xref: /linux/fs/ocfs2/blockcheck.c (revision ebf68996de0ab250c5d520eb2291ab65643e9a1e)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* -*- mode: c; c-basic-offset: 8; -*-
3  * vim: noexpandtab sw=8 ts=8 sts=0:
4  *
5  * blockcheck.c
6  *
7  * Checksum and ECC codes for the OCFS2 userspace library.
8  *
9  * Copyright (C) 2006, 2008 Oracle.  All rights reserved.
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/types.h>
14 #include <linux/crc32.h>
15 #include <linux/buffer_head.h>
16 #include <linux/bitops.h>
17 #include <linux/debugfs.h>
18 #include <linux/module.h>
19 #include <linux/fs.h>
20 #include <asm/byteorder.h>
21 
22 #include <cluster/masklog.h>
23 
24 #include "ocfs2.h"
25 
26 #include "blockcheck.h"
27 
28 
29 /*
30  * We use the following conventions:
31  *
32  * d = # data bits
33  * p = # parity bits
34  * c = # total code bits (d + p)
35  */
36 
37 
38 /*
39  * Calculate the bit offset in the hamming code buffer based on the bit's
40  * offset in the data buffer.  Since the hamming code reserves all
41  * power-of-two bits for parity, the data bit number and the code bit
42  * number are offset by all the parity bits beforehand.
43  *
44  * Recall that bit numbers in hamming code are 1-based.  This function
45  * takes the 0-based data bit from the caller.
46  *
47  * An example.  Take bit 1 of the data buffer.  1 is a power of two (2^0),
48  * so it's a parity bit.  2 is a power of two (2^1), so it's a parity bit.
49  * 3 is not a power of two.  So bit 1 of the data buffer ends up as bit 3
50  * in the code buffer.
51  *
52  * The caller can pass in *p if it wants to keep track of the most recent
53  * number of parity bits added.  This allows the function to start the
54  * calculation at the last place.
55  */
56 static unsigned int calc_code_bit(unsigned int i, unsigned int *p_cache)
57 {
58 	unsigned int b, p = 0;
59 
60 	/*
61 	 * Data bits are 0-based, but we're talking code bits, which
62 	 * are 1-based.
63 	 */
64 	b = i + 1;
65 
66 	/* Use the cache if it is there */
67 	if (p_cache)
68 		p = *p_cache;
69         b += p;
70 
71 	/*
72 	 * For every power of two below our bit number, bump our bit.
73 	 *
74 	 * We compare with (b + 1) because we have to compare with what b
75 	 * would be _if_ it were bumped up by the parity bit.  Capice?
76 	 *
77 	 * p is set above.
78 	 */
79 	for (; (1 << p) < (b + 1); p++)
80 		b++;
81 
82 	if (p_cache)
83 		*p_cache = p;
84 
85 	return b;
86 }
87 
88 /*
89  * This is the low level encoder function.  It can be called across
90  * multiple hunks just like the crc32 code.  'd' is the number of bits
91  * _in_this_hunk_.  nr is the bit offset of this hunk.  So, if you had
92  * two 512B buffers, you would do it like so:
93  *
94  * parity = ocfs2_hamming_encode(0, buf1, 512 * 8, 0);
95  * parity = ocfs2_hamming_encode(parity, buf2, 512 * 8, 512 * 8);
96  *
97  * If you just have one buffer, use ocfs2_hamming_encode_block().
98  */
99 u32 ocfs2_hamming_encode(u32 parity, void *data, unsigned int d, unsigned int nr)
100 {
101 	unsigned int i, b, p = 0;
102 
103 	BUG_ON(!d);
104 
105 	/*
106 	 * b is the hamming code bit number.  Hamming code specifies a
107 	 * 1-based array, but C uses 0-based.  So 'i' is for C, and 'b' is
108 	 * for the algorithm.
109 	 *
110 	 * The i++ in the for loop is so that the start offset passed
111 	 * to ocfs2_find_next_bit_set() is one greater than the previously
112 	 * found bit.
113 	 */
114 	for (i = 0; (i = ocfs2_find_next_bit(data, d, i)) < d; i++)
115 	{
116 		/*
117 		 * i is the offset in this hunk, nr + i is the total bit
118 		 * offset.
119 		 */
120 		b = calc_code_bit(nr + i, &p);
121 
122 		/*
123 		 * Data bits in the resultant code are checked by
124 		 * parity bits that are part of the bit number
125 		 * representation.  Huh?
