2006-01-16 16:50:04 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
|
2007-12-12 00:49:21 +00:00
|
|
|
* Copyright (C) 2004-2007 Red Hat, Inc. All rights reserved.
|
2006-01-16 16:50:04 +00:00
|
|
|
*
|
|
|
|
* This copyrighted material is made available to anyone wishing to use,
|
|
|
|
* modify, copy, or redistribute it subject to the terms and conditions
|
2006-09-01 15:05:15 +00:00
|
|
|
* of the GNU General Public License version 2.
|
2006-01-16 16:50:04 +00:00
|
|
|
*/
|
|
|
|
|
2014-03-06 20:10:45 +00:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
#include <linux/bio.h>
|
2017-02-02 18:15:33 +00:00
|
|
|
#include <linux/sched/signal.h>
|
2006-01-16 16:50:04 +00:00
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
#include <linux/completion.h>
|
|
|
|
#include <linux/buffer_head.h>
|
2009-05-22 09:36:01 +00:00
|
|
|
#include <linux/statfs.h>
|
|
|
|
#include <linux/seq_file.h>
|
|
|
|
#include <linux/mount.h>
|
|
|
|
#include <linux/kthread.h>
|
|
|
|
#include <linux/delay.h>
|
2006-02-27 22:23:27 +00:00
|
|
|
#include <linux/gfs2_ondisk.h>
|
2009-05-22 09:36:01 +00:00
|
|
|
#include <linux/crc32.h>
|
|
|
|
#include <linux/time.h>
|
2010-01-25 11:20:19 +00:00
|
|
|
#include <linux/wait.h>
|
2010-03-05 08:21:37 +00:00
|
|
|
#include <linux/writeback.h>
|
2011-04-18 13:18:09 +00:00
|
|
|
#include <linux/backing-dev.h>
|
2014-11-14 02:42:04 +00:00
|
|
|
#include <linux/kernel.h>
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
#include "gfs2.h"
|
2006-02-27 22:23:27 +00:00
|
|
|
#include "incore.h"
|
2006-01-16 16:50:04 +00:00
|
|
|
#include "bmap.h"
|
|
|
|
#include "dir.h"
|
|
|
|
#include "glock.h"
|
|
|
|
#include "glops.h"
|
|
|
|
#include "inode.h"
|
|
|
|
#include "log.h"
|
|
|
|
#include "meta_io.h"
|
|
|
|
#include "quota.h"
|
|
|
|
#include "recovery.h"
|
|
|
|
#include "rgrp.h"
|
|
|
|
#include "super.h"
|
|
|
|
#include "trans.h"
|
2006-02-27 22:23:27 +00:00
|
|
|
#include "util.h"
|
2009-05-22 09:36:01 +00:00
|
|
|
#include "sys.h"
|
2009-08-26 17:51:04 +00:00
|
|
|
#include "xattr.h"
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
#define args_neq(a1, a2, x) ((a1)->ar_##x != (a2)->ar_##x)
|
|
|
|
|
|
|
|
enum {
|
|
|
|
Opt_lockproto,
|
|
|
|
Opt_locktable,
|
|
|
|
Opt_hostdata,
|
|
|
|
Opt_spectator,
|
|
|
|
Opt_ignore_local_fs,
|
|
|
|
Opt_localflocks,
|
|
|
|
Opt_localcaching,
|
|
|
|
Opt_debug,
|
|
|
|
Opt_nodebug,
|
|
|
|
Opt_upgrade,
|
|
|
|
Opt_acl,
|
|
|
|
Opt_noacl,
|
|
|
|
Opt_quota_off,
|
|
|
|
Opt_quota_account,
|
|
|
|
Opt_quota_on,
|
|
|
|
Opt_quota,
|
|
|
|
Opt_noquota,
|
|
|
|
Opt_suiddir,
|
|
|
|
Opt_nosuiddir,
|
|
|
|
Opt_data_writeback,
|
|
|
|
Opt_data_ordered,
|
|
|
|
Opt_meta,
|
|
|
|
Opt_discard,
|
|
|
|
Opt_nodiscard,
|
|
|
|
Opt_commit,
|
2009-08-24 09:44:18 +00:00
|
|
|
Opt_err_withdraw,
|
|
|
|
Opt_err_panic,
|
2009-10-20 07:39:44 +00:00
|
|
|
Opt_statfs_quantum,
|
|
|
|
Opt_statfs_percent,
|
|
|
|
Opt_quota_quantum,
|
2009-10-30 07:03:27 +00:00
|
|
|
Opt_barrier,
|
|
|
|
Opt_nobarrier,
|
GFS2: Use lvbs for storing rgrp information with mount option
Instead of reading in the resource groups when gfs2 is checking
for free space to allocate from, gfs2 can store the necessary infromation
in the resource group's lvb. Also, instead of searching for unlinked
inodes in every resource group that's checked for free space, gfs2 can
store the number of unlinked but inodes in the lvb, and only check for
unlinked inodes if it will find some.
The first time a resource group is locked, the lvb must initialized.
Since this involves counting the unlinked inodes in the resource group,
this takes a little extra time. But after that, if the resource group
is locked with GL_SKIP, the buffer head won't be read in unless it's
actually needed.
Enabling the resource groups lvbs is done via the rgrplvb mount option. If
this option isn't set, the lvbs will still be set and updated, but they won't
be verfied or used by the filesystem. To safely turn on this option, all of
the nodes mounting the filesystem must be running code with this patch, and
the filesystem must have been completely unmounted since they were updated.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2012-05-30 04:01:09 +00:00
|
|
|
Opt_rgrplvb,
|
|
|
|
Opt_norgrplvb,
|
gfs2: change gfs2 readdir cookie
gfs2 currently returns 31 bits of filename hash as a cookie that readdir
uses for an offset into the directory. When there are a large number of
directory entries, the likelihood of a collision goes up way too
quickly. GFS2 will now return cookies that are guaranteed unique for a
while, and then fail back to using 30 bits of filename hash.
Specifically, the directory leaf blocks are divided up into chunks based
on the minimum size of a gfs2 directory entry (48 bytes). Each entry's
cookie is based off the chunk where it starts, in the linked list of
leaf blocks that it hashes to (there are 131072 hash buckets). Directory
entries will have unique names until they take reach chunk 8192.
Assuming the largest filenames possible, and the least efficient spacing
possible, this new method will still be able to return unique names when
the previous method has statistically more than a 99% chance of a
collision. The non-unique names it fails back to are guaranteed to not
collide with the unique names.
unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "0"
- 13 bits for the offset
non-unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "1"
- 13 more bits of the name hash
Another benefit of location based cookies, is that once a directory's
exhash table is fully extended (so that multiple hash table indexs do
not use the same leaf blocks), gfs2 can skip sorting the directory
entries until it reaches the non-unique ones, and then it only needs to
sort these. This provides a significant speed up for directory reads of
very large directories.
The only issue is that for these cookies to continue to point to the
correct entry as files are added and removed from the directory, gfs2
must keep the entries at the same offset in the leaf block when they are
split (see my previous patch). This means that until all the nodes in a
cluster are running with code that will split the directory leaf blocks
this way, none of the nodes can use the new cookie code. To deal with
this, gfs2 now has the mount option loccookie, which, if set, will make
it return these new location based cookies. This option must not be set
until all nodes in the cluster are at least running this version of the
kernel code, and you have guaranteed that there are no outstanding
cookies required by other software, such as NFS.
gfs2 uses some of the extra space at the end of the gfs2_dirent
structure to store the calculated readdir cookies. This keeps us from
needing to allocate a seperate array to hold these values. gfs2
recomputes the cookie stored in de_cookie for every readdir call. The
time it takes to do so is small, and if gfs2 expected this value to be
saved on disk, the new code wouldn't work correctly on filesystems
created with an earlier version of gfs2.
One issue with adding de_cookie to the union in the gfs2_dirent
structure is that it caused the union to align itself to a 4 byte
boundary, instead of its previous 2 byte boundary. This changed the
offset of de_rahead. To solve that, I pulled de_rahead out of the union,
since it does not need to be there.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2015-12-01 14:46:55 +00:00
|
|
|
Opt_loccookie,
|
|
|
|
Opt_noloccookie,
|
2009-05-22 09:36:01 +00:00
|
|
|
Opt_error,
|
|
|
|
};
|
|
|
|
|
|
|
|
static const match_table_t tokens = {
|
|
|
|
{Opt_lockproto, "lockproto=%s"},
|
|
|
|
{Opt_locktable, "locktable=%s"},
|
|
|
|
{Opt_hostdata, "hostdata=%s"},
|
|
|
|
{Opt_spectator, "spectator"},
|
2010-09-29 13:24:41 +00:00
|
|
|
{Opt_spectator, "norecovery"},
|
2009-05-22 09:36:01 +00:00
|
|
|
{Opt_ignore_local_fs, "ignore_local_fs"},
|
|
|
|
{Opt_localflocks, "localflocks"},
|
|
|
|
{Opt_localcaching, "localcaching"},
|
|
|
|
{Opt_debug, "debug"},
|
|
|
|
{Opt_nodebug, "nodebug"},
|
|
|
|
{Opt_upgrade, "upgrade"},
|
|
|
|
{Opt_acl, "acl"},
|
|
|
|
{Opt_noacl, "noacl"},
|
|
|
|
{Opt_quota_off, "quota=off"},
|
|
|
|
{Opt_quota_account, "quota=account"},
|
|
|
|
{Opt_quota_on, "quota=on"},
|
|
|
|
{Opt_quota, "quota"},
|
|
|
|
{Opt_noquota, "noquota"},
|
|
|
|
{Opt_suiddir, "suiddir"},
|
|
|
|
{Opt_nosuiddir, "nosuiddir"},
|
|
|
|
{Opt_data_writeback, "data=writeback"},
|
|
|
|
{Opt_data_ordered, "data=ordered"},
|
|
|
|
{Opt_meta, "meta"},
|
|
|
|
{Opt_discard, "discard"},
|
|
|
|
{Opt_nodiscard, "nodiscard"},
|
|
|
|
{Opt_commit, "commit=%d"},
|
2009-08-24 09:44:18 +00:00
|
|
|
{Opt_err_withdraw, "errors=withdraw"},
|
|
|
|
{Opt_err_panic, "errors=panic"},
|
2009-10-20 07:39:44 +00:00
|
|
|
{Opt_statfs_quantum, "statfs_quantum=%d"},
|
|
|
|
{Opt_statfs_percent, "statfs_percent=%d"},
|
|
|
|
{Opt_quota_quantum, "quota_quantum=%d"},
|
2009-10-30 07:03:27 +00:00
|
|
|
{Opt_barrier, "barrier"},
|
|
|
|
{Opt_nobarrier, "nobarrier"},
|
GFS2: Use lvbs for storing rgrp information with mount option
Instead of reading in the resource groups when gfs2 is checking
for free space to allocate from, gfs2 can store the necessary infromation
in the resource group's lvb. Also, instead of searching for unlinked
inodes in every resource group that's checked for free space, gfs2 can
store the number of unlinked but inodes in the lvb, and only check for
unlinked inodes if it will find some.
The first time a resource group is locked, the lvb must initialized.
Since this involves counting the unlinked inodes in the resource group,
this takes a little extra time. But after that, if the resource group
is locked with GL_SKIP, the buffer head won't be read in unless it's
actually needed.
Enabling the resource groups lvbs is done via the rgrplvb mount option. If
this option isn't set, the lvbs will still be set and updated, but they won't
be verfied or used by the filesystem. To safely turn on this option, all of
the nodes mounting the filesystem must be running code with this patch, and
the filesystem must have been completely unmounted since they were updated.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2012-05-30 04:01:09 +00:00
|
|
|
{Opt_rgrplvb, "rgrplvb"},
|
|
|
|
{Opt_norgrplvb, "norgrplvb"},
|
gfs2: change gfs2 readdir cookie
gfs2 currently returns 31 bits of filename hash as a cookie that readdir
uses for an offset into the directory. When there are a large number of
directory entries, the likelihood of a collision goes up way too
quickly. GFS2 will now return cookies that are guaranteed unique for a
while, and then fail back to using 30 bits of filename hash.
Specifically, the directory leaf blocks are divided up into chunks based
on the minimum size of a gfs2 directory entry (48 bytes). Each entry's
cookie is based off the chunk where it starts, in the linked list of
leaf blocks that it hashes to (there are 131072 hash buckets). Directory
entries will have unique names until they take reach chunk 8192.
Assuming the largest filenames possible, and the least efficient spacing
possible, this new method will still be able to return unique names when
the previous method has statistically more than a 99% chance of a
collision. The non-unique names it fails back to are guaranteed to not
collide with the unique names.
unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "0"
- 13 bits for the offset
non-unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "1"
- 13 more bits of the name hash
Another benefit of location based cookies, is that once a directory's
exhash table is fully extended (so that multiple hash table indexs do
not use the same leaf blocks), gfs2 can skip sorting the directory
entries until it reaches the non-unique ones, and then it only needs to
sort these. This provides a significant speed up for directory reads of
very large directories.
The only issue is that for these cookies to continue to point to the
correct entry as files are added and removed from the directory, gfs2
must keep the entries at the same offset in the leaf block when they are
split (see my previous patch). This means that until all the nodes in a
cluster are running with code that will split the directory leaf blocks
this way, none of the nodes can use the new cookie code. To deal with
this, gfs2 now has the mount option loccookie, which, if set, will make
it return these new location based cookies. This option must not be set
until all nodes in the cluster are at least running this version of the
kernel code, and you have guaranteed that there are no outstanding
cookies required by other software, such as NFS.
gfs2 uses some of the extra space at the end of the gfs2_dirent
structure to store the calculated readdir cookies. This keeps us from
needing to allocate a seperate array to hold these values. gfs2
recomputes the cookie stored in de_cookie for every readdir call. The
time it takes to do so is small, and if gfs2 expected this value to be
saved on disk, the new code wouldn't work correctly on filesystems
created with an earlier version of gfs2.
