130f712c9SDave Chinner /* 230f712c9SDave Chinner * Copyright (c) 2000-2006 Silicon Graphics, Inc. 330f712c9SDave Chinner * Copyright (c) 2013 Red Hat, Inc. 430f712c9SDave Chinner * All Rights Reserved. 530f712c9SDave Chinner * 630f712c9SDave Chinner * This program is free software; you can redistribute it and/or 730f712c9SDave Chinner * modify it under the terms of the GNU General Public License as 830f712c9SDave Chinner * published by the Free Software Foundation. 930f712c9SDave Chinner * 1030f712c9SDave Chinner * This program is distributed in the hope that it would be useful, 1130f712c9SDave Chinner * but WITHOUT ANY WARRANTY; without even the implied warranty of 1230f712c9SDave Chinner * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1330f712c9SDave Chinner * GNU General Public License for more details. 1430f712c9SDave Chinner * 1530f712c9SDave Chinner * You should have received a copy of the GNU General Public License 1630f712c9SDave Chinner * along with this program; if not, write the Free Software Foundation, 1730f712c9SDave Chinner * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 1830f712c9SDave Chinner */ 1930f712c9SDave Chinner #include "xfs.h" 2030f712c9SDave Chinner #include "xfs_fs.h" 2130f712c9SDave Chinner #include "xfs_shared.h" 2230f712c9SDave Chinner #include "xfs_format.h" 2330f712c9SDave Chinner #include "xfs_log_format.h" 2430f712c9SDave Chinner #include "xfs_trans_resv.h" 2530f712c9SDave Chinner #include "xfs_mount.h" 2630f712c9SDave Chinner #include "xfs_inode.h" 2730f712c9SDave Chinner #include "xfs_quota.h" 2830f712c9SDave Chinner #include "xfs_trans.h" 2930f712c9SDave Chinner #include "xfs_qm.h" 3030f712c9SDave Chinner #include "xfs_error.h" 3130f712c9SDave Chinner #include "xfs_cksum.h" 3230f712c9SDave Chinner #include "xfs_trace.h" 3330f712c9SDave Chinner 3430f712c9SDave Chinner int 3530f712c9SDave Chinner xfs_calc_dquots_per_chunk( 3630f712c9SDave Chinner unsigned int nbblks) /* basic block units */ 3730f712c9SDave Chinner { 3830f712c9SDave Chinner ASSERT(nbblks > 0); 39d956f813SEric Sandeen return BBTOB(nbblks) / sizeof(xfs_dqblk_t); 4030f712c9SDave Chinner } 4130f712c9SDave Chinner 4230f712c9SDave Chinner /* 4330f712c9SDave Chinner * Do some primitive error checking on ondisk dquot data structures. 4430f712c9SDave Chinner */ 4530f712c9SDave Chinner int 4630f712c9SDave Chinner xfs_dqcheck( 4730f712c9SDave Chinner struct xfs_mount *mp, 4830f712c9SDave Chinner xfs_disk_dquot_t *ddq, 4930f712c9SDave Chinner xfs_dqid_t id, 5030f712c9SDave Chinner uint type, /* used only when IO_dorepair is true */ 5130f712c9SDave Chinner uint flags, 527d6a13f0SDave Chinner const char *str) 5330f712c9SDave Chinner { 5430f712c9SDave Chinner xfs_dqblk_t *d = (xfs_dqblk_t *)ddq; 5530f712c9SDave Chinner int errs = 0; 5630f712c9SDave Chinner 5730f712c9SDave Chinner /* 5830f712c9SDave Chinner * We can encounter an uninitialized dquot buffer for 2 reasons: 5930f712c9SDave Chinner * 1. If we crash while deleting the quotainode(s), and those blks got 6030f712c9SDave Chinner * used for user data. This is because we take the path of regular 6130f712c9SDave Chinner * file deletion; however, the size field of quotainodes is never 6230f712c9SDave Chinner * updated, so all the tricks that we play in itruncate_finish 6330f712c9SDave Chinner * don't quite matter. 