1 /* 2 * Copyright (C) 2017 Oracle. All Rights Reserved. 3 * 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * 11 * This program is distributed in the hope that it would be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 #include "xfs.h" 21 #include "xfs_fs.h" 22 #include "xfs_shared.h" 23 #include "xfs_format.h" 24 #include "xfs_trans_resv.h" 25 #include "xfs_mount.h" 26 #include "xfs_defer.h" 27 #include "xfs_btree.h" 28 #include "xfs_bit.h" 29 #include "xfs_log_format.h" 30 #include "xfs_trans.h" 31 #include "xfs_sb.h" 32 #include "xfs_inode.h" 33 #include "xfs_icache.h" 34 #include "xfs_itable.h" 35 #include "xfs_da_format.h" 36 #include "xfs_da_btree.h" 37 #include "xfs_dir2.h" 38 #include "xfs_dir2_priv.h" 39 #include "xfs_ialloc.h" 40 #include "scrub/xfs_scrub.h" 41 #include "scrub/scrub.h" 42 #include "scrub/common.h" 43 #include "scrub/trace.h" 44 #include "scrub/dabtree.h" 45 46 /* Set us up to scrub directories. */ 47 int 48 xfs_scrub_setup_directory( 49 struct xfs_scrub_context *sc, 50 struct xfs_inode *ip) 51 { 52 return xfs_scrub_setup_inode_contents(sc, ip, 0); 53 } 54 55 /* Directories */ 56 57 /* Scrub a directory entry. */ 58 59 struct xfs_scrub_dir_ctx { 60 /* VFS fill-directory iterator */ 61 struct dir_context dir_iter; 62 63 struct xfs_scrub_context *sc; 64 }; 65 66 /* Check that an inode's mode matches a given DT_ type. */ 67 STATIC int 68 xfs_scrub_dir_check_ftype( 69 struct xfs_scrub_dir_ctx *sdc, 70 xfs_fileoff_t offset, 71 xfs_ino_t inum, 72 int dtype) 73 { 74 struct xfs_mount *mp = sdc->sc->mp; 75 struct xfs_inode *ip; 76 int ino_dtype; 77 int error = 0; 78 79 if (!xfs_sb_version_hasftype(&mp->m_sb)) { 80 if (dtype != DT_UNKNOWN && dtype != DT_DIR) 81 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 82 offset); 83 goto out; 84 } 85 86 /* 87 * Grab the inode pointed to by the dirent. We release the 88 * inode before we cancel the scrub transaction. Since we're 89 * don't know a priori that releasing the inode won't trigger 90 * eofblocks cleanup (which allocates what would be a nested 91 * transaction), we can't use DONTCACHE here because DONTCACHE 92 * inodes can trigger immediate inactive cleanup of the inode. 93 */ 94 error = xfs_iget(mp, sdc->sc->tp, inum, 0, 0, &ip); 95 if (!xfs_scrub_fblock_xref_process_error(sdc->sc, XFS_DATA_FORK, offset, 96 &error)) 97 goto out; 98 99 /* Convert mode to the DT_* values that dir_emit uses. */ 100 ino_dtype = xfs_dir3_get_dtype(mp, 101 xfs_mode_to_ftype(VFS_I(ip)->i_mode)); 102 if (ino_dtype != dtype) 103 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 104 iput(VFS_I(ip)); 105 out: 106 return error; 107 } 108 109 /* 110 * Scrub a single directory entry. 111 * 112 * We use the VFS directory iterator (i.e. readdir) to call this 113 * function for every directory entry in a directory. Once we're here, 114 * we check the inode number to make sure it's sane, then we check that 115 * we can look up this filename. Finally, we check the ftype. 116 */ 117 STATIC int 118 xfs_scrub_dir_actor( 119 struct dir_context *dir_iter, 120 const char *name, 121 int namelen, 122 loff_t pos, 123 u64 ino, 124 unsigned type) 125 { 126 struct xfs_mount *mp; 127 struct xfs_inode *ip; 128 struct xfs_scrub_dir_ctx *sdc; 129 struct xfs_name xname; 130 xfs_ino_t lookup_ino; 131 xfs_dablk_t offset; 132 int error = 0; 133 134 sdc = container_of(dir_iter, struct xfs_scrub_dir_ctx, dir_iter); 135 ip = sdc->sc->ip; 136 mp = ip->i_mount; 137 offset = xfs_dir2_db_to_da(mp->m_dir_geo, 138 xfs_dir2_dataptr_to_db(mp->m_dir_geo, pos)); 139 140 /* Does this inode number make sense? */ 141 if (!xfs_verify_dir_ino(mp, ino)) { 142 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 