1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2022 Oracle. All Rights Reserved. 4 * Author: Allison Henderson <allison.henderson@oracle.com> 5 */ 6 7 #include "xfs.h" 8 #include "xfs_fs.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_shared.h" 12 #include "xfs_mount.h" 13 #include "xfs_defer.h" 14 #include "xfs_log_format.h" 15 #include "xfs_trans.h" 16 #include "xfs_bmap_btree.h" 17 #include "xfs_trans_priv.h" 18 #include "xfs_log.h" 19 #include "xfs_inode.h" 20 #include "xfs_da_format.h" 21 #include "xfs_da_btree.h" 22 #include "xfs_attr.h" 23 #include "xfs_attr_item.h" 24 #include "xfs_trace.h" 25 #include "xfs_trans_space.h" 26 #include "xfs_errortag.h" 27 #include "xfs_error.h" 28 #include "xfs_log_priv.h" 29 #include "xfs_log_recover.h" 30 #include "xfs_parent.h" 31 32 struct kmem_cache *xfs_attri_cache; 33 struct kmem_cache *xfs_attrd_cache; 34 35 static const struct xfs_item_ops xfs_attri_item_ops; 36 static const struct xfs_item_ops xfs_attrd_item_ops; 37 38 static inline struct xfs_attri_log_item *ATTRI_ITEM(struct xfs_log_item *lip) 39 { 40 return container_of(lip, struct xfs_attri_log_item, attri_item); 41 } 42 43 /* 44 * Shared xattr name/value buffers for logged extended attribute operations 45 * 46 * When logging updates to extended attributes, we can create quite a few 47 * attribute log intent items for a single xattr update. To avoid cycling the 48 * memory allocator and memcpy overhead, the name (and value, for setxattr) 49 * are kept in a refcounted object that is shared across all related log items 50 * and the upper-level deferred work state structure. The shared buffer has 51 * a control structure, followed by the name, and then the value. 52 */ 53 54 static inline struct xfs_attri_log_nameval * 55 xfs_attri_log_nameval_get( 56 struct xfs_attri_log_nameval *nv) 57 { 58 if (!refcount_inc_not_zero(&nv->refcount)) 59 return NULL; 60 return nv; 61 } 62 63 static inline void 64 xfs_attri_log_nameval_put( 65 struct xfs_attri_log_nameval *nv) 66 { 67 if (!nv) 68 return; 69 if (refcount_dec_and_test(&nv->refcount)) 70 kvfree(nv); 71 } 72 73 static inline struct xfs_attri_log_nameval * 74 xfs_attri_log_nameval_alloc( 75 const void *name, 76 unsigned int name_len, 77 const void *new_name, 78 unsigned int new_name_len, 79 const void *value, 80 unsigned int value_len, 81 const void *new_value, 82 unsigned int new_value_len) 83 { 84 struct xfs_attri_log_nameval *nv; 85 86 /* 87 * This could be over 64kB in length, so we have to use kvmalloc() for 88 * this. But kvmalloc() utterly sucks, so we use our own version. 89 */ 90 nv = xlog_kvmalloc(sizeof(struct xfs_attri_log_nameval) + 91 name_len + new_name_len + value_len + 92 new_value_len); 93 94 nv->name.iov_base = nv + 1; 95 nv->name.iov_len = name_len; 96 memcpy(nv->name.iov_base, name, name_len); 97 98 if (new_name_len) { 99 nv->new_name.iov_base = nv->name.iov_base + name_len; 100 nv->new_name.iov_len = new_name_len; 101 memcpy(nv->new_name.iov_base, new_name, new_name_len); 102 } else { 103 nv->new_name.iov_base = NULL; 104 nv->new_name.iov_len = 0; 105 } 106 107 if (value_len) { 108 nv->value.iov_base = nv->name.iov_base + name_len + new_name_len; 109 nv->value.iov_len = value_len; 110 memcpy(nv->value.iov_base, value, value_len); 111 } else { 112 nv->value.iov_base = NULL; 113 nv->value.iov_len = 0; 114 } 115 116 if (new_value_len) { 117 nv->new_value.iov_base = nv->name.iov_base + name_len + 118 new_name_len + value_len; 119 nv->new_value.iov_len = new_value_len; 120 memcpy(nv->new_value.iov_base, new_value, new_value_len); 121 } else { 122 nv->new_value.iov_base = NULL; 123 nv->new_value.iov_len = 0; 124 } 125 126 refcount_set(&nv->refcount, 1); 127 return nv; 128 } 129 130 STATIC void 131 xfs_attri_item_free( 132 struct xfs_attri_log_item *attrip) 133 { 134 kvfree(attrip->attri_item.li_lv_shadow); 135 xfs_attri_log_nameval_put(attrip->attri_nameval); 136 kmem_cache_free(xfs_attri_cache, attrip); 137 } 138 139 /* 140 * Freeing the attrip requires that we remove it from the AIL if it has already 141 * been placed there. However, the ATTRI may not yet have been placed in the 142 * AIL when called by xfs_attri_release() from ATTRD processing due to the 143 * ordering of committed vs unpin operations in bulk insert operations. Hence 144 * the reference count to ensure only the last caller frees the ATTRI. 