1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Author: Adrian Hunter 20 */ 21 22 #include "ubifs.h" 23 24 /* 25 * An orphan is an inode number whose inode node has been committed to the index 26 * with a link count of zero. That happens when an open file is deleted 27 * (unlinked) and then a commit is run. In the normal course of events the inode 28 * would be deleted when the file is closed. However in the case of an unclean 29 * unmount, orphans need to be accounted for. After an unclean unmount, the 30 * orphans' inodes must be deleted which means either scanning the entire index 31 * looking for them, or keeping a list on flash somewhere. This unit implements 32 * the latter approach. 33 * 34 * The orphan area is a fixed number of LEBs situated between the LPT area and 35 * the main area. The number of orphan area LEBs is specified when the file 36 * system is created. The minimum number is 1. The size of the orphan area 37 * should be so that it can hold the maximum number of orphans that are expected 38 * to ever exist at one time. 39 * 40 * The number of orphans that can fit in a LEB is: 41 * 42 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64) 43 * 44 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough. 45 * 46 * Orphans are accumulated in a rb-tree. When an inode's link count drops to 47 * zero, the inode number is added to the rb-tree. It is removed from the tree 48 * when the inode is deleted. Any new orphans that are in the orphan tree when 49 * the commit is run, are written to the orphan area in 1 or more orphan nodes. 50 * If the orphan area is full, it is consolidated to make space. There is 51 * always enough space because validation prevents the user from creating more 52 * than the maximum number of orphans allowed. 53 */ 54 55 static int dbg_check_orphans(struct ubifs_info *c); 56 57 static struct ubifs_orphan *orphan_add(struct ubifs_info *c, ino_t inum, 58 struct ubifs_orphan *parent_orphan) 59 { 60 struct ubifs_orphan *orphan, *o; 61 struct rb_node **p, *parent = NULL; 62 63 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS); 64 if (!orphan) 65 return ERR_PTR(-ENOMEM); 66 orphan->inum = inum; 67 orphan->new = 1; 68 INIT_LIST_HEAD(&orphan->child_list); 69 70 spin_lock(&c->orphan_lock); 71 if (c->tot_orphans >= c->max_orphans) { 72 spin_unlock(&c->orphan_lock); 73 kfree(orphan); 74 return ERR_PTR(-ENFILE); 75 } 76 p = &c->orph_tree.rb_node; 77 while (*p) { 78 parent = *p; 79 o = rb_entry(parent, struct ubifs_orphan, rb); 80 if (inum < o->inum) 81 p = &(*p)->rb_left; 82 else if (inum > o->inum) 83 p = &(*p)->rb_right; 84 else { 85 ubifs_err(c, "orphaned twice"); 86 spin_unlock(&c->orphan_lock); 87 kfree(orphan); 88 return ERR_PTR(-EINVAL); 89 } 90 } 91 c->tot_orphans += 1; 92 c->new_orphans += 1; 93 rb_link_node(&orphan->rb, parent, p); 94 rb_insert_color(&orphan->rb, &c->orph_tree); 95 list_add_tail(&orphan->list, &c->orph_list); 96 list_add_tail(&orphan->new_list, &c->orph_new); 97 98 if (parent_orphan) { 99 list_add_tail(&orphan->child_list, 100 &parent_orphan->child_list); 101 } 102 103 spin_unlock(&c->orphan_lock); 104 dbg_gen("ino %lu", (unsigned long)inum); 105 return orphan; 106 } 107 108 static struct ubifs_orphan *lookup_orphan(struct ubifs_info *c, ino_t inum) 109 { 110 struct ubifs_orphan *o; 111 struct rb_node *p; 112 113 p = c->orph_tree.rb_node; 114 while (p) { 115 o = rb_entry(p, struct ubifs_orphan, rb); 116 if (inum < o->inum) 117 p = p->rb_left; 118 else if (inum > o->inum) 119 p = p->rb_right; 120 else { 121 return o; 122 } 