2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
26 #include "xfs_mount.h"
27 #include "xfs_da_format.h"
28 #include "xfs_da_btree.h"
29 #include "xfs_inode.h"
30 #include "xfs_trans.h"
32 #include "xfs_log_priv.h"
33 #include "xfs_log_recover.h"
34 #include "xfs_inode_item.h"
35 #include "xfs_extfree_item.h"
36 #include "xfs_trans_priv.h"
37 #include "xfs_alloc.h"
38 #include "xfs_ialloc.h"
39 #include "xfs_quota.h"
40 #include "xfs_cksum.h"
41 #include "xfs_trace.h"
42 #include "xfs_icache.h"
43 #include "xfs_bmap_btree.h"
44 #include "xfs_error.h"
47 #define BLK_AVG(blk1, blk2) ((blk1+blk2) >> 1)
54 xlog_clear_stale_blocks(
59 xlog_recover_check_summary(
62 #define xlog_recover_check_summary(log)
65 xlog_do_recovery_pass(
66 struct xlog *, xfs_daddr_t, xfs_daddr_t, int, xfs_daddr_t *);
69 * This structure is used during recovery to record the buf log items which
70 * have been canceled and should not be replayed.
72 struct xfs_buf_cancel {
76 struct list_head bc_list;
80 * Sector aligned buffer routines for buffer create/read/write/access
84 * Verify the given count of basic blocks is valid number of blocks
85 * to specify for an operation involving the given XFS log buffer.
86 * Returns nonzero if the count is valid, 0 otherwise.
90 xlog_buf_bbcount_valid(
94 return bbcount > 0 && bbcount <= log->l_logBBsize;
98 * Allocate a buffer to hold log data. The buffer needs to be able
99 * to map to a range of nbblks basic blocks at any valid (basic
100 * block) offset within the log.
109 if (!xlog_buf_bbcount_valid(log, nbblks)) {
110 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
112 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
117 * We do log I/O in units of log sectors (a power-of-2
118 * multiple of the basic block size), so we round up the
119 * requested size to accommodate the basic blocks required
120 * for complete log sectors.
122 * In addition, the buffer may be used for a non-sector-
123 * aligned block offset, in which case an I/O of the
124 * requested size could extend beyond the end of the
125 * buffer. If the requested size is only 1 basic block it
126 * will never straddle a sector boundary, so this won't be
127 * an issue. Nor will this be a problem if the log I/O is
128 * done in basic blocks (sector size 1). But otherwise we
129 * extend the buffer by one extra log sector to ensure
130 * there's space to accommodate this possibility.
132 if (nbblks > 1 && log->l_sectBBsize > 1)
133 nbblks += log->l_sectBBsize;
134 nbblks = round_up(nbblks, log->l_sectBBsize);
136 bp = xfs_buf_get_uncached(log->l_mp->m_logdev_targp, nbblks, 0);
150 * Return the address of the start of the given block number's data
151 * in a log buffer. The buffer covers a log sector-aligned region.
160 xfs_daddr_t offset = blk_no & ((xfs_daddr_t)log->l_sectBBsize - 1);
162 ASSERT(offset + nbblks <= bp->b_length);
163 return bp->b_addr + BBTOB(offset);
168 * nbblks should be uint, but oh well. Just want to catch that 32-bit length.
179 if (!xlog_buf_bbcount_valid(log, nbblks)) {
180 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
182 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
183 return -EFSCORRUPTED;
186 blk_no = round_down(blk_no, log->l_sectBBsize);
187 nbblks = round_up(nbblks, log->l_sectBBsize);
190 ASSERT(nbblks <= bp->b_length);
192 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
193 bp->b_flags |= XBF_READ;
194 bp->b_io_length = nbblks;
197 error = xfs_buf_submit_wait(bp);
198 if (error && !XFS_FORCED_SHUTDOWN(log->l_mp))
199 xfs_buf_ioerror_alert(bp, __func__);
213 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
217 *offset = xlog_align(log, blk_no, nbblks, bp);
222 * Read at an offset into the buffer. Returns with the buffer in it's original
223 * state regardless of the result of the read.
228 xfs_daddr_t blk_no, /* block to read from */
229 int nbblks, /* blocks to read */
233 char *orig_offset = bp->b_addr;
234 int orig_len = BBTOB(bp->b_length);
237 error = xfs_buf_associate_memory(bp, offset, BBTOB(nbblks));
241 error = xlog_bread_noalign(log, blk_no, nbblks, bp);
243 /* must reset buffer pointer even on error */
244 error2 = xfs_buf_associate_memory(bp, orig_offset, orig_len);
251 * Write out the buffer at the given block for the given number of blocks.
252 * The buffer is kept locked across the write and is returned locked.
253 * This can only be used for synchronous log writes.
264 if (!xlog_buf_bbcount_valid(log, nbblks)) {
265 xfs_warn(log->l_mp, "Invalid block length (0x%x) for buffer",
267 XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_HIGH, log->l_mp);
268 return -EFSCORRUPTED;
271 blk_no = round_down(blk_no, log->l_sectBBsize);
272 nbblks = round_up(nbblks, log->l_sectBBsize);
275 ASSERT(nbblks <= bp->b_length);
277 XFS_BUF_SET_ADDR(bp, log->l_logBBstart + blk_no);
278 XFS_BUF_ZEROFLAGS(bp);
281 bp->b_io_length = nbblks;
284 error = xfs_bwrite(bp);
286 xfs_buf_ioerror_alert(bp, __func__);
293 * dump debug superblock and log record information
296 xlog_header_check_dump(
298 xlog_rec_header_t *head)
300 xfs_debug(mp, "%s: SB : uuid = %pU, fmt = %d",
301 __func__, &mp->m_sb.sb_uuid, XLOG_FMT);
302 xfs_debug(mp, " log : uuid = %pU, fmt = %d",
303 &head->h_fs_uuid, be32_to_cpu(head->h_fmt));
306 #define xlog_header_check_dump(mp, head)
310 * check log record header for recovery
313 xlog_header_check_recover(
315 xlog_rec_header_t *head)
317 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
320 * IRIX doesn't write the h_fmt field and leaves it zeroed
321 * (XLOG_FMT_UNKNOWN). This stops us from trying to recover
322 * a dirty log created in IRIX.
324 if (unlikely(head->h_fmt != cpu_to_be32(XLOG_FMT))) {
326 "dirty log written in incompatible format - can't recover");
327 xlog_header_check_dump(mp, head);
328 XFS_ERROR_REPORT("xlog_header_check_recover(1)",
329 XFS_ERRLEVEL_HIGH, mp);
330 return -EFSCORRUPTED;
331 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
333 "dirty log entry has mismatched uuid - can't recover");
334 xlog_header_check_dump(mp, head);
335 XFS_ERROR_REPORT("xlog_header_check_recover(2)",
336 XFS_ERRLEVEL_HIGH, mp);
337 return -EFSCORRUPTED;
343 * read the head block of the log and check the header
346 xlog_header_check_mount(
348 xlog_rec_header_t *head)
350 ASSERT(head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM));
352 if (uuid_is_nil(&head->h_fs_uuid)) {
354 * IRIX doesn't write the h_fs_uuid or h_fmt fields. If
355 * h_fs_uuid is nil, we assume this log was last mounted
356 * by IRIX and continue.
358 xfs_warn(mp, "nil uuid in log - IRIX style log");
359 } else if (unlikely(!uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid))) {
360 xfs_warn(mp, "log has mismatched uuid - can't recover");
361 xlog_header_check_dump(mp, head);
362 XFS_ERROR_REPORT("xlog_header_check_mount",
363 XFS_ERRLEVEL_HIGH, mp);
364 return -EFSCORRUPTED;
375 * We're not going to bother about retrying
376 * this during recovery. One strike!
378 if (!XFS_FORCED_SHUTDOWN(bp->b_target->bt_mount)) {
379 xfs_buf_ioerror_alert(bp, __func__);
380 xfs_force_shutdown(bp->b_target->bt_mount,
381 SHUTDOWN_META_IO_ERROR);
389 * This routine finds (to an approximation) the first block in the physical
390 * log which contains the given cycle. It uses a binary search algorithm.
391 * Note that the algorithm can not be perfect because the disk will not
392 * necessarily be perfect.
395 xlog_find_cycle_start(
398 xfs_daddr_t first_blk,
399 xfs_daddr_t *last_blk,
409 mid_blk = BLK_AVG(first_blk, end_blk);
410 while (mid_blk != first_blk && mid_blk != end_blk) {
411 error = xlog_bread(log, mid_blk, 1, bp, &offset);
414 mid_cycle = xlog_get_cycle(offset);
415 if (mid_cycle == cycle)
416 end_blk = mid_blk; /* last_half_cycle == mid_cycle */
418 first_blk = mid_blk; /* first_half_cycle == mid_cycle */
419 mid_blk = BLK_AVG(first_blk, end_blk);
421 ASSERT((mid_blk == first_blk && mid_blk+1 == end_blk) ||
422 (mid_blk == end_blk && mid_blk-1 == first_blk));
430 * Check that a range of blocks does not contain stop_on_cycle_no.
431 * Fill in *new_blk with the block offset where such a block is
432 * found, or with -1 (an invalid block number) if there is no such
433 * block in the range. The scan needs to occur from front to back
434 * and the pointer into the region must be updated since a later
435 * routine will need to perform another test.
438 xlog_find_verify_cycle(
440 xfs_daddr_t start_blk,
442 uint stop_on_cycle_no,
443 xfs_daddr_t *new_blk)
453 * Greedily allocate a buffer big enough to handle the full
454 * range of basic blocks we'll be examining. If that fails,
455 * try a smaller size. We need to be able to read at least
456 * a log sector, or we're out of luck.
458 bufblks = 1 << ffs(nbblks);
459 while (bufblks > log->l_logBBsize)
461 while (!(bp = xlog_get_bp(log, bufblks))) {
463 if (bufblks < log->l_sectBBsize)
467 for (i = start_blk; i < start_blk + nbblks; i += bufblks) {
470 bcount = min(bufblks, (start_blk + nbblks - i));
472 error = xlog_bread(log, i, bcount, bp, &buf);
476 for (j = 0; j < bcount; j++) {
477 cycle = xlog_get_cycle(buf);
478 if (cycle == stop_on_cycle_no) {
495 * Potentially backup over partial log record write.
497 * In the typical case, last_blk is the number of the block directly after
498 * a good log record. Therefore, we subtract one to get the block number
499 * of the last block in the given buffer. extra_bblks contains the number
500 * of blocks we would have read on a previous read. This happens when the
501 * last log record is split over the end of the physical log.
503 * extra_bblks is the number of blocks potentially verified on a previous
504 * call to this routine.
507 xlog_find_verify_log_record(
509 xfs_daddr_t start_blk,
510 xfs_daddr_t *last_blk,
516 xlog_rec_header_t *head = NULL;
519 int num_blks = *last_blk - start_blk;
522 ASSERT(start_blk != 0 || *last_blk != start_blk);
524 if (!(bp = xlog_get_bp(log, num_blks))) {
525 if (!(bp = xlog_get_bp(log, 1)))
529 error = xlog_bread(log, start_blk, num_blks, bp, &offset);
532 offset += ((num_blks - 1) << BBSHIFT);
535 for (i = (*last_blk) - 1; i >= 0; i--) {
537 /* valid log record not found */
539 "Log inconsistent (didn't find previous header)");
546 error = xlog_bread(log, i, 1, bp, &offset);
551 head = (xlog_rec_header_t *)offset;
553 if (head->h_magicno == cpu_to_be32(XLOG_HEADER_MAGIC_NUM))
561 * We hit the beginning of the physical log & still no header. Return
562 * to caller. If caller can handle a return of -1, then this routine
563 * will be called again for the end of the physical log.
571 * We have the final block of the good log (the first block
572 * of the log record _before_ the head. So we check the uuid.
574 if ((error = xlog_header_check_mount(log->l_mp, head)))
578 * We may have found a log record header before we expected one.
579 * last_blk will be the 1st block # with a given cycle #. We may end
580 * up reading an entire log record. In this case, we don't want to
581 * reset last_blk. Only when last_blk points in the middle of a log
582 * record do we update last_blk.
584 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
585 uint h_size = be32_to_cpu(head->h_size);
587 xhdrs = h_size / XLOG_HEADER_CYCLE_SIZE;
588 if (h_size % XLOG_HEADER_CYCLE_SIZE)
594 if (*last_blk - i + extra_bblks !=
595 BTOBB(be32_to_cpu(head->h_len)) + xhdrs)
604 * Head is defined to be the point of the log where the next log write
605 * could go. This means that incomplete LR writes at the end are
606 * eliminated when calculating the head. We aren't guaranteed that previous
607 * LR have complete transactions. We only know that a cycle number of
608 * current cycle number -1 won't be present in the log if we start writing
609 * from our current block number.
611 * last_blk contains the block number of the first block with a given
614 * Return: zero if normal, non-zero if error.
619 xfs_daddr_t *return_head_blk)
623 xfs_daddr_t new_blk, first_blk, start_blk, last_blk, head_blk;
625 uint first_half_cycle, last_half_cycle;
627 int error, log_bbnum = log->l_logBBsize;
629 /* Is the end of the log device zeroed? */
630 error = xlog_find_zeroed(log, &first_blk);
632 xfs_warn(log->l_mp, "empty log check failed");
636 *return_head_blk = first_blk;
638 /* Is the whole lot zeroed? */
640 /* Linux XFS shouldn't generate totally zeroed logs -
641 * mkfs etc write a dummy unmount record to a fresh
642 * log so we can store the uuid in there
644 xfs_warn(log->l_mp, "totally zeroed log");
650 first_blk = 0; /* get cycle # of 1st block */
651 bp = xlog_get_bp(log, 1);
655 error = xlog_bread(log, 0, 1, bp, &offset);
659 first_half_cycle = xlog_get_cycle(offset);
661 last_blk = head_blk = log_bbnum - 1; /* get cycle # of last block */
662 error = xlog_bread(log, last_blk, 1, bp, &offset);
666 last_half_cycle = xlog_get_cycle(offset);
667 ASSERT(last_half_cycle != 0);
670 * If the 1st half cycle number is equal to the last half cycle number,
671 * then the entire log is stamped with the same cycle number. In this
672 * case, head_blk can't be set to zero (which makes sense). The below
673 * math doesn't work out properly with head_blk equal to zero. Instead,
674 * we set it to log_bbnum which is an invalid block number, but this
675 * value makes the math correct. If head_blk doesn't changed through
676 * all the tests below, *head_blk is set to zero at the very end rather
677 * than log_bbnum. In a sense, log_bbnum and zero are the same block
678 * in a circular file.
680 if (first_half_cycle == last_half_cycle) {
682 * In this case we believe that the entire log should have
683 * cycle number last_half_cycle. We need to scan backwards
684 * from the end verifying that there are no holes still
685 * containing last_half_cycle - 1. If we find such a hole,
686 * then the start of that hole will be the new head. The
687 * simple case looks like
688 * x | x ... | x - 1 | x
689 * Another case that fits this picture would be
690 * x | x + 1 | x ... | x
691 * In this case the head really is somewhere at the end of the
692 * log, as one of the latest writes at the beginning was
695 * x | x + 1 | x ... | x - 1 | x
696 * This is really the combination of the above two cases, and
697 * the head has to end up at the start of the x-1 hole at the
700 * In the 256k log case, we will read from the beginning to the
701 * end of the log and search for cycle numbers equal to x-1.
702 * We don't worry about the x+1 blocks that we encounter,
703 * because we know that they cannot be the head since the log
706 head_blk = log_bbnum;
707 stop_on_cycle = last_half_cycle - 1;
710 * In this case we want to find the first block with cycle
711 * number matching last_half_cycle. We expect the log to be
713 * x + 1 ... | x ... | x
714 * The first block with cycle number x (last_half_cycle) will
715 * be where the new head belongs. First we do a binary search
716 * for the first occurrence of last_half_cycle. The binary
717 * search may not be totally accurate, so then we scan back
718 * from there looking for occurrences of last_half_cycle before
719 * us. If that backwards scan wraps around the beginning of
720 * the log, then we look for occurrences of last_half_cycle - 1
721 * at the end of the log. The cases we're looking for look
723 * v binary search stopped here
724 * x + 1 ... | x | x + 1 | x ... | x
725 * ^ but we want to locate this spot
727 * <---------> less than scan distance
728 * x + 1 ... | x ... | x - 1 | x
729 * ^ we want to locate this spot
731 stop_on_cycle = last_half_cycle;
732 if ((error = xlog_find_cycle_start(log, bp, first_blk,
733 &head_blk, last_half_cycle)))
738 * Now validate the answer. Scan back some number of maximum possible
739 * blocks and make sure each one has the expected cycle number. The
740 * maximum is determined by the total possible amount of buffering
741 * in the in-core log. The following number can be made tighter if
742 * we actually look at the block size of the filesystem.
744 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
745 if (head_blk >= num_scan_bblks) {
747 * We are guaranteed that the entire check can be performed
750 start_blk = head_blk - num_scan_bblks;
751 if ((error = xlog_find_verify_cycle(log,
752 start_blk, num_scan_bblks,
753 stop_on_cycle, &new_blk)))
757 } else { /* need to read 2 parts of log */
759 * We are going to scan backwards in the log in two parts.
760 * First we scan the physical end of the log. In this part
761 * of the log, we are looking for blocks with cycle number
762 * last_half_cycle - 1.
763 * If we find one, then we know that the log starts there, as
764 * we've found a hole that didn't get written in going around
765 * the end of the physical log. The simple case for this is
766 * x + 1 ... | x ... | x - 1 | x
767 * <---------> less than scan distance
768 * If all of the blocks at the end of the log have cycle number
769 * last_half_cycle, then we check the blocks at the start of
770 * the log looking for occurrences of last_half_cycle. If we
771 * find one, then our current estimate for the location of the
772 * first occurrence of last_half_cycle is wrong and we move
773 * back to the hole we've found. This case looks like
774 * x + 1 ... | x | x + 1 | x ...
