/* * linux/fs/ext3/inode.c * * Copyright (C) 1992, 1993, 1994, 1995 * Remy Card (card@masi.ibp.fr) * Laboratoire MASI - Institut Blaise Pascal * Universite Pierre et Marie Curie (Paris VI) * * from * * linux/fs/minix/inode.c * * Copyright (C) 1991, 1992 Linus Torvalds * * Goal-directed block allocation by Stephen Tweedie * (sct@redhat.com), 1993, 1998 * Big-endian to little-endian byte-swapping/bitmaps by * David S. Miller (davem@caip.rutgers.edu), 1995 * 64-bit file support on 64-bit platforms by Jakub Jelinek * (jj@sunsite.ms.mff.cuni.cz) * * Assorted race fixes, rewrite of ext3_get_block() by Al Viro, 2000 */ #include #include #include #include #include #include #include #include #include /* * SEARCH_FROM_ZERO forces each block allocation to search from the start * of the filesystem. This is to force rapid reallocation of recently-freed * blocks. The file fragmentation is horrendous. */ #undef SEARCH_FROM_ZERO /* The ext3 forget function must perform a revoke if we are freeing data * which has been journaled. Metadata (eg. indirect blocks) must be * revoked in all cases. * * "bh" may be NULL: a metadata block may have been freed from memory * but there may still be a record of it in the journal, and that record * still needs to be revoked. */ static int ext3_forget(handle_t *handle, int is_metadata, struct inode *inode, struct buffer_head *bh, int blocknr) { int err; BUFFER_TRACE(bh, "enter"); jbd_debug(4, "forgetting bh %p: is_metadata = %d, mode %o, " "data mode %lx\n", bh, is_metadata, inode->i_mode, test_opt(inode->i_sb, DATA_FLAGS)); /* Never use the revoke function if we are doing full data * journaling: there is no need to, and a V1 superblock won't * support it. Otherwise, only skip the revoke on un-journaled * data blocks. */ if (test_opt(inode->i_sb, DATA_FLAGS) == EXT3_MOUNT_JOURNAL_DATA || (!is_metadata && !ext3_should_journal_data(inode))) { if (bh) { BUFFER_TRACE(bh, "call journal_forget"); ext3_journal_forget(handle, bh); } return 0; } /* * data!=journal && (is_metadata || should_journal_data(inode)) */ BUFFER_TRACE(bh, "call ext3_journal_revoke"); err = ext3_journal_revoke(handle, blocknr, bh); if (err) ext3_abort(inode->i_sb, __FUNCTION__, "error %d when attempting revoke", err); BUFFER_TRACE(bh, "exit"); return err; } /* * Truncate transactions can be complex and absolutely huge. So we need to * be able to restart the transaction at a conventient checkpoint to make * sure we don't overflow the journal. * * start_transaction gets us a new handle for a truncate transaction, * and extend_transaction tries to extend the existing one a bit. If * extend fails, we need to propagate the failure up and restart the * transaction in the top-level truncate loop. --sct */ static handle_t *start_transaction(struct inode *inode) { long needed; handle_t *result; needed = inode->i_blocks; if (needed > EXT3_MAX_TRANS_DATA) needed = EXT3_MAX_TRANS_DATA; result = ext3_journal_start(inode, EXT3_DATA_TRANS_BLOCKS + needed); if (!IS_ERR(result)) return result; ext3_std_error(inode->i_sb, PTR_ERR(result)); return result; } /* * Try to extend this transaction for the purposes of truncation. * * Returns 0 if we managed to create more room. If we can't create more * room, and the transaction must be restarted we return 1. */ static int try_to_extend_transaction(handle_t *handle, struct inode *inode) { long needed; if (handle->h_buffer_credits > EXT3_RESERVE_TRANS_BLOCKS) return 0; needed = inode->i_blocks; if (needed > EXT3_MAX_TRANS_DATA) needed = EXT3_MAX_TRANS_DATA; if (!ext3_journal_extend(handle, EXT3_RESERVE_TRANS_BLOCKS + needed)) return 0; return 1; } /* * Restart the transaction associated with *handle. This does a commit, * so before we call here everything must be consistently dirtied against * this transaction. */ static int ext3_journal_test_restart(handle_t *handle, struct inode *inode) { long needed = inode->i_blocks; if (needed > EXT3_MAX_TRANS_DATA) needed = EXT3_MAX_TRANS_DATA; jbd_debug(2, "restarting handle %p\n", handle); return ext3_journal_restart(handle, EXT3_DATA_TRANS_BLOCKS + needed); } /* * Called at each iput() */ void ext3_put_inode (struct inode * inode) { ext3_discard_prealloc (inode); } /* * Called at the last iput() if i_nlink is zero. */ void ext3_delete_inode (struct inode * inode) { handle_t *handle; if (is_bad_inode(inode) || inode->i_ino == EXT3_ACL_IDX_INO || inode->i_ino == EXT3_ACL_DATA_INO) goto no_delete; lock_kernel(); handle = start_transaction(inode); if (IS_ERR(handle)) { /* If we're going to skip the normal cleanup, we still * need to make sure that the in-core orphan linked list * is properly cleaned up. */ ext3_orphan_del(NULL, inode); ext3_std_error(inode->i_sb, PTR_ERR(handle)); unlock_kernel(); goto no_delete; } if (IS_SYNC(inode)) handle->h_sync = 1; inode->i_size = 0; if (inode->i_blocks) ext3_truncate(inode); /* * Kill off the orphan record which ext3_truncate created. * AKPM: I think this can be inside the above `if'. * Note that ext3_orphan_del() has to be able to cope with the * deletion of a non-existent orphan - this is because we don't * know if ext3_truncate() actually created an orphan record. * (Well, we could do this if we need to, but heck - it works) */ ext3_orphan_del(handle, inode); inode->u.ext3_i.i_dtime = CURRENT_TIME; /* * One subtle ordering requirement: if anything has gone wrong * (transaction abort, IO errors, whatever), then we can still * do these next steps (the fs will already have been marked as * having errors), but we can't free the inode if the mark_dirty * fails. */ if (ext3_mark_inode_dirty(handle, inode)) /* If that failed, just do the required in-core inode clear. */ clear_inode(inode); else ext3_free_inode(handle, inode); ext3_journal_stop(handle, inode); unlock_kernel(); return; no_delete: clear_inode(inode); /* We must guarantee clearing of inode... */ } void ext3_discard_prealloc (struct inode * inode) { #ifdef EXT3_PREALLOCATE lock_kernel(); /* Writer: ->i_prealloc* */ if (inode->u.ext3_i.i_prealloc_count) { unsigned short total = inode->u.ext3_i.i_prealloc_count; unsigned long block = inode->u.ext3_i.i_prealloc_block; inode->u.ext3_i.i_prealloc_count = 0; inode->u.ext3_i.i_prealloc_block = 0; /* Writer: end */ ext3_free_blocks (inode, block, total); } unlock_kernel(); #endif } static int ext3_alloc_block (handle_t *handle, struct inode * inode, unsigned long goal, int *err) { #ifdef EXT3FS_DEBUG static unsigned long alloc_hits = 0, alloc_attempts = 0; #endif unsigned long result; #ifdef EXT3_PREALLOCATE /* Writer: ->i_prealloc* */ if (inode->u.ext3_i.i_prealloc_count && (goal == inode->u.ext3_i.i_prealloc_block || goal + 1 == inode->u.ext3_i.i_prealloc_block)) { result = inode->u.ext3_i.i_prealloc_block++; inode->u.ext3_i.i_prealloc_count--; /* Writer: end */ ext3_debug ("preallocation hit (%lu/%lu).\n", ++alloc_hits, ++alloc_attempts); } else { ext3_discard_prealloc (inode); ext3_debug ("preallocation miss (%lu/%lu).\n", alloc_hits, ++alloc_attempts); if (S_ISREG(inode->i_mode)) result = ext3_new_block (inode, goal, &inode->u.ext3_i.i_prealloc_count, &inode->u.ext3_i.i_prealloc_block, err); else result = ext3_new_block (inode, goal, 0, 0, err); /* * AKPM: this is somewhat sticky. I'm not surprised it was * disabled in 2.2's ext3. Need to integrate b_committed_data * guarding with preallocation, if indeed preallocation is * effective. */ } #else result = ext3_new_block (handle, inode, goal, 0, 0, err); #endif return result; } typedef struct { u32 *p; u32 key; struct buffer_head *bh; } Indirect; static inline void add_chain(Indirect *p, struct buffer_head *bh, u32 *v) { p->key = *(p->p = v); p->bh = bh; } static inline int verify_chain(Indirect *from, Indirect *to) { while (from <= to && from->key == *from->p) from++; return (from > to); } /** * ext3_block_to_path - parse the block number into array of offsets * @inode: inode in question (we are only interested in its superblock) * @i_block: block number to be parsed * @offsets: array to store the offsets in * * To store the locations of file's data ext3 uses a data structure common * for UNIX filesystems - tree of pointers anchored in the inode, with * data blocks at leaves and indirect blocks in intermediate nodes. * This function translates the block number into path in that tree - * return value is the path length and @offsets[n] is the offset of * pointer to (n+1)th node in the nth one. If @block is out of range * (negative or too large) warning is printed and zero returned. * * Note: function doesn't find node addresses, so no IO is needed. All * we need to know is the capacity of indirect blocks (taken from the * inode->i_sb). */ /* * Portability note: the last comparison (check that we fit into triple * indirect block) is spelled differently, because otherwise on an * architecture with 32-bit longs and 8Kb pages we might get into trouble * if our filesystem had 8Kb blocks. We might use long long, but that would * kill us on x86. Oh, well, at least the sign propagation does not matter - * i_block would have to be negative in the very beginning, so we would not * get there at all. */ static int ext3_block_to_path(struct inode *inode, long i_block, int offsets[4]) { int ptrs = EXT3_ADDR_PER_BLOCK(inode->i_sb); int ptrs_bits = EXT3_ADDR_PER_BLOCK_BITS(inode->i_sb); const long direct_blocks = EXT3_NDIR_BLOCKS, indirect_blocks = ptrs, double_blocks = (1 << (ptrs_bits * 2)); int n = 0; if (i_block < 0) { ext3_warning (inode->i_sb, "ext3_block_to_path", "block < 0"); } else if (i_block < direct_blocks) { offsets[n++] = i_block; } else if ( (i_block -= direct_blocks) < indirect_blocks) { offsets[n++] = EXT3_IND_BLOCK; offsets[n++] = i_block; } else if ((i_block -= indirect_blocks) < double_blocks) { offsets[n++] = EXT3_DIND_BLOCK; offsets[n++] = i_block >> ptrs_bits; offsets[n++] = i_block & (ptrs - 1); } else if (((i_block -= double_blocks) >> (ptrs_bits * 2)) < ptrs) { offsets[n++] = EXT3_TIND_BLOCK; offsets[n++] = i_block >> (ptrs_bits * 2); offsets[n++] = (i_block >> ptrs_bits) & (ptrs - 1); offsets[n++] = i_block & (ptrs - 1); } else { ext3_warning (inode->i_sb, "ext3_block_to_path", "block > big"); } return n; } /** * ext3_get_branch - read the chain of indirect blocks leading to data * @inode: inode in question * @depth: depth of the chain (1 - direct pointer, etc.) * @offsets: offsets of pointers in inode/indirect blocks * @chain: place to store the result * @err: here we store the error value * * Function fills the array of triples and returns %NULL * if everything went OK or the pointer to the last filled triple * (incomplete one) otherwise. Upon the return chain[i].key contains * the number of (i+1)-th block in the chain (as it is stored in memory, * i.e. little-endian 32-bit), chain[i].p contains the address of that * number (it points into struct inode for i==0 and into the bh->b_data * for i>0) and chain[i].bh points to the buffer_head of i-th indirect * block for i>0 and NULL for i==0. In other words, it holds the block * numbers of the chain, addresses they were taken from (and where we can * verify that chain did not change) and buffer_heads hosting these * numbers. * * Function stops when it stumbles upon zero pointer (absent block) * (pointer to last triple returned, *@err == 0) * or when it gets an IO error reading an indirect block * (ditto, *@err == -EIO) * or when it notices that chain had been changed while it was reading * (ditto, *@err == -EAGAIN) * or when it reads all @depth-1 indirect blocks successfully and finds * the whole chain, all way to the data (returns %NULL, *err == 0). */ static Indirect *ext3_get_branch(struct inode *inode, int depth, int *offsets, Indirect chain[4], int *err) { kdev_t dev = inode->i_dev; int blocksize = inode->i_sb->s_blocksize; Indirect *p = chain; struct buffer_head *bh; *err = 0; /* i_data is not going away, no lock needed */ add_chain (chain, NULL, inode->u.ext3_i.i_data + *offsets); if (!p->key) goto no_block; while (--depth) { bh = bread(dev, le32_to_cpu(p->key), blocksize); if (!bh) goto failure; /* Reader: pointers */ if (!verify_chain(chain, p)) goto changed; add_chain(++p, bh, (u32*)bh->b_data + *++offsets); /* Reader: end */ if (!p->key) goto no_block; } return NULL; changed: *err = -EAGAIN; goto no_block; failure: *err = -EIO; no_block: return p; } /** * ext3_find_near - find a place for allocation with sufficient locality * @inode: owner * @ind: descriptor of indirect block. * * This function returns the prefered place for block allocation. * It is used when heuristic for sequential allocation fails. * Rules are: * + if there is a block to the left of our position - allocate near it. * + if pointer will live in indirect block - allocate near that block. * + if pointer will live in inode - allocate in the same * cylinder group. * Caller must make sure that @ind is valid and will stay that way. */ static inline unsigned long ext3_find_near(struct inode *inode, Indirect *ind) { u32 *start = ind->bh ? (u32*) ind->bh->b_data : inode->u.ext3_i.i_data; u32 *p; /* Try to find previous block */ for (p = ind->p - 1; p >= start; p--) if (*p) return le32_to_cpu(*p); /* No such thing, so let's try location of indirect block */ if (ind->bh) return ind->bh->b_blocknr; /* * It is going to be refered from inode itself? OK, just put it into * the same cylinder group then. */ return (inode->u.ext3_i.i_block_group * EXT3_BLOCKS_PER_GROUP(inode->i_sb)) + le32_to_cpu(inode->i_sb->u.ext3_sb.s_es->s_first_data_block); } /** * ext3_find_goal - find a prefered place for allocation. * @inode: owner * @block: block we want * @chain: chain of indirect blocks * @partial: pointer to the last triple within a chain * @goal: place to store the result. * * Normally this function find the prefered place for block allocation, * stores it in *@goal and returns zero. If the branch had been changed * under us we return -EAGAIN. */ static int ext3_find_goal(struct inode *inode, long block, Indirect chain[4], Indirect *partial, unsigned long *goal) { /* Writer: ->i_next_alloc* */ if (block == inode->u.ext3_i.i_next_alloc_block + 1) { inode->u.ext3_i.i_next_alloc_block++; inode->u.ext3_i.i_next_alloc_goal++; } #ifdef SEARCH_FROM_ZERO inode->u.ext3_i.i_next_alloc_block = 0; inode->u.ext3_i.i_next_alloc_goal = 0; #endif /* Writer: end */ /* Reader: pointers, ->i_next_alloc* */ if (verify_chain(chain, partial)) { /* * try the heuristic for sequential allocation, * failing that at least try to get decent locality. */ if (block == inode->u.ext3_i.i_next_alloc_block) *goal = inode->u.ext3_i.i_next_alloc_goal; if (!*goal) *goal = ext3_find_near(inode, partial); #ifdef SEARCH_FROM_ZERO *goal = 0; #endif return 0; } /* Reader: end */ return -EAGAIN; } /** * ext3_alloc_branch - allocate and set up a chain of blocks. * @inode: owner * @num: depth of the chain (number of blocks to allocate) * @offsets: offsets (in the blocks) to store the pointers to next. * @branch: place to store the chain in. * * This function allocates @num blocks, zeroes out all but the last one, * links them into chain and (if we are synchronous) writes them to disk. * In other words, it prepares a branch that can be spliced onto the * inode. It stores the information about that chain in the branch[], in * the same format as ext3_get_branch() would do. We are calling it after * we had read the existing part of chain and partial points to the last * triple of that (one with zero ->key). Upon the exit we have the same * picture as after the successful ext3_get_block(), excpet that in one * place chain is disconnected - *branch->p is still zero (we did not * set the last link), but branch->key contains the number that should * be placed into *branch->p to fill that gap. * * If allocation fails we free all blocks we've allocated (and forget * their buffer_heads) and return the error value the from failed * ext3_alloc_block() (normally -ENOSPC). Otherwise we set the chain * as described above and return 0. */ static int ext3_alloc_branch(handle_t *handle, struct inode *inode, int num, unsigned long goal, int *offsets, Indirect *branch) { int blocksize = inode->i_sb->s_blocksize; int n = 0, keys = 0; int err = 0; int i; int parent = ext3_alloc_block(handle, inode, goal, &err); branch[0].key = cpu_to_le32(parent); if (parent) { for (n = 1; n < num; n++) { struct buffer_head *bh; /* Allocate the next block */ int nr = ext3_alloc_block(handle, inode, parent, &err); if (!nr) break; branch[n].key = cpu_to_le32(nr); keys = n+1; /* * Get buffer_head for parent block, zero it out * and set the pointer to new one, then send * parent to disk. */ bh = getblk(inode->i_dev, parent, blocksize); branch[n].bh = bh; lock_buffer(bh); BUFFER_TRACE(bh, "call get_create_access"); err = ext3_journal_get_create_access(handle, bh); if (err) { unlock_buffer(bh); brelse(bh); break; } memset(bh->b_data, 0, blocksize); branch[n].p = (u32*) bh->b_data + offsets[n]; *branch[n].p = branch[n].key; BUFFER_TRACE(bh, "marking uptodate"); mark_buffer_uptodate(bh, 1); unlock_buffer(bh); BUFFER_TRACE(bh, "call ext3_journal_dirty_metadata"); err = ext3_journal_dirty_metadata(handle, bh); if (err) break; parent = nr; } if (IS_SYNC(inode)) handle->h_sync = 1; } if (n == num) return 0; /* Allocation failed, free what we already allocated */ for (i = 1; i < keys; i++) { BUFFER_TRACE(branch[i].bh, "call journal_forget"); ext3_journal_forget(handle, branch[i].bh); } for (i = 0; i < keys; i++) ext3_free_blocks(handle, inode, le32_to_cpu(branch[i].key), 1); return err; } /** * ext3_splice_branch - splice the allocated branch onto inode. * @inode: owner * @block: (logical) number of block we are adding * @chain: chain of indirect blocks (with a missing link - see * ext3_alloc_branch) * @where: location of missing link * @num: number of blocks we are adding * * This function verifies that chain (up to the missing link) had not * changed, fills the missing link and does all housekeeping needed in * inode (->i_blocks, etc.). In case of success we end up with the full * chain to new block and return 0. Otherwise (== chain had been changed) * we free the new blocks (forgetting their buffer_heads, indeed) and * return -EAGAIN. */ static int ext3_splice_branch(handle_t *handle, struct inode *inode, long block, Indirect chain[4], Indirect *where, int num) { int i; int err = 0; /* * If we're splicing into a [td]indirect block (as opposed to the * inode) then we need to get write access to the [td]indirect block * before the splice. */ if (where->bh) { BUFFER_TRACE(where->bh, "get_write_access"); err = ext3_journal_get_write_access(handle, where->bh); if (err) goto err_out; } /* Verify that place we are splicing to is still there and vacant */ /* Writer: pointers, ->i_next_alloc* */ if (!verify_chain(chain, where-1) || *where->p) /* Writer: end */ goto changed; /* That's it */ *where->p = where->key; inode->u.ext3_i.i_next_alloc_block = block; inode->u.ext3_i.i_next_alloc_goal = le32_to_cpu(where[num-1].key); #ifdef SEARCH_FROM_ZERO inode->u.ext3_i.i_next_alloc_block = 0; inode->u.ext3_i.i_next_alloc_goal = 0; #endif /* Writer: end */ /* We are done with atomic stuff, now do the rest of housekeeping */ inode->i_ctime = CURRENT_TIME; ext3_mark_inode_dirty(handle, inode); /* had we spliced it onto indirect block? */ if (where->bh) { /* * akpm: If we spliced it onto an indirect block, we haven't * altered the inode. Note however that if it is