1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Authors: Adrian Hunter
8 * Artem Bityutskiy (Битюцкий Артём)
9 */
10
11 /*
12 * This file contains journal replay code. It runs when the file-system is being
13 * mounted and requires no locking.
14 *
15 * The larger is the journal, the longer it takes to scan it, so the longer it
16 * takes to mount UBIFS. This is why the journal has limited size which may be
17 * changed depending on the system requirements. But a larger journal gives
18 * faster I/O speed because it writes the index less frequently. So this is a
19 * trade-off. Also, the journal is indexed by the in-memory index (TNC), so the
20 * larger is the journal, the more memory its index may consume.
21 */
22
23 #ifdef __UBOOT__
24 #include <linux/compat.h>
25 #include <linux/err.h>
26 #endif
27 #include "ubifs.h"
28 #include <linux/bug.h>
29 #include <linux/list_sort.h>
30
31 /**
32 * struct replay_entry - replay list entry.
33 * @lnum: logical eraseblock number of the node
34 * @offs: node offset
35 * @len: node length
36 * @deletion: non-zero if this entry corresponds to a node deletion
37 * @sqnum: node sequence number
38 * @list: links the replay list
39 * @key: node key
40 * @nm: directory entry name
41 * @old_size: truncation old size
42 * @new_size: truncation new size
43 *
44 * The replay process first scans all buds and builds the replay list, then
45 * sorts the replay list in nodes sequence number order, and then inserts all
46 * the replay entries to the TNC.
47 */
48 struct replay_entry {
49 int lnum;
50 int offs;
51 int len;
52 unsigned int deletion:1;
53 unsigned long long sqnum;
54 struct list_head list;
55 union ubifs_key key;
56 union {
57 struct qstr nm;
58 struct {
59 loff_t old_size;
60 loff_t new_size;
61 };
62 };
63 };
64
65 /**
66 * struct bud_entry - entry in the list of buds to replay.
67 * @list: next bud in the list
68 * @bud: bud description object
69 * @sqnum: reference node sequence number
70 * @free: free bytes in the bud
71 * @dirty: dirty bytes in the bud
72 */
73 struct bud_entry {
74 struct list_head list;
75 struct ubifs_bud *bud;
76 unsigned long long sqnum;
77 int free;
78 int dirty;
79 };
80
81 /**
82 * set_bud_lprops - set free and dirty space used by a bud.
83 * @c: UBIFS file-system description object
84 * @b: bud entry which describes the bud
85 *
86 * This function makes sure the LEB properties of bud @b are set correctly
87 * after the replay. Returns zero in case of success and a negative error code
88 * in case of failure.
89 */
set_bud_lprops(struct ubifs_info * c,struct bud_entry * b)90 static int set_bud_lprops(struct ubifs_info *c, struct bud_entry *b)
91 {
92 const struct ubifs_lprops *lp;
93 int err = 0, dirty;
94
95 ubifs_get_lprops(c);
96
97 lp = ubifs_lpt_lookup_dirty(c, b->bud->lnum);
98 if (IS_ERR(lp)) {
99 err = PTR_ERR(lp);
100 goto out;
101 }
102
103 dirty = lp->dirty;
104 if (b->bud->start == 0 && (lp->free != c->leb_size || lp->dirty != 0)) {
105 /*
106 * The LEB was added to the journal with a starting offset of
107 * zero which means the LEB must have been empty. The LEB
108 * property values should be @lp->free == @c->leb_size and
109 * @lp->dirty == 0, but that is not the case. The reason is that
110 * the LEB had been garbage collected before it became the bud,
111 * and there was not commit inbetween. The garbage collector
112 * resets the free and dirty space without recording it
113 * anywhere except lprops, so if there was no commit then
114 * lprops does not have that information.
115 *
116 * We do not need to adjust free space because the scan has told
117 * us the exact value which is recorded in the replay entry as
118 * @b->free.
119 *
120 * However we do need to subtract from the dirty space the
121 * amount of space that the garbage collector reclaimed, which
122 * is the whole LEB minus the amount of space that was free.
123 */
124 dbg_mnt("bud LEB %d was GC'd (%d free, %d dirty)", b->bud->lnum,
125 lp->free, lp->dirty);
126 dbg_gc("bud LEB %d was GC'd (%d free, %d dirty)", b->bud->lnum,
127 lp->free, lp->dirty);
128 dirty -= c->leb_size - lp->free;
129 /*
130 * If the replay order was perfect the dirty space would now be
131 * zero. The order is not perfect because the journal heads
132 * race with each other. This is not a problem but is does mean
133 * that the dirty space may temporarily exceed c->leb_size
134 * during the replay.
