1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2017 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_log_format.h" 13 #include "xfs_trans.h" 14 #include "xfs_inode.h" 15 #include "xfs_icache.h" 16 #include "xfs_dir2.h" 17 #include "xfs_dir2_priv.h" 18 #include "scrub/scrub.h" 19 #include "scrub/common.h" 20 #include "scrub/dabtree.h" 21 22 /* Set us up to scrub directories. */ 23 int 24 xchk_setup_directory( 25 struct xfs_scrub *sc, 26 struct xfs_inode *ip) 27 { 28 return xchk_setup_inode_contents(sc, ip, 0); 29 } 30 31 /* Directories */ 32 33 /* Scrub a directory entry. */ 34 35 struct xchk_dir_ctx { 36 /* VFS fill-directory iterator */ 37 struct dir_context dir_iter; 38 39 struct xfs_scrub *sc; 40 }; 41 42 /* Check that an inode's mode matches a given DT_ type. */ 43 STATIC int 44 xchk_dir_check_ftype( 45 struct xchk_dir_ctx *sdc, 46 xfs_fileoff_t offset, 47 xfs_ino_t inum, 48 int dtype) 49 { 50 struct xfs_mount *mp = sdc->sc->mp; 51 struct xfs_inode *ip; 52 int ino_dtype; 53 int error = 0; 54 55 if (!xfs_sb_version_hasftype(&mp->m_sb)) { 56 if (dtype != DT_UNKNOWN && dtype != DT_DIR) 57 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 58 offset); 59 goto out; 60 } 61 62 /* 63 * Grab the inode pointed to by the dirent. We release the 64 * inode before we cancel the scrub transaction. Since we're 65 * don't know a priori that releasing the inode won't trigger 66 * eofblocks cleanup (which allocates what would be a nested 67 * transaction), we can't use DONTCACHE here because DONTCACHE 68 * inodes can trigger immediate inactive cleanup of the inode. 69 * 70 * If _iget returns -EINVAL or -ENOENT then the child inode number is 71 * garbage and the directory is corrupt. If the _iget returns 72 * -EFSCORRUPTED or -EFSBADCRC then the child is corrupt which is a 73 * cross referencing error. Any other error is an operational error. 74 */ 75 error = xfs_iget(mp, sdc->sc->tp, inum, 0, 0, &ip); 76 if (error == -EINVAL || error == -ENOENT) { 77 error = -EFSCORRUPTED; 78 xchk_fblock_process_error(sdc->sc, XFS_DATA_FORK, 0, &error); 79 goto out; 80 } 81 if (!xchk_fblock_xref_process_error(sdc->sc, XFS_DATA_FORK, offset, 82 &error)) 83 goto out; 84 85 /* Convert mode to the DT_* values that dir_emit uses. */ 86 ino_dtype = xfs_dir3_get_dtype(mp, 87 xfs_mode_to_ftype(VFS_I(ip)->i_mode)); 88 if (ino_dtype != dtype) 89 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 90 xfs_irele(ip); 91 out: 92 return error; 93 } 94 95 /* 96 * Scrub a single directory entry. 97 * 98 * We use the VFS directory iterator (i.e. readdir) to call this 99 * function for every directory entry in a directory. Once we're here, 100 * we check the inode number to make sure it's sane, then we check that 101 * we can look up this filename. Finally, we check the ftype. 102 */ 103 STATIC int 104 xchk_dir_actor( 105 struct dir_context *dir_iter, 106 const char *name, 107 int namelen, 108 loff_t pos, 109 u64 ino, 110 unsigned type) 111 { 112 struct xfs_mount *mp; 113 struct xfs_inode *ip; 114 struct xchk_dir_ctx *sdc; 115 struct xfs_name xname; 116 xfs_ino_t lookup_ino; 117 xfs_dablk_t offset; 118 bool checked_ftype = false; 119 int error = 0; 120 121 sdc = container_of(dir_iter, struct xchk_dir_ctx, dir_iter); 122 ip = sdc->sc->ip; 123 mp = ip->i_mount; 124 offset = xfs_dir2_db_to_da(mp->m_dir_geo, 125 xfs_dir2_dataptr_to_db(mp->m_dir_geo, pos)); 126 127 if (xchk_should_terminate(sdc->sc, &error)) 128 return error; 129 130 /* Does this inode number make sense? */ 131 if (!xfs_verify_dir_ino(mp, ino)) { 132 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 133 goto out; 134 } 135 136 /* Does this name make sense? */ 137 if (!xfs_dir2_namecheck(name, namelen)) { 138 