xref: /openbmc/linux/drivers/md/dm-clone-metadata.c (revision a080a92a6f89e716b8a264f6b93123b41a1c004c)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2019 Arrikto, Inc. All Rights Reserved.
4  */
5 
6 #include <linux/mm.h>
7 #include <linux/err.h>
8 #include <linux/slab.h>
9 #include <linux/rwsem.h>
10 #include <linux/bitops.h>
11 #include <linux/bitmap.h>
12 #include <linux/device-mapper.h>
13 
14 #include "persistent-data/dm-bitset.h"
15 #include "persistent-data/dm-space-map.h"
16 #include "persistent-data/dm-block-manager.h"
17 #include "persistent-data/dm-transaction-manager.h"
18 
19 #include "dm-clone-metadata.h"
20 
21 #define DM_MSG_PREFIX "clone metadata"
22 
23 #define SUPERBLOCK_LOCATION 0
24 #define SUPERBLOCK_MAGIC 0x8af27f64
25 #define SUPERBLOCK_CSUM_XOR 257649492
26 
27 #define DM_CLONE_MAX_CONCURRENT_LOCKS 5
28 
29 #define UUID_LEN 16
30 
31 /* Min and max dm-clone metadata versions supported */
32 #define DM_CLONE_MIN_METADATA_VERSION 1
33 #define DM_CLONE_MAX_METADATA_VERSION 1
34 
35 /*
36  * On-disk metadata layout
37  */
38 struct superblock_disk {
39 	__le32 csum;
40 	__le32 flags;
41 	__le64 blocknr;
42 
43 	__u8 uuid[UUID_LEN];
44 	__le64 magic;
45 	__le32 version;
46 
47 	__u8 metadata_space_map_root[SPACE_MAP_ROOT_SIZE];
48 
49 	__le64 region_size;
50 	__le64 target_size;
51 
52 	__le64 bitset_root;
53 } __packed;
54 
55 /*
56  * Region and Dirty bitmaps.
57  *
58  * dm-clone logically splits the source and destination devices in regions of
59  * fixed size. The destination device's regions are gradually hydrated, i.e.,
60  * we copy (clone) the source's regions to the destination device. Eventually,
61  * all regions will get hydrated and all I/O will be served from the
62  * destination device.
63  *
64  * We maintain an on-disk bitmap which tracks the state of each of the
65  * destination device's regions, i.e., whether they are hydrated or not.
66  *
67  * To save constantly doing look ups on disk we keep an in core copy of the
68  * on-disk bitmap, the region_map.
69  *
70  * In order to track which regions are hydrated during a metadata transaction,
71  * we use a second set of bitmaps, the dmap (dirty bitmap), which includes two
72  * bitmaps, namely dirty_regions and dirty_words. The dirty_regions bitmap
73  * tracks the regions that got hydrated during the current metadata
74  * transaction. The dirty_words bitmap tracks the dirty words, i.e. longs, of
75  * the dirty_regions bitmap.
76  *
77  * This allows us to precisely track the regions that were hydrated during the
78  * current metadata transaction and update the metadata accordingly, when we
79  * commit the current transaction. This is important because dm-clone should
80  * only commit the metadata of regions that were properly flushed to the
81  * destination device beforehand. Otherwise, in case of a crash, we could end
82  * up with a corrupted dm-clone device.
83  *
84  * When a region finishes hydrating dm-clone calls
85  * dm_clone_set_region_hydrated(), or for discard requests
86  * dm_clone_cond_set_range(), which sets the corresponding bits in region_map
87  * and dmap.
88  *
89  * During a metadata commit we scan dmap->dirty_words and dmap->dirty_regions
90  * and update the on-disk metadata accordingly. Thus, we don't have to flush to
91  * disk the whole region_map. We can just flush the dirty region_map bits.
92  *
93  * We use the helper dmap->dirty_words bitmap, which is smaller than the
94  * original region_map, to reduce the amount of memory accesses during a
95  * metadata commit. Moreover, as dm-bitset also accesses the on-disk bitmap in
96  * 64-bit word granularity, the dirty_words bitmap helps us avoid useless disk
97  * accesses.
98  *
99  * We could update directly the on-disk bitmap, when dm-clone calls either
100  * dm_clone_set_region_hydrated() or dm_clone_cond_set_range(), buts this
101  * inserts significant metadata I/O overhead in dm-clone's I/O path. Also, as
102  * these two functions don't block, we can call them in interrupt context,
103  * e.g., in a hooked overwrite bio's completion routine, and further reduce the
104  * I/O completion latency.
