xref: /linux/fs/nilfs2/recovery.c (revision f5f4745a7f057b58c9728ee4e2c5d6d79f382fe7)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * NILFS recovery logic
4  *
5  * Copyright (C) 2005-2008 Nippon Telegraph and Telephone Corporation.
6  *
7  * Written by Ryusuke Konishi.
8  */
9 
10 #include <linux/buffer_head.h>
11 #include <linux/blkdev.h>
12 #include <linux/swap.h>
13 #include <linux/slab.h>
14 #include <linux/crc32.h>
15 #include "nilfs.h"
16 #include "segment.h"
17 #include "sufile.h"
18 #include "page.h"
19 #include "segbuf.h"
20 
21 /*
22  * Segment check result
23  */
24 enum {
25 	NILFS_SEG_VALID,
26 	NILFS_SEG_NO_SUPER_ROOT,
27 	NILFS_SEG_FAIL_IO,
28 	NILFS_SEG_FAIL_MAGIC,
29 	NILFS_SEG_FAIL_SEQ,
30 	NILFS_SEG_FAIL_CHECKSUM_SUPER_ROOT,
31 	NILFS_SEG_FAIL_CHECKSUM_FULL,
32 	NILFS_SEG_FAIL_CONSISTENCY,
33 };
34 
35 /* work structure for recovery */
36 struct nilfs_recovery_block {
37 	ino_t ino;		/*
38 				 * Inode number of the file that this block
39 				 * belongs to
40 				 */
41 	sector_t blocknr;	/* block number */
42 	__u64 vblocknr;		/* virtual block number */
43 	unsigned long blkoff;	/* File offset of the data block (per block) */
44 	struct list_head list;
45 };
46 
47 
nilfs_warn_segment_error(struct super_block * sb,int err)48 static int nilfs_warn_segment_error(struct super_block *sb, int err)
49 {
50 	const char *msg = NULL;
51 
52 	switch (err) {
53 	case NILFS_SEG_FAIL_IO:
54 		nilfs_err(sb, "I/O error reading segment");
55 		return -EIO;
56 	case NILFS_SEG_FAIL_MAGIC:
57 		msg = "Magic number mismatch";
58 		break;
59 	case NILFS_SEG_FAIL_SEQ:
60 		msg = "Sequence number mismatch";
61 		break;
62 	case NILFS_SEG_FAIL_CHECKSUM_SUPER_ROOT:
63 		msg = "Checksum error in super root";
64 		break;
65 	case NILFS_SEG_FAIL_CHECKSUM_FULL:
66 		msg = "Checksum error in segment payload";
67 		break;
68 	case NILFS_SEG_FAIL_CONSISTENCY:
69 		msg = "Inconsistency found";
70 		break;
71 	case NILFS_SEG_NO_SUPER_ROOT:
72 		msg = "No super root in the last segment";
73 		break;
74 	default:
75 		nilfs_err(sb, "unrecognized segment error %d", err);
76 		return -EINVAL;
77 	}
78 	nilfs_warn(sb, "invalid segment: %s", msg);
79 	return -EINVAL;
80 }
81 
82 /**
83  * nilfs_compute_checksum - compute checksum of blocks continuously
84  * @nilfs: nilfs object
85  * @bhs: buffer head of start block
86  * @sum: place to store result
87  * @offset: offset bytes in the first block
88  * @check_bytes: number of bytes to be checked
89  * @start: DBN of start block
90  * @nblock: number of blocks to be checked
91  */
nilfs_compute_checksum(struct the_nilfs * nilfs,struct buffer_head * bhs,u32 * sum,unsigned long offset,u64 check_bytes,sector_t start,unsigned long nblock)92 static int nilfs_compute_checksum(struct the_nilfs *nilfs,
93 				  struct buffer_head *bhs, u32 *sum,
94 				  unsigned long offset, u64 check_bytes,
95 				  sector_t start, unsigned long nblock)
96 {
97 	unsigned int blocksize = nilfs->ns_blocksize;
98 	unsigned long size;
99 	u32 crc;
100 
101 	BUG_ON(offset >= blocksize);
102 	check_bytes -= offset;
103 	size = min_t(u64, check_bytes, blocksize - offset);
104 	crc = crc32_le(nilfs->ns_crc_seed,
105 		       (unsigned char *)bhs->b_data + offset, size);
106 	if (--nblock > 0) {
107 		do {
108 			struct buffer_head *bh;
109 
110 			bh = __bread(nilfs->ns_bdev, ++start, blocksize);
111 			if (!bh)
112 				return -EIO;
113 			check_bytes -= size;
114 			size = min_t(u64, check_bytes, blocksize);
115 			crc = crc32_le(crc, bh->b_data, size);
116 			brelse(bh);
117 		} while (--nblock > 0);
118 	}
119 	*sum = crc;
120 	return 0;
121 }
122 
123 /**