123 } 124 return NULL; 125 } 126 127 static void __orphan_drop(struct ubifs_info *c, struct ubifs_orphan *o) 128 { 129 rb_erase(&o->rb, &c->orph_tree); 130 list_del(&o->list); 131 c->tot_orphans -= 1; 132 133 if (o->new) { 134 list_del(&o->new_list); 135 c->new_orphans -= 1; 136 } 137 138 kfree(o); 139 } 140 141 static void orphan_delete(struct ubifs_info *c, ino_t inum) 142 { 143 struct ubifs_orphan *orph, *child_orph, *tmp_o; 144 145 spin_lock(&c->orphan_lock); 146 147 orph = lookup_orphan(c, inum); 148 if (!orph) { 149 spin_unlock(&c->orphan_lock); 150 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum); 151 dump_stack(); 152 153 return; 154 } 155 156 if (orph->del) { 157 spin_unlock(&c->orphan_lock); 158 dbg_gen("deleted twice ino %lu", 159 (unsigned long)inum); 160 return; 161 } 162 163 if (orph->cmt) { 164 orph->del = 1; 165 orph->dnext = c->orph_dnext; 166 c->orph_dnext = orph; 167 spin_unlock(&c->orphan_lock); 168 dbg_gen("delete later ino %lu", 169 (unsigned long)inum); 170 return; 171 } 172 173 list_for_each_entry_safe(child_orph, tmp_o, &orph->child_list, child_list) { 174 list_del(&child_orph->child_list); 175 __orphan_drop(c, child_orph); 176 } 177 178 __orphan_drop(c, orph); 179 180 spin_unlock(&c->orphan_lock); 181 } 182 183 /** 184 * ubifs_add_orphan - add an orphan. 185 * @c: UBIFS file-system description object 186 * @inum: orphan inode number 187 * 188 * Add an orphan. This function is called when an inodes link count drops to 189 * zero. 190 */ 191 int ubifs_add_orphan(struct ubifs_info *c, ino_t inum) 192 { 193 int err = 0; 194 ino_t xattr_inum; 195 union ubifs_key key; 196 struct ubifs_dent_node *xent; 197 struct fscrypt_name nm = {0}; 198 struct ubifs_orphan *xattr_orphan; 199 struct ubifs_orphan *orphan; 200 201 orphan = orphan_add(c, inum, NULL); 202 if (IS_ERR(orphan)) 203 return PTR_ERR(orphan); 204 205 lowest_xent_key(c, &key, inum); 206 while (1) { 207 xent = ubifs_tnc_next_ent(c, &key, &nm); 208 if (IS_ERR(xent)) { 209 err = PTR_ERR(xent); 210 if (err == -ENOENT) 211 break; 212 return err; 213 } 214 215 fname_name(&nm) = xent->name; 216 fname_len(&nm) = le16_to_cpu(xent->nlen); 217 xattr_inum = le64_to_cpu(xent->inum); 218 219 xattr_orphan = orphan_add(c, xattr_inum, orphan); 220 if (IS_ERR(xattr_orphan)) 221 return PTR_ERR(xattr_orphan); 222 223 key_read(c, &xent->key, &key); 224 } 225 226 return 0; 227 } 228 229 /** 230 * ubifs_delete_orphan - delete an orphan. 231 * @c: UBIFS file-system description object 232 * @inum: orphan inode number 233 * 234 * Delete an orphan. This function is called when an inode is deleted. 235 */ 236 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum) 237 { 238 orphan_delete(c, inum); 239 } 240 241 /** 242 * ubifs_orphan_start_commit - start commit of orphans. 243 * @c: UBIFS file-system description object 244 * 245 * Start commit of orphans. 246 */ 247 int ubifs_orphan_start_commit(struct ubifs_info *c) 248 { 249 struct ubifs_orphan *orphan, **last; 250 251 spin_lock(&c->orphan_lock); 252 last = &c->orph_cnext; 253 list_for_each_entry(orphan, &c->orph_new, new_list) { 254 ubifs_assert(c, orphan->new); 255 ubifs_assert(c, !orphan->cmt); 256 orphan->new = 0; 257 orphan->cmt = 1; 258 *last = orphan; 259 last = &orphan->cnext; 260 } 261 *last = NULL; 262 c->cmt_orphans = c->new_orphans; 263 c->new_orphans = 0; 264 dbg_cmt("%d orphans to commit", c->cmt_orphans); 265 INIT_LIST_HEAD(&c->orph_new); 266 if (c->tot_orphans == 0) 267 c->no_orphs = 1; 268 else 269 c->no_orphs = 0; 270 spin_unlock(&c->orphan_lock); 271 return 0; 272 } 273 274 /** 275 * avail_orphs - calculate available space. 