LXR linux/fs/xfs/scrub/attr.c

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Copyright (C) 2017 Oracle.  All Rights Reserved.
   4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
   5 */
   6#include "xfs.h"
   7#include "xfs_fs.h"
   8#include "xfs_shared.h"
   9#include "xfs_format.h"
  10#include "xfs_trans_resv.h"
  11#include "xfs_mount.h"
  12#include "xfs_log_format.h"
  13#include "xfs_inode.h"
  14#include "xfs_da_format.h"
  15#include "xfs_da_btree.h"
  16#include "xfs_attr.h"
  17#include "xfs_attr_leaf.h"
  18#include "scrub/scrub.h"
  19#include "scrub/common.h"
  20#include "scrub/dabtree.h"
  21#include "scrub/attr.h"
  22
  23/*
  24 * Allocate enough memory to hold an attr value and attr block bitmaps,
  25 * reallocating the buffer if necessary.  Buffer contents are not preserved
  26 * across a reallocation.
  27 */
  28int
  29xchk_setup_xattr_buf(
  30        struct xfs_scrub        *sc,
  31        size_t                  value_size,
  32        xfs_km_flags_t          flags)
  33{
  34        size_t                  sz;
  35        struct xchk_xattr_buf   *ab = sc->buf;
  36
  37        /*
  38         * We need enough space to read an xattr value from the file or enough
  39         * space to hold three copies of the xattr free space bitmap.  We don't
  40         * need the buffer space for both purposes at the same time.
  41         */
  42        sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
  43        sz = max_t(size_t, sz, value_size);
  44
  45        /*
  46         * If there's already a buffer, figure out if we need to reallocate it
  47         * to accommodate a larger size.
  48         */
  49        if (ab) {
  50                if (sz <= ab->sz)
  51                        return 0;
  52                kmem_free(ab);
  53                sc->buf = NULL;
  54        }
  55
  56        /*
  57         * Don't zero the buffer upon allocation to avoid runtime overhead.
  58         * All users must be careful never to read uninitialized contents.
  59         */
  60        ab = kmem_alloc_large(sizeof(*ab) + sz, flags);
  61        if (!ab)
  62                return -ENOMEM;
  63
  64        ab->sz = sz;
  65        sc->buf = ab;
  66        return 0;
  67}
  68
  69/* Set us up to scrub an inode's extended attributes. */
  70int
  71xchk_setup_xattr(
  72        struct xfs_scrub        *sc)
  73{
  74        int                     error;
  75
  76        /*
  77         * We failed to get memory while checking attrs, so this time try to
  78         * get all the memory we're ever going to need.  Allocate the buffer
  79         * without the inode lock held, which means we can sleep.
  80         */
  81        if (sc->flags & XCHK_TRY_HARDER) {
  82                error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, 0);
  83                if (error)
  84                        return error;
  85        }
  86
  87        return xchk_setup_inode_contents(sc, 0);
  88}
  89
  90/* Extended Attributes */
  91
  92struct xchk_xattr {
  93        struct xfs_attr_list_context    context;
  94        struct xfs_scrub                *sc;
  95};
  96
  97/*
  98 * Check that an extended attribute key can be looked up by hash.
  99 *
 100 * We use the XFS attribute list iterator (i.e. xfs_attr_list_ilocked)
 101 * to call this function for every attribute key in an inode.  Once
 102 * we're here, we load the attribute value to see if any errors happen,
 103 * or if we get more or less data than we expected.
 104 */
 105static void
 106xchk_xattr_listent(
 107        struct xfs_attr_list_context    *context,
 108        int                             flags,
 109        unsigned char                   *name,
 110        int                             namelen,
 111        int                             valuelen)
 112{
 113        struct xchk_xattr               *sx;
 114        struct xfs_da_args              args = { NULL };
 115        int                             error = 0;
 116
 117        sx = container_of(context, struct xchk_xattr, context);
 118
 119        if (xchk_should_terminate(sx->sc, &error)) {
 120                context->seen_enough = error;
 121                return;
 122        }
 123
 124        if (flags & XFS_ATTR_INCOMPLETE) {
 125                /* Incomplete attr key, just mark the inode for preening. */
 126                xchk_ino_set_preen(sx->sc, context->dp->i_ino);
 127                return;
 128        }
 129
 130        /* Does this name make sense? */
 131        if (!xfs_attr_namecheck(name, namelen)) {
 132                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
 133                return;
 134        }
 135
 136        /*
 137         * Try to allocate enough memory to extrat the attr value.  If that
 138         * doesn't work, we overload the seen_enough variable to convey
 139         * the error message back to the main scrub function.
