xref: /openbmc/linux/fs/xfs/libxfs/xfs_sb.c (revision 0e52b98b)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4  * All Rights Reserved.
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_ialloc.h"
16 #include "xfs_alloc.h"
17 #include "xfs_error.h"
18 #include "xfs_trans.h"
19 #include "xfs_buf_item.h"
20 #include "xfs_bmap_btree.h"
21 #include "xfs_alloc_btree.h"
22 #include "xfs_log.h"
23 #include "xfs_rmap_btree.h"
24 #include "xfs_refcount_btree.h"
25 #include "xfs_da_format.h"
26 #include "xfs_health.h"
27 #include "xfs_ag.h"
28 #include "xfs_rtbitmap.h"
29 
30 /*
31  * Physical superblock buffer manipulations. Shared with libxfs in userspace.
32  */
33 
34 /*
35  * Check that all the V4 feature bits that the V5 filesystem format requires are
36  * correctly set.
37  */
38 static bool
xfs_sb_validate_v5_features(struct xfs_sb * sbp)39 xfs_sb_validate_v5_features(
40 	struct xfs_sb	*sbp)
41 {
42 	/* We must not have any unknown V4 feature bits set */
43 	if (sbp->sb_versionnum & ~XFS_SB_VERSION_OKBITS)
44 		return false;
45 
46 	/*
47 	 * The CRC bit is considered an invalid V4 flag, so we have to add it
48 	 * manually to the OKBITS mask.
49 	 */
50 	if (sbp->sb_features2 & ~(XFS_SB_VERSION2_OKBITS |
51 				  XFS_SB_VERSION2_CRCBIT))
52 		return false;
53 
54 	/* Now check all the required V4 feature flags are set. */
55 
56 #define V5_VERS_FLAGS	(XFS_SB_VERSION_NLINKBIT	| \
57 			XFS_SB_VERSION_ALIGNBIT		| \
58 			XFS_SB_VERSION_LOGV2BIT		| \
59 			XFS_SB_VERSION_EXTFLGBIT	| \
60 			XFS_SB_VERSION_DIRV2BIT		| \
61 			XFS_SB_VERSION_MOREBITSBIT)
62 
63 #define V5_FEAT_FLAGS	(XFS_SB_VERSION2_LAZYSBCOUNTBIT	| \
64 			XFS_SB_VERSION2_ATTR2BIT	| \
65 			XFS_SB_VERSION2_PROJID32BIT	| \
66 			XFS_SB_VERSION2_CRCBIT)
67 
68 	if ((sbp->sb_versionnum & V5_VERS_FLAGS) != V5_VERS_FLAGS)
69 		return false;
70 	if ((sbp->sb_features2 & V5_FEAT_FLAGS) != V5_FEAT_FLAGS)
71 		return false;
72 	return true;
73 }
74 
75 /*
76  * We current support XFS v5 formats with known features and v4 superblocks with
77  * at least V2 directories.
78  */
79 bool
xfs_sb_good_version(struct xfs_sb * sbp)80 xfs_sb_good_version(
81 	struct xfs_sb	*sbp)
82 {
83 	/*
84 	 * All v5 filesystems are supported, but we must check that all the
85 	 * required v4 feature flags are enabled correctly as the code checks
86 	 * those flags and not for v5 support.
87 	 */
88 	if (xfs_sb_is_v5(sbp))
89 		return xfs_sb_validate_v5_features(sbp);
90 
91 	/* versions prior to v4 are not supported */
92 	if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_4)
93 		return false;
94 
95 	/* We must not have any unknown v4 feature bits set */
96 	if ((sbp->sb_versionnum & ~XFS_SB_VERSION_OKBITS) ||
97 	    ((sbp->sb_versionnum & XFS_SB_VERSION_MOREBITSBIT) &&
98 	     (sbp->sb_features2 & ~XFS_SB_VERSION2_OKBITS)))
99 		return false;
100 
101 	/* V4 filesystems need v2 directories and unwritten extents */
102 	if (!(sbp->sb_versionnum & XFS_SB_VERSION_DIRV2BIT))
103 		return false;
104 	if (!(sbp->sb_versionnum & XFS_SB_VERSION_EXTFLGBIT))
105 		return false;
106 
107 	/* It's a supported v4 filesystem */
108 	return true;
109 }
110 
111 uint64_t
xfs_sb_version_to_features(struct xfs_sb * sbp)112 xfs_sb_version_to_features(
113 	struct xfs_sb	*sbp)
114 {
115 	uint64_t	features = 0;
116 
117 	/* optional V4 features */
118 	if (sbp->sb_rblocks > 0)
119 		features |= XFS_FEAT_REALTIME;
120 	if (sbp->sb_versionnum & XFS_SB_VERSION_NLINKBIT)
121 		features |= XFS_FEAT_NLINK;
122 	if (sbp->sb_versionnum & XFS_SB_VERSION_ATTRBIT)
123 		features |= XFS_FEAT_ATTR;
124 	if (sbp->sb_versionnum & XFS_SB_VERSION_QUOTABIT)
125 		features |= XFS_FEAT_QUOTA;
126 	if (sbp->sb_versionnum & XFS_SB_VERSION_ALIGNBIT)
127 		features |= XFS_FEAT_ALIGN;
128 	if (sbp->sb_versionnum & XFS_SB_VERSION_LOGV2BIT)
129 		features |= XFS_FEAT_LOGV2;
130 	if (sbp->sb_versionnum & XFS_SB_VERSION_DALIGNBIT)
131 		features |= XFS_FEAT_DALIGN;
132 	if (sbp->sb_versionnum & XFS_SB_VERSION_EXTFLGBIT)
133 		features |= XFS_FEAT_EXTFLG;
134 	if (sbp->sb_versionnum & XFS_SB_VERSION_SECTORBIT)
135 		features |= XFS_FEAT_SECTOR;
136 	if (sbp->sb_versionnum & XFS_SB_VERSION_BORGBIT)
137 		features |= XFS_FEAT_ASCIICI;
138 	if (sbp->sb_versionnum & XFS_SB_VERSION_MOREBITSBIT) {
139 		if (sbp->sb_features2 & XFS_SB_VERSION2_LAZYSBCOUNTBIT)
140 			features |= XFS_FEAT_LAZYSBCOUNT;
141 		if (sbp->sb_features2 & XFS_SB_VERSION2_ATTR2BIT)
142 			features |= XFS_FEAT_ATTR2;
143 		if (sbp->sb_features2 & XFS_SB_VERSION2_PROJID32BIT)
144 			features |= XFS_FEAT_PROJID32;
145 		if (sbp->sb_features2 & XFS_SB_VERSION2_FTYPE)
146 			features |= XFS_FEAT_FTYPE;
147 	}
148 
149 	if (!xfs_sb_is_v5(sbp))
150 		return features;
151 
152 	/* Always on V5 features */
153 	features |= XFS_FEAT_ALIGN | XFS_FEAT_LOGV2 | XFS_FEAT_EXTFLG |
154 		    XFS_FEAT_LAZYSBCOUNT | XFS_FEAT_ATTR2 | XFS_FEAT_PROJID32 |
155 		    XFS_FEAT_V3INODES | XFS_FEAT_CRC | XFS_FEAT_PQUOTINO;
156 
157 	/* Optional V5 features */
158 	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_FINOBT)
159 		features |= XFS_FEAT_FINOBT;
160 	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_RMAPBT)
161 		features |= XFS_FEAT_RMAPBT;
162 	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_REFLINK)
163 		features |= XFS_FEAT_REFLINK;
164 	if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT)
165 		features |= XFS_FEAT_INOBTCNT;
166 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE)
167 		features |= XFS_FEAT_FTYPE;
168 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES)
169 		features |= XFS_FEAT_SPINODES;
170 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID)
171 		features |= XFS_FEAT_META_UUID;
172 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_BIGTIME)
173 		features |= XFS_FEAT_BIGTIME;
174 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
175 		features |= XFS_FEAT_NEEDSREPAIR;
176 	if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_NREXT64)
177 		features |= XFS_FEAT_NREXT64;
178 
179 	return features;
180 }
181 
182 /* Check all the superblock fields we care about when reading one in. */
183 STATIC int
xfs_validate_sb_read(struct xfs_mount * mp,struct xfs_sb * sbp)184 xfs_validate_sb_read(
185 	struct xfs_mount	*mp,
186 	struct xfs_sb		*sbp)
187 {
188 	if (!xfs_sb_is_v5(sbp))
189 		return 0;
190 
191 	/*
192 	 * Version 5 superblock feature mask validation. Reject combinations
193 	 * the kernel cannot support up front before checking anything else.
