summaryrefslogtreecommitdiff
path: root/fs/ubifs/gc.c
Commit message (Collapse)AuthorAgeFilesLines
* ubifs: Add auth nodes to garbage collector journal headSascha Hauer2018-10-231-3/+43
| | | | | | | | To be able to authenticate the garbage collector journal head add authentication nodes to the buds the garbage collector creates. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: Add authentication nodes to journalSascha Hauer2018-10-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nodes that are written to flash can only be authenticated through the index after the next commit. When a journal replay is necessary the nodes are not yet referenced by the index and thus can't be authenticated. This patch overcomes this situation by creating a hash over all nodes beginning from the commit start node over the reference node(s) and the buds themselves. From time to time we insert authentication nodes. Authentication nodes contain a HMAC from the current hash state, so that they can be used to authenticate a journal replay up to the point where the authentication node is. The hash is continued afterwards so that theoretically we would only have to check the HMAC of the last authentication node we find. Overall we get this picture: ,,,,,,,, ,......,........................................... ,. CS , hash1.----. hash2.----. ,. | , . |hmac . |hmac ,. v , . v . v ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ... ,..|...,........................................... , | , , | ,,,,,,,,,,,,,,, . | hash3,----. , | , |hmac , v , v , REF#1 -> bud -> bud,-> auth ... ,,,|,,,,,,,,,,,,,,,,,, v REF#2 -> ... | V ... Note how hash3 covers CS, REF#0 and REF#1 so that it is not possible to exchange or skip any reference nodes. Unlike the picture suggests the auth nodes themselves are not hashed. With this it is possible for an offline attacker to cut each journal head or to drop the last reference node(s), but not to skip any journal heads or to reorder any operations. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: Pass struct ubifs_info to ubifs_assert()Richard Weinberger2018-08-151-32/+32
| | | | | | | This allows us to have more context in ubifs_assert() and take different actions depending on the configuration. Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: gc: Fix typoRichard Weinberger2018-08-151-1/+1
| | | | | | UBIFS operates on LEBs, not PEBs. Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: gc: Fix typoSascha Hauer2018-06-071-1/+1
| | | | | | | "point of view" makes more sense than "point of few". Fix this. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: Remove some dead codeChristophe Jaillet2016-12-121-4/+0
| | | | | | | | 'ubifs_fast_find_freeable()' can not return an error pointer, so this test can be removed. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Richard Weinberger <richard@nod.at>
* UBIFS: improve function-level documentationJulia Lawall2016-10-021-1/+1
| | | | | | | | | | | | | | | | | | | | Fix various inconsistencies in the documentation associated with various functions. In the case of fs/ubifs/lprops.c, the second parameter of ubifs_get_lp_stats was renamed from st to lst in commit 84abf972ccff ("UBIFS: add re-mount debugging checks") In the case of fs/ubifs/lpt_commit.c, the excess variables have never existed in the associated functions since the code was introduced into the kernel. The others appear to be straightforward typos. Issues detected using Coccinelle (http://coccinelle.lip6.fr/) Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Richard Weinberger <richard@nod.at>
* ubifs: switch_gc_head: Remove redondant sync of wbufSylvain Etienne2016-07-291-4/+0
| | | | | | | | The wbuf is already sync-ed before ubifs_leb_unmap() Signed-off-by: Sylvain Etienne <seti@dadboo.eu> Acked-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Richard Weinberger <richard@nod.at>
* UBIFS: remove unnecessary code in ubifs_garbage_collectwang.bo116@zte.com.cn2013-10-221-2/+1
| | | | | | | | | | | In ubifs_garbage_collect,local variable "space_before" calculate twice. In fact, at the beginning of the loop, there is no need to calculate this variable. Calculate it before call "ubifs_garbage_collect_leb" is enough. This patch just remove the unnecessary calculate code. Signed-off-by: wang bo <wang.bo116@zte.com.cn> Acked-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBIFS: comply with coding styleArtem Bityutskiy2012-08-311-3/+3
