1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2016 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_mount.h"
13 #include "xfs_defer.h"
14 #include "xfs_inode.h"
15 #include "xfs_trans.h"
16 #include "xfs_bmap.h"
17 #include "xfs_bmap_util.h"
18 #include "xfs_trace.h"
19 #include "xfs_icache.h"
20 #include "xfs_btree.h"
21 #include "xfs_refcount_btree.h"
22 #include "xfs_refcount.h"
23 #include "xfs_bmap_btree.h"
24 #include "xfs_trans_space.h"
25 #include "xfs_bit.h"
26 #include "xfs_alloc.h"
27 #include "xfs_quota.h"
28 #include "xfs_reflink.h"
29 #include "xfs_iomap.h"
30 #include "xfs_ag.h"
31 #include "xfs_ag_resv.h"
32 #include "xfs_health.h"
33 #include "xfs_rtrefcount_btree.h"
34 #include "xfs_rtalloc.h"
35 #include "xfs_rtgroup.h"
36 #include "xfs_metafile.h"
37
38 /*
39 * Copy on Write of Shared Blocks
40 *
41 * XFS must preserve "the usual" file semantics even when two files share
42 * the same physical blocks. This means that a write to one file must not
43 * alter the blocks in a different file; the way that we'll do that is
44 * through the use of a copy-on-write mechanism. At a high level, that
45 * means that when we want to write to a shared block, we allocate a new
46 * block, write the data to the new block, and if that succeeds we map the
47 * new block into the file.
48 *
49 * XFS provides a "delayed allocation" mechanism that defers the allocation
50 * of disk blocks to dirty-but-not-yet-mapped file blocks as long as
51 * possible. This reduces fragmentation by enabling the filesystem to ask
52 * for bigger chunks less often, which is exactly what we want for CoW.
53 *
54 * The delalloc mechanism begins when the kernel wants to make a block
55 * writable (write_begin or page_mkwrite). If the offset is not mapped, we
56 * create a delalloc mapping, which is a regular in-core extent, but without
57 * a real startblock. (For delalloc mappings, the startblock encodes both
58 * a flag that this is a delalloc mapping, and a worst-case estimate of how
59 * many blocks might be required to put the mapping into the BMBT.) delalloc
60 * mappings are a reservation against the free space in the filesystem;
61 * adjacent mappings can also be combined into fewer larger mappings.
62 *
63 * As an optimization, the CoW extent size hint (cowextsz) creates
64 * outsized aligned delalloc reservations in the hope of landing out of
65 * order nearby CoW writes in a single extent on disk, thereby reducing
66 * fragmentation and improving future performance.
67 *
68 * D: --RRRRRRSSSRRRRRRRR--- (data fork)
69 * C: ------DDDDDDD--------- (CoW fork)
70 *
71 * When dirty pages are being written out (typically in writepage), the
72 * delalloc reservations are converted into unwritten mappings by
73 * allocating blocks and replacing the delalloc mapping with real ones.
74 * A delalloc mapping can be replaced by several unwritten ones if the
75 * free space is fragmented.
76 *
77 * D: --RRRRRRSSSRRRRRRRR---
78 * C: ------UUUUUUU---------
79 *
80 * We want to adapt the delalloc mechanism for copy-on-write, since the
81 * write paths are similar. The first two steps (creating the reservation
82 * and allocating the blocks) are exactly the same as delalloc except that
83 * the mappings must be stored in a separate CoW fork because we do not want
84 * to disturb the mapping in the data fork until we're sure that the write
85 * succeeded. IO completion in this case is the process of removing the old
86 * mapping from the data fork and moving the new mapping from the CoW fork to
87 * the data fork. This will be discussed shortly.
88 *
89 * For now, unaligned directio writes will be bounced back to the page cache.
90 * Block-aligned directio writes will use the same mechanism as buffered
91 * writes.
92 *
93 * Just prior to submitting the actual disk write requests, we convert
94 * the extents representing the range of the file actually being written
95 * (as opposed to extra pieces created for the cowextsize hint) to real
96 * extents. This will become important in the next step:
97 *
98 * D: --RRRRRRSSSRRRRRRRR---
99 * C: ------UUrrUUU---------
100 *
101 * CoW remapping must be done after the data block write completes,
102 * because we don't want to destroy the old data fork map until we're sure
103 * the new block has been written. Since the new mappings are kept in a
104 * separate fork, we can simply iterate these mappings to find the ones
105 * that cover the file blocks that we just CoW'd. For each extent, simply
106 * unmap the corresponding range in the data fork, map the new range into
107 * the data fork, and remove the extent from the CoW fork. Because of
108 * the presence of the cowextsize hint, however, we must be careful
109 * only to remap the blocks that we've actually written out -- we must
110 * never remap delalloc reservations nor CoW staging blocks that have
111 * yet to be written. This corresponds exactly to the real extents in
112 * the CoW fork:
113 *
114 * D: --RRRRRRrrSRRRRRRRR---
115 * C: ------UU--UUU---------
116 *
117 * Since the remapping operation can be applied to an arbitrary file
118 * range, we record the need for the remap step as a flag in the ioend
119 * instead of declaring a new IO type. This is required for direct io
120 * because we only have ioend for the whole dio, and we have to be able to
121 * remember the presence of unwritten blocks and CoW blocks with a single
122 * ioend structure. Better yet, the more ground we can cover with one
123 * ioend, the better.
124 */
125
126 /*
127 * Given a file mapping for the data device, find the lowest-numbered run of
128 * shared blocks within that mapping and return it in shared_offset/shared_len.
129 * The offset is relative to the start of irec.
130 *
131 * If find_end_of_shared is true, return the longest contiguous extent of shared
132 * blocks. If there are no shared extents, shared_offset and shared_len will be
133 * set to 0;
134 */
135 static int
xfs_reflink_find_shared(struct xfs_mount * mp,struct xfs_trans * tp,const struct xfs_bmbt_irec * irec,xfs_extlen_t * shared_offset,xfs_extlen_t * shared_len,bool find_end_of_shared)136 xfs_reflink_find_shared(
137 struct xfs_mount *mp,
138 struct xfs_trans *tp,
139 const struct xfs_bmbt_irec *irec,
140 xfs_extlen_t *shared_offset,
141 xfs_extlen_t *shared_len,
142 bool find_end_of_shared)
143 {
144 struct xfs_buf *agbp;
145 struct xfs_perag *pag;
146 struct xfs_btree_cur *cur;
147 int error;
148 xfs_agblock_t orig_bno, found_bno;
149
150 pag = xfs_perag_get(mp, XFS_FSB_TO_AGNO(mp, irec->br_startblock));
151 orig_bno = XFS_FSB_TO_AGBNO(mp, irec->br_startblock);
152
153 error = xfs_alloc_read_agf(pag, tp, 0, &agbp);
154 if (error)
155 goto out;
156
157 cur = xfs_refcountbt_init_cursor(mp, tp, agbp, pag);
158 error = xfs_refcount_find_shared(cur, orig_bno, irec->br_blockcount,
159 &found_bno, shared_len, find_end_of_shared);
160 xfs_btree_del_cursor(cur, error);
161 xfs_trans_brelse(tp, agbp);
162
163 if (!error && *shared_len)
164 *shared_offset = found_bno - orig_bno;
165 out:
166 xfs_perag_put(pag);
167 return error;
168 }
169
170 /*
171 * Given a file mapping for the rt device, find the lowest-numbered run of
172 * shared blocks within that mapping and return it in shared_offset/shared_len.
173 * The offset is relative to the start of irec.
174 *
175 * If find_end_of_shared is true, return the longest contiguous extent of shared
176 * blocks. If there are no shared extents, shared_offset and shared_len will be
177 * set to 0;
178 */
179 static int
xfs_reflink_find_rtshared(struct xfs_mount * mp,struct xfs_trans * tp,const struct xfs_bmbt_irec * irec,xfs_extlen_t * shared_offset,xfs_extlen_t * shared_len,bool find_end_of_shared)180 xfs_reflink_find_rtshared(
181 struct xfs_mount *mp,
182 struct xfs_trans *tp,
183 const struct xfs_bmbt_irec *irec,
184 xfs_extlen_t *shared_offset,
185 xfs_extlen_t *shared_len,
186 bool find_end_of_shared)
187 {
188 struct xfs_rtgroup *rtg;
189 struct xfs_btree_cur *cur;
190 xfs_rgblock_t orig_bno;
191 xfs_agblock_t found_bno;
192 int error;
193
194 BUILD_BUG_ON(NULLRGBLOCK != NULLAGBLOCK);
195
196 /*
197 * Note: this uses the not quite correct xfs_agblock_t type because
198 * xfs_refcount_find_shared is shared between the RT and data device
199 * refcount code.
