1 /*
2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 #include <linux/log2.h>
19
20 #include "xfs.h"
21 #include "xfs_fs.h"
22 #include "xfs_shared.h"
23 #include "xfs_format.h"
24 #include "xfs_log_format.h"
25 #include "xfs_trans_resv.h"
26 #include "xfs_sb.h"
27 #include "xfs_mount.h"
28 #include "xfs_inode.h"
29 #include "xfs_da_format.h"
30 #include "xfs_da_btree.h"
31 #include "xfs_dir2.h"
32 #include "xfs_attr_sf.h"
33 #include "xfs_attr.h"
34 #include "xfs_trans_space.h"
35 #include "xfs_trans.h"
36 #include "xfs_buf_item.h"
37 #include "xfs_inode_item.h"
38 #include "xfs_ialloc.h"
39 #include "xfs_bmap.h"
40 #include "xfs_bmap_util.h"
41 #include "xfs_error.h"
42 #include "xfs_quota.h"
43 #include "xfs_filestream.h"
44 #include "xfs_cksum.h"
45 #include "xfs_trace.h"
46 #include "xfs_icache.h"
47 #include "xfs_symlink.h"
48 #include "xfs_trans_priv.h"
49 #include "xfs_log.h"
50 #include "xfs_bmap_btree.h"
51
52 kmem_zone_t *xfs_inode_zone;
53
54 /*
55 * Used in xfs_itruncate_extents(). This is the maximum number of extents
56 * freed from a file in a single transaction.
57 */
58 #define XFS_ITRUNC_MAX_EXTENTS 2
59
60 STATIC int xfs_iflush_int(xfs_inode_t *, xfs_buf_t *);
61
62 STATIC int xfs_iunlink_remove(xfs_trans_t *, xfs_inode_t *);
63
64 /*
65 * helper function to extract extent size hint from inode
66 */
67 xfs_extlen_t
xfs_get_extsz_hint(struct xfs_inode * ip)68 xfs_get_extsz_hint(
69 struct xfs_inode *ip)
70 {
71 if ((ip->i_d.di_flags & XFS_DIFLAG_EXTSIZE) && ip->i_d.di_extsize)
72 return ip->i_d.di_extsize;
73 if (XFS_IS_REALTIME_INODE(ip))
74 return ip->i_mount->m_sb.sb_rextsize;
75 return 0;
76 }
77
78 /*
79 * These two are wrapper routines around the xfs_ilock() routine used to
80 * centralize some grungy code. They are used in places that wish to lock the
81 * inode solely for reading the extents. The reason these places can't just
82 * call xfs_ilock(ip, XFS_ILOCK_SHARED) is that the inode lock also guards to
83 * bringing in of the extents from disk for a file in b-tree format. If the
84 * inode is in b-tree format, then we need to lock the inode exclusively until
85 * the extents are read in. Locking it exclusively all the time would limit
86 * our parallelism unnecessarily, though. What we do instead is check to see
87 * if the extents have been read in yet, and only lock the inode exclusively
88 * if they have not.
89 *
90 * The functions return a value which should be given to the corresponding
91 * xfs_iunlock() call.
92 */
93 uint
xfs_ilock_data_map_shared(struct xfs_inode * ip)94 xfs_ilock_data_map_shared(
95 struct xfs_inode *ip)
96 {
97 uint lock_mode = XFS_ILOCK_SHARED;
98
99 if (ip->i_d.di_format == XFS_DINODE_FMT_BTREE &&
100 (ip->i_df.if_flags & XFS_IFEXTENTS) == 0)
101 lock_mode = XFS_ILOCK_EXCL;
102 xfs_ilock(ip, lock_mode);
103 return lock_mode;
104 }
105
106 uint
xfs_ilock_attr_map_shared(struct xfs_inode * ip)107 xfs_ilock_attr_map_shared(
108 struct xfs_inode *ip)
109 {
110 uint lock_mode = XFS_ILOCK_SHARED;
111
112 if (ip->i_d.di_aformat == XFS_DINODE_FMT_BTREE &&
113 (ip->i_afp->if_flags & XFS_IFEXTENTS) == 0)
114 lock_mode = XFS_ILOCK_EXCL;
115 xfs_ilock(ip, lock_mode);
116 return lock_mode;
117 }
118
119 /*
120 * The xfs inode contains 3 multi-reader locks: the i_iolock the i_mmap_lock and
121 * the i_lock. This routine allows various combinations of the locks to be
122 * obtained.
123 *
124 * The 3 locks should always be ordered so that the IO lock is obtained first,
125 * the mmap lock second and the ilock last in order to prevent deadlock.
126 *
127 * Basic locking order:
128 *
129 * i_iolock -> i_mmap_lock -> page_lock -> i_ilock
130 *
131 * mmap_sem locking order:
132 *
133 * i_iolock -> page lock -> mmap_sem
134 * mmap_sem -> i_mmap_lock -> page_lock
135 *
136 * The difference in mmap_sem locking order mean that we cannot hold the
137 * i_mmap_lock over syscall based read(2)/write(2) based IO. These IO paths can
138 * fault in pages during copy in/out (for buffered IO) or require the mmap_sem
139 * in get_user_pages() to map the user pages into the kernel address space for
140 * direct IO. Similarly the i_iolock cannot be taken inside a page fault because
141 * page faults already hold the mmap_sem.
142 *
143 * Hence to serialise fully against both syscall and mmap based IO, we need to
144 * take both the i_iolock and the i_mmap_lock. These locks should *only* be both
145 * taken in places where we need to invalidate the page cache in a race
146 * free manner (e.g. truncate, hole punch and other extent manipulation
147 * functions).
148 */
149 void
xfs_ilock(xfs_inode_t * ip,uint lock_flags)150 xfs_ilock(
151 xfs_inode_t *ip,
152 uint lock_flags)
153 {
154 trace_xfs_ilock(ip, lock_flags, _RET_IP_);
155
156 /*
157 * You can't set both SHARED and EXCL for the same lock,
158 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
159 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
160 */
161 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
162 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
163 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
164 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
165 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
166 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
167 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
168
169 if (lock_flags & XFS_IOLOCK_EXCL)
170 mrupdate_nested(&ip->i_iolock, XFS_IOLOCK_DEP(lock_flags));
171 else if (lock_flags & XFS_IOLOCK_SHARED)
172 mraccess_nested(&ip->i_iolock, XFS_IOLOCK_DEP(lock_flags));
173
174 if (lock_flags & XFS_MMAPLOCK_EXCL)
175 mrupdate_nested(&ip->i_mmaplock, XFS_MMAPLOCK_DEP(lock_flags));
176 else if (lock_flags & XFS_MMAPLOCK_SHARED)
177 mraccess_nested(&ip->i_mmaplock, XFS_MMAPLOCK_DEP(lock_flags));
178
179 if (lock_flags & XFS_ILOCK_EXCL)
180 mrupdate_nested(&ip->i_lock, XFS_ILOCK_DEP(lock_flags));
181 else if (lock_flags & XFS_ILOCK_SHARED)
182 mraccess_nested(&ip->i_lock, XFS_ILOCK_DEP(lock_flags));
183 }
184
185 /*
186 * This is just like xfs_ilock(), except that the caller
187 * is guaranteed not to sleep. It returns 1 if it gets
188 * the requested locks and 0 otherwise. If the IO lock is
189 * obtained but the inode lock cannot be, then the IO lock
190 * is dropped before returning.
191 *
192 * ip -- the inode being locked
193 * lock_flags -- this parameter indicates the inode's locks to be
194 * to be locked. See the comment for xfs_ilock() for a list
195 * of valid values.
196 */
197 int
xfs_ilock_nowait(xfs_inode_t * ip,uint lock_flags)198 xfs_ilock_nowait(
199 xfs_inode_t *ip,
200 uint lock_flags)
201 {
202 trace_xfs_ilock_nowait(ip, lock_flags, _RET_IP_);
203
204 /*
205 * You can't set both SHARED and EXCL for the same lock,
206 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
207 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
208 */
209 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
210 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
211 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
212 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
213 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
214 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
215 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
216
217 if (lock_flags & XFS_IOLOCK_EXCL) {
218 if (!mrtryupdate(&ip->i_iolock))
219 goto out;
220 } else if (lock_flags & XFS_IOLOCK_SHARED) {
221 if (!mrtryaccess(&ip->i_iolock))
222 goto out;
223 }
224
225 if (lock_flags & XFS_MMAPLOCK_EXCL) {
226 if (!mrtryupdate(&ip->i_mmaplock))
227 goto out_undo_iolock;
228 } else if (lock_flags & XFS_MMAPLOCK_SHARED) {
229 if (!mrtryaccess(&ip->i_mmaplock))
230 goto out_undo_iolock;
231 }
232
233 if (lock_flags & XFS_ILOCK_EXCL) {
234 if (!mrtryupdate(&ip->i_lock))
235 goto out_undo_mmaplock;
236 } else if (lock_flags & XFS_ILOCK_SHARED) {
237 if (!mrtryaccess(&ip->i_lock))
238 goto out_undo_mmaplock;
239 }
240 return 1;
241
242 out_undo_mmaplock:
243 if (lock_flags & XFS_MMAPLOCK_EXCL)
244 mrunlock_excl(&ip->i_mmaplock);
245 else if (lock_flags & XFS_MMAPLOCK_SHARED)
246 mrunlock_shared(&ip->i_mmaplock);
247 out_undo_iolock:
248 if (lock_flags & XFS_IOLOCK_EXCL)
249 mrunlock_excl(&ip->i_iolock);
250 else if (lock_flags & XFS_IOLOCK_SHARED)
251 mrunlock_shared(&ip->i_iolock);
252 out:
253 return 0;
254 }
255
256 /*
257 * xfs_iunlock() is used to drop the inode locks acquired with
258 * xfs_ilock() and xfs_ilock_nowait(). The caller must pass
259 * in the flags given to xfs_ilock() or xfs_ilock_nowait() so
260 * that we know which locks to drop.
261 *
262 * ip -- the inode being unlocked
263 * lock_flags -- this parameter indicates the inode's locks to be
264 * to be unlocked. See the comment for xfs_ilock() for a list
265 * of valid values for this parameter.
266 *
267 */
268 void
xfs_iunlock(xfs_inode_t * ip,uint lock_flags)269 xfs_iunlock(
270 xfs_inode_t *ip,
271 uint lock_flags)
272 {
273 /*
274 * You can't set both SHARED and EXCL for the same lock,
275 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
276 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
277 */
278 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
279 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
280 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
281 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
282 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
283 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
284 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
285 ASSERT(lock_flags != 0);
286
287 if (lock_flags & XFS_IOLOCK_EXCL)
288 mrunlock_excl(&ip->i_iolock);
289 else if (lock_flags & XFS_IOLOCK_SHARED)
290 mrunlock_shared(&ip->i_iolock);
291
292 if (lock_flags & XFS_MMAPLOCK_EXCL)
293 mrunlock_excl(&ip->i_mmaplock);
294 else if (lock_flags & XFS_MMAPLOCK_SHARED)
295 mrunlock_shared(&ip->i_mmaplock);
296
297 if (lock_flags & XFS_ILOCK_EXCL)
298 mrunlock_excl(&ip->i_lock);
299 else if (lock_flags & XFS_ILOCK_SHARED)
300 mrunlock_shared(&ip->i_lock);
301
302 trace_xfs_iunlock(ip, lock_flags, _RET_IP_);
303 }
304
305 /*
306 * give up write locks. the i/o lock cannot be held nested
307 * if it is being demoted.
308 */
309 void
xfs_ilock_demote(xfs_inode_t * ip,uint lock_flags)310 xfs_ilock_demote(
311 xfs_inode_t *ip,
312 uint lock_flags)
313 {
314 ASSERT(lock_flags & (XFS_IOLOCK_EXCL|XFS_MMAPLOCK_EXCL|XFS_ILOCK_EXCL));
315 ASSERT((lock_flags &
316 ~(XFS_IOLOCK_EXCL|XFS_MMAPLOCK_EXCL|XFS_ILOCK_EXCL)) == 0);
317
318 if (lock_flags & XFS_ILOCK_EXCL)
319 mrdemote(&ip->i_lock);
320 if (lock_flags & XFS_MMAPLOCK_EXCL)
321 mrdemote(&ip->i_mmaplock);
322 if (lock_flags & XFS_IOLOCK_EXCL)
323 mrdemote(&ip->i_iolock);
324
325 trace_xfs_ilock_demote(ip, lock_flags, _RET_IP_);
326 }
327
328 #if defined(DEBUG) || defined(XFS_WARN)
329 int
xfs_isilocked(xfs_inode_t * ip,uint lock_flags)330 xfs_isilocked(
331 xfs_inode_t *ip,
332 uint lock_flags)
333 {
334 if (lock_flags & (XFS_ILOCK_EXCL|XFS_ILOCK_SHARED)) {
335 if (!(lock_flags & XFS_ILOCK_SHARED))
336 return !!ip->i_lock.mr_writer;
337 return rwsem_is_locked(&ip->i_lock.mr_lock);
338 }
339
340 if (lock_flags & (XFS_MMAPLOCK_EXCL|XFS_MMAPLOCK_SHARED)) {
341 if (!(lock_flags & XFS_MMAPLOCK_SHARED))
342 return !!ip->i_mmaplock.mr_writer;
343 return rwsem_is_locked(&ip->i_mmaplock.mr_lock);
344 }
345
346 if (lock_flags & (XFS_IOLOCK_EXCL|XFS_IOLOCK_SHARED)) {
347 if (!(lock_flags & XFS_IOLOCK_SHARED))
348 return !!ip->i_iolock.mr_writer;
349 return rwsem_is_locked(&ip->i_iolock.mr_lock);
350 }
351
352 ASSERT(0);
353 return 0;
354 }
355 #endif
356
357 #ifdef DEBUG
358 int xfs_locked_n;
359 int xfs_small_retries;
360 int xfs_middle_retries;
361 int xfs_lots_retries;
362 int xfs_lock_delays;
363 #endif
364
365 /*
366 * xfs_lockdep_subclass_ok() is only used in an ASSERT, so is only called when
367 * DEBUG or XFS_WARN is set. And MAX_LOCKDEP_SUBCLASSES is then only defined
368 * when CONFIG_LOCKDEP is set. Hence the complex define below to avoid build
369 * errors and warnings.
370 */
371 #if (defined(DEBUG) || defined(XFS_WARN)) && defined(CONFIG_LOCKDEP)
372 static bool
xfs_lockdep_subclass_ok(int subclass)373 xfs_lockdep_subclass_ok(
374 int subclass)
375 {
376 return subclass < MAX_LOCKDEP_SUBCLASSES;
377 }
378 #else
379 #define xfs_lockdep_subclass_ok(subclass) (true)
380 #endif
381
382 /*
383 * Bump the subclass so xfs_lock_inodes() acquires each lock with a different
384 * value. This can be called for any type of inode lock combination, including
385 * parent locking. Care must be taken to ensure we don't overrun the subclass
386 * storage fields in the class mask we build.
387 */
388 static inline int
xfs_lock_inumorder(int lock_mode,int subclass)389 xfs_lock_inumorder(int lock_mode, int subclass)
390 {
391 int class = 0;
392
393 ASSERT(!(lock_mode & (XFS_ILOCK_PARENT | XFS_ILOCK_RTBITMAP |
394 XFS_ILOCK_RTSUM)));
395 ASSERT(xfs_lockdep_subclass_ok(subclass));
396
397 if (lock_mode & (XFS_IOLOCK_SHARED|XFS_IOLOCK_EXCL)) {
398 ASSERT(subclass <= XFS_IOLOCK_MAX_SUBCLASS);
399 ASSERT(xfs_lockdep_subclass_ok(subclass +
400 XFS_IOLOCK_PARENT_VAL));
401 class += subclass << XFS_IOLOCK_SHIFT;
402 if (lock_mode & XFS_IOLOCK_PARENT)
403 class += XFS_IOLOCK_PARENT_VAL << XFS_IOLOCK_SHIFT;
404 }
405
406 if (lock_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) {
407 ASSERT(subclass <= XFS_MMAPLOCK_MAX_SUBCLASS);
408 class += subclass << XFS_MMAPLOCK_SHIFT;
409 }
410
411 if (lock_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)) {
412 ASSERT(subclass <= XFS_ILOCK_MAX_SUBCLASS);
413 class += subclass << XFS_ILOCK_SHIFT;
414 }
415
416 return (lock_mode & ~XFS_LOCK_SUBCLASS_MASK) | class;
417 }
418
419 /*
420 * The following routine will lock n inodes in exclusive mode. We assume the
421 * caller calls us with the inodes in i_ino order.
422 *
423 * We need to detect deadlock where an inode that we lock is in the AIL and we
424 * start waiting for another inode that is locked by a thread in a long running
425 * transaction (such as truncate). This can result in deadlock since the long
426 * running trans might need to wait for the inode we just locked in order to
427 * push the tail and free space in the log.
428 *
429 * xfs_lock_inodes() can only be used to lock one type of lock at a time -
430 * the iolock, the mmaplock or the ilock, but not more than one at a time. If we
431 * lock more than one at a time, lockdep will report false positives saying we
432 * have violated locking orders.
433 */
434 void
xfs_lock_inodes(xfs_inode_t ** ips,int inodes,uint lock_mode)435 xfs_lock_inodes(
436 xfs_inode_t **ips,
437 int inodes,
438 uint lock_mode)
439 {
440 int attempts = 0, i, j, try_lock;
441 xfs_log_item_t *lp;
442
443 /*
444 * Currently supports between 2 and 5 inodes with exclusive locking. We
445 * support an arbitrary depth of locking here, but absolute limits on
446 * inodes depend on the the type of locking and the limits placed by
447 * lockdep annotations in xfs_lock_inumorder. These are all checked by
448 * the asserts.
