Loading...
Note: File does not exist in v3.5.6.
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2017 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_trans_resv.h"
11#include "xfs_mount.h"
12#include "xfs_log_format.h"
13#include "xfs_inode.h"
14#include "xfs_da_format.h"
15#include "xfs_da_btree.h"
16#include "xfs_attr.h"
17#include "xfs_attr_leaf.h"
18#include "scrub/scrub.h"
19#include "scrub/common.h"
20#include "scrub/dabtree.h"
21#include "scrub/attr.h"
22
23/*
24 * Allocate enough memory to hold an attr value and attr block bitmaps,
25 * reallocating the buffer if necessary. Buffer contents are not preserved
26 * across a reallocation.
27 */
28int
29xchk_setup_xattr_buf(
30 struct xfs_scrub *sc,
31 size_t value_size,
32 xfs_km_flags_t flags)
33{
34 size_t sz;
35 struct xchk_xattr_buf *ab = sc->buf;
36
37 /*
38 * We need enough space to read an xattr value from the file or enough
39 * space to hold three copies of the xattr free space bitmap. We don't
40 * need the buffer space for both purposes at the same time.
41 */
42 sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
43 sz = max_t(size_t, sz, value_size);
44
45 /*
46 * If there's already a buffer, figure out if we need to reallocate it
47 * to accommodate a larger size.
48 */
49 if (ab) {
50 if (sz <= ab->sz)
51 return 0;
52 kmem_free(ab);
53 sc->buf = NULL;
54 }
55
56 /*
57 * Don't zero the buffer upon allocation to avoid runtime overhead.
58 * All users must be careful never to read uninitialized contents.
59 */
60 ab = kmem_alloc_large(sizeof(*ab) + sz, flags);
61 if (!ab)
62 return -ENOMEM;
63
64 ab->sz = sz;
65 sc->buf = ab;
66 return 0;
67}
68
69/* Set us up to scrub an inode's extended attributes. */
70int
71xchk_setup_xattr(
72 struct xfs_scrub *sc,
73 struct xfs_inode *ip)
74{
75 int error;
76
77 /*
78 * We failed to get memory while checking attrs, so this time try to
79 * get all the memory we're ever going to need. Allocate the buffer
80 * without the inode lock held, which means we can sleep.
81 */
82 if (sc->flags & XCHK_TRY_HARDER) {
83 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, 0);
84 if (error)
85 return error;
86 }
87
88 return xchk_setup_inode_contents(sc, ip, 0);
89}
90
91/* Extended Attributes */
92
93struct xchk_xattr {
94 struct xfs_attr_list_context context;
95 struct xfs_scrub *sc;
96};
97
98/*
99 * Check that an extended attribute key can be looked up by hash.
100 *
101 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked)
102 * to call this function for every attribute key in an inode. Once
103 * we're here, we load the attribute value to see if any errors happen,
104 * or if we get more or less data than we expected.
105 */
106static void
107xchk_xattr_listent(
108 struct xfs_attr_list_context *context,
109 int flags,
110 unsigned char *name,
111 int namelen,
112 int valuelen)
113{
114 struct xchk_xattr *sx;
115 struct xfs_da_args args = { NULL };
116 int error = 0;
117
118 sx = container_of(context, struct xchk_xattr, context);
119
120 if (xchk_should_terminate(sx->sc, &error)) {
121 context->seen_enough = error;
122 return;
123 }
124
125 if (flags & XFS_ATTR_INCOMPLETE) {
126 /* Incomplete attr key, just mark the inode for preening. */
127 xchk_ino_set_preen(sx->sc, context->dp->i_ino);
128 return;
129 }
130
131 /* Does this name make sense? */
132 if (!xfs_attr_namecheck(name, namelen)) {
133 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
134 return;
135 }
136
137 /*
138 * Try to allocate enough memory to extrat the attr value. If that
139 * doesn't work, we overload the seen_enough variable to convey
140 * the error message back to the main scrub function.