200 */
201 orig_bno = xfs_rtb_to_rgbno(mp, irec->br_startblock);
202 rtg = xfs_rtgroup_get(mp, xfs_rtb_to_rgno(mp, irec->br_startblock));
203
204 xfs_rtgroup_lock(rtg, XFS_RTGLOCK_REFCOUNT);
205 cur = xfs_rtrefcountbt_init_cursor(tp, rtg);
206 error = xfs_refcount_find_shared(cur, orig_bno, irec->br_blockcount,
207 &found_bno, shared_len, find_end_of_shared);
208 xfs_btree_del_cursor(cur, error);
209 xfs_rtgroup_unlock(rtg, XFS_RTGLOCK_REFCOUNT);
210 xfs_rtgroup_put(rtg);
211
212 if (!error && *shared_len)
213 *shared_offset = found_bno - orig_bno;
214 return error;
215 }
216
217 /*
218 * Trim the mapping to the next block where there's a change in the
219 * shared/unshared status. More specifically, this means that we
220 * find the lowest-numbered extent of shared blocks that coincides with
221 * the given block mapping. If the shared extent overlaps the start of
222 * the mapping, trim the mapping to the end of the shared extent. If
223 * the shared region intersects the mapping, trim the mapping to the
224 * start of the shared extent. If there are no shared regions that
225 * overlap, just return the original extent.
226 */
227 int
xfs_reflink_trim_around_shared(struct xfs_inode * ip,struct xfs_bmbt_irec * irec,bool * shared)228 xfs_reflink_trim_around_shared(
229 struct xfs_inode *ip,
230 struct xfs_bmbt_irec *irec,
231 bool *shared)
232 {
233 struct xfs_mount *mp = ip->i_mount;
234 xfs_extlen_t shared_offset, shared_len;
235 int error = 0;
236
237 /* Holes, unwritten, and delalloc extents cannot be shared */
238 if (!xfs_is_reflink_inode(ip) || !xfs_bmap_is_written_extent(irec)) {
239 *shared = false;
240 return 0;
241 }
242
243 trace_xfs_reflink_trim_around_shared(ip, irec);
244
245 if (XFS_IS_REALTIME_INODE(ip))
246 error = xfs_reflink_find_rtshared(mp, NULL, irec,
247 &shared_offset, &shared_len, true);
248 else
249 error = xfs_reflink_find_shared(mp, NULL, irec,
250 &shared_offset, &shared_len, true);
251 if (error)
252 return error;
253
254 if (!shared_len) {
255 /* No shared blocks at all. */
256 *shared = false;
257 } else if (!shared_offset) {
258 /*
259 * The start of this mapping points to shared space. Truncate
260 * the mapping at the end of the shared region so that a
261 * subsequent iteration starts at the start of the unshared
262 * region.
263 */
264 irec->br_blockcount = shared_len;
265 *shared = true;
266 } else {
267 /*
268 * There's a shared region that doesn't start at the beginning
269 * of the mapping. Truncate the mapping at the start of the
270 * shared extent so that a subsequent iteration starts at the
271 * start of the shared region.
272 */
273 irec->br_blockcount = shared_offset;
274 *shared = false;
275 }
276 return 0;
277 }
278
279 int
xfs_bmap_trim_cow(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,bool * shared)280 xfs_bmap_trim_cow(
281 struct xfs_inode *ip,
282 struct xfs_bmbt_irec *imap,
283 bool *shared)
284 {
285 /* We can't update any real extents in always COW mode. */
286 if (xfs_is_always_cow_inode(ip) &&
287 !isnullstartblock(imap->br_startblock)) {
288 *shared = true;
289 return 0;
290 }
291
292 /* Trim the mapping to the nearest shared extent boundary. */
293 return xfs_reflink_trim_around_shared(ip, imap, shared);
294 }
295
296 static int
xfs_reflink_convert_cow_locked(struct xfs_inode * ip,xfs_fileoff_t offset_fsb,xfs_filblks_t count_fsb)297 xfs_reflink_convert_cow_locked(
298 struct xfs_inode *ip,
299 xfs_fileoff_t offset_fsb,
300 xfs_filblks_t count_fsb)
301 {
302 struct xfs_iext_cursor icur;
303 struct xfs_bmbt_irec got;
304 struct xfs_btree_cur *dummy_cur = NULL;
305 int dummy_logflags;
306 int error = 0;
307
308 if (!xfs_iext_lookup_extent(ip, ip->i_cowfp, offset_fsb, &icur, &got))
309 return 0;
310
311 do {
312 if (got.br_startoff >= offset_fsb + count_fsb)
313 break;
314 if (got.br_state == XFS_EXT_NORM)
315 continue;
316 if (WARN_ON_ONCE(isnullstartblock(got.br_startblock)))
317 return -EIO;
318
319 xfs_trim_extent(&got, offset_fsb, count_fsb);
320 if (!got.br_blockcount)
321 continue;
322
323 got.br_state = XFS_EXT_NORM;
324 error = xfs_bmap_add_extent_unwritten_real(NULL, ip,
325 XFS_COW_FORK, &icur, &dummy_cur, &got,
326 &dummy_logflags);
327 if (error)
328 return error;
329 } while (xfs_iext_next_extent(ip->i_cowfp, &icur, &got));
330
331 return error;
332 }
333
334 /* Convert all of the unwritten CoW extents in a file's range to real ones. */
335 int
xfs_reflink_convert_cow(struct xfs_inode * ip,xfs_off_t offset,xfs_off_t count)336 xfs_reflink_convert_cow(
337 struct xfs_inode *ip,
338 xfs_off_t offset,
339 xfs_off_t count)
340 {
341 struct xfs_mount *mp = ip->i_mount;
342 xfs_fileoff_t offset_fsb = XFS_B_TO_FSBT(mp, offset);
343 xfs_fileoff_t end_fsb = XFS_B_TO_FSB(mp, offset + count);
344 xfs_filblks_t count_fsb = end_fsb - offset_fsb;
345 int error;
346
347 ASSERT(count != 0);
348
349 xfs_ilock(ip, XFS_ILOCK_EXCL);
350 error = xfs_reflink_convert_cow_locked(ip, offset_fsb, count_fsb);
351 xfs_iunlock(ip, XFS_ILOCK_EXCL);
352 return error;
353 }
354
355 /*
356 * Find the extent that maps the given range in the COW fork. Even if the extent
357 * is not shared we might have a preallocation for it in the COW fork. If so we
358 * use it that rather than trigger a new allocation.
359 */
360 static int
xfs_find_trim_cow_extent(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,struct xfs_bmbt_irec * cmap,bool * shared,bool * found)361 xfs_find_trim_cow_extent(
362 struct xfs_inode *ip,
363 struct xfs_bmbt_irec *imap,
364 struct xfs_bmbt_irec *cmap,
365 bool *shared,
366 bool *found)
367 {
368 xfs_fileoff_t offset_fsb = imap->br_startoff;
369 xfs_filblks_t count_fsb = imap->br_blockcount;
370 struct xfs_iext_cursor icur;
371
372 *found = false;
373
374 /*
375 * If we don't find an overlapping extent, trim the range we need to
376 * allocate to fit the hole we found.
377 */
378 if (!xfs_iext_lookup_extent(ip, ip->i_cowfp, offset_fsb, &icur, cmap))
379 cmap->br_startoff = offset_fsb + count_fsb;
380 if (cmap->br_startoff > offset_fsb) {
381 xfs_trim_extent(imap, imap->br_startoff,
382 cmap->br_startoff - imap->br_startoff);
383 return xfs_bmap_trim_cow(ip, imap, shared);
384 }
385
386 *shared = true;
387 if (isnullstartblock(cmap->br_startblock)) {
388 xfs_trim_extent(imap, cmap->br_startoff, cmap->br_blockcount);
389 return 0;
390 }
391
392 /* real extent found - no need to allocate */
393 xfs_trim_extent(cmap, offset_fsb, count_fsb);
394 *found = true;
395 return 0;
396 }
397
398 static int
xfs_reflink_convert_unwritten(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,struct xfs_bmbt_irec * cmap,bool convert_now)399 xfs_reflink_convert_unwritten(
400 struct xfs_inode *ip,
401 struct xfs_bmbt_irec *imap,
402 struct xfs_bmbt_irec *cmap,
403 bool convert_now)
404 {
405 xfs_fileoff_t offset_fsb = imap->br_startoff;
406 xfs_filblks_t count_fsb = imap->br_blockcount;
407 int error;
408
409 /*
410 * cmap might larger than imap due to cowextsize hint.
411 */
412 xfs_trim_extent(cmap, offset_fsb, count_fsb);
413
414 /*
415 * COW fork extents are supposed to remain unwritten until we're ready
416 * to initiate a disk write. For direct I/O we are going to write the
417 * data and need the conversion, but for buffered writes we're done.
