LXR linux/fs/xfs/scrub/attr.c

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Copyright (C) 2017 Oracle.  All Rights Reserved.
   4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
   5 */
   6#include "xfs.h"
   7#include "xfs_fs.h"
   8#include "xfs_shared.h"
   9#include "xfs_format.h"
  10#include "xfs_trans_resv.h"
  11#include "xfs_mount.h"
  12#include "xfs_log_format.h"
  13#include "xfs_inode.h"
  14#include "xfs_da_format.h"
  15#include "xfs_da_btree.h"
  16#include "xfs_attr.h"
  17#include "xfs_attr_leaf.h"
  18#include "scrub/scrub.h"
  19#include "scrub/common.h"
  20#include "scrub/dabtree.h"
  21#include "scrub/attr.h"
  22
  23/*
  24 * Allocate enough memory to hold an attr value and attr block bitmaps,
  25 * reallocating the buffer if necessary.  Buffer contents are not preserved
  26 * across a reallocation.
  27 */
  28int
  29xchk_setup_xattr_buf(
  30        struct xfs_scrub        *sc,
  31        size_t                  value_size,
  32        xfs_km_flags_t          flags)
  33{
  34        size_t                  sz;
  35        struct xchk_xattr_buf   *ab = sc->buf;
  36
  37        /*
  38         * We need enough space to read an xattr value from the file or enough
  39         * space to hold three copies of the xattr free space bitmap.  We don't
  40         * need the buffer space for both purposes at the same time.
  41         */
  42        sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
  43        sz = max_t(size_t, sz, value_size);
  44
  45        /*
  46         * If there's already a buffer, figure out if we need to reallocate it
  47         * to accommodate a larger size.
  48         */
  49        if (ab) {
  50                if (sz <= ab->sz)
  51                        return 0;
  52                kmem_free(ab);
  53                sc->buf = NULL;
  54        }
  55
  56        /*
  57         * Don't zero the buffer upon allocation to avoid runtime overhead.
  58         * All users must be careful never to read uninitialized contents.
  59         */
  60        ab = kmem_alloc_large(sizeof(*ab) + sz, flags);
  61        if (!ab)
  62                return -ENOMEM;
  63
  64        ab->sz = sz;
  65        sc->buf = ab;
  66        return 0;
  67}
  68
  69/* Set us up to scrub an inode's extended attributes. */
  70int
  71xchk_setup_xattr(
  72        struct xfs_scrub        *sc,
  73        struct xfs_inode        *ip)
  74{
  75        int                     error;
  76
  77        /*
  78         * We failed to get memory while checking attrs, so this time try to
  79         * get all the memory we're ever going to need.  Allocate the buffer
  80         * without the inode lock held, which means we can sleep.
  81         */
  82        if (sc->flags & XCHK_TRY_HARDER) {
  83                error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, KM_SLEEP);
  84                if (error)
  85                        return error;
  86        }
  87
  88        return xchk_setup_inode_contents(sc, ip, 0);
  89}
  90
  91/* Extended Attributes */
  92
  93struct xchk_xattr {
  94        struct xfs_attr_list_context    context;
  95        struct xfs_scrub                *sc;
  96};
  97
  98/*
  99 * Check that an extended attribute key can be looked up by hash.
 100 *
 101 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked)
 102 * to call this function for every attribute key in an inode.  Once
 103 * we're here, we load the attribute value to see if any errors happen,
 104 * or if we get more or less data than we expected.
 105 */
 106static void
 107xchk_xattr_listent(
 108        struct xfs_attr_list_context    *context,
 109        int                             flags,
 110        unsigned char                   *name,
 111        int                             namelen,
 112        int                             valuelen)
 113{
 114        struct xchk_xattr               *sx;
 115        struct xfs_da_args              args = { NULL };
 116        int                             error = 0;
 117
 118        sx = container_of(context, struct xchk_xattr, context);
 119
 120        if (xchk_should_terminate(sx->sc, &error)) {
 121                context->seen_enough = error;
 122                return;
 123        }
 124
 125        if (flags & XFS_ATTR_INCOMPLETE) {
 126                /* Incomplete attr key, just mark the inode for preening. */
 127                xchk_ino_set_preen(sx->sc, context->dp->i_ino);
 128                return;
 129        }
 130
 131        /* Does this name make sense? */
 132        if (!xfs_attr_namecheck(name, namelen)) {
 133                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
 134                return;
 135        }
 136
 137        /*
 138         * Try to allocate enough memory to extrat the attr value.  If that
 139         * doesn't work, we overload the seen_enough variable to convey
 140         * the error message back to the main scrub function.
