xref: /linux/fs/ubifs/tnc_commit.c (revision cdd30ebb1b9f36159d66f088b61aee264e649d7a)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This file is part of UBIFS.
4  *
5  * Copyright (C) 2006-2008 Nokia Corporation.
6  *
7  * Authors: Adrian Hunter
8  *          Artem Bityutskiy (Битюцкий Артём)
9  */
10 
11 /* This file implements TNC functions for committing */
12 
13 #include <linux/random.h>
14 #include "ubifs.h"
15 
16 /**
17  * make_idx_node - make an index node for fill-the-gaps method of TNC commit.
18  * @c: UBIFS file-system description object
19  * @idx: buffer in which to place new index node
20  * @znode: znode from which to make new index node
21  * @lnum: LEB number where new index node will be written
22  * @offs: offset where new index node will be written
23  * @len: length of new index node
24  */
25 static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
26 			 struct ubifs_znode *znode, int lnum, int offs, int len)
27 {
28 	struct ubifs_znode *zp;
29 	u8 hash[UBIFS_HASH_ARR_SZ];
30 	int i, err;
31 
32 	/* Make index node */
33 	idx->ch.node_type = UBIFS_IDX_NODE;
34 	idx->child_cnt = cpu_to_le16(znode->child_cnt);
35 	idx->level = cpu_to_le16(znode->level);
36 	for (i = 0; i < znode->child_cnt; i++) {
37 		struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
38 		struct ubifs_zbranch *zbr = &znode->zbranch[i];
39 
40 		key_write_idx(c, &zbr->key, &br->key);
41 		br->lnum = cpu_to_le32(zbr->lnum);
42 		br->offs = cpu_to_le32(zbr->offs);
43 		br->len = cpu_to_le32(zbr->len);
44 		ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
45 		if (!zbr->lnum || !zbr->len) {
46 			ubifs_err(c, "bad ref in znode");
47 			ubifs_dump_znode(c, znode);
48 			if (zbr->znode)
49 				ubifs_dump_znode(c, zbr->znode);
50 
51 			return -EINVAL;
52 		}
53 	}
54 	ubifs_prepare_node(c, idx, len, 0);
55 	ubifs_node_calc_hash(c, idx, hash);
56 
57 	znode->lnum = lnum;
58 	znode->offs = offs;
59 	znode->len = len;
60 
61 	err = insert_old_idx_znode(c, znode);
62 
63 	/* Update the parent */
64 	zp = znode->parent;
65 	if (zp) {
66 		struct ubifs_zbranch *zbr;
67 
68 		zbr = &zp->zbranch[znode->iip];
69 		zbr->lnum = lnum;
70 		zbr->offs = offs;
71 		zbr->len = len;
72 		ubifs_copy_hash(c, hash, zbr->hash);
73 	} else {
74 		c->zroot.lnum = lnum;
75 		c->zroot.offs = offs;
76 		c->zroot.len = len;
77 		ubifs_copy_hash(c, hash, c->zroot.hash);
78 	}
79 	c->calc_idx_sz += ALIGN(len, 8);
80 
81 	atomic_long_dec(&c->dirty_zn_cnt);
82 
83 	ubifs_assert(c, ubifs_zn_dirty(znode));
84 	ubifs_assert(c, ubifs_zn_cow(znode));
85 
86 	/*
87 	 * Note, unlike 'write_index()' we do not add memory barriers here
88 	 * because this function is called with @c->tnc_mutex locked.
89 	 */
90 	__clear_bit(DIRTY_ZNODE, &znode->flags);
91 	__clear_bit(COW_ZNODE, &znode->flags);
92 
93 	return err;
94 }
95 
96 /**
97  * fill_gap - make index nodes in gaps in dirty index LEBs.
98  * @c: UBIFS file-system description object
99  * @lnum: LEB number that gap appears in
100  * @gap_start: offset of start of gap
101  * @gap_end: offset of end of gap
102  * @dirt: adds dirty space to this
103  *
104  * This function returns the number of index nodes written into the gap.
