Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2017 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_trans_resv.h"
11#include "xfs_mount.h"
12#include "xfs_log_format.h"
13#include "xfs_inode.h"
14#include "xfs_da_format.h"
15#include "xfs_da_btree.h"
16#include "xfs_attr.h"
17#include "xfs_attr_leaf.h"
18#include "scrub/scrub.h"
19#include "scrub/common.h"
20#include "scrub/dabtree.h"
21#include "scrub/attr.h"
22
23/*
24 * Allocate enough memory to hold an attr value and attr block bitmaps,
25 * reallocating the buffer if necessary. Buffer contents are not preserved
26 * across a reallocation.
27 */
28int
29xchk_setup_xattr_buf(
30 struct xfs_scrub *sc,
31 size_t value_size,
32 xfs_km_flags_t flags)
33{
34 size_t sz;
35 struct xchk_xattr_buf *ab = sc->buf;
36
37 /*
38 * We need enough space to read an xattr value from the file or enough
39 * space to hold three copies of the xattr free space bitmap. We don't
40 * need the buffer space for both purposes at the same time.
41 */
42 sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
43 sz = max_t(size_t, sz, value_size);
44
45 /*
46 * If there's already a buffer, figure out if we need to reallocate it
47 * to accommodate a larger size.
48 */
49 if (ab) {
50 if (sz <= ab->sz)
51 return 0;
52 kmem_free(ab);
53 sc->buf = NULL;
54 }
55
56 /*
57 * Don't zero the buffer upon allocation to avoid runtime overhead.
58 * All users must be careful never to read uninitialized contents.
59 */
60 ab = kmem_alloc_large(sizeof(*ab) + sz, flags);
61 if (!ab)
62 return -ENOMEM;
63
64 ab->sz = sz;
65 sc->buf = ab;
66 return 0;
67}
68
69/* Set us up to scrub an inode's extended attributes. */
70int
71xchk_setup_xattr(
72 struct xfs_scrub *sc,
73 struct xfs_inode *ip)
74{
75 int error;
76
77 /*
78 * We failed to get memory while checking attrs, so this time try to
79 * get all the memory we're ever going to need. Allocate the buffer
80 * without the inode lock held, which means we can sleep.
81 */
82 if (sc->flags & XCHK_TRY_HARDER) {
83 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, 0);
84 if (error)
85 return error;
86 }
87
88 return xchk_setup_inode_contents(sc, ip, 0);
89}
90
91/* Extended Attributes */
92
93struct xchk_xattr {
94 struct xfs_attr_list_context context;
95 struct xfs_scrub *sc;
96};
97
98/*
99 * Check that an extended attribute key can be looked up by hash.
100 *
101 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked)
102 * to call this function for every attribute key in an inode. Once
103 * we're here, we load the attribute value to see if any errors happen,
104 * or if we get more or less data than we expected.
105 */
106static void
107xchk_xattr_listent(
108 struct xfs_attr_list_context *context,
109 int flags,
110 unsigned char *name,
111 int namelen,
112 int valuelen)
113{
114 struct xchk_xattr *sx;
115 struct xfs_da_args args = { NULL };
116 int error = 0;
117
118 sx = container_of(context, struct xchk_xattr, context);
119
120 if (xchk_should_terminate(sx->sc, &error)) {
121 context->seen_enough = error;
122 return;
123 }
124
125 if (flags & XFS_ATTR_INCOMPLETE) {
126 /* Incomplete attr key, just mark the inode for preening. */
127 xchk_ino_set_preen(sx->sc, context->dp->i_ino);
128 return;
129 }
130
131 /* Does this name make sense? */
132 if (!xfs_attr_namecheck(name, namelen)) {
133 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
134 return;
135 }
136
137 /*
138 * Try to allocate enough memory to extrat the attr value. If that
139 * doesn't work, we overload the seen_enough variable to convey
140 * the error message back to the main scrub function.
141 */
142 error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL);
143 if (error == -ENOMEM)
144 error = -EDEADLOCK;
145 if (error) {
146 context->seen_enough = error;
147 return;
148 }
149
150 args.flags = ATTR_KERNOTIME;
151 if (flags & XFS_ATTR_ROOT)
152 args.flags |= ATTR_ROOT;
153 else if (flags & XFS_ATTR_SECURE)
154 args.flags |= ATTR_SECURE;
155 args.geo = context->dp->i_mount->m_attr_geo;
156 args.whichfork = XFS_ATTR_FORK;
157 args.dp = context->dp;
158 args.name = name;
159 args.namelen = namelen;
160 args.hashval = xfs_da_hashname(args.name, args.namelen);
161 args.trans = context->tp;
162 args.value = xchk_xattr_valuebuf(sx->sc);
163 args.valuelen = valuelen;
164
165 error = xfs_attr_get_ilocked(context->dp, &args);
166 if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno,
167 &error))
168 goto fail_xref;
169 if (args.valuelen != valuelen)
170 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK,
171 args.blkno);
172fail_xref:
173 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
174 context->seen_enough = 1;
175 return;
176}
177
178/*
179 * Mark a range [start, start+len) in this map. Returns true if the
180 * region was free, and false if there's a conflict or a problem.
