1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * This file is part of UBIFS. 4 * 5 * Copyright (C) 2006-2008 Nokia Corporation. 6 * 7 * Author: Adrian Hunter 8 */ 9 10 #include "ubifs.h" 11 12 /* 13 * An orphan is an inode number whose inode node has been committed to the index 14 * with a link count of zero. That happens when an open file is deleted 15 * (unlinked) and then a commit is run. In the normal course of events the inode 16 * would be deleted when the file is closed. However in the case of an unclean 17 * unmount, orphans need to be accounted for. After an unclean unmount, the 18 * orphans' inodes must be deleted which means either scanning the entire index 19 * looking for them, or keeping a list on flash somewhere. This unit implements 20 * the latter approach. 21 * 22 * The orphan area is a fixed number of LEBs situated between the LPT area and 23 * the main area. The number of orphan area LEBs is specified when the file 24 * system is created. The minimum number is 1. The size of the orphan area 25 * should be so that it can hold the maximum number of orphans that are expected 26 * to ever exist at one time. 27 * 28 * The number of orphans that can fit in a LEB is: 29 * 30 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64) 31 * 32 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough. 33 * 34 * Orphans are accumulated in a rb-tree. When an inode's link count drops to 35 * zero, the inode number is added to the rb-tree. It is removed from the tree 36 * when the inode is deleted. Any new orphans that are in the orphan tree when 37 * the commit is run, are written to the orphan area in 1 or more orphan nodes. 38 * If the orphan area is full, it is consolidated to make space. There is 39 * always enough space because validation prevents the user from creating more 40 * than the maximum number of orphans allowed. 41 */ 42 43 static int dbg_check_orphans(struct ubifs_info *c); 44 45 /** 46 * ubifs_add_orphan - add an orphan. 47 * @c: UBIFS file-system description object 48 * @inum: orphan inode number 49 * 50 * Add an orphan. This function is called when an inodes link count drops to 51 * zero. 52 */ 53 int ubifs_add_orphan(struct ubifs_info *c, ino_t inum) 54 { 55 struct ubifs_orphan *orphan, *o; 56 struct rb_node **p, *parent = NULL; 57 58 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS); 59 if (!orphan) 60 return -ENOMEM; 61 orphan->inum = inum; 62 orphan->new = 1; 63 64 spin_lock(&c->orphan_lock); 65 if (c->tot_orphans >= c->max_orphans) { 66 spin_unlock(&c->orphan_lock); 67 kfree(orphan); 68 return -ENFILE; 69 } 70 p = &c->orph_tree.rb_node; 71 while (*p) { 72 parent = *p; 73 o = rb_entry(parent, struct ubifs_orphan, rb); 74 if (inum < o->inum) 75 p = &(*p)->rb_left; 76 else if (inum > o->inum) 77 p = &(*p)->rb_right; 78 else { 79 ubifs_err(c, "ino %lu orphaned twice", (unsigned long)inum); 80 spin_unlock(&c->orphan_lock); 81 kfree(orphan); 82 return -EINVAL; 83 } 84 } 85 c->tot_orphans += 1; 86 c->new_orphans += 1; 87 rb_link_node(&orphan->rb, parent, p); 88 rb_insert_color(&orphan->rb, &c->orph_tree); 89 list_add_tail(&orphan->list, &c->orph_list); 90 list_add_tail(&orphan->new_list, &c->orph_new); 91 92 spin_unlock(&c->orphan_lock); 93 dbg_gen("ino %lu", (unsigned long)inum); 94 return 0; 95 } 96 97 static struct ubifs_orphan *lookup_orphan(struct ubifs_info *c, ino_t inum) 98 { 99 struct ubifs_orphan *o; 100 struct rb_node *p; 101 102 p = c->orph_tree.rb_node; 103 while (p) { 104 o = rb_entry(p, struct ubifs_orphan, rb); 105 if (inum < o->inum) 106 p = p->rb_left; 107 else if (inum > o->inum) 108 p = p->rb_right; 109 else { 110 return o; 111 } 112 } 113 return NULL; 114 } 115 116 static void __orphan_drop(struct ubifs_info *c, struct ubifs_orphan *o) 117 { 118 