Commit | Line | Data |
---|---|---|
80e4e126 DW |
1 | /* |
2 | * Copyright (C) 2017 Oracle. All Rights Reserved. | |
3 | * | |
4 | * Author: Darrick J. Wong <darrick.wong@oracle.com> | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version 2 | |
9 | * of the License, or (at your option) any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it would be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, write the Free Software Foundation, | |
18 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. | |
19 | */ | |
20 | #include "xfs.h" | |
21 | #include "xfs_fs.h" | |
22 | #include "xfs_shared.h" | |
23 | #include "xfs_format.h" | |
24 | #include "xfs_trans_resv.h" | |
25 | #include "xfs_mount.h" | |
26 | #include "xfs_defer.h" | |
27 | #include "xfs_btree.h" | |
28 | #include "xfs_bit.h" | |
29 | #include "xfs_log_format.h" | |
30 | #include "xfs_trans.h" | |
31 | #include "xfs_sb.h" | |
32 | #include "xfs_inode.h" | |
33 | #include "xfs_icache.h" | |
34 | #include "xfs_inode_buf.h" | |
35 | #include "xfs_inode_fork.h" | |
36 | #include "xfs_ialloc.h" | |
37 | #include "xfs_da_format.h" | |
38 | #include "xfs_reflink.h" | |
d852657c | 39 | #include "xfs_rmap.h" |
561f648a DW |
40 | #include "xfs_bmap.h" |
41 | #include "xfs_bmap_util.h" | |
80e4e126 DW |
42 | #include "scrub/xfs_scrub.h" |
43 | #include "scrub/scrub.h" | |
44 | #include "scrub/common.h" | |
2e6f2756 | 45 | #include "scrub/btree.h" |
80e4e126 DW |
46 | #include "scrub/trace.h" |
47 | ||
48 | /* | |
49 | * Grab total control of the inode metadata. It doesn't matter here if | |
50 | * the file data is still changing; exclusive access to the metadata is | |
51 | * the goal. | |
52 | */ | |
53 | int | |
54 | xfs_scrub_setup_inode( | |
55 | struct xfs_scrub_context *sc, | |
56 | struct xfs_inode *ip) | |
57 | { | |
58 | struct xfs_mount *mp = sc->mp; | |
59 | int error; | |
60 | ||
61 | /* | |
62 | * Try to get the inode. If the verifiers fail, we try again | |
63 | * in raw mode. | |
64 | */ | |
65 | error = xfs_scrub_get_inode(sc, ip); | |
66 | switch (error) { | |
67 | case 0: | |
68 | break; | |
69 | case -EFSCORRUPTED: | |
70 | case -EFSBADCRC: | |
1ad1205e | 71 | return xfs_scrub_trans_alloc(sc->sm, mp, &sc->tp); |
80e4e126 DW |
72 | default: |
73 | return error; | |
74 | } | |
75 | ||
76 | /* Got the inode, lock it and we're ready to go. */ | |
77 | sc->ilock_flags = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; | |
78 | xfs_ilock(sc->ip, sc->ilock_flags); | |
79 | error = xfs_scrub_trans_alloc(sc->sm, mp, &sc->tp); | |
80 | if (error) | |
81 | goto out; | |
82 | sc->ilock_flags |= XFS_ILOCK_EXCL; | |
83 | xfs_ilock(sc->ip, XFS_ILOCK_EXCL); | |
84 | ||
85 | out: | |
86 | /* scrub teardown will unlock and release the inode for us */ | |
87 | return error; | |
88 | } | |
89 | ||
90 | /* Inode core */ | |
91 | ||
92 | /* | |
93 | * Validate di_extsize hint. | |
94 | * | |
95 | * The rules are documented at xfs_ioctl_setattr_check_extsize(). | |
96 | * These functions must be kept in sync with each other. | |
97 | */ | |
98 | STATIC void | |
99 | xfs_scrub_inode_extsize( | |
100 | struct xfs_scrub_context *sc, | |