One issue with adding de_cookie to the union in the gfs2_dirent
structure is that it caused the union to align itself to a 4 byte
boundary, instead of its previous 2 byte boundary. This changed the
offset of de_rahead. To solve that, I pulled de_rahead out of the union,
since it does not need to be there.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2015-12-01 14:46:55 +00:00
|
|
|
{Opt_loccookie, "loccookie"},
|
|
|
|
{Opt_noloccookie, "noloccookie"},
|
2009-05-22 09:36:01 +00:00
|
|
|
{Opt_error, NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_mount_args - Parse mount options
|
2009-09-28 09:30:49 +00:00
|
|
|
* @args: The structure into which the parsed options will be written
|
|
|
|
* @options: The options to parse
|
2009-05-22 09:36:01 +00:00
|
|
|
*
|
|
|
|
* Return: errno
|
|
|
|
*/
|
|
|
|
|
2009-09-28 09:30:49 +00:00
|
|
|
int gfs2_mount_args(struct gfs2_args *args, char *options)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
|
|
|
char *o;
|
|
|
|
int token;
|
|
|
|
substring_t tmp[MAX_OPT_ARGS];
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
/* Split the options into tokens with the "," character and
|
|
|
|
process them */
|
|
|
|
|
|
|
|
while (1) {
|
|
|
|
o = strsep(&options, ",");
|
|
|
|
if (o == NULL)
|
|
|
|
break;
|
|
|
|
if (*o == '\0')
|
|
|
|
continue;
|
|
|
|
|
|
|
|
token = match_token(o, tokens, tmp);
|
|
|
|
switch (token) {
|
|
|
|
case Opt_lockproto:
|
|
|
|
match_strlcpy(args->ar_lockproto, &tmp[0],
|
|
|
|
GFS2_LOCKNAME_LEN);
|
|
|
|
break;
|
|
|
|
case Opt_locktable:
|
|
|
|
match_strlcpy(args->ar_locktable, &tmp[0],
|
|
|
|
GFS2_LOCKNAME_LEN);
|
|
|
|
break;
|
|
|
|
case Opt_hostdata:
|
|
|
|
match_strlcpy(args->ar_hostdata, &tmp[0],
|
|
|
|
GFS2_LOCKNAME_LEN);
|
|
|
|
break;
|
|
|
|
case Opt_spectator:
|
|
|
|
args->ar_spectator = 1;
|
|
|
|
break;
|
|
|
|
case Opt_ignore_local_fs:
|
2010-09-23 12:41:42 +00:00
|
|
|
/* Retained for backwards compat only */
|
2009-05-22 09:36:01 +00:00
|
|
|
break;
|
|
|
|
case Opt_localflocks:
|
|
|
|
args->ar_localflocks = 1;
|
|
|
|
break;
|
|
|
|
case Opt_localcaching:
|
2010-09-23 13:00:31 +00:00
|
|
|
/* Retained for backwards compat only */
|
2009-05-22 09:36:01 +00:00
|
|
|
break;
|
|
|
|
case Opt_debug:
|
2009-08-24 09:44:18 +00:00
|
|
|
if (args->ar_errors == GFS2_ERRORS_PANIC) {
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("-o debug and -o errors=panic are mutually exclusive\n");
|
2009-08-24 09:44:18 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
args->ar_debug = 1;
|
|
|
|
break;
|
|
|
|
case Opt_nodebug:
|
|
|
|
args->ar_debug = 0;
|
|
|
|
break;
|
|
|
|
case Opt_upgrade:
|
2010-09-24 08:55:07 +00:00
|
|
|
/* Retained for backwards compat only */
|
2009-05-22 09:36:01 +00:00
|
|
|
break;
|
|
|
|
case Opt_acl:
|
|
|
|
args->ar_posix_acl = 1;
|
|
|
|
break;
|
|
|
|
case Opt_noacl:
|
|
|
|
args->ar_posix_acl = 0;
|
|
|
|
break;
|
|
|
|
case Opt_quota_off:
|
|
|
|
case Opt_noquota:
|
|
|
|
args->ar_quota = GFS2_QUOTA_OFF;
|
|
|
|
break;
|
|
|
|
case Opt_quota_account:
|
|
|
|
args->ar_quota = GFS2_QUOTA_ACCOUNT;
|
|
|
|
break;
|
|
|
|
case Opt_quota_on:
|
|
|
|
case Opt_quota:
|
|
|
|
args->ar_quota = GFS2_QUOTA_ON;
|
|
|
|
break;
|
|
|
|
case Opt_suiddir:
|
|
|
|
args->ar_suiddir = 1;
|
|
|
|
break;
|
|
|
|
case Opt_nosuiddir:
|
|
|
|
args->ar_suiddir = 0;
|
|
|
|
break;
|
|
|
|
case Opt_data_writeback:
|
|
|
|
args->ar_data = GFS2_DATA_WRITEBACK;
|
|
|
|
break;
|
|
|
|
case Opt_data_ordered:
|
|
|
|
args->ar_data = GFS2_DATA_ORDERED;
|
|
|
|
break;
|
|
|
|
case Opt_meta:
|
|
|
|
args->ar_meta = 1;
|
|
|
|
break;
|
|
|
|
case Opt_discard:
|
|
|
|
args->ar_discard = 1;
|
|
|
|
break;
|
|
|
|
case Opt_nodiscard:
|
|
|
|
args->ar_discard = 0;
|
|
|
|
break;
|
|
|
|
case Opt_commit:
|
|
|
|
rv = match_int(&tmp[0], &args->ar_commit);
|
|
|
|
if (rv || args->ar_commit <= 0) {
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("commit mount option requires a positive numeric argument\n");
|
2009-05-22 09:36:01 +00:00
|
|
|
return rv ? rv : -EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
2009-10-20 07:39:44 +00:00
|
|
|
case Opt_statfs_quantum:
|
|
|
|
rv = match_int(&tmp[0], &args->ar_statfs_quantum);
|
|
|
|
if (rv || args->ar_statfs_quantum < 0) {
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("statfs_quantum mount option requires a non-negative numeric argument\n");
|
2009-10-20 07:39:44 +00:00
|
|
|
return rv ? rv : -EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case Opt_quota_quantum:
|
|
|
|
rv = match_int(&tmp[0], &args->ar_quota_quantum);
|
|
|
|
if (rv || args->ar_quota_quantum <= 0) {
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("quota_quantum mount option requires a positive numeric argument\n");
|
2009-10-20 07:39:44 +00:00
|
|
|
return rv ? rv : -EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case Opt_statfs_percent:
|
|
|
|
rv = match_int(&tmp[0], &args->ar_statfs_percent);
|
|
|
|
if (rv || args->ar_statfs_percent < 0 ||
|
|
|
|
args->ar_statfs_percent > 100) {
|
2014-03-05 14:06:42 +00:00
|
|
|
pr_warn("statfs_percent mount option requires a numeric argument between 0 and 100\n");
|
2009-10-20 07:39:44 +00:00
|
|
|
return rv ? rv : -EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
2009-08-24 09:44:18 +00:00
|
|
|
case Opt_err_withdraw:
|
|
|
|
args->ar_errors = GFS2_ERRORS_WITHDRAW;
|
|
|
|
break;
|
|
|
|
case Opt_err_panic:
|
|
|
|
if (args->ar_debug) {
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("-o debug and -o errors=panic are mutually exclusive\n");
|
2009-08-24 09:44:18 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
args->ar_errors = GFS2_ERRORS_PANIC;
|
|
|
|
break;
|
2009-10-30 07:03:27 +00:00
|
|
|
case Opt_barrier:
|
|
|
|
args->ar_nobarrier = 0;
|
|
|
|
break;
|
|
|
|
case Opt_nobarrier:
|
|
|
|
args->ar_nobarrier = 1;
|
|
|
|
break;
|
GFS2: Use lvbs for storing rgrp information with mount option
Instead of reading in the resource groups when gfs2 is checking
for free space to allocate from, gfs2 can store the necessary infromation
in the resource group's lvb. Also, instead of searching for unlinked
inodes in every resource group that's checked for free space, gfs2 can
store the number of unlinked but inodes in the lvb, and only check for
unlinked inodes if it will find some.
The first time a resource group is locked, the lvb must initialized.
Since this involves counting the unlinked inodes in the resource group,
this takes a little extra time. But after that, if the resource group
is locked with GL_SKIP, the buffer head won't be read in unless it's
actually needed.
Enabling the resource groups lvbs is done via the rgrplvb mount option. If
this option isn't set, the lvbs will still be set and updated, but they won't
be verfied or used by the filesystem. To safely turn on this option, all of
the nodes mounting the filesystem must be running code with this patch, and
the filesystem must have been completely unmounted since they were updated.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2012-05-30 04:01:09 +00:00
|
|
|
case Opt_rgrplvb:
|
|
|
|
args->ar_rgrplvb = 1;
|
|
|
|
break;
|
|
|
|
case Opt_norgrplvb:
|
|
|
|
args->ar_rgrplvb = 0;
|
|
|
|
break;
|
gfs2: change gfs2 readdir cookie
gfs2 currently returns 31 bits of filename hash as a cookie that readdir
uses for an offset into the directory. When there are a large number of
directory entries, the likelihood of a collision goes up way too
quickly. GFS2 will now return cookies that are guaranteed unique for a
while, and then fail back to using 30 bits of filename hash.
Specifically, the directory leaf blocks are divided up into chunks based
on the minimum size of a gfs2 directory entry (48 bytes). Each entry's
cookie is based off the chunk where it starts, in the linked list of
leaf blocks that it hashes to (there are 131072 hash buckets). Directory
entries will have unique names until they take reach chunk 8192.
Assuming the largest filenames possible, and the least efficient spacing
possible, this new method will still be able to return unique names when
the previous method has statistically more than a 99% chance of a
collision. The non-unique names it fails back to are guaranteed to not
collide with the unique names.
unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "0"
- 13 bits for the offset
non-unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "1"
- 13 more bits of the name hash
Another benefit of location based cookies, is that once a directory's
exhash table is fully extended (so that multiple hash table indexs do
not use the same leaf blocks), gfs2 can skip sorting the directory
entries until it reaches the non-unique ones, and then it only needs to
sort these. This provides a significant speed up for directory reads of
very large directories.
The only issue is that for these cookies to continue to point to the
correct entry as files are added and removed from the directory, gfs2
must keep the entries at the same offset in the leaf block when they are
split (see my previous patch). This means that until all the nodes in a
cluster are running with code that will split the directory leaf blocks
this way, none of the nodes can use the new cookie code. To deal with
this, gfs2 now has the mount option loccookie, which, if set, will make
it return these new location based cookies. This option must not be set
until all nodes in the cluster are at least running this version of the
kernel code, and you have guaranteed that there are no outstanding
cookies required by other software, such as NFS.
gfs2 uses some of the extra space at the end of the gfs2_dirent
structure to store the calculated readdir cookies. This keeps us from
needing to allocate a seperate array to hold these values. gfs2
recomputes the cookie stored in de_cookie for every readdir call. The
time it takes to do so is small, and if gfs2 expected this value to be
saved on disk, the new code wouldn't work correctly on filesystems
created with an earlier version of gfs2.
One issue with adding de_cookie to the union in the gfs2_dirent
structure is that it caused the union to align itself to a 4 byte
boundary, instead of its previous 2 byte boundary. This changed the
offset of de_rahead. To solve that, I pulled de_rahead out of the union,
since it does not need to be there.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2015-12-01 14:46:55 +00:00
|
|
|
case Opt_loccookie:
|
|
|
|
args->ar_loccookie = 1;
|
|
|
|
break;
|
|
|
|
case Opt_noloccookie:
|
|
|
|
args->ar_loccookie = 0;
|
|
|
|
break;
|
2009-05-22 09:36:01 +00:00
|
|
|
case Opt_error:
|
|
|
|
default:
|
2014-03-06 20:10:45 +00:00
|
|
|
pr_warn("invalid mount option: %s\n", o);
|
2009-05-22 09:36:01 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2006-01-16 16:50:04 +00:00
|
|
|
|
2008-12-19 15:32:06 +00:00
|
|
|
/**
|
|
|
|
* gfs2_jindex_free - Clear all the journal index information
|
|
|
|
* @sdp: The GFS2 superblock
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
void gfs2_jindex_free(struct gfs2_sbd *sdp)
|
|
|
|
{
|
2014-03-03 13:35:57 +00:00
|
|
|
struct list_head list;
|
2008-12-19 15:32:06 +00:00
|
|
|
struct gfs2_jdesc *jd;
|
|
|
|
|
|
|
|
spin_lock(&sdp->sd_jindex_spin);
|
|
|
|
list_add(&list, &sdp->sd_jindex_list);
|
|
|
|
list_del_init(&sdp->sd_jindex_list);
|
|
|
|
sdp->sd_journals = 0;
|
|
|
|
spin_unlock(&sdp->sd_jindex_spin);
|
|
|
|
|
|
|
|
while (!list_empty(&list)) {
|
|
|
|
jd = list_entry(list.next, struct gfs2_jdesc, jd_list);
|
2014-03-03 13:35:57 +00:00
|
|
|
gfs2_free_journal_extents(jd);
|
2008-12-19 15:32:06 +00:00
|
|
|
list_del(&jd->jd_list);
|
|
|
|
iput(jd->jd_inode);
|
|
|
|
kfree(jd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-01-16 16:50:04 +00:00
|
|
|
static struct gfs2_jdesc *jdesc_find_i(struct list_head *head, unsigned int jid)
|
|
|
|
{
|
|
|
|
struct gfs2_jdesc *jd;
|
|
|
|
int found = 0;
|
|
|
|
|
|
|
|
list_for_each_entry(jd, head, jd_list) {
|
|
|
|
if (jd->jd_jid == jid) {
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!found)
|
|
|
|
jd = NULL;
|
|
|
|
|
|
|
|
return jd;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct gfs2_jdesc *gfs2_jdesc_find(struct gfs2_sbd *sdp, unsigned int jid)
|
|
|
|
{
|
|
|
|
struct gfs2_jdesc *jd;
|
|
|
|
|
|
|
|
spin_lock(&sdp->sd_jindex_spin);
|
|
|
|
jd = jdesc_find_i(&sdp->sd_jindex_list, jid);
|
|
|
|
spin_unlock(&sdp->sd_jindex_spin);
|
|
|
|
|
|
|
|
return jd;
|
|
|
|
}
|
|
|
|
|
|
|
|
int gfs2_jdesc_check(struct gfs2_jdesc *jd)
|
|
|
|
{
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *ip = GFS2_I(jd->jd_inode);
|
|
|
|
struct gfs2_sbd *sdp = GFS2_SB(jd->jd_inode);
|
2010-08-11 08:53:11 +00:00
|
|
|
u64 size = i_size_read(jd->jd_inode);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
2016-08-02 17:05:27 +00:00
|
|
|
if (gfs2_check_internal_file_size(jd->jd_inode, 8 << 20, BIT(30)))
|
2006-01-16 16:50:04 +00:00
|
|
|
return -EIO;
|
|
|
|
|
2010-08-11 08:53:11 +00:00
|
|
|
jd->jd_blocks = size >> sdp->sd_sb.sb_bsize_shift;
|
|
|
|
|
|
|
|
if (gfs2_write_alloc_required(ip, 0, size)) {
|
2006-01-16 16:50:04 +00:00
|
|
|
gfs2_consist_inode(ip);
|
2010-06-24 23:21:20 +00:00
|
|
|
return -EIO;
|
2006-01-16 16:50:04 +00:00
|
|
|
}
|
|
|
|
|
2010-06-24 23:21:20 +00:00
|
|
|
return 0;
|
2006-01-16 16:50:04 +00:00
|
|
|
}
|
|
|
|
|
2013-12-12 11:34:09 +00:00
|
|
|
static int init_threads(struct gfs2_sbd *sdp)
|
|
|
|
{
|
|
|
|
struct task_struct *p;
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
p = kthread_run(gfs2_logd, sdp, "gfs2_logd");
|
|
|
|
if (IS_ERR(p)) {
|
|
|
|
error = PTR_ERR(p);
|
|
|
|
fs_err(sdp, "can't start logd thread: %d\n", error);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
sdp->sd_logd_process = p;
|
|
|
|
|
|
|
|
p = kthread_run(gfs2_quotad, sdp, "gfs2_quotad");
|
|
|
|
if (IS_ERR(p)) {
|
|
|
|