775 * ^ binary search stopped here
776 * Another case we need to handle that only occurs in 256k
778 * x + 1 ... | x ... | x+1 | x ...
779 * ^ binary search stops here
780 * In a 256k log, the scan at the end of the log will see the
781 * x + 1 blocks. We need to skip past those since that is
782 * certainly not the head of the log. By searching for
783 * last_half_cycle-1 we accomplish that.
785 ASSERT(head_blk <= INT_MAX &&
786 (xfs_daddr_t) num_scan_bblks >= head_blk);
787 start_blk = log_bbnum - (num_scan_bblks - head_blk);
788 if ((error = xlog_find_verify_cycle(log, start_blk,
789 num_scan_bblks - (int)head_blk,
790 (stop_on_cycle - 1), &new_blk)))
798 * Scan beginning of log now. The last part of the physical
799 * log is good. This scan needs to verify that it doesn't find
800 * the last_half_cycle.
803 ASSERT(head_blk <= INT_MAX);
804 if ((error = xlog_find_verify_cycle(log,
805 start_blk, (int)head_blk,
806 stop_on_cycle, &new_blk)))
814 * Now we need to make sure head_blk is not pointing to a block in
815 * the middle of a log record.
817 num_scan_bblks = XLOG_REC_SHIFT(log);
818 if (head_blk >= num_scan_bblks) {
819 start_blk = head_blk - num_scan_bblks; /* don't read head_blk */
821 /* start ptr at last block ptr before head_blk */
822 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
829 ASSERT(head_blk <= INT_MAX);
830 error = xlog_find_verify_log_record(log, start_blk, &head_blk, 0);
834 /* We hit the beginning of the log during our search */
835 start_blk = log_bbnum - (num_scan_bblks - head_blk);
837 ASSERT(start_blk <= INT_MAX &&
838 (xfs_daddr_t) log_bbnum-start_blk >= 0);
839 ASSERT(head_blk <= INT_MAX);
840 error = xlog_find_verify_log_record(log, start_blk,
841 &new_blk, (int)head_blk);
846 if (new_blk != log_bbnum)
853 if (head_blk == log_bbnum)
854 *return_head_blk = 0;
856 *return_head_blk = head_blk;
858 * When returning here, we have a good block number. Bad block
859 * means that during a previous crash, we didn't have a clean break
860 * from cycle number N to cycle number N-1. In this case, we need
861 * to find the first block with cycle number N-1.
869 xfs_warn(log->l_mp, "failed to find log head");
874 * Seek backwards in the log for log record headers.
876 * Given a starting log block, walk backwards until we find the provided number
877 * of records or hit the provided tail block. The return value is the number of
878 * records encountered or a negative error code. The log block and buffer
879 * pointer of the last record seen are returned in rblk and rhead respectively.
882 xlog_rseek_logrec_hdr(
884 xfs_daddr_t head_blk,
885 xfs_daddr_t tail_blk,
889 struct xlog_rec_header **rhead,
901 * Walk backwards from the head block until we hit the tail or the first
904 end_blk = head_blk > tail_blk ? tail_blk : 0;
905 for (i = (int) head_blk - 1; i >= end_blk; i--) {
906 error = xlog_bread(log, i, 1, bp, &offset);
910 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
912 *rhead = (struct xlog_rec_header *) offset;
913 if (++found == count)
919 * If we haven't hit the tail block or the log record header count,
920 * start looking again from the end of the physical log. Note that
921 * callers can pass head == tail if the tail is not yet known.
923 if (tail_blk >= head_blk && found != count) {
924 for (i = log->l_logBBsize - 1; i >= (int) tail_blk; i--) {
925 error = xlog_bread(log, i, 1, bp, &offset);
929 if (*(__be32 *)offset ==
930 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
933 *rhead = (struct xlog_rec_header *) offset;
934 if (++found == count)
947 * Seek forward in the log for log record headers.
949 * Given head and tail blocks, walk forward from the tail block until we find
950 * the provided number of records or hit the head block. The return value is the
951 * number of records encountered or a negative error code. The log block and
952 * buffer pointer of the last record seen are returned in rblk and rhead
956 xlog_seek_logrec_hdr(
958 xfs_daddr_t head_blk,
959 xfs_daddr_t tail_blk,
963 struct xlog_rec_header **rhead,
975 * Walk forward from the tail block until we hit the head or the last
978 end_blk = head_blk > tail_blk ? head_blk : log->l_logBBsize - 1;
979 for (i = (int) tail_blk; i <= end_blk; i++) {
980 error = xlog_bread(log, i, 1, bp, &offset);
984 if (*(__be32 *) offset == cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
986 *rhead = (struct xlog_rec_header *) offset;
987 if (++found == count)
993 * If we haven't hit the head block or the log record header count,
994 * start looking again from the start of the physical log.
996 if (tail_blk > head_blk && found != count) {
997 for (i = 0; i < (int) head_blk; i++) {
998 error = xlog_bread(log, i, 1, bp, &offset);
1002 if (*(__be32 *)offset ==
1003 cpu_to_be32(XLOG_HEADER_MAGIC_NUM)) {
1006 *rhead = (struct xlog_rec_header *) offset;
1007 if (++found == count)
1020 * Check the log tail for torn writes. This is required when torn writes are
1021 * detected at the head and the head had to be walked back to a previous record.
1022 * The tail of the previous record must now be verified to ensure the torn
1023 * writes didn't corrupt the previous tail.
1025 * Return an error if CRC verification fails as recovery cannot proceed.
1030 xfs_daddr_t head_blk,
1031 xfs_daddr_t tail_blk)
1033 struct xlog_rec_header *thead;
1035 xfs_daddr_t first_bad;
1039 xfs_daddr_t tmp_head;
1041 bp = xlog_get_bp(log, 1);
1046 * Seek XLOG_MAX_ICLOGS + 1 records past the current tail record to get
1047 * a temporary head block that points after the last possible
1048 * concurrently written record of the tail.
1050 count = xlog_seek_logrec_hdr(log, head_blk, tail_blk,
1051 XLOG_MAX_ICLOGS + 1, bp, &tmp_head, &thead,
1059 * If the call above didn't find XLOG_MAX_ICLOGS + 1 records, we ran
1060 * into the actual log head. tmp_head points to the start of the record
1061 * so update it to the actual head block.
1063 if (count < XLOG_MAX_ICLOGS + 1)
1064 tmp_head = head_blk;
1067 * We now have a tail and temporary head block that covers at least
1068 * XLOG_MAX_ICLOGS records from the tail. We need to verify that these
1069 * records were completely written. Run a CRC verification pass from
1070 * tail to head and return the result.
1072 error = xlog_do_recovery_pass(log, tmp_head, tail_blk,
1073 XLOG_RECOVER_CRCPASS, &first_bad);
1081 * Detect and trim torn writes from the head of the log.
1083 * Storage without sector atomicity guarantees can result in torn writes in the
1084 * log in the event of a crash. Our only means to detect this scenario is via
1085 * CRC verification. While we can't always be certain that CRC verification
1086 * failure is due to a torn write vs. an unrelated corruption, we do know that
1087 * only a certain number (XLOG_MAX_ICLOGS) of log records can be written out at
1088 * one time. Therefore, CRC verify up to XLOG_MAX_ICLOGS records at the head of
1089 * the log and treat failures in this range as torn writes as a matter of
1090 * policy. In the event of CRC failure, the head is walked back to the last good
1091 * record in the log and the tail is updated from that record and verified.
1096 xfs_daddr_t *head_blk, /* in/out: unverified head */
1097 xfs_daddr_t *tail_blk, /* out: tail block */
1099 xfs_daddr_t *rhead_blk, /* start blk of last record */
1100 struct xlog_rec_header **rhead, /* ptr to last record */
1101 bool *wrapped) /* last rec. wraps phys. log */
1103 struct xlog_rec_header *tmp_rhead;
1104 struct xfs_buf *tmp_bp;
1105 xfs_daddr_t first_bad;
1106 xfs_daddr_t tmp_rhead_blk;
1112 * Search backwards through the log looking for the log record header
1113 * block. This wraps all the way back around to the head so something is
1114 * seriously wrong if we can't find it.
1116 found = xlog_rseek_logrec_hdr(log, *head_blk, *head_blk, 1, bp, rhead_blk,
1121 xfs_warn(log->l_mp, "%s: couldn't find sync record", __func__);
1125 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1128 * Now that we have a tail block, check the head of the log for torn
1129 * writes. Search again until we hit the tail or the maximum number of
1130 * log record I/Os that could have been in flight at one time. Use a
1131 * temporary buffer so we don't trash the rhead/bp pointer from the
1134 tmp_bp = xlog_get_bp(log, 1);
1137 error = xlog_rseek_logrec_hdr(log, *head_blk, *tail_blk,
1138 XLOG_MAX_ICLOGS, tmp_bp, &tmp_rhead_blk,
1139 &tmp_rhead, &tmp_wrapped);
1140 xlog_put_bp(tmp_bp);
1145 * Now run a CRC verification pass over the records starting at the
1146 * block found above to the current head. If a CRC failure occurs, the
1147 * log block of the first bad record is saved in first_bad.
1149 error = xlog_do_recovery_pass(log, *head_blk, tmp_rhead_blk,
1150 XLOG_RECOVER_CRCPASS, &first_bad);
1151 if (error == -EFSBADCRC) {
1153 * We've hit a potential torn write. Reset the error and warn
1158 "Torn write (CRC failure) detected at log block 0x%llx. Truncating head block from 0x%llx.",
1159 first_bad, *head_blk);
1162 * Get the header block and buffer pointer for the last good
1163 * record before the bad record.
1165 * Note that xlog_find_tail() clears the blocks at the new head
1166 * (i.e., the records with invalid CRC) if the cycle number
1167 * matches the the current cycle.
1169 found = xlog_rseek_logrec_hdr(log, first_bad, *tail_blk, 1, bp,
1170 rhead_blk, rhead, wrapped);
1173 if (found == 0) /* XXX: right thing to do here? */
1177 * Reset the head block to the starting block of the first bad
1178 * log record and set the tail block based on the last good
1181 * Bail out if the updated head/tail match as this indicates
1182 * possible corruption outside of the acceptable
1183 * (XLOG_MAX_ICLOGS) range. This is a job for xfs_repair...
1185 *head_blk = first_bad;
1186 *tail_blk = BLOCK_LSN(be64_to_cpu((*rhead)->h_tail_lsn));
1187 if (*head_blk == *tail_blk) {
1193 * Now verify the tail based on the updated head. This is
1194 * required because the torn writes trimmed from the head could
1195 * have been written over the tail of a previous record. Return
1196 * any errors since recovery cannot proceed if the tail is
1199 * XXX: This leaves a gap in truly robust protection from torn
1200 * writes in the log. If the head is behind the tail, the tail
1201 * pushes forward to create some space and then a crash occurs
1202 * causing the writes into the previous record's tail region to
1203 * tear, log recovery isn't able to recover.
1205 * How likely is this to occur? If possible, can we do something
1206 * more intelligent here? Is it safe to push the tail forward if
1207 * we can determine that the tail is within the range of the
1208 * torn write (e.g., the kernel can only overwrite the tail if
1209 * it has actually been pushed forward)? Alternatively, could we
1210 * somehow prevent this condition at runtime?
1212 error = xlog_verify_tail(log, *head_blk, *tail_blk);
1219 * Find the sync block number or the tail of the log.
1221 * This will be the block number of the last record to have its
1222 * associated buffers synced to disk. Every log record header has
1223 * a sync lsn embedded in it. LSNs hold block numbers, so it is easy
1224 * to get a sync block number. The only concern is to figure out which
1225 * log record header to believe.
1227 * The following algorithm uses the log record header with the largest
1228 * lsn. The entire log record does not need to be valid. We only care
1229 * that the header is valid.
1231 * We could speed up search by using current head_blk buffer, but it is not
1237 xfs_daddr_t *head_blk,
1238 xfs_daddr_t *tail_blk)
1240 xlog_rec_header_t *rhead;
1241 xlog_op_header_t *op_head;
1242 char *offset = NULL;
1245 xfs_daddr_t umount_data_blk;
1246 xfs_daddr_t after_umount_blk;
1247 xfs_daddr_t rhead_blk;
1250 bool wrapped = false;
1253 * Find previous log record
1255 if ((error = xlog_find_head(log, head_blk)))
1258 bp = xlog_get_bp(log, 1);
1261 if (*head_blk == 0) { /* special case */
1262 error = xlog_bread(log, 0, 1, bp, &offset);
1266 if (xlog_get_cycle(offset) == 0) {
1268 /* leave all other log inited values alone */
1274 * Trim the head block back to skip over torn records. We can have
1275 * multiple log I/Os in flight at any time, so we assume CRC failures
1276 * back through the previous several records are torn writes and skip
1279 ASSERT(*head_blk < INT_MAX);
1280 error = xlog_verify_head(log, head_blk, tail_blk, bp, &rhead_blk,
1286 * Reset log values according to the state of the log when we
1287 * crashed. In the case where head_blk == 0, we bump curr_cycle
1288 * one because the next write starts a new cycle rather than
1289 * continuing the cycle of the last good log record. At this
1290 * point we have guaranteed that all partial log records have been
1291 * accounted for. Therefore, we know that the last good log record
1292 * written was complete and ended exactly on the end boundary
1293 * of the physical log.
1295 log->l_prev_block = rhead_blk;
1296 log->l_curr_block = (int)*head_blk;
1297 log->l_curr_cycle = be32_to_cpu(rhead->h_cycle);
1299 log->l_curr_cycle++;
1300 atomic64_set(&log->l_tail_lsn, be64_to_cpu(rhead->h_tail_lsn));
1301 atomic64_set(&log->l_last_sync_lsn, be64_to_cpu(rhead->h_lsn));
1302 xlog_assign_grant_head(&log->l_reserve_head.grant, log->l_curr_cycle,
1303 BBTOB(log->l_curr_block));
1304 xlog_assign_grant_head(&log->l_write_head.grant, log->l_curr_cycle,
1305 BBTOB(log->l_curr_block));
1308 * Look for unmount record. If we find it, then we know there
1309 * was a clean unmount. Since 'i' could be the last block in
1310 * the physical log, we convert to a log block before comparing
1313 * Save the current tail lsn to use to pass to
1314 * xlog_clear_stale_blocks() below. We won't want to clear the
1315 * unmount record if there is one, so we pass the lsn of the
1316 * unmount record rather than the block after it.
1318 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
1319 int h_size = be32_to_cpu(rhead->h_size);
1320 int h_version = be32_to_cpu(rhead->h_version);
1322 if ((h_version & XLOG_VERSION_2) &&
1323 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
1324 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
1325 if (h_size % XLOG_HEADER_CYCLE_SIZE)
1333 after_umount_blk = rhead_blk + hblks + BTOBB(be32_to_cpu(rhead->h_len));
1334 after_umount_blk = do_mod(after_umount_blk, log->l_logBBsize);
1335 tail_lsn = atomic64_read(&log->l_tail_lsn);
1336 if (*head_blk == after_umount_blk &&
1337 be32_to_cpu(rhead->h_num_logops) == 1) {
1338 umount_data_blk = rhead_blk + hblks;
1339 umount_data_blk = do_mod(umount_data_blk, log->l_logBBsize);
1340 error = xlog_bread(log, umount_data_blk, 1, bp, &offset);
1344 op_head = (xlog_op_header_t *)offset;
1345 if (op_head->oh_flags & XLOG_UNMOUNT_TRANS) {
1347 * Set tail and last sync so that newly written
1348 * log records will point recovery to after the
1349 * current unmount record.
1351 xlog_assign_atomic_lsn(&log->l_tail_lsn,
1352 log->l_curr_cycle, after_umount_blk);
1353 xlog_assign_atomic_lsn(&log->l_last_sync_lsn,
1354 log->l_curr_cycle, after_umount_blk);
1355 *tail_blk = after_umount_blk;
1358 * Note that the unmount was clean. If the unmount
1359 * was not clean, we need to know this to rebuild the
1360 * superblock counters from the perag headers if we
1361 * have a filesystem using non-persistent counters.
1363 log->l_mp->m_flags |= XFS_MOUNT_WAS_CLEAN;
1368 * Make sure that there are no blocks in front of the head
1369 * with the same cycle number as the head. This can happen
1370 * because we allow multiple outstanding log writes concurrently,
1371 * and the later writes might make it out before earlier ones.
1373 * We use the lsn from before modifying it so that we'll never
1374 * overwrite the unmount record after a clean unmount.
1376 * Do this only if we are going to recover the filesystem
1378 * NOTE: This used to say "if (!readonly)"
1379 * However on Linux, we can & do recover a read-only filesystem.
1380 * We only skip recovery if NORECOVERY is specified on mount,
1381 * in which case we would not be here.
1383 * But... if the -device- itself is readonly, just skip this.
1384 * We can't recover this device anyway, so it won't matter.
1386 if (!xfs_readonly_buftarg(log->l_mp->m_logdev_targp))
1387 error = xlog_clear_stale_blocks(log, tail_lsn);
1393 xfs_warn(log->l_mp, "failed to locate log tail");
1398 * Is the log zeroed at all?
1400 * The last binary search should be changed to perform an X block read
1401 * once X becomes small enough. You can then search linearly through
1402 * the X blocks. This will cut down on the number of reads we need to do.
1404 * If the log is partially zeroed, this routine will pass back the blkno
1405 * of the first block with cycle number 0. It won't have a complete LR
1409 * 0 => the log is completely written to
1410 * 1 => use *blk_no as the first block of the log
1411 * <0 => error has occurred
1416 xfs_daddr_t *blk_no)
1420 uint first_cycle, last_cycle;
1421 xfs_daddr_t new_blk, last_blk, start_blk;
1422 xfs_daddr_t num_scan_bblks;
1423 int error, log_bbnum = log->l_logBBsize;
1427 /* check totally zeroed log */
1428 bp = xlog_get_bp(log, 1);
1431 error = xlog_bread(log, 0, 1, bp, &offset);
1435 first_cycle = xlog_get_cycle(offset);
1436 if (first_cycle == 0) { /* completely zeroed log */
1442 /* check partially zeroed log */
1443 error = xlog_bread(log, log_bbnum-1, 1, bp, &offset);
1447 last_cycle = xlog_get_cycle(offset);
1448 if (last_cycle != 0) { /* log completely written to */
1451 } else if (first_cycle != 1) {
1453 * If the cycle of the last block is zero, the cycle of
1454 * the first block must be 1. If it's not, maybe we're
1455 * not looking at a log... Bail out.
