1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/fs.h> 3 #include <linux/random.h> 4 #include <linux/buffer_head.h> 5 #include <linux/utsname.h> 6 #include <linux/kthread.h> 7 8 #include "ext4.h" 9 10 /* Checksumming functions */ 11 static __le32 ext4_mmp_csum(struct super_block *sb, struct mmp_struct *mmp) 12 { 13 struct ext4_sb_info *sbi = EXT4_SB(sb); 14 int offset = offsetof(struct mmp_struct, mmp_checksum); 15 __u32 csum; 16 17 csum = ext4_chksum(sbi->s_csum_seed, (char *)mmp, offset); 18 19 return cpu_to_le32(csum); 20 } 21 22 static int ext4_mmp_csum_verify(struct super_block *sb, struct mmp_struct *mmp) 23 { 24 if (!ext4_has_feature_metadata_csum(sb)) 25 return 1; 26 27 return mmp->mmp_checksum == ext4_mmp_csum(sb, mmp); 28 } 29 30 static void ext4_mmp_csum_set(struct super_block *sb, struct mmp_struct *mmp) 31 { 32 if (!ext4_has_feature_metadata_csum(sb)) 33 return; 34 35 mmp->mmp_checksum = ext4_mmp_csum(sb, mmp); 36 } 37 38 /* 39 * Write the MMP block using REQ_SYNC to try to get the block on-disk 40 * faster. 41 */ 42 static int write_mmp_block_thawed(struct super_block *sb, 43 struct buffer_head *bh) 44 { 45 struct mmp_struct *mmp = (struct mmp_struct *)(bh->b_data); 46 47 ext4_mmp_csum_set(sb, mmp); 48 lock_buffer(bh); 49 bh_submit(bh, REQ_OP_WRITE | REQ_SYNC | REQ_META | REQ_PRIO, 50 bh_end_write); 51 wait_on_buffer(bh); 52 if (unlikely(!buffer_uptodate(bh))) 53 return -EIO; 54 return 0; 55 } 56 57 static int write_mmp_block(struct super_block *sb, struct buffer_head *bh) 58 { 59 /* 60 * We protect against freezing so that we don't create dirty buffers 61 * on frozen filesystem. 62 */ 63 scoped_guard(super_write, sb) 64 return write_mmp_block_thawed(sb, bh); 65 } 66 67 /* 68 * Read the MMP block. It _must_ be read from disk and hence we clear the 69 * uptodate flag on the buffer. 70 */ 71 static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, 72 ext4_fsblk_t mmp_block) 73 { 74 struct mmp_struct *mmp; 75 int ret; 76 77 if (*bh) 78 clear_buffer_uptodate(*bh); 79 80 /* This would be sb_bread(sb, mmp_block), except we need to be sure 81 * that the MD RAID device cache has been bypassed, and that the read 82 * is not blocked in the elevator. */ 83 if (!*bh) { 84 *bh = sb_getblk(sb, mmp_block); 85 if (!*bh) { 86 ret = -ENOMEM; 87 goto warn_exit; 88 } 89 } 90 91 lock_buffer(*bh); 92 ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL, false); 93 if (ret) 94 goto warn_exit; 95 96 mmp = (struct mmp_struct *)((*bh)->b_data); 97 if (le32_to_cpu(mmp->mmp_magic) != EXT4_MMP_MAGIC) { 98 ret = -EFSCORRUPTED; 99 goto warn_exit; 100 } 101 if (!ext4_mmp_csum_verify(sb, mmp)) { 102 ret = -EFSBADCRC; 103 goto warn_exit; 104 } 105 return 0; 106 warn_exit: 107 brelse(*bh); 108 *bh = NULL; 109 ext4_warning(sb, "Error %d while reading MMP block %llu", 110 ret, mmp_block); 111 return ret; 112 } 113 114 /* 115 * Dump as much information as possible to help the admin. 116 */ 117 void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, 118 const char *function, unsigned int line, const char *msg) 119 { 120 __ext4_warning(sb, function, line, "%s", msg); 121 __ext4_warning(sb, function, line, 122 "MMP failure info: last update time: %llu, last update node: %.*s, last update device: %.