xref: /openbmc/linux/fs/xfs/xfs_buf_item.c (revision 76ce0265)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4  * All Rights Reserved.
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_mount.h"
14 #include "xfs_trans.h"
15 #include "xfs_buf_item.h"
16 #include "xfs_trans_priv.h"
17 #include "xfs_trace.h"
18 #include "xfs_log.h"
19 
20 
21 kmem_zone_t	*xfs_buf_item_zone;
22 
23 static inline struct xfs_buf_log_item *BUF_ITEM(struct xfs_log_item *lip)
24 {
25 	return container_of(lip, struct xfs_buf_log_item, bli_item);
26 }
27 
28 STATIC void	xfs_buf_do_callbacks(struct xfs_buf *bp);
29 
30 /* Is this log iovec plausibly large enough to contain the buffer log format? */
31 bool
32 xfs_buf_log_check_iovec(
33 	struct xfs_log_iovec		*iovec)
34 {
35 	struct xfs_buf_log_format	*blfp = iovec->i_addr;
36 	char				*bmp_end;
37 	char				*item_end;
38 
39 	if (offsetof(struct xfs_buf_log_format, blf_data_map) > iovec->i_len)
40 		return false;
41 
42 	item_end = (char *)iovec->i_addr + iovec->i_len;
43 	bmp_end = (char *)&blfp->blf_data_map[blfp->blf_map_size];
44 	return bmp_end <= item_end;
45 }
46 
47 static inline int
48 xfs_buf_log_format_size(
49 	struct xfs_buf_log_format *blfp)
50 {
51 	return offsetof(struct xfs_buf_log_format, blf_data_map) +
52 			(blfp->blf_map_size * sizeof(blfp->blf_data_map[0]));
53 }
54 
55 /*
56  * This returns the number of log iovecs needed to log the
57  * given buf log item.
58  *
59  * It calculates this as 1 iovec for the buf log format structure
60  * and 1 for each stretch of non-contiguous chunks to be logged.
61  * Contiguous chunks are logged in a single iovec.
62  *
63  * If the XFS_BLI_STALE flag has been set, then log nothing.
64  */
65 STATIC void
66 xfs_buf_item_size_segment(
67 	struct xfs_buf_log_item		*bip,
68 	struct xfs_buf_log_format	*blfp,
69 	int				*nvecs,
70 	int				*nbytes)
71 {
72 	struct xfs_buf			*bp = bip->bli_buf;
73 	int				next_bit;
74 	int				last_bit;
75 
76 	last_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size, 0);
77 	if (last_bit == -1)
78 		return;
79 
80 	/*
81 	 * initial count for a dirty buffer is 2 vectors - the format structure
82 	 * and the first dirty region.
83 	 */
84 	*nvecs += 2;
85 	*nbytes += xfs_buf_log_format_size(blfp) + XFS_BLF_CHUNK;
86 
87 	while (last_bit != -1) {
88 		/*
89 		 * This takes the bit number to start looking from and
90 		 * returns the next set bit from there.  It returns -1
91 		 * if there are no more bits set or the start bit is
92 		 * beyond the end of the bitmap.
93 		 */
94 		next_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size,
95 					last_bit + 1);
96 		/*
97 		 * If we run out of bits, leave the loop,
98 		 * else if we find a new set of bits bump the number of vecs,
99 		 * else keep scanning the current set of bits.
100 		 */
101 		if (next_bit == -1) {
102 			break;
103 		} else if (next_bit != last_bit + 1) {
104 			last_bit = next_bit;
105 			(*nvecs)++;
106 		} else if (xfs_buf_offset(bp, next_bit * XFS_BLF_CHUNK) !=
107 			   (xfs_buf_offset(bp, last_bit * XFS_BLF_CHUNK) +
108 			    XFS_BLF_CHUNK)) {
109 			last_bit = next_bit;
110 			(*nvecs)++;
111 		} else {
112 			last_bit++;
113 		}
114 		*nbytes += XFS_BLF_CHUNK;
115 	}
116 }
117 
118 /*
119  * This returns the number of log iovecs needed to log the given buf log item.
120  *
121  * It calculates this as 1 iovec for the buf log format structure and 1 for each
122  * stretch of non-contiguous chunks to be logged.  Contiguous chunks are logged
123  * in a single iovec.
124  *
125  * Discontiguous buffers need a format structure per region that that is being
126  * logged. This makes the changes in the buffer appear to log recovery as though
127  * they came from separate buffers, just like would occur if multiple buffers
128  * were used instead of a single discontiguous buffer. This enables
129  * discontiguous buffers to be in-memory constructs, completely transparent to
130  * what ends up on disk.
131  *
132  * If the XFS_BLI_STALE flag has been set, then log nothing but the buf log
133  * format structures.
134  */
135 STATIC void
136 xfs_buf_item_size(
137 	struct xfs_log_item	*lip,
138 	int			*nvecs,
139 	int			*nbytes)
140 {
141 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
142 	int			i;
143 
144 	ASSERT(atomic_read(&bip->bli_refcount) > 0);
145 	if (bip->bli_flags & XFS_BLI_STALE) {
146 		/*
147 		 * The buffer is stale, so all we need to log
148 		 * is the buf log format structure with the
149 		 * cancel flag in it.
150 		 */
151 		trace_xfs_buf_item_size_stale(bip);
152 		ASSERT(bip->__bli_format.blf_flags & XFS_BLF_CANCEL);
153 		*nvecs += bip->bli_format_count;
154 		for (i = 0; i < bip->bli_format_count; i++) {
155 			*nbytes += xfs_buf_log_format_size(&bip->bli_formats[i]);
156 		}
157 		return;
158 	}
159 
160 	ASSERT(bip->bli_flags & XFS_BLI_LOGGED);
161 
162 	if (bip->bli_flags & XFS_BLI_ORDERED) {
163 		/*
164 		 * The buffer has been logged just to order it.
165 		 * It is not being included in the transaction
166 		 * commit, so no vectors are used at all.
167 		 */
168 		trace_xfs_buf_item_size_ordered(bip);
169 		*nvecs = XFS_LOG_VEC_ORDERED;
170 		return;
171 	}
172 
173 	/*
174 	 * the vector count is based on the number of buffer vectors we have
175 	 * dirty bits in. This will only be greater than one when we have a
176 	 * compound buffer with more than one segment dirty. Hence for compound
177 	 * buffers we need to track which segment the dirty bits correspond to,
178 	 * and when we move from one segment to the next increment the vector
179 	 * count for the extra buf log format structure that will need to be
180 	 * written.
