2  * linux/fs/jbd2/recovery.c
 
   4  * Written by Stephen C. Tweedie <sct@redhat.com>, 1999
 
   6  * Copyright 1999-2000 Red Hat Software --- All Rights Reserved
 
   8  * This file is part of the Linux kernel and is made available under
 
   9  * the terms of the GNU General Public License, version 2, or at your
 
  10  * option, any later version, incorporated herein by reference.
 
  12  * Journal recovery routines for the generic filesystem journaling code;
 
  13  * part of the ext2fs journaling system.
 
  19 #include <linux/time.h>
 
  21 #include <linux/jbd2.h>
 
  22 #include <linux/errno.h>
 
  23 #include <linux/slab.h>
 
  24 #include <linux/crc32.h>
 
  28  * Maintain information about the progress of the recovery job, so that
 
  29  * the different passes can carry information between them.
 
  33         tid_t           start_transaction;
 
  34         tid_t           end_transaction;
 
  41 enum passtype {PASS_SCAN, PASS_REVOKE, PASS_REPLAY};
 
  42 static int do_one_pass(journal_t *journal,
 
  43                                 struct recovery_info *info, enum passtype pass);
 
  44 static int scan_revoke_records(journal_t *, struct buffer_head *,
 
  45                                 tid_t, struct recovery_info *);
 
  49 /* Release readahead buffers after use */
 
  50 static void journal_brelse_array(struct buffer_head *b[], int n)
 
  58  * When reading from the journal, we are going through the block device
 
  59  * layer directly and so there is no readahead being done for us.  We
 
  60  * need to implement any readahead ourselves if we want it to happen at
 
  61  * all.  Recovery is basically one long sequential read, so make sure we
 
  62  * do the IO in reasonably large chunks.
 
  64  * This is not so critical that we need to be enormously clever about
 
  65  * the readahead size, though.  128K is a purely arbitrary, good-enough
 
  70 static int do_readahead(journal_t *journal, unsigned int start)
 
  73         unsigned int max, nbufs, next;
 
  74         unsigned long long blocknr;
 
  75         struct buffer_head *bh;
 
  77         struct buffer_head * bufs[MAXBUF];
 
  79         /* Do up to 128K of readahead */
 
  80         max = start + (128 * 1024 / journal->j_blocksize);
 
  81         if (max > journal->j_maxlen)
 
  82                 max = journal->j_maxlen;
 
  84         /* Do the readahead itself.  We'll submit MAXBUF buffer_heads at
 
  85          * a time to the block device IO layer. */
 
  89         for (next = start; next < max; next++) {
 
  90                 err = jbd2_journal_bmap(journal, next, &blocknr);
 
  93                         printk (KERN_ERR "JBD: bad block at offset %u\n",
 
  98                 bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
 
 104                 if (!buffer_uptodate(bh) && !buffer_locked(bh)) {
 
 106                         if (nbufs == MAXBUF) {
 
 107                                 ll_rw_block(READ, nbufs, bufs);
 
 108                                 journal_brelse_array(bufs, nbufs);
 
 116                 ll_rw_block(READ, nbufs, bufs);
 
 121                 journal_brelse_array(bufs, nbufs);
 
 125 #endif /* __KERNEL__ */
 
 129  * Read a block from the journal
 
 132 static int jread(struct buffer_head **bhp, journal_t *journal,
 
 136         unsigned long long blocknr;
 
 137         struct buffer_head *bh;
 
 141         if (offset >= journal->j_maxlen) {
 
 142                 printk(KERN_ERR "JBD: corrupted journal superblock\n");
 
 146         err = jbd2_journal_bmap(journal, offset, &blocknr);
 
 149                 printk (KERN_ERR "JBD: bad block at offset %u\n",
 
 154         bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
 
 158         if (!buffer_uptodate(bh)) {
 
 159                 /* If this is a brand new buffer, start readahead.
 
 160                    Otherwise, we assume we are already reading it.  */
 
 162                         do_readahead(journal, offset);
 
 166         if (!buffer_uptodate(bh)) {
 
 167                 printk (KERN_ERR "JBD: Failed to read block at offset %u\n",
 
 179  * Count the number of in-use tags in a journal descriptor block.
 