181 *
182 * Within a char, the lowest bit of the char represents the byte with
183 * the smallest address
184 */
185STATIC bool
186xchk_xattr_set_map(
187 struct xfs_scrub *sc,
188 unsigned long *map,
189 unsigned int start,
190 unsigned int len)
191{
192 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
193 bool ret = true;
194
195 if (start >= mapsize)
196 return false;
197 if (start + len > mapsize) {
198 len = mapsize - start;
199 ret = false;
200 }
201
202 if (find_next_bit(map, mapsize, start) < start + len)
203 ret = false;
204 bitmap_set(map, start, len);
205
206 return ret;
207}
208
209/*
210 * Check the leaf freemap from the usage bitmap. Returns false if the
211 * attr freemap has problems or points to used space.
212 */
213STATIC bool
214xchk_xattr_check_freemap(
215 struct xfs_scrub *sc,
216 unsigned long *map,
217 struct xfs_attr3_icleaf_hdr *leafhdr)
218{
219 unsigned long *freemap = xchk_xattr_freemap(sc);
220 unsigned long *dstmap = xchk_xattr_dstmap(sc);
221 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
222 int i;
223
224 /* Construct bitmap of freemap contents. */
225 bitmap_zero(freemap, mapsize);
226 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
227 if (!xchk_xattr_set_map(sc, freemap,
228 leafhdr->freemap[i].base,
229 leafhdr->freemap[i].size))
230 return false;
231 }
232
233 /* Look for bits that are set in freemap and are marked in use. */
234 return bitmap_and(dstmap, freemap, map, mapsize) == 0;
235}
236
237/*
238 * Check this leaf entry's relations to everything else.
239 * Returns the number of bytes used for the name/value data.
240 */
241STATIC void
242xchk_xattr_entry(
243 struct xchk_da_btree *ds,
244 int level,
245 char *buf_end,
246 struct xfs_attr_leafblock *leaf,
247 struct xfs_attr3_icleaf_hdr *leafhdr,
248 struct xfs_attr_leaf_entry *ent,
249 int idx,
250 unsigned int *usedbytes,
251 __u32 *last_hashval)
252{
253 struct xfs_mount *mp = ds->state->mp;
254 unsigned long *usedmap = xchk_xattr_usedmap(ds->sc);
255 char *name_end;
256 struct xfs_attr_leaf_name_local *lentry;
257 struct xfs_attr_leaf_name_remote *rentry;
258 unsigned int nameidx;
259 unsigned int namesize;
260
261 if (ent->pad2 != 0)
262 xchk_da_set_corrupt(ds, level);
263
264 /* Hash values in order? */
265 if (be32_to_cpu(ent->hashval) < *last_hashval)
266 xchk_da_set_corrupt(ds, level);
267 *last_hashval = be32_to_cpu(ent->hashval);
268
269 nameidx = be16_to_cpu(ent->nameidx);
270 if (nameidx < leafhdr->firstused ||
271 nameidx >= mp->m_attr_geo->blksize) {
272 xchk_da_set_corrupt(ds, level);
273 return;
274 }
275
276 /* Check the name information. */
277 if (ent->flags & XFS_ATTR_LOCAL) {
278 lentry = xfs_attr3_leaf_name_local(leaf, idx);
279 namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
280 be16_to_cpu(lentry->valuelen));
281 name_end = (char *)lentry + namesize;
282 if (lentry->namelen == 0)
283 xchk_da_set_corrupt(ds, level);
284 } else {
285 rentry = xfs_attr3_leaf_name_remote(leaf, idx);
286 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
287 name_end = (char *)rentry + namesize;
288 if (rentry->namelen == 0 || rentry->valueblk == 0)
289 xchk_da_set_corrupt(ds, level);
290 }
291 if (name_end > buf_end)
292 xchk_da_set_corrupt(ds, level);
293
294 if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize))
295 xchk_da_set_corrupt(ds, level);
296 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
297 *usedbytes += namesize;
298}
299
300/* Scrub an attribute leaf. */
301STATIC int
302xchk_xattr_block(
303 struct xchk_da_btree *ds,
304 int level)
305{
306 struct xfs_attr3_icleaf_hdr leafhdr;
307 struct xfs_mount *mp = ds->state->mp;
308 struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
309 struct xfs_buf *bp = blk->bp;
310 xfs_dablk_t *last_checked = ds->private;
311 struct xfs_attr_leafblock *leaf = bp->b_addr;
312 struct xfs_attr_leaf_entry *ent;
313 struct xfs_attr_leaf_entry *entries;
314 unsigned long *usedmap;
315 char *buf_end;
316 size_t off;
317 __u32 last_hashval = 0;
318 unsigned int usedbytes = 0;
319 unsigned int hdrsize;
320 int i;
321 int error;
322
323 if (*last_checked == blk->blkno)
324 return 0;
325
326 /* Allocate memory for block usage checking. */
327 error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL);
328 if (error == -ENOMEM)
329 return -EDEADLOCK;
330 if (error)
331 return error;
332 usedmap = xchk_xattr_usedmap(ds->sc);
333
334 *last_checked = blk->blkno;
335 bitmap_zero(usedmap, mp->m_attr_geo->blksize);
336
337 /* Check all the padding. */
338 if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) {
339 struct xfs_attr3_leafblock *leaf = bp->b_addr;
340