error = PTR_ERR(p);
|
|
|
|
fs_err(sdp, "can't start quotad thread: %d\n", error);
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
sdp->sd_quotad_process = p;
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
kthread_stop(sdp->sd_logd_process);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2006-01-16 16:50:04 +00:00
|
|
|
/**
|
|
|
|
* gfs2_make_fs_rw - Turn a Read-Only FS into a Read-Write one
|
|
|
|
* @sdp: the filesystem
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
|
|
|
int gfs2_make_fs_rw(struct gfs2_sbd *sdp)
|
|
|
|
{
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *ip = GFS2_I(sdp->sd_jdesc->jd_inode);
|
2006-02-27 22:23:27 +00:00
|
|
|
struct gfs2_glock *j_gl = ip->i_gl;
|
2014-11-14 02:42:04 +00:00
|
|
|
struct gfs2_holder freeze_gh;
|
2006-10-14 01:47:13 +00:00
|
|
|
struct gfs2_log_header_host head;
|
2006-01-16 16:50:04 +00:00
|
|
|
int error;
|
|
|
|
|
2013-12-12 11:34:09 +00:00
|
|
|
error = init_threads(sdp);
|
2006-01-16 16:50:04 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_SHARED, 0,
|
2014-11-14 02:42:04 +00:00
|
|
|
&freeze_gh);
|
2013-12-12 11:34:09 +00:00
|
|
|
if (error)
|
|
|
|
goto fail_threads;
|
|
|
|
|
2006-11-20 15:37:45 +00:00
|
|
|
j_gl->gl_ops->go_inval(j_gl, DIO_METADATA);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
error = gfs2_find_jhead(sdp->sd_jdesc, &head);
|
|
|
|
if (error)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (!(head.lh_flags & GFS2_LOG_HEAD_UNMOUNT)) {
|
|
|
|
gfs2_consist(sdp);
|
|
|
|
error = -EIO;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Initialize some head of the log stuff */
|
|
|
|
sdp->sd_log_sequence = head.lh_sequence + 1;
|
|
|
|
gfs2_log_pointers_init(sdp, head.lh_blkno);
|
|
|
|
|
|
|
|
error = gfs2_quota_init(sdp);
|
|
|
|
if (error)
|
2006-09-04 16:04:26 +00:00
|
|
|
goto fail;
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
set_bit(SDF_JOURNAL_LIVE, &sdp->sd_flags);
|
|
|
|
|
2014-11-14 02:42:04 +00:00
|
|
|
gfs2_glock_dq_uninit(&freeze_gh);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
2006-09-04 16:04:26 +00:00
|
|
|
fail:
|
2014-11-14 02:42:04 +00:00
|
|
|
freeze_gh.gh_flags |= GL_NOCACHE;
|
|
|
|
gfs2_glock_dq_uninit(&freeze_gh);
|
2013-12-12 11:34:09 +00:00
|
|
|
fail_threads:
|
|
|
|
kthread_stop(sdp->sd_quotad_process);
|
|
|
|
kthread_stop(sdp->sd_logd_process);
|
2006-01-16 16:50:04 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2009-06-25 20:09:51 +00:00
|
|
|
void gfs2_statfs_change_in(struct gfs2_statfs_change_host *sc, const void *buf)
|
2007-06-01 13:11:58 +00:00
|
|
|
{
|
|
|
|
const struct gfs2_statfs_change *str = buf;
|
|
|
|
|
|
|
|
sc->sc_total = be64_to_cpu(str->sc_total);
|
|
|
|
sc->sc_free = be64_to_cpu(str->sc_free);
|
|
|
|
sc->sc_dinodes = be64_to_cpu(str->sc_dinodes);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void gfs2_statfs_change_out(const struct gfs2_statfs_change_host *sc, void *buf)
|
|
|
|
{
|
|
|
|
struct gfs2_statfs_change *str = buf;
|
|
|
|
|
|
|
|
str->sc_total = cpu_to_be64(sc->sc_total);
|
|
|
|
str->sc_free = cpu_to_be64(sc->sc_free);
|
|
|
|
str->sc_dinodes = cpu_to_be64(sc->sc_dinodes);
|
|
|
|
}
|
|
|
|
|
2006-01-16 16:50:04 +00:00
|
|
|
int gfs2_statfs_init(struct gfs2_sbd *sdp)
|
|
|
|
{
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *m_ip = GFS2_I(sdp->sd_statfs_inode);
|
2006-10-14 03:43:19 +00:00
|
|
|
struct gfs2_statfs_change_host *m_sc = &sdp->sd_statfs_master;
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *l_ip = GFS2_I(sdp->sd_sc_inode);
|
2006-10-14 03:43:19 +00:00
|
|
|
struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
|
2006-01-16 16:50:04 +00:00
|
|
|
struct buffer_head *m_bh, *l_bh;
|
|
|
|
struct gfs2_holder gh;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = gfs2_glock_nq_init(m_ip->i_gl, LM_ST_EXCLUSIVE, GL_NOCACHE,
|
|
|
|
&gh);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
error = gfs2_meta_inode_buffer(m_ip, &m_bh);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (sdp->sd_args.ar_spectator) {
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
gfs2_statfs_change_in(m_sc, m_bh->b_data +
|
|
|
|
sizeof(struct gfs2_dinode));
|
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
} else {
|
|
|
|
error = gfs2_meta_inode_buffer(l_ip, &l_bh);
|
|
|
|
if (error)
|
|
|
|
goto out_m_bh;
|
|
|
|
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
gfs2_statfs_change_in(m_sc, m_bh->b_data +
|
|
|
|
sizeof(struct gfs2_dinode));
|
|
|
|
gfs2_statfs_change_in(l_sc, l_bh->b_data +
|
|
|
|
sizeof(struct gfs2_dinode));
|
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
|
|
|
|
brelse(l_bh);
|
|
|
|
}
|
|
|
|
|
2006-09-04 16:04:26 +00:00
|
|
|
out_m_bh:
|
2006-01-16 16:50:04 +00:00
|
|
|
brelse(m_bh);
|
2006-09-04 16:04:26 +00:00
|
|
|
out:
|
2006-01-16 16:50:04 +00:00
|
|
|
gfs2_glock_dq_uninit(&gh);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-09-04 16:49:07 +00:00
|
|
|
void gfs2_statfs_change(struct gfs2_sbd *sdp, s64 total, s64 free,
|
|
|
|
s64 dinodes)
|
2006-01-16 16:50:04 +00:00
|
|
|
{
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *l_ip = GFS2_I(sdp->sd_sc_inode);
|
2006-10-14 03:43:19 +00:00
|
|
|
struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
|
2009-10-20 07:39:44 +00:00
|
|
|
struct gfs2_statfs_change_host *m_sc = &sdp->sd_statfs_master;
|
2006-01-16 16:50:04 +00:00
|
|
|
struct buffer_head *l_bh;
|
2009-10-26 18:29:47 +00:00
|
|
|
s64 x, y;
|
|
|
|
int need_sync = 0;
|
2006-01-16 16:50:04 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
error = gfs2_meta_inode_buffer(l_ip, &l_bh);
|
|
|
|
if (error)
|
|
|
|
return;
|
|
|
|
|
2012-12-14 12:36:02 +00:00
|
|
|
gfs2_trans_add_meta(l_ip->i_gl, l_bh);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
l_sc->sc_total += total;
|
|
|
|
l_sc->sc_free += free;
|
|
|
|
l_sc->sc_dinodes += dinodes;
|
2006-09-25 13:26:04 +00:00
|
|
|
gfs2_statfs_change_out(l_sc, l_bh->b_data + sizeof(struct gfs2_dinode));
|
2009-10-26 18:29:47 +00:00
|
|
|
if (sdp->sd_args.ar_statfs_percent) {
|
|
|
|
x = 100 * l_sc->sc_free;
|
|
|
|
y = m_sc->sc_free * sdp->sd_args.ar_statfs_percent;
|
|
|
|
if (x >= y || x <= -y)
|
|
|
|
need_sync = 1;
|
|
|
|
}
|
2006-01-16 16:50:04 +00:00
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
|
|
|
|
brelse(l_bh);
|
2009-10-26 18:29:47 +00:00
|
|
|
if (need_sync)
|
2009-10-20 07:39:44 +00:00
|
|
|
gfs2_wake_up_statfs(sdp);
|
2006-01-16 16:50:04 +00:00
|
|
|
}
|
|
|
|
|
2009-06-25 20:09:51 +00:00
|
|
|
void update_statfs(struct gfs2_sbd *sdp, struct buffer_head *m_bh,
|
|
|
|
struct buffer_head *l_bh)
|
|
|
|
{
|
|
|
|
struct gfs2_inode *m_ip = GFS2_I(sdp->sd_statfs_inode);
|
|
|
|
struct gfs2_inode *l_ip = GFS2_I(sdp->sd_sc_inode);
|
|
|
|
struct gfs2_statfs_change_host *m_sc = &sdp->sd_statfs_master;
|
|
|
|
struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
|
|
|
|
|
2012-12-14 12:36:02 +00:00
|
|
|
gfs2_trans_add_meta(l_ip->i_gl, l_bh);
|
2015-03-11 14:52:31 +00:00
|
|
|
gfs2_trans_add_meta(m_ip->i_gl, m_bh);
|
2009-06-25 20:09:51 +00:00
|
|
|
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
m_sc->sc_total += l_sc->sc_total;
|
|
|
|
m_sc->sc_free += l_sc->sc_free;
|
|
|
|
m_sc->sc_dinodes += l_sc->sc_dinodes;
|
|
|
|
memset(l_sc, 0, sizeof(struct gfs2_statfs_change));
|
|
|
|
memset(l_bh->b_data + sizeof(struct gfs2_dinode),
|
|
|
|
0, sizeof(struct gfs2_statfs_change));
|
|
|
|
gfs2_statfs_change_out(m_sc, m_bh->b_data + sizeof(struct gfs2_dinode));
|
2015-03-11 14:52:31 +00:00
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
2009-06-25 20:09:51 +00:00
|
|
|
}
|
|
|
|
|
2009-09-11 13:36:44 +00:00
|
|
|
int gfs2_statfs_sync(struct super_block *sb, int type)
|
2006-01-16 16:50:04 +00:00
|
|
|
{
|
2009-09-11 13:36:44 +00:00
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
2006-06-14 19:32:57 +00:00
|
|
|
struct gfs2_inode *m_ip = GFS2_I(sdp->sd_statfs_inode);
|
|
|
|
struct gfs2_inode *l_ip = GFS2_I(sdp->sd_sc_inode);
|
2006-10-14 03:43:19 +00:00
|
|
|
struct gfs2_statfs_change_host *m_sc = &sdp->sd_statfs_master;
|
|
|
|
struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
|
2006-01-16 16:50:04 +00:00
|
|
|
struct gfs2_holder gh;
|
|
|
|
struct buffer_head *m_bh, *l_bh;
|
|
|
|
int error;
|
|
|
|
|
2014-11-14 02:42:04 +00:00
|
|
|
sb_start_write(sb);
|
2006-01-16 16:50:04 +00:00
|
|
|
error = gfs2_glock_nq_init(m_ip->i_gl, LM_ST_EXCLUSIVE, GL_NOCACHE,
|
|
|
|
&gh);
|
|
|
|
if (error)
|
2014-11-14 02:42:04 +00:00
|
|
|
goto out;
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
error = gfs2_meta_inode_buffer(m_ip, &m_bh);
|
|
|
|
if (error)
|
2014-11-14 02:42:04 +00:00
|
|
|
goto out_unlock;
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
gfs2_statfs_change_in(m_sc, m_bh->b_data +
|
2006-09-25 13:26:04 +00:00
|
|
|
sizeof(struct gfs2_dinode));
|
2006-01-16 16:50:04 +00:00
|
|
|
if (!l_sc->sc_total && !l_sc->sc_free && !l_sc->sc_dinodes) {
|
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
goto out_bh;
|
|
|
|
}
|
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
|
|
|
|
error = gfs2_meta_inode_buffer(l_ip, &l_bh);
|
|
|
|
if (error)
|
|
|
|
goto out_bh;
|
|
|
|
|
|
|
|
error = gfs2_trans_begin(sdp, 2 * RES_DINODE, 0);
|
|
|
|
if (error)
|
|
|
|
goto out_bh2;
|
|
|
|
|
2009-06-25 20:09:51 +00:00
|
|
|
update_statfs(sdp, m_bh, l_bh);
|
2009-10-20 07:39:44 +00:00
|
|
|
sdp->sd_statfs_force_sync = 0;
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
gfs2_trans_end(sdp);
|
|
|
|
|
2006-09-04 16:04:26 +00:00
|
|
|
out_bh2:
|
2006-01-16 16:50:04 +00:00
|
|
|
brelse(l_bh);
|
2006-09-04 16:04:26 +00:00
|
|
|
out_bh:
|
2006-01-16 16:50:04 +00:00
|
|
|
brelse(m_bh);
|
2014-11-14 02:42:04 +00:00
|
|
|
out_unlock:
|
2006-01-16 16:50:04 +00:00
|
|
|
gfs2_glock_dq_uninit(&gh);
|
2014-11-14 02:42:04 +00:00
|
|
|
out:
|
|
|
|
sb_end_write(sb);
|
2006-01-16 16:50:04 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct lfcc {
|
|
|
|
struct list_head list;
|
|
|
|
struct gfs2_holder gh;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_lock_fs_check_clean - Stop all writes to the FS and check that all
|
|
|
|
* journals are clean
|
|
|
|
* @sdp: the file system
|
|
|
|
* @state: the state to put the transaction lock into
|
|
|
|
* @t_gh: the hold on the transaction lock
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
2006-04-28 14:59:12 +00:00
|
|
|
static int gfs2_lock_fs_check_clean(struct gfs2_sbd *sdp,
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
struct gfs2_holder *freeze_gh)
|
2006-01-16 16:50:04 +00:00
|
|
|
{
|
2006-02-27 22:23:27 +00:00
|
|
|
struct gfs2_inode *ip;
|
2006-01-16 16:50:04 +00:00
|
|
|
struct gfs2_jdesc *jd;
|
|
|
|
struct lfcc *lfcc;
|
|
|
|
LIST_HEAD(list);
|
2006-10-14 01:47:13 +00:00
|
|
|
struct gfs2_log_header_host lh;
|
2006-01-16 16:50:04 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
list_for_each_entry(jd, &sdp->sd_jindex_list, jd_list) {
|
|
|
|
lfcc = kmalloc(sizeof(struct lfcc), GFP_KERNEL);
|
|
|
|
if (!lfcc) {
|
|
|
|
error = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
2006-06-14 19:32:57 +00:00
|
|
|
ip = GFS2_I(jd->jd_inode);
|
|
|
|
error = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED, 0, &lfcc->gh);
|
2006-01-16 16:50:04 +00:00
|
|
|
if (error) {
|
|
|
|
kfree(lfcc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
list_add(&lfcc->list, &list);
|
|
|
|
}
|
|
|
|
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_EXCLUSIVE,
|
|
|
|
GL_NOCACHE, freeze_gh);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
|
|
|
list_for_each_entry(jd, &sdp->sd_jindex_list, jd_list) {
|
|
|
|
error = gfs2_jdesc_check(jd);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
error = gfs2_find_jhead(jd, &lh);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
if (!(lh.lh_flags & GFS2_LOG_HEAD_UNMOUNT)) {
|
|
|
|
error = -EBUSY;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (error)
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
gfs2_glock_dq_uninit(freeze_gh);
|
2006-01-16 16:50:04 +00:00
|
|
|
|
2006-09-04 16:04:26 +00:00
|
|
|
out:
|
2006-01-16 16:50:04 +00:00
|
|
|
while (!list_empty(&list)) {
|
|
|
|
lfcc = list_entry(list.next, struct lfcc, list);
|
|
|
|
list_del(&lfcc->list);
|
|
|
|
gfs2_glock_dq_uninit(&lfcc->gh);
|
|
|
|
kfree(lfcc);
|
|
|
|
}
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2011-05-09 13:11:40 +00:00
|
|
|
void gfs2_dinode_out(const struct gfs2_inode *ip, void *buf)
|
|
|
|
{
|
|
|
|
struct gfs2_dinode *str = buf;
|
|
|
|
|
|
|
|
str->di_header.mh_magic = cpu_to_be32(GFS2_MAGIC);
|
|
|
|
str->di_header.mh_type = cpu_to_be32(GFS2_METATYPE_DI);
|
|
|
|
str->di_header.mh_format = cpu_to_be32(GFS2_FORMAT_DI);
|
|
|
|
str->di_num.no_addr = cpu_to_be64(ip->i_no_addr);
|
|
|
|
str->di_num.no_formal_ino = cpu_to_be64(ip->i_no_formal_ino);
|
|
|
|
str->di_mode = cpu_to_be32(ip->i_inode.i_mode);
|
2013-02-01 06:08:10 +00:00
|
|
|
str->di_uid = cpu_to_be32(i_uid_read(&ip->i_inode));
|
|
|
|
str->di_gid = cpu_to_be32(i_gid_read(&ip->i_inode));
|
2011-05-09 13:11:40 +00:00
|
|
|
str->di_nlink = cpu_to_be32(ip->i_inode.i_nlink);
|
|
|
|
str->di_size = cpu_to_be64(i_size_read(&ip->i_inode));
|
|
|
|
str->di_blocks = cpu_to_be64(gfs2_get_inode_blocks(&ip->i_inode));
|
|
|
|
str->di_atime = cpu_to_be64(ip->i_inode.i_atime.tv_sec);
|
|
|
|
str->di_mtime = cpu_to_be64(ip->i_inode.i_mtime.tv_sec);
|
|
|
|
str->di_ctime = cpu_to_be64(ip->i_inode.i_ctime.tv_sec);
|
|
|
|
|
|
|
|
str->di_goal_meta = cpu_to_be64(ip->i_goal);
|
|
|
|
str->di_goal_data = cpu_to_be64(ip->i_goal);
|
|
|
|
str->di_generation = cpu_to_be64(ip->i_generation);
|
|
|
|
|
|
|
|
str->di_flags = cpu_to_be32(ip->i_diskflags);
|
|
|
|
str->di_height = cpu_to_be16(ip->i_height);
|
|
|
|
str->di_payload_format = cpu_to_be32(S_ISDIR(ip->i_inode.i_mode) &&
|
|
|
|
!(ip->i_diskflags & GFS2_DIF_EXHASH) ?
