1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include <linux/backing-dev.h> 8 #include <linux/dax.h> 9 10 #include "xfs_shared.h" 11 #include "xfs_format.h" 12 #include "xfs_log_format.h" 13 #include "xfs_trans_resv.h" 14 #include "xfs_mount.h" 15 #include "xfs_trace.h" 16 #include "xfs_log.h" 17 #include "xfs_log_recover.h" 18 #include "xfs_log_priv.h" 19 #include "xfs_trans.h" 20 #include "xfs_buf_item.h" 21 #include "xfs_errortag.h" 22 #include "xfs_error.h" 23 #include "xfs_ag.h" 24 25 struct kmem_cache *xfs_buf_cache; 26 27 /* 28 * Locking orders 29 * 30 * xfs_buf_ioacct_inc: 31 * xfs_buf_ioacct_dec: 32 * b_sema (caller holds) 33 * b_lock 34 * 35 * xfs_buf_stale: 36 * b_sema (caller holds) 37 * b_lock 38 * lru_lock 39 * 40 * xfs_buf_rele: 41 * b_lock 42 * pag_buf_lock 43 * lru_lock 44 * 45 * xfs_buftarg_drain_rele 46 * lru_lock 47 * b_lock (trylock due to inversion) 48 * 49 * xfs_buftarg_isolate 50 * lru_lock 51 * b_lock (trylock due to inversion) 52 */ 53 54 static int __xfs_buf_submit(struct xfs_buf *bp, bool wait); 55 56 static inline int 57 xfs_buf_submit( 58 struct xfs_buf *bp) 59 { 60 return __xfs_buf_submit(bp, !(bp->b_flags & XBF_ASYNC)); 61 } 62 63 static inline int 64 xfs_buf_is_vmapped( 65 struct xfs_buf *bp) 66 { 67 /* 68 * Return true if the buffer is vmapped. 69 * 70 * b_addr is null if the buffer is not mapped, but the code is clever 71 * enough to know it doesn't have to map a single page, so the check has 72 * to be both for b_addr and bp->b_page_count > 1. 73 */ 74 return bp->b_addr && bp->b_page_count > 1; 75 } 76 77 static inline int 78 xfs_buf_vmap_len( 79 struct xfs_buf *bp) 80 { 81 return (bp->b_page_count * PAGE_SIZE); 82 } 83 84 /* 85 * Bump the I/O in flight count on the buftarg if we haven't yet done so for 86 * this buffer. The count is incremented once per buffer (per hold cycle) 87 * because the corresponding decrement is deferred to buffer release. Buffers 88 * can undergo I/O multiple times in a hold-release cycle and per buffer I/O 89 * tracking adds unnecessary overhead. This is used for sychronization purposes 90 * with unmount (see xfs_buftarg_drain()), so all we really need is a count of 91 * in-flight buffers. 92 * 93 * Buffers that are never released (e.g., superblock, iclog buffers) must set 94 * the XBF_NO_IOACCT flag before I/O submission. Otherwise, the buftarg count 95 * never reaches zero and unmount hangs indefinitely. 96 */ 97 static inline void 98 xfs_buf_ioacct_inc( 99 struct xfs_buf *bp) 100 { 101 if (bp->b_flags & XBF_NO_IOACCT) 102 return; 103 104 ASSERT(bp->b_flags & XBF_ASYNC); 105 spin_lock(&bp->b_lock); 106 if (!(bp->b_state & XFS_BSTATE_IN_FLIGHT)) { 107 bp->b_state |= XFS_BSTATE_IN_FLIGHT; 108 percpu_counter_inc(&bp->b_target->bt_io_count); 109 } 110 spin_unlock(&bp->b_lock); 111 } 112 113 /* 114 * Clear the in-flight state on a buffer about to be released to the LRU or 115 * freed and unaccount from the buftarg. 116 */ 117 static inline void 118 __xfs_buf_ioacct_dec( 119 struct xfs_buf *bp) 120 { 121 lockdep_assert_held(&bp->b_lock); 122 123 if (bp->b_state & XFS_BSTATE_IN_FLIGHT) { 124 bp->b_state &= ~XFS_BSTATE_IN_FLIGHT; 125 percpu_counter_dec(&bp->b_target->bt_io_count); 126 } 127 } 128 129 static inline void 130 xfs_buf_ioacct_dec( 131 struct xfs_buf *bp) 132 { 133 spin_lock(&bp->b_lock); 134 __xfs_buf_ioacct_dec(bp); 135 spin_unlock(&bp->b_lock); 136 } 137 138 /* 139 * When we mark a buffer stale, we remove the buffer from the LRU and clear the 140 * b_lru_ref count so that the buffer is freed immediately when the buffer 141 * reference count falls to zero. If the buffer is already on the LRU, we need 142 * to remove the reference that LRU holds on the buffer. 143 * 144 * This prevents build-up of stale buffers on the LRU. 145 */ 146 void 147 xfs_buf_stale( 148 struct xfs_buf *bp) 149 { 150 ASSERT(xfs_buf_islocked(bp)); 151 152 bp->b_flags |= XBF_STALE; 153 154 /* 155 * Clear the delwri status so that a delwri queue walker will not 156 * flush this buffer to disk now that it is stale. The delwri queue has 157 * a reference to the buffer, so this is safe to do. 158 */ 159 bp->b_flags &= ~_XBF_DELWRI_Q; 160 161 /* 162 * Once the buffer is marked stale and unlocked, a subsequent lookup 163 * could reset b_flags. There is no guarantee that the buffer is 164 * unaccounted (released to LRU) before that occurs. Drop in-flight 165 * status now to preserve accounting consistency. 166 */ 167 spin_lock(&bp->b_lock); 168 __xfs_buf_ioacct_dec(bp); 169 170 atomic_set(&bp->b_lru_ref, 0); 171 if (!(bp->b_state & XFS_BSTATE_DISPOSE) && 172 (list_lru_del(&bp->b_target->bt_lru, &bp->b_lru))) 173 atomic_dec(&bp->b_hold); 174 175 ASSERT(atomic_read(&bp->b_hold) >= 1); 176 spin_unlock(&bp->b_lock); 177 } 178 179 static int 180 xfs_buf_get_maps( 181 struct xfs_buf *bp, 182 int map_count) 183 { 184 ASSERT(bp->b_maps == NULL); 185 bp->b_map_count = map_count; 186 187 if (map_count == 1) { 188 bp->b_maps = &bp->__b_map; 189 return 0; 190 } 191 192 bp->b_maps = kmem_zalloc(map_count * sizeof(struct xfs_buf_map), 193 KM_NOFS); 194 if (!bp->b_maps) 195 return -ENOMEM; 196 return 0; 197 } 198 199 /* 200 * Frees b_pages if it was allocated. 201 */ 202 static void 203 xfs_buf_free_maps( 204 struct xfs_buf *bp) 205 { 206 if (bp->b_maps != &bp->__b_map) { 207 kmem_free(bp->b_maps); 208 bp->b_maps = NULL; 209 } 210 } 211 212 static int 213 _xfs_buf_alloc( 214 struct xfs_buftarg *target, 215 struct xfs_buf_map *map, 216 int nmaps, 217 xfs_buf_flags_t flags, 218 struct xfs_buf **bpp) 219 { 220 struct xfs_buf *bp; 221 int error; 222 int i; 223 224 *bpp = NULL; 225 bp = kmem_cache_zalloc(xfs_buf_cache, GFP_NOFS | __GFP_NOFAIL); 226 227 /* 228 * We don't want certain flags to appear in b_flags unless they are 229 * specifically set by later operations on the buffer. 230 */ 231 flags &= ~(XBF_UNMAPPED | XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD); 232 233 atomic_set(&bp->b_hold, 1); 234 atomic_set(&bp->b_lru_ref, 1); 235 init_completion(&bp->b_iowait); 236 INIT_LIST_HEAD(&bp->b_lru); 237 INIT_LIST_HEAD(&bp->b_list); 238 INIT_LIST_HEAD(&bp->b_li_list); 239 sema_init(&bp->b_sema, 0); /* held, no waiters */ 240 spin_lock_init(&bp->b_lock); 241 bp->b_target = target; 242 bp->b_mount = target->bt_mount; 243 bp->b_flags = flags; 244 245 /* 246 * Set length and io_length to the same value initially. 247 * I/O routines should use io_length, which will be the same in 248 * most cases but may be reset (e.g. XFS recovery). 249 */ 250 error = xfs_buf_get_maps(bp, nmaps); 251 if (error) { 252 kmem_cache_free(xfs_buf_cache, bp); 253 return error; 254 } 255 256 bp->b_rhash_key = map[0].bm_bn; 257 bp->b_length = 0; 258 for (i = 0; i < nmaps; i++) { 259 bp->b_maps[i].bm_bn = map[i].bm_bn; 260 bp->b_maps[i].bm_len = map[i].bm_len; 261 bp->b_length += map[i].bm_len; 262 } 263 264 atomic_set(&bp->b_pin_count, 0); 265 init_waitqueue_head(&bp->b_waiters); 266 267 XFS_STATS_INC(bp->b_mount, xb_create); 268 trace_xfs_buf_init(bp, _RET_IP_); 269 270 *bpp = bp; 271 return 0; 272 } 273 274 static void 275 xfs_buf_free_pages( 276 struct xfs_buf *bp) 277 { 278 uint i; 279 280 ASSERT(bp->b_flags & _XBF_PAGES); 281 282 if (xfs_buf_is_vmapped(bp)) 283 vm_unmap_ram(bp->b_addr, bp->b_page_count); 284 285 for (i = 0; i < bp->b_page_count; i++) { 286 if (bp->b_pages[i]) 287 __free_page(bp->b_pages[i]); 288 } 289 if (current->reclaim_state) 290 current->reclaim_state->reclaimed_slab += bp->b_page_count; 291 292 if (bp->b_pages != bp->b_page_array) 293 kmem_free(bp->b_pages); 294 bp->b_pages = NULL; 295 bp->b_flags &= ~_XBF_PAGES; 296 } 297 298 static void 299 xfs_buf_free_callback( 300 struct callback_head *cb) 301 { 302 struct xfs_buf *bp = container_of(cb, struct xfs_buf, b_rcu); 303 304 xfs_buf_free_maps(bp); 305 kmem_cache_free(xfs_buf_cache, bp); 306 } 307 308 static void 309 xfs_buf_free( 310 struct xfs_buf *bp) 311 { 312 trace_xfs_buf_free(bp, _RET_IP_); 313 314 ASSERT(list_empty(&bp->b_lru)); 315 316 if (bp->b_flags & _XBF_PAGES) 317 xfs_buf_free_pages(bp); 318 else if (bp->b_flags & _XBF_KMEM) 319 kmem_free(bp->b_addr); 320 321 call_rcu(&bp->b_rcu, xfs_buf_free_callback); 322 } 323 324 static int 325 xfs_buf_alloc_kmem( 326 struct xfs_buf *bp, 327 xfs_buf_flags_t flags) 328 { 329 xfs_km_flags_t kmflag_mask = KM_NOFS; 330 size_t size = BBTOB(bp->b_length); 331 332 /* Assure zeroed buffer for non-read cases. */ 333 if (!