1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Authors: Adrian Hunter
8 * Artem Bityutskiy (Битюцкий Артём)
9 */
10
11 /* This file implements TNC functions for committing */
12
13 #include <linux/random.h>
14 #include "ubifs.h"
15
16 /**
17 * make_idx_node - make an index node for fill-the-gaps method of TNC commit.
18 * @c: UBIFS file-system description object
19 * @idx: buffer in which to place new index node
20 * @znode: znode from which to make new index node
21 * @lnum: LEB number where new index node will be written
22 * @offs: offset where new index node will be written
23 * @len: length of new index node
24 */
make_idx_node(struct ubifs_info * c,struct ubifs_idx_node * idx,struct ubifs_znode * znode,int lnum,int offs,int len)25 static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
26 struct ubifs_znode *znode, int lnum, int offs, int len)
27 {
28 struct ubifs_znode *zp;
29 u8 hash[UBIFS_HASH_ARR_SZ];
30 int i, err;
31
32 /* Make index node */
33 idx->ch.node_type = UBIFS_IDX_NODE;
34 idx->child_cnt = cpu_to_le16(znode->child_cnt);
35 idx->level = cpu_to_le16(znode->level);
36 for (i = 0; i < znode->child_cnt; i++) {
37 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
38 struct ubifs_zbranch *zbr = &znode->zbranch[i];
39
40 key_write_idx(c, &zbr->key, &br->key);
41 br->lnum = cpu_to_le32(zbr->lnum);
42 br->offs = cpu_to_le32(zbr->offs);
43 br->len = cpu_to_le32(zbr->len);
44 ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
45 if (!zbr->lnum || !zbr->len) {
46 ubifs_err(c, "bad ref in znode");
47 ubifs_dump_znode(c, znode);
48 if (zbr->znode)
49 ubifs_dump_znode(c, zbr->znode);
50
51 return -EINVAL;
52 }
53 }
54 ubifs_prepare_node(c, idx, len, 0);
55 ubifs_node_calc_hash(c, idx, hash);
56
57 znode->lnum = lnum;
58 znode->offs = offs;
59 znode->len = len;
60
61 err = insert_old_idx_znode(c, znode);
62
63 /* Update the parent */
64 zp = znode->parent;
65 if (zp) {
66 struct ubifs_zbranch *zbr;
67
68 zbr = &zp->zbranch[znode->iip];
69 zbr->lnum = lnum;
70 zbr->offs = offs;
71 zbr->len = len;
72 ubifs_copy_hash(c, hash, zbr->hash);
73 } else {
74 c->zroot.lnum = lnum;
75 c->zroot.offs = offs;
76 c->zroot.len = len;
77 ubifs_copy_hash(c, hash, c->zroot.hash);
78 }
79 c->calc_idx_sz += ALIGN(len, 8);
80
81 atomic_long_dec(&c->dirty_zn_cnt);
82
83 ubifs_assert(c, ubifs_zn_dirty(znode));
84 ubifs_assert(c, ubifs_zn_cow(znode));
85
86 /*
87 * Note, unlike 'write_index()' we do not add memory barriers here
88 * because this function is called with @c->tnc_mutex locked.
89 */
90 __clear_bit(DIRTY_ZNODE, &znode->flags);
91 __clear_bit(COW_ZNODE, &znode->flags);
92
93 return err;
94 }
95
96 /**
97 * fill_gap - make index nodes in gaps in dirty index LEBs.
98 * @c: UBIFS file-system description object
99 * @lnum: LEB number that gap appears in
100 * @gap_start: offset of start of gap
101 * @gap_end: offset of end of gap
102 * @dirt: adds dirty space to this
103 *
104 * This function returns the number of index nodes written into the gap.
105 */
fill_gap(struct ubifs_info * c,int lnum,int gap_start,int gap_end,int * dirt)106 static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
107 int *dirt)
108 {
109 int len, gap_remains, gap_pos, written, pad_len;
110
111 ubifs_assert(c, (gap_start & 7) == 0);
112 ubifs_assert(c, (gap_end & 7) == 0);
113 ubifs_assert(c, gap_end >= gap_start);
114
115 gap_remains = gap_end - gap_start;
116 if (!gap_remains)
117 return 0;
118 gap_pos = gap_start;
119 written = 0;
120 while (c->enext) {
121 len = ubifs_idx_node_sz(c, c->enext->child_cnt);
122 if (len < gap_remains) {
123 struct ubifs_znode *znode = c->enext;
124 const int alen = ALIGN(len, 8);
125 int err;
126
127 ubifs_assert(c, alen <= gap_remains);
128 err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
129 lnum, gap_pos, len);
130 if (err)
131 return err;
132 gap_remains -= alen;
133 gap_pos += alen;
134 c->enext = znode->cnext;
135 if (c->enext == c->cnext)
136 c->enext = NULL;
137 written += 1;
138 } else
139 break;
140 }
141 if (gap_end == c->leb_size) {
142 c->ileb_len = ALIGN(gap_pos, c->min_io_size);
143 /* Pad to end of min_io_size */
144 pad_len = c->ileb_len - gap_pos;
145 } else
146 /* Pad to end of gap */
147 pad_len = gap_remains;
148 dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
149 lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
150 ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
151 *dirt += pad_len;
152 return written;
153 }
154
155 /**
156 * find_old_idx - find an index node obsoleted since the last commit start.
