LXR linux/fs/xfs/scrub/attr.c

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Copyright (C) 2017 Oracle.  All Rights Reserved.
   4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
   5 */
   6#include "xfs.h"
   7#include "xfs_fs.h"
   8#include "xfs_shared.h"
   9#include "xfs_format.h"
  10#include "xfs_trans_resv.h"
  11#include "xfs_mount.h"
  12#include "xfs_log_format.h"
  13#include "xfs_inode.h"
  14#include "xfs_da_format.h"
  15#include "xfs_da_btree.h"
  16#include "xfs_attr.h"
  17#include "xfs_attr_leaf.h"
  18#include "scrub/scrub.h"
  19#include "scrub/common.h"
  20#include "scrub/dabtree.h"
  21#include "scrub/attr.h"
  22
  23/*
  24 * Allocate enough memory to hold an attr value and attr block bitmaps,
  25 * reallocating the buffer if necessary.  Buffer contents are not preserved
  26 * across a reallocation.
  27 */
  28int
  29xchk_setup_xattr_buf(
  30        struct xfs_scrub        *sc,
  31        size_t                  value_size,
  32        xfs_km_flags_t          flags)
  33{
  34        size_t                  sz;
  35        struct xchk_xattr_buf   *ab = sc->buf;
  36
  37        /*
  38         * We need enough space to read an xattr value from the file or enough
  39         * space to hold three copies of the xattr free space bitmap.  We don't
  40         * need the buffer space for both purposes at the same time.
  41         */
  42        sz = 3 * sizeof(long) * BITS_TO_LONGS(sc->mp->m_attr_geo->blksize);
  43        sz = max_t(size_t, sz, value_size);
  44
  45        /*
  46         * If there's already a buffer, figure out if we need to reallocate it
  47         * to accommodate a larger size.
  48         */
  49        if (ab) {
  50                if (sz <= ab->sz)
  51                        return 0;
  52                kmem_free(ab);
  53                sc->buf = NULL;
  54        }
  55
  56        /*
  57         * Don't zero the buffer upon allocation to avoid runtime overhead.
  58         * All users must be careful never to read uninitialized contents.
  59         */
  60        ab = kmem_alloc_large(sizeof(*ab) + sz, flags);
  61        if (!ab)
  62                return -ENOMEM;
  63
  64        ab->sz = sz;
  65        sc->buf = ab;
  66        return 0;
  67}
  68
  69/* Set us up to scrub an inode's extended attributes. */
  70int
  71xchk_setup_xattr(
  72        struct xfs_scrub        *sc,
  73        struct xfs_inode        *ip)
  74{
  75        int                     error;
  76
  77        /*
  78         * We failed to get memory while checking attrs, so this time try to
  79         * get all the memory we're ever going to need.  Allocate the buffer
  80         * without the inode lock held, which means we can sleep.
  81         */
  82        if (sc->flags & XCHK_TRY_HARDER) {
  83                error = xchk_setup_xattr_buf(sc, XATTR_SIZE_MAX, 0);
  84                if (error)
  85                        return error;
  86        }
  87
  88        return xchk_setup_inode_contents(sc, ip, 0);
  89}
  90
  91/* Extended Attributes */
  92
  93struct xchk_xattr {
  94        struct xfs_attr_list_context    context;
  95        struct xfs_scrub                *sc;
  96};
  97
  98/*
  99 * Check that an extended attribute key can be looked up by hash.
 100 *
 101 * We use the XFS attribute list iterator (i.e. xfs_attr_list_int_ilocked)
 102 * to call this function for every attribute key in an inode.  Once
 103 * we're here, we load the attribute value to see if any errors happen,
 104 * or if we get more or less data than we expected.
