1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2022 Oracle. All Rights Reserved. 4 * Author: Allison Henderson <allison.henderson@oracle.com> 5 */ 6 7 #include "xfs.h" 8 #include "xfs_fs.h" 9 #include "xfs_format.h" 10 #include "xfs_trans_resv.h" 11 #include "xfs_shared.h" 12 #include "xfs_mount.h" 13 #include "xfs_defer.h" 14 #include "xfs_log_format.h" 15 #include "xfs_trans.h" 16 #include "xfs_bmap_btree.h" 17 #include "xfs_trans_priv.h" 18 #include "xfs_log.h" 19 #include "xfs_inode.h" 20 #include "xfs_da_format.h" 21 #include "xfs_da_btree.h" 22 #include "xfs_attr.h" 23 #include "xfs_attr_item.h" 24 #include "xfs_trace.h" 25 #include "xfs_trans_space.h" 26 #include "xfs_errortag.h" 27 #include "xfs_error.h" 28 #include "xfs_log_priv.h" 29 #include "xfs_log_recover.h" 30 31 struct kmem_cache *xfs_attri_cache; 32 struct kmem_cache *xfs_attrd_cache; 33 34 static const struct xfs_item_ops xfs_attri_item_ops; 35 static const struct xfs_item_ops xfs_attrd_item_ops; 36 static struct xfs_attrd_log_item *xfs_trans_get_attrd(struct xfs_trans *tp, 37 struct xfs_attri_log_item *attrip); 38 39 static inline struct xfs_attri_log_item *ATTRI_ITEM(struct xfs_log_item *lip) 40 { 41 return container_of(lip, struct xfs_attri_log_item, attri_item); 42 } 43 44 /* 45 * Shared xattr name/value buffers for logged extended attribute operations 46 * 47 * When logging updates to extended attributes, we can create quite a few 48 * attribute log intent items for a single xattr update. To avoid cycling the 49 * memory allocator and memcpy overhead, the name (and value, for setxattr) 50 * are kept in a refcounted object that is shared across all related log items 51 * and the upper-level deferred work state structure. The shared buffer has 52 * a control structure, followed by the name, and then the value. 53 */ 54 55 static inline struct xfs_attri_log_nameval * 56 xfs_attri_log_nameval_get( 57 struct xfs_attri_log_nameval *nv) 58 { 59 if (!refcount_inc_not_zero(&nv->refcount)) 60 return NULL; 61 return nv; 62 } 63 64 static inline void 65 xfs_attri_log_nameval_put( 66 struct xfs_attri_log_nameval *nv) 67 { 68 if (!nv) 69 return; 70 if (refcount_dec_and_test(&nv->refcount)) 71 kvfree(nv); 72 } 73 74 static inline struct xfs_attri_log_nameval * 75 xfs_attri_log_nameval_alloc( 76 const void *name, 77 unsigned int name_len, 78 const void *value, 79 unsigned int value_len) 80 { 81 struct xfs_attri_log_nameval *nv; 82 83 /* 84 * This could be over 64kB in length, so we have to use kvmalloc() for 85 * this. But kvmalloc() utterly sucks, so we use our own version. 86 */ 87 nv = xlog_kvmalloc(sizeof(struct xfs_attri_log_nameval) + 88 name_len + value_len); 89 90 nv->name.i_addr = nv + 1; 91 nv->name.i_len = name_len; 92 nv->name.i_type = XLOG_REG_TYPE_ATTR_NAME; 93 memcpy(nv->name.i_addr, name, name_len); 94 95 if (value_len) { 96 nv->value.i_addr = nv->name.i_addr + name_len; 97 nv->value.i_len = value_len; 98 memcpy(nv->value.i_addr, value, value_len); 99 } else { 100 nv->value.i_addr = NULL; 101 nv->value.i_len = 0; 102 } 103 nv->value.i_type = XLOG_REG_TYPE_ATTR_VALUE; 104 105 refcount_set(&nv->refcount, 1); 106 return nv; 107 } 108 109 STATIC void 110 xfs_attri_item_free( 111 struct xfs_attri_log_item *attrip) 112 { 113 kmem_free(attrip->attri_item.li_lv_shadow); 114 xfs_attri_log_nameval_put(attrip->attri_nameval); 115 kmem_cache_free(xfs_attri_cache, attrip); 116 } 117 118 /* 119 * Freeing the attrip requires that we remove it from the AIL if it has already 120 * been placed there. However, the ATTRI may not yet have been placed in the 121 * AIL when called by xfs_attri_release() from ATTRD processing due to the 122 * ordering of committed vs unpin operations in bulk insert operations. Hence 123 * the reference count to ensure only the last caller frees the ATTRI. 