1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include <linux/backing-dev.h> 8 9 #include "xfs_shared.h" 10 #include "xfs_format.h" 11 #include "xfs_log_format.h" 12 #include "xfs_trans_resv.h" 13 #include "xfs_mount.h" 14 #include "xfs_trace.h" 15 #include "xfs_log.h" 16 #include "xfs_log_recover.h" 17 #include "xfs_trans.h" 18 #include "xfs_buf_item.h" 19 #include "xfs_errortag.h" 20 #include "xfs_error.h" 21 #include "xfs_ag.h" 22 23 static kmem_zone_t *xfs_buf_zone; 24 25 /* 26 * Locking orders 27 * 28 * xfs_buf_ioacct_inc: 29 * xfs_buf_ioacct_dec: 30 * b_sema (caller holds) 31 * b_lock 32 * 33 * xfs_buf_stale: 34 * b_sema (caller holds) 35 * b_lock 36 * lru_lock 37 * 38 * xfs_buf_rele: 39 * b_lock 40 * pag_buf_lock 41 * lru_lock 42 * 43 * xfs_buftarg_drain_rele 44 * lru_lock 45 * b_lock (trylock due to inversion) 46 * 47 * xfs_buftarg_isolate 48 * lru_lock 49 * b_lock (trylock due to inversion) 50 */ 51 52 static int __xfs_buf_submit(struct xfs_buf *bp, bool wait); 53 54 static inline int 55 xfs_buf_submit( 56 struct xfs_buf *bp) 57 { 58 return __xfs_buf_submit(bp, !(bp->b_flags & XBF_ASYNC)); 59 } 60 61 static inline int 62 xfs_buf_is_vmapped( 63 struct xfs_buf *bp) 64 { 65 /* 66 * Return true if the buffer is vmapped. 67 * 68 * b_addr is null if the buffer is not mapped, but the code is clever 69 * enough to know it doesn't have to map a single page, so the check has 70 * to be both for b_addr and bp->b_page_count > 1. 71 */ 72 return bp->b_addr && bp->b_page_count > 1; 73 } 74 75 static inline int 76 xfs_buf_vmap_len( 77 struct xfs_buf *bp) 78 { 79 return (bp->b_page_count * PAGE_SIZE); 80 } 81 82 /* 83 * Bump the I/O in flight count on the buftarg if we haven't yet done so for 84 * this buffer. The count is incremented once per buffer (per hold cycle) 85 * because the corresponding decrement is deferred to buffer release. Buffers 86 * can undergo I/O multiple times in a hold-release cycle and per buffer I/O 87 * tracking adds unnecessary overhead. This is used for sychronization purposes 88 * with unmount (see xfs_buftarg_drain()), so all we really need is a count of 89 * in-flight buffers. 90 * 91 * Buffers that are never released (e.g., superblock, iclog buffers) must set 92 * the XBF_NO_IOACCT flag before I/O submission. Otherwise, the buftarg count 93 * never reaches zero and unmount hangs indefinitely. 94 */ 95 static inline void 96 xfs_buf_ioacct_inc( 97 struct xfs_buf *bp) 98 { 99 if (bp->b_flags & XBF_NO_IOACCT) 100 return; 101 102 ASSERT(bp->b_flags & XBF_ASYNC); 103 spin_lock(&bp->b_lock); 104 if (!(bp->b_state & XFS_BSTATE_IN_FLIGHT)) { 105 bp->b_state |= XFS_BSTATE_IN_FLIGHT; 106 percpu_counter_inc(&bp->b_target->bt_io_count); 107 } 108 spin_unlock(&bp->b_lock); 109 } 110 111 /* 112 * Clear the in-flight state on a buffer about to be released to the LRU or 113 * freed and unaccount from the buftarg. 114 */ 115 static inline void 116 __xfs_buf_ioacct_dec( 117 struct xfs_buf *bp) 118 { 119 lockdep_assert_held(&bp->b_lock); 120 121 if (bp->b_state & XFS_BSTATE_IN_FLIGHT) { 122 bp->b_state &= ~XFS_BSTATE_IN_FLIGHT; 123 percpu_counter_dec(&bp->b_target->bt_io_count); 124 } 125 } 126 127 static inline void 128 xfs_buf_ioacct_dec( 129 struct xfs_buf *bp) 130 { 131 spin_lock(&bp->b_lock); 132 __xfs_buf_ioacct_dec(bp); 133 spin_unlock(&bp->b_lock); 134 } 135 136 /* 137 * When we mark a buffer stale, we remove the buffer from the LRU and clear the 138 * b_lru_ref count so that the buffer is freed immediately when the buffer 139 * reference count falls to zero. If the buffer is already on the LRU, we need 140 * to remove the reference that LRU holds on the buffer. 141 * 142 * This prevents build-up of stale buffers on the LRU. 143 */ 144 void 145 xfs_buf_stale( 146 struct xfs_buf *bp) 147 { 148 ASSERT(xfs_buf_islocked(bp)); 149 150 bp->b_flags |= XBF_STALE; 151 152 /* 153 * Clear the delwri status so that a delwri queue walker will not 154 * flush this buffer to disk now that it is stale. The delwri queue has 155 * a reference to the buffer, so this is safe to do. 156 */ 157 bp->b_flags &= ~_XBF_DELWRI_Q; 158 159 /* 160 * Once the buffer is marked stale and unlocked, a subsequent lookup 161 * could reset b_flags. There is no guarantee that the buffer is 162 * unaccounted (released to LRU) before that occurs. Drop in-flight 163 * status now to preserve accounting consistency. 164 */ 165 spin_lock(&bp->b_lock); 166 __xfs_buf_ioacct_dec(bp); 167 168 atomic_set(&bp->b_lru_ref, 0); 169 if (!(bp->b_state & XFS_BSTATE_DISPOSE) && 170 (list_lru_del(&bp->b_target->bt_lru, &bp->b_lru))) 171 atomic_dec(&bp->b_hold); 172 173 ASSERT(atomic_read(&bp->b_hold) >= 1); 174 spin_unlock(&bp->b_lock); 175 } 176 177 static int 178 xfs_buf_get_maps( 179 struct xfs_buf *bp, 180 int map_count) 181 { 182 ASSERT(bp->b_maps == NULL); 183 bp->b_map_count = map_count; 184 185 if (map_count == 1) { 186 bp->b_maps = &bp->__b_map; 187 return 0; 188 } 189 190 bp->b_maps = kmem_zalloc(map_count * sizeof(struct xfs_buf_map), 191 KM_NOFS); 192 if (!bp->b_maps) 193 return -ENOMEM; 194 return 0; 195 } 196 197 /* 198 * Frees b_pages if it was allocated. 199 */ 200 static void 201 xfs_buf_free_maps( 202 struct xfs_buf *bp) 203 { 204 if (bp->b_maps != &bp->__b_map) { 205 kmem_free(bp->b_maps); 206 bp->b_maps = NULL; 207 } 208 } 209 210 static int 211 _xfs_buf_alloc( 212 struct xfs_buftarg *target, 213 struct xfs_buf_map *map, 214 int nmaps, 215 xfs_buf_flags_t flags, 216 struct xfs_buf **bpp) 217 { 218 struct xfs_buf *bp; 219 int error; 220 int i; 221 222 *bpp = NULL; 223 bp = kmem_cache_zalloc(xfs_buf_zone, GFP_NOFS | __GFP_NOFAIL); 224 225 /* 226 * We don't want certain flags to appear in b_flags unless they are 227 * specifically set by later operations on the buffer. 228 */ 229 flags &= ~(XBF_UNMAPPED | XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD); 230 231 atomic_set(&bp->b_hold, 1); 232 atomic_set(&bp->b_lru_ref, 1); 233 init_completion(&bp->b_iowait); 234 INIT_LIST_HEAD(&bp->b_lru); 235 INIT_LIST_HEAD(&bp->b_list); 236 INIT_LIST_HEAD(&bp->b_li_list); 237 sema_init(&bp->b_sema, 0); /* held, no waiters */ 238 spin_lock_init(&bp->b_lock); 239 bp->b_target = target; 240 bp->b_mount = target->bt_mount; 241 bp->b_flags = flags; 242 243 /* 244 * Set length and io_length to the same value initially. 245 * I/O routines should use io_length, which will be the same in 246 * most cases but may be reset (e.g. XFS recovery). 247 */ 248 error = xfs_buf_get_maps(bp, nmaps); 249 if (error) { 250 kmem_cache_free(xfs_buf_zone, bp); 251 return error; 252 } 253 254 bp->b_rhash_key = map[0].bm_bn; 255 bp->b_length = 0; 256 for (i = 0; i < nmaps; i++) { 257 bp->b_maps[i].bm_bn = map[i].bm_bn; 258 bp->b_maps[i].bm_len = map[i].bm_len; 259 bp->b_length += map[i].bm_len; 260 } 261 262 atomic_set(&bp->b_pin_count, 0); 263 init_waitqueue_head(&bp->b_waiters); 264 265 XFS_STATS_INC(bp->b_mount, xb_create); 266 trace_xfs_buf_init(bp, _RET_IP_); 267 268 *bpp = bp; 269 return 0; 270 } 271 272 static void 273 xfs_buf_free_pages( 274 struct xfs_buf *bp) 275 { 276 uint i; 277 278 ASSERT(bp->b_flags & _XBF_PAGES); 279 280 if (xfs_buf_is_vmapped(bp)) 281 vm_unmap_ram(bp->b_addr, bp->b_page_count); 282 283 for (i = 0; i < bp->b_page_count; i++) { 284 if (bp->b_pages[i]) 285 __free_page(bp->b_pages[i]); 286 } 287 if (current->reclaim_state) 288 current->reclaim_state->reclaimed_slab += bp->b_page_count; 289 290 if (bp->b_pages != bp->b_page_array) 291 kmem_free(bp->b_pages); 292 bp->b_pages = NULL; 293 bp->b_flags &= ~_XBF_PAGES; 294 } 295 296 static void 297 xfs_buf_free( 298 struct xfs_buf *bp) 299 { 300 trace_xfs_buf_free(bp, _RET_IP_); 301 302 ASSERT(list_empty(&bp->b_lru)); 303 304 if (bp->b_flags & _XBF_PAGES) 305 xfs_buf_free_pages(bp); 306 else if (bp->b_flags & _XBF_KMEM) 307 kmem_free(bp->b_addr); 308 309 xfs_buf_free_maps(bp); 310 kmem_cache_free(xfs_buf_zone, bp); 311 } 312 313 static int 314 xfs_buf_alloc_kmem( 315 struct xfs_buf *bp, 316 xfs_buf_flags_t flags) 317 { 318 xfs_km_flags_t kmflag_mask = KM_NOFS; 319 size_t size = BBTOB(bp->b_length); 320 321 /* Assure zeroed buffer for non-read cases. */ 322 if (!