1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
4 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
5 */
6
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8
9 #include <linux/spinlock.h>
10 #include <linux/completion.h>
11 #include <linux/buffer_head.h>
12 #include <linux/crc32.h>
13 #include <linux/gfs2_ondisk.h>
14 #include <linux/delay.h>
15 #include <linux/uaccess.h>
16
17 #include "gfs2.h"
18 #include "incore.h"
19 #include "glock.h"
20 #include "glops.h"
21 #include "log.h"
22 #include "lops.h"
23 #include "recovery.h"
24 #include "rgrp.h"
25 #include "super.h"
26 #include "util.h"
27
28 struct kmem_cache *gfs2_glock_cachep __read_mostly;
29 struct kmem_cache *gfs2_glock_aspace_cachep __read_mostly;
30 struct kmem_cache *gfs2_inode_cachep __read_mostly;
31 struct kmem_cache *gfs2_bufdata_cachep __read_mostly;
32 struct kmem_cache *gfs2_rgrpd_cachep __read_mostly;
33 struct kmem_cache *gfs2_quotad_cachep __read_mostly;
34 struct kmem_cache *gfs2_qadata_cachep __read_mostly;
35 struct kmem_cache *gfs2_trans_cachep __read_mostly;
36 mempool_t *gfs2_page_pool __read_mostly;
37
gfs2_assert_i(struct gfs2_sbd * sdp)38 void gfs2_assert_i(struct gfs2_sbd *sdp)
39 {
40 fs_emerg(sdp, "fatal assertion failed\n");
41 }
42
43 /**
44 * check_journal_clean - Make sure a journal is clean for a spectator mount
45 * @sdp: The GFS2 superblock
46 * @jd: The journal descriptor
47 *
48 * Returns: 0 if the journal is clean or locked, else an error
49 */
check_journal_clean(struct gfs2_sbd * sdp,struct gfs2_jdesc * jd,bool verbose)50 int check_journal_clean(struct gfs2_sbd *sdp, struct gfs2_jdesc *jd,
51 bool verbose)
52 {
53 int error;
54 struct gfs2_holder j_gh;
55 struct gfs2_log_header_host head;
56 struct gfs2_inode *ip;
57
58 ip = GFS2_I(jd->jd_inode);
59 error = gfs2_glock_nq_init(ip->i_gl, LM_ST_SHARED, LM_FLAG_NOEXP |
60 GL_EXACT | GL_NOCACHE, &j_gh);
61 if (error) {
62 if (verbose)
63 fs_err(sdp, "Error %d locking journal for spectator "
64 "mount.\n", error);
65 return -EPERM;
66 }
67 error = gfs2_jdesc_check(jd);
68 if (error) {
69 if (verbose)
70 fs_err(sdp, "Error checking journal for spectator "
71 "mount.\n");
72 goto out_unlock;
73 }
74 error = gfs2_find_jhead(jd, &head, false);
75 if (error) {
76 if (verbose)
77 fs_err(sdp, "Error parsing journal for spectator "
78 "mount.\n");
79 goto out_unlock;
80 }
81 if (!(head.lh_flags & GFS2_LOG_HEAD_UNMOUNT)) {
82 error = -EPERM;
83 if (verbose)
84 fs_err(sdp, "jid=%u: Journal is dirty, so the first "
85 "mounter must not be a spectator.\n",
86 jd->jd_jid);
87 }
88
89 out_unlock:
90 gfs2_glock_dq_uninit(&j_gh);
91 return error;
92 }
93
signal_our_withdraw(struct gfs2_sbd * sdp)94 static void signal_our_withdraw(struct gfs2_sbd *sdp)
95 {
96 struct gfs2_glock *gl = sdp->sd_live_gh.gh_gl;
97 struct inode *inode = sdp->sd_jdesc->jd_inode;
98 struct gfs2_inode *ip = GFS2_I(inode);
99 u64 no_formal_ino = ip->i_no_formal_ino;
100 int ret = 0;
101 int tries;
102
103 if (test_bit(SDF_NORECOVERY, &sdp->sd_flags))
104 return;
105
106 /* Prevent any glock dq until withdraw recovery is complete */
107 set_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags);
108 /*
109 * Don't tell dlm we're bailing until we have no more buffers in the
110 * wind. If journal had an IO error, the log code should just purge
111 * the outstanding buffers rather than submitting new IO. Making the
112 * file system read-only will flush the journal, etc.
