xref: /openbmc/linux/fs/xfs/libxfs/xfs_ialloc.c (revision 0af5cb349a2c97fbabb3cede96efcde9d54b7940)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2000-2002,2005 Silicon Graphics, Inc.
4  * All Rights Reserved.
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_mount.h"
14 #include "xfs_inode.h"
15 #include "xfs_btree.h"
16 #include "xfs_ialloc.h"
17 #include "xfs_ialloc_btree.h"
18 #include "xfs_alloc.h"
19 #include "xfs_errortag.h"
20 #include "xfs_error.h"
21 #include "xfs_bmap.h"
22 #include "xfs_trans.h"
23 #include "xfs_buf_item.h"
24 #include "xfs_icreate_item.h"
25 #include "xfs_icache.h"
26 #include "xfs_trace.h"
27 #include "xfs_log.h"
28 #include "xfs_rmap.h"
29 #include "xfs_ag.h"
30 
31 /*
32  * Lookup a record by ino in the btree given by cur.
33  */
34 int					/* error */
35 xfs_inobt_lookup(
36 	struct xfs_btree_cur	*cur,	/* btree cursor */
37 	xfs_agino_t		ino,	/* starting inode of chunk */
38 	xfs_lookup_t		dir,	/* <=, >=, == */
39 	int			*stat)	/* success/failure */
40 {
41 	cur->bc_rec.i.ir_startino = ino;
42 	cur->bc_rec.i.ir_holemask = 0;
43 	cur->bc_rec.i.ir_count = 0;
44 	cur->bc_rec.i.ir_freecount = 0;
45 	cur->bc_rec.i.ir_free = 0;
46 	return xfs_btree_lookup(cur, dir, stat);
47 }
48 
49 /*
50  * Update the record referred to by cur to the value given.
51  * This either works (return 0) or gets an EFSCORRUPTED error.
52  */
53 STATIC int				/* error */
54 xfs_inobt_update(
55 	struct xfs_btree_cur	*cur,	/* btree cursor */
56 	xfs_inobt_rec_incore_t	*irec)	/* btree record */
57 {
58 	union xfs_btree_rec	rec;
59 
60 	rec.inobt.ir_startino = cpu_to_be32(irec->ir_startino);
61 	if (xfs_has_sparseinodes(cur->bc_mp)) {
62 		rec.inobt.ir_u.sp.ir_holemask = cpu_to_be16(irec->ir_holemask);
63 		rec.inobt.ir_u.sp.ir_count = irec->ir_count;
64 		rec.inobt.ir_u.sp.ir_freecount = irec->ir_freecount;
65 	} else {
66 		/* ir_holemask/ir_count not supported on-disk */
67 		rec.inobt.ir_u.f.ir_freecount = cpu_to_be32(irec->ir_freecount);
68 	}
69 	rec.inobt.ir_free = cpu_to_be64(irec->ir_free);
70 	return xfs_btree_update(cur, &rec);
71 }
72 
73 /* Convert on-disk btree record to incore inobt record. */
74 void
75 xfs_inobt_btrec_to_irec(
76 	struct xfs_mount		*mp,
77 	const union xfs_btree_rec	*rec,
78 	struct xfs_inobt_rec_incore	*irec)
79 {
80 	irec->ir_startino = be32_to_cpu(rec->inobt.ir_startino);
81 	if (xfs_has_sparseinodes(mp)) {
82 		irec->ir_holemask = be16_to_cpu(rec->inobt.ir_u.sp.ir_holemask);
83 		irec->ir_count = rec->inobt.ir_u.sp.ir_count;
84 		irec->ir_freecount = rec->inobt.ir_u.sp.ir_freecount;
85 	} else {
86 		/*
87 		 * ir_holemask/ir_count not supported on-disk. Fill in hardcoded
88 		 * values for full inode chunks.
89 		 */
90 		irec->ir_holemask = XFS_INOBT_HOLEMASK_FULL;
91 		irec->ir_count = XFS_INODES_PER_CHUNK;
92 		irec->ir_freecount =
93 				be32_to_cpu(rec->inobt.ir_u.f.ir_freecount);
94 	}
95 	irec->ir_free = be64_to_cpu(rec->inobt.ir_free);
96 }
97 
98 /*
99  * Get the data from the pointed-to record.
100  */
101 int
102 xfs_inobt_get_rec(
103 	struct xfs_btree_cur		*cur,
104 	struct xfs_inobt_rec_incore	*irec,
105 	int				*stat)
106 {
107 	struct xfs_mount		*mp = cur->bc_mp;
108 	union xfs_btree_rec		*rec;
109 	int				error;
110 	uint64_t			realfree;
111 
112 	error = xfs_btree_get_rec(cur, &rec, stat);
113 	if (error || *stat == 0)
114 		return error;
115 
116 	xfs_inobt_btrec_to_irec(mp, rec, irec);
117 
118 	if (!xfs_verify_agino(cur->bc_ag.pag, irec->ir_startino))
119 		goto out_bad_rec;
120 	if (irec->ir_count < XFS_INODES_PER_HOLEMASK_BIT ||
121 	    irec->ir_count > XFS_INODES_PER_CHUNK)
122 		goto out_bad_rec;
123 	if (irec->ir_freecount > XFS_INODES_PER_CHUNK)
124 		goto out_bad_rec;
125 
126 	/* if there are no holes, return the first available offset */
127 	if (!xfs_inobt_issparse(irec->ir_holemask))
128 		realfree = irec->ir_free;
129 	else
130 		realfree = irec->ir_free & xfs_inobt_irec_to_allocmask(irec);
131 	if (hweight64(realfree) != irec->ir_freecount)
132 		goto out_bad_rec;
133 
134 	return 0;
135 
136 out_bad_rec:
137 	xfs_warn(mp,
138 		"%s Inode BTree record corruption in AG %d detected!",
139 		cur->bc_btnum == XFS_BTNUM_INO ? "Used" : "Free",
140 		cur->bc_ag.pag->pag_agno);
141 	xfs_warn(mp,
142 "start inode 0x%x, count 0x%x, free 0x%x freemask 0x%llx, holemask 0x%x",
143 		irec->ir_startino, irec->ir_count, irec->ir_freecount,
144 		irec->ir_free, irec->ir_holemask);
145 	return -EFSCORRUPTED;
146 }
147 
148 /*
149  * Insert a single inobt record. Cursor must already point to desired location.
150  */
151 int
152 xfs_inobt_insert_rec(
153 	struct xfs_btree_cur	*cur,
154 	uint16_t		holemask,
155 	uint8_t			count,
156 	int32_t			freecount,
157 	xfs_inofree_t		free,
158 	int			*stat)
159 {
160 	cur->bc_rec.i.ir_holemask = holemask;
161 	cur->bc_rec.i.ir_count = count;
162 	cur->bc_rec.i.ir_freecount = freecount;
163 	cur->bc_rec.i.ir_free = free;
164 	return xfs_btree_insert(cur, stat);
165 }
166 
167 /*
168  * Insert records describing a newly allocated inode chunk into the inobt.
169  */
170 STATIC int
171 xfs_inobt_insert(
172 	struct xfs_mount	*mp,
173 	struct xfs_trans	*tp,
174 	struct xfs_buf		*agbp,
175 	struct xfs_perag	*pag,
176 	xfs_agino_t		newino,
177 	xfs_agino_t		newlen,
178 	xfs_btnum_t		btnum)
179 {
180 	struct xfs_btree_cur	*cur;
181 	xfs_agino_t		thisino;
182 	int			i;
183 	int			error;
184 
185 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, btnum);
186 
187 	for (thisino = newino;
188 	     thisino < newino + newlen;
189 	     thisino += XFS_INODES_PER_CHUNK) {
190 		error = xfs_inobt_lookup(cur, thisino, XFS_LOOKUP_EQ, &i);
191 		if (error) {
192 			xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
193 			return error;
194 		}
195 		ASSERT(i == 0);
196 
197 		error = xfs_inobt_insert_rec(cur, XFS_INOBT_HOLEMASK_FULL,
198 					     XFS_INODES_PER_CHUNK,
199 					     XFS_INODES_PER_CHUNK,
200 					     XFS_INOBT_ALL_FREE, &i);
201 		if (error) {
202 			xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
203 			return error;
204 		}
205 		ASSERT(i == 1);
206 	}
207 
208 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
209 
210 	return 0;
211 }
212 
213 /*
214  * Verify that the number of free inodes in the AGI is correct.
215  */
216 #ifdef DEBUG
217 static int
218 xfs_check_agi_freecount(
219 	struct xfs_btree_cur	*cur)
220 {
221 	if (cur->bc_nlevels == 1) {
222 		xfs_inobt_rec_incore_t rec;
223 		int		freecount = 0;
224 		int		error;
225 		int		i;
226 
227 		error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &i);
228 		if (error)
229 			return error;
230 
231 		do {
232 			error = xfs_inobt_get_rec(cur, &rec, &i);
233 			if (error)
234 				return error;
235 
236 			if (i) {
237 				freecount += rec.ir_freecount;
238 				error = xfs_btree_increment(cur, 0, &i);
239 				if (error)
240 					return error;
241 			}
242 		} while (i == 1);
243 
244 		if (!xfs_is_shutdown(cur->bc_mp))
245 			ASSERT(freecount == cur->bc_ag.pag->pagi_freecount);
246 	}
247 	return 0;
248 }
249 #else
250 #define xfs_check_agi_freecount(cur)	0
251 #endif
252 
253 /*
254  * Initialise a new set of inodes. When called without a transaction context
255  * (e.g. from recovery) we initiate a delayed write of the inode buffers rather
256  * than logging them (which in a transaction context puts them into the AIL
257  * for writeback rather than the xfsbufd queue).
258  */
259 int
260 xfs_ialloc_inode_init(
261 	struct xfs_mount	*mp,
262 	struct xfs_trans	*tp,
263 	struct list_head	*buffer_list,
264 	int			icount,
265 	xfs_agnumber_t		agno,
266 	xfs_agblock_t		agbno,
267 	xfs_agblock_t		length,
268 	unsigned int		gen)
269 {
270 	struct xfs_buf		*fbuf;
271 	struct xfs_dinode	*free;
272 	int			nbufs;
273 	int			version;
274 	int			i, j;
275 	xfs_daddr_t		d;
276 	xfs_ino_t		ino = 0;
277 	int			error;
278 
279 	/*
280 	 * Loop over the new block(s), filling in the inodes.  For small block
281 	 * sizes, manipulate the inodes in buffers  which are multiples of the
282 	 * blocks size.
283 	 */
284 	nbufs = length / M_IGEO(mp)->blocks_per_cluster;
285 
286 	/*
287 	 * Figure out what version number to use in the inodes we create.  If
288 	 * the superblock version has caught up to the one that supports the new
289 	 * inode format, then use the new inode version.  Otherwise use the old
290 	 * version so that old kernels will continue to be able to use the file
291 	 * system.
292 	 *
293 	 * For v3 inodes, we also need to write the inode number into the inode,
294 	 * so calculate the first inode number of the chunk here as
295 	 * XFS_AGB_TO_AGINO() only works within a filesystem block, not
296 	 * across multiple filesystem blocks (such as a cluster) and so cannot
297 	 * be used in the cluster buffer loop below.
298 	 *
299 	 * Further, because we are writing the inode directly into the buffer
300 	 * and calculating a CRC on the entire inode, we have ot log the entire
301 	 * inode so that the entire range the CRC covers is present in the log.
302 	 * That means for v3 inode we log the entire buffer rather than just the
303 	 * inode cores.
304 	 */
305 	if (xfs_has_v3inodes(mp)) {
306 		version = 3;
307 		ino = XFS_AGINO_TO_INO(mp, agno, XFS_AGB_TO_AGINO(mp, agbno));
308 
309 		/*
310 		 * log the initialisation that is about to take place as an
311 		 * logical operation. This means the transaction does not
312 		 * need to log the physical changes to the inode buffers as log
313 		 * recovery will know what initialisation is actually needed.
314 		 * Hence we only need to log the buffers as "ordered" buffers so
315 		 * they track in the AIL as if they were physically logged.
316 		 */
317 		if (tp)
318 			xfs_icreate_log(tp, agno, agbno, icount,
319 					mp->m_sb.sb_inodesize, length, gen);
320 	} else
321 		version = 2;
322 
323 	for (j = 0; j < nbufs; j++) {
324 		/*
325 		 * Get the block.
326 		 */
327 		d = XFS_AGB_TO_DADDR(mp, agno, agbno +
328 				(j * M_IGEO(mp)->blocks_per_cluster));
329 		error = xfs_trans_get_buf(tp, mp->m_ddev_targp, d,
330 				mp->m_bsize * M_IGEO(mp)->blocks_per_cluster,
331 				XBF_UNMAPPED, &fbuf);
332 		if (error)
333 			return error;
334 
335 		/* Initialize the inode buffers and log them appropriately. */
336 		fbuf->b_ops = &xfs_inode_buf_ops;
337 		xfs_buf_zero(fbuf, 0, BBTOB(fbuf->b_length));
338 		for (i = 0; i < M_IGEO(mp)->inodes_per_cluster; i++) {
339 			int	ioffset = i << mp->m_sb.sb_inodelog;
340 
341 			free = xfs_make_iptr(mp, fbuf, i);
342 			free->di_magic = cpu_to_be16(XFS_DINODE_MAGIC);
343 			free->di_version = version;
344 			free->di_gen = cpu_to_be32(gen);
345 			free->di_next_unlinked = cpu_to_be32(NULLAGINO);
346 
347 			if (version == 3) {
348 				free->di_ino = cpu_to_be64(ino);
349 				ino++;
350 				uuid_copy(&free->di_uuid,
351 					  &mp->m_sb.sb_meta_uuid);
352 				xfs_dinode_calc_crc(mp, free);
353 			} else if (tp) {
354 				/* just log the inode core */
355 				xfs_trans_log_buf(tp, fbuf, ioffset,
356 					  ioffset + XFS_DINODE_SIZE(mp) - 1);
357 			}
358 		}
359 
360 		if (tp) {
361 			/*
362 			 * Mark the buffer as an inode allocation buffer so it
363 			 * sticks in AIL at the point of this allocation
364 			 * transaction. This ensures the they are on disk before
365 			 * the tail of the log can be moved past this
366 			 * transaction (i.e. by preventing relogging from moving
367 			 * it forward in the log).
368 			 */
369 			xfs_trans_inode_alloc_buf(tp, fbuf);
370 			if (version == 3) {
371 				/*
372 				 * Mark the buffer as ordered so that they are
373 				 * not physically logged in the transaction but
374 				 * still tracked in the AIL as part of the
375 				 * transaction and pin the log appropriately.
376 				 */
377 				xfs_trans_ordered_buf(tp, fbuf);
378 			}
379 		} else {
380 			fbuf->b_flags |= XBF_DONE;
381 			xfs_buf_delwri_queue(fbuf, buffer_list);
382 			xfs_buf_relse(fbuf);
383 		}
384 	}
385 	return 0;
386 }
387 
388 /*
389  * Align startino and allocmask for a recently allocated sparse chunk such that
390  * they are fit for insertion (or merge) into the on-disk inode btrees.