105  *
106  * We maintain two dirty bitmap sets. During a metadata commit we atomically
107  * swap the currently used dmap with the unused one. This allows the metadata
108  * update functions to run concurrently with an ongoing commit.
109  */
110 struct dirty_map {
111 	unsigned long *dirty_words;
112 	unsigned long *dirty_regions;
113 	unsigned int changed;
114 };
115 
116 struct dm_clone_metadata {
117 	/* The metadata block device */
118 	struct block_device *bdev;
119 
120 	sector_t target_size;
121 	sector_t region_size;
122 	unsigned long nr_regions;
123 	unsigned long nr_words;
124 
125 	/* Spinlock protecting the region and dirty bitmaps. */
126 	spinlock_t bitmap_lock;
127 	struct dirty_map dmap[2];
128 	struct dirty_map *current_dmap;
129 
130 	/* Protected by lock */
131 	struct dirty_map *committing_dmap;
132 
133 	/*
134 	 * In core copy of the on-disk bitmap to save constantly doing look ups
135 	 * on disk.
136 	 */
137 	unsigned long *region_map;
138 
139 	/* Protected by bitmap_lock */
140 	unsigned int read_only;
141 
142 	struct dm_block_manager *bm;
143 	struct dm_space_map *sm;
144 	struct dm_transaction_manager *tm;
145 
146 	struct rw_semaphore lock;
147 
148 	struct dm_disk_bitset bitset_info;
149 	dm_block_t bitset_root;
150 
151 	/*
152 	 * Reading the space map root can fail, so we read it into this
153 	 * buffer before the superblock is locked and updated.
154 	 */
155 	__u8 metadata_space_map_root[SPACE_MAP_ROOT_SIZE];
156 
157 	bool hydration_done:1;
158 	bool fail_io:1;
159 };
160 
161 /*---------------------------------------------------------------------------*/
162 
163 /*
164  * Superblock validation.
165  */
166 static void sb_prepare_for_write(struct dm_block_validator *v,
167 				 struct dm_block *b, size_t sb_block_size)
168 {
169 	struct superblock_disk *sb;
170 	u32 csum;
171 
172 	sb = dm_block_data(b);
173 	sb->blocknr = cpu_to_le64(dm_block_location(b));
174 
175 	csum = dm_bm_checksum(&sb->flags, sb_block_size - sizeof(__le32),
176 			      SUPERBLOCK_CSUM_XOR);
177 	sb->csum = cpu_to_le32(csum);
178 }
179 
180 static int sb_check(struct dm_block_validator *v, struct dm_block *b,
181 		    size_t sb_block_size)
182 {
183 	struct superblock_disk *sb;
184 	u32 csum, metadata_version;
185 
186 	sb = dm_block_data(b);
187 
188 	if (dm_block_location(b) != le64_to_cpu(sb->blocknr)) {
189 		DMERR("Superblock check failed: blocknr %llu, expected %llu",
190 		      le64_to_cpu(sb->blocknr),
191 		      (unsigned long long)dm_block_location(b));
192 		return -ENOTBLK;
193 	}
194 
195 	if (le64_to_cpu(sb->magic) != SUPERBLOCK_MAGIC) {
196 		DMERR("Superblock check failed: magic %llu, expected %llu",
197 		      le64_to_cpu(sb->magic),
198 		      (unsigned long long)SUPERBLOCK_MAGIC);
199 		return -EILSEQ;
200 	}
201 
202 	csum = dm_bm_checksum(&sb->flags, sb_block_size - sizeof(__le32),
203 			      SUPERBLOCK_CSUM_XOR);
204 	if (sb->csum != cpu_to_le32(csum)) {
205 		DMERR("Superblock check failed: checksum %u, expected %u",
206 		      csum, le32_to_cpu(sb->csum));
207 		return -EILSEQ;
208 	}
209 
210 	/* Check metadata version */
211 	metadata_version = le32_to_cpu(sb->version);
212 	if (metadata_version < DM_CLONE_MIN_METADATA_VERSION ||
213 	    metadata_version > DM_CLONE_MAX_METADATA_VERSION) {
214 		DMERR("Clone metadata version %u found, but only versions between %u and %u supported.",
215 		      metadata_version, DM_CLONE_MIN_METADATA_VERSION,
216 		      DM_CLONE_MAX_METADATA_VERSION);
217 		return -EINVAL;
218 	}
219 
220 	return 0;
221 }
222 
223 static struct dm_block_validator sb_validator = {
224 	.name = "superblock",
225 	.prepare_for_write = sb_prepare_for_write,
226 	.check = sb_check
227 };
228 
229 /*
230  * Check if the superblock is formatted or not. We consider the superblock to
231  * be formatted in case we find non-zero bytes in it.
