1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2017-2023 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <djwong@kernel.org> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_log_format.h" 13 #include "xfs_trans.h" 14 #include "xfs_inode.h" 15 #include "xfs_da_format.h" 16 #include "xfs_da_btree.h" 17 #include "xfs_attr.h" 18 #include "xfs_attr_leaf.h" 19 #include "xfs_attr_sf.h" 20 #include "scrub/scrub.h" 21 #include "scrub/common.h" 22 #include "scrub/dabtree.h" 23 #include "scrub/attr.h" 24 #include "scrub/listxattr.h" 25 #include "scrub/repair.h" 26 27 /* Free the buffers linked from the xattr buffer. */ 28 static void 29 xchk_xattr_buf_cleanup( 30 void *priv) 31 { 32 struct xchk_xattr_buf *ab = priv; 33 34 kvfree(ab->freemap); 35 ab->freemap = NULL; 36 kvfree(ab->usedmap); 37 ab->usedmap = NULL; 38 kvfree(ab->value); 39 ab->value = NULL; 40 ab->value_sz = 0; 41 kvfree(ab->name); 42 ab->name = NULL; 43 } 44 45 /* 46 * Allocate the free space bitmap if we're trying harder; there are leaf blocks 47 * in the attr fork; or we can't tell if there are leaf blocks. 48 */ 49 static inline bool 50 xchk_xattr_want_freemap( 51 struct xfs_scrub *sc) 52 { 53 struct xfs_ifork *ifp; 54 55 if (sc->flags & XCHK_TRY_HARDER) 56 return true; 57 58 if (!sc->ip) 59 return true; 60 61 ifp = xfs_ifork_ptr(sc->ip, XFS_ATTR_FORK); 62 if (!ifp) 63 return false; 64 65 return xfs_ifork_has_extents(ifp); 66 } 67 68 /* 69 * Allocate enough memory to hold an attr value and attr block bitmaps, 70 * reallocating the buffer if necessary. Buffer contents are not preserved 71 * across a reallocation. 72 */ 73 int 74 xchk_setup_xattr_buf( 75 struct xfs_scrub *sc, 76 size_t value_size) 77 { 78 size_t bmp_sz; 79 struct xchk_xattr_buf *ab = sc->buf; 80 void *new_val; 81 82 bmp_sz = sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize); 83 84 if (ab) 85 goto resize_value; 86 87 ab = kvzalloc(sizeof(struct xchk_xattr_buf), XCHK_GFP_FLAGS); 88 if (!ab) 89 return -ENOMEM; 90 sc->buf = ab; 91 sc->buf_cleanup = xchk_xattr_buf_cleanup; 92 93 ab->usedmap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS); 94 if (!ab->usedmap) 95 return -ENOMEM; 96 97 if (xchk_xattr_want_freemap(sc)) { 98 ab->freemap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS); 99 if (!ab->freemap) 100 return -ENOMEM; 101 } 102 103 if (xchk_could_repair(sc)) { 104 ab->name = kvmalloc(XATTR_NAME_MAX + 1, XCHK_GFP_FLAGS); 105 if (!ab->name) 106 return -ENOMEM; 107 } 108 109 resize_value: 110 if (ab->value_sz >= value_size) 111 return 0; 112 113 if (ab->value) { 114 kvfree(ab->value); 115 ab->value = NULL; 116 ab->value_sz = 0; 117 } 118 119 new_val = kvmalloc(value_size, XCHK_GFP_FLAGS); 120 if (!new_val) 121 return -ENOMEM; 122 123 ab->value = new_val; 124 ab->value_sz = value_size; 125 return 0; 126 } 127 128 /* Set us up to scrub an inode's extended attributes. */ 129 int 130 xchk_setup_xattr( 131 struct xfs_scrub *sc) 132 { 133 int error; 134 135 if (xchk_could_repair(sc)) { 136 error = xrep_setup_xattr(sc); 137 if (error) 138 return error; 139 } 140 141 /* 142 * We failed to get memory while checking attrs, so this time try to 143 * get all the memory we're ever going to need. Allocate the buffer 144 * without the inode lock held, which means we can sleep. 145 */ 146 if (sc->flags & XCHK_TRY_HARDER) { 147 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX); 148 if (error) 149 return error; 150 } 151 152 return xchk_setup_inode_contents(sc, 0); 153 } 154 155 /* Extended Attributes */ 156 157 /* 158 * Check that an extended attribute key can be looked up by hash. 159 * 160 * We use the extended attribute walk helper to call this function for every 161 * attribute key in an inode. Once we're here, we load the attribute value to 162 * see if any errors happen, or if we get more or less data than we expected. 