1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2017 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_defer.h" 13 #include "xfs_btree.h" 14 #include "xfs_bit.h" 15 #include "xfs_log_format.h" 16 #include "xfs_trans.h" 17 #include "xfs_sb.h" 18 #include "xfs_inode.h" 19 #include "xfs_da_format.h" 20 #include "xfs_da_btree.h" 21 #include "xfs_dir2.h" 22 #include "xfs_attr.h" 23 #include "xfs_attr_leaf.h" 24 #include "scrub/xfs_scrub.h" 25 #include "scrub/scrub.h" 26 #include "scrub/common.h" 27 #include "scrub/dabtree.h" 28 #include "scrub/trace.h" 29 30 #include <linux/posix_acl_xattr.h> 31 #include <linux/xattr.h> 32 33 /* Set us up to scrub an inode's extended attributes. */ 34 int 35 xfs_scrub_setup_xattr( 36 struct xfs_scrub_context *sc, 37 struct xfs_inode *ip) 38 { 39 size_t sz; 40 41 /* 42 * Allocate the buffer without the inode lock held. We need enough 43 * space to read every xattr value in the file or enough space to 44 * hold three copies of the xattr free space bitmap. (Not both at 45 * the same time.) 46 */ 47 sz = max_t(size_t, XATTR_SIZE_MAX, 3 * sizeof(long) * 48 BITS_TO_LONGS(sc->mp->m_attr_geo->blksize)); 49 sc->buf = kmem_zalloc_large(sz, KM_SLEEP); 50 if (!sc->buf) 51 return -ENOMEM; 52 53 return xfs_scrub_setup_inode_contents(sc, ip, 0); 54 } 55 56 /* Extended Attributes */ 57 58 struct xfs_scrub_xattr { 59 struct xfs_attr_list_context context; 60 struct xfs_scrub_context *sc; 61 }; 62 63 /* 64 * Check that an extended attribute key can be looked up by hash. 65 * 66 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked) 67 * to call this function for every attribute key in an inode. Once 68 * we're here, we load the attribute value to see if any errors happen, 69 * or if we get more or less data than we expected. 70 */ 71 static void 72 xfs_scrub_xattr_listent( 73 struct xfs_attr_list_context *context, 74 int flags, 75 unsigned char *name, 76 int namelen, 77 int valuelen) 78 { 79 struct xfs_scrub_xattr *sx; 80 struct xfs_da_args args = { NULL }; 81 int error = 0; 82 83 sx = container_of(context, struct xfs_scrub_xattr, context); 84 85 if (flags & XFS_ATTR_INCOMPLETE) { 86 /* Incomplete attr key, just mark the inode for preening. */ 87 xfs_scrub_ino_set_preen(sx->sc, context->dp->i_ino); 88 return; 89 } 90 91 args.flags = ATTR_KERNOTIME; 92 if (flags & XFS_ATTR_ROOT) 93 args.flags |= ATTR_ROOT; 94 else if (flags & XFS_ATTR_SECURE) 95 args.flags |= ATTR_SECURE; 96 args.geo = context->dp->i_mount->m_attr_geo; 97 args.whichfork = XFS_ATTR_FORK; 98 args.dp = context->dp; 99 args.name = name; 100 args.namelen = namelen; 101 args.hashval = xfs_da_hashname(args.name, args.namelen); 102 args.trans = context->tp; 103 args.value = sx->sc->buf; 104 args.valuelen = XATTR_SIZE_MAX; 105 106 error = xfs_attr_get_ilocked(context->dp, &args); 107 if (error == -EEXIST) 108 error = 0; 109 if (!xfs_scrub_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno, 110 &error)) 111 goto fail_xref; 112 if (args.valuelen != valuelen) 113 xfs_scrub_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, 114 args.blkno); 115 fail_xref: 116 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 117 context->seen_enough = 1; 118 return; 119 } 120 121 /* 122 * Mark a range [start, start+len) in this map. Returns true if the 123 * region was free, and false if there's a conflict or a problem. 