124  * nilfs_read_super_root_block - read super root block
125  * @nilfs: nilfs object
126  * @sr_block: disk block number of the super root block
127  * @pbh: address of a buffer_head pointer to return super root buffer
128  * @check: CRC check flag
129  */
nilfs_read_super_root_block(struct the_nilfs * nilfs,sector_t sr_block,struct buffer_head ** pbh,int check)130 int nilfs_read_super_root_block(struct the_nilfs *nilfs, sector_t sr_block,
131 				struct buffer_head **pbh, int check)
132 {
133 	struct buffer_head *bh_sr;
134 	struct nilfs_super_root *sr;
135 	u32 crc;
136 	int ret;
137 
138 	*pbh = NULL;
139 	bh_sr = __bread(nilfs->ns_bdev, sr_block, nilfs->ns_blocksize);
140 	if (unlikely(!bh_sr)) {
141 		ret = NILFS_SEG_FAIL_IO;
142 		goto failed;
143 	}
144 
145 	sr = (struct nilfs_super_root *)bh_sr->b_data;
146 	if (check) {
147 		unsigned int bytes = le16_to_cpu(sr->sr_bytes);
148 
149 		if (bytes == 0 || bytes > nilfs->ns_blocksize) {
150 			ret = NILFS_SEG_FAIL_CHECKSUM_SUPER_ROOT;
151 			goto failed_bh;
152 		}
153 		if (nilfs_compute_checksum(
154 			    nilfs, bh_sr, &crc, sizeof(sr->sr_sum), bytes,
155 			    sr_block, 1)) {
156 			ret = NILFS_SEG_FAIL_IO;
157 			goto failed_bh;
158 		}
159 		if (crc != le32_to_cpu(sr->sr_sum)) {
160 			ret = NILFS_SEG_FAIL_CHECKSUM_SUPER_ROOT;
161 			goto failed_bh;
162 		}
163 	}
164 	*pbh = bh_sr;
165 	return 0;
166 
167  failed_bh:
168 	brelse(bh_sr);
169 
170  failed:
171 	return nilfs_warn_segment_error(nilfs->ns_sb, ret);
172 }
173 
174 /**
175  * nilfs_read_log_header - read summary header of the specified log
176  * @nilfs: nilfs object
177  * @start_blocknr: start block number of the log
178  * @sum: pointer to return segment summary structure
179  */
180 static struct buffer_head *
nilfs_read_log_header(struct the_nilfs * nilfs,sector_t start_blocknr,struct nilfs_segment_summary ** sum)181 nilfs_read_log_header(struct the_nilfs *nilfs, sector_t start_blocknr,
182 		      struct nilfs_segment_summary **sum)
183 {
184 	struct buffer_head *bh_sum;
185 
186 	bh_sum = __bread(nilfs->ns_bdev, start_blocknr, nilfs->ns_blocksize);
187 	if (bh_sum)
188 		*sum = (struct nilfs_segment_summary *)bh_sum->b_data;
189 	return bh_sum;
190 }
191 
192 /**
193  * nilfs_validate_log - verify consistency of log
194  * @nilfs: nilfs object
195  * @seg_seq: sequence number of segment
196  * @bh_sum: buffer head of summary block
197  * @sum: segment summary struct
198  */
nilfs_validate_log(struct the_nilfs * nilfs,u64 seg_seq,struct buffer_head * bh_sum,struct nilfs_segment_summary * sum)199 static int nilfs_validate_log(struct the_nilfs *nilfs, u64 seg_seq,
200 			      struct buffer_head *bh_sum,
201 			      struct nilfs_segment_summary *sum)
202 {
203 	unsigned long nblock;
204 	u32 crc;
205 	int ret;
206 
207 	ret = NILFS_SEG_FAIL_MAGIC;
208 	if (le32_to_cpu(sum->ss_magic) != NILFS_SEGSUM_MAGIC)
209 		goto out;
210 
211 	ret = NILFS_SEG_FAIL_SEQ;
212 	if (le64_to_cpu(sum->ss_seq) != seg_seq)
213 		goto out;
214 
215 	nblock = le32_to_cpu(sum->ss_nblocks);
216 	ret = NILFS_SEG_FAIL_CONSISTENCY;
217 	if (unlikely(nblock == 0 || nblock > nilfs->ns_blocks_per_segment))
218 		/* This limits the number of blocks read in the CRC check */
219 		goto out;
220 
221 	ret = NILFS_SEG_FAIL_IO;
222 	if (nilfs_compute_checksum(nilfs, bh_sum, &crc, sizeof(sum->ss_datasum),
223 				   ((u64)nblock << nilfs->ns_blocksize_bits),
224 				   bh_sum->b_blocknr, nblock))
225 		goto out;
226 
227 	ret = NILFS_SEG_FAIL_CHECKSUM_FULL;
228 	if (crc != le32_to_cpu(sum->ss_datasum))
229 		goto out;
230 	ret = 0;
231 out:
232 	return ret;
233 }
234 
235 /**
236  * nilfs_read_summary_info - read an item on summary blocks of a log
