1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-24 17:23:25 -05:00
linux/fs/ubifs/tnc_commit.c
Kees Cook 6da2ec5605 treewide: kmalloc() -> kmalloc_array()
The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
patch replaces cases of:

        kmalloc(a * b, gfp)

with:
        kmalloc_array(a * b, gfp)

as well as handling cases of:

        kmalloc(a * b * c, gfp)

with:

        kmalloc(array3_size(a, b, c), gfp)

as it's slightly less ugly than:

        kmalloc_array(array_size(a, b), c, gfp)

This does, however, attempt to ignore constant size factors like:

        kmalloc(4 * 1024, gfp)

though any constants defined via macros get caught up in the conversion.

Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.

The tools/ directory was manually excluded, since it has its own
implementation of kmalloc().

The Coccinelle script used for this was:

// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@

(
  kmalloc(
-	(sizeof(TYPE)) * E
+	sizeof(TYPE) * E
  , ...)
|
  kmalloc(
-	(sizeof(THING)) * E
+	sizeof(THING) * E
  , ...)
)

// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@

(
  kmalloc(
-	sizeof(u8) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(__u8) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(char) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(unsigned char) * (COUNT)
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(u8) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(__u8) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(char) * COUNT
+	COUNT
  , ...)
|
  kmalloc(
-	sizeof(unsigned char) * COUNT
+	COUNT
  , ...)
)

// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@

(
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (COUNT_ID)
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * COUNT_ID
+	COUNT_ID, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (COUNT_CONST)
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * COUNT_CONST
+	COUNT_CONST, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (COUNT_ID)
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * COUNT_ID
+	COUNT_ID, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (COUNT_CONST)
+	COUNT_CONST, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * COUNT_CONST
+	COUNT_CONST, sizeof(THING)
  , ...)
)

// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@

- kmalloc
+ kmalloc_array
  (
-	SIZE * COUNT
+	COUNT, SIZE
  , ...)

// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@

(
  kmalloc(
-	sizeof(TYPE) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(TYPE) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(TYPE))
  , ...)
|
  kmalloc(
-	sizeof(THING) * (COUNT) * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * (COUNT) * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * COUNT * (STRIDE)
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
|
  kmalloc(
-	sizeof(THING) * COUNT * STRIDE
+	array3_size(COUNT, STRIDE, sizeof(THING))
  , ...)
)

// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@

(
  kmalloc(
-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
  , ...)
|
  kmalloc(
-	sizeof(THING1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(THING1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * COUNT
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
|
  kmalloc(
-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
  , ...)
)

// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@

(
  kmalloc(
-	(COUNT) * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * (STRIDE) * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * STRIDE * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	(COUNT) * (STRIDE) * (SIZE)
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
|
  kmalloc(
-	COUNT * STRIDE * SIZE
+	array3_size(COUNT, STRIDE, SIZE)
  , ...)
)

// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@

(
  kmalloc(C1 * C2 * C3, ...)
|
  kmalloc(
-	(E1) * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	(E1) * (E2) * E3
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	(E1) * (E2) * (E3)
+	array3_size(E1, E2, E3)
  , ...)
|
  kmalloc(
-	E1 * E2 * E3
+	array3_size(E1, E2, E3)
  , ...)
)

// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@

(
  kmalloc(sizeof(THING) * C2, ...)
|
  kmalloc(sizeof(TYPE) * C2, ...)
|
  kmalloc(C1 * C2 * C3, ...)
|
  kmalloc(C1 * C2, ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * (E2)
+	E2, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(TYPE) * E2
+	E2, sizeof(TYPE)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * (E2)
+	E2, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	sizeof(THING) * E2
+	E2, sizeof(THING)
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	(E1) * E2
+	E1, E2
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	(E1) * (E2)
+	E1, E2
  , ...)
|
- kmalloc
+ kmalloc_array
  (
-	E1 * E2
+	E1, E2
  , ...)
)

Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-12 16:19:22 -07:00

1076 lines
27 KiB
C

/*
* This file is part of UBIFS.
*
* Copyright (C) 2006-2008 Nokia Corporation.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 as published by
* the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 51
* Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* Authors: Adrian Hunter
* Artem Bityutskiy (Битюцкий Артём)
*/
/* This file implements TNC functions for committing */
#include <linux/random.h>
#include "ubifs.h"
/**
* make_idx_node - make an index node for fill-the-gaps method of TNC commit.
* @c: UBIFS file-system description object
* @idx: buffer in which to place new index node
* @znode: znode from which to make new index node
* @lnum: LEB number where new index node will be written
* @offs: offset where new index node will be written
* @len: length of new index node
*/
static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
struct ubifs_znode *znode, int lnum, int offs, int len)
{
struct ubifs_znode *zp;
int i, err;
/* Make index node */
idx->ch.node_type = UBIFS_IDX_NODE;
idx->child_cnt = cpu_to_le16(znode->child_cnt);
idx->level = cpu_to_le16(znode->level);
for (i = 0; i < znode->child_cnt; i++) {
struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
struct ubifs_zbranch *zbr = &znode->zbranch[i];
key_write_idx(c, &zbr->key, &br->key);
br->lnum = cpu_to_le32(zbr->lnum);
br->offs = cpu_to_le32(zbr->offs);
br->len = cpu_to_le32(zbr->len);
if (!zbr->lnum || !zbr->len) {
ubifs_err(c, "bad ref in znode");
ubifs_dump_znode(c, znode);
if (zbr->znode)
ubifs_dump_znode(c, zbr->znode);
return -EINVAL;
}
}
ubifs_prepare_node(c, idx, len, 0);
znode->lnum = lnum;
znode->offs = offs;
znode->len = len;
err = insert_old_idx_znode(c, znode);
/* Update the parent */
zp = znode->parent;
if (zp) {
struct ubifs_zbranch *zbr;
zbr = &zp->zbranch[znode->iip];
zbr->lnum = lnum;
zbr->offs = offs;
zbr->len = len;
} else {
c->zroot.lnum = lnum;
c->zroot.offs = offs;
c->zroot.len = len;
}
c->calc_idx_sz += ALIGN(len, 8);
atomic_long_dec(&c->dirty_zn_cnt);
ubifs_assert(ubifs_zn_dirty(znode));
ubifs_assert(ubifs_zn_cow(znode));
/*
* Note, unlike 'write_index()' we do not add memory barriers here
* because this function is called with @c->tnc_mutex locked.
*/
__clear_bit(DIRTY_ZNODE, &znode->flags);
__clear_bit(COW_ZNODE, &znode->flags);
return err;
}
/**
* fill_gap - make index nodes in gaps in dirty index LEBs.
* @c: UBIFS file-system description object
* @lnum: LEB number that gap appears in
* @gap_start: offset of start of gap
* @gap_end: offset of end of gap
* @dirt: adds dirty space to this
*
* This function returns the number of index nodes written into the gap.
*/
static int fill_gap(struct ubifs_info *c, int lnum, int gap_start, int gap_end,
int *dirt)
{
int len, gap_remains, gap_pos, written, pad_len;
ubifs_assert((gap_start & 7) == 0);
ubifs_assert((gap_end & 7) == 0);
ubifs_assert(gap_end >= gap_start);
gap_remains = gap_end - gap_start;
if (!gap_remains)
return 0;
gap_pos = gap_start;
written = 0;
while (c->enext) {
len = ubifs_idx_node_sz(c, c->enext->child_cnt);
if (len < gap_remains) {
struct ubifs_znode *znode = c->enext;
const int alen = ALIGN(len, 8);
int err;
ubifs_assert(alen <= gap_remains);
err = make_idx_node(c, c->ileb_buf + gap_pos, znode,
lnum, gap_pos, len);
if (err)
return err;
gap_remains -= alen;
gap_pos += alen;
c->enext = znode->cnext;
if (c->enext == c->cnext)
c->enext = NULL;
written += 1;
} else
break;
}
if (gap_end == c->leb_size) {
c->ileb_len = ALIGN(gap_pos, c->min_io_size);
/* Pad to end of min_io_size */