157 * @c: UBIFS file-system description object
158 * @lnum: LEB number of obsoleted index node
159 * @offs: offset of obsoleted index node
160 *
161 * Returns %1 if found and %0 otherwise.
162 */
find_old_idx(struct ubifs_info * c,int lnum,int offs)163 static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
164 {
165 struct ubifs_old_idx *o;
166 struct rb_node *p;
167
168 p = c->old_idx.rb_node;
169 while (p) {
170 o = rb_entry(p, struct ubifs_old_idx, rb);
171 if (lnum < o->lnum)
172 p = p->rb_left;
173 else if (lnum > o->lnum)
174 p = p->rb_right;
175 else if (offs < o->offs)
176 p = p->rb_left;
177 else if (offs > o->offs)
178 p = p->rb_right;
179 else
180 return 1;
181 }
182 return 0;
183 }
184
185 /**
186 * is_idx_node_in_use - determine if an index node can be overwritten.
187 * @c: UBIFS file-system description object
188 * @key: key of index node
189 * @level: index node level
190 * @lnum: LEB number of index node
191 * @offs: offset of index node
192 *
193 * If @key / @lnum / @offs identify an index node that was not part of the old
194 * index, then this function returns %0 (obsolete). Else if the index node was
195 * part of the old index but is now dirty %1 is returned, else if it is clean %2
196 * is returned. A negative error code is returned on failure.
197 */
is_idx_node_in_use(struct ubifs_info * c,union ubifs_key * key,int level,int lnum,int offs)198 static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
199 int level, int lnum, int offs)
200 {
201 int ret;
202
203 ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
204 if (ret < 0)
205 return ret; /* Error code */
206 if (ret == 0)
207 if (find_old_idx(c, lnum, offs))
208 return 1;
209 return ret;
210 }
211
212 /**
213 * layout_leb_in_gaps - layout index nodes using in-the-gaps method.
214 * @c: UBIFS file-system description object
215 * @p: return LEB number in @c->gap_lebs[p]
216 *
217 * This function lays out new index nodes for dirty znodes using in-the-gaps
218 * method of TNC commit.
219 * This function merely puts the next znode into the next gap, making no attempt
220 * to try to maximise the number of znodes that fit.
221 * This function returns the number of index nodes written into the gaps, or a
222 * negative error code on failure.
223 */
layout_leb_in_gaps(struct ubifs_info * c,int p)224 static int layout_leb_in_gaps(struct ubifs_info *c, int p)
225 {
226 struct ubifs_scan_leb *sleb;
227 struct ubifs_scan_node *snod;
228 int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
229
230 tot_written = 0;
231 /* Get an index LEB with lots of obsolete index nodes */
232 lnum = ubifs_find_dirty_idx_leb(c);
233 if (lnum < 0)
234 /*
235 * There also may be dirt in the index head that could be
236 * filled, however we do not check there at present.
237 */
238 return lnum; /* Error code */
239 c->gap_lebs[p] = lnum;
240 dbg_gc("LEB %d", lnum);
241 /*
242 * Scan the index LEB. We use the generic scan for this even though
243 * it is more comprehensive and less efficient than is needed for this
244 * purpose.