194 	 */
195 	if (xfs_sb_has_compat_feature(sbp, XFS_SB_FEAT_COMPAT_UNKNOWN)) {
196 		xfs_warn(mp,
197 "Superblock has unknown compatible features (0x%x) enabled.",
198 			(sbp->sb_features_compat & XFS_SB_FEAT_COMPAT_UNKNOWN));
199 		xfs_warn(mp,
200 "Using a more recent kernel is recommended.");
201 	}
202 
203 	if (xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
204 		xfs_alert(mp,
205 "Superblock has unknown read-only compatible features (0x%x) enabled.",
206 			(sbp->sb_features_ro_compat &
207 					XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
208 		if (!xfs_is_readonly(mp)) {
209 			xfs_warn(mp,
210 "Attempted to mount read-only compatible filesystem read-write.");
211 			xfs_warn(mp,
212 "Filesystem can only be safely mounted read only.");
213 
214 			return -EINVAL;
215 		}
216 	}
217 	if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
218 		xfs_warn(mp,
219 "Superblock has unknown incompatible features (0x%x) enabled.",
220 			(sbp->sb_features_incompat &
221 					XFS_SB_FEAT_INCOMPAT_UNKNOWN));
222 		xfs_warn(mp,
223 "Filesystem cannot be safely mounted by this kernel.");
224 		return -EINVAL;
225 	}
226 
227 	return 0;
228 }
229 
230 /* Check all the superblock fields we care about when writing one out. */
231 STATIC int
xfs_validate_sb_write(struct xfs_mount * mp,struct xfs_buf * bp,struct xfs_sb * sbp)232 xfs_validate_sb_write(
233 	struct xfs_mount	*mp,
234 	struct xfs_buf		*bp,
235 	struct xfs_sb		*sbp)
236 {
237 	/*
238 	 * Carry out additional sb summary counter sanity checks when we write
239 	 * the superblock.  We skip this in the read validator because there
240 	 * could be newer superblocks in the log and if the values are garbage
241 	 * even after replay we'll recalculate them at the end of log mount.
242 	 *
243 	 * mkfs has traditionally written zeroed counters to inprogress and
244 	 * secondary superblocks, so allow this usage to continue because
245 	 * we never read counters from such superblocks.
246 	 */
247 	if (xfs_buf_daddr(bp) == XFS_SB_DADDR && !sbp->sb_inprogress &&
248 	    (sbp->sb_fdblocks > sbp->sb_dblocks ||
249 	     !xfs_verify_icount(mp, sbp->sb_icount) ||
250 	     sbp->sb_ifree > sbp->sb_icount)) {
251 		xfs_warn(mp, "SB summary counter sanity check failed");
252 		return -EFSCORRUPTED;
253 	}
254 
255 	if (!xfs_sb_is_v5(sbp))
256 		return 0;
257 
258 	/*
259 	 * Version 5 superblock feature mask validation. Reject combinations
260 	 * the kernel cannot support since we checked for unsupported bits in
261 	 * the read verifier, which means that memory is corrupt.
262 	 */
263 	if (xfs_sb_has_compat_feature(sbp, XFS_SB_FEAT_COMPAT_UNKNOWN)) {
264 		xfs_warn(mp,
265 "Corruption detected in superblock compatible features (0x%x)!",
266 			(sbp->sb_features_compat & XFS_SB_FEAT_COMPAT_UNKNOWN));
267 		return -EFSCORRUPTED;
268 	}
269 
270 	if (!xfs_is_readonly(mp) &&
271 	    xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
272 		xfs_alert(mp,
273 "Corruption detected in superblock read-only compatible features (0x%x)!",
274 			(sbp->sb_features_ro_compat &
275 					XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
276 		return -EFSCORRUPTED;
277 	}
278 	if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
279 		xfs_warn(mp,
280 "Corruption detected in superblock incompatible features (0x%x)!",
281 			(sbp->sb_features_incompat &
282 					XFS_SB_FEAT_INCOMPAT_UNKNOWN));
283 		return -EFSCORRUPTED;
284 	}
285 	if (xfs_sb_has_incompat_log_feature(sbp,
286 			XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
287 		xfs_warn(mp,
288 "Corruption detected in superblock incompatible log features (0x%x)!",
289 			(sbp->sb_features_log_incompat &
290 					XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
291 		return -EFSCORRUPTED;
292 	}
293 
294 	/*
295 	 * We can't read verify the sb LSN because the read verifier is called
296 	 * before the log is allocated and processed. We know the log is set up
297 	 * before write verifier calls, so check it here.
298 	 */
299 	if (!xfs_log_check_lsn(mp, sbp->sb_lsn))
300 		return -EFSCORRUPTED;
301 
302 	return 0;
303 }
304 
305 /* Check the validity of the SB. */
306 STATIC int
xfs_validate_sb_common(struct xfs_mount * mp,struct xfs_buf * bp,struct xfs_sb * sbp)307 xfs_validate_sb_common(
308 	struct xfs_mount	*mp,
309 	struct xfs_buf		*bp,
310 	struct xfs_sb		*sbp)
311 {
312 	struct xfs_dsb		*dsb = bp->b_addr;
313 	uint32_t		agcount = 0;
314 	uint32_t		rem;
315 	bool			has_dalign;
316 
317 	if (!xfs_verify_magic(bp, dsb->sb_magicnum)) {
318 		xfs_warn(mp,
319 "Superblock has bad magic number 0x%x. Not an XFS filesystem?",
320 			be32_to_cpu(dsb->sb_magicnum));
321 		return -EWRONGFS;
322 	}
323 
324 	if (!xfs_sb_good_version(sbp)) {
325 		xfs_warn(mp,
326 "Superblock has unknown features enabled or corrupted feature masks.");
327 		return -EWRONGFS;
328 	}
329 
330 	/*
331 	 * Validate feature flags and state
332 	 */
333 	if (xfs_sb_is_v5(sbp)) {
334 		if (sbp->sb_blocksize < XFS_MIN_CRC_BLOCKSIZE) {
335 			xfs_notice(mp,
336 "Block size (%u bytes) too small for Version 5 superblock (minimum %d bytes)",
337 				sbp->sb_blocksize, XFS_MIN_CRC_BLOCKSIZE);
338 			return -EFSCORRUPTED;
339 		}
340 
341 		/* V5 has a separate project quota inode */
342 		if (sbp->sb_qflags & (XFS_OQUOTA_ENFD | XFS_OQUOTA_CHKD)) {
343 			xfs_notice(mp,
344 			   "Version 5 of Super block has XFS_OQUOTA bits.");
345 			return -EFSCORRUPTED;
346 		}
347 
348 		/*
349 		 * Full inode chunks must be aligned to inode chunk size when
350 		 * sparse inodes are enabled to support the sparse chunk
351 		 * allocation algorithm and prevent overlapping inode records.
352 		 */
353 		if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) {
354 			uint32_t	align;
355 
356 			align = XFS_INODES_PER_CHUNK * sbp->sb_inodesize
357 					>> sbp->sb_blocklog;
358 			if (sbp->sb_inoalignmt != align) {
359 				xfs_warn(mp,
360 "Inode block alignment (%u) must match chunk size (%u) for sparse inodes.",
361 					 sbp->sb_inoalignmt, align);
362 				return -EINVAL;
363 			}
364 		}
365 	} else if (sbp->sb_qflags & (XFS_PQUOTA_ENFD | XFS_GQUOTA_ENFD |
366 				XFS_PQUOTA_CHKD | XFS_GQUOTA_CHKD)) {
367 			xfs_notice(mp,
368 "Superblock earlier than Version 5 has XFS_{P|G}QUOTA_{ENFD|CHKD} bits.");
369 			return -EFSCORRUPTED;
370 	}
371 
372 	if (unlikely(
373 	    sbp->sb_logstart == 0 && mp->m_logdev_targp == mp->m_ddev_targp)) {
374 		xfs_warn(mp,
375 		"filesystem is marked as having an external log; "
376 		"specify logdev on the mount command line.");
377 		return -EINVAL;
378 	}
379 
380 	if (unlikely(
381 	    sbp->sb_logstart != 0 && mp->m_logdev_targp != mp->m_ddev_targp)) {
382 		xfs_warn(mp,
383 		"filesystem is marked as having an internal log; "
384 		"do not specify logdev on the mount command line.");
385 		return -EINVAL;
386 	}
387 
388 	/* Compute agcount for this number of dblocks and agblocks */
389 	if (sbp->sb_agblocks) {
390 		agcount = div_u64_rem(sbp->sb_dblocks, sbp->sb_agblocks, &rem);
391 		if (rem)
392 			agcount++;
393 	}
394 
395 	/*
396 	 * More sanity checking.  Most of these were stolen directly from
397 	 * xfs_repair.