 140         */
 141        error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL);
 142        if (error == -ENOMEM)
 143                error = -EDEADLOCK;
 144        if (error) {
 145                context->seen_enough = error;
 146                return;
 147        }
 148
 149        args.op_flags = XFS_DA_OP_NOTIME;
 150        args.attr_filter = flags & XFS_ATTR_NSP_ONDISK_MASK;
 151        args.geo = context->dp->i_mount->m_attr_geo;
 152        args.whichfork = XFS_ATTR_FORK;
 153        args.dp = context->dp;
 154        args.name = name;
 155        args.namelen = namelen;
 156        args.hashval = xfs_da_hashname(args.name, args.namelen);
 157        args.trans = context->tp;
 158        args.value = xchk_xattr_valuebuf(sx->sc);
 159        args.valuelen = valuelen;
 160
 161        error = xfs_attr_get_ilocked(&args);
 162        /* ENODATA means the hash lookup failed and the attr is bad */
 163        if (error == -ENODATA)
 164                error = -EFSCORRUPTED;
 165        if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno,
 166                        &error))
 167                goto fail_xref;
 168        if (args.valuelen != valuelen)
 169                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK,
 170                                             args.blkno);
 171fail_xref:
 172        if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 173                context->seen_enough = 1;
 174        return;
 175}
 176
 177/*
 178 * Mark a range [start, start+len) in this map.  Returns true if the
 179 * region was free, and false if there's a conflict or a problem.
 180 *
 181 * Within a char, the lowest bit of the char represents the byte with
 182 * the smallest address
 183 */
 184STATIC bool
 185xchk_xattr_set_map(
 186        struct xfs_scrub        *sc,
 187        unsigned long           *map,
 188        unsigned int            start,
 189        unsigned int            len)
 190{
 191        unsigned int            mapsize = sc->mp->m_attr_geo->blksize;
 192        bool                    ret = true;
 193
 194        if (start >= mapsize)
 195                return false;
 196        if (start + len > mapsize) {
 197                len = mapsize - start;
 198                ret = false;
 199        }
 200
 201        if (find_next_bit(map, mapsize, start) < start + len)
 202                ret = false;
 203        bitmap_set(map, start, len);
 204
 205        return ret;
 206}
 207
 208/*
 209 * Check the leaf freemap from the usage bitmap.  Returns false if the
 210 * attr freemap has problems or points to used space.
 211 */
 212STATIC bool
 213xchk_xattr_check_freemap(
 214        struct xfs_scrub                *sc,
 215        unsigned long                   *map,
 216        struct xfs_attr3_icleaf_hdr     *leafhdr)
 217{
 218        unsigned long                   *freemap = xchk_xattr_freemap(sc);
 219        unsigned long                   *dstmap = xchk_xattr_dstmap(sc);
 220        unsigned int                    mapsize = sc->mp->m_attr_geo->blksize;
 221        int                             i;
 222
 223        /* Construct bitmap of freemap contents. */
 224        bitmap_zero(freemap, mapsize);
 225        for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
 226                if (!xchk_xattr_set_map(sc, freemap,
 227                                leafhdr->freemap[i].base,
 228                                leafhdr->freemap[i].size))
 229                        return false;
 230        }
 231
 232        /* Look for bits that are set in freemap and are marked in use. */
 233        return bitmap_and(dstmap, freemap, map, mapsize) == 0;
 234}
 235
 236/*
 237 * Check this leaf entry's relations to everything else.
 238 * Returns the number of bytes used for the name/value data.