245 */
246 sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
247 c->ileb_len = 0;
248 if (IS_ERR(sleb))
249 return PTR_ERR(sleb);
250 gap_start = 0;
251 list_for_each_entry(snod, &sleb->nodes, list) {
252 struct ubifs_idx_node *idx;
253 int in_use, level;
254
255 ubifs_assert(c, snod->type == UBIFS_IDX_NODE);
256 idx = snod->node;
257 key_read(c, ubifs_idx_key(c, idx), &snod->key);
258 level = le16_to_cpu(idx->level);
259 /* Determine if the index node is in use (not obsolete) */
260 in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
261 snod->offs);
262 if (in_use < 0) {
263 ubifs_scan_destroy(sleb);
264 return in_use; /* Error code */
265 }
266 if (in_use) {
267 if (in_use == 1)
268 dirt += ALIGN(snod->len, 8);
269 /*
270 * The obsolete index nodes form gaps that can be
271 * overwritten. This gap has ended because we have
272 * found an index node that is still in use
273 * i.e. not obsolete
274 */
275 gap_end = snod->offs;
276 /* Try to fill gap */
277 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
278 if (written < 0) {
279 ubifs_scan_destroy(sleb);
280 return written; /* Error code */
281 }
282 tot_written += written;
283 gap_start = ALIGN(snod->offs + snod->len, 8);
284 }
285 }
286 ubifs_scan_destroy(sleb);
287 c->ileb_len = c->leb_size;
288 gap_end = c->leb_size;
289 /* Try to fill gap */
290 written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
291 if (written < 0)
292 return written; /* Error code */
293 tot_written += written;
294 if (tot_written == 0) {
295 struct ubifs_lprops lp;
296
297 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
298 err = ubifs_read_one_lp(c, lnum, &lp);
299 if (err)
300 return err;
301 if (lp.free == c->leb_size) {
302 /*
303 * We must have snatched this LEB from the idx_gc list
304 * so we need to correct the free and dirty space.
305 */
306 err = ubifs_change_one_lp(c, lnum,
307 c->leb_size - c->ileb_len,
308 dirt, 0, 0, 0);
309 if (err)
310 return err;
311 }
312 return 0;
313 }
314 err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
315 0, 0, 0);
316 if (err)
317 return err;
318 err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
319 if (err)
320 return err;
321 dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
322 return tot_written;
323 }
324
325 /**
326 * get_leb_cnt - calculate the number of empty LEBs needed to commit.
327 * @c: UBIFS file-system description object
328 * @cnt: number of znodes to commit
329 *
330 * This function returns the number of empty LEBs needed to commit @cnt znodes
331 * to the current index head. The number is not exact and may be more than
332 * needed.
333 */
get_leb_cnt(struct ubifs_info * c,int cnt)334 static int get_leb_cnt(struct ubifs_info *c, int cnt)
335 {
336 int d;
337
338 /* Assume maximum index node size (i.e. overestimate space needed) */
339 cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
340 if (cnt < 0)
341 cnt = 0;
342 d = c->leb_size / c->max_idx_node_sz;
343 return DIV_ROUND_UP(cnt, d);
344 }
345
346 /**
347 * layout_in_gaps - in-the-gaps method of committing TNC.
348 * @c: UBIFS file-system description object
349 * @cnt: number of dirty znodes to commit.
350 *
351 * This function lays out new index nodes for dirty znodes using in-the-gaps
352 * method of TNC commit.
353 *
354 * This function returns %0 on success and a negative error code on failure.
355 */
layout_in_gaps(struct ubifs_info * c,int cnt)356 static int layout_in_gaps(struct ubifs_info *c, int cnt)
357 {
358 int err, leb_needed_cnt, written, p = 0, old_idx_lebs, *gap_lebs;
359
360 dbg_gc("%d znodes to write", cnt);
361
362 c->gap_lebs = kmalloc_objs(int, c->lst.idx_lebs + 1, GFP_NOFS);
363 if (!c->gap_lebs)
364 return -ENOMEM;
365
366 old_idx_lebs = c->lst.idx_lebs;
367 do {
368 ubifs_assert(c, p < c->lst.idx_lebs);
369 written = layout_leb_in_gaps(c, p);
370 if (written < 0) {
371 err = written;
372 if (err != -ENOSPC) {
373 kfree(c->gap_lebs);
374 c->gap_lebs = NULL;
375 return err;
376 }
377 if (!dbg_is_chk_index(c)) {
378 /*
379 * Do not print scary warnings if the debugging
380 * option which forces in-the-gaps is enabled.
381 */
382 ubifs_warn(c, "out of space");
383 ubifs_dump_budg(c, &c->bi);
384 ubifs_dump_lprops(c);
385 }
386 /* Try to commit anyway */
387 break;
388 }
389 p++;
390 cnt -= written;
391 leb_needed_cnt = get_leb_cnt(c, cnt);
392 dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
393 leb_needed_cnt, c->ileb_cnt);
394 /*
395 * Dynamically change the size of @c->gap_lebs to prevent
396 * oob, because @c->lst.idx_lebs could be increased by
397 * function @get_idx_gc_leb (called by layout_leb_in_gaps->
398 * ubifs_find_dirty_idx_leb) during loop. Only enlarge
399 * @c->gap_lebs when needed.