105  */
106 static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
107 		    int *dirt)
108 {
109 	int len, gap_remains, gap_pos, written, pad_len;
110 
111 	ubifs_assert(c, (gap_start & 7) == 0);
112 	ubifs_assert(c, (gap_end & 7) == 0);
113 	ubifs_assert(c, gap_end >= gap_start);
114 
115 	gap_remains = gap_end - gap_start;
116 	if (!gap_remains)
117 		return 0;
118 	gap_pos = gap_start;
119 	written = 0;
120 	while (c->enext) {
121 		len = ubifs_idx_node_sz(c, c->enext->child_cnt);
122 		if (len < gap_remains) {
123 			struct ubifs_znode *znode = c->enext;
124 			const int alen = ALIGN(len, 8);
125 			int err;
126 
127 			ubifs_assert(c, alen <= gap_remains);
128 			err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
129 					    lnum, gap_pos, len);
130 			if (err)
131 				return err;
132 			gap_remains -= alen;
133 			gap_pos += alen;
134 			c->enext = znode->cnext;
135 			if (c->enext == c->cnext)
136 				c->enext = NULL;
137 			written += 1;
138 		} else
139 			break;
140 	}
141 	if (gap_end == c->leb_size) {
142 		c->ileb_len = ALIGN(gap_pos, c->min_io_size);
143 		/* Pad to end of min_io_size */
144 		pad_len = c->ileb_len - gap_pos;
145 	} else
146 		/* Pad to end of gap */
147 		pad_len = gap_remains;
148 	dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
149 	       lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
150 	ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
151 	*dirt += pad_len;
152 	return written;
153 }
154 
155 /**
156  * find_old_idx - find an index node obsoleted since the last commit start.
157  * @c: UBIFS file-system description object
158  * @lnum: LEB number of obsoleted index node
159  * @offs: offset of obsoleted index node
160  *
161  * Returns %1 if found and %0 otherwise.
162  */
163 static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
164 {
165 	struct ubifs_old_idx *o;
166 	struct rb_node *p;
167 
168 	p = c->old_idx.rb_node;
169 	while (p) {
170 		o = rb_entry(p, struct ubifs_old_idx, rb);
171 		if (lnum < o->lnum)
172 			p = p->rb_left;
173 		else if (lnum > o->lnum)
174 			p = p->rb_right;
175 		else if (offs < o->offs)
176 			p = p->rb_left;
177 		else if (offs > o->offs)
178 			p = p->rb_right;
179 		else
180 			return 1;
181 	}
182 	return 0;
183 }
184 
185 /**
186  * is_idx_node_in_use - determine if an index node can be overwritten.
187  * @c: UBIFS file-system description object
188  * @key: key of index node
189  * @level: index node level
190  * @lnum: LEB number of index node
191  * @offs: offset of index node
192  *
193  * If @key / @lnum / @offs identify an index node that was not part of the old
194  * index, then this function returns %0 (obsolete).  Else if the index node was
195  * part of the old index but is now dirty %1 is returned, else if it is clean %2
196  * is returned. A negative error code is returned on failure.
197  */
198 static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
199 			      int level, int lnum, int offs)
200 {
201 	int ret;
202 
203 	ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
204 	if (ret < 0)
205 		return ret; /* Error code */
206 	if (ret == 0)
207 		if (find_old_idx(c, lnum, offs))
208 			return 1;
209 	return ret;
210 }
211 
212 /**
213  * layout_leb_in_gaps - layout index nodes using in-the-gaps method.
214  * @c: UBIFS file-system description object
215  * @p: return LEB number in @c->gap_lebs[p]
216  *
217  * This function lays out new index nodes for dirty znodes using in-the-gaps
218  * method of TNC commit.
219  * This function merely puts the next znode into the next gap, making no attempt
220  * to try to maximise the number of znodes that fit.
221  * This function returns the number of index nodes written into the gaps, or a
222  * negative error code on failure.
223  */
224 static int layout_leb_in_gaps(struct ubifs_info *c, int p)
225 {
226 	struct ubifs_scan_leb *sleb;
227 	struct ubifs_scan_node *snod;
228 	int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
229 
230 	tot_written = 0;
231 	/* Get an index LEB with lots of obsolete index nodes */
232 	lnum = ubifs_find_dirty_idx_leb(c);
233 	if (lnum < 0)
234 		/*
235 		 * There also may be dirt in the index head that could be
236 		 * filled, however we do not check there at present.
237 		 */
238 		return lnum; /* Error code */
239 	c->gap_lebs[p] = lnum;
240 	dbg_gc("LEB %d", lnum);
241 	/*
242 	 * Scan the index LEB.  We use the generic scan for this even though
243 	 * it is more comprehensive and less efficient than is needed for this
244 	 * purpose.