398 	 */
399 	if (unlikely(
400 	    sbp->sb_agcount <= 0					||
401 	    sbp->sb_sectsize < XFS_MIN_SECTORSIZE			||
402 	    sbp->sb_sectsize > XFS_MAX_SECTORSIZE			||
403 	    sbp->sb_sectlog < XFS_MIN_SECTORSIZE_LOG			||
404 	    sbp->sb_sectlog > XFS_MAX_SECTORSIZE_LOG			||
405 	    sbp->sb_sectsize != (1 << sbp->sb_sectlog)			||
406 	    sbp->sb_blocksize < XFS_MIN_BLOCKSIZE			||
407 	    sbp->sb_blocksize > XFS_MAX_BLOCKSIZE			||
408 	    sbp->sb_blocklog < XFS_MIN_BLOCKSIZE_LOG			||
409 	    sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG			||
410 	    sbp->sb_blocksize != (1 << sbp->sb_blocklog)		||
411 	    sbp->sb_dirblklog + sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG ||
412 	    sbp->sb_inodesize < XFS_DINODE_MIN_SIZE			||
413 	    sbp->sb_inodesize > XFS_DINODE_MAX_SIZE			||
414 	    sbp->sb_inodelog < XFS_DINODE_MIN_LOG			||
415 	    sbp->sb_inodelog > XFS_DINODE_MAX_LOG			||
416 	    sbp->sb_inodesize != (1 << sbp->sb_inodelog)		||
417 	    sbp->sb_inopblock != howmany(sbp->sb_blocksize,sbp->sb_inodesize) ||
418 	    XFS_FSB_TO_B(mp, sbp->sb_agblocks) < XFS_MIN_AG_BYTES	||
419 	    XFS_FSB_TO_B(mp, sbp->sb_agblocks) > XFS_MAX_AG_BYTES	||
420 	    sbp->sb_agblklog != xfs_highbit32(sbp->sb_agblocks - 1) + 1	||
421 	    agcount == 0 || agcount != sbp->sb_agcount			||
422 	    (sbp->sb_blocklog - sbp->sb_inodelog != sbp->sb_inopblog)	||
423 	    (sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE)	||
424 	    (sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE)	||
425 	    (sbp->sb_imax_pct > 100 /* zero sb_imax_pct is valid */)	||
426 	    sbp->sb_dblocks == 0					||
427 	    sbp->sb_dblocks > XFS_MAX_DBLOCKS(sbp)			||
428 	    sbp->sb_dblocks < XFS_MIN_DBLOCKS(sbp)			||
429 	    sbp->sb_shared_vn != 0)) {
430 		xfs_notice(mp, "SB sanity check failed");
431 		return -EFSCORRUPTED;
432 	}
433 
434 	/*
435 	 * Logs that are too large are not supported at all. Reject them
436 	 * outright. Logs that are too small are tolerated on v4 filesystems,
437 	 * but we can only check that when mounting the log. Hence we skip
438 	 * those checks here.
439 	 */
440 	if (sbp->sb_logblocks > XFS_MAX_LOG_BLOCKS) {
441 		xfs_notice(mp,
442 		"Log size 0x%x blocks too large, maximum size is 0x%llx blocks",
443 			 sbp->sb_logblocks, XFS_MAX_LOG_BLOCKS);
444 		return -EFSCORRUPTED;
445 	}
446 
447 	if (XFS_FSB_TO_B(mp, sbp->sb_logblocks) > XFS_MAX_LOG_BYTES) {
448 		xfs_warn(mp,
449 		"log size 0x%llx bytes too large, maximum size is 0x%llx bytes",
450 			 XFS_FSB_TO_B(mp, sbp->sb_logblocks),
451 			 XFS_MAX_LOG_BYTES);
452 		return -EFSCORRUPTED;
453 	}
454 
455 	/*
456 	 * Do not allow filesystems with corrupted log sector or stripe units to
457 	 * be mounted. We cannot safely size the iclogs or write to the log if
458 	 * the log stripe unit is not valid.
459 	 */
460 	if (sbp->sb_versionnum & XFS_SB_VERSION_SECTORBIT) {
461 		if (sbp->sb_logsectsize != (1U << sbp->sb_logsectlog)) {
462 			xfs_notice(mp,
463 			"log sector size in bytes/log2 (0x%x/0x%x) must match",
464 				sbp->sb_logsectsize, 1U << sbp->sb_logsectlog);
465 			return -EFSCORRUPTED;
466 		}
467 	} else if (sbp->sb_logsectsize || sbp->sb_logsectlog) {
468 		xfs_notice(mp,
469 		"log sector size in bytes/log2 (0x%x/0x%x) are not zero",
470 			sbp->sb_logsectsize, sbp->sb_logsectlog);
471 		return -EFSCORRUPTED;
472 	}
473 
474 	if (sbp->sb_logsunit > 1) {
475 		if (sbp->sb_logsunit % sbp->sb_blocksize) {
476 			xfs_notice(mp,
477 		"log stripe unit 0x%x bytes must be a multiple of block size",
478 				sbp->sb_logsunit);
479 			return -EFSCORRUPTED;
480 		}
481 		if (sbp->sb_logsunit > XLOG_MAX_RECORD_BSIZE) {
482 			xfs_notice(mp,
483 		"log stripe unit 0x%x bytes over maximum size (0x%x bytes)",
484 				sbp->sb_logsunit, XLOG_MAX_RECORD_BSIZE);
485 			return -EFSCORRUPTED;
486 		}
487 	}
488 
489 	/* Validate the realtime geometry; stolen from xfs_repair */
490 	if (sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE ||
491 	    sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE) {
492 		xfs_notice(mp,
493 			"realtime extent sanity check failed");
494 		return -EFSCORRUPTED;
495 	}
496 
497 	if (sbp->sb_rblocks == 0) {
498 		if (sbp->sb_rextents != 0 || sbp->sb_rbmblocks != 0 ||
499 		    sbp->sb_rextslog != 0 || sbp->sb_frextents != 0) {
500 			xfs_notice(mp,
501 				"realtime zeroed geometry check failed");
502 			return -EFSCORRUPTED;
503 		}
504 	} else {
505 		uint64_t	rexts;
506 		uint64_t	rbmblocks;
507 
508 		rexts = div_u64(sbp->sb_rblocks, sbp->sb_rextsize);
509 		rbmblocks = howmany_64(sbp->sb_rextents,
510 				       NBBY * sbp->sb_blocksize);
511 
512 		if (!xfs_validate_rtextents(rexts) ||
513 		    sbp->sb_rextents != rexts ||
514 		    sbp->sb_rextslog != xfs_compute_rextslog(rexts) ||
515 		    sbp->sb_rbmblocks != rbmblocks) {
516 			xfs_notice(mp,
517 				"realtime geometry sanity check failed");
518 			return -EFSCORRUPTED;
519 		}
520 	}
521 
522 	/*
523 	 * Either (sb_unit and !hasdalign) or (!sb_unit and hasdalign)
524 	 * would imply the image is corrupted.
525 	 */
526 	has_dalign = sbp->sb_versionnum & XFS_SB_VERSION_DALIGNBIT;
527 	if (!!sbp->sb_unit ^ has_dalign) {
528 		xfs_notice(mp, "SB stripe alignment sanity check failed");
529 		return -EFSCORRUPTED;
530 	}
531 
532 	if (!xfs_validate_stripe_geometry(mp, XFS_FSB_TO_B(mp, sbp->sb_unit),
533 			XFS_FSB_TO_B(mp, sbp->sb_width), 0,
534 			xfs_buf_daddr(bp) == XFS_SB_DADDR, false))
535 		return -EFSCORRUPTED;
536 
537 	/*
538 	 * Currently only very few inode sizes are supported.
539 	 */
540 	switch (sbp->sb_inodesize) {
541 	case 256:
542 	case 512:
543 	case 1024:
544 	case 2048:
545 		break;
546 	default:
547 		xfs_warn(mp, "inode size of %d bytes not supported",
548 				sbp->sb_inodesize);
549 		return -ENOSYS;
550 	}
551 
552 	return 0;
553 }
554 
555 void
xfs_sb_quota_from_disk(struct xfs_sb * sbp)556 xfs_sb_quota_from_disk(struct xfs_sb *sbp)
557 {
558 	/*
559 	 * older mkfs doesn't initialize quota inodes to NULLFSINO. This
560 	 * leads to in-core values having two different values for a quota
561 	 * inode to be invalid: 0 and NULLFSINO. Change it to a single value
562 	 * NULLFSINO.
