1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 4 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 5 */ 6 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 9 #include <linux/spinlock.h> 10 #include <linux/completion.h> 11 #include <linux/buffer_head.h> 12 #include <linux/kthread.h> 13 #include <linux/crc32.h> 14 #include <linux/gfs2_ondisk.h> 15 #include <linux/delay.h> 16 #include <linux/uaccess.h> 17 18 #include "gfs2.h" 19 #include "incore.h" 20 #include "glock.h" 21 #include "glops.h" 22 #include "log.h" 23 #include "lops.h" 24 #include "recovery.h" 25 #include "rgrp.h" 26 #include "super.h" 27 #include "util.h" 28 29 struct kmem_cache *gfs2_glock_cachep __read_mostly; 30 struct kmem_cache *gfs2_glock_aspace_cachep __read_mostly; 31 struct kmem_cache *gfs2_inode_cachep __read_mostly; 32 struct kmem_cache *gfs2_bufdata_cachep __read_mostly; 33 struct kmem_cache *gfs2_rgrpd_cachep __read_mostly; 34 struct kmem_cache *gfs2_quotad_cachep __read_mostly; 35 struct kmem_cache *gfs2_qadata_cachep __read_mostly; 36 struct kmem_cache *gfs2_trans_cachep __read_mostly; 37 mempool_t *gfs2_page_pool __read_mostly; 38 39 void gfs2_assert_i(struct gfs2_sbd *sdp) 40 { 41 fs_emerg(sdp, "fatal assertion failed\n"); 42 } 43 44 /** 45 * check_journal_clean - Make sure a journal is clean for a spectator mount 46 * @sdp: The GFS2 superblock 47 * @jd: The journal descriptor 48 * @verbose: Show more prints in the log 49 * 50 * Returns: 0 if the journal is clean or locked, else an error 51 */ 52 int check_journal_clean(struct gfs2_sbd *sdp, struct gfs2_jdesc *jd, 53 bool verbose) 54 { 55 int error; 56 struct gfs2_holder j_gh; 57 struct gfs2_log_header_host head; 58 struct gfs2_inode *ip; 59 60 ip = GFS2_I(jd->jd_inode); 61 error = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED, LM_FLAG_NOEXP | 62 GL_EXACT | GL_NOCACHE, &j_gh); 63 if (error) { 64 if (verbose) 65 fs_err(sdp, "Error %d locking journal for spectator " 66 "mount.\n", error); 67 return -EPERM; 68 } 69 error = gfs2_jdesc_check(jd); 70 if (error) { 71 if (verbose) 72 fs_err(sdp, "Error checking journal for spectator " 73 "mount.\n"); 74 goto out_unlock; 75 } 76 error = gfs2_find_jhead(jd, &head); 77 if (error) { 78 if (verbose) 79 fs_err(sdp, "Error parsing journal for spectator " 80 "mount.\n"); 81 goto out_unlock; 82 } 83 if (!(head.lh_flags & GFS2_LOG_HEAD_UNMOUNT)) { 84 error = -EPERM; 85 if (verbose) 86 fs_err(sdp, "jid=%u: Journal is dirty, so the first " 87 "mounter must not be a spectator.\n", 88 jd->jd_jid); 89 } 90 91 out_unlock: 92 gfs2_glock_dq_uninit(&j_gh); 93 return error; 94 } 95 96 /** 97 * gfs2_freeze_lock_shared - hold the freeze glock 98 * @sdp: the superblock 99 */ 100 int gfs2_freeze_lock_shared(struct gfs2_sbd *sdp) 101 { 102 int flags = LM_FLAG_NOEXP | GL_EXACT; 103 int error; 104 105 error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_SHARED, flags, 106 &sdp->sd_freeze_gh); 107 if (error && error != GLR_TRYFAILED) 108 fs_err(sdp, "can't lock the freeze glock: %d\n", error); 109 return error; 110 } 111 112 void gfs2_freeze_unlock(struct gfs2_sbd *sdp) 113 { 114 if (gfs2_holder_initialized(&sdp->sd_freeze_gh)) 115 gfs2_glock_dq_uninit(&sdp->sd_freeze_gh); 116 } 117 118 static void