245 	 */
246 	sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
247 	c->ileb_len = 0;
248 	if (IS_ERR(sleb))
249 		return PTR_ERR(sleb);
250 	gap_start = 0;
251 	list_for_each_entry(snod, &sleb->nodes, list) {
252 		struct ubifs_idx_node *idx;
253 		int in_use, level;
254 
255 		ubifs_assert(c, snod->type == UBIFS_IDX_NODE);
256 		idx = snod->node;
257 		key_read(c, ubifs_idx_key(c, idx), &snod->key);
258 		level = le16_to_cpu(idx->level);
259 		/* Determine if the index node is in use (not obsolete) */
260 		in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
261 					    snod->offs);
262 		if (in_use < 0) {
263 			ubifs_scan_destroy(sleb);
264 			return in_use; /* Error code */
265 		}
266 		if (in_use) {
267 			if (in_use == 1)
268 				dirt += ALIGN(snod->len, 8);
269 			/*
270 			 * The obsolete index nodes form gaps that can be
271 			 * overwritten.  This gap has ended because we have
272 			 * found an index node that is still in use
273 			 * i.e. not obsolete
274 			 */
275 			gap_end = snod->offs;
276 			/* Try to fill gap */
277 			written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
278 			if (written < 0) {
279 				ubifs_scan_destroy(sleb);
280 				return written; /* Error code */
281 			}
282 			tot_written += written;
283 			gap_start = ALIGN(snod->offs + snod->len, 8);
284 		}
285 	}
286 	ubifs_scan_destroy(sleb);
287 	c->ileb_len = c->leb_size;
288 	gap_end = c->leb_size;
289 	/* Try to fill gap */
290 	written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
291 	if (written < 0)
292 		return written; /* Error code */
293 	tot_written += written;
294 	if (tot_written == 0) {
295 		struct ubifs_lprops lp;
296 
297 		dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
298 		err = ubifs_read_one_lp(c, lnum, &lp);
299 		if (err)
300 			return err;
301 		if (lp.free == c->leb_size) {
302 			/*
303 			 * We must have snatched this LEB from the idx_gc list
304 			 * so we need to correct the free and dirty space.
305 			 */
306 			err = ubifs_change_one_lp(c, lnum,
307 						  c->leb_size - c->ileb_len,
308 						  dirt, 0, 0, 0);
309 			if (err)
310 				return err;
311 		}
312 		return 0;
313 	}
314 	err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
315 				  0, 0, 0);
316 	if (err)
317 		return err;
318 	err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
319 	if (err)
320 		return err;
321 	dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
322 	return tot_written;
323 }
324 
325 /**
326  * get_leb_cnt - calculate the number of empty LEBs needed to commit.
327  * @c: UBIFS file-system description object
328  * @cnt: number of znodes to commit
329  *
330  * This function returns the number of empty LEBs needed to commit @cnt znodes
331  * to the current index head.  The number is not exact and may be more than
332  * needed.
333  */
334 static int get_leb_cnt(struct ubifs_info *c, int cnt)
335 {
336 	int d;
337 
338 	/* Assume maximum index node size (i.e. overestimate space needed) */
339 	cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
340 	if (cnt < 0)
341 		cnt = 0;
342 	d = c->leb_size / c->max_idx_node_sz;
343 	return DIV_ROUND_UP(cnt, d);
344 }
345 
346 /**
347  * layout_in_gaps - in-the-gaps method of committing TNC.
348  * @c: UBIFS file-system description object
349  * @cnt: number of dirty znodes to commit.
350  *
351  * This function lays out new index nodes for dirty znodes using in-the-gaps
352  * method of TNC commit.
353  *
354  * This function returns %0 on success and a negative error code on failure.
355  */
356 static int layout_in_gaps(struct ubifs_info *c, int cnt)
357 {
358 	int err, leb_needed_cnt, written, p = 0, old_idx_lebs, *gap_lebs;
359 
360 	dbg_gc("%d znodes to write", cnt);
361 
362 	c->gap_lebs = kmalloc_array(c->lst.idx_lebs + 1, sizeof(int),
363 				    GFP_NOFS);
364 	if (!c->gap_lebs)
365 		return -ENOMEM;
366 
367 	old_idx_lebs = c->lst.idx_lebs;
368 	do {
369 		ubifs_assert(c, p < c->lst.idx_lebs);
370 		written = layout_leb_in_gaps(c, p);
371 		if (written < 0) {
372 			err = written;
373 			if (err != -ENOSPC) {
374 				kfree(c->gap_lebs);
375 				c->gap_lebs = NULL;
376 				return err;
377 			}
378 			if (!dbg_is_chk_index(c)) {
379 				/*
380 				 * Do not print scary warnings if the debugging
381 				 * option which forces in-the-gaps is enabled.
382 				 */
383 				ubifs_warn(c, "out of space");
384 				ubifs_dump_budg(c, &c->bi);
385 				ubifs_dump_lprops(c);
386 			}
387 			/* Try to commit anyway */
388 			break;
389 		}
390 		p++;
391 		cnt -= written;
392 		leb_needed_cnt = get_leb_cnt(c, cnt);
393 		dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
394 		       leb_needed_cnt, c->ileb_cnt);
395 		/*
396 		 * Dynamically change the size of @c->gap_lebs to prevent
397 		 * oob, because @c->lst.idx_lebs could be increased by
398 		 * function @get_idx_gc_leb (called by layout_leb_in_gaps->
399 		 * ubifs_find_dirty_idx_leb) during loop. Only enlarge
400 		 * @c->gap_lebs when needed.
