1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6#include "xfs.h" 7#include <linux/backing-dev.h> 8#include <linux/dax.h> 9 10#include "xfs_shared.h" 11#include "xfs_format.h" 12#include "xfs_log_format.h" 13#include "xfs_trans_resv.h" 14#include "xfs_mount.h" 15#include "xfs_trace.h" 16#include "xfs_log.h" 17#include "xfs_log_recover.h" 18#include "xfs_log_priv.h" 19#include "xfs_trans.h" 20#include "xfs_buf_item.h" 21#include "xfs_errortag.h" 22#include "xfs_error.h" 23#include "xfs_ag.h" 24#include "xfs_buf_mem.h" 25 26struct kmem_cache *xfs_buf_cache; 27 28/* 29 * Locking orders 30 * 31 * xfs_buf_ioacct_inc: 32 * xfs_buf_ioacct_dec: 33 * b_sema (caller holds) 34 * b_lock 35 * 36 * xfs_buf_stale: 37 * b_sema (caller holds) 38 * b_lock 39 * lru_lock 40 * 41 * xfs_buf_rele: 42 * b_lock 43 * pag_buf_lock 44 * lru_lock 45 * 46 * xfs_buftarg_drain_rele 47 * lru_lock 48 * b_lock (trylock due to inversion) 49 * 50 * xfs_buftarg_isolate 51 * lru_lock 52 * b_lock (trylock due to inversion) 53 */ 54 55static int __xfs_buf_submit(struct xfs_buf *bp, bool wait); 56 57static inline int 58xfs_buf_submit( 59 struct xfs_buf *bp) 60{ 61 return __xfs_buf_submit(bp, !(bp->b_flags & XBF_ASYNC)); 62} 63 64static inline bool xfs_buf_is_uncached(struct xfs_buf *bp) 65{ 66 return bp->b_rhash_key == XFS_BUF_DADDR_NULL; 67} 68 69static inline int 70xfs_buf_is_vmapped( 71 struct xfs_buf *bp) 72{ 73 /* 74 * Return true if the buffer is vmapped. 75 * 76 * b_addr is null if the buffer is not mapped, but the code is clever 77 * enough to know it doesn't have to map a single page, so the check has 78 * to be both for b_addr and bp->b_page_count > 1. 79 */ 80 return bp->b_addr && bp->b_page_count > 1; 81} 82 83static inline int 84xfs_buf_vmap_len( 85 struct xfs_buf *bp) 86{ 87 return (bp->b_page_count * PAGE_SIZE); 88} 89 90/* 91 * Bump the I/O in flight count on the buftarg if we haven't yet done so for 92 * this buffer. The count is incremented once per buffer (per hold cycle) 93 * because the corresponding decrement is deferred to buffer release. Buffers 94 * can undergo I/O multiple times in a hold-release cycle and per buffer I/O 95 * tracking adds unnecessary overhead. This is used for sychronization purposes 96 * with unmount (see xfs_buftarg_drain()), so all we really need is a count of 97 * in-flight buffers. 98 * 99 * Buffers that are never released (e.g., superblock, iclog buffers) must set 100 * the XBF_NO_IOACCT flag before I/O submission. Otherwise, the buftarg count 101 * never reaches zero and unmount hangs indefinitely. 102 */ 103static inline void 104xfs_buf_ioacct_inc( 105 struct xfs_buf *bp) 106{ 107 if (bp->b_flags & XBF_NO_IOACCT) 108 return; 109 110 ASSERT(bp->b_flags & XBF_ASYNC); 111 spin_lock(&bp->b_lock); 112 if (!(bp->b_state & XFS_BSTATE_IN_FLIGHT)) { 113 bp->b_state |= XFS_BSTATE_IN_FLIGHT; 114 percpu_counter_inc(&bp->b_target->bt_io_count); 115 } 116 spin_unlock(&bp->b_lock); 117} 118 119/* 120 * Clear the in-flight state on a buffer about to be released to the LRU or 121 * freed and unaccount from the buftarg. 122 */ 123static inline void 124__xfs_buf_ioacct_dec( 125 struct xfs_buf *bp) 126{ 127 lockdep_assert_held(&bp->b_lock); 128 129 if (bp->b_state & XFS_BSTATE_IN_FLIGHT) { 130 bp->b_state &= ~XFS_BSTATE_IN_FLIGHT; 131 percpu_counter_dec(&bp->b_target->bt_io_count); 132 } 133} 134 135static inline void 136xfs_buf_ioacct_dec( 137 struct xfs_buf *bp) 138{ 139 spin_lock(&bp->b_lock); 140 __xfs_buf_ioacct_dec(bp); 141 spin_unlock(&bp->b_lock); 142} 143 144/* 145 * When we mark a buffer stale, we remove the buffer from the LRU and clear the 146 * b_lru_ref count so that the buffer is freed immediately when the buffer 147 * reference count falls to zero. If the buffer is already on the LRU, we need 148 * to remove the reference that LRU holds on the buffer. 149 * 150 * This prevents build-up of stale buffers on the LRU. 151 */ 152void 153xfs_buf_stale( 154 struct xfs_buf *bp) 155{ 156 ASSERT(xfs_buf_islocked(bp)); 157 158 bp->b_flags |= XBF_STALE; 159 160 /* 161 * Clear the delwri status so that a delwri queue walker will not 162 * flush this buffer to disk now that it is stale. The delwri queue has 163 * a reference to the buffer, so this is safe to do. 164 */ 165 bp->b_flags &= ~_XBF_DELWRI_Q; 166 167 /* 168 * Once the buffer is marked stale and unlocked, a subsequent lookup 169 * could reset b_flags. There is no guarantee that the buffer is 170 * unaccounted (released to LRU) before that occurs. Drop in-flight 171 * status now to preserve accounting consistency. 172 */ 173 spin_lock(&bp->b_lock); 174 __xfs_buf_ioacct_dec(bp); 175 176 atomic_set(&bp->b_lru_ref, 0); 177 if (!(bp->b_state & XFS_BSTATE_DISPOSE) && 178 (list_lru_del_obj(&bp->b_target->bt_lru, &bp->b_lru))) 179 atomic_dec(&bp->b_hold); 180 181 ASSERT(atomic_read(&bp->b_hold) >= 1); 182 spin_unlock(&bp->b_lock); 183} 184 185static int 186xfs_buf_get_maps( 187 struct xfs_buf *bp, 188 int map_count) 189{ 190 ASSERT(bp->b_maps == NULL); 191 bp->b_map_count = map_count; 192 193 if (map_count == 1) { 194 bp->b_maps = &bp->__b_map; 195 return 0; 196 } 197 198 bp->b_maps = kzalloc(map_count * sizeof(struct xfs_buf_map), 199 GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL); 200 if (!bp->b_maps) 201 return -ENOMEM; 202 return 0; 203} 204 205/* 206 * Frees b_pages if it was allocated. 207 */ 208static void 209xfs_buf_free_maps( 210 struct xfs_buf *bp) 211{ 212 if (bp->b_maps != &bp->__b_map) { 213 kfree(bp->b_maps); 214 bp->b_maps = NULL; 215 } 216} 217 218static int 219_xfs_buf_alloc( 220 struct xfs_buftarg *target, 221 struct xfs_buf_map *map, 222 int nmaps, 223 xfs_buf_flags_t flags, 224 struct xfs_buf **bpp) 225{ 226 struct xfs_buf *bp; 227 int error; 228 int i; 229 230 *bpp = NULL; 231 bp = kmem_cache_zalloc(xfs_buf_cache, 232 GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL); 233 234 /* 235 * We don't want certain flags to appear in b_flags unless they are 236 * specifically set by later operations on the buffer. 237 */ 238 flags &= ~(XBF_UNMAPPED | XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD); 239 240 atomic_set(&bp->b_hold, 1); 241 atomic_set(&bp->b_lru_ref, 1); 242 init_completion(&bp->b_iowait); 243 INIT_LIST_HEAD(&bp->b_lru); 244 INIT_LIST_HEAD(&bp->b_list); 245 INIT_LIST_HEAD(&bp->b_li_list); 246 sema_init(&bp->b_sema, 0); /* held, no waiters */ 247 spin_lock_init(&bp->b_lock); 248 bp->b_target = target; 249 bp->b_mount = target->bt_mount; 250 bp->b_flags = flags; 251 252 /* 253 * Set length and io_length to the same value initially. 254 * I/O routines should use io_length, which will be the same in 255 * most cases but may be reset (e.g. XFS recovery). 256 */ 257 error = xfs_buf_get_maps(bp, nmaps); 258 if (error) { 259 kmem_cache_free(xfs_buf_cache, bp); 260 return error; 261 } 262 263 bp->b_rhash_key = map[0].bm_bn; 264 bp->b_length = 0; 265 for (i = 0; i < nmaps; i++) { 266 bp->b_maps[i].bm_bn = map[i].bm_bn; 267 bp->b_maps[i].bm_len = map[i].bm_len; 268 bp->b_length += map[i].bm_len; 269 } 270 271 atomic_set(&bp->b_pin_count, 0); 272 init_waitqueue_head(&bp->b_waiters); 273 274 XFS_STATS_INC(bp->b_mount, xb_create); 275 trace_xfs_buf_init(bp, _RET_IP_); 276 277 *bpp = bp; 278 return 0; 279} 280 281static void 282xfs_buf_free_pages( 283 struct xfs_buf *bp) 284{ 285 uint i; 286 287 ASSERT(bp->b_flags & _XBF_PAGES); 288 289 if (xfs_buf_is_vmapped(bp)) 290 vm_unmap_ram(bp->b_addr, bp->b_page_count); 291 292 for (i = 0; i < bp->b_page_count; i++) { 293 if (bp->b_pages[i]) 294 __free_page(bp->b_pages[i]); 295 } 296 mm_account_reclaimed_pages(bp->b_page_count); 297 298 if (bp->b_pages != bp->b_page_array) 299 kfree(bp->b_pages); 300 bp->b_pages = NULL; 301 bp->b_flags &= ~_XBF_PAGES; 302} 303 304static void 305xfs_buf_free_callback( 306 struct callback_head *cb) 307{ 308 struct xfs_buf *bp = container_of(cb, struct xfs_buf, b_rcu); 309 310 xfs_buf_free_maps(bp); 311 kmem_cache_free(xfs_buf_cache, bp); 312} 313 314static void 315xfs_buf_free( 316 struct xfs_buf *bp) 317{ 318 trace_xfs_buf_free(bp, _RET_IP_); 319 320 ASSERT(list_empty(&bp->b_lru)); 321 322 if (xfs_buftarg_is_mem(bp->b_target)) 323 xmbuf_unmap_page(bp); 324 else if (bp->b_flags & _XBF_PAGES) 325 xfs_buf_free_pages(bp); 326 else if (bp->b_flags & _XBF_KMEM) 327 kfree(bp->b_addr); 328 329 call_rcu(&bp->b_rcu, xfs_buf_free_callback); 330} 331 332static int 333xfs_buf_alloc_kmem( 334 struct xfs_buf *bp, 335 xfs_buf_flags_t flags) 336{ 337 gfp_t gfp_mask = GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOFAIL; 338 size_t size = BBTOB(bp->b_length); 339 340 /* Assure zeroed buffer for non-read cases. */ 341 if (!