2 * linux/fs/jbd/recovery.c
4 * Written by Stephen C. Tweedie <sct@redhat.com>, 1999
6 * Copyright 1999-2000 Red Hat Software --- All Rights Reserved
8 * This file is part of the Linux kernel and is made available under
9 * the terms of the GNU General Public License, version 2, or at your
10 * option, any later version, incorporated herein by reference.
12 * Journal recovery routines for the generic filesystem journaling code;
13 * part of the ext2fs journaling system.
20 #include <linux/time.h>
22 #include <linux/jbd.h>
23 #include <linux/errno.h>
24 #include <linux/slab.h>
28 * Maintain information about the progress of the recovery job, so that
29 * the different passes can carry information between them.
33 tid_t start_transaction;
34 tid_t end_transaction;
41 enum passtype {PASS_SCAN, PASS_REVOKE, PASS_REPLAY};
42 static int do_one_pass(journal_t *journal,
43 struct recovery_info *info, enum passtype pass);
44 static int scan_revoke_records(journal_t *, struct buffer_head *,
45 tid_t, struct recovery_info *);
49 /* Release readahead buffers after use */
50 static void journal_brelse_array(struct buffer_head *b[], int n)
58 * When reading from the journal, we are going through the block device
59 * layer directly and so there is no readahead being done for us. We
60 * need to implement any readahead ourselves if we want it to happen at
61 * all. Recovery is basically one long sequential read, so make sure we
62 * do the IO in reasonably large chunks.
64 * This is not so critical that we need to be enormously clever about
65 * the readahead size, though. 128K is a purely arbitrary, good-enough
70 static int do_readahead(journal_t *journal, unsigned int start)
73 unsigned int max, nbufs, next;
74 unsigned long long blocknr;
75 struct buffer_head *bh;
77 struct buffer_head * bufs[MAXBUF];
79 /* Do up to 128K of readahead */
80 max = start + (128 * 1024 / journal->j_blocksize);
81 if (max > journal->j_maxlen)
82 max = journal->j_maxlen;
84 /* Do the readahead itself. We'll submit MAXBUF buffer_heads at
85 * a time to the block device IO layer. */
89 for (next = start; next < max; next++) {
90 err = journal_bmap(journal, next, &blocknr);
93 printk (KERN_ERR "JBD: bad block at offset %u\n",
98 bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
104 if (!buffer_uptodate(bh) && !buffer_locked(bh)) {
106 if (nbufs == MAXBUF) {
107 ll_rw_block(READ, nbufs, bufs);
108 journal_brelse_array(bufs, nbufs);
116 ll_rw_block(READ, nbufs, bufs);
121 journal_brelse_array(bufs, nbufs);
125 #endif /* __KERNEL__ */
129 * Read a block from the journal
132 static int jread(struct buffer_head **bhp, journal_t *journal,
136 unsigned long long blocknr;
137 struct buffer_head *bh;
141 if (offset >= journal->j_maxlen) {
142 printk(KERN_ERR "JBD: corrupted journal superblock\n");
146 err = journal_bmap(journal, offset, &blocknr);
149 printk (KERN_ERR "JBD: bad block at offset %u\n",
154 bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
158 if (!buffer_uptodate(bh)) {
159 /* If this is a brand new buffer, start readahead.
160 Otherwise, we assume we are already reading it. */
162 do_readahead(journal, offset);
166 if (!buffer_uptodate(bh)) {
167 printk (KERN_ERR "JBD: Failed to read block at offset %u\n",
177 static int jbd2_descr_block_csum_verify(journal_t *j,
180 struct journal_block_tail *tail;
181 __u32 provided, calculated;
183 if (!JFS_HAS_INCOMPAT_FEATURE(j, JFS_FEATURE_INCOMPAT_CSUM_V2))
186 tail = (struct journal_block_tail *)(buf + j->j_blocksize -
187 sizeof(struct journal_block_tail));
188 provided = tail->t_checksum;
189 tail->t_checksum = 0;
190 calculated = ext2fs_crc32c_le(~0, j->j_superblock->s_uuid,
191 sizeof(j->j_superblock->s_uuid));
192 calculated = ext2fs_crc32c_le(calculated, buf, j->j_blocksize);
193 tail->t_checksum = provided;
195 provided = ext2fs_be32_to_cpu(provided);
196 return provided == calculated;
200 * Count the number of in-use tags in a journal descriptor block.
