1 // SPDX-License-Identifier: GPL-2.0-only 2 /* -*- mode: c; c-basic-offset: 8; -*- 3 * vim: noexpandtab sw=8 ts=8 sts=0: 4 * 5 * blockcheck.c 6 * 7 * Checksum and ECC codes for the OCFS2 userspace library. 8 * 9 * Copyright (C) 2006, 2008 Oracle. All rights reserved. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/types.h> 14 #include <linux/crc32.h> 15 #include <linux/buffer_head.h> 16 #include <linux/bitops.h> 17 #include <linux/debugfs.h> 18 #include <linux/module.h> 19 #include <linux/fs.h> 20 #include <asm/byteorder.h> 21 22 #include <cluster/masklog.h> 23 24 #include "ocfs2.h" 25 26 #include "blockcheck.h" 27 28 29 /* 30 * We use the following conventions: 31 * 32 * d = # data bits 33 * p = # parity bits 34 * c = # total code bits (d + p) 35 */ 36 37 38 /* 39 * Calculate the bit offset in the hamming code buffer based on the bit's 40 * offset in the data buffer. Since the hamming code reserves all 41 * power-of-two bits for parity, the data bit number and the code bit 42 * number are offset by all the parity bits beforehand. 43 * 44 * Recall that bit numbers in hamming code are 1-based. This function 45 * takes the 0-based data bit from the caller. 46 * 47 * An example. Take bit 1 of the data buffer. 1 is a power of two (2^0), 48 * so it's a parity bit. 2 is a power of two (2^1), so it's a parity bit. 49 * 3 is not a power of two. So bit 1 of the data buffer ends up as bit 3 50 * in the code buffer. 51 * 52 * The caller can pass in *p if it wants to keep track of the most recent 53 * number of parity bits added. This allows the function to start the 54 * calculation at the last place. 55 */ 56 static unsigned int calc_code_bit(unsigned int i, unsigned int *p_cache) 57 { 58 unsigned int b, p = 0; 59 60 /* 61 * Data bits are 0-based, but we're talking code bits, which 62 * are 1-based. 63 */ 64 b = i + 1; 65 66 /* Use the cache if it is there */ 67 if (p_cache) 68 p = *p_cache; 69 b += p; 70 71 /* 72 * For every power of two below our bit number, bump our bit. 73 * 74 * We compare with (b + 1) because we have to compare with what b 75 * would be _if_ it were bumped up by the parity bit. Capice? 76 * 77 * p is set above. 78 */ 79 for (; (1 << p) < (b + 1); p++) 80 b++; 81 82 if (p_cache) 83 *p_cache = p; 84 85 return b; 86 } 87 88 /* 89 * This is the low level encoder function. It can be called across 90 * multiple hunks just like the crc32 code. 'd' is the number of bits 91 * _in_this_hunk_. nr is the bit offset of this hunk. So, if you had 92 * two 512B buffers, you would do it like so: 93 * 94 * parity = ocfs2_hamming_encode(0, buf1, 512 * 8, 0); 95 * parity = ocfs2_hamming_encode(parity, buf2, 512 * 8, 512 * 8); 96 * 97 * If you just have one buffer, use ocfs2_hamming_encode_block(). 98 */ 99 u32 ocfs2_hamming_encode(u32 parity, void *data, unsigned int d, unsigned int nr) 100 { 101 unsigned int i, b, p = 0; 102 103 BUG_ON(!d); 104 105 /* 106 * b is the hamming code bit number. Hamming code specifies a 107 * 1-based array, but C uses 0-based. So 'i' is for C, and 'b' is 108 * for the algorithm. 109 * 110 * The i++ in the for loop is so that the start offset passed 111 * to ocfs2_find_next_bit_set() is one greater than the previously 112 * found bit. 113 */ 114 for (i = 0; (i = ocfs2_find_next_bit(data, d, i)) < d; i++) 115 { 116 /* 117 * i is the offset in this hunk, nr + i is the total bit 118 * offset. 