xref: /openbmc/linux/fs/ubifs/budget.c (revision 2f164822)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This file is part of UBIFS.
4  *
5  * Copyright (C) 2006-2008 Nokia Corporation.
6  *
7  * Authors: Adrian Hunter
8  *          Artem Bityutskiy (Битюцкий Артём)
9  */
10 
11 /*
12  * This file implements the budgeting sub-system which is responsible for UBIFS
13  * space management.
14  *
15  * Factors such as compression, wasted space at the ends of LEBs, space in other
16  * journal heads, the effect of updates on the index, and so on, make it
17  * impossible to accurately predict the amount of space needed. Consequently
18  * approximations are used.
19  */
20 
21 #include "ubifs.h"
22 #include <linux/writeback.h>
23 #include <linux/math64.h>
24 
25 /*
26  * When pessimistic budget calculations say that there is no enough space,
27  * UBIFS starts writing back dirty inodes and pages, doing garbage collection,
28  * or committing. The below constant defines maximum number of times UBIFS
29  * repeats the operations.
30  */
31 #define MAX_MKSPC_RETRIES 3
32 
33 /*
34  * The below constant defines amount of dirty pages which should be written
35  * back at when trying to shrink the liability.
36  */
37 #define NR_TO_WRITE 16
38 
39 /**
40  * shrink_liability - write-back some dirty pages/inodes.
41  * @c: UBIFS file-system description object
42  * @nr_to_write: how many dirty pages to write-back
43  *
44  * This function shrinks UBIFS liability by means of writing back some amount
45  * of dirty inodes and their pages.
46  *
47  * Note, this function synchronizes even VFS inodes which are locked
48  * (@i_mutex) by the caller of the budgeting function, because write-back does
49  * not touch @i_mutex.
50  */
51 static void shrink_liability(struct ubifs_info *c, int nr_to_write)
52 {
53 	down_read(&c->vfs_sb->s_umount);
54 	writeback_inodes_sb_nr(c->vfs_sb, nr_to_write, WB_REASON_FS_FREE_SPACE);
55 	up_read(&c->vfs_sb->s_umount);
56 }
57 
58 /**
59  * run_gc - run garbage collector.
60  * @c: UBIFS file-system description object
61  *
62  * This function runs garbage collector to make some more free space. Returns
63  * zero if a free LEB has been produced, %-EAGAIN if commit is required, and a
64  * negative error code in case of failure.
65  */
66 static int run_gc(struct ubifs_info *c)
67 {
68 	int lnum;
69 
70 	/* Make some free space by garbage-collecting dirty space */
71 	down_read(&c->commit_sem);
72 	lnum = ubifs_garbage_collect(c, 1);
73 	up_read(&c->commit_sem);
74 	if (lnum < 0)
75 		return lnum;
76 
77 	/* GC freed one LEB, return it to lprops */
78 	dbg_budg("GC freed LEB %d", lnum);
79 	return ubifs_return_leb(c, lnum);
80 }
81 
82 /**
83  * get_liability - calculate current liability.
84  * @c: UBIFS file-system description object
85  *
86  * This function calculates and returns current UBIFS liability, i.e. the
87  * amount of bytes UBIFS has "promised" to write to the media.
88  */
89 static long long get_liability(struct ubifs_info *c)
90 {
91 	long long liab;
92 
93 	spin_lock(&c->space_lock);
94 	liab = c->bi.idx_growth + c->bi.data_growth + c->bi.dd_growth;
95 	spin_unlock(&c->space_lock);
96 	return liab;
97 }
98 
99 /**
100  * make_free_space - make more free space on the file-system.
101  * @c: UBIFS file-system description object
102  *
103  * This function is called when an operation cannot be budgeted because there
104  * is supposedly no free space. But in most cases there is some free space:
105  *   o budgeting is pessimistic, so it always budgets more than it is actually
106  *     needed, so shrinking the liability is one way to make free space - the
107  *     cached data will take less space then it was budgeted for;
108  *   o GC may turn some dark space into free space (budgeting treats dark space
109  *     as not available);
110  *   o commit may free some LEB, i.e., turn freeable LEBs into free LEBs.