signal_our_withdraw(struct gfs2_sbd *sdp) 119 { 120 struct gfs2_glock *live_gl = sdp->sd_live_gh.gh_gl; 121 struct inode *inode; 122 struct gfs2_inode *ip; 123 struct gfs2_glock *i_gl; 124 u64 no_formal_ino; 125 int ret = 0; 126 int tries; 127 128 if (test_bit(SDF_NORECOVERY, &sdp->sd_flags) || !sdp->sd_jdesc) 129 return; 130 131 gfs2_ail_drain(sdp); /* frees all transactions */ 132 inode = sdp->sd_jdesc->jd_inode; 133 ip = GFS2_I(inode); 134 i_gl = ip->i_gl; 135 no_formal_ino = ip->i_no_formal_ino; 136 137 /* Prevent any glock dq until withdraw recovery is complete */ 138 set_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 139 /* 140 * Don't tell dlm we're bailing until we have no more buffers in the 141 * wind. If journal had an IO error, the log code should just purge 142 * the outstanding buffers rather than submitting new IO. Making the 143 * file system read-only will flush the journal, etc. 144 * 145 * During a normal unmount, gfs2_make_fs_ro calls gfs2_log_shutdown 146 * which clears SDF_JOURNAL_LIVE. In a withdraw, we must not write 147 * any UNMOUNT log header, so we can't call gfs2_log_shutdown, and 148 * therefore we need to clear SDF_JOURNAL_LIVE manually. 149 */ 150 clear_bit(SDF_JOURNAL_LIVE, &sdp->sd_flags); 151 if (!sb_rdonly(sdp->sd_vfs)) { 152 bool locked = mutex_trylock(&sdp->sd_freeze_mutex); 153 154 wake_up(&sdp->sd_logd_waitq); 155 wake_up(&sdp->sd_quota_wait); 156 157 wait_event_timeout(sdp->sd_log_waitq, 158 gfs2_log_is_empty(sdp), 159 HZ * 5); 160 161 sdp->sd_vfs->s_flags |= SB_RDONLY; 162 163 if (locked) 164 mutex_unlock(&sdp->sd_freeze_mutex); 165 166 /* 167 * Dequeue any pending non-system glock holders that can no 168 * longer be granted because the file system is withdrawn. 169 */ 170 gfs2_gl_dq_holders(sdp); 171 } 172 173 if (sdp->sd_lockstruct.ls_ops->lm_lock == NULL) { /* lock_nolock */ 174 if (!ret) 175 ret = -EIO; 176 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 177 goto skip_recovery; 178 } 179 /* 180 * Drop the glock for our journal so another node can recover it. 181 */ 182 if (gfs2_holder_initialized(&sdp->sd_journal_gh)) { 183 gfs2_glock_dq_wait(&sdp->sd_journal_gh); 184 gfs2_holder_uninit(&sdp->sd_journal_gh); 185 } 186 sdp->sd_jinode_gh.gh_flags |= GL_NOCACHE; 187 gfs2_glock_dq(&sdp->sd_jinode_gh); 188 gfs2_thaw_freeze_initiator(sdp->sd_vfs); 189 wait_on_bit(&i_gl->gl_flags, GLF_DEMOTE, TASK_UNINTERRUPTIBLE); 190 191 /* 192 * holder_uninit to force glock_put, to force dlm to let go 193 */ 194 gfs2_holder_uninit(&sdp->sd_jinode_gh); 195 196 /* 197 * Note: We need to be careful here: 198 * Our iput of jd_inode will evict it. The evict will dequeue its 199 * glock, but the glock dq will wait for the withdraw unless we have 200 * exception code in glock_dq. 201 */ 202 iput(inode); 203 sdp->sd_jdesc->jd_inode = NULL; 204 /* 205 * Wait until the journal inode's glock is freed. This allows try locks 206 * on other nodes to be successful, otherwise we remain the owner of 207 * the glock as far as dlm is concerned. 208 */ 209 if (i_gl->gl_ops->go_unlocked) { 210 set_bit(GLF_UNLOCKED, &i_gl->gl_flags); 211 wait_on_bit(&i_gl->gl_flags, GLF_UNLOCKED, TASK_UNINTERRUPTIBLE); 212 } 213 214 /* 215 * Dequeue the "live" glock, but keep a reference so it's never freed. 