1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * SPDX-License-Identifier: GPL-2.0+ 7 * 8 * Authors: Adrian Hunter 9 * Artem Bityutskiy (Битюцкий Артём) 10 */ 11 12 /* 13 * This file contains journal replay code. It runs when the file-system is being 14 * mounted and requires no locking. 15 * 16 * The larger is the journal, the longer it takes to scan it, so the longer it 17 * takes to mount UBIFS. This is why the journal has limited size which may be 18 * changed depending on the system requirements. But a larger journal gives 19 * faster I/O speed because it writes the index less frequently. So this is a 20 * trade-off. Also, the journal is indexed by the in-memory index (TNC), so the 21 * larger is the journal, the more memory its index may consume. 22 */ 23 24 #define __UBOOT__ 25 #ifdef __UBOOT__ 26 #include <linux/compat.h> 27 #include <linux/err.h> 28 #endif 29 #include "ubifs.h" 30 #include <linux/list_sort.h> 31 32 /** 33 * struct replay_entry - replay list entry. 34 * @lnum: logical eraseblock number of the node 35 * @offs: node offset 36 * @len: node length 37 * @deletion: non-zero if this entry corresponds to a node deletion 38 * @sqnum: node sequence number 39 * @list: links the replay list 40 * @key: node key 41 * @nm: directory entry name 42 * @old_size: truncation old size 43 * @new_size: truncation new size 44 * 45 * The replay process first scans all buds and builds the replay list, then 46 * sorts the replay list in nodes sequence number order, and then inserts all 47 * the replay entries to the TNC. 48 */ 49 struct replay_entry { 50 int lnum; 51 int offs; 52 int len; 53 unsigned int deletion:1; 54 unsigned long long sqnum; 55 struct list_head list; 56 union ubifs_key key; 57 union { 58 struct qstr nm; 59 struct { 60 loff_t old_size; 61 loff_t new_size; 62 }; 63 }; 64 }; 65 66 /** 67 * struct bud_entry - entry in the list of buds to replay. 68 * @list: next bud in the list 69 * @bud: bud description object 70 * @sqnum: reference node sequence number 71 * @free: free bytes in the bud 72 * @dirty: dirty bytes in the bud 73 */ 74 struct bud_entry { 75 struct list_head list; 76 struct ubifs_bud *bud; 77 unsigned long long sqnum; 78 int free; 79 int dirty; 80 }; 81 82 #ifndef __UBOOT__ 83 /** 84 * set_bud_lprops - set free and dirty space used by a bud. 85 * @c: UBIFS file-system description object 86 * @b: bud entry which describes the bud 87 * 88 * This function makes sure the LEB properties of bud @b are set correctly 89 * after the replay. Returns zero in case of success and a negative error code 90 * in case of failure. 91 */ 92 static int set_bud_lprops(struct ubifs_info *c, struct bud_entry *b) 93 { 94 const struct ubifs_lprops *lp; 95 int err = 0, dirty; 96 97 ubifs_get_lprops(c); 98 99 lp = ubifs_lpt_lookup_dirty(c, b->bud->lnum); 100 if (IS_ERR(lp)) { 101 err = PTR_ERR(lp); 102 goto out; 103 } 104 105 dirty = lp->dirty; 106 if (b->bud->start == 0 && (lp->free != c->leb_size || lp->dirty != 0)) { 107 /* 108 * The LEB was added to the journal with a starting offset of 109 * zero which means the LEB must have been empty. The LEB 110 * property values should be @lp->free == @c->leb_size and 111 * @lp->dirty == 0, but that is not the case. The reason is that 112 * the LEB had been garbage collected before it became the bud, 113 * and there was not commit inbetween. The garbage collector 114 * resets the free and dirty space without recording it 115 * anywhere except lprops, so if there was no commit then 116 * lprops does not have that information. 