1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This file is part of UBIFS.
4 *
5 * Copyright (C) 2006-2008 Nokia Corporation.
6 *
7 * Author: Adrian Hunter
8 */
9
10 #include "ubifs.h"
11
12 /*
13 * An orphan is an inode number whose inode node has been committed to the index
14 * with a link count of zero. That happens when an open file is deleted
15 * (unlinked) and then a commit is run. In the normal course of events the inode
16 * would be deleted when the file is closed. However in the case of an unclean
17 * unmount, orphans need to be accounted for. After an unclean unmount, the
18 * orphans' inodes must be deleted which means either scanning the entire index
19 * looking for them, or keeping a list on flash somewhere. This unit implements
20 * the latter approach.
21 *
22 * The orphan area is a fixed number of LEBs situated between the LPT area and
23 * the main area. The number of orphan area LEBs is specified when the file
24 * system is created. The minimum number is 1. The size of the orphan area
25 * should be so that it can hold the maximum number of orphans that are expected
26 * to ever exist at one time.
27 *
28 * The number of orphans that can fit in a LEB is:
29 *
30 * (c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64)
31 *
32 * For example: a 15872 byte LEB can fit 1980 orphans so 1 LEB may be enough.
33 *
34 * Orphans are accumulated in a rb-tree. When an inode's link count drops to
35 * zero, the inode number is added to the rb-tree. It is removed from the tree
36 * when the inode is deleted. Any new orphans that are in the orphan tree when
37 * the commit is run, are written to the orphan area in 1 or more orphan nodes.
38 * If the orphan area is full, it is consolidated to make space. There is
39 * always enough space because validation prevents the user from creating more
40 * than the maximum number of orphans allowed.
41 */
42
43 static int dbg_check_orphans(struct ubifs_info *c);
44
45 /**
46 * ubifs_add_orphan - add an orphan.
47 * @c: UBIFS file-system description object
48 * @inum: orphan inode number
49 *
50 * Add an orphan. This function is called when an inodes link count drops to
51 * zero.
52 */
ubifs_add_orphan(struct ubifs_info * c,ino_t inum)53 int ubifs_add_orphan(struct ubifs_info *c, ino_t inum)
54 {
55 struct ubifs_orphan *orphan, *o;
56 struct rb_node **p, *parent = NULL;
57
58 orphan = kzalloc(sizeof(struct ubifs_orphan), GFP_NOFS);
59 if (!orphan)
60 return -ENOMEM;
61 orphan->inum = inum;
62 orphan->new = 1;
63
64 spin_lock(&c->orphan_lock);
65 if (c->tot_orphans >= c->max_orphans) {
66 spin_unlock(&c->orphan_lock);
67 kfree(orphan);
68 return -ENFILE;
69 }
70 p = &c->orph_tree.rb_node;
71 while (*p) {
72 parent = *p;
73 o = rb_entry(parent, struct ubifs_orphan, rb);
74 if (inum < o->inum)
75 p = &(*p)->rb_left;
76 else if (inum > o->inum)
77 p = &(*p)->rb_right;
78 else {
79 ubifs_err(c, "orphaned twice");
80 spin_unlock(&c->orphan_lock);
81 kfree(orphan);
82 return -EINVAL;
83 }
84 }
85 c->tot_orphans += 1;
86 c->new_orphans += 1;
87 rb_link_node(&orphan->rb, parent, p);
88 rb_insert_color(&orphan->rb, &c->orph_tree);
89 list_add_tail(&orphan->list, &c->orph_list);
90 list_add_tail(&orphan->new_list, &c->orph_new);
91
92 spin_unlock(&c->orphan_lock);
93 dbg_gen("ino %lu", (unsigned long)inum);
94 return 0;
95 }
96
lookup_orphan(struct ubifs_info * c,ino_t inum)97 static struct ubifs_orphan *lookup_orphan(struct ubifs_info *c, ino_t inum)
98 {
99 struct ubifs_orphan *o;
100 struct rb_node *p;
101
102 p = c->orph_tree.rb_node;
103 while (p) {
