2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_types.h"
24 #include "xfs_trans.h"
28 #include "xfs_dmapi.h"
29 #include "xfs_mount.h"
30 #include "xfs_error.h"
31 #include "xfs_bmap_btree.h"
32 #include "xfs_alloc_btree.h"
33 #include "xfs_ialloc_btree.h"
34 #include "xfs_dir2_sf.h"
35 #include "xfs_attr_sf.h"
36 #include "xfs_dinode.h"
37 #include "xfs_inode.h"
38 #include "xfs_inode_item.h"
39 #include "xfs_alloc.h"
40 #include "xfs_ialloc.h"
41 #include "xfs_log_priv.h"
42 #include "xfs_buf_item.h"
43 #include "xfs_log_recover.h"
44 #include "xfs_extfree_item.h"
45 #include "xfs_trans_priv.h"
46 #include "xfs_quota.h"
48 #include "xfs_utils.h"
49 #include "xfs_trace.h"
51 STATIC int xlog_find_zeroed(xlog_t *, xfs_daddr_t *);
52 STATIC int xlog_clear_stale_blocks(xlog_t *, xfs_lsn_t);
54 STATIC void xlog_recover_check_summary(xlog_t *);
56 #define xlog_recover_check_summary(log)
60 * Sector aligned buffer routines for buffer create/read/write/access
63 /* Number of basic blocks in a log sector */
64 #define xlog_sectbb(log) (1 << (log)->l_sectbb_log)
67 * Verify the given count of basic blocks is valid number of blocks
68 * to specify for an operation involving the given XFS log buffer.
69 * Returns nonzero if the count is valid, 0 otherwise.
73 xlog_buf_bbcount_valid(
77 return bbcount > 0 && bbcount <= log->l_logBBsize;
85 if (!xlog_buf_bbcount_valid(log, nbblks)) {
86 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
88 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
92 if (log->l_sectbb_log) {
94 nbblks += xlog_sectbb(log);
95 nbblks = round_up(nbblks, xlog_sectbb(log));
97 return xfs_buf_get_noaddr(BBTOB(nbblks), log->l_mp->m_logdev_targp);
116 if (!log->l_sectbb_log)
117 return XFS_BUF_PTR(bp);
119 ptr = XFS_BUF_PTR(bp) + BBTOB((int)blk_no & log->l_sectbb_mask);
120 ASSERT(XFS_BUF_SIZE(bp) >=
121 BBTOB(nbblks + (blk_no & log->l_sectbb_mask)));
127 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
138 if (!xlog_buf_bbcount_valid(log, nbblks)) {
139 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
141 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
145 if (log->l_sectbb_log) {
146 blk_no = round_down(blk_no, xlog_sectbb(log));
147 nbblks = round_up(nbblks, xlog_sectbb(log));
151 ASSERT(BBTOB(nbblks) <= XFS_BUF_SIZE(bp));
154 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
157 XFS_BUF_SET_COUNT(bp, BBTOB(nbblks));
158 XFS_BUF_SET_TARGET(bp, log->l_mp->m_logdev_targp);
160 xfsbdstrat(log->l_mp, bp);
161 error = xfs_iowait(bp);
163 xfs_ioerror_alert("xlog_bread", log->l_mp,
164 bp, XFS_BUF_ADDR(bp));
178 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
182 *offset = xlog_align(log, blk_no, nbblks, bp);
187 * Write out the buffer at the given block for the given number of blocks.
188 * The buffer is kept locked across the write and is returned locked.
189 * This can only be used for synchronous log writes.
200 if (!xlog_buf_bbcount_valid(log, nbblks)) {
201 xlog_warn("XFS: Invalid block length (0x%x) given for buffer",
203 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
207 if (log->l_sectbb_log) {
208 blk_no = round_down(blk_no, xlog_sectbb(log));
209 nbblks = round_up(nbblks, xlog_sectbb(log));
213 ASSERT(BBTOB(nbblks) <= XFS_BUF_SIZE(bp));
215 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
216 XFS_BUF_ZEROFLAGS(bp);
219 XFS_BUF_PSEMA(bp, PRIBIO);
220 XFS_BUF_SET_COUNT(bp, BBTOB(nbblks));
221 XFS_BUF_SET_TARGET(bp, log->l_mp->m_logdev_targp);
223 if ((error = xfs_bwrite(log->l_mp, bp)))
224 xfs_ioerror_alert("xlog_bwrite", log->l_mp,
225 bp, XFS_BUF_ADDR(bp));
231 * dump debug superblock and log record information
234 xlog_header_check_dump(
236 xlog_rec_header_t *head)
238 cmn_err(CE_DEBUG, "%s: SB : uuid = %pU, fmt = %d\n",
239 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
240 cmn_err(CE_DEBUG, " log : uuid = %pU, fmt = %d\n",
241 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
244 #define xlog_header_check_dump(mp, head)
248 * check log record header for recovery
251 xlog_header_check_recover(
253 xlog_rec_header_t *head)
255 ASSERT(be32_to_cpu(head->h_magicno) == XLOG_HEADER_MAGIC_NUM);
258 * IRIX doesn't write the h_fmt field and leaves it zeroed
259 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
260 * a dirty log created in IRIX.
262 if (unlikely(be32_to_cpu(head->h_fmt) != XLOG_FMT)) {
264 "XFS: dirty log written in incompatible format - can't recover");
265 xlog_header_check_dump(mp, head);
266 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
267 XFS_ERRLEVEL_HIGH, mp);
268 return XFS_ERROR(EFSCORRUPTED);
269 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
271 "XFS: dirty log entry has mismatched uuid - can't recover");
272 xlog_header_check_dump(mp, head);
273 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
274 XFS_ERRLEVEL_HIGH, mp);
275 return XFS_ERROR(EFSCORRUPTED);
281 * read the head block of the log and check the header
284 xlog_header_check_mount(
286 xlog_rec_header_t *head)
288 ASSERT(be32_to_cpu(head->h_magicno) == XLOG_HEADER_MAGIC_NUM);
290 if (uuid_is_nil(&head->h_fs_uuid)) {
292 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
293 * h_fs_uuid is nil, we assume this log was last mounted
294 * by IRIX and continue.
296 xlog_warn("XFS: nil uuid in log - IRIX style log");
297 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
298 xlog_warn("XFS: log has mismatched uuid - can't recover");
299 xlog_header_check_dump(mp, head);
300 XFS_ERROR_REPORT("xlog_header_check_mount",
301 XFS_ERRLEVEL_HIGH, mp);
302 return XFS_ERROR(EFSCORRUPTED);
311 if (XFS_BUF_GETERROR(bp)) {
313 * We're not going to bother about retrying
314 * this during recovery. One strike!
316 xfs_ioerror_alert("xlog_recover_iodone",
317 bp->b_mount, bp, XFS_BUF_ADDR(bp));
318 xfs_force_shutdown(bp->b_mount, SHUTDOWN_META_IO_ERROR);
321 XFS_BUF_CLR_IODONE_FUNC(bp);
326 * This routine finds (to an approximation) the first block in the physical
327 * log which contains the given cycle. It uses a binary search algorithm.
328 * Note that the algorithm can not be perfect because the disk will not
329 * necessarily be perfect.
332 xlog_find_cycle_start(
335 xfs_daddr_t first_blk,
336 xfs_daddr_t *last_blk,
344 mid_blk = BLK_AVG(first_blk, *last_blk);
345 while (mid_blk != first_blk && mid_blk != *last_blk) {
346 error = xlog_bread(log, mid_blk, 1, bp, &offset);
349 mid_cycle = xlog_get_cycle(offset);
350 if (mid_cycle == cycle) {
352 /* last_half_cycle == mid_cycle */
355 /* first_half_cycle == mid_cycle */
357 mid_blk = BLK_AVG(first_blk, *last_blk);
359 ASSERT((mid_blk == first_blk && mid_blk+1 == *last_blk) ||
360 (mid_blk == *last_blk && mid_blk-1 == first_blk));
366 * Check that the range of blocks does not contain the cycle number
367 * given. The scan needs to occur from front to back and the ptr into the
368 * region must be updated since a later routine will need to perform another
369 * test. If the region is completely good, we end up returning the same
372 * Set blkno to -1 if we encounter no errors. This is an invalid block number
373 * since we don't ever expect logs to get this large.
376 xlog_find_verify_cycle(
378 xfs_daddr_t start_blk,
380 uint stop_on_cycle_no,
381 xfs_daddr_t *new_blk)
387 xfs_caddr_t buf = NULL;
391 * Greedily allocate a buffer big enough to handle the full
392 * range of basic blocks we'll be examining. If that fails,
393 * try a smaller size. We need to be able to read at least
394 * a log sector, or we're out of luck.
396 bufblks = 1 << ffs(nbblks);
397 while (!(bp = xlog_get_bp(log, bufblks))) {
399 if (bufblks < xlog_sectbb(log))
403 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
406 bcount = min(bufblks, (start_blk + nbblks - i));
408 error = xlog_bread(log, i, bcount, bp, &buf);
412 for (j = 0; j < bcount; j++) {
413 cycle = xlog_get_cycle(buf);
414 if (cycle == stop_on_cycle_no) {
431 * Potentially backup over partial log record write.
433 * In the typical case, last_blk is the number of the block directly after
434 * a good log record. Therefore, we subtract one to get the block number
435 * of the last block in the given buffer. extra_bblks contains the number
436 * of blocks we would have read on a previous read. This happens when the
437 * last log record is split over the end of the physical log.
439 * extra_bblks is the number of blocks potentially verified on a previous
440 * call to this routine.
443 xlog_find_verify_log_record(
445 xfs_daddr_t start_blk,
446 xfs_daddr_t *last_blk,
451 xfs_caddr_t offset = NULL;
452 xlog_rec_header_t *head = NULL;
455 int num_blks = *last_blk - start_blk;
458 ASSERT(start_blk != 0 || *last_blk != start_blk);
460 if (!(bp = xlog_get_bp(log, num_blks))) {
461 if (!(bp = xlog_get_bp(log, 1)))
465 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
468 offset += ((num_blks - 1) << BBSHIFT);
471 for (i = (*last_blk) - 1; i >= 0; i--) {
473 /* valid log record not found */
475 "XFS: Log inconsistent (didn't find previous header)");
477 error = XFS_ERROR(EIO);
482 error = xlog_bread(log, i, 1, bp, &offset);
487 head = (xlog_rec_header_t *)offset;
489 if (XLOG_HEADER_MAGIC_NUM == be32_to_cpu(head->h_magicno))
497 * We hit the beginning of the physical log & still no header. Return
498 * to caller. If caller can handle a return of -1, then this routine
499 * will be called again for the end of the physical log.
507 * We have the final block of the good log (the first block
508 * of the log record _before_ the head. So we check the uuid.
510 if ((error = xlog_header_check_mount(log->l_mp, head)))
514 * We may have found a log record header before we expected one.
515 * last_blk will be the 1st block # with a given cycle #. We may end
516 * up reading an entire log record. In this case, we don't want to
517 * reset last_blk. Only when last_blk points in the middle of a log
518 * record do we update last_blk.
520 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
521 uint h_size = be32_to_cpu(head->h_size);
523 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
524 if (h_size % XLOG_HEADER_CYCLE_SIZE)
530 if (*last_blk - i + extra_bblks !=
531 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
540 * Head is defined to be the point of the log where the next log write
541 * write could go. This means that incomplete LR writes at the end are
542 * eliminated when calculating the head. We aren't guaranteed that previous
543 * LR have complete transactions. We only know that a cycle number of
544 * current cycle number -1 won't be present in the log if we start writing
545 * from our current block number.
547 * last_blk contains the block number of the first block with a given
550 * Return: zero if normal, non-zero if error.
555 xfs_daddr_t *return_head_blk)
559 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
561 uint first_half_cycle, last_half_cycle;
563 int error, log_bbnum = log->l_logBBsize;
565 /* Is the end of the log device zeroed? */
566 if ((error = xlog_find_zeroed(log, &first_blk)) == -1) {
567 *return_head_blk = first_blk;
569 /* Is the whole lot zeroed? */
571 /* Linux XFS shouldn't generate totally zeroed logs -
572 * mkfs etc write a dummy unmount record to a fresh
573 * log so we can store the uuid in there
575 xlog_warn("XFS: totally zeroed log");
580 xlog_warn("XFS: empty log check failed");
584 first_blk = 0; /* get cycle # of 1st block */
585 bp = xlog_get_bp(log, 1);
589 error = xlog_bread(log, 0, 1, bp, &offset);
593 first_half_cycle = xlog_get_cycle(offset);
595 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
596 error = xlog_bread(log, last_blk, 1, bp, &offset);
600 last_half_cycle = xlog_get_cycle(offset);
601 ASSERT(last_half_cycle != 0);
604 * If the 1st half cycle number is equal to the last half cycle number,
605 * then the entire log is stamped with the same cycle number. In this
606 * case, head_blk can't be set to zero (which makes sense). The below
607 * math doesn't work out properly with head_blk equal to zero. Instead,
608 * we set it to log_bbnum which is an invalid block number, but this
609 * value makes the math correct. If head_blk doesn't changed through
610 * all the tests below, *head_blk is set to zero at the very end rather
611 * than log_bbnum. In a sense, log_bbnum and zero are the same block
612 * in a circular file.