135 */
136 if (dirty != 0)
137 dbg_mnt("LEB %d lp: %d free %d dirty replay: %d free %d dirty",
138 b->bud->lnum, lp->free, lp->dirty, b->free,
139 b->dirty);
140 }
141 lp = ubifs_change_lp(c, lp, b->free, dirty + b->dirty,
142 lp->flags | LPROPS_TAKEN, 0);
143 if (IS_ERR(lp)) {
144 err = PTR_ERR(lp);
145 goto out;
146 }
147
148 /* Make sure the journal head points to the latest bud */
149 err = ubifs_wbuf_seek_nolock(&c->jheads[b->bud->jhead].wbuf,
150 b->bud->lnum, c->leb_size - b->free);
151
152 out:
153 ubifs_release_lprops(c);
154 return err;
155 }
156
157 /**
158 * set_buds_lprops - set free and dirty space for all replayed buds.
159 * @c: UBIFS file-system description object
160 *
161 * This function sets LEB properties for all replayed buds. Returns zero in
162 * case of success and a negative error code in case of failure.
163 */
set_buds_lprops(struct ubifs_info * c)164 static int set_buds_lprops(struct ubifs_info *c)
165 {
166 struct bud_entry *b;
167 int err;
168
169 list_for_each_entry(b, &c->replay_buds, list) {
170 err = set_bud_lprops(c, b);
171 if (err)
172 return err;
173 }
174
175 return 0;
176 }
177
178 /**
179 * trun_remove_range - apply a replay entry for a truncation to the TNC.
180 * @c: UBIFS file-system description object
181 * @r: replay entry of truncation
182 */
trun_remove_range(struct ubifs_info * c,struct replay_entry * r)183 static int trun_remove_range(struct ubifs_info *c, struct replay_entry *r)
184 {
185 unsigned min_blk, max_blk;
186 union ubifs_key min_key, max_key;
187 ino_t ino;
188
189 min_blk = r->new_size / UBIFS_BLOCK_SIZE;
190 if (r->new_size & (UBIFS_BLOCK_SIZE - 1))
191 min_blk += 1;
192
193 max_blk = r->old_size / UBIFS_BLOCK_SIZE;
194 if ((r->old_size & (UBIFS_BLOCK_SIZE - 1)) == 0)
195 max_blk -= 1;
196
197 ino = key_inum(c, &r->key);
198
199 data_key_init(c, &min_key, ino, min_blk);
200 data_key_init(c, &max_key, ino, max_blk);
201
202 return ubifs_tnc_remove_range(c, &min_key, &max_key);
203 }
204
205 /**
206 * apply_replay_entry - apply a replay entry to the TNC.
207 * @c: UBIFS file-system description object
208 * @r: replay entry to apply
209 *
210 * Apply a replay entry to the TNC.
211 */
apply_replay_entry(struct ubifs_info * c,struct replay_entry * r)212 static int apply_replay_entry(struct ubifs_info *c, struct replay_entry *r)
213 {
214 int err;
215
216 dbg_mntk(&r->key, "LEB %d:%d len %d deletion %d sqnum %llu key ",
217 r->lnum, r->offs, r->len, r->deletion, r->sqnum);
218
219 /* Set c->replay_sqnum to help deal with dangling branches. */
220 c->replay_sqnum = r->sqnum;
221
222 if (is_hash_key(c, &r->key)) {
223 if (r->deletion)
224 err = ubifs_tnc_remove_nm(c, &r->key, &r->nm);
225 else
226 err = ubifs_tnc_add_nm(c, &r->key, r->lnum, r->offs,
227 r->len, &r->nm);
228 } else {
229 if (r->deletion)
230 switch (key_type(c, &r->key)) {
231 case UBIFS_INO_KEY:
232 {
233 ino_t inum = key_inum(c, &r->key);
234
235 err = ubifs_tnc_remove_ino(c, inum);
236 break;
237 }
238 case UBIFS_TRUN_KEY:
239 err = trun_remove_range(c, r);
240 break;
241 default:
242 err = ubifs_tnc_remove(c, &r->key);
243 break;
244 }
245 else
246 err = ubifs_tnc_add(c, &r->key, r->lnum, r->offs,
247 r->len);
248 if (err)
249 return err;
250
251 if (c->need_recovery)
252 err = ubifs_recover_size_accum(c, &r->key, r->deletion,
253 r->new_size);
254 }
255
256 return err;
257 }
258
259 /**
260 * replay_entries_cmp - compare 2 replay entries.
261 * @priv: UBIFS file-system description object
262 * @a: first replay entry
263 * @a: second replay entry
264 *
265 * This is a comparios function for 'list_sort()' which compares 2 replay
266 * entries @a and @b by comparing their sequence numer. Returns %1 if @a has
267 * greater sequence number and %-1 otherwise.
268 */
replay_entries_cmp(void * priv,struct list_head * a,struct list_head * b)269 static int replay_entries_cmp(void *priv, struct list_head *a,
270 struct list_head *b)
271 {
272 struct replay_entry *ra, *rb;
273
274 cond_resched();
275 if (a == b)
276 return 0;
277
278 ra = list_entry(a, struct replay_entry, list);
279 rb = list_entry(b, struct replay_entry, list);
280 ubifs_assert(ra->sqnum != rb->sqnum);
281 if (ra->sqnum > rb->sqnum)
282 return 1;
283 return -1;
284 }
285
286 /**
287 * apply_replay_list - apply the replay list to the TNC.
