xref: /openbmc/linux/fs/ubifs/tnc_commit.c (revision 1c2dd16a)
1 /*
2  * This file is part of UBIFS.
3  *
4  * Copyright (C) 2006-2008 Nokia Corporation.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Adrian Hunter
20  *          Artem Bityutskiy (Битюцкий Артём)
21  */
22 
23 /* This file implements TNC functions for committing */
24 
25 #include <linux/random.h>
26 #include "ubifs.h"
27 
28 /**
29  * make_idx_node - make an index node for fill-the-gaps method of TNC commit.
30  * @c: UBIFS file-system description object
31  * @idx: buffer in which to place new index node
32  * @znode: znode from which to make new index node
33  * @lnum: LEB number where new index node will be written
34  * @offs: offset where new index node will be written
35  * @len: length of new index node
36  */
37 static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
38 			 struct ubifs_znode *znode, int lnum, int offs, int len)
39 {
40 	struct ubifs_znode *zp;
41 	int i, err;
42 
43 	/* Make index node */
44 	idx->ch.node_type = UBIFS_IDX_NODE;
45 	idx->child_cnt = cpu_to_le16(znode->child_cnt);
46 	idx->level = cpu_to_le16(znode->level);
47 	for (i = 0; i < znode->child_cnt; i++) {
48 		struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
49 		struct ubifs_zbranch *zbr = &znode->zbranch[i];
50 
51 		key_write_idx(c, &zbr->key, &br->key);
52 		br->lnum = cpu_to_le32(zbr->lnum);
53 		br->offs = cpu_to_le32(zbr->offs);
54 		br->len = cpu_to_le32(zbr->len);
55 		if (!zbr->lnum || !zbr->len) {
56 			ubifs_err(c, "bad ref in znode");
57 			ubifs_dump_znode(c, znode);
58 			if (zbr->znode)
59 				ubifs_dump_znode(c, zbr->znode);
60 		}
61 	}
62 	ubifs_prepare_node(c, idx, len, 0);
63 
64 	znode->lnum = lnum;
65 	znode->offs = offs;
66 	znode->len = len;
67 
68 	err = insert_old_idx_znode(c, znode);
69 
70 	/* Update the parent */
71 	zp = znode->parent;
72 	if (zp) {
73 		struct ubifs_zbranch *zbr;
74 
75 		zbr = &zp->zbranch[znode->iip];
76 		zbr->lnum = lnum;
77 		zbr->offs = offs;
78 		zbr->len = len;
79 	} else {
80 		c->zroot.lnum = lnum;
81 		c->zroot.offs = offs;
82 		c->zroot.len = len;
83 	}
84 	c->calc_idx_sz += ALIGN(len, 8);
85 
86 	atomic_long_dec(&c->dirty_zn_cnt);
87 
88 	ubifs_assert(ubifs_zn_dirty(znode));
89 	ubifs_assert(ubifs_zn_cow(znode));
90 
91 	/*
92 	 * Note, unlike 'write_index()' we do not add memory barriers here
93 	 * because this function is called with @c->tnc_mutex locked.
94 	 */
95 	__clear_bit(DIRTY_ZNODE, &znode->flags);
96 	__clear_bit(COW_ZNODE, &znode->flags);
97 
98 	return err;
99 }
100 
101 /**
102  * fill_gap - make index nodes in gaps in dirty index LEBs.
103  * @c: UBIFS file-system description object
104  * @lnum: LEB number that gap appears in
105  * @gap_start: offset of start of gap
106  * @gap_end: offset of end of gap
107  * @dirt: adds dirty space to this
108  *
109  * This function returns the number of index nodes written into the gap.