104 o = rb_entry(p, struct ubifs_orphan, rb);
105 if (inum < o->inum)
106 p = p->rb_left;
107 else if (inum > o->inum)
108 p = p->rb_right;
109 else {
110 return o;
111 }
112 }
113 return NULL;
114 }
115
__orphan_drop(struct ubifs_info * c,struct ubifs_orphan * o)116 static void __orphan_drop(struct ubifs_info *c, struct ubifs_orphan *o)
117 {
118 rb_erase(&o->rb, &c->orph_tree);
119 list_del(&o->list);
120 c->tot_orphans -= 1;
121
122 if (o->new) {
123 list_del(&o->new_list);
124 c->new_orphans -= 1;
125 }
126
127 kfree(o);
128 }
129
orphan_delete(struct ubifs_info * c,struct ubifs_orphan * orph)130 static void orphan_delete(struct ubifs_info *c, struct ubifs_orphan *orph)
131 {
132 if (orph->del) {
133 dbg_gen("deleted twice ino %lu", (unsigned long)orph->inum);
134 return;
135 }
136
137 if (orph->cmt) {
138 orph->del = 1;
139 rb_erase(&orph->rb, &c->orph_tree);
140 orph->dnext = c->orph_dnext;
141 c->orph_dnext = orph;
142 dbg_gen("delete later ino %lu", (unsigned long)orph->inum);
143 return;
144 }
145
146 __orphan_drop(c, orph);
147 }
148
149 /**
150 * ubifs_delete_orphan - delete an orphan.
151 * @c: UBIFS file-system description object
152 * @inum: orphan inode number
153 *
154 * Delete an orphan. This function is called when an inode is deleted.
155 */
ubifs_delete_orphan(struct ubifs_info * c,ino_t inum)156 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
157 {
158 struct ubifs_orphan *orph;
159
160 spin_lock(&c->orphan_lock);
161
162 orph = lookup_orphan(c, inum);
163 if (!orph) {
164 spin_unlock(&c->orphan_lock);
165 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum);
166 dump_stack();
167
168 return;
169 }
170
171 orphan_delete(c, orph);
172
173 spin_unlock(&c->orphan_lock);
174 }
175
176 /**
177 * ubifs_orphan_start_commit - start commit of orphans.
178 * @c: UBIFS file-system description object
179 *
180 * Start commit of orphans.
181 */
ubifs_orphan_start_commit(struct ubifs_info * c)182 int ubifs_orphan_start_commit(struct ubifs_info *c)
183 {
184 struct ubifs_orphan *orphan, **last;
185
186 spin_lock(&c->orphan_lock);
187 last = &c->orph_cnext;
188 list_for_each_entry(orphan, &c->orph_new, new_list) {
189 ubifs_assert(c, orphan->new);
190 ubifs_assert(c, !orphan->cmt);
191 orphan->new = 0;
192 orphan->cmt = 1;
193 *last = orphan;
194 last = &orphan->cnext;
195 }
196 *last = NULL;
197 c->cmt_orphans = c->new_orphans;
198 c->new_orphans = 0;
199 dbg_cmt("%d orphans to commit", c->cmt_orphans);
200 INIT_LIST_HEAD(&c->orph_new);
201 if (c->tot_orphans == 0)
202 c->no_orphs = 1;
203 else
204 c->no_orphs = 0;
205 spin_unlock(&c->orphan_lock);
206 return 0;
207 }
208
209 /**
210 * avail_orphs - calculate available space.
211 * @c: UBIFS file-system description object
212 *
213 * This function returns the number of orphans that can be written in the
214 * available space.
215 */
avail_orphs(struct ubifs_info * c)216 static int avail_orphs(struct ubifs_info *c)
217 {
218 int avail_lebs, avail, gap;
219
220 avail_lebs = c->orph_lebs - (c->ohead_lnum - c->orph_first) - 1;
221 avail = avail_lebs *
222 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
223 gap = c->leb_size - c->ohead_offs;
224 if (gap >= UBIFS_ORPH_NODE_SZ + sizeof(__le64))
225 avail += (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
226 return avail;
227 }
228
229 /**
230 * tot_avail_orphs - calculate total space.
231 * @c: UBIFS file-system description object
232 *
233 * This function returns the number of orphans that can be written in half
234 * the total space. That leaves half the space for adding new orphans.
