1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * linux/fs/jbd2/recovery.c
4 *
5 * Written by Stephen C. Tweedie <sct@redhat.com>, 1999
6 *
7 * Copyright 1999-2000 Red Hat Software --- All Rights Reserved
8 *
9 * Journal recovery routines for the generic filesystem journaling code;
10 * part of the ext2fs journaling system.
11 */
12
13 #ifndef __KERNEL__
14 #include "jfs_user.h"
15 #else
16 #include <linux/time.h>
17 #include <linux/fs.h>
18 #include <linux/jbd2.h>
19 #include <linux/errno.h>
20 #include <linux/crc32.h>
21 #include <linux/blkdev.h>
22 #include <linux/string_choices.h>
23 #endif
24
25 /*
26 * Maintain information about the progress of the recovery job, so that
27 * the different passes can carry information between them.
28 */
29 struct recovery_info
30 {
31 tid_t start_transaction;
32 tid_t end_transaction;
33 unsigned long head_block;
34
35 int nr_replays;
36 int nr_revokes;
37 int nr_revoke_hits;
38 };
39
40 static int do_one_pass(journal_t *journal,
41 struct recovery_info *info, enum passtype pass);
42 static int scan_revoke_records(journal_t *, struct buffer_head *,
43 tid_t, struct recovery_info *);
44
45 #ifdef __KERNEL__
46
47 /* Release readahead buffers after use */
journal_brelse_array(struct buffer_head * b[],int n)48 static void journal_brelse_array(struct buffer_head *b[], int n)
49 {
50 while (--n >= 0)
51 brelse (b[n]);
52 }
53
54
55 /*
56 * When reading from the journal, we are going through the block device
57 * layer directly and so there is no readahead being done for us. We
58 * need to implement any readahead ourselves if we want it to happen at
59 * all. Recovery is basically one long sequential read, so make sure we
60 * do the IO in reasonably large chunks.
61 *
62 * This is not so critical that we need to be enormously clever about
63 * the readahead size, though. 128K is a purely arbitrary, good-enough
64 * fixed value.
65 */
66
67 #define MAXBUF 8
do_readahead(journal_t * journal,unsigned int start)68 static int do_readahead(journal_t *journal, unsigned int start)
69 {
70 int err;
71 unsigned int max, nbufs, next;
72 unsigned long long blocknr;
73 struct buffer_head *bh;
74
75 struct buffer_head * bufs[MAXBUF];
76
77 /* Do up to 128K of readahead */
78 max = start + (128 * 1024 / journal->j_blocksize);
79 if (max > journal->j_total_len)
80 max = journal->j_total_len;
81
82 /* Do the readahead itself. We'll submit MAXBUF buffer_heads at
83 * a time to the block device IO layer. */
84
85 nbufs = 0;
86
87 for (next = start; next < max; next++) {
88 err = jbd2_journal_bmap(journal, next, &blocknr);
89
90 if (err) {
91 printk(KERN_ERR "JBD2: bad block at offset %u\n",
92 next);
93 goto failed;
94 }
95
96 bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
97 if (!bh) {
98 err = -ENOMEM;
99 goto failed;
100 }
101
102 if (!buffer_uptodate(bh) && !buffer_locked(bh)) {
103 bufs[nbufs++] = bh;
104 if (nbufs == MAXBUF) {
105 bh_readahead_batch(nbufs, bufs, 0);
106 journal_brelse_array(bufs, nbufs);
107 nbufs = 0;
108 }
109 } else
110 brelse(bh);
111 }
112
113 if (nbufs)
114 bh_readahead_batch(nbufs, bufs, 0);
115 err = 0;
116
117 failed:
118 if (nbufs)
119 journal_brelse_array(bufs, nbufs);
120 return err;
121 }
122
123 #endif /* __KERNEL__ */
124
125
126 /*
127 * Read a block from the journal
128 */
129
jread(struct buffer_head ** bhp,journal_t * journal,unsigned int offset)130 static int jread(struct buffer_head **bhp, journal_t *journal,
131 unsigned int offset)
132 {
133 int err;
134 unsigned long long blocknr;
135 struct buffer_head *bh;
136
137 *bhp = NULL;
138
139 if (offset >= journal->j_total_len) {
140 printk(KERN_ERR "JBD2: corrupted journal superblock\n");
141 return -EFSCORRUPTED;
142 }
143
144 err = jbd2_journal_bmap(journal, offset, &blocknr);
145
146 if (err) {
147 printk(KERN_ERR "JBD2: bad block at offset %u\n",
148 offset);
149 return err;
150 }
151
152 bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
153 if (!bh)
154 return -ENOMEM;
155
156 if (!buffer_uptodate(bh)) {
157 /*
158 * If this is a brand new buffer, start readahead.
