 struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
2900 xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
2902 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2907 memcpy(ddq, recddq, item->ri_buf[1].i_len);
2908 if (xfs_sb_version_hascrc(&mp->m_sb)) {
2909 xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
2913 ASSERT(dq_f->qlf_size == 2);
2914 ASSERT(bp->b_target->bt_mount == mp);
2915 bp->b_iodone = xlog_recover_iodone;
2916 xfs_buf_delwri_queue(bp, buffer_list);
2924 * This routine is called to create an in-core extent free intent
2925 * item from the efi format structure which was logged on disk.
2926 * It allocates an in-core efi, copies the extents from the format
2927 * structure into it, and adds the efi to the AIL with the given
2931 xlog_recover_efi_pass2(
2933 struct xlog_recover_item *item,
2937 xfs_mount_t *mp = log->l_mp;
2938 xfs_efi_log_item_t *efip;
2939 xfs_efi_log_format_t *efi_formatp;
2941 efi_formatp = item->ri_buf[0].i_addr;
2943 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
2944 if ((error = xfs_efi_copy_format(&(item->ri_buf[0]),
2945 &(efip->efi_format)))) {
2946 xfs_efi_item_free(efip);
2949 atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
2951 spin_lock(&log->l_ailp->xa_lock);
2953 * xfs_trans_ail_update() drops the AIL lock.
2955 xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn);
2961 * This routine is called when an efd format structure is found in
2962 * a committed transaction in the log. It's purpose is to cancel
2963 * the corresponding efi if it was still in the log. To do this
2964 * it searches the AIL for the efi with an id equal to that in the
2965 * efd format structure. If we find it, we remove the efi from the
2969 xlog_recover_efd_pass2(
2971 struct xlog_recover_item *item)
2973 xfs_efd_log_format_t *efd_formatp;
2974 xfs_efi_log_item_t *efip = NULL;
2975 xfs_log_item_t *lip;
2977 struct xfs_ail_cursor cur;
2978 struct xfs_ail *ailp = log->l_ailp;
2980 efd_formatp = item->ri_buf[0].i_addr;
2981 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
2982 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
2983 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
2984 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
2985 efi_id = efd_formatp->efd_efi_id;
2988 * Search for the efi with the id in the efd format structure
2991 spin_lock(&ailp->xa_lock);
2992 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
2993 while (lip != NULL) {
2994 if (lip->li_type == XFS_LI_EFI) {
2995 efip = (xfs_efi_log_item_t *)lip;
2996 if (efip->efi_format.efi_id == efi_id) {
2998 * xfs_trans_ail_delete() drops the
3001 xfs_trans_ail_delete(ailp, lip,
3002 SHUTDOWN_CORRUPT_INCORE);
3003 xfs_efi_item_free(efip);
3004 spin_lock(&ailp->xa_lock);
3008 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3010 xfs_trans_ail_cursor_done(&cur);
3011 spin_unlock(&ailp->xa_lock);
3017 * This routine is called when an inode create format structure is found in a
3018 * committed transaction in the log. It's purpose is to initialise the inodes
3019 * being allocated on disk. This requires us to get inode cluster buffers that
3020 * match the range to be intialised, stamped with inode templates and written
3021 * by delayed write so that subsequent modifications will hit the cached buffer
3022 * and only need writing out at the end of recovery.
3025 xlog_recover_do_icreate_pass2(
3027 struct list_head *buffer_list,
3028 xlog_recover_item_t *item)
3030 struct xfs_mount *mp = log->l_mp;
3031 struct xfs_icreate_log *icl;
3032 xfs_agnumber_t agno;
3033 xfs_agblock_t agbno;
3036 xfs_agblock_t length;
3038 icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr;
3039 if (icl->icl_type != XFS_LI_ICREATE) {
3040 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type");
3044 if (icl->icl_size != 1) {
3045 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size");
3049 agno = be32_to_cpu(icl->icl_ag);
3050 if (agno >= mp->m_sb.sb_agcount) {
3051 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno");
3054 agbno = be32_to_cpu(icl->icl_agbno);
3055 if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) {
3056 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno");
3059 isize = be32_to_cpu(icl->icl_isize);
3060 if (isize != mp->m_sb.sb_inodesize) {
3061 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize");
3064 count = be32_to_cpu(icl->icl_count);
3066 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count");