288 * @c: UBIFS file-system description object
289 *
290 * Apply all entries in the replay list to the TNC. Returns zero in case of
291 * success and a negative error code in case of failure.
292 */
apply_replay_list(struct ubifs_info * c)293 static int apply_replay_list(struct ubifs_info *c)
294 {
295 struct replay_entry *r;
296 int err;
297
298 list_sort(c, &c->replay_list, &replay_entries_cmp);
299
300 list_for_each_entry(r, &c->replay_list, list) {
301 cond_resched();
302
303 err = apply_replay_entry(c, r);
304 if (err)
305 return err;
306 }
307
308 return 0;
309 }
310
311 /**
312 * destroy_replay_list - destroy the replay.
313 * @c: UBIFS file-system description object
314 *
315 * Destroy the replay list.
316 */
destroy_replay_list(struct ubifs_info * c)317 static void destroy_replay_list(struct ubifs_info *c)
318 {
319 struct replay_entry *r, *tmp;
320
321 list_for_each_entry_safe(r, tmp, &c->replay_list, list) {
322 if (is_hash_key(c, &r->key))
323 kfree(r->nm.name);
324 list_del(&r->list);
325 kfree(r);
326 }
327 }
328
329 /**
330 * insert_node - insert a node to the replay list
331 * @c: UBIFS file-system description object
332 * @lnum: node logical eraseblock number
333 * @offs: node offset
334 * @len: node length
335 * @key: node key
336 * @sqnum: sequence number
337 * @deletion: non-zero if this is a deletion
338 * @used: number of bytes in use in a LEB
339 * @old_size: truncation old size
340 * @new_size: truncation new size
341 *
342 * This function inserts a scanned non-direntry node to the replay list. The
343 * replay list contains @struct replay_entry elements, and we sort this list in
344 * sequence number order before applying it. The replay list is applied at the
345 * very end of the replay process. Since the list is sorted in sequence number
346 * order, the older modifications are applied first. This function returns zero
347 * in case of success and a negative error code in case of failure.
348 */
insert_node(struct ubifs_info * c,int lnum,int offs,int len,union ubifs_key * key,unsigned long long sqnum,int deletion,int * used,loff_t old_size,loff_t new_size)349 static int insert_node(struct ubifs_info *c, int lnum, int offs, int len,
350 union ubifs_key *key, unsigned long long sqnum,
351 int deletion, int *used, loff_t old_size,
352 loff_t new_size)
353 {
354 struct replay_entry *r;
355
356 dbg_mntk(key, "add LEB %d:%d, key ", lnum, offs);
357
358 if (key_inum(c, key) >= c->highest_inum)
359 c->highest_inum = key_inum(c, key);
360
361 r = kzalloc(sizeof(struct replay_entry), GFP_KERNEL);
362 if (!r)
363 return -ENOMEM;
364
365 if (!deletion)
366 *used += ALIGN(len, 8);
367 r->lnum = lnum;
368 r->offs = offs;
369 r->len = len;
370 r->deletion = !!deletion;
371 r->sqnum = sqnum;
372 key_copy(c, key, &r->key);
373 r->old_size = old_size;
374 r->new_size = new_size;
375
376 list_add_tail(&r->list, &c->replay_list);
377 return 0;
378 }
379
380 /**
381 * insert_dent - insert a directory entry node into the replay list.
382 * @c: UBIFS file-system description object
383 * @lnum: node logical eraseblock number
384 * @offs: node offset
385 * @len: node length
386 * @key: node key
387 * @name: directory entry name
388 * @nlen: directory entry name length
389 * @sqnum: sequence number
390 * @deletion: non-zero if this is a deletion
391 * @used: number of bytes in use in a LEB
392 *
393 * This function inserts a scanned directory entry node or an extended
394 * attribute entry to the replay list. Returns zero in case of success and a
395 * negative error code in case of failure.
396 */
insert_dent(struct ubifs_info * c,int lnum,int offs,int len,union ubifs_key * key,const char * name,int nlen,unsigned long long sqnum,int deletion,int * used)397 static int insert_dent(struct ubifs_info *c, int lnum, int offs, int len,
398 union ubifs_key *key, const char *name, int nlen,
399 unsigned long long sqnum, int deletion, int *used)
400 {
401 struct replay_entry *r;
402 char *nbuf;
403
404 dbg_mntk(key, "add LEB %d:%d, key ", lnum, offs);
405 if (key_inum(c, key) >= c->highest_inum)
406 c->highest_inum = key_inum(c, key);
407
408 r = kzalloc(sizeof(struct replay_entry), GFP_KERNEL);
409 if (!r)
410 return -ENOMEM;
411
412 nbuf = kmalloc(nlen + 1, GFP_KERNEL);
413 if (!nbuf) {
414 kfree(r);
415 return -ENOMEM;
416 }
417
418 if (!deletion)
419 *used += ALIGN(len, 8);
420 r->lnum = lnum;
421 r->offs = offs;
422 r->len = len;
423 r->deletion = !!deletion;
424 r->sqnum = sqnum;
425 key_copy(c, key, &r->key);
426 r->nm.len = nlen;
427 memcpy(nbuf, name, nlen);
428 nbuf[nlen] = '\0';
429 r->nm.name = nbuf;
430
431 list_add_tail(&r->list, &c->replay_list);
432 return 0;
433 }
434
435 /**
436 * ubifs_validate_entry - validate directory or extended attribute entry node.
