// SPDX-License-Identifier: GPL-2.0 /* * Copyright (c) 2000-2006 Silicon Graphics, Inc. * All Rights Reserved. */ #include <linux/iversion.h> #include "xfs.h" #include "xfs_fs.h" #include "xfs_shared.h" #include "xfs_format.h" #include "xfs_log_format.h" #include "xfs_trans_resv.h" #include "xfs_mount.h" #include "xfs_defer.h" #include "xfs_inode.h" #include "xfs_dir2.h" #include "xfs_attr.h" #include "xfs_bit.h" #include "xfs_trans_space.h" #include "xfs_trans.h" #include "xfs_buf_item.h" #include "xfs_inode_item.h" #include "xfs_iunlink_item.h" #include "xfs_ialloc.h" #include "xfs_bmap.h" #include "xfs_bmap_util.h" #include "xfs_errortag.h" #include "xfs_error.h" #include "xfs_quota.h" #include "xfs_filestream.h" #include "xfs_trace.h" #include "xfs_icache.h" #include "xfs_symlink.h" #include "xfs_trans_priv.h" #include "xfs_log.h" #include "xfs_bmap_btree.h" #include "xfs_reflink.h" #include "xfs_ag.h" #include "xfs_log_priv.h" #include "xfs_health.h" #include "xfs_pnfs.h" #include "xfs_parent.h" #include "xfs_xattr.h" #include "xfs_inode_util.h" struct kmem_cache *xfs_inode_cache; /* * These two are wrapper routines around the xfs_ilock() routine used to * centralize some grungy code. They are used in places that wish to lock the * inode solely for reading the extents. The reason these places can't just * call xfs_ilock(ip, XFS_ILOCK_SHARED) is that the inode lock also guards to * bringing in of the extents from disk for a file in b-tree format. If the * inode is in b-tree format, then we need to lock the inode exclusively until * the extents are read in. Locking it exclusively all the time would limit * our parallelism unnecessarily, though. What we do instead is check to see * if the extents have been read in yet, and only lock the inode exclusively * if they have not. * * The functions return a value which should be given to the corresponding * xfs_iunlock() call. */ uint xfs_ilock_data_map_shared( struct xfs_inode *ip) { … } uint xfs_ilock_attr_map_shared( struct xfs_inode *ip) { … } /* * You can't set both SHARED and EXCL for the same lock, * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_MMAPLOCK_SHARED, * XFS_MMAPLOCK_EXCL, XFS_ILOCK_SHARED, XFS_ILOCK_EXCL are valid values * to set in lock_flags. */ static inline void xfs_lock_flags_assert( uint lock_flags) { … } /* * In addition to i_rwsem in the VFS inode, the xfs inode contains 2 * multi-reader locks: invalidate_lock and the i_lock. This routine allows * various combinations of the locks to be obtained. * * The 3 locks should always be ordered so that the IO lock is obtained first, * the mmap lock second and the ilock last in order to prevent deadlock. * * Basic locking order: * * i_rwsem -> invalidate_lock -> page_lock -> i_ilock * * mmap_lock locking order: * * i_rwsem -> page lock -> mmap_lock * mmap_lock -> invalidate_lock -> page_lock * * The difference in mmap_lock locking order mean that we cannot hold the * invalidate_lock over syscall based read(2)/write(2) based IO. These IO paths * can fault in pages during copy in/out (for buffered IO) or require the * mmap_lock in get_user_pages() to map the user pages into the kernel address * space for direct IO. Similarly the i_rwsem cannot be taken inside a page * fault because page faults already hold the mmap_lock. * * Hence to serialise fully against both syscall and mmap based IO, we need to * take both the i_rwsem and the invalidate_lock. These locks should *only* be * both taken in places where we need to invalidate the page cache in a race * free manner (e.g. truncate, hole punch and other extent manipulation * functions). */ void xfs_ilock( xfs_inode_t *ip, uint lock_flags) { … } /* * This is just like xfs_ilock(), except that the caller * is guaranteed not to sleep. It returns 1 if it gets * the requested locks and 0 otherwise. If the IO lock is * obtained but the inode lock cannot be, then the