449 */
450 ASSERT(ips && inodes >= 2 && inodes <= 5);
451 ASSERT(lock_mode & (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL |
452 XFS_ILOCK_EXCL));
453 ASSERT(!(lock_mode & (XFS_IOLOCK_SHARED | XFS_MMAPLOCK_SHARED |
454 XFS_ILOCK_SHARED)));
455 ASSERT(!(lock_mode & XFS_IOLOCK_EXCL) ||
456 inodes <= XFS_IOLOCK_MAX_SUBCLASS + 1);
457 ASSERT(!(lock_mode & XFS_MMAPLOCK_EXCL) ||
458 inodes <= XFS_MMAPLOCK_MAX_SUBCLASS + 1);
459 ASSERT(!(lock_mode & XFS_ILOCK_EXCL) ||
460 inodes <= XFS_ILOCK_MAX_SUBCLASS + 1);
461
462 if (lock_mode & XFS_IOLOCK_EXCL) {
463 ASSERT(!(lock_mode & (XFS_MMAPLOCK_EXCL | XFS_ILOCK_EXCL)));
464 } else if (lock_mode & XFS_MMAPLOCK_EXCL)
465 ASSERT(!(lock_mode & XFS_ILOCK_EXCL));
466
467 try_lock = 0;
468 i = 0;
469 again:
470 for (; i < inodes; i++) {
471 ASSERT(ips[i]);
472
473 if (i && (ips[i] == ips[i - 1])) /* Already locked */
474 continue;
475
476 /*
477 * If try_lock is not set yet, make sure all locked inodes are
478 * not in the AIL. If any are, set try_lock to be used later.
479 */
480 if (!try_lock) {
481 for (j = (i - 1); j >= 0 && !try_lock; j--) {
482 lp = (xfs_log_item_t *)ips[j]->i_itemp;
483 if (lp && (lp->li_flags & XFS_LI_IN_AIL))
484 try_lock++;
485 }
486 }
487
488 /*
489 * If any of the previous locks we have locked is in the AIL,
490 * we must TRY to get the second and subsequent locks. If
491 * we can't get any, we must release all we have
492 * and try again.
493 */
494 if (!try_lock) {
495 xfs_ilock(ips[i], xfs_lock_inumorder(lock_mode, i));
496 continue;
497 }
498
499 /* try_lock means we have an inode locked that is in the AIL. */
500 ASSERT(i != 0);
501 if (xfs_ilock_nowait(ips[i], xfs_lock_inumorder(lock_mode, i)))
502 continue;
503
504 /*
505 * Unlock all previous guys and try again. xfs_iunlock will try
506 * to push the tail if the inode is in the AIL.
507 */
508 attempts++;
509 for (j = i - 1; j >= 0; j--) {
510 /*
511 * Check to see if we've already unlocked this one. Not
512 * the first one going back, and the inode ptr is the
513 * same.
514 */
515 if (j != (i - 1) && ips[j] == ips[j + 1])
516 continue;
517
518 xfs_iunlock(ips[j], lock_mode);
519 }
520
521 if ((attempts % 5) == 0) {
522 delay(1); /* Don't just spin the CPU */
523 #ifdef DEBUG
524 xfs_lock_delays++;
525 #endif
526 }
527 i = 0;
528 try_lock = 0;
529 goto again;
530 }
531
532 #ifdef DEBUG
533 if (attempts) {
534 if (attempts < 5) xfs_small_retries++;
535 else if (attempts < 100) xfs_middle_retries++;
536 else xfs_lots_retries++;
537 } else {
538 xfs_locked_n++;
539 }
540 #endif
541 }
542
543 /*
544 * xfs_lock_two_inodes() can only be used to lock one type of lock at a time -
545 * the iolock, the mmaplock or the ilock, but not more than one at a time. If we
546 * lock more than one at a time, lockdep will report false positives saying we
547 * have violated locking orders.
548 */
549 void
xfs_lock_two_inodes(xfs_inode_t * ip0,xfs_inode_t * ip1,uint lock_mode)550 xfs_lock_two_inodes(
551 xfs_inode_t *ip0,
552 xfs_inode_t *ip1,
553 uint lock_mode)
554 {
555 xfs_inode_t *temp;
556 int attempts = 0;
557 xfs_log_item_t *lp;
558
559 if (lock_mode & (XFS_IOLOCK_SHARED|XFS_IOLOCK_EXCL)) {
560 ASSERT(!(lock_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)));
561 ASSERT(!(lock_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
562 } else if (lock_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL))
563 ASSERT(!(lock_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
564
565 ASSERT(ip0->i_ino != ip1->i_ino);
566
567 if (ip0->i_ino > ip1->i_ino) {
568 temp = ip0;
569 ip0 = ip1;
570 ip1 = temp;
571 }
572
573 again:
574 xfs_ilock(ip0, xfs_lock_inumorder(lock_mode, 0));
575
576 /*
577 * If the first lock we have locked is in the AIL, we must TRY to get
578 * the second lock. If we can't get it, we must release the first one
579 * and try again.
580 */
581 lp = (xfs_log_item_t *)ip0->i_itemp;
582 if (lp && (lp->li_flags & XFS_LI_IN_AIL)) {
583 if (!xfs_ilock_nowait(ip1, xfs_lock_inumorder(lock_mode, 1))) {
584 xfs_iunlock(ip0, lock_mode);
585 if ((++attempts % 5) == 0)
586 delay(1); /* Don't just spin the CPU */
587 goto again;
588 }
589 } else {
590 xfs_ilock(ip1, xfs_lock_inumorder(lock_mode, 1));
591 }
592 }
593
594
595 void
__xfs_iflock(struct xfs_inode * ip)596 __xfs_iflock(
597 struct xfs_inode *ip)
598 {
599 wait_queue_head_t *wq = bit_waitqueue(&ip->i_flags, __XFS_IFLOCK_BIT);
600 DEFINE_WAIT_BIT(wait, &ip->i_flags, __XFS_IFLOCK_BIT);
601
602 do {
603 prepare_to_wait_exclusive(wq, &wait.wait, TASK_UNINTERRUPTIBLE);
604 if (xfs_isiflocked(ip))
605 io_schedule();
606 } while (!xfs_iflock_nowait(ip));
607
608 finish_wait(wq, &wait.wait);
609 }
610
611 STATIC uint
_xfs_dic2xflags(__uint16_t di_flags)612 _xfs_dic2xflags(
613 __uint16_t di_flags)
614 {
615 uint flags = 0;
616
617 if (di_flags & XFS_DIFLAG_ANY) {
618 if (di_flags & XFS_DIFLAG_REALTIME)
619 flags |= XFS_XFLAG_REALTIME;
620 if (di_flags & XFS_DIFLAG_PREALLOC)
621 flags |= XFS_XFLAG_PREALLOC;
622 if (di_flags & XFS_DIFLAG_IMMUTABLE)
623 flags |= XFS_XFLAG_IMMUTABLE;
624 if (di_flags & XFS_DIFLAG_APPEND)
625 flags |= XFS_XFLAG_APPEND;
626 if (di_flags & XFS_DIFLAG_SYNC)
627 flags |= XFS_XFLAG_SYNC;
628 if (di_flags & XFS_DIFLAG_NOATIME)
629 flags |= XFS_XFLAG_NOATIME;
630 if (di_flags & XFS_DIFLAG_NODUMP)
631 flags |= XFS_XFLAG_NODUMP;
632 if (di_flags & XFS_DIFLAG_RTINHERIT)
633 flags |= XFS_XFLAG_RTINHERIT;
634 if (di_flags & XFS_DIFLAG_PROJINHERIT)
635 flags |= XFS_XFLAG_PROJINHERIT;
636 if (di_flags & XFS_DIFLAG_NOSYMLINKS)
637 flags |= XFS_XFLAG_NOSYMLINKS;
638 if (di_flags & XFS_DIFLAG_EXTSIZE)
639 flags |= XFS_XFLAG_EXTSIZE;
640 if (di_flags & XFS_DIFLAG_EXTSZINHERIT)
641 flags |= XFS_XFLAG_EXTSZINHERIT;
642 if (di_flags & XFS_DIFLAG_NODEFRAG)
643 flags |= XFS_XFLAG_NODEFRAG;
644 if (di_flags & XFS_DIFLAG_FILESTREAM)
645 flags |= XFS_XFLAG_FILESTREAM;
646 }
647
648 return flags;
649 }
650
651 uint
xfs_ip2xflags(xfs_inode_t * ip)652 xfs_ip2xflags(
653 xfs_inode_t *ip)
654 {
655 xfs_icdinode_t *dic = &ip->i_d;
656
657 return _xfs_dic2xflags(dic->di_flags) |
658 (XFS_IFORK_Q(ip) ? XFS_XFLAG_HASATTR : 0);
659 }
660
661 uint
xfs_dic2xflags(xfs_dinode_t * dip)662 xfs_dic2xflags(
663 xfs_dinode_t *dip)
664 {
665 return _xfs_dic2xflags(be16_to_cpu(dip->di_flags)) |
666 (XFS_DFORK_Q(dip) ? XFS_XFLAG_HASATTR : 0);
667 }
668
669 /*
670 * Lookups up an inode from "name". If ci_name is not NULL, then a CI match
671 * is allowed, otherwise it has to be an exact match. If a CI match is found,
672 * ci_name->name will point to a the actual name (caller must free) or
673 * will be set to NULL if an exact match is found.
674 */
675 int
xfs_lookup(xfs_inode_t * dp,struct xfs_name * name,xfs_inode_t ** ipp,struct xfs_name * ci_name)676 xfs_lookup(
677 xfs_inode_t *dp,
678 struct xfs_name *name,
679 xfs_inode_t **ipp,
680 struct xfs_name *ci_name)
681 {
682 xfs_ino_t inum;
683 int error;
684
685 trace_xfs_lookup(dp, name);
686
687 if (XFS_FORCED_SHUTDOWN(dp->i_mount))
688 return -EIO;
689
690 xfs_ilock(dp, XFS_IOLOCK_SHARED);
691 error = xfs_dir_lookup(NULL, dp, name, &inum, ci_name);
692 if (error)
693 goto out_unlock;
694
695 error = xfs_iget(dp->i_mount, NULL, inum, 0, 0, ipp);
696 if (error)
697 goto out_free_name;
698
699 xfs_iunlock(dp, XFS_IOLOCK_SHARED);
700 return 0;
701
702 out_free_name:
703 if (ci_name)
704 kmem_free(ci_name->name);
705 out_unlock:
706 xfs_iunlock(dp, XFS_IOLOCK_SHARED);
707 *ipp = NULL;
708 return error;
709 }
710
711 /*
712 * Allocate an inode on disk and return a copy of its in-core version.
713 * The in-core inode is locked exclusively. Set mode, nlink, and rdev
714 * appropriately within the inode. The uid and gid for the inode are
715 * set according to the contents of the given cred structure.
716 *
717 * Use xfs_dialloc() to allocate the on-disk inode. If xfs_dialloc()
718 * has a free inode available, call xfs_iget() to obtain the in-core
719 * version of the allocated inode. Finally, fill in the inode and
720 * log its initial contents. In this case, ialloc_context would be
721 * set to NULL.
722 *
723 * If xfs_dialloc() does not have an available inode, it will replenish
724 * its supply by doing an allocation. Since we can only do one
725 * allocation within a transaction without deadlocks, we must commit
726 * the current transaction before returning the inode itself.
727 * In this case, therefore, we will set ialloc_context and return.
728 * The caller should then commit the current transaction, start a new
729 * transaction, and call xfs_ialloc() again to actually get the inode.
730 *
731 * To ensure that some other process does not grab the inode that
732 * was allocated during the first call to xfs_ialloc(), this routine
733 * also returns the [locked] bp pointing to the head of the freelist
734 * as ialloc_context. The caller should hold this buffer across
735 * the commit and pass it back into this routine on the second call.
736 *
737 * If we are allocating quota inodes, we do not have a parent inode
738 * to attach to or associate with (i.e. pip == NULL) because they
739 * are not linked into the directory structure - they are attached
740 * directly to the superblock - and so have no parent.
741 */
742 int
xfs_ialloc(xfs_trans_t * tp,xfs_inode_t * pip,umode_t mode,xfs_nlink_t nlink,xfs_dev_t rdev,prid_t prid,int okalloc,xfs_buf_t ** ialloc_context,xfs_inode_t ** ipp)743 xfs_ialloc(
744 xfs_trans_t *tp,
745 xfs_inode_t *pip,
746 umode_t mode,
747 xfs_nlink_t nlink,
748 xfs_dev_t rdev,
749 prid_t prid,
750 int okalloc,
751 xfs_buf_t **ialloc_context,
752 xfs_inode_t **ipp)
753 {
754 struct xfs_mount *mp = tp->t_mountp;
755 xfs_ino_t ino;
756 xfs_inode_t *ip;
757 uint flags;
758 int error;
759 struct timespec tv;
760
761 /*
762 * Call the space management code to pick
763 * the on-disk inode to be allocated.
764 */
765 error = xfs_dialloc(tp, pip ? pip->i_ino : 0, mode, okalloc,
766 ialloc_context, &ino);
767 if (error)
768 return error;
769 if (*ialloc_context || ino == NULLFSINO) {
770 *ipp = NULL;
771 return 0;
772 }
773 ASSERT(*ialloc_context == NULL);
774
775 /*
776 * Get the in-core inode with the lock held exclusively.
777 * This is because we're setting fields here we need
778 * to prevent others from looking at until we're done.
779 */
780 error = xfs_iget(mp, tp, ino, XFS_IGET_CREATE,
781 XFS_ILOCK_EXCL, &ip);
782 if (error)
783 return error;
784 ASSERT(ip != NULL);
785
786 /*
787 * We always convert v1 inodes to v2 now - we only support filesystems
788 * with >= v2 inode capability, so there is no reason for ever leaving
789 * an inode in v1 format.
790 */
791 if (ip->i_d.di_version == 1)
792 ip->i_d.di_version = 2;
793
794 ip->i_d.di_mode = mode;
795 ip->i_d.di_onlink = 0;
796 ip->i_d.di_nlink = nlink;
797 ASSERT(ip->i_d.di_nlink == nlink);
798 ip->i_d.di_uid = xfs_kuid_to_uid(current_fsuid());
799 ip->i_d.di_gid = xfs_kgid_to_gid(current_fsgid());
800 xfs_set_projid(ip, prid);
801 memset(&(ip->i_d.di_pad[0]), 0, sizeof(ip->i_d.di_pad));
802
803 if (pip && XFS_INHERIT_GID(pip)) {
804 ip->i_d.di_gid = pip->i_d.di_gid;
805 if ((pip->i_d.di_mode & S_ISGID) && S_ISDIR(mode)) {
806 ip->i_d.di_mode |= S_ISGID;
807 }
808 }
809
810 /*
811 * If the group ID of the new file does not match the effective group
812 * ID or one of the supplementary group IDs, the S_ISGID bit is cleared
813 * (and only if the irix_sgid_inherit compatibility variable is set).
814 */
815 if ((irix_sgid_inherit) &&
816 (ip->i_d.di_mode & S_ISGID) &&
817 (!in_group_p(xfs_gid_to_kgid(ip->i_d.di_gid)))) {
818 ip->i_d.di_mode &= ~S_ISGID;
819 }
820
821 ip->i_d.di_size = 0;
822 ip->i_d.di_nextents = 0;
823 ASSERT(ip->i_d.di_nblocks == 0);
824
825 tv = current_fs_time(mp->m_super);
826 ip->i_d.di_mtime.t_sec = (__int32_t)tv.tv_sec;
827 ip->i_d.di_mtime.t_nsec = (__int32_t)tv.tv_nsec;
828 ip->i_d.di_atime = ip->i_d.di_mtime;
829 ip->i_d.di_ctime = ip->i_d.di_mtime;
830
831 /*
832 * di_gen will have been taken care of in xfs_iread.
