1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * This file is part of UBIFS.
4  *
5  * Copyright (C) 2006-2008 Nokia Corporation.
6  *
7  * Authors: Adrian Hunter
8  *          Artem Bityutskiy (Битюцкий Артём)
9  */
10 
11 /*
12  * This file implements the budgeting sub-system which is responsible for UBIFS
13  * space management.
14  *
15  * Factors such as compression, wasted space at the ends of LEBs, space in other
16  * journal heads, the effect of updates on the index, and so on, make it
17  * impossible to accurately predict the amount of space needed. Consequently
18  * approximations are used.
19  */
20 
21 #include "ubifs.h"
22 #ifndef __UBOOT__
23 #include <linux/writeback.h>
24 #else
25 #include <linux/err.h>
26 #endif
27 #include <linux/math64.h>
28 
29 /*
30  * When pessimistic budget calculations say that there is no enough space,
31  * UBIFS starts writing back dirty inodes and pages, doing garbage collection,
32  * or committing. The below constant defines maximum number of times UBIFS
33  * repeats the operations.
34  */
35 #define MAX_MKSPC_RETRIES 3
36 
37 /*
38  * The below constant defines amount of dirty pages which should be written
39  * back at when trying to shrink the liability.
40  */
41 #define NR_TO_WRITE 16
42 
43 #ifndef __UBOOT__
44 /**
45  * shrink_liability - write-back some dirty pages/inodes.
46  * @c: UBIFS file-system description object
47  * @nr_to_write: how many dirty pages to write-back
48  *
49  * This function shrinks UBIFS liability by means of writing back some amount
50  * of dirty inodes and their pages.
51  *
52  * Note, this function synchronizes even VFS inodes which are locked
53  * (@i_mutex) by the caller of the budgeting function, because write-back does
54  * not touch @i_mutex.
55  */
shrink_liability(struct ubifs_info * c,int nr_to_write)56 static void shrink_liability(struct ubifs_info *c, int nr_to_write)
57 {
58 	down_read(&c->vfs_sb->s_umount);
59 	writeback_inodes_sb(c->vfs_sb, WB_REASON_FS_FREE_SPACE);
60 	up_read(&c->vfs_sb->s_umount);
61 }
62 
63 /**
64  * run_gc - run garbage collector.
65  * @c: UBIFS file-system description object
66  *
67  * This function runs garbage collector to make some more free space. Returns
68  * zero if a free LEB has been produced, %-EAGAIN if commit is required, and a
69  * negative error code in case of failure.
70  */
run_gc(struct ubifs_info * c)71 static int run_gc(struct ubifs_info *c)
72 {
73 	int err, lnum;
74 
75 	/* Make some free space by garbage-collecting dirty space */
76 	down_read(&c->commit_sem);
77 	lnum = ubifs_garbage_collect(c, 1);
78 	up_read(&c->commit_sem);
79 	if (lnum < 0)
80 		return lnum;
81 
82 	/* GC freed one LEB, return it to lprops */
83 	dbg_budg("GC freed LEB %d", lnum);
84 	err = ubifs_return_leb(c, lnum);
85 	if (err)
86 		return err;
87 	return 0;
88 }
89 
90 /**
91  * get_liability - calculate current liability.
92  * @c: UBIFS file-system description object
93  *
94  * This function calculates and returns current UBIFS liability, i.e. the
95  * amount of bytes UBIFS has "promised" to write to the media.
96  */
get_liability(struct ubifs_info * c)97 static long long get_liability(struct ubifs_info *c)
98 {
99 	long long liab;
100 
101 	spin_lock(&c->space_lock);
102 	liab = c->bi.idx_growth + c->bi.data_growth + c->bi.dd_growth;
103 	spin_unlock(&c->space_lock);
104 	return liab;
105 }
106 
107 /**
108  * make_free_space - make more free space on the file-system.