| | | | | | Join all the split printk lines in order to stop checkpatch complaining. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: Kill data type hintRichard Weinberger2012-05-201-1/+1
| | | | | | | | | | | We do not need this feature and to our shame it even was not working and there was a bug found very recently. -- Artem Bityutskiy Without the data type hint UBI2 (fastmap) will be easier to implement. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBIFS: synchronize write-buffer before switching to the next budArtem Bityutskiy2011-05-161-0/+4
| | | | | | | | | | | | | | | | Currently when UBIFS fills up the current bud (which is the last in the journal head) and switches to the next bud, it first writes the log reference node for the next bud and only after this synchronizes the write-buffer of the previous bud. This is not a big deal, but an unclean power cut may lead to a situation when we have corruption in a next-to-last bud, although it is much more logical that we have to have corruption only in the last bud. This patch also removes write-buffer synchronization from 'ubifs_wbuf_seek_nolock()' because this is not needed anymore (we synchronize the write-buffer explicitly everywhere now) and also because this is just prone to various errors. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: make 2 functions staticArtem Bityutskiy2011-05-161-2/+3
| | | | | | | | This is a minor change which makes 2 functions static because they are not used outside the gc.c file: 'data_nodes_cmp()' and 'nondata_nodes_cmp()'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: remove duplicated codeArtem Bityutskiy2011-05-131-31/+31
| | | | | | | | | | | | We have duplicated code in 'ubifs_garbage_collect()' and 'ubifs_rcvry_gc_commit()', which is about handling the special case of free LEB. In both cases we just want to garbage-collect the LEB using 'ubifs_garbage_collect_leb()'. This patch teaches 'ubifs_garbage_collect_leb()' to handle free LEB's so that the caller does not have to do this and the duplicated code is removed. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: introduce new flags for RO mountsArtem Bityutskiy2010-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Commit 2fde99cb55fb9d9b88180512a5e8a5d939d27fec "UBIFS: mark VFS SB RO too" introduced regression. This commit made UBIFS set the 'MS_RDONLY' flag in the VFS superblock when it switches to R/O mode due to an error. This was done to make VFS show the R/O UBIFS flag in /proc/mounts. However, several places in UBIFS relied on the 'MS_RDONLY' flag and assume this flag can only change when we re-mount. For example, 'ubifs_put_super()'. This patch introduces new UBIFS flag - 'c->ro_mount' which changes only when we re-mount, and preserves the way UBIFS was originally mounted (R/W or R/O). This allows us to de-initialize UBIFS cleanly in 'ubifs_put_super()'. This patch also changes all 'ubifs_assert(!c->ro_media)' assertions to 'ubifs_assert(!c->ro_media && !c->ro_mount)', because we never should write anything if the FS was mounter R/O. All the places where we test for 'MS_RDONLY' flag in the VFS SB were changed and now we test the 'c->ro_mount' flag instead, because it preserves the original UBIFS mount type, unlike the 'MS_RDONLY' flag. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: introduce new flag for RO due to errorsArtem Bityutskiy2010-09-171-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The R/O state may have various reasons: 1. The UBI volume is R/O 2. The FS is mounted R/O 3. The FS switched to R/O mode because of an error However, in UBIFS we have only one variable which represents cases 1 and 3 - 'c->ro_media'. Indeed, we set this to 1 if we switch to R/O mode due to an error, and then we test it in many places to make sure that we stop writing as soon as the error happens. But this is very unclean. One consequence of this, for example, is that in 'ubifs_remount_fs()' we use 'c->ro_media' to check whether we are in R/O mode because on an error, and we print a message in this case. However, if we are in R/O mode because the media is R/O, our message is bogus. This patch introduces new flag - 'c->ro_error' which is set when we switch to R/O mode because of an error. It also changes all "if (c->ro_media)" checks to "if (c->ro_error)" checks, because this is what the checks actually mean. We do not need to check for 'c->ro_media' because if the UBI volume is in R/O mode, we do not allow R/W mounting, and now writes can happen. This is guaranteed by VFS. But it is good to double-check this, so this patch also adds many "ubifs_assert(!c->ro_media)" checks. In the 'ubifs_remount_fs()' function this patch makes a bit more changes - it fixes the error messages as well. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: introduce list sorting debugging checksArtem Bityutskiy2010-08-301-2/+8