(flags & XBF_READ)) 342 gfp_mask |= __GFP_ZERO; 343 344 bp->b_addr = kmalloc(size, gfp_mask); 345 if (!bp->b_addr) 346 return -ENOMEM; 347 348 if (((unsigned long)(bp->b_addr + size - 1) & PAGE_MASK) != 349 ((unsigned long)bp->b_addr & PAGE_MASK)) { 350 /* b_addr spans two pages - use alloc_page instead */ 351 kfree(bp->b_addr); 352 bp->b_addr = NULL; 353 return -ENOMEM; 354 } 355 bp->b_offset = offset_in_page(bp->b_addr); 356 bp->b_pages = bp->b_page_array; 357 bp->b_pages[0] = kmem_to_page(bp->b_addr); 358 bp->b_page_count = 1; 359 bp->b_flags |= _XBF_KMEM; 360 return 0; 361} 362 363static int 364xfs_buf_alloc_pages( 365 struct xfs_buf *bp, 366 xfs_buf_flags_t flags) 367{ 368 gfp_t gfp_mask = GFP_KERNEL | __GFP_NOLOCKDEP | __GFP_NOWARN; 369 long filled = 0; 370 371 if (flags & XBF_READ_AHEAD) 372 gfp_mask |= __GFP_NORETRY; 373 374 /* Make sure that we have a page list */ 375 bp->b_page_count = DIV_ROUND_UP(BBTOB(bp->b_length), PAGE_SIZE); 376 if (bp->b_page_count <= XB_PAGES) { 377 bp->b_pages = bp->b_page_array; 378 } else { 379 bp->b_pages = kzalloc(sizeof(struct page *) * bp->b_page_count, 380 gfp_mask); 381 if (!bp->b_pages) 382 return -ENOMEM; 383 } 384 bp->b_flags |= _XBF_PAGES; 385 386 /* Assure zeroed buffer for non-read cases. */ 387 if (!(flags & XBF_READ)) 388 gfp_mask |= __GFP_ZERO; 389 390 /* 391 * Bulk filling of pages can take multiple calls. Not filling the entire 392 * array is not an allocation failure, so don't back off if we get at 393 * least one extra page. 394 */ 395 for (;;) { 396 long last = filled; 397 398 filled = alloc_pages_bulk_array(gfp_mask, bp->b_page_count, 399 bp->b_pages); 400 if (filled == bp->b_page_count) { 401 XFS_STATS_INC(bp->b_mount, xb_page_found); 402 break; 403 } 404 405 if (filled != last) 406 continue; 407 408 if (flags & XBF_READ_AHEAD) { 409 xfs_buf_free_pages(bp); 410 return -ENOMEM; 411 } 412 413 XFS_STATS_INC(bp->b_mount, xb_page_retries); 414 memalloc_retry_wait(gfp_mask); 415 } 416 return 0; 417} 418 419/* 420 * Map buffer into kernel address-space if necessary. 421 */ 422STATIC int 423_xfs_buf_map_pages( 424 struct xfs_buf *bp, 425 xfs_buf_flags_t flags) 426{ 427 ASSERT(bp->b_flags & _XBF_PAGES); 428 if (bp->b_page_count == 1) { 429 /* A single page buffer is always mappable */ 430 bp->b_addr = page_address(bp->b_pages[0]); 431 } else if (flags & XBF_UNMAPPED) { 432 bp->b_addr = NULL; 433 } else { 434 int retried = 0; 435 unsigned nofs_flag; 436 437 /* 438 * vm_map_ram() will allocate auxiliary structures (e.g. 439 * pagetables) with GFP_KERNEL, yet we often under a scoped nofs 440 * context here. Mixing GFP_KERNEL with GFP_NOFS allocations 441 * from the same call site that can be run from both above and 442 * below memory reclaim causes lockdep false positives. Hence we 443 * always need to force this allocation to nofs context because 444 * we can't pass __GFP_NOLOCKDEP down to auxillary structures to 445 * prevent false positive lockdep reports. 446 * 447 * XXX(dgc): I think dquot reclaim is the only place we can get 448 * to this function from memory reclaim context now. If we fix 449 * that like we've fixed inode reclaim to avoid writeback from 450 * reclaim, this nofs wrapping can go away. 451 */ 452 nofs_flag = memalloc_nofs_save(); 453 do { 454 bp->b_addr = vm_map_ram(bp->b_pages, bp->b_page_count, 455 -1); 456 if (bp->b_addr) 457 break; 458 vm_unmap_aliases(); 459 } while (retried++ <= 1); 460 memalloc_nofs_restore(nofs_flag); 461 462 if (!bp->b_addr) 463 return -ENOMEM; 464 } 465 466 return 0; 467} 468 469/* 470 * Finding and Reading Buffers 471 */ 472static int 473_xfs_buf_obj_cmp( 474 struct rhashtable_compare_arg *arg, 475 const void *obj) 476{ 477 const struct xfs_buf_map *map = arg->key; 478 const struct xfs_buf *bp = obj; 479 480 /* 481 * The key hashing in the lookup path depends on the key being the 482 * first element of the compare_arg, make sure to assert this. 483 */ 484 BUILD_BUG_ON(offsetof(struct xfs_buf_map, bm_bn) != 0); 485 486 if (bp->b_rhash_key != map->bm_bn) 487 return 1; 488 489 if (unlikely(bp->b_length != map->bm_len)) { 490 /* 491 * found a block number match. If the range doesn't 492 * match, the only way this is allowed is if the buffer 493 * in the cache is stale and the transaction that made 494 * it stale has not yet committed. i.e. we are 495 * reallocating a busy extent. Skip this buffer and 496 * continue searching for an exact match. 497 */ 498 if (!(map->bm_flags & XBM_LIVESCAN)) 499 ASSERT(bp->b_flags & XBF_STALE); 500 return 1; 501 } 502 return 0; 503} 504 505static const struct rhashtable_params xfs_buf_hash_params = { 506 .min_size = 32, /* empty AGs have minimal footprint */ 507 .nelem_hint = 16, 508 .key_len = sizeof(xfs_daddr_t), 509 .key_offset = offsetof(struct xfs_buf, b_rhash_key), 510 .head_offset = offsetof(struct xfs_buf, b_rhash_head), 511 .automatic_shrinking = true, 512 .obj_cmpfn = _xfs_buf_obj_cmp, 513}; 514 515int 516xfs_buf_cache_init( 517 struct xfs_buf_cache *bch) 518{ 519 spin_lock_init(&bch->bc_lock); 520 return rhashtable_init(&bch->bc_hash, &xfs_buf_hash_params); 521} 522 523void 524xfs_buf_cache_destroy( 525 struct xfs_buf_cache *bch) 526{ 527 rhashtable_destroy(&bch->bc_hash); 528} 529 530static int 531xfs_buf_map_verify( 532 struct xfs_buftarg *btp, 533 struct xfs_buf_map *map) 534{ 535 xfs_daddr_t eofs; 536 537 /* Check for IOs smaller than the sector size / not sector aligned */ 538 ASSERT(!(BBTOB(map->bm_len) < btp->bt_meta_sectorsize)); 539 ASSERT(!(BBTOB(map->bm_bn) & (xfs_off_t)btp->bt_meta_sectormask)); 540 541 /* 542 * Corrupted block numbers can get through to here, unfortunately, so we 543 * have to check that the buffer falls within the filesystem bounds. 544 */ 545 eofs = XFS_FSB_TO_BB(btp->bt_mount, btp->bt_mount->m_sb.sb_dblocks); 546 if (map->bm_bn < 0 || map->bm_bn >= eofs) { 547 xfs_alert(btp->bt_mount, 548 "%s: daddr 0x%llx out of range, EOFS 0x%llx", 549 __func__, map->bm_bn, eofs); 550 WARN_ON(1); 551 return -EFSCORRUPTED; 552 } 553 return 0; 554} 555 556static int 557xfs_buf_find_lock( 558 struct xfs_buf *bp, 559 xfs_buf_flags_t flags) 560{ 561 if (flags & XBF_TRYLOCK) { 562 if (!xfs_buf_trylock(bp)) { 563 XFS_STATS_INC(bp->b_mount, xb_busy_locked); 564 return -EAGAIN; 565 } 566 } else { 567 xfs_buf_lock(bp); 568 XFS_STATS_INC(bp->b_mount, xb_get_locked_waited); 569 } 570 571 /* 572 * if the buffer is stale, clear all the external state associated with 573 * it. We need to keep flags such as how we allocated the buffer memory 574 * intact here. 575 */ 576 if (bp->b_flags & XBF_STALE) { 577 if (flags & XBF_LIVESCAN) { 578 xfs_buf_unlock(bp); 579 return -ENOENT; 580 } 581 ASSERT((bp->b_flags & _XBF_DELWRI_Q) == 0); 582 bp->b_flags &= _XBF_KMEM | _XBF_PAGES; 583 bp->b_ops = NULL; 584 } 585 return 0; 586} 587 588static inline int 589xfs_buf_lookup( 590 struct xfs_buf_cache *bch, 591 struct xfs_buf_map *map, 592 xfs_buf_flags_t flags, 593 struct xfs_buf **bpp) 594{ 595 struct xfs_buf *bp; 596 int error; 597 598 rcu_read_lock(); 599 bp = rhashtable_lookup(&bch->bc_hash, map, xfs_buf_hash_params); 600 if (!bp || !atomic_inc_not_zero(&bp->b_hold)) { 601 rcu_read_unlock(); 602 return -ENOENT; 603 } 604 rcu_read_unlock(); 605 606 error = xfs_buf_find_lock(bp, flags); 607 if (error) { 608 xfs_buf_rele(bp); 609 return error; 610 } 611 612 trace_xfs_buf_find(bp, flags, _RET_IP_); 613 *bpp = bp; 614 return 0; 615} 616 617/* 618 * Insert the new_bp into the hash table. This consumes the perag reference 619 * taken for the lookup regardless of the result of the insert. 620 */ 621static int 622xfs_buf_find_insert( 623 struct xfs_buftarg *btp, 624 struct xfs_buf_cache *bch, 625 struct xfs_perag *pag, 626 struct xfs_buf_map *cmap, 627 struct xfs_buf_map *map, 628 int nmaps, 629 xfs_buf_flags_t flags, 630 struct xfs_buf **bpp) 631{ 632 struct xfs_buf *new_bp; 633 struct xfs_buf *bp; 634 int error; 635 636 error = _xfs_buf_alloc(btp, map, nmaps, flags, &new_bp); 637 if (error) 638 goto out_drop_pag; 639 640 if (xfs_buftarg_is_mem(new_bp->b_target)) { 641 error = xmbuf_map_page(new_bp); 642 } else if (BBTOB(new_bp->b_length) >= PAGE_SIZE || 643 xfs_buf_alloc_kmem(new_bp, flags) < 0) { 644 /* 645 * For buffers that fit entirely within a single page, first 646 * attempt to allocate the memory from the heap to minimise 647 * memory usage. If we can't get heap memory for these small 648 * buffers, we fall back to using the page allocator. 