203 static int count_tags(journal_t *journal, struct buffer_head *bh)
206 journal_block_tag_t * tag;
207 int nr = 0, size = journal->j_blocksize;
208 int tag_bytes = journal_tag_bytes(journal);
210 if (JFS_HAS_INCOMPAT_FEATURE(journal, JFS_FEATURE_INCOMPAT_CSUM_V2))
211 size -= sizeof(struct journal_block_tail);
213 tagp = &bh->b_data[sizeof(journal_header_t)];
215 while ((tagp - bh->b_data + tag_bytes) <= size) {
216 tag = (journal_block_tag_t *) tagp;
220 if (!(tag->t_flags & cpu_to_be16(JFS_FLAG_SAME_UUID)))
223 if (tag->t_flags & cpu_to_be16(JFS_FLAG_LAST_TAG))
231 /* Make sure we wrap around the log correctly! */
232 #define wrap(journal, var) \
234 if (var >= (journal)->j_last) \
235 var -= ((journal)->j_last - (journal)->j_first); \
239 * journal_recover - recovers a on-disk journal
240 * @journal: the journal to recover
242 * The primary function for recovering the log contents when mounting a
245 * Recovery is done in three passes. In the first pass, we look for the
246 * end of the log. In the second, we assemble the list of revoke
247 * blocks. In the third and final pass, we replay any un-revoked blocks
250 int journal_recover(journal_t *journal)
253 journal_superblock_t * sb;
255 struct recovery_info info;
257 memset(&info, 0, sizeof(info));
258 sb = journal->j_superblock;
261 * The journal superblock's s_start field (the current log head)
262 * is always zero if, and only if, the journal was cleanly
267 jbd_debug(1, "No recovery required, last transaction %d\n",
268 be32_to_cpu(sb->s_sequence));
269 journal->j_transaction_sequence = be32_to_cpu(sb->s_sequence) + 1;
273 err = do_one_pass(journal, &info, PASS_SCAN);
275 err = do_one_pass(journal, &info, PASS_REVOKE);
277 err = do_one_pass(journal, &info, PASS_REPLAY);
279 jbd_debug(1, "JBD: recovery, exit status %d, "
280 "recovered transactions %u to %u\n",
281 err, info.start_transaction, info.end_transaction);
282 jbd_debug(1, "JBD: Replayed %d and revoked %d/%d blocks\n",
283 info.nr_replays, info.nr_revoke_hits, info.nr_revokes);
285 /* Restart the log at the next transaction ID, thus invalidating
286 * any existing commit records in the log. */
287 journal->j_transaction_sequence = ++info.end_transaction;
289 journal_clear_revoke(journal);
290 sync_blockdev(journal->j_fs_dev);
295 * journal_skip_recovery - Start journal and wipe exiting records
296 * @journal: journal to startup
298 * Locate any valid recovery information from the journal and set up the
299 * journal structures in memory to ignore it (presumably because the
300 * caller has evidence that it is out of date).
301 * This function does'nt appear to be exorted..
303 * We perform one pass over the journal to allow us to tell the user how
304 * much recovery information is being erased, and to let us initialise
305 * the journal transaction sequence numbers to the next unused ID.
307 int journal_skip_recovery(journal_t *journal)
310 struct recovery_info info;
312 memset (&info, 0, sizeof(info));
314 err = do_one_pass(journal, &info, PASS_SCAN);
317 printk(KERN_ERR "JBD: error %d scanning journal\n", err);
318 ++journal->j_transaction_sequence;
320 #ifdef CONFIG_JBD_DEBUG
321 journal_superblock_t *sb = journal->j_superblock;
323 int dropped = info.end_transaction - be32_to_cpu(sb->s_sequence);
326 "JBD: ignoring %d transaction%s from the journal.\n",
327 dropped, (dropped == 1) ? "" : "s");
328 journal->j_transaction_sequence = ++info.end_transaction;
335 static inline unsigned long long read_tag_block(int tag_bytes, journal_block_tag_t *tag)
337 unsigned long long block = be32_to_cpu(tag->t_blocknr);
338 if (tag_bytes > JBD_TAG_SIZE32)
339 block |= (__u64)be32_to_cpu(tag->t_blocknr_high) << 32;