418 */
419 if (!convert_now || cmap->br_state == XFS_EXT_NORM)
420 return 0;
421
422 trace_xfs_reflink_convert_cow(ip, cmap);
423
424 error = xfs_reflink_convert_cow_locked(ip, offset_fsb, count_fsb);
425 if (!error)
426 cmap->br_state = XFS_EXT_NORM;
427
428 return error;
429 }
430
431 static int
xfs_reflink_fill_cow_hole(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,struct xfs_bmbt_irec * cmap,bool * shared,uint * lockmode,bool convert_now)432 xfs_reflink_fill_cow_hole(
433 struct xfs_inode *ip,
434 struct xfs_bmbt_irec *imap,
435 struct xfs_bmbt_irec *cmap,
436 bool *shared,
437 uint *lockmode,
438 bool convert_now)
439 {
440 struct xfs_mount *mp = ip->i_mount;
441 struct xfs_trans *tp;
442 xfs_filblks_t resaligned;
443 unsigned int dblocks = 0, rblocks = 0;
444 int nimaps;
445 int error;
446 bool found;
447
448 resaligned = xfs_aligned_fsb_count(imap->br_startoff,
449 imap->br_blockcount, xfs_get_cowextsz_hint(ip));
450 if (XFS_IS_REALTIME_INODE(ip)) {
451 dblocks = XFS_DIOSTRAT_SPACE_RES(mp, 0);
452 rblocks = resaligned;
453 } else {
454 dblocks = XFS_DIOSTRAT_SPACE_RES(mp, resaligned);
455 rblocks = 0;
456 }
457
458 xfs_iunlock(ip, *lockmode);
459 *lockmode = 0;
460
461 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write, dblocks,
462 rblocks, false, &tp);
463 if (error)
464 return error;
465
466 *lockmode = XFS_ILOCK_EXCL;
467
468 error = xfs_find_trim_cow_extent(ip, imap, cmap, shared, &found);
469 if (error || !*shared)
470 goto out_trans_cancel;
471
472 if (found) {
473 xfs_trans_cancel(tp);
474 goto convert;
475 }
476
477 /* Allocate the entire reservation as unwritten blocks. */
478 nimaps = 1;
479 error = xfs_bmapi_write(tp, ip, imap->br_startoff, imap->br_blockcount,
480 XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC, 0, cmap,
481 &nimaps);
482 if (error)
483 goto out_trans_cancel;
484
485 xfs_inode_set_cowblocks_tag(ip);
486 error = xfs_trans_commit(tp);
487 if (error)
488 return error;
489
490 convert:
491 return xfs_reflink_convert_unwritten(ip, imap, cmap, convert_now);
492
493 out_trans_cancel:
494 xfs_trans_cancel(tp);
495 return error;
496 }
497
498 static int
xfs_reflink_fill_delalloc(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,struct xfs_bmbt_irec * cmap,bool * shared,uint * lockmode,bool convert_now)499 xfs_reflink_fill_delalloc(
500 struct xfs_inode *ip,
501 struct xfs_bmbt_irec *imap,
502 struct xfs_bmbt_irec *cmap,
503 bool *shared,
504 uint *lockmode,
505 bool convert_now)
506 {
507 struct xfs_mount *mp = ip->i_mount;
508 struct xfs_trans *tp;
509 int nimaps;
510 int error;
511 bool found;
512
513 do {
514 xfs_iunlock(ip, *lockmode);
515 *lockmode = 0;
516
517 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write, 0, 0,
518 false, &tp);
519 if (error)
520 return error;
521
522 *lockmode = XFS_ILOCK_EXCL;
523
524 error = xfs_find_trim_cow_extent(ip, imap, cmap, shared,
525 &found);
526 if (error || !*shared)
527 goto out_trans_cancel;
528
529 if (found) {
530 xfs_trans_cancel(tp);
531 break;
532 }
533
534 ASSERT(isnullstartblock(cmap->br_startblock) ||
535 cmap->br_startblock == DELAYSTARTBLOCK);
536
537 /*
538 * Replace delalloc reservation with an unwritten extent.
539 */
540 nimaps = 1;
541 error = xfs_bmapi_write(tp, ip, cmap->br_startoff,
542 cmap->br_blockcount,
543 XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC, 0,
544 cmap, &nimaps);
545 if (error)
546 goto out_trans_cancel;
547
548 xfs_inode_set_cowblocks_tag(ip);
549 error = xfs_trans_commit(tp);
550 if (error)
551 return error;
552 } while (cmap->br_startoff + cmap->br_blockcount <= imap->br_startoff);
553
554 return xfs_reflink_convert_unwritten(ip, imap, cmap, convert_now);
555
556 out_trans_cancel:
557 xfs_trans_cancel(tp);
558 return error;
559 }
560
561 /* Allocate all CoW reservations covering a range of blocks in a file. */
562 int
xfs_reflink_allocate_cow(struct xfs_inode * ip,struct xfs_bmbt_irec * imap,struct xfs_bmbt_irec * cmap,bool * shared,uint * lockmode,bool convert_now)563 xfs_reflink_allocate_cow(
564 struct xfs_inode *ip,
565 struct xfs_bmbt_irec *imap,
566 struct xfs_bmbt_irec *cmap,
567 bool *shared,
568 uint *lockmode,
569 bool convert_now)
570 {
571 int error;
572 bool found;
573
574 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
575 if (!ip->i_cowfp) {
576 ASSERT(!xfs_is_reflink_inode(ip));
577 xfs_ifork_init_cow(ip);
578 }
579
580 error = xfs_find_trim_cow_extent(ip, imap, cmap, shared, &found);
581 if (error || !*shared)
582 return error;
583
584 /* CoW fork has a real extent */
585 if (found)
586 return xfs_reflink_convert_unwritten(ip, imap, cmap,
587 convert_now);
588
589 /*
590 * CoW fork does not have an extent and data extent is shared.
591 * Allocate a real extent in the CoW fork.
592 */
593 if (cmap->br_startoff > imap->br_startoff)
594 return xfs_reflink_fill_cow_hole(ip, imap, cmap, shared,
595 lockmode, convert_now);
596
597 /*
598 * CoW fork has a delalloc reservation. Replace it with a real extent.
599 * There may or may not be a data fork mapping.
600 */
601 if (isnullstartblock(cmap->br_startblock) ||
602 cmap->br_startblock == DELAYSTARTBLOCK)
603 return xfs_reflink_fill_delalloc(ip, imap, cmap, shared,
604 lockmode, convert_now);
605
606 /* Shouldn't get here. */
607 ASSERT(0);
608 return -EFSCORRUPTED;
609 }
610
611 /*
612 * Cancel CoW reservations for some block range of an inode.
613 *
614 * If cancel_real is true this function cancels all COW fork extents for the
615 * inode; if cancel_real is false, real extents are not cleared.
616 *
617 * Caller must have already joined the inode to the current transaction. The
618 * inode will be joined to the transaction returned to the caller.
619 */
620 int
xfs_reflink_cancel_cow_blocks(struct xfs_inode * ip,struct xfs_trans ** tpp,xfs_fileoff_t offset_fsb,xfs_fileoff_t end_fsb,bool cancel_real)621 xfs_reflink_cancel_cow_blocks(
622 struct xfs_inode *ip,
623 struct xfs_trans **tpp,
624 xfs_fileoff_t offset_fsb,
625 xfs_fileoff_t end_fsb,
626 bool cancel_real)
627 {
628 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_COW_FORK);
629 struct xfs_bmbt_irec got, del;
630 struct xfs_iext_cursor icur;
631 bool isrt = XFS_IS_REALTIME_INODE(ip);
632 int error = 0;
633
634 if (!xfs_inode_has_cow_data(ip))
635 return 0;
636 if (!xfs_iext_lookup_extent_before(ip, ifp, &end_fsb, &icur, &got))
637 return 0;
638
639 /* Walk backwards until we're out of the I/O range... */
640 while (got.br_startoff + got.br_blockcount > offset_fsb) {
641 del = got;
642 xfs_trim_extent(&del, offset_fsb, end_fsb - offset_fsb);
643
644 /* Extent delete may have bumped ext forward */
645 if (!del.br_blockcount) {
646 xfs_iext_prev(ifp, &icur);
647 goto next_extent;
648 }
649
650 trace_xfs_reflink_cancel_cow(ip, &del);
651
652 if (isnullstartblock(del.br_startblock)) {
653 xfs_bmap_del_extent_delay(ip, XFS_COW_FORK, &icur, &got,
654 &del, 0);
655 } else if (del.br_state == XFS_EXT_UNWRITTEN || cancel_real) {
656 ASSERT((*tpp)->t_highest_agno == NULLAGNUMBER);
657
658 /* Free the CoW orphan record. */
659 xfs_refcount_free_cow_extent(*tpp, isrt,
660 del.br_startblock, del.br_blockcount);
661
662 error = xfs_free_extent_later(*tpp, del.br_startblock,
663 del.br_blockcount, NULL,
664 XFS_AG_RESV_NONE,
665 isrt ? XFS_FREE_EXTENT_REALTIME : 0);
666 if (error)
667 break;
668
669 /* Roll the transaction */
670 error = xfs_defer_finish(tpp);
671 if (error)
672 break;
673
674 /* Remove the mapping from the CoW fork. */
675 xfs_bmap_del_extent_cow(ip, &icur, &got, &del);
676
677 /* Remove the quota reservation */
678 xfs_quota_unreserve_blkres(ip, del.br_blockcount);
679 } else {
680 /* Didn't do anything, push cursor back. */
681 xfs_iext_prev(ifp, &icur);
682 }
683 next_extent:
684 if (!xfs_iext_get_extent(ifp, &icur, &got))
685 break;
686 }
687
688 /* clear tag if cow fork is emptied */
689 if (!ifp->if_bytes)
690 xfs_inode_clear_cowblocks_tag(ip);
691 return error;
692 }
693
694 /*
695 * Cancel CoW reservations for some byte range of an inode.
