Loading...
1/*
2 * This file is part of UBIFS.
3 *
4 * Copyright (C) 2006-2008 Nokia Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published by
8 * the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 *
19 * Author: Adrian Hunter
20 */
21
22#include "ubifs.h"
23
24/*
25 * An orphan is an inode number whose inode node has been committed to the index
26 * with a link count of zero. That happens when an open file is deleted
27 * (unlinked) and then a commit is run. In the normal course of events the inode
28 * would be deleted when the file is closed. However in the case of an unclean
29 * unmount, orphans need to be accounted for. After an unclean unmount, the
30 * orphans' inodes must be deleted which means either scanning the entire index
31 * looking for them, or keeping a list on flash somewhere. This unit implements
32 * the latter approach.
33 *
34 * The orphan area is a fixed number of LEBs situated between the LPT area and
35 * the main area. The number of orphan area LEBs is specified when the file
36 * system is created. The minimum number is 1. The size of the orphan area
37 * should be so that it can hold the maximum number of orphans that are expected
38 * to ever exist at one time.
39 *
40 * The number of orphans that can fit in a LEB is:
41 *
42 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)
43 *
44 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough.
45 *
46 * Orphans are accumulated in a rb-tree. When an inode's link count drops to
47 * zero, the inode number is added to the rb-tree. It is removed from the tree
48 * when the inode is deleted. Any new orphans that are in the orphan tree when
49 * the commit is run, are written to the orphan area in 1 or more orphan nodes.
50 * If the orphan area is full, it is consolidated to make space. There is
51 * always enough space because validation prevents the user from creating more
52 * than the maximum number of orphans allowed.
53 */
54
55#ifdef CONFIG_UBIFS_FS_DEBUG
56static int dbg_check_orphans(struct ubifs_info *c);
57#else
58#define dbg_check_orphans(c) 0
59#endif
60
61/**
62 * ubifs_add_orphan - add an orphan.
63 * @c: UBIFS file-system description object
64 * @inum: orphan inode number
65 *
66 * Add an orphan. This function is called when an inodes link count drops to
67 * zero.
68 */
69int ubifs_add_orphan(struct ubifs_info *c, ino_t inum)
70{
71 struct ubifs_orphan *orphan, *o;
72 struct rb_node **p, *parent = NULL;
73
74 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS);
75 if (!orphan)
76 return -ENOMEM;
77 orphan->inum = inum;
78 orphan->new = 1;
79
80 spin_lock(&c->orphan_lock);
81 if (c->tot_orphans >= c->max_orphans) {
82 spin_unlock(&c->orphan_lock);
83 kfree(orphan);
84 return -ENFILE;
85 }
86 p = &c->orph_tree.rb_node;
87 while (*p) {
88 parent = *p;
89 o = rb_entry(parent, struct ubifs_orphan, rb);
90 if (inum < o->inum)
91 p = &(*p)->rb_left;
92 else if (inum > o->inum)
93 p = &(*p)->rb_right;
94 else {
95 dbg_err("orphaned twice");
96 spin_unlock(&c->orphan_lock);
97 kfree(orphan);
98 return 0;
99 }
100 }
101 c->tot_orphans += 1;
102 c->new_orphans += 1;
103 rb_link_node(&orphan->rb, parent, p);
104 rb_insert_color(&orphan->rb, &c->orph_tree);
105 list_add_tail(&orphan->list, &c->orph_list);
106 list_add_tail(&orphan->new_list, &c->orph_new);
107 spin_unlock(&c->orphan_lock);
108 dbg_gen("ino %lu", (unsigned long)inum);
109 return 0;
110}
111
112/**
113 * ubifs_delete_orphan - delete an orphan.
114 * @c: UBIFS file-system description object
115 * @inum: orphan inode number
116 *
117 * Delete an orphan. This function is called when an inode is deleted.
118 */
119void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
120{
121 struct ubifs_orphan *o;
122 struct rb_node *p;
123
124 spin_lock(&c->orphan_lock);
125 p = c->orph_tree.rb_node;
126 while (p) {
127 o = rb_entry(p, struct ubifs_orphan, rb);
128 if (inum < o->inum)
129 p = p->rb_left;
130 else if (inum > o->inum)
131 p = p->rb_right;
132 else {
133 if (o->dnext) {
134 spin_unlock(&c->orphan_lock);
135 dbg_gen("deleted twice ino %lu",
136 (unsigned long)inum);
137 return;
138 }
139 if (o->cnext) {
140 o->dnext = c->orph_dnext;
141 c->orph_dnext = o;
142 spin_unlock(&c->orphan_lock);
143 dbg_gen("delete later ino %lu",
144 (unsigned long)inum);
145 return;
146 }
147 rb_erase(p, &c->orph_tree);
148 list_del(&o->list);
149 c->tot_orphans -= 1;
150 if (o->new) {
151 list_del(&o->new_list);
152 c->new_orphans -= 1;
153 }
154 spin_unlock(&c->orphan_lock);
155 kfree(o);
156 dbg_gen("inum %lu", (unsigned long)inum);
157 return;
158 }
159 }
160 spin_unlock(&c->orphan_lock);
161 dbg_err("missing orphan ino %lu", (unsigned long)inum);
162 dbg_dump_stack();
163}
164
165/**
166 * ubifs_orphan_start_commit - start commit of orphans.
167 * @c: UBIFS file-system description object
168 *
169 * Start commit of orphans.
170 */
171int ubifs_orphan_start_commit(struct ubifs_info *c)
172{
173 struct ubifs_orphan *orphan, **last;
174
175 spin_lock(&c->orphan_lock);
176 last = &c->orph_cnext;
177 list_for_each_entry(orphan, &c->orph_new, new_list) {
178 ubifs_assert(orphan->new);
179 orphan->new = 0;
180 *last = orphan;
181 last = &orphan->cnext;
182 }
183 *last = orphan->cnext;
184 c->cmt_orphans = c->new_orphans;
185 c->new_orphans = 0;
186 dbg_cmt("%d orphans to commit", c->cmt_orphans);
187 INIT_LIST_HEAD(&c->orph_new);
188 if (c->tot_orphans == 0)
189 c->no_orphs = 1;
190 else
191 c->no_orphs = 0;
192 spin_unlock(&c->orphan_lock);
193 return 0;
194}
195
196/**
197 * avail_orphs - calculate available space.
198 * @c: UBIFS file-system description object
199 *
200 * This function returns the number of orphans that can be written in the
201 * available space.
202 */
203static int avail_orphs(struct ubifs_info *c)
204{
205 int avail_lebs, avail, gap;
206
207 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1;
208 avail = avail_lebs *
209 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
210 gap = c->leb_size - c->ohead_offs;
211 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64))
212 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
213 return avail;
214}
215
216/**
217 * tot_avail_orphs - calculate total space.
218 * @c: UBIFS file-system description object
219 *
220 * This function returns the number of orphans that can be written in half
221 * the total space. That leaves half the space for adding new orphans.
222 */
223static int tot_avail_orphs(struct ubifs_info *c)
224{
225 int avail_lebs, avail;
226
227 avail_lebs = c->orph_lebs;
228 avail = avail_lebs *
229 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
230 return avail / 2;
231}
232
233/**
234 * do_write_orph_node - write a node to the orphan head.
235 * @c: UBIFS file-system description object
236 * @len: length of node
237 * @atomic: write atomically
238 *
239 * This function writes a node to the orphan head from the orphan buffer. If
240 * %atomic is not zero, then the write is done atomically. On success, %0 is
241 * returned, otherwise a negative error code is returned.
