// SPDX-License-Identifier: GPL-2.0-only /* * This file is part of UBIFS. * * Copyright (C) 2006-2008 Nokia Corporation. * * Authors: Artem Bityutskiy (Битюцкий Артём) * Adrian Hunter */ /* * This file is a part of UBIFS journal implementation and contains various * functions which manipulate the log. The log is a fixed area on the flash * which does not contain any data but refers to buds. The log is a part of the * journal. */ #include "linux_err.h" #include "bitops.h" #include "kmem.h" #include "ubifs.h" #include "defs.h" #include "debug.h" #include "misc.h" static int dbg_check_bud_bytes(struct ubifs_info *c); /** * ubifs_search_bud - search bud LEB. * @c: UBIFS file-system description object * @lnum: logical eraseblock number to search * * This function searches bud LEB @lnum. Returns bud description object in case * of success and %NULL if there is no bud with this LEB number. */ struct ubifs_bud *ubifs_search_bud(struct ubifs_info *c, int lnum) { struct rb_node *p; struct ubifs_bud *bud; spin_lock(&c->buds_lock); p = c->buds.rb_node; while (p) { bud = rb_entry(p, struct ubifs_bud, rb); if (lnum < bud->lnum) p = p->rb_left; else if (lnum > bud->lnum) p = p->rb_right; else { spin_unlock(&c->buds_lock); return bud; } } spin_unlock(&c->buds_lock); return NULL; } /** * ubifs_get_wbuf - get the wbuf associated with a LEB, if there is one. * @c: UBIFS file-system description object * @lnum: logical eraseblock number to search * * This functions returns the wbuf for @lnum or %NULL if there is not one. */ struct ubifs_wbuf *ubifs_get_wbuf(struct ubifs_info *c, int lnum) { struct rb_node *p; struct ubifs_bud *bud; int jhead; if (!c->jheads) return NULL; spin_lock(&c->buds_lock); p = c->buds.rb_node; while (p) { bud = rb_entry(p, struct ubifs_bud, rb); if (lnum < bud->lnum) p = p->rb_left; else if (lnum > bud->lnum) p = p->rb_right; else { jhead = bud->jhead; spin_unlock(&c->buds_lock); return &c->jheads[jhead].wbuf; } } spin_unlock(&c->buds_lock); return NULL; } /** * empty_log_bytes - calculate amount of empty space in the log. * @c: UBIFS file-system description object */ static inline long long empty_log_bytes(const struct ubifs_info *c) { long long h, t; h = (long long)c->lhead_lnum * c->leb_size + c->lhead_offs; t = (long long)c->ltail_lnum * c->leb_size; if (h > t) return c->log_bytes - h + t; else if (h != t) return t - h; else if (c->lhead_lnum != c->ltail_lnum) return 0; else return c->log_bytes; } /** * ubifs_add_bud - add bud LEB to the tree of buds and its journal head list. * @c: UBIFS file-system description object * @bud: the bud to add */ void ubifs_add_bud(struct ubifs_info *c, struct ubifs_bud *bud) { struct rb_node **p, *parent = NULL; struct ubifs_bud *b; struct ubifs_jhead *jhead; spin_lock(&c->buds_lock); p = &c->buds.rb_node; while (*p) { parent = *p; b = rb_entry(parent, struct ubifs_bud, rb); ubifs_assert(c, bud->lnum != b->lnum); if (bud->lnum < b->lnum) p = &(*p)->rb_left; else p = &(*p)->rb_right; } rb_link_node(&bud->rb, parent, p); rb_insert_color(&bud->rb, &c->buds); if (c->jheads) { jhead = &c->jheads[bud->jhead]; list_add_tail(&bud->list, &jhead->buds_list); } else ubifs_assert(c, c->replaying && c->ro_mount); /* * Note, although this is a new bud, we anyway account this space now, * before any data has been written to it, because this is about to * guarantee fixed mount time, and this bud will anyway be read and * scanned. */ c->bud_bytes += c->leb_size - bud->start; dbg_log("LEB %d:%d, jhead %s, bud_bytes %lld", bud->lnum, bud->start, dbg_jhead(bud->jhead), c->bud_bytes); spin_unlock(&c->buds_lock); } /** * ubifs_add_bud_to_log - add a new bud to the log. * @c: UBIFS file-system description object * @jhead: journal head the bud belongs to * @lnum: LEB number of the bud * @offs: starting offset of the bud * * This function writes a reference node for the new bud LEB @lnum to the log, * and adds it to the buds trees. It also makes sure that log size does not * exceed the 'c->max_bud_bytes' limit. Returns zero in case of success, * %-EAGAIN if commit is required, and a negative error code in case of * failure. */ int ubifs_add_bud_to_log(struct ubifs_info *c, int jhead, int lnum, int offs) { int err; struct ubifs_bud *bud; struct ubifs_ref_node *ref; bud = kmalloc(sizeof(struct ubifs_bud), GFP_NOFS); if (!bud) return -ENOMEM; ref = kzalloc(c->ref_node_alsz, GFP_NOFS); if (!ref) { kfree(bud); return -ENOMEM; } mutex_lock(&c->log_mutex); ubifs_assert(c, !c->ro_media && !c->ro_mount); if (c->ro_error) { err = -EROFS; goto out_unlock; } /* Make sure we have enough space in the log */ if (empty_log_bytes(c) - c->ref_node_alsz < c->min_log_bytes) { dbg_log("not enough log space - %lld, required %d", empty_log_bytes(c), c->min_log_bytes); ubifs_commit_required(c); err = -EAGAIN; goto out_unlock; } /* * Make sure the amount of space in buds will not exceed the * 'c->max_bud_bytes' limit, because we want to guarantee mount time * limits. * * It is not necessary to hold @c->buds_lock when reading @c->bud_bytes * because we are holding @c->log_mutex. All @c->bud_bytes take place * when both @c->log_mutex and @c->bud_bytes are locked. */ if (c->bud_bytes + c->leb_size - offs > c->max_bud_bytes) { dbg_log("bud bytes %lld (%lld max), require commit", c->bud_bytes, c->max_bud_bytes); ubifs_commit_required(c); err = -EAGAIN; goto out_unlock; } /* * If the journal is full enough - start background commit. Note, it is * OK to read 'c->cmt_state' without spinlock because integer reads * are atomic in the kernel. */ if (c->bud_bytes >= c->bg_bud_bytes && c->cmt_state == COMMIT_RESTING) { dbg_log("bud bytes %lld (%lld max), initiate BG commit", c->bud_bytes, c->max_bud_bytes); ubifs_request_bg_commit(c); } bud->lnum = lnum; bud->start = offs; bud->jhead = jhead; bud->log_hash = NULL; ref->ch.node_type = UBIFS_REF_NODE; ref->lnum = cpu_to_le32(bud->lnum); ref->offs = cpu_to_le32(bud->start); ref->jhead = cpu_to_le32(jhead); if (c->lhead_offs > c->leb_size - c->ref_node_alsz) { c->lhead_lnum = ubifs_next_log_lnum(c, c->lhead_lnum); ubifs_assert(c, c->lhead_lnum != c->ltail_lnum); c->lhead_offs = 0; } if (c->lhead_offs == 0) { /* Must ensure next log LEB has been unmapped */ err = ubifs_leb_unmap(c, c->lhead_lnum); if (err) goto out_unlock; } if (bud->start == 0) { /* * Before writing the LEB reference which refers an empty LEB * to the log, we have to make sure it is mapped, because * otherwise we'd risk to refer an LEB with garbage in case of * an unclean reboot, because the target LEB might have been * unmapped, but not yet physically erased. */ err = ubifs_leb_map(c, bud->lnum); if (err) goto out_unlock; } dbg_log("write ref LEB %d:%d", c->lhead_lnum, c->lhead_offs); err = ubifs_write_node(c, ref, UBIFS_REF_NODE_SZ, c->lhead_lnum, c->lhead_offs); if (err) goto out_unlock; err = ubifs_shash_update(c, c->log_hash, ref, UBIFS_REF_NODE_SZ); if (err) goto out_unlock; err = ubifs_shash_copy_state(c, c->log_hash, c->jheads[jhead].log_hash); if (err) goto out_unlock; c->lhead_offs += c->ref_node_alsz; ubifs_add_bud(c, bud); mutex_unlock(&c->log_mutex); kfree(ref); return 0; out_unlock: mutex_unlock(&c->log_mutex); kfree(ref); kfree(bud); return err; } /** * remove_buds - remove used buds. * @c: UBIFS file-system description object * * This function removes use buds from