Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * Copyright (c) 2013 Red Hat, Inc.
5 * All Rights Reserved.
6 */
7#include "xfs.h"
8#include "xfs_fs.h"
9#include "xfs_shared.h"
10#include "xfs_format.h"
11#include "xfs_log_format.h"
12#include "xfs_trans_resv.h"
13#include "xfs_bit.h"
14#include "xfs_mount.h"
15#include "xfs_defer.h"
16#include "xfs_da_format.h"
17#include "xfs_da_btree.h"
18#include "xfs_inode.h"
19#include "xfs_trans.h"
20#include "xfs_bmap.h"
21#include "xfs_attr.h"
22#include "xfs_attr_remote.h"
23#include "xfs_trace.h"
24#include "xfs_error.h"
25
26#define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */
27
28/*
29 * Remote Attribute Values
30 * =======================
31 *
32 * Remote extended attribute values are conceptually simple -- they're written
33 * to data blocks mapped by an inode's attribute fork, and they have an upper
34 * size limit of 64k. Setting a value does not involve the XFS log.
35 *
36 * However, on a v5 filesystem, maximally sized remote attr values require one
37 * block more than 64k worth of space to hold both the remote attribute value
38 * header (64 bytes). On a 4k block filesystem this results in a 68k buffer;
39 * on a 64k block filesystem, this would be a 128k buffer. Note that the log
40 * format can only handle a dirty buffer of XFS_MAX_BLOCKSIZE length (64k).
41 * Therefore, we /must/ ensure that remote attribute value buffers never touch
42 * the logging system and therefore never have a log item.
43 */
44
45/*
46 * Each contiguous block has a header, so it is not just a simple attribute
47 * length to FSB conversion.
48 */
49int
50xfs_attr3_rmt_blocks(
51 struct xfs_mount *mp,
52 int attrlen)
53{
54 if (xfs_has_crc(mp)) {
55 int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
56 return (attrlen + buflen - 1) / buflen;
57 }
58 return XFS_B_TO_FSB(mp, attrlen);
59}
60
61/*
62 * Checking of the remote attribute header is split into two parts. The verifier
63 * does CRC, location and bounds checking, the unpacking function checks the
64 * attribute parameters and owner.
65 */
66static xfs_failaddr_t
67xfs_attr3_rmt_hdr_ok(
68 void *ptr,
69 xfs_ino_t ino,
70 uint32_t offset,
71 uint32_t size,
72 xfs_daddr_t bno)
73{
74 struct xfs_attr3_rmt_hdr *rmt = ptr;
75
76 if (bno != be64_to_cpu(rmt->rm_blkno))
77 return __this_address;
78 if (offset != be32_to_cpu(rmt->rm_offset))
79 return __this_address;
80 if (size != be32_to_cpu(rmt->rm_bytes))
81 return __this_address;
82 if (ino != be64_to_cpu(rmt->rm_owner))
83 return __this_address;
84
85 /* ok */
86 return NULL;
87}
88
89static xfs_failaddr_t
90xfs_attr3_rmt_verify(
91 struct xfs_mount *mp,
92 struct xfs_buf *bp,
93 void *ptr,
94 int fsbsize,
95 xfs_daddr_t bno)
96{
97 struct xfs_attr3_rmt_hdr *rmt = ptr;
98
99 if (!xfs_verify_magic(bp, rmt->rm_magic))
100 return __this_address;
101 if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
102 return __this_address;
103 if (be64_to_cpu(rmt->rm_blkno) != bno)
104 return __this_address;
105 if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
106 return __this_address;
107 if (be32_to_cpu(rmt->rm_offset) +
108 be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
109 return __this_address;
110 if (rmt->rm_owner == 0)
111 return __this_address;
112
113 return NULL;
114}
115
116static int
117__xfs_attr3_rmt_read_verify(
118 struct xfs_buf *bp,
119 bool check_crc,
120 xfs_failaddr_t *failaddr)
121{
122 struct xfs_mount *mp = bp->b_mount;
123 char *ptr;
124 int len;
125 xfs_daddr_t bno;
126 int blksize = mp->m_attr_geo->blksize;
127
128 /* no verification of non-crc buffers */
129 if (!xfs_has_crc(mp))
130 return 0;
131
132 ptr = bp->b_addr;
133 bno = xfs_buf_daddr(bp);
134 len = BBTOB(bp->b_length);
135 ASSERT(len >= blksize);
136
137 while (len > 0) {
138 if (check_crc &&
139 !xfs_verify_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF)) {
140 *failaddr = __this_address;
141 return -EFSBADCRC;
142 }
143 *failaddr = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
144 if (*failaddr)
145 return -EFSCORRUPTED;
146 len -= blksize;
147 ptr += blksize;
148 bno += BTOBB(blksize);
149 }
150
151 if (len != 0) {
152 *failaddr = __this_address;
153 return -EFSCORRUPTED;
154 }
155
156 return 0;
157}
158
159static void
160xfs_attr3_rmt_read_verify(
161 struct xfs_buf *bp)
162{
163 xfs_failaddr_t fa;
164 int error;
165
166 error = __xfs_attr3_rmt_read_verify(bp, true, &fa);
167 if (error)
168 xfs_verifier_error(bp, error, fa);
169}
170
171static xfs_failaddr_t
172xfs_attr3_rmt_verify_struct(
173 struct xfs_buf *bp)
174{
175 xfs_failaddr_t fa;
176 int error;
177
178 error = __xfs_attr3_rmt_read_verify(bp, false, &fa);
179 return error ? fa : NULL;
180}
181
182static void
183xfs_attr3_rmt_write_verify(
184 struct xfs_buf *bp)
185{
186 struct xfs_mount *mp = bp->b_mount;
187 xfs_failaddr_t fa;
188 int blksize = mp->m_attr_geo->blksize;
189 char *ptr;
190 int len;
191 xfs_daddr_t bno;
192
193 /* no verification of non-crc buffers */
194 if (!xfs_has_crc(mp))
195 return;
196
197 ptr = bp->b_addr;
198 bno = xfs_buf_daddr(bp);
199 len = BBTOB(bp->b_length);
200 ASSERT(len >= blksize);
201
202 while (len > 0) {
203 struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
204
205 fa = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
206 if (fa) {
207 xfs_verifier_error(bp, -EFSCORRUPTED, fa);
208 return;
209 }
210
211 /*
212 * Ensure we aren't writing bogus LSNs to disk. See
213 * xfs_attr3_rmt_hdr_set() for the explanation.
