1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2017-2023 Oracle. All Rights Reserved. 4 * Author: Darrick J. Wong <djwong@kernel.org> 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_mount.h" 12 #include "xfs_log_format.h" 13 #include "xfs_inode.h" 14 #include "xfs_da_format.h" 15 #include "xfs_da_btree.h" 16 #include "xfs_attr.h" 17 #include "xfs_attr_leaf.h" 18 #include "xfs_attr_sf.h" 19 #include "scrub/scrub.h" 20 #include "scrub/common.h" 21 #include "scrub/dabtree.h" 22 #include "scrub/attr.h" 23 24 /* Free the buffers linked from the xattr buffer. */ 25 static void 26 xchk_xattr_buf_cleanup( 27 void *priv) 28 { 29 struct xchk_xattr_buf *ab = priv; 30 31 kvfree(ab->freemap); 32 ab->freemap = NULL; 33 kvfree(ab->usedmap); 34 ab->usedmap = NULL; 35 kvfree(ab->value); 36 ab->value = NULL; 37 ab->value_sz = 0; 38 } 39 40 /* 41 * Allocate the free space bitmap if we're trying harder; there are leaf blocks 42 * in the attr fork; or we can't tell if there are leaf blocks. 43 */ 44 static inline bool 45 xchk_xattr_want_freemap( 46 struct xfs_scrub *sc) 47 { 48 struct xfs_ifork *ifp; 49 50 if (sc->flags & XCHK_TRY_HARDER) 51 return true; 52 53 if (!sc->ip) 54 return true; 55 56 ifp = xfs_ifork_ptr(sc->ip, XFS_ATTR_FORK); 57 if (!ifp) 58 return false; 59 60 return xfs_ifork_has_extents(ifp); 61 } 62 63 /* 64 * Allocate enough memory to hold an attr value and attr block bitmaps, 65 * reallocating the buffer if necessary. Buffer contents are not preserved 66 * across a reallocation. 67 */ 68 static int 69 xchk_setup_xattr_buf( 70 struct xfs_scrub *sc, 71 size_t value_size) 72 { 73 size_t bmp_sz; 74 struct xchk_xattr_buf *ab = sc->buf; 75 void *new_val; 76 77 bmp_sz = sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize); 78 79 if (ab) 80 goto resize_value; 81 82 ab = kvzalloc(sizeof(struct xchk_xattr_buf), XCHK_GFP_FLAGS); 83 if (!ab) 84 return -ENOMEM; 85 sc->buf = ab; 86 sc->buf_cleanup = xchk_xattr_buf_cleanup; 87 88 ab->usedmap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS); 89 if (!ab->usedmap) 90 return -ENOMEM; 91 92 if (xchk_xattr_want_freemap(sc)) { 93 ab->freemap = kvmalloc(bmp_sz, XCHK_GFP_FLAGS); 94 if (!ab->freemap) 95 return -ENOMEM; 96 } 97 98 resize_value: 99 if (ab->value_sz >= value_size) 100 return 0; 101 102 if (ab->value) { 103 kvfree(ab->value); 104 ab->value = NULL; 105 ab->value_sz = 0; 106 } 107 108 new_val = kvmalloc(value_size, XCHK_GFP_FLAGS); 109 if (!new_val) 110 return -ENOMEM; 111 112 ab->value = new_val; 113 ab->value_sz = value_size; 114 return 0; 115 } 116 117 /* Set us up to scrub an inode's extended attributes. */ 118 int 119 xchk_setup_xattr( 120 struct xfs_scrub *sc) 121 { 122 int error; 123 124 /* 125 * We failed to get memory while checking attrs, so this time try to 126 * get all the memory we're ever going to need. Allocate the buffer 127 * without the inode lock held, which means we can sleep. 128 */ 129 if (sc->flags & XCHK_TRY_HARDER) { 130 error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX); 131 if (error) 132 return error; 133 } 134 135 return xchk_setup_inode_contents(sc, 0); 136 } 137 138 /* Extended Attributes */ 139 140 struct xchk_xattr { 141 struct xfs_attr_list_context context; 142 struct xfs_scrub *sc; 143 }; 144 145 /* 146 * Check that an extended attribute key can be looked up by hash. 147 * 148 * We use the XFS attribute list iterator (i.e. xfs_attr_list_ilocked) 149 * to call this function for every attribute key in an inode. Once 150 * we're here, we load the attribute value to see if any errors happen, 151 * or if we get more or less data than we expected. 