|
|
|
|
GFS2_FORMAT_DE : 0);
|
|
|
|
str->di_depth = cpu_to_be16(ip->i_depth);
|
|
|
|
str->di_entries = cpu_to_be32(ip->i_entries);
|
|
|
|
|
|
|
|
str->di_eattr = cpu_to_be64(ip->i_eattr);
|
|
|
|
str->di_atime_nsec = cpu_to_be32(ip->i_inode.i_atime.tv_nsec);
|
|
|
|
str->di_mtime_nsec = cpu_to_be32(ip->i_inode.i_mtime.tv_nsec);
|
|
|
|
str->di_ctime_nsec = cpu_to_be32(ip->i_inode.i_ctime.tv_nsec);
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_write_inode - Make sure the inode is stable on the disk
|
|
|
|
* @inode: The inode
|
2011-03-30 15:13:25 +00:00
|
|
|
* @wbc: The writeback control structure
|
2009-05-22 09:36:01 +00:00
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
2010-03-05 08:21:37 +00:00
|
|
|
static int gfs2_write_inode(struct inode *inode, struct writeback_control *wbc)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
|
|
|
struct gfs2_inode *ip = GFS2_I(inode);
|
|
|
|
struct gfs2_sbd *sdp = GFS2_SB(inode);
|
2011-03-30 15:13:25 +00:00
|
|
|
struct address_space *metamapping = gfs2_glock2aspace(ip->i_gl);
|
2015-01-14 09:42:36 +00:00
|
|
|
struct backing_dev_info *bdi = inode_to_bdi(metamapping->host);
|
2011-08-15 13:20:36 +00:00
|
|
|
int ret = 0;
|
2017-10-11 14:22:07 +00:00
|
|
|
bool flush_all = (wbc->sync_mode == WB_SYNC_ALL || gfs2_is_jdata(ip));
|
2011-08-15 13:20:36 +00:00
|
|
|
|
2017-10-11 14:22:07 +00:00
|
|
|
if (flush_all)
|
2018-01-16 23:01:33 +00:00
|
|
|
gfs2_log_flush(GFS2_SB(inode), ip->i_gl,
|
|
|
|
GFS2_LOG_HEAD_FLUSH_NORMAL);
|
writeback: move bandwidth related fields from backing_dev_info into bdi_writeback
Currently, a bdi (backing_dev_info) embeds single wb (bdi_writeback)
and the role of the separation is unclear. For cgroup support for
writeback IOs, a bdi will be updated to host multiple wb's where each
wb serves writeback IOs of a different cgroup on the bdi. To achieve
that, a wb should carry all states necessary for servicing writeback
IOs for a cgroup independently.
This patch moves bandwidth related fields from backing_dev_info into
bdi_writeback.
* The moved fields are: bw_time_stamp, dirtied_stamp, written_stamp,
write_bandwidth, avg_write_bandwidth, dirty_ratelimit,
balanced_dirty_ratelimit, completions and dirty_exceeded.
* writeback_chunk_size() and over_bground_thresh() now take @wb
instead of @bdi.
* bdi_writeout_fraction(bdi, ...) -> wb_writeout_fraction(wb, ...)
bdi_dirty_limit(bdi, ...) -> wb_dirty_limit(wb, ...)
bdi_position_ration(bdi, ...) -> wb_position_ratio(wb, ...)
bdi_update_writebandwidth(bdi, ...) -> wb_update_write_bandwidth(wb, ...)
[__]bdi_update_bandwidth(bdi, ...) -> [__]wb_update_bandwidth(wb, ...)
bdi_{max|min}_pause(bdi, ...) -> wb_{max|min}_pause(wb, ...)
bdi_dirty_limits(bdi, ...) -> wb_dirty_limits(wb, ...)
* Init/exits of the relocated fields are moved to bdi_wb_init/exit()
respectively. Note that explicit zeroing is dropped in the process
as wb's are cleared in entirety anyway.
* As there's still only one bdi_writeback per backing_dev_info, all
uses of bdi->stat[] are mechanically replaced with bdi->wb.stat[]
introducing no behavior changes.
v2: Typo in description fixed as suggested by Jan.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2015-05-22 21:13:28 +00:00
|
|
|
if (bdi->wb.dirty_exceeded)
|
2011-04-18 13:18:09 +00:00
|
|
|
gfs2_ail1_flush(sdp, wbc);
|
2011-08-02 12:13:20 +00:00
|
|
|
else
|
|
|
|
filemap_fdatawrite(metamapping);
|
2017-10-11 14:22:07 +00:00
|
|
|
if (flush_all)
|
2011-03-30 15:13:25 +00:00
|
|
|
ret = filemap_fdatawait(metamapping);
|
|
|
|
if (ret)
|
|
|
|
mark_inode_dirty_sync(inode);
|
2009-05-22 09:36:01 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2011-08-15 13:20:36 +00:00
|
|
|
/**
|
|
|
|
* gfs2_dirty_inode - check for atime updates
|
|
|
|
* @inode: The inode in question
|
|
|
|
* @flags: The type of dirty
|
|
|
|
*
|
|
|
|
* Unfortunately it can be called under any combination of inode
|
|
|
|
* glock and transaction lock, so we have to check carefully.
|
|
|
|
*
|
|
|
|
* At the moment this deals only with atime - it should be possible
|
|
|
|
* to expand that role in future, once a review of the locking has
|
|
|
|
* been carried out.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void gfs2_dirty_inode(struct inode *inode, int flags)
|
|
|
|
{
|
|
|
|
struct gfs2_inode *ip = GFS2_I(inode);
|
|
|
|
struct gfs2_sbd *sdp = GFS2_SB(inode);
|
|
|
|
struct buffer_head *bh;
|
|
|
|
struct gfs2_holder gh;
|
|
|
|
int need_unlock = 0;
|
|
|
|
int need_endtrans = 0;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!(flags & (I_DIRTY_DATASYNC|I_DIRTY_SYNC)))
|
|
|
|
return;
|
2017-03-03 17:37:14 +00:00
|
|
|
if (unlikely(test_bit(SDF_SHUTDOWN, &sdp->sd_flags)))
|
|
|
|
return;
|
2011-08-15 13:20:36 +00:00
|
|
|
if (!gfs2_glock_is_locked_by_me(ip->i_gl)) {
|
|
|
|
ret = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);
|
|
|
|
if (ret) {
|
|
|
|
fs_err(sdp, "dirty_inode: glock %d\n", ret);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
need_unlock = 1;
|
2012-11-06 06:49:28 +00:00
|
|
|
} else if (WARN_ON_ONCE(ip->i_gl->gl_state != LM_ST_EXCLUSIVE))
|
|
|
|
return;
|
2011-08-15 13:20:36 +00:00
|
|
|
|
|
|
|
if (current->journal_info == NULL) {
|
|
|
|
ret = gfs2_trans_begin(sdp, RES_DINODE, 0);
|
|
|
|
if (ret) {
|
|
|
|
fs_err(sdp, "dirty_inode: gfs2_trans_begin %d\n", ret);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
need_endtrans = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = gfs2_meta_inode_buffer(ip, &bh);
|
|
|
|
if (ret == 0) {
|
2012-12-14 12:36:02 +00:00
|
|
|
gfs2_trans_add_meta(ip->i_gl, bh);
|
2011-08-15 13:20:36 +00:00
|
|
|
gfs2_dinode_out(ip, bh->b_data);
|
|
|
|
brelse(bh);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (need_endtrans)
|
|
|
|
gfs2_trans_end(sdp);
|
|
|
|
out:
|
|
|
|
if (need_unlock)
|
|
|
|
gfs2_glock_dq_uninit(&gh);
|
|
|
|
}
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
/**
|
|
|
|
* gfs2_make_fs_ro - Turn a Read-Write FS into a Read-Only one
|
|
|
|
* @sdp: the filesystem
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_make_fs_ro(struct gfs2_sbd *sdp)
|
|
|
|
{
|
2014-11-14 02:42:04 +00:00
|
|
|
struct gfs2_holder freeze_gh;
|
2009-05-22 09:36:01 +00:00
|
|
|
int error;
|
|
|
|
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_SHARED, GL_NOCACHE,
|
2014-11-14 02:42:04 +00:00
|
|
|
&freeze_gh);
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
if (error && !test_bit(SDF_SHUTDOWN, &sdp->sd_flags))
|
|
|
|
return error;
|
|
|
|
|
2013-12-12 11:34:09 +00:00
|
|
|
kthread_stop(sdp->sd_quotad_process);
|
|
|
|
kthread_stop(sdp->sd_logd_process);
|
|
|
|
|
2009-07-23 23:52:34 +00:00
|
|
|
flush_workqueue(gfs2_delete_workqueue);
|
2012-07-03 14:45:28 +00:00
|
|
|
gfs2_quota_sync(sdp->sd_vfs, 0);
|
2009-09-11 13:36:44 +00:00
|
|
|
gfs2_statfs_sync(sdp->sd_vfs, 0);
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2018-01-16 23:01:33 +00:00
|
|
|
gfs2_log_flush(sdp, NULL, GFS2_LOG_HEAD_FLUSH_SHUTDOWN);
|
2014-11-14 02:42:04 +00:00
|
|
|
wait_event(sdp->sd_reserving_log_wait, atomic_read(&sdp->sd_reserving_log) == 0);
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
gfs2_assert_warn(sdp, atomic_read(&sdp->sd_log_blks_free) == sdp->sd_jdesc->jd_blocks);
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(&freeze_gh))
|
2014-11-14 02:42:04 +00:00
|
|
|
gfs2_glock_dq_uninit(&freeze_gh);
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
gfs2_quota_cleanup(sdp);
|
|
|
|
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_put_super - Unmount the filesystem
|
|
|
|
* @sb: The VFS superblock
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void gfs2_put_super(struct super_block *sb)
|
|
|
|
{
|
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
|
|
|
int error;
|
|
|
|
struct gfs2_jdesc *jd;
|
|
|
|
|
|
|
|
/* No more recovery requests */
|
|
|
|
set_bit(SDF_NORECOVERY, &sdp->sd_flags);
|
|
|
|
smp_mb();
|
|
|
|
|
|
|
|
/* Wait on outstanding recovery */
|
|
|
|
restart:
|
|
|
|
spin_lock(&sdp->sd_jindex_spin);
|
|
|
|
list_for_each_entry(jd, &sdp->sd_jindex_list, jd_list) {
|
|
|
|
if (!test_bit(JDF_RECOVERY, &jd->jd_flags))
|
|
|
|
continue;
|
|
|
|
spin_unlock(&sdp->sd_jindex_spin);
|
|
|
|
wait_on_bit(&jd->jd_flags, JDF_RECOVERY,
|
sched: Remove proliferation of wait_on_bit() action functions
The current "wait_on_bit" interface requires an 'action'
function to be provided which does the actual waiting.
There are over 20 such functions, many of them identical.
Most cases can be satisfied by one of just two functions, one
which uses io_schedule() and one which just uses schedule().
So:
Rename wait_on_bit and wait_on_bit_lock to
wait_on_bit_action and wait_on_bit_lock_action
to make it explicit that they need an action function.
Introduce new wait_on_bit{,_lock} and wait_on_bit{,_lock}_io
which are *not* given an action function but implicitly use
a standard one.
The decision to error-out if a signal is pending is now made
based on the 'mode' argument rather than being encoded in the action
function.
All instances of the old wait_on_bit and wait_on_bit_lock which
can use the new version have been changed accordingly and their
action functions have been discarded.
wait_on_bit{_lock} does not return any specific error code in the
event of a signal so the caller must check for non-zero and
interpolate their own error code as appropriate.
The wait_on_bit() call in __fscache_wait_on_invalidate() was
ambiguous as it specified TASK_UNINTERRUPTIBLE but used
fscache_wait_bit_interruptible as an action function.
David Howells confirms this should be uniformly
"uninterruptible"
The main remaining user of wait_on_bit{,_lock}_action is NFS
which needs to use a freezer-aware schedule() call.
A comment in fs/gfs2/glock.c notes that having multiple 'action'
functions is useful as they display differently in the 'wchan'
field of 'ps'. (and /proc/$PID/wchan).
As the new bit_wait{,_io} functions are tagged "__sched", they
will not show up at all, but something higher in the stack. So
the distinction will still be visible, only with different
function names (gds2_glock_wait versus gfs2_glock_dq_wait in the
gfs2/glock.c case).
Since first version of this patch (against 3.15) two new action
functions appeared, on in NFS and one in CIFS. CIFS also now
uses an action function that makes the same freezer aware
schedule call as NFS.
