1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_bit.h" 13 #include "xfs_sb.h" 14 #include "xfs_mount.h" 15 #include "xfs_inode.h" 16 #include "xfs_dir2.h" 17 #include "xfs_ialloc.h" 18 #include "xfs_alloc.h" 19 #include "xfs_rtalloc.h" 20 #include "xfs_bmap.h" 21 #include "xfs_trans.h" 22 #include "xfs_trans_priv.h" 23 #include "xfs_log.h" 24 #include "xfs_error.h" 25 #include "xfs_quota.h" 26 #include "xfs_fsops.h" 27 #include "xfs_icache.h" 28 #include "xfs_sysfs.h" 29 #include "xfs_rmap_btree.h" 30 #include "xfs_refcount_btree.h" 31 #include "xfs_reflink.h" 32 #include "xfs_extent_busy.h" 33 #include "xfs_health.h" 34 #include "xfs_trace.h" 35 36 static DEFINE_MUTEX(xfs_uuid_table_mutex); 37 static int xfs_uuid_table_size; 38 static uuid_t *xfs_uuid_table; 39 40 void 41 xfs_uuid_table_free(void) 42 { 43 if (xfs_uuid_table_size == 0) 44 return; 45 kmem_free(xfs_uuid_table); 46 xfs_uuid_table = NULL; 47 xfs_uuid_table_size = 0; 48 } 49 50 /* 51 * See if the UUID is unique among mounted XFS filesystems. 52 * Mount fails if UUID is nil or a FS with the same UUID is already mounted. 53 */ 54 STATIC int 55 xfs_uuid_mount( 56 struct xfs_mount *mp) 57 { 58 uuid_t *uuid = &mp->m_sb.sb_uuid; 59 int hole, i; 60 61 /* Publish UUID in struct super_block */ 62 uuid_copy(&mp->m_super->s_uuid, uuid); 63 64 if (mp->m_flags & XFS_MOUNT_NOUUID) 65 return 0; 66 67 if (uuid_is_null(uuid)) { 68 xfs_warn(mp, "Filesystem has null UUID - can't mount"); 69 return -EINVAL; 70 } 71 72 mutex_lock(&xfs_uuid_table_mutex); 73 for (i = 0, hole = -1; i < xfs_uuid_table_size; i++) { 74 if (uuid_is_null(&xfs_uuid_table[i])) { 75 hole = i; 76 continue; 77 } 78 if (uuid_equal(uuid, &xfs_uuid_table[i])) 79 goto out_duplicate; 80 } 81 82 if (hole < 0) { 83 xfs_uuid_table = krealloc(xfs_uuid_table, 84 (xfs_uuid_table_size + 1) * sizeof(*xfs_uuid_table), 85 GFP_KERNEL | __GFP_NOFAIL); 86 hole = xfs_uuid_table_size++; 87 } 88 xfs_uuid_table[hole] = *uuid; 89 mutex_unlock(&xfs_uuid_table_mutex); 90 91 return 0; 92 93 out_duplicate: 94 mutex_unlock(&xfs_uuid_table_mutex); 95 xfs_warn(mp, "Filesystem has duplicate UUID %pU - can't mount", uuid); 96 return -EINVAL; 97 } 98 99 STATIC void 100 xfs_uuid_unmount( 101 struct xfs_mount *mp) 102 { 103 uuid_t *uuid = &mp->m_sb.sb_uuid; 104 int i; 105 106 if (mp->m_flags & XFS_MOUNT_NOUUID) 107 return; 108 109 mutex_lock(&xfs_uuid_table_mutex); 110 for (i = 0; i < xfs_uuid_table_size; i++) { 111 if (uuid_is_null(&xfs_uuid_table[i])) 112 continue; 113 if (!uuid_equal(uuid, &xfs_uuid_table[i])) 114 continue; 115 memset(&xfs_uuid_table[i], 0, sizeof(uuid_t)); 116 break; 117 } 118 ASSERT(i < xfs_uuid_table_size); 119 mutex_unlock(&xfs_uuid_table_mutex); 120 } 121 122 123 STATIC void 124 __xfs_free_perag( 125 struct rcu_head *head) 126 { 127 struct xfs_perag *pag = container_of(head, struct xfs_perag, rcu_head); 128 129 ASSERT(atomic_read(&pag->pag_ref) == 0); 130 kmem_free(pag); 131 } 132 133 /* 134 * Free up the per-ag resources associated with the mount structure. 135 */ 136 STATIC void 137 xfs_free_perag( 138 xfs_mount_t *mp) 139 { 140 xfs_agnumber_t agno; 141 struct xfs_perag *pag; 142 143 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 144 spin_lock(&mp->m_perag_lock); 145 pag = radix_tree_delete(&mp->m_perag_tree, agno); 146 spin_unlock(&mp->m_perag_lock); 147 ASSERT(pag); 148 ASSERT(atomic_read(&pag->pag_ref) == 0); 149 xfs_iunlink_destroy(pag); 150 xfs_buf_hash_destroy(pag); 151 call_rcu(&pag->rcu_head, __xfs_free_perag); 152 } 153 } 154 155 /* 156 * Check size of device based on the (data/realtime) block count. 157 * Note: this check is used by the growfs code as well as mount. 158 */ 159 int 160 xfs_sb_validate_fsb_count( 161 xfs_sb_t *sbp, 162 uint64_t nblocks) 163 { 164 ASSERT(PAGE_SHIFT >= sbp->sb_blocklog); 165 ASSERT(sbp->sb_blocklog >= BBSHIFT); 166 167 /* Limited by ULONG_MAX of page cache index */ 168 if (nblocks >> (PAGE_SHIFT - sbp->sb_blocklog) > ULONG_MAX) 169 return -EFBIG; 170 return 0; 171 } 172 173 int 174 xfs_initialize_perag( 175 xfs_mount_t *mp, 176 xfs_agnumber_t agcount, 177 xfs_agnumber_t *maxagi) 178 { 179 xfs_agnumber_t index; 180 xfs_agnumber_t first_initialised = NULLAGNUMBER; 181 xfs_perag_t *pag; 182 int error = -ENOMEM; 183 184 /* 185 * Walk the current per-ag tree so we don't try to initialise AGs 186 * that already exist (growfs case). Allocate and insert all the 187 * AGs we don't find ready for initialisation. 