3069 length = be32_to_cpu(icl->icl_length);
3070 if (!length || length >= mp->m_sb.sb_agblocks) {
3071 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length");
3075 /* existing allocation is fixed value */
3076 ASSERT(count == mp->m_ialloc_inos);
3077 ASSERT(length == mp->m_ialloc_blks);
3078 if (count != mp->m_ialloc_inos ||
3079 length != mp->m_ialloc_blks) {
3080 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count 2");
3085 * Inode buffers can be freed. Do not replay the inode initialisation as
3086 * we could be overwriting something written after this inode buffer was
3089 * XXX: we need to iterate all buffers and only init those that are not
3090 * cancelled. I think that a more fine grained factoring of
3091 * xfs_ialloc_inode_init may be appropriate here to enable this to be
3094 if (xlog_check_buffer_cancelled(log,
3095 XFS_AGB_TO_DADDR(mp, agno, agbno), length, 0))
3098 xfs_ialloc_inode_init(mp, NULL, buffer_list, agno, agbno, length,
3099 be32_to_cpu(icl->icl_gen));
3104 xlog_recover_buffer_ra_pass2(
3106 struct xlog_recover_item *item)
3108 struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr;
3109 struct xfs_mount *mp = log->l_mp;
3111 if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno,
3112 buf_f->blf_len, buf_f->blf_flags)) {
3116 xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno,
3117 buf_f->blf_len, NULL);
3121 xlog_recover_inode_ra_pass2(
3123 struct xlog_recover_item *item)
3125 struct xfs_inode_log_format ilf_buf;
3126 struct xfs_inode_log_format *ilfp;
3127 struct xfs_mount *mp = log->l_mp;
3130 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
3131 ilfp = item->ri_buf[0].i_addr;
3134 memset(ilfp, 0, sizeof(*ilfp));
3135 error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp);
3140 if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0))
3143 xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno,
3144 ilfp->ilf_len, &xfs_inode_buf_ra_ops);
3148 xlog_recover_dquot_ra_pass2(
3150 struct xlog_recover_item *item)
3152 struct xfs_mount *mp = log->l_mp;
3153 struct xfs_disk_dquot *recddq;
3154 struct xfs_dq_logformat *dq_f;
3158 if (mp->m_qflags == 0)
3161 recddq = item->ri_buf[1].i_addr;
3164 if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot))
3167 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3169 if (log->l_quotaoffs_flag & type)
3172 dq_f = item->ri_buf[0].i_addr;
3174 ASSERT(dq_f->qlf_len == 1);
3176 xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno,
3177 XFS_FSB_TO_BB(mp, dq_f->qlf_len), NULL);
3181 xlog_recover_ra_pass2(
3183 struct xlog_recover_item *item)
3185 switch (ITEM_TYPE(item)) {
3187 xlog_recover_buffer_ra_pass2(log, item);
3190 xlog_recover_inode_ra_pass2(log, item);
3193 xlog_recover_dquot_ra_pass2(log, item);
3197 case XFS_LI_QUOTAOFF:
3204 xlog_recover_commit_pass1(
3206 struct xlog_recover *trans,
3207 struct xlog_recover_item *item)
3209 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1);
3211 switch (ITEM_TYPE(item)) {
3213 return xlog_recover_buffer_pass1(log, item);
3214 case XFS_LI_QUOTAOFF:
3215 return xlog_recover_quotaoff_pass1(log, item);
3220 case XFS_LI_ICREATE:
3221 /* nothing to do in pass 1 */
3224 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3225 __func__, ITEM_TYPE(item));
3232 xlog_recover_commit_pass2(
3234 struct xlog_recover *trans,
3235 struct list_head *buffer_list,
3236 struct xlog_recover_item *item)
3238 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2);
3240 switch (ITEM_TYPE(item)) {
3242 return xlog_recover_buffer_pass2(log, buffer_list, item,
3245 return xlog_recover_inode_pass2(log, buffer_list, item,
3248 return xlog_recover_efi_pass2(log, item, trans->r_lsn);
3250 return xlog_recover_efd_pass2(log, item);
3252 return xlog_recover_dquot_pass2(log, buffer_list, item,
3254 case XFS_LI_ICREATE:
3255 return xlog_recover_do_icreate_pass2(log, buffer_list, item);
3256 case XFS_LI_QUOTAOFF:
3257 /* nothing to do in pass2 */
3260 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3261 __func__, ITEM_TYPE(item));
3268 xlog_recover_items_pass2(
3270 struct xlog_recover *trans,
3271 struct list_head *buffer_list,
3272 struct list_head *item_list)
3274 struct xlog_recover_item *item;
3277 list_for_each_entry(item, item_list, ri_list) {
3278 error = xlog_recover_commit_pass2(log, trans,
3288 * Perform the transaction.
3290 * If the transaction modifies a buffer or inode, do it now. Otherwise,
3291 * EFIs and EFDs get queued up by adding entries into the AIL for them.
