1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_sb.h" 13 #include "xfs_mount.h" 14 #include "xfs_defer.h" 15 #include "xfs_trans.h" 16 #include "xfs_error.h" 17 #include "xfs_btree.h" 18 #include "xfs_alloc.h" 19 #include "xfs_fsops.h" 20 #include "xfs_trans_space.h" 21 #include "xfs_rtalloc.h" 22 #include "xfs_trace.h" 23 #include "xfs_log.h" 24 #include "xfs_ag.h" 25 #include "xfs_ag_resv.h" 26 27 /* 28 * growfs operations 29 */ 30 static int 31 xfs_growfs_data_private( 32 xfs_mount_t *mp, /* mount point for filesystem */ 33 xfs_growfs_data_t *in) /* growfs data input struct */ 34 { 35 xfs_buf_t *bp; 36 int error; 37 xfs_agnumber_t nagcount; 38 xfs_agnumber_t nagimax = 0; 39 xfs_rfsblock_t nb, nb_mod; 40 xfs_rfsblock_t new; 41 xfs_agnumber_t oagcount; 42 xfs_trans_t *tp; 43 struct aghdr_init_data id = {}; 44 45 nb = in->newblocks; 46 if (nb < mp->m_sb.sb_dblocks) 47 return -EINVAL; 48 if ((error = xfs_sb_validate_fsb_count(&mp->m_sb, nb))) 49 return error; 50 error = xfs_buf_read_uncached(mp->m_ddev_targp, 51 XFS_FSB_TO_BB(mp, nb) - XFS_FSS_TO_BB(mp, 1), 52 XFS_FSS_TO_BB(mp, 1), 0, &bp, NULL); 53 if (error) 54 return error; 55 xfs_buf_relse(bp); 56 57 new = nb; /* use new as a temporary here */ 58 nb_mod = do_div(new, mp->m_sb.sb_agblocks); 59 nagcount = new + (nb_mod != 0); 60 if (nb_mod && nb_mod < XFS_MIN_AG_BLOCKS) { 61 nagcount--; 62 nb = (xfs_rfsblock_t)nagcount * mp->m_sb.sb_agblocks; 63 if (nb < mp->m_sb.sb_dblocks) 64 return -EINVAL; 65 } 66 new = nb - mp->m_sb.sb_dblocks; 67 oagcount = mp->m_sb.sb_agcount; 68 69 /* allocate the new per-ag structures */ 70 if (nagcount > oagcount) { 71 error = xfs_initialize_perag(mp, nagcount, &nagimax); 72 if (error) 73 return error; 74 } 75 76 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growdata, 77 XFS_GROWFS_SPACE_RES(mp), 0, XFS_TRANS_RESERVE, &tp); 78 if (error) 79 return error; 80 81 /* 82 * Write new AG headers to disk. Non-transactional, but need to be 83 * written and completed prior to the growfs transaction being logged. 84 * To do this, we use a delayed write buffer list and wait for 85 * submission and IO completion of the list as a whole. This allows the 86 * IO subsystem to merge all the AG headers in a single AG into a single 87 * IO and hide most of the latency of the IO from us. 88 * 89 * This also means that if we get an error whilst building the buffer 90 * list to write, we can cancel the entire list without having written 91 * anything. 92 */ 93 INIT_LIST_HEAD(&id.buffer_list); 94 for (id.agno = nagcount - 1; 95 id.agno >= oagcount; 96 id.agno--, new -= id.agsize) { 97 98 if (id.agno == nagcount - 1) 99 id.agsize = nb - 100 (id.agno * (xfs_rfsblock_t)mp->m_sb.sb_agblocks); 101 else 102 id.agsize = mp->m_sb.sb_agblocks; 103 104 error = xfs_ag_init_headers(mp, &id); 105 if (error) { 106 xfs_buf_delwri_cancel(&id.buffer_list); 107 goto out_trans_cancel; 108 } 109 } 110 error = xfs_buf_delwri_submit(&id.buffer_list); 111 if (error) 112 goto out_trans_cancel; 113 114 xfs_trans_agblocks_delta(tp, id.nfree); 115 116 /* If there are new blocks in the old last AG, extend it. */ 117 if (new) { 118 error = xfs_ag_extend_space(mp, tp, &id, new); 119 if (error) 120 goto out_trans_cancel; 121 } 122 123 /* 124 * Update changed superblock fields transactionally. These are not 125 * seen by the rest of the world until the transaction commit applies 126 * them atomically to the superblock. 