143 goto out; 144 } 145 146 if (!strncmp(".", name, namelen)) { 147 /* If this is "." then check that the inum matches the dir. */ 148 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR) 149 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 150 offset); 151 if (ino != ip->i_ino) 152 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 153 offset); 154 } else if (!strncmp("..", name, namelen)) { 155 /* 156 * If this is ".." in the root inode, check that the inum 157 * matches this dir. 158 */ 159 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR) 160 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 161 offset); 162 if (ip->i_ino == mp->m_sb.sb_rootino && ino != ip->i_ino) 163 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, 164 offset); 165 } 166 167 /* Verify that we can look up this name by hash. */ 168 xname.name = name; 169 xname.len = namelen; 170 xname.type = XFS_DIR3_FT_UNKNOWN; 171 172 error = xfs_dir_lookup(sdc->sc->tp, ip, &xname, &lookup_ino, NULL); 173 if (!xfs_scrub_fblock_process_error(sdc->sc, XFS_DATA_FORK, offset, 174 &error)) 175 goto out; 176 if (lookup_ino != ino) { 177 xfs_scrub_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 178 goto out; 179 } 180 181 /* Verify the file type. This function absorbs error codes. */ 182 error = xfs_scrub_dir_check_ftype(sdc, offset, lookup_ino, type); 183 if (error) 184 goto out; 185 out: 186 /* 187 * A negative error code returned here is supposed to cause the 188 * dir_emit caller (xfs_readdir) to abort the directory iteration 189 * and return zero to xfs_scrub_directory. 190 */ 191 if (error == 0 && sdc->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 192 return -EFSCORRUPTED; 193 return error; 194 } 195 196 /* Scrub a directory btree record. */ 197 STATIC int 198 xfs_scrub_dir_rec( 199 struct xfs_scrub_da_btree *ds, 200 int level, 201 void *rec) 202 { 203 struct xfs_mount *mp = ds->state->mp; 204 struct xfs_dir2_leaf_entry *ent = rec; 205 struct xfs_inode *dp = ds->dargs.dp; 206 struct xfs_dir2_data_entry *dent; 207 struct xfs_buf *bp; 208 char *p, *endp; 209 xfs_ino_t ino; 210 xfs_dablk_t rec_bno; 211 xfs_dir2_db_t db; 212 xfs_dir2_data_aoff_t off; 213 xfs_dir2_dataptr_t ptr; 214 xfs_dahash_t calc_hash; 215 xfs_dahash_t hash; 216 unsigned int tag; 217 int error; 218 219 /* Check the hash of the entry. */ 220 error = xfs_scrub_da_btree_hash(ds, level, &ent->hashval); 221 if (error) 222 goto out; 223 224 /* Valid hash pointer? */ 225 ptr = be32_to_cpu(ent->address); 226 if (ptr == 0) 227 return 0; 228 229 /* Find the directory entry's location. */ 230 db = xfs_dir2_dataptr_to_db(mp->m_dir_geo, ptr); 231 off = xfs_dir2_dataptr_to_off(mp->m_dir_geo, ptr); 232 rec_bno = xfs_dir2_db_to_da(mp->m_dir_geo, db); 233 234 if (rec_bno >= mp->m_dir_geo->leafblk) { 235 xfs_scrub_da_set_corrupt(ds, level); 236 goto out; 237 } 238 error = xfs_dir3_data_read(ds->dargs.trans, dp, rec_bno, -2, &bp); 239 if (!xfs_scrub_fblock_process_error(ds->sc, XFS_DATA_FORK, rec_bno, 240 &error)) 241 goto out; 242 if (!bp) { 243 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 244 goto out; 245 } 246 xfs_scrub_buffer_recheck(ds->sc, bp); 247 248 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 249 goto out_relse; 250 251 dent = (struct xfs_dir2_data_entry *)(((char *)bp->b_addr) + off); 252 253 /* Make sure we got a real directory entry. */ 254 p = (char *)mp->m_dir_inode_ops->data_entry_p(bp->b_addr); 255 endp = xfs_dir3_data_endp(mp->m_dir_geo, bp->b_addr); 256 if (!endp) { 257 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 258 goto out_relse; 259 } 260 while (p < endp) { 261 struct xfs_dir2_data_entry *dep; 262 struct xfs_dir2_data_unused *dup; 263 264 dup = (struct xfs_dir2_data_unused *)p; 265 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) { 266 p += be16_to_cpu(dup->length); 267 continue; 268 } 269 dep = (struct xfs_dir2_data_entry *)p; 270 if (dep == dent) 271 break; 272 p += mp->m_dir_inode_ops->data_entsize(dep->namelen); 273 } 274 if (p >= endp) { 275 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 276 goto out_relse; 277 } 278 279 /* Retrieve the entry, sanity check it, and compare hashes. */ 280 ino = be64_to_cpu(dent->inumber); 281 hash = be32_to_cpu(ent->hashval); 282 tag = be16_to_cpup(dp->d_ops->data_entry_tag_p(dent)); 283 if (!xfs_verify_dir_ino(mp, ino) || tag != off) 284 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 285 if (dent->namelen == 0) { 286 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 287 goto out_relse; 288 } 289 calc_hash = xfs_da_hashname(dent->name, dent->namelen); 290 if (calc_hash != hash) 291 xfs_scrub_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno); 292 293 out_relse: 294 xfs_trans_brelse(ds->dargs.trans, bp); 295 out: 296 return error; 297 } 298 299 /* 300 * Is this unused entry either in the bestfree or smaller than all of 301 * them? We've already checked that the bestfrees are sorted longest to 302 * shortest, and that there aren't any bogus entries. 303 */ 304 STATIC void 305 xfs_scrub_directory_check_free_entry( 306 struct xfs_scrub_context *sc, 307 xfs_dablk_t lblk, 308 struct xfs_dir2_data_free *bf, 309 struct xfs_dir2_data_unused *dup) 310 { 311 struct xfs_dir2_data_free *dfp; 312 unsigned int dup_length; 313 314 dup_length = be16_to_cpu(dup->length); 315 316 /* Unused entry is shorter than any of the bestfrees */ 317 if (dup_length < be16_to_cpu(bf[XFS_DIR2_DATA_FD_COUNT - 1].length)) 318 return; 319 320 for (dfp = &bf[XFS_DIR2_DATA_FD_COUNT - 1]; dfp >= bf; dfp--) 321 if (dup_length == be16_to_cpu(dfp->length)) 322 return; 323 324 /* Unused entry should be in the bestfrees but wasn't found. */ 325 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 326 } 327 328 /* Check free space info in a directory data block. */ 329 STATIC int 330 xfs_scrub_directory_data_bestfree( 331 struct xfs_scrub_context *sc, 332 xfs_dablk_t lblk, 333 bool is_block) 334 { 335 struct xfs_dir2_data_unused *dup; 336 struct xfs_dir2_data_free *dfp; 337 struct xfs_buf *bp; 338 struct xfs_dir2_data_free *bf; 339 struct xfs_mount *mp = sc->mp; 340 const struct xfs_dir_ops *d_ops; 341 char *ptr; 342 char *endptr; 343 u16 tag; 344 unsigned int nr_bestfrees = 0; 345 unsigned int nr_frees = 0; 346 unsigned int smallest_bestfree; 347 int newlen; 348 int offset; 349 int error; 350 351 d_ops = sc->ip->d_ops; 352 353 if (is_block) { 354 /* dir block format */ 355 if (lblk != XFS_B_TO_FSBT(mp, XFS_DIR2_DATA_OFFSET)) 356 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 357 error = xfs_dir3_block_read(sc->tp, sc->ip, &bp); 358 } else { 359 /* dir data format */ 360 error = xfs_dir3_data_read(sc->tp, sc->ip, lblk, -1, &bp); 361 } 362 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 363 goto out; 364 xfs_scrub_buffer_recheck(sc, bp); 365 366 /* XXX: Check xfs_dir3_data_hdr.pad is zero once we start setting it. */ 367 368 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 369 goto out_buf; 370 371 /* Do the bestfrees correspond to actual free space? */ 372 bf = d_ops->data_bestfree_p(bp->b_addr); 373 smallest_bestfree = UINT_MAX; 374 for (dfp = &bf[0]; dfp < &bf[XFS_DIR2_DATA_FD_COUNT]; dfp++) { 375 offset = be16_to_cpu(dfp->offset); 376 if (offset == 0) 377 continue; 378 if (offset >= mp->m_dir_geo->blksize) { 379 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 380 goto out_buf; 381 } 382 dup = (struct xfs_dir2_data_unused *)(bp->b_addr + offset); 383 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)); 384 385 /* bestfree doesn't match the entry it points at? */ 386 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG) || 387 be16_to_cpu(dup->length) != be16_to_cpu(dfp->length) || 388 tag != ((char *)dup - (char *)bp->b_addr)) { 389 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 390 goto out_buf; 391 } 392 393 /* bestfree records should be ordered largest to smallest */ 394 if (smallest_bestfree < be16_to_cpu(dfp->length)) { 395 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 396 goto out_buf; 397 } 398 399 smallest_bestfree = be16_to_cpu(dfp->length); 400 nr_bestfrees++; 401 } 402 403 /* Make sure the bestfrees are actually the best free spaces. */ 404 ptr = (char *)d_ops->data_entry_p(bp->b_addr); 405 endptr = xfs_dir3_data_endp(mp->m_dir_geo, bp->b_addr); 406 407 /* Iterate the entries, stopping when we hit or go past the end. */ 408 while (ptr < endptr) { 409 dup = (struct xfs_dir2_data_unused *)ptr; 410 /* Skip real entries */ 411 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG)) { 412 struct xfs_dir2_data_entry *dep; 413 414 dep = (struct xfs_dir2_data_entry *)ptr; 415 newlen = d_ops->data_entsize(dep->namelen); 416 if (newlen <= 0) { 417 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, 418 lblk); 419 goto out_buf; 420 } 421 ptr += newlen; 422 continue; 423 } 424 425 /* Spot check this free entry */ 426 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)); 427 if (tag != ((char *)dup - (char *)bp->b_addr)) { 428 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 429 goto out_buf; 430 } 431 432 /* 433 * Either this entry is a bestfree or it's smaller than 434 * any of the bestfrees. 435 */ 436 xfs_scrub_directory_check_free_entry(sc, lblk, bf, dup); 437 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 438 goto out_buf; 439 440 /* Move on. */ 441 newlen = be16_to_cpu(dup->length); 442 if (newlen <= 0) { 443 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 444 goto out_buf; 445 } 446 ptr += newlen; 447 if (ptr <= endptr) 448 nr_frees++; 449 } 450 451 /* We're required to fill all the space. */ 452 if (ptr != endptr) 453 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 454 455 /* Did we see at least as many free slots as there are bestfrees? */ 456 if (nr_frees < nr_bestfrees) 457 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 458 out_buf: 459 xfs_trans_brelse(sc->tp, bp); 460 out: 461 return error; 462 } 463 464 /* 465 * Does the free space length in the free space index block ($len) match 466 * the longest length in the directory data block's bestfree array? 467 * Assume that we've already checked that the data block's bestfree 468 * array is in order. 469 */ 470 STATIC void 471 xfs_scrub_directory_check_freesp( 472 struct xfs_scrub_context *sc, 473 xfs_dablk_t lblk, 474 struct xfs_buf *dbp, 475 unsigned int len) 476 { 477 struct xfs_dir2_data_free *dfp; 478 479 dfp = sc->ip->d_ops->data_bestfree_p(dbp->b_addr); 480 481 if (len != be16_to_cpu(dfp->length)) 482 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 483 484 if (len > 0 && be16_to_cpu(dfp->offset) == 0) 485 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 486 } 487 488 /* Check free space info in a directory leaf1 block. */ 489 STATIC int 490 xfs_scrub_directory_leaf1_bestfree( 491 struct xfs_scrub_context *sc, 492 struct xfs_da_args *args, 493 xfs_dablk_t lblk) 494 { 495 struct xfs_dir3_icleaf_hdr leafhdr; 496 struct xfs_dir2_leaf_entry *ents; 497 struct xfs_dir2_leaf_tail *ltp; 498 struct xfs_dir2_leaf *leaf; 499 struct xfs_buf *dbp; 500 struct xfs_buf *bp; 501 