HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / xfs / xfs_buf_item.c
blob7e986da34f6cb40ad3aca9e9845f81a070dd2d4d
1 /*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * All Rights Reserved.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_format.h"
21 #include "xfs_log_format.h"
22 #include "xfs_trans_resv.h"
23 #include "xfs_bit.h"
24 #include "xfs_sb.h"
25 #include "xfs_mount.h"
26 #include "xfs_trans.h"
27 #include "xfs_buf_item.h"
28 #include "xfs_trans_priv.h"
29 #include "xfs_error.h"
30 #include "xfs_trace.h"
31 #include "xfs_log.h"
34 kmem_zone_t *xfs_buf_item_zone;
36 static inline struct xfs_buf_log_item *BUF_ITEM(struct xfs_log_item *lip)
38 return container_of(lip, struct xfs_buf_log_item, bli_item);
41 STATIC void xfs_buf_do_callbacks(struct xfs_buf *bp);
43 static inline int
44 xfs_buf_log_format_size(
45 struct xfs_buf_log_format *blfp)
47 return offsetof(struct xfs_buf_log_format, blf_data_map) +
48 (blfp->blf_map_size * sizeof(blfp->blf_data_map[0]));
52 * This returns the number of log iovecs needed to log the
53 * given buf log item.
55 * It calculates this as 1 iovec for the buf log format structure
56 * and 1 for each stretch of non-contiguous chunks to be logged.
57 * Contiguous chunks are logged in a single iovec.
59 * If the XFS_BLI_STALE flag has been set, then log nothing.
61 STATIC void
62 xfs_buf_item_size_segment(
63 struct xfs_buf_log_item *bip,
64 struct xfs_buf_log_format *blfp,
65 int *nvecs,
66 int *nbytes)
68 struct xfs_buf *bp = bip->bli_buf;
69 int next_bit;
70 int last_bit;
72 last_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size, 0);
73 if (last_bit == -1)
74 return;
77 * initial count for a dirty buffer is 2 vectors - the format structure
78 * and the first dirty region.
80 *nvecs += 2;
81 *nbytes += xfs_buf_log_format_size(blfp) + XFS_BLF_CHUNK;
83 while (last_bit != -1) {
85 * This takes the bit number to start looking from and
86 * returns the next set bit from there. It returns -1
87 * if there are no more bits set or the start bit is
88 * beyond the end of the bitmap.
90 next_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size,
91 last_bit + 1);
93 * If we run out of bits, leave the loop,
94 * else if we find a new set of bits bump the number of vecs,
95 * else keep scanning the current set of bits.
97 if (next_bit == -1) {
98 break;
99 } else if (next_bit != last_bit + 1) {
100 last_bit = next_bit;
101 (*nvecs)++;
102 } else if (xfs_buf_offset(bp, next_bit * XFS_BLF_CHUNK) !=
103 (xfs_buf_offset(bp, last_bit * XFS_BLF_CHUNK) +
104 XFS_BLF_CHUNK)) {
105 last_bit = next_bit;
106 (*nvecs)++;
107 } else {
108 last_bit++;
110 *nbytes += XFS_BLF_CHUNK;
115 * This returns the number of log iovecs needed to log the given buf log item.
117 * It calculates this as 1 iovec for the buf log format structure and 1 for each
118 * stretch of non-contiguous chunks to be logged. Contiguous chunks are logged
119 * in a single iovec.
121 * Discontiguous buffers need a format structure per region that that is being
122 * logged. This makes the changes in the buffer appear to log recovery as though
123 * they came from separate buffers, just like would occur if multiple buffers
124 * were used instead of a single discontiguous buffer. This enables
125 * discontiguous buffers to be in-memory constructs, completely transparent to
126 * what ends up on disk.
128 * If the XFS_BLI_STALE flag has been set, then log nothing but the buf log
129 * format structures.
131 STATIC void
132 xfs_buf_item_size(
133 struct xfs_log_item *lip,
134 int *nvecs,
135 int *nbytes)
137 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
138 int i;
140 ASSERT(atomic_read(&bip->bli_refcount) > 0);
141 if (bip->bli_flags & XFS_BLI_STALE) {
143 * The buffer is stale, so all we need to log
144 * is the buf log format structure with the
145 * cancel flag in it.
147 trace_xfs_buf_item_size_stale(bip);
148 ASSERT(bip->__bli_format.blf_flags & XFS_BLF_CANCEL);
149 *nvecs += bip->bli_format_count;
150 for (i = 0; i < bip->bli_format_count; i++) {
151 *nbytes += xfs_buf_log_format_size(&bip->bli_formats[i]);
153 return;
156 ASSERT(bip->bli_flags & XFS_BLI_LOGGED);
158 if (bip->bli_flags & XFS_BLI_ORDERED) {
160 * The buffer has been logged just to order it.
161 * It is not being included in the transaction
162 * commit, so no vectors are used at all.