110  */
111 static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
112 		    int *dirt)
113 {
114 	int len, gap_remains, gap_pos, written, pad_len;
115 
116 	ubifs_assert((gap_start & 7) == 0);
117 	ubifs_assert((gap_end & 7) == 0);
118 	ubifs_assert(gap_end >= gap_start);
119 
120 	gap_remains = gap_end - gap_start;
121 	if (!gap_remains)
122 		return 0;
123 	gap_pos = gap_start;
124 	written = 0;
125 	while (c->enext) {
126 		len = ubifs_idx_node_sz(c, c->enext->child_cnt);
127 		if (len < gap_remains) {
128 			struct ubifs_znode *znode = c->enext;
129 			const int alen = ALIGN(len, 8);
130 			int err;
131 
132 			ubifs_assert(alen <= gap_remains);
133 			err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
134 					    lnum, gap_pos, len);
135 			if (err)
136 				return err;
137 			gap_remains -= alen;
138 			gap_pos += alen;
139 			c->enext = znode->cnext;
140 			if (c->enext == c->cnext)
141 				c->enext = NULL;
142 			written += 1;
143 		} else
144 			break;
145 	}
146 	if (gap_end == c->leb_size) {
147 		c->ileb_len = ALIGN(gap_pos, c->min_io_size);
148 		/* Pad to end of min_io_size */
149 		pad_len = c->ileb_len - gap_pos;
150 	} else
151 		/* Pad to end of gap */
152 		pad_len = gap_remains;
153 	dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
154 	       lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
155 	ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
156 	*dirt += pad_len;
157 	return written;
158 }
159 
160 /**
161  * find_old_idx - find an index node obsoleted since the last commit start.
162  * @c: UBIFS file-system description object
163  * @lnum: LEB number of obsoleted index node
164  * @offs: offset of obsoleted index node
165  *
166  * Returns %1 if found and %0 otherwise.
167  */
168 static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
169 {
170 	struct ubifs_old_idx *o;
171 	struct rb_node *p;
172 
173 	p = c->old_idx.rb_node;
174 	while (p) {
175 		o = rb_entry(p, struct ubifs_old_idx, rb);
176 		if (lnum < o->lnum)
177 			p = p->rb_left;
178 		else if (lnum > o->lnum)
179 			p = p->rb_right;
180 		else if (offs < o->offs)
181 			p = p->rb_left;
182 		else if (offs > o->offs)
183 			p = p->rb_right;
184 		else
185 			return 1;
186 	}
187 	return 0;
188 }
189 
190 /**
191  * is_idx_node_in_use - determine if an index node can be overwritten.
192  * @c: UBIFS file-system description object
193  * @key: key of index node
194  * @level: index node level
195  * @lnum: LEB number of index node
196  * @offs: offset of index node
197  *
198  * If @key / @lnum / @offs identify an index node that was not part of the old
199  * index, then this function returns %0 (obsolete).  Else if the index node was
200  * part of the old index but is now dirty %1 is returned, else if it is clean %2
201  * is returned. A negative error code is returned on failure.
202  */
203 static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
204 			      int level, int lnum, int offs)
205 {
206 	int ret;
207 
208 	ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
209 	if (ret < 0)
210 		return ret; /* Error code */
211 	if (ret == 0)
212 		if (find_old_idx(c, lnum, offs))
213 			return 1;
214 	return ret;
215 }
216 
217 /**
218  * layout_leb_in_gaps - layout index nodes using in-the-gaps method.
219  * @c: UBIFS file-system description object
220  * @p: return LEB number here
221  *
222  * This function lays out new index nodes for dirty znodes using in-the-gaps
223  * method of TNC commit.
224  * This function merely puts the next znode into the next gap, making no attempt
225  * to try to maximise the number of znodes that fit.
226  * This function returns the number of index nodes written into the gaps, or a
227  * negative error code on failure.
228  */
229 static int layout_leb_in_gaps(struct ubifs_info *c, int *p)
230 {
231 	struct ubifs_scan_leb *sleb;
232 	struct ubifs_scan_node *snod;
233 	int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
234 
235 	tot_written = 0;
236 	/* Get an index LEB with lots of obsolete index nodes */
237 	lnum = ubifs_find_dirty_idx_leb(c);
238 	if (lnum < 0)
239 		/*
240 		 * There also may be dirt in the index head that could be
241 		 * filled, however we do not check there at present.
242 		 */
243 		return lnum; /* Error code */
244 	*p = lnum;
245 	dbg_gc("LEB %d", lnum);
246 	/*
247 	 * Scan the index LEB.  We use the generic scan for this even though
248 	 * it is more comprehensive and less efficient than is needed for this
249 	 * purpose.
