4 * Written by Stephen C. Tweedie <sct@redhat.com>, 2000
6 * Copyright 2000 Red Hat corp --- All Rights Reserved
8 * This file is part of the Linux kernel and is made available under
9 * the terms of the GNU General Public License, version 2, or at your
10 * option, any later version, incorporated herein by reference.
12 * Journal revoke routines for the generic filesystem journaling code;
13 * part of the ext2fs journaling system.
15 * Revoke is the mechanism used to prevent old log records for deleted
16 * metadata from being replayed on top of newer data using the same
17 * blocks. The revoke mechanism is used in two separate places:
19 * + Commit: during commit we write the entire list of the current
20 * transaction's revoked blocks to the journal
22 * + Recovery: during recovery we record the transaction ID of all
23 * revoked blocks. If there are multiple revoke records in the log
24 * for a single block, only the last one counts, and if there is a log
25 * entry for a block beyond the last revoke, then that log entry still
28 * We can get interactions between revokes and new log data within a
31 * Block is revoked and then journaled:
32 * The desired end result is the journaling of the new block, so we
33 * cancel the revoke before the transaction commits.
35 * Block is journaled and then revoked:
36 * The revoke must take precedence over the write of the block, so we
37 * need either to cancel the journal entry or to write the revoke
38 * later in the log than the log block. In this case, we choose the
39 * latter: journaling a block cancels any revoke record for that block
40 * in the current transaction, so any revoke for that block in the
41 * transaction must have happened after the block was journaled and so
42 * the revoke must take precedence.
44 * Block is revoked and then written as data:
45 * The data write is allowed to succeed, but the revoke is _not_
46 * cancelled. We still need to prevent old log records from
47 * overwriting the new data. We don't even need to clear the revoke
50 * Revoke information on buffers is a tri-state value:
52 * RevokeValid clear: no cached revoke status, need to look it up
53 * RevokeValid set, Revoke clear:
54 * buffer has not been revoked, and cancel_revoke
56 * RevokeValid set, Revoke set:
57 * buffer has been revoked.
63 #include <linux/sched.h>
65 #include <linux/jfs.h>
66 #include <linux/errno.h>
67 #include <linux/slab.h>
68 #include <linux/locks.h>
69 #include <linux/buffer.h>
70 #include <linux/list.h>
73 static kmem_cache_t *revoke_record_cache;
74 static kmem_cache_t *revoke_table_cache;
76 /* Each revoke record represents one single revoked block. During
77 journal replay, this involves recording the transaction ID of the
78 last transaction to revoke this block. */
80 struct jfs_revoke_record_s
82 struct list_head hash;
83 tid_t sequence; /* Used for recovery only */
84 unsigned long blocknr;
88 /* The revoke table is just a simple hash table of revoke records. */
89 struct jfs_revoke_table_s
91 /* It is conceivable that we might want a larger hash table
92 * for recovery. Must be a power of two. */
95 struct list_head *hash_table;
100 static void write_one_revoke_record(journal_t *, transaction_t *,
101 struct buffer_head **, int *,
102 struct jfs_revoke_record_s *);
103 static void flush_descriptor(journal_t *, struct buffer_head *, int);
106 /* Utility functions to maintain the revoke table */
108 /* Borrowed from buffer.c: this is a tried and tested block hash function */
109 static inline int hash(journal_t *journal, unsigned long block)
111 struct jfs_revoke_table_s *table = journal->j_revoke;
112 int hash_shift = table->hash_shift;
114 return ((block << (hash_shift - 6)) ^
116 (block << (hash_shift - 12))) & (table->hash_size - 1);
119 static int insert_revoke_hash(journal_t *journal,
120 unsigned long blocknr, tid_t seq)
122 struct list_head *hash_list;
123 struct jfs_revoke_record_s *record;
125 record = kmem_cache_alloc(revoke_record_cache, GFP_KERNEL);
129 record->sequence = seq;
130 record->blocknr = blocknr;
131 hash_list = &journal->j_revoke->hash_table[hash(journal, blocknr)];
132 list_add(&record->hash, hash_list);
136 /* Find a revoke record in the journal's hash table. */
138 static struct jfs_revoke_record_s *find_revoke_record(journal_t *journal,
139 unsigned long blocknr)
141 struct list_head *hash_list;
142 struct jfs_revoke_record_s *record;
144 hash_list = &journal->j_revoke->hash_table[hash(journal, blocknr)];
146 record = (struct jfs_revoke_record_s *) hash_list->next;
147 while (&(record->hash) != hash_list) {
148 if (record->blocknr == blocknr)
150 record = (struct jfs_revoke_record_s *) record->hash.next;
157 /* Initialise the revoke table for a given journal to a given size. */
159 int journal_init_revoke(journal_t *journal, int hash_size)