159 * Otherwise, we assume we are already reading it.
160 */
161 bool need_readahead = !buffer_req(bh);
162
163 bh_read_nowait(bh, 0);
164 if (need_readahead)
165 do_readahead(journal, offset);
166 wait_on_buffer(bh);
167 }
168
169 if (!buffer_uptodate(bh)) {
170 printk(KERN_ERR "JBD2: Failed to read block at offset %u\n",
171 offset);
172 brelse(bh);
173 return -EIO;
174 }
175
176 *bhp = bh;
177 return 0;
178 }
179
jbd2_descriptor_block_csum_verify(journal_t * j,void * buf)180 static int jbd2_descriptor_block_csum_verify(journal_t *j, void *buf)
181 {
182 struct jbd2_journal_block_tail *tail;
183 __be32 provided;
184 __u32 calculated;
185
186 if (!jbd2_journal_has_csum_v2or3(j))
187 return 1;
188
189 tail = (struct jbd2_journal_block_tail *)((char *)buf +
190 j->j_blocksize - sizeof(struct jbd2_journal_block_tail));
191 provided = tail->t_checksum;
192 tail->t_checksum = 0;
193 calculated = jbd2_chksum(j, j->j_csum_seed, buf, j->j_blocksize);
194 tail->t_checksum = provided;
195
196 return provided == cpu_to_be32(calculated);
197 }
198
199 /*
200 * Count the number of in-use tags in a journal descriptor block.
201 */
202
count_tags(journal_t * journal,struct buffer_head * bh)203 static int count_tags(journal_t *journal, struct buffer_head *bh)
204 {
205 char * tagp;
206 journal_block_tag_t tag;
207 int nr = 0, size = journal->j_blocksize;
208 int tag_bytes = journal_tag_bytes(journal);
209
210 if (jbd2_journal_has_csum_v2or3(journal))
211 size -= sizeof(struct jbd2_journal_block_tail);
212
213 tagp = &bh->b_data[sizeof(journal_header_t)];
214
215 while ((tagp - bh->b_data + tag_bytes) <= size) {
216 memcpy(&tag, tagp, sizeof(tag));
217
218 nr++;
219 tagp += tag_bytes;
220 if (!(tag.t_flags & cpu_to_be16(JBD2_FLAG_SAME_UUID)))
221 tagp += 16;
222
223 if (tag.t_flags & cpu_to_be16(JBD2_FLAG_LAST_TAG))
224 break;
225 }
226
227 return nr;
228 }
229
230
231 /* Make sure we wrap around the log correctly! */
232 #define wrap(journal, var) \
233 do { \
234 if (var >= (journal)->j_last) \
235 var -= ((journal)->j_last - (journal)->j_first); \
236 } while (0)
237
fc_do_one_pass(journal_t * journal,struct recovery_info * info,enum passtype pass)238 static int fc_do_one_pass(journal_t *journal,
239 struct recovery_info *info, enum passtype pass)
240 {
241 unsigned int expected_commit_id = info->end_transaction;
242 unsigned long next_fc_block;
243 struct buffer_head *bh;
244 int err = 0;
245
246 next_fc_block = journal->j_fc_first;
247 if (!journal->j_fc_replay_callback)
248 return 0;
249
250 while (next_fc_block <= journal->j_fc_last) {
251 jbd2_debug(3, "Fast commit replay: next block %ld\n",
252 next_fc_block);
253 err = jread(&bh, journal, next_fc_block);
254 if (err) {
255 jbd2_debug(3, "Fast commit replay: read error\n");
256 break;
257 }
258
259 err = journal->j_fc_replay_callback(journal, bh, pass,
260 next_fc_block - journal->j_fc_first,
261 expected_commit_id);
262 brelse(bh);
263 next_fc_block++;
264 if (err < 0 || err == JBD2_FC_REPLAY_STOP)
265 break;
266 err = 0;
267 }
268
269 if (err)
270 jbd2_debug(3, "Fast commit replay failed, err = %d\n", err);
271
272 return err;
273 }
274
275 /**
276 * jbd2_journal_recover - recovers a on-disk journal
277 * @journal: the journal to recover
278 *
279 * The primary function for recovering the log contents when mounting a
280 * journaled device.
