2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
26 #include "xfs_mount.h"
27 #include "xfs_da_format.h"
28 #include "xfs_da_btree.h"
29 #include "xfs_inode.h"
30 #include "xfs_trans.h"
32 #include "xfs_log_priv.h"
33 #include "xfs_log_recover.h"
34 #include "xfs_inode_item.h"
35 #include "xfs_extfree_item.h"
36 #include "xfs_trans_priv.h"
37 #include "xfs_alloc.h"
38 #include "xfs_ialloc.h"
39 #include "xfs_quota.h"
40 #include "xfs_cksum.h"
41 #include "xfs_trace.h"
42 #include "xfs_icache.h"
43 #include "xfs_bmap_btree.h"
44 #include "xfs_error.h"
47 #define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1)
54 xlog_clear_stale_blocks(
59 xlog_recover_check_summary(
62 #define xlog_recover_check_summary(log)
65 xlog_do_recovery_pass(
66 struct xlog *, xfs_daddr_t, xfs_daddr_t, int, xfs_daddr_t *);
69 * This structure is used during recovery to record the buf log items which
70 * have been canceled and should not be replayed.
72 struct xfs_buf_cancel {
76 struct list_head bc_list;
80 * Sector aligned buffer routines for buffer create/read/write/access
84 * Verify the given count of basic blocks is valid number of blocks
85 * to specify for an operation involving the given XFS log buffer.
86 * Returns nonzero if the count is valid, 0 otherwise.
90 xlog_buf_bbcount_valid(
94 return bbcount > 0 && bbcount <= log->l_logBBsize;
98 * Allocate a buffer to hold log data. The buffer needs to be able
99 * to map to a range of nbblks basic blocks at any valid (basic
100 * block) offset within the log.
109 if (!xlog_buf_bbcount_valid(log, nbblks)) {
110 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
112 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
117 * We do log I/O in units of log sectors (a power-of-2
118 * multiple of the basic block size), so we round up the
119 * requested size to accommodate the basic blocks required
120 * for complete log sectors.
122 * In addition, the buffer may be used for a non-sector-
123 * aligned block offset, in which case an I/O of the
124 * requested size could extend beyond the end of the
125 * buffer. If the requested size is only 1 basic block it
126 * will never straddle a sector boundary, so this won't be
127 * an issue. Nor will this be a problem if the log I/O is
128 * done in basic blocks (sector size 1). But otherwise we
129 * extend the buffer by one extra log sector to ensure
130 * there's space to accommodate this possibility.
132 if (nbblks > 1 && log->l_sectBBsize > 1)
133 nbblks += log->l_sectBBsize;
134 nbblks = round_up(nbblks, log->l_sectBBsize);
136 bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0);
150 * Return the address of the start of the given block number's data
151 * in a log buffer. The buffer covers a log sector-aligned region.
160 xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1);
162 ASSERT(offset + nbblks <= bp->b_length);
163 return bp->b_addr + BBTOB(offset);
168 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
179 if (!xlog_buf_bbcount_valid(log, nbblks)) {
180 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
182 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
183 return -EFSCORRUPTED;
186 blk_no = round_down(blk_no, log->l_sectBBsize);
187 nbblks = round_up(nbblks, log->l_sectBBsize);
190 ASSERT(nbblks <= bp->b_length);
192 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
193 bp->b_flags |= XBF_READ;
194 bp->b_io_length = nbblks;
197 error = xfs_buf_submit_wait(bp);
198 if (error && !XFS_FORCED_SHUTDOWN(log->l_mp))
199 xfs_buf_ioerror_alert(bp, __func__);
213 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
217 *offset = xlog_align(log, blk_no, nbblks, bp);
222 * Read at an offset into the buffer. Returns with the buffer in it's original
223 * state regardless of the result of the read.
228 xfs_daddr_t blk_no, /* block to read from */
229 int nbblks, /* blocks to read */
233 char *orig_offset = bp->b_addr;
234 int orig_len = BBTOB(bp->b_length);
237 error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks));
241 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
243 /* must reset buffer pointer even on error */
244 error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len);
251 * Write out the buffer at the given block for the given number of blocks.
252 * The buffer is kept locked across the write and is returned locked.
253 * This can only be used for synchronous log writes.
264 if (!xlog_buf_bbcount_valid(log, nbblks)) {
265 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
267 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
268 return -EFSCORRUPTED;
271 blk_no = round_down(blk_no, log->l_sectBBsize);
272 nbblks = round_up(nbblks, log->l_sectBBsize);
275 ASSERT(nbblks <= bp->b_length);
277 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
280 bp->b_io_length = nbblks;
283 error = xfs_bwrite(bp);
285 xfs_buf_ioerror_alert(bp, __func__);
292 * dump debug superblock and log record information
295 xlog_header_check_dump(
297 xlog_rec_header_t *head)
299 xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d",
300 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
301 xfs_debug(mp, " log : uuid = %pU, fmt = %d",
302 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
305 #define xlog_header_check_dump(mp, head)
309 * check log record header for recovery
312 xlog_header_check_recover(
314 xlog_rec_header_t *head)
316 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
319 * IRIX doesn't write the h_fmt field and leaves it zeroed
320 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
321 * a dirty log created in IRIX.
323 if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) {
325 "dirty log written in incompatible format - can't recover");
326 xlog_header_check_dump(mp, head);
327 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
328 XFS_ERRLEVEL_HIGH, mp);
329 return -EFSCORRUPTED;
330 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
332 "dirty log entry has mismatched uuid - can't recover");
333 xlog_header_check_dump(mp, head);
334 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
335 XFS_ERRLEVEL_HIGH, mp);
336 return -EFSCORRUPTED;
342 * read the head block of the log and check the header
345 xlog_header_check_mount(
347 xlog_rec_header_t *head)
349 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
351 if (uuid_is_nil(&head->h_fs_uuid)) {
353 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
354 * h_fs_uuid is nil, we assume this log was last mounted
355 * by IRIX and continue.
357 xfs_warn(mp, "nil uuid in log - IRIX style log");
358 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
359 xfs_warn(mp, "log has mismatched uuid - can't recover");
360 xlog_header_check_dump(mp, head);
361 XFS_ERROR_REPORT("xlog_header_check_mount",
362 XFS_ERRLEVEL_HIGH, mp);
363 return -EFSCORRUPTED;
374 * We're not going to bother about retrying
375 * this during recovery. One strike!
377 if (!XFS_FORCED_SHUTDOWN(bp->b_target->bt_mount)) {
378 xfs_buf_ioerror_alert(bp, __func__);
379 xfs_force_shutdown(bp->b_target->bt_mount,
380 SHUTDOWN_META_IO_ERROR);
388 * This routine finds (to an approximation) the first block in the physical
389 * log which contains the given cycle. It uses a binary search algorithm.
390 * Note that the algorithm can not be perfect because the disk will not
391 * necessarily be perfect.
394 xlog_find_cycle_start(
397 xfs_daddr_t first_blk,
398 xfs_daddr_t *last_blk,
408 mid_blk = BLK_AVG(first_blk, end_blk);
409 while (mid_blk != first_blk && mid_blk != end_blk) {
410 error = xlog_bread(log, mid_blk, 1, bp, &offset);
413 mid_cycle = xlog_get_cycle(offset);
414 if (mid_cycle == cycle)
415 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
417 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
418 mid_blk = BLK_AVG(first_blk, end_blk);
420 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
421 (mid_blk == end_blk && mid_blk-1 == first_blk));
429 * Check that a range of blocks does not contain stop_on_cycle_no.
430 * Fill in *new_blk with the block offset where such a block is
431 * found, or with -1 (an invalid block number) if there is no such
432 * block in the range. The scan needs to occur from front to back
433 * and the pointer into the region must be updated since a later
434 * routine will need to perform another test.
437 xlog_find_verify_cycle(
439 xfs_daddr_t start_blk,
441 uint stop_on_cycle_no,
442 xfs_daddr_t *new_blk)
452 * Greedily allocate a buffer big enough to handle the full
453 * range of basic blocks we'll be examining. If that fails,
454 * try a smaller size. We need to be able to read at least
455 * a log sector, or we're out of luck.
457 bufblks = 1 << ffs(nbblks);
458 while (bufblks > log->l_logBBsize)
460 while (!(bp = xlog_get_bp(log, bufblks))) {
462 if (bufblks < log->l_sectBBsize)
466 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
469 bcount = min(bufblks, (start_blk + nbblks - i));
471 error = xlog_bread(log, i, bcount, bp, &buf);
475 for (j = 0; j < bcount; j++) {
476 cycle = xlog_get_cycle(buf);
477 if (cycle == stop_on_cycle_no) {
494 * Potentially backup over partial log record write.
496 * In the typical case, last_blk is the number of the block directly after
497 * a good log record. Therefore, we subtract one to get the block number
498 * of the last block in the given buffer. extra_bblks contains the number
499 * of blocks we would have read on a previous read. This happens when the
500 * last log record is split over the end of the physical log.
502 * extra_bblks is the number of blocks potentially verified on a previous
503 * call to this routine.
506 xlog_find_verify_log_record(
508 xfs_daddr_t start_blk,
509 xfs_daddr_t *last_blk,
515 xlog_rec_header_t *head = NULL;
518 int num_blks = *last_blk - start_blk;
521 ASSERT(start_blk != 0 || *last_blk != start_blk);
523 if (!(bp = xlog_get_bp(log, num_blks))) {
524 if (!(bp = xlog_get_bp(log, 1)))
528 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
531 offset += ((num_blks - 1) << BBSHIFT);
534 for (i = (*last_blk) - 1; i >= 0; i--) {
536 /* valid log record not found */
538 "Log inconsistent (didn't find previous header)");
545 error = xlog_bread(log, i, 1, bp, &offset);
550 head = (xlog_rec_header_t *)offset;
552 if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
560 * We hit the beginning of the physical log & still no header. Return
561 * to caller. If caller can handle a return of -1, then this routine
562 * will be called again for the end of the physical log.
570 * We have the final block of the good log (the first block
571 * of the log record _before_ the head. So we check the uuid.
573 if ((error = xlog_header_check_mount(log->l_mp, head)))
577 * We may have found a log record header before we expected one.
578 * last_blk will be the 1st block # with a given cycle #. We may end
579 * up reading an entire log record. In this case, we don't want to
580 * reset last_blk. Only when last_blk points in the middle of a log
581 * record do we update last_blk.
583 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
584 uint h_size = be32_to_cpu(head->h_size);
586 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
587 if (h_size % XLOG_HEADER_CYCLE_SIZE)
593 if (*last_blk - i + extra_bblks !=
594 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
603 * Head is defined to be the point of the log where the next log write
604 * could go. This means that incomplete LR writes at the end are
605 * eliminated when calculating the head. We aren't guaranteed that previous
606 * LR have complete transactions. We only know that a cycle number of
607 * current cycle number -1 won't be present in the log if we start writing
608 * from our current block number.
610 * last_blk contains the block number of the first block with a given
613 * Return: zero if normal, non-zero if error.
618 xfs_daddr_t *return_head_blk)
622 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
624 uint first_half_cycle, last_half_cycle;
626 int error, log_bbnum = log->l_logBBsize;
628 /* Is the end of the log device zeroed? */
629 error = xlog_find_zeroed(log, &first_blk);
631 xfs_warn(log->l_mp, "empty log check failed");
635 *return_head_blk = first_blk;
637 /* Is the whole lot zeroed? */
639 /* Linux XFS shouldn't generate totally zeroed logs -
640 * mkfs etc write a dummy unmount record to a fresh
641 * log so we can store the uuid in there
643 xfs_warn(log->l_mp, "totally zeroed log");
649 first_blk = 0; /* get cycle # of 1st block */
650 bp = xlog_get_bp(log, 1);
654 error = xlog_bread(log, 0, 1, bp, &offset);
658 first_half_cycle = xlog_get_cycle(offset);
660 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
661 error = xlog_bread(log, last_blk, 1, bp, &offset);
665 last_half_cycle = xlog_get_cycle(offset);
666 ASSERT(last_half_cycle != 0);
669 * If the 1st half cycle number is equal to the last half cycle number,
670 * then the entire log is stamped with the same cycle number. In this
671 * case, head_blk can't be set to zero (which makes sense). The below
672 * math doesn't work out properly with head_blk equal to zero. Instead,
673 * we set it to log_bbnum which is an invalid block number, but this
674 * value makes the math correct. If head_blk doesn't changed through
675 * all the tests below, *head_blk is set to zero at the very end rather
676 * than log_bbnum. In a sense, log_bbnum and zero are the same block
677 * in a circular file.
679 if (first_half_cycle == last_half_cycle) {
681 * In this case we believe that the entire log should have
682 * cycle number last_half_cycle. We need to scan backwards
683 * from the end verifying that there are no holes still
684 * containing last_half_cycle - 1. If we find such a hole,
685 * then the start of that hole will be the new head. The
686 * simple case looks like
687 * x | x ... | x - 1 | x
688 * Another case that fits this picture would be
689 * x | x + 1 | x ... | x
690 * In this case the head really is somewhere at the end of the
691 * log, as one of the latest writes at the beginning was
694 * x | x + 1 | x ... | x - 1 | x
695 * This is really the combination of the above two cases, and
696 * the head has to end up at the start of the x-1 hole at the
699 * In the 256k log case, we will read from the beginning to the
700 * end of the log and search for cycle numbers equal to x-1.
701 * We don't worry about the x+1 blocks that we encounter,
702 * because we know that they cannot be the head since the log
705 head_blk = log_bbnum;
706 stop_on_cycle = last_half_cycle - 1;
709 * In this case we want to find the first block with cycle
710 * number matching last_half_cycle. We expect the log to be
712 * x + 1 ... | x ... | x
713 * The first block with cycle number x (last_half_cycle) will
714 * be where the new head belongs. First we do a binary search
715 * for the first occurrence of last_half_cycle. The binary
716 * search may not be totally accurate, so then we scan back
717 * from there looking for occurrences of last_half_cycle before
718 * us. If that backwards scan wraps around the beginning of
719 * the log, then we look for occurrences of last_half_cycle - 1
720 * at the end of the log. The cases we're looking for look
722 * v binary search stopped here
723 * x + 1 ... | x | x + 1 | x ... | x
724 * ^ but we want to locate this spot
726 * <---------> less than scan distance
727 * x + 1 ... | x ... | x - 1 | x
728 * ^ we want to locate this spot
730 stop_on_cycle = last_half_cycle;
731 if ((error = xlog_find_cycle_start(log, bp, first_blk,
732 &head_blk, last_half_cycle)))
737 * Now validate the answer. Scan back some number of maximum possible
738 * blocks and make sure each one has the expected cycle number. The
739 * maximum is determined by the total possible amount of buffering
740 * in the in-core log. The following number can be made tighter if
741 * we actually look at the block size of the filesystem.
743 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
744 if (head_blk >= num_scan_bblks) {
746 * We are guaranteed that the entire check can be performed
749 start_blk = head_blk - num_scan_bblks;
750 if ((error = xlog_find_verify_cycle(log,
751 start_blk, num_scan_bblks,
752 stop_on_cycle, &new_blk)))
756 } else { /* need to read 2 parts of log */
758 * We are going to scan backwards in the log in two parts.
759 * First we scan the physical end of the log. In this part
760 * of the log, we are looking for blocks with cycle number
761 * last_half_cycle - 1.
762 * If we find one, then we know that the log starts there, as
763 * we've found a hole that didn't get written in going around
764 * the end of the physical log. The simple case for this is
765 * x + 1 ... | x ... | x - 1 | x
766 * <---------> less than scan distance
767 * If all of the blocks at the end of the log have cycle number
768 * last_half_cycle, then we check the blocks at the start of
769 * the log looking for occurrences of last_half_cycle. If we
770 * find one, then our current estimate for the location of the
771 * first occurrence of last_half_cycle is wrong and we move
772 * back to the hole we've found. This case looks like
773 * x + 1 ... | x | x + 1 | x ...
774 * ^ binary search stopped here
775 * Another case we need to handle that only occurs in 256k
777 * x + 1 ... | x ... | x+1 | x ...
