1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * This file is part of UBIFS. 4 * 5 * Copyright (C) 2006-2008 Nokia Corporation. 6 * 7 * Author: Adrian Hunter 8 */ 9 10 #include "ubifs.h" 11 12 /* 13 * An orphan is an inode number whose inode node has been committed to the index 14 * with a link count of zero. That happens when an open file is deleted 15 * (unlinked) and then a commit is run. In the normal course of events the inode 16 * would be deleted when the file is closed. However in the case of an unclean 17 * unmount, orphans need to be accounted for. After an unclean unmount, the 18 * orphans' inodes must be deleted which means either scanning the entire index 19 * looking for them, or keeping a list on flash somewhere. This unit implements 20 * the latter approach. 21 * 22 * The orphan area is a fixed number of LEBs situated between the LPT area and 23 * the main area. The number of orphan area LEBs is specified when the file 24 * system is created. The minimum number is 1. The size of the orphan area 25 * should be so that it can hold the maximum number of orphans that are expected 26 * to ever exist at one time. 27 * 28 * The number of orphans that can fit in a LEB is: 29 * 30 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64) 31 * 32 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough. 33 * 34 * Orphans are accumulated in a rb-tree. When an inode's link count drops to 35 * zero, the inode number is added to the rb-tree. It is removed from the tree 36 * when the inode is deleted. Any new orphans that are in the orphan tree when 37 * the commit is run, are written to the orphan area in 1 or more orphan nodes. 38 * If the orphan area is full, it is consolidated to make space. There is 39 * always enough space because validation prevents the user from creating more 40 * than the maximum number of orphans allowed. 41 */ 42 43 static int dbg_check_orphans(struct ubifs_info *c); 44 45 static struct ubifs_orphan *orphan_add(struct ubifs_info *c, ino_t inum, 46 struct ubifs_orphan *parent_orphan) 47 { 48 struct ubifs_orphan *orphan, *o; 49 struct rb_node **p, *parent = NULL; 50 51 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS); 52 if (!orphan) 53 return ERR_PTR(-ENOMEM); 54 orphan->inum = inum; 55 orphan->new = 1; 56 INIT_LIST_HEAD(&orphan->child_list); 57 58 spin_lock(&c->orphan_lock); 59 if (c->tot_orphans >= c->max_orphans) { 60 spin_unlock(&c->orphan_lock); 61 kfree(orphan); 62 return ERR_PTR(-ENFILE); 63 } 64 p = &c->orph_tree.rb_node; 65 while (*p) { 66 parent = *p; 67 o = rb_entry(parent, struct ubifs_orphan, rb); 68 if (inum < o->inum) 69 p = &(*p)->rb_left; 70 else if (inum > o->inum) 71 p = &(*p)->rb_right; 72 else { 73 ubifs_err(c, "orphaned twice"); 74 spin_unlock(&c->orphan_lock); 75 kfree(orphan); 76 return ERR_PTR(-EINVAL); 77 } 78 } 79 c->tot_orphans += 1; 80 c->new_orphans += 1; 81 rb_link_node(&orphan->rb, parent, p); 82 rb_insert_color(&orphan->rb, &c->orph_tree); 83 list_add_tail(&orphan->list, &c->orph_list); 84 list_add_tail(&orphan->new_list, &c->orph_new); 85 86 if (parent_orphan) { 87 list_add_tail(&orphan->child_list, 88 &parent_orphan->child_list); 89 } 90 91 spin_unlock(&c->orphan_lock); 92 dbg_gen("ino %lu", (unsigned long)inum); 93 return orphan; 94 } 95 96 static struct ubifs_orphan *lookup_orphan(struct ubifs_info *c, ino_t inum) 97 { 98 struct ubifs_orphan *o; 99 struct rb_node *p; 100 101 p = c->orph_tree.rb_node; 102 while (p) { 103 o = rb_entry(p, struct ubifs_orphan, rb); 104 if (inum < o->inum) 105 p = p->rb_left; 106 else if (inum > o->inum) 107 p = p->rb_right; 108 else { 109 return o; 110 } 111 } 112 return