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: David Howells <dhowells@redhat.com> (fscache, keys)
Acked-by: Steven Whitehouse <swhiteho@redhat.com> (gfs2)
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Steve French <sfrench@samba.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140707051603.28027.72349.stgit@notabene.brown
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-07-07 05:16:04 +00:00
|
|
|
TASK_UNINTERRUPTIBLE);
|
2009-05-22 09:36:01 +00:00
|
|
|
goto restart;
|
|
|
|
}
|
|
|
|
spin_unlock(&sdp->sd_jindex_spin);
|
|
|
|
|
2017-07-17 07:45:34 +00:00
|
|
|
if (!sb_rdonly(sb)) {
|
2009-05-22 09:36:01 +00:00
|
|
|
error = gfs2_make_fs_ro(sdp);
|
|
|
|
if (error)
|
|
|
|
gfs2_io_error(sdp);
|
|
|
|
}
|
|
|
|
/* At this point, we're through modifying the disk */
|
|
|
|
|
|
|
|
/* Release stuff */
|
|
|
|
|
|
|
|
iput(sdp->sd_jindex);
|
|
|
|
iput(sdp->sd_statfs_inode);
|
|
|
|
iput(sdp->sd_rindex);
|
|
|
|
iput(sdp->sd_quota_inode);
|
|
|
|
|
|
|
|
gfs2_glock_put(sdp->sd_rename_gl);
|
GFS2: remove transaction glock
GFS2 has a transaction glock, which must be grabbed for every
transaction, whose purpose is to deal with freezing the filesystem.
Aside from this involving a large amount of locking, it is very easy to
make the current fsfreeze code hang on unfreezing.
This patch rewrites how gfs2 handles freezing the filesystem. The
transaction glock is removed. In it's place is a freeze glock, which is
cached (but not held) in a shared state by every node in the cluster
when the filesystem is mounted. This lock only needs to be grabbed on
freezing, and actions which need to be safe from freezing, like
recovery.
When a node wants to freeze the filesystem, it grabs this glock
exclusively. When the freeze glock state changes on the nodes (either
from shared to unlocked, or shared to exclusive), the filesystem does a
special log flush. gfs2_log_flush() does all the work for flushing out
the and shutting down the incore log, and then it tries to grab the
freeze glock in a shared state again. Since the filesystem is stuck in
gfs2_log_flush, no new transaction can start, and nothing can be written
to disk. Unfreezing the filesytem simply involes dropping the freeze
glock, allowing gfs2_log_flush() to grab and then release the shared
lock, so it is cached for next time.
However, in order for the unfreezing ioctl to occur, gfs2 needs to get a
shared lock on the filesystem root directory inode to check permissions.
If that glock has already been grabbed exclusively, fsfreeze will be
unable to get the shared lock and unfreeze the filesystem.
In order to allow the unfreeze, this patch makes gfs2 grab a shared lock
on the filesystem root directory during the freeze, and hold it until it
unfreezes the filesystem. The functions which need to grab a shared
lock in order to allow the unfreeze ioctl to be issued now use the lock
grabbed by the freeze code instead.
The freeze and unfreeze code take care to make sure that this shared
lock will not be dropped while another process is using it.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2014-05-02 03:26:55 +00:00
|
|
|
gfs2_glock_put(sdp->sd_freeze_gl);
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
if (!sdp->sd_args.ar_spectator) {
|
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_journal_gh);
|
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_jinode_gh);
|
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_sc_gh);
|
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_qc_gh);
|
|
|
|
iput(sdp->sd_sc_inode);
|
|
|
|
iput(sdp->sd_qc_inode);
|
|
|
|
}
|
|
|
|
|
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_live_gh);
|
|
|
|
gfs2_clear_rgrpd(sdp);
|
|
|
|
gfs2_jindex_free(sdp);
|
|
|
|
/* Take apart glock structures and buffer lists */
|
|
|
|
gfs2_gl_hash_clear(sdp);
|
2017-07-28 12:22:55 +00:00
|
|
|
gfs2_delete_debugfs_file(sdp);
|
2009-05-22 09:36:01 +00:00
|
|
|
/* Unmount the locking protocol */
|
|
|
|
gfs2_lm_unmount(sdp);
|
|
|
|
|
|
|
|
/* At this point, we're through participating in the lockspace */
|
|
|
|
gfs2_sys_fs_del(sdp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_sync_fs - sync the filesystem
|
|
|
|
* @sb: the superblock
|
|
|
|
*
|
|
|
|
* Flushes the log to disk.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_sync_fs(struct super_block *sb, int wait)
|
|
|
|
{
|
2011-03-30 15:13:25 +00:00
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
2012-07-03 14:45:29 +00:00
|
|
|
|
|
|
|
gfs2_quota_sync(sb, -1);
|
GFS2: Withdraw for IO errors writing to the journal or statfs
Before this patch, if GFS2 encountered IO errors while writing to
the journal, it would not report the problem, so they would go
unnoticed, sometimes for many hours. Sometimes this would only be
noticed later, when recovery tried to do journal replay and failed
due to invalid metadata at the blocks that resulted in IO errors.
This patch makes GFS2's log daemon check for IO errors. If it
encounters one, it withdraws from the file system and reports
why in dmesg. A similar action is taken when IO errors occur when
writing to the system statfs file.
These errors are also reported back to any callers of fsync, since
that requires the journal to be flushed. Therefore, any IO errors
that would previously go unnoticed are now noticed and the file
system is withdrawn as early as possible, thus preventing further
file system damage.
Also note that this reintroduces superblock variable sd_log_error,
which Christoph removed with commit f729b66fca.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-16 16:30:06 +00:00
|
|
|
if (wait)
|
2018-01-16 23:01:33 +00:00
|
|
|
gfs2_log_flush(sdp, NULL, GFS2_LOG_HEAD_FLUSH_NORMAL);
|
GFS2: Withdraw for IO errors writing to the journal or statfs
Before this patch, if GFS2 encountered IO errors while writing to
the journal, it would not report the problem, so they would go
unnoticed, sometimes for many hours. Sometimes this would only be
noticed later, when recovery tried to do journal replay and failed
due to invalid metadata at the blocks that resulted in IO errors.
This patch makes GFS2's log daemon check for IO errors. If it
encounters one, it withdraws from the file system and reports
why in dmesg. A similar action is taken when IO errors occur when
writing to the system statfs file.
These errors are also reported back to any callers of fsync, since
that requires the journal to be flushed. Therefore, any IO errors
that would previously go unnoticed are now noticed and the file
system is withdrawn as early as possible, thus preventing further
file system damage.
Also note that this reintroduces superblock variable sd_log_error,
which Christoph removed with commit f729b66fca.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2017-08-16 16:30:06 +00:00
|
|
|
return sdp->sd_log_error;
|
2009-05-22 09:36:01 +00:00
|
|
|
}
|
|
|
|
|
2014-11-14 02:42:04 +00:00
|
|
|
void gfs2_freeze_func(struct work_struct *work)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct gfs2_holder freeze_gh;
|
|
|
|
struct gfs2_sbd *sdp = container_of(work, struct gfs2_sbd, sd_freeze_work);
|
|
|
|
struct super_block *sb = sdp->sd_vfs;
|
|
|
|
|
|
|
|
atomic_inc(&sb->s_active);
|
|
|
|
error = gfs2_glock_nq_init(sdp->sd_freeze_gl, LM_ST_SHARED, 0,
|
|
|
|
&freeze_gh);
|
|
|
|
if (error) {
|
|
|
|
printk(KERN_INFO "GFS2: couln't get freeze lock : %d\n", error);
|
|
|
|
gfs2_assert_withdraw(sdp, 0);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
atomic_set(&sdp->sd_freeze_state, SFS_UNFROZEN);
|
|
|
|
error = thaw_super(sb);
|
|
|
|
if (error) {
|
|
|
|
printk(KERN_INFO "GFS2: couldn't thaw filesystem: %d\n",
|
|
|
|
error);
|
|
|
|
gfs2_assert_withdraw(sdp, 0);
|
|
|
|
}
|
|
|
|
if (!test_bit(SDF_JOURNAL_LIVE, &sdp->sd_flags))
|
|
|
|
freeze_gh.gh_flags |= GL_NOCACHE;
|
|
|
|
gfs2_glock_dq_uninit(&freeze_gh);
|
|
|
|
}
|
|
|
|
deactivate_super(sb);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
/**
|
|
|
|
* gfs2_freeze - prevent further writes to the filesystem
|
|
|
|
* @sb: the VFS structure for the filesystem
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_freeze(struct super_block *sb)
|
|
|
|
{
|
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
2014-11-14 02:42:04 +00:00
|
|
|
int error = 0;
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2014-11-14 02:42:04 +00:00
|
|
|
mutex_lock(&sdp->sd_freeze_mutex);
|
|
|
|
if (atomic_read(&sdp->sd_freeze_state) != SFS_UNFROZEN)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (test_bit(SDF_SHUTDOWN, &sdp->sd_flags)) {
|
|
|
|
error = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
for (;;) {
|
2013-01-11 10:49:34 +00:00
|
|
|
error = gfs2_lock_fs_check_clean(sdp, &sdp->sd_freeze_gh);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (!error)
|
|
|
|
break;
|
|
|
|
|
|
|
|
switch (error) {
|
|
|
|
case -EBUSY:
|
|
|
|
fs_err(sdp, "waiting for recovery before freeze\n");
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
fs_err(sdp, "error freezing FS: %d\n", error);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
fs_err(sdp, "retrying...\n");
|
|
|
|
msleep(1000);
|
|
|
|
}
|
2014-11-14 02:42:04 +00:00
|
|
|
error = 0;
|
|
|
|
out:
|
|
|
|
mutex_unlock(&sdp->sd_freeze_mutex);
|
|
|
|
return error;
|
2009-05-22 09:36:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_unfreeze - reallow writes to the filesystem
|
|
|
|
* @sb: the VFS structure for the filesystem
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_unfreeze(struct super_block *sb)
|
|
|
|
{
|
2013-01-11 10:49:34 +00:00
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
|
|
|
|
2014-11-14 02:42:04 +00:00
|
|
|
mutex_lock(&sdp->sd_freeze_mutex);
|
|
|
|
if (atomic_read(&sdp->sd_freeze_state) != SFS_FROZEN ||
|
2016-06-17 12:31:27 +00:00
|
|
|
!gfs2_holder_initialized(&sdp->sd_freeze_gh)) {
|
2014-11-14 02:42:04 +00:00
|
|
|
mutex_unlock(&sdp->sd_freeze_mutex);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-01-11 10:49:34 +00:00
|
|
|
gfs2_glock_dq_uninit(&sdp->sd_freeze_gh);
|
2014-11-14 02:42:04 +00:00
|
|
|
mutex_unlock(&sdp->sd_freeze_mutex);
|
2009-05-22 09:36:01 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* statfs_fill - fill in the sg for a given RG
|
|
|
|
* @rgd: the RG
|
|
|
|
* @sc: the sc structure
|
|
|
|
*
|
|
|
|
* Returns: 0 on success, -ESTALE if the LVB is invalid
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int statfs_slow_fill(struct gfs2_rgrpd *rgd,
|
|
|
|
struct gfs2_statfs_change_host *sc)
|
|
|
|
{
|
|
|
|
gfs2_rgrp_verify(rgd);
|
|
|
|
sc->sc_total += rgd->rd_data;
|
|
|
|
sc->sc_free += rgd->rd_free;
|
|
|
|
sc->sc_dinodes += rgd->rd_dinodes;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_statfs_slow - Stat a filesystem using asynchronous locking
|
|
|
|
* @sdp: the filesystem
|
|
|
|
* @sc: the sc info that will be returned
|
|
|
|
*
|
|
|
|
* Any error (other than a signal) will cause this routine to fall back
|
|
|
|
* to the synchronous version.
|
|
|
|
*
|
|
|
|
* FIXME: This really shouldn't busy wait like this.
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_statfs_slow(struct gfs2_sbd *sdp, struct gfs2_statfs_change_host *sc)
|
|
|
|
{
|
|
|
|
struct gfs2_rgrpd *rgd_next;
|
|
|
|
struct gfs2_holder *gha, *gh;
|
|
|
|
unsigned int slots = 64;
|
|
|
|
unsigned int x;
|
|
|
|
int done;
|
|
|
|
int error = 0, err;
|
|
|
|
|
|
|
|
memset(sc, 0, sizeof(struct gfs2_statfs_change_host));
|
2016-06-17 12:31:27 +00:00
|
|
|
gha = kmalloc(slots * sizeof(struct gfs2_holder), GFP_KERNEL);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (!gha)
|
|
|
|
return -ENOMEM;
|
2016-06-17 12:31:27 +00:00
|
|
|
for (x = 0; x < slots; x++)
|
|
|
|
gfs2_holder_mark_uninitialized(gha + x);
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
rgd_next = gfs2_rgrpd_get_first(sdp);
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
done = 1;
|
|
|
|
|
|
|
|
for (x = 0; x < slots; x++) {
|
|
|
|
gh = gha + x;
|
|
|
|
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(gh) && gfs2_glock_poll(gh)) {
|
2009-05-22 09:36:01 +00:00
|
|
|
err = gfs2_glock_wait(gh);
|
|
|
|
if (err) {
|
|
|
|
gfs2_holder_uninit(gh);
|
|
|
|
error = err;
|
|
|
|
} else {
|
2017-06-30 12:55:08 +00:00
|
|
|
if (!error) {
|
|
|
|
struct gfs2_rgrpd *rgd =
|
|
|
|
gfs2_glock2rgrp(gh->gh_gl);
|
|
|
|
|
|
|
|
error = statfs_slow_fill(rgd, sc);
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
gfs2_glock_dq_uninit(gh);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(gh))
|
2009-05-22 09:36:01 +00:00
|
|
|
done = 0;
|
|
|
|
else if (rgd_next && !error) {
|
|
|
|
error = gfs2_glock_nq_init(rgd_next->rd_gl,
|
|
|
|
LM_ST_SHARED,
|
|
|
|
GL_ASYNC,
|
|
|
|
gh);
|
|
|
|
rgd_next = gfs2_rgrpd_get_next(rgd_next);
|
|
|
|
done = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (signal_pending(current))
|
|
|
|
error = -ERESTARTSYS;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (done)
|
|
|
|
break;
|
|
|
|
|
|
|
|
yield();
|
|
|
|
}
|
|
|
|
|
|
|
|
kfree(gha);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_statfs_i - Do a statfs
|
|
|
|
* @sdp: the filesystem
|
|
|
|
* @sg: the sg structure
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_statfs_i(struct gfs2_sbd *sdp, struct gfs2_statfs_change_host *sc)
|
|
|
|
{
|
|
|
|
struct gfs2_statfs_change_host *m_sc = &sdp->sd_statfs_master;
|
|
|
|
struct gfs2_statfs_change_host *l_sc = &sdp->sd_statfs_local;
|
|
|
|
|
|
|
|
spin_lock(&sdp->sd_statfs_spin);
|
|
|
|
|
|
|
|
*sc = *m_sc;
|
|
|
|
sc->sc_total += l_sc->sc_total;
|
|
|
|
sc->sc_free += l_sc->sc_free;
|
|
|
|
sc->sc_dinodes += l_sc->sc_dinodes;
|
|
|
|
|
|
|
|
spin_unlock(&sdp->sd_statfs_spin);
|
|
|
|
|
|
|
|
if (sc->sc_free < 0)
|
|
|
|
sc->sc_free = 0;
|
|
|
|
if (sc->sc_free > sc->sc_total)
|
|
|
|
sc->sc_free = sc->sc_total;
|
|
|
|
if (sc->sc_dinodes < 0)
|
|
|
|
sc->sc_dinodes = 0;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_statfs - Gather and return stats about the filesystem
|
|
|
|
* @sb: The superblock
|
|
|
|
* @statfsbuf: The buffer
|
|
|
|
*
|
|
|
|
* Returns: 0 on success or error code
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_statfs(struct dentry *dentry, struct kstatfs *buf)
|
|
|
|
{
|
2016-04-10 05:33:30 +00:00
|
|
|
struct super_block *sb = dentry->d_sb;
|
2009-05-22 09:36:01 +00:00
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
|
|
|
struct gfs2_statfs_change_host sc;
|
|
|
|
int error;
|
|
|
|
|
2011-08-31 15:38:29 +00:00
|
|
|
error = gfs2_rindex_update(sdp);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
if (gfs2_tune_get(sdp, gt_statfs_slow))
|
|
|
|
error = gfs2_statfs_slow(sdp, &sc);
|
|
|
|
else
|
|
|
|
error = gfs2_statfs_i(sdp, &sc);
|
|
|
|
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
buf->f_type = GFS2_MAGIC;
|
|
|
|
buf->f_bsize = sdp->sd_sb.sb_bsize;
|
|
|
|
buf->f_blocks = sc.sc_total;
|
|
|
|
buf->f_bfree = sc.sc_free;
|
|
|
|
buf->f_bavail = sc.sc_free;
|
|
|
|
buf->f_files = sc.sc_dinodes + sc.sc_free;
|
|
|
|
buf->f_ffree = sc.sc_free;
|
|
|
|
buf->f_namelen = GFS2_FNAMESIZE;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_remount_fs - called when the FS is remounted
|
|
|
|
* @sb: the filesystem
|
|
|
|
* @flags: the remount flags
|
|
|
|
* @data: extra data passed in (not used right now)
|
|
|
|
*
|
|
|
|
* Returns: errno
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int gfs2_remount_fs(struct super_block *sb, int *flags, char *data)
|
|
|
|
{
|
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
|
|
|
struct gfs2_args args = sdp->sd_args; /* Default to current settings */
|
|
|
|
struct gfs2_tune *gt = &sdp->sd_tune;
|
|
|
|
int error;
|
|
|
|
|
2014-03-13 14:14:33 +00:00
|
|
|
sync_filesystem(sb);
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
spin_lock(>->gt_spin);
|
GFS2: Various gfs2_logd improvements
This patch contains various tweaks to how log flushes and active item writeback
work. gfs2_logd is now managed by a waitqueue, and gfs2_log_reseve now waits
for gfs2_logd to do the log flushing. Multiple functions were rewritten to
remove the need to call gfs2_log_lock(). Instead of using one test to see if
gfs2_logd had work to do, there are now seperate tests to check if there
are two many buffers in the incore log or if there are two many items on the
active items list.