111  *
112  * So this function tries to do the above. Returns %-EAGAIN if some free space
113  * was presumably made and the caller has to re-try budgeting the operation.
114  * Returns %-ENOSPC if it couldn't do more free space, and other negative error
115  * codes on failures.
116  */
117 static int make_free_space(struct ubifs_info *c)
118 {
119 	int err, retries = 0;
120 	long long liab1, liab2;
121 
122 	do {
123 		liab1 = get_liability(c);
124 		/*
125 		 * We probably have some dirty pages or inodes (liability), try
126 		 * to write them back.
127 		 */
128 		dbg_budg("liability %lld, run write-back", liab1);
129 		shrink_liability(c, NR_TO_WRITE);
130 
131 		liab2 = get_liability(c);
132 		if (liab2 < liab1)
133 			return -EAGAIN;
134 
135 		dbg_budg("new liability %lld (not shrunk)", liab2);
136 
137 		/* Liability did not shrink again, try GC */
138 		dbg_budg("Run GC");
139 		err = run_gc(c);
140 		if (!err)
141 			return -EAGAIN;
142 
143 		if (err != -EAGAIN && err != -ENOSPC)
144 			/* Some real error happened */
145 			return err;
146 
147 		dbg_budg("Run commit (retries %d)", retries);
148 		err = ubifs_run_commit(c);
149 		if (err)
150 			return err;
151 	} while (retries++ < MAX_MKSPC_RETRIES);
152 
153 	return -ENOSPC;
154 }
155 
156 /**
157  * ubifs_calc_min_idx_lebs - calculate amount of LEBs for the index.
158  * @c: UBIFS file-system description object
159  *
160  * This function calculates and returns the number of LEBs which should be kept
161  * for index usage.
162  */
163 int ubifs_calc_min_idx_lebs(struct ubifs_info *c)
164 {
165 	int idx_lebs;
166 	long long idx_size;
167 
168 	idx_size = c->bi.old_idx_sz + c->bi.idx_growth + c->bi.uncommitted_idx;
169 	/* And make sure we have thrice the index size of space reserved */
170 	idx_size += idx_size << 1;
171 	/*
172 	 * We do not maintain 'old_idx_size' as 'old_idx_lebs'/'old_idx_bytes'
173 	 * pair, nor similarly the two variables for the new index size, so we
174 	 * have to do this costly 64-bit division on fast-path.
175 	 */
176 	idx_lebs = div_u64(idx_size + c->idx_leb_size - 1, c->idx_leb_size);
177 	/*
178 	 * The index head is not available for the in-the-gaps method, so add an
179 	 * extra LEB to compensate.
180 	 */
181 	idx_lebs += 1;
182 	if (idx_lebs < MIN_INDEX_LEBS)
183 		idx_lebs = MIN_INDEX_LEBS;
184 	return idx_lebs;
185 }
186 
187 /**
188  * ubifs_calc_available - calculate available FS space.
189  * @c: UBIFS file-system description object
190  * @min_idx_lebs: minimum number of LEBs reserved for the index
191  *
192  * This function calculates and returns amount of FS space available for use.
193  */
194 long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
195 {
196 	int subtract_lebs;
197 	long long available;
198 
199 	available = c->main_bytes - c->lst.total_used;
200 
201 	/*
202 	 * Now 'available' contains theoretically available flash space
203 	 * assuming there is no index, so we have to subtract the space which
204 	 * is reserved for the index.
205 	 */
206 	subtract_lebs = min_idx_lebs;
207 
208 	/* Take into account that GC reserves one LEB for its own needs */
209 	subtract_lebs += 1;
210 
211 	/*
212 	 * Since different write types go to different heads, we should
213 	 * reserve one leb for each head.
214 	 */
215 	subtract_lebs += c->jhead_cnt;
216 
217 	/* We also reserve one LEB for deletions, which bypass budgeting */
218 	subtract_lebs += 1;
219 
220 	available -= (long long)subtract_lebs * c->leb_size;
221 
222 	/* Subtract the dead space which is not available for use */
223 	available -= c->lst.total_dead;
224 
225 	/*
226 	 * Subtract dark space, which might or might not be usable - it depends
227 	 * on the data which we have on the media and which will be written. If
228 	 * this is a lot of uncompressed or not-compressible data, the dark
229 	 * space cannot be used.
