Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Authors: Adrian Hunter
8 * Artem Bityutskiy (Битюцкий Артём)
9 */
10
11/*
12 * This file implements the budgeting sub-system which is responsible for UBIFS
13 * space management.
14 *
15 * Factors such as compression, wasted space at the ends of LEBs, space in other
16 * journal heads, the effect of updates on the index, and so on, make it
17 * impossible to accurately predict the amount of space needed. Consequently
18 * approximations are used.
19 */
20
21#include "ubifs.h"
22#include <linux/writeback.h>
23#include <linux/math64.h>
24
25/*
26 * When pessimistic budget calculations say that there is no enough space,
27 * UBIFS starts writing back dirty inodes and pages, doing garbage collection,
28 * or committing. The below constant defines maximum number of times UBIFS
29 * repeats the operations.
30 */
31#define MAX_MKSPC_RETRIES 3
32
33/*
34 * The below constant defines amount of dirty pages which should be written
35 * back at when trying to shrink the liability.
36 */
37#define NR_TO_WRITE 16
38
39/**
40 * shrink_liability - write-back some dirty pages/inodes.
41 * @c: UBIFS file-system description object
42 * @nr_to_write: how many dirty pages to write-back
43 *
44 * This function shrinks UBIFS liability by means of writing back some amount
45 * of dirty inodes and their pages.
46 *
47 * Note, this function synchronizes even VFS inodes which are locked
48 * (@i_mutex) by the caller of the budgeting function, because write-back does
49 * not touch @i_mutex.
50 */
51static void shrink_liability(struct ubifs_info *c, int nr_to_write)
52{
53 down_read(&c->vfs_sb->s_umount);
54 writeback_inodes_sb_nr(c->vfs_sb, nr_to_write, WB_REASON_FS_FREE_SPACE);
55 up_read(&c->vfs_sb->s_umount);
56}
57
58/**
59 * run_gc - run garbage collector.
60 * @c: UBIFS file-system description object
61 *
62 * This function runs garbage collector to make some more free space. Returns
63 * zero if a free LEB has been produced, %-EAGAIN if commit is required, and a
64 * negative error code in case of failure.
65 */
66static int run_gc(struct ubifs_info *c)
67{
68 int err, lnum;
69
70 /* Make some free space by garbage-collecting dirty space */
71 down_read(&c->commit_sem);
72 lnum = ubifs_garbage_collect(c, 1);
73 up_read(&c->commit_sem);
74 if (lnum < 0)
75 return lnum;
76
77 /* GC freed one LEB, return it to lprops */
78 dbg_budg("GC freed LEB %d", lnum);
79 err = ubifs_return_leb(c, lnum);
80 if (err)
81 return err;
82 return 0;
83}
84
85/**
86 * get_liability - calculate current liability.
87 * @c: UBIFS file-system description object
88 *
89 * This function calculates and returns current UBIFS liability, i.e. the
90 * amount of bytes UBIFS has "promised" to write to the media.
91 */
92static long long get_liability(struct ubifs_info *c)
93{
94 long long liab;
95
96 spin_lock(&c->space_lock);
97 liab = c->bi.idx_growth + c->bi.data_growth + c->bi.dd_growth;
98 spin_unlock(&c->space_lock);
99 return liab;
100}
101
102/**
103 * make_free_space - make more free space on the file-system.
104 * @c: UBIFS file-system description object
105 *
106 * This function is called when an operation cannot be budgeted because there
107 * is supposedly no free space. But in most cases there is some free space:
108 * o budgeting is pessimistic, so it always budgets more than it is actually
109 * needed, so shrinking the liability is one way to make free space - the
110 * cached data will take less space then it was budgeted for;
111 * o GC may turn some dark space into free space (budgeting treats dark space
112 * as not available);
113 * o commit may free some LEB, i.e., turn freeable LEBs into free LEBs.
114 *
115 * So this function tries to do the above. Returns %-EAGAIN if some free space
116 * was presumably made and the caller has to re-try budgeting the operation.
117 * Returns %-ENOSPC if it couldn't do more free space, and other negative error
118 * codes on failures.
119 */
120static int make_free_space(struct ubifs_info *c)
121{
122 int err, retries = 0;
123 long long liab1, liab2;
124
125 do {
126 liab1 = get_liability(c);
127 /*
128 * We probably have some dirty pages or inodes (liability), try
129 * to write them back.
130 */
131 dbg_budg("liability %lld, run write-back", liab1);
132 shrink_liability(c, NR_TO_WRITE);
133
134 liab2 = get_liability(c);
135 if (liab2 < liab1)
136 return -EAGAIN;
137
138 dbg_budg("new liability %lld (not shrunk)", liab2);
139
140 /* Liability did not shrink again, try GC */
141 dbg_budg("Run GC");
142 err = run_gc(c);
143 if (!err)
144 return -EAGAIN;
145
146 if (err != -EAGAIN && err != -ENOSPC)
147 /* Some real error happened */
148 return err;
149
150 dbg_budg("Run commit (retries %d)", retries);
151 err = ubifs_run_commit(c);
152 if (err)
153 return err;
154 } while (retries++ < MAX_MKSPC_RETRIES);
155
156 return -ENOSPC;
157}
158
159/**
160 * ubifs_calc_min_idx_lebs - calculate amount of LEBs for the index.
161 * @c: UBIFS file-system description object
162 *
163 * This function calculates and returns the number of LEBs which should be kept
164 * for index usage.
165 */
166int ubifs_calc_min_idx_lebs(struct ubifs_info *c)
167{
168 int idx_lebs;
169 long long idx_size;
170
171 idx_size = c->bi.old_idx_sz + c->bi.idx_growth + c->bi.uncommitted_idx;
172 /* And make sure we have thrice the index size of space reserved */
173 idx_size += idx_size << 1;
174 /*
175 * We do not maintain 'old_idx_size' as 'old_idx_lebs'/'old_idx_bytes'
176 * pair, nor similarly the two variables for the new index size, so we
177 * have to do this costly 64-bit division on fast-path.
178 */
179 idx_lebs = div_u64(idx_size + c->idx_leb_size - 1, c->idx_leb_size);
180 /*
181 * The index head is not available for the in-the-gaps method, so add an
182 * extra LEB to compensate.
183 */
184 idx_lebs += 1;
185 if (idx_lebs < MIN_INDEX_LEBS)
186 idx_lebs = MIN_INDEX_LEBS;
187 return idx_lebs;
188}
189
190/**
191 * ubifs_calc_available - calculate available FS space.
192 * @c: UBIFS file-system description object
193 * @min_idx_lebs: minimum number of LEBs reserved for the index
194 *
195 * This function calculates and returns amount of FS space available for use.
