1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2016 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_defer.h" 14 #include "xfs_inode.h" 15 #include "xfs_trans.h" 16 #include "xfs_bmap.h" 17 #include "xfs_bmap_util.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_btree.h" 21 #include "xfs_refcount_btree.h" 22 #include "xfs_refcount.h" 23 #include "xfs_bmap_btree.h" 24 #include "xfs_trans_space.h" 25 #include "xfs_bit.h" 26 #include "xfs_alloc.h" 27 #include "xfs_quota.h" 28 #include "xfs_reflink.h" 29 #include "xfs_iomap.h" 30 #include "xfs_ag.h" 31 #include "xfs_ag_resv.h" 32 33 /* 34 * Copy on Write of Shared Blocks 35 * 36 * XFS must preserve "the usual" file semantics even when two files share 37 * the same physical blocks. This means that a write to one file must not 38 * alter the blocks in a different file; the way that we'll do that is 39 * through the use of a copy-on-write mechanism. At a high level, that 40 * means that when we want to write to a shared block, we allocate a new 41 * block, write the data to the new block, and if that succeeds we map the 42 * new block into the file. 43 * 44 * XFS provides a "delayed allocation" mechanism that defers the allocation 45 * of disk blocks to dirty-but-not-yet-mapped file blocks as long as 46 * possible. This reduces fragmentation by enabling the filesystem to ask 47 * for bigger chunks less often, which is exactly what we want for CoW. 48 * 49 * The delalloc mechanism begins when the kernel wants to make a block 50 * writable (write_begin or page_mkwrite). If the offset is not mapped, we 51 * create a delalloc mapping, which is a regular in-core extent, but without 52 * a real startblock. (For delalloc mappings, the startblock encodes both 53 * a flag that this is a delalloc mapping, and a worst-case estimate of how 54 * many blocks might be required to put the mapping into the BMBT.) delalloc 55 * mappings are a reservation against the free space in the filesystem; 56 * adjacent mappings can also be combined into fewer larger mappings. 57 * 58 * As an optimization, the CoW extent size hint (cowextsz) creates 59 * outsized aligned delalloc reservations in the hope of landing out of 60 * order nearby CoW writes in a single extent on disk, thereby reducing 61 * fragmentation and improving future performance. 62 * 63 * D: --RRRRRRSSSRRRRRRRR--- (data fork) 64 * C: ------DDDDDDD--------- (CoW fork) 65 * 66 * When dirty pages are being written out (typically in writepage), the 67 * delalloc reservations are converted into unwritten mappings by 68 * allocating blocks and replacing the delalloc mapping with real ones. 69 * A delalloc mapping can be replaced by several unwritten ones if the 70 * free space is fragmented. 71 * 72 * D: --RRRRRRSSSRRRRRRRR--- 73 * C: ------UUUUUUU--------- 74 * 75 * We want to adapt the delalloc mechanism for copy-on-write, since the 76 * write paths are similar. The first two steps (creating the reservation 77 * and allocating the blocks) are exactly the same as delalloc except that 78 * the mappings must be stored in a separate CoW fork because we do not want 79 * to disturb the mapping in the data fork until we're sure that the write 80 * succeeded. IO completion in this case is the process of removing the old 81 * mapping from the data fork and moving the new mapping from the CoW fork to 82 * the data fork. This will be discussed shortly. 83 * 84 * For now, unaligned directio writes will be bounced back to the page cache. 85 * Block-aligned directio writes will use the same mechanism as buffered 86 * writes. 87 * 88 * Just prior to submitting the actual disk write requests, we convert 89 * the extents representing the range of the file actually being written 90 * (as opposed to extra pieces created for the cowextsize hint) to real 91 * extents. This will become important in the next step: 92 * 93 * D: --RRRRRRSSSRRRRRRRR--- 94 * C: ------UUrrUUU--------- 95 * 96 * CoW remapping must be done after the data block write completes, 97 * because we don't want to destroy the old data fork map until we're sure 98 * the new block has been written. Since the new mappings are kept in a 99 * separate fork, we can simply iterate these mappings to find the ones 100 * that cover the file blocks that we just CoW'd. For each extent, simply 101 * unmap the corresponding range in the data fork, map the new range into 102 * the data fork, and remove the extent from the CoW fork. Because of 103 * the presence of the cowextsize hint, however, we must be careful 104 * only to remap the blocks that we've actually written out -- we must 105 * never remap delalloc reservations nor CoW staging blocks that have 106 * yet to be written. This corresponds exactly to the real extents in 107 * the CoW fork: 108 * 109 * D: --RRRRRRrrSRRRRRRRR--- 110 * C: ------UU--UUU--------- 111 * 112 * Since the remapping operation can be applied to an arbitrary file 113 * range, we record the need for the remap step as a flag in the ioend 114 * instead of declaring a new IO type. This is required for direct io 115 * because we only have ioend for the whole dio, and we have to be able to 116 * remember the presence of unwritten blocks and CoW blocks with a single 117 * ioend structure. Better yet, the more ground we can cover with one 118 * ioend, the better. 119 */ 120 121 /* 122 * Given an AG extent, find the lowest-numbered run of shared blocks 123 * within that range and return the range in fbno/flen. If 124 * find_end_of_shared is true, return the longest contiguous extent of 125 * shared blocks. If there are no shared extents, fbno and flen will 126 * be set to NULLAGBLOCK and 0, respectively. 127 */ 128 static int 129 xfs_reflink_find_shared( 130 struct xfs_perag *pag, 131 struct xfs_trans *tp, 132 xfs_agblock_t agbno, 133 xfs_extlen_t aglen, 134 xfs_agblock_t *fbno, 135 xfs_extlen_t *flen, 136 bool find_end_of_shared) 137 { 138 struct xfs_buf *agbp; 139 struct xfs_btree_cur *cur; 140 int error; 141 142 error = xfs_alloc_read_agf(pag, tp, 0, &agbp); 143 if (error) 144 return error; 145 146 cur = xfs_refcountbt_init_cursor(pag->pag_mount, tp, agbp, pag); 147 148 error = xfs_refcount_find_shared(cur, agbno, aglen, fbno, flen, 149 find_end_of_shared); 150 151 xfs_btree_del_cursor(cur, error); 152 153 xfs_trans_brelse(tp, agbp); 154 return error; 155 } 156 157 /* 158 * Trim the mapping to the next block where there's a change in the 159 * shared/unshared status. More specifically, this means that we 160 * find the lowest-numbered extent of shared blocks that coincides with 161 * the given block mapping. If the shared extent overlaps the start of 162 * the mapping, trim the mapping to the end of the shared extent. If 163 * the shared region intersects the mapping, trim the mapping to the 164 * start of the shared extent. If there are no shared regions that 165 * overlap, just return the original extent. 