778 * ^ binary search stops here
779 * In a 256k log, the scan at the end of the log will see the
780 * x + 1 blocks. We need to skip past those since that is
781 * certainly not the head of the log. By searching for
782 * last_half_cycle-1 we accomplish that.
784 ASSERT(head_blk <= INT_MAX &&
785 (xfs_daddr_t) num_scan_bblks >= head_blk);
786 start_blk = log_bbnum - (num_scan_bblks - head_blk);
787 if ((error = xlog_find_verify_cycle(log, start_blk,
788 num_scan_bblks - (int)head_blk,
789 (stop_on_cycle - 1), &new_blk)))
797 * Scan beginning of log now. The last part of the physical
798 * log is good. This scan needs to verify that it doesn't find
799 * the last_half_cycle.
802 ASSERT(head_blk <= INT_MAX);
803 if ((error = xlog_find_verify_cycle(log,
804 start_blk, (int)head_blk,
805 stop_on_cycle, &new_blk)))
813 * Now we need to make sure head_blk is not pointing to a block in
814 * the middle of a log record.
816 num_scan_bblks = XLOG_REC_SHIFT(log);
817 if (head_blk >= num_scan_bblks) {
818 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
820 /* start ptr at last block ptr before head_blk */
821 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
828 ASSERT(head_blk <= INT_MAX);
829 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
833 /* We hit the beginning of the log during our search */
834 start_blk = log_bbnum - (num_scan_bblks - head_blk);
836 ASSERT(start_blk <= INT_MAX &&
837 (xfs_daddr_t) log_bbnum-start_blk >= 0);
838 ASSERT(head_blk <= INT_MAX);
839 error = xlog_find_verify_log_record(log, start_blk,
840 &new_blk, (int)head_blk);
845 if (new_blk != log_bbnum)
852 if (head_blk == log_bbnum)
853 *return_head_blk = 0;
855 *return_head_blk = head_blk;
857 * When returning here, we have a good block number. Bad block
858 * means that during a previous crash, we didn't have a clean break
859 * from cycle number N to cycle number N-1. In this case, we need
860 * to find the first block with cycle number N-1.
868 xfs_warn(log->l_mp, "failed to find log head");
873 * Seek backwards in the log for log record headers.
875 * Given a starting log block, walk backwards until we find the provided number
876 * of records or hit the provided tail block. The return value is the number of
877 * records encountered or a negative error code. The log block and buffer
878 * pointer of the last record seen are returned in rblk and rhead respectively.
881 xlog_rseek_logrec_hdr(
883 xfs_daddr_t head_blk,
884 xfs_daddr_t tail_blk,
888 struct xlog_rec_header **rhead,
900 * Walk backwards from the head block until we hit the tail or the first
903 end_blk = head_blk > tail_blk ? tail_blk : 0;
904 for (i = (int) head_blk - 1; i >= end_blk; i--) {
905 error = xlog_bread(log, i, 1, bp, &offset);
909 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
911 *rhead = (struct xlog_rec_header *) offset;
912 if (++found == count)
918 * If we haven't hit the tail block or the log record header count,
919 * start looking again from the end of the physical log. Note that
920 * callers can pass head == tail if the tail is not yet known.
922 if (tail_blk >= head_blk && found != count) {
923 for (i = log->l_logBBsize - 1; i >= (int) tail_blk; i--) {
924 error = xlog_bread(log, i, 1, bp, &offset);
928 if (*(__be32 *)offset ==
929 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
932 *rhead = (struct xlog_rec_header *) offset;
933 if (++found == count)
946 * Seek forward in the log for log record headers.
948 * Given head and tail blocks, walk forward from the tail block until we find
949 * the provided number of records or hit the head block. The return value is the
950 * number of records encountered or a negative error code. The log block and
951 * buffer pointer of the last record seen are returned in rblk and rhead
955 xlog_seek_logrec_hdr(
957 xfs_daddr_t head_blk,
958 xfs_daddr_t tail_blk,
962 struct xlog_rec_header **rhead,
974 * Walk forward from the tail block until we hit the head or the last
977 end_blk = head_blk > tail_blk ? head_blk : log->l_logBBsize - 1;
978 for (i = (int) tail_blk; i <= end_blk; i++) {
979 error = xlog_bread(log, i, 1, bp, &offset);
983 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
985 *rhead = (struct xlog_rec_header *) offset;
986 if (++found == count)
992 * If we haven't hit the head block or the log record header count,
993 * start looking again from the start of the physical log.
995 if (tail_blk > head_blk && found != count) {
996 for (i = 0; i < (int) head_blk; i++) {
997 error = xlog_bread(log, i, 1, bp, &offset);
1001 if (*(__be32 *)offset ==
1002 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
1005 *rhead = (struct xlog_rec_header *) offset;
1006 if (++found == count)
1019 * Check the log tail for torn writes. This is required when torn writes are
1020 * detected at the head and the head had to be walked back to a previous record.
1021 * The tail of the previous record must now be verified to ensure the torn
1022 * writes didn't corrupt the previous tail.
1024 * Return an error if CRC verification fails as recovery cannot proceed.
1029 xfs_daddr_t head_blk,
1030 xfs_daddr_t tail_blk)
1032 struct xlog_rec_header *thead;
1034 xfs_daddr_t first_bad;
1038 xfs_daddr_t tmp_head;
1040 bp = xlog_get_bp(log, 1);
1045 * Seek XLOG_MAX_ICLOGS + 1 records past the current tail record to get
1046 * a temporary head block that points after the last possible
1047 * concurrently written record of the tail.
1049 count = xlog_seek_logrec_hdr(log, head_blk, tail_blk,
1050 XLOG_MAX_ICLOGS + 1, bp, &tmp_head, &thead,
1058 * If the call above didn't find XLOG_MAX_ICLOGS + 1 records, we ran
1059 * into the actual log head. tmp_head points to the start of the record
1060 * so update it to the actual head block.
1062 if (count < XLOG_MAX_ICLOGS + 1)
1063 tmp_head = head_blk;
1066 * We now have a tail and temporary head block that covers at least
1067 * XLOG_MAX_ICLOGS records from the tail. We need to verify that these
1068 * records were completely written. Run a CRC verification pass from
1069 * tail to head and return the result.
1071 error = xlog_do_recovery_pass(log, tmp_head, tail_blk,
1072 XLOG_RECOVER_CRCPASS, &first_bad);
1080 * Detect and trim torn writes from the head of the log.
1082 * Storage without sector atomicity guarantees can result in torn writes in the
1083 * log in the event of a crash. Our only means to detect this scenario is via
1084 * CRC verification. While we can't always be certain that CRC verification
1085 * failure is due to a torn write vs. an unrelated corruption, we do know that
1086 * only a certain number (XLOG_MAX_ICLOGS) of log records can be written out at
1087 * one time. Therefore, CRC verify up to XLOG_MAX_ICLOGS records at the head of
1088 * the log and treat failures in this range as torn writes as a matter of
1089 * policy. In the event of CRC failure, the head is walked back to the last good
1090 * record in the log and the tail is updated from that record and verified.
1095 xfs_daddr_t *head_blk, /* in/out: unverified head */
1096 xfs_daddr_t *tail_blk, /* out: tail block */
1098 xfs_daddr_t *rhead_blk, /* start blk of last record */
1099 struct xlog_rec_header **rhead, /* ptr to last record */
1100 bool *wrapped) /* last rec. wraps phys. log */
1102 struct xlog_rec_header *tmp_rhead;
1103 struct xfs_buf *tmp_bp;
1104 xfs_daddr_t first_bad;
1105 xfs_daddr_t tmp_rhead_blk;
1111 * Check the head of the log for torn writes. Search backwards from the
1112 * head until we hit the tail or the maximum number of log record I/Os
1113 * that could have been in flight at one time. Use a temporary buffer so
1114 * we don't trash the rhead/bp pointers from the caller.
1116 tmp_bp = xlog_get_bp(log, 1);
1119 error = xlog_rseek_logrec_hdr(log, *head_blk, *tail_blk,
1120 XLOG_MAX_ICLOGS, tmp_bp, &tmp_rhead_blk,
1121 &tmp_rhead, &tmp_wrapped);
1122 xlog_put_bp(tmp_bp);
1127 * Now run a CRC verification pass over the records starting at the
1128 * block found above to the current head. If a CRC failure occurs, the
1129 * log block of the first bad record is saved in first_bad.
1131 error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk,
1132 XLOG_RECOVER_CRCPASS, &first_bad);
1133 if (error == -EFSBADCRC) {
1135 * We've hit a potential torn write. Reset the error and warn
1140 "Torn write (CRC failure) detected at log block 0x%llx. Truncating head block from 0x%llx.",
1141 first_bad, *head_blk);
1144 * Get the header block and buffer pointer for the last good
1145 * record before the bad record.
1147 * Note that xlog_find_tail() clears the blocks at the new head
1148 * (i.e., the records with invalid CRC) if the cycle number
1149 * matches the the current cycle.
1151 found = xlog_rseek_logrec_hdr(log, first_bad, *tail_blk, 1, bp,
1152 rhead_blk, rhead, wrapped);
1155 if (found == 0) /* XXX: right thing to do here? */
1159 * Reset the head block to the starting block of the first bad
1160 * log record and set the tail block based on the last good
1163 * Bail out if the updated head/tail match as this indicates
1164 * possible corruption outside of the acceptable
1165 * (XLOG_MAX_ICLOGS) range. This is a job for xfs_repair...
1167 *head_blk = first_bad;
1168 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1169 if (*head_blk == *tail_blk) {
1175 * Now verify the tail based on the updated head. This is
1176 * required because the torn writes trimmed from the head could
1177 * have been written over the tail of a previous record. Return
1178 * any errors since recovery cannot proceed if the tail is
1181 * XXX: This leaves a gap in truly robust protection from torn
1182 * writes in the log. If the head is behind the tail, the tail
1183 * pushes forward to create some space and then a crash occurs
1184 * causing the writes into the previous record's tail region to
1185 * tear, log recovery isn't able to recover.
1187 * How likely is this to occur? If possible, can we do something
1188 * more intelligent here? Is it safe to push the tail forward if
1189 * we can determine that the tail is within the range of the
1190 * torn write (e.g., the kernel can only overwrite the tail if
1191 * it has actually been pushed forward)? Alternatively, could we
1192 * somehow prevent this condition at runtime?
1194 error = xlog_verify_tail(log, *head_blk, *tail_blk);
1201 * Check whether the head of the log points to an unmount record. In other
1202 * words, determine whether the log is clean. If so, update the in-core state
1206 xlog_check_unmount_rec(
1208 xfs_daddr_t *head_blk,
1209 xfs_daddr_t *tail_blk,
1210 struct xlog_rec_header *rhead,
1211 xfs_daddr_t rhead_blk,
1215 struct xlog_op_header *op_head;
1216 xfs_daddr_t umount_data_blk;
1217 xfs_daddr_t after_umount_blk;
1225 * Look for unmount record. If we find it, then we know there was a
1226 * clean unmount. Since 'i' could be the last block in the physical
1227 * log, we convert to a log block before comparing to the head_blk.
1229 * Save the current tail lsn to use to pass to xlog_clear_stale_blocks()
1230 * below. We won't want to clear the unmount record if there is one, so
1231 * we pass the lsn of the unmount record rather than the block after it.
1233 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1234 int h_size = be32_to_cpu(rhead->h_size);
1235 int h_version = be32_to_cpu(rhead->h_version);
1237 if ((h_version & XLOG_VERSION_2) &&
1238 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
1239 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
1240 if (h_size % XLOG_HEADER_CYCLE_SIZE)
1248 after_umount_blk = rhead_blk + hblks + BTOBB(be32_to_cpu(rhead->h_len));
1249 after_umount_blk = do_mod(after_umount_blk, log->l_logBBsize);
1250 if (*head_blk == after_umount_blk &&
1251 be32_to_cpu(rhead->h_num_logops) == 1) {
1252 umount_data_blk = rhead_blk + hblks;
1253 umount_data_blk = do_mod(umount_data_blk, log->l_logBBsize);
1254 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
1258 op_head = (struct xlog_op_header *)offset;
1259 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
1261 * Set tail and last sync so that newly written log
1262 * records will point recovery to after the current
1265 xlog_assign_atomic_lsn(&log->l_tail_lsn,
1266 log->l_curr_cycle, after_umount_blk);
1267 xlog_assign_atomic_lsn(&log->l_last_sync_lsn,
1268 log->l_curr_cycle, after_umount_blk);
1269 *tail_blk = after_umount_blk;
1281 xfs_daddr_t head_blk,
1282 struct xlog_rec_header *rhead,
1283 xfs_daddr_t rhead_blk,
1287 * Reset log values according to the state of the log when we
1288 * crashed. In the case where head_blk == 0, we bump curr_cycle
1289 * one because the next write starts a new cycle rather than
1290 * continuing the cycle of the last good log record. At this
1291 * point we have guaranteed that all partial log records have been
1292 * accounted for. Therefore, we know that the last good log record
1293 * written was complete and ended exactly on the end boundary
1294 * of the physical log.
1296 log->l_prev_block = rhead_blk;
1297 log->l_curr_block = (int)head_blk;
1298 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
1300 log->l_curr_cycle++;
1301 atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn));
1302 atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn));
1303 xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle,
1304 BBTOB(log->l_curr_block));
1305 xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle,
1306 BBTOB(log->l_curr_block));
1310 * Find the sync block number or the tail of the log.
1312 * This will be the block number of the last record to have its
1313 * associated buffers synced to disk. Every log record header has
1314 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
1315 * to get a sync block number. The only concern is to figure out which
1316 * log record header to believe.
1318 * The following algorithm uses the log record header with the largest
1319 * lsn. The entire log record does not need to be valid. We only care
1320 * that the header is valid.
1322 * We could speed up search by using current head_blk buffer, but it is not
1328 xfs_daddr_t *head_blk,
1329 xfs_daddr_t *tail_blk)
1331 xlog_rec_header_t *rhead;
1332 char *offset = NULL;
1335 xfs_daddr_t rhead_blk;
1337 bool wrapped = false;
1341 * Find previous log record
1343 if ((error = xlog_find_head(log, head_blk)))
1345 ASSERT(*head_blk < INT_MAX);
1347 bp = xlog_get_bp(log, 1);
1350 if (*head_blk == 0) { /* special case */
1351 error = xlog_bread(log, 0, 1, bp, &offset);
1355 if (xlog_get_cycle(offset) == 0) {
1357 /* leave all other log inited values alone */
1363 * Search backwards through the log looking for the log record header
1364 * block. This wraps all the way back around to the head so something is
1365 * seriously wrong if we can't find it.
1367 error = xlog_rseek_logrec_hdr(log, *head_blk, *head_blk, 1, bp,
1368 &rhead_blk, &rhead, &wrapped);
1372 xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__);
1375 *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn));
1378 * Set the log state based on the current head record.
1380 xlog_set_state(log, *head_blk, rhead, rhead_blk, wrapped);
1381 tail_lsn = atomic64_read(&log->l_tail_lsn);
1384 * Look for an unmount record at the head of the log. This sets the log
1385 * state to determine whether recovery is necessary.
1387 error = xlog_check_unmount_rec(log, head_blk, tail_blk, rhead,
1388 rhead_blk, bp, &clean);
1393 * Verify the log head if the log is not clean (e.g., we have anything
1394 * but an unmount record at the head). This uses CRC verification to
1395 * detect and trim torn writes. If discovered, CRC failures are
1396 * considered torn writes and the log head is trimmed accordingly.
1398 * Note that we can only run CRC verification when the log is dirty
1399 * because there's no guarantee that the log data behind an unmount
1400 * record is compatible with the current architecture.
1403 xfs_daddr_t orig_head = *head_blk;
1405 error = xlog_verify_head(log, head_blk, tail_blk, bp,
1406 &rhead_blk, &rhead, &wrapped);
1410 /* update in-core state again if the head changed */
1411 if (*head_blk != orig_head) {
1412 xlog_set_state(log, *head_blk, rhead, rhead_blk,
1414 tail_lsn = atomic64_read(&log->l_tail_lsn);
1415 error = xlog_check_unmount_rec(log, head_blk, tail_blk,
1416 rhead, rhead_blk, bp,
1424 * Note that the unmount was clean. If the unmount was not clean, we
1425 * need to know this to rebuild the superblock counters from the perag
1426 * headers if we have a filesystem using non-persistent counters.