237  * @nilfs: nilfs object
238  * @pbh: the current buffer head on summary blocks [in, out]
239  * @offset: the current byte offset on summary blocks [in, out]
240  * @bytes: byte size of the item to be read
241  */
nilfs_read_summary_info(struct the_nilfs * nilfs,struct buffer_head ** pbh,unsigned int * offset,unsigned int bytes)242 static void *nilfs_read_summary_info(struct the_nilfs *nilfs,
243 				     struct buffer_head **pbh,
244 				     unsigned int *offset, unsigned int bytes)
245 {
246 	void *ptr;
247 	sector_t blocknr;
248 
249 	BUG_ON((*pbh)->b_size < *offset);
250 	if (bytes > (*pbh)->b_size - *offset) {
251 		blocknr = (*pbh)->b_blocknr;
252 		brelse(*pbh);
253 		*pbh = __bread(nilfs->ns_bdev, blocknr + 1,
254 			       nilfs->ns_blocksize);
255 		if (unlikely(!*pbh))
256 			return NULL;
257 		*offset = 0;
258 	}
259 	ptr = (*pbh)->b_data + *offset;
260 	*offset += bytes;
261 	return ptr;
262 }
263 
264 /**
265  * nilfs_skip_summary_info - skip items on summary blocks of a log
266  * @nilfs: nilfs object
267  * @pbh: the current buffer head on summary blocks [in, out]
268  * @offset: the current byte offset on summary blocks [in, out]
269  * @bytes: byte size of the item to be skipped
270  * @count: number of items to be skipped
271  */
nilfs_skip_summary_info(struct the_nilfs * nilfs,struct buffer_head ** pbh,unsigned int * offset,unsigned int bytes,unsigned long count)272 static void nilfs_skip_summary_info(struct the_nilfs *nilfs,
273 				    struct buffer_head **pbh,
274 				    unsigned int *offset, unsigned int bytes,
275 				    unsigned long count)
276 {
277 	unsigned int rest_item_in_current_block
278 		= ((*pbh)->b_size - *offset) / bytes;
279 
280 	if (count <= rest_item_in_current_block) {
281 		*offset += bytes * count;
282 	} else {
283 		sector_t blocknr = (*pbh)->b_blocknr;
284 		unsigned int nitem_per_block = (*pbh)->b_size / bytes;
285 		unsigned int bcnt;
286 
287 		count -= rest_item_in_current_block;
288 		bcnt = DIV_ROUND_UP(count, nitem_per_block);
289 		*offset = bytes * (count - (bcnt - 1) * nitem_per_block);
290 
291 		brelse(*pbh);
292 		*pbh = __bread(nilfs->ns_bdev, blocknr + bcnt,
293 			       nilfs->ns_blocksize);
294 	}
295 }
296 
297 /**
298  * nilfs_scan_dsync_log - get block information of a log written for data sync
299  * @nilfs: nilfs object
300  * @start_blocknr: start block number of the log
301  * @sum: log summary information
302  * @head: list head to add nilfs_recovery_block struct
303  */
nilfs_scan_dsync_log(struct the_nilfs * nilfs,sector_t start_blocknr,struct nilfs_segment_summary * sum,struct list_head * head)304 static int nilfs_scan_dsync_log(struct the_nilfs *nilfs, sector_t start_blocknr,
305 				struct nilfs_segment_summary *sum,
306 				struct list_head *head)
307 {
308 	struct buffer_head *bh;
309 	unsigned int offset;
310 	u32 nfinfo, sumbytes;
311 	sector_t blocknr;
312 	ino_t ino;
313 	int err = -EIO;
314 
315 	nfinfo = le32_to_cpu(sum->ss_nfinfo);
316 	if (!nfinfo)
317 		return 0;
318 
319 	sumbytes = le32_to_cpu(sum->ss_sumbytes);
320 	blocknr = start_blocknr + DIV_ROUND_UP(sumbytes, nilfs->ns_blocksize);
321 	bh = __bread(nilfs->ns_bdev, start_blocknr, nilfs->ns_blocksize);
322 	if (unlikely(!bh))
323 		goto out;
324 
325 	offset = le16_to_cpu(sum->ss_bytes);
326 	for (;;) {
327 		unsigned long nblocks, ndatablk, nnodeblk;
328 		struct nilfs_finfo *finfo;
329 
330 		finfo = nilfs_read_summary_info(nilfs, &bh, &offset,
331 						sizeof(*finfo));
332 		if (unlikely(!finfo))
333 			goto out;
334 
335 		ino = le64_to_cpu(finfo->fi_ino);
336 		nblocks = le32_to_cpu(finfo->fi_nblocks);
