transaction.c

Go to the documentation of this file.

/*
 * linux/fs/jbd/transaction.c
 *
 * Written by Stephen C. Tweedie <[email protected]>, 1998
 *
 * Copyright 1998 Red Hat corp --- All Rights Reserved
 *
 * This file is part of the Linux kernel and is made available under
 * the terms of the GNU General Public License, version 2, or at your
 * option, any later version, incorporated herein by reference.
 *
 * Generic filesystem transaction handling code; part of the ext2fs
 * journaling system.
 *
 * This file manages transactions (compound commits managed by the
 * journaling code) and handles (individual atomic operations by the
 * filesystem).
 */

#include <linux/time.h>
#include <linux/fs.h>
#include <linux/jbd.h>
#include <linux/errno.h>
#include <linux/slab.h>
#include <linux/timer.h>
#include <linux/mm.h>
#include <linux/highmem.h>
#include <linux/hrtimer.h>
#include <linux/backing-dev.h>

static void __journal_temp_unlink_buffer(struct journal_head *jh);

/*
 * get_transaction: obtain a new transaction_t object.
 *
 * Simply allocate and initialise a new transaction.  Create it in
 * RUNNING state and add it to the current journal (which should not
 * have an existing running transaction: we only make a new transaction
 * once we have started to commit the old one).
 *
 * Preconditions:
 *  The journal MUST be locked.  We don't perform atomic mallocs on the
 *  new transaction and we can't block without protecting against other
 *  processes trying to touch the journal while it is in transition.
 *
 * Called under j_state_lock
 */

static transaction_t *
get_transaction(journal_t *journal, transaction_t *transaction)
{
    transaction->t_journal = journal;
    transaction->t_state = T_RUNNING;
    transaction->t_start_time = ktime_get();
    transaction->t_tid = journal->j_transaction_sequence++;
    transaction->t_expires = jiffies + journal->j_commit_interval;
    spin_lock_init(&transaction->t_handle_lock);

    /* Set up the commit timer for the new transaction. */
    journal->j_commit_timer.expires =
                round_jiffies_up(transaction->t_expires);
    add_timer(&journal->j_commit_timer);

    J_ASSERT(journal->j_running_transaction == NULL);
    journal->j_running_transaction = transaction;

    return transaction;
}

/*
 * Handle management.
 *
 * A handle_t is an object which represents a single atomic update to a
 * filesystem, and which tracks all of the modifications which form part
 * of that one update.
 */

/*
 * start_this_handle: Given a handle, deal with any locking or stalling
 * needed to make sure that there is enough journal space for the handle
 * to begin.  Attach the handle to a transaction and set up the
 * transaction's buffer credits.
 */

static int start_this_handle(journal_t *journal, handle_t *handle)
{
    transaction_t *transaction;
    int needed;
    int nblocks = handle->h_buffer_credits;
    transaction_t *new_transaction = NULL;
    int ret = 0;

    if (nblocks > journal->j_max_transaction_buffers) {
        printk(KERN_ERR "JBD: %s wants too many credits (%d > %d)\n",
               current->comm, nblocks,
               journal->j_max_transaction_buffers);
        ret = -ENOSPC;
        goto out;
    }

alloc_transaction:
    if (!journal->j_running_transaction) {
        new_transaction = kzalloc(sizeof(*new_transaction), GFP_NOFS);
        if (!new_transaction) {
            congestion_wait(BLK_RW_ASYNC, HZ/50);
            goto alloc_transaction;
        }
    }

    jbd_debug(3, "New handle %p going live.\n", handle);

repeat:

    /*
     * We need to hold j_state_lock until t_updates has been incremented,
     * for proper journal barrier handling
     */
    spin_lock(&journal->j_state_lock);
repeat_locked:
    if (is_journal_aborted(journal) ||
        (journal->j_errno != 0 && !(journal->j_flags & JFS_ACK_ERR))) {
        spin_unlock(&journal->j_state_lock);
        ret = -EROFS;
        goto out;
    }

    /* Wait on the journal's transaction barrier if necessary */
    if (journal->j_barrier_count) {
        spin_unlock(&journal->j_state_lock);
        wait_event(journal->j_wait_transaction_locked,
                journal->j_barrier_count == 0);
        goto repeat;
    }

    if (!journal->j_running_transaction) {
        if (!new_transaction) {
            spin_unlock(&journal->j_state_lock);
            goto alloc_transaction;
        }
        get_transaction(journal, new_transaction);
        new_transaction = NULL;
    }

    transaction = journal->j_running_transaction;

    /*
     * If the current transaction is locked down for commit, wait for the
     * lock to be released.
     */
    if (transaction->t_state == T_LOCKED) {
        DEFINE_WAIT(wait);

        prepare_to_wait(&journal->j_wait_transaction_locked,
                    &wait, TASK_UNINTERRUPTIBLE);
        spin_unlock(&journal->j_state_lock);
        schedule();
        finish_wait(&journal->j_wait_transaction_locked, &wait);
        goto repeat;
    }

    /*
     * If there is not enough space left in the log to write all potential
     * buffers requested by this operation, we need to stall pending a log
     * checkpoint to free some more log space.
     */
    spin_lock(&transaction->t_handle_lock);
    needed = transaction->t_outstanding_credits + nblocks;

    if (needed > journal->j_max_transaction_buffers) {
        /*
         * If the current transaction is already too large, then start
         * to commit it: we can then go back and attach this handle to
         * a new transaction.
         */
        DEFINE_WAIT(wait);

        jbd_debug(2, "Handle %p starting new commit...\n", handle);
        spin_unlock(&transaction->t_handle_lock);
        prepare_to_wait(&journal->j_wait_transaction_locked, &wait,
                TASK_UNINTERRUPTIBLE);
        __log_start_commit(journal, transaction->t_tid);
        spin_unlock(&journal->j_state_lock);
        schedule();
        finish_wait(&journal->j_wait_transaction_locked, &wait);
        goto repeat;
    }

    /*
     * The commit code assumes that it can get enough log space
     * without forcing a checkpoint.  This is *critical* for
     * correctness: a checkpoint of a buffer which is also
     * associated with a committing transaction creates a deadlock,
     * so commit simply cannot force through checkpoints.
     *
     * We must therefore ensure the necessary space in the journal
     * *before* starting to dirty potentially checkpointed buffers
     * in the new transaction.
     *
     * The worst part is, any transaction currently committing can
     * reduce the free space arbitrarily.  Be careful to account for
     * those buffers when checkpointing.
     */

    /*
     * @@@ AKPM: This seems rather over-defensive.  We're giving commit
     * a _lot_ of headroom: 1/4 of the journal plus the size of
     * the committing transaction.  Really, we only need to give it
     * committing_transaction->t_outstanding_credits plus "enough" for
     * the log control blocks.
     * Also, this test is inconsistent with the matching one in
     * journal_extend().
     */
    if (__log_space_left(journal) < jbd_space_needed(journal)) {
        jbd_debug(2, "Handle %p waiting for checkpoint...\n", handle);
        spin_unlock(&transaction->t_handle_lock);
        __log_wait_for_space(journal);
        goto repeat_locked;
    }

    /* OK, account for the buffers that this operation expects to
     * use and add the handle to the running transaction. */

    handle->h_transaction = transaction;
    transaction->t_outstanding_credits += nblocks;
    transaction->t_updates++;
    transaction->t_handle_count++;
    jbd_debug(4, "Handle %p given %d credits (total %d, free %d)\n",
          handle, nblocks, transaction->t_outstanding_credits,
          __log_space_left(journal));
    spin_unlock(&transaction->t_handle_lock);
    spin_unlock(&journal->j_state_lock);

    lock_map_acquire(&handle->h_lockdep_map);
out:
    if (unlikely(new_transaction))      /* It's usually NULL */
        kfree(new_transaction);
    return ret;
}

static struct lock_class_key jbd_handle_key;

