1 /* 2 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 3 * Copyright (c) 2013 Red Hat, Inc. 4 * All Rights Reserved. 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it would be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 */ 19 #include "xfs.h" 20 #include "xfs_fs.h" 21 #include "xfs_shared.h" 22 #include "xfs_format.h" 23 #include "xfs_log_format.h" 24 #include "xfs_trans_resv.h" 25 #include "xfs_sb.h" 26 #include "xfs_ag.h" 27 #include "xfs_mount.h" 28 #include "xfs_inode.h" 29 #include "xfs_quota.h" 30 #include "xfs_trans.h" 31 #include "xfs_qm.h" 32 #include "xfs_error.h" 33 #include "xfs_cksum.h" 34 #include "xfs_trace.h" 35 36 int 37 xfs_calc_dquots_per_chunk( 38 unsigned int nbblks) /* basic block units */ 39 { 40 unsigned int ndquots; 41 42 ASSERT(nbblks > 0); 43 ndquots = BBTOB(nbblks); 44 do_div(ndquots, sizeof(xfs_dqblk_t)); 45 46 return ndquots; 47 } 48 49 /* 50 * Do some primitive error checking on ondisk dquot data structures. 51 */ 52 int 53 xfs_dqcheck( 54 struct xfs_mount *mp, 55 xfs_disk_dquot_t *ddq, 56 xfs_dqid_t id, 57 uint type, /* used only when IO_dorepair is true */ 58 uint flags, 59 char *str) 60 { 61 xfs_dqblk_t *d = (xfs_dqblk_t *)ddq; 62 int errs = 0; 63 64 /* 65 * We can encounter an uninitialized dquot buffer for 2 reasons: 66 * 1. If we crash while deleting the quotainode(s), and those blks got 67 * used for user data. This is because we take the path of regular 68 * file deletion; however, the size field of quotainodes is never 69 * updated, so all the tricks that we play in itruncate_finish 70 * don't quite matter. 71 * 72 * 2. We don't play the quota buffers when there's a quotaoff logitem. 73 * But the allocation will be replayed so we'll end up with an 74 * uninitialized quota block. 75 * 76 * This is all fine; things are still consistent, and we haven't lost 77 * any quota information. Just don't complain about bad dquot blks. 78 */ 79 if (ddq->d_magic != cpu_to_be16(XFS_DQUOT_MAGIC)) { 80 if (flags & XFS_QMOPT_DOWARN) 81 xfs_alert(mp, 82 "%s : XFS dquot ID 0x%x, magic 0x%x != 0x%x", 83 str, id, be16_to_cpu(ddq->d_magic), XFS_DQUOT_MAGIC); 84 errs++; 85 } 86 if (ddq->d_version != XFS_DQUOT_VERSION) { 87 if (flags & XFS_QMOPT_DOWARN) 88 xfs_alert(mp, 89 "%s : XFS dquot ID 0x%x, version 0x%x != 0x%x", 90 str, id, ddq->d_version, XFS_DQUOT_VERSION); 91 errs++; 92 } 93 94 if (ddq->d_flags != XFS_DQ_USER && 95 ddq->d_flags != XFS_DQ_PROJ && 96 ddq->d_flags != XFS_DQ_GROUP) { 97 if (flags & XFS_QMOPT_DOWARN) 98 xfs_alert(mp, 99 "%s : XFS dquot ID 0x%x, unknown flags 0x%x", 100 str, id, ddq->d_flags); 101 errs++; 102 } 103 104 if (id != -1 && id != be32_to_cpu(ddq->d_id)) { 105 if (flags & XFS_QMOPT_DOWARN) 106 xfs_alert(mp, 107 "%s : ondisk-dquot 0x%p, ID mismatch: " 108 "0x%x expected, found id 0x%x", 109 str, ddq, id, be32_to_cpu(ddq->d_id)); 110 errs++; 111 } 112 113 if (!errs && ddq->d_id) { 114 if (ddq->d_blk_softlimit && 115 be64_to_cpu(ddq->d_bcount) > 116 be64_to_cpu(ddq->d_blk_softlimit)) { 117 if (!ddq->d_btimer) { 118 if (flags & XFS_QMOPT_DOWARN) 119 xfs_alert(mp, 120 "%s : Dquot ID 0x%x (0x%p) BLK TIMER NOT STARTED", 121 str, (int)be32_to_cpu(ddq->d_id), ddq); 122 errs++; 123 } 124 } 125 if (ddq->d_ino_softlimit && 126 be64_to_cpu(ddq->d_icount) > 127 be64_to_cpu(ddq->d_ino_softlimit)) { 128 if (!ddq->d_itimer) { 129 if (flags & XFS_QMOPT_DOWARN) 130 xfs_alert(mp, 131 "%s : Dquot ID 0x%x (0x%p) INODE TIMER NOT STARTED", 132 str, (int)be32_to_cpu(ddq->d_id), ddq); 133 errs++; 134 } 135 } 136 if (ddq->d_rtb_softlimit && 137 be64_to_cpu(ddq->d_rtbcount) > 138 be64_to_cpu(ddq->d_rtb_softlimit)) { 139 if (!ddq->d_rtbtimer) { 140 if (flags & XFS_QMOPT_DOWARN) 141 xfs_alert(mp, 142 "%s : Dquot ID 0x%x (0x%p) RTBLK TIMER NOT STARTED", 143 str, (int)be32_to_cpu(ddq->d_id), ddq); 144 errs++; 145 } 146 } 147 } 148 149 if (!errs || !