230 	 */
231 	available -= c->lst.total_dark;
232 
233 	/*
234 	 * However, there is more dark space. The index may be bigger than
235 	 * @min_idx_lebs. Those extra LEBs are assumed to be available, but
236 	 * their dark space is not included in total_dark, so it is subtracted
237 	 * here.
238 	 */
239 	if (c->lst.idx_lebs > min_idx_lebs) {
240 		subtract_lebs = c->lst.idx_lebs - min_idx_lebs;
241 		available -= subtract_lebs * c->dark_wm;
242 	}
243 
244 	/* The calculations are rough and may end up with a negative number */
245 	return available > 0 ? available : 0;
246 }
247 
248 /**
249  * can_use_rp - check whether the user is allowed to use reserved pool.
250  * @c: UBIFS file-system description object
251  *
252  * UBIFS has so-called "reserved pool" which is flash space reserved
253  * for the superuser and for uses whose UID/GID is recorded in UBIFS superblock.
254  * This function checks whether current user is allowed to use reserved pool.
255  * Returns %1  current user is allowed to use reserved pool and %0 otherwise.
256  */
257 static int can_use_rp(struct ubifs_info *c)
258 {
259 	if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
260 	    (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
261 		return 1;
262 	return 0;
263 }
264 
265 /**
266  * do_budget_space - reserve flash space for index and data growth.
267  * @c: UBIFS file-system description object
268  *
269  * This function makes sure UBIFS has enough free LEBs for index growth and
270  * data.
271  *
272  * When budgeting index space, UBIFS reserves thrice as many LEBs as the index
273  * would take if it was consolidated and written to the flash. This guarantees
274  * that the "in-the-gaps" commit method always succeeds and UBIFS will always
275  * be able to commit dirty index. So this function basically adds amount of
276  * budgeted index space to the size of the current index, multiplies this by 3,
277  * and makes sure this does not exceed the amount of free LEBs.
278  *
279  * Notes about @c->bi.min_idx_lebs and @c->lst.idx_lebs variables:
280  * o @c->lst.idx_lebs is the number of LEBs the index currently uses. It might
281  *    be large, because UBIFS does not do any index consolidation as long as
282  *    there is free space. IOW, the index may take a lot of LEBs, but the LEBs
283  *    will contain a lot of dirt.
284  * o @c->bi.min_idx_lebs is the number of LEBS the index presumably takes. IOW,
285  *    the index may be consolidated to take up to @c->bi.min_idx_lebs LEBs.
286  *
287  * This function returns zero in case of success, and %-ENOSPC in case of
288  * failure.
289  */
290 static int do_budget_space(struct ubifs_info *c)
291 {
292 	long long outstanding, available;
293 	int lebs, rsvd_idx_lebs, min_idx_lebs;
294 
295 	/* First budget index space */
296 	min_idx_lebs = ubifs_calc_min_idx_lebs(c);
297 
298 	/* Now 'min_idx_lebs' contains number of LEBs to reserve */
299 	if (min_idx_lebs > c->lst.idx_lebs)
300 		rsvd_idx_lebs = min_idx_lebs - c->lst.idx_lebs;
301 	else
302 		rsvd_idx_lebs = 0;
303 
304 	/*
305 	 * The number of LEBs that are available to be used by the index is:
306 	 *
307 	 *    @c->lst.empty_lebs + @c->freeable_cnt + @c->idx_gc_cnt -
308 	 *    @c->lst.taken_empty_lebs
309 	 *
310 	 * @c->lst.empty_lebs are available because they are empty.
311 	 * @c->freeable_cnt are available because they contain only free and
312 	 * dirty space, @c->idx_gc_cnt are available because they are index
313 	 * LEBs that have been garbage collected and are awaiting the commit
314 	 * before they can be used. And the in-the-gaps method will grab these
315 	 * if it needs them. @c->lst.taken_empty_lebs are empty LEBs that have
316 	 * already been allocated for some purpose.