119 */ 120 b = calc_code_bit(nr + i, &p); 121 122 /* 123 * Data bits in the resultant code are checked by 124 * parity bits that are part of the bit number 125 * representation. Huh? 126 * 127 * <wikipedia href="http://en.wikipedia.org/wiki/Hamming_code"> 128 * In other words, the parity bit at position 2^k 129 * checks bits in positions having bit k set in 130 * their binary representation. Conversely, for 131 * instance, bit 13, i.e. 1101(2), is checked by 132 * bits 1000(2) = 8, 0100(2)=4 and 0001(2) = 1. 133 * </wikipedia> 134 * 135 * Note that 'k' is the _code_ bit number. 'b' in 136 * our loop. 137 */ 138 parity ^= b; 139 } 140 141 /* While the data buffer was treated as little endian, the 142 * return value is in host endian. */ 143 return parity; 144 } 145 146 u32 ocfs2_hamming_encode_block(void *data, unsigned int blocksize) 147 { 148 return ocfs2_hamming_encode(0, data, blocksize * 8, 0); 149 } 150 151 /* 152 * Like ocfs2_hamming_encode(), this can handle hunks. nr is the bit 153 * offset of the current hunk. If bit to be fixed is not part of the 154 * current hunk, this does nothing. 155 * 156 * If you only have one hunk, use ocfs2_hamming_fix_block(). 157 */ 158 void ocfs2_hamming_fix(void *data, unsigned int d, unsigned int nr, 159 unsigned int fix) 160 { 161 unsigned int i, b; 162 163 BUG_ON(!d); 164 165 /* 166 * If the bit to fix has an hweight of 1, it's a parity bit. One 167 * busted parity bit is its own error. Nothing to do here. 168 */ 169 if (hweight32(fix) == 1) 170 return; 171 172 /* 173 * nr + d is the bit right past the data hunk we're looking at. 174 * If fix after that, nothing to do 175 */ 176 if (fix >= calc_code_bit(nr + d, NULL)) 177 return; 178 179 /* 180 * nr is the offset in the data hunk we're starting at. Let's 181 * start b at the offset in the code buffer. See hamming_encode() 182 * for a more detailed description of 'b'. 183 */ 184 b = calc_code_bit(nr, NULL); 185 /* If the fix is before this hunk, nothing to do */ 186 if (fix < b) 187 return; 188 189 for (i = 0; i < d; i++, b++) 190 { 191 /* Skip past parity bits */ 192 while (hweight32(b) == 1) 193 b++; 194 195 /* 196 * i is the offset in this data hunk. 197 * nr + i is the offset in the total data buffer. 198 * b is the offset in the total code buffer. 199 * 200 * Thus, when b == fix, bit i in the current hunk needs 201 * fixing. 202 */ 203 if (b == fix) 204 { 205 if (ocfs2_test_bit(i, data)) 206 ocfs2_clear_bit(i, data); 207 else 208 ocfs2_set_bit(i, data); 209 break; 210 } 211 } 212 } 213 214 void ocfs2_hamming_fix_block(void *data, unsigned int blocksize, 215 unsigned int fix) 216 { 217 ocfs2_hamming_fix(data, blocksize * 8, 0, fix); 218 } 219 220 221 /* 222 * Debugfs handling. 223 */ 224 225 #ifdef CONFIG_DEBUG_FS 226 227 static int blockcheck_u64_get(void *data, u64 *val) 228 { 229 *val = *(u64 *)data; 230 return 0; 231 } 232 DEFINE_SIMPLE_ATTRIBUTE(blockcheck_fops, blockcheck_u64_get, NULL, "%llu\n"); 233 234 static struct dentry *blockcheck_debugfs_create(const char *name, 235 struct dentry *parent, 236 u64 *value) 237 { 238 return debugfs_create_file(name, S_IFREG | S_IRUSR, parent, value, 239 &blockcheck_fops); 240 } 241 242 static void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats) 243 { 244 if (stats) { 245 debugfs_remove(stats->b_debug_check); 246 stats->b_debug_check = NULL; 247 debugfs_remove(stats->b_debug_failure); 248 stats->b_debug_failure = NULL; 249 debugfs_remove(stats->b_debug_recover); 250 stats->b_debug_recover = NULL; 251 debugfs_remove(stats->b_debug_dir); 252 stats->b_debug_dir = NULL; 253 } 254 } 255 256 static int ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats, 257 struct dentry *parent) 258 { 259 int rc = -EINVAL; 