(flags & XBF_READ)) 323 kmflag_mask |= KM_ZERO; 324 325 bp->b_addr = kmem_alloc(size, kmflag_mask); 326 if (!bp->b_addr) 327 return -ENOMEM; 328 329 if (((unsigned long)(bp->b_addr + size - 1) & PAGE_MASK) != 330 ((unsigned long)bp->b_addr & PAGE_MASK)) { 331 /* b_addr spans two pages - use alloc_page instead */ 332 kmem_free(bp->b_addr); 333 bp->b_addr = NULL; 334 return -ENOMEM; 335 } 336 bp->b_offset = offset_in_page(bp->b_addr); 337 bp->b_pages = bp->b_page_array; 338 bp->b_pages[0] = kmem_to_page(bp->b_addr); 339 bp->b_page_count = 1; 340 bp->b_flags |= _XBF_KMEM; 341 return 0; 342 } 343 344 static int 345 xfs_buf_alloc_pages( 346 struct xfs_buf *bp, 347 xfs_buf_flags_t flags) 348 { 349 gfp_t gfp_mask = __GFP_NOWARN; 350 long filled = 0; 351 352 if (flags & XBF_READ_AHEAD) 353 gfp_mask |= __GFP_NORETRY; 354 else 355 gfp_mask |= GFP_NOFS; 356 357 /* Make sure that we have a page list */ 358 bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); 359 if (bp->b_page_count <= XB_PAGES) { 360 bp->b_pages = bp->b_page_array; 361 } else { 362 bp->b_pages = kzalloc(sizeof(struct page *) * bp->b_page_count, 363 gfp_mask); 364 if (!bp->b_pages) 365 return -ENOMEM; 366 } 367 bp->b_flags |= _XBF_PAGES; 368 369 /* Assure zeroed buffer for non-read cases. */ 370 if (!(flags & XBF_READ)) 371 gfp_mask |= __GFP_ZERO; 372 373 /* 374 * Bulk filling of pages can take multiple calls. Not filling the entire 375 * array is not an allocation failure, so don't back off if we get at 376 * least one extra page. 377 */ 378 for (;;) { 379 long last = filled; 380 381 filled = alloc_pages_bulk_array(gfp_mask, bp->b_page_count, 382 bp->b_pages); 383 if (filled == bp->b_page_count) { 384 XFS_STATS_INC(bp->b_mount, xb_page_found); 385 break; 386 } 387 388 if (filled != last) 389 continue; 390 391 if (flags & XBF_READ_AHEAD) { 392 xfs_buf_free_pages(bp); 393 return -ENOMEM; 394 } 395 396 XFS_STATS_INC(bp->b_mount, xb_page_retries); 397 congestion_wait(BLK_RW_ASYNC, HZ / 50); 398 } 399 return 0; 400 } 401 402 /* 403 * Map buffer into kernel address-space if necessary. 404 */ 405 STATIC int 406 _xfs_buf_map_pages( 407 struct xfs_buf *bp, 408 uint flags) 409 { 410 ASSERT(bp->b_flags & _XBF_PAGES); 411 if (bp->b_page_count == 1) { 412 /* A single page buffer is always mappable */ 413 bp->b_addr = page_address(bp->b_pages[0]); 414 } else if (flags & XBF_UNMAPPED) { 415 bp->b_addr = NULL; 416 } else { 417 int retried = 0; 418 unsigned nofs_flag; 419 420 /* 421 * vm_map_ram() will allocate auxiliary structures (e.g. 422 * pagetables) with GFP_KERNEL, yet we are likely to be under 423 * GFP_NOFS context here. Hence we need to tell memory reclaim 424 * that we are in such a context via PF_MEMALLOC_NOFS to prevent 425 * memory reclaim re-entering the filesystem here and 426 * potentially deadlocking. 427 */ 428 nofs_flag = memalloc_nofs_save(); 429 do { 430 bp->b_addr = vm_map_ram(bp->b_pages, bp->b_page_count, 431 -1); 432 if (bp->b_addr) 433 break; 434 vm_unmap_aliases(); 435 } while (retried++ <= 1); 436 memalloc_nofs_restore(nofs_flag); 437 438 if (!bp->b_addr) 439 return -ENOMEM; 440 } 441 442 return 0; 443 } 444 445 /* 446 * Finding and Reading Buffers 447 */ 448 static int 449 _xfs_buf_obj_cmp( 450 struct rhashtable_compare_arg *arg, 451 const void *obj) 452 { 453 const struct xfs_buf_map *map = arg->key; 454 const struct xfs_buf *bp = obj; 455 456 /* 457 * The key hashing in the lookup path depends on the key being the 458 * first element of the compare_arg, make sure to assert this. 459 */ 460 BUILD_BUG_ON(offsetof(struct xfs_buf_map, bm_bn) != 0); 461 462 if (bp->b_rhash_key != map->bm_bn) 463 return 1; 464 465 if (unlikely(bp->b_length != map->bm_len)) { 466 /* 467 * found a block number match. If the range doesn't 468 * match, the only way this is allowed is if the buffer 469 * in the cache is stale and the transaction that made 470 * it stale has not yet committed. i.e. we are 471 * reallocating a busy extent. Skip this buffer and 472 * continue searching for an exact match. 473 */ 474 ASSERT(bp->b_flags & XBF_STALE); 475 return 1; 476 } 477 return 0; 478 } 479 480 static const struct rhashtable_params xfs_buf_hash_params = { 481 .min_size = 32, /* empty AGs have minimal footprint */ 482 .nelem_hint = 16, 483 .key_len = sizeof(xfs_daddr_t), 484 .key_offset = offsetof(struct xfs_buf, b_rhash_key), 485 .head_offset = offsetof(struct xfs_buf, b_rhash_head), 486 .automatic_shrinking = true, 487 .obj_cmpfn = _xfs_buf_obj_cmp, 488 }; 489 490 int 491 xfs_buf_hash_init( 492 struct xfs_perag *pag) 493 { 494 spin_lock_init(&pag->pag_buf_lock); 495 return rhashtable_init(&pag->pag_buf_hash, &xfs_buf_hash_params); 496 } 497 498 void 499 xfs_buf_hash_destroy( 500 struct xfs_perag *pag) 501 { 502 rhashtable_destroy(&pag->pag_buf_hash); 503 } 504 505 /* 506 * Look up a buffer in the buffer cache and return it referenced and locked 507 * in @found_bp. 508 * 509 * If @new_bp is supplied and we have a lookup miss, insert @new_bp into the 510 * cache. 511 * 512 * If XBF_TRYLOCK is set in @flags, only try to lock the buffer and return 513 * -EAGAIN if we fail to lock it. 514 * 515 * Return values are: 516 * -EFSCORRUPTED if have been supplied with an invalid address 517 * -EAGAIN on trylock failure 518 * -ENOENT if we fail to find a match and @new_bp was NULL 519 * 0, with @found_bp: 520 * - @new_bp if we inserted it into the cache 521 * - the buffer we found and locked. 522 */ 523 static int 524 xfs_buf_find( 525 struct xfs_buftarg *btp, 526 struct xfs_buf_map *map, 527 int nmaps, 528 xfs_buf_flags_t flags, 529 struct xfs_buf *new_bp, 530 struct xfs_buf **found_bp) 531 { 532 struct xfs_perag *pag; 533 struct xfs_buf *bp; 534 struct xfs_buf_map cmap = { .bm_bn = map[0].bm_bn }; 535 xfs_daddr_t eofs; 536 int i; 537 538 *found_bp = NULL; 539 540 for (i = 0; i < nmaps; i++) 541 cmap.bm_len += map[i].bm_len; 542 543 /* Check for IOs smaller than the sector size / not sector aligned */ 544 ASSERT(!(BBTOB(cmap.bm_len) < btp->bt_meta_sectorsize)); 545 ASSERT(!(BBTOB(cmap.bm_bn) & (xfs_off_t)btp->bt_meta_sectormask)); 546 547 /* 548 * Corrupted block numbers can get through to here, unfortunately, so we 549 * have to check that the buffer falls within the filesystem bounds. 550 */ 551 eofs = XFS_FSB_TO_BB(btp->bt_mount, btp->bt_mount->m_sb.sb_dblocks); 552 if (cmap.bm_bn < 0 || cmap.bm_bn >= eofs) { 553 xfs_alert(btp->bt_mount, 554 "%s: daddr 0x%llx out of range, EOFS 0x%llx", 555 __func__, cmap.bm_bn, eofs); 556 WARN_ON(1); 557 return -EFSCORRUPTED; 558 } 559 560 pag = xfs_perag_get(btp->bt_mount, 561 xfs_daddr_to_agno(btp->bt_mount, cmap.bm_bn)); 562 563 spin_lock(&pag->pag_buf_lock); 564 bp = rhashtable_lookup_fast(&pag->pag_buf_hash, &cmap, 565 xfs_buf_hash_params); 566 if (bp) { 567 atomic_inc(&bp->b_hold); 568 goto found; 569 } 570 571 /* No match found */ 572 if (!new_bp) { 573 XFS_STATS_INC(btp->bt_mount, xb_miss_locked); 574 spin_unlock(&pag->pag_buf_lock); 575 xfs_perag_put(pag); 576 return -ENOENT; 577 } 578 579 /* the buffer keeps the perag reference until it is freed */ 580 new_bp->b_pag = pag; 581 rhashtable_insert_fast(&pag->pag_buf_hash, &new_bp->b_rhash_head, 582 xfs_buf_hash_params); 583 spin_unlock(&pag->pag_buf_lock); 584 *found_bp = new_bp; 585 return 0; 586 587 found: 588 spin_unlock(&pag->pag_buf_lock); 589 xfs_perag_put(pag); 590 591 if (!xfs_buf_trylock(bp)) { 592 if (flags & XBF_TRYLOCK) { 593 xfs_buf_rele(bp); 594 XFS_STATS_INC(btp->bt_mount, xb_busy_locked); 595 return -EAGAIN; 596 } 597 xfs_buf_lock(bp); 598 XFS_STATS_INC(btp->bt_mount, xb_get_locked_waited); 599 } 600 601 /* 602 * if the buffer is stale, clear all the external state associated with 603 * it. We need to keep flags such as how we allocated the buffer memory 604 * intact here. 605 */ 606 if (bp->b_flags & XBF_STALE) { 607 ASSERT((bp->b_flags & _XBF_DELWRI_Q) == 0); 608 bp->b_flags &= _XBF_KMEM | _XBF_PAGES; 609 bp->b_ops = NULL; 610 } 611 612 trace_xfs_buf_find(bp, flags, _RET_IP_); 613 XFS_STATS_INC(btp->bt_mount, xb_get_locked); 614 *found_bp = bp; 615 return 0; 616 } 617 618 struct xfs_buf * 619 xfs_buf_incore( 620 struct xfs_buftarg *target, 621 xfs_daddr_t blkno, 622 size_t numblks, 623 xfs_buf_flags_t flags) 624 { 625 struct xfs_buf *bp; 626 int error; 627 DEFINE_SINGLE_BUF_MAP(map, blkno, numblks); 628 629 error = xfs_buf_find(target, &map, 1, flags, NULL, &bp); 630 if (error) 631 return NULL; 632 return bp; 633 } 634 635 /* 636 * Assembles a buffer covering the specified range. The code is optimised for 637 * cache hits, as metadata intensive workloads will see 3 orders of magnitude 638 * more hits than misses. 