281 *
282 * Recovery is done in three passes. In the first pass, we look for the
283 * end of the log. In the second, we assemble the list of revoke
284 * blocks. In the third and final pass, we replay any un-revoked blocks
285 * in the log.
286 */
jbd2_journal_recover(journal_t * journal)287 int jbd2_journal_recover(journal_t *journal)
288 {
289 int err, err2;
290 journal_superblock_t * sb;
291
292 struct recovery_info info;
293
294 memset(&info, 0, sizeof(info));
295 sb = journal->j_superblock;
296
297 /*
298 * The journal superblock's s_start field (the current log head)
299 * is always zero if, and only if, the journal was cleanly
300 * unmounted.
301 */
302 if (!sb->s_start) {
303 jbd2_debug(1, "No recovery required, last transaction %d, head block %u\n",
304 be32_to_cpu(sb->s_sequence), be32_to_cpu(sb->s_head));
305 journal->j_transaction_sequence = be32_to_cpu(sb->s_sequence) + 1;
306 journal->j_head = be32_to_cpu(sb->s_head);
307 return 0;
308 }
309
310 err = do_one_pass(journal, &info, PASS_SCAN);
311 if (!err)
312 err = do_one_pass(journal, &info, PASS_REVOKE);
313 if (!err)
314 err = do_one_pass(journal, &info, PASS_REPLAY);
315
316 jbd2_debug(1, "JBD2: recovery, exit status %d, "
317 "recovered transactions %u to %u\n",
318 err, info.start_transaction, info.end_transaction);
319 jbd2_debug(1, "JBD2: Replayed %d and revoked %d/%d blocks\n",
320 info.nr_replays, info.nr_revoke_hits, info.nr_revokes);
321
322 /* Restart the log at the next transaction ID, thus invalidating
323 * any existing commit records in the log. */
324 journal->j_transaction_sequence = ++info.end_transaction;
325 journal->j_head = info.head_block;
326 jbd2_debug(1, "JBD2: last transaction %d, head block %lu\n",
327 journal->j_transaction_sequence, journal->j_head);
328
329 jbd2_journal_clear_revoke(journal);
330 err2 = sync_blockdev(journal->j_fs_dev);
331 if (!err)
332 err = err2;
333 err2 = jbd2_check_fs_dev_write_error(journal);
334 if (!err)
335 err = err2;
336 /* Make sure all replayed data is on permanent storage */
337 if (journal->j_flags & JBD2_BARRIER) {
338 err2 = blkdev_issue_flush(journal->j_fs_dev);
339 if (!err)
340 err = err2;
341 }
342 return err;
343 }
344
345 /**
346 * jbd2_journal_skip_recovery - Start journal and wipe exiting records
347 * @journal: journal to startup
348 *
349 * Locate any valid recovery information from the journal and set up the
350 * journal structures in memory to ignore it (presumably because the
351 * caller has evidence that it is out of date).
352 * This function doesn't appear to be exported..
353 *
354 * We perform one pass over the journal to allow us to tell the user how
355 * much recovery information is being erased, and to let us initialise
356 * the journal transaction sequence numbers to the next unused ID.