833 */
834 ip->i_d.di_extsize = 0;
835 ip->i_d.di_dmevmask = 0;
836 ip->i_d.di_dmstate = 0;
837 ip->i_d.di_flags = 0;
838
839 if (ip->i_d.di_version == 3) {
840 ASSERT(ip->i_d.di_ino == ino);
841 ASSERT(uuid_equal(&ip->i_d.di_uuid, &mp->m_sb.sb_meta_uuid));
842 ip->i_d.di_crc = 0;
843 ip->i_d.di_changecount = 1;
844 ip->i_d.di_lsn = 0;
845 ip->i_d.di_flags2 = 0;
846 memset(&(ip->i_d.di_pad2[0]), 0, sizeof(ip->i_d.di_pad2));
847 ip->i_d.di_crtime = ip->i_d.di_mtime;
848 }
849
850
851 flags = XFS_ILOG_CORE;
852 switch (mode & S_IFMT) {
853 case S_IFIFO:
854 case S_IFCHR:
855 case S_IFBLK:
856 case S_IFSOCK:
857 ip->i_d.di_format = XFS_DINODE_FMT_DEV;
858 ip->i_df.if_u2.if_rdev = rdev;
859 ip->i_df.if_flags = 0;
860 flags |= XFS_ILOG_DEV;
861 break;
862 case S_IFREG:
863 case S_IFDIR:
864 if (pip && (pip->i_d.di_flags & XFS_DIFLAG_ANY)) {
865 uint di_flags = 0;
866
867 if (S_ISDIR(mode)) {
868 if (pip->i_d.di_flags & XFS_DIFLAG_RTINHERIT)
869 di_flags |= XFS_DIFLAG_RTINHERIT;
870 if (pip->i_d.di_flags & XFS_DIFLAG_EXTSZINHERIT) {
871 di_flags |= XFS_DIFLAG_EXTSZINHERIT;
872 ip->i_d.di_extsize = pip->i_d.di_extsize;
873 }
874 if (pip->i_d.di_flags & XFS_DIFLAG_PROJINHERIT)
875 di_flags |= XFS_DIFLAG_PROJINHERIT;
876 } else if (S_ISREG(mode)) {
877 if (pip->i_d.di_flags & XFS_DIFLAG_RTINHERIT)
878 di_flags |= XFS_DIFLAG_REALTIME;
879 if (pip->i_d.di_flags & XFS_DIFLAG_EXTSZINHERIT) {
880 di_flags |= XFS_DIFLAG_EXTSIZE;
881 ip->i_d.di_extsize = pip->i_d.di_extsize;
882 }
883 }
884 if ((pip->i_d.di_flags & XFS_DIFLAG_NOATIME) &&
885 xfs_inherit_noatime)
886 di_flags |= XFS_DIFLAG_NOATIME;
887 if ((pip->i_d.di_flags & XFS_DIFLAG_NODUMP) &&
888 xfs_inherit_nodump)
889 di_flags |= XFS_DIFLAG_NODUMP;
890 if ((pip->i_d.di_flags & XFS_DIFLAG_SYNC) &&
891 xfs_inherit_sync)
892 di_flags |= XFS_DIFLAG_SYNC;
893 if ((pip->i_d.di_flags & XFS_DIFLAG_NOSYMLINKS) &&
894 xfs_inherit_nosymlinks)
895 di_flags |= XFS_DIFLAG_NOSYMLINKS;
896 if ((pip->i_d.di_flags & XFS_DIFLAG_NODEFRAG) &&
897 xfs_inherit_nodefrag)
898 di_flags |= XFS_DIFLAG_NODEFRAG;
899 if (pip->i_d.di_flags & XFS_DIFLAG_FILESTREAM)
900 di_flags |= XFS_DIFLAG_FILESTREAM;
901 ip->i_d.di_flags |= di_flags;
902 }
903 /* FALLTHROUGH */
904 case S_IFLNK:
905 ip->i_d.di_format = XFS_DINODE_FMT_EXTENTS;
906 ip->i_df.if_flags = XFS_IFEXTENTS;
907 ip->i_df.if_bytes = ip->i_df.if_real_bytes = 0;
908 ip->i_df.if_u1.if_extents = NULL;
909 break;
910 default:
911 ASSERT(0);
912 }
913 /*
914 * Attribute fork settings for new inode.
915 */
916 ip->i_d.di_aformat = XFS_DINODE_FMT_EXTENTS;
917 ip->i_d.di_anextents = 0;
918
919 /*
920 * Log the new values stuffed into the inode.
921 */
922 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
923 xfs_trans_log_inode(tp, ip, flags);
924
925 /* now that we have an i_mode we can setup the inode structure */
926 xfs_setup_inode(ip);
927
928 *ipp = ip;
929 return 0;
930 }
931
932 /*
933 * Allocates a new inode from disk and return a pointer to the
934 * incore copy. This routine will internally commit the current
935 * transaction and allocate a new one if the Space Manager needed
936 * to do an allocation to replenish the inode free-list.
937 *
938 * This routine is designed to be called from xfs_create and
939 * xfs_create_dir.
940 *
941 */
942 int
xfs_dir_ialloc(xfs_trans_t ** tpp,xfs_inode_t * dp,umode_t mode,xfs_nlink_t nlink,xfs_dev_t rdev,prid_t prid,int okalloc,xfs_inode_t ** ipp,int * committed)943 xfs_dir_ialloc(
944 xfs_trans_t **tpp, /* input: current transaction;
945 output: may be a new transaction. */
946 xfs_inode_t *dp, /* directory within whose allocate
947 the inode. */
948 umode_t mode,
949 xfs_nlink_t nlink,
950 xfs_dev_t rdev,
951 prid_t prid, /* project id */
952 int okalloc, /* ok to allocate new space */
953 xfs_inode_t **ipp, /* pointer to inode; it will be
954 locked. */
955 int *committed)
956
957 {
958 xfs_trans_t *tp;
959 xfs_inode_t *ip;
960 xfs_buf_t *ialloc_context = NULL;
961 int code;
962 void *dqinfo;
963 uint tflags;
964
965 tp = *tpp;
966 ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
967
968 /*
969 * xfs_ialloc will return a pointer to an incore inode if
970 * the Space Manager has an available inode on the free
971 * list. Otherwise, it will do an allocation and replenish
972 * the freelist. Since we can only do one allocation per
973 * transaction without deadlocks, we will need to commit the
974 * current transaction and start a new one. We will then
975 * need to call xfs_ialloc again to get the inode.
976 *
977 * If xfs_ialloc did an allocation to replenish the freelist,
978 * it returns the bp containing the head of the freelist as
979 * ialloc_context. We will hold a lock on it across the
980 * transaction commit so that no other process can steal
981 * the inode(s) that we've just allocated.
982 */
983 code = xfs_ialloc(tp, dp, mode, nlink, rdev, prid, okalloc,
984 &ialloc_context, &ip);
985
986 /*
987 * Return an error if we were unable to allocate a new inode.
988 * This should only happen if we run out of space on disk or
989 * encounter a disk error.
990 */
991 if (code) {
992 *ipp = NULL;
993 return code;
994 }
995 if (!ialloc_context && !ip) {
996 *ipp = NULL;
997 return -ENOSPC;
998 }
999
1000 /*
1001 * If the AGI buffer is non-NULL, then we were unable to get an
1002 * inode in one operation. We need to commit the current
1003 * transaction and call xfs_ialloc() again. It is guaranteed
1004 * to succeed the second time.
1005 */
1006 if (ialloc_context) {
1007 /*
1008 * Normally, xfs_trans_commit releases all the locks.
1009 * We call bhold to hang on to the ialloc_context across
1010 * the commit. Holding this buffer prevents any other
1011 * processes from doing any allocations in this
1012 * allocation group.
1013 */
1014 xfs_trans_bhold(tp, ialloc_context);
1015
1016 /*
1017 * We want the quota changes to be associated with the next
1018 * transaction, NOT this one. So, detach the dqinfo from this
1019 * and attach it to the next transaction.
1020 */
1021 dqinfo = NULL;
1022 tflags = 0;
1023 if (tp->t_dqinfo) {
1024 dqinfo = (void *)tp->t_dqinfo;
1025 tp->t_dqinfo = NULL;
1026 tflags = tp->t_flags & XFS_TRANS_DQ_DIRTY;
1027 tp->t_flags &= ~(XFS_TRANS_DQ_DIRTY);
1028 }
1029
1030 code = xfs_trans_roll(&tp, 0);
1031 if (committed != NULL)
1032 *committed = 1;
1033
1034 /*
1035 * Re-attach the quota info that we detached from prev trx.
1036 */
1037 if (dqinfo) {
1038 tp->t_dqinfo = dqinfo;
1039 tp->t_flags |= tflags;
1040 }
1041
1042 if (code) {
1043 xfs_buf_relse(ialloc_context);
1044 *tpp = tp;
1045 *ipp = NULL;
1046 return code;
1047 }
1048 xfs_trans_bjoin(tp, ialloc_context);
1049
1050 /*
1051 * Call ialloc again. Since we've locked out all
1052 * other allocations in this allocation group,
1053 * this call should always succeed.
1054 */
1055 code = xfs_ialloc(tp, dp, mode, nlink, rdev, prid,
1056 okalloc, &ialloc_context, &ip);
1057
1058 /*
1059 * If we get an error at this point, return to the caller
1060 * so that the current transaction can be aborted.
1061 */
1062 if (code) {
1063 *tpp = tp;
1064 *ipp = NULL;
1065 return code;
1066 }
1067 ASSERT(!ialloc_context && ip);
1068
1069 } else {
1070 if (committed != NULL)
1071 *committed = 0;
1072 }
1073
1074 *ipp = ip;
1075 *tpp = tp;
1076
1077 return 0;
1078 }
1079
1080 /*
1081 * Decrement the link count on an inode & log the change.
1082 * If this causes the link count to go to zero, initiate the
1083 * logging activity required to truncate a file.
1084 */
1085 int /* error */
xfs_droplink(xfs_trans_t * tp,xfs_inode_t * ip)1086 xfs_droplink(
1087 xfs_trans_t *tp,
1088 xfs_inode_t *ip)
1089 {
1090 int error;
1091
1092 xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG);
1093
1094 ASSERT (ip->i_d.di_nlink > 0);
1095 ip->i_d.di_nlink--;
1096 drop_nlink(VFS_I(ip));
1097 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1098
1099 error = 0;
1100 if (ip->i_d.di_nlink == 0) {
1101 /*
1102 * We're dropping the last link to this file.
1103 * Move the on-disk inode to the AGI unlinked list.
1104 * From xfs_inactive() we will pull the inode from
1105 * the list and free it.
1106 */
1107 error = xfs_iunlink(tp, ip);
1108 }
1109 return error;
1110 }
1111
1112 /*
1113 * Increment the link count on an inode & log the change.
1114 */
1115 int
xfs_bumplink(xfs_trans_t * tp,xfs_inode_t * ip)1116 xfs_bumplink(
1117 xfs_trans_t *tp,
1118 xfs_inode_t *ip)
1119 {
1120 xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG);
1121
1122 ASSERT(ip->i_d.di_version > 1);
1123 ASSERT(ip->i_d.di_nlink > 0 || (VFS_I(ip)->i_state & I_LINKABLE));
1124 ip->i_d.di_nlink++;
1125 inc_nlink(VFS_I(ip));
1126 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1127 return 0;
1128 }
1129
1130 int
xfs_create(xfs_inode_t * dp,struct xfs_name * name,umode_t mode,xfs_dev_t rdev,xfs_inode_t ** ipp)1131 xfs_create(
1132 xfs_inode_t *dp,
1133 struct xfs_name *name,
1134 umode_t mode,
1135 xfs_dev_t rdev,
1136 xfs_inode_t **ipp)
1137 {
1138 int is_dir = S_ISDIR(mode);
1139 struct xfs_mount *mp = dp->i_mount;
1140 struct xfs_inode *ip = NULL;
1141 struct xfs_trans *tp = NULL;
1142 int error;
1143 xfs_bmap_free_t free_list;
1144 xfs_fsblock_t first_block;
1145 bool unlock_dp_on_error = false;
1146 int committed;
1147 prid_t prid;
1148 struct xfs_dquot *udqp = NULL;
1149 struct xfs_dquot *gdqp = NULL;
1150 struct xfs_dquot *pdqp = NULL;
1151 struct xfs_trans_res *tres;
1152 uint resblks;
1153
1154 trace_xfs_create(dp, name);
1155
1156 if (XFS_FORCED_SHUTDOWN(mp))
1157 return -EIO;
1158
1159 prid = xfs_get_initial_prid(dp);
1160
1161 /*
1162 * Make sure that we have allocated dquot(s) on disk.
1163 */
1164 error = xfs_qm_vop_dqalloc(dp, xfs_kuid_to_uid(current_fsuid()),
1165 xfs_kgid_to_gid(current_fsgid()), prid,
1166 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT,
1167 &udqp, &gdqp, &pdqp);
1168 if (error)
1169 return error;
1170
1171 if (is_dir) {
1172 rdev = 0;
1173 resblks = XFS_MKDIR_SPACE_RES(mp, name->len);
1174 tres = &M_RES(mp)->tr_mkdir;
1175 tp = xfs_trans_alloc(mp, XFS_TRANS_MKDIR);
1176 } else {
1177 resblks = XFS_CREATE_SPACE_RES(mp, name->len);
1178 tres = &M_RES(mp)->tr_create;
1179 tp = xfs_trans_alloc(mp, XFS_TRANS_CREATE);
1180 }
1181
1182 /*
1183 * Initially assume that the file does not exist and
1184 * reserve the resources for that case. If that is not
1185 * the case we'll drop the one we have and get a more
1186 * appropriate transaction later.
1187 */
1188 error = xfs_trans_reserve(tp, tres, resblks, 0);
1189 if (error == -ENOSPC) {
1190 /* flush outstanding delalloc blocks and retry */
1191 xfs_flush_inodes(mp);
1192 error = xfs_trans_reserve(tp, tres, resblks, 0);
1193 }
1194 if (error == -ENOSPC) {
1195 /* No space at all so try a "no-allocation" reservation */
1196 resblks = 0;
1197 error = xfs_trans_reserve(tp, tres, 0, 0);
1198 }
1199 if (error)
1200 goto out_trans_cancel;
1201
1202
1203 xfs_ilock(dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL |
1204 XFS_IOLOCK_PARENT | XFS_ILOCK_PARENT);
1205 unlock_dp_on_error = true;
1206
1207 xfs_bmap_init(&free_list, &first_block);
1208
1209 /*
1210 * Reserve disk quota and the inode.
1211 */
1212 error = xfs_trans_reserve_quota(tp, mp, udqp, gdqp,
1213 pdqp, resblks, 1, 0);
1214 if (error)
1215 goto out_trans_cancel;
1216
1217 if (!resblks) {
1218 error = xfs_dir_canenter(tp, dp, name);
1219 if (error)
1220 goto out_trans_cancel;
1221 }
1222
1223 /*
1224 * A newly created regular or special file just has one directory
1225 * entry pointing to them, but a directory also the "." entry
1226 * pointing to itself.
1227 */
1228 error = xfs_dir_ialloc(&tp, dp, mode, is_dir ? 2 : 1, rdev,
1229 prid, resblks > 0, &ip, &committed);
1230 if (error)
1231 goto out_trans_cancel;
1232
1233 /*
1234 * Now we join the directory inode to the transaction. We do not do it
1235 * earlier because xfs_dir_ialloc might commit the previous transaction
1236 * (and release all the locks). An error from here on will result in
1237 * the transaction cancel unlocking dp so don't do it explicitly in the
1238 * error path.
1239 */
1240 xfs_trans_ijoin(tp, dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
1241 unlock_dp_on_error = false;
1242
1243 error = xfs_dir_createname(tp, dp, name, ip->i_ino,
1244 &first_block, &free_list, resblks ?
1245 resblks - XFS_IALLOC_SPACE_RES(mp) : 0);
1246 if (error) {
1247 ASSERT(error != -ENOSPC);
1248 goto out_trans_cancel;
1249 }
1250 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
1251 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE);
1252
1253 if (is_dir) {
1254 error = xfs_dir_init(tp, ip, dp);
1255 if (error)
1256 goto out_bmap_cancel;
1257
1258 error = xfs_bumplink(tp, dp);
1259 if (error)
1260 goto out_bmap_cancel;
1261 }
1262
1263 /*
1264 * If this is a synchronous mount, make sure that the
1265 * create transaction goes to disk before returning to
1266 * the user.
1267 */
1268 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
1269 xfs_trans_set_sync(tp);
1270
1271 /*
1272 * Attach the dquot(s) to the inodes and modify them incore.
1273 * These ids of the inode couldn't have changed since the new
1274 * inode has been locked ever since it was created.
1275 */
1276 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp);
1277
1278 error = xfs_bmap_finish(&tp, &free_list, &committed);
1279 if (error)
1280 goto out_bmap_cancel;
1281
1282 error = xfs_trans_commit(tp);
1283 if (error)
1284 goto out_release_inode;
1285
1286 xfs_qm_dqrele(udqp);
1287 xfs_qm_dqrele(gdqp);
1288 xfs_qm_dqrele(pdqp);
1289
1290 *ipp = ip;
1291 return 0;
1292
1293 out_bmap_cancel:
1294 xfs_bmap_cancel(&free_list);
1295 out_trans_cancel:
1296 xfs_trans_cancel(tp);
1297 out_release_inode:
1298 /*
1299 * Wait until after the current transaction is aborted to finish the
1300 * setup of the inode and release the inode. This prevents recursive
1301 * transactions and deadlocks from xfs_inactive.
1302 */
1303 if (ip) {
1304 xfs_finish_inode_setup(ip);
1305 IRELE(ip);
1306 }
1307
1308 xfs_qm_dqrele(udqp);
1309 xfs_qm_dqrele(gdqp);
1310 xfs_qm_dqrele(pdqp);
1311
1312 if (unlock_dp_on_error)
1313 xfs_iunlock(dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
1314 return error;
1315 }
1316
1317 int
xfs_create_tmpfile(struct xfs_inode * dp,struct dentry * dentry,umode_t mode,struct xfs_inode ** ipp)1318 xfs_create_tmpfile(
1319 struct xfs_inode *dp,
1320 struct dentry *dentry,
1321 umode_t mode,
1322 struct xfs_inode **ipp)
1323 {
1324 struct xfs_mount *mp = dp->i_mount;
1325 struct xfs_inode *ip = NULL;
1326 struct xfs_trans *tp = NULL;
1327 int error;
1328 prid_t prid;
1329 struct xfs_dquot *udqp = NULL;
1330 struct xfs_dquot *gdqp = NULL;
1331 struct xfs_dquot *pdqp = NULL;
1332 struct xfs_trans_res *tres;
1333 uint resblks;
1334
1335 if (XFS_FORCED_SHUTDOWN(mp))
1336 return -EIO;
1337
1338 prid = xfs_get_initial_prid(dp);
1339
1340 /*
1341 * Make sure that we have allocated dquot(s) on disk.