145 */ 146 STATIC void 147 xfs_attri_release( 148 struct xfs_attri_log_item *attrip) 149 { 150 ASSERT(atomic_read(&attrip->attri_refcount) > 0); 151 if (!atomic_dec_and_test(&attrip->attri_refcount)) 152 return; 153 154 xfs_trans_ail_delete(&attrip->attri_item, 0); 155 xfs_attri_item_free(attrip); 156 } 157 158 STATIC void 159 xfs_attri_item_size( 160 struct xfs_log_item *lip, 161 int *nvecs, 162 int *nbytes) 163 { 164 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 165 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 166 167 *nvecs += 2; 168 *nbytes += sizeof(struct xfs_attri_log_format) + 169 xlog_calc_iovec_len(nv->name.iov_len); 170 171 if (nv->new_name.iov_len) { 172 *nvecs += 1; 173 *nbytes += xlog_calc_iovec_len(nv->new_name.iov_len); 174 } 175 176 if (nv->value.iov_len) { 177 *nvecs += 1; 178 *nbytes += xlog_calc_iovec_len(nv->value.iov_len); 179 } 180 181 if (nv->new_value.iov_len) { 182 *nvecs += 1; 183 *nbytes += xlog_calc_iovec_len(nv->new_value.iov_len); 184 } 185 } 186 187 /* 188 * This is called to fill in the log iovecs for the given attri log 189 * item. We use 1 iovec for the attri_format_item, 1 for the name, and 190 * another for the value if it is present 191 */ 192 STATIC void 193 xfs_attri_item_format( 194 struct xfs_log_item *lip, 195 struct xfs_log_vec *lv) 196 { 197 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 198 struct xfs_log_iovec *vecp = NULL; 199 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 200 201 attrip->attri_format.alfi_type = XFS_LI_ATTRI; 202 attrip->attri_format.alfi_size = 1; 203 204 /* 205 * This size accounting must be done before copying the attrip into the 206 * iovec. If we do it after, the wrong size will be recorded to the log 207 * and we trip across assertion checks for bad region sizes later during 208 * the log recovery. 209 */ 210 211 ASSERT(nv->name.iov_len > 0); 212 attrip->attri_format.alfi_size++; 213 214 if (nv->new_name.iov_len > 0) 215 attrip->attri_format.alfi_size++; 216 217 if (nv->value.iov_len > 0) 218 attrip->attri_format.alfi_size++; 219 220 if (nv->new_value.iov_len > 0) 221 attrip->attri_format.alfi_size++; 222 223 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRI_FORMAT, 224 &attrip->attri_format, 225 sizeof(struct xfs_attri_log_format)); 226 227 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTR_NAME, nv->name.iov_base, 228 nv->name.iov_len); 229 230 if (nv->new_name.iov_len > 0) 231 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTR_NEWNAME, 232 nv->new_name.iov_base, nv->new_name.iov_len); 233 234 if (nv->value.iov_len > 0) 235 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTR_VALUE, 236 nv->value.iov_base, nv->value.iov_len); 237 238 if (nv->new_value.iov_len > 0) 239 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTR_NEWVALUE, 240 nv->new_value.iov_base, nv->new_value.iov_len); 241 } 242 243 /* 244 * The unpin operation is the last place an ATTRI is manipulated in the log. It 245 * is either inserted in the AIL or aborted in the event of a log I/O error. In 246 * either case, the ATTRI transaction has been successfully committed to make 247 * it this far. Therefore, we expect whoever committed the ATTRI to either 248 * construct and commit the ATTRD or drop the ATTRD's reference in the event of 249 * error. Simply drop the log's ATTRI reference now that the log is done with 250 * it. 251 */ 252 STATIC void 253 xfs_attri_item_unpin( 254 struct xfs_log_item *lip, 255 int remove) 256 { 257 xfs_attri_release(ATTRI_ITEM(lip)); 258 } 259 260 261 STATIC void 262 xfs_attri_item_release( 263 struct xfs_log_item *lip) 264 { 265 xfs_attri_release(ATTRI_ITEM(lip)); 266 } 267 268 /* 269 * Allocate and initialize an attri item. Caller may allocate an additional 270 * trailing buffer for name and value 271 */ 272 STATIC struct xfs_attri_log_item * 273 xfs_attri_init( 274 struct xfs_mount *mp, 275 struct xfs_attri_log_nameval *nv) 276 { 277 struct xfs_attri_log_item *attrip; 278 279 attrip = kmem_cache_zalloc(xfs_attri_cache, GFP_KERNEL | __GFP_NOFAIL); 280 281 /* 282 * Grab an extra reference to the name/value buffer for this log item. 283 * The caller retains its own reference! 284 */ 285 attrip->attri_nameval = xfs_attri_log_nameval_get(nv); 286 ASSERT(attrip->attri_nameval); 287 288 xfs_log_item_init(mp, &attrip->attri_item, XFS_LI_ATTRI, 289 &xfs_attri_item_ops); 290 attrip->attri_format.alfi_id = (uintptr_t)(void *)attrip; 291 atomic_set(&attrip->attri_refcount, 2); 292 293 return attrip; 294 } 295 296 static inline struct xfs_attrd_log_item *ATTRD_ITEM(struct xfs_log_item *lip) 297 { 298 return container_of(lip, struct xfs_attrd_log_item, attrd_item); 299 } 300 301 STATIC void 302 xfs_attrd_item_free(struct xfs_attrd_log_item *attrdp) 303 { 304 kvfree(attrdp->attrd_item.li_lv_shadow); 305 kmem_cache_free(xfs_attrd_cache, attrdp); 306 } 307 308 STATIC void 309 xfs_attrd_item_size( 310 struct xfs_log_item *lip, 311 int *nvecs, 312 int *nbytes) 313 { 314 *nvecs += 1; 315 *nbytes += sizeof(struct xfs_attrd_log_format); 316 } 317 318 /* 319 * This is called to fill in the log iovecs for the given attrd log item. We use 320 * only 1 iovec for the attrd_format, and we point that at the attr_log_format 321 * structure embedded in the attrd item. 322 */ 323 STATIC void 324 xfs_attrd_item_format( 325 struct xfs_log_item *lip, 326 struct xfs_log_vec *lv) 327 { 328 struct xfs_attrd_log_item *attrdp = ATTRD_ITEM(lip); 329 struct xfs_log_iovec *vecp = NULL; 330 331 attrdp->attrd_format.alfd_type = XFS_LI_ATTRD; 332 attrdp->attrd_format.alfd_size = 1; 333 334 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRD_FORMAT, 335 &attrdp->attrd_format, 336 sizeof(struct xfs_attrd_log_format)); 337 } 338 339 /* 340 * The ATTRD is either committed or aborted if the transaction is canceled. If 341 * the transaction is canceled, drop our reference to the ATTRI and free the 342 * ATTRD. 