216 */ 217 gfs2_glock_hold(live_gl); 218 gfs2_glock_dq_wait(&sdp->sd_live_gh); 219 /* 220 * We enqueue the "live" glock in EX so that all other nodes 221 * get a demote request and act on it. We don't really want the 222 * lock in EX, so we send a "try" lock with 1CB to produce a callback. 223 */ 224 fs_warn(sdp, "Requesting recovery of jid %d.\n", 225 sdp->sd_lockstruct.ls_jid); 226 gfs2_holder_reinit(LM_ST_EXCLUSIVE, 227 LM_FLAG_TRY_1CB | LM_FLAG_NOEXP | GL_NOPID, 228 &sdp->sd_live_gh); 229 msleep(GL_GLOCK_MAX_HOLD); 230 /* 231 * This will likely fail in a cluster, but succeed standalone: 232 */ 233 ret = gfs2_glock_nq(&sdp->sd_live_gh); 234 235 gfs2_glock_put(live_gl); /* drop extra reference we acquired */ 236 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 237 238 /* 239 * If we actually got the "live" lock in EX mode, there are no other 240 * nodes available to replay our journal. 241 */ 242 if (ret == 0) { 243 fs_warn(sdp, "No other mounters found.\n"); 244 /* 245 * We are about to release the lockspace. By keeping live_gl 246 * locked here, we ensure that the next mounter coming along 247 * will be a "first" mounter which will perform recovery. 248 */ 249 goto skip_recovery; 250 } 251 252 /* 253 * At this point our journal is evicted, so we need to get a new inode 254 * for it. Once done, we need to call gfs2_find_jhead which 255 * calls gfs2_map_journal_extents to map it for us again. 256 * 257 * Note that we don't really want it to look up a FREE block. The 258 * GFS2_BLKST_FREE simply overrides a block check in gfs2_inode_lookup 259 * which would otherwise fail because it requires grabbing an rgrp 260 * glock, which would fail with -EIO because we're withdrawing. 261 */ 262 inode = gfs2_inode_lookup(sdp->sd_vfs, DT_UNKNOWN, 263 sdp->sd_jdesc->jd_no_addr, no_formal_ino, 264 GFS2_BLKST_FREE); 265 if (IS_ERR(inode)) { 266 fs_warn(sdp, "Reprocessing of jid %d failed with %ld.\n", 267 sdp->sd_lockstruct.ls_jid, PTR_ERR(inode)); 268 goto skip_recovery; 269 } 270 sdp->sd_jdesc->jd_inode = inode; 271 d_mark_dontcache(inode); 272 273 /* 274 * Now wait until recovery is complete. 275 */ 276 for (tries = 0; tries < 10; tries++) { 277 ret = check_journal_clean(sdp, sdp->sd_jdesc, false); 278 if (!ret) 279 break; 280 msleep(HZ); 281 fs_warn(sdp, "Waiting for journal recovery jid %d.\n", 282 sdp->sd_lockstruct.ls_jid); 283 } 284 skip_recovery: 285 if (!ret) 286 fs_warn(sdp, "Journal recovery complete for jid %d.\n", 287 sdp->sd_lockstruct.ls_jid); 288 else 289 fs_warn(sdp, "Journal recovery skipped for jid %d until next " 290 "mount.\n", sdp->sd_lockstruct.ls_jid); 291 fs_warn(sdp, "Glock dequeues delayed: %lu\n", sdp->sd_glock_dqs_held); 292 sdp->sd_glock_dqs_held = 0; 293 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_RECOVERY); 294 } 295 296 void gfs2_lm(struct gfs2_sbd *sdp, const char *fmt, ...) 