232  */
233 static int __superblock_all_zeroes(struct dm_block_manager *bm, bool *formatted)
234 {
235 	int r;
236 	unsigned int i, nr_words;
237 	struct dm_block *sblock;
238 	__le64 *data_le, zero = cpu_to_le64(0);
239 
240 	/*
241 	 * We don't use a validator here because the superblock could be all
242 	 * zeroes.
243 	 */
244 	r = dm_bm_read_lock(bm, SUPERBLOCK_LOCATION, NULL, &sblock);
245 	if (r) {
246 		DMERR("Failed to read_lock superblock");
247 		return r;
248 	}
249 
250 	data_le = dm_block_data(sblock);
251 	*formatted = false;
252 
253 	/* This assumes that the block size is a multiple of 8 bytes */
254 	BUG_ON(dm_bm_block_size(bm) % sizeof(__le64));
255 	nr_words = dm_bm_block_size(bm) / sizeof(__le64);
256 	for (i = 0; i < nr_words; i++) {
257 		if (data_le[i] != zero) {
258 			*formatted = true;
259 			break;
260 		}
261 	}
262 
263 	dm_bm_unlock(sblock);
264 
265 	return 0;
266 }
267 
268 /*---------------------------------------------------------------------------*/
269 
270 /*
271  * Low-level metadata handling.
272  */
273 static inline int superblock_read_lock(struct dm_clone_metadata *cmd,
274 				       struct dm_block **sblock)
275 {
276 	return dm_bm_read_lock(cmd->bm, SUPERBLOCK_LOCATION, &sb_validator, sblock);
277 }
278 
279 static inline int superblock_write_lock(struct dm_clone_metadata *cmd,
280 					struct dm_block **sblock)
281 {
282 	return dm_bm_write_lock(cmd->bm, SUPERBLOCK_LOCATION, &sb_validator, sblock);
283 }
284 
285 static inline int superblock_write_lock_zero(struct dm_clone_metadata *cmd,
286 					     struct dm_block **sblock)
287 {
288 	return dm_bm_write_lock_zero(cmd->bm, SUPERBLOCK_LOCATION, &sb_validator, sblock);
289 }
290 
291 static int __copy_sm_root(struct dm_clone_metadata *cmd)
292 {
293 	int r;
294 	size_t root_size;
295 
296 	r = dm_sm_root_size(cmd->sm, &root_size);
297 	if (r)
298 		return r;
299 
300 	return dm_sm_copy_root(cmd->sm, &cmd->metadata_space_map_root, root_size);
301 }
302 
303 /* Save dm-clone metadata in superblock */
304 static void __prepare_superblock(struct dm_clone_metadata *cmd,
305 				 struct superblock_disk *sb)
306 {
307 	sb->flags = cpu_to_le32(0UL);
308 
309 	/* FIXME: UUID is currently unused */
310 	memset(sb->uuid, 0, sizeof(sb->uuid));
311 
312 	sb->magic = cpu_to_le64(SUPERBLOCK_MAGIC);
313 	sb->version = cpu_to_le32(DM_CLONE_MAX_METADATA_VERSION);
314 
315 	/* Save the metadata space_map root */
316 	memcpy(&sb->metadata_space_map_root, &cmd->metadata_space_map_root,
317 	       sizeof(cmd->metadata_space_map_root));
318 
319 	sb->region_size = cpu_to_le64(cmd->region_size);
320 	sb->target_size = cpu_to_le64(cmd->target_size);
321 	sb->bitset_root = cpu_to_le64(cmd->bitset_root);
322 }
323 
324 static int __open_metadata(struct dm_clone_metadata *cmd)
325 {
326 	int r;
327 	struct dm_block *sblock;
328 	struct superblock_disk *sb;
329 
330 	r = superblock_read_lock(cmd, &sblock);
331 
332 	if (r) {
333 		DMERR("Failed to read_lock superblock");
334 		return r;
335 	}
336 
337 	sb = dm_block_data(sblock);
338 
339 	/* Verify that target_size and region_size haven't changed. */
340 	if (cmd->region_size != le64_to_cpu(sb->region_size) ||
341 	    cmd->target_size != le64_to_cpu(sb->target_size)) {
342 		DMERR("Region and/or target size don't match the ones in metadata");
343 		r = -EINVAL;
344 		goto out_with_lock;
345 	}
346 
347 	r = dm_tm_open_with_sm(cmd->bm, SUPERBLOCK_LOCATION,
