Google Git
Sign in
android-kvm/linux/refs/heads/master/./fs/fserror.c
blob: 06ca86adab9b769dfb72ec58b9e51627abee5152 [file] [log] [blame] [edit]
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) 2025 Oracle. All Rights Reserved.
* Author: Darrick J. Wong <djwong@kernel.org>
*/
#include <linux/fs.h>
#include <linux/fsnotify.h>
#include <linux/mempool.h>
#include <linux/fserror.h>
#define FSERROR_DEFAULT_EVENT_POOL_SIZE (32)
static struct mempool fserror_events_pool;
void fserror_mount(struct super_block *sb)
{
/*
* The pending error counter is biased by 1 so that we don't wake_var
* until we're actually trying to unmount.
*/
refcount_set(&sb->s_pending_errors, 1);
}
void fserror_unmount(struct super_block *sb)
{
/*
* If we don't drop the pending error count to zero, then wait for it
* to drop below 1, which means that the pending errors cleared and
* hopefully we didn't saturate with 1 billion+ concurrent events.
*/
if (!refcount_dec_and_test(&sb->s_pending_errors))
wait_var_event(&sb->s_pending_errors,
refcount_read(&sb->s_pending_errors) < 1);
}
static inline void fserror_pending_dec(struct super_block *sb)
{
if (refcount_dec_and_test(&sb->s_pending_errors))
wake_up_var(&sb->s_pending_errors);
}
static inline void fserror_free_event(struct fserror_event *event)
{
fserror_pending_dec(event->sb);
mempool_free(event, &fserror_events_pool);
}
static void fserror_worker(struct work_struct *work)
{
struct fserror_event *event =
container_of(work, struct fserror_event, work);
struct super_block *sb = event->sb;
if (sb->s_flags & SB_ACTIVE) {
struct fs_error_report report = {
/* send positive error number to userspace */
.error = -event->error,
.inode = event->inode,
.sb = event->sb,
};
if (sb->s_op->report_error)
sb->s_op->report_error(event);
fsnotify(FS_ERROR, &report, FSNOTIFY_EVENT_ERROR, NULL, NULL,
NULL, 0);
}
iput(event->inode);
fserror_free_event(event);
}
static inline struct fserror_event *fserror_alloc_event(struct super_block *sb,
gfp_t gfp_flags)
{
struct fserror_event *event = NULL;
/*
* If pending_errors already reached zero or is no longer active,
* the superblock is being deactivated so there's no point in
* continuing.
*
* The order of the check of s_pending_errors and SB_ACTIVE are
* mandated by order of accesses in generic_shutdown_super and
* fserror_unmount. Barriers are implicitly provided by the refcount
* manipulations in this function and fserror_unmount.
*/
if (!refcount_inc_not_zero(&sb->s_pending_errors))
return NULL;
if (!(sb->s_flags & SB_ACTIVE))
goto out_pending;
event = mempool_alloc(&fserror_events_pool, gfp_flags);
if (!event)
goto out_pending;
/* mempool_alloc doesn't support GFP_ZERO */
memset(event, 0, sizeof(*event));
event->sb = sb;
INIT_WORK(&event->work, fserror_worker);
return event;
out_pending:
fserror_pending_dec(sb);
return NULL;
}
/**
* fserror_report - report a filesystem error of some kind
*
* @sb: superblock of the filesystem
* @inode: inode within that filesystem, if applicable
* @type: type of error encountered
* @pos: start of inode range affected, if applicable
* @len: length of inode range affected, if applicable
* @error: error number encountered, must be negative
* @gfp: memory allocation flags for conveying the event to a worker,
* since this function can be called from atomic contexts
*
* Report details of a filesystem error to the super_operations::report_error
* callback if present; and to fsnotify for distribution to userspace. @sb,
* @gfp, @type, and @error must all be specified. For file I/O errors, the
* @inode, @pos, and @len fields must also be specified. For file metadata
* errors, @inode must be specified. If @inode is not NULL, then @inode->i_sb
* must point to @sb.
*
* Reporting work is deferred to a workqueue to ensure that ->report_error is
* called from process context without any locks held. An active reference to
* the inode is maintained until event handling is complete, and unmount will
* wait for queued events to drain.
*/
void fserror_report(struct super_block *sb, struct inode *inode,
enum fserror_type type, loff_t pos, u64 len, int error,
gfp_t gfp)
{
struct fserror_event *event;
/* sb and inode must be from the same filesystem */
WARN_ON_ONCE(inode && inode->i_sb != sb);
/* error number must be negative */
WARN_ON_ONCE(error >= 0);
event = fserror_alloc_event(sb, gfp);
if (!event)
goto lost;
event->type = type;
event->pos = pos;
event->len = len;
event->error = error;
/*
* Can't iput from non-sleeping context, so grabbing another reference
* to the inode must be the last thing before submitting the event.
*/
if (inode) {
event->inode = igrab(inode);
if (!event->inode)
goto lost_event;
}
/*
* Use schedule_work here even if we're already in process context so
* that fsnotify and super_operations::report_error implementations are
* guaranteed to run in process context without any locks held. Since
* errors are supposed to be rare, the overhead shouldn't kill us any
* more than the failing device will.
*/
schedule_work(&event->work);
return;
lost_event:
fserror_free_event(event);
lost:
if (inode)
pr_err_ratelimited(
"%s: lost file I/O error report for ino %lu type %u pos 0x%llx len 0x%llx error %d",
sb->s_id, inode->i_ino, type, pos, len, error);
else
pr_err_ratelimited(
"%s: lost filesystem error report for type %u error %d",
sb->s_id, type, error);
}
EXPORT_SYMBOL_GPL(fserror_report);
static int __init fserror_init(void)
{
return mempool_init_kmalloc_pool(&fserror_events_pool,
FSERROR_DEFAULT_EVENT_POOL_SIZE,
sizeof(struct fserror_event));
}
fs_initcall(fserror_init);