xref: /openbmc/linux/fs/xfs/xfs_log.c (revision 33ac9dba)
1  /*
2   * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3   * All Rights Reserved.
4   *
5   * This program is free software; you can redistribute it and/or
6   * modify it under the terms of the GNU General Public License as
7   * published by the Free Software Foundation.
8   *
9   * This program is distributed in the hope that it would be useful,
10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12   * GNU General Public License for more details.
13   *
14   * You should have received a copy of the GNU General Public License
15   * along with this program; if not, write the Free Software Foundation,
16   * Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
17   */
18  #include "xfs.h"
19  #include "xfs_fs.h"
20  #include "xfs_shared.h"
21  #include "xfs_format.h"
22  #include "xfs_log_format.h"
23  #include "xfs_trans_resv.h"
24  #include "xfs_sb.h"
25  #include "xfs_ag.h"
26  #include "xfs_mount.h"
27  #include "xfs_error.h"
28  #include "xfs_trans.h"
29  #include "xfs_trans_priv.h"
30  #include "xfs_log.h"
31  #include "xfs_log_priv.h"
32  #include "xfs_log_recover.h"
33  #include "xfs_inode.h"
34  #include "xfs_trace.h"
35  #include "xfs_fsops.h"
36  #include "xfs_cksum.h"
37  #include "xfs_sysfs.h"
38  
39  kmem_zone_t	*xfs_log_ticket_zone;
40  
41  /* Local miscellaneous function prototypes */
42  STATIC int
43  xlog_commit_record(
44  	struct xlog		*log,
45  	struct xlog_ticket	*ticket,
46  	struct xlog_in_core	**iclog,
47  	xfs_lsn_t		*commitlsnp);
48  
49  STATIC struct xlog *
50  xlog_alloc_log(
51  	struct xfs_mount	*mp,
52  	struct xfs_buftarg	*log_target,
53  	xfs_daddr_t		blk_offset,
54  	int			num_bblks);
55  STATIC int
56  xlog_space_left(
57  	struct xlog		*log,
58  	atomic64_t		*head);
59  STATIC int
60  xlog_sync(
61  	struct xlog		*log,
62  	struct xlog_in_core	*iclog);
63  STATIC void
64  xlog_dealloc_log(
65  	struct xlog		*log);
66  
67  /* local state machine functions */
68  STATIC void xlog_state_done_syncing(xlog_in_core_t *iclog, int);
69  STATIC void
70  xlog_state_do_callback(
71  	struct xlog		*log,
72  	int			aborted,
73  	struct xlog_in_core	*iclog);
74  STATIC int
75  xlog_state_get_iclog_space(
76  	struct xlog		*log,
77  	int			len,
78  	struct xlog_in_core	**iclog,
79  	struct xlog_ticket	*ticket,
80  	int			*continued_write,
81  	int			*logoffsetp);
82  STATIC int
83  xlog_state_release_iclog(
84  	struct xlog		*log,
85  	struct xlog_in_core	*iclog);
86  STATIC void
87  xlog_state_switch_iclogs(
88  	struct xlog		*log,
89  	struct xlog_in_core	*iclog,
90  	int			eventual_size);
91  STATIC void
92  xlog_state_want_sync(
93  	struct xlog		*log,
94  	struct xlog_in_core	*iclog);
95  
96  STATIC void
97  xlog_grant_push_ail(
98  	struct xlog		*log,
99  	int			need_bytes);
100  STATIC void
101  xlog_regrant_reserve_log_space(
102  	struct xlog		*log,
103  	struct xlog_ticket	*ticket);
104  STATIC void
105  xlog_ungrant_log_space(
106  	struct xlog		*log,
107  	struct xlog_ticket	*ticket);
108  
109  #if defined(DEBUG)
110  STATIC void
111  xlog_verify_dest_ptr(
112  	struct xlog		*log,
113  	char			*ptr);
114  STATIC void
115  xlog_verify_grant_tail(
116  	struct xlog *log);
117  STATIC void
118  xlog_verify_iclog(
119  	struct xlog		*log,
120  	struct xlog_in_core	*iclog,
121  	int			count,
122  	bool                    syncing);
123  STATIC void
124  xlog_verify_tail_lsn(
125  	struct xlog		*log,
126  	struct xlog_in_core	*iclog,
127  	xfs_lsn_t		tail_lsn);
128  #else
129  #define xlog_verify_dest_ptr(a,b)
130  #define xlog_verify_grant_tail(a)
131  #define xlog_verify_iclog(a,b,c,d)
132  #define xlog_verify_tail_lsn(a,b,c)
133  #endif
134  
135  STATIC int
136  xlog_iclogs_empty(
137  	struct xlog		*log);
138  
139  static void
140  xlog_grant_sub_space(
141  	struct xlog		*log,
142  	atomic64_t		*head,
143  	int			bytes)
144  {
145  	int64_t	head_val = atomic64_read(head);
146  	int64_t new, old;
147  
148  	do {
149  		int	cycle, space;
150  
151  		xlog_crack_grant_head_val(head_val, &cycle, &space);
152  
153  		space -= bytes;
154  		if (space < 0) {
155  			space += log->l_logsize;
156  			cycle--;
157  		}
158  
159  		old = head_val;
160  		new = xlog_assign_grant_head_val(cycle, space);
161  		head_val = atomic64_cmpxchg(head, old, new);
162  	} while (head_val != old);
163  }
164  
165  static void
166  xlog_grant_add_space(
167  	struct xlog		*log,
168  	atomic64_t		*head,
169  	int			bytes)
170  {
171  	int64_t	head_val = atomic64_read(head);
172  	int64_t new, old;
173  
174  	do {
175  		int		tmp;
176  		int		cycle, space;
177  
178  		xlog_crack_grant_head_val(head_val, &cycle, &space);
179  
180  		tmp = log->l_logsize - space;
181  		if (tmp > bytes)
182  			space += bytes;
183  		else {
184  			space = bytes - tmp;
185  			cycle++;
186  		}
187  
188  		old = head_val;
189  		new = xlog_assign_grant_head_val(cycle, space);
190  		head_val = atomic64_cmpxchg(head, old, new);
191  	} while (head_val != old);
192  }
193  
194  STATIC void
195  xlog_grant_head_init(
196  	struct xlog_grant_head	*head)
197  {
198  	xlog_assign_grant_head(&head->grant, 1, 0);
199  	INIT_LIST_HEAD(&head->waiters);
200  	spin_lock_init(&head->lock);
201  }
202  
203  STATIC void
204  xlog_grant_head_wake_all(
205  	struct xlog_grant_head	*head)
206  {
207  	struct xlog_ticket	*tic;
208  
209  	spin_lock(&head->lock);
210  	list_for_each_entry(tic, &head->waiters, t_queue)
211  		wake_up_process(tic->t_task);
212  	spin_unlock(&head->lock);
213  }
214  
215  static inline int
216  xlog_ticket_reservation(
217  	struct xlog		*log,
218  	struct xlog_grant_head	*head,
219  	struct xlog_ticket	*tic)
220  {
221  	if (head == &log->l_write_head) {
222  		ASSERT(tic->t_flags & XLOG_TIC_PERM_RESERV);
223  		return tic->t_unit_res;
224  	} else {
225  		if (tic->t_flags & XLOG_TIC_PERM_RESERV)
226  			return tic->t_unit_res * tic->t_cnt;
227  		else
228  			return tic->t_unit_res;
229  	}
230  }
231  
232  STATIC bool
233  xlog_grant_head_wake(
234  	struct xlog		*log,
235  	struct xlog_grant_head	*head,
236  	int			*free_bytes)
237  {
238  	struct xlog_ticket	*tic;
239  	int			need_bytes;
240  
241  	list_for_each_entry(tic, &head->waiters, t_queue) {
242  		need_bytes = xlog_ticket_reservation(log, head, tic);
243  		if (*free_bytes < need_bytes)
244  			return false;
245  
246  		*free_bytes -= need_bytes;
247  		trace_xfs_log_grant_wake_up(log, tic);
248  		wake_up_process(tic->t_task);
249  	}
250  
251  	return true;
252  }
253  
254  STATIC int
255  xlog_grant_head_wait(
256  	struct xlog		*log,
257  	struct xlog_grant_head	*head,
258  	struct xlog_ticket	*tic,
259  	int			need_bytes) __releases(&head->lock)
260  					    __acquires(&head->lock)
261  {
262  	list_add_tail(&tic->t_queue, &head->waiters);
263  
264  	do {
265  		if (XLOG_FORCED_SHUTDOWN(log))
266  			goto shutdown;
267  		xlog_grant_push_ail(log, need_bytes);
268  
269  		__set_current_state(TASK_UNINTERRUPTIBLE);
270  		spin_unlock(&head->lock);
271  
272  		XFS_STATS_INC(xs_sleep_logspace);
273  
274  		trace_xfs_log_grant_sleep(log, tic);
275  		schedule();
276  		trace_xfs_log_grant_wake(log, tic);
277  
278  		spin_lock(&head->lock);
279  		if (XLOG_FORCED_SHUTDOWN(log))
280  			goto shutdown;
281  	} while (xlog_space_left(log, &head->grant) < need_bytes);
282  
283  	list_del_init(&tic->t_queue);
284  	return 0;
285  shutdown:
286  	list_del_init(&tic->t_queue);
287  	return -EIO;
288  }
289  
290  /*
291   * Atomically get the log space required for a log ticket.
292   *
293   * Once a ticket gets put onto head->waiters, it will only return after the
294   * needed reservation is satisfied.
295   *
296   * This function is structured so that it has a lock free fast path. This is
297   * necessary because every new transaction reservation will come through this
298   * path. Hence any lock will be globally hot if we take it unconditionally on
299   * every pass.
300   *
301   * As tickets are only ever moved on and off head->waiters under head->lock, we
302   * only need to take that lock if we are going to add the ticket to the queue
303   * and sleep. We can avoid taking the lock if the ticket was never added to
304   * head->waiters because the t_queue list head will be empty and we hold the
305   * only reference to it so it can safely be checked unlocked.
306   */
307  STATIC int
308  xlog_grant_head_check(
309  	struct xlog		*log,
310  	struct xlog_grant_head	*head,
311  	struct xlog_ticket	*tic,
312  	int			*need_bytes)
313  {
314  	int			free_bytes;
315  	int			error = 0;
316  
317  	ASSERT(!(log->l_flags & XLOG_ACTIVE_RECOVERY));
318  
319  	/*
320  	 * If there are other waiters on the queue then give them a chance at
321  	 * logspace before us.  Wake up the first waiters, if we do not wake
322  	 * up all the waiters then go to sleep waiting for more free space,
323  	 * otherwise try to get some space for this transaction.
324  	 */
325  	*need_bytes = xlog_ticket_reservation(log, head, tic);
326  	free_bytes = xlog_space_left(log, &head->grant);
327  	if (!list_empty_careful(&head->waiters)) {
328  		spin_lock(&head->lock);
329  		if (!xlog_grant_head_wake(log, head, &free_bytes) ||
330  		    free_bytes < *need_bytes) {
331  			error = xlog_grant_head_wait(log, head, tic,
332  						     *need_bytes);
333  		}
334  		spin_unlock(&head->lock);
335  	} else if (free_bytes < *need_bytes) {
336  		spin_lock(&head->lock);
337  		error = xlog_grant_head_wait(log, head, tic, *need_bytes);
338  		spin_unlock(&head->lock);
339  	}
340  
341  	return error;
342  }
343  
344  static void
345  xlog_tic_reset_res(xlog_ticket_t *tic)
346  {
347  	tic->t_res_num = 0;
348  	tic->t_res_arr_sum = 0;
349  	tic->t_res_num_ophdrs = 0;
350  }
351  
352  static void
353  xlog_tic_add_region(xlog_ticket_t *tic, uint len, uint type)
354  {
355  	if (tic->t_res_num == XLOG_TIC_LEN_MAX) {
356  		/* add to overflow and start again */
357  		tic->t_res_o_flow += tic->t_res_arr_sum;
358  		tic->t_res_num = 0;
359  		tic->t_res_arr_sum = 0;
360  	}
361  
362  	tic->t_res_arr[tic->t_res_num].r_len = len;
363  	tic->t_res_arr[tic->t_res_num].r_type = type;
364  	tic->t_res_arr_sum += len;
365  	tic->t_res_num++;
366  }
367  
368  /*
369   * Replenish the byte reservation required by moving the grant write head.
370   */
371  int
372  xfs_log_regrant(
373  	struct xfs_mount	*mp,
374  	struct xlog_ticket	*tic)
375  {
376  	struct xlog		*log = mp->m_log;
377  	int			need_bytes;
378  	int			error = 0;
379  
380  	if (XLOG_FORCED_SHUTDOWN(log))
381  		return -EIO;
382  
383  	XFS_STATS_INC(xs_try_logspace);
384  
385  	/*
386  	 * This is a new transaction on the ticket, so we need to change the
387  	 * transaction ID so that the next transaction has a different TID in
388  	 * the log. Just add one to the existing tid so that we can see chains
389  	 * of rolling transactions in the log easily.
390  	 */
391  	tic->t_tid++;
392  
393  	xlog_grant_push_ail(log, tic->t_unit_res);
394  
395  	tic->t_curr_res = tic->t_unit_res;
396  	xlog_tic_reset_res(tic);
397  
398  	if (tic->t_cnt > 0)
399  		return 0;
400  
401  	trace_xfs_log_regrant(log, tic);
402  
403  	error = xlog_grant_head_check(log, &log->l_write_head, tic,
404  				      &need_bytes);
405  	if (error)
406  		goto out_error;
407  
408  	xlog_grant_add_space(log, &log->l_write_head.grant, need_bytes);
409  	trace_xfs_log_regrant_exit(log, tic);
410  	xlog_verify_grant_tail(log);
411  	return 0;
412  
413  out_error:
414  	/*
415  	 * If we are failing, make sure the ticket doesn't have any current
416  	 * reservations.  We don't want to add this back when the ticket/
417  	 * transaction gets cancelled.
418  	 */
419  	tic->t_curr_res = 0;
420  	tic->t_cnt = 0;	/* ungrant will give back unit_res * t_cnt. */
421  	return error;
422  }
423  
424  /*
425   * Reserve log space and return a ticket corresponding the reservation.
426   *
427   * Each reservation is going to reserve extra space for a log record header.
428   * When writes happen to the on-disk log, we don't subtract the length of the
429   * log record header from any reservation.  By wasting space in each
430   * reservation, we prevent over allocation problems.
431   */
432  int
433  xfs_log_reserve(
434  	struct xfs_mount	*mp,
435  	int		 	unit_bytes,
436  	int		 	cnt,
437  	struct xlog_ticket	**ticp,
438  	__uint8_t	 	client,
439  	bool			permanent,
440  	uint		 	t_type)
441  {
442  	struct xlog		*log = mp->m_log;
443  	struct xlog_ticket	*tic;
444  	int			need_bytes;
445  	int			error = 0;
446  
447  	ASSERT(client == XFS_TRANSACTION || client == XFS_LOG);
448  
449  	if (XLOG_FORCED_SHUTDOWN(log))
450  		return -EIO;
451  
452  	XFS_STATS_INC(xs_try_logspace);
453  
454  	ASSERT(*ticp == NULL);
455  	tic = xlog_ticket_alloc(log, unit_bytes, cnt, client, permanent,
456  				KM_SLEEP | KM_MAYFAIL);
457  	if (!tic)
458  		return -ENOMEM;
459  
460  	tic->t_trans_type = t_type;
461  	*ticp = tic;
462  
463  	xlog_grant_push_ail(log, tic->t_cnt ? tic->t_unit_res * tic->t_cnt
464  					    : tic->t_unit_res);
465  
466  	trace_xfs_log_reserve(log, tic);
467  
468  	error = xlog_grant_head_check(log, &log->l_reserve_head, tic,
469  				      &need_bytes);
470  	if (error)
471  		goto out_error;
472  
473  	xlog_grant_add_space(log, &log->l_reserve_head.grant, need_bytes);
474  	xlog_grant_add_space(log, &log->l_write_head.grant, need_bytes);
475  	trace_xfs_log_reserve_exit(log, tic);
476  	xlog_verify_grant_tail(log);
477  	return 0;
478  
479  out_error:
480  	/*
481  	 * If we are failing, make sure the ticket doesn't have any current
482  	 * reservations.  We don't want to add this back when the ticket/
483  	 * transaction gets cancelled.
484  	 */
485  	tic->t_curr_res = 0;
486  	tic->t_cnt = 0;	/* ungrant will give back unit_res * t_cnt. */
487  	return error;
488  }
489  
490  
491  /*
492   * NOTES:
493   *
494   *	1. currblock field gets updated at startup and after in-core logs
495   *		marked as with WANT_SYNC.
496   */
497  
498  /*
499   * This routine is called when a user of a log manager ticket is done with
500   * the reservation.  If the ticket was ever used, then a commit record for
501   * the associated transaction is written out as a log operation header with
502   * no data.  The flag XLOG_TIC_INITED is set when the first write occurs with
503   * a given ticket.  If the ticket was one with a permanent reservation, then
504   * a few operations are done differently.  Permanent reservation tickets by
505   * default don't release the reservation.  They just commit the current
506   * transaction with the belief that the reservation is still needed.  A flag
507   * must be passed in before permanent reservations are actually released.
508   * When these type of tickets are not released, they need to be set into
509   * the inited state again.  By doing this, a start record will be written
510   * out when the next write occurs.
511   */
512  xfs_lsn_t
513  xfs_log_done(
514  	struct xfs_mount	*mp,
515  	struct xlog_ticket	*ticket,
516  	struct xlog_in_core	**iclog,
517  	uint			flags)
518  {
519  	struct xlog		*log = mp->m_log;
520  	xfs_lsn_t		lsn = 0;
521  
522  	if (XLOG_FORCED_SHUTDOWN(log) ||
523  	    /*
524  	     * If nothing was ever written, don't write out commit record.
525  	     * If we get an error, just continue and give back the log ticket.
526  	     */
527  	    (((ticket->t_flags & XLOG_TIC_INITED) == 0) &&
528  	     (xlog_commit_record(log, ticket, iclog, &lsn)))) {
529  		lsn = (xfs_lsn_t) -1;
530  		if (ticket->t_flags & XLOG_TIC_PERM_RESERV) {
531  			flags |= XFS_LOG_REL_PERM_RESERV;
532  		}
533  	}
534  
535  
536  	if ((ticket->t_flags & XLOG_TIC_PERM_RESERV) == 0 ||
537  	    (flags & XFS_LOG_REL_PERM_RESERV)) {
538  		trace_xfs_log_done_nonperm(log, ticket);
539  
540  		/*
541  		 * Release ticket if not permanent reservation or a specific
542  		 * request has been made to release a permanent reservation.
543  		 */
544  		xlog_ungrant_log_space(log, ticket);
545  		xfs_log_ticket_put(ticket);
546  	} else {
547  		trace_xfs_log_done_perm(log, ticket);
548  
549  		xlog_regrant_reserve_log_space(log, ticket);
550  		/* If this ticket was a permanent reservation and we aren't
551  		 * trying to release it, reset the inited flags; so next time
552  		 * we write, a start record will be written out.
553  		 */
554  		ticket->t_flags |= XLOG_TIC_INITED;
555  	}
556  
557  	return lsn;
558  }
559  
560  /*
561   * Attaches a new iclog I/O completion callback routine during
562   * transaction commit.  If the log is in error state, a non-zero
563   * return code is handed back and the caller is responsible for
564   * executing the callback at an appropriate time.