391  *
392  * Background:
393  *
394  * When enabled, sparse inode support increases the inode alignment from cluster
395  * size to inode chunk size. This means that the minimum range between two
396  * non-adjacent inode records in the inobt is large enough for a full inode
397  * record. This allows for cluster sized, cluster aligned block allocation
398  * without need to worry about whether the resulting inode record overlaps with
399  * another record in the tree. Without this basic rule, we would have to deal
400  * with the consequences of overlap by potentially undoing recent allocations in
401  * the inode allocation codepath.
402  *
403  * Because of this alignment rule (which is enforced on mount), there are two
404  * inobt possibilities for newly allocated sparse chunks. One is that the
405  * aligned inode record for the chunk covers a range of inodes not already
406  * covered in the inobt (i.e., it is safe to insert a new sparse record). The
407  * other is that a record already exists at the aligned startino that considers
408  * the newly allocated range as sparse. In the latter case, record content is
409  * merged in hope that sparse inode chunks fill to full chunks over time.
410  */
411 STATIC void
412 xfs_align_sparse_ino(
413 	struct xfs_mount		*mp,
414 	xfs_agino_t			*startino,
415 	uint16_t			*allocmask)
416 {
417 	xfs_agblock_t			agbno;
418 	xfs_agblock_t			mod;
419 	int				offset;
420 
421 	agbno = XFS_AGINO_TO_AGBNO(mp, *startino);
422 	mod = agbno % mp->m_sb.sb_inoalignmt;
423 	if (!mod)
424 		return;
425 
426 	/* calculate the inode offset and align startino */
427 	offset = XFS_AGB_TO_AGINO(mp, mod);
428 	*startino -= offset;
429 
430 	/*
431 	 * Since startino has been aligned down, left shift allocmask such that
432 	 * it continues to represent the same physical inodes relative to the
433 	 * new startino.
434 	 */
435 	*allocmask <<= offset / XFS_INODES_PER_HOLEMASK_BIT;
436 }
437 
438 /*
439  * Determine whether the source inode record can merge into the target. Both
440  * records must be sparse, the inode ranges must match and there must be no
441  * allocation overlap between the records.
442  */
443 STATIC bool
444 __xfs_inobt_can_merge(
445 	struct xfs_inobt_rec_incore	*trec,	/* tgt record */
446 	struct xfs_inobt_rec_incore	*srec)	/* src record */
447 {
448 	uint64_t			talloc;
449 	uint64_t			salloc;
450 
451 	/* records must cover the same inode range */
452 	if (trec->ir_startino != srec->ir_startino)
453 		return false;
454 
455 	/* both records must be sparse */
456 	if (!xfs_inobt_issparse(trec->ir_holemask) ||
457 	    !xfs_inobt_issparse(srec->ir_holemask))
458 		return false;
459 
460 	/* both records must track some inodes */
461 	if (!trec->ir_count || !srec->ir_count)
462 		return false;
463 
464 	/* can't exceed capacity of a full record */
465 	if (trec->ir_count + srec->ir_count > XFS_INODES_PER_CHUNK)
466 		return false;
467 
468 	/* verify there is no allocation overlap */
469 	talloc = xfs_inobt_irec_to_allocmask(trec);
470 	salloc = xfs_inobt_irec_to_allocmask(srec);
471 	if (talloc & salloc)
472 		return false;
473 
474 	return true;
475 }
476 
477 /*
478  * Merge the source inode record into the target. The caller must call
479  * __xfs_inobt_can_merge() to ensure the merge is valid.
480  */
481 STATIC void
482 __xfs_inobt_rec_merge(
483 	struct xfs_inobt_rec_incore	*trec,	/* target */
484 	struct xfs_inobt_rec_incore	*srec)	/* src */
485 {
486 	ASSERT(trec->ir_startino == srec->ir_startino);
487 
488 	/* combine the counts */
489 	trec->ir_count += srec->ir_count;
490 	trec->ir_freecount += srec->ir_freecount;
491 
492 	/*
493 	 * Merge the holemask and free mask. For both fields, 0 bits refer to
494 	 * allocated inodes. We combine the allocated ranges with bitwise AND.
495 	 */
496 	trec->ir_holemask &= srec->ir_holemask;
497 	trec->ir_free &= srec->ir_free;
498 }
499 
500 /*
501  * Insert a new sparse inode chunk into the associated inode btree. The inode
502  * record for the sparse chunk is pre-aligned to a startino that should match
503  * any pre-existing sparse inode record in the tree. This allows sparse chunks
504  * to fill over time.
505  *
506  * This function supports two modes of handling preexisting records depending on
507  * the merge flag. If merge is true, the provided record is merged with the
508  * existing record and updated in place. The merged record is returned in nrec.
509  * If merge is false, an existing record is replaced with the provided record.
510  * If no preexisting record exists, the provided record is always inserted.
511  *
512  * It is considered corruption if a merge is requested and not possible. Given
513  * the sparse inode alignment constraints, this should never happen.
514  */
515 STATIC int
516 xfs_inobt_insert_sprec(
517 	struct xfs_mount		*mp,
518 	struct xfs_trans		*tp,
519 	struct xfs_buf			*agbp,
520 	struct xfs_perag		*pag,
521 	int				btnum,
522 	struct xfs_inobt_rec_incore	*nrec,	/* in/out: new/merged rec. */
523 	bool				merge)	/* merge or replace */
524 {
525 	struct xfs_btree_cur		*cur;
526 	int				error;
527 	int				i;
528 	struct xfs_inobt_rec_incore	rec;
529 
530 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, btnum);
531 
532 	/* the new record is pre-aligned so we know where to look */
533 	error = xfs_inobt_lookup(cur, nrec->ir_startino, XFS_LOOKUP_EQ, &i);
534 	if (error)
535 		goto error;
536 	/* if nothing there, insert a new record and return */
537 	if (i == 0) {
538 		error = xfs_inobt_insert_rec(cur, nrec->ir_holemask,
539 					     nrec->ir_count, nrec->ir_freecount,
540 					     nrec->ir_free, &i);
541 		if (error)
542 			goto error;
543 		if (XFS_IS_CORRUPT(mp, i != 1)) {
544 			error = -EFSCORRUPTED;
545 			goto error;
546 		}
547 
548 		goto out;
549 	}
550 
551 	/*
552 	 * A record exists at this startino. Merge or replace the record
553 	 * depending on what we've been asked to do.
554 	 */
555 	if (merge) {
556 		error = xfs_inobt_get_rec(cur, &rec, &i);
557 		if (error)
558 			goto error;
559 		if (XFS_IS_CORRUPT(mp, i != 1)) {
560 			error = -EFSCORRUPTED;
561 			goto error;
562 		}
563 		if (XFS_IS_CORRUPT(mp, rec.ir_startino != nrec->ir_startino)) {
564 			error = -EFSCORRUPTED;
565 			goto error;
566 		}
567 
568 		/*
569 		 * This should never fail. If we have coexisting records that
570 		 * cannot merge, something is seriously wrong.
571 		 */
572 		if (XFS_IS_CORRUPT(mp, !__xfs_inobt_can_merge(nrec, &rec))) {
573 			error = -EFSCORRUPTED;
574 			goto error;
575 		}
576 
577 		trace_xfs_irec_merge_pre(mp, pag->pag_agno, rec.ir_startino,
578 					 rec.ir_holemask, nrec->ir_startino,
579 					 nrec->ir_holemask);
580 
581 		/* merge to nrec to output the updated record */
582 		__xfs_inobt_rec_merge(nrec, &rec);
583 
584 		trace_xfs_irec_merge_post(mp, pag->pag_agno, nrec->ir_startino,
585 					  nrec->ir_holemask);
586 
587 		error = xfs_inobt_rec_check_count(mp, nrec);
588 		if (error)
589 			goto error;
590 	}
591 
592 	error = xfs_inobt_update(cur, nrec);
593 	if (error)
594 		goto error;
595 
596 out:
597 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
598 	return 0;
599 error:
600 	xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
601 	return error;
602 }
603 
604 /*
605  * Allocate new inodes in the allocation group specified by agbp.  Returns 0 if
606  * inodes were allocated in this AG; -EAGAIN if there was no space in this AG so
607  * the caller knows it can try another AG, a hard -ENOSPC when over the maximum
608  * inode count threshold, or the usual negative error code for other errors.
609  */
610 STATIC int
611 xfs_ialloc_ag_alloc(
612 	struct xfs_trans	*tp,
613 	struct xfs_buf		*agbp,
614 	struct xfs_perag	*pag)
615 {
616 	struct xfs_agi		*agi;
617 	struct xfs_alloc_arg	args;
618 	int			error;
619 	xfs_agino_t		newino;		/* new first inode's number */
620 	xfs_agino_t		newlen;		/* new number of inodes */
621 	int			isaligned = 0;	/* inode allocation at stripe */
622 						/* unit boundary */
623 	/* init. to full chunk */
624 	struct xfs_inobt_rec_incore rec;
625 	struct xfs_ino_geometry	*igeo = M_IGEO(tp->t_mountp);
626 	uint16_t		allocmask = (uint16_t) -1;
627 	int			do_sparse = 0;
628 
629 	memset(&args, 0, sizeof(args));
630 	args.tp = tp;
631 	args.mp = tp->t_mountp;
632 	args.fsbno = NULLFSBLOCK;
633 	args.oinfo = XFS_RMAP_OINFO_INODES;
634 
635 #ifdef DEBUG
636 	/* randomly do sparse inode allocations */
637 	if (xfs_has_sparseinodes(tp->t_mountp) &&
638 	    igeo->ialloc_min_blks < igeo->ialloc_blks)
639 		do_sparse = prandom_u32() & 1;
640 #endif
641 
642 	/*
643 	 * Locking will ensure that we don't have two callers in here
644 	 * at one time.
645 	 */
646 	newlen = igeo->ialloc_inos;
647 	if (igeo->maxicount &&
648 	    percpu_counter_read_positive(&args.mp->m_icount) + newlen >
649 							igeo->maxicount)
650 		return -ENOSPC;
651 	args.minlen = args.maxlen = igeo->ialloc_blks;
652 	/*
653 	 * First try to allocate inodes contiguous with the last-allocated
654 	 * chunk of inodes.  If the filesystem is striped, this will fill
655 	 * an entire stripe unit with inodes.
656 	 */
657 	agi = agbp->b_addr;
658 	newino = be32_to_cpu(agi->agi_newino);
659 	args.agbno = XFS_AGINO_TO_AGBNO(args.mp, newino) +
660 		     igeo->ialloc_blks;
661 	if (do_sparse)
662 		goto sparse_alloc;
663 	if (likely(newino != NULLAGINO &&
664 		  (args.agbno < be32_to_cpu(agi->agi_length)))) {
665 		args.fsbno = XFS_AGB_TO_FSB(args.mp, pag->pag_agno, args.agbno);
666 		args.type = XFS_ALLOCTYPE_THIS_BNO;
667 		args.prod = 1;
668 
669 		/*
670 		 * We need to take into account alignment here to ensure that
671 		 * we don't modify the free list if we fail to have an exact
672 		 * block. If we don't have an exact match, and every oher
673 		 * attempt allocation attempt fails, we'll end up cancelling
674 		 * a dirty transaction and shutting down.
675 		 *
676 		 * For an exact allocation, alignment must be 1,
677 		 * however we need to take cluster alignment into account when
678 		 * fixing up the freelist. Use the minalignslop field to
679 		 * indicate that extra blocks might be required for alignment,
680 		 * but not to use them in the actual exact allocation.
681 		 */
682 		args.alignment = 1;
683 		args.minalignslop = igeo->cluster_align - 1;
684 
685 		/* Allow space for the inode btree to split. */
686 		args.minleft = igeo->inobt_maxlevels;
687 		if ((error = xfs_alloc_vextent(&args)))
688 			return error;
689 
690 		/*
691 		 * This request might have dirtied the transaction if the AG can
692 		 * satisfy the request, but the exact block was not available.
693 		 * If the allocation did fail, subsequent requests will relax
694 		 * the exact agbno requirement and increase the alignment
695 		 * instead. It is critical that the total size of the request
696 		 * (len + alignment + slop) does not increase from this point
697 		 * on, so reset minalignslop to ensure it is not included in
698 		 * subsequent requests.
699 		 */
700 		args.minalignslop = 0;
701 	}
702 
703 	if (unlikely(args.fsbno == NULLFSBLOCK)) {
704 		/*
705 		 * Set the alignment for the allocation.
706 		 * If stripe alignment is turned on then align at stripe unit
707 		 * boundary.
708 		 * If the cluster size is smaller than a filesystem block
709 		 * then we're doing I/O for inodes in filesystem block size
710 		 * pieces, so don't need alignment anyway.
711 		 */
712 		isaligned = 0;
713 		if (igeo->ialloc_align) {
714 			ASSERT(!xfs_has_noalign(args.mp));
715 			args.alignment = args.mp->m_dalign;
716 			isaligned = 1;
717 		} else
718 			args.alignment = igeo->cluster_align;
719 		/*
720 		 * Need to figure out where to allocate the inode blocks.
721 		 * Ideally they should be spaced out through the a.g.
722 		 * For now, just allocate blocks up front.
723 		 */
724 		args.agbno = be32_to_cpu(agi->agi_root);
725 		args.fsbno = XFS_AGB_TO_FSB(args.mp, pag->pag_agno, args.agbno);
726 		/*
727 		 * Allocate a fixed-size extent of inodes.
728 		 */
729 		args.type = XFS_ALLOCTYPE_NEAR_BNO;
730 		args.prod = 1;
731 		/*
732 		 * Allow space for the inode btree to split.
733 		 */
734 		args.minleft = igeo->inobt_maxlevels;
735 		if ((error = xfs_alloc_vextent(&args)))
736 			return error;
737 	}
738 
739 	/*
740 	 * If stripe alignment is turned on, then try again with cluster
741 	 * alignment.
742 	 */
743 	if (isaligned && args.fsbno == NULLFSBLOCK) {
744 		args.type = XFS_ALLOCTYPE_NEAR_BNO;
745 		args.agbno = be32_to_cpu(agi->agi_root);
746 		args.fsbno = XFS_AGB_TO_FSB(args.mp, pag->pag_agno, args.agbno);
747 		args.alignment = igeo->cluster_align;
748 		if ((error = xfs_alloc_vextent(&args)))
749 			return error;
750 	}
751 
752 	/*
753 	 * Finally, try a sparse allocation if the filesystem supports it and
754 	 * the sparse allocation length is smaller than a full chunk.
755 	 */
756 	if (xfs_has_sparseinodes(args.mp) &&
757 	    igeo->ialloc_min_blks < igeo->ialloc_blks &&
758 	    args.fsbno == NULLFSBLOCK) {
759 sparse_alloc:
760 		args.type = XFS_ALLOCTYPE_NEAR_BNO;
761 		args.agbno = be32_to_cpu(agi->agi_root);
762 		args.fsbno = XFS_AGB_TO_FSB(args.mp, pag->pag_agno, args.agbno);
763 		args.alignment = args.mp->m_sb.sb_spino_align;
764 		args.prod = 1;
765 
766 		args.minlen = igeo->ialloc_min_blks;
767 		args.maxlen = args.minlen;
768 
769 		/*
770 		 * The inode record will be aligned to full chunk size. We must
771 		 * prevent sparse allocation from AG boundaries that result in
772 		 * invalid inode records, such as records that start at agbno 0
773 		 * or extend beyond the AG.