235 */
tot_avail_orphs(struct ubifs_info * c)236 static int tot_avail_orphs(struct ubifs_info *c)
237 {
238 int avail_lebs, avail;
239
240 avail_lebs = c->orph_lebs;
241 avail = avail_lebs *
242 ((c->leb_size - UBIFS_ORPH_NODE_SZ) / sizeof(__le64));
243 return avail / 2;
244 }
245
246 /**
247 * do_write_orph_node - write a node to the orphan head.
248 * @c: UBIFS file-system description object
249 * @len: length of node
250 * @atomic: write atomically
251 *
252 * This function writes a node to the orphan head from the orphan buffer. If
253 * %atomic is not zero, then the write is done atomically. On success, %0 is
254 * returned, otherwise a negative error code is returned.
255 */
do_write_orph_node(struct ubifs_info * c,int len,int atomic)256 static int do_write_orph_node(struct ubifs_info *c, int len, int atomic)
257 {
258 int err = 0;
259
260 if (atomic) {
261 ubifs_assert(c, c->ohead_offs == 0);
262 ubifs_prepare_node(c, c->orph_buf, len, 1);
263 len = ALIGN(len, c->min_io_size);
264 err = ubifs_leb_change(c, c->ohead_lnum, c->orph_buf, len);
265 } else {
266 if (c->ohead_offs == 0) {
267 /* Ensure LEB has been unmapped */
268 err = ubifs_leb_unmap(c, c->ohead_lnum);
269 if (err)
270 return err;
271 }
272 err = ubifs_write_node(c, c->orph_buf, len, c->ohead_lnum,
273 c->ohead_offs);
274 }
275 return err;
276 }
277
278 /**
279 * write_orph_node - write an orphan node.
280 * @c: UBIFS file-system description object
281 * @atomic: write atomically
282 *
283 * This function builds an orphan node from the cnext list and writes it to the
284 * orphan head. On success, %0 is returned, otherwise a negative error code
285 * is returned.
286 */
write_orph_node(struct ubifs_info * c,int atomic)287 static int write_orph_node(struct ubifs_info *c, int atomic)
288 {
289 struct ubifs_orphan *orphan, *cnext;
290 struct ubifs_orph_node *orph;
291 int gap, err, len, cnt, i;
292
293 ubifs_assert(c, c->cmt_orphans > 0);
294 gap = c->leb_size - c->ohead_offs;
295 if (gap < UBIFS_ORPH_NODE_SZ + sizeof(__le64)) {
296 c->ohead_lnum += 1;
297 c->ohead_offs = 0;
298 gap = c->leb_size;
299 if (c->ohead_lnum > c->orph_last) {
300 /*
301 * We limit the number of orphans so that this should
302 * never happen.
303 */
304 ubifs_err(c, "out of space in orphan area");
305 return -EINVAL;
306 }
307 }
308 cnt = (gap - UBIFS_ORPH_NODE_SZ) / sizeof(__le64);
309 if (cnt > c->cmt_orphans)
310 cnt = c->cmt_orphans;
311 len = UBIFS_ORPH_NODE_SZ + cnt * sizeof(__le64);
312 ubifs_assert(c, c->orph_buf);
313 orph = c->orph_buf;
314 orph->ch.node_type = UBIFS_ORPH_NODE;
315 spin_lock(&c->orphan_lock);
316 cnext = c->orph_cnext;
317 for (i = 0; i < cnt; i++) {
318 orphan = cnext;
319 ubifs_assert(c, orphan->cmt);
320 orph->inos[i] = cpu_to_le64(orphan->inum);
321 orphan->cmt = 0;
322 cnext = orphan->cnext;
323 orphan->cnext = NULL;
324 }
325 c->orph_cnext = cnext;
326 c->cmt_orphans -= cnt;
327 spin_unlock(&c->orphan_lock);
328 if (c->cmt_orphans)
329 orph->cmt_no = cpu_to_le64(c->cmt_no);
330 else
331 /* Mark the last node of the commit */
332 orph->cmt_no = cpu_to_le64((c->cmt_no) | (1ULL << 63));
333 ubifs_assert(c, c->ohead_offs + len <= c->leb_size);
334 ubifs_assert(c, c->ohead_lnum >= c->orph_first);
335 ubifs_assert(c, c->ohead_lnum <= c->orph_last);
336 err = do_write_orph_node(c, len, atomic);
337 c->ohead_offs += ALIGN(len, c->min_io_size);
338 c->ohead_offs = ALIGN(c->ohead_offs, 8);
339 return err;
340 }
341
342 /**
343 * write_orph_nodes - write orphan nodes until there are no more to commit.