565   */
566  int
567  xfs_log_notify(
568  	struct xfs_mount	*mp,
569  	struct xlog_in_core	*iclog,
570  	xfs_log_callback_t	*cb)
571  {
572  	int	abortflg;
573  
574  	spin_lock(&iclog->ic_callback_lock);
575  	abortflg = (iclog->ic_state & XLOG_STATE_IOERROR);
576  	if (!abortflg) {
577  		ASSERT_ALWAYS((iclog->ic_state == XLOG_STATE_ACTIVE) ||
578  			      (iclog->ic_state == XLOG_STATE_WANT_SYNC));
579  		cb->cb_next = NULL;
580  		*(iclog->ic_callback_tail) = cb;
581  		iclog->ic_callback_tail = &(cb->cb_next);
582  	}
583  	spin_unlock(&iclog->ic_callback_lock);
584  	return abortflg;
585  }
586  
587  int
588  xfs_log_release_iclog(
589  	struct xfs_mount	*mp,
590  	struct xlog_in_core	*iclog)
591  {
592  	if (xlog_state_release_iclog(mp->m_log, iclog)) {
593  		xfs_force_shutdown(mp, SHUTDOWN_LOG_IO_ERROR);
594  		return -EIO;
595  	}
596  
597  	return 0;
598  }
599  
600  /*
601   * Mount a log filesystem
602   *
603   * mp		- ubiquitous xfs mount point structure
604   * log_target	- buftarg of on-disk log device
605   * blk_offset	- Start block # where block size is 512 bytes (BBSIZE)
606   * num_bblocks	- Number of BBSIZE blocks in on-disk log
607   *
608   * Return error or zero.
609   */
610  int
611  xfs_log_mount(
612  	xfs_mount_t	*mp,
613  	xfs_buftarg_t	*log_target,
614  	xfs_daddr_t	blk_offset,
615  	int		num_bblks)
616  {
617  	int		error = 0;
618  	int		min_logfsbs;
619  
620  	if (!(mp->m_flags & XFS_MOUNT_NORECOVERY)) {
621  		xfs_notice(mp, "Mounting V%d Filesystem",
622  			   XFS_SB_VERSION_NUM(&mp->m_sb));
623  	} else {
624  		xfs_notice(mp,
625  "Mounting V%d filesystem in no-recovery mode. Filesystem will be inconsistent.",
626  			   XFS_SB_VERSION_NUM(&mp->m_sb));
627  		ASSERT(mp->m_flags & XFS_MOUNT_RDONLY);
628  	}
629  
630  	mp->m_log = xlog_alloc_log(mp, log_target, blk_offset, num_bblks);
631  	if (IS_ERR(mp->m_log)) {
632  		error = PTR_ERR(mp->m_log);
633  		goto out;
634  	}
635  
636  	/*
637  	 * Validate the given log space and drop a critical message via syslog
638  	 * if the log size is too small that would lead to some unexpected
639  	 * situations in transaction log space reservation stage.
640  	 *
641  	 * Note: we can't just reject the mount if the validation fails.  This
642  	 * would mean that people would have to downgrade their kernel just to
643  	 * remedy the situation as there is no way to grow the log (short of
644  	 * black magic surgery with xfs_db).
645  	 *
646  	 * We can, however, reject mounts for CRC format filesystems, as the
647  	 * mkfs binary being used to make the filesystem should never create a
648  	 * filesystem with a log that is too small.
649  	 */
650  	min_logfsbs = xfs_log_calc_minimum_size(mp);
651  
652  	if (mp->m_sb.sb_logblocks < min_logfsbs) {
653  		xfs_warn(mp,
654  		"Log size %d blocks too small, minimum size is %d blocks",
655  			 mp->m_sb.sb_logblocks, min_logfsbs);
656  		error = -EINVAL;
657  	} else if (mp->m_sb.sb_logblocks > XFS_MAX_LOG_BLOCKS) {
658  		xfs_warn(mp,
659  		"Log size %d blocks too large, maximum size is %lld blocks",
660  			 mp->m_sb.sb_logblocks, XFS_MAX_LOG_BLOCKS);
661  		error = -EINVAL;
662  	} else if (XFS_FSB_TO_B(mp, mp->m_sb.sb_logblocks) > XFS_MAX_LOG_BYTES) {
663  		xfs_warn(mp,
664  		"log size %lld bytes too large, maximum size is %lld bytes",
665  			 XFS_FSB_TO_B(mp, mp->m_sb.sb_logblocks),
666  			 XFS_MAX_LOG_BYTES);
667  		error = -EINVAL;
668  	}
669  	if (error) {
670  		if (xfs_sb_version_hascrc(&mp->m_sb)) {
671  			xfs_crit(mp, "AAIEEE! Log failed size checks. Abort!");
672  			ASSERT(0);
673  			goto out_free_log;
674  		}
675  		xfs_crit(mp,
676  "Log size out of supported range. Continuing onwards, but if log hangs are\n"
677  "experienced then please report this message in the bug report.");
678  	}
679  
680  	/*
681  	 * Initialize the AIL now we have a log.
682  	 */
683  	error = xfs_trans_ail_init(mp);
684  	if (error) {
685  		xfs_warn(mp, "AIL initialisation failed: error %d", error);
686  		goto out_free_log;
687  	}
688  	mp->m_log->l_ailp = mp->m_ail;
689  
690  	/*
691  	 * skip log recovery on a norecovery mount.  pretend it all
692  	 * just worked.
693  	 */
694  	if (!(mp->m_flags & XFS_MOUNT_NORECOVERY)) {
695  		int	readonly = (mp->m_flags & XFS_MOUNT_RDONLY);
696  
697  		if (readonly)
698  			mp->m_flags &= ~XFS_MOUNT_RDONLY;
699  
700  		error = xlog_recover(mp->m_log);
701  
702  		if (readonly)
703  			mp->m_flags |= XFS_MOUNT_RDONLY;
704  		if (error) {
705  			xfs_warn(mp, "log mount/recovery failed: error %d",
706  				error);
707  			goto out_destroy_ail;
708  		}
709  	}
710  
711  	error = xfs_sysfs_init(&mp->m_log->l_kobj, &xfs_log_ktype, &mp->m_kobj,
712  			       "log");
713  	if (error)
714  		goto out_destroy_ail;
715  
716  	/* Normal transactions can now occur */
717  	mp->m_log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
718  
719  	/*
720  	 * Now the log has been fully initialised and we know were our
721  	 * space grant counters are, we can initialise the permanent ticket
722  	 * needed for delayed logging to work.
723  	 */
724  	xlog_cil_init_post_recovery(mp->m_log);
725  
726  	return 0;
727  
728  out_destroy_ail:
729  	xfs_trans_ail_destroy(mp);
730  out_free_log:
731  	xlog_dealloc_log(mp->m_log);
732  out:
733  	return error;
734  }
735  
736  /*
737   * Finish the recovery of the file system.  This is separate from the
738   * xfs_log_mount() call, because it depends on the code in xfs_mountfs() to read
739   * in the root and real-time bitmap inodes between calling xfs_log_mount() and
740   * here.
741   *
742   * If we finish recovery successfully, start the background log work. If we are
743   * not doing recovery, then we have a RO filesystem and we don't need to start
744   * it.
745   */
746  int
747  xfs_log_mount_finish(xfs_mount_t *mp)
748  {
749  	int	error = 0;
750  
751  	if (!(mp->m_flags & XFS_MOUNT_NORECOVERY)) {
752  		error = xlog_recover_finish(mp->m_log);
753  		if (!error)
754  			xfs_log_work_queue(mp);
755  	} else {
756  		ASSERT(mp->m_flags & XFS_MOUNT_RDONLY);
757  	}
758  
759  
760  	return error;
761  }
762  
763  /*
764   * Final log writes as part of unmount.
765   *
766   * Mark the filesystem clean as unmount happens.  Note that during relocation
767   * this routine needs to be executed as part of source-bag while the
768   * deallocation must not be done until source-end.
769   */
770  
771  /*
772   * Unmount record used to have a string "Unmount filesystem--" in the
773   * data section where the "Un" was really a magic number (XLOG_UNMOUNT_TYPE).
774   * We just write the magic number now since that particular field isn't
775   * currently architecture converted and "Unmount" is a bit foo.
776   * As far as I know, there weren't any dependencies on the old behaviour.
777   */
778  
779  int
780  xfs_log_unmount_write(xfs_mount_t *mp)
781  {
782  	struct xlog	 *log = mp->m_log;
783  	xlog_in_core_t	 *iclog;
784  #ifdef DEBUG
785  	xlog_in_core_t	 *first_iclog;
786  #endif
787  	xlog_ticket_t	*tic = NULL;
788  	xfs_lsn_t	 lsn;
789  	int		 error;
790  
791  	/*
792  	 * Don't write out unmount record on read-only mounts.
793  	 * Or, if we are doing a forced umount (typically because of IO errors).
794  	 */
795  	if (mp->m_flags & XFS_MOUNT_RDONLY)
796  		return 0;
797  
798  	error = _xfs_log_force(mp, XFS_LOG_SYNC, NULL);
799  	ASSERT(error || !(XLOG_FORCED_SHUTDOWN(log)));
800  
801  #ifdef DEBUG
802  	first_iclog = iclog = log->l_iclog;
803  	do {
804  		if (!(iclog->ic_state & XLOG_STATE_IOERROR)) {
805  			ASSERT(iclog->ic_state & XLOG_STATE_ACTIVE);
806  			ASSERT(iclog->ic_offset == 0);
807  		}
808  		iclog = iclog->ic_next;
809  	} while (iclog != first_iclog);
810  #endif
811  	if (! (XLOG_FORCED_SHUTDOWN(log))) {
812  		error = xfs_log_reserve(mp, 600, 1, &tic,
813  					XFS_LOG, 0, XLOG_UNMOUNT_REC_TYPE);
814  		if (!error) {
815  			/* the data section must be 32 bit size aligned */
816  			struct {
817  			    __uint16_t magic;
818  			    __uint16_t pad1;
819  			    __uint32_t pad2; /* may as well make it 64 bits */
820  			} magic = {
821  				.magic = XLOG_UNMOUNT_TYPE,
822  			};
823  			struct xfs_log_iovec reg = {
824  				.i_addr = &magic,
825  				.i_len = sizeof(magic),
826  				.i_type = XLOG_REG_TYPE_UNMOUNT,
827  			};
828  			struct xfs_log_vec vec = {
829  				.lv_niovecs = 1,
830  				.lv_iovecp = &reg,
831  			};
832  
833  			/* remove inited flag, and account for space used */
834  			tic->t_flags = 0;
835  			tic->t_curr_res -= sizeof(magic);
836  			error = xlog_write(log, &vec, tic, &lsn,
837  					   NULL, XLOG_UNMOUNT_TRANS);
838  			/*
839  			 * At this point, we're umounting anyway,
840  			 * so there's no point in transitioning log state
841  			 * to IOERROR. Just continue...
842  			 */
843  		}
844  
845  		if (error)
846  			xfs_alert(mp, "%s: unmount record failed", __func__);
847  
848  
849  		spin_lock(&log->l_icloglock);
850  		iclog = log->l_iclog;
851  		atomic_inc(&iclog->ic_refcnt);
852  		xlog_state_want_sync(log, iclog);
853  		spin_unlock(&log->l_icloglock);
854  		error = xlog_state_release_iclog(log, iclog);
855  
856  		spin_lock(&log->l_icloglock);
857  		if (!(iclog->ic_state == XLOG_STATE_ACTIVE ||
858  		      iclog->ic_state == XLOG_STATE_DIRTY)) {
859  			if (!XLOG_FORCED_SHUTDOWN(log)) {
860  				xlog_wait(&iclog->ic_force_wait,
861  							&log->l_icloglock);
862  			} else {
863  				spin_unlock(&log->l_icloglock);
864  			}
865  		} else {
866  			spin_unlock(&log->l_icloglock);
867  		}
868  		if (tic) {
869  			trace_xfs_log_umount_write(log, tic);
870  			xlog_ungrant_log_space(log, tic);
871  			xfs_log_ticket_put(tic);
872  		}
873  	} else {
874  		/*
875  		 * We're already in forced_shutdown mode, couldn't
876  		 * even attempt to write out the unmount transaction.
877  		 *
878  		 * Go through the motions of sync'ing and releasing
879  		 * the iclog, even though no I/O will actually happen,
880  		 * we need to wait for other log I/Os that may already
881  		 * be in progress.  Do this as a separate section of
882  		 * code so we'll know if we ever get stuck here that
883  		 * we're in this odd situation of trying to unmount
884  		 * a file system that went into forced_shutdown as
885  		 * the result of an unmount..
886  		 */
887  		spin_lock(&log->l_icloglock);
888  		iclog = log->l_iclog;
889  		atomic_inc(&iclog->ic_refcnt);
890  
891  		xlog_state_want_sync(log, iclog);
892  		spin_unlock(&log->l_icloglock);
893  		error =  xlog_state_release_iclog(log, iclog);
894  
895  		spin_lock(&log->l_icloglock);
896  
897  		if ( ! (   iclog->ic_state == XLOG_STATE_ACTIVE
898  			|| iclog->ic_state == XLOG_STATE_DIRTY
899  			|| iclog->ic_state == XLOG_STATE_IOERROR) ) {
900  
901  				xlog_wait(&iclog->ic_force_wait,
902  							&log->l_icloglock);
903  		} else {
904  			spin_unlock(&log->l_icloglock);
905  		}
906  	}
907  
908  	return error;
909  }	/* xfs_log_unmount_write */
910  
911  /*
912   * Empty the log for unmount/freeze.
913   *
914   * To do this, we first need to shut down the background log work so it is not
915   * trying to cover the log as we clean up. We then need to unpin all objects in
916   * the log so we can then flush them out. Once they have completed their IO and
917   * run the callbacks removing themselves from the AIL, we can write the unmount
918   * record.
919   */
920  void
921  xfs_log_quiesce(
922  	struct xfs_mount	*mp)
923  {
924  	cancel_delayed_work_sync(&mp->m_log->l_work);
925  	xfs_log_force(mp, XFS_LOG_SYNC);
926  
927  	/*
928  	 * The superblock buffer is uncached and while xfs_ail_push_all_sync()
929  	 * will push it, xfs_wait_buftarg() will not wait for it. Further,
930  	 * xfs_buf_iowait() cannot be used because it was pushed with the
931  	 * XBF_ASYNC flag set, so we need to use a lock/unlock pair to wait for
932  	 * the IO to complete.
933  	 */
934  	xfs_ail_push_all_sync(mp->m_ail);
935  	xfs_wait_buftarg(mp->m_ddev_targp);
936  	xfs_buf_lock(mp->m_sb_bp);
937  	xfs_buf_unlock(mp->m_sb_bp);
938  
939  	xfs_log_unmount_write(mp);
940  }
941  
942  /*
943   * Shut down and release the AIL and Log.
944   *
945   * During unmount, we need to ensure we flush all the dirty metadata objects
946   * from the AIL so that the log is empty before we write the unmount record to
947   * the log. Once this is done, we can tear down the AIL and the log.
948   */
949  void
950  xfs_log_unmount(
951  	struct xfs_mount	*mp)
952  {
953  	xfs_log_quiesce(mp);
954  
955  	xfs_trans_ail_destroy(mp);
956  
957  	xfs_sysfs_del(&mp->m_log->l_kobj);
958  
959  	xlog_dealloc_log(mp->m_log);
960  }
961  
962  void
963  xfs_log_item_init(
964  	struct xfs_mount	*mp,
965  	struct xfs_log_item	*item,
966  	int			type,
967  	const struct xfs_item_ops *ops)
968  {
969  	item->li_mountp = mp;
970  	item->li_ailp = mp->m_ail;
971  	item->li_type = type;
972  	item->li_ops = ops;
973  	item->li_lv = NULL;
974  
975  	INIT_LIST_HEAD(&item->li_ail);
976  	INIT_LIST_HEAD(&item->li_cil);
977  }
978  
979  /*
980   * Wake up processes waiting for log space after we have moved the log tail.
981   */
982  void
983  xfs_log_space_wake(
984  	struct xfs_mount	*mp)
985  {
986  	struct xlog		*log = mp->m_log;
987  	int			free_bytes;
988  
989  	if (XLOG_FORCED_SHUTDOWN(log))
990  		return;
991  
992  	if (!list_empty_careful(&log->l_write_head.waiters)) {
993  		ASSERT(!(log->l_flags & XLOG_ACTIVE_RECOVERY));
994  
995  		spin_lock(&log->l_write_head.lock);
996  		free_bytes = xlog_space_left(log, &log->l_write_head.grant);
997  		xlog_grant_head_wake(log, &log->l_write_head, &free_bytes);
998  		spin_unlock(&log->l_write_head.lock);
999  	}
1000  
1001  	if (!list_empty_careful(&log->l_reserve_head.waiters)) {
1002  		ASSERT(!(log->l_flags & XLOG_ACTIVE_RECOVERY));
1003  
1004  		spin_lock(&log->l_reserve_head.lock);
1005  		free_bytes = xlog_space_left(log, &log->l_reserve_head.grant);
1006  		xlog_grant_head_wake(log, &log->l_reserve_head, &free_bytes);
1007  		spin_unlock(&log->l_reserve_head.lock);
1008  	}
1009  }
1010  
1011  /*
1012   * Determine if we have a transaction that has gone to disk that needs to be
1013   * covered. To begin the transition to the idle state firstly the log needs to
1014   * be idle. That means the CIL, the AIL and the iclogs needs to be empty before
1015   * we start attempting to cover the log.
1016   *
1017   * Only if we are then in a state where covering is needed, the caller is
1018   * informed that dummy transactions are required to move the log into the idle
1019   * state.
1020   *
1021   * If there are any items in the AIl or CIL, then we do not want to attempt to
1022   * cover the log as we may be in a situation where there isn't log space
1023   * available to run a dummy transaction and this can lead to deadlocks when the
1024   * tail of the log is pinned by an item that is modified in the CIL.  Hence
1025   * there's no point in running a dummy transaction at this point because we
1026   * can't start trying to idle the log until both the CIL and AIL are empty.
1027   */
1028  int
1029  xfs_log_need_covered(xfs_mount_t *mp)
1030  {
1031  	struct xlog	*log = mp->m_log;
1032  	int		needed = 0;
1033  
1034  	if (!xfs_fs_writable(mp))
1035  		return 0;
1036  
1037  	if (!xlog_cil_empty(log))
1038  		return 0;
1039  
1040  	spin_lock(&log->l_icloglock);
1041  	switch (log->l_covered_state) {
1042  	case XLOG_STATE_COVER_DONE:
1043  	case XLOG_STATE_COVER_DONE2:
1044  	case XLOG_STATE_COVER_IDLE:
1045  		break;
1046  	case XLOG_STATE_COVER_NEED:
1047  	case XLOG_STATE_COVER_NEED2:
1048  		if (xfs_ail_min_lsn(log->l_ailp))
1049  			break;
1050  		if (!xlog_iclogs_empty(log))
1051  			break;
1052  
1053  		needed = 1;
1054  		if (log->l_covered_state == XLOG_STATE_COVER_NEED)
1055  			log->l_covered_state = XLOG_STATE_COVER_DONE;
1056  		else
1057  			log->l_covered_state = XLOG_STATE_COVER_DONE2;
1058  		break;
1059  	default:
1060  		needed = 1;
1061  		break;
1062  	}
1063  	spin_unlock(&log->l_icloglock);
1064  	return needed;
1065  }
1066  
1067  /*
1068   * We may be holding the log iclog lock upon entering this routine.
1069   */
1070  xfs_lsn_t
1071  xlog_assign_tail_lsn_locked(
1072  	struct xfs_mount	*mp)
1073  {
1074  	struct xlog		*log = mp->m_log;
1075  	struct xfs_log_item	*lip;
1076  	xfs_lsn_t		tail_lsn;
1077  
1078  	assert_spin_locked(&mp->m_ail->xa_lock);
1079  
1080  	/*
1081  	 * To make sure we always have a valid LSN for the log tail we keep
1082  	 * track of the last LSN which was committed in log->l_last_sync_lsn,
1083  	 * and use that when the AIL was empty.