437 * @c: UBIFS file-system description object
438 * @dent: the node to validate
439 *
440 * This function validates directory or extended attribute entry node @dent.
441 * Returns zero if the node is all right and a %-EINVAL if not.
442 */
ubifs_validate_entry(struct ubifs_info * c,const struct ubifs_dent_node * dent)443 int ubifs_validate_entry(struct ubifs_info *c,
444 const struct ubifs_dent_node *dent)
445 {
446 int key_type = key_type_flash(c, dent->key);
447 int nlen = le16_to_cpu(dent->nlen);
448
449 if (le32_to_cpu(dent->ch.len) != nlen + UBIFS_DENT_NODE_SZ + 1 ||
450 dent->type >= UBIFS_ITYPES_CNT ||
451 nlen > UBIFS_MAX_NLEN || dent->name[nlen] != 0 ||
452 strnlen(dent->name, nlen) != nlen ||
453 le64_to_cpu(dent->inum) > MAX_INUM) {
454 ubifs_err(c, "bad %s node", key_type == UBIFS_DENT_KEY ?
455 "directory entry" : "extended attribute entry");
456 return -EINVAL;
457 }
458
459 if (key_type != UBIFS_DENT_KEY && key_type != UBIFS_XENT_KEY) {
460 ubifs_err(c, "bad key type %d", key_type);
461 return -EINVAL;
462 }
463
464 return 0;
465 }
466
467 /**
468 * is_last_bud - check if the bud is the last in the journal head.
469 * @c: UBIFS file-system description object
470 * @bud: bud description object
471 *
472 * This function checks if bud @bud is the last bud in its journal head. This
473 * information is then used by 'replay_bud()' to decide whether the bud can
474 * have corruptions or not. Indeed, only last buds can be corrupted by power
475 * cuts. Returns %1 if this is the last bud, and %0 if not.
476 */
is_last_bud(struct ubifs_info * c,struct ubifs_bud * bud)477 static int is_last_bud(struct ubifs_info *c, struct ubifs_bud *bud)
478 {
479 struct ubifs_jhead *jh = &c->jheads[bud->jhead];
480 struct ubifs_bud *next;
481 uint32_t data;
482 int err;
483
484 if (list_is_last(&bud->list, &jh->buds_list))
485 return 1;
486
487 /*
488 * The following is a quirk to make sure we work correctly with UBIFS
489 * images used with older UBIFS.
490 *
491 * Normally, the last bud will be the last in the journal head's list
492 * of bud. However, there is one exception if the UBIFS image belongs
493 * to older UBIFS. This is fairly unlikely: one would need to use old
494 * UBIFS, then have a power cut exactly at the right point, and then
495 * try to mount this image with new UBIFS.
496 *
497 * The exception is: it is possible to have 2 buds A and B, A goes
498 * before B, and B is the last, bud B is contains no data, and bud A is
499 * corrupted at the end. The reason is that in older versions when the
500 * journal code switched the next bud (from A to B), it first added a
501 * log reference node for the new bud (B), and only after this it
502 * synchronized the write-buffer of current bud (A). But later this was
503 * changed and UBIFS started to always synchronize the write-buffer of
504 * the bud (A) before writing the log reference for the new bud (B).
505 *
506 * But because older UBIFS always synchronized A's write-buffer before
507 * writing to B, we can recognize this exceptional situation but
508 * checking the contents of bud B - if it is empty, then A can be
509 * treated as the last and we can recover it.
510 *
511 * TODO: remove this piece of code in a couple of years (today it is
512 * 16.05.2011).
513 */
514 next = list_entry(bud->list.next, struct ubifs_bud, list);
515 if (!list_is_last(&next->list, &jh->buds_list))
516 return 0;
517
518 err = ubifs_leb_read(c, next->lnum, (char *)&data, next->start, 4, 1);
519 if (err)
520 return 0;
521
522 return data == 0xFFFFFFFF;
523 }
524
525 /**
526 * replay_bud - replay a bud logical eraseblock.
527 * @c: UBIFS file-system description object
528 * @b: bud entry which describes the bud
529 *
530 * This function replays bud @bud, recovers it if needed, and adds all nodes
531 * from this bud to the replay list. Returns zero in case of success and a
532 * negative error code in case of failure.