639 */ 640 int 641 xfs_buf_get_map( 642 struct xfs_buftarg *target, 643 struct xfs_buf_map *map, 644 int nmaps, 645 xfs_buf_flags_t flags, 646 struct xfs_buf **bpp) 647 { 648 struct xfs_buf *bp; 649 struct xfs_buf *new_bp; 650 int error; 651 652 *bpp = NULL; 653 error = xfs_buf_find(target, map, nmaps, flags, NULL, &bp); 654 if (!error) 655 goto found; 656 if (error != -ENOENT) 657 return error; 658 659 error = _xfs_buf_alloc(target, map, nmaps, flags, &new_bp); 660 if (error) 661 return error; 662 663 /* 664 * For buffers that fit entirely within a single page, first attempt to 665 * allocate the memory from the heap to minimise memory usage. If we 666 * can't get heap memory for these small buffers, we fall back to using 667 * the page allocator. 668 */ 669 if (BBTOB(new_bp->b_length) >= PAGE_SIZE || 670 xfs_buf_alloc_kmem(new_bp, flags) < 0) { 671 error = xfs_buf_alloc_pages(new_bp, flags); 672 if (error) 673 goto out_free_buf; 674 } 675 676 error = xfs_buf_find(target, map, nmaps, flags, new_bp, &bp); 677 if (error) 678 goto out_free_buf; 679 680 if (bp != new_bp) 681 xfs_buf_free(new_bp); 682 683 found: 684 if (!bp->b_addr) { 685 error = _xfs_buf_map_pages(bp, flags); 686 if (unlikely(error)) { 687 xfs_warn_ratelimited(target->bt_mount, 688 "%s: failed to map %u pages", __func__, 689 bp->b_page_count); 690 xfs_buf_relse(bp); 691 return error; 692 } 693 } 694 695 /* 696 * Clear b_error if this is a lookup from a caller that doesn't expect 697 * valid data to be found in the buffer. 698 */ 699 if (!(flags & XBF_READ)) 700 xfs_buf_ioerror(bp, 0); 701 702 XFS_STATS_INC(target->bt_mount, xb_get); 703 trace_xfs_buf_get(bp, flags, _RET_IP_); 704 *bpp = bp; 705 return 0; 706 out_free_buf: 707 xfs_buf_free(new_bp); 708 return error; 709 } 710 711 int 712 _xfs_buf_read( 713 struct xfs_buf *bp, 714 xfs_buf_flags_t flags) 715 { 716 ASSERT(!(flags & XBF_WRITE)); 717 ASSERT(bp->b_maps[0].bm_bn != XFS_BUF_DADDR_NULL); 718 719 bp->b_flags &= ~(XBF_WRITE | XBF_ASYNC | XBF_READ_AHEAD | XBF_DONE); 720 bp->b_flags |= flags & (XBF_READ | XBF_ASYNC | XBF_READ_AHEAD); 721 722 return xfs_buf_submit(bp); 723 } 724 725 /* 726 * Reverify a buffer found in cache without an attached ->b_ops. 727 * 728 * If the caller passed an ops structure and the buffer doesn't have ops 729 * assigned, set the ops and use it to verify the contents. If verification 730 * fails, clear XBF_DONE. We assume the buffer has no recorded errors and is 731 * already in XBF_DONE state on entry. 732 * 733 * Under normal operations, every in-core buffer is verified on read I/O 734 * completion. There are two scenarios that can lead to in-core buffers without 735 * an assigned ->b_ops. The first is during log recovery of buffers on a V4 736 * filesystem, though these buffers are purged at the end of recovery. The 737 * other is online repair, which intentionally reads with a NULL buffer ops to 738 * run several verifiers across an in-core buffer in order to establish buffer 739 * type. If repair can't establish that, the buffer will be left in memory 740 * with NULL buffer ops. 741 */ 742 int 743 xfs_buf_reverify( 744 struct xfs_buf *bp, 745 const struct xfs_buf_ops *ops) 746 { 747 ASSERT(bp->b_flags & XBF_DONE); 748 ASSERT(bp->b_error == 0); 749 750 if (!ops || bp->b_ops) 751 return 0; 752 753 bp->b_ops = ops; 754 bp->b_ops->verify_read(bp); 755 if (bp->b_error) 756 bp->b_flags &= ~XBF_DONE; 757 return bp->b_error; 758 } 759 760 int 761 xfs_buf_read_map( 762 struct xfs_buftarg *target, 763 struct xfs_buf_map *map, 764 int nmaps, 765 xfs_buf_flags_t flags, 766 struct xfs_buf **bpp, 767 const struct xfs_buf_ops *ops, 768 xfs_failaddr_t fa) 769 { 770 struct xfs_buf *bp; 771 int error; 772 773 flags |= XBF_READ; 774 *bpp = NULL; 775 776 error = xfs_buf_get_map(target, map, nmaps, flags, &bp); 777 if (error) 778 return error; 779 780 trace_xfs_buf_read(bp, flags, _RET_IP_); 781 782 if (!(bp->b_flags & XBF_DONE)) { 783 /* Initiate the buffer read and wait. */ 784 XFS_STATS_INC(target->bt_mount, xb_get_read); 785 bp->b_ops = ops; 786 error = _xfs_buf_read(bp, flags); 787 788 /* Readahead iodone already dropped the buffer, so exit. */ 789 if (flags & XBF_ASYNC) 790 return 0; 791 } else { 792 /* Buffer already read; all we need to do is check it. */ 793 error = xfs_buf_reverify(bp, ops); 794 795 /* Readahead already finished; drop the buffer and exit. */ 796 if (flags & XBF_ASYNC) { 797 xfs_buf_relse(bp); 798 return 0; 799 } 800 801 /* We do not want read in the flags */ 802 bp->b_flags &= ~XBF_READ; 803 ASSERT(bp->b_ops != NULL || ops == NULL); 804 } 805 806 /* 807 * If we've had a read error, then the contents of the buffer are 808 * invalid and should not be used. To ensure that a followup read tries 809 * to pull the buffer from disk again, we clear the XBF_DONE flag and 810 * mark the buffer stale. This ensures that anyone who has a current 811 * reference to the buffer will interpret it's contents correctly and 812 * future cache lookups will also treat it as an empty, uninitialised 813 * buffer. 814 */ 815 if (error) { 816 if (!xfs_is_shutdown(target->bt_mount)) 817 xfs_buf_ioerror_alert(bp, fa); 818 819 bp->b_flags &= ~XBF_DONE; 820 xfs_buf_stale(bp); 821 xfs_buf_relse(bp); 822 823 /* bad CRC means corrupted metadata */ 824 if (error == -EFSBADCRC) 825 error = -EFSCORRUPTED; 826 return error; 827 } 828 829 *bpp = bp; 830 return 0; 831 } 832 833 /* 834 * If we are not low on memory then do the readahead in a deadlock 835 * safe manner. 836 */ 837 void 838 xfs_buf_readahead_map( 839 struct xfs_buftarg *target, 840 struct xfs_buf_map *map, 841 int nmaps, 842 const struct xfs_buf_ops *ops) 843 { 844 struct xfs_buf *bp; 845 846 if (bdi_read_congested(target->bt_bdev->bd_disk->bdi)) 847 return; 848 849 xfs_buf_read_map(target, map, nmaps, 850 XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD, &bp, ops, 851 __this_address); 852 } 853 854 /* 855 * Read an uncached buffer from disk. Allocates and returns a locked 856 * buffer containing the disk contents or nothing. Uncached buffers always have 857 * a cache index of XFS_BUF_DADDR_NULL so we can easily determine if the buffer 858 * is cached or uncached during fault diagnosis. 859 */ 860 int 861 xfs_buf_read_uncached( 862 struct xfs_buftarg *target, 863 xfs_daddr_t daddr, 864 size_t numblks, 865 int flags, 866 struct xfs_buf **bpp, 867 const struct xfs_buf_ops *ops) 868 { 869 struct xfs_buf *bp; 870 int error; 871 872 *bpp = NULL; 873 874 error = xfs_buf_get_uncached(target, numblks, flags, &bp); 875 if (error) 876 return error; 877 878 /* set up the buffer for a read IO */ 879 ASSERT(bp->b_map_count == 1); 880 bp->b_rhash_key = XFS_BUF_DADDR_NULL; 881 bp->b_maps[0].bm_bn = daddr; 882 bp->b_flags |= XBF_READ; 883 bp->b_ops = ops; 884 885 xfs_buf_submit(bp); 886 if (bp->b_error) { 887 error = bp->b_error; 888 xfs_buf_relse(bp); 889 return error; 890 } 891 892 *bpp = bp; 893 return 0; 894 } 895 896 int 897 xfs_buf_get_uncached( 898 struct xfs_buftarg *target, 899 size_t numblks, 900 int flags, 901 struct xfs_buf **bpp) 902 { 903 int error; 904 struct xfs_buf *bp; 905 DEFINE_SINGLE_BUF_MAP(map, XFS_BUF_DADDR_NULL, numblks); 906 907 *bpp = NULL; 908 909 /* flags might contain irrelevant bits, pass only what we care about */ 910 error = _xfs_buf_alloc(target, &map, 1, flags & XBF_NO_IOACCT, &bp); 911 if (error) 912 return error; 913 914 error = xfs_buf_alloc_pages(bp, flags); 915 if (error) 916 goto fail_free_buf; 917 918 error = _xfs_buf_map_pages(bp, 0); 919 if (unlikely(error)) { 920 xfs_warn(target->bt_mount, 921 "%s: failed to map pages", __func__); 922 goto fail_free_buf; 923 } 924 925 trace_xfs_buf_get_uncached(bp, _RET_IP_); 926 *bpp = bp; 927 return 0; 928 929 fail_free_buf: 930 xfs_buf_free(bp); 931 return error; 932 } 933 934 /* 935 * Increment reference count on buffer, to hold the buffer concurrently 936 * with another thread which may release (free) the buffer asynchronously. 