614 if (first_half_cycle == last_half_cycle) {
616 * In this case we believe that the entire log should have
617 * cycle number last_half_cycle. We need to scan backwards
618 * from the end verifying that there are no holes still
619 * containing last_half_cycle - 1. If we find such a hole,
620 * then the start of that hole will be the new head. The
621 * simple case looks like
622 * x | x ... | x - 1 | x
623 * Another case that fits this picture would be
624 * x | x + 1 | x ... | x
625 * In this case the head really is somewhere at the end of the
626 * log, as one of the latest writes at the beginning was
629 * x | x + 1 | x ... | x - 1 | x
630 * This is really the combination of the above two cases, and
631 * the head has to end up at the start of the x-1 hole at the
634 * In the 256k log case, we will read from the beginning to the
635 * end of the log and search for cycle numbers equal to x-1.
636 * We don't worry about the x+1 blocks that we encounter,
637 * because we know that they cannot be the head since the log
640 head_blk = log_bbnum;
641 stop_on_cycle = last_half_cycle - 1;
644 * In this case we want to find the first block with cycle
645 * number matching last_half_cycle. We expect the log to be
648 * The first block with cycle number x (last_half_cycle) will
649 * be where the new head belongs. First we do a binary search
650 * for the first occurrence of last_half_cycle. The binary
651 * search may not be totally accurate, so then we scan back
652 * from there looking for occurrences of last_half_cycle before
653 * us. If that backwards scan wraps around the beginning of
654 * the log, then we look for occurrences of last_half_cycle - 1
655 * at the end of the log. The cases we're looking for look
657 * x + 1 ... | x | x + 1 | x ...
658 * ^ binary search stopped here
660 * x + 1 ... | x ... | x - 1 | x
661 * <---------> less than scan distance
663 stop_on_cycle = last_half_cycle;
664 if ((error = xlog_find_cycle_start(log, bp, first_blk,
665 &head_blk, last_half_cycle)))
670 * Now validate the answer. Scan back some number of maximum possible
671 * blocks and make sure each one has the expected cycle number. The
672 * maximum is determined by the total possible amount of buffering
673 * in the in-core log. The following number can be made tighter if
674 * we actually look at the block size of the filesystem.
676 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
677 if (head_blk >= num_scan_bblks) {
679 * We are guaranteed that the entire check can be performed
682 start_blk = head_blk - num_scan_bblks;
683 if ((error = xlog_find_verify_cycle(log,
684 start_blk, num_scan_bblks,
685 stop_on_cycle, &new_blk)))
689 } else { /* need to read 2 parts of log */
691 * We are going to scan backwards in the log in two parts.
692 * First we scan the physical end of the log. In this part
693 * of the log, we are looking for blocks with cycle number
694 * last_half_cycle - 1.
695 * If we find one, then we know that the log starts there, as
696 * we've found a hole that didn't get written in going around
697 * the end of the physical log. The simple case for this is
698 * x + 1 ... | x ... | x - 1 | x
699 * <---------> less than scan distance
700 * If all of the blocks at the end of the log have cycle number
701 * last_half_cycle, then we check the blocks at the start of
702 * the log looking for occurrences of last_half_cycle. If we
703 * find one, then our current estimate for the location of the
704 * first occurrence of last_half_cycle is wrong and we move
705 * back to the hole we've found. This case looks like
706 * x + 1 ... | x | x + 1 | x ...
707 * ^ binary search stopped here
708 * Another case we need to handle that only occurs in 256k
710 * x + 1 ... | x ... | x+1 | x ...
711 * ^ binary search stops here
712 * In a 256k log, the scan at the end of the log will see the
713 * x + 1 blocks. We need to skip past those since that is
714 * certainly not the head of the log. By searching for
715 * last_half_cycle-1 we accomplish that.
717 start_blk = log_bbnum - num_scan_bblks + head_blk;
718 ASSERT(head_blk <= INT_MAX &&
719 (xfs_daddr_t) num_scan_bblks - head_blk >= 0);
720 if ((error = xlog_find_verify_cycle(log, start_blk,
721 num_scan_bblks - (int)head_blk,
722 (stop_on_cycle - 1), &new_blk)))
730 * Scan beginning of log now. The last part of the physical
731 * log is good. This scan needs to verify that it doesn't find
732 * the last_half_cycle.
735 ASSERT(head_blk <= INT_MAX);
736 if ((error = xlog_find_verify_cycle(log,
737 start_blk, (int)head_blk,
738 stop_on_cycle, &new_blk)))
746 * Now we need to make sure head_blk is not pointing to a block in
747 * the middle of a log record.
749 num_scan_bblks = XLOG_REC_SHIFT(log);
750 if (head_blk >= num_scan_bblks) {
751 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
753 /* start ptr at last block ptr before head_blk */
754 if ((error = xlog_find_verify_log_record(log, start_blk,
755 &head_blk, 0)) == -1) {
756 error = XFS_ERROR(EIO);
762 ASSERT(head_blk <= INT_MAX);
763 if ((error = xlog_find_verify_log_record(log, start_blk,
764 &head_blk, 0)) == -1) {
765 /* We hit the beginning of the log during our search */
766 start_blk = log_bbnum - num_scan_bblks + head_blk;
768 ASSERT(start_blk <= INT_MAX &&
769 (xfs_daddr_t) log_bbnum-start_blk >= 0);
770 ASSERT(head_blk <= INT_MAX);
771 if ((error = xlog_find_verify_log_record(log,
773 (int)head_blk)) == -1) {
774 error = XFS_ERROR(EIO);
778 if (new_blk != log_bbnum)
785 if (head_blk == log_bbnum)
786 *return_head_blk = 0;
788 *return_head_blk = head_blk;
790 * When returning here, we have a good block number. Bad block
791 * means that during a previous crash, we didn't have a clean break
792 * from cycle number N to cycle number N-1. In this case, we need
793 * to find the first block with cycle number N-1.
801 xlog_warn("XFS: failed to find log head");
806 * Find the sync block number or the tail of the log.
808 * This will be the block number of the last record to have its
809 * associated buffers synced to disk. Every log record header has
810 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
811 * to get a sync block number. The only concern is to figure out which
812 * log record header to believe.
814 * The following algorithm uses the log record header with the largest
815 * lsn. The entire log record does not need to be valid. We only care
816 * that the header is valid.
818 * We could speed up search by using current head_blk buffer, but it is not
824 xfs_daddr_t *head_blk,
825 xfs_daddr_t *tail_blk)
827 xlog_rec_header_t *rhead;
828 xlog_op_header_t *op_head;
829 xfs_caddr_t offset = NULL;
832 xfs_daddr_t umount_data_blk;
833 xfs_daddr_t after_umount_blk;
840 * Find previous log record
842 if ((error = xlog_find_head(log, head_blk)))
845 bp = xlog_get_bp(log, 1);
848 if (*head_blk == 0) { /* special case */
849 error = xlog_bread(log, 0, 1, bp, &offset);
853 if (xlog_get_cycle(offset) == 0) {
855 /* leave all other log inited values alone */
861 * Search backwards looking for log record header block
863 ASSERT(*head_blk < INT_MAX);
864 for (i = (int)(*head_blk) - 1; i >= 0; i--) {
865 error = xlog_bread(log, i, 1, bp, &offset);
869 if (XLOG_HEADER_MAGIC_NUM == be32_to_cpu(*(__be32 *)offset)) {
875 * If we haven't found the log record header block, start looking
876 * again from the end of the physical log. XXXmiken: There should be
877 * a check here to make sure we didn't search more than N blocks in
881 for (i = log->l_logBBsize - 1; i >= (int)(*head_blk); i--) {
882 error = xlog_bread(log, i, 1, bp, &offset);
886 if (XLOG_HEADER_MAGIC_NUM ==
887 be32_to_cpu(*(__be32 *)offset)) {
894 xlog_warn("XFS: xlog_find_tail: couldn't find sync record");
896 return XFS_ERROR(EIO);
899 /* find blk_no of tail of log */
900 rhead = (xlog_rec_header_t *)offset;
901 *tail_blk = BLOCK_LSN(be64_to_cpu(rhead->h_tail_lsn));
904 * Reset log values according to the state of the log when we
905 * crashed. In the case where head_blk == 0, we bump curr_cycle
906 * one because the next write starts a new cycle rather than
907 * continuing the cycle of the last good log record. At this
908 * point we have guaranteed that all partial log records have been
909 * accounted for. Therefore, we know that the last good log record
910 * written was complete and ended exactly on the end boundary
911 * of the physical log.
913 log->l_prev_block = i;
914 log->l_curr_block = (int)*head_blk;
915 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
918 log->l_tail_lsn = be64_to_cpu(rhead->h_tail_lsn);
919 log->l_last_sync_lsn = be64_to_cpu(rhead->h_lsn);
920 log->l_grant_reserve_cycle = log->l_curr_cycle;
921 log->l_grant_reserve_bytes = BBTOB(log->l_curr_block);
922 log->l_grant_write_cycle = log->l_curr_cycle;
923 log->l_grant_write_bytes = BBTOB(log->l_curr_block);
926 * Look for unmount record. If we find it, then we know there
927 * was a clean unmount. Since 'i' could be the last block in
928 * the physical log, we convert to a log block before comparing
931 * Save the current tail lsn to use to pass to
932 * xlog_clear_stale_blocks() below. We won't want to clear the
933 * unmount record if there is one, so we pass the lsn of the
934 * unmount record rather than the block after it.
936 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
937 int h_size = be32_to_cpu(rhead->h_size);
938 int h_version = be32_to_cpu(rhead->h_version);
940 if ((h_version & XLOG_VERSION_2) &&
941 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
942 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
943 if (h_size % XLOG_HEADER_CYCLE_SIZE)
951 after_umount_blk = (i + hblks + (int)
952 BTOBB(be32_to_cpu(rhead->h_len))) % log->l_logBBsize;
953 tail_lsn = log->l_tail_lsn;
954 if (*head_blk == after_umount_blk &&
955 be32_to_cpu(rhead->h_num_logops) == 1) {
956 umount_data_blk = (i + hblks) % log->l_logBBsize;
957 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
961 op_head = (xlog_op_header_t *)offset;
962 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
964 * Set tail and last sync so that newly written
965 * log records will point recovery to after the
966 * current unmount record.
969 xlog_assign_lsn(log->l_curr_cycle,
971 log->l_last_sync_lsn =
972 xlog_assign_lsn(log->l_curr_cycle,
974 *tail_blk = after_umount_blk;
977 * Note that the unmount was clean. If the unmount
978 * was not clean, we need to know this to rebuild the
979 * superblock counters from the perag headers if we
980 * have a filesystem using non-persistent counters.
982 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
987 * Make sure that there are no blocks in front of the head
988 * with the same cycle number as the head. This can happen
989 * because we allow multiple outstanding log writes concurrently,
990 * and the later writes might make it out before earlier ones.
992 * We use the lsn from before modifying it so that we'll never
993 * overwrite the unmount record after a clean unmount.
995 * Do this only if we are going to recover the filesystem
997 * NOTE: This used to say "if (!readonly)"
998 * However on Linux, we can & do recover a read-only filesystem.
999 * We only skip recovery if NORECOVERY is specified on mount,
1000 * in which case we would not be here.
1002 * But... if the -device- itself is readonly, just skip this.
1003 * We can't recover this device anyway, so it won't matter.
1005 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp)) {
1006 error = xlog_clear_stale_blocks(log, tail_lsn);
1014 xlog_warn("XFS: failed to locate log tail");
1019 * Is the log zeroed at all?
1021 * The last binary search should be changed to perform an X block read
1022 * once X becomes small enough. You can then search linearly through
1023 * the X blocks. This will cut down on the number of reads we need to do.
1025 * If the log is partially zeroed, this routine will pass back the blkno
1026 * of the first block with cycle number 0. It won't have a complete LR
1030 * 0 => the log is completely written to
1031 * -1 => use *blk_no as the first block of the log
1032 * >0 => error has occurred
1037 xfs_daddr_t *blk_no)
1041 uint first_cycle, last_cycle;
1042 xfs_daddr_t new_blk, last_blk, start_blk;
1043 xfs_daddr_t num_scan_bblks;
1044 int error, log_bbnum = log->l_logBBsize;
1048 /* check totally zeroed log */
1049 bp = xlog_get_bp(log, 1);
1052 error = xlog_bread(log, 0, 1, bp, &offset);
1056 first_cycle = xlog_get_cycle(offset);
1057 if (first_cycle == 0) { /* completely zeroed log */
1063 /* check partially zeroed log */
1064 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1068 last_cycle = xlog_get_cycle(offset);
1069 if (last_cycle != 0) { /* log completely written to */
1072 } else if (first_cycle != 1) {
1074 * If the cycle of the last block is zero, the cycle of
1075 * the first block must be 1. If it's not, maybe we're
1076 * not looking at a log... Bail out.