341 if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 ||
342 leaf->hdr.info.hdr.pad != 0)
343 xchk_da_set_corrupt(ds, level);
344 } else {
345 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
346 xchk_da_set_corrupt(ds, level);
347 }
348
349 /* Check the leaf header */
350 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
351 hdrsize = xfs_attr3_leaf_hdr_size(leaf);
352
353 if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
354 xchk_da_set_corrupt(ds, level);
355 if (leafhdr.firstused > mp->m_attr_geo->blksize)
356 xchk_da_set_corrupt(ds, level);
357 if (leafhdr.firstused < hdrsize)
358 xchk_da_set_corrupt(ds, level);
359 if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize))
360 xchk_da_set_corrupt(ds, level);
361
362 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
363 goto out;
364
365 entries = xfs_attr3_leaf_entryp(leaf);
366 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
367 xchk_da_set_corrupt(ds, level);
368
369 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
370 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
371 /* Mark the leaf entry itself. */
372 off = (char *)ent - (char *)leaf;
373 if (!xchk_xattr_set_map(ds->sc, usedmap, off,
374 sizeof(xfs_attr_leaf_entry_t))) {
375 xchk_da_set_corrupt(ds, level);
376 goto out;
377 }
378
379 /* Check the entry and nameval. */
380 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
381 ent, i, &usedbytes, &last_hashval);
382
383 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
384 goto out;
385 }
386
387 if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr))
388 xchk_da_set_corrupt(ds, level);
389
390 if (leafhdr.usedbytes != usedbytes)
391 xchk_da_set_corrupt(ds, level);
392
393out:
394 return 0;
395}
396
397/* Scrub a attribute btree record. */
398STATIC int
399xchk_xattr_rec(
400 struct xchk_da_btree *ds,
401 int level,
402 void *rec)
403{
404 struct xfs_mount *mp = ds->state->mp;
405 struct xfs_attr_leaf_entry *ent = rec;
406 struct xfs_da_state_blk *blk;
407 struct xfs_attr_leaf_name_local *lentry;
408 struct xfs_attr_leaf_name_remote *rentry;
409 struct xfs_buf *bp;
410 xfs_dahash_t calc_hash;
411 xfs_dahash_t hash;
412 int nameidx;
413 int hdrsize;
414 unsigned int badflags;
415 int error;
416
417 blk = &ds->state->path.blk[level];
418
419 /* Check the whole block, if necessary. */
420 error = xchk_xattr_block(ds, level);
421 if (error)
422 goto out;
423 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
424 goto out;
425
426 /* Check the hash of the entry. */
427 error = xchk_da_btree_hash(ds, level, &ent->hashval);
428 if (error)
429 goto out;
430
431 /* Find the attr entry's location. */
432 bp = blk->bp;
433 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
434 nameidx = be16_to_cpu(ent->nameidx);
435 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
436 xchk_da_set_corrupt(ds, level);
437 goto out;
438 }
439
440 /* Retrieve the entry and check it. */
441 hash = be32_to_cpu(ent->hashval);
442 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE |
443 XFS_ATTR_INCOMPLETE);
444 if ((ent->flags & badflags) != 0)
445 xchk_da_set_corrupt(ds, level);
446 if (ent->flags & XFS_ATTR_LOCAL) {
447 lentry = (struct xfs_attr_leaf_name_local *)
448 (((char *)bp->b_addr) + nameidx);
449 if (lentry->namelen <= 0) {
450 xchk_da_set_corrupt(ds, level);
451 goto out;
452 }
453 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen);
454 } else {
455 rentry = (struct xfs_attr_leaf_name_remote *)
456 (((char *)bp->b_addr) + nameidx);
457 if (rentry->namelen <= 0) {
458 xchk_da_set_corrupt(ds, level);
459 goto out;
460 }
461 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen);
462 }
463 if (calc_hash != hash)
464 xchk_da_set_corrupt(ds, level);
465
466out:
467 return error;
468}
469
470/* Scrub the extended attribute metadata. */
471int
472xchk_xattr(
473 struct xfs_scrub *sc)
474{
475 struct xchk_xattr sx;
476 struct attrlist_cursor_kern cursor = { 0 };
477 xfs_dablk_t last_checked = -1U;
478 int error = 0;
479
480 if (!xfs_inode_hasattr(sc->ip))
481 return -ENOENT;
482
483 memset(&sx, 0, sizeof(sx));
484 /* Check attribute tree structure */
485 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
486 &last_checked);
487 if (error)
488 goto out;
489
490 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
491 goto out;
492
493 /* Check that every attr key can also be looked up by hash. */
494 sx.context.dp = sc->ip;
495 sx.context.cursor = &cursor;
496 sx.context.resynch = 1;
497 sx.context.put_listent = xchk_xattr_listent;
498 sx.context.tp = sc->tp;
499 sx.context.flags = ATTR_INCOMPLETE;
500 sx.sc = sc;
501
502 /*
503 * Look up every xattr in this file by name.