188 */ 189 for (index = 0; index < agcount; index++) { 190 pag = xfs_perag_get(mp, index); 191 if (pag) { 192 xfs_perag_put(pag); 193 continue; 194 } 195 196 pag = kmem_zalloc(sizeof(*pag), KM_MAYFAIL); 197 if (!pag) { 198 error = -ENOMEM; 199 goto out_unwind_new_pags; 200 } 201 pag->pag_agno = index; 202 pag->pag_mount = mp; 203 spin_lock_init(&pag->pag_ici_lock); 204 INIT_RADIX_TREE(&pag->pag_ici_root, GFP_ATOMIC); 205 206 error = xfs_buf_hash_init(pag); 207 if (error) 208 goto out_free_pag; 209 init_waitqueue_head(&pag->pagb_wait); 210 spin_lock_init(&pag->pagb_lock); 211 pag->pagb_count = 0; 212 pag->pagb_tree = RB_ROOT; 213 214 error = radix_tree_preload(GFP_NOFS); 215 if (error) 216 goto out_hash_destroy; 217 218 spin_lock(&mp->m_perag_lock); 219 if (radix_tree_insert(&mp->m_perag_tree, index, pag)) { 220 WARN_ON_ONCE(1); 221 spin_unlock(&mp->m_perag_lock); 222 radix_tree_preload_end(); 223 error = -EEXIST; 224 goto out_hash_destroy; 225 } 226 spin_unlock(&mp->m_perag_lock); 227 radix_tree_preload_end(); 228 /* first new pag is fully initialized */ 229 if (first_initialised == NULLAGNUMBER) 230 first_initialised = index; 231 error = xfs_iunlink_init(pag); 232 if (error) 233 goto out_hash_destroy; 234 spin_lock_init(&pag->pag_state_lock); 235 } 236 237 index = xfs_set_inode_alloc(mp, agcount); 238 239 if (maxagi) 240 *maxagi = index; 241 242 mp->m_ag_prealloc_blocks = xfs_prealloc_blocks(mp); 243 return 0; 244 245 out_hash_destroy: 246 xfs_buf_hash_destroy(pag); 247 out_free_pag: 248 kmem_free(pag); 249 out_unwind_new_pags: 250 /* unwind any prior newly initialized pags */ 251 for (index = first_initialised; index < agcount; index++) { 252 pag = radix_tree_delete(&mp->m_perag_tree, index); 253 if (!pag) 254 break; 255 xfs_buf_hash_destroy(pag); 256 xfs_iunlink_destroy(pag); 257 kmem_free(pag); 258 } 259 return error; 260 } 261 262 /* 263 * xfs_readsb 264 * 265 * Does the initial read of the superblock. 266 */ 267 int 268 xfs_readsb( 269 struct xfs_mount *mp, 270 int flags) 271 { 272 unsigned int sector_size; 273 struct xfs_buf *bp; 274 struct xfs_sb *sbp = &mp->m_sb; 275 int error; 276 int loud = !(flags & XFS_MFSI_QUIET); 277 const struct xfs_buf_ops *buf_ops; 278 279 ASSERT(mp->m_sb_bp == NULL); 280 ASSERT(mp->m_ddev_targp != NULL); 281 282 /* 283 * For the initial read, we must guess at the sector 284 * size based on the block device. It's enough to 285 * get the sb_sectsize out of the superblock and 286 * then reread with the proper length. 287 * We don't verify it yet, because it may not be complete. 288 */ 289 sector_size = xfs_getsize_buftarg(mp->m_ddev_targp); 290 buf_ops = NULL; 291 292 /* 293 * Allocate a (locked) buffer to hold the superblock. This will be kept 294 * around at all times to optimize access to the superblock. Therefore, 295 * set XBF_NO_IOACCT to make sure it doesn't hold the buftarg count 296 * elevated. 297 */ 298 reread: 299 error = xfs_buf_read_uncached(mp->m_ddev_targp, XFS_SB_DADDR, 300 BTOBB(sector_size), XBF_NO_IOACCT, &bp, 301 buf_ops); 302 if (error) { 303 if (loud) 304 xfs_warn(mp, "SB validate failed with error %d.", error); 305 /* bad CRC means corrupted metadata */ 306 if (error == -EFSBADCRC) 307 error = -EFSCORRUPTED; 308 return error; 309 } 310 311 /* 312 * Initialize the mount structure from the superblock. 313 */ 314 xfs_sb_from_disk(sbp, bp->b_addr); 315 316 /* 317 * If we haven't validated the superblock, do so now before we try 318 * to check the sector size and reread the superblock appropriately. 319 */ 320 if (sbp->sb_magicnum != XFS_SB_MAGIC) { 321 if (loud) 322 xfs_warn(mp, "Invalid superblock magic number"); 323 error = -EINVAL; 324 goto release_buf; 325 } 326 327 /* 328 * We must be able to do sector-sized and sector-aligned IO. 329 */ 330 if (sector_size > sbp->sb_sectsize) { 331 if (loud) 332 xfs_warn(mp, "device supports %u byte sectors (not %u)", 333 sector_size, sbp->sb_sectsize); 334 error = -ENOSYS; 335 goto release_buf; 336 } 337 338 if (buf_ops == NULL) { 339 /* 340 * Re-read the superblock so the buffer is correctly sized, 341 * and properly verified. 342 */ 343 xfs_buf_relse(bp); 344 sector_size = sbp->sb_sectsize; 345 buf_ops = loud ? &xfs_sb_buf_ops : &xfs_sb_quiet_buf_ops; 346 goto reread; 347 } 348 349 xfs_reinit_percpu_counters(mp); 350 351 /* no need to be quiet anymore, so reset the buf ops */ 352 bp->b_ops = &xfs_sb_buf_ops; 353 354 mp->m_sb_bp = bp; 355 xfs_buf_unlock(bp); 356 return 0; 357 358 release_buf: 359 xfs_buf_relse(bp); 360 return error; 361 } 362 363 /* 364 * If the sunit/swidth change would move the precomputed root inode value, we 365 * must reject the ondisk change because repair will stumble over that. 366 * However, we allow the mount to proceed because we never rejected this 367 * combination before. Returns true to update the sb, false otherwise. 368 */ 369 static inline int 370 xfs_check_new_dalign( 371 struct xfs_mount *mp, 372 int new_dalign, 373 bool *update_sb) 374 { 375 struct xfs_sb *sbp = &mp->m_sb; 376 xfs_ino_t calc_ino; 377 378 calc_ino = xfs_ialloc_calc_rootino(mp, new_dalign); 379 trace_xfs_check_new_dalign(mp, new_dalign, calc_ino); 380 381 if (sbp->sb_rootino == calc_ino) { 382 *update_sb = true; 383 return 0; 384 } 385 386 xfs_warn(mp, 387 "Cannot change stripe alignment; would require moving root inode."); 388 389 /* 390 * XXX: Next time we add a new incompat feature, this should start 391 * returning -EINVAL to fail the mount. Until then, spit out a warning 392 * that we're ignoring the administrator's instructions. 