196 */
197long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
198{
199 int subtract_lebs;
200 long long available;
201
202 available = c->main_bytes - c->lst.total_used;
203
204 /*
205 * Now 'available' contains theoretically available flash space
206 * assuming there is no index, so we have to subtract the space which
207 * is reserved for the index.
208 */
209 subtract_lebs = min_idx_lebs;
210
211 /* Take into account that GC reserves one LEB for its own needs */
212 subtract_lebs += 1;
213
214 /*
215 * The GC journal head LEB is not really accessible. And since
216 * different write types go to different heads, we may count only on
217 * one head's space.
218 */
219 subtract_lebs += c->jhead_cnt - 1;
220
221 /* We also reserve one LEB for deletions, which bypass budgeting */
222 subtract_lebs += 1;
223
224 available -= (long long)subtract_lebs * c->leb_size;
225
226 /* Subtract the dead space which is not available for use */
227 available -= c->lst.total_dead;
228
229 /*
230 * Subtract dark space, which might or might not be usable - it depends
231 * on the data which we have on the media and which will be written. If
232 * this is a lot of uncompressed or not-compressible data, the dark
233 * space cannot be used.
234 */
235 available -= c->lst.total_dark;
236
237 /*
238 * However, there is more dark space. The index may be bigger than
239 * @min_idx_lebs. Those extra LEBs are assumed to be available, but
240 * their dark space is not included in total_dark, so it is subtracted
241 * here.
242 */
243 if (c->lst.idx_lebs > min_idx_lebs) {
244 subtract_lebs = c->lst.idx_lebs - min_idx_lebs;
245 available -= subtract_lebs * c->dark_wm;
246 }
247
248 /* The calculations are rough and may end up with a negative number */
249 return available > 0 ? available : 0;
250}
251
252/**
253 * can_use_rp - check whether the user is allowed to use reserved pool.
254 * @c: UBIFS file-system description object
255 *
256 * UBIFS has so-called "reserved pool" which is flash space reserved
257 * for the superuser and for uses whose UID/GID is recorded in UBIFS superblock.
258 * This function checks whether current user is allowed to use reserved pool.
259 * Returns %1 current user is allowed to use reserved pool and %0 otherwise.
260 */
261static int can_use_rp(struct ubifs_info *c)
262{
263 if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
264 (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
265 return 1;
266 return 0;
267}
268
269/**
270 * do_budget_space - reserve flash space for index and data growth.
271 * @c: UBIFS file-system description object
272 *
273 * This function makes sure UBIFS has enough free LEBs for index growth and
274 * data.
275 *
276 * When budgeting index space, UBIFS reserves thrice as many LEBs as the index
277 * would take if it was consolidated and written to the flash. This guarantees
278 * that the "in-the-gaps" commit method always succeeds and UBIFS will always
279 * be able to commit dirty index. So this function basically adds amount of
280 * budgeted index space to the size of the current index, multiplies this by 3,
281 * and makes sure this does not exceed the amount of free LEBs.
282 *
283 * Notes about @c->bi.min_idx_lebs and @c->lst.idx_lebs variables:
284 * o @c->lst.idx_lebs is the number of LEBs the index currently uses. It might
285 * be large, because UBIFS does not do any index consolidation as long as
286 * there is free space. IOW, the index may take a lot of LEBs, but the LEBs
287 * will contain a lot of dirt.
288 * o @c->bi.min_idx_lebs is the number of LEBS the index presumably takes. IOW,
289 * the index may be consolidated to take up to @c->bi.min_idx_lebs LEBs.
290 *
291 * This function returns zero in case of success, and %-ENOSPC in case of
292 * failure.
293 */
294static int do_budget_space(struct ubifs_info *c)
295{
296 long long outstanding, available;
297 int lebs, rsvd_idx_lebs, min_idx_lebs;
298
299 /* First budget index space */
300 min_idx_lebs = ubifs_calc_min_idx_lebs(c);
301
302 /* Now 'min_idx_lebs' contains number of LEBs to reserve */
303 if (min_idx_lebs > c->lst.idx_lebs)
304 rsvd_idx_lebs = min_idx_lebs - c->lst.idx_lebs;
305 else
306 rsvd_idx_lebs = 0;
307
308 /*
309 * The number of LEBs that are available to be used by the index is:
310 *
311 * @c->lst.empty_lebs + @c->freeable_cnt + @c->idx_gc_cnt -
312 * @c->lst.taken_empty_lebs
313 *
314 * @c->lst.empty_lebs are available because they are empty.
315 * @c->freeable_cnt are available because they contain only free and
316 * dirty space, @c->idx_gc_cnt are available because they are index
317 * LEBs that have been garbage collected and are awaiting the commit
318 * before they can be used. And the in-the-gaps method will grab these
319 * if it needs them. @c->lst.taken_empty_lebs are empty LEBs that have
320 * already been allocated for some purpose.
321 *
322 * Note, @c->idx_gc_cnt is included to both @c->lst.empty_lebs (because
323 * these LEBs are empty) and to @c->lst.taken_empty_lebs (because they
324 * are taken until after the commit).
325 *
326 * Note, @c->lst.taken_empty_lebs may temporarily be higher by one
327 * because of the way we serialize LEB allocations and budgeting. See a
328 * comment in 'ubifs_find_free_space()'.
329 */
330 lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
331 c->lst.taken_empty_lebs;
332 if (unlikely(rsvd_idx_lebs > lebs)) {
333 dbg_budg("out of indexing space: min_idx_lebs %d (old %d), rsvd_idx_lebs %d",
334 min_idx_lebs, c->bi.min_idx_lebs, rsvd_idx_lebs);
335 return -ENOSPC;
336 }
337
338 available = ubifs_calc_available(c, min_idx_lebs);
339 outstanding = c->bi.data_growth + c->bi.dd_growth;
340
341 if (unlikely(available < outstanding)) {
342 dbg_budg("out of data space: available %lld, outstanding %lld",
343 available, outstanding);
344 return -ENOSPC;
345 }
346
347 if (available - outstanding <= c->rp_size && !can_use_rp(c))
348 return -ENOSPC;
349
350 c->bi.min_idx_lebs = min_idx_lebs;
351 return 0;
352}
353
354/**
355 * calc_idx_growth - calculate approximate index growth from budgeting request.
356 * @c: UBIFS file-system description object
357 * @req: budgeting request
358 *
359 * For now we assume each new node adds one znode. But this is rather poor
360 * approximation, though.
361 */
362static int calc_idx_growth(const struct ubifs_info *c,
363 const struct ubifs_budget_req *req)
364{
365 int znodes;
366
367 znodes = req->new_ino + (req->new_page << UBIFS_BLOCKS_PER_PAGE_SHIFT) +
368 req->new_dent;
369 return znodes * c->max_idx_node_sz;
370}
371
372/**
373 * calc_data_growth - calculate approximate amount of new data from budgeting
374 * request.