242 */
243static int do_write_orph_node(struct ubifs_info *c, int len, int atomic)
244{
245 int err = 0;
246
247 if (atomic) {
248 ubifs_assert(c->ohead_offs == 0);
249 ubifs_prepare_node(c, c->orph_buf, len, 1);
250 len = ALIGN(len, c->min_io_size);
251 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len,
252 UBI_SHORTTERM);
253 } else {
254 if (c->ohead_offs == 0) {
255 /* Ensure LEB has been unmapped */
256 err = ubifs_leb_unmap(c, c->ohead_lnum);
257 if (err)
258 return err;
259 }
260 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum,
261 c->ohead_offs, UBI_SHORTTERM);
262 }
263 return err;
264}
265
266/**
267 * write_orph_node - write an orphan node.
268 * @c: UBIFS file-system description object
269 * @atomic: write atomically
270 *
271 * This function builds an orphan node from the cnext list and writes it to the
272 * orphan head. On success, %0 is returned, otherwise a negative error code
273 * is returned.
274 */
275static int write_orph_node(struct ubifs_info *c, int atomic)
276{
277 struct ubifs_orphan *orphan, *cnext;
278 struct ubifs_orph_node *orph;
279 int gap, err, len, cnt, i;
280
281 ubifs_assert(c->cmt_orphans > 0);
282 gap = c->leb_size - c->ohead_offs;
283 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) {
284 c->ohead_lnum += 1;
285 c->ohead_offs = 0;
286 gap = c->leb_size;
287 if (c->ohead_lnum > c->orph_last) {
288 /*
289 * We limit the number of orphans so that this should
290 * never happen.
291 */
292 ubifs_err("out of space in orphan area");
293 return -EINVAL;
294 }
295 }
296 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
297 if (cnt > c->cmt_orphans)
298 cnt = c->cmt_orphans;
299 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64);
300 ubifs_assert(c->orph_buf);
301 orph = c->orph_buf;
302 orph->ch.node_type = UBIFS_ORPH_NODE;
303 spin_lock(&c->orphan_lock);
304 cnext = c->orph_cnext;
305 for (i = 0; i < cnt; i++) {
306 orphan = cnext;
307 orph->inos[i] = cpu_to_le64(orphan->inum);
308 cnext = orphan->cnext;
309 orphan->cnext = NULL;
310 }
311 c->orph_cnext = cnext;
312 c->cmt_orphans -= cnt;
313 spin_unlock(&c->orphan_lock);
314 if (c->cmt_orphans)
315 orph->cmt_no = cpu_to_le64(c->cmt_no);
316 else
317 /* Mark the last node of the commit */
318 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63));
319 ubifs_assert(c->ohead_offs + len <= c->leb_size);
320 ubifs_assert(c->ohead_lnum >= c->orph_first);
321 ubifs_assert(c->ohead_lnum <= c->orph_last);
322 err = do_write_orph_node(c, len, atomic);
323 c->ohead_offs += ALIGN(len, c->min_io_size);
324 c->ohead_offs = ALIGN(c->ohead_offs, 8);
325 return err;
326}
327
328/**
329 * write_orph_nodes - write orphan nodes until there are no more to commit.
330 * @c: UBIFS file-system description object
331 * @atomic: write atomically
332 *
333 * This function writes orphan nodes for all the orphans to commit. On success,
334 * %0 is returned, otherwise a negative error code is returned.
335 */
336static int write_orph_nodes(struct ubifs_info *c, int atomic)
337{
338 int err;
339
340 while (c->cmt_orphans > 0) {
341 err = write_orph_node(c, atomic);
342 if (err)
343 return err;
344 }
345 if (atomic) {
346 int lnum;
347
348 /* Unmap any unused LEBs after consolidation */
349 lnum = c->ohead_lnum + 1;
350 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) {
351 err = ubifs_leb_unmap(c, lnum);
352 if (err)
353 return err;
354 }
355 }
356 return 0;
357}
358
359/**
360 * consolidate - consolidate the orphan area.
361 * @c: UBIFS file-system description object
362 *
363 * This function enables consolidation by putting all the orphans into the list
364 * to commit. The list is in the order that the orphans were added, and the
365 * LEBs are written atomically in order, so at no time can orphans be lost by
366 * an unclean unmount.
367 *
368 * This function returns %0 on success and a negative error code on failure.
369 */
370static int consolidate(struct ubifs_info *c)
371{
372 int tot_avail = tot_avail_orphs(c), err = 0;
373
374 spin_lock(&c->orphan_lock);
375 dbg_cmt("there is space for %d orphans and there are %d",
376 tot_avail, c->tot_orphans);
377 if (c->tot_orphans - c->new_orphans <= tot_avail) {
378 struct ubifs_orphan *orphan, **last;
379 int cnt = 0;
380
381 /* Change the cnext list to include all non-new orphans */
382 last = &c->orph_cnext;
383 list_for_each_entry(orphan, &c->orph_list, list) {
384 if (orphan->new)
385 continue;
386 *last = orphan;
387 last = &orphan->cnext;
388 cnt += 1;
389 }
390 *last = orphan->cnext;
391 ubifs_assert(cnt == c->tot_orphans - c->new_orphans);
392 c->cmt_orphans = cnt;
393 c->ohead_lnum = c->orph_first;
394 c->ohead_offs = 0;
395 } else {
396 /*
397 * We limit the number of orphans so that this should
398 * never happen.
399 */
400 ubifs_err("out of space in orphan area");
401 err = -EINVAL;
402 }
403 spin_unlock(&c->orphan_lock);
404 return err;
405}
406
407/**
408 * commit_orphans - commit orphans.
409 * @c: UBIFS file-system description object
410 *
411 * This function commits orphans to flash. On success, %0 is returned,
412 * otherwise a negative error code is returned.
413 */
414static int commit_orphans(struct ubifs_info *c)
415{
416 int avail, atomic = 0, err;
417
418 ubifs_assert(c->cmt_orphans > 0);
419 avail = avail_orphs(c);
420 if (avail < c->cmt_orphans) {
421 /* Not enough space to write new orphans, so consolidate */
422 err = consolidate(c);
423 if (err)
424 return err;
425 atomic = 1;
426 }
427 err = write_orph_nodes(c, atomic);
428 return err;
429}
430
431/**
432 * erase_deleted - erase the orphans marked for deletion.
433 * @c: UBIFS file-system description object
434 *
435 * During commit, the orphans being committed cannot be deleted, so they are
436 * marked for deletion and deleted by this function. Also, the recovery
437 * adds killed orphans to the deletion list, and therefore they are deleted
438 * here too.
439 */
440static void erase_deleted(struct ubifs_info *c)
441{
442 struct ubifs_orphan *orphan, *dnext;
443
444 spin_lock(&c->orphan_lock);
445 dnext = c->orph_dnext;
446 while (dnext) {
447 orphan = dnext;
448 dnext = orphan->dnext;
449 ubifs_assert(!orphan->new);
450 rb_erase(&orphan->rb, &c->orph_tree);
451 list_del(&orphan->list);
452 c->tot_orphans -= 1;
453 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum);
454 kfree(orphan);
455 }
456 c->orph_dnext = NULL;
457 spin_unlock(&c->orphan_lock);
458}
459
460/**
461 * ubifs_orphan_end_commit - end commit of orphans.
462 * @c: UBIFS file-system description object
463 *
464 * End commit of orphans.
465 */
466int ubifs_orphan_end_commit(struct ubifs_info *c)
467{
468 int err;
469
470 if (c->cmt_orphans != 0) {
471 err = commit_orphans(c);
472 if (err)
473 return err;
474 }
475 erase_deleted(c);
476 err = dbg_check_orphans(c);
477 return err;
478}
479
480/**
481 * ubifs_clear_orphans - erase all LEBs used for orphans.
482 * @c: UBIFS file-system description object
483 *
484 * If recovery is not required, then the orphans from the previous session
485 * are not needed. This function locates the LEBs used to record
486 * orphans, and un-maps them.