1078 xlog_warn("XFS: Log inconsistent or not a log (last==0, first!=1)");
1079 return XFS_ERROR(EINVAL);
1082 /* we have a partially zeroed log */
1083 last_blk = log_bbnum-1;
1084 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1088 * Validate the answer. Because there is no way to guarantee that
1089 * the entire log is made up of log records which are the same size,
1090 * we scan over the defined maximum blocks. At this point, the maximum
1091 * is not chosen to mean anything special. XXXmiken
1093 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1094 ASSERT(num_scan_bblks <= INT_MAX);
1096 if (last_blk < num_scan_bblks)
1097 num_scan_bblks = last_blk;
1098 start_blk = last_blk - num_scan_bblks;
1101 * We search for any instances of cycle number 0 that occur before
1102 * our current estimate of the head. What we're trying to detect is
1103 * 1 ... | 0 | 1 | 0...
1104 * ^ binary search ends here
1106 if ((error = xlog_find_verify_cycle(log, start_blk,
1107 (int)num_scan_bblks, 0, &new_blk)))
1113 * Potentially backup over partial log record write. We don't need
1114 * to search the end of the log because we know it is zero.
1116 if ((error = xlog_find_verify_log_record(log, start_blk,
1117 &last_blk, 0)) == -1) {
1118 error = XFS_ERROR(EIO);
1132 * These are simple subroutines used by xlog_clear_stale_blocks() below
1133 * to initialize a buffer full of empty log record headers and write
1134 * them into the log.
1145 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1147 memset(buf, 0, BBSIZE);
1148 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1149 recp->h_cycle = cpu_to_be32(cycle);
1150 recp->h_version = cpu_to_be32(
1151 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1152 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1153 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1154 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1155 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1159 xlog_write_log_records(
1170 int sectbb = xlog_sectbb(log);
1171 int end_block = start_block + blocks;
1177 * Greedily allocate a buffer big enough to handle the full
1178 * range of basic blocks to be written. If that fails, try
1179 * a smaller size. We need to be able to write at least a
1180 * log sector, or we're out of luck.
1182 bufblks = 1 << ffs(blocks);
1183 while (!(bp = xlog_get_bp(log, bufblks))) {
1185 if (bufblks < xlog_sectbb(log))
1189 /* We may need to do a read at the start to fill in part of
1190 * the buffer in the starting sector not covered by the first
1193 balign = round_down(start_block, sectbb);
1194 if (balign != start_block) {
1195 error = xlog_bread_noalign(log, start_block, 1, bp);
1199 j = start_block - balign;
1202 for (i = start_block; i < end_block; i += bufblks) {
1203 int bcount, endcount;
1205 bcount = min(bufblks, end_block - start_block);
1206 endcount = bcount - j;
1208 /* We may need to do a read at the end to fill in part of
1209 * the buffer in the final sector not covered by the write.
1210 * If this is the same sector as the above read, skip it.
1212 ealign = round_down(end_block, sectbb);
1213 if (j == 0 && (start_block + endcount > ealign)) {
1214 offset = XFS_BUF_PTR(bp);
1215 balign = BBTOB(ealign - start_block);
1216 error = XFS_BUF_SET_PTR(bp, offset + balign,
1221 error = xlog_bread_noalign(log, ealign, sectbb, bp);
1225 error = XFS_BUF_SET_PTR(bp, offset, bufblks);
1230 offset = xlog_align(log, start_block, endcount, bp);
1231 for (; j < endcount; j++) {
1232 xlog_add_record(log, offset, cycle, i+j,
1233 tail_cycle, tail_block);
1236 error = xlog_bwrite(log, start_block, endcount, bp);
1239 start_block += endcount;
1249 * This routine is called to blow away any incomplete log writes out
1250 * in front of the log head. We do this so that we won't become confused
1251 * if we come up, write only a little bit more, and then crash again.
1252 * If we leave the partial log records out there, this situation could
1253 * cause us to think those partial writes are valid blocks since they
1254 * have the current cycle number. We get rid of them by overwriting them
1255 * with empty log records with the old cycle number rather than the
1258 * The tail lsn is passed in rather than taken from
1259 * the log so that we will not write over the unmount record after a
1260 * clean unmount in a 512 block log. Doing so would leave the log without
1261 * any valid log records in it until a new one was written. If we crashed
1262 * during that time we would not be able to recover.
1265 xlog_clear_stale_blocks(
1269 int tail_cycle, head_cycle;
1270 int tail_block, head_block;
1271 int tail_distance, max_distance;
1275 tail_cycle = CYCLE_LSN(tail_lsn);
1276 tail_block = BLOCK_LSN(tail_lsn);
1277 head_cycle = log->l_curr_cycle;
1278 head_block = log->l_curr_block;
1281 * Figure out the distance between the new head of the log
1282 * and the tail. We want to write over any blocks beyond the
1283 * head that we may have written just before the crash, but
1284 * we don't want to overwrite the tail of the log.
1286 if (head_cycle == tail_cycle) {
1288 * The tail is behind the head in the physical log,
1289 * so the distance from the head to the tail is the
1290 * distance from the head to the end of the log plus
1291 * the distance from the beginning of the log to the
1294 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1295 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1296 XFS_ERRLEVEL_LOW, log->l_mp);
1297 return XFS_ERROR(EFSCORRUPTED);
1299 tail_distance = tail_block + (log->l_logBBsize - head_block);
1302 * The head is behind the tail in the physical log,
1303 * so the distance from the head to the tail is just
1304 * the tail block minus the head block.
1306 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1307 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1308 XFS_ERRLEVEL_LOW, log->l_mp);
1309 return XFS_ERROR(EFSCORRUPTED);
1311 tail_distance = tail_block - head_block;
1315 * If the head is right up against the tail, we can't clear
1318 if (tail_distance <= 0) {
1319 ASSERT(tail_distance == 0);
1323 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1325 * Take the smaller of the maximum amount of outstanding I/O
1326 * we could have and the distance to the tail to clear out.
1327 * We take the smaller so that we don't overwrite the tail and
1328 * we don't waste all day writing from the head to the tail
1331 max_distance = MIN(max_distance, tail_distance);
1333 if ((head_block + max_distance) <= log->l_logBBsize) {
1335 * We can stomp all the blocks we need to without
1336 * wrapping around the end of the log. Just do it
1337 * in a single write. Use the cycle number of the
1338 * current cycle minus one so that the log will look like:
1341 error = xlog_write_log_records(log, (head_cycle - 1),
1342 head_block, max_distance, tail_cycle,
1348 * We need to wrap around the end of the physical log in
1349 * order to clear all the blocks. Do it in two separate
1350 * I/Os. The first write should be from the head to the
1351 * end of the physical log, and it should use the current
1352 * cycle number minus one just like above.
1354 distance = log->l_logBBsize - head_block;
1355 error = xlog_write_log_records(log, (head_cycle - 1),
1356 head_block, distance, tail_cycle,
1363 * Now write the blocks at the start of the physical log.
1364 * This writes the remainder of the blocks we want to clear.
1365 * It uses the current cycle number since we're now on the
1366 * same cycle as the head so that we get:
1367 * n ... n ... | n - 1 ...
1368 * ^^^^^ blocks we're writing
1370 distance = max_distance - (log->l_logBBsize - head_block);
1371 error = xlog_write_log_records(log, head_cycle, 0, distance,
1372 tail_cycle, tail_block);
1380 /******************************************************************************
1382 * Log recover routines
1384 ******************************************************************************
1387 STATIC xlog_recover_t *
1388 xlog_recover_find_tid(
1389 struct hlist_head *head,
1392 xlog_recover_t *trans;
1393 struct hlist_node *n;
1395 hlist_for_each_entry(trans, n, head, r_list) {
1396 if (trans->r_log_tid == tid)
1403 xlog_recover_new_tid(
1404 struct hlist_head *head,
1408 xlog_recover_t *trans;
1410 trans = kmem_zalloc(sizeof(xlog_recover_t), KM_SLEEP);
1411 trans->r_log_tid = tid;
1413 INIT_LIST_HEAD(&trans->r_itemq);
1415 INIT_HLIST_NODE(&trans->r_list);
1416 hlist_add_head(&trans->r_list, head);
1420 xlog_recover_add_item(
1421 struct list_head *head)
1423 xlog_recover_item_t *item;
1425 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
1426 INIT_LIST_HEAD(&item->ri_list);
1427 list_add_tail(&item->ri_list, head);
1431 xlog_recover_add_to_cont_trans(
1433 xlog_recover_t *trans,
1437 xlog_recover_item_t *item;
1438 xfs_caddr_t ptr, old_ptr;
1441 if (list_empty(&trans->r_itemq)) {
1442 /* finish copying rest of trans header */
1443 xlog_recover_add_item(&trans->r_itemq);
1444 ptr = (xfs_caddr_t) &trans->r_theader +
1445 sizeof(xfs_trans_header_t) - len;
1446 memcpy(ptr, dp, len); /* d, s, l */
1449 /* take the tail entry */
1450 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
1452 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
1453 old_len = item->ri_buf[item->ri_cnt-1].i_len;
1455 ptr = kmem_realloc(old_ptr, len+old_len, old_len, 0u);
1456 memcpy(&ptr[old_len], dp, len); /* d, s, l */
1457 item->ri_buf[item->ri_cnt-1].i_len += len;
1458 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
1459 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
1464 * The next region to add is the start of a new region. It could be
1465 * a whole region or it could be the first part of a new region. Because
1466 * of this, the assumption here is that the type and size fields of all
1467 * format structures fit into the first 32 bits of the structure.
1469 * This works because all regions must be 32 bit aligned. Therefore, we
1470 * either have both fields or we have neither field. In the case we have
1471 * neither field, the data part of the region is zero length. We only have
1472 * a log_op_header and can throw away the header since a new one will appear
1473 * later. If we have at least 4 bytes, then we can determine how many regions
1474 * will appear in the current log item.
1477 xlog_recover_add_to_trans(
1479 xlog_recover_t *trans,
1483 xfs_inode_log_format_t *in_f; /* any will do */
1484 xlog_recover_item_t *item;
1489 if (list_empty(&trans->r_itemq)) {
1490 /* we need to catch log corruptions here */
1491 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
1492 xlog_warn("XFS: xlog_recover_add_to_trans: "
1493 "bad header magic number");
1495 return XFS_ERROR(EIO);
1497 if (len == sizeof(xfs_trans_header_t))
1498 xlog_recover_add_item(&trans->r_itemq);
1499 memcpy(&trans->r_theader, dp, len); /* d, s, l */
1503 ptr = kmem_alloc(len, KM_SLEEP);
1504 memcpy(ptr, dp, len);
1505 in_f = (xfs_inode_log_format_t *)ptr;
1507 /* take the tail entry */
1508 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
1509 if (item->ri_total != 0 &&
1510 item->ri_total == item->ri_cnt) {
1511 /* tail item is in use, get a new one */
1512 xlog_recover_add_item(&trans->r_itemq);
1513 item = list_entry(trans->r_itemq.prev,
1514 xlog_recover_item_t, ri_list);
1517 if (item->ri_total == 0) { /* first region to be added */
1518 if (in_f->ilf_size == 0 ||
1519 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
1521 "XFS: bad number of regions (%d) in inode log format",
1524 return XFS_ERROR(EIO);
1527 item->ri_total = in_f->ilf_size;
1529 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
1532 ASSERT(item->ri_total > item->ri_cnt);
1533 /* Description region is ri_buf[0] */
1534 item->ri_buf[item->ri_cnt].i_addr = ptr;
1535 item->ri_buf[item->ri_cnt].i_len = len;
1537 trace_xfs_log_recover_item_add(log, trans, item, 0);
1542 * Sort the log items in the transaction. Cancelled buffers need
1543 * to be put first so they are processed before any items that might
1544 * modify the buffers. If they are cancelled, then the modifications
1545 * don't need to be replayed.
1548 xlog_recover_reorder_trans(
1550 xlog_recover_t *trans,
1553 xlog_recover_item_t *item, *n;
1554 LIST_HEAD(sort_list);
1556 list_splice_init(&trans->r_itemq, &sort_list);
1557 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1558 xfs_buf_log_format_t *buf_f;
1560 buf_f = (xfs_buf_log_format_t *)item->ri_buf[0].i_addr;
1562 switch (ITEM_TYPE(item)) {
1564 if (!(buf_f->blf_flags & XFS_BLI_CANCEL)) {
1565 trace_xfs_log_recover_item_reorder_head(log,
1567 list_move(&item->ri_list, &trans->r_itemq);
1572 case XFS_LI_QUOTAOFF:
1575 trace_xfs_log_recover_item_reorder_tail(log,
1577 list_move_tail(&item->ri_list, &trans->r_itemq);
1581 "XFS: xlog_recover_reorder_trans: unrecognized type of log operation");
1583 return XFS_ERROR(EIO);
1586 ASSERT(list_empty(&sort_list));
1591 * Build up the table of buf cancel records so that we don't replay
1592 * cancelled data in the second pass. For buffer records that are
1593 * not cancel records, there is nothing to do here so we just return.
