xfs_trans.c source code [linux/fs/xfs/xfs_trans.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Copyright (c) 2000-2003,2005 Silicon Graphics, Inc.
4	* Copyright (C) 2010 Red Hat, Inc.
5	* All Rights Reserved.
6	*/
7	#include "xfs.h"
8	#include "xfs_fs.h"
9	#include "xfs_shared.h"
10	#include "xfs_format.h"
11	#include "xfs_log_format.h"
12	#include "xfs_trans_resv.h"
13	#include "xfs_mount.h"
14	#include "xfs_extent_busy.h"
15	#include "xfs_quota.h"
16	#include "xfs_trans.h"
17	#include "xfs_trans_priv.h"
18	#include "xfs_log.h"
19	#include "xfs_log_priv.h"
20	#include "xfs_trace.h"
21	#include "xfs_error.h"
22	#include "xfs_defer.h"
23	#include "xfs_inode.h"
24	#include "xfs_dquot_item.h"
25	#include "xfs_dquot.h"
26	#include "xfs_icache.h"
27	#include "xfs_rtbitmap.h"
28
29	struct kmem_cache *xfs_trans_cache;
30
31	#if defined(CONFIG_TRACEPOINTS)
32	static void
33	xfs_trans_trace_reservations(
34	struct xfs_mount *mp)
35	{
36	struct xfs_trans_res *res;
37	struct xfs_trans_res *end_res;
38	int i;
39
40	res = (struct xfs_trans_res *)M_RES(mp);
41	end_res = (struct xfs_trans_res *)(M_RES(mp) + `1`);
42	for (i = `0`; res < end_res; i++, res++)
43	trace_xfs_trans_resv_calc(mp, type: i, res);
44	}
45	#else
46	# define xfs_trans_trace_reservations(mp)
47	#endif
48
49	/*
50	* Initialize the precomputed transaction reservation values
51	* in the mount structure.
52	*/
53	void
54	xfs_trans_init(
55	struct xfs_mount *mp)
56	{
57	xfs_trans_resv_calc(mp, M_RES(mp));
58	xfs_trans_trace_reservations(mp);
59	}
60
61	/*
62	* Free the transaction structure. If there is more clean up
63	* to do when the structure is freed, add it here.
64	*/
65	STATIC void
66	xfs_trans_free(
67	struct xfs_trans *tp)
68	{
69	xfs_extent_busy_sort(list: &tp->t_busy);
70	xfs_extent_busy_clear(mp: tp->t_mountp, list: &tp->t_busy, do_discard: false);
71
72	trace_xfs_trans_free(tp, _RET_IP_);
73	xfs_trans_clear_context(tp);
74	if (!(tp->t_flags & XFS_TRANS_NO_WRITECOUNT))
75	sb_end_intwrite(sb: tp->t_mountp->m_super);
76	xfs_trans_free_dqinfo(tp);
77	kmem_cache_free(s: xfs_trans_cache, objp: tp);
78	}
79
80	/*
81	* This is called to create a new transaction which will share the
82	* permanent log reservation of the given transaction. The remaining
83	* unused block and rt extent reservations are also inherited. This
84	* implies that the original transaction is no longer allowed to allocate
85	* blocks. Locks and log items, however, are no inherited. They must
86	* be added to the new transaction explicitly.
87	*/
88	STATIC struct xfs_trans *
89	xfs_trans_dup(
90	struct xfs_trans *tp)
91	{
92	struct xfs_trans *ntp;
93
94	trace_xfs_trans_dup(tp, _RET_IP_);
95
96	ntp = kmem_cache_zalloc(k: xfs_trans_cache, GFP_KERNEL \| __GFP_NOFAIL);
97
98	/*
99	* Initialize the new transaction structure.
100	*/
101	ntp->t_magic = XFS_TRANS_HEADER_MAGIC;
102	ntp->t_mountp = tp->t_mountp;
103	INIT_LIST_HEAD(list: &ntp->t_items);
104	INIT_LIST_HEAD(list: &ntp->t_busy);
105	INIT_LIST_HEAD(list: &ntp->t_dfops);
106	ntp->t_highest_agno = NULLAGNUMBER;
107
108	ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
109	ASSERT(tp->t_ticket != NULL);
110
111	ntp->t_flags = XFS_TRANS_PERM_LOG_RES \|
112	(tp->t_flags & XFS_TRANS_RESERVE) \|
113	(tp->t_flags & XFS_TRANS_NO_WRITECOUNT) \|
114	(tp->t_flags & XFS_TRANS_RES_FDBLKS);
115	/ We gave our writer reference to the new transaction /
116	tp->t_flags \|= XFS_TRANS_NO_WRITECOUNT;
117	ntp->t_ticket = xfs_log_ticket_get(ticket: tp->t_ticket);
118
119	ASSERT(tp->t_blk_res >= tp->t_blk_res_used);
120	ntp->t_blk_res = tp->t_blk_res - tp->t_blk_res_used;
121	tp->t_blk_res = tp->t_blk_res_used;
122
123	ntp->t_rtx_res = tp->t_rtx_res - tp->t_rtx_res_used;
124	tp->t_rtx_res = tp->t_rtx_res_used;
125
126	xfs_trans_switch_context(old_tp: tp, new_tp: ntp);
127
128	/ move deferred ops over to the new tp /
129	xfs_defer_move(ntp, tp);
130
131	xfs_trans_dup_dqinfo(tp, ntp);
132	return ntp;
133	}
134
135	/*
136	* This is called to reserve free disk blocks and log space for the
137	* given transaction. This must be done before allocating any resources
138	* within the transaction.
139	*
140	* This will return ENOSPC if there are not enough blocks available.
141	* It will sleep waiting for available log space.
142	* The only valid value for the flags parameter is XFS_RES_LOG_PERM, which
143	* is used by long running transactions. If any one of the reservations
144	* fails then they will all be backed out.
145	*
146	* This does not do quota reservations. That typically is done by the
147	* caller afterwards.
148	*/
149	static int
150	xfs_trans_reserve(
151	struct xfs_trans *tp,
152	struct xfs_trans_res *resp,
153	uint blocks,
154	uint rtextents)
155	{
156	struct xfs_mount *mp = tp->t_mountp;
157	int error = `0`;
158	bool rsvd = (tp->t_flags & XFS_TRANS_RESERVE) != `0`;
159
160	/*
161	* Attempt to reserve the needed disk blocks by decrementing
162	* the number needed from the number available. This will
163	* fail if the count would go below zero.
164	*/
165	if (blocks > `0`) {
166	error = xfs_mod_fdblocks(mp, delta: -((int64_t)blocks), reserved: rsvd);
167	if (error != `0`)
168	return -ENOSPC;
169	tp->t_blk_res += blocks;
170	}
171
172	/*
173	* Reserve the log space needed for this transaction.