6430f712c9SDave Chinner * 6530f712c9SDave Chinner * 2. We don't play the quota buffers when there's a quotaoff logitem. 6630f712c9SDave Chinner * But the allocation will be replayed so we'll end up with an 6730f712c9SDave Chinner * uninitialized quota block. 6830f712c9SDave Chinner * 6930f712c9SDave Chinner * This is all fine; things are still consistent, and we haven't lost 7030f712c9SDave Chinner * any quota information. Just don't complain about bad dquot blks. 7130f712c9SDave Chinner */ 7230f712c9SDave Chinner if (ddq->d_magic != cpu_to_be16(XFS_DQUOT_MAGIC)) { 7330f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 7430f712c9SDave Chinner xfs_alert(mp, 7530f712c9SDave Chinner "%s : XFS dquot ID 0x%x, magic 0x%x != 0x%x", 7630f712c9SDave Chinner str, id, be16_to_cpu(ddq->d_magic), XFS_DQUOT_MAGIC); 7730f712c9SDave Chinner errs++; 7830f712c9SDave Chinner } 7930f712c9SDave Chinner if (ddq->d_version != XFS_DQUOT_VERSION) { 8030f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 8130f712c9SDave Chinner xfs_alert(mp, 8230f712c9SDave Chinner "%s : XFS dquot ID 0x%x, version 0x%x != 0x%x", 8330f712c9SDave Chinner str, id, ddq->d_version, XFS_DQUOT_VERSION); 8430f712c9SDave Chinner errs++; 8530f712c9SDave Chinner } 8630f712c9SDave Chinner 8730f712c9SDave Chinner if (ddq->d_flags != XFS_DQ_USER && 8830f712c9SDave Chinner ddq->d_flags != XFS_DQ_PROJ && 8930f712c9SDave Chinner ddq->d_flags != XFS_DQ_GROUP) { 9030f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 9130f712c9SDave Chinner xfs_alert(mp, 9230f712c9SDave Chinner "%s : XFS dquot ID 0x%x, unknown flags 0x%x", 9330f712c9SDave Chinner str, id, ddq->d_flags); 9430f712c9SDave Chinner errs++; 9530f712c9SDave Chinner } 9630f712c9SDave Chinner 9730f712c9SDave Chinner if (id != -1 && id != be32_to_cpu(ddq->d_id)) { 9830f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 9930f712c9SDave Chinner xfs_alert(mp, 10030f712c9SDave Chinner "%s : ondisk-dquot 0x%p, ID mismatch: " 10130f712c9SDave Chinner "0x%x expected, found id 0x%x", 10230f712c9SDave Chinner str, ddq, id, be32_to_cpu(ddq->d_id)); 10330f712c9SDave Chinner errs++; 10430f712c9SDave Chinner } 10530f712c9SDave Chinner 10630f712c9SDave Chinner if (!errs && ddq->d_id) { 10730f712c9SDave Chinner if (ddq->d_blk_softlimit && 10830f712c9SDave Chinner be64_to_cpu(ddq->d_bcount) > 10930f712c9SDave Chinner be64_to_cpu(ddq->d_blk_softlimit)) { 11030f712c9SDave Chinner if (!ddq->d_btimer) { 11130f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 11230f712c9SDave Chinner xfs_alert(mp, 11330f712c9SDave Chinner "%s : Dquot ID 0x%x (0x%p) BLK TIMER NOT STARTED", 11430f712c9SDave Chinner str, (int)be32_to_cpu(ddq->d_id), ddq); 11530f712c9SDave Chinner errs++; 11630f712c9SDave Chinner } 11730f712c9SDave Chinner } 11830f712c9SDave Chinner if (ddq->d_ino_softlimit && 11930f712c9SDave Chinner