pad_len = c->ileb_len - gap_pos;
} else
/* Pad to end of gap */
pad_len = gap_remains;
dbg_gc("LEB %d:%d to %d len %d nodes written %d wasted bytes %d",
lnum, gap_start, gap_end, gap_end - gap_start, written, pad_len);
ubifs_pad(c, c->ileb_buf + gap_pos, pad_len);
*dirt += pad_len;
return written;
}
/**
* find_old_idx - find an index node obsoleted since the last commit start.
* @c: UBIFS file-system description object
* @lnum: LEB number of obsoleted index node
* @offs: offset of obsoleted index node
*
* Returns %1 if found and %0 otherwise.
*/
static int find_old_idx(struct ubifs_info *c, int lnum, int offs)
{
struct ubifs_old_idx *o;
struct rb_node *p;
p = c->old_idx.rb_node;
while (p) {
o = rb_entry(p, struct ubifs_old_idx, rb);
if (lnum < o->lnum)
p = p->rb_left;
else if (lnum > o->lnum)
p = p->rb_right;
else if (offs < o->offs)
p = p->rb_left;
else if (offs > o->offs)
p = p->rb_right;
else
return 1;
}
return 0;
}
/**
* is_idx_node_in_use - determine if an index node can be overwritten.
* @c: UBIFS file-system description object
* @key: key of index node
* @level: index node level
* @lnum: LEB number of index node
* @offs: offset of index node
*
* If @key / @lnum / @offs identify an index node that was not part of the old
* index, then this function returns %0 (obsolete). Else if the index node was
* part of the old index but is now dirty %1 is returned, else if it is clean %2
* is returned. A negative error code is returned on failure.
*/
static int is_idx_node_in_use(struct ubifs_info *c, union ubifs_key *key,
int level, int lnum, int offs)
{
int ret;
ret = is_idx_node_in_tnc(c, key, level, lnum, offs);
if (ret < 0)
return ret; /* Error code */
if (ret == 0)
if (find_old_idx(c, lnum, offs))
return 1;
return ret;
}
/**
* layout_leb_in_gaps - layout index nodes using in-the-gaps method.
* @c: UBIFS file-system description object
* @p: return LEB number here
*
* This function lays out new index nodes for dirty znodes using in-the-gaps
* method of TNC commit.
* This function merely puts the next znode into the next gap, making no attempt
* to try to maximise the number of znodes that fit.
* This function returns the number of index nodes written into the gaps, or a
* negative error code on failure.
*/
static int layout_leb_in_gaps(struct ubifs_info *c, int *p)
{
struct ubifs_scan_leb *sleb;
struct ubifs_scan_node *snod;
int lnum, dirt = 0, gap_start, gap_end, err, written, tot_written;
tot_written = 0;
/* Get an index LEB with lots of obsolete index nodes */
lnum = ubifs_find_dirty_idx_leb(c);
if (lnum < 0)
/*
* There also may be dirt in the index head that could be
* filled, however we do not check there at present.
*/
return lnum; /* Error code */
*p = lnum;
dbg_gc("LEB %d", lnum);
/*
* Scan the index LEB. We use the generic scan for this even though
* it is more comprehensive and less efficient than is needed for this
* purpose.
*/
sleb = ubifs_scan(c, lnum, 0, c->ileb_buf, 0);
c->ileb_len = 0;
if (IS_ERR(sleb))
return PTR_ERR(sleb);
gap_start = 0;
list_for_each_entry(snod, &sleb->nodes, list) {
struct ubifs_idx_node *idx;
int in_use, level;
ubifs_assert(snod->type == UBIFS_IDX_NODE);
idx = snod->node;
key_read(c, ubifs_idx_key(c, idx), &snod->key);
level = le16_to_cpu(idx->level);
/* Determine if the index node is in use (not obsolete) */
in_use = is_idx_node_in_use(c, &snod->key, level, lnum,
snod->offs);
if (in_use < 0) {
ubifs_scan_destroy(sleb);
return in_use; /* Error code */
}
if (in_use) {
if (in_use == 1)
dirt += ALIGN(snod->len, 8);
/*
* The obsolete index nodes form gaps that can be
* overwritten. This gap has ended because we have