250 	 */
251 	sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
252 	c->ileb_len = 0;
253 	if (IS_ERR(sleb))
254 		return PTR_ERR(sleb);
255 	gap_start = 0;
256 	list_for_each_entry(snod, &sleb->nodes, list) {
257 		struct ubifs_idx_node *idx;
258 		int in_use, level;
259 
260 		ubifs_assert(snod->type == UBIFS_IDX_NODE);
261 		idx = snod->node;
262 		key_read(c, ubifs_idx_key(c, idx), &snod->key);
263 		level = le16_to_cpu(idx->level);
264 		/* Determine if the index node is in use (not obsolete) */
265 		in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
266 					    snod->offs);
267 		if (in_use < 0) {
268 			ubifs_scan_destroy(sleb);
269 			return in_use; /* Error code */
270 		}
271 		if (in_use) {
272 			if (in_use == 1)
273 				dirt += ALIGN(snod->len, 8);
274 			/*
275 			 * The obsolete index nodes form gaps that can be
276 			 * overwritten.  This gap has ended because we have
277 			 * found an index node that is still in use
278 			 * i.e. not obsolete
279 			 */
280 			gap_end = snod->offs;
281 			/* Try to fill gap */
282 			written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
283 			if (written < 0) {
284 				ubifs_scan_destroy(sleb);
285 				return written; /* Error code */
286 			}
287 			tot_written += written;
288 			gap_start = ALIGN(snod->offs + snod->len, 8);
289 		}
290 	}
291 	ubifs_scan_destroy(sleb);
292 	c->ileb_len = c->leb_size;
293 	gap_end = c->leb_size;
294 	/* Try to fill gap */
295 	written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
296 	if (written < 0)
297 		return written; /* Error code */
298 	tot_written += written;
299 	if (tot_written == 0) {
300 		struct ubifs_lprops lp;
301 
302 		dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
303 		err = ubifs_read_one_lp(c, lnum, &lp);
304 		if (err)
305 			return err;
306 		if (lp.free == c->leb_size) {
307 			/*
308 			 * We must have snatched this LEB from the idx_gc list
309 			 * so we need to correct the free and dirty space.
310 			 */
311 			err = ubifs_change_one_lp(c, lnum,
312 						  c->leb_size - c->ileb_len,
313 						  dirt, 0, 0, 0);
314 			if (err)
315 				return err;
316 		}
317 		return 0;
318 	}
319 	err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
320 				  0, 0, 0);
321 	if (err)
322 		return err;
323 	err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
324 	if (err)
325 		return err;
326 	dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
327 	return tot_written;
328 }
329 
330 /**
331  * get_leb_cnt - calculate the number of empty LEBs needed to commit.
332  * @c: UBIFS file-system description object
333  * @cnt: number of znodes to commit
334  *
335  * This function returns the number of empty LEBs needed to commit @cnt znodes
336  * to the current index head.  The number is not exact and may be more than
337  * needed.
338  */
339 static int get_leb_cnt(struct ubifs_info *c, int cnt)
340 {
341 	int d;
342 
343 	/* Assume maximum index node size (i.e. overestimate space needed) */
344 	cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
345 	if (cnt < 0)
346 		cnt = 0;
347 	d = c->leb_size / c->max_idx_node_sz;
348 	return DIV_ROUND_UP(cnt, d);
349 }
350 
351 /**
352  * layout_in_gaps - in-the-gaps method of committing TNC.
353  * @c: UBIFS file-system description object
354  * @cnt: number of dirty znodes to commit.
355  *
356  * This function lays out new index nodes for dirty znodes using in-the-gaps
357  * method of TNC commit.
358  *
359  * This function returns %0 on success and a negative error code on failure.
360  */
361 static int layout_in_gaps(struct ubifs_info *c, int cnt)
362 {
363 	int err, leb_needed_cnt, written, *p;
364 
365 	dbg_gc("%d znodes to write", cnt);
366 
367 	c->gap_lebs = kmalloc(sizeof(int) * (c->lst.idx_lebs + 1), GFP_NOFS);
368 	if (!c->gap_lebs)
369 		return -ENOMEM;
370 
371 	p = c->gap_lebs;
372 	do {
373 		ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs);
374 		written = layout_leb_in_gaps(c, p);
375 		if (written < 0) {
376 			err = written;
377 			if (err != -ENOSPC) {
378 				kfree(c->gap_lebs);
379 				c->gap_lebs = NULL;
380 				return err;
381 			}
382 			if (!dbg_is_chk_index(c)) {
383 				/*
384 				 * Do not print scary warnings if the debugging
385 				 * option which forces in-the-gaps is enabled.
