2 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * $DragonFly: src/sys/sys/journal.h,v 1.11 2006/05/07 00:24:58 dillon Exp $
37 #ifndef _SYS_JOURNAL_H_
38 #define _SYS_JOURNAL_H_
41 * Physical file format (binary)
43 * All raw records are 128-bit aligned, but all record sizes are actual.
44 * This means that any scanning code must 16-byte-align the recsize field
45 * when calculating skips. The top level raw record has a header and a
46 * trailer to allow both forwards and backwards scanning of the journal.
47 * The alignment requirement allows the worker thread FIFO reservation
48 * API to operate efficiently, amoung other things.
50 * Logical data stream records are usually no larger then the journal's
51 * in-memory FIFO, since the journal's transactional APIs return contiguous
52 * blocks of buffer space and since logical stream records are used to avoid
53 * stalls when concurrent blocking operations are being written to the journal.
54 * Programs can depend on a logical stream record being a 'reasonable' size.
56 * Multiple logical data streams may operate concurrently in the journal,
57 * reflecting the fact that the system may be executing multiple blocking
58 * operations on the filesystem all at the same time. These logical data
59 * streams are short-lived transactional entities which use a 13 bit id
60 * plus a transaction start bit, end bit, and abort bit.
62 * Stream identifiers in the 0x00-0xFF range are special and not used for
63 * normal transactional commands.
65 * Stream id 0x00 indicates that no other streams should be active at that
66 * point in the journal, which helps the journaling code detect corruption.
68 * Stream id 0x01 is used for pad. Pads are used to align data on convenient
69 * boundaries and to deal with dead space.
71 * Stream id 0x02 indicates a discontinuity in the streamed data and typically
72 * contains information relating to the reason for the discontinuity.
73 * JTYPE_ASSOCIATE and JTYPE_DISASSOCIATE are usually emplaced in stream 0x02.
75 * Stream id 0x03 may be used to annotate the journal with text comments
76 * via mountctl commands. This can be extremely useful to note situations
77 * that may help with later recovery or audit operations.
79 * Stream id 0x04-0x7F are reserved by DragonFly for future protocol expansion.
81 * Stream id 0x80-0xFF may be used for third-party protocol expansion.
83 * Stream id's 0x0100-0x1FFF typically represent short-lived transactions
84 * (i.e. an id may be reused once the previous use has completed). The
85 * journaling system runs through these id's sequentially which means that
86 * the journaling code can handle up to 8192-256 = 7936 simultanious
87 * transactions at any given moment.
89 * The sequence number field is context-sensitive. It is typically used by
90 * a journaling stream to provide an incrementing counter and/or timestamp
91 * so recovery utilities can determine if any data is missing.
93 * The check word in the trailer may be used to provide an integrity check
94 * on the journaled data. A value of 0 always means that no check word
95 * has been calculated.
97 * The journal_rawrecbeg structure MUST be a multiple of 16 bytes.
98 * The journal_rawrecend structure MUST be a multiple of 8 bytes.
100 * NOTE: PAD RECORD SPECIAL CASE. Pad records can be 16 bytes and have the
101 * rawrecend structure overlayed on the sequence number field of the
102 * rawrecbeg structure. This is necessary because stream records are
103 * 16 byte aligned, not 24 byte aligned, and dead space is not allowed.
104 * So the pad record must fit into any dead space. THEREFORE, THE TRANSID
105 * FIELD FOR A PAD RECORD MUST BE IGNORED.
107 * NOTE: ENDIAN HANDLING. Data records can be in little or big endian form.
108 * The receiver detects the state by observing the 'begmagic' field. Each
109 * direction in a full-duplex connection can be operating with different
110 * endianess. Checksum data is always calculated on the raw record (including
111 * dead space) in a byte-stream fashion, and then converted to the transmit
112 * endianess like everything else. If the receiver's endianess is different
113 * it must convert it back to host normal form to compare it against the
114 * calculated checksum.
116 struct journal_rawrecbeg {
117 u_int16_t begmagic; /* recovery scan, endianess detection */
118 u_int16_t streamid; /* start/stop bits and stream identifier */
119 int32_t recsize; /* stream data block (incls beg & end) */
120 int64_t transid; /* sequence number or transaction id */
121 /* ADDITIONAL DATA */
124 struct journal_rawrecend {
125 u_int16_t endmagic; /* recovery scan, endianess detection */
126 u_int16_t check; /* check word or 0 */
127 int32_t recsize; /* same as rawrecbeg->recsize, for rev scan */
130 struct journal_ackrecord {
131 struct journal_rawrecbeg rbeg;
134 struct journal_rawrecend rend;
138 * Constants for stream record magic numbers. The incomplete magic
139 * number code is used internally by the memory FIFO reservation API
140 * and worker thread, allowing a block of space in the journaling
141 * stream (aka a stream block) to be reserved and then populated without
142 * stalling other threads doing their own reservation and population.