*s", 123 (unsigned long long)le64_to_cpu(mmp->mmp_time), 124 (int)sizeof(mmp->mmp_nodename), mmp->mmp_nodename, 125 (int)sizeof(mmp->mmp_bdevname), mmp->mmp_bdevname); 126 } 127 128 /* 129 * kmmpd will update the MMP sequence every s_mmp_update_interval seconds 130 */ 131 static int kmmpd(void *data) 132 { 133 struct super_block *sb = data; 134 struct ext4_super_block *es = EXT4_SB(sb)->s_es; 135 struct buffer_head *bh = EXT4_SB(sb)->s_mmp_bh; 136 struct mmp_struct *mmp; 137 ext4_fsblk_t mmp_block; 138 u32 seq = 0; 139 unsigned long failed_writes = 0; 140 int mmp_update_interval = le16_to_cpu(es->s_mmp_update_interval); 141 unsigned mmp_check_interval; 142 unsigned long last_update_time; 143 unsigned long diff; 144 int retval = 0; 145 146 mmp_block = le64_to_cpu(es->s_mmp_block); 147 mmp = (struct mmp_struct *)(bh->b_data); 148 mmp->mmp_time = cpu_to_le64(ktime_get_real_seconds()); 149 /* 150 * Start with the higher mmp_check_interval and reduce it if 151 * the MMP block is being updated on time. 152 */ 153 mmp_check_interval = max(EXT4_MMP_CHECK_MULT * mmp_update_interval, 154 EXT4_MMP_MIN_CHECK_INTERVAL); 155 mmp->mmp_check_interval = cpu_to_le16(mmp_check_interval); 156 157 memcpy(mmp->mmp_nodename, init_utsname()->nodename, 158 sizeof(mmp->mmp_nodename)); 159 160 while (!kthread_should_stop() && !ext4_emergency_state(sb)) { 161 if (!ext4_has_feature_mmp(sb)) { 162 ext4_warning(sb, "kmmpd being stopped since MMP feature" 163 " has been disabled."); 164 goto wait_to_exit; 165 } 166 if (++seq > EXT4_MMP_SEQ_MAX) 167 seq = 1; 168 169 mmp->mmp_seq = cpu_to_le32(seq); 170 mmp->mmp_time = cpu_to_le64(ktime_get_real_seconds()); 171 last_update_time = jiffies; 172 173 retval = write_mmp_block(sb, bh); 174 /* 175 * Don't spew too many error messages. Print one every 176 * (s_mmp_update_interval * 60) seconds. 177 */ 178 if (retval) { 179 if ((failed_writes % 60) == 0) { 180 ext4_error_err(sb, -retval, 181 "Error writing to MMP block"); 182 } 183 failed_writes++; 184 } 185 186 diff = jiffies - last_update_time; 187 if (diff < mmp_update_interval * HZ) 188 schedule_timeout_interruptible(mmp_update_interval * 189 HZ - diff); 190 191 /* 192 * We need to make sure that more than mmp_check_interval 193 * seconds have not passed since writing. If that has happened 194 * we need to check if the MMP block is as we left it. 195 */ 196 diff = jiffies - last_update_time; 197 if (diff > mmp_check_interval * HZ) { 198 struct buffer_head *bh_check = NULL; 199 struct mmp_struct *mmp_check; 200 201 retval = read_mmp_block(sb, &bh_check, mmp_block); 202 if (retval) { 203 ext4_error_err(sb, -retval, 204 "error reading MMP data: %d", 205 retval); 206 goto wait_to_exit; 207 } 208 209 mmp_check = (struct mmp_struct *)(bh_check->b_data); 210 if (mmp->mmp_seq != mmp_check->mmp_seq || 211 memcmp(mmp->mmp_nodename, mmp_check->mmp_nodename, 212 sizeof(mmp->mmp_nodename))) { 213 dump_mmp_msg(sb, mmp_check, 214 "Error while updating MMP info. " 215 "The filesystem seems to have been" 216 " multiply mounted."); 217 ext4_error_err(sb, EBUSY, "abort"); 218 put_bh(bh_check); 219 retval = -EBUSY; 220 goto wait_to_exit; 221 } 222 put_bh(bh_check); 223 } 224 225 /* 226 * Adjust the mmp_check_interval depending on how much time 227 * it took for the MMP block to be written. 228 */ 229 mmp_check_interval = clamp(EXT4_MMP_CHECK_MULT * diff / HZ, 230 EXT4_MMP_MIN_CHECK_INTERVAL, 231 EXT4_MMP_MAX_CHECK_INTERVAL); 232 mmp->mmp_check_interval = cpu_to_le16(mmp_check_interval); 233 } 234 235 /* 236 * Unmount seems to be clean. 237 */ 238 mmp->mmp_seq = cpu_to_le32(EXT4_MMP_SEQ_CLEAN); 239 mmp->mmp_time = cpu_to_le64(ktime_get_real_seconds()); 240 241 retval = write_mmp_block(sb, bh); 242 243 wait_to_exit: 244 while (!kthread_should_stop()) { 245 set_current_state(TASK_INTERRUPTIBLE); 246 if (!kthread_should_stop()) 247 schedule(); 248 } 249 set_current_state(TASK_RUNNING); 250 return retval; 251 } 252 253 void ext4_stop_mmpd(struct ext4_sb_info *sbi) 254 { 255 if (sbi->s_mmp_tsk) { 256 kthread_stop(sbi->s_mmp_tsk); 257 brelse(sbi->s_mmp_bh); 258 sbi->s_mmp_tsk = NULL; 259 } 260 } 261 262 /* 263 * Get a random new sequence number but make sure it is not greater than 264 * EXT4_MMP_SEQ_MAX. 265 */ 266 static unsigned int mmp_new_seq(void) 267 { 268 return