1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 4 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 5 */ 6 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 9 #include <linux/spinlock.h> 10 #include <linux/completion.h> 11 #include <linux/buffer_head.h> 12 #include <linux/kthread.h> 13 #include <linux/crc32.h> 14 #include <linux/gfs2_ondisk.h> 15 #include <linux/delay.h> 16 #include <linux/uaccess.h> 17 18 #include "gfs2.h" 19 #include "incore.h" 20 #include "glock.h" 21 #include "glops.h" 22 #include "log.h" 23 #include "lops.h" 24 #include "recovery.h" 25 #include "rgrp.h" 26 #include "super.h" 27 #include "util.h" 28 29 struct kmem_cache *gfs2_glock_cachep __read_mostly; 30 struct kmem_cache *gfs2_glock_aspace_cachep __read_mostly; 31 struct kmem_cache *gfs2_inode_cachep __read_mostly; 32 struct kmem_cache *gfs2_bufdata_cachep __read_mostly; 33 struct kmem_cache *gfs2_rgrpd_cachep __read_mostly; 34 struct kmem_cache *gfs2_quotad_cachep __read_mostly; 35 struct kmem_cache *gfs2_qadata_cachep __read_mostly; 36 struct kmem_cache *gfs2_trans_cachep __read_mostly; 37 mempool_t *gfs2_page_pool __read_mostly; 38 39 void gfs2_assert_i(struct gfs2_sbd *sdp) 40 { 41 fs_emerg(sdp, "fatal assertion failed\n"); 42 } 43 44 /** 45 * check_journal_clean - Make sure a journal is clean for a spectator mount 46 * @sdp: The GFS2 superblock 47 * @jd: The journal descriptor 48 * @verbose: Show more prints in the log 49 * 50 * Returns: 0 if the journal is clean or locked, else an error 51 */ 52 int check_journal_clean(struct gfs2_sbd *sdp, struct gfs2_jdesc *jd, 53 bool verbose) 54 { 55 int error; 56 struct gfs2_holder j_gh; 57 struct gfs2_log_header_host head; 58 struct gfs2_inode *ip; 59 60 ip = GFS2_I(jd->jd_inode); 61 error = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED, LM_FLAG_NOEXP | 62 GL_EXACT | GL_NOCACHE, &j_gh); 63 if (error) { 64 if (verbose) 65 fs_err(sdp, "Error %d locking journal for spectator " 66 "mount.\n", error); 67 return -EPERM; 68 } 69 error = gfs2_jdesc_check(jd); 70 if (error) { 71 if (verbose) 72 fs_err(sdp, "Error checking journal for spectator " 73 "mount.\n"); 74 goto out_unlock; 75 } 76 error = gfs2_find_jhead(jd, &head); 77 if (error) { 78 if (verbose) 79 fs_err(sdp, "Error parsing journal for spectator " 80 "mount.\n"); 81 goto out_unlock; 82 } 83 if (!(head.lh_flags & GFS2_LOG_HEAD_UNMOUNT)) { 84 error = -EPERM; 85 if (verbose) 86 fs_err(sdp, "jid=%u: Journal is dirty, so the first " 87 "mounter must not be a spectator.\n", 88 jd->jd_jid); 89 } 90 91 out_unlock: 92 gfs2_glock_dq_uninit(&j_gh); 93 return error; 94 } 95 96 /** 97 * gfs2_freeze_lock_shared - hold the freeze glock 98 * @sdp: the superblock 99 */ 100 int gfs2_freeze_lock_shared(struct gfs2_sbd *sdp) 101 { 102 int flags = LM_FLAG_NOEXP | GL_EXACT; 103 int error; 104 105 error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_SHARED, flags, 106 &sdp->sd_freeze_gh); 107 if (error && error != GLR_TRYFAILED) 108 fs_err(sdp, "can't lock the freeze glock: %d\n", error); 109 return error; 110 } 111 112 void gfs2_freeze_unlock(struct gfs2_sbd *sdp) 113 { 114 if (gfs2_holder_initialized(&sdp->sd_freeze_gh)) 115 gfs2_glock_dq_uninit(&sdp->sd_freeze_gh); 116 } 117 118 static void signal_our_withdraw(struct gfs2_sbd *sdp) 119 { 120 struct gfs2_glock *live_gl = sdp->sd_live_gh.gh_gl; 121 struct inode *inode; 122 struct gfs2_inode *ip; 123 struct gfs2_glock *i_gl; 124 u64 no_formal_ino; 125 int ret = 0; 126 int tries; 127 128 if (test_bit(SDF_NORECOVERY, &sdp->sd_flags) || !sdp->sd_jdesc) 129 return; 130 131 gfs2_ail_drain(sdp); /* frees all transactions */ 132 inode = sdp->sd_jdesc->jd_inode; 133 ip = GFS2_I(inode); 134 i_gl = ip->i_gl; 135 no_formal_ino = ip->i_no_formal_ino; 136 137 /* Prevent any glock dq until withdraw recovery is complete */ 138 set_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 139 /* 140 * Don't tell dlm we're bailing until we have no more buffers in the 141 * wind. If journal had an IO error, the log code should just purge 142 * the outstanding buffers rather than submitting new IO. Making the 143 * file system read-only will flush the journal, etc. 144 * 145 * During a normal unmount, gfs2_make_fs_ro calls gfs2_log_shutdown 146 * which clears SDF_JOURNAL_LIVE. In a withdraw, we must not write 147 * any UNMOUNT log header, so we can't call gfs2_log_shutdown, and 148 * therefore we need to clear SDF_JOURNAL_LIVE manually. 149 */ 150 clear_bit(SDF_JOURNAL_LIVE, &sdp->sd_flags); 151 if (!sb_rdonly(sdp->sd_vfs)) { 152 bool locked = mutex_trylock(&sdp->sd_freeze_mutex); 153 154 wake_up(&sdp->sd_logd_waitq); 155 wake_up(&sdp->sd_quota_wait); 156 157 wait_event_timeout(sdp->sd_log_waitq, 158 gfs2_log_is_empty(sdp), 159 HZ * 5); 160 161 sdp->sd_vfs->s_flags |= SB_RDONLY; 162 163 if (locked) 164 mutex_unlock(&sdp->sd_freeze_mutex); 165 166 /* 167 * Dequeue any pending non-system glock holders that can no 168 * longer be granted because the file system is withdrawn. 169 */ 170 gfs2_gl_dq_holders(sdp); 171 } 172 173 if (sdp->sd_lockstruct.ls_ops->lm_lock == NULL) { /* lock_nolock */ 174 if (!ret) 175 ret = -EIO; 176 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 177 goto skip_recovery; 178 } 179 /* 180 * Drop the glock for our journal so another node can recover it. 181 */ 182 if (gfs2_holder_initialized(&sdp->sd_journal_gh)) { 183 gfs2_glock_dq_wait(&sdp->sd_journal_gh); 184 gfs2_holder_uninit(&sdp->sd_journal_gh); 185 } 186 sdp->sd_jinode_gh.gh_flags |= GL_NOCACHE; 187 gfs2_glock_dq(&sdp->sd_jinode_gh); 188 gfs2_thaw_freeze_initiator(sdp->sd_vfs); 189 wait_on_bit(&i_gl->gl_flags, GLF_DEMOTE, TASK_UNINTERRUPTIBLE); 190 191 /* 192 * holder_uninit to force glock_put, to force dlm to let go 193 */ 194 gfs2_holder_uninit(&sdp->sd_jinode_gh); 195 196 /* 197 * Note: We need to be careful here: 198 * Our iput of jd_inode will evict it. The evict will dequeue its 199 * glock, but the glock dq will wait for the withdraw unless we have 200 * exception code in glock_dq. 201 */ 202 iput(inode); 203 sdp->sd_jdesc->jd_inode = NULL; 204 /* 205 * Wait until the journal inode's glock is freed. This allows try locks 206 * on other nodes to be successful, otherwise we remain the owner of 207 * the glock as far as dlm is concerned. 208 */ 209 if (i_gl->gl_ops->go_unlocked) { 210 set_bit(GLF_UNLOCKED, &i_gl->gl_flags); 211 wait_on_bit(&i_gl->gl_flags, GLF_UNLOCKED, TASK_UNINTERRUPTIBLE); 212 } 213 214 /* 215 * Dequeue the "live" glock, but keep a reference so it's never freed. 