174	*/
175	if (resp->tr_logres > `0`) {
176	bool permanent = false;
177
178	ASSERT(tp->t_log_res == `0` \|\|
179	tp->t_log_res == resp->tr_logres);
180	ASSERT(tp->t_log_count == `0` \|\|
181	tp->t_log_count == resp->tr_logcount);
182
183	if (resp->tr_logflags & XFS_TRANS_PERM_LOG_RES) {
184	tp->t_flags \|= XFS_TRANS_PERM_LOG_RES;
185	permanent = true;
186	} else {
187	ASSERT(tp->t_ticket == NULL);
188	ASSERT(!(tp->t_flags & XFS_TRANS_PERM_LOG_RES));
189	}
190
191	if (tp->t_ticket != NULL) {
192	ASSERT(resp->tr_logflags & XFS_TRANS_PERM_LOG_RES);
193	error = xfs_log_regrant(mp, tic: tp->t_ticket);
194	} else {
195	error = xfs_log_reserve(mp, length: resp->tr_logres,
196	count: resp->tr_logcount,
197	ticket: &tp->t_ticket, permanent);
198	}
199
200	if (error)
201	goto undo_blocks;
202
203	tp->t_log_res = resp->tr_logres;
204	tp->t_log_count = resp->tr_logcount;
205	}
206
207	/*
208	* Attempt to reserve the needed realtime extents by decrementing
209	* the number needed from the number available. This will
210	* fail if the count would go below zero.
211	*/
212	if (rtextents > `0`) {
213	error = xfs_mod_frextents(mp, delta: -((int64_t)rtextents));
214	if (error) {
215	error = -ENOSPC;
216	goto undo_log;
217	}
218	tp->t_rtx_res += rtextents;
219	}
220
221	return `0`;
222
223	/*
224	* Error cases jump to one of these labels to undo any
225	* reservations which have already been performed.
226	*/
227	undo_log:
228	if (resp->tr_logres > `0`) {
229	xfs_log_ticket_ungrant(log: mp->m_log, ticket: tp->t_ticket);
230	tp->t_ticket = NULL;
231	tp->t_log_res = `0`;
232	tp->t_flags &= ~XFS_TRANS_PERM_LOG_RES;
233	}
234
235	undo_blocks:
236	if (blocks > `0`) {
237	xfs_mod_fdblocks(mp, delta: (int64_t)blocks, reserved: rsvd);
238	tp->t_blk_res = `0`;
239	}
240	return error;
241	}
242
243	int
244	xfs_trans_alloc(
245	struct xfs_mount *mp,
246	struct xfs_trans_res *resp,
247	uint blocks,
248	uint rtextents,
249	uint flags,
250	struct xfs_trans **tpp)
251	{
252	struct xfs_trans *tp;
253	bool want_retry = true;
254	int error;
255
256	/*
257	* Allocate the handle before we do our freeze accounting and setting up
258	* GFP_NOFS allocation context so that we avoid lockdep false positives
259	* by doing GFP_KERNEL allocations inside sb_start_intwrite().
260	*/
261	retry:
262	tp = kmem_cache_zalloc(k: xfs_trans_cache, GFP_KERNEL \| __GFP_NOFAIL);
263	if (!(flags & XFS_TRANS_NO_WRITECOUNT))
264	sb_start_intwrite(sb: mp->m_super);
265	xfs_trans_set_context(tp);
266
267	/*
268	* Zero-reservation ("empty") transactions can't modify anything, so
269	* they're allowed to run while we're frozen.
270	*/
271	WARN_ON(resp->tr_logres > `0` &&
272	mp->m_super->s_writers.frozen == SB_FREEZE_COMPLETE);
273	ASSERT(!(flags & XFS_TRANS_RES_FDBLKS) \|\|
274	xfs_has_lazysbcount(mp));
275
276	tp->t_magic = XFS_TRANS_HEADER_MAGIC;
277	tp->t_flags = flags;
278	tp->t_mountp = mp;
279	INIT_LIST_HEAD(list: &tp->t_items);
280	INIT_LIST_HEAD(list: &tp->t_busy);
281	INIT_LIST_HEAD(list: &tp->t_dfops);
282	tp->t_highest_agno = NULLAGNUMBER;
283
284	error = xfs_trans_reserve(tp, resp, blocks, rtextents);
285	if (error == -ENOSPC && want_retry) {
286	xfs_trans_cancel(tp);
287
288	/*
289	* We weren't able to reserve enough space for the transaction.
290	* Flush the other speculative space allocations to free space.
291	* Do not perform a synchronous scan because callers can hold
292	* other locks.
293	*/
294	error = xfs_blockgc_flush_all(mp);
295	if (error)
296	return error;
297	want_retry = false;
298	goto retry;
299	}
300	if (error) {
301	xfs_trans_cancel(tp);
302	return error;
303	}
304
305	trace_xfs_trans_alloc(tp, _RET_IP_);
306
307	*tpp = tp;
308	return `0`;
309	}
310
311	/*
312	* Create an empty transaction with no reservation. This is a defensive
313	* mechanism for routines that query metadata without actually modifying them --
314	* if the metadata being queried is somehow cross-linked (think a btree block
315	* pointer that points higher in the tree), we risk deadlock. However, blocks
316	* grabbed as part of a transaction can be re-grabbed. The verifiers will
317	* notice the corrupt block and the operation will fail back to userspace
318	* without deadlocking.
319	*
320	* Note the zero-length reservation; this transaction MUST be cancelled without
321	* any dirty data.
322	*
323	* Callers should obtain freeze protection to avoid a conflict with fs freezing
324	* where we can be grabbing buffers at the same time that freeze is trying to
325	* drain the buffer LRU list.
326	*/
327	int
328	xfs_trans_alloc_empty(
329	struct xfs_mount *mp,
330	struct xfs_trans **tpp)
331	{
332	struct xfs_trans_res resv = {`0`};
333
334	return xfs_trans_alloc(mp, &resv, `0`, `0`, XFS_TRANS_NO_WRITECOUNT, tpp);
335	}
336
337	/*
338	* Record the indicated change to the given field for application
339	* to the file system's superblock when the transaction commits.
340	* For now, just store the change in the transaction structure.
341	*
342	* Mark the transaction structure to indicate that the superblock
343	* needs to be updated before committing.
344	*
345	* Because we may not be keeping track of allocated/free inodes and
346	* used filesystem blocks in the superblock, we do not mark the
347	* superblock dirty in this transaction if we modify these fields.
348	* We still need to update the transaction deltas so that they get
349	* applied to the incore superblock, but we don't want them to
350	* cause the superblock to get locked and logged if these are the
351	* only fields in the superblock that the transaction modifies.
352	*/
353	void
354	xfs_trans_mod_sb(
355	xfs_trans_t *tp,
356	uint field,
357	int64_t delta)
358	{
359	uint32_t flags = (XFS_TRANS_DIRTY\|XFS_TRANS_SB_DIRTY);
360	xfs_mount_t *mp = tp->t_mountp;
361
362	switch (field) {
363	case XFS_TRANS_SB_ICOUNT:
364	tp->t_icount_delta += delta;
365	if (xfs_has_lazysbcount(mp))
366	flags &= ~XFS_TRANS_SB_DIRTY;
367	break;
368	case XFS_TRANS_SB_IFREE:
369	tp->t_ifree_delta += delta;
370	if (xfs_has_lazysbcount(mp))
371	flags &= ~XFS_TRANS_SB_DIRTY;
372	break;
373	case XFS_TRANS_SB_FDBLOCKS:
374	/*
375	* Track the number of blocks allocated in the transaction.