337 		ndatablk = le32_to_cpu(finfo->fi_ndatablk);
338 		nnodeblk = nblocks - ndatablk;
339 
340 		while (ndatablk-- > 0) {
341 			struct nilfs_recovery_block *rb;
342 			struct nilfs_binfo_v *binfo;
343 
344 			binfo = nilfs_read_summary_info(nilfs, &bh, &offset,
345 							sizeof(*binfo));
346 			if (unlikely(!binfo))
347 				goto out;
348 
349 			rb = kmalloc(sizeof(*rb), GFP_NOFS);
350 			if (unlikely(!rb)) {
351 				err = -ENOMEM;
352 				goto out;
353 			}
354 			rb->ino = ino;
355 			rb->blocknr = blocknr++;
356 			rb->vblocknr = le64_to_cpu(binfo->bi_vblocknr);
357 			rb->blkoff = le64_to_cpu(binfo->bi_blkoff);
358 			/* INIT_LIST_HEAD(&rb->list); */
359 			list_add_tail(&rb->list, head);
360 		}
361 		if (--nfinfo == 0)
362 			break;
363 		blocknr += nnodeblk; /* always 0 for data sync logs */
364 		nilfs_skip_summary_info(nilfs, &bh, &offset, sizeof(__le64),
365 					nnodeblk);
366 		if (unlikely(!bh))
367 			goto out;
368 	}
369 	err = 0;
370  out:
371 	brelse(bh);   /* brelse(NULL) is just ignored */
372 	return err;
373 }
374 
dispose_recovery_list(struct list_head * head)375 static void dispose_recovery_list(struct list_head *head)
376 {
377 	while (!list_empty(head)) {
378 		struct nilfs_recovery_block *rb;
379 
380 		rb = list_first_entry(head, struct nilfs_recovery_block, list);
381 		list_del(&rb->list);
382 		kfree(rb);
383 	}
384 }
385 
386 struct nilfs_segment_entry {
387 	struct list_head	list;
388 	__u64			segnum;
389 };
390 
nilfs_segment_list_add(struct list_head * head,__u64 segnum)391 static int nilfs_segment_list_add(struct list_head *head, __u64 segnum)
392 {
393 	struct nilfs_segment_entry *ent = kmalloc(sizeof(*ent), GFP_NOFS);
394 
395 	if (unlikely(!ent))
396 		return -ENOMEM;
397 
398 	ent->segnum = segnum;
399 	INIT_LIST_HEAD(&ent->list);
400 	list_add_tail(&ent->list, head);
401 	return 0;
402 }
403 
nilfs_dispose_segment_list(struct list_head * head)404 void nilfs_dispose_segment_list(struct list_head *head)
405 {
406 	while (!list_empty(head)) {
407 		struct nilfs_segment_entry *ent;
408 
409 		ent = list_first_entry(head, struct nilfs_segment_entry, list);
410 		list_del(&ent->list);
411 		kfree(ent);
412 	}
413 }
414 
nilfs_prepare_segment_for_recovery(struct the_nilfs * nilfs,struct super_block * sb,struct nilfs_recovery_info * ri)415 static int nilfs_prepare_segment_for_recovery(struct the_nilfs *nilfs,
416 					      struct super_block *sb,
417 					      struct nilfs_recovery_info *ri)
418 {
419 	struct list_head *head = &ri->ri_used_segments;
420 	struct nilfs_segment_entry *ent, *n;
421 	struct inode *sufile = nilfs->ns_sufile;
422 	__u64 segnum[4];
423 	int err;
424 	int i;
425 
426 	segnum[0] = nilfs->ns_segnum;
427 	segnum[1] = nilfs->ns_nextnum;
428 	segnum[2] = ri->ri_segnum;
429 	segnum[3] = ri->ri_nextnum;
430 
431 	/*
432 	 * Releasing the next segment of the latest super root.
433 	 * The next segment is invalidated by this recovery.
434 	 */
435 	err = nilfs_sufile_free(sufile, segnum[1]);
436 	if (unlikely(err)) {
437 		if (err == -ENOENT) {
438 			nilfs_err(sb,
439 				  "checkpoint log inconsistency at block %llu (segment %llu): next segment %llu is unallocated",
440 				  (unsigned long long)nilfs->ns_last_pseg,
441 				  (unsigned long long)nilfs->ns_segnum,
442 				  (unsigned long long)segnum[1]);
443 			err = -EINVAL;
444 		}
445 		goto failed;
446 	}
447 
448 	for (i = 1; i < 4; i++) {
449 		err = nilfs_segment_list_add(head, segnum[i]);
450 		if (unlikely(err))
451 			goto failed;
452 	}
453 
454 	/*
455 	 * Collecting segments written after the latest super root.
456 	 * These are marked dirty to avoid being reallocated in the next write.