166 */ 167 int 168 xfs_reflink_trim_around_shared( 169 struct xfs_inode *ip, 170 struct xfs_bmbt_irec *irec, 171 bool *shared) 172 { 173 struct xfs_mount *mp = ip->i_mount; 174 struct xfs_perag *pag; 175 xfs_agblock_t agbno; 176 xfs_extlen_t aglen; 177 xfs_agblock_t fbno; 178 xfs_extlen_t flen; 179 int error = 0; 180 181 /* Holes, unwritten, and delalloc extents cannot be shared */ 182 if (!xfs_is_cow_inode(ip) || !xfs_bmap_is_written_extent(irec)) { 183 *shared = false; 184 return 0; 185 } 186 187 trace_xfs_reflink_trim_around_shared(ip, irec); 188 189 pag = xfs_perag_get(mp, XFS_FSB_TO_AGNO(mp, irec->br_startblock)); 190 agbno = XFS_FSB_TO_AGBNO(mp, irec->br_startblock); 191 aglen = irec->br_blockcount; 192 193 error = xfs_reflink_find_shared(pag, NULL, agbno, aglen, &fbno, &flen, 194 true); 195 xfs_perag_put(pag); 196 if (error) 197 return error; 198 199 *shared = false; 200 if (fbno == NULLAGBLOCK) { 201 /* No shared blocks at all. */ 202 return 0; 203 } else if (fbno == agbno) { 204 /* 205 * The start of this extent is shared. Truncate the 206 * mapping at the end of the shared region so that a 207 * subsequent iteration starts at the start of the 208 * unshared region. 209 */ 210 irec->br_blockcount = flen; 211 *shared = true; 212 return 0; 213 } else { 214 /* 215 * There's a shared extent midway through this extent. 216 * Truncate the mapping at the start of the shared 217 * extent so that a subsequent iteration starts at the 218 * start of the shared region. 219 */ 220 irec->br_blockcount = fbno - agbno; 221 return 0; 222 } 223 } 224 225 int 226 xfs_bmap_trim_cow( 227 struct xfs_inode *ip, 228 struct xfs_bmbt_irec *imap, 229 bool *shared) 230 { 231 /* We can't update any real extents in always COW mode. */ 232 if (xfs_is_always_cow_inode(ip) && 233 !isnullstartblock(imap->br_startblock)) { 234 *shared = true; 235 return 0; 236 } 237 238 /* Trim the mapping to the nearest shared extent boundary. */ 239 return xfs_reflink_trim_around_shared(ip, imap, shared); 240 } 241 242 static int 243 xfs_reflink_convert_cow_locked( 244 struct xfs_inode *ip, 245 xfs_fileoff_t offset_fsb, 246 xfs_filblks_t count_fsb) 247 { 248 struct xfs_iext_cursor icur; 249 struct xfs_bmbt_irec got; 250 struct xfs_btree_cur *dummy_cur = NULL; 251 int dummy_logflags; 252 int error = 0; 253 254 if (!xfs_iext_lookup_extent(ip, ip->i_cowfp, offset_fsb, &icur, &got)) 255 return 0; 256 257 do { 258 if (got.br_startoff >= offset_fsb + count_fsb) 259 break; 260 if (got.br_state == XFS_EXT_NORM) 261 continue; 262 if (WARN_ON_ONCE(isnullstartblock(got.br_startblock))) 263 return -EIO; 264 265 xfs_trim_extent(&got, offset_fsb, count_fsb); 266 if (!got.br_blockcount) 267 continue; 268 269 got.br_state = XFS_EXT_NORM; 270 error = xfs_bmap_add_extent_unwritten_real(NULL, ip, 271 XFS_COW_FORK, &icur, &dummy_cur, &got, 272 &dummy_logflags); 273 if (error) 274 return error; 275 } while (xfs_iext_next_extent(ip->i_cowfp, &icur, &got)); 276 277 return error; 278 } 279 280 /* Convert all of the unwritten CoW extents in a file's range to real ones. */ 281 int 282 xfs_reflink_convert_cow( 283 struct xfs_inode *ip, 284 xfs_off_t offset, 285 xfs_off_t count) 286 { 287 struct xfs_mount *mp = ip->i_mount; 288 xfs_fileoff_t offset_fsb = XFS_B_TO_FSBT(mp, offset); 289 xfs_fileoff_t end_fsb = XFS_B_TO_FSB(mp, offset + count); 290 xfs_filblks_t count_fsb = end_fsb - offset_fsb; 291 int error; 292 293 ASSERT(count != 0); 294 295 xfs_ilock(ip, XFS_ILOCK_EXCL); 296 error = xfs_reflink_convert_cow_locked(ip, offset_fsb, count_fsb); 297 xfs_iunlock(ip, XFS_ILOCK_EXCL); 298 return error; 299 } 300 301 /* 302 * Find the extent that maps the given range in the COW fork. Even if the extent 303 * is not shared we might have a preallocation for it in the COW fork. If so we 304 * use it that rather than trigger a new allocation. 305 */ 306 static int 307 xfs_find_trim_cow_extent( 308 struct xfs_inode *ip, 309 struct xfs_bmbt_irec *imap, 310 struct xfs_bmbt_irec *cmap, 311 bool *shared, 312 bool *found) 313 { 314 xfs_fileoff_t offset_fsb = imap->br_startoff; 315 xfs_filblks_t count_fsb = imap->br_blockcount; 316 struct xfs_iext_cursor icur; 317 318 *found = false; 319 320 /* 321 * If we don't find an overlapping extent, trim the range we need to 322 * allocate to fit the hole we found. 323 */ 324 if (!xfs_iext_lookup_extent(ip, ip->i_cowfp, offset_fsb, &icur, cmap)) 325 cmap->br_startoff = offset_fsb + count_fsb; 326 if (cmap->br_startoff > offset_fsb) { 327 xfs_trim_extent(imap, imap->br_startoff, 328 cmap->br_startoff - imap->br_startoff); 329 return xfs_bmap_trim_cow(ip, imap, shared); 330 } 331 332 *shared = true; 333 if (isnullstartblock(cmap->br_startblock)) { 334 xfs_trim_extent(imap, cmap->br_startoff, cmap->br_blockcount); 335 return 0; 336 } 337 338 /* real extent found - no need to allocate */ 339 xfs_trim_extent(cmap, offset_fsb, count_fsb); 340 *found = true; 341 return 0; 342 } 343 344 /* Allocate all CoW reservations covering a range of blocks in a file. */ 345 int 346 xfs_reflink_allocate_cow( 347 struct xfs_inode *ip, 348 struct xfs_bmbt_irec *imap, 349 struct xfs_bmbt_irec *cmap, 350 bool *shared, 351 uint *lockmode, 352 bool convert_now) 353 { 354 struct xfs_mount *mp = ip->i_mount; 355 xfs_fileoff_t offset_fsb = imap->br_startoff; 356 xfs_filblks_t count_fsb = imap->br_blockcount; 357 struct xfs_trans *tp; 358 int nimaps, error = 0; 359 bool found; 360 xfs_filblks_t resaligned; 361 xfs_extlen_t resblks = 0; 362 363 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 364 if (!ip->i_cowfp) { 365 ASSERT(!xfs_is_reflink_inode(ip)); 366 xfs_ifork_init_cow(ip); 367 } 368 369 error = xfs_find_trim_cow_extent(ip, imap, cmap, shared, &found); 370 if (error || !