xfs_notify_failure.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright (c) 2022 Fujitsu.  All Rights Reserved.
   4  */
   5
   6 #include "xfs.h"
   7 #include "xfs_shared.h"
   8 #include "xfs_format.h"
   9 #include "xfs_log_format.h"
  10 #include "xfs_trans_resv.h"
  11 #include "xfs_mount.h"
  12 #include "xfs_alloc.h"
  13 #include "xfs_bit.h"
  14 #include "xfs_btree.h"
  15 #include "xfs_inode.h"
  16 #include "xfs_icache.h"
  17 #include "xfs_rmap.h"
  18 #include "xfs_rmap_btree.h"
  19 #include "xfs_rtalloc.h"
  20 #include "xfs_trans.h"
  21 #include "xfs_ag.h"
  22
  23 #include <linux/mm.h>
  24 #include <linux/dax.h>
  25 #include <linux/fs.h>
  26
  27 struct xfs_failure_info {
  28         xfs_agblock_t           startblock;
  29         xfs_extlen_t            blockcount;
  30         int                     mf_flags;
  31         bool                    want_shutdown;
  32 };
  33
  34 static pgoff_t
  35 xfs_failure_pgoff(
  36         struct xfs_mount                *mp,
  37         const struct xfs_rmap_irec      *rec,
  38         const struct xfs_failure_info   *notify)
  39 {
  40         loff_t                          pos = XFS_FSB_TO_B(mp, rec->rm_offset);
  41
  42         if (notify->startblock > rec->rm_startblock)
  43                 pos += XFS_FSB_TO_B(mp,
  44                                 notify->startblock - rec->rm_startblock);
  45         return pos >> PAGE_SHIFT;
  46 }
  47
  48 static unsigned long
  49 xfs_failure_pgcnt(
  50         struct xfs_mount                *mp,
  51         const struct xfs_rmap_irec      *rec,
  52         const struct xfs_failure_info   *notify)
  53 {
  54         xfs_agblock_t                   end_rec;
  55         xfs_agblock_t                   end_notify;
  56         xfs_agblock_t                   start_cross;
  57         xfs_agblock_t                   end_cross;
  58
  59         start_cross = max(rec->rm_startblock, notify->startblock);
  60
  61         end_rec = rec->rm_startblock + rec->rm_blockcount;
  62         end_notify = notify->startblock + notify->blockcount;
  63         end_cross = min(end_rec, end_notify);
  64
  65         return XFS_FSB_TO_B(mp, end_cross - start_cross) >> PAGE_SHIFT;
  66 }
  67
  68 static int
  69 xfs_dax_failure_fn(
  70         struct xfs_btree_cur            *cur,
  71         const struct xfs_rmap_irec      *rec,
  72         void                            *data)
  73 {
  74         struct xfs_mount                *mp = cur->bc_mp;
  75         struct xfs_inode                *ip;
  76         struct xfs_failure_info         *notify = data;
  77         struct address_space            *mapping;
  78         pgoff_t                         pgoff;
  79         unsigned long                   pgcnt;
  80         int                             error = 0;
  81
  82         if (XFS_RMAP_NON_INODE_OWNER(rec->rm_owner) ||
  83             (rec->rm_flags & (XFS_RMAP_ATTR_FORK | XFS_RMAP_BMBT_BLOCK))) {
  84                 /* Continue the query because this isn't a failure. */
  85                 if (notify->mf_flags & MF_MEM_PRE_REMOVE)
  86                         return 0;
  87                 notify->want_shutdown = true;
  88                 return 0;
  89         }
  90
  91         /* Get files that incore, filter out others that are not in use. */
  92         error = xfs_iget(mp, cur->bc_tp, rec->rm_owner, XFS_IGET_INCORE,
  93                          0, &ip);
  94         /* Continue the rmap query if the inode isn't incore */
  95         if (error == -ENODATA)
  96                 return 0;
  97         if (error) {
  98                 notify->want_shutdown = true;
  99                 return 0;
 100         }
 101
 102         mapping = VFS_I(ip)->i_mapping;
 103         pgoff = xfs_failure_pgoff(mp, rec, notify);
 104         pgcnt = xfs_failure_pgcnt(mp, rec, notify);
 105
 106         /* Continue the rmap query if the inode isn't a dax file. */
 107         if (dax_mapping(mapping))
 108                 error = mf_dax_kill_procs(mapping, pgoff, pgcnt,
 109                                           notify->mf_flags);
 110
 111         /* Invalidate the cache in dax pages. */
 112         if (notify->mf_flags & MF_MEM_PRE_REMOVE)
 113                 invalidate_inode_pages2_range(mapping, pgoff,
 114                                               pgoff + pgcnt - 1);
 115
 116         xfs_irele(ip);
 117         return error;
 118 }
 119
 120 static int
 121 xfs_dax_notify_failure_freeze(
 122         struct xfs_mount        *mp)
 123 {
 124         struct super_block      *sb = mp->m_super;
 125         int                     error;
 126
 127         error = freeze_super(sb, FREEZE_HOLDER_KERNEL);
 128         if (error)
 129                 xfs_emerg(mp, "already frozen by kernel, err=%d", error);
 130
 131         return error;
 132 }
 133
 134 static void
 135 xfs_dax_notify_failure_thaw(
 136         struct xfs_mount        *mp,
 137         bool                    kernel_frozen)
 138 {
 139         struct super_block      *sb = mp->m_super;
 140         int                     error;
 141
 142         if (kernel_frozen) {
 143                 error = thaw_super(sb, FREEZE_HOLDER_KERNEL);
 144                 if (error)
 145                         xfs_emerg(mp, "still frozen after notify failure, err=%d",
 146                                 error);
 147         }
 148
 149         /*
 150          * Also thaw userspace call anyway because the device is about to be
 151          * removed immediately.