937 * Must hold the buffer already to call this function. 938 */ 939 void 940 xfs_buf_hold( 941 struct xfs_buf *bp) 942 { 943 trace_xfs_buf_hold(bp, _RET_IP_); 944 atomic_inc(&bp->b_hold); 945 } 946 947 /* 948 * Release a hold on the specified buffer. If the hold count is 1, the buffer is 949 * placed on LRU or freed (depending on b_lru_ref). 950 */ 951 void 952 xfs_buf_rele( 953 struct xfs_buf *bp) 954 { 955 struct xfs_perag *pag = bp->b_pag; 956 bool release; 957 bool freebuf = false; 958 959 trace_xfs_buf_rele(bp, _RET_IP_); 960 961 if (!pag) { 962 ASSERT(list_empty(&bp->b_lru)); 963 if (atomic_dec_and_test(&bp->b_hold)) { 964 xfs_buf_ioacct_dec(bp); 965 xfs_buf_free(bp); 966 } 967 return; 968 } 969 970 ASSERT(atomic_read(&bp->b_hold) > 0); 971 972 /* 973 * We grab the b_lock here first to serialise racing xfs_buf_rele() 974 * calls. The pag_buf_lock being taken on the last reference only 975 * serialises against racing lookups in xfs_buf_find(). IOWs, the second 976 * to last reference we drop here is not serialised against the last 977 * reference until we take bp->b_lock. Hence if we don't grab b_lock 978 * first, the last "release" reference can win the race to the lock and 979 * free the buffer before the second-to-last reference is processed, 980 * leading to a use-after-free scenario. 981 */ 982 spin_lock(&bp->b_lock); 983 release = atomic_dec_and_lock(&bp->b_hold, &pag->pag_buf_lock); 984 if (!release) { 985 /* 986 * Drop the in-flight state if the buffer is already on the LRU 987 * and it holds the only reference. This is racy because we 988 * haven't acquired the pag lock, but the use of _XBF_IN_FLIGHT 989 * ensures the decrement occurs only once per-buf. 990 */ 991 if ((atomic_read(&bp->b_hold) == 1) && !list_empty(&bp->b_lru)) 992 __xfs_buf_ioacct_dec(bp); 993 goto out_unlock; 994 } 995 996 /* the last reference has been dropped ... */ 997 __xfs_buf_ioacct_dec(bp); 998 if (!(bp->b_flags & XBF_STALE) && atomic_read(&bp->b_lru_ref)) { 999 /* 1000 * If the buffer is added to the LRU take a new reference to the 1001 * buffer for the LRU and clear the (now stale) dispose list 1002 * state flag 1003 */ 1004 if (list_lru_add(&bp->b_target->bt_lru, &bp->b_lru)) { 1005 bp->b_state &= ~XFS_BSTATE_DISPOSE; 1006 atomic_inc(&bp->b_hold); 1007 } 1008 spin_unlock(&pag->pag_buf_lock); 1009 } else { 1010 /* 1011 * most of the time buffers will already be removed from the 1012 * LRU, so optimise that case by checking for the 1013 * XFS_BSTATE_DISPOSE flag indicating the last list the buffer 1014 * was on was the disposal list 1015 */ 1016 if (!(bp->b_state & XFS_BSTATE_DISPOSE)) { 1017 list_lru_del(&bp->b_target->bt_lru, &bp->b_lru); 1018 } else { 1019 ASSERT(list_empty(&bp->b_lru)); 1020 } 1021 1022 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1023 rhashtable_remove_fast(&pag->pag_buf_hash, &bp->b_rhash_head, 1024 xfs_buf_hash_params); 1025 spin_unlock(&pag->pag_buf_lock); 1026 xfs_perag_put(pag); 1027 freebuf = true; 1028 } 1029 1030 out_unlock: 1031 spin_unlock(&bp->b_lock); 1032 1033 if (freebuf) 1034 xfs_buf_free(bp); 1035 } 1036 1037 1038 /* 1039 * Lock a buffer object, if it is not already locked. 1040 * 1041 * If we come across a stale, pinned, locked buffer, we know that we are 1042 * being asked to lock a buffer that has been reallocated. Because it is 1043 * pinned, we know that the log has not been pushed to disk and hence it 1044 * will still be locked. Rather than continuing to have trylock attempts 1045 * fail until someone else pushes the log, push it ourselves before 1046 * returning. This means that the xfsaild will not get stuck trying 1047 * to push on stale inode buffers. 1048 */ 1049 int 1050 xfs_buf_trylock( 1051 struct xfs_buf *bp) 1052 { 1053 int locked; 1054 1055 locked = down_trylock(&bp->b_sema) == 0; 1056 if (locked) 1057 trace_xfs_buf_trylock(bp, _RET_IP_); 1058 else 1059 trace_xfs_buf_trylock_fail(bp, _RET_IP_); 1060 return locked; 1061 } 1062 1063 /* 1064 * Lock a buffer object. 1065 * 1066 * If we come across a stale, pinned, locked buffer, we know that we 1067 * are being asked to lock a buffer that has been reallocated. Because 1068 * it is pinned, we know that the log has not been pushed to disk and 1069 * hence it will still be locked. Rather than sleeping until someone 1070 * else pushes the log, push it ourselves before trying to get the lock. 1071 */ 1072 void 1073 xfs_buf_lock( 1074 struct xfs_buf *bp) 1075 { 1076 trace_xfs_buf_lock(bp, _RET_IP_); 1077 1078 if (atomic_read(&bp->b_pin_count) && (bp->b_flags & XBF_STALE)) 1079 xfs_log_force(bp->b_mount, 0); 1080 down(&bp->b_sema); 1081 1082 trace_xfs_buf_lock_done(bp, _RET_IP_); 1083 } 1084 1085 void 1086 xfs_buf_unlock( 1087 struct xfs_buf *bp) 1088 { 1089 ASSERT(xfs_buf_islocked(bp)); 1090 1091 up(&bp->b_sema); 1092 trace_xfs_buf_unlock(bp, _RET_IP_); 1093 } 1094 1095 STATIC void 1096 xfs_buf_wait_unpin( 1097 struct xfs_buf *bp) 1098 { 1099 DECLARE_WAITQUEUE (wait, current); 1100 1101 if (atomic_read(&bp->b_pin_count) == 0) 1102 return; 1103 1104 add_wait_queue(&bp->b_waiters, &wait); 1105 for (;;) { 1106 set_current_state(TASK_UNINTERRUPTIBLE); 1107 if (atomic_read(&bp->b_pin_count) == 0) 1108 break; 1109 io_schedule(); 1110 } 1111 remove_wait_queue(&bp->b_waiters, &wait); 1112 set_current_state(TASK_RUNNING); 1113 } 1114 1115 static void 1116 xfs_buf_ioerror_alert_ratelimited( 1117 struct xfs_buf *bp) 1118 { 1119 static unsigned long lasttime; 1120 static struct xfs_buftarg *lasttarg; 1121 1122 if (bp->b_target != lasttarg || 1123 time_after(jiffies, (lasttime + 5*HZ))) { 1124 lasttime = jiffies; 1125 xfs_buf_ioerror_alert(bp, __this_address); 1126 } 1127 lasttarg = bp->b_target; 1128 } 1129 1130 /* 1131 * Account for this latest trip around the retry handler, and decide if 1132 * we've failed enough times to constitute a permanent failure. 1133 */ 1134 static bool 1135 xfs_buf_ioerror_permanent( 1136 struct xfs_buf *bp, 1137 struct xfs_error_cfg *cfg) 1138 { 1139 struct xfs_mount *mp = bp->b_mount; 1140 1141 if (cfg->max_retries != XFS_ERR_RETRY_FOREVER && 1142 ++bp->b_retries > cfg->max_retries) 1143 return true; 1144 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1145 time_after(jiffies, cfg->retry_timeout + bp->b_first_retry_time)) 1146 return true; 1147 1148 /* At unmount we may treat errors differently */ 1149 if (xfs_is_unmounting(mp) && mp->m_fail_unmount) 1150 return true; 1151 1152 return false; 1153 } 1154 1155 /* 1156 * On a sync write or shutdown we just want to stale the buffer and let the 1157 * caller handle the error in bp->b_error appropriately. 1158 * 1159 * If the write was asynchronous then no one will be looking for the error. If 1160 * this is the first failure of this type, clear the error state and write the 1161 * buffer out again. This means we always retry an async write failure at least 1162 * once, but we also need to set the buffer up to behave correctly now for 1163 * repeated failures. 1164 * 1165 * If we get repeated async write failures, then we take action according to the 1166 * error configuration we have been set up to use. 1167 * 1168 * Returns true if this function took care of error handling and the caller must 1169 * not touch the buffer again. Return false if the caller should proceed with 1170 * normal I/O completion handling. 1171 */ 1172 static bool 1173 xfs_buf_ioend_handle_error( 1174 struct xfs_buf *bp) 1175 { 1176 struct xfs_mount *mp = bp->b_mount; 1177 struct xfs_error_cfg *cfg; 1178 1179 /* 1180 * If we've already decided to shutdown the filesystem because of I/O 1181 * errors, there's no point in giving this a retry. 1182 */ 1183 if (xfs_is_shutdown(mp)) 1184 goto out_stale; 1185 1186 xfs_buf_ioerror_alert_ratelimited(bp); 1187 1188 /* 1189 * We're not going to bother about retrying this during recovery. 1190 * One strike! 