386 				 */
387 				ubifs_warn(c, "out of space");
388 				ubifs_dump_budg(c, &c->bi);
389 				ubifs_dump_lprops(c);
390 			}
391 			/* Try to commit anyway */
392 			break;
393 		}
394 		p++;
395 		cnt -= written;
396 		leb_needed_cnt = get_leb_cnt(c, cnt);
397 		dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
398 		       leb_needed_cnt, c->ileb_cnt);
399 	} while (leb_needed_cnt > c->ileb_cnt);
400 
401 	*p = -1;
402 	return 0;
403 }
404 
405 /**
406  * layout_in_empty_space - layout index nodes in empty space.
407  * @c: UBIFS file-system description object
408  *
409  * This function lays out new index nodes for dirty znodes using empty LEBs.
410  *
411  * This function returns %0 on success and a negative error code on failure.
412  */
413 static int layout_in_empty_space(struct ubifs_info *c)
414 {
415 	struct ubifs_znode *znode, *cnext, *zp;
416 	int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
417 	int wlen, blen, err;
418 
419 	cnext = c->enext;
420 	if (!cnext)
421 		return 0;
422 
423 	lnum = c->ihead_lnum;
424 	buf_offs = c->ihead_offs;
425 
426 	buf_len = ubifs_idx_node_sz(c, c->fanout);
427 	buf_len = ALIGN(buf_len, c->min_io_size);
428 	used = 0;
429 	avail = buf_len;
430 
431 	/* Ensure there is enough room for first write */
432 	next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
433 	if (buf_offs + next_len > c->leb_size)
434 		lnum = -1;
435 
436 	while (1) {
437 		znode = cnext;
438 
439 		len = ubifs_idx_node_sz(c, znode->child_cnt);
440 
441 		/* Determine the index node position */
442 		if (lnum == -1) {
443 			if (c->ileb_nxt >= c->ileb_cnt) {
444 				ubifs_err(c, "out of space");
445 				return -ENOSPC;
446 			}
447 			lnum = c->ilebs[c->ileb_nxt++];
448 			buf_offs = 0;
449 			used = 0;
450 			avail = buf_len;
451 		}
452 
453 		offs = buf_offs + used;
454 
455 		znode->lnum = lnum;
456 		znode->offs = offs;
457 		znode->len = len;
458 
459 		/* Update the parent */
460 		zp = znode->parent;
461 		if (zp) {
462 			struct ubifs_zbranch *zbr;
463 			int i;
464 
465 			i = znode->iip;
466 			zbr = &zp->zbranch[i];
467 			zbr->lnum = lnum;
468 			zbr->offs = offs;
469 			zbr->len = len;
470 		} else {
471 			c->zroot.lnum = lnum;
472 			c->zroot.offs = offs;
473 			c->zroot.len = len;
474 		}
475 		c->calc_idx_sz += ALIGN(len, 8);
476 
477 		/*
478 		 * Once lprops is updated, we can decrease the dirty znode count
479 		 * but it is easier to just do it here.
480 		 */
481 		atomic_long_dec(&c->dirty_zn_cnt);
482 
483 		/*
484 		 * Calculate the next index node length to see if there is
485 		 * enough room for it
486 		 */
487 		cnext = znode->cnext;
488 		if (cnext == c->cnext)
489 			next_len = 0;
490 		else
491 			next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
492 
493 		/* Update buffer positions */
494 		wlen = used + len;
495 		used += ALIGN(len, 8);
496 		avail -= ALIGN(len, 8);
497 
498 		if (next_len != 0 &&
499 		    buf_offs + used + next_len <= c->leb_size &&
500 		    avail > 0)
501 			continue;
502 
503 		if (avail <= 0 && next_len &&
504 		    buf_offs + used + next_len <= c->leb_size)
505 			blen = buf_len;
506 		else
507 			blen = ALIGN(wlen, c->min_io_size);
508 
509 		/* The buffer is full or there are no more znodes to do */
510 		buf_offs += blen;
511 		if (next_len) {
512 			if (buf_offs + next_len > c->leb_size) {
513 				err = ubifs_update_one_lp(c, lnum,
514 					c->leb_size - buf_offs, blen - used,
515 					0, 0);
516 				if (err)
517 					return err;
518 				lnum = -1;
519 			}
520 			used -= blen;
521 			if (used < 0)
522 				used = 0;
523 			avail = buf_len - used;
524 			continue;
525 		}
526 		err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
527 					  blen - used, 0, 0);
528 		if (err)
529 			return err;
530 		break;
531 	}
532 
533 	c->dbg->new_ihead_lnum = lnum;
534 	c->dbg->new_ihead_offs = buf_offs;
535 
536 	return 0;
537 }
538 
539 /**
540  * layout_commit - determine positions of index nodes to commit.