| | | | | | | | | | | | | | | The UBIFS bug in the GC list sorting comparison functions inspired me to write internal debugging check functions which verify that the list of nodes is sorted properly. So, this patch implements 2 new debugging functions: o 'dbg_check_data_nodes_order()' - check order of data nodes list o 'dbg_check_nondata_nodes_order()' - check order of non-data nodes list The debugging functions are executed only if general UBIFS debugging checks are enabled. And they are compiled out if UBIFS debugging is disabled. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: fix assertion warnings in comparison functionArtem Bityutskiy2010-08-301-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running the integrity test ('integck' from mtd-utils) on current UBIFS on 2.6.35, I see that assertions in UBIFS 'list_sort()' comparison functions trigger sometimes, e.g.: UBIFS assert failed in data_nodes_cmp at 132 (pid 28311) My investigation showed that this happens when 'list_sort()' calls the 'cmp()' function with equivalent arguments. In this case, the 'struct list_head' parameter, passed to 'cmp()' is bogus, and it does not belong to any element in the original list. And this issue seems to be introduced by commit: commit 835cc0c8477fdbc59e0217891d6f11061b1ac4e2 Author: Don Mullis <don.mullis@gmail.com> Date: Fri Mar 5 13:43:15 2010 -0800 It is easy to work around the issue by doing: if (a == b) return 0; in UBIFS. It works, but 'lib_sort()' should nevertheless be fixed. Although it is harmless to have this piece of code in UBIFS. This patch adds that code to both UBIFS 'cmp()' functions: 'data_nodes_cmp()' and 'nondata_nodes_cmp()'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: improve assertion in node comparison functionsArtem Bityutskiy2010-08-301-0/+11
| | | | | | | Improve assertions in gc.c in the comparison functions for 'list_sort()': check key types _and_ node types. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: do not use key type in list_sortArtem Bityutskiy2010-08-301-9/+9
| | | | | | | | | In comparison function for 'list_sort()' we use key type to distinguish between node types. However, we have a bit simper way to detect node type - 'snod->type'. This more logical to use, comparing to decoding key types. Also allows to get rid of 2 local variables. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: do not look up truncation nodesArtem Bityutskiy2010-08-301-3/+20
| | | | | | | | | | When moving nodes in GC, do not try to look up truncation nodes in TNC, because they do not exist there. This would be harmless, because the TNC look-up would fail, if we did not have bug 'ubifs_add_snod()' which reads garbage into 'snod->key'. But in any case, it is less error prone to explicitly ignore everything but inode, data, dentry and xentry nodes. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: fix assertion warningArtem Bityutskiy2010-08-301-1/+2
| | | | | | | | | | | This patch fixes the following false assertion warning: UBIFS assert failed in data_nodes_cmp at 130 (pid 15107) The assertion was wrong because it did not take into account that the node can be an xentry. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: do not treat ENOSPC speciallyArtem Bityutskiy2010-08-301-7/+5
| | | | | | | | 'ubifs_garbage_collect_leb()' should never return '-ENOSPC', and if it does, this is an error. Thus, do not treat this error code specially. '-EAGAIN' is a special error code, but not '-ENOSPC'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: switch to RO mode after synchronizingArtem Bityutskiy2010-08-301-1/+1
| | | | | | | | | | In 'ubifs_garbage_collect()' on error path, we first switch to R/O mode, and then synchronize write-buffers (to make sure no data are lost). But the GC write-buffer synchronization will fail, because we are already in R/O mode. This patch re-orders this and makes sure we first synchronize the write-buffer, and then switch to R/O mode. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* include cleanup: Update gfp.h and slab.h includes to prepare for breaking ↵Tejun Heo2010-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo <tj@kernel.org> Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