533 */
replay_bud(struct ubifs_info * c,struct bud_entry * b)534 static int replay_bud(struct ubifs_info *c, struct bud_entry *b)
535 {
536 int is_last = is_last_bud(c, b->bud);
537 int err = 0, used = 0, lnum = b->bud->lnum, offs = b->bud->start;
538 struct ubifs_scan_leb *sleb;
539 struct ubifs_scan_node *snod;
540
541 dbg_mnt("replay bud LEB %d, head %d, offs %d, is_last %d",
542 lnum, b->bud->jhead, offs, is_last);
543
544 if (c->need_recovery && is_last)
545 /*
546 * Recover only last LEBs in the journal heads, because power
547 * cuts may cause corruptions only in these LEBs, because only
548 * these LEBs could possibly be written to at the power cut
549 * time.
550 */
551 sleb = ubifs_recover_leb(c, lnum, offs, c->sbuf, b->bud->jhead);
552 else
553 sleb = ubifs_scan(c, lnum, offs, c->sbuf, 0);
554 if (IS_ERR(sleb))
555 return PTR_ERR(sleb);
556
557 /*
558 * The bud does not have to start from offset zero - the beginning of
559 * the 'lnum' LEB may contain previously committed data. One of the
560 * things we have to do in replay is to correctly update lprops with
561 * newer information about this LEB.
562 *
563 * At this point lprops thinks that this LEB has 'c->leb_size - offs'
564 * bytes of free space because it only contain information about
565 * committed data.
566 *
567 * But we know that real amount of free space is 'c->leb_size -
568 * sleb->endpt', and the space in the 'lnum' LEB between 'offs' and
569 * 'sleb->endpt' is used by bud data. We have to correctly calculate
570 * how much of these data are dirty and update lprops with this
571 * information.
572 *
573 * The dirt in that LEB region is comprised of padding nodes, deletion
574 * nodes, truncation nodes and nodes which are obsoleted by subsequent
575 * nodes in this LEB. So instead of calculating clean space, we
576 * calculate used space ('used' variable).
577 */
578
579 list_for_each_entry(snod, &sleb->nodes, list) {
580 int deletion = 0;
581
582 cond_resched();
583
584 if (snod->sqnum >= SQNUM_WATERMARK) {
585 ubifs_err(c, "file system's life ended");
586 goto out_dump;
587 }
588
589 if (snod->sqnum > c->max_sqnum)
590 c->max_sqnum = snod->sqnum;
591
592 switch (snod->type) {
593 case UBIFS_INO_NODE:
594 {
595 struct ubifs_ino_node *ino = snod->node;
596 loff_t new_size = le64_to_cpu(ino->size);
597
598 if (le32_to_cpu(ino->nlink) == 0)
599 deletion = 1;
600 err = insert_node(c, lnum, snod->offs, snod->len,
601 &snod->key, snod->sqnum, deletion,
602 &used, 0, new_size);
603 break;
604 }
605 case UBIFS_DATA_NODE:
606 {
607 struct ubifs_data_node *dn = snod->node;
608 loff_t new_size = le32_to_cpu(dn->size) +
609 key_block(c, &snod->key) *
610 UBIFS_BLOCK_SIZE;
611
612 err = insert_node(c, lnum, snod->offs, snod->len,
613 &snod->key, snod->sqnum, deletion,
614 &used, 0, new_size);
615 break;
616 }
617 case UBIFS_DENT_NODE:
618 case UBIFS_XENT_NODE:
619 {
620 struct ubifs_dent_node *dent = snod->node;
621
622 err = ubifs_validate_entry(c, dent);
623 if (err)
624 goto out_dump;
625
626 err = insert_dent(c, lnum, snod->offs, snod->len,
627 &snod->key, dent->name,
628 le16_to_cpu(dent->nlen), snod->sqnum,
629 !le64_to_cpu(dent->inum), &used);
630 break;
631 }
632 case UBIFS_TRUN_NODE:
633 {
634 struct ubifs_trun_node *trun = snod->node;
635 loff_t old_size = le64_to_cpu(trun->old_size);
636 loff_t new_size = le64_to_cpu(trun->new_size);
637 union ubifs_key key;
638
639 /* Validate truncation node */
640 if (old_size < 0 || old_size > c->max_inode_sz ||
641 new_size < 0 || new_size > c->max_inode_sz ||
642 old_size <= new_size) {
643 ubifs_err(c, "bad truncation node");
644 goto out_dump;
645 }
646
647 /*
648 * Create a fake truncation key just to use the same
649 * functions which expect nodes to have keys.