181 	 */
182 	for (i = 0; i < bip->bli_format_count; i++) {
183 		xfs_buf_item_size_segment(bip, &bip->bli_formats[i],
184 					  nvecs, nbytes);
185 	}
186 	trace_xfs_buf_item_size(bip);
187 }
188 
189 static inline void
190 xfs_buf_item_copy_iovec(
191 	struct xfs_log_vec	*lv,
192 	struct xfs_log_iovec	**vecp,
193 	struct xfs_buf		*bp,
194 	uint			offset,
195 	int			first_bit,
196 	uint			nbits)
197 {
198 	offset += first_bit * XFS_BLF_CHUNK;
199 	xlog_copy_iovec(lv, vecp, XLOG_REG_TYPE_BCHUNK,
200 			xfs_buf_offset(bp, offset),
201 			nbits * XFS_BLF_CHUNK);
202 }
203 
204 static inline bool
205 xfs_buf_item_straddle(
206 	struct xfs_buf		*bp,
207 	uint			offset,
208 	int			next_bit,
209 	int			last_bit)
210 {
211 	return xfs_buf_offset(bp, offset + (next_bit << XFS_BLF_SHIFT)) !=
212 		(xfs_buf_offset(bp, offset + (last_bit << XFS_BLF_SHIFT)) +
213 		 XFS_BLF_CHUNK);
214 }
215 
216 static void
217 xfs_buf_item_format_segment(
218 	struct xfs_buf_log_item	*bip,
219 	struct xfs_log_vec	*lv,
220 	struct xfs_log_iovec	**vecp,
221 	uint			offset,
222 	struct xfs_buf_log_format *blfp)
223 {
224 	struct xfs_buf		*bp = bip->bli_buf;
225 	uint			base_size;
226 	int			first_bit;
227 	int			last_bit;
228 	int			next_bit;
229 	uint			nbits;
230 
231 	/* copy the flags across from the base format item */
232 	blfp->blf_flags = bip->__bli_format.blf_flags;
233 
234 	/*
235 	 * Base size is the actual size of the ondisk structure - it reflects
236 	 * the actual size of the dirty bitmap rather than the size of the in
237 	 * memory structure.
238 	 */
239 	base_size = xfs_buf_log_format_size(blfp);
240 
241 	first_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size, 0);
242 	if (!(bip->bli_flags & XFS_BLI_STALE) && first_bit == -1) {
243 		/*
244 		 * If the map is not be dirty in the transaction, mark
245 		 * the size as zero and do not advance the vector pointer.
246 		 */
247 		return;
248 	}
249 
250 	blfp = xlog_copy_iovec(lv, vecp, XLOG_REG_TYPE_BFORMAT, blfp, base_size);
251 	blfp->blf_size = 1;
252 
253 	if (bip->bli_flags & XFS_BLI_STALE) {
254 		/*
255 		 * The buffer is stale, so all we need to log
256 		 * is the buf log format structure with the
257 		 * cancel flag in it.
258 		 */
259 		trace_xfs_buf_item_format_stale(bip);
260 		ASSERT(blfp->blf_flags & XFS_BLF_CANCEL);
261 		return;
262 	}
263 
264 
265 	/*
266 	 * Fill in an iovec for each set of contiguous chunks.
267 	 */
268 	last_bit = first_bit;
269 	nbits = 1;
270 	for (;;) {
271 		/*
272 		 * This takes the bit number to start looking from and
273 		 * returns the next set bit from there.  It returns -1
274 		 * if there are no more bits set or the start bit is
275 		 * beyond the end of the bitmap.
276 		 */
277 		next_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size,
278 					(uint)last_bit + 1);
279 		/*
280 		 * If we run out of bits fill in the last iovec and get out of
281 		 * the loop.  Else if we start a new set of bits then fill in
282 		 * the iovec for the series we were looking at and start
283 		 * counting the bits in the new one.  Else we're still in the
284 		 * same set of bits so just keep counting and scanning.
285 		 */
286 		if (next_bit == -1) {
287 			xfs_buf_item_copy_iovec(lv, vecp, bp, offset,
288 						first_bit, nbits);
289 			blfp->blf_size++;
290 			break;
291 		} else if (next_bit != last_bit + 1 ||
292 		           xfs_buf_item_straddle(bp, offset, next_bit, last_bit)) {
293 			xfs_buf_item_copy_iovec(lv, vecp, bp, offset,
294 						first_bit, nbits);
295 			blfp->blf_size++;
296 			first_bit = next_bit;
297 			last_bit = next_bit;
298 			nbits = 1;
299 		} else {
300 			last_bit++;
301 			nbits++;
302 		}
303 	}
304 }
305 
306 /*
307  * This is called to fill in the vector of log iovecs for the
308  * given log buf item.  It fills the first entry with a buf log
309  * format structure, and the rest point to contiguous chunks
310  * within the buffer.
311  */
312 STATIC void
313 xfs_buf_item_format(
314 	struct xfs_log_item	*lip,
315 	struct xfs_log_vec	*lv)
316 {
317 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
318 	struct xfs_buf		*bp = bip->bli_buf;
319 	struct xfs_log_iovec	*vecp = NULL;
320 	uint			offset = 0;
321 	int			i;
322 
323 	ASSERT(atomic_read(&bip->bli_refcount) > 0);
324 	ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
325 	       (bip->bli_flags & XFS_BLI_STALE));
326 	ASSERT((bip->bli_flags & XFS_BLI_STALE) ||
327 	       (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF
328 	        && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF));
329 	ASSERT(!(bip->bli_flags & XFS_BLI_ORDERED) ||
330 	       (bip->bli_flags & XFS_BLI_STALE));
331 
332 
333 	/*
334 	 * If it is an inode buffer, transfer the in-memory state to the
335 	 * format flags and clear the in-memory state.
336 	 *
337 	 * For buffer based inode allocation, we do not transfer
338 	 * this state if the inode buffer allocation has not yet been committed
339 	 * to the log as setting the XFS_BLI_INODE_BUF flag will prevent
340 	 * correct replay of the inode allocation.