317 	 *
318 	 * Note, @c->idx_gc_cnt is included to both @c->lst.empty_lebs (because
319 	 * these LEBs are empty) and to @c->lst.taken_empty_lebs (because they
320 	 * are taken until after the commit).
321 	 *
322 	 * Note, @c->lst.taken_empty_lebs may temporarily be higher by one
323 	 * because of the way we serialize LEB allocations and budgeting. See a
324 	 * comment in 'ubifs_find_free_space()'.
325 	 */
326 	lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
327 	       c->lst.taken_empty_lebs;
328 	if (unlikely(rsvd_idx_lebs > lebs)) {
329 		dbg_budg("out of indexing space: min_idx_lebs %d (old %d), rsvd_idx_lebs %d",
330 			 min_idx_lebs, c->bi.min_idx_lebs, rsvd_idx_lebs);
331 		return -ENOSPC;
332 	}
333 
334 	available = ubifs_calc_available(c, min_idx_lebs);
335 	outstanding = c->bi.data_growth + c->bi.dd_growth;
336 
337 	if (unlikely(available < outstanding)) {
338 		dbg_budg("out of data space: available %lld, outstanding %lld",
339 			 available, outstanding);
340 		return -ENOSPC;
341 	}
342 
343 	if (available - outstanding <= c->rp_size && !can_use_rp(c))
344 		return -ENOSPC;
345 
346 	c->bi.min_idx_lebs = min_idx_lebs;
347 	return 0;
348 }
349 
350 /**
351  * calc_idx_growth - calculate approximate index growth from budgeting request.
352  * @c: UBIFS file-system description object
353  * @req: budgeting request
354  *
355  * For now we assume each new node adds one znode. But this is rather poor
356  * approximation, though.
357  */
358 static int calc_idx_growth(const struct ubifs_info *c,
359 			   const struct ubifs_budget_req *req)
360 {
361 	int znodes;
362 
363 	znodes = req->new_ino + (req->new_page << UBIFS_BLOCKS_PER_PAGE_SHIFT) +
364 		 req->new_dent;
365 	return znodes * c->max_idx_node_sz;
366 }
367 
368 /**
369  * calc_data_growth - calculate approximate amount of new data from budgeting
370  * request.
371  * @c: UBIFS file-system description object
372  * @req: budgeting request
373  */
374 static int calc_data_growth(const struct ubifs_info *c,
375 			    const struct ubifs_budget_req *req)
376 {
377 	int data_growth;
378 
379 	data_growth = req->new_ino  ? c->bi.inode_budget : 0;
380 	if (req->new_page)
381 		data_growth += c->bi.page_budget;
382 	if (req->new_dent)
383 		data_growth += c->bi.dent_budget;
384 	data_growth += req->new_ino_d;
385 	return data_growth;
386 }
387 
388 /**
389  * calc_dd_growth - calculate approximate amount of data which makes other data
390  * dirty from budgeting request.
391  * @c: UBIFS file-system description object
392  * @req: budgeting request
393  */
394 static int calc_dd_growth(const struct ubifs_info *c,
395 			  const struct ubifs_budget_req *req)
396 {
397 	int dd_growth;
398 
399 	dd_growth = req->dirtied_page ? c->bi.page_budget : 0;
400 
401 	if (req->dirtied_ino)
402 		dd_growth += c->bi.inode_budget * req->dirtied_ino;
403 	if (req->mod_dent)
404 		dd_growth += c->bi.dent_budget;
405 	dd_growth += req->dirtied_ino_d;
406 	return dd_growth;
407 }
408 
409 /**
410  * ubifs_budget_space - ensure there is enough space to complete an operation.
411  * @c: UBIFS file-system description object
412  * @req: budget request
413  *
414  * This function allocates budget for an operation. It uses pessimistic
415  * approximation of how much flash space the operation needs. The goal of this
416  * function is to make sure UBIFS always has flash space to flush all dirty
417  * pages, dirty inodes, and dirty znodes (liability). This function may force
418  * commit, garbage-collection or write-back. Returns zero in case of success,
419  * %-ENOSPC if there is no free space and other negative error codes in case of
420  * failures.