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 139 goto out; 140 } 141 142 if (!strncmp(".", name, namelen)) { 143 /* If this is "." then check that the inum matches the dir. */ 144 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR) 145 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 146 offset); 147 checked_ftype = true; 148 if (ino != ip->i_ino) 149 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 150 offset); 151 } else if (!strncmp("..", name, namelen)) { 152 /* 153 * If this is ".." in the root inode, check that the inum 154 * matches this dir. 155 */ 156 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR) 157 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 158 offset); 159 checked_ftype = true; 160 if (ip->i_ino == mp->m_sb.sb_rootino && ino != ip->i_ino) 161 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 162 offset); 163 } 164 165 /* Verify that we can look up this name by hash. */ 166 xname.name = name; 167 xname.len = namelen; 168 xname.type = XFS_DIR3_FT_UNKNOWN; 169 170 error = xfs_dir_lookup(sdc->sc->tp, ip, &xname, &lookup_ino, NULL); 171 /* ENOENT means the hash lookup failed and the dir is corrupt */ 172 if (error == -ENOENT) 173 error = -EFSCORRUPTED; 174 if (!xchk_fblock_process_error(sdc->sc, XFS_DATA_FORK, offset, 175 &error)) 176 goto out; 177 if (lookup_ino != ino) { 178 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 179 goto out; 180 } 181 182 /* Verify the file type. This function absorbs error codes. */ 183 if (!checked_ftype) { 184 error = xchk_dir_check_ftype(sdc, offset, lookup_ino, type); 185 if (error) 186 goto out; 187 } 188 out: 189 /* 190 * A negative error code returned here is supposed to cause the 191 * dir_emit caller (xfs_readdir) to abort the directory iteration 192 * and return zero to xchk_directory. 193 */ 194 if (error == 0 && sdc->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 195 return -EFSCORRUPTED; 196 return error; 197 } 198 199 /* Scrub a directory btree record. */ 200 STATIC int 201 xchk_dir_rec( 202 struct xchk_da_btree *ds, 203 int level) 204 { 205 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 206 struct xfs_mount *mp = ds->state->mp; 207 struct xfs_inode *dp = ds->dargs.dp; 208 struct xfs_da_geometry *geo = mp->m_dir_geo; 209 struct xfs_dir2_data_entry *dent; 210 struct xfs_buf *bp; 211 struct xfs_dir2_leaf_entry *ent; 212 unsigned int end; 213 unsigned int iter_off; 214 xfs_ino_t ino; 215 xfs_dablk_t rec_bno; 216 xfs_dir2_db_t db; 217 xfs_dir2_data_aoff_t off; 218 xfs_dir2_dataptr_t ptr; 219 xfs_dahash_t calc_hash; 220 xfs_dahash_t hash; 221 struct xfs_dir3_icleaf_hdr hdr; 222 unsigned int tag; 223 int error; 224 225 ASSERT(blk->magic == XFS_DIR2_LEAF1_MAGIC || 226 blk->magic == XFS_DIR2_LEAFN_MAGIC); 227 228 xfs_dir2_leaf_hdr_from_disk(mp, &hdr, blk->bp->b_addr); 229 ent = hdr.ents + blk->index; 230 231 /* Check the hash of the entry. */ 232 error = xchk_da_btree_hash(ds, level, &ent->hashval); 233 if (error) 234 goto out; 235 236 /* Valid hash pointer? */ 237 ptr = be32_to_cpu(ent->address); 238 if (ptr == 0) 239 return 0; 240 241 /* Find the directory entry's location. */ 242 db = xfs_dir2_dataptr_to_db(geo, ptr); 243 off = xfs_dir2_dataptr_to_off(geo, ptr); 244 rec_bno = xfs_dir2_db_to_da(geo, db); 245 246 if (rec_bno >= geo->leafblk) { 247 xchk_da_set_corrupt(ds, level); 248 goto out; 249 } 250 error = xfs_dir3_data_read(ds->dargs.trans, dp, rec_bno, 251 XFS_DABUF_MAP_HOLE_OK, &bp); 252 if (!xchk_fblock_process_error(ds->sc, XFS_DATA_FORK, rec_bno, 253 &error)) 254 goto out; 255 if (!bp) { 256 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 257 goto out; 258 } 259 xchk_buffer_recheck(ds->sc, bp); 260 261 