109  * @c: UBIFS file-system description object
110  *
111  * This function is called when an operation cannot be budgeted because there
112  * is supposedly no free space. But in most cases there is some free space:
113  *   o budgeting is pessimistic, so it always budgets more than it is actually
114  *     needed, so shrinking the liability is one way to make free space - the
115  *     cached data will take less space then it was budgeted for;
116  *   o GC may turn some dark space into free space (budgeting treats dark space
117  *     as not available);
118  *   o commit may free some LEB, i.e., turn freeable LEBs into free LEBs.
119  *
120  * So this function tries to do the above. Returns %-EAGAIN if some free space
121  * was presumably made and the caller has to re-try budgeting the operation.
122  * Returns %-ENOSPC if it couldn't do more free space, and other negative error
123  * codes on failures.
124  */
make_free_space(struct ubifs_info * c)125 static int make_free_space(struct ubifs_info *c)
126 {
127 	int err, retries = 0;
128 	long long liab1, liab2;
129 
130 	do {
131 		liab1 = get_liability(c);
132 		/*
133 		 * We probably have some dirty pages or inodes (liability), try
134 		 * to write them back.
135 		 */
136 		dbg_budg("liability %lld, run write-back", liab1);
137 		shrink_liability(c, NR_TO_WRITE);
138 
139 		liab2 = get_liability(c);
140 		if (liab2 < liab1)
141 			return -EAGAIN;
142 
143 		dbg_budg("new liability %lld (not shrunk)", liab2);
144 
145 		/* Liability did not shrink again, try GC */
146 		dbg_budg("Run GC");
147 		err = run_gc(c);
148 		if (!err)
149 			return -EAGAIN;
150 
151 		if (err != -EAGAIN && err != -ENOSPC)
152 			/* Some real error happened */
153 			return err;
154 
155 		dbg_budg("Run commit (retries %d)", retries);
156 		err = ubifs_run_commit(c);
157 		if (err)
158 			return err;
159 	} while (retries++ < MAX_MKSPC_RETRIES);
160 
161 	return -ENOSPC;
162 }
163 #endif
164 
165 /**
166  * ubifs_calc_min_idx_lebs - calculate amount of LEBs for the index.
167  * @c: UBIFS file-system description object
168  *
169  * This function calculates and returns the number of LEBs which should be kept
170  * for index usage.
171  */
ubifs_calc_min_idx_lebs(struct ubifs_info * c)172 int ubifs_calc_min_idx_lebs(struct ubifs_info *c)
173 {
174 	int idx_lebs;
175 	long long idx_size;
176 
177 	idx_size = c->bi.old_idx_sz + c->bi.idx_growth + c->bi.uncommitted_idx;
178 	/* And make sure we have thrice the index size of space reserved */
179 	idx_size += idx_size << 1;
180 	/*
181 	 * We do not maintain 'old_idx_size' as 'old_idx_lebs'/'old_idx_bytes'
182 	 * pair, nor similarly the two variables for the new index size, so we
183 	 * have to do this costly 64-bit division on fast-path.
184 	 */
185 	idx_lebs = div_u64(idx_size + c->idx_leb_size - 1, c->idx_leb_size);
186 	/*
187 	 * The index head is not available for the in-the-gaps method, so add an
188 	 * extra LEB to compensate.
189 	 */
190 	idx_lebs += 1;
191 	if (idx_lebs < MIN_INDEX_LEBS)
192 		idx_lebs = MIN_INDEX_LEBS;
193 	return idx_lebs;
194 }
195 
196 #ifndef __UBOOT__
197 /**
198  * ubifs_calc_available - calculate available FS space.
199  * @c: UBIFS file-system description object
200  * @min_idx_lebs: minimum number of LEBs reserved for the index
201  *
202  * This function calculates and returns amount of FS space available for use.