1595 * If we get a cancel record which is already in the table, this indicates
1596 * that the buffer was cancelled multiple times. In order to ensure
1597 * that during pass 2 we keep the record in the table until we reach its
1598 * last occurrence in the log, we keep a reference count in the cancel
1599 * record in the table to tell us how many times we expect to see this
1600 * record during the second pass.
1603 xlog_recover_do_buffer_pass1(
1605 xfs_buf_log_format_t *buf_f)
1607 xfs_buf_cancel_t *bcp;
1608 xfs_buf_cancel_t *nextp;
1609 xfs_buf_cancel_t *prevp;
1610 xfs_buf_cancel_t **bucket;
1611 xfs_daddr_t blkno = 0;
1615 switch (buf_f->blf_type) {
1617 blkno = buf_f->blf_blkno;
1618 len = buf_f->blf_len;
1619 flags = buf_f->blf_flags;
1624 * If this isn't a cancel buffer item, then just return.
1626 if (!(flags & XFS_BLI_CANCEL)) {
1627 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1632 * Insert an xfs_buf_cancel record into the hash table of
1633 * them. If there is already an identical record, bump
1634 * its reference count.
1636 bucket = &log->l_buf_cancel_table[(__uint64_t)blkno %
1637 XLOG_BC_TABLE_SIZE];
1639 * If the hash bucket is empty then just insert a new record into
1642 if (*bucket == NULL) {
1643 bcp = (xfs_buf_cancel_t *)kmem_alloc(sizeof(xfs_buf_cancel_t),
1645 bcp->bc_blkno = blkno;
1647 bcp->bc_refcount = 1;
1648 bcp->bc_next = NULL;
1654 * The hash bucket is not empty, so search for duplicates of our
1655 * record. If we find one them just bump its refcount. If not
1656 * then add us at the end of the list.
1660 while (nextp != NULL) {
1661 if (nextp->bc_blkno == blkno && nextp->bc_len == len) {
1662 nextp->bc_refcount++;
1663 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1667 nextp = nextp->bc_next;
1669 ASSERT(prevp != NULL);
1670 bcp = (xfs_buf_cancel_t *)kmem_alloc(sizeof(xfs_buf_cancel_t),
1672 bcp->bc_blkno = blkno;
1674 bcp->bc_refcount = 1;
1675 bcp->bc_next = NULL;
1676 prevp->bc_next = bcp;
1677 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
1681 * Check to see whether the buffer being recovered has a corresponding
1682 * entry in the buffer cancel record table. If it does then return 1
1683 * so that it will be cancelled, otherwise return 0. If the buffer is
1684 * actually a buffer cancel item (XFS_BLI_CANCEL is set), then decrement
1685 * the refcount on the entry in the table and remove it from the table
1686 * if this is the last reference.
1688 * We remove the cancel record from the table when we encounter its
1689 * last occurrence in the log so that if the same buffer is re-used
1690 * again after its last cancellation we actually replay the changes
1691 * made at that point.
1694 xlog_check_buffer_cancelled(
1700 xfs_buf_cancel_t *bcp;
1701 xfs_buf_cancel_t *prevp;
1702 xfs_buf_cancel_t **bucket;
1704 if (log->l_buf_cancel_table == NULL) {
1706 * There is nothing in the table built in pass one,
1707 * so this buffer must not be cancelled.
1709 ASSERT(!(flags & XFS_BLI_CANCEL));
1713 bucket = &log->l_buf_cancel_table[(__uint64_t)blkno %
1714 XLOG_BC_TABLE_SIZE];
1718 * There is no corresponding entry in the table built
1719 * in pass one, so this buffer has not been cancelled.
1721 ASSERT(!(flags & XFS_BLI_CANCEL));
1726 * Search for an entry in the buffer cancel table that
1727 * matches our buffer.
1730 while (bcp != NULL) {
1731 if (bcp->bc_blkno == blkno && bcp->bc_len == len) {
1733 * We've go a match, so return 1 so that the
1734 * recovery of this buffer is cancelled.
1735 * If this buffer is actually a buffer cancel
1736 * log item, then decrement the refcount on the
1737 * one in the table and remove it if this is the
1740 if (flags & XFS_BLI_CANCEL) {
1742 if (bcp->bc_refcount == 0) {
1743 if (prevp == NULL) {
1744 *bucket = bcp->bc_next;
1746 prevp->bc_next = bcp->bc_next;
1757 * We didn't find a corresponding entry in the table, so
1758 * return 0 so that the buffer is NOT cancelled.
1760 ASSERT(!(flags & XFS_BLI_CANCEL));
1765 xlog_recover_do_buffer_pass2(
1767 xfs_buf_log_format_t *buf_f)
1769 xfs_daddr_t blkno = 0;
1773 switch (buf_f->blf_type) {
1775 blkno = buf_f->blf_blkno;
1776 flags = buf_f->blf_flags;
1777 len = buf_f->blf_len;
1781 return xlog_check_buffer_cancelled(log, blkno, len, flags);
1785 * Perform recovery for a buffer full of inodes. In these buffers,
1786 * the only data which should be recovered is that which corresponds
1787 * to the di_next_unlinked pointers in the on disk inode structures.
1788 * The rest of the data for the inodes is always logged through the
1789 * inodes themselves rather than the inode buffer and is recovered
1790 * in xlog_recover_do_inode_trans().
1792 * The only time when buffers full of inodes are fully recovered is
1793 * when the buffer is full of newly allocated inodes. In this case
1794 * the buffer will not be marked as an inode buffer and so will be
1795 * sent to xlog_recover_do_reg_buffer() below during recovery.
1798 xlog_recover_do_inode_buffer(
1800 xlog_recover_item_t *item,
1802 xfs_buf_log_format_t *buf_f)
1810 int next_unlinked_offset;
1812 xfs_agino_t *logged_nextp;
1813 xfs_agino_t *buffer_nextp;
1814 unsigned int *data_map = NULL;
1815 unsigned int map_size = 0;
1817 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
1819 switch (buf_f->blf_type) {
1821 data_map = buf_f->blf_data_map;
1822 map_size = buf_f->blf_map_size;
1826 * Set the variables corresponding to the current region to
1827 * 0 so that we'll initialize them on the first pass through
1835 inodes_per_buf = XFS_BUF_COUNT(bp) >> mp->m_sb.sb_inodelog;
1836 for (i = 0; i < inodes_per_buf; i++) {
1837 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
1838 offsetof(xfs_dinode_t, di_next_unlinked);
1840 while (next_unlinked_offset >=
1841 (reg_buf_offset + reg_buf_bytes)) {
1843 * The next di_next_unlinked field is beyond
1844 * the current logged region. Find the next
1845 * logged region that contains or is beyond
1846 * the current di_next_unlinked field.
1849 bit = xfs_next_bit(data_map, map_size, bit);
1852 * If there are no more logged regions in the
1853 * buffer, then we're done.
1859 nbits = xfs_contig_bits(data_map, map_size,
1862 reg_buf_offset = bit << XFS_BLI_SHIFT;
1863 reg_buf_bytes = nbits << XFS_BLI_SHIFT;
1868 * If the current logged region starts after the current
1869 * di_next_unlinked field, then move on to the next
1870 * di_next_unlinked field.
1872 if (next_unlinked_offset < reg_buf_offset) {
1876 ASSERT(item->ri_buf[item_index].i_addr != NULL);
1877 ASSERT((item->ri_buf[item_index].i_len % XFS_BLI_CHUNK) == 0);
1878 ASSERT((reg_buf_offset + reg_buf_bytes) <= XFS_BUF_COUNT(bp));
1881 * The current logged region contains a copy of the
1882 * current di_next_unlinked field. Extract its value
1883 * and copy it to the buffer copy.
1885 logged_nextp = (xfs_agino_t *)
1886 ((char *)(item->ri_buf[item_index].i_addr) +
1887 (next_unlinked_offset - reg_buf_offset));
1888 if (unlikely(*logged_nextp == 0)) {
1889 xfs_fs_cmn_err(CE_ALERT, mp,
1890 "bad inode buffer log record (ptr = 0x%p, bp = 0x%p). XFS trying to replay bad (0) inode di_next_unlinked field",
1892 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
1893 XFS_ERRLEVEL_LOW, mp);
1894 return XFS_ERROR(EFSCORRUPTED);
1897 buffer_nextp = (xfs_agino_t *)xfs_buf_offset(bp,
1898 next_unlinked_offset);
1899 *buffer_nextp = *logged_nextp;
1906 * Perform a 'normal' buffer recovery. Each logged region of the
1907 * buffer should be copied over the corresponding region in the
1908 * given buffer. The bitmap in the buf log format structure indicates
1909 * where to place the logged data.
1913 xlog_recover_do_reg_buffer(
1914 struct xfs_mount *mp,
1915 xlog_recover_item_t *item,
1917 xfs_buf_log_format_t *buf_f)
1922 unsigned int *data_map = NULL;
1923 unsigned int map_size = 0;
1926 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
1928 switch (buf_f->blf_type) {
1930 data_map = buf_f->blf_data_map;
1931 map_size = buf_f->blf_map_size;
1935 i = 1; /* 0 is the buf format structure */
1937 bit = xfs_next_bit(data_map, map_size, bit);
1940 nbits = xfs_contig_bits(data_map, map_size, bit);
1942 ASSERT(item->ri_buf[i].i_addr != NULL);
1943 ASSERT(item->ri_buf[i].i_len % XFS_BLI_CHUNK == 0);
1944 ASSERT(XFS_BUF_COUNT(bp) >=
1945 ((uint)bit << XFS_BLI_SHIFT)+(nbits<<XFS_BLI_SHIFT));
1948 * Do a sanity check if this is a dquot buffer. Just checking
1949 * the first dquot in the buffer should do. XXXThis is
1950 * probably a good thing to do for other buf types also.
1953 if (buf_f->blf_flags &
1954 (XFS_BLI_UDQUOT_BUF|XFS_BLI_PDQUOT_BUF|XFS_BLI_GDQUOT_BUF)) {
1955 if (item->ri_buf[i].i_addr == NULL) {
1957 "XFS: NULL dquot in %s.", __func__);
1960 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
1962 "XFS: dquot too small (%d) in %s.",
1963 item->ri_buf[i].i_len, __func__);
1966 error = xfs_qm_dqcheck((xfs_disk_dquot_t *)
1967 item->ri_buf[i].i_addr,
1968 -1, 0, XFS_QMOPT_DOWARN,
1969 "dquot_buf_recover");
1974 memcpy(xfs_buf_offset(bp,
1975 (uint)bit << XFS_BLI_SHIFT), /* dest */
1976 item->ri_buf[i].i_addr, /* source */
1977 nbits<<XFS_BLI_SHIFT); /* length */
1983 /* Shouldn't be any more regions */
1984 ASSERT(i == item->ri_total);
1988 * Do some primitive error checking on ondisk dquot data structures.
1992 xfs_disk_dquot_t *ddq,
1994 uint type, /* used only when IO_dorepair is true */
1998 xfs_dqblk_t *d = (xfs_dqblk_t *)ddq;
2002 * We can encounter an uninitialized dquot buffer for 2 reasons:
2003 * 1. If we crash while deleting the quotainode(s), and those blks got
2004 * used for user data. This is because we take the path of regular
2005 * file deletion; however, the size field of quotainodes is never
2006 * updated, so all the tricks that we play in itruncate_finish
2007 * don't quite matter.
2009 * 2. We don't play the quota buffers when there's a quotaoff logitem.
2010 * But the allocation will be replayed so we'll end up with an
2011 * uninitialized quota block.
2013 * This is all fine; things are still consistent, and we haven't lost
2014 * any quota information. Just don't complain about bad dquot blks.
