Commit | Line | Data |
---|---|---|
470decc6 | 1 | /* |
58862699 | 2 | * linux/fs/jbd2/recovery.c |
470decc6 DK |
3 | * |
4 | * Written by Stephen C. Tweedie <sct@redhat.com>, 1999 | |
5 | * | |
6 | * Copyright 1999-2000 Red Hat Software --- All Rights Reserved | |
7 | * | |
8 | * This file is part of the Linux kernel and is made available under | |
9 | * the terms of the GNU General Public License, version 2, or at your | |
10 | * option, any later version, incorporated herein by reference. | |
11 | * | |
12 | * Journal recovery routines for the generic filesystem journaling code; | |
13 | * part of the ext2fs journaling system. | |
14 | */ | |
15 | ||
16 | #ifndef __KERNEL__ | |
17 | #include "jfs_user.h" | |
18 | #else | |
19 | #include <linux/time.h> | |
20 | #include <linux/fs.h> | |
f7f4bccb | 21 | #include <linux/jbd2.h> |
470decc6 | 22 | #include <linux/errno.h> |
818d276c | 23 | #include <linux/crc32.h> |
79feb521 | 24 | #include <linux/blkdev.h> |
470decc6 DK |
25 | #endif |
26 | ||
27 | /* | |
28 | * Maintain information about the progress of the recovery job, so that | |
29 | * the different passes can carry information between them. | |
30 | */ | |
31 | struct recovery_info | |
32 | { | |
33 | tid_t start_transaction; | |
34 | tid_t end_transaction; | |
35 | ||
36 | int nr_replays; | |
37 | int nr_revokes; | |
38 | int nr_revoke_hits; | |
39 | }; | |
40 | ||
41 | enum passtype {PASS_SCAN, PASS_REVOKE, PASS_REPLAY}; | |
42 | static int do_one_pass(journal_t *journal, | |
43 | struct recovery_info *info, enum passtype pass); | |
44 | static int scan_revoke_records(journal_t *, struct buffer_head *, | |
45 | tid_t, struct recovery_info *); | |
46 | ||
47 | #ifdef __KERNEL__ | |
48 | ||
49 | /* Release readahead buffers after use */ | |
50 | static void journal_brelse_array(struct buffer_head *b[], int n) | |
51 | { | |
52 | while (--n >= 0) | |
53 | brelse (b[n]); | |
54 | } | |
55 | ||
56 | ||
57 | /* | |
58 | * When reading from the journal, we are going through the block device | |
59 | * layer directly and so there is no readahead being done for us. We | |
60 | * need to implement any readahead ourselves if we want it to happen at | |
61 | * all. Recovery is basically one long sequential read, so make sure we | |
62 | * do the IO in reasonably large chunks. | |
63 | * | |
64 | * This is not so critical that we need to be enormously clever about | |
65 | * the readahead size, though. 128K is a purely arbitrary, good-enough | |
66 | * fixed value. | |
67 | */ | |
68 | ||
69 | #define MAXBUF 8 | |
70 | static int do_readahead(journal_t *journal, unsigned int start) | |
71 | { | |
72 | int err; | |
73 | unsigned int max, nbufs, next; | |
18eba7aa | 74 | unsigned long long blocknr; |
470decc6 DK |
75 | struct buffer_head *bh; |
76 | ||
77 | struct buffer_head * bufs[MAXBUF]; | |
78 | ||
79 | /* Do up to 128K of readahead */ | |
80 | max = start + (128 * 1024 / journal->j_blocksize); | |
81 | if (max > journal->j_maxlen) | |
82 | max = journal->j_maxlen; | |
83 | ||
84 | /* Do the readahead itself. We'll submit MAXBUF buffer_heads at | |
85 | * a time to the block device IO layer. */ | |
86 | ||
87 | nbufs = 0; | |
88 | ||
89 | for (next = start; next < max; next++) { | |
f7f4bccb | 90 | err = jbd2_journal_bmap(journal, next, &blocknr); |
470decc6 DK |
91 | |
92 | if (err) { | |
