1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_sb.h" 13 #include "xfs_mount.h" 14 #include "xfs_defer.h" 15 #include "xfs_trans.h" 16 #include "xfs_error.h" 17 #include "xfs_btree.h" 18 #include "xfs_alloc.h" 19 #include "xfs_fsops.h" 20 #include "xfs_trans_space.h" 21 #include "xfs_rtalloc.h" 22 #include "xfs_trace.h" 23 #include "xfs_log.h" 24 #include "xfs_ag.h" 25 #include "xfs_ag_resv.h" 26 27 /* 28 * growfs operations 29 */ 30 static int 31 xfs_growfs_data_private( 32 xfs_mount_t *mp, /* mount point for filesystem */ 33 xfs_growfs_data_t *in) /* growfs data input struct */ 34 { 35 xfs_buf_t *bp; 36 int error; 37 xfs_agnumber_t nagcount; 38 xfs_agnumber_t nagimax = 0; 39 xfs_rfsblock_t nb, nb_mod; 40 xfs_rfsblock_t new; 41 xfs_agnumber_t oagcount; 42 xfs_trans_t *tp; 43 struct aghdr_init_data id = {}; 44 45 nb = in->newblocks; 46 if (nb < mp->m_sb.sb_dblocks) 47 return -EINVAL; 48 if ((error = xfs_sb_validate_fsb_count(&mp->m_sb, nb))) 49 return error; 50 error = xfs_buf_read_uncached(mp->m_ddev_targp, 51 XFS_FSB_TO_BB(mp, nb) - XFS_FSS_TO_BB(mp, 1), 52 XFS_FSS_TO_BB(mp, 1), 0, &bp, NULL); 53 if (error) 54 return error; 55 xfs_buf_relse(bp); 56 57 new = nb; /* use new as a temporary here */ 58 nb_mod = do_div(new, mp->m_sb.sb_agblocks); 59 nagcount = new + (nb_mod != 0); 60 if (nb_mod && nb_mod < XFS_MIN_AG_BLOCKS) { 61 nagcount--; 62 nb = (xfs_rfsblock_t)nagcount * mp->m_sb.sb_agblocks; 63 if (nb < mp->m_sb.sb_dblocks) 64 return -EINVAL; 65 } 66 new = nb - mp->m_sb.sb_dblocks; 67 oagcount = mp->m_sb.sb_agcount; 68 69 /* allocate the new per-ag structures */ 70 if (nagcount > oagcount) { 71 error = xfs_initialize_perag(mp, nagcount, &nagimax); 72 if (error) 73 return error; 74 } 75 76 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growdata, 77 XFS_GROWFS_SPACE_RES(mp), 0, XFS_TRANS_RESERVE, &tp); 78 if (error) 79 return error; 80 81 /* 82 * Write new AG headers to disk. Non-transactional, but need to be 83 * written and completed prior to the growfs transaction being logged. 84 * To do this, we use a delayed write buffer list and wait for 85 * submission and IO completion of the list as a whole. This allows the 86 * IO subsystem to merge all the AG headers in a single AG into a single 87 * IO and hide most of the latency of the IO from us. 88 * 89 * This also means that if we get an error whilst building the buffer 90 * list to write, we can cancel the entire list without having written 91 * anything. 92 */ 93 INIT_LIST_HEAD(&id.buffer_list); 94 for (id.agno = nagcount - 1; 95 id.agno >= oagcount; 96 id.agno--, new -= id.agsize) { 97 98 if (id.agno == nagcount - 1) 99 id.agsize = nb - 100 (id.agno * (xfs_rfsblock_t)mp->m_sb.sb_agblocks); 101 else 102 id.agsize = mp->m_sb.sb_agblocks; 103 104 error = xfs_ag_init_headers(mp, &id); 105 if (error) { 106 xfs_buf_delwri_cancel(&id.buffer_list); 107 goto out_trans_cancel; 108 } 109 } 110 error = xfs_buf_delwri_submit(&id.buffer_list); 111 if (error) 112 goto out_trans_cancel; 113 114 xfs_trans_agblocks_delta(tp, id.nfree); 115 116 /* If there are new blocks in the old last AG, extend it. */ 117 if (new) { 118 error = xfs_ag_extend_space(mp, tp, &id, new); 119 if (error) 120 goto out_trans_cancel; 121 } 122 123 /* 124 * Update changed superblock fields transactionally. These are not 125 * seen by the rest of the world until the transaction commit applies 126 * them atomically to the superblock. 