*shared) 371 return error; 372 if (found) 373 goto convert; 374 375 resaligned = xfs_aligned_fsb_count(imap->br_startoff, 376 imap->br_blockcount, xfs_get_cowextsz_hint(ip)); 377 resblks = XFS_DIOSTRAT_SPACE_RES(mp, resaligned); 378 379 xfs_iunlock(ip, *lockmode); 380 *lockmode = 0; 381 382 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write, resblks, 0, 383 false, &tp); 384 if (error) 385 return error; 386 387 *lockmode = XFS_ILOCK_EXCL; 388 389 /* 390 * Check for an overlapping extent again now that we dropped the ilock. 391 */ 392 error = xfs_find_trim_cow_extent(ip, imap, cmap, shared, &found); 393 if (error || !*shared) 394 goto out_trans_cancel; 395 if (found) { 396 xfs_trans_cancel(tp); 397 goto convert; 398 } 399 400 /* Allocate the entire reservation as unwritten blocks. */ 401 nimaps = 1; 402 error = xfs_bmapi_write(tp, ip, imap->br_startoff, imap->br_blockcount, 403 XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC, 0, cmap, 404 &nimaps); 405 if (error) 406 goto out_trans_cancel; 407 408 xfs_inode_set_cowblocks_tag(ip); 409 error = xfs_trans_commit(tp); 410 if (error) 411 return error; 412 413 /* 414 * Allocation succeeded but the requested range was not even partially 415 * satisfied? Bail out! 416 */ 417 if (nimaps == 0) 418 return -ENOSPC; 419 convert: 420 xfs_trim_extent(cmap, offset_fsb, count_fsb); 421 /* 422 * COW fork extents are supposed to remain unwritten until we're ready 423 * to initiate a disk write. For direct I/O we are going to write the 424 * data and need the conversion, but for buffered writes we're done. 425 */ 426 if (!convert_now || cmap->br_state == XFS_EXT_NORM) 427 return 0; 428 trace_xfs_reflink_convert_cow(ip, cmap); 429 error = xfs_reflink_convert_cow_locked(ip, offset_fsb, count_fsb); 430 if (!error) 431 cmap->br_state = XFS_EXT_NORM; 432 return error; 433 434 out_trans_cancel: 435 xfs_trans_cancel(tp); 436 return error; 437 } 438 439 /* 440 * Cancel CoW reservations for some block range of an inode. 441 * 442 * If cancel_real is true this function cancels all COW fork extents for the 443 * inode; if cancel_real is false, real extents are not cleared. 444 * 445 * Caller must have already joined the inode to the current transaction. The 446 * inode will be joined to the transaction returned to the caller. 447 */ 448 int 449 xfs_reflink_cancel_cow_blocks( 450 struct xfs_inode *ip, 451 struct xfs_trans **tpp, 452 xfs_fileoff_t offset_fsb, 453 xfs_fileoff_t end_fsb, 454 bool cancel_real) 455 { 456 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_COW_FORK); 457 struct xfs_bmbt_irec got, del; 458 struct xfs_iext_cursor icur; 459 int error = 0; 460 461 if (!xfs_inode_has_cow_data(ip)) 462 return 0; 463 if (!xfs_iext_lookup_extent_before(ip, ifp, &end_fsb, &icur, &got)) 464 return 0; 465 466 /* Walk backwards until we're out of the I/O range... */ 467 while (got.br_startoff + got.br_blockcount > offset_fsb) { 468 del = got; 469 xfs_trim_extent(&del, offset_fsb, end_fsb - offset_fsb); 470 471 /* Extent delete may have bumped ext forward */ 472 if (!del.br_blockcount) { 473 xfs_iext_prev(ifp, &icur); 474 goto next_extent; 475 } 476 477 trace_xfs_reflink_cancel_cow(ip, &del); 478 479 if (isnullstartblock(del.br_startblock)) { 480 error = xfs_bmap_del_extent_delay(ip, XFS_COW_FORK, 481 &icur, &got, &del); 482 if (error) 483 break; 484 } else if (del.br_state == XFS_EXT_UNWRITTEN || cancel_real) { 485 ASSERT((*tpp)->t_firstblock == NULLFSBLOCK); 486 487 /* Free the CoW orphan record. */ 488 xfs_refcount_free_cow_extent(*tpp, del.br_startblock, 489 del.br_blockcount); 490 491 xfs_free_extent_later(*tpp, del.br_startblock, 492 del.br_blockcount, NULL); 493 494 /* Roll the transaction */ 495 error = xfs_defer_finish(tpp); 496 if (error) 497 break; 498 499 /* Remove the mapping from the CoW fork. */ 500 xfs_bmap_del_extent_cow(ip, &icur, &got, &del); 501 502 /* Remove the quota reservation */ 503 error = xfs_quota_unreserve_blkres(ip, 504 del.br_blockcount); 505 if (error) 506 break; 507 } else { 508 /* Didn't do anything, push cursor back. */ 509 xfs_iext_prev(ifp, &icur); 510 } 511 next_extent: 512 if (!xfs_iext_get_extent(ifp, &icur, &got)) 513 break; 514 } 515 516 /* clear tag if cow fork is emptied */ 517 if (!ifp->if_bytes) 518 xfs_inode_clear_cowblocks_tag(ip); 519 return error; 520 } 521 522 /* 523 * Cancel CoW reservations for some byte range of an inode. 524 * 525 * If cancel_real is true this function cancels all COW fork extents for the 526 * inode; if cancel_real is false, real extents are not cleared. 527 */ 528 int 529 xfs_reflink_cancel_cow_range( 530 struct xfs_inode *ip, 531 xfs_off_t offset, 532 xfs_off_t count, 533 bool cancel_real) 534 { 535 struct xfs_trans *tp; 536 xfs_fileoff_t offset_fsb; 537 xfs_fileoff_t end_fsb; 538 int error; 539 540 trace_xfs_reflink_cancel_cow_range(ip, offset, count); 541 ASSERT(ip->i_cowfp); 542 543 offset_fsb = XFS_B_TO_FSBT(ip->i_mount, offset); 544 if (count == NULLFILEOFF) 545 end_fsb = NULLFILEOFF; 546 else 547 end_fsb = XFS_B_TO_FSB(ip->i_mount, offset + count); 548 549 /* Start a rolling transaction to remove the mappings */ 550 error = xfs_trans_alloc(ip->i_mount, &M_RES(ip->i_mount)->tr_write, 551 0, 0, 0, &tp); 552 if (error) 553 goto out; 554 555 xfs_ilock(ip, XFS_ILOCK_EXCL); 556 xfs_trans_ijoin(tp, ip, 0); 557 558 /* Scrape out the old CoW reservations */ 559 error = xfs_reflink_cancel_cow_blocks(ip, &tp, offset_fsb, end_fsb, 560 cancel_real); 561 if (error) 562 goto out_cancel; 563 564 error = xfs_trans_commit(tp); 565 566 xfs_iunlock(ip, XFS_ILOCK_EXCL); 567 return error; 568 569 out_cancel: 570 xfs_trans_cancel(tp); 571 xfs_iunlock(ip, XFS_ILOCK_EXCL); 572 out: 573 trace_xfs_reflink_cancel_cow_range_error(ip, error, _RET_IP_); 574 return error; 575 } 576 577 /* 578 * Remap part of the CoW fork into the data fork. 579 * 580 * We aim to remap the range starting at @offset_fsb and ending at @end_fsb 581 * into the data fork; this function will remap what it can (at the end of the 582 * range) and update @end_fsb appropriately. Each remap gets its own 583 * transaction because we can end up merging and splitting bmbt blocks for 584 * every remap operation and we'd like to keep the block reservation 585 * requirements as low as possible. 