2 * Copyright (c) 2008 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * $DragonFly: src/sys/vfs/hammer/hammer_recover.c,v 1.20 2008/06/07 07:41:51 dillon Exp $
39 static int hammer_check_tail_signature(hammer_fifo_tail_t tail,
40 hammer_off_t end_off);
41 static void hammer_recover_copy_undo(hammer_off_t undo_offset,
42 char *src, char *dst, int bytes);
44 static void hammer_recover_debug_dump(int w, char *buf, int bytes);
46 static int hammer_recover_undo(hammer_mount_t hmp, hammer_volume_t root_volume,
47 hammer_fifo_undo_t undo, int bytes);
50 * Recover a filesystem on mount
52 * NOTE: No information from the root volume has been cached in the
53 * hammer_mount structure yet, so we need to access the root volume's
57 hammer_recover(hammer_mount_t hmp, hammer_volume_t root_volume)
59 hammer_blockmap_t rootmap;
60 hammer_buffer_t buffer;
61 hammer_off_t scan_offset;
63 hammer_fifo_tail_t tail;
64 hammer_fifo_undo_t undo;
68 * Examine the UNDO FIFO. If it is empty the filesystem is clean
69 * and no action need be taken.
71 * NOTE: hmp->blockmap has not been initialized yet so use the
72 * root volume's ondisk buffer directly.
74 rootmap = &root_volume->ondisk->vol0_blockmap[HAMMER_ZONE_UNDO_INDEX];
75 hmp->flusher_undo_start = rootmap->next_offset;
77 if (rootmap->first_offset == rootmap->next_offset)
80 if (rootmap->next_offset >= rootmap->first_offset) {
81 bytes = rootmap->next_offset - rootmap->first_offset;
83 bytes = rootmap->alloc_offset - rootmap->first_offset +
84 (rootmap->next_offset & HAMMER_OFF_LONG_MASK);
86 kprintf("HAMMER(%s) Start Recovery %016llx - %016llx "
87 "(%lld bytes of UNDO)%s\n",
88 root_volume->ondisk->vol_name,
89 rootmap->first_offset, rootmap->next_offset,
91 (hmp->ronly ? " (RO)" : "(RW)"));
92 if (bytes > (rootmap->alloc_offset & HAMMER_OFF_LONG_MASK)) {
93 kprintf("Undo size is absurd, unable to mount\n");
98 * Scan the UNDOs backwards.
100 scan_offset = rootmap->next_offset;
102 if (scan_offset > rootmap->alloc_offset) {
103 kprintf("HAMMER(%s) UNDO record at %016llx FIFO overflow\n",
104 root_volume->ondisk->vol_name,
110 while ((int64_t)bytes > 0) {
111 if (hammer_debug_general & 0x0080)
112 kprintf("scan_offset %016llx\n", scan_offset);
113 if (scan_offset == HAMMER_ZONE_ENCODE(HAMMER_ZONE_UNDO_INDEX, 0)) {
114 scan_offset = rootmap->alloc_offset;
117 if (scan_offset - sizeof(*tail) <
118 HAMMER_ZONE_ENCODE(HAMMER_ZONE_UNDO_INDEX, 0)) {
119 kprintf("HAMMER(%s) UNDO record at %016llx FIFO "
121 root_volume->ondisk->vol_name,
126 tail = hammer_bread(hmp, scan_offset - sizeof(*tail),
129 kprintf("HAMMER(%s) Unable to read UNDO TAIL "
131 root_volume->ondisk->vol_name,
132 scan_offset - sizeof(*tail));
136 if (hammer_check_tail_signature(tail, scan_offset) != 0) {
137 kprintf("HAMMER(%s) Illegal UNDO TAIL signature "
139 root_volume->ondisk->vol_name,
140 scan_offset - sizeof(*tail));
144 undo = (void *)((char *)tail + sizeof(*tail) - tail->tail_size);
146 error = hammer_recover_undo(hmp, root_volume, undo,
148 (int)((char *)undo - (char *)buffer->ondisk));
150 kprintf("HAMMER(%s) UNDO record at %016llx failed\n",
151 root_volume->ondisk->vol_name,
152 scan_offset - tail->tail_size);
155 scan_offset -= tail->tail_size;
156 bytes -= tail->tail_size;
160 * Reload flusher_undo_start to kick off the UNDO sequencing.