344 * calc_chksums calculates the checksums for the blocks described in the
347 static int calc_chksums(journal_t *journal, struct buffer_head *bh,
348 unsigned long long *next_log_block, __u32 *crc32_sum)
350 int i, num_blks, err;
351 unsigned long long io_block;
352 struct buffer_head *obh;
354 num_blks = count_tags(journal, bh);
355 /* Calculate checksum of the descriptor block. */
356 *crc32_sum = ext2fs_crc32_be(*crc32_sum, (void *)bh->b_data,
359 for (i = 0; i < num_blks; i++) {
360 io_block = (*next_log_block)++;
361 wrap(journal, *next_log_block);
362 err = jread(&obh, journal, io_block);
364 printk(KERN_ERR "JBD: IO error %d recovering block "
365 "%llu in log\n", err, io_block);
368 *crc32_sum = ext2fs_crc32_be(*crc32_sum,
377 static int jbd2_commit_block_csum_verify(journal_t *j, void *buf)
379 struct commit_header *h;
380 __u32 provided, calculated;
382 if (!JFS_HAS_INCOMPAT_FEATURE(j, JFS_FEATURE_INCOMPAT_CSUM_V2))
386 provided = h->h_chksum[0];
388 calculated = ext2fs_crc32c_le(~0, j->j_superblock->s_uuid,
389 sizeof(j->j_superblock->s_uuid));
390 calculated = ext2fs_crc32c_le(calculated, buf, j->j_blocksize);
391 h->h_chksum[0] = provided;
393 provided = ext2fs_be32_to_cpu(provided);
394 return provided == calculated;
397 static int jbd2_block_tag_csum_verify(journal_t *j, journal_block_tag_t *tag,
398 void *buf, __u32 sequence)
400 __u32 provided, calculated;
402 if (!JFS_HAS_INCOMPAT_FEATURE(j, JFS_FEATURE_INCOMPAT_CSUM_V2))
405 sequence = ext2fs_cpu_to_be32(sequence);
406 calculated = ext2fs_crc32c_le(~0, j->j_superblock->s_uuid,
407 sizeof(j->j_superblock->s_uuid));
408 calculated = ext2fs_crc32c_le(calculated, (__u8 *)&sequence,
410 calculated = ext2fs_crc32c_le(calculated, buf, j->j_blocksize) & 0xffff;
411 provided = ext2fs_be16_to_cpu(tag->t_checksum);
413 return provided == ext2fs_cpu_to_be32(calculated);
416 static int do_one_pass(journal_t *journal,
417 struct recovery_info *info, enum passtype pass)
419 unsigned int first_commit_ID, next_commit_ID;
420 unsigned long long next_log_block;
421 int err, success = 0;
422 journal_superblock_t * sb;
423 journal_header_t * tmp;
424 struct buffer_head * bh;
425 unsigned int sequence;
427 int tag_bytes = journal_tag_bytes(journal);
428 __u32 crc32_sum = ~0; /* Transactional Checksums */
429 int descr_csum_size = 0;
432 * First thing is to establish what we expect to find in the log
433 * (in terms of transaction IDs), and where (in terms of log
434 * block offsets): query the superblock.
437 sb = journal->j_superblock;
438 next_commit_ID = be32_to_cpu(sb->s_sequence);
439 next_log_block = be32_to_cpu(sb->s_start);
441 first_commit_ID = next_commit_ID;
442 if (pass == PASS_SCAN)
443 info->start_transaction = first_commit_ID;
445 jbd_debug(1, "Starting recovery pass %d\n", pass);
448 * Now we walk through the log, transaction by transaction,
449 * making sure that each transaction has a commit block in the
450 * expected place. Each complete transaction gets replayed back
451 * into the main filesystem.
457 journal_block_tag_t * tag;
458 struct buffer_head * obh;
459 struct buffer_head * nbh;
463 /* If we already know where to stop the log traversal,
464 * check right now that we haven't gone past the end of
467 if (pass != PASS_SCAN)
468 if (tid_geq(next_commit_ID, info->end_transaction))
471 jbd_debug(2, "Scanning for sequence ID %u at %llu/%lu\n",
472 next_commit_ID, next_log_block, journal->j_last);
474 /* Skip over each chunk of the transaction looking
475 * either the next descriptor block or the final commit
478 jbd_debug(3, "JBD: checking block %llu\n", next_log_block);
479 err = jread(&bh, journal, next_log_block);
484 wrap(journal, next_log_block);
486 /* What kind of buffer is it?
