1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2017 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_log_format.h" 13 #include "xfs_inode.h" 14 #include "xfs_da_format.h" 15 #include "xfs_da_btree.h" 16 #include "xfs_attr.h" 17 #include "xfs_attr_leaf.h" 18 #include "scrub/scrub.h" 19 #include "scrub/common.h" 20 #include "scrub/dabtree.h" 21 #include "scrub/attr.h" 22 23 /* 24 * Allocate enough memory to hold an attr value and attr block bitmaps, 25 * reallocating the buffer if necessary. Buffer contents are not preserved 26 * across a reallocation. 27 */ 28 int 29 xchk_setup_xattr_buf( 30 struct xfs_scrub *sc, 31 size_t value_size, 32 xfs_km_flags_t flags) 33 { 34 size_t sz; 35 struct xchk_xattr_buf *ab = sc->buf; 36 37 /* 38 * We need enough space to read an xattr value from the file or enough 39 * space to hold three copies of the xattr free space bitmap. We don't 40 * need the buffer space for both purposes at the same time. 41 */ 42 sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize); 43 sz = max_t(size_t, sz, value_size); 44 45 /* 46 * If there's already a buffer, figure out if we need to reallocate it 47 * to accommodate a larger size. 48 */ 49 if (ab) { 50 if (sz <= ab->sz) 51 return 0; 52 kmem_free(ab); 53 sc->buf = NULL; 54 } 55 56 /* 57 * Don't zero the buffer upon allocation to avoid runtime overhead. 58 * All users must be careful never to read uninitialized contents. 59 */ 60 ab = kmem_alloc_large(sizeof(*ab) + sz, flags); 61 if (!ab) 62 return -ENOMEM; 63 64 ab->sz = sz; 65 sc->buf = ab; 66 return 0; 67 } 68 69 /* Set us up to scrub an inode's extended attributes. */ 70 int 71 xchk_setup_xattr( 72 struct xfs_scrub *sc) 73 { 74 int error; 75 76 /* 77 * We failed to get memory while checking attrs, so this time try to 78 * get all the memory we're ever going to need. Allocate the buffer 79 * without the inode lock held, which means we can sleep. 80 */ 81 if (sc->flags & XCHK_TRY_HARDER) { 82 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, 0); 83 if (error) 84 return error; 85 } 86 87 return xchk_setup_inode_contents(sc, 0); 88 } 89 90 /* Extended Attributes */ 91 92 struct xchk_xattr { 93 struct xfs_attr_list_context context; 94 struct xfs_scrub *sc; 95 }; 96 97 /* 98 * Check that an extended attribute key can be looked up by hash. 99 * 100 * We use the XFS attribute list iterator (i.e. xfs_attr_list_ilocked) 101 * to call this function for every attribute key in an inode. Once 102 * we're here, we load the attribute value to see if any errors happen, 103 * or if we get more or less data than we expected. 104 */ 105 static void 106 xchk_xattr_listent( 107 struct xfs_attr_list_context *context, 108 int flags, 109 unsigned char *name, 110 int namelen, 111 int valuelen) 112 { 113 struct xchk_xattr *sx; 114 struct xfs_da_args args = { NULL }; 115 int error = 0; 116 117 sx = container_of(context, struct xchk_xattr, context); 118 119 if (xchk_should_terminate(sx->sc, &error)) { 120 context->seen_enough = error; 121 return; 122 } 123 124 if (flags & XFS_ATTR_INCOMPLETE) { 125 /* Incomplete attr key, just mark the inode for preening. */ 126 xchk_ino_set_preen(sx->sc, context->dp->i_ino); 127 return; 128 } 129 130 /* Does this name make sense? */ 131 if (!xfs_attr_namecheck(name, namelen)) { 132 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); 133 return; 134 } 135 136 /* 137 * Try to allocate enough memory to extrat the attr value. If that 138 * doesn't work, we overload the seen_enough variable to convey 139 * the error message back to the main scrub function. 