3294 xlog_recover_commit_trans(
3296 struct xlog_recover *trans,
3301 int items_queued = 0;
3302 struct xlog_recover_item *item;
3303 struct xlog_recover_item *next;
3304 LIST_HEAD (buffer_list);
3305 LIST_HEAD (ra_list);
3306 LIST_HEAD (done_list);
3308 #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100
3310 hlist_del(&trans->r_list);
3312 error = xlog_recover_reorder_trans(log, trans, pass);
3316 list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) {
3318 case XLOG_RECOVER_PASS1:
3319 error = xlog_recover_commit_pass1(log, trans, item);
3321 case XLOG_RECOVER_PASS2:
3322 xlog_recover_ra_pass2(log, item);
3323 list_move_tail(&item->ri_list, &ra_list);
3325 if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) {
3326 error = xlog_recover_items_pass2(log, trans,
3327 &buffer_list, &ra_list);
3328 list_splice_tail_init(&ra_list, &done_list);
3342 if (!list_empty(&ra_list)) {
3344 error = xlog_recover_items_pass2(log, trans,
3345 &buffer_list, &ra_list);
3346 list_splice_tail_init(&ra_list, &done_list);
3349 if (!list_empty(&done_list))
3350 list_splice_init(&done_list, &trans->r_itemq);
3352 error2 = xfs_buf_delwri_submit(&buffer_list);
3353 return error ? error : error2;
3357 xlog_recover_add_item(
3358 struct list_head *head)
3360 xlog_recover_item_t *item;
3362 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
3363 INIT_LIST_HEAD(&item->ri_list);
3364 list_add_tail(&item->ri_list, head);
3368 xlog_recover_add_to_cont_trans(
3370 struct xlog_recover *trans,
3374 xlog_recover_item_t *item;
3375 xfs_caddr_t ptr, old_ptr;
3378 if (list_empty(&trans->r_itemq)) {
3379 /* finish copying rest of trans header */
3380 xlog_recover_add_item(&trans->r_itemq);
3381 ptr = (xfs_caddr_t) &trans->r_theader +
3382 sizeof(xfs_trans_header_t) - len;
3383 memcpy(ptr, dp, len);
3386 /* take the tail entry */
3387 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3389 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
3390 old_len = item->ri_buf[item->ri_cnt-1].i_len;
3392 ptr = kmem_realloc(old_ptr, len+old_len, old_len, KM_SLEEP);
3393 memcpy(&ptr[old_len], dp, len);
3394 item->ri_buf[item->ri_cnt-1].i_len += len;
3395 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
3396 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
3401 * The next region to add is the start of a new region. It could be
3402 * a whole region or it could be the first part of a new region. Because
3403 * of this, the assumption here is that the type and size fields of all
3404 * format structures fit into the first 32 bits of the structure.
3406 * This works because all regions must be 32 bit aligned. Therefore, we
3407 * either have both fields or we have neither field. In the case we have
3408 * neither field, the data part of the region is zero length. We only have
3409 * a log_op_header and can throw away the header since a new one will appear
3410 * later. If we have at least 4 bytes, then we can determine how many regions
3411 * will appear in the current log item.
3414 xlog_recover_add_to_trans(
3416 struct xlog_recover *trans,
3420 xfs_inode_log_format_t *in_f; /* any will do */
3421 xlog_recover_item_t *item;
3426 if (list_empty(&trans->r_itemq)) {
3427 /* we need to catch log corruptions here */
3428 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
3429 xfs_warn(log->l_mp, "%s: bad header magic number",
3434 if (len == sizeof(xfs_trans_header_t))
3435 xlog_recover_add_item(&trans->r_itemq);
3436 memcpy(&trans->r_theader, dp, len);
3440 ptr = kmem_alloc(len, KM_SLEEP);
3441 memcpy(ptr, dp, len);
3442 in_f = (xfs_inode_log_format_t *)ptr;
3444 /* take the tail entry */
3445 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3446 if (item->ri_total != 0 &&
3447 item->ri_total == item->ri_cnt) {
3448 /* tail item is in use, get a new one */
3449 xlog_recover_add_item(&trans->r_itemq);
3450 item = list_entry(trans->r_itemq.prev,
3451 xlog_recover_item_t, ri_list);
3454 if (item->ri_total == 0) { /* first region to be added */
3455 if (in_f->ilf_size == 0 ||
3456 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
3458 "bad number of regions (%d) in inode log format",
3465 item->ri_total = in_f->ilf_size;
3467 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
3470 ASSERT(item->ri_total > item->ri_cnt);
3471 /* Description region is ri_buf[0] */
3472 item->ri_buf[item->ri_cnt].i_addr = ptr;
3473 item->ri_buf[item->ri_cnt].i_len = len;
3475 trace_xfs_log_recover_item_add(log, trans, item, 0);
3480 * Free up any resources allocated by the transaction
3482 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
3485 xlog_recover_free_trans(
3486 struct xlog_recover *trans)
3488 xlog_recover_item_t *item, *n;
3491 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
3492 /* Free the regions in the item. */
3493 list_del(&item->ri_list);
3494 for (i = 0; i < item->ri_cnt; i++)
3495 kmem_free(item->ri_buf[i].i_addr);
3496 /* Free the item itself */
3497 kmem_free(item->ri_buf);
3500 /* Free the transaction recover structure */
3505 * On error or completion, trans is freed.
3508 xlog_recovery_process_trans(
3510 struct xlog_recover *trans,
3517 bool freeit = false;
3519 /* mask off ophdr transaction container flags */
3520 flags &= ~XLOG_END_TRANS;
3521 if (flags & XLOG_WAS_CONT_TRANS)
3522 flags &= ~XLOG_CONTINUE_TRANS;
3525 * Callees must not free the trans structure. We'll decide if we need to
3526 * free it or not based on the operation being done and it's result.
3529 /* expected flag values */
3531 case XLOG_CONTINUE_TRANS:
3532 error = xlog_recover_add_to_trans(log, trans, dp, len);
3534 case XLOG_WAS_CONT_TRANS:
3535 error = xlog_recover_add_to_cont_trans(log, trans, dp, len);
3537 case XLOG_COMMIT_TRANS:
3538 error = xlog_recover_commit_trans(log, trans, pass);
3539 /* success or fail, we are now done with this transaction. */
3543 /* unexpected flag values */
3544 case XLOG_UNMOUNT_TRANS:
3545 /* just skip trans */
3546 xfs_warn(log->l_mp, "%s: Unmount LR", __func__);
3549 case XLOG_START_TRANS:
3551 xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags);
3556 if (error || freeit)
3557 xlog_recover_free_trans(trans);
3562 * Lookup the transaction recovery structure associated with the ID in the
3563 * current ophdr. If the transaction doesn't exist and the start flag is set in
3564 * the ophdr, then allocate a new transaction for future ID matches to find.