 141         */
 142        error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL);
 143        if (error == -ENOMEM)
 144                error = -EDEADLOCK;
 145        if (error) {
 146                context->seen_enough = error;
 147                return;
 148        }
 149
 150        args.flags = ATTR_KERNOTIME;
 151        if (flags & XFS_ATTR_ROOT)
 152                args.flags |= ATTR_ROOT;
 153        else if (flags & XFS_ATTR_SECURE)
 154                args.flags |= ATTR_SECURE;
 155        args.geo = context->dp->i_mount->m_attr_geo;
 156        args.whichfork = XFS_ATTR_FORK;
 157        args.dp = context->dp;
 158        args.name = name;
 159        args.namelen = namelen;
 160        args.hashval = xfs_da_hashname(args.name, args.namelen);
 161        args.trans = context->tp;
 162        args.value = xchk_xattr_valuebuf(sx->sc);
 163        args.valuelen = valuelen;
 164
 165        error = xfs_attr_get_ilocked(context->dp, &args);
 166        if (error == -EEXIST)
 167                error = 0;
 168        if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno,
 169                        &error))
 170                goto fail_xref;
 171        if (args.valuelen != valuelen)
 172                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK,
 173                                             args.blkno);
 174fail_xref:
 175        if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 176                context->seen_enough = XFS_ITER_ABORT;
 177        return;
 178}
 179
 180/*
 181 * Mark a range [start, start+len) in this map.  Returns true if the
 182 * region was free, and false if there's a conflict or a problem.
 183 *
 184 * Within a char, the lowest bit of the char represents the byte with
 185 * the smallest address
 186 */
 187STATIC bool
 188xchk_xattr_set_map(
 189        struct xfs_scrub        *sc,
 190        unsigned long           *map,
 191        unsigned int            start,
 192        unsigned int            len)
 193{
 194        unsigned int            mapsize = sc->mp->m_attr_geo->blksize;
 195        bool                    ret = true;
 196
 197        if (start >= mapsize)
 198                return false;
 199        if (start + len > mapsize) {
 200                len = mapsize - start;
 201                ret = false;
 202        }
 203
 204        if (find_next_bit(map, mapsize, start) < start + len)
 205                ret = false;
 206        bitmap_set(map, start, len);
 207
 208        return ret;
 209}
 210
 211/*
 212 * Check the leaf freemap from the usage bitmap.  Returns false if the
 213 * attr freemap has problems or points to used space.
 214 */
 215STATIC bool
 216xchk_xattr_check_freemap(
 217        struct xfs_scrub                *sc,
 218        unsigned long                   *map,
 219        struct xfs_attr3_icleaf_hdr     *leafhdr)
 220{
 221        unsigned long                   *freemap = xchk_xattr_freemap(sc);
 222        unsigned long                   *dstmap = xchk_xattr_dstmap(sc);
 223        unsigned int                    mapsize = sc->mp->m_attr_geo->blksize;
 224        int                             i;
 225
 226        /* Construct bitmap of freemap contents. */
 227        bitmap_zero(freemap, mapsize);
 228        for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
 229                if (!xchk_xattr_set_map(sc, freemap,
 230                                leafhdr->freemap[i].base,
 231                                leafhdr->freemap[i].size))
 232                        return false;
 233        }
 234
 235        /* Look for bits that are set in freemap and are marked in use. */
 236        return bitmap_and(dstmap, freemap, map, mapsize) == 0;
 237}
 238
 239/*
 240 * Check this leaf entry's relations to everything else.
 241 * Returns the number of bytes used for the name/value data.