696 *
697 * If cancel_real is true this function cancels all COW fork extents for the
698 * inode; if cancel_real is false, real extents are not cleared.
699 */
700 int
xfs_reflink_cancel_cow_range(struct xfs_inode * ip,xfs_off_t offset,xfs_off_t count,bool cancel_real)701 xfs_reflink_cancel_cow_range(
702 struct xfs_inode *ip,
703 xfs_off_t offset,
704 xfs_off_t count,
705 bool cancel_real)
706 {
707 struct xfs_trans *tp;
708 xfs_fileoff_t offset_fsb;
709 xfs_fileoff_t end_fsb;
710 int error;
711
712 trace_xfs_reflink_cancel_cow_range(ip, offset, count);
713 ASSERT(ip->i_cowfp);
714
715 offset_fsb = XFS_B_TO_FSBT(ip->i_mount, offset);
716 if (count == NULLFILEOFF)
717 end_fsb = NULLFILEOFF;
718 else
719 end_fsb = XFS_B_TO_FSB(ip->i_mount, offset + count);
720
721 /* Start a rolling transaction to remove the mappings */
722 error = xfs_trans_alloc(ip->i_mount, &M_RES(ip->i_mount)->tr_write,
723 0, 0, 0, &tp);
724 if (error)
725 goto out;
726
727 xfs_ilock(ip, XFS_ILOCK_EXCL);
728 xfs_trans_ijoin(tp, ip, 0);
729
730 /* Scrape out the old CoW reservations */
731 error = xfs_reflink_cancel_cow_blocks(ip, &tp, offset_fsb, end_fsb,
732 cancel_real);
733 if (error)
734 goto out_cancel;
735
736 error = xfs_trans_commit(tp);
737
738 xfs_iunlock(ip, XFS_ILOCK_EXCL);
739 return error;
740
741 out_cancel:
742 xfs_trans_cancel(tp);
743 xfs_iunlock(ip, XFS_ILOCK_EXCL);
744 out:
745 trace_xfs_reflink_cancel_cow_range_error(ip, error, _RET_IP_);
746 return error;
747 }
748
749 #ifdef CONFIG_XFS_QUOTA
750 /*
751 * Update quota accounting for a remapping operation. When we're remapping
752 * something from the CoW fork to the data fork, we must update the quota
753 * accounting for delayed allocations. For remapping from the data fork to the
754 * data fork, use regular block accounting.
755 */
756 static inline void
xfs_reflink_update_quota(struct xfs_trans * tp,struct xfs_inode * ip,bool is_cow,int64_t blocks)757 xfs_reflink_update_quota(
758 struct xfs_trans *tp,
759 struct xfs_inode *ip,
760 bool is_cow,
761 int64_t blocks)
762 {
763 unsigned int qflag;
764
765 if (XFS_IS_REALTIME_INODE(ip)) {
766 qflag = is_cow ? XFS_TRANS_DQ_DELRTBCOUNT :
767 XFS_TRANS_DQ_RTBCOUNT;
768 } else {
769 qflag = is_cow ? XFS_TRANS_DQ_DELBCOUNT :
770 XFS_TRANS_DQ_BCOUNT;
771 }
772 xfs_trans_mod_dquot_byino(tp, ip, qflag, blocks);
773 }
774 #else
775 # define xfs_reflink_update_quota(tp, ip, is_cow, blocks) ((void)0)
776 #endif
777
778 /*
779 * Remap part of the CoW fork into the data fork.
780 *
781 * We aim to remap the range starting at @offset_fsb and ending at @end_fsb
782 * into the data fork; this function will remap what it can (at the end of the
783 * range) and update @end_fsb appropriately. Each remap gets its own
784 * transaction because we can end up merging and splitting bmbt blocks for
785 * every remap operation and we'd like to keep the block reservation
786 * requirements as low as possible.
787 */
788 STATIC int
xfs_reflink_end_cow_extent(struct xfs_inode * ip,xfs_fileoff_t * offset_fsb,xfs_fileoff_t end_fsb)789 xfs_reflink_end_cow_extent(
790 struct xfs_inode *ip,
791 xfs_fileoff_t *offset_fsb,
792 xfs_fileoff_t end_fsb)
793 {
794 struct xfs_iext_cursor icur;
795 struct xfs_bmbt_irec got, del, data;
796 struct xfs_mount *mp = ip->i_mount;
797 struct xfs_trans *tp;
798 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_COW_FORK);
799 unsigned int resblks;
800 int nmaps;
801 bool isrt = XFS_IS_REALTIME_INODE(ip);
802 int error;
803
804 resblks = XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK);
805 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, resblks, 0,
806 XFS_TRANS_RESERVE, &tp);
807 if (error)
808 return error;
809
810 /*
811 * Lock the inode. We have to ijoin without automatic unlock because
812 * the lead transaction is the refcountbt record deletion; the data
813 * fork update follows as a deferred log item.
814 */
815 xfs_ilock(ip, XFS_ILOCK_EXCL);
816 xfs_trans_ijoin(tp, ip, 0);
817
818 /*
819 * In case of racing, overlapping AIO writes no COW extents might be
820 * left by the time I/O completes for the loser of the race. In that
821 * case we are done.
822 */
823 if (!xfs_iext_lookup_extent(ip, ifp, *offset_fsb, &icur, &got) ||
824 got.br_startoff >= end_fsb) {
825 *offset_fsb = end_fsb;
826 goto out_cancel;
827 }
828
829 /*
830 * Only remap real extents that contain data. With AIO, speculative
831 * preallocations can leak into the range we are called upon, and we
832 * need to skip them. Preserve @got for the eventual CoW fork
833 * deletion; from now on @del represents the mapping that we're
834 * actually remapping.
835 */
836 while (!xfs_bmap_is_written_extent(&got)) {
837 if (!xfs_iext_next_extent(ifp, &icur, &got) ||
838 got.br_startoff >= end_fsb) {
839 *offset_fsb = end_fsb;
840 goto out_cancel;
841 }
842 }
843 del = got;
844 xfs_trim_extent(&del, *offset_fsb, end_fsb - *offset_fsb);
845
846 error = xfs_iext_count_extend(tp, ip, XFS_DATA_FORK,
847 XFS_IEXT_REFLINK_END_COW_CNT);
848 if (error)
849 goto out_cancel;
850
851 /* Grab the corresponding mapping in the data fork. */
852 nmaps = 1;
853 error = xfs_bmapi_read(ip, del.br_startoff, del.br_blockcount, &data,
854 &nmaps, 0);
855 if (error)
856 goto out_cancel;
857
858 /* We can only remap the smaller of the two extent sizes. */
859 data.br_blockcount = min(data.br_blockcount, del.br_blockcount);
860 del.br_blockcount = data.br_blockcount;
861
862 trace_xfs_reflink_cow_remap_from(ip, &del);
863 trace_xfs_reflink_cow_remap_to(ip, &data);
864
865 if (xfs_bmap_is_real_extent(&data)) {
866 /*
867 * If the extent we're remapping is backed by storage (written
868 * or not), unmap the extent and drop its refcount.
869 */
870 xfs_bmap_unmap_extent(tp, ip, XFS_DATA_FORK, &data);
871 xfs_refcount_decrease_extent(tp, isrt, &data);
872 xfs_reflink_update_quota(tp, ip, false, -data.br_blockcount);
873 } else if (data.br_startblock == DELAYSTARTBLOCK) {
874 int done;
875
876 /*
877 * If the extent we're remapping is a delalloc reservation,
878 * we can use the regular bunmapi function to release the
879 * incore state. Dropping the delalloc reservation takes care
880 * of the quota reservation for us.
881 */
882 error = xfs_bunmapi(NULL, ip, data.br_startoff,
883 data.br_blockcount, 0, 1, &done);
884 if (error)
885 goto out_cancel;
886 ASSERT(done);
887 }
888
889 /* Free the CoW orphan record. */
890 xfs_refcount_free_cow_extent(tp, isrt, del.br_startblock,
891 del.br_blockcount);
892
893 /* Map the new blocks into the data fork. */
894 xfs_bmap_map_extent(tp, ip, XFS_DATA_FORK, &del);
895
896 /* Charge this new data fork mapping to the on-disk quota. */
897 xfs_reflink_update_quota(tp, ip, true, del.br_blockcount);
898
899 /* Remove the mapping from the CoW fork. */
900 xfs_bmap_del_extent_cow(ip, &icur, &got, &del);
901
902 error = xfs_trans_commit(tp);
903 xfs_iunlock(ip, XFS_ILOCK_EXCL);
904 if (error)
905 return error;
906
907 /* Update the caller about how much progress we made. */
908 *offset_fsb = del.br_startoff + del.br_blockcount;
909 return 0;
910
911 out_cancel:
912 xfs_trans_cancel(tp);
913 xfs_iunlock(ip, XFS_ILOCK_EXCL);
914 return error;
915 }
916
917 /*
918 * Remap parts of a file's data fork after a successful CoW.