216 */ 217 gfs2_glock_hold(live_gl); 218 gfs2_glock_dq_wait(&sdp->sd_live_gh); 219 /* 220 * We enqueue the "live" glock in EX so that all other nodes 221 * get a demote request and act on it. We don't really want the 222 * lock in EX, so we send a "try" lock with 1CB to produce a callback. 223 */ 224 fs_warn(sdp, "Requesting recovery of jid %d.\n", 225 sdp->sd_lockstruct.ls_jid); 226 gfs2_holder_reinit(LM_ST_EXCLUSIVE, 227 LM_FLAG_TRY_1CB | LM_FLAG_NOEXP | GL_NOPID, 228 &sdp->sd_live_gh); 229 msleep(GL_GLOCK_MAX_HOLD); 230 /* 231 * This will likely fail in a cluster, but succeed standalone: 232 */ 233 ret = gfs2_glock_nq(&sdp->sd_live_gh); 234 235 gfs2_glock_put(live_gl); /* drop extra reference we acquired */ 236 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags); 237 238 /* 239 * If we actually got the "live" lock in EX mode, there are no other 240 * nodes available to replay our journal. 241 */ 242 if (ret == 0) { 243 fs_warn(sdp, "No other mounters found.\n"); 244 /* 245 * We are about to release the lockspace. By keeping live_gl 246 * locked here, we ensure that the next mounter coming along 247 * will be a "first" mounter which will perform recovery. 248 */ 249 goto skip_recovery; 250 } 251 252 /* 253 * At this point our journal is evicted, so we need to get a new inode 254 * for it. Once done, we need to call gfs2_find_jhead which 255 * calls gfs2_map_journal_extents to map it for us again. 256 * 257 * Note that we don't really want it to look up a FREE block. The 258 * GFS2_BLKST_FREE simply overrides a block check in gfs2_inode_lookup 259 * which would otherwise fail because it requires grabbing an rgrp 260 * glock, which would fail with -EIO because we're withdrawing. 261 */ 262 inode = gfs2_inode_lookup(sdp->sd_vfs, DT_UNKNOWN, 263 sdp->sd_jdesc->jd_no_addr, no_formal_ino, 264 GFS2_BLKST_FREE); 265 if (IS_ERR(inode)) { 266 fs_warn(sdp, "Reprocessing of jid %d failed with %ld.\n", 267 sdp->sd_lockstruct.ls_jid, PTR_ERR(inode)); 268 goto skip_recovery; 269 } 270 sdp->sd_jdesc->jd_inode = inode; 271 d_mark_dontcache(inode); 272 273 /* 274 * Now wait until recovery is complete. 275 */ 276 for (tries = 0; tries < 10; tries++) { 277 ret = check_journal_clean(sdp, sdp->sd_jdesc, false); 278 if (!ret) 279 break; 280 msleep(HZ); 281 fs_warn(sdp, "Waiting for journal recovery jid %d.\n", 282 sdp->sd_lockstruct.ls_jid); 283 } 284 skip_recovery: 285 if (!ret) 286 fs_warn(sdp, "Journal recovery complete for jid %d.\n", 287 sdp->sd_lockstruct.ls_jid); 288 else 289 fs_warn(sdp, "Journal recovery skipped for jid %d until next " 290 "mount.\n", sdp->sd_lockstruct.ls_jid); 291 fs_warn(sdp, "Glock dequeues delayed: %lu\n", sdp->sd_glock_dqs_held); 292 sdp->sd_glock_dqs_held = 0; 293 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_RECOVERY); 294 } 295 296 void gfs2_lm(struct gfs2_sbd *sdp, const char *fmt, ...) 297 { 298 struct va_format vaf; 299 va_list args; 300 301 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW && 302 test_bit(SDF_WITHDRAWN, &sdp->sd_flags)) 303 return; 304 305 va_start(args, fmt); 306 vaf.fmt = fmt; 307 vaf.va = &args; 308 fs_err(sdp, "%pV", &vaf); 309 va_end(args); 310 } 311 312 int gfs2_withdraw(struct gfs2_sbd *sdp) 313 { 314 struct lm_lockstruct *ls = &sdp->sd_lockstruct; 315 const struct lm_lockops *lm = ls->ls_ops; 316 317 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW) { 318 unsigned long old = READ_ONCE(sdp->sd_flags), new; 319 320 do { 321 if (old & BIT(SDF_WITHDRAWN)) { 322 wait_on_bit(&sdp->sd_flags, 323 SDF_WITHDRAW_IN_PROG, 324 TASK_UNINTERRUPTIBLE); 325 return -1; 326 } 327 new = old | BIT(SDF_WITHDRAWN) | BIT(SDF_WITHDRAW_IN_PROG); 328 } while (unlikely(!try_cmpxchg(&sdp->sd_flags, &old, new))); 329 330 fs_err(sdp, "about to withdraw this file system\n"); 331 BUG_ON(sdp->sd_args.ar_debug); 332 333 signal_our_withdraw(sdp); 334 335 kobject_uevent(&sdp->sd_kobj, KOBJ_OFFLINE); 336 337 if (!strcmp(sdp->sd_lockstruct.ls_ops->lm_proto_name, "lock_dlm")) 338 wait_for_completion(&sdp->sd_wdack); 339 340 if (lm->lm_unmount) { 341 fs_err(sdp, "telling LM to unmount\n"); 342 lm->lm_unmount(sdp); 343 } 344 fs_err(sdp, "File system withdrawn\n"); 345 dump_stack(); 346 clear_bit(SDF_WITHDRAW_IN_PROG, &sdp->sd_flags); 347 smp_mb__after_atomic(); 348 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_IN_PROG); 349 } 350 351 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 352 panic("GFS2: fsid=%s: panic requested\n", sdp->sd_fsname); 353 354 return -1; 355 } 356 357 /* 358 * gfs2_assert_withdraw_i - Cause the machine to withdraw if @assertion is false 359 */ 360 361 void gfs2_assert_withdraw_i(struct gfs2_sbd *sdp, char *assertion, 362 const char *function, char *file, unsigned int line, 363 bool delayed) 364 { 365 if (gfs2_withdrawing_or_withdrawn(sdp)) 366 return; 367 368 fs_err(sdp, 369 "fatal: assertion \"%s\" failed - " 370 "function = %s, file = %s, line = %u\n", 371 assertion, function, file, line); 372 373 /* 374 * If errors=panic was specified on mount, it won't help to delay the 375 * withdraw. 376 */ 377 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 378 delayed = false; 379 380 if (delayed) 381 gfs2_withdraw_delayed(sdp); 382 else 383 gfs2_withdraw(sdp); 384 dump_stack(); 385 } 386 387 /* 388 * gfs2_assert_warn_i - Print a message to the console if @assertion is false 389 */ 390 391 void gfs2_assert_warn_i(struct gfs2_sbd *sdp, char *assertion, 392 const char *function, char *file, unsigned int line) 393 { 394 if (time_before(jiffies, 395 sdp->sd_last_warning + 396 gfs2_tune_get(sdp, gt_complain_secs) * HZ)) 397 return; 398 399 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW) 400 fs_warn(sdp, "warning: assertion \"%s\" failed - " 401 "function = %s, file = %s, line = %u\n", 402 assertion, function, file, line); 403 404 if (sdp->sd_args.ar_debug) 405 BUG(); 406 else 407 dump_stack(); 408 409 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC) 410 panic("GFS2: fsid=%s: warning: assertion \"%s\" failed - " 411 "function = %s, file = %s, line = %u\n", 412 sdp->sd_fsname, assertion, 413 function, file, line); 414 415 sdp->sd_last_warning = jiffies; 416 } 417 418 /* 419 * gfs2_consist_i - Flag a filesystem consistency error and withdraw 420 */ 421 422 void gfs2_consist_i(struct gfs2_sbd *sdp, const char *function, 423 char *file, unsigned int line) 424 { 425 gfs2_lm(sdp, 426 "fatal: filesystem consistency error - " 427 "function = %s, file = %s, line = %u\n", 428 function, file, line); 429 gfs2_withdraw(sdp); 430 } 431 432 /* 433 * gfs2_consist_inode_i - Flag an inode consistency error and withdraw 434 */ 435 436 void gfs2_consist_inode_i(struct gfs2_inode *ip, 437 const char *function, char *file, unsigned int line) 438 { 439 struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode); 440 441 gfs2_lm(sdp, 442 "fatal: filesystem consistency error - " 443 "inode = %llu %llu, " 444 "function = %s, file = %s, line = %u\n", 445 (unsigned long long)ip->i_no_formal_ino, 446 (unsigned long long)ip->i_no_addr, 447 function, file, line); 448 gfs2_dump_glock(NULL, ip->i_gl, 1); 449 gfs2_withdraw(sdp); 450 } 451 452 /* 453 * gfs2_consist_rgrpd_i - Flag a RG consistency error and withdraw 454 */ 455 456 void gfs2_consist_rgrpd_i(struct gfs2_rgrpd *rgd, 457 const char *function, char *file, unsigned int line) 458 { 459 struct gfs2_sbd *sdp = rgd->rd_sbd; 460 char fs_id_buf[sizeof(sdp->sd_fsname) + 7]; 461 462 sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname); 463 gfs2_rgrp_dump(NULL, rgd, fs_id_buf); 464 gfs2_lm(sdp, 465 "fatal: filesystem consistency error - " 466 "RG = %llu, " 467 "function = %s, file = %s, line = %u\n", 468 (unsigned long long)rgd->rd_addr, 469 function, file, line); 470 gfs2_dump_glock(NULL, rgd->rd_gl, 1); 471 gfs2_withdraw(sdp); 472 } 473 474 /* 475 * gfs2_meta_check_ii - Flag a magic number consistency error and withdraw 476 * Returns: -1 if this call withdrew the machine, 477 * -2 if it was already withdrawn 478 */ 479 480 int gfs2_meta_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh, 481 const char *function, char *file, 482 unsigned int line) 483 { 484 int me; 485 486 gfs2_lm(sdp, 487 "fatal: invalid metadata block - " 488 "bh = %llu (bad magic number), " 489 "function = %s, file = %s, line = %u\n", 490 (unsigned long long)bh->b_blocknr, 491 function, file, line); 492 me = gfs2_withdraw(sdp); 493 return (me) ? -1 : -2; 494 } 495 496 /* 497 * gfs2_metatype_check_ii - Flag a metadata type consistency error and withdraw 498 * Returns: -1 if this call withdrew the machine, 499 * -2 if it was already withdrawn 500 */ 501 502 int gfs2_metatype_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh, 503 u16 type, u16 t, const char *function, 504 char *file, unsigned int line) 505 { 506 int me; 507 508 gfs2_lm(sdp, 509 "fatal: invalid metadata block - " 510 "bh = %llu (type: exp=%u, found=%u), " 511 "function = %s, file = %s, line = %u\n", 512 (unsigned long long)bh->b_blocknr, type, t, 513 function, file, line); 514 me = gfs2_withdraw(sdp); 515 return (me) ? -1 : -2; 516 } 517 518 /* 519 * gfs2_io_error_i - Flag an I/O error and withdraw 520 * Returns: -1 if this call withdrew the machine, 521 * 0 if it was already withdrawn 522 */ 523 524 int gfs2_io_error_i(struct gfs2_sbd *sdp, const char *function, char *file, 525 unsigned int line) 526 { 527 gfs2_lm(sdp, 528 "fatal: I/O error - " 529 "function = %s, file = %s, line = %u\n", 530 function, file, line); 531 return gfs2_withdraw(sdp); 532 } 533 534 /* 535 * gfs2_io_error_bh_i - Flag a buffer I/O error 536 * @withdraw: withdraw the filesystem 537 */ 538 539 void gfs2_io_error_bh_i(struct gfs2_sbd *sdp, struct buffer_head *bh, 540 const char *function, char *file, unsigned int line, 541 bool withdraw) 542 { 543 if (gfs2_withdrawing_or_withdrawn(sdp)) 544 return; 545 546 fs_err(sdp, "fatal: I/O error - " 547 "block = %llu, " 548 "function = %s, file = %s, line = %u\n", 549 (unsigned long long)bh->b_blocknr, function, file, line); 550 if (withdraw) 551 gfs2_withdraw(sdp); 552 } 553 554