 242 */
 243STATIC void
 244xchk_xattr_entry(
 245        struct xchk_da_btree            *ds,
 246        int                             level,
 247        char                            *buf_end,
 248        struct xfs_attr_leafblock       *leaf,
 249        struct xfs_attr3_icleaf_hdr     *leafhdr,
 250        struct xfs_attr_leaf_entry      *ent,
 251        int                             idx,
 252        unsigned int                    *usedbytes,
 253        __u32                           *last_hashval)
 254{
 255        struct xfs_mount                *mp = ds->state->mp;
 256        unsigned long                   *usedmap = xchk_xattr_usedmap(ds->sc);
 257        char                            *name_end;
 258        struct xfs_attr_leaf_name_local *lentry;
 259        struct xfs_attr_leaf_name_remote *rentry;
 260        unsigned int                    nameidx;
 261        unsigned int                    namesize;
 262
 263        if (ent->pad2 != 0)
 264                xchk_da_set_corrupt(ds, level);
 265
 266        /* Hash values in order? */
 267        if (be32_to_cpu(ent->hashval) < *last_hashval)
 268                xchk_da_set_corrupt(ds, level);
 269        *last_hashval = be32_to_cpu(ent->hashval);
 270
 271        nameidx = be16_to_cpu(ent->nameidx);
 272        if (nameidx < leafhdr->firstused ||
 273            nameidx >= mp->m_attr_geo->blksize) {
 274                xchk_da_set_corrupt(ds, level);
 275                return;
 276        }
 277
 278        /* Check the name information. */
 279        if (ent->flags & XFS_ATTR_LOCAL) {
 280                lentry = xfs_attr3_leaf_name_local(leaf, idx);
 281                namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
 282                                be16_to_cpu(lentry->valuelen));
 283                name_end = (char *)lentry + namesize;
 284                if (lentry->namelen == 0)
 285                        xchk_da_set_corrupt(ds, level);
 286        } else {
 287                rentry = xfs_attr3_leaf_name_remote(leaf, idx);
 288                namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
 289                name_end = (char *)rentry + namesize;
 290                if (rentry->namelen == 0 || rentry->valueblk == 0)
 291                        xchk_da_set_corrupt(ds, level);
 292        }
 293        if (name_end > buf_end)
 294                xchk_da_set_corrupt(ds, level);
 295
 296        if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize))
 297                xchk_da_set_corrupt(ds, level);
 298        if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
 299                *usedbytes += namesize;
 300}
 301
 302/* Scrub an attribute leaf. */
 303STATIC int
 304xchk_xattr_block(
 305        struct xchk_da_btree            *ds,
 306        int                             level)
 307{
 308        struct xfs_attr3_icleaf_hdr     leafhdr;
 309        struct xfs_mount                *mp = ds->state->mp;
 310        struct xfs_da_state_blk         *blk = &ds->state->path.blk[level];
 311        struct xfs_buf                  *bp = blk->bp;
 312        xfs_dablk_t                     *last_checked = ds->private;
 313        struct xfs_attr_leafblock       *leaf = bp->b_addr;
 314        struct xfs_attr_leaf_entry      *ent;
 315        struct xfs_attr_leaf_entry      *entries;
 316        unsigned long                   *usedmap;
 317        char                            *buf_end;
 318        size_t                          off;
 319        __u32                           last_hashval = 0;
 320        unsigned int                    usedbytes = 0;
 321        unsigned int                    hdrsize;
 322        int                             i;
 323        int                             error;
 324
 325        if (*last_checked == blk->blkno)
 326                return 0;
 327
 328        /* Allocate memory for block usage checking. */
 329        error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL);
 330        if (error == -ENOMEM)
 331                return -EDEADLOCK;
 332        if (error)
 333                return error;
 334        usedmap = xchk_xattr_usedmap(ds->sc);
 335
 336        *last_checked = blk->blkno;
 337        bitmap_zero(usedmap, mp->m_attr_geo->blksize);
 338
 339        /* Check all the padding. */
 340        if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) {
 341                struct xfs_attr3_leafblock      *leaf = bp->b_addr;
 342
 343                if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 ||
 344                    leaf->hdr.info.hdr.pad != 0)
 345                        xchk_da_set_corrupt(ds, level);
 346        } else {
 347                if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
 348                        xchk_da_set_corrupt(ds, level);
 349        }
 350
 351        /* Check the leaf header */
 352        xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
 353        hdrsize = xfs_attr3_leaf_hdr_size(leaf);
 354
 355        if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
 356                xchk_da_set_corrupt(ds, level);
 357        if (leafhdr.firstused > mp->m_attr_geo->blksize)
 358                xchk_da_set_corrupt(ds, level);
 359        if (leafhdr.firstused < hdrsize)
 360                xchk_da_set_corrupt(ds, level);
 361        if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize))
 362                xchk_da_set_corrupt(ds, level);
 363
 364        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 365                goto out;
 366
 367        entries = xfs_attr3_leaf_entryp(leaf);
 368        if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
 369                xchk_da_set_corrupt(ds, level);
 370
 371        buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
 372        for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
 373                /* Mark the leaf entry itself. */
 374                off = (char *)ent - (char *)leaf;
 375                if (!xchk_xattr_set_map(ds->sc, usedmap, off,
 376                                sizeof(xfs_attr_leaf_entry_t))) {
 377                        xchk_da_set_corrupt(ds, level);