NULL; 113 } 114 115 static void __orphan_drop(struct ubifs_info *c, struct ubifs_orphan *o) 116 { 117 rb_erase(&o->rb, &c->orph_tree); 118 list_del(&o->list); 119 c->tot_orphans -= 1; 120 121 if (o->new) { 122 list_del(&o->new_list); 123 c->new_orphans -= 1; 124 } 125 126 kfree(o); 127 } 128 129 static void orphan_delete(struct ubifs_info *c, struct ubifs_orphan *orph) 130 { 131 if (orph->del) { 132 dbg_gen("deleted twice ino %lu", (unsigned long)orph->inum); 133 return; 134 } 135 136 if (orph->cmt) { 137 orph->del = 1; 138 orph->dnext = c->orph_dnext; 139 c->orph_dnext = orph; 140 dbg_gen("delete later ino %lu", (unsigned long)orph->inum); 141 return; 142 } 143 144 __orphan_drop(c, orph); 145 } 146 147 /** 148 * ubifs_add_orphan - add an orphan. 149 * @c: UBIFS file-system description object 150 * @inum: orphan inode number 151 * 152 * Add an orphan. This function is called when an inodes link count drops to 153 * zero. 154 */ 155 int ubifs_add_orphan(struct ubifs_info *c, ino_t inum) 156 { 157 int err = 0; 158 ino_t xattr_inum; 159 union ubifs_key key; 160 struct ubifs_dent_node *xent, *pxent = NULL; 161 struct fscrypt_name nm = {0}; 162 struct ubifs_orphan *xattr_orphan; 163 struct ubifs_orphan *orphan; 164 165 orphan = orphan_add(c, inum, NULL); 166 if (IS_ERR(orphan)) 167 return PTR_ERR(orphan); 168 169 lowest_xent_key(c, &key, inum); 170 while (1) { 171 xent = ubifs_tnc_next_ent(c, &key, &nm); 172 if (IS_ERR(xent)) { 173 err = PTR_ERR(xent); 174 if (err == -ENOENT) 175 break; 176 return err; 177 } 178 179 fname_name(&nm) = xent->name; 180 fname_len(&nm) = le16_to_cpu(xent->nlen); 181 xattr_inum = le64_to_cpu(xent->inum); 182 183 xattr_orphan = orphan_add(c, xattr_inum, orphan); 184 if (IS_ERR(xattr_orphan)) { 185 kfree(xent); 186 return PTR_ERR(xattr_orphan); 187 } 188 189 kfree(pxent); 190 pxent = xent; 191 key_read(c, &xent->key, &key); 192 } 193 kfree(pxent); 194 195 return 0; 196 } 197 198 /** 199 * ubifs_delete_orphan - delete an orphan. 200 * @c: UBIFS file-system description object 201 * @inum: orphan inode number 202 * 203 * Delete an orphan. This function is called when an inode is deleted. 204 */ 205 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum) 206 { 207 struct ubifs_orphan *orph, *child_orph, *tmp_o; 208 209 spin_lock(&c->orphan_lock); 210 211 orph = lookup_orphan(c, inum); 212 if (!orph) { 213 spin_unlock(&c->orphan_lock); 214 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum); 215 dump_stack(); 216 217 return; 218 } 219 220 list_for_each_entry_safe(child_orph, tmp_o, &orph->child_list, child_list) { 221 list_del(&child_orph->child_list); 222 orphan_delete(c, child_orph); 223 } 224 225 orphan_delete(c, orph); 226 227 spin_unlock(&c->orphan_lock); 228 } 229 230 /** 231 * ubifs_orphan_start_commit - start commit of orphans. 232 * @c: UBIFS file-system description object 233 * 234 * Start commit of orphans. 235 */ 236 int ubifs_orphan_start_commit(struct ubifs_info *c) 237 { 238 struct ubifs_orphan *orphan, **last; 239 240 spin_lock(&c->orphan_lock); 241 last = &c->orph_cnext; 242 list_for_each_entry(orphan, &c->orph_new, new_list) { 243 ubifs_assert(c, orphan->new); 244 ubifs_assert(c, !orphan->cmt); 245 orphan->new = 0; 246 orphan->cmt = 1; 247 *last = orphan; 248 last = &orphan->cnext; 249 } 250 *last = NULL; 251 c->cmt_orphans = c->new_orphans; 252 c->new_orphans = 0; 253 dbg_cmt("%d orphans to commit", c->cmt_orphans); 254 INIT_LIST_HEAD(&c->orph_new); 255 if (c->tot_orphans == 0) 256 c->no_orphs = 1; 257 else 258 c->no_orphs = 0; 259 spin_unlock(&c->orphan_lock); 260 return 0; 261 } 262 263 /** 264 * avail_orphs - calculate available space. 