357 */
jbd2_journal_skip_recovery(journal_t * journal)358 int jbd2_journal_skip_recovery(journal_t *journal)
359 {
360 int err;
361
362 struct recovery_info info;
363
364 memset (&info, 0, sizeof(info));
365
366 err = do_one_pass(journal, &info, PASS_SCAN);
367
368 if (err) {
369 printk(KERN_ERR "JBD2: error %d scanning journal\n", err);
370 ++journal->j_transaction_sequence;
371 journal->j_head = journal->j_first;
372 } else {
373 #ifdef CONFIG_JBD2_DEBUG
374 int dropped = info.end_transaction -
375 be32_to_cpu(journal->j_superblock->s_sequence);
376 jbd2_debug(1,
377 "JBD2: ignoring %d transaction%s from the journal.\n",
378 dropped, str_plural(dropped));
379 #endif
380 journal->j_transaction_sequence = ++info.end_transaction;
381 journal->j_head = info.head_block;
382 }
383
384 journal->j_tail = 0;
385 return err;
386 }
387
read_tag_block(journal_t * journal,journal_block_tag_t * tag)388 static inline unsigned long long read_tag_block(journal_t *journal,
389 journal_block_tag_t *tag)
390 {
391 unsigned long long block = be32_to_cpu(tag->t_blocknr);
392 if (jbd2_has_feature_64bit(journal))
393 block |= (u64)be32_to_cpu(tag->t_blocknr_high) << 32;
394 return block;
395 }
396
397 /*
398 * calc_chksums calculates the checksums for the blocks described in the
399 * descriptor block.
400 */
calc_chksums(journal_t * journal,struct buffer_head * bh,unsigned long * next_log_block,__u32 * crc32_sum)401 static int calc_chksums(journal_t *journal, struct buffer_head *bh,
402 unsigned long *next_log_block, __u32 *crc32_sum)
403 {
404 int i, num_blks, err;
405 unsigned long io_block;
406 struct buffer_head *obh;
407
408 num_blks = count_tags(journal, bh);
409 /* Calculate checksum of the descriptor block. */
410 *crc32_sum = crc32_be(*crc32_sum, (void *)bh->b_data, bh->b_size);
411
412 for (i = 0; i < num_blks; i++) {
413 io_block = (*next_log_block)++;
414 wrap(journal, *next_log_block);
415 err = jread(&obh, journal, io_block);
416 if (err) {
417 printk(KERN_ERR "JBD2: IO error %d recovering block "
418 "%lu in log\n", err, io_block);
419 return 1;
420 } else {
421 *crc32_sum = crc32_be(*crc32_sum, (void *)obh->b_data,
422 obh->b_size);
423 }
424 put_bh(obh);
425 }
426 return 0;
427 }
428
jbd2_commit_block_csum_verify(journal_t * j,void * buf)429 static int jbd2_commit_block_csum_verify(journal_t *j, void *buf)
430 {
431 struct commit_header *h;
432 __be32 provided;
433 __u32 calculated;
434
435 if (!jbd2_journal_has_csum_v2or3(j))
436 return 1;
437
438 h = buf;
439 provided = h->h_chksum[0];
440 h->h_chksum[0] = 0;
441 calculated = jbd2_chksum(j, j->j_csum_seed, buf, j->j_blocksize);
442 h->h_chksum[0] = provided;
443
444 return provided == cpu_to_be32(calculated);
445 }
446
jbd2_commit_block_csum_verify_partial(journal_t * j,void * buf)447 static bool jbd2_commit_block_csum_verify_partial(journal_t *j, void *buf)
448 {
449 struct commit_header *h;
450 __be32 provided;
451 __u32 calculated;
452 void *tmpbuf;
453
454 tmpbuf = kzalloc(j->j_blocksize, GFP_KERNEL);
455 if (!tmpbuf)
456 return false;
457
458 memcpy(tmpbuf, buf, sizeof(struct commit_header));
459 h = tmpbuf;
460 provided = h->h_chksum[0];
461 h->h_chksum[0] = 0;
462 calculated = jbd2_chksum(j, j->j_csum_seed, tmpbuf, j->j_blocksize);
463 kfree(tmpbuf);
464
465 return provided == cpu_to_be32(calculated);
466 }
467
jbd2_block_tag_csum_verify(journal_t * j,journal_block_tag_t * tag,journal_block_tag3_t * tag3,void * buf,__u32 sequence)468 static int jbd2_block_tag_csum_verify(journal_t *j, journal_block_tag_t *tag,
469 journal_block_tag3_t *tag3,
470 void *buf, __u32 sequence)
471 {
472 __u32 csum32;
473 __be32 seq;
474
475 if (!jbd2_journal_has_csum_v2or3(j))
476 return 1;
477
478 seq = cpu_to_be32(sequence);