203  */
ubifs_calc_available(const struct ubifs_info * c,int min_idx_lebs)204 long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
205 {
206 	int subtract_lebs;
207 	long long available;
208 
209 	available = c->main_bytes - c->lst.total_used;
210 
211 	/*
212 	 * Now 'available' contains theoretically available flash space
213 	 * assuming there is no index, so we have to subtract the space which
214 	 * is reserved for the index.
215 	 */
216 	subtract_lebs = min_idx_lebs;
217 
218 	/* Take into account that GC reserves one LEB for its own needs */
219 	subtract_lebs += 1;
220 
221 	/*
222 	 * The GC journal head LEB is not really accessible. And since
223 	 * different write types go to different heads, we may count only on
224 	 * one head's space.
225 	 */
226 	subtract_lebs += c->jhead_cnt - 1;
227 
228 	/* We also reserve one LEB for deletions, which bypass budgeting */
229 	subtract_lebs += 1;
230 
231 	available -= (long long)subtract_lebs * c->leb_size;
232 
233 	/* Subtract the dead space which is not available for use */
234 	available -= c->lst.total_dead;
235 
236 	/*
237 	 * Subtract dark space, which might or might not be usable - it depends
238 	 * on the data which we have on the media and which will be written. If
239 	 * this is a lot of uncompressed or not-compressible data, the dark
240 	 * space cannot be used.
241 	 */
242 	available -= c->lst.total_dark;
243 
244 	/*
245 	 * However, there is more dark space. The index may be bigger than
246 	 * @min_idx_lebs. Those extra LEBs are assumed to be available, but
247 	 * their dark space is not included in total_dark, so it is subtracted
248 	 * here.
249 	 */
250 	if (c->lst.idx_lebs > min_idx_lebs) {
251 		subtract_lebs = c->lst.idx_lebs - min_idx_lebs;
252 		available -= subtract_lebs * c->dark_wm;
253 	}
254 
255 	/* The calculations are rough and may end up with a negative number */
256 	return available > 0 ? available : 0;
257 }
258 
259 /**
260  * can_use_rp - check whether the user is allowed to use reserved pool.
261  * @c: UBIFS file-system description object
262  *
263  * UBIFS has so-called "reserved pool" which is flash space reserved
264  * for the superuser and for uses whose UID/GID is recorded in UBIFS superblock.
265  * This function checks whether current user is allowed to use reserved pool.
266  * Returns %1  current user is allowed to use reserved pool and %0 otherwise.
267  */
can_use_rp(struct ubifs_info * c)268 static int can_use_rp(struct ubifs_info *c)
269 {
270 	if (uid_eq(current_fsuid(), c->rp_uid) || capable(CAP_SYS_RESOURCE) ||
271 	    (!gid_eq(c->rp_gid, GLOBAL_ROOT_GID) && in_group_p(c->rp_gid)))
272 		return 1;
273 	return 0;
274 }
275 
276 /**
277  * do_budget_space - reserve flash space for index and data growth.
278  * @c: UBIFS file-system description object
279  *
280  * This function makes sure UBIFS has enough free LEBs for index growth and
281  * data.
282  *
283  * When budgeting index space, UBIFS reserves thrice as many LEBs as the index
284  * would take if it was consolidated and written to the flash. This guarantees
285  * that the "in-the-gaps" commit method always succeeds and UBIFS will always
286  * be able to commit dirty index. So this function basically adds amount of
287  * budgeted index space to the size of the current index, multiplies this by 3,
288  * and makes sure this does not exceed the amount of free LEBs.
289  *
290  * Notes about @c->bi.min_idx_lebs and @c->lst.idx_lebs variables:
291  * o @c->lst.idx_lebs is the number of LEBs the index currently uses. It might
292  *    be large, because UBIFS does not do any index consolidation as long as
293  *    there is free space. IOW, the index may take a lot of LEBs, but the LEBs
294  *    will contain a lot of dirt.
295  * o @c->bi.min_idx_lebs is the number of LEBS the index presumably takes. IOW,
296  *    the index may be consolidated to take up to @c->bi.min_idx_lebs LEBs.