774 		 *
775 		 * Set min agbno to the first aligned, non-zero agbno and max to
776 		 * the last aligned agbno that is at least one full chunk from
777 		 * the end of the AG.
778 		 */
779 		args.min_agbno = args.mp->m_sb.sb_inoalignmt;
780 		args.max_agbno = round_down(args.mp->m_sb.sb_agblocks,
781 					    args.mp->m_sb.sb_inoalignmt) -
782 				 igeo->ialloc_blks;
783 
784 		error = xfs_alloc_vextent(&args);
785 		if (error)
786 			return error;
787 
788 		newlen = XFS_AGB_TO_AGINO(args.mp, args.len);
789 		ASSERT(newlen <= XFS_INODES_PER_CHUNK);
790 		allocmask = (1 << (newlen / XFS_INODES_PER_HOLEMASK_BIT)) - 1;
791 	}
792 
793 	if (args.fsbno == NULLFSBLOCK)
794 		return -EAGAIN;
795 
796 	ASSERT(args.len == args.minlen);
797 
798 	/*
799 	 * Stamp and write the inode buffers.
800 	 *
801 	 * Seed the new inode cluster with a random generation number. This
802 	 * prevents short-term reuse of generation numbers if a chunk is
803 	 * freed and then immediately reallocated. We use random numbers
804 	 * rather than a linear progression to prevent the next generation
805 	 * number from being easily guessable.
806 	 */
807 	error = xfs_ialloc_inode_init(args.mp, tp, NULL, newlen, pag->pag_agno,
808 			args.agbno, args.len, prandom_u32());
809 
810 	if (error)
811 		return error;
812 	/*
813 	 * Convert the results.
814 	 */
815 	newino = XFS_AGB_TO_AGINO(args.mp, args.agbno);
816 
817 	if (xfs_inobt_issparse(~allocmask)) {
818 		/*
819 		 * We've allocated a sparse chunk. Align the startino and mask.
820 		 */
821 		xfs_align_sparse_ino(args.mp, &newino, &allocmask);
822 
823 		rec.ir_startino = newino;
824 		rec.ir_holemask = ~allocmask;
825 		rec.ir_count = newlen;
826 		rec.ir_freecount = newlen;
827 		rec.ir_free = XFS_INOBT_ALL_FREE;
828 
829 		/*
830 		 * Insert the sparse record into the inobt and allow for a merge
831 		 * if necessary. If a merge does occur, rec is updated to the
832 		 * merged record.
833 		 */
834 		error = xfs_inobt_insert_sprec(args.mp, tp, agbp, pag,
835 				XFS_BTNUM_INO, &rec, true);
836 		if (error == -EFSCORRUPTED) {
837 			xfs_alert(args.mp,
838 	"invalid sparse inode record: ino 0x%llx holemask 0x%x count %u",
839 				  XFS_AGINO_TO_INO(args.mp, pag->pag_agno,
840 						   rec.ir_startino),
841 				  rec.ir_holemask, rec.ir_count);
842 			xfs_force_shutdown(args.mp, SHUTDOWN_CORRUPT_INCORE);
843 		}
844 		if (error)
845 			return error;
846 
847 		/*
848 		 * We can't merge the part we've just allocated as for the inobt
849 		 * due to finobt semantics. The original record may or may not
850 		 * exist independent of whether physical inodes exist in this
851 		 * sparse chunk.
852 		 *
853 		 * We must update the finobt record based on the inobt record.
854 		 * rec contains the fully merged and up to date inobt record
855 		 * from the previous call. Set merge false to replace any
856 		 * existing record with this one.
857 		 */
858 		if (xfs_has_finobt(args.mp)) {
859 			error = xfs_inobt_insert_sprec(args.mp, tp, agbp, pag,
860 				       XFS_BTNUM_FINO, &rec, false);
861 			if (error)
862 				return error;
863 		}
864 	} else {
865 		/* full chunk - insert new records to both btrees */
866 		error = xfs_inobt_insert(args.mp, tp, agbp, pag, newino, newlen,
867 					 XFS_BTNUM_INO);
868 		if (error)
869 			return error;
870 
871 		if (xfs_has_finobt(args.mp)) {
872 			error = xfs_inobt_insert(args.mp, tp, agbp, pag, newino,
873 						 newlen, XFS_BTNUM_FINO);
874 			if (error)
875 				return error;
876 		}
877 	}
878 
879 	/*
880 	 * Update AGI counts and newino.
881 	 */
882 	be32_add_cpu(&agi->agi_count, newlen);
883 	be32_add_cpu(&agi->agi_freecount, newlen);
884 	pag->pagi_freecount += newlen;
885 	pag->pagi_count += newlen;
886 	agi->agi_newino = cpu_to_be32(newino);
887 
888 	/*
889 	 * Log allocation group header fields
890 	 */
891 	xfs_ialloc_log_agi(tp, agbp,
892 		XFS_AGI_COUNT | XFS_AGI_FREECOUNT | XFS_AGI_NEWINO);
893 	/*
894 	 * Modify/log superblock values for inode count and inode free count.
895 	 */
896 	xfs_trans_mod_sb(tp, XFS_TRANS_SB_ICOUNT, (long)newlen);
897 	xfs_trans_mod_sb(tp, XFS_TRANS_SB_IFREE, (long)newlen);
898 	return 0;
899 }
900 
901 /*
902  * Try to retrieve the next record to the left/right from the current one.
903  */
904 STATIC int
905 xfs_ialloc_next_rec(
906 	struct xfs_btree_cur	*cur,
907 	xfs_inobt_rec_incore_t	*rec,
908 	int			*done,
909 	int			left)
910 {
911 	int                     error;
912 	int			i;
913 
914 	if (left)
915 		error = xfs_btree_decrement(cur, 0, &i);
916 	else
917 		error = xfs_btree_increment(cur, 0, &i);
918 
919 	if (error)
920 		return error;
921 	*done = !i;
922 	if (i) {
923 		error = xfs_inobt_get_rec(cur, rec, &i);
924 		if (error)
925 			return error;
926 		if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
927 			return -EFSCORRUPTED;
928 	}
929 
930 	return 0;
931 }
932 
933 STATIC int
934 xfs_ialloc_get_rec(
935 	struct xfs_btree_cur	*cur,
936 	xfs_agino_t		agino,
937 	xfs_inobt_rec_incore_t	*rec,
938 	int			*done)
939 {
940 	int                     error;
941 	int			i;
942 
943 	error = xfs_inobt_lookup(cur, agino, XFS_LOOKUP_EQ, &i);
944 	if (error)
945 		return error;
946 	*done = !i;
947 	if (i) {
948 		error = xfs_inobt_get_rec(cur, rec, &i);
949 		if (error)
950 			return error;
951 		if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
952 			return -EFSCORRUPTED;
953 	}
954 
955 	return 0;
956 }
957 
958 /*
959  * Return the offset of the first free inode in the record. If the inode chunk
960  * is sparsely allocated, we convert the record holemask to inode granularity
961  * and mask off the unallocated regions from the inode free mask.
962  */
963 STATIC int
964 xfs_inobt_first_free_inode(
965 	struct xfs_inobt_rec_incore	*rec)
966 {
967 	xfs_inofree_t			realfree;
968 
969 	/* if there are no holes, return the first available offset */
970 	if (!xfs_inobt_issparse(rec->ir_holemask))
971 		return xfs_lowbit64(rec->ir_free);
972 
973 	realfree = xfs_inobt_irec_to_allocmask(rec);
974 	realfree &= rec->ir_free;
975 
976 	return xfs_lowbit64(realfree);
977 }
978 
979 /*
980  * Allocate an inode using the inobt-only algorithm.
981  */
982 STATIC int
983 xfs_dialloc_ag_inobt(
984 	struct xfs_trans	*tp,
985 	struct xfs_buf		*agbp,
986 	struct xfs_perag	*pag,
987 	xfs_ino_t		parent,
988 	xfs_ino_t		*inop)
989 {
990 	struct xfs_mount	*mp = tp->t_mountp;
991 	struct xfs_agi		*agi = agbp->b_addr;
992 	xfs_agnumber_t		pagno = XFS_INO_TO_AGNO(mp, parent);
993 	xfs_agino_t		pagino = XFS_INO_TO_AGINO(mp, parent);
994 	struct xfs_btree_cur	*cur, *tcur;
995 	struct xfs_inobt_rec_incore rec, trec;
996 	xfs_ino_t		ino;
997 	int			error;
998 	int			offset;
999 	int			i, j;
1000 	int			searchdistance = 10;
1001 
1002 	ASSERT(pag->pagi_init);
1003 	ASSERT(pag->pagi_inodeok);
1004 	ASSERT(pag->pagi_freecount > 0);
1005 
1006  restart_pagno:
1007 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_INO);
1008 	/*
1009 	 * If pagino is 0 (this is the root inode allocation) use newino.
1010 	 * This must work because we've just allocated some.
1011 	 */
1012 	if (!pagino)
1013 		pagino = be32_to_cpu(agi->agi_newino);
1014 
1015 	error = xfs_check_agi_freecount(cur);
1016 	if (error)
1017 		goto error0;
1018 
1019 	/*
1020 	 * If in the same AG as the parent, try to get near the parent.
1021 	 */
1022 	if (pagno == pag->pag_agno) {
1023 		int		doneleft;	/* done, to the left */
1024 		int		doneright;	/* done, to the right */
1025 
1026 		error = xfs_inobt_lookup(cur, pagino, XFS_LOOKUP_LE, &i);
1027 		if (error)
1028 			goto error0;
1029 		if (XFS_IS_CORRUPT(mp, i != 1)) {
1030 			error = -EFSCORRUPTED;
1031 			goto error0;
1032 		}
1033 
1034 		error = xfs_inobt_get_rec(cur, &rec, &j);
1035 		if (error)
1036 			goto error0;
1037 		if (XFS_IS_CORRUPT(mp, j != 1)) {
1038 			error = -EFSCORRUPTED;
1039 			goto error0;
1040 		}
1041 
1042 		if (rec.ir_freecount > 0) {
1043 			/*
1044 			 * Found a free inode in the same chunk
1045 			 * as the parent, done.
1046 			 */
1047 			goto alloc_inode;
1048 		}
1049 
1050 
1051 		/*
1052 		 * In the same AG as parent, but parent's chunk is full.
1053 		 */
1054 
1055 		/* duplicate the cursor, search left & right simultaneously */
1056 		error = xfs_btree_dup_cursor(cur, &tcur);
1057 		if (error)
1058 			goto error0;
1059 
1060 		/*
1061 		 * Skip to last blocks looked up if same parent inode.
1062 		 */
1063 		if (pagino != NULLAGINO &&
1064 		    pag->pagl_pagino == pagino &&
1065 		    pag->pagl_leftrec != NULLAGINO &&
1066 		    pag->pagl_rightrec != NULLAGINO) {
1067 			error = xfs_ialloc_get_rec(tcur, pag->pagl_leftrec,
1068 						   &trec, &doneleft);
1069 			if (error)
1070 				goto error1;
1071 
1072 			error = xfs_ialloc_get_rec(cur, pag->pagl_rightrec,
1073 						   &rec, &doneright);
1074 			if (error)
1075 				goto error1;
1076 		} else {
1077 			/* search left with tcur, back up 1 record */
1078 			error = xfs_ialloc_next_rec(tcur, &trec, &doneleft, 1);
1079 			if (error)
1080 				goto error1;
1081 
1082 			/* search right with cur, go forward 1 record. */
1083 			error = xfs_ialloc_next_rec(cur, &rec, &doneright, 0);
1084 			if (error)
1085 				goto error1;
1086 		}
1087 
1088 		/*
1089 		 * Loop until we find an inode chunk with a free inode.
1090 		 */
1091 		while (--searchdistance > 0 && (!doneleft || !doneright)) {
1092 			int	useleft;  /* using left inode chunk this time */
1093 
1094 			/* figure out the closer block if both are valid. */
1095 			if (!doneleft && !doneright) {
1096 				useleft = pagino -
1097 				 (trec.ir_startino + XFS_INODES_PER_CHUNK - 1) <
1098 				  rec.ir_startino - pagino;
1099 			} else {
1100 				useleft = !doneleft;
1101 			}
1102 
1103 			/* free inodes to the left? */
1104 			if (useleft && trec.ir_freecount) {
1105 				xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
1106 				cur = tcur;
1107 
1108 				pag->pagl_leftrec = trec.ir_startino;
1109 				pag->pagl_rightrec = rec.ir_startino;
1110 				pag->pagl_pagino = pagino;
1111 				rec = trec;
1112 				goto alloc_inode;
1113 			}
1114 
1115 			/* free inodes to the right? */
1116 			if (!useleft && rec.ir_freecount) {
1117 				xfs_btree_del_cursor(tcur, XFS_BTREE_NOERROR);
1118 
1119 				pag->pagl_leftrec = trec.ir_startino;
1120 				pag->pagl_rightrec = rec.ir_startino;
1121 				pag->pagl_pagino = pagino;
1122 				goto alloc_inode;
1123 			}
1124 
1125 			/* get next record to check */
1126 			if (useleft) {
1127 				error = xfs_ialloc_next_rec(tcur, &trec,
1128 								 &doneleft, 1);
1129 			} else {
1130 				error = xfs_ialloc_next_rec(cur, &rec,
1131 								 &doneright, 0);
1132 			}
1133 			if (error)
1134 				goto error1;
1135 		}
1136 
1137 		if (searchdistance <= 0) {
1138 			/*
1139 			 * Not in range - save last search
1140 			 * location and allocate a new inode
1141 			 */
1142 			xfs_btree_del_cursor(tcur, XFS_BTREE_NOERROR);
1143 			pag->pagl_leftrec = trec.ir_startino;
1144 			pag->pagl_rightrec = rec.ir_startino;
1145 			pag->pagl_pagino = pagino;
1146 
1147 		} else {
1148 			/*
1149 			 * We've reached the end of the btree. because
1150 			 * we are only searching a small chunk of the
1151 			 * btree each search, there is obviously free
1152 			 * inodes closer to the parent inode than we
1153 			 * are now. restart the search again.
1154 			 */
1155 			pag->pagl_pagino = NULLAGINO;
1156 			pag->pagl_leftrec = NULLAGINO;
1157 			pag->pagl_rightrec = NULLAGINO;
1158 			xfs_btree_del_cursor(tcur, XFS_BTREE_NOERROR);
1159 			xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
1160 			goto restart_pagno;
1161 		}
1162 	}
1163 
1164 	/*
1165 	 * In a different AG from the parent.
1166 	 * See if the most recently allocated block has any free.