127 */ 128 if (nagcount > oagcount) 129 xfs_trans_mod_sb(tp, XFS_TRANS_SB_AGCOUNT, nagcount - oagcount); 130 if (nb > mp->m_sb.sb_dblocks) 131 xfs_trans_mod_sb(tp, XFS_TRANS_SB_DBLOCKS, 132 nb - mp->m_sb.sb_dblocks); 133 if (id.nfree) 134 xfs_trans_mod_sb(tp, XFS_TRANS_SB_FDBLOCKS, id.nfree); 135 xfs_trans_set_sync(tp); 136 error = xfs_trans_commit(tp); 137 if (error) 138 return error; 139 140 /* New allocation groups fully initialized, so update mount struct */ 141 if (nagimax) 142 mp->m_maxagi = nagimax; 143 xfs_set_low_space_thresholds(mp); 144 mp->m_alloc_set_aside = xfs_alloc_set_aside(mp); 145 146 /* 147 * If we expanded the last AG, free the per-AG reservation 148 * so we can reinitialize it with the new size. 149 */ 150 if (new) { 151 struct xfs_perag *pag; 152 153 pag = xfs_perag_get(mp, id.agno); 154 error = xfs_ag_resv_free(pag); 155 xfs_perag_put(pag); 156 if (error) 157 return error; 158 } 159 160 /* 161 * Reserve AG metadata blocks. ENOSPC here does not mean there was a 162 * growfs failure, just that there still isn't space for new user data 163 * after the grow has been run. 164 */ 165 error = xfs_fs_reserve_ag_blocks(mp); 166 if (error == -ENOSPC) 167 error = 0; 168 return error; 169 170 out_trans_cancel: 171 xfs_trans_cancel(tp); 172 return error; 173 } 174 175 static int 176 xfs_growfs_log_private( 177 xfs_mount_t *mp, /* mount point for filesystem */ 178 xfs_growfs_log_t *in) /* growfs log input struct */ 179 { 180 xfs_extlen_t nb; 181 182 nb = in->newblocks; 183 if (nb < XFS_MIN_LOG_BLOCKS || nb < XFS_B_TO_FSB(mp, XFS_MIN_LOG_BYTES)) 184 return -EINVAL; 185 if (nb == mp->m_sb.sb_logblocks && 186 in->isint == (mp->m_sb.sb_logstart != 0)) 187 return -EINVAL; 188 /* 189 * Moving the log is hard, need new interfaces to sync 190 * the log first, hold off all activity while moving it. 191 * Can have shorter or longer log in the same space, 192 * or transform internal to external log or vice versa. 193 */ 194 return -ENOSYS; 195 } 196 197 static int 198 xfs_growfs_imaxpct( 199 struct xfs_mount *mp, 200 __u32 imaxpct) 201 { 202 struct xfs_trans *tp; 203 int dpct; 204 int error; 205 206 if (imaxpct > 100) 207 return -EINVAL; 208 209 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growdata, 210 XFS_GROWFS_SPACE_RES(mp), 0, XFS_TRANS_RESERVE, &tp); 211 if (error) 212 return error; 213 214 dpct = imaxpct - mp->m_sb.sb_imax_pct; 215 xfs_trans_mod_sb(tp, XFS_TRANS_SB_IMAXPCT, dpct); 216 xfs_trans_set_sync(tp); 217 return xfs_trans_commit(tp); 218 } 219 220 /* 221 * protected versions of growfs function acquire and release locks on the mount 222 * point - exported through ioctls: XFS_IOC_FSGROWFSDATA, XFS_IOC_FSGROWFSLOG, 223 * XFS_IOC_FSGROWFSRT 224 */ 225 int 226 xfs_growfs_data( 227 struct xfs_mount *mp, 228 struct xfs_growfs_data *in) 229 { 230 int error = 0; 231 232 if (!capable(CAP_SYS_ADMIN)) 233 return -EPERM; 234 if (!mutex_trylock(&mp->m_growlock)) 235 return -EWOULDBLOCK; 