343 */ 344 STATIC void 345 xfs_attrd_item_release( 346 struct xfs_log_item *lip) 347 { 348 struct xfs_attrd_log_item *attrdp = ATTRD_ITEM(lip); 349 350 xfs_attri_release(attrdp->attrd_attrip); 351 xfs_attrd_item_free(attrdp); 352 } 353 354 static struct xfs_log_item * 355 xfs_attrd_item_intent( 356 struct xfs_log_item *lip) 357 { 358 return &ATTRD_ITEM(lip)->attrd_attrip->attri_item; 359 } 360 361 static inline unsigned int 362 xfs_attr_log_item_op(const struct xfs_attri_log_format *attrp) 363 { 364 return attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; 365 } 366 367 /* Log an attr to the intent item. */ 368 STATIC void 369 xfs_attr_log_item( 370 struct xfs_trans *tp, 371 struct xfs_attri_log_item *attrip, 372 const struct xfs_attr_intent *attr) 373 { 374 struct xfs_attri_log_format *attrp; 375 struct xfs_attri_log_nameval *nv = attr->xattri_nameval; 376 struct xfs_da_args *args = attr->xattri_da_args; 377 378 /* 379 * At this point the xfs_attr_intent has been constructed, and we've 380 * created the log intent. Fill in the attri log item and log format 381 * structure with fields from this xfs_attr_intent 382 */ 383 attrp = &attrip->attri_format; 384 attrp->alfi_ino = args->dp->i_ino; 385 ASSERT(!(attr->xattri_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK)); 386 attrp->alfi_op_flags = attr->xattri_op_flags; 387 attrp->alfi_value_len = nv->value.iov_len; 388 389 switch (xfs_attr_log_item_op(attrp)) { 390 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 391 ASSERT(nv->value.iov_len == nv->new_value.iov_len); 392 393 attrp->alfi_igen = VFS_I(args->dp)->i_generation; 394 attrp->alfi_old_name_len = nv->name.iov_len; 395 attrp->alfi_new_name_len = nv->new_name.iov_len; 396 break; 397 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 398 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 399 attrp->alfi_igen = VFS_I(args->dp)->i_generation; 400 fallthrough; 401 default: 402 attrp->alfi_name_len = nv->name.iov_len; 403 break; 404 } 405 406 ASSERT(!(args->attr_filter & ~XFS_ATTRI_FILTER_MASK)); 407 attrp->alfi_attr_filter = args->attr_filter; 408 } 409 410 /* Get an ATTRI. */ 411 static struct xfs_log_item * 412 xfs_attr_create_intent( 413 struct xfs_trans *tp, 414 struct list_head *items, 415 unsigned int count, 416 bool sort) 417 { 418 struct xfs_mount *mp = tp->t_mountp; 419 struct xfs_attri_log_item *attrip; 420 struct xfs_attr_intent *attr; 421 struct xfs_da_args *args; 422 423 ASSERT(count == 1); 424 425 /* 426 * Each attr item only performs one attribute operation at a time, so 427 * this is a list of one 428 */ 429 attr = list_first_entry_or_null(items, struct xfs_attr_intent, 430 xattri_list); 431 args = attr->xattri_da_args; 432 433 if (!(args->op_flags & XFS_DA_OP_LOGGED)) 434 return NULL; 435 436 /* 437 * Create a buffer to store the attribute name and value. This buffer 438 * will be shared between the higher level deferred xattr work state 439 * and the lower level xattr log items. 440 */ 441 if (!attr->xattri_nameval) { 442 /* 443 * Transfer our reference to the name/value buffer to the 444 * deferred work state structure. 445 */ 446 attr->xattri_nameval = xfs_attri_log_nameval_alloc( 447 args->name, args->namelen, 448 args->new_name, args->new_namelen, 449 args->value, args->valuelen, 450 args->new_value, args->new_valuelen); 451 } 452 453 attrip = xfs_attri_init(mp, attr->xattri_nameval); 454 xfs_attr_log_item(tp, attrip, attr); 455 456 return &attrip->attri_item; 457 } 458 459 static inline void 460 xfs_attr_free_item( 461 struct xfs_attr_intent *attr) 462 { 463 if (attr->xattri_da_state) 464 xfs_da_state_free(attr->xattri_da_state); 465 xfs_attri_log_nameval_put(attr->xattri_nameval); 466 if (attr->xattri_da_args->op_flags & XFS_DA_OP_RECOVERY) 467 kfree(attr); 468 else 469 kmem_cache_free(xfs_attr_intent_cache, attr); 470 } 471 472 static inline struct xfs_attr_intent *attri_entry(const struct list_head *e) 473 { 474 return list_entry(e, struct xfs_attr_intent, xattri_list); 475 } 476 477 /* Process an attr. */ 478 STATIC int 479 