488 * If it is a descriptor block, check that it has the
489 * expected sequence number. Otherwise, we're all done
492 tmp = (journal_header_t *)bh->b_data;
494 if (tmp->h_magic != cpu_to_be32(JFS_MAGIC_NUMBER)) {
499 blocktype = be32_to_cpu(tmp->h_blocktype);
500 sequence = be32_to_cpu(tmp->h_sequence);
501 jbd_debug(3, "Found magic %d, sequence %d\n",
502 blocktype, sequence);
504 if (sequence != next_commit_ID) {
509 /* OK, we have a valid descriptor block which matches
510 * all of the sequence number checks. What are we going
511 * to do with it? That depends on the pass... */
514 case JFS_DESCRIPTOR_BLOCK:
515 /* Verify checksum first */
516 if (JFS_HAS_INCOMPAT_FEATURE(journal,
517 JFS_FEATURE_INCOMPAT_CSUM_V2))
519 sizeof(struct journal_block_tail);
520 if (descr_csum_size > 0 &&
521 !jbd2_descr_block_csum_verify(journal,
527 /* If it is a valid descriptor block, replay it
528 * in pass REPLAY; if journal_checksums enabled, then
529 * calculate checksums in PASS_SCAN, otherwise,
530 * just skip over the blocks it describes. */
531 if (pass != PASS_REPLAY) {
532 if (pass == PASS_SCAN &&
533 JFS_HAS_COMPAT_FEATURE(journal,
534 JFS_FEATURE_COMPAT_CHECKSUM) &&
535 !info->end_transaction) {
536 if (calc_chksums(journal, bh,
545 next_log_block += count_tags(journal, bh);
546 wrap(journal, next_log_block);
551 /* A descriptor block: we can now write all of
552 * the data blocks. Yay, useful work is finally
553 * getting done here! */
555 tagp = &bh->b_data[sizeof(journal_header_t)];
556 while ((tagp - bh->b_data + tag_bytes)
557 <= journal->j_blocksize - descr_csum_size) {
558 unsigned long long io_block;
560 tag = (journal_block_tag_t *) tagp;
561 flags = be16_to_cpu(tag->t_flags);
563 io_block = next_log_block++;
564 wrap(journal, next_log_block);
565 err = jread(&obh, journal, io_block);
567 /* Recover what we can, but
568 * report failure at the end. */
571 "JBD: IO error %d recovering "
572 "block %llu in log\n",
575 unsigned long long blocknr;
577 J_ASSERT(obh != NULL);
578 blocknr = read_tag_block(tag_bytes,
581 /* If the block has been
582 * revoked, then we're all done
584 if (journal_test_revoke
588 ++info->nr_revoke_hits;
592 /* Look for block corruption */
593 if (!jbd2_block_tag_csum_verify(
594 journal, tag, obh->b_data,
595 be32_to_cpu(tmp->h_sequence))) {
598 printk(KERN_ERR "JBD: Invalid "
599 "checksum recovering "
600 "block %lld in log\n",
605 /* Find a buffer for the new
606 * data being restored */
607 nbh = __getblk(journal->j_fs_dev,
609 journal->j_blocksize);
612 "JBD: Out of memory "
613 "during recovery.\n");
621 memcpy(nbh->b_data, obh->b_data,
622 journal->j_blocksize);
623 if (flags & JFS_FLAG_ESCAPE) {
624 journal_header_t *header;
626 header = (journal_header_t *) &nbh->b_data[0];
627 header->h_magic = cpu_to_be32(JFS_MAGIC_NUMBER);
630 BUFFER_TRACE(nbh, "marking dirty");
631 set_buffer_uptodate(nbh);
632 mark_buffer_dirty(nbh);
633 BUFFER_TRACE(nbh, "marking uptodate");
635 /* ll_rw_block(WRITE, 1, &nbh); */
643 if (!(flags & JFS_FLAG_SAME_UUID))
646 if (flags & JFS_FLAG_LAST_TAG)
653 case JFS_COMMIT_BLOCK:
654 jbd_debug(3, "Commit block for #%u found\n",
656 /* How to differentiate between interrupted commit
657 * and journal corruption ?
660 * Checksum Verification Failed
662 * ____________________
664 * async_commit sync_commit
666 * | GO TO NEXT "Journal Corruption"
669 * {(n+1)th transanction}
671 * _______|______________
673 * Commit block found Commit block not found
675 * "Journal Corruption" |
676 * _____________|_________
678 * nth trans corrupt OR nth trans
679 * and (n+1)th interrupted interrupted
680 * before commit block
681 * could reach the disk.
682 * (Cannot find the difference in above
683 * mentioned conditions. Hence assume
684 * "Interrupted Commit".)