341 	 *
342 	 * For icreate item based inode allocation, the buffers aren't written
343 	 * to the journal during allocation, and hence we should always tag the
344 	 * buffer as an inode buffer so that the correct unlinked list replay
345 	 * occurs during recovery.
346 	 */
347 	if (bip->bli_flags & XFS_BLI_INODE_BUF) {
348 		if (xfs_sb_version_hascrc(&lip->li_mountp->m_sb) ||
349 		    !((bip->bli_flags & XFS_BLI_INODE_ALLOC_BUF) &&
350 		      xfs_log_item_in_current_chkpt(lip)))
351 			bip->__bli_format.blf_flags |= XFS_BLF_INODE_BUF;
352 		bip->bli_flags &= ~XFS_BLI_INODE_BUF;
353 	}
354 
355 	for (i = 0; i < bip->bli_format_count; i++) {
356 		xfs_buf_item_format_segment(bip, lv, &vecp, offset,
357 					    &bip->bli_formats[i]);
358 		offset += BBTOB(bp->b_maps[i].bm_len);
359 	}
360 
361 	/*
362 	 * Check to make sure everything is consistent.
363 	 */
364 	trace_xfs_buf_item_format(bip);
365 }
366 
367 /*
368  * This is called to pin the buffer associated with the buf log item in memory
369  * so it cannot be written out.
370  *
371  * We also always take a reference to the buffer log item here so that the bli
372  * is held while the item is pinned in memory. This means that we can
373  * unconditionally drop the reference count a transaction holds when the
374  * transaction is completed.
375  */
376 STATIC void
377 xfs_buf_item_pin(
378 	struct xfs_log_item	*lip)
379 {
380 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
381 
382 	ASSERT(atomic_read(&bip->bli_refcount) > 0);
383 	ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
384 	       (bip->bli_flags & XFS_BLI_ORDERED) ||
385 	       (bip->bli_flags & XFS_BLI_STALE));
386 
387 	trace_xfs_buf_item_pin(bip);
388 
389 	atomic_inc(&bip->bli_refcount);
390 	atomic_inc(&bip->bli_buf->b_pin_count);
391 }
392 
393 /*
394  * This is called to unpin the buffer associated with the buf log
395  * item which was previously pinned with a call to xfs_buf_item_pin().
396  *
397  * Also drop the reference to the buf item for the current transaction.
398  * If the XFS_BLI_STALE flag is set and we are the last reference,
399  * then free up the buf log item and unlock the buffer.
400  *
401  * If the remove flag is set we are called from uncommit in the
402  * forced-shutdown path.  If that is true and the reference count on
403  * the log item is going to drop to zero we need to free the item's
404  * descriptor in the transaction.
405  */
406 STATIC void
407 xfs_buf_item_unpin(
408 	struct xfs_log_item	*lip,
409 	int			remove)
410 {
411 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
412 	xfs_buf_t		*bp = bip->bli_buf;
413 	struct xfs_ail		*ailp = lip->li_ailp;
414 	int			stale = bip->bli_flags & XFS_BLI_STALE;
415 	int			freed;
416 
417 	ASSERT(bp->b_log_item == bip);
418 	ASSERT(atomic_read(&bip->bli_refcount) > 0);
419 
420 	trace_xfs_buf_item_unpin(bip);
421 
422 	freed = atomic_dec_and_test(&bip->bli_refcount);
423 
424 	if (atomic_dec_and_test(&bp->b_pin_count))
425 		wake_up_all(&bp->b_waiters);
426 
427 	if (freed && stale) {
428 		ASSERT(bip->bli_flags & XFS_BLI_STALE);
429 		ASSERT(xfs_buf_islocked(bp));
430 		ASSERT(bp->b_flags & XBF_STALE);
431 		ASSERT(bip->__bli_format.blf_flags & XFS_BLF_CANCEL);
432 
433 		trace_xfs_buf_item_unpin_stale(bip);
434 
435 		if (remove) {
436 			/*
437 			 * If we are in a transaction context, we have to
438 			 * remove the log item from the transaction as we are
439 			 * about to release our reference to the buffer.  If we
440 			 * don't, the unlock that occurs later in
441 			 * xfs_trans_uncommit() will try to reference the
442 			 * buffer which we no longer have a hold on.
443 			 */
444 			if (!list_empty(&lip->li_trans))
445 				xfs_trans_del_item(lip);
446 
447 			/*
448 			 * Since the transaction no longer refers to the buffer,
449 			 * the buffer should no longer refer to the transaction.
450 			 */
451 			bp->b_transp = NULL;
452 		}
453 
454 		/*
455 		 * If we get called here because of an IO error, we may
456 		 * or may not have the item on the AIL. xfs_trans_ail_delete()
457 		 * will take care of that situation.
458 		 * xfs_trans_ail_delete() drops the AIL lock.
459 		 */
460 		if (bip->bli_flags & XFS_BLI_STALE_INODE) {
461 			xfs_buf_do_callbacks(bp);
462 			bp->b_log_item = NULL;
463 			list_del_init(&bp->b_li_list);
464 			bp->b_iodone = NULL;
465 		} else {
466 			spin_lock(&ailp->ail_lock);
467 			xfs_trans_ail_delete(ailp, lip, SHUTDOWN_LOG_IO_ERROR);
468 			xfs_buf_item_relse(bp);
469 			ASSERT(bp->b_log_item == NULL);
470 		}
471 		xfs_buf_relse(bp);
472 	} else if (freed && remove) {
473 		/*
474 		 * There are currently two references to the buffer - the active
475 		 * LRU reference and the buf log item. What we are about to do
476 		 * here - simulate a failed IO completion - requires 3
477 		 * references.
478 		 *
479 		 * The LRU reference is removed by the xfs_buf_stale() call. The
480 		 * buf item reference is removed by the xfs_buf_iodone()
481 		 * callback that is run by xfs_buf_do_callbacks() during ioend
482 		 * processing (via the bp->b_iodone callback), and then finally
483 		 * the ioend processing will drop the IO reference if the buffer
484 		 * is marked XBF_ASYNC.
485 		 *
486 		 * Hence we need to take an additional reference here so that IO
487 		 * completion processing doesn't free the buffer prematurely.