504 *
505 * Use the backend implementation of xfs_attr_list to call
506 * xchk_xattr_listent on every attribute key in this inode.
507 * In other words, we use the same iterator/callback mechanism
508 * that listattr uses to scrub extended attributes, though in our
509 * _listent function, we check the value of the attribute.
510 *
511 * The VFS only locks i_rwsem when modifying attrs, so keep all
512 * three locks held because that's the only way to ensure we're
513 * the only thread poking into the da btree. We traverse the da
514 * btree while holding a leaf buffer locked for the xattr name
515 * iteration, which doesn't really follow the usual buffer
516 * locking order.
517 */
518 error = xfs_attr_list_int_ilocked(&sx.context);
519 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
520 goto out;
521
522 /* Did our listent function try to return any errors? */
523 if (sx.context.seen_enough < 0)
524 error = sx.context.seen_enough;
525out:
526 return error;
527}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2017-2023 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <djwong@kernel.org>
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_trans_resv.h"
11#include "xfs_mount.h"
12#include "xfs_log_format.h"
13#include "xfs_trans.h"
14#include "xfs_inode.h"
15#include "xfs_da_format.h"
16#include "xfs_da_btree.h"
17#include "xfs_attr.h"
18#include "xfs_attr_leaf.h"
19#include "xfs_attr_sf.h"
20#include "xfs_parent.h"
21#include "scrub/scrub.h"
22#include "scrub/common.h"
23#include "scrub/dabtree.h"
24#include "scrub/attr.h"
25#include "scrub/listxattr.h"
26#include "scrub/repair.h"
27
28/* Free the buffers linked from the xattr buffer. */
29static void
30xchk_xattr_buf_cleanup(
31 void *priv)
32{
33 struct xchk_xattr_buf *ab = priv;
34
35 kvfree(ab->freemap);
36 ab->freemap = NULL;
37 kvfree(ab->usedmap);
38 ab->usedmap = NULL;
39 kvfree(ab->value);
40 ab->value = NULL;
41 ab->value_sz = 0;
42 kvfree(ab->name);
43 ab->name = NULL;
44}
45
46/*
47 * Allocate the free space bitmap if we're trying harder; there are leaf blocks
48 * in the attr fork; or we can't tell if there are leaf blocks.
49 */
50static inline bool
51xchk_xattr_want_freemap(
52 struct xfs_scrub *sc)
53{
54 struct xfs_ifork *ifp;
55
56 if (sc->flags & XCHK_TRY_HARDER)
57 return true;
58
59 if (!sc->ip)
60 return true;
61
62 ifp = xfs_ifork_ptr(sc->ip, XFS_ATTR_FORK);
63 if (!ifp)
64 return false;
65
66 return xfs_ifork_has_extents(ifp);
67}
68
69/*
70 * Allocate enough memory to hold an attr value and attr block bitmaps,
71 * reallocating the buffer if necessary. Buffer contents are not preserved
72 * across a reallocation.