1429 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1432 * Make sure that there are no blocks in front of the head
1433 * with the same cycle number as the head. This can happen
1434 * because we allow multiple outstanding log writes concurrently,
1435 * and the later writes might make it out before earlier ones.
1437 * We use the lsn from before modifying it so that we'll never
1438 * overwrite the unmount record after a clean unmount.
1440 * Do this only if we are going to recover the filesystem
1442 * NOTE: This used to say "if (!readonly)"
1443 * However on Linux, we can & do recover a read-only filesystem.
1444 * We only skip recovery if NORECOVERY is specified on mount,
1445 * in which case we would not be here.
1447 * But... if the -device- itself is readonly, just skip this.
1448 * We can't recover this device anyway, so it won't matter.
1450 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1451 error = xlog_clear_stale_blocks(log, tail_lsn);
1457 xfs_warn(log->l_mp, "failed to locate log tail");
1462 * Is the log zeroed at all?
1464 * The last binary search should be changed to perform an X block read
1465 * once X becomes small enough. You can then search linearly through
1466 * the X blocks. This will cut down on the number of reads we need to do.
1468 * If the log is partially zeroed, this routine will pass back the blkno
1469 * of the first block with cycle number 0. It won't have a complete LR
1473 * 0 => the log is completely written to
1474 * 1 => use *blk_no as the first block of the log
1475 * <0 => error has occurred
1480 xfs_daddr_t *blk_no)
1484 uint first_cycle, last_cycle;
1485 xfs_daddr_t new_blk, last_blk, start_blk;
1486 xfs_daddr_t num_scan_bblks;
1487 int error, log_bbnum = log->l_logBBsize;
1491 /* check totally zeroed log */
1492 bp = xlog_get_bp(log, 1);
1495 error = xlog_bread(log, 0, 1, bp, &offset);
1499 first_cycle = xlog_get_cycle(offset);
1500 if (first_cycle == 0) { /* completely zeroed log */
1506 /* check partially zeroed log */
1507 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1511 last_cycle = xlog_get_cycle(offset);
1512 if (last_cycle != 0) { /* log completely written to */
1515 } else if (first_cycle != 1) {
1517 * If the cycle of the last block is zero, the cycle of
1518 * the first block must be 1. If it's not, maybe we're
1519 * not looking at a log... Bail out.
1522 "Log inconsistent or not a log (last==0, first!=1)");
1527 /* we have a partially zeroed log */
1528 last_blk = log_bbnum-1;
1529 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1533 * Validate the answer. Because there is no way to guarantee that
1534 * the entire log is made up of log records which are the same size,
1535 * we scan over the defined maximum blocks. At this point, the maximum
1536 * is not chosen to mean anything special. XXXmiken
1538 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1539 ASSERT(num_scan_bblks <= INT_MAX);
1541 if (last_blk < num_scan_bblks)
1542 num_scan_bblks = last_blk;
1543 start_blk = last_blk - num_scan_bblks;
1546 * We search for any instances of cycle number 0 that occur before
1547 * our current estimate of the head. What we're trying to detect is
1548 * 1 ... | 0 | 1 | 0...
1549 * ^ binary search ends here
1551 if ((error = xlog_find_verify_cycle(log, start_blk,
1552 (int)num_scan_bblks, 0, &new_blk)))
1558 * Potentially backup over partial log record write. We don't need
1559 * to search the end of the log because we know it is zero.
1561 error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0);
1576 * These are simple subroutines used by xlog_clear_stale_blocks() below
1577 * to initialize a buffer full of empty log record headers and write
1578 * them into the log.
1589 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1591 memset(buf, 0, BBSIZE);
1592 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1593 recp->h_cycle = cpu_to_be32(cycle);
1594 recp->h_version = cpu_to_be32(
1595 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1596 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1597 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1598 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1599 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1603 xlog_write_log_records(
1614 int sectbb = log->l_sectBBsize;
1615 int end_block = start_block + blocks;
1621 * Greedily allocate a buffer big enough to handle the full
1622 * range of basic blocks to be written. If that fails, try
1623 * a smaller size. We need to be able to write at least a
1624 * log sector, or we're out of luck.
1626 bufblks = 1 << ffs(blocks);
1627 while (bufblks > log->l_logBBsize)
1629 while (!(bp = xlog_get_bp(log, bufblks))) {
1631 if (bufblks < sectbb)
1635 /* We may need to do a read at the start to fill in part of
1636 * the buffer in the starting sector not covered by the first
1639 balign = round_down(start_block, sectbb);
1640 if (balign != start_block) {
1641 error = xlog_bread_noalign(log, start_block, 1, bp);
1645 j = start_block - balign;
1648 for (i = start_block; i < end_block; i += bufblks) {
1649 int bcount, endcount;
1651 bcount = min(bufblks, end_block - start_block);
1652 endcount = bcount - j;
1654 /* We may need to do a read at the end to fill in part of
1655 * the buffer in the final sector not covered by the write.
1656 * If this is the same sector as the above read, skip it.
1658 ealign = round_down(end_block, sectbb);
1659 if (j == 0 && (start_block + endcount > ealign)) {
1660 offset = bp->b_addr + BBTOB(ealign - start_block);
1661 error = xlog_bread_offset(log, ealign, sectbb,
1668 offset = xlog_align(log, start_block, endcount, bp);
1669 for (; j < endcount; j++) {
1670 xlog_add_record(log, offset, cycle, i+j,
1671 tail_cycle, tail_block);
1674 error = xlog_bwrite(log, start_block, endcount, bp);
1677 start_block += endcount;
1687 * This routine is called to blow away any incomplete log writes out
1688 * in front of the log head. We do this so that we won't become confused
1689 * if we come up, write only a little bit more, and then crash again.
1690 * If we leave the partial log records out there, this situation could
1691 * cause us to think those partial writes are valid blocks since they
1692 * have the current cycle number. We get rid of them by overwriting them
1693 * with empty log records with the old cycle number rather than the
1696 * The tail lsn is passed in rather than taken from
1697 * the log so that we will not write over the unmount record after a
1698 * clean unmount in a 512 block log. Doing so would leave the log without
1699 * any valid log records in it until a new one was written. If we crashed
1700 * during that time we would not be able to recover.
1703 xlog_clear_stale_blocks(
1707 int tail_cycle, head_cycle;
1708 int tail_block, head_block;
1709 int tail_distance, max_distance;
1713 tail_cycle = CYCLE_LSN(tail_lsn);
1714 tail_block = BLOCK_LSN(tail_lsn);
1715 head_cycle = log->l_curr_cycle;
1716 head_block = log->l_curr_block;
1719 * Figure out the distance between the new head of the log
1720 * and the tail. We want to write over any blocks beyond the
1721 * head that we may have written just before the crash, but
1722 * we don't want to overwrite the tail of the log.
1724 if (head_cycle == tail_cycle) {
1726 * The tail is behind the head in the physical log,
1727 * so the distance from the head to the tail is the
1728 * distance from the head to the end of the log plus
1729 * the distance from the beginning of the log to the
1732 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1733 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1734 XFS_ERRLEVEL_LOW, log->l_mp);
1735 return -EFSCORRUPTED;
1737 tail_distance = tail_block + (log->l_logBBsize - head_block);
1740 * The head is behind the tail in the physical log,
1741 * so the distance from the head to the tail is just
1742 * the tail block minus the head block.
1744 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1745 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1746 XFS_ERRLEVEL_LOW, log->l_mp);
1747 return -EFSCORRUPTED;
1749 tail_distance = tail_block - head_block;
1753 * If the head is right up against the tail, we can't clear
1756 if (tail_distance <= 0) {
1757 ASSERT(tail_distance == 0);
1761 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1763 * Take the smaller of the maximum amount of outstanding I/O
1764 * we could have and the distance to the tail to clear out.
1765 * We take the smaller so that we don't overwrite the tail and
1766 * we don't waste all day writing from the head to the tail
1769 max_distance = MIN(max_distance, tail_distance);
1771 if ((head_block + max_distance) <= log->l_logBBsize) {
1773 * We can stomp all the blocks we need to without
1774 * wrapping around the end of the log. Just do it
1775 * in a single write. Use the cycle number of the
1776 * current cycle minus one so that the log will look like:
1779 error = xlog_write_log_records(log, (head_cycle - 1),
1780 head_block, max_distance, tail_cycle,
1786 * We need to wrap around the end of the physical log in
1787 * order to clear all the blocks. Do it in two separate
1788 * I/Os. The first write should be from the head to the
1789 * end of the physical log, and it should use the current
1790 * cycle number minus one just like above.
1792 distance = log->l_logBBsize - head_block;
1793 error = xlog_write_log_records(log, (head_cycle - 1),
1794 head_block, distance, tail_cycle,
1801 * Now write the blocks at the start of the physical log.
1802 * This writes the remainder of the blocks we want to clear.
1803 * It uses the current cycle number since we're now on the
1804 * same cycle as the head so that we get:
1805 * n ... n ... | n - 1 ...
1806 * ^^^^^ blocks we're writing
1808 distance = max_distance - (log->l_logBBsize - head_block);
1809 error = xlog_write_log_records(log, head_cycle, 0, distance,
1810 tail_cycle, tail_block);
1818 /******************************************************************************
1820 * Log recover routines
1822 ******************************************************************************
1826 * Sort the log items in the transaction.
1828 * The ordering constraints are defined by the inode allocation and unlink
1829 * behaviour. The rules are:
1831 * 1. Every item is only logged once in a given transaction. Hence it
1832 * represents the last logged state of the item. Hence ordering is
1833 * dependent on the order in which operations need to be performed so
1834 * required initial conditions are always met.
1836 * 2. Cancelled buffers are recorded in pass 1 in a separate table and
1837 * there's nothing to replay from them so we can simply cull them
1838 * from the transaction. However, we can't do that until after we've
1839 * replayed all the other items because they may be dependent on the
1840 * cancelled buffer and replaying the cancelled buffer can remove it
1841 * form the cancelled buffer table. Hence they have tobe done last.
1843 * 3. Inode allocation buffers must be replayed before inode items that
1844 * read the buffer and replay changes into it. For filesystems using the
1845 * ICREATE transactions, this means XFS_LI_ICREATE objects need to get
1846 * treated the same as inode allocation buffers as they create and
1847 * initialise the buffers directly.
1849 * 4. Inode unlink buffers must be replayed after inode items are replayed.
1850 * This ensures that inodes are completely flushed to the inode buffer
1851 * in a "free" state before we remove the unlinked inode list pointer.
1853 * Hence the ordering needs to be inode allocation buffers first, inode items
1854 * second, inode unlink buffers third and cancelled buffers last.
1856 * But there's a problem with that - we can't tell an inode allocation buffer
1857 * apart from a regular buffer, so we can't separate them. We can, however,
1858 * tell an inode unlink buffer from the others, and so we can separate them out
1859 * from all the other buffers and move them to last.
1861 * Hence, 4 lists, in order from head to tail:
1862 * - buffer_list for all buffers except cancelled/inode unlink buffers
1863 * - item_list for all non-buffer items
1864 * - inode_buffer_list for inode unlink buffers
1865 * - cancel_list for the cancelled buffers
1867 * Note that we add objects to the tail of the lists so that first-to-last
1868 * ordering is preserved within the lists. Adding objects to the head of the
1869 * list means when we traverse from the head we walk them in last-to-first
1870 * order. For cancelled buffers and inode unlink buffers this doesn't matter,
1871 * but for all other items there may be specific ordering that we need to
1875 xlog_recover_reorder_trans(
1877 struct xlog_recover *trans,
1880 xlog_recover_item_t *item, *n;
1882 LIST_HEAD(sort_list);
1883 LIST_HEAD(cancel_list);
1884 LIST_HEAD(buffer_list);
1885 LIST_HEAD(inode_buffer_list);
1886 LIST_HEAD(inode_list);
1888 list_splice_init(&trans->r_itemq, &sort_list);
1889 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1890 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1892 switch (ITEM_TYPE(item)) {
1893 case XFS_LI_ICREATE:
1894 list_move_tail(&item->ri_list, &buffer_list);
1897 if (buf_f->blf_flags & XFS_BLF_CANCEL) {
1898 trace_xfs_log_recover_item_reorder_head(log,
1900 list_move(&item->ri_list, &cancel_list);
1903 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1904 list_move(&item->ri_list, &inode_buffer_list);
1907 list_move_tail(&item->ri_list, &buffer_list);
1911 case XFS_LI_QUOTAOFF:
1914 trace_xfs_log_recover_item_reorder_tail(log,
1916 list_move_tail(&item->ri_list, &inode_list);
1920 "%s: unrecognized type of log operation",
1924 * return the remaining items back to the transaction
1925 * item list so they can be freed in caller.
1927 if (!list_empty(&sort_list))
1928 list_splice_init(&sort_list, &trans->r_itemq);
1934 ASSERT(list_empty(&sort_list));
1935 if (!list_empty(&buffer_list))
1936 list_splice(&buffer_list, &trans->r_itemq);
1937 if (!list_empty(&inode_list))
1938 list_splice_tail(&inode_list, &trans->r_itemq);
1939 if (!list_empty(&inode_buffer_list))
1940 list_splice_tail(&inode_buffer_list, &trans->r_itemq);
1941 if (!list_empty(&cancel_list))
1942 list_splice_tail(&cancel_list, &trans->r_itemq);
1947 * Build up the table of buf cancel records so that we don't replay
1948 * cancelled data in the second pass. For buffer records that are
1949 * not cancel records, there is nothing to do here so we just return.
1951 * If we get a cancel record which is already in the table, this indicates
1952 * that the buffer was cancelled multiple times. In order to ensure
1953 * that during pass 2 we keep the record in the table until we reach its
1954 * last occurrence in the log, we keep a reference count in the cancel
1955 * record in the table to tell us how many times we expect to see this
1956 * record during the second pass.
1959 xlog_recover_buffer_pass1(
1961 struct xlog_recover_item *item)
1963 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1964 struct list_head *bucket;
1965 struct xfs_buf_cancel *bcp;
1968 * If this isn't a cancel buffer item, then just return.
1970 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
1971 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1976 * Insert an xfs_buf_cancel record into the hash table of them.
1977 * If there is already an identical record, bump its reference count.
1979 bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno);
1980 list_for_each_entry(bcp, bucket, bc_list) {
1981 if (bcp->bc_blkno == buf_f->blf_blkno &&
1982 bcp->bc_len == buf_f->blf_len) {
1984 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1989 bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP);
1990 bcp->bc_blkno = buf_f->blf_blkno;
1991 bcp->bc_len = buf_f->blf_len;
1992 bcp->bc_refcount = 1;
1993 list_add_tail(&bcp->bc_list, bucket);
1995 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
2000 * Check to see whether the buffer being recovered has a corresponding
2001 * entry in the buffer cancel record table. If it is, return the cancel
2002 * buffer structure to the caller.
2004 STATIC struct xfs_buf_cancel *
2005 xlog_peek_buffer_cancelled(
2011 struct list_head *bucket;
2012 struct xfs_buf_cancel *bcp;
2014 if (!log->l_buf_cancel_table) {
2015 /* empty table means no cancelled buffers in the log */
2016 ASSERT(!(flags & XFS_BLF_CANCEL));
2020 bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno);
2021 list_for_each_entry(bcp, bucket, bc_list) {
2022 if (bcp->bc_blkno == blkno && bcp->bc_len == len)
2027 * We didn't find a corresponding entry in the table, so return 0 so
2028 * that the buffer is NOT cancelled.
2030 ASSERT(!(flags & XFS_BLF_CANCEL));
2035 * If the buffer is being cancelled then return 1 so that it will be cancelled,
2036 * otherwise return 0. If the buffer is actually a buffer cancel item
2037 * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the
2038 * table and remove it from the table if this is the last reference.