649 */ 650 error = xfs_buf_alloc_pages(new_bp, flags); 651 } 652 if (error) 653 goto out_free_buf; 654 655 spin_lock(&bch->bc_lock); 656 bp = rhashtable_lookup_get_insert_fast(&bch->bc_hash, 657 &new_bp->b_rhash_head, xfs_buf_hash_params); 658 if (IS_ERR(bp)) { 659 error = PTR_ERR(bp); 660 spin_unlock(&bch->bc_lock); 661 goto out_free_buf; 662 } 663 if (bp) { 664 /* found an existing buffer */ 665 atomic_inc(&bp->b_hold); 666 spin_unlock(&bch->bc_lock); 667 error = xfs_buf_find_lock(bp, flags); 668 if (error) 669 xfs_buf_rele(bp); 670 else 671 *bpp = bp; 672 goto out_free_buf; 673 } 674 675 /* The new buffer keeps the perag reference until it is freed. */ 676 new_bp->b_pag = pag; 677 spin_unlock(&bch->bc_lock); 678 *bpp = new_bp; 679 return 0; 680 681out_free_buf: 682 xfs_buf_free(new_bp); 683out_drop_pag: 684 if (pag) 685 xfs_perag_put(pag); 686 return error; 687} 688 689static inline struct xfs_perag * 690xfs_buftarg_get_pag( 691 struct xfs_buftarg *btp, 692 const struct xfs_buf_map *map) 693{ 694 struct xfs_mount *mp = btp->bt_mount; 695 696 if (xfs_buftarg_is_mem(btp)) 697 return NULL; 698 return xfs_perag_get(mp, xfs_daddr_to_agno(mp, map->bm_bn)); 699} 700 701static inline struct xfs_buf_cache * 702xfs_buftarg_buf_cache( 703 struct xfs_buftarg *btp, 704 struct xfs_perag *pag) 705{ 706 if (pag) 707 return &pag->pag_bcache; 708 return btp->bt_cache; 709} 710 711/* 712 * Assembles a buffer covering the specified range. The code is optimised for 713 * cache hits, as metadata intensive workloads will see 3 orders of magnitude 714 * more hits than misses. 715 */ 716int 717xfs_buf_get_map( 718 struct xfs_buftarg *btp, 719 struct xfs_buf_map *map, 720 int nmaps, 721 xfs_buf_flags_t flags, 722 struct xfs_buf **bpp) 723{ 724 struct xfs_buf_cache *bch; 725 struct xfs_perag *pag; 726 struct xfs_buf *bp = NULL; 727 struct xfs_buf_map cmap = { .bm_bn = map[0].bm_bn }; 728 int error; 729 int i; 730 731 if (flags & XBF_LIVESCAN) 732 cmap.bm_flags |= XBM_LIVESCAN; 733 for (i = 0; i < nmaps; i++) 734 cmap.bm_len += map[i].bm_len; 735 736 error = xfs_buf_map_verify(btp, &cmap); 737 if (error) 738 return error; 739 740 pag = xfs_buftarg_get_pag(btp, &cmap); 741 bch = xfs_buftarg_buf_cache(btp, pag); 742 743 error = xfs_buf_lookup(bch, &cmap, flags, &bp); 744 if (error && error != -ENOENT) 745 goto out_put_perag; 746 747 /* cache hits always outnumber misses by at least 10:1 */ 748 if (unlikely(!bp)) { 749 XFS_STATS_INC(btp->bt_mount, xb_miss_locked); 750 751 if (flags & XBF_INCORE) 752 goto out_put_perag; 753 754 /* xfs_buf_find_insert() consumes the perag reference. */ 755 error = xfs_buf_find_insert(btp, bch, pag, &cmap, map, nmaps, 756 flags, &bp); 757 if (error) 758 return error; 759 } else { 760 XFS_STATS_INC(btp->bt_mount, xb_get_locked); 761 if (pag) 762 xfs_perag_put(pag); 763 } 764 765 /* We do not hold a perag reference anymore. */ 766 if (!bp->b_addr) { 767 error = _xfs_buf_map_pages(bp, flags); 768 if (unlikely(error)) { 769 xfs_warn_ratelimited(btp->bt_mount, 770 "%s: failed to map %u pages", __func__, 771 bp->b_page_count); 772 xfs_buf_relse(bp); 773 return error; 774 } 775 } 776 777 /* 778 * Clear b_error if this is a lookup from a caller that doesn't expect 779 * valid data to be found in the buffer. 780 */ 781 if (!(flags & XBF_READ)) 782 xfs_buf_ioerror(bp, 0); 783 784 XFS_STATS_INC(btp->bt_mount, xb_get); 785 trace_xfs_buf_get(bp, flags, _RET_IP_); 786 *bpp = bp; 787 return 0; 788 789out_put_perag: 790 if (pag) 791 xfs_perag_put(pag); 792 return error; 793} 794 795int 796_xfs_buf_read( 797 struct xfs_buf *bp, 798 xfs_buf_flags_t flags) 799{ 800 ASSERT(!(flags & XBF_WRITE)); 801 ASSERT(bp->b_maps[0].bm_bn != XFS_BUF_DADDR_NULL); 802 803 bp->b_flags &= ~(XBF_WRITE | XBF_ASYNC | XBF_READ_AHEAD | XBF_DONE); 804 bp->b_flags |= flags & (XBF_READ | XBF_ASYNC | XBF_READ_AHEAD); 805 806 return xfs_buf_submit(bp); 807} 808 809/* 810 * Reverify a buffer found in cache without an attached ->b_ops. 811 * 812 * If the caller passed an ops structure and the buffer doesn't have ops 813 * assigned, set the ops and use it to verify the contents. If verification 814 * fails, clear XBF_DONE. We assume the buffer has no recorded errors and is 815 * already in XBF_DONE state on entry. 816 * 817 * Under normal operations, every in-core buffer is verified on read I/O 818 * completion. There are two scenarios that can lead to in-core buffers without 819 * an assigned ->b_ops. The first is during log recovery of buffers on a V4 820 * filesystem, though these buffers are purged at the end of recovery. The 821 * other is online repair, which intentionally reads with a NULL buffer ops to 822 * run several verifiers across an in-core buffer in order to establish buffer 823 * type. If repair can't establish that, the buffer will be left in memory 824 * with NULL buffer ops. 825 */ 826int 827xfs_buf_reverify( 828 struct xfs_buf *bp, 829 const struct xfs_buf_ops *ops) 830{ 831 ASSERT(bp->b_flags & XBF_DONE); 832 ASSERT(bp->b_error == 0); 833 834 if (!ops || bp->b_ops) 835 return 0; 836 837 bp->b_ops = ops; 838 bp->b_ops->verify_read(bp); 839 if (bp->b_error) 840 bp->b_flags &= ~XBF_DONE; 841 return bp->b_error; 842} 843 844int 845xfs_buf_read_map( 846 struct xfs_buftarg *target, 847 struct xfs_buf_map *map, 848 int nmaps, 849 xfs_buf_flags_t flags, 850 struct xfs_buf **bpp, 851 const struct xfs_buf_ops *ops, 852 xfs_failaddr_t fa) 853{ 854 struct xfs_buf *bp; 855 int error; 856 857 flags |= XBF_READ; 858 *bpp = NULL; 859 860 error = xfs_buf_get_map(target, map, nmaps, flags, &bp); 861 if (error) 862 return error; 863 864 trace_xfs_buf_read(bp, flags, _RET_IP_); 865 866 if (!(bp->b_flags & XBF_DONE)) { 867 /* Initiate the buffer read and wait. */ 868 XFS_STATS_INC(target->bt_mount, xb_get_read); 869 bp->b_ops = ops; 870 error = _xfs_buf_read(bp, flags); 871 872 /* Readahead iodone already dropped the buffer, so exit. */ 873 if (flags & XBF_ASYNC) 874 return 0; 875 } else { 876 /* Buffer already read; all we need to do is check it. */ 877 error = xfs_buf_reverify(bp, ops); 878 879 /* Readahead already finished; drop the buffer and exit. */ 880 if (flags & XBF_ASYNC) { 881 xfs_buf_relse(bp); 882 return 0; 883 } 884 885 /* We do not want read in the flags */ 886 bp->b_flags &= ~XBF_READ; 887 ASSERT(bp->b_ops != NULL || ops == NULL); 888 } 889 890 /* 891 * If we've had a read error, then the contents of the buffer are 892 * invalid and should not be used. To ensure that a followup read tries 893 * to pull the buffer from disk again, we clear the XBF_DONE flag and 894 * mark the buffer stale. This ensures that anyone who has a current 895 * reference to the buffer will interpret it's contents correctly and 896 * future cache lookups will also treat it as an empty, uninitialised 897 * buffer. 898 */ 899 if (error) { 900 /* 901 * Check against log shutdown for error reporting because 902 * metadata writeback may require a read first and we need to 903 * report errors in metadata writeback until the log is shut 904 * down. High level transaction read functions already check 905 * against mount shutdown, anyway, so we only need to be 906 * concerned about low level IO interactions here. 907 */ 908 if (!xlog_is_shutdown(target->bt_mount->m_log)) 909 xfs_buf_ioerror_alert(bp, fa); 910 911 bp->b_flags &= ~XBF_DONE; 912 xfs_buf_stale(bp); 913 xfs_buf_relse(bp); 914 915 /* bad CRC means corrupted metadata */ 916 if (error == -EFSBADCRC) 917 error = -EFSCORRUPTED; 918 return error; 919 } 920 921 *bpp = bp; 922 return 0; 923} 924 925/* 926 * If we are not low on memory then do the readahead in a deadlock 927 * safe manner. 928 */ 929void 930xfs_buf_readahead_map( 931 struct xfs_buftarg *target, 932 struct xfs_buf_map *map, 933 int nmaps, 934 const struct xfs_buf_ops *ops) 935{ 936 struct xfs_buf *bp; 937 938 /* 939 * Currently we don't have a good means or justification for performing 940 * xmbuf_map_page asynchronously, so we don't do readahead. 941 */ 942 if (xfs_buftarg_is_mem(target)) 943 return; 944 945 xfs_buf_read_map(target, map, nmaps, 946 XBF_TRYLOCK | XBF_ASYNC | XBF_READ_AHEAD, &bp, ops, 947 __this_address); 948} 949 950/* 951 * Read an uncached buffer from disk. Allocates and returns a locked 952 * buffer containing the disk contents or nothing. Uncached buffers always have 953 * a cache index of XFS_BUF_DADDR_NULL so we can easily determine if the buffer 954 * is cached or uncached during fault diagnosis. 