563 	 *
564 	 * Note that this change affect only the in-core values. These
565 	 * values are not written back to disk unless any quota information
566 	 * is written to the disk. Even in that case, sb_pquotino field is
567 	 * not written to disk unless the superblock supports pquotino.
568 	 */
569 	if (sbp->sb_uquotino == 0)
570 		sbp->sb_uquotino = NULLFSINO;
571 	if (sbp->sb_gquotino == 0)
572 		sbp->sb_gquotino = NULLFSINO;
573 	if (sbp->sb_pquotino == 0)
574 		sbp->sb_pquotino = NULLFSINO;
575 
576 	/*
577 	 * We need to do these manipilations only if we are working
578 	 * with an older version of on-disk superblock.
579 	 */
580 	if (xfs_sb_is_v5(sbp))
581 		return;
582 
583 	if (sbp->sb_qflags & XFS_OQUOTA_ENFD)
584 		sbp->sb_qflags |= (sbp->sb_qflags & XFS_PQUOTA_ACCT) ?
585 					XFS_PQUOTA_ENFD : XFS_GQUOTA_ENFD;
586 	if (sbp->sb_qflags & XFS_OQUOTA_CHKD)
587 		sbp->sb_qflags |= (sbp->sb_qflags & XFS_PQUOTA_ACCT) ?
588 					XFS_PQUOTA_CHKD : XFS_GQUOTA_CHKD;
589 	sbp->sb_qflags &= ~(XFS_OQUOTA_ENFD | XFS_OQUOTA_CHKD);
590 
591 	if (sbp->sb_qflags & XFS_PQUOTA_ACCT &&
592 	    sbp->sb_gquotino != NULLFSINO)  {
593 		/*
594 		 * In older version of superblock, on-disk superblock only
595 		 * has sb_gquotino, and in-core superblock has both sb_gquotino
596 		 * and sb_pquotino. But, only one of them is supported at any
597 		 * point of time. So, if PQUOTA is set in disk superblock,
598 		 * copy over sb_gquotino to sb_pquotino.  The NULLFSINO test
599 		 * above is to make sure we don't do this twice and wipe them
600 		 * both out!
601 		 */
602 		sbp->sb_pquotino = sbp->sb_gquotino;
603 		sbp->sb_gquotino = NULLFSINO;
604 	}
605 }
606 
607 static void
__xfs_sb_from_disk(struct xfs_sb * to,struct xfs_dsb * from,bool convert_xquota)608 __xfs_sb_from_disk(
609 	struct xfs_sb	*to,
610 	struct xfs_dsb	*from,
611 	bool		convert_xquota)
612 {
613 	to->sb_magicnum = be32_to_cpu(from->sb_magicnum);
614 	to->sb_blocksize = be32_to_cpu(from->sb_blocksize);
615 	to->sb_dblocks = be64_to_cpu(from->sb_dblocks);
616 	to->sb_rblocks = be64_to_cpu(from->sb_rblocks);
617 	to->sb_rextents = be64_to_cpu(from->sb_rextents);
618 	memcpy(&to->sb_uuid, &from->sb_uuid, sizeof(to->sb_uuid));
619 	to->sb_logstart = be64_to_cpu(from->sb_logstart);
620 	to->sb_rootino = be64_to_cpu(from->sb_rootino);
621 	to->sb_rbmino = be64_to_cpu(from->sb_rbmino);
622 	to->sb_rsumino = be64_to_cpu(from->sb_rsumino);
623 	to->sb_rextsize = be32_to_cpu(from->sb_rextsize);
624 	to->sb_agblocks = be32_to_cpu(from->sb_agblocks);
625 	to->sb_agcount = be32_to_cpu(from->sb_agcount);
626 	to->sb_rbmblocks = be32_to_cpu(from->sb_rbmblocks);
627 	to->sb_logblocks = be32_to_cpu(from->sb_logblocks);
628 	to->sb_versionnum = be16_to_cpu(from->sb_versionnum);
629 	to->sb_sectsize = be16_to_cpu(from->sb_sectsize);
630 	to->sb_inodesize = be16_to_cpu(from->sb_inodesize);
631 	to->sb_inopblock = be16_to_cpu(from->sb_inopblock);
632 	memcpy(&to->sb_fname, &from->sb_fname, sizeof(to->sb_fname));
633 	to->sb_blocklog = from->sb_blocklog;
634 	to->sb_sectlog = from->sb_sectlog;
635 	to->sb_inodelog = from->sb_inodelog;
636 	to->sb_inopblog = from->sb_inopblog;
637 	to->sb_agblklog = from->sb_agblklog;
638 	to->sb_rextslog = from->sb_rextslog;
639 	to->sb_inprogress = from->sb_inprogress;
640 	to->sb_imax_pct = from->sb_imax_pct;
641 	to->sb_icount = be64_to_cpu(from->sb_icount);
642 	to->sb_ifree = be64_to_cpu(from->sb_ifree);
643 	to->sb_fdblocks = be64_to_cpu(from->sb_fdblocks);
644 	to->sb_frextents = be64_to_cpu(from->sb_frextents);
645 	to->sb_uquotino = be64_to_cpu(from->sb_uquotino);
646 	to->sb_gquotino = be64_to_cpu(from->sb_gquotino);
647 	to->sb_qflags = be16_to_cpu(from->sb_qflags);
648 	to->sb_flags = from->sb_flags;
649 	to->sb_shared_vn = from->sb_shared_vn;
650 	to->sb_inoalignmt = be32_to_cpu(from->sb_inoalignmt);
651 	to->sb_unit = be32_to_cpu(from->sb_unit);
652 	to->sb_width = be32_to_cpu(from->sb_width);
653 	to->sb_dirblklog = from->sb_dirblklog;
654 	to->sb_logsectlog = from->sb_logsectlog;
655 	to->sb_logsectsize = be16_to_cpu(from->sb_logsectsize);
656 	to->sb_logsunit = be32_to_cpu(from->sb_logsunit);
657 	to->sb_features2 = be32_to_cpu(from->sb_features2);
658 	to->sb_bad_features2 = be32_to_cpu(from->sb_bad_features2);
659 	to->sb_features_compat = be32_to_cpu(from->sb_features_compat);
660 	to->sb_features_ro_compat = be32_to_cpu(from->sb_features_ro_compat);
661 	to->sb_features_incompat = be32_to_cpu(from->sb_features_incompat);
662 	to->sb_features_log_incompat =
663 				be32_to_cpu(from->sb_features_log_incompat);
664 	/* crc is only used on disk, not in memory; just init to 0 here. */
665 	to->sb_crc = 0;
666 	to->sb_spino_align = be32_to_cpu(from->sb_spino_align);
667 	to->sb_pquotino = be64_to_cpu(from->sb_pquotino);
668 	to->sb_lsn = be64_to_cpu(from->sb_lsn);
669 	/*
670 	 * sb_meta_uuid is only on disk if it differs from sb_uuid and the
671 	 * feature flag is set; if not set we keep it only in memory.
672 	 */
673 	if (xfs_sb_is_v5(to) &&
674 	    (to->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID))
675 		uuid_copy(&to->sb_meta_uuid, &from->sb_meta_uuid);
676 	else
677 		uuid_copy(&to->sb_meta_uuid, &from->sb_uuid);
678 	/* Convert on-disk flags to in-memory flags? */
679 	if (convert_xquota)
680 		xfs_sb_quota_from_disk(to);
681 }
682 
683 void
xfs_sb_from_disk(struct xfs_sb * to,struct xfs_dsb * from)684 xfs_sb_from_disk(
685 	struct xfs_sb	*to,
686 	struct xfs_dsb	*from)
687 {
688 	__xfs_sb_from_disk(to, from, true);
689 }
690 
691 static void
xfs_sb_quota_to_disk(struct xfs_dsb * to,struct xfs_sb * from)692 xfs_sb_quota_to_disk(
693 	struct xfs_dsb	*to,
694 	struct xfs_sb	*from)
695 {
696 	uint16_t	qflags = from->sb_qflags;
697 
698 	to->sb_uquotino = cpu_to_be64(from->sb_uquotino);
699 
700 	/*
701 	 * The in-memory superblock quota state matches the v5 on-disk format so
702 	 * just write them out and return
703 	 */
704 	if (xfs_sb_is_v5(from)) {
705 		to->sb_qflags = cpu_to_be16(from->sb_qflags);
706 		to->sb_gquotino = cpu_to_be64(from->sb_gquotino);
707 		to->sb_pquotino = cpu_to_be64(from->sb_pquotino);
708 		return;
709 	}
710 
711 	/*
712 	 * For older superblocks (v4), the in-core version of sb_qflags do not
713 	 * have XFS_OQUOTA_* flags, whereas the on-disk version does.  So,
714 	 * convert incore XFS_{PG}QUOTA_* flags to on-disk XFS_OQUOTA_* flags.