/* Allocate a new handle.  This should probably be in a slab... */
static handle_t *new_handle(int nblocks)
{
    handle_t *handle = jbd_alloc_handle(GFP_NOFS);
    if (!handle)
        return NULL;
    memset(handle, 0, sizeof(*handle));
    handle->h_buffer_credits = nblocks;
    handle->h_ref = 1;

    lockdep_init_map(&handle->h_lockdep_map, "jbd_handle", &jbd_handle_key, 0);

    return handle;
}

handle_t *journal_start(journal_t *journal, int nblocks)
{
    handle_t *handle = journal_current_handle();
    int err;

    if (!journal)
        return ERR_PTR(-EROFS);

    if (handle) {
        J_ASSERT(handle->h_transaction->t_journal == journal);
        handle->h_ref++;
        return handle;
    }

    handle = new_handle(nblocks);
    if (!handle)
        return ERR_PTR(-ENOMEM);

    current->journal_info = handle;

    err = start_this_handle(journal, handle);
    if (err < 0) {
        jbd_free_handle(handle);
        current->journal_info = NULL;
        handle = ERR_PTR(err);
    }
    return handle;
}

int journal_extend(handle_t *handle, int nblocks)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    int result;
    int wanted;

    result = -EIO;
    if (is_handle_aborted(handle))
        goto out;

    result = 1;

    spin_lock(&journal->j_state_lock);

    /* Don't extend a locked-down transaction! */
    if (handle->h_transaction->t_state != T_RUNNING) {
        jbd_debug(3, "denied handle %p %d blocks: "
              "transaction not running\n", handle, nblocks);
        goto error_out;
    }

    spin_lock(&transaction->t_handle_lock);
    wanted = transaction->t_outstanding_credits + nblocks;

    if (wanted > journal->j_max_transaction_buffers) {
        jbd_debug(3, "denied handle %p %d blocks: "
              "transaction too large\n", handle, nblocks);
        goto unlock;
    }

    if (wanted > __log_space_left(journal)) {
        jbd_debug(3, "denied handle %p %d blocks: "
              "insufficient log space\n", handle, nblocks);
        goto unlock;
    }

    handle->h_buffer_credits += nblocks;
    transaction->t_outstanding_credits += nblocks;
    result = 0;

    jbd_debug(3, "extended handle %p by %d\n", handle, nblocks);
unlock:
    spin_unlock(&transaction->t_handle_lock);
error_out:
    spin_unlock(&journal->j_state_lock);
out:
    return result;
}


int journal_restart(handle_t *handle, int nblocks)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    int ret;

    /* If we've had an abort of any type, don't even think about
     * actually doing the restart! */
    if (is_handle_aborted(handle))
        return 0;

    /*
     * First unlink the handle from its current transaction, and start the
     * commit on that.
     */
    J_ASSERT(transaction->t_updates > 0);
    J_ASSERT(journal_current_handle() == handle);

    spin_lock(&journal->j_state_lock);
    spin_lock(&transaction->t_handle_lock);
    transaction->t_outstanding_credits -= handle->h_buffer_credits;
    transaction->t_updates--;

    if (!transaction->t_updates)
        wake_up(&journal->j_wait_updates);
    spin_unlock(&transaction->t_handle_lock);

    jbd_debug(2, "restarting handle %p\n", handle);
    __log_start_commit(journal, transaction->t_tid);
    spin_unlock(&journal->j_state_lock);

    lock_map_release(&handle->h_lockdep_map);
    handle->h_buffer_credits = nblocks;
    ret = start_this_handle(journal, handle);
    return ret;
}


void journal_lock_updates(journal_t *journal)
{
    DEFINE_WAIT(wait);

wait:
    /* Wait for previous locked operation to finish */
    wait_event(journal->j_wait_transaction_locked,
           journal->j_barrier_count == 0);

    spin_lock(&journal->j_state_lock);
    /*
     * Check reliably under the lock whether we are the ones winning the race
     * and locking the journal
     */
    if (journal->j_barrier_count > 0) {
        spin_unlock(&journal->j_state_lock);
        goto wait;
    }
    ++journal->j_barrier_count;

    /* Wait until there are no running updates */
    while (1) {
        transaction_t *transaction = journal->j_running_transaction;

        if (!transaction)
            break;

        spin_lock(&transaction->t_handle_lock);
        if (!transaction->t_updates) {
            spin_unlock(&transaction->t_handle_lock);
            break;
        }
        prepare_to_wait(&journal->j_wait_updates, &wait,
                TASK_UNINTERRUPTIBLE);
        spin_unlock(&transaction->t_handle_lock);
        spin_unlock(&journal->j_state_lock);
        schedule();
        finish_wait(&journal->j_wait_updates, &wait);
        spin_lock(&journal->j_state_lock);
    }
    spin_unlock(&journal->j_state_lock);
}

void journal_unlock_updates (journal_t *journal)
{
    J_ASSERT(journal->j_barrier_count != 0);

    spin_lock(&journal->j_state_lock);
    --journal->j_barrier_count;
    spin_unlock(&journal->j_state_lock);
    wake_up(&journal->j_wait_transaction_locked);
}

static void warn_dirty_buffer(struct buffer_head *bh)
{
    char b[BDEVNAME_SIZE];

    printk(KERN_WARNING
           "JBD: Spotted dirty metadata buffer (dev = %s, blocknr = %llu). "
           "There's a risk of filesystem corruption in case of system "
           "crash.\n",
           bdevname(bh->b_bdev, b), (unsigned long long)bh->b_blocknr);
}

/*
 * If the buffer is already part of the current transaction, then there
 * is nothing we need to do.  If it is already part of a prior
 * transaction which we are still committing to disk, then we need to
 * make sure that we do not overwrite the old copy: we do copy-out to
 * preserve the copy going to disk.  We also account the buffer against
 * the handle's metadata buffer credits (unless the buffer is already
 * part of the transaction, that is).
 *
 */
static int
do_get_write_access(handle_t *handle, struct journal_head *jh,
            int force_copy)
{
    struct buffer_head *bh;
    transaction_t *transaction;
    journal_t *journal;
    int error;
    char *frozen_buffer = NULL;
    int need_copy = 0;

    if (is_handle_aborted(handle))
        return -EROFS;

    transaction = handle->h_transaction;
    journal = transaction->t_journal;

    jbd_debug(5, "journal_head %p, force_copy %d\n", jh, force_copy);

    JBUFFER_TRACE(jh, "entry");
repeat:
    bh = jh2bh(jh);

    /* @@@ Need to check for errors here at some point. */

    lock_buffer(bh);
    jbd_lock_bh_state(bh);

    /* We now hold the buffer lock so it is safe to query the buffer
     * state.  Is the buffer dirty?
     *
     * If so, there are two possibilities.  The buffer may be
     * non-journaled, and undergoing a quite legitimate writeback.
     * Otherwise, it is journaled, and we don't expect dirty buffers
     * in that state (the buffers should be marked JBD_Dirty
     * instead.)  So either the IO is being done under our own
     * control and this is a bug, or it's a third party IO such as
     * dump(8) (which may leave the buffer scheduled for read ---
     * ie. locked but not dirty) or tune2fs (which may actually have
     * the buffer dirtied, ugh.)  */

    if (buffer_dirty(bh)) {
        /*
         * First question: is this buffer already part of the current
         * transaction or the existing committing transaction?
         */
        if (jh->b_transaction) {
            J_ASSERT_JH(jh,
                jh->b_transaction == transaction ||
                jh->b_transaction ==
                    journal->j_committing_transaction);
            if (jh->b_next_transaction)
                J_ASSERT_JH(jh, jh->b_next_transaction ==
                            transaction);
            warn_dirty_buffer(bh);
        }
        /*
         * In any case we need to clean the dirty flag and we must
         * do it under the buffer lock to be sure we don't race
         * with running write-out.
         */
        JBUFFER_TRACE(jh, "Journalling dirty buffer");
        clear_buffer_dirty(bh);
        set_buffer_jbddirty(bh);
    }

    unlock_buffer(bh);

    error = -EROFS;
    if (is_handle_aborted(handle)) {
        jbd_unlock_bh_state(bh);
        goto out;
    }
    error = 0;