163 */ 164 static int 165 xchk_xattr_actor( 166 struct xfs_scrub *sc, 167 struct xfs_inode *ip, 168 unsigned int attr_flags, 169 const unsigned char *name, 170 unsigned int namelen, 171 const void *value, 172 unsigned int valuelen, 173 void *priv) 174 { 175 struct xfs_da_args args = { 176 .op_flags = XFS_DA_OP_NOTIME, 177 .attr_filter = attr_flags & XFS_ATTR_NSP_ONDISK_MASK, 178 .geo = sc->mp->m_attr_geo, 179 .whichfork = XFS_ATTR_FORK, 180 .dp = ip, 181 .name = name, 182 .namelen = namelen, 183 .hashval = xfs_da_hashname(name, namelen), 184 .trans = sc->tp, 185 .valuelen = valuelen, 186 .owner = ip->i_ino, 187 }; 188 struct xchk_xattr_buf *ab; 189 int error = 0; 190 191 ab = sc->buf; 192 193 if (xchk_should_terminate(sc, &error)) 194 return error; 195 196 if (attr_flags & XFS_ATTR_INCOMPLETE) { 197 /* Incomplete attr key, just mark the inode for preening. */ 198 xchk_ino_set_preen(sc, ip->i_ino); 199 return 0; 200 } 201 202 /* Only one namespace bit allowed. */ 203 if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) { 204 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); 205 return -ECANCELED; 206 } 207 208 /* Does this name make sense? */ 209 if (!xfs_attr_namecheck(name, namelen)) { 210 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); 211 return -ECANCELED; 212 } 213 214 /* 215 * Local and shortform xattr values are stored in the attr leaf block, 216 * so we don't need to retrieve the value from a remote block to detect 217 * corruption problems. 218 */ 219 if (value) 220 return 0; 221 222 /* 223 * Try to allocate enough memory to extract the attr value. If that 224 * doesn't work, return -EDEADLOCK as a signal to try again with a 225 * maximally sized buffer. 226 */ 227 error = xchk_setup_xattr_buf(sc, valuelen); 228 if (error == -ENOMEM) 229 error = -EDEADLOCK; 230 if (error) 231 return error; 232 233 args.value = ab->value; 234 235 error = xfs_attr_get_ilocked(&args); 236 /* ENODATA means the hash lookup failed and the attr is bad */ 237 if (error == -ENODATA) 238 error = -EFSCORRUPTED; 239 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, args.blkno, 240 &error)) 241 return error; 242 if (args.valuelen != valuelen) 243 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); 244 245 return 0; 246 } 247 248 /* 249 * Mark a range [start, start+len) in this map. Returns true if the 250 * region was free, and false if there's a conflict or a problem. 251 * 252 * Within a char, the lowest bit of the char represents the byte with 253 * the smallest address 254 */ 255 bool 256 xchk_xattr_set_map( 257 struct xfs_scrub *sc, 258 unsigned long *map, 259 unsigned int start, 260 unsigned int len) 261 { 262 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 263 bool ret = true; 264 265 if (start >= mapsize) 266 return false; 267 if (start + len > mapsize) { 268 len = mapsize - start; 269 ret = false; 270 } 271 272 if (find_next_bit(map, mapsize, start) < start + len) 273 ret = false; 274 bitmap_set(map, start, len); 275 276 return ret; 277 } 278 279 /* 280 * Check the leaf freemap from the usage bitmap. Returns false if the 281 * attr freemap has problems or points to used space. 