1 /* 2 * Copyright (C) 2017 Oracle. All Rights Reserved. 3 * 4 * Author: Darrick J. Wong <darrick.wong@oracle.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * 11 * This program is distributed in the hope that it would be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 #include "xfs.h" 21 #include "xfs_fs.h" 22 #include "xfs_shared.h" 23 #include "xfs_format.h" 24 #include "xfs_trans_resv.h" 25 #include "xfs_mount.h" 26 #include "xfs_defer.h" 27 #include "xfs_btree.h" 28 #include "xfs_bit.h" 29 #include "xfs_log_format.h" 30 #include "xfs_trans.h" 31 #include "xfs_sb.h" 32 #include "xfs_inode.h" 33 #include "xfs_icache.h" 34 #include "xfs_inode_buf.h" 35 #include "xfs_inode_fork.h" 36 #include "xfs_ialloc.h" 37 #include "xfs_da_format.h" 38 #include "xfs_reflink.h" 39 #include "xfs_rmap.h" 40 #include "xfs_bmap.h" 41 #include "xfs_bmap_util.h" 42 #include "scrub/xfs_scrub.h" 43 #include "scrub/scrub.h" 44 #include "scrub/common.h" 45 #include "scrub/btree.h" 46 #include "scrub/trace.h" 47 48 /* 49 * Grab total control of the inode metadata. It doesn't matter here if 50 * the file data is still changing; exclusive access to the metadata is 51 * the goal. 52 */ 53 int 54 xfs_scrub_setup_inode( 55 struct xfs_scrub_context *sc, 56 struct xfs_inode *ip) 57 { 58 struct xfs_mount *mp = sc->mp; 59 int error; 60 61 /* 62 * Try to get the inode. If the verifiers fail, we try again 63 * in raw mode. 64 */ 65 error = xfs_scrub_get_inode(sc, ip); 66 switch (error) { 67 case 0: 68 break; 69 case -EFSCORRUPTED: 70 case -EFSBADCRC: 71 return xfs_scrub_trans_alloc(sc->sm, mp, &sc->tp); 72 default: 73 return error; 74 } 75 76 /* Got the inode, lock it and we're ready to go. */ 77 sc->ilock_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 78 xfs_ilock(sc->ip, sc->ilock_flags); 79 error = xfs_scrub_trans_alloc(sc->sm, mp, &sc->tp); 80 if (error) 81 goto out; 82 sc->ilock_flags |= XFS_ILOCK_EXCL; 83 xfs_ilock(sc->ip, XFS_ILOCK_EXCL); 84 85 out: 86 /* scrub teardown will unlock and release the inode for us */ 87 return error; 88 } 89 90 /* Inode core */ 91 92 /* 93 * Validate di_extsize hint. 94 * 95 * The rules are documented at xfs_ioctl_setattr_check_extsize(). 96 * These functions must be kept in sync with each other. 97 */ 98 STATIC void 99 xfs_scrub_inode_extsize( 100 struct xfs_scrub_context *sc, 101 struct xfs_buf *bp, 102 struct xfs_dinode *dip, 103 xfs_ino_t ino, 104 uint16_t mode, 105 uint16_t flags) 106 { 107 struct xfs_mount *mp = sc->mp; 108 bool rt_flag; 109 bool hint_flag; 110 bool inherit_flag; 111 uint32_t extsize; 112 uint32_t extsize_bytes; 113 uint32_t blocksize_bytes; 114 115 rt_flag = (flags & XFS_DIFLAG_REALTIME); 116 hint_flag = (flags & XFS_DIFLAG_EXTSIZE); 117 inherit_flag = (flags & XFS_DIFLAG_EXTSZINHERIT); 118 extsize = be32_to_cpu(dip->di_extsize); 119 extsize_bytes = XFS_FSB_TO_B(sc->mp, extsize); 120 121 if (rt_flag) 122 blocksize_bytes = mp->m_sb.sb_rextsize << mp->m_sb.sb_blocklog; 123 else 124 blocksize_bytes = mp->m_sb.sb_blocksize; 125 126 if ((hint_flag || inherit_flag) && !