214 */
215 if (rmt->rm_lsn != cpu_to_be64(NULLCOMMITLSN)) {
216 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
217 return;
218 }
219 xfs_update_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF);
220
221 len -= blksize;
222 ptr += blksize;
223 bno += BTOBB(blksize);
224 }
225
226 if (len != 0)
227 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
228}
229
230const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = {
231 .name = "xfs_attr3_rmt",
232 .magic = { 0, cpu_to_be32(XFS_ATTR3_RMT_MAGIC) },
233 .verify_read = xfs_attr3_rmt_read_verify,
234 .verify_write = xfs_attr3_rmt_write_verify,
235 .verify_struct = xfs_attr3_rmt_verify_struct,
236};
237
238STATIC int
239xfs_attr3_rmt_hdr_set(
240 struct xfs_mount *mp,
241 void *ptr,
242 xfs_ino_t ino,
243 uint32_t offset,
244 uint32_t size,
245 xfs_daddr_t bno)
246{
247 struct xfs_attr3_rmt_hdr *rmt = ptr;
248
249 if (!xfs_has_crc(mp))
250 return 0;
251
252 rmt->rm_magic = cpu_to_be32(XFS_ATTR3_RMT_MAGIC);
253 rmt->rm_offset = cpu_to_be32(offset);
254 rmt->rm_bytes = cpu_to_be32(size);
255 uuid_copy(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid);
256 rmt->rm_owner = cpu_to_be64(ino);
257 rmt->rm_blkno = cpu_to_be64(bno);
258
259 /*
260 * Remote attribute blocks are written synchronously, so we don't
261 * have an LSN that we can stamp in them that makes any sense to log
262 * recovery. To ensure that log recovery handles overwrites of these
263 * blocks sanely (i.e. once they've been freed and reallocated as some
264 * other type of metadata) we need to ensure that the LSN has a value
265 * that tells log recovery to ignore the LSN and overwrite the buffer
266 * with whatever is in it's log. To do this, we use the magic
267 * NULLCOMMITLSN to indicate that the LSN is invalid.
268 */
269 rmt->rm_lsn = cpu_to_be64(NULLCOMMITLSN);
270
271 return sizeof(struct xfs_attr3_rmt_hdr);
272}
273
274/*
275 * Helper functions to copy attribute data in and out of the one disk extents
276 */
277STATIC int
278xfs_attr_rmtval_copyout(
279 struct xfs_mount *mp,
280 struct xfs_buf *bp,
281 xfs_ino_t ino,
282 int *offset,
283 int *valuelen,
284 uint8_t **dst)
285{
286 char *src = bp->b_addr;
287 xfs_daddr_t bno = xfs_buf_daddr(bp);
288 int len = BBTOB(bp->b_length);
289 int blksize = mp->m_attr_geo->blksize;
290
291 ASSERT(len >= blksize);
292
293 while (len > 0 && *valuelen > 0) {
294 int hdr_size = 0;
295 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
296
297 byte_cnt = min(*valuelen, byte_cnt);
298
299 if (xfs_has_crc(mp)) {
300 if (xfs_attr3_rmt_hdr_ok(src, ino, *offset,
301 byte_cnt, bno)) {
302 xfs_alert(mp,
303"remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
304 bno, *offset, byte_cnt, ino);
305 return -EFSCORRUPTED;
306 }
307 hdr_size = sizeof(struct xfs_attr3_rmt_hdr);
308 }
309
310 memcpy(*dst, src + hdr_size, byte_cnt);
311
312 /* roll buffer forwards */
313 len -= blksize;
314 src += blksize;
315 bno += BTOBB(blksize);
316
317 /* roll attribute data forwards */
318 *valuelen -= byte_cnt;
319 *dst += byte_cnt;
320 *offset += byte_cnt;
321 }
322 return 0;
323}
324
325STATIC void
326xfs_attr_rmtval_copyin(
327 struct xfs_mount *mp,
328 struct xfs_buf *bp,
329 xfs_ino_t ino,
330 int *offset,
331 int *valuelen,
332 uint8_t **src)
333{
334 char *dst = bp->b_addr;
335 xfs_daddr_t bno = xfs_buf_daddr(bp);
336 int len = BBTOB(bp->b_length);
337 int blksize = mp->m_attr_geo->blksize;
338
339 ASSERT(len >= blksize);
340
341 while (len > 0 && *valuelen > 0) {
342 int hdr_size;
343 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
344
345 byte_cnt = min(*valuelen, byte_cnt);
346 hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset,
347 byte_cnt, bno);
348
349 memcpy(dst + hdr_size, *src, byte_cnt);
350
351 /*
352 * If this is the last block, zero the remainder of it.