 239 */
 240STATIC void
 241xchk_xattr_entry(
 242        struct xchk_da_btree            *ds,
 243        int                             level,
 244        char                            *buf_end,
 245        struct xfs_attr_leafblock       *leaf,
 246        struct xfs_attr3_icleaf_hdr     *leafhdr,
 247        struct xfs_attr_leaf_entry      *ent,
 248        int                             idx,
 249        unsigned int                    *usedbytes,
 250        __u32                           *last_hashval)
 251{
 252        struct xfs_mount                *mp = ds->state->mp;
 253        unsigned long                   *usedmap = xchk_xattr_usedmap(ds->sc);
 254        char                            *name_end;
 255        struct xfs_attr_leaf_name_local *lentry;
 256        struct xfs_attr_leaf_name_remote *rentry;
 257        unsigned int                    nameidx;
 258        unsigned int                    namesize;
 259
 260        if (ent->pad2 != 0)
 261                xchk_da_set_corrupt(ds, level);
 262
 263        /* Hash values in order? */
 264        if (be32_to_cpu(ent->hashval) < *last_hashval)
 265                xchk_da_set_corrupt(ds, level);
 266        *last_hashval = be32_to_cpu(ent->hashval);
 267
 268        nameidx = be16_to_cpu(ent->nameidx);
 269        if (nameidx < leafhdr->firstused ||
 270            nameidx >= mp->m_attr_geo->blksize) {
 271                xchk_da_set_corrupt(ds, level);
 272                return;
 273        }
 274
 275        /* Check the name information. */
 276        if (ent->flags & XFS_ATTR_LOCAL) {
 277                lentry = xfs_attr3_leaf_name_local(leaf, idx);
 278                namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
 279                                be16_to_cpu(lentry->valuelen));
 280                name_end = (char *)lentry + namesize;
 281                if (lentry->namelen == 0)
 282                        xchk_da_set_corrupt(ds, level);
 283        } else {
 284                rentry = xfs_attr3_leaf_name_remote(leaf, idx);
 285                namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
 286                name_end = (char *)rentry + namesize;
 287                if (rentry->namelen == 0 || rentry->valueblk == 0)
 288                        xchk_da_set_corrupt(ds, level);
 289        }
 290        if (name_end > buf_end)
 291                xchk_da_set_corrupt(ds, level);
 292
 293        if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize))
 294                xchk_da_set_corrupt(ds, level);
 295        if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
 296                *usedbytes += namesize;
 297}
 298
 299/* Scrub an attribute leaf. */
 300STATIC int
 301xchk_xattr_block(
 302        struct xchk_da_btree            *ds,
 303        int                             level)
 304{
 305        struct xfs_attr3_icleaf_hdr     leafhdr;
 306        struct xfs_mount                *mp = ds->state->mp;
 307        struct xfs_da_state_blk         *blk = &ds->state->path.blk[level];
 308        struct xfs_buf                  *bp = blk->bp;
 309        xfs_dablk_t                     *last_checked = ds->private;
 310        struct xfs_attr_leafblock       *leaf = bp->b_addr;
 311        struct xfs_attr_leaf_entry      *ent;
 312        struct xfs_attr_leaf_entry      *entries;
 313        unsigned long                   *usedmap;
 314        char                            *buf_end;
 315        size_t                          off;
 316        __u32                           last_hashval = 0;
 317        unsigned int                    usedbytes = 0;
 318        unsigned int                    hdrsize;
 319        int                             i;
 320        int                             error;
 321
 322        if (*last_checked == blk->blkno)
 323                return 0;
 324
 325        /* Allocate memory for block usage checking. */
 326        error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL);
 327        if (error == -ENOMEM)
 328                return -EDEADLOCK;
 329        if (error)
 330                return error;
 331        usedmap = xchk_xattr_usedmap(ds->sc);
 332
 333        *last_checked = blk->blkno;
 334        bitmap_zero(usedmap, mp->m_attr_geo->blksize);
 335
 336        /* Check all the padding. */
 337        if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) {
 338                struct xfs_attr3_leafblock      *leaf = bp->b_addr;
 339
 340                if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 ||
 341                    leaf->hdr.info.hdr.pad != 0)
 342                        xchk_da_set_corrupt(ds, level);
 343        } else {
 344                if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
 345                        xchk_da_set_corrupt(ds, level);
 346        }
 347
 348        /* Check the leaf header */
 349        xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
 350        hdrsize = xfs_attr3_leaf_hdr_size(leaf);
 351
 352        if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
 353                xchk_da_set_corrupt(ds, level);
 354        if (leafhdr.firstused > mp->m_attr_geo->blksize)
 355                xchk_da_set_corrupt(ds, level);
 356        if (leafhdr.firstused < hdrsize)
 357                xchk_da_set_corrupt(ds, level);
 358        if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize))
 359                xchk_da_set_corrupt(ds, level);
 360
 361        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 362                goto out;
 363
 364        entries = xfs_attr3_leaf_entryp(leaf);
 365        if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
 366                xchk_da_set_corrupt(ds, level);
 367
 368        buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
 369        for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
 370                /* Mark the leaf entry itself. */
 371                off = (char *)ent - (char *)leaf;
 372                if (!xchk_xattr_set_map(ds->sc, usedmap, off,
 373                                sizeof(xfs_attr_leaf_entry_t))) {