457 	 */
458 	list_for_each_entry_safe(ent, n, head, list) {
459 		if (ent->segnum != segnum[0]) {
460 			err = nilfs_sufile_scrap(sufile, ent->segnum);
461 			if (unlikely(err))
462 				goto failed;
463 		}
464 		list_del(&ent->list);
465 		kfree(ent);
466 	}
467 
468 	/* Allocate new segments for recovery */
469 	err = nilfs_sufile_alloc(sufile, &segnum[0]);
470 	if (unlikely(err))
471 		goto failed;
472 
473 	nilfs->ns_pseg_offset = 0;
474 	nilfs->ns_seg_seq = ri->ri_seq + 2;
475 	nilfs->ns_nextnum = nilfs->ns_segnum = segnum[0];
476 
477  failed:
478 	/* No need to recover sufile because it will be destroyed on error */
479 	return err;
480 }
481 
nilfs_recovery_copy_block(struct the_nilfs * nilfs,struct nilfs_recovery_block * rb,loff_t pos,struct folio * folio)482 static int nilfs_recovery_copy_block(struct the_nilfs *nilfs,
483 				     struct nilfs_recovery_block *rb,
484 				     loff_t pos, struct folio *folio)
485 {
486 	struct buffer_head *bh_org;
487 	size_t from = offset_in_folio(folio, pos);
488 
489 	bh_org = __bread(nilfs->ns_bdev, rb->blocknr, nilfs->ns_blocksize);
490 	if (unlikely(!bh_org))
491 		return -EIO;
492 
493 	memcpy_to_folio(folio, from, bh_org->b_data, bh_org->b_size);
494 	brelse(bh_org);
495 	return 0;
496 }
497 
nilfs_recover_dsync_blocks(struct the_nilfs * nilfs,struct super_block * sb,struct nilfs_root * root,struct list_head * head,unsigned long * nr_salvaged_blocks)498 static int nilfs_recover_dsync_blocks(struct the_nilfs *nilfs,
499 				      struct super_block *sb,
500 				      struct nilfs_root *root,
501 				      struct list_head *head,
502 				      unsigned long *nr_salvaged_blocks)
503 {
504 	struct inode *inode;
505 	struct nilfs_recovery_block *rb, *n;
506 	unsigned int blocksize = nilfs->ns_blocksize;
507 	struct folio *folio;
508 	loff_t pos;
509 	int err = 0, err2 = 0;
510 
511 	list_for_each_entry_safe(rb, n, head, list) {
512 		inode = nilfs_iget(sb, root, rb->ino);
513 		if (IS_ERR(inode)) {
514 			err = PTR_ERR(inode);
515 			inode = NULL;
516 			goto failed_inode;
517 		}
518 
519 		pos = rb->blkoff << inode->i_blkbits;
520 		err = block_write_begin(inode->i_mapping, pos, blocksize,
521 					&folio, nilfs_get_block);
522 		if (unlikely(err)) {
523 			loff_t isize = inode->i_size;
524 
525 			if (pos + blocksize > isize)
526 				nilfs_write_failed(inode->i_mapping,
527 							pos + blocksize);
528 			goto failed_inode;
529 		}
530 
531 		err = nilfs_recovery_copy_block(nilfs, rb, pos, folio);
532 		if (unlikely(err))
533 			goto failed_folio;
534 
535 		err = nilfs_set_file_dirty(inode, 1);
536 		if (unlikely(err))
537 			goto failed_folio;
538 
539 		block_write_end(NULL, inode->i_mapping, pos, blocksize,
540 				blocksize, folio, NULL);
541 
542 		folio_unlock(folio);
543 		folio_put(folio);
544 
545 		(*nr_salvaged_blocks)++;
546 		goto next;
547 
548  failed_folio:
549 		folio_unlock(folio);
550 		folio_put(folio);
551 
552  failed_inode:
553 		nilfs_warn(sb,
554 			   "error %d recovering data block (ino=%lu, block-offset=%llu)",
555 			   err, (unsigned long)rb->ino,
556 			   (unsigned long long)rb->blkoff);
557 		if (!err2)
558 			err2 = err;
559  next:
560 		iput(inode); /* iput(NULL) is just ignored */
561 		list_del_init(&rb->list);
562 		kfree(rb);
563 	}
564 	return err2;
565 }
566 
567 /**
568  * nilfs_do_roll_forward - salvage logical segments newer than the latest
569  * checkpoint
570  * @nilfs: nilfs object
571  * @sb: super block instance
572  * @root: NILFS root instance
573  * @ri: pointer to a nilfs_recovery_info
574  */
nilfs_do_roll_forward(struct the_nilfs * nilfs,struct super_block * sb,struct nilfs_root * root,struct nilfs_recovery_info * ri)575 static int nilfs_do_roll_forward(struct the_nilfs *nilfs,
576 				 struct super_block *sb,
577 				 struct nilfs_root *root,
578 				 struct nilfs_recovery_info *ri)
579 {
580 	struct buffer_head *bh_sum = NULL;
581 	struct nilfs_segment_summary *sum = NULL;
582 	sector_t pseg_start;
583 	sector_t seg_start, seg_end;  /* Starting/ending DBN of full segment */
584 	unsigned long nsalvaged_blocks = 0;
585 	unsigned int flags;
586 	u64 seg_seq;
587 	__u64 segnum, nextnum = 0;
588 	int empty_seg = 0;
589 	int err = 0, ret;
590 	LIST_HEAD(dsync_blocks);  /* list of data blocks to be recovered */
591 	enum {
592 		RF_INIT_ST,
593 		RF_DSYNC_ST,   /* scanning data-sync segments */
594 	};
595 	int state = RF_INIT_ST;
596 
597 	pseg_start = ri->ri_lsegs_start;
598 	seg_seq = ri->ri_lsegs_start_seq;
599 	segnum = nilfs_get_segnum_of_block(nilfs, pseg_start);