487 */
488int ubifs_clear_orphans(struct ubifs_info *c)
489{
490 int lnum, err;
491
492 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
493 err = ubifs_leb_unmap(c, lnum);
494 if (err)
495 return err;
496 }
497 c->ohead_lnum = c->orph_first;
498 c->ohead_offs = 0;
499 return 0;
500}
501
502/**
503 * insert_dead_orphan - insert an orphan.
504 * @c: UBIFS file-system description object
505 * @inum: orphan inode number
506 *
507 * This function is a helper to the 'do_kill_orphans()' function. The orphan
508 * must be kept until the next commit, so it is added to the rb-tree and the
509 * deletion list.
510 */
511static int insert_dead_orphan(struct ubifs_info *c, ino_t inum)
512{
513 struct ubifs_orphan *orphan, *o;
514 struct rb_node **p, *parent = NULL;
515
516 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_KERNEL);
517 if (!orphan)
518 return -ENOMEM;
519 orphan->inum = inum;
520
521 p = &c->orph_tree.rb_node;
522 while (*p) {
523 parent = *p;
524 o = rb_entry(parent, struct ubifs_orphan, rb);
525 if (inum < o->inum)
526 p = &(*p)->rb_left;
527 else if (inum > o->inum)
528 p = &(*p)->rb_right;
529 else {
530 /* Already added - no problem */
531 kfree(orphan);
532 return 0;
533 }
534 }
535 c->tot_orphans += 1;
536 rb_link_node(&orphan->rb, parent, p);
537 rb_insert_color(&orphan->rb, &c->orph_tree);
538 list_add_tail(&orphan->list, &c->orph_list);
539 orphan->dnext = c->orph_dnext;
540 c->orph_dnext = orphan;
541 dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum,
542 c->new_orphans, c->tot_orphans);
543 return 0;
544}
545
546/**
547 * do_kill_orphans - remove orphan inodes from the index.
548 * @c: UBIFS file-system description object
549 * @sleb: scanned LEB
550 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here
551 * @outofdate: whether the LEB is out of date is returned here
552 * @last_flagged: whether the end orphan node is encountered
553 *
554 * This function is a helper to the 'kill_orphans()' function. It goes through
555 * every orphan node in a LEB and for every inode number recorded, removes
556 * all keys for that inode from the TNC.
557 */
558static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
559 unsigned long long *last_cmt_no, int *outofdate,
560 int *last_flagged)
561{
562 struct ubifs_scan_node *snod;
563 struct ubifs_orph_node *orph;
564 unsigned long long cmt_no;
565 ino_t inum;
566 int i, n, err, first = 1;
567
568 list_for_each_entry(snod, &sleb->nodes, list) {
569 if (snod->type != UBIFS_ORPH_NODE) {
570 ubifs_err("invalid node type %d in orphan area at "
571 "%d:%d", snod->type, sleb->lnum, snod->offs);
572 dbg_dump_node(c, snod->node);
573 return -EINVAL;
574 }
575
576 orph = snod->node;
577
578 /* Check commit number */
579 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX;
580 /*
581 * The commit number on the master node may be less, because
582 * of a failed commit. If there are several failed commits in a
583 * row, the commit number written on orphan nodes will continue
584 * to increase (because the commit number is adjusted here) even
585 * though the commit number on the master node stays the same
586 * because the master node has not been re-written.
587 */
588 if (cmt_no > c->cmt_no)
589 c->cmt_no = cmt_no;
590 if (cmt_no < *last_cmt_no && *last_flagged) {
591 /*
592 * The last orphan node had a higher commit number and
593 * was flagged as the last written for that commit
594 * number. That makes this orphan node, out of date.
595 */
596 if (!first) {
597 ubifs_err("out of order commit number %llu in "
598 "orphan node at %d:%d",
599 cmt_no, sleb->lnum, snod->offs);
600 dbg_dump_node(c, snod->node);
601 return -EINVAL;
602 }
603 dbg_rcvry("out of date LEB %d", sleb->lnum);
604 *outofdate = 1;
605 return 0;
606 }
607
608 if (first)
609 first = 0;
610
611 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
612 for (i = 0; i < n; i++) {
613 inum = le64_to_cpu(orph->inos[i]);
614 dbg_rcvry("deleting orphaned inode %lu",
615 (unsigned long)inum);
616 err = ubifs_tnc_remove_ino(c, inum);
617 if (err)
618 return err;
619 err = insert_dead_orphan(c, inum);
620 if (err)
621 return err;
622 }
623
624 *last_cmt_no = cmt_no;
625 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) {
626 dbg_rcvry("last orph node for commit %llu at %d:%d",
627 cmt_no, sleb->lnum, snod->offs);
628 *last_flagged = 1;
629 } else
630 *last_flagged = 0;
631 }
632
633 return 0;
634}
635
636/**
637 * kill_orphans - remove all orphan inodes from the index.
638 * @c: UBIFS file-system description object
639 *
640 * If recovery is required, then orphan inodes recorded during the previous
641 * session (which ended with an unclean unmount) must be deleted from the index.
642 * This is done by updating the TNC, but since the index is not updated until
643 * the next commit, the LEBs where the orphan information is recorded are not
644 * erased until the next commit.
645 */
646static int kill_orphans(struct ubifs_info *c)
647{
648 unsigned long long last_cmt_no = 0;
649 int lnum, err = 0, outofdate = 0, last_flagged = 0;
650
651 c->ohead_lnum = c->orph_first;
652 c->ohead_offs = 0;
653 /* Check no-orphans flag and skip this if no orphans */
654 if (c->no_orphs) {
655 dbg_rcvry("no orphans");
656 return 0;
657 }
658 /*
659 * Orph nodes always start at c->orph_first and are written to each
660 * successive LEB in turn. Generally unused LEBs will have been unmapped
661 * but may contain out of date orphan nodes if the unmap didn't go
662 * through. In addition, the last orphan node written for each commit is
663 * marked (top bit of orph->cmt_no is set to 1). It is possible that
664 * there are orphan nodes from the next commit (i.e. the commit did not
665 * complete successfully). In that case, no orphans will have been lost
666 * due to the way that orphans are written, and any orphans added will
667 * be valid orphans anyway and so can be deleted.
668 */
669 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
670 struct ubifs_scan_leb *sleb;
671
672 dbg_rcvry("LEB %d", lnum);
673 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1);
674 if (IS_ERR(sleb)) {
675 if (PTR_ERR(sleb) == -EUCLEAN)
676 sleb = ubifs_recover_leb(c, lnum, 0,
677 c->sbuf, -1);
678 if (IS_ERR(sleb)) {
679 err = PTR_ERR(sleb);
680 break;
681 }
682 }
683 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate,
684 &last_flagged);
685 if (err || outofdate) {
686 ubifs_scan_destroy(sleb);
687 break;
688 }
689 if (sleb->endpt) {
690 c->ohead_lnum = lnum;
691 c->ohead_offs = sleb->endpt;
692 }
693 ubifs_scan_destroy(sleb);
694 }
695 return err;
696}
697
698/**
699 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them.
700 * @c: UBIFS file-system description object
701 * @unclean: indicates recovery from unclean unmount
702 * @read_only: indicates read only mount
703 *
704 * This function is called when mounting to erase orphans from the previous
705 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as
706 * orphans are deleted.