being spliced * onto an indirect block at the very end of the file (the * file is growing) then we *will* alter the inode to reflect * the new i_size. But that is not done here - it is done in * generic_commit_write->__mark_inode_dirty->ext3_dirty_inode. */ jbd_debug(5, "splicing indirect only\n"); BUFFER_TRACE(where->bh, "call ext3_journal_dirty_metadata"); err = ext3_journal_dirty_metadata(handle, where->bh); if (err) goto err_out; } else { /* * OK, we spliced it into the inode itself on a direct block. * Inode was dirtied above. */ jbd_debug(5, "splicing direct\n"); } return err; changed: /* * AKPM: if where[i].bh isn't part of the current updating * transaction then we explode nastily. Test this code path. */ jbd_debug(1, "the chain changed: try again\n"); err = -EAGAIN; err_out: for (i = 1; i < num; i++) { BUFFER_TRACE(where[i].bh, "call journal_forget"); ext3_journal_forget(handle, where[i].bh); } /* For the normal collision cleanup case, we free up the blocks. * On genuine filesystem errors we don't even think about doing * that. */ if (err == -EAGAIN) for (i = 0; i < num; i++) ext3_free_blocks(handle, inode, le32_to_cpu(where[i].key), 1); return err; } /* * Allocation strategy is simple: if we have to allocate something, we will * have to go the whole way to leaf. So let's do it before attaching anything * to tree, set linkage between the newborn blocks, write them if sync is * required, recheck the path, free and repeat if check fails, otherwise * set the last missing link (that will protect us from any truncate-generated * removals - all blocks on the path are immune now) and possibly force the * write on the parent block. * That has a nice additional property: no special recovery from the failed * allocations is needed - we simply release blocks and do not touch anything * reachable from inode. * * akpm: `handle' can be NULL if create == 0. * * The BKL may not be held on entry here. Be sure to take it early. */ static int ext3_get_block_handle(handle_t *handle, struct inode *inode, long iblock, struct buffer_head *bh_result, int create) { int err = -EIO; int offsets[4]; Indirect chain[4]; Indirect *partial; unsigned long goal; int left; int depth = ext3_block_to_path(inode, iblock, offsets); loff_t new_size; J_ASSERT(handle != NULL || create == 0); if (depth == 0) goto out; lock_kernel(); reread: partial = ext3_get_branch(inode, depth, offsets, chain, &err); /* Simplest case - block found, no allocation needed */ if (!partial) { bh_result->b_state &= ~(1UL << BH_New); got_it: bh_result->b_dev = inode->i_dev; bh_result->b_blocknr = le32_to_cpu(chain[depth-1].key); bh_result->b_state |= (1UL << BH_Mapped); /* Clean up and exit */ partial = chain+depth-1; /* the whole chain */ goto cleanup; } /* Next simple case - plain lookup or failed read of indirect block */ if (!create || err == -EIO) { cleanup: while (partial > chain) { BUFFER_TRACE(partial->bh, "call brelse"); brelse(partial->bh); partial--; } BUFFER_TRACE(bh_result, "returned"); unlock_kernel(); out: return err; } /* * Indirect block might be removed by truncate while we were * reading it. Handling of that case (forget what we've got and * reread) is taken out of the main path. */ if (err == -EAGAIN) goto changed; if (ext3_find_goal(inode, iblock, chain, partial, &goal) < 0) goto changed; left = (chain + depth) - partial; /* * Block out ext3_truncate while we alter the tree */ down_read(&inode->u.ext3_i.truncate_sem); err = ext3_alloc_branch(handle, inode, left, goal, offsets+(partial-chain), partial); /* The ext3_splice_branch call will free and forget any buffers * on the new chain if there is a failure, but that risks using * up transaction credits, especially for bitmaps where the * credits cannot be returned. Can we handle this somehow? We * may need to return -EAGAIN upwards in the worst case. --sct */ if (!err) err = ext3_splice_branch(handle, inode, iblock, chain, partial, left); up_read(&inode->u.ext3_i.truncate_sem); if (err == -EAGAIN) goto changed; if (err) goto cleanup; new_size = inode->i_size; /* * This is not racy against ext3_truncate's modification of i_disksize * because VM/VFS ensures that the file cannot be extended while * truncate is in progress. It is racy between multiple parallel * instances of get_block, but we have the BKL. */ if (new_size > inode->u.ext3_i.i_disksize) inode->u.ext3_i.i_disksize = new_size; bh_result->b_state |= (1UL << BH_New); goto got_it; changed: while (partial > chain) { jbd_debug(1, "buffer chain changed, retrying\n"); BUFFER_TRACE(partial->bh, "brelsing"); brelse(partial->bh); partial--; } goto reread; } /* * The BKL is not held on entry here. */ static int ext3_get_block(struct inode *inode, long iblock, struct buffer_head *bh_result, int create) { handle_t *handle = 0; int ret; if (create) { handle = ext3_journal_current_handle(); J_ASSERT(handle != 0); } ret = ext3_get_block_handle(handle, inode, iblock, bh_result, create); return ret; } /* * `handle' can be NULL if create is zero */ struct buffer_head *ext3_getblk(handle_t *handle, struct inode * inode, long block, int create, int * errp) { struct buffer_head dummy; int fatal = 0, err; J_ASSERT(handle != NULL || create == 0); dummy.b_state = 0; dummy.b_blocknr = -1000; buffer_trace_init(&dummy.b_history); *errp = ext3_get_block_handle(handle, inode, block, &dummy, create); if (!*errp && buffer_mapped(&dummy)) { struct buffer_head *bh; bh = getblk(dummy.b_dev, dummy.b_blocknr, inode->i_sb->s_blocksize); if (buffer_new(&dummy)) { J_ASSERT(create != 0); J_ASSERT(handle != 0); /* Now that we do not always journal data, we should keep in mind whether this should always journal the new buffer as metadata. For now, regular file writes use ext3_get_block instead, so it's not a problem. */ lock_kernel(); lock_buffer(bh); BUFFER_TRACE(bh, "call get_create_access"); fatal = ext3_journal_get_create_access(handle, bh); if (!fatal) { memset(bh->b_data, 0, inode->i_sb->s_blocksize); mark_buffer_uptodate(bh, 1); } unlock_buffer(bh); BUFFER_TRACE(bh, "call ext3_journal_dirty_metadata"); err = ext3_journal_dirty_metadata(handle, bh); if (!fatal) fatal = err; unlock_kernel(); } else { BUFFER_TRACE(bh, "not a new buffer"); } if (fatal) { *errp = fatal; brelse(bh); bh = NULL; } return bh; } return NULL; } struct buffer_head *ext3_bread(handle_t *handle, struct inode * inode, int block, int create, int *err) { struct buffer_head * bh; int prev_blocks; prev_blocks = inode->i_blocks; bh = ext3_getblk (handle, inode, block, create, err); if (!bh) return bh; #ifdef EXT3_PREALLOCATE /* * If the inode has grown, and this is a directory, then use a few * more of the preallocated blocks to keep directory fragmentation * down. The preallocated blocks are guaranteed to be contiguous. */ if (create && S_ISDIR(inode->i_mode) && inode->i_blocks > prev_blocks && EXT3_HAS_COMPAT_FEATURE(inode->i_sb, EXT3_FEATURE_COMPAT_DIR_PREALLOC)) { int i; struct buffer_head *tmp_bh; for (i = 1; inode->u.ext3_i.i_prealloc_count && i < EXT3_SB(inode->i_sb)->s_es->s_prealloc_dir_blocks; i++) { /* * ext3_getblk will zero out the contents of the * directory for us */ tmp_bh = ext3_getblk(handle, inode, block+i, create, err); if (!tmp_bh) { brelse (bh); return 0; } brelse (tmp_bh); } } #endif if (buffer_uptodate(bh)) return bh; ll_rw_block (READ, 1, &bh); wait_on_buffer (bh); if (buffer_uptodate(bh)) return bh; brelse (bh); *err = -EIO; return NULL; } static int walk_page_buffers( handle_t *handle, struct buffer_head *head, unsigned from, unsigned to, int *partial, int (*fn)( handle_t *handle, struct buffer_head *bh)) { struct buffer_head *bh; unsigned block_start, block_end; unsigned blocksize = head->b_size; int err, ret = 0; for ( bh = head, block_start = 0; ret == 0 && (bh != head || !block_start); block_start = block_end, bh = bh->b_this_page) { block_end = block_start + blocksize; if (block_end <= from || block_start >= to) { if (partial && !buffer_uptodate(bh)) *partial = 1; continue; } err = (*fn)(handle, bh); if (!ret) ret = err; } return ret; } /* * To preserve ordering, it is essential that the hole instantiation and * the data write be encapsulated in a single transaction. We cannot * close off a transaction and start a new one between the ext3_get_block() * and the commit_write(). So doing the journal_start at the start of * prepare_write() is the right place. * * Also, this function can nest inside ext3_writepage() -> * block_write_full_page(). In that case, we *know* that ext3_writepage() * has generated enough buffer credits to do the whole page. So we won't * block on the journal in that case, which is good, because the caller may * be PF_MEMALLOC. * * By accident, ext3 can be reentered when a transaction is open via * quota file writes. If we were to commit the transaction while thus * reentered, there can be a deadlock - we would be holding a quota * lock, and the commit would never complete if another thread had a * transaction open and was blocking on the quota lock - a ranking * violation. * * So what we do is to rely on the fact that journal_stop/journal_start * will _not_ run commit under these circumstances because handle->h_ref * is elevated. We'll still have enough credits for the tiny quotafile * write. */ static int do_journal_get_write_access(handle_t *handle, struct buffer_head *bh) { return ext3_journal_get_write_access(handle, bh); } static int ext3_prepare_write(struct file *file, struct page *page, unsigned from, unsigned to) { struct inode *inode = page->mapping->host; handle_t *handle = ext3_journal_current_handle(); int ret, needed_blocks = ext3_writepage_trans_blocks(inode); lock_kernel(); handle = ext3_journal_start(inode, needed_blocks); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } unlock_kernel(); ret = block_prepare_write(page, from, to, ext3_get_block); lock_kernel(); if (ret != 0) goto prepare_write_failed; if (ext3_should_journal_data(inode)) { ret = walk_page_buffers(handle, page->buffers, from, to, NULL, do_journal_get_write_access); if (ret) { /* * We're going to fail this prepare_write(), * so commit_write() will not be called. * We need to undo block_prepare_write()'s kmap(). * AKPM: Do we need to clear PageUptodate? I don't * think so. */ kunmap(page); } } prepare_write_failed: if (ret) ext3_journal_stop(handle, inode); out: unlock_kernel(); return ret; } static int journal_dirty_sync_data(handle_t *handle, struct buffer_head *bh) { return ext3_journal_dirty_data(handle, bh, 0); } /* * For ext3_writepage(). We also brelse() the buffer to account for * the bget() which ext3_writepage() performs. */ static int journal_dirty_async_data(handle_t *handle, struct buffer_head *bh) { int ret = ext3_journal_dirty_data(handle, bh, 1); __brelse(bh); return ret; } /* For commit_write() in data=journal mode */ static int commit_write_fn(handle_t *handle, struct buffer_head *bh) { set_bit(BH_Uptodate, &bh->b_state); return ext3_journal_dirty_metadata(handle, bh); } /* * We need to pick up the new inode size which generic_commit_write gave us * `file' can be NULL - eg, when called from block_symlink(). * * ext3 inode->i_dirty_buffers policy: If we're journalling data we * definitely don't want them to appear on the inode at all - instead * we need to manage them at the JBD layer and we need to intercept * the relevant sync operations and translate them into journal operations. * * If we're not journalling data then we can just leave the buffers * on ->i_dirty_buffers. If someone writes them out for us then thanks. * Otherwise we'll do it in commit, if we're using ordered data. */ static int ext3_commit_write(struct file *file, struct page *page, unsigned from, unsigned to) { handle_t *handle = ext3_journal_current_handle(); struct inode *inode = page->mapping->host; int ret = 0, ret2; lock_kernel(); if (ext3_should_journal_data(inode)) { /* * Here we duplicate the generic_commit_write() functionality */ int partial = 0; loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to; ret = walk_page_buffers(handle, page->buffers, from, to, &partial, commit_write_fn); if (!partial) SetPageUptodate(page); kunmap(page); if (pos > inode->i_size) inode->i_size = pos; EXT3_I(inode)->i_state |= EXT3_STATE_JDATA; } else { if (ext3_should_order_data(inode)) { ret = walk_page_buffers(handle, page->buffers, from, to, NULL, journal_dirty_sync_data); } /* Be careful here if generic_commit_write becomes a * required invocation after block_prepare_write. */ if (ret == 0) { ret = generic_commit_write(file, page, from, to); } else { /* * block_prepare_write() was called, but we're not * going to call generic_commit_write(). So we * need to perform generic_commit_write()'s kunmap * by hand. */ kunmap(page); } } if (inode->i_size > inode->u.ext3_i.i_disksize) { inode->u.ext3_i.i_disksize = inode->i_size; ret2 = ext3_mark_inode_dirty(handle, inode); if (!ret) ret = ret2; } ret2 = ext3_journal_stop(handle, inode); unlock_kernel(); if (!ret) ret = ret2; return ret; } /* * bmap() is special. It gets used by applications such as lilo and by * the swapper to find the on-disk block of a specific piece of data. * * Naturally, this is dangerous if the block concerned is still in the * journal. If somebody makes a swapfile on an ext3 data-journaling * filesystem and enables swap, then they may get a nasty shock when the * data getting swapped to that swapfile suddenly gets overwritten by * the original zero's written out previously to the journal and * awaiting writeback in the kernel's buffer cache. * * So, if we see any bmap calls here on a modified, data-journaled file, * take extra steps to flush any blocks which might be in the cache. */ static int ext3_bmap(struct address_space *mapping, long block) { struct inode *inode = mapping->host; journal_t *journal; int err; if (EXT3_I(inode)->i_state & EXT3_STATE_JDATA) { /* * This is a REALLY heavyweight approach, but the use of * bmap on dirty files is expected to be extremely rare: * only if we run lilo or swapon on a freshly made file * do we expect this to happen. * * (bmap requires CAP_SYS_RAWIO so this does not * represent an unprivileged user DOS attack --- we'd be * in trouble if mortal users could trigger this path at * will.) * * NB. EXT3_STATE_JDATA is not set on files other than * regular files. If somebody wants to bmap a directory * or symlink and gets confused because the buffer * hasn't yet been flushed to disk, they deserve * everything they get. */ EXT3_I(inode)->i_state &= ~EXT3_STATE_JDATA; journal = EXT3_JOURNAL(inode); journal_lock_updates(journal); err = journal_flush(journal); journal_unlock_updates(journal); if (err) return 0; } return generic_block_bmap(mapping,block,ext3_get_block); } static int bget_one(handle_t *handle, struct buffer_head *bh) { atomic_inc(&bh->b_count); return 0; } /* * Note that we always start a transaction even if we're not journalling * data. This is to preserve ordering: any hole instantiation within * __block_write_full_page -> ext3_get_block() should be journalled * along with the data so we don't crash and then get metadata which * refers to old data. * * In all journalling modes block_write_full_page() will start the I/O. * * Problem: * * ext3_writepage() -> kmalloc() -> __alloc_pages() -> page_launder() -> * ext3_writepage() * * Similar for: * * ext3_file_write() -> generic_file_write() -> __alloc_pages() -> ... * * Same applies to ext3_get_block(). We will deadlock on various things like * lock_journal and i_truncate_sem. * * Setting PF_MEMALLOC here doesn't work - too many internal memory * allocations fail. * * 16May01: If we're reentered then journal_current_handle() will be * non-zero. We simply *return*. * * 1 July 2001: @@@ FIXME: * In journalled data mode, a data buffer may be metadata against the * current transaction. But the same file is part of a shared mapping * and someone does a writepage() on it. * * We will move the buffer onto the async_data list, but *after* it has * been dirtied. So there's a small window where we have dirty data on * BJ_Metadata. * * Note that this only applies to the last partial page in the file. The * bit which block_write_full_page() uses prepare/commit for. (That's * broken code anyway: it's wrong for msync()). * * It's a rare case: affects the final partial page, for journalled data * where the file is subject to bith write() and writepage() in the same * transction. To fix it we'll need a custom block_write_full_page(). * We'll probably need that anyway for journalling writepage() output. * * We don't honour synchronous mounts for writepage(). That would be * disastrous. Any write() or metadata operation will sync the fs for * us. */ static int ext3_writepage(struct page *page) { struct inode *inode = page->mapping->host; struct buffer_head *page_buffers; handle_t *handle = NULL; int ret = 0, err; int needed; int order_data; J_ASSERT(PageLocked(page)); /* * We give up here if we're reentered, because it might be * for a different filesystem. One *could* look for a * nested transaction opportunity. */ lock_kernel(); if (ext3_journal_current_handle()) goto out_fail; needed = ext3_writepage_trans_blocks(inode); if (current->flags & PF_MEMALLOC) handle = ext3_journal_try_start(inode, needed); else handle = ext3_journal_start(inode, needed); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out_fail; } order_data = ext3_should_order_data(inode) || ext3_should_journal_data(inode); unlock_kernel(); page_buffers = NULL; /* Purely to prevent compiler warning */ /* bget() all the buffers */ if (order_data) { if (!page->buffers) create_empty_buffers(page, inode->i_dev, inode->i_sb->s_blocksize); page_buffers = page->buffers; walk_page_buffers(handle, page_buffers, 0, PAGE_CACHE_SIZE, NULL, bget_one); } ret = block_write_full_page(page, ext3_get_block); /* * The page can become unlocked at any point now, and * truncate can then come in and change things. So we * can't touch *page from now on. But *page_buffers is * safe due to elevated refcount. */ handle = ext3_journal_current_handle(); lock_kernel(); /* And attach them to the current transaction */ if (order_data) { err = walk_page_buffers(handle, page_buffers, 0, PAGE_CACHE_SIZE, NULL, journal_dirty_async_data); if (!ret) ret = err; } err = ext3_journal_stop(handle, inode); if (!ret) ret = err; unlock_kernel(); return ret; out_fail: unlock_kernel(); SetPageDirty(page); UnlockPage(page); return ret; } static int ext3_readpage(struct file *file, struct page *page) { return block_read_full_page(page,ext3_get_block); } static int ext3_flushpage(struct page *page, unsigned long offset) { journal_t *journal = EXT3_JOURNAL(page->mapping->host); return journal_flushpage(journal, page, offset); } static int ext3_releasepage(struct page *page, int wait) { journal_t *journal = EXT3_JOURNAL(page->mapping->host); return journal_try_to_free_buffers(journal, page, wait); } struct address_space_operations ext3_aops = { readpage: ext3_readpage, /* BKL not held. Don't need */ writepage: ext3_writepage, /* BKL not held. We take it */ sync_page: block_sync_page, prepare_write: ext3_prepare_write, /* BKL not held. We take it */ commit_write: ext3_commit_write, /* BKL not held. We take it */ bmap: ext3_bmap, /* BKL held */ flushpage: ext3_flushpage, /* BKL not held. Don't need */ releasepage: ext3_releasepage, /* BKL not held. Don't need */ }; /* * ext3_block_truncate_page() zeroes out a mapping from file