376	* Make sure it does not exceed the number reserved. If so,
377	* shutdown as this can lead to accounting inconsistency.
378	*/
379	if (delta < `0`) {
380	tp->t_blk_res_used += (uint)-delta;
381	if (tp->t_blk_res_used > tp->t_blk_res)
382	xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
383	} else if (delta > `0` && (tp->t_flags & XFS_TRANS_RES_FDBLKS)) {
384	int64_t blkres_delta;
385
386	/*
387	* Return freed blocks directly to the reservation
388	* instead of the global pool, being careful not to
389	* overflow the trans counter. This is used to preserve
390	* reservation across chains of transaction rolls that
391	* repeatedly free and allocate blocks.
392	*/
393	blkres_delta = min_t(int64_t, delta,
394	UINT_MAX - tp->t_blk_res);
395	tp->t_blk_res += blkres_delta;
396	delta -= blkres_delta;
397	}
398	tp->t_fdblocks_delta += delta;
399	if (xfs_has_lazysbcount(mp))
400	flags &= ~XFS_TRANS_SB_DIRTY;
401	break;
402	case XFS_TRANS_SB_RES_FDBLOCKS:
403	/*
404	* The allocation has already been applied to the
405	* in-core superblock's counter. This should only
406	* be applied to the on-disk superblock.
407	*/
408	tp->t_res_fdblocks_delta += delta;
409	if (xfs_has_lazysbcount(mp))
410	flags &= ~XFS_TRANS_SB_DIRTY;
411	break;
412	case XFS_TRANS_SB_FREXTENTS:
413	/*
414	* Track the number of blocks allocated in the
415	* transaction. Make sure it does not exceed the
416	* number reserved.
417	*/
418	if (delta < `0`) {
419	tp->t_rtx_res_used += (uint)-delta;
420	ASSERT(tp->t_rtx_res_used <= tp->t_rtx_res);
421	}
422	tp->t_frextents_delta += delta;
423	break;
424	case XFS_TRANS_SB_RES_FREXTENTS:
425	/*
426	* The allocation has already been applied to the
427	* in-core superblock's counter. This should only
428	* be applied to the on-disk superblock.
429	*/
430	ASSERT(delta < `0`);
431	tp->t_res_frextents_delta += delta;
432	break;
433	case XFS_TRANS_SB_DBLOCKS:
434	tp->t_dblocks_delta += delta;
435	break;
436	case XFS_TRANS_SB_AGCOUNT:
437	ASSERT(delta > `0`);
438	tp->t_agcount_delta += delta;
439	break;
440	case XFS_TRANS_SB_IMAXPCT:
441	tp->t_imaxpct_delta += delta;
442	break;
443	case XFS_TRANS_SB_REXTSIZE:
444	tp->t_rextsize_delta += delta;
445	break;
446	case XFS_TRANS_SB_RBMBLOCKS:
447	tp->t_rbmblocks_delta += delta;
448	break;
449	case XFS_TRANS_SB_RBLOCKS:
450	tp->t_rblocks_delta += delta;
451	break;
452	case XFS_TRANS_SB_REXTENTS:
453	tp->t_rextents_delta += delta;
454	break;
455	case XFS_TRANS_SB_REXTSLOG:
456	tp->t_rextslog_delta += delta;
457	break;
458	default:
459	ASSERT(`0`);
460	return;
461	}
462
463	tp->t_flags \|= flags;
464	}
465
466	/*
467	* xfs_trans_apply_sb_deltas() is called from the commit code
468	* to bring the superblock buffer into the current transaction
469	* and modify it as requested by earlier calls to xfs_trans_mod_sb().
470	*
471	* For now we just look at each field allowed to change and change
472	* it if necessary.
473	*/
474	STATIC void
475	xfs_trans_apply_sb_deltas(
476	xfs_trans_t *tp)
477	{
478	struct xfs_dsb *sbp;
479	struct xfs_buf *bp;
480	int whole = `0`;
481
482	bp = xfs_trans_getsb(tp);
483	sbp = bp->b_addr;
484
485	/*
486	* Only update the superblock counters if we are logging them
487	*/
488	if (!xfs_has_lazysbcount(mp: (tp->t_mountp))) {
489	if (tp->t_icount_delta)
490	be64_add_cpu(var: &sbp->sb_icount, val: tp->t_icount_delta);
491	if (tp->t_ifree_delta)
492	be64_add_cpu(var: &sbp->sb_ifree, val: tp->t_ifree_delta);
493	if (tp->t_fdblocks_delta)
494	be64_add_cpu(var: &sbp->sb_fdblocks, val: tp->t_fdblocks_delta);
495	if (tp->t_res_fdblocks_delta)
496	be64_add_cpu(var: &sbp->sb_fdblocks, val: tp->t_res_fdblocks_delta);
497	}
498
499	/*
500	* Updating frextents requires careful handling because it does not
501	* behave like the lazysb counters because we cannot rely on log
502	* recovery in older kenels to recompute the value from the rtbitmap.
503	* This means that the ondisk frextents must be consistent with the
504	* rtbitmap.
505	*
506	* Therefore, log the frextents change to the ondisk superblock and
507	* update the incore superblock so that future calls to xfs_log_sb
508	* write the correct value ondisk.
509	*
510	* Don't touch m_frextents because it includes incore reservations,
511	* and those are handled by the unreserve function.
512	*/
513	if (tp->t_frextents_delta \|\| tp->t_res_frextents_delta) {
514	struct xfs_mount *mp = tp->t_mountp;
515	int64_t rtxdelta;
516
517	rtxdelta = tp->t_frextents_delta + tp->t_res_frextents_delta;
518
519	spin_lock(lock: &mp->m_sb_lock);
520	be64_add_cpu(var: &sbp->sb_frextents, val: rtxdelta);
521	mp->m_sb.sb_frextents += rtxdelta;
522	spin_unlock(lock: &mp->m_sb_lock);
523	}
524
525	if (tp->t_dblocks_delta) {
526	be64_add_cpu(var: &sbp->sb_dblocks, val: tp->t_dblocks_delta);
527	whole = `1`;
528	}
529	if (tp->t_agcount_delta) {
530	be32_add_cpu(var: &sbp->sb_agcount, val: tp->t_agcount_delta);
531	whole = `1`;
532	}
533	if (tp->t_imaxpct_delta) {
534	sbp->sb_imax_pct += tp->t_imaxpct_delta;
535	whole = `1`;
536	}
537	if (tp->t_rextsize_delta) {
538	be32_add_cpu(var: &sbp->sb_rextsize, val: tp->t_rextsize_delta);
539	whole = `1`;
540	}
541	if (tp->t_rbmblocks_delta) {
542	be32_add_cpu(var: &sbp->sb_rbmblocks, val: tp->t_rbmblocks_delta);
543	whole = `1`;
544	}
545	if (tp->t_rblocks_delta) {
546	be64_add_cpu(var: &sbp->sb_rblocks, val: tp->t_rblocks_delta);
547	whole = `1`;
548	}
549	if (tp->t_rextents_delta) {
550	be64_add_cpu(var: &sbp->sb_rextents, val: tp->t_rextents_delta);
551	whole = `1`;
552	}
553	if (tp->t_rextslog_delta) {
554	sbp->sb_rextslog += tp->t_rextslog_delta;
555	whole = `1`;
556	}
557
558	xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
559	if (whole)
560	/*
561	* Log the whole thing, the fields are noncontiguous.