117 * 118 * We do not need to adjust free space because the scan has told 119 * us the exact value which is recorded in the replay entry as 120 * @b->free. 121 * 122 * However we do need to subtract from the dirty space the 123 * amount of space that the garbage collector reclaimed, which 124 * is the whole LEB minus the amount of space that was free. 125 */ 126 dbg_mnt("bud LEB %d was GC'd (%d free, %d dirty)", b->bud->lnum, 127 lp->free, lp->dirty); 128 dbg_gc("bud LEB %d was GC'd (%d free, %d dirty)", b->bud->lnum, 129 lp->free, lp->dirty); 130 dirty -= c->leb_size - lp->free; 131 /* 132 * If the replay order was perfect the dirty space would now be 133 * zero. The order is not perfect because the journal heads 134 * race with each other. This is not a problem but is does mean 135 * that the dirty space may temporarily exceed c->leb_size 136 * during the replay. 137 */ 138 if (dirty != 0) 139 dbg_mnt("LEB %d lp: %d free %d dirty replay: %d free %d dirty", 140 b->bud->lnum, lp->free, lp->dirty, b->free, 141 b->dirty); 142 } 143 lp = ubifs_change_lp(c, lp, b->free, dirty + b->dirty, 144 lp->flags | LPROPS_TAKEN, 0); 145 if (IS_ERR(lp)) { 146 err = PTR_ERR(lp); 147 goto out; 148 } 149 150 /* Make sure the journal head points to the latest bud */ 151 err = ubifs_wbuf_seek_nolock(&c->jheads[b->bud->jhead].wbuf, 152 b->bud->lnum, c->leb_size - b->free); 153 154 out: 155 ubifs_release_lprops(c); 156 return err; 157 } 158 159 /** 160 * set_buds_lprops - set free and dirty space for all replayed buds. 161 * @c: UBIFS file-system description object 162 * 163 * This function sets LEB properties for all replayed buds. Returns zero in 164 * case of success and a negative error code in case of failure. 165 */ 166 static int set_buds_lprops(struct ubifs_info *c) 167 { 168 struct bud_entry *b; 169 int err; 170 171 list_for_each_entry(b, &c->replay_buds, list) { 172 err = set_bud_lprops(c, b); 173 if (err) 174 return err; 175 } 176 177 return 0; 178 } 179 180 /** 181 * trun_remove_range - apply a replay entry for a truncation to the TNC. 182 * @c: UBIFS file-system description object 183 * @r: replay entry of truncation 184 */ 185 static int trun_remove_range(struct ubifs_info *c, struct replay_entry *r) 186 { 187 unsigned min_blk, max_blk; 188 union ubifs_key min_key, max_key; 189 ino_t ino; 190 191 min_blk = r->new_size / UBIFS_BLOCK_SIZE; 192 if (r->new_size & (UBIFS_BLOCK_SIZE - 1)) 193 min_blk += 1; 194 195 max_blk = r->old_size / UBIFS_BLOCK_SIZE; 196 if ((r->old_size & (UBIFS_BLOCK_SIZE - 1)) == 0) 197 max_blk -= 1; 198 199 ino = key_inum(c, &r->key); 200 201 data_key_init(c, &min_key, ino, min_blk); 202 data_key_init(c, &max_key, ino, max_blk); 203 204 return ubifs_tnc_remove_range(c, &min_key, &max_key); 205 } 206 207 /** 208 * apply_replay_entry - apply a replay entry to the TNC. 209 * @c: UBIFS file-system description object 210 * @r: replay entry to apply 211 * 212 * Apply a replay entry to the TNC. 213 */ 214 static int apply_replay_entry(struct ubifs_info *c, struct replay_entry *r) 215 { 216 int err; 217 218 dbg_mntk(&r->key, "LEB %d:%d len %d deletion %d sqnum %llu key ", 219 r->lnum, r->offs, r->len, r->deletion, r->sqnum); 220 221 /* Set c->replay_sqnum to help deal with dangling branches. */ 222 c->replay_sqnum = r->sqnum; 223 224 if (is_hash_key(c, &r->key)) { 225 if (r->deletion) 226 err = ubifs_tnc_remove_nm(c, &r->key, &r->nm); 227 else 228 err = ubifs_tnc_add_nm(c, &r->key, r->lnum, r->offs, 229 r->len, &r->nm); 230 } else { 231 if (r->deletion) 232 switch (key_type(c, &r->key)) { 233 case UBIFS_INO_KEY: 234 { 235 ino_t inum = key_inum(c, &r->key); 236 237 err = ubifs_tnc_remove_ino(c, inum); 238 break; 239 } 240 case UBIFS_TRUN_KEY: 241 err = trun_remove_range(c, r); 242 break; 243 default: 244 err = ubifs_tnc_remove(c, &r->key); 245 break; 246 } 247 else 248 err = ubifs_tnc_add(c, &r->key, r->lnum, r->offs, 249 r->len); 250 if (err) 251 return err; 252 253 if (c->need_recovery) 254 err = ubifs_recover_size_accum(c, &r->key, r->deletion, 255 r->new_size); 256 } 257 258 return err; 259 } 260 261 /** 262 * replay_entries_cmp - compare 2 replay entries. 263 * @priv: UBIFS file-system description object 264 * @a: first replay entry 265 * @a: second replay entry 266 * 267 * This is a comparios function for 'list_sort()' which compares 2 replay 268 * entries @a and @b by comparing their sequence numer. Returns %1 if @a has 269 * greater sequence number and %-1 otherwise. 