260 261 if (!stats) 262 goto out; 263 264 stats->b_debug_dir = debugfs_create_dir("blockcheck", parent); 265 if (!stats->b_debug_dir) 266 goto out; 267 268 stats->b_debug_check = 269 blockcheck_debugfs_create("blocks_checked", 270 stats->b_debug_dir, 271 &stats->b_check_count); 272 273 stats->b_debug_failure = 274 blockcheck_debugfs_create("checksums_failed", 275 stats->b_debug_dir, 276 &stats->b_failure_count); 277 278 stats->b_debug_recover = 279 blockcheck_debugfs_create("ecc_recoveries", 280 stats->b_debug_dir, 281 &stats->b_recover_count); 282 if (stats->b_debug_check && stats->b_debug_failure && 283 stats->b_debug_recover) 284 rc = 0; 285 286 out: 287 if (rc) 288 ocfs2_blockcheck_debug_remove(stats); 289 return rc; 290 } 291 #else 292 static inline int ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats, 293 struct dentry *parent) 294 { 295 return 0; 296 } 297 298 static inline void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats) 299 { 300 } 301 #endif /* CONFIG_DEBUG_FS */ 302 303 /* Always-called wrappers for starting and stopping the debugfs files */ 304 int ocfs2_blockcheck_stats_debugfs_install(struct ocfs2_blockcheck_stats *stats, 305 struct dentry *parent) 306 { 307 return ocfs2_blockcheck_debug_install(stats, parent); 308 } 309 310 void ocfs2_blockcheck_stats_debugfs_remove(struct ocfs2_blockcheck_stats *stats) 311 { 312 ocfs2_blockcheck_debug_remove(stats); 313 } 314 315 static void ocfs2_blockcheck_inc_check(struct ocfs2_blockcheck_stats *stats) 316 { 317 u64 new_count; 318 319 if (!stats) 320 return; 321 322 spin_lock(&stats->b_lock); 323 stats->b_check_count++; 324 new_count = stats->b_check_count; 325 spin_unlock(&stats->b_lock); 326 327 if (!new_count) 328 mlog(ML_NOTICE, "Block check count has wrapped\n"); 329 } 330 331 static void ocfs2_blockcheck_inc_failure(struct ocfs2_blockcheck_stats *stats) 332 { 333 u64 new_count; 334 335 if (!stats) 336 return; 337 338 spin_lock(&stats->b_lock); 339 stats->b_failure_count++; 340 new_count = stats->b_failure_count; 341 spin_unlock(&stats->b_lock); 342 343 if (!new_count) 344 mlog(ML_NOTICE, "Checksum failure count has wrapped\n"); 345 } 346 347 static void ocfs2_blockcheck_inc_recover(struct ocfs2_blockcheck_stats *stats) 348 { 349 u64 new_count; 350 351 if (!stats) 352 return; 353 354 spin_lock(&stats->b_lock); 355 stats->b_recover_count++; 356 new_count = stats->b_recover_count; 357 spin_unlock(&stats->b_lock); 358 359 if (!new_count) 360 mlog(ML_NOTICE, "ECC recovery count has wrapped\n"); 361 } 362 363 364 365 /* 366 * These are the low-level APIs for using the ocfs2_block_check structure. 367 */ 368 369 /* 370 * This function generates check information for a block. 371 * data is the block to be checked. bc is a pointer to the 372 * ocfs2_block_check structure describing the crc32 and the ecc. 373 * 374 * bc should be a pointer inside data, as the function will 375 * take care of zeroing it before calculating the check information. If 376 * bc does not point inside data, the caller must make sure any inline 377 * ocfs2_block_check structures are zeroed. 378 * 379 * The data buffer must be in on-disk endian (little endian for ocfs2). 