1342 */
1343 error = xfs_qm_vop_dqalloc(dp, xfs_kuid_to_uid(current_fsuid()),
1344 xfs_kgid_to_gid(current_fsgid()), prid,
1345 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT,
1346 &udqp, &gdqp, &pdqp);
1347 if (error)
1348 return error;
1349
1350 resblks = XFS_IALLOC_SPACE_RES(mp);
1351 tp = xfs_trans_alloc(mp, XFS_TRANS_CREATE_TMPFILE);
1352
1353 tres = &M_RES(mp)->tr_create_tmpfile;
1354 error = xfs_trans_reserve(tp, tres, resblks, 0);
1355 if (error == -ENOSPC) {
1356 /* No space at all so try a "no-allocation" reservation */
1357 resblks = 0;
1358 error = xfs_trans_reserve(tp, tres, 0, 0);
1359 }
1360 if (error)
1361 goto out_trans_cancel;
1362
1363 error = xfs_trans_reserve_quota(tp, mp, udqp, gdqp,
1364 pdqp, resblks, 1, 0);
1365 if (error)
1366 goto out_trans_cancel;
1367
1368 error = xfs_dir_ialloc(&tp, dp, mode, 1, 0,
1369 prid, resblks > 0, &ip, NULL);
1370 if (error)
1371 goto out_trans_cancel;
1372
1373 if (mp->m_flags & XFS_MOUNT_WSYNC)
1374 xfs_trans_set_sync(tp);
1375
1376 /*
1377 * Attach the dquot(s) to the inodes and modify them incore.
1378 * These ids of the inode couldn't have changed since the new
1379 * inode has been locked ever since it was created.
1380 */
1381 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp);
1382
1383 ip->i_d.di_nlink--;
1384 error = xfs_iunlink(tp, ip);
1385 if (error)
1386 goto out_trans_cancel;
1387
1388 error = xfs_trans_commit(tp);
1389 if (error)
1390 goto out_release_inode;
1391
1392 xfs_qm_dqrele(udqp);
1393 xfs_qm_dqrele(gdqp);
1394 xfs_qm_dqrele(pdqp);
1395
1396 *ipp = ip;
1397 return 0;
1398
1399 out_trans_cancel:
1400 xfs_trans_cancel(tp);
1401 out_release_inode:
1402 /*
1403 * Wait until after the current transaction is aborted to finish the
1404 * setup of the inode and release the inode. This prevents recursive
1405 * transactions and deadlocks from xfs_inactive.
1406 */
1407 if (ip) {
1408 xfs_finish_inode_setup(ip);
1409 IRELE(ip);
1410 }
1411
1412 xfs_qm_dqrele(udqp);
1413 xfs_qm_dqrele(gdqp);
1414 xfs_qm_dqrele(pdqp);
1415
1416 return error;
1417 }
1418
1419 int
xfs_link(xfs_inode_t * tdp,xfs_inode_t * sip,struct xfs_name * target_name)1420 xfs_link(
1421 xfs_inode_t *tdp,
1422 xfs_inode_t *sip,
1423 struct xfs_name *target_name)
1424 {
1425 xfs_mount_t *mp = tdp->i_mount;
1426 xfs_trans_t *tp;
1427 int error;
1428 xfs_bmap_free_t free_list;
1429 xfs_fsblock_t first_block;
1430 int committed;
1431 int resblks;
1432
1433 trace_xfs_link(tdp, target_name);
1434
1435 ASSERT(!S_ISDIR(sip->i_d.di_mode));
1436
1437 if (XFS_FORCED_SHUTDOWN(mp))
1438 return -EIO;
1439
1440 error = xfs_qm_dqattach(sip, 0);
1441 if (error)
1442 goto std_return;
1443
1444 error = xfs_qm_dqattach(tdp, 0);
1445 if (error)
1446 goto std_return;
1447
1448 tp = xfs_trans_alloc(mp, XFS_TRANS_LINK);
1449 resblks = XFS_LINK_SPACE_RES(mp, target_name->len);
1450 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_link, resblks, 0);
1451 if (error == -ENOSPC) {
1452 resblks = 0;
1453 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_link, 0, 0);
1454 }
1455 if (error)
1456 goto error_return;
1457
1458 xfs_ilock(tdp, XFS_IOLOCK_EXCL | XFS_IOLOCK_PARENT);
1459 xfs_lock_two_inodes(sip, tdp, XFS_ILOCK_EXCL);
1460
1461 xfs_trans_ijoin(tp, sip, XFS_ILOCK_EXCL);
1462 xfs_trans_ijoin(tp, tdp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
1463
1464 /*
1465 * If we are using project inheritance, we only allow hard link
1466 * creation in our tree when the project IDs are the same; else
1467 * the tree quota mechanism could be circumvented.
1468 */
1469 if (unlikely((tdp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
1470 (xfs_get_projid(tdp) != xfs_get_projid(sip)))) {
1471 error = -EXDEV;
1472 goto error_return;
1473 }
1474
1475 if (!resblks) {
1476 error = xfs_dir_canenter(tp, tdp, target_name);
1477 if (error)
1478 goto error_return;
1479 }
1480
1481 xfs_bmap_init(&free_list, &first_block);
1482
1483 if (sip->i_d.di_nlink == 0) {
1484 error = xfs_iunlink_remove(tp, sip);
1485 if (error)
1486 goto error_return;
1487 }
1488
1489 error = xfs_dir_createname(tp, tdp, target_name, sip->i_ino,
1490 &first_block, &free_list, resblks);
1491 if (error)
1492 goto error_return;
1493 xfs_trans_ichgtime(tp, tdp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
1494 xfs_trans_log_inode(tp, tdp, XFS_ILOG_CORE);
1495
1496 error = xfs_bumplink(tp, sip);
1497 if (error)
1498 goto error_return;
1499
1500 /*
1501 * If this is a synchronous mount, make sure that the
1502 * link transaction goes to disk before returning to
1503 * the user.
1504 */
1505 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC)) {
1506 xfs_trans_set_sync(tp);
1507 }
1508
1509 error = xfs_bmap_finish (&tp, &free_list, &committed);
1510 if (error) {
1511 xfs_bmap_cancel(&free_list);
1512 goto error_return;
1513 }
1514
1515 return xfs_trans_commit(tp);
1516
1517 error_return:
1518 xfs_trans_cancel(tp);
1519 std_return:
1520 return error;
1521 }
1522
1523 /*
1524 * Free up the underlying blocks past new_size. The new size must be smaller
1525 * than the current size. This routine can be used both for the attribute and
1526 * data fork, and does not modify the inode size, which is left to the caller.
1527 *
1528 * The transaction passed to this routine must have made a permanent log
1529 * reservation of at least XFS_ITRUNCATE_LOG_RES. This routine may commit the
1530 * given transaction and start new ones, so make sure everything involved in
1531 * the transaction is tidy before calling here. Some transaction will be
1532 * returned to the caller to be committed. The incoming transaction must
1533 * already include the inode, and both inode locks must be held exclusively.
1534 * The inode must also be "held" within the transaction. On return the inode
1535 * will be "held" within the returned transaction. This routine does NOT
1536 * require any disk space to be reserved for it within the transaction.
1537 *
1538 * If we get an error, we must return with the inode locked and linked into the
1539 * current transaction. This keeps things simple for the higher level code,
1540 * because it always knows that the inode is locked and held in the transaction
1541 * that returns to it whether errors occur or not. We don't mark the inode
1542 * dirty on error so that transactions can be easily aborted if possible.
1543 */
1544 int
xfs_itruncate_extents(struct xfs_trans ** tpp,struct xfs_inode * ip,int whichfork,xfs_fsize_t new_size)1545 xfs_itruncate_extents(
1546 struct xfs_trans **tpp,
1547 struct xfs_inode *ip,
1548 int whichfork,
1549 xfs_fsize_t new_size)
1550 {
1551 struct xfs_mount *mp = ip->i_mount;
1552 struct xfs_trans *tp = *tpp;
1553 xfs_bmap_free_t free_list;
1554 xfs_fsblock_t first_block;
1555 xfs_fileoff_t first_unmap_block;
1556 xfs_fileoff_t last_block;
1557 xfs_filblks_t unmap_len;
1558 int committed;
1559 int error = 0;
1560 int done = 0;
1561
1562 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1563 ASSERT(!atomic_read(&VFS_I(ip)->i_count) ||
1564 xfs_isilocked(ip, XFS_IOLOCK_EXCL));
1565 ASSERT(new_size <= XFS_ISIZE(ip));
1566 ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
1567 ASSERT(ip->i_itemp != NULL);
1568 ASSERT(ip->i_itemp->ili_lock_flags == 0);
1569 ASSERT(!XFS_NOT_DQATTACHED(mp, ip));
1570
1571 trace_xfs_itruncate_extents_start(ip, new_size);
1572
1573 /*
1574 * Since it is possible for space to become allocated beyond
1575 * the end of the file (in a crash where the space is allocated
1576 * but the inode size is not yet updated), simply remove any
1577 * blocks which show up between the new EOF and the maximum
1578 * possible file size. If the first block to be removed is
1579 * beyond the maximum file size (ie it is the same as last_block),
1580 * then there is nothing to do.
1581 */
1582 first_unmap_block = XFS_B_TO_FSB(mp, (xfs_ufsize_t)new_size);
1583 last_block = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1584 if (first_unmap_block == last_block)
1585 return 0;
1586
1587 ASSERT(first_unmap_block < last_block);
1588 unmap_len = last_block - first_unmap_block + 1;
1589 while (!done) {
1590 xfs_bmap_init(&free_list, &first_block);
1591 error = xfs_bunmapi(tp, ip,
1592 first_unmap_block, unmap_len,
1593 xfs_bmapi_aflag(whichfork),
1594 XFS_ITRUNC_MAX_EXTENTS,
1595 &first_block, &free_list,
1596 &done);
1597 if (error)
1598 goto out_bmap_cancel;
1599
1600 /*
1601 * Duplicate the transaction that has the permanent
1602 * reservation and commit the old transaction.
1603 */
1604 error = xfs_bmap_finish(&tp, &free_list, &committed);
1605 if (committed)
1606 xfs_trans_ijoin(tp, ip, 0);
1607 if (error)
1608 goto out_bmap_cancel;
1609
1610 error = xfs_trans_roll(&tp, ip);
1611 if (error)
1612 goto out;
1613 }
1614
1615 /*
1616 * Always re-log the inode so that our permanent transaction can keep
1617 * on rolling it forward in the log.
1618 */
1619 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1620
1621 trace_xfs_itruncate_extents_end(ip, new_size);
1622
1623 out:
1624 *tpp = tp;
1625 return error;
1626 out_bmap_cancel:
1627 /*
1628 * If the bunmapi call encounters an error, return to the caller where
1629 * the transaction can be properly aborted. We just need to make sure
1630 * we're not holding any resources that we were not when we came in.
1631 */
1632 xfs_bmap_cancel(&free_list);
1633 goto out;
1634 }
1635
1636 int
xfs_release(xfs_inode_t * ip)1637 xfs_release(
1638 xfs_inode_t *ip)
1639 {
1640 xfs_mount_t *mp = ip->i_mount;
1641 int error;
1642
1643 if (!S_ISREG(ip->i_d.di_mode) || (ip->i_d.di_mode == 0))
1644 return 0;
1645
1646 /* If this is a read-only mount, don't do this (would generate I/O) */
1647 if (mp->m_flags & XFS_MOUNT_RDONLY)
1648 return 0;
1649
1650 if (!XFS_FORCED_SHUTDOWN(mp)) {
1651 int truncated;
1652
1653 /*
1654 * If we previously truncated this file and removed old data
1655 * in the process, we want to initiate "early" writeout on
1656 * the last close. This is an attempt to combat the notorious
1657 * NULL files problem which is particularly noticeable from a
1658 * truncate down, buffered (re-)write (delalloc), followed by
1659 * a crash. What we are effectively doing here is
1660 * significantly reducing the time window where we'd otherwise
1661 * be exposed to that problem.
1662 */
1663 truncated = xfs_iflags_test_and_clear(ip, XFS_ITRUNCATED);
1664 if (truncated) {
1665 xfs_iflags_clear(ip, XFS_IDIRTY_RELEASE);
1666 if (ip->i_delayed_blks > 0) {
1667 error = filemap_flush(VFS_I(ip)->i_mapping);
1668 if (error)
1669 return error;
1670 }
1671 }
1672 }
1673
1674 if (ip->i_d.di_nlink == 0)
1675 return 0;
1676
1677 if (xfs_can_free_eofblocks(ip, false)) {
1678
1679 /*
1680 * If we can't get the iolock just skip truncating the blocks
1681 * past EOF because we could deadlock with the mmap_sem
1682 * otherwise. We'll get another chance to drop them once the
1683 * last reference to the inode is dropped, so we'll never leak
1684 * blocks permanently.
1685 *
1686 * Further, check if the inode is being opened, written and
1687 * closed frequently and we have delayed allocation blocks
1688 * outstanding (e.g. streaming writes from the NFS server),
1689 * truncating the blocks past EOF will cause fragmentation to
1690 * occur.
1691 *
1692 * In this case don't do the truncation, either, but we have to
1693 * be careful how we detect this case. Blocks beyond EOF show
1694 * up as i_delayed_blks even when the inode is clean, so we
1695 * need to truncate them away first before checking for a dirty
1696 * release. Hence on the first dirty close we will still remove
1697 * the speculative allocation, but after that we will leave it
1698 * in place.
1699 */
1700 if (xfs_iflags_test(ip, XFS_IDIRTY_RELEASE))
1701 return 0;
1702
1703 error = xfs_free_eofblocks(mp, ip, true);
1704 if (error && error != -EAGAIN)
1705 return error;
1706
1707 /* delalloc blocks after truncation means it really is dirty */
1708 if (ip->i_delayed_blks)
1709 xfs_iflags_set(ip, XFS_IDIRTY_RELEASE);
1710 }
1711 return 0;
1712 }
1713
1714 /*
1715 * xfs_inactive_truncate
1716 *
1717 * Called to perform a truncate when an inode becomes unlinked.
1718 */
1719 STATIC int
xfs_inactive_truncate(struct xfs_inode * ip)1720 xfs_inactive_truncate(
1721 struct xfs_inode *ip)
1722 {
1723 struct xfs_mount *mp = ip->i_mount;
1724 struct xfs_trans *tp;
1725 int error;
1726
1727 tp = xfs_trans_alloc(mp, XFS_TRANS_INACTIVE);
1728 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0);
1729 if (error) {
1730 ASSERT(XFS_FORCED_SHUTDOWN(mp));
1731 xfs_trans_cancel(tp);
1732 return error;
1733 }
1734
1735 xfs_ilock(ip, XFS_ILOCK_EXCL);
1736 xfs_trans_ijoin(tp, ip, 0);
1737
1738 /*
1739 * Log the inode size first to prevent stale data exposure in the event
1740 * of a system crash before the truncate completes. See the related
1741 * comment in xfs_setattr_size() for details.
1742 */
1743 ip->i_d.di_size = 0;
1744 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1745
1746 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, 0);
1747 if (error)
1748 goto error_trans_cancel;
1749
1750 ASSERT(ip->i_d.di_nextents == 0);
1751
1752 error = xfs_trans_commit(tp);
1753 if (error)
1754 goto error_unlock;
1755
1756 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1757 return 0;
1758
1759 error_trans_cancel:
1760 xfs_trans_cancel(tp);
1761 error_unlock:
1762 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1763 return error;
1764 }
1765
1766 /*
1767 * xfs_inactive_ifree()
1768 *
1769 * Perform the inode free when an inode is unlinked.
1770 */
1771 STATIC int
xfs_inactive_ifree(struct xfs_inode * ip)1772 xfs_inactive_ifree(
1773 struct xfs_inode *ip)
1774 {
1775 xfs_bmap_free_t free_list;
1776 xfs_fsblock_t first_block;
1777 int committed;
1778 struct xfs_mount *mp = ip->i_mount;
1779 struct xfs_trans *tp;
1780 int error;
1781
1782 tp = xfs_trans_alloc(mp, XFS_TRANS_INACTIVE);
1783
1784 /*
1785 * The ifree transaction might need to allocate blocks for record
1786 * insertion to the finobt. We don't want to fail here at ENOSPC, so
1787 * allow ifree to dip into the reserved block pool if necessary.
1788 *
1789 * Freeing large sets of inodes generally means freeing inode chunks,
1790 * directory and file data blocks, so this should be relatively safe.
1791 * Only under severe circumstances should it be possible to free enough
1792 * inodes to exhaust the reserve block pool via finobt expansion while
1793 * at the same time not creating free space in the filesystem.
1794 *
1795 * Send a warning if the reservation does happen to fail, as the inode
1796 * now remains allocated and sits on the unlinked list until the fs is
1797 * repaired.
1798 */
1799 tp->t_flags |= XFS_TRANS_RESERVE;
1800 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_ifree,
1801 XFS_IFREE_SPACE_RES(mp), 0);
1802 if (error) {
1803 if (error == -ENOSPC) {
1804 xfs_warn_ratelimited(mp,
1805 "Failed to remove inode(s) from unlinked list. "
1806 "Please free space, unmount and run xfs_repair.");
1807 } else {
1808 ASSERT(XFS_FORCED_SHUTDOWN(mp));
1809 }
1810 xfs_trans_cancel(tp);
1811 return error;
1812 }
1813
1814 xfs_ilock(ip, XFS_ILOCK_EXCL);
1815 xfs_trans_ijoin(tp, ip, 0);
1816
1817 xfs_bmap_init(&free_list, &first_block);
1818 error = xfs_ifree(tp, ip, &free_list);
1819 if (error) {
1820 /*
1821 * If we fail to free the inode, shut down. The cancel
1822 * might do that, we need to make sure. Otherwise the
1823 * inode might be lost for a long time or forever.