650 */
651 trun_key_init(c, &key, le32_to_cpu(trun->inum));
652 err = insert_node(c, lnum, snod->offs, snod->len,
653 &key, snod->sqnum, 1, &used,
654 old_size, new_size);
655 break;
656 }
657 default:
658 ubifs_err(c, "unexpected node type %d in bud LEB %d:%d",
659 snod->type, lnum, snod->offs);
660 err = -EINVAL;
661 goto out_dump;
662 }
663 if (err)
664 goto out;
665 }
666
667 ubifs_assert(ubifs_search_bud(c, lnum));
668 ubifs_assert(sleb->endpt - offs >= used);
669 ubifs_assert(sleb->endpt % c->min_io_size == 0);
670
671 b->dirty = sleb->endpt - offs - used;
672 b->free = c->leb_size - sleb->endpt;
673 dbg_mnt("bud LEB %d replied: dirty %d, free %d",
674 lnum, b->dirty, b->free);
675
676 out:
677 ubifs_scan_destroy(sleb);
678 return err;
679
680 out_dump:
681 ubifs_err(c, "bad node is at LEB %d:%d", lnum, snod->offs);
682 ubifs_dump_node(c, snod->node);
683 ubifs_scan_destroy(sleb);
684 return -EINVAL;
685 }
686
687 /**
688 * replay_buds - replay all buds.
689 * @c: UBIFS file-system description object
690 *
691 * This function returns zero in case of success and a negative error code in
692 * case of failure.
693 */
replay_buds(struct ubifs_info * c)694 static int replay_buds(struct ubifs_info *c)
695 {
696 struct bud_entry *b;
697 int err;
698 unsigned long long prev_sqnum = 0;
699
700 list_for_each_entry(b, &c->replay_buds, list) {
701 err = replay_bud(c, b);
702 if (err)
703 return err;
704
705 ubifs_assert(b->sqnum > prev_sqnum);
706 prev_sqnum = b->sqnum;
707 }
708
709 return 0;
710 }
711
712 /**
713 * destroy_bud_list - destroy the list of buds to replay.
714 * @c: UBIFS file-system description object
715 */
destroy_bud_list(struct ubifs_info * c)716 static void destroy_bud_list(struct ubifs_info *c)
717 {
718 struct bud_entry *b;
719
720 while (!list_empty(&c->replay_buds)) {
721 b = list_entry(c->replay_buds.next, struct bud_entry, list);
722 list_del(&b->list);
723 kfree(b);
724 }
725 }
726
727 /**
728 * add_replay_bud - add a bud to the list of buds to replay.
729 * @c: UBIFS file-system description object
730 * @lnum: bud logical eraseblock number to replay
731 * @offs: bud start offset
732 * @jhead: journal head to which this bud belongs
733 * @sqnum: reference node sequence number
734 *
735 * This function returns zero in case of success and a negative error code in
736 * case of failure.
737 */
add_replay_bud(struct ubifs_info * c,int lnum,int offs,int jhead,unsigned long long sqnum)738 static int add_replay_bud(struct ubifs_info *c, int lnum, int offs, int jhead,
739 unsigned long long sqnum)
740 {
741 struct ubifs_bud *bud;
742 struct bud_entry *b;
743
744 dbg_mnt("add replay bud LEB %d:%d, head %d", lnum, offs, jhead);
745
746 bud = kmalloc(sizeof(struct ubifs_bud), GFP_KERNEL);
747 if (!bud)
748 return -ENOMEM;
749
750 b = kmalloc(sizeof(struct bud_entry), GFP_KERNEL);
751 if (!b) {
752 kfree(bud);
753 return -ENOMEM;
754 }
755
756 bud->lnum = lnum;
757 bud->start = offs;
758 bud->jhead = jhead;
759 ubifs_add_bud(c, bud);
760
761 b->bud = bud;
762 b->sqnum = sqnum;
763 list_add_tail(&b->list, &c->replay_buds);
764
765 return 0;
766 }
767
768 /**
769 * validate_ref - validate a reference node.
770 * @c: UBIFS file-system description object
771 * @ref: the reference node to validate
772 * @ref_lnum: LEB number of the reference node
773 * @ref_offs: reference node offset
774 *
775 * This function returns %1 if a bud reference already exists for the LEB. %0 is
776 * returned if the reference node is new, otherwise %-EINVAL is returned if
777 * validation failed.
778 */
validate_ref(struct ubifs_info * c,const struct ubifs_ref_node * ref)779 static int validate_ref(struct ubifs_info *c, const struct ubifs_ref_node *ref)
780 {
781 struct ubifs_bud *bud;
782 int lnum = le32_to_cpu(ref->lnum);
783 unsigned int offs = le32_to_cpu(ref->offs);
784 unsigned int jhead = le32_to_cpu(ref->jhead);
785
786 /*
787 * ref->offs may point to the end of LEB when the journal head points
788 * to the end of LEB and we write reference node for it during commit.
789 * So this is why we require 'offs > c->leb_size'.