140 */ 141 error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL); 142 if (error == -ENOMEM) 143 error = -EDEADLOCK; 144 if (error) { 145 context->seen_enough = error; 146 return; 147 } 148 149 args.op_flags = XFS_DA_OP_NOTIME; 150 args.attr_filter = flags & XFS_ATTR_NSP_ONDISK_MASK; 151 args.geo = context->dp->i_mount->m_attr_geo; 152 args.whichfork = XFS_ATTR_FORK; 153 args.dp = context->dp; 154 args.name = name; 155 args.namelen = namelen; 156 args.hashval = xfs_da_hashname(args.name, args.namelen); 157 args.trans = context->tp; 158 args.value = xchk_xattr_valuebuf(sx->sc); 159 args.valuelen = valuelen; 160 161 error = xfs_attr_get_ilocked(&args); 162 /* ENODATA means the hash lookup failed and the attr is bad */ 163 if (error == -ENODATA) 164 error = -EFSCORRUPTED; 165 if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno, 166 &error)) 167 goto fail_xref; 168 if (args.valuelen != valuelen) 169 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, 170 args.blkno); 171 fail_xref: 172 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 173 context->seen_enough = 1; 174 return; 175 } 176 177 /* 178 * Mark a range [start, start+len) in this map. Returns true if the 179 * region was free, and false if there's a conflict or a problem. 180 * 181 * Within a char, the lowest bit of the char represents the byte with 182 * the smallest address 183 */ 184 STATIC bool 185 xchk_xattr_set_map( 186 struct xfs_scrub *sc, 187 unsigned long *map, 188 unsigned int start, 189 unsigned int len) 190 { 191 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 192 bool ret = true; 193 194 if (start >= mapsize) 195 return false; 196 if (start + len > mapsize) { 197 len = mapsize - start; 198 ret = false; 199 } 200 201 if (find_next_bit(map, mapsize, start) < start + len) 202 ret = false; 203 bitmap_set(map, start, len); 204 205 return ret; 206 } 207 208 /* 209 * Check the leaf freemap from the usage bitmap. Returns false if the 210 * attr freemap has problems or points to used space. 211 */ 212 STATIC bool 213 xchk_xattr_check_freemap( 214 struct xfs_scrub *sc, 215 unsigned long *map, 216 struct xfs_attr3_icleaf_hdr *leafhdr) 217 { 218 unsigned long *freemap = xchk_xattr_freemap(sc); 219 unsigned long *dstmap = xchk_xattr_dstmap(sc); 220 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 221 int i; 222 223 /* Construct bitmap of freemap contents. */ 224 bitmap_zero(freemap, mapsize); 225 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { 226 if (!xchk_xattr_set_map(sc, freemap, 227 leafhdr->freemap[i].base, 228 leafhdr->freemap[i].size)) 229 return false; 230 } 231 232 /* Look for bits that are set in freemap and are marked in use. */ 233 return bitmap_and(dstmap, freemap, map, mapsize) == 0; 234 } 235 236 /* 237 * Check this leaf entry's relations to everything else. 238 * Returns the number of bytes used for the name/value data. 239 */ 240 STATIC void 241 xchk_xattr_entry( 242 struct xchk_da_btree *ds, 243 int level, 244 char *buf_end, 245 struct xfs_attr_leafblock *leaf, 246 struct xfs_attr3_icleaf_hdr *leafhdr, 247 struct xfs_attr_leaf_entry *ent, 248 int idx, 249 unsigned int *usedbytes, 250 __u32 *last_hashval) 251 { 252 struct xfs_mount *mp = ds->state->mp; 253 unsigned long *usedmap = xchk_xattr_usedmap(ds->sc); 254 char *name_end; 255 struct xfs_attr_leaf_name_local *lentry; 256 struct xfs_attr_leaf_name_remote *rentry; 257 unsigned int nameidx; 258 unsigned int namesize; 259 260 if (ent->pad2 != 0) 261 xchk_da_set_corrupt(ds, level); 262 263 /* Hash values in order? */ 264 if (be32_to_cpu(ent->hashval) < *last_hashval) 265 xchk_da_set_corrupt(ds, level); 266 *last_hashval = be32_to_cpu(ent->hashval); 267 268 nameidx = be16_to_cpu(ent->nameidx); 269 if (nameidx < leafhdr->firstused || 270 nameidx >= mp->m_attr_geo->blksize) { 271 xchk_da_set_corrupt(ds, level); 272 return; 273 } 274 275 /* Check the name information. */ 276 if (ent->flags & XFS_ATTR_LOCAL) { 277 lentry = xfs_attr3_leaf_name_local(leaf, idx); 278 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, 