270 */ 271 static int replay_entries_cmp(void *priv, struct list_head *a, 272 struct list_head *b) 273 { 274 struct replay_entry *ra, *rb; 275 276 cond_resched(); 277 if (a == b) 278 return 0; 279 280 ra = list_entry(a, struct replay_entry, list); 281 rb = list_entry(b, struct replay_entry, list); 282 ubifs_assert(ra->sqnum != rb->sqnum); 283 if (ra->sqnum > rb->sqnum) 284 return 1; 285 return -1; 286 } 287 288 /** 289 * apply_replay_list - apply the replay list to the TNC. 290 * @c: UBIFS file-system description object 291 * 292 * Apply all entries in the replay list to the TNC. Returns zero in case of 293 * success and a negative error code in case of failure. 294 */ 295 static int apply_replay_list(struct ubifs_info *c) 296 { 297 struct replay_entry *r; 298 int err; 299 300 list_sort(c, &c->replay_list, &replay_entries_cmp); 301 302 list_for_each_entry(r, &c->replay_list, list) { 303 cond_resched(); 304 305 err = apply_replay_entry(c, r); 306 if (err) 307 return err; 308 } 309 310 return 0; 311 } 312 313 /** 314 * destroy_replay_list - destroy the replay. 315 * @c: UBIFS file-system description object 316 * 317 * Destroy the replay list. 318 */ 319 static void destroy_replay_list(struct ubifs_info *c) 320 { 321 struct replay_entry *r, *tmp; 322 323 list_for_each_entry_safe(r, tmp, &c->replay_list, list) { 324 if (is_hash_key(c, &r->key)) 325 kfree(r->nm.name); 326 list_del(&r->list); 327 kfree(r); 328 } 329 } 330 331 /** 332 * insert_node - insert a node to the replay list 333 * @c: UBIFS file-system description object 334 * @lnum: node logical eraseblock number 335 * @offs: node offset 336 * @len: node length 337 * @key: node key 338 * @sqnum: sequence number 339 * @deletion: non-zero if this is a deletion 340 * @used: number of bytes in use in a LEB 341 * @old_size: truncation old size 342 * @new_size: truncation new size 343 * 344 * This function inserts a scanned non-direntry node to the replay list. The 345 * replay list contains @struct replay_entry elements, and we sort this list in 346 * sequence number order before applying it. The replay list is applied at the 347 * very end of the replay process. Since the list is sorted in sequence number 348 * order, the older modifications are applied first. This function returns zero 349 * in case of success and a negative error code in case of failure. 350 */ 351 static int insert_node(struct ubifs_info *c, int lnum, int offs, int len, 352 union ubifs_key *key, unsigned long long sqnum, 353 int deletion, int *used, loff_t old_size, 354 loff_t new_size) 355 { 356 struct replay_entry *r; 357 358 dbg_mntk(key, "add LEB %d:%d, key ", lnum, offs); 359 360 if (key_inum(c, key) >= c->highest_inum) 361 c->highest_inum = key_inum(c, key); 362 363 r = kzalloc(sizeof(struct replay_entry), GFP_KERNEL); 364 if (!r) 365 return -ENOMEM; 366 367 if (!deletion) 368 *used += ALIGN(len, 8); 369 r->lnum = lnum; 370 r->offs = offs; 371 r->len = len; 372 r->deletion = !!deletion; 373 r->sqnum = sqnum; 374 key_copy(c, key, &r->key); 375 r->old_size = old_size; 376 r->new_size = new_size; 377 378 list_add_tail(&r->list, &c->replay_list); 379 return 0; 380 } 381 382 /** 383 * insert_dent - insert a directory entry node into the replay list. 384 * @c: UBIFS file-system description object 385 * @lnum: node logical eraseblock number 386 * @offs: node offset 387 * @len: node length 388 * @key: node key 389 * @name: directory entry name 390 * @nlen: directory entry name length 391 * @sqnum: sequence number 392 * @deletion: non-zero if this is a deletion 393 * @used: number of bytes in use in a LEB 394 * 395 * This function inserts a scanned directory entry node or an extended 396 * attribute entry to the replay list. Returns zero in case of success and a 397 * negative error code in case of failure. 