f2a44523 | 93 | printk(KERN_ERR "JBD2: bad block at offset %u\n", |
470decc6 DK |
94 | next); |
95 | goto failed; | |
96 | } | |
97 | ||
98 | bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize); | |
99 | if (!bh) { | |
100 | err = -ENOMEM; | |
101 | goto failed; | |
102 | } | |
103 | ||
104 | if (!buffer_uptodate(bh) && !buffer_locked(bh)) { | |
105 | bufs[nbufs++] = bh; | |
106 | if (nbufs == MAXBUF) { | |
107 | ll_rw_block(READ, nbufs, bufs); | |
108 | journal_brelse_array(bufs, nbufs); | |
109 | nbufs = 0; | |
110 | } | |
111 | } else | |
112 | brelse(bh); | |
113 | } | |
114 | ||
115 | if (nbufs) | |
116 | ll_rw_block(READ, nbufs, bufs); | |
117 | err = 0; | |
118 | ||
119 | failed: | |
120 | if (nbufs) | |
121 | journal_brelse_array(bufs, nbufs); | |
122 | return err; | |
123 | } | |
124 | ||
125 | #endif /* __KERNEL__ */ | |
126 | ||
127 | ||
128 | /* | |
129 | * Read a block from the journal | |
130 | */ | |
131 | ||
132 | static int jread(struct buffer_head **bhp, journal_t *journal, | |
133 | unsigned int offset) | |
134 | { | |
135 | int err; | |
18eba7aa | 136 | unsigned long long blocknr; |
470decc6 DK |
137 | struct buffer_head *bh; |
138 | ||
139 | *bhp = NULL; | |
140 | ||
141 | if (offset >= journal->j_maxlen) { | |
f2a44523 | 142 | printk(KERN_ERR "JBD2: corrupted journal superblock\n"); |
470decc6 DK |
143 | return -EIO; |
144 | } | |
145 | ||
f7f4bccb | 146 | err = jbd2_journal_bmap(journal, offset, &blocknr); |
470decc6 DK |
147 | |
148 | if (err) { | |
f2a44523 | 149 | printk(KERN_ERR "JBD2: bad block at offset %u\n", |
470decc6 DK |
150 | offset); |
151 | return err; | |
152 | } | |
153 | ||
154 | bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize); | |
155 | if (!bh) | |
156 | return -ENOMEM; | |
157 | ||
158 | if (!buffer_uptodate(bh)) { | |
159 | /* If this is a brand new buffer, start readahead. | |
160 | Otherwise, we assume we are already reading it. */ | |
161 | if (!buffer_req(bh)) | |
162 | do_readahead(journal, offset); | |
163 | wait_on_buffer(bh); | |
164 | } | |
165 | ||
166 | if (!buffer_uptodate(bh)) { | |
f2a44523 | 167 | printk(KERN_ERR "JBD2: Failed to read block at offset %u\n", |
470decc6 DK |
168 | offset); |
169 | brelse(bh); | |
170 | return -EIO; | |
171 | } | |
172 | ||
173 | *bhp = bh; | |
174 | return 0; | |
175 | } | |
176 | ||
177 | ||
178 | /* | |
179 | * Count the number of in-use tags in a journal descriptor block. | |
180 | */ | |
181 | ||
b517bea1 | 182 | static int count_tags(journal_t *journal, struct buffer_head *bh) |
470decc6 DK |
183 | { |
184 | char * tagp; | |
185 | journal_block_tag_t * tag; | |
b517bea1 ZB |
186 | int nr = 0, size = journal->j_blocksize; |
187 | int tag_bytes = journal_tag_bytes(journal); | |
470decc6 DK |
188 | |
189 | tagp = &bh->b_data[sizeof(journal_header_t)]; | |
190 | ||
b517bea1 | 191 | while ((tagp - bh->b_data + tag_bytes) <= size) { |
470decc6 DK |
192 | tag = (journal_block_tag_t *) tagp; |
193 | ||
194 | nr++; | |
b517bea1 | 195 | tagp += tag_bytes; |
8f888ef8 | 196 | if (!(tag->t_flags & cpu_to_be16(JBD2_FLAG_SAME_UUID))) |
470decc6 DK |
197 | tagp += 16; |
198 | ||
8f888ef8 | 199 | if (tag->t_flags & cpu_to_be16(JBD2_FLAG_LAST_TAG)) |
470decc6 DK |
200 | break; |
201 | } | |
202 | ||
203 | return nr; | |
204 | } | |
205 | ||
206 | ||
207 | /* Make sure we wrap around the log correctly! */ | |