236 237 /* update imaxpct separately to the physical grow of the filesystem */ 238 if (in->imaxpct != mp->m_sb.sb_imax_pct) { 239 error = xfs_growfs_imaxpct(mp, in->imaxpct); 240 if (error) 241 goto out_error; 242 } 243 244 if (in->newblocks != mp->m_sb.sb_dblocks) { 245 error = xfs_growfs_data_private(mp, in); 246 if (error) 247 goto out_error; 248 } 249 250 /* Post growfs calculations needed to reflect new state in operations */ 251 if (mp->m_sb.sb_imax_pct) { 252 uint64_t icount = mp->m_sb.sb_dblocks * mp->m_sb.sb_imax_pct; 253 do_div(icount, 100); 254 mp->m_maxicount = XFS_FSB_TO_INO(mp, icount); 255 } else 256 mp->m_maxicount = 0; 257 258 /* Update secondary superblocks now the physical grow has completed */ 259 error = xfs_update_secondary_sbs(mp); 260 261 out_error: 262 /* 263 * Increment the generation unconditionally, the error could be from 264 * updating the secondary superblocks, in which case the new size 265 * is live already. 266 */ 267 mp->m_generation++; 268 mutex_unlock(&mp->m_growlock); 269 return error; 270 } 271 272 int 273 xfs_growfs_log( 274 xfs_mount_t *mp, 275 xfs_growfs_log_t *in) 276 { 277 int error; 278 279 if (!capable(CAP_SYS_ADMIN)) 280 return -EPERM; 281 if (!mutex_trylock(&mp->m_growlock)) 282 return -EWOULDBLOCK; 283 error = xfs_growfs_log_private(mp, in); 284 mutex_unlock(&mp->m_growlock); 285 return error; 286 } 287 288 /* 289 * exported through ioctl XFS_IOC_FSCOUNTS 290 */ 291 292 void 293 xfs_fs_counts( 294 xfs_mount_t *mp, 295 xfs_fsop_counts_t *cnt) 296 { 297 cnt->allocino = percpu_counter_read_positive(&mp->m_icount); 298 cnt->freeino = percpu_counter_read_positive(&mp->m_ifree); 299 cnt->freedata = percpu_counter_read_positive(&mp->m_fdblocks) - 300 mp->m_alloc_set_aside; 301 302 spin_lock(&mp->m_sb_lock); 303 cnt->freertx = mp->m_sb.sb_frextents; 304 spin_unlock(&mp->m_sb_lock); 305 } 306 307 /* 308 * exported through ioctl XFS_IOC_SET_RESBLKS & XFS_IOC_GET_RESBLKS 309 * 310 * xfs_reserve_blocks is called to set m_resblks 311 * in the in-core mount table. The number of unused reserved blocks 312 * is kept in m_resblks_avail. 313 * 314 * Reserve the requested number of blocks if available. Otherwise return 315 * as many as possible to satisfy the request. The actual number 316 * reserved are returned in outval 317 * 318 * A null inval pointer indicates that only the current reserved blocks 319 * available should be returned no settings are changed. 320 */ 321 322 int 323 xfs_reserve_blocks( 324 xfs_mount_t *mp, 325 uint64_t *inval, 326 xfs_fsop_resblks_t *outval) 327 { 328 int64_t lcounter, delta; 329 int64_t fdblks_delta = 0; 330 uint64_t request; 331 int64_t free; 332 int error = 0; 333 334 /* If inval is null, report current values and return */ 335 if (inval == (uint64_t *)NULL) { 336 if (!outval) 337 return -EINVAL; 338 outval->resblks = mp->m_resblks; 339 outval->resblks_avail = mp->m_resblks_avail; 340 return 0; 341 } 342 343 request = *inval; 344 345 /* 346 * With per-cpu counters, this becomes an interesting problem. we need 347 * to work out if we are freeing or allocation blocks first, then we can 348 * do the modification as necessary. 