164 trace_xfs_buf_item_size_ordered(bip);
165 *nvecs = XFS_LOG_VEC_ORDERED;
166 return;
170 * the vector count is based on the number of buffer vectors we have
171 * dirty bits in. This will only be greater than one when we have a
172 * compound buffer with more than one segment dirty. Hence for compound
173 * buffers we need to track which segment the dirty bits correspond to,
174 * and when we move from one segment to the next increment the vector
175 * count for the extra buf log format structure that will need to be
176 * written.
178 for (i = 0; i < bip->bli_format_count; i++) {
179 xfs_buf_item_size_segment(bip, &bip->bli_formats[i],
180 nvecs, nbytes);
182 trace_xfs_buf_item_size(bip);
185 static inline void
186 xfs_buf_item_copy_iovec(
187 struct xfs_log_vec *lv,
188 struct xfs_log_iovec **vecp,
189 struct xfs_buf *bp,
190 uint offset,
191 int first_bit,
192 uint nbits)
194 offset += first_bit * XFS_BLF_CHUNK;
195 xlog_copy_iovec(lv, vecp, XLOG_REG_TYPE_BCHUNK,
196 xfs_buf_offset(bp, offset),
197 nbits * XFS_BLF_CHUNK);
200 static inline bool
201 xfs_buf_item_straddle(
202 struct xfs_buf *bp,
203 uint offset,
204 int next_bit,
205 int last_bit)
207 return xfs_buf_offset(bp, offset + (next_bit << XFS_BLF_SHIFT)) !=
208 (xfs_buf_offset(bp, offset + (last_bit << XFS_BLF_SHIFT)) +
209 XFS_BLF_CHUNK);
212 static void
213 xfs_buf_item_format_segment(
214 struct xfs_buf_log_item *bip,
215 struct xfs_log_vec *lv,
216 struct xfs_log_iovec **vecp,
217 uint offset,
218 struct xfs_buf_log_format *blfp)
220 struct xfs_buf *bp = bip->bli_buf;
221 uint base_size;
222 int first_bit;
223 int last_bit;
224 int next_bit;
225 uint nbits;
227 /* copy the flags across from the base format item */
228 blfp->blf_flags = bip->__bli_format.blf_flags;
231 * Base size is the actual size of the ondisk structure - it reflects
232 * the actual size of the dirty bitmap rather than the size of the in
233 * memory structure.
235 base_size = xfs_buf_log_format_size(blfp);
237 first_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size, 0);
238 if (!(bip->bli_flags & XFS_BLI_STALE) && first_bit == -1) {
240 * If the map is not be dirty in the transaction, mark
241 * the size as zero and do not advance the vector pointer.
243 return;
246 blfp = xlog_copy_iovec(lv, vecp, XLOG_REG_TYPE_BFORMAT, blfp, base_size);
247 blfp->blf_size = 1;
249 if (bip->bli_flags & XFS_BLI_STALE) {
251 * The buffer is stale, so all we need to log
252 * is the buf log format structure with the
253 * cancel flag in it.
255 trace_xfs_buf_item_format_stale(bip);
256 ASSERT(blfp->blf_flags & XFS_BLF_CANCEL);
257 return;
262 * Fill in an iovec for each set of contiguous chunks.
264 last_bit = first_bit;
265 nbits = 1;
266 for (;;) {
268 * This takes the bit number to start looking from and
269 * returns the next set bit from there. It returns -1
270 * if there are no more bits set or the start bit is
271 * beyond the end of the bitmap.
273 next_bit = xfs_next_bit(blfp->blf_data_map, blfp->blf_map_size,
274 (uint)last_bit + 1);
276 * If we run out of bits fill in the last iovec and get out of
277 * the loop. Else if we start a new set of bits then fill in
278 * the iovec for the series we were looking at and start
279 * counting the bits in the new one. Else we're still in the
280 * same set of bits so just keep counting and scanning.
282 if (next_bit == -1) {
283 xfs_buf_item_copy_iovec(lv, vecp, bp, offset,
284 first_bit, nbits);
285 blfp->blf_size++;
286 break;
287 } else if (next_bit != last_bit + 1 ||
288 xfs_buf_item_straddle(bp, offset, next_bit, last_bit)) {
289 xfs_buf_item_copy_iovec(lv, vecp, bp, offset,
290 first_bit, nbits);
291 blfp->blf_size++;
292 first_bit = next_bit;
293 last_bit = next_bit;
294 nbits = 1;
295 } else {
296 last_bit++;
297 nbits++;
303 * This is called to fill in the vector of log iovecs for the
304 * given log buf item. It fills the first entry with a buf log
305 * format structure, and the rest point to contiguous chunks
306 * within the buffer.