297  *
298  * This function returns zero in case of success, and %-ENOSPC in case of
299  * failure.
300  */
do_budget_space(struct ubifs_info * c)301 static int do_budget_space(struct ubifs_info *c)
302 {
303 	long long outstanding, available;
304 	int lebs, rsvd_idx_lebs, min_idx_lebs;
305 
306 	/* First budget index space */
307 	min_idx_lebs = ubifs_calc_min_idx_lebs(c);
308 
309 	/* Now 'min_idx_lebs' contains number of LEBs to reserve */
310 	if (min_idx_lebs > c->lst.idx_lebs)
311 		rsvd_idx_lebs = min_idx_lebs - c->lst.idx_lebs;
312 	else
313 		rsvd_idx_lebs = 0;
314 
315 	/*
316 	 * The number of LEBs that are available to be used by the index is:
317 	 *
318 	 *    @c->lst.empty_lebs + @c->freeable_cnt + @c->idx_gc_cnt -
319 	 *    @c->lst.taken_empty_lebs
320 	 *
321 	 * @c->lst.empty_lebs are available because they are empty.
322 	 * @c->freeable_cnt are available because they contain only free and
323 	 * dirty space, @c->idx_gc_cnt are available because they are index
324 	 * LEBs that have been garbage collected and are awaiting the commit
325 	 * before they can be used. And the in-the-gaps method will grab these
326 	 * if it needs them. @c->lst.taken_empty_lebs are empty LEBs that have
327 	 * already been allocated for some purpose.
328 	 *
329 	 * Note, @c->idx_gc_cnt is included to both @c->lst.empty_lebs (because
330 	 * these LEBs are empty) and to @c->lst.taken_empty_lebs (because they
331 	 * are taken until after the commit).
332 	 *
333 	 * Note, @c->lst.taken_empty_lebs may temporarily be higher by one
334 	 * because of the way we serialize LEB allocations and budgeting. See a
335 	 * comment in 'ubifs_find_free_space()'.
336 	 */
337 	lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
338 	       c->lst.taken_empty_lebs;
339 	if (unlikely(rsvd_idx_lebs > lebs)) {
340 		dbg_budg("out of indexing space: min_idx_lebs %d (old %d), rsvd_idx_lebs %d",
341 			 min_idx_lebs, c->bi.min_idx_lebs, rsvd_idx_lebs);
342 		return -ENOSPC;
343 	}
344 
345 	available = ubifs_calc_available(c, min_idx_lebs);
346 	outstanding = c->bi.data_growth + c->bi.dd_growth;
347 
348 	if (unlikely(available < outstanding)) {
349 		dbg_budg("out of data space: available %lld, outstanding %lld",
350 			 available, outstanding);
351 		return -ENOSPC;
352 	}
353 
354 	if (available - outstanding <= c->rp_size && !can_use_rp(c))
355 		return -ENOSPC;
356 
357 	c->bi.min_idx_lebs = min_idx_lebs;
358 	return 0;
359 }
360 
361 /**
362  * calc_idx_growth - calculate approximate index growth from budgeting request.
363  * @c: UBIFS file-system description object
364  * @req: budgeting request
365  *
366  * For now we assume each new node adds one znode. But this is rather poor
367  * approximation, though.
368  */
calc_idx_growth(const struct ubifs_info * c,const struct ubifs_budget_req * req)369 static int calc_idx_growth(const struct ubifs_info *c,
370 			   const struct ubifs_budget_req *req)
371 {
372 	int znodes;
373 
374 	znodes = req->new_ino + (req->new_page << UBIFS_BLOCKS_PER_PAGE_SHIFT) +
375 		 req->new_dent;
376 	return znodes * c->max_idx_node_sz;
377 }
378 
379 /**
380  * calc_data_growth - calculate approximate amount of new data from budgeting
381  * request.