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 262 goto out_relse; 263 264 dent = bp->b_addr + off; 265 266 /* Make sure we got a real directory entry. */ 267 iter_off = geo->data_entry_offset; 268 end = xfs_dir3_data_end_offset(geo, bp->b_addr); 269 if (!end) { 270 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 271 goto out_relse; 272 } 273 for (;;) { 274 struct xfs_dir2_data_entry *dep = bp->b_addr + iter_off; 275 struct xfs_dir2_data_unused *dup = bp->b_addr + iter_off; 276 277 if (iter_off >= end) { 278 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 279 goto out_relse; 280 } 281 282 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) { 283 iter_off += be16_to_cpu(dup->length); 284 continue; 285 } 286 if (dep == dent) 287 break; 288 iter_off += xfs_dir2_data_entsize(mp, dep->namelen); 289 } 290 291 /* Retrieve the entry, sanity check it, and compare hashes. */ 292 ino = be64_to_cpu(dent->inumber); 293 hash = be32_to_cpu(ent->hashval); 294 tag = be16_to_cpup(xfs_dir2_data_entry_tag_p(mp, dent)); 295 if (!xfs_verify_dir_ino(mp, ino) || tag != off) 296 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 297 if (dent->namelen == 0) { 298 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 299 goto out_relse; 300 } 301 calc_hash = xfs_da_hashname(dent->name, dent->namelen); 302 if (calc_hash != hash) 303 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 304 305 out_relse: 306 xfs_trans_brelse(ds->dargs.trans, bp); 307 out: 308 return error; 309 } 310 311 /* 312 * Is this unused entry either in the bestfree or smaller than all of 313 * them? We've already checked that the bestfrees are sorted longest to 314 * shortest, and that there aren't any bogus entries. 315 */ 316 STATIC void 317 xchk_directory_check_free_entry( 318 struct xfs_scrub *sc, 319 xfs_dablk_t lblk, 320 struct xfs_dir2_data_free *bf, 321 struct xfs_dir2_data_unused *dup) 322 { 323 struct xfs_dir2_data_free *dfp; 324 unsigned int dup_length; 325 326 dup_length = be16_to_cpu(dup->length); 327 328 /* Unused entry is shorter than any of the bestfrees */ 329 if (dup_length < be16_to_cpu(bf[XFS_DIR2_DATA_FD_COUNT - 1].length)) 330 return; 331 332 for (dfp = &bf[XFS_DIR2_DATA_FD_COUNT - 1]; dfp >= bf; dfp--) 333 if (dup_length == be16_to_cpu(dfp->length)) 334 return; 335 336 /* Unused entry should be in the bestfrees but wasn't found. */ 337 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 338 } 339 340 /* Check free space info in a directory data block. */ 341 STATIC int 342 xchk_directory_data_bestfree( 343 struct xfs_scrub *sc, 344 xfs_dablk_t lblk, 345 bool is_block) 346 { 347 struct xfs_dir2_data_unused *dup; 348 struct xfs_dir2_data_free *dfp; 349 struct xfs_buf *bp; 350 struct xfs_dir2_data_free *bf; 351 struct xfs_mount *mp = sc->mp; 352 u16 tag; 353 unsigned int nr_bestfrees = 0; 354 unsigned int nr_frees = 0; 355 unsigned int smallest_bestfree; 356 int newlen; 357 unsigned int offset; 358 unsigned int end; 359 int error; 360 361 if (is_block) { 362 /* dir block format */ 363 if (lblk != XFS_B_TO_FSBT(mp, XFS_DIR2_DATA_OFFSET)) 364 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 365 error = xfs_dir3_block_read(sc->tp, sc->ip, &bp); 366 } else { 367 /* dir data format */ 368 error = xfs_dir3_data_read(sc->tp, sc->ip, lblk, 0, &bp); 369 } 370 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 371 goto out; 372 xchk_buffer_recheck(sc, bp); 373 374 /* XXX: Check xfs_dir3_data_hdr.pad is zero once we start setting it. */ 375 376 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 377 goto out_buf; 378 379 /* Do the bestfrees correspond to actual free space? */ 380 bf = xfs_dir2_data_bestfree_p(mp, bp->b_addr); 381 smallest_bestfree = UINT_MAX; 382 for (dfp = &bf[0]; dfp < &bf[XFS_DIR2_DATA_FD_COUNT]; dfp++) { 383 offset = be16_to_cpu(dfp->offset); 384 if (offset == 0) 385 continue; 386 if (offset >= mp->m_dir_geo->blksize) { 387 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 388 goto out_buf; 389 } 390 dup = bp->b_addr + offset; 391 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)); 392 393 /* bestfree doesn't match the entry it points at? */ 394 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG) || 395 be16_to_cpu(dup->length) != be16_to_cpu(dfp->length) || 396 tag != offset) { 397 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 398 goto out_buf; 399 } 400 401 /* bestfree records should be ordered largest to smallest */ 402 if (smallest_bestfree < be16_to_cpu(dfp->length)) { 403 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 404 goto out_buf; 405 } 406 407 smallest_bestfree = be16_to_cpu(dfp->length); 408 nr_bestfrees++; 409 } 410 411 /* Make sure the bestfrees are actually the best free spaces. */ 412 offset = mp->m_dir_geo->data_entry_offset; 413 end = xfs_dir3_data_end_offset(mp->m_dir_geo, bp->b_addr); 414 415 /* Iterate the entries, stopping when we hit or go past the end. */ 416 while (offset < end) { 417 dup = bp->b_addr + offset; 418 419 /* Skip real entries */ 420 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG)) { 421 struct xfs_dir2_data_entry *dep = bp->b_addr + offset; 422 423 newlen = xfs_dir2_data_entsize(mp, dep->namelen); 424 if (newlen <= 0) { 425 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 426 lblk); 427 goto out_buf; 428 } 429 offset += newlen; 430 continue; 431 } 432 433 /* Spot check this free entry */ 434 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)); 435 if (tag != offset) { 436 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 437 goto out_buf; 438 } 439 440 /* 441 * Either this entry is a bestfree or it's smaller than 442 * any of the bestfrees. 443 */ 444 xchk_directory_check_free_entry(sc, lblk, bf, dup); 445 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 446 goto out_buf; 447 448 /* Move on. */ 449 newlen = be16_to_cpu(dup->length); 450 if (newlen <= 0) { 451 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 452 goto out_buf; 453 } 454 offset += newlen; 455 if (offset <= end) 456 nr_frees++; 457 } 458 459 /* We're required to fill all the space. */ 460 if (offset != end) 461 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 462 463 /* Did we see at least as many free slots as there are bestfrees? */ 464 if (nr_frees < nr_bestfrees) 465 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 466 out_buf: 467 xfs_trans_brelse(sc->tp, bp); 468 out: 469 return error; 470 } 471 472 /* 473 * Does the free space length in the free space index block ($len) match 474 * the longest length in the directory data block's bestfree array? 475 * Assume that we've already checked that the data block's bestfree 476 * array is in order. 477 */ 478 STATIC void 479 xchk_directory_check_freesp( 480 struct xfs_scrub *sc, 481 xfs_dablk_t lblk, 482 struct xfs_buf *dbp, 483 unsigned int len) 484 { 485 struct xfs_dir2_data_free *dfp; 486 487 dfp = xfs_dir2_data_bestfree_p(sc->mp, dbp->b_addr); 488 489 if (len != be16_to_cpu(dfp->length)) 490 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 491 492 if (len > 0 && be16_to_cpu(dfp->offset) == 0) 493 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 494 } 495 496 /* Check free space info in a directory leaf1 block. */ 497 STATIC int 498 xchk_directory_leaf1_bestfree( 499 struct xfs_scrub *sc, 500 struct xfs_da_args *args, 501 xfs_dablk_t lblk) 502 { 503 struct xfs_dir3_icleaf_hdr leafhdr; 504 struct xfs_dir2_leaf_tail *ltp; 505 struct xfs_dir2_leaf *leaf; 506 struct xfs_buf *dbp; 