1084  	 */
1085  	lip = xfs_ail_min(mp->m_ail);
1086  	if (lip)
1087  		tail_lsn = lip->li_lsn;
1088  	else
1089  		tail_lsn = atomic64_read(&log->l_last_sync_lsn);
1090  	trace_xfs_log_assign_tail_lsn(log, tail_lsn);
1091  	atomic64_set(&log->l_tail_lsn, tail_lsn);
1092  	return tail_lsn;
1093  }
1094  
1095  xfs_lsn_t
1096  xlog_assign_tail_lsn(
1097  	struct xfs_mount	*mp)
1098  {
1099  	xfs_lsn_t		tail_lsn;
1100  
1101  	spin_lock(&mp->m_ail->xa_lock);
1102  	tail_lsn = xlog_assign_tail_lsn_locked(mp);
1103  	spin_unlock(&mp->m_ail->xa_lock);
1104  
1105  	return tail_lsn;
1106  }
1107  
1108  /*
1109   * Return the space in the log between the tail and the head.  The head
1110   * is passed in the cycle/bytes formal parms.  In the special case where
1111   * the reserve head has wrapped passed the tail, this calculation is no
1112   * longer valid.  In this case, just return 0 which means there is no space
1113   * in the log.  This works for all places where this function is called
1114   * with the reserve head.  Of course, if the write head were to ever
1115   * wrap the tail, we should blow up.  Rather than catch this case here,
1116   * we depend on other ASSERTions in other parts of the code.   XXXmiken
1117   *
1118   * This code also handles the case where the reservation head is behind
1119   * the tail.  The details of this case are described below, but the end
1120   * result is that we return the size of the log as the amount of space left.
1121   */
1122  STATIC int
1123  xlog_space_left(
1124  	struct xlog	*log,
1125  	atomic64_t	*head)
1126  {
1127  	int		free_bytes;
1128  	int		tail_bytes;
1129  	int		tail_cycle;
1130  	int		head_cycle;
1131  	int		head_bytes;
1132  
1133  	xlog_crack_grant_head(head, &head_cycle, &head_bytes);
1134  	xlog_crack_atomic_lsn(&log->l_tail_lsn, &tail_cycle, &tail_bytes);
1135  	tail_bytes = BBTOB(tail_bytes);
1136  	if (tail_cycle == head_cycle && head_bytes >= tail_bytes)
1137  		free_bytes = log->l_logsize - (head_bytes - tail_bytes);
1138  	else if (tail_cycle + 1 < head_cycle)
1139  		return 0;
1140  	else if (tail_cycle < head_cycle) {
1141  		ASSERT(tail_cycle == (head_cycle - 1));
1142  		free_bytes = tail_bytes - head_bytes;
1143  	} else {
1144  		/*
1145  		 * The reservation head is behind the tail.
1146  		 * In this case we just want to return the size of the
1147  		 * log as the amount of space left.
1148  		 */
1149  		xfs_alert(log->l_mp,
1150  			"xlog_space_left: head behind tail\n"
1151  			"  tail_cycle = %d, tail_bytes = %d\n"
1152  			"  GH   cycle = %d, GH   bytes = %d",
1153  			tail_cycle, tail_bytes, head_cycle, head_bytes);
1154  		ASSERT(0);
1155  		free_bytes = log->l_logsize;
1156  	}
1157  	return free_bytes;
1158  }
1159  
1160  
1161  /*
1162   * Log function which is called when an io completes.
1163   *
1164   * The log manager needs its own routine, in order to control what
1165   * happens with the buffer after the write completes.
1166   */
1167  void
1168  xlog_iodone(xfs_buf_t *bp)
1169  {
1170  	struct xlog_in_core	*iclog = bp->b_fspriv;
1171  	struct xlog		*l = iclog->ic_log;
1172  	int			aborted = 0;
1173  
1174  	/*
1175  	 * Race to shutdown the filesystem if we see an error.
1176  	 */
1177  	if (XFS_TEST_ERROR(bp->b_error, l->l_mp,
1178  			XFS_ERRTAG_IODONE_IOERR, XFS_RANDOM_IODONE_IOERR)) {
1179  		xfs_buf_ioerror_alert(bp, __func__);
1180  		xfs_buf_stale(bp);
1181  		xfs_force_shutdown(l->l_mp, SHUTDOWN_LOG_IO_ERROR);
1182  		/*
1183  		 * This flag will be propagated to the trans-committed
1184  		 * callback routines to let them know that the log-commit
1185  		 * didn't succeed.
1186  		 */
1187  		aborted = XFS_LI_ABORTED;
1188  	} else if (iclog->ic_state & XLOG_STATE_IOERROR) {
1189  		aborted = XFS_LI_ABORTED;
1190  	}
1191  
1192  	/* log I/O is always issued ASYNC */
1193  	ASSERT(XFS_BUF_ISASYNC(bp));
1194  	xlog_state_done_syncing(iclog, aborted);
1195  
1196  	/*
1197  	 * drop the buffer lock now that we are done. Nothing references
1198  	 * the buffer after this, so an unmount waiting on this lock can now
1199  	 * tear it down safely. As such, it is unsafe to reference the buffer
1200  	 * (bp) after the unlock as we could race with it being freed.
1201  	 */
1202  	xfs_buf_unlock(bp);
1203  }
1204  
1205  /*
1206   * Return size of each in-core log record buffer.
1207   *
1208   * All machines get 8 x 32kB buffers by default, unless tuned otherwise.
1209   *
1210   * If the filesystem blocksize is too large, we may need to choose a
1211   * larger size since the directory code currently logs entire blocks.
1212   */
1213  
1214  STATIC void
1215  xlog_get_iclog_buffer_size(
1216  	struct xfs_mount	*mp,
1217  	struct xlog		*log)
1218  {
1219  	int size;
1220  	int xhdrs;
1221  
1222  	if (mp->m_logbufs <= 0)
1223  		log->l_iclog_bufs = XLOG_MAX_ICLOGS;
1224  	else
1225  		log->l_iclog_bufs = mp->m_logbufs;
1226  
1227  	/*
1228  	 * Buffer size passed in from mount system call.
1229  	 */
1230  	if (mp->m_logbsize > 0) {
1231  		size = log->l_iclog_size = mp->m_logbsize;
1232  		log->l_iclog_size_log = 0;
1233  		while (size != 1) {
1234  			log->l_iclog_size_log++;
1235  			size >>= 1;
1236  		}
1237  
1238  		if (xfs_sb_version_haslogv2(&mp->m_sb)) {
1239  			/* # headers = size / 32k
1240  			 * one header holds cycles from 32k of data
1241  			 */
1242  
1243  			xhdrs = mp->m_logbsize / XLOG_HEADER_CYCLE_SIZE;
1244  			if (mp->m_logbsize % XLOG_HEADER_CYCLE_SIZE)
1245  				xhdrs++;
1246  			log->l_iclog_hsize = xhdrs << BBSHIFT;
1247  			log->l_iclog_heads = xhdrs;
1248  		} else {
1249  			ASSERT(mp->m_logbsize <= XLOG_BIG_RECORD_BSIZE);
1250  			log->l_iclog_hsize = BBSIZE;
1251  			log->l_iclog_heads = 1;
1252  		}
1253  		goto done;
1254  	}
1255  
1256  	/* All machines use 32kB buffers by default. */
1257  	log->l_iclog_size = XLOG_BIG_RECORD_BSIZE;
1258  	log->l_iclog_size_log = XLOG_BIG_RECORD_BSHIFT;
1259  
1260  	/* the default log size is 16k or 32k which is one header sector */
1261  	log->l_iclog_hsize = BBSIZE;
1262  	log->l_iclog_heads = 1;
1263  
1264  done:
1265  	/* are we being asked to make the sizes selected above visible? */
1266  	if (mp->m_logbufs == 0)
1267  		mp->m_logbufs = log->l_iclog_bufs;
1268  	if (mp->m_logbsize == 0)
1269  		mp->m_logbsize = log->l_iclog_size;
1270  }	/* xlog_get_iclog_buffer_size */
1271  
1272  
1273  void
1274  xfs_log_work_queue(
1275  	struct xfs_mount        *mp)
1276  {
1277  	queue_delayed_work(mp->m_log_workqueue, &mp->m_log->l_work,
1278  				msecs_to_jiffies(xfs_syncd_centisecs * 10));
1279  }
1280  
1281  /*
1282   * Every sync period we need to unpin all items in the AIL and push them to
1283   * disk. If there is nothing dirty, then we might need to cover the log to
1284   * indicate that the filesystem is idle.
1285   */
1286  void
1287  xfs_log_worker(
1288  	struct work_struct	*work)
1289  {
1290  	struct xlog		*log = container_of(to_delayed_work(work),
1291  						struct xlog, l_work);
1292  	struct xfs_mount	*mp = log->l_mp;
1293  
1294  	/* dgc: errors ignored - not fatal and nowhere to report them */
1295  	if (xfs_log_need_covered(mp))
1296  		xfs_fs_log_dummy(mp);
1297  	else
1298  		xfs_log_force(mp, 0);
1299  
1300  	/* start pushing all the metadata that is currently dirty */
1301  	xfs_ail_push_all(mp->m_ail);
1302  
1303  	/* queue us up again */
1304  	xfs_log_work_queue(mp);
1305  }
1306  
1307  /*
1308   * This routine initializes some of the log structure for a given mount point.
1309   * Its primary purpose is to fill in enough, so recovery can occur.  However,
1310   * some other stuff may be filled in too.
1311   */
1312  STATIC struct xlog *
1313  xlog_alloc_log(
1314  	struct xfs_mount	*mp,
1315  	struct xfs_buftarg	*log_target,
1316  	xfs_daddr_t		blk_offset,
1317  	int			num_bblks)
1318  {
1319  	struct xlog		*log;
1320  	xlog_rec_header_t	*head;
1321  	xlog_in_core_t		**iclogp;
1322  	xlog_in_core_t		*iclog, *prev_iclog=NULL;
1323  	xfs_buf_t		*bp;
1324  	int			i;
1325  	int			error = -ENOMEM;
1326  	uint			log2_size = 0;
1327  
1328  	log = kmem_zalloc(sizeof(struct xlog), KM_MAYFAIL);
1329  	if (!log) {
1330  		xfs_warn(mp, "Log allocation failed: No memory!");
1331  		goto out;
1332  	}
1333  
1334  	log->l_mp	   = mp;
1335  	log->l_targ	   = log_target;
1336  	log->l_logsize     = BBTOB(num_bblks);
1337  	log->l_logBBstart  = blk_offset;
1338  	log->l_logBBsize   = num_bblks;
1339  	log->l_covered_state = XLOG_STATE_COVER_IDLE;
1340  	log->l_flags	   |= XLOG_ACTIVE_RECOVERY;
1341  	INIT_DELAYED_WORK(&log->l_work, xfs_log_worker);
1342  
1343  	log->l_prev_block  = -1;
1344  	/* log->l_tail_lsn = 0x100000000LL; cycle = 1; current block = 0 */
1345  	xlog_assign_atomic_lsn(&log->l_tail_lsn, 1, 0);
1346  	xlog_assign_atomic_lsn(&log->l_last_sync_lsn, 1, 0);
1347  	log->l_curr_cycle  = 1;	    /* 0 is bad since this is initial value */
1348  
1349  	xlog_grant_head_init(&log->l_reserve_head);
1350  	xlog_grant_head_init(&log->l_write_head);
1351  
1352  	error = -EFSCORRUPTED;
1353  	if (xfs_sb_version_hassector(&mp->m_sb)) {
1354  	        log2_size = mp->m_sb.sb_logsectlog;
1355  		if (log2_size < BBSHIFT) {
1356  			xfs_warn(mp, "Log sector size too small (0x%x < 0x%x)",
1357  				log2_size, BBSHIFT);
1358  			goto out_free_log;
1359  		}
1360  
1361  	        log2_size -= BBSHIFT;
1362  		if (log2_size > mp->m_sectbb_log) {
1363  			xfs_warn(mp, "Log sector size too large (0x%x > 0x%x)",
1364  				log2_size, mp->m_sectbb_log);
1365  			goto out_free_log;
1366  		}
1367  
1368  		/* for larger sector sizes, must have v2 or external log */
1369  		if (log2_size && log->l_logBBstart > 0 &&
1370  			    !xfs_sb_version_haslogv2(&mp->m_sb)) {
1371  			xfs_warn(mp,
1372  		"log sector size (0x%x) invalid for configuration.",
1373  				log2_size);
1374  			goto out_free_log;
1375  		}
1376  	}
1377  	log->l_sectBBsize = 1 << log2_size;
1378  
1379  	xlog_get_iclog_buffer_size(mp, log);
1380  
1381  	/*
1382  	 * Use a NULL block for the extra log buffer used during splits so that
1383  	 * it will trigger errors if we ever try to do IO on it without first
1384  	 * having set it up properly.
1385  	 */
1386  	error = -ENOMEM;
1387  	bp = xfs_buf_alloc(mp->m_logdev_targp, XFS_BUF_DADDR_NULL,
1388  			   BTOBB(log->l_iclog_size), 0);
1389  	if (!bp)
1390  		goto out_free_log;
1391  
1392  	/*
1393  	 * The iclogbuf buffer locks are held over IO but we are not going to do
1394  	 * IO yet.  Hence unlock the buffer so that the log IO path can grab it
1395  	 * when appropriately.
1396  	 */
1397  	ASSERT(xfs_buf_islocked(bp));
1398  	xfs_buf_unlock(bp);
1399  
1400  	bp->b_iodone = xlog_iodone;
1401  	log->l_xbuf = bp;
1402  
1403  	spin_lock_init(&log->l_icloglock);
1404  	init_waitqueue_head(&log->l_flush_wait);
1405  
1406  	iclogp = &log->l_iclog;
1407  	/*
1408  	 * The amount of memory to allocate for the iclog structure is
1409  	 * rather funky due to the way the structure is defined.  It is
1410  	 * done this way so that we can use different sizes for machines
1411  	 * with different amounts of memory.  See the definition of
1412  	 * xlog_in_core_t in xfs_log_priv.h for details.
1413  	 */
1414  	ASSERT(log->l_iclog_size >= 4096);
1415  	for (i=0; i < log->l_iclog_bufs; i++) {
1416  		*iclogp = kmem_zalloc(sizeof(xlog_in_core_t), KM_MAYFAIL);
1417  		if (!*iclogp)
1418  			goto out_free_iclog;
1419  
1420  		iclog = *iclogp;
1421  		iclog->ic_prev = prev_iclog;
1422  		prev_iclog = iclog;
1423  
1424  		bp = xfs_buf_get_uncached(mp->m_logdev_targp,
1425  						BTOBB(log->l_iclog_size), 0);
1426  		if (!bp)
1427  			goto out_free_iclog;
1428  
1429  		ASSERT(xfs_buf_islocked(bp));
1430  		xfs_buf_unlock(bp);
1431  
1432  		bp->b_iodone = xlog_iodone;
1433  		iclog->ic_bp = bp;
1434  		iclog->ic_data = bp->b_addr;
1435  #ifdef DEBUG
1436  		log->l_iclog_bak[i] = (xfs_caddr_t)&(iclog->ic_header);
1437  #endif
1438  		head = &iclog->ic_header;
1439  		memset(head, 0, sizeof(xlog_rec_header_t));
1440  		head->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1441  		head->h_version = cpu_to_be32(
1442  			xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1443  		head->h_size = cpu_to_be32(log->l_iclog_size);
1444  		/* new fields */
1445  		head->h_fmt = cpu_to_be32(XLOG_FMT);
1446  		memcpy(&head->h_fs_uuid, &mp->m_sb.sb_uuid, sizeof(uuid_t));
1447  
1448  		iclog->ic_size = BBTOB(bp->b_length) - log->l_iclog_hsize;
1449  		iclog->ic_state = XLOG_STATE_ACTIVE;
1450  		iclog->ic_log = log;
1451  		atomic_set(&iclog->ic_refcnt, 0);
1452  		spin_lock_init(&iclog->ic_callback_lock);
1453  		iclog->ic_callback_tail = &(iclog->ic_callback);
1454  		iclog->ic_datap = (char *)iclog->ic_data + log->l_iclog_hsize;
1455  
1456  		init_waitqueue_head(&iclog->ic_force_wait);
1457  		init_waitqueue_head(&iclog->ic_write_wait);
1458  
1459  		iclogp = &iclog->ic_next;
1460  	}
1461  	*iclogp = log->l_iclog;			/* complete ring */
1462  	log->l_iclog->ic_prev = prev_iclog;	/* re-write 1st prev ptr */
1463  
1464  	error = xlog_cil_init(log);
1465  	if (error)
1466  		goto out_free_iclog;
1467  	return log;
1468  
1469  out_free_iclog:
1470  	for (iclog = log->l_iclog; iclog; iclog = prev_iclog) {
1471  		prev_iclog = iclog->ic_next;
1472  		if (iclog->ic_bp)
1473  			xfs_buf_free(iclog->ic_bp);
1474  		kmem_free(iclog);
1475  	}
1476  	spinlock_destroy(&log->l_icloglock);
1477  	xfs_buf_free(log->l_xbuf);
1478  out_free_log:
1479  	kmem_free(log);
1480  out:
1481  	return ERR_PTR(error);
1482  }	/* xlog_alloc_log */
1483  
1484  
1485  /*
1486   * Write out the commit record of a transaction associated with the given
1487   * ticket.  Return the lsn of the commit record.
1488   */
1489  STATIC int
1490  xlog_commit_record(
1491  	struct xlog		*log,
1492  	struct xlog_ticket	*ticket,
1493  	struct xlog_in_core	**iclog,
1494  	xfs_lsn_t		*commitlsnp)
1495  {
1496  	struct xfs_mount *mp = log->l_mp;
1497  	int	error;
1498  	struct xfs_log_iovec reg = {
1499  		.i_addr = NULL,
1500  		.i_len = 0,
1501  		.i_type = XLOG_REG_TYPE_COMMIT,
1502  	};
1503  	struct xfs_log_vec vec = {
1504  		.lv_niovecs = 1,
1505  		.lv_iovecp = &reg,
1506  	};
1507  
1508  	ASSERT_ALWAYS(iclog);
1509  	error = xlog_write(log, &vec, ticket, commitlsnp, iclog,
1510  					XLOG_COMMIT_TRANS);
1511  	if (error)
1512  		xfs_force_shutdown(mp, SHUTDOWN_LOG_IO_ERROR);
1513  	return error;
1514  }
1515  
1516  /*
1517   * Push on the buffer cache code if we ever use more than 75% of the on-disk
1518   * log space.  This code pushes on the lsn which would supposedly free up
1519   * the 25% which we want to leave free.  We may need to adopt a policy which
1520   * pushes on an lsn which is further along in the log once we reach the high
1521   * water mark.  In this manner, we would be creating a low water mark.
1522   */
1523  STATIC void
1524  xlog_grant_push_ail(
1525  	struct xlog	*log,
1526  	int		need_bytes)
1527  {
1528  	xfs_lsn_t	threshold_lsn = 0;
1529  	xfs_lsn_t	last_sync_lsn;
1530  	int		free_blocks;
1531  	int		free_bytes;
1532  	int		threshold_block;
1533  	int		threshold_cycle;
1534  	int		free_threshold;
1535  
1536  	ASSERT(BTOBB(need_bytes) < log->l_logBBsize);
1537  
1538  	free_bytes = xlog_space_left(log, &log->l_reserve_head.grant);
1539  	free_blocks = BTOBBT(free_bytes);
1540  
1541  	/*
1542  	 * Set the threshold for the minimum number of free blocks in the
1543  	 * log to the maximum of what the caller needs, one quarter of the
1544  	 * log, and 256 blocks.
1545  	 */
1546  	free_threshold = BTOBB(need_bytes);
1547  	free_threshold = MAX(free_threshold, (log->l_logBBsize >> 2));
1548  	free_threshold = MAX(free_threshold, 256);
1549  	if (free_blocks >= free_threshold)
1550  		return;
1551  
1552  	xlog_crack_atomic_lsn(&log->l_tail_lsn, &threshold_cycle,
1553  						&threshold_block);
1554  	threshold_block += free_threshold;
1555  	if (threshold_block >= log->l_logBBsize) {
1556  		threshold_block -= log->l_logBBsize;
1557  		threshold_cycle += 1;
1558  	}
1559  	threshold_lsn = xlog_assign_lsn(threshold_cycle,
1560  					threshold_block);
1561  	/*
1562  	 * Don't pass in an lsn greater than the lsn of the last
1563  	 * log record known to be on disk. Use a snapshot of the last sync lsn
1564  	 * so that it doesn't change between the compare and the set.