1167 	 */
1168 	if (agi->agi_newino != cpu_to_be32(NULLAGINO)) {
1169 		error = xfs_inobt_lookup(cur, be32_to_cpu(agi->agi_newino),
1170 					 XFS_LOOKUP_EQ, &i);
1171 		if (error)
1172 			goto error0;
1173 
1174 		if (i == 1) {
1175 			error = xfs_inobt_get_rec(cur, &rec, &j);
1176 			if (error)
1177 				goto error0;
1178 
1179 			if (j == 1 && rec.ir_freecount > 0) {
1180 				/*
1181 				 * The last chunk allocated in the group
1182 				 * still has a free inode.
1183 				 */
1184 				goto alloc_inode;
1185 			}
1186 		}
1187 	}
1188 
1189 	/*
1190 	 * None left in the last group, search the whole AG
1191 	 */
1192 	error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &i);
1193 	if (error)
1194 		goto error0;
1195 	if (XFS_IS_CORRUPT(mp, i != 1)) {
1196 		error = -EFSCORRUPTED;
1197 		goto error0;
1198 	}
1199 
1200 	for (;;) {
1201 		error = xfs_inobt_get_rec(cur, &rec, &i);
1202 		if (error)
1203 			goto error0;
1204 		if (XFS_IS_CORRUPT(mp, i != 1)) {
1205 			error = -EFSCORRUPTED;
1206 			goto error0;
1207 		}
1208 		if (rec.ir_freecount > 0)
1209 			break;
1210 		error = xfs_btree_increment(cur, 0, &i);
1211 		if (error)
1212 			goto error0;
1213 		if (XFS_IS_CORRUPT(mp, i != 1)) {
1214 			error = -EFSCORRUPTED;
1215 			goto error0;
1216 		}
1217 	}
1218 
1219 alloc_inode:
1220 	offset = xfs_inobt_first_free_inode(&rec);
1221 	ASSERT(offset >= 0);
1222 	ASSERT(offset < XFS_INODES_PER_CHUNK);
1223 	ASSERT((XFS_AGINO_TO_OFFSET(mp, rec.ir_startino) %
1224 				   XFS_INODES_PER_CHUNK) == 0);
1225 	ino = XFS_AGINO_TO_INO(mp, pag->pag_agno, rec.ir_startino + offset);
1226 	rec.ir_free &= ~XFS_INOBT_MASK(offset);
1227 	rec.ir_freecount--;
1228 	error = xfs_inobt_update(cur, &rec);
1229 	if (error)
1230 		goto error0;
1231 	be32_add_cpu(&agi->agi_freecount, -1);
1232 	xfs_ialloc_log_agi(tp, agbp, XFS_AGI_FREECOUNT);
1233 	pag->pagi_freecount--;
1234 
1235 	error = xfs_check_agi_freecount(cur);
1236 	if (error)
1237 		goto error0;
1238 
1239 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
1240 	xfs_trans_mod_sb(tp, XFS_TRANS_SB_IFREE, -1);
1241 	*inop = ino;
1242 	return 0;
1243 error1:
1244 	xfs_btree_del_cursor(tcur, XFS_BTREE_ERROR);
1245 error0:
1246 	xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
1247 	return error;
1248 }
1249 
1250 /*
1251  * Use the free inode btree to allocate an inode based on distance from the
1252  * parent. Note that the provided cursor may be deleted and replaced.
1253  */
1254 STATIC int
1255 xfs_dialloc_ag_finobt_near(
1256 	xfs_agino_t			pagino,
1257 	struct xfs_btree_cur		**ocur,
1258 	struct xfs_inobt_rec_incore	*rec)
1259 {
1260 	struct xfs_btree_cur		*lcur = *ocur;	/* left search cursor */
1261 	struct xfs_btree_cur		*rcur;	/* right search cursor */
1262 	struct xfs_inobt_rec_incore	rrec;
1263 	int				error;
1264 	int				i, j;
1265 
1266 	error = xfs_inobt_lookup(lcur, pagino, XFS_LOOKUP_LE, &i);
1267 	if (error)
1268 		return error;
1269 
1270 	if (i == 1) {
1271 		error = xfs_inobt_get_rec(lcur, rec, &i);
1272 		if (error)
1273 			return error;
1274 		if (XFS_IS_CORRUPT(lcur->bc_mp, i != 1))
1275 			return -EFSCORRUPTED;
1276 
1277 		/*
1278 		 * See if we've landed in the parent inode record. The finobt
1279 		 * only tracks chunks with at least one free inode, so record
1280 		 * existence is enough.
1281 		 */
1282 		if (pagino >= rec->ir_startino &&
1283 		    pagino < (rec->ir_startino + XFS_INODES_PER_CHUNK))
1284 			return 0;
1285 	}
1286 
1287 	error = xfs_btree_dup_cursor(lcur, &rcur);
1288 	if (error)
1289 		return error;
1290 
1291 	error = xfs_inobt_lookup(rcur, pagino, XFS_LOOKUP_GE, &j);
1292 	if (error)
1293 		goto error_rcur;
1294 	if (j == 1) {
1295 		error = xfs_inobt_get_rec(rcur, &rrec, &j);
1296 		if (error)
1297 			goto error_rcur;
1298 		if (XFS_IS_CORRUPT(lcur->bc_mp, j != 1)) {
1299 			error = -EFSCORRUPTED;
1300 			goto error_rcur;
1301 		}
1302 	}
1303 
1304 	if (XFS_IS_CORRUPT(lcur->bc_mp, i != 1 && j != 1)) {
1305 		error = -EFSCORRUPTED;
1306 		goto error_rcur;
1307 	}
1308 	if (i == 1 && j == 1) {
1309 		/*
1310 		 * Both the left and right records are valid. Choose the closer
1311 		 * inode chunk to the target.
1312 		 */
1313 		if ((pagino - rec->ir_startino + XFS_INODES_PER_CHUNK - 1) >
1314 		    (rrec.ir_startino - pagino)) {
1315 			*rec = rrec;
1316 			xfs_btree_del_cursor(lcur, XFS_BTREE_NOERROR);
1317 			*ocur = rcur;
1318 		} else {
1319 			xfs_btree_del_cursor(rcur, XFS_BTREE_NOERROR);
1320 		}
1321 	} else if (j == 1) {
1322 		/* only the right record is valid */
1323 		*rec = rrec;
1324 		xfs_btree_del_cursor(lcur, XFS_BTREE_NOERROR);
1325 		*ocur = rcur;
1326 	} else if (i == 1) {
1327 		/* only the left record is valid */
1328 		xfs_btree_del_cursor(rcur, XFS_BTREE_NOERROR);
1329 	}
1330 
1331 	return 0;
1332 
1333 error_rcur:
1334 	xfs_btree_del_cursor(rcur, XFS_BTREE_ERROR);
1335 	return error;
1336 }
1337 
1338 /*
1339  * Use the free inode btree to find a free inode based on a newino hint. If
1340  * the hint is NULL, find the first free inode in the AG.
1341  */
1342 STATIC int
1343 xfs_dialloc_ag_finobt_newino(
1344 	struct xfs_agi			*agi,
1345 	struct xfs_btree_cur		*cur,
1346 	struct xfs_inobt_rec_incore	*rec)
1347 {
1348 	int error;
1349 	int i;
1350 
1351 	if (agi->agi_newino != cpu_to_be32(NULLAGINO)) {
1352 		error = xfs_inobt_lookup(cur, be32_to_cpu(agi->agi_newino),
1353 					 XFS_LOOKUP_EQ, &i);
1354 		if (error)
1355 			return error;
1356 		if (i == 1) {
1357 			error = xfs_inobt_get_rec(cur, rec, &i);
1358 			if (error)
1359 				return error;
1360 			if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
1361 				return -EFSCORRUPTED;
1362 			return 0;
1363 		}
1364 	}
1365 
1366 	/*
1367 	 * Find the first inode available in the AG.
1368 	 */
1369 	error = xfs_inobt_lookup(cur, 0, XFS_LOOKUP_GE, &i);
1370 	if (error)
1371 		return error;
1372 	if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
1373 		return -EFSCORRUPTED;
1374 
1375 	error = xfs_inobt_get_rec(cur, rec, &i);
1376 	if (error)
1377 		return error;
1378 	if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
1379 		return -EFSCORRUPTED;
1380 
1381 	return 0;
1382 }
1383 
1384 /*
1385  * Update the inobt based on a modification made to the finobt. Also ensure that
1386  * the records from both trees are equivalent post-modification.
1387  */
1388 STATIC int
1389 xfs_dialloc_ag_update_inobt(
1390 	struct xfs_btree_cur		*cur,	/* inobt cursor */
1391 	struct xfs_inobt_rec_incore	*frec,	/* finobt record */
1392 	int				offset) /* inode offset */
1393 {
1394 	struct xfs_inobt_rec_incore	rec;
1395 	int				error;
1396 	int				i;
1397 
1398 	error = xfs_inobt_lookup(cur, frec->ir_startino, XFS_LOOKUP_EQ, &i);
1399 	if (error)
1400 		return error;
1401 	if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
1402 		return -EFSCORRUPTED;
1403 
1404 	error = xfs_inobt_get_rec(cur, &rec, &i);
1405 	if (error)
1406 		return error;
1407 	if (XFS_IS_CORRUPT(cur->bc_mp, i != 1))
1408 		return -EFSCORRUPTED;
1409 	ASSERT((XFS_AGINO_TO_OFFSET(cur->bc_mp, rec.ir_startino) %
1410 				   XFS_INODES_PER_CHUNK) == 0);
1411 
1412 	rec.ir_free &= ~XFS_INOBT_MASK(offset);
1413 	rec.ir_freecount--;
1414 
1415 	if (XFS_IS_CORRUPT(cur->bc_mp,
1416 			   rec.ir_free != frec->ir_free ||
1417 			   rec.ir_freecount != frec->ir_freecount))
1418 		return -EFSCORRUPTED;
1419 
1420 	return xfs_inobt_update(cur, &rec);
1421 }
1422 
1423 /*
1424  * Allocate an inode using the free inode btree, if available. Otherwise, fall
1425  * back to the inobt search algorithm.
1426  *
1427  * The caller selected an AG for us, and made sure that free inodes are
1428  * available.
1429  */
1430 static int
1431 xfs_dialloc_ag(
1432 	struct xfs_trans	*tp,
1433 	struct xfs_buf		*agbp,
1434 	struct xfs_perag	*pag,
1435 	xfs_ino_t		parent,
1436 	xfs_ino_t		*inop)
1437 {
1438 	struct xfs_mount		*mp = tp->t_mountp;
1439 	struct xfs_agi			*agi = agbp->b_addr;
1440 	xfs_agnumber_t			pagno = XFS_INO_TO_AGNO(mp, parent);
1441 	xfs_agino_t			pagino = XFS_INO_TO_AGINO(mp, parent);
1442 	struct xfs_btree_cur		*cur;	/* finobt cursor */
1443 	struct xfs_btree_cur		*icur;	/* inobt cursor */
1444 	struct xfs_inobt_rec_incore	rec;
1445 	xfs_ino_t			ino;
1446 	int				error;
1447 	int				offset;
1448 	int				i;
1449 
1450 	if (!xfs_has_finobt(mp))
1451 		return xfs_dialloc_ag_inobt(tp, agbp, pag, parent, inop);
1452 
1453 	/*
1454 	 * If pagino is 0 (this is the root inode allocation) use newino.
1455 	 * This must work because we've just allocated some.
1456 	 */
1457 	if (!pagino)
1458 		pagino = be32_to_cpu(agi->agi_newino);
1459 
1460 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_FINO);
1461 
1462 	error = xfs_check_agi_freecount(cur);
1463 	if (error)
1464 		goto error_cur;
1465 
1466 	/*
1467 	 * The search algorithm depends on whether we're in the same AG as the
1468 	 * parent. If so, find the closest available inode to the parent. If
1469 	 * not, consider the agi hint or find the first free inode in the AG.
1470 	 */
1471 	if (pag->pag_agno == pagno)
1472 		error = xfs_dialloc_ag_finobt_near(pagino, &cur, &rec);
1473 	else
1474 		error = xfs_dialloc_ag_finobt_newino(agi, cur, &rec);
1475 	if (error)
1476 		goto error_cur;
1477 
1478 	offset = xfs_inobt_first_free_inode(&rec);
1479 	ASSERT(offset >= 0);
1480 	ASSERT(offset < XFS_INODES_PER_CHUNK);
1481 	ASSERT((XFS_AGINO_TO_OFFSET(mp, rec.ir_startino) %
1482 				   XFS_INODES_PER_CHUNK) == 0);
1483 	ino = XFS_AGINO_TO_INO(mp, pag->pag_agno, rec.ir_startino + offset);
1484 
1485 	/*
1486 	 * Modify or remove the finobt record.
1487 	 */
1488 	rec.ir_free &= ~XFS_INOBT_MASK(offset);
1489 	rec.ir_freecount--;
1490 	if (rec.ir_freecount)
1491 		error = xfs_inobt_update(cur, &rec);
1492 	else
1493 		error = xfs_btree_delete(cur, &i);
1494 	if (error)
1495 		goto error_cur;
1496 
1497 	/*
1498 	 * The finobt has now been updated appropriately. We haven't updated the
1499 	 * agi and superblock yet, so we can create an inobt cursor and validate
1500 	 * the original freecount. If all is well, make the equivalent update to
1501 	 * the inobt using the finobt record and offset information.
1502 	 */
1503 	icur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_INO);
1504 
1505 	error = xfs_check_agi_freecount(icur);
1506 	if (error)
1507 		goto error_icur;
1508 
1509 	error = xfs_dialloc_ag_update_inobt(icur, &rec, offset);
1510 	if (error)
1511 		goto error_icur;
1512 
1513 	/*
1514 	 * Both trees have now been updated. We must update the perag and
1515 	 * superblock before we can check the freecount for each btree.
1516 	 */
1517 	be32_add_cpu(&agi->agi_freecount, -1);
1518 	xfs_ialloc_log_agi(tp, agbp, XFS_AGI_FREECOUNT);
1519 	pag->pagi_freecount--;
1520 
1521 	xfs_trans_mod_sb(tp, XFS_TRANS_SB_IFREE, -1);
1522 
1523 	error = xfs_check_agi_freecount(icur);
1524 	if (error)
1525 		goto error_icur;
1526 	error = xfs_check_agi_freecount(cur);
1527 	if (error)
1528 		goto error_icur;
1529 
1530 	xfs_btree_del_cursor(icur, XFS_BTREE_NOERROR);
1531 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
1532 	*inop = ino;
1533 	return 0;
1534 
1535 error_icur:
1536 	xfs_btree_del_cursor(icur, XFS_BTREE_ERROR);
1537 error_cur:
1538 	xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
1539 	return error;
1540 }
1541 
1542 static int
1543 xfs_dialloc_roll(
1544 	struct xfs_trans	**tpp,
1545 	struct xfs_buf		*agibp)
1546 {
1547 	struct xfs_trans	*tp = *tpp;
1548 	struct xfs_dquot_acct	*dqinfo;
1549 	int			error;
1550 
1551 	/*
1552 	 * Hold to on to the agibp across the commit so no other allocation can
1553 	 * come in and take the free inodes we just allocated for our caller.