162 hmp->flusher_undo_start = rootmap->next_offset;
164 hammer_rel_buffer(buffer, 0);
167 * Flush out the root volume header after all other flushes have
170 if (hmp->ronly == 0 && error == 0 && root_volume->io.recovered) {
171 hammer_recover_flush_buffers(hmp, root_volume);
173 kprintf("HAMMER(%s) End Recovery\n",
174 root_volume->ondisk->vol_name);
179 hammer_check_tail_signature(hammer_fifo_tail_t tail, hammer_off_t end_off)
183 max_bytes = ((end_off - sizeof(*tail)) & HAMMER_BUFMASK);
184 max_bytes += sizeof(*tail);
187 * tail overlaps buffer boundary
189 if (((end_off - sizeof(*tail)) ^ (end_off - 1)) & ~HAMMER_BUFMASK64) {
194 * signature check, the tail signature is allowed to be the head
195 * signature only for 8-byte PADs.
197 switch(tail->tail_signature) {
198 case HAMMER_TAIL_SIGNATURE:
200 case HAMMER_HEAD_SIGNATURE:
201 if (tail->tail_type != HAMMER_HEAD_TYPE_PAD ||
202 tail->tail_size != sizeof(*tail)) {
209 * The undo structure must not overlap a buffer boundary.
211 if (tail->tail_size < 0 || tail->tail_size > max_bytes) {
218 hammer_recover_undo(hammer_mount_t hmp, hammer_volume_t root_volume,
219 hammer_fifo_undo_t undo, int bytes)
221 hammer_fifo_tail_t tail;
222 hammer_volume_t volume;
223 hammer_buffer_t buffer;
224 hammer_off_t buf_offset;
233 * Basic sanity checks
235 if (bytes < HAMMER_HEAD_ALIGN) {
236 kprintf("HAMMER: Undo alignment error (%d)\n", bytes);
239 if (undo->head.hdr_signature != HAMMER_HEAD_SIGNATURE) {
240 kprintf("HAMMER: Bad head signature %04x\n",
241 undo->head.hdr_signature);
244 if (undo->head.hdr_size < HAMMER_HEAD_ALIGN ||
245 undo->head.hdr_size > bytes) {
246 kprintf("HAMMER: Bad size %d\n", bytes);
251 * Skip PAD records. Note that PAD records also do not require
252 * a tail and may have a truncated structure.
254 if (undo->head.hdr_type == HAMMER_HEAD_TYPE_PAD)
260 crc = crc32(undo, HAMMER_FIFO_HEAD_CRCOFF) ^
261 crc32(&undo->head + 1, undo->head.hdr_size - sizeof(undo->head));
262 if (undo->head.hdr_crc != crc) {
263 kprintf("HAMMER: Undo record CRC failed %08x %08x\n",
264 undo->head.hdr_crc, crc);
272 bytes = undo->head.hdr_size;
273 tail = (void *)((char *)undo + bytes - sizeof(*tail));
274 if (tail->tail_size != undo->head.hdr_size) {
275 kprintf("HAMMER: Bad tail size %d\n", tail->tail_size);
278 if (tail->tail_type != undo->head.hdr_type) {
279 kprintf("HAMMER: Bad tail type %d\n", tail->tail_type);
284 * Only process UNDO records
286 if (undo->head.hdr_type != HAMMER_HEAD_TYPE_UNDO)
290 * Validate the UNDO record.
292 max_bytes = undo->head.hdr_size - sizeof(*undo) - sizeof(*tail);
293 if (undo->undo_data_bytes < 0 || undo->undo_data_bytes > max_bytes) {
294 kprintf("HAMMER: Corrupt UNDO record, undo_data_bytes %d/%d\n",
295 undo->undo_data_bytes, max_bytes);
300 * The undo offset may only be a zone-1 or zone-2 offset.