308 STATIC void
309 xfs_buf_item_format(
310 struct xfs_log_item *lip,
311 struct xfs_log_vec *lv)
313 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
314 struct xfs_buf *bp = bip->bli_buf;
315 struct xfs_log_iovec *vecp = NULL;
316 uint offset = 0;
317 int i;
319 ASSERT(atomic_read(&bip->bli_refcount) > 0);
320 ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
321 (bip->bli_flags & XFS_BLI_STALE));
322 ASSERT((bip->bli_flags & XFS_BLI_STALE) ||
323 (xfs_blft_from_flags(&bip->__bli_format) > XFS_BLFT_UNKNOWN_BUF
324 && xfs_blft_from_flags(&bip->__bli_format) < XFS_BLFT_MAX_BUF));
328 * If it is an inode buffer, transfer the in-memory state to the
329 * format flags and clear the in-memory state.
331 * For buffer based inode allocation, we do not transfer
332 * this state if the inode buffer allocation has not yet been committed
333 * to the log as setting the XFS_BLI_INODE_BUF flag will prevent
334 * correct replay of the inode allocation.
336 * For icreate item based inode allocation, the buffers aren't written
337 * to the journal during allocation, and hence we should always tag the
338 * buffer as an inode buffer so that the correct unlinked list replay
339 * occurs during recovery.
341 if (bip->bli_flags & XFS_BLI_INODE_BUF) {
342 if (xfs_sb_version_hascrc(&lip->li_mountp->m_sb) ||
343 !((bip->bli_flags & XFS_BLI_INODE_ALLOC_BUF) &&
344 xfs_log_item_in_current_chkpt(lip)))
345 bip->__bli_format.blf_flags |= XFS_BLF_INODE_BUF;
346 bip->bli_flags &= ~XFS_BLI_INODE_BUF;
349 if ((bip->bli_flags & (XFS_BLI_ORDERED|XFS_BLI_STALE)) ==
350 XFS_BLI_ORDERED) {
352 * The buffer has been logged just to order it. It is not being
353 * included in the transaction commit, so don't format it.
355 trace_xfs_buf_item_format_ordered(bip);
356 return;
359 for (i = 0; i < bip->bli_format_count; i++) {
360 xfs_buf_item_format_segment(bip, lv, &vecp, offset,
361 &bip->bli_formats[i]);
362 offset += bp->b_maps[i].bm_len;
366 * Check to make sure everything is consistent.
368 trace_xfs_buf_item_format(bip);
372 * This is called to pin the buffer associated with the buf log item in memory
373 * so it cannot be written out.
375 * We also always take a reference to the buffer log item here so that the bli
376 * is held while the item is pinned in memory. This means that we can
377 * unconditionally drop the reference count a transaction holds when the
378 * transaction is completed.
380 STATIC void
381 xfs_buf_item_pin(
382 struct xfs_log_item *lip)
384 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
386 ASSERT(atomic_read(&bip->bli_refcount) > 0);
387 ASSERT((bip->bli_flags & XFS_BLI_LOGGED) ||
388 (bip->bli_flags & XFS_BLI_ORDERED) ||
389 (bip->bli_flags & XFS_BLI_STALE));
391 trace_xfs_buf_item_pin(bip);
393 atomic_inc(&bip->bli_refcount);
394 atomic_inc(&bip->bli_buf->b_pin_count);
398 * This is called to unpin the buffer associated with the buf log
399 * item which was previously pinned with a call to xfs_buf_item_pin().
401 * Also drop the reference to the buf item for the current transaction.
402 * If the XFS_BLI_STALE flag is set and we are the last reference,
403 * then free up the buf log item and unlock the buffer.
405 * If the remove flag is set we are called from uncommit in the
406 * forced-shutdown path. If that is true and the reference count on
407 * the log item is going to drop to zero we need to free the item's
408 * descriptor in the transaction.
410 STATIC void
411 xfs_buf_item_unpin(
412 struct xfs_log_item *lip,
413 int remove)
415 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
416 xfs_buf_t *bp = bip->bli_buf;
417 struct xfs_ail *ailp = lip->li_ailp;
418 int stale = bip->bli_flags & XFS_BLI_STALE;
419 int freed;
421 ASSERT(bp->b_fspriv == bip);
422 ASSERT(atomic_read(&bip->bli_refcount) > 0);
424 trace_xfs_buf_item_unpin(bip);
426 freed = atomic_dec_and_test(&bip->bli_refcount);
428 if (atomic_dec_and_test(&bp->b_pin_count))
429 wake_up_all(&bp->b_waiters);
431 if (freed && stale) {
432 ASSERT(bip->bli_flags & XFS_BLI_STALE);
433 ASSERT(xfs_buf_islocked(bp));
434 ASSERT(XFS_BUF_ISSTALE(bp));
435 ASSERT(bip->__bli_format.blf_flags & XFS_BLF_CANCEL);
437 trace_xfs_buf_item_unpin_stale(bip);
439 if (remove) {
441 * If we are in a transaction context, we have to
442 * remove the log item from the transaction as we are
443 * about to release our reference to the buffer. If we
444 * don't, the unlock that occurs later in
445 * xfs_trans_uncommit() will try to reference the
446 * buffer which we no longer have a hold on.