* found an index node that is still in use
* i.e. not obsolete
*/
gap_end = snod->offs;
/* Try to fill gap */
written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
if (written < 0) {
ubifs_scan_destroy(sleb);
return written; /* Error code */
}
tot_written += written;
gap_start = ALIGN(snod->offs + snod->len, 8);
}
}
ubifs_scan_destroy(sleb);
c->ileb_len = c->leb_size;
gap_end = c->leb_size;
/* Try to fill gap */
written = fill_gap(c, lnum, gap_start, gap_end, &dirt);
if (written < 0)
return written; /* Error code */
tot_written += written;
if (tot_written == 0) {
struct ubifs_lprops lp;
dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
err = ubifs_read_one_lp(c, lnum, &lp);
if (err)
return err;
if (lp.free == c->leb_size) {
/*
* We must have snatched this LEB from the idx_gc list
* so we need to correct the free and dirty space.
*/
err = ubifs_change_one_lp(c, lnum,
c->leb_size - c->ileb_len,
dirt, 0, 0, 0);
if (err)
return err;
}
return 0;
}
err = ubifs_change_one_lp(c, lnum, c->leb_size - c->ileb_len, dirt,
0, 0, 0);
if (err)
return err;
err = ubifs_leb_change(c, lnum, c->ileb_buf, c->ileb_len);
if (err)
return err;
dbg_gc("LEB %d wrote %d index nodes", lnum, tot_written);
return tot_written;
}
/**
* get_leb_cnt - calculate the number of empty LEBs needed to commit.
* @c: UBIFS file-system description object
* @cnt: number of znodes to commit
*
* This function returns the number of empty LEBs needed to commit @cnt znodes
* to the current index head. The number is not exact and may be more than
* needed.
*/
static int get_leb_cnt(struct ubifs_info *c, int cnt)
{
int d;
/* Assume maximum index node size (i.e. overestimate space needed) */
cnt -= (c->leb_size - c->ihead_offs) / c->max_idx_node_sz;
if (cnt < 0)
cnt = 0;
d = c->leb_size / c->max_idx_node_sz;
return DIV_ROUND_UP(cnt, d);
}
/**
* layout_in_gaps - in-the-gaps method of committing TNC.
* @c: UBIFS file-system description object
* @cnt: number of dirty znodes to commit.
*
* This function lays out new index nodes for dirty znodes using in-the-gaps
* method of TNC commit.
*
* This function returns %0 on success and a negative error code on failure.
*/
static int layout_in_gaps(struct ubifs_info *c, int cnt)
{
int err, leb_needed_cnt, written, *p;
dbg_gc("%d znodes to write", cnt);
c->gap_lebs = kmalloc_array(c->lst.idx_lebs + 1, sizeof(int),
GFP_NOFS);
if (!c->gap_lebs)
return -ENOMEM;
p = c->gap_lebs;
do {
ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs);
written = layout_leb_in_gaps(c, p);
if (written < 0) {
err = written;
if (err != -ENOSPC) {
kfree(c->gap_lebs);
c->gap_lebs = NULL;
return err;
}
if (!dbg_is_chk_index(c)) {
/*
* Do not print scary warnings if the debugging
* option which forces in-the-gaps is enabled.
*/
ubifs_warn(c, "out of space");
ubifs_dump_budg(c, &c->bi);
ubifs_dump_lprops(c);
}
/* Try to commit anyway */
break;
}
p++;
cnt -= written;
leb_needed_cnt = get_leb_cnt(c, cnt);
dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt,
leb_needed_cnt, c->ileb_cnt);
} while (leb_needed_cnt > c->ileb_cnt);
*p = -1;
return 0;
}
/**
* layout_in_empty_space - layout index nodes in empty space.
* @c: UBIFS file-system description object
*
* This function lays out new index nodes for dirty znodes using empty LEBs.
*
* This function returns %0 on success and a negative error code on failure.
*/
static int layout_in_empty_space(struct ubifs_info *c)
{
struct ubifs_znode *znode, *cnext, *zp;
int lnum, offs, len, next_len, buf_len, buf_offs, used, avail;
int wlen, blen, err;
cnext = c->enext;
if (!cnext)
return 0;
lnum = c->ihead_lnum;