282 */ 283 STATIC bool 284 xchk_xattr_check_freemap( 285 struct xfs_scrub *sc, 286 struct xfs_attr3_icleaf_hdr *leafhdr) 287 { 288 struct xchk_xattr_buf *ab = sc->buf; 289 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 290 int i; 291 292 /* Construct bitmap of freemap contents. */ 293 bitmap_zero(ab->freemap, mapsize); 294 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { 295 if (!xchk_xattr_set_map(sc, ab->freemap, 296 leafhdr->freemap[i].base, 297 leafhdr->freemap[i].size)) 298 return false; 299 } 300 301 /* Look for bits that are set in freemap and are marked in use. */ 302 return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize); 303 } 304 305 /* 306 * Check this leaf entry's relations to everything else. 307 * Returns the number of bytes used for the name/value data. 308 */ 309 STATIC void 310 xchk_xattr_entry( 311 struct xchk_da_btree *ds, 312 int level, 313 char *buf_end, 314 struct xfs_attr_leafblock *leaf, 315 struct xfs_attr3_icleaf_hdr *leafhdr, 316 struct xfs_attr_leaf_entry *ent, 317 int idx, 318 unsigned int *usedbytes, 319 __u32 *last_hashval) 320 { 321 struct xfs_mount *mp = ds->state->mp; 322 struct xchk_xattr_buf *ab = ds->sc->buf; 323 char *name_end; 324 struct xfs_attr_leaf_name_local *lentry; 325 struct xfs_attr_leaf_name_remote *rentry; 326 unsigned int nameidx; 327 unsigned int namesize; 328 329 if (ent->pad2 != 0) 330 xchk_da_set_corrupt(ds, level); 331 332 /* Hash values in order? */ 333 if (be32_to_cpu(ent->hashval) < *last_hashval) 334 xchk_da_set_corrupt(ds, level); 335 *last_hashval = be32_to_cpu(ent->hashval); 336 337 nameidx = be16_to_cpu(ent->nameidx); 338 if (nameidx < leafhdr->firstused || 339 nameidx >= mp->m_attr_geo->blksize) { 340 xchk_da_set_corrupt(ds, level); 341 return; 342 } 343 344 /* Check the name information. */ 345 if (ent->flags & XFS_ATTR_LOCAL) { 346 lentry = xfs_attr3_leaf_name_local(leaf, idx); 347 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, 348 be16_to_cpu(lentry->valuelen)); 349 name_end = (char *)lentry + namesize; 350 if (lentry->namelen == 0) 351 xchk_da_set_corrupt(ds, level); 352 } else { 353 rentry = xfs_attr3_leaf_name_remote(leaf, idx); 354 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen); 355 name_end = (char *)rentry + namesize; 356 if (rentry->namelen == 0 || rentry->valueblk == 0) 357 xchk_da_set_corrupt(ds, level); 358 } 359 if (name_end > buf_end) 360 xchk_da_set_corrupt(ds, level); 361 362 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, nameidx, namesize)) 363 xchk_da_set_corrupt(ds, level); 364 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) 365 *usedbytes += namesize; 366 } 367 368 /* Scrub an attribute leaf. */ 369 STATIC int 370 xchk_xattr_block( 371 struct xchk_da_btree *ds, 372 int level) 373 { 374 struct xfs_attr3_icleaf_hdr leafhdr; 375 struct xfs_mount *mp = ds->state->mp; 376 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 377 struct xfs_buf *bp = blk->bp; 378 xfs_dablk_t *last_checked = ds->private; 379 struct xfs_attr_leafblock *leaf = bp->b_addr; 380 struct xfs_attr_leaf_entry *ent; 381 struct xfs_attr_leaf_entry *entries; 382 struct xchk_xattr_buf *ab = ds->sc->buf; 383 char *buf_end; 384 size_t off; 385 __u32 last_hashval = 0; 386 unsigned int usedbytes = 0; 387 unsigned int hdrsize; 388 int i; 389 390 if (*last_checked == blk->blkno) 391 return 0; 392 393 *last_checked = blk->blkno; 394 bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize); 395 396 /* Check all the padding. */ 397 if (xfs_has_crc(ds->sc->mp)) { 398 struct xfs_attr3_leafblock *leaf3 = bp->b_addr; 399 400 if (leaf3->hdr.pad1 != 0 || leaf3->hdr.pad2 != 0 || 401 leaf3->hdr.info.hdr.pad != 0) 402 xchk_da_set_corrupt(ds, level); 403 } else { 404 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0) 405 xchk_da_set_corrupt(ds, level); 406 } 407 408 /* Check the leaf header */ 409 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf); 410 hdrsize = xfs_attr3_leaf_hdr_size(leaf); 411 412 /* 413 * Empty xattr leaf blocks mapped at block 0 are probably a byproduct 414 * of a race between setxattr and a log shutdown. Anywhere else in the 415 * attr fork is a corruption. 