401 		 *
402 		 */
403 		if (leb_needed_cnt > c->ileb_cnt && p >= old_idx_lebs &&
404 		    old_idx_lebs < c->lst.idx_lebs) {
405 			old_idx_lebs = c->lst.idx_lebs;
406 			gap_lebs = krealloc(c->gap_lebs, sizeof(int) *
407 					       (old_idx_lebs + 1), GFP_NOFS);
408 			if (!gap_lebs) {
409 				kfree(c->gap_lebs);
410 				c->gap_lebs = NULL;
411 				return -ENOMEM;
412 			}
413 			c->gap_lebs = gap_lebs;
414 		}
415 	} while (leb_needed_cnt > c->ileb_cnt);
416 
417 	c->gap_lebs[p] = -1;
418 	return 0;
419 }
420 
421 /**
422  * layout_in_empty_space - layout index nodes in empty space.
423  * @c: UBIFS file-system description object
424  *
425  * This function lays out new index nodes for dirty znodes using empty LEBs.
426  *
427  * This function returns %0 on success and a negative error code on failure.
428  */
429 static int layout_in_empty_space(struct ubifs_info *c)
430 {
431 	struct ubifs_znode *znode, *cnext, *zp;
432 	int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
433 	int wlen, blen, err;
434 
435 	cnext = c->enext;
436 	if (!cnext)
437 		return 0;
438 
439 	lnum = c->ihead_lnum;
440 	buf_offs = c->ihead_offs;
441 
442 	buf_len = ubifs_idx_node_sz(c, c->fanout);
443 	buf_len = ALIGN(buf_len, c->min_io_size);
444 	used = 0;
445 	avail = buf_len;
446 
447 	/* Ensure there is enough room for first write */
448 	next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
449 	if (buf_offs + next_len > c->leb_size)
450 		lnum = -1;
451 
452 	while (1) {
453 		znode = cnext;
454 
455 		len = ubifs_idx_node_sz(c, znode->child_cnt);
456 
457 		/* Determine the index node position */
458 		if (lnum == -1) {
459 			if (c->ileb_nxt >= c->ileb_cnt) {
460 				ubifs_err(c, "out of space");
461 				return -ENOSPC;
462 			}
463 			lnum = c->ilebs[c->ileb_nxt++];
464 			buf_offs = 0;
465 			used = 0;
466 			avail = buf_len;
467 		}
468 
469 		offs = buf_offs + used;
470 
471 		znode->lnum = lnum;
472 		znode->offs = offs;
473 		znode->len = len;
474 
475 		/* Update the parent */
476 		zp = znode->parent;
477 		if (zp) {
478 			struct ubifs_zbranch *zbr;
479 			int i;
480 
481 			i = znode->iip;
482 			zbr = &zp->zbranch[i];
483 			zbr->lnum = lnum;
484 			zbr->offs = offs;
485 			zbr->len = len;
486 		} else {
487 			c->zroot.lnum = lnum;
488 			c->zroot.offs = offs;
489 			c->zroot.len = len;
490 		}
491 		c->calc_idx_sz += ALIGN(len, 8);
492 
493 		/*
494 		 * Once lprops is updated, we can decrease the dirty znode count
495 		 * but it is easier to just do it here.
496 		 */
497 		atomic_long_dec(&c->dirty_zn_cnt);
498 
499 		/*
500 		 * Calculate the next index node length to see if there is
501 		 * enough room for it
502 		 */
503 		cnext = znode->cnext;
504 		if (cnext == c->cnext)
505 			next_len = 0;
506 		else
507 			next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
508 
509 		/* Update buffer positions */
510 		wlen = used + len;
511 		used += ALIGN(len, 8);
512 		avail -= ALIGN(len, 8);
513 
514 		if (next_len != 0 &&
515 		    buf_offs + used + next_len <= c->leb_size &&
516 		    avail > 0)
517 			continue;
518 
519 		if (avail <= 0 && next_len &&
520 		    buf_offs + used + next_len <= c->leb_size)
521 			blen = buf_len;
522 		else
523 			blen = ALIGN(wlen, c->min_io_size);
524 
525 		/* The buffer is full or there are no more znodes to do */
526 		buf_offs += blen;
527 		if (next_len) {
528 			if (buf_offs + next_len > c->leb_size) {
529 				err = ubifs_update_one_lp(c, lnum,
530 					c->leb_size - buf_offs, blen - used,
531 					0, 0);
532 				if (err)
533 					return err;
534 				lnum = -1;
535 			}
536 			used -= blen;
537 			if (used < 0)
538 				used = 0;
539 			avail = buf_len - used;
540 			continue;
541 		}
542 		err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
543 					  blen - used, 0, 0);
544 		if (err)
545 			return err;
546 		break;
547 	}
548 
549 	c->dbg->new_ihead_lnum = lnum;
550 	c->dbg->new_ihead_offs = buf_offs;
551 
552 	return 0;
553 }
554 
555 /**
556  * layout_commit - determine positions of index nodes to commit.