rb_erase(&o->rb, &c->orph_tree); 119 list_del(&o->list); 120 c->tot_orphans -= 1; 121 122 if (o->new) { 123 list_del(&o->new_list); 124 c->new_orphans -= 1; 125 } 126 127 kfree(o); 128 } 129 130 static void orphan_delete(struct ubifs_info *c, struct ubifs_orphan *orph) 131 { 132 if (orph->del) { 133 dbg_gen("deleted twice ino %lu", (unsigned long)orph->inum); 134 return; 135 } 136 137 if (orph->cmt) { 138 orph->del = 1; 139 rb_erase(&orph->rb, &c->orph_tree); 140 orph->dnext = c->orph_dnext; 141 c->orph_dnext = orph; 142 dbg_gen("delete later ino %lu", (unsigned long)orph->inum); 143 return; 144 } 145 146 __orphan_drop(c, orph); 147 } 148 149 /** 150 * ubifs_delete_orphan - delete an orphan. 151 * @c: UBIFS file-system description object 152 * @inum: orphan inode number 153 * 154 * Delete an orphan. This function is called when an inode is deleted. 155 */ 156 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum) 157 { 158 struct ubifs_orphan *orph; 159 160 spin_lock(&c->orphan_lock); 161 162 orph = lookup_orphan(c, inum); 163 if (!orph) { 164 spin_unlock(&c->orphan_lock); 165 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum); 166 dump_stack(); 167 168 return; 169 } 170 171 orphan_delete(c, orph); 172 173 spin_unlock(&c->orphan_lock); 174 } 175 176 /** 177 * ubifs_orphan_start_commit - start commit of orphans. 178 * @c: UBIFS file-system description object 179 * 180 * Start commit of orphans. 181 */ 182 int ubifs_orphan_start_commit(struct ubifs_info *c) 183 { 184 struct ubifs_orphan *orphan, **last; 185 186 spin_lock(&c->orphan_lock); 187 last = &c->orph_cnext; 188 list_for_each_entry(orphan, &c->orph_new, new_list) { 189 ubifs_assert(c, orphan->new); 190 ubifs_assert(c, !orphan->cmt); 191 orphan->new = 0; 192 orphan->cmt = 1; 193 *last = orphan; 194 last = &orphan->cnext; 195 } 196 *last = NULL; 197 c->cmt_orphans = c->new_orphans; 198 c->new_orphans = 0; 199 dbg_cmt("%d orphans to commit", c->cmt_orphans); 200 INIT_LIST_HEAD(&c->orph_new); 201 if (c->tot_orphans == 0) 202 c->no_orphs = 1; 203 else 204 c->no_orphs = 0; 205 spin_unlock(&c->orphan_lock); 206 return 0; 207 } 208 209 /** 210 * avail_orphs - calculate available space. 211 * @c: UBIFS file-system description object 212 * 213 * This function returns the number of orphans that can be written in the 214 * available space. 215 */ 216 static int avail_orphs(struct ubifs_info *c) 217 { 218 int avail_lebs, avail, gap; 219 220 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1; 221 avail = avail_lebs * 222 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 223 gap = c->leb_size - c->ohead_offs; 224 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64)) 225 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 226 return avail; 227 } 228 229 /** 230 * tot_avail_orphs - calculate total space. 231 * @c: UBIFS file-system description object 232 * 233 * This function returns the number of orphans that can be written in half 234 * the total space. That leaves half the space for adding new orphans. 235 */ 236 static int tot_avail_orphs(struct ubifs_info *c) 237 { 238 int avail_lebs, avail; 239 240 avail_lebs = c->orph_lebs; 241 avail = avail_lebs * 242 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)); 243 return avail / 2; 244 } 245 246 /** 247 * do_write_orph_node - write a node to the orphan head. 248 * @c: UBIFS file-system description object 249 * @len: length of node 250 * @atomic: write atomically 251 * 252 * This function writes a node to the orphan head from the orphan buffer. If 253 * %atomic is not zero, then the write is done atomically. On success, %0 is 254 * returned, otherwise a negative error code is returned. 