IO lock * is dropped before returning. * * ip -- the inode being locked * lock_flags -- this parameter indicates the inode's locks to be * to be locked. See the comment for xfs_ilock() for a list * of valid values. */ int xfs_ilock_nowait( xfs_inode_t *ip, uint lock_flags) { … } /* * xfs_iunlock() is used to drop the inode locks acquired with * xfs_ilock() and xfs_ilock_nowait(). The caller must pass * in the flags given to xfs_ilock() or xfs_ilock_nowait() so * that we know which locks to drop. * * ip -- the inode being unlocked * lock_flags -- this parameter indicates the inode's locks to be * to be unlocked. See the comment for xfs_ilock() for a list * of valid values for this parameter. * */ void xfs_iunlock( xfs_inode_t *ip, uint lock_flags) { … } /* * give up write locks. the i/o lock cannot be held nested * if it is being demoted. */ void xfs_ilock_demote( xfs_inode_t *ip, uint lock_flags) { … } void xfs_assert_ilocked( struct xfs_inode *ip, uint lock_flags) { … } /* * xfs_lockdep_subclass_ok() is only used in an ASSERT, so is only called when * DEBUG or XFS_WARN is set. And MAX_LOCKDEP_SUBCLASSES is then only defined * when CONFIG_LOCKDEP is set. Hence the complex define below to avoid build * errors and warnings. */ #if (defined(DEBUG) || defined(XFS_WARN)) && defined(CONFIG_LOCKDEP) static bool xfs_lockdep_subclass_ok( int subclass) { … } #else #define xfs_lockdep_subclass_ok … #endif /* * Bump the subclass so xfs_lock_inodes() acquires each lock with a different * value. This can be called for any type of inode lock combination, including * parent locking. Care must be taken to ensure we don't overrun the subclass * storage fields in the class mask we build. */ static inline uint xfs_lock_inumorder( uint lock_mode, uint subclass) { … } /* * The following routine will lock n inodes in exclusive mode. We assume the * caller calls us with the inodes in i_ino order. * * We need to detect deadlock where an inode that we lock is in the AIL and we * start waiting for another inode that is locked by a thread in a long running * transaction (such as truncate). This can result in deadlock since the long * running trans might need to wait for the inode we just locked in order to * push the tail and free space in the log. * * xfs_lock_inodes() can only be used to lock one type of lock at a time - * the iolock, the mmaplock or the ilock, but not more than one at a time. If we * lock more than one at a time, lockdep will report false positives saying we * have violated locking orders. */ void xfs_lock_inodes( struct xfs_inode **ips, int inodes, uint lock_mode) { … } /* * xfs_lock_two_inodes() can only be used to lock ilock. The iolock and * mmaplock must be double-locked separately since we use i_rwsem and * invalidate_lock for that. We now support taking one lock EXCL and the * other SHARED. */ void xfs_lock_two_inodes( struct xfs_inode *ip0, uint ip0_mode, struct xfs_inode *ip1, uint ip1_mode) { … } /* * Lookups up an inode from "name". If ci_name is not NULL, then a CI match * is allowed, otherwise it has to be an exact match. If a CI match is found, * ci_name->name will point to a the actual name (caller must free) or * will be set to NULL if an exact match is found. */ int xfs_lookup( struct xfs_inode *dp, const struct xfs_name *name, struct xfs_inode **ipp, struct xfs_name *ci_name) { … } /* * Initialise a newly allocated inode and return the in-core inode to the * caller locked exclusively. * * Caller is responsible for unlocking the inode manually upon return */ int xfs_icreate( struct xfs_trans *tp, xfs_ino_t ino, const struct xfs_icreate_args *args, struct xfs_inode **ipp) { … } /* Return dquots for the ids that will be assigned to a new file. */ int xfs_icreate_dqalloc( const struct xfs_icreate_args *args, struct xfs_dquot **udqpp, struct xfs_dquot **gdqpp, struct xfs_dquot **pdqpp) { … } int xfs_create( const