557  * @c: UBIFS file-system description object
558  * @no_space: indicates that insufficient empty LEBs were allocated
559  * @cnt: number of znodes to commit
560  *
561  * Calculate and update the positions of index nodes to commit.  If there were
562  * an insufficient number of empty LEBs allocated, then index nodes are placed
563  * into the gaps created by obsolete index nodes in non-empty index LEBs.  For
564  * this purpose, an obsolete index node is one that was not in the index as at
565  * the end of the last commit.  To write "in-the-gaps" requires that those index
566  * LEBs are updated atomically in-place.
567  */
568 static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
569 {
570 	int err;
571 
572 	if (no_space) {
573 		err = layout_in_gaps(c, cnt);
574 		if (err)
575 			return err;
576 	}
577 	err = layout_in_empty_space(c);
578 	return err;
579 }
580 
581 /**
582  * find_first_dirty - find first dirty znode.
583  * @znode: znode to begin searching from
584  */
585 static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
586 {
587 	int i, cont;
588 
589 	if (!znode)
590 		return NULL;
591 
592 	while (1) {
593 		if (znode->level == 0) {
594 			if (ubifs_zn_dirty(znode))
595 				return znode;
596 			return NULL;
597 		}
598 		cont = 0;
599 		for (i = 0; i < znode->child_cnt; i++) {
600 			struct ubifs_zbranch *zbr = &znode->zbranch[i];
601 
602 			if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
603 				znode = zbr->znode;
604 				cont = 1;
605 				break;
606 			}
607 		}
608 		if (!cont) {
609 			if (ubifs_zn_dirty(znode))
610 				return znode;
611 			return NULL;
612 		}
613 	}
614 }
615 
616 /**
617  * find_next_dirty - find next dirty znode.
618  * @znode: znode to begin searching from
619  */
620 static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
621 {
622 	int n = znode->iip + 1;
623 
624 	znode = znode->parent;
625 	if (!znode)
626 		return NULL;
627 	for (; n < znode->child_cnt; n++) {
628 		struct ubifs_zbranch *zbr = &znode->zbranch[n];
629 
630 		if (zbr->znode && ubifs_zn_dirty(zbr->znode))
631 			return find_first_dirty(zbr->znode);
632 	}
633 	return znode;
634 }
635 
636 /**
637  * get_znodes_to_commit - create list of dirty znodes to commit.
638  * @c: UBIFS file-system description object
639  *
640  * This function returns the number of znodes to commit.
641  */
642 static int get_znodes_to_commit(struct ubifs_info *c)
643 {
644 	struct ubifs_znode *znode, *cnext;
645 	int cnt = 0;
646 
647 	c->cnext = find_first_dirty(c->zroot.znode);
648 	znode = c->enext = c->cnext;
649 	if (!znode) {
650 		dbg_cmt("no znodes to commit");
651 		return 0;
652 	}
653 	cnt += 1;
654 	while (1) {
655 		ubifs_assert(c, !ubifs_zn_cow(znode));
656 		__set_bit(COW_ZNODE, &znode->flags);
657 		znode->alt = 0;
658 		cnext = find_next_dirty(znode);
659 		if (!cnext) {
660 			ubifs_assert(c, !znode->parent);
661 			znode->cparent = NULL;
662 			znode->cnext = c->cnext;
663 			break;
664 		}
665 		znode->cparent = znode->parent;
666 		znode->ciip = znode->iip;
667 		znode->cnext = cnext;
668 		znode = cnext;
669 		cnt += 1;
670 	}
671 	dbg_cmt("committing %d znodes", cnt);
672 	ubifs_assert(c, cnt == atomic_long_read(&c->dirty_zn_cnt));
673 	return cnt;
674 }
675 
676 /**
677  * alloc_idx_lebs - allocate empty LEBs to be used to commit.
678  * @c: UBIFS file-system description object
679  * @cnt: number of znodes to commit
680  *
681  * This function returns %-ENOSPC if it cannot allocate a sufficient number of
682  * empty LEBs.  %0 is returned on success, otherwise a negative error code
683  * is returned.