(S_ISDIR(mode) || S_ISREG(mode))) 127 goto bad; 128 129 if (hint_flag && !S_ISREG(mode)) 130 goto bad; 131 132 if (inherit_flag && !S_ISDIR(mode)) 133 goto bad; 134 135 if ((hint_flag || inherit_flag) && extsize == 0) 136 goto bad; 137 138 if (!(hint_flag || inherit_flag) && extsize != 0) 139 goto bad; 140 141 if (extsize_bytes % blocksize_bytes) 142 goto bad; 143 144 if (extsize > MAXEXTLEN) 145 goto bad; 146 147 if (!rt_flag && extsize > mp->m_sb.sb_agblocks / 2) 148 goto bad; 149 150 return; 151 bad: 152 xfs_scrub_ino_set_corrupt(sc, ino, bp); 153 } 154 155 /* 156 * Validate di_cowextsize hint. 157 * 158 * The rules are documented at xfs_ioctl_setattr_check_cowextsize(). 159 * These functions must be kept in sync with each other. 160 */ 161 STATIC void 162 xfs_scrub_inode_cowextsize( 163 struct xfs_scrub_context *sc, 164 struct xfs_buf *bp, 165 struct xfs_dinode *dip, 166 xfs_ino_t ino, 167 uint16_t mode, 168 uint16_t flags, 169 uint64_t flags2) 170 { 171 struct xfs_mount *mp = sc->mp; 172 bool rt_flag; 173 bool hint_flag; 174 uint32_t extsize; 175 uint32_t extsize_bytes; 176 177 rt_flag = (flags & XFS_DIFLAG_REALTIME); 178 hint_flag = (flags2 & XFS_DIFLAG2_COWEXTSIZE); 179 extsize = be32_to_cpu(dip->di_cowextsize); 180 extsize_bytes = XFS_FSB_TO_B(sc->mp, extsize); 181 182 if (hint_flag && !xfs_sb_version_hasreflink(&mp->m_sb)) 183 goto bad; 184 185 if (hint_flag && !(S_ISDIR(mode) || S_ISREG(mode))) 186 goto bad; 187 188 if (hint_flag && extsize == 0) 189 goto bad; 190 191 if (!hint_flag && extsize != 0) 192 goto bad; 193 194 if (hint_flag && rt_flag) 195 goto bad; 196 197 if (extsize_bytes % mp->m_sb.sb_blocksize) 198 goto bad; 199 200 if (extsize > MAXEXTLEN) 201 goto bad; 202 203 if (extsize > mp->m_sb.sb_agblocks / 2) 204 goto bad; 205 206 return; 207 bad: 208 xfs_scrub_ino_set_corrupt(sc, ino, bp); 209 } 210 211 /* Make sure the di_flags make sense for the inode. */ 212 STATIC void 213 xfs_scrub_inode_flags( 214 struct xfs_scrub_context *sc, 215 struct xfs_buf *bp, 216 struct xfs_dinode *dip, 217 xfs_ino_t ino, 218 uint16_t mode, 219 uint16_t flags) 220 { 221 struct xfs_mount *mp = sc->mp; 222 223 if (flags & ~XFS_DIFLAG_ANY) 224 goto bad; 225 226 /* rt flags require rt device */ 227 if ((flags & (XFS_DIFLAG_REALTIME | XFS_DIFLAG_RTINHERIT)) && 228 !mp->m_rtdev_targp) 229 goto bad; 230 231 /* new rt bitmap flag only valid for rbmino */ 232 if ((flags & XFS_DIFLAG_NEWRTBM) && ino != mp->m_sb.sb_rbmino) 233 goto bad; 234 235 /* directory-only flags */ 236 if ((flags & (XFS_DIFLAG_RTINHERIT | 237 XFS_DIFLAG_EXTSZINHERIT | 238 XFS_DIFLAG_PROJINHERIT | 239 XFS_DIFLAG_NOSYMLINKS)) && 240 !S_ISDIR(mode)) 241 goto bad; 242 243 /* file-only flags */ 244 if ((flags & (XFS_DIFLAG_REALTIME | FS_XFLAG_EXTSIZE)) && 245 !S_ISREG(mode)) 246 goto bad; 247 248 /* filestreams and rt make no sense */ 249 if ((flags & XFS_DIFLAG_FILESTREAM) && (flags & XFS_DIFLAG_REALTIME)) 250 goto bad; 251 252 return; 253 bad: 254 xfs_scrub_ino_set_corrupt(sc, ino, bp); 255 } 256 257 /* Make