398 */ 399 static int insert_dent(struct ubifs_info *c, int lnum, int offs, int len, 400 union ubifs_key *key, const char *name, int nlen, 401 unsigned long long sqnum, int deletion, int *used) 402 { 403 struct replay_entry *r; 404 char *nbuf; 405 406 dbg_mntk(key, "add LEB %d:%d, key ", lnum, offs); 407 if (key_inum(c, key) >= c->highest_inum) 408 c->highest_inum = key_inum(c, key); 409 410 r = kzalloc(sizeof(struct replay_entry), GFP_KERNEL); 411 if (!r) 412 return -ENOMEM; 413 414 nbuf = kmalloc(nlen + 1, GFP_KERNEL); 415 if (!nbuf) { 416 kfree(r); 417 return -ENOMEM; 418 } 419 420 if (!deletion) 421 *used += ALIGN(len, 8); 422 r->lnum = lnum; 423 r->offs = offs; 424 r->len = len; 425 r->deletion = !!deletion; 426 r->sqnum = sqnum; 427 key_copy(c, key, &r->key); 428 r->nm.len = nlen; 429 memcpy(nbuf, name, nlen); 430 nbuf[nlen] = '\0'; 431 r->nm.name = nbuf; 432 433 list_add_tail(&r->list, &c->replay_list); 434 return 0; 435 } 436 #endif 437 438 /** 439 * ubifs_validate_entry - validate directory or extended attribute entry node. 440 * @c: UBIFS file-system description object 441 * @dent: the node to validate 442 * 443 * This function validates directory or extended attribute entry node @dent. 444 * Returns zero if the node is all right and a %-EINVAL if not. 445 */ 446 int ubifs_validate_entry(struct ubifs_info *c, 447 const struct ubifs_dent_node *dent) 448 { 449 int key_type = key_type_flash(c, dent->key); 450 int nlen = le16_to_cpu(dent->nlen); 451 452 if (le32_to_cpu(dent->ch.len) != nlen + UBIFS_DENT_NODE_SZ + 1 || 453 dent->type >= UBIFS_ITYPES_CNT || 454 nlen > UBIFS_MAX_NLEN || dent->name[nlen] != 0 || 455 strnlen(dent->name, nlen) != nlen || 456 le64_to_cpu(dent->inum) > MAX_INUM) { 457 ubifs_err("bad %s node", key_type == UBIFS_DENT_KEY ? 458 "directory entry" : "extended attribute entry"); 459 return -EINVAL; 460 } 461 462 if (key_type != UBIFS_DENT_KEY && key_type != UBIFS_XENT_KEY) { 463 ubifs_err("bad key type %d", key_type); 464 return -EINVAL; 465 } 466 467 return 0; 468 } 469 470 #ifndef __UBOOT__ 471 /** 472 * is_last_bud - check if the bud is the last in the journal head. 473 * @c: UBIFS file-system description object 474 * @bud: bud description object 475 * 476 * This function checks if bud @bud is the last bud in its journal head. This 477 * information is then used by 'replay_bud()' to decide whether the bud can 478 * have corruptions or not. Indeed, only last buds can be corrupted by power 479 * cuts. Returns %1 if this is the last bud, and %0 if not. 480 */ 481 static int is_last_bud(struct ubifs_info *c, struct ubifs_bud *bud) 482 { 483 struct ubifs_jhead *jh = &c->jheads[bud->jhead]; 484 struct ubifs_bud *next; 485 uint32_t data; 486 int err; 487 488 if (list_is_last(&bud->list, &jh->buds_list)) 489 return 1; 490 491 /* 492 * The following is a quirk to make sure we work correctly with UBIFS 493 * images used with older UBIFS. 494 * 495 * Normally, the last bud will be the last in the journal head's list 496 * of bud. However, there is one exception if the UBIFS image belongs 497 * to older UBIFS. This is fairly unlikely: one would need to use old 498 * UBIFS, then have a power cut exactly at the right point, and then 499 * try to mount this image with new UBIFS. 500 * 501 * The exception is: it is possible to have 2 buds A and B, A goes 502 * before B, and B is the last, bud B is contains no data, and bud A is 503 * corrupted at the end. The reason is that in older versions when the 504 * journal code switched the next bud (from A to B), it first added a 505 * log reference node for the new bud (B), and only after this it 506 * synchronized the write-buffer of current bud (A). But later this was 507 * changed and UBIFS started to always synchronize the write-buffer of 508 * the bud (A) before writing the log reference for the new bud (B). 509 * 510 * But because older UBIFS always synchronized A's write-buffer before 511 * writing to B, we can recognize this exceptional situation but 512 * checking the contents of bud B - if it is empty, then A can be 513 * treated as the last and we can recover it. 514 * 515 * TODO: remove this piece of code in a couple of years (today it is 516 * 16.05.2011). 