715 	 */
716 	qflags &= ~(XFS_PQUOTA_ENFD | XFS_PQUOTA_CHKD |
717 			XFS_GQUOTA_ENFD | XFS_GQUOTA_CHKD);
718 
719 	if (from->sb_qflags &
720 			(XFS_PQUOTA_ENFD | XFS_GQUOTA_ENFD))
721 		qflags |= XFS_OQUOTA_ENFD;
722 	if (from->sb_qflags &
723 			(XFS_PQUOTA_CHKD | XFS_GQUOTA_CHKD))
724 		qflags |= XFS_OQUOTA_CHKD;
725 	to->sb_qflags = cpu_to_be16(qflags);
726 
727 	/*
728 	 * GQUOTINO and PQUOTINO cannot be used together in versions
729 	 * of superblock that do not have pquotino. from->sb_flags
730 	 * tells us which quota is active and should be copied to
731 	 * disk. If neither are active, we should NULL the inode.
732 	 *
733 	 * In all cases, the separate pquotino must remain 0 because it
734 	 * is beyond the "end" of the valid non-pquotino superblock.
735 	 */
736 	if (from->sb_qflags & XFS_GQUOTA_ACCT)
737 		to->sb_gquotino = cpu_to_be64(from->sb_gquotino);
738 	else if (from->sb_qflags & XFS_PQUOTA_ACCT)
739 		to->sb_gquotino = cpu_to_be64(from->sb_pquotino);
740 	else {
741 		/*
742 		 * We can't rely on just the fields being logged to tell us
743 		 * that it is safe to write NULLFSINO - we should only do that
744 		 * if quotas are not actually enabled. Hence only write
745 		 * NULLFSINO if both in-core quota inodes are NULL.
746 		 */
747 		if (from->sb_gquotino == NULLFSINO &&
748 		    from->sb_pquotino == NULLFSINO)
749 			to->sb_gquotino = cpu_to_be64(NULLFSINO);
750 	}
751 
752 	to->sb_pquotino = 0;
753 }
754 
755 void
xfs_sb_to_disk(struct xfs_dsb * to,struct xfs_sb * from)756 xfs_sb_to_disk(
757 	struct xfs_dsb	*to,
758 	struct xfs_sb	*from)
759 {
760 	xfs_sb_quota_to_disk(to, from);
761 
762 	to->sb_magicnum = cpu_to_be32(from->sb_magicnum);
763 	to->sb_blocksize = cpu_to_be32(from->sb_blocksize);
764 	to->sb_dblocks = cpu_to_be64(from->sb_dblocks);
765 	to->sb_rblocks = cpu_to_be64(from->sb_rblocks);
766 	to->sb_rextents = cpu_to_be64(from->sb_rextents);
767 	memcpy(&to->sb_uuid, &from->sb_uuid, sizeof(to->sb_uuid));
768 	to->sb_logstart = cpu_to_be64(from->sb_logstart);
769 	to->sb_rootino = cpu_to_be64(from->sb_rootino);
770 	to->sb_rbmino = cpu_to_be64(from->sb_rbmino);
771 	to->sb_rsumino = cpu_to_be64(from->sb_rsumino);
772 	to->sb_rextsize = cpu_to_be32(from->sb_rextsize);
773 	to->sb_agblocks = cpu_to_be32(from->sb_agblocks);
774 	to->sb_agcount = cpu_to_be32(from->sb_agcount);
775 	to->sb_rbmblocks = cpu_to_be32(from->sb_rbmblocks);
776 	to->sb_logblocks = cpu_to_be32(from->sb_logblocks);
777 	to->sb_versionnum = cpu_to_be16(from->sb_versionnum);
778 	to->sb_sectsize = cpu_to_be16(from->sb_sectsize);
779 	to->sb_inodesize = cpu_to_be16(from->sb_inodesize);
780 	to->sb_inopblock = cpu_to_be16(from->sb_inopblock);
781 	memcpy(&to->sb_fname, &from->sb_fname, sizeof(to->sb_fname));
782 	to->sb_blocklog = from->sb_blocklog;
783 	to->sb_sectlog = from->sb_sectlog;
784 	to->sb_inodelog = from->sb_inodelog;
785 	to->sb_inopblog = from->sb_inopblog;
786 	to->sb_agblklog = from->sb_agblklog;
787 	to->sb_rextslog = from->sb_rextslog;
788 	to->sb_inprogress = from->sb_inprogress;
789 	to->sb_imax_pct = from->sb_imax_pct;
790 	to->sb_icount = cpu_to_be64(from->sb_icount);
791 	to->sb_ifree = cpu_to_be64(from->sb_ifree);
792 	to->sb_fdblocks = cpu_to_be64(from->sb_fdblocks);
793 	to->sb_frextents = cpu_to_be64(from->sb_frextents);
794 
795 	to->sb_flags = from->sb_flags;
796 	to->sb_shared_vn = from->sb_shared_vn;
797 	to->sb_inoalignmt = cpu_to_be32(from->sb_inoalignmt);
798 	to->sb_unit = cpu_to_be32(from->sb_unit);
799 	to->sb_width = cpu_to_be32(from->sb_width);
800 	to->sb_dirblklog = from->sb_dirblklog;
801 	to->sb_logsectlog = from->sb_logsectlog;
802 	to->sb_logsectsize = cpu_to_be16(from->sb_logsectsize);
803 	to->sb_logsunit = cpu_to_be32(from->sb_logsunit);
804 
805 	/*
806 	 * We need to ensure that bad_features2 always matches features2.
807 	 * Hence we enforce that here rather than having to remember to do it
808 	 * everywhere else that updates features2.
809 	 */
810 	from->sb_bad_features2 = from->sb_features2;
811 	to->sb_features2 = cpu_to_be32(from->sb_features2);
812 	to->sb_bad_features2 = cpu_to_be32(from->sb_bad_features2);
813 
814 	if (!xfs_sb_is_v5(from))
815 		return;
816 
817 	to->sb_features_compat = cpu_to_be32(from->sb_features_compat);
818 	to->sb_features_ro_compat =
819 			cpu_to_be32(from->sb_features_ro_compat);
820 	to->sb_features_incompat =
821 			cpu_to_be32(from->sb_features_incompat);
822 	to->sb_features_log_incompat =
823 			cpu_to_be32(from->sb_features_log_incompat);
824 	to->sb_spino_align = cpu_to_be32(from->sb_spino_align);
825 	to->sb_lsn = cpu_to_be64(from->sb_lsn);
826 	if (from->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID)
827 		uuid_copy(&to->sb_meta_uuid, &from->sb_meta_uuid);
828 }
829 
830 /*
831  * If the superblock has the CRC feature bit set or the CRC field is non-null,
832  * check that the CRC is valid.  We check the CRC field is non-null because a
833  * single bit error could clear the feature bit and unused parts of the
834  * superblock are supposed to be zero. Hence a non-null crc field indicates that
835  * we've potentially lost a feature bit and we should check it anyway.
836  *
837  * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
838  * last field in V4 secondary superblocks.  So for secondary superblocks,
839  * we are more forgiving, and ignore CRC failures if the primary doesn't
840  * indicate that the fs version is V5.
841  */
842 static void
xfs_sb_read_verify(struct xfs_buf * bp)843 xfs_sb_read_verify(
844 	struct xfs_buf		*bp)
845 {
846 	struct xfs_sb		sb;
847 	struct xfs_mount	*mp = bp->b_mount;
848 	struct xfs_dsb		*dsb = bp->b_addr;
849 	int			error;
850 
851 	/*
852 	 * open code the version check to avoid needing to convert the entire
853 	 * superblock from disk order just to check the version number
854 	 */
855 	if (dsb->sb_magicnum == cpu_to_be32(XFS_SB_MAGIC) &&
856 	    (((be16_to_cpu(dsb->sb_versionnum) & XFS_SB_VERSION_NUMBITS) ==
857 						XFS_SB_VERSION_5) ||
858 	     dsb->sb_crc != 0)) {
859 
860 		if (!xfs_buf_verify_cksum(bp, XFS_SB_CRC_OFF)) {
861 			/* Only fail bad secondaries on a known V5 filesystem */
862 			if (xfs_buf_daddr(bp) == XFS_SB_DADDR ||
863 			    xfs_has_crc(mp)) {
864 				error = -EFSBADCRC;
865 				goto out_error;
866 			}
867 		}
868 	}
869 
870 	/*
871 	 * Check all the superblock fields.  Don't byteswap the xquota flags
872 	 * because _verify_common checks the on-disk values.