124 */ 125 STATIC void 126 xfs_attri_release( 127 struct xfs_attri_log_item *attrip) 128 { 129 ASSERT(atomic_read(&attrip->attri_refcount) > 0); 130 if (!atomic_dec_and_test(&attrip->attri_refcount)) 131 return; 132 133 xfs_trans_ail_delete(&attrip->attri_item, 0); 134 xfs_attri_item_free(attrip); 135 } 136 137 STATIC void 138 xfs_attri_item_size( 139 struct xfs_log_item *lip, 140 int *nvecs, 141 int *nbytes) 142 { 143 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 144 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 145 146 *nvecs += 2; 147 *nbytes += sizeof(struct xfs_attri_log_format) + 148 xlog_calc_iovec_len(nv->name.i_len); 149 150 if (!nv->value.i_len) 151 return; 152 153 *nvecs += 1; 154 *nbytes += xlog_calc_iovec_len(nv->value.i_len); 155 } 156 157 /* 158 * This is called to fill in the log iovecs for the given attri log 159 * item. We use 1 iovec for the attri_format_item, 1 for the name, and 160 * another for the value if it is present 161 */ 162 STATIC void 163 xfs_attri_item_format( 164 struct xfs_log_item *lip, 165 struct xfs_log_vec *lv) 166 { 167 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 168 struct xfs_log_iovec *vecp = NULL; 169 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 170 171 attrip->attri_format.alfi_type = XFS_LI_ATTRI; 172 attrip->attri_format.alfi_size = 1; 173 174 /* 175 * This size accounting must be done before copying the attrip into the 176 * iovec. If we do it after, the wrong size will be recorded to the log 177 * and we trip across assertion checks for bad region sizes later during 178 * the log recovery. 179 */ 180 181 ASSERT(nv->name.i_len > 0); 182 attrip->attri_format.alfi_size++; 183 184 if (nv->value.i_len > 0) 185 attrip->attri_format.alfi_size++; 186 187 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRI_FORMAT, 188 &attrip->attri_format, 189 sizeof(struct xfs_attri_log_format)); 190 xlog_copy_from_iovec(lv, &vecp, &nv->name); 191 if (nv->value.i_len > 0) 192 xlog_copy_from_iovec(lv, &vecp, &nv->value); 193 } 194 195 /* 196 * The unpin operation is the last place an ATTRI is manipulated in the log. It 197 * is either inserted in the AIL or aborted in the event of a log I/O error. In 198 * either case, the ATTRI transaction has been successfully committed to make 199 * it this far. Therefore, we expect whoever committed the ATTRI to either 200 * construct and commit the ATTRD or drop the ATTRD's reference in the event of 201 * error. Simply drop the log's ATTRI reference now that the log is done with 202 * it. 203 */ 204 STATIC void 205 xfs_attri_item_unpin( 206 struct xfs_log_item *lip, 207 int remove) 208 { 209 xfs_attri_release(ATTRI_ITEM(lip)); 210 } 211 212 213 STATIC void 214 xfs_attri_item_release( 215 struct xfs_log_item *lip) 216 { 217 xfs_attri_release(ATTRI_ITEM(lip)); 218 } 219 220 /* 221 * Allocate and initialize an attri item. Caller may allocate an additional 222 * trailing buffer for name and value 223 */ 224 STATIC struct xfs_attri_log_item * 225 xfs_attri_init( 226 struct xfs_mount *mp, 227 struct xfs_attri_log_nameval *nv) 228 { 229 struct xfs_attri_log_item *attrip; 230 231 attrip = kmem_cache_zalloc(xfs_attri_cache, GFP_NOFS | __GFP_NOFAIL); 232 233 /* 234 * Grab an extra reference to the name/value buffer for this log item. 235 * The caller retains its own reference! 