1824 */
1825 if (!XFS_FORCED_SHUTDOWN(mp)) {
1826 xfs_notice(mp, "%s: xfs_ifree returned error %d",
1827 __func__, error);
1828 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR);
1829 }
1830 xfs_trans_cancel(tp);
1831 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1832 return error;
1833 }
1834
1835 /*
1836 * Credit the quota account(s). The inode is gone.
1837 */
1838 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, -1);
1839
1840 /*
1841 * Just ignore errors at this point. There is nothing we can do except
1842 * to try to keep going. Make sure it's not a silent error.
1843 */
1844 error = xfs_bmap_finish(&tp, &free_list, &committed);
1845 if (error) {
1846 xfs_notice(mp, "%s: xfs_bmap_finish returned error %d",
1847 __func__, error);
1848 xfs_bmap_cancel(&free_list);
1849 }
1850 error = xfs_trans_commit(tp);
1851 if (error)
1852 xfs_notice(mp, "%s: xfs_trans_commit returned error %d",
1853 __func__, error);
1854
1855 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1856 return 0;
1857 }
1858
1859 /*
1860 * xfs_inactive
1861 *
1862 * This is called when the vnode reference count for the vnode
1863 * goes to zero. If the file has been unlinked, then it must
1864 * now be truncated. Also, we clear all of the read-ahead state
1865 * kept for the inode here since the file is now closed.
1866 */
1867 void
xfs_inactive(xfs_inode_t * ip)1868 xfs_inactive(
1869 xfs_inode_t *ip)
1870 {
1871 struct xfs_mount *mp;
1872 int error;
1873 int truncate = 0;
1874
1875 /*
1876 * If the inode is already free, then there can be nothing
1877 * to clean up here.
1878 */
1879 if (ip->i_d.di_mode == 0) {
1880 ASSERT(ip->i_df.if_real_bytes == 0);
1881 ASSERT(ip->i_df.if_broot_bytes == 0);
1882 return;
1883 }
1884
1885 mp = ip->i_mount;
1886
1887 /* If this is a read-only mount, don't do this (would generate I/O) */
1888 if (mp->m_flags & XFS_MOUNT_RDONLY)
1889 return;
1890
1891 if (ip->i_d.di_nlink != 0) {
1892 /*
1893 * force is true because we are evicting an inode from the
1894 * cache. Post-eof blocks must be freed, lest we end up with
1895 * broken free space accounting.
1896 */
1897 if (xfs_can_free_eofblocks(ip, true))
1898 xfs_free_eofblocks(mp, ip, false);
1899
1900 return;
1901 }
1902
1903 if (S_ISREG(ip->i_d.di_mode) &&
1904 (ip->i_d.di_size != 0 || XFS_ISIZE(ip) != 0 ||
1905 ip->i_d.di_nextents > 0 || ip->i_delayed_blks > 0))
1906 truncate = 1;
1907
1908 error = xfs_qm_dqattach(ip, 0);
1909 if (error)
1910 return;
1911
1912 if (S_ISLNK(ip->i_d.di_mode))
1913 error = xfs_inactive_symlink(ip);
1914 else if (truncate)
1915 error = xfs_inactive_truncate(ip);
1916 if (error)
1917 return;
1918
1919 /*
1920 * If there are attributes associated with the file then blow them away
1921 * now. The code calls a routine that recursively deconstructs the
1922 * attribute fork. If also blows away the in-core attribute fork.
1923 */
1924 if (XFS_IFORK_Q(ip)) {
1925 error = xfs_attr_inactive(ip);
1926 if (error)
1927 return;
1928 }
1929
1930 ASSERT(!ip->i_afp);
1931 ASSERT(ip->i_d.di_anextents == 0);
1932 ASSERT(ip->i_d.di_forkoff == 0);
1933
1934 /*
1935 * Free the inode.
1936 */
1937 error = xfs_inactive_ifree(ip);
1938 if (error)
1939 return;
1940
1941 /*
1942 * Release the dquots held by inode, if any.
1943 */
1944 xfs_qm_dqdetach(ip);
1945 }
1946
1947 /*
1948 * This is called when the inode's link count goes to 0.
1949 * We place the on-disk inode on a list in the AGI. It
1950 * will be pulled from this list when the inode is freed.
1951 */
1952 int
xfs_iunlink(xfs_trans_t * tp,xfs_inode_t * ip)1953 xfs_iunlink(
1954 xfs_trans_t *tp,
1955 xfs_inode_t *ip)
1956 {
1957 xfs_mount_t *mp;
1958 xfs_agi_t *agi;
1959 xfs_dinode_t *dip;
1960 xfs_buf_t *agibp;
1961 xfs_buf_t *ibp;
1962 xfs_agino_t agino;
1963 short bucket_index;
1964 int offset;
1965 int error;
1966
1967 ASSERT(ip->i_d.di_nlink == 0);
1968 ASSERT(ip->i_d.di_mode != 0);
1969
1970 mp = tp->t_mountp;
1971
1972 /*
1973 * Get the agi buffer first. It ensures lock ordering
1974 * on the list.
1975 */
1976 error = xfs_read_agi(mp, tp, XFS_INO_TO_AGNO(mp, ip->i_ino), &agibp);
1977 if (error)
1978 return error;
1979 agi = XFS_BUF_TO_AGI(agibp);
1980
1981 /*
1982 * Get the index into the agi hash table for the
1983 * list this inode will go on.
1984 */
1985 agino = XFS_INO_TO_AGINO(mp, ip->i_ino);
1986 ASSERT(agino != 0);
1987 bucket_index = agino % XFS_AGI_UNLINKED_BUCKETS;
1988 ASSERT(agi->agi_unlinked[bucket_index]);
1989 ASSERT(be32_to_cpu(agi->agi_unlinked[bucket_index]) != agino);
1990
1991 if (agi->agi_unlinked[bucket_index] != cpu_to_be32(NULLAGINO)) {
1992 /*
1993 * There is already another inode in the bucket we need
1994 * to add ourselves to. Add us at the front of the list.
1995 * Here we put the head pointer into our next pointer,
1996 * and then we fall through to point the head at us.
1997 */
1998 error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &ibp,
1999 0, 0);
2000 if (error)
2001 return error;
2002
2003 ASSERT(dip->di_next_unlinked == cpu_to_be32(NULLAGINO));
2004 dip->di_next_unlinked = agi->agi_unlinked[bucket_index];
2005 offset = ip->i_imap.im_boffset +
2006 offsetof(xfs_dinode_t, di_next_unlinked);
2007
2008 /* need to recalc the inode CRC if appropriate */
2009 xfs_dinode_calc_crc(mp, dip);
2010
2011 xfs_trans_inode_buf(tp, ibp);
2012 xfs_trans_log_buf(tp, ibp, offset,
2013 (offset + sizeof(xfs_agino_t) - 1));
2014 xfs_inobp_check(mp, ibp);
2015 }
2016
2017 /*
2018 * Point the bucket head pointer at the inode being inserted.
2019 */
2020 ASSERT(agino != 0);
2021 agi->agi_unlinked[bucket_index] = cpu_to_be32(agino);
2022 offset = offsetof(xfs_agi_t, agi_unlinked) +
2023 (sizeof(xfs_agino_t) * bucket_index);
2024 xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
2025 xfs_trans_log_buf(tp, agibp, offset,
2026 (offset + sizeof(xfs_agino_t) - 1));
2027 return 0;
2028 }
2029
2030 /*
2031 * Pull the on-disk inode from the AGI unlinked list.
2032 */
2033 STATIC int
xfs_iunlink_remove(xfs_trans_t * tp,xfs_inode_t * ip)2034 xfs_iunlink_remove(
2035 xfs_trans_t *tp,
2036 xfs_inode_t *ip)
2037 {
2038 xfs_ino_t next_ino;
2039 xfs_mount_t *mp;
2040 xfs_agi_t *agi;
2041 xfs_dinode_t *dip;
2042 xfs_buf_t *agibp;
2043 xfs_buf_t *ibp;
2044 xfs_agnumber_t agno;
2045 xfs_agino_t agino;
2046 xfs_agino_t next_agino;
2047 xfs_buf_t *last_ibp;
2048 xfs_dinode_t *last_dip = NULL;
2049 short bucket_index;
2050 int offset, last_offset = 0;
2051 int error;
2052
2053 mp = tp->t_mountp;
2054 agno = XFS_INO_TO_AGNO(mp, ip->i_ino);
2055
2056 /*
2057 * Get the agi buffer first. It ensures lock ordering
2058 * on the list.
2059 */
2060 error = xfs_read_agi(mp, tp, agno, &agibp);
2061 if (error)
2062 return error;
2063
2064 agi = XFS_BUF_TO_AGI(agibp);
2065
2066 /*
2067 * Get the index into the agi hash table for the
2068 * list this inode will go on.
2069 */
2070 agino = XFS_INO_TO_AGINO(mp, ip->i_ino);
2071 ASSERT(agino != 0);
2072 bucket_index = agino % XFS_AGI_UNLINKED_BUCKETS;
2073 ASSERT(agi->agi_unlinked[bucket_index] != cpu_to_be32(NULLAGINO));
2074 ASSERT(agi->agi_unlinked[bucket_index]);
2075
2076 if (be32_to_cpu(agi->agi_unlinked[bucket_index]) == agino) {
2077 /*
2078 * We're at the head of the list. Get the inode's on-disk
2079 * buffer to see if there is anyone after us on the list.
2080 * Only modify our next pointer if it is not already NULLAGINO.
2081 * This saves us the overhead of dealing with the buffer when
2082 * there is no need to change it.
2083 */
2084 error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &ibp,
2085 0, 0);
2086 if (error) {
2087 xfs_warn(mp, "%s: xfs_imap_to_bp returned error %d.",
2088 __func__, error);
2089 return error;
2090 }
2091 next_agino = be32_to_cpu(dip->di_next_unlinked);
2092 ASSERT(next_agino != 0);
2093 if (next_agino != NULLAGINO) {
2094 dip->di_next_unlinked = cpu_to_be32(NULLAGINO);
2095 offset = ip->i_imap.im_boffset +
2096 offsetof(xfs_dinode_t, di_next_unlinked);
2097
2098 /* need to recalc the inode CRC if appropriate */
2099 xfs_dinode_calc_crc(mp, dip);
2100
2101 xfs_trans_inode_buf(tp, ibp);
2102 xfs_trans_log_buf(tp, ibp, offset,
2103 (offset + sizeof(xfs_agino_t) - 1));
2104 xfs_inobp_check(mp, ibp);
2105 } else {
2106 xfs_trans_brelse(tp, ibp);
2107 }
2108 /*
2109 * Point the bucket head pointer at the next inode.
2110 */
2111 ASSERT(next_agino != 0);
2112 ASSERT(next_agino != agino);
2113 agi->agi_unlinked[bucket_index] = cpu_to_be32(next_agino);
2114 offset = offsetof(xfs_agi_t, agi_unlinked) +
2115 (sizeof(xfs_agino_t) * bucket_index);
2116 xfs_trans_buf_set_type(tp, agibp, XFS_BLFT_AGI_BUF);
2117 xfs_trans_log_buf(tp, agibp, offset,
2118 (offset + sizeof(xfs_agino_t) - 1));
2119 } else {
2120 /*
2121 * We need to search the list for the inode being freed.
2122 */
2123 next_agino = be32_to_cpu(agi->agi_unlinked[bucket_index]);
2124 last_ibp = NULL;
2125 while (next_agino != agino) {
2126 struct xfs_imap imap;
2127
2128 if (last_ibp)
2129 xfs_trans_brelse(tp, last_ibp);
2130
2131 imap.im_blkno = 0;
2132 next_ino = XFS_AGINO_TO_INO(mp, agno, next_agino);
2133
2134 error = xfs_imap(mp, tp, next_ino, &imap, 0);
2135 if (error) {
2136 xfs_warn(mp,
2137 "%s: xfs_imap returned error %d.",
2138 __func__, error);
2139 return error;
2140 }
2141
2142 error = xfs_imap_to_bp(mp, tp, &imap, &last_dip,
2143 &last_ibp, 0, 0);
2144 if (error) {
2145 xfs_warn(mp,
2146 "%s: xfs_imap_to_bp returned error %d.",
2147 __func__, error);
2148 return error;
2149 }
2150
2151 last_offset = imap.im_boffset;
2152 next_agino = be32_to_cpu(last_dip->di_next_unlinked);
2153 ASSERT(next_agino != NULLAGINO);
2154 ASSERT(next_agino != 0);
2155 }
2156
2157 /*
2158 * Now last_ibp points to the buffer previous to us on the
2159 * unlinked list. Pull us from the list.
2160 */
2161 error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &ibp,
2162 0, 0);
2163 if (error) {
2164 xfs_warn(mp, "%s: xfs_imap_to_bp(2) returned error %d.",
2165 __func__, error);
2166 return error;
2167 }
2168 next_agino = be32_to_cpu(dip->di_next_unlinked);
2169 ASSERT(next_agino != 0);
2170 ASSERT(next_agino != agino);
2171 if (next_agino != NULLAGINO) {
2172 dip->di_next_unlinked = cpu_to_be32(NULLAGINO);
2173 offset = ip->i_imap.im_boffset +
2174 offsetof(xfs_dinode_t, di_next_unlinked);
2175
2176 /* need to recalc the inode CRC if appropriate */
2177 xfs_dinode_calc_crc(mp, dip);
2178
2179 xfs_trans_inode_buf(tp, ibp);
2180 xfs_trans_log_buf(tp, ibp, offset,
2181 (offset + sizeof(xfs_agino_t) - 1));
2182 xfs_inobp_check(mp, ibp);
2183 } else {
2184 xfs_trans_brelse(tp, ibp);
2185 }
2186 /*
2187 * Point the previous inode on the list to the next inode.
2188 */
2189 last_dip->di_next_unlinked = cpu_to_be32(next_agino);
2190 ASSERT(next_agino != 0);
2191 offset = last_offset + offsetof(xfs_dinode_t, di_next_unlinked);
2192
2193 /* need to recalc the inode CRC if appropriate */
2194 xfs_dinode_calc_crc(mp, last_dip);
2195
2196 xfs_trans_inode_buf(tp, last_ibp);
2197 xfs_trans_log_buf(tp, last_ibp, offset,
2198 (offset + sizeof(xfs_agino_t) - 1));
2199 xfs_inobp_check(mp, last_ibp);
2200 }
2201 return 0;
2202 }
2203
2204 /*
2205 * A big issue when freeing the inode cluster is that we _cannot_ skip any
2206 * inodes that are in memory - they all must be marked stale and attached to
2207 * the cluster buffer.
2208 */
2209 STATIC int
xfs_ifree_cluster(xfs_inode_t * free_ip,xfs_trans_t * tp,struct xfs_icluster * xic)2210 xfs_ifree_cluster(
2211 xfs_inode_t *free_ip,
2212 xfs_trans_t *tp,
2213 struct xfs_icluster *xic)
2214 {
2215 xfs_mount_t *mp = free_ip->i_mount;
2216 int blks_per_cluster;
2217 int inodes_per_cluster;
2218 int nbufs;
2219 int i, j;
2220 int ioffset;
2221 xfs_daddr_t blkno;
2222 xfs_buf_t *bp;
2223 xfs_inode_t *ip;
2224 xfs_inode_log_item_t *iip;
2225 xfs_log_item_t *lip;
2226 struct xfs_perag *pag;
2227 xfs_ino_t inum;
2228
2229 inum = xic->first_ino;
2230 pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, inum));
2231 blks_per_cluster = xfs_icluster_size_fsb(mp);
2232 inodes_per_cluster = blks_per_cluster << mp->m_sb.sb_inopblog;
2233 nbufs = mp->m_ialloc_blks / blks_per_cluster;
2234
2235 for (j = 0; j < nbufs; j++, inum += inodes_per_cluster) {
2236 /*
2237 * The allocation bitmap tells us which inodes of the chunk were
2238 * physically allocated. Skip the cluster if an inode falls into
2239 * a sparse region.
2240 */
2241 ioffset = inum - xic->first_ino;
2242 if ((xic->alloc & XFS_INOBT_MASK(ioffset)) == 0) {
2243 ASSERT(do_mod(ioffset, inodes_per_cluster) == 0);
2244 continue;
2245 }
2246
2247 blkno = XFS_AGB_TO_DADDR(mp, XFS_INO_TO_AGNO(mp, inum),
2248 XFS_INO_TO_AGBNO(mp, inum));
2249
2250 /*
2251 * We obtain and lock the backing buffer first in the process
2252 * here, as we have to ensure that any dirty inode that we
2253 * can't get the flush lock on is attached to the buffer.
2254 * If we scan the in-memory inodes first, then buffer IO can
2255 * complete before we get a lock on it, and hence we may fail
2256 * to mark all the active inodes on the buffer stale.