353 * Check that we are actually the last block, too.
354 */
355 if (byte_cnt + hdr_size < blksize) {
356 ASSERT(*valuelen - byte_cnt == 0);
357 ASSERT(len == blksize);
358 memset(dst + hdr_size + byte_cnt, 0,
359 blksize - hdr_size - byte_cnt);
360 }
361
362 /* roll buffer forwards */
363 len -= blksize;
364 dst += blksize;
365 bno += BTOBB(blksize);
366
367 /* roll attribute data forwards */
368 *valuelen -= byte_cnt;
369 *src += byte_cnt;
370 *offset += byte_cnt;
371 }
372}
373
374/*
375 * Read the value associated with an attribute from the out-of-line buffer
376 * that we stored it in.
377 *
378 * Returns 0 on successful retrieval, otherwise an error.
379 */
380int
381xfs_attr_rmtval_get(
382 struct xfs_da_args *args)
383{
384 struct xfs_bmbt_irec map[ATTR_RMTVALUE_MAPSIZE];
385 struct xfs_mount *mp = args->dp->i_mount;
386 struct xfs_buf *bp;
387 xfs_dablk_t lblkno = args->rmtblkno;
388 uint8_t *dst = args->value;
389 int valuelen;
390 int nmap;
391 int error;
392 int blkcnt = args->rmtblkcnt;
393 int i;
394 int offset = 0;
395
396 trace_xfs_attr_rmtval_get(args);
397
398 ASSERT(args->valuelen != 0);
399 ASSERT(args->rmtvaluelen == args->valuelen);
400
401 valuelen = args->rmtvaluelen;
402 while (valuelen > 0) {
403 nmap = ATTR_RMTVALUE_MAPSIZE;
404 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
405 blkcnt, map, &nmap,
406 XFS_BMAPI_ATTRFORK);
407 if (error)
408 return error;
409 ASSERT(nmap >= 1);
410
411 for (i = 0; (i < nmap) && (valuelen > 0); i++) {
412 xfs_daddr_t dblkno;
413 int dblkcnt;
414
415 ASSERT((map[i].br_startblock != DELAYSTARTBLOCK) &&
416 (map[i].br_startblock != HOLESTARTBLOCK));
417 dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock);
418 dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount);
419 error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt,
420 0, &bp, &xfs_attr3_rmt_buf_ops);
421 if (error)
422 return error;
423
424 error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino,
425 &offset, &valuelen,
426 &dst);
427 xfs_buf_relse(bp);
428 if (error)
429 return error;
430
431 /* roll attribute extent map forwards */
432 lblkno += map[i].br_blockcount;
433 blkcnt -= map[i].br_blockcount;
434 }
435 }
436 ASSERT(valuelen == 0);
437 return 0;
438}
439
440/*
441 * Find a "hole" in the attribute address space large enough for us to drop the
442 * new attributes value into
443 */
444int
445xfs_attr_rmt_find_hole(
446 struct xfs_da_args *args)
447{
448 struct xfs_inode *dp = args->dp;
449 struct xfs_mount *mp = dp->i_mount;
450 int error;
451 int blkcnt;
452 xfs_fileoff_t lfileoff = 0;
453
454 /*
455 * Because CRC enable attributes have headers, we can't just do a
456 * straight byte to FSB conversion and have to take the header space
457 * into account.
458 */
459 blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen);
460 error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,
461 XFS_ATTR_FORK);
462 if (error)
463 return error;
464
465 args->rmtblkno = (xfs_dablk_t)lfileoff;
466 args->rmtblkcnt = blkcnt;
467
468 return 0;
469}
470
471int
472xfs_attr_rmtval_set_value(
473 struct xfs_da_args *args)
474{
475 struct xfs_inode *dp = args->dp;
476 struct xfs_mount *mp = dp->i_mount;
477 struct xfs_bmbt_irec map;
478 xfs_dablk_t lblkno;
479 uint8_t *src = args->value;
480 int blkcnt;
481 int valuelen;
482 int nmap;
483 int error;
484 int offset = 0;
485
486 /*
487 * Roll through the "value", copying the attribute value to the
488 * already-allocated blocks. Blocks are written synchronously
489 * so that we can know they are all on disk before we turn off
490 * the INCOMPLETE flag.