562	*/
563	xfs_trans_log_buf(tp, bp, `0`, sizeof(struct xfs_dsb) - `1`);
564	else
565	/*
566	* Since all the modifiable fields are contiguous, we
567	* can get away with this.
568	*/
569	xfs_trans_log_buf(tp, bp, offsetof(struct xfs_dsb, sb_icount),
570	offsetof(struct xfs_dsb, sb_frextents) +
571	sizeof(sbp->sb_frextents) - `1`);
572	}
573
574	/*
575	* xfs_trans_unreserve_and_mod_sb() is called to release unused reservations and
576	* apply superblock counter changes to the in-core superblock. The
577	* t_res_fdblocks_delta and t_res_frextents_delta fields are explicitly NOT
578	* applied to the in-core superblock. The idea is that that has already been
579	* done.
580	*
581	* If we are not logging superblock counters, then the inode allocated/free and
582	* used block counts are not updated in the on disk superblock. In this case,
583	* XFS_TRANS_SB_DIRTY will not be set when the transaction is updated but we
584	* still need to update the incore superblock with the changes.
585	*
586	* Deltas for the inode count are +/-64, hence we use a large batch size of 128
587	* so we don't need to take the counter lock on every update.
588	*/
589	#define XFS_ICOUNT_BATCH 128
590
591	void
592	xfs_trans_unreserve_and_mod_sb(
593	struct xfs_trans *tp)
594	{
595	struct xfs_mount *mp = tp->t_mountp;
596	bool rsvd = (tp->t_flags & XFS_TRANS_RESERVE) != `0`;
597	int64_t blkdelta = `0`;
598	int64_t rtxdelta = `0`;
599	int64_t idelta = `0`;
600	int64_t ifreedelta = `0`;
601	int error;
602
603	/ calculate deltas /
604	if (tp->t_blk_res > `0`)
605	blkdelta = tp->t_blk_res;
606	if ((tp->t_fdblocks_delta != `0`) &&
607	(xfs_has_lazysbcount(mp) \|\|
608	(tp->t_flags & XFS_TRANS_SB_DIRTY)))
609	blkdelta += tp->t_fdblocks_delta;
610
611	if (tp->t_rtx_res > `0`)
612	rtxdelta = tp->t_rtx_res;
613	if ((tp->t_frextents_delta != `0`) &&
614	(tp->t_flags & XFS_TRANS_SB_DIRTY))
615	rtxdelta += tp->t_frextents_delta;
616
617	if (xfs_has_lazysbcount(mp) \|\|
618	(tp->t_flags & XFS_TRANS_SB_DIRTY)) {
619	idelta = tp->t_icount_delta;
620	ifreedelta = tp->t_ifree_delta;
621	}
622
623	/ apply the per-cpu counters /
624	if (blkdelta) {
625	error = xfs_mod_fdblocks(mp, delta: blkdelta, reserved: rsvd);
626	ASSERT(!error);
627	}
628
629	if (idelta)
630	percpu_counter_add_batch(fbc: &mp->m_icount, amount: idelta,
631	XFS_ICOUNT_BATCH);
632
633	if (ifreedelta)
634	percpu_counter_add(fbc: &mp->m_ifree, amount: ifreedelta);
635
636	if (rtxdelta) {
637	error = xfs_mod_frextents(mp, delta: rtxdelta);
638	ASSERT(!error);
639	}
640
641	if (!(tp->t_flags & XFS_TRANS_SB_DIRTY))
642	return;
643
644	/ apply remaining deltas /
645	spin_lock(lock: &mp->m_sb_lock);
646	mp->m_sb.sb_fdblocks += tp->t_fdblocks_delta + tp->t_res_fdblocks_delta;
647	mp->m_sb.sb_icount += idelta;
648	mp->m_sb.sb_ifree += ifreedelta;
649	/*
650	* Do not touch sb_frextents here because we are dealing with incore
651	* reservation. sb_frextents is not part of the lazy sb counters so it
652	* must be consistent with the ondisk rtbitmap and must never include
653	* incore reservations.
654	*/
655	mp->m_sb.sb_dblocks += tp->t_dblocks_delta;
656	mp->m_sb.sb_agcount += tp->t_agcount_delta;
657	mp->m_sb.sb_imax_pct += tp->t_imaxpct_delta;
658	mp->m_sb.sb_rextsize += tp->t_rextsize_delta;
659	if (tp->t_rextsize_delta) {
660	mp->m_rtxblklog = log2_if_power2(b: mp->m_sb.sb_rextsize);
661	mp->m_rtxblkmask = mask64_if_power2(b: mp->m_sb.sb_rextsize);
662	}
663	mp->m_sb.sb_rbmblocks += tp->t_rbmblocks_delta;
664	mp->m_sb.sb_rblocks += tp->t_rblocks_delta;
665	mp->m_sb.sb_rextents += tp->t_rextents_delta;
666	mp->m_sb.sb_rextslog += tp->t_rextslog_delta;
667	spin_unlock(lock: &mp->m_sb_lock);
668
669	/*
670	* Debug checks outside of the spinlock so they don't lock up the
671	* machine if they fail.
672	*/
673	ASSERT(mp->m_sb.sb_imax_pct >= `0`);
674	ASSERT(mp->m_sb.sb_rextslog >= `0`);
675	return;
676	}
677
678	/ Add the given log item to the transaction's list of log items. /
679	void
680	xfs_trans_add_item(
681	struct xfs_trans *tp,
682	struct xfs_log_item *lip)
683	{
684	ASSERT(lip->li_log == tp->t_mountp->m_log);
685	ASSERT(lip->li_ailp == tp->t_mountp->m_ail);
686	ASSERT(list_empty(&lip->li_trans));
687	ASSERT(!test_bit(XFS_LI_DIRTY, &lip->li_flags));
688
689	list_add_tail(new: &lip->li_trans, head: &tp->t_items);
690	trace_xfs_trans_add_item(tp, _RET_IP_);
691	}
692
693	/*
694	* Unlink the log item from the transaction. the log item is no longer
695	* considered dirty in this transaction, as the linked transaction has
696	* finished, either by abort or commit completion.