struct xfs_icreate_args *args, struct xfs_name *name, struct xfs_inode **ipp) { … } int xfs_create_tmpfile( const struct xfs_icreate_args *args, struct xfs_inode **ipp) { … } int xfs_link( struct xfs_inode *tdp, struct xfs_inode *sip, struct xfs_name *target_name) { … } /* Clear the reflink flag and the cowblocks tag if possible. */ static void xfs_itruncate_clear_reflink_flags( struct xfs_inode *ip) { … } /* * Free up the underlying blocks past new_size. The new size must be smaller * than the current size. This routine can be used both for the attribute and * data fork, and does not modify the inode size, which is left to the caller. * * The transaction passed to this routine must have made a permanent log * reservation of at least XFS_ITRUNCATE_LOG_RES. This routine may commit the * given transaction and start new ones, so make sure everything involved in * the transaction is tidy before calling here. Some transaction will be * returned to the caller to be committed. The incoming transaction must * already include the inode, and both inode locks must be held exclusively. * The inode must also be "held" within the transaction. On return the inode * will be "held" within the returned transaction. This routine does NOT * require any disk space to be reserved for it within the transaction. * * If we get an error, we must return with the inode locked and linked into the * current transaction. This keeps things simple for the higher level code, * because it always knows that the inode is locked and held in the transaction * that returns to it whether errors occur or not. We don't mark the inode * dirty on error so that transactions can be easily aborted if possible. */ int xfs_itruncate_extents_flags( struct xfs_trans **tpp, struct xfs_inode *ip, int whichfork, xfs_fsize_t new_size, int flags) { … } /* * Mark all the buffers attached to this directory stale. In theory we should * never be freeing a directory with any blocks at all, but this covers the * case where we've recovered a directory swap with a "temporary" directory * created by online repair and now need to dump it. */ STATIC void xfs_inactive_dir( struct xfs_inode *dp) { … } /* * xfs_inactive_truncate * * Called to perform a truncate when an inode becomes unlinked. */ STATIC int xfs_inactive_truncate( struct xfs_inode *ip) { … } /* * xfs_inactive_ifree() * * Perform the inode free when an inode is unlinked. */ STATIC int xfs_inactive_ifree( struct xfs_inode *ip) { … } /* * Returns true if we need to update the on-disk metadata before we can free * the memory used by this inode. Updates include freeing post-eof * preallocations; freeing COW staging extents; and marking the inode free in * the inobt if it is on the unlinked list. */ bool xfs_inode_needs_inactive( struct xfs_inode *ip) { … } /* * Save health status somewhere, if we're dumping an inode with uncorrected * errors and online repair isn't running. */ static inline void xfs_inactive_health( struct xfs_inode *ip) { … } /* * xfs_inactive * * This is called when the vnode reference count for the vnode * goes to zero. If the file has been unlinked, then it must * now be truncated. Also, we clear all of the read-ahead state * kept for the inode here since the file is now closed. */ int xfs_inactive( xfs_inode_t *ip) { … } /* * Find an inode on the unlinked list. This does not take references to the * inode as we have existence guarantees by holding the AGI buffer lock and that * only unlinked, referenced inodes can be on the unlinked inode list. If we * don't find the inode in cache, then let the caller handle the situation. */ struct xfs_inode * xfs_iunlink_lookup( struct xfs_perag *pag, xfs_agino_t agino) { … } /* * Load the inode @next_agino into the cache and set its prev_unlinked pointer * to @prev_agino. Caller must hold the AGI to synchronize with other changes * to the unlinked list. */ int xfs_iunlink_reload_next( struct