600 	nilfs_get_segment_range(nilfs, segnum, &seg_start, &seg_end);
601 
602 	while (segnum != ri->ri_segnum || pseg_start <= ri->ri_pseg_start) {
603 		brelse(bh_sum);
604 		bh_sum = nilfs_read_log_header(nilfs, pseg_start, &sum);
605 		if (!bh_sum) {
606 			err = -EIO;
607 			goto failed;
608 		}
609 
610 		ret = nilfs_validate_log(nilfs, seg_seq, bh_sum, sum);
611 		if (ret) {
612 			if (ret == NILFS_SEG_FAIL_IO) {
613 				err = -EIO;
614 				goto failed;
615 			}
616 			goto strayed;
617 		}
618 
619 		flags = le16_to_cpu(sum->ss_flags);
620 		if (flags & NILFS_SS_SR)
621 			goto confused;
622 
623 		/* Found a valid partial segment; do recovery actions */
624 		nextnum = nilfs_get_segnum_of_block(nilfs,
625 						    le64_to_cpu(sum->ss_next));
626 		empty_seg = 0;
627 		nilfs->ns_ctime = le64_to_cpu(sum->ss_create);
628 		if (!(flags & NILFS_SS_GC))
629 			nilfs->ns_nongc_ctime = nilfs->ns_ctime;
630 
631 		switch (state) {
632 		case RF_INIT_ST:
633 			if (!(flags & NILFS_SS_LOGBGN) ||
634 			    !(flags & NILFS_SS_SYNDT))
635 				goto try_next_pseg;
636 			state = RF_DSYNC_ST;
637 			fallthrough;
638 		case RF_DSYNC_ST:
639 			if (!(flags & NILFS_SS_SYNDT))
640 				goto confused;
641 
642 			err = nilfs_scan_dsync_log(nilfs, pseg_start, sum,
643 						   &dsync_blocks);
644 			if (unlikely(err))
645 				goto failed;
646 			if (flags & NILFS_SS_LOGEND) {
647 				err = nilfs_recover_dsync_blocks(
648 					nilfs, sb, root, &dsync_blocks,
649 					&nsalvaged_blocks);
650 				if (unlikely(err))
651 					goto failed;
652 				state = RF_INIT_ST;
653 			}
654 			break; /* Fall through to try_next_pseg */
655 		}
656 
657  try_next_pseg:
658 		if (pseg_start == ri->ri_lsegs_end)
659 			break;
660 		pseg_start += le32_to_cpu(sum->ss_nblocks);
661 		if (pseg_start < seg_end)
662 			continue;
663 		goto feed_segment;
664 
665  strayed:
666 		if (pseg_start == ri->ri_lsegs_end)
667 			break;
668 
669  feed_segment:
670 		/* Looking to the next full segment */
671 		if (empty_seg++)
672 			break;
673 		seg_seq++;
674 		segnum = nextnum;
675 		nilfs_get_segment_range(nilfs, segnum, &seg_start, &seg_end);
676 		pseg_start = seg_start;
677 	}
678 
679 	if (nsalvaged_blocks) {
680 		nilfs_info(sb, "salvaged %lu blocks", nsalvaged_blocks);
681 		ri->ri_need_recovery = NILFS_RECOVERY_ROLLFORWARD_DONE;
682 	}
683  out:
684 	brelse(bh_sum);
685 	dispose_recovery_list(&dsync_blocks);
686 	return err;
687 
688  confused:
689 	err = -EINVAL;
690  failed:
691 	nilfs_err(sb,
692 		  "error %d roll-forwarding partial segment at blocknr = %llu",
693 		  err, (unsigned long long)pseg_start);
694 	goto out;
695 }
696 
nilfs_finish_roll_forward(struct the_nilfs * nilfs,struct nilfs_recovery_info * ri)697 static void nilfs_finish_roll_forward(struct the_nilfs *nilfs,
698 				      struct nilfs_recovery_info *ri)
699 {
700 	struct buffer_head *bh;
701 	int err;
702 
703 	if (nilfs_get_segnum_of_block(nilfs, ri->ri_lsegs_start) !=
704 	    nilfs_get_segnum_of_block(nilfs, ri->ri_super_root))
705 		return;
706 
707 	bh = __getblk(nilfs->ns_bdev, ri->ri_lsegs_start, nilfs->ns_blocksize);
708 	if (WARN_ON(!bh))
709 		return;  /* should never happen */
710 
711 	lock_buffer(bh);
712 	memset(bh->b_data, 0, bh->b_size);
713 	set_buffer_uptodate(bh);
714 	set_buffer_dirty(bh);
715 	unlock_buffer(bh);
716 
717 	err = sync_dirty_buffer(bh);
718 	if (unlikely(err))
719 		nilfs_warn(nilfs->ns_sb,
720 			   "buffer sync write failed during post-cleaning of recovery.");
721 	brelse(bh);
722 }
723 
724 /**
725  * nilfs_abort_roll_forward - cleaning up after a failed rollforward recovery
726  * @nilfs: nilfs object
727  */
nilfs_abort_roll_forward(struct the_nilfs * nilfs)728 static void nilfs_abort_roll_forward(struct the_nilfs *nilfs)
729 {
730 	struct nilfs_inode_info *ii, *n;
731 	LIST_HEAD(head);
732 
733 	/* Abandon inodes that have read recovery data */
734 	spin_lock(&nilfs->ns_inode_lock);
735 	list_splice_init(&nilfs->ns_dirty_files, &head);
736 	spin_unlock(&nilfs->ns_inode_lock);
737 	if (list_empty(&head))
738 		return;
739 
740 	set_nilfs_purging(nilfs);
741 	list_for_each_entry_safe(ii, n, &head, i_dirty) {
742 		spin_lock(&nilfs->ns_inode_lock);
743 		list_del_init(&ii->i_dirty);
744 		spin_unlock(&nilfs->ns_inode_lock);
745 
746 		iput(&ii->vfs_inode);
747 	}
748 	clear_nilfs_purging(nilfs);
749 }
750 
751 /**
752  * nilfs_salvage_orphan_logs - salvage logs written after the latest checkpoint
753  * @nilfs: nilfs object
754  * @sb: super block instance
755  * @ri: pointer to a nilfs_recovery_info struct to store search results.