448 if (lip->li_desc)
449 xfs_trans_del_item(lip);
452 * Since the transaction no longer refers to the buffer,
453 * the buffer should no longer refer to the transaction.
455 bp->b_transp = NULL;
459 * If we get called here because of an IO error, we may
460 * or may not have the item on the AIL. xfs_trans_ail_delete()
461 * will take care of that situation.
462 * xfs_trans_ail_delete() drops the AIL lock.
464 if (bip->bli_flags & XFS_BLI_STALE_INODE) {
465 xfs_buf_do_callbacks(bp);
466 bp->b_fspriv = NULL;
467 bp->b_iodone = NULL;
468 } else {
469 spin_lock(&ailp->xa_lock);
470 xfs_trans_ail_delete(ailp, lip, SHUTDOWN_LOG_IO_ERROR);
471 xfs_buf_item_relse(bp);
472 ASSERT(bp->b_fspriv == NULL);
474 xfs_buf_relse(bp);
475 } else if (freed && remove) {
477 * There are currently two references to the buffer - the active
478 * LRU reference and the buf log item. What we are about to do
479 * here - simulate a failed IO completion - requires 3
480 * references.
482 * The LRU reference is removed by the xfs_buf_stale() call. The
483 * buf item reference is removed by the xfs_buf_iodone()
484 * callback that is run by xfs_buf_do_callbacks() during ioend
485 * processing (via the bp->b_iodone callback), and then finally
486 * the ioend processing will drop the IO reference if the buffer
487 * is marked XBF_ASYNC.
489 * Hence we need to take an additional reference here so that IO
490 * completion processing doesn't free the buffer prematurely.
492 xfs_buf_lock(bp);
493 xfs_buf_hold(bp);
494 bp->b_flags |= XBF_ASYNC;
495 xfs_buf_ioerror(bp, -EIO);
496 XFS_BUF_UNDONE(bp);
497 xfs_buf_stale(bp);
498 xfs_buf_ioend(bp);
503 * Buffer IO error rate limiting. Limit it to no more than 10 messages per 30
504 * seconds so as to not spam logs too much on repeated detection of the same
505 * buffer being bad..
508 static DEFINE_RATELIMIT_STATE(xfs_buf_write_fail_rl_state, 30 * HZ, 10);
510 STATIC uint
511 xfs_buf_item_push(
512 struct xfs_log_item *lip,
513 struct list_head *buffer_list)
515 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
516 struct xfs_buf *bp = bip->bli_buf;
517 uint rval = XFS_ITEM_SUCCESS;
519 if (xfs_buf_ispinned(bp))
520 return XFS_ITEM_PINNED;
521 if (!xfs_buf_trylock(bp)) {
523 * If we have just raced with a buffer being pinned and it has
524 * been marked stale, we could end up stalling until someone else
525 * issues a log force to unpin the stale buffer. Check for the
526 * race condition here so xfsaild recognizes the buffer is pinned
527 * and queues a log force to move it along.
529 if (xfs_buf_ispinned(bp))
530 return XFS_ITEM_PINNED;
531 return XFS_ITEM_LOCKED;
534 ASSERT(!(bip->bli_flags & XFS_BLI_STALE));
536 trace_xfs_buf_item_push(bip);
538 /* has a previous flush failed due to IO errors? */
539 if ((bp->b_flags & XBF_WRITE_FAIL) &&
540 ___ratelimit(&xfs_buf_write_fail_rl_state, "XFS: Failing async write")) {
541 xfs_warn(bp->b_target->bt_mount,
542 "Failing async write on buffer block 0x%llx. Retrying async write.",
543 (long long)bp->b_bn);
546 if (!xfs_buf_delwri_queue(bp, buffer_list))
547 rval = XFS_ITEM_FLUSHING;
548 xfs_buf_unlock(bp);
549 return rval;
553 * Release the buffer associated with the buf log item. If there is no dirty
554 * logged data associated with the buffer recorded in the buf log item, then
555 * free the buf log item and remove the reference to it in the buffer.
557 * This call ignores the recursion count. It is only called when the buffer
558 * should REALLY be unlocked, regardless of the recursion count.
560 * We unconditionally drop the transaction's reference to the log item. If the
561 * item was logged, then another reference was taken when it was pinned, so we
562 * can safely drop the transaction reference now. This also allows us to avoid
563 * potential races with the unpin code freeing the bli by not referencing the
564 * bli after we've dropped the reference count.
566 * If the XFS_BLI_HOLD flag is set in the buf log item, then free the log item
567 * if necessary but do not unlock the buffer. This is for support of
568 * xfs_trans_bhold(). Make sure the XFS_BLI_HOLD field is cleared if we don't
569 * free the item.