1458 "Log inconsistent or not a log (last==0, first!=1)");
1463 /* we have a partially zeroed log */
1464 last_blk = log_bbnum-1;
1465 if ((error = xlog_find_cycle_start(log, bp, 0, &last_blk, 0)))
1469 * Validate the answer. Because there is no way to guarantee that
1470 * the entire log is made up of log records which are the same size,
1471 * we scan over the defined maximum blocks. At this point, the maximum
1472 * is not chosen to mean anything special. XXXmiken
1474 num_scan_bblks = XLOG_TOTAL_REC_SHIFT(log);
1475 ASSERT(num_scan_bblks <= INT_MAX);
1477 if (last_blk < num_scan_bblks)
1478 num_scan_bblks = last_blk;
1479 start_blk = last_blk - num_scan_bblks;
1482 * We search for any instances of cycle number 0 that occur before
1483 * our current estimate of the head. What we're trying to detect is
1484 * 1 ... | 0 | 1 | 0...
1485 * ^ binary search ends here
1487 if ((error = xlog_find_verify_cycle(log, start_blk,
1488 (int)num_scan_bblks, 0, &new_blk)))
1494 * Potentially backup over partial log record write. We don't need
1495 * to search the end of the log because we know it is zero.
1497 error = xlog_find_verify_log_record(log, start_blk, &last_blk, 0);
1512 * These are simple subroutines used by xlog_clear_stale_blocks() below
1513 * to initialize a buffer full of empty log record headers and write
1514 * them into the log.
1525 xlog_rec_header_t *recp = (xlog_rec_header_t *)buf;
1527 memset(buf, 0, BBSIZE);
1528 recp->h_magicno = cpu_to_be32(XLOG_HEADER_MAGIC_NUM);
1529 recp->h_cycle = cpu_to_be32(cycle);
1530 recp->h_version = cpu_to_be32(
1531 xfs_sb_version_haslogv2(&log->l_mp->m_sb) ? 2 : 1);
1532 recp->h_lsn = cpu_to_be64(xlog_assign_lsn(cycle, block));
1533 recp->h_tail_lsn = cpu_to_be64(xlog_assign_lsn(tail_cycle, tail_block));
1534 recp->h_fmt = cpu_to_be32(XLOG_FMT);
1535 memcpy(&recp->h_fs_uuid, &log->l_mp->m_sb.sb_uuid, sizeof(uuid_t));
1539 xlog_write_log_records(
1550 int sectbb = log->l_sectBBsize;
1551 int end_block = start_block + blocks;
1557 * Greedily allocate a buffer big enough to handle the full
1558 * range of basic blocks to be written. If that fails, try
1559 * a smaller size. We need to be able to write at least a
1560 * log sector, or we're out of luck.
1562 bufblks = 1 << ffs(blocks);
1563 while (bufblks > log->l_logBBsize)
1565 while (!(bp = xlog_get_bp(log, bufblks))) {
1567 if (bufblks < sectbb)
1571 /* We may need to do a read at the start to fill in part of
1572 * the buffer in the starting sector not covered by the first
1575 balign = round_down(start_block, sectbb);
1576 if (balign != start_block) {
1577 error = xlog_bread_noalign(log, start_block, 1, bp);
1581 j = start_block - balign;
1584 for (i = start_block; i < end_block; i += bufblks) {
1585 int bcount, endcount;
1587 bcount = min(bufblks, end_block - start_block);
1588 endcount = bcount - j;
1590 /* We may need to do a read at the end to fill in part of
1591 * the buffer in the final sector not covered by the write.
1592 * If this is the same sector as the above read, skip it.
1594 ealign = round_down(end_block, sectbb);
1595 if (j == 0 && (start_block + endcount > ealign)) {
1596 offset = bp->b_addr + BBTOB(ealign - start_block);
1597 error = xlog_bread_offset(log, ealign, sectbb,
1604 offset = xlog_align(log, start_block, endcount, bp);
1605 for (; j < endcount; j++) {
1606 xlog_add_record(log, offset, cycle, i+j,
1607 tail_cycle, tail_block);
1610 error = xlog_bwrite(log, start_block, endcount, bp);
1613 start_block += endcount;
1623 * This routine is called to blow away any incomplete log writes out
1624 * in front of the log head. We do this so that we won't become confused
1625 * if we come up, write only a little bit more, and then crash again.
1626 * If we leave the partial log records out there, this situation could
1627 * cause us to think those partial writes are valid blocks since they
1628 * have the current cycle number. We get rid of them by overwriting them
1629 * with empty log records with the old cycle number rather than the
1632 * The tail lsn is passed in rather than taken from
1633 * the log so that we will not write over the unmount record after a
1634 * clean unmount in a 512 block log. Doing so would leave the log without
1635 * any valid log records in it until a new one was written. If we crashed
1636 * during that time we would not be able to recover.
1639 xlog_clear_stale_blocks(
1643 int tail_cycle, head_cycle;
1644 int tail_block, head_block;
1645 int tail_distance, max_distance;
1649 tail_cycle = CYCLE_LSN(tail_lsn);
1650 tail_block = BLOCK_LSN(tail_lsn);
1651 head_cycle = log->l_curr_cycle;
1652 head_block = log->l_curr_block;
1655 * Figure out the distance between the new head of the log
1656 * and the tail. We want to write over any blocks beyond the
1657 * head that we may have written just before the crash, but
1658 * we don't want to overwrite the tail of the log.
1660 if (head_cycle == tail_cycle) {
1662 * The tail is behind the head in the physical log,
1663 * so the distance from the head to the tail is the
1664 * distance from the head to the end of the log plus
1665 * the distance from the beginning of the log to the
1668 if (unlikely(head_block < tail_block || head_block >= log->l_logBBsize)) {
1669 XFS_ERROR_REPORT("xlog_clear_stale_blocks(1)",
1670 XFS_ERRLEVEL_LOW, log->l_mp);
1671 return -EFSCORRUPTED;
1673 tail_distance = tail_block + (log->l_logBBsize - head_block);
1676 * The head is behind the tail in the physical log,
1677 * so the distance from the head to the tail is just
1678 * the tail block minus the head block.
1680 if (unlikely(head_block >= tail_block || head_cycle != (tail_cycle + 1))){
1681 XFS_ERROR_REPORT("xlog_clear_stale_blocks(2)",
1682 XFS_ERRLEVEL_LOW, log->l_mp);
1683 return -EFSCORRUPTED;
1685 tail_distance = tail_block - head_block;
1689 * If the head is right up against the tail, we can't clear
1692 if (tail_distance <= 0) {
1693 ASSERT(tail_distance == 0);
1697 max_distance = XLOG_TOTAL_REC_SHIFT(log);
1699 * Take the smaller of the maximum amount of outstanding I/O
1700 * we could have and the distance to the tail to clear out.
1701 * We take the smaller so that we don't overwrite the tail and
1702 * we don't waste all day writing from the head to the tail
1705 max_distance = MIN(max_distance, tail_distance);
1707 if ((head_block + max_distance) <= log->l_logBBsize) {
1709 * We can stomp all the blocks we need to without
1710 * wrapping around the end of the log. Just do it
1711 * in a single write. Use the cycle number of the
1712 * current cycle minus one so that the log will look like:
1715 error = xlog_write_log_records(log, (head_cycle - 1),
1716 head_block, max_distance, tail_cycle,
1722 * We need to wrap around the end of the physical log in
1723 * order to clear all the blocks. Do it in two separate
1724 * I/Os. The first write should be from the head to the
1725 * end of the physical log, and it should use the current
1726 * cycle number minus one just like above.
1728 distance = log->l_logBBsize - head_block;
1729 error = xlog_write_log_records(log, (head_cycle - 1),
1730 head_block, distance, tail_cycle,
1737 * Now write the blocks at the start of the physical log.
1738 * This writes the remainder of the blocks we want to clear.
1739 * It uses the current cycle number since we're now on the
1740 * same cycle as the head so that we get:
1741 * n ... n ... | n - 1 ...
1742 * ^^^^^ blocks we're writing
1744 distance = max_distance - (log->l_logBBsize - head_block);
1745 error = xlog_write_log_records(log, head_cycle, 0, distance,
1746 tail_cycle, tail_block);
1754 /******************************************************************************
1756 * Log recover routines
1758 ******************************************************************************
1762 * Sort the log items in the transaction.
1764 * The ordering constraints are defined by the inode allocation and unlink
1765 * behaviour. The rules are:
1767 * 1. Every item is only logged once in a given transaction. Hence it
1768 * represents the last logged state of the item. Hence ordering is
1769 * dependent on the order in which operations need to be performed so
1770 * required initial conditions are always met.
1772 * 2. Cancelled buffers are recorded in pass 1 in a separate table and
1773 * there's nothing to replay from them so we can simply cull them
1774 * from the transaction. However, we can't do that until after we've
1775 * replayed all the other items because they may be dependent on the
1776 * cancelled buffer and replaying the cancelled buffer can remove it
1777 * form the cancelled buffer table. Hence they have tobe done last.
1779 * 3. Inode allocation buffers must be replayed before inode items that
1780 * read the buffer and replay changes into it. For filesystems using the
1781 * ICREATE transactions, this means XFS_LI_ICREATE objects need to get
1782 * treated the same as inode allocation buffers as they create and
1783 * initialise the buffers directly.
1785 * 4. Inode unlink buffers must be replayed after inode items are replayed.
1786 * This ensures that inodes are completely flushed to the inode buffer
1787 * in a "free" state before we remove the unlinked inode list pointer.
1789 * Hence the ordering needs to be inode allocation buffers first, inode items
1790 * second, inode unlink buffers third and cancelled buffers last.
1792 * But there's a problem with that - we can't tell an inode allocation buffer
1793 * apart from a regular buffer, so we can't separate them. We can, however,
1794 * tell an inode unlink buffer from the others, and so we can separate them out
1795 * from all the other buffers and move them to last.
1797 * Hence, 4 lists, in order from head to tail:
1798 * - buffer_list for all buffers except cancelled/inode unlink buffers
1799 * - item_list for all non-buffer items
1800 * - inode_buffer_list for inode unlink buffers
1801 * - cancel_list for the cancelled buffers
1803 * Note that we add objects to the tail of the lists so that first-to-last
1804 * ordering is preserved within the lists. Adding objects to the head of the
1805 * list means when we traverse from the head we walk them in last-to-first
1806 * order. For cancelled buffers and inode unlink buffers this doesn't matter,
1807 * but for all other items there may be specific ordering that we need to
1811 xlog_recover_reorder_trans(
1813 struct xlog_recover *trans,
1816 xlog_recover_item_t *item, *n;
1818 LIST_HEAD(sort_list);
1819 LIST_HEAD(cancel_list);
1820 LIST_HEAD(buffer_list);
1821 LIST_HEAD(inode_buffer_list);
1822 LIST_HEAD(inode_list);
1824 list_splice_init(&trans->r_itemq, &sort_list);
1825 list_for_each_entry_safe(item, n, &sort_list, ri_list) {
1826 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1828 switch (ITEM_TYPE(item)) {
1829 case XFS_LI_ICREATE:
1830 list_move_tail(&item->ri_list, &buffer_list);
1833 if (buf_f->blf_flags & XFS_BLF_CANCEL) {
1834 trace_xfs_log_recover_item_reorder_head(log,
1836 list_move(&item->ri_list, &cancel_list);
1839 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
1840 list_move(&item->ri_list, &inode_buffer_list);
1843 list_move_tail(&item->ri_list, &buffer_list);
1847 case XFS_LI_QUOTAOFF:
1850 trace_xfs_log_recover_item_reorder_tail(log,
1852 list_move_tail(&item->ri_list, &inode_list);
1856 "%s: unrecognized type of log operation",
1860 * return the remaining items back to the transaction
1861 * item list so they can be freed in caller.
1863 if (!list_empty(&sort_list))
1864 list_splice_init(&sort_list, &trans->r_itemq);
1870 ASSERT(list_empty(&sort_list));
1871 if (!list_empty(&buffer_list))
1872 list_splice(&buffer_list, &trans->r_itemq);
1873 if (!list_empty(&inode_list))
1874 list_splice_tail(&inode_list, &trans->r_itemq);
1875 if (!list_empty(&inode_buffer_list))
1876 list_splice_tail(&inode_buffer_list, &trans->r_itemq);
1877 if (!list_empty(&cancel_list))
1878 list_splice_tail(&cancel_list, &trans->r_itemq);
1883 * Build up the table of buf cancel records so that we don't replay
1884 * cancelled data in the second pass. For buffer records that are
1885 * not cancel records, there is nothing to do here so we just return.
1887 * If we get a cancel record which is already in the table, this indicates
1888 * that the buffer was cancelled multiple times. In order to ensure
1889 * that during pass 2 we keep the record in the table until we reach its
1890 * last occurrence in the log, we keep a reference count in the cancel
1891 * record in the table to tell us how many times we expect to see this
1892 * record during the second pass.
1895 xlog_recover_buffer_pass1(
1897 struct xlog_recover_item *item)
1899 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
1900 struct list_head *bucket;
1901 struct xfs_buf_cancel *bcp;
1904 * If this isn't a cancel buffer item, then just return.
1906 if (!(buf_f->blf_flags & XFS_BLF_CANCEL)) {
1907 trace_xfs_log_recover_buf_not_cancel(log, buf_f);
1912 * Insert an xfs_buf_cancel record into the hash table of them.
1913 * If there is already an identical record, bump its reference count.
1915 bucket = XLOG_BUF_CANCEL_BUCKET(log, buf_f->blf_blkno);
1916 list_for_each_entry(bcp, bucket, bc_list) {
1917 if (bcp->bc_blkno == buf_f->blf_blkno &&
1918 bcp->bc_len == buf_f->blf_len) {
1920 trace_xfs_log_recover_buf_cancel_ref_inc(log, buf_f);
1925 bcp = kmem_alloc(sizeof(struct xfs_buf_cancel), KM_SLEEP);
1926 bcp->bc_blkno = buf_f->blf_blkno;
1927 bcp->bc_len = buf_f->blf_len;
1928 bcp->bc_refcount = 1;
1929 list_add_tail(&bcp->bc_list, bucket);
1931 trace_xfs_log_recover_buf_cancel_add(log, buf_f);
1936 * Check to see whether the buffer being recovered has a corresponding
1937 * entry in the buffer cancel record table. If it is, return the cancel
1938 * buffer structure to the caller.
1940 STATIC struct xfs_buf_cancel *
1941 xlog_peek_buffer_cancelled(
1947 struct list_head *bucket;
1948 struct xfs_buf_cancel *bcp;
1950 if (!log->l_buf_cancel_table) {
1951 /* empty table means no cancelled buffers in the log */
1952 ASSERT(!(flags & XFS_BLF_CANCEL));
1956 bucket = XLOG_BUF_CANCEL_BUCKET(log, blkno);
1957 list_for_each_entry(bcp, bucket, bc_list) {
1958 if (bcp->bc_blkno == blkno && bcp->bc_len == len)
1963 * We didn't find a corresponding entry in the table, so return 0 so
1964 * that the buffer is NOT cancelled.
1966 ASSERT(!(flags & XFS_BLF_CANCEL));
1971 * If the buffer is being cancelled then return 1 so that it will be cancelled,
1972 * otherwise return 0. If the buffer is actually a buffer cancel item
1973 * (XFS_BLF_CANCEL is set), then decrement the refcount on the entry in the
1974 * table and remove it from the table if this is the last reference.
1976 * We remove the cancel record from the table when we encounter its last
1977 * occurrence in the log so that if the same buffer is re-used again after its
1978 * last cancellation we actually replay the changes made at that point.
1981 xlog_check_buffer_cancelled(
1987 struct xfs_buf_cancel *bcp;
1989 bcp = xlog_peek_buffer_cancelled(log, blkno, len, flags);
1994 * We've go a match, so return 1 so that the recovery of this buffer
1995 * is cancelled. If this buffer is actually a buffer cancel log
1996 * item, then decrement the refcount on the one in the table and
1997 * remove it if this is the last reference.
1999 if (flags & XFS_BLF_CANCEL) {
2000 if (--bcp->bc_refcount == 0) {
2001 list_del(&bcp->bc_list);
2009 * Perform recovery for a buffer full of inodes. In these buffers, the only
2010 * data which should be recovered is that which corresponds to the
2011 * di_next_unlinked pointers in the on disk inode structures. The rest of the
2012 * data for the inodes is always logged through the inodes themselves rather
2013 * than the inode buffer and is recovered in xlog_recover_inode_pass2().
2015 * The only time when buffers full of inodes are fully recovered is when the
2016 * buffer is full of newly allocated inodes. In this case the buffer will
2017 * not be marked as an inode buffer and so will be sent to
2018 * xlog_recover_do_reg_buffer() below during recovery.
2021 xlog_recover_do_inode_buffer(
2022 struct xfs_mount *mp,
2023 xlog_recover_item_t *item,
2025 xfs_buf_log_format_t *buf_f)
2031 int reg_buf_offset = 0;
2032 int reg_buf_bytes = 0;
2033 int next_unlinked_offset;
2035 xfs_agino_t *logged_nextp;
2036 xfs_agino_t *buffer_nextp;
2038 trace_xfs_log_recover_buf_inode_buf(mp->m_log, buf_f);
2041 * Post recovery validation only works properly on CRC enabled
2044 if (xfs_sb_version_hascrc(&mp->m_sb))
2045 bp->b_ops = &xfs_inode_buf_ops;
2047 inodes_per_buf = BBTOB(bp->b_io_length) >> mp->m_sb.sb_inodelog;
2048 for (i = 0; i < inodes_per_buf; i++) {
2049 next_unlinked_offset = (i * mp->m_sb.sb_inodesize) +
2050 offsetof(xfs_dinode_t, di_next_unlinked);
2052 while (next_unlinked_offset >=
2053 (reg_buf_offset + reg_buf_bytes)) {
2055 * The next di_next_unlinked field is beyond
2056 * the current logged region. Find the next
2057 * logged region that contains or is beyond
2058 * the current di_next_unlinked field.