124 * 125 * Within a char, the lowest bit of the char represents the byte with 126 * the smallest address 127 */ 128 STATIC bool 129 xfs_scrub_xattr_set_map( 130 struct xfs_scrub_context *sc, 131 unsigned long *map, 132 unsigned int start, 133 unsigned int len) 134 { 135 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 136 bool ret = true; 137 138 if (start >= mapsize) 139 return false; 140 if (start + len > mapsize) { 141 len = mapsize - start; 142 ret = false; 143 } 144 145 if (find_next_bit(map, mapsize, start) < start + len) 146 ret = false; 147 bitmap_set(map, start, len); 148 149 return ret; 150 } 151 152 /* 153 * Check the leaf freemap from the usage bitmap. Returns false if the 154 * attr freemap has problems or points to used space. 155 */ 156 STATIC bool 157 xfs_scrub_xattr_check_freemap( 158 struct xfs_scrub_context *sc, 159 unsigned long *map, 160 struct xfs_attr3_icleaf_hdr *leafhdr) 161 { 162 unsigned long *freemap; 163 unsigned long *dstmap; 164 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 165 int i; 166 167 /* Construct bitmap of freemap contents. */ 168 freemap = (unsigned long *)sc->buf + BITS_TO_LONGS(mapsize); 169 bitmap_zero(freemap, mapsize); 170 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { 171 if (!xfs_scrub_xattr_set_map(sc, freemap, 172 leafhdr->freemap[i].base, 173 leafhdr->freemap[i].size)) 174 return false; 175 } 176 177 /* Look for bits that are set in freemap and are marked in use. */ 178 dstmap = freemap + BITS_TO_LONGS(mapsize); 179 return bitmap_and(dstmap, freemap, map, mapsize) == 0; 180 } 181 182 /* 183 * Check this leaf entry's relations to everything else. 184 * Returns the number of bytes used for the name/value data. 185 */ 186 STATIC void 187 xfs_scrub_xattr_entry( 188 struct xfs_scrub_da_btree *ds, 189 int level, 190 char *buf_end, 191 struct xfs_attr_leafblock *leaf, 192 struct xfs_attr3_icleaf_hdr *leafhdr, 193 unsigned long *usedmap, 194 struct xfs_attr_leaf_entry *ent, 195 int idx, 196 unsigned int *usedbytes, 197 __u32 *last_hashval) 198 { 199 struct xfs_mount *mp = ds->state->mp; 200 char *name_end; 201 struct xfs_attr_leaf_name_local *lentry; 202 struct xfs_attr_leaf_name_remote *rentry; 203 unsigned int nameidx; 204 unsigned int namesize; 205 206 if (ent->pad2 != 0) 207 xfs_scrub_da_set_corrupt(ds, level); 208 209 /* Hash values in order? */ 210 if (be32_to_cpu(ent->hashval) < *last_hashval) 211 xfs_scrub_da_set_corrupt(ds, level); 212 *last_hashval = be32_to_cpu(ent->hashval); 213 214 nameidx = be16_to_cpu(ent->nameidx); 215 if (nameidx < leafhdr->firstused || 216 nameidx >= mp->m_attr_geo->blksize) { 217 xfs_scrub_da_set_corrupt(ds, level); 218 return; 219 } 220 221 /* Check the name information. */ 222 if (ent->flags & XFS_ATTR_LOCAL) { 223 lentry = xfs_attr3_leaf_name_local(leaf, idx); 224 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, 225 be16_to_cpu(lentry->valuelen)); 226 name_end = (char *)lentry + namesize; 227 if (lentry->namelen == 0) 228 xfs_scrub_da_set_corrupt(ds, level); 229 } else { 230 rentry = xfs_attr3_leaf_name_remote(leaf, idx); 231 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen); 232 name_end = (char *)rentry + namesize; 233 if (rentry->namelen == 0 || rentry->valueblk == 0) 234 xfs_scrub_da_set_corrupt(ds, level); 235 } 236 if (name_end > buf_end) 237 xfs_scrub_da_set_corrupt(ds, level); 238 239 if (!xfs_scrub_xattr_set_map(ds->sc, usedmap, nameidx, namesize)) 240 