697	*/
698	void
699	xfs_trans_del_item(
700	struct xfs_log_item *lip)
701	{
702	clear_bit(XFS_LI_DIRTY, addr: &lip->li_flags);
703	list_del_init(entry: &lip->li_trans);
704	}
705
706	/ Detach and unlock all of the items in a transaction /
707	static void
708	xfs_trans_free_items(
709	struct xfs_trans *tp,
710	bool abort)
711	{
712	struct xfs_log_item lip, next;
713
714	trace_xfs_trans_free_items(tp, _RET_IP_);
715
716	list_for_each_entry_safe(lip, next, &tp->t_items, li_trans) {
717	xfs_trans_del_item(lip);
718	if (abort)
719	set_bit(XFS_LI_ABORTED, addr: &lip->li_flags);
720	if (lip->li_ops->iop_release)
721	lip->li_ops->iop_release(lip);
722	}
723	}
724
725	static inline void
726	xfs_log_item_batch_insert(
727	struct xfs_ail *ailp,
728	struct xfs_ail_cursor *cur,
729	struct xfs_log_item **log_items,
730	int nr_items,
731	xfs_lsn_t commit_lsn)
732	{
733	int i;
734
735	spin_lock(lock: &ailp->ail_lock);
736	/ xfs_trans_ail_update_bulk drops ailp->ail_lock /
737	xfs_trans_ail_update_bulk(ailp, cur, log_items, nr_items, commit_lsn);
738
739	for (i = `0`; i < nr_items; i++) {
740	struct xfs_log_item *lip = log_items[i];
741
742	if (lip->li_ops->iop_unpin)
743	lip->li_ops->iop_unpin(lip, `0`);
744	}
745	}
746
747	/*
748	* Bulk operation version of xfs_trans_committed that takes a log vector of
749	* items to insert into the AIL. This uses bulk AIL insertion techniques to
750	* minimise lock traffic.
751	*
752	* If we are called with the aborted flag set, it is because a log write during
753	* a CIL checkpoint commit has failed. In this case, all the items in the
754	* checkpoint have already gone through iop_committed and iop_committing, which
755	* means that checkpoint commit abort handling is treated exactly the same
756	* as an iclog write error even though we haven't started any IO yet. Hence in
757	* this case all we need to do is iop_committed processing, followed by an
758	* iop_unpin(aborted) call.
759	*
760	* The AIL cursor is used to optimise the insert process. If commit_lsn is not
761	* at the end of the AIL, the insert cursor avoids the need to walk
762	* the AIL to find the insertion point on every xfs_log_item_batch_insert()
763	* call. This saves a lot of needless list walking and is a net win, even
764	* though it slightly increases that amount of AIL lock traffic to set it up
765	* and tear it down.
766	*/
767	void
768	xfs_trans_committed_bulk(
769	struct xfs_ail *ailp,
770	struct list_head *lv_chain,
771	xfs_lsn_t commit_lsn,
772	bool aborted)
773	{
774	#define LOG_ITEM_BATCH_SIZE 32
775	struct xfs_log_item *log_items[LOG_ITEM_BATCH_SIZE];
776	struct xfs_log_vec *lv;
777	struct xfs_ail_cursor cur;
778	int i = `0`;
779
780	spin_lock(lock: &ailp->ail_lock);
781	xfs_trans_ail_cursor_last(ailp, &cur, commit_lsn);
782	spin_unlock(lock: &ailp->ail_lock);
783
784	/ unpin all the log items /
785	list_for_each_entry(lv, lv_chain, lv_list) {
786	struct xfs_log_item *lip = lv->lv_item;
787	xfs_lsn_t item_lsn;
788
789	if (aborted)
790	set_bit(XFS_LI_ABORTED, addr: &lip->li_flags);
791
792	if (lip->li_ops->flags & XFS_ITEM_RELEASE_WHEN_COMMITTED) {
793	lip->li_ops->iop_release(lip);
794	continue;
795	}
796
797	if (lip->li_ops->iop_committed)
798	item_lsn = lip->li_ops->iop_committed(lip, commit_lsn);
799	else
800	item_lsn = commit_lsn;
801
802	/ item_lsn of -1 means the item needs no further processing /
803	if (XFS_LSN_CMP(item_lsn, (xfs_lsn_t)-`1`) == `0`)
804	continue;
805
806	/*
807	* if we are aborting the operation, no point in inserting the
808	* object into the AIL as we are in a shutdown situation.
809	*/
810	if (aborted) {
811	ASSERT(xlog_is_shutdown(ailp->ail_log));
812	if (lip->li_ops->iop_unpin)
813	lip->li_ops->iop_unpin(lip, `1`);
814	continue;
815	}
816
817	if (item_lsn != commit_lsn) {
818
819	/*
820	* Not a bulk update option due to unusual item_lsn.
821	* Push into AIL immediately, rechecking the lsn once
822	* we have the ail lock. Then unpin the item. This does
823	* not affect the AIL cursor the bulk insert path is
824	* using.
825	*/
826	spin_lock(lock: &ailp->ail_lock);
827	if (XFS_LSN_CMP(item_lsn, lip->li_lsn) > `0`)
828	xfs_trans_ail_update(ailp, lip, item_lsn);
829	else
830	spin_unlock(lock: &ailp->ail_lock);
831	if (lip->li_ops->iop_unpin)
832	lip->li_ops->iop_unpin(lip, `0`);
833	continue;
834	}
835
836	/ Item is a candidate for bulk AIL insert. /
837	log_items[i++] = lv->lv_item;
838	if (i >= LOG_ITEM_BATCH_SIZE) {
839	xfs_log_item_batch_insert(ailp, &cur, log_items,
840	LOG_ITEM_BATCH_SIZE, commit_lsn);
841	i = `0`;
842	}
843	}
844
845	/ make sure we insert the remainder! /
846	if (i)
847	xfs_log_item_batch_insert(ailp, &cur, log_items, i, commit_lsn);
848
849	spin_lock(lock: &ailp->ail_lock);
850	xfs_trans_ail_cursor_done(cur: &cur);
851	spin_unlock(lock: &ailp->ail_lock);
852	}
853
854	/*
855	* Sort transaction items prior to running precommit operations. This will
856	* attempt to order the items such that they will always be locked in the same
857	* order. Items that have no sort function are moved to the end of the list
858	* and so are locked last.
859	*
860	* This may need refinement as different types of objects add sort functions.
861	*
862	* Function is more complex than it needs to be because we are comparing 64 bit
863	* values and the function only returns 32 bit values.
864	*/
865	static int
866	xfs_trans_precommit_sort(
867	void *unused_arg,
868	const struct list_head *a,
869	const struct list_head *b)
870	{
871	struct xfs_log_item *lia = container_of(a,
872	struct xfs_log_item, li_trans);
873	struct xfs_log_item *lib = container_of(b,
874	struct xfs_log_item, li_trans);
875	int64_t diff;
876
877	/*
878	* If both items are non-sortable, leave them alone. If only one is
879	* sortable, move the non-sortable item towards the end of the list.
880	*/
881	if (!lia->li_ops->iop_sort && !lib->li_ops->iop_sort)
882	return `0`;
883	if (!lia->li_ops->iop_sort)
884	return `1`;
885	if (!lib->li_ops->iop_sort)
886	return -`1`;
887
888	diff = lia->li_ops->iop_sort(lia) - lib->li_ops->iop_sort(lib);
889	if (diff < `0`)
890	return -`1`;
891	if (diff > `0`)
892	return `1`;
893	return `0`;
894	}
895
896	/*
897	* Run transaction precommit functions.
