1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_errortag.h" 15 #include "xfs_error.h" 16 #include "xfs_icache.h" 17 #include "xfs_trans.h" 18 #include "xfs_ialloc.h" 19 #include "xfs_dir2.h" 20 21 #include <linux/iversion.h> 22 23 /* 24 * If we are doing readahead on an inode buffer, we might be in log recovery 25 * reading an inode allocation buffer that hasn't yet been replayed, and hence 26 * has not had the inode cores stamped into it. Hence for readahead, the buffer 27 * may be potentially invalid. 28 * 29 * If the readahead buffer is invalid, we need to mark it with an error and 30 * clear the DONE status of the buffer so that a followup read will re-read it 31 * from disk. We don't report the error otherwise to avoid warnings during log 32 * recovery and we don't get unnecessary panics on debug kernels. We use EIO here 33 * because all we want to do is say readahead failed; there is no-one to report 34 * the error to, so this will distinguish it from a non-ra verifier failure. 35 * Changes to this readahead error behaviour also need to be reflected in 36 * xfs_dquot_buf_readahead_verify(). 37 */ 38 static void 39 xfs_inode_buf_verify( 40 struct xfs_buf *bp, 41 bool readahead) 42 { 43 struct xfs_mount *mp = bp->b_mount; 44 xfs_agnumber_t agno; 45 int i; 46 int ni; 47 48 /* 49 * Validate the magic number and version of every inode in the buffer 50 */ 51 agno = xfs_daddr_to_agno(mp, xfs_buf_daddr(bp)); 52 ni = XFS_BB_TO_FSB(mp, bp->b_length) * mp->m_sb.sb_inopblock; 53 for (i = 0; i < ni; i++) { 54 int di_ok; 55 xfs_dinode_t *dip; 56 xfs_agino_t unlinked_ino; 57 58 dip = xfs_buf_offset(bp, (i << mp->m_sb.sb_inodelog)); 59 unlinked_ino = be32_to_cpu(dip->di_next_unlinked); 60 di_ok = xfs_verify_magic16(bp, dip->di_magic) && 61 xfs_dinode_good_version(mp, dip->di_version) && 62 xfs_verify_agino_or_null(mp, agno, unlinked_ino); 63 if (unlikely(XFS_TEST_ERROR(!di_ok, mp, 64 XFS_ERRTAG_ITOBP_INOTOBP))) { 65 if (readahead) { 66 bp->b_flags &= ~XBF_DONE; 67 xfs_buf_ioerror(bp, -EIO); 68 return; 69 } 70 71 #ifdef DEBUG 72 xfs_alert(mp, 73 "bad inode magic/vsn daddr %lld #%d (magic=%x)", 74 (unsigned long long)xfs_buf_daddr(bp), i, 75 be16_to_cpu(dip->di_magic)); 76 #endif 77 xfs_buf_verifier_error(bp, -EFSCORRUPTED, 78 __func__, dip, sizeof(*dip), 79 NULL); 80 return; 81 } 82 } 83 } 84 85 86 static void 87 xfs_inode_buf_read_verify( 88 struct xfs_buf *bp) 89 { 90 xfs_inode_buf_verify(bp, false); 91 } 92 93 static void 94 xfs_inode_buf_readahead_verify( 95 struct xfs_buf *bp) 96 { 97 xfs_inode_buf_verify(bp, true); 98 } 99 100 static void 101 xfs_inode_buf_write_verify( 102 struct xfs_buf *bp) 103 { 104 xfs_inode_buf_verify(bp, false); 105 } 106 107 const struct xfs_buf_ops xfs_inode_buf_ops = { 108 .name = "xfs_inode", 109 .magic16 = { cpu_to_be16(XFS_DINODE_MAGIC), 110 cpu_to_be16(XFS_DINODE_MAGIC) }, 111 .verify_read = xfs_inode_buf_read_verify, 112 .verify_write = xfs_inode_buf_write_verify, 113 }; 114 115 const struct xfs_buf_ops