2061 bit = xfs_next_bit(buf_f->blf_data_map,
2062 buf_f->blf_map_size, bit);
2065 * If there are no more logged regions in the
2066 * buffer, then we're done.
2071 nbits = xfs_contig_bits(buf_f->blf_data_map,
2072 buf_f->blf_map_size, bit);
2074 reg_buf_offset = bit << XFS_BLF_SHIFT;
2075 reg_buf_bytes = nbits << XFS_BLF_SHIFT;
2080 * If the current logged region starts after the current
2081 * di_next_unlinked field, then move on to the next
2082 * di_next_unlinked field.
2084 if (next_unlinked_offset < reg_buf_offset)
2087 ASSERT(item->ri_buf[item_index].i_addr != NULL);
2088 ASSERT((item->ri_buf[item_index].i_len % XFS_BLF_CHUNK) == 0);
2089 ASSERT((reg_buf_offset + reg_buf_bytes) <=
2090 BBTOB(bp->b_io_length));
2093 * The current logged region contains a copy of the
2094 * current di_next_unlinked field. Extract its value
2095 * and copy it to the buffer copy.
2097 logged_nextp = item->ri_buf[item_index].i_addr +
2098 next_unlinked_offset - reg_buf_offset;
2099 if (unlikely(*logged_nextp == 0)) {
2101 "Bad inode buffer log record (ptr = 0x%p, bp = 0x%p). "
2102 "Trying to replay bad (0) inode di_next_unlinked field.",
2104 XFS_ERROR_REPORT("xlog_recover_do_inode_buf",
2105 XFS_ERRLEVEL_LOW, mp);
2106 return -EFSCORRUPTED;
2109 buffer_nextp = xfs_buf_offset(bp, next_unlinked_offset);
2110 *buffer_nextp = *logged_nextp;
2113 * If necessary, recalculate the CRC in the on-disk inode. We
2114 * have to leave the inode in a consistent state for whoever
2117 xfs_dinode_calc_crc(mp,
2118 xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize));
2126 * V5 filesystems know the age of the buffer on disk being recovered. We can
2127 * have newer objects on disk than we are replaying, and so for these cases we
2128 * don't want to replay the current change as that will make the buffer contents
2129 * temporarily invalid on disk.
2131 * The magic number might not match the buffer type we are going to recover
2132 * (e.g. reallocated blocks), so we ignore the xfs_buf_log_format flags. Hence
2133 * extract the LSN of the existing object in the buffer based on it's current
2134 * magic number. If we don't recognise the magic number in the buffer, then
2135 * return a LSN of -1 so that the caller knows it was an unrecognised block and
2136 * so can recover the buffer.
2138 * Note: we cannot rely solely on magic number matches to determine that the
2139 * buffer has a valid LSN - we also need to verify that it belongs to this
2140 * filesystem, so we need to extract the object's LSN and compare it to that
2141 * which we read from the superblock. If the UUIDs don't match, then we've got a
2142 * stale metadata block from an old filesystem instance that we need to recover
2146 xlog_recover_get_buf_lsn(
2147 struct xfs_mount *mp,
2153 void *blk = bp->b_addr;
2157 /* v4 filesystems always recover immediately */
2158 if (!xfs_sb_version_hascrc(&mp->m_sb))
2159 goto recover_immediately;
2161 magic32 = be32_to_cpu(*(__be32 *)blk);
2163 case XFS_ABTB_CRC_MAGIC:
2164 case XFS_ABTC_CRC_MAGIC:
2165 case XFS_ABTB_MAGIC:
2166 case XFS_ABTC_MAGIC:
2167 case XFS_IBT_CRC_MAGIC:
2168 case XFS_IBT_MAGIC: {
2169 struct xfs_btree_block *btb = blk;
2171 lsn = be64_to_cpu(btb->bb_u.s.bb_lsn);
2172 uuid = &btb->bb_u.s.bb_uuid;
2175 case XFS_BMAP_CRC_MAGIC:
2176 case XFS_BMAP_MAGIC: {
2177 struct xfs_btree_block *btb = blk;
2179 lsn = be64_to_cpu(btb->bb_u.l.bb_lsn);
2180 uuid = &btb->bb_u.l.bb_uuid;
2184 lsn = be64_to_cpu(((struct xfs_agf *)blk)->agf_lsn);
2185 uuid = &((struct xfs_agf *)blk)->agf_uuid;
2187 case XFS_AGFL_MAGIC:
2188 lsn = be64_to_cpu(((struct xfs_agfl *)blk)->agfl_lsn);
2189 uuid = &((struct xfs_agfl *)blk)->agfl_uuid;
2192 lsn = be64_to_cpu(((struct xfs_agi *)blk)->agi_lsn);
2193 uuid = &((struct xfs_agi *)blk)->agi_uuid;
2195 case XFS_SYMLINK_MAGIC:
2196 lsn = be64_to_cpu(((struct xfs_dsymlink_hdr *)blk)->sl_lsn);
2197 uuid = &((struct xfs_dsymlink_hdr *)blk)->sl_uuid;
2199 case XFS_DIR3_BLOCK_MAGIC:
2200 case XFS_DIR3_DATA_MAGIC:
2201 case XFS_DIR3_FREE_MAGIC:
2202 lsn = be64_to_cpu(((struct xfs_dir3_blk_hdr *)blk)->lsn);
2203 uuid = &((struct xfs_dir3_blk_hdr *)blk)->uuid;
2205 case XFS_ATTR3_RMT_MAGIC:
2207 * Remote attr blocks are written synchronously, rather than
2208 * being logged. That means they do not contain a valid LSN
2209 * (i.e. transactionally ordered) in them, and hence any time we
2210 * see a buffer to replay over the top of a remote attribute
2211 * block we should simply do so.
2213 goto recover_immediately;
2216 * superblock uuids are magic. We may or may not have a
2217 * sb_meta_uuid on disk, but it will be set in the in-core
2218 * superblock. We set the uuid pointer for verification
2219 * according to the superblock feature mask to ensure we check
2220 * the relevant UUID in the superblock.
2222 lsn = be64_to_cpu(((struct xfs_dsb *)blk)->sb_lsn);
2223 if (xfs_sb_version_hasmetauuid(&mp->m_sb))
2224 uuid = &((struct xfs_dsb *)blk)->sb_meta_uuid;
2226 uuid = &((struct xfs_dsb *)blk)->sb_uuid;
2232 if (lsn != (xfs_lsn_t)-1) {
2233 if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid))
2234 goto recover_immediately;
2238 magicda = be16_to_cpu(((struct xfs_da_blkinfo *)blk)->magic);
2240 case XFS_DIR3_LEAF1_MAGIC:
2241 case XFS_DIR3_LEAFN_MAGIC:
2242 case XFS_DA3_NODE_MAGIC:
2243 lsn = be64_to_cpu(((struct xfs_da3_blkinfo *)blk)->lsn);
2244 uuid = &((struct xfs_da3_blkinfo *)blk)->uuid;
2250 if (lsn != (xfs_lsn_t)-1) {
2251 if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
2252 goto recover_immediately;
2257 * We do individual object checks on dquot and inode buffers as they
2258 * have their own individual LSN records. Also, we could have a stale
2259 * buffer here, so we have to at least recognise these buffer types.
2261 * A notd complexity here is inode unlinked list processing - it logs
2262 * the inode directly in the buffer, but we don't know which inodes have
2263 * been modified, and there is no global buffer LSN. Hence we need to
2264 * recover all inode buffer types immediately. This problem will be
2265 * fixed by logical logging of the unlinked list modifications.
2267 magic16 = be16_to_cpu(*(__be16 *)blk);
2269 case XFS_DQUOT_MAGIC:
2270 case XFS_DINODE_MAGIC:
2271 goto recover_immediately;
2276 /* unknown buffer contents, recover immediately */
2278 recover_immediately:
2279 return (xfs_lsn_t)-1;
2284 * Validate the recovered buffer is of the correct type and attach the
2285 * appropriate buffer operations to them for writeback. Magic numbers are in a
2287 * the first 16 bits of the buffer (inode buffer, dquot buffer),
2288 * the first 32 bits of the buffer (most blocks),
2289 * inside a struct xfs_da_blkinfo at the start of the buffer.
2292 xlog_recover_validate_buf_type(
2293 struct xfs_mount *mp,
2295 xfs_buf_log_format_t *buf_f)
2297 struct xfs_da_blkinfo *info = bp->b_addr;
2303 * We can only do post recovery validation on items on CRC enabled
2304 * fielsystems as we need to know when the buffer was written to be able
2305 * to determine if we should have replayed the item. If we replay old
2306 * metadata over a newer buffer, then it will enter a temporarily
2307 * inconsistent state resulting in verification failures. Hence for now
2308 * just avoid the verification stage for non-crc filesystems
2310 if (!xfs_sb_version_hascrc(&mp->m_sb))
2313 magic32 = be32_to_cpu(*(__be32 *)bp->b_addr);
2314 magic16 = be16_to_cpu(*(__be16*)bp->b_addr);
2315 magicda = be16_to_cpu(info->magic);
2316 switch (xfs_blft_from_flags(buf_f)) {
2317 case XFS_BLFT_BTREE_BUF:
2319 case XFS_ABTB_CRC_MAGIC:
2320 case XFS_ABTC_CRC_MAGIC:
2321 case XFS_ABTB_MAGIC:
2322 case XFS_ABTC_MAGIC:
2323 bp->b_ops = &xfs_allocbt_buf_ops;
2325 case XFS_IBT_CRC_MAGIC:
2326 case XFS_FIBT_CRC_MAGIC:
2328 case XFS_FIBT_MAGIC:
2329 bp->b_ops = &xfs_inobt_buf_ops;
2331 case XFS_BMAP_CRC_MAGIC:
2332 case XFS_BMAP_MAGIC:
2333 bp->b_ops = &xfs_bmbt_buf_ops;
2336 xfs_warn(mp, "Bad btree block magic!");
2341 case XFS_BLFT_AGF_BUF:
2342 if (magic32 != XFS_AGF_MAGIC) {
2343 xfs_warn(mp, "Bad AGF block magic!");
2347 bp->b_ops = &xfs_agf_buf_ops;
2349 case XFS_BLFT_AGFL_BUF:
2350 if (magic32 != XFS_AGFL_MAGIC) {
2351 xfs_warn(mp, "Bad AGFL block magic!");
2355 bp->b_ops = &xfs_agfl_buf_ops;
2357 case XFS_BLFT_AGI_BUF:
2358 if (magic32 != XFS_AGI_MAGIC) {
2359 xfs_warn(mp, "Bad AGI block magic!");
2363 bp->b_ops = &xfs_agi_buf_ops;
2365 case XFS_BLFT_UDQUOT_BUF:
2366 case XFS_BLFT_PDQUOT_BUF:
2367 case XFS_BLFT_GDQUOT_BUF:
2368 #ifdef CONFIG_XFS_QUOTA
2369 if (magic16 != XFS_DQUOT_MAGIC) {
2370 xfs_warn(mp, "Bad DQUOT block magic!");
2374 bp->b_ops = &xfs_dquot_buf_ops;
2377 "Trying to recover dquots without QUOTA support built in!");
2381 case XFS_BLFT_DINO_BUF:
2382 if (magic16 != XFS_DINODE_MAGIC) {
2383 xfs_warn(mp, "Bad INODE block magic!");
2387 bp->b_ops = &xfs_inode_buf_ops;
2389 case XFS_BLFT_SYMLINK_BUF:
2390 if (magic32 != XFS_SYMLINK_MAGIC) {
2391 xfs_warn(mp, "Bad symlink block magic!");
2395 bp->b_ops = &xfs_symlink_buf_ops;
2397 case XFS_BLFT_DIR_BLOCK_BUF:
2398 if (magic32 != XFS_DIR2_BLOCK_MAGIC &&
2399 magic32 != XFS_DIR3_BLOCK_MAGIC) {
2400 xfs_warn(mp, "Bad dir block magic!");
2404 bp->b_ops = &xfs_dir3_block_buf_ops;
2406 case XFS_BLFT_DIR_DATA_BUF:
2407 if (magic32 != XFS_DIR2_DATA_MAGIC &&
2408 magic32 != XFS_DIR3_DATA_MAGIC) {
2409 xfs_warn(mp, "Bad dir data magic!");
2413 bp->b_ops = &xfs_dir3_data_buf_ops;
2415 case XFS_BLFT_DIR_FREE_BUF:
2416 if (magic32 != XFS_DIR2_FREE_MAGIC &&
2417 magic32 != XFS_DIR3_FREE_MAGIC) {
2418 xfs_warn(mp, "Bad dir3 free magic!");
2422 bp->b_ops = &xfs_dir3_free_buf_ops;
2424 case XFS_BLFT_DIR_LEAF1_BUF:
2425 if (magicda != XFS_DIR2_LEAF1_MAGIC &&
2426 magicda != XFS_DIR3_LEAF1_MAGIC) {
2427 xfs_warn(mp, "Bad dir leaf1 magic!");
2431 bp->b_ops = &xfs_dir3_leaf1_buf_ops;
2433 case XFS_BLFT_DIR_LEAFN_BUF:
2434 if (magicda != XFS_DIR2_LEAFN_MAGIC &&
2435 magicda != XFS_DIR3_LEAFN_MAGIC) {
2436 xfs_warn(mp, "Bad dir leafn magic!");
2440 bp->b_ops = &xfs_dir3_leafn_buf_ops;
2442 case XFS_BLFT_DA_NODE_BUF:
2443 if (magicda != XFS_DA_NODE_MAGIC &&
2444 magicda != XFS_DA3_NODE_MAGIC) {
2445 xfs_warn(mp, "Bad da node magic!");
2449 bp->b_ops = &xfs_da3_node_buf_ops;
2451 case XFS_BLFT_ATTR_LEAF_BUF:
2452 if (magicda != XFS_ATTR_LEAF_MAGIC &&
2453 magicda != XFS_ATTR3_LEAF_MAGIC) {
2454 xfs_warn(mp, "Bad attr leaf magic!");
2458 bp->b_ops = &xfs_attr3_leaf_buf_ops;
2460 case XFS_BLFT_ATTR_RMT_BUF:
2461 if (magic32 != XFS_ATTR3_RMT_MAGIC) {
2462 xfs_warn(mp, "Bad attr remote magic!");
2466 bp->b_ops = &xfs_attr3_rmt_buf_ops;
2468 case XFS_BLFT_SB_BUF:
2469 if (magic32 != XFS_SB_MAGIC) {
2470 xfs_warn(mp, "Bad SB block magic!");
2474 bp->b_ops = &xfs_sb_buf_ops;
2477 xfs_warn(mp, "Unknown buffer type %d!",
2478 xfs_blft_from_flags(buf_f));
2484 * Perform a 'normal' buffer recovery. Each logged region of the
2485 * buffer should be copied over the corresponding region in the
2486 * given buffer. The bitmap in the buf log format structure indicates
2487 * where to place the logged data.
2490 xlog_recover_do_reg_buffer(
2491 struct xfs_mount *mp,
2492 xlog_recover_item_t *item,
2494 xfs_buf_log_format_t *buf_f)
2501 trace_xfs_log_recover_buf_reg_buf(mp->m_log, buf_f);
2504 i = 1; /* 0 is the buf format structure */
2506 bit = xfs_next_bit(buf_f->blf_data_map,
2507 buf_f->blf_map_size, bit);
2510 nbits = xfs_contig_bits(buf_f->blf_data_map,
2511 buf_f->blf_map_size, bit);
2513 ASSERT(item->ri_buf[i].i_addr != NULL);
2514 ASSERT(item->ri_buf[i].i_len % XFS_BLF_CHUNK == 0);
2515 ASSERT(BBTOB(bp->b_io_length) >=
2516 ((uint)bit << XFS_BLF_SHIFT) + (nbits << XFS_BLF_SHIFT));
2519 * The dirty regions logged in the buffer, even though
2520 * contiguous, may span multiple chunks. This is because the
2521 * dirty region may span a physical page boundary in a buffer
2522 * and hence be split into two separate vectors for writing into
2523 * the log. Hence we need to trim nbits back to the length of
2524 * the current region being copied out of the log.
2526 if (item->ri_buf[i].i_len < (nbits << XFS_BLF_SHIFT))
2527 nbits = item->ri_buf[i].i_len >> XFS_BLF_SHIFT;
2530 * Do a sanity check if this is a dquot buffer. Just checking
2531 * the first dquot in the buffer should do. XXXThis is
2532 * probably a good thing to do for other buf types also.
2535 if (buf_f->blf_flags &
2536 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2537 if (item->ri_buf[i].i_addr == NULL) {
2539 "XFS: NULL dquot in %s.", __func__);
2542 if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
2544 "XFS: dquot too small (%d) in %s.",
2545 item->ri_buf[i].i_len, __func__);
2548 error = xfs_dqcheck(mp, item->ri_buf[i].i_addr,
2549 -1, 0, XFS_QMOPT_DOWARN,
2550 "dquot_buf_recover");
2555 memcpy(xfs_buf_offset(bp,
2556 (uint)bit << XFS_BLF_SHIFT), /* dest */
2557 item->ri_buf[i].i_addr, /* source */
2558 nbits<<XFS_BLF_SHIFT); /* length */
2564 /* Shouldn't be any more regions */
2565 ASSERT(i == item->ri_total);
2567 xlog_recover_validate_buf_type(mp, bp, buf_f);
2571 * Perform a dquot buffer recovery.