offset `from' * up to the end of the block which corresponds to `from'. * This required during truncate. We need to physically zero the tail end * of that block so it doesn't yield old data if the file is later grown. */ static int ext3_block_truncate_page(handle_t *handle, struct address_space *mapping, loff_t from) { unsigned long index = from >> PAGE_CACHE_SHIFT; unsigned offset = from & (PAGE_CACHE_SIZE-1); unsigned blocksize, iblock, length, pos; struct inode *inode = mapping->host; struct page *page; struct buffer_head *bh; int err; blocksize = inode->i_sb->s_blocksize; length = offset & (blocksize - 1); /* Block boundary? Nothing to do */ if (!length) return 0; length = blocksize - length; iblock = index << (PAGE_CACHE_SHIFT - inode->i_sb->s_blocksize_bits); page = grab_cache_page(mapping, index); err = -ENOMEM; if (!page) goto out; if (!page->buffers) create_empty_buffers(page, inode->i_dev, blocksize); /* Find the buffer that contains "offset" */ bh = page->buffers; pos = blocksize; while (offset >= pos) { bh = bh->b_this_page; iblock++; pos += blocksize; } err = 0; if (!buffer_mapped(bh)) { /* Hole? Nothing to do */ if (buffer_uptodate(bh)) goto unlock; ext3_get_block(inode, iblock, bh, 0); /* Still unmapped? Nothing to do */ if (!buffer_mapped(bh)) goto unlock; } /* Ok, it's mapped. Make sure it's up-to-date */ if (Page_Uptodate(page)) set_bit(BH_Uptodate, &bh->b_state); if (!buffer_uptodate(bh)) { err = -EIO; ll_rw_block(READ, 1, &bh); wait_on_buffer(bh); /* Uhhuh. Read error. Complain and punt. */ if (!buffer_uptodate(bh)) goto unlock; } if (ext3_should_journal_data(inode)) { BUFFER_TRACE(bh, "get write access"); err = ext3_journal_get_write_access(handle, bh); if (err) goto unlock; } memset(kmap(page) + offset, 0, length); flush_dcache_page(page); kunmap(page); BUFFER_TRACE(bh, "zeroed end of block"); err = 0; if (ext3_should_journal_data(inode)) { err = ext3_journal_dirty_metadata(handle, bh); } else { if (ext3_should_order_data(inode)) err = ext3_journal_dirty_data(handle, bh, 0); __mark_buffer_dirty(bh); } unlock: UnlockPage(page); page_cache_release(page); out: return err; } /* * Probably it should be a library function... search for first non-zero word * or memcmp with zero_page, whatever is better for particular architecture. * Linus? */ static inline int all_zeroes(u32 *p, u32 *q) { while (p < q) if (*p++) return 0; return 1; } /** * ext3_find_shared - find the indirect blocks for partial truncation. * @inode: inode in question * @depth: depth of the affected branch * @offsets: offsets of pointers in that branch (see ext3_block_to_path) * @chain: place to store the pointers to partial indirect blocks * @top: place to the (detached) top of branch * * This is a helper function used by ext3_truncate(). * * When we do truncate() we may have to clean the ends of several * indirect blocks but leave the blocks themselves alive. Block is * partially truncated if some data below the new i_size is refered * from it (and it is on the path to the first completely truncated * data block, indeed). We have to free the top of that path along * with everything to the right of the path. Since no allocation * past the truncation point is possible until ext3_truncate() * finishes, we may safely do the latter, but top of branch may * require special attention - pageout below the truncation point * might try to populate it. * * We atomically detach the top of branch from the tree, store the * block number of its root in *@top, pointers to buffer_heads of * partially truncated blocks - in @chain[].bh and pointers to * their last elements that should not be removed - in * @chain[].p. Return value is the pointer to last filled element * of @chain. * * The work left to caller to do the actual freeing of subtrees: * a) free the subtree starting from *@top * b) free the subtrees whose roots are stored in * (@chain[i].p+1 .. end of @chain[i].bh->b_data) * c) free the subtrees growing from the inode past the @chain[0]. * (no partially truncated stuff there). */ static Indirect *ext3_find_shared(struct inode *inode, int depth, int offsets[4], Indirect chain[4], u32 *top) { Indirect *partial, *p; int k, err; *top = 0; /* Make k index the deepest non-null offest + 1 */ for (k = depth; k > 1 && !offsets[k-1]; k--) ; partial = ext3_get_branch(inode, k, offsets, chain, &err); /* Writer: pointers */ if (!partial) partial = chain + k-1; /* * If the branch acquired continuation since we've looked at it - * fine, it should all survive and (new) top doesn't belong to us. */ if (!partial->key && *partial->p) /* Writer: end */ goto no_top; for (p=partial; p>chain && all_zeroes((u32*)p->bh->b_data,p->p); p--) ; /* * OK, we've found the last block that must survive. The rest of our * branch should be detached before unlocking. However, if that rest * of branch is all ours and does not grow immediately from the inode * it's easier to cheat and just decrement partial->p. */ if (p == chain + k - 1 && p > chain) { p->p--; } else { *top = *p->p; /* Nope, don't do this in ext3. Must leave the tree intact */ #if 0 *p->p = 0; #endif } /* Writer: end */ while(partial > p) { brelse(partial->bh); partial--; } no_top: return partial; } /* * Zero a number of block pointers in either an inode or an indirect block. * If we restart the transaction we must again get write access to the * indirect block for further modification. * * We release `count' blocks on disk, but (last - first) may be greater * than `count' because there can be holes in there. */ static void ext3_clear_blocks(handle_t *handle, struct inode *inode, struct buffer_head *bh, unsigned long block_to_free, unsigned long count, u32 *first, u32 *last) { u32 *p; kdev_t dev = inode->i_sb->s_dev; unsigned long blocksize = inode->i_sb->s_blocksize; if (try_to_extend_transaction(handle, inode)) { if (bh) { BUFFER_TRACE(bh, "call ext3_journal_dirty_metadata"); ext3_journal_dirty_metadata(handle, bh); } ext3_mark_inode_dirty(handle, inode); ext3_journal_test_restart(handle, inode); BUFFER_TRACE(bh, "get_write_access"); ext3_journal_get_write_access(handle, bh); } /* * Any buffers which are on the journal will be in memory. We find * them on the hash table so journal_revoke() will run journal_forget() * on them. We've already detached each block from the file, so * bforget() in journal_forget() should be safe. * * AKPM: turn on bforget in journal_forget()!!! */ for (p = first; p < last; p++) { u32 nr = le32_to_cpu(*p); if (nr) { struct buffer_head *bh; *p = 0; bh = get_hash_table(dev, nr, blocksize); ext3_forget(handle, 0, inode, bh, nr); } } ext3_free_blocks(handle, inode, block_to_free, count); } /** * ext3_free_data - free a list of data blocks * @handle: handle for this transaction * @inode: inode we are dealing with * @this_bh: indirect buffer_head which contains *@first and *@last * @first: array of block numbers * @last: points immediately past the end of array * * We are freeing all blocks refered from that array (numbers are stored as * little-endian 32-bit) and updating @inode->i_blocks appropriately. * * We accumulate contiguous runs of blocks to free. Conveniently, if these * blocks are contiguous then releasing them at one time will only affect one * or two bitmap blocks (+ group descriptor(s) and superblock) and we won't * actually use a lot of journal space. * * @this_bh will be %NULL if @first and @last point into the inode's direct * block pointers. */ static void ext3_free_data(handle_t *handle, struct inode *inode, struct buffer_head *this_bh, u32 *first, u32 *last) { unsigned long block_to_free = 0; /* Starting block # of a run */ unsigned long count = 0; /* Number of blocks in the run */ u32 *block_to_free_p = NULL; /* Pointer into inode/ind corresponding to block_to_free */ unsigned long nr; /* Current block # */ u32 *p; /* Pointer into inode/ind for current block */ int err; if (this_bh) { /* For indirect block */ BUFFER_TRACE(this_bh, "get_write_access"); err = ext3_journal_get_write_access(handle, this_bh); /* Important: if we can't update the indirect pointers * to the blocks, we can't free them. */ if (err) return; } for (p = first; p < last; p++) { nr = le32_to_cpu(*p); if (nr) { /* accumulate blocks to free if they're contiguous */ if (count == 0) { block_to_free = nr; block_to_free_p = p; count = 1; } else if (nr == block_to_free + count) { count++; } else { ext3_clear_blocks(handle, inode, this_bh, block_to_free, count, block_to_free_p, p); block_to_free = nr; block_to_free_p = p; count = 1; } } } if (count > 0) ext3_clear_blocks(handle, inode, this_bh, block_to_free, count, block_to_free_p, p); if (this_bh) { BUFFER_TRACE(this_bh, "call ext3_journal_dirty_metadata"); ext3_journal_dirty_metadata(handle, this_bh); } } /** * ext3_free_branches - free an array of branches * @handle: JBD handle for this transaction * @inode: inode we are dealing with * @parent_bh: the buffer_head which contains *@first and *@last * @first: array of block numbers * @last: pointer immediately past the end of array * @depth: depth of the branches to free * * We are freeing all blocks refered from these branches (numbers are * stored as little-endian 32-bit) and updating @inode->i_blocks * appropriately. */ static void ext3_free_branches(handle_t *handle, struct inode *inode, struct buffer_head *parent_bh, u32 *first, u32 *last, int depth) { unsigned long nr; u32 *p; if (is_handle_aborted(handle)) return; if (depth--) { struct buffer_head *bh; int addr_per_block = EXT3_ADDR_PER_BLOCK(inode->i_sb); p = last; while (--p >= first) { nr = le32_to_cpu(*p); if (!nr) continue; /* A hole */ /* Go read the buffer for the next level down */ bh = bread(inode->i_dev, nr, inode->i_sb->s_blocksize); /* * A