fs/jbd/revoke.c at b1404069f64457c94de241738fdca142c2e5698f

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / fs / jbd / revoke.c
at b1404069f64457c94de241738fdca142c2e5698f 690 lines 20 kB view raw
wrap content
  1/*
  2 * linux/fs/jbd/revoke.c
  3 *
  4 * Written by Stephen C. Tweedie <sct@redhat.com>, 2000
  5 *
  6 * Copyright 2000 Red Hat corp --- All Rights Reserved
  7 *
  8 * This file is part of the Linux kernel and is made available under
  9 * the terms of the GNU General Public License, version 2, or at your
 10 * option, any later version, incorporated herein by reference.
 11 *
 12 * Journal revoke routines for the generic filesystem journaling code;
 13 * part of the ext2fs journaling system.
 14 *
 15 * Revoke is the mechanism used to prevent old log records for deleted
 16 * metadata from being replayed on top of newer data using the same
 17 * blocks.  The revoke mechanism is used in two separate places:
 18 *
 19 * + Commit: during commit we write the entire list of the current
 20 *   transaction's revoked blocks to the journal
 21 *
 22 * + Recovery: during recovery we record the transaction ID of all
 23 *   revoked blocks.  If there are multiple revoke records in the log
 24 *   for a single block, only the last one counts, and if there is a log
 25 *   entry for a block beyond the last revoke, then that log entry still
 26 *   gets replayed.
 27 *
 28 * We can get interactions between revokes and new log data within a
 29 * single transaction:
 30 *
 31 * Block is revoked and then journaled:
 32 *   The desired end result is the journaling of the new block, so we
 33 *   cancel the revoke before the transaction commits.
 34 *
 35 * Block is journaled and then revoked:
 36 *   The revoke must take precedence over the write of the block, so we
 37 *   need either to cancel the journal entry or to write the revoke
 38 *   later in the log than the log block.  In this case, we choose the
 39 *   latter: journaling a block cancels any revoke record for that block
 40 *   in the current transaction, so any revoke for that block in the
 41 *   transaction must have happened after the block was journaled and so
 42 *   the revoke must take precedence.
 43 *
 44 * Block is revoked and then written as data:
 45 *   The data write is allowed to succeed, but the revoke is _not_
 46 *   cancelled.  We still need to prevent old log records from
 47 *   overwriting the new data.  We don't even need to clear the revoke
 48 *   bit here.
 49 *
 50 * Revoke information on buffers is a tri-state value:
 51 *
 52 * RevokeValid clear:	no cached revoke status, need to look it up
 53 * RevokeValid set, Revoked clear:
 54 *			buffer has not been revoked, and cancel_revoke
 55 *			need do nothing.
 56 * RevokeValid set, Revoked set:
 57 *			buffer has been revoked.
 58 */
 59
 60#ifndef __KERNEL__
 61#include "jfs_user.h"
 62#else
 63#include <linux/time.h>
 64#include <linux/fs.h>
 65#include <linux/jbd.h>
 66#include <linux/errno.h>
 67#include <linux/slab.h>
 68#include <linux/list.h>
 69#include <linux/init.h>
 70#endif
 71#include <linux/log2.h>
 72
 73static struct kmem_cache *revoke_record_cache;
 74static struct kmem_cache *revoke_table_cache;
 75
 76/* Each revoke record represents one single revoked block.  During
 77   journal replay, this involves recording the transaction ID of the
 78   last transaction to revoke this block. */
 79