393 */ 394 xfs_warn(mp, "Skipping superblock stripe alignment update."); 395 *update_sb = false; 396 return 0; 397 } 398 399 /* 400 * If we were provided with new sunit/swidth values as mount options, make sure 401 * that they pass basic alignment and superblock feature checks, and convert 402 * them into the same units (FSB) that everything else expects. This step 403 * /must/ be done before computing the inode geometry. 404 */ 405 STATIC int 406 xfs_validate_new_dalign( 407 struct xfs_mount *mp) 408 { 409 if (mp->m_dalign == 0) 410 return 0; 411 412 /* 413 * If stripe unit and stripe width are not multiples 414 * of the fs blocksize turn off alignment. 415 */ 416 if ((BBTOB(mp->m_dalign) & mp->m_blockmask) || 417 (BBTOB(mp->m_swidth) & mp->m_blockmask)) { 418 xfs_warn(mp, 419 "alignment check failed: sunit/swidth vs. blocksize(%d)", 420 mp->m_sb.sb_blocksize); 421 return -EINVAL; 422 } else { 423 /* 424 * Convert the stripe unit and width to FSBs. 425 */ 426 mp->m_dalign = XFS_BB_TO_FSBT(mp, mp->m_dalign); 427 if (mp->m_dalign && (mp->m_sb.sb_agblocks % mp->m_dalign)) { 428 xfs_warn(mp, 429 "alignment check failed: sunit/swidth vs. agsize(%d)", 430 mp->m_sb.sb_agblocks); 431 return -EINVAL; 432 } else if (mp->m_dalign) { 433 mp->m_swidth = XFS_BB_TO_FSBT(mp, mp->m_swidth); 434 } else { 435 xfs_warn(mp, 436 "alignment check failed: sunit(%d) less than bsize(%d)", 437 mp->m_dalign, mp->m_sb.sb_blocksize); 438 return -EINVAL; 439 } 440 } 441 442 if (!xfs_sb_version_hasdalign(&mp->m_sb)) { 443 xfs_warn(mp, 444 "cannot change alignment: superblock does not support data alignment"); 445 return -EINVAL; 446 } 447 448 return 0; 449 } 450 451 /* Update alignment values based on mount options and sb values. */ 452 STATIC int 453 xfs_update_alignment( 454 struct xfs_mount *mp) 455 { 456 struct xfs_sb *sbp = &mp->m_sb; 457 458 if (mp->m_dalign) { 459 bool update_sb; 460 int error; 461 462 if (sbp->sb_unit == mp->m_dalign && 463 sbp->sb_width == mp->m_swidth) 464 return 0; 465 466 error = xfs_check_new_dalign(mp, mp->m_dalign, &update_sb); 467 if (error || !update_sb) 468 return error; 469 470 sbp->sb_unit = mp->m_dalign; 471 sbp->sb_width = mp->m_swidth; 472 mp->m_update_sb = true; 473 } else if ((mp->m_flags & XFS_MOUNT_NOALIGN) != XFS_MOUNT_NOALIGN && 474 xfs_sb_version_hasdalign(&mp->m_sb)) { 475 mp->m_dalign = sbp->sb_unit; 476 mp->m_swidth = sbp->sb_width; 477 } 478 479 return 0; 480 } 481 482 /* 483 * precalculate the low space thresholds for dynamic speculative preallocation. 484 */ 485 void 486 xfs_set_low_space_thresholds( 487 struct xfs_mount *mp) 488 { 489 int i; 490 491 for (i = 0; i < XFS_LOWSP_MAX; i++) { 492 uint64_t space = mp->m_sb.sb_dblocks; 493 494 do_div(space, 100); 495 mp->m_low_space[i] = space * (i + 1); 496 } 497 } 498 499 /* 500 * Check that the data (and log if separate) is an ok size. 501 */ 502 STATIC int 503 xfs_check_sizes( 504 struct xfs_mount *mp) 505 { 506 struct xfs_buf *bp; 507 xfs_daddr_t d; 508 int error; 509 510 d = (xfs_daddr_t)XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks); 511 if (XFS_BB_TO_FSB(mp, d) != mp->m_sb.sb_dblocks) { 512 xfs_warn(mp, "filesystem size mismatch detected"); 513 return -EFBIG; 514 } 515 error = xfs_buf_read_uncached(mp->m_ddev_targp, 516 d - XFS_FSS_TO_BB(mp, 1), 517 XFS_FSS_TO_BB(mp, 1), 0, &bp, NULL); 518 if (error) { 519 xfs_warn(mp, "last sector read failed"); 520 return error; 521 } 522 xfs_buf_relse(bp); 523 524 if (mp->m_logdev_targp == mp->m_ddev_targp) 525 return 0; 526 527 d = (xfs_daddr_t)XFS_FSB_TO_BB(mp, mp->m_sb.sb_logblocks); 528 if (XFS_BB_TO_FSB(mp, d) != mp->m_sb.sb_logblocks) { 529 xfs_warn(mp, "log size mismatch detected"); 530 return -EFBIG; 531 } 532 error = xfs_buf_read_uncached(mp->m_logdev_targp, 533 d - XFS_FSB_TO_BB(mp, 1), 534 XFS_FSB_TO_BB(mp, 1), 0, &bp, NULL); 535 if (error) { 536 xfs_warn(mp, "log device read failed"); 537 return error; 538 } 539 xfs_buf_relse(bp); 540 return 0; 541 } 542 543 /* 544 * Clear the quotaflags in memory and in the superblock. 545 */ 546 int 547 xfs_mount_reset_sbqflags( 548 struct xfs_mount *mp) 549 { 550 mp->m_qflags = 0; 551 552 /* It is OK to look at sb_qflags in the mount path without m_sb_lock. */ 553 if (mp->m_sb.sb_qflags == 0) 554 return 0; 555 spin_lock(&mp->m_sb_lock); 556 mp->m_sb.sb_qflags = 0; 557 spin_unlock(&mp->m_sb_lock); 558 559 if (!xfs_fs_writable(mp, SB_FREEZE_WRITE)) 560 return 0; 561 562 return xfs_sync_sb(mp, false); 563 } 564 565 uint64_t 566 xfs_default_resblks(xfs_mount_t *mp) 567 { 568 uint64_t resblks; 569 570 /* 571 * We default to 5% or 8192 fsbs of space reserved, whichever is 572 * smaller. This is intended to cover concurrent allocation 573 * transactions when we initially hit enospc. These each require a 4 574 * block reservation. Hence by default we cover roughly 2000 concurrent 575 * allocation reservations. 