348 			       sb->metadata_space_map_root,
349 			       sizeof(sb->metadata_space_map_root),
350 			       &cmd->tm, &cmd->sm);
351 
352 	if (r) {
353 		DMERR("dm_tm_open_with_sm failed");
354 		goto out_with_lock;
355 	}
356 
357 	dm_disk_bitset_init(cmd->tm, &cmd->bitset_info);
358 	cmd->bitset_root = le64_to_cpu(sb->bitset_root);
359 
360 out_with_lock:
361 	dm_bm_unlock(sblock);
362 
363 	return r;
364 }
365 
366 static int __format_metadata(struct dm_clone_metadata *cmd)
367 {
368 	int r;
369 	struct dm_block *sblock;
370 	struct superblock_disk *sb;
371 
372 	r = dm_tm_create_with_sm(cmd->bm, SUPERBLOCK_LOCATION, &cmd->tm, &cmd->sm);
373 	if (r) {
374 		DMERR("Failed to create transaction manager");
375 		return r;
376 	}
377 
378 	dm_disk_bitset_init(cmd->tm, &cmd->bitset_info);
379 
380 	r = dm_bitset_empty(&cmd->bitset_info, &cmd->bitset_root);
381 	if (r) {
382 		DMERR("Failed to create empty on-disk bitset");
383 		goto err_with_tm;
384 	}
385 
386 	r = dm_bitset_resize(&cmd->bitset_info, cmd->bitset_root, 0,
387 			     cmd->nr_regions, false, &cmd->bitset_root);
388 	if (r) {
389 		DMERR("Failed to resize on-disk bitset to %lu entries", cmd->nr_regions);
390 		goto err_with_tm;
391 	}
392 
393 	/* Flush to disk all blocks, except the superblock */
394 	r = dm_tm_pre_commit(cmd->tm);
395 	if (r) {
396 		DMERR("dm_tm_pre_commit failed");
397 		goto err_with_tm;
398 	}
399 
400 	r = __copy_sm_root(cmd);
401 	if (r) {
402 		DMERR("__copy_sm_root failed");
403 		goto err_with_tm;
404 	}
405 
406 	r = superblock_write_lock_zero(cmd, &sblock);
407 	if (r) {
408 		DMERR("Failed to write_lock superblock");
409 		goto err_with_tm;
410 	}
411 
412 	sb = dm_block_data(sblock);
413 	__prepare_superblock(cmd, sb);
414 	r = dm_tm_commit(cmd->tm, sblock);
415 	if (r) {
416 		DMERR("Failed to commit superblock");
417 		goto err_with_tm;
418 	}
419 
420 	return 0;
421 
422 err_with_tm:
423 	dm_sm_destroy(cmd->sm);
424 	dm_tm_destroy(cmd->tm);
425 
426 	return r;
427 }
428 
429 static int __open_or_format_metadata(struct dm_clone_metadata *cmd, bool may_format_device)
430 {
431 	int r;
432 	bool formatted = false;
433 
434 	r = __superblock_all_zeroes(cmd->bm, &formatted);
435 	if (r)
436 		return r;
437 
438 	if (!formatted)
439 		return may_format_device ? __format_metadata(cmd) : -EPERM;
440 
441 	return __open_metadata(cmd);
442 }
443 
444 static int __create_persistent_data_structures(struct dm_clone_metadata *cmd,
445 					       bool may_format_device)
446 {
447 	int r;
448 
449 	/* Create block manager */
450 	cmd->bm = dm_block_manager_create(cmd->bdev,
451 					 DM_CLONE_METADATA_BLOCK_SIZE << SECTOR_SHIFT,
452 					 DM_CLONE_MAX_CONCURRENT_LOCKS);
453 	if (IS_ERR(cmd->bm)) {
454 		DMERR("Failed to create block manager");
455 		return PTR_ERR(cmd->bm);
456 	}
457 
458 	r = __open_or_format_metadata(cmd, may_format_device);
459 	if (r)
460 		dm_block_manager_destroy(cmd->bm);
461 
462 	return r;
463 }
464 
465 static void __destroy_persistent_data_structures(struct dm_clone_metadata *cmd)
466 {
467 	dm_sm_destroy(cmd->sm);
468 	dm_tm_destroy(cmd->tm);
469 	dm_block_manager_destroy(cmd->bm);
470 }
471 
472 /*---------------------------------------------------------------------------*/
473 
474 static size_t bitmap_size(unsigned long nr_bits)
475 {
476 	return BITS_TO_LONGS(nr_bits) * sizeof(long);
477 }
478 