127 */ 128 if (nagcount > oagcount) 129 xfs_trans_mod_sb(tp, XFS_TRANS_SB_AGCOUNT, nagcount - oagcount); 130 if (nb > mp->m_sb.sb_dblocks) 131 xfs_trans_mod_sb(tp, XFS_TRANS_SB_DBLOCKS, 132 nb - mp->m_sb.sb_dblocks); 133 if (id.nfree) 134 xfs_trans_mod_sb(tp, XFS_TRANS_SB_FDBLOCKS, id.nfree); 135 xfs_trans_set_sync(tp); 136 error = xfs_trans_commit(tp); 137 if (error) 138 return error; 139 140 /* New allocation groups fully initialized, so update mount struct */ 141 if (nagimax) 142 mp->m_maxagi = nagimax; 143 xfs_set_low_space_thresholds(mp); 144 mp->m_alloc_set_aside = xfs_alloc_set_aside(mp); 145 146 /* 147 * If we expanded the last AG, free the per-AG reservation 148 * so we can reinitialize it with the new size. 149 */ 150 if (new) { 151 struct xfs_perag *pag; 152 153 pag = xfs_perag_get(mp, id.agno); 154 error = xfs_ag_resv_free(pag); 155 xfs_perag_put(pag); 156 if (error) 157 return error; 158 } 159 160 /* 161 * Reserve AG metadata blocks. ENOSPC here does not mean there was a 162 * growfs failure, just that there still isn't space for new user data 163 * after the grow has been run. 164 */ 165 error = xfs_fs_reserve_ag_blocks(mp); 166 if (error == -ENOSPC) 167 error = 0; 168 return error; 169 170 out_trans_cancel: 171 xfs_trans_cancel(tp); 172 return error; 173 } 174 175 static int 176 xfs_growfs_log_private( 177 xfs_mount_t *mp, /* mount point for filesystem */ 178 xfs_growfs_log_t *in) /* growfs log input struct */ 179 { 180 xfs_extlen_t nb; 181 182 nb = in->newblocks; 183 if (nb < XFS_MIN_LOG_BLOCKS || nb < XFS_B_TO_FSB(mp, XFS_MIN_LOG_BYTES)) 184 return -EINVAL; 185 if (nb == mp->m_sb.sb_logblocks && 186 in->isint == (mp->m_sb.sb_logstart != 0)) 187 return -EINVAL; 188 /* 189 * Moving the log is hard, need new interfaces to sync 190 * the log first, hold off all activity while moving it. 191 * Can have shorter or longer log in the same space, 192 * or transform internal to external log or vice versa. 193 */ 194 return -ENOSYS; 195 } 196 197 static int 198 xfs_growfs_imaxpct( 199 struct xfs_mount *mp, 200 __u32 imaxpct) 201 { 202 struct xfs_trans *tp; 203 int dpct; 204 int error; 205 206 if (imaxpct > 100) 207 return -EINVAL; 208 209 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growdata, 210 XFS_GROWFS_SPACE_RES(mp), 0, XFS_TRANS_RESERVE, &tp); 211 if (error) 212 return error; 213 214 dpct = imaxpct - mp->m_sb.sb_imax_pct; 215 xfs_trans_mod_sb(tp, XFS_TRANS_SB_IMAXPCT, dpct); 216 xfs_trans_set_sync(tp); 217 return xfs_trans_commit(tp); 218 } 219 220 /* 221 * protected versions of growfs function acquire and release locks on the mount 222 * point - exported through ioctls: XFS_IOC_FSGROWFSDATA, XFS_IOC_FSGROWFSLOG, 223 * XFS_IOC_FSGROWFSRT 224 */ 225 int 226 xfs_growfs_data( 227 struct xfs_mount *mp, 228 struct xfs_growfs_data *in) 229 { 230 int error = 0; 231 232 if (!capable(CAP_SYS_ADMIN)) 233 return -EPERM; 234 if (!mutex_trylock(&mp->m_growlock)) 235 return -EWOULDBLOCK; 