576 */ 577 resblks = mp->m_sb.sb_dblocks; 578 do_div(resblks, 20); 579 resblks = min_t(uint64_t, resblks, 8192); 580 return resblks; 581 } 582 583 /* Ensure the summary counts are correct. */ 584 STATIC int 585 xfs_check_summary_counts( 586 struct xfs_mount *mp) 587 { 588 /* 589 * The AG0 superblock verifier rejects in-progress filesystems, 590 * so we should never see the flag set this far into mounting. 591 */ 592 if (mp->m_sb.sb_inprogress) { 593 xfs_err(mp, "sb_inprogress set after log recovery??"); 594 WARN_ON(1); 595 return -EFSCORRUPTED; 596 } 597 598 /* 599 * Now the log is mounted, we know if it was an unclean shutdown or 600 * not. If it was, with the first phase of recovery has completed, we 601 * have consistent AG blocks on disk. We have not recovered EFIs yet, 602 * but they are recovered transactionally in the second recovery phase 603 * later. 604 * 605 * If the log was clean when we mounted, we can check the summary 606 * counters. If any of them are obviously incorrect, we can recompute 607 * them from the AGF headers in the next step. 608 */ 609 if (XFS_LAST_UNMOUNT_WAS_CLEAN(mp) && 610 (mp->m_sb.sb_fdblocks > mp->m_sb.sb_dblocks || 611 !xfs_verify_icount(mp, mp->m_sb.sb_icount) || 612 mp->m_sb.sb_ifree > mp->m_sb.sb_icount)) 613 xfs_fs_mark_sick(mp, XFS_SICK_FS_COUNTERS); 614 615 /* 616 * We can safely re-initialise incore superblock counters from the 617 * per-ag data. These may not be correct if the filesystem was not 618 * cleanly unmounted, so we waited for recovery to finish before doing 619 * this. 620 * 621 * If the filesystem was cleanly unmounted or the previous check did 622 * not flag anything weird, then we can trust the values in the 623 * superblock to be correct and we don't need to do anything here. 624 * Otherwise, recalculate the summary counters. 625 */ 626 if ((!xfs_sb_version_haslazysbcount(&mp->m_sb) || 627 XFS_LAST_UNMOUNT_WAS_CLEAN(mp)) && 628 !xfs_fs_has_sickness(mp, XFS_SICK_FS_COUNTERS)) 629 return 0; 630 631 return xfs_initialize_perag_data(mp, mp->m_sb.sb_agcount); 632 } 633 634 /* 635 * This function does the following on an initial mount of a file system: 636 * - reads the superblock from disk and init the mount struct 637 * - if we're a 32-bit kernel, do a size check on the superblock 638 * so we don't mount terabyte filesystems 639 * - init mount struct realtime fields 640 * - allocate inode hash table for fs 641 * - init directory manager 642 * - perform recovery and init the log manager 643 */ 644 int 645 xfs_mountfs( 646 struct xfs_mount *mp) 647 { 648 struct xfs_sb *sbp = &(mp->m_sb); 649 struct xfs_inode *rip; 650 struct xfs_ino_geometry *igeo = M_IGEO(mp); 651 uint64_t resblks; 652 uint quotamount = 0; 653 uint quotaflags = 0; 654 int error = 0; 655 656 xfs_sb_mount_common(mp, sbp); 657 658 /* 659 * Check for a mismatched features2 values. Older kernels read & wrote 660 * into the wrong sb offset for sb_features2 on some platforms due to 661 * xfs_sb_t not being 64bit size aligned when sb_features2 was added, 662 * which made older superblock reading/writing routines swap it as a 663 * 64-bit value. 664 * 665 * For backwards compatibility, we make both slots equal. 666 * 667 * If we detect a mismatched field, we OR the set bits into the existing 668 * features2 field in case it has already been modified; we don't want 669 * to lose any features. We then update the bad location with the ORed 670 * value so that older kernels will see any features2 flags. The 671 * superblock writeback code ensures the new sb_features2 is copied to 672 * sb_bad_features2 before it is logged or written to disk. 673 */ 674 if (xfs_sb_has_mismatched_features2(sbp)) { 675 xfs_warn(mp, "correcting sb_features alignment problem"); 676 sbp->sb_features2 |= sbp->sb_bad_features2; 677 mp->m_update_sb = true; 678 679 /* 680 * Re-check for ATTR2 in case it was found in bad_features2 681 * slot. 682 */ 683 if (xfs_sb_version_hasattr2(&mp->m_sb) && 684 !(mp->m_flags & XFS_MOUNT_NOATTR2)) 685 mp->m_flags |= XFS_MOUNT_ATTR2; 686 } 687 688 if (xfs_sb_version_hasattr2(&mp->m_sb) && 689 (mp->m_flags & XFS_MOUNT_NOATTR2)) { 690 xfs_sb_version_removeattr2(&mp->m_sb); 691 mp->m_update_sb = true; 692 693 /* update sb_versionnum for the clearing of the morebits */ 694 if (!sbp->sb_features2) 695 mp->m_update_sb = true; 696 } 697 698 /* always use v2 inodes by default now */ 699 if (!(mp->m_sb.sb_versionnum & XFS_SB_VERSION_NLINKBIT)) { 700 mp->m_sb.sb_versionnum |= XFS_SB_VERSION_NLINKBIT; 701 mp->m_update_sb = true; 702 } 703 704 /* 705 * If we were given new sunit/swidth options, do some basic validation 706 * checks and convert the incore dalign and swidth values to the 707 * same units (FSB) that everything else uses. This /must/ happen 708 * before computing the inode geometry. 