265 * @c: UBIFS file-system description object 266 * 267 * This function returns the number of orphans that can be written in the 268 * available space. 269 */ 270 static int avail_orphs(struct ubifs_info *c) 271 { 272 int avail_lebs, avail, gap; 273 274 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1; 275 avail = avail_lebs * 276 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 277 gap = c->leb_size - c->ohead_offs; 278 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64)) 279 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 280 return avail; 281 } 282 283 /** 284 * tot_avail_orphs - calculate total space. 285 * @c: UBIFS file-system description object 286 * 287 * This function returns the number of orphans that can be written in half 288 * the total space. That leaves half the space for adding new orphans. 289 */ 290 static int tot_avail_orphs(struct ubifs_info *c) 291 { 292 int avail_lebs, avail; 293 294 avail_lebs = c->orph_lebs; 295 avail = avail_lebs * 296 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 297 return avail / 2; 298 } 299 300 /** 301 * do_write_orph_node - write a node to the orphan head. 302 * @c: UBIFS file-system description object 303 * @len: length of node 304 * @atomic: write atomically 305 * 306 * This function writes a node to the orphan head from the orphan buffer. If 307 * %atomic is not zero, then the write is done atomically. On success, %0 is 308 * returned, otherwise a negative error code is returned. 309 */ 310 static int do_write_orph_node(struct ubifs_info *c, int len, int atomic) 311 { 312 int err = 0; 313 314 if (atomic) { 315 ubifs_assert(c, c->ohead_offs == 0); 316 ubifs_prepare_node(c, c->orph_buf, len, 1); 317 len = ALIGN(len, c->min_io_size); 318 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len); 319 } else { 320 if (c->ohead_offs == 0) { 321 /* Ensure LEB has been unmapped */ 322 err = ubifs_leb_unmap(c, c->ohead_lnum); 323 if (err) 324 return err; 325 } 326 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum, 327 c->ohead_offs); 328 } 329 return err; 330 } 331 332 /** 333 * write_orph_node - write an orphan node. 334 * @c: UBIFS file-system description object 335 * @atomic: write atomically 336 * 337 * This function builds an orphan node from the cnext list and writes it to the 338 * orphan head. On success, %0 is returned, otherwise a negative error code 339 * is returned. 340 */ 341 static int write_orph_node(struct ubifs_info *c, int atomic) 342 { 343 struct ubifs_orphan *orphan, *cnext; 344 struct ubifs_orph_node *orph; 345 int gap, err, len, cnt, i; 346 347 ubifs_assert(c, c->cmt_orphans > 0); 348 gap = c->leb_size - c->ohead_offs; 349 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) { 350 c->ohead_lnum += 1; 351 c->ohead_offs = 0; 352 gap = c->leb_size; 353 if (c->ohead_lnum > c->orph_last) { 354 /* 355 * We limit the number of orphans so that this should 356 * never happen. 357 */ 358 ubifs_err(c, "out of space in orphan area"); 359 return -EINVAL; 360 } 361 } 362 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 363 if (cnt > c->cmt_orphans) 364 cnt = c->cmt_orphans; 365 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64); 366 ubifs_assert(c, c->orph_buf); 367 orph = c->orph_buf; 368 orph->ch.node_type = UBIFS_ORPH_NODE; 369 spin_lock(&c->orphan_lock); 370 cnext = c->orph_cnext; 371 for (i = 0; i < cnt; i++) { 372 orphan = cnext; 373 ubifs_assert(c, orphan->cmt); 374 orph->inos[i] = cpu_to_le64(orphan->inum); 375 orphan->cmt = 0; 376 cnext = orphan->cnext; 377 orphan->cnext = NULL; 378 } 379 c->orph_cnext = cnext; 380 c->cmt_orphans -= cnt; 381 spin_unlock(&c->orphan_lock); 382 