707 */
708int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only)
709{
710 int err = 0;
711
712 c->max_orphans = tot_avail_orphs(c);
713
714 if (!read_only) {
715 c->orph_buf = vmalloc(c->leb_size);
716 if (!c->orph_buf)
717 return -ENOMEM;
718 }
719
720 if (unclean)
721 err = kill_orphans(c);
722 else if (!read_only)
723 err = ubifs_clear_orphans(c);
724
725 return err;
726}
727
728#ifdef CONFIG_UBIFS_FS_DEBUG
729
730struct check_orphan {
731 struct rb_node rb;
732 ino_t inum;
733};
734
735struct check_info {
736 unsigned long last_ino;
737 unsigned long tot_inos;
738 unsigned long missing;
739 unsigned long long leaf_cnt;
740 struct ubifs_ino_node *node;
741 struct rb_root root;
742};
743
744static int dbg_find_orphan(struct ubifs_info *c, ino_t inum)
745{
746 struct ubifs_orphan *o;
747 struct rb_node *p;
748
749 spin_lock(&c->orphan_lock);
750 p = c->orph_tree.rb_node;
751 while (p) {
752 o = rb_entry(p, struct ubifs_orphan, rb);
753 if (inum < o->inum)
754 p = p->rb_left;
755 else if (inum > o->inum)
756 p = p->rb_right;
757 else {
758 spin_unlock(&c->orphan_lock);
759 return 1;
760 }
761 }
762 spin_unlock(&c->orphan_lock);
763 return 0;
764}
765
766static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum)
767{
768 struct check_orphan *orphan, *o;
769 struct rb_node **p, *parent = NULL;
770
771 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS);
772 if (!orphan)
773 return -ENOMEM;
774 orphan->inum = inum;
775
776 p = &root->rb_node;
777 while (*p) {
778 parent = *p;
779 o = rb_entry(parent, struct check_orphan, rb);
780 if (inum < o->inum)
781 p = &(*p)->rb_left;
782 else if (inum > o->inum)
783 p = &(*p)->rb_right;
784 else {
785 kfree(orphan);
786 return 0;
787 }
788 }
789 rb_link_node(&orphan->rb, parent, p);
790 rb_insert_color(&orphan->rb, root);
791 return 0;
792}
793
794static int dbg_find_check_orphan(struct rb_root *root, ino_t inum)
795{
796 struct check_orphan *o;
797 struct rb_node *p;
798
799 p = root->rb_node;
800 while (p) {
801 o = rb_entry(p, struct check_orphan, rb);
802 if (inum < o->inum)
803 p = p->rb_left;
804 else if (inum > o->inum)
805 p = p->rb_right;
806 else
807 return 1;
808 }
809 return 0;
810}
811
812static void dbg_free_check_tree(struct rb_root *root)
813{
814 struct rb_node *this = root->rb_node;
815 struct check_orphan *o;
816
817 while (this) {
818 if (this->rb_left) {
819 this = this->rb_left;
820 continue;
821 } else if (this->rb_right) {
822 this = this->rb_right;
823 continue;
824 }
825 o = rb_entry(this, struct check_orphan, rb);
826 this = rb_parent(this);
827 if (this) {
828 if (this->rb_left == &o->rb)
829 this->rb_left = NULL;
830 else
831 this->rb_right = NULL;
832 }
833 kfree(o);
834 }
835}
836
837static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr,
838 void *priv)
839{
840 struct check_info *ci = priv;
841 ino_t inum;
842 int err;
843
844 inum = key_inum(c, &zbr->key);
845 if (inum != ci->last_ino) {
846 /* Lowest node type is the inode node, so it comes first */
847 if (key_type(c, &zbr->key) != UBIFS_INO_KEY)
848 ubifs_err("found orphan node ino %lu, type %d",
849 (unsigned long)inum, key_type(c, &zbr->key));
850 ci->last_ino = inum;
851 ci->tot_inos += 1;
852 err = ubifs_tnc_read_node(c, zbr, ci->node);
853 if (err) {
854 ubifs_err("node read failed, error %d", err);
855 return err;
856 }
857 if (ci->node->nlink == 0)
858 /* Must be recorded as an orphan */
859 if (!dbg_find_check_orphan(&ci->root, inum) &&
860 !dbg_find_orphan(c, inum)) {
861 ubifs_err("missing orphan, ino %lu",
862 (unsigned long)inum);
863 ci->missing += 1;
864 }
865 }
866 ci->leaf_cnt += 1;
867 return 0;
868}
869
870static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb)
871{
872 struct ubifs_scan_node *snod;
873 struct ubifs_orph_node *orph;
874 ino_t inum;
875 int i, n, err;
876
877 list_for_each_entry(snod, &sleb->nodes, list) {
878 cond_resched();
879 if (snod->type != UBIFS_ORPH_NODE)
880 continue;
881 orph = snod->node;
882 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
883 for (i = 0; i < n; i++) {
884 inum = le64_to_cpu(orph->inos[i]);
885 err = dbg_ins_check_orphan(&ci->root, inum);
886 if (err)
887 return err;
888 }
889 }
890 return 0;
891}
892
893static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci)
894{
895 int lnum, err = 0;
896 void *buf;
897
898 /* Check no-orphans flag and skip this if no orphans */
899 if (c->no_orphs)
900 return 0;
901
902 buf = __vmalloc(c->leb_size, GFP_NOFS, PAGE_KERNEL);
903 if (!buf) {
904 ubifs_err("cannot allocate memory to check orphans");
905 return 0;
906 }
907
908 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
909 struct ubifs_scan_leb *sleb;
910
911 sleb = ubifs_scan(c, lnum, 0, buf, 0);
912 if (IS_ERR(sleb)) {
913 err = PTR_ERR(sleb);
914 break;
915 }
916
917 err = dbg_read_orphans(ci, sleb);
918 ubifs_scan_destroy(sleb);
919 if (err)
920 break;
921 }
922
923 vfree(buf);
924 return err;
925}
926
927static int dbg_check_orphans(struct ubifs_info *c)
928{
929 struct check_info ci;
930 int err;
931
932 if (!dbg_is_chk_orph(c))
933 return 0;
934
935 ci.last_ino = 0;
936 ci.tot_inos = 0;
937 ci.missing = 0;
938 ci.leaf_cnt = 0;
939 ci.root = RB_ROOT;
940 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
941 if (!ci.node) {
942 ubifs_err("out of memory");
943 return -ENOMEM;
944 }
945
946 err = dbg_scan_orphans(c, &ci);
947 if (err)
948 goto out;
949
950 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci);
951 if (err) {
952 ubifs_err("cannot scan TNC, error %d", err);
953 goto out;
954 }
955
956 if (ci.missing) {
957 ubifs_err("%lu missing orphan(s)", ci.missing);
958 err = -EINVAL;
959 goto out;
960 }
961
962 dbg_cmt("last inode number is %lu", ci.last_ino);
963 dbg_cmt("total number of inodes is %lu", ci.tot_inos);
964 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt);
965
966out:
967 dbg_free_check_tree(&ci.root);
968 kfree(ci.node);
969 return err;
970}
971
972#endif /* CONFIG_UBIFS_FS_DEBUG */
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Author: Adrian Hunter
8 */
9
10#include "ubifs.h"
11
12/*
13 * An orphan is an inode number whose inode node has been committed to the index
14 * with a link count of zero. That happens when an open file is deleted
15 * (unlinked) and then a commit is run. In the normal course of events the inode
16 * would be deleted when the file is closed. However in the case of an unclean
17 * unmount, orphans need to be accounted for. After an unclean unmount, the
18 * orphans' inodes must be deleted which means either scanning the entire index
19 * looking for them, or keeping a list on flash somewhere. This unit implements
20 * the latter approach.
21 *
22 * The orphan area is a fixed number of LEBs situated between the LPT area and
23 * the main area. The number of orphan area LEBs is specified when the file
24 * system is created. The minimum number is 1. The size of the orphan area
25 * should be so that it can hold the maximum number of orphans that are expected
26 * to ever exist at one time.
27 *
28 * The number of orphans that can fit in a LEB is:
29 *
30 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)
31 *
32 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough.
33 *
34 * Orphans are accumulated in a rb-tree. When an inode's link count drops to
35 * zero, the inode number is added to the rb-tree. It is removed from the tree
36 * when the inode is deleted. Any new orphans that are in the orphan tree when
37 * the commit is run, are written to the orphan area in 1 or more orphan nodes.