400 *
401 */
402 if (leb_needed_cnt > c->ileb_cnt && p >= old_idx_lebs &&
403 old_idx_lebs < c->lst.idx_lebs) {
404 old_idx_lebs = c->lst.idx_lebs;
405 gap_lebs = krealloc(c->gap_lebs, sizeof(int) *
406 (old_idx_lebs + 1), GFP_NOFS);
407 if (!gap_lebs) {
408 kfree(c->gap_lebs);
409 c->gap_lebs = NULL;
410 return -ENOMEM;
411 }
412 c->gap_lebs = gap_lebs;
413 }
414 } while (leb_needed_cnt > c->ileb_cnt);
415
416 c->gap_lebs[p] = -1;
417 return 0;
418 }
419
420 /**
421 * layout_in_empty_space - layout index nodes in empty space.
422 * @c: UBIFS file-system description object
423 *
424 * This function lays out new index nodes for dirty znodes using empty LEBs.
425 *
426 * This function returns %0 on success and a negative error code on failure.
427 */
layout_in_empty_space(struct ubifs_info * c)428 static int layout_in_empty_space(struct ubifs_info *c)
429 {
430 struct ubifs_znode *znode, *cnext, *zp;
431 int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
432 int wlen, blen, err;
433
434 cnext = c->enext;
435 if (!cnext)
436 return 0;
437
438 lnum = c->ihead_lnum;
439 buf_offs = c->ihead_offs;
440
441 buf_len = ubifs_idx_node_sz(c, c->fanout);
442 buf_len = ALIGN(buf_len, c->min_io_size);
443 used = 0;
444 avail = buf_len;
445
446 /* Ensure there is enough room for first write */
447 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
448 if (buf_offs + next_len > c->leb_size)
449 lnum = -1;
450
451 while (1) {
452 znode = cnext;
453
454 len = ubifs_idx_node_sz(c, znode->child_cnt);
455
456 /* Determine the index node position */
457 if (lnum == -1) {
458 if (c->ileb_nxt >= c->ileb_cnt) {
459 ubifs_err(c, "out of space");
460 return -ENOSPC;
461 }
462 lnum = c->ilebs[c->ileb_nxt++];
463 buf_offs = 0;
464 used = 0;
465 avail = buf_len;
466 }
467
468 offs = buf_offs + used;
469
470 znode->lnum = lnum;
471 znode->offs = offs;
472 znode->len = len;
473
474 /* Update the parent */
475 zp = znode->parent;
476 if (zp) {
477 struct ubifs_zbranch *zbr;
478 int i;
479
480 i = znode->iip;
481 zbr = &zp->zbranch[i];
482 zbr->lnum = lnum;
483 zbr->offs = offs;
484 zbr->len = len;
485 } else {
486 c->zroot.lnum = lnum;
487 c->zroot.offs = offs;
488 c->zroot.len = len;
489 }
490 c->calc_idx_sz += ALIGN(len, 8);
491
492 /*
493 * Once lprops is updated, we can decrease the dirty znode count
494 * but it is easier to just do it here.
495 */
496 atomic_long_dec(&c->dirty_zn_cnt);
497
498 /*
499 * Calculate the next index node length to see if there is
500 * enough room for it
501 */
502 cnext = znode->cnext;
503 if (cnext == c->cnext)
504 next_len = 0;
505 else
506 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
507
508 /* Update buffer positions */
509 wlen = used + len;
510 used += ALIGN(len, 8);
511 avail -= ALIGN(len, 8);
512
513 if (next_len != 0 &&
514 buf_offs + used + next_len <= c->leb_size &&
515 avail > 0)
516 continue;
517
518 if (avail <= 0 && next_len &&
519 buf_offs + used + next_len <= c->leb_size)
520 blen = buf_len;
521 else
522 blen = ALIGN(wlen, c->min_io_size);
523
524 /* The buffer is full or there are no more znodes to do */
525 buf_offs += blen;
526 if (next_len) {
527 if (buf_offs + next_len > c->leb_size) {
528 err = ubifs_update_one_lp(c, lnum,
529 c->leb_size - buf_offs, blen - used,
530 0, 0);
531 if (err)
532 return err;
533 lnum = -1;
534 }
535 used -= blen;
536 if (used < 0)
537 used = 0;
538 avail = buf_len - used;
539 continue;
540 }
541 err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
542 blen - used, 0, 0);
543 if (err)
544 return err;
545 break;
546 }
547
548 c->dbg->new_ihead_lnum = lnum;
549 c->dbg->new_ihead_offs = buf_offs;
550
551 return 0;
552 }
553
554 /**
555 * layout_commit - determine positions of index nodes to commit.