xfs_scrub_da_set_corrupt(ds, level); 241 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) 242 *usedbytes += namesize; 243 } 244 245 /* Scrub an attribute leaf. */ 246 STATIC int 247 xfs_scrub_xattr_block( 248 struct xfs_scrub_da_btree *ds, 249 int level) 250 { 251 struct xfs_attr3_icleaf_hdr leafhdr; 252 struct xfs_mount *mp = ds->state->mp; 253 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 254 struct xfs_buf *bp = blk->bp; 255 xfs_dablk_t *last_checked = ds->private; 256 struct xfs_attr_leafblock *leaf = bp->b_addr; 257 struct xfs_attr_leaf_entry *ent; 258 struct xfs_attr_leaf_entry *entries; 259 unsigned long *usedmap = ds->sc->buf; 260 char *buf_end; 261 size_t off; 262 __u32 last_hashval = 0; 263 unsigned int usedbytes = 0; 264 unsigned int hdrsize; 265 int i; 266 267 if (*last_checked == blk->blkno) 268 return 0; 269 *last_checked = blk->blkno; 270 bitmap_zero(usedmap, mp->m_attr_geo->blksize); 271 272 /* Check all the padding. */ 273 if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) { 274 struct xfs_attr3_leafblock *leaf = bp->b_addr; 275 276 if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 || 277 leaf->hdr.info.hdr.pad != 0) 278 xfs_scrub_da_set_corrupt(ds, level); 279 } else { 280 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0) 281 xfs_scrub_da_set_corrupt(ds, level); 282 } 283 284 /* Check the leaf header */ 285 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf); 286 hdrsize = xfs_attr3_leaf_hdr_size(leaf); 287 288 if (leafhdr.usedbytes > mp->m_attr_geo->blksize) 289 xfs_scrub_da_set_corrupt(ds, level); 290 if (leafhdr.firstused > mp->m_attr_geo->blksize) 291 xfs_scrub_da_set_corrupt(ds, level); 292 if (leafhdr.firstused < hdrsize) 293 xfs_scrub_da_set_corrupt(ds, level); 294 if (!xfs_scrub_xattr_set_map(ds->sc, usedmap, 0, hdrsize)) 295 xfs_scrub_da_set_corrupt(ds, level); 296 297 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 298 goto out; 299 300 entries = xfs_attr3_leaf_entryp(leaf); 301 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused) 302 xfs_scrub_da_set_corrupt(ds, level); 303 304 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize; 305 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) { 306 /* Mark the leaf entry itself. */ 307 off = (char *)ent - (char *)leaf; 308 if (!xfs_scrub_xattr_set_map(ds->sc, usedmap, off, 309 sizeof(xfs_attr_leaf_entry_t))) { 310 xfs_scrub_da_set_corrupt(ds, level); 311 goto out; 312 } 313 314 /* Check the entry and nameval. */ 315 xfs_scrub_xattr_entry(ds, level, buf_end, leaf, &leafhdr, 316 usedmap, ent, i, &usedbytes, &last_hashval); 317 318 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 319 goto out; 320 } 321 322 if (!xfs_scrub_xattr_check_freemap(ds->sc, usedmap, &leafhdr)) 323 xfs_scrub_da_set_corrupt(ds, level); 324 325 if (leafhdr.usedbytes != usedbytes) 326 xfs_scrub_da_set_corrupt(ds, level); 327 328 out: 329 return 0; 330 } 331 332 /* Scrub a attribute btree record. */ 333 STATIC int 334 xfs_scrub_xattr_rec( 335 struct xfs_scrub_da_btree *ds, 336 int level, 337 void *rec) 338 { 339 struct xfs_mount *mp = ds->state->mp; 340 struct xfs_attr_leaf_entry *ent = rec; 341 struct xfs_da_state_blk *blk; 342 struct xfs_attr_leaf_name_local *lentry; 343 struct xfs_attr_leaf_name_remote *rentry; 344 struct xfs_buf *bp; 345 xfs_dahash_t calc_hash; 346 xfs_dahash_t hash; 347 int nameidx; 348 int hdrsize; 349 unsigned int badflags; 