126 		 *
127 		 * <wikipedia href="http://en.wikipedia.org/wiki/Hamming_code">
128 		 * In other words, the parity bit at position 2^k
129 		 * checks bits in positions having bit k set in
130 		 * their binary representation.  Conversely, for
131 		 * instance, bit 13, i.e. 1101(2), is checked by
132 		 * bits 1000(2) = 8, 0100(2)=4 and 0001(2) = 1.
133 		 * </wikipedia>
134 		 *
135 		 * Note that 'k' is the _code_ bit number.  'b' in
136 		 * our loop.
137 		 */
138 		parity ^= b;
139 	}
140 
141 	/* While the data buffer was treated as little endian, the
142 	 * return value is in host endian. */
143 	return parity;
144 }
145 
146 u32 ocfs2_hamming_encode_block(void *data, unsigned int blocksize)
147 {
148 	return ocfs2_hamming_encode(0, data, blocksize * 8, 0);
149 }
150 
151 /*
152  * Like ocfs2_hamming_encode(), this can handle hunks.  nr is the bit
153  * offset of the current hunk.  If bit to be fixed is not part of the
154  * current hunk, this does nothing.
155  *
156  * If you only have one hunk, use ocfs2_hamming_fix_block().
157  */
158 void ocfs2_hamming_fix(void *data, unsigned int d, unsigned int nr,
159 		       unsigned int fix)
160 {
161 	unsigned int i, b;
162 
163 	BUG_ON(!d);
164 
165 	/*
166 	 * If the bit to fix has an hweight of 1, it's a parity bit.  One
167 	 * busted parity bit is its own error.  Nothing to do here.
168 	 */
169 	if (hweight32(fix) == 1)
170 		return;
171 
172 	/*
173 	 * nr + d is the bit right past the data hunk we're looking at.
174 	 * If fix after that, nothing to do
175 	 */
176 	if (fix >= calc_code_bit(nr + d, NULL))
177 		return;
178 
179 	/*
180 	 * nr is the offset in the data hunk we're starting at.  Let's
181 	 * start b at the offset in the code buffer.  See hamming_encode()
182 	 * for a more detailed description of 'b'.
183 	 */
184 	b = calc_code_bit(nr, NULL);
185 	/* If the fix is before this hunk, nothing to do */
186 	if (fix < b)
187 		return;
188 
189 	for (i = 0; i < d; i++, b++)
190 	{
191 		/* Skip past parity bits */
192 		while (hweight32(b) == 1)
193 			b++;
194 
195 		/*
196 		 * i is the offset in this data hunk.
197 		 * nr + i is the offset in the total data buffer.
198 		 * b is the offset in the total code buffer.
199 		 *
200 		 * Thus, when b == fix, bit i in the current hunk needs
201 		 * fixing.
202 		 */
203 		if (b == fix)
204 		{
205 			if (ocfs2_test_bit(i, data))
206 				ocfs2_clear_bit(i, data);
207 			else
208 				ocfs2_set_bit(i, data);
209 			break;
210 		}
211 	}
212 }
213 
214 void ocfs2_hamming_fix_block(void *data, unsigned int blocksize,
215 			     unsigned int fix)
216 {
217 	ocfs2_hamming_fix(data, blocksize * 8, 0, fix);
218 }
219 
220 
221 /*
222  * Debugfs handling.
223  */
224 
225 #ifdef CONFIG_DEBUG_FS
226 
227 static int blockcheck_u64_get(void *data, u64 *val)
228 {
229 	*val = *(u64 *)data;
230 	return 0;
231 }
232 DEFINE_SIMPLE_ATTRIBUTE(blockcheck_fops, blockcheck_u64_get, NULL, "%llu\n");
233 
234 static struct dentry *blockcheck_debugfs_create(const char *name,
235 						struct dentry *parent,
236 						u64 *value)
237 {
238 	return debugfs_create_file(name, S_IFREG | S_IRUSR, parent, value,
239 				   &blockcheck_fops);
240 }
241 
242 static void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats)
243 {
244 	if (stats) {
245 		debugfs_remove(stats->b_debug_check);
246 		stats->b_debug_check = NULL;
247 		debugfs_remove(stats->b_debug_failure);
248 		stats->b_debug_failure = NULL;
249 		debugfs_remove(stats->b_debug_recover);
250 		stats->b_debug_recover = NULL;
251 		debugfs_remove(stats->b_debug_dir);
252 		stats->b_debug_dir = NULL;
253 	}
254 }
255 
256 static int ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats,
257 					  struct dentry *parent)
258 {
259 	int rc = -EINVAL;
260 
261 	if (!stats)
262 		goto out;
263 
264 	stats->b_debug_dir = debugfs_create_dir("blockcheck", parent);
265 	if (!stats->b_debug_dir)
266 		goto out;
267 
268 	stats->b_debug_check =