2257 */
2258 bp = xfs_trans_get_buf(tp, mp->m_ddev_targp, blkno,
2259 mp->m_bsize * blks_per_cluster,
2260 XBF_UNMAPPED);
2261
2262 if (!bp)
2263 return -ENOMEM;
2264
2265 /*
2266 * This buffer may not have been correctly initialised as we
2267 * didn't read it from disk. That's not important because we are
2268 * only using to mark the buffer as stale in the log, and to
2269 * attach stale cached inodes on it. That means it will never be
2270 * dispatched for IO. If it is, we want to know about it, and we
2271 * want it to fail. We can acheive this by adding a write
2272 * verifier to the buffer.
2273 */
2274 bp->b_ops = &xfs_inode_buf_ops;
2275
2276 /*
2277 * Walk the inodes already attached to the buffer and mark them
2278 * stale. These will all have the flush locks held, so an
2279 * in-memory inode walk can't lock them. By marking them all
2280 * stale first, we will not attempt to lock them in the loop
2281 * below as the XFS_ISTALE flag will be set.
2282 */
2283 lip = bp->b_fspriv;
2284 while (lip) {
2285 if (lip->li_type == XFS_LI_INODE) {
2286 iip = (xfs_inode_log_item_t *)lip;
2287 ASSERT(iip->ili_logged == 1);
2288 lip->li_cb = xfs_istale_done;
2289 xfs_trans_ail_copy_lsn(mp->m_ail,
2290 &iip->ili_flush_lsn,
2291 &iip->ili_item.li_lsn);
2292 xfs_iflags_set(iip->ili_inode, XFS_ISTALE);
2293 }
2294 lip = lip->li_bio_list;
2295 }
2296
2297
2298 /*
2299 * For each inode in memory attempt to add it to the inode
2300 * buffer and set it up for being staled on buffer IO
2301 * completion. This is safe as we've locked out tail pushing
2302 * and flushing by locking the buffer.
2303 *
2304 * We have already marked every inode that was part of a
2305 * transaction stale above, which means there is no point in
2306 * even trying to lock them.
2307 */
2308 for (i = 0; i < inodes_per_cluster; i++) {
2309 retry:
2310 rcu_read_lock();
2311 ip = radix_tree_lookup(&pag->pag_ici_root,
2312 XFS_INO_TO_AGINO(mp, (inum + i)));
2313
2314 /* Inode not in memory, nothing to do */
2315 if (!ip) {
2316 rcu_read_unlock();
2317 continue;
2318 }
2319
2320 /*
2321 * because this is an RCU protected lookup, we could
2322 * find a recently freed or even reallocated inode
2323 * during the lookup. We need to check under the
2324 * i_flags_lock for a valid inode here. Skip it if it
2325 * is not valid, the wrong inode or stale.
2326 */
2327 spin_lock(&ip->i_flags_lock);
2328 if (ip->i_ino != inum + i ||
2329 __xfs_iflags_test(ip, XFS_ISTALE)) {
2330 spin_unlock(&ip->i_flags_lock);
2331 rcu_read_unlock();
2332 continue;
2333 }
2334 spin_unlock(&ip->i_flags_lock);
2335
2336 /*
2337 * Don't try to lock/unlock the current inode, but we
2338 * _cannot_ skip the other inodes that we did not find
2339 * in the list attached to the buffer and are not
2340 * already marked stale. If we can't lock it, back off
2341 * and retry.
2342 */
2343 if (ip != free_ip &&
2344 !xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) {
2345 rcu_read_unlock();
2346 delay(1);
2347 goto retry;
2348 }
2349 rcu_read_unlock();
2350
2351 xfs_iflock(ip);
2352 xfs_iflags_set(ip, XFS_ISTALE);
2353
2354 /*
2355 * we don't need to attach clean inodes or those only
2356 * with unlogged changes (which we throw away, anyway).
2357 */
2358 iip = ip->i_itemp;
2359 if (!iip || xfs_inode_clean(ip)) {
2360 ASSERT(ip != free_ip);
2361 xfs_ifunlock(ip);
2362 xfs_iunlock(ip, XFS_ILOCK_EXCL);
2363 continue;
2364 }
2365
2366 iip->ili_last_fields = iip->ili_fields;
2367 iip->ili_fields = 0;
2368 iip->ili_fsync_fields = 0;
2369 iip->ili_logged = 1;
2370 xfs_trans_ail_copy_lsn(mp->m_ail, &iip->ili_flush_lsn,
2371 &iip->ili_item.li_lsn);
2372
2373 xfs_buf_attach_iodone(bp, xfs_istale_done,
2374 &iip->ili_item);
2375
2376 if (ip != free_ip)
2377 xfs_iunlock(ip, XFS_ILOCK_EXCL);
2378 }
2379
2380 xfs_trans_stale_inode_buf(tp, bp);
2381 xfs_trans_binval(tp, bp);
2382 }
2383
2384 xfs_perag_put(pag);
2385 return 0;
2386 }
2387
2388 /*
2389 * This is called to return an inode to the inode free list.
2390 * The inode should already be truncated to 0 length and have
2391 * no pages associated with it. This routine also assumes that
2392 * the inode is already a part of the transaction.
2393 *
2394 * The on-disk copy of the inode will have been added to the list
2395 * of unlinked inodes in the AGI. We need to remove the inode from
2396 * that list atomically with respect to freeing it here.
2397 */
2398 int
xfs_ifree(xfs_trans_t * tp,xfs_inode_t * ip,xfs_bmap_free_t * flist)2399 xfs_ifree(
2400 xfs_trans_t *tp,
2401 xfs_inode_t *ip,
2402 xfs_bmap_free_t *flist)
2403 {
2404 int error;
2405 struct xfs_icluster xic = { 0 };
2406
2407 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2408 ASSERT(ip->i_d.di_nlink == 0);
2409 ASSERT(ip->i_d.di_nextents == 0);
2410 ASSERT(ip->i_d.di_anextents == 0);
2411 ASSERT(ip->i_d.di_size == 0 || !S_ISREG(ip->i_d.di_mode));
2412 ASSERT(ip->i_d.di_nblocks == 0);
2413
2414 /*
2415 * Pull the on-disk inode from the AGI unlinked list.
2416 */
2417 error = xfs_iunlink_remove(tp, ip);
2418 if (error)
2419 return error;
2420
2421 error = xfs_difree(tp, ip->i_ino, flist, &xic);
2422 if (error)
2423 return error;
2424
2425 ip->i_d.di_mode = 0; /* mark incore inode as free */
2426 ip->i_d.di_flags = 0;
2427 ip->i_d.di_dmevmask = 0;
2428 ip->i_d.di_forkoff = 0; /* mark the attr fork not in use */
2429 ip->i_d.di_format = XFS_DINODE_FMT_EXTENTS;
2430 ip->i_d.di_aformat = XFS_DINODE_FMT_EXTENTS;
2431 /*
2432 * Bump the generation count so no one will be confused
2433 * by reincarnations of this inode.
2434 */
2435 ip->i_d.di_gen++;
2436 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
2437
2438 if (xic.deleted)
2439 error = xfs_ifree_cluster(ip, tp, &xic);
2440
2441 return error;
2442 }
2443
2444 /*
2445 * This is called to unpin an inode. The caller must have the inode locked
2446 * in at least shared mode so that the buffer cannot be subsequently pinned
2447 * once someone is waiting for it to be unpinned.
2448 */
2449 static void
xfs_iunpin(struct xfs_inode * ip)2450 xfs_iunpin(
2451 struct xfs_inode *ip)
2452 {
2453 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
2454
2455 trace_xfs_inode_unpin_nowait(ip, _RET_IP_);
2456
2457 /* Give the log a push to start the unpinning I/O */
2458 xfs_log_force_lsn(ip->i_mount, ip->i_itemp->ili_last_lsn, 0);
2459
2460 }
2461
2462 static void
__xfs_iunpin_wait(struct xfs_inode * ip)2463 __xfs_iunpin_wait(
2464 struct xfs_inode *ip)
2465 {
2466 wait_queue_head_t *wq = bit_waitqueue(&ip->i_flags, __XFS_IPINNED_BIT);
2467 DEFINE_WAIT_BIT(wait, &ip->i_flags, __XFS_IPINNED_BIT);
2468
2469 xfs_iunpin(ip);
2470
2471 do {
2472 prepare_to_wait(wq, &wait.wait, TASK_UNINTERRUPTIBLE);
2473 if (xfs_ipincount(ip))
2474 io_schedule();
2475 } while (xfs_ipincount(ip));
2476 finish_wait(wq, &wait.wait);
2477 }
2478
2479 void
xfs_iunpin_wait(struct xfs_inode * ip)2480 xfs_iunpin_wait(
2481 struct xfs_inode *ip)
2482 {
2483 if (xfs_ipincount(ip))
2484 __xfs_iunpin_wait(ip);
2485 }
2486
2487 /*
2488 * Removing an inode from the namespace involves removing the directory entry
2489 * and dropping the link count on the inode. Removing the directory entry can
2490 * result in locking an AGF (directory blocks were freed) and removing a link
2491 * count can result in placing the inode on an unlinked list which results in
2492 * locking an AGI.
2493 *
2494 * The big problem here is that we have an ordering constraint on AGF and AGI
2495 * locking - inode allocation locks the AGI, then can allocate a new extent for
2496 * new inodes, locking the AGF after the AGI. Similarly, freeing the inode
2497 * removes the inode from the unlinked list, requiring that we lock the AGI
2498 * first, and then freeing the inode can result in an inode chunk being freed
2499 * and hence freeing disk space requiring that we lock an AGF.
2500 *
2501 * Hence the ordering that is imposed by other parts of the code is AGI before
2502 * AGF. This means we cannot remove the directory entry before we drop the inode
2503 * reference count and put it on the unlinked list as this results in a lock
2504 * order of AGF then AGI, and this can deadlock against inode allocation and
2505 * freeing. Therefore we must drop the link counts before we remove the
2506 * directory entry.
2507 *
2508 * This is still safe from a transactional point of view - it is not until we
2509 * get to xfs_bmap_finish() that we have the possibility of multiple
2510 * transactions in this operation. Hence as long as we remove the directory
2511 * entry and drop the link count in the first transaction of the remove
2512 * operation, there are no transactional constraints on the ordering here.
2513 */
2514 int
xfs_remove(xfs_inode_t * dp,struct xfs_name * name,xfs_inode_t * ip)2515 xfs_remove(
2516 xfs_inode_t *dp,
2517 struct xfs_name *name,
2518 xfs_inode_t *ip)
2519 {
2520 xfs_mount_t *mp = dp->i_mount;
2521 xfs_trans_t *tp = NULL;
2522 int is_dir = S_ISDIR(ip->i_d.di_mode);
2523 int error = 0;
2524 xfs_bmap_free_t free_list;
2525 xfs_fsblock_t first_block;
2526 int committed;
2527 uint resblks;
2528
2529 trace_xfs_remove(dp, name);
2530
2531 if (XFS_FORCED_SHUTDOWN(mp))
2532 return -EIO;
2533
2534 error = xfs_qm_dqattach(dp, 0);
2535 if (error)
2536 goto std_return;
2537
2538 error = xfs_qm_dqattach(ip, 0);
2539 if (error)
2540 goto std_return;
2541
2542 if (is_dir)
2543 tp = xfs_trans_alloc(mp, XFS_TRANS_RMDIR);
2544 else
2545 tp = xfs_trans_alloc(mp, XFS_TRANS_REMOVE);
2546
2547 /*
2548 * We try to get the real space reservation first,
2549 * allowing for directory btree deletion(s) implying
2550 * possible bmap insert(s). If we can't get the space
2551 * reservation then we use 0 instead, and avoid the bmap
2552 * btree insert(s) in the directory code by, if the bmap
2553 * insert tries to happen, instead trimming the LAST
2554 * block from the directory.
2555 */
2556 resblks = XFS_REMOVE_SPACE_RES(mp);
2557 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_remove, resblks, 0);
2558 if (error == -ENOSPC) {
2559 resblks = 0;
2560 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_remove, 0, 0);
2561 }
2562 if (error) {
2563 ASSERT(error != -ENOSPC);
2564 goto out_trans_cancel;
2565 }
2566
2567 xfs_ilock(dp, XFS_IOLOCK_EXCL | XFS_IOLOCK_PARENT);
2568 xfs_lock_two_inodes(dp, ip, XFS_ILOCK_EXCL);
2569
2570 xfs_trans_ijoin(tp, dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
2571 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
2572
2573 /*
2574 * If we're removing a directory perform some additional validation.
2575 */
2576 if (is_dir) {
2577 ASSERT(ip->i_d.di_nlink >= 2);
2578 if (ip->i_d.di_nlink != 2) {
2579 error = -ENOTEMPTY;
2580 goto out_trans_cancel;
2581 }
2582 if (!xfs_dir_isempty(ip)) {
2583 error = -ENOTEMPTY;
2584 goto out_trans_cancel;
2585 }
2586
2587 /* Drop the link from ip's "..". */
2588 error = xfs_droplink(tp, dp);
2589 if (error)
2590 goto out_trans_cancel;
2591
2592 /* Drop the "." link from ip to self. */
2593 error = xfs_droplink(tp, ip);
2594 if (error)
2595 goto out_trans_cancel;
2596 } else {
2597 /*
2598 * When removing a non-directory we need to log the parent
2599 * inode here. For a directory this is done implicitly
2600 * by the xfs_droplink call for the ".." entry.
2601 */
2602 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE);
2603 }
2604 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
2605
2606 /* Drop the link from dp to ip. */
2607 error = xfs_droplink(tp, ip);
2608 if (error)
2609 goto out_trans_cancel;
2610
2611 xfs_bmap_init(&free_list, &first_block);
2612 error = xfs_dir_removename(tp, dp, name, ip->i_ino,
2613 &first_block, &free_list, resblks);
2614 if (error) {
2615 ASSERT(error != -ENOENT);
2616 goto out_bmap_cancel;
2617 }
2618
2619 /*
2620 * If this is a synchronous mount, make sure that the
2621 * remove transaction goes to disk before returning to
2622 * the user.
2623 */
2624 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
2625 xfs_trans_set_sync(tp);
2626
2627 error = xfs_bmap_finish(&tp, &free_list, &committed);
2628 if (error)
2629 goto out_bmap_cancel;
2630
2631 error = xfs_trans_commit(tp);
2632 if (error)
2633 goto std_return;
2634
2635 if (is_dir && xfs_inode_is_filestream(ip))
2636 xfs_filestream_deassociate(ip);
2637
2638 return 0;
2639
2640 out_bmap_cancel:
2641 xfs_bmap_cancel(&free_list);
2642 out_trans_cancel:
2643 xfs_trans_cancel(tp);
2644 std_return:
2645 return error;
2646 }
2647
2648 /*
2649 * Enter all inodes for a rename transaction into a sorted array.
2650 */
2651 #define __XFS_SORT_INODES 5
2652 STATIC void
xfs_sort_for_rename(struct xfs_inode * dp1,struct xfs_inode * dp2,struct xfs_inode * ip1,struct xfs_inode * ip2,struct xfs_inode * wip,struct xfs_inode ** i_tab,int * num_inodes)2653 xfs_sort_for_rename(
2654 struct xfs_inode *dp1, /* in: old (source) directory inode */
2655 struct xfs_inode *dp2, /* in: new (target) directory inode */
2656 struct xfs_inode *ip1, /* in: inode of old entry */
2657 struct xfs_inode *ip2, /* in: inode of new entry */
2658 struct xfs_inode *wip, /* in: whiteout inode */
2659 struct xfs_inode **i_tab,/* out: sorted array of inodes */
2660 int *num_inodes) /* in/out: inodes in array */
2661 {
2662 int i, j;
2663
2664 ASSERT(*num_inodes == __XFS_SORT_INODES);
2665 memset(i_tab, 0, *num_inodes * sizeof(struct xfs_inode *));
2666
2667 /*
2668 * i_tab contains a list of pointers to inodes. We initialize
2669 * the table here & we'll sort it. We will then use it to
2670 * order the acquisition of the inode locks.
2671 *
2672 * Note that the table may contain duplicates. e.g., dp1 == dp2.
2673 */
2674 i = 0;
2675 i_tab[i++] = dp1;
2676 i_tab[i++] = dp2;
2677 i_tab[i++] = ip1;
2678 if (ip2)
2679 i_tab[i++] = ip2;
2680 if (wip)
2681 i_tab[i++] = wip;
2682 *num_inodes = i;
2683
2684 /*
2685 * Sort the elements via bubble sort. (Remember, there are at
2686 * most 5 elements to sort, so this is adequate.)
2687 */
2688 for (i = 0; i < *num_inodes; i++) {
2689 for (j = 1; j < *num_inodes; j++) {
2690 if (i_tab[j]->i_ino < i_tab[j-1]->i_ino) {
2691 struct xfs_inode *temp = i_tab[j];
2692 i_tab[j] = i_tab[j-1];
2693 i_tab[j-1] = temp;
2694 }
2695 }
2696 }
2697 }
2698
2699 static int
xfs_finish_rename(struct xfs_trans * tp,struct xfs_bmap_free * free_list)2700 xfs_finish_rename(
2701 struct xfs_trans *tp,
2702 struct xfs_bmap_free *free_list)
2703 {
2704 int committed = 0;
2705 int error;
2706
2707 /*
2708 * If this is a synchronous mount, make sure that the rename transaction
2709 * goes to disk before returning to the user.