375 * @c: UBIFS file-system description object
376 * @req: budgeting request
377 */
378static int calc_data_growth(const struct ubifs_info *c,
379 const struct ubifs_budget_req *req)
380{
381 int data_growth;
382
383 data_growth = req->new_ino ? c->bi.inode_budget : 0;
384 if (req->new_page)
385 data_growth += c->bi.page_budget;
386 if (req->new_dent)
387 data_growth += c->bi.dent_budget;
388 data_growth += req->new_ino_d;
389 return data_growth;
390}
391
392/**
393 * calc_dd_growth - calculate approximate amount of data which makes other data
394 * dirty from budgeting request.
395 * @c: UBIFS file-system description object
396 * @req: budgeting request
397 */
398static int calc_dd_growth(const struct ubifs_info *c,
399 const struct ubifs_budget_req *req)
400{
401 int dd_growth;
402
403 dd_growth = req->dirtied_page ? c->bi.page_budget : 0;
404
405 if (req->dirtied_ino)
406 dd_growth += c->bi.inode_budget << (req->dirtied_ino - 1);
407 if (req->mod_dent)
408 dd_growth += c->bi.dent_budget;
409 dd_growth += req->dirtied_ino_d;
410 return dd_growth;
411}
412
413/**
414 * ubifs_budget_space - ensure there is enough space to complete an operation.
415 * @c: UBIFS file-system description object
416 * @req: budget request
417 *
418 * This function allocates budget for an operation. It uses pessimistic
419 * approximation of how much flash space the operation needs. The goal of this
420 * function is to make sure UBIFS always has flash space to flush all dirty
421 * pages, dirty inodes, and dirty znodes (liability). This function may force
422 * commit, garbage-collection or write-back. Returns zero in case of success,
423 * %-ENOSPC if there is no free space and other negative error codes in case of
424 * failures.
425 */
426int ubifs_budget_space(struct ubifs_info *c, struct ubifs_budget_req *req)
427{
428 int err, idx_growth, data_growth, dd_growth, retried = 0;
429
430 ubifs_assert(c, req->new_page <= 1);
431 ubifs_assert(c, req->dirtied_page <= 1);
432 ubifs_assert(c, req->new_dent <= 1);
433 ubifs_assert(c, req->mod_dent <= 1);
434 ubifs_assert(c, req->new_ino <= 1);
435 ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
436 ubifs_assert(c, req->dirtied_ino <= 4);
437 ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
438 ubifs_assert(c, !(req->new_ino_d & 7));
439 ubifs_assert(c, !(req->dirtied_ino_d & 7));
440
441 data_growth = calc_data_growth(c, req);
442 dd_growth = calc_dd_growth(c, req);
443 if (!data_growth && !dd_growth)
444 return 0;
445 idx_growth = calc_idx_growth(c, req);
446
447again:
448 spin_lock(&c->space_lock);
449 ubifs_assert(c, c->bi.idx_growth >= 0);
450 ubifs_assert(c, c->bi.data_growth >= 0);
451 ubifs_assert(c, c->bi.dd_growth >= 0);
452
453 if (unlikely(c->bi.nospace) && (c->bi.nospace_rp || !can_use_rp(c))) {
454 dbg_budg("no space");
455 spin_unlock(&c->space_lock);
456 return -ENOSPC;
457 }
458
459 c->bi.idx_growth += idx_growth;
460 c->bi.data_growth += data_growth;
461 c->bi.dd_growth += dd_growth;
462
463 err = do_budget_space(c);
464 if (likely(!err)) {
465 req->idx_growth = idx_growth;
466 req->data_growth = data_growth;
467 req->dd_growth = dd_growth;
468 spin_unlock(&c->space_lock);
469 return 0;
470 }
471
472 /* Restore the old values */
473 c->bi.idx_growth -= idx_growth;
474 c->bi.data_growth -= data_growth;
475 c->bi.dd_growth -= dd_growth;
476 spin_unlock(&c->space_lock);
477
478 if (req->fast) {
479 dbg_budg("no space for fast budgeting");
480 return err;
481 }
482
483 err = make_free_space(c);
484 cond_resched();
485 if (err == -EAGAIN) {
486 dbg_budg("try again");
487 goto again;
488 } else if (err == -ENOSPC) {
489 if (!retried) {
490 retried = 1;
491 dbg_budg("-ENOSPC, but anyway try once again");
492 goto again;
493 }
494 dbg_budg("FS is full, -ENOSPC");
495 c->bi.nospace = 1;
496 if (can_use_rp(c) || c->rp_size == 0)
497 c->bi.nospace_rp = 1;
498 smp_wmb();
499 } else
500 ubifs_err(c, "cannot budget space, error %d", err);
501 return err;
502}
503
504/**
505 * ubifs_release_budget - release budgeted free space.
506 * @c: UBIFS file-system description object
507 * @req: budget request
508 *
509 * This function releases the space budgeted by 'ubifs_budget_space()'. Note,
510 * since the index changes (which were budgeted for in @req->idx_growth) will
511 * only be written to the media on commit, this function moves the index budget
512 * from @c->bi.idx_growth to @c->bi.uncommitted_idx. The latter will be zeroed
513 * by the commit operation.
514 */
515void ubifs_release_budget(struct ubifs_info *c, struct ubifs_budget_req *req)
516{
517 ubifs_assert(c, req->new_page <= 1);
518 ubifs_assert(c, req->dirtied_page <= 1);
519 ubifs_assert(c, req->new_dent <= 1);
520 ubifs_assert(c, req->mod_dent <= 1);
521 ubifs_assert(c, req->new_ino <= 1);
522 ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
523 ubifs_assert(c, req->dirtied_ino <= 4);
524 ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
525 ubifs_assert(c, !(req->new_ino_d & 7));
526 ubifs_assert(c, !(req->dirtied_ino_d & 7));
527 if (!req->recalculate) {
528 ubifs_assert(c, req->idx_growth >= 0);
529 ubifs_assert(c, req->data_growth >= 0);
530 ubifs_assert(c, req->dd_growth >= 0);
531 }
532
533 if (req->recalculate) {
534 req->data_growth = calc_data_growth(c, req);
535 req->dd_growth = calc_dd_growth(c, req);
536 req->idx_growth = calc_idx_growth(c, req);
537 }
538
539 if (!req->data_growth && !req->dd_growth)
540 return;
541
542 c->bi.nospace = c->bi.nospace_rp = 0;
543 smp_wmb();
544
545 spin_lock(&c->space_lock);
546 c->bi.idx_growth -= req->idx_growth;
547 c->bi.uncommitted_idx += req->idx_growth;
548 c->bi.data_growth -= req->data_growth;
549 c->bi.dd_growth -= req->dd_growth;
550 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
551
552 ubifs_assert(c, c->bi.idx_growth >= 0);
553 ubifs_assert(c, c->bi.data_growth >= 0);
554 ubifs_assert(c, c->bi.dd_growth >= 0);
555 ubifs_assert(c, c->bi.min_idx_lebs < c->main_lebs);
556 ubifs_assert(c, !(c->bi.idx_growth & 7));
557 ubifs_assert(c, !(c->bi.data_growth & 7));
558 ubifs_assert(c, !(c->bi.dd_growth & 7));
559 spin_unlock(&c->space_lock);
560}
561
562/**
563 * ubifs_convert_page_budget - convert budget of a new page.