919 */
920 int
xfs_reflink_end_cow(struct xfs_inode * ip,xfs_off_t offset,xfs_off_t count)921 xfs_reflink_end_cow(
922 struct xfs_inode *ip,
923 xfs_off_t offset,
924 xfs_off_t count)
925 {
926 xfs_fileoff_t offset_fsb;
927 xfs_fileoff_t end_fsb;
928 int error = 0;
929
930 trace_xfs_reflink_end_cow(ip, offset, count);
931
932 offset_fsb = XFS_B_TO_FSBT(ip->i_mount, offset);
933 end_fsb = XFS_B_TO_FSB(ip->i_mount, offset + count);
934
935 /*
936 * Walk forwards until we've remapped the I/O range. The loop function
937 * repeatedly cycles the ILOCK to allocate one transaction per remapped
938 * extent.
939 *
940 * If we're being called by writeback then the pages will still
941 * have PageWriteback set, which prevents races with reflink remapping
942 * and truncate. Reflink remapping prevents races with writeback by
943 * taking the iolock and mmaplock before flushing the pages and
944 * remapping, which means there won't be any further writeback or page
945 * cache dirtying until the reflink completes.
946 *
947 * We should never have two threads issuing writeback for the same file
948 * region. There are also have post-eof checks in the writeback
949 * preparation code so that we don't bother writing out pages that are
950 * about to be truncated.
951 *
952 * If we're being called as part of directio write completion, the dio
953 * count is still elevated, which reflink and truncate will wait for.
954 * Reflink remapping takes the iolock and mmaplock and waits for
955 * pending dio to finish, which should prevent any directio until the
956 * remap completes. Multiple concurrent directio writes to the same
957 * region are handled by end_cow processing only occurring for the
958 * threads which succeed; the outcome of multiple overlapping direct
959 * writes is not well defined anyway.
960 *
961 * It's possible that a buffered write and a direct write could collide
962 * here (the buffered write stumbles in after the dio flushes and
963 * invalidates the page cache and immediately queues writeback), but we
964 * have never supported this 100%. If either disk write succeeds the
965 * blocks will be remapped.
966 */
967 while (end_fsb > offset_fsb && !error)
968 error = xfs_reflink_end_cow_extent(ip, &offset_fsb, end_fsb);
969
970 if (error)
971 trace_xfs_reflink_end_cow_error(ip, error, _RET_IP_);
972 return error;
973 }
974
975 /*
976 * Free all CoW staging blocks that are still referenced by the ondisk refcount
977 * metadata. The ondisk metadata does not track which inode created the
978 * staging extent, so callers must ensure that there are no cached inodes with
979 * live CoW staging extents.
980 */
981 int
xfs_reflink_recover_cow(struct xfs_mount * mp)982 xfs_reflink_recover_cow(
983 struct xfs_mount *mp)
984 {
985 struct xfs_perag *pag = NULL;
986 struct xfs_rtgroup *rtg = NULL;
987 int error = 0;
988
989 if (!xfs_has_reflink(mp))
990 return 0;
991
992 while ((pag = xfs_perag_next(mp, pag))) {
993 error = xfs_refcount_recover_cow_leftovers(pag_group(pag));
994 if (error) {
995 xfs_perag_rele(pag);
996 return error;
997 }
998 }
999
1000 while ((rtg = xfs_rtgroup_next(mp, rtg))) {
1001 error = xfs_refcount_recover_cow_leftovers(rtg_group(rtg));
1002 if (error) {
1003 xfs_rtgroup_rele(rtg);
1004 return error;
1005 }
1006 }
1007
1008 return 0;
1009 }
1010
1011 /*
1012 * Reflinking (Block) Ranges of Two Files Together
1013 *
1014 * First, ensure that the reflink flag is set on both inodes. The flag is an
1015 * optimization to avoid unnecessary refcount btree lookups in the write path.
1016 *
1017 * Now we can iteratively remap the range of extents (and holes) in src to the
1018 * corresponding ranges in dest. Let drange and srange denote the ranges of
1019 * logical blocks in dest and src touched by the reflink operation.
1020 *
1021 * While the length of drange is greater than zero,
1022 * - Read src's bmbt at the start of srange ("imap")
1023 * - If imap doesn't exist, make imap appear to start at the end of srange
1024 * with zero length.
1025 * - If imap starts before srange, advance imap to start at srange.
1026 * - If imap goes beyond srange, truncate imap to end at the end of srange.
1027 * - Punch (imap start - srange start + imap len) blocks from dest at
1028 * offset (drange start).
1029 * - If imap points to a real range of pblks,
1030 * > Increase the refcount of the imap's pblks
1031 * > Map imap's pblks into dest at the offset
1032 * (drange start + imap start - srange start)
1033 * - Advance drange and srange by (imap start - srange start + imap len)
1034 *
1035 * Finally, if the reflink made dest longer, update both the in-core and
1036 * on-disk file sizes.
1037 *
1038 * ASCII Art Demonstration:
1039 *
1040 * Let's say we want to reflink this source file:
1041 *
1042 * ----SSSSSSS-SSSSS----SSSSSS (src file)
1043 * <-------------------->
1044 *
1045 * into this destination file:
1046 *
1047 * --DDDDDDDDDDDDDDDDDDD--DDD (dest file)
1048 * <-------------------->
1049 * '-' means a hole, and 'S' and 'D' are written blocks in the src and dest.
1050 * Observe that the range has different logical offsets in either file.
1051 *
1052 * Consider that the first extent in the source file doesn't line up with our
1053 * reflink range. Unmapping and remapping are separate operations, so we can
1054 * unmap more blocks from the destination file than we remap.
1055 *
1056 * ----SSSSSSS-SSSSS----SSSSSS
1057 * <------->
1058 * --DDDDD---------DDDDD--DDD
1059 * <------->
1060 *
1061 * Now remap the source extent into the destination file:
1062 *
1063 * ----SSSSSSS-SSSSS----SSSSSS
1064 * <------->
1065 * --DDDDD--SSSSSSSDDDDD--DDD
1066 * <------->
1067 *
1068 * Do likewise with the second hole and extent in our range. Holes in the
1069 * unmap range don't affect our operation.
1070 *
1071 * ----SSSSSSS-SSSSS----SSSSSS
1072 * <---->
1073 * --DDDDD--SSSSSSS-SSSSS-DDD
1074 * <---->
1075 *
1076 * Finally, unmap and remap part of the third extent. This will increase the
1077 * size of the destination file.
1078 *
1079 * ----SSSSSSS-SSSSS----SSSSSS
1080 * <----->
1081 * --DDDDD--SSSSSSS-SSSSS----SSS
1082 * <----->
1083 *
1084 * Once we update the destination file's i_size, we're done.
1085 */
1086
1087 /*
1088 * Ensure the reflink bit is set in both inodes.
1089 */
1090 STATIC int
xfs_reflink_set_inode_flag(struct xfs_inode * src,struct xfs_inode * dest)1091 xfs_reflink_set_inode_flag(
1092 struct xfs_inode *src,
1093 struct xfs_inode *dest)
1094 {
1095 struct xfs_mount *mp = src->i_mount;
1096 int error;
1097 struct xfs_trans *tp;
1098
1099 if (xfs_is_reflink_inode(src) && xfs_is_reflink_inode(dest))
1100 return 0;
1101
1102 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
1103 if (error)
1104 goto out_error;
1105
1106 /* Lock both files against IO */
1107 if (src->i_ino == dest->i_ino)
1108 xfs_ilock(src, XFS_ILOCK_EXCL);
1109 else
1110 xfs_lock_two_inodes(src, XFS_ILOCK_EXCL, dest, XFS_ILOCK_EXCL);
1111
1112 if (!xfs_is_reflink_inode(src)) {
1113 trace_xfs_reflink_set_inode_flag(src);
1114 xfs_trans_ijoin(tp, src, XFS_ILOCK_EXCL);
1115 src->i_diflags2 |= XFS_DIFLAG2_REFLINK;
1116 xfs_trans_log_inode(tp, src, XFS_ILOG_CORE);
1117 xfs_ifork_init_cow(src);
1118 } else
1119 xfs_iunlock(src, XFS_ILOCK_EXCL);
1120
1121 if (src->i_ino == dest->i_ino)
1122 goto commit_flags;
1123
1124 if (!xfs_is_reflink_inode(dest)) {
1125 trace_xfs_reflink_set_inode_flag(dest);
1126 xfs_trans_ijoin(tp, dest, XFS_ILOCK_EXCL);
1127 dest->i_diflags2 |= XFS_DIFLAG2_REFLINK;
1128 xfs_trans_log_inode(tp, dest, XFS_ILOG_CORE);
1129 xfs_ifork_init_cow(dest);
1130 } else
1131 xfs_iunlock(dest, XFS_ILOCK_EXCL);
1132
1133 commit_flags:
1134 error = xfs_trans_commit(tp);
1135 if (error)
1136 goto out_error;
1137 return error;
1138
1139 out_error:
1140 trace_xfs_reflink_set_inode_flag_error(dest, error, _RET_IP_);
1141 return error;
1142 }
1143
1144 /*
1145 * Update destination inode size & cowextsize hint, if necessary.