xfs_attr_finish_item( 480 struct xfs_trans *tp, 481 struct xfs_log_item *done, 482 struct list_head *item, 483 struct xfs_btree_cur **state) 484 { 485 struct xfs_attr_intent *attr = attri_entry(item); 486 struct xfs_da_args *args; 487 int error; 488 489 args = attr->xattri_da_args; 490 491 /* Reset trans after EAGAIN cycle since the transaction is new */ 492 args->trans = tp; 493 494 if (XFS_TEST_ERROR(false, args->dp->i_mount, XFS_ERRTAG_LARP)) { 495 error = -EIO; 496 goto out; 497 } 498 499 /* If an attr removal is trivially complete, we're done. */ 500 if (attr->xattri_op_flags == XFS_ATTRI_OP_FLAGS_REMOVE && 501 !xfs_inode_hasattr(args->dp)) { 502 error = 0; 503 goto out; 504 } 505 506 error = xfs_attr_set_iter(attr); 507 if (!error && attr->xattri_dela_state != XFS_DAS_DONE) 508 return -EAGAIN; 509 510 out: 511 xfs_attr_free_item(attr); 512 return error; 513 } 514 515 /* Abort all pending ATTRs. */ 516 STATIC void 517 xfs_attr_abort_intent( 518 struct xfs_log_item *intent) 519 { 520 xfs_attri_release(ATTRI_ITEM(intent)); 521 } 522 523 /* Cancel an attr */ 524 STATIC void 525 xfs_attr_cancel_item( 526 struct list_head *item) 527 { 528 struct xfs_attr_intent *attr = attri_entry(item); 529 530 xfs_attr_free_item(attr); 531 } 532 533 STATIC bool 534 xfs_attri_item_match( 535 struct xfs_log_item *lip, 536 uint64_t intent_id) 537 { 538 return ATTRI_ITEM(lip)->attri_format.alfi_id == intent_id; 539 } 540 541 static inline bool 542 xfs_attri_validate_namelen(unsigned int namelen) 543 { 544 return namelen > 0 && namelen <= XATTR_NAME_MAX; 545 } 546 547 /* Is this recovered ATTRI format ok? */ 548 static inline bool 549 xfs_attri_validate( 550 struct xfs_mount *mp, 551 struct xfs_attri_log_format *attrp) 552 { 553 unsigned int op = xfs_attr_log_item_op(attrp); 554 555 if (attrp->alfi_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK) 556 return false; 557 558 if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) 559 return false; 560 561 if (!xfs_attr_check_namespace(attrp->alfi_attr_filter & 562 XFS_ATTR_NSP_ONDISK_MASK)) 563 return false; 564 565 switch (op) { 566 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 567 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 568 if (!xfs_has_parent(mp)) 569 return false; 570 if (attrp->alfi_value_len != sizeof(struct xfs_parent_rec)) 571 return false; 572 if (!xfs_attri_validate_namelen(attrp->alfi_name_len)) 573 return false; 574 if (!(attrp->alfi_attr_filter & XFS_ATTR_PARENT)) 575 return false; 576 break; 577 case XFS_ATTRI_OP_FLAGS_SET: 578 case XFS_ATTRI_OP_FLAGS_REPLACE: 579 if (!xfs_is_using_logged_xattrs(mp)) 580 return false; 581 if (attrp->alfi_value_len > XATTR_SIZE_MAX) 582 return false; 583 if (!xfs_attri_validate_namelen(attrp->alfi_name_len)) 584 return false; 585 break; 586 case XFS_ATTRI_OP_FLAGS_REMOVE: 587 if (!xfs_is_using_logged_xattrs(mp)) 588 return false; 589 if (attrp->alfi_value_len != 0) 590 return false; 591 if (!xfs_attri_validate_namelen(attrp->alfi_name_len)) 592 return false; 593 break; 594 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 595 if (!xfs_has_parent(mp)) 596 return false; 597 if (!xfs_attri_validate_namelen(attrp->alfi_old_name_len)) 598 return false; 599 if (!xfs_attri_validate_namelen(attrp->alfi_new_name_len)) 600 return false; 601 if (attrp->alfi_value_len != sizeof(struct xfs_parent_rec)) 602 return false; 603 if (!(attrp->alfi_attr_filter & XFS_ATTR_PARENT)) 604 return false; 605 break; 606 default: 607 return false; 608 } 609 610 return xfs_verify_ino(mp, attrp->alfi_ino); 611 } 612 613 static int 614 xfs_attri_iread_extents( 615 struct xfs_inode *ip) 616 { 617 struct xfs_trans *tp; 618 int error; 619 620 tp = xfs_trans_alloc_empty(ip->i_mount); 621 xfs_ilock(ip, XFS_ILOCK_EXCL); 622 error = xfs_iread_extents(tp, ip, XFS_ATTR_FORK); 623 xfs_iunlock(ip, XFS_ILOCK_EXCL); 624 xfs_trans_cancel(tp); 625 626 return error; 627 } 628 629 static inline struct xfs_attr_intent * 630 xfs_attri_recover_work( 631 struct xfs_mount *mp, 632 struct xfs_defer_pending *dfp, 633 struct xfs_attri_log_format *attrp, 634 struct xfs_inode **ipp, 635 struct xfs_attri_log_nameval *nv) 636 { 637 struct xfs_attr_intent *attr; 638 struct xfs_da_args *args; 639 struct xfs_inode *ip; 640 int local; 641 int error; 642 643 /* 644 * Parent pointer attr items record the generation but regular logged 645 * xattrs do not; select the right iget function. 