73 */
74int
75xchk_setup_xattr_buf(
76 struct xfs_scrub *sc,
77 size_t value_size)
78{
79 size_t bmp_sz;
80 struct xchk_xattr_buf *ab = sc->buf;
81 void *new_val;
82
83 bmp_sz = sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
84
85 if (ab)
86 goto resize_value;
87
88 ab = kvzalloc(sizeof(struct xchk_xattr_buf), XCHK_GFP_FLAGS);
89 if (!ab)
90 return -ENOMEM;
91 sc->buf = ab;
92 sc->buf_cleanup = xchk_xattr_buf_cleanup;
93
94 ab->usedmap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS);
95 if (!ab->usedmap)
96 return -ENOMEM;
97
98 if (xchk_xattr_want_freemap(sc)) {
99 ab->freemap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS);
100 if (!ab->freemap)
101 return -ENOMEM;
102 }
103
104 if (xchk_could_repair(sc)) {
105 ab->name = kvmalloc(XATTR_NAME_MAX + 1, XCHK_GFP_FLAGS);
106 if (!ab->name)
107 return -ENOMEM;
108 }
109
110resize_value:
111 if (ab->value_sz >= value_size)
112 return 0;
113
114 if (ab->value) {
115 kvfree(ab->value);
116 ab->value = NULL;
117 ab->value_sz = 0;
118 }
119
120 new_val = kvmalloc(value_size, XCHK_GFP_FLAGS);
121 if (!new_val)
122 return -ENOMEM;
123
124 ab->value = new_val;
125 ab->value_sz = value_size;
126 return 0;
127}
128
129/* Set us up to scrub an inode's extended attributes. */
130int
131xchk_setup_xattr(
132 struct xfs_scrub *sc)
133{
134 int error;
135
136 if (xchk_could_repair(sc)) {
137 error = xrep_setup_xattr(sc);
138 if (error)
139 return error;
140 }
141
142 /*
143 * We failed to get memory while checking attrs, so this time try to
144 * get all the memory we're ever going to need. Allocate the buffer
145 * without the inode lock held, which means we can sleep.
146 */
147 if (sc->flags & XCHK_TRY_HARDER) {
148 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX);
149 if (error)
150 return error;
151 }
152
153 return xchk_setup_inode_contents(sc, 0);
154}
155
156/* Extended Attributes */
157
158/*
159 * Check that an extended attribute key can be looked up by hash.
160 *
161 * We use the extended attribute walk helper to call this function for every
162 * attribute key in an inode. Once we're here, we load the attribute value to
163 * see if any errors happen, or if we get more or less data than we expected.
164 */
165static int
166xchk_xattr_actor(
167 struct xfs_scrub *sc,
168 struct xfs_inode *ip,
169 unsigned int attr_flags,
170 const unsigned char *name,
171 unsigned int namelen,
172 const void *value,
173 unsigned int valuelen,
174 void *priv)
175{
176 struct xfs_da_args args = {
177 .attr_filter = attr_flags & XFS_ATTR_NSP_ONDISK_MASK,
178 .geo = sc->mp->m_attr_geo,
179 .whichfork = XFS_ATTR_FORK,
180 .dp = ip,
181 .name = name,
182 .namelen = namelen,
183 .trans = sc->tp,
184 .valuelen = valuelen,
185 .owner = ip->i_ino,
186 };
187 struct xchk_xattr_buf *ab;
188 int error = 0;
189
190 ab = sc->buf;
191
192 if (xchk_should_terminate(sc, &error))
193 return error;
194
195 if (attr_flags & ~XFS_ATTR_ONDISK_MASK) {
196 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno);
197 return -ECANCELED;
198 }
199
200 if (attr_flags & XFS_ATTR_INCOMPLETE) {
201 /* Incomplete attr key, just mark the inode for preening. */
202 xchk_ino_set_preen(sc, ip->i_ino);
203 return 0;
204 }
205
206 /* Does this name make sense? */
207 if (!xfs_attr_namecheck(attr_flags, name, namelen)) {
208 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno);
209 return -ECANCELED;
210 }
211
212 /* Check parent pointer record. */
213 if ((attr_flags & XFS_ATTR_PARENT) &&
214 !xfs_parent_valuecheck(sc->mp, value, valuelen)) {
215 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno);
216 return -ECANCELED;
217 }
218
219 /*
220 * Try to allocate enough memory to extract the attr value. If that
221 * doesn't work, return -EDEADLOCK as a signal to try again with a
222 * maximally sized buffer.
223 */
224 error = xchk_setup_xattr_buf(sc, valuelen);
225 if (error == -ENOMEM)
226 error = -EDEADLOCK;
227 if (error)
228 return error;
229
230 /*
231 * Parent pointers are matched on attr name and value, so we must
232 * supply the xfs_parent_rec here when confirming that the dabtree
233 * indexing works correctly.
234 */
235 if (attr_flags & XFS_ATTR_PARENT)
236 memcpy(ab->value, value, valuelen);
237
238 args.value = ab->value;
239
240 /*
241 * Get the attr value to ensure that lookup can find this attribute
242 * through the dabtree indexing and that remote value retrieval also
243 * works correctly.