buf_offs = c->ihead_offs;
buf_len = ubifs_idx_node_sz(c, c->fanout);
buf_len = ALIGN(buf_len, c->min_io_size);
used = 0;
avail = buf_len;
/* Ensure there is enough room for first write */
next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
if (buf_offs + next_len > c->leb_size)
lnum = -1;
while (1) {
znode = cnext;
len = ubifs_idx_node_sz(c, znode->child_cnt);
/* Determine the index node position */
if (lnum == -1) {
if (c->ileb_nxt >= c->ileb_cnt) {
ubifs_err(c, "out of space");
return -ENOSPC;
}
lnum = c->ilebs[c->ileb_nxt++];
buf_offs = 0;
used = 0;
avail = buf_len;
}
offs = buf_offs + used;
znode->lnum = lnum;
znode->offs = offs;
znode->len = len;
/* Update the parent */
zp = znode->parent;
if (zp) {
struct ubifs_zbranch *zbr;
int i;
i = znode->iip;
zbr = &zp->zbranch[i];
zbr->lnum = lnum;
zbr->offs = offs;
zbr->len = len;
} else {
c->zroot.lnum = lnum;
c->zroot.offs = offs;
c->zroot.len = len;
}
c->calc_idx_sz += ALIGN(len, 8);
/*
* Once lprops is updated, we can decrease the dirty znode count
* but it is easier to just do it here.
*/
atomic_long_dec(&c->dirty_zn_cnt);
/*
* Calculate the next index node length to see if there is
* enough room for it
*/
cnext = znode->cnext;
if (cnext == c->cnext)
next_len = 0;
else
next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
/* Update buffer positions */
wlen = used + len;
used += ALIGN(len, 8);
avail -= ALIGN(len, 8);
if (next_len != 0 &&
buf_offs + used + next_len <= c->leb_size &&
avail > 0)
continue;
if (avail <= 0 && next_len &&
buf_offs + used + next_len <= c->leb_size)
blen = buf_len;
else
blen = ALIGN(wlen, c->min_io_size);
/* The buffer is full or there are no more znodes to do */
buf_offs += blen;
if (next_len) {
if (buf_offs + next_len > c->leb_size) {
err = ubifs_update_one_lp(c, lnum,
c->leb_size - buf_offs, blen - used,
0, 0);
if (err)
return err;
lnum = -1;
}
used -= blen;
if (used < 0)
used = 0;
avail = buf_len - used;
continue;
}
err = ubifs_update_one_lp(c, lnum, c->leb_size - buf_offs,
blen - used, 0, 0);
if (err)
return err;
break;
}
c->dbg->new_ihead_lnum = lnum;
c->dbg->new_ihead_offs = buf_offs;
return 0;
}
/**
* layout_commit - determine positions of index nodes to commit.
* @c: UBIFS file-system description object
* @no_space: indicates that insufficient empty LEBs were allocated
* @cnt: number of znodes to commit
*
* Calculate and update the positions of index nodes to commit. If there were
* an insufficient number of empty LEBs allocated, then index nodes are placed
* into the gaps created by obsolete index nodes in non-empty index LEBs. For
* this purpose, an obsolete index node is one that was not in the index as at
* the end of the last commit. To write "in-the-gaps" requires that those index
* LEBs are updated atomically in-place.
*/
static int layout_commit(struct ubifs_info *c, int no_space, int cnt)
{
int err;
if (no_space) {
err = layout_in_gaps(c, cnt);
if (err)
return err;
}
err = layout_in_empty_space(c);
return err;
}
/**
* find_first_dirty - find first dirty znode.
* @znode: znode to begin searching from
*/
static struct ubifs_znode *find_first_dirty(struct ubifs_znode *znode)
{
int i, cont;
if (!znode)
return NULL;
while (1) {
if (znode->level == 0) {
if (ubifs_zn_dirty(znode))
return znode;
return NULL;
}
cont = 0;
for (i = 0; i < znode->child_cnt; i++) {
struct ubifs_zbranch *zbr = &znode->zbranch[i];
if (zbr->znode && ubifs_zn_dirty(zbr->znode)) {
znode = zbr->znode;
cont = 1;
break;
}
}
if (!cont) {
if (ubifs_zn_dirty(znode))
return znode;
return NULL;
}
}
}
/**
* find_next_dirty - find next dirty znode.
* @znode: znode to begin searching from
*/