380 * bc will be filled with little-endian values and will be ready to go to 381 * disk. 382 */ 383 void ocfs2_block_check_compute(void *data, size_t blocksize, 384 struct ocfs2_block_check *bc) 385 { 386 u32 crc; 387 u32 ecc; 388 389 memset(bc, 0, sizeof(struct ocfs2_block_check)); 390 391 crc = crc32_le(~0, data, blocksize); 392 ecc = ocfs2_hamming_encode_block(data, blocksize); 393 394 /* 395 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no 396 * larger than 16 bits. 397 */ 398 BUG_ON(ecc > USHRT_MAX); 399 400 bc->bc_crc32e = cpu_to_le32(crc); 401 bc->bc_ecc = cpu_to_le16((u16)ecc); 402 } 403 404 /* 405 * This function validates existing check information. Like _compute, 406 * the function will take care of zeroing bc before calculating check codes. 407 * If bc is not a pointer inside data, the caller must have zeroed any 408 * inline ocfs2_block_check structures. 409 * 410 * Again, the data passed in should be the on-disk endian. 411 */ 412 int ocfs2_block_check_validate(void *data, size_t blocksize, 413 struct ocfs2_block_check *bc, 414 struct ocfs2_blockcheck_stats *stats) 415 { 416 int rc = 0; 417 u32 bc_crc32e; 418 u16 bc_ecc; 419 u32 crc, ecc; 420 421 ocfs2_blockcheck_inc_check(stats); 422 423 bc_crc32e = le32_to_cpu(bc->bc_crc32e); 424 bc_ecc = le16_to_cpu(bc->bc_ecc); 425 426 memset(bc, 0, sizeof(struct ocfs2_block_check)); 427 428 /* Fast path - if the crc32 validates, we're good to go */ 429 crc = crc32_le(~0, data, blocksize); 430 if (crc == bc_crc32e) 431 goto out; 432 433 ocfs2_blockcheck_inc_failure(stats); 434 mlog(ML_ERROR, 435 "CRC32 failed: stored: 0x%x, computed 0x%x. Applying ECC.\n", 436 (unsigned int)bc_crc32e, (unsigned int)crc); 437 438 /* Ok, try ECC fixups */ 439 ecc = ocfs2_hamming_encode_block(data, blocksize); 440 ocfs2_hamming_fix_block(data, blocksize, ecc ^ bc_ecc); 441 442 /* And check the crc32 again */ 443 crc = crc32_le(~0, data, blocksize); 444 if (crc == bc_crc32e) { 445 ocfs2_blockcheck_inc_recover(stats); 446 goto out; 447 } 448 449 mlog(ML_ERROR, "Fixed CRC32 failed: stored: 0x%x, computed 0x%x\n", 450 (unsigned int)bc_crc32e, (unsigned int)crc); 451 452 rc = -EIO; 453 454 out: 455 bc->bc_crc32e = cpu_to_le32(bc_crc32e); 456 bc->bc_ecc = cpu_to_le16(bc_ecc); 457 458 return rc; 459 } 460 461 /* 462 * This function generates check information for a list of buffer_heads. 463 * bhs is the blocks to be checked. bc is a pointer to the 464 * ocfs2_block_check structure describing the crc32 and the ecc. 465 * 466 * bc should be a pointer inside data, as the function will 467 * take care of zeroing it before calculating the check information. If 468 * bc does not point inside data, the caller must make sure any inline 469 * ocfs2_block_check structures are zeroed. 470 * 471 * The data buffer must be in on-disk endian (little endian for ocfs2). 472 * bc will be filled with little-endian values and will be ready to go to 473 * disk. 474 */ 475 void ocfs2_block_check_compute_bhs(struct buffer_head **bhs, int nr, 476 struct ocfs2_block_check *bc) 477 { 478 int i; 479 u32 crc, ecc; 480 481 BUG_ON(nr < 0); 482 483 if (!nr) 484 return; 485 486 memset(bc, 0, sizeof(struct ocfs2_block_check)); 487 488 for (i = 0, crc = ~0, ecc = 0; i < nr; i++) { 489 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size); 490 /* 491 * The number of bits in a buffer is obviously b_size*8. 492 * The offset of this buffer is b_size*i, so the bit offset 493 * of this buffer is b_size*8*i. 494 */ 495 ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data, 496 bhs[i]->b_size * 8, 497 bhs[i]->b_size * 8 * i); 498 } 499 500 /* 501 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no 502 * larger than 16 bits. 503 */ 504 BUG_ON(ecc > USHRT_MAX); 505 506 bc->bc_crc32e = cpu_to_le32(crc); 507 bc->bc_ecc = cpu_to_le16((u16)ecc); 508 } 509 510 /* 511 * This function validates existing check information on a list of 512 * buffer_heads. Like _compute_bhs, the function will take care of 513 * zeroing bc before calculating check codes. If bc is not a pointer 514 * inside data, the caller must have zeroed any inline 515 * ocfs2_block_check structures. 