1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2017 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_log_format.h" 13 #include "xfs_inode.h" 14 #include "xfs_da_format.h" 15 #include "xfs_da_btree.h" 16 #include "xfs_attr.h" 17 #include "xfs_attr_leaf.h" 18 #include "scrub/scrub.h" 19 #include "scrub/common.h" 20 #include "scrub/dabtree.h" 21 #include "scrub/attr.h" 22 23 /* 24 * Allocate enough memory to hold an attr value and attr block bitmaps, 25 * reallocating the buffer if necessary. Buffer contents are not preserved 26 * across a reallocation. 27 */ 28 int 29 xchk_setup_xattr_buf( 30 struct xfs_scrub *sc, 31 size_t value_size, 32 xfs_km_flags_t flags) 33 { 34 size_t sz; 35 struct xchk_xattr_buf *ab = sc->buf; 36 37 /* 38 * We need enough space to read an xattr value from the file or enough 39 * space to hold three copies of the xattr free space bitmap. We don't 40 * need the buffer space for both purposes at the same time. 41 */ 42 sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize); 43 sz = max_t(size_t, sz, value_size); 44 45 /* 46 * If there's already a buffer, figure out if we need to reallocate it 47 * to accommodate a larger size. 48 */ 49 if (ab) { 50 if (sz <= ab->sz) 51 return 0; 52 kmem_free(ab); 53 sc->buf = NULL; 54 } 55 56 /* 57 * Don't zero the buffer upon allocation to avoid runtime overhead. 58 * All users must be careful never to read uninitialized contents. 59 */ 60 ab = kmem_alloc_large(sizeof(*ab) + sz, flags); 61 if (!ab) 62 return -ENOMEM; 63 64 ab->sz = sz; 65 sc->buf = ab; 66 return 0; 67 } 68 69 /* Set us up to scrub an inode's extended attributes. */ 70 int 71 xchk_setup_xattr( 72 struct xfs_scrub *sc, 73 struct xfs_inode *ip) 74 { 75 int error; 76 77 /* 78 * We failed to get memory while checking attrs, so this time try to 79 * get all the memory we're ever going to need. Allocate the buffer 80 * without the inode lock held, which means we can sleep. 81 */ 82 if (sc->flags & XCHK_TRY_HARDER) { 83 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, KM_SLEEP); 84 if (error) 85 return error; 86 } 87 88 return xchk_setup_inode_contents(sc, ip, 0); 89 } 90 91 /* Extended Attributes */ 92 93 struct xchk_xattr { 94 struct xfs_attr_list_context context; 95 struct xfs_scrub *sc; 96 }; 97 98 /* 99 * Check that an extended attribute key can be looked up by hash. 100 * 101 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked) 102 * to call this function for every attribute key in an inode. Once 103 * we're here, we load the attribute value to see if any errors happen, 104 * or if we get more or less data than we expected. 105 */ 106 static void 107 xchk_xattr_listent( 108 struct xfs_attr_list_context *context, 109 int flags, 110 unsigned char *name, 111 int namelen, 112 int valuelen) 113 { 114 struct xchk_xattr *sx; 115 struct xfs_da_args args = { NULL }; 116 int error = 0; 117 118 sx = container_of(context, struct xchk_xattr, context); 119 120 if (xchk_should_terminate(sx->sc, &error)) { 121 context->seen_enough = error; 122 return; 123 } 124 125 if (flags & XFS_ATTR_INCOMPLETE) { 126 /* Incomplete attr key, just mark the inode for preening. */ 127 xchk_ino_set_preen(sx->sc, context->dp->i_ino); 128 return; 129 } 130 131 /* Does this name make sense? */ 132 if (!xfs_attr_namecheck(name, namelen)) { 133 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); 134 return; 135 } 136 137 /* 138 * Try to allocate enough memory to extrat the attr value. If that 139 * doesn't work, we overload the seen_enough variable to convey 140 * the error message back to the main scrub function. 