556 * @c: UBIFS file-system description object
557 * @no_space: indicates that insufficient empty LEBs were allocated
558 * @cnt: number of znodes to commit
559 *
560 * Calculate and update the positions of index nodes to commit. If there were
561 * an insufficient number of empty LEBs allocated, then index nodes are placed
562 * into the gaps created by obsolete index nodes in non-empty index LEBs. For
563 * this purpose, an obsolete index node is one that was not in the index as at
564 * the end of the last commit. To write "in-the-gaps" requires that those index
565 * LEBs are updated atomically in-place.
566 */
layout_commit(struct ubifs_info * c,int no_space,int cnt)567 static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
568 {
569 int err;
570
571 if (no_space) {
572 err = layout_in_gaps(c, cnt);
573 if (err)
574 return err;
575 }
576 err = layout_in_empty_space(c);
577 return err;
578 }
579
580 /**
581 * find_first_dirty - find first dirty znode.
582 * @znode: znode to begin searching from
583 */
find_first_dirty(struct ubifs_znode * znode)584 static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
585 {
586 int i, cont;
587
588 if (!znode)
589 return NULL;
590
591 while (1) {
592 if (znode->level == 0) {
593 if (ubifs_zn_dirty(znode))
594 return znode;
595 return NULL;
596 }
597 cont = 0;
598 for (i = 0; i < znode->child_cnt; i++) {
599 struct ubifs_zbranch *zbr = &znode->zbranch[i];
600
601 if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
602 znode = zbr->znode;
603 cont = 1;
604 break;
605 }
606 }
607 if (!cont) {
608 if (ubifs_zn_dirty(znode))
609 return znode;
610 return NULL;
611 }
612 }
613 }
614
615 /**
616 * find_next_dirty - find next dirty znode.
617 * @znode: znode to begin searching from
618 */
find_next_dirty(struct ubifs_znode * znode)619 static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
620 {
621 int n = znode->iip + 1;
622
623 znode = znode->parent;
624 if (!znode)
625 return NULL;
626 for (; n < znode->child_cnt; n++) {
627 struct ubifs_zbranch *zbr = &znode->zbranch[n];
628
629 if (zbr->znode && ubifs_zn_dirty(zbr->znode))
630 return find_first_dirty(zbr->znode);
631 }
632 return znode;
633 }
634
635 /**
636 * get_znodes_to_commit - create list of dirty znodes to commit.
637 * @c: UBIFS file-system description object
638 *
639 * This function returns the number of znodes to commit.
640 */
get_znodes_to_commit(struct ubifs_info * c)641 static int get_znodes_to_commit(struct ubifs_info *c)
642 {
643 struct ubifs_znode *znode, *cnext;
644 int cnt = 0;
645
646 c->cnext = find_first_dirty(c->zroot.znode);
647 znode = c->enext = c->cnext;
648 if (!znode) {
649 dbg_cmt("no znodes to commit");
650 return 0;
651 }
652 cnt += 1;
653 while (1) {
654 ubifs_assert(c, !ubifs_zn_cow(znode));
655 __set_bit(COW_ZNODE, &znode->flags);
656 znode->alt = 0;
657 cnext = find_next_dirty(znode);
658 if (!cnext) {
659 ubifs_assert(c, !znode->parent);
660 znode->cparent = NULL;
661 znode->cnext = c->cnext;
662 break;
663 }
664 znode->cparent = znode->parent;
665 znode->ciip = znode->iip;
666 znode->cnext = cnext;
667 znode = cnext;
668 cnt += 1;
669 }
670 dbg_cmt("committing %d znodes", cnt);
671 ubifs_assert(c, cnt == atomic_long_read(&c->dirty_zn_cnt));
672 return cnt;
673 }
674
675 /**
676 * alloc_idx_lebs - allocate empty LEBs to be used to commit.
677 * @c: UBIFS file-system description object
678 * @cnt: number of znodes to commit
679 *
680 * This function returns %-ENOSPC if it cannot allocate a sufficient number of
681 * empty LEBs. %0 is returned on success, otherwise a negative error code
682 * is returned.