xfs_inode_buf_ra_ops = { 116 .name = "xfs_inode_ra", 117 .magic16 = { cpu_to_be16(XFS_DINODE_MAGIC), 118 cpu_to_be16(XFS_DINODE_MAGIC) }, 119 .verify_read = xfs_inode_buf_readahead_verify, 120 .verify_write = xfs_inode_buf_write_verify, 121 }; 122 123 124 /* 125 * This routine is called to map an inode to the buffer containing the on-disk 126 * version of the inode. It returns a pointer to the buffer containing the 127 * on-disk inode in the bpp parameter. 128 */ 129 int 130 xfs_imap_to_bp( 131 struct xfs_mount *mp, 132 struct xfs_trans *tp, 133 struct xfs_imap *imap, 134 struct xfs_buf **bpp) 135 { 136 return xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, imap->im_blkno, 137 imap->im_len, XBF_UNMAPPED, bpp, 138 &xfs_inode_buf_ops); 139 } 140 141 static inline struct timespec64 xfs_inode_decode_bigtime(uint64_t ts) 142 { 143 struct timespec64 tv; 144 uint32_t n; 145 146 tv.tv_sec = xfs_bigtime_to_unix(div_u64_rem(ts, NSEC_PER_SEC, &n)); 147 tv.tv_nsec = n; 148 149 return tv; 150 } 151 152 /* Convert an ondisk timestamp to an incore timestamp. */ 153 struct timespec64 154 xfs_inode_from_disk_ts( 155 struct xfs_dinode *dip, 156 const xfs_timestamp_t ts) 157 { 158 struct timespec64 tv; 159 struct xfs_legacy_timestamp *lts; 160 161 if (xfs_dinode_has_bigtime(dip)) 162 return xfs_inode_decode_bigtime(be64_to_cpu(ts)); 163 164 lts = (struct xfs_legacy_timestamp *)&ts; 165 tv.tv_sec = (int)be32_to_cpu(lts->t_sec); 166 tv.tv_nsec = (int)be32_to_cpu(lts->t_nsec); 167 168 return tv; 169 } 170 171 int 172 xfs_inode_from_disk( 173 struct xfs_inode *ip, 174 struct xfs_dinode *from) 175 { 176 struct inode *inode = VFS_I(ip); 177 int error; 178 xfs_failaddr_t fa; 179 180 ASSERT(ip->i_cowfp == NULL); 181 ASSERT(ip->i_afp == NULL); 182 183 fa = xfs_dinode_verify(ip->i_mount, ip->i_ino, from); 184 if (fa) { 185 xfs_inode_verifier_error(ip, -EFSCORRUPTED, "dinode", from, 186 sizeof(*from), fa); 187 return -EFSCORRUPTED; 188 } 189 190 /* 191 * First get the permanent information that is needed to allocate an 192 * inode. If the inode is unused, mode is zero and we shouldn't mess 193 * with the uninitialized part of it. 194 */ 195 if (!xfs_has_v3inodes(ip->i_mount)) 196 ip->i_flushiter = be16_to_cpu(from->di_flushiter); 197 inode->i_generation = be32_to_cpu(from->di_gen); 198 inode->i_mode = be16_to_cpu(from->di_mode); 199 if (!inode->i_mode) 200 return 0; 201 202 /* 203 * Convert v1 inodes immediately to v2 inode format as this is the 204 * minimum inode version format we support in the rest of the code. 205 * They will also be unconditionally written back to disk as v2 inodes. 206 */ 207 if (unlikely(from->di_version == 1)) { 208 set_nlink(inode, be16_to_cpu(from->di_onlink)); 209 ip->i_projid = 0; 210 } else { 211 set_nlink(inode, be32_to_cpu(from->di_nlink)); 212 ip->i_projid = (prid_t)be16_to_cpu(from->di_projid_hi) << 16 | 213 be16_to_cpu(from->di_projid_lo); 214 } 215 216 i_uid_write(inode, be32_to_cpu(from->di_uid)); 217 i_gid_write(inode, be32_to_cpu(from->di_gid)); 218 219 /* 220 * Time is signed, so need to convert to signed 32 bit before 221 * storing in inode timestamp which may be 64 bit. Otherwise 222 * a time before epoch is converted to a time long after epoch 223 * on 64 bit systems. 