564 * @c: UBIFS file-system description object
565 *
566 * This function converts budget which was allocated for a new page of data to
567 * the budget of changing an existing page of data. The latter is smaller than
568 * the former, so this function only does simple re-calculation and does not
569 * involve any write-back.
570 */
571void ubifs_convert_page_budget(struct ubifs_info *c)
572{
573 spin_lock(&c->space_lock);
574 /* Release the index growth reservation */
575 c->bi.idx_growth -= c->max_idx_node_sz << UBIFS_BLOCKS_PER_PAGE_SHIFT;
576 /* Release the data growth reservation */
577 c->bi.data_growth -= c->bi.page_budget;
578 /* Increase the dirty data growth reservation instead */
579 c->bi.dd_growth += c->bi.page_budget;
580 /* And re-calculate the indexing space reservation */
581 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
582 spin_unlock(&c->space_lock);
583}
584
585/**
586 * ubifs_release_dirty_inode_budget - release dirty inode budget.
587 * @c: UBIFS file-system description object
588 * @ui: UBIFS inode to release the budget for
589 *
590 * This function releases budget corresponding to a dirty inode. It is usually
591 * called when after the inode has been written to the media and marked as
592 * clean. It also causes the "no space" flags to be cleared.
593 */
594void ubifs_release_dirty_inode_budget(struct ubifs_info *c,
595 struct ubifs_inode *ui)
596{
597 struct ubifs_budget_req req;
598
599 memset(&req, 0, sizeof(struct ubifs_budget_req));
600 /* The "no space" flags will be cleared because dd_growth is > 0 */
601 req.dd_growth = c->bi.inode_budget + ALIGN(ui->data_len, 8);
602 ubifs_release_budget(c, &req);
603}
604
605/**
606 * ubifs_reported_space - calculate reported free space.
607 * @c: the UBIFS file-system description object
608 * @free: amount of free space
609 *
610 * This function calculates amount of free space which will be reported to
611 * user-space. User-space application tend to expect that if the file-system
612 * (e.g., via the 'statfs()' call) reports that it has N bytes available, they
613 * are able to write a file of size N. UBIFS attaches node headers to each data
614 * node and it has to write indexing nodes as well. This introduces additional
615 * overhead, and UBIFS has to report slightly less free space to meet the above
616 * expectations.
617 *
618 * This function assumes free space is made up of uncompressed data nodes and
619 * full index nodes (one per data node, tripled because we always allow enough
620 * space to write the index thrice).
621 *
622 * Note, the calculation is pessimistic, which means that most of the time
623 * UBIFS reports less space than it actually has.
624 */
625long long ubifs_reported_space(const struct ubifs_info *c, long long free)
626{
627 int divisor, factor, f;
628
629 /*
630 * Reported space size is @free * X, where X is UBIFS block size
631 * divided by UBIFS block size + all overhead one data block
632 * introduces. The overhead is the node header + indexing overhead.
633 *
634 * Indexing overhead calculations are based on the following formula:
635 * I = N/(f - 1) + 1, where I - number of indexing nodes, N - number
636 * of data nodes, f - fanout. Because effective UBIFS fanout is twice
637 * as less than maximum fanout, we assume that each data node
638 * introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes.
639 * Note, the multiplier 3 is because UBIFS reserves thrice as more space
640 * for the index.
641 */
642 f = c->fanout > 3 ? c->fanout >> 1 : 2;
643 factor = UBIFS_BLOCK_SIZE;
644 divisor = UBIFS_MAX_DATA_NODE_SZ;
645 divisor += (c->max_idx_node_sz * 3) / (f - 1);
646 free *= factor;
647 return div_u64(free, divisor);
648}
649
650/**
651 * ubifs_get_free_space_nolock - return amount of free space.
652 * @c: UBIFS file-system description object
653 *
654 * This function calculates amount of free space to report to user-space.
655 *
656 * Because UBIFS may introduce substantial overhead (the index, node headers,
657 * alignment, wastage at the end of LEBs, etc), it cannot report real amount of
658 * free flash space it has (well, because not all dirty space is reclaimable,
659 * UBIFS does not actually know the real amount). If UBIFS did so, it would
660 * bread user expectations about what free space is. Users seem to accustomed
661 * to assume that if the file-system reports N bytes of free space, they would
662 * be able to fit a file of N bytes to the FS. This almost works for
663 * traditional file-systems, because they have way less overhead than UBIFS.
664 * So, to keep users happy, UBIFS tries to take the overhead into account.
665 */
666long long ubifs_get_free_space_nolock(struct ubifs_info *c)
667{
668 int rsvd_idx_lebs, lebs;
669 long long available, outstanding, free;
670
671 ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
672 outstanding = c->bi.data_growth + c->bi.dd_growth;
673 available = ubifs_calc_available(c, c->bi.min_idx_lebs);
674
675 /*
676 * When reporting free space to user-space, UBIFS guarantees that it is
677 * possible to write a file of free space size. This means that for
678 * empty LEBs we may use more precise calculations than
679 * 'ubifs_calc_available()' is using. Namely, we know that in empty
680 * LEBs we would waste only @c->leb_overhead bytes, not @c->dark_wm.
681 * Thus, amend the available space.
682 *
683 * Note, the calculations below are similar to what we have in
684 * 'do_budget_space()', so refer there for comments.
685 */
686 if (c->bi.min_idx_lebs > c->lst.idx_lebs)
687 rsvd_idx_lebs = c->bi.min_idx_lebs - c->lst.idx_lebs;
688 else
689 rsvd_idx_lebs = 0;
690 lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
691 c->lst.taken_empty_lebs;
692 lebs -= rsvd_idx_lebs;
693 available += lebs * (c->dark_wm - c->leb_overhead);
694
695 if (available > outstanding)
696 free = ubifs_reported_space(c, available - outstanding);
697 else
698 free = 0;
699 return free;
700}
701
702/**
703 * ubifs_get_free_space - return amount of free space.
704 * @c: UBIFS file-system description object
705 *
706 * This function calculates and returns amount of free space to report to
707 * user-space.
708 */
709long long ubifs_get_free_space(struct ubifs_info *c)
710{
711 long long free;
712
713 spin_lock(&c->space_lock);
714 free = ubifs_get_free_space_nolock(c);
715 spin_unlock(&c->space_lock);
716
717 return free;
718}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Authors: Adrian Hunter
8 * Artem Bityutskiy (Битюцкий Артём)
9 */
10
11/*
12 * This file implements the budgeting sub-system which is responsible for UBIFS
13 * space management.