1146 */
1147 int
xfs_reflink_update_dest(struct xfs_inode * dest,xfs_off_t newlen,xfs_extlen_t cowextsize,unsigned int remap_flags)1148 xfs_reflink_update_dest(
1149 struct xfs_inode *dest,
1150 xfs_off_t newlen,
1151 xfs_extlen_t cowextsize,
1152 unsigned int remap_flags)
1153 {
1154 struct xfs_mount *mp = dest->i_mount;
1155 struct xfs_trans *tp;
1156 int error;
1157
1158 if (newlen <= i_size_read(VFS_I(dest)) && cowextsize == 0)
1159 return 0;
1160
1161 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
1162 if (error)
1163 goto out_error;
1164
1165 xfs_ilock(dest, XFS_ILOCK_EXCL);
1166 xfs_trans_ijoin(tp, dest, XFS_ILOCK_EXCL);
1167
1168 if (newlen > i_size_read(VFS_I(dest))) {
1169 trace_xfs_reflink_update_inode_size(dest, newlen);
1170 i_size_write(VFS_I(dest), newlen);
1171 dest->i_disk_size = newlen;
1172 }
1173
1174 if (cowextsize) {
1175 dest->i_cowextsize = cowextsize;
1176 dest->i_diflags2 |= XFS_DIFLAG2_COWEXTSIZE;
1177 }
1178
1179 xfs_trans_log_inode(tp, dest, XFS_ILOG_CORE);
1180
1181 error = xfs_trans_commit(tp);
1182 if (error)
1183 goto out_error;
1184 return error;
1185
1186 out_error:
1187 trace_xfs_reflink_update_inode_size_error(dest, error, _RET_IP_);
1188 return error;
1189 }
1190
1191 /*
1192 * Do we have enough reserve in this AG to handle a reflink? The refcount
1193 * btree already reserved all the space it needs, but the rmap btree can grow
1194 * infinitely, so we won't allow more reflinks when the AG is down to the
1195 * btree reserves.
1196 */
1197 static int
xfs_reflink_ag_has_free_space(struct xfs_mount * mp,struct xfs_inode * ip,xfs_fsblock_t fsb)1198 xfs_reflink_ag_has_free_space(
1199 struct xfs_mount *mp,
1200 struct xfs_inode *ip,
1201 xfs_fsblock_t fsb)
1202 {
1203 struct xfs_perag *pag;
1204 xfs_agnumber_t agno;
1205 int error = 0;
1206
1207 if (!xfs_has_rmapbt(mp))
1208 return 0;
1209 if (XFS_IS_REALTIME_INODE(ip)) {
1210 if (xfs_metafile_resv_critical(mp))
1211 return -ENOSPC;
1212 return 0;
1213 }
1214
1215 agno = XFS_FSB_TO_AGNO(mp, fsb);
1216 pag = xfs_perag_get(mp, agno);
1217 if (xfs_ag_resv_critical(pag, XFS_AG_RESV_RMAPBT) ||
1218 xfs_ag_resv_critical(pag, XFS_AG_RESV_METADATA))
1219 error = -ENOSPC;
1220 xfs_perag_put(pag);
1221 return error;
1222 }
1223
1224 /*
1225 * Remap the given extent into the file. The dmap blockcount will be set to
1226 * the number of blocks that were actually remapped.
1227 */
1228 STATIC int
xfs_reflink_remap_extent(struct xfs_inode * ip,struct xfs_bmbt_irec * dmap,xfs_off_t new_isize)1229 xfs_reflink_remap_extent(
1230 struct xfs_inode *ip,
1231 struct xfs_bmbt_irec *dmap,
1232 xfs_off_t new_isize)
1233 {
1234 struct xfs_bmbt_irec smap;
1235 struct xfs_mount *mp = ip->i_mount;
1236 struct xfs_trans *tp;
1237 xfs_off_t newlen;
1238 int64_t qdelta = 0;
1239 unsigned int dblocks, rblocks, resblks;
1240 bool quota_reserved = true;
1241 bool smap_real;
1242 bool dmap_written = xfs_bmap_is_written_extent(dmap);
1243 bool isrt = XFS_IS_REALTIME_INODE(ip);
1244 int iext_delta = 0;
1245 int nimaps;
1246 int error;
1247
1248 /*
1249 * Start a rolling transaction to switch the mappings.
1250 *
1251 * Adding a written extent to the extent map can cause a bmbt split,
1252 * and removing a mapped extent from the extent can cause a bmbt split.
1253 * The two operations cannot both cause a split since they operate on
1254 * the same index in the bmap btree, so we only need a reservation for
1255 * one bmbt split if either thing is happening. However, we haven't
1256 * locked the inode yet, so we reserve assuming this is the case.
1257 *
1258 * The first allocation call tries to reserve enough space to handle
1259 * mapping dmap into a sparse part of the file plus the bmbt split. We
1260 * haven't locked the inode or read the existing mapping yet, so we do
1261 * not know for sure that we need the space. This should succeed most
1262 * of the time.
1263 *
1264 * If the first attempt fails, try again but reserving only enough
1265 * space to handle a bmbt split. This is the hard minimum requirement,
1266 * and we revisit quota reservations later when we know more about what
1267 * we're remapping.
1268 */
1269 resblks = XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK);
1270 if (XFS_IS_REALTIME_INODE(ip)) {
1271 dblocks = resblks;
1272 rblocks = dmap->br_blockcount;
1273 } else {
1274 dblocks = resblks + dmap->br_blockcount;
1275 rblocks = 0;
1276 }
1277 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write,
1278 dblocks, rblocks, false, &tp);
1279 if (error == -EDQUOT || error == -ENOSPC) {
1280 quota_reserved = false;
1281 error = xfs_trans_alloc_inode(ip, &M_RES(mp)->tr_write,
1282 resblks, 0, false, &tp);
1283 }
1284 if (error)
1285 goto out;
1286
1287 /*
1288 * Read what's currently mapped in the destination file into smap.
1289 * If smap isn't a hole, we will have to remove it before we can add
1290 * dmap to the destination file.
1291 */
1292 nimaps = 1;
1293 error = xfs_bmapi_read(ip, dmap->br_startoff, dmap->br_blockcount,
1294 &smap, &nimaps, 0);
1295 if (error)
1296 goto out_cancel;
1297 ASSERT(nimaps == 1 && smap.br_startoff == dmap->br_startoff);
1298 smap_real = xfs_bmap_is_real_extent(&smap);
1299
1300 /*
1301 * We can only remap as many blocks as the smaller of the two extent
1302 * maps, because we can only remap one extent at a time.
1303 */
1304 dmap->br_blockcount = min(dmap->br_blockcount, smap.br_blockcount);
1305 ASSERT(dmap->br_blockcount == smap.br_blockcount);
1306
1307 trace_xfs_reflink_remap_extent_dest(ip, &smap);
1308
1309 /*
1310 * Two extents mapped to the same physical block must not have
1311 * different states; that's filesystem corruption. Move on to the next
1312 * extent if they're both holes or both the same physical extent.
1313 */
1314 if (dmap->br_startblock == smap.br_startblock) {
1315 if (dmap->br_state != smap.br_state) {
1316 xfs_bmap_mark_sick(ip, XFS_DATA_FORK);
1317 error = -EFSCORRUPTED;
1318 }
1319 goto out_cancel;
1320 }
1321
1322 /* If both extents are unwritten, leave them alone. */
1323 if (dmap->br_state == XFS_EXT_UNWRITTEN &&
1324 smap.br_state == XFS_EXT_UNWRITTEN)
1325 goto out_cancel;
1326
1327 /* No reflinking if the AG of the dest mapping is low on space. */
1328 if (dmap_written) {
1329 error = xfs_reflink_ag_has_free_space(mp, ip,
1330 dmap->br_startblock);
1331 if (error)
1332 goto out_cancel;
1333 }
1334
1335 /*
1336 * Increase quota reservation if we think the quota block counter for
1337 * this file could increase.
1338 *
1339 * If we are mapping a written extent into the file, we need to have
1340 * enough quota block count reservation to handle the blocks in that
1341 * extent. We log only the delta to the quota block counts, so if the
1342 * extent we're unmapping also has blocks allocated to it, we don't
1343 * need a quota reservation for the extent itself.
1344 *
1345 * Note that if we're replacing a delalloc reservation with a written
1346 * extent, we have to take the full quota reservation because removing
1347 * the delalloc reservation gives the block count back to the quota
1348 * count. This is suboptimal, but the VFS flushed the dest range
1349 * before we started. That should have removed all the delalloc
1350 * reservations, but we code defensively.
1351 *
1352 * xfs_trans_alloc_inode above already tried to grab an even larger
1353 * quota reservation, and kicked off a blockgc scan if it couldn't.
1354 * If we can't get a potentially smaller quota reservation now, we're
1355 * done.
1356 */
1357 if (!quota_reserved && !smap_real && dmap_written) {
1358 if (XFS_IS_REALTIME_INODE(ip)) {
1359 dblocks = 0;
1360 rblocks = dmap->br_blockcount;
1361 } else {
1362 dblocks = dmap->br_blockcount;
1363 rblocks = 0;
1364 }
1365 error = xfs_trans_reserve_quota_nblks(tp, ip, dblocks, rblocks,
1366 false);
1367 if (error)
1368 goto out_cancel;
1369 }
1370
1371 if (smap_real)
1372 ++iext_delta;
1373
1374 if (dmap_written)
1375 ++iext_delta;
1376
1377 error = xfs_iext_count_extend(tp, ip, XFS_DATA_FORK, iext_delta);
1378 if (error)
1379 goto out_cancel;
1380
1381 if (smap_real) {
1382 /*
1383 * If the extent we're unmapping is backed by storage (written
1384 * or not), unmap the extent and drop its refcount.