491 */
492 lblkno = args->rmtblkno;
493 blkcnt = args->rmtblkcnt;
494 valuelen = args->rmtvaluelen;
495 while (valuelen > 0) {
496 struct xfs_buf *bp;
497 xfs_daddr_t dblkno;
498 int dblkcnt;
499
500 ASSERT(blkcnt > 0);
501
502 nmap = 1;
503 error = xfs_bmapi_read(dp, (xfs_fileoff_t)lblkno,
504 blkcnt, &map, &nmap,
505 XFS_BMAPI_ATTRFORK);
506 if (error)
507 return error;
508 ASSERT(nmap == 1);
509 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
510 (map.br_startblock != HOLESTARTBLOCK));
511
512 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
513 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
514
515 error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp);
516 if (error)
517 return error;
518 bp->b_ops = &xfs_attr3_rmt_buf_ops;
519
520 xfs_attr_rmtval_copyin(mp, bp, args->dp->i_ino, &offset,
521 &valuelen, &src);
522
523 error = xfs_bwrite(bp); /* GROT: NOTE: synchronous write */
524 xfs_buf_relse(bp);
525 if (error)
526 return error;
527
528
529 /* roll attribute extent map forwards */
530 lblkno += map.br_blockcount;
531 blkcnt -= map.br_blockcount;
532 }
533 ASSERT(valuelen == 0);
534 return 0;
535}
536
537/* Mark stale any incore buffers for the remote value. */
538int
539xfs_attr_rmtval_stale(
540 struct xfs_inode *ip,
541 struct xfs_bmbt_irec *map,
542 xfs_buf_flags_t incore_flags)
543{
544 struct xfs_mount *mp = ip->i_mount;
545 struct xfs_buf *bp;
546 int error;
547
548 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
549
550 if (XFS_IS_CORRUPT(mp, map->br_startblock == DELAYSTARTBLOCK) ||
551 XFS_IS_CORRUPT(mp, map->br_startblock == HOLESTARTBLOCK))
552 return -EFSCORRUPTED;
553
554 error = xfs_buf_incore(mp->m_ddev_targp,
555 XFS_FSB_TO_DADDR(mp, map->br_startblock),
556 XFS_FSB_TO_BB(mp, map->br_blockcount),
557 incore_flags, &bp);
558 if (error) {
559 if (error == -ENOENT)
560 return 0;
561 return error;
562 }
563
564 xfs_buf_stale(bp);
565 xfs_buf_relse(bp);
566 return 0;
567}
568
569/*
570 * Find a hole for the attr and store it in the delayed attr context. This
571 * initializes the context to roll through allocating an attr extent for a
572 * delayed attr operation
573 */
574int
575xfs_attr_rmtval_find_space(
576 struct xfs_attr_intent *attr)
577{
578 struct xfs_da_args *args = attr->xattri_da_args;
579 struct xfs_bmbt_irec *map = &attr->xattri_map;
580 int error;
581
582 attr->xattri_lblkno = 0;
583 attr->xattri_blkcnt = 0;
584 args->rmtblkcnt = 0;
585 args->rmtblkno = 0;
586 memset(map, 0, sizeof(struct xfs_bmbt_irec));
587
588 error = xfs_attr_rmt_find_hole(args);
589 if (error)
590 return error;
591
592 attr->xattri_blkcnt = args->rmtblkcnt;
593 attr->xattri_lblkno = args->rmtblkno;
594
595 return 0;
596}
597
598/*
599 * Write one block of the value associated with an attribute into the
600 * out-of-line buffer that we have defined for it. This is similar to a subset
601 * of xfs_attr_rmtval_set, but records the current block to the delayed attr
602 * context, and leaves transaction handling to the caller.
603 */
604int
605xfs_attr_rmtval_set_blk(
606 struct xfs_attr_intent *attr)
607{
608 struct xfs_da_args *args = attr->xattri_da_args;
609 struct xfs_inode *dp = args->dp;
610 struct xfs_bmbt_irec *map = &attr->xattri_map;
611 int nmap;
612 int error;
613
614 nmap = 1;
615 error = xfs_bmapi_write(args->trans, dp,
616 (xfs_fileoff_t)attr->xattri_lblkno,
617 attr->xattri_blkcnt, XFS_BMAPI_ATTRFORK, args->total,
618 map, &nmap);
619 if (error)
620 return error;
621
622 ASSERT(nmap == 1);
623 ASSERT((map->br_startblock != DELAYSTARTBLOCK) &&
624 (map->br_startblock != HOLESTARTBLOCK));
625
626 /* roll attribute extent map forwards */
627 attr->xattri_lblkno += map->br_blockcount;
628 attr->xattri_blkcnt -= map->br_blockcount;
629
630 return 0;
631}
632
633/*
634 * Remove the value associated with an attribute by deleting the
635 * out-of-line buffer that it is stored on.
636 */
637int
638xfs_attr_rmtval_invalidate(
639 struct xfs_da_args *args)
640{
641 xfs_dablk_t lblkno;
642 int blkcnt;
643 int error;
644
645 /*
646 * Roll through the "value", invalidating the attribute value's blocks.
647 */
648 lblkno = args->rmtblkno;
649 blkcnt = args->rmtblkcnt;
650 while (blkcnt > 0) {
651 struct xfs_bmbt_irec map;
652 int nmap;
653
654 /*
655 * Try to remember where we decided to put the value.