1565  	 */
1566  	last_sync_lsn = atomic64_read(&log->l_last_sync_lsn);
1567  	if (XFS_LSN_CMP(threshold_lsn, last_sync_lsn) > 0)
1568  		threshold_lsn = last_sync_lsn;
1569  
1570  	/*
1571  	 * Get the transaction layer to kick the dirty buffers out to
1572  	 * disk asynchronously. No point in trying to do this if
1573  	 * the filesystem is shutting down.
1574  	 */
1575  	if (!XLOG_FORCED_SHUTDOWN(log))
1576  		xfs_ail_push(log->l_ailp, threshold_lsn);
1577  }
1578  
1579  /*
1580   * Stamp cycle number in every block
1581   */
1582  STATIC void
1583  xlog_pack_data(
1584  	struct xlog		*log,
1585  	struct xlog_in_core	*iclog,
1586  	int			roundoff)
1587  {
1588  	int			i, j, k;
1589  	int			size = iclog->ic_offset + roundoff;
1590  	__be32			cycle_lsn;
1591  	xfs_caddr_t		dp;
1592  
1593  	cycle_lsn = CYCLE_LSN_DISK(iclog->ic_header.h_lsn);
1594  
1595  	dp = iclog->ic_datap;
1596  	for (i = 0; i < BTOBB(size); i++) {
1597  		if (i >= (XLOG_HEADER_CYCLE_SIZE / BBSIZE))
1598  			break;
1599  		iclog->ic_header.h_cycle_data[i] = *(__be32 *)dp;
1600  		*(__be32 *)dp = cycle_lsn;
1601  		dp += BBSIZE;
1602  	}
1603  
1604  	if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1605  		xlog_in_core_2_t *xhdr = iclog->ic_data;
1606  
1607  		for ( ; i < BTOBB(size); i++) {
1608  			j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
1609  			k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
1610  			xhdr[j].hic_xheader.xh_cycle_data[k] = *(__be32 *)dp;
1611  			*(__be32 *)dp = cycle_lsn;
1612  			dp += BBSIZE;
1613  		}
1614  
1615  		for (i = 1; i < log->l_iclog_heads; i++)
1616  			xhdr[i].hic_xheader.xh_cycle = cycle_lsn;
1617  	}
1618  }
1619  
1620  /*
1621   * Calculate the checksum for a log buffer.
1622   *
1623   * This is a little more complicated than it should be because the various
1624   * headers and the actual data are non-contiguous.
1625   */
1626  __le32
1627  xlog_cksum(
1628  	struct xlog		*log,
1629  	struct xlog_rec_header	*rhead,
1630  	char			*dp,
1631  	int			size)
1632  {
1633  	__uint32_t		crc;
1634  
1635  	/* first generate the crc for the record header ... */
1636  	crc = xfs_start_cksum((char *)rhead,
1637  			      sizeof(struct xlog_rec_header),
1638  			      offsetof(struct xlog_rec_header, h_crc));
1639  
1640  	/* ... then for additional cycle data for v2 logs ... */
1641  	if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1642  		union xlog_in_core2 *xhdr = (union xlog_in_core2 *)rhead;
1643  		int		i;
1644  
1645  		for (i = 1; i < log->l_iclog_heads; i++) {
1646  			crc = crc32c(crc, &xhdr[i].hic_xheader,
1647  				     sizeof(struct xlog_rec_ext_header));
1648  		}
1649  	}
1650  
1651  	/* ... and finally for the payload */
1652  	crc = crc32c(crc, dp, size);
1653  
1654  	return xfs_end_cksum(crc);
1655  }
1656  
1657  /*
1658   * The bdstrat callback function for log bufs. This gives us a central
1659   * place to trap bufs in case we get hit by a log I/O error and need to
1660   * shutdown. Actually, in practice, even when we didn't get a log error,
1661   * we transition the iclogs to IOERROR state *after* flushing all existing
1662   * iclogs to disk. This is because we don't want anymore new transactions to be
1663   * started or completed afterwards.
1664   *
1665   * We lock the iclogbufs here so that we can serialise against IO completion
1666   * during unmount. We might be processing a shutdown triggered during unmount,
1667   * and that can occur asynchronously to the unmount thread, and hence we need to
1668   * ensure that completes before tearing down the iclogbufs. Hence we need to
1669   * hold the buffer lock across the log IO to acheive that.
1670   */
1671  STATIC int
1672  xlog_bdstrat(
1673  	struct xfs_buf		*bp)
1674  {
1675  	struct xlog_in_core	*iclog = bp->b_fspriv;
1676  
1677  	xfs_buf_lock(bp);
1678  	if (iclog->ic_state & XLOG_STATE_IOERROR) {
1679  		xfs_buf_ioerror(bp, -EIO);
1680  		xfs_buf_stale(bp);
1681  		xfs_buf_ioend(bp, 0);
1682  		/*
1683  		 * It would seem logical to return EIO here, but we rely on
1684  		 * the log state machine to propagate I/O errors instead of
1685  		 * doing it here. Similarly, IO completion will unlock the
1686  		 * buffer, so we don't do it here.
1687  		 */
1688  		return 0;
1689  	}
1690  
1691  	xfs_buf_iorequest(bp);
1692  	return 0;
1693  }
1694  
1695  /*
1696   * Flush out the in-core log (iclog) to the on-disk log in an asynchronous
1697   * fashion.  Previously, we should have moved the current iclog
1698   * ptr in the log to point to the next available iclog.  This allows further
1699   * write to continue while this code syncs out an iclog ready to go.
1700   * Before an in-core log can be written out, the data section must be scanned
1701   * to save away the 1st word of each BBSIZE block into the header.  We replace
1702   * it with the current cycle count.  Each BBSIZE block is tagged with the
1703   * cycle count because there in an implicit assumption that drives will
1704   * guarantee that entire 512 byte blocks get written at once.  In other words,
1705   * we can't have part of a 512 byte block written and part not written.  By
1706   * tagging each block, we will know which blocks are valid when recovering
1707   * after an unclean shutdown.
1708   *
1709   * This routine is single threaded on the iclog.  No other thread can be in
1710   * this routine with the same iclog.  Changing contents of iclog can there-
1711   * fore be done without grabbing the state machine lock.  Updating the global
1712   * log will require grabbing the lock though.
1713   *
1714   * The entire log manager uses a logical block numbering scheme.  Only
1715   * log_sync (and then only bwrite()) know about the fact that the log may
1716   * not start with block zero on a given device.  The log block start offset
1717   * is added immediately before calling bwrite().
1718   */
1719  
1720  STATIC int
1721  xlog_sync(
1722  	struct xlog		*log,
1723  	struct xlog_in_core	*iclog)
1724  {
1725  	xfs_buf_t	*bp;
1726  	int		i;
1727  	uint		count;		/* byte count of bwrite */
1728  	uint		count_init;	/* initial count before roundup */
1729  	int		roundoff;       /* roundoff to BB or stripe */
1730  	int		split = 0;	/* split write into two regions */
1731  	int		error;
1732  	int		v2 = xfs_sb_version_haslogv2(&log->l_mp->m_sb);
1733  	int		size;
1734  
1735  	XFS_STATS_INC(xs_log_writes);
1736  	ASSERT(atomic_read(&iclog->ic_refcnt) == 0);
1737  
1738  	/* Add for LR header */
1739  	count_init = log->l_iclog_hsize + iclog->ic_offset;
1740  
1741  	/* Round out the log write size */
1742  	if (v2 && log->l_mp->m_sb.sb_logsunit > 1) {
1743  		/* we have a v2 stripe unit to use */
1744  		count = XLOG_LSUNITTOB(log, XLOG_BTOLSUNIT(log, count_init));
1745  	} else {
1746  		count = BBTOB(BTOBB(count_init));
1747  	}
1748  	roundoff = count - count_init;
1749  	ASSERT(roundoff >= 0);
1750  	ASSERT((v2 && log->l_mp->m_sb.sb_logsunit > 1 &&
1751                  roundoff < log->l_mp->m_sb.sb_logsunit)
1752  		||
1753  		(log->l_mp->m_sb.sb_logsunit <= 1 &&
1754  		 roundoff < BBTOB(1)));
1755  
1756  	/* move grant heads by roundoff in sync */
1757  	xlog_grant_add_space(log, &log->l_reserve_head.grant, roundoff);
1758  	xlog_grant_add_space(log, &log->l_write_head.grant, roundoff);
1759  
1760  	/* put cycle number in every block */
1761  	xlog_pack_data(log, iclog, roundoff);
1762  
1763  	/* real byte length */
1764  	size = iclog->ic_offset;
1765  	if (v2)
1766  		size += roundoff;
1767  	iclog->ic_header.h_len = cpu_to_be32(size);
1768  
1769  	bp = iclog->ic_bp;
1770  	XFS_BUF_SET_ADDR(bp, BLOCK_LSN(be64_to_cpu(iclog->ic_header.h_lsn)));
1771  
1772  	XFS_STATS_ADD(xs_log_blocks, BTOBB(count));
1773  
1774  	/* Do we need to split this write into 2 parts? */
1775  	if (XFS_BUF_ADDR(bp) + BTOBB(count) > log->l_logBBsize) {
1776  		char		*dptr;
1777  
1778  		split = count - (BBTOB(log->l_logBBsize - XFS_BUF_ADDR(bp)));
1779  		count = BBTOB(log->l_logBBsize - XFS_BUF_ADDR(bp));
1780  		iclog->ic_bwritecnt = 2;
1781  
1782  		/*
1783  		 * Bump the cycle numbers at the start of each block in the
1784  		 * part of the iclog that ends up in the buffer that gets
1785  		 * written to the start of the log.
1786  		 *
1787  		 * Watch out for the header magic number case, though.
1788  		 */
1789  		dptr = (char *)&iclog->ic_header + count;
1790  		for (i = 0; i < split; i += BBSIZE) {
1791  			__uint32_t cycle = be32_to_cpu(*(__be32 *)dptr);
1792  			if (++cycle == XLOG_HEADER_MAGIC_NUM)
1793  				cycle++;
1794  			*(__be32 *)dptr = cpu_to_be32(cycle);
1795  
1796  			dptr += BBSIZE;
1797  		}
1798  	} else {
1799  		iclog->ic_bwritecnt = 1;
1800  	}
1801  
1802  	/* calculcate the checksum */
1803  	iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header,
1804  					    iclog->ic_datap, size);
1805  
1806  	bp->b_io_length = BTOBB(count);
1807  	bp->b_fspriv = iclog;
1808  	XFS_BUF_ZEROFLAGS(bp);
1809  	XFS_BUF_ASYNC(bp);
1810  	bp->b_flags |= XBF_SYNCIO;
1811  
1812  	if (log->l_mp->m_flags & XFS_MOUNT_BARRIER) {
1813  		bp->b_flags |= XBF_FUA;
1814  
1815  		/*
1816  		 * Flush the data device before flushing the log to make
1817  		 * sure all meta data written back from the AIL actually made
1818  		 * it to disk before stamping the new log tail LSN into the
1819  		 * log buffer.  For an external log we need to issue the
1820  		 * flush explicitly, and unfortunately synchronously here;
1821  		 * for an internal log we can simply use the block layer
1822  		 * state machine for preflushes.
1823  		 */
1824  		if (log->l_mp->m_logdev_targp != log->l_mp->m_ddev_targp)
1825  			xfs_blkdev_issue_flush(log->l_mp->m_ddev_targp);
1826  		else
1827  			bp->b_flags |= XBF_FLUSH;
1828  	}
1829  
1830  	ASSERT(XFS_BUF_ADDR(bp) <= log->l_logBBsize-1);
1831  	ASSERT(XFS_BUF_ADDR(bp) + BTOBB(count) <= log->l_logBBsize);
1832  
1833  	xlog_verify_iclog(log, iclog, count, true);
1834  
1835  	/* account for log which doesn't start at block #0 */
1836  	XFS_BUF_SET_ADDR(bp, XFS_BUF_ADDR(bp) + log->l_logBBstart);
1837  	/*
1838  	 * Don't call xfs_bwrite here. We do log-syncs even when the filesystem
1839  	 * is shutting down.
1840  	 */
1841  	XFS_BUF_WRITE(bp);
1842  
1843  	error = xlog_bdstrat(bp);
1844  	if (error) {
1845  		xfs_buf_ioerror_alert(bp, "xlog_sync");
1846  		return error;
1847  	}
1848  	if (split) {
1849  		bp = iclog->ic_log->l_xbuf;
1850  		XFS_BUF_SET_ADDR(bp, 0);	     /* logical 0 */
1851  		xfs_buf_associate_memory(bp,
1852  				(char *)&iclog->ic_header + count, split);
1853  		bp->b_fspriv = iclog;
1854  		XFS_BUF_ZEROFLAGS(bp);
1855  		XFS_BUF_ASYNC(bp);
1856  		bp->b_flags |= XBF_SYNCIO;
1857  		if (log->l_mp->m_flags & XFS_MOUNT_BARRIER)
1858  			bp->b_flags |= XBF_FUA;
1859  
1860  		ASSERT(XFS_BUF_ADDR(bp) <= log->l_logBBsize-1);
1861  		ASSERT(XFS_BUF_ADDR(bp) + BTOBB(count) <= log->l_logBBsize);
1862  
1863  		/* account for internal log which doesn't start at block #0 */
1864  		XFS_BUF_SET_ADDR(bp, XFS_BUF_ADDR(bp) + log->l_logBBstart);
1865  		XFS_BUF_WRITE(bp);
1866  		error = xlog_bdstrat(bp);
1867  		if (error) {
1868  			xfs_buf_ioerror_alert(bp, "xlog_sync (split)");
1869  			return error;
1870  		}
1871  	}
1872  	return 0;
1873  }	/* xlog_sync */
1874  
1875  /*
1876   * Deallocate a log structure
1877   */
1878  STATIC void
1879  xlog_dealloc_log(
1880  	struct xlog	*log)
1881  {
1882  	xlog_in_core_t	*iclog, *next_iclog;
1883  	int		i;
1884  
1885  	xlog_cil_destroy(log);
1886  
1887  	/*
1888  	 * Cycle all the iclogbuf locks to make sure all log IO completion
1889  	 * is done before we tear down these buffers.
1890  	 */
1891  	iclog = log->l_iclog;
1892  	for (i = 0; i < log->l_iclog_bufs; i++) {
1893  		xfs_buf_lock(iclog->ic_bp);
1894  		xfs_buf_unlock(iclog->ic_bp);
1895  		iclog = iclog->ic_next;
1896  	}
1897  
1898  	/*
1899  	 * Always need to ensure that the extra buffer does not point to memory
1900  	 * owned by another log buffer before we free it. Also, cycle the lock
1901  	 * first to ensure we've completed IO on it.
1902  	 */
1903  	xfs_buf_lock(log->l_xbuf);
1904  	xfs_buf_unlock(log->l_xbuf);
1905  	xfs_buf_set_empty(log->l_xbuf, BTOBB(log->l_iclog_size));
1906  	xfs_buf_free(log->l_xbuf);
1907  
1908  	iclog = log->l_iclog;
1909  	for (i = 0; i < log->l_iclog_bufs; i++) {
1910  		xfs_buf_free(iclog->ic_bp);
1911  		next_iclog = iclog->ic_next;
1912  		kmem_free(iclog);
1913  		iclog = next_iclog;
1914  	}
1915  	spinlock_destroy(&log->l_icloglock);
1916  
1917  	log->l_mp->m_log = NULL;
1918  	kmem_free(log);
1919  }	/* xlog_dealloc_log */
1920  
1921  /*
1922   * Update counters atomically now that memcpy is done.
1923   */
1924  /* ARGSUSED */
1925  static inline void
1926  xlog_state_finish_copy(
1927  	struct xlog		*log,
1928  	struct xlog_in_core	*iclog,
1929  	int			record_cnt,
1930  	int			copy_bytes)
1931  {
1932  	spin_lock(&log->l_icloglock);
1933  
1934  	be32_add_cpu(&iclog->ic_header.h_num_logops, record_cnt);
1935  	iclog->ic_offset += copy_bytes;
1936  
1937  	spin_unlock(&log->l_icloglock);
1938  }	/* xlog_state_finish_copy */
1939  
1940  
1941  
1942  
1943  /*
1944   * print out info relating to regions written which consume
1945   * the reservation
1946   */
1947  void
1948  xlog_print_tic_res(
1949  	struct xfs_mount	*mp,
1950  	struct xlog_ticket	*ticket)
1951  {
1952  	uint i;
1953  	uint ophdr_spc = ticket->t_res_num_ophdrs * (uint)sizeof(xlog_op_header_t);
1954  
1955  	/* match with XLOG_REG_TYPE_* in xfs_log.h */
1956  	static char *res_type_str[XLOG_REG_TYPE_MAX] = {
1957  	    "bformat",
1958  	    "bchunk",
1959  	    "efi_format",
1960  	    "efd_format",
1961  	    "iformat",
1962  	    "icore",
1963  	    "iext",
1964  	    "ibroot",
1965  	    "ilocal",
1966  	    "iattr_ext",
1967  	    "iattr_broot",
1968  	    "iattr_local",
1969  	    "qformat",
1970  	    "dquot",
1971  	    "quotaoff",
1972  	    "LR header",
1973  	    "unmount",
1974  	    "commit",
1975  	    "trans header"
1976  	};
1977  	static char *trans_type_str[XFS_TRANS_TYPE_MAX] = {
1978  	    "SETATTR_NOT_SIZE",
1979  	    "SETATTR_SIZE",
1980  	    "INACTIVE",
1981  	    "CREATE",
1982  	    "CREATE_TRUNC",
1983  	    "TRUNCATE_FILE",
1984  	    "REMOVE",
1985  	    "LINK",
1986  	    "RENAME",
1987  	    "MKDIR",
1988  	    "RMDIR",
1989  	    "SYMLINK",
1990  	    "SET_DMATTRS",
1991  	    "GROWFS",
1992  	    "STRAT_WRITE",
1993  	    "DIOSTRAT",
1994  	    "WRITE_SYNC",
1995  	    "WRITEID",
1996  	    "ADDAFORK",
1997  	    "ATTRINVAL",
1998  	    "ATRUNCATE",
1999  	    "ATTR_SET",
2000  	    "ATTR_RM",
2001  	    "ATTR_FLAG",
2002  	    "CLEAR_AGI_BUCKET",
2003  	    "QM_SBCHANGE",
2004  	    "DUMMY1",
2005  	    "DUMMY2",
2006  	    "QM_QUOTAOFF",
2007  	    "QM_DQALLOC",
2008  	    "QM_SETQLIM",
2009  	    "QM_DQCLUSTER",
2010  	    "QM_QINOCREATE",
2011  	    "QM_QUOTAOFF_END",
2012  	    "SB_UNIT",
2013  	    "FSYNC_TS",
2014  	    "GROWFSRT_ALLOC",
2015  	    "GROWFSRT_ZERO",
2016  	    "GROWFSRT_FREE",
2017  	    "SWAPEXT"
2018  	};
2019  
2020  	xfs_warn(mp,
2021  		"xlog_write: reservation summary:\n"
2022  		"  trans type  = %s (%u)\n"
2023  		"  unit res    = %d bytes\n"
2024  		"  current res = %d bytes\n"
2025  		"  total reg   = %u bytes (o/flow = %u bytes)\n"
2026  		"  ophdrs      = %u (ophdr space = %u bytes)\n"
2027  		"  ophdr + reg = %u bytes\n"
2028  		"  num regions = %u\n",
2029  		((ticket->t_trans_type <= 0 ||
2030  		  ticket->t_trans_type > XFS_TRANS_TYPE_MAX) ?
2031  		  "bad-trans-type" : trans_type_str[ticket->t_trans_type-1]),
2032  		ticket->t_trans_type,
2033  		ticket->t_unit_res,
2034  		ticket->t_curr_res,
2035  		ticket->t_res_arr_sum, ticket->t_res_o_flow,
2036  		ticket->t_res_num_ophdrs, ophdr_spc,
2037  		ticket->t_res_arr_sum +
2038  		ticket->t_res_o_flow + ophdr_spc,
2039  		ticket->t_res_num);
2040  
2041  	for (i = 0; i < ticket->t_res_num; i++) {
2042  		uint r_type = ticket->t_res_arr[i].r_type;
2043  		xfs_warn(mp, "region[%u]: %s - %u bytes", i,
2044  			    ((r_type <= 0 || r_type > XLOG_REG_TYPE_MAX) ?