683 */
alloc_idx_lebs(struct ubifs_info * c,int cnt)684 static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
685 {
686 int i, leb_cnt, lnum;
687
688 c->ileb_cnt = 0;
689 c->ileb_nxt = 0;
690 leb_cnt = get_leb_cnt(c, cnt);
691 dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
692 if (!leb_cnt)
693 return 0;
694 c->ilebs = kmalloc_objs(int, leb_cnt, GFP_NOFS);
695 if (!c->ilebs)
696 return -ENOMEM;
697 for (i = 0; i < leb_cnt; i++) {
698 lnum = ubifs_find_free_leb_for_idx(c);
699 if (lnum < 0)
700 return lnum;
701 c->ilebs[c->ileb_cnt++] = lnum;
702 dbg_cmt("LEB %d", lnum);
703 }
704 if (dbg_is_chk_index(c) && !get_random_u32_below(8))
705 return -ENOSPC;
706 return 0;
707 }
708
709 /**
710 * free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
711 * @c: UBIFS file-system description object
712 *
713 * It is possible that we allocate more empty LEBs for the commit than we need.
714 * This functions frees the surplus.
715 *
716 * This function returns %0 on success and a negative error code on failure.
717 */
free_unused_idx_lebs(struct ubifs_info * c)718 static int free_unused_idx_lebs(struct ubifs_info *c)
719 {
720 int i, err = 0, lnum, er;
721
722 for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
723 lnum = c->ilebs[i];
724 dbg_cmt("LEB %d", lnum);
725 er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
726 LPROPS_INDEX | LPROPS_TAKEN, 0);
727 if (!err)
728 err = er;
729 }
730 return err;
731 }
732
733 /**
734 * free_idx_lebs - free unused LEBs after commit end.
735 * @c: UBIFS file-system description object
736 *
737 * This function returns %0 on success and a negative error code on failure.
738 */
free_idx_lebs(struct ubifs_info * c)739 static int free_idx_lebs(struct ubifs_info *c)
740 {
741 int err;
742
743 err = free_unused_idx_lebs(c);
744 kfree(c->ilebs);
745 c->ilebs = NULL;
746 return err;
747 }
748
749 /**
750 * ubifs_tnc_start_commit - start TNC commit.
751 * @c: UBIFS file-system description object
752 * @zroot: new index root position is returned here
753 *
754 * This function prepares the list of indexing nodes to commit and lays out
755 * their positions on flash. If there is not enough free space it uses the
756 * in-gap commit method. Returns zero in case of success and a negative error
757 * code in case of failure.
758 */
ubifs_tnc_start_commit(struct ubifs_info * c,struct ubifs_zbranch * zroot)759 int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
760 {
761 int err = 0, cnt;
762
763 mutex_lock(&c->tnc_mutex);
764 err = dbg_check_tnc(c, 1);
765 if (err)
766 goto out;
767 cnt = get_znodes_to_commit(c);
768 if (cnt != 0) {
769 int no_space = 0;
770
771 err = alloc_idx_lebs(c, cnt);
772 if (err == -ENOSPC)
773 no_space = 1;
774 else if (err)
775 goto out_free;
776 err = layout_commit(c, no_space, cnt);
777 if (err)
778 goto out_free;
779 ubifs_assert(c, atomic_long_read(&c->dirty_zn_cnt) == 0);
780 err = free_unused_idx_lebs(c);
781 if (err)
782 goto out;
783 }
784 destroy_old_idx(c);
785 memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
786
787 err = ubifs_save_dirty_idx_lnums(c);
788 if (err)
789 goto out;
790
791 spin_lock(&c->space_lock);
792 /*
793 * Although we have not finished committing yet, update size of the
794 * committed index ('c->bi.old_idx_sz') and zero out the index growth
795 * budget. It is OK to do this now, because we've reserved all the
796 * space which is needed to commit the index, and it is save for the
797 * budgeting subsystem to assume the index is already committed,
798 * even though it is not.
799 */
800 ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
801 c->bi.old_idx_sz = c->calc_idx_sz;
802 c->bi.uncommitted_idx = 0;
803 c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
804 spin_unlock(&c->space_lock);
805 mutex_unlock(&c->tnc_mutex);
806
807 dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
808 dbg_cmt("size of index %llu", c->calc_idx_sz);
809 return err;
810
811 out_free:
812 free_idx_lebs(c);
813 out:
814 mutex_unlock(&c->tnc_mutex);
815 return err;
816 }
817
818 /**
819 * write_index - write index nodes.
820 * @c: UBIFS file-system description object
821 *
822 * This function writes the index nodes whose positions were laid out in the
823 * layout_in_empty_space function.
824 */
write_index(struct ubifs_info * c)825 static int write_index(struct ubifs_info *c)
826 {
827 struct ubifs_idx_node *idx;
828 struct ubifs_znode *znode, *cnext;
829 int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
830 int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
831
832 cnext = c->enext;
833 if (!cnext)
834 return 0;
835
836 /*
837 * Always write index nodes to the index head so that index nodes and
838 * other types of nodes are never mixed in the same erase block.