(flags & XBF_READ)) 334 kmflag_mask |= KM_ZERO; 335 336 bp->b_addr = kmem_alloc(size, kmflag_mask); 337 if (!bp->b_addr) 338 return -ENOMEM; 339 340 if (((unsigned long)(bp->b_addr + size - 1) & PAGE_MASK) != 341 ((unsigned long)bp->b_addr & PAGE_MASK)) { 342 /* b_addr spans two pages - use alloc_page instead */ 343 kmem_free(bp->b_addr); 344 bp->b_addr = NULL; 345 return -ENOMEM; 346 } 347 bp->b_offset = offset_in_page(bp->b_addr); 348 bp->b_pages = bp->b_page_array; 349 bp->b_pages[0] = kmem_to_page(bp->b_addr); 350 bp->b_page_count = 1; 351 bp->b_flags |= _XBF_KMEM; 352 return 0; 353 } 354 355 static int 356 xfs_buf_alloc_pages( 357 struct xfs_buf *bp, 358 xfs_buf_flags_t flags) 359 { 360 gfp_t gfp_mask = __GFP_NOWARN; 361 long filled = 0; 362 363 if (flags & XBF_READ_AHEAD) 364 gfp_mask |= __GFP_NORETRY; 365 else 366 gfp_mask |= GFP_NOFS; 367 368 /* Make sure that we have a page list */ 369 bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); 370 if (bp->b_page_count <= XB_PAGES) { 371 bp->b_pages = bp->b_page_array; 372 } else { 373 bp->b_pages = kzalloc(sizeof(struct page *) * bp->b_page_count, 374 gfp_mask); 375 if (!bp->b_pages) 376 return -ENOMEM; 377 } 378 bp->b_flags |= _XBF_PAGES; 379 380 /* Assure zeroed buffer for non-read cases. */ 381 if (!(flags & XBF_READ)) 382 gfp_mask |= __GFP_ZERO; 383 384 /* 385 * Bulk filling of pages can take multiple calls. Not filling the entire 386 * array is not an allocation failure, so don't back off if we get at 387 * least one extra page. 388 */ 389 for (;;) { 390 long last = filled; 391 392 filled = alloc_pages_bulk_array(gfp_mask, bp->b_page_count, 393 bp->b_pages); 394 if (filled == bp->b_page_count) { 395 XFS_STATS_INC(bp->b_mount, xb_page_found); 396 break; 397 } 398 399 if (filled != last) 400 continue; 401 402 if (flags & XBF_READ_AHEAD) { 403 xfs_buf_free_pages(bp); 404 return -ENOMEM; 405 } 406 407 XFS_STATS_INC(bp->b_mount, xb_page_retries); 408 memalloc_retry_wait(gfp_mask); 409 } 410 return 0; 411 } 412 413 /* 414 * Map buffer into kernel address-space if necessary. 415 */ 416 STATIC int 417 _xfs_buf_map_pages( 418 struct xfs_buf *bp, 419 xfs_buf_flags_t flags) 420 { 421 ASSERT(bp->b_flags & _XBF_PAGES); 422 if (bp->b_page_count == 1) { 423 /* A single page buffer is always mappable */ 424 bp->b_addr = page_address(bp->b_pages[0]); 425 } else if (flags & XBF_UNMAPPED) { 426 bp->b_addr = NULL; 427 } else { 428 int retried = 0; 429 unsigned nofs_flag; 430 431 /* 432 * vm_map_ram() will allocate auxiliary structures (e.g. 433 * pagetables) with GFP_KERNEL, yet we are likely to be under 434 * GFP_NOFS context here. Hence we need to tell memory reclaim 435 * that we are in such a context via PF_MEMALLOC_NOFS to prevent 436 * memory reclaim re-entering the filesystem here and 437 * potentially deadlocking. 438 */ 439 nofs_flag = memalloc_nofs_save(); 440 do { 441 bp->b_addr = vm_map_ram(bp->b_pages, bp->b_page_count, 442 -1); 443 if (bp->b_addr) 444 break; 445 vm_unmap_aliases(); 446 } while (retried++ <= 1); 447 memalloc_nofs_restore(nofs_flag); 448 449 if (!bp->b_addr) 450 return -ENOMEM; 451 } 452 453 return 0; 454 } 455 456 /* 457 * Finding and Reading Buffers 458 */ 459 static int 460 _xfs_buf_obj_cmp( 461 struct rhashtable_compare_arg *arg, 462 const void *obj) 463 { 464 const struct xfs_buf_map *map = arg->key; 465 const struct xfs_buf *bp = obj; 466 467 /* 468 * The key hashing in the lookup path depends on the key being the 469 * first element of the compare_arg, make sure to assert this. 470 */ 471 BUILD_BUG_ON(offsetof(struct xfs_buf_map, bm_bn) != 0); 472 473 if (bp->b_rhash_key != map->bm_bn) 474 return 1; 475 476 if (unlikely(bp->b_length != map->bm_len)) { 477 /* 478 * found a block number match. If the range doesn't 479 * match, the only way this is allowed is if the buffer 480 * in the cache is stale and the transaction that made 481 * it stale has not yet committed. i.e. we are 482 * reallocating a busy extent. Skip this buffer and 483 * continue searching for an exact match. 484 */ 485 ASSERT(bp->b_flags & XBF_STALE); 486 return 1; 487 } 488 return 0; 489 } 490 491 static const struct rhashtable_params xfs_buf_hash_params = { 492 .min_size = 32, /* empty AGs have minimal footprint */ 493 .nelem_hint = 16, 494 .key_len = sizeof(xfs_daddr_t), 495 .key_offset = offsetof(struct xfs_buf, b_rhash_key), 496 .head_offset = offsetof(struct xfs_buf, b_rhash_head), 497 .automatic_shrinking = true, 498 .obj_cmpfn = _xfs_buf_obj_cmp, 499 }; 500 501 int 502 xfs_buf_hash_init( 503 struct xfs_perag *pag) 504 { 505 spin_lock_init(&pag->pag_buf_lock); 506 return rhashtable_init(&pag->pag_buf_hash, &xfs_buf_hash_params); 507 } 508 509 void 510 xfs_buf_hash_destroy( 511 struct xfs_perag *pag) 512 { 513 rhashtable_destroy(&pag->pag_buf_hash); 514 } 515 516 static int 517 xfs_buf_map_verify( 518 struct xfs_buftarg *btp, 519 struct xfs_buf_map *map) 520 { 521 xfs_daddr_t eofs; 522 523 /* Check for IOs smaller than the sector size / not sector aligned */ 524 ASSERT(!(BBTOB(map->bm_len) < btp->bt_meta_sectorsize)); 525 ASSERT(!(BBTOB(map->bm_bn) & (xfs_off_t)btp->bt_meta_sectormask)); 526 527 /* 528 * Corrupted block numbers can get through to here, unfortunately, so we 529 * have to check that the buffer falls within the filesystem bounds. 530 */ 531 eofs = XFS_FSB_TO_BB(btp->bt_mount, btp->bt_mount->m_sb.sb_dblocks); 532 if (map->bm_bn < 0 || map->bm_bn >= eofs) { 533 xfs_alert(btp->bt_mount, 534 "%s: daddr 0x%llx out of range, EOFS 0x%llx", 535 __func__, map->bm_bn, eofs); 536 WARN_ON(1); 537 return -EFSCORRUPTED; 538 } 539 return 0; 540 } 541 542 static int 543 xfs_buf_find_lock( 544 struct xfs_buf *bp, 545 xfs_buf_flags_t flags) 546 { 547 if (flags & XBF_TRYLOCK) { 548 if (!xfs_buf_trylock(bp)) { 549 XFS_STATS_INC(bp->b_mount, xb_busy_locked); 550 return -EAGAIN; 551 } 552 } else { 553 xfs_buf_lock(bp); 554 XFS_STATS_INC(bp->b_mount, xb_get_locked_waited); 555 } 556 557 /* 558 * if the buffer is stale, clear all the external state associated with 559 * it. We need to keep flags such as how we allocated the buffer memory 560 * intact here. 561 */ 562 if (bp->b_flags & XBF_STALE) { 563 ASSERT((bp->b_flags & _XBF_DELWRI_Q) == 0); 564 bp->b_flags &= _XBF_KMEM | _XBF_PAGES; 565 bp->b_ops = NULL; 566 } 567 return 0; 568 } 569 570 static inline int 571 xfs_buf_lookup( 572 struct xfs_perag *pag, 573 struct xfs_buf_map *map, 574 xfs_buf_flags_t flags, 575 struct xfs_buf **bpp) 576 { 577 struct xfs_buf *bp; 578 int error; 579 580 rcu_read_lock(); 581 bp = rhashtable_lookup(&pag->pag_buf_hash, map, xfs_buf_hash_params); 582 if (!bp || !atomic_inc_not_zero(&bp->b_hold)) { 583 rcu_read_unlock(); 584 return -ENOENT; 585 } 586 rcu_read_unlock(); 587 588 error = xfs_buf_find_lock(bp, flags); 589 if (error) { 590 xfs_buf_rele(bp); 591 return error; 592 } 593 594 trace_xfs_buf_find(bp, flags, _RET_IP_); 595 *bpp = bp; 596 return 0; 597 } 598 599 /* 600 * Insert the new_bp into the hash table. This consumes the perag reference 601 * taken for the lookup regardless of the result of the insert. 602 */ 603 static int 604 xfs_buf_find_insert( 605 struct xfs_buftarg *btp, 606 struct xfs_perag *pag, 607 struct xfs_buf_map *cmap, 608 struct xfs_buf_map *map, 609 int nmaps, 610 xfs_buf_flags_t flags, 611 struct xfs_buf **bpp) 612 { 613 struct xfs_buf *new_bp; 614 struct xfs_buf *bp; 615 int error; 616 617 error = _xfs_buf_alloc(btp, map, nmaps, flags, &new_bp); 618 if (error) 619 goto out_drop_pag; 620 621 /* 622 * For buffers that fit entirely within a single page, first attempt to 623 * allocate the memory from the heap to minimise memory usage. If we 624 * can't get heap memory for these small buffers, we fall back to using 625 * the page allocator. 