Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Authors: Adrian Hunter
8 * Artem Bityutskiy (Битюцкий Артём)
9 */
10
11/* This file implements TNC functions for committing */
12
13#include <linux/random.h>
14#include "ubifs.h"
15
16/**
17 * make_idx_node - make an index node for fill-the-gaps method of TNC commit.
18 * @c: UBIFS file-system description object
19 * @idx: buffer in which to place new index node
20 * @znode: znode from which to make new index node
21 * @lnum: LEB number where new index node will be written
22 * @offs: offset where new index node will be written
23 * @len: length of new index node
24 */
25static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
26 struct ubifs_znode *znode, int lnum, int offs, int len)
27{
28 struct ubifs_znode *zp;
29 u8 hash[UBIFS_HASH_ARR_SZ];
30 int i, err;
31
32 /* Make index node */
33 idx->ch.node_type = UBIFS_IDX_NODE;
34 idx->child_cnt = cpu_to_le16(znode->child_cnt);
35 idx->level = cpu_to_le16(znode->level);
36 for (i = 0; i < znode->child_cnt; i++) {
37 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
38 struct ubifs_zbranch *zbr = &znode->zbranch[i];
39
40 key_write_idx(c, &zbr->key, &br->key);
41 br->lnum = cpu_to_le32(zbr->lnum);
42 br->offs = cpu_to_le32(zbr->offs);
43 br->len = cpu_to_le32(zbr->len);
44 ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
45 if (!zbr->lnum || !zbr->len) {
46 ubifs_err(c, "bad ref in znode");
47 ubifs_dump_znode(c, znode);
48 if (zbr->znode)
49 ubifs_dump_znode(c, zbr->znode);
50
51 return -EINVAL;
52 }
53 }
54 ubifs_prepare_node(c, idx, len, 0);
55 ubifs_node_calc_hash(c, idx, hash);
56
57 znode->lnum = lnum;
58 znode->offs = offs;
59 znode->len = len;
60
61 err = insert_old_idx_znode(c, znode);
62
63 /* Update the parent */
64 zp = znode->parent;
65 if (zp) {
66 struct ubifs_zbranch *zbr;
67
68 zbr = &zp->zbranch[znode->iip];
69 zbr->lnum = lnum;
70 zbr->offs = offs;
71 zbr->len = len;
72 ubifs_copy_hash(c, hash, zbr->hash);
73 } else {
74 c->zroot.lnum = lnum;
75 c->zroot.offs = offs;
76 c->zroot.len = len;
77 ubifs_copy_hash(c, hash, c->zroot.hash);
78 }
79 c->calc_idx_sz += ALIGN(len, 8);
80
81 atomic_long_dec(&c->dirty_zn_cnt);
82
83 ubifs_assert(c, ubifs_zn_dirty(znode));
84 ubifs_assert(c, ubifs_zn_cow(znode));
85
86 /*
87 * Note, unlike 'write_index()' we do not add memory barriers here
88 * because this function is called with @c->tnc_mutex locked.
89 */
90 __clear_bit(DIRTY_ZNODE, &znode->flags);
91 __clear_bit(COW_ZNODE, &znode->flags);
92
93 return err;
94}
95
96/**
97 * fill_gap - make index nodes in gaps in dirty index LEBs.
98 * @c: UBIFS file-system description object
99 * @lnum: LEB number that gap appears in
100 * @gap_start: offset of start of gap
101 * @gap_end: offset of end of gap
102 * @dirt: adds dirty space to this
103 *
104 * This function returns the number of index nodes written into the gap.
105 */
106static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
107 int *dirt)
108{
109 int len, gap_remains, gap_pos, written, pad_len;
110
111 ubifs_assert(c, (gap_start & 7) == 0);
112 ubifs_assert(c, (gap_end & 7) == 0);
113 ubifs_assert(c, gap_end >= gap_start);
114
115 gap_remains = gap_end - gap_start;
116 if (!gap_remains)
117 return 0;
118 gap_pos = gap_start;
119 written = 0;
120 while (c->enext) {
121 len = ubifs_idx_node_sz(c, c->enext->child_cnt);
122 if (len < gap_remains) {
123 struct ubifs_znode *znode = c->enext;
124 const int alen = ALIGN(len, 8);
125 int err;
126
127 ubifs_assert(c, alen <= gap_remains);
128 err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
129 lnum, gap_pos, len);
130 if (err)
131 return err;
132 gap_remains -= alen;
133 gap_pos += alen;
134 c->enext = znode->cnext;
135 if (c->enext == c->cnext)
136 c->enext = NULL;
137 written += 1;
138 } else
139 break;
140 }
141 if (gap_end == c->leb_size) {
142 c->ileb_len = ALIGN(gap_pos, c->min_io_size);
143 /* Pad to end of min_io_size */
144 pad_len = c->ileb_len - gap_pos;
145 } else
146 /* Pad to end of gap */
147 pad_len = gap_remains;
148 dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
149 lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
150 ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
151 *dirt += pad_len;
152 return written;
153}
154
155/**
156 * find_old_idx - find an index node obsoleted since the last commit start.
157 * @c: UBIFS file-system description object
158 * @lnum: LEB number of obsoleted index node
159 * @offs: offset of obsoleted index node
160 *
161 * Returns %1 if found and %0 otherwise.
162 */
163static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
164{
165 struct ubifs_old_idx *o;
166 struct rb_node *p;
167
168 p = c->old_idx.rb_node;
169 while (p) {
170 o = rb_entry(p, struct ubifs_old_idx, rb);
171 if (lnum < o->lnum)
172 p = p->rb_left;
173 else if (lnum > o->lnum)
174 p = p->rb_right;
175 else if (offs < o->offs)
176 p = p->rb_left;
177 else if (offs > o->offs)
178 p = p->rb_right;
179 else
180 return 1;
181 }
182 return 0;
183}
184
185/**
186 * is_idx_node_in_use - determine if an index node can be overwritten.
187 * @c: UBIFS file-system description object
188 * @key: key of index node
189 * @level: index node level
190 * @lnum: LEB number of index node
191 * @offs: offset of index node
192 *
193 * If @key / @lnum / @offs identify an index node that was not part of the old
194 * index, then this function returns %0 (obsolete). Else if the index node was
195 * part of the old index but is now dirty %1 is returned, else if it is clean %2
196 * is returned. A negative error code is returned on failure.
197 */
198static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
199 int level, int lnum, int offs)
200{
201 int ret;
202
203 ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
204 if (ret < 0)
205 return ret; /* Error code */
206 if (ret == 0)
207 if (find_old_idx(c, lnum, offs))
208 return 1;
209 return ret;
210}
211
212/**
213 * layout_leb_in_gaps - layout index nodes using in-the-gaps method.
214 * @c: UBIFS file-system description object
215 * @p: return LEB number here
216 *
217 * This function lays out new index nodes for dirty znodes using in-the-gaps
218 * method of TNC commit.
219 * This function merely puts the next znode into the next gap, making no attempt
220 * to try to maximise the number of znodes that fit.
221 * This function returns the number of index nodes written into the gaps, or a
222 * negative error code on failure.
223 */
224static int layout_leb_in_gaps(struct ubifs_info *c, int *p)
225{
226 struct ubifs_scan_leb *sleb;
227 struct ubifs_scan_node *snod;
228 int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
229
230 tot_written = 0;
231 /* Get an index LEB with lots of obsolete index nodes */
232 lnum = ubifs_find_dirty_idx_leb(c);
233 if (lnum < 0)
234 /*
235 * There also may be dirt in the index head that could be
236 * filled, however we do not check there at present.
237 */
238 return lnum; /* Error code */
239 *p = lnum;
240 dbg_gc("LEB %d", lnum);
241 /*
242 * Scan the index LEB. We use the generic scan for this even though
243 * it is more comprehensive and less efficient than is needed for this
244 * purpose.