    /*
     * The buffer is already part of this transaction if b_transaction or
     * b_next_transaction points to it
     */
    if (jh->b_transaction == transaction ||
        jh->b_next_transaction == transaction)
        goto done;

    /*
     * this is the first time this transaction is touching this buffer,
     * reset the modified flag
     */
    jh->b_modified = 0;

    /*
     * If there is already a copy-out version of this buffer, then we don't
     * need to make another one
     */
    if (jh->b_frozen_data) {
        JBUFFER_TRACE(jh, "has frozen data");
        J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
        jh->b_next_transaction = transaction;
        goto done;
    }

    /* Is there data here we need to preserve? */

    if (jh->b_transaction && jh->b_transaction != transaction) {
        JBUFFER_TRACE(jh, "owned by older transaction");
        J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
        J_ASSERT_JH(jh, jh->b_transaction ==
                    journal->j_committing_transaction);

        /* There is one case we have to be very careful about.
         * If the committing transaction is currently writing
         * this buffer out to disk and has NOT made a copy-out,
         * then we cannot modify the buffer contents at all
         * right now.  The essence of copy-out is that it is the
         * extra copy, not the primary copy, which gets
         * journaled.  If the primary copy is already going to
         * disk then we cannot do copy-out here. */

        if (jh->b_jlist == BJ_Shadow) {
            DEFINE_WAIT_BIT(wait, &bh->b_state, BH_Unshadow);
            wait_queue_head_t *wqh;

            wqh = bit_waitqueue(&bh->b_state, BH_Unshadow);

            JBUFFER_TRACE(jh, "on shadow: sleep");
            jbd_unlock_bh_state(bh);
            /* commit wakes up all shadow buffers after IO */
            for ( ; ; ) {
                prepare_to_wait(wqh, &wait.wait,
                        TASK_UNINTERRUPTIBLE);
                if (jh->b_jlist != BJ_Shadow)
                    break;
                schedule();
            }
            finish_wait(wqh, &wait.wait);
            goto repeat;
        }

        /* Only do the copy if the currently-owning transaction
         * still needs it.  If it is on the Forget list, the
         * committing transaction is past that stage.  The
         * buffer had better remain locked during the kmalloc,
         * but that should be true --- we hold the journal lock
         * still and the buffer is already on the BUF_JOURNAL
         * list so won't be flushed.
         *
         * Subtle point, though: if this is a get_undo_access,
         * then we will be relying on the frozen_data to contain
         * the new value of the committed_data record after the
         * transaction, so we HAVE to force the frozen_data copy
         * in that case. */

        if (jh->b_jlist != BJ_Forget || force_copy) {
            JBUFFER_TRACE(jh, "generate frozen data");
            if (!frozen_buffer) {
                JBUFFER_TRACE(jh, "allocate memory for buffer");
                jbd_unlock_bh_state(bh);
                frozen_buffer =
                    jbd_alloc(jh2bh(jh)->b_size,
                             GFP_NOFS);
                if (!frozen_buffer) {
                    printk(KERN_EMERG
                           "%s: OOM for frozen_buffer\n",
                           __func__);
                    JBUFFER_TRACE(jh, "oom!");
                    error = -ENOMEM;
                    jbd_lock_bh_state(bh);
                    goto done;
                }
                goto repeat;
            }
            jh->b_frozen_data = frozen_buffer;
            frozen_buffer = NULL;
            need_copy = 1;
        }
        jh->b_next_transaction = transaction;
    }


    /*
     * Finally, if the buffer is not journaled right now, we need to make
     * sure it doesn't get written to disk before the caller actually
     * commits the new data
     */
    if (!jh->b_transaction) {
        JBUFFER_TRACE(jh, "no transaction");
        J_ASSERT_JH(jh, !jh->b_next_transaction);
        JBUFFER_TRACE(jh, "file as BJ_Reserved");
        spin_lock(&journal->j_list_lock);
        __journal_file_buffer(jh, transaction, BJ_Reserved);
        spin_unlock(&journal->j_list_lock);
    }

done:
    if (need_copy) {
        struct page *page;
        int offset;
        char *source;

        J_EXPECT_JH(jh, buffer_uptodate(jh2bh(jh)),
                "Possible IO failure.\n");
        page = jh2bh(jh)->b_page;
        offset = offset_in_page(jh2bh(jh)->b_data);
        source = kmap_atomic(page);
        memcpy(jh->b_frozen_data, source+offset, jh2bh(jh)->b_size);
        kunmap_atomic(source);
    }
    jbd_unlock_bh_state(bh);

    /*
     * If we are about to journal a buffer, then any revoke pending on it is
     * no longer valid
     */
    journal_cancel_revoke(handle, jh);

out:
    if (unlikely(frozen_buffer))    /* It's usually NULL */
        jbd_free(frozen_buffer, bh->b_size);

    JBUFFER_TRACE(jh, "exit");
    return error;
}

int journal_get_write_access(handle_t *handle, struct buffer_head *bh)
{
    struct journal_head *jh = journal_add_journal_head(bh);
    int rc;

    /* We do not want to get caught playing with fields which the
     * log thread also manipulates.  Make sure that the buffer
     * completes any outstanding IO before proceeding. */
    rc = do_get_write_access(handle, jh, 0);
    journal_put_journal_head(jh);
    return rc;
}


/*
 * When the user wants to journal a newly created buffer_head
 * (ie. getblk() returned a new buffer and we are going to populate it
 * manually rather than reading off disk), then we need to keep the
 * buffer_head locked until it has been completely filled with new
 * data.  In this case, we should be able to make the assertion that
 * the bh is not already part of an existing transaction.
 *
 * The buffer should already be locked by the caller by this point.
 * There is no lock ranking violation: it was a newly created,
 * unlocked buffer beforehand. */

int journal_get_create_access(handle_t *handle, struct buffer_head *bh)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    struct journal_head *jh = journal_add_journal_head(bh);
    int err;

    jbd_debug(5, "journal_head %p\n", jh);
    err = -EROFS;
    if (is_handle_aborted(handle))
        goto out;
    err = 0;

    JBUFFER_TRACE(jh, "entry");
    /*
     * The buffer may already belong to this transaction due to pre-zeroing
     * in the filesystem's new_block code.  It may also be on the previous,
     * committing transaction's lists, but it HAS to be in Forget state in
     * that case: the transaction must have deleted the buffer for it to be
     * reused here.
     */
    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);
    J_ASSERT_JH(jh, (jh->b_transaction == transaction ||
        jh->b_transaction == NULL ||
        (jh->b_transaction == journal->j_committing_transaction &&
              jh->b_jlist == BJ_Forget)));

    J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
    J_ASSERT_JH(jh, buffer_locked(jh2bh(jh)));

    if (jh->b_transaction == NULL) {
        /*
         * Previous journal_forget() could have left the buffer
         * with jbddirty bit set because it was being committed. When
         * the commit finished, we've filed the buffer for
         * checkpointing and marked it dirty. Now we are reallocating
         * the buffer so the transaction freeing it must have
         * committed and so it's safe to clear the dirty bit.
         */
        clear_buffer_dirty(jh2bh(jh));

        /* first access by this transaction */
        jh->b_modified = 0;

        JBUFFER_TRACE(jh, "file as BJ_Reserved");
        __journal_file_buffer(jh, transaction, BJ_Reserved);
    } else if (jh->b_transaction == journal->j_committing_transaction) {
        /* first access by this transaction */
        jh->b_modified = 0;

        JBUFFER_TRACE(jh, "set next transaction");
        jh->b_next_transaction = transaction;
    }
    spin_unlock(&journal->j_list_lock);
    jbd_unlock_bh_state(bh);