the buds tree. It does not remove the * buds which are pointed to by journal heads. */ static void remove_buds(struct ubifs_info *c) { struct rb_node *p; ubifs_assert(c, list_empty(&c->old_buds)); c->cmt_bud_bytes = 0; spin_lock(&c->buds_lock); p = rb_first(&c->buds); while (p) { struct rb_node *p1 = p; struct ubifs_bud *bud; struct ubifs_wbuf *wbuf; p = rb_next(p); bud = rb_entry(p1, struct ubifs_bud, rb); wbuf = &c->jheads[bud->jhead].wbuf; if (wbuf->lnum == bud->lnum) { /* * Do not remove buds which are pointed to by journal * heads (non-closed buds). */ c->cmt_bud_bytes += wbuf->offs - bud->start; dbg_log("preserve %d:%d, jhead %s, bud bytes %d, cmt_bud_bytes %lld", bud->lnum, bud->start, dbg_jhead(bud->jhead), wbuf->offs - bud->start, c->cmt_bud_bytes); bud->start = wbuf->offs; } else { c->cmt_bud_bytes += c->leb_size - bud->start; dbg_log("remove %d:%d, jhead %s, bud bytes %d, cmt_bud_bytes %lld", bud->lnum, bud->start, dbg_jhead(bud->jhead), c->leb_size - bud->start, c->cmt_bud_bytes); rb_erase(p1, &c->buds); /* * If the commit does not finish, the recovery will need * to replay the journal, in which case the old buds * must be unchanged. Do not release them until post * commit i.e. do not allow them to be garbage * collected. */ list_move(&bud->list, &c->old_buds); } } spin_unlock(&c->buds_lock); } /** * ubifs_log_start_commit - start commit. * @c: UBIFS file-system description object * @ltail_lnum: return new log tail LEB number * * The commit operation starts with writing "commit start" node to the log and * reference nodes for all journal heads which will define new journal after * the commit has been finished. The commit start and reference nodes are * written in one go to the nearest empty log LEB (hence, when commit is * finished UBIFS may safely unmap all the previous log LEBs). This function * returns zero in case of success and a negative error code in case of * failure. */ int ubifs_log_start_commit(struct ubifs_info *c, int *ltail_lnum) { void *buf; struct ubifs_cs_node *cs; struct ubifs_ref_node *ref; int err, i, max_len, len; err = dbg_check_bud_bytes(c); if (err) return err; max_len = UBIFS_CS_NODE_SZ + c->jhead_cnt * UBIFS_REF_NODE_SZ; max_len = ALIGN(max_len, c->min_io_size); buf = cs = kmalloc(max_len, GFP_NOFS); if (!buf) return -ENOMEM; cs->ch.node_type = UBIFS_CS_NODE; cs->cmt_no = cpu_to_le64(c->cmt_no); ubifs_prepare_node(c, cs, UBIFS_CS_NODE_SZ, 0); err = ubifs_shash_init(c, c->log_hash); if (err) goto out; err = ubifs_shash_update(c, c->log_hash, cs, UBIFS_CS_NODE_SZ); if (err < 0) goto out; /* * Note, we do not lock 'c->log_mutex' because this is the commit start * phase and we are exclusively using the log. And we do not lock * write-buffer because nobody can write to the file-system at this * phase. */ len = UBIFS_CS_NODE_SZ; for (i = 0; i < c->jhead_cnt; i++) { int lnum = c->jheads[i].wbuf.lnum; int offs = c->jheads[i].wbuf.offs; if (lnum == -1 || offs == c->leb_size) continue; dbg_log("add ref to LEB %d:%d for jhead %s", lnum, offs, dbg_jhead(i)); ref = buf + len; ref->ch.node_type = UBIFS_REF_NODE; ref->lnum = cpu_to_le32(lnum); ref->offs = cpu_to_le32(offs); ref->jhead = cpu_to_le32(i); ubifs_prepare_node(c, ref, UBIFS_REF_NODE_SZ, 0); len += UBIFS_REF_NODE_SZ; err = ubifs_shash_update(c, c->log_hash, ref, UBIFS_REF_NODE_SZ); if (err) goto out; ubifs_shash_copy_state(c, c->log_hash, c->jheads[i].log_hash); } ubifs_pad(c, buf + len, ALIGN(len, c->min_io_size) - len); /* Switch to the next log LEB */ if (c->lhead_offs) { c->lhead_lnum = ubifs_next_log_lnum(c, c->lhead_lnum); ubifs_assert(c, c->lhead_lnum != c->ltail_lnum); c->lhead_offs = 0; } /* Must