756  *
757  * Return Value: On success, 0 is returned.  On error, one of the following
758  * negative error code is returned.
759  *
760  * %-EINVAL - Inconsistent filesystem state.
761  *
762  * %-EIO - I/O error
763  *
764  * %-ENOSPC - No space left on device (only in a panic state).
765  *
766  * %-ERESTARTSYS - Interrupted.
767  *
768  * %-ENOMEM - Insufficient memory available.
769  */
nilfs_salvage_orphan_logs(struct the_nilfs * nilfs,struct super_block * sb,struct nilfs_recovery_info * ri)770 int nilfs_salvage_orphan_logs(struct the_nilfs *nilfs,
771 			      struct super_block *sb,
772 			      struct nilfs_recovery_info *ri)
773 {
774 	struct nilfs_root *root;
775 	int err;
776 
777 	if (ri->ri_lsegs_start == 0 || ri->ri_lsegs_end == 0)
778 		return 0;
779 
780 	err = nilfs_attach_checkpoint(sb, ri->ri_cno, true, &root);
781 	if (unlikely(err)) {
782 		nilfs_err(sb, "error %d loading the latest checkpoint", err);
783 		return err;
784 	}
785 
786 	err = nilfs_do_roll_forward(nilfs, sb, root, ri);
787 	if (unlikely(err))
788 		goto failed;
789 
790 	if (ri->ri_need_recovery == NILFS_RECOVERY_ROLLFORWARD_DONE) {
791 		err = nilfs_prepare_segment_for_recovery(nilfs, sb, ri);
792 		if (unlikely(err)) {
793 			nilfs_err(sb, "error %d preparing segment for recovery",
794 				  err);
795 			goto failed;
796 		}
797 
798 		err = nilfs_attach_log_writer(sb, root);
799 		if (unlikely(err))
800 			goto failed;
801 
802 		set_nilfs_discontinued(nilfs);
803 		err = nilfs_construct_segment(sb);
804 		nilfs_detach_log_writer(sb);
805 
806 		if (unlikely(err)) {
807 			nilfs_err(sb, "error %d writing segment for recovery",
808 				  err);
809 			goto put_root;
810 		}
811 
812 		nilfs_finish_roll_forward(nilfs, ri);
813 	}
814 
815 put_root:
816 	nilfs_put_root(root);
817 	return err;
818 
819 failed:
820 	nilfs_abort_roll_forward(nilfs);
821 	goto put_root;
822 }
823 
824 /**
825  * nilfs_search_super_root - search the latest valid super root
826  * @nilfs: the_nilfs
827  * @ri: pointer to a nilfs_recovery_info struct to store search results.
828  *
829  * nilfs_search_super_root() looks for the latest super-root from a partial
830  * segment pointed by the superblock.  It sets up struct the_nilfs through
831  * this search. It fills nilfs_recovery_info (ri) required for recovery.
832  *
833  * Return Value: On success, 0 is returned.  On error, one of the following
834  * negative error code is returned.
835  *
836  * %-EINVAL - No valid segment found
837  *
838  * %-EIO - I/O error
839  *
840  * %-ENOMEM - Insufficient memory available.