1554 	 */
1555 	xfs_trans_bhold(tp, agibp);
1556 
1557 	/*
1558 	 * We want the quota changes to be associated with the next transaction,
1559 	 * NOT this one. So, detach the dqinfo from this and attach it to the
1560 	 * next transaction.
1561 	 */
1562 	dqinfo = tp->t_dqinfo;
1563 	tp->t_dqinfo = NULL;
1564 
1565 	error = xfs_trans_roll(&tp);
1566 
1567 	/* Re-attach the quota info that we detached from prev trx. */
1568 	tp->t_dqinfo = dqinfo;
1569 
1570 	/*
1571 	 * Join the buffer even on commit error so that the buffer is released
1572 	 * when the caller cancels the transaction and doesn't have to handle
1573 	 * this error case specially.
1574 	 */
1575 	xfs_trans_bjoin(tp, agibp);
1576 	*tpp = tp;
1577 	return error;
1578 }
1579 
1580 static xfs_agnumber_t
1581 xfs_ialloc_next_ag(
1582 	xfs_mount_t	*mp)
1583 {
1584 	xfs_agnumber_t	agno;
1585 
1586 	spin_lock(&mp->m_agirotor_lock);
1587 	agno = mp->m_agirotor;
1588 	if (++mp->m_agirotor >= mp->m_maxagi)
1589 		mp->m_agirotor = 0;
1590 	spin_unlock(&mp->m_agirotor_lock);
1591 
1592 	return agno;
1593 }
1594 
1595 static bool
1596 xfs_dialloc_good_ag(
1597 	struct xfs_trans	*tp,
1598 	struct xfs_perag	*pag,
1599 	umode_t			mode,
1600 	int			flags,
1601 	bool			ok_alloc)
1602 {
1603 	struct xfs_mount	*mp = tp->t_mountp;
1604 	xfs_extlen_t		ineed;
1605 	xfs_extlen_t		longest = 0;
1606 	int			needspace;
1607 	int			error;
1608 
1609 	if (!pag->pagi_inodeok)
1610 		return false;
1611 
1612 	if (!pag->pagi_init) {
1613 		error = xfs_ialloc_read_agi(pag, tp, NULL);
1614 		if (error)
1615 			return false;
1616 	}
1617 
1618 	if (pag->pagi_freecount)
1619 		return true;
1620 	if (!ok_alloc)
1621 		return false;
1622 
1623 	if (!pag->pagf_init) {
1624 		error = xfs_alloc_read_agf(pag, tp, flags, NULL);
1625 		if (error)
1626 			return false;
1627 	}
1628 
1629 	/*
1630 	 * Check that there is enough free space for the file plus a chunk of
1631 	 * inodes if we need to allocate some. If this is the first pass across
1632 	 * the AGs, take into account the potential space needed for alignment
1633 	 * of inode chunks when checking the longest contiguous free space in
1634 	 * the AG - this prevents us from getting ENOSPC because we have free
1635 	 * space larger than ialloc_blks but alignment constraints prevent us
1636 	 * from using it.
1637 	 *
1638 	 * If we can't find an AG with space for full alignment slack to be
1639 	 * taken into account, we must be near ENOSPC in all AGs.  Hence we
1640 	 * don't include alignment for the second pass and so if we fail
1641 	 * allocation due to alignment issues then it is most likely a real
1642 	 * ENOSPC condition.
1643 	 *
1644 	 * XXX(dgc): this calculation is now bogus thanks to the per-ag
1645 	 * reservations that xfs_alloc_fix_freelist() now does via
1646 	 * xfs_alloc_space_available(). When the AG fills up, pagf_freeblks will
1647 	 * be more than large enough for the check below to succeed, but
1648 	 * xfs_alloc_space_available() will fail because of the non-zero
1649 	 * metadata reservation and hence we won't actually be able to allocate
1650 	 * more inodes in this AG. We do soooo much unnecessary work near ENOSPC
1651 	 * because of this.
1652 	 */
1653 	ineed = M_IGEO(mp)->ialloc_min_blks;
1654 	if (flags && ineed > 1)
1655 		ineed += M_IGEO(mp)->cluster_align;
1656 	longest = pag->pagf_longest;
1657 	if (!longest)
1658 		longest = pag->pagf_flcount > 0;
1659 	needspace = S_ISDIR(mode) || S_ISREG(mode) || S_ISLNK(mode);
1660 
1661 	if (pag->pagf_freeblks < needspace + ineed || longest < ineed)
1662 		return false;
1663 	return true;
1664 }
1665 
1666 static int
1667 xfs_dialloc_try_ag(
1668 	struct xfs_trans	**tpp,
1669 	struct xfs_perag	*pag,
1670 	xfs_ino_t		parent,
1671 	xfs_ino_t		*new_ino,
1672 	bool			ok_alloc)
1673 {
1674 	struct xfs_buf		*agbp;
1675 	xfs_ino_t		ino;
1676 	int			error;
1677 
1678 	/*
1679 	 * Then read in the AGI buffer and recheck with the AGI buffer
1680 	 * lock held.
1681 	 */
1682 	error = xfs_ialloc_read_agi(pag, *tpp, &agbp);
1683 	if (error)
1684 		return error;
1685 
1686 	if (!pag->pagi_freecount) {
1687 		if (!ok_alloc) {
1688 			error = -EAGAIN;
1689 			goto out_release;
1690 		}
1691 
1692 		error = xfs_ialloc_ag_alloc(*tpp, agbp, pag);
1693 		if (error < 0)
1694 			goto out_release;
1695 
1696 		/*
1697 		 * We successfully allocated space for an inode cluster in this
1698 		 * AG.  Roll the transaction so that we can allocate one of the
1699 		 * new inodes.
1700 		 */
1701 		ASSERT(pag->pagi_freecount > 0);
1702 		error = xfs_dialloc_roll(tpp, agbp);
1703 		if (error)
1704 			goto out_release;
1705 	}
1706 
1707 	/* Allocate an inode in the found AG */
1708 	error = xfs_dialloc_ag(*tpp, agbp, pag, parent, &ino);
1709 	if (!error)
1710 		*new_ino = ino;
1711 	return error;
1712 
1713 out_release:
1714 	xfs_trans_brelse(*tpp, agbp);
1715 	return error;
1716 }
1717 
1718 /*
1719  * Allocate an on-disk inode.
1720  *
1721  * Mode is used to tell whether the new inode is a directory and hence where to
1722  * locate it. The on-disk inode that is allocated will be returned in @new_ino
1723  * on success, otherwise an error will be set to indicate the failure (e.g.
1724  * -ENOSPC).
1725  */
1726 int
1727 xfs_dialloc(
1728 	struct xfs_trans	**tpp,
1729 	xfs_ino_t		parent,
1730 	umode_t			mode,
1731 	xfs_ino_t		*new_ino)
1732 {
1733 	struct xfs_mount	*mp = (*tpp)->t_mountp;
1734 	xfs_agnumber_t		agno;
1735 	int			error = 0;
1736 	xfs_agnumber_t		start_agno;
1737 	struct xfs_perag	*pag;
1738 	struct xfs_ino_geometry	*igeo = M_IGEO(mp);
1739 	bool			ok_alloc = true;
1740 	int			flags;
1741 	xfs_ino_t		ino;
1742 
1743 	/*
1744 	 * Directories, symlinks, and regular files frequently allocate at least
1745 	 * one block, so factor that potential expansion when we examine whether
1746 	 * an AG has enough space for file creation.
1747 	 */
1748 	if (S_ISDIR(mode))
1749 		start_agno = xfs_ialloc_next_ag(mp);
1750 	else {
1751 		start_agno = XFS_INO_TO_AGNO(mp, parent);
1752 		if (start_agno >= mp->m_maxagi)
1753 			start_agno = 0;
1754 	}
1755 
1756 	/*
1757 	 * If we have already hit the ceiling of inode blocks then clear
1758 	 * ok_alloc so we scan all available agi structures for a free
1759 	 * inode.
1760 	 *
1761 	 * Read rough value of mp->m_icount by percpu_counter_read_positive,
1762 	 * which will sacrifice the preciseness but improve the performance.
1763 	 */
1764 	if (igeo->maxicount &&
1765 	    percpu_counter_read_positive(&mp->m_icount) + igeo->ialloc_inos
1766 							> igeo->maxicount) {
1767 		ok_alloc = false;
1768 	}
1769 
1770 	/*
1771 	 * Loop until we find an allocation group that either has free inodes
1772 	 * or in which we can allocate some inodes.  Iterate through the
1773 	 * allocation groups upward, wrapping at the end.
1774 	 */
1775 	agno = start_agno;
1776 	flags = XFS_ALLOC_FLAG_TRYLOCK;
1777 	for (;;) {
1778 		pag = xfs_perag_get(mp, agno);
1779 		if (xfs_dialloc_good_ag(*tpp, pag, mode, flags, ok_alloc)) {
1780 			error = xfs_dialloc_try_ag(tpp, pag, parent,
1781 					&ino, ok_alloc);
1782 			if (error != -EAGAIN)
1783 				break;
1784 		}
1785 
1786 		if (xfs_is_shutdown(mp)) {
1787 			error = -EFSCORRUPTED;
1788 			break;
1789 		}
1790 		if (++agno == mp->m_maxagi)
1791 			agno = 0;
1792 		if (agno == start_agno) {
1793 			if (!flags) {
1794 				error = -ENOSPC;
1795 				break;
1796 			}
1797 			flags = 0;
1798 		}
1799 		xfs_perag_put(pag);
1800 	}
1801 
1802 	if (!error)
1803 		*new_ino = ino;
1804 	xfs_perag_put(pag);
1805 	return error;
1806 }
1807 
1808 /*
1809  * Free the blocks of an inode chunk. We must consider that the inode chunk
1810  * might be sparse and only free the regions that are allocated as part of the
1811  * chunk.
1812  */
1813 STATIC void
1814 xfs_difree_inode_chunk(
1815 	struct xfs_trans		*tp,
1816 	xfs_agnumber_t			agno,
1817 	struct xfs_inobt_rec_incore	*rec)
1818 {
1819 	struct xfs_mount		*mp = tp->t_mountp;
1820 	xfs_agblock_t			sagbno = XFS_AGINO_TO_AGBNO(mp,
1821 							rec->ir_startino);
1822 	int				startidx, endidx;
1823 	int				nextbit;
1824 	xfs_agblock_t			agbno;
1825 	int				contigblk;
1826 	DECLARE_BITMAP(holemask, XFS_INOBT_HOLEMASK_BITS);
1827 
1828 	if (!xfs_inobt_issparse(rec->ir_holemask)) {
1829 		/* not sparse, calculate extent info directly */
1830 		xfs_free_extent_later(tp, XFS_AGB_TO_FSB(mp, agno, sagbno),
1831 				  M_IGEO(mp)->ialloc_blks,
1832 				  &XFS_RMAP_OINFO_INODES);
1833 		return;
1834 	}
1835 
1836 	/* holemask is only 16-bits (fits in an unsigned long) */
1837 	ASSERT(sizeof(rec->ir_holemask) <= sizeof(holemask[0]));
1838 	holemask[0] = rec->ir_holemask;
1839 
1840 	/*
1841 	 * Find contiguous ranges of zeroes (i.e., allocated regions) in the
1842 	 * holemask and convert the start/end index of each range to an extent.
1843 	 * We start with the start and end index both pointing at the first 0 in
1844 	 * the mask.
1845 	 */
1846 	startidx = endidx = find_first_zero_bit(holemask,
1847 						XFS_INOBT_HOLEMASK_BITS);
1848 	nextbit = startidx + 1;
1849 	while (startidx < XFS_INOBT_HOLEMASK_BITS) {
1850 		nextbit = find_next_zero_bit(holemask, XFS_INOBT_HOLEMASK_BITS,
1851 					     nextbit);
1852 		/*
1853 		 * If the next zero bit is contiguous, update the end index of
1854 		 * the current range and continue.
1855 		 */
1856 		if (nextbit != XFS_INOBT_HOLEMASK_BITS &&
1857 		    nextbit == endidx + 1) {
1858 			endidx = nextbit;
1859 			goto next;
1860 		}
1861 
1862 		/*
1863 		 * nextbit is not contiguous with the current end index. Convert
1864 		 * the current start/end to an extent and add it to the free
1865 		 * list.
1866 		 */
1867 		agbno = sagbno + (startidx * XFS_INODES_PER_HOLEMASK_BIT) /
1868 				  mp->m_sb.sb_inopblock;
1869 		contigblk = ((endidx - startidx + 1) *
1870 			     XFS_INODES_PER_HOLEMASK_BIT) /
1871 			    mp->m_sb.sb_inopblock;
1872 
1873 		ASSERT(agbno % mp->m_sb.sb_spino_align == 0);
1874 		ASSERT(contigblk % mp->m_sb.sb_spino_align == 0);
1875 		xfs_free_extent_later(tp, XFS_AGB_TO_FSB(mp, agno, agbno),
1876 				  contigblk, &XFS_RMAP_OINFO_INODES);
1877 
1878 		/* reset range to current bit and carry on... */
1879 		startidx = endidx = nextbit;
1880 
1881 next:
1882 		nextbit++;
1883 	}
1884 }
1885 
1886 STATIC int
1887 xfs_difree_inobt(
1888 	struct xfs_mount		*mp,
1889 	struct xfs_trans		*tp,
1890 	struct xfs_buf			*agbp,
1891 	struct xfs_perag		*pag,
1892 	xfs_agino_t			agino,
1893 	struct xfs_icluster		*xic,
1894 	struct xfs_inobt_rec_incore	*orec)
1895 {
1896 	struct xfs_agi			*agi = agbp->b_addr;
1897 	struct xfs_btree_cur		*cur;
1898 	struct xfs_inobt_rec_incore	rec;
1899 	int				ilen;
1900 	int				error;
1901 	int				i;
1902 	int				off;
1903 
1904 	ASSERT(agi->agi_magicnum == cpu_to_be32(XFS_AGI_MAGIC));
1905 	ASSERT(XFS_AGINO_TO_AGBNO(mp, agino) < be32_to_cpu(agi->agi_length));
1906 
1907 	/*
1908 	 * Initialize the cursor.
1909 	 */
1910 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_INO);
1911 
1912 	error = xfs_check_agi_freecount(cur);
1913 	if (error)
1914 		goto error0;
1915 
1916 	/*
1917 	 * Look for the entry describing this inode.
1918 	 */
1919 	if ((error = xfs_inobt_lookup(cur, agino, XFS_LOOKUP_LE, &i))) {
1920 		xfs_warn(mp, "%s: xfs_inobt_lookup() returned error %d.",
1921 			__func__, error);
1922 		goto error0;
1923 	}
1924 	if (XFS_IS_CORRUPT(mp, i != 1)) {
1925 		error = -EFSCORRUPTED;
1926 		goto error0;
1927 	}
1928 	error = xfs_inobt_get_rec(cur, &rec, &i);
1929 	if (error) {
1930 		xfs_warn(mp, "%s: xfs_inobt_get_rec() returned error %d.",
1931 			__func__, error);
1932 		goto error0;
1933 	}
1934 	if (XFS_IS_CORRUPT(mp, i != 1)) {
1935 		error = -EFSCORRUPTED;
1936 		goto error0;
1937 	}
1938 	/*
1939 	 * Get the offset in the inode chunk.