This patch is a port of a patch Steve Whitehouse wrote about a year ago, with
some minor changes. Since gfs2_ail1_start always submits all the active items,
it no longer needs to keep track of the first ai submitted, so this has been
removed. In gfs2_log_reserve(), the order of the calls to
prepare_to_wait_exclusive() and wake_up() when firing off the logd thread has
been switched. If it called wake_up first there was a small window for a race,
where logd could run and return before gfs2_log_reserve was ready to get woken
up. If gfs2_logd ran, but did not free up enough blocks, gfs2_log_reserve()
would be left waiting for gfs2_logd to eventualy run because it timed out.
Finally, gt_logd_secs, which controls how long to wait before gfs2_logd times
out, and flushes the log, can now be set on mount with ar_commit.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-05-04 19:29:16 +00:00
|
|
|
args.ar_commit = gt->gt_logd_secs;
|
2009-10-20 07:39:44 +00:00
|
|
|
args.ar_quota_quantum = gt->gt_quota_quantum;
|
|
|
|
if (gt->gt_statfs_slow)
|
|
|
|
args.ar_statfs_quantum = 0;
|
|
|
|
else
|
|
|
|
args.ar_statfs_quantum = gt->gt_statfs_quantum;
|
2009-05-22 09:36:01 +00:00
|
|
|
spin_unlock(>->gt_spin);
|
2009-09-28 09:30:49 +00:00
|
|
|
error = gfs2_mount_args(&args, data);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
/* Not allowed to change locking details */
|
|
|
|
if (strcmp(args.ar_lockproto, sdp->sd_args.ar_lockproto) ||
|
|
|
|
strcmp(args.ar_locktable, sdp->sd_args.ar_locktable) ||
|
|
|
|
strcmp(args.ar_hostdata, sdp->sd_args.ar_hostdata))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
/* Some flags must not be changed */
|
|
|
|
if (args_neq(&args, &sdp->sd_args, spectator) ||
|
|
|
|
args_neq(&args, &sdp->sd_args, localflocks) ||
|
|
|
|
args_neq(&args, &sdp->sd_args, meta))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (sdp->sd_args.ar_spectator)
|
2017-11-27 21:05:09 +00:00
|
|
|
*flags |= SB_RDONLY;
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2017-11-27 21:05:09 +00:00
|
|
|
if ((sb->s_flags ^ *flags) & SB_RDONLY) {
|
|
|
|
if (*flags & SB_RDONLY)
|
2009-05-22 09:36:01 +00:00
|
|
|
error = gfs2_make_fs_ro(sdp);
|
|
|
|
else
|
|
|
|
error = gfs2_make_fs_rw(sdp);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
sdp->sd_args = args;
|
|
|
|
if (sdp->sd_args.ar_posix_acl)
|
2017-11-27 21:05:09 +00:00
|
|
|
sb->s_flags |= SB_POSIXACL;
|
2009-05-22 09:36:01 +00:00
|
|
|
else
|
2017-11-27 21:05:09 +00:00
|
|
|
sb->s_flags &= ~SB_POSIXACL;
|
2009-10-30 07:03:27 +00:00
|
|
|
if (sdp->sd_args.ar_nobarrier)
|
|
|
|
set_bit(SDF_NOBARRIERS, &sdp->sd_flags);
|
|
|
|
else
|
|
|
|
clear_bit(SDF_NOBARRIERS, &sdp->sd_flags);
|
2009-05-22 09:36:01 +00:00
|
|
|
spin_lock(>->gt_spin);
|
GFS2: Various gfs2_logd improvements
This patch contains various tweaks to how log flushes and active item writeback
work. gfs2_logd is now managed by a waitqueue, and gfs2_log_reseve now waits
for gfs2_logd to do the log flushing. Multiple functions were rewritten to
remove the need to call gfs2_log_lock(). Instead of using one test to see if
gfs2_logd had work to do, there are now seperate tests to check if there
are two many buffers in the incore log or if there are two many items on the
active items list.
This patch is a port of a patch Steve Whitehouse wrote about a year ago, with
some minor changes. Since gfs2_ail1_start always submits all the active items,
it no longer needs to keep track of the first ai submitted, so this has been
removed. In gfs2_log_reserve(), the order of the calls to
prepare_to_wait_exclusive() and wake_up() when firing off the logd thread has
been switched. If it called wake_up first there was a small window for a race,
where logd could run and return before gfs2_log_reserve was ready to get woken
up. If gfs2_logd ran, but did not free up enough blocks, gfs2_log_reserve()
would be left waiting for gfs2_logd to eventualy run because it timed out.
Finally, gt_logd_secs, which controls how long to wait before gfs2_logd times
out, and flushes the log, can now be set on mount with ar_commit.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-05-04 19:29:16 +00:00
|
|
|
gt->gt_logd_secs = args.ar_commit;
|
2009-10-20 07:39:44 +00:00
|
|
|
gt->gt_quota_quantum = args.ar_quota_quantum;
|
|
|
|
if (args.ar_statfs_quantum) {
|
|
|
|
gt->gt_statfs_slow = 0;
|
|
|
|
gt->gt_statfs_quantum = args.ar_statfs_quantum;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
gt->gt_statfs_slow = 1;
|
|
|
|
gt->gt_statfs_quantum = 30;
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
spin_unlock(>->gt_spin);
|
|
|
|
|
2009-07-31 10:07:29 +00:00
|
|
|
gfs2_online_uevent(sdp);
|
2009-05-22 09:36:01 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_drop_inode - Drop an inode (test for remote unlink)
|
|
|
|
* @inode: The inode to drop
|
|
|
|
*
|
2017-08-01 14:54:33 +00:00
|
|
|
* If we've received a callback on an iopen lock then it's because a
|
2009-05-22 09:36:01 +00:00
|
|
|
* remote node tried to deallocate the inode but failed due to this node
|
|
|
|
* still having the inode open. Here we mark the link count zero
|
|
|
|
* since we know that it must have reached zero if the GLF_DEMOTE flag
|
|
|
|
* is set on the iopen glock. If we didn't do a disk read since the
|
|
|
|
* remote node removed the final link then we might otherwise miss
|
|
|
|
* this event. This check ensures that this node will deallocate the
|
|
|
|
* inode's blocks, or alternatively pass the baton on to another
|
|
|
|
* node for later deallocation.
|
|
|
|
*/
|
|
|
|
|
2010-06-07 17:43:19 +00:00
|
|
|
static int gfs2_drop_inode(struct inode *inode)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
|
|
|
struct gfs2_inode *ip = GFS2_I(inode);
|
|
|
|
|
2016-06-17 12:31:27 +00:00
|
|
|
if (!test_bit(GIF_FREE_VFS_INODE, &ip->i_flags) &&
|
|
|
|
inode->i_nlink &&
|
|
|
|
gfs2_holder_initialized(&ip->i_iopen_gh)) {
|
2009-05-22 09:36:01 +00:00
|
|
|
struct gfs2_glock *gl = ip->i_iopen_gh.gh_gl;
|
2016-06-17 12:31:27 +00:00
|
|
|
if (test_bit(GLF_DEMOTE, &gl->gl_flags))
|
2009-05-22 09:36:01 +00:00
|
|
|
clear_nlink(inode);
|
|
|
|
}
|
2017-08-01 16:49:42 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* When under memory pressure when an inode's link count has dropped to
|
|
|
|
* zero, defer deleting the inode to the delete workqueue. This avoids
|
|
|
|
* calling into DLM under memory pressure, which can deadlock.
|
|
|
|
*/
|
|
|
|
if (!inode->i_nlink &&
|
|
|
|
unlikely(current->flags & PF_MEMALLOC) &&
|
|
|
|
gfs2_holder_initialized(&ip->i_iopen_gh)) {
|
|
|
|
struct gfs2_glock *gl = ip->i_iopen_gh.gh_gl;
|
|
|
|
|
|
|
|
gfs2_glock_hold(gl);
|
|
|
|
if (queue_work(gfs2_delete_workqueue, &gl->gl_delete) == 0)
|
|
|
|
gfs2_glock_queue_put(gl);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2010-06-07 17:43:19 +00:00
|
|
|
return generic_drop_inode(inode);
|
2009-05-22 09:36:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int is_ancestor(const struct dentry *d1, const struct dentry *d2)
|
|
|
|
{
|
|
|
|
do {
|
|
|
|
if (d1 == d2)
|
|
|
|
return 1;
|
|
|
|
d1 = d1->d_parent;
|
|
|
|
} while (!IS_ROOT(d1));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* gfs2_show_options - Show mount options for /proc/mounts
|
|
|
|
* @s: seq_file structure
|
2011-12-09 02:32:45 +00:00
|
|
|
* @root: root of this (sub)tree
|
2009-05-22 09:36:01 +00:00
|
|
|
*
|
|
|
|
* Returns: 0 on success or error code
|
|
|
|
*/
|
|
|
|
|
2011-12-09 02:32:45 +00:00
|
|
|
static int gfs2_show_options(struct seq_file *s, struct dentry *root)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
2011-12-09 02:32:45 +00:00
|
|
|
struct gfs2_sbd *sdp = root->d_sb->s_fs_info;
|
2009-05-22 09:36:01 +00:00
|
|
|
struct gfs2_args *args = &sdp->sd_args;
|
2009-10-20 07:39:44 +00:00
|
|
|
int val;
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2011-12-09 02:32:45 +00:00
|
|
|
if (is_ancestor(root, sdp->sd_master_dir))
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",meta");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_lockproto[0])
|
fs: create and use seq_show_option for escaping
Many file systems that implement the show_options hook fail to correctly
escape their output which could lead to unescaped characters (e.g. new
lines) leaking into /proc/mounts and /proc/[pid]/mountinfo files. This
could lead to confusion, spoofed entries (resulting in things like
systemd issuing false d-bus "mount" notifications), and who knows what
else. This looks like it would only be the root user stepping on
themselves, but it's possible weird things could happen in containers or
in other situations with delegated mount privileges.
Here's an example using overlay with setuid fusermount trusting the
contents of /proc/mounts (via the /etc/mtab symlink). Imagine the use
of "sudo" is something more sneaky:
$ BASE="ovl"
$ MNT="$BASE/mnt"
$ LOW="$BASE/lower"
$ UP="$BASE/upper"
$ WORK="$BASE/work/ 0 0
none /proc fuse.pwn user_id=1000"
$ mkdir -p "$LOW" "$UP" "$WORK"
$ sudo mount -t overlay -o "lowerdir=$LOW,upperdir=$UP,workdir=$WORK" none /mnt
$ cat /proc/mounts
none /root/ovl/mnt overlay rw,relatime,lowerdir=ovl/lower,upperdir=ovl/upper,workdir=ovl/work/ 0 0
none /proc fuse.pwn user_id=1000 0 0
$ fusermount -u /proc
$ cat /proc/mounts
cat: /proc/mounts: No such file or directory
This fixes the problem by adding new seq_show_option and
seq_show_option_n helpers, and updating the vulnerable show_option
handlers to use them as needed. Some, like SELinux, need to be open
coded due to unusual existing escape mechanisms.
[akpm@linux-foundation.org: add lost chunk, per Kees]
[keescook@chromium.org: seq_show_option should be using const parameters]
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Jan Kara <jack@suse.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: J. R. Okajima <hooanon05g@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-09-04 22:44:57 +00:00
|
|
|
seq_show_option(s, "lockproto", args->ar_lockproto);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_locktable[0])
|
fs: create and use seq_show_option for escaping
Many file systems that implement the show_options hook fail to correctly
escape their output which could lead to unescaped characters (e.g. new
lines) leaking into /proc/mounts and /proc/[pid]/mountinfo files. This
could lead to confusion, spoofed entries (resulting in things like
systemd issuing false d-bus "mount" notifications), and who knows what
else. This looks like it would only be the root user stepping on
themselves, but it's possible weird things could happen in containers or
in other situations with delegated mount privileges.
Here's an example using overlay with setuid fusermount trusting the
contents of /proc/mounts (via the /etc/mtab symlink). Imagine the use
of "sudo" is something more sneaky:
$ BASE="ovl"
$ MNT="$BASE/mnt"
$ LOW="$BASE/lower"
$ UP="$BASE/upper"
$ WORK="$BASE/work/ 0 0
none /proc fuse.pwn user_id=1000"
$ mkdir -p "$LOW" "$UP" "$WORK"
$ sudo mount -t overlay -o "lowerdir=$LOW,upperdir=$UP,workdir=$WORK" none /mnt
$ cat /proc/mounts
none /root/ovl/mnt overlay rw,relatime,lowerdir=ovl/lower,upperdir=ovl/upper,workdir=ovl/work/ 0 0
none /proc fuse.pwn user_id=1000 0 0
$ fusermount -u /proc
$ cat /proc/mounts
cat: /proc/mounts: No such file or directory
This fixes the problem by adding new seq_show_option and
seq_show_option_n helpers, and updating the vulnerable show_option
handlers to use them as needed. Some, like SELinux, need to be open
coded due to unusual existing escape mechanisms.