141 */
142 error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL);
143 if (error == -ENOMEM)
144 error = -EDEADLOCK;
145 if (error) {
146 context->seen_enough = error;
147 return;
148 }
149
150 args.flags = ATTR_KERNOTIME;
151 if (flags & XFS_ATTR_ROOT)
152 args.flags |= ATTR_ROOT;
153 else if (flags & XFS_ATTR_SECURE)
154 args.flags |= ATTR_SECURE;
155 args.geo = context->dp->i_mount->m_attr_geo;
156 args.whichfork = XFS_ATTR_FORK;
157 args.dp = context->dp;
158 args.name = name;
159 args.namelen = namelen;
160 args.hashval = xfs_da_hashname(args.name, args.namelen);
161 args.trans = context->tp;
162 args.value = xchk_xattr_valuebuf(sx->sc);
163 args.valuelen = valuelen;
164
165 error = xfs_attr_get_ilocked(context->dp, &args);
166 if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno,
167 &error))
168 goto fail_xref;
169 if (args.valuelen != valuelen)
170 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK,
171 args.blkno);
172fail_xref:
173 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
174 context->seen_enough = 1;
175 return;
176}
177
178/*
179 * Mark a range [start, start+len) in this map. Returns true if the
180 * region was free, and false if there's a conflict or a problem.
181 *
182 * Within a char, the lowest bit of the char represents the byte with
183 * the smallest address
184 */
185STATIC bool
186xchk_xattr_set_map(
187 struct xfs_scrub *sc,
188 unsigned long *map,
189 unsigned int start,
190 unsigned int len)
191{
192 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
193 bool ret = true;
194
195 if (start >= mapsize)
196 return false;
197 if (start + len > mapsize) {
198 len = mapsize - start;
199 ret = false;
200 }
201
202 if (find_next_bit(map, mapsize, start) < start + len)
203 ret = false;
204 bitmap_set(map, start, len);
205
206 return ret;
207}
208
209/*
210 * Check the leaf freemap from the usage bitmap. Returns false if the
211 * attr freemap has problems or points to used space.
212 */
213STATIC bool
214xchk_xattr_check_freemap(
215 struct xfs_scrub *sc,
216 unsigned long *map,
217 struct xfs_attr3_icleaf_hdr *leafhdr)
218{
219 unsigned long *freemap = xchk_xattr_freemap(sc);
220 unsigned long *dstmap = xchk_xattr_dstmap(sc);
221 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
222 int i;
223
224 /* Construct bitmap of freemap contents. */
225 bitmap_zero(freemap, mapsize);
226 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
227 if (!xchk_xattr_set_map(sc, freemap,
228 leafhdr->freemap[i].base,
229 leafhdr->freemap[i].size))
230 return false;
231 }
232
233 /* Look for bits that are set in freemap and are marked in use. */
234 return bitmap_and(dstmap, freemap, map, mapsize) == 0;
235}
236
237/*
238 * Check this leaf entry's relations to everything else.
239 * Returns the number of bytes used for the name/value data.
240 */
241STATIC void
242xchk_xattr_entry(
243 struct xchk_da_btree *ds,
244 int level,
245 char *buf_end,
246 struct xfs_attr_leafblock *leaf,
247 struct xfs_attr3_icleaf_hdr *leafhdr,
248 struct xfs_attr_leaf_entry *ent,
249 int idx,
250 unsigned int *usedbytes,
251 __u32 *last_hashval)
252{
253 struct xfs_mount *mp = ds->state->mp;
254 unsigned long *usedmap = xchk_xattr_usedmap(ds->sc);
255 char *name_end;
256 struct xfs_attr_leaf_name_local *lentry;
257 struct xfs_attr_leaf_name_remote *rentry;
258 unsigned int nameidx;
259 unsigned int namesize;
260
261 if (ent->pad2 != 0)
262 xchk_da_set_corrupt(ds, level);
263
264 /* Hash values in order? */
265 if (be32_to_cpu(ent->hashval) < *last_hashval)
266 xchk_da_set_corrupt(ds, level);
267 *last_hashval = be32_to_cpu(ent->hashval);
268
269 nameidx = be16_to_cpu(ent->nameidx);
270 if (nameidx < leafhdr->firstused ||
271 nameidx >= mp->m_attr_geo->blksize) {
272 xchk_da_set_corrupt(ds, level);
273 return;
274 }
275
276 /* Check the name information. */