224 */ 225 inode->i_atime = xfs_inode_from_disk_ts(from, from->di_atime); 226 inode->i_mtime = xfs_inode_from_disk_ts(from, from->di_mtime); 227 inode->i_ctime = xfs_inode_from_disk_ts(from, from->di_ctime); 228 229 ip->i_disk_size = be64_to_cpu(from->di_size); 230 ip->i_nblocks = be64_to_cpu(from->di_nblocks); 231 ip->i_extsize = be32_to_cpu(from->di_extsize); 232 ip->i_forkoff = from->di_forkoff; 233 ip->i_diflags = be16_to_cpu(from->di_flags); 234 235 if (from->di_dmevmask || from->di_dmstate) 236 xfs_iflags_set(ip, XFS_IPRESERVE_DM_FIELDS); 237 238 if (xfs_has_v3inodes(ip->i_mount)) { 239 inode_set_iversion_queried(inode, 240 be64_to_cpu(from->di_changecount)); 241 ip->i_crtime = xfs_inode_from_disk_ts(from, from->di_crtime); 242 ip->i_diflags2 = be64_to_cpu(from->di_flags2); 243 ip->i_cowextsize = be32_to_cpu(from->di_cowextsize); 244 } 245 246 error = xfs_iformat_data_fork(ip, from); 247 if (error) 248 return error; 249 if (from->di_forkoff) { 250 error = xfs_iformat_attr_fork(ip, from); 251 if (error) 252 goto out_destroy_data_fork; 253 } 254 if (xfs_is_reflink_inode(ip)) 255 xfs_ifork_init_cow(ip); 256 return 0; 257 258 out_destroy_data_fork: 259 xfs_idestroy_fork(&ip->i_df); 260 return error; 261 } 262 263 /* Convert an incore timestamp to an ondisk timestamp. */ 264 static inline xfs_timestamp_t 265 xfs_inode_to_disk_ts( 266 struct xfs_inode *ip, 267 const struct timespec64 tv) 268 { 269 struct xfs_legacy_timestamp *lts; 270 xfs_timestamp_t ts; 271 272 if (xfs_inode_has_bigtime(ip)) 273 return cpu_to_be64(xfs_inode_encode_bigtime(tv)); 274 275 lts = (struct xfs_legacy_timestamp *)&ts; 276 lts->t_sec = cpu_to_be32(tv.tv_sec); 277 lts->t_nsec = cpu_to_be32(tv.tv_nsec); 278 279 return ts; 280 } 281 282 void 283 xfs_inode_to_disk( 284 struct xfs_inode *ip, 285 struct xfs_dinode *to, 286 xfs_lsn_t lsn) 287 { 288 struct inode *inode = VFS_I(ip); 289 290 to->di_magic = cpu_to_be16(XFS_DINODE_MAGIC); 291 to->di_onlink = 0; 292 293 to->di_format = xfs_ifork_format(&ip->i_df); 294 to->di_uid = cpu_to_be32(i_uid_read(inode)); 295 to->di_gid = cpu_to_be32(i_gid_read(inode)); 296 to->di_projid_lo = cpu_to_be16(ip->i_projid & 0xffff); 297 to->di_projid_hi = cpu_to_be16(ip->i_projid >> 16); 298 299 memset(to->di_pad, 0, sizeof(to->di_pad)); 300 to->di_atime = xfs_inode_to_disk_ts(ip, inode->i_atime); 301 to->di_mtime = xfs_inode_to_disk_ts(ip, inode->i_mtime); 302 to->di_ctime = xfs_inode_to_disk_ts(ip, inode->i_ctime); 303 to->di_nlink = cpu_to_be32(inode->i_nlink); 304 to->di_gen = cpu_to_be32(inode->i_generation); 305 to->di_mode = cpu_to_be16(inode->i_mode); 306 307 to->di_size = cpu_to_be64(ip->i_disk_size); 308 to->di_nblocks = cpu_to_be64(ip->i_nblocks); 309 to->di_extsize = cpu_to_be32(ip->i_extsize); 