152 */ 153 static void 154 xchk_xattr_listent( 155 struct xfs_attr_list_context *context, 156 int flags, 157 unsigned char *name, 158 int namelen, 159 int valuelen) 160 { 161 struct xfs_da_args args = { 162 .op_flags = XFS_DA_OP_NOTIME, 163 .attr_filter = flags & XFS_ATTR_NSP_ONDISK_MASK, 164 .geo = context->dp->i_mount->m_attr_geo, 165 .whichfork = XFS_ATTR_FORK, 166 .dp = context->dp, 167 .name = name, 168 .namelen = namelen, 169 .hashval = xfs_da_hashname(name, namelen), 170 .trans = context->tp, 171 .valuelen = valuelen, 172 }; 173 struct xchk_xattr_buf *ab; 174 struct xchk_xattr *sx; 175 int error = 0; 176 177 sx = container_of(context, struct xchk_xattr, context); 178 ab = sx->sc->buf; 179 180 if (xchk_should_terminate(sx->sc, &error)) { 181 context->seen_enough = error; 182 return; 183 } 184 185 if (flags & ~XFS_ATTR_ONDISK_MASK) { 186 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); 187 goto fail_xref; 188 } 189 190 if (flags & XFS_ATTR_INCOMPLETE) { 191 /* Incomplete attr key, just mark the inode for preening. */ 192 xchk_ino_set_preen(sx->sc, context->dp->i_ino); 193 return; 194 } 195 196 /* Does this name make sense? */ 197 if (!xfs_attr_namecheck(flags, name, namelen)) { 198 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno); 199 goto fail_xref; 200 } 201 202 /* 203 * Try to allocate enough memory to extrat the attr value. If that 204 * doesn't work, we overload the seen_enough variable to convey 205 * the error message back to the main scrub function. 206 */ 207 error = xchk_setup_xattr_buf(sx->sc, valuelen); 208 if (error == -ENOMEM) 209 error = -EDEADLOCK; 210 if (error) { 211 context->seen_enough = error; 212 return; 213 } 214 215 args.value = ab->value; 216 217 /* 218 * Get the attr value to ensure that lookup can find this attribute 219 * through the dabtree indexing and that remote value retrieval also 220 * works correctly. 221 */ 222 error = xfs_attr_get_ilocked(&args); 223 /* ENODATA means the hash lookup failed and the attr is bad */ 224 if (error == -ENODATA) 225 error = -EFSCORRUPTED; 226 if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno, 227 &error)) 228 goto fail_xref; 229 if (args.valuelen != valuelen) 230 xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, 231 args.blkno); 232 fail_xref: 233 if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 234 context->seen_enough = 1; 235 return; 236 } 237 238 /* 239 * Mark a range [start, start+len) in this map. Returns true if the 240 * region was free, and false if there's a conflict or a problem. 241 * 242 * Within a char, the lowest bit of the char represents the byte with 243 * the smallest address 244 */ 245 STATIC bool 246 xchk_xattr_set_map( 247 struct xfs_scrub *sc, 248 unsigned long *map, 249 unsigned int start, 250 unsigned int len) 251 { 252 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 253 bool ret = true; 254 255 if (start >= mapsize) 256 return false; 257 if (start + len > mapsize) { 258 len = mapsize - start; 259 ret = false; 260 } 261 262 if (find_next_bit(map, mapsize, start) < start + len) 263 ret = false; 264 bitmap_set(map, start, len); 265 266 return ret; 267 } 268 269 /* 270 * Check the leaf freemap from the usage bitmap. Returns false if the 271 * attr freemap has problems or points to used space. 