646 */ 647 switch (xfs_attr_log_item_op(attrp)) { 648 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 649 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 650 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 651 error = xlog_recover_iget_handle(mp, attrp->alfi_ino, 652 attrp->alfi_igen, &ip); 653 break; 654 default: 655 error = xlog_recover_iget(mp, attrp->alfi_ino, &ip); 656 break; 657 } 658 if (error) { 659 xfs_irele(ip); 660 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attrp, 661 sizeof(*attrp)); 662 return ERR_PTR(-EFSCORRUPTED); 663 } 664 665 if (xfs_inode_has_attr_fork(ip)) { 666 error = xfs_attri_iread_extents(ip); 667 if (error) { 668 xfs_irele(ip); 669 return ERR_PTR(error); 670 } 671 } 672 673 attr = kzalloc(sizeof(struct xfs_attr_intent) + 674 sizeof(struct xfs_da_args), GFP_KERNEL | __GFP_NOFAIL); 675 args = (struct xfs_da_args *)(attr + 1); 676 677 attr->xattri_da_args = args; 678 attr->xattri_op_flags = xfs_attr_log_item_op(attrp); 679 680 /* 681 * We're reconstructing the deferred work state structure from the 682 * recovered log item. Grab a reference to the name/value buffer and 683 * attach it to the new work state. 684 */ 685 attr->xattri_nameval = xfs_attri_log_nameval_get(nv); 686 ASSERT(attr->xattri_nameval); 687 688 args->dp = ip; 689 args->geo = mp->m_attr_geo; 690 args->whichfork = XFS_ATTR_FORK; 691 args->name = nv->name.iov_base; 692 args->namelen = nv->name.iov_len; 693 args->new_name = nv->new_name.iov_base; 694 args->new_namelen = nv->new_name.iov_len; 695 args->value = nv->value.iov_base; 696 args->valuelen = nv->value.iov_len; 697 args->new_value = nv->new_value.iov_base; 698 args->new_valuelen = nv->new_value.iov_len; 699 args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK; 700 args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT | 701 XFS_DA_OP_LOGGED; 702 args->owner = args->dp->i_ino; 703 xfs_attr_sethash(args); 704 705 switch (xfs_attr_intent_op(attr)) { 706 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 707 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 708 case XFS_ATTRI_OP_FLAGS_SET: 709 case XFS_ATTRI_OP_FLAGS_REPLACE: 710 args->total = xfs_attr_calc_size(args, &local); 711 if (xfs_inode_hasattr(args->dp)) 712 attr->xattri_dela_state = xfs_attr_init_replace_state(args); 713 else 714 attr->xattri_dela_state = xfs_attr_init_add_state(args); 715 break; 716 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 717 case XFS_ATTRI_OP_FLAGS_REMOVE: 718 attr->xattri_dela_state = xfs_attr_init_remove_state(args); 719 break; 720 } 721 722 xfs_defer_add_item(dfp, &attr->xattri_list); 723 *ipp = ip; 724 return attr; 725 } 726 727 /* 728 * Process an attr intent item that was recovered from the log. We need to 729 * delete the attr that it describes. 730 */ 731 STATIC int 732 xfs_attr_recover_work( 733 struct xfs_defer_pending *dfp, 734 struct list_head *capture_list) 735 { 736 struct xfs_log_item *lip = dfp->dfp_intent; 737 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 738 struct xfs_attr_intent *attr; 739 struct xfs_mount *mp = lip->li_log->l_mp; 740 struct xfs_inode *ip; 741 struct xfs_da_args *args; 742 struct xfs_trans *tp; 743 struct xfs_trans_res resv; 744 struct xfs_attri_log_format *attrp; 745 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 746 int error; 747 unsigned int total = 0; 748 749 /* 750 * First check the validity of the attr described by the ATTRI. If any 751 * are bad, then assume that all are bad and just toss the ATTRI. 752 */ 753 attrp = &attrip->attri_format; 754 if (!xfs_attri_validate(mp, attrp) || 755 !xfs_attr_namecheck(attrp->alfi_attr_filter, nv->name.iov_base, 756 nv->name.iov_len)) 757 return -EFSCORRUPTED; 758 759 attr = xfs_attri_recover_work(mp, dfp, attrp, &ip, nv); 760 if (IS_ERR(attr)) 761 return PTR_ERR(attr); 762 args = attr->xattri_da_args; 763 764 switch (xfs_attr_intent_op(attr)) { 765 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 766 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 767 case XFS_ATTRI_OP_FLAGS_SET: 768 case XFS_ATTRI_OP_FLAGS_REPLACE: 769 resv = xfs_attr_set_resv(args); 770 total = args->total; 771 break; 772 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 773 case XFS_ATTRI_OP_FLAGS_REMOVE: 774 resv = M_RES(mp)->tr_attrrm; 775 total = XFS_ATTRRM_SPACE_RES(mp); 776 break; 777 } 778 resv = xlog_recover_resv(&resv); 779 error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp); 780 if (error) 781 return error; 782 args->trans = tp; 783 784 xfs_ilock(ip, XFS_ILOCK_EXCL); 785 xfs_trans_ijoin(tp, ip, 0); 786 787 error = xlog_recover_finish_intent(tp, dfp); 788 if (error == -EFSCORRUPTED) 789 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 790 &attrip->attri_format, 791 sizeof(attrip->attri_format)); 792 if (error) 793 goto out_cancel; 794 795 error = xfs_defer_ops_capture_and_commit(tp, capture_list); 796 out_unlock: 797 xfs_iunlock(ip, XFS_ILOCK_EXCL); 798 xfs_irele(ip); 799 return error; 800 out_cancel: 801 xfs_trans_cancel(tp); 802 goto out_unlock; 803 } 804 805 /* Re-log an intent item to push the log tail forward. */ 806 static struct xfs_log_item * 807 