ensure next LEB has been unmapped */ err = ubifs_leb_unmap(c, c->lhead_lnum); if (err) goto out; len = ALIGN(len, c->min_io_size); dbg_log("writing commit start at LEB %d:0, len %d", c->lhead_lnum, len); err = ubifs_leb_write(c, c->lhead_lnum, cs, 0, len); if (err) goto out; *ltail_lnum = c->lhead_lnum; c->lhead_offs += len; ubifs_assert(c, c->lhead_offs < c->leb_size); remove_buds(c); /* * We have started the commit and now users may use the rest of the log * for new writes. */ c->min_log_bytes = 0; out: kfree(buf); return err; } /** * ubifs_log_end_commit - end commit. * @c: UBIFS file-system description object * @ltail_lnum: new log tail LEB number * * This function is called on when the commit operation was finished. It * moves log tail to new position and updates the master node so that it stores * the new log tail LEB number. Returns zero in case of success and a negative * error code in case of failure. */ int ubifs_log_end_commit(struct ubifs_info *c, int ltail_lnum) { int err; /* * At this phase we have to lock 'c->log_mutex' because UBIFS allows FS * writes during commit. Its only short "commit" start phase when * writers are blocked. */ mutex_lock(&c->log_mutex); dbg_log("old tail was LEB %d:0, new tail is LEB %d:0", c->ltail_lnum, ltail_lnum); c->ltail_lnum = ltail_lnum; /* * The commit is finished and from now on it must be guaranteed that * there is always enough space for the next commit. */ c->min_log_bytes = c->leb_size; spin_lock(&c->buds_lock); c->bud_bytes -= c->cmt_bud_bytes; spin_unlock(&c->buds_lock); err = dbg_check_bud_bytes(c); if (err) goto out; err = ubifs_write_master(c); out: mutex_unlock(&c->log_mutex); return err; } /** * ubifs_log_post_commit - things to do after commit is completed. * @c: UBIFS file-system description object * @old_ltail_lnum: old log tail LEB number * * Release buds only after commit is completed, because they must be unchanged * if recovery is needed. * * Unmap log LEBs only after commit is completed, because they may be needed for * recovery. * * This function returns %0 on success and a negative error code on failure. */ int ubifs_log_post_commit(struct ubifs_info *c, int old_ltail_lnum) { int lnum, err = 0; while (!list_empty(&c->old_buds)) { struct ubifs_bud *bud; bud = list_entry(c->old_buds.next, struct ubifs_bud, list); err = ubifs_return_leb(c, bud->lnum); if (err) return err; list_del(&bud->list); kfree(bud->log_hash); kfree(bud); } mutex_lock(&c->log_mutex); for (lnum = old_ltail_lnum; lnum != c->ltail_lnum; lnum = ubifs_next_log_lnum(c, lnum)) { dbg_log("unmap log LEB %d", lnum); err = ubifs_leb_unmap(c, lnum); if (err) goto out; } out: mutex_unlock(&c->log_mutex); return err; } /** * struct done_ref - references that have been done. * @rb: rb-tree node * @lnum: LEB number */ struct done_ref { struct rb_node rb; int lnum; }; /** * done_already - determine if a reference has been done already. * @done_tree: rb-tree to store references that have been done * @lnum: LEB number of reference * * This function returns %1 if the reference has been done, %0 if not, otherwise * a negative error code is returned. */ static int done_already(struct rb_root *done_tree, int lnum) { struct rb_node **p = &done_tree->rb_node, *parent = NULL; struct done_ref *dr; while (*p) { parent = *p; dr = rb_entry(parent, struct done_ref, rb); if (lnum < dr->lnum) p = &(*p)->rb_left; else if (lnum > dr->lnum) p = &(*p)->rb_right; else return 1; } dr = kzalloc(sizeof(struct done_ref), GFP_NOFS); if (!dr) return -ENOMEM; dr->lnum = lnum; rb_link_node(&dr->rb, parent, p); rb_insert_color(&dr->rb, done_tree); return 0; } /** * destroy_done_tree - destroy the