    /*
     * akpm: I added this.  ext3_alloc_branch can pick up new indirect
     * blocks which contain freed but then revoked metadata.  We need
     * to cancel the revoke in case we end up freeing it yet again
     * and the reallocating as data - this would cause a second revoke,
     * which hits an assertion error.
     */
    JBUFFER_TRACE(jh, "cancelling revoke");
    journal_cancel_revoke(handle, jh);
out:
    journal_put_journal_head(jh);
    return err;
}

int journal_get_undo_access(handle_t *handle, struct buffer_head *bh)
{
    int err;
    struct journal_head *jh = journal_add_journal_head(bh);
    char *committed_data = NULL;

    JBUFFER_TRACE(jh, "entry");

    /*
     * Do this first --- it can drop the journal lock, so we want to
     * make sure that obtaining the committed_data is done
     * atomically wrt. completion of any outstanding commits.
     */
    err = do_get_write_access(handle, jh, 1);
    if (err)
        goto out;

repeat:
    if (!jh->b_committed_data) {
        committed_data = jbd_alloc(jh2bh(jh)->b_size, GFP_NOFS);
        if (!committed_data) {
            printk(KERN_EMERG "%s: No memory for committed data\n",
                __func__);
            err = -ENOMEM;
            goto out;
        }
    }

    jbd_lock_bh_state(bh);
    if (!jh->b_committed_data) {
        /* Copy out the current buffer contents into the
         * preserved, committed copy. */
        JBUFFER_TRACE(jh, "generate b_committed data");
        if (!committed_data) {
            jbd_unlock_bh_state(bh);
            goto repeat;
        }

        jh->b_committed_data = committed_data;
        committed_data = NULL;
        memcpy(jh->b_committed_data, bh->b_data, bh->b_size);
    }
    jbd_unlock_bh_state(bh);
out:
    journal_put_journal_head(jh);
    if (unlikely(committed_data))
        jbd_free(committed_data, bh->b_size);
    return err;
}

int journal_dirty_data(handle_t *handle, struct buffer_head *bh)
{
    journal_t *journal = handle->h_transaction->t_journal;
    int need_brelse = 0;
    struct journal_head *jh;
    int ret = 0;

    if (is_handle_aborted(handle))
        return ret;

    jh = journal_add_journal_head(bh);
    JBUFFER_TRACE(jh, "entry");

    /*
     * The buffer could *already* be dirty.  Writeout can start
     * at any time.
     */
    jbd_debug(4, "jh: %p, tid:%d\n", jh, handle->h_transaction->t_tid);

    /*
     * What if the buffer is already part of a running transaction?
     *
     * There are two cases:
     * 1) It is part of the current running transaction.  Refile it,
     *    just in case we have allocated it as metadata, deallocated
     *    it, then reallocated it as data.
     * 2) It is part of the previous, still-committing transaction.
     *    If all we want to do is to guarantee that the buffer will be
     *    written to disk before this new transaction commits, then
     *    being sure that the *previous* transaction has this same
     *    property is sufficient for us!  Just leave it on its old
     *    transaction.
     *
     * In case (2), the buffer must not already exist as metadata
     * --- that would violate write ordering (a transaction is free
     * to write its data at any point, even before the previous
     * committing transaction has committed).  The caller must
     * never, ever allow this to happen: there's nothing we can do
     * about it in this layer.
     */
    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);

    /* Now that we have bh_state locked, are we really still mapped? */
    if (!buffer_mapped(bh)) {
        JBUFFER_TRACE(jh, "unmapped buffer, bailing out");
        goto no_journal;
    }

    if (jh->b_transaction) {
        JBUFFER_TRACE(jh, "has transaction");
        if (jh->b_transaction != handle->h_transaction) {
            JBUFFER_TRACE(jh, "belongs to older transaction");
            J_ASSERT_JH(jh, jh->b_transaction ==
                    journal->j_committing_transaction);

            /* @@@ IS THIS TRUE  ? */
            /*
             * Not any more.  Scenario: someone does a write()
             * in data=journal mode.  The buffer's transaction has
             * moved into commit.  Then someone does another
             * write() to the file.  We do the frozen data copyout
             * and set b_next_transaction to point to j_running_t.
             * And while we're in that state, someone does a
             * writepage() in an attempt to pageout the same area
             * of the file via a shared mapping.  At present that
             * calls journal_dirty_data(), and we get right here.
             * It may be too late to journal the data.  Simply
             * falling through to the next test will suffice: the
             * data will be dirty and wil be checkpointed.  The
             * ordering comments in the next comment block still
             * apply.
             */
            //J_ASSERT_JH(jh, jh->b_next_transaction == NULL);

            /*
             * If we're journalling data, and this buffer was
             * subject to a write(), it could be metadata, forget
             * or shadow against the committing transaction.  Now,
             * someone has dirtied the same darn page via a mapping
             * and it is being writepage()'d.
             * We *could* just steal the page from commit, with some
             * fancy locking there.  Instead, we just skip it -
             * don't tie the page's buffers to the new transaction
             * at all.
             * Implication: if we crash before the writepage() data
             * is written into the filesystem, recovery will replay
             * the write() data.
             */
            if (jh->b_jlist != BJ_None &&
                    jh->b_jlist != BJ_SyncData &&
                    jh->b_jlist != BJ_Locked) {
                JBUFFER_TRACE(jh, "Not stealing");
                goto no_journal;
            }

            /*
             * This buffer may be undergoing writeout in commit.  We
             * can't return from here and let the caller dirty it
             * again because that can cause the write-out loop in
             * commit to never terminate.
             */
            if (buffer_dirty(bh)) {
                get_bh(bh);
                spin_unlock(&journal->j_list_lock);
                jbd_unlock_bh_state(bh);
                need_brelse = 1;
                sync_dirty_buffer(bh);
                jbd_lock_bh_state(bh);
                spin_lock(&journal->j_list_lock);
                /* Since we dropped the lock... */
                if (!buffer_mapped(bh)) {
                    JBUFFER_TRACE(jh, "buffer got unmapped");
                    goto no_journal;
                }
                /* The buffer may become locked again at any
                   time if it is redirtied */
            }

            /*
             * We cannot remove the buffer with io error from the
             * committing transaction, because otherwise it would
             * miss the error and the commit would not abort.
             */
            if (unlikely(!buffer_uptodate(bh))) {
                ret = -EIO;
                goto no_journal;
            }
            /* We might have slept so buffer could be refiled now */
            if (jh->b_transaction != NULL &&
                jh->b_transaction != handle->h_transaction) {
                JBUFFER_TRACE(jh, "unfile from commit");
                __journal_temp_unlink_buffer(jh);
                /* It still points to the committing
                 * transaction; move it to this one so
                 * that the refile assert checks are
                 * happy. */
                jh->b_transaction = handle->h_transaction;
            }
            /* The buffer will be refiled below */

        }
        /*
         * Special case --- the buffer might actually have been
         * allocated and then immediately deallocated in the previous,
         * committing transaction, so might still be left on that
         * transaction's metadata lists.
         */
        if (jh->b_jlist != BJ_SyncData && jh->b_jlist != BJ_Locked) {
            JBUFFER_TRACE(jh, "not on correct data list: unfile");
            J_ASSERT_JH(jh, jh->b_jlist != BJ_Shadow);
            JBUFFER_TRACE(jh, "file as data");
            __journal_file_buffer(jh, handle->h_transaction,
                        BJ_SyncData);
        }
    } else {
        JBUFFER_TRACE(jh, "not on a transaction");
        __journal_file_buffer(jh, handle->h_transaction, BJ_SyncData);
    }
no_journal:
    spin_unlock(&journal->j_list_lock);
    jbd_unlock_bh_state(bh);
    if (need_brelse) {
        BUFFER_TRACE(bh, "brelse");
        __brelse(bh);
    }
    JBUFFER_TRACE(jh, "exit");
    journal_put_journal_head(jh);
    return ret;
}

int journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    struct journal_head *jh = bh2jh(bh);

    jbd_debug(5, "journal_head %p\n", jh);
    JBUFFER_TRACE(jh, "entry");
    if (is_handle_aborted(handle))
        goto out;

    jbd_lock_bh_state(bh);

    if (jh->b_modified == 0) {
        /*
         * This buffer's got modified and becoming part
         * of the transaction. This needs to be done
         * once a transaction -bzzz
         */
        jh->b_modified = 1;
        J_ASSERT_JH(jh, handle->h_buffer_credits > 0);
        handle->h_buffer_credits--;
    }