236 */ 237 attrip->attri_nameval = xfs_attri_log_nameval_get(nv); 238 ASSERT(attrip->attri_nameval); 239 240 xfs_log_item_init(mp, &attrip->attri_item, XFS_LI_ATTRI, 241 &xfs_attri_item_ops); 242 attrip->attri_format.alfi_id = (uintptr_t)(void *)attrip; 243 atomic_set(&attrip->attri_refcount, 2); 244 245 return attrip; 246 } 247 248 static inline struct xfs_attrd_log_item *ATTRD_ITEM(struct xfs_log_item *lip) 249 { 250 return container_of(lip, struct xfs_attrd_log_item, attrd_item); 251 } 252 253 STATIC void 254 xfs_attrd_item_free(struct xfs_attrd_log_item *attrdp) 255 { 256 kmem_free(attrdp->attrd_item.li_lv_shadow); 257 kmem_cache_free(xfs_attrd_cache, attrdp); 258 } 259 260 STATIC void 261 xfs_attrd_item_size( 262 struct xfs_log_item *lip, 263 int *nvecs, 264 int *nbytes) 265 { 266 *nvecs += 1; 267 *nbytes += sizeof(struct xfs_attrd_log_format); 268 } 269 270 /* 271 * This is called to fill in the log iovecs for the given attrd log item. We use 272 * only 1 iovec for the attrd_format, and we point that at the attr_log_format 273 * structure embedded in the attrd item. 274 */ 275 STATIC void 276 xfs_attrd_item_format( 277 struct xfs_log_item *lip, 278 struct xfs_log_vec *lv) 279 { 280 struct xfs_attrd_log_item *attrdp = ATTRD_ITEM(lip); 281 struct xfs_log_iovec *vecp = NULL; 282 283 attrdp->attrd_format.alfd_type = XFS_LI_ATTRD; 284 attrdp->attrd_format.alfd_size = 1; 285 286 xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRD_FORMAT, 287 &attrdp->attrd_format, 288 sizeof(struct xfs_attrd_log_format)); 289 } 290 291 /* 292 * The ATTRD is either committed or aborted if the transaction is canceled. If 293 * the transaction is canceled, drop our reference to the ATTRI and free the 294 * ATTRD. 295 */ 296 STATIC void 297 xfs_attrd_item_release( 298 struct xfs_log_item *lip) 299 { 300 struct xfs_attrd_log_item *attrdp = ATTRD_ITEM(lip); 301 302 xfs_attri_release(attrdp->attrd_attrip); 303 xfs_attrd_item_free(attrdp); 304 } 305 306 static struct xfs_log_item * 307 xfs_attrd_item_intent( 308 struct xfs_log_item *lip) 309 { 310 return &ATTRD_ITEM(lip)->attrd_attrip->attri_item; 311 } 312 313 /* 314 * Performs one step of an attribute update intent and marks the attrd item 315 * dirty.. An attr operation may be a set or a remove. Note that the 316 * transaction is marked dirty regardless of whether the operation succeeds or 317 * fails to support the ATTRI/ATTRD lifecycle rules. 318 */ 319 STATIC int 320 xfs_xattri_finish_update( 321 struct xfs_attr_intent *attr, 322 struct xfs_attrd_log_item *attrdp) 323 { 324 struct xfs_da_args *args = attr->xattri_da_args; 325 int error; 326 327 if (XFS_TEST_ERROR(false, args->dp->i_mount, XFS_ERRTAG_LARP)) { 328 error = -EIO; 329 goto out; 330 } 331 332 /* If an attr removal is trivially complete, we're done. */ 333 if (attr->xattri_op_flags == XFS_ATTRI_OP_FLAGS_REMOVE && 334 !xfs_inode_hasattr(args->dp)) { 335 error = 0; 336 goto out; 337 } 338 339 error = xfs_attr_set_iter(attr); 340 if (!error && attr->xattri_dela_state != XFS_DAS_DONE) 341 error = -EAGAIN; 342 out: 343 /* 344 * Mark the transaction dirty, even on error. This ensures the 345 * transaction is aborted, which: 346 * 347 * 1.) releases the ATTRI and frees the ATTRD 348 * 2.) shuts down the filesystem 349 */ 350 args->trans->t_flags |= XFS_TRANS_DIRTY | XFS_TRANS_HAS_INTENT_DONE; 351 352 /* 353 * attr intent/done items are null when logged attributes are disabled 354 */ 355 if (attrdp) 356 set_bit(XFS_LI_DIRTY, &attrdp->attrd_item.li_flags); 357 358 return error; 359 } 