sure the di_flags2 make sense for the inode. */ 258 STATIC void 259 xfs_scrub_inode_flags2( 260 struct xfs_scrub_context *sc, 261 struct xfs_buf *bp, 262 struct xfs_dinode *dip, 263 xfs_ino_t ino, 264 uint16_t mode, 265 uint16_t flags, 266 uint64_t flags2) 267 { 268 struct xfs_mount *mp = sc->mp; 269 270 if (flags2 & ~XFS_DIFLAG2_ANY) 271 goto bad; 272 273 /* reflink flag requires reflink feature */ 274 if ((flags2 & XFS_DIFLAG2_REFLINK) && 275 !xfs_sb_version_hasreflink(&mp->m_sb)) 276 goto bad; 277 278 /* cowextsize flag is checked w.r.t. mode separately */ 279 280 /* file/dir-only flags */ 281 if ((flags2 & XFS_DIFLAG2_DAX) && !(S_ISREG(mode) || S_ISDIR(mode))) 282 goto bad; 283 284 /* file-only flags */ 285 if ((flags2 & XFS_DIFLAG2_REFLINK) && !S_ISREG(mode)) 286 goto bad; 287 288 /* realtime and reflink make no sense, currently */ 289 if ((flags & XFS_DIFLAG_REALTIME) && (flags2 & XFS_DIFLAG2_REFLINK)) 290 goto bad; 291 292 /* dax and reflink make no sense, currently */ 293 if ((flags2 & XFS_DIFLAG2_DAX) && (flags2 & XFS_DIFLAG2_REFLINK)) 294 goto bad; 295 296 return; 297 bad: 298 xfs_scrub_ino_set_corrupt(sc, ino, bp); 299 } 300 301 /* Scrub all the ondisk inode fields. */ 302 STATIC void 303 xfs_scrub_dinode( 304 struct xfs_scrub_context *sc, 305 struct xfs_buf *bp, 306 struct xfs_dinode *dip, 307 xfs_ino_t ino) 308 { 309 struct xfs_mount *mp = sc->mp; 310 size_t fork_recs; 311 unsigned long long isize; 312 uint64_t flags2; 313 uint32_t nextents; 314 uint16_t flags; 315 uint16_t mode; 316 317 flags = be16_to_cpu(dip->di_flags); 318 if (dip->di_version >= 3) 319 flags2 = be64_to_cpu(dip->di_flags2); 320 else 321 flags2 = 0; 322 323 /* di_mode */ 324 mode = be16_to_cpu(dip->di_mode); 325 switch (mode & S_IFMT) { 326 case S_IFLNK: 327 case S_IFREG: 328 case S_IFDIR: 329 case S_IFCHR: 330 case S_IFBLK: 331 case S_IFIFO: 332 case S_IFSOCK: 333 /* mode is recognized */ 334 break; 335 default: 336 xfs_scrub_ino_set_corrupt(sc, ino, bp); 337 break; 338 } 339 340 /* v1/v2 fields */ 341 switch (dip->di_version) { 342 case 1: 343 /* 344 * We autoconvert v1 inodes into v2 inodes on writeout, 345 * so just mark this inode for preening. 346 */ 347 xfs_scrub_ino_set_preen(sc, ino, bp); 348 break; 349 case 2: 350 case 3: 351 if (dip->di_onlink != 0) 352 xfs_scrub_ino_set_corrupt(sc, ino, bp); 353 354 if (dip->di_mode == 0 && sc->ip) 355 xfs_scrub_ino_set_corrupt(sc, ino, bp); 356 357 if (dip->di_projid_hi != 0 && 358 !xfs_sb_version_hasprojid32bit(&mp->m_sb)) 359 xfs_scrub_ino_set_corrupt(sc, ino, bp); 360 break; 361 default: 362 xfs_scrub_ino_set_corrupt(sc, ino, bp); 363 return; 364 } 365 366 /* 367 * di_uid/di_gid -- -1 isn't invalid, but there's no way that 368 * userspace could have created that. 369 */ 370 if (dip->di_uid == cpu_to_be32(-1U) || 371 dip->di_gid == cpu_to_be32(-1U)) 372 xfs_scrub_ino_set_warning(sc, ino, bp); 373 374 /* di_format */ 375 switch (dip->di_format) { 376 case XFS_DINODE_FMT_DEV: 377 if (!S_ISCHR(mode) && !S_ISBLK(mode) && 378 !S_ISFIFO(mode) && !S_ISSOCK(mode)) 