421  */
422 int ubifs_budget_space(struct ubifs_info *c, struct ubifs_budget_req *req)
423 {
424 	int err, idx_growth, data_growth, dd_growth, retried = 0;
425 
426 	ubifs_assert(c, req->new_page <= 1);
427 	ubifs_assert(c, req->dirtied_page <= 1);
428 	ubifs_assert(c, req->new_dent <= 1);
429 	ubifs_assert(c, req->mod_dent <= 1);
430 	ubifs_assert(c, req->new_ino <= 1);
431 	ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
432 	ubifs_assert(c, req->dirtied_ino <= 4);
433 	ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
434 	ubifs_assert(c, !(req->new_ino_d & 7));
435 	ubifs_assert(c, !(req->dirtied_ino_d & 7));
436 
437 	data_growth = calc_data_growth(c, req);
438 	dd_growth = calc_dd_growth(c, req);
439 	if (!data_growth && !dd_growth)
440 		return 0;
441 	idx_growth = calc_idx_growth(c, req);
442 
443 again:
444 	spin_lock(&c->space_lock);
445 	ubifs_assert(c, c->bi.idx_growth >= 0);
446 	ubifs_assert(c, c->bi.data_growth >= 0);
447 	ubifs_assert(c, c->bi.dd_growth >= 0);
448 
449 	if (unlikely(c->bi.nospace) && (c->bi.nospace_rp || !can_use_rp(c))) {
450 		dbg_budg("no space");
451 		spin_unlock(&c->space_lock);
452 		return -ENOSPC;
453 	}
454 
455 	c->bi.idx_growth += idx_growth;
456 	c->bi.data_growth += data_growth;
457 	c->bi.dd_growth += dd_growth;
458 
459 	err = do_budget_space(c);
460 	if (likely(!err)) {
461 		req->idx_growth = idx_growth;
462 		req->data_growth = data_growth;
463 		req->dd_growth = dd_growth;
464 		spin_unlock(&c->space_lock);
465 		return 0;
466 	}
467 
468 	/* Restore the old values */
469 	c->bi.idx_growth -= idx_growth;
470 	c->bi.data_growth -= data_growth;
471 	c->bi.dd_growth -= dd_growth;
472 	spin_unlock(&c->space_lock);
473 
474 	if (req->fast) {
475 		dbg_budg("no space for fast budgeting");
476 		return err;
477 	}
478 
479 	err = make_free_space(c);
480 	cond_resched();
481 	if (err == -EAGAIN) {
482 		dbg_budg("try again");
483 		goto again;
484 	} else if (err == -ENOSPC) {
485 		if (!retried) {
486 			retried = 1;
487 			dbg_budg("-ENOSPC, but anyway try once again");
488 			goto again;
489 		}
490 		dbg_budg("FS is full, -ENOSPC");
491 		c->bi.nospace = 1;
492 		if (can_use_rp(c) || c->rp_size == 0)
493 			c->bi.nospace_rp = 1;
494 		smp_wmb();
495 	} else
496 		ubifs_err(c, "cannot budget space, error %d", err);
497 	return err;
498 }
499 
500 /**
501  * ubifs_release_budget - release budgeted free space.
502  * @c: UBIFS file-system description object
503  * @req: budget request
504  *
505  * This function releases the space budgeted by 'ubifs_budget_space()'. Note,
506  * since the index changes (which were budgeted for in @req->idx_growth) will
507  * only be written to the media on commit, this function moves the index budget
508  * from @c->bi.idx_growth to @c->bi.uncommitted_idx. The latter will be zeroed
509  * by the commit operation.