141 */ 142 error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL); 143 if (error == -ENOMEM) 144 error = -EDEADLOCK; 145 if (error) { 146 context->seen_enough = error; 147 return; 148 } 149 150 args.flags = ATTR_KERNOTIME; 151 if (flags & XFS_ATTR_ROOT) 152 args.flags |= ATTR_ROOT; 153 else if (flags & XFS_ATTR_SECURE) 154 args.flags |= ATTR_SECURE; 155 args.geo = context->dp->i_mount->m_attr_geo; 156 args.whichfork = XFS_ATTR_FORK; 157 args.dp = context->dp; 158 args.name = name; 159 args.namelen = namelen; 160 args.hashval = xfs_da_hashname(args.name, args.namelen); 161 args.trans = context->tp; 162 args.value = xchk_xattr_valuebuf(sx->sc); 163 args.valuelen = valuelen; 164 165 error = xfs_attr_get_ilocked(context->dp, &args); 166 if (error == -EEXIST) 167 error = 0; 168 if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno, 169 &error)) 170 goto fail_xref; 171 if (args.valuelen != valuelen) 172 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, 173 args.blkno); 174 fail_xref: 175 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 176 context->seen_enough = XFS_ITER_ABORT; 177 return; 178 } 179 180 /* 181 * Mark a range [start, start+len) in this map. Returns true if the 182 * region was free, and false if there's a conflict or a problem. 183 * 184 * Within a char, the lowest bit of the char represents the byte with 185 * the smallest address 186 */ 187 STATIC bool 188 xchk_xattr_set_map( 189 struct xfs_scrub *sc, 190 unsigned long *map, 191 unsigned int start, 192 unsigned int len) 193 { 194 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 195 bool ret = true; 196 197 if (start >= mapsize) 198 return false; 199 if (start + len > mapsize) { 200 len = mapsize - start; 201 ret = false; 202 } 203 204 if (find_next_bit(map, mapsize, start) < start + len) 205 ret = false; 206 bitmap_set(map, start, len); 207 208 return ret; 209 } 210 211 /* 212 * Check the leaf freemap from the usage bitmap. Returns false if the 213 * attr freemap has problems or points to used space. 214 */ 215 STATIC bool 216 xchk_xattr_check_freemap( 217 struct xfs_scrub *sc, 218 unsigned long *map, 219 struct xfs_attr3_icleaf_hdr *leafhdr) 220 { 221 unsigned long *freemap = xchk_xattr_freemap(sc); 222 unsigned long *dstmap = xchk_xattr_dstmap(sc); 223 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 224 int i; 225 226 /* Construct bitmap of freemap contents. */ 227 bitmap_zero(freemap, mapsize); 228 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { 229 if (!xchk_xattr_set_map(sc, freemap, 230 leafhdr->freemap[i].base, 231 leafhdr->freemap[i].size)) 232 return false; 233 } 234 235 /* Look for bits that are set in freemap and are marked in use. */ 236 return bitmap_and(dstmap, freemap, map, mapsize) == 0; 237 } 238 239 /* 240 * Check this leaf entry's relations to everything else. 241 * Returns the number of bytes used for the name/value data. 242 */ 243 STATIC void 244 xchk_xattr_entry( 245 struct xchk_da_btree *ds, 246 int level, 247 char *buf_end, 248 struct xfs_attr_leafblock *leaf, 249 struct xfs_attr3_icleaf_hdr *leafhdr, 250 struct xfs_attr_leaf_entry *ent, 251 int idx, 252 unsigned int *usedbytes, 253 __u32 *last_hashval) 254 { 255 struct xfs_mount *mp = ds->state->mp; 256 unsigned long *usedmap = xchk_xattr_usedmap(ds->sc); 257 char *name_end; 258 struct xfs_attr_leaf_name_local *lentry; 259 struct xfs_attr_leaf_name_remote *rentry; 260 unsigned int nameidx; 261 unsigned int namesize; 262 263 if (ent->pad2 != 0) 264 xchk_da_set_corrupt(ds, level); 265 266 /* Hash values in order? */ 267 if (be32_to_cpu(ent->hashval) < *last_hashval) 268 xchk_da_set_corrupt(ds, level); 269 *last_hashval = be32_to_cpu(ent->hashval); 270 271 nameidx = be16_to_cpu(ent->nameidx); 272 if (nameidx < leafhdr->firstused || 273 nameidx >= mp->m_attr_geo->blksize) { 274 xchk_da_set_corrupt(ds, level); 275 return; 276 } 277 278 /* Check the name information. */ 279 if (ent->flags & XFS_ATTR_LOCAL) { 280 lentry = xfs_attr3_leaf_name_local(leaf, idx); 281 