255 */ 256 static int do_write_orph_node(struct ubifs_info *c, int len, int atomic) 257 { 258 int err = 0; 259 260 if (atomic) { 261 ubifs_assert(c, c->ohead_offs == 0); 262 ubifs_prepare_node(c, c->orph_buf, len, 1); 263 len = ALIGN(len, c->min_io_size); 264 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len); 265 } else { 266 if (c->ohead_offs == 0) { 267 /* Ensure LEB has been unmapped */ 268 err = ubifs_leb_unmap(c, c->ohead_lnum); 269 if (err) 270 return err; 271 } 272 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum, 273 c->ohead_offs); 274 } 275 return err; 276 } 277 278 /** 279 * write_orph_node - write an orphan node. 280 * @c: UBIFS file-system description object 281 * @atomic: write atomically 282 * 283 * This function builds an orphan node from the cnext list and writes it to the 284 * orphan head. On success, %0 is returned, otherwise a negative error code 285 * is returned. 286 */ 287 static int write_orph_node(struct ubifs_info *c, int atomic) 288 { 289 struct ubifs_orphan *orphan, *cnext; 290 struct ubifs_orph_node *orph; 291 int gap, err, len, cnt, i; 292 293 ubifs_assert(c, c->cmt_orphans > 0); 294 gap = c->leb_size - c->ohead_offs; 295 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) { 296 c->ohead_lnum += 1; 297 c->ohead_offs = 0; 298 gap = c->leb_size; 299 if (c->ohead_lnum > c->orph_last) { 300 /* 301 * We limit the number of orphans so that this should 302 * never happen. 303 */ 304 ubifs_err(c, "out of space in orphan area"); 305 return -EINVAL; 306 } 307 } 308 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64); 309 if (cnt > c->cmt_orphans) 310 cnt = c->cmt_orphans; 311 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64); 312 ubifs_assert(c, c->orph_buf); 313 orph = c->orph_buf; 314 orph->ch.node_type = UBIFS_ORPH_NODE; 315 spin_lock(&c->orphan_lock); 316 cnext = c->orph_cnext; 317 for (i = 0; i < cnt; i++) { 318 orphan = cnext; 319 ubifs_assert(c, orphan->cmt); 320 orph->inos[i] = cpu_to_le64(orphan->inum); 321 orphan->cmt = 0; 322 cnext = orphan->cnext; 323 orphan->cnext = NULL; 324 } 325 c->orph_cnext = cnext; 326 c->cmt_orphans -= cnt; 327 spin_unlock(&c->orphan_lock); 328 if (c->cmt_orphans) 329 orph->cmt_no = cpu_to_le64(c->cmt_no); 330 else 331 /* Mark the last node of the commit */ 332 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63)); 333 ubifs_assert(c, c->ohead_offs + len <= c->leb_size); 334 ubifs_assert(c, c->ohead_lnum >= c->orph_first); 335 ubifs_assert(c, c->ohead_lnum <= c->orph_last); 336 err = do_write_orph_node(c, len, atomic); 337 c->ohead_offs += ALIGN(len, c->min_io_size); 338 c->ohead_offs = ALIGN(c->ohead_offs, 8); 339 return err; 340 } 341 342 /** 343 * write_orph_nodes - write orphan nodes until there are no more to commit. 344 * @c: UBIFS file-system description object 345 * @atomic: write atomically 346 * 347 * This function writes orphan nodes for all the orphans to commit. On success, 348 * %0 is returned, otherwise a negative error code is returned. 349 */ 350 static int write_orph_nodes(struct ubifs_info *c, int atomic) 351 { 352 int err; 353 354 while (c->cmt_orphans > 0) { 355 err = write_orph_node(c, atomic); 356 if (err) 357 return err; 358 } 359 if (atomic) { 360 int lnum; 361 362 /* Unmap any unused LEBs after consolidation */ 363 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) { 364 err = ubifs_leb_unmap(c, lnum); 365 if (err) 366 return err; 367 } 368 } 369 return 0; 370 } 371 372 /** 373 * consolidate - consolidate the orphan area. 374 * @c: UBIFS file-system description object 375 * 376 * This function enables consolidation by putting all the orphans into the list 377 * to commit. The list is in the order that the orphans were added, and the 378 * LEBs are written atomically in order, so at no time can orphans be lost by 379 * an unclean unmount. 380 * 381 * This function returns %0 on success and a negative error code on failure. 