349 * 350 * We do this under the m_sb_lock so that if we are near ENOSPC, we will 351 * hold out any changes while we work out what to do. This means that 352 * the amount of free space can change while we do this, so we need to 353 * retry if we end up trying to reserve more space than is available. 354 */ 355 spin_lock(&mp->m_sb_lock); 356 357 /* 358 * If our previous reservation was larger than the current value, 359 * then move any unused blocks back to the free pool. Modify the resblks 360 * counters directly since we shouldn't have any problems unreserving 361 * space. 362 */ 363 if (mp->m_resblks > request) { 364 lcounter = mp->m_resblks_avail - request; 365 if (lcounter > 0) { /* release unused blocks */ 366 fdblks_delta = lcounter; 367 mp->m_resblks_avail -= lcounter; 368 } 369 mp->m_resblks = request; 370 if (fdblks_delta) { 371 spin_unlock(&mp->m_sb_lock); 372 error = xfs_mod_fdblocks(mp, fdblks_delta, 0); 373 spin_lock(&mp->m_sb_lock); 374 } 375 376 goto out; 377 } 378 379 /* 380 * If the request is larger than the current reservation, reserve the 381 * blocks before we update the reserve counters. Sample m_fdblocks and 382 * perform a partial reservation if the request exceeds free space. 383 */ 384 error = -ENOSPC; 385 do { 386 free = percpu_counter_sum(&mp->m_fdblocks) - 387 mp->m_alloc_set_aside; 388 if (free <= 0) 389 break; 390 391 delta = request - mp->m_resblks; 392 lcounter = free - delta; 393 if (lcounter < 0) 394 /* We can't satisfy the request, just get what we can */ 395 fdblks_delta = free; 396 else 397 fdblks_delta = delta; 398 399 /* 400 * We'll either succeed in getting space from the free block 401 * count or we'll get an ENOSPC. If we get a ENOSPC, it means 402 * things changed while we were calculating fdblks_delta and so 403 * we should try again to see if there is anything left to 404 * reserve. 405 * 406 * Don't set the reserved flag here - we don't want to reserve 407 * the extra reserve blocks from the reserve..... 408 */ 409 spin_unlock(&mp->m_sb_lock); 410 error = xfs_mod_fdblocks(mp, -fdblks_delta, 0); 411 spin_lock(&mp->m_sb_lock); 412 } while (error == -ENOSPC); 413 414 /* 415 * Update the reserve counters if blocks have been successfully 416 * allocated. 417 */ 418 if (!error && fdblks_delta) { 419 mp->m_resblks += fdblks_delta; 420 mp->m_resblks_avail += fdblks_delta; 421 } 422 423 out: 424 if (outval) { 425 outval->resblks = mp->m_resblks; 426 outval->resblks_avail = mp->m_resblks_avail; 427 } 428 429 spin_unlock(&mp->m_sb_lock); 430 return error; 431 } 432 433 int 434 xfs_fs_goingdown( 435 xfs_mount_t *mp, 436 uint32_t inflags) 437 { 438 switch (inflags) { 439 case XFS_FSOP_GOING_FLAGS_DEFAULT: { 440 struct super_block *sb = freeze_bdev(mp->m_super->s_bdev); 441 442 if (sb && !IS_ERR(sb)) { 443 xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT); 444 thaw_bdev(sb->s_bdev, sb); 445 } 446 447 break; 448 } 449 case XFS_FSOP_GOING_FLAGS_LOGFLUSH: 450 xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT); 451 break; 452 case XFS_FSOP_GOING_FLAGS_NOLOGFLUSH: 453 xfs_force_shutdown(mp, 454 SHUTDOWN_FORCE_UMOUNT | SHUTDOWN_LOG_IO_ERROR); 455 break; 456 default: 457 return -EINVAL; 458 } 459 460 return 0; 461 } 462 463 /* 464 * Force a shutdown of the filesystem instantly while keeping the filesystem 465 * consistent. We don't do an unmount here; just shutdown the shop, make sure 466 * that absolutely nothing persistent happens to this filesystem after this 467 * point. 