571 STATIC void
572 xfs_buf_item_unlock(
573 struct xfs_log_item *lip)
575 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
576 struct xfs_buf *bp = bip->bli_buf;
577 bool clean;
578 bool aborted;
579 int flags;
581 /* Clear the buffer's association with this transaction. */
582 bp->b_transp = NULL;
585 * If this is a transaction abort, don't return early. Instead, allow
586 * the brelse to happen. Normally it would be done for stale
587 * (cancelled) buffers at unpin time, but we'll never go through the
588 * pin/unpin cycle if we abort inside commit.
590 aborted = (lip->li_flags & XFS_LI_ABORTED) ? true : false;
592 * Before possibly freeing the buf item, copy the per-transaction state
593 * so we can reference it safely later after clearing it from the
594 * buffer log item.
596 flags = bip->bli_flags;
597 bip->bli_flags &= ~(XFS_BLI_LOGGED | XFS_BLI_HOLD | XFS_BLI_ORDERED);
600 * If the buf item is marked stale, then don't do anything. We'll
601 * unlock the buffer and free the buf item when the buffer is unpinned
602 * for the last time.
604 if (flags & XFS_BLI_STALE) {
605 trace_xfs_buf_item_unlock_stale(bip);
606 ASSERT(bip->__bli_format.blf_flags & XFS_BLF_CANCEL);
607 if (!aborted) {
608 atomic_dec(&bip->bli_refcount);
609 return;
613 trace_xfs_buf_item_unlock(bip);
616 * If the buf item isn't tracking any data, free it, otherwise drop the
617 * reference we hold to it. If we are aborting the transaction, this may
618 * be the only reference to the buf item, so we free it anyway
619 * regardless of whether it is dirty or not. A dirty abort implies a
620 * shutdown, anyway.
622 * Ordered buffers are dirty but may have no recorded changes, so ensure
623 * we only release clean items here.
625 clean = (flags & XFS_BLI_DIRTY) ? false : true;
626 if (clean) {
627 int i;
628 for (i = 0; i < bip->bli_format_count; i++) {
629 if (!xfs_bitmap_empty(bip->bli_formats[i].blf_data_map,
630 bip->bli_formats[i].blf_map_size)) {
631 clean = false;
632 break;
638 * Clean buffers, by definition, cannot be in the AIL. However, aborted
639 * buffers may be dirty and hence in the AIL. Therefore if we are
640 * aborting a buffer and we've just taken the last refernce away, we
641 * have to check if it is in the AIL before freeing it. We need to free
642 * it in this case, because an aborted transaction has already shut the
643 * filesystem down and this is the last chance we will have to do so.
645 if (atomic_dec_and_test(&bip->bli_refcount)) {
646 if (clean)
647 xfs_buf_item_relse(bp);
648 else if (aborted) {
649 ASSERT(XFS_FORCED_SHUTDOWN(lip->li_mountp));
650 xfs_trans_ail_remove(lip, SHUTDOWN_LOG_IO_ERROR);
651 xfs_buf_item_relse(bp);
655 if (!(flags & XFS_BLI_HOLD))
656 xfs_buf_relse(bp);
660 * This is called to find out where the oldest active copy of the
661 * buf log item in the on disk log resides now that the last log
662 * write of it completed at the given lsn.
663 * We always re-log all the dirty data in a buffer, so usually the
664 * latest copy in the on disk log is the only one that matters. For
665 * those cases we simply return the given lsn.
667 * The one exception to this is for buffers full of newly allocated
668 * inodes. These buffers are only relogged with the XFS_BLI_INODE_BUF
669 * flag set, indicating that only the di_next_unlinked fields from the
670 * inodes in the buffers will be replayed during recovery. If the
671 * original newly allocated inode images have not yet been flushed
672 * when the buffer is so relogged, then we need to make sure that we
673 * keep the old images in the 'active' portion of the log. We do this
674 * by returning the original lsn of that transaction here rather than
675 * the current one.
677 STATIC xfs_lsn_t
678 xfs_buf_item_committed(
679 struct xfs_log_item *lip,
680 xfs_lsn_t lsn)
682 struct xfs_buf_log_item *bip = BUF_ITEM(lip);
684 trace_xfs_buf_item_committed(bip);
686 if ((bip->bli_flags & XFS_BLI_INODE_ALLOC_BUF) && lip->li_lsn != 0)
687 return lip->li_lsn;
688 return lsn;
691 STATIC void
692 xfs_buf_item_committing(
693 struct xfs_log_item *lip,
694 xfs_lsn_t commit_lsn)
699 * This is the ops vector shared by all buf log items.