2016 if (be16_to_cpu(ddq->d_magic) != XFS_DQUOT_MAGIC) {
2017 if (flags & XFS_QMOPT_DOWARN)
2019 "%s : XFS dquot ID 0x%x, magic 0x%x != 0x%x",
2020 str, id, be16_to_cpu(ddq->d_magic), XFS_DQUOT_MAGIC);
2023 if (ddq->d_version != XFS_DQUOT_VERSION) {
2024 if (flags & XFS_QMOPT_DOWARN)
2026 "%s : XFS dquot ID 0x%x, version 0x%x != 0x%x",
2027 str, id, ddq->d_version, XFS_DQUOT_VERSION);
2031 if (ddq->d_flags != XFS_DQ_USER &&
2032 ddq->d_flags != XFS_DQ_PROJ &&
2033 ddq->d_flags != XFS_DQ_GROUP) {
2034 if (flags & XFS_QMOPT_DOWARN)
2036 "%s : XFS dquot ID 0x%x, unknown flags 0x%x",
2037 str, id, ddq->d_flags);
2041 if (id != -1 && id != be32_to_cpu(ddq->d_id)) {
2042 if (flags & XFS_QMOPT_DOWARN)
2044 "%s : ondisk-dquot 0x%p, ID mismatch: "
2045 "0x%x expected, found id 0x%x",
2046 str, ddq, id, be32_to_cpu(ddq->d_id));
2050 if (!errs && ddq->d_id) {
2051 if (ddq->d_blk_softlimit &&
2052 be64_to_cpu(ddq->d_bcount) >=
2053 be64_to_cpu(ddq->d_blk_softlimit)) {
2054 if (!ddq->d_btimer) {
2055 if (flags & XFS_QMOPT_DOWARN)
2057 "%s : Dquot ID 0x%x (0x%p) "
2058 "BLK TIMER NOT STARTED",
2059 str, (int)be32_to_cpu(ddq->d_id), ddq);
2063 if (ddq->d_ino_softlimit &&
2064 be64_to_cpu(ddq->d_icount) >=
2065 be64_to_cpu(ddq->d_ino_softlimit)) {
2066 if (!ddq->d_itimer) {
2067 if (flags & XFS_QMOPT_DOWARN)
2069 "%s : Dquot ID 0x%x (0x%p) "
2070 "INODE TIMER NOT STARTED",
2071 str, (int)be32_to_cpu(ddq->d_id), ddq);
2075 if (ddq->d_rtb_softlimit &&
2076 be64_to_cpu(ddq->d_rtbcount) >=
2077 be64_to_cpu(ddq->d_rtb_softlimit)) {
2078 if (!ddq->d_rtbtimer) {
2079 if (flags & XFS_QMOPT_DOWARN)
2081 "%s : Dquot ID 0x%x (0x%p) "
2082 "RTBLK TIMER NOT STARTED",
2083 str, (int)be32_to_cpu(ddq->d_id), ddq);
2089 if (!errs || !(flags & XFS_QMOPT_DQREPAIR))
2092 if (flags & XFS_QMOPT_DOWARN)
2093 cmn_err(CE_NOTE, "Re-initializing dquot ID 0x%x", id);
2096 * Typically, a repair is only requested by quotacheck.
2099 ASSERT(flags & XFS_QMOPT_DQREPAIR);
2100 memset(d, 0, sizeof(xfs_dqblk_t));
2102 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
2103 d->dd_diskdq.d_version = XFS_DQUOT_VERSION;
2104 d->dd_diskdq.d_flags = type;
2105 d->dd_diskdq.d_id = cpu_to_be32(id);
2111 * Perform a dquot buffer recovery.
2112 * Simple algorithm: if we have found a QUOTAOFF logitem of the same type
2113 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2114 * Else, treat it as a regular buffer and do recovery.
2117 xlog_recover_do_dquot_buffer(
2120 xlog_recover_item_t *item,
2122 xfs_buf_log_format_t *buf_f)
2126 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2129 * Filesystems are required to send in quota flags at mount time.
2131 if (mp->m_qflags == 0) {
2136 if (buf_f->blf_flags & XFS_BLI_UDQUOT_BUF)
2137 type |= XFS_DQ_USER;
2138 if (buf_f->blf_flags & XFS_BLI_PDQUOT_BUF)
2139 type |= XFS_DQ_PROJ;
2140 if (buf_f->blf_flags & XFS_BLI_GDQUOT_BUF)
2141 type |= XFS_DQ_GROUP;
2143 * This type of quotas was turned off, so ignore this buffer
2145 if (log->l_quotaoffs_flag & type)
2148 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2152 * This routine replays a modification made to a buffer at runtime.
2153 * There are actually two types of buffer, regular and inode, which
2154 * are handled differently. Inode buffers are handled differently
2155 * in that we only recover a specific set of data from them, namely
2156 * the inode di_next_unlinked fields. This is because all other inode
2157 * data is actually logged via inode records and any data we replay
2158 * here which overlaps that may be stale.
2160 * When meta-data buffers are freed at run time we log a buffer item
2161 * with the XFS_BLI_CANCEL bit set to indicate that previous copies
2162 * of the buffer in the log should not be replayed at recovery time.
2163 * This is so that if the blocks covered by the buffer are reused for
2164 * file data before we crash we don't end up replaying old, freed
2165 * meta-data into a user's file.
2167 * To handle the cancellation of buffer log items, we make two passes
2168 * over the log during recovery. During the first we build a table of
2169 * those buffers which have been cancelled, and during the second we
2170 * only replay those buffers which do not have corresponding cancel
2171 * records in the table. See xlog_recover_do_buffer_pass[1,2] above
2172 * for more details on the implementation of the table of cancel records.
2175 xlog_recover_do_buffer_trans(
2177 xlog_recover_item_t *item,
2180 xfs_buf_log_format_t *buf_f;
2190 buf_f = (xfs_buf_log_format_t *)item->ri_buf[0].i_addr;
2192 if (pass == XLOG_RECOVER_PASS1) {
2194 * In this pass we're only looking for buf items
2195 * with the XFS_BLI_CANCEL bit set.
2197 xlog_recover_do_buffer_pass1(log, buf_f);
2201 * In this pass we want to recover all the buffers
2202 * which have not been cancelled and are not
2203 * cancellation buffers themselves. The routine
2204 * we call here will tell us whether or not to
2205 * continue with the replay of this buffer.
2207 cancel = xlog_recover_do_buffer_pass2(log, buf_f);
2209 trace_xfs_log_recover_buf_cancel(log, buf_f);
2213 trace_xfs_log_recover_buf_recover(log, buf_f);
2214 switch (buf_f->blf_type) {
2216 blkno = buf_f->blf_blkno;
2217 len = buf_f->blf_len;
2218 flags = buf_f->blf_flags;
2221 xfs_fs_cmn_err(CE_ALERT, log->l_mp,
2222 "xfs_log_recover: unknown buffer type 0x%x, logdev %s",
2223 buf_f->blf_type, log->l_mp->m_logname ?
2224 log->l_mp->m_logname : "internal");
2225 XFS_ERROR_REPORT("xlog_recover_do_buffer_trans",
2226 XFS_ERRLEVEL_LOW, log->l_mp);
2227 return XFS_ERROR(EFSCORRUPTED);
2231 buf_flags = XBF_LOCK;
2232 if (!(flags & XFS_BLI_INODE_BUF))
2233 buf_flags |= XBF_MAPPED;
2235 bp = xfs_buf_read(mp->m_ddev_targp, blkno, len, buf_flags);
2236 if (XFS_BUF_ISERROR(bp)) {
2237 xfs_ioerror_alert("xlog_recover_do..(read#1)", log->l_mp,
2239 error = XFS_BUF_GETERROR(bp);
2245 if (flags & XFS_BLI_INODE_BUF) {
2246 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2248 (XFS_BLI_UDQUOT_BUF|XFS_BLI_PDQUOT_BUF|XFS_BLI_GDQUOT_BUF)) {
2249 xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2251 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2254 return XFS_ERROR(error);
2257 * Perform delayed write on the buffer. Asynchronous writes will be
2258 * slower when taking into account all the buffers to be flushed.
2260 * Also make sure that only inode buffers with good sizes stay in
2261 * the buffer cache. The kernel moves inodes in buffers of 1 block
2262 * or XFS_INODE_CLUSTER_SIZE bytes, whichever is bigger. The inode
2263 * buffers in the log can be a different size if the log was generated
2264 * by an older kernel using unclustered inode buffers or a newer kernel
2265 * running with a different inode cluster size. Regardless, if the
2266 * the inode buffer size isn't MAX(blocksize, XFS_INODE_CLUSTER_SIZE)
2267 * for *our* value of XFS_INODE_CLUSTER_SIZE, then we need to keep
2268 * the buffer out of the buffer cache so that the buffer won't
2269 * overlap with future reads of those inodes.
2271 if (XFS_DINODE_MAGIC ==
2272 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2273 (XFS_BUF_COUNT(bp) != MAX(log->l_mp->m_sb.sb_blocksize,
2274 (__uint32_t)XFS_INODE_CLUSTER_SIZE(log->l_mp)))) {
2276 error = xfs_bwrite(mp, bp);
2278 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2280 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2281 xfs_bdwrite(mp, bp);
2288 xlog_recover_do_inode_trans(
2290 xlog_recover_item_t *item,
2293 xfs_inode_log_format_t *in_f;
2304 xfs_icdinode_t *dicp;
2307 if (pass == XLOG_RECOVER_PASS1) {
2311 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2312 in_f = (xfs_inode_log_format_t *)item->ri_buf[0].i_addr;
2314 in_f = (xfs_inode_log_format_t *)kmem_alloc(
2315 sizeof(xfs_inode_log_format_t), KM_SLEEP);
2317 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2321 ino = in_f->ilf_ino;
2325 * Inode buffers can be freed, look out for it,
2326 * and do not replay the inode.
2328 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2329 in_f->ilf_len, 0)) {
2331 trace_xfs_log_recover_inode_cancel(log, in_f);
2334 trace_xfs_log_recover_inode_recover(log, in_f);
2336 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len,
2338 if (XFS_BUF_ISERROR(bp)) {
2339 xfs_ioerror_alert("xlog_recover_do..(read#2)", mp,
2340 bp, in_f->ilf_blkno);
2341 error = XFS_BUF_GETERROR(bp);
2346 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2347 dip = (xfs_dinode_t *)xfs_buf_offset(bp, in_f->ilf_boffset);
2350 * Make sure the place we're flushing out to really looks
2353 if (unlikely(be16_to_cpu(dip->di_magic) != XFS_DINODE_MAGIC)) {
2355 xfs_fs_cmn_err(CE_ALERT, mp,
2356 "xfs_inode_recover: Bad inode magic number, dino ptr = 0x%p, dino bp = 0x%p, ino = %Ld",
2358 XFS_ERROR_REPORT("xlog_recover_do_inode_trans(1)",
2359 XFS_ERRLEVEL_LOW, mp);
2360 error = EFSCORRUPTED;
2363 dicp = (xfs_icdinode_t *)(item->ri_buf[1].i_addr);
2364 if (unlikely(dicp->di_magic != XFS_DINODE_MAGIC)) {
2366 xfs_fs_cmn_err(CE_ALERT, mp,
2367 "xfs_inode_recover: Bad inode log record, rec ptr 0x%p, ino %Ld",
2369 XFS_ERROR_REPORT("xlog_recover_do_inode_trans(2)",
2370 XFS_ERRLEVEL_LOW, mp);
2371 error = EFSCORRUPTED;
2375 /* Skip replay when the on disk inode is newer than the log one */
2376 if (dicp->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
2378 * Deal with the wrap case, DI_MAX_FLUSH is less
2379 * than smaller numbers
2381 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
2382 dicp->di_flushiter < (DI_MAX_FLUSH >> 1)) {
2386 trace_xfs_log_recover_inode_skip(log, in_f);
2391 /* Take the opportunity to reset the flush iteration count */
2392 dicp->di_flushiter = 0;
2394 if (unlikely((dicp->di_mode & S_IFMT) == S_IFREG)) {
2395 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2396 (dicp->di_format != XFS_DINODE_FMT_BTREE)) {
2397 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(3)",
2398 XFS_ERRLEVEL_LOW, mp, dicp);
2400 xfs_fs_cmn_err(CE_ALERT, mp,
2401 "xfs_inode_recover: Bad regular inode log record, rec ptr 0x%p, ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2402 item, dip, bp, ino);
2403 error = EFSCORRUPTED;
2406 } else if (unlikely((dicp->di_mode & S_IFMT) == S_IFDIR)) {
2407 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2408 (dicp->di_format != XFS_DINODE_FMT_BTREE) &&
2409 (dicp->di_format != XFS_DINODE_FMT_LOCAL)) {
2410 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(4)",
2411 XFS_ERRLEVEL_LOW, mp, dicp);
2413 xfs_fs_cmn_err(CE_ALERT, mp,
2414 "xfs_inode_recover: Bad dir inode log record, rec ptr 0x%p, ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2415 item, dip, bp, ino);
2416 error = EFSCORRUPTED;
2420 if (unlikely(dicp->di_nextents + dicp->di_anextents > dicp->di_nblocks)){
2421 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(5)",
2422 XFS_ERRLEVEL_LOW, mp, dicp);
2424 xfs_fs_cmn_err(CE_ALERT, mp,
2425 "xfs_inode_recover: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
2427 dicp->di_nextents + dicp->di_anextents,
2429 error = EFSCORRUPTED;
2432 if (unlikely(dicp->di_forkoff > mp->m_sb.sb_inodesize)) {
2433 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(6)",
2434 XFS_ERRLEVEL_LOW, mp, dicp);
2436 xfs_fs_cmn_err(CE_ALERT, mp,
2437 "xfs_inode_recover: Bad inode log rec ptr 0x%p, dino ptr 0x%p, dino bp 0x%p, ino %Ld, forkoff 0x%x",
2438 item, dip, bp, ino, dicp->di_forkoff);
2439 error = EFSCORRUPTED;
2442 if (unlikely(item->ri_buf[1].i_len > sizeof(struct xfs_icdinode))) {
2443 XFS_CORRUPTION_ERROR("xlog_recover_do_inode_trans(7)",
2444 XFS_ERRLEVEL_LOW, mp, dicp);
2446 xfs_fs_cmn_err(CE_ALERT, mp,
2447 "xfs_inode_recover: Bad inode log record length %d, rec ptr 0x%p",
2448 item->ri_buf[1].i_len, item);
2449 error = EFSCORRUPTED;
2453 /* The core is in in-core format */
2454 xfs_dinode_to_disk(dip, (xfs_icdinode_t *)item->ri_buf[1].i_addr);
2456 /* the rest is in on-disk format */
2457 if (item->ri_buf[1].i_len > sizeof(struct xfs_icdinode)) {
2458 memcpy((xfs_caddr_t) dip + sizeof(struct xfs_icdinode),
2459 item->ri_buf[1].i_addr + sizeof(struct xfs_icdinode),
2460 item->ri_buf[1].i_len - sizeof(struct xfs_icdinode));
2463 fields = in_f->ilf_fields;
2464 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
2466 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
2469 memcpy(XFS_DFORK_DPTR(dip),
2470 &in_f->ilf_u.ilfu_uuid,
2475 if (in_f->ilf_size == 2)
2476 goto write_inode_buffer;
2477 len = item->ri_buf[2].i_len;
2478 src = item->ri_buf[2].i_addr;
2479 ASSERT(in_f->ilf_size <= 4);
2480 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
2481 ASSERT(!(fields & XFS_ILOG_DFORK) ||
2482 (len == in_f->ilf_dsize));
2484 switch (fields & XFS_ILOG_DFORK) {
2485 case XFS_ILOG_DDATA:
2487 memcpy(XFS_DFORK_DPTR(dip), src, len);
2490 case XFS_ILOG_DBROOT:
2491 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
2492 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
2493 XFS_DFORK_DSIZE(dip, mp));
2498 * There are no data fork flags set.