208 | #define wrap(journal, var) \ | |
209 | do { \ | |
210 | if (var >= (journal)->j_last) \ | |
211 | var -= ((journal)->j_last - (journal)->j_first); \ | |
212 | } while (0) | |
213 | ||
214 | /** | |
f7f4bccb | 215 | * jbd2_journal_recover - recovers a on-disk journal |
470decc6 DK |
216 | * @journal: the journal to recover |
217 | * | |
218 | * The primary function for recovering the log contents when mounting a | |
219 | * journaled device. | |
220 | * | |
221 | * Recovery is done in three passes. In the first pass, we look for the | |
222 | * end of the log. In the second, we assemble the list of revoke | |
223 | * blocks. In the third and final pass, we replay any un-revoked blocks | |
224 | * in the log. | |
225 | */ | |
f7f4bccb | 226 | int jbd2_journal_recover(journal_t *journal) |
470decc6 | 227 | { |
44519faf | 228 | int err, err2; |
470decc6 DK |
229 | journal_superblock_t * sb; |
230 | ||
231 | struct recovery_info info; | |
232 | ||
233 | memset(&info, 0, sizeof(info)); | |
234 | sb = journal->j_superblock; | |
235 | ||
236 | /* | |
237 | * The journal superblock's s_start field (the current log head) | |
238 | * is always zero if, and only if, the journal was cleanly | |
239 | * unmounted. | |
240 | */ | |
241 | ||
242 | if (!sb->s_start) { | |
243 | jbd_debug(1, "No recovery required, last transaction %d\n", | |
244 | be32_to_cpu(sb->s_sequence)); | |
245 | journal->j_transaction_sequence = be32_to_cpu(sb->s_sequence) + 1; | |
246 | return 0; | |
247 | } | |
248 | ||
249 | err = do_one_pass(journal, &info, PASS_SCAN); | |
250 | if (!err) | |
251 | err = do_one_pass(journal, &info, PASS_REVOKE); | |
252 | if (!err) | |
253 | err = do_one_pass(journal, &info, PASS_REPLAY); | |
254 | ||
f2a44523 | 255 | jbd_debug(1, "JBD2: recovery, exit status %d, " |
470decc6 DK |
256 | "recovered transactions %u to %u\n", |
257 | err, info.start_transaction, info.end_transaction); | |
f2a44523 | 258 | jbd_debug(1, "JBD2: Replayed %d and revoked %d/%d blocks\n", |
470decc6 DK |
259 | info.nr_replays, info.nr_revoke_hits, info.nr_revokes); |
260 | ||
261 | /* Restart the log at the next transaction ID, thus invalidating | |
262 | * any existing commit records in the log. */ | |
263 | journal->j_transaction_sequence = ++info.end_transaction; | |
264 | ||
f7f4bccb | 265 | jbd2_journal_clear_revoke(journal); |
44519faf HK |
266 | err2 = sync_blockdev(journal->j_fs_dev); |
267 | if (!err) | |
268 | err = err2; | |
79feb521 JK |
269 | /* Make sure all replayed data is on permanent storage */ |
270 | if (journal->j_flags & JBD2_BARRIER) | |
271 | blkdev_issue_flush(journal->j_fs_dev, GFP_KERNEL, NULL); | |
470decc6 DK |
272 | return err; |
273 | } | |
274 | ||
275 | /** | |
f7f4bccb | 276 | * jbd2_journal_skip_recovery - Start journal and wipe exiting records |
470decc6 DK |
277 | * @journal: journal to startup |
278 | * | |
279 | * Locate any valid recovery information from the journal and set up the | |
280 | * journal structures in memory to ignore it (presumably because the | |
281 | * caller has evidence that it is out of date). | |
282 | * This function does'nt appear to be exorted.. | |
283 | * | |
284 | * We perform one pass over the journal to allow us to tell the user how | |
285 | * much recovery information is being erased, and to let us initialise | |
