| blob | c5077e6326c7093d5d1230ece91b37c5bb4d1f53 |
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6 #include <linux/iversion.h>
41 /*
42 * Used in xfs_itruncate_extents(). This is the maximum number of extents
43 * freed from a file in a single transaction.
44 */
45 #define XFS_ITRUNC_MAX_EXTENTS 2
51 /*
52 * helper function to extract extent size hint from inode
53 */
54 xfs_extlen_t
57 {
58 /*
59 * No point in aligning allocations if we need to COW to actually
60 * write to them.
61 */
69 }
71 /*
72 * Helper function to extract CoW extent size hint from inode.
73 * Between the extent size hint and the CoW extent size hint, we
74 * return the greater of the two. If the value is zero (automatic),
75 * use the default size.
76 */
77 xfs_extlen_t
80 {
92 }
94 /*
95 * These two are wrapper routines around the xfs_ilock() routine used to
96 * centralize some grungy code. They are used in places that wish to lock the
97 * inode solely for reading the extents. The reason these places can't just
98 * call xfs_ilock(ip, XFS_ILOCK_SHARED) is that the inode lock also guards to
99 * bringing in of the extents from disk for a file in b-tree format. If the
100 * inode is in b-tree format, then we need to lock the inode exclusively until
101 * the extents are read in. Locking it exclusively all the time would limit
102 * our parallelism unnecessarily, though. What we do instead is check to see
103 * if the extents have been read in yet, and only lock the inode exclusively
104 * if they have not.
105 *
106 * The functions return a value which should be given to the corresponding
107 * xfs_iunlock() call.
108 */
109 uint
112 {
120 }
122 uint
125 {
133 }
135 /*
136 * In addition to i_rwsem in the VFS inode, the xfs inode contains 2
137 * multi-reader locks: i_mmap_lock and the i_lock. This routine allows
138 * various combinations of the locks to be obtained.
139 *
140 * The 3 locks should always be ordered so that the IO lock is obtained first,
141 * the mmap lock second and the ilock last in order to prevent deadlock.
142 *
143 * Basic locking order:
144 *
145 * i_rwsem -> i_mmap_lock -> page_lock -> i_ilock
146 *
147 * mmap_sem locking order:
148 *
149 * i_rwsem -> page lock -> mmap_sem
150 * mmap_sem -> i_mmap_lock -> page_lock
151 *
152 * The difference in mmap_sem locking order mean that we cannot hold the
153 * i_mmap_lock over syscall based read(2)/write(2) based IO. These IO paths can
154 * fault in pages during copy in/out (for buffered IO) or require the mmap_sem
155 * in get_user_pages() to map the user pages into the kernel address space for
156 * direct IO. Similarly the i_rwsem cannot be taken inside a page fault because
157 * page faults already hold the mmap_sem.
158 *
159 * Hence to serialise fully against both syscall and mmap based IO, we need to
160 * take both the i_rwsem and the i_mmap_lock. These locks should *only* be both
161 * taken in places where we need to invalidate the page cache in a race
162 * free manner (e.g. truncate, hole punch and other extent manipulation
163 * functions).
164 */
165 void
168 uint lock_flags)
169 {
172 /*
173 * You can't set both SHARED and EXCL for the same lock,
174 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
175 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
176 */
191 }
202 }
204 /*
205 * This is just like xfs_ilock(), except that the caller
206 * is guaranteed not to sleep. It returns 1 if it gets
207 * the requested locks and 0 otherwise. If the IO lock is
208 * obtained but the inode lock cannot be, then the IO lock
209 * is dropped before returning.
210 *
211 * ip -- the inode being locked
212 * lock_flags -- this parameter indicates the inode's locks to be
213 * to be locked. See the comment for xfs_ilock() for a list
214 * of valid values.
215 */
216 int
219 uint lock_flags)
220 {
223 /*
224 * You can't set both SHARED and EXCL for the same lock,
225 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
226 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
227 */
242 }
250 }
258 }
261 out_undo_mmaplock:
266 out_undo_iolock:
271 out:
273 }
275 /*
276 * xfs_iunlock() is used to drop the inode locks acquired with
277 * xfs_ilock() and xfs_ilock_nowait(). The caller must pass
278 * in the flags given to xfs_ilock() or xfs_ilock_nowait() so
279 * that we know which locks to drop.
280 *
281 * ip -- the inode being unlocked
282 * lock_flags -- this parameter indicates the inode's locks to be
283 * to be unlocked. See the comment for xfs_ilock() for a list
284 * of valid values for this parameter.
285 *
286 */
287 void
290 uint lock_flags)
291 {
292 /*
293 * You can't set both SHARED and EXCL for the same lock,
294 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
295 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
296 */
322 }
324 /*
325 * give up write locks. the i/o lock cannot be held nested
326 * if it is being demoted.
327 */
328 void
331 uint lock_flags)
332 {
345 }
347 #if defined(DEBUG) || defined(XFS_WARN)
348 int
351 uint lock_flags)
352 {
357 }
363 }
370 }
374 }
375 #endif
377 /*
378 * xfs_lockdep_subclass_ok() is only used in an ASSERT, so is only called when
379 * DEBUG or XFS_WARN is set. And MAX_LOCKDEP_SUBCLASSES is then only defined
380 * when CONFIG_LOCKDEP is set. Hence the complex define below to avoid build
381 * errors and warnings.
382 */
383 #if (defined(DEBUG) || defined(XFS_WARN)) && defined(CONFIG_LOCKDEP)
384 static bool
387 {
389 }
390 #else
391 #define xfs_lockdep_subclass_ok(subclass) (true)
392 #endif
394 /*
395 * Bump the subclass so xfs_lock_inodes() acquires each lock with a different
396 * value. This can be called for any type of inode lock combination, including
397 * parent locking. Care must be taken to ensure we don't overrun the subclass
398 * storage fields in the class mask we build.
399 */
402 {
406 XFS_ILOCK_RTSUM)));
412 }
417 }
422 }
425 }
427 /*
428 * The following routine will lock n inodes in exclusive mode. We assume the
429 * caller calls us with the inodes in i_ino order.
430 *
431 * We need to detect deadlock where an inode that we lock is in the AIL and we
432 * start waiting for another inode that is locked by a thread in a long running
433 * transaction (such as truncate). This can result in deadlock since the long
434 * running trans might need to wait for the inode we just locked in order to
435 * push the tail and free space in the log.
436 *
437 * xfs_lock_inodes() can only be used to lock one type of lock at a time -
438 * the iolock, the mmaplock or the ilock, but not more than one at a time. If we
439 * lock more than one at a time, lockdep will report false positives saying we
440 * have violated locking orders.
441 */
442 static void
446 uint lock_mode)
447 {
451 /*
452 * Currently supports between 2 and 5 inodes with exclusive locking. We
453 * support an arbitrary depth of locking here, but absolute limits on
454 * inodes depend on the the type of locking and the limits placed by
455 * lockdep annotations in xfs_lock_inumorder. These are all checked by
456 * the asserts.