38 * If the orphan area is full, it is consolidated to make space. There is
39 * always enough space because validation prevents the user from creating more
40 * than the maximum number of orphans allowed.
41 */
42
43static int dbg_check_orphans(struct ubifs_info *c);
44
45static struct ubifs_orphan *orphan_add(struct ubifs_info *c, ino_t inum,
46 struct ubifs_orphan *parent_orphan)
47{
48 struct ubifs_orphan *orphan, *o;
49 struct rb_node **p, *parent = NULL;
50
51 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS);
52 if (!orphan)
53 return ERR_PTR(-ENOMEM);
54 orphan->inum = inum;
55 orphan->new = 1;
56 INIT_LIST_HEAD(&orphan->child_list);
57
58 spin_lock(&c->orphan_lock);
59 if (c->tot_orphans >= c->max_orphans) {
60 spin_unlock(&c->orphan_lock);
61 kfree(orphan);
62 return ERR_PTR(-ENFILE);
63 }
64 p = &c->orph_tree.rb_node;
65 while (*p) {
66 parent = *p;
67 o = rb_entry(parent, struct ubifs_orphan, rb);
68 if (inum < o->inum)
69 p = &(*p)->rb_left;
70 else if (inum > o->inum)
71 p = &(*p)->rb_right;
72 else {
73 ubifs_err(c, "orphaned twice");
74 spin_unlock(&c->orphan_lock);
75 kfree(orphan);
76 return ERR_PTR(-EINVAL);
77 }
78 }
79 c->tot_orphans += 1;
80 c->new_orphans += 1;
81 rb_link_node(&orphan->rb, parent, p);
82 rb_insert_color(&orphan->rb, &c->orph_tree);
83 list_add_tail(&orphan->list, &c->orph_list);
84 list_add_tail(&orphan->new_list, &c->orph_new);
85
86 if (parent_orphan) {
87 list_add_tail(&orphan->child_list,
88 &parent_orphan->child_list);
89 }
90
91 spin_unlock(&c->orphan_lock);
92 dbg_gen("ino %lu", (unsigned long)inum);
93 return orphan;
94}
95
96static struct ubifs_orphan *lookup_orphan(struct ubifs_info *c, ino_t inum)
97{
98 struct ubifs_orphan *o;
99 struct rb_node *p;
100
101 p = c->orph_tree.rb_node;
102 while (p) {
103 o = rb_entry(p, struct ubifs_orphan, rb);
104 if (inum < o->inum)
105 p = p->rb_left;
106 else if (inum > o->inum)
107 p = p->rb_right;
108 else {
109 return o;
110 }
111 }
112 return NULL;
113}
114
115static void __orphan_drop(struct ubifs_info *c, struct ubifs_orphan *o)
116{
117 rb_erase(&o->rb, &c->orph_tree);
118 list_del(&o->list);
119 c->tot_orphans -= 1;
120
121 if (o->new) {
122 list_del(&o->new_list);
123 c->new_orphans -= 1;
124 }
125
126 kfree(o);
127}
128
129static void orphan_delete(struct ubifs_info *c, struct ubifs_orphan *orph)
130{
131 if (orph->del) {
132 dbg_gen("deleted twice ino %lu", (unsigned long)orph->inum);
133 return;
134 }
135
136 if (orph->cmt) {
137 orph->del = 1;
138 orph->dnext = c->orph_dnext;
139 c->orph_dnext = orph;
140 dbg_gen("delete later ino %lu", (unsigned long)orph->inum);
141 return;
142 }
143
144 __orphan_drop(c, orph);
145}
146
147/**
148 * ubifs_add_orphan - add an orphan.
149 * @c: UBIFS file-system description object
150 * @inum: orphan inode number
151 *
152 * Add an orphan. This function is called when an inodes link count drops to
153 * zero.
154 */
155int ubifs_add_orphan(struct ubifs_info *c, ino_t inum)
156{
157 int err = 0;
158 ino_t xattr_inum;
159 union ubifs_key key;
160 struct ubifs_dent_node *xent, *pxent = NULL;
161 struct fscrypt_name nm = {0};
162 struct ubifs_orphan *xattr_orphan;
163 struct ubifs_orphan *orphan;
164
165 orphan = orphan_add(c, inum, NULL);
166 if (IS_ERR(orphan))
167 return PTR_ERR(orphan);
168
169 lowest_xent_key(c, &key, inum);
170 while (1) {
171 xent = ubifs_tnc_next_ent(c, &key, &nm);
172 if (IS_ERR(xent)) {
173 err = PTR_ERR(xent);
174 if (err == -ENOENT)
175 break;
176 kfree(pxent);
177 return err;
178 }
179
180 fname_name(&nm) = xent->name;
181 fname_len(&nm) = le16_to_cpu(xent->nlen);
182 xattr_inum = le64_to_cpu(xent->inum);
183
184 xattr_orphan = orphan_add(c, xattr_inum, orphan);
185 if (IS_ERR(xattr_orphan)) {
186 kfree(pxent);
187 kfree(xent);
188 return PTR_ERR(xattr_orphan);
189 }
190
191 kfree(pxent);
192 pxent = xent;
193 key_read(c, &xent->key, &key);
194 }
195 kfree(pxent);
196
197 return 0;
198}
199
200/**
201 * ubifs_delete_orphan - delete an orphan.
202 * @c: UBIFS file-system description object
203 * @inum: orphan inode number
204 *
205 * Delete an orphan. This function is called when an inode is deleted.
206 */
207void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
208{
209 struct ubifs_orphan *orph, *child_orph, *tmp_o;
210
211 spin_lock(&c->orphan_lock);
212
213 orph = lookup_orphan(c, inum);
214 if (!orph) {
215 spin_unlock(&c->orphan_lock);
216 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum);
217 dump_stack();
218
219 return;
220 }
221
222 list_for_each_entry_safe(child_orph, tmp_o, &orph->child_list, child_list) {
223 list_del(&child_orph->child_list);
224 orphan_delete(c, child_orph);
225 }
226
227 orphan_delete(c, orph);
228
229 spin_unlock(&c->orphan_lock);
230}
231
232/**
233 * ubifs_orphan_start_commit - start commit of orphans.
234 * @c: UBIFS file-system description object
235 *
236 * Start commit of orphans.
237 */
238int ubifs_orphan_start_commit(struct ubifs_info *c)
239{
240 struct ubifs_orphan *orphan, **last;
241
242 spin_lock(&c->orphan_lock);
243 last = &c->orph_cnext;
244 list_for_each_entry(orphan, &c->orph_new, new_list) {
245 ubifs_assert(c, orphan->new);
246 ubifs_assert(c, !orphan->cmt);
247 orphan->new = 0;
248 orphan->cmt = 1;
249 *last = orphan;
250 last = &orphan->cnext;
251 }
252 *last = NULL;
253 c->cmt_orphans = c->new_orphans;
254 c->new_orphans = 0;
255 dbg_cmt("%d orphans to commit", c->cmt_orphans);
256 INIT_LIST_HEAD(&c->orph_new);
257 if (c->tot_orphans == 0)
258 c->no_orphs = 1;
259 else
260 c->no_orphs = 0;
261 spin_unlock(&c->orphan_lock);
262 return 0;
263}
264
265/**
266 * avail_orphs - calculate available space.
267 * @c: UBIFS file-system description object
268 *
269 * This function returns the number of orphans that can be written in the
270 * available space.
271 */
272static int avail_orphs(struct ubifs_info *c)
273{
274 int avail_lebs, avail, gap;
275
276 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1;
277 avail = avail_lebs *
278 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
279 gap = c->leb_size - c->ohead_offs;
280 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64))
281 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
282 return avail;
283}
284
285/**
286 * tot_avail_orphs - calculate total space.
287 * @c: UBIFS file-system description object
288 *
289 * This function returns the number of orphans that can be written in half
290 * the total space. That leaves half the space for adding new orphans.