955 */ 956int 957xfs_buf_read_uncached( 958 struct xfs_buftarg *target, 959 xfs_daddr_t daddr, 960 size_t numblks, 961 xfs_buf_flags_t flags, 962 struct xfs_buf **bpp, 963 const struct xfs_buf_ops *ops) 964{ 965 struct xfs_buf *bp; 966 int error; 967 968 *bpp = NULL; 969 970 error = xfs_buf_get_uncached(target, numblks, flags, &bp); 971 if (error) 972 return error; 973 974 /* set up the buffer for a read IO */ 975 ASSERT(bp->b_map_count == 1); 976 bp->b_rhash_key = XFS_BUF_DADDR_NULL; 977 bp->b_maps[0].bm_bn = daddr; 978 bp->b_flags |= XBF_READ; 979 bp->b_ops = ops; 980 981 xfs_buf_submit(bp); 982 if (bp->b_error) { 983 error = bp->b_error; 984 xfs_buf_relse(bp); 985 return error; 986 } 987 988 *bpp = bp; 989 return 0; 990} 991 992int 993xfs_buf_get_uncached( 994 struct xfs_buftarg *target, 995 size_t numblks, 996 xfs_buf_flags_t flags, 997 struct xfs_buf **bpp) 998{ 999 int error; 1000 struct xfs_buf *bp; 1001 DEFINE_SINGLE_BUF_MAP(map, XFS_BUF_DADDR_NULL, numblks); 1002 1003 *bpp = NULL; 1004 1005 /* flags might contain irrelevant bits, pass only what we care about */ 1006 error = _xfs_buf_alloc(target, &map, 1, flags & XBF_NO_IOACCT, &bp); 1007 if (error) 1008 return error; 1009 1010 if (xfs_buftarg_is_mem(bp->b_target)) 1011 error = xmbuf_map_page(bp); 1012 else 1013 error = xfs_buf_alloc_pages(bp, flags); 1014 if (error) 1015 goto fail_free_buf; 1016 1017 error = _xfs_buf_map_pages(bp, 0); 1018 if (unlikely(error)) { 1019 xfs_warn(target->bt_mount, 1020 "%s: failed to map pages", __func__); 1021 goto fail_free_buf; 1022 } 1023 1024 trace_xfs_buf_get_uncached(bp, _RET_IP_); 1025 *bpp = bp; 1026 return 0; 1027 1028fail_free_buf: 1029 xfs_buf_free(bp); 1030 return error; 1031} 1032 1033/* 1034 * Increment reference count on buffer, to hold the buffer concurrently 1035 * with another thread which may release (free) the buffer asynchronously. 1036 * Must hold the buffer already to call this function. 1037 */ 1038void 1039xfs_buf_hold( 1040 struct xfs_buf *bp) 1041{ 1042 trace_xfs_buf_hold(bp, _RET_IP_); 1043 atomic_inc(&bp->b_hold); 1044} 1045 1046static void 1047xfs_buf_rele_uncached( 1048 struct xfs_buf *bp) 1049{ 1050 ASSERT(list_empty(&bp->b_lru)); 1051 if (atomic_dec_and_test(&bp->b_hold)) { 1052 xfs_buf_ioacct_dec(bp); 1053 xfs_buf_free(bp); 1054 } 1055} 1056 1057static void 1058xfs_buf_rele_cached( 1059 struct xfs_buf *bp) 1060{ 1061 struct xfs_buftarg *btp = bp->b_target; 1062 struct xfs_perag *pag = bp->b_pag; 1063 struct xfs_buf_cache *bch = xfs_buftarg_buf_cache(btp, pag); 1064 bool release; 1065 bool freebuf = false; 1066 1067 trace_xfs_buf_rele(bp, _RET_IP_); 1068 1069 ASSERT(atomic_read(&bp->b_hold) > 0); 1070 1071 /* 1072 * We grab the b_lock here first to serialise racing xfs_buf_rele() 1073 * calls. The pag_buf_lock being taken on the last reference only 1074 * serialises against racing lookups in xfs_buf_find(). IOWs, the second 1075 * to last reference we drop here is not serialised against the last 1076 * reference until we take bp->b_lock. Hence if we don't grab b_lock 1077 * first, the last "release" reference can win the race to the lock and 1078 * free the buffer before the second-to-last reference is processed, 1079 * leading to a use-after-free scenario. 1080 */ 1081 spin_lock(&bp->b_lock); 1082 release = atomic_dec_and_lock(&bp->b_hold, &bch->bc_lock); 1083 if (!release) { 1084 /* 1085 * Drop the in-flight state if the buffer is already on the LRU 1086 * and it holds the only reference. This is racy because we 1087 * haven't acquired the pag lock, but the use of _XBF_IN_FLIGHT 1088 * ensures the decrement occurs only once per-buf. 1089 */ 1090 if ((atomic_read(&bp->b_hold) == 1) && !list_empty(&bp->b_lru)) 1091 __xfs_buf_ioacct_dec(bp); 1092 goto out_unlock; 1093 } 1094 1095 /* the last reference has been dropped ... */ 1096 __xfs_buf_ioacct_dec(bp); 1097 if (!(bp->b_flags & XBF_STALE) && atomic_read(&bp->b_lru_ref)) { 1098 /* 1099 * If the buffer is added to the LRU take a new reference to the 1100 * buffer for the LRU and clear the (now stale) dispose list 1101 * state flag 1102 */ 1103 if (list_lru_add_obj(&btp->bt_lru, &bp->b_lru)) { 1104 bp->b_state &= ~XFS_BSTATE_DISPOSE; 1105 atomic_inc(&bp->b_hold); 1106 } 1107 spin_unlock(&bch->bc_lock); 1108 } else { 1109 /* 1110 * most of the time buffers will already be removed from the 1111 * LRU, so optimise that case by checking for the 1112 * XFS_BSTATE_DISPOSE flag indicating the last list the buffer 1113 * was on was the disposal list 1114 */ 1115 if (!(bp->b_state & XFS_BSTATE_DISPOSE)) { 1116 list_lru_del_obj(&btp->bt_lru, &bp->b_lru); 1117 } else { 1118 ASSERT(list_empty(&bp->b_lru)); 1119 } 1120 1121 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1122 rhashtable_remove_fast(&bch->bc_hash, &bp->b_rhash_head, 1123 xfs_buf_hash_params); 1124 spin_unlock(&bch->bc_lock); 1125 if (pag) 1126 xfs_perag_put(pag); 1127 freebuf = true; 1128 } 1129 1130out_unlock: 1131 spin_unlock(&bp->b_lock); 1132 1133 if (freebuf) 1134 xfs_buf_free(bp); 1135} 1136 1137/* 1138 * Release a hold on the specified buffer. 1139 */ 1140void 1141xfs_buf_rele( 1142 struct xfs_buf *bp) 1143{ 1144 trace_xfs_buf_rele(bp, _RET_IP_); 1145 if (xfs_buf_is_uncached(bp)) 1146 xfs_buf_rele_uncached(bp); 1147 else 1148 xfs_buf_rele_cached(bp); 1149} 1150 1151/* 1152 * Lock a buffer object, if it is not already locked. 1153 * 1154 * If we come across a stale, pinned, locked buffer, we know that we are 1155 * being asked to lock a buffer that has been reallocated. Because it is 1156 * pinned, we know that the log has not been pushed to disk and hence it 1157 * will still be locked. Rather than continuing to have trylock attempts 1158 * fail until someone else pushes the log, push it ourselves before 1159 * returning. This means that the xfsaild will not get stuck trying 1160 * to push on stale inode buffers. 1161 */ 1162int 1163xfs_buf_trylock( 1164 struct xfs_buf *bp) 1165{ 1166 int locked; 1167 1168 locked = down_trylock(&bp->b_sema) == 0; 1169 if (locked) 1170 trace_xfs_buf_trylock(bp, _RET_IP_); 1171 else 1172 trace_xfs_buf_trylock_fail(bp, _RET_IP_); 1173 return locked; 1174} 1175 1176/* 1177 * Lock a buffer object. 1178 * 1179 * If we come across a stale, pinned, locked buffer, we know that we 1180 * are being asked to lock a buffer that has been reallocated. Because 1181 * it is pinned, we know that the log has not been pushed to disk and 1182 * hence it will still be locked. Rather than sleeping until someone 1183 * else pushes the log, push it ourselves before trying to get the lock. 1184 */ 1185void 1186xfs_buf_lock( 1187 struct xfs_buf *bp) 1188{ 1189 trace_xfs_buf_lock(bp, _RET_IP_); 1190 1191 if (atomic_read(&bp->b_pin_count) && (bp->b_flags & XBF_STALE)) 1192 xfs_log_force(bp->b_mount, 0); 1193 down(&bp->b_sema); 1194 1195 trace_xfs_buf_lock_done(bp, _RET_IP_); 1196} 1197 1198void 1199xfs_buf_unlock( 1200 struct xfs_buf *bp) 1201{ 1202 ASSERT(xfs_buf_islocked(bp)); 1203 1204 up(&bp->b_sema); 1205 trace_xfs_buf_unlock(bp, _RET_IP_); 1206} 1207 1208STATIC void 1209xfs_buf_wait_unpin( 1210 struct xfs_buf *bp) 1211{ 1212 DECLARE_WAITQUEUE (wait, current); 1213 1214 if (atomic_read(&bp->b_pin_count) == 0) 1215 return; 1216 1217 add_wait_queue(&bp->b_waiters, &wait); 1218 for (;;) { 1219 set_current_state(TASK_UNINTERRUPTIBLE); 1220 if (atomic_read(&bp->b_pin_count) == 0) 1221 break; 1222 io_schedule(); 1223 } 1224 remove_wait_queue(&bp->b_waiters, &wait); 1225 set_current_state(TASK_RUNNING); 1226} 1227 1228static void 1229xfs_buf_ioerror_alert_ratelimited( 1230 struct xfs_buf *bp) 1231{ 1232 static unsigned long lasttime; 1233 static struct xfs_buftarg *lasttarg; 1234 1235 if (bp->b_target != lasttarg || 1236 time_after(jiffies, (lasttime + 5*HZ))) { 1237 lasttime = jiffies; 1238 xfs_buf_ioerror_alert(bp, __this_address); 1239 } 1240 lasttarg = bp->b_target; 1241} 1242 1243/* 1244 * Account for this latest trip around the retry handler, and decide if 1245 * we've failed enough times to constitute a permanent failure. 1246 */ 1247static bool 1248xfs_buf_ioerror_permanent( 1249 struct xfs_buf *bp, 1250 struct xfs_error_cfg *cfg) 1251{ 1252 struct xfs_mount *mp = bp->b_mount; 1253 1254 if (cfg->max_retries != XFS_ERR_RETRY_FOREVER && 1255 ++bp->b_retries > cfg->max_retries) 1256 return true; 1257 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1258 time_after(jiffies, cfg->retry_timeout + bp->b_first_retry_time)) 1259 return true; 1260 1261 /* At unmount we may treat errors differently */ 1262 if (xfs_is_unmounting(mp) && mp->m_fail_unmount) 1263 return true; 1264 1265 return false; 1266} 1267 1268/* 1269 * On a sync write or shutdown we just want to stale the buffer and let the 1270 * caller handle the error in bp->b_error appropriately. 1271 * 1272 * If the write was asynchronous then no one will be looking for the error. If 1273 * this is the first failure of this type, clear the error state and write the 1274 * buffer out again. This means we always retry an async write failure at least 1275 * once, but we also need to set the buffer up to behave correctly now for 1276 * repeated failures. 1277 * 1278 * If we get repeated async write failures, then we take action according to the 1279 * error configuration we have been set up to use. 1280 * 1281 * Returns true if this function took care of error handling and the caller must 1282 * not touch the buffer again. Return false if the caller should proceed with 1283 * normal I/O completion handling. 