14 *
15 * Factors such as compression, wasted space at the ends of LEBs, space in other
16 * journal heads, the effect of updates on the index, and so on, make it
17 * impossible to accurately predict the amount of space needed. Consequently
18 * approximations are used.
19 */
20
21#include "ubifs.h"
22#include <linux/writeback.h>
23#include <linux/math64.h>
24
25/*
26 * When pessimistic budget calculations say that there is no enough space,
27 * UBIFS starts writing back dirty inodes and pages, doing garbage collection,
28 * or committing. The below constant defines maximum number of times UBIFS
29 * repeats the operations.
30 */
31#define MAX_MKSPC_RETRIES 3
32
33/*
34 * The below constant defines amount of dirty pages which should be written
35 * back at when trying to shrink the liability.
36 */
37#define NR_TO_WRITE 16
38
39/**
40 * shrink_liability - write-back some dirty pages/inodes.
41 * @c: UBIFS file-system description object
42 * @nr_to_write: how many dirty pages to write-back
43 *
44 * This function shrinks UBIFS liability by means of writing back some amount
45 * of dirty inodes and their pages.
46 *
47 * Note, this function synchronizes even VFS inodes which are locked
48 * (@i_mutex) by the caller of the budgeting function, because write-back does
49 * not touch @i_mutex.
50 */
51static void shrink_liability(struct ubifs_info *c, int nr_to_write)
52{
53 down_read(&c->vfs_sb->s_umount);
54 writeback_inodes_sb_nr(c->vfs_sb, nr_to_write, WB_REASON_FS_FREE_SPACE);
55 up_read(&c->vfs_sb->s_umount);
56}
57
58/**
59 * run_gc - run garbage collector.
60 * @c: UBIFS file-system description object
61 *
62 * This function runs garbage collector to make some more free space. Returns
63 * zero if a free LEB has been produced, %-EAGAIN if commit is required, and a
64 * negative error code in case of failure.
65 */
66static int run_gc(struct ubifs_info *c)
67{
68 int lnum;
69
70 /* Make some free space by garbage-collecting dirty space */
71 down_read(&c->commit_sem);
72 lnum = ubifs_garbage_collect(c, 1);
73 up_read(&c->commit_sem);
74 if (lnum < 0)
75 return lnum;
76
77 /* GC freed one LEB, return it to lprops */
78 dbg_budg("GC freed LEB %d", lnum);
79 return ubifs_return_leb(c, lnum);
80}
81
82/**
83 * get_liability - calculate current liability.
84 * @c: UBIFS file-system description object
85 *
86 * This function calculates and returns current UBIFS liability, i.e. the
87 * amount of bytes UBIFS has "promised" to write to the media.
88 */
89static long long get_liability(struct ubifs_info *c)
90{
91 long long liab;
92
93 spin_lock(&c->space_lock);
94 liab = c->bi.idx_growth + c->bi.data_growth + c->bi.dd_growth;
95 spin_unlock(&c->space_lock);
96 return liab;
97}
98
99/**
100 * make_free_space - make more free space on the file-system.
101 * @c: UBIFS file-system description object
102 *
103 * This function is called when an operation cannot be budgeted because there
104 * is supposedly no free space. But in most cases there is some free space:
105 * o budgeting is pessimistic, so it always budgets more than it is actually
106 * needed, so shrinking the liability is one way to make free space - the
107 * cached data will take less space then it was budgeted for;
108 * o GC may turn some dark space into free space (budgeting treats dark space
109 * as not available);
110 * o commit may free some LEB, i.e., turn freeable LEBs into free LEBs.
111 *
112 * So this function tries to do the above. Returns %-EAGAIN if some free space
113 * was presumably made and the caller has to re-try budgeting the operation.
114 * Returns %-ENOSPC if it couldn't do more free space, and other negative error
115 * codes on failures.
116 */
117static int make_free_space(struct ubifs_info *c)
118{
119 int err, retries = 0;
120 long long liab1, liab2;
121
122 do {
123 liab1 = get_liability(c);
124 /*
125 * We probably have some dirty pages or inodes (liability), try
126 * to write them back.
127 */
128 dbg_budg("liability %lld, run write-back", liab1);
129 shrink_liability(c, NR_TO_WRITE);
130
131 liab2 = get_liability(c);
132 if (liab2 < liab1)
133 return -EAGAIN;
134
135 dbg_budg("new liability %lld (not shrunk)", liab2);
136
137 /* Liability did not shrink again, try GC */
138 dbg_budg("Run GC");
139 err = run_gc(c);
140 if (!err)
141 return -EAGAIN;
142
143 if (err != -EAGAIN && err != -ENOSPC)
144 /* Some real error happened */
145 return err;
146
147 dbg_budg("Run commit (retries %d)", retries);
148 err = ubifs_run_commit(c);
149 if (err)
150 return err;
151 } while (retries++ < MAX_MKSPC_RETRIES);
152
153 return -ENOSPC;
154}
155
156/**
157 * ubifs_calc_min_idx_lebs - calculate amount of LEBs for the index.
158 * @c: UBIFS file-system description object
159 *
160 * This function calculates and returns the number of LEBs which should be kept
161 * for index usage.
162 */
163int ubifs_calc_min_idx_lebs(struct ubifs_info *c)
164{
165 int idx_lebs;
166 long long idx_size;
167
168 idx_size = c->bi.old_idx_sz + c->bi.idx_growth + c->bi.uncommitted_idx;
169 /* And make sure we have thrice the index size of space reserved */
170 idx_size += idx_size << 1;
171 /*
172 * We do not maintain 'old_idx_size' as 'old_idx_lebs'/'old_idx_bytes'
173 * pair, nor similarly the two variables for the new index size, so we
174 * have to do this costly 64-bit division on fast-path.
175 */
176 idx_lebs = div_u64(idx_size + c->idx_leb_size - 1, c->idx_leb_size);
177 /*
178 * The index head is not available for the in-the-gaps method, so add an
179 * extra LEB to compensate.
180 */
181 idx_lebs += 1;
182 if (idx_lebs < MIN_INDEX_LEBS)
183 idx_lebs = MIN_INDEX_LEBS;
184 return idx_lebs;
185}
186
187/**
188 * ubifs_calc_available - calculate available FS space.
189 * @c: UBIFS file-system description object
190 * @min_idx_lebs: minimum number of LEBs reserved for the index
191 *
192 * This function calculates and returns amount of FS space available for use.
193 */
194long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
195{
196 int subtract_lebs;
197 long long available;
198
199 available = c->main_bytes - c->lst.total_used;
200
201 /*
202 * Now 'available' contains theoretically available flash space
203 * assuming there is no index, so we have to subtract the space which
204 * is reserved for the index.