236 237 /* update imaxpct separately to the physical grow of the filesystem */ 238 if (in->imaxpct != mp->m_sb.sb_imax_pct) { 239 error = xfs_growfs_imaxpct(mp, in->imaxpct); 240 if (error) 241 goto out_error; 242 } 243 244 if (in->newblocks != mp->m_sb.sb_dblocks) { 245 error = xfs_growfs_data_private(mp, in); 246 if (error) 247 goto out_error; 248 } 249 250 /* Post growfs calculations needed to reflect new state in operations */ 251 if (mp->m_sb.sb_imax_pct) { 252 uint64_t icount = mp->m_sb.sb_dblocks * mp->m_sb.sb_imax_pct; 253 do_div(icount, 100); 254 mp->m_maxicount = XFS_FSB_TO_INO(mp, icount); 255 } else 256 mp->m_maxicount = 0; 257 258 /* Update secondary superblocks now the physical grow has completed */ 259 error = xfs_update_secondary_sbs(mp); 260 261 out_error: 262 /* 263 * Increment the generation unconditionally, the error could be from 264 * updating the secondary superblocks, in which case the new size 265 * is live already. 266 */ 267 mp->m_generation++; 268 mutex_unlock(&mp->m_growlock); 269 return error; 270 } 271 272 int 273 xfs_growfs_log( 274 xfs_mount_t *mp, 275 xfs_growfs_log_t *in) 276 { 277 int error; 278 279 if (!capable(CAP_SYS_ADMIN)) 280 return -EPERM; 281 if (!mutex_trylock(&mp->m_growlock)) 282 return -EWOULDBLOCK; 283 error = xfs_growfs_log_private(mp, in); 284 mutex_unlock(&mp->m_growlock); 285 return error; 286 } 287 288 /* 289 * exported through ioctl XFS_IOC_FSCOUNTS 290 */ 291 292 int 293 xfs_fs_counts( 294 xfs_mount_t *mp, 295 xfs_fsop_counts_t *cnt) 296 { 297 cnt->allocino = percpu_counter_read_positive(&mp->m_icount); 298 cnt->freeino = percpu_counter_read_positive(&mp->m_ifree); 299 cnt->freedata = percpu_counter_read_positive(&mp->m_fdblocks) - 300 mp->m_alloc_set_aside; 301 302 spin_lock(&mp->m_sb_lock); 303 cnt->freertx = mp->m_sb.sb_frextents; 304 spin_unlock(&mp->m_sb_lock); 305 return 0; 306 } 307 308 /* 309 * exported through ioctl XFS_IOC_SET_RESBLKS & XFS_IOC_GET_RESBLKS 310 * 311 * xfs_reserve_blocks is called to set m_resblks 312 * in the in-core mount table. The number of unused reserved blocks 313 * is kept in m_resblks_avail. 314 * 315 * Reserve the requested number of blocks if available. Otherwise return 316 * as many as possible to satisfy the request. The actual number 317 * reserved are returned in outval 318 * 319 * A null inval pointer indicates that only the current reserved blocks 320 * available should be returned no settings are changed. 321 */ 322 323 int 324 xfs_reserve_blocks( 325 xfs_mount_t *mp, 326 uint64_t *inval, 327 xfs_fsop_resblks_t *outval) 328 { 329 int64_t lcounter, delta; 330 int64_t fdblks_delta = 0; 331 uint64_t request; 332 int64_t free; 333 int error = 0; 334 335 /* If inval is null, report current values and return */ 336 if (inval == (uint64_t *)NULL) { 337 if (!outval) 338 return -EINVAL; 339 outval->resblks = mp->m_resblks; 340 outval->resblks_avail = mp->m_resblks_avail; 341 return 0; 342 } 343 344 request = *inval; 345 346 /* 347 * With per-cpu counters, this becomes an interesting problem. we need 348 * to work out if we are freeing or allocation blocks first, then we can 349 * do the modification as necessary. 