517 */ 518 next = list_entry(bud->list.next, struct ubifs_bud, list); 519 if (!list_is_last(&next->list, &jh->buds_list)) 520 return 0; 521 522 err = ubifs_leb_read(c, next->lnum, (char *)&data, next->start, 4, 1); 523 if (err) 524 return 0; 525 526 return data == 0xFFFFFFFF; 527 } 528 529 /** 530 * replay_bud - replay a bud logical eraseblock. 531 * @c: UBIFS file-system description object 532 * @b: bud entry which describes the bud 533 * 534 * This function replays bud @bud, recovers it if needed, and adds all nodes 535 * from this bud to the replay list. Returns zero in case of success and a 536 * negative error code in case of failure. 537 */ 538 static int replay_bud(struct ubifs_info *c, struct bud_entry *b) 539 { 540 int is_last = is_last_bud(c, b->bud); 541 int err = 0, used = 0, lnum = b->bud->lnum, offs = b->bud->start; 542 struct ubifs_scan_leb *sleb; 543 struct ubifs_scan_node *snod; 544 545 dbg_mnt("replay bud LEB %d, head %d, offs %d, is_last %d", 546 lnum, b->bud->jhead, offs, is_last); 547 548 if (c->need_recovery && is_last) 549 /* 550 * Recover only last LEBs in the journal heads, because power 551 * cuts may cause corruptions only in these LEBs, because only 552 * these LEBs could possibly be written to at the power cut 553 * time. 554 */ 555 sleb = ubifs_recover_leb(c, lnum, offs, c->sbuf, b->bud->jhead); 556 else 557 sleb = ubifs_scan(c, lnum, offs, c->sbuf, 0); 558 if (IS_ERR(sleb)) 559 return PTR_ERR(sleb); 560 561 /* 562 * The bud does not have to start from offset zero - the beginning of 563 * the 'lnum' LEB may contain previously committed data. One of the 564 * things we have to do in replay is to correctly update lprops with 565 * newer information about this LEB. 566 * 567 * At this point lprops thinks that this LEB has 'c->leb_size - offs' 568 * bytes of free space because it only contain information about 569 * committed data. 570 * 571 * But we know that real amount of free space is 'c->leb_size - 572 * sleb->endpt', and the space in the 'lnum' LEB between 'offs' and 573 * 'sleb->endpt' is used by bud data. We have to correctly calculate 574 * how much of these data are dirty and update lprops with this 575 * information. 576 * 577 * The dirt in that LEB region is comprised of padding nodes, deletion 578 * nodes, truncation nodes and nodes which are obsoleted by subsequent 579 * nodes in this LEB. So instead of calculating clean space, we 580 * calculate used space ('used' variable). 581 */ 582 583 list_for_each_entry(snod, &sleb->nodes, list) { 584 int deletion = 0; 585 586 cond_resched(); 587 588 if (snod->sqnum >= SQNUM_WATERMARK) { 589 ubifs_err("file system's life ended"); 590 goto out_dump; 591 } 592 593 if (snod->sqnum > c->max_sqnum) 594 c->max_sqnum = snod->sqnum; 595 596 switch (snod->type) { 597 case UBIFS_INO_NODE: 598 { 599 struct ubifs_ino_node *ino = snod->node; 600 loff_t new_size = le64_to_cpu(ino->size); 601 602 if (le32_to_cpu(ino->nlink) == 0) 603 deletion = 1; 604 err = insert_node(c, lnum, snod->offs, snod->len, 605 &snod->key, snod->sqnum, deletion, 606 &used, 0, new_size); 607 break; 608 } 609 case UBIFS_DATA_NODE: 610 { 611 struct ubifs_data_node *dn = snod->node; 612 loff_t new_size = le32_to_cpu(dn->size) + 613 key_block(c, &snod->key) * 614 UBIFS_BLOCK_SIZE; 615 616 err = insert_node(c, lnum, snod->offs, snod->len, 617 &snod->key, snod->sqnum, deletion, 618 &used, 0, new_size); 619 break; 620 } 621 case UBIFS_DENT_NODE: 622 case UBIFS_XENT_NODE: 623 { 624 struct ubifs_dent_node *dent = snod->node; 625 626 err = ubifs_validate_entry(c, dent); 627 if (err) 628 goto out_dump; 629 630 err = insert_dent(c, lnum, snod->offs, snod->len, 631 &snod->key, dent->name, 632 le16_to_cpu(dent->nlen), snod->sqnum, 633 !le64_to_cpu(dent->inum), &used); 634 break; 