586 */ 587 STATIC int 588 xfs_reflink_end_cow_extent( 589 struct xfs_inode *ip, 590 xfs_fileoff_t *offset_fsb, 591 xfs_fileoff_t end_fsb) 592 { 593 struct xfs_iext_cursor icur; 594 struct xfs_bmbt_irec got, del, data; 595 struct xfs_mount *mp = ip->i_mount; 596 struct xfs_trans *tp; 597 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_COW_FORK); 598 unsigned int resblks; 599 int nmaps; 600 int error; 601 602 /* No COW extents? That's easy! */ 603 if (ifp->if_bytes == 0) { 604 *offset_fsb = end_fsb; 605 return 0; 606 } 607 608 resblks = XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK); 609 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, resblks, 0, 610 XFS_TRANS_RESERVE, &tp); 611 if (error) 612 return error; 613 614 /* 615 * Lock the inode. We have to ijoin without automatic unlock because 616 * the lead transaction is the refcountbt record deletion; the data 617 * fork update follows as a deferred log item. 618 */ 619 xfs_ilock(ip, XFS_ILOCK_EXCL); 620 xfs_trans_ijoin(tp, ip, 0); 621 622 error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, 623 XFS_IEXT_REFLINK_END_COW_CNT); 624 if (error == -EFBIG) 625 error = xfs_iext_count_upgrade(tp, ip, 626 XFS_IEXT_REFLINK_END_COW_CNT); 627 if (error) 628 goto out_cancel; 629 630 /* 631 * In case of racing, overlapping AIO writes no COW extents might be 632 * left by the time I/O completes for the loser of the race. In that 633 * case we are done. 634 */ 635 if (!xfs_iext_lookup_extent(ip, ifp, *offset_fsb, &icur, &got) || 636 got.br_startoff >= end_fsb) { 637 *offset_fsb = end_fsb; 638 goto out_cancel; 639 } 640 641 /* 642 * Only remap real extents that contain data. With AIO, speculative 643 * preallocations can leak into the range we are called upon, and we 644 * need to skip them. Preserve @got for the eventual CoW fork 645 * deletion; from now on @del represents the mapping that we're 646 * actually remapping. 647 */ 648 while (!xfs_bmap_is_written_extent(&got)) { 649 if (!xfs_iext_next_extent(ifp, &icur, &got) || 650 got.br_startoff >= end_fsb) { 651 *offset_fsb = end_fsb; 652 goto out_cancel; 653 } 654 } 655 del = got; 656 657 /* Grab the corresponding mapping in the data fork. */ 658 nmaps = 1; 659 error = xfs_bmapi_read(ip, del.br_startoff, del.br_blockcount, &data, 660 &nmaps, 0); 661 if (error) 662 goto out_cancel; 663 664 /* We can only remap the smaller of the two extent sizes. */ 665 data.br_blockcount = min(data.br_blockcount, del.br_blockcount); 666 del.br_blockcount = data.br_blockcount; 667 668 trace_xfs_reflink_cow_remap_from(ip, &del); 669 trace_xfs_reflink_cow_remap_to(ip, &data); 670 671 if (xfs_bmap_is_real_extent(&data)) { 672 /* 673 * If the extent we're remapping is backed by storage (written 674 * or not), unmap the extent and drop its refcount. 675 */ 676 xfs_bmap_unmap_extent(tp, ip, &data); 677 xfs_refcount_decrease_extent(tp, &data); 678 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_BCOUNT, 679 -data.br_blockcount); 680 } else if (data.br_startblock == DELAYSTARTBLOCK) { 681 int done; 682 683 /* 684 * If the extent we're remapping is a delalloc reservation, 685 * we can use the regular bunmapi function to release the 686 * incore state. Dropping the delalloc reservation takes care 687 * of the quota reservation for us. 688 */ 689 error = xfs_bunmapi(NULL, ip, data.br_startoff, 690 data.br_blockcount, 0, 1, &done); 691 if (error) 692 goto out_cancel; 693 ASSERT(done); 694 } 695 696 /* Free the CoW orphan record. */ 697 xfs_refcount_free_cow_extent(tp, del.br_startblock, del.br_blockcount); 698 699 /* Map the new blocks into the data fork. */ 700 xfs_bmap_map_extent(tp, ip, &del); 701 702 /* Charge this new data fork mapping to the on-disk quota. */ 703 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_DELBCOUNT, 704 (long)del.br_blockcount); 705 706 /* Remove the mapping from the CoW fork. */ 707 xfs_bmap_del_extent_cow(ip, &icur, &got, &del); 708 709 error = xfs_trans_commit(tp); 710 xfs_iunlock(ip, XFS_ILOCK_EXCL); 711 if (error) 712 return error; 713 714 /* Update the caller about how much progress we made. */ 715 *offset_fsb = del.br_startoff + del.br_blockcount; 716 return 0; 717 718 out_cancel: 719 xfs_trans_cancel(tp); 720 xfs_iunlock(ip, XFS_ILOCK_EXCL); 721 return error; 722 } 723 724 /* 725 * Remap parts of a file's data fork after a successful CoW. 726 */ 727 int 728 xfs_reflink_end_cow( 729 struct xfs_inode *ip, 730 xfs_off_t offset, 731 xfs_off_t count) 732 { 733 xfs_fileoff_t offset_fsb; 734 xfs_fileoff_t end_fsb; 735 int error = 0; 736 737 trace_xfs_reflink_end_cow(ip, offset, count); 738 739 offset_fsb = XFS_B_TO_FSBT(ip->i_mount, offset); 740 end_fsb = XFS_B_TO_FSB(ip->i_mount, offset + count); 741 742 /* 743 * Walk forwards until we've remapped the I/O range. The loop function 744 * repeatedly cycles the ILOCK to allocate one transaction per remapped 745 * extent. 746 * 747 * If we're being called by writeback then the pages will still 748 * have PageWriteback set, which prevents races with reflink remapping 749 * and truncate. Reflink remapping prevents races with writeback by 750 * taking the iolock and mmaplock before flushing the pages and 751 * remapping, which means there won't be any further writeback or page 752 * cache dirtying until the reflink completes. 753 * 754 * We should never have two threads issuing writeback for the same file 755 * region. There are also have post-eof checks in the writeback 756 * preparation code so that we don't bother writing out pages that are 757 * about to be truncated. 758 * 759 * If we're being called as part of directio write completion, the dio 760 * count is still elevated, which reflink and truncate will wait for. 761 * Reflink remapping takes the iolock and mmaplock and waits for 762 * pending dio to finish, which should prevent any directio until the 763 * remap completes. Multiple concurrent directio writes to the same 764 * region are handled by end_cow processing only occurring for the 765 * threads which succeed; the outcome of multiple overlapping direct 766 * writes is not well defined anyway. 767 * 768 * It's possible that a buffered write and a direct write could collide 769 * here (the buffered write stumbles in after the dio flushes and 770 * invalidates the page cache and immediately queues writeback), but we 771 * have never supported this 100%. If either disk write succeeds the 772 * blocks will be remapped. 