488 		 */
489 		xfs_buf_lock(bp);
490 		xfs_buf_hold(bp);
491 		bp->b_flags |= XBF_ASYNC;
492 		xfs_buf_ioerror(bp, -EIO);
493 		bp->b_flags &= ~XBF_DONE;
494 		xfs_buf_stale(bp);
495 		xfs_buf_ioend(bp);
496 	}
497 }
498 
499 /*
500  * Buffer IO error rate limiting. Limit it to no more than 10 messages per 30
501  * seconds so as to not spam logs too much on repeated detection of the same
502  * buffer being bad..
503  */
504 
505 static DEFINE_RATELIMIT_STATE(xfs_buf_write_fail_rl_state, 30 * HZ, 10);
506 
507 STATIC uint
508 xfs_buf_item_push(
509 	struct xfs_log_item	*lip,
510 	struct list_head	*buffer_list)
511 {
512 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
513 	struct xfs_buf		*bp = bip->bli_buf;
514 	uint			rval = XFS_ITEM_SUCCESS;
515 
516 	if (xfs_buf_ispinned(bp))
517 		return XFS_ITEM_PINNED;
518 	if (!xfs_buf_trylock(bp)) {
519 		/*
520 		 * If we have just raced with a buffer being pinned and it has
521 		 * been marked stale, we could end up stalling until someone else
522 		 * issues a log force to unpin the stale buffer. Check for the
523 		 * race condition here so xfsaild recognizes the buffer is pinned
524 		 * and queues a log force to move it along.
525 		 */
526 		if (xfs_buf_ispinned(bp))
527 			return XFS_ITEM_PINNED;
528 		return XFS_ITEM_LOCKED;
529 	}
530 
531 	ASSERT(!(bip->bli_flags & XFS_BLI_STALE));
532 
533 	trace_xfs_buf_item_push(bip);
534 
535 	/* has a previous flush failed due to IO errors? */
536 	if ((bp->b_flags & XBF_WRITE_FAIL) &&
537 	    ___ratelimit(&xfs_buf_write_fail_rl_state, "XFS: Failing async write")) {
538 		xfs_warn(bp->b_mount,
539 "Failing async write on buffer block 0x%llx. Retrying async write.",
540 			 (long long)bp->b_bn);
541 	}
542 
543 	if (!xfs_buf_delwri_queue(bp, buffer_list))
544 		rval = XFS_ITEM_FLUSHING;
545 	xfs_buf_unlock(bp);
546 	return rval;
547 }
548 
549 /*
550  * Drop the buffer log item refcount and take appropriate action. This helper
551  * determines whether the bli must be freed or not, since a decrement to zero
552  * does not necessarily mean the bli is unused.
553  *
554  * Return true if the bli is freed, false otherwise.
555  */
556 bool
557 xfs_buf_item_put(
558 	struct xfs_buf_log_item	*bip)
559 {
560 	struct xfs_log_item	*lip = &bip->bli_item;
561 	bool			aborted;
562 	bool			dirty;
563 
564 	/* drop the bli ref and return if it wasn't the last one */
565 	if (!atomic_dec_and_test(&bip->bli_refcount))
566 		return false;
567 
568 	/*
569 	 * We dropped the last ref and must free the item if clean or aborted.
570 	 * If the bli is dirty and non-aborted, the buffer was clean in the
571 	 * transaction but still awaiting writeback from previous changes. In
572 	 * that case, the bli is freed on buffer writeback completion.
573 	 */
574 	aborted = test_bit(XFS_LI_ABORTED, &lip->li_flags) ||
575 		  XFS_FORCED_SHUTDOWN(lip->li_mountp);
576 	dirty = bip->bli_flags & XFS_BLI_DIRTY;
577 	if (dirty && !aborted)
578 		return false;
579 
580 	/*
581 	 * The bli is aborted or clean. An aborted item may be in the AIL
582 	 * regardless of dirty state.  For example, consider an aborted
583 	 * transaction that invalidated a dirty bli and cleared the dirty
584 	 * state.
585 	 */
586 	if (aborted)
587 		xfs_trans_ail_remove(lip, SHUTDOWN_LOG_IO_ERROR);
588 	xfs_buf_item_relse(bip->bli_buf);
589 	return true;
590 }
591 
592 /*
593  * Release the buffer associated with the buf log item.  If there is no dirty
594  * logged data associated with the buffer recorded in the buf log item, then
595  * free the buf log item and remove the reference to it in the buffer.
596  *
597  * This call ignores the recursion count.  It is only called when the buffer
598  * should REALLY be unlocked, regardless of the recursion count.
599  *
600  * We unconditionally drop the transaction's reference to the log item. If the
601  * item was logged, then another reference was taken when it was pinned, so we
602  * can safely drop the transaction reference now.  This also allows us to avoid
603  * potential races with the unpin code freeing the bli by not referencing the
604  * bli after we've dropped the reference count.
605  *
606  * If the XFS_BLI_HOLD flag is set in the buf log item, then free the log item
607  * if necessary but do not unlock the buffer.  This is for support of
608  * xfs_trans_bhold(). Make sure the XFS_BLI_HOLD field is cleared if we don't
609  * free the item.
610  */
611 STATIC void
612 xfs_buf_item_release(
613 	struct xfs_log_item	*lip)
614 {
615 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
616 	struct xfs_buf		*bp = bip->bli_buf;
617 	bool			released;
618 	bool			hold = bip->bli_flags & XFS_BLI_HOLD;
619 	bool			stale = bip->bli_flags & XFS_BLI_STALE;
620 #if defined(DEBUG) || defined(XFS_WARN)
621 	bool			ordered = bip->bli_flags & XFS_BLI_ORDERED;
622 	bool			dirty = bip->bli_flags & XFS_BLI_DIRTY;
623 	bool			aborted = test_bit(XFS_LI_ABORTED,
624 						   &lip->li_flags);
625 #endif
626 
627 	trace_xfs_buf_item_release(bip);
628 
629 	/*
630 	 * The bli dirty state should match whether the blf has logged segments
631 	 * except for ordered buffers, where only the bli should be dirty.
632 	 */
633 	ASSERT((!ordered && dirty == xfs_buf_item_dirty_format(bip)) ||
634 	       (ordered && dirty && !xfs_buf_item_dirty_format(bip)));
635 	ASSERT(!stale || (bip->__bli_format.blf_flags & XFS_BLF_CANCEL));
636 
637 	/*
638 	 * Clear the buffer's association with this transaction and
639 	 * per-transaction state from the bli, which has been copied above.