873 	 */
874 	__xfs_sb_from_disk(&sb, dsb, false);
875 	error = xfs_validate_sb_common(mp, bp, &sb);
876 	if (error)
877 		goto out_error;
878 	error = xfs_validate_sb_read(mp, &sb);
879 
880 out_error:
881 	if (error == -EFSCORRUPTED || error == -EFSBADCRC)
882 		xfs_verifier_error(bp, error, __this_address);
883 	else if (error)
884 		xfs_buf_ioerror(bp, error);
885 }
886 
887 /*
888  * We may be probed for a filesystem match, so we may not want to emit
889  * messages when the superblock buffer is not actually an XFS superblock.
890  * If we find an XFS superblock, then run a normal, noisy mount because we are
891  * really going to mount it and want to know about errors.
892  */
893 static void
xfs_sb_quiet_read_verify(struct xfs_buf * bp)894 xfs_sb_quiet_read_verify(
895 	struct xfs_buf	*bp)
896 {
897 	struct xfs_dsb	*dsb = bp->b_addr;
898 
899 	if (dsb->sb_magicnum == cpu_to_be32(XFS_SB_MAGIC)) {
900 		/* XFS filesystem, verify noisily! */
901 		xfs_sb_read_verify(bp);
902 		return;
903 	}
904 	/* quietly fail */
905 	xfs_buf_ioerror(bp, -EWRONGFS);
906 }
907 
908 static void
xfs_sb_write_verify(struct xfs_buf * bp)909 xfs_sb_write_verify(
910 	struct xfs_buf		*bp)
911 {
912 	struct xfs_sb		sb;
913 	struct xfs_mount	*mp = bp->b_mount;
914 	struct xfs_buf_log_item	*bip = bp->b_log_item;
915 	struct xfs_dsb		*dsb = bp->b_addr;
916 	int			error;
917 
918 	/*
919 	 * Check all the superblock fields.  Don't byteswap the xquota flags
920 	 * because _verify_common checks the on-disk values.
921 	 */
922 	__xfs_sb_from_disk(&sb, dsb, false);
923 	error = xfs_validate_sb_common(mp, bp, &sb);
924 	if (error)
925 		goto out_error;
926 	error = xfs_validate_sb_write(mp, bp, &sb);
927 	if (error)
928 		goto out_error;
929 
930 	if (!xfs_sb_is_v5(&sb))
931 		return;
932 
933 	if (bip)
934 		dsb->sb_lsn = cpu_to_be64(bip->bli_item.li_lsn);
935 
936 	xfs_buf_update_cksum(bp, XFS_SB_CRC_OFF);
937 	return;
938 
939 out_error:
940 	xfs_verifier_error(bp, error, __this_address);
941 }
942 
943 const struct xfs_buf_ops xfs_sb_buf_ops = {
944 	.name = "xfs_sb",
945 	.magic = { cpu_to_be32(XFS_SB_MAGIC), cpu_to_be32(XFS_SB_MAGIC) },
946 	.verify_read = xfs_sb_read_verify,
947 	.verify_write = xfs_sb_write_verify,
948 };
949 
950 const struct xfs_buf_ops xfs_sb_quiet_buf_ops = {
951 	.name = "xfs_sb_quiet",
952 	.magic = { cpu_to_be32(XFS_SB_MAGIC), cpu_to_be32(XFS_SB_MAGIC) },
953 	.verify_read = xfs_sb_quiet_read_verify,
954 	.verify_write = xfs_sb_write_verify,
955 };
956 
957 /*
958  * xfs_mount_common
959  *
960  * Mount initialization code establishing various mount
961  * fields from the superblock associated with the given
962  * mount structure.
963  *
964  * Inode geometry are calculated in xfs_ialloc_setup_geometry.
965  */
966 void
xfs_sb_mount_common(struct xfs_mount * mp,struct xfs_sb * sbp)967 xfs_sb_mount_common(
968 	struct xfs_mount	*mp,
969 	struct xfs_sb		*sbp)
970 {
971 	mp->m_agfrotor = 0;
972 	atomic_set(&mp->m_agirotor, 0);
973 	mp->m_maxagi = mp->m_sb.sb_agcount;
974 	mp->m_blkbit_log = sbp->sb_blocklog + XFS_NBBYLOG;
975 	mp->m_blkbb_log = sbp->sb_blocklog - BBSHIFT;
976 	mp->m_sectbb_log = sbp->sb_sectlog - BBSHIFT;
977 	mp->m_agno_log = xfs_highbit32(sbp->sb_agcount - 1) + 1;
978 	mp->m_blockmask = sbp->sb_blocksize - 1;
979 	mp->m_blockwsize = sbp->sb_blocksize >> XFS_WORDLOG;
980 	mp->m_blockwmask = mp->m_blockwsize - 1;
981 
982 	mp->m_alloc_mxr[0] = xfs_allocbt_maxrecs(mp, sbp->sb_blocksize, 1);
983 	mp->m_alloc_mxr[1] = xfs_allocbt_maxrecs(mp, sbp->sb_blocksize, 0);
984 	mp->m_alloc_mnr[0] = mp->m_alloc_mxr[0] / 2;
985 	mp->m_alloc_mnr[1] = mp->m_alloc_mxr[1] / 2;
986 
987 	mp->m_bmap_dmxr[0] = xfs_bmbt_maxrecs(mp, sbp->sb_blocksize, 1);
988 	mp->m_bmap_dmxr[1] = xfs_bmbt_maxrecs(mp, sbp->sb_blocksize, 0);
989 	mp->m_bmap_dmnr[0] = mp->m_bmap_dmxr[0] / 2;
990 	mp->m_bmap_dmnr[1] = mp->m_bmap_dmxr[1] / 2;
991 
992 	mp->m_rmap_mxr[0] = xfs_rmapbt_maxrecs(sbp->sb_blocksize, 1);
993 	mp->m_rmap_mxr[1] = xfs_rmapbt_maxrecs(sbp->sb_blocksize, 0);
994 	mp->m_rmap_mnr[0] = mp->m_rmap_mxr[0] / 2;
995 	mp->m_rmap_mnr[1] = mp->m_rmap_mxr[1] / 2;
996 
997 	mp->m_refc_mxr[0] = xfs_refcountbt_maxrecs(sbp->sb_blocksize, true);
998 	mp->m_refc_mxr[1] = xfs_refcountbt_maxrecs(sbp->sb_blocksize, false);
999 	mp->m_refc_mnr[0] = mp->m_refc_mxr[0] / 2;
1000 	mp->m_refc_mnr[1] = mp->m_refc_mxr[1] / 2;
1001 
1002 	mp->m_bsize = XFS_FSB_TO_BB(mp, 1);
1003 	mp->m_alloc_set_aside = xfs_alloc_set_aside(mp);
1004 	mp->m_ag_max_usable = xfs_alloc_ag_max_usable(mp);
1005 }
1006 
1007 /*
1008  * xfs_log_sb() can be used to copy arbitrary changes to the in-core superblock
1009  * into the superblock buffer to be logged.  It does not provide the higher
1010  * level of locking that is needed to protect the in-core superblock from
1011  * concurrent access.
1012  */
1013 void
xfs_log_sb(struct xfs_trans * tp)1014 xfs_log_sb(
1015 	struct xfs_trans	*tp)
1016 {
1017 	struct xfs_mount	*mp = tp->t_mountp;
1018 	struct xfs_buf		*bp = xfs_trans_getsb(tp);
1019 
1020 	/*
1021 	 * Lazy sb counters don't update the in-core superblock so do that now.
1022 	 * If this is at unmount, the counters will be exactly correct, but at
1023 	 * any other time they will only be ballpark correct because of
1024 	 * reservations that have been taken out percpu counters. If we have an
1025 	 * unclean shutdown, this will be corrected by log recovery rebuilding
1026 	 * the counters from the AGF block counts.
1027 	 *
1028 	 * Do not update sb_frextents here because it is not part of the lazy
1029 	 * sb counters, despite having a percpu counter. It is always kept
1030 	 * consistent with the ondisk rtbitmap by xfs_trans_apply_sb_deltas()
1031 	 * and hence we don't need have to update it here.