static struct ubifs_znode *find_next_dirty(struct ubifs_znode *znode)
{
int n = znode->iip + 1;
znode = znode->parent;
if (!znode)
return NULL;
for (; n < znode->child_cnt; n++) {
struct ubifs_zbranch *zbr = &znode->zbranch[n];
if (zbr->znode && ubifs_zn_dirty(zbr->znode))
return find_first_dirty(zbr->znode);
}
return znode;
}
/**
* get_znodes_to_commit - create list of dirty znodes to commit.
* @c: UBIFS file-system description object
*
* This function returns the number of znodes to commit.
*/
static int get_znodes_to_commit(struct ubifs_info *c)
{
struct ubifs_znode *znode, *cnext;
int cnt = 0;
c->cnext = find_first_dirty(c->zroot.znode);
znode = c->enext = c->cnext;
if (!znode) {
dbg_cmt("no znodes to commit");
return 0;
}
cnt += 1;
while (1) {
ubifs_assert(!ubifs_zn_cow(znode));
__set_bit(COW_ZNODE, &znode->flags);
znode->alt = 0;
cnext = find_next_dirty(znode);
if (!cnext) {
znode->cnext = c->cnext;
break;
}
znode->cnext = cnext;
znode = cnext;
cnt += 1;
}
dbg_cmt("committing %d znodes", cnt);
ubifs_assert(cnt == atomic_long_read(&c->dirty_zn_cnt));
return cnt;
}
/**
* alloc_idx_lebs - allocate empty LEBs to be used to commit.
* @c: UBIFS file-system description object
* @cnt: number of znodes to commit
*
* This function returns %-ENOSPC if it cannot allocate a sufficient number of
* empty LEBs. %0 is returned on success, otherwise a negative error code
* is returned.
*/
static int alloc_idx_lebs(struct ubifs_info *c, int cnt)
{
int i, leb_cnt, lnum;
c->ileb_cnt = 0;
c->ileb_nxt = 0;
leb_cnt = get_leb_cnt(c, cnt);
dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
if (!leb_cnt)
return 0;
c->ilebs = kmalloc_array(leb_cnt, sizeof(int), GFP_NOFS);
if (!c->ilebs)
return -ENOMEM;
for (i = 0; i < leb_cnt; i++) {
lnum = ubifs_find_free_leb_for_idx(c);
if (lnum < 0)
return lnum;
c->ilebs[c->ileb_cnt++] = lnum;
dbg_cmt("LEB %d", lnum);
}
if (dbg_is_chk_index(c) && !(prandom_u32() & 7))
return -ENOSPC;
return 0;
}
/**
* free_unused_idx_lebs - free unused LEBs that were allocated for the commit.
* @c: UBIFS file-system description object
*
* It is possible that we allocate more empty LEBs for the commit than we need.
* This functions frees the surplus.
*
* This function returns %0 on success and a negative error code on failure.
*/
static int free_unused_idx_lebs(struct ubifs_info *c)
{
int i, err = 0, lnum, er;
for (i = c->ileb_nxt; i < c->ileb_cnt; i++) {
lnum = c->ilebs[i];
dbg_cmt("LEB %d", lnum);
er = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0,
LPROPS_INDEX | LPROPS_TAKEN, 0);
if (!err)
err = er;
}
return err;
}
/**
* free_idx_lebs - free unused LEBs after commit end.
* @c: UBIFS file-system description object
*
* This function returns %0 on success and a negative error code on failure.
*/
static int free_idx_lebs(struct ubifs_info *c)
{
int err;
err = free_unused_idx_lebs(c);
kfree(c->ilebs);
c->ilebs = NULL;
return err;
}
/**
* ubifs_tnc_start_commit - start TNC commit.
* @c: UBIFS file-system description object
* @zroot: new index root position is returned here
*
* This function prepares the list of indexing nodes to commit and lays out
* their positions on flash. If there is not enough free space it uses the
* in-gap commit method. Returns zero in case of success and a negative error
* code in case of failure.
*/
int ubifs_tnc_start_commit(struct ubifs_info *c, struct ubifs_zbranch *zroot)
{
int err = 0, cnt;
mutex_lock(&c->tnc_mutex);
err = dbg_check_tnc(c, 1);
if (err)
goto out;
cnt = get_znodes_to_commit(c);
if (cnt != 0) {
int no_space = 0;
err = alloc_idx_lebs(c, cnt);
if (err == -ENOSPC)
no_space = 1;
else if (err)