640 	 */
641 	bp->b_transp = NULL;
642 	bip->bli_flags &= ~(XFS_BLI_LOGGED | XFS_BLI_HOLD | XFS_BLI_ORDERED);
643 
644 	/*
645 	 * Unref the item and unlock the buffer unless held or stale. Stale
646 	 * buffers remain locked until final unpin unless the bli is freed by
647 	 * the unref call. The latter implies shutdown because buffer
648 	 * invalidation dirties the bli and transaction.
649 	 */
650 	released = xfs_buf_item_put(bip);
651 	if (hold || (stale && !released))
652 		return;
653 	ASSERT(!stale || aborted);
654 	xfs_buf_relse(bp);
655 }
656 
657 STATIC void
658 xfs_buf_item_committing(
659 	struct xfs_log_item	*lip,
660 	xfs_lsn_t		commit_lsn)
661 {
662 	return xfs_buf_item_release(lip);
663 }
664 
665 /*
666  * This is called to find out where the oldest active copy of the
667  * buf log item in the on disk log resides now that the last log
668  * write of it completed at the given lsn.
669  * We always re-log all the dirty data in a buffer, so usually the
670  * latest copy in the on disk log is the only one that matters.  For
671  * those cases we simply return the given lsn.
672  *
673  * The one exception to this is for buffers full of newly allocated
674  * inodes.  These buffers are only relogged with the XFS_BLI_INODE_BUF
675  * flag set, indicating that only the di_next_unlinked fields from the
676  * inodes in the buffers will be replayed during recovery.  If the
677  * original newly allocated inode images have not yet been flushed
678  * when the buffer is so relogged, then we need to make sure that we
679  * keep the old images in the 'active' portion of the log.  We do this
680  * by returning the original lsn of that transaction here rather than
681  * the current one.
682  */
683 STATIC xfs_lsn_t
684 xfs_buf_item_committed(
685 	struct xfs_log_item	*lip,
686 	xfs_lsn_t		lsn)
687 {
688 	struct xfs_buf_log_item	*bip = BUF_ITEM(lip);
689 
690 	trace_xfs_buf_item_committed(bip);
691 
692 	if ((bip->bli_flags & XFS_BLI_INODE_ALLOC_BUF) && lip->li_lsn != 0)
693 		return lip->li_lsn;
694 	return lsn;
695 }
696 
697 static const struct xfs_item_ops xfs_buf_item_ops = {
698 	.iop_size	= xfs_buf_item_size,
699 	.iop_format	= xfs_buf_item_format,
700 	.iop_pin	= xfs_buf_item_pin,
701 	.iop_unpin	= xfs_buf_item_unpin,
702 	.iop_release	= xfs_buf_item_release,
703 	.iop_committing	= xfs_buf_item_committing,
704 	.iop_committed	= xfs_buf_item_committed,
705 	.iop_push	= xfs_buf_item_push,
706 };
707 
708 STATIC void
709 xfs_buf_item_get_format(
710 	struct xfs_buf_log_item	*bip,
711 	int			count)
712 {
713 	ASSERT(bip->bli_formats == NULL);
714 	bip->bli_format_count = count;
715 
716 	if (count == 1) {
717 		bip->bli_formats = &bip->__bli_format;
718 		return;
719 	}
720 
721 	bip->bli_formats = kmem_zalloc(count * sizeof(struct xfs_buf_log_format),
722 				0);
723 }
724 
725 STATIC void
726 xfs_buf_item_free_format(
727 	struct xfs_buf_log_item	*bip)
728 {
729 	if (bip->bli_formats != &bip->__bli_format) {
730 		kmem_free(bip->bli_formats);
731 		bip->bli_formats = NULL;
732 	}
733 }
734 
735 /*
736  * Allocate a new buf log item to go with the given buffer.
737  * Set the buffer's b_log_item field to point to the new
738  * buf log item.
739  */
740 int
741 xfs_buf_item_init(
742 	struct xfs_buf	*bp,
743 	struct xfs_mount *mp)
744 {
745 	struct xfs_buf_log_item	*bip = bp->b_log_item;
746 	int			chunks;
747 	int			map_size;
748 	int			i;
749 
750 	/*
751 	 * Check to see if there is already a buf log item for
752 	 * this buffer. If we do already have one, there is
753 	 * nothing to do here so return.
754 	 */
755 	ASSERT(bp->b_mount == mp);
756 	if (bip) {
757 		ASSERT(bip->bli_item.li_type == XFS_LI_BUF);
758 		ASSERT(!bp->b_transp);
759 		ASSERT(bip->bli_buf == bp);
760 		return 0;
761 	}
762 
763 	bip = kmem_zone_zalloc(xfs_buf_item_zone, 0);
764 	xfs_log_item_init(mp, &bip->bli_item, XFS_LI_BUF, &xfs_buf_item_ops);
765 	bip->bli_buf = bp;
766 
767 	/*
768 	 * chunks is the number of XFS_BLF_CHUNK size pieces the buffer
769 	 * can be divided into. Make sure not to truncate any pieces.
770 	 * map_size is the size of the bitmap needed to describe the
771 	 * chunks of the buffer.
772 	 *
773 	 * Discontiguous buffer support follows the layout of the underlying
774 	 * buffer. This makes the implementation as simple as possible.
775 	 */
776 	xfs_buf_item_get_format(bip, bp->b_map_count);
777 
778 	for (i = 0; i < bip->bli_format_count; i++) {
779 		chunks = DIV_ROUND_UP(BBTOB(bp->b_maps[i].bm_len),
780 				      XFS_BLF_CHUNK);
781 		map_size = DIV_ROUND_UP(chunks, NBWORD);
782 
783 		if (map_size > XFS_BLF_DATAMAP_SIZE) {
784 			kmem_cache_free(xfs_buf_item_zone, bip);
785 			xfs_err(mp,
786 	"buffer item dirty bitmap (%u uints) too small to reflect %u bytes!",
787 					map_size,
788 					BBTOB(bp->b_maps[i].bm_len));
789 			return -EFSCORRUPTED;
790 		}
791 
792 		bip->bli_formats[i].blf_type = XFS_LI_BUF;
793 		bip->bli_formats[i].blf_blkno = bp->b_maps[i].bm_bn;
794 		bip->bli_formats[i].blf_len = bp->b_maps[i].bm_len;
795 		bip->bli_formats[i].blf_map_size = map_size;
796 	}
797 
798 	bp->b_log_item = bip;
799 	xfs_buf_hold(bp);
800 	return 0;
801 }
802 
803 
804 /*
805  * Mark bytes first through last inclusive as dirty in the buf
806  * item's bitmap.