839 */
840 lnum = c->ihead_lnum;
841 buf_offs = c->ihead_offs;
842
843 /* Allocate commit buffer */
844 buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
845 used = 0;
846 avail = buf_len;
847
848 /* Ensure there is enough room for first write */
849 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
850 if (buf_offs + next_len > c->leb_size) {
851 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
852 LPROPS_TAKEN);
853 if (err)
854 return err;
855 lnum = -1;
856 }
857
858 while (1) {
859 u8 hash[UBIFS_HASH_ARR_SZ];
860
861 cond_resched();
862
863 znode = cnext;
864 idx = c->cbuf + used;
865
866 /* Make index node */
867 idx->ch.node_type = UBIFS_IDX_NODE;
868 idx->child_cnt = cpu_to_le16(znode->child_cnt);
869 idx->level = cpu_to_le16(znode->level);
870 for (i = 0; i < znode->child_cnt; i++) {
871 struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
872 struct ubifs_zbranch *zbr = &znode->zbranch[i];
873
874 key_write_idx(c, &zbr->key, &br->key);
875 br->lnum = cpu_to_le32(zbr->lnum);
876 br->offs = cpu_to_le32(zbr->offs);
877 br->len = cpu_to_le32(zbr->len);
878 ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
879 if (!zbr->lnum || !zbr->len) {
880 ubifs_err(c, "bad ref in znode");
881 ubifs_dump_znode(c, znode);
882 if (zbr->znode)
883 ubifs_dump_znode(c, zbr->znode);
884
885 return -EINVAL;
886 }
887 }
888 len = ubifs_idx_node_sz(c, znode->child_cnt);
889 ubifs_prepare_node(c, idx, len, 0);
890 ubifs_node_calc_hash(c, idx, hash);
891
892 mutex_lock(&c->tnc_mutex);
893
894 if (znode->cparent)
895 ubifs_copy_hash(c, hash,
896 znode->cparent->zbranch[znode->ciip].hash);
897
898 if (znode->parent) {
899 if (!ubifs_zn_obsolete(znode))
900 ubifs_copy_hash(c, hash,
901 znode->parent->zbranch[znode->iip].hash);
902 } else {
903 ubifs_copy_hash(c, hash, c->zroot.hash);
904 }
905
906 mutex_unlock(&c->tnc_mutex);
907
908 /* Determine the index node position */
909 if (lnum == -1) {
910 lnum = c->ilebs[lnum_pos++];
911 buf_offs = 0;
912 used = 0;
913 avail = buf_len;
914 }
915 offs = buf_offs + used;
916
917 if (lnum != znode->lnum || offs != znode->offs ||
918 len != znode->len) {
919 ubifs_err(c, "inconsistent znode posn");
920 return -EINVAL;
921 }
922
923 /* Grab some stuff from znode while we still can */
924 cnext = znode->cnext;
925
926 ubifs_assert(c, ubifs_zn_dirty(znode));
927 ubifs_assert(c, ubifs_zn_cow(znode));
928
929 /*
930 * It is important that other threads should see %DIRTY_ZNODE
931 * flag cleared before %COW_ZNODE. Specifically, it matters in
932 * the 'dirty_cow_znode()' function. This is the reason for the
933 * first barrier. Also, we want the bit changes to be seen to
934 * other threads ASAP, to avoid unnecessary copying, which is
935 * the reason for the second barrier.
936 */
937 clear_bit(DIRTY_ZNODE, &znode->flags);
938 smp_mb__before_atomic();
939 clear_bit(COW_ZNODE, &znode->flags);
940 smp_mb__after_atomic();
941
942 /*
943 * We have marked the znode as clean but have not updated the
944 * @c->clean_zn_cnt counter. If this znode becomes dirty again
945 * before 'free_obsolete_znodes()' is called, then
946 * @c->clean_zn_cnt will be decremented before it gets
947 * incremented (resulting in 2 decrements for the same znode).
948 * This means that @c->clean_zn_cnt may become negative for a
949 * while.
950 *
951 * Q: why we cannot increment @c->clean_zn_cnt?
952 * A: because we do not have the @c->tnc_mutex locked, and the
953 * following code would be racy and buggy:
954 *
955 * if (!ubifs_zn_obsolete(znode)) {
956 * atomic_long_inc(&c->clean_zn_cnt);
957 * atomic_long_inc(&ubifs_clean_zn_cnt);
958 * }
959 *
960 * Thus, we just delay the @c->clean_zn_cnt update until we
961 * have the mutex locked.