 182 static int count_tags(journal_t *journal, struct buffer_head *bh)
 
 185         journal_block_tag_t *   tag;
 
 186         int                     nr = 0, size = journal->j_blocksize;
 
 187         int                     tag_bytes = journal_tag_bytes(journal);
 
 189         tagp = &bh->b_data[sizeof(journal_header_t)];
 
 191         while ((tagp - bh->b_data + tag_bytes) <= size) {
 
 192                 tag = (journal_block_tag_t *) tagp;
 
 196                 if (!(tag->t_flags & cpu_to_be32(JBD2_FLAG_SAME_UUID)))
 
 199                 if (tag->t_flags & cpu_to_be32(JBD2_FLAG_LAST_TAG))
 
 207 /* Make sure we wrap around the log correctly! */
 
 208 #define wrap(journal, var)                                              \
 
 210         if (var >= (journal)->j_last)                                   \
 
 211                 var -= ((journal)->j_last - (journal)->j_first);        \
 
 215  * jbd2_journal_recover - recovers a on-disk journal
 
 216  * @journal: the journal to recover
 
 218  * The primary function for recovering the log contents when mounting a
 
 221  * Recovery is done in three passes.  In the first pass, we look for the
 
 222  * end of the log.  In the second, we assemble the list of revoke
 
 223  * blocks.  In the third and final pass, we replay any un-revoked blocks
 
 226 int jbd2_journal_recover(journal_t *journal)
 
 229         journal_superblock_t *  sb;
 
 231         struct recovery_info    info;
 
 233         memset(&info, 0, sizeof(info));
 
 234         sb = journal->j_superblock;
 
 237          * The journal superblock's s_start field (the current log head)
 
 238          * is always zero if, and only if, the journal was cleanly
 
 243                 jbd_debug(1, "No recovery required, last transaction %d\n",
 
 244                           be32_to_cpu(sb->s_sequence));
 
 245                 journal->j_transaction_sequence = be32_to_cpu(sb->s_sequence) + 1;
 
 249         err = do_one_pass(journal, &info, PASS_SCAN);
 
 251                 err = do_one_pass(journal, &info, PASS_REVOKE);
 
 253                 err = do_one_pass(journal, &info, PASS_REPLAY);
 
 255         jbd_debug(1, "JBD: recovery, exit status %d, "
 
 256                   "recovered transactions %u to %u\n",
 
 257                   err, info.start_transaction, info.end_transaction);
 
 258         jbd_debug(1, "JBD: Replayed %d and revoked %d/%d blocks\n",
 
 259                   info.nr_replays, info.nr_revoke_hits, info.nr_revokes);
 
 261         /* Restart the log at the next transaction ID, thus invalidating
 
 262          * any existing commit records in the log. */
 
 263         journal->j_transaction_sequence = ++info.end_transaction;
 
 265         jbd2_journal_clear_revoke(journal);
 
 266         err2 = sync_blockdev(journal->j_fs_dev);
 
 274  * jbd2_journal_skip_recovery - Start journal and wipe exiting records
 
 275  * @journal: journal to startup
 
 277  * Locate any valid recovery information from the journal and set up the
 
 278  * journal structures in memory to ignore it (presumably because the
 
 279  * caller has evidence that it is out of date).
 
 280  * This function does'nt appear to be exorted..
 
 282  * We perform one pass over the journal to allow us to tell the user how
 
 283  * much recovery information is being erased, and to let us initialise
 
 284  * the journal transaction sequence numbers to the next unused ID.
 
 286 int jbd2_journal_skip_recovery(journal_t *journal)
 
 289         journal_superblock_t *  sb;
 
 291         struct recovery_info    info;
 
 293         memset (&info, 0, sizeof(info));
 
 294         sb = journal->j_superblock;
 
 296         err = do_one_pass(journal, &info, PASS_SCAN);
 
 299                 printk(KERN_ERR "JBD: error %d scanning journal\n", err);
 
 300                 ++journal->j_transaction_sequence;
 
 302 #ifdef CONFIG_JBD2_DEBUG
 
 303                 int dropped = info.end_transaction - be32_to_cpu(sb->s_sequence);
 
 306                           "JBD: ignoring %d transaction%s from the journal.\n",
 
 307                           dropped, (dropped == 1) ? "" : "s");
 
 308                 journal->j_transaction_sequence = ++info.end_transaction;
 
 315 static inline unsigned long long read_tag_block(int tag_bytes, journal_block_tag_t *tag)
 