684  */
685 static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
686 {
687 	int i, leb_cnt, lnum;
688 
689 	c->ileb_cnt = 0;
690 	c->ileb_nxt = 0;
691 	leb_cnt = get_leb_cnt(c, cnt);
692 	dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
693 	if (!leb_cnt)
694 		return 0;
695 	c->ilebs = kmalloc_array(leb_cnt, sizeof(int), GFP_NOFS);
696 	if (!c->ilebs)
697 		return -ENOMEM;
698 	for (i = 0; i < leb_cnt; i++) {
699 		lnum = ubifs_find_free_leb_for_idx(c);
700 		if (lnum < 0)
701 			return lnum;
702 		c->ilebs[c->ileb_cnt++] = lnum;
703 		dbg_cmt("LEB %d", lnum);
704 	}
705 	if (dbg_is_chk_index(c) && !get_random_u32_below(8))
706 		return -ENOSPC;
707 	return 0;
708 }
709 
710 /**
711  * free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
712  * @c: UBIFS file-system description object
713  *
714  * It is possible that we allocate more empty LEBs for the commit than we need.
715  * This functions frees the surplus.
716  *
717  * This function returns %0 on success and a negative error code on failure.
718  */
719 static int free_unused_idx_lebs(struct ubifs_info *c)
720 {
721 	int i, err = 0, lnum, er;
722 
723 	for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
724 		lnum = c->ilebs[i];
725 		dbg_cmt("LEB %d", lnum);
726 		er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
727 					 LPROPS_INDEX | LPROPS_TAKEN, 0);
728 		if (!err)
729 			err = er;
730 	}
731 	return err;
732 }
733 
734 /**
735  * free_idx_lebs - free unused LEBs after commit end.
736  * @c: UBIFS file-system description object
737  *
738  * This function returns %0 on success and a negative error code on failure.
739  */
740 static int free_idx_lebs(struct ubifs_info *c)
741 {
742 	int err;
743 
744 	err = free_unused_idx_lebs(c);
745 	kfree(c->ilebs);
746 	c->ilebs = NULL;
747 	return err;
748 }
749 
750 /**
751  * ubifs_tnc_start_commit - start TNC commit.
752  * @c: UBIFS file-system description object
753  * @zroot: new index root position is returned here
754  *
755  * This function prepares the list of indexing nodes to commit and lays out
756  * their positions on flash. If there is not enough free space it uses the
757  * in-gap commit method. Returns zero in case of success and a negative error
758  * code in case of failure.
759  */
760 int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
761 {
762 	int err = 0, cnt;
763 
764 	mutex_lock(&c->tnc_mutex);
765 	err = dbg_check_tnc(c, 1);
766 	if (err)
767 		goto out;
768 	cnt = get_znodes_to_commit(c);
769 	if (cnt != 0) {
770 		int no_space = 0;
771 
772 		err = alloc_idx_lebs(c, cnt);
773 		if (err == -ENOSPC)
774 			no_space = 1;
775 		else if (err)
776 			goto out_free;
777 		err = layout_commit(c, no_space, cnt);
778 		if (err)
779 			goto out_free;
780 		ubifs_assert(c, atomic_long_read(&c->dirty_zn_cnt) == 0);
781 		err = free_unused_idx_lebs(c);
782 		if (err)
783 			goto out;
784 	}
785 	destroy_old_idx(c);
786 	memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
787 
788 	err = ubifs_save_dirty_idx_lnums(c);
789 	if (err)
790 		goto out;
791 
792 	spin_lock(&c->space_lock);
793 	/*
794 	 * Although we have not finished committing yet, update size of the
795 	 * committed index ('c->bi.old_idx_sz') and zero out the index growth
796 	 * budget. It is OK to do this now, because we've reserved all the
797 	 * space which is needed to commit the index, and it is save for the
798 	 * budgeting subsystem to assume the index is already committed,
799 	 * even though it is not.
800 	 */
801 	ubifs_assert(c, c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
802 	c->bi.old_idx_sz = c->calc_idx_sz;
803 	c->bi.uncommitted_idx = 0;
804 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
805 	spin_unlock(&c->space_lock);
806 	mutex_unlock(&c->tnc_mutex);
807 
808 	dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
809 	dbg_cmt("size of index %llu", c->calc_idx_sz);
810 	return err;
811 
812 out_free:
813 	free_idx_lebs(c);
814 out:
815 	mutex_unlock(&c->tnc_mutex);
816 	return err;
817 }
818 
819 /**
820  * write_index - write index nodes.
821  * @c: UBIFS file-system description object
822  *
823  * This function writes the index nodes whose positions were laid out in the
824  * layout_in_empty_space function.
825  */
826 static int write_index(struct ubifs_info *c)
827 {
828 	struct ubifs_idx_node *idx;
829 	struct ubifs_znode *znode, *cnext;
830 	int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
831 	int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
832 
833 	cnext = c->enext;
834 	if (!cnext)
835 		return 0;
836 
837 	/*
838 	 * Always write index nodes to the index head so that index nodes and
839 	 * other types of nodes are never mixed in the same erase block.