 374                        xchk_da_set_corrupt(ds, level);
 375                        goto out;
 376                }
 377
 378                /* Check the entry and nameval. */
 379                xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
 380                                ent, i, &usedbytes, &last_hashval);
 381
 382                if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 383                        goto out;
 384        }
 385
 386        if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr))
 387                xchk_da_set_corrupt(ds, level);
 388
 389        if (leafhdr.usedbytes != usedbytes)
 390                xchk_da_set_corrupt(ds, level);
 391
 392out:
 393        return 0;
 394}
 395
 396/* Scrub a attribute btree record. */
 397STATIC int
 398xchk_xattr_rec(
 399        struct xchk_da_btree            *ds,
 400        int                             level)
 401{
 402        struct xfs_mount                *mp = ds->state->mp;
 403        struct xfs_da_state_blk         *blk = &ds->state->path.blk[level];
 404        struct xfs_attr_leaf_name_local *lentry;
 405        struct xfs_attr_leaf_name_remote        *rentry;
 406        struct xfs_buf                  *bp;
 407        struct xfs_attr_leaf_entry      *ent;
 408        xfs_dahash_t                    calc_hash;
 409        xfs_dahash_t                    hash;
 410        int                             nameidx;
 411        int                             hdrsize;
 412        unsigned int                    badflags;
 413        int                             error;
 414
 415        ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC);
 416
 417        ent = xfs_attr3_leaf_entryp(blk->bp->b_addr) + blk->index;
 418
 419        /* Check the whole block, if necessary. */
 420        error = xchk_xattr_block(ds, level);
 421        if (error)
 422                goto out;
 423        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 424                goto out;
 425
 426        /* Check the hash of the entry. */
 427        error = xchk_da_btree_hash(ds, level, &ent->hashval);
 428        if (error)
 429                goto out;
 430
 431        /* Find the attr entry's location. */
 432        bp = blk->bp;
 433        hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
 434        nameidx = be16_to_cpu(ent->nameidx);
 435        if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
 436                xchk_da_set_corrupt(ds, level);
 437                goto out;
 438        }
 439
 440        /* Retrieve the entry and check it. */
 441        hash = be32_to_cpu(ent->hashval);
 442        badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE |
 443                        XFS_ATTR_INCOMPLETE);
 444        if ((ent->flags & badflags) != 0)
 445                xchk_da_set_corrupt(ds, level);
 446        if (ent->flags & XFS_ATTR_LOCAL) {
 447                lentry = (struct xfs_attr_leaf_name_local *)
 448                                (((char *)bp->b_addr) + nameidx);
 449                if (lentry->namelen <= 0) {
 450                        xchk_da_set_corrupt(ds, level);
 451                        goto out;
 452                }
 453                calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen);
 454        } else {
 455                rentry = (struct xfs_attr_leaf_name_remote *)
 456                                (((char *)bp->b_addr) + nameidx);
 457                if (rentry->namelen <= 0) {
 458                        xchk_da_set_corrupt(ds, level);
 459                        goto out;
 460                }
 461                calc_hash = xfs_da_hashname(rentry->name, rentry->namelen);
 462        }
 463        if (calc_hash != hash)
 464                xchk_da_set_corrupt(ds, level);
 465
 466out:
 467        return error;
 468}
 469
 470/* Scrub the extended attribute metadata. */
 471int
 472xchk_xattr(
 473        struct xfs_scrub                *sc)
 474{
 475        struct xchk_xattr               sx;
 476        xfs_dablk_t                     last_checked = -1U;
 477        int                             error = 0;
 478
 479        if (!xfs_inode_hasattr(sc->ip))
 480                return -ENOENT;
 481
 482        memset(&sx, 0, sizeof(sx));
 483        /* Check attribute tree structure */
 484        error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
 485                        &last_checked);
 486        if (error)
 487                goto out;
 488
 489        if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 490                goto out;
 491
 492        /* Check that every attr key can also be looked up by hash. */
 493        sx.context.dp = sc->ip;
 494        sx.context.resynch = 1;
 495        sx.context.put_listent = xchk_xattr_listent;
 496        sx.context.tp = sc->tp;
 497        sx.context.allow_incomplete = true;
 498        sx.sc = sc;
 499
 500        /*
 501         * Look up every xattr in this file by name.
 502         *
 503         * Use the backend implementation of xfs_attr_list to call
 504         * xchk_xattr_listent on every attribute key in this inode.
 505         * In other words, we use the same iterator/callback mechanism
 506         * that listattr uses to scrub extended attributes, though in our
 507         * _listent function, we check the value of the attribute.
 508         *
 509         * The VFS only locks i_rwsem when modifying attrs, so keep all
 510         * three locks held because that's the only way to ensure we're
 511         * the only thread poking into the da btree.  We traverse the da
 512         * btree while holding a leaf buffer locked for the xattr name
 513         * iteration, which doesn't really follow the usual buffer
 514         * locking order.
 515         */
 516        error = xfs_attr_list_ilocked(&sx.context);
 517        if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
 518                goto out;
 519
 520        /* Did our listent function try to return any errors? */
 521        if (sx.context.seen_enough < 0)
 522                error = sx.context.seen_enough;
 523out:
 524        return error;
 525}
 526