790 */
791 if (jhead >= c->jhead_cnt || lnum >= c->leb_cnt ||
792 lnum < c->main_first || offs > c->leb_size ||
793 offs & (c->min_io_size - 1))
794 return -EINVAL;
795
796 /* Make sure we have not already looked at this bud */
797 bud = ubifs_search_bud(c, lnum);
798 if (bud) {
799 if (bud->jhead == jhead && bud->start <= offs)
800 return 1;
801 ubifs_err(c, "bud at LEB %d:%d was already referred", lnum, offs);
802 return -EINVAL;
803 }
804
805 return 0;
806 }
807
808 /**
809 * replay_log_leb - replay a log logical eraseblock.
810 * @c: UBIFS file-system description object
811 * @lnum: log logical eraseblock to replay
812 * @offs: offset to start replaying from
813 * @sbuf: scan buffer
814 *
815 * This function replays a log LEB and returns zero in case of success, %1 if
816 * this is the last LEB in the log, and a negative error code in case of
817 * failure.
818 */
replay_log_leb(struct ubifs_info * c,int lnum,int offs,void * sbuf)819 static int replay_log_leb(struct ubifs_info *c, int lnum, int offs, void *sbuf)
820 {
821 int err;
822 struct ubifs_scan_leb *sleb;
823 struct ubifs_scan_node *snod;
824 const struct ubifs_cs_node *node;
825
826 dbg_mnt("replay log LEB %d:%d", lnum, offs);
827 sleb = ubifs_scan(c, lnum, offs, sbuf, c->need_recovery);
828 if (IS_ERR(sleb)) {
829 if (PTR_ERR(sleb) != -EUCLEAN || !c->need_recovery)
830 return PTR_ERR(sleb);
831 /*
832 * Note, the below function will recover this log LEB only if
833 * it is the last, because unclean reboots can possibly corrupt
834 * only the tail of the log.
835 */
836 sleb = ubifs_recover_log_leb(c, lnum, offs, sbuf);
837 if (IS_ERR(sleb))
838 return PTR_ERR(sleb);
839 }
840
841 if (sleb->nodes_cnt == 0) {
842 err = 1;
843 goto out;
844 }
845
846 node = sleb->buf;
847 snod = list_entry(sleb->nodes.next, struct ubifs_scan_node, list);
848 if (c->cs_sqnum == 0) {
849 /*
850 * This is the first log LEB we are looking at, make sure that
851 * the first node is a commit start node. Also record its
852 * sequence number so that UBIFS can determine where the log
853 * ends, because all nodes which were have higher sequence
854 * numbers.
855 */
856 if (snod->type != UBIFS_CS_NODE) {
857 ubifs_err(c, "first log node at LEB %d:%d is not CS node",
858 lnum, offs);
859 goto out_dump;
860 }
861 if (le64_to_cpu(node->cmt_no) != c->cmt_no) {
862 ubifs_err(c, "first CS node at LEB %d:%d has wrong commit number %llu expected %llu",
863 lnum, offs,
864 (unsigned long long)le64_to_cpu(node->cmt_no),
865 c->cmt_no);
866 goto out_dump;
867 }
868
869 c->cs_sqnum = le64_to_cpu(node->ch.sqnum);
870 dbg_mnt("commit start sqnum %llu", c->cs_sqnum);
871 }
872
873 if (snod->sqnum < c->cs_sqnum) {
874 /*
875 * This means that we reached end of log and now
876 * look to the older log data, which was already
877 * committed but the eraseblock was not erased (UBIFS
878 * only un-maps it). So this basically means we have to
879 * exit with "end of log" code.
880 */
881 err = 1;
882 goto out;
883 }
884
885 /* Make sure the first node sits at offset zero of the LEB */
886 if (snod->offs != 0) {
887 ubifs_err(c, "first node is not at zero offset");
888 goto out_dump;
889 }
890
891 list_for_each_entry(snod, &sleb->nodes, list) {
892 cond_resched();
893
894 if (snod->sqnum >= SQNUM_WATERMARK) {
895 ubifs_err(c, "file system's life ended");
896 goto out_dump;
897 }
898
899 if (snod->sqnum < c->cs_sqnum) {
900 ubifs_err(c, "bad sqnum %llu, commit sqnum %llu",
901 snod->sqnum, c->cs_sqnum);
902 goto out_dump;
903 }
904
905 if (snod->sqnum > c->max_sqnum)
906 c->max_sqnum = snod->sqnum;
907
908 switch (snod->type) {
909 case UBIFS_REF_NODE: {
910 const struct ubifs_ref_node *ref = snod->node;
911
912 err = validate_ref(c, ref);
913 if (err == 1)
914 break; /* Already have this bud */
915 if (err)
916 goto out_dump;
917
918 err = add_replay_bud(c, le32_to_cpu(ref->lnum),
919 le32_to_cpu(ref->offs),
920 le32_to_cpu(ref->jhead),
921 snod->sqnum);
922 if (err)
923 goto out;
924
925 break;
926 }
927 case UBIFS_CS_NODE:
928 /* Make sure it sits at the beginning of LEB */
929 if (snod->offs != 0) {
930 ubifs_err(c, "unexpected node in log");
931 goto out_dump;
932 }
933 break;
934 default:
935 ubifs_err(c, "unexpected node in log");
936 goto out_dump;
937 }
938 }
939
940 if (sleb->endpt || c->lhead_offs >= c->leb_size) {
941 c->lhead_lnum = lnum;
942 c->lhead_offs = sleb->endpt;
943 }
944
945 err = !sleb->endpt;
946 out:
947 ubifs_scan_destroy(sleb);
948 return err;
949
950 out_dump:
951 ubifs_err(c, "log error detected while replaying the log at LEB %d:%d",
952 lnum, offs + snod->offs);
953 ubifs_dump_node(c, snod->node);
954 ubifs_scan_destroy(sleb);
955 return -EINVAL;
956 }
957
958 /**
959 * take_ihead - update the status of the index head in lprops to 'taken'.