276 * @c: UBIFS file-system description object 277 * 278 * This function returns the number of orphans that can be written in the 279 * available space. 280 */ 281 static int avail_orphs(struct ubifs_info *c) 282 { 283 int avail_lebs, avail, gap; 284 285 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1; 286 avail = avail_lebs * 287 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 288 gap = c->leb_size - c->ohead_offs; 289 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64)) 290 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 291 return avail; 292 } 293 294 /** 295 * tot_avail_orphs - calculate total space. 296 * @c: UBIFS file-system description object 297 * 298 * This function returns the number of orphans that can be written in half 299 * the total space. That leaves half the space for adding new orphans. 300 */ 301 static int tot_avail_orphs(struct ubifs_info *c) 302 { 303 int avail_lebs, avail; 304 305 avail_lebs = c->orph_lebs; 306 avail = avail_lebs * 307 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 308 return avail / 2; 309 } 310 311 /** 312 * do_write_orph_node - write a node to the orphan head. 313 * @c: UBIFS file-system description object 314 * @len: length of node 315 * @atomic: write atomically 316 * 317 * This function writes a node to the orphan head from the orphan buffer. If 318 * %atomic is not zero, then the write is done atomically. On success, %0 is 319 * returned, otherwise a negative error code is returned. 320 */ 321 static int do_write_orph_node(struct ubifs_info *c, int len, int atomic) 322 { 323 int err = 0; 324 325 if (atomic) { 326 ubifs_assert(c, c->ohead_offs == 0); 327 ubifs_prepare_node(c, c->orph_buf, len, 1); 328 len = ALIGN(len, c->min_io_size); 329 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len); 330 } else { 331 if (c->ohead_offs == 0) { 332 /* Ensure LEB has been unmapped */ 333 err = ubifs_leb_unmap(c, c->ohead_lnum); 334 if (err) 335 return err; 336 } 337 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum, 338 c->ohead_offs); 339 } 340 return err; 341 } 342 343 /** 344 * write_orph_node - write an orphan node. 345 * @c: UBIFS file-system description object 346 * @atomic: write atomically 347 * 348 * This function builds an orphan node from the cnext list and writes it to the 349 * orphan head. On success, %0 is returned, otherwise a negative error code 350 * is returned. 351 */ 352 static int write_orph_node(struct ubifs_info *c, int atomic) 353 { 354 struct ubifs_orphan *orphan, *cnext; 355 struct ubifs_orph_node *orph; 356 int gap, err, len, cnt, i; 357 358 ubifs_assert(c, c->cmt_orphans > 0); 359 gap = c->leb_size - c->ohead_offs; 360 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) { 361 c->ohead_lnum += 1; 362 c->ohead_offs = 0; 363 gap = c->leb_size; 364 if (c->ohead_lnum > c->orph_last) { 365 /* 366 * We limit the number of orphans so that this should 367 * never happen. 368 */ 369 ubifs_err(c, "out of space in orphan area"); 370 return -EINVAL; 371 } 372 } 373 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 374 if (cnt > c->cmt_orphans) 375 cnt = c->cmt_orphans; 376 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64); 377 ubifs_assert(c, c->orph_buf); 378 orph = c->orph_buf; 379 orph->ch.node_type = UBIFS_ORPH_NODE; 380 spin_lock(&c->orphan_lock); 381 cnext = c->orph_cnext; 382 for (i = 0; i < cnt; i++) { 383 orphan = cnext; 384 ubifs_assert(c, orphan->cmt); 385 orph->inos[i] = cpu_to_le64(orphan->inum); 386 orphan->cmt = 0; 387 cnext = orphan->cnext; 388 orphan->cnext = NULL; 389 } 390 c->orph_cnext = cnext; 391 c->cmt_orphans -= cnt; 392 spin_unlock(&c->orphan_lock); 393 if (c->cmt_orphans) 394 orph->cmt_no = cpu_to_le64(c->cmt_no); 395 else 396 /* Mark the last node of the commit */ 397 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63)); 398 ubifs_assert(c, c->ohead_offs + len <= c->leb_size); 399 ubifs_assert(c, c->ohead_lnum >= c->orph_first); 400 ubifs_assert(c, c->ohead_lnum <= c->orph_last); 401 err = do_write_orph_node(c, len, atomic); 402 c->ohead_offs += ALIGN(len, c->min_io_size); 403 c->ohead_offs = ALIGN(c->ohead_offs, 8); 404 return err; 405 } 406 407 /** 408 * write_orph_nodes - write orphan nodes until there are no more to commit. 409 * @c: UBIFS file-system description object 410 * @atomic: write atomically 411 * 412 * This function writes orphan nodes for all the orphans to commit. On success, 413 * %0 is returned, otherwise a negative error code is returned. 414 */ 415 static int write_orph_nodes(struct ubifs_info *c, int atomic) 416 { 417 int err; 418 419 while (c->cmt_orphans > 0) { 420 err = write_orph_node(c, atomic); 421 if (err) 422 return err; 423 } 424 if (atomic) { 425 int lnum; 426 427 /* Unmap any unused LEBs after consolidation */ 428 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) { 429 err = ubifs_leb_unmap(c, lnum); 430 if (err) 431 return err; 432 } 433 } 434 return 0; 435 } 436 437 /** 438 * consolidate - consolidate the orphan area. 439 * @c: UBIFS file-system description object 440 * 441 * This function enables consolidation by putting all the orphans into the list 442 * to commit. The list is in the order that the orphans were added, and the 443 * LEBs are written atomically in order, so at no time can orphans be lost by 444 * an unclean unmount. 445 * 446 * This function returns %0 on success and a negative error code on failure. 447 */ 448 static int consolidate(struct ubifs_info *c) 449 { 450 int tot_avail = tot_avail_orphs(c), err = 0; 451 452 spin_lock(&c->orphan_lock); 453 dbg_cmt("there is space for %d orphans and there are %d", 454 tot_avail, c->tot_orphans); 455 if (c->tot_orphans - c->new_orphans <= tot_avail) { 456 struct ubifs_orphan *orphan, **last; 457 int cnt = 0; 458 459 /* Change the cnext list to include all non-new orphans */ 460 last = &c->orph_cnext; 461 list_for_each_entry(orphan, &c->orph_list, list) { 462 if (orphan->new) 463 continue; 464 orphan->cmt = 1; 465 *last = orphan; 466 last = &orphan->cnext; 467 cnt += 1; 468 } 469 *last = NULL; 470 ubifs_assert(c, cnt == c->tot_orphans - c->new_orphans); 471 c->cmt_orphans = cnt; 472 c->ohead_lnum = c->orph_first; 473 c->ohead_offs = 0; 474 } else { 475 /* 476 * We limit the number of orphans so that this should 477 * never happen. 478 */ 479 ubifs_err(c, "out of space in orphan area"); 480 err = -EINVAL; 481 } 482 spin_unlock(&c->orphan_lock); 483 return err; 484 } 485 486 /** 487 * commit_orphans - commit orphans. 488 * @c: UBIFS file-system description object 489 * 490 * This function commits orphans to flash. On success, %0 is returned, 491 * otherwise a negative error code is returned. 492 */ 493 static int commit_orphans(struct ubifs_info *c) 494 { 495 int avail, atomic = 0, err; 496 497 ubifs_assert(c, c->cmt_orphans > 0); 498 avail = avail_orphs(c); 499 if (avail < c->cmt_orphans) { 500 /* Not enough space to write new orphans, so consolidate */ 501 err = consolidate(c); 502 if (err) 503 return err; 504 atomic = 1; 505 } 506 err = write_orph_nodes(c, atomic); 507 return err; 508 } 509 510 /** 511 * erase_deleted - erase the orphans marked for deletion. 