144 #define JREC_BEGMAGIC 0x1234
145 #define JREC_ENDMAGIC 0xCDEF
146 #define JREC_INCOMPLETEMAGIC 0xFFFF
149 * Stream ids are 14 bits. The top 2 bits specify when a new logical
150 * stream is being created or an existing logical stream is being terminated.
151 * A single raw stream record will set both the BEGIN and END bits if the
152 * entire transaction is encapsulated in a single stream record.
154 #define JREC_STREAMCTL_MASK 0xE000
155 #define JREC_STREAMCTL_BEGIN 0x8000 /* start a new logical stream */
156 #define JREC_STREAMCTL_END 0x4000 /* terminate a logical stream */
157 #define JREC_STREAMCTL_ABORTED 0x2000
159 #define JREC_STREAMID_MASK 0x1FFF
160 #define JREC_STREAMID_SYNCPT (JREC_STREAMCTL_BEGIN|JREC_STREAMCTL_END|0x0000)
161 #define JREC_STREAMID_PAD (JREC_STREAMCTL_BEGIN|JREC_STREAMCTL_END|0x0001)
162 #define JREC_STREAMID_DISCONT 0x0002 /* discontinuity */
163 #define JREC_STREAMID_ANNOTATE 0x0003 /* annotation */
164 #define JREC_STREAMID_ACK 0x0004 /* acknowledgement */
165 #define JREC_STREAMID_RESTART 0x0005 /* disctoninuity - journal restart */
166 /* 0x0006-0x007F reserved by DragonFly */
167 /* 0x0080-0x00FF for third party use */
168 #define JREC_STREAMID_JMIN 0x0100 /* lowest allowed general id */
169 #define JREC_STREAMID_JMAX 0x2000 /* (one past the highest allowed id) */
171 #define JREC_DEFAULTSIZE 64 /* reasonable initial reservation */
172 #define JREC_MINRECSIZE 16 /* (after alignment) */
173 #define JREC_MAXRECSIZE (128*1024*1024)
176 * Each logical journaling stream typically represents a transaction...
177 * that is, a VFS operation. The VFS operation is written out using
178 * sub-records and may contain multiple, possibly nested sub-transactions.
179 * multiple sub-transactions occur when a VFS operation cannot be represented
180 * by a single command. This is typically the case when a journal is
181 * configured to be reversable because UNDO sequences almost always have to
182 * be specified in such cases. For example, if you ftruncate() a file the
183 * journal might have to write out a sequence of WRITE records representing
184 * the lost data, otherwise the journal would not be reversable.
185 * Sub-transactions within a particular stream do not have their own sequence
186 * number field and thus may not be parallelized (the protocol is already
189 * In order to support streaming operation with a limited buffer the recsize
190 * field is allowed to be 0 for subrecords with the JMASK_NESTED bit set.
191 * If this case occurs a scanner can determine that the recursion has ended
192 * by detecting a nested subrecord with the JMASK_LAST bit set. A scanner
193 * may also set the field to the proper value after the fact to make later
194 * operations more efficient.
196 * Note that this bit must be properly set even if the recsize field is
197 * non-zero. The recsize must always be properly specified for 'leaf'
198 * subrecords, however in order to allow subsystems to potentially allocate
199 * more data space then they use the protocol allows any 'dead' space to be
200 * filled with JLEAF_PAD records.
202 * The recsize field may indicate data well past the size of the current
203 * raw stream record. That is, the scanner may have to glue together
204 * multiple stream records with the same stream id to fully decode the
205 * embedded subrecords. In particular, a subrecord could very well represent
206 * hundreds of megabytes of data (e.g. if a program were to do a
207 * multi-megabyte write()) and be split up across thousands of raw streaming
208 * records, possibly interlaced with other unrelated streams from other
209 * unrelated processes.