701 static const struct xfs_item_ops xfs_buf_item_ops = {
702 .iop_size = xfs_buf_item_size,
703 .iop_format = xfs_buf_item_format,
704 .iop_pin = xfs_buf_item_pin,
705 .iop_unpin = xfs_buf_item_unpin,
706 .iop_unlock = xfs_buf_item_unlock,
707 .iop_committed = xfs_buf_item_committed,
708 .iop_push = xfs_buf_item_push,
709 .iop_committing = xfs_buf_item_committing
712 STATIC int
713 xfs_buf_item_get_format(
714 struct xfs_buf_log_item *bip,
715 int count)
717 ASSERT(bip->bli_formats == NULL);
718 bip->bli_format_count = count;
720 if (count == 1) {
721 bip->bli_formats = &bip->__bli_format;
722 return 0;
725 bip->bli_formats = kmem_zalloc(count * sizeof(struct xfs_buf_log_format),
726 KM_SLEEP);
727 if (!bip->bli_formats)
728 return -ENOMEM;
729 return 0;
732 STATIC void
733 xfs_buf_item_free_format(
734 struct xfs_buf_log_item *bip)
736 if (bip->bli_formats != &bip->__bli_format) {
737 kmem_free(bip->bli_formats);
738 bip->bli_formats = NULL;
743 * Allocate a new buf log item to go with the given buffer.
744 * Set the buffer's b_fsprivate field to point to the new
745 * buf log item. If there are other item's attached to the
746 * buffer (see xfs_buf_attach_iodone() below), then put the
747 * buf log item at the front.
750 xfs_buf_item_init(
751 struct xfs_buf *bp,
752 struct xfs_mount *mp)
754 struct xfs_log_item *lip = bp->b_fspriv;
755 struct xfs_buf_log_item *bip;
756 int chunks;
757 int map_size;
758 int error;
759 int i;
762 * Check to see if there is already a buf log item for
763 * this buffer. If there is, it is guaranteed to be
764 * the first. If we do already have one, there is
765 * nothing to do here so return.
767 ASSERT(bp->b_target->bt_mount == mp);
768 if (lip != NULL && lip->li_type == XFS_LI_BUF)
769 return 0;
771 bip = kmem_zone_zalloc(xfs_buf_item_zone, KM_SLEEP);
772 xfs_log_item_init(mp, &bip->bli_item, XFS_LI_BUF, &xfs_buf_item_ops);
773 bip->bli_buf = bp;
776 * chunks is the number of XFS_BLF_CHUNK size pieces the buffer
777 * can be divided into. Make sure not to truncate any pieces.
778 * map_size is the size of the bitmap needed to describe the
779 * chunks of the buffer.
781 * Discontiguous buffer support follows the layout of the underlying
782 * buffer. This makes the implementation as simple as possible.
784 error = xfs_buf_item_get_format(bip, bp->b_map_count);
785 ASSERT(error == 0);
786 if (error) { /* to stop gcc throwing set-but-unused warnings */
787 kmem_zone_free(xfs_buf_item_zone, bip);
788 return error;
792 for (i = 0; i < bip->bli_format_count; i++) {
793 chunks = DIV_ROUND_UP(BBTOB(bp->b_maps[i].bm_len),
794 XFS_BLF_CHUNK);
795 map_size = DIV_ROUND_UP(chunks, NBWORD);
797 bip->bli_formats[i].blf_type = XFS_LI_BUF;
798 bip->bli_formats[i].blf_blkno = bp->b_maps[i].bm_bn;
799 bip->bli_formats[i].blf_len = bp->b_maps[i].bm_len;
800 bip->bli_formats[i].blf_map_size = map_size;
804 * Put the buf item into the list of items attached to the
805 * buffer at the front.
807 if (bp->b_fspriv)
808 bip->bli_item.li_bio_list = bp->b_fspriv;
809 bp->b_fspriv = bip;
810 xfs_buf_hold(bp);
811 return 0;
816 * Mark bytes first through last inclusive as dirty in the buf
817 * item's bitmap.
819 static void
820 xfs_buf_item_log_segment(
821 uint first,
822 uint last,
823 uint *map)
825 uint first_bit;
826 uint last_bit;
827 uint bits_to_set;
828 uint bits_set;
829 uint word_num;
830 uint *wordp;
831 uint bit;
832 uint end_bit;
833 uint mask;
836 * Convert byte offsets to bit numbers.
838 first_bit = first >> XFS_BLF_SHIFT;
839 last_bit = last >> XFS_BLF_SHIFT;
842 * Calculate the total number of bits to be set.
844 bits_to_set = last_bit - first_bit + 1;
847 * Get a pointer to the first word in the bitmap
848 * to set a bit in.
850 word_num = first_bit >> BIT_TO_WORD_SHIFT;
851 wordp = &map[word_num];
854 * Calculate the starting bit in the first word.
856 bit = first_bit & (uint)(NBWORD - 1);
859 * First set any bits in the first word of our range.