360 361 /* Log an attr to the intent item. */ 362 STATIC void 363 xfs_attr_log_item( 364 struct xfs_trans *tp, 365 struct xfs_attri_log_item *attrip, 366 const struct xfs_attr_intent *attr) 367 { 368 struct xfs_attri_log_format *attrp; 369 370 tp->t_flags |= XFS_TRANS_DIRTY; 371 set_bit(XFS_LI_DIRTY, &attrip->attri_item.li_flags); 372 373 /* 374 * At this point the xfs_attr_intent has been constructed, and we've 375 * created the log intent. Fill in the attri log item and log format 376 * structure with fields from this xfs_attr_intent 377 */ 378 attrp = &attrip->attri_format; 379 attrp->alfi_ino = attr->xattri_da_args->dp->i_ino; 380 ASSERT(!(attr->xattri_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK)); 381 attrp->alfi_op_flags = attr->xattri_op_flags; 382 attrp->alfi_value_len = attr->xattri_nameval->value.i_len; 383 attrp->alfi_name_len = attr->xattri_nameval->name.i_len; 384 ASSERT(!(attr->xattri_da_args->attr_filter & ~XFS_ATTRI_FILTER_MASK)); 385 attrp->alfi_attr_filter = attr->xattri_da_args->attr_filter; 386 } 387 388 /* Get an ATTRI. */ 389 static struct xfs_log_item * 390 xfs_attr_create_intent( 391 struct xfs_trans *tp, 392 struct list_head *items, 393 unsigned int count, 394 bool sort) 395 { 396 struct xfs_mount *mp = tp->t_mountp; 397 struct xfs_attri_log_item *attrip; 398 struct xfs_attr_intent *attr; 399 struct xfs_da_args *args; 400 401 ASSERT(count == 1); 402 403 /* 404 * Each attr item only performs one attribute operation at a time, so 405 * this is a list of one 406 */ 407 attr = list_first_entry_or_null(items, struct xfs_attr_intent, 408 xattri_list); 409 args = attr->xattri_da_args; 410 411 if (!(args->op_flags & XFS_DA_OP_LOGGED)) 412 return NULL; 413 414 /* 415 * Create a buffer to store the attribute name and value. This buffer 416 * will be shared between the higher level deferred xattr work state 417 * and the lower level xattr log items. 418 */ 419 if (!attr->xattri_nameval) { 420 /* 421 * Transfer our reference to the name/value buffer to the 422 * deferred work state structure. 423 */ 424 attr->xattri_nameval = xfs_attri_log_nameval_alloc(args->name, 425 args->namelen, args->value, args->valuelen); 426 } 427 428 attrip = xfs_attri_init(mp, attr->xattri_nameval); 429 xfs_trans_add_item(tp, &attrip->attri_item); 430 xfs_attr_log_item(tp, attrip, attr); 431 432 return &attrip->attri_item; 433 } 434 435 static inline void 436 xfs_attr_free_item( 437 struct xfs_attr_intent *attr) 438 { 439 if (attr->xattri_da_state) 440 xfs_da_state_free(attr->xattri_da_state); 441 xfs_attri_log_nameval_put(attr->xattri_nameval); 442 if (attr->xattri_da_args->op_flags & XFS_DA_OP_RECOVERY) 443 kmem_free(attr); 444 else 445 kmem_cache_free(xfs_attr_intent_cache, attr); 446 } 447 448 /* Process an attr. */ 449 STATIC int 450 xfs_attr_finish_item( 451 struct xfs_trans *tp, 452 struct xfs_log_item *done, 453 struct list_head *item, 454 struct xfs_btree_cur **state) 455 { 456 struct xfs_attr_intent *attr; 457 struct xfs_attrd_log_item *done_item = NULL; 458 int error; 459 460 attr = container_of(item, struct xfs_attr_intent, xattri_list); 461 if (done) 462 done_item = ATTRD_ITEM(done); 463 464 /* 465 * Always reset trans after EAGAIN cycle 466 * since the transaction is new 467 */ 468 attr->xattri_da_args->trans = tp; 469 470 error = xfs_xattri_finish_update(attr, done_item); 471 if (error != -EAGAIN) 472 xfs_attr_free_item(attr); 473 474 return error; 475 } 476 477 /* Abort all pending ATTRs. */ 478 STATIC void 479 xfs_attr_abort_intent( 480 struct xfs_log_item *intent) 481 { 482 