be64_to_cpu(ddq->d_icount) > 12030f712c9SDave Chinner be64_to_cpu(ddq->d_ino_softlimit)) { 12130f712c9SDave Chinner if (!ddq->d_itimer) { 12230f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 12330f712c9SDave Chinner xfs_alert(mp, 12430f712c9SDave Chinner "%s : Dquot ID 0x%x (0x%p) INODE TIMER NOT STARTED", 12530f712c9SDave Chinner str, (int)be32_to_cpu(ddq->d_id), ddq); 12630f712c9SDave Chinner errs++; 12730f712c9SDave Chinner } 12830f712c9SDave Chinner } 12930f712c9SDave Chinner if (ddq->d_rtb_softlimit && 13030f712c9SDave Chinner be64_to_cpu(ddq->d_rtbcount) > 13130f712c9SDave Chinner be64_to_cpu(ddq->d_rtb_softlimit)) { 13230f712c9SDave Chinner if (!ddq->d_rtbtimer) { 13330f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 13430f712c9SDave Chinner xfs_alert(mp, 13530f712c9SDave Chinner "%s : Dquot ID 0x%x (0x%p) RTBLK TIMER NOT STARTED", 13630f712c9SDave Chinner str, (int)be32_to_cpu(ddq->d_id), ddq); 13730f712c9SDave Chinner errs++; 13830f712c9SDave Chinner } 13930f712c9SDave Chinner } 14030f712c9SDave Chinner } 14130f712c9SDave Chinner 14230f712c9SDave Chinner if (!errs || !(flags & XFS_QMOPT_DQREPAIR)) 14330f712c9SDave Chinner return errs; 14430f712c9SDave Chinner 14530f712c9SDave Chinner if (flags & XFS_QMOPT_DOWARN) 14630f712c9SDave Chinner xfs_notice(mp, "Re-initializing dquot ID 0x%x", id); 14730f712c9SDave Chinner 14830f712c9SDave Chinner /* 14930f712c9SDave Chinner * Typically, a repair is only requested by quotacheck. 15030f712c9SDave Chinner */ 15130f712c9SDave Chinner ASSERT(id != -1); 15230f712c9SDave Chinner ASSERT(flags & XFS_QMOPT_DQREPAIR); 15330f712c9SDave Chinner memset(d, 0, sizeof(xfs_dqblk_t)); 15430f712c9SDave Chinner 15530f712c9SDave Chinner d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 15630f712c9SDave Chinner d->dd_diskdq.d_version = XFS_DQUOT_VERSION; 15730f712c9SDave Chinner d->dd_diskdq.d_flags = type; 15830f712c9SDave Chinner d->dd_diskdq.d_id = cpu_to_be32(id); 15930f712c9SDave Chinner 16030f712c9SDave Chinner if (xfs_sb_version_hascrc(&mp->m_sb)) { 161ce748eaaSEric Sandeen uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid); 16230f712c9SDave Chinner xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk), 16330f712c9SDave Chinner XFS_DQUOT_CRC_OFF); 16430f712c9SDave Chinner } 16530f712c9SDave Chinner 16630f712c9SDave Chinner return errs; 16730f712c9SDave Chinner } 16830f712c9SDave Chinner 16930f712c9SDave Chinner STATIC bool 17030f712c9SDave Chinner xfs_dquot_buf_verify_crc( 17130f712c9SDave Chinner struct xfs_mount *mp, 17230f712c9SDave Chinner struct xfs_buf *bp) 17330f712c9SDave Chinner { 17430f712c9SDave Chinner struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr; 17530f712c9SDave Chinner int ndquots; 17630f712c9SDave Chinner int i; 17730f712c9SDave Chinner 17830f712c9SDave Chinner if (!xfs_sb_version_hascrc(&mp->m_sb)) 17930f712c9SDave Chinner return true; 18030f712c9SDave Chinner 18130f712c9SDave Chinner /* 18230f712c9SDave Chinner * if we are in log recovery, the quota subsystem has not been 18330f712c9SDave Chinner * initialised so we have no quotainfo structure. In that case, we need 18430f712c9SDave Chinner * to manually calculate the number of dquots in the buffer. 