get_random_u32_below(EXT4_MMP_SEQ_MAX + 1); 269 } 270 271 /* 272 * Protect the filesystem from being mounted more than once. 273 */ 274 int ext4_multi_mount_protect(struct super_block *sb, 275 ext4_fsblk_t mmp_block) 276 { 277 struct ext4_super_block *es = EXT4_SB(sb)->s_es; 278 struct buffer_head *bh = NULL; 279 struct mmp_struct *mmp = NULL; 280 u32 seq; 281 unsigned int mmp_check_interval = le16_to_cpu(es->s_mmp_update_interval); 282 unsigned int wait_time = 0; 283 int retval; 284 285 if (mmp_block < le32_to_cpu(es->s_first_data_block) || 286 mmp_block >= ext4_blocks_count(es)) { 287 ext4_warning(sb, "Invalid MMP block in superblock"); 288 retval = -EINVAL; 289 goto failed; 290 } 291 292 retval = read_mmp_block(sb, &bh, mmp_block); 293 if (retval) 294 goto failed; 295 296 mmp = (struct mmp_struct *)(bh->b_data); 297 298 if (mmp_check_interval < EXT4_MMP_MIN_CHECK_INTERVAL) 299 mmp_check_interval = EXT4_MMP_MIN_CHECK_INTERVAL; 300 301 /* 302 * If check_interval in MMP block is larger, use that instead of 303 * update_interval from the superblock. 304 */ 305 if (le16_to_cpu(mmp->mmp_check_interval) > mmp_check_interval) 306 mmp_check_interval = le16_to_cpu(mmp->mmp_check_interval); 307 308 seq = le32_to_cpu(mmp->mmp_seq); 309 if (seq == EXT4_MMP_SEQ_CLEAN) 310 goto skip; 311 312 if (seq == EXT4_MMP_SEQ_FSCK) { 313 dump_mmp_msg(sb, mmp, "fsck is running on the filesystem"); 314 retval = -EBUSY; 315 goto failed; 316 } 317 318 wait_time = min(mmp_check_interval * 2 + 1, 319 mmp_check_interval + 60); 320 321 /* Print MMP interval if more than 20 secs. */ 322 if (wait_time > EXT4_MMP_MIN_CHECK_INTERVAL * 4) 323 ext4_warning(sb, "MMP interval %u higher than expected, please" 324 " wait.\n", wait_time * 2); 325 326 if (schedule_timeout_interruptible(HZ * wait_time) != 0) { 327 ext4_warning(sb, "MMP startup interrupted, failing mount\n"); 328 retval = -ETIMEDOUT; 329 goto failed; 330 } 331 332 retval = read_mmp_block(sb, &bh, mmp_block); 333 if (retval) 334 goto failed; 335 mmp = (struct mmp_struct *)(bh->b_data); 336 if (seq != le32_to_cpu(mmp->mmp_seq)) { 337 dump_mmp_msg(sb, mmp, 338 "Device is already active on another node."); 339 retval = -EBUSY; 340 goto failed; 341 } 342 343 skip: 344 /* 345 * write a new random sequence number. 346 */ 347 seq = mmp_new_seq(); 348 mmp->mmp_seq = cpu_to_le32(seq); 349 350 /* 351 * On mount / remount we are protected against fs freezing (by s_umount 352 * semaphore) and grabbing freeze protection upsets lockdep 353 */ 354 retval = write_mmp_block_thawed(sb, bh); 355 if (retval) 356 goto failed; 357 358 /* 359 * wait for MMP interval and check mmp_seq. 360 */ 361 if (schedule_timeout_interruptible(HZ * wait_time) != 0) { 362 ext4_warning(sb, "MMP startup interrupted, failing mount"); 363 retval = -ETIMEDOUT; 364 goto failed; 365 } 366 367 retval = read_mmp_block(sb, &bh, mmp_block); 368 if (retval) 369 goto failed; 370 mmp = (struct mmp_struct *)(bh->b_data); 371 if (seq != le32_to_cpu(mmp->mmp_seq)) { 372 dump_mmp_msg(sb, mmp, 373 "Device is already active on another node."); 374 retval = -EBUSY; 375 goto failed; 376 } 377 378 EXT4_SB(sb)->s_mmp_bh = bh; 379 380 BUILD_BUG_ON(sizeof(mmp->mmp_bdevname) < BDEVNAME_SIZE); 381 snprintf(mmp->mmp_bdevname, sizeof(mmp->mmp_bdevname), 382 "%pg", bh->b_bdev); 383 384 /* 385 * Start a kernel thread to update the MMP block periodically. 386 */ 387 EXT4_SB(sb)->s_mmp_tsk = kthread_run(kmmpd, sb, "kmmpd-%.*s", 388 (int)sizeof(mmp->mmp_bdevname), 389 mmp->mmp_bdevname); 390 if (IS_ERR(EXT4_SB(sb)->s_mmp_tsk)) { 391 EXT4_SB(sb)->s_mmp_tsk = NULL; 392 ext4_warning(sb, "Unable to create kmmpd thread for %s.", 393 sb->s_id); 394 retval = -ENOMEM; 395 goto failed; 396 } 397 398 return 0; 399 400 failed: 401 brelse(bh); 402 return retval; 403 } 404