2572 * Simple algorithm: if we have found a QUOTAOFF log item of the same type
2573 * (ie. USR or GRP), then just toss this buffer away; don't recover it.
2574 * Else, treat it as a regular buffer and do recovery.
2576 * Return false if the buffer was tossed and true if we recovered the buffer to
2577 * indicate to the caller if the buffer needs writing.
2580 xlog_recover_do_dquot_buffer(
2581 struct xfs_mount *mp,
2583 struct xlog_recover_item *item,
2585 struct xfs_buf_log_format *buf_f)
2589 trace_xfs_log_recover_buf_dquot_buf(log, buf_f);
2592 * Filesystems are required to send in quota flags at mount time.
2598 if (buf_f->blf_flags & XFS_BLF_UDQUOT_BUF)
2599 type |= XFS_DQ_USER;
2600 if (buf_f->blf_flags & XFS_BLF_PDQUOT_BUF)
2601 type |= XFS_DQ_PROJ;
2602 if (buf_f->blf_flags & XFS_BLF_GDQUOT_BUF)
2603 type |= XFS_DQ_GROUP;
2605 * This type of quotas was turned off, so ignore this buffer
2607 if (log->l_quotaoffs_flag & type)
2610 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2615 * This routine replays a modification made to a buffer at runtime.
2616 * There are actually two types of buffer, regular and inode, which
2617 * are handled differently. Inode buffers are handled differently
2618 * in that we only recover a specific set of data from them, namely
2619 * the inode di_next_unlinked fields. This is because all other inode
2620 * data is actually logged via inode records and any data we replay
2621 * here which overlaps that may be stale.
2623 * When meta-data buffers are freed at run time we log a buffer item
2624 * with the XFS_BLF_CANCEL bit set to indicate that previous copies
2625 * of the buffer in the log should not be replayed at recovery time.
2626 * This is so that if the blocks covered by the buffer are reused for
2627 * file data before we crash we don't end up replaying old, freed
2628 * meta-data into a user's file.
2630 * To handle the cancellation of buffer log items, we make two passes
2631 * over the log during recovery. During the first we build a table of
2632 * those buffers which have been cancelled, and during the second we
2633 * only replay those buffers which do not have corresponding cancel
2634 * records in the table. See xlog_recover_buffer_pass[1,2] above
2635 * for more details on the implementation of the table of cancel records.
2638 xlog_recover_buffer_pass2(
2640 struct list_head *buffer_list,
2641 struct xlog_recover_item *item,
2642 xfs_lsn_t current_lsn)
2644 xfs_buf_log_format_t *buf_f = item->ri_buf[0].i_addr;
2645 xfs_mount_t *mp = log->l_mp;
2652 * In this pass we only want to recover all the buffers which have
2653 * not been cancelled and are not cancellation buffers themselves.
2655 if (xlog_check_buffer_cancelled(log, buf_f->blf_blkno,
2656 buf_f->blf_len, buf_f->blf_flags)) {
2657 trace_xfs_log_recover_buf_cancel(log, buf_f);
2661 trace_xfs_log_recover_buf_recover(log, buf_f);
2664 if (buf_f->blf_flags & XFS_BLF_INODE_BUF)
2665 buf_flags |= XBF_UNMAPPED;
2667 bp = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len,
2671 error = bp->b_error;
2673 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#1)");
2678 * Recover the buffer only if we get an LSN from it and it's less than
2679 * the lsn of the transaction we are replaying.
2681 * Note that we have to be extremely careful of readahead here.
2682 * Readahead does not attach verfiers to the buffers so if we don't
2683 * actually do any replay after readahead because of the LSN we found
2684 * in the buffer if more recent than that current transaction then we
2685 * need to attach the verifier directly. Failure to do so can lead to
2686 * future recovery actions (e.g. EFI and unlinked list recovery) can
2687 * operate on the buffers and they won't get the verifier attached. This
2688 * can lead to blocks on disk having the correct content but a stale
2691 * It is safe to assume these clean buffers are currently up to date.
2692 * If the buffer is dirtied by a later transaction being replayed, then
2693 * the verifier will be reset to match whatever recover turns that
2696 lsn = xlog_recover_get_buf_lsn(mp, bp);
2697 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2698 xlog_recover_validate_buf_type(mp, bp, buf_f);
2702 if (buf_f->blf_flags & XFS_BLF_INODE_BUF) {
2703 error = xlog_recover_do_inode_buffer(mp, item, bp, buf_f);
2706 } else if (buf_f->blf_flags &
2707 (XFS_BLF_UDQUOT_BUF|XFS_BLF_PDQUOT_BUF|XFS_BLF_GDQUOT_BUF)) {
2710 dirty = xlog_recover_do_dquot_buffer(mp, log, item, bp, buf_f);
2714 xlog_recover_do_reg_buffer(mp, item, bp, buf_f);
2718 * Perform delayed write on the buffer. Asynchronous writes will be
2719 * slower when taking into account all the buffers to be flushed.
2721 * Also make sure that only inode buffers with good sizes stay in
2722 * the buffer cache. The kernel moves inodes in buffers of 1 block
2723 * or mp->m_inode_cluster_size bytes, whichever is bigger. The inode
2724 * buffers in the log can be a different size if the log was generated
2725 * by an older kernel using unclustered inode buffers or a newer kernel
2726 * running with a different inode cluster size. Regardless, if the
2727 * the inode buffer size isn't MAX(blocksize, mp->m_inode_cluster_size)
2728 * for *our* value of mp->m_inode_cluster_size, then we need to keep
2729 * the buffer out of the buffer cache so that the buffer won't
2730 * overlap with future reads of those inodes.
2732 if (XFS_DINODE_MAGIC ==
2733 be16_to_cpu(*((__be16 *)xfs_buf_offset(bp, 0))) &&
2734 (BBTOB(bp->b_io_length) != MAX(log->l_mp->m_sb.sb_blocksize,
2735 (__uint32_t)log->l_mp->m_inode_cluster_size))) {
2737 error = xfs_bwrite(bp);
2739 ASSERT(bp->b_target->bt_mount == mp);
2740 bp->b_iodone = xlog_recover_iodone;
2741 xfs_buf_delwri_queue(bp, buffer_list);
2750 * Inode fork owner changes
2752 * If we have been told that we have to reparent the inode fork, it's because an
2753 * extent swap operation on a CRC enabled filesystem has been done and we are
2754 * replaying it. We need to walk the BMBT of the appropriate fork and change the
2757 * The complexity here is that we don't have an inode context to work with, so
2758 * after we've replayed the inode we need to instantiate one. This is where the
2761 * We are in the middle of log recovery, so we can't run transactions. That
2762 * means we cannot use cache coherent inode instantiation via xfs_iget(), as
2763 * that will result in the corresponding iput() running the inode through
2764 * xfs_inactive(). If we've just replayed an inode core that changes the link
2765 * count to zero (i.e. it's been unlinked), then xfs_inactive() will run
2766 * transactions (bad!).
2768 * So, to avoid this, we instantiate an inode directly from the inode core we've
2769 * just recovered. We have the buffer still locked, and all we really need to
2770 * instantiate is the inode core and the forks being modified. We can do this
2771 * manually, then run the inode btree owner change, and then tear down the
2772 * xfs_inode without having to run any transactions at all.
2774 * Also, because we don't have a transaction context available here but need to
2775 * gather all the buffers we modify for writeback so we pass the buffer_list
2776 * instead for the operation to use.
2780 xfs_recover_inode_owner_change(
2781 struct xfs_mount *mp,
2782 struct xfs_dinode *dip,
2783 struct xfs_inode_log_format *in_f,
2784 struct list_head *buffer_list)
2786 struct xfs_inode *ip;
2789 ASSERT(in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER));
2791 ip = xfs_inode_alloc(mp, in_f->ilf_ino);
2795 /* instantiate the inode */
2796 xfs_dinode_from_disk(&ip->i_d, dip);
2797 ASSERT(ip->i_d.di_version >= 3);
2799 error = xfs_iformat_fork(ip, dip);
2804 if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
2805 ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
2806 error = xfs_bmbt_change_owner(NULL, ip, XFS_DATA_FORK,
2807 ip->i_ino, buffer_list);
2812 if (in_f->ilf_fields & XFS_ILOG_AOWNER) {
2813 ASSERT(in_f->ilf_fields & XFS_ILOG_ABROOT);
2814 error = xfs_bmbt_change_owner(NULL, ip, XFS_ATTR_FORK,
2815 ip->i_ino, buffer_list);
2826 xlog_recover_inode_pass2(
2828 struct list_head *buffer_list,
2829 struct xlog_recover_item *item,
2830 xfs_lsn_t current_lsn)
2832 xfs_inode_log_format_t *in_f;
2833 xfs_mount_t *mp = log->l_mp;
2842 xfs_icdinode_t *dicp;
2846 if (item->ri_buf[0].i_len == sizeof(xfs_inode_log_format_t)) {
2847 in_f = item->ri_buf[0].i_addr;
2849 in_f = kmem_alloc(sizeof(xfs_inode_log_format_t), KM_SLEEP);
2851 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
2857 * Inode buffers can be freed, look out for it,
2858 * and do not replay the inode.
2860 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
2861 in_f->ilf_len, 0)) {
2863 trace_xfs_log_recover_inode_cancel(log, in_f);
2866 trace_xfs_log_recover_inode_recover(log, in_f);
2868 bp = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len, 0,
2869 &xfs_inode_buf_ops);
2874 error = bp->b_error;
2876 xfs_buf_ioerror_alert(bp, "xlog_recover_do..(read#2)");
2879 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
2880 dip = xfs_buf_offset(bp, in_f->ilf_boffset);
2883 * Make sure the place we're flushing out to really looks
2886 if (unlikely(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))) {
2888 "%s: Bad inode magic number, dip = 0x%p, dino bp = 0x%p, ino = %Ld",
2889 __func__, dip, bp, in_f->ilf_ino);
2890 XFS_ERROR_REPORT("xlog_recover_inode_pass2(1)",
2891 XFS_ERRLEVEL_LOW, mp);
2892 error = -EFSCORRUPTED;
2895 dicp = item->ri_buf[1].i_addr;
2896 if (unlikely(dicp->di_magic != XFS_DINODE_MAGIC)) {
2898 "%s: Bad inode log record, rec ptr 0x%p, ino %Ld",
2899 __func__, item, in_f->ilf_ino);
2900 XFS_ERROR_REPORT("xlog_recover_inode_pass2(2)",
2901 XFS_ERRLEVEL_LOW, mp);
2902 error = -EFSCORRUPTED;
2907 * If the inode has an LSN in it, recover the inode only if it's less
2908 * than the lsn of the transaction we are replaying. Note: we still
2909 * need to replay an owner change even though the inode is more recent
2910 * than the transaction as there is no guarantee that all the btree
2911 * blocks are more recent than this transaction, too.
2913 if (dip->di_version >= 3) {
2914 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
2916 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
2917 trace_xfs_log_recover_inode_skip(log, in_f);
2919 goto out_owner_change;
2924 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
2925 * are transactional and if ordering is necessary we can determine that
2926 * more accurately by the LSN field in the V3 inode core. Don't trust
2927 * the inode versions we might be changing them here - use the
2928 * superblock flag to determine whether we need to look at di_flushiter
2929 * to skip replay when the on disk inode is newer than the log one
2931 if (!xfs_sb_version_hascrc(&mp->m_sb) &&
2932 dicp->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
2934 * Deal with the wrap case, DI_MAX_FLUSH is less
2935 * than smaller numbers
2937 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
2938 dicp->di_flushiter < (DI_MAX_FLUSH >> 1)) {
2941 trace_xfs_log_recover_inode_skip(log, in_f);
2947 /* Take the opportunity to reset the flush iteration count */
2948 dicp->di_flushiter = 0;
2950 if (unlikely(S_ISREG(dicp->di_mode))) {
2951 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2952 (dicp->di_format != XFS_DINODE_FMT_BTREE)) {
2953 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
2954 XFS_ERRLEVEL_LOW, mp, dicp);
2956 "%s: Bad regular inode log record, rec ptr 0x%p, "
2957 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2958 __func__, item, dip, bp, in_f->ilf_ino);
2959 error = -EFSCORRUPTED;
2962 } else if (unlikely(S_ISDIR(dicp->di_mode))) {
2963 if ((dicp->di_format != XFS_DINODE_FMT_EXTENTS) &&
2964 (dicp->di_format != XFS_DINODE_FMT_BTREE) &&
2965 (dicp->di_format != XFS_DINODE_FMT_LOCAL)) {
2966 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
2967 XFS_ERRLEVEL_LOW, mp, dicp);
2969 "%s: Bad dir inode log record, rec ptr 0x%p, "
2970 "ino ptr = 0x%p, ino bp = 0x%p, ino %Ld",
2971 __func__, item, dip, bp, in_f->ilf_ino);
2972 error = -EFSCORRUPTED;
2976 if (unlikely(dicp->di_nextents + dicp->di_anextents > dicp->di_nblocks)){
2977 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
2978 XFS_ERRLEVEL_LOW, mp, dicp);
2980 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2981 "dino bp 0x%p, ino %Ld, total extents = %d, nblocks = %Ld",
2982 __func__, item, dip, bp, in_f->ilf_ino,
2983 dicp->di_nextents + dicp->di_anextents,
2985 error = -EFSCORRUPTED;
2988 if (unlikely(dicp->di_forkoff > mp->m_sb.sb_inodesize)) {
2989 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
2990 XFS_ERRLEVEL_LOW, mp, dicp);
2992 "%s: Bad inode log record, rec ptr 0x%p, dino ptr 0x%p, "
2993 "dino bp 0x%p, ino %Ld, forkoff 0x%x", __func__,
2994 item, dip, bp, in_f->ilf_ino, dicp->di_forkoff);
2995 error = -EFSCORRUPTED;
2998 isize = xfs_icdinode_size(dicp->di_version);
2999 if (unlikely(item->ri_buf[1].i_len > isize)) {
3000 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
3001 XFS_ERRLEVEL_LOW, mp, dicp);
3003 "%s: Bad inode log record length %d, rec ptr 0x%p",
3004 __func__, item->ri_buf[1].i_len, item);
3005 error = -EFSCORRUPTED;
3009 /* The core is in in-core format */
3010 xfs_dinode_to_disk(dip, dicp);
3012 /* the rest is in on-disk format */
3013 if (item->ri_buf[1].i_len > isize) {
3014 memcpy((char *)dip + isize,
3015 item->ri_buf[1].i_addr + isize,
3016 item->ri_buf[1].i_len - isize);
3019 fields = in_f->ilf_fields;
3020 switch (fields & (XFS_ILOG_DEV | XFS_ILOG_UUID)) {
3022 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
3025 memcpy(XFS_DFORK_DPTR(dip),
3026 &in_f->ilf_u.ilfu_uuid,
3031 if (in_f->ilf_size == 2)
3032 goto out_owner_change;
3033 len = item->ri_buf[2].i_len;
3034 src = item->ri_buf[2].i_addr;
3035 ASSERT(in_f->ilf_size <= 4);
3036 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
3037 ASSERT(!(fields & XFS_ILOG_DFORK) ||
3038 (len == in_f->ilf_dsize));
3040 switch (fields & XFS_ILOG_DFORK) {
3041 case XFS_ILOG_DDATA:
3043 memcpy(XFS_DFORK_DPTR(dip), src, len);
3046 case XFS_ILOG_DBROOT:
3047 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
3048 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
3049 XFS_DFORK_DSIZE(dip, mp));
3054 * There are no data fork flags set.
3056 ASSERT((fields & XFS_ILOG_DFORK) == 0);
3061 * If we logged any attribute data, recover it. There may or
3062 * may not have been any other non-core data logged in this
3065 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
3066 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
3071 len = item->ri_buf[attr_index].i_len;
3072 src = item->ri_buf[attr_index].i_addr;
3073 ASSERT(len == in_f->ilf_asize);
3075 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
3076 case XFS_ILOG_ADATA:
3078 dest = XFS_DFORK_APTR(dip);
3079 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
3080 memcpy(dest, src, len);
3083 case XFS_ILOG_ABROOT:
3084 dest = XFS_DFORK_APTR(dip);
3085 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
3086 len, (xfs_bmdr_block_t*)dest,
3087 XFS_DFORK_ASIZE(dip, mp));
3091 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
3099 if (in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER))
3100 error = xfs_recover_inode_owner_change(mp, dip, in_f,
3102 /* re-generate the checksum. */
3103 xfs_dinode_calc_crc(log->l_mp, dip);
3105 ASSERT(bp->b_target->bt_mount == mp);
3106 bp->b_iodone = xlog_recover_iodone;
3107 xfs_buf_delwri_queue(bp, buffer_list);
3118 * Recover QUOTAOFF records. We simply make a note of it in the xlog
3119 * structure, so that we know not to do any dquot item or dquot buffer recovery,
3123 xlog_recover_quotaoff_pass1(
3125 struct xlog_recover_item *item)
3127 xfs_qoff_logformat_t *qoff_f = item->ri_buf[0].i_addr;
3131 * The logitem format's flag tells us if this was user quotaoff,
3132 * group/project quotaoff or both.
3134 if (qoff_f->qf_flags & XFS_UQUOTA_ACCT)
3135 log->l_quotaoffs_flag |= XFS_DQ_USER;
3136 if (qoff_f->qf_flags & XFS_PQUOTA_ACCT)
3137 log->l_quotaoffs_flag |= XFS_DQ_PROJ;
3138 if (qoff_f->qf_flags & XFS_GQUOTA_ACCT)
3139 log->l_quotaoffs_flag |= XFS_DQ_GROUP;
3145 * Recover a dquot record
3148 xlog_recover_dquot_pass2(
3150 struct list_head *buffer_list,
3151 struct xlog_recover_item *item,
3152 xfs_lsn_t current_lsn)
3154 xfs_mount_t *mp = log->l_mp;
3156 struct xfs_disk_dquot *ddq, *recddq;
3158 xfs_dq_logformat_t *dq_f;
3163 * Filesystems are required to send in quota flags at mount time.