done tree. * @done_tree: done tree to destroy */ static void destroy_done_tree(struct rb_root *done_tree) { struct done_ref *dr, *n; rbtree_postorder_for_each_entry_safe(dr, n, done_tree, rb) kfree(dr); } /** * add_node - add a node to the consolidated log. * @c: UBIFS file-system description object * @buf: buffer to which to add * @lnum: LEB number to which to write is passed and returned here * @offs: offset to where to write is passed and returned here * @node: node to add * * This function returns %0 on success and a negative error code on failure. */ static int add_node(struct ubifs_info *c, void *buf, int *lnum, int *offs, void *node) { struct ubifs_ch *ch = node; int len = le32_to_cpu(ch->len), remains = c->leb_size - *offs; if (len > remains) { int sz = ALIGN(*offs, c->min_io_size), err; ubifs_pad(c, buf + *offs, sz - *offs); err = ubifs_leb_change(c, *lnum, buf, sz); if (err) return err; *lnum = ubifs_next_log_lnum(c, *lnum); *offs = 0; } memcpy(buf + *offs, node, len); *offs += ALIGN(len, 8); return 0; } /** * ubifs_consolidate_log - consolidate the log. * @c: UBIFS file-system description object * * Repeated failed commits could cause the log to be full, but at least 1 LEB is * needed for commit. This function rewrites the reference nodes in the log * omitting duplicates, and failed CS nodes, and leaving no gaps. * * This function returns %0 on success and a negative error code on failure. */ int ubifs_consolidate_log(struct ubifs_info *c) { struct ubifs_scan_leb *sleb; struct ubifs_scan_node *snod; struct rb_root done_tree = RB_ROOT; int lnum, err, first = 1, write_lnum, offs = 0; void *buf; dbg_rcvry("log tail LEB %d, log head LEB %d", c->ltail_lnum, c->lhead_lnum); buf = vmalloc(c->leb_size); if (!buf) return -ENOMEM; lnum = c->ltail_lnum; write_lnum = lnum; while (1) { sleb = ubifs_scan(c, lnum, 0, c->sbuf, 0); if (IS_ERR(sleb)) { err = PTR_ERR(sleb); goto out_free; } list_for_each_entry(snod, &sleb->nodes, list) { switch (snod->type) { case UBIFS_REF_NODE: { struct ubifs_ref_node *ref = snod->node; int ref_lnum = le32_to_cpu(ref->lnum); err = done_already(&done_tree, ref_lnum); if (err < 0) goto out_scan; if (err != 1) { err = add_node(c, buf, &write_lnum, &offs, snod->node); if (err) goto out_scan; } break; } case UBIFS_CS_NODE: if (!first) break; err = add_node(c, buf, &write_lnum, &offs, snod->node); if (err) goto out_scan; first = 0; break; } } ubifs_scan_destroy(sleb); if (lnum == c->lhead_lnum) break; lnum = ubifs_next_log_lnum(c, lnum); } if (offs) { int sz = ALIGN(offs, c->min_io_size); ubifs_pad(c, buf + offs, sz - offs); err = ubifs_leb_change(c, write_lnum, buf, sz); if (err) goto out_free; offs = ALIGN(offs, c->min_io_size); } destroy_done_tree(&done_tree); vfree(buf); if (write_lnum == c->lhead_lnum) { set_failure_reason_callback(c, FR_DATA_CORRUPTED); ubifs_err(c, "log is too full"); return -EINVAL; } /* Unmap remaining LEBs */ lnum = write_lnum; do { lnum = ubifs_next_log_lnum(c, lnum); err = ubifs_leb_unmap(c, lnum); if (err) return err; } while (lnum != c->lhead_lnum); c->lhead_lnum = write_lnum; c->lhead_offs = offs; dbg_rcvry("new log head at %d:%d", c->lhead_lnum, c->lhead_offs); return 0; out_scan: ubifs_scan_destroy(sleb); out_free: destroy_done_tree(&done_tree); vfree(buf); return err; } /** * dbg_check_bud_bytes - make sure bud bytes calculation are all right. * @c: UBIFS file-system description object * * This function makes sure the amount of flash space used by closed buds * ('c->bud_bytes' is correct). Returns zero in case of success and %-EINVAL in * case of failure. */ static int dbg_check_bud_bytes(__unused struct ubifs_info *c) { return 0; }