113 *
114 * During a normal unmount, gfs2_make_fs_ro calls gfs2_log_shutdown
115 * which clears SDF_JOURNAL_LIVE. In a withdraw, we must not write
116 * any UNMOUNT log header, so we can't call gfs2_log_shutdown, and
117 * therefore we need to clear SDF_JOURNAL_LIVE manually.
118 */
119 clear_bit(SDF_JOURNAL_LIVE, &sdp->sd_flags);
120 if (!sb_rdonly(sdp->sd_vfs))
121 ret = gfs2_make_fs_ro(sdp);
122
123 if (sdp->sd_lockstruct.ls_ops->lm_lock == NULL) { /* lock_nolock */
124 if (!ret)
125 ret = -EIO;
126 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags);
127 goto skip_recovery;
128 }
129 /*
130 * Drop the glock for our journal so another node can recover it.
131 */
132 if (gfs2_holder_initialized(&sdp->sd_journal_gh)) {
133 gfs2_glock_dq_wait(&sdp->sd_journal_gh);
134 gfs2_holder_uninit(&sdp->sd_journal_gh);
135 }
136 sdp->sd_jinode_gh.gh_flags |= GL_NOCACHE;
137 gfs2_glock_dq(&sdp->sd_jinode_gh);
138 if (test_bit(SDF_FS_FROZEN, &sdp->sd_flags)) {
139 /* Make sure gfs2_unfreeze works if partially-frozen */
140 flush_workqueue(gfs2_freeze_wq);
141 atomic_set(&sdp->sd_freeze_state, SFS_FROZEN);
142 thaw_super(sdp->sd_vfs);
143 } else {
144 wait_on_bit(&gl->gl_flags, GLF_DEMOTE, TASK_UNINTERRUPTIBLE);
145 }
146
147 /*
148 * holder_uninit to force glock_put, to force dlm to let go
149 */
150 gfs2_holder_uninit(&sdp->sd_jinode_gh);
151
152 /*
153 * Note: We need to be careful here:
154 * Our iput of jd_inode will evict it. The evict will dequeue its
155 * glock, but the glock dq will wait for the withdraw unless we have
156 * exception code in glock_dq.
157 */
158 iput(inode);
159 /*
160 * Wait until the journal inode's glock is freed. This allows try locks
161 * on other nodes to be successful, otherwise we remain the owner of
162 * the glock as far as dlm is concerned.
163 */
164 if (gl->gl_ops->go_free) {
165 set_bit(GLF_FREEING, &gl->gl_flags);
166 wait_on_bit(&gl->gl_flags, GLF_FREEING, TASK_UNINTERRUPTIBLE);
167 }
168
169 /*
170 * Dequeue the "live" glock, but keep a reference so it's never freed.
171 */
172 gfs2_glock_hold(gl);
173 gfs2_glock_dq_wait(&sdp->sd_live_gh);
174 /*
175 * We enqueue the "live" glock in EX so that all other nodes
176 * get a demote request and act on it. We don't really want the
177 * lock in EX, so we send a "try" lock with 1CB to produce a callback.
178 */
179 fs_warn(sdp, "Requesting recovery of jid %d.\n",
180 sdp->sd_lockstruct.ls_jid);
181 gfs2_holder_reinit(LM_ST_EXCLUSIVE, LM_FLAG_TRY_1CB | LM_FLAG_NOEXP,
182 &sdp->sd_live_gh);
183 msleep(GL_GLOCK_MAX_HOLD);
184 /*
185 * This will likely fail in a cluster, but succeed standalone:
186 */
187 ret = gfs2_glock_nq(&sdp->sd_live_gh);
188
189 /*
190 * If we actually got the "live" lock in EX mode, there are no other
191 * nodes available to replay our journal. So we try to replay it
192 * ourselves. We hold the "live" glock to prevent other mounters
193 * during recovery, then just dequeue it and reacquire it in our
194 * normal SH mode. Just in case the problem that caused us to
195 * withdraw prevents us from recovering our journal (e.g. io errors
196 * and such) we still check if the journal is clean before proceeding
197 * but we may wait forever until another mounter does the recovery.