291 */
292static int tot_avail_orphs(struct ubifs_info *c)
293{
294 int avail_lebs, avail;
295
296 avail_lebs = c->orph_lebs;
297 avail = avail_lebs *
298 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
299 return avail / 2;
300}
301
302/**
303 * do_write_orph_node - write a node to the orphan head.
304 * @c: UBIFS file-system description object
305 * @len: length of node
306 * @atomic: write atomically
307 *
308 * This function writes a node to the orphan head from the orphan buffer. If
309 * %atomic is not zero, then the write is done atomically. On success, %0 is
310 * returned, otherwise a negative error code is returned.
311 */
312static int do_write_orph_node(struct ubifs_info *c, int len, int atomic)
313{
314 int err = 0;
315
316 if (atomic) {
317 ubifs_assert(c, c->ohead_offs == 0);
318 ubifs_prepare_node(c, c->orph_buf, len, 1);
319 len = ALIGN(len, c->min_io_size);
320 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len);
321 } else {
322 if (c->ohead_offs == 0) {
323 /* Ensure LEB has been unmapped */
324 err = ubifs_leb_unmap(c, c->ohead_lnum);
325 if (err)
326 return err;
327 }
328 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum,
329 c->ohead_offs);
330 }
331 return err;
332}
333
334/**
335 * write_orph_node - write an orphan node.
336 * @c: UBIFS file-system description object
337 * @atomic: write atomically
338 *
339 * This function builds an orphan node from the cnext list and writes it to the
340 * orphan head. On success, %0 is returned, otherwise a negative error code
341 * is returned.
342 */
343static int write_orph_node(struct ubifs_info *c, int atomic)
344{
345 struct ubifs_orphan *orphan, *cnext;
346 struct ubifs_orph_node *orph;
347 int gap, err, len, cnt, i;
348
349 ubifs_assert(c, c->cmt_orphans > 0);
350 gap = c->leb_size - c->ohead_offs;
351 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) {
352 c->ohead_lnum += 1;
353 c->ohead_offs = 0;
354 gap = c->leb_size;
355 if (c->ohead_lnum > c->orph_last) {
356 /*
357 * We limit the number of orphans so that this should
358 * never happen.
359 */
360 ubifs_err(c, "out of space in orphan area");
361 return -EINVAL;
362 }
363 }
364 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
365 if (cnt > c->cmt_orphans)
366 cnt = c->cmt_orphans;
367 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64);
368 ubifs_assert(c, c->orph_buf);
369 orph = c->orph_buf;
370 orph->ch.node_type = UBIFS_ORPH_NODE;
371 spin_lock(&c->orphan_lock);
372 cnext = c->orph_cnext;
373 for (i = 0; i < cnt; i++) {
374 orphan = cnext;
375 ubifs_assert(c, orphan->cmt);
376 orph->inos[i] = cpu_to_le64(orphan->inum);
377 orphan->cmt = 0;
378 cnext = orphan->cnext;
379 orphan->cnext = NULL;
380 }
381 c->orph_cnext = cnext;
382 c->cmt_orphans -= cnt;
383 spin_unlock(&c->orphan_lock);
384 if (c->cmt_orphans)
385 orph->cmt_no = cpu_to_le64(c->cmt_no);
386 else
387 /* Mark the last node of the commit */
388 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63));
389 ubifs_assert(c, c->ohead_offs + len <= c->leb_size);
390 ubifs_assert(c, c->ohead_lnum >= c->orph_first);
391 ubifs_assert(c, c->ohead_lnum <= c->orph_last);
392 err = do_write_orph_node(c, len, atomic);
393 c->ohead_offs += ALIGN(len, c->min_io_size);
394 c->ohead_offs = ALIGN(c->ohead_offs, 8);
395 return err;
396}
397
398/**
399 * write_orph_nodes - write orphan nodes until there are no more to commit.
400 * @c: UBIFS file-system description object
401 * @atomic: write atomically
402 *
403 * This function writes orphan nodes for all the orphans to commit. On success,
404 * %0 is returned, otherwise a negative error code is returned.
405 */
406static int write_orph_nodes(struct ubifs_info *c, int atomic)
407{
408 int err;
409
410 while (c->cmt_orphans > 0) {
411 err = write_orph_node(c, atomic);
412 if (err)
413 return err;
414 }
415 if (atomic) {
416 int lnum;
417
418 /* Unmap any unused LEBs after consolidation */
419 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) {
420 err = ubifs_leb_unmap(c, lnum);
421 if (err)
422 return err;
423 }
424 }
425 return 0;
426}
427
428/**
429 * consolidate - consolidate the orphan area.
430 * @c: UBIFS file-system description object
431 *
432 * This function enables consolidation by putting all the orphans into the list
433 * to commit. The list is in the order that the orphans were added, and the
434 * LEBs are written atomically in order, so at no time can orphans be lost by
435 * an unclean unmount.
436 *
437 * This function returns %0 on success and a negative error code on failure.
438 */
439static int consolidate(struct ubifs_info *c)
440{
441 int tot_avail = tot_avail_orphs(c), err = 0;
442
443 spin_lock(&c->orphan_lock);
444 dbg_cmt("there is space for %d orphans and there are %d",
445 tot_avail, c->tot_orphans);
446 if (c->tot_orphans - c->new_orphans <= tot_avail) {
447 struct ubifs_orphan *orphan, **last;
448 int cnt = 0;
449
450 /* Change the cnext list to include all non-new orphans */
451 last = &c->orph_cnext;
452 list_for_each_entry(orphan, &c->orph_list, list) {
453 if (orphan->new)
454 continue;
455 orphan->cmt = 1;
456 *last = orphan;
457 last = &orphan->cnext;
458 cnt += 1;
459 }
460 *last = NULL;
461 ubifs_assert(c, cnt == c->tot_orphans - c->new_orphans);
462 c->cmt_orphans = cnt;
463 c->ohead_lnum = c->orph_first;
464 c->ohead_offs = 0;
465 } else {
466 /*
467 * We limit the number of orphans so that this should
468 * never happen.
469 */
470 ubifs_err(c, "out of space in orphan area");
471 err = -EINVAL;
472 }
473 spin_unlock(&c->orphan_lock);
474 return err;
475}
476
477/**
478 * commit_orphans - commit orphans.
479 * @c: UBIFS file-system description object
480 *
481 * This function commits orphans to flash. On success, %0 is returned,
482 * otherwise a negative error code is returned.
483 */
484static int commit_orphans(struct ubifs_info *c)
485{
486 int avail, atomic = 0, err;
487
488 ubifs_assert(c, c->cmt_orphans > 0);
489 avail = avail_orphs(c);
490 if (avail < c->cmt_orphans) {
491 /* Not enough space to write new orphans, so consolidate */
492 err = consolidate(c);
493 if (err)
494 return err;
495 atomic = 1;
496 }
497 err = write_orph_nodes(c, atomic);
498 return err;
499}
500
501/**
502 * erase_deleted - erase the orphans marked for deletion.
503 * @c: UBIFS file-system description object
504 *
505 * During commit, the orphans being committed cannot be deleted, so they are
506 * marked for deletion and deleted by this function. Also, the recovery
507 * adds killed orphans to the deletion list, and therefore they are deleted
508 * here too.
509 */
510static void erase_deleted(struct ubifs_info *c)
511{
512 struct ubifs_orphan *orphan, *dnext;
513
514 spin_lock(&c->orphan_lock);
515 dnext = c->orph_dnext;
516 while (dnext) {
517 orphan = dnext;
518 dnext = orphan->dnext;
519 ubifs_assert(c, !orphan->new);
520 ubifs_assert(c, orphan->del);
521 rb_erase(&orphan->rb, &c->orph_tree);
522 list_del(&orphan->list);
523 c->tot_orphans -= 1;
524 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum);
525 kfree(orphan);
526 }
527 c->orph_dnext = NULL;
528 spin_unlock(&c->orphan_lock);
529}
530
531/**
532 * ubifs_orphan_end_commit - end commit of orphans.