2040 * We remove the cancel record from the table when we encounter its last
2041 * occurrence in the log so that if the same buffer is re-used again after its
2042 * last cancellation we actually replay the changes made at that point.
2045 xlog_check_buffer_cancelled(
2051 struct xfs_buf_cancel *bcp;
2053 bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags);
2058 * We've go a match, so return 1 so that the recovery of this buffer
2059 * is cancelled. If this buffer is actually a buffer cancel log
2060 * item, then decrement the refcount on the one in the table and
2061 * remove it if this is the last reference.
2063 if (flags & XFS_BLF_CANCEL) {
2064 if (--bcp->bc_refcount == 0) {
2065 list_del(&bcp->bc_list);
2073 * Perform recovery for a buffer full of inodes. In these buffers, the only
2074 * data which should be recovered is that which corresponds to the
2075 * di_next_unlinked pointers in the on disk inode structures. The rest of the
2076 * data for the inodes is always logged through the inodes themselves rather
2077 * than the inode buffer and is recovered in xlog_recover_inode_pass2().
2079 * The only time when buffers full of inodes are fully recovered is when the
2080 * buffer is full of newly allocated inodes. In this case the buffer will
2081 * not be marked as an inode buffer and so will be sent to
2082 * xlog_recover_do_reg_buffer() below during recovery.
2085 xlog_recover_do_inode_buffer(
2086 struct xfs_mount *mp,
2087 xlog_recover_item_t *item,
2089 xfs_buf_log_format_t *buf_f)
2095 int reg_buf_offset = 0;
2096 int reg_buf_bytes = 0;
2097 int next_unlinked_offset;
2099 xfs_agino_t *logged_nextp;
2100 xfs_agino_t *buffer_nextp;
2102 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
2105 * Post recovery validation only works properly on CRC enabled
2108 if (xfs_sb_version_hascrc(&mp->m_sb))
2109 bp->b_ops = &xfs_inode_buf_ops;
2111 inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog;
2112 for (i = 0; i < inodes_per_buf; i++) {
2113 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
2114 offsetof(xfs_dinode_t, di_next_unlinked);
2116 while (next_unlinked_offset >=
2117 (reg_buf_offset + reg_buf_bytes)) {
2119 * The next di_next_unlinked field is beyond
2120 * the current logged region. Find the next
2121 * logged region that contains or is beyond
2122 * the current di_next_unlinked field.
2125 bit = xfs_next_bit(buf_f->blf_data_map,
2126 buf_f->blf_map_size, bit);
2129 * If there are no more logged regions in the
2130 * buffer, then we're done.
2135 nbits = xfs_contig_bits(buf_f->blf_data_map,
2136 buf_f->blf_map_size, bit);
2138 reg_buf_offset = bit << XFS_BLF_SHIFT;
2139 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
2144 * If the current logged region starts after the current
2145 * di_next_unlinked field, then move on to the next
2146 * di_next_unlinked field.
2148 if (next_unlinked_offset < reg_buf_offset)
2151 ASSERT(item->ri_buf[item_index].i_addr != NULL);
2152 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
2153 ASSERT((reg_buf_offset + reg_buf_bytes) <=
2154 BBTOB(bp->b_io_length));
2157 * The current logged region contains a copy of the
2158 * current di_next_unlinked field. Extract its value
2159 * and copy it to the buffer copy.
2161 logged_nextp = item->ri_buf[item_index].i_addr +
2162 next_unlinked_offset - reg_buf_offset;
2163 if (unlikely(*logged_nextp == 0)) {
2165 "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). "
2166 "Trying to replay bad (0) inode di_next_unlinked field.",
2168 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
2169 XFS_ERRLEVEL_LOW, mp);
2170 return -EFSCORRUPTED;
2173 buffer_nextp = xfs_buf_offset(bp, next_unlinked_offset);
2174 *buffer_nextp = *logged_nextp;
2177 * If necessary, recalculate the CRC in the on-disk inode. We
2178 * have to leave the inode in a consistent state for whoever
2181 xfs_dinode_calc_crc(mp,
2182 xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize));
2190 * V5 filesystems know the age of the buffer on disk being recovered. We can
2191 * have newer objects on disk than we are replaying, and so for these cases we
2192 * don't want to replay the current change as that will make the buffer contents
2193 * temporarily invalid on disk.
2195 * The magic number might not match the buffer type we are going to recover
2196 * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence
2197 * extract the LSN of the existing object in the buffer based on it's current
2198 * magic number. If we don't recognise the magic number in the buffer, then
2199 * return a LSN of -1 so that the caller knows it was an unrecognised block and
2200 * so can recover the buffer.
2202 * Note: we cannot rely solely on magic number matches to determine that the
2203 * buffer has a valid LSN - we also need to verify that it belongs to this
2204 * filesystem, so we need to extract the object's LSN and compare it to that
2205 * which we read from the superblock. If the UUIDs don't match, then we've got a
2206 * stale metadata block from an old filesystem instance that we need to recover
2210 xlog_recover_get_buf_lsn(
2211 struct xfs_mount *mp,
2217 void *blk = bp->b_addr;
2221 /* v4 filesystems always recover immediately */
2222 if (!xfs_sb_version_hascrc(&mp->m_sb))
2223 goto recover_immediately;
2225 magic32 = be32_to_cpu(*(__be32 *)blk);
2227 case XFS_ABTB_CRC_MAGIC:
2228 case XFS_ABTC_CRC_MAGIC:
2229 case XFS_ABTB_MAGIC:
2230 case XFS_ABTC_MAGIC:
2231 case XFS_IBT_CRC_MAGIC:
2232 case XFS_IBT_MAGIC: {
2233 struct xfs_btree_block *btb = blk;
2235 lsn = be64_to_cpu(btb->bb_u.s.bb_lsn);
2236 uuid = &btb->bb_u.s.bb_uuid;
2239 case XFS_BMAP_CRC_MAGIC:
2240 case XFS_BMAP_MAGIC: {
2241 struct xfs_btree_block *btb = blk;
2243 lsn = be64_to_cpu(btb->bb_u.l.bb_lsn);
2244 uuid = &btb->bb_u.l.bb_uuid;
2248 lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn);
2249 uuid = &((struct xfs_agf *)blk)->agf_uuid;
2251 case XFS_AGFL_MAGIC:
2252 lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn);
2253 uuid = &((struct xfs_agfl *)blk)->agfl_uuid;
2256 lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn);
2257 uuid = &((struct xfs_agi *)blk)->agi_uuid;
2259 case XFS_SYMLINK_MAGIC:
2260 lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn);
2261 uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid;
2263 case XFS_DIR3_BLOCK_MAGIC:
2264 case XFS_DIR3_DATA_MAGIC:
2265 case XFS_DIR3_FREE_MAGIC:
2266 lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn);
2267 uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid;
2269 case XFS_ATTR3_RMT_MAGIC:
2271 * Remote attr blocks are written synchronously, rather than
2272 * being logged. That means they do not contain a valid LSN
2273 * (i.e. transactionally ordered) in them, and hence any time we
2274 * see a buffer to replay over the top of a remote attribute
2275 * block we should simply do so.
2277 goto recover_immediately;
2280 * superblock uuids are magic. We may or may not have a
2281 * sb_meta_uuid on disk, but it will be set in the in-core
2282 * superblock. We set the uuid pointer for verification
2283 * according to the superblock feature mask to ensure we check
2284 * the relevant UUID in the superblock.
2286 lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn);
2287 if (xfs_sb_version_hasmetauuid(&mp->m_sb))
2288 uuid = &((struct xfs_dsb *)blk)->sb_meta_uuid;
2290 uuid = &((struct xfs_dsb *)blk)->sb_uuid;
2296 if (lsn != (xfs_lsn_t)-1) {
2297 if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid))
2298 goto recover_immediately;
2302 magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic);
2304 case XFS_DIR3_LEAF1_MAGIC:
2305 case XFS_DIR3_LEAFN_MAGIC:
2306 case XFS_DA3_NODE_MAGIC:
2307 lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn);
2308 uuid = &((struct xfs_da3_blkinfo *)blk)->uuid;
2314 if (lsn != (xfs_lsn_t)-1) {
2315 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
2316 goto recover_immediately;
2321 * We do individual object checks on dquot and inode buffers as they
2322 * have their own individual LSN records. Also, we could have a stale
2323 * buffer here, so we have to at least recognise these buffer types.
2325 * A notd complexity here is inode unlinked list processing - it logs
2326 * the inode directly in the buffer, but we don't know which inodes have
2327 * been modified, and there is no global buffer LSN. Hence we need to
2328 * recover all inode buffer types immediately. This problem will be
2329 * fixed by logical logging of the unlinked list modifications.
2331 magic16 = be16_to_cpu(*(__be16 *)blk);
2333 case XFS_DQUOT_MAGIC:
2334 case XFS_DINODE_MAGIC:
2335 goto recover_immediately;
2340 /* unknown buffer contents, recover immediately */
2342 recover_immediately:
2343 return (xfs_lsn_t)-1;
2348 * Validate the recovered buffer is of the correct type and attach the
2349 * appropriate buffer operations to them for writeback. Magic numbers are in a
2351 * the first 16 bits of the buffer (inode buffer, dquot buffer),
2352 * the first 32 bits of the buffer (most blocks),
2353 * inside a struct xfs_da_blkinfo at the start of the buffer.
2356 xlog_recover_validate_buf_type(
2357 struct xfs_mount *mp,
2359 xfs_buf_log_format_t *buf_f)
2361 struct xfs_da_blkinfo *info = bp->b_addr;
2367 * We can only do post recovery validation on items on CRC enabled
2368 * fielsystems as we need to know when the buffer was written to be able
2369 * to determine if we should have replayed the item. If we replay old
2370 * metadata over a newer buffer, then it will enter a temporarily
2371 * inconsistent state resulting in verification failures. Hence for now
2372 * just avoid the verification stage for non-crc filesystems
2374 if (!xfs_sb_version_hascrc(&mp->m_sb))
2377 magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
2378 magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
2379 magicda = be16_to_cpu(info->magic);
2380 switch (xfs_blft_from_flags(buf_f)) {
2381 case XFS_BLFT_BTREE_BUF:
2383 case XFS_ABTB_CRC_MAGIC:
2384 case XFS_ABTC_CRC_MAGIC:
2385 case XFS_ABTB_MAGIC:
2386 case XFS_ABTC_MAGIC:
2387 bp->b_ops = &xfs_allocbt_buf_ops;
2389 case XFS_IBT_CRC_MAGIC:
2390 case XFS_FIBT_CRC_MAGIC:
2392 case XFS_FIBT_MAGIC:
2393 bp->b_ops = &xfs_inobt_buf_ops;
2395 case XFS_BMAP_CRC_MAGIC:
2396 case XFS_BMAP_MAGIC:
2397 bp->b_ops = &xfs_bmbt_buf_ops;
2400 xfs_warn(mp, "Bad btree block magic!");
2405 case XFS_BLFT_AGF_BUF:
2406 if (magic32 != XFS_AGF_MAGIC) {
2407 xfs_warn(mp, "Bad AGF block magic!");
2411 bp->b_ops = &xfs_agf_buf_ops;
2413 case XFS_BLFT_AGFL_BUF:
2414 if (magic32 != XFS_AGFL_MAGIC) {
2415 xfs_warn(mp, "Bad AGFL block magic!");
2419 bp->b_ops = &xfs_agfl_buf_ops;
2421 case XFS_BLFT_AGI_BUF:
2422 if (magic32 != XFS_AGI_MAGIC) {
2423 xfs_warn(mp, "Bad AGI block magic!");
2427 bp->b_ops = &xfs_agi_buf_ops;
2429 case XFS_BLFT_UDQUOT_BUF:
2430 case XFS_BLFT_PDQUOT_BUF:
2431 case XFS_BLFT_GDQUOT_BUF:
2432 #ifdef CONFIG_XFS_QUOTA
2433 if (magic16 != XFS_DQUOT_MAGIC) {
2434 xfs_warn(mp, "Bad DQUOT block magic!");
2438 bp->b_ops = &xfs_dquot_buf_ops;
2441 "Trying to recover dquots without QUOTA support built in!");
2445 case XFS_BLFT_DINO_BUF:
2446 if (magic16 != XFS_DINODE_MAGIC) {
2447 xfs_warn(mp, "Bad INODE block magic!");
2451 bp->b_ops = &xfs_inode_buf_ops;
2453 case XFS_BLFT_SYMLINK_BUF:
2454 if (magic32 != XFS_SYMLINK_MAGIC) {
2455 xfs_warn(mp, "Bad symlink block magic!");
2459 bp->b_ops = &xfs_symlink_buf_ops;
2461 case XFS_BLFT_DIR_BLOCK_BUF:
2462 if (magic32 != XFS_DIR2_BLOCK_MAGIC &&
2463 magic32 != XFS_DIR3_BLOCK_MAGIC) {
2464 xfs_warn(mp, "Bad dir block magic!");
2468 bp->b_ops = &xfs_dir3_block_buf_ops;
2470 case XFS_BLFT_DIR_DATA_BUF:
2471 if (magic32 != XFS_DIR2_DATA_MAGIC &&
2472 magic32 != XFS_DIR3_DATA_MAGIC) {
2473 xfs_warn(mp, "Bad dir data magic!");
2477 bp->b_ops = &xfs_dir3_data_buf_ops;
2479 case XFS_BLFT_DIR_FREE_BUF:
2480 if (magic32 != XFS_DIR2_FREE_MAGIC &&
2481 magic32 != XFS_DIR3_FREE_MAGIC) {
2482 xfs_warn(mp, "Bad dir3 free magic!");
2486 bp->b_ops = &xfs_dir3_free_buf_ops;
2488 case XFS_BLFT_DIR_LEAF1_BUF:
2489 if (magicda != XFS_DIR2_LEAF1_MAGIC &&
2490 magicda != XFS_DIR3_LEAF1_MAGIC) {
2491 xfs_warn(mp, "Bad dir leaf1 magic!");
2495 bp->b_ops = &xfs_dir3_leaf1_buf_ops;
2497 case XFS_BLFT_DIR_LEAFN_BUF:
2498 if (magicda != XFS_DIR2_LEAFN_MAGIC &&
2499 magicda != XFS_DIR3_LEAFN_MAGIC) {
2500 xfs_warn(mp, "Bad dir leafn magic!");
2504 bp->b_ops = &xfs_dir3_leafn_buf_ops;
2506 case XFS_BLFT_DA_NODE_BUF:
2507 if (magicda != XFS_DA_NODE_MAGIC &&
2508 magicda != XFS_DA3_NODE_MAGIC) {
2509 xfs_warn(mp, "Bad da node magic!");
2513 bp->b_ops = &xfs_da3_node_buf_ops;
2515 case XFS_BLFT_ATTR_LEAF_BUF:
2516 if (magicda != XFS_ATTR_LEAF_MAGIC &&
2517 magicda != XFS_ATTR3_LEAF_MAGIC) {
2518 xfs_warn(mp, "Bad attr leaf magic!");
2522 bp->b_ops = &xfs_attr3_leaf_buf_ops;
2524 case XFS_BLFT_ATTR_RMT_BUF:
2525 if (magic32 != XFS_ATTR3_RMT_MAGIC) {
2526 xfs_warn(mp, "Bad attr remote magic!");
2530 bp->b_ops = &xfs_attr3_rmt_buf_ops;
2532 case XFS_BLFT_SB_BUF:
2533 if (magic32 != XFS_SB_MAGIC) {
2534 xfs_warn(mp, "Bad SB block magic!");
2538 bp->b_ops = &xfs_sb_buf_ops;
2540 #ifdef CONFIG_XFS_RT
2541 case XFS_BLFT_RTBITMAP_BUF:
2542 case XFS_BLFT_RTSUMMARY_BUF:
2543 /* no magic numbers for verification of RT buffers */
2544 bp->b_ops = &xfs_rtbuf_ops;
2546 #endif /* CONFIG_XFS_RT */
2548 xfs_warn(mp, "Unknown buffer type %d!",
2549 xfs_blft_from_flags(buf_f));
2555 * Perform a 'normal' buffer recovery. Each logged region of the
2556 * buffer should be copied over the corresponding region in the
2557 * given buffer. The bitmap in the buf log format structure indicates
2558 * where to place the logged data.