3565 * Either way, return what we found during the lookup - an existing transaction
3568 STATIC struct xlog_recover *
3569 xlog_recover_ophdr_to_trans(
3570 struct hlist_head rhash[],
3571 struct xlog_rec_header *rhead,
3572 struct xlog_op_header *ohead)
3574 struct xlog_recover *trans;
3576 struct hlist_head *rhp;
3578 tid = be32_to_cpu(ohead->oh_tid);
3579 rhp = &rhash[XLOG_RHASH(tid)];
3580 hlist_for_each_entry(trans, rhp, r_list) {
3581 if (trans->r_log_tid == tid)
3586 * skip over non-start transaction headers - we could be
3587 * processing slack space before the next transaction starts
3589 if (!(ohead->oh_flags & XLOG_START_TRANS))
3592 ASSERT(be32_to_cpu(ohead->oh_len) == 0);
3595 * This is a new transaction so allocate a new recovery container to
3596 * hold the recovery ops that will follow.
3598 trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP);
3599 trans->r_log_tid = tid;
3600 trans->r_lsn = be64_to_cpu(rhead->h_lsn);
3601 INIT_LIST_HEAD(&trans->r_itemq);
3602 INIT_HLIST_NODE(&trans->r_list);
3603 hlist_add_head(&trans->r_list, rhp);
3606 * Nothing more to do for this ophdr. Items to be added to this new
3607 * transaction will be in subsequent ophdr containers.
3613 xlog_recover_process_ophdr(
3615 struct hlist_head rhash[],
3616 struct xlog_rec_header *rhead,
3617 struct xlog_op_header *ohead,
3622 struct xlog_recover *trans;
3625 /* Do we understand who wrote this op? */
3626 if (ohead->oh_clientid != XFS_TRANSACTION &&
3627 ohead->oh_clientid != XFS_LOG) {
3628 xfs_warn(log->l_mp, "%s: bad clientid 0x%x",
3629 __func__, ohead->oh_clientid);
3635 * Check the ophdr contains all the data it is supposed to contain.
3637 len = be32_to_cpu(ohead->oh_len);
3638 if (dp + len > end) {
3639 xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len);
3644 trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead);
3646 /* nothing to do, so skip over this ophdr */
3650 return xlog_recovery_process_trans(log, trans, dp, len,
3651 ohead->oh_flags, pass);
3655 * There are two valid states of the r_state field. 0 indicates that the
3656 * transaction structure is in a normal state. We have either seen the
3657 * start of the transaction or the last operation we added was not a partial
3658 * operation. If the last operation we added to the transaction was a
3659 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
3661 * NOTE: skip LRs with 0 data length.
3664 xlog_recover_process_data(
3666 struct hlist_head rhash[],
3667 struct xlog_rec_header *rhead,
3671 struct xlog_op_header *ohead;
3676 end = dp + be32_to_cpu(rhead->h_len);
3677 num_logops = be32_to_cpu(rhead->h_num_logops);
3679 /* check the log format matches our own - else we can't recover */
3680 if (xlog_header_check_recover(log->l_mp, rhead))
3683 while ((dp < end) && num_logops) {
3685 ohead = (struct xlog_op_header *)dp;
3686 dp += sizeof(*ohead);
3689 /* errors will abort recovery */
3690 error = xlog_recover_process_ophdr(log, rhash, rhead, ohead,
3695 dp += be32_to_cpu(ohead->oh_len);
3702 * Process an extent free intent item that was recovered from
3703 * the log. We need to free the extents that it describes.
3706 xlog_recover_process_efi(
3708 xfs_efi_log_item_t *efip)
3710 xfs_efd_log_item_t *efdp;
3715 xfs_fsblock_t startblock_fsb;
3717 ASSERT(!test_bit(XFS_EFI_RECOVERED, &efip->efi_flags));
3720 * First check the validity of the extents described by the
3721 * EFI. If any are bad, then assume that all are bad and
3722 * just toss the EFI.
3724 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3725 extp = &(efip->efi_format.efi_extents[i]);
3726 startblock_fsb = XFS_BB_TO_FSB(mp,
3727 XFS_FSB_TO_DADDR(mp, extp->ext_start));
3728 if ((startblock_fsb == 0) ||
3729 (extp->ext_len == 0) ||
3730 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
3731 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
3733 * This will pull the EFI from the AIL and
3734 * free the memory associated with it.
3736 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
3737 xfs_efi_release(efip, efip->efi_format.efi_nextents);
3742 tp = xfs_trans_alloc(mp, 0);
3743 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0);
3746 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
3748 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3749 extp = &(efip->efi_format.efi_extents[i]);
3750 error = xfs_free_extent(tp, extp->ext_start, extp->ext_len);
3753 xfs_trans_log_efd_extent(tp, efdp, extp->ext_start,
3757 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
3758 error = xfs_trans_commit(tp, 0);
3762 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3767 * When this is called, all of the EFIs which did not have
3768 * corresponding EFDs should be in the AIL. What we do now
3769 * is free the extents associated with each one.