1940 	 */
1941 	off = agino - rec.ir_startino;
1942 	ASSERT(off >= 0 && off < XFS_INODES_PER_CHUNK);
1943 	ASSERT(!(rec.ir_free & XFS_INOBT_MASK(off)));
1944 	/*
1945 	 * Mark the inode free & increment the count.
1946 	 */
1947 	rec.ir_free |= XFS_INOBT_MASK(off);
1948 	rec.ir_freecount++;
1949 
1950 	/*
1951 	 * When an inode chunk is free, it becomes eligible for removal. Don't
1952 	 * remove the chunk if the block size is large enough for multiple inode
1953 	 * chunks (that might not be free).
1954 	 */
1955 	if (!xfs_has_ikeep(mp) && rec.ir_free == XFS_INOBT_ALL_FREE &&
1956 	    mp->m_sb.sb_inopblock <= XFS_INODES_PER_CHUNK) {
1957 		struct xfs_perag	*pag = agbp->b_pag;
1958 
1959 		xic->deleted = true;
1960 		xic->first_ino = XFS_AGINO_TO_INO(mp, pag->pag_agno,
1961 				rec.ir_startino);
1962 		xic->alloc = xfs_inobt_irec_to_allocmask(&rec);
1963 
1964 		/*
1965 		 * Remove the inode cluster from the AGI B+Tree, adjust the
1966 		 * AGI and Superblock inode counts, and mark the disk space
1967 		 * to be freed when the transaction is committed.
1968 		 */
1969 		ilen = rec.ir_freecount;
1970 		be32_add_cpu(&agi->agi_count, -ilen);
1971 		be32_add_cpu(&agi->agi_freecount, -(ilen - 1));
1972 		xfs_ialloc_log_agi(tp, agbp, XFS_AGI_COUNT | XFS_AGI_FREECOUNT);
1973 		pag->pagi_freecount -= ilen - 1;
1974 		pag->pagi_count -= ilen;
1975 		xfs_trans_mod_sb(tp, XFS_TRANS_SB_ICOUNT, -ilen);
1976 		xfs_trans_mod_sb(tp, XFS_TRANS_SB_IFREE, -(ilen - 1));
1977 
1978 		if ((error = xfs_btree_delete(cur, &i))) {
1979 			xfs_warn(mp, "%s: xfs_btree_delete returned error %d.",
1980 				__func__, error);
1981 			goto error0;
1982 		}
1983 
1984 		xfs_difree_inode_chunk(tp, pag->pag_agno, &rec);
1985 	} else {
1986 		xic->deleted = false;
1987 
1988 		error = xfs_inobt_update(cur, &rec);
1989 		if (error) {
1990 			xfs_warn(mp, "%s: xfs_inobt_update returned error %d.",
1991 				__func__, error);
1992 			goto error0;
1993 		}
1994 
1995 		/*
1996 		 * Change the inode free counts and log the ag/sb changes.
1997 		 */
1998 		be32_add_cpu(&agi->agi_freecount, 1);
1999 		xfs_ialloc_log_agi(tp, agbp, XFS_AGI_FREECOUNT);
2000 		pag->pagi_freecount++;
2001 		xfs_trans_mod_sb(tp, XFS_TRANS_SB_IFREE, 1);
2002 	}
2003 
2004 	error = xfs_check_agi_freecount(cur);
2005 	if (error)
2006 		goto error0;
2007 
2008 	*orec = rec;
2009 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
2010 	return 0;
2011 
2012 error0:
2013 	xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
2014 	return error;
2015 }
2016 
2017 /*
2018  * Free an inode in the free inode btree.
2019  */
2020 STATIC int
2021 xfs_difree_finobt(
2022 	struct xfs_mount		*mp,
2023 	struct xfs_trans		*tp,
2024 	struct xfs_buf			*agbp,
2025 	struct xfs_perag		*pag,
2026 	xfs_agino_t			agino,
2027 	struct xfs_inobt_rec_incore	*ibtrec) /* inobt record */
2028 {
2029 	struct xfs_btree_cur		*cur;
2030 	struct xfs_inobt_rec_incore	rec;
2031 	int				offset = agino - ibtrec->ir_startino;
2032 	int				error;
2033 	int				i;
2034 
2035 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_FINO);
2036 
2037 	error = xfs_inobt_lookup(cur, ibtrec->ir_startino, XFS_LOOKUP_EQ, &i);
2038 	if (error)
2039 		goto error;
2040 	if (i == 0) {
2041 		/*
2042 		 * If the record does not exist in the finobt, we must have just
2043 		 * freed an inode in a previously fully allocated chunk. If not,
2044 		 * something is out of sync.
2045 		 */
2046 		if (XFS_IS_CORRUPT(mp, ibtrec->ir_freecount != 1)) {
2047 			error = -EFSCORRUPTED;
2048 			goto error;
2049 		}
2050 
2051 		error = xfs_inobt_insert_rec(cur, ibtrec->ir_holemask,
2052 					     ibtrec->ir_count,
2053 					     ibtrec->ir_freecount,
2054 					     ibtrec->ir_free, &i);
2055 		if (error)
2056 			goto error;
2057 		ASSERT(i == 1);
2058 
2059 		goto out;
2060 	}
2061 
2062 	/*
2063 	 * Read and update the existing record. We could just copy the ibtrec
2064 	 * across here, but that would defeat the purpose of having redundant
2065 	 * metadata. By making the modifications independently, we can catch
2066 	 * corruptions that we wouldn't see if we just copied from one record
2067 	 * to another.
2068 	 */
2069 	error = xfs_inobt_get_rec(cur, &rec, &i);
2070 	if (error)
2071 		goto error;
2072 	if (XFS_IS_CORRUPT(mp, i != 1)) {
2073 		error = -EFSCORRUPTED;
2074 		goto error;
2075 	}
2076 
2077 	rec.ir_free |= XFS_INOBT_MASK(offset);
2078 	rec.ir_freecount++;
2079 
2080 	if (XFS_IS_CORRUPT(mp,
2081 			   rec.ir_free != ibtrec->ir_free ||
2082 			   rec.ir_freecount != ibtrec->ir_freecount)) {
2083 		error = -EFSCORRUPTED;
2084 		goto error;
2085 	}
2086 
2087 	/*
2088 	 * The content of inobt records should always match between the inobt
2089 	 * and finobt. The lifecycle of records in the finobt is different from
2090 	 * the inobt in that the finobt only tracks records with at least one
2091 	 * free inode. Hence, if all of the inodes are free and we aren't
2092 	 * keeping inode chunks permanently on disk, remove the record.
2093 	 * Otherwise, update the record with the new information.
2094 	 *
2095 	 * Note that we currently can't free chunks when the block size is large
2096 	 * enough for multiple chunks. Leave the finobt record to remain in sync
2097 	 * with the inobt.
2098 	 */
2099 	if (!xfs_has_ikeep(mp) && rec.ir_free == XFS_INOBT_ALL_FREE &&
2100 	    mp->m_sb.sb_inopblock <= XFS_INODES_PER_CHUNK) {
2101 		error = xfs_btree_delete(cur, &i);
2102 		if (error)
2103 			goto error;
2104 		ASSERT(i == 1);
2105 	} else {
2106 		error = xfs_inobt_update(cur, &rec);
2107 		if (error)
2108 			goto error;
2109 	}
2110 
2111 out:
2112 	error = xfs_check_agi_freecount(cur);
2113 	if (error)
2114 		goto error;
2115 
2116 	xfs_btree_del_cursor(cur, XFS_BTREE_NOERROR);
2117 	return 0;
2118 
2119 error:
2120 	xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
2121 	return error;
2122 }
2123 
2124 /*
2125  * Free disk inode.  Carefully avoids touching the incore inode, all
2126  * manipulations incore are the caller's responsibility.
2127  * The on-disk inode is not changed by this operation, only the
2128  * btree (free inode mask) is changed.
2129  */
2130 int
2131 xfs_difree(
2132 	struct xfs_trans	*tp,
2133 	struct xfs_perag	*pag,
2134 	xfs_ino_t		inode,
2135 	struct xfs_icluster	*xic)
2136 {
2137 	/* REFERENCED */
2138 	xfs_agblock_t		agbno;	/* block number containing inode */
2139 	struct xfs_buf		*agbp;	/* buffer for allocation group header */
2140 	xfs_agino_t		agino;	/* allocation group inode number */
2141 	int			error;	/* error return value */
2142 	struct xfs_mount	*mp = tp->t_mountp;
2143 	struct xfs_inobt_rec_incore rec;/* btree record */
2144 
2145 	/*
2146 	 * Break up inode number into its components.
2147 	 */
2148 	if (pag->pag_agno != XFS_INO_TO_AGNO(mp, inode)) {
2149 		xfs_warn(mp, "%s: agno != pag->pag_agno (%d != %d).",
2150 			__func__, XFS_INO_TO_AGNO(mp, inode), pag->pag_agno);
2151 		ASSERT(0);
2152 		return -EINVAL;
2153 	}
2154 	agino = XFS_INO_TO_AGINO(mp, inode);
2155 	if (inode != XFS_AGINO_TO_INO(mp, pag->pag_agno, agino))  {
2156 		xfs_warn(mp, "%s: inode != XFS_AGINO_TO_INO() (%llu != %llu).",
2157 			__func__, (unsigned long long)inode,
2158 			(unsigned long long)XFS_AGINO_TO_INO(mp, pag->pag_agno, agino));
2159 		ASSERT(0);
2160 		return -EINVAL;
2161 	}
2162 	agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2163 	if (agbno >= mp->m_sb.sb_agblocks)  {
2164 		xfs_warn(mp, "%s: agbno >= mp->m_sb.sb_agblocks (%d >= %d).",
2165 			__func__, agbno, mp->m_sb.sb_agblocks);
2166 		ASSERT(0);
2167 		return -EINVAL;
2168 	}
2169 	/*
2170 	 * Get the allocation group header.
2171 	 */
2172 	error = xfs_ialloc_read_agi(pag, tp, &agbp);
2173 	if (error) {
2174 		xfs_warn(mp, "%s: xfs_ialloc_read_agi() returned error %d.",
2175 			__func__, error);
2176 		return error;
2177 	}
2178 
2179 	/*
2180 	 * Fix up the inode allocation btree.
2181 	 */
2182 	error = xfs_difree_inobt(mp, tp, agbp, pag, agino, xic, &rec);
2183 	if (error)
2184 		goto error0;
2185 
2186 	/*
2187 	 * Fix up the free inode btree.
2188 	 */
2189 	if (xfs_has_finobt(mp)) {
2190 		error = xfs_difree_finobt(mp, tp, agbp, pag, agino, &rec);
2191 		if (error)
2192 			goto error0;
2193 	}
2194 
2195 	return 0;
2196 
2197 error0:
2198 	return error;
2199 }
2200 
2201 STATIC int
2202 xfs_imap_lookup(
2203 	struct xfs_mount	*mp,
2204 	struct xfs_trans	*tp,
2205 	struct xfs_perag	*pag,
2206 	xfs_agino_t		agino,
2207 	xfs_agblock_t		agbno,
2208 	xfs_agblock_t		*chunk_agbno,
2209 	xfs_agblock_t		*offset_agbno,
2210 	int			flags)
2211 {
2212 	struct xfs_inobt_rec_incore rec;
2213 	struct xfs_btree_cur	*cur;
2214 	struct xfs_buf		*agbp;
2215 	int			error;
2216 	int			i;
2217 
2218 	error = xfs_ialloc_read_agi(pag, tp, &agbp);
2219 	if (error) {
2220 		xfs_alert(mp,
2221 			"%s: xfs_ialloc_read_agi() returned error %d, agno %d",
2222 			__func__, error, pag->pag_agno);
2223 		return error;
2224 	}
2225 
2226 	/*
2227 	 * Lookup the inode record for the given agino. If the record cannot be
2228 	 * found, then it's an invalid inode number and we should abort. Once
2229 	 * we have a record, we need to ensure it contains the inode number
2230 	 * we are looking up.
2231 	 */
2232 	cur = xfs_inobt_init_cursor(mp, tp, agbp, pag, XFS_BTNUM_INO);
2233 	error = xfs_inobt_lookup(cur, agino, XFS_LOOKUP_LE, &i);
2234 	if (!error) {
2235 		if (i)
2236 			error = xfs_inobt_get_rec(cur, &rec, &i);
2237 		if (!error && i == 0)
2238 			error = -EINVAL;
2239 	}
2240 
2241 	xfs_trans_brelse(tp, agbp);
2242 	xfs_btree_del_cursor(cur, error);
2243 	if (error)
2244 		return error;
2245 
2246 	/* check that the returned record contains the required inode */
2247 	if (rec.ir_startino > agino ||
2248 	    rec.ir_startino + M_IGEO(mp)->ialloc_inos <= agino)
2249 		return -EINVAL;
2250 
2251 	/* for untrusted inodes check it is allocated first */
2252 	if ((flags & XFS_IGET_UNTRUSTED) &&
2253 	    (rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino)))
2254 		return -EINVAL;
2255 
2256 	*chunk_agbno = XFS_AGINO_TO_AGBNO(mp, rec.ir_startino);
2257 	*offset_agbno = agbno - *chunk_agbno;
2258 	return 0;
2259 }
2260 
2261 /*
2262  * Return the location of the inode in imap, for mapping it into a buffer.
2263  */
2264 int
2265 xfs_imap(
2266 	struct xfs_mount	 *mp,	/* file system mount structure */
2267 	struct xfs_trans	 *tp,	/* transaction pointer */
2268 	xfs_ino_t		ino,	/* inode to locate */
2269 	struct xfs_imap		*imap,	/* location map structure */
2270 	uint			flags)	/* flags for inode btree lookup */
2271 {
2272 	xfs_agblock_t		agbno;	/* block number of inode in the alloc group */
2273 	xfs_agino_t		agino;	/* inode number within alloc group */
2274 	xfs_agblock_t		chunk_agbno;	/* first block in inode chunk */
2275 	xfs_agblock_t		cluster_agbno;	/* first block in inode cluster */
2276 	int			error;	/* error code */
2277 	int			offset;	/* index of inode in its buffer */
2278 	xfs_agblock_t		offset_agbno;	/* blks from chunk start to inode */
2279 	struct xfs_perag	*pag;
2280 
2281 	ASSERT(ino != NULLFSINO);
2282 
2283 	/*
2284 	 * Split up the inode number into its parts.
2285 	 */
2286 	pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, ino));
2287 	agino = XFS_INO_TO_AGINO(mp, ino);
2288 	agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2289 	if (!pag || agbno >= mp->m_sb.sb_agblocks ||
2290 	    ino != XFS_AGINO_TO_INO(mp, pag->pag_agno, agino)) {
2291 		error = -EINVAL;
2292 #ifdef DEBUG
2293 		/*
2294 		 * Don't output diagnostic information for untrusted inodes
2295 		 * as they can be invalid without implying corruption.