533 * @c: UBIFS file-system description object
534 *
535 * End commit of orphans.
536 */
537int ubifs_orphan_end_commit(struct ubifs_info *c)
538{
539 int err;
540
541 if (c->cmt_orphans != 0) {
542 err = commit_orphans(c);
543 if (err)
544 return err;
545 }
546 erase_deleted(c);
547 err = dbg_check_orphans(c);
548 return err;
549}
550
551/**
552 * ubifs_clear_orphans - erase all LEBs used for orphans.
553 * @c: UBIFS file-system description object
554 *
555 * If recovery is not required, then the orphans from the previous session
556 * are not needed. This function locates the LEBs used to record
557 * orphans, and un-maps them.
558 */
559int ubifs_clear_orphans(struct ubifs_info *c)
560{
561 int lnum, err;
562
563 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
564 err = ubifs_leb_unmap(c, lnum);
565 if (err)
566 return err;
567 }
568 c->ohead_lnum = c->orph_first;
569 c->ohead_offs = 0;
570 return 0;
571}
572
573/**
574 * insert_dead_orphan - insert an orphan.
575 * @c: UBIFS file-system description object
576 * @inum: orphan inode number
577 *
578 * This function is a helper to the 'do_kill_orphans()' function. The orphan
579 * must be kept until the next commit, so it is added to the rb-tree and the
580 * deletion list.
581 */
582static int insert_dead_orphan(struct ubifs_info *c, ino_t inum)
583{
584 struct ubifs_orphan *orphan, *o;
585 struct rb_node **p, *parent = NULL;
586
587 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_KERNEL);
588 if (!orphan)
589 return -ENOMEM;
590 orphan->inum = inum;
591
592 p = &c->orph_tree.rb_node;
593 while (*p) {
594 parent = *p;
595 o = rb_entry(parent, struct ubifs_orphan, rb);
596 if (inum < o->inum)
597 p = &(*p)->rb_left;
598 else if (inum > o->inum)
599 p = &(*p)->rb_right;
600 else {
601 /* Already added - no problem */
602 kfree(orphan);
603 return 0;
604 }
605 }
606 c->tot_orphans += 1;
607 rb_link_node(&orphan->rb, parent, p);
608 rb_insert_color(&orphan->rb, &c->orph_tree);
609 list_add_tail(&orphan->list, &c->orph_list);
610 orphan->del = 1;
611 orphan->dnext = c->orph_dnext;
612 c->orph_dnext = orphan;
613 dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum,
614 c->new_orphans, c->tot_orphans);
615 return 0;
616}
617
618/**
619 * do_kill_orphans - remove orphan inodes from the index.
620 * @c: UBIFS file-system description object
621 * @sleb: scanned LEB
622 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here
623 * @outofdate: whether the LEB is out of date is returned here
624 * @last_flagged: whether the end orphan node is encountered
625 *
626 * This function is a helper to the 'kill_orphans()' function. It goes through
627 * every orphan node in a LEB and for every inode number recorded, removes
628 * all keys for that inode from the TNC.
629 */
630static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
631 unsigned long long *last_cmt_no, int *outofdate,
632 int *last_flagged)
633{
634 struct ubifs_scan_node *snod;
635 struct ubifs_orph_node *orph;
636 struct ubifs_ino_node *ino = NULL;
637 unsigned long long cmt_no;
638 ino_t inum;
639 int i, n, err, first = 1;
640
641 ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
642 if (!ino)
643 return -ENOMEM;
644
645 list_for_each_entry(snod, &sleb->nodes, list) {
646 if (snod->type != UBIFS_ORPH_NODE) {
647 ubifs_err(c, "invalid node type %d in orphan area at %d:%d",
648 snod->type, sleb->lnum, snod->offs);
649 ubifs_dump_node(c, snod->node,
650 c->leb_size - snod->offs);
651 err = -EINVAL;
652 goto out_free;
653 }
654
655 orph = snod->node;
656
657 /* Check commit number */
658 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX;
659 /*
660 * The commit number on the master node may be less, because
661 * of a failed commit. If there are several failed commits in a
662 * row, the commit number written on orphan nodes will continue
663 * to increase (because the commit number is adjusted here) even
664 * though the commit number on the master node stays the same
665 * because the master node has not been re-written.
666 */
667 if (cmt_no > c->cmt_no)
668 c->cmt_no = cmt_no;
669 if (cmt_no < *last_cmt_no && *last_flagged) {
670 /*
671 * The last orphan node had a higher commit number and
672 * was flagged as the last written for that commit
673 * number. That makes this orphan node, out of date.
674 */
675 if (!first) {
676 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d",
677 cmt_no, sleb->lnum, snod->offs);
678 ubifs_dump_node(c, snod->node,
679 c->leb_size - snod->offs);
680 err = -EINVAL;
681 goto out_free;
682 }
683 dbg_rcvry("out of date LEB %d", sleb->lnum);
684 *outofdate = 1;
685 err = 0;
686 goto out_free;
687 }
688
689 if (first)
690 first = 0;
691
692 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
693 for (i = 0; i < n; i++) {
694 union ubifs_key key1, key2;
695
696 inum = le64_to_cpu(orph->inos[i]);
697
698 ino_key_init(c, &key1, inum);
699 err = ubifs_tnc_lookup(c, &key1, ino);
700 if (err && err != -ENOENT)
701 goto out_free;
702
703 /*
704 * Check whether an inode can really get deleted.
705 * linkat() with O_TMPFILE allows rebirth of an inode.
706 */
707 if (err == 0 && ino->nlink == 0) {
708 dbg_rcvry("deleting orphaned inode %lu",
709 (unsigned long)inum);
710
711 lowest_ino_key(c, &key1, inum);
712 highest_ino_key(c, &key2, inum);
713
714 err = ubifs_tnc_remove_range(c, &key1, &key2);
715 if (err)
716 goto out_ro;
717 }
718
719 err = insert_dead_orphan(c, inum);
720 if (err)
721 goto out_free;
722 }
723
724 *last_cmt_no = cmt_no;
725 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) {
726 dbg_rcvry("last orph node for commit %llu at %d:%d",
727 cmt_no, sleb->lnum, snod->offs);
728 *last_flagged = 1;
729 } else
730 *last_flagged = 0;
731 }
732
733 err = 0;
734out_free:
735 kfree(ino);
736 return err;
737
738out_ro:
739 ubifs_ro_mode(c, err);
740 kfree(ino);
741 return err;
742}
743
744/**
745 * kill_orphans - remove all orphan inodes from the index.
746 * @c: UBIFS file-system description object
747 *
748 * If recovery is required, then orphan inodes recorded during the previous
749 * session (which ended with an unclean unmount) must be deleted from the index.
750 * This is done by updating the TNC, but since the index is not updated until
751 * the next commit, the LEBs where the orphan information is recorded are not
752 * erased until the next commit.
753 */
754static int kill_orphans(struct ubifs_info *c)
755{
756 unsigned long long last_cmt_no = 0;
757 int lnum, err = 0, outofdate = 0, last_flagged = 0;
758
759 c->ohead_lnum = c->orph_first;
760 c->ohead_offs = 0;
761 /* Check no-orphans flag and skip this if no orphans */
762 if (c->no_orphs) {
763 dbg_rcvry("no orphans");
764 return 0;
765 }
766 /*
767 * Orph nodes always start at c->orph_first and are written to each
768 * successive LEB in turn. Generally unused LEBs will have been unmapped
769 * but may contain out of date orphan nodes if the unmap didn't go
770 * through. In addition, the last orphan node written for each commit is
771 * marked (top bit of orph->cmt_no is set to 1). It is possible that
772 * there are orphan nodes from the next commit (i.e. the commit did not
773 * complete successfully). In that case, no orphans will have been lost
774 * due to the way that orphans are written, and any orphans added will
775 * be valid orphans anyway and so can be deleted.