1032 	 */
1033 	if (xfs_has_lazysbcount(mp)) {
1034 		mp->m_sb.sb_icount = percpu_counter_sum_positive(&mp->m_icount);
1035 		mp->m_sb.sb_ifree = min_t(uint64_t,
1036 				percpu_counter_sum_positive(&mp->m_ifree),
1037 				mp->m_sb.sb_icount);
1038 		mp->m_sb.sb_fdblocks =
1039 				percpu_counter_sum_positive(&mp->m_fdblocks);
1040 	}
1041 
1042 	xfs_sb_to_disk(bp->b_addr, &mp->m_sb);
1043 	xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
1044 	xfs_trans_log_buf(tp, bp, 0, sizeof(struct xfs_dsb) - 1);
1045 }
1046 
1047 /*
1048  * xfs_sync_sb
1049  *
1050  * Sync the superblock to disk.
1051  *
1052  * Note that the caller is responsible for checking the frozen state of the
1053  * filesystem. This procedure uses the non-blocking transaction allocator and
1054  * thus will allow modifications to a frozen fs. This is required because this
1055  * code can be called during the process of freezing where use of the high-level
1056  * allocator would deadlock.
1057  */
1058 int
xfs_sync_sb(struct xfs_mount * mp,bool wait)1059 xfs_sync_sb(
1060 	struct xfs_mount	*mp,
1061 	bool			wait)
1062 {
1063 	struct xfs_trans	*tp;
1064 	int			error;
1065 
1066 	error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0,
1067 			XFS_TRANS_NO_WRITECOUNT, &tp);
1068 	if (error)
1069 		return error;
1070 
1071 	xfs_log_sb(tp);
1072 	if (wait)
1073 		xfs_trans_set_sync(tp);
1074 	return xfs_trans_commit(tp);
1075 }
1076 
1077 /*
1078  * Update all the secondary superblocks to match the new state of the primary.
1079  * Because we are completely overwriting all the existing fields in the
1080  * secondary superblock buffers, there is no need to read them in from disk.
1081  * Just get a new buffer, stamp it and write it.
1082  *
1083  * The sb buffers need to be cached here so that we serialise against other
1084  * operations that access the secondary superblocks, but we don't want to keep
1085  * them in memory once it is written so we mark it as a one-shot buffer.
1086  */
1087 int
xfs_update_secondary_sbs(struct xfs_mount * mp)1088 xfs_update_secondary_sbs(
1089 	struct xfs_mount	*mp)
1090 {
1091 	struct xfs_perag	*pag;
1092 	xfs_agnumber_t		agno = 1;
1093 	int			saved_error = 0;
1094 	int			error = 0;
1095 	LIST_HEAD		(buffer_list);
1096 
1097 	/* update secondary superblocks. */
1098 	for_each_perag_from(mp, agno, pag) {
1099 		struct xfs_buf		*bp;
1100 
1101 		error = xfs_buf_get(mp->m_ddev_targp,
1102 				 XFS_AG_DADDR(mp, pag->pag_agno, XFS_SB_DADDR),
1103 				 XFS_FSS_TO_BB(mp, 1), &bp);
1104 		/*
1105 		 * If we get an error reading or writing alternate superblocks,
1106 		 * continue.  xfs_repair chooses the "best" superblock based
1107 		 * on most matches; if we break early, we'll leave more
1108 		 * superblocks un-updated than updated, and xfs_repair may
1109 		 * pick them over the properly-updated primary.
1110 		 */
1111 		if (error) {
1112 			xfs_warn(mp,
1113 		"error allocating secondary superblock for ag %d",
1114 				pag->pag_agno);
1115 			if (!saved_error)
1116 				saved_error = error;
1117 			continue;
1118 		}
1119 
1120 		bp->b_ops = &xfs_sb_buf_ops;
1121 		xfs_buf_oneshot(bp);
1122 		xfs_buf_zero(bp, 0, BBTOB(bp->b_length));
1123 		xfs_sb_to_disk(bp->b_addr, &mp->m_sb);
1124 		xfs_buf_delwri_queue(bp, &buffer_list);
1125 		xfs_buf_relse(bp);
1126 
1127 		/* don't hold too many buffers at once */
1128 		if (agno % 16)
1129 			continue;
1130 
1131 		error = xfs_buf_delwri_submit(&buffer_list);
1132 		if (error) {
1133 			xfs_warn(mp,
1134 		"write error %d updating a secondary superblock near ag %d",
1135 				error, pag->pag_agno);
1136 			if (!saved_error)
1137 				saved_error = error;
1138 			continue;
1139 		}
1140 	}
1141 	error = xfs_buf_delwri_submit(&buffer_list);
1142 	if (error) {
1143 		xfs_warn(mp,
1144 		"write error %d updating a secondary superblock near ag %d",
1145 			error, agno);
1146 	}
1147 
1148 	return saved_error ? saved_error : error;
1149 }
1150 
1151 /*
1152  * Same behavior as xfs_sync_sb, except that it is always synchronous and it
1153  * also writes the superblock buffer to disk sector 0 immediately.
1154  */
1155 int
xfs_sync_sb_buf(struct xfs_mount * mp)1156 xfs_sync_sb_buf(
1157 	struct xfs_mount	*mp)
1158 {
1159 	struct xfs_trans	*tp;
1160 	struct xfs_buf		*bp;
1161 	int			error;
1162 
1163 	error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0, 0, &tp);
1164 	if (error)
1165 		return error;
1166 
1167 	bp = xfs_trans_getsb(tp);
1168 	xfs_log_sb(tp);
1169 	xfs_trans_bhold(tp, bp);
1170 	xfs_trans_set_sync(tp);
1171 	error = xfs_trans_commit(tp);
1172 	if (error)
1173 		goto out;
1174 	/*
1175 	 * write out the sb buffer to get the changes to disk
1176 	 */
1177 	error = xfs_bwrite(bp);
1178 out:
1179 	xfs_buf_relse(bp);
1180 	return error;
1181 }
1182 
1183 void
xfs_fs_geometry(struct xfs_mount * mp,struct xfs_fsop_geom * geo,int struct_version)1184 xfs_fs_geometry(
1185 	struct xfs_mount	*mp,
1186 	struct xfs_fsop_geom	*geo,
1187 	int			struct_version)
1188 {
1189 	struct xfs_sb		*sbp = &mp->m_sb;
1190 
1191 	memset(geo, 0, sizeof(struct xfs_fsop_geom));
1192 
1193 	geo->blocksize = sbp->sb_blocksize;
1194 	geo->rtextsize = sbp->sb_rextsize;
1195 	geo->agblocks = sbp->sb_agblocks;
1196 	geo->agcount = sbp->sb_agcount;
1197 	geo->logblocks = sbp->sb_logblocks;
1198 	geo->sectsize = sbp->sb_sectsize;
1199 	geo->inodesize = sbp->sb_inodesize;
1200 	geo->imaxpct = sbp->sb_imax_pct;
1201 	geo->datablocks = sbp->sb_dblocks;
1202 	geo->rtblocks = sbp->sb_rblocks;
1203 	geo->rtextents = sbp->sb_rextents;
1204 	geo->logstart = sbp->sb_logstart;
1205 	BUILD_BUG_ON(sizeof(geo->uuid) != sizeof(sbp->sb_uuid));
1206 	memcpy(geo->uuid, &sbp->sb_uuid, sizeof(sbp->sb_uuid));
1207 
1208 	if (struct_version < 2)
1209 		return;
1210 
1211 	geo->sunit = sbp->sb_unit;
1212 	geo->swidth = sbp->sb_width;
1213 
1214 	if (struct_version < 3)
1215 		return;
1216 
1217 	geo->version = XFS_FSOP_GEOM_VERSION;
1218 	geo->flags = XFS_FSOP_GEOM_FLAGS_NLINK |
1219 		     XFS_FSOP_GEOM_FLAGS_DIRV2 |
1220 		     XFS_FSOP_GEOM_FLAGS_EXTFLG;
1221 	if (xfs_has_attr(mp))
1222 		geo->flags |= XFS_FSOP_GEOM_FLAGS_ATTR;
1223 	if (xfs_has_quota(mp))
1224 		geo->flags |= XFS_FSOP_GEOM_FLAGS_QUOTA;