(flags & XFS_QMOPT_DQREPAIR)) 150 return errs; 151 152 if (flags & XFS_QMOPT_DOWARN) 153 xfs_notice(mp, "Re-initializing dquot ID 0x%x", id); 154 155 /* 156 * Typically, a repair is only requested by quotacheck. 157 */ 158 ASSERT(id != -1); 159 ASSERT(flags & XFS_QMOPT_DQREPAIR); 160 memset(d, 0, sizeof(xfs_dqblk_t)); 161 162 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 163 d->dd_diskdq.d_version = XFS_DQUOT_VERSION; 164 d->dd_diskdq.d_flags = type; 165 d->dd_diskdq.d_id = cpu_to_be32(id); 166 167 if (xfs_sb_version_hascrc(&mp->m_sb)) { 168 uuid_copy(&d->dd_uuid, &mp->m_sb.sb_uuid); 169 xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk), 170 XFS_DQUOT_CRC_OFF); 171 } 172 173 return errs; 174 } 175 176 STATIC bool 177 xfs_dquot_buf_verify_crc( 178 struct xfs_mount *mp, 179 struct xfs_buf *bp) 180 { 181 struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr; 182 int ndquots; 183 int i; 184 185 if (!xfs_sb_version_hascrc(&mp->m_sb)) 186 return true; 187 188 /* 189 * if we are in log recovery, the quota subsystem has not been 190 * initialised so we have no quotainfo structure. In that case, we need 191 * to manually calculate the number of dquots in the buffer. 192 */ 193 if (mp->m_quotainfo) 194 ndquots = mp->m_quotainfo->qi_dqperchunk; 195 else 196 ndquots = xfs_calc_dquots_per_chunk( 197 XFS_BB_TO_FSB(mp, bp->b_length)); 198 199 for (i = 0; i < ndquots; i++, d++) { 200 if (!xfs_verify_cksum((char *)d, sizeof(struct xfs_dqblk), 201 XFS_DQUOT_CRC_OFF)) 202 return false; 203 if (!uuid_equal(&d->dd_uuid, &mp->m_sb.sb_uuid)) 204 return false; 205 } 206 return true; 207 } 208 209 STATIC bool 210 xfs_dquot_buf_verify( 211 struct xfs_mount *mp, 212 struct xfs_buf *bp) 213 { 214 struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr; 215 xfs_dqid_t id = 0; 216 int ndquots; 217 int i; 218 219 /* 220 * if we are in log recovery, the quota subsystem has not been 221 * initialised so we have no quotainfo structure. In that case, we need 222 * to manually calculate the number of dquots in the buffer. 223 */ 224 if (mp->m_quotainfo) 225 ndquots = mp->m_quotainfo->qi_dqperchunk; 226 else 227 ndquots = xfs_calc_dquots_per_chunk(bp->b_length); 228 229 /* 230 * On the first read of the buffer, verify that each dquot is valid. 231 * We don't know what the id of the dquot is supposed to be, just that 232 * they should be increasing monotonically within the buffer. If the 233 * first id is corrupt, then it will fail on the second dquot in the 234 * buffer so corruptions could point to the wrong dquot in this case. 235 */ 236 for (i = 0; i < ndquots; i++) { 237 struct xfs_disk_dquot *ddq; 238 int error; 239 240 ddq = &d[i].dd_diskdq; 241 242 if (i == 0) 243 id = be32_to_cpu(ddq->d_id); 244 245 error = xfs_dqcheck(mp, ddq, id + i, 0, XFS_QMOPT_DOWARN, 246 "xfs_dquot_buf_verify"); 247 if (error) 248 return false; 249 } 250 return true; 251 } 252 253 static void 254 xfs_dquot_buf_read_verify( 255 struct xfs_buf *bp) 256 { 257 struct xfs_mount *mp = bp->b_target->bt_mount; 258 259 if (!xfs_dquot_buf_verify_crc(mp, bp)) 260 xfs_buf_ioerror(bp, -EFSBADCRC); 261 else if (!xfs_dquot_buf_verify(mp, bp)) 262 xfs_buf_ioerror(bp, -EFSCORRUPTED); 263 264 if (bp->b_error) 265 xfs_verifier_error(bp); 266 } 267 268 /* 269 * we don't calculate the CRC here as that is done when the dquot is flushed to 270 * the buffer after the update is done. This ensures that the dquot in the 271 * buffer always has an up-to-date CRC value. 272 */ 273 static void 274 xfs_dquot_buf_write_verify( 275 struct xfs_buf *bp) 276 { 277 struct xfs_mount *mp = bp->b_target->bt_mount; 278 279 if (!xfs_dquot_buf_verify(mp, bp)) { 280 xfs_buf_ioerror(bp, -EFSCORRUPTED); 281 xfs_verifier_error(bp); 282 return; 283 } 284 } 285 286 const struct xfs_buf_ops xfs_dquot_buf_ops = { 287 .verify_read = xfs_dquot_buf_read_verify, 288 .verify_write = xfs_dquot_buf_write_verify, 289 }; 290 291