[akpm@linux-foundation.org: add lost chunk, per Kees]
[keescook@chromium.org: seq_show_option should be using const parameters]
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Jan Kara <jack@suse.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: J. R. Okajima <hooanon05g@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-09-04 22:44:57 +00:00
|
|
|
seq_show_option(s, "locktable", args->ar_locktable);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_hostdata[0])
|
fs: create and use seq_show_option for escaping
Many file systems that implement the show_options hook fail to correctly
escape their output which could lead to unescaped characters (e.g. new
lines) leaking into /proc/mounts and /proc/[pid]/mountinfo files. This
could lead to confusion, spoofed entries (resulting in things like
systemd issuing false d-bus "mount" notifications), and who knows what
else. This looks like it would only be the root user stepping on
themselves, but it's possible weird things could happen in containers or
in other situations with delegated mount privileges.
Here's an example using overlay with setuid fusermount trusting the
contents of /proc/mounts (via the /etc/mtab symlink). Imagine the use
of "sudo" is something more sneaky:
$ BASE="ovl"
$ MNT="$BASE/mnt"
$ LOW="$BASE/lower"
$ UP="$BASE/upper"
$ WORK="$BASE/work/ 0 0
none /proc fuse.pwn user_id=1000"
$ mkdir -p "$LOW" "$UP" "$WORK"
$ sudo mount -t overlay -o "lowerdir=$LOW,upperdir=$UP,workdir=$WORK" none /mnt
$ cat /proc/mounts
none /root/ovl/mnt overlay rw,relatime,lowerdir=ovl/lower,upperdir=ovl/upper,workdir=ovl/work/ 0 0
none /proc fuse.pwn user_id=1000 0 0
$ fusermount -u /proc
$ cat /proc/mounts
cat: /proc/mounts: No such file or directory
This fixes the problem by adding new seq_show_option and
seq_show_option_n helpers, and updating the vulnerable show_option
handlers to use them as needed. Some, like SELinux, need to be open
coded due to unusual existing escape mechanisms.
[akpm@linux-foundation.org: add lost chunk, per Kees]
[keescook@chromium.org: seq_show_option should be using const parameters]
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Jan Kara <jack@suse.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: J. R. Okajima <hooanon05g@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-09-04 22:44:57 +00:00
|
|
|
seq_show_option(s, "hostdata", args->ar_hostdata);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_spectator)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",spectator");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_localflocks)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",localflocks");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_debug)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",debug");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_posix_acl)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",acl");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_quota != GFS2_QUOTA_DEFAULT) {
|
|
|
|
char *state;
|
|
|
|
switch (args->ar_quota) {
|
|
|
|
case GFS2_QUOTA_OFF:
|
|
|
|
state = "off";
|
|
|
|
break;
|
|
|
|
case GFS2_QUOTA_ACCOUNT:
|
|
|
|
state = "account";
|
|
|
|
break;
|
|
|
|
case GFS2_QUOTA_ON:
|
|
|
|
state = "on";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
state = "unknown";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
seq_printf(s, ",quota=%s", state);
|
|
|
|
}
|
|
|
|
if (args->ar_suiddir)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",suiddir");
|
2009-05-22 09:36:01 +00:00
|
|
|
if (args->ar_data != GFS2_DATA_DEFAULT) {
|
|
|
|
char *state;
|
|
|
|
switch (args->ar_data) {
|
|
|
|
case GFS2_DATA_WRITEBACK:
|
|
|
|
state = "writeback";
|
|
|
|
break;
|
|
|
|
case GFS2_DATA_ORDERED:
|
|
|
|
state = "ordered";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
state = "unknown";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
seq_printf(s, ",data=%s", state);
|
|
|
|
}
|
|
|
|
if (args->ar_discard)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",discard");
|
GFS2: Various gfs2_logd improvements
This patch contains various tweaks to how log flushes and active item writeback
work. gfs2_logd is now managed by a waitqueue, and gfs2_log_reseve now waits
for gfs2_logd to do the log flushing. Multiple functions were rewritten to
remove the need to call gfs2_log_lock(). Instead of using one test to see if
gfs2_logd had work to do, there are now seperate tests to check if there
are two many buffers in the incore log or if there are two many items on the
active items list.
This patch is a port of a patch Steve Whitehouse wrote about a year ago, with
some minor changes. Since gfs2_ail1_start always submits all the active items,
it no longer needs to keep track of the first ai submitted, so this has been
removed. In gfs2_log_reserve(), the order of the calls to
prepare_to_wait_exclusive() and wake_up() when firing off the logd thread has
been switched. If it called wake_up first there was a small window for a race,
where logd could run and return before gfs2_log_reserve was ready to get woken
up. If gfs2_logd ran, but did not free up enough blocks, gfs2_log_reserve()
would be left waiting for gfs2_logd to eventualy run because it timed out.
Finally, gt_logd_secs, which controls how long to wait before gfs2_logd times
out, and flushes the log, can now be set on mount with ar_commit.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-05-04 19:29:16 +00:00
|
|
|
val = sdp->sd_tune.gt_logd_secs;
|
|
|
|
if (val != 30)
|
2009-10-20 07:39:44 +00:00
|
|
|
seq_printf(s, ",commit=%d", val);
|
|
|
|
val = sdp->sd_tune.gt_statfs_quantum;
|
|
|
|
if (val != 30)
|
|
|
|
seq_printf(s, ",statfs_quantum=%d", val);
|
2012-08-20 16:07:49 +00:00
|
|
|
else if (sdp->sd_tune.gt_statfs_slow)
|
|
|
|
seq_puts(s, ",statfs_quantum=0");
|
2009-10-20 07:39:44 +00:00
|
|
|
val = sdp->sd_tune.gt_quota_quantum;
|
|
|
|
if (val != 60)
|
|
|
|
seq_printf(s, ",quota_quantum=%d", val);
|
|
|
|
if (args->ar_statfs_percent)
|
|
|
|
seq_printf(s, ",statfs_percent=%d", args->ar_statfs_percent);
|
2009-08-24 09:44:18 +00:00
|
|
|
if (args->ar_errors != GFS2_ERRORS_DEFAULT) {
|
|
|
|
const char *state;
|
|
|
|
|
|
|
|
switch (args->ar_errors) {
|
|
|
|
case GFS2_ERRORS_WITHDRAW:
|
|
|
|
state = "withdraw";
|
|
|
|
break;
|
|
|
|
case GFS2_ERRORS_PANIC:
|
|
|
|
state = "panic";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
state = "unknown";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
seq_printf(s, ",errors=%s", state);
|
|
|
|
}
|
2009-10-30 10:48:53 +00:00
|
|
|
if (test_bit(SDF_NOBARRIERS, &sdp->sd_flags))
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",nobarrier");
|
2010-05-06 10:03:29 +00:00
|
|
|
if (test_bit(SDF_DEMOTE, &sdp->sd_flags))
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",demote_interface_used");
|
GFS2: Use lvbs for storing rgrp information with mount option
Instead of reading in the resource groups when gfs2 is checking
for free space to allocate from, gfs2 can store the necessary infromation
in the resource group's lvb. Also, instead of searching for unlinked
inodes in every resource group that's checked for free space, gfs2 can
store the number of unlinked but inodes in the lvb, and only check for
unlinked inodes if it will find some.
The first time a resource group is locked, the lvb must initialized.
Since this involves counting the unlinked inodes in the resource group,
this takes a little extra time. But after that, if the resource group
is locked with GL_SKIP, the buffer head won't be read in unless it's
actually needed.
Enabling the resource groups lvbs is done via the rgrplvb mount option. If
this option isn't set, the lvbs will still be set and updated, but they won't
be verfied or used by the filesystem. To safely turn on this option, all of
the nodes mounting the filesystem must be running code with this patch, and
the filesystem must have been completely unmounted since they were updated.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2012-05-30 04:01:09 +00:00
|
|
|
if (args->ar_rgrplvb)
|
2014-07-02 20:08:46 +00:00
|
|
|
seq_puts(s, ",rgrplvb");
|
gfs2: change gfs2 readdir cookie
gfs2 currently returns 31 bits of filename hash as a cookie that readdir
uses for an offset into the directory. When there are a large number of
directory entries, the likelihood of a collision goes up way too
quickly. GFS2 will now return cookies that are guaranteed unique for a
while, and then fail back to using 30 bits of filename hash.
Specifically, the directory leaf blocks are divided up into chunks based
on the minimum size of a gfs2 directory entry (48 bytes). Each entry's
cookie is based off the chunk where it starts, in the linked list of
leaf blocks that it hashes to (there are 131072 hash buckets). Directory
entries will have unique names until they take reach chunk 8192.
Assuming the largest filenames possible, and the least efficient spacing
possible, this new method will still be able to return unique names when
the previous method has statistically more than a 99% chance of a
collision. The non-unique names it fails back to are guaranteed to not
collide with the unique names.
unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "0"
- 13 bits for the offset
non-unique cookies will be in this format:
- 1 bit "0" to make sure the the returned cookie is positive
- 17 bits for the hash table index
- 1 bit for the mode "1"
- 13 more bits of the name hash
Another benefit of location based cookies, is that once a directory's
exhash table is fully extended (so that multiple hash table indexs do
not use the same leaf blocks), gfs2 can skip sorting the directory
entries until it reaches the non-unique ones, and then it only needs to
sort these. This provides a significant speed up for directory reads of
very large directories.
The only issue is that for these cookies to continue to point to the
correct entry as files are added and removed from the directory, gfs2
must keep the entries at the same offset in the leaf block when they are
split (see my previous patch). This means that until all the nodes in a
cluster are running with code that will split the directory leaf blocks
this way, none of the nodes can use the new cookie code. To deal with
this, gfs2 now has the mount option loccookie, which, if set, will make
it return these new location based cookies. This option must not be set
until all nodes in the cluster are at least running this version of the
kernel code, and you have guaranteed that there are no outstanding
cookies required by other software, such as NFS.
gfs2 uses some of the extra space at the end of the gfs2_dirent
structure to store the calculated readdir cookies. This keeps us from
needing to allocate a seperate array to hold these values. gfs2
recomputes the cookie stored in de_cookie for every readdir call. The
time it takes to do so is small, and if gfs2 expected this value to be
saved on disk, the new code wouldn't work correctly on filesystems
created with an earlier version of gfs2.
One issue with adding de_cookie to the union in the gfs2_dirent
structure is that it caused the union to align itself to a 4 byte
boundary, instead of its previous 2 byte boundary. This changed the
offset of de_rahead. To solve that, I pulled de_rahead out of the union,
since it does not need to be there.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
2015-12-01 14:46:55 +00:00
|
|
|
if (args->ar_loccookie)
|
|
|
|
seq_puts(s, ",loccookie");
|
2009-05-22 09:36:01 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-04-14 15:50:31 +00:00
|
|
|
static void gfs2_final_release_pages(struct gfs2_inode *ip)
|
|
|
|
{
|
|
|
|
struct inode *inode = &ip->i_inode;
|
|
|
|
struct gfs2_glock *gl = ip->i_gl;
|
|
|
|
|
|
|
|
truncate_inode_pages(gfs2_glock2aspace(ip->i_gl), 0);
|
|
|
|
truncate_inode_pages(&inode->i_data, 0);
|
|
|
|
|
|
|
|
if (atomic_read(&gl->gl_revokes) == 0) {
|
|
|
|
clear_bit(GLF_LFLUSH, &gl->gl_flags);
|
|
|
|
clear_bit(GLF_DIRTY, &gl->gl_flags);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int gfs2_dinode_dealloc(struct gfs2_inode *ip)
|
|
|
|
{
|
|
|
|
struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
|
|
|
|
struct gfs2_rgrpd *rgd;
|
2011-11-21 18:36:17 +00:00
|
|
|
struct gfs2_holder gh;
|
2011-04-14 15:50:31 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if (gfs2_get_inode_blocks(&ip->i_inode) != 1) {
|
2011-05-09 12:36:10 +00:00
|
|
|
gfs2_consist_inode(ip);
|
2011-04-14 15:50:31 +00:00
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2012-07-19 12:12:40 +00:00
|
|
|
error = gfs2_rindex_update(sdp);
|
|
|
|
if (error)
|
|
|
|
return error;
|
2011-04-14 15:50:31 +00:00
|
|
|
|
2013-02-01 01:49:26 +00:00
|
|
|
error = gfs2_quota_hold(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
|
2011-04-14 15:50:31 +00:00
|
|
|
if (error)
|
2012-05-18 13:28:23 +00:00
|
|
|
return error;
|
2011-04-14 15:50:31 +00:00
|
|
|
|
2012-02-08 12:58:32 +00:00
|
|
|
rgd = gfs2_blk2rgrpd(sdp, ip->i_no_addr, 1);
|
2011-04-14 15:50:31 +00:00
|
|
|
if (!rgd) {
|
|
|
|
gfs2_consist_inode(ip);
|
|
|
|
error = -EIO;
|
2011-08-31 15:38:29 +00:00
|
|
|
goto out_qs;
|
2011-04-14 15:50:31 +00:00
|
|
|
}
|
|
|
|
|
2011-11-21 18:36:17 +00:00
|
|
|
error = gfs2_glock_nq_init(rgd->rd_gl, LM_ST_EXCLUSIVE, 0, &gh);
|
2011-04-14 15:50:31 +00:00
|
|
|
if (error)
|
2011-08-31 15:38:29 +00:00
|
|
|
goto out_qs;
|
2011-04-14 15:50:31 +00:00
|
|
|
|
2011-04-18 13:18:09 +00:00
|
|
|
error = gfs2_trans_begin(sdp, RES_RG_BIT + RES_STATFS + RES_QUOTA,
|
|
|
|
sdp->sd_jdesc->jd_blocks);
|
2011-04-14 15:50:31 +00:00
|
|
|
if (error)
|
|
|
|
goto out_rg_gunlock;
|
|
|
|
|
|
|
|
gfs2_free_di(rgd, ip);
|
|
|
|
|
|
|
|
gfs2_final_release_pages(ip);
|
|
|
|
|
|
|
|
gfs2_trans_end(sdp);
|
|
|
|
|
|
|
|
out_rg_gunlock:
|
2011-11-21 18:36:17 +00:00
|
|
|
gfs2_glock_dq_uninit(&gh);
|
2011-04-14 15:50:31 +00:00
|
|
|
out_qs:
|
|
|
|
gfs2_quota_unhold(ip);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2017-08-01 16:45:23 +00:00
|
|
|
/**
|
|
|
|
* gfs2_glock_put_eventually
|
|
|
|
* @gl: The glock to put
|
|
|
|
*
|
|
|
|
* When under memory pressure, trigger a deferred glock put to make sure we
|
|
|
|
* won't call into DLM and deadlock. Otherwise, put the glock directly.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void gfs2_glock_put_eventually(struct gfs2_glock *gl)
|
|
|
|
{
|
|
|
|
if (current->flags & PF_MEMALLOC)
|
|
|
|
gfs2_glock_queue_put(gl);
|
|
|
|
else
|
|
|
|
gfs2_glock_put(gl);
|
|
|
|
}
|
|
|
|
|
2011-07-14 07:59:44 +00:00
|
|
|
/**
|
|
|
|
* gfs2_evict_inode - Remove an inode from cache
|
|
|
|
* @inode: The inode to evict
|
|
|
|
*
|
|
|
|
* There are three cases to consider:
|
|
|
|
* 1. i_nlink == 0, we are final opener (and must deallocate)
|
|
|
|
* 2. i_nlink == 0, we are not the final opener (and cannot deallocate)
|
|
|
|
* 3. i_nlink > 0
|
|
|
|
*
|
|
|
|
* If the fs is read only, then we have to treat all cases as per #3
|
|
|
|
* since we are unable to do any deallocation. The inode will be
|
|
|
|
* deallocated by the next read/write node to attempt an allocation
|
|
|
|
* in the same resource group
|
|
|
|
*
|
2009-05-22 09:36:01 +00:00
|
|
|
* We have to (at the moment) hold the inodes main lock to cover
|
|
|
|
* the gap between unlocking the shared lock on the iopen lock and
|
|
|
|
* taking the exclusive lock. I'd rather do a shared -> exclusive
|
|
|
|
* conversion on the iopen lock, but we can change that later. This
|
|
|
|
* is safe, just less efficient.