 80struct jbd_revoke_record_s
 81{
 82	struct list_head  hash;
 83	tid_t		  sequence;	/* Used for recovery only */
 84	unsigned long	  blocknr;
 85};
 86
 87
 88/* The revoke table is just a simple hash table of revoke records. */
 89struct jbd_revoke_table_s
 90{
 91	/* It is conceivable that we might want a larger hash table
 92	 * for recovery.  Must be a power of two. */
 93	int		  hash_size;
 94	int		  hash_shift;
 95	struct list_head *hash_table;
 96};
 97
 98
 99#ifdef __KERNEL__
100static void write_one_revoke_record(journal_t *, transaction_t *,
101				    struct journal_head **, int *,
102				    struct jbd_revoke_record_s *);
103static void flush_descriptor(journal_t *, struct journal_head *, int);
104#endif
105
106/* Utility functions to maintain the revoke table */
107
108/* Borrowed from buffer.c: this is a tried and tested block hash function */
109static inline int hash(journal_t *journal, unsigned long block)
110{
111	struct jbd_revoke_table_s *table = journal->j_revoke;
112	int hash_shift = table->hash_shift;
113
114	return ((block << (hash_shift - 6)) ^
115		(block >> 13) ^
116		(block << (hash_shift - 12))) & (table->hash_size - 1);
117}
118
119static int insert_revoke_hash(journal_t *journal, unsigned long blocknr,
120			      tid_t seq)
121{
122	struct list_head *hash_list;
123	struct jbd_revoke_record_s *record;
124
125repeat:
126	record = kmem_cache_alloc(revoke_record_cache, GFP_NOFS);
127	if (!record)
128		goto oom;
129
130	record->sequence = seq;
131	record->blocknr = blocknr;
132	hash_list = &journal->j_revoke->hash_table[hash(journal, blocknr)];
133	spin_lock(&journal->j_revoke_lock);
134	list_add(&record->hash, hash_list);
135	spin_unlock(&journal->j_revoke_lock);
136	return 0;
137
138oom:
139	if (!journal_oom_retry)
140		return -ENOMEM;
141	jbd_debug(1, "ENOMEM in %s, retrying\n", __func__);
142	yield();
143	goto repeat;
144}
145
146/* Find a revoke record in the journal's hash table. */
147
148static struct jbd_revoke_record_s *find_revoke_record(journal_t *journal,
149						      unsigned long blocknr)
150{
151	struct list_head *hash_list;
152	struct jbd_revoke_record_s *record;
153
154	hash_list = &journal->j_revoke->hash_table[hash(journal, blocknr)];
155
156	spin_lock(&journal->j_revoke_lock);
157	record = (struct jbd_revoke_record_s *) hash_list->next;
158	while (&(record->hash) != hash_list) {
159		if (record->blocknr == blocknr) {
160			spin_unlock(&journal->j_revoke_lock);
161			return record;
162		}
163		record = (struct jbd_revoke_record_s *) record->hash.next;
164	}
165	spin_unlock(&journal->j_revoke_lock);
166	return NULL;
167}
168
169void journal_destroy_revoke_caches(void)
170{
171	if (revoke_record_cache) {
172		kmem_cache_destroy(revoke_record_cache);
173		revoke_record_cache = NULL;
174	}
175	if (revoke_table_cache) {
176		kmem_cache_destroy(revoke_table_cache);
177		revoke_table_cache = NULL;
178	}
179}
180
181int __init journal_init_revoke_caches(void)
182{
183	J_ASSERT(!revoke_record_cache);
184	J_ASSERT(!revoke_table_cache);
185
186	revoke_record_cache = kmem_cache_create("revoke_record",
187					   sizeof(struct jbd_revoke_record_s),
188					   0,
189					   SLAB_HWCACHE_ALIGN|SLAB_TEMPORARY,
190					   NULL);
191	if (!revoke_record_cache)
192		goto record_cache_failure;
193
194	revoke_table_cache = kmem_cache_create("revoke_table",
195					   sizeof(struct jbd_revoke_table_s),