xfs_attri_release(ATTRI_ITEM(intent)); 483 } 484 485 /* Cancel an attr */ 486 STATIC void 487 xfs_attr_cancel_item( 488 struct list_head *item) 489 { 490 struct xfs_attr_intent *attr; 491 492 attr = container_of(item, struct xfs_attr_intent, xattri_list); 493 xfs_attr_free_item(attr); 494 } 495 496 STATIC bool 497 xfs_attri_item_match( 498 struct xfs_log_item *lip, 499 uint64_t intent_id) 500 { 501 return ATTRI_ITEM(lip)->attri_format.alfi_id == intent_id; 502 } 503 504 /* Is this recovered ATTRI format ok? */ 505 static inline bool 506 xfs_attri_validate( 507 struct xfs_mount *mp, 508 struct xfs_attri_log_format *attrp) 509 { 510 unsigned int op = attrp->alfi_op_flags & 511 XFS_ATTRI_OP_FLAGS_TYPE_MASK; 512 513 if (!xfs_sb_version_haslogxattrs(&mp->m_sb)) 514 return false; 515 516 if (attrp->__pad != 0) 517 return false; 518 519 if (attrp->alfi_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK) 520 return false; 521 522 if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) 523 return false; 524 525 if (!xfs_attr_check_namespace(attrp->alfi_attr_filter & 526 XFS_ATTR_NSP_ONDISK_MASK)) 527 return false; 528 529 /* alfi_op_flags should be either a set or remove */ 530 switch (op) { 531 case XFS_ATTRI_OP_FLAGS_SET: 532 case XFS_ATTRI_OP_FLAGS_REPLACE: 533 case XFS_ATTRI_OP_FLAGS_REMOVE: 534 break; 535 default: 536 return false; 537 } 538 539 if (attrp->alfi_value_len > XATTR_SIZE_MAX) 540 return false; 541 542 if ((attrp->alfi_name_len > XATTR_NAME_MAX) || 543 (attrp->alfi_name_len == 0)) 544 return false; 545 546 return xfs_verify_ino(mp, attrp->alfi_ino); 547 } 548 549 /* 550 * Process an attr intent item that was recovered from the log. We need to 551 * delete the attr that it describes. 552 */ 553 STATIC int 554 xfs_attri_item_recover( 555 struct xfs_defer_pending *dfp, 556 struct list_head *capture_list) 557 { 558 struct xfs_log_item *lip = dfp->dfp_intent; 559 struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip); 560 struct xfs_attr_intent *attr; 561 struct xfs_mount *mp = lip->li_log->l_mp; 562 struct xfs_inode *ip; 563 struct xfs_da_args *args; 564 struct xfs_trans *tp; 565 struct xfs_trans_res resv; 566 struct xfs_attri_log_format *attrp; 567 struct xfs_attri_log_nameval *nv = attrip->attri_nameval; 568 int error; 569 int total; 570 int local; 571 struct xfs_attrd_log_item *done_item = NULL; 572 573 /* 574 * First check the validity of the attr described by the ATTRI. If any 575 * are bad, then assume that all are bad and just toss the ATTRI. 576 */ 577 attrp = &attrip->attri_format; 578 if (!xfs_attri_validate(mp, attrp) || 579 !xfs_attr_namecheck(attrp->alfi_attr_filter, nv->name.i_addr, 580 nv->name.i_len)) 581 return -EFSCORRUPTED; 582 583 error = xlog_recover_iget(mp, attrp->alfi_ino, &ip); 584 if (error) 585 return error; 586 587 attr = kmem_zalloc(sizeof(struct xfs_attr_intent) + 588 sizeof(struct xfs_da_args), KM_NOFS); 589 args = (struct xfs_da_args *)(attr + 1); 590 591 attr->xattri_da_args = args; 592 attr->xattri_op_flags = attrp->alfi_op_flags & 593 XFS_ATTRI_OP_FLAGS_TYPE_MASK; 594 595 /* 596 * We're reconstructing the deferred work state structure from the 597 * recovered log item. Grab a reference to the name/value buffer and 598 * attach it to the new work state. 