245 */
246 sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
247 c->ileb_len = 0;
248 if (IS_ERR(sleb))
249 return PTR_ERR(sleb);
250 gap_start = 0;
251 list_for_each_entry(snod, &sleb->nodes, list) {
252 struct ubifs_idx_node *idx;
253 int in_use, level;
254
255 ubifs_assert(c, snod->type == UBIFS_IDX_NODE);
256 idx = snod->node;
257 key_read(c, ubifs_idx_key(c, idx), &snod->key);
258 level = le16_to_cpu(idx->level);
259 /* Determine if the index node is in use (not obsolete) */
260 in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
261 snod->offs);
262 if (in_use < 0) {
263 ubifs_scan_destroy(sleb);
264 return in_use; /* Error code */
265 }
266 if (in_use) {
267 if (in_use == 1)
268 dirt += ALIGN(snod->len, 8);
269 /*
270 * The obsolete index nodes form gaps that can be
271 * overwritten. This gap has ended because we have
272 * found an index node that is still in use
273 * i.e. not obsolete
274 */
275 gap_end = snod->offs;
276 /* Try to fill gap */
277 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
278 if (written < 0) {
279 ubifs_scan_destroy(sleb);
280 return written; /* Error code */
281 }
282 tot_written += written;
283 gap_start = ALIGN(snod->offs + snod->len, 8);
284 }
285 }
286 ubifs_scan_destroy(sleb);
287 c->ileb_len = c->leb_size;
288 gap_end = c->leb_size;
289 /* Try to fill gap */
290 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
291 if (written < 0)
292 return written; /* Error code */
293 tot_written += written;
294 if (tot_written == 0) {
295 struct ubifs_lprops lp;
296
297 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
298 err = ubifs_read_one_lp(c, lnum, &lp);
299 if (err)
300 return err;
301 if (lp.free == c->leb_size) {
302 /*
303 * We must have snatched this LEB from the idx_gc list
304 * so we need to correct the free and dirty space.
305 */
306 err = ubifs_change_one_lp(c, lnum,
307 c->leb_size - c->ileb_len,
308 dirt, 0, 0, 0);
309 if (err)
310 return err;
311 }
312 return 0;
313 }
314 err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
315 0, 0, 0);
316 if (err)
317 return err;
318 err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
319 if (err)
320 return err;
321 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
322 return tot_written;
323}
324
325/**
326 * get_leb_cnt - calculate the number of empty LEBs needed to commit.
327 * @c: UBIFS file-system description object
328 * @cnt: number of znodes to commit
329 *
330 * This function returns the number of empty LEBs needed to commit @cnt znodes
331 * to the current index head. The number is not exact and may be more than
332 * needed.
333 */
334static int get_leb_cnt(struct ubifs_info *c, int cnt)
335{
336 int d;
337
338 /* Assume maximum index node size (i.e. overestimate space needed) */
339 cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
340 if (cnt < 0)
341 cnt = 0;
342 d = c->leb_size / c->max_idx_node_sz;
343 return DIV_ROUND_UP(cnt, d);
344}
345
346/**
347 * layout_in_gaps - in-the-gaps method of committing TNC.
348 * @c: UBIFS file-system description object
349 * @cnt: number of dirty znodes to commit.
350 *
351 * This function lays out new index nodes for dirty znodes using in-the-gaps
352 * method of TNC commit.
353 *
354 * This function returns %0 on success and a negative error code on failure.
355 */
356static int layout_in_gaps(struct ubifs_info *c, int cnt)
357{
358 int err, leb_needed_cnt, written, *p;
359
360 dbg_gc("%d znodes to write", cnt);
361
362 c->gap_lebs = kmalloc_array(c->lst.idx_lebs + 1, sizeof(int),
363 GFP_NOFS);
364 if (!c->gap_lebs)
365 return -ENOMEM;
366
367 p = c->gap_lebs;
368 do {
369 ubifs_assert(c, p < c->gap_lebs + c->lst.idx_lebs);
370 written = layout_leb_in_gaps(c, p);
371 if (written < 0) {
372 err = written;
373 if (err != -ENOSPC) {
374 kfree(c->gap_lebs);
375 c->gap_lebs = NULL;
376 return err;
377 }
378 if (!dbg_is_chk_index(c)) {
379 /*
380 * Do not print scary warnings if the debugging
381 * option which forces in-the-gaps is enabled.
382 */
383 ubifs_warn(c, "out of space");
384 ubifs_dump_budg(c, &c->bi);
385 ubifs_dump_lprops(c);
386 }
387 /* Try to commit anyway */
388 break;
389 }
390 p++;
391 cnt -= written;
392 leb_needed_cnt = get_leb_cnt(c, cnt);
393 dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
394 leb_needed_cnt, c->ileb_cnt);
395 } while (leb_needed_cnt > c->ileb_cnt);
396
397 *p = -1;
398 return 0;
399}
400
401/**
402 * layout_in_empty_space - layout index nodes in empty space.
403 * @c: UBIFS file-system description object
404 *
405 * This function lays out new index nodes for dirty znodes using empty LEBs.
406 *
407 * This function returns %0 on success and a negative error code on failure.
408 */
409static int layout_in_empty_space(struct ubifs_info *c)
410{
411 struct ubifs_znode *znode, *cnext, *zp;
412 int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
413 int wlen, blen, err;
414
415 cnext = c->enext;
416 if (!cnext)
417 return 0;
418
419 lnum = c->ihead_lnum;
420 buf_offs = c->ihead_offs;
421
422 buf_len = ubifs_idx_node_sz(c, c->fanout);
423 buf_len = ALIGN(buf_len, c->min_io_size);
424 used = 0;
425 avail = buf_len;
426
427 /* Ensure there is enough room for first write */
428 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
429 if (buf_offs + next_len > c->leb_size)
430 lnum = -1;
431
432 while (1) {
433 znode = cnext;
434
435 len = ubifs_idx_node_sz(c, znode->child_cnt);
436
437 /* Determine the index node position */
438 if (lnum == -1) {
439 if (c->ileb_nxt >= c->ileb_cnt) {
440 ubifs_err(c, "out of space");
441 return -ENOSPC;
442 }
443 lnum = c->ilebs[c->ileb_nxt++];
444 buf_offs = 0;
445 used = 0;
446 avail = buf_len;
447 }
448
449 offs = buf_offs + used;
450
451 znode->lnum = lnum;
452 znode->offs = offs;
453 znode->len = len;
454
455 /* Update the parent */
456 zp = znode->parent;
457 if (zp) {
458 struct ubifs_zbranch *zbr;
459 int i;
460
461 i = znode->iip;
462 zbr = &zp->zbranch[i];
463 zbr->lnum = lnum;
464 zbr->offs = offs;
465 zbr->len = len;
466 } else {
467 c->zroot.lnum = lnum;
468 c->zroot.offs = offs;
469 c->zroot.len = len;
470 }
471 c->calc_idx_sz += ALIGN(len, 8);
472
473 /*
474 * Once lprops is updated, we can decrease the dirty znode count
475 * but it is easier to just do it here.
476 */
477 atomic_long_dec(&c->dirty_zn_cnt);
478
479 /*
480 * Calculate the next index node length to see if there is
481 * enough room for it
482 */
483 cnext = znode->cnext;
484 if (cnext == c->cnext)
485 next_len = 0;
486 else
487 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
488
489 /* Update buffer positions */
490 wlen = used + len;
491 used += ALIGN(len, 8);
492 avail -= ALIGN(len, 8);
493
494 if (next_len != 0 &&
495 buf_offs + used + next_len <= c->leb_size &&
496 avail > 0)
497 continue;
498
499 if (avail <= 0 && next_len &&
500 buf_offs + used + next_len <= c->leb_size)
501 blen = buf_len;
502 else
503 blen = ALIGN(wlen, c->min_io_size);
504
505 /* The buffer is full or there are no more znodes to do */
506 buf_offs += blen;
507 if (next_len) {
508 if (buf_offs + next_len > c->leb_size) {
509 err = ubifs_update_one_lp(c, lnum,
510 c->leb_size - buf_offs, blen - used,
511 0, 0);
512 if (err)
513 return err;
514 lnum = -1;
515 }
516 used -= blen;
517 if (used < 0)
518 used = 0;
519 avail = buf_len - used;
520 continue;
521 }
522 err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
523 blen - used, 0, 0);
524 if (err)
525 return err;
526 break;
527 }
528
529 c->dbg->new_ihead_lnum = lnum;
530 c->dbg->new_ihead_offs = buf_offs;
531
532 return 0;
533}
534
535/**
536 * layout_commit - determine positions of index nodes to commit.