510  */
511 void ubifs_release_budget(struct ubifs_info *c, struct ubifs_budget_req *req)
512 {
513 	ubifs_assert(c, req->new_page <= 1);
514 	ubifs_assert(c, req->dirtied_page <= 1);
515 	ubifs_assert(c, req->new_dent <= 1);
516 	ubifs_assert(c, req->mod_dent <= 1);
517 	ubifs_assert(c, req->new_ino <= 1);
518 	ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
519 	ubifs_assert(c, req->dirtied_ino <= 4);
520 	ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
521 	ubifs_assert(c, !(req->new_ino_d & 7));
522 	ubifs_assert(c, !(req->dirtied_ino_d & 7));
523 	if (!req->recalculate) {
524 		ubifs_assert(c, req->idx_growth >= 0);
525 		ubifs_assert(c, req->data_growth >= 0);
526 		ubifs_assert(c, req->dd_growth >= 0);
527 	}
528 
529 	if (req->recalculate) {
530 		req->data_growth = calc_data_growth(c, req);
531 		req->dd_growth = calc_dd_growth(c, req);
532 		req->idx_growth = calc_idx_growth(c, req);
533 	}
534 
535 	if (!req->data_growth && !req->dd_growth)
536 		return;
537 
538 	c->bi.nospace = c->bi.nospace_rp = 0;
539 	smp_wmb();
540 
541 	spin_lock(&c->space_lock);
542 	c->bi.idx_growth -= req->idx_growth;
543 	c->bi.uncommitted_idx += req->idx_growth;
544 	c->bi.data_growth -= req->data_growth;
545 	c->bi.dd_growth -= req->dd_growth;
546 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
547 
548 	ubifs_assert(c, c->bi.idx_growth >= 0);
549 	ubifs_assert(c, c->bi.data_growth >= 0);
550 	ubifs_assert(c, c->bi.dd_growth >= 0);
551 	ubifs_assert(c, c->bi.min_idx_lebs < c->main_lebs);
552 	ubifs_assert(c, !(c->bi.idx_growth & 7));
553 	ubifs_assert(c, !(c->bi.data_growth & 7));
554 	ubifs_assert(c, !(c->bi.dd_growth & 7));
555 	spin_unlock(&c->space_lock);
556 }
557 
558 /**
559  * ubifs_convert_page_budget - convert budget of a new page.
560  * @c: UBIFS file-system description object
561  *
562  * This function converts budget which was allocated for a new page of data to
563  * the budget of changing an existing page of data. The latter is smaller than
564  * the former, so this function only does simple re-calculation and does not
565  * involve any write-back.
566  */
567 void ubifs_convert_page_budget(struct ubifs_info *c)
568 {
569 	spin_lock(&c->space_lock);
570 	/* Release the index growth reservation */
571 	c->bi.idx_growth -= c->max_idx_node_sz << UBIFS_BLOCKS_PER_PAGE_SHIFT;
572 	/* Release the data growth reservation */
573 	c->bi.data_growth -= c->bi.page_budget;
574 	/* Increase the dirty data growth reservation instead */
575 	c->bi.dd_growth += c->bi.page_budget;
576 	/* And re-calculate the indexing space reservation */
577 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
578 	spin_unlock(&c->space_lock);
579 }
580 
581 /**
582  * ubifs_release_dirty_inode_budget - release dirty inode budget.
583  * @c: UBIFS file-system description object
584  * @ui: UBIFS inode to release the budget for
585  *
586  * This function releases budget corresponding to a dirty inode. It is usually
587  * called when after the inode has been written to the media and marked as
588  * clean. It also causes the "no space" flags to be cleared.
589  */
590 void ubifs_release_dirty_inode_budget(struct ubifs_info *c,
591 				      struct ubifs_inode *ui)
592 {
593 	struct ubifs_budget_req req;
594 
595 	memset(&req, 0, sizeof(struct ubifs_budget_req));
596 	/* The "no space" flags will be cleared because dd_growth is > 0 */
597 	req.dd_growth = c->bi.inode_budget + ALIGN(ui->data_len, 8);
598 	ubifs_release_budget(c, &req);
599 }
600 
601 /**
602  * ubifs_reported_space - calculate reported free space.
603  * @c: the UBIFS file-system description object
604  * @free: amount of free space
605  *
606  * This function calculates amount of free space which will be reported to
607  * user-space. User-space application tend to expect that if the file-system
608  * (e.g., via the 'statfs()' call) reports that it has N bytes available, they
609  * are able to write a file of size N. UBIFS attaches node headers to each data
610  * node and it has to write indexing nodes as well. This introduces additional
611  * overhead, and UBIFS has to report slightly less free space to meet the above
612  * expectations.
613  *
614  * This function assumes free space is made up of uncompressed data nodes and
615  * full index nodes (one per data node, tripled because we always allow enough
616  * space to write the index thrice).