350 * 351 * We do this under the m_sb_lock so that if we are near ENOSPC, we will 352 * hold out any changes while we work out what to do. This means that 353 * the amount of free space can change while we do this, so we need to 354 * retry if we end up trying to reserve more space than is available. 355 */ 356 spin_lock(&mp->m_sb_lock); 357 358 /* 359 * If our previous reservation was larger than the current value, 360 * then move any unused blocks back to the free pool. Modify the resblks 361 * counters directly since we shouldn't have any problems unreserving 362 * space. 363 */ 364 if (mp->m_resblks > request) { 365 lcounter = mp->m_resblks_avail - request; 366 if (lcounter > 0) { /* release unused blocks */ 367 fdblks_delta = lcounter; 368 mp->m_resblks_avail -= lcounter; 369 } 370 mp->m_resblks = request; 371 if (fdblks_delta) { 372 spin_unlock(&mp->m_sb_lock); 373 error = xfs_mod_fdblocks(mp, fdblks_delta, 0); 374 spin_lock(&mp->m_sb_lock); 375 } 376 377 goto out; 378 } 379 380 /* 381 * If the request is larger than the current reservation, reserve the 382 * blocks before we update the reserve counters. Sample m_fdblocks and 383 * perform a partial reservation if the request exceeds free space. 384 */ 385 error = -ENOSPC; 386 do { 387 free = percpu_counter_sum(&mp->m_fdblocks) - 388 mp->m_alloc_set_aside; 389 if (free <= 0) 390 break; 391 392 delta = request - mp->m_resblks; 393 lcounter = free - delta; 394 if (lcounter < 0) 395 /* We can't satisfy the request, just get what we can */ 396 fdblks_delta = free; 397 else 398 fdblks_delta = delta; 399 400 /* 401 * We'll either succeed in getting space from the free block 402 * count or we'll get an ENOSPC. If we get a ENOSPC, it means 403 * things changed while we were calculating fdblks_delta and so 404 * we should try again to see if there is anything left to 405 * reserve. 406 * 407 * Don't set the reserved flag here - we don't want to reserve 408 * the extra reserve blocks from the reserve..... 409 */ 410 spin_unlock(&mp->m_sb_lock); 411 error = xfs_mod_fdblocks(mp, -fdblks_delta, 0); 412 spin_lock(&mp->m_sb_lock); 413 } while (error == -ENOSPC); 414 415 /* 416 * Update the reserve counters if blocks have been successfully 417 * allocated. 418 */ 419 if (!error && fdblks_delta) { 420 mp->m_resblks += fdblks_delta; 421 mp->m_resblks_avail += fdblks_delta; 422 } 423 424 out: 425 if (outval) { 426 outval->resblks = mp->m_resblks; 427 outval->resblks_avail = mp->m_resblks_avail; 428 } 429 430 spin_unlock(&mp->m_sb_lock); 431 return error; 432 } 433 434 int 435 xfs_fs_goingdown( 436 xfs_mount_t *mp, 437 uint32_t inflags) 438 { 439 switch (inflags) { 440 case XFS_FSOP_GOING_FLAGS_DEFAULT: { 441 struct super_block *sb = freeze_bdev(mp->m_super->s_bdev); 442 443 if (sb && !IS_ERR(sb)) { 444 xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT); 445 thaw_bdev(sb->s_bdev, sb); 446 } 447 448 break; 449 } 450 case XFS_FSOP_GOING_FLAGS_LOGFLUSH: 451 xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT); 452 break; 453 case XFS_FSOP_GOING_FLAGS_NOLOGFLUSH: 454 xfs_force_shutdown(mp, 455 SHUTDOWN_FORCE_UMOUNT | SHUTDOWN_LOG_IO_ERROR); 456 break; 457 default: 458 return -EINVAL; 459 } 460 461 return 0; 462 } 463 464 /* 465 * Force a shutdown of the filesystem instantly while keeping the filesystem 466 * consistent. We don't do an unmount here; just shutdown the shop, make sure 467 * that absolutely nothing persistent happens to this filesystem after this 468 * point. 