1225 	if (xfs_has_align(mp))
1226 		geo->flags |= XFS_FSOP_GEOM_FLAGS_IALIGN;
1227 	if (xfs_has_dalign(mp))
1228 		geo->flags |= XFS_FSOP_GEOM_FLAGS_DALIGN;
1229 	if (xfs_has_asciici(mp))
1230 		geo->flags |= XFS_FSOP_GEOM_FLAGS_DIRV2CI;
1231 	if (xfs_has_lazysbcount(mp))
1232 		geo->flags |= XFS_FSOP_GEOM_FLAGS_LAZYSB;
1233 	if (xfs_has_attr2(mp))
1234 		geo->flags |= XFS_FSOP_GEOM_FLAGS_ATTR2;
1235 	if (xfs_has_projid32(mp))
1236 		geo->flags |= XFS_FSOP_GEOM_FLAGS_PROJID32;
1237 	if (xfs_has_crc(mp))
1238 		geo->flags |= XFS_FSOP_GEOM_FLAGS_V5SB;
1239 	if (xfs_has_ftype(mp))
1240 		geo->flags |= XFS_FSOP_GEOM_FLAGS_FTYPE;
1241 	if (xfs_has_finobt(mp))
1242 		geo->flags |= XFS_FSOP_GEOM_FLAGS_FINOBT;
1243 	if (xfs_has_sparseinodes(mp))
1244 		geo->flags |= XFS_FSOP_GEOM_FLAGS_SPINODES;
1245 	if (xfs_has_rmapbt(mp))
1246 		geo->flags |= XFS_FSOP_GEOM_FLAGS_RMAPBT;
1247 	if (xfs_has_reflink(mp))
1248 		geo->flags |= XFS_FSOP_GEOM_FLAGS_REFLINK;
1249 	if (xfs_has_bigtime(mp))
1250 		geo->flags |= XFS_FSOP_GEOM_FLAGS_BIGTIME;
1251 	if (xfs_has_inobtcounts(mp))
1252 		geo->flags |= XFS_FSOP_GEOM_FLAGS_INOBTCNT;
1253 	if (xfs_has_sector(mp)) {
1254 		geo->flags |= XFS_FSOP_GEOM_FLAGS_SECTOR;
1255 		geo->logsectsize = sbp->sb_logsectsize;
1256 	} else {
1257 		geo->logsectsize = BBSIZE;
1258 	}
1259 	if (xfs_has_large_extent_counts(mp))
1260 		geo->flags |= XFS_FSOP_GEOM_FLAGS_NREXT64;
1261 	geo->rtsectsize = sbp->sb_blocksize;
1262 	geo->dirblocksize = xfs_dir2_dirblock_bytes(sbp);
1263 
1264 	if (struct_version < 4)
1265 		return;
1266 
1267 	if (xfs_has_logv2(mp))
1268 		geo->flags |= XFS_FSOP_GEOM_FLAGS_LOGV2;
1269 
1270 	geo->logsunit = sbp->sb_logsunit;
1271 
1272 	if (struct_version < 5)
1273 		return;
1274 
1275 	geo->version = XFS_FSOP_GEOM_VERSION_V5;
1276 }
1277 
1278 /* Read a secondary superblock. */
1279 int
xfs_sb_read_secondary(struct xfs_mount * mp,struct xfs_trans * tp,xfs_agnumber_t agno,struct xfs_buf ** bpp)1280 xfs_sb_read_secondary(
1281 	struct xfs_mount	*mp,
1282 	struct xfs_trans	*tp,
1283 	xfs_agnumber_t		agno,
1284 	struct xfs_buf		**bpp)
1285 {
1286 	struct xfs_buf		*bp;
1287 	int			error;
1288 
1289 	ASSERT(agno != 0 && agno != NULLAGNUMBER);
1290 	error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp,
1291 			XFS_AG_DADDR(mp, agno, XFS_SB_BLOCK(mp)),
1292 			XFS_FSS_TO_BB(mp, 1), 0, &bp, &xfs_sb_buf_ops);
1293 	if (error)
1294 		return error;
1295 	xfs_buf_set_ref(bp, XFS_SSB_REF);
1296 	*bpp = bp;
1297 	return 0;
1298 }
1299 
1300 /* Get an uninitialised secondary superblock buffer. */
1301 int
xfs_sb_get_secondary(struct xfs_mount * mp,struct xfs_trans * tp,xfs_agnumber_t agno,struct xfs_buf ** bpp)1302 xfs_sb_get_secondary(
1303 	struct xfs_mount	*mp,
1304 	struct xfs_trans	*tp,
1305 	xfs_agnumber_t		agno,
1306 	struct xfs_buf		**bpp)
1307 {
1308 	struct xfs_buf		*bp;
1309 	int			error;
1310 
1311 	ASSERT(agno != 0 && agno != NULLAGNUMBER);
1312 	error = xfs_trans_get_buf(tp, mp->m_ddev_targp,
1313 			XFS_AG_DADDR(mp, agno, XFS_SB_BLOCK(mp)),
1314 			XFS_FSS_TO_BB(mp, 1), 0, &bp);
1315 	if (error)
1316 		return error;
1317 	bp->b_ops = &xfs_sb_buf_ops;
1318 	xfs_buf_oneshot(bp);
1319 	*bpp = bp;
1320 	return 0;
1321 }
1322 
1323 /*
1324  * sunit, swidth, sectorsize(optional with 0) should be all in bytes, so users
1325  * won't be confused by values in error messages.  This function returns false
1326  * if the stripe geometry is invalid and the caller is unable to repair the
1327  * stripe configuration later in the mount process.
1328  */
1329 bool
xfs_validate_stripe_geometry(struct xfs_mount * mp,__s64 sunit,__s64 swidth,int sectorsize,bool may_repair,bool silent)1330 xfs_validate_stripe_geometry(
1331 	struct xfs_mount	*mp,
1332 	__s64			sunit,
1333 	__s64			swidth,
1334 	int			sectorsize,
1335 	bool			may_repair,
1336 	bool			silent)
1337 {
1338 	if (swidth > INT_MAX) {
1339 		if (!silent)
1340 			xfs_notice(mp,
1341 "stripe width (%lld) is too large", swidth);
1342 		goto check_override;
1343 	}
1344 
1345 	if (sunit > swidth) {
1346 		if (!silent)
1347 			xfs_notice(mp,
1348 "stripe unit (%lld) is larger than the stripe width (%lld)", sunit, swidth);
1349 		goto check_override;
1350 	}
1351 
1352 	if (sectorsize && (int)sunit % sectorsize) {
1353 		if (!silent)
1354 			xfs_notice(mp,
1355 "stripe unit (%lld) must be a multiple of the sector size (%d)",
1356 				   sunit, sectorsize);
1357 		goto check_override;
1358 	}
1359 
1360 	if (sunit && !swidth) {
1361 		if (!silent)
1362 			xfs_notice(mp,
1363 "invalid stripe unit (%lld) and stripe width of 0", sunit);
1364 		goto check_override;
1365 	}
1366 
1367 	if (!sunit && swidth) {
1368 		if (!silent)
1369 			xfs_notice(mp,
1370 "invalid stripe width (%lld) and stripe unit of 0", swidth);
1371 		goto check_override;
1372 	}
1373 
1374 	if (sunit && (int)swidth % (int)sunit) {
1375 		if (!silent)
1376 			xfs_notice(mp,
1377 "stripe width (%lld) must be a multiple of the stripe unit (%lld)",
1378 				   swidth, sunit);
1379 		goto check_override;
1380 	}
1381 	return true;
1382 
1383 check_override:
1384 	if (!may_repair)
1385 		return false;
1386 	/*
1387 	 * During mount, mp->m_dalign will not be set unless the sunit mount
1388 	 * option was set. If it was set, ignore the bad stripe alignment values
1389 	 * and allow the validation and overwrite later in the mount process to
1390 	 * attempt to overwrite the bad stripe alignment values with the values
1391 	 * supplied by mount options.
1392 	 */
1393 	if (!mp->m_dalign)
1394 		return false;
1395 	if (!silent)
1396 		xfs_notice(mp,
1397 "Will try to correct with specified mount options sunit (%d) and swidth (%d)",
1398 			BBTOB(mp->m_dalign), BBTOB(mp->m_swidth));
1399 	return true;
1400 }
1401 
1402 /*
1403  * Compute the maximum level number of the realtime summary file, as defined by
1404  * mkfs.  The historic use of highbit32 on a 64-bit quantity prohibited correct
1405  * use of rt volumes with more than 2^32 extents.
1406  */
1407 uint8_t
xfs_compute_rextslog(xfs_rtbxlen_t rtextents)1408 xfs_compute_rextslog(
1409 	xfs_rtbxlen_t		rtextents)
1410 {
1411 	if (!rtextents)
1412 		return 0;
1413 	return xfs_highbit64(rtextents);
1414 }
1415