2500 ASSERT((fields & XFS_ILOG_DFORK) == 0);
2505 * If we logged any attribute data, recover it. There may or
2506 * may not have been any other non-core data logged in this
2509 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
2510 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
2515 len = item->ri_buf[attr_index].i_len;
2516 src = item->ri_buf[attr_index].i_addr;
2517 ASSERT(len == in_f->ilf_asize);
2519 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
2520 case XFS_ILOG_ADATA:
2522 dest = XFS_DFORK_APTR(dip);
2523 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
2524 memcpy(dest, src, len);
2527 case XFS_ILOG_ABROOT:
2528 dest = XFS_DFORK_APTR(dip);
2529 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
2530 len, (xfs_bmdr_block_t*)dest,
2531 XFS_DFORK_ASIZE(dip, mp));
2535 xlog_warn("XFS: xlog_recover_do_inode_trans: Invalid flag");
2544 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2546 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2547 xfs_bdwrite(mp, bp);
2551 return XFS_ERROR(error);
2555 * Recover QUOTAOFF records. We simply make a note of it in the xlog_t
2556 * structure, so that we know not to do any dquot item or dquot buffer recovery,
2560 xlog_recover_do_quotaoff_trans(
2562 xlog_recover_item_t *item,
2565 xfs_qoff_logformat_t *qoff_f;
2567 if (pass == XLOG_RECOVER_PASS2) {
2571 qoff_f = (xfs_qoff_logformat_t *)item->ri_buf[0].i_addr;
2575 * The logitem format's flag tells us if this was user quotaoff,
2576 * group/project quotaoff or both.
2578 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
2579 log->l_quotaoffs_flag |= XFS_DQ_USER;
2580 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
2581 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
2582 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
2583 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
2589 * Recover a dquot record
2592 xlog_recover_do_dquot_trans(
2594 xlog_recover_item_t *item,
2599 struct xfs_disk_dquot *ddq, *recddq;
2601 xfs_dq_logformat_t *dq_f;
2604 if (pass == XLOG_RECOVER_PASS1) {
2610 * Filesystems are required to send in quota flags at mount time.
2612 if (mp->m_qflags == 0)
2615 recddq = (xfs_disk_dquot_t *)item->ri_buf[1].i_addr;
2617 if (item->ri_buf[1].i_addr == NULL) {
2619 "XFS: NULL dquot in %s.", __func__);
2620 return XFS_ERROR(EIO);
2622 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
2624 "XFS: dquot too small (%d) in %s.",
2625 item->ri_buf[1].i_len, __func__);
2626 return XFS_ERROR(EIO);
2630 * This type of quotas was turned off, so ignore this record.
2632 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
2634 if (log->l_quotaoffs_flag & type)
2638 * At this point we know that quota was _not_ turned off.
2639 * Since the mount flags are not indicating to us otherwise, this
2640 * must mean that quota is on, and the dquot needs to be replayed.
2641 * Remember that we may not have fully recovered the superblock yet,
2642 * so we can't do the usual trick of looking at the SB quota bits.
2644 * The other possibility, of course, is that the quota subsystem was
2645 * removed since the last mount - ENOSYS.
2647 dq_f = (xfs_dq_logformat_t *)item->ri_buf[0].i_addr;
2649 if ((error = xfs_qm_dqcheck(recddq,
2651 0, XFS_QMOPT_DOWARN,
2652 "xlog_recover_do_dquot_trans (log copy)"))) {
2653 return XFS_ERROR(EIO);
2655 ASSERT(dq_f->qlf_len == 1);
2657 error = xfs_read_buf(mp, mp->m_ddev_targp,
2659 XFS_FSB_TO_BB(mp, dq_f->qlf_len),
2662 xfs_ioerror_alert("xlog_recover_do..(read#3)", mp,
2663 bp, dq_f->qlf_blkno);
2667 ddq = (xfs_disk_dquot_t *)xfs_buf_offset(bp, dq_f->qlf_boffset);
2670 * At least the magic num portion should be on disk because this
2671 * was among a chunk of dquots created earlier, and we did some
2672 * minimal initialization then.
2674 if (xfs_qm_dqcheck(ddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
2675 "xlog_recover_do_dquot_trans")) {
2677 return XFS_ERROR(EIO);
2680 memcpy(ddq, recddq, item->ri_buf[1].i_len);
2682 ASSERT(dq_f->qlf_size == 2);
2683 ASSERT(bp->b_mount == NULL || bp->b_mount == mp);
2685 XFS_BUF_SET_IODONE_FUNC(bp, xlog_recover_iodone);
2686 xfs_bdwrite(mp, bp);
2692 * This routine is called to create an in-core extent free intent
2693 * item from the efi format structure which was logged on disk.
2694 * It allocates an in-core efi, copies the extents from the format
2695 * structure into it, and adds the efi to the AIL with the given
2699 xlog_recover_do_efi_trans(
2701 xlog_recover_item_t *item,
2707 xfs_efi_log_item_t *efip;
2708 xfs_efi_log_format_t *efi_formatp;
2710 if (pass == XLOG_RECOVER_PASS1) {
2714 efi_formatp = (xfs_efi_log_format_t *)item->ri_buf[0].i_addr;
2717 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
2718 if ((error = xfs_efi_copy_format(&(item->ri_buf[0]),
2719 &(efip->efi_format)))) {
2720 xfs_efi_item_free(efip);
2723 efip->efi_next_extent = efi_formatp->efi_nextents;
2724 efip->efi_flags |= XFS_EFI_COMMITTED;
2726 spin_lock(&log->l_ailp->xa_lock);
2728 * xfs_trans_ail_update() drops the AIL lock.
2730 xfs_trans_ail_update(log->l_ailp, (xfs_log_item_t *)efip, lsn);
2736 * This routine is called when an efd format structure is found in
2737 * a committed transaction in the log. It's purpose is to cancel
2738 * the corresponding efi if it was still in the log. To do this
2739 * it searches the AIL for the efi with an id equal to that in the
2740 * efd format structure. If we find it, we remove the efi from the
2744 xlog_recover_do_efd_trans(
2746 xlog_recover_item_t *item,
2749 xfs_efd_log_format_t *efd_formatp;
2750 xfs_efi_log_item_t *efip = NULL;
2751 xfs_log_item_t *lip;
2753 struct xfs_ail_cursor cur;
2754 struct xfs_ail *ailp = log->l_ailp;
2756 if (pass == XLOG_RECOVER_PASS1) {
2760 efd_formatp = (xfs_efd_log_format_t *)item->ri_buf[0].i_addr;
2761 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
2762 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
2763 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
2764 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
2765 efi_id = efd_formatp->efd_efi_id;
2768 * Search for the efi with the id in the efd format structure
2771 spin_lock(&ailp->xa_lock);
2772 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
2773 while (lip != NULL) {
2774 if (lip->li_type == XFS_LI_EFI) {
2775 efip = (xfs_efi_log_item_t *)lip;
2776 if (efip->efi_format.efi_id == efi_id) {
2778 * xfs_trans_ail_delete() drops the
2781 xfs_trans_ail_delete(ailp, lip);
2782 xfs_efi_item_free(efip);
2783 spin_lock(&ailp->xa_lock);
2787 lip = xfs_trans_ail_cursor_next(ailp, &cur);
2789 xfs_trans_ail_cursor_done(ailp, &cur);
2790 spin_unlock(&ailp->xa_lock);
2794 * Perform the transaction
2796 * If the transaction modifies a buffer or inode, do it now. Otherwise,
2797 * EFIs and EFDs get queued up by adding entries into the AIL for them.
2800 xlog_recover_do_trans(
2802 xlog_recover_t *trans,
2806 xlog_recover_item_t *item;
2808 error = xlog_recover_reorder_trans(log, trans, pass);
2812 list_for_each_entry(item, &trans->r_itemq, ri_list) {
2813 trace_xfs_log_recover_item_recover(log, trans, item, pass);
2814 switch (ITEM_TYPE(item)) {
2816 error = xlog_recover_do_buffer_trans(log, item, pass);
2819 error = xlog_recover_do_inode_trans(log, item, pass);
2822 error = xlog_recover_do_efi_trans(log, item,
2823 trans->r_lsn, pass);
2826 xlog_recover_do_efd_trans(log, item, pass);
2830 error = xlog_recover_do_dquot_trans(log, item, pass);
2832 case XFS_LI_QUOTAOFF:
2833 error = xlog_recover_do_quotaoff_trans(log, item,
2838 "XFS: invalid item type (%d) xlog_recover_do_trans", ITEM_TYPE(item));
2840 error = XFS_ERROR(EIO);
2852 * Free up any resources allocated by the transaction
2854 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
2857 xlog_recover_free_trans(
2858 xlog_recover_t *trans)
2860 xlog_recover_item_t *item, *n;
2863 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
2864 /* Free the regions in the item. */
2865 list_del(&item->ri_list);
2866 for (i = 0; i < item->ri_cnt; i++)
2867 kmem_free(item->ri_buf[i].i_addr);
2868 /* Free the item itself */
2869 kmem_free(item->ri_buf);
2872 /* Free the transaction recover structure */
2877 xlog_recover_commit_trans(
2879 xlog_recover_t *trans,
2884 hlist_del(&trans->r_list);
2885 if ((error = xlog_recover_do_trans(log, trans, pass)))
2887 xlog_recover_free_trans(trans); /* no error */
2892 xlog_recover_unmount_trans(
2893 xlog_recover_t *trans)
2895 /* Do nothing now */
2896 xlog_warn("XFS: xlog_recover_unmount_trans: Unmount LR");
2901 * There are two valid states of the r_state field. 0 indicates that the
2902 * transaction structure is in a normal state. We have either seen the
2903 * start of the transaction or the last operation we added was not a partial
2904 * operation. If the last operation we added to the transaction was a
2905 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
2907 * NOTE: skip LRs with 0 data length.
2910 xlog_recover_process_data(
2912 struct hlist_head rhash[],
2913 xlog_rec_header_t *rhead,
2919 xlog_op_header_t *ohead;
2920 xlog_recover_t *trans;
2926 lp = dp + be32_to_cpu(rhead->h_len);
2927 num_logops = be32_to_cpu(rhead->h_num_logops);
2929 /* check the log format matches our own - else we can't recover */
2930 if (xlog_header_check_recover(log->l_mp, rhead))
2931 return (XFS_ERROR(EIO));
2933 while ((dp < lp) && num_logops) {
2934 ASSERT(dp + sizeof(xlog_op_header_t) <= lp);
2935 ohead = (xlog_op_header_t *)dp;
2936 dp += sizeof(xlog_op_header_t);
2937 if (ohead->oh_clientid != XFS_TRANSACTION &&
2938 ohead->oh_clientid != XFS_LOG) {
2940 "XFS: xlog_recover_process_data: bad clientid");
2942 return (XFS_ERROR(EIO));
2944 tid = be32_to_cpu(ohead->oh_tid);
2945 hash = XLOG_RHASH(tid);
2946 trans = xlog_recover_find_tid(&rhash[hash], tid);
2947 if (trans == NULL) { /* not found; add new tid */
2948 if (ohead->oh_flags & XLOG_START_TRANS)
2949 xlog_recover_new_tid(&rhash[hash], tid,
2950 be64_to_cpu(rhead->h_lsn));
2952 if (dp + be32_to_cpu(ohead->oh_len) > lp) {
2954 "XFS: xlog_recover_process_data: bad length");
2956 return (XFS_ERROR(EIO));
2958 flags = ohead->oh_flags & ~XLOG_END_TRANS;
2959 if (flags & XLOG_WAS_CONT_TRANS)
2960 flags &= ~XLOG_CONTINUE_TRANS;
2962 case XLOG_COMMIT_TRANS:
2963 error = xlog_recover_commit_trans(log,
2966 case XLOG_UNMOUNT_TRANS:
2967 error = xlog_recover_unmount_trans(trans);
2969 case XLOG_WAS_CONT_TRANS:
2970 error = xlog_recover_add_to_cont_trans(log,
2972 be32_to_cpu(ohead->oh_len));
2974 case XLOG_START_TRANS:
2976 "XFS: xlog_recover_process_data: bad transaction");
2978 error = XFS_ERROR(EIO);
2981 case XLOG_CONTINUE_TRANS:
2982 error = xlog_recover_add_to_trans(log, trans,
2983 dp, be32_to_cpu(ohead->oh_len));
2987 "XFS: xlog_recover_process_data: bad flag");
2989 error = XFS_ERROR(EIO);
2995 dp += be32_to_cpu(ohead->oh_len);
3002 * Process an extent free intent item that was recovered from
3003 * the log. We need to free the extents that it describes.