1284 */ 1285static bool 1286xfs_buf_ioend_handle_error( 1287 struct xfs_buf *bp) 1288{ 1289 struct xfs_mount *mp = bp->b_mount; 1290 struct xfs_error_cfg *cfg; 1291 1292 /* 1293 * If we've already shutdown the journal because of I/O errors, there's 1294 * no point in giving this a retry. 1295 */ 1296 if (xlog_is_shutdown(mp->m_log)) 1297 goto out_stale; 1298 1299 xfs_buf_ioerror_alert_ratelimited(bp); 1300 1301 /* 1302 * We're not going to bother about retrying this during recovery. 1303 * One strike! 1304 */ 1305 if (bp->b_flags & _XBF_LOGRECOVERY) { 1306 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1307 return false; 1308 } 1309 1310 /* 1311 * Synchronous writes will have callers process the error. 1312 */ 1313 if (!(bp->b_flags & XBF_ASYNC)) 1314 goto out_stale; 1315 1316 trace_xfs_buf_iodone_async(bp, _RET_IP_); 1317 1318 cfg = xfs_error_get_cfg(mp, XFS_ERR_METADATA, bp->b_error); 1319 if (bp->b_last_error != bp->b_error || 1320 !(bp->b_flags & (XBF_STALE | XBF_WRITE_FAIL))) { 1321 bp->b_last_error = bp->b_error; 1322 if (cfg->retry_timeout != XFS_ERR_RETRY_FOREVER && 1323 !bp->b_first_retry_time) 1324 bp->b_first_retry_time = jiffies; 1325 goto resubmit; 1326 } 1327 1328 /* 1329 * Permanent error - we need to trigger a shutdown if we haven't already 1330 * to indicate that inconsistency will result from this action. 1331 */ 1332 if (xfs_buf_ioerror_permanent(bp, cfg)) { 1333 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR); 1334 goto out_stale; 1335 } 1336 1337 /* Still considered a transient error. Caller will schedule retries. */ 1338 if (bp->b_flags & _XBF_INODES) 1339 xfs_buf_inode_io_fail(bp); 1340 else if (bp->b_flags & _XBF_DQUOTS) 1341 xfs_buf_dquot_io_fail(bp); 1342 else 1343 ASSERT(list_empty(&bp->b_li_list)); 1344 xfs_buf_ioerror(bp, 0); 1345 xfs_buf_relse(bp); 1346 return true; 1347 1348resubmit: 1349 xfs_buf_ioerror(bp, 0); 1350 bp->b_flags |= (XBF_DONE | XBF_WRITE_FAIL); 1351 xfs_buf_submit(bp); 1352 return true; 1353out_stale: 1354 xfs_buf_stale(bp); 1355 bp->b_flags |= XBF_DONE; 1356 bp->b_flags &= ~XBF_WRITE; 1357 trace_xfs_buf_error_relse(bp, _RET_IP_); 1358 return false; 1359} 1360 1361static void 1362xfs_buf_ioend( 1363 struct xfs_buf *bp) 1364{ 1365 trace_xfs_buf_iodone(bp, _RET_IP_); 1366 1367 /* 1368 * Pull in IO completion errors now. We are guaranteed to be running 1369 * single threaded, so we don't need the lock to read b_io_error. 1370 */ 1371 if (!bp->b_error && bp->b_io_error) 1372 xfs_buf_ioerror(bp, bp->b_io_error); 1373 1374 if (bp->b_flags & XBF_READ) { 1375 if (!bp->b_error && bp->b_ops) 1376 bp->b_ops->verify_read(bp); 1377 if (!bp->b_error) 1378 bp->b_flags |= XBF_DONE; 1379 } else { 1380 if (!bp->b_error) { 1381 bp->b_flags &= ~XBF_WRITE_FAIL; 1382 bp->b_flags |= XBF_DONE; 1383 } 1384 1385 if (unlikely(bp->b_error) && xfs_buf_ioend_handle_error(bp)) 1386 return; 1387 1388 /* clear the retry state */ 1389 bp->b_last_error = 0; 1390 bp->b_retries = 0; 1391 bp->b_first_retry_time = 0; 1392 1393 /* 1394 * Note that for things like remote attribute buffers, there may 1395 * not be a buffer log item here, so processing the buffer log 1396 * item must remain optional. 1397 */ 1398 if (bp->b_log_item) 1399 xfs_buf_item_done(bp); 1400 1401 if (bp->b_flags & _XBF_INODES) 1402 xfs_buf_inode_iodone(bp); 1403 else if (bp->b_flags & _XBF_DQUOTS) 1404 xfs_buf_dquot_iodone(bp); 1405 1406 } 1407 1408 bp->b_flags &= ~(XBF_READ | XBF_WRITE | XBF_READ_AHEAD | 1409 _XBF_LOGRECOVERY); 1410 1411 if (bp->b_flags & XBF_ASYNC) 1412 xfs_buf_relse(bp); 1413 else 1414 complete(&bp->b_iowait); 1415} 1416 1417static void 1418xfs_buf_ioend_work( 1419 struct work_struct *work) 1420{ 1421 struct xfs_buf *bp = 1422 container_of(work, struct xfs_buf, b_ioend_work); 1423 1424 xfs_buf_ioend(bp); 1425} 1426 1427static void 1428xfs_buf_ioend_async( 1429 struct xfs_buf *bp) 1430{ 1431 INIT_WORK(&bp->b_ioend_work, xfs_buf_ioend_work); 1432 queue_work(bp->b_mount->m_buf_workqueue, &bp->b_ioend_work); 1433} 1434 1435void 1436__xfs_buf_ioerror( 1437 struct xfs_buf *bp, 1438 int error, 1439 xfs_failaddr_t failaddr) 1440{ 1441 ASSERT(error <= 0 && error >= -1000); 1442 bp->b_error = error; 1443 trace_xfs_buf_ioerror(bp, error, failaddr); 1444} 1445 1446void 1447xfs_buf_ioerror_alert( 1448 struct xfs_buf *bp, 1449 xfs_failaddr_t func) 1450{ 1451 xfs_buf_alert_ratelimited(bp, "XFS: metadata IO error", 1452 "metadata I/O error in \"%pS\" at daddr 0x%llx len %d error %d", 1453 func, (uint64_t)xfs_buf_daddr(bp), 1454 bp->b_length, -bp->b_error); 1455} 1456 1457/* 1458 * To simulate an I/O failure, the buffer must be locked and held with at least 1459 * three references. The LRU reference is dropped by the stale call. The buf 1460 * item reference is dropped via ioend processing. The third reference is owned 1461 * by the caller and is dropped on I/O completion if the buffer is XBF_ASYNC. 1462 */ 1463void 1464xfs_buf_ioend_fail( 1465 struct xfs_buf *bp) 1466{ 1467 bp->b_flags &= ~XBF_DONE; 1468 xfs_buf_stale(bp); 1469 xfs_buf_ioerror(bp, -EIO); 1470 xfs_buf_ioend(bp); 1471} 1472 1473int 1474xfs_bwrite( 1475 struct xfs_buf *bp) 1476{ 1477 int error; 1478 1479 ASSERT(xfs_buf_islocked(bp)); 1480 1481 bp->b_flags |= XBF_WRITE; 1482 bp->b_flags &= ~(XBF_ASYNC | XBF_READ | _XBF_DELWRI_Q | 1483 XBF_DONE); 1484 1485 error = xfs_buf_submit(bp); 1486 if (error) 1487 xfs_force_shutdown(bp->b_mount, SHUTDOWN_META_IO_ERROR); 1488 return error; 1489} 1490 1491static void 1492xfs_buf_bio_end_io( 1493 struct bio *bio) 1494{ 1495 struct xfs_buf *bp = (struct xfs_buf *)bio->bi_private; 1496 1497 if (!bio->bi_status && 1498 (bp->b_flags & XBF_WRITE) && (bp->b_flags & XBF_ASYNC) && 1499 XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_IOERROR)) 1500 bio->bi_status = BLK_STS_IOERR; 1501 1502 /* 1503 * don't overwrite existing errors - otherwise we can lose errors on 1504 * buffers that require multiple bios to complete. 1505 */ 1506 if (bio->bi_status) { 1507 int error = blk_status_to_errno(bio->bi_status); 1508 1509 cmpxchg(&bp->b_io_error, 0, error); 1510 } 1511 1512 if (!bp->b_error && xfs_buf_is_vmapped(bp) && (bp->b_flags & XBF_READ)) 1513 invalidate_kernel_vmap_range(bp->b_addr, xfs_buf_vmap_len(bp)); 1514 1515 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) 1516 xfs_buf_ioend_async(bp); 1517 bio_put(bio); 1518} 1519 1520static void 1521xfs_buf_ioapply_map( 1522 struct xfs_buf *bp, 1523 int map, 1524 int *buf_offset, 1525 int *count, 1526 blk_opf_t op) 1527{ 1528 int page_index; 1529 unsigned int total_nr_pages = bp->b_page_count; 1530 int nr_pages; 1531 struct bio *bio; 1532 sector_t sector = bp->b_maps[map].bm_bn; 1533 int size; 1534 int offset; 1535 1536 /* skip the pages in the buffer before the start offset */ 1537 page_index = 0; 1538 offset = *buf_offset; 1539 while (offset >= PAGE_SIZE) { 1540 page_index++; 1541 offset -= PAGE_SIZE; 1542 } 1543 1544 /* 1545 * Limit the IO size to the length of the current vector, and update the 1546 * remaining IO count for the next time around. 1547 */ 1548 size = min_t(int, BBTOB(bp->b_maps[map].bm_len), *count); 1549 *count -= size; 1550 *buf_offset += size; 1551 1552next_chunk: 1553 atomic_inc(&bp->b_io_remaining); 1554 nr_pages = bio_max_segs(total_nr_pages); 1555 1556 bio = bio_alloc(bp->b_target->bt_bdev, nr_pages, op, GFP_NOIO); 1557 bio->bi_iter.bi_sector = sector; 1558 bio->bi_end_io = xfs_buf_bio_end_io; 1559 bio->bi_private = bp; 1560 1561 for (; size && nr_pages; nr_pages--, page_index++) { 1562 int rbytes, nbytes = PAGE_SIZE - offset; 1563 1564 if (nbytes > size) 1565 nbytes = size; 1566 1567 rbytes = bio_add_page(bio, bp->b_pages[page_index], nbytes, 1568 offset); 1569 if (rbytes < nbytes) 1570 break; 1571 1572 offset = 0; 1573 sector += BTOBB(nbytes); 1574 size -= nbytes; 1575 total_nr_pages--; 1576 } 1577 1578 if (likely(bio->bi_iter.bi_size)) { 1579 if (xfs_buf_is_vmapped(bp)) { 1580 flush_kernel_vmap_range(bp->b_addr, 1581 xfs_buf_vmap_len(bp)); 1582 } 1583 submit_bio(bio); 1584 if (size) 1585 goto next_chunk; 1586 } else { 1587 /* 1588 * This is guaranteed not to be the last io reference count 1589 * because the caller (xfs_buf_submit) holds a count itself. 1590 */ 1591 atomic_dec(&bp->b_io_remaining); 1592 xfs_buf_ioerror(bp, -EIO); 1593 bio_put(bio); 1594 } 1595 1596} 1597 1598STATIC void 1599_xfs_buf_ioapply( 1600 struct xfs_buf *bp) 1601{ 1602 struct blk_plug plug; 1603 blk_opf_t op; 1604 int offset; 1605 int size; 1606 int i; 1607 1608 /* 1609 * Make sure we capture only current IO errors rather than stale errors 1610 * left over from previous use of the buffer (e.g. failed readahead). 1611 */ 1612 bp->b_error = 0; 1613 1614 if (bp->b_flags & XBF_WRITE) { 1615 op = REQ_OP_WRITE; 1616 1617 /* 1618 * Run the write verifier callback function if it exists. If 1619 * this function fails it will mark the buffer with an error and 1620 * the IO should not be dispatched. 