 317         unsigned long long block = be32_to_cpu(tag->t_blocknr);
 
 318         if (tag_bytes > JBD2_TAG_SIZE32)
 
 319                 block |= (u64)be32_to_cpu(tag->t_blocknr_high) << 32;
 
 324  * calc_chksums calculates the checksums for the blocks described in the
 
 327 static int calc_chksums(journal_t *journal, struct buffer_head *bh,
 
 328                         unsigned long *next_log_block, __u32 *crc32_sum)
 
 330         int i, num_blks, err;
 
 331         unsigned long io_block;
 
 332         struct buffer_head *obh;
 
 334         num_blks = count_tags(journal, bh);
 
 335         /* Calculate checksum of the descriptor block. */
 
 336         *crc32_sum = crc32_be(*crc32_sum, (void *)bh->b_data, bh->b_size);
 
 338         for (i = 0; i < num_blks; i++) {
 
 339                 io_block = (*next_log_block)++;
 
 340                 wrap(journal, *next_log_block);
 
 341                 err = jread(&obh, journal, io_block);
 
 343                         printk(KERN_ERR "JBD: IO error %d recovering block "
 
 344                                 "%lu in log\n", err, io_block);
 
 347                         *crc32_sum = crc32_be(*crc32_sum, (void *)obh->b_data,
 
 355 static int do_one_pass(journal_t *journal,
 
 356                         struct recovery_info *info, enum passtype pass)
 
 358         unsigned int            first_commit_ID, next_commit_ID;
 
 359         unsigned long           next_log_block;
 
 360         int                     err, success = 0;
 
 361         journal_superblock_t *  sb;
 
 362         journal_header_t *      tmp;
 
 363         struct buffer_head *    bh;
 
 364         unsigned int            sequence;
 
 366         int                     tag_bytes = journal_tag_bytes(journal);
 
 367         __u32                   crc32_sum = ~0; /* Transactional Checksums */
 
 369         /* Precompute the maximum metadata descriptors in a descriptor block */
 
 370         int                     MAX_BLOCKS_PER_DESC;
 
 371         MAX_BLOCKS_PER_DESC = ((journal->j_blocksize-sizeof(journal_header_t))
 
 375          * First thing is to establish what we expect to find in the log
 
 376          * (in terms of transaction IDs), and where (in terms of log
 
 377          * block offsets): query the superblock.
 
 380         sb = journal->j_superblock;
 
 381         next_commit_ID = be32_to_cpu(sb->s_sequence);
 
 382         next_log_block = be32_to_cpu(sb->s_start);
 
 384         first_commit_ID = next_commit_ID;
 
 385         if (pass == PASS_SCAN)
 
 386                 info->start_transaction = first_commit_ID;
 
 388         jbd_debug(1, "Starting recovery pass %d\n", pass);
 
 391          * Now we walk through the log, transaction by transaction,
 
 392          * making sure that each transaction has a commit block in the
 
 393          * expected place.  Each complete transaction gets replayed back
 
 394          * into the main filesystem.
 
 400                 journal_block_tag_t *   tag;
 
 401                 struct buffer_head *    obh;
 
 402                 struct buffer_head *    nbh;
 
 406                 /* If we already know where to stop the log traversal,
 
 407                  * check right now that we haven't gone past the end of
 
 410                 if (pass != PASS_SCAN)
 
 411                         if (tid_geq(next_commit_ID, info->end_transaction))
 
 414                 jbd_debug(2, "Scanning for sequence ID %u at %lu/%lu\n",
 
 415                           next_commit_ID, next_log_block, journal->j_last);
 
 417                 /* Skip over each chunk of the transaction looking
 
 418                  * either the next descriptor block or the final commit
 
 421                 jbd_debug(3, "JBD: checking block %ld\n", next_log_block);
 
 422                 err = jread(&bh, journal, next_log_block);
 
 427                 wrap(journal, next_log_block);
 
 429                 /* What kind of buffer is it?
 