898	*
899	* If there is an error in any of the callouts, then stop immediately and
900	* trigger a shutdown to abort the transaction. There is no recovery possible
901	* from errors at this point as the transaction is dirty....
902	*/
903	static int
904	xfs_trans_run_precommits(
905	struct xfs_trans *tp)
906	{
907	struct xfs_mount *mp = tp->t_mountp;
908	struct xfs_log_item lip, n;
909	int error = `0`;
910
911	/*
912	* Sort the item list to avoid ABBA deadlocks with other transactions
913	* running precommit operations that lock multiple shared items such as
914	* inode cluster buffers.
915	*/
916	list_sort(NULL, head: &tp->t_items, cmp: xfs_trans_precommit_sort);
917
918	/*
919	* Precommit operations can remove the log item from the transaction
920	* if the log item exists purely to delay modifications until they
921	* can be ordered against other operations. Hence we have to use
922	* list_for_each_entry_safe() here.
923	*/
924	list_for_each_entry_safe(lip, n, &tp->t_items, li_trans) {
925	if (!test_bit(XFS_LI_DIRTY, &lip->li_flags))
926	continue;
927	if (lip->li_ops->iop_precommit) {
928	error = lip->li_ops->iop_precommit(tp, lip);
929	if (error)
930	break;
931	}
932	}
933	if (error)
934	xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
935	return error;
936	}
937
938	/*
939	* Commit the given transaction to the log.
940	*
941	* XFS disk error handling mechanism is not based on a typical
942	* transaction abort mechanism. Logically after the filesystem
943	* gets marked 'SHUTDOWN', we can't let any new transactions
944	* be durable - ie. committed to disk - because some metadata might
945	* be inconsistent. In such cases, this returns an error, and the
946	* caller may assume that all locked objects joined to the transaction
947	* have already been unlocked as if the commit had succeeded.
948	* Do not reference the transaction structure after this call.
949	*/
950	static int
951	__xfs_trans_commit(
952	struct xfs_trans *tp,
953	bool regrant)
954	{
955	struct xfs_mount *mp = tp->t_mountp;
956	struct xlog *log = mp->m_log;
957	xfs_csn_t commit_seq = `0`;
958	int error = `0`;
959	int sync = tp->t_flags & XFS_TRANS_SYNC;
960
961	trace_xfs_trans_commit(tp, _RET_IP_);
962
963	error = xfs_trans_run_precommits(tp);
964	if (error) {
965	if (tp->t_flags & XFS_TRANS_PERM_LOG_RES)
966	xfs_defer_cancel(tp);
967	goto out_unreserve;
968	}
969
970	/*
971	* Finish deferred items on final commit. Only permanent transactions
972	* should ever have deferred ops.
973	*/
974	WARN_ON_ONCE(!list_empty(&tp->t_dfops) &&
975	!(tp->t_flags & XFS_TRANS_PERM_LOG_RES));
976	if (!regrant && (tp->t_flags & XFS_TRANS_PERM_LOG_RES)) {
977	error = xfs_defer_finish_noroll(&tp);
978	if (error)
979	goto out_unreserve;
980
981	/ Run precommits from final tx in defer chain. /
982	error = xfs_trans_run_precommits(tp);
983	if (error)
984	goto out_unreserve;
985	}
986
987	/*
988	* If there is nothing to be logged by the transaction,
989	* then unlock all of the items associated with the
990	* transaction and free the transaction structure.
991	* Also make sure to return any reserved blocks to
992	* the free pool.
993	*/
994	if (!(tp->t_flags & XFS_TRANS_DIRTY))
995	goto out_unreserve;
996
997	/*
998	* We must check against log shutdown here because we cannot abort log
999	* items and leave them dirty, inconsistent and unpinned in memory while
1000	* the log is active. This leaves them open to being written back to
1001	* disk, and that will lead to on-disk corruption.
1002	*/
1003	if (xlog_is_shutdown(log)) {
1004	error = -EIO;
1005	goto out_unreserve;
1006	}
1007
1008	ASSERT(tp->t_ticket != NULL);
1009
1010	/*
1011	* If we need to update the superblock, then do it now.
1012	*/
1013	if (tp->t_flags & XFS_TRANS_SB_DIRTY)
1014	xfs_trans_apply_sb_deltas(tp);
1015	xfs_trans_apply_dquot_deltas(tp);
1016
1017	xlog_cil_commit(log, tp, &commit_seq, regrant);
1018
1019	xfs_trans_free(tp);
1020
1021	/*
1022	* If the transaction needs to be synchronous, then force the
1023	* log out now and wait for it.
1024	*/
1025	if (sync) {
1026	error = xfs_log_force_seq(mp, commit_seq, XFS_LOG_SYNC, NULL);
1027	XFS_STATS_INC(mp, xs_trans_sync);
1028	} else {
1029	XFS_STATS_INC(mp, xs_trans_async);
1030	}
1031
1032	return error;
1033
1034	out_unreserve:
1035	xfs_trans_unreserve_and_mod_sb(tp);
1036
1037	/*
1038	* It is indeed possible for the transaction to be not dirty but
1039	* the dqinfo portion to be. All that means is that we have some
1040	* (non-persistent) quota reservations that need to be unreserved.
1041	*/
1042	xfs_trans_unreserve_and_mod_dquots(tp);
1043	if (tp->t_ticket) {
1044	if (regrant && !xlog_is_shutdown(log))
1045	xfs_log_ticket_regrant(log, ticket: tp->t_ticket);
1046	else
1047	xfs_log_ticket_ungrant(log, ticket: tp->t_ticket);
1048	tp->t_ticket = NULL;
1049	}
1050	xfs_trans_free_items(tp, abort: !!error);
1051	xfs_trans_free(tp);
1052
1053	XFS_STATS_INC(mp, xs_trans_empty);
1054	return error;
1055	}
1056
1057	int
1058	xfs_trans_commit(
1059	struct xfs_trans *tp)
1060	{
1061	return __xfs_trans_commit(tp, regrant: false);
1062	}
1063
1064	/*
1065	* Unlock all of the transaction's items and free the transaction. If the
1066	* transaction is dirty, we must shut down the filesystem because there is no
1067	* way to restore them to their previous state.
1068	*
1069	* If the transaction has made a log reservation, make sure to release it as
1070	* well.
1071	*
1072	* This is a high level function (equivalent to xfs_trans_commit()) and so can
1073	* be called after the transaction has effectively been aborted due to the mount
1074	* being shut down. However, if the mount has not been shut down and the
1075	* transaction is dirty we will shut the mount down and, in doing so, that
1076	* guarantees that the log is shut down, too. Hence we don't need to be as
1077	* careful with shutdown state and dirty items here as we need to be in
1078	* xfs_trans_commit().