18530f712c9SDave Chinner */ 18630f712c9SDave Chinner if (mp->m_quotainfo) 18730f712c9SDave Chinner ndquots = mp->m_quotainfo->qi_dqperchunk; 18830f712c9SDave Chinner else 18958d78967SDarrick J. Wong ndquots = xfs_calc_dquots_per_chunk(bp->b_length); 19030f712c9SDave Chinner 19130f712c9SDave Chinner for (i = 0; i < ndquots; i++, d++) { 19230f712c9SDave Chinner if (!xfs_verify_cksum((char *)d, sizeof(struct xfs_dqblk), 19330f712c9SDave Chinner XFS_DQUOT_CRC_OFF)) 19430f712c9SDave Chinner return false; 195ce748eaaSEric Sandeen if (!uuid_equal(&d->dd_uuid, &mp->m_sb.sb_meta_uuid)) 19630f712c9SDave Chinner return false; 19730f712c9SDave Chinner } 19830f712c9SDave Chinner return true; 19930f712c9SDave Chinner } 20030f712c9SDave Chinner 20130f712c9SDave Chinner STATIC bool 20230f712c9SDave Chinner xfs_dquot_buf_verify( 20330f712c9SDave Chinner struct xfs_mount *mp, 2047d6a13f0SDave Chinner struct xfs_buf *bp, 2057d6a13f0SDave Chinner int warn) 20630f712c9SDave Chinner { 20730f712c9SDave Chinner struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr; 20830f712c9SDave Chinner xfs_dqid_t id = 0; 20930f712c9SDave Chinner int ndquots; 21030f712c9SDave Chinner int i; 21130f712c9SDave Chinner 21230f712c9SDave Chinner /* 21330f712c9SDave Chinner * if we are in log recovery, the quota subsystem has not been 21430f712c9SDave Chinner * initialised so we have no quotainfo structure. In that case, we need 21530f712c9SDave Chinner * to manually calculate the number of dquots in the buffer. 21630f712c9SDave Chinner */ 21730f712c9SDave Chinner if (mp->m_quotainfo) 21830f712c9SDave Chinner ndquots = mp->m_quotainfo->qi_dqperchunk; 21930f712c9SDave Chinner else 22030f712c9SDave Chinner ndquots = xfs_calc_dquots_per_chunk(bp->b_length); 22130f712c9SDave Chinner 22230f712c9SDave Chinner /* 22330f712c9SDave Chinner * On the first read of the buffer, verify that each dquot is valid. 22430f712c9SDave Chinner * We don't know what the id of the dquot is supposed to be, just that 22530f712c9SDave Chinner * they should be increasing monotonically within the buffer. If the 22630f712c9SDave Chinner * first id is corrupt, then it will fail on the second dquot in the 22730f712c9SDave Chinner * buffer so corruptions could point to the wrong dquot in this case. 22830f712c9SDave Chinner */ 22930f712c9SDave Chinner for (i = 0; i < ndquots; i++) { 23030f712c9SDave Chinner struct xfs_disk_dquot *ddq; 23130f712c9SDave Chinner int error; 23230f712c9SDave Chinner 23330f712c9SDave Chinner ddq = &d[i].dd_diskdq; 23430f712c9SDave Chinner 23530f712c9SDave Chinner if (i == 0) 23630f712c9SDave Chinner id = be32_to_cpu(ddq->d_id); 23730f712c9SDave Chinner 2387d6a13f0SDave Chinner error = xfs_dqcheck(mp, ddq, id + i, 0, warn, __func__); 23930f712c9SDave Chinner if (error) 24030f712c9SDave Chinner return false; 24130f712c9SDave Chinner } 24230f712c9SDave Chinner return true; 24330f712c9SDave Chinner } 24430f712c9SDave Chinner 24530f712c9SDave Chinner static void 24630f712c9SDave Chinner