3165 if (mp->m_qflags == 0)
3168 recddq = item->ri_buf[1].i_addr;
3169 if (recddq == NULL) {
3170 xfs_alert(log->l_mp, "NULL dquot in %s.", __func__);
3173 if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
3174 xfs_alert(log->l_mp, "dquot too small (%d) in %s.",
3175 item->ri_buf[1].i_len, __func__);
3180 * This type of quotas was turned off, so ignore this record.
3182 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3184 if (log->l_quotaoffs_flag & type)
3188 * At this point we know that quota was _not_ turned off.
3189 * Since the mount flags are not indicating to us otherwise, this
3190 * must mean that quota is on, and the dquot needs to be replayed.
3191 * Remember that we may not have fully recovered the superblock yet,
3192 * so we can't do the usual trick of looking at the SB quota bits.
3194 * The other possibility, of course, is that the quota subsystem was
3195 * removed since the last mount - ENOSYS.
3197 dq_f = item->ri_buf[0].i_addr;
3199 error = xfs_dqcheck(mp, recddq, dq_f->qlf_id, 0, XFS_QMOPT_DOWARN,
3200 "xlog_recover_dquot_pass2 (log copy)");
3203 ASSERT(dq_f->qlf_len == 1);
3206 * At this point we are assuming that the dquots have been allocated
3207 * and hence the buffer has valid dquots stamped in it. It should,
3208 * therefore, pass verifier validation. If the dquot is bad, then the
3209 * we'll return an error here, so we don't need to specifically check
3210 * the dquot in the buffer after the verifier has run.
3212 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dq_f->qlf_blkno,
3213 XFS_FSB_TO_BB(mp, dq_f->qlf_len), 0, &bp,
3214 &xfs_dquot_buf_ops);
3219 ddq = xfs_buf_offset(bp, dq_f->qlf_boffset);
3222 * If the dquot has an LSN in it, recover the dquot only if it's less
3223 * than the lsn of the transaction we are replaying.
3225 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3226 struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
3227 xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
3229 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
3234 memcpy(ddq, recddq, item->ri_buf[1].i_len);
3235 if (xfs_sb_version_hascrc(&mp->m_sb)) {
3236 xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
3240 ASSERT(dq_f->qlf_size == 2);
3241 ASSERT(bp->b_target->bt_mount == mp);
3242 bp->b_iodone = xlog_recover_iodone;
3243 xfs_buf_delwri_queue(bp, buffer_list);
3251 * This routine is called to create an in-core extent free intent
3252 * item from the efi format structure which was logged on disk.
3253 * It allocates an in-core efi, copies the extents from the format
3254 * structure into it, and adds the efi to the AIL with the given
3258 xlog_recover_efi_pass2(
3260 struct xlog_recover_item *item,
3264 struct xfs_mount *mp = log->l_mp;
3265 struct xfs_efi_log_item *efip;
3266 struct xfs_efi_log_format *efi_formatp;
3268 efi_formatp = item->ri_buf[0].i_addr;
3270 efip = xfs_efi_init(mp, efi_formatp->efi_nextents);
3271 error = xfs_efi_copy_format(&item->ri_buf[0], &efip->efi_format);
3273 xfs_efi_item_free(efip);
3276 atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
3278 spin_lock(&log->l_ailp->xa_lock);
3280 * The EFI has two references. One for the EFD and one for EFI to ensure
3281 * it makes it into the AIL. Insert the EFI into the AIL directly and
3282 * drop the EFI reference. Note that xfs_trans_ail_update() drops the
3285 xfs_trans_ail_update(log->l_ailp, &efip->efi_item, lsn);
3286 xfs_efi_release(efip);
3292 * This routine is called when an EFD format structure is found in a committed
3293 * transaction in the log. Its purpose is to cancel the corresponding EFI if it
3294 * was still in the log. To do this it searches the AIL for the EFI with an id
3295 * equal to that in the EFD format structure. If we find it we drop the EFD
3296 * reference, which removes the EFI from the AIL and frees it.
3299 xlog_recover_efd_pass2(
3301 struct xlog_recover_item *item)
3303 xfs_efd_log_format_t *efd_formatp;
3304 xfs_efi_log_item_t *efip = NULL;
3305 xfs_log_item_t *lip;
3307 struct xfs_ail_cursor cur;
3308 struct xfs_ail *ailp = log->l_ailp;
3310 efd_formatp = item->ri_buf[0].i_addr;
3311 ASSERT((item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_32_t) +
3312 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_32_t)))) ||
3313 (item->ri_buf[0].i_len == (sizeof(xfs_efd_log_format_64_t) +
3314 ((efd_formatp->efd_nextents - 1) * sizeof(xfs_extent_64_t)))));
3315 efi_id = efd_formatp->efd_efi_id;
3318 * Search for the EFI with the id in the EFD format structure in the
3321 spin_lock(&ailp->xa_lock);
3322 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
3323 while (lip != NULL) {
3324 if (lip->li_type == XFS_LI_EFI) {
3325 efip = (xfs_efi_log_item_t *)lip;
3326 if (efip->efi_format.efi_id == efi_id) {
3328 * Drop the EFD reference to the EFI. This
3329 * removes the EFI from the AIL and frees it.
3331 spin_unlock(&ailp->xa_lock);
3332 xfs_efi_release(efip);
3333 spin_lock(&ailp->xa_lock);
3337 lip = xfs_trans_ail_cursor_next(ailp, &cur);
3340 xfs_trans_ail_cursor_done(&cur);
3341 spin_unlock(&ailp->xa_lock);
3347 * This routine is called when an inode create format structure is found in a
3348 * committed transaction in the log. It's purpose is to initialise the inodes
3349 * being allocated on disk. This requires us to get inode cluster buffers that
3350 * match the range to be intialised, stamped with inode templates and written
3351 * by delayed write so that subsequent modifications will hit the cached buffer
3352 * and only need writing out at the end of recovery.
3355 xlog_recover_do_icreate_pass2(
3357 struct list_head *buffer_list,
3358 xlog_recover_item_t *item)
3360 struct xfs_mount *mp = log->l_mp;
3361 struct xfs_icreate_log *icl;
3362 xfs_agnumber_t agno;
3363 xfs_agblock_t agbno;
3366 xfs_agblock_t length;
3367 int blks_per_cluster;
3373 icl = (struct xfs_icreate_log *)item->ri_buf[0].i_addr;
3374 if (icl->icl_type != XFS_LI_ICREATE) {
3375 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad type");
3379 if (icl->icl_size != 1) {
3380 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad icl size");
3384 agno = be32_to_cpu(icl->icl_ag);
3385 if (agno >= mp->m_sb.sb_agcount) {
3386 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agno");
3389 agbno = be32_to_cpu(icl->icl_agbno);
3390 if (!agbno || agbno == NULLAGBLOCK || agbno >= mp->m_sb.sb_agblocks) {
3391 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad agbno");
3394 isize = be32_to_cpu(icl->icl_isize);
3395 if (isize != mp->m_sb.sb_inodesize) {
3396 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad isize");
3399 count = be32_to_cpu(icl->icl_count);
3401 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad count");
3404 length = be32_to_cpu(icl->icl_length);
3405 if (!length || length >= mp->m_sb.sb_agblocks) {
3406 xfs_warn(log->l_mp, "xlog_recover_do_icreate_trans: bad length");
3411 * The inode chunk is either full or sparse and we only support
3412 * m_ialloc_min_blks sized sparse allocations at this time.
3414 if (length != mp->m_ialloc_blks &&
3415 length != mp->m_ialloc_min_blks) {
3417 "%s: unsupported chunk length", __FUNCTION__);
3421 /* verify inode count is consistent with extent length */
3422 if ((count >> mp->m_sb.sb_inopblog) != length) {
3424 "%s: inconsistent inode count and chunk length",
3430 * The icreate transaction can cover multiple cluster buffers and these
3431 * buffers could have been freed and reused. Check the individual
3432 * buffers for cancellation so we don't overwrite anything written after
3435 blks_per_cluster = xfs_icluster_size_fsb(mp);
3436 bb_per_cluster = XFS_FSB_TO_BB(mp, blks_per_cluster);
3437 nbufs = length / blks_per_cluster;
3438 for (i = 0, cancel_count = 0; i < nbufs; i++) {
3441 daddr = XFS_AGB_TO_DADDR(mp, agno,
3442 agbno + i * blks_per_cluster);
3443 if (xlog_check_buffer_cancelled(log, daddr, bb_per_cluster, 0))
3448 * We currently only use icreate for a single allocation at a time. This
3449 * means we should expect either all or none of the buffers to be
3450 * cancelled. Be conservative and skip replay if at least one buffer is
3451 * cancelled, but warn the user that something is awry if the buffers
3452 * are not consistent.
3454 * XXX: This must be refined to only skip cancelled clusters once we use
3455 * icreate for multiple chunk allocations.
3457 ASSERT(!cancel_count || cancel_count == nbufs);
3459 if (cancel_count != nbufs)
3461 "WARNING: partial inode chunk cancellation, skipped icreate.");
3462 trace_xfs_log_recover_icreate_cancel(log, icl);
3466 trace_xfs_log_recover_icreate_recover(log, icl);
3467 return xfs_ialloc_inode_init(mp, NULL, buffer_list, count, agno, agbno,
3468 length, be32_to_cpu(icl->icl_gen));
3472 xlog_recover_buffer_ra_pass2(
3474 struct xlog_recover_item *item)
3476 struct xfs_buf_log_format *buf_f = item->ri_buf[0].i_addr;
3477 struct xfs_mount *mp = log->l_mp;
3479 if (xlog_peek_buffer_cancelled(log, buf_f->blf_blkno,
3480 buf_f->blf_len, buf_f->blf_flags)) {
3484 xfs_buf_readahead(mp->m_ddev_targp, buf_f->blf_blkno,
3485 buf_f->blf_len, NULL);
3489 xlog_recover_inode_ra_pass2(
3491 struct xlog_recover_item *item)
3493 struct xfs_inode_log_format ilf_buf;
3494 struct xfs_inode_log_format *ilfp;
3495 struct xfs_mount *mp = log->l_mp;
3498 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
3499 ilfp = item->ri_buf[0].i_addr;
3502 memset(ilfp, 0, sizeof(*ilfp));
3503 error = xfs_inode_item_format_convert(&item->ri_buf[0], ilfp);
3508 if (xlog_peek_buffer_cancelled(log, ilfp->ilf_blkno, ilfp->ilf_len, 0))
3511 xfs_buf_readahead(mp->m_ddev_targp, ilfp->ilf_blkno,
3512 ilfp->ilf_len, &xfs_inode_buf_ra_ops);
3516 xlog_recover_dquot_ra_pass2(
3518 struct xlog_recover_item *item)
3520 struct xfs_mount *mp = log->l_mp;
3521 struct xfs_disk_dquot *recddq;
3522 struct xfs_dq_logformat *dq_f;
3527 if (mp->m_qflags == 0)
3530 recddq = item->ri_buf[1].i_addr;
3533 if (item->ri_buf[1].i_len < sizeof(struct xfs_disk_dquot))
3536 type = recddq->d_flags & (XFS_DQ_USER | XFS_DQ_PROJ | XFS_DQ_GROUP);
3538 if (log->l_quotaoffs_flag & type)
3541 dq_f = item->ri_buf[0].i_addr;
3543 ASSERT(dq_f->qlf_len == 1);
3545 len = XFS_FSB_TO_BB(mp, dq_f->qlf_len);
3546 if (xlog_peek_buffer_cancelled(log, dq_f->qlf_blkno, len, 0))
3549 xfs_buf_readahead(mp->m_ddev_targp, dq_f->qlf_blkno, len,
3550 &xfs_dquot_buf_ra_ops);
3554 xlog_recover_ra_pass2(
3556 struct xlog_recover_item *item)
3558 switch (ITEM_TYPE(item)) {
3560 xlog_recover_buffer_ra_pass2(log, item);
3563 xlog_recover_inode_ra_pass2(log, item);
3566 xlog_recover_dquot_ra_pass2(log, item);
3570 case XFS_LI_QUOTAOFF:
3577 xlog_recover_commit_pass1(
3579 struct xlog_recover *trans,
3580 struct xlog_recover_item *item)
3582 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS1);
3584 switch (ITEM_TYPE(item)) {
3586 return xlog_recover_buffer_pass1(log, item);
3587 case XFS_LI_QUOTAOFF:
3588 return xlog_recover_quotaoff_pass1(log, item);
3593 case XFS_LI_ICREATE:
3594 /* nothing to do in pass 1 */
3597 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3598 __func__, ITEM_TYPE(item));
3605 xlog_recover_commit_pass2(
3607 struct xlog_recover *trans,
3608 struct list_head *buffer_list,
3609 struct xlog_recover_item *item)
3611 trace_xfs_log_recover_item_recover(log, trans, item, XLOG_RECOVER_PASS2);
3613 switch (ITEM_TYPE(item)) {
3615 return xlog_recover_buffer_pass2(log, buffer_list, item,
3618 return xlog_recover_inode_pass2(log, buffer_list, item,
3621 return xlog_recover_efi_pass2(log, item, trans->r_lsn);
3623 return xlog_recover_efd_pass2(log, item);
3625 return xlog_recover_dquot_pass2(log, buffer_list, item,
3627 case XFS_LI_ICREATE:
3628 return xlog_recover_do_icreate_pass2(log, buffer_list, item);
3629 case XFS_LI_QUOTAOFF:
3630 /* nothing to do in pass2 */
3633 xfs_warn(log->l_mp, "%s: invalid item type (%d)",
3634 __func__, ITEM_TYPE(item));
3641 xlog_recover_items_pass2(
3643 struct xlog_recover *trans,
3644 struct list_head *buffer_list,
3645 struct list_head *item_list)
3647 struct xlog_recover_item *item;
3650 list_for_each_entry(item, item_list, ri_list) {
3651 error = xlog_recover_commit_pass2(log, trans,
3661 * Perform the transaction.
3663 * If the transaction modifies a buffer or inode, do it now. Otherwise,
3664 * EFIs and EFDs get queued up by adding entries into the AIL for them.
3667 xlog_recover_commit_trans(
3669 struct xlog_recover *trans,
3674 int items_queued = 0;
3675 struct xlog_recover_item *item;
3676 struct xlog_recover_item *next;
3677 LIST_HEAD (buffer_list);
3678 LIST_HEAD (ra_list);
3679 LIST_HEAD (done_list);
3681 #define XLOG_RECOVER_COMMIT_QUEUE_MAX 100
3683 hlist_del(&trans->r_list);
3685 error = xlog_recover_reorder_trans(log, trans, pass);
3689 list_for_each_entry_safe(item, next, &trans->r_itemq, ri_list) {
3691 case XLOG_RECOVER_PASS1:
3692 error = xlog_recover_commit_pass1(log, trans, item);
3694 case XLOG_RECOVER_PASS2:
3695 xlog_recover_ra_pass2(log, item);
3696 list_move_tail(&item->ri_list, &ra_list);
3698 if (items_queued >= XLOG_RECOVER_COMMIT_QUEUE_MAX) {
3699 error = xlog_recover_items_pass2(log, trans,
3700 &buffer_list, &ra_list);
3701 list_splice_tail_init(&ra_list, &done_list);
3715 if (!list_empty(&ra_list)) {
3717 error = xlog_recover_items_pass2(log, trans,
3718 &buffer_list, &ra_list);
3719 list_splice_tail_init(&ra_list, &done_list);
3722 if (!list_empty(&done_list))
3723 list_splice_init(&done_list, &trans->r_itemq);
3725 error2 = xfs_buf_delwri_submit(&buffer_list);
3726 return error ? error : error2;
3730 xlog_recover_add_item(
3731 struct list_head *head)
3733 xlog_recover_item_t *item;
3735 item = kmem_zalloc(sizeof(xlog_recover_item_t), KM_SLEEP);
3736 INIT_LIST_HEAD(&item->ri_list);
3737 list_add_tail(&item->ri_list, head);
3741 xlog_recover_add_to_cont_trans(
3743 struct xlog_recover *trans,
3747 xlog_recover_item_t *item;
3748 char *ptr, *old_ptr;
3752 * If the transaction is empty, the header was split across this and the
3753 * previous record. Copy the rest of the header.
3755 if (list_empty(&trans->r_itemq)) {
3756 ASSERT(len <= sizeof(struct xfs_trans_header));
3757 if (len > sizeof(struct xfs_trans_header)) {
3758 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3762 xlog_recover_add_item(&trans->r_itemq);
3763 ptr = (char *)&trans->r_theader +
3764 sizeof(struct xfs_trans_header) - len;
3765 memcpy(ptr, dp, len);
3769 /* take the tail entry */
3770 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3772 old_ptr = item->ri_buf[item->ri_cnt-1].i_addr;
3773 old_len = item->ri_buf[item->ri_cnt-1].i_len;
3775 ptr = kmem_realloc(old_ptr, len+old_len, old_len, KM_SLEEP);
3776 memcpy(&ptr[old_len], dp, len);
3777 item->ri_buf[item->ri_cnt-1].i_len += len;
3778 item->ri_buf[item->ri_cnt-1].i_addr = ptr;
3779 trace_xfs_log_recover_item_add_cont(log, trans, item, 0);
3784 * The next region to add is the start of a new region. It could be
3785 * a whole region or it could be the first part of a new region. Because
3786 * of this, the assumption here is that the type and size fields of all
3787 * format structures fit into the first 32 bits of the structure.
3789 * This works because all regions must be 32 bit aligned. Therefore, we
3790 * either have both fields or we have neither field. In the case we have
3791 * neither field, the data part of the region is zero length. We only have
3792 * a log_op_header and can throw away the header since a new one will appear
3793 * later. If we have at least 4 bytes, then we can determine how many regions
3794 * will appear in the current log item.