537 * @c: UBIFS file-system description object
538 * @no_space: indicates that insufficient empty LEBs were allocated
539 * @cnt: number of znodes to commit
540 *
541 * Calculate and update the positions of index nodes to commit. If there were
542 * an insufficient number of empty LEBs allocated, then index nodes are placed
543 * into the gaps created by obsolete index nodes in non-empty index LEBs. For
544 * this purpose, an obsolete index node is one that was not in the index as at
545 * the end of the last commit. To write "in-the-gaps" requires that those index
546 * LEBs are updated atomically in-place.
547 */
548static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
549{
550 int err;
551
552 if (no_space) {
553 err = layout_in_gaps(c, cnt);
554 if (err)
555 return err;
556 }
557 err = layout_in_empty_space(c);
558 return err;
559}
560
561/**
562 * find_first_dirty - find first dirty znode.
563 * @znode: znode to begin searching from
564 */
565static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
566{
567 int i, cont;
568
569 if (!znode)
570 return NULL;
571
572 while (1) {
573 if (znode->level == 0) {
574 if (ubifs_zn_dirty(znode))
575 return znode;
576 return NULL;
577 }
578 cont = 0;
579 for (i = 0; i < znode->child_cnt; i++) {
580 struct ubifs_zbranch *zbr = &znode->zbranch[i];
581
582 if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
583 znode = zbr->znode;
584 cont = 1;
585 break;
586 }
587 }
588 if (!cont) {
589 if (ubifs_zn_dirty(znode))
590 return znode;
591 return NULL;
592 }
593 }
594}
595
596/**
597 * find_next_dirty - find next dirty znode.
598 * @znode: znode to begin searching from
599 */
600static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
601{
602 int n = znode->iip + 1;
603
604 znode = znode->parent;
605 if (!znode)
606 return NULL;
607 for (; n < znode->child_cnt; n++) {
608 struct ubifs_zbranch *zbr = &znode->zbranch[n];
609
610 if (zbr->znode && ubifs_zn_dirty(zbr->znode))
611 return find_first_dirty(zbr->znode);
612 }
613 return znode;
614}
615
616/**
617 * get_znodes_to_commit - create list of dirty znodes to commit.
618 * @c: UBIFS file-system description object
619 *
620 * This function returns the number of znodes to commit.
621 */
622static int get_znodes_to_commit(struct ubifs_info *c)
623{
624 struct ubifs_znode *znode, *cnext;
625 int cnt = 0;
626
627 c->cnext = find_first_dirty(c->zroot.znode);
628 znode = c->enext = c->cnext;
629 if (!znode) {
630 dbg_cmt("no znodes to commit");
631 return 0;
632 }
633 cnt += 1;
634 while (1) {
635 ubifs_assert(c, !ubifs_zn_cow(znode));
636 __set_bit(COW_ZNODE, &znode->flags);
637 znode->alt = 0;
638 cnext = find_next_dirty(znode);
639 if (!cnext) {
640 znode->cnext = c->cnext;
641 break;
642 }
643 znode->cparent = znode->parent;
644 znode->ciip = znode->iip;
645 znode->cnext = cnext;
646 znode = cnext;
647 cnt += 1;
648 }
649 dbg_cmt("committing %d znodes", cnt);
650 ubifs_assert(c, cnt == atomic_long_read(&c->dirty_zn_cnt));
651 return cnt;
652}
653
654/**
655 * alloc_idx_lebs - allocate empty LEBs to be used to commit.
656 * @c: UBIFS file-system description object
657 * @cnt: number of znodes to commit
658 *
659 * This function returns %-ENOSPC if it cannot allocate a sufficient number of
660 * empty LEBs. %0 is returned on success, otherwise a negative error code
661 * is returned.
662 */
663static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
664{
665 int i, leb_cnt, lnum;
666
667 c->ileb_cnt = 0;
668 c->ileb_nxt = 0;
669 leb_cnt = get_leb_cnt(c, cnt);
670 dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
671 if (!leb_cnt)
672 return 0;
673 c->ilebs = kmalloc_array(leb_cnt, sizeof(int), GFP_NOFS);
674 if (!c->ilebs)
675 return -ENOMEM;
676 for (i = 0; i < leb_cnt; i++) {
677 lnum = ubifs_find_free_leb_for_idx(c);
678 if (lnum < 0)
679 return lnum;
680 c->ilebs[c->ileb_cnt++] = lnum;
681 dbg_cmt("LEB %d", lnum);
682 }
683 if (dbg_is_chk_index(c) && !(prandom_u32() & 7))
684 return -ENOSPC;
685 return 0;
686}
687
688/**
689 * free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
690 * @c: UBIFS file-system description object
691 *
692 * It is possible that we allocate more empty LEBs for the commit than we need.
693 * This functions frees the surplus.
694 *
695 * This function returns %0 on success and a negative error code on failure.
696 */
697static int free_unused_idx_lebs(struct ubifs_info *c)
698{
699 int i, err = 0, lnum, er;
700
701 for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
702 lnum = c->ilebs[i];
703 dbg_cmt("LEB %d", lnum);
704 er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
705 LPROPS_INDEX | LPROPS_TAKEN, 0);
706 if (!err)
707 err = er;
708 }
709 return err;
710}
711
712/**
713 * free_idx_lebs - free unused LEBs after commit end.
714 * @c: UBIFS file-system description object
715 *
716 * This function returns %0 on success and a negative error code on failure.
717 */
718static int free_idx_lebs(struct ubifs_info *c)
719{
720 int err;
721
722 err = free_unused_idx_lebs(c);
723 kfree(c->ilebs);
724 c->ilebs = NULL;
725 return err;
726}
727
728/**
729 * ubifs_tnc_start_commit - start TNC commit.
730 * @c: UBIFS file-system description object
731 * @zroot: new index root position is returned here
732 *
733 * This function prepares the list of indexing nodes to commit and lays out
734 * their positions on flash. If there is not enough free space it uses the
735 * in-gap commit method. Returns zero in case of success and a negative error
736 * code in case of failure.
737 */
738int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
739{
740 int err = 0, cnt;
741
742 mutex_lock(&c->tnc_mutex);
743 err = dbg_check_tnc(c, 1);
744 if (err)
745 goto out;
746 cnt = get_znodes_to_commit(c);
747 if (cnt != 0) {
748 int no_space = 0;
749
750 err = alloc_idx_lebs(c, cnt);
751 if (err == -ENOSPC)
752 no_space = 1;
753 else if (err)
754 goto out_free;
755 err = layout_commit(c, no_space, cnt);
756 if (err)
757 goto out_free;
758 ubifs_assert(c, atomic_long_read(&c->dirty_zn_cnt) == 0);
759 err = free_unused_idx_lebs(c);
760 if (err)
761 goto out;
762 }
763 destroy_old_idx(c);
764 memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
765
766 err = ubifs_save_dirty_idx_lnums(c);
767 if (err)
768 goto out;
769
770 spin_lock(&c->space_lock);
771 /*
772 * Although we have not finished committing yet, update size of the
773 * committed index ('c->bi.old_idx_sz') and zero out the index growth
774 * budget. It is OK to do this now, because we've reserved all the
775 * space which is needed to commit the index, and it is save for the
776 * budgeting subsystem to assume the index is already committed,
777 * even though it is not.
778 */
779 ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
780 c->bi.old_idx_sz = c->calc_idx_sz;
781 c->bi.uncommitted_idx = 0;
782 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
783 spin_unlock(&c->space_lock);
784 mutex_unlock(&c->tnc_mutex);
785
786 dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
787 dbg_cmt("size of index %llu", c->calc_idx_sz);
788 return err;
789
790out_free:
791 free_idx_lebs(c);
792out:
793 mutex_unlock(&c->tnc_mutex);
794 return err;
795}
796
797/**
798 * write_index - write index nodes.
799 * @c: UBIFS file-system description object
800 *
801 * This function writes the index nodes whose positions were laid out in the
802 * layout_in_empty_space function.
803 */
804static int write_index(struct ubifs_info *c)
805{
806 struct ubifs_idx_node *idx;
807 struct ubifs_znode *znode, *cnext;
808 int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
809 int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
810
811 cnext = c->enext;
812 if (!cnext)
813 return 0;
814
815 /*
816 * Always write index nodes to the index head so that index nodes and
817 * other types of nodes are never mixed in the same erase block.