507 struct xfs_buf *bp; 508 struct xfs_da_geometry *geo = sc->mp->m_dir_geo; 509 __be16 *bestp; 510 __u16 best; 511 __u32 hash; 512 __u32 lasthash = 0; 513 __u32 bestcount; 514 unsigned int stale = 0; 515 int i; 516 int error; 517 518 /* Read the free space block. */ 519 error = xfs_dir3_leaf_read(sc->tp, sc->ip, lblk, &bp); 520 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 521 return error; 522 xchk_buffer_recheck(sc, bp); 523 524 leaf = bp->b_addr; 525 xfs_dir2_leaf_hdr_from_disk(sc->ip->i_mount, &leafhdr, leaf); 526 ltp = xfs_dir2_leaf_tail_p(geo, leaf); 527 bestcount = be32_to_cpu(ltp->bestcount); 528 bestp = xfs_dir2_leaf_bests_p(ltp); 529 530 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) { 531 struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr; 532 533 if (hdr3->pad != cpu_to_be32(0)) 534 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 535 } 536 537 /* 538 * There should be as many bestfree slots as there are dir data 539 * blocks that can fit under i_size. 540 */ 541 if (bestcount != xfs_dir2_byte_to_db(geo, sc->ip->i_d.di_size)) { 542 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 543 goto out; 544 } 545 546 /* Is the leaf count even remotely sane? */ 547 if (leafhdr.count > geo->leaf_max_ents) { 548 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 549 goto out; 550 } 551 552 /* Leaves and bests don't overlap in leaf format. */ 553 if ((char *)&leafhdr.ents[leafhdr.count] > (char *)bestp) { 554 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 555 goto out; 556 } 557 558 /* Check hash value order, count stale entries. */ 559 for (i = 0; i < leafhdr.count; i++) { 560 hash = be32_to_cpu(leafhdr.ents[i].hashval); 561 if (i > 0 && lasthash > hash) 562 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 563 lasthash = hash; 564 if (leafhdr.ents[i].address == 565 cpu_to_be32(XFS_DIR2_NULL_DATAPTR)) 566 stale++; 567 } 568 if (leafhdr.stale != stale) 569 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 570 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 571 goto out; 572 573 /* Check all the bestfree entries. */ 574 for (i = 0; i < bestcount; i++, bestp++) { 575 best = be16_to_cpu(*bestp); 576 error = xfs_dir3_data_read(sc->tp, sc->ip, 577 xfs_dir2_db_to_da(args->geo, i), 578 XFS_DABUF_MAP_HOLE_OK, 579 &dbp); 580 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, 581 &error)) 582 break; 583 584 if (!dbp) { 585 if (best != NULLDATAOFF) { 586 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 587 lblk); 588 break; 589 } 590 continue; 591 } 592 593 if (best == NULLDATAOFF) 594 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 595 else 596 xchk_directory_check_freesp(sc, lblk, dbp, best); 597 xfs_trans_brelse(sc->tp, dbp); 598 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 599 break; 600 } 601 out: 602 xfs_trans_brelse(sc->tp, bp); 603 return error; 604 } 605 606 /* Check free space info in a directory freespace block. */ 607 STATIC int 608 xchk_directory_free_bestfree( 609 struct xfs_scrub *sc, 610 struct xfs_da_args *args, 611 xfs_dablk_t lblk) 612 { 613 struct xfs_dir3_icfree_hdr freehdr; 614 struct xfs_buf *dbp; 615 struct xfs_buf *bp; 616 __u16 best; 617 unsigned int stale = 0; 618 int i; 619 int error; 620 621 /* Read the free space block */ 622 error = xfs_dir2_free_read(sc->tp, sc->ip, lblk, &bp); 623 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 624 return error; 625 xchk_buffer_recheck(sc, bp); 626 627 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) { 628 struct xfs_dir3_free_hdr *hdr3 = bp->b_addr; 629 630 if (hdr3->pad != cpu_to_be32(0)) 631 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 632 } 633 634 /* Check all the entries. */ 635 