297 { 298 struct va_format vaf; 299 va_list args; 300 301 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW && 302 test_bit(SDF_WITHDRAWN, &sdp->sd_flags)) 303 return; 304 305 va_start(args, fmt); 306 vaf.fmt = fmt; 307 vaf.va = &args; 308 fs_err(sdp, "%pV", &vaf); 309 va_end(args); 310 } 311 312 void gfs2_withdraw(struct gfs2_sbd *sdp) 313 { 314 struct lm_lockstruct *ls = &sdp->sd_lockstruct; 315 const struct lm_lockops *lm = ls->ls_ops; 316 317 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW) { 318 unsigned long old = READ_ONCE(sdp->sd_flags), new; 319 320 do { 321 if (old & BIT(SDF_WITHDRAWN)) { 322 wait_on_bit(&sdp->sd_flags, 323 SDF_WITHDRAW_IN_PROG, 324 TASK_UNINTERRUPTIBLE); 325 return; 326 } 327 new = old | BIT(SDF_WITHDRAWN) | BIT(SDF_WITHDRAW_IN_PROG); 328 } while (unlikely(!try_cmpxchg(&sdp->sd_flags, &old, new))); 329 330 fs_err(sdp, "about to withdraw this file system\n"); 331 BUG_ON(sdp->sd_args.ar_debug); 332 333 signal_our_withdraw(sdp); 334 335 kobject_uevent(&sdp->sd_kobj, KOBJ_OFFLINE); 336 337 if (!strcmp(sdp->sd_lockstruct.ls_ops->lm_proto_name, "lock_dlm")) 338 wait_for_completion(&sdp->sd_wdack); 339 340 if (lm->lm_unmount) { 341 fs_err(sdp, "telling LM to unmount\n"); 342 lm->lm_unmount(sdp); 343 } 344 fs_err(sdp, "File system withdrawn\n"); 345 dump_stack(); 346 clear_bit(SDF_WITHDRAW_IN_PROG, &sdp->sd_flags); 347 smp_mb__after_atomic(); 348 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_IN_PROG); 349 } 350 351 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 352 panic("GFS2: fsid=%s: panic requested\n", sdp->sd_fsname); 353 } 354 355 /* 356 * gfs2_assert_withdraw_i - Cause the machine to withdraw if @assertion is false 357 */ 358 359 void gfs2_assert_withdraw_i(struct gfs2_sbd *sdp, char *assertion, 360 const char *function, char *file, unsigned int line, 361 bool delayed) 362 { 363 if (gfs2_withdrawing_or_withdrawn(sdp)) 364 return; 365 366 fs_err(sdp, 367 "fatal: assertion \"%s\" failed - " 368 "function = %s, file = %s, line = %u\n", 369 assertion, function, file, line); 370 371 /* 372 * If errors=panic was specified on mount, it won't help to delay the 373 * withdraw. 374 */ 375 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 376 delayed = false; 377 378 if (delayed) 379 gfs2_withdraw_delayed(sdp); 380 else 381 gfs2_withdraw(sdp); 382 dump_stack(); 383 } 384 385 /* 386 * gfs2_assert_warn_i - Print a message to the console if @assertion is false 387 */ 388 389 void gfs2_assert_warn_i(struct gfs2_sbd *sdp, char *assertion, 390 const char *function, char *file, unsigned int line) 391 { 392 if (time_before(jiffies, 393 sdp->sd_last_warning + 394 gfs2_tune_get(sdp, gt_complain_secs) * HZ)) 395 return; 396 397 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW) 398 fs_warn(sdp, "warning: assertion \"%s\" failed - " 399 "function = %s, file = %s, line = %u\n", 400 assertion, function, file, line); 401 402 if (sdp->sd_args.ar_debug) 403 BUG(); 404 else 405 dump_stack(); 406 407 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 408 panic("GFS2: fsid=%s: warning: assertion \"%s\" failed - " 409 "function = %s, file = %s, line = %u\n", 410 sdp->sd_fsname, assertion, 411 function, file, line); 412 413 sdp->sd_last_warning = jiffies; 414 } 415 416 /* 417 * gfs2_consist_i - Flag a filesystem consistency error and withdraw 418 */ 419 420 void gfs2_consist_i(struct gfs2_sbd *sdp, const char *function, 421 char *file, unsigned int line) 422 { 423 gfs2_lm(sdp, 424 "fatal: filesystem consistency error - " 425 "function = %s, file = %s, line = %u\n", 426 function, file, line); 427 gfs2_withdraw(sdp); 