382 */ 383 static int consolidate(struct ubifs_info *c) 384 { 385 int tot_avail = tot_avail_orphs(c), err = 0; 386 387 spin_lock(&c->orphan_lock); 388 dbg_cmt("there is space for %d orphans and there are %d", 389 tot_avail, c->tot_orphans); 390 if (c->tot_orphans - c->new_orphans <= tot_avail) { 391 struct ubifs_orphan *orphan, **last; 392 int cnt = 0; 393 394 /* Change the cnext list to include all non-new orphans */ 395 last = &c->orph_cnext; 396 list_for_each_entry(orphan, &c->orph_list, list) { 397 if (orphan->new) 398 continue; 399 orphan->cmt = 1; 400 *last = orphan; 401 last = &orphan->cnext; 402 cnt += 1; 403 } 404 *last = NULL; 405 ubifs_assert(c, cnt == c->tot_orphans - c->new_orphans); 406 c->cmt_orphans = cnt; 407 c->ohead_lnum = c->orph_first; 408 c->ohead_offs = 0; 409 } else { 410 /* 411 * We limit the number of orphans so that this should 412 * never happen. 413 */ 414 ubifs_err(c, "out of space in orphan area"); 415 err = -EINVAL; 416 } 417 spin_unlock(&c->orphan_lock); 418 return err; 419 } 420 421 /** 422 * commit_orphans - commit orphans. 423 * @c: UBIFS file-system description object 424 * 425 * This function commits orphans to flash. On success, %0 is returned, 426 * otherwise a negative error code is returned. 427 */ 428 static int commit_orphans(struct ubifs_info *c) 429 { 430 int avail, atomic = 0, err; 431 432 ubifs_assert(c, c->cmt_orphans > 0); 433 avail = avail_orphs(c); 434 if (avail < c->cmt_orphans) { 435 /* Not enough space to write new orphans, so consolidate */ 436 err = consolidate(c); 437 if (err) 438 return err; 439 atomic = 1; 440 } 441 err = write_orph_nodes(c, atomic); 442 return err; 443 } 444 445 /** 446 * erase_deleted - erase the orphans marked for deletion. 447 * @c: UBIFS file-system description object 448 * 449 * During commit, the orphans being committed cannot be deleted, so they are 450 * marked for deletion and deleted by this function. Also, the recovery 451 * adds killed orphans to the deletion list, and therefore they are deleted 452 * here too. 453 */ 454 static void erase_deleted(struct ubifs_info *c) 455 { 456 struct ubifs_orphan *orphan, *dnext; 457 458 spin_lock(&c->orphan_lock); 459 dnext = c->orph_dnext; 460 while (dnext) { 461 orphan = dnext; 462 dnext = orphan->dnext; 463 ubifs_assert(c, !orphan->new); 464 ubifs_assert(c, orphan->del); 465 list_del(&orphan->list); 466 c->tot_orphans -= 1; 467 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum); 468 kfree(orphan); 469 } 470 c->orph_dnext = NULL; 471 spin_unlock(&c->orphan_lock); 472 } 473 474 /** 475 * ubifs_orphan_end_commit - end commit of orphans. 476 * @c: UBIFS file-system description object 477 * 478 * End commit of orphans. 479 */ 480 int ubifs_orphan_end_commit(struct ubifs_info *c) 481 { 482 int err; 483 484 if (c->cmt_orphans != 0) { 485 err = commit_orphans(c); 486 if (err) 487 return err; 488 } 489 erase_deleted(c); 490 err = dbg_check_orphans(c); 491 return err; 492 } 493 494 /** 495 * ubifs_clear_orphans - erase all LEBs used for orphans. 496 * @c: UBIFS file-system description object 497 * 498 * If recovery is not required, then the orphans from the previous session 499 * are not needed. This function locates the LEBs used to record 500 * orphans, and un-maps them. 501 */ 502 int ubifs_clear_orphans(struct ubifs_info *c) 503 { 504 int lnum, err; 505 506 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 507 err = ubifs_leb_unmap(c, lnum); 508 if (err) 509 return err; 510 } 511 c->ohead_lnum = c->orph_first; 512 c->ohead_offs = 0; 513 return 0; 514 } 515 516 /** 517 * do_kill_orphans - remove orphan inodes from the index. 