2045  			    "bad-rtype" : res_type_str[r_type-1]),
2046  			    ticket->t_res_arr[i].r_len);
2047  	}
2048  
2049  	xfs_alert_tag(mp, XFS_PTAG_LOGRES,
2050  		"xlog_write: reservation ran out. Need to up reservation");
2051  	xfs_force_shutdown(mp, SHUTDOWN_LOG_IO_ERROR);
2052  }
2053  
2054  /*
2055   * Calculate the potential space needed by the log vector.  Each region gets
2056   * its own xlog_op_header_t and may need to be double word aligned.
2057   */
2058  static int
2059  xlog_write_calc_vec_length(
2060  	struct xlog_ticket	*ticket,
2061  	struct xfs_log_vec	*log_vector)
2062  {
2063  	struct xfs_log_vec	*lv;
2064  	int			headers = 0;
2065  	int			len = 0;
2066  	int			i;
2067  
2068  	/* acct for start rec of xact */
2069  	if (ticket->t_flags & XLOG_TIC_INITED)
2070  		headers++;
2071  
2072  	for (lv = log_vector; lv; lv = lv->lv_next) {
2073  		/* we don't write ordered log vectors */
2074  		if (lv->lv_buf_len == XFS_LOG_VEC_ORDERED)
2075  			continue;
2076  
2077  		headers += lv->lv_niovecs;
2078  
2079  		for (i = 0; i < lv->lv_niovecs; i++) {
2080  			struct xfs_log_iovec	*vecp = &lv->lv_iovecp[i];
2081  
2082  			len += vecp->i_len;
2083  			xlog_tic_add_region(ticket, vecp->i_len, vecp->i_type);
2084  		}
2085  	}
2086  
2087  	ticket->t_res_num_ophdrs += headers;
2088  	len += headers * sizeof(struct xlog_op_header);
2089  
2090  	return len;
2091  }
2092  
2093  /*
2094   * If first write for transaction, insert start record  We can't be trying to
2095   * commit if we are inited.  We can't have any "partial_copy" if we are inited.
2096   */
2097  static int
2098  xlog_write_start_rec(
2099  	struct xlog_op_header	*ophdr,
2100  	struct xlog_ticket	*ticket)
2101  {
2102  	if (!(ticket->t_flags & XLOG_TIC_INITED))
2103  		return 0;
2104  
2105  	ophdr->oh_tid	= cpu_to_be32(ticket->t_tid);
2106  	ophdr->oh_clientid = ticket->t_clientid;
2107  	ophdr->oh_len = 0;
2108  	ophdr->oh_flags = XLOG_START_TRANS;
2109  	ophdr->oh_res2 = 0;
2110  
2111  	ticket->t_flags &= ~XLOG_TIC_INITED;
2112  
2113  	return sizeof(struct xlog_op_header);
2114  }
2115  
2116  static xlog_op_header_t *
2117  xlog_write_setup_ophdr(
2118  	struct xlog		*log,
2119  	struct xlog_op_header	*ophdr,
2120  	struct xlog_ticket	*ticket,
2121  	uint			flags)
2122  {
2123  	ophdr->oh_tid = cpu_to_be32(ticket->t_tid);
2124  	ophdr->oh_clientid = ticket->t_clientid;
2125  	ophdr->oh_res2 = 0;
2126  
2127  	/* are we copying a commit or unmount record? */
2128  	ophdr->oh_flags = flags;
2129  
2130  	/*
2131  	 * We've seen logs corrupted with bad transaction client ids.  This
2132  	 * makes sure that XFS doesn't generate them on.  Turn this into an EIO
2133  	 * and shut down the filesystem.
2134  	 */
2135  	switch (ophdr->oh_clientid)  {
2136  	case XFS_TRANSACTION:
2137  	case XFS_VOLUME:
2138  	case XFS_LOG:
2139  		break;
2140  	default:
2141  		xfs_warn(log->l_mp,
2142  			"Bad XFS transaction clientid 0x%x in ticket 0x%p",
2143  			ophdr->oh_clientid, ticket);
2144  		return NULL;
2145  	}
2146  
2147  	return ophdr;
2148  }
2149  
2150  /*
2151   * Set up the parameters of the region copy into the log. This has
2152   * to handle region write split across multiple log buffers - this
2153   * state is kept external to this function so that this code can
2154   * be written in an obvious, self documenting manner.
2155   */
2156  static int
2157  xlog_write_setup_copy(
2158  	struct xlog_ticket	*ticket,
2159  	struct xlog_op_header	*ophdr,
2160  	int			space_available,
2161  	int			space_required,
2162  	int			*copy_off,
2163  	int			*copy_len,
2164  	int			*last_was_partial_copy,
2165  	int			*bytes_consumed)
2166  {
2167  	int			still_to_copy;
2168  
2169  	still_to_copy = space_required - *bytes_consumed;
2170  	*copy_off = *bytes_consumed;
2171  
2172  	if (still_to_copy <= space_available) {
2173  		/* write of region completes here */
2174  		*copy_len = still_to_copy;
2175  		ophdr->oh_len = cpu_to_be32(*copy_len);
2176  		if (*last_was_partial_copy)
2177  			ophdr->oh_flags |= (XLOG_END_TRANS|XLOG_WAS_CONT_TRANS);
2178  		*last_was_partial_copy = 0;
2179  		*bytes_consumed = 0;
2180  		return 0;
2181  	}
2182  
2183  	/* partial write of region, needs extra log op header reservation */
2184  	*copy_len = space_available;
2185  	ophdr->oh_len = cpu_to_be32(*copy_len);
2186  	ophdr->oh_flags |= XLOG_CONTINUE_TRANS;
2187  	if (*last_was_partial_copy)
2188  		ophdr->oh_flags |= XLOG_WAS_CONT_TRANS;
2189  	*bytes_consumed += *copy_len;
2190  	(*last_was_partial_copy)++;
2191  
2192  	/* account for new log op header */
2193  	ticket->t_curr_res -= sizeof(struct xlog_op_header);
2194  	ticket->t_res_num_ophdrs++;
2195  
2196  	return sizeof(struct xlog_op_header);
2197  }
2198  
2199  static int
2200  xlog_write_copy_finish(
2201  	struct xlog		*log,
2202  	struct xlog_in_core	*iclog,
2203  	uint			flags,
2204  	int			*record_cnt,
2205  	int			*data_cnt,
2206  	int			*partial_copy,
2207  	int			*partial_copy_len,
2208  	int			log_offset,
2209  	struct xlog_in_core	**commit_iclog)
2210  {
2211  	if (*partial_copy) {
2212  		/*
2213  		 * This iclog has already been marked WANT_SYNC by
2214  		 * xlog_state_get_iclog_space.
2215  		 */
2216  		xlog_state_finish_copy(log, iclog, *record_cnt, *data_cnt);
2217  		*record_cnt = 0;
2218  		*data_cnt = 0;
2219  		return xlog_state_release_iclog(log, iclog);
2220  	}
2221  
2222  	*partial_copy = 0;
2223  	*partial_copy_len = 0;
2224  
2225  	if (iclog->ic_size - log_offset <= sizeof(xlog_op_header_t)) {
2226  		/* no more space in this iclog - push it. */
2227  		xlog_state_finish_copy(log, iclog, *record_cnt, *data_cnt);
2228  		*record_cnt = 0;
2229  		*data_cnt = 0;
2230  
2231  		spin_lock(&log->l_icloglock);
2232  		xlog_state_want_sync(log, iclog);
2233  		spin_unlock(&log->l_icloglock);
2234  
2235  		if (!commit_iclog)
2236  			return xlog_state_release_iclog(log, iclog);
2237  		ASSERT(flags & XLOG_COMMIT_TRANS);
2238  		*commit_iclog = iclog;
2239  	}
2240  
2241  	return 0;
2242  }
2243  
2244  /*
2245   * Write some region out to in-core log
2246   *
2247   * This will be called when writing externally provided regions or when
2248   * writing out a commit record for a given transaction.
2249   *
2250   * General algorithm:
2251   *	1. Find total length of this write.  This may include adding to the
2252   *		lengths passed in.
2253   *	2. Check whether we violate the tickets reservation.
2254   *	3. While writing to this iclog
2255   *	    A. Reserve as much space in this iclog as can get
2256   *	    B. If this is first write, save away start lsn
2257   *	    C. While writing this region:
2258   *		1. If first write of transaction, write start record
2259   *		2. Write log operation header (header per region)
2260   *		3. Find out if we can fit entire region into this iclog
2261   *		4. Potentially, verify destination memcpy ptr
2262   *		5. Memcpy (partial) region
2263   *		6. If partial copy, release iclog; otherwise, continue
2264   *			copying more regions into current iclog
2265   *	4. Mark want sync bit (in simulation mode)
2266   *	5. Release iclog for potential flush to on-disk log.
2267   *
2268   * ERRORS:
2269   * 1.	Panic if reservation is overrun.  This should never happen since
2270   *	reservation amounts are generated internal to the filesystem.
2271   * NOTES:
2272   * 1. Tickets are single threaded data structures.
2273   * 2. The XLOG_END_TRANS & XLOG_CONTINUE_TRANS flags are passed down to the
2274   *	syncing routine.  When a single log_write region needs to span
2275   *	multiple in-core logs, the XLOG_CONTINUE_TRANS bit should be set
2276   *	on all log operation writes which don't contain the end of the
2277   *	region.  The XLOG_END_TRANS bit is used for the in-core log
2278   *	operation which contains the end of the continued log_write region.
2279   * 3. When xlog_state_get_iclog_space() grabs the rest of the current iclog,
2280   *	we don't really know exactly how much space will be used.  As a result,
2281   *	we don't update ic_offset until the end when we know exactly how many
2282   *	bytes have been written out.
2283   */
2284  int
2285  xlog_write(
2286  	struct xlog		*log,
2287  	struct xfs_log_vec	*log_vector,
2288  	struct xlog_ticket	*ticket,
2289  	xfs_lsn_t		*start_lsn,
2290  	struct xlog_in_core	**commit_iclog,
2291  	uint			flags)
2292  {
2293  	struct xlog_in_core	*iclog = NULL;
2294  	struct xfs_log_iovec	*vecp;
2295  	struct xfs_log_vec	*lv;
2296  	int			len;
2297  	int			index;
2298  	int			partial_copy = 0;
2299  	int			partial_copy_len = 0;
2300  	int			contwr = 0;
2301  	int			record_cnt = 0;
2302  	int			data_cnt = 0;
2303  	int			error;
2304  
2305  	*start_lsn = 0;
2306  
2307  	len = xlog_write_calc_vec_length(ticket, log_vector);
2308  
2309  	/*
2310  	 * Region headers and bytes are already accounted for.
2311  	 * We only need to take into account start records and
2312  	 * split regions in this function.
2313  	 */
2314  	if (ticket->t_flags & XLOG_TIC_INITED)
2315  		ticket->t_curr_res -= sizeof(xlog_op_header_t);
2316  
2317  	/*
2318  	 * Commit record headers need to be accounted for. These
2319  	 * come in as separate writes so are easy to detect.
2320  	 */
2321  	if (flags & (XLOG_COMMIT_TRANS | XLOG_UNMOUNT_TRANS))
2322  		ticket->t_curr_res -= sizeof(xlog_op_header_t);
2323  
2324  	if (ticket->t_curr_res < 0)
2325  		xlog_print_tic_res(log->l_mp, ticket);
2326  
2327  	index = 0;
2328  	lv = log_vector;
2329  	vecp = lv->lv_iovecp;
2330  	while (lv && (!lv->lv_niovecs || index < lv->lv_niovecs)) {
2331  		void		*ptr;
2332  		int		log_offset;
2333  
2334  		error = xlog_state_get_iclog_space(log, len, &iclog, ticket,
2335  						   &contwr, &log_offset);
2336  		if (error)
2337  			return error;
2338  
2339  		ASSERT(log_offset <= iclog->ic_size - 1);
2340  		ptr = iclog->ic_datap + log_offset;
2341  
2342  		/* start_lsn is the first lsn written to. That's all we need. */
2343  		if (!*start_lsn)
2344  			*start_lsn = be64_to_cpu(iclog->ic_header.h_lsn);
2345  
2346  		/*
2347  		 * This loop writes out as many regions as can fit in the amount
2348  		 * of space which was allocated by xlog_state_get_iclog_space().
2349  		 */
2350  		while (lv && (!lv->lv_niovecs || index < lv->lv_niovecs)) {
2351  			struct xfs_log_iovec	*reg;
2352  			struct xlog_op_header	*ophdr;
2353  			int			start_rec_copy;
2354  			int			copy_len;
2355  			int			copy_off;
2356  			bool			ordered = false;
2357  
2358  			/* ordered log vectors have no regions to write */
2359  			if (lv->lv_buf_len == XFS_LOG_VEC_ORDERED) {
2360  				ASSERT(lv->lv_niovecs == 0);
2361  				ordered = true;
2362  				goto next_lv;
2363  			}
2364  
2365  			reg = &vecp[index];
2366  			ASSERT(reg->i_len % sizeof(__int32_t) == 0);
2367  			ASSERT((unsigned long)ptr % sizeof(__int32_t) == 0);
2368  
2369  			start_rec_copy = xlog_write_start_rec(ptr, ticket);
2370  			if (start_rec_copy) {
2371  				record_cnt++;
2372  				xlog_write_adv_cnt(&ptr, &len, &log_offset,
2373  						   start_rec_copy);
2374  			}
2375  
2376  			ophdr = xlog_write_setup_ophdr(log, ptr, ticket, flags);
2377  			if (!ophdr)
2378  				return -EIO;
2379  
2380  			xlog_write_adv_cnt(&ptr, &len, &log_offset,
2381  					   sizeof(struct xlog_op_header));
2382  
2383  			len += xlog_write_setup_copy(ticket, ophdr,
2384  						     iclog->ic_size-log_offset,
2385  						     reg->i_len,
2386  						     &copy_off, &copy_len,
2387  						     &partial_copy,
2388  						     &partial_copy_len);
2389  			xlog_verify_dest_ptr(log, ptr);
2390  
2391  			/* copy region */
2392  			ASSERT(copy_len >= 0);
2393  			memcpy(ptr, reg->i_addr + copy_off, copy_len);
2394  			xlog_write_adv_cnt(&ptr, &len, &log_offset, copy_len);
2395  
2396  			copy_len += start_rec_copy + sizeof(xlog_op_header_t);
2397  			record_cnt++;
2398  			data_cnt += contwr ? copy_len : 0;
2399  
2400  			error = xlog_write_copy_finish(log, iclog, flags,
2401  						       &record_cnt, &data_cnt,
2402  						       &partial_copy,
2403  						       &partial_copy_len,
2404  						       log_offset,
2405  						       commit_iclog);
2406  			if (error)
2407  				return error;
2408  
2409  			/*
2410  			 * if we had a partial copy, we need to get more iclog
2411  			 * space but we don't want to increment the region
2412  			 * index because there is still more is this region to
2413  			 * write.
2414  			 *
2415  			 * If we completed writing this region, and we flushed
2416  			 * the iclog (indicated by resetting of the record
2417  			 * count), then we also need to get more log space. If
2418  			 * this was the last record, though, we are done and
2419  			 * can just return.
2420  			 */
2421  			if (partial_copy)
2422  				break;
2423  
2424  			if (++index == lv->lv_niovecs) {
2425  next_lv:
2426  				lv = lv->lv_next;
2427  				index = 0;
2428  				if (lv)
2429  					vecp = lv->lv_iovecp;
2430  			}
2431  			if (record_cnt == 0 && ordered == false) {
2432  				if (!lv)
2433  					return 0;
2434  				break;
2435  			}
2436  		}
2437  	}
2438  
2439  	ASSERT(len == 0);
2440  
2441  	xlog_state_finish_copy(log, iclog, record_cnt, data_cnt);
2442  	if (!commit_iclog)
2443  		return xlog_state_release_iclog(log, iclog);
2444  
2445  	ASSERT(flags & XLOG_COMMIT_TRANS);
2446  	*commit_iclog = iclog;
2447  	return 0;
2448  }
2449  
2450  
2451  /*****************************************************************************
2452   *
2453   *		State Machine functions
2454   *
2455   *****************************************************************************
2456   */
2457  
2458  /* Clean iclogs starting from the head.  This ordering must be
2459   * maintained, so an iclog doesn't become ACTIVE beyond one that
2460   * is SYNCING.  This is also required to maintain the notion that we use
2461   * a ordered wait queue to hold off would be writers to the log when every
2462   * iclog is trying to sync to disk.
2463   *
2464   * State Change: DIRTY -> ACTIVE
2465   */
2466  STATIC void
2467  xlog_state_clean_log(
2468  	struct xlog *log)
2469  {
2470  	xlog_in_core_t	*iclog;
2471  	int changed = 0;
2472  
2473  	iclog = log->l_iclog;
2474  	do {
2475  		if (iclog->ic_state == XLOG_STATE_DIRTY) {
2476  			iclog->ic_state	= XLOG_STATE_ACTIVE;
2477  			iclog->ic_offset       = 0;
2478  			ASSERT(iclog->ic_callback == NULL);
2479  			/*
2480  			 * If the number of ops in this iclog indicate it just
2481  			 * contains the dummy transaction, we can
2482  			 * change state into IDLE (the second time around).
2483  			 * Otherwise we should change the state into
2484  			 * NEED a dummy.
2485  			 * We don't need to cover the dummy.
2486  			 */
2487  			if (!changed &&
2488  			   (be32_to_cpu(iclog->ic_header.h_num_logops) ==
2489  			   		XLOG_COVER_OPS)) {
2490  				changed = 1;
2491  			} else {
2492  				/*
2493  				 * We have two dirty iclogs so start over
2494  				 * This could also be num of ops indicates
2495  				 * this is not the dummy going out.
2496  				 */
2497  				changed = 2;
2498  			}
2499  			iclog->ic_header.h_num_logops = 0;
2500  			memset(iclog->ic_header.h_cycle_data, 0,
2501  			      sizeof(iclog->ic_header.h_cycle_data));
2502  			iclog->ic_header.h_lsn = 0;
2503  		} else if (iclog->ic_state == XLOG_STATE_ACTIVE)
2504  			/* do nothing */;
2505  		else
2506  			break;	/* stop cleaning */
2507  		iclog = iclog->ic_next;
2508  	} while (iclog != log->l_iclog);
2509  
2510  	/* log is locked when we are called */
2511  	/*
2512  	 * Change state for the dummy log recording.
2513  	 * We usually go to NEED. But we go to NEED2 if the changed indicates
2514  	 * we are done writing the dummy record.
2515  	 * If we are done with the second dummy recored (DONE2), then
2516  	 * we go to IDLE.