286 | * the journal transaction sequence numbers to the next unused ID. | |
287 | */ | |
f7f4bccb | 288 | int jbd2_journal_skip_recovery(journal_t *journal) |
470decc6 DK |
289 | { |
290 | int err; | |
470decc6 DK |
291 | |
292 | struct recovery_info info; | |
293 | ||
294 | memset (&info, 0, sizeof(info)); | |
470decc6 DK |
295 | |
296 | err = do_one_pass(journal, &info, PASS_SCAN); | |
297 | ||
298 | if (err) { | |
f2a44523 | 299 | printk(KERN_ERR "JBD2: error %d scanning journal\n", err); |
470decc6 DK |
300 | ++journal->j_transaction_sequence; |
301 | } else { | |
e23291b9 | 302 | #ifdef CONFIG_JBD2_DEBUG |
5a0790c2 AK |
303 | int dropped = info.end_transaction - |
304 | be32_to_cpu(journal->j_superblock->s_sequence); | |
b38bd33a | 305 | jbd_debug(1, |
f2a44523 | 306 | "JBD2: ignoring %d transaction%s from the journal.\n", |
470decc6 | 307 | dropped, (dropped == 1) ? "" : "s"); |
9a4f6271 | 308 | #endif |
470decc6 DK |
309 | journal->j_transaction_sequence = ++info.end_transaction; |
310 | } | |
311 | ||
312 | journal->j_tail = 0; | |
313 | return err; | |
314 | } | |
315 | ||
18eba7aa | 316 | static inline unsigned long long read_tag_block(int tag_bytes, journal_block_tag_t *tag) |
b517bea1 | 317 | { |
18eba7aa | 318 | unsigned long long block = be32_to_cpu(tag->t_blocknr); |
cd02ff0b | 319 | if (tag_bytes > JBD2_TAG_SIZE32) |
b517bea1 ZB |
320 | block |= (u64)be32_to_cpu(tag->t_blocknr_high) << 32; |
321 | return block; | |
322 | } | |
323 | ||
818d276c GS |
324 | /* |
325 | * calc_chksums calculates the checksums for the blocks described in the | |
326 | * descriptor block. | |
327 | */ | |
328 | static int calc_chksums(journal_t *journal, struct buffer_head *bh, | |
329 | unsigned long *next_log_block, __u32 *crc32_sum) | |
330 | { | |
331 | int i, num_blks, err; | |
332 | unsigned long io_block; | |
333 | struct buffer_head *obh; | |
334 | ||
335 | num_blks = count_tags(journal, bh); | |
336 | /* Calculate checksum of the descriptor block. */ | |
337 | *crc32_sum = crc32_be(*crc32_sum, (void *)bh->b_data, bh->b_size); | |
338 | ||
339 | for (i = 0; i < num_blks; i++) { | |
340 | io_block = (*next_log_block)++; | |
341 | wrap(journal, *next_log_block); | |
342 | err = jread(&obh, journal, io_block); | |
343 | if (err) { | |
f2a44523 | 344 | printk(KERN_ERR "JBD2: IO error %d recovering block " |
818d276c GS |
345 | "%lu in log\n", err, io_block); |
346 | return 1; | |
347 | } else { | |
348 | *crc32_sum = crc32_be(*crc32_sum, (void *)obh->b_data, | |
349 | obh->b_size); | |
350 | } | |
8ea76900 | 351 | put_bh(obh); |
818d276c GS |
352 | } |
353 | return 0; | |
354 | } | |
355 | ||
470decc6 DK |
356 | static int do_one_pass(journal_t *journal, |
357 | struct recovery_info *info, enum passtype pass) | |
358 | { | |
359 | unsigned int first_commit_ID, next_commit_ID; | |
360 | unsigned long next_log_block; | |
361 | int err, success = 0; | |
362 | journal_superblock_t * sb; | |
363 | journal_header_t * tmp; | |
364 | struct buffer_head * bh; | |
365 | unsigned int sequence; | |
366 | int blocktype; | |
b517bea1 | 367 | int tag_bytes = journal_tag_bytes(journal); |
818d276c | 368 | __u32 crc32_sum = ~0; /* Transactional Checksums */ |
470decc6 | 369 | |
470decc6 DK |
370 | /* |
371 | * First thing is to establish what we expect to find in the log | |