    /*
     * fastpath, to avoid expensive locking.  If this buffer is already
     * on the running transaction's metadata list there is nothing to do.
     * Nobody can take it off again because there is a handle open.
     * I _think_ we're OK here with SMP barriers - a mistaken decision will
     * result in this test being false, so we go in and take the locks.
     */
    if (jh->b_transaction == transaction && jh->b_jlist == BJ_Metadata) {
        JBUFFER_TRACE(jh, "fastpath");
        J_ASSERT_JH(jh, jh->b_transaction ==
                    journal->j_running_transaction);
        goto out_unlock_bh;
    }

    set_buffer_jbddirty(bh);

    /*
     * Metadata already on the current transaction list doesn't
     * need to be filed.  Metadata on another transaction's list must
     * be committing, and will be refiled once the commit completes:
     * leave it alone for now.
     */
    if (jh->b_transaction != transaction) {
        JBUFFER_TRACE(jh, "already on other transaction");
        J_ASSERT_JH(jh, jh->b_transaction ==
                    journal->j_committing_transaction);
        J_ASSERT_JH(jh, jh->b_next_transaction == transaction);
        /* And this case is illegal: we can't reuse another
         * transaction's data buffer, ever. */
        goto out_unlock_bh;
    }

    /* That test should have eliminated the following case: */
    J_ASSERT_JH(jh, jh->b_frozen_data == NULL);

    JBUFFER_TRACE(jh, "file as BJ_Metadata");
    spin_lock(&journal->j_list_lock);
    __journal_file_buffer(jh, handle->h_transaction, BJ_Metadata);
    spin_unlock(&journal->j_list_lock);
out_unlock_bh:
    jbd_unlock_bh_state(bh);
out:
    JBUFFER_TRACE(jh, "exit");
    return 0;
}

/*
 * journal_release_buffer: undo a get_write_access without any buffer
 * updates, if the update decided in the end that it didn't need access.
 *
 */
void
journal_release_buffer(handle_t *handle, struct buffer_head *bh)
{
    BUFFER_TRACE(bh, "entry");
}

int journal_forget (handle_t *handle, struct buffer_head *bh)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    struct journal_head *jh;
    int drop_reserve = 0;
    int err = 0;
    int was_modified = 0;

    BUFFER_TRACE(bh, "entry");

    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);

    if (!buffer_jbd(bh))
        goto not_jbd;
    jh = bh2jh(bh);

    /* Critical error: attempting to delete a bitmap buffer, maybe?
     * Don't do any jbd operations, and return an error. */
    if (!J_EXPECT_JH(jh, !jh->b_committed_data,
             "inconsistent data on disk")) {
        err = -EIO;
        goto not_jbd;
    }

    /* keep track of wether or not this transaction modified us */
    was_modified = jh->b_modified;

    /*
     * The buffer's going from the transaction, we must drop
     * all references -bzzz
     */
    jh->b_modified = 0;

    if (jh->b_transaction == handle->h_transaction) {
        J_ASSERT_JH(jh, !jh->b_frozen_data);

        /* If we are forgetting a buffer which is already part
         * of this transaction, then we can just drop it from
         * the transaction immediately. */
        clear_buffer_dirty(bh);
        clear_buffer_jbddirty(bh);

        JBUFFER_TRACE(jh, "belongs to current transaction: unfile");

        /*
         * we only want to drop a reference if this transaction
         * modified the buffer
         */
        if (was_modified)
            drop_reserve = 1;

        /*
         * We are no longer going to journal this buffer.
         * However, the commit of this transaction is still
         * important to the buffer: the delete that we are now
         * processing might obsolete an old log entry, so by
         * committing, we can satisfy the buffer's checkpoint.
         *
         * So, if we have a checkpoint on the buffer, we should
         * now refile the buffer on our BJ_Forget list so that
         * we know to remove the checkpoint after we commit.
         */

        if (jh->b_cp_transaction) {
            __journal_temp_unlink_buffer(jh);
            __journal_file_buffer(jh, transaction, BJ_Forget);
        } else {
            __journal_unfile_buffer(jh);
            if (!buffer_jbd(bh)) {
                spin_unlock(&journal->j_list_lock);
                jbd_unlock_bh_state(bh);
                __bforget(bh);
                goto drop;
            }
        }
    } else if (jh->b_transaction) {
        J_ASSERT_JH(jh, (jh->b_transaction ==
                 journal->j_committing_transaction));
        /* However, if the buffer is still owned by a prior
         * (committing) transaction, we can't drop it yet... */
        JBUFFER_TRACE(jh, "belongs to older transaction");
        /* ... but we CAN drop it from the new transaction if we
         * have also modified it since the original commit. */

        if (jh->b_next_transaction) {
            J_ASSERT(jh->b_next_transaction == transaction);
            jh->b_next_transaction = NULL;

            /*
             * only drop a reference if this transaction modified
             * the buffer
             */
            if (was_modified)
                drop_reserve = 1;
        }
    }

not_jbd:
    spin_unlock(&journal->j_list_lock);
    jbd_unlock_bh_state(bh);
    __brelse(bh);
drop:
    if (drop_reserve) {
        /* no need to reserve log space for this block -bzzz */
        handle->h_buffer_credits++;
    }
    return err;
}

int journal_stop(handle_t *handle)
{
    transaction_t *transaction = handle->h_transaction;
    journal_t *journal = transaction->t_journal;
    int err;
    pid_t pid;

    J_ASSERT(journal_current_handle() == handle);

    if (is_handle_aborted(handle))
        err = -EIO;
    else {
        J_ASSERT(transaction->t_updates > 0);
        err = 0;
    }

    if (--handle->h_ref > 0) {
        jbd_debug(4, "h_ref %d -> %d\n", handle->h_ref + 1,
              handle->h_ref);
        return err;
    }

    jbd_debug(4, "Handle %p going down\n", handle);

    /*
     * Implement synchronous transaction batching.  If the handle
     * was synchronous, don't force a commit immediately.  Let's
     * yield and let another thread piggyback onto this transaction.
     * Keep doing that while new threads continue to arrive.
     * It doesn't cost much - we're about to run a commit and sleep
     * on IO anyway.  Speeds up many-threaded, many-dir operations
     * by 30x or more...
     *
     * We try and optimize the sleep time against what the underlying disk
     * can do, instead of having a static sleep time.  This is useful for
     * the case where our storage is so fast that it is more optimal to go
     * ahead and force a flush and wait for the transaction to be committed
     * than it is to wait for an arbitrary amount of time for new writers to
     * join the transaction.  We achieve this by measuring how long it takes
     * to commit a transaction, and compare it with how long this
     * transaction has been running, and if run time < commit time then we
     * sleep for the delta and commit.  This greatly helps super fast disks
     * that would see slowdowns as more threads started doing fsyncs.
     *
     * But don't do this if this process was the most recent one to
     * perform a synchronous write.  We do this to detect the case where a
     * single process is doing a stream of sync writes.  No point in waiting
     * for joiners in that case.
     */
    pid = current->pid;
    if (handle->h_sync && journal->j_last_sync_writer != pid) {
        u64 commit_time, trans_time;

        journal->j_last_sync_writer = pid;

        spin_lock(&journal->j_state_lock);
        commit_time = journal->j_average_commit_time;
        spin_unlock(&journal->j_state_lock);

        trans_time = ktime_to_ns(ktime_sub(ktime_get(),
                           transaction->t_start_time));

        commit_time = min_t(u64, commit_time,
                    1000*jiffies_to_usecs(1));

        if (trans_time < commit_time) {
            ktime_t expires = ktime_add_ns(ktime_get(),
                               commit_time);
            set_current_state(TASK_UNINTERRUPTIBLE);
            schedule_hrtimeout(&expires, HRTIMER_MODE_ABS);
        }
    }

    current->journal_info = NULL;
    spin_lock(&journal->j_state_lock);
    spin_lock(&transaction->t_handle_lock);
    transaction->t_outstanding_credits -= handle->h_buffer_credits;
    transaction->t_updates--;
    if (!transaction->t_updates) {
        wake_up(&journal->j_wait_updates);
        if (journal->j_barrier_count)
            wake_up(&journal->j_wait_transaction_locked);
    }