626 */ 627 if (BBTOB(new_bp->b_length) >= PAGE_SIZE || 628 xfs_buf_alloc_kmem(new_bp, flags) < 0) { 629 error = xfs_buf_alloc_pages(new_bp, flags); 630 if (error) 631 goto out_free_buf; 632 } 633 634 spin_lock(&pag->pag_buf_lock); 635 bp = rhashtable_lookup_get_insert_fast(&pag->pag_buf_hash, 636 &new_bp->b_rhash_head, xfs_buf_hash_params); 637 if (IS_ERR(bp)) { 638 error = PTR_ERR(bp); 639 spin_unlock(&pag->pag_buf_lock); 640 goto out_free_buf; 641 } 642 if (bp) { 643 /* found an existing buffer */ 644 atomic_inc(&bp->b_hold); 645 spin_unlock(&pag->pag_buf_lock); 646 error = xfs_buf_find_lock(bp, flags); 647 if (error) 648 xfs_buf_rele(bp); 649 else 650 *bpp = bp; 651 goto out_free_buf; 652 } 653 654 /* The new buffer keeps the perag reference until it is freed. */ 655 new_bp->b_pag = pag; 656 spin_unlock(&pag->pag_buf_lock); 657 *bpp = new_bp; 658 return 0; 659 660 out_free_buf: 661 xfs_buf_free(new_bp); 662 out_drop_pag: 663 xfs_perag_put(pag); 664 return error; 665 } 666 667 /* 668 * Assembles a buffer covering the specified range. The code is optimised for 669 * cache hits, as metadata intensive workloads will see 3 orders of magnitude 670 * more hits than misses. 671 */ 672 int 673 xfs_buf_get_map( 674 struct xfs_buftarg *btp, 675 struct xfs_buf_map *map, 676 int nmaps, 677 xfs_buf_flags_t flags, 678 struct xfs_buf **bpp) 679 { 680 struct xfs_perag *pag; 681 struct xfs_buf *bp = NULL; 682 struct xfs_buf_map cmap = { .bm_bn = map[0].bm_bn }; 683 int error; 684 int i; 685 686 for (i = 0; i < nmaps; i++) 687 cmap.bm_len += map[i].bm_len; 688 689 error = xfs_buf_map_verify(btp, &cmap); 690 if (error) 691 return error; 692 693 pag = xfs_perag_get(btp->bt_mount, 694 xfs_daddr_to_agno(btp->bt_mount, cmap.bm_bn)); 695 696 error = xfs_buf_lookup(pag, &cmap, flags, &bp); 697 if (error && error != -ENOENT) 698 goto out_put_perag; 699 700 /* cache hits always outnumber misses by at least 10:1 */ 701 if (unlikely(!bp)) { 702 XFS_STATS_INC(btp->bt_mount, xb_miss_locked); 703 704 if (flags & XBF_INCORE) 705 goto out_put_perag; 706 707 /* xfs_buf_find_insert() consumes the perag reference. */ 708 error = xfs_buf_find_insert(btp, pag, &cmap, map, nmaps, 709 flags, &bp); 710 if (error) 711 return error; 712 } else { 713 XFS_STATS_INC(btp->bt_mount, xb_get_locked); 714 xfs_perag_put(pag); 715 } 716 717 /* We do not hold a perag reference anymore. */ 718 if (!bp->b_addr) { 719 error = _xfs_buf_map_pages(bp, flags); 720 if (unlikely(error)) { 721 xfs_warn_ratelimited(btp->bt_mount, 722 "%s: failed to map %u pages", __func__, 723 bp->b_page_count); 724 xfs_buf_relse(bp); 725 return error; 726 } 727 } 728 729 /* 730 * Clear b_error if this is a lookup from a caller that doesn't expect 731 * valid data to be found in the buffer. 732 */ 733 if (!(flags & XBF_READ)) 734 xfs_buf_ioerror(bp, 0); 735 736 XFS_STATS_INC(btp->bt_mount, xb_get); 737 trace_xfs_buf_get(bp, flags, _RET_IP_); 738 *bpp = bp; 739 return 0; 740 741 out_put_perag: 742 xfs_perag_put(pag); 743 return error; 744 } 745 746 int 747 _xfs_buf_read( 748 struct xfs_buf *bp, 749 xfs_buf_flags_t flags) 750 { 751 ASSERT(!(flags & XBF_WRITE)); 752 ASSERT(bp->b_maps[0].bm_bn != XFS_BUF_DADDR_NULL); 753 754 bp->b_flags &= ~(XBF_WRITE | XBF_ASYNC | XBF_READ_AHEAD | XBF_DONE); 755 bp->b_flags |= flags & (XBF_READ | XBF_ASYNC | XBF_READ_AHEAD); 756 757 return xfs_buf_submit(bp); 758 } 759 760 /* 761 * Reverify a buffer found in cache without an attached ->b_ops. 762 * 763 * If the caller passed an ops structure and the buffer doesn't have ops 764 * assigned, set the ops and use it to verify the contents. If verification 765 * fails, clear XBF_DONE. We assume the buffer has no recorded errors and is 766 * already in XBF_DONE state on entry. 767 * 768 * Under normal operations, every in-core buffer is verified on read I/O 769 * completion. There are two scenarios that can lead to in-core buffers without 770 * an assigned ->b_ops. The first is during log recovery of buffers on a V4 771 * filesystem, though these buffers are purged at the end of recovery. The 772 * other is online repair, which intentionally reads with a NULL buffer ops to 773 * run several verifiers across an in-core buffer in order to establish buffer 774 * type. If repair can't establish that, the buffer will be left in memory 775 * with NULL buffer ops. 776 */ 777 int 778 xfs_buf_reverify( 779 struct xfs_buf *bp, 780 const struct xfs_buf_ops *ops) 781 { 782 ASSERT(bp->b_flags & XBF_DONE); 783 ASSERT(bp->b_error == 0); 784 785 if (!ops || bp->b_ops) 786 return 0; 787 788 bp->b_ops = ops; 789 bp->b_ops->verify_read(bp); 790 if (bp->b_error) 791 bp->b_flags &= ~XBF_DONE; 792 return bp->b_error; 793 } 794 795 int 796 xfs_buf_read_map( 797 struct xfs_buftarg *target, 798 struct xfs_buf_map *map, 799 int nmaps, 800 xfs_buf_flags_t flags, 801 struct xfs_buf **bpp, 802 const struct xfs_buf_ops *ops, 803 xfs_failaddr_t fa) 804 { 805 struct xfs_buf *bp; 806 int error; 807 808 flags |= XBF_READ; 809 *bpp = NULL; 810 811 error = xfs_buf_get_map(target, map, nmaps, flags, &bp); 812 if (error) 813 return error; 814 815 trace_xfs_buf_read(bp, flags, _RET_IP_); 816 817 if (!(bp->b_flags & XBF_DONE)) { 818 /* Initiate the buffer read and wait. */ 819 XFS_STATS_INC(target->bt_mount, xb_get_read); 820 bp->b_ops = ops; 821 error = _xfs_buf_read(bp, flags); 822 823 /* Readahead iodone already dropped the buffer, so exit. */ 824 if (flags & XBF_ASYNC) 825 return 0; 826 } else { 827 /* Buffer already read; all we need to do is check it. */ 828 error = xfs_buf_reverify(bp, ops); 829 830 /* Readahead already finished; drop the buffer and exit. */ 831 if (flags & XBF_ASYNC) { 832 xfs_buf_relse(bp); 833 return 0; 834 } 835 836 /* We do not want read in the flags */ 837 bp->b_flags &= ~XBF_READ; 838 ASSERT(bp->b_ops != NULL || ops == NULL); 839 } 840 841 /* 842 * If we've had a read error, then the contents of the buffer are 843 * invalid and should not be used. To ensure that a followup read tries 844 * to pull the buffer from disk again, we clear the XBF_DONE flag and 845 * mark the buffer stale. This ensures that anyone who has a current 846 * reference to the buffer will interpret it's contents correctly and 847 * future cache lookups will also treat it as an empty, uninitialised 848 * buffer. 849 */ 850 if (error) { 851 /* 852 * Check against log shutdown for error reporting because 853 * metadata writeback may require a read first and we need to 854 * report errors in metadata writeback until the log is shut 855 * down. High level transaction read functions already check 856 * against mount shutdown, anyway, so we only need to be 857 * concerned about low level IO interactions here. 858 */ 859 if (!xlog_is_shutdown(target->bt_mount->m_log)) 860 xfs_buf_ioerror_alert(bp, fa); 861 862 bp->b_flags &= ~XBF_DONE; 863 xfs_buf_stale(bp); 864 xfs_buf_relse(bp); 865 866 /* bad CRC means corrupted metadata */ 867 if (error == -EFSBADCRC) 868 error = -EFSCORRUPTED; 869 return error; 870 } 871 872 *bpp = bp; 873 return 0; 874 } 875 876 /* 877 * If we are not low on memory then do the readahead in a deadlock 878 * safe manner. 879 */ 880 void 881 xfs_buf_readahead_map( 882 struct xfs_buftarg *target, 883 struct xfs_buf_map *map, 884 int nmaps, 885 const struct xfs_buf_ops *ops) 886 { 887 struct xfs_buf *bp; 888 889 xfs_buf_read_map(target, map, nmaps, 890 XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD, &bp, ops, 891 __this_address); 892 } 893 894 /* 895 * Read an uncached buffer from disk. Allocates and returns a locked 896 * buffer containing the disk contents or nothing. Uncached buffers always have 897 * a cache index of XFS_BUF_DADDR_NULL so we can easily determine if the buffer 898 * is cached or uncached during fault diagnosis. 899 */ 900 int 901 xfs_buf_read_uncached( 902 struct xfs_buftarg *target, 903 xfs_daddr_t daddr, 904 size_t numblks, 905 xfs_buf_flags_t flags, 906 struct xfs_buf **bpp, 907 const struct xfs_buf_ops *ops) 908 { 909 struct xfs_buf *bp; 910 int error; 911 912 *bpp = NULL; 913 914 error = xfs_buf_get_uncached(target, numblks, flags, &bp); 915 if (error) 916 return error; 917 918 /* set up the buffer for a read IO */ 919 ASSERT(bp->b_map_count == 1); 920 bp->b_rhash_key = XFS_BUF_DADDR_NULL; 921 bp->b_maps[0].bm_bn = daddr; 922 bp->b_flags |= XBF_READ; 923 bp->b_ops = ops; 924 925 xfs_buf_submit(bp); 926 if (bp->b_error) { 927 error = bp->b_error; 928 xfs_buf_relse(bp); 929 return error; 930 } 931 932 *bpp = bp; 933 return 0; 934 } 935 936 int 937 xfs_buf_get_uncached( 938 struct xfs_buftarg *target, 939 size_t numblks, 940 xfs_buf_flags_t flags, 941 struct xfs_buf **bpp) 942 { 943 int error; 944 struct xfs_buf *bp; 945 DEFINE_SINGLE_BUF_MAP(map, XFS_BUF_DADDR_NULL, numblks); 946 947 *bpp = NULL; 948 949 /* flags might contain irrelevant bits, pass only what we care about */ 950 error = _xfs_buf_alloc(target, &map, 1, flags & XBF_NO_IOACCT, &bp); 951 if (error) 952 return error; 953 954 error = xfs_buf_alloc_pages(bp, flags); 955 if (error) 956 goto fail_free_buf; 957 958 error = _xfs_buf_map_pages(bp, 0); 959 if (unlikely(error)) { 960 xfs_warn(target->bt_mount, 961 "%s: failed to map pages", __func__); 962 goto fail_free_buf; 963 } 964 965 trace_xfs_buf_get_uncached(bp, _RET_IP_); 966 *bpp = bp; 967 return 0; 968 969 fail_free_buf: 970 xfs_buf_free(bp); 971 return error; 972 } 973 974 /* 975 * Increment reference count on buffer, to hold the buffer concurrently 976 * with another thread which may release (free) the buffer asynchronously. 