* lib: Introduce generic list_sort functionDave Chinner2010-01-121-95/+1
| | | | | | | | | | | | There are two copies of list_sort() in the tree already, one in the DRM code, another in ubifs. Now XFS needs this as well. Create a generic list_sort() function from the ubifs version and convert existing users to it so we don't end up with yet another copy in the tree. Signed-off-by: Dave Chinner <david@fromorbit.com> Acked-by: Dave Airlie <airlied@redhat.com> Acked-by: Artem Bityutskiy <dedekind@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* UBIFS: do not print scary error messages needlesslyArtem Bityutskiy2009-09-101-1/+1
| | | | | | | | | | | | | | | | At the moment UBIFS print large and scary error messages and flash dumps in case of nearly any corruption, even if it is a recoverable corruption. For example, if the master node is corrupted, ubifs_scan() prints error dumps, then UBIFS recovers just fine and goes on. This patch makes UBIFS print scary error messages only in real cases, which are not recoverable. It adds 'quiet' argument to the 'ubifs_scan()' function, so the caller may ask 'ubi_scan()' not to print error messages if the caller is able to do recovery. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Reviewed-by: Adrian Hunter <Adrian.Hunter@nokia.com>
* UBIFS: fully sort GCed nodesArtem Bityutskiy2009-03-201-132/+296
| | | | | | | | | | The 'joinup()' function cannot deal with situations when nodes go in reverse order - it just leaves them in this order. This patch implement full nodes sorting using n*log(n) algorithm. It sorts data nodes for bulk-read, and direntry nodes for readdir(). Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: remount ro fixesAdrian Hunter2009-01-291-13/+5
| | | | | | | | | | - preserve the idx_gc list - it will be needed in the same state, should UBIFS be remounted rw again - prevent remounting ro if we have switched to read only mode (due to a fatal error) Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: spelling fix 'date' -> 'data'Adrian Hunter2009-01-291-1/+1
| | | | | Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: fix LEB list freeingArtem Bityutskiy2009-01-261-4/+12
| | | | | | | | | When freeing the c->idx_lebs list, we have to release the LEBs as well, because we might be called from mount to read-only mode code. Otherwise the LEBs stay taken forever, which may cause problems when we re-mount back ro RW mode. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: document dark_wm and dead_wm betterArtem Bityutskiy2009-01-201-0/+20
| | | | | | | Just add more commentaries. Also some commentary fixes for lprops flags. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* trivial: fix then -> than typos in comments and documentationFrederik Schwarzer2009-01-061-1/+1
| | | | | | | - (better, more, bigger ...) then -> (...) than Signed-off-by: Frederik Schwarzer <schwarzerf@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* UBIFS: improve garbage collectionAdrian Hunter2008-09-301-10/+72
| | | | | | | | | Make garbage collection try to keep data nodes from the same inode together and in ascending order. This improves performance when reading those nodes especially when bulk-read is used. Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
* UBIFS: remove unneeded unlikely()Hirofumi Nakagawa2008-09-301-4/+4
| | | | | | | | IS_ERR() macro already has unlikely(), so do not use constructions like 'if (unlikely(IS_ERR())'. Signed-off-by: Hirofumi Nakagawa <hnakagawa@miraclelinux.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: TNC / GC race fixesAdrian Hunter2008-09-171-3/+11
| | | | | | | | | - update GC sequence number if any nodes may have been moved even if GC did not finish the LEB - don't ignore error return when reading Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBIFS: allow for racing between GC and TNCAdrian Hunter2008-08-251-0/+6
| | | | | | | | | | | | The TNC mutex is unlocked prematurely when reading leaf nodes with non-hashed keys. This is unsafe because the node may be moved by garbage collection and the eraseblock unmapped, although that has never actually happened during stress testing. This patch fixes the flaw by detecting the race and retrying with the TNC mutex locked. Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
* UBIFS: add new flash file systemArtem Bityutskiy2008-07-151-0/+773
This is a new flash file system. See http://www.linux-mtd.infradead.org/doc/ubifs.html Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>