2517  	 */
2518  	if (changed) {
2519  		switch (log->l_covered_state) {
2520  		case XLOG_STATE_COVER_IDLE:
2521  		case XLOG_STATE_COVER_NEED:
2522  		case XLOG_STATE_COVER_NEED2:
2523  			log->l_covered_state = XLOG_STATE_COVER_NEED;
2524  			break;
2525  
2526  		case XLOG_STATE_COVER_DONE:
2527  			if (changed == 1)
2528  				log->l_covered_state = XLOG_STATE_COVER_NEED2;
2529  			else
2530  				log->l_covered_state = XLOG_STATE_COVER_NEED;
2531  			break;
2532  
2533  		case XLOG_STATE_COVER_DONE2:
2534  			if (changed == 1)
2535  				log->l_covered_state = XLOG_STATE_COVER_IDLE;
2536  			else
2537  				log->l_covered_state = XLOG_STATE_COVER_NEED;
2538  			break;
2539  
2540  		default:
2541  			ASSERT(0);
2542  		}
2543  	}
2544  }	/* xlog_state_clean_log */
2545  
2546  STATIC xfs_lsn_t
2547  xlog_get_lowest_lsn(
2548  	struct xlog	*log)
2549  {
2550  	xlog_in_core_t  *lsn_log;
2551  	xfs_lsn_t	lowest_lsn, lsn;
2552  
2553  	lsn_log = log->l_iclog;
2554  	lowest_lsn = 0;
2555  	do {
2556  	    if (!(lsn_log->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_DIRTY))) {
2557  		lsn = be64_to_cpu(lsn_log->ic_header.h_lsn);
2558  		if ((lsn && !lowest_lsn) ||
2559  		    (XFS_LSN_CMP(lsn, lowest_lsn) < 0)) {
2560  			lowest_lsn = lsn;
2561  		}
2562  	    }
2563  	    lsn_log = lsn_log->ic_next;
2564  	} while (lsn_log != log->l_iclog);
2565  	return lowest_lsn;
2566  }
2567  
2568  
2569  STATIC void
2570  xlog_state_do_callback(
2571  	struct xlog		*log,
2572  	int			aborted,
2573  	struct xlog_in_core	*ciclog)
2574  {
2575  	xlog_in_core_t	   *iclog;
2576  	xlog_in_core_t	   *first_iclog;	/* used to know when we've
2577  						 * processed all iclogs once */
2578  	xfs_log_callback_t *cb, *cb_next;
2579  	int		   flushcnt = 0;
2580  	xfs_lsn_t	   lowest_lsn;
2581  	int		   ioerrors;	/* counter: iclogs with errors */
2582  	int		   loopdidcallbacks; /* flag: inner loop did callbacks*/
2583  	int		   funcdidcallbacks; /* flag: function did callbacks */
2584  	int		   repeats;	/* for issuing console warnings if
2585  					 * looping too many times */
2586  	int		   wake = 0;
2587  
2588  	spin_lock(&log->l_icloglock);
2589  	first_iclog = iclog = log->l_iclog;
2590  	ioerrors = 0;
2591  	funcdidcallbacks = 0;
2592  	repeats = 0;
2593  
2594  	do {
2595  		/*
2596  		 * Scan all iclogs starting with the one pointed to by the
2597  		 * log.  Reset this starting point each time the log is
2598  		 * unlocked (during callbacks).
2599  		 *
2600  		 * Keep looping through iclogs until one full pass is made
2601  		 * without running any callbacks.
2602  		 */
2603  		first_iclog = log->l_iclog;
2604  		iclog = log->l_iclog;
2605  		loopdidcallbacks = 0;
2606  		repeats++;
2607  
2608  		do {
2609  
2610  			/* skip all iclogs in the ACTIVE & DIRTY states */
2611  			if (iclog->ic_state &
2612  			    (XLOG_STATE_ACTIVE|XLOG_STATE_DIRTY)) {
2613  				iclog = iclog->ic_next;
2614  				continue;
2615  			}
2616  
2617  			/*
2618  			 * Between marking a filesystem SHUTDOWN and stopping
2619  			 * the log, we do flush all iclogs to disk (if there
2620  			 * wasn't a log I/O error). So, we do want things to
2621  			 * go smoothly in case of just a SHUTDOWN  w/o a
2622  			 * LOG_IO_ERROR.
2623  			 */
2624  			if (!(iclog->ic_state & XLOG_STATE_IOERROR)) {
2625  				/*
2626  				 * Can only perform callbacks in order.  Since
2627  				 * this iclog is not in the DONE_SYNC/
2628  				 * DO_CALLBACK state, we skip the rest and
2629  				 * just try to clean up.  If we set our iclog
2630  				 * to DO_CALLBACK, we will not process it when
2631  				 * we retry since a previous iclog is in the
2632  				 * CALLBACK and the state cannot change since
2633  				 * we are holding the l_icloglock.
2634  				 */
2635  				if (!(iclog->ic_state &
2636  					(XLOG_STATE_DONE_SYNC |
2637  						 XLOG_STATE_DO_CALLBACK))) {
2638  					if (ciclog && (ciclog->ic_state ==
2639  							XLOG_STATE_DONE_SYNC)) {
2640  						ciclog->ic_state = XLOG_STATE_DO_CALLBACK;
2641  					}
2642  					break;
2643  				}
2644  				/*
2645  				 * We now have an iclog that is in either the
2646  				 * DO_CALLBACK or DONE_SYNC states. The other
2647  				 * states (WANT_SYNC, SYNCING, or CALLBACK were
2648  				 * caught by the above if and are going to
2649  				 * clean (i.e. we aren't doing their callbacks)
2650  				 * see the above if.
2651  				 */
2652  
2653  				/*
2654  				 * We will do one more check here to see if we
2655  				 * have chased our tail around.
2656  				 */
2657  
2658  				lowest_lsn = xlog_get_lowest_lsn(log);
2659  				if (lowest_lsn &&
2660  				    XFS_LSN_CMP(lowest_lsn,
2661  						be64_to_cpu(iclog->ic_header.h_lsn)) < 0) {
2662  					iclog = iclog->ic_next;
2663  					continue; /* Leave this iclog for
2664  						   * another thread */
2665  				}
2666  
2667  				iclog->ic_state = XLOG_STATE_CALLBACK;
2668  
2669  
2670  				/*
2671  				 * Completion of a iclog IO does not imply that
2672  				 * a transaction has completed, as transactions
2673  				 * can be large enough to span many iclogs. We
2674  				 * cannot change the tail of the log half way
2675  				 * through a transaction as this may be the only
2676  				 * transaction in the log and moving th etail to
2677  				 * point to the middle of it will prevent
2678  				 * recovery from finding the start of the
2679  				 * transaction. Hence we should only update the
2680  				 * last_sync_lsn if this iclog contains
2681  				 * transaction completion callbacks on it.
2682  				 *
2683  				 * We have to do this before we drop the
2684  				 * icloglock to ensure we are the only one that
2685  				 * can update it.
2686  				 */
2687  				ASSERT(XFS_LSN_CMP(atomic64_read(&log->l_last_sync_lsn),
2688  					be64_to_cpu(iclog->ic_header.h_lsn)) <= 0);
2689  				if (iclog->ic_callback)
2690  					atomic64_set(&log->l_last_sync_lsn,
2691  						be64_to_cpu(iclog->ic_header.h_lsn));
2692  
2693  			} else
2694  				ioerrors++;
2695  
2696  			spin_unlock(&log->l_icloglock);
2697  
2698  			/*
2699  			 * Keep processing entries in the callback list until
2700  			 * we come around and it is empty.  We need to
2701  			 * atomically see that the list is empty and change the
2702  			 * state to DIRTY so that we don't miss any more
2703  			 * callbacks being added.
2704  			 */
2705  			spin_lock(&iclog->ic_callback_lock);
2706  			cb = iclog->ic_callback;
2707  			while (cb) {
2708  				iclog->ic_callback_tail = &(iclog->ic_callback);
2709  				iclog->ic_callback = NULL;
2710  				spin_unlock(&iclog->ic_callback_lock);
2711  
2712  				/* perform callbacks in the order given */
2713  				for (; cb; cb = cb_next) {
2714  					cb_next = cb->cb_next;
2715  					cb->cb_func(cb->cb_arg, aborted);
2716  				}
2717  				spin_lock(&iclog->ic_callback_lock);
2718  				cb = iclog->ic_callback;
2719  			}
2720  
2721  			loopdidcallbacks++;
2722  			funcdidcallbacks++;
2723  
2724  			spin_lock(&log->l_icloglock);
2725  			ASSERT(iclog->ic_callback == NULL);
2726  			spin_unlock(&iclog->ic_callback_lock);
2727  			if (!(iclog->ic_state & XLOG_STATE_IOERROR))
2728  				iclog->ic_state = XLOG_STATE_DIRTY;
2729  
2730  			/*
2731  			 * Transition from DIRTY to ACTIVE if applicable.
2732  			 * NOP if STATE_IOERROR.
2733  			 */
2734  			xlog_state_clean_log(log);
2735  
2736  			/* wake up threads waiting in xfs_log_force() */
2737  			wake_up_all(&iclog->ic_force_wait);
2738  
2739  			iclog = iclog->ic_next;
2740  		} while (first_iclog != iclog);
2741  
2742  		if (repeats > 5000) {
2743  			flushcnt += repeats;
2744  			repeats = 0;
2745  			xfs_warn(log->l_mp,
2746  				"%s: possible infinite loop (%d iterations)",
2747  				__func__, flushcnt);
2748  		}
2749  	} while (!ioerrors && loopdidcallbacks);
2750  
2751  	/*
2752  	 * make one last gasp attempt to see if iclogs are being left in
2753  	 * limbo..
2754  	 */
2755  #ifdef DEBUG
2756  	if (funcdidcallbacks) {
2757  		first_iclog = iclog = log->l_iclog;
2758  		do {
2759  			ASSERT(iclog->ic_state != XLOG_STATE_DO_CALLBACK);
2760  			/*
2761  			 * Terminate the loop if iclogs are found in states
2762  			 * which will cause other threads to clean up iclogs.
2763  			 *
2764  			 * SYNCING - i/o completion will go through logs
2765  			 * DONE_SYNC - interrupt thread should be waiting for
2766  			 *              l_icloglock
2767  			 * IOERROR - give up hope all ye who enter here
2768  			 */
2769  			if (iclog->ic_state == XLOG_STATE_WANT_SYNC ||
2770  			    iclog->ic_state == XLOG_STATE_SYNCING ||
2771  			    iclog->ic_state == XLOG_STATE_DONE_SYNC ||
2772  			    iclog->ic_state == XLOG_STATE_IOERROR )
2773  				break;
2774  			iclog = iclog->ic_next;
2775  		} while (first_iclog != iclog);
2776  	}
2777  #endif
2778  
2779  	if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR))
2780  		wake = 1;
2781  	spin_unlock(&log->l_icloglock);
2782  
2783  	if (wake)
2784  		wake_up_all(&log->l_flush_wait);
2785  }
2786  
2787  
2788  /*
2789   * Finish transitioning this iclog to the dirty state.
2790   *
2791   * Make sure that we completely execute this routine only when this is
2792   * the last call to the iclog.  There is a good chance that iclog flushes,
2793   * when we reach the end of the physical log, get turned into 2 separate
2794   * calls to bwrite.  Hence, one iclog flush could generate two calls to this
2795   * routine.  By using the reference count bwritecnt, we guarantee that only
2796   * the second completion goes through.
2797   *
2798   * Callbacks could take time, so they are done outside the scope of the
2799   * global state machine log lock.
2800   */
2801  STATIC void
2802  xlog_state_done_syncing(
2803  	xlog_in_core_t	*iclog,
2804  	int		aborted)
2805  {
2806  	struct xlog	   *log = iclog->ic_log;
2807  
2808  	spin_lock(&log->l_icloglock);
2809  
2810  	ASSERT(iclog->ic_state == XLOG_STATE_SYNCING ||
2811  	       iclog->ic_state == XLOG_STATE_IOERROR);
2812  	ASSERT(atomic_read(&iclog->ic_refcnt) == 0);
2813  	ASSERT(iclog->ic_bwritecnt == 1 || iclog->ic_bwritecnt == 2);
2814  
2815  
2816  	/*
2817  	 * If we got an error, either on the first buffer, or in the case of
2818  	 * split log writes, on the second, we mark ALL iclogs STATE_IOERROR,
2819  	 * and none should ever be attempted to be written to disk
2820  	 * again.
2821  	 */
2822  	if (iclog->ic_state != XLOG_STATE_IOERROR) {
2823  		if (--iclog->ic_bwritecnt == 1) {
2824  			spin_unlock(&log->l_icloglock);
2825  			return;
2826  		}
2827  		iclog->ic_state = XLOG_STATE_DONE_SYNC;
2828  	}
2829  
2830  	/*
2831  	 * Someone could be sleeping prior to writing out the next
2832  	 * iclog buffer, we wake them all, one will get to do the
2833  	 * I/O, the others get to wait for the result.
2834  	 */
2835  	wake_up_all(&iclog->ic_write_wait);
2836  	spin_unlock(&log->l_icloglock);
2837  	xlog_state_do_callback(log, aborted, iclog);	/* also cleans log */
2838  }	/* xlog_state_done_syncing */
2839  
2840  
2841  /*
2842   * If the head of the in-core log ring is not (ACTIVE or DIRTY), then we must
2843   * sleep.  We wait on the flush queue on the head iclog as that should be
2844   * the first iclog to complete flushing. Hence if all iclogs are syncing,
2845   * we will wait here and all new writes will sleep until a sync completes.
2846   *
2847   * The in-core logs are used in a circular fashion. They are not used
2848   * out-of-order even when an iclog past the head is free.
2849   *
2850   * return:
2851   *	* log_offset where xlog_write() can start writing into the in-core
2852   *		log's data space.
2853   *	* in-core log pointer to which xlog_write() should write.
2854   *	* boolean indicating this is a continued write to an in-core log.
2855   *		If this is the last write, then the in-core log's offset field
2856   *		needs to be incremented, depending on the amount of data which
2857   *		is copied.
2858   */
2859  STATIC int
2860  xlog_state_get_iclog_space(
2861  	struct xlog		*log,
2862  	int			len,
2863  	struct xlog_in_core	**iclogp,
2864  	struct xlog_ticket	*ticket,
2865  	int			*continued_write,
2866  	int			*logoffsetp)
2867  {
2868  	int		  log_offset;
2869  	xlog_rec_header_t *head;
2870  	xlog_in_core_t	  *iclog;
2871  	int		  error;
2872  
2873  restart:
2874  	spin_lock(&log->l_icloglock);
2875  	if (XLOG_FORCED_SHUTDOWN(log)) {
2876  		spin_unlock(&log->l_icloglock);
2877  		return -EIO;
2878  	}
2879  
2880  	iclog = log->l_iclog;
2881  	if (iclog->ic_state != XLOG_STATE_ACTIVE) {
2882  		XFS_STATS_INC(xs_log_noiclogs);
2883  
2884  		/* Wait for log writes to have flushed */
2885  		xlog_wait(&log->l_flush_wait, &log->l_icloglock);
2886  		goto restart;
2887  	}
2888  
2889  	head = &iclog->ic_header;
2890  
2891  	atomic_inc(&iclog->ic_refcnt);	/* prevents sync */
2892  	log_offset = iclog->ic_offset;
2893  
2894  	/* On the 1st write to an iclog, figure out lsn.  This works
2895  	 * if iclogs marked XLOG_STATE_WANT_SYNC always write out what they are
2896  	 * committing to.  If the offset is set, that's how many blocks
2897  	 * must be written.
2898  	 */
2899  	if (log_offset == 0) {
2900  		ticket->t_curr_res -= log->l_iclog_hsize;
2901  		xlog_tic_add_region(ticket,
2902  				    log->l_iclog_hsize,
2903  				    XLOG_REG_TYPE_LRHEADER);
2904  		head->h_cycle = cpu_to_be32(log->l_curr_cycle);
2905  		head->h_lsn = cpu_to_be64(
2906  			xlog_assign_lsn(log->l_curr_cycle, log->l_curr_block));
2907  		ASSERT(log->l_curr_block >= 0);
2908  	}
2909  
2910  	/* If there is enough room to write everything, then do it.  Otherwise,
2911  	 * claim the rest of the region and make sure the XLOG_STATE_WANT_SYNC
2912  	 * bit is on, so this will get flushed out.  Don't update ic_offset
2913  	 * until you know exactly how many bytes get copied.  Therefore, wait
2914  	 * until later to update ic_offset.
2915  	 *
2916  	 * xlog_write() algorithm assumes that at least 2 xlog_op_header_t's
2917  	 * can fit into remaining data section.
2918  	 */
2919  	if (iclog->ic_size - iclog->ic_offset < 2*sizeof(xlog_op_header_t)) {
2920  		xlog_state_switch_iclogs(log, iclog, iclog->ic_size);
2921  
2922  		/*
2923  		 * If I'm the only one writing to this iclog, sync it to disk.
2924  		 * We need to do an atomic compare and decrement here to avoid
2925  		 * racing with concurrent atomic_dec_and_lock() calls in
2926  		 * xlog_state_release_iclog() when there is more than one
2927  		 * reference to the iclog.
2928  		 */
2929  		if (!atomic_add_unless(&iclog->ic_refcnt, -1, 1)) {
2930  			/* we are the only one */
2931  			spin_unlock(&log->l_icloglock);
2932  			error = xlog_state_release_iclog(log, iclog);
2933  			if (error)
2934  				return error;
2935  		} else {
2936  			spin_unlock(&log->l_icloglock);
2937  		}
2938  		goto restart;
2939  	}
2940  
2941  	/* Do we have enough room to write the full amount in the remainder
2942  	 * of this iclog?  Or must we continue a write on the next iclog and
2943  	 * mark this iclog as completely taken?  In the case where we switch
2944  	 * iclogs (to mark it taken), this particular iclog will release/sync
2945  	 * to disk in xlog_write().
2946  	 */
2947  	if (len <= iclog->ic_size - iclog->ic_offset) {
2948  		*continued_write = 0;
2949  		iclog->ic_offset += len;
2950  	} else {
2951  		*continued_write = 1;
2952  		xlog_state_switch_iclogs(log, iclog, iclog->ic_size);
2953  	}
2954  	*iclogp = iclog;
2955  
2956  	ASSERT(iclog->ic_offset <= iclog->ic_size);
2957  	spin_unlock(&log->l_icloglock);
2958  
2959  	*logoffsetp = log_offset;
2960  	return 0;
2961  }	/* xlog_state_get_iclog_space */
2962  
2963  /* The first cnt-1 times through here we don't need to
2964   * move the grant write head because the permanent
2965   * reservation has reserved cnt times the unit amount.
2966   * Release part of current permanent unit reservation and
2967   * reset current reservation to be one units worth.  Also
2968   * move grant reservation head forward.
2969   */
2970  STATIC void
2971  xlog_regrant_reserve_log_space(
2972  	struct xlog		*log,
2973  	struct xlog_ticket	*ticket)
2974  {
2975  	trace_xfs_log_regrant_reserve_enter(log, ticket);
2976  
2977  	if (ticket->t_cnt > 0)
2978  		ticket->t_cnt--;
2979  
2980  	xlog_grant_sub_space(log, &log->l_reserve_head.grant,
2981  					ticket->t_curr_res);
2982  	xlog_grant_sub_space(log, &log->l_write_head.grant,
2983  					ticket->t_curr_res);
2984  	ticket->t_curr_res = ticket->t_unit_res;
2985  	xlog_tic_reset_res(ticket);
2986  
2987  	trace_xfs_log_regrant_reserve_sub(log, ticket);
2988  
2989  	/* just return if we still have some of the pre-reserved space */
2990  	if (ticket->t_cnt > 0)
2991  		return;
2992  
2993  	xlog_grant_add_space(log, &log->l_reserve_head.grant,
2994  					ticket->t_unit_res);
2995  
2996  	trace_xfs_log_regrant_reserve_exit(log, ticket);
2997  
2998  	ticket->t_curr_res = ticket->t_unit_res;
2999  	xlog_tic_reset_res(ticket);
3000  }	/* xlog_regrant_reserve_log_space */
3001  
3002  
3003  /*
3004   * Give back the space left from a reservation.
3005   *
3006   * All the information we need to make a correct determination of space left
3007   * is present.  For non-permanent reservations, things are quite easy.  The
3008   * count should have been decremented to zero.  We only need to deal with the
3009   * space remaining in the current reservation part of the ticket.  If the
3010   * ticket contains a permanent reservation, there may be left over space which
3011   * needs to be released.  A count of N means that N-1 refills of the current
3012   * reservation can be done before we need to ask for more space.  The first
3013   * one goes to fill up the first current reservation.  Once we run out of
3014   * space, the count will stay at zero and the only space remaining will be
3015   * in the current reservation field.
3016   */
3017  STATIC void
3018  xlog_ungrant_log_space(
3019  	struct xlog		*log,
3020  	struct xlog_ticket	*ticket)
3021  {
3022  	int	bytes;
3023  
3024  	if (ticket->t_cnt > 0)
3025  		ticket->t_cnt--;
3026  
3027  	trace_xfs_log_ungrant_enter(log, ticket);
3028  	trace_xfs_log_ungrant_sub(log, ticket);
3029  
3030  	/*
3031  	 * If this is a permanent reservation ticket, we may be able to free
3032  	 * up more space based on the remaining count.