709 */ 710 error = xfs_validate_new_dalign(mp); 711 if (error) 712 goto out; 713 714 xfs_alloc_compute_maxlevels(mp); 715 xfs_bmap_compute_maxlevels(mp, XFS_DATA_FORK); 716 xfs_bmap_compute_maxlevels(mp, XFS_ATTR_FORK); 717 xfs_ialloc_setup_geometry(mp); 718 xfs_rmapbt_compute_maxlevels(mp); 719 xfs_refcountbt_compute_maxlevels(mp); 720 721 /* 722 * Check if sb_agblocks is aligned at stripe boundary. If sb_agblocks 723 * is NOT aligned turn off m_dalign since allocator alignment is within 724 * an ag, therefore ag has to be aligned at stripe boundary. Note that 725 * we must compute the free space and rmap btree geometry before doing 726 * this. 727 */ 728 error = xfs_update_alignment(mp); 729 if (error) 730 goto out; 731 732 /* enable fail_at_unmount as default */ 733 mp->m_fail_unmount = true; 734 735 error = xfs_sysfs_init(&mp->m_kobj, &xfs_mp_ktype, 736 NULL, mp->m_super->s_id); 737 if (error) 738 goto out; 739 740 error = xfs_sysfs_init(&mp->m_stats.xs_kobj, &xfs_stats_ktype, 741 &mp->m_kobj, "stats"); 742 if (error) 743 goto out_remove_sysfs; 744 745 error = xfs_error_sysfs_init(mp); 746 if (error) 747 goto out_del_stats; 748 749 error = xfs_errortag_init(mp); 750 if (error) 751 goto out_remove_error_sysfs; 752 753 error = xfs_uuid_mount(mp); 754 if (error) 755 goto out_remove_errortag; 756 757 /* 758 * Update the preferred write size based on the information from the 759 * on-disk superblock. 760 */ 761 mp->m_allocsize_log = 762 max_t(uint32_t, sbp->sb_blocklog, mp->m_allocsize_log); 763 mp->m_allocsize_blocks = 1U << (mp->m_allocsize_log - sbp->sb_blocklog); 764 765 /* set the low space thresholds for dynamic preallocation */ 766 xfs_set_low_space_thresholds(mp); 767 768 /* 769 * If enabled, sparse inode chunk alignment is expected to match the 770 * cluster size. Full inode chunk alignment must match the chunk size, 771 * but that is checked on sb read verification... 772 */ 773 if (xfs_sb_version_hassparseinodes(&mp->m_sb) && 774 mp->m_sb.sb_spino_align != 775 XFS_B_TO_FSBT(mp, igeo->inode_cluster_size_raw)) { 776 xfs_warn(mp, 777 "Sparse inode block alignment (%u) must match cluster size (%llu).", 778 mp->m_sb.sb_spino_align, 779 XFS_B_TO_FSBT(mp, igeo->inode_cluster_size_raw)); 780 error = -EINVAL; 781 goto out_remove_uuid; 782 } 783 784 /* 785 * Check that the data (and log if separate) is an ok size. 786 */ 787 error = xfs_check_sizes(mp); 788 if (error) 789 goto out_remove_uuid; 790 791 /* 792 * Initialize realtime fields in the mount structure 793 */ 794 error = xfs_rtmount_init(mp); 795 if (error) { 796 xfs_warn(mp, "RT mount failed"); 797 goto out_remove_uuid; 798 } 799 800 /* 801 * Copies the low order bits of the timestamp and the randomly 802 * set "sequence" number out of a UUID. 803 */ 804 mp->m_fixedfsid[0] = 805 (get_unaligned_be16(&sbp->sb_uuid.b[8]) << 16) | 806 get_unaligned_be16(&sbp->sb_uuid.b[4]); 807 mp->m_fixedfsid[1] = get_unaligned_be32(&sbp->sb_uuid.b[0]); 808 809 error = xfs_da_mount(mp); 810 if (error) { 811 xfs_warn(mp, "Failed dir/attr init: %d", error); 812 goto out_remove_uuid; 813 } 814 815 /* 816 * Initialize the precomputed transaction reservations values. 817 */ 818 xfs_trans_init(mp); 819 820 /* 821 * Allocate and initialize the per-ag data. 822 */ 823 error = xfs_initialize_perag(mp, sbp->sb_agcount, &mp->m_maxagi); 824 if (error) { 825 xfs_warn(mp, "Failed per-ag init: %d", error); 826 goto out_free_dir; 827 } 828 829 if (XFS_IS_CORRUPT(mp, !sbp->sb_logblocks)) { 830 xfs_warn(mp, "no log defined"); 831 error = -EFSCORRUPTED; 832 goto out_free_perag; 833 } 834 835 /* 836 * Log's mount-time initialization. The first part of recovery can place 837 * some items on the AIL, to be handled when recovery is finished or 838 * cancelled. 839 */ 840 error = xfs_log_mount(mp, mp->m_logdev_targp, 841 XFS_FSB_TO_DADDR(mp, sbp->sb_logstart), 842 XFS_FSB_TO_BB(mp, sbp->sb_logblocks)); 843 if (error) { 844 xfs_warn(mp, "log mount failed"); 845 goto out_fail_wait; 846 } 847 848 /* Make sure the summary counts are ok. */ 849 error = xfs_check_summary_counts(mp); 850 if (error) 851 goto out_log_dealloc; 852 853 /* 854 * Get and sanity-check the root inode. 855 * Save the pointer to it in the mount structure. 856 */ 857 error = xfs_iget(mp, NULL, sbp->sb_rootino, XFS_IGET_UNTRUSTED, 858 XFS_ILOCK_EXCL, &rip); 859 if (error) { 860 xfs_warn(mp, 861 "Failed to read root inode 0x%llx, error %d", 862 sbp->sb_rootino, -error); 863 goto out_log_dealloc; 864 } 865 866 ASSERT(rip != NULL); 867 868 if (XFS_IS_CORRUPT(mp, !S_ISDIR(VFS_I(rip)->i_mode))) { 869 xfs_warn(mp, "corrupted root inode %llu: not a directory", 870 (unsigned long long)rip->i_ino); 871 xfs_iunlock(rip, XFS_ILOCK_EXCL); 872 error = -EFSCORRUPTED; 873 goto out_rele_rip; 874 } 875 mp->m_rootip = rip; /* save it */ 876 877 xfs_iunlock(rip, XFS_ILOCK_EXCL); 878 879 /* 880 * Initialize realtime inode pointers in the mount structure 881 */ 882 error = xfs_rtmount_inodes(mp); 883 if (error) { 884 /* 885 * Free up the root inode. 