    /*
     * If the handle is marked SYNC, we need to set another commit
     * going!  We also want to force a commit if the current
     * transaction is occupying too much of the log, or if the
     * transaction is too old now.
     */
    if (handle->h_sync ||
            transaction->t_outstanding_credits >
                journal->j_max_transaction_buffers ||
            time_after_eq(jiffies, transaction->t_expires)) {
        /* Do this even for aborted journals: an abort still
         * completes the commit thread, it just doesn't write
         * anything to disk. */
        tid_t tid = transaction->t_tid;

        spin_unlock(&transaction->t_handle_lock);
        jbd_debug(2, "transaction too old, requesting commit for "
                    "handle %p\n", handle);
        /* This is non-blocking */
        __log_start_commit(journal, transaction->t_tid);
        spin_unlock(&journal->j_state_lock);

        /*
         * Special case: JFS_SYNC synchronous updates require us
         * to wait for the commit to complete.
         */
        if (handle->h_sync && !(current->flags & PF_MEMALLOC))
            err = log_wait_commit(journal, tid);
    } else {
        spin_unlock(&transaction->t_handle_lock);
        spin_unlock(&journal->j_state_lock);
    }

    lock_map_release(&handle->h_lockdep_map);

    jbd_free_handle(handle);
    return err;
}

int journal_force_commit(journal_t *journal)
{
    handle_t *handle;
    int ret;

    handle = journal_start(journal, 1);
    if (IS_ERR(handle)) {
        ret = PTR_ERR(handle);
    } else {
        handle->h_sync = 1;
        ret = journal_stop(handle);
    }
    return ret;
}

/*
 *
 * List management code snippets: various functions for manipulating the
 * transaction buffer lists.
 *
 */

/*
 * Append a buffer to a transaction list, given the transaction's list head
 * pointer.
 *
 * j_list_lock is held.
 *
 * jbd_lock_bh_state(jh2bh(jh)) is held.
 */

static inline void
__blist_add_buffer(struct journal_head **list, struct journal_head *jh)
{
    if (!*list) {
        jh->b_tnext = jh->b_tprev = jh;
        *list = jh;
    } else {
        /* Insert at the tail of the list to preserve order */
        struct journal_head *first = *list, *last = first->b_tprev;
        jh->b_tprev = last;
        jh->b_tnext = first;
        last->b_tnext = first->b_tprev = jh;
    }
}

/*
 * Remove a buffer from a transaction list, given the transaction's list
 * head pointer.
 *
 * Called with j_list_lock held, and the journal may not be locked.
 *
 * jbd_lock_bh_state(jh2bh(jh)) is held.
 */

static inline void
__blist_del_buffer(struct journal_head **list, struct journal_head *jh)
{
    if (*list == jh) {
        *list = jh->b_tnext;
        if (*list == jh)
            *list = NULL;
    }
    jh->b_tprev->b_tnext = jh->b_tnext;
    jh->b_tnext->b_tprev = jh->b_tprev;
}

/*
 * Remove a buffer from the appropriate transaction list.
 *
 * Note that this function can *change* the value of
 * bh->b_transaction->t_sync_datalist, t_buffers, t_forget,
 * t_iobuf_list, t_shadow_list, t_log_list or t_reserved_list.  If the caller
 * is holding onto a copy of one of thee pointers, it could go bad.
 * Generally the caller needs to re-read the pointer from the transaction_t.
 *
 * Called under j_list_lock.  The journal may not be locked.
 */
static void __journal_temp_unlink_buffer(struct journal_head *jh)
{
    struct journal_head **list = NULL;
    transaction_t *transaction;
    struct buffer_head *bh = jh2bh(jh);

    J_ASSERT_JH(jh, jbd_is_locked_bh_state(bh));
    transaction = jh->b_transaction;
    if (transaction)
        assert_spin_locked(&transaction->t_journal->j_list_lock);

    J_ASSERT_JH(jh, jh->b_jlist < BJ_Types);
    if (jh->b_jlist != BJ_None)
        J_ASSERT_JH(jh, transaction != NULL);

    switch (jh->b_jlist) {
    case BJ_None:
        return;
    case BJ_SyncData:
        list = &transaction->t_sync_datalist;
        break;
    case BJ_Metadata:
        transaction->t_nr_buffers--;
        J_ASSERT_JH(jh, transaction->t_nr_buffers >= 0);
        list = &transaction->t_buffers;
        break;
    case BJ_Forget:
        list = &transaction->t_forget;
        break;
    case BJ_IO:
        list = &transaction->t_iobuf_list;
        break;
    case BJ_Shadow:
        list = &transaction->t_shadow_list;
        break;
    case BJ_LogCtl:
        list = &transaction->t_log_list;
        break;
    case BJ_Reserved:
        list = &transaction->t_reserved_list;
        break;
    case BJ_Locked:
        list = &transaction->t_locked_list;
        break;
    }

    __blist_del_buffer(list, jh);
    jh->b_jlist = BJ_None;
    if (test_clear_buffer_jbddirty(bh))
        mark_buffer_dirty(bh);  /* Expose it to the VM */
}

/*
 * Remove buffer from all transactions.
 *
 * Called with bh_state lock and j_list_lock
 *
 * jh and bh may be already freed when this function returns.
 */
void __journal_unfile_buffer(struct journal_head *jh)
{
    __journal_temp_unlink_buffer(jh);
    jh->b_transaction = NULL;
    journal_put_journal_head(jh);
}

void journal_unfile_buffer(journal_t *journal, struct journal_head *jh)
{
    struct buffer_head *bh = jh2bh(jh);

    /* Get reference so that buffer cannot be freed before we unlock it */
    get_bh(bh);
    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);
    __journal_unfile_buffer(jh);
    spin_unlock(&journal->j_list_lock);
    jbd_unlock_bh_state(bh);
    __brelse(bh);
}

/*
 * Called from journal_try_to_free_buffers().
 *
 * Called under jbd_lock_bh_state(bh)
 */
static void
__journal_try_to_free_buffer(journal_t *journal, struct buffer_head *bh)
{
    struct journal_head *jh;

    jh = bh2jh(bh);

    if (buffer_locked(bh) || buffer_dirty(bh))
        goto out;

    if (jh->b_next_transaction != NULL)
        goto out;

    spin_lock(&journal->j_list_lock);
    if (jh->b_transaction != NULL && jh->b_cp_transaction == NULL) {
        if (jh->b_jlist == BJ_SyncData || jh->b_jlist == BJ_Locked) {
            /* A written-back ordered data buffer */
            JBUFFER_TRACE(jh, "release data");
            __journal_unfile_buffer(jh);
        }
    } else if (jh->b_cp_transaction != NULL && jh->b_transaction == NULL) {
        /* written-back checkpointed metadata buffer */
        if (jh->b_jlist == BJ_None) {
            JBUFFER_TRACE(jh, "remove from checkpoint list");
            __journal_remove_checkpoint(jh);
        }
    }
    spin_unlock(&journal->j_list_lock);
out:
    return;
}

int journal_try_to_free_buffers(journal_t *journal,
                struct page *page, gfp_t gfp_mask)
{
    struct buffer_head *head;
    struct buffer_head *bh;
    int ret = 0;

    J_ASSERT(PageLocked(page));

    head = page_buffers(page);
    bh = head;
    do {
        struct journal_head *jh;