goto out_free;
err = layout_commit(c, no_space, cnt);
if (err)
goto out_free;
ubifs_assert(atomic_long_read(&c->dirty_zn_cnt) == 0);
err = free_unused_idx_lebs(c);
if (err)
goto out;
}
destroy_old_idx(c);
memcpy(zroot, &c->zroot, sizeof(struct ubifs_zbranch));
err = ubifs_save_dirty_idx_lnums(c);
if (err)
goto out;
spin_lock(&c->space_lock);
/*
* Although we have not finished committing yet, update size of the
* committed index ('c->bi.old_idx_sz') and zero out the index growth
* budget. It is OK to do this now, because we've reserved all the
* space which is needed to commit the index, and it is save for the
* budgeting subsystem to assume the index is already committed,
* even though it is not.
*/
ubifs_assert(c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
c->bi.old_idx_sz = c->calc_idx_sz;
c->bi.uncommitted_idx = 0;
c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
spin_unlock(&c->space_lock);
mutex_unlock(&c->tnc_mutex);
dbg_cmt("number of index LEBs %d", c->lst.idx_lebs);
dbg_cmt("size of index %llu", c->calc_idx_sz);
return err;
out_free:
free_idx_lebs(c);
out:
mutex_unlock(&c->tnc_mutex);
return err;
}
/**
* write_index - write index nodes.
* @c: UBIFS file-system description object
*
* This function writes the index nodes whose positions were laid out in the
* layout_in_empty_space function.
*/
static int write_index(struct ubifs_info *c)
{
struct ubifs_idx_node *idx;
struct ubifs_znode *znode, *cnext;
int i, lnum, offs, len, next_len, buf_len, buf_offs, used;
int avail, wlen, err, lnum_pos = 0, blen, nxt_offs;
cnext = c->enext;
if (!cnext)
return 0;
/*
* Always write index nodes to the index head so that index nodes and
* other types of nodes are never mixed in the same erase block.
*/
lnum = c->ihead_lnum;
buf_offs = c->ihead_offs;
/* Allocate commit buffer */
buf_len = ALIGN(c->max_idx_node_sz, c->min_io_size);
used = 0;
avail = buf_len;
/* Ensure there is enough room for first write */
next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
if (buf_offs + next_len > c->leb_size) {
err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0, 0,
LPROPS_TAKEN);
if (err)
return err;
lnum = -1;
}
while (1) {
cond_resched();
znode = cnext;
idx = c->cbuf + used;
/* Make index node */
idx->ch.node_type = UBIFS_IDX_NODE;
idx->child_cnt = cpu_to_le16(znode->child_cnt);
idx->level = cpu_to_le16(znode->level);
for (i = 0; i < znode->child_cnt; i++) {
struct ubifs_branch *br = ubifs_idx_branch(c, idx, i);
struct ubifs_zbranch *zbr = &znode->zbranch[i];
key_write_idx(c, &zbr->key, &br->key);
br->lnum = cpu_to_le32(zbr->lnum);
br->offs = cpu_to_le32(zbr->offs);
br->len = cpu_to_le32(zbr->len);
if (!zbr->lnum || !zbr->len) {
ubifs_err(c, "bad ref in znode");
ubifs_dump_znode(c, znode);
if (zbr->znode)
ubifs_dump_znode(c, zbr->znode);
return -EINVAL;
}
}
len = ubifs_idx_node_sz(c, znode->child_cnt);
ubifs_prepare_node(c, idx, len, 0);
/* Determine the index node position */
if (lnum == -1) {
lnum = c->ilebs[lnum_pos++];
buf_offs = 0;
used = 0;
avail = buf_len;
}
offs = buf_offs + used;
if (lnum != znode->lnum || offs != znode->offs ||
len != znode->len) {
ubifs_err(c, "inconsistent znode posn");
return -EINVAL;
}
/* Grab some stuff from znode while we still can */
cnext = znode->cnext;
ubifs_assert(ubifs_zn_dirty(znode));
ubifs_assert(ubifs_zn_cow(znode));
/*
* It is important that other threads should see %DIRTY_ZNODE
* flag cleared before %COW_ZNODE. Specifically, it matters in
* the 'dirty_cow_znode()' function. This is the reason for the
* first barrier. Also, we want the bit changes to be seen to