977 * Must hold the buffer already to call this function. 978 */ 979 void 980 xfs_buf_hold( 981 struct xfs_buf *bp) 982 { 983 trace_xfs_buf_hold(bp, _RET_IP_); 984 atomic_inc(&bp->b_hold); 985 } 986 987 /* 988 * Release a hold on the specified buffer. If the hold count is 1, the buffer is 989 * placed on LRU or freed (depending on b_lru_ref). 990 */ 991 void 992 xfs_buf_rele( 993 struct xfs_buf *bp) 994 { 995 struct xfs_perag *pag = bp->b_pag; 996 bool release; 997 bool freebuf = false; 998 999 trace_xfs_buf_rele(bp, _RET_IP_); 1000 1001 if (!pag) { 1002 ASSERT(list_empty(&bp->b_lru)); 1003 if (atomic_dec_and_test(&bp->b_hold)) { 1004 xfs_buf_ioacct_dec(bp); 1005 xfs_buf_free(bp); 1006 } 1007 return; 1008 } 1009 1010 ASSERT(atomic_read(&bp->b_hold) > 0); 1011 1012 /* 1013 * We grab the b_lock here first to serialise racing xfs_buf_rele() 1014 * calls. The pag_buf_lock being taken on the last reference only 1015 * serialises against racing lookups in xfs_buf_find(). IOWs, the second 1016 * to last reference we drop here is not serialised against the last 1017 * reference until we take bp->b_lock. Hence if we don't grab b_lock 1018 * first, the last "release" reference can win the race to the lock and 1019 * free the buffer before the second-to-last reference is processed, 1020 * leading to a use-after-free scenario. 1021 */ 1022 spin_lock(&bp->b_lock); 1023 release = atomic_dec_and_lock(&bp->b_hold, &pag->pag_buf_lock); 1024 if (!release) { 1025 /* 1026 * Drop the in-flight state if the buffer is already on the LRU 1027 * and it holds the only reference. This is racy because we 1028 * haven't acquired the pag lock, but the use of _XBF_IN_FLIGHT 1029 * ensures the decrement occurs only once per-buf. 1030 */ 1031 if ((atomic_read(&bp->b_hold) == 1) && !list_empty(&bp->b_lru)) 1032 __xfs_buf_ioacct_dec(bp); 1033 goto out_unlock; 1034 } 1035 1036 /* the last reference has been dropped ... */ 1037 __xfs_buf_ioacct_dec(bp); 1038 if (!(bp->b_flags & XBF_STALE) && atomic_read(&bp->b_lru_ref)) { 1039 /* 1040 * If the buffer is added to the LRU take a new reference to the 1041 * buffer for the LRU and clear the (now stale) dispose list 1042 * state flag 1043 */ 1044 if (list_lru_add(&bp->b_target->bt_lru, &bp->b_lru)) { 1045 bp->b_state &= ~XFS_BSTATE_DISPOSE; 1046 atomic_inc(&bp->b_hold); 1047 } 1048 spin_unlock(&pag->pag_buf_lock); 1049 } else { 1050 /* 1051 * most of the time buffers will already be removed from the 1052 * LRU, so optimise that case by checking for the 1053 * XFS_BSTATE_DISPOSE flag indicating the last list the buffer 1054 * was on was the disposal list 1055 */ 1056 if (!(bp->b_state & XFS_BSTATE_DISPOSE)) { 1057 list_lru_del(&bp->b_target->bt_lru, &bp->b_lru); 1058 } else { 1059 ASSERT(list_empty(&bp->b_lru)); 1060 } 1061 1062 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1063 rhashtable_remove_fast(&pag->pag_buf_hash, &bp->b_rhash_head, 1064 xfs_buf_hash_params); 1065 spin_unlock(&pag->pag_buf_lock); 1066 xfs_perag_put(pag); 1067 freebuf = true; 1068 } 1069 1070 out_unlock: 1071 spin_unlock(&bp->b_lock); 1072 1073 if (freebuf) 1074 xfs_buf_free(bp); 1075 } 1076 1077 1078 /* 1079 * Lock a buffer object, if it is not already locked. 1080 * 1081 * If we come across a stale, pinned, locked buffer, we know that we are 1082 * being asked to lock a buffer that has been reallocated. Because it is 1083 * pinned, we know that the log has not been pushed to disk and hence it 1084 * will still be locked. Rather than continuing to have trylock attempts 1085 * fail until someone else pushes the log, push it ourselves before 1086 * returning. This means that the xfsaild will not get stuck trying 1087 * to push on stale inode buffers. 1088 */ 1089 int 1090 xfs_buf_trylock( 1091 struct xfs_buf *bp) 1092 { 1093 int locked; 1094 1095 locked = down_trylock(&bp->b_sema) == 0; 1096 if (locked) 1097 trace_xfs_buf_trylock(bp, _RET_IP_); 1098 else 1099 trace_xfs_buf_trylock_fail(bp, _RET_IP_); 1100 return locked; 1101 } 1102 1103 /* 1104 * Lock a buffer object. 1105 * 1106 * If we come across a stale, pinned, locked buffer, we know that we 1107 * are being asked to lock a buffer that has been reallocated. Because 1108 * it is pinned, we know that the log has not been pushed to disk and 1109 * hence it will still be locked. Rather than sleeping until someone 1110 * else pushes the log, push it ourselves before trying to get the lock. 1111 */ 1112 void 1113 xfs_buf_lock( 1114 struct xfs_buf *bp) 1115 { 1116 trace_xfs_buf_lock(bp, _RET_IP_); 1117 1118 if (atomic_read(&bp->b_pin_count) && (bp->b_flags & XBF_STALE)) 1119 xfs_log_force(bp->b_mount, 0); 1120 down(&bp->b_sema); 1121 1122 trace_xfs_buf_lock_done(bp, _RET_IP_); 1123 } 1124 1125 void 1126 xfs_buf_unlock( 1127 struct xfs_buf *bp) 1128 { 1129 ASSERT(xfs_buf_islocked(bp)); 1130 1131 up(&bp->b_sema); 1132 trace_xfs_buf_unlock(bp, _RET_IP_); 1133 } 1134 1135 STATIC void 1136 xfs_buf_wait_unpin( 1137 struct xfs_buf *bp) 1138 { 1139 DECLARE_WAITQUEUE (wait, current); 1140 1141 if (atomic_read(&bp->b_pin_count) == 0) 1142 return; 1143 1144 add_wait_queue(&bp->b_waiters, &wait); 1145 for (;;) { 1146 set_current_state(TASK_UNINTERRUPTIBLE); 1147 if (atomic_read(&bp->b_pin_count) == 0) 1148 break; 1149 io_schedule(); 1150 } 1151 remove_wait_queue(&bp->b_waiters, &wait); 1152 set_current_state(TASK_RUNNING); 1153 } 1154 1155 static void 1156 xfs_buf_ioerror_alert_ratelimited( 1157 struct xfs_buf *bp) 1158 { 1159 static unsigned long lasttime; 1160 static struct xfs_buftarg *lasttarg; 1161 1162 if (bp->b_target != lasttarg || 1163 time_after(jiffies, (lasttime + 5*HZ))) { 1164 lasttime = jiffies; 1165 xfs_buf_ioerror_alert(bp, __this_address); 1166 } 1167 lasttarg = bp->b_target; 1168 } 1169 1170 /* 1171 * Account for this latest trip around the retry handler, and decide if 1172 * we've failed enough times to constitute a permanent failure. 1173 */ 1174 static bool 1175 xfs_buf_ioerror_permanent( 1176 struct xfs_buf *bp, 1177 struct xfs_error_cfg *cfg) 1178 { 1179 struct xfs_mount *mp = bp->b_mount; 1180 1181 if (cfg->max_retries != XFS_ERR_RETRY_FOREVER && 1182 ++bp->b_retries > cfg->max_retries) 1183 return true; 1184 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1185 time_after(jiffies, cfg->retry_timeout + bp->b_first_retry_time)) 1186 return true; 1187 1188 /* At unmount we may treat errors differently */ 1189 if (xfs_is_unmounting(mp) && mp->m_fail_unmount) 1190 return true; 1191 1192 return false; 1193 } 1194 1195 /* 1196 * On a sync write or shutdown we just want to stale the buffer and let the 1197 * caller handle the error in bp->b_error appropriately. 1198 * 1199 * If the write was asynchronous then no one will be looking for the error. If 1200 * this is the first failure of this type, clear the error state and write the 1201 * buffer out again. This means we always retry an async write failure at least 1202 * once, but we also need to set the buffer up to behave correctly now for 1203 * repeated failures. 1204 * 1205 * If we get repeated async write failures, then we take action according to the 1206 * error configuration we have been set up to use. 1207 * 1208 * Returns true if this function took care of error handling and the caller must 1209 * not touch the buffer again. Return false if the caller should proceed with 1210 * normal I/O completion handling. 1211 */ 1212 static bool 1213 xfs_buf_ioend_handle_error( 1214 struct xfs_buf *bp) 1215 { 1216 struct xfs_mount *mp = bp->b_mount; 1217 struct xfs_error_cfg *cfg; 1218 1219 /* 1220 * If we've already shutdown the journal because of I/O errors, there's 1221 * no point in giving this a retry. 1222 */ 1223 if (xlog_is_shutdown(mp->m_log)) 1224 goto out_stale; 1225 1226 xfs_buf_ioerror_alert_ratelimited(bp); 1227 1228 /* 1229 * We're not going to bother about retrying this during recovery. 