3006 xlog_recover_process_efi(
3008 xfs_efi_log_item_t *efip)
3010 xfs_efd_log_item_t *efdp;
3015 xfs_fsblock_t startblock_fsb;
3017 ASSERT(!(efip->efi_flags & XFS_EFI_RECOVERED));
3020 * First check the validity of the extents described by the
3021 * EFI. If any are bad, then assume that all are bad and
3022 * just toss the EFI.
3024 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3025 extp = &(efip->efi_format.efi_extents[i]);
3026 startblock_fsb = XFS_BB_TO_FSB(mp,
3027 XFS_FSB_TO_DADDR(mp, extp->ext_start));
3028 if ((startblock_fsb == 0) ||
3029 (extp->ext_len == 0) ||
3030 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
3031 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
3033 * This will pull the EFI from the AIL and
3034 * free the memory associated with it.
3036 xfs_efi_release(efip, efip->efi_format.efi_nextents);
3037 return XFS_ERROR(EIO);
3041 tp = xfs_trans_alloc(mp, 0);
3042 error = xfs_trans_reserve(tp, 0, XFS_ITRUNCATE_LOG_RES(mp), 0, 0, 0);
3045 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
3047 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
3048 extp = &(efip->efi_format.efi_extents[i]);
3049 error = xfs_free_extent(tp, extp->ext_start, extp->ext_len);
3052 xfs_trans_log_efd_extent(tp, efdp, extp->ext_start,
3056 efip->efi_flags |= XFS_EFI_RECOVERED;
3057 error = xfs_trans_commit(tp, 0);
3061 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3066 * When this is called, all of the EFIs which did not have
3067 * corresponding EFDs should be in the AIL. What we do now
3068 * is free the extents associated with each one.
3070 * Since we process the EFIs in normal transactions, they
3071 * will be removed at some point after the commit. This prevents
3072 * us from just walking down the list processing each one.
3073 * We'll use a flag in the EFI to skip those that we've already
3074 * processed and use the AIL iteration mechanism's generation
3075 * count to try to speed this up at least a bit.
3077 * When we start, we know that the EFIs are the only things in
3078 * the AIL. As we process them, however, other items are added
3079 * to the AIL. Since everything added to the AIL must come after
3080 * everything already in the AIL, we stop processing as soon as
3081 * we see something other than an EFI in the AIL.
3084 xlog_recover_process_efis(
3087 xfs_log_item_t *lip;
3088 xfs_efi_log_item_t *efip;
3090 struct xfs_ail_cursor cur;
3091 struct xfs_ail *ailp;
3094 spin_lock(&ailp->xa_lock);
3095 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3096 while (lip != NULL) {
3098 * We're done when we see something other than an EFI.
3099 * There should be no EFIs left in the AIL now.
3101 if (lip->li_type != XFS_LI_EFI) {
3103 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
3104 ASSERT(lip->li_type != XFS_LI_EFI);
3110 * Skip EFIs that we've already processed.
3112 efip = (xfs_efi_log_item_t *)lip;
3113 if (efip->efi_flags & XFS_EFI_RECOVERED) {
3114 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3118 spin_unlock(&ailp->xa_lock);
3119 error = xlog_recover_process_efi(log->l_mp, efip);
3120 spin_lock(&ailp->xa_lock);
3123 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3126 xfs_trans_ail_cursor_done(ailp, &cur);
3127 spin_unlock(&ailp->xa_lock);
3132 * This routine performs a transaction to null out a bad inode pointer
3133 * in an agi unlinked inode hash bucket.
3136 xlog_recover_clear_agi_bucket(
3138 xfs_agnumber_t agno,
3147 tp = xfs_trans_alloc(mp, XFS_TRANS_CLEAR_AGI_BUCKET);
3148 error = xfs_trans_reserve(tp, 0, XFS_CLEAR_AGI_BUCKET_LOG_RES(mp),
3153 error = xfs_read_agi(mp, tp, agno, &agibp);
3157 agi = XFS_BUF_TO_AGI(agibp);
3158 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
3159 offset = offsetof(xfs_agi_t, agi_unlinked) +
3160 (sizeof(xfs_agino_t) * bucket);
3161 xfs_trans_log_buf(tp, agibp, offset,
3162 (offset + sizeof(xfs_agino_t) - 1));
3164 error = xfs_trans_commit(tp, 0);
3170 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
3172 xfs_fs_cmn_err(CE_WARN, mp, "xlog_recover_clear_agi_bucket: "
3173 "failed to clear agi %d. Continuing.", agno);
3178 xlog_recover_process_one_iunlink(
3179 struct xfs_mount *mp,
3180 xfs_agnumber_t agno,
3184 struct xfs_buf *ibp;
3185 struct xfs_dinode *dip;
3186 struct xfs_inode *ip;
3190 ino = XFS_AGINO_TO_INO(mp, agno, agino);
3191 error = xfs_iget(mp, NULL, ino, 0, 0, &ip, 0);
3196 * Get the on disk inode to find the next inode in the bucket.
3198 error = xfs_itobp(mp, NULL, ip, &dip, &ibp, XBF_LOCK);
3202 ASSERT(ip->i_d.di_nlink == 0);
3203 ASSERT(ip->i_d.di_mode != 0);
3205 /* setup for the next pass */
3206 agino = be32_to_cpu(dip->di_next_unlinked);
3210 * Prevent any DMAPI event from being sent when the reference on
3211 * the inode is dropped.
3213 ip->i_d.di_dmevmask = 0;
3222 * We can't read in the inode this bucket points to, or this inode
3223 * is messed up. Just ditch this bucket of inodes. We will lose
3224 * some inodes and space, but at least we won't hang.
3226 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
3227 * clear the inode pointer in the bucket.
3229 xlog_recover_clear_agi_bucket(mp, agno, bucket);
3234 * xlog_iunlink_recover
3236 * This is called during recovery to process any inodes which
3237 * we unlinked but not freed when the system crashed. These
3238 * inodes will be on the lists in the AGI blocks. What we do
3239 * here is scan all the AGIs and fully truncate and free any
3240 * inodes found on the lists. Each inode is removed from the
3241 * lists when it has been fully truncated and is freed. The
3242 * freeing of the inode and its removal from the list must be
3246 xlog_recover_process_iunlinks(
3250 xfs_agnumber_t agno;
3261 * Prevent any DMAPI event from being sent while in this function.
3263 mp_dmevmask = mp->m_dmevmask;
3266 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3268 * Find the agi for this ag.
3270 error = xfs_read_agi(mp, NULL, agno, &agibp);
3273 * AGI is b0rked. Don't process it.
3275 * We should probably mark the filesystem as corrupt
3276 * after we've recovered all the ag's we can....
3280 agi = XFS_BUF_TO_AGI(agibp);
3282 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
3283 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
3284 while (agino != NULLAGINO) {
3286 * Release the agi buffer so that it can
3287 * be acquired in the normal course of the
3288 * transaction to truncate and free the inode.
3290 xfs_buf_relse(agibp);
3292 agino = xlog_recover_process_one_iunlink(mp,
3293 agno, agino, bucket);
3296 * Reacquire the agibuffer and continue around
3297 * the loop. This should never fail as we know
3298 * the buffer was good earlier on.
3300 error = xfs_read_agi(mp, NULL, agno, &agibp);
3302 agi = XFS_BUF_TO_AGI(agibp);
3307 * Release the buffer for the current agi so we can
3308 * go on to the next one.
3310 xfs_buf_relse(agibp);
3313 mp->m_dmevmask = mp_dmevmask;
3319 xlog_pack_data_checksum(
3321 xlog_in_core_t *iclog,
3328 up = (__be32 *)iclog->ic_datap;
3329 /* divide length by 4 to get # words */
3330 for (i = 0; i < (size >> 2); i++) {
3331 chksum ^= be32_to_cpu(*up);
3334 iclog->ic_header.h_chksum = cpu_to_be32(chksum);
3337 #define xlog_pack_data_checksum(log, iclog, size)
3341 * Stamp cycle number in every block
3346 xlog_in_core_t *iclog,
3350 int size = iclog->ic_offset + roundoff;
3354 xlog_pack_data_checksum(log, iclog, size);
3356 cycle_lsn = CYCLE_LSN_DISK(iclog->ic_header.h_lsn);
3358 dp = iclog->ic_datap;
3359 for (i = 0; i < BTOBB(size) &&
3360 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
3361 iclog->ic_header.h_cycle_data[i] = *(__be32 *)dp;
3362 *(__be32 *)dp = cycle_lsn;
3366 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3367 xlog_in_core_2_t *xhdr = iclog->ic_data;
3369 for ( ; i < BTOBB(size); i++) {
3370 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3371 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3372 xhdr[j].hic_xheader.xh_cycle_data[k] = *(__be32 *)dp;
3373 *(__be32 *)dp = cycle_lsn;
3377 for (i = 1; i < log->l_iclog_heads; i++) {
3378 xhdr[i].hic_xheader.xh_cycle = cycle_lsn;
3383 #if defined(DEBUG) && defined(XFS_LOUD_RECOVERY)
3385 xlog_unpack_data_checksum(
3386 xlog_rec_header_t *rhead,
3390 __be32 *up = (__be32 *)dp;
3394 /* divide length by 4 to get # words */
3395 for (i=0; i < be32_to_cpu(rhead->h_len) >> 2; i++) {
3396 chksum ^= be32_to_cpu(*up);
3399 if (chksum != be32_to_cpu(rhead->h_chksum)) {
3400 if (rhead->h_chksum ||
3401 ((log->l_flags & XLOG_CHKSUM_MISMATCH) == 0)) {
3403 "XFS: LogR chksum mismatch: was (0x%x) is (0x%x)\n",
3404 be32_to_cpu(rhead->h_chksum), chksum);
3406 "XFS: Disregard message if filesystem was created with non-DEBUG kernel");
3407 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3409 "XFS: LogR this is a LogV2 filesystem\n");
3411 log->l_flags |= XLOG_CHKSUM_MISMATCH;
3416 #define xlog_unpack_data_checksum(rhead, dp, log)
3421 xlog_rec_header_t *rhead,
3427 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
3428 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
3429 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
3433 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3434 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
3435 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
3436 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3437 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
3438 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
3443 xlog_unpack_data_checksum(rhead, dp, log);
3447 xlog_valid_rec_header(
3449 xlog_rec_header_t *rhead,
3454 if (unlikely(be32_to_cpu(rhead->h_magicno) != XLOG_HEADER_MAGIC_NUM)) {
3455 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
3456 XFS_ERRLEVEL_LOW, log->l_mp);
3457 return XFS_ERROR(EFSCORRUPTED);
3460 (!rhead->h_version ||
3461 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
3462 xlog_warn("XFS: %s: unrecognised log version (%d).",
3463 __func__, be32_to_cpu(rhead->h_version));
3464 return XFS_ERROR(EIO);
3467 /* LR body must have data or it wouldn't have been written */
3468 hlen = be32_to_cpu(rhead->h_len);
3469 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
3470 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
3471 XFS_ERRLEVEL_LOW, log->l_mp);
3472 return XFS_ERROR(EFSCORRUPTED);
3474 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
3475 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
3476 XFS_ERRLEVEL_LOW, log->l_mp);
3477 return XFS_ERROR(EFSCORRUPTED);
3483 * Read the log from tail to head and process the log records found.
3484 * Handle the two cases where the tail and head are in the same cycle
3485 * and where the active portion of the log wraps around the end of
3486 * the physical log separately. The pass parameter is passed through
3487 * to the routines called to process the data and is not looked at
3491 xlog_do_recovery_pass(
3493 xfs_daddr_t head_blk,
3494 xfs_daddr_t tail_blk,
3497 xlog_rec_header_t *rhead;
3500 xfs_buf_t *hbp, *dbp;
3501 int error = 0, h_size;
3502 int bblks, split_bblks;
3503 int hblks, split_hblks, wrapped_hblks;
3504 struct hlist_head rhash[XLOG_RHASH_SIZE];
3506 ASSERT(head_blk != tail_blk);
3509 * Read the header of the tail block and get the iclog buffer size from
3510 * h_size. Use this to tell how many sectors make up the log header.
3512 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
3514 * When using variable length iclogs, read first sector of
3515 * iclog header and extract the header size from it. Get a
3516 * new hbp that is the correct size.