xfs_dir2_free_hdr_from_disk(sc->ip->i_mount, &freehdr, bp->b_addr); 636 for (i = 0; i < freehdr.nvalid; i++) { 637 best = be16_to_cpu(freehdr.bests[i]); 638 if (best == NULLDATAOFF) { 639 stale++; 640 continue; 641 } 642 error = xfs_dir3_data_read(sc->tp, sc->ip, 643 (freehdr.firstdb + i) * args->geo->fsbcount, 644 0, &dbp); 645 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, 646 &error)) 647 goto out; 648 xchk_directory_check_freesp(sc, lblk, dbp, best); 649 xfs_trans_brelse(sc->tp, dbp); 650 } 651 652 if (freehdr.nused + stale != freehdr.nvalid) 653 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 654 out: 655 xfs_trans_brelse(sc->tp, bp); 656 return error; 657 } 658 659 /* Check free space information in directories. */ 660 STATIC int 661 xchk_directory_blocks( 662 struct xfs_scrub *sc) 663 { 664 struct xfs_bmbt_irec got; 665 struct xfs_da_args args; 666 struct xfs_ifork *ifp = XFS_IFORK_PTR(sc->ip, XFS_DATA_FORK); 667 struct xfs_mount *mp = sc->mp; 668 xfs_fileoff_t leaf_lblk; 669 xfs_fileoff_t free_lblk; 670 xfs_fileoff_t lblk; 671 struct xfs_iext_cursor icur; 672 xfs_dablk_t dabno; 673 bool found; 674 int is_block = 0; 675 int error; 676 677 /* Ignore local format directories. */ 678 if (ifp->if_format != XFS_DINODE_FMT_EXTENTS && 679 ifp->if_format != XFS_DINODE_FMT_BTREE) 680 return 0; 681 682 lblk = XFS_B_TO_FSB(mp, XFS_DIR2_DATA_OFFSET); 683 leaf_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_LEAF_OFFSET); 684 free_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_FREE_OFFSET); 685 686 /* Is this a block dir? */ 687 args.dp = sc->ip; 688 args.geo = mp->m_dir_geo; 689 args.trans = sc->tp; 690 error = xfs_dir2_isblock(&args, &is_block); 691 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 692 goto out; 693 694 /* Iterate all the data extents in the directory... */ 695 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 696 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) { 697 /* Block directories only have a single block at offset 0. */ 698 if (is_block && 699 (got.br_startoff > 0 || 700 got.br_blockcount != args.geo->fsbcount)) { 701 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 702 got.br_startoff); 703 break; 704 } 705 706 /* No more data blocks... */ 707 if (got.br_startoff >= leaf_lblk) 708 break; 709 710 /* 711 * Check each data block's bestfree data. 712 * 713 * Iterate all the fsbcount-aligned block offsets in 714 * this directory. The directory block reading code is 715 * smart enough to do its own bmap lookups to handle 716 * discontiguous directory blocks. When we're done 717 * with the extent record, re-query the bmap at the 718 * next fsbcount-aligned offset to avoid redundant 719 * block checks. 720 */ 721 for (lblk = roundup((xfs_dablk_t)got.br_startoff, 722 args.geo->fsbcount); 723 lblk < got.br_startoff + got.br_blockcount; 724 lblk += args.geo->fsbcount) { 725 error = xchk_directory_data_bestfree(sc, lblk, 726 is_block); 727 if (error) 728 goto out; 729 } 730 dabno = got.br_startoff + got.br_blockcount; 731 lblk = roundup(dabno, args.geo->fsbcount); 732 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 733 } 734 735 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 736 goto out; 737 738 /* Look for a leaf1 block, which has free info. */ 739 if (xfs_iext_lookup_extent(sc->ip, ifp, leaf_lblk, &icur, &got) && 740 got.br_startoff == leaf_lblk && 741 got.br_blockcount == args.geo->fsbcount && 742 !xfs_iext_next_extent(ifp, &icur, &got)) { 743 if (is_block) { 744 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 745 goto out; 746 } 747 error = xchk_directory_leaf1_bestfree(sc, &args, 748 leaf_lblk); 749 if (error) 750 goto out; 751 } 752 753 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 754 goto out; 755 756 /* Scan for free blocks */ 757 lblk = free_lblk; 758 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 759 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) { 760 /* 761 * Dirs can't have blocks mapped above 2^32. 