196					   0, SLAB_TEMPORARY, NULL);
197	if (!revoke_table_cache)
198		goto table_cache_failure;
199
200	return 0;
201
202table_cache_failure:
203	journal_destroy_revoke_caches();
204record_cache_failure:
205	return -ENOMEM;
206}
207
208static struct jbd_revoke_table_s *journal_init_revoke_table(int hash_size)
209{
210	int shift = 0;
211	int tmp = hash_size;
212	struct jbd_revoke_table_s *table;
213
214	table = kmem_cache_alloc(revoke_table_cache, GFP_KERNEL);
215	if (!table)
216		goto out;
217
218	while((tmp >>= 1UL) != 0UL)
219		shift++;
220
221	table->hash_size = hash_size;
222	table->hash_shift = shift;
223	table->hash_table =
224		kmalloc(hash_size * sizeof(struct list_head), GFP_KERNEL);
225	if (!table->hash_table) {
226		kmem_cache_free(revoke_table_cache, table);
227		table = NULL;
228		goto out;
229	}
230
231	for (tmp = 0; tmp < hash_size; tmp++)
232		INIT_LIST_HEAD(&table->hash_table[tmp]);
233
234out:
235	return table;
236}
237
238static void journal_destroy_revoke_table(struct jbd_revoke_table_s *table)
239{
240	int i;
241	struct list_head *hash_list;
242
243	for (i = 0; i < table->hash_size; i++) {
244		hash_list = &table->hash_table[i];
245		J_ASSERT(list_empty(hash_list));
246	}
247
248	kfree(table->hash_table);
249	kmem_cache_free(revoke_table_cache, table);
250}
251
252/* Initialise the revoke table for a given journal to a given size. */
253int journal_init_revoke(journal_t *journal, int hash_size)
254{
255	J_ASSERT(journal->j_revoke_table[0] == NULL);
256	J_ASSERT(is_power_of_2(hash_size));
257
258	journal->j_revoke_table[0] = journal_init_revoke_table(hash_size);
259	if (!journal->j_revoke_table[0])
260		goto fail0;
261
262	journal->j_revoke_table[1] = journal_init_revoke_table(hash_size);
263	if (!journal->j_revoke_table[1])
264		goto fail1;
265
266	journal->j_revoke = journal->j_revoke_table[1];
267
268	spin_lock_init(&journal->j_revoke_lock);
269
270	return 0;
271
272fail1:
273	journal_destroy_revoke_table(journal->j_revoke_table[0]);
274fail0:
275	return -ENOMEM;
276}
277
278/* Destroy a journal's revoke table.  The table must already be empty! */
279void journal_destroy_revoke(journal_t *journal)
280{
281	journal->j_revoke = NULL;
282	if (journal->j_revoke_table[0])
283		journal_destroy_revoke_table(journal->j_revoke_table[0]);
284	if (journal->j_revoke_table[1])
285		journal_destroy_revoke_table(journal->j_revoke_table[1]);
286}
287
288
289#ifdef __KERNEL__
290
291/*
292 * journal_revoke: revoke a given buffer_head from the journal.  This
293 * prevents the block from being replayed during recovery if we take a
294 * crash after this current transaction commits.  Any subsequent
295 * metadata writes of the buffer in this transaction cancel the
296 * revoke.
297 *
298 * Note that this call may block --- it is up to the caller to make
299 * sure that there are no further calls to journal_write_metadata
300 * before the revoke is complete.  In ext3, this implies calling the
301 * revoke before clearing the block bitmap when we are deleting
302 * metadata.
303 *
304 * Revoke performs a journal_forget on any buffer_head passed in as a
305 * parameter, but does _not_ forget the buffer_head if the bh was only
306 * found implicitly.
307 *
308 * bh_in may not be a journalled buffer - it may have come off
309 * the hash tables without an attached journal_head.
310 *
311 * If bh_in is non-zero, journal_revoke() will decrement its b_count
312 * by one.