656 */
657 nmap = 1;
658 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
659 blkcnt, &map, &nmap, XFS_BMAPI_ATTRFORK);
660 if (error)
661 return error;
662 if (XFS_IS_CORRUPT(args->dp->i_mount, nmap != 1))
663 return -EFSCORRUPTED;
664 error = xfs_attr_rmtval_stale(args->dp, &map, XBF_TRYLOCK);
665 if (error)
666 return error;
667
668 lblkno += map.br_blockcount;
669 blkcnt -= map.br_blockcount;
670 }
671 return 0;
672}
673
674/*
675 * Remove the value associated with an attribute by deleting the out-of-line
676 * buffer that it is stored on. Returns -EAGAIN for the caller to refresh the
677 * transaction and re-call the function. Callers should keep calling this
678 * routine until it returns something other than -EAGAIN.
679 */
680int
681xfs_attr_rmtval_remove(
682 struct xfs_attr_intent *attr)
683{
684 struct xfs_da_args *args = attr->xattri_da_args;
685 int error, done;
686
687 /*
688 * Unmap value blocks for this attr.
689 */
690 error = xfs_bunmapi(args->trans, args->dp, args->rmtblkno,
691 args->rmtblkcnt, XFS_BMAPI_ATTRFORK, 1, &done);
692 if (error)
693 return error;
694
695 /*
696 * We don't need an explicit state here to pick up where we left off. We
697 * can figure it out using the !done return code. The actual value of
698 * attr->xattri_dela_state may be some value reminiscent of the calling
699 * function, but it's value is irrelevant with in the context of this
700 * function. Once we are done here, the next state is set as needed by
701 * the parent
702 */
703 if (!done) {
704 trace_xfs_attr_rmtval_remove_return(attr->xattri_dela_state,
705 args->dp);
706 return -EAGAIN;
707 }
708
709 args->rmtblkno = 0;
710 args->rmtblkcnt = 0;
711 return 0;
712}
1/*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * Copyright (c) 2013 Red Hat, Inc.
4 * All Rights Reserved.
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it would be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 */
19#include "xfs.h"
20#include "xfs_fs.h"
21#include "xfs_shared.h"
22#include "xfs_format.h"
23#include "xfs_log_format.h"
24#include "xfs_trans_resv.h"
25#include "xfs_bit.h"
26#include "xfs_mount.h"
27#include "xfs_da_format.h"
28#include "xfs_da_btree.h"
29#include "xfs_inode.h"
30#include "xfs_alloc.h"
31#include "xfs_trans.h"
32#include "xfs_inode_item.h"
33#include "xfs_bmap.h"
34#include "xfs_bmap_util.h"
35#include "xfs_attr.h"
36#include "xfs_attr_leaf.h"
37#include "xfs_attr_remote.h"
38#include "xfs_trans_space.h"
39#include "xfs_trace.h"
40#include "xfs_cksum.h"
41#include "xfs_buf_item.h"
42#include "xfs_error.h"
43
44#define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */
45
46/*
47 * Each contiguous block has a header, so it is not just a simple attribute
48 * length to FSB conversion.
49 */
50int
51xfs_attr3_rmt_blocks(
52 struct xfs_mount *mp,
53 int attrlen)
54{
55 if (xfs_sb_version_hascrc(&mp->m_sb)) {
56 int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
57 return (attrlen + buflen - 1) / buflen;
58 }
59 return XFS_B_TO_FSB(mp, attrlen);
60}
61
62/*
63 * Checking of the remote attribute header is split into two parts. The verifier
64 * does CRC, location and bounds checking, the unpacking function checks the
65 * attribute parameters and owner.
66 */
67static bool
68xfs_attr3_rmt_hdr_ok(
69 void *ptr,
70 xfs_ino_t ino,
71 uint32_t offset,
72 uint32_t size,
73 xfs_daddr_t bno)
74{
75 struct xfs_attr3_rmt_hdr *rmt = ptr;
76
77 if (bno != be64_to_cpu(rmt->rm_blkno))
78 return false;
79 if (offset != be32_to_cpu(rmt->rm_offset))
80 return false;
81 if (size != be32_to_cpu(rmt->rm_bytes))
82 return false;
83 if (ino != be64_to_cpu(rmt->rm_owner))
84 return false;
85
86 /* ok */
87 return true;
88}
89
90static bool
91xfs_attr3_rmt_verify(
92 struct xfs_mount *mp,
93 void *ptr,
94 int fsbsize,
95 xfs_daddr_t bno)
96{
97 struct xfs_attr3_rmt_hdr *rmt = ptr;
98
99 if (!xfs_sb_version_hascrc(&mp->m_sb))
100 return false;
101 if (rmt->rm_magic != cpu_to_be32(XFS_ATTR3_RMT_MAGIC))
102 return false;
103 if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
104 return false;
105 if (be64_to_cpu(rmt->rm_blkno) != bno)
106 return false;
107 if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
108 return false;
109 if (be32_to_cpu(rmt->rm_offset) +
110 be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
111 return false;
112 if (rmt->rm_owner == 0)
113 return false;
114
115 return true;
116}
117
118static void
119xfs_attr3_rmt_read_verify(
120 struct xfs_buf *bp)
121{
122 struct xfs_mount *mp = bp->b_target->bt_mount;
123 char *ptr;
124 int len;
125 xfs_daddr_t bno;
126 int blksize = mp->m_attr_geo->blksize;
127
128 /* no verification of non-crc buffers */
129 if (!xfs_sb_version_hascrc(&mp->m_sb))
130 return;
131
132 ptr = bp->b_addr;
133 bno = bp->b_bn;
134 len = BBTOB(bp->b_length);
135 ASSERT(len >= blksize);
136
137 while (len > 0) {
138 if (!xfs_verify_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF)) {
139 xfs_buf_ioerror(bp, -EFSBADCRC);
140 break;
141 }
142 if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
143 xfs_buf_ioerror(bp, -EFSCORRUPTED);
144 break;
145 }
146 len -= blksize;
147 ptr += blksize;
148 bno += BTOBB(blksize);
149 }
150
151 if (bp->b_error)
152 xfs_verifier_error(bp);
153 else
154 ASSERT(len == 0);
155}
156
157static void
158xfs_attr3_rmt_write_verify(
159 struct xfs_buf *bp)
160{
161 struct xfs_mount *mp = bp->b_target->bt_mount;
162 int blksize = mp->m_attr_geo->blksize;
163 char *ptr;
164 int len;
165 xfs_daddr_t bno;
166
167 /* no verification of non-crc buffers */
168 if (!xfs_sb_version_hascrc(&mp->m_sb))
169 return;
170
171 ptr = bp->b_addr;
172 bno = bp->b_bn;
173 len = BBTOB(bp->b_length);
174 ASSERT(len >= blksize);
175
176 while (len > 0) {
177 struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
178
179 if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
180 xfs_buf_ioerror(bp, -EFSCORRUPTED);
181 xfs_verifier_error(bp);
182 return;
183 }
184
185 /*
186 * Ensure we aren't writing bogus LSNs to disk. See
187 * xfs_attr3_rmt_hdr_set() for the explanation.