773 */ 774 while (end_fsb > offset_fsb && !error) 775 error = xfs_reflink_end_cow_extent(ip, &offset_fsb, end_fsb); 776 777 if (error) 778 trace_xfs_reflink_end_cow_error(ip, error, _RET_IP_); 779 return error; 780 } 781 782 /* 783 * Free all CoW staging blocks that are still referenced by the ondisk refcount 784 * metadata. The ondisk metadata does not track which inode created the 785 * staging extent, so callers must ensure that there are no cached inodes with 786 * live CoW staging extents. 787 */ 788 int 789 xfs_reflink_recover_cow( 790 struct xfs_mount *mp) 791 { 792 struct xfs_perag *pag; 793 xfs_agnumber_t agno; 794 int error = 0; 795 796 if (!xfs_has_reflink(mp)) 797 return 0; 798 799 for_each_perag(mp, agno, pag) { 800 error = xfs_refcount_recover_cow_leftovers(mp, pag); 801 if (error) { 802 xfs_perag_put(pag); 803 break; 804 } 805 } 806 807 return error; 808 } 809 810 /* 811 * Reflinking (Block) Ranges of Two Files Together 812 * 813 * First, ensure that the reflink flag is set on both inodes. The flag is an 814 * optimization to avoid unnecessary refcount btree lookups in the write path. 815 * 816 * Now we can iteratively remap the range of extents (and holes) in src to the 817 * corresponding ranges in dest. Let drange and srange denote the ranges of 818 * logical blocks in dest and src touched by the reflink operation. 819 * 820 * While the length of drange is greater than zero, 821 * - Read src's bmbt at the start of srange ("imap") 822 * - If imap doesn't exist, make imap appear to start at the end of srange 823 * with zero length. 824 * - If imap starts before srange, advance imap to start at srange. 825 * - If imap goes beyond srange, truncate imap to end at the end of srange. 826 * - Punch (imap start - srange start + imap len) blocks from dest at 827 * offset (drange start). 828 * - If imap points to a real range of pblks, 829 * > Increase the refcount of the imap's pblks 830 * > Map imap's pblks into dest at the offset 831 * (drange start + imap start - srange start) 832 * - Advance drange and srange by (imap start - srange start + imap len) 833 * 834 * Finally, if the reflink made dest longer, update both the in-core and 835 * on-disk file sizes. 836 * 837 * ASCII Art Demonstration: 838 * 839 * Let's say we want to reflink this source file: 840 * 841 * ----SSSSSSS-SSSSS----SSSSSS (src file) 842 * <--------------------> 843 * 844 * into this destination file: 845 * 846 * --DDDDDDDDDDDDDDDDDDD--DDD (dest file) 847 * <--------------------> 848 * '-' means a hole, and 'S' and 'D' are written blocks in the src and dest. 849 * Observe that the range has different logical offsets in either file. 850 * 851 * Consider that the first extent in the source file doesn't line up with our 852 * reflink range. Unmapping and remapping are separate operations, so we can 853 * unmap more blocks from the destination file than we remap. 854 * 855 * ----SSSSSSS-SSSSS----SSSSSS 856 * <-------> 857 * --DDDDD---------DDDDD--DDD 858 * <-------> 859 * 860 * Now remap the source extent into the destination file: 861 * 862 * ----SSSSSSS-SSSSS----SSSSSS 863 * <-------> 864 * --DDDDD--SSSSSSSDDDDD--DDD 865 * <-------> 866 * 867 * Do likewise with the second hole and extent in our range. Holes in the 868 * unmap range don't affect our operation. 869 * 870 * ----SSSSSSS-SSSSS----SSSSSS 871 * <----> 872 * --DDDDD--SSSSSSS-SSSSS-DDD 873 * <----> 874 * 875 * Finally, unmap and remap part of the third extent. This will increase the 876 * size of the destination file. 877 * 878 * ----SSSSSSS-SSSSS----SSSSSS 879 * <-----> 880 * --DDDDD--SSSSSSS-SSSSS----SSS 881 * <-----> 882 * 883 * Once we update the destination file's i_size, we're done. 884 */ 885 886 /* 887 * Ensure the reflink bit is set in both inodes. 888 */ 889 STATIC int 890 xfs_reflink_set_inode_flag( 891 struct xfs_inode *src, 892 struct xfs_inode *dest) 893 { 894 struct xfs_mount *mp = src->i_mount; 895 int error; 896 struct xfs_trans *tp; 897 898 if (xfs_is_reflink_inode(src) && xfs_is_reflink_inode(dest)) 899 return 0; 900 901 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 902 if (error) 903 goto out_error; 904 905 /* Lock both files against IO */ 906 if (src->i_ino == dest->i_ino) 907 xfs_ilock(src, XFS_ILOCK_EXCL); 908 else 909 xfs_lock_two_inodes(src, XFS_ILOCK_EXCL, dest, XFS_ILOCK_EXCL); 910 911 if (!xfs_is_reflink_inode(src)) { 912 trace_xfs_reflink_set_inode_flag(src); 913 xfs_trans_ijoin(tp, src, XFS_ILOCK_EXCL); 914 src->i_diflags2 |= XFS_DIFLAG2_REFLINK; 915 xfs_trans_log_inode(tp, src, XFS_ILOG_CORE); 916 xfs_ifork_init_cow(src); 917 } else 918 xfs_iunlock(src, XFS_ILOCK_EXCL); 919 920 if (src->i_ino == dest->i_ino) 921 goto commit_flags; 922 923 if (!xfs_is_reflink_inode(dest)) { 924 trace_xfs_reflink_set_inode_flag(dest); 925 xfs_trans_ijoin(tp, dest, XFS_ILOCK_EXCL); 926 dest->i_diflags2 |= XFS_DIFLAG2_REFLINK; 927 xfs_trans_log_inode(tp, dest, XFS_ILOG_CORE); 928 xfs_ifork_init_cow(dest); 929 } else 930 xfs_iunlock(dest, XFS_ILOCK_EXCL); 931 932 commit_flags: 933 error = xfs_trans_commit(tp); 934 if (error) 935 goto out_error; 936 return error; 937 938 out_error: 939 trace_xfs_reflink_set_inode_flag_error(dest, error, _RET_IP_); 940 return error; 941 } 942 943 /* 944 * Update destination inode size & cowextsize hint, if necessary. 945 */ 946 int 947 xfs_reflink_update_dest( 948 struct xfs_inode *dest, 949 xfs_off_t newlen, 950 xfs_extlen_t cowextsize, 951 unsigned int remap_flags) 952 { 953 struct xfs_mount *mp = dest->i_mount; 954 struct xfs_trans *tp; 955 int error; 956 957 if (newlen <= i_size_read(VFS_I(dest)) && cowextsize == 0) 958 return 0; 959 960 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 961 if (error) 962 goto out_error; 963 964 xfs_ilock(dest, XFS_ILOCK_EXCL); 965 xfs_trans_ijoin(tp, dest, XFS_ILOCK_EXCL); 966 967 if (newlen > i_size_read(VFS_I(dest))) { 968 trace_xfs_reflink_update_inode_size(dest, newlen); 969 i_size_write(VFS_I(dest), newlen); 970 dest->i_disk_size = newlen; 971 } 972 973 if (cowextsize) { 974 dest->i_cowextsize = cowextsize; 975 dest->i_diflags2 |= XFS_DIFLAG2_COWEXTSIZE; 976 } 977 978 xfs_trans_log_inode(tp, dest, XFS_ILOG_CORE); 979 980 error = xfs_trans_commit(tp); 981 if (error) 982 goto out_error; 983 return error; 984 985 out_error: 986 trace_xfs_reflink_update_inode_size_error(dest, error, _RET_IP_); 987 return error; 988 } 989 990 /* 991 * Do we have enough reserve in this AG to handle a reflink? The refcount 992 * btree already reserved all the space it needs, but the rmap btree can grow 993 * infinitely, so we won't allow more reflinks when the AG is down to the 994 * btree reserves. 