313 */
314
315int journal_revoke(handle_t *handle, unsigned long blocknr,
316		   struct buffer_head *bh_in)
317{
318	struct buffer_head *bh = NULL;
319	journal_t *journal;
320	struct block_device *bdev;
321	int err;
322
323	might_sleep();
324	if (bh_in)
325		BUFFER_TRACE(bh_in, "enter");
326
327	journal = handle->h_transaction->t_journal;
328	if (!journal_set_features(journal, 0, 0, JFS_FEATURE_INCOMPAT_REVOKE)){
329		J_ASSERT (!"Cannot set revoke feature!");
330		return -EINVAL;
331	}
332
333	bdev = journal->j_fs_dev;
334	bh = bh_in;
335
336	if (!bh) {
337		bh = __find_get_block(bdev, blocknr, journal->j_blocksize);
338		if (bh)
339			BUFFER_TRACE(bh, "found on hash");
340	}
341#ifdef JBD_EXPENSIVE_CHECKING
342	else {
343		struct buffer_head *bh2;
344
345		/* If there is a different buffer_head lying around in
346		 * memory anywhere... */
347		bh2 = __find_get_block(bdev, blocknr, journal->j_blocksize);
348		if (bh2) {
349			/* ... and it has RevokeValid status... */
350			if (bh2 != bh && buffer_revokevalid(bh2))
351				/* ...then it better be revoked too,
352				 * since it's illegal to create a revoke
353				 * record against a buffer_head which is
354				 * not marked revoked --- that would
355				 * risk missing a subsequent revoke
356				 * cancel. */
357				J_ASSERT_BH(bh2, buffer_revoked(bh2));
358			put_bh(bh2);
359		}
360	}
361#endif
362
363	/* We really ought not ever to revoke twice in a row without
364           first having the revoke cancelled: it's illegal to free a
365           block twice without allocating it in between! */
366	if (bh) {
367		if (!J_EXPECT_BH(bh, !buffer_revoked(bh),
368				 "inconsistent data on disk")) {
369			if (!bh_in)
370				brelse(bh);
371			return -EIO;
372		}
373		set_buffer_revoked(bh);
374		set_buffer_revokevalid(bh);
375		if (bh_in) {
376			BUFFER_TRACE(bh_in, "call journal_forget");
377			journal_forget(handle, bh_in);
378		} else {
379			BUFFER_TRACE(bh, "call brelse");
380			__brelse(bh);
381		}
382	}
383
384	jbd_debug(2, "insert revoke for block %lu, bh_in=%p\n", blocknr, bh_in);
385	err = insert_revoke_hash(journal, blocknr,
386				handle->h_transaction->t_tid);
387	BUFFER_TRACE(bh_in, "exit");
388	return err;
389}
390
391/*
392 * Cancel an outstanding revoke.  For use only internally by the
393 * journaling code (called from journal_get_write_access).
394 *
395 * We trust buffer_revoked() on the buffer if the buffer is already
396 * being journaled: if there is no revoke pending on the buffer, then we
397 * don't do anything here.
398 *
399 * This would break if it were possible for a buffer to be revoked and
400 * discarded, and then reallocated within the same transaction.  In such
401 * a case we would have lost the revoked bit, but when we arrived here
402 * the second time we would still have a pending revoke to cancel.  So,
403 * do not trust the Revoked bit on buffers unless RevokeValid is also
404 * set.
405 *
406 * The caller must have the journal locked.
407 */
408int journal_cancel_revoke(handle_t *handle, struct journal_head *jh)
409{
410	struct jbd_revoke_record_s *record;
411	journal_t *journal = handle->h_transaction->t_journal;
412	int need_cancel;
413	int did_revoke = 0;	/* akpm: debug */
414	struct buffer_head *bh = jh2bh(jh);
415
416	jbd_debug(4, "journal_head %p, cancelling revoke\n", jh);
417
418	/* Is the existing Revoke bit valid?  If so, we trust it, and
419	 * only perform the full cancel if the revoke bit is set.  If
420	 * not, we can't trust the revoke bit, and we need to do the
421	 * full search for a revoke record. */
422	if (test_set_buffer_revokevalid(bh)) {
423		need_cancel = test_clear_buffer_revoked(bh);
424	} else {
425		need_cancel = 1;
426		clear_buffer_revoked(bh);
427	}
428
429	if (need_cancel) {
430		record = find_revoke_record(journal, bh->b_blocknr);
431		if (record) {
432			jbd_debug(4, "cancelled existing revoke on "
433				  "blocknr %llu\n", (unsigned long long)bh->b_blocknr);
434			spin_lock(&journal->j_revoke_lock);
435			list_del(&record->hash);
436			spin_unlock(&journal->j_revoke_lock);
437			kmem_cache_free(revoke_record_cache, record);
438			did_revoke = 1;
439		}
440	}
441
442#ifdef JBD_EXPENSIVE_CHECKING
443	/* There better not be one left behind by now! */
444	record = find_revoke_record(journal, bh->b_blocknr);
445	J_ASSERT_JH(jh, record == NULL);
446#endif
447