xfs_dquot_buf_read_verify( 24730f712c9SDave Chinner struct xfs_buf *bp) 24830f712c9SDave Chinner { 24930f712c9SDave Chinner struct xfs_mount *mp = bp->b_target->bt_mount; 25030f712c9SDave Chinner 25130f712c9SDave Chinner if (!xfs_dquot_buf_verify_crc(mp, bp)) 2522451337dSDave Chinner xfs_buf_ioerror(bp, -EFSBADCRC); 2537d6a13f0SDave Chinner else if (!xfs_dquot_buf_verify(mp, bp, XFS_QMOPT_DOWARN)) 2542451337dSDave Chinner xfs_buf_ioerror(bp, -EFSCORRUPTED); 25530f712c9SDave Chinner 25630f712c9SDave Chinner if (bp->b_error) 25730f712c9SDave Chinner xfs_verifier_error(bp); 25830f712c9SDave Chinner } 25930f712c9SDave Chinner 26030f712c9SDave Chinner /* 2617d6a13f0SDave Chinner * readahead errors are silent and simply leave the buffer as !done so a real 2627d6a13f0SDave Chinner * read will then be run with the xfs_dquot_buf_ops verifier. See 2637d6a13f0SDave Chinner * xfs_inode_buf_verify() for why we use EIO and ~XBF_DONE here rather than 2647d6a13f0SDave Chinner * reporting the failure. 2657d6a13f0SDave Chinner */ 2667d6a13f0SDave Chinner static void 2677d6a13f0SDave Chinner xfs_dquot_buf_readahead_verify( 2687d6a13f0SDave Chinner struct xfs_buf *bp) 2697d6a13f0SDave Chinner { 2707d6a13f0SDave Chinner struct xfs_mount *mp = bp->b_target->bt_mount; 2717d6a13f0SDave Chinner 2727d6a13f0SDave Chinner if (!xfs_dquot_buf_verify_crc(mp, bp) || 2737d6a13f0SDave Chinner !xfs_dquot_buf_verify(mp, bp, 0)) { 2747d6a13f0SDave Chinner xfs_buf_ioerror(bp, -EIO); 2757d6a13f0SDave Chinner bp->b_flags &= ~XBF_DONE; 2767d6a13f0SDave Chinner } 2777d6a13f0SDave Chinner } 2787d6a13f0SDave Chinner 2797d6a13f0SDave Chinner /* 28030f712c9SDave Chinner * we don't calculate the CRC here as that is done when the dquot is flushed to 28130f712c9SDave Chinner * the buffer after the update is done. This ensures that the dquot in the 28230f712c9SDave Chinner * buffer always has an up-to-date CRC value. 28330f712c9SDave Chinner */ 28430f712c9SDave Chinner static void 28530f712c9SDave Chinner xfs_dquot_buf_write_verify( 28630f712c9SDave Chinner struct xfs_buf *bp) 28730f712c9SDave Chinner { 28830f712c9SDave Chinner struct xfs_mount *mp = bp->b_target->bt_mount; 28930f712c9SDave Chinner 2907d6a13f0SDave Chinner if (!xfs_dquot_buf_verify(mp, bp, XFS_QMOPT_DOWARN)) { 2912451337dSDave Chinner xfs_buf_ioerror(bp, -EFSCORRUPTED); 29230f712c9SDave Chinner xfs_verifier_error(bp); 29330f712c9SDave Chinner return; 29430f712c9SDave Chinner } 29530f712c9SDave Chinner } 29630f712c9SDave Chinner 29730f712c9SDave Chinner const struct xfs_buf_ops xfs_dquot_buf_ops = { 298233135b7SEric Sandeen .name = "xfs_dquot", 29930f712c9SDave Chinner .verify_read = xfs_dquot_buf_read_verify, 30030f712c9SDave Chinner .verify_write = xfs_dquot_buf_write_verify, 30130f712c9SDave Chinner }; 30230f712c9SDave Chinner 3037d6a13f0SDave Chinner const struct xfs_buf_ops xfs_dquot_buf_ra_ops = { 3047d6a13f0SDave Chinner .name = "xfs_dquot_ra", 3057d6a13f0SDave Chinner .verify_read = xfs_dquot_buf_readahead_verify, 3067d6a13f0SDave Chinner .verify_write = xfs_dquot_buf_write_verify, 3077d6a13f0SDave Chinner }; 308