205 */
206 subtract_lebs = min_idx_lebs;
207
208 /* Take into account that GC reserves one LEB for its own needs */
209 subtract_lebs += 1;
210
211 /*
212 * Since different write types go to different heads, we should
213 * reserve one leb for each head.
214 */
215 subtract_lebs += c->jhead_cnt;
216
217 /* We also reserve one LEB for deletions, which bypass budgeting */
218 subtract_lebs += 1;
219
220 available -= (long long)subtract_lebs * c->leb_size;
221
222 /* Subtract the dead space which is not available for use */
223 available -= c->lst.total_dead;
224
225 /*
226 * Subtract dark space, which might or might not be usable - it depends
227 * on the data which we have on the media and which will be written. If
228 * this is a lot of uncompressed or not-compressible data, the dark
229 * space cannot be used.
230 */
231 available -= c->lst.total_dark;
232
233 /*
234 * However, there is more dark space. The index may be bigger than
235 * @min_idx_lebs. Those extra LEBs are assumed to be available, but
236 * their dark space is not included in total_dark, so it is subtracted
237 * here.
238 */
239 if (c->lst.idx_lebs > min_idx_lebs) {
240 subtract_lebs = c->lst.idx_lebs - min_idx_lebs;
241 available -= subtract_lebs * c->dark_wm;
242 }
243
244 /* The calculations are rough and may end up with a negative number */
245 return available > 0 ? available : 0;
246}
247
248/**
249 * can_use_rp - check whether the user is allowed to use reserved pool.
250 * @c: UBIFS file-system description object
251 *
252 * UBIFS has so-called "reserved pool" which is flash space reserved
253 * for the superuser and for uses whose UID/GID is recorded in UBIFS superblock.
254 * This function checks whether current user is allowed to use reserved pool.
255 * Returns %1 current user is allowed to use reserved pool and %0 otherwise.
256 */
257static int can_use_rp(struct ubifs_info *c)
258{
259 if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
260 (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
261 return 1;
262 return 0;
263}
264
265/**
266 * do_budget_space - reserve flash space for index and data growth.
267 * @c: UBIFS file-system description object
268 *
269 * This function makes sure UBIFS has enough free LEBs for index growth and
270 * data.
271 *
272 * When budgeting index space, UBIFS reserves thrice as many LEBs as the index
273 * would take if it was consolidated and written to the flash. This guarantees
274 * that the "in-the-gaps" commit method always succeeds and UBIFS will always
275 * be able to commit dirty index. So this function basically adds amount of
276 * budgeted index space to the size of the current index, multiplies this by 3,
277 * and makes sure this does not exceed the amount of free LEBs.
278 *
279 * Notes about @c->bi.min_idx_lebs and @c->lst.idx_lebs variables:
280 * o @c->lst.idx_lebs is the number of LEBs the index currently uses. It might
281 * be large, because UBIFS does not do any index consolidation as long as
282 * there is free space. IOW, the index may take a lot of LEBs, but the LEBs
283 * will contain a lot of dirt.
284 * o @c->bi.min_idx_lebs is the number of LEBS the index presumably takes. IOW,
285 * the index may be consolidated to take up to @c->bi.min_idx_lebs LEBs.
286 *
287 * This function returns zero in case of success, and %-ENOSPC in case of
288 * failure.
289 */
290static int do_budget_space(struct ubifs_info *c)
291{
292 long long outstanding, available;
293 int lebs, rsvd_idx_lebs, min_idx_lebs;
294
295 /* First budget index space */
296 min_idx_lebs = ubifs_calc_min_idx_lebs(c);
297
298 /* Now 'min_idx_lebs' contains number of LEBs to reserve */
299 if (min_idx_lebs > c->lst.idx_lebs)
300 rsvd_idx_lebs = min_idx_lebs - c->lst.idx_lebs;
301 else
302 rsvd_idx_lebs = 0;
303
304 /*
305 * The number of LEBs that are available to be used by the index is:
306 *
307 * @c->lst.empty_lebs + @c->freeable_cnt + @c->idx_gc_cnt -
308 * @c->lst.taken_empty_lebs
309 *
310 * @c->lst.empty_lebs are available because they are empty.
311 * @c->freeable_cnt are available because they contain only free and
312 * dirty space, @c->idx_gc_cnt are available because they are index
313 * LEBs that have been garbage collected and are awaiting the commit
314 * before they can be used. And the in-the-gaps method will grab these
315 * if it needs them. @c->lst.taken_empty_lebs are empty LEBs that have
316 * already been allocated for some purpose.
317 *
318 * Note, @c->idx_gc_cnt is included to both @c->lst.empty_lebs (because
319 * these LEBs are empty) and to @c->lst.taken_empty_lebs (because they
320 * are taken until after the commit).
321 *
322 * Note, @c->lst.taken_empty_lebs may temporarily be higher by one
323 * because of the way we serialize LEB allocations and budgeting. See a
324 * comment in 'ubifs_find_free_space()'.
325 */
326 lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
327 c->lst.taken_empty_lebs;
328 if (unlikely(rsvd_idx_lebs > lebs)) {
329 dbg_budg("out of indexing space: min_idx_lebs %d (old %d), rsvd_idx_lebs %d",
330 min_idx_lebs, c->bi.min_idx_lebs, rsvd_idx_lebs);
331 return -ENOSPC;
332 }
333
334 available = ubifs_calc_available(c, min_idx_lebs);
335 outstanding = c->bi.data_growth + c->bi.dd_growth;
336
337 if (unlikely(available < outstanding)) {
338 dbg_budg("out of data space: available %lld, outstanding %lld",
339 available, outstanding);
340 return -ENOSPC;
341 }
342
343 if (available - outstanding <= c->rp_size && !can_use_rp(c))
344 return -ENOSPC;
345
346 c->bi.min_idx_lebs = min_idx_lebs;
347 return 0;
348}
349
350/**
351 * calc_idx_growth - calculate approximate index growth from budgeting request.
352 * @c: UBIFS file-system description object
353 * @req: budgeting request
354 *
355 * For now we assume each new node adds one znode. But this is rather poor
356 * approximation, though.
357 */
358static int calc_idx_growth(const struct ubifs_info *c,
359 const struct ubifs_budget_req *req)
360{
361 int znodes;
362
363 znodes = req->new_ino + (req->new_page << UBIFS_BLOCKS_PER_PAGE_SHIFT) +
364 req->new_dent;
365 return znodes * c->max_idx_node_sz;
366}
367
368/**
369 * calc_data_growth - calculate approximate amount of new data from budgeting
370 * request.