382  * @c: UBIFS file-system description object
383  * @req: budgeting request
384  */
calc_data_growth(const struct ubifs_info * c,const struct ubifs_budget_req * req)385 static int calc_data_growth(const struct ubifs_info *c,
386 			    const struct ubifs_budget_req *req)
387 {
388 	int data_growth;
389 
390 	data_growth = req->new_ino  ? c->bi.inode_budget : 0;
391 	if (req->new_page)
392 		data_growth += c->bi.page_budget;
393 	if (req->new_dent)
394 		data_growth += c->bi.dent_budget;
395 	data_growth += req->new_ino_d;
396 	return data_growth;
397 }
398 
399 /**
400  * calc_dd_growth - calculate approximate amount of data which makes other data
401  * dirty from budgeting request.
402  * @c: UBIFS file-system description object
403  * @req: budgeting request
404  */
calc_dd_growth(const struct ubifs_info * c,const struct ubifs_budget_req * req)405 static int calc_dd_growth(const struct ubifs_info *c,
406 			  const struct ubifs_budget_req *req)
407 {
408 	int dd_growth;
409 
410 	dd_growth = req->dirtied_page ? c->bi.page_budget : 0;
411 
412 	if (req->dirtied_ino)
413 		dd_growth += c->bi.inode_budget << (req->dirtied_ino - 1);
414 	if (req->mod_dent)
415 		dd_growth += c->bi.dent_budget;
416 	dd_growth += req->dirtied_ino_d;
417 	return dd_growth;
418 }
419 
420 /**
421  * ubifs_budget_space - ensure there is enough space to complete an operation.
422  * @c: UBIFS file-system description object
423  * @req: budget request
424  *
425  * This function allocates budget for an operation. It uses pessimistic
426  * approximation of how much flash space the operation needs. The goal of this
427  * function is to make sure UBIFS always has flash space to flush all dirty
428  * pages, dirty inodes, and dirty znodes (liability). This function may force
429  * commit, garbage-collection or write-back. Returns zero in case of success,
430  * %-ENOSPC if there is no free space and other negative error codes in case of
431  * failures.
432  */
ubifs_budget_space(struct ubifs_info * c,struct ubifs_budget_req * req)433 int ubifs_budget_space(struct ubifs_info *c, struct ubifs_budget_req *req)
434 {
435 	int err, idx_growth, data_growth, dd_growth, retried = 0;
436 
437 	ubifs_assert(req->new_page <= 1);
438 	ubifs_assert(req->dirtied_page <= 1);
439 	ubifs_assert(req->new_dent <= 1);
440 	ubifs_assert(req->mod_dent <= 1);
441 	ubifs_assert(req->new_ino <= 1);
442 	ubifs_assert(req->new_ino_d <= UBIFS_MAX_INO_DATA);
443 	ubifs_assert(req->dirtied_ino <= 4);
444 	ubifs_assert(req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
445 	ubifs_assert(!(req->new_ino_d & 7));
446 	ubifs_assert(!(req->dirtied_ino_d & 7));
447 
448 	data_growth = calc_data_growth(c, req);
449 	dd_growth = calc_dd_growth(c, req);
450 	if (!data_growth && !dd_growth)
451 		return 0;
452 	idx_growth = calc_idx_growth(c, req);
453 
454 again:
455 	spin_lock(&c->space_lock);
456 	ubifs_assert(c->bi.idx_growth >= 0);
457 	ubifs_assert(c->bi.data_growth >= 0);
458 	ubifs_assert(c->bi.dd_growth >= 0);
459 
460 	if (unlikely(c->bi.nospace) && (c->bi.nospace_rp || !can_use_rp(c))) {
461 		dbg_budg("no space");
462 		spin_unlock(&c->space_lock);
463 		return -ENOSPC;
464 	}
465 
466 	c->bi.idx_growth += idx_growth;
467 	c->bi.data_growth += data_growth;
468 	c->bi.dd_growth += dd_growth;
469 
470 	err = do_budget_space(c);