468 */ 469 void 470 xfs_do_force_shutdown( 471 struct xfs_mount *mp, 472 int flags, 473 char *fname, 474 int lnnum) 475 { 476 bool logerror = flags & SHUTDOWN_LOG_IO_ERROR; 477 478 /* 479 * No need to duplicate efforts. 480 */ 481 if (XFS_FORCED_SHUTDOWN(mp) && !logerror) 482 return; 483 484 /* 485 * This flags XFS_MOUNT_FS_SHUTDOWN, makes sure that we don't 486 * queue up anybody new on the log reservations, and wakes up 487 * everybody who's sleeping on log reservations to tell them 488 * the bad news. 489 */ 490 if (xfs_log_force_umount(mp, logerror)) 491 return; 492 493 if (flags & SHUTDOWN_FORCE_UMOUNT) { 494 xfs_alert(mp, 495 "User initiated shutdown received. Shutting down filesystem"); 496 return; 497 } 498 499 xfs_notice(mp, 500 "%s(0x%x) called from line %d of file %s. Return address = "PTR_FMT, 501 __func__, flags, lnnum, fname, __return_address); 502 503 if (flags & SHUTDOWN_CORRUPT_INCORE) { 504 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_CORRUPT, 505 "Corruption of in-memory data detected. Shutting down filesystem"); 506 if (XFS_ERRLEVEL_HIGH <= xfs_error_level) 507 xfs_stack_trace(); 508 } else if (logerror) { 509 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_LOGERROR, 510 "Log I/O Error Detected. Shutting down filesystem"); 511 } else if (flags & SHUTDOWN_DEVICE_REQ) { 512 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_IOERROR, 513 "All device paths lost. Shutting down filesystem"); 514 } else if (!(flags & SHUTDOWN_REMOTE_REQ)) { 515 xfs_alert_tag(mp, XFS_PTAG_SHUTDOWN_IOERROR, 516 "I/O Error Detected. Shutting down filesystem"); 517 } 518 519 xfs_alert(mp, 520 "Please unmount the filesystem and rectify the problem(s)"); 521 } 522 523 /* 524 * Reserve free space for per-AG metadata. 525 */ 526 int 527 xfs_fs_reserve_ag_blocks( 528 struct xfs_mount *mp) 529 { 530 xfs_agnumber_t agno; 531 struct xfs_perag *pag; 532 int error = 0; 533 int err2; 534 535 mp->m_finobt_nores = false; 536 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 537 pag = xfs_perag_get(mp, agno); 538 err2 = xfs_ag_resv_init(pag, NULL); 539 xfs_perag_put(pag); 540 if (err2 && !error) 541 error = err2; 542 } 543 544 if (error && error != -ENOSPC) { 545 xfs_warn(mp, 546 "Error %d reserving per-AG metadata reserve pool.", error); 547 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 548 } 549 550 return error; 551 } 552 553 /* 554 * Free space reserved for per-AG metadata. 555 */ 556 int 557 xfs_fs_unreserve_ag_blocks( 558 struct xfs_mount *mp) 559 { 560 xfs_agnumber_t agno; 561 struct xfs_perag *pag; 562 int error = 0; 563 int err2; 564 565 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 566 pag = xfs_perag_get(mp, agno); 567 err2 = xfs_ag_resv_free(pag); 568 xfs_perag_put(pag); 569 if (err2 && !error) 570 error = err2; 571 } 572 573 if (error) 574 xfs_warn(mp, 575 "Error %d freeing per-AG metadata reserve pool.", error); 576 577 return error; 578 } 579