3033  	 */
3034  	bytes = ticket->t_curr_res;
3035  	if (ticket->t_cnt > 0) {
3036  		ASSERT(ticket->t_flags & XLOG_TIC_PERM_RESERV);
3037  		bytes += ticket->t_unit_res*ticket->t_cnt;
3038  	}
3039  
3040  	xlog_grant_sub_space(log, &log->l_reserve_head.grant, bytes);
3041  	xlog_grant_sub_space(log, &log->l_write_head.grant, bytes);
3042  
3043  	trace_xfs_log_ungrant_exit(log, ticket);
3044  
3045  	xfs_log_space_wake(log->l_mp);
3046  }
3047  
3048  /*
3049   * Flush iclog to disk if this is the last reference to the given iclog and
3050   * the WANT_SYNC bit is set.
3051   *
3052   * When this function is entered, the iclog is not necessarily in the
3053   * WANT_SYNC state.  It may be sitting around waiting to get filled.
3054   *
3055   *
3056   */
3057  STATIC int
3058  xlog_state_release_iclog(
3059  	struct xlog		*log,
3060  	struct xlog_in_core	*iclog)
3061  {
3062  	int		sync = 0;	/* do we sync? */
3063  
3064  	if (iclog->ic_state & XLOG_STATE_IOERROR)
3065  		return -EIO;
3066  
3067  	ASSERT(atomic_read(&iclog->ic_refcnt) > 0);
3068  	if (!atomic_dec_and_lock(&iclog->ic_refcnt, &log->l_icloglock))
3069  		return 0;
3070  
3071  	if (iclog->ic_state & XLOG_STATE_IOERROR) {
3072  		spin_unlock(&log->l_icloglock);
3073  		return -EIO;
3074  	}
3075  	ASSERT(iclog->ic_state == XLOG_STATE_ACTIVE ||
3076  	       iclog->ic_state == XLOG_STATE_WANT_SYNC);
3077  
3078  	if (iclog->ic_state == XLOG_STATE_WANT_SYNC) {
3079  		/* update tail before writing to iclog */
3080  		xfs_lsn_t tail_lsn = xlog_assign_tail_lsn(log->l_mp);
3081  		sync++;
3082  		iclog->ic_state = XLOG_STATE_SYNCING;
3083  		iclog->ic_header.h_tail_lsn = cpu_to_be64(tail_lsn);
3084  		xlog_verify_tail_lsn(log, iclog, tail_lsn);
3085  		/* cycle incremented when incrementing curr_block */
3086  	}
3087  	spin_unlock(&log->l_icloglock);
3088  
3089  	/*
3090  	 * We let the log lock go, so it's possible that we hit a log I/O
3091  	 * error or some other SHUTDOWN condition that marks the iclog
3092  	 * as XLOG_STATE_IOERROR before the bwrite. However, we know that
3093  	 * this iclog has consistent data, so we ignore IOERROR
3094  	 * flags after this point.
3095  	 */
3096  	if (sync)
3097  		return xlog_sync(log, iclog);
3098  	return 0;
3099  }	/* xlog_state_release_iclog */
3100  
3101  
3102  /*
3103   * This routine will mark the current iclog in the ring as WANT_SYNC
3104   * and move the current iclog pointer to the next iclog in the ring.
3105   * When this routine is called from xlog_state_get_iclog_space(), the
3106   * exact size of the iclog has not yet been determined.  All we know is
3107   * that every data block.  We have run out of space in this log record.
3108   */
3109  STATIC void
3110  xlog_state_switch_iclogs(
3111  	struct xlog		*log,
3112  	struct xlog_in_core	*iclog,
3113  	int			eventual_size)
3114  {
3115  	ASSERT(iclog->ic_state == XLOG_STATE_ACTIVE);
3116  	if (!eventual_size)
3117  		eventual_size = iclog->ic_offset;
3118  	iclog->ic_state = XLOG_STATE_WANT_SYNC;
3119  	iclog->ic_header.h_prev_block = cpu_to_be32(log->l_prev_block);
3120  	log->l_prev_block = log->l_curr_block;
3121  	log->l_prev_cycle = log->l_curr_cycle;
3122  
3123  	/* roll log?: ic_offset changed later */
3124  	log->l_curr_block += BTOBB(eventual_size)+BTOBB(log->l_iclog_hsize);
3125  
3126  	/* Round up to next log-sunit */
3127  	if (xfs_sb_version_haslogv2(&log->l_mp->m_sb) &&
3128  	    log->l_mp->m_sb.sb_logsunit > 1) {
3129  		__uint32_t sunit_bb = BTOBB(log->l_mp->m_sb.sb_logsunit);
3130  		log->l_curr_block = roundup(log->l_curr_block, sunit_bb);
3131  	}
3132  
3133  	if (log->l_curr_block >= log->l_logBBsize) {
3134  		log->l_curr_cycle++;
3135  		if (log->l_curr_cycle == XLOG_HEADER_MAGIC_NUM)
3136  			log->l_curr_cycle++;
3137  		log->l_curr_block -= log->l_logBBsize;
3138  		ASSERT(log->l_curr_block >= 0);
3139  	}
3140  	ASSERT(iclog == log->l_iclog);
3141  	log->l_iclog = iclog->ic_next;
3142  }	/* xlog_state_switch_iclogs */
3143  
3144  /*
3145   * Write out all data in the in-core log as of this exact moment in time.
3146   *
3147   * Data may be written to the in-core log during this call.  However,
3148   * we don't guarantee this data will be written out.  A change from past
3149   * implementation means this routine will *not* write out zero length LRs.
3150   *
3151   * Basically, we try and perform an intelligent scan of the in-core logs.
3152   * If we determine there is no flushable data, we just return.  There is no
3153   * flushable data if:
3154   *
3155   *	1. the current iclog is active and has no data; the previous iclog
3156   *		is in the active or dirty state.
3157   *	2. the current iclog is drity, and the previous iclog is in the
3158   *		active or dirty state.
3159   *
3160   * We may sleep if:
3161   *
3162   *	1. the current iclog is not in the active nor dirty state.
3163   *	2. the current iclog dirty, and the previous iclog is not in the
3164   *		active nor dirty state.
3165   *	3. the current iclog is active, and there is another thread writing
3166   *		to this particular iclog.
3167   *	4. a) the current iclog is active and has no other writers
3168   *	   b) when we return from flushing out this iclog, it is still
3169   *		not in the active nor dirty state.
3170   */
3171  int
3172  _xfs_log_force(
3173  	struct xfs_mount	*mp,
3174  	uint			flags,
3175  	int			*log_flushed)
3176  {
3177  	struct xlog		*log = mp->m_log;
3178  	struct xlog_in_core	*iclog;
3179  	xfs_lsn_t		lsn;
3180  
3181  	XFS_STATS_INC(xs_log_force);
3182  
3183  	xlog_cil_force(log);
3184  
3185  	spin_lock(&log->l_icloglock);
3186  
3187  	iclog = log->l_iclog;
3188  	if (iclog->ic_state & XLOG_STATE_IOERROR) {
3189  		spin_unlock(&log->l_icloglock);
3190  		return -EIO;
3191  	}
3192  
3193  	/* If the head iclog is not active nor dirty, we just attach
3194  	 * ourselves to the head and go to sleep.
3195  	 */
3196  	if (iclog->ic_state == XLOG_STATE_ACTIVE ||
3197  	    iclog->ic_state == XLOG_STATE_DIRTY) {
3198  		/*
3199  		 * If the head is dirty or (active and empty), then
3200  		 * we need to look at the previous iclog.  If the previous
3201  		 * iclog is active or dirty we are done.  There is nothing
3202  		 * to sync out.  Otherwise, we attach ourselves to the
3203  		 * previous iclog and go to sleep.
3204  		 */
3205  		if (iclog->ic_state == XLOG_STATE_DIRTY ||
3206  		    (atomic_read(&iclog->ic_refcnt) == 0
3207  		     && iclog->ic_offset == 0)) {
3208  			iclog = iclog->ic_prev;
3209  			if (iclog->ic_state == XLOG_STATE_ACTIVE ||
3210  			    iclog->ic_state == XLOG_STATE_DIRTY)
3211  				goto no_sleep;
3212  			else
3213  				goto maybe_sleep;
3214  		} else {
3215  			if (atomic_read(&iclog->ic_refcnt) == 0) {
3216  				/* We are the only one with access to this
3217  				 * iclog.  Flush it out now.  There should
3218  				 * be a roundoff of zero to show that someone
3219  				 * has already taken care of the roundoff from
3220  				 * the previous sync.
3221  				 */
3222  				atomic_inc(&iclog->ic_refcnt);
3223  				lsn = be64_to_cpu(iclog->ic_header.h_lsn);
3224  				xlog_state_switch_iclogs(log, iclog, 0);
3225  				spin_unlock(&log->l_icloglock);
3226  
3227  				if (xlog_state_release_iclog(log, iclog))
3228  					return -EIO;
3229  
3230  				if (log_flushed)
3231  					*log_flushed = 1;
3232  				spin_lock(&log->l_icloglock);
3233  				if (be64_to_cpu(iclog->ic_header.h_lsn) == lsn &&
3234  				    iclog->ic_state != XLOG_STATE_DIRTY)
3235  					goto maybe_sleep;
3236  				else
3237  					goto no_sleep;
3238  			} else {
3239  				/* Someone else is writing to this iclog.
3240  				 * Use its call to flush out the data.  However,
3241  				 * the other thread may not force out this LR,
3242  				 * so we mark it WANT_SYNC.
3243  				 */
3244  				xlog_state_switch_iclogs(log, iclog, 0);
3245  				goto maybe_sleep;
3246  			}
3247  		}
3248  	}
3249  
3250  	/* By the time we come around again, the iclog could've been filled
3251  	 * which would give it another lsn.  If we have a new lsn, just
3252  	 * return because the relevant data has been flushed.
3253  	 */
3254  maybe_sleep:
3255  	if (flags & XFS_LOG_SYNC) {
3256  		/*
3257  		 * We must check if we're shutting down here, before
3258  		 * we wait, while we're holding the l_icloglock.
3259  		 * Then we check again after waking up, in case our
3260  		 * sleep was disturbed by a bad news.
3261  		 */
3262  		if (iclog->ic_state & XLOG_STATE_IOERROR) {
3263  			spin_unlock(&log->l_icloglock);
3264  			return -EIO;
3265  		}
3266  		XFS_STATS_INC(xs_log_force_sleep);
3267  		xlog_wait(&iclog->ic_force_wait, &log->l_icloglock);
3268  		/*
3269  		 * No need to grab the log lock here since we're
3270  		 * only deciding whether or not to return EIO
3271  		 * and the memory read should be atomic.
3272  		 */
3273  		if (iclog->ic_state & XLOG_STATE_IOERROR)
3274  			return -EIO;
3275  		if (log_flushed)
3276  			*log_flushed = 1;
3277  	} else {
3278  
3279  no_sleep:
3280  		spin_unlock(&log->l_icloglock);
3281  	}
3282  	return 0;
3283  }
3284  
3285  /*
3286   * Wrapper for _xfs_log_force(), to be used when caller doesn't care
3287   * about errors or whether the log was flushed or not. This is the normal
3288   * interface to use when trying to unpin items or move the log forward.
3289   */
3290  void
3291  xfs_log_force(
3292  	xfs_mount_t	*mp,
3293  	uint		flags)
3294  {
3295  	int	error;
3296  
3297  	trace_xfs_log_force(mp, 0);
3298  	error = _xfs_log_force(mp, flags, NULL);
3299  	if (error)
3300  		xfs_warn(mp, "%s: error %d returned.", __func__, error);
3301  }
3302  
3303  /*
3304   * Force the in-core log to disk for a specific LSN.
3305   *
3306   * Find in-core log with lsn.
3307   *	If it is in the DIRTY state, just return.
3308   *	If it is in the ACTIVE state, move the in-core log into the WANT_SYNC
3309   *		state and go to sleep or return.
3310   *	If it is in any other state, go to sleep or return.
3311   *
3312   * Synchronous forces are implemented with a signal variable. All callers
3313   * to force a given lsn to disk will wait on a the sv attached to the
3314   * specific in-core log.  When given in-core log finally completes its
3315   * write to disk, that thread will wake up all threads waiting on the
3316   * sv.
3317   */
3318  int
3319  _xfs_log_force_lsn(
3320  	struct xfs_mount	*mp,
3321  	xfs_lsn_t		lsn,
3322  	uint			flags,
3323  	int			*log_flushed)
3324  {
3325  	struct xlog		*log = mp->m_log;
3326  	struct xlog_in_core	*iclog;
3327  	int			already_slept = 0;
3328  
3329  	ASSERT(lsn != 0);
3330  
3331  	XFS_STATS_INC(xs_log_force);
3332  
3333  	lsn = xlog_cil_force_lsn(log, lsn);
3334  	if (lsn == NULLCOMMITLSN)
3335  		return 0;
3336  
3337  try_again:
3338  	spin_lock(&log->l_icloglock);
3339  	iclog = log->l_iclog;
3340  	if (iclog->ic_state & XLOG_STATE_IOERROR) {
3341  		spin_unlock(&log->l_icloglock);
3342  		return -EIO;
3343  	}
3344  
3345  	do {
3346  		if (be64_to_cpu(iclog->ic_header.h_lsn) != lsn) {
3347  			iclog = iclog->ic_next;
3348  			continue;
3349  		}
3350  
3351  		if (iclog->ic_state == XLOG_STATE_DIRTY) {
3352  			spin_unlock(&log->l_icloglock);
3353  			return 0;
3354  		}
3355  
3356  		if (iclog->ic_state == XLOG_STATE_ACTIVE) {
3357  			/*
3358  			 * We sleep here if we haven't already slept (e.g.
3359  			 * this is the first time we've looked at the correct
3360  			 * iclog buf) and the buffer before us is going to
3361  			 * be sync'ed. The reason for this is that if we
3362  			 * are doing sync transactions here, by waiting for
3363  			 * the previous I/O to complete, we can allow a few
3364  			 * more transactions into this iclog before we close
3365  			 * it down.
3366  			 *
3367  			 * Otherwise, we mark the buffer WANT_SYNC, and bump
3368  			 * up the refcnt so we can release the log (which
3369  			 * drops the ref count).  The state switch keeps new
3370  			 * transaction commits from using this buffer.  When
3371  			 * the current commits finish writing into the buffer,
3372  			 * the refcount will drop to zero and the buffer will
3373  			 * go out then.
3374  			 */
3375  			if (!already_slept &&
3376  			    (iclog->ic_prev->ic_state &
3377  			     (XLOG_STATE_WANT_SYNC | XLOG_STATE_SYNCING))) {
3378  				ASSERT(!(iclog->ic_state & XLOG_STATE_IOERROR));
3379  
3380  				XFS_STATS_INC(xs_log_force_sleep);
3381  
3382  				xlog_wait(&iclog->ic_prev->ic_write_wait,
3383  							&log->l_icloglock);
3384  				if (log_flushed)
3385  					*log_flushed = 1;
3386  				already_slept = 1;
3387  				goto try_again;
3388  			}
3389  			atomic_inc(&iclog->ic_refcnt);
3390  			xlog_state_switch_iclogs(log, iclog, 0);
3391  			spin_unlock(&log->l_icloglock);
3392  			if (xlog_state_release_iclog(log, iclog))
3393  				return -EIO;
3394  			if (log_flushed)
3395  				*log_flushed = 1;
3396  			spin_lock(&log->l_icloglock);
3397  		}
3398  
3399  		if ((flags & XFS_LOG_SYNC) && /* sleep */
3400  		    !(iclog->ic_state &
3401  		      (XLOG_STATE_ACTIVE | XLOG_STATE_DIRTY))) {
3402  			/*
3403  			 * Don't wait on completion if we know that we've
3404  			 * gotten a log write error.
3405  			 */
3406  			if (iclog->ic_state & XLOG_STATE_IOERROR) {
3407  				spin_unlock(&log->l_icloglock);
3408  				return -EIO;
3409  			}
3410  			XFS_STATS_INC(xs_log_force_sleep);
3411  			xlog_wait(&iclog->ic_force_wait, &log->l_icloglock);
3412  			/*
3413  			 * No need to grab the log lock here since we're
3414  			 * only deciding whether or not to return EIO
3415  			 * and the memory read should be atomic.
3416  			 */
3417  			if (iclog->ic_state & XLOG_STATE_IOERROR)
3418  				return -EIO;
3419  
3420  			if (log_flushed)
3421  				*log_flushed = 1;
3422  		} else {		/* just return */
3423  			spin_unlock(&log->l_icloglock);
3424  		}
3425  
3426  		return 0;
3427  	} while (iclog != log->l_iclog);
3428  
3429  	spin_unlock(&log->l_icloglock);
3430  	return 0;
3431  }
3432  
3433  /*
3434   * Wrapper for _xfs_log_force_lsn(), to be used when caller doesn't care
3435   * about errors or whether the log was flushed or not. This is the normal
3436   * interface to use when trying to unpin items or move the log forward.
3437   */
3438  void
3439  xfs_log_force_lsn(
3440  	xfs_mount_t	*mp,
3441  	xfs_lsn_t	lsn,
3442  	uint		flags)
3443  {
3444  	int	error;
3445  
3446  	trace_xfs_log_force(mp, lsn);
3447  	error = _xfs_log_force_lsn(mp, lsn, flags, NULL);
3448  	if (error)
3449  		xfs_warn(mp, "%s: error %d returned.", __func__, error);
3450  }
3451  
3452  /*
3453   * Called when we want to mark the current iclog as being ready to sync to
3454   * disk.
3455   */
3456  STATIC void
3457  xlog_state_want_sync(
3458  	struct xlog		*log,
3459  	struct xlog_in_core	*iclog)
3460  {
3461  	assert_spin_locked(&log->l_icloglock);
3462  
3463  	if (iclog->ic_state == XLOG_STATE_ACTIVE) {
3464  		xlog_state_switch_iclogs(log, iclog, 0);
3465  	} else {
3466  		ASSERT(iclog->ic_state &
3467  			(XLOG_STATE_WANT_SYNC|XLOG_STATE_IOERROR));
3468  	}
3469  }
3470  
3471  
3472  /*****************************************************************************
3473   *
3474   *		TICKET functions
3475   *
3476   *****************************************************************************
3477   */
3478  
3479  /*
3480   * Free a used ticket when its refcount falls to zero.
3481   */
3482  void
3483  xfs_log_ticket_put(
3484  	xlog_ticket_t	*ticket)
3485  {
3486  	ASSERT(atomic_read(&ticket->t_ref) > 0);
3487  	if (atomic_dec_and_test(&ticket->t_ref))
3488  		kmem_zone_free(xfs_log_ticket_zone, ticket);
3489  }
3490  
3491  xlog_ticket_t *
3492  xfs_log_ticket_get(
3493  	xlog_ticket_t	*ticket)
3494  {
3495  	ASSERT(atomic_read(&ticket->t_ref) > 0);
3496  	atomic_inc(&ticket->t_ref);
3497  	return ticket;
3498  }
3499  
3500  /*
3501   * Figure out the total log space unit (in bytes) that would be
3502   * required for a log ticket.
3503   */
3504  int
3505  xfs_log_calc_unit_res(
3506  	struct xfs_mount	*mp,
3507  	int			unit_bytes)
3508  {
3509  	struct xlog		*log = mp->m_log;
3510  	int			iclog_space;
3511  	uint			num_headers;
3512  
3513  	/*
3514  	 * Permanent reservations have up to 'cnt'-1 active log operations
3515  	 * in the log.  A unit in this case is the amount of space for one
3516  	 * of these log operations.  Normal reservations have a cnt of 1
3517  	 * and their unit amount is the total amount of space required.
3518  	 *
3519  	 * The following lines of code account for non-transaction data
3520  	 * which occupy space in the on-disk log.
3521  	 *
3522  	 * Normal form of a transaction is:
3523  	 * <oph><trans-hdr><start-oph><reg1-oph><reg1><reg2-oph>...<commit-oph>
3524  	 * and then there are LR hdrs, split-recs and roundoff at end of syncs.
3525  	 *
3526  	 * We need to account for all the leadup data and trailer data
3527  	 * around the transaction data.
3528  	 * And then we need to account for the worst case in terms of using
3529  	 * more space.