1079	*/
1080	void
1081	xfs_trans_cancel(
1082	struct xfs_trans *tp)
1083	{
1084	struct xfs_mount *mp = tp->t_mountp;
1085	struct xlog *log = mp->m_log;
1086	bool dirty = (tp->t_flags & XFS_TRANS_DIRTY);
1087
1088	trace_xfs_trans_cancel(tp, _RET_IP_);
1089
1090	/*
1091	* It's never valid to cancel a transaction with deferred ops attached,
1092	* because the transaction is effectively dirty. Complain about this
1093	* loudly before freeing the in-memory defer items and shutting down the
1094	* filesystem.
1095	*/
1096	if (!list_empty(head: &tp->t_dfops)) {
1097	ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
1098	dirty = true;
1099	xfs_defer_cancel(tp);
1100	}
1101
1102	/*
1103	* See if the caller is relying on us to shut down the filesystem. We
1104	* only want an error report if there isn't already a shutdown in
1105	* progress, so we only need to check against the mount shutdown state
1106	* here.
1107	*/
1108	if (dirty && !xfs_is_shutdown(mp)) {
1109	XFS_ERROR_REPORT("xfs_trans_cancel", XFS_ERRLEVEL_LOW, mp);
1110	xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1111	}
1112	#ifdef DEBUG
1113	/ Log items need to be consistent until the log is shut down. /
1114	if (!dirty && !xlog_is_shutdown(log)) {
1115	struct xfs_log_item *lip;
1116
1117	list_for_each_entry(lip, &tp->t_items, li_trans)
1118	ASSERT(!xlog_item_is_intent_done(lip));
1119	}
1120	#endif
1121	xfs_trans_unreserve_and_mod_sb(tp);
1122	xfs_trans_unreserve_and_mod_dquots(tp);
1123
1124	if (tp->t_ticket) {
1125	xfs_log_ticket_ungrant(log, ticket: tp->t_ticket);
1126	tp->t_ticket = NULL;
1127	}
1128
1129	xfs_trans_free_items(tp, abort: dirty);
1130	xfs_trans_free(tp);
1131	}
1132
1133	/*
1134	* Roll from one trans in the sequence of PERMANENT transactions to
1135	* the next: permanent transactions are only flushed out when
1136	* committed with xfs_trans_commit(), but we still want as soon
1137	* as possible to let chunks of it go to the log. So we commit the
1138	* chunk we've been working on and get a new transaction to continue.
1139	*/
1140	int
1141	xfs_trans_roll(
1142	struct xfs_trans **tpp)
1143	{
1144	struct xfs_trans trans = tpp;
1145	struct xfs_trans_res tres;
1146	int error;
1147
1148	trace_xfs_trans_roll(tp: trans, _RET_IP_);
1149
1150	/*
1151	* Copy the critical parameters from one trans to the next.
1152	*/
1153	tres.tr_logres = trans->t_log_res;
1154	tres.tr_logcount = trans->t_log_count;
1155
1156	*tpp = xfs_trans_dup(tp: trans);
1157
1158	/*
1159	* Commit the current transaction.
1160	* If this commit failed, then it'd just unlock those items that
1161	* are not marked ihold. That also means that a filesystem shutdown
1162	* is in progress. The caller takes the responsibility to cancel
1163	* the duplicate transaction that gets returned.
1164	*/
1165	error = __xfs_trans_commit(tp: trans, regrant: true);
1166	if (error)
1167	return error;
1168
1169	/*
1170	* Reserve space in the log for the next transaction.
1171	* This also pushes items in the "AIL", the list of logged items,
1172	* out to disk if they are taking up space at the tail of the log
1173	* that we want to use. This requires that either nothing be locked
1174	* across this call, or that anything that is locked be logged in
1175	* the prior and the next transactions.
1176	*/
1177	tres.tr_logflags = XFS_TRANS_PERM_LOG_RES;
1178	return xfs_trans_reserve(tp: *tpp, resp: &tres, blocks: `0`, rtextents: `0`);
1179	}
1180
1181	/*
1182	* Allocate an transaction, lock and join the inode to it, and reserve quota.
1183	*
1184	* The caller must ensure that the on-disk dquots attached to this inode have
1185	* already been allocated and initialized. The caller is responsible for
1186	* releasing ILOCK_EXCL if a new transaction is returned.
1187	*/
1188	int
1189	xfs_trans_alloc_inode(
1190	struct xfs_inode *ip,
1191	struct xfs_trans_res *resv,
1192	unsigned int dblocks,
1193	unsigned int rblocks,
1194	bool force,
1195	struct xfs_trans **tpp)
1196	{
1197	struct xfs_trans *tp;
1198	struct xfs_mount *mp = ip->i_mount;
1199	bool retried = false;
1200	int error;
1201
1202	retry:
1203	error = xfs_trans_alloc(mp, resv, dblocks,
1204	xfs_extlen_to_rtxlen(mp, rblocks),
1205	force ? XFS_TRANS_RESERVE : `0`, &tp);
1206	if (error)
1207	return error;
1208
1209	xfs_ilock(ip, XFS_ILOCK_EXCL);
1210	xfs_trans_ijoin(tp, ip, `0`);
1211
1212	error = xfs_qm_dqattach_locked(ip, doalloc: false);
1213	if (error) {
1214	/ Caller should have allocated the dquots! /
1215	ASSERT(error != -ENOENT);
1216	goto out_cancel;
1217	}
1218
1219	error = xfs_trans_reserve_quota_nblks(tp, ip, dblocks, rblocks, force);
1220	if ((error == -EDQUOT \|\| error == -ENOSPC) && !retried) {
1221	xfs_trans_cancel(tp);
1222	xfs_iunlock(ip, XFS_ILOCK_EXCL);
1223	xfs_blockgc_free_quota(ip, iwalk_flags: `0`);
1224	retried = true;
1225	goto retry;
1226	}
1227	if (error)
1228	goto out_cancel;
1229
1230	*tpp = tp;
1231	return `0`;
1232
1233	out_cancel:
1234	xfs_trans_cancel(tp);
1235	xfs_iunlock(ip, XFS_ILOCK_EXCL);
1236	return error;
1237	}
1238
1239	/*
1240	* Allocate an transaction in preparation for inode creation by reserving quota
1241	* against the given dquots. Callers are not required to hold any inode locks.
1242	*/
1243	int
1244	xfs_trans_alloc_icreate(
1245	struct xfs_mount *mp,
1246	struct xfs_trans_res *resv,
1247	struct xfs_dquot *udqp,
1248	struct xfs_dquot *gdqp,
1249	struct xfs_dquot *pdqp,
1250	unsigned int dblocks,
1251	struct xfs_trans **tpp)
1252	{
1253	struct xfs_trans *tp;
1254	bool retried = false;
1255	int error;
1256
1257	retry:
1258	error = xfs_trans_alloc(mp, resp: resv, blocks: dblocks, rtextents: `0`, flags: `0`, tpp: &tp);
1259	if (error)
1260	return error;
1261
1262	error = xfs_trans_reserve_quota_icreate(tp, udqp, gdqp, pdqp, dblocks);
1263	if ((error == -EDQUOT \|\| error == -ENOSPC) && !retried) {
1264	xfs_trans_cancel(tp);
1265	xfs_blockgc_free_dquots(mp, udqp, gdqp, pdqp, iwalk_flags: `0`);
1266	retried = true;
1267	goto retry;
1268	}
1269	if (error) {
1270	xfs_trans_cancel(tp);
1271	return error;
1272	}
1273
1274	*tpp = tp;
1275	return `0`;
1276	}
1277
1278	/*
1279	* Allocate an transaction, lock and join the inode to it, and reserve quota
1280	* in preparation for inode attribute changes that include uid, gid, or prid
1281	* changes.