840 	 */
841 	lnum = c->ihead_lnum;
842 	buf_offs = c->ihead_offs;
843 
844 	/* Allocate commit buffer */
845 	buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
846 	used = 0;
847 	avail = buf_len;
848 
849 	/* Ensure there is enough room for first write */
850 	next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
851 	if (buf_offs + next_len > c->leb_size) {
852 		err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
853 					  LPROPS_TAKEN);
854 		if (err)
855 			return err;
856 		lnum = -1;
857 	}
858 
859 	while (1) {
860 		u8 hash[UBIFS_HASH_ARR_SZ];
861 
862 		cond_resched();
863 
864 		znode = cnext;
865 		idx = c->cbuf + used;
866 
867 		/* Make index node */
868 		idx->ch.node_type = UBIFS_IDX_NODE;
869 		idx->child_cnt = cpu_to_le16(znode->child_cnt);
870 		idx->level = cpu_to_le16(znode->level);
871 		for (i = 0; i < znode->child_cnt; i++) {
872 			struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
873 			struct ubifs_zbranch *zbr = &znode->zbranch[i];
874 
875 			key_write_idx(c, &zbr->key, &br->key);
876 			br->lnum = cpu_to_le32(zbr->lnum);
877 			br->offs = cpu_to_le32(zbr->offs);
878 			br->len = cpu_to_le32(zbr->len);
879 			ubifs_copy_hash(c, zbr->hash, ubifs_branch_hash(c, br));
880 			if (!zbr->lnum || !zbr->len) {
881 				ubifs_err(c, "bad ref in znode");
882 				ubifs_dump_znode(c, znode);
883 				if (zbr->znode)
884 					ubifs_dump_znode(c, zbr->znode);
885 
886 				return -EINVAL;
887 			}
888 		}
889 		len = ubifs_idx_node_sz(c, znode->child_cnt);
890 		ubifs_prepare_node(c, idx, len, 0);
891 		ubifs_node_calc_hash(c, idx, hash);
892 
893 		mutex_lock(&c->tnc_mutex);
894 
895 		if (znode->cparent)
896 			ubifs_copy_hash(c, hash,
897 					znode->cparent->zbranch[znode->ciip].hash);
898 
899 		if (znode->parent) {
900 			if (!ubifs_zn_obsolete(znode))
901 				ubifs_copy_hash(c, hash,
902 					znode->parent->zbranch[znode->iip].hash);
903 		} else {
904 			ubifs_copy_hash(c, hash, c->zroot.hash);
905 		}
906 
907 		mutex_unlock(&c->tnc_mutex);
908 
909 		/* Determine the index node position */
910 		if (lnum == -1) {
911 			lnum = c->ilebs[lnum_pos++];
912 			buf_offs = 0;
913 			used = 0;
914 			avail = buf_len;
915 		}
916 		offs = buf_offs + used;
917 
918 		if (lnum != znode->lnum || offs != znode->offs ||
919 		    len != znode->len) {
920 			ubifs_err(c, "inconsistent znode posn");
921 			return -EINVAL;
922 		}
923 
924 		/* Grab some stuff from znode while we still can */
925 		cnext = znode->cnext;
926 
927 		ubifs_assert(c, ubifs_zn_dirty(znode));
928 		ubifs_assert(c, ubifs_zn_cow(znode));
929 
930 		/*
931 		 * It is important that other threads should see %DIRTY_ZNODE
932 		 * flag cleared before %COW_ZNODE. Specifically, it matters in
933 		 * the 'dirty_cow_znode()' function. This is the reason for the
934 		 * first barrier. Also, we want the bit changes to be seen to
935 		 * other threads ASAP, to avoid unnecessary copying, which is
936 		 * the reason for the second barrier.
937 		 */
938 		clear_bit(DIRTY_ZNODE, &znode->flags);
939 		smp_mb__before_atomic();
940 		clear_bit(COW_ZNODE, &znode->flags);
941 		smp_mb__after_atomic();
942 
943 		/*
944 		 * We have marked the znode as clean but have not updated the
945 		 * @c->clean_zn_cnt counter. If this znode becomes dirty again
946 		 * before 'free_obsolete_znodes()' is called, then
947 		 * @c->clean_zn_cnt will be decremented before it gets
948 		 * incremented (resulting in 2 decrements for the same znode).
949 		 * This means that @c->clean_zn_cnt may become negative for a
950 		 * while.
951 		 *
952 		 * Q: why we cannot increment @c->clean_zn_cnt?
953 		 * A: because we do not have the @c->tnc_mutex locked, and the
954 		 *    following code would be racy and buggy:
955 		 *
956 		 *    if (!ubifs_zn_obsolete(znode)) {
957 		 *            atomic_long_inc(&c->clean_zn_cnt);
958 		 *            atomic_long_inc(&ubifs_clean_zn_cnt);
959 		 *    }
960 		 *
961 		 *    Thus, we just delay the @c->clean_zn_cnt update until we
962 		 *    have the mutex locked.