269 		blockcheck_debugfs_create("blocks_checked",
270 					  stats->b_debug_dir,
271 					  &stats->b_check_count);
272 
273 	stats->b_debug_failure =
274 		blockcheck_debugfs_create("checksums_failed",
275 					  stats->b_debug_dir,
276 					  &stats->b_failure_count);
277 
278 	stats->b_debug_recover =
279 		blockcheck_debugfs_create("ecc_recoveries",
280 					  stats->b_debug_dir,
281 					  &stats->b_recover_count);
282 	if (stats->b_debug_check && stats->b_debug_failure &&
283 	    stats->b_debug_recover)
284 		rc = 0;
285 
286 out:
287 	if (rc)
288 		ocfs2_blockcheck_debug_remove(stats);
289 	return rc;
290 }
291 #else
292 static inline int ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats,
293 						 struct dentry *parent)
294 {
295 	return 0;
296 }
297 
298 static inline void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats)
299 {
300 }
301 #endif  /* CONFIG_DEBUG_FS */
302 
303 /* Always-called wrappers for starting and stopping the debugfs files */
304 int ocfs2_blockcheck_stats_debugfs_install(struct ocfs2_blockcheck_stats *stats,
305 					   struct dentry *parent)
306 {
307 	return ocfs2_blockcheck_debug_install(stats, parent);
308 }
309 
310 void ocfs2_blockcheck_stats_debugfs_remove(struct ocfs2_blockcheck_stats *stats)
311 {
312 	ocfs2_blockcheck_debug_remove(stats);
313 }
314 
315 static void ocfs2_blockcheck_inc_check(struct ocfs2_blockcheck_stats *stats)
316 {
317 	u64 new_count;
318 
319 	if (!stats)
320 		return;
321 
322 	spin_lock(&stats->b_lock);
323 	stats->b_check_count++;
324 	new_count = stats->b_check_count;
325 	spin_unlock(&stats->b_lock);
326 
327 	if (!new_count)
328 		mlog(ML_NOTICE, "Block check count has wrapped\n");
329 }
330 
331 static void ocfs2_blockcheck_inc_failure(struct ocfs2_blockcheck_stats *stats)
332 {
333 	u64 new_count;
334 
335 	if (!stats)
336 		return;
337 
338 	spin_lock(&stats->b_lock);
339 	stats->b_failure_count++;
340 	new_count = stats->b_failure_count;
341 	spin_unlock(&stats->b_lock);
342 
343 	if (!new_count)
344 		mlog(ML_NOTICE, "Checksum failure count has wrapped\n");
345 }
346 
347 static void ocfs2_blockcheck_inc_recover(struct ocfs2_blockcheck_stats *stats)
348 {
349 	u64 new_count;
350 
351 	if (!stats)
352 		return;
353 
354 	spin_lock(&stats->b_lock);
355 	stats->b_recover_count++;
356 	new_count = stats->b_recover_count;
357 	spin_unlock(&stats->b_lock);
358 
359 	if (!new_count)
360 		mlog(ML_NOTICE, "ECC recovery count has wrapped\n");
361 }
362 
363 
364 
365 /*
366  * These are the low-level APIs for using the ocfs2_block_check structure.
367  */
368 
369 /*
370  * This function generates check information for a block.
371  * data is the block to be checked.  bc is a pointer to the
372  * ocfs2_block_check structure describing the crc32 and the ecc.
373  *
374  * bc should be a pointer inside data, as the function will
375  * take care of zeroing it before calculating the check information.  If
376  * bc does not point inside data, the caller must make sure any inline
377  * ocfs2_block_check structures are zeroed.
378  *
379  * The data buffer must be in on-disk endian (little endian for ocfs2).
380  * bc will be filled with little-endian values and will be ready to go to
381  * disk.
382  */
383 void ocfs2_block_check_compute(void *data, size_t blocksize,
384 			       struct ocfs2_block_check *bc)
385 {
386 	u32 crc;
387 	u32 ecc;
388 
389 	memset(bc, 0, sizeof(struct ocfs2_block_check));
390 
391 	crc = crc32_le(~0, data, blocksize);
392 	ecc = ocfs2_hamming_encode_block(data, blocksize);
393 
394 	/*
395 	 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no
396 	 * larger than 16 bits.
397 	 */
398 	BUG_ON(ecc > USHRT_MAX);
399 
400 	bc->bc_crc32e = cpu_to_le32(crc);
401 	bc->bc_ecc = cpu_to_le16((u16)ecc);
402 }
403 
404 /*
405  * This function validates existing check information.  Like _compute,
406  * the function will take care of zeroing bc before calculating check codes.