479 csum32 = jbd2_chksum(j, j->j_csum_seed, (__u8 *)&seq, sizeof(seq));
480 csum32 = jbd2_chksum(j, csum32, buf, j->j_blocksize);
481
482 if (jbd2_has_feature_csum3(j))
483 return tag3->t_checksum == cpu_to_be32(csum32);
484 else
485 return tag->t_checksum == cpu_to_be16(csum32);
486 }
487
do_one_pass(journal_t * journal,struct recovery_info * info,enum passtype pass)488 static int do_one_pass(journal_t *journal,
489 struct recovery_info *info, enum passtype pass)
490 {
491 unsigned int first_commit_ID, next_commit_ID;
492 unsigned long next_log_block, head_block;
493 int err, success = 0;
494 journal_superblock_t * sb;
495 journal_header_t * tmp;
496 struct buffer_head * bh;
497 unsigned int sequence;
498 int blocktype;
499 int tag_bytes = journal_tag_bytes(journal);
500 __u32 crc32_sum = ~0; /* Transactional Checksums */
501 int descr_csum_size = 0;
502 int block_error = 0;
503 bool need_check_commit_time = false;
504 __u64 last_trans_commit_time = 0, commit_time;
505
506 /*
507 * First thing is to establish what we expect to find in the log
508 * (in terms of transaction IDs), and where (in terms of log
509 * block offsets): query the superblock.
510 */
511
512 sb = journal->j_superblock;
513 next_commit_ID = be32_to_cpu(sb->s_sequence);
514 next_log_block = be32_to_cpu(sb->s_start);
515 head_block = next_log_block;
516
517 first_commit_ID = next_commit_ID;
518 if (pass == PASS_SCAN)
519 info->start_transaction = first_commit_ID;
520
521 jbd2_debug(1, "Starting recovery pass %d\n", pass);
522
523 /*
524 * Now we walk through the log, transaction by transaction,
525 * making sure that each transaction has a commit block in the
526 * expected place. Each complete transaction gets replayed back
527 * into the main filesystem.
528 */
529
530 while (1) {
531 int flags;
532 char * tagp;
533 journal_block_tag_t tag;
534 struct buffer_head * obh;
535 struct buffer_head * nbh;
536
537 cond_resched();
538
539 /* If we already know where to stop the log traversal,
540 * check right now that we haven't gone past the end of
541 * the log. */
542
543 if (pass != PASS_SCAN)
544 if (tid_geq(next_commit_ID, info->end_transaction))
545 break;
546
547 jbd2_debug(2, "Scanning for sequence ID %u at %lu/%lu\n",
548 next_commit_ID, next_log_block, journal->j_last);
549
550 /* Skip over each chunk of the transaction looking
551 * either the next descriptor block or the final commit
552 * record. */
553
554 jbd2_debug(3, "JBD2: checking block %ld\n", next_log_block);
555 err = jread(&bh, journal, next_log_block);
556 if (err)
557 goto failed;
558
559 next_log_block++;
560 wrap(journal, next_log_block);
561
562 /* What kind of buffer is it?
563 *
564 * If it is a descriptor block, check that it has the
565 * expected sequence number. Otherwise, we're all done
566 * here. */
567
568 tmp = (journal_header_t *)bh->b_data;
569
570 if (tmp->h_magic != cpu_to_be32(JBD2_MAGIC_NUMBER)) {
571 brelse(bh);
572 break;
573 }
574
575 blocktype = be32_to_cpu(tmp->h_blocktype);
576 sequence = be32_to_cpu(tmp->h_sequence);
577 jbd2_debug(3, "Found magic %d, sequence %d\n",
578 blocktype, sequence);
579
580 if (sequence != next_commit_ID) {
581 brelse(bh);
582 break;
583 }
584
585 /* OK, we have a valid descriptor block which matches
586 * all of the sequence number checks. What are we going
587 * to do with it? That depends on the pass... */
588
589 switch(blocktype) {
590 case JBD2_DESCRIPTOR_BLOCK:
591 /* Verify checksum first */
592 if (jbd2_journal_has_csum_v2or3(journal))
593 descr_csum_size =
594 sizeof(struct jbd2_journal_block_tail);
595 if (descr_csum_size > 0 &&
596 !jbd2_descriptor_block_csum_verify(journal,
597 bh->b_data)) {
598 /*
599 * PASS_SCAN can see stale blocks due to lazy
600 * journal init. Don't error out on those yet.