518 * @c: UBIFS file-system description object 519 * @sleb: scanned LEB 520 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here 521 * @outofdate: whether the LEB is out of date is returned here 522 * @last_flagged: whether the end orphan node is encountered 523 * 524 * This function is a helper to the 'kill_orphans()' function. It goes through 525 * every orphan node in a LEB and for every inode number recorded, removes 526 * all keys for that inode from the TNC. 527 */ 528 static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb, 529 unsigned long long *last_cmt_no, int *outofdate, 530 int *last_flagged) 531 { 532 struct ubifs_scan_node *snod; 533 struct ubifs_orph_node *orph; 534 struct ubifs_ino_node *ino = NULL; 535 unsigned long long cmt_no; 536 ino_t inum; 537 int i, n, err, first = 1; 538 539 ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 540 if (!ino) 541 return -ENOMEM; 542 543 list_for_each_entry(snod, &sleb->nodes, list) { 544 if (snod->type != UBIFS_ORPH_NODE) { 545 ubifs_err(c, "invalid node type %d in orphan area at %d:%d", 546 snod->type, sleb->lnum, snod->offs); 547 ubifs_dump_node(c, snod->node, 548 c->leb_size - snod->offs); 549 err = -EINVAL; 550 goto out_free; 551 } 552 553 orph = snod->node; 554 555 /* Check commit number */ 556 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX; 557 /* 558 * The commit number on the master node may be less, because 559 * of a failed commit. If there are several failed commits in a 560 * row, the commit number written on orphan nodes will continue 561 * to increase (because the commit number is adjusted here) even 562 * though the commit number on the master node stays the same 563 * because the master node has not been re-written. 564 */ 565 if (cmt_no > c->cmt_no) 566 c->cmt_no = cmt_no; 567 if (cmt_no < *last_cmt_no && *last_flagged) { 568 /* 569 * The last orphan node had a higher commit number and 570 * was flagged as the last written for that commit 571 * number. That makes this orphan node, out of date. 572 */ 573 if (!first) { 574 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d", 575 cmt_no, sleb->lnum, snod->offs); 576 ubifs_dump_node(c, snod->node, 577 c->leb_size - snod->offs); 578 err = -EINVAL; 579 goto out_free; 580 } 581 dbg_rcvry("out of date LEB %d", sleb->lnum); 582 *outofdate = 1; 583 err = 0; 584 goto out_free; 585 } 586 587 if (first) 588 first = 0; 589 590 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 591 for (i = 0; i < n; i++) { 592 union ubifs_key key; 593 594 inum = le64_to_cpu(orph->inos[i]); 595 596 ino_key_init(c, &key, inum); 597 err = ubifs_tnc_lookup(c, &key, ino); 598 if (err && err != -ENOENT) 599 goto out_free; 600 601 /* 602 * Check whether an inode can really get deleted. 603 * linkat() with O_TMPFILE allows rebirth of an inode. 604 */ 605 if (err == 0 && ino->nlink == 0) { 606 dbg_rcvry("deleting orphaned inode %lu", 607 (unsigned long)inum); 608 609 err = ubifs_tnc_remove_ino(c, inum); 610 if (err) 611 goto out_ro; 612 } 613 } 614 615 *last_cmt_no = cmt_no; 616 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) { 617 dbg_rcvry("last orph node for commit %llu at %d:%d", 618 cmt_no, sleb->lnum, snod->offs); 619 *last_flagged = 1; 620 } else 621 *last_flagged = 0; 622 } 623 624 err = 0; 625 out_free: 626 kfree(ino); 627 return err; 628 629 out_ro: 630 ubifs_ro_mode(c, err); 631 kfree(ino); 632 return err; 633 } 634 635 /** 636 * kill_orphans - remove all orphan inodes from the index. 637 * @c: UBIFS file-system description object 638 * 639 * If recovery is required, then orphan inodes recorded during the previous 640 * session (which ended with an unclean unmount) must be deleted from the index. 641 * This is done by updating the TNC, but since the index is not updated until 642 * the next commit, the LEBs where the orphan information is recorded are not 643 * erased until the next commit. 