2561 xlog_recover_do_reg_buffer(
2562 struct xfs_mount *mp,
2563 xlog_recover_item_t *item,
2565 xfs_buf_log_format_t *buf_f)
2572 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
2575 i = 1; /* 0 is the buf format structure */
2577 bit = xfs_next_bit(buf_f->blf_data_map,
2578 buf_f->blf_map_size, bit);
2581 nbits = xfs_contig_bits(buf_f->blf_data_map,
2582 buf_f->blf_map_size, bit);
2584 ASSERT(item->ri_buf[i].i_addr != NULL);
2585 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
2586 ASSERT(BBTOB(bp->b_io_length) >=
2587 ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT));
2590 * The dirty regions logged in the buffer, even though
2591 * contiguous, may span multiple chunks. This is because the
2592 * dirty region may span a physical page boundary in a buffer
2593 * and hence be split into two separate vectors for writing into
2594 * the log. Hence we need to trim nbits back to the length of
2595 * the current region being copied out of the log.
2597 if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT))
2598 nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT;
2601 * Do a sanity check if this is a dquot buffer. Just checking
2602 * the first dquot in the buffer should do. XXXThis is
2603 * probably a good thing to do for other buf types also.
2606 if (buf_f->blf_flags &
2607 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2608 if (item->ri_buf[i].i_addr == NULL) {
2610 "XFS: NULL dquot in %s.", __func__);
2613 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
2615 "XFS: dquot too small (%d) in %s.",
2616 item->ri_buf[i].i_len, __func__);
2619 error = xfs_dqcheck(mp, item->ri_buf[i].i_addr,
2620 -1, 0, XFS_QMOPT_DOWARN,
2621 "dquot_buf_recover");
2626 memcpy(xfs_buf_offset(bp,
2627 (uint)bit << XFS_BLF_SHIFT), /* dest */
2628 item->ri_buf[i].i_addr, /* source */
2629 nbits<<XFS_BLF_SHIFT); /* length */
2635 /* Shouldn't be any more regions */
2636 ASSERT(i == item->ri_total);
2638 xlog_recover_validate_buf_type(mp, bp, buf_f);
2642 * Perform a dquot buffer recovery.
2643 * Simple algorithm: if we have found a QUOTAOFF log item of the same type
2644 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2645 * Else, treat it as a regular buffer and do recovery.
2647 * Return false if the buffer was tossed and true if we recovered the buffer to
2648 * indicate to the caller if the buffer needs writing.
2651 xlog_recover_do_dquot_buffer(
2652 struct xfs_mount *mp,
2654 struct xlog_recover_item *item,
2656 struct xfs_buf_log_format *buf_f)
2660 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2663 * Filesystems are required to send in quota flags at mount time.
2669 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
2670 type |= XFS_DQ_USER;
2671 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
2672 type |= XFS_DQ_PROJ;
2673 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
2674 type |= XFS_DQ_GROUP;
2676 * This type of quotas was turned off, so ignore this buffer
2678 if (log->l_quotaoffs_flag & type)
2681 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2686 * This routine replays a modification made to a buffer at runtime.
2687 * There are actually two types of buffer, regular and inode, which
2688 * are handled differently. Inode buffers are handled differently
2689 * in that we only recover a specific set of data from them, namely
2690 * the inode di_next_unlinked fields. This is because all other inode
2691 * data is actually logged via inode records and any data we replay
2692 * here which overlaps that may be stale.
2694 * When meta-data buffers are freed at run time we log a buffer item
2695 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
2696 * of the buffer in the log should not be replayed at recovery time.
2697 * This is so that if the blocks covered by the buffer are reused for
2698 * file data before we crash we don't end up replaying old, freed
2699 * meta-data into a user's file.
2701 * To handle the cancellation of buffer log items, we make two passes
2702 * over the log during recovery. During the first we build a table of
2703 * those buffers which have been cancelled, and during the second we
2704 * only replay those buffers which do not have corresponding cancel
2705 * records in the table. See xlog_recover_buffer_pass[1,2] above
2706 * for more details on the implementation of the table of cancel records.
2709 xlog_recover_buffer_pass2(
2711 struct list_head *buffer_list,
2712 struct xlog_recover_item *item,
2713 xfs_lsn_t current_lsn)
2715 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
2716 xfs_mount_t *mp = log->l_mp;
2723 * In this pass we only want to recover all the buffers which have
2724 * not been cancelled and are not cancellation buffers themselves.
2726 if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno,
2727 buf_f->blf_len, buf_f->blf_flags)) {
2728 trace_xfs_log_recover_buf_cancel(log, buf_f);
2732 trace_xfs_log_recover_buf_recover(log, buf_f);
2735 if (buf_f->blf_flags & XFS_BLF_INODE_BUF)
2736 buf_flags |= XBF_UNMAPPED;
2738 bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len,
2742 error = bp->b_error;
2744 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)");
2749 * Recover the buffer only if we get an LSN from it and it's less than
2750 * the lsn of the transaction we are replaying.
2752 * Note that we have to be extremely careful of readahead here.
2753 * Readahead does not attach verfiers to the buffers so if we don't
2754 * actually do any replay after readahead because of the LSN we found
2755 * in the buffer if more recent than that current transaction then we
2756 * need to attach the verifier directly. Failure to do so can lead to
2757 * future recovery actions (e.g. EFI and unlinked list recovery) can
2758 * operate on the buffers and they won't get the verifier attached. This
2759 * can lead to blocks on disk having the correct content but a stale
2762 * It is safe to assume these clean buffers are currently up to date.
2763 * If the buffer is dirtied by a later transaction being replayed, then
2764 * the verifier will be reset to match whatever recover turns that
2767 lsn = xlog_recover_get_buf_lsn(mp, bp);
2768 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2769 xlog_recover_validate_buf_type(mp, bp, buf_f);
2773 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
2774 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2777 } else if (buf_f->blf_flags &
2778 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2781 dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2785 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2789 * Perform delayed write on the buffer. Asynchronous writes will be
2790 * slower when taking into account all the buffers to be flushed.
2792 * Also make sure that only inode buffers with good sizes stay in
2793 * the buffer cache. The kernel moves inodes in buffers of 1 block
2794 * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode
2795 * buffers in the log can be a different size if the log was generated
2796 * by an older kernel using unclustered inode buffers or a newer kernel
2797 * running with a different inode cluster size. Regardless, if the
2798 * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size)
2799 * for *our* value of mp->m_inode_cluster_size, then we need to keep
2800 * the buffer out of the buffer cache so that the buffer won't
2801 * overlap with future reads of those inodes.
2803 if (XFS_DINODE_MAGIC ==
2804 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2805 (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize,
2806 (__uint32_t)log->l_mp->m_inode_cluster_size))) {
2808 error = xfs_bwrite(bp);
2810 ASSERT(bp->b_target->bt_mount == mp);
2811 bp->b_iodone = xlog_recover_iodone;
2812 xfs_buf_delwri_queue(bp, buffer_list);
2821 * Inode fork owner changes
2823 * If we have been told that we have to reparent the inode fork, it's because an
2824 * extent swap operation on a CRC enabled filesystem has been done and we are
2825 * replaying it. We need to walk the BMBT of the appropriate fork and change the
2828 * The complexity here is that we don't have an inode context to work with, so
2829 * after we've replayed the inode we need to instantiate one. This is where the
2832 * We are in the middle of log recovery, so we can't run transactions. That
2833 * means we cannot use cache coherent inode instantiation via xfs_iget(), as
2834 * that will result in the corresponding iput() running the inode through
2835 * xfs_inactive(). If we've just replayed an inode core that changes the link
2836 * count to zero (i.e. it's been unlinked), then xfs_inactive() will run
2837 * transactions (bad!).
2839 * So, to avoid this, we instantiate an inode directly from the inode core we've
2840 * just recovered. We have the buffer still locked, and all we really need to
2841 * instantiate is the inode core and the forks being modified. We can do this
2842 * manually, then run the inode btree owner change, and then tear down the
2843 * xfs_inode without having to run any transactions at all.
2845 * Also, because we don't have a transaction context available here but need to
2846 * gather all the buffers we modify for writeback so we pass the buffer_list
2847 * instead for the operation to use.
2851 xfs_recover_inode_owner_change(
2852 struct xfs_mount *mp,
2853 struct xfs_dinode *dip,
2854 struct xfs_inode_log_format *in_f,
2855 struct list_head *buffer_list)
2857 struct xfs_inode *ip;
2860 ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER));
2862 ip = xfs_inode_alloc(mp, in_f->ilf_ino);
2866 /* instantiate the inode */
2867 xfs_inode_from_disk(ip, dip);
2868 ASSERT(ip->i_d.di_version >= 3);
2870 error = xfs_iformat_fork(ip, dip);
2875 if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
2876 ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
2877 error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK,
2878 ip->i_ino, buffer_list);
2883 if (in_f->ilf_fields & XFS_ILOG_AOWNER) {
2884 ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT);
2885 error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK,
2886 ip->i_ino, buffer_list);
2897 xlog_recover_inode_pass2(
2899 struct list_head *buffer_list,
2900 struct xlog_recover_item *item,
2901 xfs_lsn_t current_lsn)
2903 xfs_inode_log_format_t *in_f;
2904 xfs_mount_t *mp = log->l_mp;
2913 struct xfs_log_dinode *ldip;
2917 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2918 in_f = item->ri_buf[0].i_addr;
2920 in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP);
2922 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2928 * Inode buffers can be freed, look out for it,
2929 * and do not replay the inode.
2931 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2932 in_f->ilf_len, 0)) {
2934 trace_xfs_log_recover_inode_cancel(log, in_f);
2937 trace_xfs_log_recover_inode_recover(log, in_f);
2939 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0,
2940 &xfs_inode_buf_ops);
2945 error = bp->b_error;
2947 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)");
2950 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2951 dip = xfs_buf_offset(bp, in_f->ilf_boffset);
2954 * Make sure the place we're flushing out to really looks
2957 if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) {
2959 "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld",
2960 __func__, dip, bp, in_f->ilf_ino);
2961 XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)",
2962 XFS_ERRLEVEL_LOW, mp);
2963 error = -EFSCORRUPTED;
2966 ldip = item->ri_buf[1].i_addr;
2967 if (unlikely(ldip->di_magic != XFS_DINODE_MAGIC)) {
2969 "%s: Bad inode log record, rec ptr 0x%p, ino %Ld",
2970 __func__, item, in_f->ilf_ino);
2971 XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)",
2972 XFS_ERRLEVEL_LOW, mp);
2973 error = -EFSCORRUPTED;
2978 * If the inode has an LSN in it, recover the inode only if it's less
2979 * than the lsn of the transaction we are replaying. Note: we still
2980 * need to replay an owner change even though the inode is more recent
2981 * than the transaction as there is no guarantee that all the btree
2982 * blocks are more recent than this transaction, too.
2984 if (dip->di_version >= 3) {
2985 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
2987 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2988 trace_xfs_log_recover_inode_skip(log, in_f);
2990 goto out_owner_change;
2995 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
2996 * are transactional and if ordering is necessary we can determine that
2997 * more accurately by the LSN field in the V3 inode core. Don't trust
2998 * the inode versions we might be changing them here - use the
2999 * superblock flag to determine whether we need to look at di_flushiter
3000 * to skip replay when the on disk inode is newer than the log one
3002 if (!xfs_sb_version_hascrc(&mp->m_sb) &&
3003 ldip->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
3005 * Deal with the wrap case, DI_MAX_FLUSH is less
3006 * than smaller numbers
3008 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
3009 ldip->di_flushiter < (DI_MAX_FLUSH >> 1)) {
3012 trace_xfs_log_recover_inode_skip(log, in_f);
3018 /* Take the opportunity to reset the flush iteration count */
3019 ldip->di_flushiter = 0;
3021 if (unlikely(S_ISREG(ldip->di_mode))) {
3022 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
3023 (ldip->di_format != XFS_DINODE_FMT_BTREE)) {
3024 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
3025 XFS_ERRLEVEL_LOW, mp, ldip);
3027 "%s: Bad regular inode log record, rec ptr 0x%p, "
3028 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
3029 __func__, item, dip, bp, in_f->ilf_ino);
3030 error = -EFSCORRUPTED;
3033 } else if (unlikely(S_ISDIR(ldip->di_mode))) {
3034 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
3035 (ldip->di_format != XFS_DINODE_FMT_BTREE) &&
3036 (ldip->di_format != XFS_DINODE_FMT_LOCAL)) {
3037 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
3038 XFS_ERRLEVEL_LOW, mp, ldip);
3040 "%s: Bad dir inode log record, rec ptr 0x%p, "
3041 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
3042 __func__, item, dip, bp, in_f->ilf_ino);
3043 error = -EFSCORRUPTED;
3047 if (unlikely(ldip->di_nextents + ldip->di_anextents > ldip->di_nblocks)){
3048 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
3049 XFS_ERRLEVEL_LOW, mp, ldip);
3051 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
3052 "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
3053 __func__, item, dip, bp, in_f->ilf_ino,
3054 ldip->di_nextents + ldip->di_anextents,
3056 error = -EFSCORRUPTED;
3059 if (unlikely(ldip->di_forkoff > mp->m_sb.sb_inodesize)) {
3060 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
3061 XFS_ERRLEVEL_LOW, mp, ldip);
3063 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
3064 "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__,
3065 item, dip, bp, in_f->ilf_ino, ldip->di_forkoff);
3066 error = -EFSCORRUPTED;
3069 isize = xfs_log_dinode_size(ldip->di_version);
3070 if (unlikely(item->ri_buf[1].i_len > isize)) {
3071 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
3072 XFS_ERRLEVEL_LOW, mp, ldip);
3074 "%s: Bad inode log record length %d, rec ptr 0x%p",
3075 __func__, item->ri_buf[1].i_len, item);
3076 error = -EFSCORRUPTED;
3080 /* recover the log dinode inode into the on disk inode */
3081 xfs_log_dinode_to_disk(ldip, dip);
3083 /* the rest is in on-disk format */
3084 if (item->ri_buf[1].i_len > isize) {
3085 memcpy((char *)dip + isize,
3086 item->ri_buf[1].i_addr + isize,
3087 item->ri_buf[1].i_len - isize);
3090 fields = in_f->ilf_fields;
3091 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
3093 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
3096 memcpy(XFS_DFORK_DPTR(dip),
3097 &in_f->ilf_u.ilfu_uuid,
3102 if (in_f->ilf_size == 2)
3103 goto out_owner_change;
3104 len = item->ri_buf[2].i_len;
3105 src = item->ri_buf[2].i_addr;
3106 ASSERT(in_f->ilf_size <= 4);
3107 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
3108 ASSERT(!(fields & XFS_ILOG_DFORK) ||
3109 (len == in_f->ilf_dsize));
3111 switch (fields & XFS_ILOG_DFORK) {
3112 case XFS_ILOG_DDATA:
3114 memcpy(XFS_DFORK_DPTR(dip), src, len);
3117 case XFS_ILOG_DBROOT:
3118 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
3119 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
3120 XFS_DFORK_DSIZE(dip, mp));
3125 * There are no data fork flags set.
3127 ASSERT((fields & XFS_ILOG_DFORK) == 0);
3132 * If we logged any attribute data, recover it. There may or
3133 * may not have been any other non-core data logged in this
3136 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
3137 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
3142 len = item->ri_buf[attr_index].i_len;
3143 src = item->ri_buf[attr_index].i_addr;
3144 ASSERT(len == in_f->ilf_asize);
3146 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
3147 case XFS_ILOG_ADATA:
3149 dest = XFS_DFORK_APTR(dip);
3150 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
3151 memcpy(dest, src, len);
3154 case XFS_ILOG_ABROOT:
3155 dest = XFS_DFORK_APTR(dip);
3156 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
3157 len, (xfs_bmdr_block_t*)dest,
3158 XFS_DFORK_ASIZE(dip, mp));
3162 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
3170 if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER))
3171 error = xfs_recover_inode_owner_change(mp, dip, in_f,
3173 /* re-generate the checksum. */
3174 xfs_dinode_calc_crc(log->l_mp, dip);
3176 ASSERT(bp->b_target->bt_mount == mp);
3177 bp->b_iodone = xlog_recover_iodone;
3178 xfs_buf_delwri_queue(bp, buffer_list);
3189 * Recover QUOTAOFF records. We simply make a note of it in the xlog
3190 * structure, so that we know not to do any dquot item or dquot buffer recovery,
3194 xlog_recover_quotaoff_pass1(
3196 struct xlog_recover_item *item)
3198 xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr;
3202 * The logitem format's flag tells us if this was user quotaoff,
3203 * group/project quotaoff or both.