188 */
189 if (rmt->rm_lsn != cpu_to_be64(NULLCOMMITLSN)) {
190 xfs_buf_ioerror(bp, -EFSCORRUPTED);
191 xfs_verifier_error(bp);
192 return;
193 }
194 xfs_update_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF);
195
196 len -= blksize;
197 ptr += blksize;
198 bno += BTOBB(blksize);
199 }
200 ASSERT(len == 0);
201}
202
203const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = {
204 .name = "xfs_attr3_rmt",
205 .verify_read = xfs_attr3_rmt_read_verify,
206 .verify_write = xfs_attr3_rmt_write_verify,
207};
208
209STATIC int
210xfs_attr3_rmt_hdr_set(
211 struct xfs_mount *mp,
212 void *ptr,
213 xfs_ino_t ino,
214 uint32_t offset,
215 uint32_t size,
216 xfs_daddr_t bno)
217{
218 struct xfs_attr3_rmt_hdr *rmt = ptr;
219
220 if (!xfs_sb_version_hascrc(&mp->m_sb))
221 return 0;
222
223 rmt->rm_magic = cpu_to_be32(XFS_ATTR3_RMT_MAGIC);
224 rmt->rm_offset = cpu_to_be32(offset);
225 rmt->rm_bytes = cpu_to_be32(size);
226 uuid_copy(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid);
227 rmt->rm_owner = cpu_to_be64(ino);
228 rmt->rm_blkno = cpu_to_be64(bno);
229
230 /*
231 * Remote attribute blocks are written synchronously, so we don't
232 * have an LSN that we can stamp in them that makes any sense to log
233 * recovery. To ensure that log recovery handles overwrites of these
234 * blocks sanely (i.e. once they've been freed and reallocated as some
235 * other type of metadata) we need to ensure that the LSN has a value
236 * that tells log recovery to ignore the LSN and overwrite the buffer
237 * with whatever is in it's log. To do this, we use the magic
238 * NULLCOMMITLSN to indicate that the LSN is invalid.
239 */
240 rmt->rm_lsn = cpu_to_be64(NULLCOMMITLSN);
241
242 return sizeof(struct xfs_attr3_rmt_hdr);
243}
244
245/*
246 * Helper functions to copy attribute data in and out of the one disk extents
247 */
248STATIC int
249xfs_attr_rmtval_copyout(
250 struct xfs_mount *mp,
251 struct xfs_buf *bp,
252 xfs_ino_t ino,
253 int *offset,
254 int *valuelen,
255 __uint8_t **dst)
256{
257 char *src = bp->b_addr;
258 xfs_daddr_t bno = bp->b_bn;
259 int len = BBTOB(bp->b_length);
260 int blksize = mp->m_attr_geo->blksize;
261
262 ASSERT(len >= blksize);
263
264 while (len > 0 && *valuelen > 0) {
265 int hdr_size = 0;
266 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
267
268 byte_cnt = min(*valuelen, byte_cnt);
269
270 if (xfs_sb_version_hascrc(&mp->m_sb)) {
271 if (!xfs_attr3_rmt_hdr_ok(src, ino, *offset,
272 byte_cnt, bno)) {
273 xfs_alert(mp,
274"remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
275 bno, *offset, byte_cnt, ino);
276 return -EFSCORRUPTED;
277 }
278 hdr_size = sizeof(struct xfs_attr3_rmt_hdr);
279 }
280
281 memcpy(*dst, src + hdr_size, byte_cnt);
282
283 /* roll buffer forwards */
284 len -= blksize;
285 src += blksize;
286 bno += BTOBB(blksize);
287
288 /* roll attribute data forwards */
289 *valuelen -= byte_cnt;
290 *dst += byte_cnt;
291 *offset += byte_cnt;
292 }
293 return 0;
294}
295
296STATIC void
297xfs_attr_rmtval_copyin(
298 struct xfs_mount *mp,
299 struct xfs_buf *bp,
300 xfs_ino_t ino,
301 int *offset,
302 int *valuelen,
303 __uint8_t **src)
304{
305 char *dst = bp->b_addr;
306 xfs_daddr_t bno = bp->b_bn;
307 int len = BBTOB(bp->b_length);
308 int blksize = mp->m_attr_geo->blksize;
309
310 ASSERT(len >= blksize);
311
312 while (len > 0 && *valuelen > 0) {
313 int hdr_size;
314 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
315
316 byte_cnt = min(*valuelen, byte_cnt);
317 hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset,
318 byte_cnt, bno);
319
320 memcpy(dst + hdr_size, *src, byte_cnt);
321
322 /*
323 * If this is the last block, zero the remainder of it.