471 	if (likely(!err)) {
472 		req->idx_growth = idx_growth;
473 		req->data_growth = data_growth;
474 		req->dd_growth = dd_growth;
475 		spin_unlock(&c->space_lock);
476 		return 0;
477 	}
478 
479 	/* Restore the old values */
480 	c->bi.idx_growth -= idx_growth;
481 	c->bi.data_growth -= data_growth;
482 	c->bi.dd_growth -= dd_growth;
483 	spin_unlock(&c->space_lock);
484 
485 	if (req->fast) {
486 		dbg_budg("no space for fast budgeting");
487 		return err;
488 	}
489 
490 	err = make_free_space(c);
491 	cond_resched();
492 	if (err == -EAGAIN) {
493 		dbg_budg("try again");
494 		goto again;
495 	} else if (err == -ENOSPC) {
496 		if (!retried) {
497 			retried = 1;
498 			dbg_budg("-ENOSPC, but anyway try once again");
499 			goto again;
500 		}
501 		dbg_budg("FS is full, -ENOSPC");
502 		c->bi.nospace = 1;
503 		if (can_use_rp(c) || c->rp_size == 0)
504 			c->bi.nospace_rp = 1;
505 		smp_wmb();
506 	} else
507 		ubifs_err(c, "cannot budget space, error %d", err);
508 	return err;
509 }
510 
511 /**
512  * ubifs_release_budget - release budgeted free space.
513  * @c: UBIFS file-system description object
514  * @req: budget request
515  *
516  * This function releases the space budgeted by 'ubifs_budget_space()'. Note,
517  * since the index changes (which were budgeted for in @req->idx_growth) will
518  * only be written to the media on commit, this function moves the index budget
519  * from @c->bi.idx_growth to @c->bi.uncommitted_idx. The latter will be zeroed
520  * by the commit operation.
521  */
ubifs_release_budget(struct ubifs_info * c,struct ubifs_budget_req * req)522 void ubifs_release_budget(struct ubifs_info *c, struct ubifs_budget_req *req)
523 {
524 	ubifs_assert(req->new_page <= 1);
525 	ubifs_assert(req->dirtied_page <= 1);
526 	ubifs_assert(req->new_dent <= 1);
527 	ubifs_assert(req->mod_dent <= 1);
528 	ubifs_assert(req->new_ino <= 1);
529 	ubifs_assert(req->new_ino_d <= UBIFS_MAX_INO_DATA);
530 	ubifs_assert(req->dirtied_ino <= 4);
531 	ubifs_assert(req->dirtied_ino_d <= UBIFS_MAX_INO_DATA * 4);
532 	ubifs_assert(!(req->new_ino_d & 7));
533 	ubifs_assert(!(req->dirtied_ino_d & 7));
534 	if (!req->recalculate) {
535 		ubifs_assert(req->idx_growth >= 0);
536 		ubifs_assert(req->data_growth >= 0);
537 		ubifs_assert(req->dd_growth >= 0);
538 	}
539 
540 	if (req->recalculate) {
541 		req->data_growth = calc_data_growth(c, req);
542 		req->dd_growth = calc_dd_growth(c, req);
543 		req->idx_growth = calc_idx_growth(c, req);
544 	}
545 
546 	if (!req->data_growth && !req->dd_growth)
547 		return;
548 
549 	c->bi.nospace = c->bi.nospace_rp = 0;
550 	smp_wmb();
551 
552 	spin_lock(&c->space_lock);
553 	c->bi.idx_growth -= req->idx_growth;
554 	c->bi.uncommitted_idx += req->idx_growth;
555 	c->bi.data_growth -= req->data_growth;
556 	c->bi.dd_growth -= req->dd_growth;
557 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
558 
559 	ubifs_assert(c->bi.idx_growth >= 0);
560 	ubifs_assert(c->bi.data_growth >= 0);
561 	ubifs_assert(c->bi.dd_growth >= 0);
562 	ubifs_assert(c->bi.min_idx_lebs < c->main_lebs);
563 	ubifs_assert(!(c->bi.idx_growth & 7));
564 	ubifs_assert(!(c->bi.data_growth & 7));
565 	ubifs_assert(!(c->bi.dd_growth & 7));
566 	spin_unlock(&c->space_lock);
567 }
568 
569 /**
570  * ubifs_convert_page_budget - convert budget of a new page.