372 | * (in terms of transaction IDs), and where (in terms of log | |
373 | * block offsets): query the superblock. | |
374 | */ | |
375 | ||
376 | sb = journal->j_superblock; | |
377 | next_commit_ID = be32_to_cpu(sb->s_sequence); | |
378 | next_log_block = be32_to_cpu(sb->s_start); | |
379 | ||
380 | first_commit_ID = next_commit_ID; | |
381 | if (pass == PASS_SCAN) | |
382 | info->start_transaction = first_commit_ID; | |
383 | ||
384 | jbd_debug(1, "Starting recovery pass %d\n", pass); | |
385 | ||
386 | /* | |
387 | * Now we walk through the log, transaction by transaction, | |
388 | * making sure that each transaction has a commit block in the | |
389 | * expected place. Each complete transaction gets replayed back | |
390 | * into the main filesystem. | |
391 | */ | |
392 | ||
393 | while (1) { | |
394 | int flags; | |
395 | char * tagp; | |
396 | journal_block_tag_t * tag; | |
397 | struct buffer_head * obh; | |
398 | struct buffer_head * nbh; | |
399 | ||
e86e1438 | 400 | cond_resched(); |
470decc6 DK |
401 | |
402 | /* If we already know where to stop the log traversal, | |
403 | * check right now that we haven't gone past the end of | |
404 | * the log. */ | |
405 | ||
406 | if (pass != PASS_SCAN) | |
407 | if (tid_geq(next_commit_ID, info->end_transaction)) | |
408 | break; | |
409 | ||
410 | jbd_debug(2, "Scanning for sequence ID %u at %lu/%lu\n", | |
411 | next_commit_ID, next_log_block, journal->j_last); | |
412 | ||
413 | /* Skip over each chunk of the transaction looking | |
414 | * either the next descriptor block or the final commit | |
415 | * record. */ | |
416 | ||
f2a44523 | 417 | jbd_debug(3, "JBD2: checking block %ld\n", next_log_block); |
470decc6 DK |
418 | err = jread(&bh, journal, next_log_block); |
419 | if (err) | |
420 | goto failed; | |
421 | ||
422 | next_log_block++; | |
423 | wrap(journal, next_log_block); | |
424 | ||
425 | /* What kind of buffer is it? | |
426 | * | |
427 | * If it is a descriptor block, check that it has the | |
428 | * expected sequence number. Otherwise, we're all done | |
429 | * here. */ | |
430 | ||
431 | tmp = (journal_header_t *)bh->b_data; | |
432 | ||
f7f4bccb | 433 | if (tmp->h_magic != cpu_to_be32(JBD2_MAGIC_NUMBER)) { |
470decc6 DK |
434 | brelse(bh); |
435 | break; | |
436 | } | |
437 | ||
438 | blocktype = be32_to_cpu(tmp->h_blocktype); | |
439 | sequence = be32_to_cpu(tmp->h_sequence); | |
440 | jbd_debug(3, "Found magic %d, sequence %d\n", | |
441 | blocktype, sequence); | |
442 | ||
443 | if (sequence != next_commit_ID) { | |
444 | brelse(bh); | |
445 | break; | |
446 | } | |
447 | ||
448 | /* OK, we have a valid descriptor block which matches | |
449 | * all of the sequence number checks. What are we going | |
450 | * to do with it? That depends on the pass... */ | |
451 | ||
452 | switch(blocktype) { | |
f7f4bccb | 453 | case JBD2_DESCRIPTOR_BLOCK: |
470decc6 | 454 | /* If it is a valid descriptor block, replay it |
818d276c GS |
455 | * in pass REPLAY; if journal_checksums enabled, then |
456 | * calculate checksums in PASS_SCAN, otherwise, | |
457 | * just skip over the blocks it describes. */ | |
470decc6 | 458 | if (pass != PASS_REPLAY) { |
818d276c GS |
459 | if (pass == PASS_SCAN && |
460 | JBD2_HAS_COMPAT_FEATURE(journal, | |
461 | JBD2_FEATURE_COMPAT_CHECKSUM) && | |
462 | !info->end_transaction) { | |
463 | if (calc_chksums(journal, bh, | |