512 * @c: UBIFS file-system description object 513 * 514 * During commit, the orphans being committed cannot be deleted, so they are 515 * marked for deletion and deleted by this function. Also, the recovery 516 * adds killed orphans to the deletion list, and therefore they are deleted 517 * here too. 518 */ 519 static void erase_deleted(struct ubifs_info *c) 520 { 521 struct ubifs_orphan *orphan, *dnext; 522 523 spin_lock(&c->orphan_lock); 524 dnext = c->orph_dnext; 525 while (dnext) { 526 orphan = dnext; 527 dnext = orphan->dnext; 528 ubifs_assert(c, !orphan->new); 529 ubifs_assert(c, orphan->del); 530 rb_erase(&orphan->rb, &c->orph_tree); 531 list_del(&orphan->list); 532 c->tot_orphans -= 1; 533 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum); 534 kfree(orphan); 535 } 536 c->orph_dnext = NULL; 537 spin_unlock(&c->orphan_lock); 538 } 539 540 /** 541 * ubifs_orphan_end_commit - end commit of orphans. 542 * @c: UBIFS file-system description object 543 * 544 * End commit of orphans. 545 */ 546 int ubifs_orphan_end_commit(struct ubifs_info *c) 547 { 548 int err; 549 550 if (c->cmt_orphans != 0) { 551 err = commit_orphans(c); 552 if (err) 553 return err; 554 } 555 erase_deleted(c); 556 err = dbg_check_orphans(c); 557 return err; 558 } 559 560 /** 561 * ubifs_clear_orphans - erase all LEBs used for orphans. 562 * @c: UBIFS file-system description object 563 * 564 * If recovery is not required, then the orphans from the previous session 565 * are not needed. This function locates the LEBs used to record 566 * orphans, and un-maps them. 567 */ 568 int ubifs_clear_orphans(struct ubifs_info *c) 569 { 570 int lnum, err; 571 572 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 573 err = ubifs_leb_unmap(c, lnum); 574 if (err) 575 return err; 576 } 577 c->ohead_lnum = c->orph_first; 578 c->ohead_offs = 0; 579 return 0; 580 } 581 582 /** 583 * insert_dead_orphan - insert an orphan. 584 * @c: UBIFS file-system description object 585 * @inum: orphan inode number 586 * 587 * This function is a helper to the 'do_kill_orphans()' function. The orphan 588 * must be kept until the next commit, so it is added to the rb-tree and the 589 * deletion list. 590 */ 591 static int insert_dead_orphan(struct ubifs_info *c, ino_t inum) 592 { 593 struct ubifs_orphan *orphan, *o; 594 struct rb_node **p, *parent = NULL; 595 596 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_KERNEL); 597 if (!orphan) 598 return -ENOMEM; 599 orphan->inum = inum; 600 601 p = &c->orph_tree.rb_node; 602 while (*p) { 603 parent = *p; 604 o = rb_entry(parent, struct ubifs_orphan, rb); 605 if (inum < o->inum) 606 p = &(*p)->rb_left; 607 else if (inum > o->inum) 608 p = &(*p)->rb_right; 609 else { 610 /* Already added - no problem */ 611 kfree(orphan); 612 return 0; 613 } 614 } 615 c->tot_orphans += 1; 616 rb_link_node(&orphan->rb, parent, p); 617 rb_insert_color(&orphan->rb, &c->orph_tree); 618 list_add_tail(&orphan->list, &c->orph_list); 619 orphan->del = 1; 620 orphan->dnext = c->orph_dnext; 621 c->orph_dnext = orphan; 622 dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum, 623 c->new_orphans, c->tot_orphans); 624 return 0; 625 } 626 627 /** 628 * do_kill_orphans - remove orphan inodes from the index. 