277 if (ent->flags & XFS_ATTR_LOCAL) {
278 lentry = xfs_attr3_leaf_name_local(leaf, idx);
279 namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
280 be16_to_cpu(lentry->valuelen));
281 name_end = (char *)lentry + namesize;
282 if (lentry->namelen == 0)
283 xchk_da_set_corrupt(ds, level);
284 } else {
285 rentry = xfs_attr3_leaf_name_remote(leaf, idx);
286 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
287 name_end = (char *)rentry + namesize;
288 if (rentry->namelen == 0 || rentry->valueblk == 0)
289 xchk_da_set_corrupt(ds, level);
290 }
291 if (name_end > buf_end)
292 xchk_da_set_corrupt(ds, level);
293
294 if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize))
295 xchk_da_set_corrupt(ds, level);
296 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
297 *usedbytes += namesize;
298}
299
300/* Scrub an attribute leaf. */
301STATIC int
302xchk_xattr_block(
303 struct xchk_da_btree *ds,
304 int level)
305{
306 struct xfs_attr3_icleaf_hdr leafhdr;
307 struct xfs_mount *mp = ds->state->mp;
308 struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
309 struct xfs_buf *bp = blk->bp;
310 xfs_dablk_t *last_checked = ds->private;
311 struct xfs_attr_leafblock *leaf = bp->b_addr;
312 struct xfs_attr_leaf_entry *ent;
313 struct xfs_attr_leaf_entry *entries;
314 unsigned long *usedmap;
315 char *buf_end;
316 size_t off;
317 __u32 last_hashval = 0;
318 unsigned int usedbytes = 0;
319 unsigned int hdrsize;
320 int i;
321 int error;
322
323 if (*last_checked == blk->blkno)
324 return 0;
325
326 /* Allocate memory for block usage checking. */
327 error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL);
328 if (error == -ENOMEM)
329 return -EDEADLOCK;
330 if (error)
331 return error;
332 usedmap = xchk_xattr_usedmap(ds->sc);
333
334 *last_checked = blk->blkno;
335 bitmap_zero(usedmap, mp->m_attr_geo->blksize);
336
337 /* Check all the padding. */
338 if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) {
339 struct xfs_attr3_leafblock *leaf = bp->b_addr;
340
341 if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 ||
342 leaf->hdr.info.hdr.pad != 0)
343 xchk_da_set_corrupt(ds, level);
344 } else {
345 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
346 xchk_da_set_corrupt(ds, level);
347 }
348
349 /* Check the leaf header */
350 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
351 hdrsize = xfs_attr3_leaf_hdr_size(leaf);
352
353 if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
354 xchk_da_set_corrupt(ds, level);
355 if (leafhdr.firstused > mp->m_attr_geo->blksize)
356 xchk_da_set_corrupt(ds, level);
357 if (leafhdr.firstused < hdrsize)
358 xchk_da_set_corrupt(ds, level);
359 if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize))
360 xchk_da_set_corrupt(ds, level);
361
362 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
363 goto out;
364
365 entries = xfs_attr3_leaf_entryp(leaf);
366 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
367 xchk_da_set_corrupt(ds, level);
368
369 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
370 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
371 /* Mark the leaf entry itself. */
372 off = (char *)ent - (char *)leaf;
373 if (!xchk_xattr_set_map(ds->sc, usedmap, off,
374 sizeof(xfs_attr_leaf_entry_t))) {
375 xchk_da_set_corrupt(ds, level);
376 goto out;
377 }
378
379 /* Check the entry and nameval. */
380 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
381 ent, i, &usedbytes, &last_hashval);
382
383 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
384 goto out;
385 }
386
387 if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr))
388 xchk_da_set_corrupt(ds, level);
389
390 if (leafhdr.usedbytes != usedbytes)
391 xchk_da_set_corrupt(ds, level);
392
393out:
394 return 0;
395}
396
397/* Scrub a attribute btree record. */
398STATIC int
399xchk_xattr_rec(