279 be16_to_cpu(lentry->valuelen)); 280 name_end = (char *)lentry + namesize; 281 if (lentry->namelen == 0) 282 xchk_da_set_corrupt(ds, level); 283 } else { 284 rentry = xfs_attr3_leaf_name_remote(leaf, idx); 285 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen); 286 name_end = (char *)rentry + namesize; 287 if (rentry->namelen == 0 || rentry->valueblk == 0) 288 xchk_da_set_corrupt(ds, level); 289 } 290 if (name_end > buf_end) 291 xchk_da_set_corrupt(ds, level); 292 293 if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize)) 294 xchk_da_set_corrupt(ds, level); 295 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) 296 *usedbytes += namesize; 297 } 298 299 /* Scrub an attribute leaf. */ 300 STATIC int 301 xchk_xattr_block( 302 struct xchk_da_btree *ds, 303 int level) 304 { 305 struct xfs_attr3_icleaf_hdr leafhdr; 306 struct xfs_mount *mp = ds->state->mp; 307 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 308 struct xfs_buf *bp = blk->bp; 309 xfs_dablk_t *last_checked = ds->private; 310 struct xfs_attr_leafblock *leaf = bp->b_addr; 311 struct xfs_attr_leaf_entry *ent; 312 struct xfs_attr_leaf_entry *entries; 313 unsigned long *usedmap; 314 char *buf_end; 315 size_t off; 316 __u32 last_hashval = 0; 317 unsigned int usedbytes = 0; 318 unsigned int hdrsize; 319 int i; 320 int error; 321 322 if (*last_checked == blk->blkno) 323 return 0; 324 325 /* Allocate memory for block usage checking. */ 326 error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL); 327 if (error == -ENOMEM) 328 return -EDEADLOCK; 329 if (error) 330 return error; 331 usedmap = xchk_xattr_usedmap(ds->sc); 332 333 *last_checked = blk->blkno; 334 bitmap_zero(usedmap, mp->m_attr_geo->blksize); 335 336 /* Check all the padding. */ 337 if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) { 338 struct xfs_attr3_leafblock *leaf = bp->b_addr; 339 340 if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 || 341 leaf->hdr.info.hdr.pad != 0) 342 xchk_da_set_corrupt(ds, level); 343 } else { 344 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0) 345 xchk_da_set_corrupt(ds, level); 346 } 347 348 /* Check the leaf header */ 349 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf); 350 hdrsize = xfs_attr3_leaf_hdr_size(leaf); 351 352 if (leafhdr.usedbytes > mp->m_attr_geo->blksize) 353 xchk_da_set_corrupt(ds, level); 354 if (leafhdr.firstused > mp->m_attr_geo->blksize) 355 xchk_da_set_corrupt(ds, level); 356 if (leafhdr.firstused < hdrsize) 357 xchk_da_set_corrupt(ds, level); 358 if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize)) 359 xchk_da_set_corrupt(ds, level); 360 361 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 362 goto out; 363 364 entries = xfs_attr3_leaf_entryp(leaf); 365 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused) 366 xchk_da_set_corrupt(ds, level); 367 368 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize; 369 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) { 370 /* Mark the leaf entry itself. */ 371 off = (char *)ent - (char *)leaf; 372 if (!xchk_xattr_set_map(ds->sc, usedmap, off, 373 sizeof(xfs_attr_leaf_entry_t))) { 374 xchk_da_set_corrupt(ds, level); 375 goto out; 376 } 377 378 /* Check the entry and nameval. */ 379 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr, 380 ent, i, &usedbytes, &last_hashval); 381 382 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 383 goto out; 384 } 385 386 if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr)) 387 xchk_da_set_corrupt(ds, level); 388 389 if (leafhdr.usedbytes != usedbytes) 390 xchk_da_set_corrupt(ds, level); 391 392 out: 393 return 0; 394 } 395 396 /* Scrub a attribute btree record. */ 397 STATIC int 398 xchk_xattr_rec( 399 struct xchk_da_btree *ds, 400 int level) 401 { 402 struct xfs_mount *mp = ds->state->mp; 403 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 404 struct xfs_attr_leaf_name_local *lentry; 405 struct xfs_attr_leaf_name_remote *rentry; 406 struct xfs_buf *bp; 407 struct xfs_attr_leaf_entry *ent; 408 xfs_dahash_t calc_hash; 409 xfs_dahash_t hash; 410 int nameidx; 411 int hdrsize; 412 unsigned int badflags; 413 int error; 414 415 ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); 416 417 ent = xfs_attr3_leaf_entryp(blk->bp->b_addr) + blk->index; 418 419 /* Check the whole block, if necessary. */ 420 error = xchk_xattr_block(ds, level); 421 if (error) 422 goto out; 423 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 424 goto out; 425 426 /* Check the hash of the entry. */ 427 error = xchk_da_btree_hash(ds, level, &ent->hashval); 428 if (error) 429 goto out; 430 431 /* Find the attr entry's location. */ 432 bp = blk->bp; 433 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr); 434 nameidx = be16_to_cpu(ent->nameidx); 435 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) { 436 xchk_da_set_corrupt(ds, level); 437 goto out; 438 } 439 440 /* Retrieve the entry and check it. */ 441 hash = be32_to_cpu(ent->hashval); 442 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | 443 XFS_ATTR_INCOMPLETE); 444 if ((ent->flags & badflags) != 0) 445 xchk_da_set_corrupt(ds, level); 446 if (ent->flags & XFS_ATTR_LOCAL) { 447 lentry = (struct xfs_attr_leaf_name_local *) 448 (((char *)bp->b_addr) + nameidx); 449 if (lentry->namelen <= 0) { 450 xchk_da_set_corrupt(ds, level); 451 goto out; 452 } 453 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen); 454 } else { 455 rentry = (struct xfs_attr_leaf_name_remote *) 456 (((char *)bp->b_addr) + nameidx); 457 if (rentry->namelen <= 0) { 458 xchk_da_set_corrupt(ds, level); 459 goto out; 460 } 461 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen); 462 } 463 if (calc_hash != hash) 464 xchk_da_set_corrupt(ds, level); 465 466 out: 467 return error; 468 } 469 470 /* Scrub the extended attribute metadata. */ 471 int 472 xchk_xattr( 473 struct xfs_scrub *sc) 474 { 475 struct xchk_xattr sx; 476 xfs_dablk_t last_checked = -1U; 477 int error = 0; 478 479 if (!xfs_inode_hasattr(sc->ip)) 480 return -ENOENT; 481 482 memset(&sx, 0, sizeof(sx)); 483 /* Check attribute tree structure */ 484 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec, 485 &last_checked); 486 if (error) 487 goto out; 488 489 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 490 goto out; 491 492 /* Check that every attr key can also be looked up by hash. */ 493 sx.context.dp = sc->ip; 494 sx.context.resynch = 1; 495 sx.context.put_listent = xchk_xattr_listent; 496 sx.context.tp = sc->tp; 497 sx.context.allow_incomplete = true; 498 sx.sc = sc; 499 500 /* 501 * Look up every xattr in this file by name. 502 * 503 * Use the backend implementation of xfs_attr_list to call 504 * xchk_xattr_listent on every attribute key in this inode. 505 * In other words, we use the same iterator/callback mechanism 506 * that listattr uses to scrub extended attributes, though in our 507 * _listent function, we check the value of the attribute. 508 * 509 * The VFS only locks i_rwsem when modifying attrs, so keep all 510 * three locks held because that's the only way to ensure we're 511 * the only thread poking into the da btree. We traverse the da 512 * btree while holding a leaf buffer locked for the xattr name 513 * iteration, which doesn't really follow the usual buffer 514 * locking order. 515 */ 516 error = xfs_attr_list_ilocked(&sx.context); 517 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error)) 518 goto out; 519 520 /* Did our listent function try to return any errors? */ 521 if (sx.context.seen_enough < 0) 522 error = sx.context.seen_enough; 523 out: 524 return error; 525 } 526