464 | &next_log_block, | |
465 | &crc32_sum)) { | |
466 | put_bh(bh); | |
467 | break; | |
468 | } | |
469 | put_bh(bh); | |
470 | continue; | |
471 | } | |
b517bea1 | 472 | next_log_block += count_tags(journal, bh); |
470decc6 | 473 | wrap(journal, next_log_block); |
818d276c | 474 | put_bh(bh); |
470decc6 DK |
475 | continue; |
476 | } | |
477 | ||
478 | /* A descriptor block: we can now write all of | |
479 | * the data blocks. Yay, useful work is finally | |
480 | * getting done here! */ | |
481 | ||
482 | tagp = &bh->b_data[sizeof(journal_header_t)]; | |
b517bea1 | 483 | while ((tagp - bh->b_data + tag_bytes) |
470decc6 DK |
484 | <= journal->j_blocksize) { |
485 | unsigned long io_block; | |
486 | ||
487 | tag = (journal_block_tag_t *) tagp; | |
8f888ef8 | 488 | flags = be16_to_cpu(tag->t_flags); |
470decc6 DK |
489 | |
490 | io_block = next_log_block++; | |
491 | wrap(journal, next_log_block); | |
492 | err = jread(&obh, journal, io_block); | |
493 | if (err) { | |
494 | /* Recover what we can, but | |
495 | * report failure at the end. */ | |
496 | success = err; | |
f2a44523 EG |
497 | printk(KERN_ERR |
498 | "JBD2: IO error %d recovering " | |
470decc6 DK |
499 | "block %ld in log\n", |
500 | err, io_block); | |
501 | } else { | |
18eba7aa | 502 | unsigned long long blocknr; |
470decc6 DK |
503 | |
504 | J_ASSERT(obh != NULL); | |
b517bea1 ZB |
505 | blocknr = read_tag_block(tag_bytes, |
506 | tag); | |
470decc6 DK |
507 | |
508 | /* If the block has been | |
509 | * revoked, then we're all done | |
510 | * here. */ | |
f7f4bccb | 511 | if (jbd2_journal_test_revoke |
470decc6 DK |
512 | (journal, blocknr, |
513 | next_commit_ID)) { | |
514 | brelse(obh); | |
515 | ++info->nr_revoke_hits; | |
516 | goto skip_write; | |
517 | } | |
518 | ||
519 | /* Find a buffer for the new | |
520 | * data being restored */ | |
521 | nbh = __getblk(journal->j_fs_dev, | |
522 | blocknr, | |
523 | journal->j_blocksize); | |
524 | if (nbh == NULL) { | |
525 | printk(KERN_ERR | |
f2a44523 | 526 | "JBD2: Out of memory " |
470decc6 DK |
527 | "during recovery.\n"); |
528 | err = -ENOMEM; | |
529 | brelse(bh); | |
530 | brelse(obh); | |
531 | goto failed; | |
532 | } | |
533 | ||
534 | lock_buffer(nbh); | |
535 | memcpy(nbh->b_data, obh->b_data, | |
536 | journal->j_blocksize); | |
f7f4bccb | 537 | if (flags & JBD2_FLAG_ESCAPE) { |
d0025676 | 538 | *((__be32 *)nbh->b_data) = |
f7f4bccb | 539 | cpu_to_be32(JBD2_MAGIC_NUMBER); |
470decc6 DK |
540 | } |
541 | ||
542 | BUFFER_TRACE(nbh, "marking dirty"); | |
543 | set_buffer_uptodate(nbh); | |
544 | mark_buffer_dirty(nbh); | |
545 | BUFFER_TRACE(nbh, "marking uptodate"); | |
546 | ++info->nr_replays; | |
547 | /* ll_rw_block(WRITE, 1, &nbh); */ | |
548 | unlock_buffer(nbh); | |
549 | brelse(obh); | |
550 | brelse(nbh); | |
551 | } | |
552 | ||
553 | skip_write: | |
b517bea1 | 554 | tagp += tag_bytes; |
f7f4bccb | 555 | if (!(flags & JBD2_FLAG_SAME_UUID)) |
470decc6 DK |
556 | tagp += 16; |
557 | ||
f7f4bccb | 558 | if (flags & JBD2_FLAG_LAST_TAG) |
470decc6 DK |
559 | break; |
560 | } | |
561 | ||
562 | brelse(bh); | |
563 | continue; | |
564 | ||
f7f4bccb | 565 | case JBD2_COMMIT_BLOCK: |
818d276c GS |
566 | /* How to differentiate between interrupted commit |
567 | * and journal corruption ? | |
568 | * | |
569 | * {nth transaction} | |