344 * @c: UBIFS file-system description object
345 * @atomic: write atomically
346 *
347 * This function writes orphan nodes for all the orphans to commit. On success,
348 * %0 is returned, otherwise a negative error code is returned.
349 */
write_orph_nodes(struct ubifs_info * c,int atomic)350 static int write_orph_nodes(struct ubifs_info *c, int atomic)
351 {
352 int err;
353
354 while (c->cmt_orphans > 0) {
355 err = write_orph_node(c, atomic);
356 if (err)
357 return err;
358 }
359 if (atomic) {
360 int lnum;
361
362 /* Unmap any unused LEBs after consolidation */
363 for (lnum = c->ohead_lnum + 1; lnum <= c->orph_last; lnum++) {
364 err = ubifs_leb_unmap(c, lnum);
365 if (err)
366 return err;
367 }
368 }
369 return 0;
370 }
371
372 /**
373 * consolidate - consolidate the orphan area.
374 * @c: UBIFS file-system description object
375 *
376 * This function enables consolidation by putting all the orphans into the list
377 * to commit. The list is in the order that the orphans were added, and the
378 * LEBs are written atomically in order, so at no time can orphans be lost by
379 * an unclean unmount.
380 *
381 * This function returns %0 on success and a negative error code on failure.
382 */
consolidate(struct ubifs_info * c)383 static int consolidate(struct ubifs_info *c)
384 {
385 int tot_avail = tot_avail_orphs(c), err = 0;
386
387 spin_lock(&c->orphan_lock);
388 dbg_cmt("there is space for %d orphans and there are %d",
389 tot_avail, c->tot_orphans);
390 if (c->tot_orphans - c->new_orphans <= tot_avail) {
391 struct ubifs_orphan *orphan, **last;
392 int cnt = 0;
393
394 /* Change the cnext list to include all non-new orphans */
395 last = &c->orph_cnext;
396 list_for_each_entry(orphan, &c->orph_list, list) {
397 if (orphan->new)
398 continue;
399 orphan->cmt = 1;
400 *last = orphan;
401 last = &orphan->cnext;
402 cnt += 1;
403 }
404 *last = NULL;
405 ubifs_assert(c, cnt == c->tot_orphans - c->new_orphans);
406 c->cmt_orphans = cnt;
407 c->ohead_lnum = c->orph_first;
408 c->ohead_offs = 0;
409 } else {
410 /*
411 * We limit the number of orphans so that this should
412 * never happen.
413 */
414 ubifs_err(c, "out of space in orphan area");
415 err = -EINVAL;
416 }
417 spin_unlock(&c->orphan_lock);
418 return err;
419 }
420
421 /**
422 * commit_orphans - commit orphans.
423 * @c: UBIFS file-system description object
424 *
425 * This function commits orphans to flash. On success, %0 is returned,
426 * otherwise a negative error code is returned.
427 */
commit_orphans(struct ubifs_info * c)428 static int commit_orphans(struct ubifs_info *c)
429 {
430 int avail, atomic = 0, err;
431
432 ubifs_assert(c, c->cmt_orphans > 0);
433 avail = avail_orphs(c);
434 if (avail < c->cmt_orphans) {
435 /* Not enough space to write new orphans, so consolidate */
436 err = consolidate(c);
437 if (err)
438 return err;
439 atomic = 1;
440 }
441 err = write_orph_nodes(c, atomic);
442 return err;
443 }
444
445 /**
446 * erase_deleted - erase the orphans marked for deletion.
447 * @c: UBIFS file-system description object
448 *
449 * During commit, the orphans being committed cannot be deleted, so they are
450 * marked for deletion and deleted by this function. Also, the recovery
451 * adds killed orphans to the deletion list, and therefore they are deleted
452 * here too.