457 */
460 XFS_ILOCK_EXCL));
462 XFS_ILOCK_SHARED)));
475 again:
482 /*
483 * If try_lock is not set yet, make sure all locked inodes are
484 * not in the AIL. If any are, set try_lock to be used later.
485 */
490 try_lock++;
491 }
492 }
494 /*
495 * If any of the previous locks we have locked is in the AIL,
496 * we must TRY to get the second and subsequent locks. If
497 * we can't get any, we must release all we have
498 * and try again.
499 */
503 }
505 /* try_lock means we have an inode locked that is in the AIL. */
510 /*
511 * Unlock all previous guys and try again. xfs_iunlock will try
512 * to push the tail if the inode is in the AIL.
513 */
514 attempts++;
516 /*
517 * Check to see if we've already unlocked this one. Not
518 * the first one going back, and the inode ptr is the
519 * same.
520 */
525 }
529 }
533 }
534 }
536 /*
537 * xfs_lock_two_inodes() can only be used to lock one type of lock at a time -
538 * the mmaplock or the ilock, but not more than one type at a time. If we lock
539 * more than one at a time, lockdep will report false positives saying we have
540 * violated locking orders. The iolock must be double-locked separately since
541 * we use i_rwsem for that. We now support taking one lock EXCL and the other
542 * SHARED.
543 */
544 void
547 uint ip0_mode,
549 uint ip1_mode)
550 {
552 uint mode_temp;
578 }
580 again:
583 /*
584 * If the first lock we have locked is in the AIL, we must TRY to get
585 * the second lock. If we can't get it, we must release the first one
586 * and try again.
587 */
595 }
598 }
599 }
601 void
604 {
615 }
617 STATIC uint
622 {
654 }
661 }
667 }
669 uint
672 {
676 }
678 /*
679 * Lookups up an inode from "name". If ci_name is not NULL, then a CI match
680 * is allowed, otherwise it has to be an exact match. If a CI match is found,
681 * ci_name->name will point to a the actual name (caller must free) or
682 * will be set to NULL if an exact match is found.
683 */
684 int
690 {
691 xfs_ino_t inum;
709 out_free_name:
712 out_unlock:
715 }
717 /*
718 * Allocate an inode on disk and return a copy of its in-core version.
719 * The in-core inode is locked exclusively. Set mode, nlink, and rdev
720 * appropriately within the inode. The uid and gid for the inode are
721 * set according to the contents of the given cred structure.
722 *
723 * Use xfs_dialloc() to allocate the on-disk inode. If xfs_dialloc()
724 * has a free inode available, call xfs_iget() to obtain the in-core
725 * version of the allocated inode. Finally, fill in the inode and
726 * log its initial contents. In this case, ialloc_context would be
727 * set to NULL.
728 *
729 * If xfs_dialloc() does not have an available inode, it will replenish
730 * its supply by doing an allocation. Since we can only do one
731 * allocation within a transaction without deadlocks, we must commit
732 * the current transaction before returning the inode itself.
733 * In this case, therefore, we will set ialloc_context and return.
734 * The caller should then commit the current transaction, start a new
735 * transaction, and call xfs_ialloc() again to actually get the inode.
736 *
737 * To ensure that some other process does not grab the inode that
738 * was allocated during the first call to xfs_ialloc(), this routine
739 * also returns the [locked] bp pointing to the head of the freelist
740 * as ialloc_context. The caller should hold this buffer across
741 * the commit and pass it back into this routine on the second call.
742 *
743 * If we are allocating quota inodes, we do not have a parent inode
744 * to attach to or associate with (i.e. pip == NULL) because they
745 * are not linked into the directory structure - they are attached
746 * directly to the superblock - and so have no parent.
747 */
748 static int
752 umode_t mode,
753 xfs_nlink_t nlink,
754 dev_t rdev,
755 prid_t prid,
758 {
760 xfs_ino_t ino;
762 uint flags;
767 /*
768 * Call the space management code to pick
769 * the on-disk inode to be allocated.
770 */
778 }
781 /*
782 * Protect against obviously corrupt allocation btree records. Later
783 * xfs_iget checks will catch re-allocation of other active in-memory
784 * and on-disk inodes. If we don't catch reallocating the parent inode
785 * here we will deadlock in xfs_iget() so we have to do these checks
786 * first.
787 */
791 }
793 /*
794 * Get the in-core inode with the lock held exclusively.
795 * This is because we're setting fields here we need
796 * to prevent others from looking at until we're done.
797 */
805 /*
806 * We always convert v1 inodes to v2 now - we only support filesystems
807 * with >= v2 inode capability, so there is no reason for ever leaving
808 * an inode in v1 format.
809 */
824 }
826 /*
827 * If the group ID of the new file does not match the effective group
828 * ID or one of the supplementary group IDs, the S_ISGID bit is cleared
829 * (and only if the irix_sgid_inherit compatibility variable is set).
830 */
855 }
879 }
888 }
889 }
891 xfs_inherit_noatime)
894 xfs_inherit_nodump)
897 xfs_inherit_sync)
900 xfs_inherit_nosymlinks)
903 xfs_inherit_nodefrag)
909 }
919 }
924 }
925 /* FALLTHROUGH */
934 }
935 /*
936 * Attribute fork settings for new inode.
937 */
941 /*
942 * Log the new values stuffed into the inode.
943 */
947 /* now that we have an i_mode we can setup the inode structure */
952 }
954 /*
955 * Allocates a new inode from disk and return a pointer to the
956 * incore copy. This routine will internally commit the current
957 * transaction and allocate a new one if the Space Manager needed
958 * to do an allocation to replenish the inode free-list.
959 *
960 * This routine is designed to be called from xfs_create and
961 * xfs_create_dir.
962 *
963 */
964 int
967 output: may be a new transaction. */
969 the inode. */
970 umode_t mode,
971 xfs_nlink_t nlink,
972 dev_t rdev,
975 locked. */
976 {
982 uint tflags;
987 /*
988 * xfs_ialloc will return a pointer to an incore inode if
989 * the Space Manager has an available inode on the free
990 * list. Otherwise, it will do an allocation and replenish
991 * the freelist. Since we can only do one allocation per
992 * transaction without deadlocks, we will need to commit the
993 * current transaction and start a new one. We will then
994 * need to call xfs_ialloc again to get the inode.
995 *
996 * If xfs_ialloc did an allocation to replenish the freelist,
997 * it returns the bp containing the head of the freelist as
998 * ialloc_context. We will hold a lock on it across the
999 * transaction commit so that no other process can steal
1000 * the inode(s) that we've just allocated.
1001 */
1005 /*
1006 * Return an error if we were unable to allocate a new inode.
1007 * This should only happen if we run out of space on disk or
1008 * encounter a disk error.