570 | * Checksum Verification Failed | |
571 | * | | |
572 | * ____________________ | |
573 | * | | | |
574 | * async_commit sync_commit | |
575 | * | | | |
576 | * | GO TO NEXT "Journal Corruption" | |
577 | * | TRANSACTION | |
578 | * | | |
579 | * {(n+1)th transanction} | |
580 | * | | |
581 | * _______|______________ | |
582 | * | | | |
583 | * Commit block found Commit block not found | |
584 | * | | | |
585 | * "Journal Corruption" | | |
586 | * _____________|_________ | |
587 | * | | | |
588 | * nth trans corrupt OR nth trans | |
589 | * and (n+1)th interrupted interrupted | |
590 | * before commit block | |
591 | * could reach the disk. | |
592 | * (Cannot find the difference in above | |
593 | * mentioned conditions. Hence assume | |
594 | * "Interrupted Commit".) | |
595 | */ | |
596 | ||
597 | /* Found an expected commit block: if checksums | |
598 | * are present verify them in PASS_SCAN; else not | |
599 | * much to do other than move on to the next sequence | |
470decc6 | 600 | * number. */ |
818d276c GS |
601 | if (pass == PASS_SCAN && |
602 | JBD2_HAS_COMPAT_FEATURE(journal, | |
603 | JBD2_FEATURE_COMPAT_CHECKSUM)) { | |
604 | int chksum_err, chksum_seen; | |
605 | struct commit_header *cbh = | |
606 | (struct commit_header *)bh->b_data; | |
607 | unsigned found_chksum = | |
608 | be32_to_cpu(cbh->h_chksum[0]); | |
609 | ||
610 | chksum_err = chksum_seen = 0; | |
611 | ||
612 | if (info->end_transaction) { | |
624080ed TT |
613 | journal->j_failed_commit = |
614 | info->end_transaction; | |
818d276c GS |
615 | brelse(bh); |
616 | break; | |
617 | } | |
618 | ||
619 | if (crc32_sum == found_chksum && | |
620 | cbh->h_chksum_type == JBD2_CRC32_CHKSUM && | |
621 | cbh->h_chksum_size == | |
622 | JBD2_CRC32_CHKSUM_SIZE) | |
623 | chksum_seen = 1; | |
624 | else if (!(cbh->h_chksum_type == 0 && | |
625 | cbh->h_chksum_size == 0 && | |
626 | found_chksum == 0 && | |
627 | !chksum_seen)) | |
628 | /* | |
629 | * If fs is mounted using an old kernel and then | |
630 | * kernel with journal_chksum is used then we | |
631 | * get a situation where the journal flag has | |
632 | * checksum flag set but checksums are not | |
633 | * present i.e chksum = 0, in the individual | |
634 | * commit blocks. | |
635 | * Hence to avoid checksum failures, in this | |
636 | * situation, this extra check is added. | |
637 | */ | |
638 | chksum_err = 1; | |
639 | ||
640 | if (chksum_err) { | |
641 | info->end_transaction = next_commit_ID; | |
642 | ||
4d605179 | 643 | if (!JBD2_HAS_INCOMPAT_FEATURE(journal, |
818d276c | 644 | JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT)){ |
624080ed TT |
645 | journal->j_failed_commit = |
646 | next_commit_ID; | |
818d276c GS |
647 | brelse(bh); |
648 | break; | |
649 | } | |
650 | } | |
651 | crc32_sum = ~0; | |
652 | } | |
470decc6 DK |
653 | brelse(bh); |
654 | next_commit_ID++; | |
655 | continue; | |
656 | ||
f7f4bccb | 657 | case JBD2_REVOKE_BLOCK: |
470decc6 DK |
658 | /* If we aren't in the REVOKE pass, then we can |
659 | * just skip over this block. */ | |
660 | if (pass != PASS_REVOKE) { | |
661 | brelse(bh); | |
662 | continue; | |
663 | } | |
664 | ||
665 | err = scan_revoke_records(journal, bh, | |
666 | next_commit_ID, info); | |
667 | brelse(bh); | |
668 | if (err) | |
669 | goto failed; | |
670 | continue; | |
671 | ||