453 */
erase_deleted(struct ubifs_info * c)454 static void erase_deleted(struct ubifs_info *c)
455 {
456 struct ubifs_orphan *orphan, *dnext;
457
458 spin_lock(&c->orphan_lock);
459 dnext = c->orph_dnext;
460 while (dnext) {
461 orphan = dnext;
462 dnext = orphan->dnext;
463 ubifs_assert(c, !orphan->new);
464 ubifs_assert(c, orphan->del);
465 list_del(&orphan->list);
466 c->tot_orphans -= 1;
467 dbg_gen("deleting orphan ino %lu", (unsigned long)orphan->inum);
468 kfree(orphan);
469 }
470 c->orph_dnext = NULL;
471 spin_unlock(&c->orphan_lock);
472 }
473
474 /**
475 * ubifs_orphan_end_commit - end commit of orphans.
476 * @c: UBIFS file-system description object
477 *
478 * End commit of orphans.
479 */
ubifs_orphan_end_commit(struct ubifs_info * c)480 int ubifs_orphan_end_commit(struct ubifs_info *c)
481 {
482 int err;
483
484 if (c->cmt_orphans != 0) {
485 err = commit_orphans(c);
486 if (err)
487 return err;
488 }
489 erase_deleted(c);
490 err = dbg_check_orphans(c);
491 return err;
492 }
493
494 /**
495 * ubifs_clear_orphans - erase all LEBs used for orphans.
496 * @c: UBIFS file-system description object
497 *
498 * If recovery is not required, then the orphans from the previous session
499 * are not needed. This function locates the LEBs used to record
500 * orphans, and un-maps them.
501 */
ubifs_clear_orphans(struct ubifs_info * c)502 int ubifs_clear_orphans(struct ubifs_info *c)
503 {
504 int lnum, err;
505
506 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
507 err = ubifs_leb_unmap(c, lnum);
508 if (err)
509 return err;
510 }
511 c->ohead_lnum = c->orph_first;
512 c->ohead_offs = 0;
513 return 0;
514 }
515
516 /**
517 * do_kill_orphans - remove orphan inodes from the index.
518 * @c: UBIFS file-system description object
519 * @sleb: scanned LEB
520 * @last_cmt_no: cmt_no of last orphan node read is passed and returned here
521 * @outofdate: whether the LEB is out of date is returned here
522 * @last_flagged: whether the end orphan node is encountered
523 *
524 * This function is a helper to the 'kill_orphans()' function. It goes through
525 * every orphan node in a LEB and for every inode number recorded, removes
526 * all keys for that inode from the TNC.
527 */
do_kill_orphans(struct ubifs_info * c,struct ubifs_scan_leb * sleb,unsigned long long * last_cmt_no,int * outofdate,int * last_flagged)528 static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
529 unsigned long long *last_cmt_no, int *outofdate,
530 int *last_flagged)
531 {
532 struct ubifs_scan_node *snod;
533 struct ubifs_orph_node *orph;
534 struct ubifs_ino_node *ino = NULL;
535 unsigned long long cmt_no;
536 ino_t inum;
537 int i, n, err, first = 1;
538
539 ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
540 if (!ino)
541 return -ENOMEM;
542
543 list_for_each_entry(snod, &sleb->nodes, list) {
544 if (snod->type != UBIFS_ORPH_NODE) {
545 ubifs_err(c, "invalid node type %d in orphan area at %d:%d",
546 snod->type, sleb->lnum, snod->offs);
547 ubifs_dump_node(c, snod->node,
548 c->leb_size - snod->offs);
549 err = -EINVAL;
550 goto out_free;
551 }
552
553 orph = snod->node;
554
555 /* Check commit number */
556 cmt_no = le64_to_cpu(orph->cmt_no) & LLONG_MAX;
557 /*
558 * The commit number on the master node may be less, because
559 * of a failed commit. If there are several failed commits in a
560 * row, the commit number written on orphan nodes will continue
561 * to increase (because the commit number is adjusted here) even
562 * though the commit number on the master node stays the same
563 * because the master node has not been re-written.
564 */
565 if (cmt_no > c->cmt_no)
566 c->cmt_no = cmt_no;
567 if (cmt_no < *last_cmt_no && *last_flagged) {
568 /*
569 * The last orphan node had a higher commit number and
570 * was flagged as the last written for that commit
571 * number. That makes this orphan node, out of date.