516 * 517 * Again, the data passed in should be the on-disk endian. 518 */ 519 int ocfs2_block_check_validate_bhs(struct buffer_head **bhs, int nr, 520 struct ocfs2_block_check *bc, 521 struct ocfs2_blockcheck_stats *stats) 522 { 523 int i, rc = 0; 524 u32 bc_crc32e; 525 u16 bc_ecc; 526 u32 crc, ecc, fix; 527 528 BUG_ON(nr < 0); 529 530 if (!nr) 531 return 0; 532 533 ocfs2_blockcheck_inc_check(stats); 534 535 bc_crc32e = le32_to_cpu(bc->bc_crc32e); 536 bc_ecc = le16_to_cpu(bc->bc_ecc); 537 538 memset(bc, 0, sizeof(struct ocfs2_block_check)); 539 540 /* Fast path - if the crc32 validates, we're good to go */ 541 for (i = 0, crc = ~0; i < nr; i++) 542 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size); 543 if (crc == bc_crc32e) 544 goto out; 545 546 ocfs2_blockcheck_inc_failure(stats); 547 mlog(ML_ERROR, 548 "CRC32 failed: stored: %u, computed %u. Applying ECC.\n", 549 (unsigned int)bc_crc32e, (unsigned int)crc); 550 551 /* Ok, try ECC fixups */ 552 for (i = 0, ecc = 0; i < nr; i++) { 553 /* 554 * The number of bits in a buffer is obviously b_size*8. 555 * The offset of this buffer is b_size*i, so the bit offset 556 * of this buffer is b_size*8*i. 557 */ 558 ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data, 559 bhs[i]->b_size * 8, 560 bhs[i]->b_size * 8 * i); 561 } 562 fix = ecc ^ bc_ecc; 563 for (i = 0; i < nr; i++) { 564 /* 565 * Try the fix against each buffer. It will only affect 566 * one of them. 567 */ 568 ocfs2_hamming_fix(bhs[i]->b_data, bhs[i]->b_size * 8, 569 bhs[i]->b_size * 8 * i, fix); 570 } 571 572 /* And check the crc32 again */ 573 for (i = 0, crc = ~0; i < nr; i++) 574 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size); 575 if (crc == bc_crc32e) { 576 ocfs2_blockcheck_inc_recover(stats); 577 goto out; 578 } 579 580 mlog(ML_ERROR, "Fixed CRC32 failed: stored: %u, computed %u\n", 581 (unsigned int)bc_crc32e, (unsigned int)crc); 582 583 rc = -EIO; 584 585 out: 586 bc->bc_crc32e = cpu_to_le32(bc_crc32e); 587 bc->bc_ecc = cpu_to_le16(bc_ecc); 588 589 return rc; 590 } 591 592 /* 593 * These are the main API. They check the superblock flag before 594 * calling the underlying operations. 595 * 596 * They expect the buffer(s) to be in disk format. 597 */ 598 void ocfs2_compute_meta_ecc(struct super_block *sb, void *data, 599 struct ocfs2_block_check *bc) 600 { 601 if (ocfs2_meta_ecc(OCFS2_SB(sb))) 602 ocfs2_block_check_compute(data, sb->s_blocksize, bc); 603 } 604 605 int ocfs2_validate_meta_ecc(struct super_block *sb, void *data, 606 struct ocfs2_block_check *bc) 607 { 608 int rc = 0; 609 struct ocfs2_super *osb = OCFS2_SB(sb); 610 611 if (ocfs2_meta_ecc(osb)) 612 rc = ocfs2_block_check_validate(data, sb->s_blocksize, bc, 613 &osb->osb_ecc_stats); 614 615 return rc; 616 } 617 618 void ocfs2_compute_meta_ecc_bhs(struct super_block *sb, 619 struct buffer_head **bhs, int nr, 620 struct ocfs2_block_check *bc) 621 { 622 if (ocfs2_meta_ecc(OCFS2_SB(sb))) 623 ocfs2_block_check_compute_bhs(bhs, nr, bc); 624 } 625 626 int ocfs2_validate_meta_ecc_bhs(struct super_block *sb, 627 struct buffer_head **bhs, int nr, 628 struct ocfs2_block_check *bc) 629 { 630 int rc = 0; 631 struct ocfs2_super *osb = OCFS2_SB(sb); 632 633 if (ocfs2_meta_ecc(osb)) 634 rc = ocfs2_block_check_validate_bhs(bhs, nr, bc, 635 &osb->osb_ecc_stats); 636 637 return rc; 638 } 639 640