629 * @c: UBIFS file-system description object 630 * @sleb: scanned LEB 631 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here 632 * @outofdate: whether the LEB is out of date is returned here 633 * @last_flagged: whether the end orphan node is encountered 634 * 635 * This function is a helper to the 'kill_orphans()' function. It goes through 636 * every orphan node in a LEB and for every inode number recorded, removes 637 * all keys for that inode from the TNC. 638 */ 639 static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb, 640 unsigned long long *last_cmt_no, int *outofdate, 641 int *last_flagged) 642 { 643 struct ubifs_scan_node *snod; 644 struct ubifs_orph_node *orph; 645 unsigned long long cmt_no; 646 ino_t inum; 647 int i, n, err, first = 1; 648 649 list_for_each_entry(snod, &sleb->nodes, list) { 650 if (snod->type != UBIFS_ORPH_NODE) { 651 ubifs_err(c, "invalid node type %d in orphan area at %d:%d", 652 snod->type, sleb->lnum, snod->offs); 653 ubifs_dump_node(c, snod->node); 654 return -EINVAL; 655 } 656 657 orph = snod->node; 658 659 /* Check commit number */ 660 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX; 661 /* 662 * The commit number on the master node may be less, because 663 * of a failed commit. If there are several failed commits in a 664 * row, the commit number written on orphan nodes will continue 665 * to increase (because the commit number is adjusted here) even 666 * though the commit number on the master node stays the same 667 * because the master node has not been re-written. 668 */ 669 if (cmt_no > c->cmt_no) 670 c->cmt_no = cmt_no; 671 if (cmt_no < *last_cmt_no && *last_flagged) { 672 /* 673 * The last orphan node had a higher commit number and 674 * was flagged as the last written for that commit 675 * number. That makes this orphan node, out of date. 676 */ 677 if (!first) { 678 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d", 679 cmt_no, sleb->lnum, snod->offs); 680 ubifs_dump_node(c, snod->node); 681 return -EINVAL; 682 } 683 dbg_rcvry("out of date LEB %d", sleb->lnum); 684 *outofdate = 1; 685 return 0; 686 } 687 688 if (first) 689 first = 0; 690 691 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 692 for (i = 0; i < n; i++) { 693 union ubifs_key key1, key2; 694 695 inum = le64_to_cpu(orph->inos[i]); 696 dbg_rcvry("deleting orphaned inode %lu", 697 (unsigned long)inum); 698 699 lowest_ino_key(c, &key1, inum); 700 highest_ino_key(c, &key2, inum); 701 702 err = ubifs_tnc_remove_range(c, &key1, &key2); 703 if (err) 704 return err; 705 err = insert_dead_orphan(c, inum); 706 if (err) 707 return err; 708 } 709 710 *last_cmt_no = cmt_no; 711 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) { 712 dbg_rcvry("last orph node for commit %llu at %d:%d", 713 cmt_no, sleb->lnum, snod->offs); 714 *last_flagged = 1; 715 } else 716 *last_flagged = 0; 717 } 718 719 return 0; 720 } 721 722 /** 723 * kill_orphans - remove all orphan inodes from the index. 724 * @c: UBIFS file-system description object 725 * 726 * If recovery is required, then orphan inodes recorded during the previous 727 * session (which ended with an unclean unmount) must be deleted from the index. 728 * This is done by updating the TNC, but since the index is not updated until 729 * the next commit, the LEBs where the orphan information is recorded are not 730 * erased until the next commit. 