1009 */
1013 }
1017 }
1019 /*
1020 * If the AGI buffer is non-NULL, then we were unable to get an
1021 * inode in one operation. We need to commit the current
1022 * transaction and call xfs_ialloc() again. It is guaranteed
1023 * to succeed the second time.
1024 */
1026 /*
1027 * Normally, xfs_trans_commit releases all the locks.
1028 * We call bhold to hang on to the ialloc_context across
1029 * the commit. Holding this buffer prevents any other
1030 * processes from doing any allocations in this
1031 * allocation group.
1032 */
1035 /*
1036 * We want the quota changes to be associated with the next
1037 * transaction, NOT this one. So, detach the dqinfo from this
1038 * and attach it to the next transaction.
1039 */
1047 }
1051 /*
1052 * Re-attach the quota info that we detached from prev trx.
1053 */
1057 }
1064 }
1067 /*
1068 * Call ialloc again. Since we've locked out all
1069 * other allocations in this allocation group,
1070 * this call should always succeed.
1071 */
1075 /*
1076 * If we get an error at this point, return to the caller
1077 * so that the current transaction can be aborted.
1078 */
1083 }
1086 }
1092 }
1094 /*
1095 * Decrement the link count on an inode & log the change. If this causes the
1096 * link count to go to zero, move the inode to AGI unlinked list so that it can
1097 * be freed when the last active reference goes away via xfs_inactive().
1098 */
1103 {
1113 }
1115 /*
1116 * Increment the link count on an inode & log the change.
1117 */
1118 static void
1122 {
1128 }
1130 int
1134 umode_t mode,
1135 dev_t rdev,
1137 {
1144 prid_t prid;
1149 uint resblks;
1158 /*
1159 * Make sure that we have allocated dquot(s) on disk.
1160 */
1174 }
1176 /*
1177 * Initially assume that the file does not exist and
1178 * reserve the resources for that case. If that is not
1179 * the case we'll drop the one we have and get a more
1180 * appropriate transaction later.
1181 */
1184 /* flush outstanding delalloc blocks and retry */
1187 }
1194 /*
1195 * Reserve disk quota and the inode.
1196 */
1202 /*
1203 * A newly created regular or special file just has one directory
1204 * entry pointing to them, but a directory also the "." entry
1205 * pointing to itself.
1206 */
1211 /*
1212 * Now we join the directory inode to the transaction. We do not do it
1213 * earlier because xfs_dir_ialloc might commit the previous transaction
1214 * (and release all the locks). An error from here on will result in
1215 * the transaction cancel unlocking dp so don't do it explicitly in the
1216 * error path.
1217 */
1222 resblks ?
1227 }
1237 }
1239 /*
1240 * If this is a synchronous mount, make sure that the
1241 * create transaction goes to disk before returning to
1242 * the user.
1243 */
1247 /*
1248 * Attach the dquot(s) to the inodes and modify them incore.
1249 * These ids of the inode couldn't have changed since the new
1250 * inode has been locked ever since it was created.
1251 */
1265 out_trans_cancel:
1267 out_release_inode:
1268 /*
1269 * Wait until after the current transaction is aborted to finish the
1270 * setup of the inode and release the inode. This prevents recursive
1271 * transactions and deadlocks from xfs_inactive.
1272 */
1276 }
1285 }
1287 int
1290 umode_t mode,
1292 {
1297 prid_t prid;
1302 uint resblks;
1309 /*
1310 * Make sure that we have allocated dquot(s) on disk.
1311 */
1338 /*
1339 * Attach the dquot(s) to the inodes and modify them incore.
1340 * These ids of the inode couldn't have changed since the new
1341 * inode has been locked ever since it was created.
1342 */
1360 out_trans_cancel:
1362 out_release_inode:
1363 /*
1364 * Wait until after the current transaction is aborted to finish the
1365 * setup of the inode and release the inode. This prevents recursive
1366 * transactions and deadlocks from xfs_inactive.
1367 */
1371 }
1378 }
1380 int
1385 {
1411 }
1420 /*
1421 * If we are using project inheritance, we only allow hard link
1422 * creation in our tree when the project IDs are the same; else
1423 * the tree quota mechanism could be circumvented.
1424 */
1429 }
1435 }
1437 /*
1438 * Handle initial link state of O_TMPFILE inode
1439 */
1444 }
1447 resblks);
1455 /*
1456 * If this is a synchronous mount, make sure that the
1457 * link transaction goes to disk before returning to
1458 * the user.
1459 */
1465 error_return:
1467 std_return:
1469 }
1471 /* Clear the reflink flag and the cowblocks tag if possible. */
1472 static void
1475 {
1487 }
1489 /*
1490 * Free up the underlying blocks past new_size. The new size must be smaller
1491 * than the current size. This routine can be used both for the attribute and
1492 * data fork, and does not modify the inode size, which is left to the caller.
1493 *
1494 * The transaction passed to this routine must have made a permanent log
1495 * reservation of at least XFS_ITRUNCATE_LOG_RES. This routine may commit the
1496 * given transaction and start new ones, so make sure everything involved in
1497 * the transaction is tidy before calling here. Some transaction will be
1498 * returned to the caller to be committed. The incoming transaction must
1499 * already include the inode, and both inode locks must be held exclusively.
1500 * The inode must also be "held" within the transaction. On return the inode
1501 * will be "held" within the returned transaction. This routine does NOT
1502 * require any disk space to be reserved for it within the transaction.
1503 *
1504 * If we get an error, we must return with the inode locked and linked into the
1505 * current transaction. This keeps things simple for the higher level code,
1506 * because it always knows that the inode is locked and held in the transaction
1507 * that returns to it whether errors occur or not. We don't mark the inode
1508 * dirty on error so that transactions can be easily aborted if possible.
1509 */
1510 int
1515 xfs_fsize_t new_size,
1517 {
1520 xfs_fileoff_t first_unmap_block;
1521 xfs_filblks_t unmap_len;
1537 /*
1538 * Since it is possible for space to become allocated beyond
1539 * the end of the file (in a crash where the space is allocated
1540 * but the inode size is not yet updated), simply remove any
1541 * blocks which show up between the new EOF and the maximum
1542 * possible file size.
1543 *
1544 * We have to free all the blocks to the bmbt maximum offset, even if
1545 * the page cache can't scale that far.
1546 */
1551 }
1561 /*
1562 * Duplicate the transaction that has the permanent
1563 * reservation and commit the old transaction.
1564 */
1572 }
1575 /* Remove all pending CoW reservations. */
1582 }
1584 /*
1585 * Always re-log the inode so that our permanent transaction can keep
1586 * on rolling it forward in the log.