962 */
963
964 /* Do not access znode from this point on */
965
966 /* Update buffer positions */
967 wlen = used + len;
968 used += ALIGN(len, 8);
969 avail -= ALIGN(len, 8);
970
971 /*
972 * Calculate the next index node length to see if there is
973 * enough room for it
974 */
975 if (cnext == c->cnext)
976 next_len = 0;
977 else
978 next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
979
980 nxt_offs = buf_offs + used + next_len;
981 if (next_len && nxt_offs <= c->leb_size) {
982 if (avail > 0)
983 continue;
984 else
985 blen = buf_len;
986 } else {
987 wlen = ALIGN(wlen, 8);
988 blen = ALIGN(wlen, c->min_io_size);
989 ubifs_pad(c, c->cbuf + wlen, blen - wlen);
990 }
991
992 /* The buffer is full or there are no more znodes to do */
993 err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
994 if (err)
995 return err;
996 buf_offs += blen;
997 if (next_len) {
998 if (nxt_offs > c->leb_size) {
999 err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
1000 0, LPROPS_TAKEN);
1001 if (err)
1002 return err;
1003 lnum = -1;
1004 }
1005 used -= blen;
1006 if (used < 0)
1007 used = 0;
1008 avail = buf_len - used;
1009 memmove(c->cbuf, c->cbuf + blen, used);
1010 continue;
1011 }
1012 break;
1013 }
1014
1015 if (lnum != c->dbg->new_ihead_lnum ||
1016 buf_offs != c->dbg->new_ihead_offs) {
1017 ubifs_err(c, "inconsistent ihead");
1018 return -EINVAL;
1019 }
1020
1021 c->ihead_lnum = lnum;
1022 c->ihead_offs = buf_offs;
1023
1024 return 0;
1025 }
1026
1027 /**
1028 * free_obsolete_znodes - free obsolete znodes.
1029 * @c: UBIFS file-system description object
1030 *
1031 * At the end of commit end, obsolete znodes are freed.
1032 */
free_obsolete_znodes(struct ubifs_info * c)1033 static void free_obsolete_znodes(struct ubifs_info *c)
1034 {
1035 struct ubifs_znode *znode, *cnext;
1036
1037 cnext = c->cnext;
1038 do {
1039 znode = cnext;
1040 cnext = znode->cnext;
1041 if (ubifs_zn_obsolete(znode))
1042 kfree(znode);
1043 else {
1044 znode->cnext = NULL;
1045 atomic_long_inc(&c->clean_zn_cnt);
1046 atomic_long_inc(&ubifs_clean_zn_cnt);
1047 }
1048 } while (cnext != c->cnext);
1049 }
1050
1051 /**
1052 * return_gap_lebs - return LEBs used by the in-gap commit method.
1053 * @c: UBIFS file-system description object
1054 *
1055 * This function clears the "taken" flag for the LEBs which were used by the
1056 * "commit in-the-gaps" method.
1057 */
return_gap_lebs(struct ubifs_info * c)1058 static int return_gap_lebs(struct ubifs_info *c)
1059 {
1060 int *p, err;
1061
1062 if (!c->gap_lebs)
1063 return 0;
1064
1065 dbg_cmt("");
1066 for (p = c->gap_lebs; *p != -1; p++) {
1067 err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
1068 LPROPS_TAKEN, 0);
1069 if (err)
1070 return err;
1071 }
1072
1073 kfree(c->gap_lebs);
1074 c->gap_lebs = NULL;
1075 return 0;
1076 }
1077
1078 /**
1079 * ubifs_tnc_end_commit - update the TNC for commit end.
1080 * @c: UBIFS file-system description object
1081 *
1082 * Write the dirty znodes.
1083 */
ubifs_tnc_end_commit(struct ubifs_info * c)1084 int ubifs_tnc_end_commit(struct ubifs_info *c)
1085 {
1086 int err;
1087
1088 if (!c->cnext)
1089 return 0;
1090
1091 err = return_gap_lebs(c);
1092 if (err)
1093 return err;
1094
1095 err = write_index(c);
1096 if (err)
1097 return err;
1098
1099 mutex_lock(&c->tnc_mutex);
1100
1101 dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
1102
1103 free_obsolete_znodes(c);
1104
1105 c->cnext = NULL;
1106 kfree(c->ilebs);
1107 c->ilebs = NULL;
1108
1109 mutex_unlock(&c->tnc_mutex);
1110
1111 return 0;
1112 }
1113