886 */ 887 xfs_warn(mp, "failed to read RT inodes"); 888 goto out_rele_rip; 889 } 890 891 /* 892 * If this is a read-only mount defer the superblock updates until 893 * the next remount into writeable mode. Otherwise we would never 894 * perform the update e.g. for the root filesystem. 895 */ 896 if (mp->m_update_sb && !(mp->m_flags & XFS_MOUNT_RDONLY)) { 897 error = xfs_sync_sb(mp, false); 898 if (error) { 899 xfs_warn(mp, "failed to write sb changes"); 900 goto out_rtunmount; 901 } 902 } 903 904 /* 905 * Initialise the XFS quota management subsystem for this mount 906 */ 907 if (XFS_IS_QUOTA_RUNNING(mp)) { 908 error = xfs_qm_newmount(mp, "amount, "aflags); 909 if (error) 910 goto out_rtunmount; 911 } else { 912 ASSERT(!XFS_IS_QUOTA_ON(mp)); 913 914 /* 915 * If a file system had quotas running earlier, but decided to 916 * mount without -o uquota/pquota/gquota options, revoke the 917 * quotachecked license. 918 */ 919 if (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_ACCT) { 920 xfs_notice(mp, "resetting quota flags"); 921 error = xfs_mount_reset_sbqflags(mp); 922 if (error) 923 goto out_rtunmount; 924 } 925 } 926 927 /* 928 * Finish recovering the file system. This part needed to be delayed 929 * until after the root and real-time bitmap inodes were consistently 930 * read in. 931 */ 932 error = xfs_log_mount_finish(mp); 933 if (error) { 934 xfs_warn(mp, "log mount finish failed"); 935 goto out_rtunmount; 936 } 937 938 /* 939 * Now the log is fully replayed, we can transition to full read-only 940 * mode for read-only mounts. This will sync all the metadata and clean 941 * the log so that the recovery we just performed does not have to be 942 * replayed again on the next mount. 943 * 944 * We use the same quiesce mechanism as the rw->ro remount, as they are 945 * semantically identical operations. 946 */ 947 if ((mp->m_flags & (XFS_MOUNT_RDONLY|XFS_MOUNT_NORECOVERY)) == 948 XFS_MOUNT_RDONLY) { 949 xfs_quiesce_attr(mp); 950 } 951 952 /* 953 * Complete the quota initialisation, post-log-replay component. 954 */ 955 if (quotamount) { 956 ASSERT(mp->m_qflags == 0); 957 mp->m_qflags = quotaflags; 958 959 xfs_qm_mount_quotas(mp); 960 } 961 962 /* 963 * Now we are mounted, reserve a small amount of unused space for 964 * privileged transactions. This is needed so that transaction 965 * space required for critical operations can dip into this pool 966 * when at ENOSPC. This is needed for operations like create with 967 * attr, unwritten extent conversion at ENOSPC, etc. Data allocations 968 * are not allowed to use this reserved space. 969 * 970 * This may drive us straight to ENOSPC on mount, but that implies 971 * we were already there on the last unmount. Warn if this occurs. 972 */ 973 if (!(mp->m_flags & XFS_MOUNT_RDONLY)) { 974 resblks = xfs_default_resblks(mp); 975 error = xfs_reserve_blocks(mp, &resblks, NULL); 976 if (error) 977 xfs_warn(mp, 978 "Unable to allocate reserve blocks. Continuing without reserve pool."); 979 980 /* Recover any CoW blocks that never got remapped. */ 981 error = xfs_reflink_recover_cow(mp); 982 if (error) { 983 xfs_err(mp, 984 "Error %d recovering leftover CoW allocations.", error); 985 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 986 goto out_quota; 987 } 988 989 /* Reserve AG blocks for future btree expansion. */ 990 error = xfs_fs_reserve_ag_blocks(mp); 991 if (error && error != -ENOSPC) 992 goto out_agresv; 993 } 994 995 return 0; 996 997 out_agresv: 998 xfs_fs_unreserve_ag_blocks(mp); 999 out_quota: 1000 xfs_qm_unmount_quotas(mp); 1001 out_rtunmount: 1002 xfs_rtunmount_inodes(mp); 1003 out_rele_rip: 1004 xfs_irele(rip); 1005 /* Clean out dquots that might be in memory after quotacheck. */ 1006 xfs_qm_unmount(mp); 1007 /* 1008 * Cancel all delayed reclaim work and reclaim the inodes directly. 1009 * We have to do this /after/ rtunmount and qm_unmount because those 1010 * two will have scheduled delayed reclaim for the rt/quota inodes. 1011 * 1012 * This is slightly different from the unmountfs call sequence 1013 * because we could be tearing down a partially set up mount. In 1014 * particular, if log_mount_finish fails we bail out without calling 1015 * qm_unmount_quotas and therefore rely on qm_unmount to release the 1016 * quota inodes. 1017 */ 1018 cancel_delayed_work_sync(&mp->m_reclaim_work); 1019 xfs_reclaim_inodes(mp); 1020 xfs_health_unmount(mp); 1021 out_log_dealloc: 1022 mp->m_flags |= XFS_MOUNT_UNMOUNTING; 1023 xfs_log_mount_cancel(mp); 1024 out_fail_wait: 1025 if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp) 1026 xfs_wait_buftarg(mp->m_logdev_targp); 1027 xfs_wait_buftarg(mp->m_ddev_targp); 1028 out_free_perag: 1029 xfs_free_perag(mp); 1030 out_free_dir: 1031 xfs_da_unmount(mp); 1032 out_remove_uuid: 1033 xfs_uuid_unmount(mp); 1034 out_remove_errortag: 1035 xfs_errortag_del(mp); 1036 out_remove_error_sysfs: 1037 xfs_error_sysfs_del(mp); 1038 out_del_stats: 1039 xfs_sysfs_del(&mp->m_stats.xs_kobj); 1040 out_remove_sysfs: 1041 xfs_sysfs_del(&mp->m_kobj); 1042 out: 1043 return error; 1044 } 1045 1046 /* 1047 * This flushes out the inodes,dquots and the superblock, unmounts the 1048 * log and makes sure that incore structures are freed. 