1587 */
1592 out:
1595 }
1597 int
1600 {
1607 /* If this is a read-only mount, don't do this (would generate I/O) */
1614 /*
1615 * If we previously truncated this file and removed old data
1616 * in the process, we want to initiate "early" writeout on
1617 * the last close. This is an attempt to combat the notorious
1618 * NULL files problem which is particularly noticeable from a
1619 * truncate down, buffered (re-)write (delalloc), followed by
1620 * a crash. What we are effectively doing here is
1621 * significantly reducing the time window where we'd otherwise
1622 * be exposed to that problem.
1623 */
1631 }
1632 }
1633 }
1640 /*
1641 * Check if the inode is being opened, written and closed
1642 * frequently and we have delayed allocation blocks outstanding
1643 * (e.g. streaming writes from the NFS server), truncating the
1644 * blocks past EOF will cause fragmentation to occur.
1645 *
1646 * In this case don't do the truncation, but we have to be
1647 * careful how we detect this case. Blocks beyond EOF show up as
1648 * i_delayed_blks even when the inode is clean, so we need to
1649 * truncate them away first before checking for a dirty release.
1650 * Hence on the first dirty close we will still remove the
1651 * speculative allocation, but after that we will leave it in
1652 * place.
1653 */
1656 /*
1657 * If we can't get the iolock just skip truncating the blocks
1658 * past EOF because we could deadlock with the mmap_sem
1659 * otherwise. We'll get another chance to drop them once the
1660 * last reference to the inode is dropped, so we'll never leak
1661 * blocks permanently.
1662 */
1668 }
1670 /* delalloc blocks after truncation means it really is dirty */
1673 }
1675 }
1677 /*
1678 * xfs_inactive_truncate
1679 *
1680 * Called to perform a truncate when an inode becomes unlinked.
1681 */
1682 STATIC int
1685 {
1694 }
1698 /*
1699 * Log the inode size first to prevent stale data exposure in the event
1700 * of a system crash before the truncate completes. See the related
1701 * comment in xfs_vn_setattr_size() for details.
1702 */
1719 error_trans_cancel:
1721 error_unlock:
1724 }
1726 /*
1727 * xfs_inactive_ifree()
1728 *
1729 * Perform the inode free when an inode is unlinked.
1730 */
1731 STATIC int
1734 {
1739 /*
1740 * We try to use a per-AG reservation for any block needed by the finobt
1741 * tree, but as the finobt feature predates the per-AG reservation
1742 * support a degraded file system might not have enough space for the
1743 * reservation at mount time. In that case try to dip into the reserved
1744 * pool and pray.
1745 *
1746 * Send a warning if the reservation does happen to fail, as the inode
1747 * now remains allocated and sits on the unlinked list until the fs is
1748 * repaired.
1749 */
1756 }
1760 "Failed to remove inode(s) from unlinked list. "
1764 }
1766 }
1773 /*
1774 * If we fail to free the inode, shut down. The cancel
1775 * might do that, we need to make sure. Otherwise the
1776 * inode might be lost for a long time or forever.
1777 */
1782 }
1786 }
1788 /*
1789 * Credit the quota account(s). The inode is gone.
1790 */
1793 /*
1794 * Just ignore errors at this point. There is nothing we can do except
1795 * to try to keep going. Make sure it's not a silent error.
1796 */
1804 }
1806 /*
1807 * xfs_inactive
1808 *
1809 * This is called when the vnode reference count for the vnode
1810 * goes to zero. If the file has been unlinked, then it must
1811 * now be truncated. Also, we clear all of the read-ahead state
1812 * kept for the inode here since the file is now closed.
1813 */
1814 void
1817 {
1822 /*
1823 * If the inode is already free, then there can be nothing
1824 * to clean up here.
1825 */
1829 }
1834 /* If this is a read-only mount, don't do this (would generate I/O) */
1838 /* Try to clean out the cow blocks if there are any. */
1843 /*
1844 * force is true because we are evicting an inode from the
1845 * cache. Post-eof blocks must be freed, lest we end up with
1846 * broken free space accounting.
1847 *
1848 * Note: don't bother with iolock here since lockdep complains
1849 * about acquiring it in reclaim context. We have the only
1850 * reference to the inode at this point anyways.
1851 */
1856 }
1874 /*
1875 * If there are attributes associated with the file then blow them away
1876 * now. The code calls a routine that recursively deconstructs the
1877 * attribute fork. If also blows away the in-core attribute fork.
1878 */
1883 }
1889 /*
1890 * Free the inode.
1891 */
1896 /*
1897 * Release the dquots held by inode, if any.
1898 */
1900 }
1902 /*
1903 * In-Core Unlinked List Lookups
1904 * =============================
1905 *
1906 * Every inode is supposed to be reachable from some other piece of metadata
1907 * with the exception of the root directory. Inodes with a connection to a
1908 * file descriptor but not linked from anywhere in the on-disk directory tree
1909 * are collectively known as unlinked inodes, though the filesystem itself
1910 * maintains links to these inodes so that on-disk metadata are consistent.
1911 *
1912 * XFS implements a per-AG on-disk hash table of unlinked inodes. The AGI
1913 * header contains a number of buckets that point to an inode, and each inode
1914 * record has a pointer to the next inode in the hash chain. This
1915 * singly-linked list causes scaling problems in the iunlink remove function
1916 * because we must walk that list to find the inode that points to the inode
1917 * being removed from the unlinked hash bucket list.
1918 *
1919 * What if we modelled the unlinked list as a collection of records capturing
1920 * "X.next_unlinked = Y" relations? If we indexed those records on Y, we'd
1921 * have a fast way to look up unlinked list predecessors, which avoids the
1922 * slow list walk. That's exactly what we do here (in-core) with a per-AG
1923 * rhashtable.
1924 *
1925 * Because this is a backref cache, we ignore operational failures since the
1926 * iunlink code can fall back to the slow bucket walk. The only errors that
1927 * should bubble out are for obviously incorrect situations.
1928 *
1929 * All users of the backref cache MUST hold the AGI buffer lock to serialize
1930 * access or have otherwise provided for concurrency control.
1931 */
1933 /* Capture a "X.next_unlinked = Y" relationship. */
1938 };
1940 /* Unlinked list predecessor lookup hashtable construction */
1941 static int
1945 {
1952 }
1958 iu_next_unlinked),
1962 };
1964 /*
1965 * Return X, where X.next_unlinked == @agino. Returns NULLAGINO if no such
1966 * relation is found.
1967 */
1968 static xfs_agino_t
1971 xfs_agino_t agino)
1972 {
1976 xfs_iunlink_hash_params);
1978 }
1980 /*
1981 * Take ownership of an iunlink cache entry and insert it into the hash table.
1982 * If successful, the entry will be owned by the cache; if not, it is freed.
1983 * Either way, the caller does not own @iu after this call.
1984 */
1985 static int
1989 {
1994 /*
1995 * Fail loudly if there already was an entry because that's a sign of
1996 * corruption of in-memory data. Also fail loudly if we see an error
1997 * code we didn't anticipate from the rhashtable code. Currently we
1998 * only anticipate ENOMEM.