1191 */ 1192 if (bp->b_flags & _XBF_LOGRECOVERY) { 1193 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1194 return false; 1195 } 1196 1197 /* 1198 * Synchronous writes will have callers process the error. 1199 */ 1200 if (!(bp->b_flags & XBF_ASYNC)) 1201 goto out_stale; 1202 1203 trace_xfs_buf_iodone_async(bp, _RET_IP_); 1204 1205 cfg = xfs_error_get_cfg(mp, XFS_ERR_METADATA, bp->b_error); 1206 if (bp->b_last_error != bp->b_error || 1207 !(bp->b_flags & (XBF_STALE | XBF_WRITE_FAIL))) { 1208 bp->b_last_error = bp->b_error; 1209 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1210 !bp->b_first_retry_time) 1211 bp->b_first_retry_time = jiffies; 1212 goto resubmit; 1213 } 1214 1215 /* 1216 * Permanent error - we need to trigger a shutdown if we haven't already 1217 * to indicate that inconsistency will result from this action. 1218 */ 1219 if (xfs_buf_ioerror_permanent(bp, cfg)) { 1220 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1221 goto out_stale; 1222 } 1223 1224 /* Still considered a transient error. Caller will schedule retries. */ 1225 if (bp->b_flags & _XBF_INODES) 1226 xfs_buf_inode_io_fail(bp); 1227 else if (bp->b_flags & _XBF_DQUOTS) 1228 xfs_buf_dquot_io_fail(bp); 1229 else 1230 ASSERT(list_empty(&bp->b_li_list)); 1231 xfs_buf_ioerror(bp, 0); 1232 xfs_buf_relse(bp); 1233 return true; 1234 1235 resubmit: 1236 xfs_buf_ioerror(bp, 0); 1237 bp->b_flags |= (XBF_DONE | XBF_WRITE_FAIL); 1238 xfs_buf_submit(bp); 1239 return true; 1240 out_stale: 1241 xfs_buf_stale(bp); 1242 bp->b_flags |= XBF_DONE; 1243 bp->b_flags &= ~XBF_WRITE; 1244 trace_xfs_buf_error_relse(bp, _RET_IP_); 1245 return false; 1246 } 1247 1248 static void 1249 xfs_buf_ioend( 1250 struct xfs_buf *bp) 1251 { 1252 trace_xfs_buf_iodone(bp, _RET_IP_); 1253 1254 /* 1255 * Pull in IO completion errors now. We are guaranteed to be running 1256 * single threaded, so we don't need the lock to read b_io_error. 1257 */ 1258 if (!bp->b_error && bp->b_io_error) 1259 xfs_buf_ioerror(bp, bp->b_io_error); 1260 1261 if (bp->b_flags & XBF_READ) { 1262 if (!bp->b_error && bp->b_ops) 1263 bp->b_ops->verify_read(bp); 1264 if (!bp->b_error) 1265 bp->b_flags |= XBF_DONE; 1266 } else { 1267 if (!bp->b_error) { 1268 bp->b_flags &= ~XBF_WRITE_FAIL; 1269 bp->b_flags |= XBF_DONE; 1270 } 1271 1272 if (unlikely(bp->b_error) && xfs_buf_ioend_handle_error(bp)) 1273 return; 1274 1275 /* clear the retry state */ 1276 bp->b_last_error = 0; 1277 bp->b_retries = 0; 1278 bp->b_first_retry_time = 0; 1279 1280 /* 1281 * Note that for things like remote attribute buffers, there may 1282 * not be a buffer log item here, so processing the buffer log 1283 * item must remain optional. 1284 */ 1285 if (bp->b_log_item) 1286 xfs_buf_item_done(bp); 1287 1288 if (bp->b_flags & _XBF_INODES) 1289 xfs_buf_inode_iodone(bp); 1290 else if (bp->b_flags & _XBF_DQUOTS) 1291 xfs_buf_dquot_iodone(bp); 1292 1293 } 1294 1295 bp->b_flags &= ~(XBF_READ | XBF_WRITE | XBF_READ_AHEAD | 1296 _XBF_LOGRECOVERY); 1297 1298 if (bp->b_flags & XBF_ASYNC) 1299 xfs_buf_relse(bp); 1300 else 1301 complete(&bp->b_iowait); 1302 } 1303 1304 static void 1305 xfs_buf_ioend_work( 1306 struct work_struct *work) 1307 { 1308 struct xfs_buf *bp = 1309 container_of(work, struct xfs_buf, b_ioend_work); 1310 1311 xfs_buf_ioend(bp); 1312 } 1313 1314 static void 1315 xfs_buf_ioend_async( 1316 struct xfs_buf *bp) 1317 { 1318 INIT_WORK(&bp->b_ioend_work, xfs_buf_ioend_work); 1319 queue_work(bp->b_mount->m_buf_workqueue, &bp->b_ioend_work); 1320 } 1321 1322 void 1323 __xfs_buf_ioerror( 1324 struct xfs_buf *bp, 1325 int error, 1326 xfs_failaddr_t failaddr) 1327 { 1328 ASSERT(error <= 0 && error >= -1000); 1329 bp->b_error = error; 1330 trace_xfs_buf_ioerror(bp, error, failaddr); 1331 } 1332 1333 void 1334 xfs_buf_ioerror_alert( 1335 struct xfs_buf *bp, 1336 xfs_failaddr_t func) 1337 { 1338 xfs_buf_alert_ratelimited(bp, "XFS: metadata IO error", 1339 "metadata I/O error in \"%pS\" at daddr 0x%llx len %d error %d", 1340 func, (uint64_t)xfs_buf_daddr(bp), 1341 bp->b_length, -bp->b_error); 1342 } 1343 1344 /* 1345 * To simulate an I/O failure, the buffer must be locked and held with at least 1346 * three references. The LRU reference is dropped by the stale call. The buf 1347 * item reference is dropped via ioend processing. The third reference is owned 1348 * by the caller and is dropped on I/O completion if the buffer is XBF_ASYNC. 1349 */ 1350 void 1351 xfs_buf_ioend_fail( 1352 struct xfs_buf *bp) 1353 { 1354 bp->b_flags &= ~XBF_DONE; 1355 xfs_buf_stale(bp); 1356 xfs_buf_ioerror(bp, -EIO); 1357 xfs_buf_ioend(bp); 1358 } 1359 1360 int 1361 xfs_bwrite( 1362 struct xfs_buf *bp) 1363 { 1364 int error; 1365 1366 ASSERT(xfs_buf_islocked(bp)); 1367 1368 bp->b_flags |= XBF_WRITE; 1369 bp->b_flags &= ~(XBF_ASYNC | XBF_READ | _XBF_DELWRI_Q | 1370 XBF_DONE); 1371 1372 error = xfs_buf_submit(bp); 1373 if (error) 1374 xfs_force_shutdown(bp->b_mount, SHUTDOWN_META_IO_ERROR); 1375 return error; 1376 } 1377 1378 static void 1379 xfs_buf_bio_end_io( 1380 struct bio *bio) 1381 { 1382 struct xfs_buf *bp = (struct xfs_buf *)bio->bi_private; 1383 1384 if (!bio->bi_status && 1385 (bp->b_flags & XBF_WRITE) && (bp->b_flags & XBF_ASYNC) && 1386 XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_IOERROR)) 1387 bio->bi_status = BLK_STS_IOERR; 1388 1389 /* 1390 * don't overwrite existing errors - otherwise we can lose errors on 1391 * buffers that require multiple bios to complete. 1392 */ 1393 if (bio->bi_status) { 1394 int error = blk_status_to_errno(bio->bi_status); 1395 1396 cmpxchg(&bp->b_io_error, 0, error); 1397 } 1398 1399 if (!bp->b_error && xfs_buf_is_vmapped(bp) && (bp->b_flags & XBF_READ)) 1400 invalidate_kernel_vmap_range(bp->b_addr, xfs_buf_vmap_len(bp)); 1401 1402 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) 1403 xfs_buf_ioend_async(bp); 1404 bio_put(bio); 1405 } 1406 1407 static void 1408 xfs_buf_ioapply_map( 1409 struct xfs_buf *bp, 1410 int map, 1411 int *buf_offset, 1412 int *count, 1413 int op) 1414 { 1415 int page_index; 1416 unsigned int total_nr_pages = bp->b_page_count; 1417 int nr_pages; 1418 struct bio *bio; 1419 sector_t sector = bp->b_maps[map].bm_bn; 1420 int size; 1421 int offset; 1422 1423 /* skip the pages in the buffer before the start offset */ 1424 page_index = 0; 1425 offset = *buf_offset; 1426 while (offset >= PAGE_SIZE) { 1427 page_index++; 1428 offset -= PAGE_SIZE; 1429 } 1430 1431 /* 1432 * Limit the IO size to the length of the current vector, and update the 1433 * remaining IO count for the next time around. 1434 */ 1435 size = min_t(int, BBTOB(bp->b_maps[map].bm_len), *count); 1436 *count -= size; 1437 *buf_offset += size; 1438 1439 next_chunk: 1440 atomic_inc(&bp->b_io_remaining); 1441 nr_pages = bio_max_segs(total_nr_pages); 1442 1443 bio = bio_alloc(GFP_NOIO, nr_pages); 1444 bio_set_dev(bio, bp->b_target->bt_bdev); 1445 bio->bi_iter.bi_sector = sector; 1446 bio->bi_end_io = xfs_buf_bio_end_io; 1447 bio->bi_private = bp; 1448 bio->bi_opf = op; 1449 1450 for (; size && nr_pages; nr_pages--, page_index++) { 1451 int rbytes, nbytes = PAGE_SIZE - offset; 1452 1453 if (nbytes > size) 1454 nbytes = size; 1455 1456 rbytes = bio_add_page(bio, bp->b_pages[page_index], nbytes, 1457 offset); 1458 if (rbytes < nbytes) 1459 break; 1460 1461 offset = 0; 1462 sector += BTOBB(nbytes); 1463 size -= nbytes; 1464 total_nr_pages--; 1465 } 1466 1467 if (likely(bio->bi_iter.bi_size)) { 1468 if (xfs_buf_is_vmapped(bp)) { 1469 flush_kernel_vmap_range(bp->b_addr, 1470 xfs_buf_vmap_len(bp)); 1471 } 1472 submit_bio(bio); 1473 if (size) 1474 goto next_chunk; 1475 } else { 1476 /* 1477 * This is guaranteed not to be the last io reference count 1478 * because the caller (xfs_buf_submit) holds a count itself. 1479 */ 1480 atomic_dec(&bp->b_io_remaining); 1481 xfs_buf_ioerror(bp, -EIO); 1482 bio_put(bio); 1483 } 1484 1485 } 1486 1487 STATIC void 1488 _xfs_buf_ioapply( 1489 struct xfs_buf *bp) 1490 { 1491 struct blk_plug plug; 1492 int op; 1493 int offset; 1494 int size; 1495 int i; 1496 1497 /* 1498 * Make sure we capture only current IO errors rather than stale errors 1499 * left over from previous use of the buffer (e.g. failed readahead). 