572 */
573 if (!first) {
574 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d",
575 cmt_no, sleb->lnum, snod->offs);
576 ubifs_dump_node(c, snod->node,
577 c->leb_size - snod->offs);
578 err = -EINVAL;
579 goto out_free;
580 }
581 dbg_rcvry("out of date LEB %d", sleb->lnum);
582 *outofdate = 1;
583 err = 0;
584 goto out_free;
585 }
586
587 if (first)
588 first = 0;
589
590 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
591 for (i = 0; i < n; i++) {
592 union ubifs_key key;
593
594 inum = le64_to_cpu(orph->inos[i]);
595
596 ino_key_init(c, &key, inum);
597 err = ubifs_tnc_lookup(c, &key, ino);
598 if (err && err != -ENOENT)
599 goto out_free;
600
601 /*
602 * Check whether an inode can really get deleted.
603 * linkat() with O_TMPFILE allows rebirth of an inode.
604 */
605 if (err == 0 && ino->nlink == 0) {
606 dbg_rcvry("deleting orphaned inode %lu",
607 (unsigned long)inum);
608
609 err = ubifs_tnc_remove_ino(c, inum);
610 if (err)
611 goto out_ro;
612 }
613 }
614
615 *last_cmt_no = cmt_no;
616 if (le64_to_cpu(orph->cmt_no) & (1ULL << 63)) {
617 dbg_rcvry("last orph node for commit %llu at %d:%d",
618 cmt_no, sleb->lnum, snod->offs);
619 *last_flagged = 1;
620 } else
621 *last_flagged = 0;
622 }
623
624 err = 0;
625 out_free:
626 kfree(ino);
627 return err;
628
629 out_ro:
630 ubifs_ro_mode(c, err);
631 kfree(ino);
632 return err;
633 }
634
635 /**
636 * kill_orphans - remove all orphan inodes from the index.
637 * @c: UBIFS file-system description object
638 *
639 * If recovery is required, then orphan inodes recorded during the previous
640 * session (which ended with an unclean unmount) must be deleted from the index.
641 * This is done by updating the TNC, but since the index is not updated until
642 * the next commit, the LEBs where the orphan information is recorded are not
643 * erased until the next commit.
644 */
kill_orphans(struct ubifs_info * c)645 static int kill_orphans(struct ubifs_info *c)
646 {
647 unsigned long long last_cmt_no = 0;
648 int lnum, err = 0, outofdate = 0, last_flagged = 0;
649
650 c->ohead_lnum = c->orph_first;
651 c->ohead_offs = 0;
652 /* Check no-orphans flag and skip this if no orphans */
653 if (c->no_orphs) {
654 dbg_rcvry("no orphans");
655 return 0;
656 }
657 /*
658 * Orph nodes always start at c->orph_first and are written to each
659 * successive LEB in turn. Generally unused LEBs will have been unmapped
660 * but may contain out of date orphan nodes if the unmap didn't go
661 * through. In addition, the last orphan node written for each commit is
662 * marked (top bit of orph->cmt_no is set to 1). It is possible that
663 * there are orphan nodes from the next commit (i.e. the commit did not
664 * complete successfully). In that case, no orphans will have been lost
665 * due to the way that orphans are written, and any orphans added will
666 * be valid orphans anyway and so can be deleted.
667 */
668 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
669 struct ubifs_scan_leb *sleb;
670
671 dbg_rcvry("LEB %d", lnum);
672 sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1);
673 if (IS_ERR(sleb)) {
674 if (PTR_ERR(sleb) == -EUCLEAN)
675 sleb = ubifs_recover_leb(c, lnum, 0,
676 c->sbuf, -1);
677 if (IS_ERR(sleb)) {
678 err = PTR_ERR(sleb);
679 break;
680 }
681 }
682 err = do_kill_orphans(c, sleb, &last_cmt_no, &outofdate,
683 &last_flagged);
684 if (err || outofdate) {
685 ubifs_scan_destroy(sleb);
686 break;
687 }
688 if (sleb->endpt) {
689 c->ohead_lnum = lnum;
690 c->ohead_offs = sleb->endpt;
691 }
692 ubifs_scan_destroy(sleb);
693 }
694 return err;
695 }
696
697 /**
698 * ubifs_mount_orphans - delete orphan inodes and erase LEBs that recorded them.