310 to->di_nextents = cpu_to_be32(xfs_ifork_nextents(&ip->i_df)); 311 to->di_anextents = cpu_to_be16(xfs_ifork_nextents(ip->i_afp)); 312 to->di_forkoff = ip->i_forkoff; 313 to->di_aformat = xfs_ifork_format(ip->i_afp); 314 to->di_flags = cpu_to_be16(ip->i_diflags); 315 316 if (xfs_has_v3inodes(ip->i_mount)) { 317 to->di_version = 3; 318 to->di_changecount = cpu_to_be64(inode_peek_iversion(inode)); 319 to->di_crtime = xfs_inode_to_disk_ts(ip, ip->i_crtime); 320 to->di_flags2 = cpu_to_be64(ip->i_diflags2); 321 to->di_cowextsize = cpu_to_be32(ip->i_cowextsize); 322 to->di_ino = cpu_to_be64(ip->i_ino); 323 to->di_lsn = cpu_to_be64(lsn); 324 memset(to->di_pad2, 0, sizeof(to->di_pad2)); 325 uuid_copy(&to->di_uuid, &ip->i_mount->m_sb.sb_meta_uuid); 326 to->di_flushiter = 0; 327 } else { 328 to->di_version = 2; 329 to->di_flushiter = cpu_to_be16(ip->i_flushiter); 330 } 331 } 332 333 static xfs_failaddr_t 334 xfs_dinode_verify_fork( 335 struct xfs_dinode *dip, 336 struct xfs_mount *mp, 337 int whichfork) 338 { 339 uint32_t di_nextents = XFS_DFORK_NEXTENTS(dip, whichfork); 340 341 switch (XFS_DFORK_FORMAT(dip, whichfork)) { 342 case XFS_DINODE_FMT_LOCAL: 343 /* 344 * no local regular files yet 345 */ 346 if (whichfork == XFS_DATA_FORK) { 347 if (S_ISREG(be16_to_cpu(dip->di_mode))) 348 return __this_address; 349 if (be64_to_cpu(dip->di_size) > 350 XFS_DFORK_SIZE(dip, mp, whichfork)) 351 return __this_address; 352 } 353 if (di_nextents) 354 return __this_address; 355 break; 356 case XFS_DINODE_FMT_EXTENTS: 357 if (di_nextents > XFS_DFORK_MAXEXT(dip, mp, whichfork)) 358 return __this_address; 359 break; 360 case XFS_DINODE_FMT_BTREE: 361 if (whichfork == XFS_ATTR_FORK) { 362 if (di_nextents > MAXAEXTNUM) 363 return __this_address; 364 } else if (di_nextents > MAXEXTNUM) { 365 return __this_address; 366 } 367 break; 368 default: 369 return __this_address; 370 } 371 return NULL; 372 } 373 374 static xfs_failaddr_t 375 xfs_dinode_verify_forkoff( 376 struct xfs_dinode *dip, 377 struct xfs_mount *mp) 378 { 379 if (!dip->di_forkoff) 380 return NULL; 381 382 switch (dip->di_format) { 383 case XFS_DINODE_FMT_DEV: 384 if (dip->di_forkoff != (roundup(sizeof(xfs_dev_t), 8) >> 3)) 385 return __this_address; 386 break; 387 case XFS_DINODE_FMT_LOCAL: /* fall through ... */ 388 case XFS_DINODE_FMT_EXTENTS: /* fall through ... */ 389 case XFS_DINODE_FMT_BTREE: 390 if (dip->di_forkoff >= (XFS_LITINO(mp) >> 3)) 391 return __this_address; 392 break; 393 default: 394 return __this_address; 395 } 396 return NULL; 397 } 398 399 xfs_failaddr_t 400 xfs_dinode_verify( 401 struct xfs_mount *mp, 402 xfs_ino_t ino, 403 struct xfs_dinode *dip) 404 { 405 xfs_failaddr_t fa; 406 uint16_t mode; 407 uint16_t flags; 408 uint64_t flags2; 409 uint64_t di_size; 410 411 if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC)) 412 return __this_address; 413 414 /* Verify v3 integrity information first */ 415 if (dip->di_version >= 3) { 416 if (!xfs_has_v3inodes(mp)) 417 return __this_address; 