1500 */ 1501 bp->b_error = 0; 1502 1503 if (bp->b_flags & XBF_WRITE) { 1504 op = REQ_OP_WRITE; 1505 1506 /* 1507 * Run the write verifier callback function if it exists. If 1508 * this function fails it will mark the buffer with an error and 1509 * the IO should not be dispatched. 1510 */ 1511 if (bp->b_ops) { 1512 bp->b_ops->verify_write(bp); 1513 if (bp->b_error) { 1514 xfs_force_shutdown(bp->b_mount, 1515 SHUTDOWN_CORRUPT_INCORE); 1516 return; 1517 } 1518 } else if (bp->b_rhash_key != XFS_BUF_DADDR_NULL) { 1519 struct xfs_mount *mp = bp->b_mount; 1520 1521 /* 1522 * non-crc filesystems don't attach verifiers during 1523 * log recovery, so don't warn for such filesystems. 1524 */ 1525 if (xfs_has_crc(mp)) { 1526 xfs_warn(mp, 1527 "%s: no buf ops on daddr 0x%llx len %d", 1528 __func__, xfs_buf_daddr(bp), 1529 bp->b_length); 1530 xfs_hex_dump(bp->b_addr, 1531 XFS_CORRUPTION_DUMP_LEN); 1532 dump_stack(); 1533 } 1534 } 1535 } else { 1536 op = REQ_OP_READ; 1537 if (bp->b_flags & XBF_READ_AHEAD) 1538 op |= REQ_RAHEAD; 1539 } 1540 1541 /* we only use the buffer cache for meta-data */ 1542 op |= REQ_META; 1543 1544 /* 1545 * Walk all the vectors issuing IO on them. Set up the initial offset 1546 * into the buffer and the desired IO size before we start - 1547 * _xfs_buf_ioapply_vec() will modify them appropriately for each 1548 * subsequent call. 1549 */ 1550 offset = bp->b_offset; 1551 size = BBTOB(bp->b_length); 1552 blk_start_plug(&plug); 1553 for (i = 0; i < bp->b_map_count; i++) { 1554 xfs_buf_ioapply_map(bp, i, &offset, &size, op); 1555 if (bp->b_error) 1556 break; 1557 if (size <= 0) 1558 break; /* all done */ 1559 } 1560 blk_finish_plug(&plug); 1561 } 1562 1563 /* 1564 * Wait for I/O completion of a sync buffer and return the I/O error code. 1565 */ 1566 static int 1567 xfs_buf_iowait( 1568 struct xfs_buf *bp) 1569 { 1570 ASSERT(!(bp->b_flags & XBF_ASYNC)); 1571 1572 trace_xfs_buf_iowait(bp, _RET_IP_); 1573 wait_for_completion(&bp->b_iowait); 1574 trace_xfs_buf_iowait_done(bp, _RET_IP_); 1575 1576 return bp->b_error; 1577 } 1578 1579 /* 1580 * Buffer I/O submission path, read or write. Asynchronous submission transfers 1581 * the buffer lock ownership and the current reference to the IO. It is not 1582 * safe to reference the buffer after a call to this function unless the caller 1583 * holds an additional reference itself. 1584 */ 1585 static int 1586 __xfs_buf_submit( 1587 struct xfs_buf *bp, 1588 bool wait) 1589 { 1590 int error = 0; 1591 1592 trace_xfs_buf_submit(bp, _RET_IP_); 1593 1594 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1595 1596 /* on shutdown we stale and complete the buffer immediately */ 1597 if (xfs_is_shutdown(bp->b_mount)) { 1598 xfs_buf_ioend_fail(bp); 1599 return -EIO; 1600 } 1601 1602 /* 1603 * Grab a reference so the buffer does not go away underneath us. For 1604 * async buffers, I/O completion drops the callers reference, which 1605 * could occur before submission returns. 1606 */ 1607 xfs_buf_hold(bp); 1608 1609 if (bp->b_flags & XBF_WRITE) 1610 xfs_buf_wait_unpin(bp); 1611 1612 /* clear the internal error state to avoid spurious errors */ 1613 bp->b_io_error = 0; 1614 1615 /* 1616 * Set the count to 1 initially, this will stop an I/O completion 1617 * callout which happens before we have started all the I/O from calling 1618 * xfs_buf_ioend too early. 1619 */ 1620 atomic_set(&bp->b_io_remaining, 1); 1621 if (bp->b_flags & XBF_ASYNC) 1622 xfs_buf_ioacct_inc(bp); 1623 _xfs_buf_ioapply(bp); 1624 1625 /* 1626 * If _xfs_buf_ioapply failed, we can get back here with only the IO 1627 * reference we took above. If we drop it to zero, run completion so 1628 * that we don't return to the caller with completion still pending. 1629 */ 1630 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) { 1631 if (bp->b_error || !(bp->b_flags & XBF_ASYNC)) 1632 xfs_buf_ioend(bp); 1633 else 1634 xfs_buf_ioend_async(bp); 1635 } 1636 1637 if (wait) 1638 error = xfs_buf_iowait(bp); 1639 1640 /* 1641 * Release the hold that keeps the buffer referenced for the entire 1642 * I/O. Note that if the buffer is async, it is not safe to reference 1643 * after this release. 1644 */ 1645 xfs_buf_rele(bp); 1646 return error; 1647 } 1648 1649 void * 1650 xfs_buf_offset( 1651 struct xfs_buf *bp, 1652 size_t offset) 1653 { 1654 struct page *page; 1655 1656 if (bp->b_addr) 1657 return bp->b_addr + offset; 1658 1659 page = bp->b_pages[offset >> PAGE_SHIFT]; 1660 return page_address(page) + (offset & (PAGE_SIZE-1)); 1661 } 1662 1663 void 1664 xfs_buf_zero( 1665 struct xfs_buf *bp, 1666 size_t boff, 1667 size_t bsize) 1668 { 1669 size_t bend; 1670 1671 bend = boff + bsize; 1672 while (boff < bend) { 1673 struct page *page; 1674 int page_index, page_offset, csize; 1675 1676 page_index = (boff + bp->b_offset) >> PAGE_SHIFT; 1677 page_offset = (boff + bp->b_offset) & ~PAGE_MASK; 1678 page = bp->b_pages[page_index]; 1679 csize = min_t(size_t, PAGE_SIZE - page_offset, 1680 BBTOB(bp->b_length) - boff); 1681 1682 ASSERT((csize + page_offset) <= PAGE_SIZE); 1683 1684 memset(page_address(page) + page_offset, 0, csize); 1685 1686 boff += csize; 1687 } 1688 } 1689 1690 /* 1691 * Log a message about and stale a buffer that a caller has decided is corrupt. 1692 * 1693 * This function should be called for the kinds of metadata corruption that 1694 * cannot be detect from a verifier, such as incorrect inter-block relationship 1695 * data. Do /not/ call this function from a verifier function. 1696 * 1697 * The buffer must be XBF_DONE prior to the call. Afterwards, the buffer will 1698 * be marked stale, but b_error will not be set. The caller is responsible for 1699 * releasing the buffer or fixing it. 1700 */ 1701 void 1702 __xfs_buf_mark_corrupt( 1703 struct xfs_buf *bp, 1704 xfs_failaddr_t fa) 1705 { 1706 ASSERT(bp->b_flags & XBF_DONE); 1707 1708 xfs_buf_corruption_error(bp, fa); 1709 xfs_buf_stale(bp); 1710 } 1711 1712 /* 1713 * Handling of buffer targets (buftargs). 1714 */ 1715 1716 /* 1717 * Wait for any bufs with callbacks that have been submitted but have not yet 1718 * returned. These buffers will have an elevated hold count, so wait on those 1719 * while freeing all the buffers only held by the LRU. 1720 */ 1721 static enum lru_status 1722 xfs_buftarg_drain_rele( 1723 struct list_head *item, 1724 struct list_lru_one *lru, 1725 spinlock_t *lru_lock, 1726 void *arg) 1727 1728 { 1729 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1730 struct list_head *dispose = arg; 1731 1732 if (atomic_read(&bp->b_hold) > 1) { 1733 /* need to wait, so skip it this pass */ 1734 trace_xfs_buf_drain_buftarg(bp, _RET_IP_); 1735 return LRU_SKIP; 1736 } 1737 if (!spin_trylock(&bp->b_lock)) 1738 return LRU_SKIP; 1739 1740 /* 1741 * clear the LRU reference count so the buffer doesn't get 1742 * ignored in xfs_buf_rele(). 1743 */ 1744 atomic_set(&bp->b_lru_ref, 0); 1745 bp->b_state |= XFS_BSTATE_DISPOSE; 1746 list_lru_isolate_move(lru, item, dispose); 1747 spin_unlock(&bp->b_lock); 1748 return LRU_REMOVED; 1749 } 1750 1751 /* 1752 * Wait for outstanding I/O on the buftarg to complete. 1753 */ 1754 void 1755 xfs_buftarg_wait( 1756 struct xfs_buftarg *btp) 1757 { 1758 /* 1759 * First wait on the buftarg I/O count for all in-flight buffers to be 1760 * released. This is critical as new buffers do not make the LRU until 1761 * they are released. 