3797 xlog_recover_add_to_trans(
3799 struct xlog_recover *trans,
3803 xfs_inode_log_format_t *in_f; /* any will do */
3804 xlog_recover_item_t *item;
3809 if (list_empty(&trans->r_itemq)) {
3810 /* we need to catch log corruptions here */
3811 if (*(uint *)dp != XFS_TRANS_HEADER_MAGIC) {
3812 xfs_warn(log->l_mp, "%s: bad header magic number",
3818 if (len > sizeof(struct xfs_trans_header)) {
3819 xfs_warn(log->l_mp, "%s: bad header length", __func__);
3825 * The transaction header can be arbitrarily split across op
3826 * records. If we don't have the whole thing here, copy what we
3827 * do have and handle the rest in the next record.
3829 if (len == sizeof(struct xfs_trans_header))
3830 xlog_recover_add_item(&trans->r_itemq);
3831 memcpy(&trans->r_theader, dp, len);
3835 ptr = kmem_alloc(len, KM_SLEEP);
3836 memcpy(ptr, dp, len);
3837 in_f = (xfs_inode_log_format_t *)ptr;
3839 /* take the tail entry */
3840 item = list_entry(trans->r_itemq.prev, xlog_recover_item_t, ri_list);
3841 if (item->ri_total != 0 &&
3842 item->ri_total == item->ri_cnt) {
3843 /* tail item is in use, get a new one */
3844 xlog_recover_add_item(&trans->r_itemq);
3845 item = list_entry(trans->r_itemq.prev,
3846 xlog_recover_item_t, ri_list);
3849 if (item->ri_total == 0) { /* first region to be added */
3850 if (in_f->ilf_size == 0 ||
3851 in_f->ilf_size > XLOG_MAX_REGIONS_IN_ITEM) {
3853 "bad number of regions (%d) in inode log format",
3860 item->ri_total = in_f->ilf_size;
3862 kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
3865 ASSERT(item->ri_total > item->ri_cnt);
3866 /* Description region is ri_buf[0] */
3867 item->ri_buf[item->ri_cnt].i_addr = ptr;
3868 item->ri_buf[item->ri_cnt].i_len = len;
3870 trace_xfs_log_recover_item_add(log, trans, item, 0);
3875 * Free up any resources allocated by the transaction
3877 * Remember that EFIs, EFDs, and IUNLINKs are handled later.
3880 xlog_recover_free_trans(
3881 struct xlog_recover *trans)
3883 xlog_recover_item_t *item, *n;
3886 list_for_each_entry_safe(item, n, &trans->r_itemq, ri_list) {
3887 /* Free the regions in the item. */
3888 list_del(&item->ri_list);
3889 for (i = 0; i < item->ri_cnt; i++)
3890 kmem_free(item->ri_buf[i].i_addr);
3891 /* Free the item itself */
3892 kmem_free(item->ri_buf);
3895 /* Free the transaction recover structure */
3900 * On error or completion, trans is freed.
3903 xlog_recovery_process_trans(
3905 struct xlog_recover *trans,
3912 bool freeit = false;
3914 /* mask off ophdr transaction container flags */
3915 flags &= ~XLOG_END_TRANS;
3916 if (flags & XLOG_WAS_CONT_TRANS)
3917 flags &= ~XLOG_CONTINUE_TRANS;
3920 * Callees must not free the trans structure. We'll decide if we need to
3921 * free it or not based on the operation being done and it's result.
3924 /* expected flag values */
3926 case XLOG_CONTINUE_TRANS:
3927 error = xlog_recover_add_to_trans(log, trans, dp, len);
3929 case XLOG_WAS_CONT_TRANS:
3930 error = xlog_recover_add_to_cont_trans(log, trans, dp, len);
3932 case XLOG_COMMIT_TRANS:
3933 error = xlog_recover_commit_trans(log, trans, pass);
3934 /* success or fail, we are now done with this transaction. */
3938 /* unexpected flag values */
3939 case XLOG_UNMOUNT_TRANS:
3940 /* just skip trans */
3941 xfs_warn(log->l_mp, "%s: Unmount LR", __func__);
3944 case XLOG_START_TRANS:
3946 xfs_warn(log->l_mp, "%s: bad flag 0x%x", __func__, flags);
3951 if (error || freeit)
3952 xlog_recover_free_trans(trans);
3957 * Lookup the transaction recovery structure associated with the ID in the
3958 * current ophdr. If the transaction doesn't exist and the start flag is set in
3959 * the ophdr, then allocate a new transaction for future ID matches to find.
3960 * Either way, return what we found during the lookup - an existing transaction
3963 STATIC struct xlog_recover *
3964 xlog_recover_ophdr_to_trans(
3965 struct hlist_head rhash[],
3966 struct xlog_rec_header *rhead,
3967 struct xlog_op_header *ohead)
3969 struct xlog_recover *trans;
3971 struct hlist_head *rhp;
3973 tid = be32_to_cpu(ohead->oh_tid);
3974 rhp = &rhash[XLOG_RHASH(tid)];
3975 hlist_for_each_entry(trans, rhp, r_list) {
3976 if (trans->r_log_tid == tid)
3981 * skip over non-start transaction headers - we could be
3982 * processing slack space before the next transaction starts
3984 if (!(ohead->oh_flags & XLOG_START_TRANS))
3987 ASSERT(be32_to_cpu(ohead->oh_len) == 0);
3990 * This is a new transaction so allocate a new recovery container to
3991 * hold the recovery ops that will follow.
3993 trans = kmem_zalloc(sizeof(struct xlog_recover), KM_SLEEP);
3994 trans->r_log_tid = tid;
3995 trans->r_lsn = be64_to_cpu(rhead->h_lsn);
3996 INIT_LIST_HEAD(&trans->r_itemq);
3997 INIT_HLIST_NODE(&trans->r_list);
3998 hlist_add_head(&trans->r_list, rhp);
4001 * Nothing more to do for this ophdr. Items to be added to this new
4002 * transaction will be in subsequent ophdr containers.
4008 xlog_recover_process_ophdr(
4010 struct hlist_head rhash[],
4011 struct xlog_rec_header *rhead,
4012 struct xlog_op_header *ohead,
4017 struct xlog_recover *trans;
4020 /* Do we understand who wrote this op? */
4021 if (ohead->oh_clientid != XFS_TRANSACTION &&
4022 ohead->oh_clientid != XFS_LOG) {
4023 xfs_warn(log->l_mp, "%s: bad clientid 0x%x",
4024 __func__, ohead->oh_clientid);
4030 * Check the ophdr contains all the data it is supposed to contain.
4032 len = be32_to_cpu(ohead->oh_len);
4033 if (dp + len > end) {
4034 xfs_warn(log->l_mp, "%s: bad length 0x%x", __func__, len);
4039 trans = xlog_recover_ophdr_to_trans(rhash, rhead, ohead);
4041 /* nothing to do, so skip over this ophdr */
4045 return xlog_recovery_process_trans(log, trans, dp, len,
4046 ohead->oh_flags, pass);
4050 * There are two valid states of the r_state field. 0 indicates that the
4051 * transaction structure is in a normal state. We have either seen the
4052 * start of the transaction or the last operation we added was not a partial
4053 * operation. If the last operation we added to the transaction was a
4054 * partial operation, we need to mark r_state with XLOG_WAS_CONT_TRANS.
4056 * NOTE: skip LRs with 0 data length.
4059 xlog_recover_process_data(
4061 struct hlist_head rhash[],
4062 struct xlog_rec_header *rhead,
4066 struct xlog_op_header *ohead;
4071 end = dp + be32_to_cpu(rhead->h_len);
4072 num_logops = be32_to_cpu(rhead->h_num_logops);
4074 /* check the log format matches our own - else we can't recover */
4075 if (xlog_header_check_recover(log->l_mp, rhead))
4078 while ((dp < end) && num_logops) {
4080 ohead = (struct xlog_op_header *)dp;
4081 dp += sizeof(*ohead);
4084 /* errors will abort recovery */
4085 error = xlog_recover_process_ophdr(log, rhash, rhead, ohead,
4090 dp += be32_to_cpu(ohead->oh_len);
4097 * Process an extent free intent item that was recovered from
4098 * the log. We need to free the extents that it describes.
4101 xlog_recover_process_efi(
4103 xfs_efi_log_item_t *efip)
4105 xfs_efd_log_item_t *efdp;
4110 xfs_fsblock_t startblock_fsb;
4112 ASSERT(!test_bit(XFS_EFI_RECOVERED, &efip->efi_flags));
4115 * First check the validity of the extents described by the
4116 * EFI. If any are bad, then assume that all are bad and
4117 * just toss the EFI.
4119 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4120 extp = &(efip->efi_format.efi_extents[i]);
4121 startblock_fsb = XFS_BB_TO_FSB(mp,
4122 XFS_FSB_TO_DADDR(mp, extp->ext_start));
4123 if ((startblock_fsb == 0) ||
4124 (extp->ext_len == 0) ||
4125 (startblock_fsb >= mp->m_sb.sb_dblocks) ||
4126 (extp->ext_len >= mp->m_sb.sb_agblocks)) {
4128 * This will pull the EFI from the AIL and
4129 * free the memory associated with it.
4131 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4132 xfs_efi_release(efip);
4137 tp = xfs_trans_alloc(mp, 0);
4138 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0);
4141 efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
4143 for (i = 0; i < efip->efi_format.efi_nextents; i++) {
4144 extp = &(efip->efi_format.efi_extents[i]);
4145 error = xfs_trans_free_extent(tp, efdp, extp->ext_start,
4152 set_bit(XFS_EFI_RECOVERED, &efip->efi_flags);
4153 error = xfs_trans_commit(tp);
4157 xfs_trans_cancel(tp);
4162 * When this is called, all of the EFIs which did not have
4163 * corresponding EFDs should be in the AIL. What we do now
4164 * is free the extents associated with each one.
4166 * Since we process the EFIs in normal transactions, they
4167 * will be removed at some point after the commit. This prevents
4168 * us from just walking down the list processing each one.
4169 * We'll use a flag in the EFI to skip those that we've already
4170 * processed and use the AIL iteration mechanism's generation
4171 * count to try to speed this up at least a bit.
4173 * When we start, we know that the EFIs are the only things in
4174 * the AIL. As we process them, however, other items are added
4175 * to the AIL. Since everything added to the AIL must come after
4176 * everything already in the AIL, we stop processing as soon as
4177 * we see something other than an EFI in the AIL.
4180 xlog_recover_process_efis(
4183 struct xfs_log_item *lip;
4184 struct xfs_efi_log_item *efip;
4186 struct xfs_ail_cursor cur;
4187 struct xfs_ail *ailp;
4190 spin_lock(&ailp->xa_lock);
4191 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4192 while (lip != NULL) {
4194 * We're done when we see something other than an EFI.
4195 * There should be no EFIs left in the AIL now.
4197 if (lip->li_type != XFS_LI_EFI) {
4199 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4200 ASSERT(lip->li_type != XFS_LI_EFI);
4206 * Skip EFIs that we've already processed.
4208 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4209 if (test_bit(XFS_EFI_RECOVERED, &efip->efi_flags)) {
4210 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4214 spin_unlock(&ailp->xa_lock);
4215 error = xlog_recover_process_efi(log->l_mp, efip);
4216 spin_lock(&ailp->xa_lock);
4219 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4222 xfs_trans_ail_cursor_done(&cur);
4223 spin_unlock(&ailp->xa_lock);
4228 * A cancel occurs when the mount has failed and we're bailing out. Release all
4229 * pending EFIs so they don't pin the AIL.
4232 xlog_recover_cancel_efis(
4235 struct xfs_log_item *lip;
4236 struct xfs_efi_log_item *efip;
4238 struct xfs_ail_cursor cur;
4239 struct xfs_ail *ailp;
4242 spin_lock(&ailp->xa_lock);
4243 lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
4244 while (lip != NULL) {
4246 * We're done when we see something other than an EFI.
4247 * There should be no EFIs left in the AIL now.
4249 if (lip->li_type != XFS_LI_EFI) {
4251 for (; lip; lip = xfs_trans_ail_cursor_next(ailp, &cur))
4252 ASSERT(lip->li_type != XFS_LI_EFI);
4257 efip = container_of(lip, struct xfs_efi_log_item, efi_item);
4259 spin_unlock(&ailp->xa_lock);
4260 xfs_efi_release(efip);
4261 spin_lock(&ailp->xa_lock);
4263 lip = xfs_trans_ail_cursor_next(ailp, &cur);
4266 xfs_trans_ail_cursor_done(&cur);
4267 spin_unlock(&ailp->xa_lock);
4272 * This routine performs a transaction to null out a bad inode pointer
4273 * in an agi unlinked inode hash bucket.
4276 xlog_recover_clear_agi_bucket(
4278 xfs_agnumber_t agno,
4287 tp = xfs_trans_alloc(mp, XFS_TRANS_CLEAR_AGI_BUCKET);
4288 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_clearagi, 0, 0);
4292 error = xfs_read_agi(mp, tp, agno, &agibp);
4296 agi = XFS_BUF_TO_AGI(agibp);
4297 agi->agi_unlinked[bucket] = cpu_to_be32(NULLAGINO);
4298 offset = offsetof(xfs_agi_t, agi_unlinked) +
4299 (sizeof(xfs_agino_t) * bucket);
4300 xfs_trans_log_buf(tp, agibp, offset,
4301 (offset + sizeof(xfs_agino_t) - 1));
4303 error = xfs_trans_commit(tp);
4309 xfs_trans_cancel(tp);
4311 xfs_warn(mp, "%s: failed to clear agi %d. Continuing.", __func__, agno);
4316 xlog_recover_process_one_iunlink(
4317 struct xfs_mount *mp,
4318 xfs_agnumber_t agno,
4322 struct xfs_buf *ibp;
4323 struct xfs_dinode *dip;
4324 struct xfs_inode *ip;
4328 ino = XFS_AGINO_TO_INO(mp, agno, agino);
4329 error = xfs_iget(mp, NULL, ino, 0, 0, &ip);
4334 * Get the on disk inode to find the next inode in the bucket.
4336 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &ibp, 0, 0);
4340 ASSERT(ip->i_d.di_nlink == 0);
4341 ASSERT(ip->i_d.di_mode != 0);
4343 /* setup for the next pass */
4344 agino = be32_to_cpu(dip->di_next_unlinked);
4348 * Prevent any DMAPI event from being sent when the reference on
4349 * the inode is dropped.
4351 ip->i_d.di_dmevmask = 0;
4360 * We can't read in the inode this bucket points to, or this inode
4361 * is messed up. Just ditch this bucket of inodes. We will lose
4362 * some inodes and space, but at least we won't hang.
4364 * Call xlog_recover_clear_agi_bucket() to perform a transaction to
4365 * clear the inode pointer in the bucket.
4367 xlog_recover_clear_agi_bucket(mp, agno, bucket);
4372 * xlog_iunlink_recover
4374 * This is called during recovery to process any inodes which
4375 * we unlinked but not freed when the system crashed. These
4376 * inodes will be on the lists in the AGI blocks. What we do
4377 * here is scan all the AGIs and fully truncate and free any
4378 * inodes found on the lists. Each inode is removed from the
4379 * lists when it has been fully truncated and is freed. The
4380 * freeing of the inode and its removal from the list must be
4384 xlog_recover_process_iunlinks(
4388 xfs_agnumber_t agno;
4399 * Prevent any DMAPI event from being sent while in this function.
4401 mp_dmevmask = mp->m_dmevmask;
4404 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
4406 * Find the agi for this ag.
4408 error = xfs_read_agi(mp, NULL, agno, &agibp);
4411 * AGI is b0rked. Don't process it.
4413 * We should probably mark the filesystem as corrupt
4414 * after we've recovered all the ag's we can....
4419 * Unlock the buffer so that it can be acquired in the normal
4420 * course of the transaction to truncate and free each inode.
4421 * Because we are not racing with anyone else here for the AGI
4422 * buffer, we don't even need to hold it locked to read the
4423 * initial unlinked bucket entries out of the buffer. We keep
4424 * buffer reference though, so that it stays pinned in memory
4425 * while we need the buffer.
4427 agi = XFS_BUF_TO_AGI(agibp);
4428 xfs_buf_unlock(agibp);
4430 for (bucket = 0; bucket < XFS_AGI_UNLINKED_BUCKETS; bucket++) {
4431 agino = be32_to_cpu(agi->agi_unlinked[bucket]);
4432 while (agino != NULLAGINO) {
4433 agino = xlog_recover_process_one_iunlink(mp,
4434 agno, agino, bucket);
4437 xfs_buf_rele(agibp);
4440 mp->m_dmevmask = mp_dmevmask;
4445 struct xlog_rec_header *rhead,
4451 for (i = 0; i < BTOBB(be32_to_cpu(rhead->h_len)) &&
4452 i < (XLOG_HEADER_CYCLE_SIZE / BBSIZE); i++) {
4453 *(__be32 *)dp = *(__be32 *)&rhead->h_cycle_data[i];
4457 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4458 xlog_in_core_2_t *xhdr = (xlog_in_core_2_t *)rhead;
4459 for ( ; i < BTOBB(be32_to_cpu(rhead->h_len)); i++) {
4460 j = i / (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4461 k = i % (XLOG_HEADER_CYCLE_SIZE / BBSIZE);
4462 *(__be32 *)dp = xhdr[j].hic_xheader.xh_cycle_data[k];
4471 * CRC check, unpack and process a log record.
4474 xlog_recover_process(
4476 struct hlist_head rhash[],
4477 struct xlog_rec_header *rhead,
4484 crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len));
4487 * Nothing else to do if this is a CRC verification pass. Just return
4488 * if this a record with a non-zero crc. Unfortunately, mkfs always
4489 * sets h_crc to 0 so we must consider this valid even on v5 supers.
4490 * Otherwise, return EFSBADCRC on failure so the callers up the stack
4491 * know precisely what failed.
4493 if (pass == XLOG_RECOVER_CRCPASS) {
4494 if (rhead->h_crc && crc != le32_to_cpu(rhead->h_crc))
4500 * We're in the normal recovery path. Issue a warning if and only if the
4501 * CRC in the header is non-zero. This is an advisory warning and the
4502 * zero CRC check prevents warnings from being emitted when upgrading
4503 * the kernel from one that does not add CRCs by default.