416 */ 417 if (leafhdr.count == 0) { 418 if (blk->blkno == 0) 419 xchk_da_set_preen(ds, level); 420 else 421 xchk_da_set_corrupt(ds, level); 422 } 423 if (leafhdr.usedbytes > mp->m_attr_geo->blksize) 424 xchk_da_set_corrupt(ds, level); 425 if (leafhdr.firstused > mp->m_attr_geo->blksize) 426 xchk_da_set_corrupt(ds, level); 427 if (leafhdr.firstused < hdrsize) 428 xchk_da_set_corrupt(ds, level); 429 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, 0, hdrsize)) 430 xchk_da_set_corrupt(ds, level); 431 if (leafhdr.holes) 432 xchk_da_set_preen(ds, level); 433 434 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 435 goto out; 436 437 entries = xfs_attr3_leaf_entryp(leaf); 438 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused) 439 xchk_da_set_corrupt(ds, level); 440 441 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize; 442 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) { 443 /* Mark the leaf entry itself. */ 444 off = (char *)ent - (char *)leaf; 445 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, off, 446 sizeof(xfs_attr_leaf_entry_t))) { 447 xchk_da_set_corrupt(ds, level); 448 goto out; 449 } 450 451 /* Check the entry and nameval. */ 452 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr, 453 ent, i, &usedbytes, &last_hashval); 454 455 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 456 goto out; 457 } 458 459 if (!xchk_xattr_check_freemap(ds->sc, &leafhdr)) 460 xchk_da_set_corrupt(ds, level); 461 462 if (leafhdr.usedbytes != usedbytes) 463 xchk_da_set_corrupt(ds, level); 464 465 out: 466 return 0; 467 } 468 469 /* Scrub a attribute btree record. */ 470 STATIC int 471 xchk_xattr_rec( 472 struct xchk_da_btree *ds, 473 int level) 474 { 475 struct xfs_mount *mp = ds->state->mp; 476 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 477 struct xfs_attr_leaf_name_local *lentry; 478 struct xfs_attr_leaf_name_remote *rentry; 479 struct xfs_buf *bp; 480 struct xfs_attr_leaf_entry *ent; 481 xfs_dahash_t calc_hash; 482 xfs_dahash_t hash; 483 int nameidx; 484 int hdrsize; 485 unsigned int badflags; 486 int error; 487 488 ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); 489 490 ent = xfs_attr3_leaf_entryp(blk->bp->b_addr) + blk->index; 491 492 /* Check the whole block, if necessary. */ 493 error = xchk_xattr_block(ds, level); 494 if (error) 495 goto out; 496 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 497 goto out; 498 499 /* Check the hash of the entry. */ 500 error = xchk_da_btree_hash(ds, level, &ent->hashval); 501 if (error) 502 goto out; 503 504 /* Find the attr entry's location. */ 505 bp = blk->bp; 506 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr); 507 nameidx = be16_to_cpu(ent->nameidx); 508 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) { 509 xchk_da_set_corrupt(ds, level); 510 goto out; 511 } 512 513 /* Retrieve the entry and check it. */ 514 hash = be32_to_cpu(ent->hashval); 515 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | 516 XFS_ATTR_INCOMPLETE); 517 if ((ent->flags & badflags) != 0) 518 xchk_da_set_corrupt(ds, level); 519 if (ent->flags & XFS_ATTR_LOCAL) { 520 lentry = (struct xfs_attr_leaf_name_local *) 521 (((char *)bp->b_addr) + nameidx); 522 if (lentry->namelen <= 0) { 523 xchk_da_set_corrupt(ds, level); 524 goto out; 525 } 526 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen); 527 } else { 528 rentry = (struct xfs_attr_leaf_name_remote *) 529 (((char *)bp->b_addr) + nameidx); 530 if (rentry->namelen <= 0) { 531 xchk_da_set_corrupt(ds, level); 532 goto out; 533 } 534 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen); 535 } 536 if (calc_hash != hash) 537 xchk_da_set_corrupt(ds, level); 538 539 out: 540 return error; 541 } 542 543 /* Check space usage of shortform attrs. */ 544 STATIC int 545 xchk_xattr_check_sf( 546 struct xfs_scrub *sc) 547 { 548 struct xchk_xattr_buf *ab = sc->buf; 549 struct xfs_ifork *ifp = &sc->ip->i_af; 550 struct xfs_attr_sf_hdr *sf = ifp->if_data; 551 struct xfs_attr_sf_entry *sfe = xfs_attr_sf_firstentry(sf); 552 struct xfs_attr_sf_entry *next; 553 unsigned char *end = ifp->if_data + ifp->if_bytes; 554 int i; 555 int error = 0; 556 557 bitmap_zero(ab->usedmap, ifp->if_bytes); 558 xchk_xattr_set_map(sc, ab->usedmap, 0, sizeof(*sf)); 559 560 if ((unsigned char *)sfe > end) { 561 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 562 return 0; 563 } 564 565 for (i = 0; i < sf->count; i++) { 566 unsigned char *name = sfe->nameval; 567 unsigned char *value = &sfe->nameval[sfe->namelen]; 568 569 if (xchk_should_terminate(sc, &error)) 570 return error; 571 572 next = xfs_attr_sf_nextentry(sfe); 573 if ((unsigned char *)next > end) { 574 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 575 break; 576 } 577 578 if (!xchk_xattr_set_map(sc, ab->usedmap, 579 (char *)sfe - (char *)sf, 580 sizeof(struct xfs_attr_sf_entry))) { 581 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 582 break; 583 } 584 585 if (!xchk_xattr_set_map(sc, ab->usedmap, 586 (char *)name - (char *)sf, 587 sfe->namelen)) { 588 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 589 break; 590 } 591 592 if (!xchk_xattr_set_map(sc, ab->usedmap, 593 (char *)value - (char *)sf, 594 sfe->valuelen)) { 595 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 596 break; 597 } 598 599 sfe = next; 600 } 601 602 return 0; 603 } 604 605 /* Scrub the extended attribute metadata. */ 606 int 607 xchk_xattr( 608 struct xfs_scrub *sc) 609 { 610 xfs_dablk_t last_checked = -1U; 611 int error = 0; 612 613 if (!xfs_inode_hasattr(sc->ip)) 614 return -ENOENT; 615 616 /* Allocate memory for xattr checking. */ 617 error = xchk_setup_xattr_buf(sc, 0); 618 if (error == -ENOMEM) 619 return -EDEADLOCK; 620 if (error) 621 return error; 622 623 /* Check the physical structure of the xattr. */ 624 if (sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL) 625 error = xchk_xattr_check_sf(sc); 626 else 627 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec, 628 &last_checked); 629 if (error) 630 return error; 631 632 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 633 return 0; 634 635 /* 636 * Look up every xattr in this file by name and hash. 637 * 638 * The VFS only locks i_rwsem when modifying attrs, so keep all 639 * three locks held because that's the only way to ensure we're 640 * the only thread poking into the da btree. We traverse the da 641 * btree while holding a leaf buffer locked for the xattr name 642 * iteration, which doesn't really follow the usual buffer 643 * locking order. 644 */ 645 error = xchk_xattr_walk(sc, sc->ip, xchk_xattr_actor, NULL); 646 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error)) 647 return error; 648 649 return 0; 650 } 651