672 | default: | |
673 | jbd_debug(3, "Unrecognised magic %d, end of scan.\n", | |
674 | blocktype); | |
675 | brelse(bh); | |
676 | goto done; | |
677 | } | |
678 | } | |
679 | ||
680 | done: | |
681 | /* | |
682 | * We broke out of the log scan loop: either we came to the | |
683 | * known end of the log or we found an unexpected block in the | |
684 | * log. If the latter happened, then we know that the "current" | |
685 | * transaction marks the end of the valid log. | |
686 | */ | |
687 | ||
818d276c GS |
688 | if (pass == PASS_SCAN) { |
689 | if (!info->end_transaction) | |
690 | info->end_transaction = next_commit_ID; | |
691 | } else { | |
470decc6 DK |
692 | /* It's really bad news if different passes end up at |
693 | * different places (but possible due to IO errors). */ | |
694 | if (info->end_transaction != next_commit_ID) { | |
f2a44523 | 695 | printk(KERN_ERR "JBD2: recovery pass %d ended at " |
470decc6 DK |
696 | "transaction %u, expected %u\n", |
697 | pass, next_commit_ID, info->end_transaction); | |
698 | if (!success) | |
699 | success = -EIO; | |
700 | } | |
701 | } | |
702 | ||
703 | return success; | |
704 | ||
705 | failed: | |
706 | return err; | |
707 | } | |
708 | ||
42a7106d DW |
709 | static int jbd2_revoke_block_csum_verify(journal_t *j, |
710 | void *buf) | |
711 | { | |
712 | struct jbd2_journal_revoke_tail *tail; | |
713 | __u32 provided, calculated; | |
714 | ||
715 | if (!JBD2_HAS_INCOMPAT_FEATURE(j, JBD2_FEATURE_INCOMPAT_CSUM_V2)) | |
716 | return 1; | |
717 | ||
718 | tail = (struct jbd2_journal_revoke_tail *)(buf + j->j_blocksize - | |
719 | sizeof(struct jbd2_journal_revoke_tail)); | |
720 | provided = tail->r_checksum; | |
721 | tail->r_checksum = 0; | |
722 | calculated = jbd2_chksum(j, j->j_csum_seed, buf, j->j_blocksize); | |
723 | tail->r_checksum = provided; | |
724 | ||
725 | provided = be32_to_cpu(provided); | |
726 | return provided == calculated; | |
727 | } | |
470decc6 DK |
728 | |
729 | /* Scan a revoke record, marking all blocks mentioned as revoked. */ | |
730 | ||
731 | static int scan_revoke_records(journal_t *journal, struct buffer_head *bh, | |
732 | tid_t sequence, struct recovery_info *info) | |
733 | { | |
f7f4bccb | 734 | jbd2_journal_revoke_header_t *header; |
470decc6 | 735 | int offset, max; |
b517bea1 | 736 | int record_len = 4; |
470decc6 | 737 | |
f7f4bccb MC |
738 | header = (jbd2_journal_revoke_header_t *) bh->b_data; |
739 | offset = sizeof(jbd2_journal_revoke_header_t); | |
470decc6 DK |
740 | max = be32_to_cpu(header->r_count); |
741 | ||
42a7106d DW |
742 | if (!jbd2_revoke_block_csum_verify(journal, header)) |
743 | return -EINVAL; | |
744 | ||
b517bea1 ZB |
745 | if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_64BIT)) |
746 | record_len = 8; | |
747 | ||
748 | while (offset + record_len <= max) { | |
18eba7aa | 749 | unsigned long long blocknr; |
470decc6 DK |
750 | int err; |
751 | ||
b517bea1 ZB |
752 | if (record_len == 4) |
753 | blocknr = be32_to_cpu(* ((__be32 *) (bh->b_data+offset))); | |
754 | else | |
755 | blocknr = be64_to_cpu(* ((__be64 *) (bh->b_data+offset))); | |
756 | offset += record_len; | |
f7f4bccb | 757 | err = jbd2_journal_set_revoke(journal, blocknr, sequence); |
470decc6 DK |
758 | if (err) |
759 | return err; | |
760 | ++info->nr_revokes; | |
761 | } | |
762 | return 0; | |
763 | } |