if (c->cmt_orphans) 383 orph->cmt_no = cpu_to_le64(c->cmt_no); 384 else 385 /* Mark the last node of the commit */ 386 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63)); 387 ubifs_assert(c, c->ohead_offs + len <= c->leb_size); 388 ubifs_assert(c, c->ohead_lnum >= c->orph_first); 389 ubifs_assert(c, c->ohead_lnum <= c->orph_last); 390 err = do_write_orph_node(c, len, atomic); 391 c->ohead_offs += ALIGN(len, c->min_io_size); 392 c->ohead_offs = ALIGN(c->ohead_offs, 8); 393 return err; 394 } 395 396 /** 397 * write_orph_nodes - write orphan nodes until there are no more to commit. 398 * @c: UBIFS file-system description object 399 * @atomic: write atomically 400 * 401 * This function writes orphan nodes for all the orphans to commit. On success, 402 * %0 is returned, otherwise a negative error code is returned. 403 */ 404 static int write_orph_nodes(struct ubifs_info *c, int atomic) 405 { 406 int err; 407 408 while (c->cmt_orphans > 0) { 409 err = write_orph_node(c, atomic); 410 if (err) 411 return err; 412 } 413 if (atomic) { 414 int lnum; 415 416 /* Unmap any unused LEBs after consolidation */ 417 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) { 418 err = ubifs_leb_unmap(c, lnum); 419 if (err) 420 return err; 421 } 422 } 423 return 0; 424 } 425 426 /** 427 * consolidate - consolidate the orphan area. 428 * @c: UBIFS file-system description object 429 * 430 * This function enables consolidation by putting all the orphans into the list 431 * to commit. The list is in the order that the orphans were added, and the 432 * LEBs are written atomically in order, so at no time can orphans be lost by 433 * an unclean unmount. 434 * 435 * This function returns %0 on success and a negative error code on failure. 436 */ 437 static int consolidate(struct ubifs_info *c) 438 { 439 int tot_avail = tot_avail_orphs(c), err = 0; 440 441 spin_lock(&c->orphan_lock); 442 dbg_cmt("there is space for %d orphans and there are %d", 443 tot_avail, c->tot_orphans); 444 if (c->tot_orphans - c->new_orphans <= tot_avail) { 445 struct ubifs_orphan *orphan, **last; 446 int cnt = 0; 447 448 /* Change the cnext list to include all non-new orphans */ 449 last = &c->orph_cnext; 450 list_for_each_entry(orphan, &c->orph_list, list) { 451 if (orphan->new) 452 continue; 453 orphan->cmt = 1; 454 *last = orphan; 455 last = &orphan->cnext; 456 cnt += 1; 457 } 458 *last = NULL; 459 ubifs_assert(c, cnt == c->tot_orphans - c->new_orphans); 460 c->cmt_orphans = cnt; 461 c->ohead_lnum = c->orph_first; 462 c->ohead_offs = 0; 463 } else { 464 /* 465 * We limit the number of orphans so that this should 466 * never happen. 467 */ 468 ubifs_err(c, "out of space in orphan area"); 469 err = -EINVAL; 470 } 471 spin_unlock(&c->orphan_lock); 472 return err; 473 } 474 475 /** 476 * commit_orphans - commit orphans. 477 * @c: UBIFS file-system description object 478 * 479 * This function commits orphans to flash. On success, %0 is returned, 480 * otherwise a negative error code is returned. 481 */ 482 static int commit_orphans(struct ubifs_info *c) 483 { 484 int avail, atomic = 0, err; 485 486 ubifs_assert(c, c->cmt_orphans > 0); 487 avail = avail_orphs(c); 488 if (avail < c->cmt_orphans) { 489 /* Not enough space to write new orphans, so consolidate */ 490 err = consolidate(c); 491 if (err) 492 return err; 493 atomic = 1; 494 } 495 err = write_orph_nodes(c, atomic); 496 return err; 497 } 498 499 /** 500 * erase_deleted - erase the orphans marked for deletion. 