272 */ 273 STATIC bool 274 xchk_xattr_check_freemap( 275 struct xfs_scrub *sc, 276 struct xfs_attr3_icleaf_hdr *leafhdr) 277 { 278 struct xchk_xattr_buf *ab = sc->buf; 279 unsigned int mapsize = sc->mp->m_attr_geo->blksize; 280 int i; 281 282 /* Construct bitmap of freemap contents. */ 283 bitmap_zero(ab->freemap, mapsize); 284 for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { 285 if (!xchk_xattr_set_map(sc, ab->freemap, 286 leafhdr->freemap[i].base, 287 leafhdr->freemap[i].size)) 288 return false; 289 } 290 291 /* Look for bits that are set in freemap and are marked in use. */ 292 return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize); 293 } 294 295 /* 296 * Check this leaf entry's relations to everything else. 297 * Returns the number of bytes used for the name/value data. 298 */ 299 STATIC void 300 xchk_xattr_entry( 301 struct xchk_da_btree *ds, 302 int level, 303 char *buf_end, 304 struct xfs_attr_leafblock *leaf, 305 struct xfs_attr3_icleaf_hdr *leafhdr, 306 struct xfs_attr_leaf_entry *ent, 307 int idx, 308 unsigned int *usedbytes, 309 __u32 *last_hashval) 310 { 311 struct xfs_mount *mp = ds->state->mp; 312 struct xchk_xattr_buf *ab = ds->sc->buf; 313 char *name_end; 314 struct xfs_attr_leaf_name_local *lentry; 315 struct xfs_attr_leaf_name_remote *rentry; 316 unsigned int nameidx; 317 unsigned int namesize; 318 319 if (ent->pad2 != 0) 320 xchk_da_set_corrupt(ds, level); 321 322 /* Hash values in order? */ 323 if (be32_to_cpu(ent->hashval) < *last_hashval) 324 xchk_da_set_corrupt(ds, level); 325 *last_hashval = be32_to_cpu(ent->hashval); 326 327 nameidx = be16_to_cpu(ent->nameidx); 328 if (nameidx < leafhdr->firstused || 329 nameidx >= mp->m_attr_geo->blksize) { 330 xchk_da_set_corrupt(ds, level); 331 return; 332 } 333 334 /* Check the name information. */ 335 if (ent->flags & XFS_ATTR_LOCAL) { 336 lentry = xfs_attr3_leaf_name_local(leaf, idx); 337 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, 338 be16_to_cpu(lentry->valuelen)); 339 name_end = (char *)lentry + namesize; 340 if (lentry->namelen == 0) 341 xchk_da_set_corrupt(ds, level); 342 } else { 343 rentry = xfs_attr3_leaf_name_remote(leaf, idx); 344 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen); 345 name_end = (char *)rentry + namesize; 346 if (rentry->namelen == 0 || rentry->valueblk == 0) 347 xchk_da_set_corrupt(ds, level); 348 } 349 if (name_end > buf_end) 350 xchk_da_set_corrupt(ds, level); 351 352 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, nameidx, namesize)) 353 xchk_da_set_corrupt(ds, level); 354 if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) 355 *usedbytes += namesize; 356 } 357 358 /* Scrub an attribute leaf. */ 359 STATIC int 360 xchk_xattr_block( 361 struct xchk_da_btree *ds, 362 int level) 363 { 364 struct xfs_attr3_icleaf_hdr leafhdr; 365 struct xfs_mount *mp = ds->state->mp; 366 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 367 struct xfs_buf *bp = blk->bp; 368 xfs_dablk_t *last_checked = ds->private; 369 struct xfs_attr_leafblock *leaf = bp->b_addr; 370 struct xfs_attr_leaf_entry *ent; 371 struct xfs_attr_leaf_entry *entries; 372 struct xchk_xattr_buf *ab = ds->sc->buf; 373 char *buf_end; 374 size_t off; 375 __u32 last_hashval = 0; 376 unsigned int usedbytes = 0; 377 unsigned int hdrsize; 378 int i; 379 380 if (*last_checked == blk->blkno) 381 return 0; 382 383 *last_checked = blk->blkno; 384 bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize); 385 386 /* Check all the padding. */ 387 if (xfs_has_crc(ds->sc->mp)) { 388 struct xfs_attr3_leafblock *leaf3 = bp->b_addr; 389 390 if (leaf3->hdr.pad1 != 0 || leaf3->hdr.pad2 != 0 || 391 leaf3->hdr.info.hdr.pad != 0) 392 xchk_da_set_corrupt(ds, level); 393 } else { 394 if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0) 395 xchk_da_set_corrupt(ds, level); 396 } 397 398 /* Check the leaf header */ 399 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf); 400 hdrsize = xfs_attr3_leaf_hdr_size(leaf); 401 402 if (leafhdr.usedbytes > mp->m_attr_geo->blksize) 403 xchk_da_set_corrupt(ds, level); 404 if (leafhdr.firstused > mp->m_attr_geo->blksize) 405 xchk_da_set_corrupt(ds, level); 406 if (leafhdr.firstused < hdrsize) 407 xchk_da_set_corrupt(ds, level); 408 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, 0, hdrsize)) 409 xchk_da_set_corrupt(ds, level); 410 411 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 412 goto out; 413 414 entries = xfs_attr3_leaf_entryp(leaf); 415 if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused) 416 xchk_da_set_corrupt(ds, level); 417 418 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize; 419 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) { 420 /* Mark the leaf entry itself. */ 421 off = (char *)ent - (char *)leaf; 422 if (!xchk_xattr_set_map(ds->sc, ab->usedmap, off, 423 sizeof(xfs_attr_leaf_entry_t))) { 424 xchk_da_set_corrupt(ds, level); 425 goto out; 426 } 427 428 /* Check the entry and nameval. */ 429 xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr, 430 ent, i, &usedbytes, &last_hashval); 431 432 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 433 goto out; 434 } 435 436 if (!xchk_xattr_check_freemap(ds->sc, &leafhdr)) 437 xchk_da_set_corrupt(ds, level); 438 439 if (leafhdr.usedbytes != usedbytes) 440 xchk_da_set_corrupt(ds, level); 441 442 out: 443 return 0; 444 } 445 446 /* Scrub a attribute btree record. */ 447 STATIC int 448 xchk_xattr_rec( 449 struct xchk_da_btree *ds, 450 int level) 451 { 452 struct xfs_mount *mp = ds->state->mp; 453 struct xfs_da_state_blk *blk = &ds->state->path.blk[level]; 454 struct xfs_attr_leaf_name_local *lentry; 455 struct xfs_attr_leaf_name_remote *rentry; 456 struct xfs_buf *bp; 457 struct xfs_attr_leaf_entry *ent; 458 xfs_dahash_t calc_hash; 459 xfs_dahash_t hash; 460 int nameidx; 461 int hdrsize; 462 int error; 463 464 ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); 465 466 ent = xfs_attr3_leaf_entryp(blk->bp->b_addr) + blk->index; 467 468 /* Check the whole block, if necessary. */ 469 error = xchk_xattr_block(ds, level); 470 if (error) 471 goto out; 472 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 473 goto out; 474 475 /* Check the hash of the entry. */ 476 error = xchk_da_btree_hash(ds, level, &ent->hashval); 477 if (error) 478 goto out; 479 480 /* Find the attr entry's location. */ 481 bp = blk->bp; 482 hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr); 483 nameidx = be16_to_cpu(ent->nameidx); 484 if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) { 485 xchk_da_set_corrupt(ds, level); 486 goto out; 487 } 488 489 /* Retrieve the entry and check it. */ 490 hash = be32_to_cpu(ent->hashval); 491 if (ent->flags & ~XFS_ATTR_ONDISK_MASK) { 492 xchk_da_set_corrupt(ds, level); 493 return 0; 494 } 495 if (!xfs_attr_check_namespace(ent->flags)) { 496 xchk_da_set_corrupt(ds, level); 497 return 0; 498 } 499 500 if (ent->flags & XFS_ATTR_LOCAL) { 501 lentry = (struct xfs_attr_leaf_name_local *) 502 (((char *)bp->b_addr) + nameidx); 503 if (lentry->namelen <= 0) { 504 xchk_da_set_corrupt(ds, level); 505 goto out; 506 } 507 calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen); 508 } else { 509 rentry = (struct xfs_attr_leaf_name_remote *) 510 (((char *)bp->b_addr) + nameidx); 511 if (rentry->namelen <= 0) { 512 xchk_da_set_corrupt(ds, level); 513 goto out; 514 } 515 calc_hash = xfs_da_hashname(rentry->name, rentry->namelen); 516 } 517 if (calc_hash != hash) 518 xchk_da_set_corrupt(ds, level); 519 520 out: 521 return error; 522 } 523 524 /* Check space usage of shortform attrs. */ 525 STATIC int 526 xchk_xattr_check_sf( 527 struct xfs_scrub *sc) 528 { 529 struct xchk_xattr_buf *ab = sc->buf; 530 struct xfs_attr_shortform *sf; 531 struct xfs_attr_sf_entry *sfe; 532 struct xfs_attr_sf_entry *next; 533 struct xfs_ifork *ifp; 534 unsigned char *end; 535 int i; 536 int