244 */
245 xfs_attr_sethash(&args);
246 error = xfs_attr_get_ilocked(&args);
247 /* ENODATA means the hash lookup failed and the attr is bad */
248 if (error == -ENODATA)
249 error = -EFSCORRUPTED;
250 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, args.blkno,
251 &error))
252 return error;
253 if (args.valuelen != valuelen)
254 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno);
255
256 return 0;
257}
258
259/*
260 * Mark a range [start, start+len) in this map. Returns true if the
261 * region was free, and false if there's a conflict or a problem.
262 *
263 * Within a char, the lowest bit of the char represents the byte with
264 * the smallest address
265 */
266bool
267xchk_xattr_set_map(
268 struct xfs_scrub *sc,
269 unsigned long *map,
270 unsigned int start,
271 unsigned int len)
272{
273 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
274 bool ret = true;
275
276 if (start >= mapsize)
277 return false;
278 if (start + len > mapsize) {
279 len = mapsize - start;
280 ret = false;
281 }
282
283 if (find_next_bit(map, mapsize, start) < start + len)
284 ret = false;
285 bitmap_set(map, start, len);
286
287 return ret;
288}
289
290/*
291 * Check the leaf freemap from the usage bitmap. Returns false if the
292 * attr freemap has problems or points to used space.
293 */
294STATIC bool
295xchk_xattr_check_freemap(
296 struct xfs_scrub *sc,
297 struct xfs_attr3_icleaf_hdr *leafhdr)
298{
299 struct xchk_xattr_buf *ab = sc->buf;
300 unsigned int mapsize = sc->mp->m_attr_geo->blksize;
301 int i;
302
303 /* Construct bitmap of freemap contents. */
304 bitmap_zero(ab->freemap, mapsize);
305 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
306 if (!xchk_xattr_set_map(sc, ab->freemap,
307 leafhdr->freemap[i].base,
308 leafhdr->freemap[i].size))
309 return false;
310 }
311
312 /* Look for bits that are set in freemap and are marked in use. */
313 return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize);
314}
315
316/*
317 * Check this leaf entry's relations to everything else.
318 * Returns the number of bytes used for the name/value data.
319 */
320STATIC void
321xchk_xattr_entry(
322 struct xchk_da_btree *ds,
323 int level,
324 char *buf_end,
325 struct xfs_attr_leafblock *leaf,
326 struct xfs_attr3_icleaf_hdr *leafhdr,
327 struct xfs_attr_leaf_entry *ent,
328 int idx,
329 unsigned int *usedbytes,
330 __u32 *last_hashval)
331{
332 struct xfs_mount *mp = ds->state->mp;
333 struct xchk_xattr_buf *ab = ds->sc->buf;
334 char *name_end;
335 struct xfs_attr_leaf_name_local *lentry;
336 struct xfs_attr_leaf_name_remote *rentry;
337 unsigned int nameidx;
338 unsigned int namesize;
339
340 if (ent->pad2 != 0)
341 xchk_da_set_corrupt(ds, level);
342
343 /* Hash values in order? */
344 if (be32_to_cpu(ent->hashval) < *last_hashval)
345 xchk_da_set_corrupt(ds, level);
346 *last_hashval = be32_to_cpu(ent->hashval);
347
348 nameidx = be16_to_cpu(ent->nameidx);
349 if (nameidx < leafhdr->firstused ||
350 nameidx >= mp->m_attr_geo->blksize) {
351 xchk_da_set_corrupt(ds, level);
352 return;
353 }
354
355 /* Check the name information. */
356 if (ent->flags & XFS_ATTR_LOCAL) {
357 lentry = xfs_attr3_leaf_name_local(leaf, idx);
358 namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
359 be16_to_cpu(lentry->valuelen));
360 name_end = (char *)lentry + namesize;
361 if (lentry->namelen == 0)
362 xchk_da_set_corrupt(ds, level);
363 } else {
364 rentry = xfs_attr3_leaf_name_remote(leaf, idx);
365 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
366 name_end = (char *)rentry + namesize;
367 if (rentry->namelen == 0 || rentry->valueblk == 0)
368 xchk_da_set_corrupt(ds, level);
369 }
370 if (name_end > buf_end)
371 xchk_da_set_corrupt(ds, level);
372
373 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, nameidx, namesize))
374 xchk_da_set_corrupt(ds, level);
375 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
376 *usedbytes += namesize;
377}
378
379/* Scrub an attribute leaf. */
380STATIC int
381xchk_xattr_block(
382 struct xchk_da_btree *ds,
383 int level)
384{
385 struct xfs_attr3_icleaf_hdr leafhdr;
386 struct xfs_mount *mp = ds->state->mp;
387 struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
388 struct xfs_buf *bp = blk->bp;
389 xfs_dablk_t *last_checked = ds->private;
390 struct xfs_attr_leafblock *leaf = bp->b_addr;
391 struct xfs_attr_leaf_entry *ent;
392 struct xfs_attr_leaf_entry *entries;
393 struct xchk_xattr_buf *ab = ds->sc->buf;
394 char *buf_end;
395 size_t off;
396 __u32 last_hashval = 0;
397 unsigned int usedbytes = 0;
398 unsigned int hdrsize;
399 int i;
400
401 if (*last_checked == blk->blkno)
402 return 0;
403
404 *last_checked = blk->blkno;
405 bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize);
406
407 /* Check all the padding. */
408 if (xfs_has_crc(ds->sc->mp)) {
409 struct xfs_attr3_leafblock *leaf3 = bp->b_addr;
410
411 if (leaf3->hdr.pad1 != 0 || leaf3->hdr.pad2 != 0 ||
412 leaf3->hdr.info.hdr.pad != 0)
413 xchk_da_set_corrupt(ds, level);
414 } else {
415 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
416 xchk_da_set_corrupt(ds, level);
417 }
418
419 /* Check the leaf header */
420 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
421 hdrsize = xfs_attr3_leaf_hdr_size(leaf);
422
423 /*
424 * Empty xattr leaf blocks mapped at block 0 are probably a byproduct
425 * of a race between setxattr and a log shutdown. Anywhere else in the
426 * attr fork is a corruption.