350 int error; 351 352 blk = &ds->state->path.blk[level]; 353 354 /* Check the whole block, if necessary. */ 355 error = xfs_scrub_xattr_block(ds, level); 356 if (error) 357 goto out; 358 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 359 goto out; 360 361 /* Check the hash of the entry. */ 362 error = xfs_scrub_da_btree_hash(ds, level, &ent->hashval); 363 if (error) 364 goto out; 365 366 /* Find the attr entry's location. */ 367 bp = blk->bp; 368 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr); 369 nameidx = be16_to_cpu(ent->nameidx); 370 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) { 371 xfs_scrub_da_set_corrupt(ds, level); 372 goto out; 373 } 374 375 /* Retrieve the entry and check it. */ 376 hash = be32_to_cpu(ent->hashval); 377 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | 378 XFS_ATTR_INCOMPLETE); 379 if ((ent->flags & badflags) != 0) 380 xfs_scrub_da_set_corrupt(ds, level); 381 if (ent->flags & XFS_ATTR_LOCAL) { 382 lentry = (struct xfs_attr_leaf_name_local *) 383 (((char *)bp->b_addr) + nameidx); 384 if (lentry->namelen <= 0) { 385 xfs_scrub_da_set_corrupt(ds, level); 386 goto out; 387 } 388 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen); 389 } else { 390 rentry = (struct xfs_attr_leaf_name_remote *) 391 (((char *)bp->b_addr) + nameidx); 392 if (rentry->namelen <= 0) { 393 xfs_scrub_da_set_corrupt(ds, level); 394 goto out; 395 } 396 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen); 397 } 398 if (calc_hash != hash) 399 xfs_scrub_da_set_corrupt(ds, level); 400 401 out: 402 return error; 403 } 404 405 /* Scrub the extended attribute metadata. */ 406 int 407 xfs_scrub_xattr( 408 struct xfs_scrub_context *sc) 409 { 410 struct xfs_scrub_xattr sx; 411 struct attrlist_cursor_kern cursor = { 0 }; 412 xfs_dablk_t last_checked = -1U; 413 int error = 0; 414 415 if (!xfs_inode_hasattr(sc->ip)) 416 return -ENOENT; 417 418 memset(&sx, 0, sizeof(sx)); 419 /* Check attribute tree structure */ 420 error = xfs_scrub_da_btree(sc, XFS_ATTR_FORK, xfs_scrub_xattr_rec, 421 &last_checked); 422 if (error) 423 goto out; 424 425 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 426 goto out; 427 428 /* Check that every attr key can also be looked up by hash. */ 429 sx.context.dp = sc->ip; 430 sx.context.cursor = &cursor; 431 sx.context.resynch = 1; 432 sx.context.put_listent = xfs_scrub_xattr_listent; 433 sx.context.tp = sc->tp; 434 sx.context.flags = ATTR_INCOMPLETE; 435 sx.sc = sc; 436 437 /* 438 * Look up every xattr in this file by name. 439 * 440 * Use the backend implementation of xfs_attr_list to call 441 * xfs_scrub_xattr_listent on every attribute key in this inode. 442 * In other words, we use the same iterator/callback mechanism 443 * that listattr uses to scrub extended attributes, though in our 444 * _listent function, we check the value of the attribute. 445 * 446 * The VFS only locks i_rwsem when modifying attrs, so keep all 447 * three locks held because that's the only way to ensure we're 448 * the only thread poking into the da btree. We traverse the da 449 * btree while holding a leaf buffer locked for the xattr name 450 * iteration, which doesn't really follow the usual buffer 451 * locking order. 452 */ 453 error = xfs_attr_list_int_ilocked(&sx.context); 454 if (!xfs_scrub_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error)) 455 goto out; 456 out: 457 return error; 458 } 459