 152          */
 153         thaw_super(sb, FREEZE_HOLDER_USERSPACE);
 154 }
 155
 156 static int
 157 xfs_dax_notify_ddev_failure(
 158         struct xfs_mount        *mp,
 159         xfs_daddr_t             daddr,
 160         xfs_daddr_t             bblen,
 161         int                     mf_flags)
 162 {
 163         struct xfs_failure_info notify = { .mf_flags = mf_flags };
 164         struct xfs_trans        *tp = NULL;
 165         struct xfs_btree_cur    *cur = NULL;
 166         struct xfs_buf          *agf_bp = NULL;
 167         int                     error = 0;
 168         bool                    kernel_frozen = false;
 169         xfs_fsblock_t           fsbno = XFS_DADDR_TO_FSB(mp, daddr);
 170         xfs_agnumber_t          agno = XFS_FSB_TO_AGNO(mp, fsbno);
 171         xfs_fsblock_t           end_fsbno = XFS_DADDR_TO_FSB(mp,
 172                                                              daddr + bblen - 1);
 173         xfs_agnumber_t          end_agno = XFS_FSB_TO_AGNO(mp, end_fsbno);
 174
 175         if (mf_flags & MF_MEM_PRE_REMOVE) {
 176                 xfs_info(mp, "Device is about to be removed!");
 177                 /*
 178                  * Freeze fs to prevent new mappings from being created.
 179                  * - Keep going on if others already hold the kernel forzen.
 180                  * - Keep going on if other errors too because this device is
 181                  *   starting to fail.
 182                  * - If kernel frozen state is hold successfully here, thaw it
 183                  *   here as well at the end.
 184                  */
 185                 kernel_frozen = xfs_dax_notify_failure_freeze(mp) == 0;
 186         }
 187
 188         error = xfs_trans_alloc_empty(mp, &tp);
 189         if (error)
 190                 goto out;
 191
 192         for (; agno <= end_agno; agno++) {
 193                 struct xfs_rmap_irec    ri_low = { };
 194                 struct xfs_rmap_irec    ri_high;
 195                 struct xfs_agf          *agf;
 196                 struct xfs_perag        *pag;
 197                 xfs_agblock_t           range_agend;
 198
 199                 pag = xfs_perag_get(mp, agno);
 200                 error = xfs_alloc_read_agf(pag, tp, 0, &agf_bp);
 201                 if (error) {
 202                         xfs_perag_put(pag);
 203                         break;
 204                 }
 205
 206                 cur = xfs_rmapbt_init_cursor(mp, tp, agf_bp, pag);
 207
 208                 /*
 209                  * Set the rmap range from ri_low to ri_high, which represents
 210                  * a [start, end] where we looking for the files or metadata.