1999 */
2003 }
2004 /*
2005 * Absorb any runtime errors that aren't a result of corruption because
2006 * this is a cache and we can always fall back to bucket list scanning.
2007 */
2011 }
2013 /* Remember that @prev_agino.next_unlinked = @this_agino. */
2014 static int
2017 xfs_agino_t prev_agino,
2018 xfs_agino_t this_agino)
2019 {
2030 }
2032 /*
2033 * Replace X.next_unlinked = @agino with X.next_unlinked = @next_unlinked.
2034 * If @next_unlinked is NULLAGINO, we drop the backref and exit. If there
2035 * wasn't any such entry then we don't bother.
2036 */
2037 static int
2040 xfs_agino_t agino,
2041 xfs_agino_t next_unlinked)
2042 {
2046 /* Look up the old entry; if there wasn't one then exit. */
2048 xfs_iunlink_hash_params);
2052 /*
2053 * Remove the entry. This shouldn't ever return an error, but if we
2054 * couldn't remove the old entry we don't want to add it again to the
2055 * hash table, and if the entry disappeared on us then someone's
2056 * violated the locking rules and we need to fail loudly. Either way
2057 * we cannot remove the inode because internal state is or would have
2058 * been corrupt.
2059 */
2065 /* If there is no new next entry just free our item and return. */
2069 }
2071 /* Update the entry and re-add it to the hash table. */
2074 }
2076 /* Set up the in-core predecessor structures. */
2077 int
2080 {
2083 }
2085 /* Free the in-core predecessor structures. */
2086 static void
2090 {
2096 }
2098 void
2101 {
2108 }
2110 /*
2111 * Point the AGI unlinked bucket at an inode and log the results. The caller
2112 * is responsible for validating the old value.
2113 */
2114 STATIC int
2117 xfs_agnumber_t agno,
2120 xfs_agino_t new_agino)
2121 {
2123 xfs_agino_t old_value;
2132 /*
2133 * We should never find the head of the list already set to the value
2134 * passed in because either we're adding or removing ourselves from the
2135 * head of the list.
2136 */
2140 }
2147 }
2149 /* Set an on-disk inode's next_unlinked pointer. */
2150 STATIC void
2153 xfs_agnumber_t agno,
2154 xfs_agino_t agino,
2158 xfs_agino_t next_agino)
2159 {
2172 /* need to recalc the inode CRC if appropriate */
2177 }
2179 /* Set an in-core inode's unlinked pointer and return the old value. */
2180 STATIC int
2184 xfs_agnumber_t agno,
2185 xfs_agino_t next_agino,
2187 {
2191 xfs_agino_t old_value;
2200 /* Make sure the old pointer isn't garbage. */
2207 }
2209 /*
2210 * Since we're updating a linked list, we should never find that the
2211 * current pointer is the same as the new value, unless we're
2212 * terminating the list.
2213 */
2220 }
2222 }
2224 /* Ok, update the new pointer. */
2228 out:
2231 }
2233 /*
2234 * This is called when the inode's link count has gone to 0 or we are creating
2235 * a tmpfile via O_TMPFILE. The inode @ip must have nlink == 0.
2236 *
2237 * We place the on-disk inode on a list in the AGI. It will be pulled from this
2238 * list when the inode is freed.
2239 */
2240 STATIC int
2244 {
2248 xfs_agino_t next_agino;
2258 /* Get the agi buffer first. It ensures lock ordering on the list. */
2264 /*
2265 * Get the index into the agi hash table for the list this inode will
2266 * go on. Make sure the pointer isn't garbage and that this inode
2267 * isn't already on the list.
2268 */
2274 }
2278 xfs_agino_t old_agino;
2280 /*
2281 * There is already another inode in the bucket, so point this
2282 * inode to the current head of the list.
2283 */
2290 /*
2291 * agino has been unlinked, add a backref from the next inode
2292 * back to agino.
2293 */
2299 }
2301 /* Point the head of the list to point to this inode. */
2303 }
2305 /* Return the imap, dinode pointer, and buffer for an inode. */
2306 STATIC int
2309 xfs_agnumber_t agno,
2310 xfs_agino_t agino,
2314 {
2324 }
2331 }
2334 }
2336 /*
2337 * Walk the unlinked chain from @head_agino until we find the inode that
2338 * points to @target_agino. Return the inode number, map, dinode pointer,
2339 * and inode cluster buffer of that inode as @agino, @imap, @dipp, and @bpp.
2340 *
2341 * @tp, @pag, @head_agino, and @target_agino are input parameters.
2342 * @agino, @imap, @dipp, and @bpp are all output parameters.
2343 *
2344 * Do not call this function if @target_agino is the head of the list.
2345 */
2346 STATIC int
2349 xfs_agnumber_t agno,
2350 xfs_agino_t head_agino,
2351 xfs_agino_t target_agino,
2357 {
2359 xfs_agino_t next_agino;
2365 /* See if our backref cache can find it faster. */
2375 /*
2376 * If we get here the cache contents were corrupt, so drop the
2377 * buffer and fall back to walking the bucket list.
2378 */
2382 }
2386 /* Otherwise, walk the entire bucket until we find it. */
2389 xfs_agino_t unlinked_agino;
2396 bpp);
2401 /*
2402 * Make sure this pointer is valid and isn't an obvious
2403 * infinite loop.
2404 */
2412 }
2414 }
2417 }
2419 /*
2420 * Pull the on-disk inode from the AGI unlinked list.
2421 */
2422 STATIC int
2426 {
2435 xfs_agino_t next_agino;
2436 xfs_agino_t head_agino;
2442 /* Get the agi buffer first. It ensures lock ordering on the list. */
2448 /*
2449 * Get the index into the agi hash table for the list this inode will
2450 * go on. Make sure the head pointer isn't garbage.
2451 */
2457 }
2459 /*
2460 * Set our inode's next_unlinked pointer to NULL and then return
2461 * the old pointer value so that we can update whatever was previous
2462 * to us in the list to point to whatever was next in the list.
2463 */
2468 /*
2469 * If there was a backref pointing from the next inode back to this
2470 * one, remove it because we've removed this inode from the list.
2471 *
2472 * Later, if this inode was in the middle of the list we'll update
2473 * this inode's backref to point from the next inode.
2474 */
2478 NULLAGINO);
2481 }
2484 /* Point the head of the list to the next unlinked inode. */
2486 next_agino);
2491 xfs_agino_t prev_agino;
2496 /* We need to search the list for the inode being freed. */
2499 pag);
2503 /* Point the previous inode on the list to the next inode. */
2507 /*
2508 * Now we deal with the backref for this inode. If this inode
2509 * pointed at a real inode, change the backref that pointed to
2510 * us to point to our old next. If this inode was the end of
2511 * the list, delete the backref that pointed to us. Note that
2512 * change_backref takes care of deleting the backref if
2513 * next_agino is NULLAGINO.
