1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/block_validity.c 4 * 5 * Copyright (C) 2009 6 * Theodore Ts'o (tytso@mit.edu) 7 * 8 * Track which blocks in the filesystem are metadata blocks that 9 * should never be used as data blocks by files or directories. 10 */ 11 12 #include <linux/time.h> 13 #include <linux/fs.h> 14 #include <linux/namei.h> 15 #include <linux/quotaops.h> 16 #include <linux/buffer_head.h> 17 #include <linux/swap.h> 18 #include <linux/pagemap.h> 19 #include <linux/blkdev.h> 20 #include <linux/slab.h> 21 #include "ext4.h" 22 23 struct ext4_system_zone { 24 struct rb_node node; 25 ext4_fsblk_t start_blk; 26 unsigned int count; 27 }; 28 29 static struct kmem_cache *ext4_system_zone_cachep; 30 31 int __init ext4_init_system_zone(void) 32 { 33 ext4_system_zone_cachep = KMEM_CACHE(ext4_system_zone, 0); 34 if (ext4_system_zone_cachep == NULL) 35 return -ENOMEM; 36 return 0; 37 } 38 39 void ext4_exit_system_zone(void) 40 { 41 kmem_cache_destroy(ext4_system_zone_cachep); 42 } 43 44 static inline int can_merge(struct ext4_system_zone *entry1, 45 struct ext4_system_zone *entry2) 46 { 47 if ((entry1->start_blk + entry1->count) == entry2->start_blk) 48 return 1; 49 return 0; 50 } 51 52 /* 53 * Mark a range of blocks as belonging to the "system zone" --- that 54 * is, filesystem metadata blocks which should never be used by 55 * inodes. 56 */ 57 static int add_system_zone(struct ext4_sb_info *sbi, 58 ext4_fsblk_t start_blk, 59 unsigned int count) 60 { 61 struct ext4_system_zone *new_entry = NULL, *entry; 62 struct rb_node **n = &sbi->system_blks.rb_node, *node; 63 struct rb_node *parent = NULL, *new_node = NULL; 64 65 while (*n) { 66 parent = *n; 67 entry = rb_entry(parent, struct ext4_system_zone, node); 68 if (start_blk < entry->start_blk) 69 n = &(*n)->rb_left; 70 else if (start_blk >= (entry->start_blk + entry->count)) 71 n = &(*n)->rb_right; 72 else { 73 if (start_blk + count > (entry->start_blk + 74 entry->count)) 75 entry->count = (start_blk + count - 76 entry->start_blk); 77 new_node = *n; 78 new_entry = rb_entry(new_node, struct ext4_system_zone, 79 node); 80 break; 81 } 82 } 83 84 if (!new_entry) { 85 new_entry = kmem_cache_alloc(ext4_system_zone_cachep, 86 GFP_KERNEL); 87 if (!new_entry) 88 return -ENOMEM; 89 new_entry->start_blk = start_blk; 90 new_entry->count = count; 91 new_node = &new_entry->node; 92 93 rb_link_node(new_node, parent, n); 94 rb_insert_color(new_node, &sbi->system_blks); 95 } 96 97 /* Can we merge to the left? */ 98 node = rb_prev(new_node); 99 if (node) { 100 entry = rb_entry(node, struct ext4_system_zone, node); 101 if (can_merge(entry, new_entry)) { 102 new_entry->start_blk = entry->start_blk; 103 new_entry->count += entry->count; 104 rb_erase(node, &sbi->system_blks); 105 kmem_cache_free(ext4_system_zone_cachep, entry); 106 } 107 } 108 109 /* Can we merge to the right? */ 110 node = rb_next(new_node); 111 if (node) { 112 entry = rb_entry(node, struct ext4_system_zone, node); 113 if (can_merge(new_entry, entry)) { 114 new_entry->count += entry->count; 115 rb_erase(node, &sbi->system_blks); 116 kmem_cache_free(ext4_system_zone_cachep, entry); 117 } 118 } 119 return 0; 120 } 121 122 static void debug_print_tree(struct ext4_sb_info *sbi) 123 { 124 struct rb_node *node; 125 struct ext4_system_zone *entry; 126 int first = 1; 127 128 printk(KERN_INFO "System zones: "); 129 node = rb_first(&sbi->system_blks); 130 while (node) { 131 entry = rb_entry(node, struct ext4_system_zone, node); 132 printk(KERN_CONT "%s%llu-%llu", first ? "" : ", ", 133 entry->start_blk, entry->start_blk + entry->count - 1); 134 first = 0; 135 node = rb_next(node); 136 } 137 printk(KERN_CONT "\n"); 138 } 139 140 static int ext4_protect_reserved_inode(struct super_block *sb, u32 ino) 141 { 142 struct inode *inode; 143 struct ext4_sb_info *sbi = EXT4_SB(sb); 144 struct ext4_map_blocks map; 145 u32 i = 0, num; 146 int err = 0, n; 147 148 if ((ino < EXT4_ROOT_INO) || 149 (ino > le32_to_cpu(sbi->s_es->s_inodes_count))) 150 return -EINVAL; 151 inode = ext4_iget(sb, ino, EXT4_IGET_SPECIAL); 