const struct xfs_dir_ops *d_ops = sc->ip->d_ops; 502 struct xfs_da_geometry *geo = sc->mp->m_dir_geo; 503 __be16 *bestp; 504 __u16 best; 505 __u32 hash; 506 __u32 lasthash = 0; 507 __u32 bestcount; 508 unsigned int stale = 0; 509 int i; 510 int error; 511 512 /* Read the free space block. */ 513 error = xfs_dir3_leaf_read(sc->tp, sc->ip, lblk, -1, &bp); 514 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 515 goto out; 516 xfs_scrub_buffer_recheck(sc, bp); 517 518 leaf = bp->b_addr; 519 d_ops->leaf_hdr_from_disk(&leafhdr, leaf); 520 ents = d_ops->leaf_ents_p(leaf); 521 ltp = xfs_dir2_leaf_tail_p(geo, leaf); 522 bestcount = be32_to_cpu(ltp->bestcount); 523 bestp = xfs_dir2_leaf_bests_p(ltp); 524 525 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) { 526 struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr; 527 528 if (hdr3->pad != cpu_to_be32(0)) 529 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 530 } 531 532 /* 533 * There should be as many bestfree slots as there are dir data 534 * blocks that can fit under i_size. 535 */ 536 if (bestcount != xfs_dir2_byte_to_db(geo, sc->ip->i_d.di_size)) { 537 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 538 goto out; 539 } 540 541 /* Is the leaf count even remotely sane? */ 542 if (leafhdr.count > d_ops->leaf_max_ents(geo)) { 543 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 544 goto out; 545 } 546 547 /* Leaves and bests don't overlap in leaf format. */ 548 if ((char *)&ents[leafhdr.count] > (char *)bestp) { 549 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 550 goto out; 551 } 552 553 /* Check hash value order, count stale entries. */ 554 for (i = 0; i < leafhdr.count; i++) { 555 hash = be32_to_cpu(ents[i].hashval); 556 if (i > 0 && lasthash > hash) 557 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 558 lasthash = hash; 559 if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR)) 560 stale++; 561 } 562 if (leafhdr.stale != stale) 563 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 564 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 565 goto out; 566 567 /* Check all the bestfree entries. */ 568 for (i = 0; i < bestcount; i++, bestp++) { 569 best = be16_to_cpu(*bestp); 570 if (best == NULLDATAOFF) 571 continue; 572 error = xfs_dir3_data_read(sc->tp, sc->ip, 573 i * args->geo->fsbcount, -1, &dbp); 574 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, 575 &error)) 576 break; 577 xfs_scrub_directory_check_freesp(sc, lblk, dbp, best); 578 xfs_trans_brelse(sc->tp, dbp); 579 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 580 goto out; 581 } 582 out: 583 return error; 584 } 585 586 /* Check free space info in a directory freespace block. */ 587 STATIC int 588 xfs_scrub_directory_free_bestfree( 589 struct xfs_scrub_context *sc, 590 struct xfs_da_args *args, 591 xfs_dablk_t lblk) 592 { 593 struct xfs_dir3_icfree_hdr freehdr; 594 struct xfs_buf *dbp; 595 struct xfs_buf *bp; 596 __be16 *bestp; 597 __u16 best; 598 unsigned int stale = 0; 599 int i; 600 int error; 601 602 /* Read the free space block */ 603 error = xfs_dir2_free_read(sc->tp, sc->ip, lblk, &bp); 604 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 605 goto out; 606 xfs_scrub_buffer_recheck(sc, bp); 607 608 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) { 609 struct xfs_dir3_free_hdr *hdr3 = bp->b_addr; 610 611 if (hdr3->pad != cpu_to_be32(0)) 612 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 613 } 614 615 /* Check all the entries. */ 616 sc->ip->d_ops->free_hdr_from_disk(&freehdr, bp->b_addr); 617 bestp = sc->ip->d_ops->free_bests_p(bp->b_addr); 618 for (i = 0; i < freehdr.nvalid; i++, bestp++) { 619 best = be16_to_cpu(*bestp); 