read failure? Report error and clear slot * (should be rare). */ if (!bh) { ext3_error(inode->i_sb, "ext3_free_branches", "Read failure, inode=%ld, block=%ld", inode->i_ino, nr); continue; } /* This zaps the entire block. Bottom up. */ BUFFER_TRACE(bh, "free child branches"); ext3_free_branches(handle, inode, bh, (u32*)bh->b_data, (u32*)bh->b_data + addr_per_block, depth); /* * We've probably journalled the indirect block several * times during the truncate. But it's no longer * needed and we now drop it from the transaction via * journal_revoke(). * * That's easy if it's exclusively part of this * transaction. But if it's part of the committing * transaction then journal_forget() will simply * brelse() it. That means that if the underlying * block is reallocated in ext3_get_block(), * unmap_underlying_metadata() will find this block * and will try to get rid of it. damn, damn. * * If this block has already been committed to the * journal, a revoke record will be written. And * revoke records must be emitted *before* clearing * this block's bit in the bitmaps. */ ext3_forget(handle, 1, inode, bh, bh->b_blocknr); /* * Everything below this this pointer has been * released. Now let this top-of-subtree go. * * We want the freeing of this indirect block to be * atomic in the journal with the updating of the * bitmap block which owns it. So make some room in * the journal. * * We zero the parent pointer *after* freeing its * pointee in the bitmaps, so if extend_transaction() * for some reason fails to put the bitmap changes and * the release into the same transaction, recovery * will merely complain about releasing a free block, * rather than leaking blocks. */ if (is_handle_aborted(handle)) return; if (try_to_extend_transaction(handle, inode)) { ext3_mark_inode_dirty(handle, inode); ext3_journal_test_restart(handle, inode); } ext3_free_blocks(handle, inode, nr, 1); if (parent_bh) { /* * The block which we have just freed is * pointed to by an indirect block: journal it */ BUFFER_TRACE(parent_bh, "get_write_access"); if (!ext3_journal_get_write_access(handle, parent_bh)){ *p = 0; BUFFER_TRACE(parent_bh, "call ext3_journal_dirty_metadata"); ext3_journal_dirty_metadata(handle, parent_bh); } } } } else { /* We have reached the bottom of the tree. */ BUFFER_TRACE(parent_bh, "free data blocks"); ext3_free_data(handle, inode, parent_bh, first, last); } } /* * ext3_truncate() * * We block out ext3_get_block() block instantiations across the entire * transaction, and VFS/VM ensures that ext3_truncate() cannot run * simultaneously on behalf of the same inode. * * As we work through the truncate and commmit bits of it to the journal there * is one core, guiding principle: the file's tree must always be consistent on * disk. We must be able to restart the truncate after a crash. * * The file's tree may be transiently inconsistent in memory (although it * probably isn't), but whenever we close off and commit a journal transaction, * the contents of (the filesystem + the journal) must be consistent and * restartable. It's pretty simple, really: bottom up, right to left (although * left-to-right works OK too). * * Note that at recovery time, journal replay occurs *before* the restart of * truncate against the orphan inode list. * * The committed inode has the new, desired i_size (which is the same as * i_disksize in this case). After a crash, ext3_orphan_cleanup() will see * that this inode's truncate did not complete and it will again call * ext3_truncate() to have another go. So there will be instantiated blocks * to the right of the truncation point in a crashed ext3 filesystem. But * that's fine - as long as they are linked from the inode, the post-crash * ext3_truncate() run will find them and release them. */ void ext3_truncate(struct inode * inode) { handle_t *handle; u32 *i_data = inode->u.ext3_i.i_data; int addr_per_block = EXT3_ADDR_PER_BLOCK(inode->i_sb); int offsets[4]; Indirect chain[4]; Indirect *partial; int nr = 0; int n; long last_block; unsigned blocksize; if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))) return; if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return; ext3_discard_prealloc(inode); handle = start_transaction(inode); if (IS_ERR(handle)) return; /* AKPM: return what? */ blocksize = inode->i_sb->s_blocksize; last_block = (inode->i_size + blocksize-1) >> EXT3_BLOCK_SIZE_BITS(inode->i_sb); ext3_block_truncate_page(handle, inode->i_mapping, inode->i_size); n = ext3_block_to_path(inode, last_block, offsets); if (n == 0) goto out_stop; /* error */ /* * OK. This truncate is going to happen. We add the inode to the * orphan list, so that if this truncate spans multiple transactions, * and we crash, we will resume the truncate when the filesystem * recovers. It also marks the inode dirty, to catch the new size. * * Implication: the file must always be in a sane, consistent * truncatable state while each transaction commits. */ if (ext3_orphan_add(handle, inode)) goto out_stop; /* * The orphan list entry will now protect us from any crash which * occurs before the truncate completes, so it is now safe to propagate * the new, shorter inode size (held for now in i_size) into the * on-disk inode. We do this via i_disksize, which is the value which * ext3 *really* writes onto the disk inode. */ inode->u.ext3_i.i_disksize = inode->i_size; /* * From here we block out all ext3_get_block() callers who want to * modify the block allocation tree. */ down_write(&inode->u.ext3_i.truncate_sem); if (n == 1) { /* direct blocks */ ext3_free_data(handle, inode, NULL, i_data+offsets[0], i_data + EXT3_NDIR_BLOCKS); goto do_indirects; } partial = ext3_find_shared(inode, n, offsets, chain, &nr); /* Kill the top of shared branch (not detached) */ if (nr) { if (partial == chain) { /* Shared branch grows from the inode */ ext3_free_branches(handle, inode, NULL, &nr, &nr+1, (chain+n-1) - partial); *partial->p = 0; /* * We mark the inode dirty prior to restart, * and prior to stop. No need for it here. */ } else { /* Shared branch grows from an indirect block */ BUFFER_TRACE(partial->bh, "get_write_access"); ext3_free_branches(handle, inode, partial->bh, partial->p, partial->p+1, (chain+n-1) - partial); } } /* Clear the ends of indirect blocks on the shared branch */ while (partial > chain) { ext3_free_branches(handle, inode, partial->bh, partial->p + 1, (u32*)partial->bh->b_data + addr_per_block, (chain+n-1) - partial); BUFFER_TRACE(partial->bh, "call brelse"); brelse (partial->bh); partial--; } do_indirects: /* Kill the remaining (whole) subtrees */ switch (offsets[0]) { default: nr = i_data[EXT3_IND_BLOCK]; if (nr) { ext3_free_branches(handle, inode, NULL, &nr, &nr+1, 1); i_data[EXT3_IND_BLOCK] = 0; } case EXT3_IND_BLOCK: nr = i_data[EXT3_DIND_BLOCK]; if (nr) { ext3_free_branches(handle, inode, NULL, &nr, &nr+1, 2); i_data[EXT3_DIND_BLOCK] = 0; } case EXT3_DIND_BLOCK: nr = i_data[EXT3_TIND_BLOCK]; if (nr) { ext3_free_branches(handle, inode, NULL, &nr, &nr+1, 3); i_data[EXT3_TIND_BLOCK] = 0; } case EXT3_TIND_BLOCK: ; } up_write(&inode->u.ext3_i.truncate_sem); inode->i_mtime = inode->i_ctime = CURRENT_TIME; ext3_mark_inode_dirty(handle, inode); /* In a multi-transaction truncate, we only make the final * transaction synchronous */ if (IS_SYNC(inode)) handle->h_sync = 1; out_stop: /* * If this was a simple ftruncate(), and the file will remain alive * then we need to clear up the orphan record which we created above. * However, if this was a real unlink then we were called by * ext3_delete_inode(), and we allow that function to clean up the * orphan info for us. */ if (inode->i_nlink) ext3_orphan_del(handle, inode); ext3_journal_stop(handle, inode); } /* * ext3_get_inode_loc returns with an extra refcount against the * inode's underlying buffer_head on success. */ int ext3_get_inode_loc (struct inode *inode, struct ext3_iloc *iloc) { struct buffer_head *bh = 0; unsigned long block; unsigned long block_group; unsigned long group_desc; unsigned long desc; unsigned long offset; struct ext3_group_desc * gdp; if ((inode->i_ino != EXT3_ROOT_INO && inode->i_ino != EXT3_ACL_IDX_INO && inode->i_ino != EXT3_ACL_DATA_INO && inode->i_ino != EXT3_JOURNAL_INO && inode->i_ino < EXT3_FIRST_INO(inode->i_sb)) || inode->i_ino > le32_to_cpu( inode->i_sb->u.ext3_sb.s_es->s_inodes_count)) { ext3_error (inode->i_sb, "ext3_get_inode_loc", "bad inode number: %lu", inode->i_ino); goto bad_inode; } block_group = (inode->i_ino - 1) / EXT3_INODES_PER_GROUP(inode->i_sb); if (block_group >= inode->i_sb->u.ext3_sb.s_groups_count) { ext3_error (inode->i_sb, "ext3_get_inode_loc", "group >= groups count"); goto bad_inode; } group_desc = block_group >> EXT3_DESC_PER_BLOCK_BITS(inode->i_sb); desc = block_group & (EXT3_DESC_PER_BLOCK(inode->i_sb) - 1); bh = inode->i_sb->u.ext3_sb.s_group_desc[group_desc]; if (!bh) { ext3_error (inode->i_sb, "ext3_get_inode_loc", "Descriptor not loaded"); goto bad_inode; } gdp = (struct ext3_group_desc *) bh->b_data; /* * Figure out the offset within the block group inode table */ offset = ((inode->i_ino - 1) % EXT3_INODES_PER_GROUP(inode->i_sb)) * EXT3_INODE_SIZE(inode->i_sb); block = le32_to_cpu(gdp[desc].bg_inode_table) + (offset >> EXT3_BLOCK_SIZE_BITS(inode->i_sb)); if (!(bh = bread (inode->i_dev, block, inode->i_sb->s_blocksize))) { ext3_error (inode->i_sb, "ext3_get_inode_loc", "unable to read inode block - " "inode=%lu, block=%lu", inode->i_ino, block); goto bad_inode; } offset &= (EXT3_BLOCK_SIZE(inode->i_sb) - 1); iloc->bh = bh; iloc->raw_inode = (struct ext3_inode *) (bh->b_data + offset); iloc->block_group = block_group; return 0; bad_inode: return -EIO; } void ext3_read_inode(struct inode * inode) { struct ext3_iloc iloc; struct ext3_inode *raw_inode; struct buffer_head *bh; int block; if(ext3_get_inode_loc(inode, &iloc)) goto bad_inode; bh = iloc.bh; raw_inode = iloc.raw_inode; init_rwsem(&inode->u.ext3_i.truncate_sem); inode->i_mode = le16_to_cpu(raw_inode->i_mode); inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low); inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low); if(!