1385 */
1386 xfs_bmap_unmap_extent(tp, ip, XFS_DATA_FORK, &smap);
1387 xfs_refcount_decrease_extent(tp, isrt, &smap);
1388 qdelta -= smap.br_blockcount;
1389 } else if (smap.br_startblock == DELAYSTARTBLOCK) {
1390 int done;
1391
1392 /*
1393 * If the extent we're unmapping is a delalloc reservation,
1394 * we can use the regular bunmapi function to release the
1395 * incore state. Dropping the delalloc reservation takes care
1396 * of the quota reservation for us.
1397 */
1398 error = xfs_bunmapi(NULL, ip, smap.br_startoff,
1399 smap.br_blockcount, 0, 1, &done);
1400 if (error)
1401 goto out_cancel;
1402 ASSERT(done);
1403 }
1404
1405 /*
1406 * If the extent we're sharing is backed by written storage, increase
1407 * its refcount and map it into the file.
1408 */
1409 if (dmap_written) {
1410 xfs_refcount_increase_extent(tp, isrt, dmap);
1411 xfs_bmap_map_extent(tp, ip, XFS_DATA_FORK, dmap);
1412 qdelta += dmap->br_blockcount;
1413 }
1414
1415 xfs_reflink_update_quota(tp, ip, false, qdelta);
1416
1417 /* Update dest isize if needed. */
1418 newlen = XFS_FSB_TO_B(mp, dmap->br_startoff + dmap->br_blockcount);
1419 newlen = min_t(xfs_off_t, newlen, new_isize);
1420 if (newlen > i_size_read(VFS_I(ip))) {
1421 trace_xfs_reflink_update_inode_size(ip, newlen);
1422 i_size_write(VFS_I(ip), newlen);
1423 ip->i_disk_size = newlen;
1424 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1425 }
1426
1427 /* Commit everything and unlock. */
1428 error = xfs_trans_commit(tp);
1429 goto out_unlock;
1430
1431 out_cancel:
1432 xfs_trans_cancel(tp);
1433 out_unlock:
1434 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1435 out:
1436 if (error)
1437 trace_xfs_reflink_remap_extent_error(ip, error, _RET_IP_);
1438 return error;
1439 }
1440
1441 /* Remap a range of one file to the other. */
1442 int
xfs_reflink_remap_blocks(struct xfs_inode * src,loff_t pos_in,struct xfs_inode * dest,loff_t pos_out,loff_t remap_len,loff_t * remapped)1443 xfs_reflink_remap_blocks(
1444 struct xfs_inode *src,
1445 loff_t pos_in,
1446 struct xfs_inode *dest,
1447 loff_t pos_out,
1448 loff_t remap_len,
1449 loff_t *remapped)
1450 {
1451 struct xfs_bmbt_irec imap;
1452 struct xfs_mount *mp = src->i_mount;
1453 xfs_fileoff_t srcoff = XFS_B_TO_FSBT(mp, pos_in);
1454 xfs_fileoff_t destoff = XFS_B_TO_FSBT(mp, pos_out);
1455 xfs_filblks_t len;
1456 xfs_filblks_t remapped_len = 0;
1457 xfs_off_t new_isize = pos_out + remap_len;
1458 int nimaps;
1459 int error = 0;
1460
1461 len = min_t(xfs_filblks_t, XFS_B_TO_FSB(mp, remap_len),
1462 XFS_MAX_FILEOFF);
1463
1464 trace_xfs_reflink_remap_blocks(src, srcoff, len, dest, destoff);
1465
1466 while (len > 0) {
1467 unsigned int lock_mode;
1468
1469 /* Read extent from the source file */
1470 nimaps = 1;
1471 lock_mode = xfs_ilock_data_map_shared(src);
1472 error = xfs_bmapi_read(src, srcoff, len, &imap, &nimaps, 0);
1473 xfs_iunlock(src, lock_mode);
1474 if (error)
1475 break;
1476 /*
1477 * The caller supposedly flushed all dirty pages in the source
1478 * file range, which means that writeback should have allocated
1479 * or deleted all delalloc reservations in that range. If we
1480 * find one, that's a good sign that something is seriously
1481 * wrong here.
1482 */
1483 ASSERT(nimaps == 1 && imap.br_startoff == srcoff);
1484 if (imap.br_startblock == DELAYSTARTBLOCK) {
1485 ASSERT(imap.br_startblock != DELAYSTARTBLOCK);
1486 xfs_bmap_mark_sick(src, XFS_DATA_FORK);
1487 error = -EFSCORRUPTED;
1488 break;
1489 }
1490
1491 trace_xfs_reflink_remap_extent_src(src, &imap);
1492
1493 /* Remap into the destination file at the given offset. */
1494 imap.br_startoff = destoff;
1495 error = xfs_reflink_remap_extent(dest, &imap, new_isize);
1496 if (error)
1497 break;
1498
1499 if (fatal_signal_pending(current)) {
1500 error = -EINTR;
1501 break;
1502 }
1503
1504 /* Advance drange/srange */
1505 srcoff += imap.br_blockcount;
1506 destoff += imap.br_blockcount;
1507 len -= imap.br_blockcount;
1508 remapped_len += imap.br_blockcount;
1509 cond_resched();
1510 }
1511
1512 if (error)
1513 trace_xfs_reflink_remap_blocks_error(dest, error, _RET_IP_);
1514 *remapped = min_t(loff_t, remap_len,
1515 XFS_FSB_TO_B(src->i_mount, remapped_len));
1516 return error;
1517 }
1518
1519 /*
1520 * If we're reflinking to a point past the destination file's EOF, we must
1521 * zero any speculative post-EOF preallocations that sit between the old EOF
1522 * and the destination file offset.
1523 */
1524 static int
xfs_reflink_zero_posteof(struct xfs_inode * ip,loff_t pos)1525 xfs_reflink_zero_posteof(
1526 struct xfs_inode *ip,
1527 loff_t pos)
1528 {
1529 loff_t isize = i_size_read(VFS_I(ip));
1530
1531 if (pos <= isize)
1532 return 0;
1533
1534 trace_xfs_zero_eof(ip, isize, pos - isize);
1535 return xfs_zero_range(ip, isize, pos - isize, NULL, NULL);
1536 }
1537
1538 /*
1539 * Prepare two files for range cloning. Upon a successful return both inodes
1540 * will have the iolock and mmaplock held, the page cache of the out file will
1541 * be truncated, and any leases on the out file will have been broken. This
1542 * function borrows heavily from xfs_file_aio_write_checks.
1543 *
1544 * The VFS allows partial EOF blocks to "match" for dedupe even though it hasn't
1545 * checked that the bytes beyond EOF physically match. Hence we cannot use the
1546 * EOF block in the source dedupe range because it's not a complete block match,
1547 * hence can introduce a corruption into the file that has it's block replaced.
1548 *
1549 * In similar fashion, the VFS file cloning also allows partial EOF blocks to be
1550 * "block aligned" for the purposes of cloning entire files. However, if the
1551 * source file range includes the EOF block and it lands within the existing EOF
1552 * of the destination file, then we can expose stale data from beyond the source
1553 * file EOF in the destination file.
1554 *
1555 * XFS doesn't support partial block sharing, so in both cases we have check
1556 * these cases ourselves. For dedupe, we can simply round the length to dedupe
1557 * down to the previous whole block and ignore the partial EOF block. While this
1558 * means we can't dedupe the last block of a file, this is an acceptible
1559 * tradeoff for simplicity on implementation.
1560 *
1561 * For cloning, we want to share the partial EOF block if it is also the new EOF
1562 * block of the destination file. If the partial EOF block lies inside the
1563 * existing destination EOF, then we have to abort the clone to avoid exposing
1564 * stale data in the destination file. Hence we reject these clone attempts with
1565 * -EINVAL in this case.