469 */ 470 void 471 xfs_do_force_shutdown( 472 struct xfs_mount *mp, 473 int flags, 474 char *fname, 475 int lnnum) 476 { 477 bool logerror = flags & SHUTDOWN_LOG_IO_ERROR; 478 479 /* 480 * No need to duplicate efforts. 481 */ 482 if (XFS_FORCED_SHUTDOWN(mp) && !logerror) 483 return; 484 485 /* 486 * This flags XFS_MOUNT_FS_SHUTDOWN, makes sure that we don't 487 * queue up anybody new on the log reservations, and wakes up 488 * everybody who's sleeping on log reservations to tell them 489 * the bad news. 490 */ 491 if (xfs_log_force_umount(mp, logerror)) 492 return; 493 494 if (flags & SHUTDOWN_FORCE_UMOUNT) { 495 xfs_alert(mp, 496 "User initiated shutdown received. Shutting down filesystem"); 497 return; 498 } 499 500 xfs_notice(mp, 501 "%s(0x%x) called from line %d of file %s. Return address = "PTR_FMT, 502 __func__, flags, lnnum, fname, __return_address); 503 504 if (flags & SHUTDOWN_CORRUPT_INCORE) { 505 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_CORRUPT, 506 "Corruption of in-memory data detected. Shutting down filesystem"); 507 if (XFS_ERRLEVEL_HIGH <= xfs_error_level) 508 xfs_stack_trace(); 509 } else if (logerror) { 510 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_LOGERROR, 511 "Log I/O Error Detected. Shutting down filesystem"); 512 } else if (flags & SHUTDOWN_DEVICE_REQ) { 513 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_IOERROR, 514 "All device paths lost. Shutting down filesystem"); 515 } else if (!(flags & SHUTDOWN_REMOTE_REQ)) { 516 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_IOERROR, 517 "I/O Error Detected. Shutting down filesystem"); 518 } 519 520 xfs_alert(mp, 521 "Please unmount the filesystem and rectify the problem(s)"); 522 } 523 524 /* 525 * Reserve free space for per-AG metadata. 526 */ 527 int 528 xfs_fs_reserve_ag_blocks( 529 struct xfs_mount *mp) 530 { 531 xfs_agnumber_t agno; 532 struct xfs_perag *pag; 533 int error = 0; 534 int err2; 535 536 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 537 pag = xfs_perag_get(mp, agno); 538 err2 = xfs_ag_resv_init(pag, NULL); 539 xfs_perag_put(pag); 540 if (err2 && !error) 541 error = err2; 542 } 543 544 if (error && error != -ENOSPC) { 545 xfs_warn(mp, 546 "Error %d reserving per-AG metadata reserve pool.", error); 547 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 548 } 549 550 return error; 551 } 552 553 /* 554 * Free space reserved for per-AG metadata. 555 */ 556 int 557 xfs_fs_unreserve_ag_blocks( 558 struct xfs_mount *mp) 559 { 560 xfs_agnumber_t agno; 561 struct xfs_perag *pag; 562 int error = 0; 563 int err2; 564 565 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 566 pag = xfs_perag_get(mp, agno); 567 err2 = xfs_ag_resv_free(pag); 568 xfs_perag_put(pag); 569 if (err2 && !error) 570 error = err2; 571 } 572 573 if (error) 574 xfs_warn(mp, 575 "Error %d freeing per-AG metadata reserve pool.", error); 576 577 return error; 578 } 579