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, 282 be16_to_cpu(lentry->valuelen)); 283 name_end = (char *)lentry + namesize; 284 if (lentry->namelen == 0) 285 xchk_da_set_corrupt(ds, level); 286 } else { 287 rentry = xfs_attr3_leaf_name_remote(leaf, idx); 288 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen); 289 name_end = (char *)rentry + namesize; 290 if (rentry->namelen == 0 || rentry->valueblk == 0) 291 xchk_da_set_corrupt(ds, level); 292 } 293 if (name_end > buf_end) 294 xchk_da_set_corrupt(ds, level); 295 296 if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize)) 297 xchk_da_set_corrupt(ds, level); 298 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) 299 *usedbytes += namesize; 300 } 301 302 /* Scrub an attribute leaf. */ 303 STATIC int 304 xchk_xattr_block( 305 struct xchk_da_btree *ds, 306 int level) 307 { 308 struct xfs_attr3_icleaf_hdr leafhdr; 309 struct xfs_mount *mp = ds->state->mp; 310 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 311 struct xfs_buf *bp = blk->bp; 312 xfs_dablk_t *last_checked = ds->private; 313 struct xfs_attr_leafblock *leaf = bp->b_addr; 314 struct xfs_attr_leaf_entry *ent; 315 struct xfs_attr_leaf_entry *entries; 316 unsigned long *usedmap; 317 char *buf_end; 318 size_t off; 319 __u32 last_hashval = 0; 320 unsigned int usedbytes = 0; 321 unsigned int hdrsize; 322 int i; 323 int error; 324 325 if (*last_checked == blk->blkno) 326 return 0; 327 328 /* Allocate memory for block usage checking. */ 329 error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL); 330 if (error == -ENOMEM) 331 return -EDEADLOCK; 332 if (error) 333 return error; 334 usedmap = xchk_xattr_usedmap(ds->sc); 335 336 *last_checked = blk->blkno; 337 bitmap_zero(usedmap, mp->m_attr_geo->blksize); 338 339 /* Check all the padding. */ 340 if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) { 341 struct xfs_attr3_leafblock *leaf = bp->b_addr; 342 343 if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 || 344 leaf->hdr.info.hdr.pad != 0) 345 xchk_da_set_corrupt(ds, level); 346 } else { 347 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0) 348 xchk_da_set_corrupt(ds, level); 349 } 350 351 /* Check the leaf header */ 352 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf); 353 hdrsize = xfs_attr3_leaf_hdr_size(leaf); 354 355 if (leafhdr.usedbytes > mp->m_attr_geo->blksize) 356 xchk_da_set_corrupt(ds, level); 357 if (leafhdr.firstused > mp->m_attr_geo->blksize) 358 xchk_da_set_corrupt(ds, level); 359 if (leafhdr.firstused < hdrsize) 360 xchk_da_set_corrupt(ds, level); 361 if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize)) 362 xchk_da_set_corrupt(ds, level); 363 364 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 365 goto out; 366 367 entries = xfs_attr3_leaf_entryp(leaf); 368 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused) 369 xchk_da_set_corrupt(ds, level); 370 371 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize; 372 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) { 373 /* Mark the leaf entry itself. */ 374 off = (char *)ent - (char *)leaf; 375 if (!xchk_xattr_set_map(ds->sc, usedmap, off, 376 sizeof(xfs_attr_leaf_entry_t))) { 377 xchk_da_set_corrupt(ds, level); 378 goto out; 379 } 380 381 /* Check the entry and nameval. */ 382 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr, 383 ent, i, &usedbytes, &last_hashval); 384 385 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 386 goto out; 387 } 388 389 if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr)) 390 xchk_da_set_corrupt(ds, level); 391 392 if (leafhdr.usedbytes != usedbytes) 393 xchk_da_set_corrupt(ds, level); 394 395 out: 396 return 0; 397 } 398 399 /* Scrub a attribute btree record. */ 400 STATIC int 401 xchk_xattr_rec( 402 struct xchk_da_btree *ds, 403 int level, 404 void *rec) 