1230 * One strike! 1231 */ 1232 if (bp->b_flags & _XBF_LOGRECOVERY) { 1233 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1234 return false; 1235 } 1236 1237 /* 1238 * Synchronous writes will have callers process the error. 1239 */ 1240 if (!(bp->b_flags & XBF_ASYNC)) 1241 goto out_stale; 1242 1243 trace_xfs_buf_iodone_async(bp, _RET_IP_); 1244 1245 cfg = xfs_error_get_cfg(mp, XFS_ERR_METADATA, bp->b_error); 1246 if (bp->b_last_error != bp->b_error || 1247 !(bp->b_flags & (XBF_STALE | XBF_WRITE_FAIL))) { 1248 bp->b_last_error = bp->b_error; 1249 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1250 !bp->b_first_retry_time) 1251 bp->b_first_retry_time = jiffies; 1252 goto resubmit; 1253 } 1254 1255 /* 1256 * Permanent error - we need to trigger a shutdown if we haven't already 1257 * to indicate that inconsistency will result from this action. 1258 */ 1259 if (xfs_buf_ioerror_permanent(bp, cfg)) { 1260 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1261 goto out_stale; 1262 } 1263 1264 /* Still considered a transient error. Caller will schedule retries. */ 1265 if (bp->b_flags & _XBF_INODES) 1266 xfs_buf_inode_io_fail(bp); 1267 else if (bp->b_flags & _XBF_DQUOTS) 1268 xfs_buf_dquot_io_fail(bp); 1269 else 1270 ASSERT(list_empty(&bp->b_li_list)); 1271 xfs_buf_ioerror(bp, 0); 1272 xfs_buf_relse(bp); 1273 return true; 1274 1275 resubmit: 1276 xfs_buf_ioerror(bp, 0); 1277 bp->b_flags |= (XBF_DONE | XBF_WRITE_FAIL); 1278 xfs_buf_submit(bp); 1279 return true; 1280 out_stale: 1281 xfs_buf_stale(bp); 1282 bp->b_flags |= XBF_DONE; 1283 bp->b_flags &= ~XBF_WRITE; 1284 trace_xfs_buf_error_relse(bp, _RET_IP_); 1285 return false; 1286 } 1287 1288 static void 1289 xfs_buf_ioend( 1290 struct xfs_buf *bp) 1291 { 1292 trace_xfs_buf_iodone(bp, _RET_IP_); 1293 1294 /* 1295 * Pull in IO completion errors now. We are guaranteed to be running 1296 * single threaded, so we don't need the lock to read b_io_error. 1297 */ 1298 if (!bp->b_error && bp->b_io_error) 1299 xfs_buf_ioerror(bp, bp->b_io_error); 1300 1301 if (bp->b_flags & XBF_READ) { 1302 if (!bp->b_error && bp->b_ops) 1303 bp->b_ops->verify_read(bp); 1304 if (!bp->b_error) 1305 bp->b_flags |= XBF_DONE; 1306 } else { 1307 if (!bp->b_error) { 1308 bp->b_flags &= ~XBF_WRITE_FAIL; 1309 bp->b_flags |= XBF_DONE; 1310 } 1311 1312 if (unlikely(bp->b_error) && xfs_buf_ioend_handle_error(bp)) 1313 return; 1314 1315 /* clear the retry state */ 1316 bp->b_last_error = 0; 1317 bp->b_retries = 0; 1318 bp->b_first_retry_time = 0; 1319 1320 /* 1321 * Note that for things like remote attribute buffers, there may 1322 * not be a buffer log item here, so processing the buffer log 1323 * item must remain optional. 1324 */ 1325 if (bp->b_log_item) 1326 xfs_buf_item_done(bp); 1327 1328 if (bp->b_flags & _XBF_INODES) 1329 xfs_buf_inode_iodone(bp); 1330 else if (bp->b_flags & _XBF_DQUOTS) 1331 xfs_buf_dquot_iodone(bp); 1332 1333 } 1334 1335 bp->b_flags &= ~(XBF_READ | XBF_WRITE | XBF_READ_AHEAD | 1336 _XBF_LOGRECOVERY); 1337 1338 if (bp->b_flags & XBF_ASYNC) 1339 xfs_buf_relse(bp); 1340 else 1341 complete(&bp->b_iowait); 1342 } 1343 1344 static void 1345 xfs_buf_ioend_work( 1346 struct work_struct *work) 1347 { 1348 struct xfs_buf *bp = 1349 container_of(work, struct xfs_buf, b_ioend_work); 1350 1351 xfs_buf_ioend(bp); 1352 } 1353 1354 static void 1355 xfs_buf_ioend_async( 1356 struct xfs_buf *bp) 1357 { 1358 INIT_WORK(&bp->b_ioend_work, xfs_buf_ioend_work); 1359 queue_work(bp->b_mount->m_buf_workqueue, &bp->b_ioend_work); 1360 } 1361 1362 void 1363 __xfs_buf_ioerror( 1364 struct xfs_buf *bp, 1365 int error, 1366 xfs_failaddr_t failaddr) 1367 { 1368 ASSERT(error <= 0 && error >= -1000); 1369 bp->b_error = error; 1370 trace_xfs_buf_ioerror(bp, error, failaddr); 1371 } 1372 1373 void 1374 xfs_buf_ioerror_alert( 1375 struct xfs_buf *bp, 1376 xfs_failaddr_t func) 1377 { 1378 xfs_buf_alert_ratelimited(bp, "XFS: metadata IO error", 1379 "metadata I/O error in \"%pS\" at daddr 0x%llx len %d error %d", 1380 func, (uint64_t)xfs_buf_daddr(bp), 1381 bp->b_length, -bp->b_error); 1382 } 1383 1384 /* 1385 * To simulate an I/O failure, the buffer must be locked and held with at least 1386 * three references. The LRU reference is dropped by the stale call. The buf 1387 * item reference is dropped via ioend processing. The third reference is owned 1388 * by the caller and is dropped on I/O completion if the buffer is XBF_ASYNC. 1389 */ 1390 void 1391 xfs_buf_ioend_fail( 1392 struct xfs_buf *bp) 1393 { 1394 bp->b_flags &= ~XBF_DONE; 1395 xfs_buf_stale(bp); 1396 xfs_buf_ioerror(bp, -EIO); 1397 xfs_buf_ioend(bp); 1398 } 1399 1400 int 1401 xfs_bwrite( 1402 struct xfs_buf *bp) 1403 { 1404 int error; 1405 1406 ASSERT(xfs_buf_islocked(bp)); 1407 1408 bp->b_flags |= XBF_WRITE; 1409 bp->b_flags &= ~(XBF_ASYNC | XBF_READ | _XBF_DELWRI_Q | 1410 XBF_DONE); 1411 1412 error = xfs_buf_submit(bp); 1413 if (error) 1414 xfs_force_shutdown(bp->b_mount, SHUTDOWN_META_IO_ERROR); 1415 return error; 1416 } 1417 1418 static void 1419 xfs_buf_bio_end_io( 1420 struct bio *bio) 1421 { 1422 struct xfs_buf *bp = (struct xfs_buf *)bio->bi_private; 1423 1424 if (!bio->bi_status && 1425 (bp->b_flags & XBF_WRITE) && (bp->b_flags & XBF_ASYNC) && 1426 XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_IOERROR)) 1427 bio->bi_status = BLK_STS_IOERR; 1428 1429 /* 1430 * don't overwrite existing errors - otherwise we can lose errors on 1431 * buffers that require multiple bios to complete. 1432 */ 1433 if (bio->bi_status) { 1434 int error = blk_status_to_errno(bio->bi_status); 1435 1436 cmpxchg(&bp->b_io_error, 0, error); 1437 } 1438 1439 if (!bp->b_error && xfs_buf_is_vmapped(bp) && (bp->b_flags & XBF_READ)) 1440 invalidate_kernel_vmap_range(bp->b_addr, xfs_buf_vmap_len(bp)); 1441 1442 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) 1443 xfs_buf_ioend_async(bp); 1444 bio_put(bio); 1445 } 1446 1447 static void 1448 xfs_buf_ioapply_map( 1449 struct xfs_buf *bp, 1450 int map, 1451 int *buf_offset, 1452 int *count, 1453 blk_opf_t op) 1454 { 1455 int page_index; 1456 unsigned int total_nr_pages = bp->b_page_count; 1457 int nr_pages; 1458 struct bio *bio; 1459 sector_t sector = bp->b_maps[map].bm_bn; 1460 int size; 1461 int offset; 1462 1463 /* skip the pages in the buffer before the start offset */ 1464 page_index = 0; 1465 offset = *buf_offset; 1466 while (offset >= PAGE_SIZE) { 1467 page_index++; 1468 offset -= PAGE_SIZE; 1469 } 1470 1471 /* 1472 * Limit the IO size to the length of the current vector, and update the 1473 * remaining IO count for the next time around. 1474 */ 1475 size = min_t(int, BBTOB(bp->b_maps[map].bm_len), *count); 1476 *count -= size; 1477 *buf_offset += size; 1478 1479 next_chunk: 1480 atomic_inc(&bp->b_io_remaining); 1481 nr_pages = bio_max_segs(total_nr_pages); 1482 1483 bio = bio_alloc(bp->b_target->bt_bdev, nr_pages, op, GFP_NOIO); 1484 bio->bi_iter.bi_sector = sector; 1485 bio->bi_end_io = xfs_buf_bio_end_io; 1486 bio->bi_private = bp; 1487 1488 for (; size && nr_pages; nr_pages--, page_index++) { 1489 int rbytes, nbytes = PAGE_SIZE - offset; 1490 1491 if (nbytes > size) 1492 nbytes = size; 1493 1494 rbytes = bio_add_page(bio, bp->b_pages[page_index], nbytes, 1495 offset); 1496 if (rbytes < nbytes) 1497 break; 1498 1499 offset = 0; 1500 sector += BTOBB(nbytes); 1501 size -= nbytes; 1502 total_nr_pages--; 1503 } 1504 1505 if (likely(bio->bi_iter.bi_size)) { 1506 if (xfs_buf_is_vmapped(bp)) { 1507 flush_kernel_vmap_range(bp->b_addr, 1508 xfs_buf_vmap_len(bp)); 1509 } 1510 submit_bio(bio); 1511 if (size) 1512 goto next_chunk; 1513 } else { 1514 /* 1515 * This is guaranteed not to be the last io reference count 1516 * because the caller (xfs_buf_submit) holds a count itself. 1517 */ 1518 atomic_dec(&bp->b_io_remaining); 1519 xfs_buf_ioerror(bp, -EIO); 1520 bio_put(bio); 1521 } 1522 1523 } 1524 1525 STATIC void 1526 _xfs_buf_ioapply( 1527 struct xfs_buf *bp) 1528 { 1529 struct blk_plug plug; 1530 blk_opf_t op; 1531 int offset; 1532 int size; 1533 int i; 1534 1535 /* 1536 * Make sure we capture only current IO errors rather than stale errors 1537 * left over from previous use of the buffer (e.g. failed readahead). 