541  * @c: UBIFS file-system description object
542  * @no_space: indicates that insufficient empty LEBs were allocated
543  * @cnt: number of znodes to commit
544  *
545  * Calculate and update the positions of index nodes to commit.  If there were
546  * an insufficient number of empty LEBs allocated, then index nodes are placed
547  * into the gaps created by obsolete index nodes in non-empty index LEBs.  For
548  * this purpose, an obsolete index node is one that was not in the index as at
549  * the end of the last commit.  To write "in-the-gaps" requires that those index
550  * LEBs are updated atomically in-place.
551  */
552 static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
553 {
554 	int err;
555 
556 	if (no_space) {
557 		err = layout_in_gaps(c, cnt);
558 		if (err)
559 			return err;
560 	}
561 	err = layout_in_empty_space(c);
562 	return err;
563 }
564 
565 /**
566  * find_first_dirty - find first dirty znode.
567  * @znode: znode to begin searching from
568  */
569 static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
570 {
571 	int i, cont;
572 
573 	if (!znode)
574 		return NULL;
575 
576 	while (1) {
577 		if (znode->level == 0) {
578 			if (ubifs_zn_dirty(znode))
579 				return znode;
580 			return NULL;
581 		}
582 		cont = 0;
583 		for (i = 0; i < znode->child_cnt; i++) {
584 			struct ubifs_zbranch *zbr = &znode->zbranch[i];
585 
586 			if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
587 				znode = zbr->znode;
588 				cont = 1;
589 				break;
590 			}
591 		}
592 		if (!cont) {
593 			if (ubifs_zn_dirty(znode))
594 				return znode;
595 			return NULL;
596 		}
597 	}
598 }
599 
600 /**
601  * find_next_dirty - find next dirty znode.
602  * @znode: znode to begin searching from
603  */
604 static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
605 {
606 	int n = znode->iip + 1;
607 
608 	znode = znode->parent;
609 	if (!znode)
610 		return NULL;
611 	for (; n < znode->child_cnt; n++) {
612 		struct ubifs_zbranch *zbr = &znode->zbranch[n];
613 
614 		if (zbr->znode && ubifs_zn_dirty(zbr->znode))
615 			return find_first_dirty(zbr->znode);
616 	}
617 	return znode;
618 }
619 
620 /**
621  * get_znodes_to_commit - create list of dirty znodes to commit.
622  * @c: UBIFS file-system description object
623  *
624  * This function returns the number of znodes to commit.
625  */
626 static int get_znodes_to_commit(struct ubifs_info *c)
627 {
628 	struct ubifs_znode *znode, *cnext;
629 	int cnt = 0;
630 
631 	c->cnext = find_first_dirty(c->zroot.znode);
632 	znode = c->enext = c->cnext;
633 	if (!znode) {
634 		dbg_cmt("no znodes to commit");
635 		return 0;
636 	}
637 	cnt += 1;
638 	while (1) {
639 		ubifs_assert(!ubifs_zn_cow(znode));
640 		__set_bit(COW_ZNODE, &znode->flags);
641 		znode->alt = 0;
642 		cnext = find_next_dirty(znode);
643 		if (!cnext) {
644 			znode->cnext = c->cnext;
645 			break;
646 		}
647 		znode->cnext = cnext;
648 		znode = cnext;
649 		cnt += 1;
650 	}
651 	dbg_cmt("committing %d znodes", cnt);
652 	ubifs_assert(cnt == atomic_long_read(&c->dirty_zn_cnt));
653 	return cnt;
654 }
655 
656 /**
657  * alloc_idx_lebs - allocate empty LEBs to be used to commit.
658  * @c: UBIFS file-system description object
659  * @cnt: number of znodes to commit
660  *
661  * This function returns %-ENOSPC if it cannot allocate a sufficient number of
662  * empty LEBs.  %0 is returned on success, otherwise a negative error code
663  * is returned.