379 xfs_scrub_ino_set_corrupt(sc, ino, bp); 380 break; 381 case XFS_DINODE_FMT_LOCAL: 382 if (!S_ISDIR(mode) && !S_ISLNK(mode)) 383 xfs_scrub_ino_set_corrupt(sc, ino, bp); 384 break; 385 case XFS_DINODE_FMT_EXTENTS: 386 if (!S_ISREG(mode) && !S_ISDIR(mode) && !S_ISLNK(mode)) 387 xfs_scrub_ino_set_corrupt(sc, ino, bp); 388 break; 389 case XFS_DINODE_FMT_BTREE: 390 if (!S_ISREG(mode) && !S_ISDIR(mode)) 391 xfs_scrub_ino_set_corrupt(sc, ino, bp); 392 break; 393 case XFS_DINODE_FMT_UUID: 394 default: 395 xfs_scrub_ino_set_corrupt(sc, ino, bp); 396 break; 397 } 398 399 /* di_[amc]time.nsec */ 400 if (be32_to_cpu(dip->di_atime.t_nsec) >= NSEC_PER_SEC) 401 xfs_scrub_ino_set_corrupt(sc, ino, bp); 402 if (be32_to_cpu(dip->di_mtime.t_nsec) >= NSEC_PER_SEC) 403 xfs_scrub_ino_set_corrupt(sc, ino, bp); 404 if (be32_to_cpu(dip->di_ctime.t_nsec) >= NSEC_PER_SEC) 405 xfs_scrub_ino_set_corrupt(sc, ino, bp); 406 407 /* 408 * di_size. xfs_dinode_verify checks for things that screw up 409 * the VFS such as the upper bit being set and zero-length 410 * symlinks/directories, but we can do more here. 411 */ 412 isize = be64_to_cpu(dip->di_size); 413 if (isize & (1ULL << 63)) 414 xfs_scrub_ino_set_corrupt(sc, ino, bp); 415 416 /* Devices, fifos, and sockets must have zero size */ 417 if (!S_ISDIR(mode) && !S_ISREG(mode) && !S_ISLNK(mode) && isize != 0) 418 xfs_scrub_ino_set_corrupt(sc, ino, bp); 419 420 /* Directories can't be larger than the data section size (32G) */ 421 if (S_ISDIR(mode) && (isize == 0 || isize >= XFS_DIR2_SPACE_SIZE)) 422 xfs_scrub_ino_set_corrupt(sc, ino, bp); 423 424 /* Symlinks can't be larger than SYMLINK_MAXLEN */ 425 if (S_ISLNK(mode) && (isize == 0 || isize >= XFS_SYMLINK_MAXLEN)) 426 xfs_scrub_ino_set_corrupt(sc, ino, bp); 427 428 /* 429 * Warn if the running kernel can't handle the kinds of offsets 430 * needed to deal with the file size. In other words, if the 431 * pagecache can't cache all the blocks in this file due to 432 * overly large offsets, flag the inode for admin review. 433 */ 434 if (isize >= mp->m_super->s_maxbytes) 435 xfs_scrub_ino_set_warning(sc, ino, bp); 436 437 /* di_nblocks */ 438 if (flags2 & XFS_DIFLAG2_REFLINK) { 439 ; /* nblocks can exceed dblocks */ 440 } else if (flags & XFS_DIFLAG_REALTIME) { 441 /* 442 * nblocks is the sum of data extents (in the rtdev), 443 * attr extents (in the datadev), and both forks' bmbt 444 * blocks (in the datadev). This clumsy check is the 445 * best we can do without cross-referencing with the 446 * inode forks. 447 */ 448 if (be64_to_cpu(dip->di_nblocks) >= 449 mp->m_sb.sb_dblocks + mp->m_sb.sb_rblocks) 450 xfs_scrub_ino_set_corrupt(sc, ino, bp); 451 } else { 452 if (be64_to_cpu(dip->di_nblocks) >= mp->m_sb.sb_dblocks) 453 xfs_scrub_ino_set_corrupt(sc, ino, bp); 454 } 455 456 xfs_scrub_inode_flags(sc, bp, dip, ino, mode, flags); 457 458 xfs_scrub_inode_extsize(sc, bp, dip, ino, mode, flags); 459 460 /* di_nextents */ 461 nextents = be32_to_cpu(dip->di_nextents); 462 fork_recs = XFS_DFORK_DSIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); 