960 * @c: UBIFS file-system description object
961 *
962 * This function returns the amount of free space in the index head LEB or a
963 * negative error code.
964 */
take_ihead(struct ubifs_info * c)965 static int take_ihead(struct ubifs_info *c)
966 {
967 const struct ubifs_lprops *lp;
968 int err, free;
969
970 ubifs_get_lprops(c);
971
972 lp = ubifs_lpt_lookup_dirty(c, c->ihead_lnum);
973 if (IS_ERR(lp)) {
974 err = PTR_ERR(lp);
975 goto out;
976 }
977
978 free = lp->free;
979
980 lp = ubifs_change_lp(c, lp, LPROPS_NC, LPROPS_NC,
981 lp->flags | LPROPS_TAKEN, 0);
982 if (IS_ERR(lp)) {
983 err = PTR_ERR(lp);
984 goto out;
985 }
986
987 err = free;
988 out:
989 ubifs_release_lprops(c);
990 return err;
991 }
992
993 /**
994 * ubifs_replay_journal - replay journal.
995 * @c: UBIFS file-system description object
996 *
997 * This function scans the journal, replays and cleans it up. It makes sure all
998 * memory data structures related to uncommitted journal are built (dirty TNC
999 * tree, tree of buds, modified lprops, etc).
1000 */
ubifs_replay_journal(struct ubifs_info * c)1001 int ubifs_replay_journal(struct ubifs_info *c)
1002 {
1003 int err, lnum, free;
1004
1005 BUILD_BUG_ON(UBIFS_TRUN_KEY > 5);
1006
1007 /* Update the status of the index head in lprops to 'taken' */
1008 free = take_ihead(c);
1009 if (free < 0)
1010 return free; /* Error code */
1011
1012 if (c->ihead_offs != c->leb_size - free) {
1013 ubifs_err(c, "bad index head LEB %d:%d", c->ihead_lnum,
1014 c->ihead_offs);
1015 return -EINVAL;
1016 }
1017
1018 dbg_mnt("start replaying the journal");
1019 c->replaying = 1;
1020 lnum = c->ltail_lnum = c->lhead_lnum;
1021
1022 do {
1023 err = replay_log_leb(c, lnum, 0, c->sbuf);
1024 if (err == 1) {
1025 if (lnum != c->lhead_lnum)
1026 /* We hit the end of the log */
1027 break;
1028
1029 /*
1030 * The head of the log must always start with the
1031 * "commit start" node on a properly formatted UBIFS.
1032 * But we found no nodes at all, which means that
1033 * someting went wrong and we cannot proceed mounting
1034 * the file-system.
1035 */
1036 ubifs_err(c, "no UBIFS nodes found at the log head LEB %d:%d, possibly corrupted",
1037 lnum, 0);
1038 err = -EINVAL;
1039 }
1040 if (err)
1041 goto out;
1042 lnum = ubifs_next_log_lnum(c, lnum);
1043 } while (lnum != c->ltail_lnum);
1044
1045 err = replay_buds(c);
1046 if (err)
1047 goto out;
1048
1049 err = apply_replay_list(c);
1050 if (err)
1051 goto out;
1052
1053 err = set_buds_lprops(c);
1054 if (err)
1055 goto out;
1056
1057 /*
1058 * UBIFS budgeting calculations use @c->bi.uncommitted_idx variable
1059 * to roughly estimate index growth. Things like @c->bi.min_idx_lebs
1060 * depend on it. This means we have to initialize it to make sure
1061 * budgeting works properly.
1062 */
1063 c->bi.uncommitted_idx = atomic_long_read(&c->dirty_zn_cnt);
1064 c->bi.uncommitted_idx *= c->max_idx_node_sz;
1065
1066 ubifs_assert(c->bud_bytes <= c->max_bud_bytes || c->need_recovery);
1067 dbg_mnt("finished, log head LEB %d:%d, max_sqnum %llu, highest_inum %lu",
1068 c->lhead_lnum, c->lhead_offs, c->max_sqnum,
1069 (unsigned long)c->highest_inum);
1070 out:
1071 destroy_replay_list(c);
1072 destroy_bud_list(c);
1073 c->replaying = 0;
1074 return err;
1075 }
1076