407  * If bc is not a pointer inside data, the caller must have zeroed any
408  * inline ocfs2_block_check structures.
409  *
410  * Again, the data passed in should be the on-disk endian.
411  */
412 int ocfs2_block_check_validate(void *data, size_t blocksize,
413 			       struct ocfs2_block_check *bc,
414 			       struct ocfs2_blockcheck_stats *stats)
415 {
416 	int rc = 0;
417 	u32 bc_crc32e;
418 	u16 bc_ecc;
419 	u32 crc, ecc;
420 
421 	ocfs2_blockcheck_inc_check(stats);
422 
423 	bc_crc32e = le32_to_cpu(bc->bc_crc32e);
424 	bc_ecc = le16_to_cpu(bc->bc_ecc);
425 
426 	memset(bc, 0, sizeof(struct ocfs2_block_check));
427 
428 	/* Fast path - if the crc32 validates, we're good to go */
429 	crc = crc32_le(~0, data, blocksize);
430 	if (crc == bc_crc32e)
431 		goto out;
432 
433 	ocfs2_blockcheck_inc_failure(stats);
434 	mlog(ML_ERROR,
435 	     "CRC32 failed: stored: 0x%x, computed 0x%x. Applying ECC.\n",
436 	     (unsigned int)bc_crc32e, (unsigned int)crc);
437 
438 	/* Ok, try ECC fixups */
439 	ecc = ocfs2_hamming_encode_block(data, blocksize);
440 	ocfs2_hamming_fix_block(data, blocksize, ecc ^ bc_ecc);
441 
442 	/* And check the crc32 again */
443 	crc = crc32_le(~0, data, blocksize);
444 	if (crc == bc_crc32e) {
445 		ocfs2_blockcheck_inc_recover(stats);
446 		goto out;
447 	}
448 
449 	mlog(ML_ERROR, "Fixed CRC32 failed: stored: 0x%x, computed 0x%x\n",
450 	     (unsigned int)bc_crc32e, (unsigned int)crc);
451 
452 	rc = -EIO;
453 
454 out:
455 	bc->bc_crc32e = cpu_to_le32(bc_crc32e);
456 	bc->bc_ecc = cpu_to_le16(bc_ecc);
457 
458 	return rc;
459 }
460 
461 /*
462  * This function generates check information for a list of buffer_heads.
463  * bhs is the blocks to be checked.  bc is a pointer to the
464  * ocfs2_block_check structure describing the crc32 and the ecc.
465  *
466  * bc should be a pointer inside data, as the function will
467  * take care of zeroing it before calculating the check information.  If
468  * bc does not point inside data, the caller must make sure any inline
469  * ocfs2_block_check structures are zeroed.
470  *
471  * The data buffer must be in on-disk endian (little endian for ocfs2).
472  * bc will be filled with little-endian values and will be ready to go to
473  * disk.
474  */
475 void ocfs2_block_check_compute_bhs(struct buffer_head **bhs, int nr,
476 				   struct ocfs2_block_check *bc)
477 {
478 	int i;
479 	u32 crc, ecc;
480 
481 	BUG_ON(nr < 0);
482 
483 	if (!nr)
484 		return;
485 
486 	memset(bc, 0, sizeof(struct ocfs2_block_check));
487 
488 	for (i = 0, crc = ~0, ecc = 0; i < nr; i++) {
489 		crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
490 		/*
491 		 * The number of bits in a buffer is obviously b_size*8.
492 		 * The offset of this buffer is b_size*i, so the bit offset
493 		 * of this buffer is b_size*8*i.
494 		 */
495 		ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data,
496 						bhs[i]->b_size * 8,
497 						bhs[i]->b_size * 8 * i);
498 	}
499 
500 	/*
501 	 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no
502 	 * larger than 16 bits.
503 	 */
504 	BUG_ON(ecc > USHRT_MAX);
505 
506 	bc->bc_crc32e = cpu_to_le32(crc);
507 	bc->bc_ecc = cpu_to_le16((u16)ecc);
508 }
509 
510 /*
511  * This function validates existing check information on a list of
512  * buffer_heads.  Like _compute_bhs, the function will take care of
513  * zeroing bc before calculating check codes.  If bc is not a pointer
514  * inside data, the caller must have zeroed any inline
515  * ocfs2_block_check structures.
516  *
517  * Again, the data passed in should be the on-disk endian.