635 } 636 case UBIFS_TRUN_NODE: 637 { 638 struct ubifs_trun_node *trun = snod->node; 639 loff_t old_size = le64_to_cpu(trun->old_size); 640 loff_t new_size = le64_to_cpu(trun->new_size); 641 union ubifs_key key; 642 643 /* Validate truncation node */ 644 if (old_size < 0 || old_size > c->max_inode_sz || 645 new_size < 0 || new_size > c->max_inode_sz || 646 old_size <= new_size) { 647 ubifs_err("bad truncation node"); 648 goto out_dump; 649 } 650 651 /* 652 * Create a fake truncation key just to use the same 653 * functions which expect nodes to have keys. 654 */ 655 trun_key_init(c, &key, le32_to_cpu(trun->inum)); 656 err = insert_node(c, lnum, snod->offs, snod->len, 657 &key, snod->sqnum, 1, &used, 658 old_size, new_size); 659 break; 660 } 661 default: 662 ubifs_err("unexpected node type %d in bud LEB %d:%d", 663 snod->type, lnum, snod->offs); 664 err = -EINVAL; 665 goto out_dump; 666 } 667 if (err) 668 goto out; 669 } 670 671 ubifs_assert(ubifs_search_bud(c, lnum)); 672 ubifs_assert(sleb->endpt - offs >= used); 673 ubifs_assert(sleb->endpt % c->min_io_size == 0); 674 675 b->dirty = sleb->endpt - offs - used; 676 b->free = c->leb_size - sleb->endpt; 677 dbg_mnt("bud LEB %d replied: dirty %d, free %d", 678 lnum, b->dirty, b->free); 679 680 out: 681 ubifs_scan_destroy(sleb); 682 return err; 683 684 out_dump: 685 ubifs_err("bad node is at LEB %d:%d", lnum, snod->offs); 686 ubifs_dump_node(c, snod->node); 687 ubifs_scan_destroy(sleb); 688 return -EINVAL; 689 } 690 691 /** 692 * replay_buds - replay all buds. 693 * @c: UBIFS file-system description object 694 * 695 * This function returns zero in case of success and a negative error code in 696 * case of failure. 697 */ 698 static int replay_buds(struct ubifs_info *c) 699 { 700 struct bud_entry *b; 701 int err; 702 unsigned long long prev_sqnum = 0; 703 704 list_for_each_entry(b, &c->replay_buds, list) { 705 err = replay_bud(c, b); 706 if (err) 707 return err; 708 709 ubifs_assert(b->sqnum > prev_sqnum); 710 prev_sqnum = b->sqnum; 711 } 712 713 return 0; 714 } 715 716 /** 717 * destroy_bud_list - destroy the list of buds to replay. 718 * @c: UBIFS file-system description object 719 */ 720 static void destroy_bud_list(struct ubifs_info *c) 721 { 722 struct bud_entry *b; 723 724 while (!list_empty(&c->replay_buds)) { 725 b = list_entry(c->replay_buds.next, struct bud_entry, list); 726 list_del(&b->list); 727 kfree(b); 728 } 729 } 730 731 /** 732 * add_replay_bud - add a bud to the list of buds to replay. 733 * @c: UBIFS file-system description object 734 * @lnum: bud logical eraseblock number to replay 735 * @offs: bud start offset 736 * @jhead: journal head to which this bud belongs 737 * @sqnum: reference node sequence number 738 * 739 * This function returns zero in case of success and a negative error code in 740 * case of failure. 741 */ 742 static int add_replay_bud(struct ubifs_info *c, int lnum, int offs, int jhead, 743 unsigned long long sqnum) 744 { 745 struct ubifs_bud *bud; 746 struct bud_entry *b; 747 748 dbg_mnt("add replay bud LEB %d:%d, head %d", lnum, offs, jhead); 749 750 bud = kmalloc(sizeof(struct ubifs_bud), GFP_KERNEL); 751 if (!bud) 752 return -ENOMEM; 753 754 b = kmalloc(sizeof(struct bud_entry), GFP_KERNEL); 755 if (!b) { 756 kfree(bud); 757 return -ENOMEM; 758 } 759 760 bud->lnum = lnum; 761 bud->start = offs; 762 bud->jhead = jhead; 763 ubifs_add_bud(c, bud); 764 765 b->bud = bud; 766 b->sqnum = sqnum; 767 list_add_tail(&b->list, &c->replay_buds); 768 769 return 0; 770 } 771 772 /** 773 * validate_ref - validate a reference node. 774 * @c: UBIFS file-system description object 775 * @ref: the reference node to validate 776 * @ref_lnum: LEB number of the reference node 777 * @ref_offs: reference node offset 778 * 779 * This function returns %1 if a bud reference already exists for the LEB. %0 is 780 * returned if the reference node is new, otherwise %-EINVAL is returned if 781 * validation failed. 