3771 * Since we process the EFIs in normal transactions, they
3772 * will be removed at some point after the commit. This prevents
3773 * us from just walking down the list processing each one.
3774 * We'll use a flag in the EFI to skip those that we've already
3775 * processed and use the AIL iteration mechanism's generation
3776 * count to try to speed this up at least a bit.
3778 * When we start, we know that the EFIs are the only things in
3779 * the AIL. As we process them, however, other items are added
3780 * to the AIL. Since everything added to the AIL must come after
3781 * everything already in the AIL, we stop processing as soon as
3782 * we see something other than an EFI in the AIL.
3785 xlog_recover_process_efis(
3788 xfs_log_item_t *lip;
3789 xfs_efi_log_item_t *efip;
3791 struct xfs_ail_cursor cur;
3792 struct xfs_ail *ailp;
3795 spin_lock(&ailp->xa_lock);
3796 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3797 while (lip != NULL) {
3799 * We're done when we see something other than an EFI.
3800 * There should be no EFIs left in the AIL now.
3802 if (lip->li_type != XFS_LI_EFI) {
3804 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
3805 ASSERT(lip->li_type != XFS_LI_EFI);
3811 * Skip EFIs that we've already processed.
3813 efip = (xfs_efi_log_item_t *)lip;
3814 if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags)) {
3815 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3819 spin_unlock(&ailp->xa_lock);
3820 error = xlog_recover_process_efi(log->l_mp, efip);
3821 spin_lock(&ailp->xa_lock);
3824 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3827 xfs_trans_ail_cursor_done(&cur);
3828 spin_unlock(&ailp->xa_lock);
3833 * This routine performs a transaction to null out a bad inode pointer
3834 * in an agi unlinked inode hash bucket.
3837 xlog_recover_clear_agi_bucket(
3839 xfs_agnumber_t agno,
3848 tp = xfs_trans_alloc(mp, XFS_TRANS_CLEAR_AGI_BUCKET);
3849 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_clearagi, 0, 0);
3853 error = xfs_read_agi(mp, tp, agno, &agibp);
3857 agi = XFS_BUF_TO_AGI(agibp);
3858 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
3859 offset = offsetof(xfs_agi_t, agi_unlinked) +
3860 (sizeof(xfs_agino_t) * bucket);
3861 xfs_trans_log_buf(tp, agibp, offset,
3862 (offset + sizeof(xfs_agino_t) - 1));
3864 error = xfs_trans_commit(tp, 0);
3870 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3872 xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno);
3877 xlog_recover_process_one_iunlink(
3878 struct xfs_mount *mp,
3879 xfs_agnumber_t agno,
3883 struct xfs_buf *ibp;
3884 struct xfs_dinode *dip;
3885 struct xfs_inode *ip;
3889 ino = XFS_AGINO_TO_INO(mp, agno, agino);
3890 error = xfs_iget(mp, NULL, ino, 0, 0, &ip);
3895 * Get the on disk inode to find the next inode in the bucket.
3897 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0);
3901 ASSERT(ip->i_d.di_nlink == 0);
3902 ASSERT(ip->i_d.di_mode != 0);
3904 /* setup for the next pass */
3905 agino = be32_to_cpu(dip->di_next_unlinked);
3909 * Prevent any DMAPI event from being sent when the reference on
3910 * the inode is dropped.
3912 ip->i_d.di_dmevmask = 0;
3921 * We can't read in the inode this bucket points to, or this inode
3922 * is messed up. Just ditch this bucket of inodes. We will lose
3923 * some inodes and space, but at least we won't hang.
3925 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
3926 * clear the inode pointer in the bucket.
3928 xlog_recover_clear_agi_bucket(mp, agno, bucket);
3933 * xlog_iunlink_recover
3935 * This is called during recovery to process any inodes which
3936 * we unlinked but not freed when the system crashed. These
3937 * inodes will be on the lists in the AGI blocks. What we do
3938 * here is scan all the AGIs and fully truncate and free any
3939 * inodes found on the lists. Each inode is removed from the
3940 * lists when it has been fully truncated and is freed. The
3941 * freeing of the inode and its removal from the list must be
3945 xlog_recover_process_iunlinks(
3949 xfs_agnumber_t agno;
3960 * Prevent any DMAPI event from being sent while in this function.
3962 mp_dmevmask = mp->m_dmevmask;
3965 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3967 * Find the agi for this ag.
3969 error = xfs_read_agi(mp, NULL, agno, &agibp);
3972 * AGI is b0rked. Don't process it.
3974 * We should probably mark the filesystem as corrupt
3975 * after we've recovered all the ag's we can....
3980 * Unlock the buffer so that it can be acquired in the normal
3981 * course of the transaction to truncate and free each inode.
3982 * Because we are not racing with anyone else here for the AGI
3983 * buffer, we don't even need to hold it locked to read the
3984 * initial unlinked bucket entries out of the buffer. We keep
3985 * buffer reference though, so that it stays pinned in memory
3986 * while we need the buffer.