479 static int __dirty_map_init(struct dirty_map *dmap, unsigned long nr_words,
480 			    unsigned long nr_regions)
481 {
482 	dmap->changed = 0;
483 
484 	dmap->dirty_words = kvzalloc(bitmap_size(nr_words), GFP_KERNEL);
485 	if (!dmap->dirty_words)
486 		return -ENOMEM;
487 
488 	dmap->dirty_regions = kvzalloc(bitmap_size(nr_regions), GFP_KERNEL);
489 	if (!dmap->dirty_regions) {
490 		kvfree(dmap->dirty_words);
491 		return -ENOMEM;
492 	}
493 
494 	return 0;
495 }
496 
497 static void __dirty_map_exit(struct dirty_map *dmap)
498 {
499 	kvfree(dmap->dirty_words);
500 	kvfree(dmap->dirty_regions);
501 }
502 
503 static int dirty_map_init(struct dm_clone_metadata *cmd)
504 {
505 	if (__dirty_map_init(&cmd->dmap[0], cmd->nr_words, cmd->nr_regions)) {
506 		DMERR("Failed to allocate dirty bitmap");
507 		return -ENOMEM;
508 	}
509 
510 	if (__dirty_map_init(&cmd->dmap[1], cmd->nr_words, cmd->nr_regions)) {
511 		DMERR("Failed to allocate dirty bitmap");
512 		__dirty_map_exit(&cmd->dmap[0]);
513 		return -ENOMEM;
514 	}
515 
516 	cmd->current_dmap = &cmd->dmap[0];
517 	cmd->committing_dmap = NULL;
518 
519 	return 0;
520 }
521 
522 static void dirty_map_exit(struct dm_clone_metadata *cmd)
523 {
524 	__dirty_map_exit(&cmd->dmap[0]);
525 	__dirty_map_exit(&cmd->dmap[1]);
526 }
527 
528 static int __load_bitset_in_core(struct dm_clone_metadata *cmd)
529 {
530 	int r;
531 	unsigned long i;
532 	struct dm_bitset_cursor c;
533 
534 	/* Flush bitset cache */
535 	r = dm_bitset_flush(&cmd->bitset_info, cmd->bitset_root, &cmd->bitset_root);
536 	if (r)
537 		return r;
538 
539 	r = dm_bitset_cursor_begin(&cmd->bitset_info, cmd->bitset_root, cmd->nr_regions, &c);
540 	if (r)
541 		return r;
542 
543 	for (i = 0; ; i++) {
544 		if (dm_bitset_cursor_get_value(&c))
545 			__set_bit(i, cmd->region_map);
546 		else
547 			__clear_bit(i, cmd->region_map);
548 
549 		if (i >= (cmd->nr_regions - 1))
550 			break;
551 
552 		r = dm_bitset_cursor_next(&c);
553 
554 		if (r)
555 			break;
556 	}
557 
558 	dm_bitset_cursor_end(&c);
559 
560 	return r;
561 }
562 
563 struct dm_clone_metadata *dm_clone_metadata_open(struct block_device *bdev,
564 						 sector_t target_size,
565 						 sector_t region_size)
566 {
567 	int r;
568 	struct dm_clone_metadata *cmd;
569 
570 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
571 	if (!cmd) {
572 		DMERR("Failed to allocate memory for dm-clone metadata");
573 		return ERR_PTR(-ENOMEM);
574 	}
575 
576 	cmd->bdev = bdev;
577 	cmd->target_size = target_size;
578 	cmd->region_size = region_size;
579 	cmd->nr_regions = dm_sector_div_up(cmd->target_size, cmd->region_size);
580 	cmd->nr_words = BITS_TO_LONGS(cmd->nr_regions);
581 
582 	init_rwsem(&cmd->lock);
583 	spin_lock_init(&cmd->bitmap_lock);
584 	cmd->read_only = 0;
585 	cmd->fail_io = false;
586 	cmd->hydration_done = false;
587 
588 	cmd->region_map = kvmalloc(bitmap_size(cmd->nr_regions), GFP_KERNEL);
589 	if (!cmd->region_map) {
590 		DMERR("Failed to allocate memory for region bitmap");
591 		r = -ENOMEM;
592 		goto out_with_md;
593 	}
594 
595 	r = __create_persistent_data_structures(cmd, true);
596 	if (r)
597 		goto out_with_region_map;
598 
599 	r = __load_bitset_in_core(cmd);
600 	if (r) {
601 		DMERR("Failed to load on-disk region map");
602 		goto out_with_pds;
603 	}
604 
605 	r = dirty_map_init(cmd);
606 	if (r)
607 		goto out_with_pds;
608 
609 	if (bitmap_full(cmd->region_map, cmd->nr_regions))
610 		cmd->hydration_done = true;