571  * @c: UBIFS file-system description object
572  *
573  * This function converts budget which was allocated for a new page of data to
574  * the budget of changing an existing page of data. The latter is smaller than
575  * the former, so this function only does simple re-calculation and does not
576  * involve any write-back.
577  */
ubifs_convert_page_budget(struct ubifs_info * c)578 void ubifs_convert_page_budget(struct ubifs_info *c)
579 {
580 	spin_lock(&c->space_lock);
581 	/* Release the index growth reservation */
582 	c->bi.idx_growth -= c->max_idx_node_sz << UBIFS_BLOCKS_PER_PAGE_SHIFT;
583 	/* Release the data growth reservation */
584 	c->bi.data_growth -= c->bi.page_budget;
585 	/* Increase the dirty data growth reservation instead */
586 	c->bi.dd_growth += c->bi.page_budget;
587 	/* And re-calculate the indexing space reservation */
588 	c->bi.min_idx_lebs = ubifs_calc_min_idx_lebs(c);
589 	spin_unlock(&c->space_lock);
590 }
591 
592 /**
593  * ubifs_release_dirty_inode_budget - release dirty inode budget.
594  * @c: UBIFS file-system description object
595  * @ui: UBIFS inode to release the budget for
596  *
597  * This function releases budget corresponding to a dirty inode. It is usually
598  * called when after the inode has been written to the media and marked as
599  * clean. It also causes the "no space" flags to be cleared.
600  */
ubifs_release_dirty_inode_budget(struct ubifs_info * c,struct ubifs_inode * ui)601 void ubifs_release_dirty_inode_budget(struct ubifs_info *c,
602 				      struct ubifs_inode *ui)
603 {
604 	struct ubifs_budget_req req;
605 
606 	memset(&req, 0, sizeof(struct ubifs_budget_req));
607 	/* The "no space" flags will be cleared because dd_growth is > 0 */
608 	req.dd_growth = c->bi.inode_budget + ALIGN(ui->data_len, 8);
609 	ubifs_release_budget(c, &req);
610 }
611 #endif
612 
613 /**
614  * ubifs_reported_space - calculate reported free space.
615  * @c: the UBIFS file-system description object
616  * @free: amount of free space
617  *
618  * This function calculates amount of free space which will be reported to
619  * user-space. User-space application tend to expect that if the file-system
620  * (e.g., via the 'statfs()' call) reports that it has N bytes available, they
621  * are able to write a file of size N. UBIFS attaches node headers to each data
622  * node and it has to write indexing nodes as well. This introduces additional
623  * overhead, and UBIFS has to report slightly less free space to meet the above
624  * expectations.
625  *
626  * This function assumes free space is made up of uncompressed data nodes and
627  * full index nodes (one per data node, tripled because we always allow enough
628  * space to write the index thrice).
629  *
630  * Note, the calculation is pessimistic, which means that most of the time
631  * UBIFS reports less space than it actually has.
632  */
ubifs_reported_space(const struct ubifs_info * c,long long free)633 long long ubifs_reported_space(const struct ubifs_info *c, long long free)
634 {
635 	int divisor, factor, f;
636 
637 	/*
638 	 * Reported space size is @free * X, where X is UBIFS block size
639 	 * divided by UBIFS block size + all overhead one data block
640 	 * introduces. The overhead is the node header + indexing overhead.
641 	 *
642 	 * Indexing overhead calculations are based on the following formula:
643 	 * I = N/(f - 1) + 1, where I - number of indexing nodes, N - number
644 	 * of data nodes, f - fanout. Because effective UBIFS fanout is twice
645 	 * as less than maximum fanout, we assume that each data node
646 	 * introduces 3 * @c->max_idx_node_sz / (@c->fanout/2 - 1) bytes.