782 */ 783 static int validate_ref(struct ubifs_info *c, const struct ubifs_ref_node *ref) 784 { 785 struct ubifs_bud *bud; 786 int lnum = le32_to_cpu(ref->lnum); 787 unsigned int offs = le32_to_cpu(ref->offs); 788 unsigned int jhead = le32_to_cpu(ref->jhead); 789 790 /* 791 * ref->offs may point to the end of LEB when the journal head points 792 * to the end of LEB and we write reference node for it during commit. 793 * So this is why we require 'offs > c->leb_size'. 794 */ 795 if (jhead >= c->jhead_cnt || lnum >= c->leb_cnt || 796 lnum < c->main_first || offs > c->leb_size || 797 offs & (c->min_io_size - 1)) 798 return -EINVAL; 799 800 /* Make sure we have not already looked at this bud */ 801 bud = ubifs_search_bud(c, lnum); 802 if (bud) { 803 if (bud->jhead == jhead && bud->start <= offs) 804 return 1; 805 ubifs_err("bud at LEB %d:%d was already referred", lnum, offs); 806 return -EINVAL; 807 } 808 809 return 0; 810 } 811 812 /** 813 * replay_log_leb - replay a log logical eraseblock. 814 * @c: UBIFS file-system description object 815 * @lnum: log logical eraseblock to replay 816 * @offs: offset to start replaying from 817 * @sbuf: scan buffer 818 * 819 * This function replays a log LEB and returns zero in case of success, %1 if 820 * this is the last LEB in the log, and a negative error code in case of 821 * failure. 822 */ 823 static int replay_log_leb(struct ubifs_info *c, int lnum, int offs, void *sbuf) 824 { 825 int err; 826 struct ubifs_scan_leb *sleb; 827 struct ubifs_scan_node *snod; 828 const struct ubifs_cs_node *node; 829 830 dbg_mnt("replay log LEB %d:%d", lnum, offs); 831 sleb = ubifs_scan(c, lnum, offs, sbuf, c->need_recovery); 832 if (IS_ERR(sleb)) { 833 if (PTR_ERR(sleb) != -EUCLEAN || !c->need_recovery) 834 return PTR_ERR(sleb); 835 /* 836 * Note, the below function will recover this log LEB only if 837 * it is the last, because unclean reboots can possibly corrupt 838 * only the tail of the log. 839 */ 840 sleb = ubifs_recover_log_leb(c, lnum, offs, sbuf); 841 if (IS_ERR(sleb)) 842 return PTR_ERR(sleb); 843 } 844 845 if (sleb->nodes_cnt == 0) { 846 err = 1; 847 goto out; 848 } 849 850 node = sleb->buf; 851 snod = list_entry(sleb->nodes.next, struct ubifs_scan_node, list); 852 if (c->cs_sqnum == 0) { 853 /* 854 * This is the first log LEB we are looking at, make sure that 855 * the first node is a commit start node. Also record its 856 * sequence number so that UBIFS can determine where the log 857 * ends, because all nodes which were have higher sequence 858 * numbers. 859 */ 860 if (snod->type != UBIFS_CS_NODE) { 861 ubifs_err("first log node at LEB %d:%d is not CS node", 862 lnum, offs); 863 goto out_dump; 864 } 865 if (le64_to_cpu(node->cmt_no) != c->cmt_no) { 866 ubifs_err("first CS node at LEB %d:%d has wrong commit number %llu expected %llu", 867 lnum, offs, 868 (unsigned long long)le64_to_cpu(node->cmt_no), 869 c->cmt_no); 870 goto out_dump; 871 } 872 873 c->cs_sqnum = le64_to_cpu(node->ch.sqnum); 874 dbg_mnt("commit start sqnum %llu", c->cs_sqnum); 875 } 876 877 if (snod->sqnum < c->cs_sqnum) { 878 /* 879 * This means that we reached end of log and now 880 * look to the older log data, which was already 881 * committed but the eraseblock was not erased (UBIFS 882 * only un-maps it). So this basically means we have to 883 * exit with "end of log" code. 884 */ 885 err = 1; 886 goto out; 887 } 888 889 /* Make sure the first node sits at offset zero of the LEB */ 890 if (snod->offs != 0) { 891 ubifs_err("first node is not at zero offset"); 892 goto out_dump; 893 } 894 895 list_for_each_entry(snod, &sleb->nodes, list) { 896 cond_resched(); 897 898 if (snod->sqnum >= SQNUM_WATERMARK) { 899 ubifs_err("file system's life ended"); 900 goto out_dump; 901 } 902 903 if (snod->sqnum < c->cs_sqnum) { 904 ubifs_err("bad sqnum %llu, commit sqnum %llu", 905 snod->sqnum, c->cs_sqnum); 906 goto out_dump; 907 } 908 909 if (snod->sqnum > c->max_sqnum) 910 c->max_sqnum = snod->sqnum; 