418 if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize, 419 XFS_DINODE_CRC_OFF)) 420 return __this_address; 421 if (be64_to_cpu(dip->di_ino) != ino) 422 return __this_address; 423 if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid)) 424 return __this_address; 425 } 426 427 /* don't allow invalid i_size */ 428 di_size = be64_to_cpu(dip->di_size); 429 if (di_size & (1ULL << 63)) 430 return __this_address; 431 432 mode = be16_to_cpu(dip->di_mode); 433 if (mode && xfs_mode_to_ftype(mode) == XFS_DIR3_FT_UNKNOWN) 434 return __this_address; 435 436 /* No zero-length symlinks/dirs. */ 437 if ((S_ISLNK(mode) || S_ISDIR(mode)) && di_size == 0) 438 return __this_address; 439 440 /* Fork checks carried over from xfs_iformat_fork */ 441 if (mode && 442 be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) > 443 be64_to_cpu(dip->di_nblocks)) 444 return __this_address; 445 446 if (mode && XFS_DFORK_BOFF(dip) > mp->m_sb.sb_inodesize) 447 return __this_address; 448 449 flags = be16_to_cpu(dip->di_flags); 450 451 if (mode && (flags & XFS_DIFLAG_REALTIME) && !mp->m_rtdev_targp) 452 return __this_address; 453 454 /* check for illegal values of forkoff */ 455 fa = xfs_dinode_verify_forkoff(dip, mp); 456 if (fa) 457 return fa; 458 459 /* Do we have appropriate data fork formats for the mode? */ 460 switch (mode & S_IFMT) { 461 case S_IFIFO: 462 case S_IFCHR: 463 case S_IFBLK: 464 case S_IFSOCK: 465 if (dip->di_format != XFS_DINODE_FMT_DEV) 466 return __this_address; 467 break; 468 case S_IFREG: 469 case S_IFLNK: 470 case S_IFDIR: 471 fa = xfs_dinode_verify_fork(dip, mp, XFS_DATA_FORK); 472 if (fa) 473 return fa; 474 break; 475 case 0: 476 /* Uninitialized inode ok. */ 477 break; 478 default: 479 return __this_address; 480 } 481 482 if (dip->di_forkoff) { 483 fa = xfs_dinode_verify_fork(dip, mp, XFS_ATTR_FORK); 484 if (fa) 485 return fa; 486 } else { 487 /* 488 * If there is no fork offset, this may be a freshly-made inode 489 * in a new disk cluster, in which case di_aformat is zeroed. 490 * Otherwise, such an inode must be in EXTENTS format; this goes 491 * for freed inodes as well. 492 */ 493 switch (dip->di_aformat) { 494 case 0: 495 case XFS_DINODE_FMT_EXTENTS: 496 break; 497 default: 498 return __this_address; 499 } 500 if (dip->di_anextents) 501 return __this_address; 502 } 503 504 /* extent size hint validation */ 505 fa = xfs_inode_validate_extsize(mp, be32_to_cpu(dip->di_extsize), 506 mode, flags); 507 if (fa) 508 return fa; 509 510 /* only version 3 or greater inodes are extensively verified here */ 511 if (dip->di_version < 3) 512 return NULL; 513 514 flags2 = be64_to_cpu(dip->di_flags2); 515 516 /* don't allow reflink/cowextsize if we don't have reflink */ 517 if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) && 518 !xfs_has_reflink(mp)) 519 return __this_address; 520 521 /* only regular files get reflink */ 522 if ((flags2 & XFS_DIFLAG2_REFLINK) && (mode & S_IFMT) != S_IFREG) 523 return __this_address; 524 525 /* don't let