xfs_attr_relog_intent( 808 struct xfs_trans *tp, 809 struct xfs_log_item *intent, 810 struct xfs_log_item *done_item) 811 { 812 struct xfs_attri_log_item *old_attrip; 813 struct xfs_attri_log_item *new_attrip; 814 struct xfs_attri_log_format *new_attrp; 815 struct xfs_attri_log_format *old_attrp; 816 817 old_attrip = ATTRI_ITEM(intent); 818 old_attrp = &old_attrip->attri_format; 819 820 /* 821 * Create a new log item that shares the same name/value buffer as the 822 * old log item. 823 */ 824 new_attrip = xfs_attri_init(tp->t_mountp, old_attrip->attri_nameval); 825 new_attrp = &new_attrip->attri_format; 826 827 new_attrp->alfi_ino = old_attrp->alfi_ino; 828 new_attrp->alfi_igen = old_attrp->alfi_igen; 829 new_attrp->alfi_op_flags = old_attrp->alfi_op_flags; 830 new_attrp->alfi_value_len = old_attrp->alfi_value_len; 831 832 switch (xfs_attr_log_item_op(old_attrp)) { 833 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 834 new_attrp->alfi_new_name_len = old_attrp->alfi_new_name_len; 835 new_attrp->alfi_old_name_len = old_attrp->alfi_old_name_len; 836 break; 837 default: 838 new_attrp->alfi_name_len = old_attrp->alfi_name_len; 839 break; 840 } 841 842 new_attrp->alfi_attr_filter = old_attrp->alfi_attr_filter; 843 844 return &new_attrip->attri_item; 845 } 846 847 /* Get an ATTRD so we can process all the attrs. */ 848 static struct xfs_log_item * 849 xfs_attr_create_done( 850 struct xfs_trans *tp, 851 struct xfs_log_item *intent, 852 unsigned int count) 853 { 854 struct xfs_attri_log_item *attrip; 855 struct xfs_attrd_log_item *attrdp; 856 857 attrip = ATTRI_ITEM(intent); 858 859 attrdp = kmem_cache_zalloc(xfs_attrd_cache, GFP_KERNEL | __GFP_NOFAIL); 860 861 xfs_log_item_init(tp->t_mountp, &attrdp->attrd_item, XFS_LI_ATTRD, 862 &xfs_attrd_item_ops); 863 attrdp->attrd_attrip = attrip; 864 attrdp->attrd_format.alfd_alf_id = attrip->attri_format.alfi_id; 865 866 return &attrdp->attrd_item; 867 } 868 869 void 870 xfs_attr_defer_add( 871 struct xfs_da_args *args, 872 enum xfs_attr_defer_op op) 873 { 874 struct xfs_attr_intent *new; 875 unsigned int log_op = 0; 876 bool is_pptr = args->attr_filter & XFS_ATTR_PARENT; 877 878 if (is_pptr) { 879 ASSERT(xfs_has_parent(args->dp->i_mount)); 880 ASSERT((args->attr_filter & ~XFS_ATTR_PARENT) == 0); 881 ASSERT(args->op_flags & XFS_DA_OP_LOGGED); 882 ASSERT(args->valuelen == sizeof(struct xfs_parent_rec)); 883 } 884 885 new = kmem_cache_zalloc(xfs_attr_intent_cache, 886 GFP_NOFS | __GFP_NOFAIL); 887 new->xattri_da_args = args; 888 889 /* Compute log operation from the higher level op and namespace. */ 890 switch (op) { 891 case XFS_ATTR_DEFER_SET: 892 if (is_pptr) 893 log_op = XFS_ATTRI_OP_FLAGS_PPTR_SET; 894 else 895 log_op = XFS_ATTRI_OP_FLAGS_SET; 896 break; 897 case XFS_ATTR_DEFER_REPLACE: 898 if (is_pptr) 899 log_op = XFS_ATTRI_OP_FLAGS_PPTR_REPLACE; 900 else 901 log_op = XFS_ATTRI_OP_FLAGS_REPLACE; 902 break; 903 case XFS_ATTR_DEFER_REMOVE: 904 if (is_pptr) 905 log_op = XFS_ATTRI_OP_FLAGS_PPTR_REMOVE; 906 else 907 log_op = XFS_ATTRI_OP_FLAGS_REMOVE; 908 break; 909 default: 910 ASSERT(0); 911 break; 912 } 913 new->xattri_op_flags = log_op; 914 915 /* Set up initial attr operation state. */ 916 switch (log_op) { 917 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 918 case XFS_ATTRI_OP_FLAGS_SET: 919 new->xattri_dela_state = xfs_attr_init_add_state(args); 920 break; 921 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 922 ASSERT(args->new_valuelen == args->valuelen); 923 new->xattri_dela_state = xfs_attr_init_replace_state(args); 924 break; 925 case XFS_ATTRI_OP_FLAGS_REPLACE: 926 new->xattri_dela_state = xfs_attr_init_replace_state(args); 927 break; 928 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 929 case XFS_ATTRI_OP_FLAGS_REMOVE: 930 new->xattri_dela_state = xfs_attr_init_remove_state(args); 931 break; 932 } 933 934 xfs_defer_add(args->trans, &new->xattri_list, &xfs_attr_defer_type); 935 trace_xfs_attr_defer_add(new->xattri_dela_state, args->dp); 936 } 937 938 const struct xfs_defer_op_type xfs_attr_defer_type = { 939 .name = "attr", 940 .max_items = 1, 941 .create_intent = xfs_attr_create_intent, 942 .abort_intent = xfs_attr_abort_intent, 943 .create_done = xfs_attr_create_done, 944 .finish_item = xfs_attr_finish_item, 945 .cancel_item = xfs_attr_cancel_item, 946 .recover_work = xfs_attr_recover_work, 947 .relog_intent = xfs_attr_relog_intent, 948 }; 949 950 static inline void * 951 xfs_attri_validate_name_iovec( 952 struct xfs_mount *mp, 953 struct xfs_attri_log_format *attri_formatp, 954 const struct kvec *iovec, 955 unsigned int name_len) 956 { 957 if (iovec->iov_len != xlog_calc_iovec_len(name_len)) { 958 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 959 attri_formatp, sizeof(*attri_formatp)); 960 return NULL; 961 } 