818 */
819 lnum = c->ihead_lnum;
820 buf_offs = c->ihead_offs;
821
822 /* Allocate commit buffer */
823 buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
824 used = 0;
825 avail = buf_len;
826
827 /* Ensure there is enough room for first write */
828 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
829 if (buf_offs + next_len > c->leb_size) {
830 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
831 LPROPS_TAKEN);
832 if (err)
833 return err;
834 lnum = -1;
835 }
836
837 while (1) {
838 u8 hash[UBIFS_HASH_ARR_SZ];
839
840 cond_resched();
841
842 znode = cnext;
843 idx = c->cbuf + used;
844
845 /* Make index node */
846 idx->ch.node_type = UBIFS_IDX_NODE;
847 idx->child_cnt = cpu_to_le16(znode->child_cnt);
848 idx->level = cpu_to_le16(znode->level);
849 for (i = 0; i < znode->child_cnt; i++) {
850 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
851 struct ubifs_zbranch *zbr = &znode->zbranch[i];
852
853 key_write_idx(c, &zbr->key, &br->key);
854 br->lnum = cpu_to_le32(zbr->lnum);
855 br->offs = cpu_to_le32(zbr->offs);
856 br->len = cpu_to_le32(zbr->len);
857 ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
858 if (!zbr->lnum || !zbr->len) {
859 ubifs_err(c, "bad ref in znode");
860 ubifs_dump_znode(c, znode);
861 if (zbr->znode)
862 ubifs_dump_znode(c, zbr->znode);
863
864 return -EINVAL;
865 }
866 }
867 len = ubifs_idx_node_sz(c, znode->child_cnt);
868 ubifs_prepare_node(c, idx, len, 0);
869 ubifs_node_calc_hash(c, idx, hash);
870
871 mutex_lock(&c->tnc_mutex);
872
873 if (znode->cparent)
874 ubifs_copy_hash(c, hash,
875 znode->cparent->zbranch[znode->ciip].hash);
876
877 if (znode->parent) {
878 if (!ubifs_zn_obsolete(znode))
879 ubifs_copy_hash(c, hash,
880 znode->parent->zbranch[znode->iip].hash);
881 } else {
882 ubifs_copy_hash(c, hash, c->zroot.hash);
883 }
884
885 mutex_unlock(&c->tnc_mutex);
886
887 /* Determine the index node position */
888 if (lnum == -1) {
889 lnum = c->ilebs[lnum_pos++];
890 buf_offs = 0;
891 used = 0;
892 avail = buf_len;
893 }
894 offs = buf_offs + used;
895
896 if (lnum != znode->lnum || offs != znode->offs ||
897 len != znode->len) {
898 ubifs_err(c, "inconsistent znode posn");
899 return -EINVAL;
900 }
901
902 /* Grab some stuff from znode while we still can */
903 cnext = znode->cnext;
904
905 ubifs_assert(c, ubifs_zn_dirty(znode));
906 ubifs_assert(c, ubifs_zn_cow(znode));
907
908 /*
909 * It is important that other threads should see %DIRTY_ZNODE
910 * flag cleared before %COW_ZNODE. Specifically, it matters in
911 * the 'dirty_cow_znode()' function. This is the reason for the
912 * first barrier. Also, we want the bit changes to be seen to
913 * other threads ASAP, to avoid unnecesarry copying, which is
914 * the reason for the second barrier.
915 */
916 clear_bit(DIRTY_ZNODE, &znode->flags);
917 smp_mb__before_atomic();
918 clear_bit(COW_ZNODE, &znode->flags);
919 smp_mb__after_atomic();
920
921 /*
922 * We have marked the znode as clean but have not updated the
923 * @c->clean_zn_cnt counter. If this znode becomes dirty again
924 * before 'free_obsolete_znodes()' is called, then
925 * @c->clean_zn_cnt will be decremented before it gets
926 * incremented (resulting in 2 decrements for the same znode).
927 * This means that @c->clean_zn_cnt may become negative for a
928 * while.
929 *
930 * Q: why we cannot increment @c->clean_zn_cnt?
931 * A: because we do not have the @c->tnc_mutex locked, and the
932 * following code would be racy and buggy:
933 *
934 * if (!ubifs_zn_obsolete(znode)) {
935 * atomic_long_inc(&c->clean_zn_cnt);
936 * atomic_long_inc(&ubifs_clean_zn_cnt);
937 * }
938 *
939 * Thus, we just delay the @c->clean_zn_cnt update until we
940 * have the mutex locked.
941 */
942
943 /* Do not access znode from this point on */
944
945 /* Update buffer positions */
946 wlen = used + len;
947 used += ALIGN(len, 8);
948 avail -= ALIGN(len, 8);
949
950 /*
951 * Calculate the next index node length to see if there is
952 * enough room for it
953 */
954 if (cnext == c->cnext)
955 next_len = 0;
956 else
957 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
958
959 nxt_offs = buf_offs + used + next_len;
960 if (next_len && nxt_offs <= c->leb_size) {
961 if (avail > 0)
962 continue;
963 else
964 blen = buf_len;
965 } else {
966 wlen = ALIGN(wlen, 8);
967 blen = ALIGN(wlen, c->min_io_size);
968 ubifs_pad(c, c->cbuf + wlen, blen - wlen);
969 }
970
971 /* The buffer is full or there are no more znodes to do */
972 err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
973 if (err)
974 return err;
975 buf_offs += blen;
976 if (next_len) {
977 if (nxt_offs > c->leb_size) {
978 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
979 0, LPROPS_TAKEN);
980 if (err)
981 return err;
982 lnum = -1;
983 }
984 used -= blen;
985 if (used < 0)
986 used = 0;
987 avail = buf_len - used;
988 memmove(c->cbuf, c->cbuf + blen, used);
989 continue;
990 }
991 break;
992 }
993
994 if (lnum != c->dbg->new_ihead_lnum ||
995 buf_offs != c->dbg->new_ihead_offs) {
996 ubifs_err(c, "inconsistent ihead");
997 return -EINVAL;
998 }
999
1000 c->ihead_lnum = lnum;
1001 c->ihead_offs = buf_offs;
1002
1003 return 0;
1004}
1005
1006/**
1007 * free_obsolete_znodes - free obsolete znodes.
1008 * @c: UBIFS file-system description object
1009 *
1010 * At the end of commit end, obsolete znodes are freed.
1011 */
1012static void free_obsolete_znodes(struct ubifs_info *c)
1013{
1014 struct ubifs_znode *znode, *cnext;
1015
1016 cnext = c->cnext;
1017 do {
1018 znode = cnext;
1019 cnext = znode->cnext;
1020 if (ubifs_zn_obsolete(znode))
1021 kfree(znode);
1022 else {
1023 znode->cnext = NULL;
1024 atomic_long_inc(&c->clean_zn_cnt);
1025 atomic_long_inc(&ubifs_clean_zn_cnt);
1026 }
1027 } while (cnext != c->cnext);
1028}
1029
1030/**
1031 * return_gap_lebs - return LEBs used by the in-gap commit method.
1032 * @c: UBIFS file-system description object
1033 *
1034 * This function clears the "taken" flag for the LEBs which were used by the
1035 * "commit in-the-gaps" method.
1036 */
1037static int return_gap_lebs(struct ubifs_info *c)
1038{
1039 int *p, err;
1040
1041 if (!c->gap_lebs)
1042 return 0;
1043
1044 dbg_cmt("");
1045 for (p = c->gap_lebs; *p != -1; p++) {
1046 err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
1047 LPROPS_TAKEN, 0);
1048 if (err)
1049 return err;
1050 }
1051
1052 kfree(c->gap_lebs);
1053 c->gap_lebs = NULL;
1054 return 0;
1055}
1056
1057/**
1058 * ubifs_tnc_end_commit - update the TNC for commit end.
1059 * @c: UBIFS file-system description object
1060 *
1061 * Write the dirty znodes.