371 * @c: UBIFS file-system description object
372 * @req: budgeting request
373 */
374static int calc_data_growth(const struct ubifs_info *c,
375 const struct ubifs_budget_req *req)
376{
377 int data_growth;
378
379 data_growth = req->new_ino ? c->bi.inode_budget : 0;
380 if (req->new_page)
381 data_growth += c->bi.page_budget;
382 if (req->new_dent)
383 data_growth += c->bi.dent_budget;
384 data_growth += req->new_ino_d;
385 return data_growth;
386}
387
388/**
389 * calc_dd_growth - calculate approximate amount of data which makes other data
390 * dirty from budgeting request.
391 * @c: UBIFS file-system description object
392 * @req: budgeting request
393 */
394static int calc_dd_growth(const struct ubifs_info *c,
395 const struct ubifs_budget_req *req)
396{
397 int dd_growth;
398
399 dd_growth = req->dirtied_page ? c->bi.page_budget : 0;
400
401 if (req->dirtied_ino)
402 dd_growth += c->bi.inode_budget * req->dirtied_ino;
403 if (req->mod_dent)
404 dd_growth += c->bi.dent_budget;
405 dd_growth += req->dirtied_ino_d;
406 return dd_growth;
407}
408
409/**
410 * ubifs_budget_space - ensure there is enough space to complete an operation.
411 * @c: UBIFS file-system description object
412 * @req: budget request
413 *
414 * This function allocates budget for an operation. It uses pessimistic
415 * approximation of how much flash space the operation needs. The goal of this
416 * function is to make sure UBIFS always has flash space to flush all dirty
417 * pages, dirty inodes, and dirty znodes (liability). This function may force
418 * commit, garbage-collection or write-back. Returns zero in case of success,
419 * %-ENOSPC if there is no free space and other negative error codes in case of
420 * failures.
421 */
422int ubifs_budget_space(struct ubifs_info *c, struct ubifs_budget_req *req)
423{
424 int err, idx_growth, data_growth, dd_growth, retried = 0;
425
426 ubifs_assert(c, req->new_page <= 1);
427 ubifs_assert(c, req->dirtied_page <= 1);
428 ubifs_assert(c, req->new_dent <= 1);
429 ubifs_assert(c, req->mod_dent <= 1);
430 ubifs_assert(c, req->new_ino <= 1);
431 ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
432 ubifs_assert(c, req->dirtied_ino <= 4);
433 ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
434 ubifs_assert(c, !(req->new_ino_d & 7));
435 ubifs_assert(c, !(req->dirtied_ino_d & 7));
436
437 data_growth = calc_data_growth(c, req);
438 dd_growth = calc_dd_growth(c, req);
439 if (!data_growth && !dd_growth)
440 return 0;
441 idx_growth = calc_idx_growth(c, req);
442
443again:
444 spin_lock(&c->space_lock);
445 ubifs_assert(c, c->bi.idx_growth >= 0);
446 ubifs_assert(c, c->bi.data_growth >= 0);
447 ubifs_assert(c, c->bi.dd_growth >= 0);
448
449 if (unlikely(c->bi.nospace) && (c->bi.nospace_rp || !can_use_rp(c))) {
450 dbg_budg("no space");
451 spin_unlock(&c->space_lock);
452 return -ENOSPC;
453 }
454
455 c->bi.idx_growth += idx_growth;
456 c->bi.data_growth += data_growth;
457 c->bi.dd_growth += dd_growth;
458
459 err = do_budget_space(c);
460 if (likely(!err)) {
461 req->idx_growth = idx_growth;
462 req->data_growth = data_growth;
463 req->dd_growth = dd_growth;
464 spin_unlock(&c->space_lock);
465 return 0;
466 }
467
468 /* Restore the old values */
469 c->bi.idx_growth -= idx_growth;
470 c->bi.data_growth -= data_growth;
471 c->bi.dd_growth -= dd_growth;
472 spin_unlock(&c->space_lock);
473
474 if (req->fast) {
475 dbg_budg("no space for fast budgeting");
476 return err;
477 }
478
479 err = make_free_space(c);
480 cond_resched();
481 if (err == -EAGAIN) {
482 dbg_budg("try again");
483 goto again;
484 } else if (err == -ENOSPC) {
485 if (!retried) {
486 retried = 1;
487 dbg_budg("-ENOSPC, but anyway try once again");
488 goto again;
489 }
490 dbg_budg("FS is full, -ENOSPC");
491 c->bi.nospace = 1;
492 if (can_use_rp(c) || c->rp_size == 0)
493 c->bi.nospace_rp = 1;
494 smp_wmb();
495 } else
496 ubifs_err(c, "cannot budget space, error %d", err);
497 return err;
498}
499
500/**
501 * ubifs_release_budget - release budgeted free space.
502 * @c: UBIFS file-system description object
503 * @req: budget request
504 *
505 * This function releases the space budgeted by 'ubifs_budget_space()'. Note,
506 * since the index changes (which were budgeted for in @req->idx_growth) will
507 * only be written to the media on commit, this function moves the index budget
508 * from @c->bi.idx_growth to @c->bi.uncommitted_idx. The latter will be zeroed
509 * by the commit operation.
510 */
511void ubifs_release_budget(struct ubifs_info *c, struct ubifs_budget_req *req)
512{
513 ubifs_assert(c, req->new_page <= 1);
514 ubifs_assert(c, req->dirtied_page <= 1);
515 ubifs_assert(c, req->new_dent <= 1);
516 ubifs_assert(c, req->mod_dent <= 1);
517 ubifs_assert(c, req->new_ino <= 1);
518 ubifs_assert(c, req->new_ino_d <= UBIFS_MAX_INO_DATA);
519 ubifs_assert(c, req->dirtied_ino <= 4);
520 ubifs_assert(c, req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
521 ubifs_assert(c, !(req->new_ino_d & 7));
522 ubifs_assert(c, !(req->dirtied_ino_d & 7));
523 if (!req->recalculate) {
524 ubifs_assert(c, req->idx_growth >= 0);
525 ubifs_assert(c, req->data_growth >= 0);
526 ubifs_assert(c, req->dd_growth >= 0);
527 }
528
529 if (req->recalculate) {
530 req->data_growth = calc_data_growth(c, req);
531 req->dd_growth = calc_dd_growth(c, req);
532 req->idx_growth = calc_idx_growth(c, req);
533 }
534
535 if (!req->data_growth && !req->dd_growth)
536 return;
537
538 c->bi.nospace = c->bi.nospace_rp = 0;
539 smp_wmb();
540
541 spin_lock(&c->space_lock);
542 c->bi.idx_growth -= req->idx_growth;
543 c->bi.uncommitted_idx += req->idx_growth;
544 c->bi.data_growth -= req->data_growth;
545 c->bi.dd_growth -= req->dd_growth;
546 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
547
548 ubifs_assert(c, c->bi.idx_growth >= 0);
549 ubifs_assert(c, c->bi.data_growth >= 0);
550 ubifs_assert(c, c->bi.dd_growth >= 0);
551 ubifs_assert(c, c->bi.min_idx_lebs < c->main_lebs);
552 ubifs_assert(c, !(c->bi.idx_growth & 7));
553 ubifs_assert(c, !(c->bi.data_growth & 7));
554 ubifs_assert(c, !(c->bi.dd_growth & 7));
555 spin_unlock(&c->space_lock);
556}
557
558/**
559 * ubifs_convert_page_budget - convert budget of a new page.