501 * @c: UBIFS file-system description object 502 * 503 * During commit, the orphans being committed cannot be deleted, so they are 504 * marked for deletion and deleted by this function. Also, the recovery 505 * adds killed orphans to the deletion list, and therefore they are deleted 506 * here too. 507 */ 508 static void erase_deleted(struct ubifs_info *c) 509 { 510 struct ubifs_orphan *orphan, *dnext; 511 512 spin_lock(&c->orphan_lock); 513 dnext = c->orph_dnext; 514 while (dnext) { 515 orphan = dnext; 516 dnext = orphan->dnext; 517 ubifs_assert(c, !orphan->new); 518 ubifs_assert(c, orphan->del); 519 rb_erase(&orphan->rb, &c->orph_tree); 520 list_del(&orphan->list); 521 c->tot_orphans -= 1; 522 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum); 523 kfree(orphan); 524 } 525 c->orph_dnext = NULL; 526 spin_unlock(&c->orphan_lock); 527 } 528 529 /** 530 * ubifs_orphan_end_commit - end commit of orphans. 531 * @c: UBIFS file-system description object 532 * 533 * End commit of orphans. 534 */ 535 int ubifs_orphan_end_commit(struct ubifs_info *c) 536 { 537 int err; 538 539 if (c->cmt_orphans != 0) { 540 err = commit_orphans(c); 541 if (err) 542 return err; 543 } 544 erase_deleted(c); 545 err = dbg_check_orphans(c); 546 return err; 547 } 548 549 /** 550 * ubifs_clear_orphans - erase all LEBs used for orphans. 551 * @c: UBIFS file-system description object 552 * 553 * If recovery is not required, then the orphans from the previous session 554 * are not needed. This function locates the LEBs used to record 555 * orphans, and un-maps them. 556 */ 557 int ubifs_clear_orphans(struct ubifs_info *c) 558 { 559 int lnum, err; 560 561 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 562 err = ubifs_leb_unmap(c, lnum); 563 if (err) 564 return err; 565 } 566 c->ohead_lnum = c->orph_first; 567 c->ohead_offs = 0; 568 return 0; 569 } 570 571 /** 572 * insert_dead_orphan - insert an orphan. 573 * @c: UBIFS file-system description object 574 * @inum: orphan inode number 575 * 576 * This function is a helper to the 'do_kill_orphans()' function. The orphan 577 * must be kept until the next commit, so it is added to the rb-tree and the 578 * deletion list. 579 */ 580 static int insert_dead_orphan(struct ubifs_info *c, ino_t inum) 581 { 582 struct ubifs_orphan *orphan, *o; 583 struct rb_node **p, *parent = NULL; 584 585 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_KERNEL); 586 if (!orphan) 587 return -ENOMEM; 588 orphan->inum = inum; 589 590 p = &c->orph_tree.rb_node; 591 while (*p) { 592 parent = *p; 593 o = rb_entry(parent, struct ubifs_orphan, rb); 594 if (inum < o->inum) 595 p = &(*p)->rb_left; 596 else if (inum > o->inum) 597 p = &(*p)->rb_right; 598 else { 599 /* Already added - no problem */ 600 kfree(orphan); 601 return 0; 602 } 603 } 604 c->tot_orphans += 1; 605 rb_link_node(&orphan->rb, parent, p); 606 rb_insert_color(&orphan->rb, &c->orph_tree); 607 list_add_tail(&orphan->list, &c->orph_list); 608 orphan->del = 1; 609 orphan->dnext = c->orph_dnext; 610 c->orph_dnext = orphan; 611 dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum, 612 c->new_orphans, c->tot_orphans); 613 return 0; 614 } 615 616 /** 617 * do_kill_orphans - remove orphan inodes from the index. 618 * @c: UBIFS file-system description object 619 * @sleb: scanned LEB 620 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here 621 * @outofdate: whether the LEB is out of date is returned here 622 * @last_flagged: whether the end orphan node is encountered 623 * 624 * This function is a helper to the 'kill_orphans()' function. It goes through 625 * every orphan node in a LEB and for every inode number recorded, removes 626 * all keys for that inode from the TNC. 627 */ 628 static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb, 629 unsigned long long *last_cmt_no, int *outofdate, 630 int *last_flagged) 631 { 632 struct ubifs_scan_node *snod; 633 struct ubifs_orph_node *orph; 634 struct ubifs_ino_node *ino = NULL; 635 unsigned long long cmt_no; 636 ino_t inum; 637 int i, n, err, first = 1; 638 639 ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 640 if (!ino) 641 return -ENOMEM; 642 643 list_for_each_entry(snod, &sleb->nodes, list) { 644 if (snod->type != UBIFS_ORPH_NODE) { 645 ubifs_err(c, "invalid node type %d in orphan area at %d:%d", 646 snod->type, sleb->lnum, snod->offs); 647 ubifs_dump_node(c, snod->node); 648 err = -EINVAL; 649 goto out_free; 650 } 651 652 orph = snod->node; 653 654 /* Check commit number */ 655 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX; 656 /* 657 * The commit number on the master node may be less, because 658 * of a failed commit. If there are several failed commits in a 659 * row, the commit number written on orphan nodes will continue 660 * to increase (because the commit number is adjusted here) even 661 * though the commit number on the master node stays the same 662 * because the master node has not been re-written. 663 */ 664 if (cmt_no > c->cmt_no) 665 c->cmt_no = cmt_no; 666 if (cmt_no < *last_cmt_no && *last_flagged) { 667 /* 668 * The last orphan node had a higher commit number and 669 * was flagged as the last written for that commit 670 * number. That makes this orphan node, out of date. 671 */ 672 if (!first) { 673 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d", 674 cmt_no, sleb->lnum, snod->offs); 675 ubifs_dump_node(c, snod->node); 676 err = -EINVAL; 677 goto out_free; 678 } 679 dbg_rcvry("out of date LEB %d", sleb->lnum); 680 *outofdate = 1; 681 err = 0; 682 goto out_free; 683 } 684 685 if (first) 686 first = 0; 687 688 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 689 for (i = 0; i < n; i++) { 690 union ubifs_key key1, key2; 691 692 inum = le64_to_cpu(orph->inos[i]); 693 694 ino_key_init(c, &key1, inum); 695 err = ubifs_tnc_lookup(c, &key1, ino); 696 if (err && err != -ENOENT) 697 goto out_free; 698 699 /* 700 * Check whether an inode can really get deleted. 701 * linkat() with O_TMPFILE allows rebirth of an inode. 702 */ 703 if (err == 0 && ino->nlink == 0) { 704 dbg_rcvry("deleting orphaned inode %lu", 705 (unsigned long)inum); 706 707 lowest_ino_key(c, &key1, inum); 708 highest_ino_key(c, &key2, inum); 709 710 err = ubifs_tnc_remove_range(c, &key1, &key2); 711 if (err) 712 goto out_ro; 713 } 714 715 err = insert_dead_orphan(c, inum); 716 if (err) 717 goto out_free; 718 } 719 720 *last_cmt_no = cmt_no; 721 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) { 722 dbg_rcvry("last orph node for commit %llu at %d:%d", 723 cmt_no, sleb->lnum, snod->offs); 724 *last_flagged = 1; 725 } else 726 *last_flagged = 0; 727 } 728 729 err = 0; 730 out_free: 731 kfree(ino); 732 return err; 733 734 out_ro: 735 ubifs_ro_mode(c, err); 736 kfree(ino); 737 return err; 738 } 739 740 /** 741 * kill_orphans - remove all orphan inodes from the index. 742 * @c: UBIFS file-system description object 743 * 744 * If recovery is required, then orphan inodes recorded during the previous 745 * session (which ended with an unclean unmount) must be deleted from the index. 746 * This is done by updating the TNC, but since the index is not updated until 747 * the next commit, the LEBs where the orphan information is recorded are not 748 * erased until the next commit. 