1062 */
1063int ubifs_tnc_end_commit(struct ubifs_info *c)
1064{
1065 int err;
1066
1067 if (!c->cnext)
1068 return 0;
1069
1070 err = return_gap_lebs(c);
1071 if (err)
1072 return err;
1073
1074 err = write_index(c);
1075 if (err)
1076 return err;
1077
1078 mutex_lock(&c->tnc_mutex);
1079
1080 dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
1081
1082 free_obsolete_znodes(c);
1083
1084 c->cnext = NULL;
1085 kfree(c->ilebs);
1086 c->ilebs = NULL;
1087
1088 mutex_unlock(&c->tnc_mutex);
1089
1090 return 0;
1091}
1/*
2 * This file is part of UBIFS.
3 *
4 * Copyright (C) 2006-2008 Nokia Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published by
8 * the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 *
19 * Authors: Adrian Hunter
20 * Artem Bityutskiy (Битюцкий Артём)
21 */
22
23/* This file implements TNC functions for committing */
24
25#include <linux/random.h>
26#include "ubifs.h"
27
28/**
29 * make_idx_node - make an index node for fill-the-gaps method of TNC commit.
30 * @c: UBIFS file-system description object
31 * @idx: buffer in which to place new index node
32 * @znode: znode from which to make new index node
33 * @lnum: LEB number where new index node will be written
34 * @offs: offset where new index node will be written
35 * @len: length of new index node
36 */
37static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
38 struct ubifs_znode *znode, int lnum, int offs, int len)
39{
40 struct ubifs_znode *zp;
41 int i, err;
42
43 /* Make index node */
44 idx->ch.node_type = UBIFS_IDX_NODE;
45 idx->child_cnt = cpu_to_le16(znode->child_cnt);
46 idx->level = cpu_to_le16(znode->level);
47 for (i = 0; i < znode->child_cnt; i++) {
48 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
49 struct ubifs_zbranch *zbr = &znode->zbranch[i];
50
51 key_write_idx(c, &zbr->key, &br->key);
52 br->lnum = cpu_to_le32(zbr->lnum);
53 br->offs = cpu_to_le32(zbr->offs);
54 br->len = cpu_to_le32(zbr->len);
55 if (!zbr->lnum || !zbr->len) {
56 ubifs_err(c, "bad ref in znode");
57 ubifs_dump_znode(c, znode);
58 if (zbr->znode)
59 ubifs_dump_znode(c, zbr->znode);
60
61 return -EINVAL;
62 }
63 }
64 ubifs_prepare_node(c, idx, len, 0);
65
66 znode->lnum = lnum;
67 znode->offs = offs;
68 znode->len = len;
69
70 err = insert_old_idx_znode(c, znode);
71
72 /* Update the parent */
73 zp = znode->parent;
74 if (zp) {
75 struct ubifs_zbranch *zbr;
76
77 zbr = &zp->zbranch[znode->iip];
78 zbr->lnum = lnum;
79 zbr->offs = offs;
80 zbr->len = len;
81 } else {
82 c->zroot.lnum = lnum;
83 c->zroot.offs = offs;
84 c->zroot.len = len;
85 }
86 c->calc_idx_sz += ALIGN(len, 8);
87
88 atomic_long_dec(&c->dirty_zn_cnt);
89
90 ubifs_assert(ubifs_zn_dirty(znode));
91 ubifs_assert(ubifs_zn_cow(znode));
92
93 /*
94 * Note, unlike 'write_index()' we do not add memory barriers here
95 * because this function is called with @c->tnc_mutex locked.
96 */
97 __clear_bit(DIRTY_ZNODE, &znode->flags);
98 __clear_bit(COW_ZNODE, &znode->flags);
99
100 return err;
101}
102
103/**
104 * fill_gap - make index nodes in gaps in dirty index LEBs.
105 * @c: UBIFS file-system description object
106 * @lnum: LEB number that gap appears in
107 * @gap_start: offset of start of gap
108 * @gap_end: offset of end of gap
109 * @dirt: adds dirty space to this
110 *
111 * This function returns the number of index nodes written into the gap.
112 */
113static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
114 int *dirt)
115{
116 int len, gap_remains, gap_pos, written, pad_len;
117
118 ubifs_assert((gap_start & 7) == 0);
119 ubifs_assert((gap_end & 7) == 0);
120 ubifs_assert(gap_end >= gap_start);
121
122 gap_remains = gap_end - gap_start;
123 if (!gap_remains)
124 return 0;
125 gap_pos = gap_start;
126 written = 0;
127 while (c->enext) {
128 len = ubifs_idx_node_sz(c, c->enext->child_cnt);
129 if (len < gap_remains) {
130 struct ubifs_znode *znode = c->enext;
131 const int alen = ALIGN(len, 8);
132 int err;
133
134 ubifs_assert(alen <= gap_remains);
135 err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
136 lnum, gap_pos, len);
137 if (err)
138 return err;
139 gap_remains -= alen;
140 gap_pos += alen;
141 c->enext = znode->cnext;
142 if (c->enext == c->cnext)
143 c->enext = NULL;
144 written += 1;
145 } else
146 break;
147 }
148 if (gap_end == c->leb_size) {
149 c->ileb_len = ALIGN(gap_pos, c->min_io_size);
150 /* Pad to end of min_io_size */
151 pad_len = c->ileb_len - gap_pos;
152 } else
153 /* Pad to end of gap */
154 pad_len = gap_remains;
155 dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
156 lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
157 ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
158 *dirt += pad_len;
159 return written;
160}
161
162/**
163 * find_old_idx - find an index node obsoleted since the last commit start.
164 * @c: UBIFS file-system description object
165 * @lnum: LEB number of obsoleted index node
166 * @offs: offset of obsoleted index node
167 *
168 * Returns %1 if found and %0 otherwise.
169 */
170static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
171{
172 struct ubifs_old_idx *o;
173 struct rb_node *p;
174
175 p = c->old_idx.rb_node;
176 while (p) {
177 o = rb_entry(p, struct ubifs_old_idx, rb);
178 if (lnum < o->lnum)
179 p = p->rb_left;
180 else if (lnum > o->lnum)
181 p = p->rb_right;
182 else if (offs < o->offs)
183 p = p->rb_left;
184 else if (offs > o->offs)
185 p = p->rb_right;
186 else
187 return 1;
188 }
189 return 0;
190}
191
192/**
193 * is_idx_node_in_use - determine if an index node can be overwritten.
194 * @c: UBIFS file-system description object
195 * @key: key of index node
196 * @level: index node level
197 * @lnum: LEB number of index node
198 * @offs: offset of index node
199 *
200 * If @key / @lnum / @offs identify an index node that was not part of the old
201 * index, then this function returns %0 (obsolete). Else if the index node was
202 * part of the old index but is now dirty %1 is returned, else if it is clean %2
203 * is returned. A negative error code is returned on failure.
204 */
205static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
206 int level, int lnum, int offs)
207{
208 int ret;
209
210 ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
211 if (ret < 0)
212 return ret; /* Error code */
213 if (ret == 0)
214 if (find_old_idx(c, lnum, offs))
215 return 1;
216 return ret;
217}
218
219/**
220 * layout_leb_in_gaps - layout index nodes using in-the-gaps method.
221 * @c: UBIFS file-system description object
222 * @p: return LEB number here
223 *
224 * This function lays out new index nodes for dirty znodes using in-the-gaps
225 * method of TNC commit.
226 * This function merely puts the next znode into the next gap, making no attempt
227 * to try to maximise the number of znodes that fit.
228 * This function returns the number of index nodes written into the gaps, or a
229 * negative error code on failure.
230 */
231static int layout_leb_in_gaps(struct ubifs_info *c, int *p)
232{
233 struct ubifs_scan_leb *sleb;
234 struct ubifs_scan_node *snod;
235 int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
236
237 tot_written = 0;
238 /* Get an index LEB with lots of obsolete index nodes */
239 lnum = ubifs_find_dirty_idx_leb(c);
240 if (lnum < 0)
241 /*
242 * There also may be dirt in the index head that could be
243 * filled, however we do not check there at present.
244 */
245 return lnum; /* Error code */
246 *p = lnum;
247 dbg_gc("LEB %d", lnum);
248 /*
249 * Scan the index LEB. We use the generic scan for this even though
250 * it is more comprehensive and less efficient than is needed for this
251 * purpose.