1621 */ 1622 if (bp->b_ops) { 1623 bp->b_ops->verify_write(bp); 1624 if (bp->b_error) { 1625 xfs_force_shutdown(bp->b_mount, 1626 SHUTDOWN_CORRUPT_INCORE); 1627 return; 1628 } 1629 } else if (bp->b_rhash_key != XFS_BUF_DADDR_NULL) { 1630 struct xfs_mount *mp = bp->b_mount; 1631 1632 /* 1633 * non-crc filesystems don't attach verifiers during 1634 * log recovery, so don't warn for such filesystems. 1635 */ 1636 if (xfs_has_crc(mp)) { 1637 xfs_warn(mp, 1638 "%s: no buf ops on daddr 0x%llx len %d", 1639 __func__, xfs_buf_daddr(bp), 1640 bp->b_length); 1641 xfs_hex_dump(bp->b_addr, 1642 XFS_CORRUPTION_DUMP_LEN); 1643 dump_stack(); 1644 } 1645 } 1646 } else { 1647 op = REQ_OP_READ; 1648 if (bp->b_flags & XBF_READ_AHEAD) 1649 op |= REQ_RAHEAD; 1650 } 1651 1652 /* we only use the buffer cache for meta-data */ 1653 op |= REQ_META; 1654 1655 /* in-memory targets are directly mapped, no IO required. */ 1656 if (xfs_buftarg_is_mem(bp->b_target)) { 1657 xfs_buf_ioend(bp); 1658 return; 1659 } 1660 1661 /* 1662 * Walk all the vectors issuing IO on them. Set up the initial offset 1663 * into the buffer and the desired IO size before we start - 1664 * _xfs_buf_ioapply_vec() will modify them appropriately for each 1665 * subsequent call. 1666 */ 1667 offset = bp->b_offset; 1668 size = BBTOB(bp->b_length); 1669 blk_start_plug(&plug); 1670 for (i = 0; i < bp->b_map_count; i++) { 1671 xfs_buf_ioapply_map(bp, i, &offset, &size, op); 1672 if (bp->b_error) 1673 break; 1674 if (size <= 0) 1675 break; /* all done */ 1676 } 1677 blk_finish_plug(&plug); 1678} 1679 1680/* 1681 * Wait for I/O completion of a sync buffer and return the I/O error code. 1682 */ 1683static int 1684xfs_buf_iowait( 1685 struct xfs_buf *bp) 1686{ 1687 ASSERT(!(bp->b_flags & XBF_ASYNC)); 1688 1689 trace_xfs_buf_iowait(bp, _RET_IP_); 1690 wait_for_completion(&bp->b_iowait); 1691 trace_xfs_buf_iowait_done(bp, _RET_IP_); 1692 1693 return bp->b_error; 1694} 1695 1696/* 1697 * Buffer I/O submission path, read or write. Asynchronous submission transfers 1698 * the buffer lock ownership and the current reference to the IO. It is not 1699 * safe to reference the buffer after a call to this function unless the caller 1700 * holds an additional reference itself. 1701 */ 1702static int 1703__xfs_buf_submit( 1704 struct xfs_buf *bp, 1705 bool wait) 1706{ 1707 int error = 0; 1708 1709 trace_xfs_buf_submit(bp, _RET_IP_); 1710 1711 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 1712 1713 /* 1714 * On log shutdown we stale and complete the buffer immediately. We can 1715 * be called to read the superblock before the log has been set up, so 1716 * be careful checking the log state. 1717 * 1718 * Checking the mount shutdown state here can result in the log tail 1719 * moving inappropriately on disk as the log may not yet be shut down. 1720 * i.e. failing this buffer on mount shutdown can remove it from the AIL 1721 * and move the tail of the log forwards without having written this 1722 * buffer to disk. This corrupts the log tail state in memory, and 1723 * because the log may not be shut down yet, it can then be propagated 1724 * to disk before the log is shutdown. Hence we check log shutdown 1725 * state here rather than mount state to avoid corrupting the log tail 1726 * on shutdown. 1727 */ 1728 if (bp->b_mount->m_log && 1729 xlog_is_shutdown(bp->b_mount->m_log)) { 1730 xfs_buf_ioend_fail(bp); 1731 return -EIO; 1732 } 1733 1734 /* 1735 * Grab a reference so the buffer does not go away underneath us. For 1736 * async buffers, I/O completion drops the callers reference, which 1737 * could occur before submission returns. 1738 */ 1739 xfs_buf_hold(bp); 1740 1741 if (bp->b_flags & XBF_WRITE) 1742 xfs_buf_wait_unpin(bp); 1743 1744 /* clear the internal error state to avoid spurious errors */ 1745 bp->b_io_error = 0; 1746 1747 /* 1748 * Set the count to 1 initially, this will stop an I/O completion 1749 * callout which happens before we have started all the I/O from calling 1750 * xfs_buf_ioend too early. 1751 */ 1752 atomic_set(&bp->b_io_remaining, 1); 1753 if (bp->b_flags & XBF_ASYNC) 1754 xfs_buf_ioacct_inc(bp); 1755 _xfs_buf_ioapply(bp); 1756 1757 /* 1758 * If _xfs_buf_ioapply failed, we can get back here with only the IO 1759 * reference we took above. If we drop it to zero, run completion so 1760 * that we don't return to the caller with completion still pending. 1761 */ 1762 if (atomic_dec_and_test(&bp->b_io_remaining) == 1) { 1763 if (bp->b_error || !(bp->b_flags & XBF_ASYNC)) 1764 xfs_buf_ioend(bp); 1765 else 1766 xfs_buf_ioend_async(bp); 1767 } 1768 1769 if (wait) 1770 error = xfs_buf_iowait(bp); 1771 1772 /* 1773 * Release the hold that keeps the buffer referenced for the entire 1774 * I/O. Note that if the buffer is async, it is not safe to reference 1775 * after this release. 1776 */ 1777 xfs_buf_rele(bp); 1778 return error; 1779} 1780 1781void * 1782xfs_buf_offset( 1783 struct xfs_buf *bp, 1784 size_t offset) 1785{ 1786 struct page *page; 1787 1788 if (bp->b_addr) 1789 return bp->b_addr + offset; 1790 1791 page = bp->b_pages[offset >> PAGE_SHIFT]; 1792 return page_address(page) + (offset & (PAGE_SIZE-1)); 1793} 1794 1795void 1796xfs_buf_zero( 1797 struct xfs_buf *bp, 1798 size_t boff, 1799 size_t bsize) 1800{ 1801 size_t bend; 1802 1803 bend = boff + bsize; 1804 while (boff < bend) { 1805 struct page *page; 1806 int page_index, page_offset, csize; 1807 1808 page_index = (boff + bp->b_offset) >> PAGE_SHIFT; 1809 page_offset = (boff + bp->b_offset) & ~PAGE_MASK; 1810 page = bp->b_pages[page_index]; 1811 csize = min_t(size_t, PAGE_SIZE - page_offset, 1812 BBTOB(bp->b_length) - boff); 1813 1814 ASSERT((csize + page_offset) <= PAGE_SIZE); 1815 1816 memset(page_address(page) + page_offset, 0, csize); 1817 1818 boff += csize; 1819 } 1820} 1821 1822/* 1823 * Log a message about and stale a buffer that a caller has decided is corrupt. 1824 * 1825 * This function should be called for the kinds of metadata corruption that 1826 * cannot be detect from a verifier, such as incorrect inter-block relationship 1827 * data. Do /not/ call this function from a verifier function. 1828 * 1829 * The buffer must be XBF_DONE prior to the call. Afterwards, the buffer will 1830 * be marked stale, but b_error will not be set. The caller is responsible for 1831 * releasing the buffer or fixing it. 1832 */ 1833void 1834__xfs_buf_mark_corrupt( 1835 struct xfs_buf *bp, 1836 xfs_failaddr_t fa) 1837{ 1838 ASSERT(bp->b_flags & XBF_DONE); 1839 1840 xfs_buf_corruption_error(bp, fa); 1841 xfs_buf_stale(bp); 1842} 1843 1844/* 1845 * Handling of buffer targets (buftargs). 1846 */ 1847 1848/* 1849 * Wait for any bufs with callbacks that have been submitted but have not yet 1850 * returned. These buffers will have an elevated hold count, so wait on those 1851 * while freeing all the buffers only held by the LRU. 1852 */ 1853static enum lru_status 1854xfs_buftarg_drain_rele( 1855 struct list_head *item, 1856 struct list_lru_one *lru, 1857 spinlock_t *lru_lock, 1858 void *arg) 1859 1860{ 1861 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1862 struct list_head *dispose = arg; 1863 1864 if (atomic_read(&bp->b_hold) > 1) { 1865 /* need to wait, so skip it this pass */ 1866 trace_xfs_buf_drain_buftarg(bp, _RET_IP_); 1867 return LRU_SKIP; 1868 } 1869 if (!spin_trylock(&bp->b_lock)) 1870 return LRU_SKIP; 1871 1872 /* 1873 * clear the LRU reference count so the buffer doesn't get 1874 * ignored in xfs_buf_rele(). 1875 */ 1876 atomic_set(&bp->b_lru_ref, 0); 1877 bp->b_state |= XFS_BSTATE_DISPOSE; 1878 list_lru_isolate_move(lru, item, dispose); 1879 spin_unlock(&bp->b_lock); 1880 return LRU_REMOVED; 1881} 1882 1883/* 1884 * Wait for outstanding I/O on the buftarg to complete. 1885 */ 1886void 1887xfs_buftarg_wait( 1888 struct xfs_buftarg *btp) 1889{ 1890 /* 1891 * First wait on the buftarg I/O count for all in-flight buffers to be 1892 * released. This is critical as new buffers do not make the LRU until 1893 * they are released. 