749 */ 750 static int kill_orphans(struct ubifs_info *c) 751 { 752 unsigned long long last_cmt_no = 0; 753 int lnum, err = 0, outofdate = 0, last_flagged = 0; 754 755 c->ohead_lnum = c->orph_first; 756 c->ohead_offs = 0; 757 /* Check no-orphans flag and skip this if no orphans */ 758 if (c->no_orphs) { 759 dbg_rcvry("no orphans"); 760 return 0; 761 } 762 /* 763 * Orph nodes always start at c->orph_first and are written to each 764 * successive LEB in turn. Generally unused LEBs will have been unmapped 765 * but may contain out of date orphan nodes if the unmap didn't go 766 * through. In addition, the last orphan node written for each commit is 767 * marked (top bit of orph->cmt_no is set to 1). It is possible that 768 * there are orphan nodes from the next commit (i.e. the commit did not 769 * complete successfully). In that case, no orphans will have been lost 770 * due to the way that orphans are written, and any orphans added will 771 * be valid orphans anyway and so can be deleted. 772 */ 773 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 774 struct ubifs_scan_leb *sleb; 775 776 dbg_rcvry("LEB %d", lnum); 777 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1); 778 if (IS_ERR(sleb)) { 779 if (PTR_ERR(sleb) == -EUCLEAN) 780 sleb = ubifs_recover_leb(c, lnum, 0, 781 c->sbuf, -1); 782 if (IS_ERR(sleb)) { 783 err = PTR_ERR(sleb); 784 break; 785 } 786 } 787 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate, 788 &last_flagged); 789 if (err || outofdate) { 790 ubifs_scan_destroy(sleb); 791 break; 792 } 793 if (sleb->endpt) { 794 c->ohead_lnum = lnum; 795 c->ohead_offs = sleb->endpt; 796 } 797 ubifs_scan_destroy(sleb); 798 } 799 return err; 800 } 801 802 /** 803 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them. 804 * @c: UBIFS file-system description object 805 * @unclean: indicates recovery from unclean unmount 806 * @read_only: indicates read only mount 807 * 808 * This function is called when mounting to erase orphans from the previous 809 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as 810 * orphans are deleted. 811 */ 812 int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only) 813 { 814 int err = 0; 815 816 c->max_orphans = tot_avail_orphs(c); 817 818 if (!read_only) { 819 c->orph_buf = vmalloc(c->leb_size); 820 if (!c->orph_buf) 821 return -ENOMEM; 822 } 823 824 if (unclean) 825 err = kill_orphans(c); 826 else if (!read_only) 827 err = ubifs_clear_orphans(c); 828 829 return err; 830 } 831 832 /* 833 * Everything below is related to debugging. 834 */ 835 836 struct check_orphan { 837 struct rb_node rb; 838 ino_t inum; 839 }; 840 841 struct check_info { 842 unsigned long last_ino; 843 unsigned long tot_inos; 844 unsigned long missing; 845 unsigned long long leaf_cnt; 846 struct ubifs_ino_node *node; 847 struct rb_root root; 848 }; 849 850 static bool dbg_find_orphan(struct ubifs_info *c, ino_t inum) 851 { 852 bool found = false; 853 854 spin_lock(&c->orphan_lock); 855 found = !!lookup_orphan(c, inum); 856 spin_unlock(&c->orphan_lock); 857 858 return found; 859 } 860 861 static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum) 862 { 863 struct check_orphan *orphan, *o; 864 struct rb_node **p, *parent = NULL; 865 866 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS); 867 if (!orphan) 868 return -ENOMEM; 869 orphan->inum = inum; 870 871 p = &root->rb_node; 872 while (*p) { 873 parent = *p; 874 o = rb_entry(parent, struct check_orphan, rb); 875 if (inum < o->inum) 876 p = &(*p)->rb_left; 877 else if (inum > o->inum) 878 p = &(*p)->rb_right; 879 else { 880 kfree(orphan); 881 return 0; 882 } 883 } 884 rb_link_node(&orphan->rb, parent, p); 885 rb_insert_color(&orphan->rb, root); 886 return 0; 887 } 888 889 static int dbg_find_check_orphan(struct rb_root *root, ino_t inum) 890 { 891 struct check_orphan *o; 892 struct rb_node *p; 893 894 p = root->rb_node; 895 while (p) { 896 o = rb_entry(p, struct check_orphan, rb); 897 if (inum < o->inum) 898 p = p->rb_left; 899 else if (inum > o->inum) 900 p = p->rb_right; 901 else 902 return 1; 903 } 904 return 0; 905 } 906 907 static void dbg_free_check_tree(struct rb_root *root) 908 { 909 struct check_orphan *o, *n; 910 911 rbtree_postorder_for_each_entry_safe(o, n, root, rb) 912 kfree(o); 913 } 914 915 static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr, 916 void *priv) 917 { 918 struct check_info *ci = priv; 919 ino_t inum; 920 int err; 921 922 inum = key_inum(c, &zbr->key); 923 if (inum != ci->last_ino) { 924 /* Lowest node type is the inode node, so it comes first */ 925 if (key_type(c, &zbr->key) != UBIFS_INO_KEY) 926 ubifs_err(c, "found orphan node ino %lu, type %d", 927 (unsigned long)inum, key_type(c, &zbr->key)); 928 ci->last_ino = inum; 929 ci->tot_inos += 1; 930 err = ubifs_tnc_read_node(c, zbr, ci->node); 931 if (err) { 932 ubifs_err(c, "node read failed, error %d", err); 933 return err; 934 } 935 if (ci->node->nlink == 0) 936 /* Must be recorded as an orphan */ 937 if (!dbg_find_check_orphan(&ci->root, inum) && 938 !dbg_find_orphan(c, inum)) { 939 ubifs_err(c, "missing orphan, ino %lu", 940 (unsigned long)inum); 941 ci->missing += 1; 942 } 943 } 944 ci->leaf_cnt += 1; 945 return 0; 946 } 947 948 static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb) 949 { 950 struct ubifs_scan_node *snod; 951 struct ubifs_orph_node *orph; 952 ino_t inum; 953 int i, n, err; 954 955 list_for_each_entry(snod, &sleb->nodes, list) { 956 cond_resched(); 957 if (snod->type != UBIFS_ORPH_NODE) 958 continue; 959 orph = snod->node; 960 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 961 for (i = 0; i < n; i++) { 962 inum = le64_to_cpu(orph->inos[i]); 963 err = dbg_ins_check_orphan(&ci->root, inum); 964 if (err) 965 return err; 966 } 967 } 968 return 0; 969 } 970 971 static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci) 972 { 973 int lnum, err = 0; 974 void *buf; 975 976 /* Check no-orphans flag and skip this if no orphans */ 977 if (c->no_orphs) 978 return 0; 979 980 buf = __vmalloc(c->leb_size, GFP_NOFS); 981 if (!buf) { 982 ubifs_err(c, "cannot allocate memory to check orphans"); 983 return 0; 984 } 985 986 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 987 struct ubifs_scan_leb *sleb; 988 989 sleb = ubifs_scan(c, lnum, 0, buf, 0); 990 if (IS_ERR(sleb)) { 991 err = PTR_ERR(sleb); 992 break; 993 } 994 995 err = dbg_read_orphans(ci, sleb); 996 ubifs_scan_destroy(sleb); 997 if (err) 998 break; 999 } 1000 1001 vfree(buf); 1002 return err; 1003 } 1004 1005 static int dbg_check_orphans(struct ubifs_info *c) 1006 { 1007 struct check_info ci; 1008 int err; 1009 1010 if (!dbg_is_chk_orph(c)) 1011 return 0; 1012 1013 ci.last_ino = 0; 1014 ci.tot_inos = 0; 1015 ci.missing = 0; 1016 ci.leaf_cnt = 0; 1017 ci.root = RB_ROOT; 1018 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 1019 if (!ci.node) { 1020 ubifs_err(c, "out of memory"); 1021 return -ENOMEM; 1022 } 1023 1024 err = dbg_scan_orphans(c, &ci); 1025 if (err) 1026 goto out; 1027 1028 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci); 1029 if (err) { 1030 ubifs_err(c, "cannot scan TNC, error %d", err); 1031 goto out; 1032 } 1033 1034 if (ci.missing) { 1035 ubifs_err(c, "%lu missing orphan(s)", ci.missing); 1036 err = -EINVAL; 1037 goto out; 1038 } 1039 1040 dbg_cmt("last inode number is %lu", ci.last_ino); 1041 dbg_cmt("total number of inodes is %lu", ci.tot_inos); 1042 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt); 1043 1044 out: 1045 dbg_free_check_tree(&ci.root); 1046 kfree(ci.node); 1047 return err; 1048 } 1049