4505 if (crc != le32_to_cpu(rhead->h_crc)) {
4506 if (rhead->h_crc || xfs_sb_version_hascrc(&log->l_mp->m_sb)) {
4507 xfs_alert(log->l_mp,
4508 "log record CRC mismatch: found 0x%x, expected 0x%x.",
4509 le32_to_cpu(rhead->h_crc),
4511 xfs_hex_dump(dp, 32);
4515 * If the filesystem is CRC enabled, this mismatch becomes a
4516 * fatal log corruption failure.
4518 if (xfs_sb_version_hascrc(&log->l_mp->m_sb))
4519 return -EFSCORRUPTED;
4522 error = xlog_unpack_data(rhead, dp, log);
4526 return xlog_recover_process_data(log, rhash, rhead, dp, pass);
4530 xlog_valid_rec_header(
4532 struct xlog_rec_header *rhead,
4537 if (unlikely(rhead->h_magicno != cpu_to_be32(XLOG_HEADER_MAGIC_NUM))) {
4538 XFS_ERROR_REPORT("xlog_valid_rec_header(1)",
4539 XFS_ERRLEVEL_LOW, log->l_mp);
4540 return -EFSCORRUPTED;
4543 (!rhead->h_version ||
4544 (be32_to_cpu(rhead->h_version) & (~XLOG_VERSION_OKBITS))))) {
4545 xfs_warn(log->l_mp, "%s: unrecognised log version (%d).",
4546 __func__, be32_to_cpu(rhead->h_version));
4550 /* LR body must have data or it wouldn't have been written */
4551 hlen = be32_to_cpu(rhead->h_len);
4552 if (unlikely( hlen <= 0 || hlen > INT_MAX )) {
4553 XFS_ERROR_REPORT("xlog_valid_rec_header(2)",
4554 XFS_ERRLEVEL_LOW, log->l_mp);
4555 return -EFSCORRUPTED;
4557 if (unlikely( blkno > log->l_logBBsize || blkno > INT_MAX )) {
4558 XFS_ERROR_REPORT("xlog_valid_rec_header(3)",
4559 XFS_ERRLEVEL_LOW, log->l_mp);
4560 return -EFSCORRUPTED;
4566 * Read the log from tail to head and process the log records found.
4567 * Handle the two cases where the tail and head are in the same cycle
4568 * and where the active portion of the log wraps around the end of
4569 * the physical log separately. The pass parameter is passed through
4570 * to the routines called to process the data and is not looked at
4574 xlog_do_recovery_pass(
4576 xfs_daddr_t head_blk,
4577 xfs_daddr_t tail_blk,
4579 xfs_daddr_t *first_bad) /* out: first bad log rec */
4581 xlog_rec_header_t *rhead;
4583 xfs_daddr_t rhead_blk;
4585 xfs_buf_t *hbp, *dbp;
4586 int error = 0, h_size, h_len;
4587 int bblks, split_bblks;
4588 int hblks, split_hblks, wrapped_hblks;
4589 struct hlist_head rhash[XLOG_RHASH_SIZE];
4591 ASSERT(head_blk != tail_blk);
4595 * Read the header of the tail block and get the iclog buffer size from
4596 * h_size. Use this to tell how many sectors make up the log header.
4598 if (xfs_sb_version_haslogv2(&log->l_mp->m_sb)) {
4600 * When using variable length iclogs, read first sector of
4601 * iclog header and extract the header size from it. Get a
4602 * new hbp that is the correct size.
4604 hbp = xlog_get_bp(log, 1);
4608 error = xlog_bread(log, tail_blk, 1, hbp, &offset);
4612 rhead = (xlog_rec_header_t *)offset;
4613 error = xlog_valid_rec_header(log, rhead, tail_blk);
4618 * xfsprogs has a bug where record length is based on lsunit but
4619 * h_size (iclog size) is hardcoded to 32k. Now that we
4620 * unconditionally CRC verify the unmount record, this means the
4621 * log buffer can be too small for the record and cause an
4624 * Detect this condition here. Use lsunit for the buffer size as
4625 * long as this looks like the mkfs case. Otherwise, return an
4626 * error to avoid a buffer overrun.
4628 h_size = be32_to_cpu(rhead->h_size);
4629 h_len = be32_to_cpu(rhead->h_len);
4630 if (h_len > h_size) {
4631 if (h_len <= log->l_mp->m_logbsize &&
4632 be32_to_cpu(rhead->h_num_logops) == 1) {
4634 "invalid iclog size (%d bytes), using lsunit (%d bytes)",
4635 h_size, log->l_mp->m_logbsize);
4636 h_size = log->l_mp->m_logbsize;
4638 return -EFSCORRUPTED;
4641 if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
4642 (h_size > XLOG_HEADER_CYCLE_SIZE)) {
4643 hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
4644 if (h_size % XLOG_HEADER_CYCLE_SIZE)
4647 hbp = xlog_get_bp(log, hblks);
4652 ASSERT(log->l_sectBBsize == 1);
4654 hbp = xlog_get_bp(log, 1);
4655 h_size = XLOG_BIG_RECORD_BSIZE;
4660 dbp = xlog_get_bp(log, BTOBB(h_size));
4666 memset(rhash, 0, sizeof(rhash));
4667 blk_no = rhead_blk = tail_blk;
4668 if (tail_blk > head_blk) {
4670 * Perform recovery around the end of the physical log.
4671 * When the head is not on the same cycle number as the tail,
4672 * we can't do a sequential recovery.
4674 while (blk_no < log->l_logBBsize) {
4676 * Check for header wrapping around physical end-of-log
4678 offset = hbp->b_addr;
4681 if (blk_no + hblks <= log->l_logBBsize) {
4682 /* Read header in one read */
4683 error = xlog_bread(log, blk_no, hblks, hbp,
4688 /* This LR is split across physical log end */
4689 if (blk_no != log->l_logBBsize) {
4690 /* some data before physical log end */
4691 ASSERT(blk_no <= INT_MAX);
4692 split_hblks = log->l_logBBsize - (int)blk_no;
4693 ASSERT(split_hblks > 0);
4694 error = xlog_bread(log, blk_no,
4702 * Note: this black magic still works with
4703 * large sector sizes (non-512) only because:
4704 * - we increased the buffer size originally
4705 * by 1 sector giving us enough extra space
4706 * for the second read;
4707 * - the log start is guaranteed to be sector
4709 * - we read the log end (LR header start)
4710 * _first_, then the log start (LR header end)
4711 * - order is important.
4713 wrapped_hblks = hblks - split_hblks;
4714 error = xlog_bread_offset(log, 0,
4716 offset + BBTOB(split_hblks));
4720 rhead = (xlog_rec_header_t *)offset;
4721 error = xlog_valid_rec_header(log, rhead,
4722 split_hblks ? blk_no : 0);
4726 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4729 /* Read in data for log record */
4730 if (blk_no + bblks <= log->l_logBBsize) {
4731 error = xlog_bread(log, blk_no, bblks, dbp,
4736 /* This log record is split across the
4737 * physical end of log */
4738 offset = dbp->b_addr;
4740 if (blk_no != log->l_logBBsize) {
4741 /* some data is before the physical
4743 ASSERT(!wrapped_hblks);
4744 ASSERT(blk_no <= INT_MAX);
4746 log->l_logBBsize - (int)blk_no;
4747 ASSERT(split_bblks > 0);
4748 error = xlog_bread(log, blk_no,
4756 * Note: this black magic still works with
4757 * large sector sizes (non-512) only because:
4758 * - we increased the buffer size originally
4759 * by 1 sector giving us enough extra space
4760 * for the second read;
4761 * - the log start is guaranteed to be sector
4763 * - we read the log end (LR header start)
4764 * _first_, then the log start (LR header end)
4765 * - order is important.
4767 error = xlog_bread_offset(log, 0,
4768 bblks - split_bblks, dbp,
4769 offset + BBTOB(split_bblks));
4774 error = xlog_recover_process(log, rhash, rhead, offset,
4783 ASSERT(blk_no >= log->l_logBBsize);
4784 blk_no -= log->l_logBBsize;
4788 /* read first part of physical log */
4789 while (blk_no < head_blk) {
4790 error = xlog_bread(log, blk_no, hblks, hbp, &offset);
4794 rhead = (xlog_rec_header_t *)offset;
4795 error = xlog_valid_rec_header(log, rhead, blk_no);
4799 /* blocks in data section */
4800 bblks = (int)BTOBB(be32_to_cpu(rhead->h_len));
4801 error = xlog_bread(log, blk_no+hblks, bblks, dbp,
4806 error = xlog_recover_process(log, rhash, rhead, offset, pass);
4810 blk_no += bblks + hblks;
4819 if (error && first_bad)
4820 *first_bad = rhead_blk;
4826 * Do the recovery of the log. We actually do this in two phases.
4827 * The two passes are necessary in order to implement the function
4828 * of cancelling a record written into the log. The first pass
4829 * determines those things which have been cancelled, and the
4830 * second pass replays log items normally except for those which
4831 * have been cancelled. The handling of the replay and cancellations
4832 * takes place in the log item type specific routines.
4834 * The table of items which have cancel records in the log is allocated
4835 * and freed at this level, since only here do we know when all of
4836 * the log recovery has been completed.
4839 xlog_do_log_recovery(
4841 xfs_daddr_t head_blk,
4842 xfs_daddr_t tail_blk)
4846 ASSERT(head_blk != tail_blk);
4849 * First do a pass to find all of the cancelled buf log items.
4850 * Store them in the buf_cancel_table for use in the second pass.
4852 log->l_buf_cancel_table = kmem_zalloc(XLOG_BC_TABLE_SIZE *
4853 sizeof(struct list_head),
4855 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4856 INIT_LIST_HEAD(&log->l_buf_cancel_table[i]);
4858 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4859 XLOG_RECOVER_PASS1, NULL);
4861 kmem_free(log->l_buf_cancel_table);
4862 log->l_buf_cancel_table = NULL;
4866 * Then do a second pass to actually recover the items in the log.
4867 * When it is complete free the table of buf cancel items.
4869 error = xlog_do_recovery_pass(log, head_blk, tail_blk,
4870 XLOG_RECOVER_PASS2, NULL);
4875 for (i = 0; i < XLOG_BC_TABLE_SIZE; i++)
4876 ASSERT(list_empty(&log->l_buf_cancel_table[i]));
4880 kmem_free(log->l_buf_cancel_table);
4881 log->l_buf_cancel_table = NULL;
4887 * Do the actual recovery
4892 xfs_daddr_t head_blk,
4893 xfs_daddr_t tail_blk)
4900 * First replay the images in the log.
4902 error = xlog_do_log_recovery(log, head_blk, tail_blk);
4907 * If IO errors happened during recovery, bail out.
4909 if (XFS_FORCED_SHUTDOWN(log->l_mp)) {
4914 * We now update the tail_lsn since much of the recovery has completed
4915 * and there may be space available to use. If there were no extent
4916 * or iunlinks, we can free up the entire log and set the tail_lsn to
4917 * be the last_sync_lsn. This was set in xlog_find_tail to be the
4918 * lsn of the last known good LR on disk. If there are extent frees
4919 * or iunlinks they will have some entries in the AIL; so we look at
4920 * the AIL to determine how to set the tail_lsn.
4922 xlog_assign_tail_lsn(log->l_mp);
4925 * Now that we've finished replaying all buffer and inode
4926 * updates, re-read in the superblock and reverify it.
4928 bp = xfs_getsb(log->l_mp, 0);
4929 bp->b_flags &= ~(XBF_DONE | XBF_ASYNC);
4930 ASSERT(!(bp->b_flags & XBF_WRITE));
4931 bp->b_flags |= XBF_READ;
4932 bp->b_ops = &xfs_sb_buf_ops;
4934 error = xfs_buf_submit_wait(bp);
4936 if (!XFS_FORCED_SHUTDOWN(log->l_mp)) {
4937 xfs_buf_ioerror_alert(bp, __func__);
4944 /* Convert superblock from on-disk format */
4945 sbp = &log->l_mp->m_sb;
4946 xfs_sb_from_disk(sbp, XFS_BUF_TO_SBP(bp));
4947 ASSERT(sbp->sb_magicnum == XFS_SB_MAGIC);
4948 ASSERT(xfs_sb_good_version(sbp));
4949 xfs_reinit_percpu_counters(log->l_mp);
4954 xlog_recover_check_summary(log);
4956 /* Normal transactions can now occur */
4957 log->l_flags &= ~XLOG_ACTIVE_RECOVERY;
4962 * Perform recovery and re-initialize some log variables in xlog_find_tail.
4964 * Return error or zero.
4970 xfs_daddr_t head_blk, tail_blk;
4973 /* find the tail of the log */
4974 error = xlog_find_tail(log, &head_blk, &tail_blk);
4979 * The superblock was read before the log was available and thus the LSN
4980 * could not be verified. Check the superblock LSN against the current
4981 * LSN now that it's known.
4983 if (xfs_sb_version_hascrc(&log->l_mp->m_sb) &&
4984 !xfs_log_check_lsn(log->l_mp, log->l_mp->m_sb.sb_lsn))
4987 if (tail_blk != head_blk) {
4988 /* There used to be a comment here:
4990 * disallow recovery on read-only mounts. note -- mount
4991 * checks for ENOSPC and turns it into an intelligent
4993 * ...but this is no longer true. Now, unless you specify
4994 * NORECOVERY (in which case this function would never be
4995 * called), we just go ahead and recover. We do this all
4996 * under the vfs layer, so we can get away with it unless
4997 * the device itself is read-only, in which case we fail.
4999 if ((error = xfs_dev_is_read_only(log->l_mp, "recovery"))) {
5004 * Version 5 superblock log feature mask validation. We know the
5005 * log is dirty so check if there are any unknown log features
5006 * in what we need to recover. If there are unknown features
5007 * (e.g. unsupported transactions, then simply reject the
5008 * attempt at recovery before touching anything.
5010 if (XFS_SB_VERSION_NUM(&log->l_mp->m_sb) == XFS_SB_VERSION_5 &&
5011 xfs_sb_has_incompat_log_feature(&log->l_mp->m_sb,
5012 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
5014 "Superblock has unknown incompatible log features (0x%x) enabled.",
5015 (log->l_mp->m_sb.sb_features_log_incompat &
5016 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
5018 "The log can not be fully and/or safely recovered by this kernel.");
5020 "Please recover the log on a kernel that supports the unknown features.");
5025 * Delay log recovery if the debug hook is set. This is debug
5026 * instrumention to coordinate simulation of I/O failures with
5029 if (xfs_globals.log_recovery_delay) {
5030 xfs_notice(log->l_mp,
5031 "Delaying log recovery for %d seconds.",
5032 xfs_globals.log_recovery_delay);
5033 msleep(xfs_globals.log_recovery_delay * 1000);
5036 xfs_notice(log->l_mp, "Starting recovery (logdev: %s)",
5037 log->l_mp->m_logname ? log->l_mp->m_logname
5040 error = xlog_do_recover(log, head_blk, tail_blk);
5041 log->l_flags |= XLOG_RECOVERY_NEEDED;
5047 * In the first part of recovery we replay inodes and buffers and build
5048 * up the list of extent free items which need to be processed. Here
5049 * we process the extent free items and clean up the on disk unlinked
5050 * inode lists. This is separated from the first part of recovery so
5051 * that the root and real-time bitmap inodes can be read in from disk in
5052 * between the two stages. This is necessary so that we can free space
5053 * in the real-time portion of the file system.
5056 xlog_recover_finish(
5060 * Now we're ready to do the transactions needed for the
5061 * rest of recovery. Start with completing all the extent
5062 * free intent records and then process the unlinked inode
5063 * lists. At this point, we essentially run in normal mode
5064 * except that we're still performing recovery actions
5065 * rather than accepting new requests.
5067 if (log->l_flags & XLOG_RECOVERY_NEEDED) {
5069 error = xlog_recover_process_efis(log);
5071 xfs_alert(log->l_mp, "Failed to recover EFIs");
5075 * Sync the log to get all the EFIs out of the AIL.
5076 * This isn't absolutely necessary, but it helps in
5077 * case the unlink transactions would have problems
5078 * pushing the EFIs out of the way.
5080 xfs_log_force(log->l_mp, XFS_LOG_SYNC);
5082 xlog_recover_process_iunlinks(log);
5084 xlog_recover_check_summary(log);
5086 xfs_notice(log->l_mp, "Ending recovery (logdev: %s)",
5087 log->l_mp->m_logname ? log->l_mp->m_logname
5089 log->l_flags &= ~XLOG_RECOVERY_NEEDED;
5091 xfs_info(log->l_mp, "Ending clean mount");
5097 xlog_recover_cancel(
5102 if (log->l_flags & XLOG_RECOVERY_NEEDED)
5103 error = xlog_recover_cancel_efis(log);
5110 * Read all of the agf and agi counters and check that they
5111 * are consistent with the superblock counters.
5114 xlog_recover_check_summary(
5121 xfs_agnumber_t agno;
5122 __uint64_t freeblks;
5132 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
5133 error = xfs_read_agf(mp, NULL, agno, 0, &agfbp);
5135 xfs_alert(mp, "%s agf read failed agno %d error %d",
5136 __func__, agno, error);
5138 agfp = XFS_BUF_TO_AGF(agfbp);
5139 freeblks += be32_to_cpu(agfp->agf_freeblks) +
5140 be32_to_cpu(agfp->agf_flcount);
5141 xfs_buf_relse(agfbp);
5144 error = xfs_read_agi(mp, NULL, agno, &agibp);
5146 xfs_alert(mp, "%s agi read failed agno %d error %d",
5147 __func__, agno, error);
5149 struct xfs_agi *agi = XFS_BUF_TO_AGI(agibp);
5151 itotal += be32_to_cpu(agi->agi_count);
5152 ifree += be32_to_cpu(agi->agi_freecount);
5153 xfs_buf_relse(agibp);
projects / cascardo / linux.git / blob