463 switch (dip->di_format) { 464 case XFS_DINODE_FMT_EXTENTS: 465 if (nextents > fork_recs) 466 xfs_scrub_ino_set_corrupt(sc, ino, bp); 467 break; 468 case XFS_DINODE_FMT_BTREE: 469 if (nextents <= fork_recs) 470 xfs_scrub_ino_set_corrupt(sc, ino, bp); 471 break; 472 default: 473 if (nextents != 0) 474 xfs_scrub_ino_set_corrupt(sc, ino, bp); 475 break; 476 } 477 478 /* di_forkoff */ 479 if (XFS_DFORK_APTR(dip) >= (char *)dip + mp->m_sb.sb_inodesize) 480 xfs_scrub_ino_set_corrupt(sc, ino, bp); 481 if (dip->di_anextents != 0 && dip->di_forkoff == 0) 482 xfs_scrub_ino_set_corrupt(sc, ino, bp); 483 if (dip->di_forkoff == 0 && dip->di_aformat != XFS_DINODE_FMT_EXTENTS) 484 xfs_scrub_ino_set_corrupt(sc, ino, bp); 485 486 /* di_aformat */ 487 if (dip->di_aformat != XFS_DINODE_FMT_LOCAL && 488 dip->di_aformat != XFS_DINODE_FMT_EXTENTS && 489 dip->di_aformat != XFS_DINODE_FMT_BTREE) 490 xfs_scrub_ino_set_corrupt(sc, ino, bp); 491 492 /* di_anextents */ 493 nextents = be16_to_cpu(dip->di_anextents); 494 fork_recs = XFS_DFORK_ASIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); 495 switch (dip->di_aformat) { 496 case XFS_DINODE_FMT_EXTENTS: 497 if (nextents > fork_recs) 498 xfs_scrub_ino_set_corrupt(sc, ino, bp); 499 break; 500 case XFS_DINODE_FMT_BTREE: 501 if (nextents <= fork_recs) 502 xfs_scrub_ino_set_corrupt(sc, ino, bp); 503 break; 504 default: 505 if (nextents != 0) 506 xfs_scrub_ino_set_corrupt(sc, ino, bp); 507 } 508 509 if (dip->di_version >= 3) { 510 if (be32_to_cpu(dip->di_crtime.t_nsec) >= NSEC_PER_SEC) 511 xfs_scrub_ino_set_corrupt(sc, ino, bp); 512 xfs_scrub_inode_flags2(sc, bp, dip, ino, mode, flags, flags2); 513 xfs_scrub_inode_cowextsize(sc, bp, dip, ino, mode, flags, 514 flags2); 515 } 516 } 517 518 /* Map and read a raw inode. */ 519 STATIC int 520 xfs_scrub_inode_map_raw( 521 struct xfs_scrub_context *sc, 522 xfs_ino_t ino, 523 struct xfs_buf **bpp, 524 struct xfs_dinode **dipp) 525 { 526 struct xfs_imap imap; 527 struct xfs_mount *mp = sc->mp; 528 struct xfs_buf *bp = NULL; 529 struct xfs_dinode *dip; 530 int error; 531 532 error = xfs_imap(mp, sc->tp, ino, &imap, XFS_IGET_UNTRUSTED); 533 if (error == -EINVAL) { 534 /* 535 * Inode could have gotten deleted out from under us; 536 * just forget about it. 537 */ 538 error = -ENOENT; 539 goto out; 540 } 541 if (!xfs_scrub_process_error(sc, XFS_INO_TO_AGNO(mp, ino), 542 XFS_INO_TO_AGBNO(mp, ino), &error)) 543 goto out; 544 545 error = xfs_trans_read_buf(mp, sc->tp, mp->m_ddev_targp, 546 imap.im_blkno, imap.im_len, XBF_UNMAPPED, &bp, 547 NULL); 548 if (!xfs_scrub_process_error(sc, XFS_INO_TO_AGNO(mp, ino), 549 XFS_INO_TO_AGBNO(mp, ino), &error)) 550 goto out; 551 552 /* 553 * Is this really an inode? We disabled verifiers in the above 554 * xfs_trans_read_buf call because the inode buffer verifier 555 * fails on /any/ inode record in the inode cluster with a bad 556 * magic or version number, not just the one that we're 557 * checking. Therefore, grab the buffer unconditionally, attach 558 * the