3530  	 * The worst case will happen if:
3531  	 * - the placement of the transaction happens to be such that the
3532  	 *   roundoff is at its maximum
3533  	 * - the transaction data is synced before the commit record is synced
3534  	 *   i.e. <transaction-data><roundoff> | <commit-rec><roundoff>
3535  	 *   Therefore the commit record is in its own Log Record.
3536  	 *   This can happen as the commit record is called with its
3537  	 *   own region to xlog_write().
3538  	 *   This then means that in the worst case, roundoff can happen for
3539  	 *   the commit-rec as well.
3540  	 *   The commit-rec is smaller than padding in this scenario and so it is
3541  	 *   not added separately.
3542  	 */
3543  
3544  	/* for trans header */
3545  	unit_bytes += sizeof(xlog_op_header_t);
3546  	unit_bytes += sizeof(xfs_trans_header_t);
3547  
3548  	/* for start-rec */
3549  	unit_bytes += sizeof(xlog_op_header_t);
3550  
3551  	/*
3552  	 * for LR headers - the space for data in an iclog is the size minus
3553  	 * the space used for the headers. If we use the iclog size, then we
3554  	 * undercalculate the number of headers required.
3555  	 *
3556  	 * Furthermore - the addition of op headers for split-recs might
3557  	 * increase the space required enough to require more log and op
3558  	 * headers, so take that into account too.
3559  	 *
3560  	 * IMPORTANT: This reservation makes the assumption that if this
3561  	 * transaction is the first in an iclog and hence has the LR headers
3562  	 * accounted to it, then the remaining space in the iclog is
3563  	 * exclusively for this transaction.  i.e. if the transaction is larger
3564  	 * than the iclog, it will be the only thing in that iclog.
3565  	 * Fundamentally, this means we must pass the entire log vector to
3566  	 * xlog_write to guarantee this.
3567  	 */
3568  	iclog_space = log->l_iclog_size - log->l_iclog_hsize;
3569  	num_headers = howmany(unit_bytes, iclog_space);
3570  
3571  	/* for split-recs - ophdrs added when data split over LRs */
3572  	unit_bytes += sizeof(xlog_op_header_t) * num_headers;
3573  
3574  	/* add extra header reservations if we overrun */
3575  	while (!num_headers ||
3576  	       howmany(unit_bytes, iclog_space) > num_headers) {
3577  		unit_bytes += sizeof(xlog_op_header_t);
3578  		num_headers++;
3579  	}
3580  	unit_bytes += log->l_iclog_hsize * num_headers;
3581  
3582  	/* for commit-rec LR header - note: padding will subsume the ophdr */
3583  	unit_bytes += log->l_iclog_hsize;
3584  
3585  	/* for roundoff padding for transaction data and one for commit record */
3586  	if (xfs_sb_version_haslogv2(&mp->m_sb) && mp->m_sb.sb_logsunit > 1) {
3587  		/* log su roundoff */
3588  		unit_bytes += 2 * mp->m_sb.sb_logsunit;
3589  	} else {
3590  		/* BB roundoff */
3591  		unit_bytes += 2 * BBSIZE;
3592          }
3593  
3594  	return unit_bytes;
3595  }
3596  
3597  /*
3598   * Allocate and initialise a new log ticket.
3599   */
3600  struct xlog_ticket *
3601  xlog_ticket_alloc(
3602  	struct xlog		*log,
3603  	int			unit_bytes,
3604  	int			cnt,
3605  	char			client,
3606  	bool			permanent,
3607  	xfs_km_flags_t		alloc_flags)
3608  {
3609  	struct xlog_ticket	*tic;
3610  	int			unit_res;
3611  
3612  	tic = kmem_zone_zalloc(xfs_log_ticket_zone, alloc_flags);
3613  	if (!tic)
3614  		return NULL;
3615  
3616  	unit_res = xfs_log_calc_unit_res(log->l_mp, unit_bytes);
3617  
3618  	atomic_set(&tic->t_ref, 1);
3619  	tic->t_task		= current;
3620  	INIT_LIST_HEAD(&tic->t_queue);
3621  	tic->t_unit_res		= unit_res;
3622  	tic->t_curr_res		= unit_res;
3623  	tic->t_cnt		= cnt;
3624  	tic->t_ocnt		= cnt;
3625  	tic->t_tid		= prandom_u32();
3626  	tic->t_clientid		= client;
3627  	tic->t_flags		= XLOG_TIC_INITED;
3628  	tic->t_trans_type	= 0;
3629  	if (permanent)
3630  		tic->t_flags |= XLOG_TIC_PERM_RESERV;
3631  
3632  	xlog_tic_reset_res(tic);
3633  
3634  	return tic;
3635  }
3636  
3637  
3638  /******************************************************************************
3639   *
3640   *		Log debug routines
3641   *
3642   ******************************************************************************
3643   */
3644  #if defined(DEBUG)
3645  /*
3646   * Make sure that the destination ptr is within the valid data region of
3647   * one of the iclogs.  This uses backup pointers stored in a different
3648   * part of the log in case we trash the log structure.
3649   */
3650  void
3651  xlog_verify_dest_ptr(
3652  	struct xlog	*log,
3653  	char		*ptr)
3654  {
3655  	int i;
3656  	int good_ptr = 0;
3657  
3658  	for (i = 0; i < log->l_iclog_bufs; i++) {
3659  		if (ptr >= log->l_iclog_bak[i] &&
3660  		    ptr <= log->l_iclog_bak[i] + log->l_iclog_size)
3661  			good_ptr++;
3662  	}
3663  
3664  	if (!good_ptr)
3665  		xfs_emerg(log->l_mp, "%s: invalid ptr", __func__);
3666  }
3667  
3668  /*
3669   * Check to make sure the grant write head didn't just over lap the tail.  If
3670   * the cycles are the same, we can't be overlapping.  Otherwise, make sure that
3671   * the cycles differ by exactly one and check the byte count.
3672   *
3673   * This check is run unlocked, so can give false positives. Rather than assert
3674   * on failures, use a warn-once flag and a panic tag to allow the admin to
3675   * determine if they want to panic the machine when such an error occurs. For
3676   * debug kernels this will have the same effect as using an assert but, unlinke
3677   * an assert, it can be turned off at runtime.
3678   */
3679  STATIC void
3680  xlog_verify_grant_tail(
3681  	struct xlog	*log)
3682  {
3683  	int		tail_cycle, tail_blocks;
3684  	int		cycle, space;
3685  
3686  	xlog_crack_grant_head(&log->l_write_head.grant, &cycle, &space);
3687  	xlog_crack_atomic_lsn(&log->l_tail_lsn, &tail_cycle, &tail_blocks);
3688  	if (tail_cycle != cycle) {
3689  		if (cycle - 1 != tail_cycle &&
3690  		    !(log->l_flags & XLOG_TAIL_WARN)) {
3691  			xfs_alert_tag(log->l_mp, XFS_PTAG_LOGRES,
3692  				"%s: cycle - 1 != tail_cycle", __func__);
3693  			log->l_flags |= XLOG_TAIL_WARN;
3694  		}
3695  
3696  		if (space > BBTOB(tail_blocks) &&
3697  		    !(log->l_flags & XLOG_TAIL_WARN)) {
3698  			xfs_alert_tag(log->l_mp, XFS_PTAG_LOGRES,
3699  				"%s: space > BBTOB(tail_blocks)", __func__);
3700  			log->l_flags |= XLOG_TAIL_WARN;
3701  		}
3702  	}
3703  }
3704  
3705  /* check if it will fit */
3706  STATIC void
3707  xlog_verify_tail_lsn(
3708  	struct xlog		*log,
3709  	struct xlog_in_core	*iclog,
3710  	xfs_lsn_t		tail_lsn)
3711  {
3712      int blocks;
3713  
3714      if (CYCLE_LSN(tail_lsn) == log->l_prev_cycle) {
3715  	blocks =
3716  	    log->l_logBBsize - (log->l_prev_block - BLOCK_LSN(tail_lsn));
3717  	if (blocks < BTOBB(iclog->ic_offset)+BTOBB(log->l_iclog_hsize))
3718  		xfs_emerg(log->l_mp, "%s: ran out of log space", __func__);
3719      } else {
3720  	ASSERT(CYCLE_LSN(tail_lsn)+1 == log->l_prev_cycle);
3721  
3722  	if (BLOCK_LSN(tail_lsn) == log->l_prev_block)
3723  		xfs_emerg(log->l_mp, "%s: tail wrapped", __func__);
3724  
3725  	blocks = BLOCK_LSN(tail_lsn) - log->l_prev_block;
3726  	if (blocks < BTOBB(iclog->ic_offset) + 1)
3727  		xfs_emerg(log->l_mp, "%s: ran out of log space", __func__);
3728      }
3729  }	/* xlog_verify_tail_lsn */
3730  
3731  /*
3732   * Perform a number of checks on the iclog before writing to disk.
3733   *
3734   * 1. Make sure the iclogs are still circular
3735   * 2. Make sure we have a good magic number
3736   * 3. Make sure we don't have magic numbers in the data
3737   * 4. Check fields of each log operation header for:
3738   *	A. Valid client identifier
3739   *	B. tid ptr value falls in valid ptr space (user space code)
3740   *	C. Length in log record header is correct according to the
3741   *		individual operation headers within record.
3742   * 5. When a bwrite will occur within 5 blocks of the front of the physical
3743   *	log, check the preceding blocks of the physical log to make sure all
3744   *	the cycle numbers agree with the current cycle number.
3745   */
3746  STATIC void
3747  xlog_verify_iclog(
3748  	struct xlog		*log,
3749  	struct xlog_in_core	*iclog,
3750  	int			count,
3751  	bool                    syncing)
3752  {
3753  	xlog_op_header_t	*ophead;
3754  	xlog_in_core_t		*icptr;
3755  	xlog_in_core_2_t	*xhdr;
3756  	xfs_caddr_t		ptr;
3757  	xfs_caddr_t		base_ptr;
3758  	__psint_t		field_offset;
3759  	__uint8_t		clientid;
3760  	int			len, i, j, k, op_len;
3761  	int			idx;
3762  
3763  	/* check validity of iclog pointers */
3764  	spin_lock(&log->l_icloglock);
3765  	icptr = log->l_iclog;
3766  	for (i = 0; i < log->l_iclog_bufs; i++, icptr = icptr->ic_next)
3767  		ASSERT(icptr);
3768  
3769  	if (icptr != log->l_iclog)
3770  		xfs_emerg(log->l_mp, "%s: corrupt iclog ring", __func__);
3771  	spin_unlock(&log->l_icloglock);
3772  
3773  	/* check log magic numbers */
3774  	if (iclog->ic_header.h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
3775  		xfs_emerg(log->l_mp, "%s: invalid magic num", __func__);
3776  
3777  	ptr = (xfs_caddr_t) &iclog->ic_header;
3778  	for (ptr += BBSIZE; ptr < ((xfs_caddr_t)&iclog->ic_header) + count;
3779  	     ptr += BBSIZE) {
3780  		if (*(__be32 *)ptr == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
3781  			xfs_emerg(log->l_mp, "%s: unexpected magic num",
3782  				__func__);
3783  	}
3784  
3785  	/* check fields */
3786  	len = be32_to_cpu(iclog->ic_header.h_num_logops);
3787  	ptr = iclog->ic_datap;
3788  	base_ptr = ptr;
3789  	ophead = (xlog_op_header_t *)ptr;
3790  	xhdr = iclog->ic_data;
3791  	for (i = 0; i < len; i++) {
3792  		ophead = (xlog_op_header_t *)ptr;
3793  
3794  		/* clientid is only 1 byte */
3795  		field_offset = (__psint_t)
3796  			       ((xfs_caddr_t)&(ophead->oh_clientid) - base_ptr);
3797  		if (!syncing || (field_offset & 0x1ff)) {
3798  			clientid = ophead->oh_clientid;
3799  		} else {
3800  			idx = BTOBBT((xfs_caddr_t)&(ophead->oh_clientid) - iclog->ic_datap);
3801  			if (idx >= (XLOG_HEADER_CYCLE_SIZE / BBSIZE)) {
3802  				j = idx / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3803  				k = idx % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3804  				clientid = xlog_get_client_id(
3805  					xhdr[j].hic_xheader.xh_cycle_data[k]);
3806  			} else {
3807  				clientid = xlog_get_client_id(
3808  					iclog->ic_header.h_cycle_data[idx]);
3809  			}
3810  		}
3811  		if (clientid != XFS_TRANSACTION && clientid != XFS_LOG)
3812  			xfs_warn(log->l_mp,
3813  				"%s: invalid clientid %d op 0x%p offset 0x%lx",
3814  				__func__, clientid, ophead,
3815  				(unsigned long)field_offset);
3816  
3817  		/* check length */
3818  		field_offset = (__psint_t)
3819  			       ((xfs_caddr_t)&(ophead->oh_len) - base_ptr);
3820  		if (!syncing || (field_offset & 0x1ff)) {
3821  			op_len = be32_to_cpu(ophead->oh_len);
3822  		} else {
3823  			idx = BTOBBT((__psint_t)&ophead->oh_len -
3824  				    (__psint_t)iclog->ic_datap);
3825  			if (idx >= (XLOG_HEADER_CYCLE_SIZE / BBSIZE)) {
3826  				j = idx / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3827  				k = idx % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3828  				op_len = be32_to_cpu(xhdr[j].hic_xheader.xh_cycle_data[k]);
3829  			} else {
3830  				op_len = be32_to_cpu(iclog->ic_header.h_cycle_data[idx]);
3831  			}
3832  		}
3833  		ptr += sizeof(xlog_op_header_t) + op_len;
3834  	}
3835  }	/* xlog_verify_iclog */
3836  #endif
3837  
3838  /*
3839   * Mark all iclogs IOERROR. l_icloglock is held by the caller.
3840   */
3841  STATIC int
3842  xlog_state_ioerror(
3843  	struct xlog	*log)
3844  {
3845  	xlog_in_core_t	*iclog, *ic;
3846  
3847  	iclog = log->l_iclog;
3848  	if (! (iclog->ic_state & XLOG_STATE_IOERROR)) {
3849  		/*
3850  		 * Mark all the incore logs IOERROR.
3851  		 * From now on, no log flushes will result.
3852  		 */
3853  		ic = iclog;
3854  		do {
3855  			ic->ic_state = XLOG_STATE_IOERROR;
3856  			ic = ic->ic_next;
3857  		} while (ic != iclog);
3858  		return 0;
3859  	}
3860  	/*
3861  	 * Return non-zero, if state transition has already happened.
3862  	 */
3863  	return 1;
3864  }
3865  
3866  /*
3867   * This is called from xfs_force_shutdown, when we're forcibly
3868   * shutting down the filesystem, typically because of an IO error.
3869   * Our main objectives here are to make sure that:
3870   *	a. the filesystem gets marked 'SHUTDOWN' for all interested
3871   *	   parties to find out, 'atomically'.
3872   *	b. those who're sleeping on log reservations, pinned objects and
3873   *	    other resources get woken up, and be told the bad news.
3874   *	c. nothing new gets queued up after (a) and (b) are done.
3875   *	d. if !logerror, flush the iclogs to disk, then seal them off
3876   *	   for business.
3877   *
3878   * Note: for delayed logging the !logerror case needs to flush the regions
3879   * held in memory out to the iclogs before flushing them to disk. This needs
3880   * to be done before the log is marked as shutdown, otherwise the flush to the
3881   * iclogs will fail.
3882   */
3883  int
3884  xfs_log_force_umount(
3885  	struct xfs_mount	*mp,
3886  	int			logerror)
3887  {
3888  	struct xlog	*log;
3889  	int		retval;
3890  
3891  	log = mp->m_log;
3892  
3893  	/*
3894  	 * If this happens during log recovery, don't worry about
3895  	 * locking; the log isn't open for business yet.
3896  	 */
3897  	if (!log ||
3898  	    log->l_flags & XLOG_ACTIVE_RECOVERY) {
3899  		mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
3900  		if (mp->m_sb_bp)
3901  			XFS_BUF_DONE(mp->m_sb_bp);
3902  		return 0;
3903  	}
3904  
3905  	/*
3906  	 * Somebody could've already done the hard work for us.
3907  	 * No need to get locks for this.
3908  	 */
3909  	if (logerror && log->l_iclog->ic_state & XLOG_STATE_IOERROR) {
3910  		ASSERT(XLOG_FORCED_SHUTDOWN(log));
3911  		return 1;
3912  	}
3913  	retval = 0;
3914  
3915  	/*
3916  	 * Flush the in memory commit item list before marking the log as
3917  	 * being shut down. We need to do it in this order to ensure all the
3918  	 * completed transactions are flushed to disk with the xfs_log_force()
3919  	 * call below.
3920  	 */
3921  	if (!logerror)
3922  		xlog_cil_force(log);
3923  
3924  	/*
3925  	 * mark the filesystem and the as in a shutdown state and wake
3926  	 * everybody up to tell them the bad news.
3927  	 */
3928  	spin_lock(&log->l_icloglock);
3929  	mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
3930  	if (mp->m_sb_bp)
3931  		XFS_BUF_DONE(mp->m_sb_bp);
3932  
3933  	/*
3934  	 * This flag is sort of redundant because of the mount flag, but
3935  	 * it's good to maintain the separation between the log and the rest
3936  	 * of XFS.
3937  	 */
3938  	log->l_flags |= XLOG_IO_ERROR;
3939  
3940  	/*
3941  	 * If we hit a log error, we want to mark all the iclogs IOERROR
3942  	 * while we're still holding the loglock.
3943  	 */
3944  	if (logerror)
3945  		retval = xlog_state_ioerror(log);
3946  	spin_unlock(&log->l_icloglock);
3947  
3948  	/*
3949  	 * We don't want anybody waiting for log reservations after this. That
3950  	 * means we have to wake up everybody queued up on reserveq as well as
3951  	 * writeq.  In addition, we make sure in xlog_{re}grant_log_space that
3952  	 * we don't enqueue anything once the SHUTDOWN flag is set, and this
3953  	 * action is protected by the grant locks.
3954  	 */
3955  	xlog_grant_head_wake_all(&log->l_reserve_head);
3956  	xlog_grant_head_wake_all(&log->l_write_head);
3957  
3958  	if (!(log->l_iclog->ic_state & XLOG_STATE_IOERROR)) {
3959  		ASSERT(!logerror);
3960  		/*
3961  		 * Force the incore logs to disk before shutting the
3962  		 * log down completely.
3963  		 */
3964  		_xfs_log_force(mp, XFS_LOG_SYNC, NULL);
3965  
3966  		spin_lock(&log->l_icloglock);
3967  		retval = xlog_state_ioerror(log);
3968  		spin_unlock(&log->l_icloglock);
3969  	}
3970  
3971  	/*
3972  	 * Wake up everybody waiting on xfs_log_force. Wake the CIL push first
3973  	 * as if the log writes were completed. The abort handling in the log
3974  	 * item committed callback functions will do this again under lock to
3975  	 * avoid races.
3976  	 */
3977  	wake_up_all(&log->l_cilp->xc_commit_wait);
3978  	xlog_state_do_callback(log, XFS_LI_ABORTED, NULL);
3979  
3980  #ifdef XFSERRORDEBUG
3981  	{
3982  		xlog_in_core_t	*iclog;
3983  
3984  		spin_lock(&log->l_icloglock);
3985  		iclog = log->l_iclog;
3986  		do {
3987  			ASSERT(iclog->ic_callback == 0);
3988  			iclog = iclog->ic_next;
3989  		} while (iclog != log->l_iclog);
3990  		spin_unlock(&log->l_icloglock);
3991  	}
3992  #endif
3993  	/* return non-zero if log IOERROR transition had already happened */
3994  	return retval;
3995  }
3996  
3997  STATIC int
3998  xlog_iclogs_empty(
3999  	struct xlog	*log)
4000  {
4001  	xlog_in_core_t	*iclog;
4002  
4003  	iclog = log->l_iclog;
4004  	do {
4005  		/* endianness does not matter here, zero is zero in
4006  		 * any language.
4007  		 */
4008  		if (iclog->ic_header.h_num_logops)
4009  			return 0;
4010  		iclog = iclog->ic_next;
4011  	} while (iclog != log->l_iclog);
4012  	return 1;
4013  }
4014  
4015