1894 * 1895 * Next, flush the buffer workqueue to ensure all completion processing 1896 * has finished. Just waiting on buffer locks is not sufficient for 1897 * async IO as the reference count held over IO is not released until 1898 * after the buffer lock is dropped. Hence we need to ensure here that 1899 * all reference counts have been dropped before we start walking the 1900 * LRU list. 1901 */ 1902 while (percpu_counter_sum(&btp->bt_io_count)) 1903 delay(100); 1904 flush_workqueue(btp->bt_mount->m_buf_workqueue); 1905} 1906 1907void 1908xfs_buftarg_drain( 1909 struct xfs_buftarg *btp) 1910{ 1911 LIST_HEAD(dispose); 1912 int loop = 0; 1913 bool write_fail = false; 1914 1915 xfs_buftarg_wait(btp); 1916 1917 /* loop until there is nothing left on the lru list. */ 1918 while (list_lru_count(&btp->bt_lru)) { 1919 list_lru_walk(&btp->bt_lru, xfs_buftarg_drain_rele, 1920 &dispose, LONG_MAX); 1921 1922 while (!list_empty(&dispose)) { 1923 struct xfs_buf *bp; 1924 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1925 list_del_init(&bp->b_lru); 1926 if (bp->b_flags & XBF_WRITE_FAIL) { 1927 write_fail = true; 1928 xfs_buf_alert_ratelimited(bp, 1929 "XFS: Corruption Alert", 1930"Corruption Alert: Buffer at daddr 0x%llx had permanent write failures!", 1931 (long long)xfs_buf_daddr(bp)); 1932 } 1933 xfs_buf_rele(bp); 1934 } 1935 if (loop++ != 0) 1936 delay(100); 1937 } 1938 1939 /* 1940 * If one or more failed buffers were freed, that means dirty metadata 1941 * was thrown away. This should only ever happen after I/O completion 1942 * handling has elevated I/O error(s) to permanent failures and shuts 1943 * down the journal. 1944 */ 1945 if (write_fail) { 1946 ASSERT(xlog_is_shutdown(btp->bt_mount->m_log)); 1947 xfs_alert(btp->bt_mount, 1948 "Please run xfs_repair to determine the extent of the problem."); 1949 } 1950} 1951 1952static enum lru_status 1953xfs_buftarg_isolate( 1954 struct list_head *item, 1955 struct list_lru_one *lru, 1956 spinlock_t *lru_lock, 1957 void *arg) 1958{ 1959 struct xfs_buf *bp = container_of(item, struct xfs_buf, b_lru); 1960 struct list_head *dispose = arg; 1961 1962 /* 1963 * we are inverting the lru lock/bp->b_lock here, so use a trylock. 1964 * If we fail to get the lock, just skip it. 1965 */ 1966 if (!spin_trylock(&bp->b_lock)) 1967 return LRU_SKIP; 1968 /* 1969 * Decrement the b_lru_ref count unless the value is already 1970 * zero. If the value is already zero, we need to reclaim the 1971 * buffer, otherwise it gets another trip through the LRU. 1972 */ 1973 if (atomic_add_unless(&bp->b_lru_ref, -1, 0)) { 1974 spin_unlock(&bp->b_lock); 1975 return LRU_ROTATE; 1976 } 1977 1978 bp->b_state |= XFS_BSTATE_DISPOSE; 1979 list_lru_isolate_move(lru, item, dispose); 1980 spin_unlock(&bp->b_lock); 1981 return LRU_REMOVED; 1982} 1983 1984static unsigned long 1985xfs_buftarg_shrink_scan( 1986 struct shrinker *shrink, 1987 struct shrink_control *sc) 1988{ 1989 struct xfs_buftarg *btp = shrink->private_data; 1990 LIST_HEAD(dispose); 1991 unsigned long freed; 1992 1993 freed = list_lru_shrink_walk(&btp->bt_lru, sc, 1994 xfs_buftarg_isolate, &dispose); 1995 1996 while (!list_empty(&dispose)) { 1997 struct xfs_buf *bp; 1998 bp = list_first_entry(&dispose, struct xfs_buf, b_lru); 1999 list_del_init(&bp->b_lru); 2000 xfs_buf_rele(bp); 2001 } 2002 2003 return freed; 2004} 2005 2006static unsigned long 2007xfs_buftarg_shrink_count( 2008 struct shrinker *shrink, 2009 struct shrink_control *sc) 2010{ 2011 struct xfs_buftarg *btp = shrink->private_data; 2012 return list_lru_shrink_count(&btp->bt_lru, sc); 2013} 2014 2015void 2016xfs_destroy_buftarg( 2017 struct xfs_buftarg *btp) 2018{ 2019 shrinker_free(btp->bt_shrinker); 2020 ASSERT(percpu_counter_sum(&btp->bt_io_count) == 0); 2021 percpu_counter_destroy(&btp->bt_io_count); 2022 list_lru_destroy(&btp->bt_lru); 2023} 2024 2025void 2026xfs_free_buftarg( 2027 struct xfs_buftarg *btp) 2028{ 2029 xfs_destroy_buftarg(btp); 2030 fs_put_dax(btp->bt_daxdev, btp->bt_mount); 2031 /* the main block device is closed by kill_block_super */ 2032 if (btp->bt_bdev != btp->bt_mount->m_super->s_bdev) 2033 bdev_fput(btp->bt_bdev_file); 2034 kfree(btp); 2035} 2036 2037int 2038xfs_setsize_buftarg( 2039 struct xfs_buftarg *btp, 2040 unsigned int sectorsize) 2041{ 2042 /* Set up metadata sector size info */ 2043 btp->bt_meta_sectorsize = sectorsize; 2044 btp->bt_meta_sectormask = sectorsize - 1; 2045 2046 if (set_blocksize(btp->bt_bdev, sectorsize)) { 2047 xfs_warn(btp->bt_mount, 2048 "Cannot set_blocksize to %u on device %pg", 2049 sectorsize, btp->bt_bdev); 2050 return -EINVAL; 2051 } 2052 2053 return 0; 2054} 2055 2056int 2057xfs_init_buftarg( 2058 struct xfs_buftarg *btp, 2059 size_t logical_sectorsize, 2060 const char *descr) 2061{ 2062 /* Set up device logical sector size mask */ 2063 btp->bt_logical_sectorsize = logical_sectorsize; 2064 btp->bt_logical_sectormask = logical_sectorsize - 1; 2065 2066 /* 2067 * Buffer IO error rate limiting. Limit it to no more than 10 messages 2068 * per 30 seconds so as to not spam logs too much on repeated errors. 2069 */ 2070 ratelimit_state_init(&btp->bt_ioerror_rl, 30 * HZ, 2071 DEFAULT_RATELIMIT_BURST); 2072 2073 if (list_lru_init(&btp->bt_lru)) 2074 return -ENOMEM; 2075 if (percpu_counter_init(&btp->bt_io_count, 0, GFP_KERNEL)) 2076 goto out_destroy_lru; 2077 2078 btp->bt_shrinker = 2079 shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-buf:%s", descr); 2080 if (!btp->bt_shrinker) 2081 goto out_destroy_io_count; 2082 btp->bt_shrinker->count_objects = xfs_buftarg_shrink_count; 2083 btp->bt_shrinker->scan_objects = xfs_buftarg_shrink_scan; 2084 btp->bt_shrinker->private_data = btp; 2085 shrinker_register(btp->bt_shrinker); 2086 return 0; 2087 2088out_destroy_io_count: 2089 percpu_counter_destroy(&btp->bt_io_count); 2090out_destroy_lru: 2091 list_lru_destroy(&btp->bt_lru); 2092 return -ENOMEM; 2093} 2094 2095struct xfs_buftarg * 2096xfs_alloc_buftarg( 2097 struct xfs_mount *mp, 2098 struct file *bdev_file) 2099{ 2100 struct xfs_buftarg *btp; 2101 const struct dax_holder_operations *ops = NULL; 2102 2103#if defined(CONFIG_FS_DAX) && defined(CONFIG_MEMORY_FAILURE) 2104 ops = &xfs_dax_holder_operations; 2105#endif 2106 btp = kzalloc(sizeof(*btp), GFP_KERNEL | __GFP_NOFAIL); 2107 2108 btp->bt_mount = mp; 2109 btp->bt_bdev_file = bdev_file; 2110 btp->bt_bdev = file_bdev(bdev_file); 2111 btp->bt_dev = btp->bt_bdev->bd_dev; 2112 btp->bt_daxdev = fs_dax_get_by_bdev(btp->bt_bdev, &btp->bt_dax_part_off, 2113 mp, ops); 2114 2115 /* 2116 * When allocating the buftargs we have not yet read the super block and 2117 * thus don't know the file system sector size yet. 2118 */ 2119 if (xfs_setsize_buftarg(btp, bdev_logical_block_size(btp->bt_bdev))) 2120 goto error_free; 2121 if (xfs_init_buftarg(btp, bdev_logical_block_size(btp->bt_bdev), 2122 mp->m_super->s_id)) 2123 goto error_free; 2124 2125 return btp; 2126 2127error_free: 2128 kfree(btp); 2129 return NULL; 2130} 2131 2132static inline void 2133xfs_buf_list_del( 2134 struct xfs_buf *bp) 2135{ 2136 list_del_init(&bp->b_list); 2137 wake_up_var(&bp->b_list); 2138} 2139 2140/* 2141 * Cancel a delayed write list. 2142 * 2143 * Remove each buffer from the list, clear the delwri queue flag and drop the 2144 * associated buffer reference. 2145 */ 2146void 2147xfs_buf_delwri_cancel( 2148 struct list_head *list) 2149{ 2150 struct xfs_buf *bp; 2151 2152 while (!list_empty(list)) { 2153 bp = list_first_entry(list, struct xfs_buf, b_list); 2154 2155 xfs_buf_lock(bp); 2156 bp->b_flags &= ~_XBF_DELWRI_Q; 2157 xfs_buf_list_del(bp); 2158 xfs_buf_relse(bp); 2159 } 2160} 2161 2162/* 2163 * Add a buffer to the delayed write list. 2164 * 2165 * This queues a buffer for writeout if it hasn't already been. Note that 2166 * neither this routine nor the buffer list submission functions perform 2167 * any internal synchronization. It is expected that the lists are thread-local 2168 * to the callers. 2169 * 2170 * Returns true if we queued up the buffer, or false if it already had 2171 * been on the buffer list. 2172 */ 2173bool 2174xfs_buf_delwri_queue( 2175 struct xfs_buf *bp, 2176 struct list_head *list) 2177{ 2178 ASSERT(xfs_buf_islocked(bp)); 2179 ASSERT(!(bp->b_flags & XBF_READ)); 2180 2181 /* 2182 * If the buffer is already marked delwri it already is queued up 2183 * by someone else for imediate writeout. Just ignore it in that 2184 * case. 2185 */ 2186 if (bp->b_flags & _XBF_DELWRI_Q) { 2187 trace_xfs_buf_delwri_queued(bp, _RET_IP_); 2188 return false; 2189 } 2190 2191 trace_xfs_buf_delwri_queue(bp, _RET_IP_); 2192 2193 /* 2194 * If a buffer gets written out synchronously or marked stale while it 2195 * is on a delwri list we lazily remove it. To do this, the other party 2196 * clears the _XBF_DELWRI_Q flag but otherwise leaves the buffer alone. 2197 * It remains referenced and on the list. In a rare corner case it 2198 * might get readded to a delwri list after the synchronous writeout, in 2199 * which case we need just need to re-add the flag here. 2200 */ 2201 bp->b_flags |= _XBF_DELWRI_Q; 2202 if (list_empty(&bp->b_list)) { 2203 atomic_inc(&bp->b_hold); 2204 list_add_tail(&bp->b_list, list); 2205 } 2206 2207 return true; 2208} 2209 2210/* 2211 * Queue a buffer to this delwri list as part of a data integrity operation. 2212 * If the buffer is on any other delwri list, we'll wait for that to clear 2213 * so that the caller can submit the buffer for IO and wait for the result. 