 211                  */
 212                 memset(&ri_high, 0xFF, sizeof(ri_high));
 213                 ri_low.rm_startblock = XFS_FSB_TO_AGBNO(mp, fsbno);
 214                 if (agno == end_agno)
 215                         ri_high.rm_startblock = XFS_FSB_TO_AGBNO(mp, end_fsbno);
 216
 217                 agf = agf_bp->b_addr;
 218                 range_agend = min(be32_to_cpu(agf->agf_length) - 1,
 219                                 ri_high.rm_startblock);
 220                 notify.startblock = ri_low.rm_startblock;
 221                 notify.blockcount = range_agend + 1 - ri_low.rm_startblock;
 222
 223                 error = xfs_rmap_query_range(cur, &ri_low, &ri_high,
 224                                 xfs_dax_failure_fn, &notify);
 225                 xfs_btree_del_cursor(cur, error);
 226                 xfs_trans_brelse(tp, agf_bp);
 227                 xfs_perag_put(pag);
 228                 if (error)
 229                         break;
 230
 231                 fsbno = XFS_AGB_TO_FSB(mp, agno + 1, 0);
 232         }
 233
 234         xfs_trans_cancel(tp);
 235
 236         /*
 237          * Shutdown fs from a force umount in pre-remove case which won't fail,
 238          * so errors can be ignored.  Otherwise, shutdown the filesystem with
 239          * CORRUPT flag if error occured or notify.want_shutdown was set during
 240          * RMAP querying.
 241          */
 242         if (mf_flags & MF_MEM_PRE_REMOVE)
 243                 xfs_force_shutdown(mp, SHUTDOWN_FORCE_UMOUNT);
 244         else if (error || notify.want_shutdown) {
 245                 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
 246                 if (!error)
 247                         error = -EFSCORRUPTED;
 248         }
 249
 250 out:
 251         /* Thaw the fs if it has been frozen before. */
 252         if (mf_flags & MF_MEM_PRE_REMOVE)
 253                 xfs_dax_notify_failure_thaw(mp, kernel_frozen);
 254
 255         return error;
 256 }
 257
 258 static int
 259 xfs_dax_notify_failure(
 260         struct dax_device       *dax_dev,
 261         u64                     offset,
 262         u64                     len,
 263         int                     mf_flags)
 264 {
 265         struct xfs_mount        *mp = dax_holder(dax_dev);
 266         u64                     ddev_start;
 267         u64                     ddev_end;
 268
 269         if (!(mp->m_super->s_flags & SB_BORN)) {
 270                 xfs_warn(mp, "filesystem is not ready for notify_failure()!");
 271                 return -EIO;
 272         }
 273
 274         if (mp->m_rtdev_targp && mp->m_rtdev_targp->bt_daxdev == dax_dev) {
 275                 xfs_debug(mp,
 276                          "notify_failure() not supported on realtime device!");
 277                 return -EOPNOTSUPP;
 278         }
 279
 280         if (mp->m_logdev_targp && mp->m_logdev_targp->bt_daxdev == dax_dev &&
 281             mp->m_logdev_targp != mp->m_ddev_targp) {
 282                 /*
 283                  * In the pre-remove case the failure notification is attempting
 284                  * to trigger a force unmount.  The expectation is that the
 285                  * device is still present, but its removal is in progress and
 286                  * can not be cancelled, proceed with accessing the log device.
 287                  */
 288                 if (mf_flags & MF_MEM_PRE_REMOVE)
 289                         return 0;
 290                 xfs_err(mp, "ondisk log corrupt, shutting down fs!");
 291                 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_ONDISK);
 292                 return -EFSCORRUPTED;
 293         }
 294
 295         if (!xfs_has_rmapbt(mp)) {
 296                 xfs_debug(mp, "notify_failure() needs rmapbt enabled!");
 297                 return -EOPNOTSUPP;
 298         }
 299
 300         ddev_start = mp->m_ddev_targp->bt_dax_part_off;
 301         ddev_end = ddev_start + bdev_nr_bytes(mp->m_ddev_targp->bt_bdev) - 1;
 302
 303         /* Notify failure on the whole device. */
 304         if (offset == 0 && len == U64_MAX) {
 305                 offset = ddev_start;
 306                 len = bdev_nr_bytes(mp->m_ddev_targp->bt_bdev);
 307         }
 308
 309         /* Ignore the range out of filesystem area */
 310         if (offset + len - 1 < ddev_start)
 311                 return -ENXIO;
 312         if (offset > ddev_end)
 313                 return -ENXIO;
 314
 315         /* Calculate the real range when it touches the boundary */
 316         if (offset > ddev_start)
 317                 offset -= ddev_start;
 318         else {
 319                 len -= ddev_start - offset;
 320                 offset = 0;
 321         }
 322         if (offset + len - 1 > ddev_end)
 323                 len = ddev_end - offset + 1;
 324
 325         return xfs_dax_notify_ddev_failure(mp, BTOBB(offset), BTOBB(len),
 326                         mf_flags);
 327 }
 328
 329 const struct dax_holder_operations xfs_dax_holder_operations = {
 330         .notify_failure         = xfs_dax_notify_failure,
 331 };