807  */
808 static void
809 xfs_buf_item_log_segment(
810 	uint			first,
811 	uint			last,
812 	uint			*map)
813 {
814 	uint		first_bit;
815 	uint		last_bit;
816 	uint		bits_to_set;
817 	uint		bits_set;
818 	uint		word_num;
819 	uint		*wordp;
820 	uint		bit;
821 	uint		end_bit;
822 	uint		mask;
823 
824 	ASSERT(first < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);
825 	ASSERT(last < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);
826 
827 	/*
828 	 * Convert byte offsets to bit numbers.
829 	 */
830 	first_bit = first >> XFS_BLF_SHIFT;
831 	last_bit = last >> XFS_BLF_SHIFT;
832 
833 	/*
834 	 * Calculate the total number of bits to be set.
835 	 */
836 	bits_to_set = last_bit - first_bit + 1;
837 
838 	/*
839 	 * Get a pointer to the first word in the bitmap
840 	 * to set a bit in.
841 	 */
842 	word_num = first_bit >> BIT_TO_WORD_SHIFT;
843 	wordp = &map[word_num];
844 
845 	/*
846 	 * Calculate the starting bit in the first word.
847 	 */
848 	bit = first_bit & (uint)(NBWORD - 1);
849 
850 	/*
851 	 * First set any bits in the first word of our range.
852 	 * If it starts at bit 0 of the word, it will be
853 	 * set below rather than here.  That is what the variable
854 	 * bit tells us. The variable bits_set tracks the number
855 	 * of bits that have been set so far.  End_bit is the number
856 	 * of the last bit to be set in this word plus one.
857 	 */
858 	if (bit) {
859 		end_bit = min(bit + bits_to_set, (uint)NBWORD);
860 		mask = ((1U << (end_bit - bit)) - 1) << bit;
861 		*wordp |= mask;
862 		wordp++;
863 		bits_set = end_bit - bit;
864 	} else {
865 		bits_set = 0;
866 	}
867 
868 	/*
869 	 * Now set bits a whole word at a time that are between
870 	 * first_bit and last_bit.
871 	 */
872 	while ((bits_to_set - bits_set) >= NBWORD) {
873 		*wordp = 0xffffffff;
874 		bits_set += NBWORD;
875 		wordp++;
876 	}
877 
878 	/*
879 	 * Finally, set any bits left to be set in one last partial word.
880 	 */
881 	end_bit = bits_to_set - bits_set;
882 	if (end_bit) {
883 		mask = (1U << end_bit) - 1;
884 		*wordp |= mask;
885 	}
886 }
887 
888 /*
889  * Mark bytes first through last inclusive as dirty in the buf
890  * item's bitmap.
891  */
892 void
893 xfs_buf_item_log(
894 	struct xfs_buf_log_item	*bip,
895 	uint			first,
896 	uint			last)
897 {
898 	int			i;
899 	uint			start;
900 	uint			end;
901 	struct xfs_buf		*bp = bip->bli_buf;
902 
903 	/*
904 	 * walk each buffer segment and mark them dirty appropriately.
905 	 */
906 	start = 0;
907 	for (i = 0; i < bip->bli_format_count; i++) {
908 		if (start > last)
909 			break;
910 		end = start + BBTOB(bp->b_maps[i].bm_len) - 1;
911 
912 		/* skip to the map that includes the first byte to log */
913 		if (first > end) {
914 			start += BBTOB(bp->b_maps[i].bm_len);
915 			continue;
916 		}
917 
918 		/*
919 		 * Trim the range to this segment and mark it in the bitmap.
920 		 * Note that we must convert buffer offsets to segment relative
921 		 * offsets (e.g., the first byte of each segment is byte 0 of
922 		 * that segment).
923 		 */
924 		if (first < start)
925 			first = start;
926 		if (end > last)
927 			end = last;
928 		xfs_buf_item_log_segment(first - start, end - start,
929 					 &bip->bli_formats[i].blf_data_map[0]);
930 
931 		start += BBTOB(bp->b_maps[i].bm_len);
932 	}
933 }
934 
935 
936 /*
937  * Return true if the buffer has any ranges logged/dirtied by a transaction,
938  * false otherwise.
939  */
940 bool
941 xfs_buf_item_dirty_format(
942 	struct xfs_buf_log_item	*bip)
943 {
944 	int			i;
945 
946 	for (i = 0; i < bip->bli_format_count; i++) {
947 		if (!xfs_bitmap_empty(bip->bli_formats[i].blf_data_map,
948 			     bip->bli_formats[i].blf_map_size))
949 			return true;
950 	}
951 
952 	return false;
953 }
954 
955 STATIC void
956 xfs_buf_item_free(
957 	struct xfs_buf_log_item	*bip)
958 {
959 	xfs_buf_item_free_format(bip);
960 	kmem_free(bip->bli_item.li_lv_shadow);
961 	kmem_cache_free(xfs_buf_item_zone, bip);
962 }
963 
964 /*
965  * This is called when the buf log item is no longer needed.  It should
966  * free the buf log item associated with the given buffer and clear
967  * the buffer's pointer to the buf log item.  If there are no more
968  * items in the list, clear the b_iodone field of the buffer (see
969  * xfs_buf_attach_iodone() below).
970  */
971 void
972 xfs_buf_item_relse(
973 	xfs_buf_t	*bp)
974 {
975 	struct xfs_buf_log_item	*bip = bp->b_log_item;
976 
977 	trace_xfs_buf_item_relse(bp, _RET_IP_);
978 	ASSERT(!test_bit(XFS_LI_IN_AIL, &bip->bli_item.li_flags));
979 
980 	bp->b_log_item = NULL;
981 	if (list_empty(&bp->b_li_list))
982 		bp->b_iodone = NULL;
983 
984 	xfs_buf_rele(bp);
985 	xfs_buf_item_free(bip);
986 }
987 
988 
989 /*
990  * Add the given log item with its callback to the list of callbacks
991  * to be called when the buffer's I/O completes.  If it is not set
992  * already, set the buffer's b_iodone() routine to be
993  * xfs_buf_iodone_callbacks() and link the log item into the list of
994  * items rooted at b_li_list.