2296 		 */
2297 		if (flags & XFS_IGET_UNTRUSTED)
2298 			goto out_drop;
2299 		if (!pag) {
2300 			xfs_alert(mp,
2301 				"%s: agno (%d) >= mp->m_sb.sb_agcount (%d)",
2302 				__func__, XFS_INO_TO_AGNO(mp, ino),
2303 				mp->m_sb.sb_agcount);
2304 		}
2305 		if (agbno >= mp->m_sb.sb_agblocks) {
2306 			xfs_alert(mp,
2307 		"%s: agbno (0x%llx) >= mp->m_sb.sb_agblocks (0x%lx)",
2308 				__func__, (unsigned long long)agbno,
2309 				(unsigned long)mp->m_sb.sb_agblocks);
2310 		}
2311 		if (pag && ino != XFS_AGINO_TO_INO(mp, pag->pag_agno, agino)) {
2312 			xfs_alert(mp,
2313 		"%s: ino (0x%llx) != XFS_AGINO_TO_INO() (0x%llx)",
2314 				__func__, ino,
2315 				XFS_AGINO_TO_INO(mp, pag->pag_agno, agino));
2316 		}
2317 		xfs_stack_trace();
2318 #endif /* DEBUG */
2319 		goto out_drop;
2320 	}
2321 
2322 	/*
2323 	 * For bulkstat and handle lookups, we have an untrusted inode number
2324 	 * that we have to verify is valid. We cannot do this just by reading
2325 	 * the inode buffer as it may have been unlinked and removed leaving
2326 	 * inodes in stale state on disk. Hence we have to do a btree lookup
2327 	 * in all cases where an untrusted inode number is passed.
2328 	 */
2329 	if (flags & XFS_IGET_UNTRUSTED) {
2330 		error = xfs_imap_lookup(mp, tp, pag, agino, agbno,
2331 					&chunk_agbno, &offset_agbno, flags);
2332 		if (error)
2333 			goto out_drop;
2334 		goto out_map;
2335 	}
2336 
2337 	/*
2338 	 * If the inode cluster size is the same as the blocksize or
2339 	 * smaller we get to the buffer by simple arithmetics.
2340 	 */
2341 	if (M_IGEO(mp)->blocks_per_cluster == 1) {
2342 		offset = XFS_INO_TO_OFFSET(mp, ino);
2343 		ASSERT(offset < mp->m_sb.sb_inopblock);
2344 
2345 		imap->im_blkno = XFS_AGB_TO_DADDR(mp, pag->pag_agno, agbno);
2346 		imap->im_len = XFS_FSB_TO_BB(mp, 1);
2347 		imap->im_boffset = (unsigned short)(offset <<
2348 							mp->m_sb.sb_inodelog);
2349 		error = 0;
2350 		goto out_drop;
2351 	}
2352 
2353 	/*
2354 	 * If the inode chunks are aligned then use simple maths to
2355 	 * find the location. Otherwise we have to do a btree
2356 	 * lookup to find the location.
2357 	 */
2358 	if (M_IGEO(mp)->inoalign_mask) {
2359 		offset_agbno = agbno & M_IGEO(mp)->inoalign_mask;
2360 		chunk_agbno = agbno - offset_agbno;
2361 	} else {
2362 		error = xfs_imap_lookup(mp, tp, pag, agino, agbno,
2363 					&chunk_agbno, &offset_agbno, flags);
2364 		if (error)
2365 			goto out_drop;
2366 	}
2367 
2368 out_map:
2369 	ASSERT(agbno >= chunk_agbno);
2370 	cluster_agbno = chunk_agbno +
2371 		((offset_agbno / M_IGEO(mp)->blocks_per_cluster) *
2372 		 M_IGEO(mp)->blocks_per_cluster);
2373 	offset = ((agbno - cluster_agbno) * mp->m_sb.sb_inopblock) +
2374 		XFS_INO_TO_OFFSET(mp, ino);
2375 
2376 	imap->im_blkno = XFS_AGB_TO_DADDR(mp, pag->pag_agno, cluster_agbno);
2377 	imap->im_len = XFS_FSB_TO_BB(mp, M_IGEO(mp)->blocks_per_cluster);
2378 	imap->im_boffset = (unsigned short)(offset << mp->m_sb.sb_inodelog);
2379 
2380 	/*
2381 	 * If the inode number maps to a block outside the bounds
2382 	 * of the file system then return NULL rather than calling
2383 	 * read_buf and panicing when we get an error from the
2384 	 * driver.
2385 	 */
2386 	if ((imap->im_blkno + imap->im_len) >
2387 	    XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks)) {
2388 		xfs_alert(mp,
2389 	"%s: (im_blkno (0x%llx) + im_len (0x%llx)) > sb_dblocks (0x%llx)",
2390 			__func__, (unsigned long long) imap->im_blkno,
2391 			(unsigned long long) imap->im_len,
2392 			XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks));
2393 		error = -EINVAL;
2394 		goto out_drop;
2395 	}
2396 	error = 0;
2397 out_drop:
2398 	if (pag)
2399 		xfs_perag_put(pag);
2400 	return error;
2401 }
2402 
2403 /*
2404  * Log specified fields for the ag hdr (inode section). The growth of the agi
2405  * structure over time requires that we interpret the buffer as two logical
2406  * regions delineated by the end of the unlinked list. This is due to the size
2407  * of the hash table and its location in the middle of the agi.
2408  *
2409  * For example, a request to log a field before agi_unlinked and a field after
2410  * agi_unlinked could cause us to log the entire hash table and use an excessive
2411  * amount of log space. To avoid this behavior, log the region up through
2412  * agi_unlinked in one call and the region after agi_unlinked through the end of
2413  * the structure in another.
2414  */
2415 void
2416 xfs_ialloc_log_agi(
2417 	struct xfs_trans	*tp,
2418 	struct xfs_buf		*bp,
2419 	uint32_t		fields)
2420 {
2421 	int			first;		/* first byte number */
2422 	int			last;		/* last byte number */
2423 	static const short	offsets[] = {	/* field starting offsets */
2424 					/* keep in sync with bit definitions */
2425 		offsetof(xfs_agi_t, agi_magicnum),
2426 		offsetof(xfs_agi_t, agi_versionnum),
2427 		offsetof(xfs_agi_t, agi_seqno),
2428 		offsetof(xfs_agi_t, agi_length),
2429 		offsetof(xfs_agi_t, agi_count),
2430 		offsetof(xfs_agi_t, agi_root),
2431 		offsetof(xfs_agi_t, agi_level),
2432 		offsetof(xfs_agi_t, agi_freecount),
2433 		offsetof(xfs_agi_t, agi_newino),
2434 		offsetof(xfs_agi_t, agi_dirino),
2435 		offsetof(xfs_agi_t, agi_unlinked),
2436 		offsetof(xfs_agi_t, agi_free_root),
2437 		offsetof(xfs_agi_t, agi_free_level),
2438 		offsetof(xfs_agi_t, agi_iblocks),
2439 		sizeof(xfs_agi_t)
2440 	};
2441 #ifdef DEBUG
2442 	struct xfs_agi		*agi = bp->b_addr;
2443 
2444 	ASSERT(agi->agi_magicnum == cpu_to_be32(XFS_AGI_MAGIC));
2445 #endif
2446 
2447 	/*
2448 	 * Compute byte offsets for the first and last fields in the first
2449 	 * region and log the agi buffer. This only logs up through
2450 	 * agi_unlinked.
2451 	 */
2452 	if (fields & XFS_AGI_ALL_BITS_R1) {
2453 		xfs_btree_offsets(fields, offsets, XFS_AGI_NUM_BITS_R1,
2454 				  &first, &last);
2455 		xfs_trans_log_buf(tp, bp, first, last);
2456 	}
2457 
2458 	/*
2459 	 * Mask off the bits in the first region and calculate the first and
2460 	 * last field offsets for any bits in the second region.
2461 	 */
2462 	fields &= ~XFS_AGI_ALL_BITS_R1;
2463 	if (fields) {
2464 		xfs_btree_offsets(fields, offsets, XFS_AGI_NUM_BITS_R2,
2465 				  &first, &last);
2466 		xfs_trans_log_buf(tp, bp, first, last);
2467 	}
2468 }
2469 
2470 static xfs_failaddr_t
2471 xfs_agi_verify(
2472 	struct xfs_buf	*bp)
2473 {
2474 	struct xfs_mount *mp = bp->b_mount;
2475 	struct xfs_agi	*agi = bp->b_addr;
2476 	int		i;
2477 
2478 	if (xfs_has_crc(mp)) {
2479 		if (!uuid_equal(&agi->agi_uuid, &mp->m_sb.sb_meta_uuid))
2480 			return __this_address;
2481 		if (!xfs_log_check_lsn(mp, be64_to_cpu(agi->agi_lsn)))
2482 			return __this_address;
2483 	}
2484 
2485 	/*
2486 	 * Validate the magic number of the agi block.
2487 	 */
2488 	if (!xfs_verify_magic(bp, agi->agi_magicnum))
2489 		return __this_address;
2490 	if (!XFS_AGI_GOOD_VERSION(be32_to_cpu(agi->agi_versionnum)))
2491 		return __this_address;
2492 
2493 	if (be32_to_cpu(agi->agi_level) < 1 ||
2494 	    be32_to_cpu(agi->agi_level) > M_IGEO(mp)->inobt_maxlevels)
2495 		return __this_address;
2496 
2497 	if (xfs_has_finobt(mp) &&
2498 	    (be32_to_cpu(agi->agi_free_level) < 1 ||
2499 	     be32_to_cpu(agi->agi_free_level) > M_IGEO(mp)->inobt_maxlevels))
2500 		return __this_address;
2501 
2502 	/*
2503 	 * during growfs operations, the perag is not fully initialised,
2504 	 * so we can't use it for any useful checking. growfs ensures we can't
2505 	 * use it by using uncached buffers that don't have the perag attached
2506 	 * so we can detect and avoid this problem.
2507 	 */
2508 	if (bp->b_pag && be32_to_cpu(agi->agi_seqno) != bp->b_pag->pag_agno)
2509 		return __this_address;
2510 
2511 	for (i = 0; i < XFS_AGI_UNLINKED_BUCKETS; i++) {
2512 		if (agi->agi_unlinked[i] == cpu_to_be32(NULLAGINO))
2513 			continue;
2514 		if (!xfs_verify_ino(mp, be32_to_cpu(agi->agi_unlinked[i])))
2515 			return __this_address;
2516 	}
2517 
2518 	return NULL;
2519 }
2520 
2521 static void
2522 xfs_agi_read_verify(
2523 	struct xfs_buf	*bp)
2524 {
2525 	struct xfs_mount *mp = bp->b_mount;
2526 	xfs_failaddr_t	fa;
2527 
2528 	if (xfs_has_crc(mp) &&
2529 	    !xfs_buf_verify_cksum(bp, XFS_AGI_CRC_OFF))
2530 		xfs_verifier_error(bp, -EFSBADCRC, __this_address);
2531 	else {
2532 		fa = xfs_agi_verify(bp);
2533 		if (XFS_TEST_ERROR(fa, mp, XFS_ERRTAG_IALLOC_READ_AGI))
2534 			xfs_verifier_error(bp, -EFSCORRUPTED, fa);
2535 	}
2536 }
2537 
2538 static void
2539 xfs_agi_write_verify(
2540 	struct xfs_buf	*bp)
2541 {
2542 	struct xfs_mount	*mp = bp->b_mount;
2543 	struct xfs_buf_log_item	*bip = bp->b_log_item;
2544 	struct xfs_agi		*agi = bp->b_addr;
2545 	xfs_failaddr_t		fa;
2546 
2547 	fa = xfs_agi_verify(bp);
2548 	if (fa) {
2549 		xfs_verifier_error(bp, -EFSCORRUPTED, fa);
2550 		return;
2551 	}
2552 
2553 	if (!xfs_has_crc(mp))
2554 		return;
2555 
2556 	if (bip)
2557 		agi->agi_lsn = cpu_to_be64(bip->bli_item.li_lsn);
2558 	xfs_buf_update_cksum(bp, XFS_AGI_CRC_OFF);
2559 }
2560 
2561 const struct xfs_buf_ops xfs_agi_buf_ops = {
2562 	.name = "xfs_agi",
2563 	.magic = { cpu_to_be32(XFS_AGI_MAGIC), cpu_to_be32(XFS_AGI_MAGIC) },
2564 	.verify_read = xfs_agi_read_verify,
2565 	.verify_write = xfs_agi_write_verify,
2566 	.verify_struct = xfs_agi_verify,
2567 };
2568 
2569 /*
2570  * Read in the allocation group header (inode allocation section)
2571  */
2572 int
2573 xfs_read_agi(
2574 	struct xfs_perag	*pag,
2575 	struct xfs_trans	*tp,
2576 	struct xfs_buf		**agibpp)
2577 {
2578 	struct xfs_mount	*mp = pag->pag_mount;
2579 	int			error;
2580 
2581 	trace_xfs_read_agi(pag->pag_mount, pag->pag_agno);
2582 
2583 	error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp,
2584 			XFS_AG_DADDR(mp, pag->pag_agno, XFS_AGI_DADDR(mp)),
2585 			XFS_FSS_TO_BB(mp, 1), 0, agibpp, &xfs_agi_buf_ops);
2586 	if (error)
2587 		return error;
2588 	if (tp)
2589 		xfs_trans_buf_set_type(tp, *agibpp, XFS_BLFT_AGI_BUF);
2590 
2591 	xfs_buf_set_ref(*agibpp, XFS_AGI_REF);
2592 	return 0;
2593 }
2594 
2595 /*
2596  * Read in the agi and initialise the per-ag data. If the caller supplies a
2597  * @agibpp, return the locked AGI buffer to them, otherwise release it.
2598  */
2599 int
2600 xfs_ialloc_read_agi(
2601 	struct xfs_perag	*pag,
2602 	struct xfs_trans	*tp,
2603 	struct xfs_buf		**agibpp)
2604 {
2605 	struct xfs_buf		*agibp;
2606 	struct xfs_agi		*agi;
2607 	int			error;
2608 
2609 	trace_xfs_ialloc_read_agi(pag->pag_mount, pag->pag_agno);
2610 
2611 	error = xfs_read_agi(pag, tp, &agibp);
2612 	if (error)
2613 		return error;
2614 
2615 	agi = agibp->b_addr;
2616 	if (!pag->pagi_init) {
2617 		pag->pagi_freecount = be32_to_cpu(agi->agi_freecount);
2618 		pag->pagi_count = be32_to_cpu(agi->agi_count);
2619 		pag->pagi_init = 1;
2620 	}
2621 
2622 	/*
2623 	 * It's possible for these to be out of sync if
2624 	 * we are in the middle of a forced shutdown.