664  */
665 static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
666 {
667 	int i, leb_cnt, lnum;
668 
669 	c->ileb_cnt = 0;
670 	c->ileb_nxt = 0;
671 	leb_cnt = get_leb_cnt(c, cnt);
672 	dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
673 	if (!leb_cnt)
674 		return 0;
675 	c->ilebs = kmalloc(leb_cnt * sizeof(int), GFP_NOFS);
676 	if (!c->ilebs)
677 		return -ENOMEM;
678 	for (i = 0; i < leb_cnt; i++) {
679 		lnum = ubifs_find_free_leb_for_idx(c);
680 		if (lnum < 0)
681 			return lnum;
682 		c->ilebs[c->ileb_cnt++] = lnum;
683 		dbg_cmt("LEB %d", lnum);
684 	}
685 	if (dbg_is_chk_index(c) && !(prandom_u32() & 7))
686 		return -ENOSPC;
687 	return 0;
688 }
689 
690 /**
691  * free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
692  * @c: UBIFS file-system description object
693  *
694  * It is possible that we allocate more empty LEBs for the commit than we need.
695  * This functions frees the surplus.
696  *
697  * This function returns %0 on success and a negative error code on failure.
698  */
699 static int free_unused_idx_lebs(struct ubifs_info *c)
700 {
701 	int i, err = 0, lnum, er;
702 
703 	for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
704 		lnum = c->ilebs[i];
705 		dbg_cmt("LEB %d", lnum);
706 		er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
707 					 LPROPS_INDEX | LPROPS_TAKEN, 0);
708 		if (!err)
709 			err = er;
710 	}
711 	return err;
712 }
713 
714 /**
715  * free_idx_lebs - free unused LEBs after commit end.
716  * @c: UBIFS file-system description object
717  *
718  * This function returns %0 on success and a negative error code on failure.
719  */
720 static int free_idx_lebs(struct ubifs_info *c)
721 {
722 	int err;
723 
724 	err = free_unused_idx_lebs(c);
725 	kfree(c->ilebs);
726 	c->ilebs = NULL;
727 	return err;
728 }
729 
730 /**
731  * ubifs_tnc_start_commit - start TNC commit.
732  * @c: UBIFS file-system description object
733  * @zroot: new index root position is returned here
734  *
735  * This function prepares the list of indexing nodes to commit and lays out
736  * their positions on flash. If there is not enough free space it uses the
737  * in-gap commit method. Returns zero in case of success and a negative error
738  * code in case of failure.
739  */
740 int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
741 {
742 	int err = 0, cnt;
743 
744 	mutex_lock(&c->tnc_mutex);
745 	err = dbg_check_tnc(c, 1);
746 	if (err)
747 		goto out;
748 	cnt = get_znodes_to_commit(c);
749 	if (cnt != 0) {
750 		int no_space = 0;
751 
752 		err = alloc_idx_lebs(c, cnt);
753 		if (err == -ENOSPC)
754 			no_space = 1;
755 		else if (err)
756 			goto out_free;
757 		err = layout_commit(c, no_space, cnt);
758 		if (err)
759 			goto out_free;
760 		ubifs_assert(atomic_long_read(&c->dirty_zn_cnt) == 0);
761 		err = free_unused_idx_lebs(c);
762 		if (err)
763 			goto out;
764 	}
765 	destroy_old_idx(c);
766 	memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
767 
768 	err = ubifs_save_dirty_idx_lnums(c);
769 	if (err)
770 		goto out;
771 
772 	spin_lock(&c->space_lock);
773 	/*
774 	 * Although we have not finished committing yet, update size of the
775 	 * committed index ('c->bi.old_idx_sz') and zero out the index growth
776 	 * budget. It is OK to do this now, because we've reserved all the
777 	 * space which is needed to commit the index, and it is save for the
778 	 * budgeting subsystem to assume the index is already committed,
779 	 * even though it is not.
780 	 */
781 	ubifs_assert(c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
782 	c->bi.old_idx_sz = c->calc_idx_sz;
783 	c->bi.uncommitted_idx = 0;
784 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
785 	spin_unlock(&c->space_lock);
786 	mutex_unlock(&c->tnc_mutex);
787 
788 	dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
789 	dbg_cmt("size of index %llu", c->calc_idx_sz);
790 	return err;
791 
792 out_free:
793 	free_idx_lebs(c);
794 out:
795 	mutex_unlock(&c->tnc_mutex);
796 	return err;
797 }
798 
799 /**
800  * write_index - write index nodes.
801  * @c: UBIFS file-system description object
802  *
803  * This function writes the index nodes whose positions were laid out in the
804  * layout_in_empty_space function.
805  */
806 static int write_index(struct ubifs_info *c)
807 {
808 	struct ubifs_idx_node *idx;
809 	struct ubifs_znode *znode, *cnext;
810 	int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
811 	int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
812 
813 	cnext = c->enext;
814 	if (!cnext)
815 		return 0;
816 
817 	/*
818 	 * Always write index nodes to the index head so that index nodes and
819 	 * other types of nodes are never mixed in the same erase block.