1538 */ 1539 bp->b_error = 0; 1540 1541 if (bp->b_flags & XBF_WRITE) { 1542 op = REQ_OP_WRITE; 1543 1544 /* 1545 * Run the write verifier callback function if it exists. If 1546 * this function fails it will mark the buffer with an error and 1547 * the IO should not be dispatched. 1548 */ 1549 if (bp->b_ops) { 1550 bp->b_ops->verify_write(bp); 1551 if (bp->b_error) { 1552 xfs_force_shutdown(bp->b_mount, 1553 SHUTDOWN_CORRUPT_INCORE); 1554 return; 1555 } 1556 } else if (bp->b_rhash_key != XFS_BUF_DADDR_NULL) { 1557 struct xfs_mount *mp = bp->b_mount; 1558 1559 /* 1560 * non-crc filesystems don't attach verifiers during 1561 * log recovery, so don't warn for such filesystems. 1562 */ 1563 if (xfs_has_crc(mp)) { 1564 xfs_warn(mp, 1565 "%s: no buf ops on daddr 0x%llx len %d", 1566 __func__, xfs_buf_daddr(bp), 1567 bp->b_length); 1568 xfs_hex_dump(bp->b_addr, 1569 XFS_CORRUPTION_DUMP_LEN); 1570 dump_stack(); 1571 } 1572 } 1573 } else { 1574 op = REQ_OP_READ; 1575 if (bp->b_flags & XBF_READ_AHEAD) 1576 op |= REQ_RAHEAD; 1577 } 1578 1579 /* we only use the buffer cache for meta-data */ 1580 op |= REQ_META; 1581 1582 /* 1583 * Walk all the vectors issuing IO on them. Set up the initial offset 1584 * into the buffer and the desired IO size before we start - 1585 * _xfs_buf_ioapply_vec() will modify them appropriately for each 1586 * subsequent call. 1587 */ 1588 offset = bp->b_offset; 1589 size = BBTOB(bp->b_length); 1590 blk_start_plug(&plug); 1591 for (i = 0; i < bp->b_map_count; i++) { 1592 xfs_buf_ioapply_map(bp, i, &offset, &size, op); 1593 if (bp->b_error) 1594 break; 1595 if (size <= 0) 1596 break; /* all done */ 1597 } 1598 blk_finish_plug(&plug); 1599 } 1600 1601 /* 1602 * Wait for I/O completion of a sync buffer and return the I/O error code. 1603 */ 1604 static int 1605 xfs_buf_iowait( 1606 struct xfs_buf *bp) 1607 { 1608 ASSERT(!(bp->b_flags & XBF_ASYNC)); 1609 1610 trace_xfs_buf_iowait(bp, _RET_IP_); 1611 wait_for_completion(&bp->b_iowait); 1612 trace_xfs_buf_iowait_done(bp, _RET_IP_); 1613 1614 return bp->b_error; 1615 } 1616 1617 /* 1618 * Buffer I/O submission path, read or write. Asynchronous submission transfers 1619 * the buffer lock ownership and the current reference to the IO. It is not 1620 * safe to reference the buffer after a call to this function unless the caller 1621 * holds an additional reference itself. 1622 */ 1623 static int 1624 __xfs_buf_submit( 1625 struct xfs_buf *bp, 1626 bool wait) 1627 { 1628 int error = 0; 1629 1630 trace_xfs_buf_submit(bp, _RET_IP_); 1631 1632 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1633 1634 /* 1635 * On log shutdown we stale and complete the buffer immediately. We can 1636 * be called to read the superblock before the log has been set up, so 1637 * be careful checking the log state. 1638 * 1639 * Checking the mount shutdown state here can result in the log tail 1640 * moving inappropriately on disk as the log may not yet be shut down. 1641 * i.e. failing this buffer on mount shutdown can remove it from the AIL 1642 * and move the tail of the log forwards without having written this 1643 * buffer to disk. This corrupts the log tail state in memory, and 1644 * because the log may not be shut down yet, it can then be propagated 1645 * to disk before the log is shutdown. Hence we check log shutdown 1646 * state here rather than mount state to avoid corrupting the log tail 1647 * on shutdown. 1648 */ 1649 if (bp->b_mount->m_log && 1650 xlog_is_shutdown(bp->b_mount->m_log)) { 1651 xfs_buf_ioend_fail(bp); 1652 return -EIO; 1653 } 1654 1655 /* 1656 * Grab a reference so the buffer does not go away underneath us. For 1657 * async buffers, I/O completion drops the callers reference, which 1658 * could occur before submission returns. 1659 */ 1660 xfs_buf_hold(bp); 1661 1662 if (bp->b_flags & XBF_WRITE) 1663 xfs_buf_wait_unpin(bp); 1664 1665 /* clear the internal error state to avoid spurious errors */ 1666 bp->b_io_error = 0; 1667 1668 /* 1669 * Set the count to 1 initially, this will stop an I/O completion 1670 * callout which happens before we have started all the I/O from calling 1671 * xfs_buf_ioend too early. 1672 */ 1673 atomic_set(&bp->b_io_remaining, 1); 1674 if (bp->b_flags & XBF_ASYNC) 1675 xfs_buf_ioacct_inc(bp); 1676 _xfs_buf_ioapply(bp); 1677 1678 /* 1679 * If _xfs_buf_ioapply failed, we can get back here with only the IO 1680 * reference we took above. If we drop it to zero, run completion so 1681 * that we don't return to the caller with completion still pending. 1682 */ 1683 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) { 1684 if (bp->b_error || !(bp->b_flags & XBF_ASYNC)) 1685 xfs_buf_ioend(bp); 1686 else 1687 xfs_buf_ioend_async(bp); 1688 } 1689 1690 if (wait) 1691 error = xfs_buf_iowait(bp); 1692 1693 /* 1694 * Release the hold that keeps the buffer referenced for the entire 1695 * I/O. Note that if the buffer is async, it is not safe to reference 1696 * after this release. 1697 */ 1698 xfs_buf_rele(bp); 1699 return error; 1700 } 1701 1702 void * 1703 xfs_buf_offset( 1704 struct xfs_buf *bp, 1705 size_t offset) 1706 { 1707 struct page *page; 1708 1709 if (bp->b_addr) 1710 return bp->b_addr + offset; 1711 1712 page = bp->b_pages[offset >> PAGE_SHIFT]; 1713 return page_address(page) + (offset & (PAGE_SIZE-1)); 1714 } 1715 1716 void 1717 xfs_buf_zero( 1718 struct xfs_buf *bp, 1719 size_t boff, 1720 size_t bsize) 1721 { 1722 size_t bend; 1723 1724 bend = boff + bsize; 1725 while (boff < bend) { 1726 struct page *page; 1727 int page_index, page_offset, csize; 1728 1729 page_index = (boff + bp->b_offset) >> PAGE_SHIFT; 1730 page_offset = (boff + bp->b_offset) & ~PAGE_MASK; 1731 page = bp->b_pages[page_index]; 1732 csize = min_t(size_t, PAGE_SIZE - page_offset, 1733 BBTOB(bp->b_length) - boff); 1734 1735 ASSERT((csize + page_offset) <= PAGE_SIZE); 1736 1737 memset(page_address(page) + page_offset, 0, csize); 1738 1739 boff += csize; 1740 } 1741 } 1742 1743 /* 1744 * Log a message about and stale a buffer that a caller has decided is corrupt. 1745 * 1746 * This function should be called for the kinds of metadata corruption that 1747 * cannot be detect from a verifier, such as incorrect inter-block relationship 1748 * data. Do /not/ call this function from a verifier function. 1749 * 1750 * The buffer must be XBF_DONE prior to the call. Afterwards, the buffer will 1751 * be marked stale, but b_error will not be set. The caller is responsible for 1752 * releasing the buffer or fixing it. 1753 */ 1754 void 1755 __xfs_buf_mark_corrupt( 1756 struct xfs_buf *bp, 1757 xfs_failaddr_t fa) 1758 { 1759 ASSERT(bp->b_flags & XBF_DONE); 1760 1761 xfs_buf_corruption_error(bp, fa); 1762 xfs_buf_stale(bp); 1763 } 1764 1765 /* 1766 * Handling of buffer targets (buftargs). 1767 */ 1768 1769 /* 1770 * Wait for any bufs with callbacks that have been submitted but have not yet 1771 * returned. These buffers will have an elevated hold count, so wait on those 1772 * while freeing all the buffers only held by the LRU. 1773 */ 1774 static enum lru_status 1775 xfs_buftarg_drain_rele( 1776 struct list_head *item, 1777 struct list_lru_one *lru, 1778 spinlock_t *lru_lock, 1779 void *arg) 1780 1781 { 1782 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1783 struct list_head *dispose = arg; 1784 1785 if (atomic_read(&bp->b_hold) > 1) { 1786 /* need to wait, so skip it this pass */ 1787 trace_xfs_buf_drain_buftarg(bp, _RET_IP_); 1788 return LRU_SKIP; 1789 } 1790 if (!spin_trylock(&bp->b_lock)) 1791 return LRU_SKIP; 1792 1793 /* 1794 * clear the LRU reference count so the buffer doesn't get 1795 * ignored in xfs_buf_rele(). 1796 */ 1797 atomic_set(&bp->b_lru_ref, 0); 1798 bp->b_state |= XFS_BSTATE_DISPOSE; 1799 list_lru_isolate_move(lru, item, dispose); 1800 spin_unlock(&bp->b_lock); 1801 return LRU_REMOVED; 1802 } 1803 1804 /* 1805 * Wait for outstanding I/O on the buftarg to complete. 1806 */ 1807 void 1808 xfs_buftarg_wait( 1809 struct xfs_buftarg *btp) 1810 { 1811 /* 1812 * First wait on the buftarg I/O count for all in-flight buffers to be 1813 * released. This is critical as new buffers do not make the LRU until 1814 * they are released. 