962 963 if (!xfs_attr_namecheck(attri_formatp->alfi_attr_filter, iovec->iov_base, 964 name_len)) { 965 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 966 attri_formatp, sizeof(*attri_formatp)); 967 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 968 iovec->iov_base, iovec->iov_len); 969 return NULL; 970 } 971 972 return iovec->iov_base; 973 } 974 975 static inline void * 976 xfs_attri_validate_value_iovec( 977 struct xfs_mount *mp, 978 struct xfs_attri_log_format *attri_formatp, 979 const struct kvec *iovec, 980 unsigned int value_len) 981 { 982 if (iovec->iov_len != xlog_calc_iovec_len(value_len)) { 983 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 984 attri_formatp, sizeof(*attri_formatp)); 985 return NULL; 986 } 987 988 if ((attri_formatp->alfi_attr_filter & XFS_ATTR_PARENT) && 989 !xfs_parent_valuecheck(mp, iovec->iov_base, value_len)) { 990 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 991 attri_formatp, sizeof(*attri_formatp)); 992 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 993 iovec->iov_base, iovec->iov_len); 994 return NULL; 995 } 996 997 return iovec->iov_base; 998 } 999 1000 STATIC int 1001 xlog_recover_attri_commit_pass2( 1002 struct xlog *log, 1003 struct list_head *buffer_list, 1004 struct xlog_recover_item *item, 1005 xfs_lsn_t lsn) 1006 { 1007 struct xfs_mount *mp = log->l_mp; 1008 struct xfs_attri_log_item *attrip; 1009 struct xfs_attri_log_format *attri_formatp; 1010 struct xfs_attri_log_nameval *nv; 1011 const void *attr_name; 1012 const void *attr_value = NULL; 1013 const void *attr_new_name = NULL; 1014 const void *attr_new_value = NULL; 1015 size_t len; 1016 unsigned int name_len = 0; 1017 unsigned int value_len = 0; 1018 unsigned int new_name_len = 0; 1019 unsigned int new_value_len = 0; 1020 unsigned int op, i = 0; 1021 1022 /* Validate xfs_attri_log_format before the large memory allocation */ 1023 len = sizeof(struct xfs_attri_log_format); 1024 if (item->ri_buf[i].iov_len != len) { 1025 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1026 item->ri_buf[0].iov_base, item->ri_buf[0].iov_len); 1027 return -EFSCORRUPTED; 1028 } 1029 1030 attri_formatp = item->ri_buf[i].iov_base; 1031 if (!xfs_attri_validate(mp, attri_formatp)) { 1032 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1033 attri_formatp, len); 1034 return -EFSCORRUPTED; 1035 } 1036 1037 /* Check the number of log iovecs makes sense for the op code. */ 1038 op = xfs_attr_log_item_op(attri_formatp); 1039 switch (op) { 1040 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 1041 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 1042 /* Log item, attr name, attr value */ 1043 if (item->ri_total != 3) { 1044 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1045 attri_formatp, len); 1046 return -EFSCORRUPTED; 1047 } 1048 name_len = attri_formatp->alfi_name_len; 1049 value_len = attri_formatp->alfi_value_len; 1050 break; 1051 case XFS_ATTRI_OP_FLAGS_SET: 1052 case XFS_ATTRI_OP_FLAGS_REPLACE: 1053 /* Log item, attr name, attr value */ 1054 if (item->ri_total != 3) { 1055 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1056 attri_formatp, len); 1057 return -EFSCORRUPTED; 1058 } 1059 name_len = attri_formatp->alfi_name_len; 1060 value_len = attri_formatp->alfi_value_len; 1061 break; 1062 case XFS_ATTRI_OP_FLAGS_REMOVE: 1063 /* Log item, attr name */ 1064 if (item->ri_total != 2) { 1065 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1066 attri_formatp, len); 1067 return -EFSCORRUPTED; 1068 } 1069 name_len = attri_formatp->alfi_name_len; 1070 break; 1071 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 1072 /* 1073 * Log item, attr name, new attr name, attr value, new attr 1074 * value 1075 */ 1076 if (item->ri_total != 5) { 1077 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1078 attri_formatp, len); 1079 return -EFSCORRUPTED; 1080 } 1081 name_len = attri_formatp->alfi_old_name_len; 1082 new_name_len = attri_formatp->alfi_new_name_len; 1083 new_value_len = value_len = attri_formatp->alfi_value_len; 1084 break; 1085 default: 1086 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1087 attri_formatp, len); 1088 return -EFSCORRUPTED; 1089 } 1090 i++; 1091 1092 /* Validate the attr name */ 1093 attr_name = xfs_attri_validate_name_iovec(mp, attri_formatp, 1094 &item->ri_buf[i], name_len); 1095 if (!attr_name) 1096 return -EFSCORRUPTED; 1097 i++; 1098 1099 /* Validate the new attr name */ 1100 if (new_name_len > 0) { 1101 attr_new_name = xfs_attri_validate_name_iovec(mp, 1102 attri_formatp, &item->ri_buf[i], 1103 new_name_len); 1104 if (!attr_new_name) 1105 return -EFSCORRUPTED; 1106 i++; 1107 } 1108 1109 /* Validate the attr value, if present */ 1110 if (value_len != 0) { 1111 attr_value = xfs_attri_validate_value_iovec(mp, attri_formatp, 1112 &item->ri_buf[i], value_len); 1113 if (!attr_value) 1114 return -EFSCORRUPTED; 1115 i++; 1116 } 1117 1118 /* Validate the new attr value, if present */ 1119 if (new_value_len != 0) { 1120 attr_new_value = xfs_attri_validate_value_iovec(mp, 1121 attri_formatp, &item->ri_buf[i], 1122 new_value_len); 1123 if (!attr_new_value) 1124 return -EFSCORRUPTED; 1125 i++; 1126 } 1127 1128 /* 1129 * Make sure we got the correct number of buffers for the operation 1130 * that we just loaded. 