601 */
602 if (pass != PASS_SCAN) {
603 pr_err("JBD2: Invalid checksum recovering block %lu in log\n",
604 next_log_block);
605 err = -EFSBADCRC;
606 brelse(bh);
607 goto failed;
608 }
609 need_check_commit_time = true;
610 jbd2_debug(1,
611 "invalid descriptor block found in %lu\n",
612 next_log_block);
613 }
614
615 /* If it is a valid descriptor block, replay it
616 * in pass REPLAY; if journal_checksums enabled, then
617 * calculate checksums in PASS_SCAN, otherwise,
618 * just skip over the blocks it describes. */
619 if (pass != PASS_REPLAY) {
620 if (pass == PASS_SCAN &&
621 jbd2_has_feature_checksum(journal) &&
622 !need_check_commit_time &&
623 !info->end_transaction) {
624 if (calc_chksums(journal, bh,
625 &next_log_block,
626 &crc32_sum)) {
627 put_bh(bh);
628 break;
629 }
630 put_bh(bh);
631 continue;
632 }
633 next_log_block += count_tags(journal, bh);
634 wrap(journal, next_log_block);
635 put_bh(bh);
636 continue;
637 }
638
639 /* A descriptor block: we can now write all of
640 * the data blocks. Yay, useful work is finally
641 * getting done here! */
642
643 tagp = &bh->b_data[sizeof(journal_header_t)];
644 while ((tagp - bh->b_data + tag_bytes)
645 <= journal->j_blocksize - descr_csum_size) {
646 unsigned long io_block;
647
648 memcpy(&tag, tagp, sizeof(tag));
649 flags = be16_to_cpu(tag.t_flags);
650
651 io_block = next_log_block++;
652 wrap(journal, next_log_block);
653 err = jread(&obh, journal, io_block);
654 if (err) {
655 /* Recover what we can, but
656 * report failure at the end. */
657 success = err;
658 printk(KERN_ERR
659 "JBD2: IO error %d recovering "
660 "block %lu in log\n",
661 err, io_block);
662 } else {
663 unsigned long long blocknr;
664
665 J_ASSERT(obh != NULL);
666 blocknr = read_tag_block(journal,
667 &tag);
668
669 /* If the block has been
670 * revoked, then we're all done
671 * here. */
672 if (jbd2_journal_test_revoke
673 (journal, blocknr,
674 next_commit_ID)) {
675 brelse(obh);
676 ++info->nr_revoke_hits;
677 goto skip_write;
678 }
679
680 /* Look for block corruption */
681 if (!jbd2_block_tag_csum_verify(
682 journal, &tag, (journal_block_tag3_t *)tagp,
683 obh->b_data, be32_to_cpu(tmp->h_sequence))) {
684 brelse(obh);
685 success = -EFSBADCRC;
686 printk(KERN_ERR "JBD2: Invalid "
687 "checksum recovering "
688 "data block %llu in "
689 "journal block %lu\n",
690 blocknr, io_block);
691 block_error = 1;
692 goto skip_write;
693 }
694
695 /* Find a buffer for the new
696 * data being restored */
697 nbh = __getblk(journal->j_fs_dev,
698 blocknr,
699 journal->j_blocksize);
700 if (nbh == NULL) {
701 printk(KERN_ERR
702 "JBD2: Out of memory "
703 "during recovery.\n");
704 err = -ENOMEM;
705 brelse(bh);
706 brelse(obh);
707 goto failed;
708 }
709
710 lock_buffer(nbh);
711 memcpy(nbh->b_data, obh->b_data,
712 journal->j_blocksize);
713 if (flags & JBD2_FLAG_ESCAPE) {
714 *((__be32 *)nbh->b_data) =
715 cpu_to_be32(JBD2_MAGIC_NUMBER);
716 }
717
718 BUFFER_TRACE(nbh, "marking dirty");
719 set_buffer_uptodate(nbh);
720 mark_buffer_dirty(nbh);
721 BUFFER_TRACE(nbh, "marking uptodate");
722 ++info->nr_replays;
723 unlock_buffer(nbh);
724 brelse(obh);
725 brelse(nbh);
726 }
727
728 skip_write:
729 tagp += tag_bytes;
730 if (!(flags & JBD2_FLAG_SAME_UUID))
731 tagp += 16;
732
733 if (flags & JBD2_FLAG_LAST_TAG)
734 break;
735 }
736
737 brelse(bh);
738 continue;
739
740 case JBD2_COMMIT_BLOCK:
741 /* How to differentiate between interrupted commit
742 * and journal corruption ?