1049 */ 1050 void 1051 xfs_unmountfs( 1052 struct xfs_mount *mp) 1053 { 1054 uint64_t resblks; 1055 int error; 1056 1057 xfs_stop_block_reaping(mp); 1058 xfs_fs_unreserve_ag_blocks(mp); 1059 xfs_qm_unmount_quotas(mp); 1060 xfs_rtunmount_inodes(mp); 1061 xfs_irele(mp->m_rootip); 1062 1063 /* 1064 * We can potentially deadlock here if we have an inode cluster 1065 * that has been freed has its buffer still pinned in memory because 1066 * the transaction is still sitting in a iclog. The stale inodes 1067 * on that buffer will be pinned to the buffer until the 1068 * transaction hits the disk and the callbacks run. Pushing the AIL will 1069 * skip the stale inodes and may never see the pinned buffer, so 1070 * nothing will push out the iclog and unpin the buffer. Hence we 1071 * need to force the log here to ensure all items are flushed into the 1072 * AIL before we go any further. 1073 */ 1074 xfs_log_force(mp, XFS_LOG_SYNC); 1075 1076 /* 1077 * Wait for all busy extents to be freed, including completion of 1078 * any discard operation. 1079 */ 1080 xfs_extent_busy_wait_all(mp); 1081 flush_workqueue(xfs_discard_wq); 1082 1083 /* 1084 * We now need to tell the world we are unmounting. This will allow 1085 * us to detect that the filesystem is going away and we should error 1086 * out anything that we have been retrying in the background. This will 1087 * prevent neverending retries in AIL pushing from hanging the unmount. 1088 */ 1089 mp->m_flags |= XFS_MOUNT_UNMOUNTING; 1090 1091 /* 1092 * Flush all pending changes from the AIL. 1093 */ 1094 xfs_ail_push_all_sync(mp->m_ail); 1095 1096 /* 1097 * Reclaim all inodes. At this point there should be no dirty inodes and 1098 * none should be pinned or locked. Stop background inode reclaim here 1099 * if it is still running. 1100 */ 1101 cancel_delayed_work_sync(&mp->m_reclaim_work); 1102 xfs_reclaim_inodes(mp); 1103 xfs_health_unmount(mp); 1104 1105 xfs_qm_unmount(mp); 1106 1107 /* 1108 * Unreserve any blocks we have so that when we unmount we don't account 1109 * the reserved free space as used. This is really only necessary for 1110 * lazy superblock counting because it trusts the incore superblock 1111 * counters to be absolutely correct on clean unmount. 1112 * 1113 * We don't bother correcting this elsewhere for lazy superblock 1114 * counting because on mount of an unclean filesystem we reconstruct the 1115 * correct counter value and this is irrelevant. 1116 * 1117 * For non-lazy counter filesystems, this doesn't matter at all because 1118 * we only every apply deltas to the superblock and hence the incore 1119 * value does not matter.... 1120 */ 1121 resblks = 0; 1122 error = xfs_reserve_blocks(mp, &resblks, NULL); 1123 if (error) 1124 xfs_warn(mp, "Unable to free reserved block pool. " 1125 "Freespace may not be correct on next mount."); 1126 1127 error = xfs_log_sbcount(mp); 1128 if (error) 1129 xfs_warn(mp, "Unable to update superblock counters. " 1130 "Freespace may not be correct on next mount."); 1131 1132 1133 xfs_log_unmount(mp); 1134 xfs_da_unmount(mp); 1135 xfs_uuid_unmount(mp); 1136 1137 #if defined(DEBUG) 1138 xfs_errortag_clearall(mp); 1139 #endif 1140 xfs_free_perag(mp); 1141 1142 xfs_errortag_del(mp); 1143 xfs_error_sysfs_del(mp); 1144 xfs_sysfs_del(&mp->m_stats.xs_kobj); 1145 xfs_sysfs_del(&mp->m_kobj); 1146 } 1147 1148 /* 1149 * Determine whether modifications can proceed. The caller specifies the minimum 1150 * freeze level for which modifications should not be allowed. This allows 1151 * certain operations to proceed while the freeze sequence is in progress, if 1152 * necessary. 1153 */ 1154 bool 1155 xfs_fs_writable( 1156 struct xfs_mount *mp, 1157 int level) 1158 { 1159 ASSERT(level > SB_UNFROZEN); 1160 if ((mp->m_super->s_writers.frozen >= level) || 1161 XFS_FORCED_SHUTDOWN(mp) || (mp->m_flags & XFS_MOUNT_RDONLY)) 1162 return false; 1163 1164 return true; 1165 } 1166 1167 /* 1168 * xfs_log_sbcount 1169 * 1170 * Sync the superblock counters to disk. 1171 * 1172 * Note this code can be called during the process of freezing, so we use the 1173 * transaction allocator that does not block when the transaction subsystem is 1174 * in its frozen state. 1175 */ 1176 int 1177 xfs_log_sbcount(xfs_mount_t *mp) 1178 { 1179 /* allow this to proceed during the freeze sequence... */ 1180 if (!xfs_fs_writable(mp, SB_FREEZE_COMPLETE)) 1181 return 0; 1182 1183 /* 1184 * we don't need to do this if we are updating the superblock 1185 * counters on every modification. 