560 * @c: UBIFS file-system description object
561 *
562 * This function converts budget which was allocated for a new page of data to
563 * the budget of changing an existing page of data. The latter is smaller than
564 * the former, so this function only does simple re-calculation and does not
565 * involve any write-back.
566 */
567void ubifs_convert_page_budget(struct ubifs_info *c)
568{
569 spin_lock(&c->space_lock);
570 /* Release the index growth reservation */
571 c->bi.idx_growth -= c->max_idx_node_sz << UBIFS_BLOCKS_PER_PAGE_SHIFT;
572 /* Release the data growth reservation */
573 c->bi.data_growth -= c->bi.page_budget;
574 /* Increase the dirty data growth reservation instead */
575 c->bi.dd_growth += c->bi.page_budget;
576 /* And re-calculate the indexing space reservation */
577 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
578 spin_unlock(&c->space_lock);
579}
580
581/**
582 * ubifs_release_dirty_inode_budget - release dirty inode budget.
583 * @c: UBIFS file-system description object
584 * @ui: UBIFS inode to release the budget for
585 *
586 * This function releases budget corresponding to a dirty inode. It is usually
587 * called when after the inode has been written to the media and marked as
588 * clean. It also causes the "no space" flags to be cleared.
589 */
590void ubifs_release_dirty_inode_budget(struct ubifs_info *c,
591 struct ubifs_inode *ui)
592{
593 struct ubifs_budget_req req;
594
595 memset(&req, 0, sizeof(struct ubifs_budget_req));
596 /* The "no space" flags will be cleared because dd_growth is > 0 */
597 req.dd_growth = c->bi.inode_budget + ALIGN(ui->data_len, 8);
598 ubifs_release_budget(c, &req);
599}
600
601/**
602 * ubifs_reported_space - calculate reported free space.
603 * @c: the UBIFS file-system description object
604 * @free: amount of free space
605 *
606 * This function calculates amount of free space which will be reported to
607 * user-space. User-space application tend to expect that if the file-system
608 * (e.g., via the 'statfs()' call) reports that it has N bytes available, they
609 * are able to write a file of size N. UBIFS attaches node headers to each data
610 * node and it has to write indexing nodes as well. This introduces additional
611 * overhead, and UBIFS has to report slightly less free space to meet the above
612 * expectations.
613 *
614 * This function assumes free space is made up of uncompressed data nodes and
615 * full index nodes (one per data node, tripled because we always allow enough
616 * space to write the index thrice).
617 *
618 * Note, the calculation is pessimistic, which means that most of the time
619 * UBIFS reports less space than it actually has.
620 */
621long long ubifs_reported_space(const struct ubifs_info *c, long long free)
622{
623 int divisor, factor, f;
624
625 /*
626 * Reported space size is @free * X, where X is UBIFS block size
627 * divided by UBIFS block size + all overhead one data block
628 * introduces. The overhead is the node header + indexing overhead.
629 *
630 * Indexing overhead calculations are based on the following formula:
631 * I = N/(f - 1) + 1, where I - number of indexing nodes, N - number
632 * of data nodes, f - fanout. Because effective UBIFS fanout is twice
633 * as less than maximum fanout, we assume that each data node
634 * introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes.
635 * Note, the multiplier 3 is because UBIFS reserves thrice as more space
636 * for the index.
637 */
638 f = c->fanout > 3 ? c->fanout >> 1 : 2;
639 factor = UBIFS_BLOCK_SIZE;
640 divisor = UBIFS_MAX_DATA_NODE_SZ;
641 divisor += (c->max_idx_node_sz * 3) / (f - 1);
642 free *= factor;
643 return div_u64(free, divisor);
644}
645
646/**
647 * ubifs_get_free_space_nolock - return amount of free space.
648 * @c: UBIFS file-system description object
649 *
650 * This function calculates amount of free space to report to user-space.
651 *
652 * Because UBIFS may introduce substantial overhead (the index, node headers,
653 * alignment, wastage at the end of LEBs, etc), it cannot report real amount of
654 * free flash space it has (well, because not all dirty space is reclaimable,
655 * UBIFS does not actually know the real amount). If UBIFS did so, it would
656 * bread user expectations about what free space is. Users seem to accustomed
657 * to assume that if the file-system reports N bytes of free space, they would
658 * be able to fit a file of N bytes to the FS. This almost works for
659 * traditional file-systems, because they have way less overhead than UBIFS.
660 * So, to keep users happy, UBIFS tries to take the overhead into account.
661 */
662long long ubifs_get_free_space_nolock(struct ubifs_info *c)
663{
664 int rsvd_idx_lebs, lebs;
665 long long available, outstanding, free;
666
667 ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
668 outstanding = c->bi.data_growth + c->bi.dd_growth;
669 available = ubifs_calc_available(c, c->bi.min_idx_lebs);
670
671 /*
672 * When reporting free space to user-space, UBIFS guarantees that it is
673 * possible to write a file of free space size. This means that for
674 * empty LEBs we may use more precise calculations than
675 * 'ubifs_calc_available()' is using. Namely, we know that in empty
676 * LEBs we would waste only @c->leb_overhead bytes, not @c->dark_wm.
677 * Thus, amend the available space.
678 *
679 * Note, the calculations below are similar to what we have in
680 * 'do_budget_space()', so refer there for comments.
681 */
682 if (c->bi.min_idx_lebs > c->lst.idx_lebs)
683 rsvd_idx_lebs = c->bi.min_idx_lebs - c->lst.idx_lebs;
684 else
685 rsvd_idx_lebs = 0;
686 lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
687 c->lst.taken_empty_lebs;
688 lebs -= rsvd_idx_lebs;
689 available += lebs * (c->dark_wm - c->leb_overhead);
690
691 if (available > outstanding)
692 free = ubifs_reported_space(c, available - outstanding);
693 else
694 free = 0;
695 return free;
696}
697
698/**
699 * ubifs_get_free_space - return amount of free space.
700 * @c: UBIFS file-system description object
701 *
702 * This function calculates and returns amount of free space to report to
703 * user-space.
704 */
705long long ubifs_get_free_space(struct ubifs_info *c)
706{
707 long long free;
708
709 spin_lock(&c->space_lock);
710 free = ubifs_get_free_space_nolock(c);
711 spin_unlock(&c->space_lock);
712
713 return free;
714}