 105 */
 106static void
 107xchk_xattr_listent(
 108        struct xfs_attr_list_context    *context,
 109        int                             flags,
 110        unsigned char                   *name,
 111        int                             namelen,
 112        int                             valuelen)
 113{
 114        struct xchk_xattr               *sx;
 115        struct xfs_da_args              args = { NULL };
 116        int                             error = 0;
 117
 118        sx = container_of(context, struct xchk_xattr, context);
 119
 120        if (xchk_should_terminate(sx->sc, &error)) {
 121                context->seen_enough = error;
 122                return;
 123        }
 124
 125        if (flags & XFS_ATTR_INCOMPLETE) {
 126                /* Incomplete attr key, just mark the inode for preening. */
 127                xchk_ino_set_preen(sx->sc, context->dp->i_ino);
 128                return;
 129        }
 130
 131        /* Does this name make sense? */
 132        if (!xfs_attr_namecheck(name, namelen)) {
 133                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
 134                return;
 135        }
 136
 137        /*
 138         * Try to allocate enough memory to extrat the attr value.  If that
 139         * doesn't work, we overload the seen_enough variable to convey
 140         * the error message back to the main scrub function.
 141         */
 142        error = xchk_setup_xattr_buf(sx->sc, valuelen, KM_MAYFAIL);
 143        if (error == -ENOMEM)
 144                error = -EDEADLOCK;
 145        if (error) {
 146                context->seen_enough = error;
 147                return;
 148        }
 149
 150        args.flags = ATTR_KERNOTIME;
 151        if (flags & XFS_ATTR_ROOT)
 152                args.flags |= ATTR_ROOT;
 153        else if (flags & XFS_ATTR_SECURE)
 154                args.flags |= ATTR_SECURE;
 155        args.geo = context->dp->i_mount->m_attr_geo;
 156        args.whichfork = XFS_ATTR_FORK;
 157        args.dp = context->dp;
 158        args.name = name;
 159        args.namelen = namelen;
 160        args.hashval = xfs_da_hashname(args.name, args.namelen);
 161        args.trans = context->tp;
 162        args.value = xchk_xattr_valuebuf(sx->sc);
 163        args.valuelen = valuelen;
 164
 165        error = xfs_attr_get_ilocked(context->dp, &args);
 166        if (!xchk_fblock_process_error(sx->sc, XFS_ATTR_FORK, args.blkno,
 167                        &error))
 168                goto fail_xref;
 169        if (args.valuelen != valuelen)
 170                xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK,
 171                                             args.blkno);
 172fail_xref:
 173        if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 174                context->seen_enough = 1;
 175        return;
 176}
 177
 178/*
 179 * Mark a range [start, start+len) in this map.  Returns true if the
 180 * region was free, and false if there's a conflict or a problem.
 181 *
 182 * Within a char, the lowest bit of the char represents the byte with
 183 * the smallest address
 184 */
 185STATIC bool
 186xchk_xattr_set_map(
 187        struct xfs_scrub        *sc,
 188        unsigned long           *map,
 189        unsigned int            start,
 190        unsigned int            len)
 191{
 192        unsigned int            mapsize = sc->mp->m_attr_geo->blksize;
 193        bool                    ret = true;
 194
 195        if (start >= mapsize)
 196                return false;
 197        if (start + len > mapsize) {
 198                len = mapsize - start;
 199                ret = false;
 200        }
 201
 202        if (find_next_bit(map, mapsize, start) < start + len)
 203                ret = false;
 204        bitmap_set(map, start, len);
 205
 206        return ret;
 207}
 208
 209/*
 210 * Check the leaf freemap from the usage bitmap.  Returns false if the
 211 * attr freemap has problems or points to used space.
 212 */
 213STATIC bool
 214xchk_xattr_check_freemap(
 215        struct xfs_scrub                *sc,
 216        unsigned long                   *map,
 217        struct xfs_attr3_icleaf_hdr     *leafhdr)
 218{
 219        unsigned long                   *freemap = xchk_xattr_freemap(sc);
 220        unsigned long                   *dstmap = xchk_xattr_dstmap(sc);
 221        unsigned int                    mapsize = sc->mp->m_attr_geo->blksize;
 222        int                             i;
 223
 224        /* Construct bitmap of freemap contents. */
 225        bitmap_zero(freemap, mapsize);
 226        for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
 227                if (!xchk_xattr_set_map(sc, freemap,
 228                                leafhdr->freemap[i].base,
 229                                leafhdr->freemap[i].size))
 230                        return false;
 231        }
 232
 233        /* Look for bits that are set in freemap and are marked in use. */
 234        return bitmap_and(dstmap, freemap, map, mapsize) == 0;
 235}
 236
 237/*
 238 * Check this leaf entry's relations to everything else.