599 */ 600 attr->xattri_nameval = xfs_attri_log_nameval_get(nv); 601 ASSERT(attr->xattri_nameval); 602 603 args->dp = ip; 604 args->geo = mp->m_attr_geo; 605 args->whichfork = XFS_ATTR_FORK; 606 args->name = nv->name.i_addr; 607 args->namelen = nv->name.i_len; 608 args->hashval = xfs_da_hashname(args->name, args->namelen); 609 args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK; 610 args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT | 611 XFS_DA_OP_LOGGED; 612 613 switch (attr->xattri_op_flags) { 614 case XFS_ATTRI_OP_FLAGS_SET: 615 case XFS_ATTRI_OP_FLAGS_REPLACE: 616 args->value = nv->value.i_addr; 617 args->valuelen = nv->value.i_len; 618 args->total = xfs_attr_calc_size(args, &local); 619 if (xfs_inode_hasattr(args->dp)) 620 attr->xattri_dela_state = xfs_attr_init_replace_state(args); 621 else 622 attr->xattri_dela_state = xfs_attr_init_add_state(args); 623 break; 624 case XFS_ATTRI_OP_FLAGS_REMOVE: 625 attr->xattri_dela_state = xfs_attr_init_remove_state(args); 626 break; 627 default: 628 ASSERT(0); 629 error = -EFSCORRUPTED; 630 goto out; 631 } 632 633 xfs_init_attr_trans(args, &resv, &total); 634 resv = xlog_recover_resv(&resv); 635 error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp); 636 if (error) 637 goto out; 638 639 args->trans = tp; 640 done_item = xfs_trans_get_attrd(tp, attrip); 641 xlog_recover_transfer_intent(tp, dfp); 642 643 xfs_ilock(ip, XFS_ILOCK_EXCL); 644 xfs_trans_ijoin(tp, ip, 0); 645 646 error = xfs_xattri_finish_update(attr, done_item); 647 if (error == -EAGAIN) { 648 /* 649 * There's more work to do, so add the intent item to this 650 * transaction so that we can continue it later. 651 */ 652 xfs_defer_add(tp, XFS_DEFER_OPS_TYPE_ATTR, &attr->xattri_list); 653 error = xfs_defer_ops_capture_and_commit(tp, capture_list); 654 if (error) 655 goto out_unlock; 656 657 xfs_iunlock(ip, XFS_ILOCK_EXCL); 658 xfs_irele(ip); 659 return 0; 660 } 661 if (error) { 662 xfs_trans_cancel(tp); 663 goto out_unlock; 664 } 665 666 error = xfs_defer_ops_capture_and_commit(tp, capture_list); 667 out_unlock: 668 xfs_iunlock(ip, XFS_ILOCK_EXCL); 669 xfs_irele(ip); 670 out: 671 xfs_attr_free_item(attr); 672 return error; 673 } 674 675 /* Re-log an intent item to push the log tail forward. */ 676 static struct xfs_log_item * 677 xfs_attri_item_relog( 678 struct xfs_log_item *intent, 679 struct xfs_trans *tp) 680 { 681 struct xfs_attrd_log_item *attrdp; 682 struct xfs_attri_log_item *old_attrip; 683 struct xfs_attri_log_item *new_attrip; 684 struct xfs_attri_log_format *new_attrp; 685 struct xfs_attri_log_format *old_attrp; 686 687 old_attrip = ATTRI_ITEM(intent); 688 old_attrp = &old_attrip->attri_format; 689 690 tp->t_flags |= XFS_TRANS_DIRTY; 691 attrdp = xfs_trans_get_attrd(tp, old_attrip); 692 set_bit(XFS_LI_DIRTY, &attrdp->attrd_item.li_flags); 693 694 /* 695 * Create a new log item that shares the same name/value buffer as the 696 * old log item. 697 */ 698 new_attrip = xfs_attri_init(tp->t_mountp, old_attrip->attri_nameval); 699 new_attrp = &new_attrip->attri_format; 700 701 new_attrp->alfi_ino = old_attrp->alfi_ino; 702 new_attrp->alfi_op_flags = old_attrp->alfi_op_flags; 703 new_attrp->alfi_value_len = old_attrp->alfi_value_len; 704 new_attrp->alfi_name_len = old_attrp->alfi_name_len; 705 new_attrp->alfi_attr_filter = old_attrp->alfi_attr_filter; 706 707 xfs_trans_add_item(tp, &new_attrip->attri_item); 708 set_bit(XFS_LI_DIRTY, &new_attrip->attri_item.li_flags); 709 710 return &new_attrip->attri_item; 711 } 712 713 STATIC int 714 xlog_recover_attri_commit_pass2( 715 struct xlog *log, 716 struct list_head *buffer_list, 717 struct xlog_recover_item *item, 718 xfs_lsn_t lsn) 719 { 720 struct xfs_mount *mp = log->l_mp; 721 struct xfs_attri_log_item *attrip; 722 struct xfs_attri_log_format *attri_formatp; 723 struct xfs_attri_log_nameval *nv; 724 const void *attr_value = NULL; 725 const void *attr_name; 726 size_t len; 727 unsigned int op, i = 0; 728 729 /* Validate xfs_attri_log_format before the large memory allocation */ 730 len = sizeof(struct xfs_attri_log_format); 731 if (item->ri_buf[i].i_len != len) { 732 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 733 item->ri_buf[0].i_addr, item->ri_buf[0].i_len); 734 return -EFSCORRUPTED; 735 } 736 737 attri_formatp = item->ri_buf[i].i_addr; 738 if (!xfs_attri_validate(mp, attri_formatp)) { 739 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 740 attri_formatp, len); 741 return -EFSCORRUPTED; 742 } 743 744 /* Check the number of log iovecs makes sense for the op code. */ 745 op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; 746 switch (op) { 747 case XFS_ATTRI_OP_FLAGS_SET: 748 case XFS_ATTRI_OP_FLAGS_REPLACE: 749 /* Log item, attr name, attr value */ 750 if (item->ri_total != 3) { 751 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 752 attri_formatp, len); 753 return -EFSCORRUPTED; 754 } 755 break; 756 case XFS_ATTRI_OP_FLAGS_REMOVE: 757 /* Log item, attr name */ 758 if (item->ri_total != 2) { 759 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 760 attri_formatp, len); 761 return -EFSCORRUPTED; 762 } 763 break; 764 default: 765 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 766 attri_formatp, len); 767 return -EFSCORRUPTED; 768 } 769 i++; 770 771 /* Validate the attr name */ 772 if (item->ri_buf[i].i_len != 773 xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { 774 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 775 attri_formatp, len); 776 return -EFSCORRUPTED; 777 } 778 779 attr_name = item->ri_buf[i].i_addr; 780 if (!xfs_attr_namecheck(attri_formatp->alfi_attr_filter, attr_name, 781 attri_formatp->alfi_name_len)) { 782 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 783 attri_formatp, len); 784 return -EFSCORRUPTED; 785 } 786 i++; 787 788 /* Validate the attr value, if present */ 789 if (attri_formatp->alfi_value_len != 0) { 790 if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { 791 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 792 item->ri_buf[0].i_addr, 793 item->ri_buf[0].i_len); 794 return -EFSCORRUPTED; 795 } 796 797 attr_value = item->ri_buf[i].i_addr; 798 i++; 799 } 800 801 /* 802 * Make sure we got the correct number of buffers for the operation 803 * that we just loaded. 804 */ 805 if (i != item->ri_total) { 806 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 807 attri_formatp, len); 808 return -EFSCORRUPTED; 809 } 810 811 switch (op) { 812 case XFS_ATTRI_OP_FLAGS_REMOVE: 813 /* Regular remove operations operate only on names. */ 814 if (attr_value != NULL || attri_formatp->alfi_value_len != 0) { 815 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 816 attri_formatp, len); 817 return -EFSCORRUPTED; 818 } 819 fallthrough; 820 case XFS_ATTRI_OP_FLAGS_SET: 821 case XFS_ATTRI_OP_FLAGS_REPLACE: 822 /* 823 * Regular xattr set/remove/replace operations require a name 824 * and do not take a newname. Values are optional for set and 825 * replace. 826 */ 827 if (attr_name == NULL || attri_formatp->alfi_name_len == 0) { 828 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, 829 attri_formatp, len); 830 return -EFSCORRUPTED; 831 } 832 break; 833 } 834 835 /* 836 * Memory alloc failure will cause replay to abort. We attach the 837 * name/value buffer to the recovered incore log item and drop our 838 * reference. 