211 * If a large sub-transaction is aborted the logical stream may be
212 * terminated without writing out all the expected data. When this occurs
213 * the stream's ending record must also have the JREC_STREAMCTL_ABORTED bit
214 * set. However, scanners should still be robust enough to detect such
215 * overflows even if the aborted bit is not set and consider them data
218 * Aborts may also occur in the normal course of operations, especially once
219 * the journaling API is integrated into the cache coherency API. A normal
220 * abort is issued by emplacing a JLEAF_ABORT record within the transaction
221 * being aborted. Such records must be the last record in the sub-transaction,
222 * so JLEAF_LAST is also usually set. In a transaction with many
223 * sub-transactions only those sub-transactions with an abort record are
224 * aborted, the rest remain valid. Abort records are considered S.O.P. for
225 * two reasons: First, limited memory buffer space may make it impossible
226 * to delete the portion of the stream being aborted (the data may have
227 * already been sent to the target). Second, the journaling code will
228 * eventually be used to support a cache coherency layer which may have to
229 * abort operations as part of the cache coherency protocol. Note that
230 * subrecord aborts are different from stream record aborts. Stream record
231 * aborts are considered to be extrodinary situations while subrecord aborts
235 struct journal_subrecord {
236 u_int16_t rectype; /* 2 control bits, 14 record type bits */
237 int16_t reserved; /* future use */
238 int32_t recsize; /* record size (mandatory if not NESTED) */
239 /* ADDITIONAL DATA */
242 #define JMASK_NESTED 0x8000 /* data is a nested recursion */
243 #define JMASK_LAST 0x4000
244 #define JMASK_SUBRECORD 0x0400
245 #define JTYPE_MASK (~JMASK_LAST)
247 #define JLEAF_PAD 0x0000
248 #define JLEAF_ABORT 0x0001
249 #define JTYPE_ASSOCIATE 0x0002
250 #define JTYPE_DISASSOCIATE 0x0003
251 #define JTYPE_UNDO (JMASK_NESTED|0x0004)
252 #define JTYPE_AUDIT (JMASK_NESTED|0x0005)
253 #define JTYPE_REDO (JMASK_NESTED|0x0006)
255 #define JTYPE_SETATTR (JMASK_NESTED|0x0010)
256 #define JTYPE_WRITE (JMASK_NESTED|0x0011)
257 #define JTYPE_PUTPAGES (JMASK_NESTED|0x0012)
258 #define JTYPE_SETACL (JMASK_NESTED|0x0013)
259 #define JTYPE_SETEXTATTR (JMASK_NESTED|0x0014)
260 #define JTYPE_CREATE (JMASK_NESTED|0x0015)
261 #define JTYPE_MKNOD (JMASK_NESTED|0x0016)
262 #define JTYPE_LINK (JMASK_NESTED|0x0017)
263 #define JTYPE_SYMLINK (JMASK_NESTED|0x0018)
264 #define JTYPE_WHITEOUT (JMASK_NESTED|0x0019)
265 #define JTYPE_REMOVE (JMASK_NESTED|0x001A)
266 #define JTYPE_MKDIR (JMASK_NESTED|0x001B)
267 #define JTYPE_RMDIR (JMASK_NESTED|0x001C)
268 #define JTYPE_RENAME (JMASK_NESTED|0x001D)
270 #define JTYPE_VATTR (JMASK_NESTED|0x0100)
271 #define JTYPE_CRED (JMASK_NESTED|0x0101)
274 * Low level record types
276 #define JLEAF_FILEDATA 0x0401
277 #define JLEAF_PATH1 0x0402
278 #define JLEAF_PATH2 0x0403
279 #define JLEAF_PATH3 0x0404
280 #define JLEAF_PATH4 0x0405
281 #define JLEAF_UID 0x0406
282 #define JLEAF_GID 0x0407
283 #define JLEAF_MODES 0x0408
284 #define JLEAF_FFLAGS 0x0409
285 #define JLEAF_PID 0x040A
286 #define JLEAF_PPID 0x040B
287 #define JLEAF_COMM 0x040C
288 #define JLEAF_ATTRNAME 0x040D
289 #define JLEAF_PATH_REF 0x040E
290 #define JLEAF_RESERVED_0F 0x040F
291 #define JLEAF_SYMLINKDATA 0x0410
292 #define JLEAF_SEEKPOS 0x0411
293 #define JLEAF_INUM 0x0412
294 #define JLEAF_NLINK 0x0413
295 #define JLEAF_FSID 0x0414
296 #define JLEAF_SIZE 0x0415
297 #define JLEAF_ATIME 0x0416
298 #define JLEAF_MTIME 0x0417
299 #define JLEAF_CTIME 0x0418
300 #define JLEAF_GEN 0x0419
301 #define JLEAF_FLAGS 0x041A
302 #define JLEAF_UDEV 0x041B
303 #define JLEAF_FILEREV 0x041C
304 #define JLEAF_VTYPE 0x041D
305 #define JLEAF_ERROR 0x041E
308 * Low level journal data file structures
310 * NOTE: embedded strings may use the full width of the field and thus
311 * may not be 0-terminated.
314 char path[4]; /* path from base of mount point */
315 /* path is variable length and 0-terminated */
321 struct timespec atime;
322 struct timespec mtime;
323 struct timespec ctime;
331 int32_t flags; /* suid/sgid and other flags */
332 char line[8]; /* ttyname or other session identification */
333 char comm[8]; /* simplified command name for reference */
336 struct jleaf_ioinfo {