2514 */
2518 }
2520 out:
2524 }
2526 /*
2527 * A big issue when freeing the inode cluster is that we _cannot_ skip any
2528 * inodes that are in memory - they all must be marked stale and attached to
2529 * the cluster buffer.
2530 */
2531 STATIC int
2536 {
2541 xfs_daddr_t blkno;
2548 xfs_ino_t inum;
2556 /*
2557 * The allocation bitmap tells us which inodes of the chunk were
2558 * physically allocated. Skip the cluster if an inode falls into
2559 * a sparse region.
2560 */
2565 }
2570 /*
2571 * We obtain and lock the backing buffer first in the process
2572 * here, as we have to ensure that any dirty inode that we
2573 * can't get the flush lock on is attached to the buffer.
2574 * If we scan the in-memory inodes first, then buffer IO can
2575 * complete before we get a lock on it, and hence we may fail
2576 * to mark all the active inodes on the buffer stale.
2577 */
2584 /*
2585 * This buffer may not have been correctly initialised as we
2586 * didn't read it from disk. That's not important because we are
2587 * only using to mark the buffer as stale in the log, and to
2588 * attach stale cached inodes on it. That means it will never be
2589 * dispatched for IO. If it is, we want to know about it, and we
2590 * want it to fail. We can acheive this by adding a write
2591 * verifier to the buffer.
2592 */
2595 /*
2596 * Walk the inodes already attached to the buffer and mark them
2597 * stale. These will all have the flush locks held, so an
2598 * in-memory inode walk can't lock them. By marking them all
2599 * stale first, we will not attempt to lock them in the loop
2600 * below as the XFS_ISTALE flag will be set.
2601 */
2611 }
2612 }
2615 /*
2616 * For each inode in memory attempt to add it to the inode
2617 * buffer and set it up for being staled on buffer IO
2618 * completion. This is safe as we've locked out tail pushing
2619 * and flushing by locking the buffer.
2620 *
2621 * We have already marked every inode that was part of a
2622 * transaction stale above, which means there is no point in
2623 * even trying to lock them.
2624 */
2626 retry:
2631 /* Inode not in memory, nothing to do */
2635 }
2637 /*
2638 * because this is an RCU protected lookup, we could
2639 * find a recently freed or even reallocated inode
2640 * during the lookup. We need to check under the
2641 * i_flags_lock for a valid inode here. Skip it if it
2642 * is not valid, the wrong inode or stale.
2643 */
2650 }
2653 /*
2654 * Don't try to lock/unlock the current inode, but we
2655 * _cannot_ skip the other inodes that we did not find
2656 * in the list attached to the buffer and are not
2657 * already marked stale. If we can't lock it, back off
2658 * and retry.
2659 */
2665 }
2667 /*
2668 * Check the inode number again in case we're
2669 * racing with freeing in xfs_reclaim_inode().
2670 * See the comments in that function for more
2671 * information as to why the initial check is
2672 * not sufficient.
2673 */
2678 }
2679 }
2685 /*
2686 * we don't need to attach clean inodes or those only
2687 * with unlogged changes (which we throw away, anyway).
2688 */
2695 }
2709 }
2713 }
2717 }
2719 /*
2720 * Free any local-format buffers sitting around before we reset to
2721 * extents format.
2722 */
2727 {
2735 }
2737 /*
2738 * This is called to return an inode to the inode free list.
2739 * The inode should already be truncated to 0 length and have
2740 * no pages associated with it. This routine also assumes that
2741 * the inode is already a part of the transaction.
2742 *
2743 * The on-disk copy of the inode will have been added to the list
2744 * of unlinked inodes in the AGI. We need to remove the inode from
2745 * that list atomically with respect to freeing it here.
2746 */
2747 int
2751 {
2762 /*
2763 * Pull the on-disk inode from the AGI unlinked list.
2764 */
2784 /* Don't attempt to replay owner changes for a deleted inode */
2787 /*
2788 * Bump the generation count so no one will be confused
2789 * by reincarnations of this inode.
2790 */
2798 }
2800 /*
2801 * This is called to unpin an inode. The caller must have the inode locked
2802 * in at least shared mode so that the buffer cannot be subsequently pinned
2803 * once someone is waiting for it to be unpinned.
2804 */
2805 static void
2808 {
2813 /* Give the log a push to start the unpinning I/O */
2816 }
2818 static void
2821 {
2833 }
2835 void
2838 {
2841 }
2843 /*
2844 * Removing an inode from the namespace involves removing the directory entry
2845 * and dropping the link count on the inode. Removing the directory entry can
2846 * result in locking an AGF (directory blocks were freed) and removing a link
2847 * count can result in placing the inode on an unlinked list which results in
2848 * locking an AGI.
2849 *
2850 * The big problem here is that we have an ordering constraint on AGF and AGI
2851 * locking - inode allocation locks the AGI, then can allocate a new extent for
2852 * new inodes, locking the AGF after the AGI. Similarly, freeing the inode
2853 * removes the inode from the unlinked list, requiring that we lock the AGI
2854 * first, and then freeing the inode can result in an inode chunk being freed
2855 * and hence freeing disk space requiring that we lock an AGF.
2856 *
2857 * Hence the ordering that is imposed by other parts of the code is AGI before
2858 * AGF. This means we cannot remove the directory entry before we drop the inode
2859 * reference count and put it on the unlinked list as this results in a lock
2860 * order of AGF then AGI, and this can deadlock against inode allocation and
2861 * freeing. Therefore we must drop the link counts before we remove the
2862 * directory entry.
2863 *
2864 * This is still safe from a transactional point of view - it is not until we
2865 * get to xfs_defer_finish() that we have the possibility of multiple
2866 * transactions in this operation. Hence as long as we remove the directory
2867 * entry and drop the link count in the first transaction of the remove
2868 * operation, there are no transactional constraints on the ordering here.
2869 */
2870 int
2875 {
2880 uint resblks;
2895 /*
2896 * We try to get the real space reservation first,
2897 * allowing for directory btree deletion(s) implying
2898 * possible bmap insert(s). If we can't get the space
2899 * reservation then we use 0 instead, and avoid the bmap
2900 * btree insert(s) in the directory code by, if the bmap
2901 * insert tries to happen, instead trimming the LAST
2902 * block from the directory.
2903 */
2910 }
2914 }
2921 /*
2922 * If we're removing a directory perform some additional validation.
2923 */
2929 }
2933 }
2935 /* Drop the link from ip's "..". */
2940 /* Drop the "." link from ip to self. */
2945 /*
2946 * When removing a non-directory we need to log the parent
2947 * inode here. For a directory this is done implicitly
2948 * by the xfs_droplink call for the ".." entry.
2949 */
2951 }
2954 /* Drop the link from dp to ip. */
2963 }
2965 /*
2966 * If this is a synchronous mount, make sure that the
2967 * remove transaction goes to disk before returning to
2968 * the user.