731 */ 732 static int kill_orphans(struct ubifs_info *c) 733 { 734 unsigned long long last_cmt_no = 0; 735 int lnum, err = 0, outofdate = 0, last_flagged = 0; 736 737 c->ohead_lnum = c->orph_first; 738 c->ohead_offs = 0; 739 /* Check no-orphans flag and skip this if no orphans */ 740 if (c->no_orphs) { 741 dbg_rcvry("no orphans"); 742 return 0; 743 } 744 /* 745 * Orph nodes always start at c->orph_first and are written to each 746 * successive LEB in turn. Generally unused LEBs will have been unmapped 747 * but may contain out of date orphan nodes if the unmap didn't go 748 * through. In addition, the last orphan node written for each commit is 749 * marked (top bit of orph->cmt_no is set to 1). It is possible that 750 * there are orphan nodes from the next commit (i.e. the commit did not 751 * complete successfully). In that case, no orphans will have been lost 752 * due to the way that orphans are written, and any orphans added will 753 * be valid orphans anyway and so can be deleted. 754 */ 755 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 756 struct ubifs_scan_leb *sleb; 757 758 dbg_rcvry("LEB %d", lnum); 759 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1); 760 if (IS_ERR(sleb)) { 761 if (PTR_ERR(sleb) == -EUCLEAN) 762 sleb = ubifs_recover_leb(c, lnum, 0, 763 c->sbuf, -1); 764 if (IS_ERR(sleb)) { 765 err = PTR_ERR(sleb); 766 break; 767 } 768 } 769 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate, 770 &last_flagged); 771 if (err || outofdate) { 772 ubifs_scan_destroy(sleb); 773 break; 774 } 775 if (sleb->endpt) { 776 c->ohead_lnum = lnum; 777 c->ohead_offs = sleb->endpt; 778 } 779 ubifs_scan_destroy(sleb); 780 } 781 return err; 782 } 783 784 /** 785 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them. 786 * @c: UBIFS file-system description object 787 * @unclean: indicates recovery from unclean unmount 788 * @read_only: indicates read only mount 789 * 790 * This function is called when mounting to erase orphans from the previous 791 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as 792 * orphans are deleted. 793 */ 794 int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only) 795 { 796 int err = 0; 797 798 c->max_orphans = tot_avail_orphs(c); 799 800 if (!read_only) { 801 c->orph_buf = vmalloc(c->leb_size); 802 if (!c->orph_buf) 803 return -ENOMEM; 804 } 805 806 if (unclean) 807 err = kill_orphans(c); 808 else if (!read_only) 809 err = ubifs_clear_orphans(c); 810 811 return err; 812 } 813 814 /* 815 * Everything below is related to debugging. 816 */ 817 818 struct check_orphan { 819 struct rb_node rb; 820 ino_t inum; 821 }; 822 823 struct check_info { 824 unsigned long last_ino; 825 unsigned long tot_inos; 826 unsigned long missing; 827 unsigned long long leaf_cnt; 828 struct ubifs_ino_node *node; 829 struct rb_root root; 830 }; 831 832 static bool dbg_find_orphan(struct ubifs_info *c, ino_t inum) 833 { 834 bool found = false; 835 836 spin_lock(&c->orphan_lock); 837 found = !!lookup_orphan(c, inum); 838 spin_unlock(&c->orphan_lock); 839 840 return found; 841 } 842 843 static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum) 844 { 845 struct check_orphan *orphan, *o; 846 struct rb_node **p, *parent = NULL; 847 848 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS); 849 if (!orphan) 850 return -ENOMEM; 851 orphan->inum = inum; 852 853 p = &root->rb_node; 854 while (*p) { 855 parent = *p; 856 o = rb_entry(parent, struct check_orphan, rb); 857 if (inum < o->inum) 858 p = &(*p)->rb_left; 859 else if (inum > o->inum) 860 p = &(*p)->rb_right; 861 else { 862 kfree(orphan); 863 return 0; 864 } 865 } 866 rb_link_node(&orphan->rb, parent, p); 867 rb_insert_color(&orphan->rb, root); 868 return 0; 869 } 870 871 static int dbg_find_check_orphan(struct rb_root *root, ino_t inum) 872 { 873 struct check_orphan *o; 874 struct rb_node *p; 875 876 p = root->rb_node; 877 while (p) { 878 o = rb_entry(p, struct check_orphan, rb); 879 if (inum < o->inum) 880 p = p->rb_left; 