3205 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
3206 log->l_quotaoffs_flag |= XFS_DQ_USER;
3207 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
3208 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
3209 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
3210 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
3216 * Recover a dquot record
3219 xlog_recover_dquot_pass2(
3221 struct list_head *buffer_list,
3222 struct xlog_recover_item *item,
3223 xfs_lsn_t current_lsn)
3225 xfs_mount_t *mp = log->l_mp;
3227 struct xfs_disk_dquot *ddq, *recddq;
3229 xfs_dq_logformat_t *dq_f;
3234 * Filesystems are required to send in quota flags at mount time.
3236 if (mp->m_qflags == 0)
3239 recddq = item->ri_buf[1].i_addr;
3240 if (recddq == NULL) {
3241 xfs_alert(log->l_mp, "NULL dquot in %s.", __func__);
3244 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
3245 xfs_alert(log->l_mp, "dquot too small (%d) in %s.",
3246 item->ri_buf[1].i_len, __func__);
3251 * This type of quotas was turned off, so ignore this record.
3253 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3255 if (log->l_quotaoffs_flag & type)
3259 * At this point we know that quota was _not_ turned off.
3260 * Since the mount flags are not indicating to us otherwise, this
3261 * must mean that quota is on, and the dquot needs to be replayed.
3262 * Remember that we may not have fully recovered the superblock yet,
3263 * so we can't do the usual trick of looking at the SB quota bits.
3265 * The other possibility, of course, is that the quota subsystem was
3266 * removed since the last mount - ENOSYS.
3268 dq_f = item->ri_buf[0].i_addr;
3270 error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
3271 "xlog_recover_dquot_pass2 (log copy)");
3274 ASSERT(dq_f->qlf_len == 1);
3277 * At this point we are assuming that the dquots have been allocated
3278 * and hence the buffer has valid dquots stamped in it. It should,
3279 * therefore, pass verifier validation. If the dquot is bad, then the
3280 * we'll return an error here, so we don't need to specifically check
3281 * the dquot in the buffer after the verifier has run.
3283 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno,
3284 XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp,
3285 &xfs_dquot_buf_ops);
3290 ddq = xfs_buf_offset(bp, dq_f->qlf_boffset);
3293 * If the dquot has an LSN in it, recover the dquot only if it's less
3294 * than the lsn of the transaction we are replaying.
3296 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3297 struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
3298 xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
3300 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
3305 memcpy(ddq, recddq, item->ri_buf[1].i_len);
3306 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3307 xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
3311 ASSERT(dq_f->qlf_size == 2);
3312 ASSERT(bp->b_target->bt_mount == mp);
3313 bp->b_iodone = xlog_recover_iodone;
3314 xfs_buf_delwri_queue(bp, buffer_list);
3322 * This routine is called to create an in-core extent free intent
3323 * item from the efi format structure which was logged on disk.
3324 * It allocates an in-core efi, copies the extents from the format
3325 * structure into it, and adds the efi to the AIL with the given
3329 xlog_recover_efi_pass2(
3331 struct xlog_recover_item *item,
3335 struct xfs_mount *mp = log->l_mp;
3336 struct xfs_efi_log_item *efip;
3337 struct xfs_efi_log_format *efi_formatp;
3339 efi_formatp = item->ri_buf[0].i_addr;
3341 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
3342 error = xfs_efi_copy_format(&item->ri_buf[0], &efip->efi_format);
3344 xfs_efi_item_free(efip);
3347 atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
3349 spin_lock(&log->l_ailp->xa_lock);
3351 * The EFI has two references. One for the EFD and one for EFI to ensure
3352 * it makes it into the AIL. Insert the EFI into the AIL directly and
3353 * drop the EFI reference. Note that xfs_trans_ail_update() drops the
3356 xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn);
3357 xfs_efi_release(efip);
3363 * This routine is called when an EFD format structure is found in a committed
3364 * transaction in the log. Its purpose is to cancel the corresponding EFI if it
3365 * was still in the log. To do this it searches the AIL for the EFI with an id
3366 * equal to that in the EFD format structure. If we find it we drop the EFD
3367 * reference, which removes the EFI from the AIL and frees it.
3370 xlog_recover_efd_pass2(
3372 struct xlog_recover_item *item)
3374 xfs_efd_log_format_t *efd_formatp;
3375 xfs_efi_log_item_t *efip = NULL;
3376 xfs_log_item_t *lip;
3378 struct xfs_ail_cursor cur;
3379 struct xfs_ail *ailp = log->l_ailp;
3381 efd_formatp = item->ri_buf[0].i_addr;
3382 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
3383 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
3384 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
3385 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
3386 efi_id = efd_formatp->efd_efi_id;
3389 * Search for the EFI with the id in the EFD format structure in the
3392 spin_lock(&ailp->xa_lock);
3393 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3394 while (lip != NULL) {
3395 if (lip->li_type == XFS_LI_EFI) {
3396 efip = (xfs_efi_log_item_t *)lip;
3397 if (efip->efi_format.efi_id == efi_id) {
3399 * Drop the EFD reference to the EFI. This
3400 * removes the EFI from the AIL and frees it.
3402 spin_unlock(&ailp->xa_lock);
3403 xfs_efi_release(efip);
3404 spin_lock(&ailp->xa_lock);
3408 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3411 xfs_trans_ail_cursor_done(&cur);
3412 spin_unlock(&ailp->xa_lock);
3418 * This routine is called when an inode create format structure is found in a
3419 * committed transaction in the log. It's purpose is to initialise the inodes
3420 * being allocated on disk. This requires us to get inode cluster buffers that
3421 * match the range to be intialised, stamped with inode templates and written
3422 * by delayed write so that subsequent modifications will hit the cached buffer
3423 * and only need writing out at the end of recovery.
3426 xlog_recover_do_icreate_pass2(
3428 struct list_head *buffer_list,
3429 xlog_recover_item_t *item)
3431 struct xfs_mount *mp = log->l_mp;
3432 struct xfs_icreate_log *icl;
3433 xfs_agnumber_t agno;
3434 xfs_agblock_t agbno;
3437 xfs_agblock_t length;
3438 int blks_per_cluster;
3444 icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr;
3445 if (icl->icl_type != XFS_LI_ICREATE) {
3446 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type");
3450 if (icl->icl_size != 1) {
3451 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size");
3455 agno = be32_to_cpu(icl->icl_ag);
3456 if (agno >= mp->m_sb.sb_agcount) {
3457 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno");
3460 agbno = be32_to_cpu(icl->icl_agbno);
3461 if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) {
3462 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno");
3465 isize = be32_to_cpu(icl->icl_isize);
3466 if (isize != mp->m_sb.sb_inodesize) {
3467 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize");
3470 count = be32_to_cpu(icl->icl_count);
3472 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count");
3475 length = be32_to_cpu(icl->icl_length);
3476 if (!length || length >= mp->m_sb.sb_agblocks) {
3477 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length");
3482 * The inode chunk is either full or sparse and we only support
3483 * m_ialloc_min_blks sized sparse allocations at this time.
3485 if (length != mp->m_ialloc_blks &&
3486 length != mp->m_ialloc_min_blks) {
3488 "%s: unsupported chunk length", __FUNCTION__);
3492 /* verify inode count is consistent with extent length */
3493 if ((count >> mp->m_sb.sb_inopblog) != length) {
3495 "%s: inconsistent inode count and chunk length",
3501 * The icreate transaction can cover multiple cluster buffers and these
3502 * buffers could have been freed and reused. Check the individual
3503 * buffers for cancellation so we don't overwrite anything written after
3506 blks_per_cluster = xfs_icluster_size_fsb(mp);
3507 bb_per_cluster = XFS_FSB_TO_BB(mp, blks_per_cluster);
3508 nbufs = length / blks_per_cluster;
3509 for (i = 0, cancel_count = 0; i < nbufs; i++) {
3512 daddr = XFS_AGB_TO_DADDR(mp, agno,
3513 agbno + i * blks_per_cluster);
3514 if (xlog_check_buffer_cancelled(log, daddr, bb_per_cluster, 0))
3519 * We currently only use icreate for a single allocation at a time. This
3520 * means we should expect either all or none of the buffers to be
3521 * cancelled. Be conservative and skip replay if at least one buffer is
3522 * cancelled, but warn the user that something is awry if the buffers
3523 * are not consistent.
3525 * XXX: This must be refined to only skip cancelled clusters once we use
3526 * icreate for multiple chunk allocations.
3528 ASSERT(!cancel_count || cancel_count == nbufs);
3530 if (cancel_count != nbufs)
3532 "WARNING: partial inode chunk cancellation, skipped icreate.");
3533 trace_xfs_log_recover_icreate_cancel(log, icl);
3537 trace_xfs_log_recover_icreate_recover(log, icl);
3538 return xfs_ialloc_inode_init(mp, NULL, buffer_list, count, agno, agbno,
3539 length, be32_to_cpu(icl->icl_gen));
3543 xlog_recover_buffer_ra_pass2(
3545 struct xlog_recover_item *item)
3547 struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr;
3548 struct xfs_mount *mp = log->l_mp;
3550 if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno,
3551 buf_f->blf_len, buf_f->blf_flags)) {
3555 xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno,
3556 buf_f->blf_len, NULL);
3560 xlog_recover_inode_ra_pass2(
3562 struct xlog_recover_item *item)
3564 struct xfs_inode_log_format ilf_buf;
3565 struct xfs_inode_log_format *ilfp;
3566 struct xfs_mount *mp = log->l_mp;
3569 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
3570 ilfp = item->ri_buf[0].i_addr;
3573 memset(ilfp, 0, sizeof(*ilfp));
3574 error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp);
3579 if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0))
3582 xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno,
3583 ilfp->ilf_len, &xfs_inode_buf_ra_ops);
3587 xlog_recover_dquot_ra_pass2(
3589 struct xlog_recover_item *item)
3591 struct xfs_mount *mp = log->l_mp;
3592 struct xfs_disk_dquot *recddq;
3593 struct xfs_dq_logformat *dq_f;
3598 if (mp->m_qflags == 0)
3601 recddq = item->ri_buf[1].i_addr;
3604 if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot))
3607 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3609 if (log->l_quotaoffs_flag & type)
3612 dq_f = item->ri_buf[0].i_addr;
3614 ASSERT(dq_f->qlf_len == 1);
3616 len = XFS_FSB_TO_BB(mp, dq_f->qlf_len);
3617 if (xlog_peek_buffer_cancelled(log, dq_f->qlf_blkno, len, 0))
3620 xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno, len,
3621 &xfs_dquot_buf_ra_ops);
3625 xlog_recover_ra_pass2(
3627 struct xlog_recover_item *item)
3629 switch (ITEM_TYPE(item)) {
3631 xlog_recover_buffer_ra_pass2(log, item);
3634 xlog_recover_inode_ra_pass2(log, item);
3637 xlog_recover_dquot_ra_pass2(log, item);
3641 case XFS_LI_QUOTAOFF:
3648 xlog_recover_commit_pass1(
3650 struct xlog_recover *trans,
3651 struct xlog_recover_item *item)
3653 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1);
3655 switch (ITEM_TYPE(item)) {
3657 return xlog_recover_buffer_pass1(log, item);
3658 case XFS_LI_QUOTAOFF:
3659 return xlog_recover_quotaoff_pass1(log, item);
3664 case XFS_LI_ICREATE:
3665 /* nothing to do in pass 1 */
3668 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3669 __func__, ITEM_TYPE(item));
3676 xlog_recover_commit_pass2(
3678 struct xlog_recover *trans,
3679 struct list_head *buffer_list,
3680 struct xlog_recover_item *item)
3682 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2);
3684 switch (ITEM_TYPE(item)) {
3686 return xlog_recover_buffer_pass2(log, buffer_list, item,
3689 return xlog_recover_inode_pass2(log, buffer_list, item,
3692 return xlog_recover_efi_pass2(log, item, trans->r_lsn);
3694 return xlog_recover_efd_pass2(log, item);
3696 return xlog_recover_dquot_pass2(log, buffer_list, item,
3698 case XFS_LI_ICREATE:
3699 return xlog_recover_do_icreate_pass2(log, buffer_list, item);
3700 case XFS_LI_QUOTAOFF:
3701 /* nothing to do in pass2 */
3704 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3705 __func__, ITEM_TYPE(item));
3712 xlog_recover_items_pass2(
3714 struct xlog_recover *trans,
3715 struct list_head *buffer_list,
3716 struct list_head *item_list)
3718 struct xlog_recover_item *item;
3721 list_for_each_entry(item, item_list, ri_list) {
3722 error = xlog_recover_commit_pass2(log, trans,
3732 * Perform the transaction.
3734 * If the transaction modifies a buffer or inode, do it now. Otherwise,
3735 * EFIs and EFDs get queued up by adding entries into the AIL for them.
3738 xlog_recover_commit_trans(
3740 struct xlog_recover *trans,
3745 int items_queued = 0;
3746 struct xlog_recover_item *item;
3747 struct xlog_recover_item *next;
3748 LIST_HEAD (buffer_list);
3749 LIST_HEAD (ra_list);
3750 LIST_HEAD (done_list);
3752 #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100
3754 hlist_del(&trans->r_list);
3756 error = xlog_recover_reorder_trans(log, trans, pass);
3760 list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) {
3762 case XLOG_RECOVER_PASS1:
3763 error = xlog_recover_commit_pass1(log, trans, item);
3765 case XLOG_RECOVER_PASS2:
3766 xlog_recover_ra_pass2(log, item);
3767 list_move_tail(&item->ri_list, &ra_list);
3769 if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) {
3770 error = xlog_recover_items_pass2(log, trans,
3771 &buffer_list, &ra_list);
3772 list_splice_tail_init(&ra_list, &done_list);
3786 if (!list_empty(&ra_list)) {
3788 error = xlog_recover_items_pass2(log, trans,
3789 &buffer_list, &ra_list);
3790 list_splice_tail_init(&ra_list, &done_list);
3793 if (!list_empty(&done_list))
3794 list_splice_init(&done_list, &trans->r_itemq);
3796 error2 = xfs_buf_delwri_submit(&buffer_list);
3797 return error ? error : error2;
3801 xlog_recover_add_item(
3802 struct list_head *head)
3804 xlog_recover_item_t *item;
3806 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
3807 INIT_LIST_HEAD(&item->ri_list);
3808 list_add_tail(&item->ri_list, head);
3812 xlog_recover_add_to_cont_trans(
3814 struct xlog_recover *trans,
3818 xlog_recover_item_t *item;
3819 char *ptr, *old_ptr;
3823 * If the transaction is empty, the header was split across this and the
3824 * previous record. Copy the rest of the header.
3826 if (list_empty(&trans->r_itemq)) {
3827 ASSERT(len <= sizeof(struct xfs_trans_header));
3828 if (len > sizeof(struct xfs_trans_header)) {
3829 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3833 xlog_recover_add_item(&trans->r_itemq);
3834 ptr = (char *)&trans->r_theader +
3835 sizeof(struct xfs_trans_header) - len;
3836 memcpy(ptr, dp, len);
3840 /* take the tail entry */
3841 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3843 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
3844 old_len = item->ri_buf[item->ri_cnt-1].i_len;
3846 ptr = kmem_realloc(old_ptr, len + old_len, KM_SLEEP);
3847 memcpy(&ptr[old_len], dp, len);
3848 item->ri_buf[item->ri_cnt-1].i_len += len;
3849 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
3850 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
3855 * The next region to add is the start of a new region. It could be
3856 * a whole region or it could be the first part of a new region. Because
3857 * of this, the assumption here is that the type and size fields of all
3858 * format structures fit into the first 32 bits of the structure.