2969 */
2982 out_trans_cancel:
2984 std_return:
2986 }
2988 /*
2989 * Enter all inodes for a rename transaction into a sorted array.
2990 */
2991 #define __XFS_SORT_INODES 5
2992 STATIC void
3001 {
3007 /*
3008 * i_tab contains a list of pointers to inodes. We initialize
3009 * the table here & we'll sort it. We will then use it to
3010 * order the acquisition of the inode locks.
3011 *
3012 * Note that the table may contain duplicates. e.g., dp1 == dp2.
3013 */
3024 /*
3025 * Sort the elements via bubble sort. (Remember, there are at
3026 * most 5 elements to sort, so this is adequate.)
3027 */
3034 }
3035 }
3036 }
3037 }
3039 static int
3042 {
3043 /*
3044 * If this is a synchronous mount, make sure that the rename transaction
3045 * goes to disk before returning to the user.
3046 */
3051 }
3053 /*
3054 * xfs_cross_rename()
3055 *
3056 * responsible for handling RENAME_EXCHANGE flag in renameat2() sytemcall
3057 */
3058 STATIC int
3068 {
3074 /* Swap inode number for dirent in first parent */
3079 /* Swap inode number for dirent in second parent */
3084 /*
3085 * If we're renaming one or more directories across different parents,
3086 * update the respective ".." entries (and link counts) to match the new
3087 * parents.
3088 */
3098 /* transfer ip2 ".." reference to dp1 */
3104 }
3106 /*
3107 * Although ip1 isn't changed here, userspace needs
3108 * to be warned about the change, so that applications
3109 * relying on it (like backup ones), will properly
3110 * notify the change
3111 */
3114 }
3122 /* transfer ip1 ".." reference to dp2 */
3128 }
3130 /*
3131 * Although ip2 isn't changed here, userspace needs
3132 * to be warned about the change, so that applications
3133 * relying on it (like backup ones), will properly
3134 * notify the change
3135 */
3138 }
3139 }
3144 }
3148 }
3152 }
3157 out_trans_abort:
3160 }
3162 /*
3163 * xfs_rename_alloc_whiteout()
3164 *
3165 * Return a referenced, unlinked, unlocked inode that that can be used as a
3166 * whiteout in a rename transaction. We use a tmpfile inode here so that if we
3167 * crash between allocating the inode and linking it into the rename transaction
3168 * recovery will free the inode and we won't leak it.
3169 */
3170 static int
3174 {
3182 /*
3183 * Prepare the tmpfile inode as if it were created through the VFS.
3184 * Complete the inode setup and flag it as linkable. nlink is already
3185 * zero, so we can skip the drop_nlink.
3186 */
3193 }
3195 /*
3196 * xfs_rename
3197 */
3198 int
3207 {
3224 /*
3225 * If we are doing a whiteout operation, allocate the whiteout inode
3226 * we will be placing at the target and ensure the type is set
3227 * appropriately.
3228 */
3235 /* setup target dirent info as whiteout */
3237 }
3248 }
3252 /*
3253 * Attach the dquots to the inodes
3254 */
3259 /*
3260 * Lock all the participating inodes. Depending upon whether
3261 * the target_name exists in the target directory, and
3262 * whether the target directory is the same as the source
3263 * directory, we can lock from 2 to 4 inodes.
3264 */
3267 /*
3268 * Join all the inodes to the transaction. From this point on,
3269 * we can rely on either trans_commit or trans_cancel to unlock
3270 * them.
3271 */
3281 /*
3282 * If we are using project inheritance, we only allow renames
3283 * into our tree when the project IDs are the same; else the
3284 * tree quota mechanism would be circumvented.
3285 */
3290 }
3292 /* RENAME_EXCHANGE is unique from here on. */
3296 spaceres);
3298 /*
3299 * Check for expected errors before we dirty the transaction
3300 * so we can return an error without a transaction abort.
3301 */
3303 /*
3304 * If there's no space reservation, check the entry will
3305 * fit before actually inserting it.
3306 */
3311 }
3313 /*
3314 * If target exists and it's a directory, check that whether
3315 * it can be destroyed.
3316 */
3322 }
3323 }
3325 /*
3326 * Directory entry creation below may acquire the AGF. Remove
3327 * the whiteout from the unlinked list first to preserve correct
3328 * AGI/AGF locking order. This dirties the transaction so failures
3329 * after this point will abort and log recovery will clean up the
3330 * mess.
3331 *
3332 * For whiteouts, we need to bump the link count on the whiteout
3333 * inode. After this point, we have a real link, clear the tmpfile
3334 * state flag from the inode so it doesn't accidentally get misused
3335 * in future.
3336 */
3345 }
3347 /*
3348 * Set up the target.
3349 */
3351 /*
3352 * If target does not exist and the rename crosses
3353 * directories, adjust the target directory link count
3354 * to account for the ".." reference from the new entry.
3355 */
3366 }
3368 /*
3369 * Link the source inode under the target name.
3370 * If the source inode is a directory and we are moving
3371 * it across directories, its ".." entry will be
3372 * inconsistent until we replace that down below.
3373 *
3374 * In case there is already an entry with the same
3375 * name at the destination directory, remove it first.
3376 */
3378 /*
3379 * Check whether the replace operation will need to allocate
3380 * blocks. This happens when the shortform directory lacks
3381 * space and we have to convert it to a block format directory.
3382 * When more blocks are necessary, we must lock the AGI first
3383 * to preserve locking order (AGI -> AGF).
3384 */
3391 }
3401 /*
3402 * Decrement the link count on the target since the target
3403 * dir no longer points to it.
3404 */
3410 /*
3411 * Drop the link from the old "." entry.
3412 */
3416 }
3419 /*
3420 * Remove the source.
3421 */
3423 /*
3424 * Rewrite the ".." entry to point to the new
3425 * directory.
3426 */
3432 }
3434 /*
3435 * We always want to hit the ctime on the source inode.
3436 *
3437 * This isn't strictly required by the standards since the source
3438 * inode isn't really being changed, but old unix file systems did
3439 * it and some incremental backup programs won't work without it.
3440 */
3444 /*
3445 * Adjust the link count on src_dp. This is necessary when
3446 * renaming a directory, either within one parent when
3447 * the target existed, or across two parent directories.
3448 */
3451 /*
3452 * Decrement link count on src_directory since the
3453 * entry that's moved no longer points to it.
3454 */
3458 }
3460 /*
3461 * For whiteouts, we only need to update the source dirent with the
3462 * inode number of the whiteout inode rather than removing it
3463 * altogether.
3464 */
3467 spaceres);
3470 spaceres);
3484 out_trans_cancel:
3486 out_release_wip:
3490 }
3492 STATIC int
3496 {
3518 /* really need a gang lookup range call here */
3529 /*
3530 * because this is an RCU protected lookup, we could find a
3531 * recently freed or even reallocated inode during the lookup.