699 * @c: UBIFS file-system description object
700 * @unclean: indicates recovery from unclean unmount
701 * @read_only: indicates read only mount
702 *
703 * This function is called when mounting to erase orphans from the previous
704 * session. If UBIFS was not unmounted cleanly, then the inodes recorded as
705 * orphans are deleted.
706 */
ubifs_mount_orphans(struct ubifs_info * c,int unclean,int read_only)707 int ubifs_mount_orphans(struct ubifs_info *c, int unclean, int read_only)
708 {
709 int err = 0;
710
711 c->max_orphans = tot_avail_orphs(c);
712
713 if (!read_only) {
714 c->orph_buf = vmalloc(c->leb_size);
715 if (!c->orph_buf)
716 return -ENOMEM;
717 }
718
719 if (unclean)
720 err = kill_orphans(c);
721 else if (!read_only)
722 err = ubifs_clear_orphans(c);
723
724 return err;
725 }
726
727 /*
728 * Everything below is related to debugging.
729 */
730
731 struct check_orphan {
732 struct rb_node rb;
733 ino_t inum;
734 };
735
736 struct check_info {
737 unsigned long last_ino;
738 unsigned long tot_inos;
739 unsigned long missing;
740 unsigned long long leaf_cnt;
741 struct ubifs_ino_node *node;
742 struct rb_root root;
743 };
744
dbg_find_orphan(struct ubifs_info * c,ino_t inum)745 static bool dbg_find_orphan(struct ubifs_info *c, ino_t inum)
746 {
747 bool found = false;
748
749 spin_lock(&c->orphan_lock);
750 found = !!lookup_orphan(c, inum);
751 spin_unlock(&c->orphan_lock);
752
753 return found;
754 }
755
dbg_ins_check_orphan(struct rb_root * root,ino_t inum)756 static int dbg_ins_check_orphan(struct rb_root *root, ino_t inum)
757 {
758 struct check_orphan *orphan, *o;
759 struct rb_node **p, *parent = NULL;
760
761 orphan = kzalloc(sizeof(struct check_orphan), GFP_NOFS);
762 if (!orphan)
763 return -ENOMEM;
764 orphan->inum = inum;
765
766 p = &root->rb_node;
767 while (*p) {
768 parent = *p;
769 o = rb_entry(parent, struct check_orphan, rb);
770 if (inum < o->inum)
771 p = &(*p)->rb_left;
772 else if (inum > o->inum)
773 p = &(*p)->rb_right;
774 else {
775 kfree(orphan);
776 return 0;
777 }
778 }
779 rb_link_node(&orphan->rb, parent, p);
780 rb_insert_color(&orphan->rb, root);
781 return 0;
782 }
783
dbg_find_check_orphan(struct rb_root * root,ino_t inum)784 static int dbg_find_check_orphan(struct rb_root *root, ino_t inum)
785 {
786 struct check_orphan *o;
787 struct rb_node *p;
788
789 p = root->rb_node;
790 while (p) {
791 o = rb_entry(p, struct check_orphan, rb);
792 if (inum < o->inum)
793 p = p->rb_left;
794 else if (inum > o->inum)
795 p = p->rb_right;
796 else
797 return 1;
798 }
799 return 0;
800 }
801
dbg_free_check_tree(struct rb_root * root)802 static void dbg_free_check_tree(struct rb_root *root)
803 {
804 struct check_orphan *o, *n;
805
806 rbtree_postorder_for_each_entry_safe(o, n, root, rb)
807 kfree(o);
808 }
809
dbg_orphan_check(struct ubifs_info * c,struct ubifs_zbranch * zbr,void * priv)810 static int dbg_orphan_check(struct ubifs_info *c, struct ubifs_zbranch *zbr,
811 void *priv)
812 {
813 struct check_info *ci = priv;
814 ino_t inum;
815 int err;
816
817 inum = key_inum(c, &zbr->key);
818 if (inum != ci->last_ino) {
819 /*
820 * Lowest node type is the inode node or xattr entry(when
821 * selinux/encryption is enabled), so it comes first