2710 */
2711 if (tp->t_mountp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
2712 xfs_trans_set_sync(tp);
2713
2714 error = xfs_bmap_finish(&tp, free_list, &committed);
2715 if (error) {
2716 xfs_bmap_cancel(free_list);
2717 xfs_trans_cancel(tp);
2718 return error;
2719 }
2720
2721 return xfs_trans_commit(tp);
2722 }
2723
2724 /*
2725 * xfs_cross_rename()
2726 *
2727 * responsible for handling RENAME_EXCHANGE flag in renameat2() sytemcall
2728 */
2729 STATIC int
xfs_cross_rename(struct xfs_trans * tp,struct xfs_inode * dp1,struct xfs_name * name1,struct xfs_inode * ip1,struct xfs_inode * dp2,struct xfs_name * name2,struct xfs_inode * ip2,struct xfs_bmap_free * free_list,xfs_fsblock_t * first_block,int spaceres)2730 xfs_cross_rename(
2731 struct xfs_trans *tp,
2732 struct xfs_inode *dp1,
2733 struct xfs_name *name1,
2734 struct xfs_inode *ip1,
2735 struct xfs_inode *dp2,
2736 struct xfs_name *name2,
2737 struct xfs_inode *ip2,
2738 struct xfs_bmap_free *free_list,
2739 xfs_fsblock_t *first_block,
2740 int spaceres)
2741 {
2742 int error = 0;
2743 int ip1_flags = 0;
2744 int ip2_flags = 0;
2745 int dp2_flags = 0;
2746
2747 /* Swap inode number for dirent in first parent */
2748 error = xfs_dir_replace(tp, dp1, name1,
2749 ip2->i_ino,
2750 first_block, free_list, spaceres);
2751 if (error)
2752 goto out_trans_abort;
2753
2754 /* Swap inode number for dirent in second parent */
2755 error = xfs_dir_replace(tp, dp2, name2,
2756 ip1->i_ino,
2757 first_block, free_list, spaceres);
2758 if (error)
2759 goto out_trans_abort;
2760
2761 /*
2762 * If we're renaming one or more directories across different parents,
2763 * update the respective ".." entries (and link counts) to match the new
2764 * parents.
2765 */
2766 if (dp1 != dp2) {
2767 dp2_flags = XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2768
2769 if (S_ISDIR(ip2->i_d.di_mode)) {
2770 error = xfs_dir_replace(tp, ip2, &xfs_name_dotdot,
2771 dp1->i_ino, first_block,
2772 free_list, spaceres);
2773 if (error)
2774 goto out_trans_abort;
2775
2776 /* transfer ip2 ".." reference to dp1 */
2777 if (!S_ISDIR(ip1->i_d.di_mode)) {
2778 error = xfs_droplink(tp, dp2);
2779 if (error)
2780 goto out_trans_abort;
2781 error = xfs_bumplink(tp, dp1);
2782 if (error)
2783 goto out_trans_abort;
2784 }
2785
2786 /*
2787 * Although ip1 isn't changed here, userspace needs
2788 * to be warned about the change, so that applications
2789 * relying on it (like backup ones), will properly
2790 * notify the change
2791 */
2792 ip1_flags |= XFS_ICHGTIME_CHG;
2793 ip2_flags |= XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2794 }
2795
2796 if (S_ISDIR(ip1->i_d.di_mode)) {
2797 error = xfs_dir_replace(tp, ip1, &xfs_name_dotdot,
2798 dp2->i_ino, first_block,
2799 free_list, spaceres);
2800 if (error)
2801 goto out_trans_abort;
2802
2803 /* transfer ip1 ".." reference to dp2 */
2804 if (!S_ISDIR(ip2->i_d.di_mode)) {
2805 error = xfs_droplink(tp, dp1);
2806 if (error)
2807 goto out_trans_abort;
2808 error = xfs_bumplink(tp, dp2);
2809 if (error)
2810 goto out_trans_abort;
2811 }
2812
2813 /*
2814 * Although ip2 isn't changed here, userspace needs
2815 * to be warned about the change, so that applications
2816 * relying on it (like backup ones), will properly
2817 * notify the change
2818 */
2819 ip1_flags |= XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2820 ip2_flags |= XFS_ICHGTIME_CHG;
2821 }
2822 }
2823
2824 if (ip1_flags) {
2825 xfs_trans_ichgtime(tp, ip1, ip1_flags);
2826 xfs_trans_log_inode(tp, ip1, XFS_ILOG_CORE);
2827 }
2828 if (ip2_flags) {
2829 xfs_trans_ichgtime(tp, ip2, ip2_flags);
2830 xfs_trans_log_inode(tp, ip2, XFS_ILOG_CORE);
2831 }
2832 if (dp2_flags) {
2833 xfs_trans_ichgtime(tp, dp2, dp2_flags);
2834 xfs_trans_log_inode(tp, dp2, XFS_ILOG_CORE);
2835 }
2836 xfs_trans_ichgtime(tp, dp1, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
2837 xfs_trans_log_inode(tp, dp1, XFS_ILOG_CORE);
2838 return xfs_finish_rename(tp, free_list);
2839
2840 out_trans_abort:
2841 xfs_bmap_cancel(free_list);
2842 xfs_trans_cancel(tp);
2843 return error;
2844 }
2845
2846 /*
2847 * xfs_rename_alloc_whiteout()
2848 *
2849 * Return a referenced, unlinked, unlocked inode that that can be used as a
2850 * whiteout in a rename transaction. We use a tmpfile inode here so that if we
2851 * crash between allocating the inode and linking it into the rename transaction
2852 * recovery will free the inode and we won't leak it.
2853 */
2854 static int
xfs_rename_alloc_whiteout(struct xfs_inode * dp,struct xfs_inode ** wip)2855 xfs_rename_alloc_whiteout(
2856 struct xfs_inode *dp,
2857 struct xfs_inode **wip)
2858 {
2859 struct xfs_inode *tmpfile;
2860 int error;
2861
2862 error = xfs_create_tmpfile(dp, NULL, S_IFCHR | WHITEOUT_MODE, &tmpfile);
2863 if (error)
2864 return error;
2865
2866 /*
2867 * Prepare the tmpfile inode as if it were created through the VFS.
2868 * Otherwise, the link increment paths will complain about nlink 0->1.
2869 * Drop the link count as done by d_tmpfile(), complete the inode setup
2870 * and flag it as linkable.
2871 */
2872 drop_nlink(VFS_I(tmpfile));
2873 xfs_finish_inode_setup(tmpfile);
2874 VFS_I(tmpfile)->i_state |= I_LINKABLE;
2875
2876 *wip = tmpfile;
2877 return 0;
2878 }
2879
2880 /*
2881 * xfs_rename
2882 */
2883 int
xfs_rename(struct xfs_inode * src_dp,struct xfs_name * src_name,struct xfs_inode * src_ip,struct xfs_inode * target_dp,struct xfs_name * target_name,struct xfs_inode * target_ip,unsigned int flags)2884 xfs_rename(
2885 struct xfs_inode *src_dp,
2886 struct xfs_name *src_name,
2887 struct xfs_inode *src_ip,
2888 struct xfs_inode *target_dp,
2889 struct xfs_name *target_name,
2890 struct xfs_inode *target_ip,
2891 unsigned int flags)
2892 {
2893 struct xfs_mount *mp = src_dp->i_mount;
2894 struct xfs_trans *tp;
2895 struct xfs_bmap_free free_list;
2896 xfs_fsblock_t first_block;
2897 struct xfs_inode *wip = NULL; /* whiteout inode */
2898 struct xfs_inode *inodes[__XFS_SORT_INODES];
2899 int num_inodes = __XFS_SORT_INODES;
2900 bool new_parent = (src_dp != target_dp);
2901 bool src_is_directory = S_ISDIR(src_ip->i_d.di_mode);
2902 int spaceres;
2903 int error;
2904
2905 trace_xfs_rename(src_dp, target_dp, src_name, target_name);
2906
2907 if ((flags & RENAME_EXCHANGE) && !target_ip)
2908 return -EINVAL;
2909
2910 /*
2911 * If we are doing a whiteout operation, allocate the whiteout inode
2912 * we will be placing at the target and ensure the type is set
2913 * appropriately.
2914 */
2915 if (flags & RENAME_WHITEOUT) {
2916 ASSERT(!(flags & (RENAME_NOREPLACE | RENAME_EXCHANGE)));
2917 error = xfs_rename_alloc_whiteout(target_dp, &wip);
2918 if (error)
2919 return error;
2920
2921 /* setup target dirent info as whiteout */
2922 src_name->type = XFS_DIR3_FT_CHRDEV;
2923 }
2924
2925 xfs_sort_for_rename(src_dp, target_dp, src_ip, target_ip, wip,
2926 inodes, &num_inodes);
2927
2928 tp = xfs_trans_alloc(mp, XFS_TRANS_RENAME);
2929 spaceres = XFS_RENAME_SPACE_RES(mp, target_name->len);
2930 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_rename, spaceres, 0);
2931 if (error == -ENOSPC) {
2932 spaceres = 0;
2933 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_rename, 0, 0);
2934 }
2935 if (error)
2936 goto out_trans_cancel;
2937
2938 /*
2939 * Attach the dquots to the inodes
2940 */
2941 error = xfs_qm_vop_rename_dqattach(inodes);
2942 if (error)
2943 goto out_trans_cancel;
2944
2945 /*
2946 * Lock all the participating inodes. Depending upon whether
2947 * the target_name exists in the target directory, and
2948 * whether the target directory is the same as the source
2949 * directory, we can lock from 2 to 4 inodes.
2950 */
2951 if (!new_parent)
2952 xfs_ilock(src_dp, XFS_IOLOCK_EXCL | XFS_IOLOCK_PARENT);
2953 else
2954 xfs_lock_two_inodes(src_dp, target_dp,
2955 XFS_IOLOCK_EXCL | XFS_IOLOCK_PARENT);
2956
2957 xfs_lock_inodes(inodes, num_inodes, XFS_ILOCK_EXCL);
2958
2959 /*
2960 * Join all the inodes to the transaction. From this point on,
2961 * we can rely on either trans_commit or trans_cancel to unlock
2962 * them.
2963 */
2964 xfs_trans_ijoin(tp, src_dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
2965 if (new_parent)
2966 xfs_trans_ijoin(tp, target_dp, XFS_IOLOCK_EXCL | XFS_ILOCK_EXCL);
2967 xfs_trans_ijoin(tp, src_ip, XFS_ILOCK_EXCL);
2968 if (target_ip)
2969 xfs_trans_ijoin(tp, target_ip, XFS_ILOCK_EXCL);
2970 if (wip)
2971 xfs_trans_ijoin(tp, wip, XFS_ILOCK_EXCL);
2972
2973 /*
2974 * If we are using project inheritance, we only allow renames
2975 * into our tree when the project IDs are the same; else the
2976 * tree quota mechanism would be circumvented.
2977 */
2978 if (unlikely((target_dp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
2979 (xfs_get_projid(target_dp) != xfs_get_projid(src_ip)))) {
2980 error = -EXDEV;
2981 goto out_trans_cancel;
2982 }
2983
2984 xfs_bmap_init(&free_list, &first_block);
2985
2986 /* RENAME_EXCHANGE is unique from here on. */
2987 if (flags & RENAME_EXCHANGE)
2988 return xfs_cross_rename(tp, src_dp, src_name, src_ip,
2989 target_dp, target_name, target_ip,
2990 &free_list, &first_block, spaceres);
2991
2992 /*
2993 * Set up the target.
2994 */
2995 if (target_ip == NULL) {
2996 /*
2997 * If there's no space reservation, check the entry will
2998 * fit before actually inserting it.
2999 */
3000 if (!spaceres) {
3001 error = xfs_dir_canenter(tp, target_dp, target_name);
3002 if (error)
3003 goto out_trans_cancel;
3004 }
3005 /*
3006 * If target does not exist and the rename crosses
3007 * directories, adjust the target directory link count
3008 * to account for the ".." reference from the new entry.
3009 */
3010 error = xfs_dir_createname(tp, target_dp, target_name,
3011 src_ip->i_ino, &first_block,
3012 &free_list, spaceres);
3013 if (error)
3014 goto out_bmap_cancel;
3015
3016 xfs_trans_ichgtime(tp, target_dp,
3017 XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3018
3019 if (new_parent && src_is_directory) {
3020 error = xfs_bumplink(tp, target_dp);
3021 if (error)
3022 goto out_bmap_cancel;
3023 }
3024 } else { /* target_ip != NULL */
3025 /*
3026 * If target exists and it's a directory, check that both
3027 * target and source are directories and that target can be
3028 * destroyed, or that neither is a directory.
3029 */
3030 if (S_ISDIR(target_ip->i_d.di_mode)) {
3031 /*
3032 * Make sure target dir is empty.
3033 */
3034 if (!(xfs_dir_isempty(target_ip)) ||
3035 (target_ip->i_d.di_nlink > 2)) {
3036 error = -EEXIST;
3037 goto out_trans_cancel;
3038 }
3039 }
3040
3041 /*
3042 * Link the source inode under the target name.
3043 * If the source inode is a directory and we are moving
3044 * it across directories, its ".." entry will be
3045 * inconsistent until we replace that down below.
3046 *
3047 * In case there is already an entry with the same
3048 * name at the destination directory, remove it first.
3049 */
3050 error = xfs_dir_replace(tp, target_dp, target_name,
3051 src_ip->i_ino,
3052 &first_block, &free_list, spaceres);
3053 if (error)
3054 goto out_bmap_cancel;
3055
3056 xfs_trans_ichgtime(tp, target_dp,
3057 XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3058
3059 /*
3060 * Decrement the link count on the target since the target
3061 * dir no longer points to it.
3062 */
3063 error = xfs_droplink(tp, target_ip);
3064 if (error)
3065 goto out_bmap_cancel;
3066
3067 if (src_is_directory) {
3068 /*
3069 * Drop the link from the old "." entry.
3070 */
3071 error = xfs_droplink(tp, target_ip);
3072 if (error)
3073 goto out_bmap_cancel;
3074 }
3075 } /* target_ip != NULL */
3076
3077 /*
3078 * Remove the source.
3079 */
3080 if (new_parent && src_is_directory) {
3081 /*
3082 * Rewrite the ".." entry to point to the new
3083 * directory.
3084 */
3085 error = xfs_dir_replace(tp, src_ip, &xfs_name_dotdot,
3086 target_dp->i_ino,
3087 &first_block, &free_list, spaceres);
3088 ASSERT(error != -EEXIST);
3089 if (error)
3090 goto out_bmap_cancel;
3091 }
3092
3093 /*
3094 * We always want to hit the ctime on the source inode.
3095 *
3096 * This isn't strictly required by the standards since the source
3097 * inode isn't really being changed, but old unix file systems did
3098 * it and some incremental backup programs won't work without it.
3099 */
3100 xfs_trans_ichgtime(tp, src_ip, XFS_ICHGTIME_CHG);
3101 xfs_trans_log_inode(tp, src_ip, XFS_ILOG_CORE);
3102
3103 /*
3104 * Adjust the link count on src_dp. This is necessary when
3105 * renaming a directory, either within one parent when
3106 * the target existed, or across two parent directories.
3107 */
3108 if (src_is_directory && (new_parent || target_ip != NULL)) {
3109
3110 /*
3111 * Decrement link count on src_directory since the
3112 * entry that's moved no longer points to it.
3113 */
3114 error = xfs_droplink(tp, src_dp);
3115 if (error)
3116 goto out_bmap_cancel;
3117 }
3118
3119 /*
3120 * For whiteouts, we only need to update the source dirent with the
3121 * inode number of the whiteout inode rather than removing it
3122 * altogether.
3123 */
3124 if (wip) {
3125 error = xfs_dir_replace(tp, src_dp, src_name, wip->i_ino,
3126 &first_block, &free_list, spaceres);
3127 } else
3128 error = xfs_dir_removename(tp, src_dp, src_name, src_ip->i_ino,
3129 &first_block, &free_list, spaceres);
3130 if (error)
3131 goto out_bmap_cancel;
3132
3133 /*
3134 * For whiteouts, we need to bump the link count on the whiteout inode.
3135 * This means that failures all the way up to this point leave the inode
3136 * on the unlinked list and so cleanup is a simple matter of dropping
3137 * the remaining reference to it. If we fail here after bumping the link
3138 * count, we're shutting down the filesystem so we'll never see the
3139 * intermediate state on disk.
3140 */
3141 if (wip) {
3142 ASSERT(VFS_I(wip)->i_nlink == 0 && wip->i_d.di_nlink == 0);
3143 error = xfs_bumplink(tp, wip);
3144 if (error)
3145 goto out_bmap_cancel;
3146 error = xfs_iunlink_remove(tp, wip);
3147 if (error)
3148 goto out_bmap_cancel;
3149 xfs_trans_log_inode(tp, wip, XFS_ILOG_CORE);
3150
3151 /*
3152 * Now we have a real link, clear the "I'm a tmpfile" state
3153 * flag from the inode so it doesn't accidentally get misused in
3154 * future.