1815 * 1816 * Next, flush the buffer workqueue to ensure all completion processing 1817 * has finished. Just waiting on buffer locks is not sufficient for 1818 * async IO as the reference count held over IO is not released until 1819 * after the buffer lock is dropped. Hence we need to ensure here that 1820 * all reference counts have been dropped before we start walking the 1821 * LRU list. 1822 */ 1823 while (percpu_counter_sum(&btp->bt_io_count)) 1824 delay(100); 1825 flush_workqueue(btp->bt_mount->m_buf_workqueue); 1826 } 1827 1828 void 1829 xfs_buftarg_drain( 1830 struct xfs_buftarg *btp) 1831 { 1832 LIST_HEAD(dispose); 1833 int loop = 0; 1834 bool write_fail = false; 1835 1836 xfs_buftarg_wait(btp); 1837 1838 /* loop until there is nothing left on the lru list. */ 1839 while (list_lru_count(&btp->bt_lru)) { 1840 list_lru_walk(&btp->bt_lru, xfs_buftarg_drain_rele, 1841 &dispose, LONG_MAX); 1842 1843 while (!list_empty(&dispose)) { 1844 struct xfs_buf *bp; 1845 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1846 list_del_init(&bp->b_lru); 1847 if (bp->b_flags & XBF_WRITE_FAIL) { 1848 write_fail = true; 1849 xfs_buf_alert_ratelimited(bp, 1850 "XFS: Corruption Alert", 1851 "Corruption Alert: Buffer at daddr 0x%llx had permanent write failures!", 1852 (long long)xfs_buf_daddr(bp)); 1853 } 1854 xfs_buf_rele(bp); 1855 } 1856 if (loop++ != 0) 1857 delay(100); 1858 } 1859 1860 /* 1861 * If one or more failed buffers were freed, that means dirty metadata 1862 * was thrown away. This should only ever happen after I/O completion 1863 * handling has elevated I/O error(s) to permanent failures and shuts 1864 * down the journal. 1865 */ 1866 if (write_fail) { 1867 ASSERT(xlog_is_shutdown(btp->bt_mount->m_log)); 1868 xfs_alert(btp->bt_mount, 1869 "Please run xfs_repair to determine the extent of the problem."); 1870 } 1871 } 1872 1873 static enum lru_status 1874 xfs_buftarg_isolate( 1875 struct list_head *item, 1876 struct list_lru_one *lru, 1877 spinlock_t *lru_lock, 1878 void *arg) 1879 { 1880 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1881 struct list_head *dispose = arg; 1882 1883 /* 1884 * we are inverting the lru lock/bp->b_lock here, so use a trylock. 1885 * If we fail to get the lock, just skip it. 1886 */ 1887 if (!spin_trylock(&bp->b_lock)) 1888 return LRU_SKIP; 1889 /* 1890 * Decrement the b_lru_ref count unless the value is already 1891 * zero. If the value is already zero, we need to reclaim the 1892 * buffer, otherwise it gets another trip through the LRU. 1893 */ 1894 if (atomic_add_unless(&bp->b_lru_ref, -1, 0)) { 1895 spin_unlock(&bp->b_lock); 1896 return LRU_ROTATE; 1897 } 1898 1899 bp->b_state |= XFS_BSTATE_DISPOSE; 1900 list_lru_isolate_move(lru, item, dispose); 1901 spin_unlock(&bp->b_lock); 1902 return LRU_REMOVED; 1903 } 1904 1905 static unsigned long 1906 xfs_buftarg_shrink_scan( 1907 struct shrinker *shrink, 1908 struct shrink_control *sc) 1909 { 1910 struct xfs_buftarg *btp = container_of(shrink, 1911 struct xfs_buftarg, bt_shrinker); 1912 LIST_HEAD(dispose); 1913 unsigned long freed; 1914 1915 freed = list_lru_shrink_walk(&btp->bt_lru, sc, 1916 xfs_buftarg_isolate, &dispose); 1917 1918 while (!list_empty(&dispose)) { 1919 struct xfs_buf *bp; 1920 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1921 list_del_init(&bp->b_lru); 1922 xfs_buf_rele(bp); 1923 } 1924 1925 return freed; 1926 } 1927 1928 static unsigned long 1929 xfs_buftarg_shrink_count( 1930 struct shrinker *shrink, 1931 struct shrink_control *sc) 1932 { 1933 struct xfs_buftarg *btp = container_of(shrink, 1934 struct xfs_buftarg, bt_shrinker); 1935 return list_lru_shrink_count(&btp->bt_lru, sc); 1936 } 1937 1938 void 1939 xfs_free_buftarg( 1940 struct xfs_buftarg *btp) 1941 { 1942 unregister_shrinker(&btp->bt_shrinker); 1943 ASSERT(percpu_counter_sum(&btp->bt_io_count) == 0); 1944 percpu_counter_destroy(&btp->bt_io_count); 1945 list_lru_destroy(&btp->bt_lru); 1946 1947 blkdev_issue_flush(btp->bt_bdev); 1948 invalidate_bdev(btp->bt_bdev); 1949 fs_put_dax(btp->bt_daxdev, btp->bt_mount); 1950 1951 kmem_free(btp); 1952 } 1953 1954 int 1955 xfs_setsize_buftarg( 1956 xfs_buftarg_t *btp, 1957 unsigned int sectorsize) 1958 { 1959 /* Set up metadata sector size info */ 1960 btp->bt_meta_sectorsize = sectorsize; 1961 btp->bt_meta_sectormask = sectorsize - 1; 1962 1963 if (set_blocksize(btp->bt_bdev, sectorsize)) { 1964 xfs_warn(btp->bt_mount, 1965 "Cannot set_blocksize to %u on device %pg", 1966 sectorsize, btp->bt_bdev); 1967 return -EINVAL; 1968 } 1969 1970 /* Set up device logical sector size mask */ 1971 btp->bt_logical_sectorsize = bdev_logical_block_size(btp->bt_bdev); 1972 btp->bt_logical_sectormask = bdev_logical_block_size(btp->bt_bdev) - 1; 1973 1974 return 0; 1975 } 1976 1977 /* 1978 * When allocating the initial buffer target we have not yet 1979 * read in the superblock, so don't know what sized sectors 1980 * are being used at this early stage. Play safe. 1981 */ 1982 STATIC int 1983 xfs_setsize_buftarg_early( 1984 xfs_buftarg_t *btp, 1985 struct block_device *bdev) 1986 { 1987 return xfs_setsize_buftarg(btp, bdev_logical_block_size(bdev)); 1988 } 1989 1990 struct xfs_buftarg * 1991 xfs_alloc_buftarg( 1992 struct xfs_mount *mp, 1993 struct block_device *bdev) 1994 { 1995 xfs_buftarg_t *btp; 1996 const struct dax_holder_operations *ops = NULL; 1997 1998 #if defined(CONFIG_FS_DAX) && defined(CONFIG_MEMORY_FAILURE) 1999 ops = &xfs_dax_holder_operations; 2000 #endif 2001 btp = kmem_zalloc(sizeof(*btp), KM_NOFS); 2002 2003 btp->bt_mount = mp; 2004 btp->bt_dev = bdev->bd_dev; 2005 btp->bt_bdev = bdev; 2006 btp->bt_daxdev = fs_dax_get_by_bdev(bdev, &btp->bt_dax_part_off, 2007 mp, ops); 2008 2009 /* 2010 * Buffer IO error rate limiting. Limit it to no more than 10 messages 2011 * per 30 seconds so as to not spam logs too much on repeated errors. 2012 */ 2013 ratelimit_state_init(&btp->bt_ioerror_rl, 30 * HZ, 2014 DEFAULT_RATELIMIT_BURST); 2015 2016 if (xfs_setsize_buftarg_early(btp, bdev)) 2017 goto error_free; 2018 2019 if (list_lru_init(&btp->bt_lru)) 2020 goto error_free; 2021 2022 if (percpu_counter_init(&btp->bt_io_count, 0, GFP_KERNEL)) 2023 goto error_lru; 2024 2025 btp->bt_shrinker.count_objects = xfs_buftarg_shrink_count; 2026 btp->bt_shrinker.scan_objects = xfs_buftarg_shrink_scan; 2027 btp->bt_shrinker.seeks = DEFAULT_SEEKS; 2028 btp->bt_shrinker.flags = SHRINKER_NUMA_AWARE; 2029 if (register_shrinker(&btp->bt_shrinker, "xfs-buf:%s", 2030 mp->m_super->s_id)) 2031 goto error_pcpu; 2032 return btp; 2033 2034 error_pcpu: 2035 percpu_counter_destroy(&btp->bt_io_count); 2036 error_lru: 2037 list_lru_destroy(&btp->bt_lru); 2038 error_free: 2039 kmem_free(btp); 2040 return NULL; 2041 } 2042 2043 /* 2044 * Cancel a delayed write list. 2045 * 2046 * Remove each buffer from the list, clear the delwri queue flag and drop the 2047 * associated buffer reference. 2048 */ 2049 void 2050 xfs_buf_delwri_cancel( 2051 struct list_head *list) 2052 { 2053 struct xfs_buf *bp; 2054 2055 while (!list_empty(list)) { 2056 bp = list_first_entry(list, struct xfs_buf, b_list); 2057 2058 xfs_buf_lock(bp); 2059 bp->b_flags &= ~_XBF_DELWRI_Q; 2060 list_del_init(&bp->b_list); 2061 xfs_buf_relse(bp); 2062 } 2063 } 2064 2065 /* 2066 * Add a buffer to the delayed write list. 2067 * 2068 * This queues a buffer for writeout if it hasn't already been. Note that 2069 * neither this routine nor the buffer list submission functions perform 2070 * any internal synchronization. It is expected that the lists are thread-local 2071 * to the callers. 2072 * 2073 * Returns true if we queued up the buffer, or false if it already had 2074 * been on the buffer list. 2075 */ 2076 bool 2077 xfs_buf_delwri_queue( 2078 struct xfs_buf *bp, 2079 struct list_head *list) 2080 { 2081 ASSERT(xfs_buf_islocked(bp)); 2082 ASSERT(!(bp->b_flags & XBF_READ)); 2083 2084 /* 2085 * If the buffer is already marked delwri it already is queued up 2086 * by someone else for imediate writeout. Just ignore it in that 2087 * case. 2088 */ 2089 if (bp->b_flags & _XBF_DELWRI_Q) { 2090 trace_xfs_buf_delwri_queued(bp, _RET_IP_); 2091 return false; 2092 } 2093 2094 trace_xfs_buf_delwri_queue(bp, _RET_IP_); 2095 2096 /* 2097 * If a buffer gets written out synchronously or marked stale while it 2098 * is on a delwri list we lazily remove it. To do this, the other party 2099 * clears the _XBF_DELWRI_Q flag but otherwise leaves the buffer alone. 