611 
612 	return cmd;
613 
614 out_with_pds:
615 	__destroy_persistent_data_structures(cmd);
616 
617 out_with_region_map:
618 	kvfree(cmd->region_map);
619 
620 out_with_md:
621 	kfree(cmd);
622 
623 	return ERR_PTR(r);
624 }
625 
626 void dm_clone_metadata_close(struct dm_clone_metadata *cmd)
627 {
628 	if (!cmd->fail_io)
629 		__destroy_persistent_data_structures(cmd);
630 
631 	dirty_map_exit(cmd);
632 	kvfree(cmd->region_map);
633 	kfree(cmd);
634 }
635 
636 bool dm_clone_is_hydration_done(struct dm_clone_metadata *cmd)
637 {
638 	return cmd->hydration_done;
639 }
640 
641 bool dm_clone_is_region_hydrated(struct dm_clone_metadata *cmd, unsigned long region_nr)
642 {
643 	return dm_clone_is_hydration_done(cmd) || test_bit(region_nr, cmd->region_map);
644 }
645 
646 bool dm_clone_is_range_hydrated(struct dm_clone_metadata *cmd,
647 				unsigned long start, unsigned long nr_regions)
648 {
649 	unsigned long bit;
650 
651 	if (dm_clone_is_hydration_done(cmd))
652 		return true;
653 
654 	bit = find_next_zero_bit(cmd->region_map, cmd->nr_regions, start);
655 
656 	return (bit >= (start + nr_regions));
657 }
658 
659 unsigned long dm_clone_nr_of_hydrated_regions(struct dm_clone_metadata *cmd)
660 {
661 	return bitmap_weight(cmd->region_map, cmd->nr_regions);
662 }
663 
664 unsigned long dm_clone_find_next_unhydrated_region(struct dm_clone_metadata *cmd,
665 						   unsigned long start)
666 {
667 	return find_next_zero_bit(cmd->region_map, cmd->nr_regions, start);
668 }
669 
670 static int __update_metadata_word(struct dm_clone_metadata *cmd,
671 				  unsigned long *dirty_regions,
672 				  unsigned long word)
673 {
674 	int r;
675 	unsigned long index = word * BITS_PER_LONG;
676 	unsigned long max_index = min(cmd->nr_regions, (word + 1) * BITS_PER_LONG);
677 
678 	while (index < max_index) {
679 		if (test_bit(index, dirty_regions)) {
680 			r = dm_bitset_set_bit(&cmd->bitset_info, cmd->bitset_root,
681 					      index, &cmd->bitset_root);
682 			if (r) {
683 				DMERR("dm_bitset_set_bit failed");
684 				return r;
685 			}
686 			__clear_bit(index, dirty_regions);
687 		}
688 		index++;
689 	}
690 
691 	return 0;
692 }
693 
694 static int __metadata_commit(struct dm_clone_metadata *cmd)
695 {
696 	int r;
697 	struct dm_block *sblock;
698 	struct superblock_disk *sb;
699 
700 	/* Flush bitset cache */
701 	r = dm_bitset_flush(&cmd->bitset_info, cmd->bitset_root, &cmd->bitset_root);
702 	if (r) {
703 		DMERR("dm_bitset_flush failed");
704 		return r;
705 	}
706 
707 	/* Flush to disk all blocks, except the superblock */
708 	r = dm_tm_pre_commit(cmd->tm);
709 	if (r) {
710 		DMERR("dm_tm_pre_commit failed");
711 		return r;
712 	}
713 
714 	/* Save the space map root in cmd->metadata_space_map_root */
715 	r = __copy_sm_root(cmd);
716 	if (r) {
717 		DMERR("__copy_sm_root failed");
718 		return r;
719 	}
720 
721 	/* Lock the superblock */
722 	r = superblock_write_lock_zero(cmd, &sblock);
723 	if (r) {
724 		DMERR("Failed to write_lock superblock");
725 		return r;
726 	}
727 
728 	/* Save the metadata in superblock */
729 	sb = dm_block_data(sblock);
730 	__prepare_superblock(cmd, sb);
731 
732 	/* Unlock superblock and commit it to disk */
733 	r = dm_tm_commit(cmd->tm, sblock);
734 	if (r) {
735 		DMERR("Failed to commit superblock");
736 		return r;
737 	}
738 
739 	/*
740 	 * FIXME: Find a more efficient way to check if the hydration is done.