820 	 */
821 	lnum = c->ihead_lnum;
822 	buf_offs = c->ihead_offs;
823 
824 	/* Allocate commit buffer */
825 	buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
826 	used = 0;
827 	avail = buf_len;
828 
829 	/* Ensure there is enough room for first write */
830 	next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
831 	if (buf_offs + next_len > c->leb_size) {
832 		err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
833 					  LPROPS_TAKEN);
834 		if (err)
835 			return err;
836 		lnum = -1;
837 	}
838 
839 	while (1) {
840 		cond_resched();
841 
842 		znode = cnext;
843 		idx = c->cbuf + used;
844 
845 		/* Make index node */
846 		idx->ch.node_type = UBIFS_IDX_NODE;
847 		idx->child_cnt = cpu_to_le16(znode->child_cnt);
848 		idx->level = cpu_to_le16(znode->level);
849 		for (i = 0; i < znode->child_cnt; i++) {
850 			struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
851 			struct ubifs_zbranch *zbr = &znode->zbranch[i];
852 
853 			key_write_idx(c, &zbr->key, &br->key);
854 			br->lnum = cpu_to_le32(zbr->lnum);
855 			br->offs = cpu_to_le32(zbr->offs);
856 			br->len = cpu_to_le32(zbr->len);
857 			if (!zbr->lnum || !zbr->len) {
858 				ubifs_err(c, "bad ref in znode");
859 				ubifs_dump_znode(c, znode);
860 				if (zbr->znode)
861 					ubifs_dump_znode(c, zbr->znode);
862 			}
863 		}
864 		len = ubifs_idx_node_sz(c, znode->child_cnt);
865 		ubifs_prepare_node(c, idx, len, 0);
866 
867 		/* Determine the index node position */
868 		if (lnum == -1) {
869 			lnum = c->ilebs[lnum_pos++];
870 			buf_offs = 0;
871 			used = 0;
872 			avail = buf_len;
873 		}
874 		offs = buf_offs + used;
875 
876 		if (lnum != znode->lnum || offs != znode->offs ||
877 		    len != znode->len) {
878 			ubifs_err(c, "inconsistent znode posn");
879 			return -EINVAL;
880 		}
881 
882 		/* Grab some stuff from znode while we still can */
883 		cnext = znode->cnext;
884 
885 		ubifs_assert(ubifs_zn_dirty(znode));
886 		ubifs_assert(ubifs_zn_cow(znode));
887 
888 		/*
889 		 * It is important that other threads should see %DIRTY_ZNODE
890 		 * flag cleared before %COW_ZNODE. Specifically, it matters in
891 		 * the 'dirty_cow_znode()' function. This is the reason for the
892 		 * first barrier. Also, we want the bit changes to be seen to
893 		 * other threads ASAP, to avoid unnecesarry copying, which is
894 		 * the reason for the second barrier.
895 		 */
896 		clear_bit(DIRTY_ZNODE, &znode->flags);
897 		smp_mb__before_atomic();
898 		clear_bit(COW_ZNODE, &znode->flags);
899 		smp_mb__after_atomic();
900 
901 		/*
902 		 * We have marked the znode as clean but have not updated the
903 		 * @c->clean_zn_cnt counter. If this znode becomes dirty again
904 		 * before 'free_obsolete_znodes()' is called, then
905 		 * @c->clean_zn_cnt will be decremented before it gets
906 		 * incremented (resulting in 2 decrements for the same znode).
907 		 * This means that @c->clean_zn_cnt may become negative for a
908 		 * while.
909 		 *
910 		 * Q: why we cannot increment @c->clean_zn_cnt?
911 		 * A: because we do not have the @c->tnc_mutex locked, and the
912 		 *    following code would be racy and buggy:
913 		 *
914 		 *    if (!ubifs_zn_obsolete(znode)) {
915 		 *            atomic_long_inc(&c->clean_zn_cnt);
916 		 *            atomic_long_inc(&ubifs_clean_zn_cnt);
917 		 *    }
918 		 *
919 		 *    Thus, we just delay the @c->clean_zn_cnt update until we
920 		 *    have the mutex locked.