400 struct xchk_da_btree *ds,
401 int level,
402 void *rec)
403{
404 struct xfs_mount *mp = ds->state->mp;
405 struct xfs_attr_leaf_entry *ent = rec;
406 struct xfs_da_state_blk *blk;
407 struct xfs_attr_leaf_name_local *lentry;
408 struct xfs_attr_leaf_name_remote *rentry;
409 struct xfs_buf *bp;
410 xfs_dahash_t calc_hash;
411 xfs_dahash_t hash;
412 int nameidx;
413 int hdrsize;
414 unsigned int badflags;
415 int error;
416
417 blk = &ds->state->path.blk[level];
418
419 /* Check the whole block, if necessary. */
420 error = xchk_xattr_block(ds, level);
421 if (error)
422 goto out;
423 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
424 goto out;
425
426 /* Check the hash of the entry. */
427 error = xchk_da_btree_hash(ds, level, &ent->hashval);
428 if (error)
429 goto out;
430
431 /* Find the attr entry's location. */
432 bp = blk->bp;
433 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
434 nameidx = be16_to_cpu(ent->nameidx);
435 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
436 xchk_da_set_corrupt(ds, level);
437 goto out;
438 }
439
440 /* Retrieve the entry and check it. */
441 hash = be32_to_cpu(ent->hashval);
442 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE |
443 XFS_ATTR_INCOMPLETE);
444 if ((ent->flags & badflags) != 0)
445 xchk_da_set_corrupt(ds, level);
446 if (ent->flags & XFS_ATTR_LOCAL) {
447 lentry = (struct xfs_attr_leaf_name_local *)
448 (((char *)bp->b_addr) + nameidx);
449 if (lentry->namelen <= 0) {
450 xchk_da_set_corrupt(ds, level);
451 goto out;
452 }
453 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen);
454 } else {
455 rentry = (struct xfs_attr_leaf_name_remote *)
456 (((char *)bp->b_addr) + nameidx);
457 if (rentry->namelen <= 0) {
458 xchk_da_set_corrupt(ds, level);
459 goto out;
460 }
461 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen);
462 }
463 if (calc_hash != hash)
464 xchk_da_set_corrupt(ds, level);
465
466out:
467 return error;
468}
469
470/* Scrub the extended attribute metadata. */
471int
472xchk_xattr(
473 struct xfs_scrub *sc)
474{
475 struct xchk_xattr sx;
476 struct attrlist_cursor_kern cursor = { 0 };
477 xfs_dablk_t last_checked = -1U;
478 int error = 0;
479
480 if (!xfs_inode_hasattr(sc->ip))
481 return -ENOENT;
482
483 memset(&sx, 0, sizeof(sx));
484 /* Check attribute tree structure */
485 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
486 &last_checked);
487 if (error)
488 goto out;
489
490 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
491 goto out;
492
493 /* Check that every attr key can also be looked up by hash. */
494 sx.context.dp = sc->ip;
495 sx.context.cursor = &cursor;
496 sx.context.resynch = 1;
497 sx.context.put_listent = xchk_xattr_listent;
498 sx.context.tp = sc->tp;
499 sx.context.flags = ATTR_INCOMPLETE;
500 sx.sc = sc;
501
502 /*
503 * Look up every xattr in this file by name.
504 *
505 * Use the backend implementation of xfs_attr_list to call
506 * xchk_xattr_listent on every attribute key in this inode.
507 * In other words, we use the same iterator/callback mechanism
508 * that listattr uses to scrub extended attributes, though in our
509 * _listent function, we check the value of the attribute.
510 *
511 * The VFS only locks i_rwsem when modifying attrs, so keep all
512 * three locks held because that's the only way to ensure we're
513 * the only thread poking into the da btree. We traverse the da
514 * btree while holding a leaf buffer locked for the xattr name
515 * iteration, which doesn't really follow the usual buffer
516 * locking order.
517 */
518 error = xfs_attr_list_int_ilocked(&sx.context);
519 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
520 goto out;
521
522 /* Did our listent function try to return any errors? */
523 if (sx.context.seen_enough < 0)
524 error = sx.context.seen_enough;
525out:
526 return error;
527}