3518 hbp = xlog_get_bp(log, 1);
3522 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
3526 rhead = (xlog_rec_header_t *)offset;
3527 error = xlog_valid_rec_header(log, rhead, tail_blk);
3530 h_size = be32_to_cpu(rhead->h_size);
3531 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
3532 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
3533 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
3534 if (h_size % XLOG_HEADER_CYCLE_SIZE)
3537 hbp = xlog_get_bp(log, hblks);
3542 ASSERT(log->l_sectbb_log == 0);
3544 hbp = xlog_get_bp(log, 1);
3545 h_size = XLOG_BIG_RECORD_BSIZE;
3550 dbp = xlog_get_bp(log, BTOBB(h_size));
3556 memset(rhash, 0, sizeof(rhash));
3557 if (tail_blk <= head_blk) {
3558 for (blk_no = tail_blk; blk_no < head_blk; ) {
3559 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
3563 rhead = (xlog_rec_header_t *)offset;
3564 error = xlog_valid_rec_header(log, rhead, blk_no);
3568 /* blocks in data section */
3569 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3570 error = xlog_bread(log, blk_no + hblks, bblks, dbp,
3575 xlog_unpack_data(rhead, offset, log);
3576 if ((error = xlog_recover_process_data(log,
3577 rhash, rhead, offset, pass)))
3579 blk_no += bblks + hblks;
3583 * Perform recovery around the end of the physical log.
3584 * When the head is not on the same cycle number as the tail,
3585 * we can't do a sequential recovery as above.
3588 while (blk_no < log->l_logBBsize) {
3590 * Check for header wrapping around physical end-of-log
3592 offset = XFS_BUF_PTR(hbp);
3595 if (blk_no + hblks <= log->l_logBBsize) {
3596 /* Read header in one read */
3597 error = xlog_bread(log, blk_no, hblks, hbp,
3602 /* This LR is split across physical log end */
3603 if (blk_no != log->l_logBBsize) {
3604 /* some data before physical log end */
3605 ASSERT(blk_no <= INT_MAX);
3606 split_hblks = log->l_logBBsize - (int)blk_no;
3607 ASSERT(split_hblks > 0);
3608 error = xlog_bread(log, blk_no,
3616 * Note: this black magic still works with
3617 * large sector sizes (non-512) only because:
3618 * - we increased the buffer size originally
3619 * by 1 sector giving us enough extra space
3620 * for the second read;
3621 * - the log start is guaranteed to be sector
3623 * - we read the log end (LR header start)
3624 * _first_, then the log start (LR header end)
3625 * - order is important.
3627 wrapped_hblks = hblks - split_hblks;
3628 error = XFS_BUF_SET_PTR(hbp,
3629 offset + BBTOB(split_hblks),
3630 BBTOB(hblks - split_hblks));
3634 error = xlog_bread_noalign(log, 0,
3635 wrapped_hblks, hbp);
3639 error = XFS_BUF_SET_PTR(hbp, offset,
3644 rhead = (xlog_rec_header_t *)offset;
3645 error = xlog_valid_rec_header(log, rhead,
3646 split_hblks ? blk_no : 0);
3650 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3653 /* Read in data for log record */
3654 if (blk_no + bblks <= log->l_logBBsize) {
3655 error = xlog_bread(log, blk_no, bblks, dbp,
3660 /* This log record is split across the
3661 * physical end of log */
3662 offset = XFS_BUF_PTR(dbp);
3664 if (blk_no != log->l_logBBsize) {
3665 /* some data is before the physical
3667 ASSERT(!wrapped_hblks);
3668 ASSERT(blk_no <= INT_MAX);
3670 log->l_logBBsize - (int)blk_no;
3671 ASSERT(split_bblks > 0);
3672 error = xlog_bread(log, blk_no,
3680 * Note: this black magic still works with
3681 * large sector sizes (non-512) only because:
3682 * - we increased the buffer size originally
3683 * by 1 sector giving us enough extra space
3684 * for the second read;
3685 * - the log start is guaranteed to be sector
3687 * - we read the log end (LR header start)
3688 * _first_, then the log start (LR header end)
3689 * - order is important.
3691 error = XFS_BUF_SET_PTR(dbp,
3692 offset + BBTOB(split_bblks),
3693 BBTOB(bblks - split_bblks));
3697 error = xlog_bread_noalign(log, wrapped_hblks,
3698 bblks - split_bblks,
3703 error = XFS_BUF_SET_PTR(dbp, offset, h_size);
3707 xlog_unpack_data(rhead, offset, log);
3708 if ((error = xlog_recover_process_data(log, rhash,
3709 rhead, offset, pass)))
3714 ASSERT(blk_no >= log->l_logBBsize);
3715 blk_no -= log->l_logBBsize;
3717 /* read first part of physical log */
3718 while (blk_no < head_blk) {
3719 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
3723 rhead = (xlog_rec_header_t *)offset;
3724 error = xlog_valid_rec_header(log, rhead, blk_no);
3728 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
3729 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
3734 xlog_unpack_data(rhead, offset, log);
3735 if ((error = xlog_recover_process_data(log, rhash,
3736 rhead, offset, pass)))
3738 blk_no += bblks + hblks;
3750 * Do the recovery of the log. We actually do this in two phases.
3751 * The two passes are necessary in order to implement the function
3752 * of cancelling a record written into the log. The first pass
3753 * determines those things which have been cancelled, and the
3754 * second pass replays log items normally except for those which
3755 * have been cancelled. The handling of the replay and cancellations
3756 * takes place in the log item type specific routines.
3758 * The table of items which have cancel records in the log is allocated
3759 * and freed at this level, since only here do we know when all of
3760 * the log recovery has been completed.
3763 xlog_do_log_recovery(
3765 xfs_daddr_t head_blk,
3766 xfs_daddr_t tail_blk)
3770 ASSERT(head_blk != tail_blk);
3773 * First do a pass to find all of the cancelled buf log items.
3774 * Store them in the buf_cancel_table for use in the second pass.
3776 log->l_buf_cancel_table =
3777 (xfs_buf_cancel_t **)kmem_zalloc(XLOG_BC_TABLE_SIZE *
3778 sizeof(xfs_buf_cancel_t*),
3780 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
3781 XLOG_RECOVER_PASS1);
3783 kmem_free(log->l_buf_cancel_table);
3784 log->l_buf_cancel_table = NULL;
3788 * Then do a second pass to actually recover the items in the log.
3789 * When it is complete free the table of buf cancel items.
3791 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
3792 XLOG_RECOVER_PASS2);
3797 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
3798 ASSERT(log->l_buf_cancel_table[i] == NULL);
3802 kmem_free(log->l_buf_cancel_table);
3803 log->l_buf_cancel_table = NULL;
3809 * Do the actual recovery
3814 xfs_daddr_t head_blk,
3815 xfs_daddr_t tail_blk)
3822 * First replay the images in the log.
3824 error = xlog_do_log_recovery(log, head_blk, tail_blk);
3829 XFS_bflush(log->l_mp->m_ddev_targp);
3832 * If IO errors happened during recovery, bail out.
3834 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
3839 * We now update the tail_lsn since much of the recovery has completed
3840 * and there may be space available to use. If there were no extent
3841 * or iunlinks, we can free up the entire log and set the tail_lsn to
3842 * be the last_sync_lsn. This was set in xlog_find_tail to be the
3843 * lsn of the last known good LR on disk. If there are extent frees
3844 * or iunlinks they will have some entries in the AIL; so we look at
3845 * the AIL to determine how to set the tail_lsn.
3847 xlog_assign_tail_lsn(log->l_mp);
3850 * Now that we've finished replaying all buffer and inode
3851 * updates, re-read in the superblock.
3853 bp = xfs_getsb(log->l_mp, 0);
3855 ASSERT(!(XFS_BUF_ISWRITE(bp)));
3856 ASSERT(!(XFS_BUF_ISDELAYWRITE(bp)));
3858 XFS_BUF_UNASYNC(bp);
3859 xfsbdstrat(log->l_mp, bp);
3860 error = xfs_iowait(bp);
3862 xfs_ioerror_alert("xlog_do_recover",
3863 log->l_mp, bp, XFS_BUF_ADDR(bp));
3869 /* Convert superblock from on-disk format */
3870 sbp = &log->l_mp->m_sb;
3871 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
3872 ASSERT(sbp->sb_magicnum == XFS_SB_MAGIC);
3873 ASSERT(xfs_sb_good_version(sbp));
3876 /* We've re-read the superblock so re-initialize per-cpu counters */
3877 xfs_icsb_reinit_counters(log->l_mp);
3879 xlog_recover_check_summary(log);
3881 /* Normal transactions can now occur */
3882 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
3887 * Perform recovery and re-initialize some log variables in xlog_find_tail.
3889 * Return error or zero.
3895 xfs_daddr_t head_blk, tail_blk;
3898 /* find the tail of the log */
3899 if ((error = xlog_find_tail(log, &head_blk, &tail_blk)))
3902 if (tail_blk != head_blk) {
3903 /* There used to be a comment here:
3905 * disallow recovery on read-only mounts. note -- mount
3906 * checks for ENOSPC and turns it into an intelligent
3908 * ...but this is no longer true. Now, unless you specify
3909 * NORECOVERY (in which case this function would never be
3910 * called), we just go ahead and recover. We do this all
3911 * under the vfs layer, so we can get away with it unless
3912 * the device itself is read-only, in which case we fail.
3914 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
3919 "Starting XFS recovery on filesystem: %s (logdev: %s)",
3920 log->l_mp->m_fsname, log->l_mp->m_logname ?
3921 log->l_mp->m_logname : "internal");
3923 error = xlog_do_recover(log, head_blk, tail_blk);
3924 log->l_flags |= XLOG_RECOVERY_NEEDED;
3930 * In the first part of recovery we replay inodes and buffers and build
3931 * up the list of extent free items which need to be processed. Here
3932 * we process the extent free items and clean up the on disk unlinked
3933 * inode lists. This is separated from the first part of recovery so
3934 * that the root and real-time bitmap inodes can be read in from disk in
3935 * between the two stages. This is necessary so that we can free space
3936 * in the real-time portion of the file system.
3939 xlog_recover_finish(
3943 * Now we're ready to do the transactions needed for the
3944 * rest of recovery. Start with completing all the extent
3945 * free intent records and then process the unlinked inode
3946 * lists. At this point, we essentially run in normal mode
3947 * except that we're still performing recovery actions
3948 * rather than accepting new requests.
3950 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
3952 error = xlog_recover_process_efis(log);
3955 "Failed to recover EFIs on filesystem: %s",
3956 log->l_mp->m_fsname);
3960 * Sync the log to get all the EFIs out of the AIL.
3961 * This isn't absolutely necessary, but it helps in
3962 * case the unlink transactions would have problems
3963 * pushing the EFIs out of the way.
3965 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
3967 xlog_recover_process_iunlinks(log);
3969 xlog_recover_check_summary(log);
3972 "Ending XFS recovery on filesystem: %s (logdev: %s)",
3973 log->l_mp->m_fsname, log->l_mp->m_logname ?
3974 log->l_mp->m_logname : "internal");
3975 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
3978 "!Ending clean XFS mount for filesystem: %s\n",
3979 log->l_mp->m_fsname);
3987 * Read all of the agf and agi counters and check that they
3988 * are consistent with the superblock counters.
3991 xlog_recover_check_summary(
3999 #ifdef XFS_LOUD_RECOVERY
4002 xfs_agnumber_t agno;
4003 __uint64_t freeblks;
4013 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4014 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
4016 xfs_fs_cmn_err(CE_ALERT, mp,
4017 "xlog_recover_check_summary(agf)"
4018 "agf read failed agno %d error %d",
4021 agfp = XFS_BUF_TO_AGF(agfbp);
4022 freeblks += be32_to_cpu(agfp->agf_freeblks) +
4023 be32_to_cpu(agfp->agf_flcount);
4024 xfs_buf_relse(agfbp);
4027 error = xfs_read_agi(mp, NULL, agno, &agibp);
4029 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
4031 itotal += be32_to_cpu(agi->agi_count);
4032 ifree += be32_to_cpu(agi->agi_freecount);
4033 xfs_buf_relse(agibp);
4037 sbbp = xfs_getsb(mp, 0);
4038 #ifdef XFS_LOUD_RECOVERY
4040 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(sbbp));
4042 "xlog_recover_check_summary: sb_icount %Lu itotal %Lu",
4043 sbp->sb_icount, itotal);
4045 "xlog_recover_check_summary: sb_ifree %Lu itotal %Lu",
4046 sbp->sb_ifree, ifree);
4048 "xlog_recover_check_summary: sb_fdblocks %Lu freeblks %Lu",
4049 sbp->sb_fdblocks, freeblks);
4052 * This is turned off until I account for the allocation
4053 * btree blocks which live in free space.
4055 ASSERT(sbp->sb_icount == itotal);
4056 ASSERT(sbp->sb_ifree == ifree);
4057 ASSERT(sbp->sb_fdblocks == freeblks);
4060 xfs_buf_relse(sbbp);