881 else if (inum > o->inum) 882 p = p->rb_right; 883 else 884 return 1; 885 } 886 return 0; 887 } 888 889 static void dbg_free_check_tree(struct rb_root *root) 890 { 891 struct check_orphan *o, *n; 892 893 rbtree_postorder_for_each_entry_safe(o, n, root, rb) 894 kfree(o); 895 } 896 897 static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr, 898 void *priv) 899 { 900 struct check_info *ci = priv; 901 ino_t inum; 902 int err; 903 904 inum = key_inum(c, &zbr->key); 905 if (inum != ci->last_ino) { 906 /* Lowest node type is the inode node, so it comes first */ 907 if (key_type(c, &zbr->key) != UBIFS_INO_KEY) 908 ubifs_err(c, "found orphan node ino %lu, type %d", 909 (unsigned long)inum, key_type(c, &zbr->key)); 910 ci->last_ino = inum; 911 ci->tot_inos += 1; 912 err = ubifs_tnc_read_node(c, zbr, ci->node); 913 if (err) { 914 ubifs_err(c, "node read failed, error %d", err); 915 return err; 916 } 917 if (ci->node->nlink == 0) 918 /* Must be recorded as an orphan */ 919 if (!dbg_find_check_orphan(&ci->root, inum) && 920 !dbg_find_orphan(c, inum)) { 921 ubifs_err(c, "missing orphan, ino %lu", 922 (unsigned long)inum); 923 ci->missing += 1; 924 } 925 } 926 ci->leaf_cnt += 1; 927 return 0; 928 } 929 930 static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb) 931 { 932 struct ubifs_scan_node *snod; 933 struct ubifs_orph_node *orph; 934 ino_t inum; 935 int i, n, err; 936 937 list_for_each_entry(snod, &sleb->nodes, list) { 938 cond_resched(); 939 if (snod->type != UBIFS_ORPH_NODE) 940 continue; 941 orph = snod->node; 942 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 943 for (i = 0; i < n; i++) { 944 inum = le64_to_cpu(orph->inos[i]); 945 err = dbg_ins_check_orphan(&ci->root, inum); 946 if (err) 947 return err; 948 } 949 } 950 return 0; 951 } 952 953 static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci) 954 { 955 int lnum, err = 0; 956 void *buf; 957 958 /* Check no-orphans flag and skip this if no orphans */ 959 if (c->no_orphs) 960 return 0; 961 962 buf = __vmalloc(c->leb_size, GFP_NOFS, PAGE_KERNEL); 963 if (!buf) { 964 ubifs_err(c, "cannot allocate memory to check orphans"); 965 return 0; 966 } 967 968 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 969 struct ubifs_scan_leb *sleb; 970 971 sleb = ubifs_scan(c, lnum, 0, buf, 0); 972 if (IS_ERR(sleb)) { 973 err = PTR_ERR(sleb); 974 break; 975 } 976 977 err = dbg_read_orphans(ci, sleb); 978 ubifs_scan_destroy(sleb); 979 if (err) 980 break; 981 } 982 983 vfree(buf); 984 return err; 985 } 986 987 static int dbg_check_orphans(struct ubifs_info *c) 988 { 989 struct check_info ci; 990 int err; 991 992 if (!dbg_is_chk_orph(c)) 993 return 0; 994 995 ci.last_ino = 0; 996 ci.tot_inos = 0; 997 ci.missing = 0; 998 ci.leaf_cnt = 0; 999 ci.root = RB_ROOT; 1000 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 1001 if (!ci.node) { 1002 ubifs_err(c, "out of memory"); 1003 return -ENOMEM; 1004 } 1005 1006 err = dbg_scan_orphans(c, &ci); 1007 if (err) 1008 goto out; 1009 1010 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci); 1011 if (err) { 1012 ubifs_err(c, "cannot scan TNC, error %d", err); 1013 goto out; 1014 } 1015 1016 if (ci.missing) { 1017 ubifs_err(c, "%lu missing orphan(s)", ci.missing); 1018 err = -EINVAL; 1019 goto out; 1020 } 1021 1022 dbg_cmt("last inode number is %lu", ci.last_ino); 1023 dbg_cmt("total number of inodes is %lu", ci.tot_inos); 1024 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt); 1025 1026 out: 1027 dbg_free_check_tree(&ci.root); 1028 kfree(ci.node); 1029 return err; 1030 } 1031