reflink and realtime mix */ 526 if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME)) 527 return __this_address; 528 529 /* COW extent size hint validation */ 530 fa = xfs_inode_validate_cowextsize(mp, be32_to_cpu(dip->di_cowextsize), 531 mode, flags, flags2); 532 if (fa) 533 return fa; 534 535 /* bigtime iflag can only happen on bigtime filesystems */ 536 if (xfs_dinode_has_bigtime(dip) && 537 !xfs_has_bigtime(mp)) 538 return __this_address; 539 540 return NULL; 541 } 542 543 void 544 xfs_dinode_calc_crc( 545 struct xfs_mount *mp, 546 struct xfs_dinode *dip) 547 { 548 uint32_t crc; 549 550 if (dip->di_version < 3) 551 return; 552 553 ASSERT(xfs_has_crc(mp)); 554 crc = xfs_start_cksum_update((char *)dip, mp->m_sb.sb_inodesize, 555 XFS_DINODE_CRC_OFF); 556 dip->di_crc = xfs_end_cksum(crc); 557 } 558 559 /* 560 * Validate di_extsize hint. 561 * 562 * 1. Extent size hint is only valid for directories and regular files. 563 * 2. FS_XFLAG_EXTSIZE is only valid for regular files. 564 * 3. FS_XFLAG_EXTSZINHERIT is only valid for directories. 565 * 4. Hint cannot be larger than MAXTEXTLEN. 566 * 5. Can be changed on directories at any time. 567 * 6. Hint value of 0 turns off hints, clears inode flags. 568 * 7. Extent size must be a multiple of the appropriate block size. 569 * For realtime files, this is the rt extent size. 570 * 8. For non-realtime files, the extent size hint must be limited 571 * to half the AG size to avoid alignment extending the extent beyond the 572 * limits of the AG. 573 */ 574 xfs_failaddr_t 575 xfs_inode_validate_extsize( 576 struct xfs_mount *mp, 577 uint32_t extsize, 578 uint16_t mode, 579 uint16_t flags) 580 { 581 bool rt_flag; 582 bool hint_flag; 583 bool inherit_flag; 584 uint32_t extsize_bytes; 585 uint32_t blocksize_bytes; 586 587 rt_flag = (flags & XFS_DIFLAG_REALTIME); 588 hint_flag = (flags & XFS_DIFLAG_EXTSIZE); 589 inherit_flag = (flags & XFS_DIFLAG_EXTSZINHERIT); 590 extsize_bytes = XFS_FSB_TO_B(mp, extsize); 591 592 /* 593 * This comment describes a historic gap in this verifier function. 594 * 595 * For a directory with both RTINHERIT and EXTSZINHERIT flags set, this 596 * function has never checked that the extent size hint is an integer 597 * multiple of the realtime extent size. Since we allow users to set 598 * this combination on non-rt filesystems /and/ to change the rt 599 * extent size when adding a rt device to a filesystem, the net effect 600 * is that users can configure a filesystem anticipating one rt 601 * geometry and change their minds later. Directories do not use the 602 * extent size hint, so this is harmless for them. 603 * 604 * If a directory with a misaligned extent size hint is allowed to 605 * propagate that hint into a new regular realtime file, the result 606 * is that the inode cluster buffer verifier will trigger a corruption 607 * shutdown the next time it is run, because the verifier has always 608 * enforced the alignment rule for regular files. 