741 	 */
742 	if (bitmap_full(cmd->region_map, cmd->nr_regions))
743 		cmd->hydration_done = true;
744 
745 	return 0;
746 }
747 
748 static int __flush_dmap(struct dm_clone_metadata *cmd, struct dirty_map *dmap)
749 {
750 	int r;
751 	unsigned long word;
752 
753 	word = 0;
754 	do {
755 		word = find_next_bit(dmap->dirty_words, cmd->nr_words, word);
756 
757 		if (word == cmd->nr_words)
758 			break;
759 
760 		r = __update_metadata_word(cmd, dmap->dirty_regions, word);
761 
762 		if (r)
763 			return r;
764 
765 		__clear_bit(word, dmap->dirty_words);
766 		word++;
767 	} while (word < cmd->nr_words);
768 
769 	r = __metadata_commit(cmd);
770 
771 	if (r)
772 		return r;
773 
774 	/* Update the changed flag */
775 	spin_lock_irq(&cmd->bitmap_lock);
776 	dmap->changed = 0;
777 	spin_unlock_irq(&cmd->bitmap_lock);
778 
779 	return 0;
780 }
781 
782 int dm_clone_metadata_pre_commit(struct dm_clone_metadata *cmd)
783 {
784 	int r = 0;
785 	struct dirty_map *dmap, *next_dmap;
786 
787 	down_write(&cmd->lock);
788 
789 	if (cmd->fail_io || dm_bm_is_read_only(cmd->bm)) {
790 		r = -EPERM;
791 		goto out;
792 	}
793 
794 	/* Get current dirty bitmap */
795 	dmap = cmd->current_dmap;
796 
797 	/* Get next dirty bitmap */
798 	next_dmap = (dmap == &cmd->dmap[0]) ? &cmd->dmap[1] : &cmd->dmap[0];
799 
800 	/*
801 	 * The last commit failed, so we don't have a clean dirty-bitmap to
802 	 * use.
803 	 */
804 	if (WARN_ON(next_dmap->changed || cmd->committing_dmap)) {
805 		r = -EINVAL;
806 		goto out;
807 	}
808 
809 	/* Swap dirty bitmaps */
810 	spin_lock_irq(&cmd->bitmap_lock);
811 	cmd->current_dmap = next_dmap;
812 	spin_unlock_irq(&cmd->bitmap_lock);
813 
814 	/* Set old dirty bitmap as currently committing */
815 	cmd->committing_dmap = dmap;
816 out:
817 	up_write(&cmd->lock);
818 
819 	return r;
820 }
821 
822 int dm_clone_metadata_commit(struct dm_clone_metadata *cmd)
823 {
824 	int r = -EPERM;
825 
826 	down_write(&cmd->lock);
827 
828 	if (cmd->fail_io || dm_bm_is_read_only(cmd->bm))
829 		goto out;
830 
831 	if (WARN_ON(!cmd->committing_dmap)) {
832 		r = -EINVAL;
833 		goto out;
834 	}
835 
836 	r = __flush_dmap(cmd, cmd->committing_dmap);
837 	if (!r) {
838 		/* Clear committing dmap */
839 		cmd->committing_dmap = NULL;
840 	}
841 out:
842 	up_write(&cmd->lock);
843 
844 	return r;
845 }
846 
847 int dm_clone_set_region_hydrated(struct dm_clone_metadata *cmd, unsigned long region_nr)
848 {
849 	int r = 0;
850 	struct dirty_map *dmap;
851 	unsigned long word, flags;
852 
853 	word = region_nr / BITS_PER_LONG;
854 
855 	spin_lock_irqsave(&cmd->bitmap_lock, flags);
856 
857 	if (cmd->read_only) {
858 		r = -EPERM;
859 		goto out;
860 	}
861 
862 	dmap = cmd->current_dmap;
863 
864 	__set_bit(word, dmap->dirty_words);
865 	__set_bit(region_nr, dmap->dirty_regions);
866 	__set_bit(region_nr, cmd->region_map);
867 	dmap->changed = 1;
868 
869 out:
870 	spin_unlock_irqrestore(&cmd->bitmap_lock, flags);
871 
872 	return r;
873 }
874 
875 int dm_clone_cond_set_range(struct dm_clone_metadata *cmd, unsigned long start,
876 			    unsigned long nr_regions)
877 {
878 	int r = 0;
879 	struct dirty_map *dmap;
880 	unsigned long word, region_nr;
881 
882 	spin_lock_irq(&cmd->bitmap_lock);
883 
884 	if (cmd->read_only) {
885 		r = -EPERM;
886 		goto out;
887 	}
888 
889 	dmap = cmd->current_dmap;
890 	for (region_nr = start; region_nr < (start + nr_regions); region_nr++) {
891 		if (!test_bit(region_nr, cmd->region_map)) {
892 			word = region_nr / BITS_PER_LONG;
893 			__set_bit(word, dmap->dirty_words);
894 			__set_bit(region_nr, dmap->dirty_regions);
895 			__set_bit(region_nr, cmd->region_map);
896 			dmap->changed = 1;
897 		}
898 	}
899 out:
900 	spin_unlock_irq(&cmd->bitmap_lock);
901 
902 	return r;
903 }
904 
905 /*
906  * WARNING: This must not be called concurrently with either
907  * dm_clone_set_region_hydrated() or dm_clone_cond_set_range(), as it changes
908  * cmd->region_map without taking the cmd->bitmap_lock spinlock. The only
909  * exception is after setting the metadata to read-only mode, using
910  * dm_clone_metadata_set_read_only().