448	/* Finally, have we just cleared revoke on an unhashed
449	 * buffer_head?  If so, we'd better make sure we clear the
450	 * revoked status on any hashed alias too, otherwise the revoke
451	 * state machine will get very upset later on. */
452	if (need_cancel) {
453		struct buffer_head *bh2;
454		bh2 = __find_get_block(bh->b_bdev, bh->b_blocknr, bh->b_size);
455		if (bh2) {
456			if (bh2 != bh)
457				clear_buffer_revoked(bh2);
458			__brelse(bh2);
459		}
460	}
461	return did_revoke;
462}
463
464/* journal_switch_revoke table select j_revoke for next transaction
465 * we do not want to suspend any processing until all revokes are
466 * written -bzzz
467 */
468void journal_switch_revoke_table(journal_t *journal)
469{
470	int i;
471
472	if (journal->j_revoke == journal->j_revoke_table[0])
473		journal->j_revoke = journal->j_revoke_table[1];
474	else
475		journal->j_revoke = journal->j_revoke_table[0];
476
477	for (i = 0; i < journal->j_revoke->hash_size; i++)
478		INIT_LIST_HEAD(&journal->j_revoke->hash_table[i]);
479}
480
481/*
482 * Write revoke records to the journal for all entries in the current
483 * revoke hash, deleting the entries as we go.
484 *
485 * Called with the journal lock held.
486 */
487
488void journal_write_revoke_records(journal_t *journal,
489				  transaction_t *transaction)
490{
491	struct journal_head *descriptor;
492	struct jbd_revoke_record_s *record;
493	struct jbd_revoke_table_s *revoke;
494	struct list_head *hash_list;
495	int i, offset, count;
496
497	descriptor = NULL;
498	offset = 0;
499	count = 0;
500
501	/* select revoke table for committing transaction */
502	revoke = journal->j_revoke == journal->j_revoke_table[0] ?
503		journal->j_revoke_table[1] : journal->j_revoke_table[0];
504
505	for (i = 0; i < revoke->hash_size; i++) {
506		hash_list = &revoke->hash_table[i];
507
508		while (!list_empty(hash_list)) {
509			record = (struct jbd_revoke_record_s *)
510				hash_list->next;
511			write_one_revoke_record(journal, transaction,
512						&descriptor, &offset,
513						record);
514			count++;
515			list_del(&record->hash);
516			kmem_cache_free(revoke_record_cache, record);
517		}
518	}
519	if (descriptor)
520		flush_descriptor(journal, descriptor, offset);
521	jbd_debug(1, "Wrote %d revoke records\n", count);
522}
523
524/*
525 * Write out one revoke record.  We need to create a new descriptor
526 * block if the old one is full or if we have not already created one.
527 */
528
529static void write_one_revoke_record(journal_t *journal,
530				    transaction_t *transaction,
531				    struct journal_head **descriptorp,
532				    int *offsetp,
533				    struct jbd_revoke_record_s *record)
534{
535	struct journal_head *descriptor;
536	int offset;
537	journal_header_t *header;
538
539	/* If we are already aborting, this all becomes a noop.  We
540           still need to go round the loop in
541           journal_write_revoke_records in order to free all of the
542           revoke records: only the IO to the journal is omitted. */
543	if (is_journal_aborted(journal))
544		return;
545
546	descriptor = *descriptorp;
547	offset = *offsetp;
548
549	/* Make sure we have a descriptor with space left for the record */
550	if (descriptor) {
551		if (offset == journal->j_blocksize) {
552			flush_descriptor(journal, descriptor, offset);
553			descriptor = NULL;
554		}
555	}
556
557	if (!descriptor) {
558		descriptor = journal_get_descriptor_buffer(journal);
559		if (!descriptor)
560			return;
561		header = (journal_header_t *) &jh2bh(descriptor)->b_data[0];
562		header->h_magic     = cpu_to_be32(JFS_MAGIC_NUMBER);
563		header->h_blocktype = cpu_to_be32(JFS_REVOKE_BLOCK);
564		header->h_sequence  = cpu_to_be32(transaction->t_tid);
565
566		/* Record it so that we can wait for IO completion later */
567		JBUFFER_TRACE(descriptor, "file as BJ_LogCtl");
568		journal_file_buffer(descriptor, transaction, BJ_LogCtl);
569
570		offset = sizeof(journal_revoke_header_t);
571		*descriptorp = descriptor;
572	}
573
574	* ((__be32 *)(&jh2bh(descriptor)->b_data[offset])) =
575		cpu_to_be32(record->blocknr);
576	offset += 4;
577	*offsetp = offset;
578}
579
580/*
581 * Flush a revoke descriptor out to the journal.  If we are aborting,
582 * this is a noop; otherwise we are generating a buffer which needs to
583 * be waited for during commit, so it has to go onto the appropriate
584 * journal buffer list.