743 *
744 * {nth transaction}
745 * Checksum Verification Failed
746 * |
747 * ____________________
748 * | |
749 * async_commit sync_commit
750 * | |
751 * | GO TO NEXT "Journal Corruption"
752 * | TRANSACTION
753 * |
754 * {(n+1)th transanction}
755 * |
756 * _______|______________
757 * | |
758 * Commit block found Commit block not found
759 * | |
760 * "Journal Corruption" |
761 * _____________|_________
762 * | |
763 * nth trans corrupt OR nth trans
764 * and (n+1)th interrupted interrupted
765 * before commit block
766 * could reach the disk.
767 * (Cannot find the difference in above
768 * mentioned conditions. Hence assume
769 * "Interrupted Commit".)
770 */
771 commit_time = be64_to_cpu(
772 ((struct commit_header *)bh->b_data)->h_commit_sec);
773 /*
774 * If need_check_commit_time is set, it means we are in
775 * PASS_SCAN and csum verify failed before. If
776 * commit_time is increasing, it's the same journal,
777 * otherwise it is stale journal block, just end this
778 * recovery.
779 */
780 if (need_check_commit_time) {
781 if (commit_time >= last_trans_commit_time) {
782 pr_err("JBD2: Invalid checksum found in transaction %u\n",
783 next_commit_ID);
784 err = -EFSBADCRC;
785 brelse(bh);
786 goto failed;
787 }
788 ignore_crc_mismatch:
789 /*
790 * It likely does not belong to same journal,
791 * just end this recovery with success.
792 */
793 jbd2_debug(1, "JBD2: Invalid checksum ignored in transaction %u, likely stale data\n",
794 next_commit_ID);
795 brelse(bh);
796 goto done;
797 }
798
799 /*
800 * Found an expected commit block: if checksums
801 * are present, verify them in PASS_SCAN; else not
802 * much to do other than move on to the next sequence
803 * number.
804 */
805 if (pass == PASS_SCAN &&
806 jbd2_has_feature_checksum(journal)) {
807 struct commit_header *cbh =
808 (struct commit_header *)bh->b_data;
809 unsigned found_chksum =
810 be32_to_cpu(cbh->h_chksum[0]);
811
812 if (info->end_transaction) {
813 journal->j_failed_commit =
814 info->end_transaction;
815 brelse(bh);
816 break;
817 }
818
819 /* Neither checksum match nor unused? */
820 if (!((crc32_sum == found_chksum &&
821 cbh->h_chksum_type ==
822 JBD2_CRC32_CHKSUM &&
823 cbh->h_chksum_size ==
824 JBD2_CRC32_CHKSUM_SIZE) ||
825 (cbh->h_chksum_type == 0 &&
826 cbh->h_chksum_size == 0 &&
827 found_chksum == 0)))
828 goto chksum_error;
829
830 crc32_sum = ~0;
831 }
832 if (pass == PASS_SCAN &&
833 !jbd2_commit_block_csum_verify(journal,
834 bh->b_data)) {
835 if (jbd2_commit_block_csum_verify_partial(
836 journal,
837 bh->b_data)) {
838 pr_notice("JBD2: Find incomplete commit block in transaction %u block %lu\n",
839 next_commit_ID, next_log_block);
840 goto chksum_ok;
841 }
842 chksum_error:
843 if (commit_time < last_trans_commit_time)
844 goto ignore_crc_mismatch;
845 info->end_transaction = next_commit_ID;
846 info->head_block = head_block;
847
848 if (!jbd2_has_feature_async_commit(journal)) {
849 journal->j_failed_commit =
850 next_commit_ID;
851 brelse(bh);
852 break;
853 }
854 }
855 if (pass == PASS_SCAN) {
856 chksum_ok:
857 last_trans_commit_time = commit_time;
858 head_block = next_log_block;
859 }
860 brelse(bh);
861 next_commit_ID++;
862 continue;
863
864 case JBD2_REVOKE_BLOCK:
865 /*
866 * Check revoke block crc in pass_scan, if csum verify
867 * failed, check commit block time later.