921 		 */
922 
923 		/* Do not access znode from this point on */
924 
925 		/* Update buffer positions */
926 		wlen = used + len;
927 		used += ALIGN(len, 8);
928 		avail -= ALIGN(len, 8);
929 
930 		/*
931 		 * Calculate the next index node length to see if there is
932 		 * enough room for it
933 		 */
934 		if (cnext == c->cnext)
935 			next_len = 0;
936 		else
937 			next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
938 
939 		nxt_offs = buf_offs + used + next_len;
940 		if (next_len && nxt_offs <= c->leb_size) {
941 			if (avail > 0)
942 				continue;
943 			else
944 				blen = buf_len;
945 		} else {
946 			wlen = ALIGN(wlen, 8);
947 			blen = ALIGN(wlen, c->min_io_size);
948 			ubifs_pad(c, c->cbuf + wlen, blen - wlen);
949 		}
950 
951 		/* The buffer is full or there are no more znodes to do */
952 		err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
953 		if (err)
954 			return err;
955 		buf_offs += blen;
956 		if (next_len) {
957 			if (nxt_offs > c->leb_size) {
958 				err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
959 							  0, LPROPS_TAKEN);
960 				if (err)
961 					return err;
962 				lnum = -1;
963 			}
964 			used -= blen;
965 			if (used < 0)
966 				used = 0;
967 			avail = buf_len - used;
968 			memmove(c->cbuf, c->cbuf + blen, used);
969 			continue;
970 		}
971 		break;
972 	}
973 
974 	if (lnum != c->dbg->new_ihead_lnum ||
975 	    buf_offs != c->dbg->new_ihead_offs) {
976 		ubifs_err(c, "inconsistent ihead");
977 		return -EINVAL;
978 	}
979 
980 	c->ihead_lnum = lnum;
981 	c->ihead_offs = buf_offs;
982 
983 	return 0;
984 }
985 
986 /**
987  * free_obsolete_znodes - free obsolete znodes.
988  * @c: UBIFS file-system description object
989  *
990  * At the end of commit end, obsolete znodes are freed.
991  */
992 static void free_obsolete_znodes(struct ubifs_info *c)
993 {
994 	struct ubifs_znode *znode, *cnext;
995 
996 	cnext = c->cnext;
997 	do {
998 		znode = cnext;
999 		cnext = znode->cnext;
1000 		if (ubifs_zn_obsolete(znode))
1001 			kfree(znode);
1002 		else {
1003 			znode->cnext = NULL;
1004 			atomic_long_inc(&c->clean_zn_cnt);
1005 			atomic_long_inc(&ubifs_clean_zn_cnt);
1006 		}
1007 	} while (cnext != c->cnext);
1008 }
1009 
1010 /**
1011  * return_gap_lebs - return LEBs used by the in-gap commit method.
1012  * @c: UBIFS file-system description object
1013  *
1014  * This function clears the "taken" flag for the LEBs which were used by the
1015  * "commit in-the-gaps" method.
1016  */
1017 static int return_gap_lebs(struct ubifs_info *c)
1018 {
1019 	int *p, err;
1020 
1021 	if (!c->gap_lebs)
1022 		return 0;
1023 
1024 	dbg_cmt("");
1025 	for (p = c->gap_lebs; *p != -1; p++) {
1026 		err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
1027 					  LPROPS_TAKEN, 0);
1028 		if (err)
1029 			return err;
1030 	}
1031 
1032 	kfree(c->gap_lebs);
1033 	c->gap_lebs = NULL;
1034 	return 0;
1035 }
1036 
1037 /**
1038  * ubifs_tnc_end_commit - update the TNC for commit end.
1039  * @c: UBIFS file-system description object
1040  *
1041  * Write the dirty znodes.
1042  */
1043 int ubifs_tnc_end_commit(struct ubifs_info *c)
1044 {
1045 	int err;
1046 
1047 	if (!c->cnext)
1048 		return 0;
1049 
1050 	err = return_gap_lebs(c);
1051 	if (err)
1052 		return err;
1053 
1054 	err = write_index(c);
1055 	if (err)
1056 		return err;
1057 
1058 	mutex_lock(&c->tnc_mutex);
1059 
1060 	dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
1061 
1062 	free_obsolete_znodes(c);
1063 
1064 	c->cnext = NULL;
1065 	kfree(c->ilebs);
1066 	c->ilebs = NULL;
1067 
1068 	mutex_unlock(&c->tnc_mutex);
1069 
1070 	return 0;
1071 }
1072