 378                        goto out;
 379                }
 380
 381                /* Check the entry and nameval. */
 382                xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
 383                                ent, i, &usedbytes, &last_hashval);
 384
 385                if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 386                        goto out;
 387        }
 388
 389        if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr))
 390                xchk_da_set_corrupt(ds, level);
 391
 392        if (leafhdr.usedbytes != usedbytes)
 393                xchk_da_set_corrupt(ds, level);
 394
 395out:
 396        return 0;
 397}
 398
 399/* Scrub a attribute btree record. */
 400STATIC int
 401xchk_xattr_rec(
 402        struct xchk_da_btree            *ds,
 403        int                             level,
 404        void                            *rec)
 405{
 406        struct xfs_mount                *mp = ds->state->mp;
 407        struct xfs_attr_leaf_entry      *ent = rec;
 408        struct xfs_da_state_blk         *blk;
 409        struct xfs_attr_leaf_name_local *lentry;
 410        struct xfs_attr_leaf_name_remote        *rentry;
 411        struct xfs_buf                  *bp;
 412        xfs_dahash_t                    calc_hash;
 413        xfs_dahash_t                    hash;
 414        int                             nameidx;
 415        int                             hdrsize;
 416        unsigned int                    badflags;
 417        int                             error;
 418
 419        blk = &ds->state->path.blk[level];
 420
 421        /* Check the whole block, if necessary. */
 422        error = xchk_xattr_block(ds, level);
 423        if (error)
 424                goto out;
 425        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 426                goto out;
 427
 428        /* Check the hash of the entry. */
 429        error = xchk_da_btree_hash(ds, level, &ent->hashval);
 430        if (error)
 431                goto out;
 432
 433        /* Find the attr entry's location. */
 434        bp = blk->bp;
 435        hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
 436        nameidx = be16_to_cpu(ent->nameidx);
 437        if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
 438                xchk_da_set_corrupt(ds, level);
 439                goto out;
 440        }
 441
 442        /* Retrieve the entry and check it. */
 443        hash = be32_to_cpu(ent->hashval);
 444        badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE |
 445                        XFS_ATTR_INCOMPLETE);
 446        if ((ent->flags & badflags) != 0)
 447                xchk_da_set_corrupt(ds, level);
 448        if (ent->flags & XFS_ATTR_LOCAL) {
 449                lentry = (struct xfs_attr_leaf_name_local *)
 450                                (((char *)bp->b_addr) + nameidx);
 451                if (lentry->namelen <= 0) {
 452                        xchk_da_set_corrupt(ds, level);
 453                        goto out;
 454                }
 455                calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen);
 456        } else {
 457                rentry = (struct xfs_attr_leaf_name_remote *)
 458                                (((char *)bp->b_addr) + nameidx);
 459                if (rentry->namelen <= 0) {
 460                        xchk_da_set_corrupt(ds, level);
 461                        goto out;
 462                }
 463                calc_hash = xfs_da_hashname(rentry->name, rentry->namelen);
 464        }
 465        if (calc_hash != hash)
 466                xchk_da_set_corrupt(ds, level);
 467
 468out:
 469        return error;
 470}
 471
 472/* Scrub the extended attribute metadata. */
 473int
 474xchk_xattr(
 475        struct xfs_scrub                *sc)
 476{
 477        struct xchk_xattr               sx;
 478        struct attrlist_cursor_kern     cursor = { 0 };
 479        xfs_dablk_t                     last_checked = -1U;
 480        int                             error = 0;
 481
 482        if (!xfs_inode_hasattr(sc->ip))
 483                return -ENOENT;
 484
 485        memset(&sx, 0, sizeof(sx));
 486        /* Check attribute tree structure */
 487        error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
 488                        &last_checked);
 489        if (error)
 490                goto out;
 491
 492        if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 493                goto out;
 494
 495        /* Check that every attr key can also be looked up by hash. */
 496        sx.context.dp = sc->ip;
 497        sx.context.cursor = &cursor;
 498        sx.context.resynch = 1;
 499        sx.context.put_listent = xchk_xattr_listent;
 500        sx.context.tp = sc->tp;
 501        sx.context.flags = ATTR_INCOMPLETE;
 502        sx.sc = sc;
 503
 504        /*
 505         * Look up every xattr in this file by name.
 506         *
 507         * Use the backend implementation of xfs_attr_list to call
 508         * xchk_xattr_listent on every attribute key in this inode.
 509         * In other words, we use the same iterator/callback mechanism
 510         * that listattr uses to scrub extended attributes, though in our
 511         * _listent function, we check the value of the attribute.
 512         *
 513         * The VFS only locks i_rwsem when modifying attrs, so keep all
 514         * three locks held because that's the only way to ensure we're
 515         * the only thread poking into the da btree.  We traverse the da
 516         * btree while holding a leaf buffer locked for the xattr name
 517         * iteration, which doesn't really follow the usual buffer
 518         * locking order.
 519         */
 520        error = xfs_attr_list_int_ilocked(&sx.context);
 521        if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
 522                goto out;
 523
 524        /* Did our listent function try to return any errors? */
 525        if (sx.context.seen_enough < 0)
 526                error = sx.context.seen_enough;
 527out:
 528        return error;
 529}
 530