1566 */
1567 int
xfs_reflink_remap_prep(struct file * file_in,loff_t pos_in,struct file * file_out,loff_t pos_out,loff_t * len,unsigned int remap_flags)1568 xfs_reflink_remap_prep(
1569 struct file *file_in,
1570 loff_t pos_in,
1571 struct file *file_out,
1572 loff_t pos_out,
1573 loff_t *len,
1574 unsigned int remap_flags)
1575 {
1576 struct inode *inode_in = file_inode(file_in);
1577 struct xfs_inode *src = XFS_I(inode_in);
1578 struct inode *inode_out = file_inode(file_out);
1579 struct xfs_inode *dest = XFS_I(inode_out);
1580 int ret;
1581
1582 /* Lock both files against IO */
1583 ret = xfs_ilock2_io_mmap(src, dest);
1584 if (ret)
1585 return ret;
1586
1587 /* Check file eligibility and prepare for block sharing. */
1588 ret = -EINVAL;
1589 /* Can't reflink between data and rt volumes */
1590 if (XFS_IS_REALTIME_INODE(src) != XFS_IS_REALTIME_INODE(dest))
1591 goto out_unlock;
1592
1593 /* Don't share DAX file data with non-DAX file. */
1594 if (IS_DAX(inode_in) != IS_DAX(inode_out))
1595 goto out_unlock;
1596
1597 if (!IS_DAX(inode_in))
1598 ret = generic_remap_file_range_prep(file_in, pos_in, file_out,
1599 pos_out, len, remap_flags);
1600 else
1601 ret = dax_remap_file_range_prep(file_in, pos_in, file_out,
1602 pos_out, len, remap_flags, &xfs_read_iomap_ops);
1603 if (ret || *len == 0)
1604 goto out_unlock;
1605
1606 /* Attach dquots to dest inode before changing block map */
1607 ret = xfs_qm_dqattach(dest);
1608 if (ret)
1609 goto out_unlock;
1610
1611 /*
1612 * Zero existing post-eof speculative preallocations in the destination
1613 * file.
1614 */
1615 ret = xfs_reflink_zero_posteof(dest, pos_out);
1616 if (ret)
1617 goto out_unlock;
1618
1619 /* Set flags and remap blocks. */
1620 ret = xfs_reflink_set_inode_flag(src, dest);
1621 if (ret)
1622 goto out_unlock;
1623
1624 /*
1625 * If pos_out > EOF, we may have dirtied blocks between EOF and
1626 * pos_out. In that case, we need to extend the flush and unmap to cover
1627 * from EOF to the end of the copy length.
1628 */
1629 if (pos_out > XFS_ISIZE(dest)) {
1630 loff_t flen = *len + (pos_out - XFS_ISIZE(dest));
1631 ret = xfs_flush_unmap_range(dest, XFS_ISIZE(dest), flen);
1632 } else {
1633 ret = xfs_flush_unmap_range(dest, pos_out, *len);
1634 }
1635 if (ret)
1636 goto out_unlock;
1637
1638 xfs_iflags_set(src, XFS_IREMAPPING);
1639 if (inode_in != inode_out)
1640 xfs_ilock_demote(src, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL);
1641
1642 return 0;
1643 out_unlock:
1644 xfs_iunlock2_io_mmap(src, dest);
1645 return ret;
1646 }
1647
1648 /* Does this inode need the reflink flag? */
1649 int
xfs_reflink_inode_has_shared_extents(struct xfs_trans * tp,struct xfs_inode * ip,bool * has_shared)1650 xfs_reflink_inode_has_shared_extents(
1651 struct xfs_trans *tp,
1652 struct xfs_inode *ip,
1653 bool *has_shared)
1654 {
1655 struct xfs_bmbt_irec got;
1656 struct xfs_mount *mp = ip->i_mount;
1657 struct xfs_ifork *ifp;
1658 struct xfs_iext_cursor icur;
1659 bool found;
1660 int error;
1661
1662 ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK);
1663 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1664 if (error)
1665 return error;
1666
1667 *has_shared = false;
1668 found = xfs_iext_lookup_extent(ip, ifp, 0, &icur, &got);
1669 while (found) {
1670 xfs_extlen_t shared_offset, shared_len;
1671
1672 if (isnullstartblock(got.br_startblock) ||
1673 got.br_state != XFS_EXT_NORM)
1674 goto next;
1675
1676 if (XFS_IS_REALTIME_INODE(ip))
1677 error = xfs_reflink_find_rtshared(mp, tp, &got,
1678 &shared_offset, &shared_len, false);
1679 else
1680 error = xfs_reflink_find_shared(mp, tp, &got,
1681 &shared_offset, &shared_len, false);
1682 if (error)
1683 return error;
1684
1685 /* Is there still a shared block here? */
1686 if (shared_len) {
1687 *has_shared = true;
1688 return 0;
1689 }
1690 next:
1691 found = xfs_iext_next_extent(ifp, &icur, &got);
1692 }
1693
1694 return 0;
1695 }
1696
1697 /*
1698 * Clear the inode reflink flag if there are no shared extents.
1699 *
1700 * The caller is responsible for joining the inode to the transaction passed in.
1701 * The inode will be joined to the transaction that is returned to the caller.
1702 */
1703 int
xfs_reflink_clear_inode_flag(struct xfs_inode * ip,struct xfs_trans ** tpp)1704 xfs_reflink_clear_inode_flag(
1705 struct xfs_inode *ip,
1706 struct xfs_trans **tpp)
1707 {
1708 bool needs_flag;
1709 int error = 0;
1710
1711 ASSERT(xfs_is_reflink_inode(ip));
1712
1713 if (!xfs_can_free_cowblocks(ip))
1714 return 0;
1715
1716 error = xfs_reflink_inode_has_shared_extents(*tpp, ip, &needs_flag);
1717 if (error || needs_flag)
1718 return error;
1719
1720 /*
1721 * We didn't find any shared blocks so turn off the reflink flag.
1722 * First, get rid of any leftover CoW mappings.
1723 */
1724 error = xfs_reflink_cancel_cow_blocks(ip, tpp, 0, XFS_MAX_FILEOFF,
1725 true);
1726 if (error)
1727 return error;
1728
1729 /* Clear the inode flag. */
1730 trace_xfs_reflink_unset_inode_flag(ip);
1731 ip->i_diflags2 &= ~XFS_DIFLAG2_REFLINK;
1732 xfs_inode_clear_cowblocks_tag(ip);
1733 xfs_trans_log_inode(*tpp, ip, XFS_ILOG_CORE);
1734
1735 return error;
1736 }
1737
1738 /*
1739 * Clear the inode reflink flag if there are no shared extents and the size
1740 * hasn't changed.
1741 */
1742 STATIC int
xfs_reflink_try_clear_inode_flag(struct xfs_inode * ip)1743 xfs_reflink_try_clear_inode_flag(
1744 struct xfs_inode *ip)
1745 {
1746 struct xfs_mount *mp = ip->i_mount;
1747 struct xfs_trans *tp;
1748 int error = 0;
1749
1750 /* Start a rolling transaction to remove the mappings */
1751 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, 0, 0, 0, &tp);
1752 if (error)
1753 return error;
1754
1755 xfs_ilock(ip, XFS_ILOCK_EXCL);
1756 xfs_trans_ijoin(tp, ip, 0);
1757
1758 error = xfs_reflink_clear_inode_flag(ip, &tp);
1759 if (error)
1760 goto cancel;
1761
1762 error = xfs_trans_commit(tp);
1763 if (error)
1764 goto out;
1765
1766 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1767 return 0;
1768 cancel:
1769 xfs_trans_cancel(tp);
1770 out:
1771 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1772 return error;
1773 }
1774
1775 /*
1776 * Pre-COW all shared blocks within a given byte range of a file and turn off
1777 * the reflink flag if we unshare all of the file's blocks.
1778 */
1779 int
xfs_reflink_unshare(struct xfs_inode * ip,xfs_off_t offset,xfs_off_t len)1780 xfs_reflink_unshare(
1781 struct xfs_inode *ip,
1782 xfs_off_t offset,
1783 xfs_off_t len)
1784 {
1785 struct inode *inode = VFS_I(ip);
1786 int error;
1787
1788 if (!xfs_is_reflink_inode(ip))
1789 return 0;
1790
1791 trace_xfs_reflink_unshare(ip, offset, len);
1792
1793 inode_dio_wait(inode);
1794
1795 if (IS_DAX(inode))
1796 error = dax_file_unshare(inode, offset, len,
1797 &xfs_dax_write_iomap_ops);
1798 else
1799 error = iomap_file_unshare(inode, offset, len,
1800 &xfs_buffered_write_iomap_ops);
1801 if (error)
1802 goto out;
1803
1804 error = filemap_write_and_wait_range(inode->i_mapping, offset,
1805 offset + len - 1);
1806 if (error)
1807 goto out;
1808
1809 /* Turn off the reflink flag if possible. */
1810 error = xfs_reflink_try_clear_inode_flag(ip);
1811 if (error)
1812 goto out;
1813 return 0;
1814
1815 out:
1816 trace_xfs_reflink_unshare_error(ip, error, _RET_IP_);
1817 return error;
1818 }
1819
1820 /*
1821 * Can we use reflink with this realtime extent size? Note that we don't check
1822 * for rblocks > 0 here because this can be called as part of attaching a new
1823 * rt section.
1824 */
1825 bool
xfs_reflink_supports_rextsize(struct xfs_mount * mp,unsigned int rextsize)1826 xfs_reflink_supports_rextsize(
1827 struct xfs_mount *mp,
1828 unsigned int rextsize)
1829 {
1830 /* reflink on the realtime device requires rtgroups */
1831 if (!xfs_has_rtgroups(mp))
1832 return false;
1833
1834 /*
1835 * Reflink doesn't support rt extent size larger than a single fsblock
1836 * because we would have to perform CoW-around for unaligned write
1837 * requests to guarantee that we always remap entire rt extents.
1838 */
1839 if (rextsize != 1)
1840 return false;
1841
1842 return true;
1843 }
1844