620 if (best == NULLDATAOFF) { 621 stale++; 622 continue; 623 } 624 error = xfs_dir3_data_read(sc->tp, sc->ip, 625 (freehdr.firstdb + i) * args->geo->fsbcount, 626 -1, &dbp); 627 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, 628 &error)) 629 break; 630 xfs_scrub_directory_check_freesp(sc, lblk, dbp, best); 631 xfs_trans_brelse(sc->tp, dbp); 632 } 633 634 if (freehdr.nused + stale != freehdr.nvalid) 635 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 636 out: 637 return error; 638 } 639 640 /* Check free space information in directories. */ 641 STATIC int 642 xfs_scrub_directory_blocks( 643 struct xfs_scrub_context *sc) 644 { 645 struct xfs_bmbt_irec got; 646 struct xfs_da_args args; 647 struct xfs_ifork *ifp; 648 struct xfs_mount *mp = sc->mp; 649 xfs_fileoff_t leaf_lblk; 650 xfs_fileoff_t free_lblk; 651 xfs_fileoff_t lblk; 652 struct xfs_iext_cursor icur; 653 xfs_dablk_t dabno; 654 bool found; 655 int is_block = 0; 656 int error; 657 658 /* Ignore local format directories. */ 659 if (sc->ip->i_d.di_format != XFS_DINODE_FMT_EXTENTS && 660 sc->ip->i_d.di_format != XFS_DINODE_FMT_BTREE) 661 return 0; 662 663 ifp = XFS_IFORK_PTR(sc->ip, XFS_DATA_FORK); 664 lblk = XFS_B_TO_FSB(mp, XFS_DIR2_DATA_OFFSET); 665 leaf_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_LEAF_OFFSET); 666 free_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_FREE_OFFSET); 667 668 /* Is this a block dir? */ 669 args.dp = sc->ip; 670 args.geo = mp->m_dir_geo; 671 args.trans = sc->tp; 672 error = xfs_dir2_isblock(&args, &is_block); 673 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error)) 674 goto out; 675 676 /* Iterate all the data extents in the directory... */ 677 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 678 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) { 679 /* Block directories only have a single block at offset 0. */ 680 if (is_block && 681 (got.br_startoff > 0 || 682 got.br_blockcount != args.geo->fsbcount)) { 683 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, 684 got.br_startoff); 685 break; 686 } 687 688 /* No more data blocks... */ 689 if (got.br_startoff >= leaf_lblk) 690 break; 691 692 /* 693 * Check each data block's bestfree data. 694 * 695 * Iterate all the fsbcount-aligned block offsets in 696 * this directory. The directory block reading code is 697 * smart enough to do its own bmap lookups to handle 698 * discontiguous directory blocks. When we're done 699 * with the extent record, re-query the bmap at the 700 * next fsbcount-aligned offset to avoid redundant 701 * block checks. 702 */ 703 for (lblk = roundup((xfs_dablk_t)got.br_startoff, 704 args.geo->fsbcount); 705 lblk < got.br_startoff + got.br_blockcount; 706 lblk += args.geo->fsbcount) { 707 error = xfs_scrub_directory_data_bestfree(sc, lblk, 708 is_block); 709 if (error) 710 goto out; 711 } 712 dabno = got.br_startoff + got.br_blockcount; 713 lblk = roundup(dabno, args.geo->fsbcount); 714 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 715 } 716 717 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 718 goto out; 719 720 /* Look for a leaf1 block, which has free info. */ 721 if (xfs_iext_lookup_extent(sc->ip, ifp, leaf_lblk, &icur, &got) && 722 got.br_startoff == leaf_lblk && 723 got.br_blockcount == args.geo->fsbcount && 724 !xfs_iext_next_extent(ifp, &icur, &got)) { 725 if (is_block) { 726 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 727 goto out; 728 } 729 error = xfs_scrub_directory_leaf1_bestfree(sc, &args, 730 leaf_lblk); 731 if (error) 732 goto out; 733 } 734 735 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 736 goto out; 737 738 /* Scan for free blocks */ 739 lblk = free_lblk; 740 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 741 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) { 742 /* 743 * Dirs can't have blocks mapped above 2^32. 