644 */ 645 static int kill_orphans(struct ubifs_info *c) 646 { 647 unsigned long long last_cmt_no = 0; 648 int lnum, err = 0, outofdate = 0, last_flagged = 0; 649 650 c->ohead_lnum = c->orph_first; 651 c->ohead_offs = 0; 652 /* Check no-orphans flag and skip this if no orphans */ 653 if (c->no_orphs) { 654 dbg_rcvry("no orphans"); 655 return 0; 656 } 657 /* 658 * Orph nodes always start at c->orph_first and are written to each 659 * successive LEB in turn. Generally unused LEBs will have been unmapped 660 * but may contain out of date orphan nodes if the unmap didn't go 661 * through. In addition, the last orphan node written for each commit is 662 * marked (top bit of orph->cmt_no is set to 1). It is possible that 663 * there are orphan nodes from the next commit (i.e. the commit did not 664 * complete successfully). In that case, no orphans will have been lost 665 * due to the way that orphans are written, and any orphans added will 666 * be valid orphans anyway and so can be deleted. 667 */ 668 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 669 struct ubifs_scan_leb *sleb; 670 671 dbg_rcvry("LEB %d", lnum); 672 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1); 673 if (IS_ERR(sleb)) { 674 if (PTR_ERR(sleb) == -EUCLEAN) 675 sleb = ubifs_recover_leb(c, lnum, 0, 676 c->sbuf, -1); 677 if (IS_ERR(sleb)) { 678 err = PTR_ERR(sleb); 679 break; 680 } 681 } 682 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate, 683 &last_flagged); 684 if (err || outofdate) { 685 ubifs_scan_destroy(sleb); 686 break; 687 } 688 if (sleb->endpt) { 689 c->ohead_lnum = lnum; 690 c->ohead_offs = sleb->endpt; 691 } 692 ubifs_scan_destroy(sleb); 693 } 694 return err; 695 } 696 697 /** 698 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them. 699 * @c: UBIFS file-system description object 700 * @unclean: indicates recovery from unclean unmount 701 * @read_only: indicates read only mount 702 * 703 * This function is called when mounting to erase orphans from the previous 704 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as 705 * orphans are deleted. 706 */ 707 int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only) 708 { 709 int err = 0; 710 711 c->max_orphans = tot_avail_orphs(c); 712 713 if (!read_only) { 714 c->orph_buf = vmalloc(c->leb_size); 715 if (!c->orph_buf) 716 return -ENOMEM; 717 } 718 719 if (unclean) 720 err = kill_orphans(c); 721 else if (!read_only) 722 err = ubifs_clear_orphans(c); 723 724 return err; 725 } 726 727 /* 728 * Everything below is related to debugging. 729 */ 730 731 struct check_orphan { 732 struct rb_node rb; 733 ino_t inum; 734 }; 735 736 struct check_info { 737 unsigned long last_ino; 738 unsigned long tot_inos; 739 unsigned long missing; 740 unsigned long long leaf_cnt; 741 struct ubifs_ino_node *node; 742 struct rb_root root; 743 }; 744 745 static bool dbg_find_orphan(struct ubifs_info *c, ino_t inum) 746 { 747 bool found = false; 748 749 spin_lock(&c->orphan_lock); 750 found = !!lookup_orphan(c, inum); 751 spin_unlock(&c->orphan_lock); 752 753 return found; 754 } 755 756 static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum) 757 { 758 struct check_orphan *orphan, *o; 759 struct rb_node **p, *parent = NULL; 760 761 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS); 762 if (!orphan) 763 return -ENOMEM; 764 orphan->inum = inum; 765 766 p = &root->rb_node; 767 while (*p) { 768 parent = *p; 769 o = rb_entry(parent, struct check_orphan, rb); 770 if (inum < o->inum) 771 p = &(*p)->rb_left; 772 else if (inum > o->inum) 773 p = &(*p)->rb_right; 774 else { 775 kfree(orphan); 776 return 0; 777 } 778 } 779 rb_link_node(&orphan->rb, parent, p); 780 rb_insert_color(&orphan->rb, root); 781 return 0; 782 } 783 784 static int dbg_find_check_orphan(struct rb_root *root, ino_t inum) 785 { 786 struct check_orphan *o; 787 struct rb_node *p; 788 789 p = root->rb_node; 790 while (p) { 791 o = rb_entry(p, struct check_orphan, rb); 792 if (inum < o->inum) 793 p = p->rb_left; 794 else if (inum > o->inum) 795 p = p->rb_right; 796 else 797 return 1; 798 } 799 return 0; 800 } 801 802 static void dbg_free_check_tree(struct rb_root *root) 803 { 804 struct check_orphan *o, *n; 805 806 rbtree_postorder_for_each_entry_safe(o, n, root, rb) 807 kfree(o); 808 } 809 810 static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr, 811 void *priv) 812 { 813 struct check_info *ci = priv; 814 ino_t inum; 815 int err; 816 817 inum = key_inum(c, &zbr->key); 818 if (inum != ci->last_ino) { 819 /* 820 * Lowest node type is the inode node or xattr entry(when 821 * selinux/encryption is enabled), so it comes first 822 */ 823 if (key_type(c, &zbr->key) != UBIFS_INO_KEY && 824 key_type(c, &zbr->key) != UBIFS_XENT_KEY) 825 ubifs_err(c, "found orphan node ino %lu, type %d", 826 (unsigned long)inum, key_type(c, &zbr->key)); 827 ci->last_ino = inum; 828 ci->tot_inos += 1; 829 err = ubifs_tnc_read_node(c, zbr, ci->node); 830 if (err) { 831 ubifs_err(c, "node read failed, error %d", err); 832 return err; 833 } 834 if (ci->node->nlink == 0) 835 /* Must be recorded as an orphan */ 836 if (!dbg_find_check_orphan(&ci->root, inum) && 837 !dbg_find_orphan(c, inum)) { 838 ubifs_err(c, "missing orphan, ino %lu", 839 (unsigned long)inum); 840 ci->missing += 1; 841 } 842 } 843 ci->leaf_cnt += 1; 844 return 0; 845 } 846 847 static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb) 848 { 849 struct ubifs_scan_node *snod; 850 struct ubifs_orph_node *orph; 851 ino_t inum; 852 int i, n, err; 853 854 list_for_each_entry(snod, &sleb->nodes, list) { 855 cond_resched(); 856 if (snod->type != UBIFS_ORPH_NODE) 857 continue; 858 orph = snod->node; 859 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 860 for (i = 0; i < n; i++) { 861 inum = le64_to_cpu(orph->inos[i]); 862 err = dbg_ins_check_orphan(&ci->root, inum); 863 if (err) 864 return err; 865 } 866 } 867 return 0; 868 } 869 870 static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci) 871 { 872 int lnum, err = 0; 873 void *buf; 874 875 /* Check no-orphans flag and skip this if no orphans */ 876 if (c->no_orphs) 877 return 0; 878 879 buf = __vmalloc(c->leb_size, GFP_NOFS); 880 if (!buf) { 881 ubifs_err(c, "cannot allocate memory to check orphans"); 882 return 0; 883 } 884 885 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) { 886 struct ubifs_scan_leb *sleb; 887 888 sleb = ubifs_scan(c, lnum, 0, buf, 0); 889 if (IS_ERR(sleb)) { 890 err = PTR_ERR(sleb); 891 break; 892 } 893 894 err = dbg_read_orphans(ci, sleb); 895 ubifs_scan_destroy(sleb); 896 if (err) 897 break; 898 } 899 900 vfree(buf); 901 return err; 902 } 903 904 static int dbg_check_orphans(struct ubifs_info *c) 905 { 906 struct check_info ci; 907 int err; 908 909 if (!dbg_is_chk_orph(c)) 910 return 0; 911 912 ci.last_ino = 0; 913 ci.tot_inos = 0; 914 ci.missing = 0; 915 ci.leaf_cnt = 0; 916 ci.root = RB_ROOT; 917 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 918 if (!ci.node) { 919 ubifs_err(c, "out of memory"); 920 return -ENOMEM; 921 } 922 923 err = dbg_scan_orphans(c, &ci); 924 if (err) 925 goto out; 926 927 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci); 928 if (err) { 929 ubifs_err(c, "cannot scan TNC, error %d", err); 930 goto out; 931 } 932 933 if (ci.missing) { 934 ubifs_err(c, "%lu missing orphan(s)", ci.missing); 935 err = -EINVAL; 936 goto out; 937 } 938 939 dbg_cmt("last inode number is %lu", ci.last_ino); 940 dbg_cmt("total number of inodes is %lu", ci.tot_inos); 941 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt); 942 943 out: 944 dbg_free_check_tree(&ci.root); 945 kfree(ci.node); 946 return err; 947 } 948