995  */
996 void
997 xfs_buf_attach_iodone(
998 	struct xfs_buf		*bp,
999 	void			(*cb)(struct xfs_buf *, struct xfs_log_item *),
1000 	struct xfs_log_item	*lip)
1001 {
1002 	ASSERT(xfs_buf_islocked(bp));
1003 
1004 	lip->li_cb = cb;
1005 	list_add_tail(&lip->li_bio_list, &bp->b_li_list);
1006 
1007 	ASSERT(bp->b_iodone == NULL ||
1008 	       bp->b_iodone == xfs_buf_iodone_callbacks);
1009 	bp->b_iodone = xfs_buf_iodone_callbacks;
1010 }
1011 
1012 /*
1013  * We can have many callbacks on a buffer. Running the callbacks individually
1014  * can cause a lot of contention on the AIL lock, so we allow for a single
1015  * callback to be able to scan the remaining items in bp->b_li_list for other
1016  * items of the same type and callback to be processed in the first call.
1017  *
1018  * As a result, the loop walking the callback list below will also modify the
1019  * list. it removes the first item from the list and then runs the callback.
1020  * The loop then restarts from the new first item int the list. This allows the
1021  * callback to scan and modify the list attached to the buffer and we don't
1022  * have to care about maintaining a next item pointer.
1023  */
1024 STATIC void
1025 xfs_buf_do_callbacks(
1026 	struct xfs_buf		*bp)
1027 {
1028 	struct xfs_buf_log_item *blip = bp->b_log_item;
1029 	struct xfs_log_item	*lip;
1030 
1031 	/* If there is a buf_log_item attached, run its callback */
1032 	if (blip) {
1033 		lip = &blip->bli_item;
1034 		lip->li_cb(bp, lip);
1035 	}
1036 
1037 	while (!list_empty(&bp->b_li_list)) {
1038 		lip = list_first_entry(&bp->b_li_list, struct xfs_log_item,
1039 				       li_bio_list);
1040 
1041 		/*
1042 		 * Remove the item from the list, so we don't have any
1043 		 * confusion if the item is added to another buf.
1044 		 * Don't touch the log item after calling its
1045 		 * callback, because it could have freed itself.
1046 		 */
1047 		list_del_init(&lip->li_bio_list);
1048 		lip->li_cb(bp, lip);
1049 	}
1050 }
1051 
1052 /*
1053  * Invoke the error state callback for each log item affected by the failed I/O.
1054  *
1055  * If a metadata buffer write fails with a non-permanent error, the buffer is
1056  * eventually resubmitted and so the completion callbacks are not run. The error
1057  * state may need to be propagated to the log items attached to the buffer,
1058  * however, so the next AIL push of the item knows hot to handle it correctly.
1059  */
1060 STATIC void
1061 xfs_buf_do_callbacks_fail(
1062 	struct xfs_buf		*bp)
1063 {
1064 	struct xfs_log_item	*lip;
1065 	struct xfs_ail		*ailp;
1066 
1067 	/*
1068 	 * Buffer log item errors are handled directly by xfs_buf_item_push()
1069 	 * and xfs_buf_iodone_callback_error, and they have no IO error
1070 	 * callbacks. Check only for items in b_li_list.
1071 	 */
1072 	if (list_empty(&bp->b_li_list))
1073 		return;
1074 
1075 	lip = list_first_entry(&bp->b_li_list, struct xfs_log_item,
1076 			li_bio_list);
1077 	ailp = lip->li_ailp;
1078 	spin_lock(&ailp->ail_lock);
1079 	list_for_each_entry(lip, &bp->b_li_list, li_bio_list) {
1080 		if (lip->li_ops->iop_error)
1081 			lip->li_ops->iop_error(lip, bp);
1082 	}
1083 	spin_unlock(&ailp->ail_lock);
1084 }
1085 
1086 static bool
1087 xfs_buf_iodone_callback_error(
1088 	struct xfs_buf		*bp)
1089 {
1090 	struct xfs_buf_log_item	*bip = bp->b_log_item;
1091 	struct xfs_log_item	*lip;
1092 	struct xfs_mount	*mp;
1093 	static ulong		lasttime;
1094 	static xfs_buftarg_t	*lasttarg;
1095 	struct xfs_error_cfg	*cfg;
1096 
1097 	/*
1098 	 * The failed buffer might not have a buf_log_item attached or the
1099 	 * log_item list might be empty. Get the mp from the available
1100 	 * xfs_log_item
1101 	 */
1102 	lip = list_first_entry_or_null(&bp->b_li_list, struct xfs_log_item,
1103 				       li_bio_list);
1104 	mp = lip ? lip->li_mountp : bip->bli_item.li_mountp;
1105 
1106 	/*
1107 	 * If we've already decided to shutdown the filesystem because of
1108 	 * I/O errors, there's no point in giving this a retry.
1109 	 */
1110 	if (XFS_FORCED_SHUTDOWN(mp))
1111 		goto out_stale;
1112 
1113 	if (bp->b_target != lasttarg ||
1114 	    time_after(jiffies, (lasttime + 5*HZ))) {
1115 		lasttime = jiffies;
1116 		xfs_buf_ioerror_alert(bp, __this_address);
1117 	}
1118 	lasttarg = bp->b_target;
1119 
1120 	/* synchronous writes will have callers process the error */
1121 	if (!(bp->b_flags & XBF_ASYNC))
1122 		goto out_stale;
1123 
1124 	trace_xfs_buf_item_iodone_async(bp, _RET_IP_);
1125 	ASSERT(bp->b_iodone != NULL);
1126 
1127 	cfg = xfs_error_get_cfg(mp, XFS_ERR_METADATA, bp->b_error);
1128 
1129 	/*
1130 	 * If the write was asynchronous then no one will be looking for the
1131 	 * error.  If this is the first failure of this type, clear the error
1132 	 * state and write the buffer out again. This means we always retry an
1133 	 * async write failure at least once, but we also need to set the buffer
1134 	 * up to behave correctly now for repeated failures.