3532 * We need to check under the i_flags_lock for a valid inode
3533 * here. Skip it if it is not valid or the wrong inode.
3534 */
3540 }
3542 /*
3543 * Once we fall off the end of the cluster, no point checking
3544 * any more inodes in the list because they will also all be
3545 * outside the cluster.
3546 */
3550 }
3553 /*
3554 * Do an un-protected check to see if the inode is dirty and
3555 * is a candidate for flushing. These checks will be repeated
3556 * later after the appropriate locks are acquired.
3557 */
3561 /*
3562 * Try to get locks. If any are unavailable or it is pinned,
3563 * then this inode cannot be flushed and is skipped.
3564 */
3571 }
3576 }
3579 /*
3580 * Check the inode number again, just to be certain we are not
3581 * racing with freeing in xfs_reclaim_inode(). See the comments
3582 * in that function for more information as to why the initial
3583 * check is not sufficient.
3584 */
3589 }
3591 /*
3592 * arriving here means that this inode can be flushed. First
3593 * re-check that it's dirty before flushing.
3594 */
3601 }
3602 clcount++;
3605 }
3607 }
3612 }
3614 out_free:
3617 out_put:
3622 cluster_corrupt_out:
3623 /*
3624 * Corruption detected in the clustering loop. Invalidate the
3625 * inode buffer and shut down the filesystem.
3626 */
3629 /*
3630 * We'll always have an inode attached to the buffer for completion
3631 * process by the time we are called from xfs_iflush(). Hence we have
3632 * always need to do IO completion processing to abort the inodes
3633 * attached to the buffer. handle them just like the shutdown case in
3634 * xfs_buf_submit().
3635 */
3645 /* abort the corrupt inode, as it was not attached to the buffer */
3650 }
3652 /*
3653 * Flush dirty inode metadata into the backing buffer.
3654 *
3655 * The caller must have the inode lock and the inode flush lock held. The
3656 * inode lock will still be held upon return to the caller, and the inode
3657 * flush lock will be released after the inode has reached the disk.
3658 *
3659 * The caller must write out the buffer returned in *bpp and release it.
3660 */
3661 int
3665 {
3682 /*
3683 * For stale inodes we cannot rely on the backing buffer remaining
3684 * stale in cache for the remaining life of the stale inode and so
3685 * xfs_imap_to_bp() below may give us a buffer that no longer contains
3686 * inodes below. We have to check this after ensuring the inode is
3687 * unpinned so that it is safe to reclaim the stale inode after the
3688 * flush call.
3689 */
3693 }
3695 /*
3696 * This may have been unpinned because the filesystem is shutting
3697 * down forcibly. If that's the case we must not write this inode
3698 * to disk, because the log record didn't make it to disk.
3699 *
3700 * We also have to remove the log item from the AIL in this case,
3701 * as we wait for an empty AIL as part of the unmount process.
3702 */
3706 }
3708 /*
3709 * Get the buffer containing the on-disk inode. We are doing a try-lock
3710 * operation here, so we may get an EAGAIN error. In that case, we
3711 * simply want to return with the inode still dirty.
3712 *
3713 * If we get any other error, we effectively have a corruption situation
3714 * and we cannot flush the inode, so we treat it the same as failing
3715 * xfs_iflush_int().
3716 */
3722 }
3726 /*
3727 * First flush out the inode that xfs_iflush was called with.
3728 */
3733 /*
3734 * If the buffer is pinned then push on the log now so we won't
3735 * get stuck waiting in the write for too long.
3736 */
3740 /*
3741 * inode clustering: try to gather other inodes into this write
3742 *
3743 * Note: Any error during clustering will result in the filesystem
3744 * being shut down and completion callbacks run on the cluster buffer.
3745 * As we have already flushed and attached this inode to the buffer,
3746 * it has already been aborted and released by xfs_iflush_cluster() and
3747 * so we have no further error handling to do here.
3748 */
3756 corrupt_out:
3760 abort_out:
3761 /* abort the corrupt inode, as it was not attached to the buffer */
3764 }
3766 /*
3767 * If there are inline format data / attr forks attached to this inode,
3768 * make sure they're not corrupt.
3769 */
3770 bool
3773 {
3775 xfs_failaddr_t fa;
3783 }
3792 }
3794 }
3796 STATIC int
3800 {
3812 /* set *dip = inode's place in the buffer */
3821 }
3831 }
3842 }
3843 }
3847 "%s: detected corrupt incore inode %Lu, "
3853 }
3860 }
3862 /*
3863 * Inode item log recovery for v2 inodes are dependent on the
3864 * di_flushiter count for correct sequencing. We bump the flush
3865 * iteration count so we can detect flushes which postdate a log record
3866 * during recovery. This is redundant as we now log every change and
3867 * hence this can't happen but we need to still do it to ensure
3868 * backwards compatibility with old kernels that predate logging all
3869 * inode changes.
3870 */
3874 /* Check the inline fork data before we write out. */
3878 /*
3879 * Copy the dirty parts of the inode into the on-disk inode. We always
3880 * copy out the core of the inode, because if the inode is dirty at all
3881 * the core must be.
3882 */
3885 /* Wrap, we never let the log put out DI_MAX_FLUSH */
3894 /*
3895 * We've recorded everything logged in the inode, so we'd like to clear
3896 * the ili_fields bits so we don't log and flush things unnecessarily.
3897 * However, we can't stop logging all this information until the data
3898 * we've copied into the disk buffer is written to disk. If we did we
3899 * might overwrite the copy of the inode in the log with all the data
3900 * after re-logging only part of it, and in the face of a crash we
3901 * wouldn't have all the data we need to recover.
3902 *
3903 * What we do is move the bits to the ili_last_fields field. When
3904 * logging the inode, these bits are moved back to the ili_fields field.
3905 * In the xfs_iflush_done() routine we clear ili_last_fields, since we
3906 * know that the information those bits represent is permanently on
3907 * disk. As long as the flush completes before the inode is logged
3908 * again, then both ili_fields and ili_last_fields will be cleared.
3909 *
3910 * We can play with the ili_fields bits here, because the inode lock
3911 * must be held exclusively in order to set bits there and the flush
3912 * lock protects the ili_last_fields bits. Set ili_logged so the flush
3913 * done routine can tell whether or not to look in the AIL. Also, store
3914 * the current LSN of the inode so that we can tell whether the item has
3915 * moved in the AIL from xfs_iflush_done(). In order to read the lsn we
3916 * need the AIL lock, because it is a 64 bit value that cannot be read
3917 * atomically.
3918 */
3927 /*
3928 * Attach the function xfs_iflush_done to the inode's
3929 * buffer. This will remove the inode from the AIL
3930 * and unlock the inode's flush lock when the inode is
3931 * completely written to disk.
3932 */
3935 /* generate the checksum. */
3942 corrupt_out:
3944 }
3946 /* Release an inode. */
3947 void
3950 {
3953 }