860 * If it starts at bit 0 of the word, it will be
861 * set below rather than here. That is what the variable
862 * bit tells us. The variable bits_set tracks the number
863 * of bits that have been set so far. End_bit is the number
864 * of the last bit to be set in this word plus one.
866 if (bit) {
867 end_bit = MIN(bit + bits_to_set, (uint)NBWORD);
868 mask = ((1 << (end_bit - bit)) - 1) << bit;
869 *wordp |= mask;
870 wordp++;
871 bits_set = end_bit - bit;
872 } else {
873 bits_set = 0;
877 * Now set bits a whole word at a time that are between
878 * first_bit and last_bit.
880 while ((bits_to_set - bits_set) >= NBWORD) {
881 *wordp |= 0xffffffff;
882 bits_set += NBWORD;
883 wordp++;
887 * Finally, set any bits left to be set in one last partial word.
889 end_bit = bits_to_set - bits_set;
890 if (end_bit) {
891 mask = (1 << end_bit) - 1;
892 *wordp |= mask;
897 * Mark bytes first through last inclusive as dirty in the buf
898 * item's bitmap.
900 void
901 xfs_buf_item_log(
902 xfs_buf_log_item_t *bip,
903 uint first,
904 uint last)
906 int i;
907 uint start;
908 uint end;
909 struct xfs_buf *bp = bip->bli_buf;
912 * walk each buffer segment and mark them dirty appropriately.
914 start = 0;
915 for (i = 0; i < bip->bli_format_count; i++) {
916 if (start > last)
917 break;
918 end = start + BBTOB(bp->b_maps[i].bm_len);
919 if (first > end) {
920 start += BBTOB(bp->b_maps[i].bm_len);
921 continue;
923 if (first < start)
924 first = start;
925 if (end > last)
926 end = last;
928 xfs_buf_item_log_segment(first, end,
929 &bip->bli_formats[i].blf_data_map[0]);
931 start += bp->b_maps[i].bm_len;
937 * Return 1 if the buffer has been logged or ordered in a transaction (at any
938 * point, not just the current transaction) and 0 if not.
940 uint
941 xfs_buf_item_dirty(
942 xfs_buf_log_item_t *bip)
944 return (bip->bli_flags & XFS_BLI_DIRTY);
947 STATIC void
948 xfs_buf_item_free(
949 xfs_buf_log_item_t *bip)
951 xfs_buf_item_free_format(bip);
952 kmem_zone_free(xfs_buf_item_zone, bip);
956 * This is called when the buf log item is no longer needed. It should
957 * free the buf log item associated with the given buffer and clear
958 * the buffer's pointer to the buf log item. If there are no more
959 * items in the list, clear the b_iodone field of the buffer (see
960 * xfs_buf_attach_iodone() below).
962 void
963 xfs_buf_item_relse(
964 xfs_buf_t *bp)
966 xfs_buf_log_item_t *bip = bp->b_fspriv;
968 trace_xfs_buf_item_relse(bp, _RET_IP_);
969 ASSERT(!(bip->bli_item.li_flags & XFS_LI_IN_AIL));
971 bp->b_fspriv = bip->bli_item.li_bio_list;
972 if (bp->b_fspriv == NULL)
973 bp->b_iodone = NULL;
975 xfs_buf_rele(bp);
976 xfs_buf_item_free(bip);
981 * Add the given log item with its callback to the list of callbacks
982 * to be called when the buffer's I/O completes. If it is not set
983 * already, set the buffer's b_iodone() routine to be
984 * xfs_buf_iodone_callbacks() and link the log item into the list of
985 * items rooted at b_fsprivate. Items are always added as the second
986 * entry in the list if there is a first, because the buf item code
987 * assumes that the buf log item is first.
989 void
990 xfs_buf_attach_iodone(
991 xfs_buf_t *bp,
992 void (*cb)(xfs_buf_t *, xfs_log_item_t *),
993 xfs_log_item_t *lip)
995 xfs_log_item_t *head_lip;
997 ASSERT(xfs_buf_islocked(bp));
999 lip->li_cb = cb;
1000 head_lip = bp->b_fspriv;
1001 if (head_lip) {
1002 lip->li_bio_list = head_lip->li_bio_list;
1003 head_lip->li_bio_list = lip;
1004 } else {
1005 bp->b_fspriv = lip;
1008 ASSERT(bp->b_iodone == NULL ||
1009 bp->b_iodone == xfs_buf_iodone_callbacks);
1010 bp->b_iodone = xfs_buf_iodone_callbacks;
1014 * We can have many callbacks on a buffer. Running the callbacks individually
1015 * can cause a lot of contention on the AIL lock, so we allow for a single
1016 * callback to be able to scan the remaining lip->li_bio_list for other items
1017 * of the same type and callback to be processed in the first call.
1019 * As a result, the loop walking the callback list below will also modify the
1020 * list. it removes the first item from the list and then runs the callback.