252 */
253 sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
254 c->ileb_len = 0;
255 if (IS_ERR(sleb))
256 return PTR_ERR(sleb);
257 gap_start = 0;
258 list_for_each_entry(snod, &sleb->nodes, list) {
259 struct ubifs_idx_node *idx;
260 int in_use, level;
261
262 ubifs_assert(snod->type == UBIFS_IDX_NODE);
263 idx = snod->node;
264 key_read(c, ubifs_idx_key(c, idx), &snod->key);
265 level = le16_to_cpu(idx->level);
266 /* Determine if the index node is in use (not obsolete) */
267 in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
268 snod->offs);
269 if (in_use < 0) {
270 ubifs_scan_destroy(sleb);
271 return in_use; /* Error code */
272 }
273 if (in_use) {
274 if (in_use == 1)
275 dirt += ALIGN(snod->len, 8);
276 /*
277 * The obsolete index nodes form gaps that can be
278 * overwritten. This gap has ended because we have
279 * found an index node that is still in use
280 * i.e. not obsolete
281 */
282 gap_end = snod->offs;
283 /* Try to fill gap */
284 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
285 if (written < 0) {
286 ubifs_scan_destroy(sleb);
287 return written; /* Error code */
288 }
289 tot_written += written;
290 gap_start = ALIGN(snod->offs + snod->len, 8);
291 }
292 }
293 ubifs_scan_destroy(sleb);
294 c->ileb_len = c->leb_size;
295 gap_end = c->leb_size;
296 /* Try to fill gap */
297 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
298 if (written < 0)
299 return written; /* Error code */
300 tot_written += written;
301 if (tot_written == 0) {
302 struct ubifs_lprops lp;
303
304 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
305 err = ubifs_read_one_lp(c, lnum, &lp);
306 if (err)
307 return err;
308 if (lp.free == c->leb_size) {
309 /*
310 * We must have snatched this LEB from the idx_gc list
311 * so we need to correct the free and dirty space.
312 */
313 err = ubifs_change_one_lp(c, lnum,
314 c->leb_size - c->ileb_len,
315 dirt, 0, 0, 0);
316 if (err)
317 return err;
318 }
319 return 0;
320 }
321 err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
322 0, 0, 0);
323 if (err)
324 return err;
325 err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
326 if (err)
327 return err;
328 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
329 return tot_written;
330}
331
332/**
333 * get_leb_cnt - calculate the number of empty LEBs needed to commit.
334 * @c: UBIFS file-system description object
335 * @cnt: number of znodes to commit
336 *
337 * This function returns the number of empty LEBs needed to commit @cnt znodes
338 * to the current index head. The number is not exact and may be more than
339 * needed.
340 */
341static int get_leb_cnt(struct ubifs_info *c, int cnt)
342{
343 int d;
344
345 /* Assume maximum index node size (i.e. overestimate space needed) */
346 cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
347 if (cnt < 0)
348 cnt = 0;
349 d = c->leb_size / c->max_idx_node_sz;
350 return DIV_ROUND_UP(cnt, d);
351}
352
353/**
354 * layout_in_gaps - in-the-gaps method of committing TNC.
355 * @c: UBIFS file-system description object
356 * @cnt: number of dirty znodes to commit.
357 *
358 * This function lays out new index nodes for dirty znodes using in-the-gaps
359 * method of TNC commit.
360 *
361 * This function returns %0 on success and a negative error code on failure.
362 */
363static int layout_in_gaps(struct ubifs_info *c, int cnt)
364{
365 int err, leb_needed_cnt, written, *p;
366
367 dbg_gc("%d znodes to write", cnt);
368
369 c->gap_lebs = kmalloc(sizeof(int) * (c->lst.idx_lebs + 1), GFP_NOFS);
370 if (!c->gap_lebs)
371 return -ENOMEM;
372
373 p = c->gap_lebs;
374 do {
375 ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs);
376 written = layout_leb_in_gaps(c, p);
377 if (written < 0) {
378 err = written;
379 if (err != -ENOSPC) {
380 kfree(c->gap_lebs);
381 c->gap_lebs = NULL;
382 return err;
383 }
384 if (!dbg_is_chk_index(c)) {
385 /*
386 * Do not print scary warnings if the debugging
387 * option which forces in-the-gaps is enabled.
388 */
389 ubifs_warn(c, "out of space");
390 ubifs_dump_budg(c, &c->bi);
391 ubifs_dump_lprops(c);
392 }
393 /* Try to commit anyway */
394 break;
395 }
396 p++;
397 cnt -= written;
398 leb_needed_cnt = get_leb_cnt(c, cnt);
399 dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
400 leb_needed_cnt, c->ileb_cnt);
401 } while (leb_needed_cnt > c->ileb_cnt);
402
403 *p = -1;
404 return 0;
405}
406
407/**
408 * layout_in_empty_space - layout index nodes in empty space.
409 * @c: UBIFS file-system description object
410 *
411 * This function lays out new index nodes for dirty znodes using empty LEBs.
412 *
413 * This function returns %0 on success and a negative error code on failure.
414 */
415static int layout_in_empty_space(struct ubifs_info *c)
416{
417 struct ubifs_znode *znode, *cnext, *zp;
418 int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
419 int wlen, blen, err;
420
421 cnext = c->enext;
422 if (!cnext)
423 return 0;
424
425 lnum = c->ihead_lnum;
426 buf_offs = c->ihead_offs;
427
428 buf_len = ubifs_idx_node_sz(c, c->fanout);
429 buf_len = ALIGN(buf_len, c->min_io_size);
430 used = 0;
431 avail = buf_len;
432
433 /* Ensure there is enough room for first write */
434 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
435 if (buf_offs + next_len > c->leb_size)
436 lnum = -1;
437
438 while (1) {
439 znode = cnext;
440
441 len = ubifs_idx_node_sz(c, znode->child_cnt);
442
443 /* Determine the index node position */
444 if (lnum == -1) {
445 if (c->ileb_nxt >= c->ileb_cnt) {
446 ubifs_err(c, "out of space");
447 return -ENOSPC;
448 }
449 lnum = c->ilebs[c->ileb_nxt++];
450 buf_offs = 0;
451 used = 0;
452 avail = buf_len;
453 }
454
455 offs = buf_offs + used;
456
457 znode->lnum = lnum;
458 znode->offs = offs;
459 znode->len = len;
460
461 /* Update the parent */
462 zp = znode->parent;
463 if (zp) {
464 struct ubifs_zbranch *zbr;
465 int i;
466
467 i = znode->iip;
468 zbr = &zp->zbranch[i];
469 zbr->lnum = lnum;
470 zbr->offs = offs;
471 zbr->len = len;
472 } else {
473 c->zroot.lnum = lnum;
474 c->zroot.offs = offs;
475 c->zroot.len = len;
476 }
477 c->calc_idx_sz += ALIGN(len, 8);
478
479 /*
480 * Once lprops is updated, we can decrease the dirty znode count
481 * but it is easier to just do it here.
482 */
483 atomic_long_dec(&c->dirty_zn_cnt);
484
485 /*
486 * Calculate the next index node length to see if there is
487 * enough room for it
488 */
489 cnext = znode->cnext;
490 if (cnext == c->cnext)
491 next_len = 0;
492 else
493 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
494
495 /* Update buffer positions */
496 wlen = used + len;
497 used += ALIGN(len, 8);
498 avail -= ALIGN(len, 8);
499
500 if (next_len != 0 &&
501 buf_offs + used + next_len <= c->leb_size &&
502 avail > 0)
503 continue;
504
505 if (avail <= 0 && next_len &&
506 buf_offs + used + next_len <= c->leb_size)
507 blen = buf_len;
508 else
509 blen = ALIGN(wlen, c->min_io_size);
510
511 /* The buffer is full or there are no more znodes to do */
512 buf_offs += blen;
513 if (next_len) {
514 if (buf_offs + next_len > c->leb_size) {
515 err = ubifs_update_one_lp(c, lnum,
516 c->leb_size - buf_offs, blen - used,
517 0, 0);
518 if (err)
519 return err;
520 lnum = -1;
521 }
522 used -= blen;
523 if (used < 0)
524 used = 0;
525 avail = buf_len - used;
526 continue;
527 }
528 err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
529 blen - used, 0, 0);
530 if (err)
531 return err;
532 break;
533 }
534
535 c->dbg->new_ihead_lnum = lnum;
536 c->dbg->new_ihead_offs = buf_offs;
537
538 return 0;
539}
540
541/**
542 * layout_commit - determine positions of index nodes to commit.