518  */
519 int ocfs2_block_check_validate_bhs(struct buffer_head **bhs, int nr,
520 				   struct ocfs2_block_check *bc,
521 				   struct ocfs2_blockcheck_stats *stats)
522 {
523 	int i, rc = 0;
524 	u32 bc_crc32e;
525 	u16 bc_ecc;
526 	u32 crc, ecc, fix;
527 
528 	BUG_ON(nr < 0);
529 
530 	if (!nr)
531 		return 0;
532 
533 	ocfs2_blockcheck_inc_check(stats);
534 
535 	bc_crc32e = le32_to_cpu(bc->bc_crc32e);
536 	bc_ecc = le16_to_cpu(bc->bc_ecc);
537 
538 	memset(bc, 0, sizeof(struct ocfs2_block_check));
539 
540 	/* Fast path - if the crc32 validates, we're good to go */
541 	for (i = 0, crc = ~0; i < nr; i++)
542 		crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
543 	if (crc == bc_crc32e)
544 		goto out;
545 
546 	ocfs2_blockcheck_inc_failure(stats);
547 	mlog(ML_ERROR,
548 	     "CRC32 failed: stored: %u, computed %u.  Applying ECC.\n",
549 	     (unsigned int)bc_crc32e, (unsigned int)crc);
550 
551 	/* Ok, try ECC fixups */
552 	for (i = 0, ecc = 0; i < nr; i++) {
553 		/*
554 		 * The number of bits in a buffer is obviously b_size*8.
555 		 * The offset of this buffer is b_size*i, so the bit offset
556 		 * of this buffer is b_size*8*i.
557 		 */
558 		ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data,
559 						bhs[i]->b_size * 8,
560 						bhs[i]->b_size * 8 * i);
561 	}
562 	fix = ecc ^ bc_ecc;
563 	for (i = 0; i < nr; i++) {
564 		/*
565 		 * Try the fix against each buffer.  It will only affect
566 		 * one of them.
567 		 */
568 		ocfs2_hamming_fix(bhs[i]->b_data, bhs[i]->b_size * 8,
569 				  bhs[i]->b_size * 8 * i, fix);
570 	}
571 
572 	/* And check the crc32 again */
573 	for (i = 0, crc = ~0; i < nr; i++)
574 		crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
575 	if (crc == bc_crc32e) {
576 		ocfs2_blockcheck_inc_recover(stats);
577 		goto out;
578 	}
579 
580 	mlog(ML_ERROR, "Fixed CRC32 failed: stored: %u, computed %u\n",
581 	     (unsigned int)bc_crc32e, (unsigned int)crc);
582 
583 	rc = -EIO;
584 
585 out:
586 	bc->bc_crc32e = cpu_to_le32(bc_crc32e);
587 	bc->bc_ecc = cpu_to_le16(bc_ecc);
588 
589 	return rc;
590 }
591 
592 /*
593  * These are the main API.  They check the superblock flag before
594  * calling the underlying operations.
595  *
596  * They expect the buffer(s) to be in disk format.
597  */
598 void ocfs2_compute_meta_ecc(struct super_block *sb, void *data,
599 			    struct ocfs2_block_check *bc)
600 {
601 	if (ocfs2_meta_ecc(OCFS2_SB(sb)))
602 		ocfs2_block_check_compute(data, sb->s_blocksize, bc);
603 }
604 
605 int ocfs2_validate_meta_ecc(struct super_block *sb, void *data,
606 			    struct ocfs2_block_check *bc)
607 {
608 	int rc = 0;
609 	struct ocfs2_super *osb = OCFS2_SB(sb);
610 
611 	if (ocfs2_meta_ecc(osb))
612 		rc = ocfs2_block_check_validate(data, sb->s_blocksize, bc,
613 						&osb->osb_ecc_stats);
614 
615 	return rc;
616 }
617 
618 void ocfs2_compute_meta_ecc_bhs(struct super_block *sb,
619 				struct buffer_head **bhs, int nr,
620 				struct ocfs2_block_check *bc)
621 {
622 	if (ocfs2_meta_ecc(OCFS2_SB(sb)))
623 		ocfs2_block_check_compute_bhs(bhs, nr, bc);
624 }
625 
626 int ocfs2_validate_meta_ecc_bhs(struct super_block *sb,
627 				struct buffer_head **bhs, int nr,
628 				struct ocfs2_block_check *bc)
629 {
630 	int rc = 0;
631 	struct ocfs2_super *osb = OCFS2_SB(sb);
632 
633 	if (ocfs2_meta_ecc(osb))
634 		rc = ocfs2_block_check_validate_bhs(bhs, nr, bc,
635 						    &osb->osb_ecc_stats);
636 
637 	return rc;
638 }
639 
640