3155 */
3156 VFS_I(wip)->i_state &= ~I_LINKABLE;
3157 }
3158
3159 xfs_trans_ichgtime(tp, src_dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3160 xfs_trans_log_inode(tp, src_dp, XFS_ILOG_CORE);
3161 if (new_parent)
3162 xfs_trans_log_inode(tp, target_dp, XFS_ILOG_CORE);
3163
3164 error = xfs_finish_rename(tp, &free_list);
3165 if (wip)
3166 IRELE(wip);
3167 return error;
3168
3169 out_bmap_cancel:
3170 xfs_bmap_cancel(&free_list);
3171 out_trans_cancel:
3172 xfs_trans_cancel(tp);
3173 if (wip)
3174 IRELE(wip);
3175 return error;
3176 }
3177
3178 STATIC int
xfs_iflush_cluster(xfs_inode_t * ip,xfs_buf_t * bp)3179 xfs_iflush_cluster(
3180 xfs_inode_t *ip,
3181 xfs_buf_t *bp)
3182 {
3183 xfs_mount_t *mp = ip->i_mount;
3184 struct xfs_perag *pag;
3185 unsigned long first_index, mask;
3186 unsigned long inodes_per_cluster;
3187 int ilist_size;
3188 xfs_inode_t **ilist;
3189 xfs_inode_t *iq;
3190 int nr_found;
3191 int clcount = 0;
3192 int bufwasdelwri;
3193 int i;
3194
3195 pag = xfs_perag_get(mp, XFS_INO_TO_AGNO(mp, ip->i_ino));
3196
3197 inodes_per_cluster = mp->m_inode_cluster_size >> mp->m_sb.sb_inodelog;
3198 ilist_size = inodes_per_cluster * sizeof(xfs_inode_t *);
3199 ilist = kmem_alloc(ilist_size, KM_MAYFAIL|KM_NOFS);
3200 if (!ilist)
3201 goto out_put;
3202
3203 mask = ~(((mp->m_inode_cluster_size >> mp->m_sb.sb_inodelog)) - 1);
3204 first_index = XFS_INO_TO_AGINO(mp, ip->i_ino) & mask;
3205 rcu_read_lock();
3206 /* really need a gang lookup range call here */
3207 nr_found = radix_tree_gang_lookup(&pag->pag_ici_root, (void**)ilist,
3208 first_index, inodes_per_cluster);
3209 if (nr_found == 0)
3210 goto out_free;
3211
3212 for (i = 0; i < nr_found; i++) {
3213 iq = ilist[i];
3214 if (iq == ip)
3215 continue;
3216
3217 /*
3218 * because this is an RCU protected lookup, we could find a
3219 * recently freed or even reallocated inode during the lookup.
3220 * We need to check under the i_flags_lock for a valid inode
3221 * here. Skip it if it is not valid or the wrong inode.
3222 */
3223 spin_lock(&iq->i_flags_lock);
3224 if (!iq->i_ino ||
3225 __xfs_iflags_test(iq, XFS_ISTALE) ||
3226 (XFS_INO_TO_AGINO(mp, iq->i_ino) & mask) != first_index) {
3227 spin_unlock(&iq->i_flags_lock);
3228 continue;
3229 }
3230 spin_unlock(&iq->i_flags_lock);
3231
3232 /*
3233 * Do an un-protected check to see if the inode is dirty and
3234 * is a candidate for flushing. These checks will be repeated
3235 * later after the appropriate locks are acquired.
3236 */
3237 if (xfs_inode_clean(iq) && xfs_ipincount(iq) == 0)
3238 continue;
3239
3240 /*
3241 * Try to get locks. If any are unavailable or it is pinned,
3242 * then this inode cannot be flushed and is skipped.
3243 */
3244
3245 if (!xfs_ilock_nowait(iq, XFS_ILOCK_SHARED))
3246 continue;
3247 if (!xfs_iflock_nowait(iq)) {
3248 xfs_iunlock(iq, XFS_ILOCK_SHARED);
3249 continue;
3250 }
3251 if (xfs_ipincount(iq)) {
3252 xfs_ifunlock(iq);
3253 xfs_iunlock(iq, XFS_ILOCK_SHARED);
3254 continue;
3255 }
3256
3257 /*
3258 * arriving here means that this inode can be flushed. First
3259 * re-check that it's dirty before flushing.
3260 */
3261 if (!xfs_inode_clean(iq)) {
3262 int error;
3263 error = xfs_iflush_int(iq, bp);
3264 if (error) {
3265 xfs_iunlock(iq, XFS_ILOCK_SHARED);
3266 goto cluster_corrupt_out;
3267 }
3268 clcount++;
3269 } else {
3270 xfs_ifunlock(iq);
3271 }
3272 xfs_iunlock(iq, XFS_ILOCK_SHARED);
3273 }
3274
3275 if (clcount) {
3276 XFS_STATS_INC(mp, xs_icluster_flushcnt);
3277 XFS_STATS_ADD(mp, xs_icluster_flushinode, clcount);
3278 }
3279
3280 out_free:
3281 rcu_read_unlock();
3282 kmem_free(ilist);
3283 out_put:
3284 xfs_perag_put(pag);
3285 return 0;
3286
3287
3288 cluster_corrupt_out:
3289 /*
3290 * Corruption detected in the clustering loop. Invalidate the
3291 * inode buffer and shut down the filesystem.
3292 */
3293 rcu_read_unlock();
3294 /*
3295 * Clean up the buffer. If it was delwri, just release it --
3296 * brelse can handle it with no problems. If not, shut down the
3297 * filesystem before releasing the buffer.
3298 */
3299 bufwasdelwri = (bp->b_flags & _XBF_DELWRI_Q);
3300 if (bufwasdelwri)
3301 xfs_buf_relse(bp);
3302
3303 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
3304
3305 if (!bufwasdelwri) {
3306 /*
3307 * Just like incore_relse: if we have b_iodone functions,
3308 * mark the buffer as an error and call them. Otherwise
3309 * mark it as stale and brelse.
3310 */
3311 if (bp->b_iodone) {
3312 XFS_BUF_UNDONE(bp);
3313 xfs_buf_stale(bp);
3314 xfs_buf_ioerror(bp, -EIO);
3315 xfs_buf_ioend(bp);
3316 } else {
3317 xfs_buf_stale(bp);
3318 xfs_buf_relse(bp);
3319 }
3320 }
3321
3322 /*
3323 * Unlocks the flush lock
3324 */
3325 xfs_iflush_abort(iq, false);
3326 kmem_free(ilist);
3327 xfs_perag_put(pag);
3328 return -EFSCORRUPTED;
3329 }
3330
3331 /*
3332 * Flush dirty inode metadata into the backing buffer.
3333 *
3334 * The caller must have the inode lock and the inode flush lock held. The
3335 * inode lock will still be held upon return to the caller, and the inode
3336 * flush lock will be released after the inode has reached the disk.
3337 *
3338 * The caller must write out the buffer returned in *bpp and release it.
3339 */
3340 int
xfs_iflush(struct xfs_inode * ip,struct xfs_buf ** bpp)3341 xfs_iflush(
3342 struct xfs_inode *ip,
3343 struct xfs_buf **bpp)
3344 {
3345 struct xfs_mount *mp = ip->i_mount;
3346 struct xfs_buf *bp = NULL;
3347 struct xfs_dinode *dip;
3348 int error;
3349
3350 XFS_STATS_INC(mp, xs_iflush_count);
3351
3352 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
3353 ASSERT(xfs_isiflocked(ip));
3354 ASSERT(ip->i_d.di_format != XFS_DINODE_FMT_BTREE ||
3355 ip->i_d.di_nextents > XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK));
3356
3357 *bpp = NULL;
3358
3359 xfs_iunpin_wait(ip);
3360
3361 /*
3362 * For stale inodes we cannot rely on the backing buffer remaining
3363 * stale in cache for the remaining life of the stale inode and so
3364 * xfs_imap_to_bp() below may give us a buffer that no longer contains
3365 * inodes below. We have to check this after ensuring the inode is
3366 * unpinned so that it is safe to reclaim the stale inode after the
3367 * flush call.
3368 */
3369 if (xfs_iflags_test(ip, XFS_ISTALE)) {
3370 xfs_ifunlock(ip);
3371 return 0;
3372 }
3373
3374 /*
3375 * This may have been unpinned because the filesystem is shutting
3376 * down forcibly. If that's the case we must not write this inode
3377 * to disk, because the log record didn't make it to disk.
3378 *
3379 * We also have to remove the log item from the AIL in this case,
3380 * as we wait for an empty AIL as part of the unmount process.
3381 */
3382 if (XFS_FORCED_SHUTDOWN(mp)) {
3383 error = -EIO;
3384 goto abort_out;
3385 }
3386
3387 /*
3388 * Get the buffer containing the on-disk inode. We are doing a try-lock
3389 * operation here, so we may get an EAGAIN error. In that case, we
3390 * simply want to return with the inode still dirty.
3391 *
3392 * If we get any other error, we effectively have a corruption situation
3393 * and we cannot flush the inode, so we treat it the same as failing
3394 * xfs_iflush_int().
3395 */
3396 error = xfs_imap_to_bp(mp, NULL, &ip->i_imap, &dip, &bp, XBF_TRYLOCK,
3397 0);
3398 if (error == -EAGAIN) {
3399 xfs_ifunlock(ip);
3400 return error;
3401 }
3402 if (error)
3403 goto corrupt_out;
3404
3405 /*
3406 * First flush out the inode that xfs_iflush was called with.
3407 */
3408 error = xfs_iflush_int(ip, bp);
3409 if (error)
3410 goto corrupt_out;
3411
3412 /*
3413 * If the buffer is pinned then push on the log now so we won't
3414 * get stuck waiting in the write for too long.
3415 */
3416 if (xfs_buf_ispinned(bp))
3417 xfs_log_force(mp, 0);
3418
3419 /*
3420 * inode clustering:
3421 * see if other inodes can be gathered into this write
3422 */
3423 error = xfs_iflush_cluster(ip, bp);
3424 if (error)
3425 goto cluster_corrupt_out;
3426
3427 *bpp = bp;
3428 return 0;
3429
3430 corrupt_out:
3431 if (bp)
3432 xfs_buf_relse(bp);
3433 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
3434 cluster_corrupt_out:
3435 error = -EFSCORRUPTED;
3436 abort_out:
3437 /*
3438 * Unlocks the flush lock
3439 */
3440 xfs_iflush_abort(ip, false);
3441 return error;
3442 }
3443
3444 STATIC int
xfs_iflush_int(struct xfs_inode * ip,struct xfs_buf * bp)3445 xfs_iflush_int(
3446 struct xfs_inode *ip,
3447 struct xfs_buf *bp)
3448 {
3449 struct xfs_inode_log_item *iip = ip->i_itemp;
3450 struct xfs_dinode *dip;
3451 struct xfs_mount *mp = ip->i_mount;
3452
3453 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
3454 ASSERT(xfs_isiflocked(ip));
3455 ASSERT(ip->i_d.di_format != XFS_DINODE_FMT_BTREE ||
3456 ip->i_d.di_nextents > XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK));
3457 ASSERT(iip != NULL && iip->ili_fields != 0);
3458 ASSERT(ip->i_d.di_version > 1);
3459
3460 /* set *dip = inode's place in the buffer */
3461 dip = xfs_buf_offset(bp, ip->i_imap.im_boffset);
3462
3463 if (XFS_TEST_ERROR(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC),
3464 mp, XFS_ERRTAG_IFLUSH_1, XFS_RANDOM_IFLUSH_1)) {
3465 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3466 "%s: Bad inode %Lu magic number 0x%x, ptr 0x%p",
3467 __func__, ip->i_ino, be16_to_cpu(dip->di_magic), dip);
3468 goto corrupt_out;
3469 }
3470 if (XFS_TEST_ERROR(ip->i_d.di_magic != XFS_DINODE_MAGIC,
3471 mp, XFS_ERRTAG_IFLUSH_2, XFS_RANDOM_IFLUSH_2)) {
3472 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3473 "%s: Bad inode %Lu, ptr 0x%p, magic number 0x%x",
3474 __func__, ip->i_ino, ip, ip->i_d.di_magic);
3475 goto corrupt_out;
3476 }
3477 if (S_ISREG(ip->i_d.di_mode)) {
3478 if (XFS_TEST_ERROR(
3479 (ip->i_d.di_format != XFS_DINODE_FMT_EXTENTS) &&
3480 (ip->i_d.di_format != XFS_DINODE_FMT_BTREE),
3481 mp, XFS_ERRTAG_IFLUSH_3, XFS_RANDOM_IFLUSH_3)) {
3482 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3483 "%s: Bad regular inode %Lu, ptr 0x%p",
3484 __func__, ip->i_ino, ip);
3485 goto corrupt_out;
3486 }
3487 } else if (S_ISDIR(ip->i_d.di_mode)) {
3488 if (XFS_TEST_ERROR(
3489 (ip->i_d.di_format != XFS_DINODE_FMT_EXTENTS) &&
3490 (ip->i_d.di_format != XFS_DINODE_FMT_BTREE) &&
3491 (ip->i_d.di_format != XFS_DINODE_FMT_LOCAL),
3492 mp, XFS_ERRTAG_IFLUSH_4, XFS_RANDOM_IFLUSH_4)) {
3493 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3494 "%s: Bad directory inode %Lu, ptr 0x%p",
3495 __func__, ip->i_ino, ip);
3496 goto corrupt_out;
3497 }
3498 }
3499 if (XFS_TEST_ERROR(ip->i_d.di_nextents + ip->i_d.di_anextents >
3500 ip->i_d.di_nblocks, mp, XFS_ERRTAG_IFLUSH_5,
3501 XFS_RANDOM_IFLUSH_5)) {
3502 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3503 "%s: detected corrupt incore inode %Lu, "
3504 "total extents = %d, nblocks = %Ld, ptr 0x%p",
3505 __func__, ip->i_ino,
3506 ip->i_d.di_nextents + ip->i_d.di_anextents,
3507 ip->i_d.di_nblocks, ip);
3508 goto corrupt_out;
3509 }
3510 if (XFS_TEST_ERROR(ip->i_d.di_forkoff > mp->m_sb.sb_inodesize,
3511 mp, XFS_ERRTAG_IFLUSH_6, XFS_RANDOM_IFLUSH_6)) {
3512 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3513 "%s: bad inode %Lu, forkoff 0x%x, ptr 0x%p",
3514 __func__, ip->i_ino, ip->i_d.di_forkoff, ip);
3515 goto corrupt_out;
3516 }
3517
3518 /*
3519 * Inode item log recovery for v2 inodes are dependent on the
3520 * di_flushiter count for correct sequencing. We bump the flush
3521 * iteration count so we can detect flushes which postdate a log record
3522 * during recovery. This is redundant as we now log every change and
3523 * hence this can't happen but we need to still do it to ensure
3524 * backwards compatibility with old kernels that predate logging all
3525 * inode changes.
3526 */
3527 if (ip->i_d.di_version < 3)
3528 ip->i_d.di_flushiter++;
3529
3530 /*
3531 * Copy the dirty parts of the inode into the on-disk
3532 * inode. We always copy out the core of the inode,
3533 * because if the inode is dirty at all the core must
3534 * be.
3535 */
3536 xfs_dinode_to_disk(dip, &ip->i_d);
3537
3538 /* Wrap, we never let the log put out DI_MAX_FLUSH */
3539 if (ip->i_d.di_flushiter == DI_MAX_FLUSH)
3540 ip->i_d.di_flushiter = 0;
3541
3542 xfs_iflush_fork(ip, dip, iip, XFS_DATA_FORK);
3543 if (XFS_IFORK_Q(ip))
3544 xfs_iflush_fork(ip, dip, iip, XFS_ATTR_FORK);
3545 xfs_inobp_check(mp, bp);
3546
3547 /*
3548 * We've recorded everything logged in the inode, so we'd like to clear
3549 * the ili_fields bits so we don't log and flush things unnecessarily.
3550 * However, we can't stop logging all this information until the data
3551 * we've copied into the disk buffer is written to disk. If we did we
3552 * might overwrite the copy of the inode in the log with all the data
3553 * after re-logging only part of it, and in the face of a crash we
3554 * wouldn't have all the data we need to recover.
3555 *
3556 * What we do is move the bits to the ili_last_fields field. When
3557 * logging the inode, these bits are moved back to the ili_fields field.
3558 * In the xfs_iflush_done() routine we clear ili_last_fields, since we
3559 * know that the information those bits represent is permanently on
3560 * disk. As long as the flush completes before the inode is logged
3561 * again, then both ili_fields and ili_last_fields will be cleared.
3562 *
3563 * We can play with the ili_fields bits here, because the inode lock
3564 * must be held exclusively in order to set bits there and the flush
3565 * lock protects the ili_last_fields bits. Set ili_logged so the flush
3566 * done routine can tell whether or not to look in the AIL. Also, store
3567 * the current LSN of the inode so that we can tell whether the item has
3568 * moved in the AIL from xfs_iflush_done(). In order to read the lsn we
3569 * need the AIL lock, because it is a 64 bit value that cannot be read
3570 * atomically.
3571 */
3572 iip->ili_last_fields = iip->ili_fields;
3573 iip->ili_fields = 0;
3574 iip->ili_fsync_fields = 0;
3575 iip->ili_logged = 1;
3576
3577 xfs_trans_ail_copy_lsn(mp->m_ail, &iip->ili_flush_lsn,
3578 &iip->ili_item.li_lsn);
3579
3580 /*
3581 * Attach the function xfs_iflush_done to the inode's
3582 * buffer. This will remove the inode from the AIL
3583 * and unlock the inode's flush lock when the inode is
3584 * completely written to disk.
3585 */
3586 xfs_buf_attach_iodone(bp, xfs_iflush_done, &iip->ili_item);
3587
3588 /* update the lsn in the on disk inode if required */
3589 if (ip->i_d.di_version == 3)
3590 dip->di_lsn = cpu_to_be64(iip->ili_item.li_lsn);
3591
3592 /* generate the checksum. */
3593 xfs_dinode_calc_crc(mp, dip);
3594
3595 ASSERT(bp->b_fspriv != NULL);
3596 ASSERT(bp->b_iodone != NULL);
3597 return 0;
3598
3599 corrupt_out:
3600 return -EFSCORRUPTED;
3601 }
3602