inode verifiers by hand, and run the inode verifier only 559 * on the one inode we want. 560 */ 561 bp->b_ops = &xfs_inode_buf_ops; 562 dip = xfs_buf_offset(bp, imap.im_boffset); 563 if (xfs_dinode_verify(mp, ino, dip) != NULL || 564 !xfs_dinode_good_version(mp, dip->di_version)) { 565 xfs_scrub_ino_set_corrupt(sc, ino, bp); 566 goto out_buf; 567 } 568 569 /* ...and is it the one we asked for? */ 570 if (be32_to_cpu(dip->di_gen) != sc->sm->sm_gen) { 571 error = -ENOENT; 572 goto out_buf; 573 } 574 575 *dipp = dip; 576 *bpp = bp; 577 out: 578 return error; 579 out_buf: 580 xfs_trans_brelse(sc->tp, bp); 581 return error; 582 } 583 584 /* 585 * Make sure the finobt doesn't think this inode is free. 586 * We don't have to check the inobt ourselves because we got the inode via 587 * IGET_UNTRUSTED, which checks the inobt for us. 588 */ 589 static void 590 xfs_scrub_inode_xref_finobt( 591 struct xfs_scrub_context *sc, 592 xfs_ino_t ino) 593 { 594 struct xfs_inobt_rec_incore rec; 595 xfs_agino_t agino; 596 int has_record; 597 int error; 598 599 if (!sc->sa.fino_cur) 600 return; 601 602 agino = XFS_INO_TO_AGINO(sc->mp, ino); 603 604 /* 605 * Try to get the finobt record. If we can't get it, then we're 606 * in good shape. 607 */ 608 error = xfs_inobt_lookup(sc->sa.fino_cur, agino, XFS_LOOKUP_LE, 609 &has_record); 610 if (!xfs_scrub_should_check_xref(sc, &error, &sc->sa.fino_cur) || 611 !has_record) 612 return; 613 614 error = xfs_inobt_get_rec(sc->sa.fino_cur, &rec, &has_record); 615 if (!xfs_scrub_should_check_xref(sc, &error, &sc->sa.fino_cur) || 616 !has_record) 617 return; 618 619 /* 620 * Otherwise, make sure this record either doesn't cover this inode, 621 * or that it does but it's marked present. 622 */ 623 if (rec.ir_startino > agino || 624 rec.ir_startino + XFS_INODES_PER_CHUNK <= agino) 625 return; 626 627 if (rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino)) 628 xfs_scrub_btree_xref_set_corrupt(sc, sc->sa.fino_cur, 0); 629 } 630 631 /* Cross reference the inode fields with the forks. */ 632 STATIC void 633 xfs_scrub_inode_xref_bmap( 634 struct xfs_scrub_context *sc, 635 struct xfs_dinode *dip) 636 { 637 xfs_extnum_t nextents; 638 xfs_filblks_t count; 639 xfs_filblks_t acount; 640 int error; 641 642 /* Walk all the extents to check nextents/naextents/nblocks. */ 643 error = xfs_bmap_count_blocks(sc->tp, sc->ip, XFS_DATA_FORK, 644 &nextents, &count); 645 if (!xfs_scrub_should_check_xref(sc, &error, NULL)) 646 return; 647 if (nextents < be32_to_cpu(dip->di_nextents)) 648 xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); 649 650 error = xfs_bmap_count_blocks(sc->tp, sc->ip, XFS_ATTR_FORK, 651 &nextents, &acount); 652 if (!xfs_scrub_should_check_xref(sc, &error, NULL)) 653 return; 654 if (nextents != be16_to_cpu(dip->di_anextents)) 655 xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); 656 657 /* Check nblocks against the inode. */ 658 if (count + acount != be64_to_cpu(dip->di_nblocks)) 659 xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); 660 } 661 662 /* Cross-reference with the other btrees. */ 663 STATIC void 664 xfs_scrub_inode_xref( 665 struct xfs_scrub_context *sc, 666 xfs_ino_t ino, 667 struct xfs_dinode *dip) 668 { 669 struct xfs_owner_info oinfo; 670 xfs_agnumber_t agno; 671 xfs_agblock_t agbno; 672 int error; 673 674 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 675 return; 676 677 agno = XFS_INO_TO_AGNO(sc->mp, ino); 678 agbno = XFS_INO_TO_AGBNO(sc->mp, ino); 679 680 error = xfs_scrub_ag_init(sc, agno, &sc->sa); 681 if (!xfs_scrub_xref_process_error(sc, agno, agbno, &error)) 682 return; 683 684 xfs_scrub_xref_is_used_space(sc, agbno, 1); 685 xfs_scrub_inode_xref_finobt(sc, ino); 686 xfs_rmap_ag_owner(&oinfo, XFS_RMAP_OWN_INODES); 687 xfs_scrub_xref_is_owned_by(sc, agbno, 1, &oinfo); 688 xfs_scrub_xref_is_not_shared(sc, agbno, 1); 689 xfs_scrub_inode_xref_bmap(sc, dip); 690 691 xfs_scrub_ag_free(sc, &sc->sa); 692 } 693 694 /* 695 * If the reflink iflag disagrees with a scan for shared data fork extents, 696 * either flag an error (shared extents w/ no flag) or a preen (flag set w/o 697 * any shared extents). We already checked for reflink iflag set on a non 698 * reflink filesystem. 699 */ 700 static void 701 xfs_scrub_inode_check_reflink_iflag( 702 struct xfs_scrub_context *sc, 703 xfs_ino_t ino, 704 struct xfs_buf *bp) 705 { 706 struct xfs_mount *mp = sc->mp; 707 bool has_shared; 708 int error; 709 710 if (!xfs_sb_version_hasreflink(&mp->m_sb)) 711 return; 712 713 error = xfs_reflink_inode_has_shared_extents(sc->tp, sc->ip, 714 &has_shared); 715 if (!xfs_scrub_xref_process_error(sc, XFS_INO_TO_AGNO(mp, ino), 716 XFS_INO_TO_AGBNO(mp, ino), &error)) 717 return; 718 if (xfs_is_reflink_inode(sc->ip) && !has_shared) 719 xfs_scrub_ino_set_preen(sc, ino, bp); 720 else if (!xfs_is_reflink_inode(sc->ip) && has_shared) 721 xfs_scrub_ino_set_corrupt(sc, ino, bp); 722 } 723 724 /* Scrub an inode. */ 725 int 726 xfs_scrub_inode( 727 struct xfs_scrub_context *sc) 728 { 729 struct xfs_dinode di; 730 struct xfs_buf *bp = NULL; 731 struct xfs_dinode *dip; 732 xfs_ino_t ino; 733 int error = 0; 734 735 /* Did we get the in-core inode, or are we doing this manually? */ 736 if (sc->ip) { 737 ino = sc->ip->i_ino; 738 xfs_inode_to_disk(sc->ip, &di, 0); 739 dip = &di; 740 } else { 741 /* Map & read inode. */ 742 ino = sc->sm->sm_ino; 743 error = xfs_scrub_inode_map_raw(sc, ino, &bp, &dip); 744 if (error || !bp) 745 goto out; 746 } 747 748 xfs_scrub_dinode(sc, bp, dip, ino); 749 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) 750 goto out; 751 752 /* Now let's do the things that require a live inode. */ 753 if (!sc->ip) 754 goto out; 755 756 /* 757 * Look for discrepancies between file's data blocks and the reflink 758 * iflag. We already checked the iflag against the file mode when 759 * we scrubbed the dinode. 760 */ 761 if (S_ISREG(VFS_I(sc->ip)->i_mode)) 762 xfs_scrub_inode_check_reflink_iflag(sc, ino, bp); 763 764 xfs_scrub_inode_xref(sc, ino, dip); 765 out: 766 if (bp) 767 xfs_trans_brelse(sc->tp, bp); 768 return error; 769 } 770