609 * 610 * Because we allow administrators to set a new rt extent size when 611 * adding a rt section, we cannot add a check to this verifier because 612 * that will result a new source of directory corruption errors when 613 * reading an existing filesystem. Instead, we rely on callers to 614 * decide when alignment checks are appropriate, and fix things up as 615 * needed. 616 */ 617 618 if (rt_flag) 619 blocksize_bytes = XFS_FSB_TO_B(mp, mp->m_sb.sb_rextsize); 620 else 621 blocksize_bytes = mp->m_sb.sb_blocksize; 622 623 if ((hint_flag || inherit_flag) && !(S_ISDIR(mode) || S_ISREG(mode))) 624 return __this_address; 625 626 if (hint_flag && !S_ISREG(mode)) 627 return __this_address; 628 629 if (inherit_flag && !S_ISDIR(mode)) 630 return __this_address; 631 632 if ((hint_flag || inherit_flag) && extsize == 0) 633 return __this_address; 634 635 /* free inodes get flags set to zero but extsize remains */ 636 if (mode && !(hint_flag || inherit_flag) && extsize != 0) 637 return __this_address; 638 639 if (extsize_bytes % blocksize_bytes) 640 return __this_address; 641 642 if (extsize > MAXEXTLEN) 643 return __this_address; 644 645 if (!rt_flag && extsize > mp->m_sb.sb_agblocks / 2) 646 return __this_address; 647 648 return NULL; 649 } 650 651 /* 652 * Validate di_cowextsize hint. 653 * 654 * 1. CoW extent size hint can only be set if reflink is enabled on the fs. 655 * The inode does not have to have any shared blocks, but it must be a v3. 656 * 2. FS_XFLAG_COWEXTSIZE is only valid for directories and regular files; 657 * for a directory, the hint is propagated to new files. 658 * 3. Can be changed on files & directories at any time. 659 * 4. Hint value of 0 turns off hints, clears inode flags. 660 * 5. Extent size must be a multiple of the appropriate block size. 661 * 6. The extent size hint must be limited to half the AG size to avoid 662 * alignment extending the extent beyond the limits of the AG. 663 */ 664 xfs_failaddr_t 665 xfs_inode_validate_cowextsize( 666 struct xfs_mount *mp, 667 uint32_t cowextsize, 668 uint16_t mode, 669 uint16_t flags, 670 uint64_t flags2) 671 { 672 bool rt_flag; 673 bool hint_flag; 674 uint32_t cowextsize_bytes; 675 676 rt_flag = (flags & XFS_DIFLAG_REALTIME); 677 hint_flag = (flags2 & XFS_DIFLAG2_COWEXTSIZE); 678 cowextsize_bytes = XFS_FSB_TO_B(mp, cowextsize); 679 680 if (hint_flag && !xfs_has_reflink(mp)) 681 return __this_address; 682 683 if (hint_flag && !(S_ISDIR(mode) || S_ISREG(mode))) 684 return __this_address; 685 686 if (hint_flag && cowextsize == 0) 687 return __this_address; 688 689 /* free inodes get flags set to zero but cowextsize remains */ 690 if (mode && !hint_flag && cowextsize != 0) 691 return __this_address; 692 693 if (hint_flag && rt_flag) 694 return __this_address; 695 696 if (cowextsize_bytes % mp->m_sb.sb_blocksize) 697 return __this_address; 698 699 if (cowextsize > MAXEXTLEN) 700 return __this_address; 701 702 if (cowextsize > mp->m_sb.sb_agblocks / 2) 703 return __this_address; 704 705 return NULL; 706 } 707