 431                  * If it is a descriptor block, check that it has the
 
 432                  * expected sequence number.  Otherwise, we're all done
 
 435                 tmp = (journal_header_t *)bh->b_data;
 
 437                 if (tmp->h_magic != cpu_to_be32(JBD2_MAGIC_NUMBER)) {
 
 442                 blocktype = be32_to_cpu(tmp->h_blocktype);
 
 443                 sequence = be32_to_cpu(tmp->h_sequence);
 
 444                 jbd_debug(3, "Found magic %d, sequence %d\n",
 
 445                           blocktype, sequence);
 
 447                 if (sequence != next_commit_ID) {
 
 452                 /* OK, we have a valid descriptor block which matches
 
 453                  * all of the sequence number checks.  What are we going
 
 454                  * to do with it?  That depends on the pass... */
 
 457                 case JBD2_DESCRIPTOR_BLOCK:
 
 458                         /* If it is a valid descriptor block, replay it
 
 459                          * in pass REPLAY; if journal_checksums enabled, then
 
 460                          * calculate checksums in PASS_SCAN, otherwise,
 
 461                          * just skip over the blocks it describes. */
 
 462                         if (pass != PASS_REPLAY) {
 
 463                                 if (pass == PASS_SCAN &&
 
 464                                     JBD2_HAS_COMPAT_FEATURE(journal,
 
 465                                             JBD2_FEATURE_COMPAT_CHECKSUM) &&
 
 466                                     !info->end_transaction) {
 
 467                                         if (calc_chksums(journal, bh,
 
 476                                 next_log_block += count_tags(journal, bh);
 
 477                                 wrap(journal, next_log_block);
 
 482                         /* A descriptor block: we can now write all of
 
 483                          * the data blocks.  Yay, useful work is finally
 
 484                          * getting done here! */
 
 486                         tagp = &bh->b_data[sizeof(journal_header_t)];
 
 487                         while ((tagp - bh->b_data + tag_bytes)
 
 488                                <= journal->j_blocksize) {
 
 489                                 unsigned long io_block;
 
 491                                 tag = (journal_block_tag_t *) tagp;
 
 492                                 flags = be32_to_cpu(tag->t_flags);
 
 494                                 io_block = next_log_block++;
 
 495                                 wrap(journal, next_log_block);
 
 496                                 err = jread(&obh, journal, io_block);
 
 498                                         /* Recover what we can, but
 
 499                                          * report failure at the end. */
 
 502                                                 "JBD: IO error %d recovering "
 
 503                                                 "block %ld in log\n",
 
 506                                         unsigned long long blocknr;
 
 508                                         J_ASSERT(obh != NULL);
 
 509                                         blocknr = read_tag_block(tag_bytes,
 
 512                                         /* If the block has been
 
 513                                          * revoked, then we're all done
 
 515                                         if (jbd2_journal_test_revoke
 
 519                                                 ++info->nr_revoke_hits;
 
 523                                         /* Find a buffer for the new
 
 524                                          * data being restored */
 
 525                                         nbh = __getblk(journal->j_fs_dev,
 
 527                                                         journal->j_blocksize);
 
 530                                                        "JBD: Out of memory "
 
 531                                                        "during recovery.\n");
 
 539                                         memcpy(nbh->b_data, obh->b_data,
 
 540                                                         journal->j_blocksize);
 
 541                                         if (flags & JBD2_FLAG_ESCAPE) {
 
 542                                                 *((__be32 *)nbh->b_data) =
 
 543                                                 cpu_to_be32(JBD2_MAGIC_NUMBER);
 
 546                                         BUFFER_TRACE(nbh, "marking dirty");
 
 547                                         set_buffer_uptodate(nbh);
 
 548                                         mark_buffer_dirty(nbh);
 
 549                                         BUFFER_TRACE(nbh, "marking uptodate");
 
 551                                         /* ll_rw_block(WRITE, 1, &nbh); */
 
 559                                 if (!(flags & JBD2_FLAG_SAME_UUID))
 
 562                                 if (flags & JBD2_FLAG_LAST_TAG)
 
 569                 case JBD2_COMMIT_BLOCK:
 
 570                         /*     How to differentiate between interrupted commit
 
 571                          *               and journal corruption ?
 
 574                          *        Checksum Verification Failed
 
 576                          *               ____________________
 
 578                          *      async_commit             sync_commit
 
 580                          *              | GO TO NEXT    "Journal Corruption"
 
 583                          * {(n+1)th transanction}
 
 585                          *       _______|______________
 
 587                          * Commit block found   Commit block not found
 
 589                          * "Journal Corruption"       |
 
 590                          *               _____________|_________
 
 592                          *      nth trans corrupt       OR   nth trans
 
 593                          *      and (n+1)th interrupted     interrupted
 
 594                          *      before commit block
 
 595                          *      could reach the disk.
 