841  */
nilfs_search_super_root(struct the_nilfs * nilfs,struct nilfs_recovery_info * ri)842 int nilfs_search_super_root(struct the_nilfs *nilfs,
843 			    struct nilfs_recovery_info *ri)
844 {
845 	struct buffer_head *bh_sum = NULL;
846 	struct nilfs_segment_summary *sum = NULL;
847 	sector_t pseg_start, pseg_end, sr_pseg_start = 0;
848 	sector_t seg_start, seg_end; /* range of full segment (block number) */
849 	sector_t b, end;
850 	unsigned long nblocks;
851 	unsigned int flags;
852 	u64 seg_seq;
853 	__u64 segnum, nextnum = 0;
854 	__u64 cno;
855 	LIST_HEAD(segments);
856 	int empty_seg = 0, scan_newer = 0;
857 	int ret;
858 
859 	pseg_start = nilfs->ns_last_pseg;
860 	seg_seq = nilfs->ns_last_seq;
861 	cno = nilfs->ns_last_cno;
862 	segnum = nilfs_get_segnum_of_block(nilfs, pseg_start);
863 
864 	/* Calculate range of segment */
865 	nilfs_get_segment_range(nilfs, segnum, &seg_start, &seg_end);
866 
867 	/* Read ahead segment */
868 	b = seg_start;
869 	while (b <= seg_end)
870 		__breadahead(nilfs->ns_bdev, b++, nilfs->ns_blocksize);
871 
872 	for (;;) {
873 		brelse(bh_sum);
874 		ret = NILFS_SEG_FAIL_IO;
875 		bh_sum = nilfs_read_log_header(nilfs, pseg_start, &sum);
876 		if (!bh_sum)
877 			goto failed;
878 
879 		ret = nilfs_validate_log(nilfs, seg_seq, bh_sum, sum);
880 		if (ret) {
881 			if (ret == NILFS_SEG_FAIL_IO)
882 				goto failed;
883 			goto strayed;
884 		}
885 
886 		nblocks = le32_to_cpu(sum->ss_nblocks);
887 		pseg_end = pseg_start + nblocks - 1;
888 		if (unlikely(pseg_end > seg_end)) {
889 			ret = NILFS_SEG_FAIL_CONSISTENCY;
890 			goto strayed;
891 		}
892 
893 		/* A valid partial segment */
894 		ri->ri_pseg_start = pseg_start;
895 		ri->ri_seq = seg_seq;
896 		ri->ri_segnum = segnum;
897 		nextnum = nilfs_get_segnum_of_block(nilfs,
898 						    le64_to_cpu(sum->ss_next));
899 		ri->ri_nextnum = nextnum;
900 		empty_seg = 0;
901 
902 		flags = le16_to_cpu(sum->ss_flags);
903 		if (!(flags & NILFS_SS_SR) && !scan_newer) {
904 			/*
905 			 * This will never happen because a superblock
906 			 * (last_segment) always points to a pseg with
907 			 * a super root.
908 			 */
909 			ret = NILFS_SEG_FAIL_CONSISTENCY;
910 			goto failed;
911 		}
912 
913 		if (pseg_start == seg_start) {
914 			nilfs_get_segment_range(nilfs, nextnum, &b, &end);
915 			while (b <= end)
916 				__breadahead(nilfs->ns_bdev, b++,
917 					     nilfs->ns_blocksize);
918 		}
919 		if (!(flags & NILFS_SS_SR)) {
920 			if (!ri->ri_lsegs_start && (flags & NILFS_SS_LOGBGN)) {
921 				ri->ri_lsegs_start = pseg_start;
922 				ri->ri_lsegs_start_seq = seg_seq;
923 			}
924 			if (flags & NILFS_SS_LOGEND)
925 				ri->ri_lsegs_end = pseg_start;
926 			goto try_next_pseg;
927 		}
928 
929 		/* A valid super root was found. */
930 		ri->ri_cno = cno++;
931 		ri->ri_super_root = pseg_end;
932 		ri->ri_lsegs_start = ri->ri_lsegs_end = 0;
933 
934 		nilfs_dispose_segment_list(&segments);
935 		sr_pseg_start = pseg_start;
936 		nilfs->ns_pseg_offset = pseg_start + nblocks - seg_start;
937 		nilfs->ns_seg_seq = seg_seq;
938 		nilfs->ns_segnum = segnum;
939 		nilfs->ns_cno = cno;  /* nilfs->ns_cno = ri->ri_cno + 1 */
940 		nilfs->ns_ctime = le64_to_cpu(sum->ss_create);
941 		nilfs->ns_nextnum = nextnum;
942 
943 		if (scan_newer)
944 			ri->ri_need_recovery = NILFS_RECOVERY_SR_UPDATED;
945 		else {
946 			if (nilfs->ns_mount_state & NILFS_VALID_FS)
947 				goto super_root_found;
948 			scan_newer = 1;
949 		}
950 
951  try_next_pseg:
952 		/* Standing on a course, or met an inconsistent state */
953 		pseg_start += nblocks;
954 		if (pseg_start < seg_end)
955 			continue;
956 		goto feed_segment;
957 
958  strayed:
959 		/* Off the trail */
960 		if (!scan_newer)
961 			/*
962 			 * This can happen if a checkpoint was written without
963 			 * barriers, or as a result of an I/O failure.
964 			 */
965 			goto failed;
966 
967  feed_segment:
968 		/* Looking to the next full segment */
969 		if (empty_seg++)
970 			goto super_root_found; /* found a valid super root */
971 
972 		ret = nilfs_segment_list_add(&segments, segnum);
973 		if (unlikely(ret))
974 			goto failed;
975 
976 		seg_seq++;
977 		segnum = nextnum;
978 		nilfs_get_segment_range(nilfs, segnum, &seg_start, &seg_end);
979 		pseg_start = seg_start;
980 	}
981 
982  super_root_found:
983 	/* Updating pointers relating to the latest checkpoint */
984 	brelse(bh_sum);
985 	list_splice_tail(&segments, &ri->ri_used_segments);
986 	nilfs->ns_last_pseg = sr_pseg_start;
987 	nilfs->ns_last_seq = nilfs->ns_seg_seq;
988 	nilfs->ns_last_cno = ri->ri_cno;
989 	return 0;
990 
991  failed:
992 	brelse(bh_sum);
993 	nilfs_dispose_segment_list(&segments);
994 	return ret < 0 ? ret : nilfs_warn_segment_error(nilfs->ns_sb, ret);
995 }
996