 239 * Returns the number of bytes used for the name/value data.
 240 */
 241STATIC void
 242xchk_xattr_entry(
 243        struct xchk_da_btree            *ds,
 244        int                             level,
 245        char                            *buf_end,
 246        struct xfs_attr_leafblock       *leaf,
 247        struct xfs_attr3_icleaf_hdr     *leafhdr,
 248        struct xfs_attr_leaf_entry      *ent,
 249        int                             idx,
 250        unsigned int                    *usedbytes,
 251        __u32                           *last_hashval)
 252{
 253        struct xfs_mount                *mp = ds->state->mp;
 254        unsigned long                   *usedmap = xchk_xattr_usedmap(ds->sc);
 255        char                            *name_end;
 256        struct xfs_attr_leaf_name_local *lentry;
 257        struct xfs_attr_leaf_name_remote *rentry;
 258        unsigned int                    nameidx;
 259        unsigned int                    namesize;
 260
 261        if (ent->pad2 != 0)
 262                xchk_da_set_corrupt(ds, level);
 263
 264        /* Hash values in order? */
 265        if (be32_to_cpu(ent->hashval) < *last_hashval)
 266                xchk_da_set_corrupt(ds, level);
 267        *last_hashval = be32_to_cpu(ent->hashval);
 268
 269        nameidx = be16_to_cpu(ent->nameidx);
 270        if (nameidx < leafhdr->firstused ||
 271            nameidx >= mp->m_attr_geo->blksize) {
 272                xchk_da_set_corrupt(ds, level);
 273                return;
 274        }
 275
 276        /* Check the name information. */
 277        if (ent->flags & XFS_ATTR_LOCAL) {
 278                lentry = xfs_attr3_leaf_name_local(leaf, idx);
 279                namesize = xfs_attr_leaf_entsize_local(lentry->namelen,
 280                                be16_to_cpu(lentry->valuelen));
 281                name_end = (char *)lentry + namesize;
 282                if (lentry->namelen == 0)
 283                        xchk_da_set_corrupt(ds, level);
 284        } else {
 285                rentry = xfs_attr3_leaf_name_remote(leaf, idx);
 286                namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
 287                name_end = (char *)rentry + namesize;
 288                if (rentry->namelen == 0 || rentry->valueblk == 0)
 289                        xchk_da_set_corrupt(ds, level);
 290        }
 291        if (name_end > buf_end)
 292                xchk_da_set_corrupt(ds, level);
 293
 294        if (!xchk_xattr_set_map(ds->sc, usedmap, nameidx, namesize))
 295                xchk_da_set_corrupt(ds, level);
 296        if (!(ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT))
 297                *usedbytes += namesize;
 298}
 299
 300/* Scrub an attribute leaf. */
 301STATIC int
 302xchk_xattr_block(
 303        struct xchk_da_btree            *ds,
 304        int                             level)
 305{
 306        struct xfs_attr3_icleaf_hdr     leafhdr;
 307        struct xfs_mount                *mp = ds->state->mp;
 308        struct xfs_da_state_blk         *blk = &ds->state->path.blk[level];
 309        struct xfs_buf                  *bp = blk->bp;
 310        xfs_dablk_t                     *last_checked = ds->private;
 311        struct xfs_attr_leafblock       *leaf = bp->b_addr;
 312        struct xfs_attr_leaf_entry      *ent;
 313        struct xfs_attr_leaf_entry      *entries;
 314        unsigned long                   *usedmap;
 315        char                            *buf_end;
 316        size_t                          off;
 317        __u32                           last_hashval = 0;
 318        unsigned int                    usedbytes = 0;
 319        unsigned int                    hdrsize;
 320        int                             i;
 321        int                             error;
 322
 323        if (*last_checked == blk->blkno)
 324                return 0;
 325
 326        /* Allocate memory for block usage checking. */
 327        error = xchk_setup_xattr_buf(ds->sc, 0, KM_MAYFAIL);
 328        if (error == -ENOMEM)
 329                return -EDEADLOCK;