3860 * This works because all regions must be 32 bit aligned. Therefore, we
3861 * either have both fields or we have neither field. In the case we have
3862 * neither field, the data part of the region is zero length. We only have
3863 * a log_op_header and can throw away the header since a new one will appear
3864 * later. If we have at least 4 bytes, then we can determine how many regions
3865 * will appear in the current log item.
3868 xlog_recover_add_to_trans(
3870 struct xlog_recover *trans,
3874 xfs_inode_log_format_t *in_f; /* any will do */
3875 xlog_recover_item_t *item;
3880 if (list_empty(&trans->r_itemq)) {
3881 /* we need to catch log corruptions here */
3882 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
3883 xfs_warn(log->l_mp, "%s: bad header magic number",
3889 if (len > sizeof(struct xfs_trans_header)) {
3890 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3896 * The transaction header can be arbitrarily split across op
3897 * records. If we don't have the whole thing here, copy what we
3898 * do have and handle the rest in the next record.
3900 if (len == sizeof(struct xfs_trans_header))
3901 xlog_recover_add_item(&trans->r_itemq);
3902 memcpy(&trans->r_theader, dp, len);
3906 ptr = kmem_alloc(len, KM_SLEEP);
3907 memcpy(ptr, dp, len);
3908 in_f = (xfs_inode_log_format_t *)ptr;
3910 /* take the tail entry */
3911 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3912 if (item->ri_total != 0 &&
3913 item->ri_total == item->ri_cnt) {
3914 /* tail item is in use, get a new one */
3915 xlog_recover_add_item(&trans->r_itemq);
3916 item = list_entry(trans->r_itemq.prev,
3917 xlog_recover_item_t, ri_list);
3920 if (item->ri_total == 0) { /* first region to be added */
3921 if (in_f->ilf_size == 0 ||
3922 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
3924 "bad number of regions (%d) in inode log format",
3931 item->ri_total = in_f->ilf_size;
3933 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
3936 ASSERT(item->ri_total > item->ri_cnt);
3937 /* Description region is ri_buf[0] */
3938 item->ri_buf[item->ri_cnt].i_addr = ptr;
3939 item->ri_buf[item->ri_cnt].i_len = len;
3941 trace_xfs_log_recover_item_add(log, trans, item, 0);
3946 * Free up any resources allocated by the transaction
3948 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
3951 xlog_recover_free_trans(
3952 struct xlog_recover *trans)
3954 xlog_recover_item_t *item, *n;
3957 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
3958 /* Free the regions in the item. */
3959 list_del(&item->ri_list);
3960 for (i = 0; i < item->ri_cnt; i++)
3961 kmem_free(item->ri_buf[i].i_addr);
3962 /* Free the item itself */
3963 kmem_free(item->ri_buf);
3966 /* Free the transaction recover structure */
3971 * On error or completion, trans is freed.
3974 xlog_recovery_process_trans(
3976 struct xlog_recover *trans,
3983 bool freeit = false;
3985 /* mask off ophdr transaction container flags */
3986 flags &= ~XLOG_END_TRANS;
3987 if (flags & XLOG_WAS_CONT_TRANS)
3988 flags &= ~XLOG_CONTINUE_TRANS;
3991 * Callees must not free the trans structure. We'll decide if we need to
3992 * free it or not based on the operation being done and it's result.
3995 /* expected flag values */
3997 case XLOG_CONTINUE_TRANS:
3998 error = xlog_recover_add_to_trans(log, trans, dp, len);
4000 case XLOG_WAS_CONT_TRANS:
4001 error = xlog_recover_add_to_cont_trans(log, trans, dp, len);
4003 case XLOG_COMMIT_TRANS:
4004 error = xlog_recover_commit_trans(log, trans, pass);
4005 /* success or fail, we are now done with this transaction. */
4009 /* unexpected flag values */
4010 case XLOG_UNMOUNT_TRANS:
4011 /* just skip trans */
4012 xfs_warn(log->l_mp, "%s: Unmount LR", __func__);
4015 case XLOG_START_TRANS:
4017 xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags);
4022 if (error || freeit)
4023 xlog_recover_free_trans(trans);
4028 * Lookup the transaction recovery structure associated with the ID in the
4029 * current ophdr. If the transaction doesn't exist and the start flag is set in
4030 * the ophdr, then allocate a new transaction for future ID matches to find.
4031 * Either way, return what we found during the lookup - an existing transaction
4034 STATIC struct xlog_recover *
4035 xlog_recover_ophdr_to_trans(
4036 struct hlist_head rhash[],
4037 struct xlog_rec_header *rhead,
4038 struct xlog_op_header *ohead)
4040 struct xlog_recover *trans;
4042 struct hlist_head *rhp;
4044 tid = be32_to_cpu(ohead->oh_tid);
4045 rhp = &rhash[XLOG_RHASH(tid)];
4046 hlist_for_each_entry(trans, rhp, r_list) {
4047 if (trans->r_log_tid == tid)
4052 * skip over non-start transaction headers - we could be
4053 * processing slack space before the next transaction starts
4055 if (!(ohead->oh_flags & XLOG_START_TRANS))
4058 ASSERT(be32_to_cpu(ohead->oh_len) == 0);
4061 * This is a new transaction so allocate a new recovery container to
4062 * hold the recovery ops that will follow.
4064 trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP);
4065 trans->r_log_tid = tid;
4066 trans->r_lsn = be64_to_cpu(rhead->h_lsn);
4067 INIT_LIST_HEAD(&trans->r_itemq);
4068 INIT_HLIST_NODE(&trans->r_list);
4069 hlist_add_head(&trans->r_list, rhp);
4072 * Nothing more to do for this ophdr. Items to be added to this new
4073 * transaction will be in subsequent ophdr containers.
4079 xlog_recover_process_ophdr(
4081 struct hlist_head rhash[],
4082 struct xlog_rec_header *rhead,
4083 struct xlog_op_header *ohead,
4088 struct xlog_recover *trans;
4091 /* Do we understand who wrote this op? */
4092 if (ohead->oh_clientid != XFS_TRANSACTION &&
4093 ohead->oh_clientid != XFS_LOG) {
4094 xfs_warn(log->l_mp, "%s: bad clientid 0x%x",
4095 __func__, ohead->oh_clientid);
4101 * Check the ophdr contains all the data it is supposed to contain.
4103 len = be32_to_cpu(ohead->oh_len);
4104 if (dp + len > end) {
4105 xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len);
4110 trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead);
4112 /* nothing to do, so skip over this ophdr */
4116 return xlog_recovery_process_trans(log, trans, dp, len,
4117 ohead->oh_flags, pass);
4121 * There are two valid states of the r_state field. 0 indicates that the
4122 * transaction structure is in a normal state. We have either seen the
4123 * start of the transaction or the last operation we added was not a partial
4124 * operation. If the last operation we added to the transaction was a
4125 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
4127 * NOTE: skip LRs with 0 data length.
4130 xlog_recover_process_data(
4132 struct hlist_head rhash[],
4133 struct xlog_rec_header *rhead,
4137 struct xlog_op_header *ohead;
4142 end = dp + be32_to_cpu(rhead->h_len);
4143 num_logops = be32_to_cpu(rhead->h_num_logops);
4145 /* check the log format matches our own - else we can't recover */
4146 if (xlog_header_check_recover(log->l_mp, rhead))
4149 while ((dp < end) && num_logops) {
4151 ohead = (struct xlog_op_header *)dp;
4152 dp += sizeof(*ohead);
4155 /* errors will abort recovery */
4156 error = xlog_recover_process_ophdr(log, rhash, rhead, ohead,
4161 dp += be32_to_cpu(ohead->oh_len);
4168 * Process an extent free intent item that was recovered from
4169 * the log. We need to free the extents that it describes.
4172 xlog_recover_process_efi(
4174 xfs_efi_log_item_t *efip)
4176 xfs_efd_log_item_t *efdp;
4181 xfs_fsblock_t startblock_fsb;
4183 ASSERT(!test_bit(XFS_EFI_RECOVERED, &efip->efi_flags));
4186 * First check the validity of the extents described by the
4187 * EFI. If any are bad, then assume that all are bad and
4188 * just toss the EFI.
4190 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4191 extp = &(efip->efi_format.efi_extents[i]);
4192 startblock_fsb = XFS_BB_TO_FSB(mp,
4193 XFS_FSB_TO_DADDR(mp, extp->ext_start));
4194 if ((startblock_fsb == 0) ||
4195 (extp->ext_len == 0) ||
4196 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
4197 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
4199 * This will pull the EFI from the AIL and
4200 * free the memory associated with it.
4202 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4203 xfs_efi_release(efip);
4208 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
4211 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
4213 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4214 extp = &(efip->efi_format.efi_extents[i]);
4215 error = xfs_trans_free_extent(tp, efdp, extp->ext_start,
4222 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4223 error = xfs_trans_commit(tp);
4227 xfs_trans_cancel(tp);
4232 * When this is called, all of the EFIs which did not have
4233 * corresponding EFDs should be in the AIL. What we do now
4234 * is free the extents associated with each one.
4236 * Since we process the EFIs in normal transactions, they
4237 * will be removed at some point after the commit. This prevents
4238 * us from just walking down the list processing each one.
4239 * We'll use a flag in the EFI to skip those that we've already
4240 * processed and use the AIL iteration mechanism's generation
4241 * count to try to speed this up at least a bit.
4243 * When we start, we know that the EFIs are the only things in
4244 * the AIL. As we process them, however, other items are added
4245 * to the AIL. Since everything added to the AIL must come after
4246 * everything already in the AIL, we stop processing as soon as
4247 * we see something other than an EFI in the AIL.
4250 xlog_recover_process_efis(
4253 struct xfs_log_item *lip;
4254 struct xfs_efi_log_item *efip;
4256 struct xfs_ail_cursor cur;
4257 struct xfs_ail *ailp;
4260 spin_lock(&ailp->xa_lock);
4261 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4262 while (lip != NULL) {
4264 * We're done when we see something other than an EFI.
4265 * There should be no EFIs left in the AIL now.
4267 if (lip->li_type != XFS_LI_EFI) {
4269 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4270 ASSERT(lip->li_type != XFS_LI_EFI);
4276 * Skip EFIs that we've already processed.
4278 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4279 if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags)) {
4280 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4284 spin_unlock(&ailp->xa_lock);
4285 error = xlog_recover_process_efi(log->l_mp, efip);
4286 spin_lock(&ailp->xa_lock);
4289 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4292 xfs_trans_ail_cursor_done(&cur);
4293 spin_unlock(&ailp->xa_lock);
4298 * A cancel occurs when the mount has failed and we're bailing out. Release all
4299 * pending EFIs so they don't pin the AIL.
4302 xlog_recover_cancel_efis(
4305 struct xfs_log_item *lip;
4306 struct xfs_efi_log_item *efip;
4308 struct xfs_ail_cursor cur;
4309 struct xfs_ail *ailp;
4312 spin_lock(&ailp->xa_lock);
4313 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4314 while (lip != NULL) {
4316 * We're done when we see something other than an EFI.
4317 * There should be no EFIs left in the AIL now.
4319 if (lip->li_type != XFS_LI_EFI) {
4321 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4322 ASSERT(lip->li_type != XFS_LI_EFI);
4327 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4329 spin_unlock(&ailp->xa_lock);
4330 xfs_efi_release(efip);
4331 spin_lock(&ailp->xa_lock);
4333 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4336 xfs_trans_ail_cursor_done(&cur);
4337 spin_unlock(&ailp->xa_lock);
4342 * This routine performs a transaction to null out a bad inode pointer
4343 * in an agi unlinked inode hash bucket.
4346 xlog_recover_clear_agi_bucket(
4348 xfs_agnumber_t agno,
4357 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_clearagi, 0, 0, 0, &tp);
4361 error = xfs_read_agi(mp, tp, agno, &agibp);
4365 agi = XFS_BUF_TO_AGI(agibp);
4366 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
4367 offset = offsetof(xfs_agi_t, agi_unlinked) +
4368 (sizeof(xfs_agino_t) * bucket);
4369 xfs_trans_log_buf(tp, agibp, offset,
4370 (offset + sizeof(xfs_agino_t) - 1));
4372 error = xfs_trans_commit(tp);
4378 xfs_trans_cancel(tp);
4380 xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno);
4385 xlog_recover_process_one_iunlink(
4386 struct xfs_mount *mp,
4387 xfs_agnumber_t agno,
4391 struct xfs_buf *ibp;
4392 struct xfs_dinode *dip;
4393 struct xfs_inode *ip;
4397 ino = XFS_AGINO_TO_INO(mp, agno, agino);
4398 error = xfs_iget(mp, NULL, ino, 0, 0, &ip);
4403 * Get the on disk inode to find the next inode in the bucket.
4405 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0);
4409 ASSERT(VFS_I(ip)->i_nlink == 0);
4410 ASSERT(VFS_I(ip)->i_mode != 0);
4412 /* setup for the next pass */
4413 agino = be32_to_cpu(dip->di_next_unlinked);
4417 * Prevent any DMAPI event from being sent when the reference on
4418 * the inode is dropped.
4420 ip->i_d.di_dmevmask = 0;
4429 * We can't read in the inode this bucket points to, or this inode
4430 * is messed up. Just ditch this bucket of inodes. We will lose
4431 * some inodes and space, but at least we won't hang.
4433 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
4434 * clear the inode pointer in the bucket.
4436 xlog_recover_clear_agi_bucket(mp, agno, bucket);
4441 * xlog_iunlink_recover
4443 * This is called during recovery to process any inodes which
4444 * we unlinked but not freed when the system crashed. These
4445 * inodes will be on the lists in the AGI blocks. What we do
4446 * here is scan all the AGIs and fully truncate and free any
4447 * inodes found on the lists. Each inode is removed from the
4448 * lists when it has been fully truncated and is freed. The
4449 * freeing of the inode and its removal from the list must be
4453 xlog_recover_process_iunlinks(
4457 xfs_agnumber_t agno;
4468 * Prevent any DMAPI event from being sent while in this function.
4470 mp_dmevmask = mp->m_dmevmask;
4473 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4475 * Find the agi for this ag.
4477 error = xfs_read_agi(mp, NULL, agno, &agibp);
4480 * AGI is b0rked. Don't process it.
4482 * We should probably mark the filesystem as corrupt
4483 * after we've recovered all the ag's we can....
4488 * Unlock the buffer so that it can be acquired in the normal
4489 * course of the transaction to truncate and free each inode.
4490 * Because we are not racing with anyone else here for the AGI
4491 * buffer, we don't even need to hold it locked to read the
4492 * initial unlinked bucket entries out of the buffer. We keep
4493 * buffer reference though, so that it stays pinned in memory
4494 * while we need the buffer.
4496 agi = XFS_BUF_TO_AGI(agibp);
4497 xfs_buf_unlock(agibp);
4499 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
4500 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
4501 while (agino != NULLAGINO) {
4502 agino = xlog_recover_process_one_iunlink(mp,
4503 agno, agino, bucket);
4506 xfs_buf_rele(agibp);
4509 mp->m_dmevmask = mp_dmevmask;
4514 struct xlog_rec_header *rhead,
4520 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
4521 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
4522 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
4526 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4527 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
4528 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
4529 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4530 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4531 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
4540 * CRC check, unpack and process a log record.
4543 xlog_recover_process(
4545 struct hlist_head rhash[],
4546 struct xlog_rec_header *rhead,
4553 crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len));
4556 * Nothing else to do if this is a CRC verification pass. Just return
4557 * if this a record with a non-zero crc. Unfortunately, mkfs always
4558 * sets h_crc to 0 so we must consider this valid even on v5 supers.
4559 * Otherwise, return EFSBADCRC on failure so the callers up the stack
4560 * know precisely what failed.
4562 if (pass == XLOG_RECOVER_CRCPASS) {
4563 if (rhead->h_crc && crc != rhead->h_crc)
4569 * We're in the normal recovery path. Issue a warning if and only if the
4570 * CRC in the header is non-zero. This is an advisory warning and the
4571 * zero CRC check prevents warnings from being emitted when upgrading
4572 * the kernel from one that does not add CRCs by default.