995 */ 996 static int 997 xfs_reflink_ag_has_free_space( 998 struct xfs_mount *mp, 999 xfs_agnumber_t agno) 1000 { 1001 struct xfs_perag *pag; 1002 int error = 0; 1003 1004 if (!xfs_has_rmapbt(mp)) 1005 return 0; 1006 1007 pag = xfs_perag_get(mp, agno); 1008 if (xfs_ag_resv_critical(pag, XFS_AG_RESV_RMAPBT) || 1009 xfs_ag_resv_critical(pag, XFS_AG_RESV_METADATA)) 1010 error = -ENOSPC; 1011 xfs_perag_put(pag); 1012 return error; 1013 } 1014 1015 /* 1016 * Remap the given extent into the file. The dmap blockcount will be set to 1017 * the number of blocks that were actually remapped. 1018 */ 1019 STATIC int 1020 xfs_reflink_remap_extent( 1021 struct xfs_inode *ip, 1022 struct xfs_bmbt_irec *dmap, 1023 xfs_off_t new_isize) 1024 { 1025 struct xfs_bmbt_irec smap; 1026 struct xfs_mount *mp = ip->i_mount; 1027 struct xfs_trans *tp; 1028 xfs_off_t newlen; 1029 int64_t qdelta = 0; 1030 unsigned int resblks; 1031 bool quota_reserved = true; 1032 bool smap_real; 1033 bool dmap_written = xfs_bmap_is_written_extent(dmap); 1034 int iext_delta = 0; 1035 int nimaps; 1036 int error; 1037 1038 /* 1039 * Start a rolling transaction to switch the mappings. 1040 * 1041 * Adding a written extent to the extent map can cause a bmbt split, 1042 * and removing a mapped extent from the extent can cause a bmbt split. 1043 * The two operations cannot both cause a split since they operate on 1044 * the same index in the bmap btree, so we only need a reservation for 1045 * one bmbt split if either thing is happening. However, we haven't 1046 * locked the inode yet, so we reserve assuming this is the case. 1047 * 1048 * The first allocation call tries to reserve enough space to handle 1049 * mapping dmap into a sparse part of the file plus the bmbt split. We 1050 * haven't locked the inode or read the existing mapping yet, so we do 1051 * not know for sure that we need the space. This should succeed most 1052 * of the time. 1053 * 1054 * If the first attempt fails, try again but reserving only enough 1055 * space to handle a bmbt split. This is the hard minimum requirement, 1056 * and we revisit quota reservations later when we know more about what 1057 * we're remapping. 1058 */ 1059 resblks = XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK); 1060 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write, 1061 resblks + dmap->br_blockcount, 0, false, &tp); 1062 if (error == -EDQUOT || error == -ENOSPC) { 1063 quota_reserved = false; 1064 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write, 1065 resblks, 0, false, &tp); 1066 } 1067 if (error) 1068 goto out; 1069 1070 /* 1071 * Read what's currently mapped in the destination file into smap. 1072 * If smap isn't a hole, we will have to remove it before we can add 1073 * dmap to the destination file. 1074 */ 1075 nimaps = 1; 1076 error = xfs_bmapi_read(ip, dmap->br_startoff, dmap->br_blockcount, 1077 &smap, &nimaps, 0); 1078 if (error) 1079 goto out_cancel; 1080 ASSERT(nimaps == 1 && smap.br_startoff == dmap->br_startoff); 1081 smap_real = xfs_bmap_is_real_extent(&smap); 1082 1083 /* 1084 * We can only remap as many blocks as the smaller of the two extent 1085 * maps, because we can only remap one extent at a time. 1086 */ 1087 dmap->br_blockcount = min(dmap->br_blockcount, smap.br_blockcount); 1088 ASSERT(dmap->br_blockcount == smap.br_blockcount); 1089 1090 trace_xfs_reflink_remap_extent_dest(ip, &smap); 1091 1092 /* 1093 * Two extents mapped to the same physical block must not have 1094 * different states; that's filesystem corruption. Move on to the next 1095 * extent if they're both holes or both the same physical extent. 1096 */ 1097 if (dmap->br_startblock == smap.br_startblock) { 1098 if (dmap->br_state != smap.br_state) 1099 error = -EFSCORRUPTED; 1100 goto out_cancel; 1101 } 1102 1103 /* If both extents are unwritten, leave them alone. */ 1104 if (dmap->br_state == XFS_EXT_UNWRITTEN && 1105 smap.br_state == XFS_EXT_UNWRITTEN) 1106 goto out_cancel; 1107 1108 /* No reflinking if the AG of the dest mapping is low on space. */ 1109 if (dmap_written) { 1110 error = xfs_reflink_ag_has_free_space(mp, 1111 XFS_FSB_TO_AGNO(mp, dmap->br_startblock)); 1112 if (error) 1113 goto out_cancel; 1114 } 1115 1116 /* 1117 * Increase quota reservation if we think the quota block counter for 1118 * this file could increase. 1119 * 1120 * If we are mapping a written extent into the file, we need to have 1121 * enough quota block count reservation to handle the blocks in that 1122 * extent. We log only the delta to the quota block counts, so if the 1123 * extent we're unmapping also has blocks allocated to it, we don't 1124 * need a quota reservation for the extent itself. 1125 * 1126 * Note that if we're replacing a delalloc reservation with a written 1127 * extent, we have to take the full quota reservation because removing 1128 * the delalloc reservation gives the block count back to the quota 1129 * count. This is suboptimal, but the VFS flushed the dest range 1130 * before we started. That should have removed all the delalloc 1131 * reservations, but we code defensively. 1132 * 1133 * xfs_trans_alloc_inode above already tried to grab an even larger 1134 * quota reservation, and kicked off a blockgc scan if it couldn't. 1135 * If we can't get a potentially smaller quota reservation now, we're 1136 * done. 1137 */ 1138 if (!quota_reserved && !smap_real && dmap_written) { 1139 error = xfs_trans_reserve_quota_nblks(tp, ip, 1140 dmap->br_blockcount, 0, false); 1141 if (error) 1142 goto out_cancel; 1143 } 1144 1145 if (smap_real) 1146 ++iext_delta; 1147 1148 if (dmap_written) 1149 ++iext_delta; 1150 1151 error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, iext_delta); 1152 if (error == -EFBIG) 1153 error = xfs_iext_count_upgrade(tp, ip, iext_delta); 1154 if (error) 1155 goto out_cancel; 1156 1157 if (smap_real) { 1158 /* 1159 * If the extent we're unmapping is backed by storage (written 1160 * or not), unmap the extent and drop its refcount. 