        /*
         * We take our own ref against the journal_head here to avoid
         * having to add tons of locking around each instance of
         * journal_put_journal_head().
         */
        jh = journal_grab_journal_head(bh);
        if (!jh)
            continue;

        jbd_lock_bh_state(bh);
        __journal_try_to_free_buffer(journal, bh);
        journal_put_journal_head(jh);
        jbd_unlock_bh_state(bh);
        if (buffer_jbd(bh))
            goto busy;
    } while ((bh = bh->b_this_page) != head);

    ret = try_to_free_buffers(page);

busy:
    return ret;
}

/*
 * This buffer is no longer needed.  If it is on an older transaction's
 * checkpoint list we need to record it on this transaction's forget list
 * to pin this buffer (and hence its checkpointing transaction) down until
 * this transaction commits.  If the buffer isn't on a checkpoint list, we
 * release it.
 * Returns non-zero if JBD no longer has an interest in the buffer.
 *
 * Called under j_list_lock.
 *
 * Called under jbd_lock_bh_state(bh).
 */
static int __dispose_buffer(struct journal_head *jh, transaction_t *transaction)
{
    int may_free = 1;
    struct buffer_head *bh = jh2bh(jh);

    if (jh->b_cp_transaction) {
        JBUFFER_TRACE(jh, "on running+cp transaction");
        __journal_temp_unlink_buffer(jh);
        /*
         * We don't want to write the buffer anymore, clear the
         * bit so that we don't confuse checks in
         * __journal_file_buffer
         */
        clear_buffer_dirty(bh);
        __journal_file_buffer(jh, transaction, BJ_Forget);
        may_free = 0;
    } else {
        JBUFFER_TRACE(jh, "on running transaction");
        __journal_unfile_buffer(jh);
    }
    return may_free;
}

/*
 * journal_invalidatepage
 *
 * This code is tricky.  It has a number of cases to deal with.
 *
 * There are two invariants which this code relies on:
 *
 * i_size must be updated on disk before we start calling invalidatepage on the
 * data.
 *
 *  This is done in ext3 by defining an ext3_setattr method which
 *  updates i_size before truncate gets going.  By maintaining this
 *  invariant, we can be sure that it is safe to throw away any buffers
 *  attached to the current transaction: once the transaction commits,
 *  we know that the data will not be needed.
 *
 *  Note however that we can *not* throw away data belonging to the
 *  previous, committing transaction!
 *
 * Any disk blocks which *are* part of the previous, committing
 * transaction (and which therefore cannot be discarded immediately) are
 * not going to be reused in the new running transaction
 *
 *  The bitmap committed_data images guarantee this: any block which is
 *  allocated in one transaction and removed in the next will be marked
 *  as in-use in the committed_data bitmap, so cannot be reused until
 *  the next transaction to delete the block commits.  This means that
 *  leaving committing buffers dirty is quite safe: the disk blocks
 *  cannot be reallocated to a different file and so buffer aliasing is
 *  not possible.
 *
 *
 * The above applies mainly to ordered data mode.  In writeback mode we
 * don't make guarantees about the order in which data hits disk --- in
 * particular we don't guarantee that new dirty data is flushed before
 * transaction commit --- so it is always safe just to discard data
 * immediately in that mode.  --sct
 */

/*
 * The journal_unmap_buffer helper function returns zero if the buffer
 * concerned remains pinned as an anonymous buffer belonging to an older
 * transaction.
 *
 * We're outside-transaction here.  Either or both of j_running_transaction
 * and j_committing_transaction may be NULL.
 */
static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
                int partial_page)
{
    transaction_t *transaction;
    struct journal_head *jh;
    int may_free = 1;

    BUFFER_TRACE(bh, "entry");

retry:
    /*
     * It is safe to proceed here without the j_list_lock because the
     * buffers cannot be stolen by try_to_free_buffers as long as we are
     * holding the page lock. --sct
     */

    if (!buffer_jbd(bh))
        goto zap_buffer_unlocked;

    spin_lock(&journal->j_state_lock);
    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);

    jh = journal_grab_journal_head(bh);
    if (!jh)
        goto zap_buffer_no_jh;

    /*
     * We cannot remove the buffer from checkpoint lists until the
     * transaction adding inode to orphan list (let's call it T)
     * is committed.  Otherwise if the transaction changing the
     * buffer would be cleaned from the journal before T is
     * committed, a crash will cause that the correct contents of
     * the buffer will be lost.  On the other hand we have to
     * clear the buffer dirty bit at latest at the moment when the
     * transaction marking the buffer as freed in the filesystem
     * structures is committed because from that moment on the
     * block can be reallocated and used by a different page.
     * Since the block hasn't been freed yet but the inode has
     * already been added to orphan list, it is safe for us to add
     * the buffer to BJ_Forget list of the newest transaction.
     *
     * Also we have to clear buffer_mapped flag of a truncated buffer
     * because the buffer_head may be attached to the page straddling
     * i_size (can happen only when blocksize < pagesize) and thus the
     * buffer_head can be reused when the file is extended again. So we end
     * up keeping around invalidated buffers attached to transactions'
     * BJ_Forget list just to stop checkpointing code from cleaning up
     * the transaction this buffer was modified in.
     */
    transaction = jh->b_transaction;
    if (transaction == NULL) {
        /* First case: not on any transaction.  If it
         * has no checkpoint link, then we can zap it:
         * it's a writeback-mode buffer so we don't care
         * if it hits disk safely. */
        if (!jh->b_cp_transaction) {
            JBUFFER_TRACE(jh, "not on any transaction: zap");
            goto zap_buffer;
        }

        if (!buffer_dirty(bh)) {
            /* bdflush has written it.  We can drop it now */
            goto zap_buffer;
        }

        /* OK, it must be in the journal but still not
         * written fully to disk: it's metadata or
         * journaled data... */

        if (journal->j_running_transaction) {
            /* ... and once the current transaction has
             * committed, the buffer won't be needed any
             * longer. */
            JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
            may_free = __dispose_buffer(jh,
                    journal->j_running_transaction);
            goto zap_buffer;
        } else {
            /* There is no currently-running transaction. So the
             * orphan record which we wrote for this file must have
             * passed into commit.  We must attach this buffer to
             * the committing transaction, if it exists. */
            if (journal->j_committing_transaction) {
                JBUFFER_TRACE(jh, "give to committing trans");
                may_free = __dispose_buffer(jh,
                    journal->j_committing_transaction);
                goto zap_buffer;
            } else {
                /* The orphan record's transaction has
                 * committed.  We can cleanse this buffer */
                clear_buffer_jbddirty(bh);
                goto zap_buffer;
            }
        }
    } else if (transaction == journal->j_committing_transaction) {
        JBUFFER_TRACE(jh, "on committing transaction");
        if (jh->b_jlist == BJ_Locked) {
            /*
             * The buffer is on the committing transaction's locked
             * list.  We have the buffer locked, so I/O has
             * completed.  So we can nail the buffer now.
             */
            may_free = __dispose_buffer(jh, transaction);
            goto zap_buffer;
        }
        /*
         * The buffer is committing, we simply cannot touch
         * it. If the page is straddling i_size we have to wait
         * for commit and try again.
         */
        if (partial_page) {
            tid_t tid = journal->j_committing_transaction->t_tid;

            journal_put_journal_head(jh);
            spin_unlock(&journal->j_list_lock);
            jbd_unlock_bh_state(bh);
            spin_unlock(&journal->j_state_lock);
            unlock_buffer(bh);
            log_wait_commit(journal, tid);
            lock_buffer(bh);
            goto retry;
        }
        /*
         * OK, buffer won't be reachable after truncate. We just set
         * j_next_transaction to the running transaction (if there is
         * one) and mark buffer as freed so that commit code knows it
         * should clear dirty bits when it is done with the buffer.
         */
        set_buffer_freed(bh);
        if (journal->j_running_transaction && buffer_jbddirty(bh))
            jh->b_next_transaction = journal->j_running_transaction;
        journal_put_journal_head(jh);
        spin_unlock(&journal->j_list_lock);
        jbd_unlock_bh_state(bh);
        spin_unlock(&journal->j_state_lock);
        return 0;
    } else {
        /* Good, the buffer belongs to the running transaction.
         * We are writing our own transaction's data, not any
         * previous one's, so it is safe to throw it away
         * (remember that we expect the filesystem to have set
         * i_size already for this truncate so recovery will not
         * expose the disk blocks we are discarding here.) */
        J_ASSERT_JH(jh, transaction == journal->j_running_transaction);
        JBUFFER_TRACE(jh, "on running transaction");
        may_free = __dispose_buffer(jh, transaction);
    }