198 */
199 if (ret == 0) {
200 fs_warn(sdp, "No other mounters found. Trying to recover our "
201 "own journal jid %d.\n", sdp->sd_lockstruct.ls_jid);
202 if (gfs2_recover_journal(sdp->sd_jdesc, 1))
203 fs_warn(sdp, "Unable to recover our journal jid %d.\n",
204 sdp->sd_lockstruct.ls_jid);
205 gfs2_glock_dq_wait(&sdp->sd_live_gh);
206 gfs2_holder_reinit(LM_ST_SHARED, LM_FLAG_NOEXP | GL_EXACT,
207 &sdp->sd_live_gh);
208 gfs2_glock_nq(&sdp->sd_live_gh);
209 }
210
211 gfs2_glock_queue_put(gl); /* drop the extra reference we acquired */
212 clear_bit(SDF_WITHDRAW_RECOVERY, &sdp->sd_flags);
213
214 /*
215 * At this point our journal is evicted, so we need to get a new inode
216 * for it. Once done, we need to call gfs2_find_jhead which
217 * calls gfs2_map_journal_extents to map it for us again.
218 *
219 * Note that we don't really want it to look up a FREE block. The
220 * GFS2_BLKST_FREE simply overrides a block check in gfs2_inode_lookup
221 * which would otherwise fail because it requires grabbing an rgrp
222 * glock, which would fail with -EIO because we're withdrawing.
223 */
224 inode = gfs2_inode_lookup(sdp->sd_vfs, DT_UNKNOWN,
225 sdp->sd_jdesc->jd_no_addr, no_formal_ino,
226 GFS2_BLKST_FREE);
227 if (IS_ERR(inode)) {
228 fs_warn(sdp, "Reprocessing of jid %d failed with %ld.\n",
229 sdp->sd_lockstruct.ls_jid, PTR_ERR(inode));
230 goto skip_recovery;
231 }
232 sdp->sd_jdesc->jd_inode = inode;
233
234 /*
235 * Now wait until recovery is complete.
236 */
237 for (tries = 0; tries < 10; tries++) {
238 ret = check_journal_clean(sdp, sdp->sd_jdesc, false);
239 if (!ret)
240 break;
241 msleep(HZ);
242 fs_warn(sdp, "Waiting for journal recovery jid %d.\n",
243 sdp->sd_lockstruct.ls_jid);
244 }
245 skip_recovery:
246 if (!ret)
247 fs_warn(sdp, "Journal recovery complete for jid %d.\n",
248 sdp->sd_lockstruct.ls_jid);
249 else
250 fs_warn(sdp, "Journal recovery skipped for %d until next "
251 "mount.\n", sdp->sd_lockstruct.ls_jid);
252 fs_warn(sdp, "Glock dequeues delayed: %lu\n", sdp->sd_glock_dqs_held);
253 sdp->sd_glock_dqs_held = 0;
254 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_RECOVERY);
255 }
256
gfs2_lm(struct gfs2_sbd * sdp,const char * fmt,...)257 void gfs2_lm(struct gfs2_sbd *sdp, const char *fmt, ...)
258 {
259 struct va_format vaf;
260 va_list args;
261
262 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW &&
263 test_bit(SDF_WITHDRAWN, &sdp->sd_flags))
264 return;
265
266 va_start(args, fmt);
267 vaf.fmt = fmt;
268 vaf.va = &args;
269 fs_err(sdp, "%pV", &vaf);
270 va_end(args);
271 }
272
gfs2_withdraw(struct gfs2_sbd * sdp)273 int gfs2_withdraw(struct gfs2_sbd *sdp)
274 {
275 struct lm_lockstruct *ls = &sdp->sd_lockstruct;
276 const struct lm_lockops *lm = ls->ls_ops;
277
278 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW &&
279 test_and_set_bit(SDF_WITHDRAWN, &sdp->sd_flags)) {
280 if (!test_bit(SDF_WITHDRAW_IN_PROG, &sdp->sd_flags))
281 return -1;
282
283 wait_on_bit(&sdp->sd_flags, SDF_WITHDRAW_IN_PROG,
284 TASK_UNINTERRUPTIBLE);
285 return -1;
286 }
287
288 set_bit(SDF_WITHDRAW_IN_PROG, &sdp->sd_flags);
289
290 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW) {
291 fs_err(sdp, "about to withdraw this file system\n");
292 BUG_ON(sdp->sd_args.ar_debug);
293
294 signal_our_withdraw(sdp);
295
296 kobject_uevent(&sdp->sd_kobj, KOBJ_OFFLINE);
297
298 if (!strcmp(sdp->sd_lockstruct.ls_ops->lm_proto_name, "lock_dlm"))
299 wait_for_completion(&sdp->sd_wdack);
300
301 if (lm->lm_unmount) {