4574 if (crc != rhead->h_crc) {
4575 if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) {
4576 xfs_alert(log->l_mp,
4577 "log record CRC mismatch: found 0x%x, expected 0x%x.",
4578 le32_to_cpu(rhead->h_crc),
4580 xfs_hex_dump(dp, 32);
4584 * If the filesystem is CRC enabled, this mismatch becomes a
4585 * fatal log corruption failure.
4587 if (xfs_sb_version_hascrc(&log->l_mp->m_sb))
4588 return -EFSCORRUPTED;
4591 error = xlog_unpack_data(rhead, dp, log);
4595 return xlog_recover_process_data(log, rhash, rhead, dp, pass);
4599 xlog_valid_rec_header(
4601 struct xlog_rec_header *rhead,
4606 if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) {
4607 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
4608 XFS_ERRLEVEL_LOW, log->l_mp);
4609 return -EFSCORRUPTED;
4612 (!rhead->h_version ||
4613 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
4614 xfs_warn(log->l_mp, "%s: unrecognised log version (%d).",
4615 __func__, be32_to_cpu(rhead->h_version));
4619 /* LR body must have data or it wouldn't have been written */
4620 hlen = be32_to_cpu(rhead->h_len);
4621 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
4622 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
4623 XFS_ERRLEVEL_LOW, log->l_mp);
4624 return -EFSCORRUPTED;
4626 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
4627 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
4628 XFS_ERRLEVEL_LOW, log->l_mp);
4629 return -EFSCORRUPTED;
4635 * Read the log from tail to head and process the log records found.
4636 * Handle the two cases where the tail and head are in the same cycle
4637 * and where the active portion of the log wraps around the end of
4638 * the physical log separately. The pass parameter is passed through
4639 * to the routines called to process the data and is not looked at
4643 xlog_do_recovery_pass(
4645 xfs_daddr_t head_blk,
4646 xfs_daddr_t tail_blk,
4648 xfs_daddr_t *first_bad) /* out: first bad log rec */
4650 xlog_rec_header_t *rhead;
4652 xfs_daddr_t rhead_blk;
4654 xfs_buf_t *hbp, *dbp;
4655 int error = 0, h_size, h_len;
4656 int bblks, split_bblks;
4657 int hblks, split_hblks, wrapped_hblks;
4658 struct hlist_head rhash[XLOG_RHASH_SIZE];
4660 ASSERT(head_blk != tail_blk);
4664 * Read the header of the tail block and get the iclog buffer size from
4665 * h_size. Use this to tell how many sectors make up the log header.
4667 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4669 * When using variable length iclogs, read first sector of
4670 * iclog header and extract the header size from it. Get a
4671 * new hbp that is the correct size.
4673 hbp = xlog_get_bp(log, 1);
4677 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
4681 rhead = (xlog_rec_header_t *)offset;
4682 error = xlog_valid_rec_header(log, rhead, tail_blk);
4687 * xfsprogs has a bug where record length is based on lsunit but
4688 * h_size (iclog size) is hardcoded to 32k. Now that we
4689 * unconditionally CRC verify the unmount record, this means the
4690 * log buffer can be too small for the record and cause an
4693 * Detect this condition here. Use lsunit for the buffer size as
4694 * long as this looks like the mkfs case. Otherwise, return an
4695 * error to avoid a buffer overrun.
4697 h_size = be32_to_cpu(rhead->h_size);
4698 h_len = be32_to_cpu(rhead->h_len);
4699 if (h_len > h_size) {
4700 if (h_len <= log->l_mp->m_logbsize &&
4701 be32_to_cpu(rhead->h_num_logops) == 1) {
4703 "invalid iclog size (%d bytes), using lsunit (%d bytes)",
4704 h_size, log->l_mp->m_logbsize);
4705 h_size = log->l_mp->m_logbsize;
4707 return -EFSCORRUPTED;
4710 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
4711 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
4712 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
4713 if (h_size % XLOG_HEADER_CYCLE_SIZE)
4716 hbp = xlog_get_bp(log, hblks);
4721 ASSERT(log->l_sectBBsize == 1);
4723 hbp = xlog_get_bp(log, 1);
4724 h_size = XLOG_BIG_RECORD_BSIZE;
4729 dbp = xlog_get_bp(log, BTOBB(h_size));
4735 memset(rhash, 0, sizeof(rhash));
4736 blk_no = rhead_blk = tail_blk;
4737 if (tail_blk > head_blk) {
4739 * Perform recovery around the end of the physical log.
4740 * When the head is not on the same cycle number as the tail,
4741 * we can't do a sequential recovery.
4743 while (blk_no < log->l_logBBsize) {
4745 * Check for header wrapping around physical end-of-log
4747 offset = hbp->b_addr;
4750 if (blk_no + hblks <= log->l_logBBsize) {
4751 /* Read header in one read */
4752 error = xlog_bread(log, blk_no, hblks, hbp,
4757 /* This LR is split across physical log end */
4758 if (blk_no != log->l_logBBsize) {
4759 /* some data before physical log end */
4760 ASSERT(blk_no <= INT_MAX);
4761 split_hblks = log->l_logBBsize - (int)blk_no;
4762 ASSERT(split_hblks > 0);
4763 error = xlog_bread(log, blk_no,
4771 * Note: this black magic still works with
4772 * large sector sizes (non-512) only because:
4773 * - we increased the buffer size originally
4774 * by 1 sector giving us enough extra space
4775 * for the second read;
4776 * - the log start is guaranteed to be sector
4778 * - we read the log end (LR header start)
4779 * _first_, then the log start (LR header end)
4780 * - order is important.
4782 wrapped_hblks = hblks - split_hblks;
4783 error = xlog_bread_offset(log, 0,
4785 offset + BBTOB(split_hblks));
4789 rhead = (xlog_rec_header_t *)offset;
4790 error = xlog_valid_rec_header(log, rhead,
4791 split_hblks ? blk_no : 0);
4795 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4798 /* Read in data for log record */
4799 if (blk_no + bblks <= log->l_logBBsize) {
4800 error = xlog_bread(log, blk_no, bblks, dbp,
4805 /* This log record is split across the
4806 * physical end of log */
4807 offset = dbp->b_addr;
4809 if (blk_no != log->l_logBBsize) {
4810 /* some data is before the physical
4812 ASSERT(!wrapped_hblks);
4813 ASSERT(blk_no <= INT_MAX);
4815 log->l_logBBsize - (int)blk_no;
4816 ASSERT(split_bblks > 0);
4817 error = xlog_bread(log, blk_no,
4825 * Note: this black magic still works with
4826 * large sector sizes (non-512) only because:
4827 * - we increased the buffer size originally
4828 * by 1 sector giving us enough extra space
4829 * for the second read;
4830 * - the log start is guaranteed to be sector
4832 * - we read the log end (LR header start)
4833 * _first_, then the log start (LR header end)
4834 * - order is important.
4836 error = xlog_bread_offset(log, 0,
4837 bblks - split_bblks, dbp,
4838 offset + BBTOB(split_bblks));
4843 error = xlog_recover_process(log, rhash, rhead, offset,
4852 ASSERT(blk_no >= log->l_logBBsize);
4853 blk_no -= log->l_logBBsize;
4857 /* read first part of physical log */
4858 while (blk_no < head_blk) {
4859 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
4863 rhead = (xlog_rec_header_t *)offset;
4864 error = xlog_valid_rec_header(log, rhead, blk_no);
4868 /* blocks in data section */
4869 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4870 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
4875 error = xlog_recover_process(log, rhash, rhead, offset, pass);
4879 blk_no += bblks + hblks;
4888 if (error && first_bad)
4889 *first_bad = rhead_blk;
4895 * Do the recovery of the log. We actually do this in two phases.
4896 * The two passes are necessary in order to implement the function
4897 * of cancelling a record written into the log. The first pass
4898 * determines those things which have been cancelled, and the
4899 * second pass replays log items normally except for those which
4900 * have been cancelled. The handling of the replay and cancellations
4901 * takes place in the log item type specific routines.
4903 * The table of items which have cancel records in the log is allocated
4904 * and freed at this level, since only here do we know when all of
4905 * the log recovery has been completed.
4908 xlog_do_log_recovery(
4910 xfs_daddr_t head_blk,
4911 xfs_daddr_t tail_blk)
4915 ASSERT(head_blk != tail_blk);
4918 * First do a pass to find all of the cancelled buf log items.
4919 * Store them in the buf_cancel_table for use in the second pass.
4921 log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE *
4922 sizeof(struct list_head),
4924 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4925 INIT_LIST_HEAD(&log->l_buf_cancel_table[i]);
4927 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4928 XLOG_RECOVER_PASS1, NULL);
4930 kmem_free(log->l_buf_cancel_table);
4931 log->l_buf_cancel_table = NULL;
4935 * Then do a second pass to actually recover the items in the log.
4936 * When it is complete free the table of buf cancel items.
4938 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4939 XLOG_RECOVER_PASS2, NULL);
4944 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4945 ASSERT(list_empty(&log->l_buf_cancel_table[i]));
4949 kmem_free(log->l_buf_cancel_table);
4950 log->l_buf_cancel_table = NULL;
4956 * Do the actual recovery
4961 xfs_daddr_t head_blk,
4962 xfs_daddr_t tail_blk)
4964 struct xfs_mount *mp = log->l_mp;
4970 * First replay the images in the log.
4972 error = xlog_do_log_recovery(log, head_blk, tail_blk);
4977 * If IO errors happened during recovery, bail out.
4979 if (XFS_FORCED_SHUTDOWN(mp)) {
4984 * We now update the tail_lsn since much of the recovery has completed
4985 * and there may be space available to use. If there were no extent
4986 * or iunlinks, we can free up the entire log and set the tail_lsn to
4987 * be the last_sync_lsn. This was set in xlog_find_tail to be the
4988 * lsn of the last known good LR on disk. If there are extent frees
4989 * or iunlinks they will have some entries in the AIL; so we look at
4990 * the AIL to determine how to set the tail_lsn.
4992 xlog_assign_tail_lsn(mp);
4995 * Now that we've finished replaying all buffer and inode
4996 * updates, re-read in the superblock and reverify it.
4998 bp = xfs_getsb(mp, 0);
4999 bp->b_flags &= ~(XBF_DONE | XBF_ASYNC);
5000 ASSERT(!(bp->b_flags & XBF_WRITE));
5001 bp->b_flags |= XBF_READ;
5002 bp->b_ops = &xfs_sb_buf_ops;
5004 error = xfs_buf_submit_wait(bp);
5006 if (!XFS_FORCED_SHUTDOWN(mp)) {
5007 xfs_buf_ioerror_alert(bp, __func__);
5014 /* Convert superblock from on-disk format */
5016 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
5019 /* re-initialise in-core superblock and geometry structures */
5020 xfs_reinit_percpu_counters(mp);
5021 error = xfs_initialize_perag(mp, sbp->sb_agcount, &mp->m_maxagi);
5023 xfs_warn(mp, "Failed post-recovery per-ag init: %d", error);
5027 xlog_recover_check_summary(log);
5029 /* Normal transactions can now occur */
5030 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
5035 * Perform recovery and re-initialize some log variables in xlog_find_tail.
5037 * Return error or zero.
5043 xfs_daddr_t head_blk, tail_blk;
5046 /* find the tail of the log */
5047 error = xlog_find_tail(log, &head_blk, &tail_blk);
5052 * The superblock was read before the log was available and thus the LSN
5053 * could not be verified. Check the superblock LSN against the current
5054 * LSN now that it's known.
5056 if (xfs_sb_version_hascrc(&log->l_mp->m_sb) &&
5057 !xfs_log_check_lsn(log->l_mp, log->l_mp->m_sb.sb_lsn))
5060 if (tail_blk != head_blk) {
5061 /* There used to be a comment here:
5063 * disallow recovery on read-only mounts. note -- mount
5064 * checks for ENOSPC and turns it into an intelligent
5066 * ...but this is no longer true. Now, unless you specify
5067 * NORECOVERY (in which case this function would never be
5068 * called), we just go ahead and recover. We do this all
5069 * under the vfs layer, so we can get away with it unless
5070 * the device itself is read-only, in which case we fail.
5072 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
5077 * Version 5 superblock log feature mask validation. We know the
5078 * log is dirty so check if there are any unknown log features
5079 * in what we need to recover. If there are unknown features
5080 * (e.g. unsupported transactions, then simply reject the
5081 * attempt at recovery before touching anything.
5083 if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 &&
5084 xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb,
5085 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
5087 "Superblock has unknown incompatible log features (0x%x) enabled.",
5088 (log->l_mp->m_sb.sb_features_log_incompat &
5089 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
5091 "The log can not be fully and/or safely recovered by this kernel.");
5093 "Please recover the log on a kernel that supports the unknown features.");
5098 * Delay log recovery if the debug hook is set. This is debug
5099 * instrumention to coordinate simulation of I/O failures with
5102 if (xfs_globals.log_recovery_delay) {
5103 xfs_notice(log->l_mp,
5104 "Delaying log recovery for %d seconds.",
5105 xfs_globals.log_recovery_delay);
5106 msleep(xfs_globals.log_recovery_delay * 1000);
5109 xfs_notice(log->l_mp, "Starting recovery (logdev: %s)",
5110 log->l_mp->m_logname ? log->l_mp->m_logname
5113 error = xlog_do_recover(log, head_blk, tail_blk);
5114 log->l_flags |= XLOG_RECOVERY_NEEDED;
5120 * In the first part of recovery we replay inodes and buffers and build
5121 * up the list of extent free items which need to be processed. Here
5122 * we process the extent free items and clean up the on disk unlinked
5123 * inode lists. This is separated from the first part of recovery so
5124 * that the root and real-time bitmap inodes can be read in from disk in
5125 * between the two stages. This is necessary so that we can free space
5126 * in the real-time portion of the file system.
5129 xlog_recover_finish(
5133 * Now we're ready to do the transactions needed for the
5134 * rest of recovery. Start with completing all the extent
5135 * free intent records and then process the unlinked inode
5136 * lists. At this point, we essentially run in normal mode
5137 * except that we're still performing recovery actions
5138 * rather than accepting new requests.
5140 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
5142 error = xlog_recover_process_efis(log);
5144 xfs_alert(log->l_mp, "Failed to recover EFIs");
5148 * Sync the log to get all the EFIs out of the AIL.
5149 * This isn't absolutely necessary, but it helps in
5150 * case the unlink transactions would have problems
5151 * pushing the EFIs out of the way.
5153 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
5155 xlog_recover_process_iunlinks(log);
5157 xlog_recover_check_summary(log);
5159 xfs_notice(log->l_mp, "Ending recovery (logdev: %s)",
5160 log->l_mp->m_logname ? log->l_mp->m_logname
5162 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
5164 xfs_info(log->l_mp, "Ending clean mount");
5170 xlog_recover_cancel(
5175 if (log->l_flags & XLOG_RECOVERY_NEEDED)
5176 error = xlog_recover_cancel_efis(log);
5183 * Read all of the agf and agi counters and check that they
5184 * are consistent with the superblock counters.
5187 xlog_recover_check_summary(
5194 xfs_agnumber_t agno;
5195 __uint64_t freeblks;
5205 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
5206 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
5208 xfs_alert(mp, "%s agf read failed agno %d error %d",
5209 __func__, agno, error);
5211 agfp = XFS_BUF_TO_AGF(agfbp);
5212 freeblks += be32_to_cpu(agfp->agf_freeblks) +
5213 be32_to_cpu(agfp->agf_flcount);
5214 xfs_buf_relse(agfbp);
5217 error = xfs_read_agi(mp, NULL, agno, &agibp);
5219 xfs_alert(mp, "%s agi read failed agno %d error %d",
5220 __func__, agno, error);
5222 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
5224 itotal += be32_to_cpu(agi->agi_count);
5225 ifree += be32_to_cpu(agi->agi_freecount);
5226 xfs_buf_relse(agibp);
projects / cascardo / linux.git / blob