1161 */ 1162 xfs_bmap_unmap_extent(tp, ip, &smap); 1163 xfs_refcount_decrease_extent(tp, &smap); 1164 qdelta -= smap.br_blockcount; 1165 } else if (smap.br_startblock == DELAYSTARTBLOCK) { 1166 int done; 1167 1168 /* 1169 * If the extent we're unmapping is a delalloc reservation, 1170 * we can use the regular bunmapi function to release the 1171 * incore state. Dropping the delalloc reservation takes care 1172 * of the quota reservation for us. 1173 */ 1174 error = xfs_bunmapi(NULL, ip, smap.br_startoff, 1175 smap.br_blockcount, 0, 1, &done); 1176 if (error) 1177 goto out_cancel; 1178 ASSERT(done); 1179 } 1180 1181 /* 1182 * If the extent we're sharing is backed by written storage, increase 1183 * its refcount and map it into the file. 1184 */ 1185 if (dmap_written) { 1186 xfs_refcount_increase_extent(tp, dmap); 1187 xfs_bmap_map_extent(tp, ip, dmap); 1188 qdelta += dmap->br_blockcount; 1189 } 1190 1191 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_BCOUNT, qdelta); 1192 1193 /* Update dest isize if needed. */ 1194 newlen = XFS_FSB_TO_B(mp, dmap->br_startoff + dmap->br_blockcount); 1195 newlen = min_t(xfs_off_t, newlen, new_isize); 1196 if (newlen > i_size_read(VFS_I(ip))) { 1197 trace_xfs_reflink_update_inode_size(ip, newlen); 1198 i_size_write(VFS_I(ip), newlen); 1199 ip->i_disk_size = newlen; 1200 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1201 } 1202 1203 /* Commit everything and unlock. */ 1204 error = xfs_trans_commit(tp); 1205 goto out_unlock; 1206 1207 out_cancel: 1208 xfs_trans_cancel(tp); 1209 out_unlock: 1210 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1211 out: 1212 if (error) 1213 trace_xfs_reflink_remap_extent_error(ip, error, _RET_IP_); 1214 return error; 1215 } 1216 1217 /* Remap a range of one file to the other. */ 1218 int 1219 xfs_reflink_remap_blocks( 1220 struct xfs_inode *src, 1221 loff_t pos_in, 1222 struct xfs_inode *dest, 1223 loff_t pos_out, 1224 loff_t remap_len, 1225 loff_t *remapped) 1226 { 1227 struct xfs_bmbt_irec imap; 1228 struct xfs_mount *mp = src->i_mount; 1229 xfs_fileoff_t srcoff = XFS_B_TO_FSBT(mp, pos_in); 1230 xfs_fileoff_t destoff = XFS_B_TO_FSBT(mp, pos_out); 1231 xfs_filblks_t len; 1232 xfs_filblks_t remapped_len = 0; 1233 xfs_off_t new_isize = pos_out + remap_len; 1234 int nimaps; 1235 int error = 0; 1236 1237 len = min_t(xfs_filblks_t, XFS_B_TO_FSB(mp, remap_len), 1238 XFS_MAX_FILEOFF); 1239 1240 trace_xfs_reflink_remap_blocks(src, srcoff, len, dest, destoff); 1241 1242 while (len > 0) { 1243 unsigned int lock_mode; 1244 1245 /* Read extent from the source file */ 1246 nimaps = 1; 1247 lock_mode = xfs_ilock_data_map_shared(src); 1248 error = xfs_bmapi_read(src, srcoff, len, &imap, &nimaps, 0); 1249 xfs_iunlock(src, lock_mode); 1250 if (error) 1251 break; 1252 /* 1253 * The caller supposedly flushed all dirty pages in the source 1254 * file range, which means that writeback should have allocated 1255 * or deleted all delalloc reservations in that range. If we 1256 * find one, that's a good sign that something is seriously 1257 * wrong here. 1258 */ 1259 ASSERT(nimaps == 1 && imap.br_startoff == srcoff); 1260 if (imap.br_startblock == DELAYSTARTBLOCK) { 1261 ASSERT(imap.br_startblock != DELAYSTARTBLOCK); 1262 error = -EFSCORRUPTED; 1263 break; 1264 } 1265 1266 trace_xfs_reflink_remap_extent_src(src, &imap); 1267 1268 /* Remap into the destination file at the given offset. */ 1269 imap.br_startoff = destoff; 1270 error = xfs_reflink_remap_extent(dest, &imap, new_isize); 1271 if (error) 1272 break; 1273 1274 if (fatal_signal_pending(current)) { 1275 error = -EINTR; 1276 break; 1277 } 1278 1279 /* Advance drange/srange */ 1280 srcoff += imap.br_blockcount; 1281 destoff += imap.br_blockcount; 1282 len -= imap.br_blockcount; 1283 remapped_len += imap.br_blockcount; 1284 } 1285 1286 if (error) 1287 trace_xfs_reflink_remap_blocks_error(dest, error, _RET_IP_); 1288 *remapped = min_t(loff_t, remap_len, 1289 XFS_FSB_TO_B(src->i_mount, remapped_len)); 1290 return error; 1291 } 1292 1293 /* 1294 * If we're reflinking to a point past the destination file's EOF, we must 1295 * zero any speculative post-EOF preallocations that sit between the old EOF 1296 * and the destination file offset. 1297 */ 1298 static int 1299 xfs_reflink_zero_posteof( 1300 struct xfs_inode *ip, 1301 loff_t pos) 1302 { 1303 loff_t isize = i_size_read(VFS_I(ip)); 1304 1305 if (pos <= isize) 1306 return 0; 1307 1308 trace_xfs_zero_eof(ip, isize, pos - isize); 1309 return xfs_zero_range(ip, isize, pos - isize, NULL); 1310 } 1311 1312 /* 1313 * Prepare two files for range cloning. Upon a successful return both inodes 1314 * will have the iolock and mmaplock held, the page cache of the out file will 1315 * be truncated, and any leases on the out file will have been broken. This 1316 * function borrows heavily from xfs_file_aio_write_checks. 1317 * 1318 * The VFS allows partial EOF blocks to "match" for dedupe even though it hasn't 1319 * checked that the bytes beyond EOF physically match. Hence we cannot use the 1320 * EOF block in the source dedupe range because it's not a complete block match, 1321 * hence can introduce a corruption into the file that has it's block replaced. 1322 * 1323 * In similar fashion, the VFS file cloning also allows partial EOF blocks to be 1324 * "block aligned" for the purposes of cloning entire files. However, if the 1325 * source file range includes the EOF block and it lands within the existing EOF 1326 * of the destination file, then we can expose stale data from beyond the source 1327 * file EOF in the destination file. 1328 * 1329 * XFS doesn't support partial block sharing, so in both cases we have check 1330 * these cases ourselves. For dedupe, we can simply round the length to dedupe 1331 * down to the previous whole block and ignore the partial EOF block. While this 1332 * means we can't dedupe the last block of a file, this is an acceptible 1333 * tradeoff for simplicity on implementation. 