302 * Currently we only support a zone-1 offset representing the
305 zone = HAMMER_ZONE_DECODE(undo->undo_offset);
306 offset = undo->undo_offset & HAMMER_BUFMASK;
308 if (offset + undo->undo_data_bytes > HAMMER_BUFSIZE) {
309 kprintf("HAMMER: Corrupt UNDO record, bad offset\n");
314 case HAMMER_ZONE_RAW_VOLUME_INDEX:
315 vol_no = HAMMER_VOL_DECODE(undo->undo_offset);
316 volume = hammer_get_volume(hmp, vol_no, &error);
317 if (volume == NULL) {
318 kprintf("HAMMER: UNDO record, "
319 "cannot access volume %d\n", vol_no);
322 hammer_modify_volume(NULL, volume, NULL, 0);
323 hammer_recover_copy_undo(undo->undo_offset,
325 (char *)volume->ondisk + offset,
326 undo->undo_data_bytes);
327 hammer_modify_volume_done(volume);
330 * Multiple modifications may be made to the same buffer,
331 * improve performance by delaying the flush. This also
332 * covers the read-only case by preventing the kernel from
333 * flushing the buffer.
335 if (volume->io.recovered == 0)
336 volume->io.recovered = 1;
338 hammer_rel_volume(volume, 0);
340 case HAMMER_ZONE_RAW_BUFFER_INDEX:
341 buf_offset = undo->undo_offset & ~HAMMER_BUFMASK64;
342 buffer = hammer_get_buffer(hmp, buf_offset, 0, &error);
343 if (buffer == NULL) {
344 kprintf("HAMMER: UNDO record, "
345 "cannot access buffer %016llx\n",
349 hammer_modify_buffer(NULL, buffer, NULL, 0);
350 hammer_recover_copy_undo(undo->undo_offset,
352 (char *)buffer->ondisk + offset,
353 undo->undo_data_bytes);
354 hammer_modify_buffer_done(buffer);
357 * Multiple modifications may be made to the same buffer,
358 * improve performance by delaying the flush. This also
359 * covers the read-only case by preventing the kernel from
360 * flushing the buffer.
362 if (buffer->io.recovered == 0)
363 buffer->io.recovered = 1;
365 hammer_rel_buffer(buffer, 0);
368 kprintf("HAMMER: Corrupt UNDO record\n");
375 hammer_recover_copy_undo(hammer_off_t undo_offset,
376 char *src, char *dst, int bytes)
378 if (hammer_debug_general & 0x0080)
379 kprintf("UNDO %016llx: %d\n", undo_offset, bytes);
381 kprintf("UNDO %016llx:", undo_offset);
382 hammer_recover_debug_dump(22, dst, bytes);
383 kprintf("%22s", "to:");
384 hammer_recover_debug_dump(22, src, bytes);
386 bcopy(src, dst, bytes);
392 hammer_recover_debug_dump(int w, char *buf, int bytes)
396 for (i = 0; i < bytes; ++i) {
397 if (i && (i & 15) == 0)
398 kprintf("\n%*.*s", w, w, "");
399 kprintf(" %02x", (unsigned char)buf[i]);
407 * Flush unwritten buffers from undo recovery operations on a read-only mount
408 * when the mount is updated to read-write.
410 static int hammer_recover_flush_volume_callback(hammer_volume_t, void *);
411 static int hammer_recover_flush_buffer_callback(hammer_buffer_t, void *);
414 hammer_recover_flush_buffers(hammer_mount_t hmp, hammer_volume_t root_volume)
416 RB_SCAN(hammer_vol_rb_tree, &hmp->rb_vols_root, NULL,
417 hammer_recover_flush_volume_callback, root_volume);
418 if (root_volume->io.recovered) {
420 while (hmp->io_running_count)
421 tsleep(&hmp->io_running_count, 0, "hmrflx", 0);
423 root_volume->io.recovered = 0;
424 hammer_io_flush(&root_volume->io);
425 hammer_rel_volume(root_volume, 0);
431 hammer_recover_flush_volume_callback(hammer_volume_t volume, void *data)
433 hammer_volume_t root_volume = data;
435 RB_SCAN(hammer_buf_rb_tree, &volume->rb_bufs_root, NULL,
436 hammer_recover_flush_buffer_callback, NULL);
437 if (volume->io.recovered && volume != root_volume) {
438 volume->io.recovered = 0;
439 hammer_io_flush(&volume->io);
440 hammer_rel_volume(volume, 0);
447 hammer_recover_flush_buffer_callback(hammer_buffer_t buffer, void *data)
449 if (buffer->io.recovered) {
450 buffer->io.recovered = 0;
451 hammer_io_flush(&buffer->io);
452 hammer_rel_buffer(buffer, 0);