1021 * The loop then restarts from the new head of the list. This allows the
1022 * callback to scan and modify the list attached to the buffer and we don't
1023 * have to care about maintaining a next item pointer.
1025 STATIC void
1026 xfs_buf_do_callbacks(
1027 struct xfs_buf *bp)
1029 struct xfs_log_item *lip;
1031 while ((lip = bp->b_fspriv) != NULL) {
1032 bp->b_fspriv = lip->li_bio_list;
1033 ASSERT(lip->li_cb != NULL);
1035 * Clear the next pointer so we don't have any
1036 * confusion if the item is added to another buf.
1037 * Don't touch the log item after calling its
1038 * callback, because it could have freed itself.
1040 lip->li_bio_list = NULL;
1041 lip->li_cb(bp, lip);
1046 * This is the iodone() function for buffers which have had callbacks
1047 * attached to them by xfs_buf_attach_iodone(). It should remove each
1048 * log item from the buffer's list and call the callback of each in turn.
1049 * When done, the buffer's fsprivate field is set to NULL and the buffer
1050 * is unlocked with a call to iodone().
1052 void
1053 xfs_buf_iodone_callbacks(
1054 struct xfs_buf *bp)
1056 struct xfs_log_item *lip = bp->b_fspriv;
1057 struct xfs_mount *mp = lip->li_mountp;
1058 static ulong lasttime;
1059 static xfs_buftarg_t *lasttarg;
1061 if (likely(!bp->b_error))
1062 goto do_callbacks;
1065 * If we've already decided to shutdown the filesystem because of
1066 * I/O errors, there's no point in giving this a retry.
1068 if (XFS_FORCED_SHUTDOWN(mp)) {
1069 xfs_buf_stale(bp);
1070 XFS_BUF_DONE(bp);
1071 trace_xfs_buf_item_iodone(bp, _RET_IP_);
1072 goto do_callbacks;
1075 if (bp->b_target != lasttarg ||
1076 time_after(jiffies, (lasttime + 5*HZ))) {
1077 lasttime = jiffies;
1078 xfs_buf_ioerror_alert(bp, __func__);
1080 lasttarg = bp->b_target;
1083 * If the write was asynchronous then no one will be looking for the
1084 * error. Clear the error state and write the buffer out again.
1086 * XXX: This helps against transient write errors, but we need to find
1087 * a way to shut the filesystem down if the writes keep failing.
1089 * In practice we'll shut the filesystem down soon as non-transient
1090 * errors tend to affect the whole device and a failing log write
1091 * will make us give up. But we really ought to do better here.
1093 if (XFS_BUF_ISASYNC(bp)) {
1094 ASSERT(bp->b_iodone != NULL);
1096 trace_xfs_buf_item_iodone_async(bp, _RET_IP_);
1098 xfs_buf_ioerror(bp, 0); /* errno of 0 unsets the flag */
1100 if (!(bp->b_flags & (XBF_STALE|XBF_WRITE_FAIL))) {
1101 bp->b_flags |= XBF_WRITE | XBF_ASYNC |
1102 XBF_DONE | XBF_WRITE_FAIL;
1103 xfs_buf_submit(bp);
1104 } else {
1105 xfs_buf_relse(bp);
1108 return;
1112 * If the write of the buffer was synchronous, we want to make
1113 * sure to return the error to the caller of xfs_bwrite().
1115 xfs_buf_stale(bp);
1116 XFS_BUF_DONE(bp);
1118 trace_xfs_buf_error_relse(bp, _RET_IP_);
1120 do_callbacks:
1121 xfs_buf_do_callbacks(bp);
1122 bp->b_fspriv = NULL;
1123 bp->b_iodone = NULL;
1124 xfs_buf_ioend(bp);
1128 * This is the iodone() function for buffers which have been
1129 * logged. It is called when they are eventually flushed out.
1130 * It should remove the buf item from the AIL, and free the buf item.
1131 * It is called by xfs_buf_iodone_callbacks() above which will take
1132 * care of cleaning up the buffer itself.
1134 void
1135 xfs_buf_iodone(
1136 struct xfs_buf *bp,
1137 struct xfs_log_item *lip)
1139 struct xfs_ail *ailp = lip->li_ailp;
1141 ASSERT(BUF_ITEM(lip)->bli_buf == bp);
1143 xfs_buf_rele(bp);
1146 * If we are forcibly shutting down, this may well be
1147 * off the AIL already. That's because we simulate the
1148 * log-committed callbacks to unpin these buffers. Or we may never
1149 * have put this item on AIL because of the transaction was
1150 * aborted forcibly. xfs_trans_ail_delete() takes care of these.
1152 * Either way, AIL is useless if we're forcing a shutdown.
1154 spin_lock(&ailp->xa_lock);
1155 xfs_trans_ail_delete(ailp, lip, SHUTDOWN_CORRUPT_INCORE);
1156 xfs_buf_item_free(BUF_ITEM(lip));