2100 * It remains referenced and on the list. In a rare corner case it 2101 * might get readded to a delwri list after the synchronous writeout, in 2102 * which case we need just need to re-add the flag here. 2103 */ 2104 bp->b_flags |= _XBF_DELWRI_Q; 2105 if (list_empty(&bp->b_list)) { 2106 atomic_inc(&bp->b_hold); 2107 list_add_tail(&bp->b_list, list); 2108 } 2109 2110 return true; 2111 } 2112 2113 /* 2114 * Compare function is more complex than it needs to be because 2115 * the return value is only 32 bits and we are doing comparisons 2116 * on 64 bit values 2117 */ 2118 static int 2119 xfs_buf_cmp( 2120 void *priv, 2121 const struct list_head *a, 2122 const struct list_head *b) 2123 { 2124 struct xfs_buf *ap = container_of(a, struct xfs_buf, b_list); 2125 struct xfs_buf *bp = container_of(b, struct xfs_buf, b_list); 2126 xfs_daddr_t diff; 2127 2128 diff = ap->b_maps[0].bm_bn - bp->b_maps[0].bm_bn; 2129 if (diff < 0) 2130 return -1; 2131 if (diff > 0) 2132 return 1; 2133 return 0; 2134 } 2135 2136 /* 2137 * Submit buffers for write. If wait_list is specified, the buffers are 2138 * submitted using sync I/O and placed on the wait list such that the caller can 2139 * iowait each buffer. Otherwise async I/O is used and the buffers are released 2140 * at I/O completion time. In either case, buffers remain locked until I/O 2141 * completes and the buffer is released from the queue. 2142 */ 2143 static int 2144 xfs_buf_delwri_submit_buffers( 2145 struct list_head *buffer_list, 2146 struct list_head *wait_list) 2147 { 2148 struct xfs_buf *bp, *n; 2149 int pinned = 0; 2150 struct blk_plug plug; 2151 2152 list_sort(NULL, buffer_list, xfs_buf_cmp); 2153 2154 blk_start_plug(&plug); 2155 list_for_each_entry_safe(bp, n, buffer_list, b_list) { 2156 if (!wait_list) { 2157 if (!xfs_buf_trylock(bp)) 2158 continue; 2159 if (xfs_buf_ispinned(bp)) { 2160 xfs_buf_unlock(bp); 2161 pinned++; 2162 continue; 2163 } 2164 } else { 2165 xfs_buf_lock(bp); 2166 } 2167 2168 /* 2169 * Someone else might have written the buffer synchronously or 2170 * marked it stale in the meantime. In that case only the 2171 * _XBF_DELWRI_Q flag got cleared, and we have to drop the 2172 * reference and remove it from the list here. 2173 */ 2174 if (!(bp->b_flags & _XBF_DELWRI_Q)) { 2175 list_del_init(&bp->b_list); 2176 xfs_buf_relse(bp); 2177 continue; 2178 } 2179 2180 trace_xfs_buf_delwri_split(bp, _RET_IP_); 2181 2182 /* 2183 * If we have a wait list, each buffer (and associated delwri 2184 * queue reference) transfers to it and is submitted 2185 * synchronously. Otherwise, drop the buffer from the delwri 2186 * queue and submit async. 2187 */ 2188 bp->b_flags &= ~_XBF_DELWRI_Q; 2189 bp->b_flags |= XBF_WRITE; 2190 if (wait_list) { 2191 bp->b_flags &= ~XBF_ASYNC; 2192 list_move_tail(&bp->b_list, wait_list); 2193 } else { 2194 bp->b_flags |= XBF_ASYNC; 2195 list_del_init(&bp->b_list); 2196 } 2197 __xfs_buf_submit(bp, false); 2198 } 2199 blk_finish_plug(&plug); 2200 2201 return pinned; 2202 } 2203 2204 /* 2205 * Write out a buffer list asynchronously. 2206 * 2207 * This will take the @buffer_list, write all non-locked and non-pinned buffers 2208 * out and not wait for I/O completion on any of the buffers. This interface 2209 * is only safely useable for callers that can track I/O completion by higher 2210 * level means, e.g. AIL pushing as the @buffer_list is consumed in this 2211 * function. 2212 * 2213 * Note: this function will skip buffers it would block on, and in doing so 2214 * leaves them on @buffer_list so they can be retried on a later pass. As such, 2215 * it is up to the caller to ensure that the buffer list is fully submitted or 2216 * cancelled appropriately when they are finished with the list. Failure to 2217 * cancel or resubmit the list until it is empty will result in leaked buffers 2218 * at unmount time. 2219 */ 2220 int 2221 xfs_buf_delwri_submit_nowait( 2222 struct list_head *buffer_list) 2223 { 2224 return xfs_buf_delwri_submit_buffers(buffer_list, NULL); 2225 } 2226 2227 /* 2228 * Write out a buffer list synchronously. 2229 * 2230 * This will take the @buffer_list, write all buffers out and wait for I/O 2231 * completion on all of the buffers. @buffer_list is consumed by the function, 2232 * so callers must have some other way of tracking buffers if they require such 2233 * functionality. 2234 */ 2235 int 2236 xfs_buf_delwri_submit( 2237 struct list_head *buffer_list) 2238 { 2239 LIST_HEAD (wait_list); 2240 int error = 0, error2; 2241 struct xfs_buf *bp; 2242 2243 xfs_buf_delwri_submit_buffers(buffer_list, &wait_list); 2244 2245 /* Wait for IO to complete. */ 2246 while (!list_empty(&wait_list)) { 2247 bp = list_first_entry(&wait_list, struct xfs_buf, b_list); 2248 2249 list_del_init(&bp->b_list); 2250 2251 /* 2252 * Wait on the locked buffer, check for errors and unlock and 2253 * release the delwri queue reference. 2254 */ 2255 error2 = xfs_buf_iowait(bp); 2256 xfs_buf_relse(bp); 2257 if (!error) 2258 error = error2; 2259 } 2260 2261 return error; 2262 } 2263 2264 /* 2265 * Push a single buffer on a delwri queue. 2266 * 2267 * The purpose of this function is to submit a single buffer of a delwri queue 2268 * and return with the buffer still on the original queue. The waiting delwri 2269 * buffer submission infrastructure guarantees transfer of the delwri queue 2270 * buffer reference to a temporary wait list. We reuse this infrastructure to 2271 * transfer the buffer back to the original queue. 2272 * 2273 * Note the buffer transitions from the queued state, to the submitted and wait 2274 * listed state and back to the queued state during this call. The buffer 2275 * locking and queue management logic between _delwri_pushbuf() and 2276 * _delwri_queue() guarantee that the buffer cannot be queued to another list 2277 * before returning. 2278 */ 2279 int 2280 xfs_buf_delwri_pushbuf( 2281 struct xfs_buf *bp, 2282 struct list_head *buffer_list) 2283 { 2284 LIST_HEAD (submit_list); 2285 int error; 2286 2287 ASSERT(bp->b_flags & _XBF_DELWRI_Q); 2288 2289 trace_xfs_buf_delwri_pushbuf(bp, _RET_IP_); 2290 2291 /* 2292 * Isolate the buffer to a new local list so we can submit it for I/O 2293 * independently from the rest of the original list. 2294 */ 2295 xfs_buf_lock(bp); 2296 list_move(&bp->b_list, &submit_list); 2297 xfs_buf_unlock(bp); 2298 2299 /* 2300 * Delwri submission clears the DELWRI_Q buffer flag and returns with 2301 * the buffer on the wait list with the original reference. Rather than 2302 * bounce the buffer from a local wait list back to the original list 2303 * after I/O completion, reuse the original list as the wait list. 2304 */ 2305 xfs_buf_delwri_submit_buffers(&submit_list, buffer_list); 2306 2307 /* 2308 * The buffer is now locked, under I/O and wait listed on the original 2309 * delwri queue. Wait for I/O completion, restore the DELWRI_Q flag and 2310 * return with the buffer unlocked and on the original queue. 2311 */ 2312 error = xfs_buf_iowait(bp); 2313 bp->b_flags |= _XBF_DELWRI_Q; 2314 xfs_buf_unlock(bp); 2315 2316 return error; 2317 } 2318 2319 void xfs_buf_set_ref(struct xfs_buf *bp, int lru_ref) 2320 { 2321 /* 2322 * Set the lru reference count to 0 based on the error injection tag. 2323 * This allows userspace to disrupt buffer caching for debug/testing 2324 * purposes. 2325 */ 2326 if (XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_LRU_REF)) 2327 lru_ref = 0; 2328 2329 atomic_set(&bp->b_lru_ref, lru_ref); 2330 } 2331 2332 /* 2333 * Verify an on-disk magic value against the magic value specified in the 2334 * verifier structure. The verifier magic is in disk byte order so the caller is 2335 * expected to pass the value directly from disk. 2336 */ 2337 bool 2338 xfs_verify_magic( 2339 struct xfs_buf *bp, 2340 __be32 dmagic) 2341 { 2342 struct xfs_mount *mp = bp->b_mount; 2343 int idx; 2344 2345 idx = xfs_has_crc(mp); 2346 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic[idx])) 2347 return false; 2348 return dmagic == bp->b_ops->magic[idx]; 2349 } 2350 /* 2351 * Verify an on-disk magic value against the magic value specified in the 2352 * verifier structure. The verifier magic is in disk byte order so the caller is 2353 * expected to pass the value directly from disk. 2354 */ 2355 bool 2356 xfs_verify_magic16( 2357 struct xfs_buf *bp, 2358 __be16 dmagic) 2359 { 2360 struct xfs_mount *mp = bp->b_mount; 2361 int idx; 2362 2363 idx = xfs_has_crc(mp); 2364 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic16[idx])) 2365 return false; 2366 return dmagic == bp->b_ops->magic16[idx]; 2367 } 2368