* other threads ASAP, to avoid unnecesarry copying, which is
* the reason for the second barrier.
*/
clear_bit(DIRTY_ZNODE, &znode->flags);
smp_mb__before_atomic();
clear_bit(COW_ZNODE, &znode->flags);
smp_mb__after_atomic();
/*
* We have marked the znode as clean but have not updated the
* @c->clean_zn_cnt counter. If this znode becomes dirty again
* before 'free_obsolete_znodes()' is called, then
* @c->clean_zn_cnt will be decremented before it gets
* incremented (resulting in 2 decrements for the same znode).
* This means that @c->clean_zn_cnt may become negative for a
* while.
*
* Q: why we cannot increment @c->clean_zn_cnt?
* A: because we do not have the @c->tnc_mutex locked, and the
* following code would be racy and buggy:
*
* if (!ubifs_zn_obsolete(znode)) {
* atomic_long_inc(&c->clean_zn_cnt);
* atomic_long_inc(&ubifs_clean_zn_cnt);
* }
*
* Thus, we just delay the @c->clean_zn_cnt update until we
* have the mutex locked.
*/
/* Do not access znode from this point on */
/* Update buffer positions */
wlen = used + len;
used += ALIGN(len, 8);
avail -= ALIGN(len, 8);
/*
* Calculate the next index node length to see if there is
* enough room for it
*/
if (cnext == c->cnext)
next_len = 0;
else
next_len = ubifs_idx_node_sz(c, cnext->child_cnt);
nxt_offs = buf_offs + used + next_len;
if (next_len && nxt_offs <= c->leb_size) {
if (avail > 0)
continue;
else
blen = buf_len;
} else {
wlen = ALIGN(wlen, 8);
blen = ALIGN(wlen, c->min_io_size);
ubifs_pad(c, c->cbuf + wlen, blen - wlen);
}
/* The buffer is full or there are no more znodes to do */
err = ubifs_leb_write(c, lnum, c->cbuf, buf_offs, blen);
if (err)
return err;
buf_offs += blen;
if (next_len) {
if (nxt_offs > c->leb_size) {
err = ubifs_update_one_lp(c, lnum, LPROPS_NC, 0,
0, LPROPS_TAKEN);
if (err)
return err;
lnum = -1;
}
used -= blen;
if (used < 0)
used = 0;
avail = buf_len - used;
memmove(c->cbuf, c->cbuf + blen, used);
continue;
}
break;
}
if (lnum != c->dbg->new_ihead_lnum ||
buf_offs != c->dbg->new_ihead_offs) {
ubifs_err(c, "inconsistent ihead");
return -EINVAL;
}
c->ihead_lnum = lnum;
c->ihead_offs = buf_offs;
return 0;
}
/**
* free_obsolete_znodes - free obsolete znodes.
* @c: UBIFS file-system description object
*
* At the end of commit end, obsolete znodes are freed.
*/
static void free_obsolete_znodes(struct ubifs_info *c)
{
struct ubifs_znode *znode, *cnext;
cnext = c->cnext;
do {
znode = cnext;
cnext = znode->cnext;
if (ubifs_zn_obsolete(znode))
kfree(znode);
else {
znode->cnext = NULL;
atomic_long_inc(&c->clean_zn_cnt);
atomic_long_inc(&ubifs_clean_zn_cnt);
}
} while (cnext != c->cnext);
}
/**
* return_gap_lebs - return LEBs used by the in-gap commit method.
* @c: UBIFS file-system description object
*
* This function clears the "taken" flag for the LEBs which were used by the
* "commit in-the-gaps" method.
*/
static int return_gap_lebs(struct ubifs_info *c)
{
int *p, err;
if (!c->gap_lebs)
return 0;
dbg_cmt("");
for (p = c->gap_lebs; *p != -1; p++) {
err = ubifs_change_one_lp(c, *p, LPROPS_NC, LPROPS_NC, 0,
LPROPS_TAKEN, 0);
if (err)
return err;
}
kfree(c->gap_lebs);
c->gap_lebs = NULL;
return 0;
}
/**
* ubifs_tnc_end_commit - update the TNC for commit end.
* @c: UBIFS file-system description object
*
* Write the dirty znodes.
*/
int ubifs_tnc_end_commit(struct ubifs_info *c)
{
int err;
if (!c->cnext)
return 0;
err = return_gap_lebs(c);
if (err)
return err;
err = write_index(c);
if (err)
return err;
mutex_lock(&c->tnc_mutex);
dbg_cmt("TNC height is %d", c->zroot.znode->level + 1);
free_obsolete_znodes(c);
c->cnext = NULL;
kfree(c->ilebs);
c->ilebs = NULL;
mutex_unlock(&c->tnc_mutex);
return 0;
}