687 /* Found an expected commit block: if checksums
688 * are present verify them in PASS_SCAN; else not
689 * much to do other than move on to the next sequence
691 if (pass == PASS_SCAN &&
692 JFS_HAS_COMPAT_FEATURE(journal,
693 JFS_FEATURE_COMPAT_CHECKSUM)) {
694 int chksum_err, chksum_seen;
695 struct commit_header *cbh =
696 (struct commit_header *)bh->b_data;
697 unsigned found_chksum =
698 be32_to_cpu(cbh->h_chksum[0]);
700 chksum_err = chksum_seen = 0;
702 jbd_debug(3, "Checksums %x %x\n",
703 crc32_sum, found_chksum);
704 if (info->end_transaction) {
705 journal->j_failed_commit =
706 info->end_transaction;
711 if (crc32_sum == found_chksum &&
712 cbh->h_chksum_type == JBD2_CRC32_CHKSUM &&
713 cbh->h_chksum_size ==
714 JBD2_CRC32_CHKSUM_SIZE)
716 else if (!(cbh->h_chksum_type == 0 &&
717 cbh->h_chksum_size == 0 &&
721 * If fs is mounted using an old kernel and then
722 * kernel with journal_chksum is used then we
723 * get a situation where the journal flag has
724 * checksum flag set but checksums are not
725 * present i.e chksum = 0, in the individual
727 * Hence to avoid checksum failures, in this
728 * situation, this extra check is added.
733 info->end_transaction = next_commit_ID;
734 jbd_debug(1, "Checksum_err %x %x\n",
735 crc32_sum, found_chksum);
736 if (!JFS_HAS_INCOMPAT_FEATURE(journal,
737 JFS_FEATURE_INCOMPAT_ASYNC_COMMIT)){
738 journal->j_failed_commit =
746 if (pass == PASS_SCAN &&
747 !jbd2_commit_block_csum_verify(journal,
749 info->end_transaction = next_commit_ID;
751 if (!JFS_HAS_INCOMPAT_FEATURE(journal,
752 JFS_FEATURE_INCOMPAT_ASYNC_COMMIT)) {
753 journal->j_failed_commit =
763 case JFS_REVOKE_BLOCK:
764 /* If we aren't in the REVOKE pass, then we can
765 * just skip over this block. */
766 if (pass != PASS_REVOKE) {
771 err = scan_revoke_records(journal, bh,
772 next_commit_ID, info);
779 jbd_debug(3, "Unrecognised magic %d, end of scan.\n",
788 * We broke out of the log scan loop: either we came to the
789 * known end of the log or we found an unexpected block in the
790 * log. If the latter happened, then we know that the "current"
791 * transaction marks the end of the valid log.
794 if (pass == PASS_SCAN) {
795 if (!info->end_transaction)
796 info->end_transaction = next_commit_ID;
798 /* It's really bad news if different passes end up at
799 * different places (but possible due to IO errors). */
800 if (info->end_transaction != next_commit_ID) {
801 printk (KERN_ERR "JBD: recovery pass %d ended at "
802 "transaction %u, expected %u\n",
803 pass, next_commit_ID, info->end_transaction);
815 static int jbd2_revoke_block_csum_verify(journal_t *j,
818 struct journal_revoke_tail *tail;
819 __u32 provided, calculated;
821 if (!JFS_HAS_INCOMPAT_FEATURE(j, JFS_FEATURE_INCOMPAT_CSUM_V2))
824 tail = (struct journal_revoke_tail *)(buf + j->j_blocksize -
825 sizeof(struct journal_revoke_tail));
826 provided = tail->r_checksum;
827 tail->r_checksum = 0;
828 calculated = ext2fs_crc32c_le(~0, j->j_superblock->s_uuid,
829 sizeof(j->j_superblock->s_uuid));
830 calculated = ext2fs_crc32c_le(calculated, buf, j->j_blocksize);
831 tail->r_checksum = provided;
833 provided = ext2fs_be32_to_cpu(provided);
834 return provided == calculated;
837 /* Scan a revoke record, marking all blocks mentioned as revoked. */
839 static int scan_revoke_records(journal_t *journal, struct buffer_head *bh,
840 tid_t sequence, struct recovery_info *info)
842 journal_revoke_header_t *header;
846 header = (journal_revoke_header_t *) bh->b_data;
847 offset = sizeof(journal_revoke_header_t);
848 max = be32_to_cpu(header->r_count);
850 if (!jbd2_revoke_block_csum_verify(journal, header))
853 if (JFS_HAS_INCOMPAT_FEATURE(journal, JFS_FEATURE_INCOMPAT_64BIT))
856 while (offset < max) {
857 unsigned long long blocknr;
860 if (record_len == 4) {
862 memcpy(&b, bh->b_data + offset, sizeof(__be32));
863 blocknr = ext2fs_be32_to_cpu(b);
866 memcpy(&b, bh->b_data + offset, sizeof(__be64));
867 blocknr = ext2fs_be64_to_cpu(b);
870 offset += record_len;
871 err = journal_set_revoke(journal, blocknr, sequence);