 596                          *      (Cannot find the difference in above
 
 597                          *       mentioned conditions. Hence assume
 
 598                          *       "Interrupted Commit".)
 
 601                         /* Found an expected commit block: if checksums
 
 602                          * are present verify them in PASS_SCAN; else not
 
 603                          * much to do other than move on to the next sequence
 
 605                         if (pass == PASS_SCAN &&
 
 606                             JBD2_HAS_COMPAT_FEATURE(journal,
 
 607                                     JBD2_FEATURE_COMPAT_CHECKSUM)) {
 
 608                                 int chksum_err, chksum_seen;
 
 609                                 struct commit_header *cbh =
 
 610                                         (struct commit_header *)bh->b_data;
 
 611                                 unsigned found_chksum =
 
 612                                         be32_to_cpu(cbh->h_chksum[0]);
 
 614                                 chksum_err = chksum_seen = 0;
 
 616                                 if (info->end_transaction) {
 
 617                                         journal->j_failed_commit =
 
 618                                                 info->end_transaction;
 
 623                                 if (crc32_sum == found_chksum &&
 
 624                                     cbh->h_chksum_type == JBD2_CRC32_CHKSUM &&
 
 625                                     cbh->h_chksum_size ==
 
 626                                                 JBD2_CRC32_CHKSUM_SIZE)
 
 628                                 else if (!(cbh->h_chksum_type == 0 &&
 
 629                                              cbh->h_chksum_size == 0 &&
 
 633                                  * If fs is mounted using an old kernel and then
 
 634                                  * kernel with journal_chksum is used then we
 
 635                                  * get a situation where the journal flag has
 
 636                                  * checksum flag set but checksums are not
 
 637                                  * present i.e chksum = 0, in the individual
 
 639                                  * Hence to avoid checksum failures, in this
 
 640                                  * situation, this extra check is added.
 
 645                                         info->end_transaction = next_commit_ID;
 
 647                                         if (!JBD2_HAS_INCOMPAT_FEATURE(journal,
 
 648                                            JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT)){
 
 649                                                 journal->j_failed_commit =
 
 661                 case JBD2_REVOKE_BLOCK:
 
 662                         /* If we aren't in the REVOKE pass, then we can
 
 663                          * just skip over this block. */
 
 664                         if (pass != PASS_REVOKE) {
 
 669                         err = scan_revoke_records(journal, bh,
 
 670                                                   next_commit_ID, info);
 
 677                         jbd_debug(3, "Unrecognised magic %d, end of scan.\n",
 
 686          * We broke out of the log scan loop: either we came to the
 
 687          * known end of the log or we found an unexpected block in the
 
 688          * log.  If the latter happened, then we know that the "current"
 
 689          * transaction marks the end of the valid log.
 
 692         if (pass == PASS_SCAN) {
 
 693                 if (!info->end_transaction)
 
 694                         info->end_transaction = next_commit_ID;
 
 696                 /* It's really bad news if different passes end up at
 
 697                  * different places (but possible due to IO errors). */
 
 698                 if (info->end_transaction != next_commit_ID) {
 
 699                         printk (KERN_ERR "JBD: recovery pass %d ended at "
 
 700                                 "transaction %u, expected %u\n",
 
 701                                 pass, next_commit_ID, info->end_transaction);
 
 714 /* Scan a revoke record, marking all blocks mentioned as revoked. */
 
 716 static int scan_revoke_records(journal_t *journal, struct buffer_head *bh,
 
 717                                tid_t sequence, struct recovery_info *info)
 
 719         jbd2_journal_revoke_header_t *header;
 
 723         header = (jbd2_journal_revoke_header_t *) bh->b_data;
 
 724         offset = sizeof(jbd2_journal_revoke_header_t);
 
 725         max = be32_to_cpu(header->r_count);
 
 727         if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_64BIT))
 
 730         while (offset + record_len <= max) {
 
 731                 unsigned long long blocknr;
 
 735                         blocknr = be32_to_cpu(* ((__be32 *) (bh->b_data+offset)));
 
 737                         blocknr = be64_to_cpu(* ((__be64 *) (bh->b_data+offset)));
 
 738                 offset += record_len;
 
 739                 err = jbd2_journal_set_revoke(journal, blocknr, sequence);