617  *
618  * Note, the calculation is pessimistic, which means that most of the time
619  * UBIFS reports less space than it actually has.
620  */
621 long long ubifs_reported_space(const struct ubifs_info *c, long long free)
622 {
623 	int divisor, factor, f;
624 
625 	/*
626 	 * Reported space size is @free * X, where X is UBIFS block size
627 	 * divided by UBIFS block size + all overhead one data block
628 	 * introduces. The overhead is the node header + indexing overhead.
629 	 *
630 	 * Indexing overhead calculations are based on the following formula:
631 	 * I = N/(f - 1) + 1, where I - number of indexing nodes, N - number
632 	 * of data nodes, f - fanout. Because effective UBIFS fanout is twice
633 	 * as less than maximum fanout, we assume that each data node
634 	 * introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes.
635 	 * Note, the multiplier 3 is because UBIFS reserves thrice as more space
636 	 * for the index.
637 	 */
638 	f = c->fanout > 3 ? c->fanout >> 1 : 2;
639 	factor = UBIFS_BLOCK_SIZE;
640 	divisor = UBIFS_MAX_DATA_NODE_SZ;
641 	divisor += (c->max_idx_node_sz * 3) / (f - 1);
642 	free *= factor;
643 	return div_u64(free, divisor);
644 }
645 
646 /**
647  * ubifs_get_free_space_nolock - return amount of free space.
648  * @c: UBIFS file-system description object
649  *
650  * This function calculates amount of free space to report to user-space.
651  *
652  * Because UBIFS may introduce substantial overhead (the index, node headers,
653  * alignment, wastage at the end of LEBs, etc), it cannot report real amount of
654  * free flash space it has (well, because not all dirty space is reclaimable,
655  * UBIFS does not actually know the real amount). If UBIFS did so, it would
656  * bread user expectations about what free space is. Users seem to accustomed
657  * to assume that if the file-system reports N bytes of free space, they would
658  * be able to fit a file of N bytes to the FS. This almost works for
659  * traditional file-systems, because they have way less overhead than UBIFS.
660  * So, to keep users happy, UBIFS tries to take the overhead into account.
661  */
662 long long ubifs_get_free_space_nolock(struct ubifs_info *c)
663 {
664 	int rsvd_idx_lebs, lebs;
665 	long long available, outstanding, free;
666 
667 	ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
668 	outstanding = c->bi.data_growth + c->bi.dd_growth;
669 	available = ubifs_calc_available(c, c->bi.min_idx_lebs);
670 
671 	/*
672 	 * When reporting free space to user-space, UBIFS guarantees that it is
673 	 * possible to write a file of free space size. This means that for
674 	 * empty LEBs we may use more precise calculations than
675 	 * 'ubifs_calc_available()' is using. Namely, we know that in empty
676 	 * LEBs we would waste only @c->leb_overhead bytes, not @c->dark_wm.
677 	 * Thus, amend the available space.
678 	 *
679 	 * Note, the calculations below are similar to what we have in
680 	 * 'do_budget_space()', so refer there for comments.
681 	 */
682 	if (c->bi.min_idx_lebs > c->lst.idx_lebs)
683 		rsvd_idx_lebs = c->bi.min_idx_lebs - c->lst.idx_lebs;
684 	else
685 		rsvd_idx_lebs = 0;
686 	lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
687 	       c->lst.taken_empty_lebs;
688 	lebs -= rsvd_idx_lebs;
689 	available += lebs * (c->dark_wm - c->leb_overhead);
690 
691 	if (available > outstanding)
692 		free = ubifs_reported_space(c, available - outstanding);
693 	else
694 		free = 0;
695 	return free;
696 }
697 
698 /**
699  * ubifs_get_free_space - return amount of free space.
700  * @c: UBIFS file-system description object
701  *
702  * This function calculates and returns amount of free space to report to
703  * user-space.
704  */
705 long long ubifs_get_free_space(struct ubifs_info *c)
706 {
707 	long long free;
708 
709 	spin_lock(&c->space_lock);
710 	free = ubifs_get_free_space_nolock(c);
711 	spin_unlock(&c->space_lock);
712 
713 	return free;
714 }
715