(test_opt (inode->i_sb, NO_UID32))) { inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16; inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16; } inode->i_nlink = le16_to_cpu(raw_inode->i_links_count); inode->i_size = le32_to_cpu(raw_inode->i_size); inode->i_atime = le32_to_cpu(raw_inode->i_atime); inode->i_ctime = le32_to_cpu(raw_inode->i_ctime); inode->i_mtime = le32_to_cpu(raw_inode->i_mtime); inode->u.ext3_i.i_dtime = le32_to_cpu(raw_inode->i_dtime); /* We now have enough fields to check if the inode was active or not. * This is needed because nfsd might try to access dead inodes * the test is that same one that e2fsck uses * NeilBrown 1999oct15 */ if (inode->i_nlink == 0) { if (inode->i_mode == 0 || !(inode->i_sb->u.ext3_sb.s_mount_state & EXT3_ORPHAN_FS)) { /* this inode is deleted */ brelse (bh); goto bad_inode; } /* The only unlinked inodes we let through here have * valid i_mode and are being read by the orphan * recovery code: that's fine, we're about to complete * the process of deleting those. */ } inode->i_blksize = PAGE_SIZE; /* This is the optimal IO size * (for stat), not the fs block * size */ inode->i_blocks = le32_to_cpu(raw_inode->i_blocks); inode->i_version = ++event; inode->u.ext3_i.i_flags = le32_to_cpu(raw_inode->i_flags); #ifdef EXT3_FRAGMENTS inode->u.ext3_i.i_faddr = le32_to_cpu(raw_inode->i_faddr); inode->u.ext3_i.i_frag_no = raw_inode->i_frag; inode->u.ext3_i.i_frag_size = raw_inode->i_fsize; #endif inode->u.ext3_i.i_file_acl = le32_to_cpu(raw_inode->i_file_acl); if (!S_ISREG(inode->i_mode)) { inode->u.ext3_i.i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl); } else { inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32; } inode->u.ext3_i.i_disksize = inode->i_size; inode->i_generation = le32_to_cpu(raw_inode->i_generation); #ifdef EXT3_PREALLOCATE inode->u.ext3_i.i_prealloc_count = 0; #endif inode->u.ext3_i.i_block_group = iloc.block_group; /* * NOTE! The in-memory inode i_data array is in little-endian order * even on big-endian machines: we do NOT byteswap the block numbers! */ for (block = 0; block < EXT3_N_BLOCKS; block++) inode->u.ext3_i.i_data[block] = iloc.raw_inode->i_block[block]; INIT_LIST_HEAD(&inode->u.ext3_i.i_orphan); brelse (iloc.bh); if (inode->i_ino == EXT3_ACL_IDX_INO || inode->i_ino == EXT3_ACL_DATA_INO) /* Nothing to do */ ; else if (S_ISREG(inode->i_mode)) { inode->i_op = &ext3_file_inode_operations; inode->i_fop = &ext3_file_operations; inode->i_mapping->a_ops = &ext3_aops; } else if (S_ISDIR(inode->i_mode)) { inode->i_op = &ext3_dir_inode_operations; inode->i_fop = &ext3_dir_operations; } else if (S_ISLNK(inode->i_mode)) { if (!inode->i_blocks) inode->i_op = &ext3_fast_symlink_inode_operations; else { inode->i_op = &page_symlink_inode_operations; inode->i_mapping->a_ops = &ext3_aops; } } else init_special_inode(inode, inode->i_mode, le32_to_cpu(iloc.raw_inode->i_block[0])); /* inode->i_attr_flags = 0; unused */ if (inode->u.ext3_i.i_flags & EXT3_SYNC_FL) { /* inode->i_attr_flags |= ATTR_FLAG_SYNCRONOUS; unused */ inode->i_flags |= S_SYNC; } if (inode->u.ext3_i.i_flags & EXT3_APPEND_FL) { /* inode->i_attr_flags |= ATTR_FLAG_APPEND; unused */ inode->i_flags |= S_APPEND; } if (inode->u.ext3_i.i_flags & EXT3_IMMUTABLE_FL) { /* inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE; unused */ inode->i_flags |= S_IMMUTABLE; } if (inode->u.ext3_i.i_flags & EXT3_NOATIME_FL) { /* inode->i_attr_flags |= ATTR_FLAG_NOATIME; unused */ inode->i_flags |= S_NOATIME; } return; bad_inode: make_bad_inode(inode); return; } /* * Post the struct inode info into an on-disk inode location in the * buffer-cache. This gobbles the caller's reference to the * buffer_head in the inode location struct. */ static int ext3_do_update_inode(handle_t *handle, struct inode *inode, struct ext3_iloc *iloc) { struct ext3_inode *raw_inode = iloc->raw_inode; struct buffer_head *bh = iloc->bh; int err = 0, rc, block; if (handle) { BUFFER_TRACE(bh, "get_write_access"); err = ext3_journal_get_write_access(handle, bh); if (err) goto out_brelse; } raw_inode->i_mode = cpu_to_le16(inode->i_mode); if(!(test_opt(inode->i_sb, NO_UID32))) { raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid)); raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid)); /* * Fix up interoperability with old kernels. Otherwise, old inodes get * re-used with the upper 16 bits of the uid/gid intact */ if(!inode->u.ext3_i.i_dtime) { raw_inode->i_uid_high = cpu_to_le16(high_16_bits(inode->i_uid)); raw_inode->i_gid_high = cpu_to_le16(high_16_bits(inode->i_gid)); } else { raw_inode->i_uid_high = 0; raw_inode->i_gid_high = 0; } } else { raw_inode->i_uid_low = cpu_to_le16(fs_high2lowuid(inode->i_uid)); raw_inode->i_gid_low = cpu_to_le16(fs_high2lowgid(inode->i_gid)); raw_inode->i_uid_high = 0; raw_inode->i_gid_high = 0; } raw_inode->i_links_count = cpu_to_le16(inode->i_nlink); raw_inode->i_size = cpu_to_le32(inode->u.ext3_i.i_disksize); raw_inode->i_atime = cpu_to_le32(inode->i_atime); raw_inode->i_ctime = cpu_to_le32(inode->i_ctime); raw_inode->i_mtime = cpu_to_le32(inode->i_mtime); raw_inode->i_blocks = cpu_to_le32(inode->i_blocks); raw_inode->i_dtime = cpu_to_le32(inode->u.ext3_i.i_dtime); raw_inode->i_flags = cpu_to_le32(inode->u.ext3_i.i_flags); #ifdef EXT3_FRAGMENTS raw_inode->i_faddr = cpu_to_le32(inode->u.ext3_i.i_faddr); raw_inode->i_frag = inode->u.ext3_i.i_frag_no; raw_inode->i_fsize = inode->u.ext3_i.i_frag_size; #else /* If we are not tracking these fields in the in-memory inode, * then preserve them on disk, but still initialise them to zero * for new inodes. */ if (EXT3_I(inode)->i_state & EXT3_STATE_NEW) { raw_inode->i_faddr = 0; raw_inode->i_frag = 0; raw_inode->i_fsize = 0; } #endif raw_inode->i_file_acl = cpu_to_le32(inode->u.ext3_i.i_file_acl); if (!S_ISREG(inode->i_mode)) { raw_inode->i_dir_acl = cpu_to_le32(inode->u.ext3_i.i_dir_acl); } else { raw_inode->i_size_high = cpu_to_le32(inode->u.ext3_i.i_disksize >> 32); if (inode->u.ext3_i.i_disksize > 0x7fffffffULL) { struct super_block *sb = inode->i_sb; if (!EXT3_HAS_RO_COMPAT_FEATURE(sb, EXT3_FEATURE_RO_COMPAT_LARGE_FILE) || EXT3_SB(sb)->s_es->s_rev_level == cpu_to_le32(EXT3_GOOD_OLD_REV)) { /* If this is the first large file * created, add a flag to the superblock. */ err = ext3_journal_get_write_access(handle, sb->u.ext3_sb.s_sbh); if (err) goto out_brelse; ext3_update_dynamic_rev(sb); EXT3_SET_RO_COMPAT_FEATURE(sb, EXT3_FEATURE_RO_COMPAT_LARGE_FILE); sb->s_dirt = 1; handle->h_sync = 1; err = ext3_journal_dirty_metadata(handle, sb->u.ext3_sb.s_sbh); } } } raw_inode->i_generation = le32_to_cpu(inode->i_generation); if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode)) raw_inode->i_block[0] = cpu_to_le32(kdev_t_to_nr(inode->i_rdev)); else for (block = 0; block < EXT3_N_BLOCKS; block++) raw_inode->i_block[block] = inode->u.ext3_i.i_data[block]; BUFFER_TRACE(bh, "call ext3_journal_dirty_metadata"); rc = ext3_journal_dirty_metadata(handle, bh); if (!err) err = rc; EXT3_I(inode)->i_state &= ~EXT3_STATE_NEW; out_brelse: brelse (bh); ext3_std_error(inode->i_sb, err); return err; } /* * ext3_write_inode() * * We are called from a few places: * * - Within generic_file_write() for O_SYNC files. * Here, there will be no transaction running. We wait for any running * trasnaction to commit. * * - Within sys_sync(), kupdate and such. * We wait on commit, if tol to. * * - Within prune_icache() (PF_MEMALLOC == true) * Here we simply return. We can't afford to block kswapd on the * journal commit. * * In all cases it is actually safe for us to return without doing anything, * because the inode has been copied into a raw inode buffer in * ext3_mark_inode_dirty(). This is a correctness thing for O_SYNC and for * knfsd. * * Note that we are absolutely dependent upon all inode dirtiers doing the * right thing: they *must* call mark_inode_dirty() after dirtying info in * which we are interested. * * It would be a bug for them to not do this. The code: * * mark_inode_dirty(inode) * stuff(); * inode->i_size = expr; * * is in error because a kswapd-driven write_inode() could occur while * `stuff()' is running, and the new i_size will be lost. Plus the inode * will no longer be on the superblock's dirty inode list. */ void ext3_write_inode(struct inode *inode, int wait) { if (current->flags & PF_MEMALLOC) return; if (ext3_journal_current_handle()) { jbd_debug(0, "called recursively, non-PF_MEMALLOC!