302 fs_err(sdp, "telling LM to unmount\n");
303 lm->lm_unmount(sdp);
304 }
305 set_bit(SDF_SKIP_DLM_UNLOCK, &sdp->sd_flags);
306 fs_err(sdp, "File system withdrawn\n");
307 dump_stack();
308 clear_bit(SDF_WITHDRAW_IN_PROG, &sdp->sd_flags);
309 smp_mb__after_atomic();
310 wake_up_bit(&sdp->sd_flags, SDF_WITHDRAW_IN_PROG);
311 }
312
313 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC)
314 panic("GFS2: fsid=%s: panic requested\n", sdp->sd_fsname);
315
316 return -1;
317 }
318
319 /**
320 * gfs2_assert_withdraw_i - Cause the machine to withdraw if @assertion is false
321 */
322
gfs2_assert_withdraw_i(struct gfs2_sbd * sdp,char * assertion,const char * function,char * file,unsigned int line,bool delayed)323 void gfs2_assert_withdraw_i(struct gfs2_sbd *sdp, char *assertion,
324 const char *function, char *file, unsigned int line,
325 bool delayed)
326 {
327 if (gfs2_withdrawn(sdp))
328 return;
329
330 fs_err(sdp,
331 "fatal: assertion \"%s\" failed\n"
332 " function = %s, file = %s, line = %u\n",
333 assertion, function, file, line);
334
335 /*
336 * If errors=panic was specified on mount, it won't help to delay the
337 * withdraw.
338 */
339 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC)
340 delayed = false;
341
342 if (delayed)
343 gfs2_withdraw_delayed(sdp);
344 else
345 gfs2_withdraw(sdp);
346 dump_stack();
347 }
348
349 /**
350 * gfs2_assert_warn_i - Print a message to the console if @assertion is false
351 */
352
gfs2_assert_warn_i(struct gfs2_sbd * sdp,char * assertion,const char * function,char * file,unsigned int line)353 void gfs2_assert_warn_i(struct gfs2_sbd *sdp, char *assertion,
354 const char *function, char *file, unsigned int line)
355 {
356 if (time_before(jiffies,
357 sdp->sd_last_warning +
358 gfs2_tune_get(sdp, gt_complain_secs) * HZ))
359 return;
360
361 if (sdp->sd_args.ar_errors == GFS2_ERRORS_WITHDRAW)
362 fs_warn(sdp, "warning: assertion \"%s\" failed at function = %s, file = %s, line = %u\n",
363 assertion, function, file, line);
364
365 if (sdp->sd_args.ar_debug)
366 BUG();
367 else
368 dump_stack();
369
370 if (sdp->sd_args.ar_errors == GFS2_ERRORS_PANIC)
371 panic("GFS2: fsid=%s: warning: assertion \"%s\" failed\n"
372 "GFS2: fsid=%s: function = %s, file = %s, line = %u\n",
373 sdp->sd_fsname, assertion,
374 sdp->sd_fsname, function, file, line);
375
376 sdp->sd_last_warning = jiffies;
377 }
378
379 /**
380 * gfs2_consist_i - Flag a filesystem consistency error and withdraw
381 */
382
gfs2_consist_i(struct gfs2_sbd * sdp,const char * function,char * file,unsigned int line)383 void gfs2_consist_i(struct gfs2_sbd *sdp, const char *function,
384 char *file, unsigned int line)
385 {
386 gfs2_lm(sdp,
387 "fatal: filesystem consistency error - function = %s, file = %s, line = %u\n",
388 function, file, line);
389 gfs2_withdraw(sdp);
390 }
391
392 /**
393 * gfs2_consist_inode_i - Flag an inode consistency error and withdraw
394 */
395
gfs2_consist_inode_i(struct gfs2_inode * ip,const char * function,char * file,unsigned int line)396 void gfs2_consist_inode_i(struct gfs2_inode *ip,
397 const char *function, char *file, unsigned int line)
398 {
399 struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
400
401 gfs2_lm(sdp,
402 "fatal: filesystem consistency error\n"
403 " inode = %llu %llu\n"
404 " function = %s, file = %s, line = %u\n",
405 (unsigned long long)ip->i_no_formal_ino,
406 (unsigned long long)ip->i_no_addr,
407 function, file, line);
408 gfs2_withdraw(sdp);