error = 0; 537 538 ifp = xfs_ifork_ptr(sc->ip, XFS_ATTR_FORK); 539 540 bitmap_zero(ab->usedmap, ifp->if_bytes); 541 sf = (struct xfs_attr_shortform *)sc->ip->i_af.if_u1.if_data; 542 end = (unsigned char *)ifp->if_u1.if_data + ifp->if_bytes; 543 xchk_xattr_set_map(sc, ab->usedmap, 0, sizeof(sf->hdr)); 544 545 sfe = &sf->list[0]; 546 if ((unsigned char *)sfe > end) { 547 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 548 return 0; 549 } 550 551 for (i = 0; i < sf->hdr.count; i++) { 552 unsigned char *name = sfe->nameval; 553 unsigned char *value = &sfe->nameval[sfe->namelen]; 554 555 if (xchk_should_terminate(sc, &error)) 556 return error; 557 558 next = xfs_attr_sf_nextentry(sfe); 559 if ((unsigned char *)next > end) { 560 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 561 break; 562 } 563 564 /* 565 * Shortform entries do not set LOCAL or INCOMPLETE, so the 566 * only valid flag bits here are for namespaces. 567 */ 568 if (sfe->flags & ~XFS_ATTR_NSP_ONDISK_MASK) { 569 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 570 break; 571 } 572 573 if (!xchk_xattr_set_map(sc, ab->usedmap, 574 (char *)sfe - (char *)sf, 575 sizeof(struct xfs_attr_sf_entry))) { 576 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 577 break; 578 } 579 580 if (!xchk_xattr_set_map(sc, ab->usedmap, 581 (char *)name - (char *)sf, 582 sfe->namelen)) { 583 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 584 break; 585 } 586 587 if (!xchk_xattr_set_map(sc, ab->usedmap, 588 (char *)value - (char *)sf, 589 sfe->valuelen)) { 590 xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); 591 break; 592 } 593 594 sfe = next; 595 } 596 597 return 0; 598 } 599 600 /* Scrub the extended attribute metadata. */ 601 int 602 xchk_xattr( 603 struct xfs_scrub *sc) 604 { 605 struct xchk_xattr sx = { 606 .sc = sc, 607 .context = { 608 .dp = sc->ip, 609 .tp = sc->tp, 610 .resynch = 1, 611 .put_listent = xchk_xattr_listent, 612 .allow_incomplete = true, 613 }, 614 }; 615 xfs_dablk_t last_checked = -1U; 616 int error = 0; 617 618 if (!xfs_inode_hasattr(sc->ip)) 619 return -ENOENT; 620 621 /* Allocate memory for xattr checking. */ 622 error = xchk_setup_xattr_buf(sc, 0); 623 if (error == -ENOMEM) 624 return -EDEADLOCK; 625 if (error) 626 return error; 627 628 /* Check the physical structure of the xattr. */ 629 if (sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL) 630 error = xchk_xattr_check_sf(sc); 631 else 632 error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec, 633 &last_checked); 634 if (error) 635 return error; 636 637 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 638 return 0; 639 640 /* 641 * Look up every xattr in this file by name and hash. 642 * 643 * Use the backend implementation of xfs_attr_list to call 644 * xchk_xattr_listent on every attribute key in this inode. 645 * In other words, we use the same iterator/callback mechanism 646 * that listattr uses to scrub extended attributes, though in our 647 * _listent function, we check the value of the attribute. 648 * 649 * The VFS only locks i_rwsem when modifying attrs, so keep all 650 * three locks held because that's the only way to ensure we're 651 * the only thread poking into the da btree. We traverse the da 652 * btree while holding a leaf buffer locked for the xattr name 653 * iteration, which doesn't really follow the usual buffer 654 * locking order. 655 */ 656 error = xfs_attr_list_ilocked(&sx.context); 657 if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error)) 658 return error; 659 660 /* Did our listent function try to return any errors? */ 661 if (sx.context.seen_enough < 0) 662 return sx.context.seen_enough; 663 664 return 0; 665 } 666