\n"); return; } if (!wait) return; ext3_force_commit(inode->i_sb); } /* * ext3_setattr() * * Called from notify_change. * * We want to trap VFS attempts to truncate the file as soon as * possible. In particular, we want to make sure that when the VFS * shrinks i_size, we put the inode on the orphan list and modify * i_disksize immediately, so that during the subsequent flushing of * dirty pages and freeing of disk blocks, we can guarantee that any * commit will leave the blocks being flushed in an unused state on * disk. (On recovery, the inode will get truncated and the blocks will * be freed, so we have a strong guarantee that no future commit will * leave these blocks visible to the user.) * * This is only needed for regular files. rmdir() has its own path, and * we can never truncate a direcory except on final unlink (at which * point i_nlink is zero so recovery is easy.) * * Called with the BKL. */ int ext3_setattr(struct dentry *dentry, struct iattr *attr) { struct inode *inode = dentry->d_inode; int error, rc = 0; const unsigned int ia_valid = attr->ia_valid; error = inode_change_ok(inode, attr); if (error) return error; if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { error = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0; if (error) return error; } if (attr->ia_valid & ATTR_SIZE && attr->ia_size < inode->i_size) { handle_t *handle; handle = ext3_journal_start(inode, 3); if (IS_ERR(handle)) { error = PTR_ERR(handle); goto err_out; } error = ext3_orphan_add(handle, inode); inode->u.ext3_i.i_disksize = attr->ia_size; rc = ext3_mark_inode_dirty(handle, inode); if (!error) error = rc; ext3_journal_stop(handle, inode); } rc = inode_setattr(inode, attr); /* If inode_setattr's call to ext3_truncate failed to get a * transaction handle at all, we need to clean up the in-core * orphan list manually. */ if (inode->i_nlink) ext3_orphan_del(NULL, inode); err_out: ext3_std_error(inode->i_sb, error); if (!error) error = rc; return error; } /* * akpm: how many blocks doth make a writepage()? * * With N blocks per page, it may be: * N data blocks * 2 indirect block * 2 dindirect * 1 tindirect * N+5 bitmap blocks (from the above) * N+5 group descriptor summary blocks * 1 inode block * 1 superblock. * 2 * EXT3_SINGLEDATA_TRANS_BLOCKS for the quote files * * 3 * (N + 5) + 2 + 2 * EXT3_SINGLEDATA_TRANS_BLOCKS * * With ordered or writeback data it's the same, less the N data blocks. * * If the inode's direct blocks can hold an integral number of pages then a * page cannot straddle two indirect blocks, and we can only touch one indirect * and dindirect block, and the "5" above becomes "3". * * This still overestimates under most circumstances. If we were to pass the * start and end offsets in here as well we could do block_to_path() on each * block and work out the exact number of indirects which are touched. Pah. */ int ext3_writepage_trans_blocks(struct inode *inode) { int bpp = ext3_journal_blocks_per_page(inode); int indirects = (EXT3_NDIR_BLOCKS % bpp) ? 5 : 3; int ret; if (ext3_should_journal_data(inode)) ret = 3 * (bpp + indirects) + 2; else ret = 2 * (bpp + indirects) + 2; #ifdef CONFIG_QUOTA ret += 2 * EXT3_SINGLEDATA_TRANS_BLOCKS; #endif return ret; } int ext3_mark_iloc_dirty(handle_t *handle, struct inode *inode, struct ext3_iloc *iloc) { int err = 0; if (handle) { /* the do_update_inode consumes one bh->b_count */ atomic_inc(&iloc->bh->b_count); err = ext3_do_update_inode(handle, inode, iloc); /* ext3_do_update_inode() does journal_dirty_metadata */ brelse(iloc->bh); } else { printk(KERN_EMERG __FUNCTION__ ": called with no handle!\n"); } return err; } /* * On success, We end up with an outstanding reference count against * iloc->bh. This _must_ be cleaned up later. */ int ext3_reserve_inode_write(handle_t *handle, struct inode *inode, struct ext3_iloc *iloc) { int err = 0; if (handle) { err = ext3_get_inode_loc(inode, iloc); if (!err) { BUFFER_TRACE(iloc->bh, "get_write_access"); err = ext3_journal_get_write_access(handle, iloc->bh); if (err) { brelse(iloc->bh); iloc->bh = NULL; } } } ext3_std_error(inode->i_sb, err); return err; } /* * akpm: What we do here is to mark the in-core inode as clean * with respect to inode dirtiness (it may still be data-dirty). * This means that the in-core inode may be reaped by prune_icache * without having to perform any I/O. This is a very good thing, * because *any* task may call prune_icache - even ones which * have a transaction open against a different journal. * * Is this cheating? Not really. Sure, we haven't written the * inode out, but prune_icache isn't a user-visible syncing function. * Whenever the user wants stuff synced (sys_sync, sys_msync, sys_fsync) * we start and wait on commits. * * Is this efficient/effective? Well, we're being nice to the system * by cleaning up our inodes proactively so they can be reaped * without I/O. But we are potentially leaving up to five seconds' * worth of inodes floating about which prune_icache wants us to * write out. One way to fix that would be to get prune_icache() * to do a write_super() to free up some memory. It has the desired * effect. */ int ext3_mark_inode_dirty(handle_t *handle, struct inode *inode) { struct ext3_iloc iloc; int err; err = ext3_reserve_inode_write(handle, inode, &iloc); if (!err) err = ext3_mark_iloc_dirty(handle, inode, &iloc); return err; } /* * akpm: ext3_dirty_inode() is called from __mark_inode_dirty() * * We're really interested in the case where a file is being extended. * i_size has been changed by generic_commit_write() and we thus need * to include the updated inode in the current transaction. * * Also, DQUOT_ALLOC_SPACE() will always dirty the inode when blocks * are allocated to the file. * * If the inode is marked synchronous, we don't honour that here - doing * so would cause a commit on atime updates, which we don't bother doing. * We handle synchronous inodes at the highest possible level. */ void ext3_dirty_inode(struct inode *inode) { handle_t *current_handle = ext3_journal_current_handle(); handle_t *handle; lock_kernel(); handle = ext3_journal_start(inode, 1); if (IS_ERR(handle)) goto out; if (current_handle && current_handle->h_transaction != handle->h_transaction) { /* This task has a transaction open against a different fs */ printk(KERN_EMERG __FUNCTION__": transactions do not match!\n"); } else { jbd_debug(5, "marking dirty. outer handle=%p\n", current_handle); ext3_mark_inode_dirty(handle, inode); } ext3_journal_stop(handle, inode); out: unlock_kernel(); } #ifdef AKPM /* * Bind an inode's backing buffer_head into this transaction, to prevent * it from being flushed to disk early. Unlike * ext3_reserve_inode_write, this leaves behind no bh reference and * returns no iloc structure, so the caller needs to repeat the iloc * lookup to mark the inode dirty later. */ static inline int ext3_pin_inode(handle_t *handle, struct inode *inode) { struct ext3_iloc iloc; int err = 0; if (handle) { err = ext3_get_inode_loc(inode, &iloc); if (!err) { BUFFER_TRACE(iloc.bh, "get_write_access"); err = journal_get_write_access(handle, iloc.bh); if (!err) err = ext3_journal_dirty_metadata(handle, iloc.bh); brelse(iloc.bh); } } ext3_std_error(inode->i_sb, err); return err; } #endif int ext3_change_inode_journal_flag(struct inode *inode, int val) { journal_t *journal; handle_t *handle; int err; /* * We have to be very careful here: changing a data block's * journaling status dynamically is dangerous. If we write a * data block to the journal, change the status and then delete * that block, we risk forgetting to revoke the old log record * from the journal and so a subsequent replay can corrupt data. * So, first we make sure that the journal is empty and that * nobody is changing anything. */ journal = EXT3_JOURNAL(inode); if (is_journal_aborted(journal) || IS_RDONLY(inode)) return -EROFS; journal_lock_updates(journal); journal_flush(journal); /* * OK, there are no updates running now, and all cached data is * synced to disk. We are now in a completely consistent state * which doesn't have anything in the journal, and we know that * no filesystem updates are running, so it is safe to modify * the inode's in-core data-journaling state flag now. */ if (val) inode->u.ext3_i.i_flags |= EXT3_JOURNAL_DATA_FL; else inode->u.ext3_i.i_flags &= ~EXT3_JOURNAL_DATA_FL; journal_unlock_updates(journal); /* Finally we can mark the inode as dirty. */ handle = ext3_journal_start(inode, 1); if (IS_ERR(handle)) return PTR_ERR(handle); err = ext3_mark_inode_dirty(handle, inode); handle->h_sync = 1; ext3_journal_stop(handle, inode); ext3_std_error(inode->i_sb, err); return err; } /* * ext3_aops_journal_start(). * * * * We need to take the inode semaphore *outside* the * journal_start/journal_stop. Otherwise, a different task could do a * wait_for_commit() while holding ->i_sem, which deadlocks. The rule * is: transaction open/closes are considered to be a locking operation * and they nest *inside* ->i_sem. * ---------------------------------------------------------------------------- * Possible problem: * ext3_file_write() * -> generic_file_write() * -> __alloc_pages() * -> page_launder() * -> ext3_writepage() * * And the writepage can be on a different fs while we have a * transaction open against this one! Bad. * * I tried making the task PF_MEMALLOC here, but that simply results in * 0-order allocation failures passed back to generic_file_write(). * Instead, we rely on the reentrancy protection in ext3_writepage(). * ---------------------------------------------------------------------------- * When we do the journal_start() here we don't really need to reserve * any blocks - we won't need any until we hit ext3_prepare_write(), * which does all the needed journal extending. However! There is a * problem with quotas: * * Thread 1: * sys_sync * ->sync_dquots * ->commit_dquot * ->lock_dquot * ->write_dquot * ->ext3_file_write * ->journal_start * ->ext3_prepare_write * ->journal_extend * ->journal_start * Thread 2: * ext3_create (for example) * ->ext3_new_inode * ->dquot_initialize * ->lock_dquot * * Deadlock. Thread 1's journal_start blocks because thread 2 has a * transaction open. Thread 2's transaction will never close because * thread 2 is stuck waiting for the dquot lock. * * So. We must ensure that thread 1 *never* needs to extend the journal * for quota writes. We do that by reserving enough journal blocks * here, in ext3_aops_journal_start() to ensure that the forthcoming "see if we * need to extend" test in ext3_prepare_write() succeeds. */