409 }
410
411 /**
412 * gfs2_consist_rgrpd_i - Flag a RG consistency error and withdraw
413 */
414
gfs2_consist_rgrpd_i(struct gfs2_rgrpd * rgd,const char * function,char * file,unsigned int line)415 void gfs2_consist_rgrpd_i(struct gfs2_rgrpd *rgd,
416 const char *function, char *file, unsigned int line)
417 {
418 struct gfs2_sbd *sdp = rgd->rd_sbd;
419 char fs_id_buf[sizeof(sdp->sd_fsname) + 7];
420
421 sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname);
422 gfs2_rgrp_dump(NULL, rgd, fs_id_buf);
423 gfs2_lm(sdp,
424 "fatal: filesystem consistency error\n"
425 " RG = %llu\n"
426 " function = %s, file = %s, line = %u\n",
427 (unsigned long long)rgd->rd_addr,
428 function, file, line);
429 gfs2_withdraw(sdp);
430 }
431
432 /**
433 * gfs2_meta_check_ii - Flag a magic number consistency error and withdraw
434 * Returns: -1 if this call withdrew the machine,
435 * -2 if it was already withdrawn
436 */
437
gfs2_meta_check_ii(struct gfs2_sbd * sdp,struct buffer_head * bh,const char * type,const char * function,char * file,unsigned int line)438 int gfs2_meta_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh,
439 const char *type, const char *function, char *file,
440 unsigned int line)
441 {
442 int me;
443
444 gfs2_lm(sdp,
445 "fatal: invalid metadata block\n"
446 " bh = %llu (%s)\n"
447 " function = %s, file = %s, line = %u\n",
448 (unsigned long long)bh->b_blocknr, type,
449 function, file, line);
450 me = gfs2_withdraw(sdp);
451 return (me) ? -1 : -2;
452 }
453
454 /**
455 * gfs2_metatype_check_ii - Flag a metadata type consistency error and withdraw
456 * Returns: -1 if this call withdrew the machine,
457 * -2 if it was already withdrawn
458 */
459
gfs2_metatype_check_ii(struct gfs2_sbd * sdp,struct buffer_head * bh,u16 type,u16 t,const char * function,char * file,unsigned int line)460 int gfs2_metatype_check_ii(struct gfs2_sbd *sdp, struct buffer_head *bh,
461 u16 type, u16 t, const char *function,
462 char *file, unsigned int line)
463 {
464 int me;
465
466 gfs2_lm(sdp,
467 "fatal: invalid metadata block\n"
468 " bh = %llu (type: exp=%u, found=%u)\n"
469 " function = %s, file = %s, line = %u\n",
470 (unsigned long long)bh->b_blocknr, type, t,
471 function, file, line);
472 me = gfs2_withdraw(sdp);
473 return (me) ? -1 : -2;
474 }
475
476 /**
477 * gfs2_io_error_i - Flag an I/O error and withdraw
478 * Returns: -1 if this call withdrew the machine,
479 * 0 if it was already withdrawn
480 */
481
gfs2_io_error_i(struct gfs2_sbd * sdp,const char * function,char * file,unsigned int line)482 int gfs2_io_error_i(struct gfs2_sbd *sdp, const char *function, char *file,
483 unsigned int line)
484 {
485 gfs2_lm(sdp,
486 "fatal: I/O error\n"
487 " function = %s, file = %s, line = %u\n",
488 function, file, line);
489 return gfs2_withdraw(sdp);
490 }
491
492 /**
493 * gfs2_io_error_bh_i - Flag a buffer I/O error
494 * @withdraw: withdraw the filesystem
495 */
496
gfs2_io_error_bh_i(struct gfs2_sbd * sdp,struct buffer_head * bh,const char * function,char * file,unsigned int line,bool withdraw)497 void gfs2_io_error_bh_i(struct gfs2_sbd *sdp, struct buffer_head *bh,
498 const char *function, char *file, unsigned int line,
499 bool withdraw)
500 {
501 if (gfs2_withdrawn(sdp))
502 return;
503
504 fs_err(sdp, "fatal: I/O error\n"
505 " block = %llu\n"
506 " function = %s, file = %s, line = %u\n",
507 (unsigned long long)bh->b_blocknr, function, file, line);
508 if (withdraw)
509 gfs2_withdraw(sdp);
510 }
511
512