3988 agi = XFS_BUF_TO_AGI(agibp);
3989 xfs_buf_unlock(agibp);
3991 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
3992 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
3993 while (agino != NULLAGINO) {
3994 agino = xlog_recover_process_one_iunlink(mp,
3995 agno, agino, bucket);
3998 xfs_buf_rele(agibp);
4001 mp->m_dmevmask = mp_dmevmask;
4005 * Upack the log buffer data and crc check it. If the check fails, issue a
4006 * warning if and only if the CRC in the header is non-zero. This makes the
4007 * check an advisory warning, and the zero CRC check will prevent failure
4008 * warnings from being emitted when upgrading the kernel from one that does not
4009 * add CRCs by default.
4011 * When filesystems are CRC enabled, this CRC mismatch becomes a fatal log
4012 * corruption failure
4015 xlog_unpack_data_crc(
4016 struct xlog_rec_header *rhead,
4022 crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len));
4023 if (crc != rhead->h_crc) {
4024 if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) {
4025 xfs_alert(log->l_mp,
4026 "log record CRC mismatch: found 0x%x, expected 0x%x.",
4027 le32_to_cpu(rhead->h_crc),
4029 xfs_hex_dump(dp, 32);
4033 * If we've detected a log record corruption, then we can't
4034 * recover past this point. Abort recovery if we are enforcing
4035 * CRC protection by punting an error back up the stack.
4037 if (xfs_sb_version_hascrc(&log->l_mp->m_sb))
4038 return -EFSCORRUPTED;
4046 struct xlog_rec_header *rhead,
4053 error = xlog_unpack_data_crc(rhead, dp, log);
4057 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
4058 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
4059 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
4063 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4064 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
4065 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
4066 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4067 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4068 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
4077 xlog_valid_rec_header(
4079 struct xlog_rec_header *rhead,
4084 if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) {
4085 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
4086 XFS_ERRLEVEL_LOW, log->l_mp);
4087 return -EFSCORRUPTED;
4090 (!rhead->h_version ||
4091 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
4092 xfs_warn(log->l_mp, "%s: unrecognised log version (%d).",
4093 __func__, be32_to_cpu(rhead->h_version));
4097 /* LR body must have data or it wouldn't have been written */
4098 hlen = be32_to_cpu(rhead->h_len);
4099 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
4100 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
4101 XFS_ERRLEVEL_LOW, log->l_mp);
4102 return -EFSCORRUPTED;
4104 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
4105 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
4106 XFS_ERRLEVEL_LOW, log->l_mp);
4107 return -EFSCORRUPTED;
4113 * Read the log from tail to head and process the log records found.
4114 * Handle the two cases where the tail and head are in the same cycle
4115 * and where the active portion of the log wraps around the end of
4116 * the physical log separately. The pass parameter is passed through
4117 * to the routines called to process the data and is not looked at
4121 xlog_do_recovery_pass(
4123 xfs_daddr_t head_blk,
4124 xfs_daddr_t tail_blk,
4127 xlog_rec_header_t *rhead;
4130 xfs_buf_t *hbp, *dbp;
4131 int error = 0, h_size;
4132 int bblks, split_bblks;
4133 int hblks, split_hblks, wrapped_hblks;
4134 struct hlist_head rhash[XLOG_RHASH_SIZE];
4136 ASSERT(head_blk != tail_blk);
4139 * Read the header of the tail block and get the iclog buffer size from
4140 * h_size. Use this to tell how many sectors make up the log header.
4142 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4144 * When using variable length iclogs, read first sector of
4145 * iclog header and extract the header size from it. Get a
4146 * new hbp that is the correct size.
4148 hbp = xlog_get_bp(log, 1);
4152 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
4156 rhead = (xlog_rec_header_t *)offset;
4157 error = xlog_valid_rec_header(log, rhead, tail_blk);
4160 h_size = be32_to_cpu(rhead->h_size);
4161 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
4162 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
4163 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
4164 if (h_size % XLOG_HEADER_CYCLE_SIZE)
4167 hbp = xlog_get_bp(log, hblks);
4172 ASSERT(log->l_sectBBsize == 1);
4174 hbp = xlog_get_bp(log, 1);
4175 h_size = XLOG_BIG_RECORD_BSIZE;
4180 dbp = xlog_get_bp(log, BTOBB(h_size));
4186 memset(rhash, 0, sizeof(rhash));
4188 if (tail_blk > head_blk) {
4190 * Perform recovery around the end of the physical log.
4191 * When the head is not on the same cycle number as the tail,
4192 * we can't do a sequential recovery.
4194 while (blk_no < log->l_logBBsize) {
4196 * Check for header wrapping around physical end-of-log
4198 offset = hbp->b_addr;
4201 if (blk_no + hblks <= log->l_logBBsize) {
4202 /* Read header in one read */
4203 error = xlog_bread(log, blk_no, hblks, hbp,
4208 /* This LR is split across physical log end */
4209 if (blk_no != log->l_logBBsize) {
4210 /* some data before physical log end */
4211 ASSERT(blk_no <= INT_MAX);
4212 split_hblks = log->l_logBBsize - (int)blk_no;
4213 ASSERT(split_hblks > 0);
4214 error = xlog_bread(log, blk_no,
4222 * Note: this black magic still works with
4223 * large sector sizes (non-512) only because:
4224 * - we increased the buffer size originally
4225 * by 1 sector giving us enough extra space
4226 * for the second read;
4227 * - the log start is guaranteed to be sector
4229 * - we read the log end (LR header start)
4230 * _first_, then the log start (LR header end)
4231 * - order is important.