 330        if (error)
 331                return error;
 332        usedmap = xchk_xattr_usedmap(ds->sc);
 333
 334        *last_checked = blk->blkno;
 335        bitmap_zero(usedmap, mp->m_attr_geo->blksize);
 336
 337        /* Check all the padding. */
 338        if (xfs_sb_version_hascrc(&ds->sc->mp->m_sb)) {
 339                struct xfs_attr3_leafblock      *leaf = bp->b_addr;
 340
 341                if (leaf->hdr.pad1 != 0 || leaf->hdr.pad2 != 0 ||
 342                    leaf->hdr.info.hdr.pad != 0)
 343                        xchk_da_set_corrupt(ds, level);
 344        } else {
 345                if (leaf->hdr.pad1 != 0 || leaf->hdr.info.pad != 0)
 346                        xchk_da_set_corrupt(ds, level);
 347        }
 348
 349        /* Check the leaf header */
 350        xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
 351        hdrsize = xfs_attr3_leaf_hdr_size(leaf);
 352
 353        if (leafhdr.usedbytes > mp->m_attr_geo->blksize)
 354                xchk_da_set_corrupt(ds, level);
 355        if (leafhdr.firstused > mp->m_attr_geo->blksize)
 356                xchk_da_set_corrupt(ds, level);
 357        if (leafhdr.firstused < hdrsize)
 358                xchk_da_set_corrupt(ds, level);
 359        if (!xchk_xattr_set_map(ds->sc, usedmap, 0, hdrsize))
 360                xchk_da_set_corrupt(ds, level);
 361
 362        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 363                goto out;
 364
 365        entries = xfs_attr3_leaf_entryp(leaf);
 366        if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
 367                xchk_da_set_corrupt(ds, level);
 368
 369        buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
 370        for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
 371                /* Mark the leaf entry itself. */
 372                off = (char *)ent - (char *)leaf;
 373                if (!xchk_xattr_set_map(ds->sc, usedmap, off,
 374                                sizeof(xfs_attr_leaf_entry_t))) {
 375                        xchk_da_set_corrupt(ds, level);
 376                        goto out;
 377                }
 378
 379                /* Check the entry and nameval. */
 380                xchk_xattr_entry(ds, level, buf_end, leaf, &leafhdr,
 381                                ent, i, &usedbytes, &last_hashval);
 382
 383                if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 384                        goto out;
 385        }
 386
 387        if (!xchk_xattr_check_freemap(ds->sc, usedmap, &leafhdr))
 388                xchk_da_set_corrupt(ds, level);
 389
 390        if (leafhdr.usedbytes != usedbytes)
 391                xchk_da_set_corrupt(ds, level);
 392
 393out:
 394        return 0;
 395}
 396
 397/* Scrub a attribute btree record. */
 398STATIC int
 399xchk_xattr_rec(
 400        struct xchk_da_btree            *ds,
 401        int                             level,
 402        void                            *rec)
 403{
 404        struct xfs_mount                *mp = ds->state->mp;
 405        struct xfs_attr_leaf_entry      *ent = rec;
 406        struct xfs_da_state_blk         *blk;
 407        struct xfs_attr_leaf_name_local *lentry;
 408        struct xfs_attr_leaf_name_remote        *rentry;
 409        struct xfs_buf                  *bp;
 410        xfs_dahash_t                    calc_hash;
 411        xfs_dahash_t                    hash;
 412        int                             nameidx;
 413        int                             hdrsize;
 414        unsigned int                    badflags;
 415        int                             error;
 416
 417        blk = &ds->state->path.blk[level];
 418
 419        /* Check the whole block, if necessary. */
 420        error = xchk_xattr_block(ds, level);
 421        if (error)
 422                goto out;
 423        if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 424                goto out;
 425
 426        /* Check the hash of the entry. */
 427        error = xchk_da_btree_hash(ds, level, &ent->hashval);
 428        if (error)
 429                goto out;