762 * Single-block dirs shouldn't even be here. 763 */ 764 lblk = got.br_startoff; 765 if (lblk & ~0xFFFFFFFFULL) { 766 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 767 goto out; 768 } 769 if (is_block) { 770 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 771 goto out; 772 } 773 774 /* 775 * Check each dir free block's bestfree data. 776 * 777 * Iterate all the fsbcount-aligned block offsets in 778 * this directory. The directory block reading code is 779 * smart enough to do its own bmap lookups to handle 780 * discontiguous directory blocks. When we're done 781 * with the extent record, re-query the bmap at the 782 * next fsbcount-aligned offset to avoid redundant 783 * block checks. 784 */ 785 for (lblk = roundup((xfs_dablk_t)got.br_startoff, 786 args.geo->fsbcount); 787 lblk < got.br_startoff + got.br_blockcount; 788 lblk += args.geo->fsbcount) { 789 error = xchk_directory_free_bestfree(sc, &args, 790 lblk); 791 if (error) 792 goto out; 793 } 794 dabno = got.br_startoff + got.br_blockcount; 795 lblk = roundup(dabno, args.geo->fsbcount); 796 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 797 } 798 out: 799 return error; 800 } 801 802 /* Scrub a whole directory. */ 803 int 804 xchk_directory( 805 struct xfs_scrub *sc) 806 { 807 struct xchk_dir_ctx sdc = { 808 .dir_iter.actor = xchk_dir_actor, 809 .dir_iter.pos = 0, 810 .sc = sc, 811 }; 812 size_t bufsize; 813 loff_t oldpos; 814 int error = 0; 815 816 if (!S_ISDIR(VFS_I(sc->ip)->i_mode)) 817 return -ENOENT; 818 819 /* Plausible size? */ 820 if (sc->ip->i_d.di_size < xfs_dir2_sf_hdr_size(0)) { 821 xchk_ino_set_corrupt(sc, sc->ip->i_ino); 822 goto out; 823 } 824 825 /* Check directory tree structure */ 826 error = xchk_da_btree(sc, XFS_DATA_FORK, xchk_dir_rec, NULL); 827 if (error) 828 return error; 829 830 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 831 return error; 832 833 /* Check the freespace. */ 834 error = xchk_directory_blocks(sc); 835 if (error) 836 return error; 837 838 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 839 return error; 840 841 /* 842 * Check that every dirent we see can also be looked up by hash. 843 * Userspace usually asks for a 32k buffer, so we will too. 844 */ 845 bufsize = (size_t)min_t(loff_t, XFS_READDIR_BUFSIZE, 846 sc->ip->i_d.di_size); 847 848 /* 849 * Look up every name in this directory by hash. 850 * 851 * Use the xfs_readdir function to call xchk_dir_actor on 852 * every directory entry in this directory. In _actor, we check 853 * the name, inode number, and ftype (if applicable) of the 854 * entry. xfs_readdir uses the VFS filldir functions to provide 855 * iteration context. 856 * 857 * The VFS grabs a read or write lock via i_rwsem before it reads 858 * or writes to a directory. If we've gotten this far we've 859 * already obtained IOLOCK_EXCL, which (since 4.10) is the same as 860 * getting a write lock on i_rwsem. Therefore, it is safe for us 861 * to drop the ILOCK here in order to reuse the _readdir and 862 * _dir_lookup routines, which do their own ILOCK locking. 863 */ 864 oldpos = 0; 865 sc->ilock_flags &= ~XFS_ILOCK_EXCL; 866 xfs_iunlock(sc->ip, XFS_ILOCK_EXCL); 867 while (true) { 868 error = xfs_readdir(sc->tp, sc->ip, &sdc.dir_iter, bufsize); 869 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, 0, 870 &error)) 871 goto out; 872 if (oldpos == sdc.dir_iter.pos) 873 break; 874 oldpos = sdc.dir_iter.pos; 875 } 876 877 out: 878 return error; 879 } 880