1334 * 1335 * For cloning, we want to share the partial EOF block if it is also the new EOF 1336 * block of the destination file. If the partial EOF block lies inside the 1337 * existing destination EOF, then we have to abort the clone to avoid exposing 1338 * stale data in the destination file. Hence we reject these clone attempts with 1339 * -EINVAL in this case. 1340 */ 1341 int 1342 xfs_reflink_remap_prep( 1343 struct file *file_in, 1344 loff_t pos_in, 1345 struct file *file_out, 1346 loff_t pos_out, 1347 loff_t *len, 1348 unsigned int remap_flags) 1349 { 1350 struct inode *inode_in = file_inode(file_in); 1351 struct xfs_inode *src = XFS_I(inode_in); 1352 struct inode *inode_out = file_inode(file_out); 1353 struct xfs_inode *dest = XFS_I(inode_out); 1354 int ret; 1355 1356 /* Lock both files against IO */ 1357 ret = xfs_ilock2_io_mmap(src, dest); 1358 if (ret) 1359 return ret; 1360 1361 /* Check file eligibility and prepare for block sharing. */ 1362 ret = -EINVAL; 1363 /* Don't reflink realtime inodes */ 1364 if (XFS_IS_REALTIME_INODE(src) || XFS_IS_REALTIME_INODE(dest)) 1365 goto out_unlock; 1366 1367 /* Don't share DAX file data with non-DAX file. */ 1368 if (IS_DAX(inode_in) != IS_DAX(inode_out)) 1369 goto out_unlock; 1370 1371 if (!IS_DAX(inode_in)) 1372 ret = generic_remap_file_range_prep(file_in, pos_in, file_out, 1373 pos_out, len, remap_flags); 1374 else 1375 ret = dax_remap_file_range_prep(file_in, pos_in, file_out, 1376 pos_out, len, remap_flags, &xfs_read_iomap_ops); 1377 if (ret || *len == 0) 1378 goto out_unlock; 1379 1380 /* Attach dquots to dest inode before changing block map */ 1381 ret = xfs_qm_dqattach(dest); 1382 if (ret) 1383 goto out_unlock; 1384 1385 /* 1386 * Zero existing post-eof speculative preallocations in the destination 1387 * file. 1388 */ 1389 ret = xfs_reflink_zero_posteof(dest, pos_out); 1390 if (ret) 1391 goto out_unlock; 1392 1393 /* Set flags and remap blocks. */ 1394 ret = xfs_reflink_set_inode_flag(src, dest); 1395 if (ret) 1396 goto out_unlock; 1397 1398 /* 1399 * If pos_out > EOF, we may have dirtied blocks between EOF and 1400 * pos_out. In that case, we need to extend the flush and unmap to cover 1401 * from EOF to the end of the copy length. 1402 */ 1403 if (pos_out > XFS_ISIZE(dest)) { 1404 loff_t flen = *len + (pos_out - XFS_ISIZE(dest)); 1405 ret = xfs_flush_unmap_range(dest, XFS_ISIZE(dest), flen); 1406 } else { 1407 ret = xfs_flush_unmap_range(dest, pos_out, *len); 1408 } 1409 if (ret) 1410 goto out_unlock; 1411 1412 return 0; 1413 out_unlock: 1414 xfs_iunlock2_io_mmap(src, dest); 1415 return ret; 1416 } 1417 1418 /* Does this inode need the reflink flag? */ 1419 int 1420 xfs_reflink_inode_has_shared_extents( 1421 struct xfs_trans *tp, 1422 struct xfs_inode *ip, 1423 bool *has_shared) 1424 { 1425 struct xfs_bmbt_irec got; 1426 struct xfs_mount *mp = ip->i_mount; 1427 struct xfs_ifork *ifp; 1428 struct xfs_iext_cursor icur; 1429 bool found; 1430 int error; 1431 1432 ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK); 1433 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK); 1434 if (error) 1435 return error; 1436 1437 *has_shared = false; 1438 found = xfs_iext_lookup_extent(ip, ifp, 0, &icur, &got); 1439 while (found) { 1440 struct xfs_perag *pag; 1441 xfs_agblock_t agbno; 1442 xfs_extlen_t aglen; 1443 xfs_agblock_t rbno; 1444 xfs_extlen_t rlen; 1445 1446 if (isnullstartblock(got.br_startblock) || 1447 got.br_state != XFS_EXT_NORM) 1448 goto next; 1449 1450 pag = xfs_perag_get(mp, XFS_FSB_TO_AGNO(mp, got.br_startblock)); 1451 agbno = XFS_FSB_TO_AGBNO(mp, got.br_startblock); 1452 aglen = got.br_blockcount; 1453 error = xfs_reflink_find_shared(pag, tp, agbno, aglen, 1454 &rbno, &rlen, false); 1455 xfs_perag_put(pag); 1456 if (error) 1457 return error; 1458 1459 /* Is there still a shared block here? */ 1460 if (rbno != NULLAGBLOCK) { 1461 *has_shared = true; 1462 return 0; 1463 } 1464 next: 1465 found = xfs_iext_next_extent(ifp, &icur, &got); 1466 } 1467 1468 return 0; 1469 } 1470 1471 /* 1472 * Clear the inode reflink flag if there are no shared extents. 1473 * 1474 * The caller is responsible for joining the inode to the transaction passed in. 1475 * The inode will be joined to the transaction that is returned to the caller. 1476 */ 1477 int 1478 xfs_reflink_clear_inode_flag( 1479 struct xfs_inode *ip, 1480 struct xfs_trans **tpp) 1481 { 1482 bool needs_flag; 1483 int error = 0; 1484 1485 ASSERT(xfs_is_reflink_inode(ip)); 1486 1487 error = xfs_reflink_inode_has_shared_extents(*tpp, ip, &needs_flag); 1488 if (error || needs_flag) 1489 return error; 1490 1491 /* 1492 * We didn't find any shared blocks so turn off the reflink flag. 1493 * First, get rid of any leftover CoW mappings. 1494 */ 1495 error = xfs_reflink_cancel_cow_blocks(ip, tpp, 0, XFS_MAX_FILEOFF, 1496 true); 1497 if (error) 1498 return error; 1499 1500 /* Clear the inode flag. */ 1501 trace_xfs_reflink_unset_inode_flag(ip); 1502 ip->i_diflags2 &= ~XFS_DIFLAG2_REFLINK; 1503 xfs_inode_clear_cowblocks_tag(ip); 1504 xfs_trans_log_inode(*tpp, ip, XFS_ILOG_CORE); 1505 1506 return error; 1507 } 1508 1509 /* 1510 * Clear the inode reflink flag if there are no shared extents and the size 1511 * hasn't changed. 1512 */ 1513 STATIC int 1514 xfs_reflink_try_clear_inode_flag( 1515 struct xfs_inode *ip) 1516 { 1517 struct xfs_mount *mp = ip->i_mount; 1518 struct xfs_trans *tp; 1519 int error = 0; 1520 1521 /* Start a rolling transaction to remove the mappings */ 1522 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, 0, 0, 0, &tp); 1523 if (error) 1524 return error; 1525 1526 xfs_ilock(ip, XFS_ILOCK_EXCL); 1527 xfs_trans_ijoin(tp, ip, 0); 1528 1529 error = xfs_reflink_clear_inode_flag(ip, &tp); 1530 if (error) 1531 goto cancel; 1532 1533 error = xfs_trans_commit(tp); 1534 if (error) 1535 goto out; 1536 1537 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1538 return 0; 1539 cancel: 1540 xfs_trans_cancel(tp); 1541 out: 1542 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1543 return error; 1544 } 1545 1546 /* 1547 * Pre-COW all shared blocks within a given byte range of a file and turn off 1548 * the reflink flag if we unshare all of the file's blocks. 1549 */ 1550 int 1551 xfs_reflink_unshare( 1552 struct xfs_inode *ip, 1553 xfs_off_t offset, 1554 xfs_off_t len) 1555 { 1556 struct inode *inode = VFS_I(ip); 1557 int error; 1558 1559 if (!xfs_is_reflink_inode(ip)) 1560 return 0; 1561 1562 trace_xfs_reflink_unshare(ip, offset, len); 1563 1564 inode_dio_wait(inode); 1565 1566 error = iomap_file_unshare(inode, offset, len, 1567 &xfs_buffered_write_iomap_ops); 1568 if (error) 1569 goto out; 1570 1571 error = filemap_write_and_wait_range(inode->i_mapping, offset, 1572 offset + len - 1); 1573 if (error) 1574 goto out; 1575 1576 /* Turn off the reflink flag if possible. */ 1577 error = xfs_reflink_try_clear_inode_flag(ip); 1578 if (error) 1579 goto out; 1580 return 0; 1581 1582 out: 1583 trace_xfs_reflink_unshare_error(ip, error, _RET_IP_); 1584 return error; 1585 } 1586