|
|
|
|
*/
|
|
|
|
|
2010-06-07 15:05:19 +00:00
|
|
|
static void gfs2_evict_inode(struct inode *inode)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
2011-03-30 13:17:51 +00:00
|
|
|
struct super_block *sb = inode->i_sb;
|
|
|
|
struct gfs2_sbd *sdp = sb->s_fs_info;
|
2009-05-22 09:36:01 +00:00
|
|
|
struct gfs2_inode *ip = GFS2_I(inode);
|
|
|
|
struct gfs2_holder gh;
|
2015-12-07 21:13:28 +00:00
|
|
|
struct address_space *metamapping;
|
2009-05-22 09:36:01 +00:00
|
|
|
int error;
|
|
|
|
|
2014-03-31 15:33:17 +00:00
|
|
|
if (test_bit(GIF_FREE_VFS_INODE, &ip->i_flags)) {
|
|
|
|
clear_inode(inode);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-07-17 07:45:34 +00:00
|
|
|
if (inode->i_nlink || sb_rdonly(sb))
|
2010-06-07 15:05:19 +00:00
|
|
|
goto out;
|
|
|
|
|
2017-06-30 13:16:46 +00:00
|
|
|
if (test_bit(GIF_ALLOC_FAILED, &ip->i_flags)) {
|
|
|
|
BUG_ON(!gfs2_glock_is_locked_by_me(ip->i_gl));
|
|
|
|
gfs2_holder_mark_uninitialized(&gh);
|
|
|
|
goto alloc_failed;
|
|
|
|
}
|
|
|
|
|
2017-08-01 16:49:42 +00:00
|
|
|
/* Deletes should never happen under memory pressure anymore. */
|
|
|
|
if (WARN_ON_ONCE(current->flags & PF_MEMALLOC))
|
|
|
|
goto out;
|
|
|
|
|
2011-03-17 20:19:58 +00:00
|
|
|
/* Must not read inode block until block type has been verified */
|
|
|
|
error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, GL_SKIP, &gh);
|
2009-05-22 09:36:01 +00:00
|
|
|
if (unlikely(error)) {
|
2017-07-18 17:36:01 +00:00
|
|
|
glock_clear_object(ip->i_iopen_gh.gh_gl, ip);
|
2013-05-29 15:51:52 +00:00
|
|
|
ip->i_iopen_gh.gh_flags |= GL_NOCACHE;
|
2017-02-22 19:05:09 +00:00
|
|
|
gfs2_glock_dq_uninit(&ip->i_iopen_gh);
|
2009-05-22 09:36:01 +00:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2017-06-30 13:16:46 +00:00
|
|
|
error = gfs2_check_blk_type(sdp, ip->i_no_addr, GFS2_BLKST_UNLINKED);
|
|
|
|
if (error)
|
|
|
|
goto out_truncate;
|
2009-09-08 17:00:30 +00:00
|
|
|
|
2011-03-17 20:19:58 +00:00
|
|
|
if (test_bit(GIF_INVALID, &ip->i_flags)) {
|
|
|
|
error = gfs2_inode_refresh(ip);
|
|
|
|
if (error)
|
|
|
|
goto out_truncate;
|
|
|
|
}
|
|
|
|
|
2017-08-01 16:45:23 +00:00
|
|
|
/*
|
|
|
|
* The inode may have been recreated in the meantime.
|
|
|
|
*/
|
|
|
|
if (inode->i_nlink)
|
|
|
|
goto out_truncate;
|
|
|
|
|
2017-06-30 13:16:46 +00:00
|
|
|
alloc_failed:
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(&ip->i_iopen_gh) &&
|
2015-12-18 17:54:55 +00:00
|
|
|
test_bit(HIF_HOLDER, &ip->i_iopen_gh.gh_iflags)) {
|
|
|
|
ip->i_iopen_gh.gh_flags |= GL_NOCACHE;
|
|
|
|
gfs2_glock_dq_wait(&ip->i_iopen_gh);
|
|
|
|
gfs2_holder_reinit(LM_ST_EXCLUSIVE, LM_FLAG_TRY_1CB | GL_NOCACHE,
|
|
|
|
&ip->i_iopen_gh);
|
|
|
|
error = gfs2_glock_nq(&ip->i_iopen_gh);
|
|
|
|
if (error)
|
|
|
|
goto out_truncate;
|
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
|
2011-07-14 07:59:44 +00:00
|
|
|
/* Case 1 starts here */
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
if (S_ISDIR(inode->i_mode) &&
|
|
|
|
(ip->i_diskflags & GFS2_DIF_EXHASH)) {
|
|
|
|
error = gfs2_dir_exhash_dealloc(ip);
|
|
|
|
if (error)
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ip->i_eattr) {
|
|
|
|
error = gfs2_ea_dealloc(ip);
|
|
|
|
if (error)
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!gfs2_is_stuffed(ip)) {
|
|
|
|
error = gfs2_file_dealloc(ip);
|
|
|
|
if (error)
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
2017-07-18 17:36:01 +00:00
|
|
|
/* We're about to clear the bitmap for the dinode, but as soon as we
|
|
|
|
do, gfs2_create_inode can create another inode at the same block
|
|
|
|
location and try to set gl_object again. We clear gl_object here so
|
|
|
|
that subsequent inode creates don't see an old gl_object. */
|
|
|
|
glock_clear_object(ip->i_gl, ip);
|
2009-05-22 09:36:01 +00:00
|
|
|
error = gfs2_dinode_dealloc(ip);
|
2011-04-14 15:50:31 +00:00
|
|
|
goto out_unlock;
|
2009-05-22 09:36:01 +00:00
|
|
|
|
|
|
|
out_truncate:
|
2018-01-16 23:01:33 +00:00
|
|
|
gfs2_log_flush(sdp, ip->i_gl, GFS2_LOG_HEAD_FLUSH_NORMAL);
|
2015-12-07 21:13:28 +00:00
|
|
|
metamapping = gfs2_glock2aspace(ip->i_gl);
|
2012-09-20 14:52:58 +00:00
|
|
|
if (test_bit(GLF_DIRTY, &ip->i_gl->gl_flags)) {
|
|
|
|
filemap_fdatawrite(metamapping);
|
|
|
|
filemap_fdatawait(metamapping);
|
|
|
|
}
|
2011-08-02 12:17:27 +00:00
|
|
|
write_inode_now(inode, 1);
|
2011-09-07 09:33:25 +00:00
|
|
|
gfs2_ail_flush(ip->i_gl, 0);
|
2011-08-02 12:17:27 +00:00
|
|
|
|
2011-07-14 07:59:44 +00:00
|
|
|
/* Case 2 starts here */
|
2009-05-22 09:36:01 +00:00
|
|
|
error = gfs2_trans_begin(sdp, 0, sdp->sd_jdesc->jd_blocks);
|
|
|
|
if (error)
|
|
|
|
goto out_unlock;
|
2011-07-14 07:59:44 +00:00
|
|
|
/* Needs to be done before glock release & also in a transaction */
|
|
|
|
truncate_inode_pages(&inode->i_data, 0);
|
2015-12-07 21:13:28 +00:00
|
|
|
truncate_inode_pages(metamapping, 0);
|
2009-05-22 09:36:01 +00:00
|
|
|
gfs2_trans_end(sdp);
|
|
|
|
|
|
|
|
out_unlock:
|
2011-07-14 07:59:44 +00:00
|
|
|
/* Error path for case 1 */
|
2015-07-16 13:28:04 +00:00
|
|
|
if (gfs2_rs_active(&ip->i_res))
|
|
|
|
gfs2_rs_deltree(&ip->i_res);
|
2012-07-19 12:12:40 +00:00
|
|
|
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(&ip->i_iopen_gh)) {
|
2017-07-18 17:36:01 +00:00
|
|
|
glock_clear_object(ip->i_iopen_gh.gh_gl, ip);
|
2015-12-18 17:54:55 +00:00
|
|
|
if (test_bit(HIF_HOLDER, &ip->i_iopen_gh.gh_iflags)) {
|
|
|
|
ip->i_iopen_gh.gh_flags |= GL_NOCACHE;
|
2017-02-22 19:05:09 +00:00
|
|
|
gfs2_glock_dq(&ip->i_iopen_gh);
|
2015-12-18 17:54:55 +00:00
|
|
|
}
|
|
|
|
gfs2_holder_uninit(&ip->i_iopen_gh);
|
2013-05-29 15:51:52 +00:00
|
|
|
}
|
2017-07-18 17:36:01 +00:00
|
|
|
if (gfs2_holder_initialized(&gh)) {
|
|
|
|
glock_clear_object(ip->i_gl, ip);
|
2017-06-30 13:16:46 +00:00
|
|
|
gfs2_glock_dq_uninit(&gh);
|
2017-07-18 17:36:01 +00:00
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
if (error && error != GLR_TRYFAILED && error != -EROFS)
|
2010-06-07 15:05:19 +00:00
|
|
|
fs_warn(sdp, "gfs2_evict_inode: %d\n", error);
|
2009-05-22 09:36:01 +00:00
|
|
|
out:
|
2011-07-14 07:59:44 +00:00
|
|
|
/* Case 3 starts here */
|
2014-04-03 21:47:49 +00:00
|
|
|
truncate_inode_pages_final(&inode->i_data);
|
2015-10-26 15:40:28 +00:00
|
|
|
gfs2_rsqa_delete(ip, NULL);
|
2013-01-28 09:30:07 +00:00
|
|
|
gfs2_ordered_del_inode(ip);
|
2012-05-03 12:48:02 +00:00
|
|
|
clear_inode(inode);
|
2011-06-15 09:29:37 +00:00
|
|
|
gfs2_dir_hash_inval(ip);
|
2017-07-18 16:35:04 +00:00
|
|
|
glock_clear_object(ip->i_gl, ip);
|
2017-06-30 12:47:15 +00:00
|
|
|
wait_on_bit_io(&ip->i_flags, GIF_GLOP_PENDING, TASK_UNINTERRUPTIBLE);
|
2011-03-30 15:33:25 +00:00
|
|
|
gfs2_glock_add_to_lru(ip->i_gl);
|
2017-08-01 16:45:23 +00:00
|
|
|
gfs2_glock_put_eventually(ip->i_gl);
|
2010-06-07 15:05:19 +00:00
|
|
|
ip->i_gl = NULL;
|
2016-06-17 12:31:27 +00:00
|
|
|
if (gfs2_holder_initialized(&ip->i_iopen_gh)) {
|
2017-08-01 16:45:23 +00:00
|
|
|
struct gfs2_glock *gl = ip->i_iopen_gh.gh_gl;
|
|
|
|
|
|
|
|
glock_clear_object(gl, ip);
|
2013-05-29 15:51:52 +00:00
|
|
|
ip->i_iopen_gh.gh_flags |= GL_NOCACHE;
|
2017-08-01 16:45:23 +00:00
|
|
|
gfs2_glock_hold(gl);
|
2017-02-22 19:05:09 +00:00
|
|
|
gfs2_glock_dq_uninit(&ip->i_iopen_gh);
|
2017-08-01 16:45:23 +00:00
|
|
|
gfs2_glock_put_eventually(gl);
|
2010-06-07 15:05:19 +00:00
|
|
|
}
|
2009-05-22 09:36:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct inode *gfs2_alloc_inode(struct super_block *sb)
|
|
|
|
{
|
|
|
|
struct gfs2_inode *ip;
|
|
|
|
|
|
|
|
ip = kmem_cache_alloc(gfs2_inode_cachep, GFP_KERNEL);
|
|
|
|
if (ip) {
|
|
|
|
ip->i_flags = 0;
|
|
|
|
ip->i_gl = NULL;
|
2011-09-01 12:31:59 +00:00
|
|
|
ip->i_rgd = NULL;
|
2015-07-16 13:28:04 +00:00
|
|
|
memset(&ip->i_res, 0, sizeof(ip->i_res));
|
|
|
|
RB_CLEAR_NODE(&ip->i_res.rs_node);
|
2015-11-11 21:00:35 +00:00
|
|
|
ip->i_rahead = 0;
|
2009-05-22 09:36:01 +00:00
|
|
|
}
|
|
|
|
return &ip->i_inode;
|
|
|
|
}
|
|
|
|
|
2011-01-07 06:49:49 +00:00
|
|
|
static void gfs2_i_callback(struct rcu_head *head)
|
2009-05-22 09:36:01 +00:00
|
|
|
{
|
2011-01-07 06:49:49 +00:00
|
|
|
struct inode *inode = container_of(head, struct inode, i_rcu);
|
2009-05-22 09:36:01 +00:00
|
|
|
kmem_cache_free(gfs2_inode_cachep, inode);
|
|
|
|
}
|
|
|
|
|
2011-01-07 06:49:49 +00:00
|
|
|
static void gfs2_destroy_inode(struct inode *inode)
|
|
|
|
{
|
|
|
|
call_rcu(&inode->i_rcu, gfs2_i_callback);
|
|
|
|
}
|
|
|
|
|
2009-05-22 09:36:01 +00:00
|
|
|
const struct super_operations gfs2_super_ops = {
|
|
|
|
.alloc_inode = gfs2_alloc_inode,
|
|
|
|
.destroy_inode = gfs2_destroy_inode,
|
|
|
|
.write_inode = gfs2_write_inode,
|
2011-08-15 13:20:36 +00:00
|
|
|
.dirty_inode = gfs2_dirty_inode,
|
2010-06-07 15:05:19 +00:00
|
|
|
.evict_inode = gfs2_evict_inode,
|
2009-05-22 09:36:01 +00:00
|
|
|
.put_super = gfs2_put_super,
|
|
|
|
.sync_fs = gfs2_sync_fs,
|
2014-11-14 02:42:04 +00:00
|
|
|
.freeze_super = gfs2_freeze,
|
|
|
|
.thaw_super = gfs2_unfreeze,
|
2009-05-22 09:36:01 +00:00
|
|
|
.statfs = gfs2_statfs,
|
|
|
|
.remount_fs = gfs2_remount_fs,
|
|
|
|
.drop_inode = gfs2_drop_inode,
|
|
|
|
.show_options = gfs2_show_options,
|
|
|
|
};
|
|
|
|
|