4233 wrapped_hblks = hblks - split_hblks;
4234 error = xlog_bread_offset(log, 0,
4236 offset + BBTOB(split_hblks));
4240 rhead = (xlog_rec_header_t *)offset;
4241 error = xlog_valid_rec_header(log, rhead,
4242 split_hblks ? blk_no : 0);
4246 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4249 /* Read in data for log record */
4250 if (blk_no + bblks <= log->l_logBBsize) {
4251 error = xlog_bread(log, blk_no, bblks, dbp,
4256 /* This log record is split across the
4257 * physical end of log */
4258 offset = dbp->b_addr;
4260 if (blk_no != log->l_logBBsize) {
4261 /* some data is before the physical
4263 ASSERT(!wrapped_hblks);
4264 ASSERT(blk_no <= INT_MAX);
4266 log->l_logBBsize - (int)blk_no;
4267 ASSERT(split_bblks > 0);
4268 error = xlog_bread(log, blk_no,
4276 * Note: this black magic still works with
4277 * large sector sizes (non-512) only because:
4278 * - we increased the buffer size originally
4279 * by 1 sector giving us enough extra space
4280 * for the second read;
4281 * - the log start is guaranteed to be sector
4283 * - we read the log end (LR header start)
4284 * _first_, then the log start (LR header end)
4285 * - order is important.
4287 error = xlog_bread_offset(log, 0,
4288 bblks - split_bblks, dbp,
4289 offset + BBTOB(split_bblks));
4294 error = xlog_unpack_data(rhead, offset, log);
4298 error = xlog_recover_process_data(log, rhash,
4299 rhead, offset, pass);
4305 ASSERT(blk_no >= log->l_logBBsize);
4306 blk_no -= log->l_logBBsize;
4309 /* read first part of physical log */
4310 while (blk_no < head_blk) {
4311 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
4315 rhead = (xlog_rec_header_t *)offset;
4316 error = xlog_valid_rec_header(log, rhead, blk_no);
4320 /* blocks in data section */
4321 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4322 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
4327 error = xlog_unpack_data(rhead, offset, log);
4331 error = xlog_recover_process_data(log, rhash,
4332 rhead, offset, pass);
4335 blk_no += bblks + hblks;
4346 * Do the recovery of the log. We actually do this in two phases.
4347 * The two passes are necessary in order to implement the function
4348 * of cancelling a record written into the log. The first pass
4349 * determines those things which have been cancelled, and the
4350 * second pass replays log items normally except for those which
4351 * have been cancelled. The handling of the replay and cancellations
4352 * takes place in the log item type specific routines.
4354 * The table of items which have cancel records in the log is allocated
4355 * and freed at this level, since only here do we know when all of
4356 * the log recovery has been completed.
4359 xlog_do_log_recovery(
4361 xfs_daddr_t head_blk,
4362 xfs_daddr_t tail_blk)
4366 ASSERT(head_blk != tail_blk);
4369 * First do a pass to find all of the cancelled buf log items.
4370 * Store them in the buf_cancel_table for use in the second pass.
4372 log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE *
4373 sizeof(struct list_head),
4375 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4376 INIT_LIST_HEAD(&log->l_buf_cancel_table[i]);
4378 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4379 XLOG_RECOVER_PASS1);
4381 kmem_free(log->l_buf_cancel_table);
4382 log->l_buf_cancel_table = NULL;
4386 * Then do a second pass to actually recover the items in the log.
4387 * When it is complete free the table of buf cancel items.
4389 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4390 XLOG_RECOVER_PASS2);
4395 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4396 ASSERT(list_empty(&log->l_buf_cancel_table[i]));
4400 kmem_free(log->l_buf_cancel_table);
4401 log->l_buf_cancel_table = NULL;
4407 * Do the actual recovery
4412 xfs_daddr_t head_blk,
4413 xfs_daddr_t tail_blk)
4420 * First replay the images in the log.
4422 error = xlog_do_log_recovery(log, head_blk, tail_blk);
4427 * If IO errors happened during recovery, bail out.
4429 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
4434 * We now update the tail_lsn since much of the recovery has completed
4435 * and there may be space available to use. If there were no extent
4436 * or iunlinks, we can free up the entire log and set the tail_lsn to
4437 * be the last_sync_lsn. This was set in xlog_find_tail to be the
4438 * lsn of the last known good LR on disk. If there are extent frees
4439 * or iunlinks they will have some entries in the AIL; so we look at
4440 * the AIL to determine how to set the tail_lsn.
4442 xlog_assign_tail_lsn(log->l_mp);
4445 * Now that we've finished replaying all buffer and inode
4446 * updates, re-read in the superblock and reverify it.