 430
 431        /* Find the attr entry's location. */
 432        bp = blk->bp;
 433        hdrsize = xfs_attr3_leaf_hdr_size(bp->b_addr);
 434        nameidx = be16_to_cpu(ent->nameidx);
 435        if (nameidx < hdrsize || nameidx >= mp->m_attr_geo->blksize) {
 436                xchk_da_set_corrupt(ds, level);
 437                goto out;
 438        }
 439
 440        /* Retrieve the entry and check it. */
 441        hash = be32_to_cpu(ent->hashval);
 442        badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE |
 443                        XFS_ATTR_INCOMPLETE);
 444        if ((ent->flags & badflags) != 0)
 445                xchk_da_set_corrupt(ds, level);
 446        if (ent->flags & XFS_ATTR_LOCAL) {
 447                lentry = (struct xfs_attr_leaf_name_local *)
 448                                (((char *)bp->b_addr) + nameidx);
 449                if (lentry->namelen <= 0) {
 450                        xchk_da_set_corrupt(ds, level);
 451                        goto out;
 452                }
 453                calc_hash = xfs_da_hashname(lentry->nameval, lentry->namelen);
 454        } else {
 455                rentry = (struct xfs_attr_leaf_name_remote *)
 456                                (((char *)bp->b_addr) + nameidx);
 457                if (rentry->namelen <= 0) {
 458                        xchk_da_set_corrupt(ds, level);
 459                        goto out;
 460                }
 461                calc_hash = xfs_da_hashname(rentry->name, rentry->namelen);
 462        }
 463        if (calc_hash != hash)
 464                xchk_da_set_corrupt(ds, level);
 465
 466out:
 467        return error;
 468}
 469
 470/* Scrub the extended attribute metadata. */
 471int
 472xchk_xattr(
 473        struct xfs_scrub                *sc)
 474{
 475        struct xchk_xattr               sx;
 476        struct attrlist_cursor_kern     cursor = { 0 };
 477        xfs_dablk_t                     last_checked = -1U;
 478        int                             error = 0;
 479
 480        if (!xfs_inode_hasattr(sc->ip))
 481                return -ENOENT;
 482
 483        memset(&sx, 0, sizeof(sx));
 484        /* Check attribute tree structure */
 485        error = xchk_da_btree(sc, XFS_ATTR_FORK, xchk_xattr_rec,
 486                        &last_checked);
 487        if (error)
 488                goto out;
 489
 490        if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 491                goto out;
 492
 493        /* Check that every attr key can also be looked up by hash. */
 494        sx.context.dp = sc->ip;
 495        sx.context.cursor = &cursor;
 496        sx.context.resynch = 1;
 497        sx.context.put_listent = xchk_xattr_listent;
 498        sx.context.tp = sc->tp;
 499        sx.context.flags = ATTR_INCOMPLETE;
 500        sx.sc = sc;
 501
 502        /*
 503         * Look up every xattr in this file by name.
 504         *
 505         * Use the backend implementation of xfs_attr_list to call
 506         * xchk_xattr_listent on every attribute key in this inode.
 507         * In other words, we use the same iterator/callback mechanism
 508         * that listattr uses to scrub extended attributes, though in our
 509         * _listent function, we check the value of the attribute.
 510         *
 511         * The VFS only locks i_rwsem when modifying attrs, so keep all
 512         * three locks held because that's the only way to ensure we're
 513         * the only thread poking into the da btree.  We traverse the da
 514         * btree while holding a leaf buffer locked for the xattr name
 515         * iteration, which doesn't really follow the usual buffer
 516         * locking order.
 517         */
 518        error = xfs_attr_list_int_ilocked(&sx.context);
 519        if (!xchk_fblock_process_error(sc, XFS_ATTR_FORK, 0, &error))
 520                goto out;
 521
 522        /* Did our listent function try to return any errors? */
 523        if (sx.context.seen_enough < 0)
 524                error = sx.context.seen_enough;
 525out:
 526        return error;
 527}
 528