2214 * Callers must ensure the buffer is not already on the list. 2215 */ 2216void 2217xfs_buf_delwri_queue_here( 2218 struct xfs_buf *bp, 2219 struct list_head *buffer_list) 2220{ 2221 /* 2222 * We need this buffer to end up on the /caller's/ delwri list, not any 2223 * old list. This can happen if the buffer is marked stale (which 2224 * clears DELWRI_Q) after the AIL queues the buffer to its list but 2225 * before the AIL has a chance to submit the list. 2226 */ 2227 while (!list_empty(&bp->b_list)) { 2228 xfs_buf_unlock(bp); 2229 wait_var_event(&bp->b_list, list_empty(&bp->b_list)); 2230 xfs_buf_lock(bp); 2231 } 2232 2233 ASSERT(!(bp->b_flags & _XBF_DELWRI_Q)); 2234 2235 xfs_buf_delwri_queue(bp, buffer_list); 2236} 2237 2238/* 2239 * Compare function is more complex than it needs to be because 2240 * the return value is only 32 bits and we are doing comparisons 2241 * on 64 bit values 2242 */ 2243static int 2244xfs_buf_cmp( 2245 void *priv, 2246 const struct list_head *a, 2247 const struct list_head *b) 2248{ 2249 struct xfs_buf *ap = container_of(a, struct xfs_buf, b_list); 2250 struct xfs_buf *bp = container_of(b, struct xfs_buf, b_list); 2251 xfs_daddr_t diff; 2252 2253 diff = ap->b_maps[0].bm_bn - bp->b_maps[0].bm_bn; 2254 if (diff < 0) 2255 return -1; 2256 if (diff > 0) 2257 return 1; 2258 return 0; 2259} 2260 2261/* 2262 * Submit buffers for write. If wait_list is specified, the buffers are 2263 * submitted using sync I/O and placed on the wait list such that the caller can 2264 * iowait each buffer. Otherwise async I/O is used and the buffers are released 2265 * at I/O completion time. In either case, buffers remain locked until I/O 2266 * completes and the buffer is released from the queue. 2267 */ 2268static int 2269xfs_buf_delwri_submit_buffers( 2270 struct list_head *buffer_list, 2271 struct list_head *wait_list) 2272{ 2273 struct xfs_buf *bp, *n; 2274 int pinned = 0; 2275 struct blk_plug plug; 2276 2277 list_sort(NULL, buffer_list, xfs_buf_cmp); 2278 2279 blk_start_plug(&plug); 2280 list_for_each_entry_safe(bp, n, buffer_list, b_list) { 2281 if (!wait_list) { 2282 if (!xfs_buf_trylock(bp)) 2283 continue; 2284 if (xfs_buf_ispinned(bp)) { 2285 xfs_buf_unlock(bp); 2286 pinned++; 2287 continue; 2288 } 2289 } else { 2290 xfs_buf_lock(bp); 2291 } 2292 2293 /* 2294 * Someone else might have written the buffer synchronously or 2295 * marked it stale in the meantime. In that case only the 2296 * _XBF_DELWRI_Q flag got cleared, and we have to drop the 2297 * reference and remove it from the list here. 2298 */ 2299 if (!(bp->b_flags & _XBF_DELWRI_Q)) { 2300 xfs_buf_list_del(bp); 2301 xfs_buf_relse(bp); 2302 continue; 2303 } 2304 2305 trace_xfs_buf_delwri_split(bp, _RET_IP_); 2306 2307 /* 2308 * If we have a wait list, each buffer (and associated delwri 2309 * queue reference) transfers to it and is submitted 2310 * synchronously. Otherwise, drop the buffer from the delwri 2311 * queue and submit async. 2312 */ 2313 bp->b_flags &= ~_XBF_DELWRI_Q; 2314 bp->b_flags |= XBF_WRITE; 2315 if (wait_list) { 2316 bp->b_flags &= ~XBF_ASYNC; 2317 list_move_tail(&bp->b_list, wait_list); 2318 } else { 2319 bp->b_flags |= XBF_ASYNC; 2320 xfs_buf_list_del(bp); 2321 } 2322 __xfs_buf_submit(bp, false); 2323 } 2324 blk_finish_plug(&plug); 2325 2326 return pinned; 2327} 2328 2329/* 2330 * Write out a buffer list asynchronously. 2331 * 2332 * This will take the @buffer_list, write all non-locked and non-pinned buffers 2333 * out and not wait for I/O completion on any of the buffers. This interface 2334 * is only safely useable for callers that can track I/O completion by higher 2335 * level means, e.g. AIL pushing as the @buffer_list is consumed in this 2336 * function. 2337 * 2338 * Note: this function will skip buffers it would block on, and in doing so 2339 * leaves them on @buffer_list so they can be retried on a later pass. As such, 2340 * it is up to the caller to ensure that the buffer list is fully submitted or 2341 * cancelled appropriately when they are finished with the list. Failure to 2342 * cancel or resubmit the list until it is empty will result in leaked buffers 2343 * at unmount time. 2344 */ 2345int 2346xfs_buf_delwri_submit_nowait( 2347 struct list_head *buffer_list) 2348{ 2349 return xfs_buf_delwri_submit_buffers(buffer_list, NULL); 2350} 2351 2352/* 2353 * Write out a buffer list synchronously. 2354 * 2355 * This will take the @buffer_list, write all buffers out and wait for I/O 2356 * completion on all of the buffers. @buffer_list is consumed by the function, 2357 * so callers must have some other way of tracking buffers if they require such 2358 * functionality. 2359 */ 2360int 2361xfs_buf_delwri_submit( 2362 struct list_head *buffer_list) 2363{ 2364 LIST_HEAD (wait_list); 2365 int error = 0, error2; 2366 struct xfs_buf *bp; 2367 2368 xfs_buf_delwri_submit_buffers(buffer_list, &wait_list); 2369 2370 /* Wait for IO to complete. */ 2371 while (!list_empty(&wait_list)) { 2372 bp = list_first_entry(&wait_list, struct xfs_buf, b_list); 2373 2374 xfs_buf_list_del(bp); 2375 2376 /* 2377 * Wait on the locked buffer, check for errors and unlock and 2378 * release the delwri queue reference. 2379 */ 2380 error2 = xfs_buf_iowait(bp); 2381 xfs_buf_relse(bp); 2382 if (!error) 2383 error = error2; 2384 } 2385 2386 return error; 2387} 2388 2389/* 2390 * Push a single buffer on a delwri queue. 2391 * 2392 * The purpose of this function is to submit a single buffer of a delwri queue 2393 * and return with the buffer still on the original queue. The waiting delwri 2394 * buffer submission infrastructure guarantees transfer of the delwri queue 2395 * buffer reference to a temporary wait list. We reuse this infrastructure to 2396 * transfer the buffer back to the original queue. 2397 * 2398 * Note the buffer transitions from the queued state, to the submitted and wait 2399 * listed state and back to the queued state during this call. The buffer 2400 * locking and queue management logic between _delwri_pushbuf() and 2401 * _delwri_queue() guarantee that the buffer cannot be queued to another list 2402 * before returning. 2403 */ 2404int 2405xfs_buf_delwri_pushbuf( 2406 struct xfs_buf *bp, 2407 struct list_head *buffer_list) 2408{ 2409 LIST_HEAD (submit_list); 2410 int error; 2411 2412 ASSERT(bp->b_flags & _XBF_DELWRI_Q); 2413 2414 trace_xfs_buf_delwri_pushbuf(bp, _RET_IP_); 2415 2416 /* 2417 * Isolate the buffer to a new local list so we can submit it for I/O 2418 * independently from the rest of the original list. 2419 */ 2420 xfs_buf_lock(bp); 2421 list_move(&bp->b_list, &submit_list); 2422 xfs_buf_unlock(bp); 2423 2424 /* 2425 * Delwri submission clears the DELWRI_Q buffer flag and returns with 2426 * the buffer on the wait list with the original reference. Rather than 2427 * bounce the buffer from a local wait list back to the original list 2428 * after I/O completion, reuse the original list as the wait list. 2429 */ 2430 xfs_buf_delwri_submit_buffers(&submit_list, buffer_list); 2431 2432 /* 2433 * The buffer is now locked, under I/O and wait listed on the original 2434 * delwri queue. Wait for I/O completion, restore the DELWRI_Q flag and 2435 * return with the buffer unlocked and on the original queue. 2436 */ 2437 error = xfs_buf_iowait(bp); 2438 bp->b_flags |= _XBF_DELWRI_Q; 2439 xfs_buf_unlock(bp); 2440 2441 return error; 2442} 2443 2444void xfs_buf_set_ref(struct xfs_buf *bp, int lru_ref) 2445{ 2446 /* 2447 * Set the lru reference count to 0 based on the error injection tag. 2448 * This allows userspace to disrupt buffer caching for debug/testing 2449 * purposes. 2450 */ 2451 if (XFS_TEST_ERROR(false, bp->b_mount, XFS_ERRTAG_BUF_LRU_REF)) 2452 lru_ref = 0; 2453 2454 atomic_set(&bp->b_lru_ref, lru_ref); 2455} 2456 2457/* 2458 * Verify an on-disk magic value against the magic value specified in the 2459 * verifier structure. The verifier magic is in disk byte order so the caller is 2460 * expected to pass the value directly from disk. 2461 */ 2462bool 2463xfs_verify_magic( 2464 struct xfs_buf *bp, 2465 __be32 dmagic) 2466{ 2467 struct xfs_mount *mp = bp->b_mount; 2468 int idx; 2469 2470 idx = xfs_has_crc(mp); 2471 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic[idx])) 2472 return false; 2473 return dmagic == bp->b_ops->magic[idx]; 2474} 2475/* 2476 * Verify an on-disk magic value against the magic value specified in the 2477 * verifier structure. The verifier magic is in disk byte order so the caller is 2478 * expected to pass the value directly from disk. 2479 */ 2480bool 2481xfs_verify_magic16( 2482 struct xfs_buf *bp, 2483 __be16 dmagic) 2484{ 2485 struct xfs_mount *mp = bp->b_mount; 2486 int idx; 2487 2488 idx = xfs_has_crc(mp); 2489 if (WARN_ON(!bp->b_ops || !bp->b_ops->magic16[idx])) 2490 return false; 2491 return dmagic == bp->b_ops->magic16[idx]; 2492} 2493