839 */ 840 nv = xfs_attri_log_nameval_alloc(attr_name, 841 attri_formatp->alfi_name_len, attr_value, 842 attri_formatp->alfi_value_len); 843 844 attrip = xfs_attri_init(mp, nv); 845 memcpy(&attrip->attri_format, attri_formatp, len); 846 847 xlog_recover_intent_item(log, &attrip->attri_item, lsn, 848 XFS_DEFER_OPS_TYPE_ATTR); 849 xfs_attri_log_nameval_put(nv); 850 return 0; 851 } 852 853 /* 854 * This routine is called to allocate an "attr free done" log item. 855 */ 856 static struct xfs_attrd_log_item * 857 xfs_trans_get_attrd(struct xfs_trans *tp, 858 struct xfs_attri_log_item *attrip) 859 { 860 struct xfs_attrd_log_item *attrdp; 861 862 ASSERT(tp != NULL); 863 864 attrdp = kmem_cache_zalloc(xfs_attrd_cache, GFP_NOFS | __GFP_NOFAIL); 865 866 xfs_log_item_init(tp->t_mountp, &attrdp->attrd_item, XFS_LI_ATTRD, 867 &xfs_attrd_item_ops); 868 attrdp->attrd_attrip = attrip; 869 attrdp->attrd_format.alfd_alf_id = attrip->attri_format.alfi_id; 870 871 xfs_trans_add_item(tp, &attrdp->attrd_item); 872 return attrdp; 873 } 874 875 /* Get an ATTRD so we can process all the attrs. */ 876 static struct xfs_log_item * 877 xfs_attr_create_done( 878 struct xfs_trans *tp, 879 struct xfs_log_item *intent, 880 unsigned int count) 881 { 882 if (!intent) 883 return NULL; 884 885 return &xfs_trans_get_attrd(tp, ATTRI_ITEM(intent))->attrd_item; 886 } 887 888 const struct xfs_defer_op_type xfs_attr_defer_type = { 889 .max_items = 1, 890 .create_intent = xfs_attr_create_intent, 891 .abort_intent = xfs_attr_abort_intent, 892 .create_done = xfs_attr_create_done, 893 .finish_item = xfs_attr_finish_item, 894 .cancel_item = xfs_attr_cancel_item, 895 }; 896 897 /* 898 * This routine is called when an ATTRD format structure is found in a committed 899 * transaction in the log. Its purpose is to cancel the corresponding ATTRI if 900 * it was still in the log. To do this it searches the AIL for the ATTRI with 901 * an id equal to that in the ATTRD format structure. If we find it we drop 902 * the ATTRD reference, which removes the ATTRI from the AIL and frees it. 903 */ 904 STATIC int 905 xlog_recover_attrd_commit_pass2( 906 struct xlog *log, 907 struct list_head *buffer_list, 908 struct xlog_recover_item *item, 909 xfs_lsn_t lsn) 910 { 911 struct xfs_attrd_log_format *attrd_formatp; 912 913 attrd_formatp = item->ri_buf[0].i_addr; 914 if (item->ri_buf[0].i_len != sizeof(struct xfs_attrd_log_format)) { 915 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp, 916 item->ri_buf[0].i_addr, item->ri_buf[0].i_len); 917 return -EFSCORRUPTED; 918 } 919 920 xlog_recover_release_intent(log, XFS_LI_ATTRI, 921 attrd_formatp->alfd_alf_id); 922 return 0; 923 } 924 925 static const struct xfs_item_ops xfs_attri_item_ops = { 926 .flags = XFS_ITEM_INTENT, 927 .iop_size = xfs_attri_item_size, 928 .iop_format = xfs_attri_item_format, 929 .iop_unpin = xfs_attri_item_unpin, 930 .iop_release = xfs_attri_item_release, 931 .iop_recover = xfs_attri_item_recover, 932 .iop_match = xfs_attri_item_match, 933 .iop_relog = xfs_attri_item_relog, 934 }; 935 936 const struct xlog_recover_item_ops xlog_attri_item_ops = { 937 .item_type = XFS_LI_ATTRI, 938 .commit_pass2 = xlog_recover_attri_commit_pass2, 939 }; 940 941 static const struct xfs_item_ops xfs_attrd_item_ops = { 942 .flags = XFS_ITEM_RELEASE_WHEN_COMMITTED | 943 XFS_ITEM_INTENT_DONE, 944 .iop_size = xfs_attrd_item_size, 945 .iop_format = xfs_attrd_item_format, 946 .iop_release = xfs_attrd_item_release, 947 .iop_intent = xfs_attrd_item_intent, 948 }; 949 950 const struct xlog_recover_item_ops xlog_attrd_item_ops = { 951 .item_type = XFS_LI_ATTRD, 952 .commit_pass2 = xlog_recover_attrd_commit_pass2, 953 }; 954