744 * Single-block dirs shouldn't even be here. 745 */ 746 lblk = got.br_startoff; 747 if (lblk & ~0xFFFFFFFFULL) { 748 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 749 goto out; 750 } 751 if (is_block) { 752 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk); 753 goto out; 754 } 755 756 /* 757 * Check each dir free block's bestfree data. 758 * 759 * Iterate all the fsbcount-aligned block offsets in 760 * this directory. The directory block reading code is 761 * smart enough to do its own bmap lookups to handle 762 * discontiguous directory blocks. When we're done 763 * with the extent record, re-query the bmap at the 764 * next fsbcount-aligned offset to avoid redundant 765 * block checks. 766 */ 767 for (lblk = roundup((xfs_dablk_t)got.br_startoff, 768 args.geo->fsbcount); 769 lblk < got.br_startoff + got.br_blockcount; 770 lblk += args.geo->fsbcount) { 771 error = xfs_scrub_directory_free_bestfree(sc, &args, 772 lblk); 773 if (error) 774 goto out; 775 } 776 dabno = got.br_startoff + got.br_blockcount; 777 lblk = roundup(dabno, args.geo->fsbcount); 778 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got); 779 } 780 out: 781 return error; 782 } 783 784 /* Scrub a whole directory. */ 785 int 786 xfs_scrub_directory( 787 struct xfs_scrub_context *sc) 788 { 789 struct xfs_scrub_dir_ctx sdc = { 790 .dir_iter.actor = xfs_scrub_dir_actor, 791 .dir_iter.pos = 0, 792 .sc = sc, 793 }; 794 size_t bufsize; 795 loff_t oldpos; 796 int error = 0; 797 798 if (!S_ISDIR(VFS_I(sc->ip)->i_mode)) 799 return -ENOENT; 800 801 /* Plausible size? */ 802 if (sc->ip->i_d.di_size < xfs_dir2_sf_hdr_size(0)) { 803 xfs_scrub_ino_set_corrupt(sc, sc->ip->i_ino); 804 goto out; 805 } 806 807 /* Check directory tree structure */ 808 error = xfs_scrub_da_btree(sc, XFS_DATA_FORK, xfs_scrub_dir_rec, NULL); 809 if (error) 810 return error; 811 812 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 813 return error; 814 815 /* Check the freespace. */ 816 error = xfs_scrub_directory_blocks(sc); 817 if (error) 818 return error; 819 820 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 821 return error; 822 823 /* 824 * Check that every dirent we see can also be looked up by hash. 825 * Userspace usually asks for a 32k buffer, so we will too. 826 */ 827 bufsize = (size_t)min_t(loff_t, XFS_READDIR_BUFSIZE, 828 sc->ip->i_d.di_size); 829 830 /* 831 * Look up every name in this directory by hash. 832 * 833 * Use the xfs_readdir function to call xfs_scrub_dir_actor on 834 * every directory entry in this directory. In _actor, we check 835 * the name, inode number, and ftype (if applicable) of the 836 * entry. xfs_readdir uses the VFS filldir functions to provide 837 * iteration context. 838 * 839 * The VFS grabs a read or write lock via i_rwsem before it reads 840 * or writes to a directory. If we've gotten this far we've 841 * already obtained IOLOCK_EXCL, which (since 4.10) is the same as 842 * getting a write lock on i_rwsem. Therefore, it is safe for us 843 * to drop the ILOCK here in order to reuse the _readdir and 844 * _dir_lookup routines, which do their own ILOCK locking. 845 */ 846 oldpos = 0; 847 sc->ilock_flags &= ~XFS_ILOCK_EXCL; 848 xfs_iunlock(sc->ip, XFS_ILOCK_EXCL); 849 while (true) { 850 error = xfs_readdir(sc->tp, sc->ip, &sdc.dir_iter, bufsize); 851 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, 0, 852 &error)) 853 goto out; 854 if (oldpos == sdc.dir_iter.pos) 855 break; 856 oldpos = sdc.dir_iter.pos; 857 } 858 859 out: 860 return error; 861 } 862