1762 * 1763 * Next, flush the buffer workqueue to ensure all completion processing 1764 * has finished. Just waiting on buffer locks is not sufficient for 1765 * async IO as the reference count held over IO is not released until 1766 * after the buffer lock is dropped. Hence we need to ensure here that 1767 * all reference counts have been dropped before we start walking the 1768 * LRU list. 1769 */ 1770 while (percpu_counter_sum(&btp->bt_io_count)) 1771 delay(100); 1772 flush_workqueue(btp->bt_mount->m_buf_workqueue); 1773 } 1774 1775 void 1776 xfs_buftarg_drain( 1777 struct xfs_buftarg *btp) 1778 { 1779 LIST_HEAD(dispose); 1780 int loop = 0; 1781 bool write_fail = false; 1782 1783 xfs_buftarg_wait(btp); 1784 1785 /* loop until there is nothing left on the lru list. */ 1786 while (list_lru_count(&btp->bt_lru)) { 1787 list_lru_walk(&btp->bt_lru, xfs_buftarg_drain_rele, 1788 &dispose, LONG_MAX); 1789 1790 while (!list_empty(&dispose)) { 1791 struct xfs_buf *bp; 1792 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1793 list_del_init(&bp->b_lru); 1794 if (bp->b_flags & XBF_WRITE_FAIL) { 1795 write_fail = true; 1796 xfs_buf_alert_ratelimited(bp, 1797 "XFS: Corruption Alert", 1798 "Corruption Alert: Buffer at daddr 0x%llx had permanent write failures!", 1799 (long long)xfs_buf_daddr(bp)); 1800 } 1801 xfs_buf_rele(bp); 1802 } 1803 if (loop++ != 0) 1804 delay(100); 1805 } 1806 1807 /* 1808 * If one or more failed buffers were freed, that means dirty metadata 1809 * was thrown away. This should only ever happen after I/O completion 1810 * handling has elevated I/O error(s) to permanent failures and shuts 1811 * down the fs. 1812 */ 1813 if (write_fail) { 1814 ASSERT(xfs_is_shutdown(btp->bt_mount)); 1815 xfs_alert(btp->bt_mount, 1816 "Please run xfs_repair to determine the extent of the problem."); 1817 } 1818 } 1819 1820 static enum lru_status 1821 xfs_buftarg_isolate( 1822 struct list_head *item, 1823 struct list_lru_one *lru, 1824 spinlock_t *lru_lock, 1825 void *arg) 1826 { 1827 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1828 struct list_head *dispose = arg; 1829 1830 /* 1831 * we are inverting the lru lock/bp->b_lock here, so use a trylock. 1832 * If we fail to get the lock, just skip it. 1833 */ 1834 if (!spin_trylock(&bp->b_lock)) 1835 return LRU_SKIP; 1836 /* 1837 * Decrement the b_lru_ref count unless the value is already 1838 * zero. If the value is already zero, we need to reclaim the 1839 * buffer, otherwise it gets another trip through the LRU. 1840 */ 1841 if (atomic_add_unless(&bp->b_lru_ref, -1, 0)) { 1842 spin_unlock(&bp->b_lock); 1843 return LRU_ROTATE; 1844 } 1845 1846 bp->b_state |= XFS_BSTATE_DISPOSE; 1847 list_lru_isolate_move(lru, item, dispose); 1848 spin_unlock(&bp->b_lock); 1849 return LRU_REMOVED; 1850 } 1851 1852 static unsigned long 1853 xfs_buftarg_shrink_scan( 1854 struct shrinker *shrink, 1855 struct shrink_control *sc) 1856 { 1857 struct xfs_buftarg *btp = container_of(shrink, 1858 struct xfs_buftarg, bt_shrinker); 1859 LIST_HEAD(dispose); 1860 unsigned long freed; 1861 1862 freed = list_lru_shrink_walk(&btp->bt_lru, sc, 1863 xfs_buftarg_isolate, &dispose); 1864 1865 while (!list_empty(&dispose)) { 1866 struct xfs_buf *bp; 1867 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1868 list_del_init(&bp->b_lru); 1869 xfs_buf_rele(bp); 1870 } 1871 1872 return freed; 1873 } 1874 1875 static unsigned long 1876 xfs_buftarg_shrink_count( 1877 struct shrinker *shrink, 1878 struct shrink_control *sc) 1879 { 1880 struct xfs_buftarg *btp = container_of(shrink, 1881 struct xfs_buftarg, bt_shrinker); 1882 return list_lru_shrink_count(&btp->bt_lru, sc); 1883 } 1884 1885 void 1886 xfs_free_buftarg( 1887 struct xfs_buftarg *btp) 1888 { 1889 unregister_shrinker(&btp->bt_shrinker); 1890 ASSERT(percpu_counter_sum(&btp->bt_io_count) == 0); 1891 percpu_counter_destroy(&btp->bt_io_count); 1892 list_lru_destroy(&btp->bt_lru); 1893 1894 blkdev_issue_flush(btp->bt_bdev); 1895 1896 kmem_free(btp); 1897 } 1898 1899 int 1900 xfs_setsize_buftarg( 1901 xfs_buftarg_t *btp, 1902 unsigned int sectorsize) 1903 { 1904 /* Set up metadata sector size info */ 1905 btp->bt_meta_sectorsize = sectorsize; 1906 btp->bt_meta_sectormask = sectorsize - 1; 1907 1908 if (set_blocksize(btp->bt_bdev, sectorsize)) { 1909 xfs_warn(btp->bt_mount, 1910 "Cannot set_blocksize to %u on device %pg", 1911 sectorsize, btp->bt_bdev); 1912 return -EINVAL; 1913 } 1914 1915 /* Set up device logical sector size mask */ 1916 btp->bt_logical_sectorsize = bdev_logical_block_size(btp->bt_bdev); 1917 btp->bt_logical_sectormask = bdev_logical_block_size(btp->bt_bdev) - 1; 1918 1919 return 0; 1920 } 1921 1922 /* 1923 * When allocating the initial buffer target we have not yet 1924 * read in the superblock, so don't know what sized sectors 1925 * are being used at this early stage. Play safe. 1926 */ 1927 STATIC int 1928 xfs_setsize_buftarg_early( 1929 xfs_buftarg_t *btp, 1930 struct block_device *bdev) 1931 { 1932 return xfs_setsize_buftarg(btp, bdev_logical_block_size(bdev)); 1933 } 1934 1935 xfs_buftarg_t * 1936 xfs_alloc_buftarg( 1937 struct xfs_mount *mp, 1938 struct block_device *bdev, 1939 struct dax_device *dax_dev) 1940 { 1941 xfs_buftarg_t *btp; 1942 1943 btp = kmem_zalloc(sizeof(*btp), KM_NOFS); 1944 1945 btp->bt_mount = mp; 1946 btp->bt_dev = bdev->bd_dev; 1947 btp->bt_bdev = bdev; 1948 btp->bt_daxdev = dax_dev; 1949 1950 /* 1951 * Buffer IO error rate limiting. Limit it to no more than 10 messages 1952 * per 30 seconds so as to not spam logs too much on repeated errors. 1953 */ 1954 ratelimit_state_init(&btp->bt_ioerror_rl, 30 * HZ, 1955 DEFAULT_RATELIMIT_BURST); 1956 1957 if (xfs_setsize_buftarg_early(btp, bdev)) 1958 goto error_free; 1959 1960 if (list_lru_init(&btp->bt_lru)) 1961 goto error_free; 1962 1963 if (percpu_counter_init(&btp->bt_io_count, 0, GFP_KERNEL)) 1964 goto error_lru; 1965 1966 btp->bt_shrinker.count_objects = xfs_buftarg_shrink_count; 1967 btp->bt_shrinker.scan_objects = xfs_buftarg_shrink_scan; 1968 btp->bt_shrinker.seeks = DEFAULT_SEEKS; 1969 btp->bt_shrinker.flags = SHRINKER_NUMA_AWARE; 1970 if (register_shrinker(&btp->bt_shrinker)) 1971 goto error_pcpu; 1972 return btp; 1973 1974 error_pcpu: 1975 percpu_counter_destroy(&btp->bt_io_count); 1976 error_lru: 1977 list_lru_destroy(&btp->bt_lru); 1978 error_free: 1979 kmem_free(btp); 1980 return NULL; 1981 } 1982 1983 /* 1984 * Cancel a delayed write list. 1985 * 1986 * Remove each buffer from the list, clear the delwri queue flag and drop the 1987 * associated buffer reference. 1988 */ 1989 void 1990 xfs_buf_delwri_cancel( 1991 struct list_head *list) 1992 { 1993 struct xfs_buf *bp; 1994 1995 while (!list_empty(list)) { 1996 bp = list_first_entry(list, struct xfs_buf, b_list); 1997 1998 xfs_buf_lock(bp); 1999 bp->b_flags &= ~_XBF_DELWRI_Q; 2000 list_del_init(&bp->b_list); 2001 xfs_buf_relse(bp); 2002 } 2003 } 2004 2005 /* 2006 * Add a buffer to the delayed write list. 2007 * 2008 * This queues a buffer for writeout if it hasn't already been. Note that 2009 * neither this routine nor the buffer list submission functions perform 2010 * any internal synchronization. It is expected that the lists are thread-local 2011 * to the callers. 2012 * 2013 * Returns true if we queued up the buffer, or false if it already had 2014 * been on the buffer list. 2015 */ 2016 bool 2017 xfs_buf_delwri_queue( 2018 struct xfs_buf *bp, 2019 struct list_head *list) 2020 { 2021 ASSERT(xfs_buf_islocked(bp)); 2022 ASSERT(!(bp->b_flags & XBF_READ)); 2023 2024 /* 2025 * If the buffer is already marked delwri it already is queued up 2026 * by someone else for imediate writeout. Just ignore it in that 2027 * case. 2028 */ 2029 if (bp->b_flags & _XBF_DELWRI_Q) { 2030 trace_xfs_buf_delwri_queued(bp, _RET_IP_); 2031 return false; 2032 } 2033 2034 trace_xfs_buf_delwri_queue(bp, _RET_IP_); 2035 2036 /* 2037 * If a buffer gets written out synchronously or marked stale while it 2038 * is on a delwri list we lazily remove it. To do this, the other party 2039 * clears the _XBF_DELWRI_Q flag but otherwise leaves the buffer alone. 2040 * It remains referenced and on the list. In a rare corner case it 2041 * might get readded to a delwri list after the synchronous writeout, in 2042 * which case we need just need to re-add the flag here. 2043 */ 2044 bp->b_flags |= _XBF_DELWRI_Q; 2045 if (list_empty(&bp->b_list)) { 2046 atomic_inc(&bp->b_hold); 2047 list_add_tail(&bp->b_list, list); 2048 } 2049 2050 return true; 2051 } 2052 2053 /* 2054 * Compare function is more complex than it needs to be because 2055 * the return value is only 32 bits and we are doing comparisons 2056 * on 64 bit values 2057 */ 2058 static int 2059 xfs_buf_cmp( 2060 void *priv, 2061 const struct list_head *a, 2062 const struct list_head *b) 2063 { 2064 struct xfs_buf *ap = container_of(a, struct xfs_buf, b_list); 2065 struct xfs_buf *bp = container_of(b, struct xfs_buf, b_list); 2066 xfs_daddr_t diff; 2067 2068 diff = ap->b_maps[0].bm_bn - bp->b_maps[0].bm_bn; 2069 if (diff < 0) 2070 return -1; 2071 if (diff > 0) 2072 return 1; 2073 return 0; 2074 } 2075 2076 /* 2077 * Submit buffers for write. If wait_list is specified, the buffers are 2078 * submitted using sync I/O and placed on the wait list such that the caller can 2079 * iowait each buffer. Otherwise async I/O is used and the buffers are released 2080 * at I/O completion time. In either case, buffers remain locked until I/O 2081 * completes and the buffer is released from the queue. 