xfs_trans *tp, struct xfs_buf *agibp, xfs_agino_t prev_agino, xfs_agino_t next_agino) { … } /* * Look up the inode number specified and if it is not already marked XFS_ISTALE * mark it stale. We should only find clean inodes in this lookup that aren't * already stale. */ static void xfs_ifree_mark_inode_stale( struct xfs_perag *pag, struct xfs_inode *free_ip, xfs_ino_t inum) { … } /* * A big issue when freeing the inode cluster is that we _cannot_ skip any * inodes that are in memory - they all must be marked stale and attached to * the cluster buffer. */ static int xfs_ifree_cluster( struct xfs_trans *tp, struct xfs_perag *pag, struct xfs_inode *free_ip, struct xfs_icluster *xic) { … } /* * This is called to return an inode to the inode free list. The inode should * already be truncated to 0 length and have no pages associated with it. This * routine also assumes that the inode is already a part of the transaction. * * The on-disk copy of the inode will have been added to the list of unlinked * inodes in the AGI. We need to remove the inode from that list atomically with * respect to freeing it here. */ int xfs_ifree( struct xfs_trans *tp, struct xfs_inode *ip) { … } /* * This is called to unpin an inode. The caller must have the inode locked * in at least shared mode so that the buffer cannot be subsequently pinned * once someone is waiting for it to be unpinned. */ static void xfs_iunpin( struct xfs_inode *ip) { … } static void __xfs_iunpin_wait( struct xfs_inode *ip) { … } void xfs_iunpin_wait( struct xfs_inode *ip) { … } /* * Removing an inode from the namespace involves removing the directory entry * and dropping the link count on the inode. Removing the directory entry can * result in locking an AGF (directory blocks were freed) and removing a link * count can result in placing the inode on an unlinked list which results in * locking an AGI. * * The big problem here is that we have an ordering constraint on AGF and AGI * locking - inode allocation locks the AGI, then can allocate a new extent for * new inodes, locking the AGF after the AGI. Similarly, freeing the inode * removes the inode from the unlinked list, requiring that we lock the AGI * first, and then freeing the inode can result in an inode chunk being freed * and hence freeing disk space requiring that we lock an AGF. * * Hence the ordering that is imposed by other parts of the code is AGI before * AGF. This means we cannot remove the directory entry before we drop the inode * reference count and put it on the unlinked list as this results in a lock * order of AGF then AGI, and this can deadlock against inode allocation and * freeing. Therefore we must drop the link counts before we remove the * directory entry. * * This is still safe from a transactional point of view - it is not until we * get to xfs_defer_finish() that we have the possibility of multiple * transactions in this operation. Hence as long as we remove the directory * entry and drop the link count in the first transaction of the remove * operation, there are no transactional constraints on the ordering here. */ int xfs_remove( struct xfs_inode *dp, struct xfs_name *name, struct xfs_inode *ip) { … } static inline void xfs_iunlock_rename( struct xfs_inode **i_tab, int num_inodes) { … } /* * Enter all inodes for a rename transaction into a sorted array. */ #define __XFS_SORT_INODES … STATIC void xfs_sort_for_rename( struct xfs_inode *dp1, /* in: old (source) directory inode */ struct xfs_inode *dp2, /* in: new (target) directory inode */ struct xfs_inode *ip1, /* in: inode of old entry */ struct xfs_inode *ip2, /* in: inode of new entry */ struct xfs_inode *wip, /* in: whiteout inode */ struct xfs_inode **i_tab,/* out: sorted array of inodes */ int *num_inodes) /* in/out: inodes in array */ { … } void xfs_sort_inodes( struct xfs_inode **i_tab, unsigned int