427 */
428 if (leafhdr.count == 0) {
429 if (blk->blkno == 0)
430 xchk_da_set_preen(ds, level);
431 else
432 xchk_da_set_corrupt(ds, level);
433 }
434 if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
435 xchk_da_set_corrupt(ds, level);
436 if (leafhdr.firstused > mp->m_attr_geo->blksize)
437 xchk_da_set_corrupt(ds, level);
438 if (leafhdr.firstused < hdrsize)
439 xchk_da_set_corrupt(ds, level);
440 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, 0, hdrsize))
441 xchk_da_set_corrupt(ds, level);
442 if (leafhdr.holes)
443 xchk_da_set_preen(ds, level);
444
445 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
446 goto out;
447
448 entries = xfs_attr3_leaf_entryp(leaf);
449 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
450 xchk_da_set_corrupt(ds, level);
451
452 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
453 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
454 /* Mark the leaf entry itself. */
455 off = (char *)ent - (char *)leaf;
456 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, off,
457 sizeof(xfs_attr_leaf_entry_t))) {
458 xchk_da_set_corrupt(ds, level);
459 goto out;
460 }
461
462 /* Check the entry and nameval. */
463 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
464 ent, i, &usedbytes, &last_hashval);
465
466 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
467 goto out;
468 }
469
470 if (!xchk_xattr_check_freemap(ds->sc, &leafhdr))
471 xchk_da_set_corrupt(ds, level);
472
473 if (leafhdr.usedbytes != usedbytes)
474 xchk_da_set_corrupt(ds, level);
475
476out:
477 return 0;
478}
479
480/* Scrub a attribute btree record. */
481STATIC int
482xchk_xattr_rec(
483 struct xchk_da_btree *ds,
484 int level)
485{
486 struct xfs_mount *mp = ds->state->mp;
487 struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
488 struct xfs_attr_leaf_name_local *lentry;
489 struct xfs_attr_leaf_name_remote *rentry;
490 struct xfs_buf *bp;
491 struct xfs_attr_leaf_entry *ent;
492 xfs_dahash_t calc_hash;
493 xfs_dahash_t hash;
494 int nameidx;
495 int hdrsize;
496 int error;
497
498 ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC);
499
500 ent = xfs_attr3_leaf_entryp(blk->bp->b_addr) + blk->index;
501
502 /* Check the whole block, if necessary. */
503 error = xchk_xattr_block(ds, level);
504 if (error)
505 goto out;
506 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
507 goto out;
508
509 /* Check the hash of the entry. */
510 error = xchk_da_btree_hash(ds, level, &ent->hashval);
511 if (error)
512 goto out;
513
514 /* Find the attr entry's location. */
515 bp = blk->bp;
516 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
517 nameidx = be16_to_cpu(ent->nameidx);
518 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
519 xchk_da_set_corrupt(ds, level);
520 goto out;
521 }
522
523 /* Retrieve the entry and check it. */
524 hash = be32_to_cpu(ent->hashval);
525 if (ent->flags & ~XFS_ATTR_ONDISK_MASK) {
526 xchk_da_set_corrupt(ds, level);
527 return 0;
528 }
529 if (!xfs_attr_check_namespace(ent->flags)) {
530 xchk_da_set_corrupt(ds, level);
531 return 0;
532 }
533
534 if (ent->flags & XFS_ATTR_LOCAL) {
535 lentry = (struct xfs_attr_leaf_name_local *)
536 (((char *)bp->b_addr) + nameidx);
537 if (lentry->namelen <= 0) {
538 xchk_da_set_corrupt(ds, level);
539 goto out;
540 }
541 calc_hash = xfs_attr_hashval(mp, ent->flags, lentry->nameval,
542 lentry->namelen,
543 lentry->nameval + lentry->namelen,
544 be16_to_cpu(lentry->valuelen));
545 } else {
546 rentry = (struct xfs_attr_leaf_name_remote *)
547 (((char *)bp->b_addr) + nameidx);
548 if (rentry->namelen <= 0) {