152 if (IS_ERR(inode)) 153 return PTR_ERR(inode); 154 num = (inode->i_size + sb->s_blocksize - 1) >> sb->s_blocksize_bits; 155 while (i < num) { 156 map.m_lblk = i; 157 map.m_len = num - i; 158 n = ext4_map_blocks(NULL, inode, &map, 0); 159 if (n < 0) { 160 err = n; 161 break; 162 } 163 if (n == 0) { 164 i++; 165 } else { 166 if (!ext4_data_block_valid(sbi, map.m_pblk, n)) { 167 ext4_error(sb, "blocks %llu-%llu from inode %u " 168 "overlap system zone", map.m_pblk, 169 map.m_pblk + map.m_len - 1, ino); 170 err = -EFSCORRUPTED; 171 break; 172 } 173 err = add_system_zone(sbi, map.m_pblk, n); 174 if (err < 0) 175 break; 176 i += n; 177 } 178 } 179 iput(inode); 180 return err; 181 } 182 183 int ext4_setup_system_zone(struct super_block *sb) 184 { 185 ext4_group_t ngroups = ext4_get_groups_count(sb); 186 struct ext4_sb_info *sbi = EXT4_SB(sb); 187 struct ext4_group_desc *gdp; 188 ext4_group_t i; 189 int flex_size = ext4_flex_bg_size(sbi); 190 int ret; 191 192 if (!test_opt(sb, BLOCK_VALIDITY)) { 193 if (sbi->system_blks.rb_node) 194 ext4_release_system_zone(sb); 195 return 0; 196 } 197 if (sbi->system_blks.rb_node) 198 return 0; 199 200 for (i=0; i < ngroups; i++) { 201 cond_resched(); 202 if (ext4_bg_has_super(sb, i) && 203 ((i < 5) || ((i % flex_size) == 0))) 204 add_system_zone(sbi, ext4_group_first_block_no(sb, i), 205 ext4_bg_num_gdb(sb, i) + 1); 206 gdp = ext4_get_group_desc(sb, i, NULL); 207 ret = add_system_zone(sbi, ext4_block_bitmap(sb, gdp), 1); 208 if (ret) 209 return ret; 210 ret = add_system_zone(sbi, ext4_inode_bitmap(sb, gdp), 1); 211 if (ret) 212 return ret; 213 ret = add_system_zone(sbi, ext4_inode_table(sb, gdp), 214 sbi->s_itb_per_group); 215 if (ret) 216 return ret; 217 } 218 if (ext4_has_feature_journal(sb) && sbi->s_es->s_journal_inum) { 219 ret = ext4_protect_reserved_inode(sb, 220 le32_to_cpu(sbi->s_es->s_journal_inum)); 221 if (ret) 222 return ret; 223 } 224 225 if (test_opt(sb, DEBUG)) 226 debug_print_tree(sbi); 227 return 0; 228 } 229 230 /* Called when the filesystem is unmounted */ 231 void ext4_release_system_zone(struct super_block *sb) 232 { 233 struct ext4_system_zone *entry, *n; 234 235 rbtree_postorder_for_each_entry_safe(entry, n, 236 &EXT4_SB(sb)->system_blks, node) 237 kmem_cache_free(ext4_system_zone_cachep, entry); 238 239 EXT4_SB(sb)->system_blks = RB_ROOT; 240 } 241 242 /* 243 * Returns 1 if the passed-in block region (start_blk, 244 * start_blk+count) is valid; 0 if some part of the block region 245 * overlaps with filesystem metadata blocks. 246 */ 247 int ext4_data_block_valid(struct ext4_sb_info *sbi, ext4_fsblk_t start_blk, 248 unsigned int count) 249 { 250 struct ext4_system_zone *entry; 251 struct rb_node *n = sbi->system_blks.rb_node; 252 253 if ((start_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || 254 (start_blk + count < start_blk) || 255 (start_blk + count > ext4_blocks_count(sbi->s_es))) { 256 sbi->s_es->s_last_error_block = cpu_to_le64(start_blk); 257 return 0; 258 } 259 while (n) { 260 entry = rb_entry(n, struct ext4_system_zone, node); 261 if (start_blk + count - 1 < entry->start_blk) 262 n = n->rb_left; 263 else if (start_blk >= (entry->start_blk + entry->count)) 264 n = n->rb_right; 265 else { 266 sbi->s_es->s_last_error_block = cpu_to_le64(start_blk); 267 return 0; 268 } 269 } 270 return 1; 271 } 272 273 int ext4_check_blockref(const char *function, unsigned int line, 274 struct inode *inode, __le32 *p, unsigned int max) 275 { 276 struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es; 277 __le32 *bref = p; 278 unsigned int blk; 279 280 if (ext4_has_feature_journal(inode->i_sb) && 281 (inode->i_ino == 282 le32_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_journal_inum))) 283 return 0; 284 285 while (bref < p+max) { 286 blk = le32_to_cpu(*bref++); 287 if (blk && 288 unlikely(!ext4_data_block_valid(EXT4_SB(inode->i_sb), 289 blk, 1))) { 290 es->s_last_error_block = cpu_to_le64(blk); 291 ext4_error_inode(inode, function, line, blk, 292 "invalid block"); 293 return -EFSCORRUPTED; 294 } 295 } 296 return 0; 297 } 298 299