776 */
777 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
778 struct ubifs_scan_leb *sleb;
779
780 dbg_rcvry("LEB %d", lnum);
781 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1);
782 if (IS_ERR(sleb)) {
783 if (PTR_ERR(sleb) == -EUCLEAN)
784 sleb = ubifs_recover_leb(c, lnum, 0,
785 c->sbuf, -1);
786 if (IS_ERR(sleb)) {
787 err = PTR_ERR(sleb);
788 break;
789 }
790 }
791 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate,
792 &last_flagged);
793 if (err || outofdate) {
794 ubifs_scan_destroy(sleb);
795 break;
796 }
797 if (sleb->endpt) {
798 c->ohead_lnum = lnum;
799 c->ohead_offs = sleb->endpt;
800 }
801 ubifs_scan_destroy(sleb);
802 }
803 return err;
804}
805
806/**
807 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them.
808 * @c: UBIFS file-system description object
809 * @unclean: indicates recovery from unclean unmount
810 * @read_only: indicates read only mount
811 *
812 * This function is called when mounting to erase orphans from the previous
813 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as
814 * orphans are deleted.
815 */
816int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only)
817{
818 int err = 0;
819
820 c->max_orphans = tot_avail_orphs(c);
821
822 if (!read_only) {
823 c->orph_buf = vmalloc(c->leb_size);
824 if (!c->orph_buf)
825 return -ENOMEM;
826 }
827
828 if (unclean)
829 err = kill_orphans(c);
830 else if (!read_only)
831 err = ubifs_clear_orphans(c);
832
833 return err;
834}
835
836/*
837 * Everything below is related to debugging.
838 */
839
840struct check_orphan {
841 struct rb_node rb;
842 ino_t inum;
843};
844
845struct check_info {
846 unsigned long last_ino;
847 unsigned long tot_inos;
848 unsigned long missing;
849 unsigned long long leaf_cnt;
850 struct ubifs_ino_node *node;
851 struct rb_root root;
852};
853
854static bool dbg_find_orphan(struct ubifs_info *c, ino_t inum)
855{
856 bool found = false;
857
858 spin_lock(&c->orphan_lock);
859 found = !!lookup_orphan(c, inum);
860 spin_unlock(&c->orphan_lock);
861
862 return found;
863}
864
865static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum)
866{
867 struct check_orphan *orphan, *o;
868 struct rb_node **p, *parent = NULL;
869
870 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS);
871 if (!orphan)
872 return -ENOMEM;
873 orphan->inum = inum;
874
875 p = &root->rb_node;
876 while (*p) {
877 parent = *p;
878 o = rb_entry(parent, struct check_orphan, rb);
879 if (inum < o->inum)
880 p = &(*p)->rb_left;
881 else if (inum > o->inum)
882 p = &(*p)->rb_right;
883 else {
884 kfree(orphan);
885 return 0;
886 }
887 }
888 rb_link_node(&orphan->rb, parent, p);
889 rb_insert_color(&orphan->rb, root);
890 return 0;
891}
892
893static int dbg_find_check_orphan(struct rb_root *root, ino_t inum)
894{
895 struct check_orphan *o;
896 struct rb_node *p;
897
898 p = root->rb_node;
899 while (p) {
900 o = rb_entry(p, struct check_orphan, rb);
901 if (inum < o->inum)
902 p = p->rb_left;
903 else if (inum > o->inum)
904 p = p->rb_right;
905 else
906 return 1;
907 }
908 return 0;
909}
910
911static void dbg_free_check_tree(struct rb_root *root)
912{
913 struct check_orphan *o, *n;
914
915 rbtree_postorder_for_each_entry_safe(o, n, root, rb)
916 kfree(o);
917}
918
919static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr,
920 void *priv)
921{
922 struct check_info *ci = priv;
923 ino_t inum;
924 int err;
925
926 inum = key_inum(c, &zbr->key);
927 if (inum != ci->last_ino) {
928 /* Lowest node type is the inode node, so it comes first */
929 if (key_type(c, &zbr->key) != UBIFS_INO_KEY)
930 ubifs_err(c, "found orphan node ino %lu, type %d",
931 (unsigned long)inum, key_type(c, &zbr->key));
932 ci->last_ino = inum;
933 ci->tot_inos += 1;
934 err = ubifs_tnc_read_node(c, zbr, ci->node);
935 if (err) {
936 ubifs_err(c, "node read failed, error %d", err);
937 return err;
938 }
939 if (ci->node->nlink == 0)
940 /* Must be recorded as an orphan */
941 if (!dbg_find_check_orphan(&ci->root, inum) &&
942 !dbg_find_orphan(c, inum)) {
943 ubifs_err(c, "missing orphan, ino %lu",
944 (unsigned long)inum);
945 ci->missing += 1;
946 }
947 }
948 ci->leaf_cnt += 1;
949 return 0;
950}
951
952static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb)
953{
954 struct ubifs_scan_node *snod;
955 struct ubifs_orph_node *orph;
956 ino_t inum;
957 int i, n, err;
958
959 list_for_each_entry(snod, &sleb->nodes, list) {
960 cond_resched();
961 if (snod->type != UBIFS_ORPH_NODE)
962 continue;
963 orph = snod->node;
964 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
965 for (i = 0; i < n; i++) {
966 inum = le64_to_cpu(orph->inos[i]);
967 err = dbg_ins_check_orphan(&ci->root, inum);
968 if (err)
969 return err;
970 }
971 }
972 return 0;
973}
974
975static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci)
976{
977 int lnum, err = 0;
978 void *buf;
979
980 /* Check no-orphans flag and skip this if no orphans */
981 if (c->no_orphs)
982 return 0;
983
984 buf = __vmalloc(c->leb_size, GFP_NOFS);
985 if (!buf) {
986 ubifs_err(c, "cannot allocate memory to check orphans");
987 return 0;
988 }
989
990 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
991 struct ubifs_scan_leb *sleb;
992
993 sleb = ubifs_scan(c, lnum, 0, buf, 0);
994 if (IS_ERR(sleb)) {
995 err = PTR_ERR(sleb);
996 break;
997 }
998
999 err = dbg_read_orphans(ci, sleb);
1000 ubifs_scan_destroy(sleb);
1001 if (err)
1002 break;
1003 }
1004
1005 vfree(buf);
1006 return err;
1007}
1008
1009static int dbg_check_orphans(struct ubifs_info *c)
1010{
1011 struct check_info ci;
1012 int err;
1013
1014 if (!dbg_is_chk_orph(c))
1015 return 0;
1016
1017 ci.last_ino = 0;
1018 ci.tot_inos = 0;
1019 ci.missing = 0;
1020 ci.leaf_cnt = 0;
1021 ci.root = RB_ROOT;
1022 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
1023 if (!ci.node) {
1024 ubifs_err(c, "out of memory");
1025 return -ENOMEM;
1026 }
1027
1028 err = dbg_scan_orphans(c, &ci);
1029 if (err)
1030 goto out;
1031
1032 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci);
1033 if (err) {
1034 ubifs_err(c, "cannot scan TNC, error %d", err);
1035 goto out;
1036 }
1037
1038 if (ci.missing) {
1039 ubifs_err(c, "%lu missing orphan(s)", ci.missing);
1040 err = -EINVAL;
1041 goto out;
1042 }
1043
1044 dbg_cmt("last inode number is %lu", ci.last_ino);
1045 dbg_cmt("total number of inodes is %lu", ci.tot_inos);
1046 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt);
1047
1048out:
1049 dbg_free_check_tree(&ci.root);
1050 kfree(ci.node);
1051 return err;
1052}