543 * @c: UBIFS file-system description object
544 * @no_space: indicates that insufficient empty LEBs were allocated
545 * @cnt: number of znodes to commit
546 *
547 * Calculate and update the positions of index nodes to commit. If there were
548 * an insufficient number of empty LEBs allocated, then index nodes are placed
549 * into the gaps created by obsolete index nodes in non-empty index LEBs. For
550 * this purpose, an obsolete index node is one that was not in the index as at
551 * the end of the last commit. To write "in-the-gaps" requires that those index
552 * LEBs are updated atomically in-place.
553 */
554static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
555{
556 int err;
557
558 if (no_space) {
559 err = layout_in_gaps(c, cnt);
560 if (err)
561 return err;
562 }
563 err = layout_in_empty_space(c);
564 return err;
565}
566
567/**
568 * find_first_dirty - find first dirty znode.
569 * @znode: znode to begin searching from
570 */
571static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
572{
573 int i, cont;
574
575 if (!znode)
576 return NULL;
577
578 while (1) {
579 if (znode->level == 0) {
580 if (ubifs_zn_dirty(znode))
581 return znode;
582 return NULL;
583 }
584 cont = 0;
585 for (i = 0; i < znode->child_cnt; i++) {
586 struct ubifs_zbranch *zbr = &znode->zbranch[i];
587
588 if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
589 znode = zbr->znode;
590 cont = 1;
591 break;
592 }
593 }
594 if (!cont) {
595 if (ubifs_zn_dirty(znode))
596 return znode;
597 return NULL;
598 }
599 }
600}
601
602/**
603 * find_next_dirty - find next dirty znode.
604 * @znode: znode to begin searching from
605 */
606static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
607{
608 int n = znode->iip + 1;
609
610 znode = znode->parent;
611 if (!znode)
612 return NULL;
613 for (; n < znode->child_cnt; n++) {
614 struct ubifs_zbranch *zbr = &znode->zbranch[n];
615
616 if (zbr->znode && ubifs_zn_dirty(zbr->znode))
617 return find_first_dirty(zbr->znode);
618 }
619 return znode;
620}
621
622/**
623 * get_znodes_to_commit - create list of dirty znodes to commit.
624 * @c: UBIFS file-system description object
625 *
626 * This function returns the number of znodes to commit.
627 */
628static int get_znodes_to_commit(struct ubifs_info *c)
629{
630 struct ubifs_znode *znode, *cnext;
631 int cnt = 0;
632
633 c->cnext = find_first_dirty(c->zroot.znode);
634 znode = c->enext = c->cnext;
635 if (!znode) {
636 dbg_cmt("no znodes to commit");
637 return 0;
638 }
639 cnt += 1;
640 while (1) {
641 ubifs_assert(!ubifs_zn_cow(znode));
642 __set_bit(COW_ZNODE, &znode->flags);
643 znode->alt = 0;
644 cnext = find_next_dirty(znode);
645 if (!cnext) {
646 znode->cnext = c->cnext;
647 break;
648 }
649 znode->cnext = cnext;
650 znode = cnext;
651 cnt += 1;
652 }
653 dbg_cmt("committing %d znodes", cnt);
654 ubifs_assert(cnt == atomic_long_read(&c->dirty_zn_cnt));
655 return cnt;
656}
657
658/**
659 * alloc_idx_lebs - allocate empty LEBs to be used to commit.
660 * @c: UBIFS file-system description object
661 * @cnt: number of znodes to commit
662 *
663 * This function returns %-ENOSPC if it cannot allocate a sufficient number of
664 * empty LEBs. %0 is returned on success, otherwise a negative error code
665 * is returned.
666 */
667static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
668{
669 int i, leb_cnt, lnum;
670
671 c->ileb_cnt = 0;
672 c->ileb_nxt = 0;
673 leb_cnt = get_leb_cnt(c, cnt);
674 dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
675 if (!leb_cnt)
676 return 0;
677 c->ilebs = kmalloc(leb_cnt * sizeof(int), GFP_NOFS);
678 if (!c->ilebs)
679 return -ENOMEM;
680 for (i = 0; i < leb_cnt; i++) {
681 lnum = ubifs_find_free_leb_for_idx(c);
682 if (lnum < 0)
683 return lnum;
684 c->ilebs[c->ileb_cnt++] = lnum;
685 dbg_cmt("LEB %d", lnum);
686 }
687 if (dbg_is_chk_index(c) && !(prandom_u32() & 7))
688 return -ENOSPC;
689 return 0;
690}
691
692/**
693 * free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
694 * @c: UBIFS file-system description object
695 *
696 * It is possible that we allocate more empty LEBs for the commit than we need.
697 * This functions frees the surplus.
698 *
699 * This function returns %0 on success and a negative error code on failure.
700 */
701static int free_unused_idx_lebs(struct ubifs_info *c)
702{
703 int i, err = 0, lnum, er;
704
705 for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
706 lnum = c->ilebs[i];
707 dbg_cmt("LEB %d", lnum);
708 er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
709 LPROPS_INDEX | LPROPS_TAKEN, 0);
710 if (!err)
711 err = er;
712 }
713 return err;
714}
715
716/**
717 * free_idx_lebs - free unused LEBs after commit end.
718 * @c: UBIFS file-system description object
719 *
720 * This function returns %0 on success and a negative error code on failure.
721 */
722static int free_idx_lebs(struct ubifs_info *c)
723{
724 int err;
725
726 err = free_unused_idx_lebs(c);
727 kfree(c->ilebs);
728 c->ilebs = NULL;
729 return err;
730}
731
732/**
733 * ubifs_tnc_start_commit - start TNC commit.
734 * @c: UBIFS file-system description object
735 * @zroot: new index root position is returned here
736 *
737 * This function prepares the list of indexing nodes to commit and lays out
738 * their positions on flash. If there is not enough free space it uses the
739 * in-gap commit method. Returns zero in case of success and a negative error
740 * code in case of failure.
741 */
742int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
743{
744 int err = 0, cnt;
745
746 mutex_lock(&c->tnc_mutex);
747 err = dbg_check_tnc(c, 1);
748 if (err)
749 goto out;
750 cnt = get_znodes_to_commit(c);
751 if (cnt != 0) {
752 int no_space = 0;
753
754 err = alloc_idx_lebs(c, cnt);
755 if (err == -ENOSPC)
756 no_space = 1;
757 else if (err)
758 goto out_free;
759 err = layout_commit(c, no_space, cnt);
760 if (err)
761 goto out_free;
762 ubifs_assert(atomic_long_read(&c->dirty_zn_cnt) == 0);
763 err = free_unused_idx_lebs(c);
764 if (err)
765 goto out;
766 }
767 destroy_old_idx(c);
768 memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
769
770 err = ubifs_save_dirty_idx_lnums(c);
771 if (err)
772 goto out;
773
774 spin_lock(&c->space_lock);
775 /*
776 * Although we have not finished committing yet, update size of the
777 * committed index ('c->bi.old_idx_sz') and zero out the index growth
778 * budget. It is OK to do this now, because we've reserved all the
779 * space which is needed to commit the index, and it is save for the
780 * budgeting subsystem to assume the index is already committed,
781 * even though it is not.
782 */
783 ubifs_assert(c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
784 c->bi.old_idx_sz = c->calc_idx_sz;
785 c->bi.uncommitted_idx = 0;
786 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
787 spin_unlock(&c->space_lock);
788 mutex_unlock(&c->tnc_mutex);
789
790 dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
791 dbg_cmt("size of index %llu", c->calc_idx_sz);
792 return err;
793
794out_free:
795 free_idx_lebs(c);
796out:
797 mutex_unlock(&c->tnc_mutex);
798 return err;
799}
800
801/**
802 * write_index - write index nodes.
803 * @c: UBIFS file-system description object
804 *
805 * This function writes the index nodes whose positions were laid out in the
806 * layout_in_empty_space function.