163 J_ASSERT (journal->j_revoke == NULL);
165 if (!revoke_record_cache)
166 revoke_record_cache =
167 kmem_cache_create ("revoke_record",
168 sizeof(struct jfs_revoke_record_s),
169 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
171 if (!revoke_table_cache)
173 kmem_cache_create ("revoke_table",
174 sizeof(struct jfs_revoke_table_s),
177 if (!revoke_record_cache || !revoke_table_cache)
180 journal->j_revoke = kmem_cache_alloc(revoke_table_cache, GFP_KERNEL);
181 if (!journal->j_revoke)
184 /* Check that the hash_size is a power of two */
185 J_ASSERT ((hash_size & (hash_size-1)) == 0);
187 journal->j_revoke->hash_size = hash_size;
191 while((tmp >>= 1UL) != 0UL)
193 journal->j_revoke->hash_shift = shift;
195 journal->j_revoke->hash_table =
196 kmalloc(hash_size * sizeof(struct list_head), GFP_KERNEL);
197 if (!journal->j_revoke->hash_table) {
198 kmem_cache_free(revoke_table_cache, journal->j_revoke);
199 journal->j_revoke = NULL;
203 for (tmp = 0; tmp < hash_size; tmp++)
204 INIT_LIST_HEAD(&journal->j_revoke->hash_table[tmp]);
209 /* Destoy a journal's revoke table. The table must already be empty! */
211 void journal_destroy_revoke(journal_t *journal)
213 struct jfs_revoke_table_s *table;
214 struct list_head *hash_list;
217 table = journal->j_revoke;
221 for (i=0; i<table->hash_size; i++) {
222 hash_list = &table->hash_table[i];
223 J_ASSERT (list_empty(hash_list));
226 kfree(table->hash_table);
227 kmem_cache_free(revoke_table_cache, table);
228 journal->j_revoke = NULL;
235 * journal_revoke: revoke a given buffer_head from the journal. This
236 * prevents the block from being replayed during recovery if we take a
237 * crash after this current transaction commits. Any subsequent
238 * metadata writes of the buffer in this transaction cancel the
241 * Note that this call may block --- it is up to the caller to make
242 * sure that there are no further calls to journal_write_metadata
243 * before the revoke is complete. In ext3, this implies calling the
244 * revoke before clearing the block bitmap when we are deleting
247 * Revoke performs a journal_forget on any buffer_head passed in as a
248 * parameter, but does _not_ forget the buffer_head if the bh was only
251 * Revoke must observe the same synchronisation rules as bforget: it
252 * must not discard the buffer once it has blocked.
255 int journal_revoke(handle_t *handle, unsigned long blocknr,
256 struct buffer_head *bh_in)
258 struct buffer_head *bh;
263 journal = handle->h_transaction->t_journal;
264 if (!journal_set_features(journal, 0, 0, JFS_FEATURE_INCOMPAT_REVOKE)){
265 J_ASSERT (!"Cannot set revoke feature!");
269 dev = journal->j_dev;
273 bh = get_hash_table(dev, blocknr, journal->j_blocksize);
275 /* We really ought not ever to revoke twice in a row without
276 first having the revoke cancelled: it's illegal to free a
277 block twice without allocating it in between! */
279 J_ASSERT (!test_and_set_bit(BH_Revoked, &bh->b_state));
280 set_bit(BH_RevokeValid, &bh->b_state);
282 journal_forget(handle, bh_in);
287 lock_journal(journal);
288 err = insert_revoke_hash(journal, blocknr,
289 handle->h_transaction->t_tid);
290 unlock_journal(journal);
297 * Cancel an outstanding revoke. For use only internally by the
298 * journaling code (called from journal_get_write_access).
300 * We trust the BH_Revoked bit on the buffer if the buffer is already
301 * being journaled: if there is no revoke pending on the buffer, then we
302 * don't do anything here.
304 * This would break if it were possible for a buffer to be revoked and
305 * discarded, and then reallocated within the same transaction. In such
306 * a case we would have lost the revoked bit, but when we arrived here
307 * the second time we would still have a pending revoke to cancel. So,
308 * do not trust the Revoked bit on buffers unless RevokeValid is also
311 * The caller must have the journal locked.
314 void journal_cancel_revoke(handle_t *handle, struct buffer_head *bh)
316 struct jfs_revoke_record_s *record;
317 journal_t *journal = handle->h_transaction->t_journal;
320 J_ASSERT (journal->j_locked);
322 /* Is the existing Revoke bit valid? If so, we trust it, and
323 * only perform the full cancel if the revoke bit is set. If
324 * not, we can't trust the revoke bit, and we need to do the
325 * full search for a revoke record. */
326 if (test_and_set_bit(BH_RevokeValid, &bh->b_state))
327 need_cancel = (test_and_clear_bit(BH_Revoked, &bh->b_state));
330 clear_bit(BH_Revoked, &bh->b_state);
334 record = find_revoke_record(journal, bh->b_blocknr);
336 list_del(&record->hash);
337 kmem_cache_free(revoke_record_cache, record);
344 * Write revoke records to the journal for all entries in the current
345 * revoke hash, deleting the entries as we go.
347 * Called with the journal lock held.