868 */
869 if (pass == PASS_SCAN &&
870 !jbd2_descriptor_block_csum_verify(journal,
871 bh->b_data)) {
872 jbd2_debug(1, "JBD2: invalid revoke block found in %lu\n",
873 next_log_block);
874 need_check_commit_time = true;
875 }
876
877 /* If we aren't in the REVOKE pass, then we can
878 * just skip over this block. */
879 if (pass != PASS_REVOKE) {
880 brelse(bh);
881 continue;
882 }
883
884 err = scan_revoke_records(journal, bh,
885 next_commit_ID, info);
886 brelse(bh);
887 if (err)
888 goto failed;
889 continue;
890
891 default:
892 jbd2_debug(3, "Unrecognised magic %d, end of scan.\n",
893 blocktype);
894 brelse(bh);
895 goto done;
896 }
897 }
898
899 done:
900 /*
901 * We broke out of the log scan loop: either we came to the
902 * known end of the log or we found an unexpected block in the
903 * log. If the latter happened, then we know that the "current"
904 * transaction marks the end of the valid log.
905 */
906
907 if (pass == PASS_SCAN) {
908 if (!info->end_transaction)
909 info->end_transaction = next_commit_ID;
910 if (!info->head_block)
911 info->head_block = head_block;
912 } else {
913 /* It's really bad news if different passes end up at
914 * different places (but possible due to IO errors). */
915 if (info->end_transaction != next_commit_ID) {
916 printk(KERN_ERR "JBD2: recovery pass %d ended at "
917 "transaction %u, expected %u\n",
918 pass, next_commit_ID, info->end_transaction);
919 if (!success)
920 success = -EIO;
921 }
922 }
923
924 if (jbd2_has_feature_fast_commit(journal) && pass != PASS_REVOKE) {
925 err = fc_do_one_pass(journal, info, pass);
926 if (err)
927 success = err;
928 }
929
930 if (block_error && success == 0)
931 success = -EIO;
932 return success;
933
934 failed:
935 return err;
936 }
937
938 /* Scan a revoke record, marking all blocks mentioned as revoked. */
939
scan_revoke_records(journal_t * journal,struct buffer_head * bh,tid_t sequence,struct recovery_info * info)940 static int scan_revoke_records(journal_t *journal, struct buffer_head *bh,
941 tid_t sequence, struct recovery_info *info)
942 {
943 jbd2_journal_revoke_header_t *header;
944 int offset, max;
945 unsigned csum_size = 0;
946 __u32 rcount;
947 int record_len = 4;
948
949 header = (jbd2_journal_revoke_header_t *) bh->b_data;
950 offset = sizeof(jbd2_journal_revoke_header_t);
951 rcount = be32_to_cpu(header->r_count);
952
953 if (jbd2_journal_has_csum_v2or3(journal))
954 csum_size = sizeof(struct jbd2_journal_block_tail);
955 if (rcount > journal->j_blocksize - csum_size)
956 return -EINVAL;
957 max = rcount;
958
959 if (jbd2_has_feature_64bit(journal))
960 record_len = 8;
961
962 while (offset + record_len <= max) {
963 unsigned long long blocknr;
964 int err;
965
966 if (record_len == 4)
967 blocknr = be32_to_cpu(* ((__be32 *) (bh->b_data+offset)));
968 else
969 blocknr = be64_to_cpu(* ((__be64 *) (bh->b_data+offset)));
970 offset += record_len;
971 err = jbd2_journal_set_revoke(journal, blocknr, sequence);
972 if (err)
973 return err;
974 ++info->nr_revokes;
975 }
976 return 0;
977 }
978