822 */
823 if (key_type(c, &zbr->key) != UBIFS_INO_KEY &&
824 key_type(c, &zbr->key) != UBIFS_XENT_KEY)
825 ubifs_err(c, "found orphan node ino %lu, type %d",
826 (unsigned long)inum, key_type(c, &zbr->key));
827 ci->last_ino = inum;
828 ci->tot_inos += 1;
829 err = ubifs_tnc_read_node(c, zbr, ci->node);
830 if (err) {
831 ubifs_err(c, "node read failed, error %d", err);
832 return err;
833 }
834 if (ci->node->nlink == 0)
835 /* Must be recorded as an orphan */
836 if (!dbg_find_check_orphan(&ci->root, inum) &&
837 !dbg_find_orphan(c, inum)) {
838 ubifs_err(c, "missing orphan, ino %lu",
839 (unsigned long)inum);
840 ci->missing += 1;
841 }
842 }
843 ci->leaf_cnt += 1;
844 return 0;
845 }
846
dbg_read_orphans(struct check_info * ci,struct ubifs_scan_leb * sleb)847 static int dbg_read_orphans(struct check_info *ci, struct ubifs_scan_leb *sleb)
848 {
849 struct ubifs_scan_node *snod;
850 struct ubifs_orph_node *orph;
851 ino_t inum;
852 int i, n, err;
853
854 list_for_each_entry(snod, &sleb->nodes, list) {
855 cond_resched();
856 if (snod->type != UBIFS_ORPH_NODE)
857 continue;
858 orph = snod->node;
859 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
860 for (i = 0; i < n; i++) {
861 inum = le64_to_cpu(orph->inos[i]);
862 err = dbg_ins_check_orphan(&ci->root, inum);
863 if (err)
864 return err;
865 }
866 }
867 return 0;
868 }
869
dbg_scan_orphans(struct ubifs_info * c,struct check_info * ci)870 static int dbg_scan_orphans(struct ubifs_info *c, struct check_info *ci)
871 {
872 int lnum, err = 0;
873 void *buf;
874
875 /* Check no-orphans flag and skip this if no orphans */
876 if (c->no_orphs)
877 return 0;
878
879 buf = __vmalloc(c->leb_size, GFP_NOFS);
880 if (!buf) {
881 ubifs_err(c, "cannot allocate memory to check orphans");
882 return 0;
883 }
884
885 for (lnum = c->orph_first; lnum <= c->orph_last; lnum++) {
886 struct ubifs_scan_leb *sleb;
887
888 sleb = ubifs_scan(c, lnum, 0, buf, 0);
889 if (IS_ERR(sleb)) {
890 err = PTR_ERR(sleb);
891 break;
892 }
893
894 err = dbg_read_orphans(ci, sleb);
895 ubifs_scan_destroy(sleb);
896 if (err)
897 break;
898 }
899
900 vfree(buf);
901 return err;
902 }
903
dbg_check_orphans(struct ubifs_info * c)904 static int dbg_check_orphans(struct ubifs_info *c)
905 {
906 struct check_info ci;
907 int err;
908
909 if (!dbg_is_chk_orph(c))
910 return 0;
911
912 ci.last_ino = 0;
913 ci.tot_inos = 0;
914 ci.missing = 0;
915 ci.leaf_cnt = 0;
916 ci.root = RB_ROOT;
917 ci.node = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
918 if (!ci.node) {
919 ubifs_err(c, "out of memory");
920 return -ENOMEM;
921 }
922
923 err = dbg_scan_orphans(c, &ci);
924 if (err)
925 goto out;
926
927 err = dbg_walk_index(c, &dbg_orphan_check, NULL, &ci);
928 if (err) {
929 ubifs_err(c, "cannot scan TNC, error %d", err);
930 goto out;
931 }
932
933 if (ci.missing) {
934 ubifs_err(c, "%lu missing orphan(s)", ci.missing);
935 err = -EINVAL;
936 goto out;
937 }
938
939 dbg_cmt("last inode number is %lu", ci.last_ino);
940 dbg_cmt("total number of inodes is %lu", ci.tot_inos);
941 dbg_cmt("total number of leaf nodes is %llu", ci.leaf_cnt);
942
943 out:
944 dbg_free_check_tree(&ci.root);
945 kfree(ci.node);
946 return err;
947 }
948