num_inodes) { … } /* * xfs_rename_alloc_whiteout() * * Return a referenced, unlinked, unlocked inode that can be used as a * whiteout in a rename transaction. We use a tmpfile inode here so that if we * crash between allocating the inode and linking it into the rename transaction * recovery will free the inode and we won't leak it. */ static int xfs_rename_alloc_whiteout( struct mnt_idmap *idmap, struct xfs_name *src_name, struct xfs_inode *dp, struct xfs_inode **wip) { … } /* * xfs_rename */ int xfs_rename( struct mnt_idmap *idmap, struct xfs_inode *src_dp, struct xfs_name *src_name, struct xfs_inode *src_ip, struct xfs_inode *target_dp, struct xfs_name *target_name, struct xfs_inode *target_ip, unsigned int flags) { … } static int xfs_iflush( struct xfs_inode *ip, struct xfs_buf *bp) { … } /* * Non-blocking flush of dirty inode metadata into the backing buffer. * * The caller must have a reference to the inode and hold the cluster buffer * locked. The function will walk across all the inodes on the cluster buffer it * can find and lock without blocking, and flush them to the cluster buffer. * * On successful flushing of at least one inode, the caller must write out the * buffer and release it. If no inodes are flushed, -EAGAIN will be returned and * the caller needs to release the buffer. On failure, the filesystem will be * shut down, the buffer will have been unlocked and released, and EFSCORRUPTED * will be returned. */ int xfs_iflush_cluster( struct xfs_buf *bp) { … } /* Release an inode. */ void xfs_irele( struct xfs_inode *ip) { … } /* * Ensure all commited transactions touching the inode are written to the log. */ int xfs_log_force_inode( struct xfs_inode *ip) { … } /* * Grab the exclusive iolock for a data copy from src to dest, making sure to * abide vfs locking order (lowest pointer value goes first) and breaking the * layout leases before proceeding. The loop is needed because we cannot call * the blocking break_layout() with the iolocks held, and therefore have to * back out both locks. */ static int xfs_iolock_two_inodes_and_break_layout( struct inode *src, struct inode *dest) { … } static int xfs_mmaplock_two_inodes_and_break_dax_layout( struct xfs_inode *ip1, struct xfs_inode *ip2) { … } /* * Lock two inodes so that userspace cannot initiate I/O via file syscalls or * mmap activity. */ int xfs_ilock2_io_mmap( struct xfs_inode *ip1, struct xfs_inode *ip2) { … } /* Unlock both inodes to allow IO and mmap activity. */ void xfs_iunlock2_io_mmap( struct xfs_inode *ip1, struct xfs_inode *ip2) { … } /* Drop the MMAPLOCK and the IOLOCK after a remap completes. */ void xfs_iunlock2_remapping( struct xfs_inode *ip1, struct xfs_inode *ip2) { … } /* * Reload the incore inode list for this inode. Caller should ensure that * the link count cannot change, either by taking ILOCK_SHARED or otherwise * preventing other threads from executing. */ int xfs_inode_reload_unlinked_bucket( struct xfs_trans *tp, struct xfs_inode *ip) { … } /* Decide if this inode is missing its unlinked list and reload it. */ int xfs_inode_reload_unlinked( struct xfs_inode *ip) { … } /* Has this inode fork been zapped by repair? */ bool xfs_ifork_zapped( const struct xfs_inode *ip, int whichfork) { … } /* Compute the number of data and realtime blocks used by a file. */ void xfs_inode_count_blocks( struct xfs_trans *tp, struct xfs_inode *ip, xfs_filblks_t *dblocks, xfs_filblks_t *rblocks) { … } static void xfs_wait_dax_page( struct inode *inode) { … } int xfs_break_dax_layouts( struct inode *inode, bool *retry) { … } int xfs_break_layouts( struct inode *inode, uint *iolock, enum layout_break_reason reason) { … } /* Returns the size of fundamental allocation unit for a file, in bytes. */ unsigned int xfs_inode_alloc_unitsize( struct xfs_inode *ip) { … } /* Should we always be using copy on write for file writes? */ bool xfs_is_always_cow_inode( struct xfs_inode *ip) { … }