1131 */ 1132 if (i != item->ri_total) { 1133 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1134 attri_formatp, len); 1135 return -EFSCORRUPTED; 1136 } 1137 1138 switch (op) { 1139 case XFS_ATTRI_OP_FLAGS_REMOVE: 1140 /* Regular remove operations operate only on names. */ 1141 if (attr_value != NULL || value_len != 0) { 1142 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1143 attri_formatp, len); 1144 return -EFSCORRUPTED; 1145 } 1146 fallthrough; 1147 case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE: 1148 case XFS_ATTRI_OP_FLAGS_PPTR_SET: 1149 case XFS_ATTRI_OP_FLAGS_SET: 1150 case XFS_ATTRI_OP_FLAGS_REPLACE: 1151 /* 1152 * Regular xattr set/remove/replace operations require a name 1153 * and do not take a newname. Values are optional for set and 1154 * replace. 1155 * 1156 * Name-value set/remove operations must have a name, do not 1157 * take a newname, and can take a value. 1158 */ 1159 if (attr_name == NULL || name_len == 0) { 1160 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1161 attri_formatp, len); 1162 return -EFSCORRUPTED; 1163 } 1164 break; 1165 case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE: 1166 /* 1167 * Name-value replace operations require the caller to 1168 * specify the old and new names and values explicitly. 1169 * Values are optional. 1170 */ 1171 if (attr_name == NULL || name_len == 0) { 1172 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1173 attri_formatp, len); 1174 return -EFSCORRUPTED; 1175 } 1176 if (attr_new_name == NULL || new_name_len == 0) { 1177 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 1178 attri_formatp, len); 1179 return -EFSCORRUPTED; 1180 } 1181 break; 1182 } 1183 1184 /* 1185 * Memory alloc failure will cause replay to abort. We attach the 1186 * name/value buffer to the recovered incore log item and drop our 1187 * reference. 1188 */ 1189 nv = xfs_attri_log_nameval_alloc(attr_name, name_len, 1190 attr_new_name, new_name_len, 1191 attr_value, value_len, 1192 attr_new_value, new_value_len); 1193 1194 attrip = xfs_attri_init(mp, nv); 1195 memcpy(&attrip->attri_format, attri_formatp, len); 1196 1197 xlog_recover_intent_item(log, &attrip->attri_item, lsn, 1198 &xfs_attr_defer_type); 1199 xfs_attri_log_nameval_put(nv); 1200 return 0; 1201 } 1202 1203 /* 1204 * This routine is called when an ATTRD format structure is found in a committed 1205 * transaction in the log. Its purpose is to cancel the corresponding ATTRI if 1206 * it was still in the log. To do this it searches the AIL for the ATTRI with 1207 * an id equal to that in the ATTRD format structure. If we find it we drop 1208 * the ATTRD reference, which removes the ATTRI from the AIL and frees it. 1209 */ 1210 STATIC int 1211 xlog_recover_attrd_commit_pass2( 1212 struct xlog *log, 1213 struct list_head *buffer_list, 1214 struct xlog_recover_item *item, 1215 xfs_lsn_t lsn) 1216 { 1217 struct xfs_attrd_log_format *attrd_formatp; 1218 1219 attrd_formatp = item->ri_buf[0].iov_base; 1220 if (item->ri_buf[0].iov_len != sizeof(struct xfs_attrd_log_format)) { 1221 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp, 1222 item->ri_buf[0].iov_base, item->ri_buf[0].iov_len); 1223 return -EFSCORRUPTED; 1224 } 1225 1226 xlog_recover_release_intent(log, XFS_LI_ATTRI, 1227 attrd_formatp->alfd_alf_id); 1228 return 0; 1229 } 1230 1231 static const struct xfs_item_ops xfs_attri_item_ops = { 1232 .flags = XFS_ITEM_INTENT, 1233 .iop_size = xfs_attri_item_size, 1234 .iop_format = xfs_attri_item_format, 1235 .iop_unpin = xfs_attri_item_unpin, 1236 .iop_release = xfs_attri_item_release, 1237 .iop_match = xfs_attri_item_match, 1238 }; 1239 1240 const struct xlog_recover_item_ops xlog_attri_item_ops = { 1241 .item_type = XFS_LI_ATTRI, 1242 .commit_pass2 = xlog_recover_attri_commit_pass2, 1243 }; 1244 1245 static const struct xfs_item_ops xfs_attrd_item_ops = { 1246 .flags = XFS_ITEM_RELEASE_WHEN_COMMITTED | 1247 XFS_ITEM_INTENT_DONE, 1248 .iop_size = xfs_attrd_item_size, 1249 .iop_format = xfs_attrd_item_format, 1250 .iop_release = xfs_attrd_item_release, 1251 .iop_intent = xfs_attrd_item_intent, 1252 }; 1253 1254 const struct xlog_recover_item_ops xlog_attrd_item_ops = { 1255 .item_type = XFS_LI_ATTRD, 1256 .commit_pass2 = xlog_recover_attrd_commit_pass2, 1257 }; 1258