4448 bp = xfs_getsb(log->l_mp, 0);
4450 ASSERT(!(XFS_BUF_ISWRITE(bp)));
4452 XFS_BUF_UNASYNC(bp);
4453 bp->b_ops = &xfs_sb_buf_ops;
4455 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
4460 xfs_buf_iorequest(bp);
4461 error = xfs_buf_iowait(bp);
4463 xfs_buf_ioerror_alert(bp, __func__);
4469 /* Convert superblock from on-disk format */
4470 sbp = &log->l_mp->m_sb;
4471 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
4472 ASSERT(sbp->sb_magicnum == XFS_SB_MAGIC);
4473 ASSERT(xfs_sb_good_version(sbp));
4476 /* We've re-read the superblock so re-initialize per-cpu counters */
4477 xfs_icsb_reinit_counters(log->l_mp);
4479 xlog_recover_check_summary(log);
4481 /* Normal transactions can now occur */
4482 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
4487 * Perform recovery and re-initialize some log variables in xlog_find_tail.
4489 * Return error or zero.
4495 xfs_daddr_t head_blk, tail_blk;
4498 /* find the tail of the log */
4499 if ((error = xlog_find_tail(log, &head_blk, &tail_blk)))
4502 if (tail_blk != head_blk) {
4503 /* There used to be a comment here:
4505 * disallow recovery on read-only mounts. note -- mount
4506 * checks for ENOSPC and turns it into an intelligent
4508 * ...but this is no longer true. Now, unless you specify
4509 * NORECOVERY (in which case this function would never be
4510 * called), we just go ahead and recover. We do this all
4511 * under the vfs layer, so we can get away with it unless
4512 * the device itself is read-only, in which case we fail.
4514 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
4519 * Version 5 superblock log feature mask validation. We know the
4520 * log is dirty so check if there are any unknown log features
4521 * in what we need to recover. If there are unknown features
4522 * (e.g. unsupported transactions, then simply reject the
4523 * attempt at recovery before touching anything.
4525 if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 &&
4526 xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb,
4527 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
4529 "Superblock has unknown incompatible log features (0x%x) enabled.\n"
4530 "The log can not be fully and/or safely recovered by this kernel.\n"
4531 "Please recover the log on a kernel that supports the unknown features.",
4532 (log->l_mp->m_sb.sb_features_log_incompat &
4533 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
4538 * Delay log recovery if the debug hook is set. This is debug
4539 * instrumention to coordinate simulation of I/O failures with
4542 if (xfs_globals.log_recovery_delay) {
4543 xfs_notice(log->l_mp,
4544 "Delaying log recovery for %d seconds.",
4545 xfs_globals.log_recovery_delay);
4546 msleep(xfs_globals.log_recovery_delay * 1000);
4549 xfs_notice(log->l_mp, "Starting recovery (logdev: %s)",
4550 log->l_mp->m_logname ? log->l_mp->m_logname
4553 error = xlog_do_recover(log, head_blk, tail_blk);
4554 log->l_flags |= XLOG_RECOVERY_NEEDED;
4560 * In the first part of recovery we replay inodes and buffers and build
4561 * up the list of extent free items which need to be processed. Here
4562 * we process the extent free items and clean up the on disk unlinked
4563 * inode lists. This is separated from the first part of recovery so
4564 * that the root and real-time bitmap inodes can be read in from disk in
4565 * between the two stages. This is necessary so that we can free space
4566 * in the real-time portion of the file system.
4569 xlog_recover_finish(
4573 * Now we're ready to do the transactions needed for the
4574 * rest of recovery. Start with completing all the extent
4575 * free intent records and then process the unlinked inode
4576 * lists. At this point, we essentially run in normal mode
4577 * except that we're still performing recovery actions
4578 * rather than accepting new requests.
4580 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
4582 error = xlog_recover_process_efis(log);
4584 xfs_alert(log->l_mp, "Failed to recover EFIs");
4588 * Sync the log to get all the EFIs out of the AIL.
4589 * This isn't absolutely necessary, but it helps in
4590 * case the unlink transactions would have problems
4591 * pushing the EFIs out of the way.
4593 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
4595 xlog_recover_process_iunlinks(log);
4597 xlog_recover_check_summary(log);
4599 xfs_notice(log->l_mp, "Ending recovery (logdev: %s)",
4600 log->l_mp->m_logname ? log->l_mp->m_logname
4602 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
4604 xfs_info(log->l_mp, "Ending clean mount");
4612 * Read all of the agf and agi counters and check that they
4613 * are consistent with the superblock counters.
4616 xlog_recover_check_summary(
4623 xfs_agnumber_t agno;
4624 __uint64_t freeblks;
4634 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4635 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
4637 xfs_alert(mp, "%s agf read failed agno %d error %d",
4638 __func__, agno, error);
4640 agfp = XFS_BUF_TO_AGF(agfbp);
4641 freeblks += be32_to_cpu(agfp->agf_freeblks) +
4642 be32_to_cpu(agfp->agf_flcount);
4643 xfs_buf_relse(agfbp);
4646 error = xfs_read_agi(mp, NULL, agno, &agibp);
4648 xfs_alert(mp, "%s agi read failed agno %d error %d",
4649 __func__, agno, error);
4651 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
4653 itotal += be32_to_cpu(agi->agi_count);
4654 ifree += be32_to_cpu(agi->agi_freecount);
4655 xfs_buf_relse(agibp);