585 */
586
587static void flush_descriptor(journal_t *journal,
588			     struct journal_head *descriptor,
589			     int offset)
590{
591	journal_revoke_header_t *header;
592	struct buffer_head *bh = jh2bh(descriptor);
593
594	if (is_journal_aborted(journal)) {
595		put_bh(bh);
596		return;
597	}
598
599	header = (journal_revoke_header_t *) jh2bh(descriptor)->b_data;
600	header->r_count = cpu_to_be32(offset);
601	set_buffer_jwrite(bh);
602	BUFFER_TRACE(bh, "write");
603	set_buffer_dirty(bh);
604	ll_rw_block(SWRITE, 1, &bh);
605}
606#endif
607
608/*
609 * Revoke support for recovery.
610 *
611 * Recovery needs to be able to:
612 *
613 *  record all revoke records, including the tid of the latest instance
614 *  of each revoke in the journal
615 *
616 *  check whether a given block in a given transaction should be replayed
617 *  (ie. has not been revoked by a revoke record in that or a subsequent
618 *  transaction)
619 *
620 *  empty the revoke table after recovery.
621 */
622
623/*
624 * First, setting revoke records.  We create a new revoke record for
625 * every block ever revoked in the log as we scan it for recovery, and
626 * we update the existing records if we find multiple revokes for a
627 * single block.
628 */
629
630int journal_set_revoke(journal_t *journal,
631		       unsigned long blocknr,
632		       tid_t sequence)
633{
634	struct jbd_revoke_record_s *record;
635
636	record = find_revoke_record(journal, blocknr);
637	if (record) {
638		/* If we have multiple occurrences, only record the
639		 * latest sequence number in the hashed record */
640		if (tid_gt(sequence, record->sequence))
641			record->sequence = sequence;
642		return 0;
643	}
644	return insert_revoke_hash(journal, blocknr, sequence);
645}
646
647/*
648 * Test revoke records.  For a given block referenced in the log, has
649 * that block been revoked?  A revoke record with a given transaction
650 * sequence number revokes all blocks in that transaction and earlier
651 * ones, but later transactions still need replayed.
652 */
653
654int journal_test_revoke(journal_t *journal,
655			unsigned long blocknr,
656			tid_t sequence)
657{
658	struct jbd_revoke_record_s *record;
659
660	record = find_revoke_record(journal, blocknr);
661	if (!record)
662		return 0;
663	if (tid_gt(sequence, record->sequence))
664		return 0;
665	return 1;
666}
667
668/*
669 * Finally, once recovery is over, we need to clear the revoke table so
670 * that it can be reused by the running filesystem.
671 */
672
673void journal_clear_revoke(journal_t *journal)
674{
675	int i;
676	struct list_head *hash_list;
677	struct jbd_revoke_record_s *record;
678	struct jbd_revoke_table_s *revoke;
679
680	revoke = journal->j_revoke;
681
682	for (i = 0; i < revoke->hash_size; i++) {
683		hash_list = &revoke->hash_table[i];
684		while (!list_empty(hash_list)) {
685			record = (struct jbd_revoke_record_s*) hash_list->next;
686			list_del(&record->hash);
687			kmem_cache_free(revoke_record_cache, record);
688		}
689	}
690}
Configure Feed

Configure Feed