2625 	 */
2626 	ASSERT(pag->pagi_freecount == be32_to_cpu(agi->agi_freecount) ||
2627 		xfs_is_shutdown(pag->pag_mount));
2628 	if (agibpp)
2629 		*agibpp = agibp;
2630 	else
2631 		xfs_trans_brelse(tp, agibp);
2632 	return 0;
2633 }
2634 
2635 /* Is there an inode record covering a given range of inode numbers? */
2636 int
2637 xfs_ialloc_has_inode_record(
2638 	struct xfs_btree_cur	*cur,
2639 	xfs_agino_t		low,
2640 	xfs_agino_t		high,
2641 	bool			*exists)
2642 {
2643 	struct xfs_inobt_rec_incore	irec;
2644 	xfs_agino_t		agino;
2645 	uint16_t		holemask;
2646 	int			has_record;
2647 	int			i;
2648 	int			error;
2649 
2650 	*exists = false;
2651 	error = xfs_inobt_lookup(cur, low, XFS_LOOKUP_LE, &has_record);
2652 	while (error == 0 && has_record) {
2653 		error = xfs_inobt_get_rec(cur, &irec, &has_record);
2654 		if (error || irec.ir_startino > high)
2655 			break;
2656 
2657 		agino = irec.ir_startino;
2658 		holemask = irec.ir_holemask;
2659 		for (i = 0; i < XFS_INOBT_HOLEMASK_BITS; holemask >>= 1,
2660 				i++, agino += XFS_INODES_PER_HOLEMASK_BIT) {
2661 			if (holemask & 1)
2662 				continue;
2663 			if (agino + XFS_INODES_PER_HOLEMASK_BIT > low &&
2664 					agino <= high) {
2665 				*exists = true;
2666 				return 0;
2667 			}
2668 		}
2669 
2670 		error = xfs_btree_increment(cur, 0, &has_record);
2671 	}
2672 	return error;
2673 }
2674 
2675 /* Is there an inode record covering a given extent? */
2676 int
2677 xfs_ialloc_has_inodes_at_extent(
2678 	struct xfs_btree_cur	*cur,
2679 	xfs_agblock_t		bno,
2680 	xfs_extlen_t		len,
2681 	bool			*exists)
2682 {
2683 	xfs_agino_t		low;
2684 	xfs_agino_t		high;
2685 
2686 	low = XFS_AGB_TO_AGINO(cur->bc_mp, bno);
2687 	high = XFS_AGB_TO_AGINO(cur->bc_mp, bno + len) - 1;
2688 
2689 	return xfs_ialloc_has_inode_record(cur, low, high, exists);
2690 }
2691 
2692 struct xfs_ialloc_count_inodes {
2693 	xfs_agino_t			count;
2694 	xfs_agino_t			freecount;
2695 };
2696 
2697 /* Record inode counts across all inobt records. */
2698 STATIC int
2699 xfs_ialloc_count_inodes_rec(
2700 	struct xfs_btree_cur		*cur,
2701 	const union xfs_btree_rec	*rec,
2702 	void				*priv)
2703 {
2704 	struct xfs_inobt_rec_incore	irec;
2705 	struct xfs_ialloc_count_inodes	*ci = priv;
2706 
2707 	xfs_inobt_btrec_to_irec(cur->bc_mp, rec, &irec);
2708 	ci->count += irec.ir_count;
2709 	ci->freecount += irec.ir_freecount;
2710 
2711 	return 0;
2712 }
2713 
2714 /* Count allocated and free inodes under an inobt. */
2715 int
2716 xfs_ialloc_count_inodes(
2717 	struct xfs_btree_cur		*cur,
2718 	xfs_agino_t			*count,
2719 	xfs_agino_t			*freecount)
2720 {
2721 	struct xfs_ialloc_count_inodes	ci = {0};
2722 	int				error;
2723 
2724 	ASSERT(cur->bc_btnum == XFS_BTNUM_INO);
2725 	error = xfs_btree_query_all(cur, xfs_ialloc_count_inodes_rec, &ci);
2726 	if (error)
2727 		return error;
2728 
2729 	*count = ci.count;
2730 	*freecount = ci.freecount;
2731 	return 0;
2732 }
2733 
2734 /*
2735  * Initialize inode-related geometry information.
2736  *
2737  * Compute the inode btree min and max levels and set maxicount.
2738  *
2739  * Set the inode cluster size.  This may still be overridden by the file
2740  * system block size if it is larger than the chosen cluster size.
2741  *
2742  * For v5 filesystems, scale the cluster size with the inode size to keep a
2743  * constant ratio of inode per cluster buffer, but only if mkfs has set the
2744  * inode alignment value appropriately for larger cluster sizes.
2745  *
2746  * Then compute the inode cluster alignment information.
2747  */
2748 void
2749 xfs_ialloc_setup_geometry(
2750 	struct xfs_mount	*mp)
2751 {
2752 	struct xfs_sb		*sbp = &mp->m_sb;
2753 	struct xfs_ino_geometry	*igeo = M_IGEO(mp);
2754 	uint64_t		icount;
2755 	uint			inodes;
2756 
2757 	igeo->new_diflags2 = 0;
2758 	if (xfs_has_bigtime(mp))
2759 		igeo->new_diflags2 |= XFS_DIFLAG2_BIGTIME;
2760 	if (xfs_has_large_extent_counts(mp))
2761 		igeo->new_diflags2 |= XFS_DIFLAG2_NREXT64;
2762 
2763 	/* Compute inode btree geometry. */
2764 	igeo->agino_log = sbp->sb_inopblog + sbp->sb_agblklog;
2765 	igeo->inobt_mxr[0] = xfs_inobt_maxrecs(mp, sbp->sb_blocksize, 1);
2766 	igeo->inobt_mxr[1] = xfs_inobt_maxrecs(mp, sbp->sb_blocksize, 0);
2767 	igeo->inobt_mnr[0] = igeo->inobt_mxr[0] / 2;
2768 	igeo->inobt_mnr[1] = igeo->inobt_mxr[1] / 2;
2769 
2770 	igeo->ialloc_inos = max_t(uint16_t, XFS_INODES_PER_CHUNK,
2771 			sbp->sb_inopblock);
2772 	igeo->ialloc_blks = igeo->ialloc_inos >> sbp->sb_inopblog;
2773 
2774 	if (sbp->sb_spino_align)
2775 		igeo->ialloc_min_blks = sbp->sb_spino_align;
2776 	else
2777 		igeo->ialloc_min_blks = igeo->ialloc_blks;
2778 
2779 	/* Compute and fill in value of m_ino_geo.inobt_maxlevels. */
2780 	inodes = (1LL << XFS_INO_AGINO_BITS(mp)) >> XFS_INODES_PER_CHUNK_LOG;
2781 	igeo->inobt_maxlevels = xfs_btree_compute_maxlevels(igeo->inobt_mnr,
2782 			inodes);
2783 	ASSERT(igeo->inobt_maxlevels <= xfs_iallocbt_maxlevels_ondisk());
2784 
2785 	/*
2786 	 * Set the maximum inode count for this filesystem, being careful not
2787 	 * to use obviously garbage sb_inopblog/sb_inopblock values.  Regular
2788 	 * users should never get here due to failing sb verification, but
2789 	 * certain users (xfs_db) need to be usable even with corrupt metadata.
2790 	 */
2791 	if (sbp->sb_imax_pct && igeo->ialloc_blks) {
2792 		/*
2793 		 * Make sure the maximum inode count is a multiple
2794 		 * of the units we allocate inodes in.
2795 		 */
2796 		icount = sbp->sb_dblocks * sbp->sb_imax_pct;
2797 		do_div(icount, 100);
2798 		do_div(icount, igeo->ialloc_blks);
2799 		igeo->maxicount = XFS_FSB_TO_INO(mp,
2800 				icount * igeo->ialloc_blks);
2801 	} else {
2802 		igeo->maxicount = 0;
2803 	}
2804 
2805 	/*
2806 	 * Compute the desired size of an inode cluster buffer size, which
2807 	 * starts at 8K and (on v5 filesystems) scales up with larger inode
2808 	 * sizes.
2809 	 *
2810 	 * Preserve the desired inode cluster size because the sparse inodes
2811 	 * feature uses that desired size (not the actual size) to compute the
2812 	 * sparse inode alignment.  The mount code validates this value, so we
2813 	 * cannot change the behavior.
2814 	 */
2815 	igeo->inode_cluster_size_raw = XFS_INODE_BIG_CLUSTER_SIZE;
2816 	if (xfs_has_v3inodes(mp)) {
2817 		int	new_size = igeo->inode_cluster_size_raw;
2818 
2819 		new_size *= mp->m_sb.sb_inodesize / XFS_DINODE_MIN_SIZE;
2820 		if (mp->m_sb.sb_inoalignmt >= XFS_B_TO_FSBT(mp, new_size))
2821 			igeo->inode_cluster_size_raw = new_size;
2822 	}
2823 
2824 	/* Calculate inode cluster ratios. */
2825 	if (igeo->inode_cluster_size_raw > mp->m_sb.sb_blocksize)
2826 		igeo->blocks_per_cluster = XFS_B_TO_FSBT(mp,
2827 				igeo->inode_cluster_size_raw);
2828 	else
2829 		igeo->blocks_per_cluster = 1;
2830 	igeo->inode_cluster_size = XFS_FSB_TO_B(mp, igeo->blocks_per_cluster);
2831 	igeo->inodes_per_cluster = XFS_FSB_TO_INO(mp, igeo->blocks_per_cluster);
2832 
2833 	/* Calculate inode cluster alignment. */
2834 	if (xfs_has_align(mp) &&
2835 	    mp->m_sb.sb_inoalignmt >= igeo->blocks_per_cluster)
2836 		igeo->cluster_align = mp->m_sb.sb_inoalignmt;
2837 	else
2838 		igeo->cluster_align = 1;
2839 	igeo->inoalign_mask = igeo->cluster_align - 1;
2840 	igeo->cluster_align_inodes = XFS_FSB_TO_INO(mp, igeo->cluster_align);
2841 
2842 	/*
2843 	 * If we are using stripe alignment, check whether
2844 	 * the stripe unit is a multiple of the inode alignment
2845 	 */
2846 	if (mp->m_dalign && igeo->inoalign_mask &&
2847 	    !(mp->m_dalign & igeo->inoalign_mask))
2848 		igeo->ialloc_align = mp->m_dalign;
2849 	else
2850 		igeo->ialloc_align = 0;
2851 }
2852 
2853 /* Compute the location of the root directory inode that is laid out by mkfs. */
2854 xfs_ino_t
2855 xfs_ialloc_calc_rootino(
2856 	struct xfs_mount	*mp,
2857 	int			sunit)
2858 {
2859 	struct xfs_ino_geometry	*igeo = M_IGEO(mp);
2860 	xfs_agblock_t		first_bno;
2861 
2862 	/*
2863 	 * Pre-calculate the geometry of AG 0.  We know what it looks like
2864 	 * because libxfs knows how to create allocation groups now.
2865 	 *
2866 	 * first_bno is the first block in which mkfs could possibly have
2867 	 * allocated the root directory inode, once we factor in the metadata
2868 	 * that mkfs formats before it.  Namely, the four AG headers...
2869 	 */
2870 	first_bno = howmany(4 * mp->m_sb.sb_sectsize, mp->m_sb.sb_blocksize);
2871 
2872 	/* ...the two free space btree roots... */
2873 	first_bno += 2;
2874 
2875 	/* ...the inode btree root... */
2876 	first_bno += 1;
2877 
2878 	/* ...the initial AGFL... */
2879 	first_bno += xfs_alloc_min_freelist(mp, NULL);
2880 
2881 	/* ...the free inode btree root... */
2882 	if (xfs_has_finobt(mp))
2883 		first_bno++;
2884 
2885 	/* ...the reverse mapping btree root... */
2886 	if (xfs_has_rmapbt(mp))
2887 		first_bno++;
2888 
2889 	/* ...the reference count btree... */
2890 	if (xfs_has_reflink(mp))
2891 		first_bno++;
2892 
2893 	/*
2894 	 * ...and the log, if it is allocated in the first allocation group.
2895 	 *
2896 	 * This can happen with filesystems that only have a single
2897 	 * allocation group, or very odd geometries created by old mkfs
2898 	 * versions on very small filesystems.
2899 	 */
2900 	if (xfs_ag_contains_log(mp, 0))
2901 		 first_bno += mp->m_sb.sb_logblocks;
2902 
2903 	/*
2904 	 * Now round first_bno up to whatever allocation alignment is given
2905 	 * by the filesystem or was passed in.
2906 	 */
2907 	if (xfs_has_dalign(mp) && igeo->ialloc_align > 0)
2908 		first_bno = roundup(first_bno, sunit);
2909 	else if (xfs_has_align(mp) &&
2910 			mp->m_sb.sb_inoalignmt > 1)
2911 		first_bno = roundup(first_bno, mp->m_sb.sb_inoalignmt);
2912 
2913 	return XFS_AGINO_TO_INO(mp, 0, XFS_AGB_TO_AGINO(mp, first_bno));
2914 }
2915 
2916 /*
2917  * Ensure there are not sparse inode clusters that cross the new EOAG.
2918  *
2919  * This is a no-op for non-spinode filesystems since clusters are always fully
2920  * allocated and checking the bnobt suffices.  However, a spinode filesystem
2921  * could have a record where the upper inodes are free blocks.  If those blocks
2922  * were removed from the filesystem, the inode record would extend beyond EOAG,
2923  * which will be flagged as corruption.
2924  */
2925 int
2926 xfs_ialloc_check_shrink(
2927 	struct xfs_trans	*tp,
2928 	xfs_agnumber_t		agno,
2929 	struct xfs_buf		*agibp,
2930 	xfs_agblock_t		new_length)
2931 {
2932 	struct xfs_inobt_rec_incore rec;
2933 	struct xfs_btree_cur	*cur;
2934 	struct xfs_mount	*mp = tp->t_mountp;
2935 	struct xfs_perag	*pag;
2936 	xfs_agino_t		agino = XFS_AGB_TO_AGINO(mp, new_length);
2937 	int			has;
2938 	int			error;
2939 
2940 	if (!xfs_has_sparseinodes(mp))
2941 		return 0;
2942 
2943 	pag = xfs_perag_get(mp, agno);
2944 	cur = xfs_inobt_init_cursor(mp, tp, agibp, pag, XFS_BTNUM_INO);
2945 
2946 	/* Look up the inobt record that would correspond to the new EOFS. */
2947 	error = xfs_inobt_lookup(cur, agino, XFS_LOOKUP_LE, &has);
2948 	if (error || !has)
2949 		goto out;
2950 
2951 	error = xfs_inobt_get_rec(cur, &rec, &has);
2952 	if (error)
2953 		goto out;
2954 
2955 	if (!has) {
2956 		error = -EFSCORRUPTED;
2957 		goto out;
2958 	}
2959 
2960 	/* If the record covers inodes that would be beyond EOFS, bail out. */
2961 	if (rec.ir_startino + XFS_INODES_PER_CHUNK > agino) {
2962 		error = -ENOSPC;
2963 		goto out;
2964 	}
2965 out:
2966 	xfs_btree_del_cursor(cur, error);
2967 	xfs_perag_put(pag);
2968 	return error;
2969 }
2970