350 void journal_write_revoke_records(journal_t *journal,
351 transaction_t *transaction)
353 struct buffer_head *descriptor;
354 struct jfs_revoke_record_s *record;
355 struct jfs_revoke_table_s *revoke;
356 struct list_head *hash_list;
357 int i, offset, count;
362 revoke = journal->j_revoke;
364 for (i = 0; i < revoke->hash_size; i++) {
365 hash_list = &revoke->hash_table[i];
367 while (!list_empty(hash_list)) {
368 record = (struct jfs_revoke_record_s *)
370 write_one_revoke_record(journal, transaction,
371 &descriptor, &offset,
374 list_del(&record->hash);
375 kmem_cache_free(revoke_record_cache, record);
379 flush_descriptor(journal, descriptor, offset);
380 jfs_debug(1, "Wrote %d revoke records\n", count);
384 * Write out one revoke record. We need to create a new descriptor
385 * block if the old one is full or if we have not already created one.
388 static void write_one_revoke_record(journal_t *journal,
389 transaction_t *transaction,
390 struct buffer_head **descriptorp,
392 struct jfs_revoke_record_s *record)
394 struct buffer_head *descriptor;
396 journal_header_t *header;
398 /* If we are already aborting, this all becomes a noop. We
399 still need to go round the loop in
400 journal_write_revoke_records in order to free all of the
401 revoke records: only the IO to the journal is omitted. */
402 if (is_journal_abort(journal))
405 descriptor = *descriptorp;
408 /* Make sure we have a descriptor with space left for the record */
410 if (offset == journal->j_blocksize) {
411 flush_descriptor(journal, descriptor, offset);
417 descriptor = journal_get_descriptor_buffer(journal);
418 header = (journal_header_t *) &descriptor->b_data[0];
419 header->h_magic = htonl(JFS_MAGIC_NUMBER);
420 header->h_blocktype = htonl(JFS_REVOKE_BLOCK);
421 header->h_sequence = htonl(transaction->t_tid);
423 /* Record it so that we can wait for IO completion later */
424 journal_file_buffer(descriptor, transaction, BJ_LogCtl);
426 offset = sizeof(journal_revoke_header_t);
427 *descriptorp = descriptor;
430 * ((unsigned int *)(&descriptor->b_data[offset])) =
431 htonl(record->blocknr);
437 * Flush a revoke descriptor out to the journal. If we are aborting,
438 * this is a noop; otherwise we are generating a buffer which needs to
439 * be waited for during commit, so it has to go onto the appropriate
440 * journal buffer list.
443 static void flush_descriptor(journal_t *journal,
444 struct buffer_head *descriptor,
447 journal_revoke_header_t *header;
449 if (is_journal_abort(journal)) {
454 header = (journal_revoke_header_t *) descriptor->b_data;
455 header->r_count = htonl(offset);
456 set_bit(BH_JWrite, &descriptor->b_state);
457 ll_rw_block (WRITE, 1, &descriptor);
463 * Revoke support for recovery.
465 * Recovery needs to be able to:
467 * record all revoke records, including the tid of the latest instance
468 * of each revoke in the journal
470 * check whether a given block in a given transaction should be replayed
471 * (ie. has not been revoked by a revoke record in that or a subsequent
474 * empty the revoke table after recovery.
478 * First, setting revoke records. We create a new revoke record for
479 * every block ever revoked in the log as we scan it for recovery, and
480 * we update the existing records if we find multiple revokes for a
484 int journal_set_revoke(journal_t *journal,
485 unsigned long blocknr,
488 struct jfs_revoke_record_s *record;
490 record = find_revoke_record(journal, blocknr);
492 /* If we have multiple occurences, only record the
493 * latest sequence number in the hashed record */
494 if (tid_gt(sequence, record->sequence))
495 record->sequence = sequence;
498 return insert_revoke_hash(journal, blocknr, sequence);
502 * Test revoke records. For a given block referenced in the log, has
503 * that block been revoked? A revoke record with a given transaction
504 * sequence number revokes all blocks in that transaction and earlier
505 * ones, but later transactions still need replayed.
508 int journal_test_revoke(journal_t *journal,
509 unsigned long blocknr,
512 struct jfs_revoke_record_s *record;
514 record = find_revoke_record(journal, blocknr);
517 if (tid_gt(sequence, record->sequence))
523 * Finally, once recovery is over, we need to clear the revoke table so
524 * that it can be reused by the running filesystem.
527 void journal_clear_revoke(journal_t *journal)
530 struct list_head *hash_list;
531 struct jfs_revoke_record_s *record;
532 struct jfs_revoke_table_s *revoke;
534 revoke = journal->j_revoke;
536 for (i = 0; i < revoke->hash_size; i++) {
537 hash_list = &revoke->hash_table[i];
538 while (!list_empty(hash_list)) {
539 record = (struct jfs_revoke_record_s*) hash_list->next;
540 list_del(&record->hash);
541 kmem_cache_free(revoke_record_cache, record);
git://git.whamcloud.com / tools / e2fsprogs.git / blob