1282	*
1283	* The caller must ensure that the on-disk dquots attached to this inode have
1284	* already been allocated and initialized. The ILOCK will be dropped when the
1285	* transaction is committed or cancelled.
1286	*/
1287	int
1288	xfs_trans_alloc_ichange(
1289	struct xfs_inode *ip,
1290	struct xfs_dquot *new_udqp,
1291	struct xfs_dquot *new_gdqp,
1292	struct xfs_dquot *new_pdqp,
1293	bool force,
1294	struct xfs_trans **tpp)
1295	{
1296	struct xfs_trans *tp;
1297	struct xfs_mount *mp = ip->i_mount;
1298	struct xfs_dquot *udqp;
1299	struct xfs_dquot *gdqp;
1300	struct xfs_dquot *pdqp;
1301	bool retried = false;
1302	int error;
1303
1304	retry:
1305	error = xfs_trans_alloc(mp, resp: &M_RES(mp)->tr_ichange, blocks: `0`, rtextents: `0`, flags: `0`, tpp: &tp);
1306	if (error)
1307	return error;
1308
1309	xfs_ilock(ip, XFS_ILOCK_EXCL);
1310	xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1311
1312	error = xfs_qm_dqattach_locked(ip, doalloc: false);
1313	if (error) {
1314	/ Caller should have allocated the dquots! /
1315	ASSERT(error != -ENOENT);
1316	goto out_cancel;
1317	}
1318
1319	/*
1320	* For each quota type, skip quota reservations if the inode's dquots
1321	* now match the ones that came from the caller, or the caller didn't
1322	* pass one in. The inode's dquots can change if we drop the ILOCK to
1323	* perform a blockgc scan, so we must preserve the caller's arguments.
1324	*/
1325	udqp = (new_udqp != ip->i_udquot) ? new_udqp : NULL;
1326	gdqp = (new_gdqp != ip->i_gdquot) ? new_gdqp : NULL;
1327	pdqp = (new_pdqp != ip->i_pdquot) ? new_pdqp : NULL;
1328	if (udqp \|\| gdqp \|\| pdqp) {
1329	unsigned int qflags = XFS_QMOPT_RES_REGBLKS;
1330
1331	if (force)
1332	qflags \|= XFS_QMOPT_FORCE_RES;
1333
1334	/*
1335	* Reserve enough quota to handle blocks on disk and reserved
1336	* for a delayed allocation. We'll actually transfer the
1337	* delalloc reservation between dquots at chown time, even
1338	* though that part is only semi-transactional.
1339	*/
1340	error = xfs_trans_reserve_quota_bydquots(tp, mp, udqp, gdqp,
1341	pdqp, ip->i_nblocks + ip->i_delayed_blks,
1342	`1`, qflags);
1343	if ((error == -EDQUOT \|\| error == -ENOSPC) && !retried) {
1344	xfs_trans_cancel(tp);
1345	xfs_blockgc_free_dquots(mp, udqp, gdqp, pdqp, iwalk_flags: `0`);
1346	retried = true;
1347	goto retry;
1348	}
1349	if (error)
1350	goto out_cancel;
1351	}
1352
1353	*tpp = tp;
1354	return `0`;
1355
1356	out_cancel:
1357	xfs_trans_cancel(tp);
1358	return error;
1359	}
1360
1361	/*
1362	* Allocate an transaction, lock and join the directory and child inodes to it,
1363	* and reserve quota for a directory update. If there isn't sufficient space,
1364	* @dblocks will be set to zero for a reservationless directory update and
1365	* @nospace_error will be set to a negative errno describing the space
1366	* constraint we hit.
1367	*
1368	* The caller must ensure that the on-disk dquots attached to this inode have
1369	* already been allocated and initialized. The ILOCKs will be dropped when the
1370	* transaction is committed or cancelled.
1371	*/
1372	int
1373	xfs_trans_alloc_dir(
1374	struct xfs_inode *dp,
1375	struct xfs_trans_res *resv,
1376	struct xfs_inode *ip,
1377	unsigned int *dblocks,
1378	struct xfs_trans **tpp,
1379	int *nospace_error)
1380	{
1381	struct xfs_trans *tp;
1382	struct xfs_mount *mp = ip->i_mount;
1383	unsigned int resblks;
1384	bool retried = false;
1385	int error;
1386
1387	retry:
1388	*nospace_error = `0`;
1389	resblks = *dblocks;
1390	error = xfs_trans_alloc(mp, resp: resv, blocks: resblks, rtextents: `0`, flags: `0`, tpp: &tp);
1391	if (error == -ENOSPC) {
1392	*nospace_error = error;
1393	resblks = `0`;
1394	error = xfs_trans_alloc(mp, resp: resv, blocks: resblks, rtextents: `0`, flags: `0`, tpp: &tp);
1395	}
1396	if (error)
1397	return error;
1398
1399	xfs_lock_two_inodes(ip0: dp, XFS_ILOCK_EXCL, ip1: ip, XFS_ILOCK_EXCL);
1400
1401	xfs_trans_ijoin(tp, dp, XFS_ILOCK_EXCL);
1402	xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1403
1404	error = xfs_qm_dqattach_locked(ip: dp, doalloc: false);
1405	if (error) {
1406	/ Caller should have allocated the dquots! /
1407	ASSERT(error != -ENOENT);
1408	goto out_cancel;
1409	}
1410
1411	error = xfs_qm_dqattach_locked(ip, doalloc: false);
1412	if (error) {
1413	/ Caller should have allocated the dquots! /
1414	ASSERT(error != -ENOENT);
1415	goto out_cancel;
1416	}
1417
1418	if (resblks == `0`)
1419	goto done;
1420
1421	error = xfs_trans_reserve_quota_nblks(tp, ip: dp, dblocks: resblks, rblocks: `0`, force: false);
1422	if (error == -EDQUOT \|\| error == -ENOSPC) {
1423	if (!retried) {
1424	xfs_trans_cancel(tp);
1425	xfs_blockgc_free_quota(ip: dp, iwalk_flags: `0`);
1426	retried = true;
1427	goto retry;
1428	}
1429
1430	*nospace_error = error;
1431	resblks = `0`;
1432	error = `0`;
1433	}
1434	if (error)
1435	goto out_cancel;
1436
1437	done:
1438	*tpp = tp;
1439	*dblocks = resblks;
1440	return `0`;
1441
1442	out_cancel:
1443	xfs_trans_cancel(tp);
1444	return error;
1445	}
1446

source code of linux/fs/xfs/xfs_trans.c