324 * Check that we are actually the last block, too.
325 */
326 if (byte_cnt + hdr_size < blksize) {
327 ASSERT(*valuelen - byte_cnt == 0);
328 ASSERT(len == blksize);
329 memset(dst + hdr_size + byte_cnt, 0,
330 blksize - hdr_size - byte_cnt);
331 }
332
333 /* roll buffer forwards */
334 len -= blksize;
335 dst += blksize;
336 bno += BTOBB(blksize);
337
338 /* roll attribute data forwards */
339 *valuelen -= byte_cnt;
340 *src += byte_cnt;
341 *offset += byte_cnt;
342 }
343}
344
345/*
346 * Read the value associated with an attribute from the out-of-line buffer
347 * that we stored it in.
348 */
349int
350xfs_attr_rmtval_get(
351 struct xfs_da_args *args)
352{
353 struct xfs_bmbt_irec map[ATTR_RMTVALUE_MAPSIZE];
354 struct xfs_mount *mp = args->dp->i_mount;
355 struct xfs_buf *bp;
356 xfs_dablk_t lblkno = args->rmtblkno;
357 __uint8_t *dst = args->value;
358 int valuelen;
359 int nmap;
360 int error;
361 int blkcnt = args->rmtblkcnt;
362 int i;
363 int offset = 0;
364
365 trace_xfs_attr_rmtval_get(args);
366
367 ASSERT(!(args->flags & ATTR_KERNOVAL));
368 ASSERT(args->rmtvaluelen == args->valuelen);
369
370 valuelen = args->rmtvaluelen;
371 while (valuelen > 0) {
372 nmap = ATTR_RMTVALUE_MAPSIZE;
373 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
374 blkcnt, map, &nmap,
375 XFS_BMAPI_ATTRFORK);
376 if (error)
377 return error;
378 ASSERT(nmap >= 1);
379
380 for (i = 0; (i < nmap) && (valuelen > 0); i++) {
381 xfs_daddr_t dblkno;
382 int dblkcnt;
383
384 ASSERT((map[i].br_startblock != DELAYSTARTBLOCK) &&
385 (map[i].br_startblock != HOLESTARTBLOCK));
386 dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock);
387 dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount);
388 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
389 dblkno, dblkcnt, 0, &bp,
390 &xfs_attr3_rmt_buf_ops);
391 if (error)
392 return error;
393
394 error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino,
395 &offset, &valuelen,
396 &dst);
397 xfs_buf_relse(bp);
398 if (error)
399 return error;
400
401 /* roll attribute extent map forwards */
402 lblkno += map[i].br_blockcount;
403 blkcnt -= map[i].br_blockcount;
404 }
405 }
406 ASSERT(valuelen == 0);
407 return 0;
408}
409
410/*
411 * Write the value associated with an attribute into the out-of-line buffer
412 * that we have defined for it.
413 */
414int
415xfs_attr_rmtval_set(
416 struct xfs_da_args *args)
417{
418 struct xfs_inode *dp = args->dp;
419 struct xfs_mount *mp = dp->i_mount;
420 struct xfs_bmbt_irec map;
421 xfs_dablk_t lblkno;
422 xfs_fileoff_t lfileoff = 0;
423 __uint8_t *src = args->value;
424 int blkcnt;
425 int valuelen;
426 int nmap;
427 int error;
428 int offset = 0;
429
430 trace_xfs_attr_rmtval_set(args);
431
432 /*
433 * Find a "hole" in the attribute address space large enough for
434 * us to drop the new attribute's value into. Because CRC enable
435 * attributes have headers, we can't just do a straight byte to FSB
436 * conversion and have to take the header space into account.
437 */
438 blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen);
439 error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,
440 XFS_ATTR_FORK);
441 if (error)
442 return error;
443
444 args->rmtblkno = lblkno = (xfs_dablk_t)lfileoff;
445 args->rmtblkcnt = blkcnt;
446
447 /*
448 * Roll through the "value", allocating blocks on disk as required.
449 */
450 while (blkcnt > 0) {
451 /*
452 * Allocate a single extent, up to the size of the value.
453 *
454 * Note that we have to consider this a data allocation as we
455 * write the remote attribute without logging the contents.
456 * Hence we must ensure that we aren't using blocks that are on
457 * the busy list so that we don't overwrite blocks which have
458 * recently been freed but their transactions are not yet
459 * committed to disk. If we overwrite the contents of a busy
460 * extent and then crash then the block may not contain the
461 * correct metadata after log recovery occurs.