963 		 */
964 
965 		/* Do not access znode from this point on */
966 
967 		/* Update buffer positions */
968 		wlen = used + len;
969 		used += ALIGN(len, 8);
970 		avail -= ALIGN(len, 8);
971 
972 		/*
973 		 * Calculate the next index node length to see if there is
974 		 * enough room for it
975 		 */
976 		if (cnext == c->cnext)
977 			next_len = 0;
978 		else
979 			next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
980 
981 		nxt_offs = buf_offs + used + next_len;
982 		if (next_len && nxt_offs <= c->leb_size) {
983 			if (avail > 0)
984 				continue;
985 			else
986 				blen = buf_len;
987 		} else {
988 			wlen = ALIGN(wlen, 8);
989 			blen = ALIGN(wlen, c->min_io_size);
990 			ubifs_pad(c, c->cbuf + wlen, blen - wlen);
991 		}
992 
993 		/* The buffer is full or there are no more znodes to do */
994 		err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
995 		if (err)
996 			return err;
997 		buf_offs += blen;
998 		if (next_len) {
999 			if (nxt_offs > c->leb_size) {
1000 				err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
1001 							  0, LPROPS_TAKEN);
1002 				if (err)
1003 					return err;
1004 				lnum = -1;
1005 			}
1006 			used -= blen;
1007 			if (used < 0)
1008 				used = 0;
1009 			avail = buf_len - used;
1010 			memmove(c->cbuf, c->cbuf + blen, used);
1011 			continue;
1012 		}
1013 		break;
1014 	}
1015 
1016 	if (lnum != c->dbg->new_ihead_lnum ||
1017 	    buf_offs != c->dbg->new_ihead_offs) {
1018 		ubifs_err(c, "inconsistent ihead");
1019 		return -EINVAL;
1020 	}
1021 
1022 	c->ihead_lnum = lnum;
1023 	c->ihead_offs = buf_offs;
1024 
1025 	return 0;
1026 }
1027 
1028 /**
1029  * free_obsolete_znodes - free obsolete znodes.
1030  * @c: UBIFS file-system description object
1031  *
1032  * At the end of commit end, obsolete znodes are freed.
1033  */
1034 static void free_obsolete_znodes(struct ubifs_info *c)
1035 {
1036 	struct ubifs_znode *znode, *cnext;
1037 
1038 	cnext = c->cnext;
1039 	do {
1040 		znode = cnext;
1041 		cnext = znode->cnext;
1042 		if (ubifs_zn_obsolete(znode))
1043 			kfree(znode);
1044 		else {
1045 			znode->cnext = NULL;
1046 			atomic_long_inc(&c->clean_zn_cnt);
1047 			atomic_long_inc(&ubifs_clean_zn_cnt);
1048 		}
1049 	} while (cnext != c->cnext);
1050 }
1051 
1052 /**
1053  * return_gap_lebs - return LEBs used by the in-gap commit method.
1054  * @c: UBIFS file-system description object
1055  *
1056  * This function clears the "taken" flag for the LEBs which were used by the
1057  * "commit in-the-gaps" method.
1058  */
1059 static int return_gap_lebs(struct ubifs_info *c)
1060 {
1061 	int *p, err;
1062 
1063 	if (!c->gap_lebs)
1064 		return 0;
1065 
1066 	dbg_cmt("");
1067 	for (p = c->gap_lebs; *p != -1; p++) {
1068 		err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
1069 					  LPROPS_TAKEN, 0);
1070 		if (err)
1071 			return err;
1072 	}
1073 
1074 	kfree(c->gap_lebs);
1075 	c->gap_lebs = NULL;
1076 	return 0;
1077 }
1078 
1079 /**
1080  * ubifs_tnc_end_commit - update the TNC for commit end.
1081  * @c: UBIFS file-system description object
1082  *
1083  * Write the dirty znodes.
1084  */
1085 int ubifs_tnc_end_commit(struct ubifs_info *c)
1086 {
1087 	int err;
1088 
1089 	if (!c->cnext)
1090 		return 0;
1091 
1092 	err = return_gap_lebs(c);
1093 	if (err)
1094 		return err;
1095 
1096 	err = write_index(c);
1097 	if (err)
1098 		return err;
1099 
1100 	mutex_lock(&c->tnc_mutex);
1101 
1102 	dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
1103 
1104 	free_obsolete_znodes(c);
1105 
1106 	c->cnext = NULL;
1107 	kfree(c->ilebs);
1108 	c->ilebs = NULL;
1109 
1110 	mutex_unlock(&c->tnc_mutex);
1111 
1112 	return 0;
1113 }
1114