1186 */ 1187 if (!xfs_sb_version_haslazysbcount(&mp->m_sb)) 1188 return 0; 1189 1190 return xfs_sync_sb(mp, true); 1191 } 1192 1193 /* 1194 * Deltas for the block count can vary from 1 to very large, but lock contention 1195 * only occurs on frequent small block count updates such as in the delayed 1196 * allocation path for buffered writes (page a time updates). Hence we set 1197 * a large batch count (1024) to minimise global counter updates except when 1198 * we get near to ENOSPC and we have to be very accurate with our updates. 1199 */ 1200 #define XFS_FDBLOCKS_BATCH 1024 1201 int 1202 xfs_mod_fdblocks( 1203 struct xfs_mount *mp, 1204 int64_t delta, 1205 bool rsvd) 1206 { 1207 int64_t lcounter; 1208 long long res_used; 1209 s32 batch; 1210 1211 if (delta > 0) { 1212 /* 1213 * If the reserve pool is depleted, put blocks back into it 1214 * first. Most of the time the pool is full. 1215 */ 1216 if (likely(mp->m_resblks == mp->m_resblks_avail)) { 1217 percpu_counter_add(&mp->m_fdblocks, delta); 1218 return 0; 1219 } 1220 1221 spin_lock(&mp->m_sb_lock); 1222 res_used = (long long)(mp->m_resblks - mp->m_resblks_avail); 1223 1224 if (res_used > delta) { 1225 mp->m_resblks_avail += delta; 1226 } else { 1227 delta -= res_used; 1228 mp->m_resblks_avail = mp->m_resblks; 1229 percpu_counter_add(&mp->m_fdblocks, delta); 1230 } 1231 spin_unlock(&mp->m_sb_lock); 1232 return 0; 1233 } 1234 1235 /* 1236 * Taking blocks away, need to be more accurate the closer we 1237 * are to zero. 1238 * 1239 * If the counter has a value of less than 2 * max batch size, 1240 * then make everything serialise as we are real close to 1241 * ENOSPC. 1242 */ 1243 if (__percpu_counter_compare(&mp->m_fdblocks, 2 * XFS_FDBLOCKS_BATCH, 1244 XFS_FDBLOCKS_BATCH) < 0) 1245 batch = 1; 1246 else 1247 batch = XFS_FDBLOCKS_BATCH; 1248 1249 percpu_counter_add_batch(&mp->m_fdblocks, delta, batch); 1250 if (__percpu_counter_compare(&mp->m_fdblocks, mp->m_alloc_set_aside, 1251 XFS_FDBLOCKS_BATCH) >= 0) { 1252 /* we had space! */ 1253 return 0; 1254 } 1255 1256 /* 1257 * lock up the sb for dipping into reserves before releasing the space 1258 * that took us to ENOSPC. 1259 */ 1260 spin_lock(&mp->m_sb_lock); 1261 percpu_counter_add(&mp->m_fdblocks, -delta); 1262 if (!rsvd) 1263 goto fdblocks_enospc; 1264 1265 lcounter = (long long)mp->m_resblks_avail + delta; 1266 if (lcounter >= 0) { 1267 mp->m_resblks_avail = lcounter; 1268 spin_unlock(&mp->m_sb_lock); 1269 return 0; 1270 } 1271 xfs_warn_once(mp, 1272 "Reserve blocks depleted! Consider increasing reserve pool size."); 1273 1274 fdblocks_enospc: 1275 spin_unlock(&mp->m_sb_lock); 1276 return -ENOSPC; 1277 } 1278 1279 int 1280 xfs_mod_frextents( 1281 struct xfs_mount *mp, 1282 int64_t delta) 1283 { 1284 int64_t lcounter; 1285 int ret = 0; 1286 1287 spin_lock(&mp->m_sb_lock); 1288 lcounter = mp->m_sb.sb_frextents + delta; 1289 if (lcounter < 0) 1290 ret = -ENOSPC; 1291 else 1292 mp->m_sb.sb_frextents = lcounter; 1293 spin_unlock(&mp->m_sb_lock); 1294 return ret; 1295 } 1296 1297 /* 1298 * Used to free the superblock along various error paths. 1299 */ 1300 void 1301 xfs_freesb( 1302 struct xfs_mount *mp) 1303 { 1304 struct xfs_buf *bp = mp->m_sb_bp; 1305 1306 xfs_buf_lock(bp); 1307 mp->m_sb_bp = NULL; 1308 xfs_buf_relse(bp); 1309 } 1310 1311 /* 1312 * If the underlying (data/log/rt) device is readonly, there are some 1313 * operations that cannot proceed. 1314 */ 1315 int 1316 xfs_dev_is_read_only( 1317 struct xfs_mount *mp, 1318 char *message) 1319 { 1320 if (xfs_readonly_buftarg(mp->m_ddev_targp) || 1321 xfs_readonly_buftarg(mp->m_logdev_targp) || 1322 (mp->m_rtdev_targp && xfs_readonly_buftarg(mp->m_rtdev_targp))) { 1323 xfs_notice(mp, "%s required on read-only device.", message); 1324 xfs_notice(mp, "write access unavailable, cannot proceed."); 1325 return -EROFS; 1326 } 1327 return 0; 1328 } 1329 1330 /* Force the summary counters to be recalculated at next mount. */ 1331 void 1332 xfs_force_summary_recalc( 1333 struct xfs_mount *mp) 1334 { 1335 if (!xfs_sb_version_haslazysbcount(&mp->m_sb)) 1336 return; 1337 1338 xfs_fs_mark_sick(mp, XFS_SICK_FS_COUNTERS); 1339 } 1340 1341 /* 1342 * Update the in-core delayed block counter. 1343 * 1344 * We prefer to update the counter without having to take a spinlock for every 1345 * counter update (i.e. batching). Each change to delayed allocation 1346 * reservations can change can easily exceed the default percpu counter 1347 * batching, so we use a larger batch factor here. 1348 * 1349 * Note that we don't currently have any callers requiring fast summation 1350 * (e.g. percpu_counter_read) so we can use a big batch value here. 1351 */ 1352 #define XFS_DELALLOC_BATCH (4096) 1353 void 1354 xfs_mod_delalloc( 1355 struct xfs_mount *mp, 1356 int64_t delta) 1357 { 1358 percpu_counter_add_batch(&mp->m_delalloc_blks, delta, 1359 XFS_DELALLOC_BATCH); 1360 } 1361