zap_buffer:
    /*
     * This is tricky. Although the buffer is truncated, it may be reused
     * if blocksize < pagesize and it is attached to the page straddling
     * EOF. Since the buffer might have been added to BJ_Forget list of the
     * running transaction, journal_get_write_access() won't clear
     * b_modified and credit accounting gets confused. So clear b_modified
     * here. */
    jh->b_modified = 0;
    journal_put_journal_head(jh);
zap_buffer_no_jh:
    spin_unlock(&journal->j_list_lock);
    jbd_unlock_bh_state(bh);
    spin_unlock(&journal->j_state_lock);
zap_buffer_unlocked:
    clear_buffer_dirty(bh);
    J_ASSERT_BH(bh, !buffer_jbddirty(bh));
    clear_buffer_mapped(bh);
    clear_buffer_req(bh);
    clear_buffer_new(bh);
    bh->b_bdev = NULL;
    return may_free;
}

void journal_invalidatepage(journal_t *journal,
              struct page *page,
              unsigned long offset)
{
    struct buffer_head *head, *bh, *next;
    unsigned int curr_off = 0;
    int may_free = 1;

    if (!PageLocked(page))
        BUG();
    if (!page_has_buffers(page))
        return;

    /* We will potentially be playing with lists other than just the
     * data lists (especially for journaled data mode), so be
     * cautious in our locking. */

    head = bh = page_buffers(page);
    do {
        unsigned int next_off = curr_off + bh->b_size;
        next = bh->b_this_page;

        if (offset <= curr_off) {
            /* This block is wholly outside the truncation point */
            lock_buffer(bh);
            may_free &= journal_unmap_buffer(journal, bh,
                             offset > 0);
            unlock_buffer(bh);
        }
        curr_off = next_off;
        bh = next;

    } while (bh != head);

    if (!offset) {
        if (may_free && try_to_free_buffers(page))
            J_ASSERT(!page_has_buffers(page));
    }
}

/*
 * File a buffer on the given transaction list.
 */
void __journal_file_buffer(struct journal_head *jh,
            transaction_t *transaction, int jlist)
{
    struct journal_head **list = NULL;
    int was_dirty = 0;
    struct buffer_head *bh = jh2bh(jh);

    J_ASSERT_JH(jh, jbd_is_locked_bh_state(bh));
    assert_spin_locked(&transaction->t_journal->j_list_lock);

    J_ASSERT_JH(jh, jh->b_jlist < BJ_Types);
    J_ASSERT_JH(jh, jh->b_transaction == transaction ||
                jh->b_transaction == NULL);

    if (jh->b_transaction && jh->b_jlist == jlist)
        return;

    if (jlist == BJ_Metadata || jlist == BJ_Reserved ||
        jlist == BJ_Shadow || jlist == BJ_Forget) {
        /*
         * For metadata buffers, we track dirty bit in buffer_jbddirty
         * instead of buffer_dirty. We should not see a dirty bit set
         * here because we clear it in do_get_write_access but e.g.
         * tune2fs can modify the sb and set the dirty bit at any time
         * so we try to gracefully handle that.
         */
        if (buffer_dirty(bh))
            warn_dirty_buffer(bh);
        if (test_clear_buffer_dirty(bh) ||
            test_clear_buffer_jbddirty(bh))
            was_dirty = 1;
    }

    if (jh->b_transaction)
        __journal_temp_unlink_buffer(jh);
    else
        journal_grab_journal_head(bh);
    jh->b_transaction = transaction;

    switch (jlist) {
    case BJ_None:
        J_ASSERT_JH(jh, !jh->b_committed_data);
        J_ASSERT_JH(jh, !jh->b_frozen_data);
        return;
    case BJ_SyncData:
        list = &transaction->t_sync_datalist;
        break;
    case BJ_Metadata:
        transaction->t_nr_buffers++;
        list = &transaction->t_buffers;
        break;
    case BJ_Forget:
        list = &transaction->t_forget;
        break;
    case BJ_IO:
        list = &transaction->t_iobuf_list;
        break;
    case BJ_Shadow:
        list = &transaction->t_shadow_list;
        break;
    case BJ_LogCtl:
        list = &transaction->t_log_list;
        break;
    case BJ_Reserved:
        list = &transaction->t_reserved_list;
        break;
    case BJ_Locked:
        list =  &transaction->t_locked_list;
        break;
    }

    __blist_add_buffer(list, jh);
    jh->b_jlist = jlist;

    if (was_dirty)
        set_buffer_jbddirty(bh);
}

void journal_file_buffer(struct journal_head *jh,
                transaction_t *transaction, int jlist)
{
    jbd_lock_bh_state(jh2bh(jh));
    spin_lock(&transaction->t_journal->j_list_lock);
    __journal_file_buffer(jh, transaction, jlist);
    spin_unlock(&transaction->t_journal->j_list_lock);
    jbd_unlock_bh_state(jh2bh(jh));
}

/*
 * Remove a buffer from its current buffer list in preparation for
 * dropping it from its current transaction entirely.  If the buffer has
 * already started to be used by a subsequent transaction, refile the
 * buffer on that transaction's metadata list.
 *
 * Called under j_list_lock
 * Called under jbd_lock_bh_state(jh2bh(jh))
 *
 * jh and bh may be already free when this function returns
 */
void __journal_refile_buffer(struct journal_head *jh)
{
    int was_dirty, jlist;
    struct buffer_head *bh = jh2bh(jh);

    J_ASSERT_JH(jh, jbd_is_locked_bh_state(bh));
    if (jh->b_transaction)
        assert_spin_locked(&jh->b_transaction->t_journal->j_list_lock);

    /* If the buffer is now unused, just drop it. */
    if (jh->b_next_transaction == NULL) {
        __journal_unfile_buffer(jh);
        return;
    }

    /*
     * It has been modified by a later transaction: add it to the new
     * transaction's metadata list.
     */

    was_dirty = test_clear_buffer_jbddirty(bh);
    __journal_temp_unlink_buffer(jh);
    /*
     * We set b_transaction here because b_next_transaction will inherit
     * our jh reference and thus __journal_file_buffer() must not take a
     * new one.
     */
    jh->b_transaction = jh->b_next_transaction;
    jh->b_next_transaction = NULL;
    if (buffer_freed(bh))
        jlist = BJ_Forget;
    else if (jh->b_modified)
        jlist = BJ_Metadata;
    else
        jlist = BJ_Reserved;
    __journal_file_buffer(jh, jh->b_transaction, jlist);
    J_ASSERT_JH(jh, jh->b_transaction->t_state == T_RUNNING);

    if (was_dirty)
        set_buffer_jbddirty(bh);
}

/*
 * __journal_refile_buffer() with necessary locking added. We take our bh
 * reference so that we can safely unlock bh.
 *
 * The jh and bh may be freed by this call.
 */
void journal_refile_buffer(journal_t *journal, struct journal_head *jh)
{
    struct buffer_head *bh = jh2bh(jh);

    /* Get reference so that buffer cannot be freed before we unlock it */
    get_bh(bh);
    jbd_lock_bh_state(bh);
    spin_lock(&journal->j_list_lock);
    __journal_refile_buffer(jh);
    jbd_unlock_bh_state(bh);
    spin_unlock(&journal->j_list_lock);
    __brelse(bh);
}