647 	 * Note, the multiplier 3 is because UBIFS reserves thrice as more space
648 	 * for the index.
649 	 */
650 	f = c->fanout > 3 ? c->fanout >> 1 : 2;
651 	factor = UBIFS_BLOCK_SIZE;
652 	divisor = UBIFS_MAX_DATA_NODE_SZ;
653 	divisor += (c->max_idx_node_sz * 3) / (f - 1);
654 	free *= factor;
655 	return div_u64(free, divisor);
656 }
657 
658 #ifndef __UBOOT__
659 /**
660  * ubifs_get_free_space_nolock - return amount of free space.
661  * @c: UBIFS file-system description object
662  *
663  * This function calculates amount of free space to report to user-space.
664  *
665  * Because UBIFS may introduce substantial overhead (the index, node headers,
666  * alignment, wastage at the end of LEBs, etc), it cannot report real amount of
667  * free flash space it has (well, because not all dirty space is reclaimable,
668  * UBIFS does not actually know the real amount). If UBIFS did so, it would
669  * bread user expectations about what free space is. Users seem to accustomed
670  * to assume that if the file-system reports N bytes of free space, they would
671  * be able to fit a file of N bytes to the FS. This almost works for
672  * traditional file-systems, because they have way less overhead than UBIFS.
673  * So, to keep users happy, UBIFS tries to take the overhead into account.
674  */
ubifs_get_free_space_nolock(struct ubifs_info * c)675 long long ubifs_get_free_space_nolock(struct ubifs_info *c)
676 {
677 	int rsvd_idx_lebs, lebs;
678 	long long available, outstanding, free;
679 
680 	ubifs_assert(c->bi.min_idx_lebs == ubifs_calc_min_idx_lebs(c));
681 	outstanding = c->bi.data_growth + c->bi.dd_growth;
682 	available = ubifs_calc_available(c, c->bi.min_idx_lebs);
683 
684 	/*
685 	 * When reporting free space to user-space, UBIFS guarantees that it is
686 	 * possible to write a file of free space size. This means that for
687 	 * empty LEBs we may use more precise calculations than
688 	 * 'ubifs_calc_available()' is using. Namely, we know that in empty
689 	 * LEBs we would waste only @c->leb_overhead bytes, not @c->dark_wm.
690 	 * Thus, amend the available space.
691 	 *
692 	 * Note, the calculations below are similar to what we have in
693 	 * 'do_budget_space()', so refer there for comments.
694 	 */
695 	if (c->bi.min_idx_lebs > c->lst.idx_lebs)
696 		rsvd_idx_lebs = c->bi.min_idx_lebs - c->lst.idx_lebs;
697 	else
698 		rsvd_idx_lebs = 0;
699 	lebs = c->lst.empty_lebs + c->freeable_cnt + c->idx_gc_cnt -
700 	       c->lst.taken_empty_lebs;
701 	lebs -= rsvd_idx_lebs;
702 	available += lebs * (c->dark_wm - c->leb_overhead);
703 
704 	if (available > outstanding)
705 		free = ubifs_reported_space(c, available - outstanding);
706 	else
707 		free = 0;
708 	return free;
709 }
710 
711 /**
712  * ubifs_get_free_space - return amount of free space.
713  * @c: UBIFS file-system description object
714  *
715  * This function calculates and returns amount of free space to report to
716  * user-space.
717  */
ubifs_get_free_space(struct ubifs_info * c)718 long long ubifs_get_free_space(struct ubifs_info *c)
719 {
720 	long long free;
721 
722 	spin_lock(&c->space_lock);
723 	free = ubifs_get_free_space_nolock(c);
724 	spin_unlock(&c->space_lock);
725 
726 	return free;
727 }
728 #endif
729