807 */
808static int write_index(struct ubifs_info *c)
809{
810 struct ubifs_idx_node *idx;
811 struct ubifs_znode *znode, *cnext;
812 int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
813 int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
814
815 cnext = c->enext;
816 if (!cnext)
817 return 0;
818
819 /*
820 * Always write index nodes to the index head so that index nodes and
821 * other types of nodes are never mixed in the same erase block.
822 */
823 lnum = c->ihead_lnum;
824 buf_offs = c->ihead_offs;
825
826 /* Allocate commit buffer */
827 buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
828 used = 0;
829 avail = buf_len;
830
831 /* Ensure there is enough room for first write */
832 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
833 if (buf_offs + next_len > c->leb_size) {
834 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
835 LPROPS_TAKEN);
836 if (err)
837 return err;
838 lnum = -1;
839 }
840
841 while (1) {
842 cond_resched();
843
844 znode = cnext;
845 idx = c->cbuf + used;
846
847 /* Make index node */
848 idx->ch.node_type = UBIFS_IDX_NODE;
849 idx->child_cnt = cpu_to_le16(znode->child_cnt);
850 idx->level = cpu_to_le16(znode->level);
851 for (i = 0; i < znode->child_cnt; i++) {
852 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
853 struct ubifs_zbranch *zbr = &znode->zbranch[i];
854
855 key_write_idx(c, &zbr->key, &br->key);
856 br->lnum = cpu_to_le32(zbr->lnum);
857 br->offs = cpu_to_le32(zbr->offs);
858 br->len = cpu_to_le32(zbr->len);
859 if (!zbr->lnum || !zbr->len) {
860 ubifs_err(c, "bad ref in znode");
861 ubifs_dump_znode(c, znode);
862 if (zbr->znode)
863 ubifs_dump_znode(c, zbr->znode);
864
865 return -EINVAL;
866 }
867 }
868 len = ubifs_idx_node_sz(c, znode->child_cnt);
869 ubifs_prepare_node(c, idx, len, 0);
870
871 /* Determine the index node position */
872 if (lnum == -1) {
873 lnum = c->ilebs[lnum_pos++];
874 buf_offs = 0;
875 used = 0;
876 avail = buf_len;
877 }
878 offs = buf_offs + used;
879
880 if (lnum != znode->lnum || offs != znode->offs ||
881 len != znode->len) {
882 ubifs_err(c, "inconsistent znode posn");
883 return -EINVAL;
884 }
885
886 /* Grab some stuff from znode while we still can */
887 cnext = znode->cnext;
888
889 ubifs_assert(ubifs_zn_dirty(znode));
890 ubifs_assert(ubifs_zn_cow(znode));
891
892 /*
893 * It is important that other threads should see %DIRTY_ZNODE
894 * flag cleared before %COW_ZNODE. Specifically, it matters in
895 * the 'dirty_cow_znode()' function. This is the reason for the
896 * first barrier. Also, we want the bit changes to be seen to
897 * other threads ASAP, to avoid unnecesarry copying, which is
898 * the reason for the second barrier.
899 */
900 clear_bit(DIRTY_ZNODE, &znode->flags);
901 smp_mb__before_atomic();
902 clear_bit(COW_ZNODE, &znode->flags);
903 smp_mb__after_atomic();
904
905 /*
906 * We have marked the znode as clean but have not updated the
907 * @c->clean_zn_cnt counter. If this znode becomes dirty again
908 * before 'free_obsolete_znodes()' is called, then
909 * @c->clean_zn_cnt will be decremented before it gets
910 * incremented (resulting in 2 decrements for the same znode).
911 * This means that @c->clean_zn_cnt may become negative for a
912 * while.
913 *
914 * Q: why we cannot increment @c->clean_zn_cnt?
915 * A: because we do not have the @c->tnc_mutex locked, and the
916 * following code would be racy and buggy:
917 *
918 * if (!ubifs_zn_obsolete(znode)) {
919 * atomic_long_inc(&c->clean_zn_cnt);
920 * atomic_long_inc(&ubifs_clean_zn_cnt);
921 * }
922 *
923 * Thus, we just delay the @c->clean_zn_cnt update until we
924 * have the mutex locked.
925 */
926
927 /* Do not access znode from this point on */
928
929 /* Update buffer positions */
930 wlen = used + len;
931 used += ALIGN(len, 8);
932 avail -= ALIGN(len, 8);
933
934 /*
935 * Calculate the next index node length to see if there is
936 * enough room for it
937 */
938 if (cnext == c->cnext)
939 next_len = 0;
940 else
941 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
942
943 nxt_offs = buf_offs + used + next_len;
944 if (next_len && nxt_offs <= c->leb_size) {
945 if (avail > 0)
946 continue;
947 else
948 blen = buf_len;
949 } else {
950 wlen = ALIGN(wlen, 8);
951 blen = ALIGN(wlen, c->min_io_size);
952 ubifs_pad(c, c->cbuf + wlen, blen - wlen);
953 }
954
955 /* The buffer is full or there are no more znodes to do */
956 err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
957 if (err)
958 return err;
959 buf_offs += blen;
960 if (next_len) {
961 if (nxt_offs > c->leb_size) {
962 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
963 0, LPROPS_TAKEN);
964 if (err)
965 return err;
966 lnum = -1;
967 }
968 used -= blen;
969 if (used < 0)
970 used = 0;
971 avail = buf_len - used;
972 memmove(c->cbuf, c->cbuf + blen, used);
973 continue;
974 }
975 break;
976 }
977
978 if (lnum != c->dbg->new_ihead_lnum ||
979 buf_offs != c->dbg->new_ihead_offs) {
980 ubifs_err(c, "inconsistent ihead");
981 return -EINVAL;
982 }
983
984 c->ihead_lnum = lnum;
985 c->ihead_offs = buf_offs;
986
987 return 0;
988}
989
990/**
991 * free_obsolete_znodes - free obsolete znodes.
992 * @c: UBIFS file-system description object
993 *
994 * At the end of commit end, obsolete znodes are freed.
995 */
996static void free_obsolete_znodes(struct ubifs_info *c)
997{
998 struct ubifs_znode *znode, *cnext;
999
1000 cnext = c->cnext;
1001 do {
1002 znode = cnext;
1003 cnext = znode->cnext;
1004 if (ubifs_zn_obsolete(znode))
1005 kfree(znode);
1006 else {
1007 znode->cnext = NULL;
1008 atomic_long_inc(&c->clean_zn_cnt);
1009 atomic_long_inc(&ubifs_clean_zn_cnt);
1010 }
1011 } while (cnext != c->cnext);
1012}
1013
1014/**
1015 * return_gap_lebs - return LEBs used by the in-gap commit method.
1016 * @c: UBIFS file-system description object
1017 *
1018 * This function clears the "taken" flag for the LEBs which were used by the
1019 * "commit in-the-gaps" method.
1020 */
1021static int return_gap_lebs(struct ubifs_info *c)
1022{
1023 int *p, err;
1024
1025 if (!c->gap_lebs)
1026 return 0;
1027
1028 dbg_cmt("");
1029 for (p = c->gap_lebs; *p != -1; p++) {
1030 err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
1031 LPROPS_TAKEN, 0);
1032 if (err)
1033 return err;
1034 }
1035
1036 kfree(c->gap_lebs);
1037 c->gap_lebs = NULL;
1038 return 0;
1039}
1040
1041/**
1042 * ubifs_tnc_end_commit - update the TNC for commit end.
1043 * @c: UBIFS file-system description object
1044 *
1045 * Write the dirty znodes.
1046 */
1047int ubifs_tnc_end_commit(struct ubifs_info *c)
1048{
1049 int err;
1050
1051 if (!c->cnext)
1052 return 0;
1053
1054 err = return_gap_lebs(c);
1055 if (err)
1056 return err;
1057
1058 err = write_index(c);
1059 if (err)
1060 return err;
1061
1062 mutex_lock(&c->tnc_mutex);
1063
1064 dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
1065
1066 free_obsolete_znodes(c);
1067
1068 c->cnext = NULL;
1069 kfree(c->ilebs);
1070 c->ilebs = NULL;
1071
1072 mutex_unlock(&c->tnc_mutex);
1073
1074 return 0;
1075}