2082 */ 2083 static int 2084 xfs_buf_delwri_submit_buffers( 2085 struct list_head *buffer_list, 2086 struct list_head *wait_list) 2087 { 2088 struct xfs_buf *bp, *n; 2089 int pinned = 0; 2090 struct blk_plug plug; 2091 2092 list_sort(NULL, buffer_list, xfs_buf_cmp); 2093 2094 blk_start_plug(&plug); 2095 list_for_each_entry_safe(bp, n, buffer_list, b_list) { 2096 if (!wait_list) { 2097 if (xfs_buf_ispinned(bp)) { 2098 pinned++; 2099 continue; 2100 } 2101 if (!xfs_buf_trylock(bp)) 2102 continue; 2103 } else { 2104 xfs_buf_lock(bp); 2105 } 2106 2107 /* 2108 * Someone else might have written the buffer synchronously or 2109 * marked it stale in the meantime. In that case only the 2110 * _XBF_DELWRI_Q flag got cleared, and we have to drop the 2111 * reference and remove it from the list here. 2112 */ 2113 if (!(bp->b_flags & _XBF_DELWRI_Q)) { 2114 list_del_init(&bp->b_list); 2115 xfs_buf_relse(bp); 2116 continue; 2117 } 2118 2119 trace_xfs_buf_delwri_split(bp, _RET_IP_); 2120 2121 /* 2122 * If we have a wait list, each buffer (and associated delwri 2123 * queue reference) transfers to it and is submitted 2124 * synchronously. Otherwise, drop the buffer from the delwri 2125 * queue and submit async. 2126 */ 2127 bp->b_flags &= ~_XBF_DELWRI_Q; 2128 bp->b_flags |= XBF_WRITE; 2129 if (wait_list) { 2130 bp->b_flags &= ~XBF_ASYNC; 2131 list_move_tail(&bp->b_list, wait_list); 2132 } else { 2133 bp->b_flags |= XBF_ASYNC; 2134 list_del_init(&bp->b_list); 2135 } 2136 __xfs_buf_submit(bp, false); 2137 } 2138 blk_finish_plug(&plug); 2139 2140 return pinned; 2141 } 2142 2143 /* 2144 * Write out a buffer list asynchronously. 2145 * 2146 * This will take the @buffer_list, write all non-locked and non-pinned buffers 2147 * out and not wait for I/O completion on any of the buffers. This interface 2148 * is only safely useable for callers that can track I/O completion by higher 2149 * level means, e.g. AIL pushing as the @buffer_list is consumed in this 2150 * function. 2151 * 2152 * Note: this function will skip buffers it would block on, and in doing so 2153 * leaves them on @buffer_list so they can be retried on a later pass. As such, 2154 * it is up to the caller to ensure that the buffer list is fully submitted or 2155 * cancelled appropriately when they are finished with the list. Failure to 2156 * cancel or resubmit the list until it is empty will result in leaked buffers 2157 * at unmount time. 2158 */ 2159 int 2160 xfs_buf_delwri_submit_nowait( 2161 struct list_head *buffer_list) 2162 { 2163 return xfs_buf_delwri_submit_buffers(buffer_list, NULL); 2164 } 2165 2166 /* 2167 * Write out a buffer list synchronously. 2168 * 2169 * This will take the @buffer_list, write all buffers out and wait for I/O 2170 * completion on all of the buffers. @buffer_list is consumed by the function, 2171 * so callers must have some other way of tracking buffers if they require such 2172 * functionality. 2173 */ 2174 int 2175 xfs_buf_delwri_submit( 2176 struct list_head *buffer_list) 2177 { 2178 LIST_HEAD (wait_list); 2179 int error = 0, error2; 2180 struct xfs_buf *bp; 2181 2182 xfs_buf_delwri_submit_buffers(buffer_list, &wait_list); 2183 2184 /* Wait for IO to complete. */ 2185 while (!list_empty(&wait_list)) { 2186 bp = list_first_entry(&wait_list, struct xfs_buf, b_list); 2187 2188 list_del_init(&bp->b_list); 2189 2190 /* 2191 * Wait on the locked buffer, check for errors and unlock and 2192 * release the delwri queue reference. 2193 */ 2194 error2 = xfs_buf_iowait(bp); 2195 xfs_buf_relse(bp); 2196 if (!error) 2197 error = error2; 2198 } 2199 2200 return error; 2201 } 2202 2203 /* 2204 * Push a single buffer on a delwri queue. 2205 * 2206 * The purpose of this function is to submit a single buffer of a delwri queue 2207 * and return with the buffer still on the original queue. The waiting delwri 2208 * buffer submission infrastructure guarantees transfer of the delwri queue 2209 * buffer reference to a temporary wait list. We reuse this infrastructure to 2210 * transfer the buffer back to the original queue. 2211 * 2212 * Note the buffer transitions from the queued state, to the submitted and wait 2213 * listed state and back to the queued state during this call. The buffer 2214 * locking and queue management logic between _delwri_pushbuf() and 2215 * _delwri_queue() guarantee that the buffer cannot be queued to another list 2216 * before returning. 2217 */ 2218 int 2219 xfs_buf_delwri_pushbuf( 2220 struct xfs_buf *bp, 2221 struct list_head *buffer_list) 2222 { 2223 LIST_HEAD (submit_list); 2224 int error; 2225 2226 ASSERT(bp->b_flags & _XBF_DELWRI_Q); 2227 2228 trace_xfs_buf_delwri_pushbuf(bp, _RET_IP_); 2229 2230 /* 2231 * Isolate the buffer to a new local list so we can submit it for I/O 2232 * independently from the rest of the original list. 2233 */ 2234 xfs_buf_lock(bp); 2235 list_move(&bp->b_list, &submit_list); 2236 xfs_buf_unlock(bp); 2237 2238 /* 2239 * Delwri submission clears the DELWRI_Q buffer flag and returns with 2240 * the buffer on the wait list with the original reference. Rather than 2241 * bounce the buffer from a local wait list back to the original list 2242 * after I/O completion, reuse the original list as the wait list. 2243 */ 2244 xfs_buf_delwri_submit_buffers(&submit_list, buffer_list); 2245 2246 /* 2247 * The buffer is now locked, under I/O and wait listed on the original 2248 * delwri queue. Wait for I/O completion, restore the DELWRI_Q flag and 2249 * return with the buffer unlocked and on the original queue. 2250 */ 2251 error = xfs_buf_iowait(bp); 2252 bp->b_flags |= _XBF_DELWRI_Q; 2253 xfs_buf_unlock(bp); 2254 2255 return error; 2256 } 2257 2258 int __init 2259 xfs_buf_init(void) 2260 { 2261 xfs_buf_zone = kmem_cache_create("xfs_buf", sizeof(struct xfs_buf), 0, 2262 SLAB_HWCACHE_ALIGN | 2263 SLAB_RECLAIM_ACCOUNT | 2264 SLAB_MEM_SPREAD, 2265 NULL); 2266 if (!xfs_buf_zone) 2267 goto out; 2268 2269 return 0; 2270 2271 out: 2272 return -ENOMEM; 2273 } 2274 2275 void 2276 xfs_buf_terminate(void) 2277 { 2278 kmem_cache_destroy(xfs_buf_zone); 2279 } 2280 2281 void xfs_buf_set_ref(struct xfs_buf *bp, int lru_ref) 2282 { 2283 /* 2284 * Set the lru reference count to 0 based on the error injection tag. 2285 * This allows userspace to disrupt buffer caching for debug/testing 2286 * purposes. 2287 */ 2288 if (XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_LRU_REF)) 2289 lru_ref = 0; 2290 2291 atomic_set(&bp->b_lru_ref, lru_ref); 2292 } 2293 2294 /* 2295 * Verify an on-disk magic value against the magic value specified in the 2296 * verifier structure. The verifier magic is in disk byte order so the caller is 2297 * expected to pass the value directly from disk. 2298 */ 2299 bool 2300 xfs_verify_magic( 2301 struct xfs_buf *bp, 2302 __be32 dmagic) 2303 { 2304 struct xfs_mount *mp = bp->b_mount; 2305 int idx; 2306 2307 idx = xfs_has_crc(mp); 2308 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic[idx])) 2309 return false; 2310 return dmagic == bp->b_ops->magic[idx]; 2311 } 2312 /* 2313 * Verify an on-disk magic value against the magic value specified in the 2314 * verifier structure. The verifier magic is in disk byte order so the caller is 2315 * expected to pass the value directly from disk. 2316 */ 2317 bool 2318 xfs_verify_magic16( 2319 struct xfs_buf *bp, 2320 __be16 dmagic) 2321 { 2322 struct xfs_mount *mp = bp->b_mount; 2323 int idx; 2324 2325 idx = xfs_has_crc(mp); 2326 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic16[idx])) 2327 return false; 2328 return dmagic == bp->b_ops->magic16[idx]; 2329 } 2330