1135 	 */
1136 	if (!(bp->b_flags & (XBF_STALE | XBF_WRITE_FAIL)) ||
1137 	     bp->b_last_error != bp->b_error) {
1138 		bp->b_flags |= (XBF_WRITE | XBF_DONE | XBF_WRITE_FAIL);
1139 		bp->b_last_error = bp->b_error;
1140 		if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER &&
1141 		    !bp->b_first_retry_time)
1142 			bp->b_first_retry_time = jiffies;
1143 
1144 		xfs_buf_ioerror(bp, 0);
1145 		xfs_buf_submit(bp);
1146 		return true;
1147 	}
1148 
1149 	/*
1150 	 * Repeated failure on an async write. Take action according to the
1151 	 * error configuration we have been set up to use.
1152 	 */
1153 
1154 	if (cfg->max_retries != XFS_ERR_RETRY_FOREVER &&
1155 	    ++bp->b_retries > cfg->max_retries)
1156 			goto permanent_error;
1157 	if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER &&
1158 	    time_after(jiffies, cfg->retry_timeout + bp->b_first_retry_time))
1159 			goto permanent_error;
1160 
1161 	/* At unmount we may treat errors differently */
1162 	if ((mp->m_flags & XFS_MOUNT_UNMOUNTING) && mp->m_fail_unmount)
1163 		goto permanent_error;
1164 
1165 	/*
1166 	 * Still a transient error, run IO completion failure callbacks and let
1167 	 * the higher layers retry the buffer.
1168 	 */
1169 	xfs_buf_do_callbacks_fail(bp);
1170 	xfs_buf_ioerror(bp, 0);
1171 	xfs_buf_relse(bp);
1172 	return true;
1173 
1174 	/*
1175 	 * Permanent error - we need to trigger a shutdown if we haven't already
1176 	 * to indicate that inconsistency will result from this action.
1177 	 */
1178 permanent_error:
1179 	xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR);
1180 out_stale:
1181 	xfs_buf_stale(bp);
1182 	bp->b_flags |= XBF_DONE;
1183 	trace_xfs_buf_error_relse(bp, _RET_IP_);
1184 	return false;
1185 }
1186 
1187 /*
1188  * This is the iodone() function for buffers which have had callbacks attached
1189  * to them by xfs_buf_attach_iodone(). We need to iterate the items on the
1190  * callback list, mark the buffer as having no more callbacks and then push the
1191  * buffer through IO completion processing.
1192  */
1193 void
1194 xfs_buf_iodone_callbacks(
1195 	struct xfs_buf		*bp)
1196 {
1197 	/*
1198 	 * If there is an error, process it. Some errors require us
1199 	 * to run callbacks after failure processing is done so we
1200 	 * detect that and take appropriate action.
1201 	 */
1202 	if (bp->b_error && xfs_buf_iodone_callback_error(bp))
1203 		return;
1204 
1205 	/*
1206 	 * Successful IO or permanent error. Either way, we can clear the
1207 	 * retry state here in preparation for the next error that may occur.
1208 	 */
1209 	bp->b_last_error = 0;
1210 	bp->b_retries = 0;
1211 	bp->b_first_retry_time = 0;
1212 
1213 	xfs_buf_do_callbacks(bp);
1214 	bp->b_log_item = NULL;
1215 	list_del_init(&bp->b_li_list);
1216 	bp->b_iodone = NULL;
1217 	xfs_buf_ioend(bp);
1218 }
1219 
1220 /*
1221  * This is the iodone() function for buffers which have been
1222  * logged.  It is called when they are eventually flushed out.
1223  * It should remove the buf item from the AIL, and free the buf item.
1224  * It is called by xfs_buf_iodone_callbacks() above which will take
1225  * care of cleaning up the buffer itself.
1226  */
1227 void
1228 xfs_buf_iodone(
1229 	struct xfs_buf		*bp,
1230 	struct xfs_log_item	*lip)
1231 {
1232 	struct xfs_ail		*ailp = lip->li_ailp;
1233 
1234 	ASSERT(BUF_ITEM(lip)->bli_buf == bp);
1235 
1236 	xfs_buf_rele(bp);
1237 
1238 	/*
1239 	 * If we are forcibly shutting down, this may well be
1240 	 * off the AIL already. That's because we simulate the
1241 	 * log-committed callbacks to unpin these buffers. Or we may never
1242 	 * have put this item on AIL because of the transaction was
1243 	 * aborted forcibly. xfs_trans_ail_delete() takes care of these.
1244 	 *
1245 	 * Either way, AIL is useless if we're forcing a shutdown.
1246 	 */
1247 	spin_lock(&ailp->ail_lock);
1248 	xfs_trans_ail_delete(ailp, lip, SHUTDOWN_CORRUPT_INCORE);
1249 	xfs_buf_item_free(BUF_ITEM(lip));
1250 }
1251 
1252 /*
1253  * Requeue a failed buffer for writeback.
1254  *
1255  * We clear the log item failed state here as well, but we have to be careful
1256  * about reference counts because the only active reference counts on the buffer
1257  * may be the failed log items. Hence if we clear the log item failed state
1258  * before queuing the buffer for IO we can release all active references to
1259  * the buffer and free it, leading to use after free problems in
1260  * xfs_buf_delwri_queue. It makes no difference to the buffer or log items which
1261  * order we process them in - the buffer is locked, and we own the buffer list
1262  * so nothing on them is going to change while we are performing this action.
1263  *
1264  * Hence we can safely queue the buffer for IO before we clear the failed log
1265  * item state, therefore  always having an active reference to the buffer and
1266  * avoiding the transient zero-reference state that leads to use-after-free.
1267  *
1268  * Return true if the buffer was added to the buffer list, false if it was
1269  * already on the buffer list.
1270  */
1271 bool
1272 xfs_buf_resubmit_failed_buffers(
1273 	struct xfs_buf		*bp,
1274 	struct list_head	*buffer_list)
1275 {
1276 	struct xfs_log_item	*lip;
1277 	bool			ret;
1278 
1279 	ret = xfs_buf_delwri_queue(bp, buffer_list);
1280 
1281 	/*
1282 	 * XFS_LI_FAILED set/clear is protected by ail_lock, caller of this
1283 	 * function already have it acquired
1284 	 */
1285 	list_for_each_entry(lip, &bp->b_li_list, li_bio_list)
1286 		xfs_clear_li_failed(lip);
1287 
1288 	return ret;
1289 }
1290