428 } 429 430 /* 431 * gfs2_consist_inode_i - Flag an inode consistency error and withdraw 432 */ 433 434 void gfs2_consist_inode_i(struct gfs2_inode *ip, 435 const char *function, char *file, unsigned int line) 436 { 437 struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode); 438 439 gfs2_lm(sdp, 440 "fatal: filesystem consistency error - " 441 "inode = %llu %llu, " 442 "function = %s, file = %s, line = %u\n", 443 (unsigned long long)ip->i_no_formal_ino, 444 (unsigned long long)ip->i_no_addr, 445 function, file, line); 446 gfs2_dump_glock(NULL, ip->i_gl, 1); 447 gfs2_withdraw(sdp); 448 } 449 450 /* 451 * gfs2_consist_rgrpd_i - Flag a RG consistency error and withdraw 452 */ 453 454 void gfs2_consist_rgrpd_i(struct gfs2_rgrpd *rgd, 455 const char *function, char *file, unsigned int line) 456 { 457 struct gfs2_sbd *sdp = rgd->rd_sbd; 458 char fs_id_buf[sizeof(sdp->sd_fsname) + 7]; 459 460 sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname); 461 gfs2_rgrp_dump(NULL, rgd, fs_id_buf); 462 gfs2_lm(sdp, 463 "fatal: filesystem consistency error - " 464 "RG = %llu, " 465 "function = %s, file = %s, line = %u\n", 466 (unsigned long long)rgd->rd_addr, 467 function, file, line); 468 gfs2_dump_glock(NULL, rgd->rd_gl, 1); 469 gfs2_withdraw(sdp); 470 } 471 472 /* 473 * gfs2_meta_check_ii - Flag a magic number consistency error and withdraw 474 */ 475 476 void gfs2_meta_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh, 477 const char *function, char *file, 478 unsigned int line) 479 { 480 gfs2_lm(sdp, 481 "fatal: invalid metadata block - " 482 "bh = %llu (bad magic number), " 483 "function = %s, file = %s, line = %u\n", 484 (unsigned long long)bh->b_blocknr, 485 function, file, line); 486 gfs2_withdraw(sdp); 487 } 488 489 /* 490 * gfs2_metatype_check_ii - Flag a metadata type consistency error and withdraw 491 */ 492 493 void gfs2_metatype_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh, 494 u16 type, u16 t, const char *function, 495 char *file, unsigned int line) 496 { 497 gfs2_lm(sdp, 498 "fatal: invalid metadata block - " 499 "bh = %llu (type: exp=%u, found=%u), " 500 "function = %s, file = %s, line = %u\n", 501 (unsigned long long)bh->b_blocknr, type, t, 502 function, file, line); 503 gfs2_withdraw(sdp); 504 } 505 506 /* 507 * gfs2_io_error_i - Flag an I/O error and withdraw 508 * Returns: -1 if this call withdrew the machine, 509 * 0 if it was already withdrawn 510 */ 511 512 void gfs2_io_error_i(struct gfs2_sbd *sdp, const char *function, char *file, 513 unsigned int line) 514 { 515 gfs2_lm(sdp, 516 "fatal: I/O error - " 517 "function = %s, file = %s, line = %u\n", 518 function, file, line); 519 gfs2_withdraw(sdp); 520 } 521 522 /* 523 * gfs2_io_error_bh_i - Flag a buffer I/O error 524 * @withdraw: withdraw the filesystem 525 */ 526 527 void gfs2_io_error_bh_i(struct gfs2_sbd *sdp, struct buffer_head *bh, 528 const char *function, char *file, unsigned int line, 529 bool withdraw) 530 { 531 if (gfs2_withdrawing_or_withdrawn(sdp)) 532 return; 533 534 fs_err(sdp, "fatal: I/O error - " 535 "block = %llu, " 536 "function = %s, file = %s, line = %u\n", 537 (unsigned long long)bh->b_blocknr, function, file, line); 538 if (withdraw) 539 gfs2_withdraw(sdp); 540 } 541 542