405 { 406 struct xfs_mount *mp = ds->state->mp; 407 struct xfs_attr_leaf_entry *ent = rec; 408 struct xfs_da_state_blk *blk; 409 struct xfs_attr_leaf_name_local *lentry; 410 struct xfs_attr_leaf_name_remote *rentry; 411 struct xfs_buf *bp; 412 xfs_dahash_t calc_hash; 413 xfs_dahash_t hash; 414 int nameidx; 415 int hdrsize; 416 unsigned int badflags; 417 int error; 418 419 blk = &ds->state->path.blk[level]; 420 421 /* Check the whole block, if necessary. */ 422 error = xchk_xattr_block(ds, level); 423 if (error) 424 goto out; 425 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 426 goto out; 427 428 /* Check the hash of the entry. */ 429 error = xchk_da_btree_hash(ds, level, &ent->hashval); 430 if (error) 431 goto out; 432 433 /* Find the attr entry's location. */ 434 bp = blk->bp; 435 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr); 436 nameidx = be16_to_cpu(ent->nameidx); 437 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) { 438 xchk_da_set_corrupt(ds, level); 439 goto out; 440 } 441 442 /* Retrieve the entry and check it. */ 443 hash = be32_to_cpu(ent->hashval); 444 badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | 445 XFS_ATTR_INCOMPLETE); 446 if ((ent->flags & badflags) != 0) 447 xchk_da_set_corrupt(ds, level); 448 if (ent->flags & XFS_ATTR_LOCAL) { 449 lentry = (struct xfs_attr_leaf_name_local *) 450 (((char *)bp->b_addr) + nameidx); 451 if (lentry->namelen <= 0) { 452 xchk_da_set_corrupt(ds, level); 453 goto out; 454 } 455 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen); 456 } else { 457 rentry = (struct xfs_attr_leaf_name_remote *) 458 (((char *)bp->b_addr) + nameidx); 459 if (rentry->namelen <= 0) { 460 xchk_da_set_corrupt(ds, level); 461 goto out; 462 } 463 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen); 464 } 465 if (calc_hash != hash) 466 xchk_da_set_corrupt(ds, level); 467 468 out: 469 return error; 470 } 471 472 /* Scrub the extended attribute metadata. */ 473 int 474 xchk_xattr( 475 struct xfs_scrub *sc) 476 { 477 struct xchk_xattr sx; 478 struct attrlist_cursor_kern cursor = { 0 }; 479 xfs_dablk_t last_checked = -1U; 480 int error = 0; 481 482 if (!xfs_inode_hasattr(sc->ip)) 483 return -ENOENT; 484 485 memset(&sx, 0, sizeof(sx)); 486 /* Check attribute tree structure */ 487 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec, 488 &last_checked); 489 if (error) 490 goto out; 491 492 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 493 goto out; 494 495 /* Check that every attr key can also be looked up by hash. */ 496 sx.context.dp = sc->ip; 497 sx.context.cursor = &cursor; 498 sx.context.resynch = 1; 499 sx.context.put_listent = xchk_xattr_listent; 500 sx.context.tp = sc->tp; 501 sx.context.flags = ATTR_INCOMPLETE; 502 sx.sc = sc; 503 504 /* 505 * Look up every xattr in this file by name. 506 * 507 * Use the backend implementation of xfs_attr_list to call 508 * xchk_xattr_listent on every attribute key in this inode. 509 * In other words, we use the same iterator/callback mechanism 510 * that listattr uses to scrub extended attributes, though in our 511 * _listent function, we check the value of the attribute. 512 * 513 * The VFS only locks i_rwsem when modifying attrs, so keep all 514 * three locks held because that's the only way to ensure we're 515 * the only thread poking into the da btree. We traverse the da 516 * btree while holding a leaf buffer locked for the xattr name 517 * iteration, which doesn't really follow the usual buffer 518 * locking order. 519 */ 520 error = xfs_attr_list_int_ilocked(&sx.context); 521 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error)) 522 goto out; 523 524 /* Did our listent function try to return any errors? */ 525 if (sx.context.seen_enough < 0) 526 error = sx.context.seen_enough; 527 out: 528 return error; 529 } 530