911 912 switch (snod->type) { 913 case UBIFS_REF_NODE: { 914 const struct ubifs_ref_node *ref = snod->node; 915 916 err = validate_ref(c, ref); 917 if (err == 1) 918 break; /* Already have this bud */ 919 if (err) 920 goto out_dump; 921 922 err = add_replay_bud(c, le32_to_cpu(ref->lnum), 923 le32_to_cpu(ref->offs), 924 le32_to_cpu(ref->jhead), 925 snod->sqnum); 926 if (err) 927 goto out; 928 929 break; 930 } 931 case UBIFS_CS_NODE: 932 /* Make sure it sits at the beginning of LEB */ 933 if (snod->offs != 0) { 934 ubifs_err("unexpected node in log"); 935 goto out_dump; 936 } 937 break; 938 default: 939 ubifs_err("unexpected node in log"); 940 goto out_dump; 941 } 942 } 943 944 if (sleb->endpt || c->lhead_offs >= c->leb_size) { 945 c->lhead_lnum = lnum; 946 c->lhead_offs = sleb->endpt; 947 } 948 949 err = !sleb->endpt; 950 out: 951 ubifs_scan_destroy(sleb); 952 return err; 953 954 out_dump: 955 ubifs_err("log error detected while replaying the log at LEB %d:%d", 956 lnum, offs + snod->offs); 957 ubifs_dump_node(c, snod->node); 958 ubifs_scan_destroy(sleb); 959 return -EINVAL; 960 } 961 962 /** 963 * take_ihead - update the status of the index head in lprops to 'taken'. 964 * @c: UBIFS file-system description object 965 * 966 * This function returns the amount of free space in the index head LEB or a 967 * negative error code. 968 */ 969 static int take_ihead(struct ubifs_info *c) 970 { 971 const struct ubifs_lprops *lp; 972 int err, free; 973 974 ubifs_get_lprops(c); 975 976 lp = ubifs_lpt_lookup_dirty(c, c->ihead_lnum); 977 if (IS_ERR(lp)) { 978 err = PTR_ERR(lp); 979 goto out; 980 } 981 982 free = lp->free; 983 984 lp = ubifs_change_lp(c, lp, LPROPS_NC, LPROPS_NC, 985 lp->flags | LPROPS_TAKEN, 0); 986 if (IS_ERR(lp)) { 987 err = PTR_ERR(lp); 988 goto out; 989 } 990 991 err = free; 992 out: 993 ubifs_release_lprops(c); 994 return err; 995 } 996 997 /** 998 * ubifs_replay_journal - replay journal. 999 * @c: UBIFS file-system description object 1000 * 1001 * This function scans the journal, replays and cleans it up. It makes sure all 1002 * memory data structures related to uncommitted journal are built (dirty TNC 1003 * tree, tree of buds, modified lprops, etc). 1004 */ 1005 int ubifs_replay_journal(struct ubifs_info *c) 1006 { 1007 int err, lnum, free; 1008 1009 BUILD_BUG_ON(UBIFS_TRUN_KEY > 5); 1010 1011 /* Update the status of the index head in lprops to 'taken' */ 1012 free = take_ihead(c); 1013 if (free < 0) 1014 return free; /* Error code */ 1015 1016 if (c->ihead_offs != c->leb_size - free) { 1017 ubifs_err("bad index head LEB %d:%d", c->ihead_lnum, 1018 c->ihead_offs); 1019 return -EINVAL; 1020 } 1021 1022 dbg_mnt("start replaying the journal"); 1023 c->replaying = 1; 1024 lnum = c->ltail_lnum = c->lhead_lnum; 1025 1026 do { 1027 err = replay_log_leb(c, lnum, 0, c->sbuf); 1028 if (err == 1) 1029 /* We hit the end of the log */ 1030 break; 1031 if (err) 1032 goto out; 1033 lnum = ubifs_next_log_lnum(c, lnum); 1034 } while (lnum != c->ltail_lnum); 1035 1036 err = replay_buds(c); 1037 if (err) 1038 goto out; 1039 1040 err = apply_replay_list(c); 1041 if (err) 1042 goto out; 1043 1044 err = set_buds_lprops(c); 1045 if (err) 1046 goto out; 1047 1048 /* 1049 * UBIFS budgeting calculations use @c->bi.uncommitted_idx variable 1050 * to roughly estimate index growth. Things like @c->bi.min_idx_lebs 1051 * depend on it. This means we have to initialize it to make sure 1052 * budgeting works properly. 1053 */ 1054 c->bi.uncommitted_idx = atomic_long_read(&c->dirty_zn_cnt); 1055 c->bi.uncommitted_idx *= c->max_idx_node_sz; 1056 1057 ubifs_assert(c->bud_bytes <= c->max_bud_bytes || c->need_recovery); 1058 dbg_mnt("finished, log head LEB %d:%d, max_sqnum %llu, highest_inum %lu", 1059 c->lhead_lnum, c->lhead_offs, c->max_sqnum, 1060 (unsigned long)c->highest_inum); 1061 out: 1062 destroy_replay_list(c); 1063 destroy_bud_list(c); 1064 c->replaying = 0; 1065 return err; 1066 } 1067 #endif 1068