462 */
463 xfs_bmap_init(args->flist, args->firstblock);
464 nmap = 1;
465 error = xfs_bmapi_write(args->trans, dp, (xfs_fileoff_t)lblkno,
466 blkcnt, XFS_BMAPI_ATTRFORK, args->firstblock,
467 args->total, &map, &nmap, args->flist);
468 if (!error)
469 error = xfs_bmap_finish(&args->trans, args->flist, dp);
470 if (error) {
471 args->trans = NULL;
472 xfs_bmap_cancel(args->flist);
473 return error;
474 }
475
476 ASSERT(nmap == 1);
477 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
478 (map.br_startblock != HOLESTARTBLOCK));
479 lblkno += map.br_blockcount;
480 blkcnt -= map.br_blockcount;
481
482 /*
483 * Start the next trans in the chain.
484 */
485 error = xfs_trans_roll(&args->trans, dp);
486 if (error)
487 return error;
488 }
489
490 /*
491 * Roll through the "value", copying the attribute value to the
492 * already-allocated blocks. Blocks are written synchronously
493 * so that we can know they are all on disk before we turn off
494 * the INCOMPLETE flag.
495 */
496 lblkno = args->rmtblkno;
497 blkcnt = args->rmtblkcnt;
498 valuelen = args->rmtvaluelen;
499 while (valuelen > 0) {
500 struct xfs_buf *bp;
501 xfs_daddr_t dblkno;
502 int dblkcnt;
503
504 ASSERT(blkcnt > 0);
505
506 xfs_bmap_init(args->flist, args->firstblock);
507 nmap = 1;
508 error = xfs_bmapi_read(dp, (xfs_fileoff_t)lblkno,
509 blkcnt, &map, &nmap,
510 XFS_BMAPI_ATTRFORK);
511 if (error)
512 return error;
513 ASSERT(nmap == 1);
514 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
515 (map.br_startblock != HOLESTARTBLOCK));
516
517 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
518 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
519
520 bp = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0);
521 if (!bp)
522 return -ENOMEM;
523 bp->b_ops = &xfs_attr3_rmt_buf_ops;
524
525 xfs_attr_rmtval_copyin(mp, bp, args->dp->i_ino, &offset,
526 &valuelen, &src);
527
528 error = xfs_bwrite(bp); /* GROT: NOTE: synchronous write */
529 xfs_buf_relse(bp);
530 if (error)
531 return error;
532
533
534 /* roll attribute extent map forwards */
535 lblkno += map.br_blockcount;
536 blkcnt -= map.br_blockcount;
537 }
538 ASSERT(valuelen == 0);
539 return 0;
540}
541
542/*
543 * Remove the value associated with an attribute by deleting the
544 * out-of-line buffer that it is stored on.
545 */
546int
547xfs_attr_rmtval_remove(
548 struct xfs_da_args *args)
549{
550 struct xfs_mount *mp = args->dp->i_mount;
551 xfs_dablk_t lblkno;
552 int blkcnt;
553 int error;
554 int done;
555
556 trace_xfs_attr_rmtval_remove(args);
557
558 /*
559 * Roll through the "value", invalidating the attribute value's blocks.
560 */
561 lblkno = args->rmtblkno;
562 blkcnt = args->rmtblkcnt;
563 while (blkcnt > 0) {
564 struct xfs_bmbt_irec map;
565 struct xfs_buf *bp;
566 xfs_daddr_t dblkno;
567 int dblkcnt;
568 int nmap;
569
570 /*
571 * Try to remember where we decided to put the value.
572 */
573 nmap = 1;
574 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
575 blkcnt, &map, &nmap, XFS_BMAPI_ATTRFORK);
576 if (error)
577 return error;
578 ASSERT(nmap == 1);
579 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
580 (map.br_startblock != HOLESTARTBLOCK));
581
582 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
583 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
584
585 /*
586 * If the "remote" value is in the cache, remove it.
587 */
588 bp = xfs_incore(mp->m_ddev_targp, dblkno, dblkcnt, XBF_TRYLOCK);
589 if (bp) {
590 xfs_buf_stale(bp);
591 xfs_buf_relse(bp);
592 bp = NULL;
593 }
594
595 lblkno += map.br_blockcount;
596 blkcnt -= map.br_blockcount;
597 }
598
599 /*
600 * Keep de-allocating extents until the remote-value region is gone.
601 */
602 lblkno = args->rmtblkno;
603 blkcnt = args->rmtblkcnt;
604 done = 0;
605 while (!done) {
606 xfs_bmap_init(args->flist, args->firstblock);
607 error = xfs_bunmapi(args->trans, args->dp, lblkno, blkcnt,
608 XFS_BMAPI_ATTRFORK, 1, args->firstblock,
609 args->flist, &done);
610 if (!error)
611 error = xfs_bmap_finish(&args->trans, args->flist,
612 args->dp);
613 if (error) {
614 args->trans = NULL;
615 xfs_bmap_cancel(args->flist);
616 return error;
617 }
618
619 /*
620 * Close out trans and start the next one in the chain.
621 */
622 error = xfs_trans_roll(&args->trans, args->dp);
623 if (error)
624 return error;
625 }
626 return 0;
627}