911  *
912  * We don't take the spinlock because __load_bitset_in_core() does I/O, so it
913  * may block.
914  */
915 int dm_clone_reload_in_core_bitset(struct dm_clone_metadata *cmd)
916 {
917 	int r = -EINVAL;
918 
919 	down_write(&cmd->lock);
920 
921 	if (cmd->fail_io)
922 		goto out;
923 
924 	r = __load_bitset_in_core(cmd);
925 out:
926 	up_write(&cmd->lock);
927 
928 	return r;
929 }
930 
931 bool dm_clone_changed_this_transaction(struct dm_clone_metadata *cmd)
932 {
933 	bool r;
934 	unsigned long flags;
935 
936 	spin_lock_irqsave(&cmd->bitmap_lock, flags);
937 	r = cmd->dmap[0].changed || cmd->dmap[1].changed;
938 	spin_unlock_irqrestore(&cmd->bitmap_lock, flags);
939 
940 	return r;
941 }
942 
943 int dm_clone_metadata_abort(struct dm_clone_metadata *cmd)
944 {
945 	int r = -EPERM;
946 
947 	down_write(&cmd->lock);
948 
949 	if (cmd->fail_io || dm_bm_is_read_only(cmd->bm))
950 		goto out;
951 
952 	__destroy_persistent_data_structures(cmd);
953 
954 	r = __create_persistent_data_structures(cmd, false);
955 	if (r) {
956 		/* If something went wrong we can neither write nor read the metadata */
957 		cmd->fail_io = true;
958 	}
959 out:
960 	up_write(&cmd->lock);
961 
962 	return r;
963 }
964 
965 void dm_clone_metadata_set_read_only(struct dm_clone_metadata *cmd)
966 {
967 	down_write(&cmd->lock);
968 
969 	spin_lock_irq(&cmd->bitmap_lock);
970 	cmd->read_only = 1;
971 	spin_unlock_irq(&cmd->bitmap_lock);
972 
973 	if (!cmd->fail_io)
974 		dm_bm_set_read_only(cmd->bm);
975 
976 	up_write(&cmd->lock);
977 }
978 
979 void dm_clone_metadata_set_read_write(struct dm_clone_metadata *cmd)
980 {
981 	down_write(&cmd->lock);
982 
983 	spin_lock_irq(&cmd->bitmap_lock);
984 	cmd->read_only = 0;
985 	spin_unlock_irq(&cmd->bitmap_lock);
986 
987 	if (!cmd->fail_io)
988 		dm_bm_set_read_write(cmd->bm);
989 
990 	up_write(&cmd->lock);
991 }
992 
993 int dm_clone_get_free_metadata_block_count(struct dm_clone_metadata *cmd,
994 					   dm_block_t *result)
995 {
996 	int r = -EINVAL;
997 
998 	down_read(&cmd->lock);
999 
1000 	if (!cmd->fail_io)
1001 		r = dm_sm_get_nr_free(cmd->sm, result);
1002 
1003 	up_read(&cmd->lock);
1004 
1005 	return r;
1006 }
1007 
1008 int dm_clone_get_metadata_dev_size(struct dm_clone_metadata *cmd,
1009 				   dm_block_t *result)
1010 {
1011 	int r = -EINVAL;
1012 
1013 	down_read(&cmd->lock);
1014 
1015 	if (!cmd->fail_io)
1016 		r = dm_sm_get_nr_blocks(cmd->sm, result);
1017 
1018 	up_read(&cmd->lock);
1019 
1020 	return r;
1021 }
1022