549 xchk_da_set_corrupt(ds, level);
550 goto out;
551 }
552 if (ent->flags & XFS_ATTR_PARENT) {
553 xchk_da_set_corrupt(ds, level);
554 goto out;
555 }
556 calc_hash = xfs_attr_hashval(mp, ent->flags, rentry->name,
557 rentry->namelen, NULL,
558 be32_to_cpu(rentry->valuelen));
559 }
560 if (calc_hash != hash)
561 xchk_da_set_corrupt(ds, level);
562
563out:
564 return error;
565}
566
567/* Check space usage of shortform attrs. */
568STATIC int
569xchk_xattr_check_sf(
570 struct xfs_scrub *sc)
571{
572 struct xchk_xattr_buf *ab = sc->buf;
573 struct xfs_ifork *ifp = &sc->ip->i_af;
574 struct xfs_attr_sf_hdr *sf = ifp->if_data;
575 struct xfs_attr_sf_entry *sfe = xfs_attr_sf_firstentry(sf);
576 struct xfs_attr_sf_entry *next;
577 unsigned char *end = ifp->if_data + ifp->if_bytes;
578 int i;
579 int error = 0;
580
581 bitmap_zero(ab->usedmap, ifp->if_bytes);
582 xchk_xattr_set_map(sc, ab->usedmap, 0, sizeof(*sf));
583
584 if ((unsigned char *)sfe > end) {
585 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
586 return 0;
587 }
588
589 for (i = 0; i < sf->count; i++) {
590 unsigned char *name = sfe->nameval;
591 unsigned char *value = &sfe->nameval[sfe->namelen];
592
593 if (xchk_should_terminate(sc, &error))
594 return error;
595
596 next = xfs_attr_sf_nextentry(sfe);
597 if ((unsigned char *)next > end) {
598 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
599 break;
600 }
601
602 /*
603 * Shortform entries do not set LOCAL or INCOMPLETE, so the
604 * only valid flag bits here are for namespaces.
605 */
606 if (sfe->flags & ~XFS_ATTR_NSP_ONDISK_MASK) {
607 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
608 break;
609 }
610
611 if (!xchk_xattr_set_map(sc, ab->usedmap,
612 (char *)sfe - (char *)sf,
613 sizeof(struct xfs_attr_sf_entry))) {
614 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
615 break;
616 }
617
618 if (!xchk_xattr_set_map(sc, ab->usedmap,
619 (char *)name - (char *)sf,
620 sfe->namelen)) {
621 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
622 break;
623 }
624
625 if (!xchk_xattr_set_map(sc, ab->usedmap,
626 (char *)value - (char *)sf,
627 sfe->valuelen)) {
628 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0);
629 break;
630 }
631
632 sfe = next;
633 }
634
635 return 0;
636}
637
638/* Scrub the extended attribute metadata. */
639int
640xchk_xattr(
641 struct xfs_scrub *sc)
642{
643 xfs_dablk_t last_checked = -1U;
644 int error = 0;
645
646 if (!xfs_inode_hasattr(sc->ip))
647 return -ENOENT;
648
649 /* Allocate memory for xattr checking. */
650 error = xchk_setup_xattr_buf(sc, 0);
651 if (error == -ENOMEM)
652 return -EDEADLOCK;
653 if (error)
654 return error;
655
656 /* Check the physical structure of the xattr. */
657 if (sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL)
658 error = xchk_xattr_check_sf(sc);
659 else
660 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
661 &last_checked);
662 if (error)
663 return error;
664
665 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
666 return 0;
667
668 /*
669 * Look up every xattr in this file by name and hash.
670 *
671 * The VFS only locks i_rwsem when modifying attrs, so keep all
672 * three locks held because that's the only way to ensure we're
673 * the only thread poking into the da btree. We traverse the da
674 * btree while holding a leaf buffer locked for the xattr name
675 * iteration, which doesn't really follow the usual buffer
676 * locking order.
677 */
678 error = xchk_xattr_walk(sc, sc->ip, xchk_xattr_actor, NULL, NULL);
679 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
680 return error;
681
682 return 0;
683}