101 | struct xfs_buf *bp, | |
102 | struct xfs_dinode *dip, | |
103 | xfs_ino_t ino, | |
104 | uint16_t mode, | |
105 | uint16_t flags) | |
106 | { | |
107 | struct xfs_mount *mp = sc->mp; | |
108 | bool rt_flag; | |
109 | bool hint_flag; | |
110 | bool inherit_flag; | |
111 | uint32_t extsize; | |
112 | uint32_t extsize_bytes; | |
113 | uint32_t blocksize_bytes; | |
114 | ||
115 | rt_flag = (flags & XFS_DIFLAG_REALTIME); | |
116 | hint_flag = (flags & XFS_DIFLAG_EXTSIZE); | |
117 | inherit_flag = (flags & XFS_DIFLAG_EXTSZINHERIT); | |
118 | extsize = be32_to_cpu(dip->di_extsize); | |
119 | extsize_bytes = XFS_FSB_TO_B(sc->mp, extsize); | |
120 | ||
121 | if (rt_flag) | |
122 | blocksize_bytes = mp->m_sb.sb_rextsize << mp->m_sb.sb_blocklog; | |
123 | else | |
124 | blocksize_bytes = mp->m_sb.sb_blocksize; | |
125 | ||
126 | if ((hint_flag || inherit_flag) && !(S_ISDIR(mode) || S_ISREG(mode))) | |
127 | goto bad; | |
128 | ||
129 | if (hint_flag && !S_ISREG(mode)) | |
130 | goto bad; | |
131 | ||
132 | if (inherit_flag && !S_ISDIR(mode)) | |
133 | goto bad; | |
134 | ||
135 | if ((hint_flag || inherit_flag) && extsize == 0) | |
136 | goto bad; | |
137 | ||
138 | if (!(hint_flag || inherit_flag) && extsize != 0) | |
139 | goto bad; | |
140 | ||
141 | if (extsize_bytes % blocksize_bytes) | |
142 | goto bad; | |
143 | ||
144 | if (extsize > MAXEXTLEN) | |
145 | goto bad; | |
146 | ||
147 | if (!rt_flag && extsize > mp->m_sb.sb_agblocks / 2) | |
148 | goto bad; | |
149 | ||
150 | return; | |
151 | bad: | |
152 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
153 | } | |
154 | ||
155 | /* | |
156 | * Validate di_cowextsize hint. | |
157 | * | |
158 | * The rules are documented at xfs_ioctl_setattr_check_cowextsize(). | |
159 | * These functions must be kept in sync with each other. | |
160 | */ | |
161 | STATIC void | |
162 | xfs_scrub_inode_cowextsize( | |
163 | struct xfs_scrub_context *sc, | |
164 | struct xfs_buf *bp, | |
165 | struct xfs_dinode *dip, | |
166 | xfs_ino_t ino, | |
167 | uint16_t mode, | |
168 | uint16_t flags, | |
169 | uint64_t flags2) | |
170 | { | |
171 | struct xfs_mount *mp = sc->mp; | |
172 | bool rt_flag; | |
173 | bool hint_flag; | |
174 | uint32_t extsize; | |
175 | uint32_t extsize_bytes; | |
176 | ||
177 | rt_flag = (flags & XFS_DIFLAG_REALTIME); | |
178 | hint_flag = (flags2 & XFS_DIFLAG2_COWEXTSIZE); | |
179 | extsize = be32_to_cpu(dip->di_cowextsize); | |
180 | extsize_bytes = XFS_FSB_TO_B(sc->mp, extsize); | |
181 | ||
182 | if (hint_flag && !xfs_sb_version_hasreflink(&mp->m_sb)) | |
183 | goto bad; | |
184 | ||
185 | if (hint_flag && !(S_ISDIR(mode) || S_ISREG(mode))) | |
186 | goto bad; | |
187 | ||
188 | if (hint_flag && extsize == 0) | |
189 | goto bad; | |
190 | ||
191 | if (!hint_flag && extsize != 0) | |
192 | goto bad; | |
193 | ||
194 | if (hint_flag && rt_flag) | |
195 | goto bad; | |
196 | ||
197 | if (extsize_bytes % mp->m_sb.sb_blocksize) | |
198 | goto bad; | |
199 | ||
200 | if (extsize > MAXEXTLEN) | |
201 | goto bad; | |
202 | ||
203 | if (extsize > mp->m_sb.sb_agblocks / 2) | |
204 | goto bad; | |
205 | ||
206 | return; | |
207 | bad: | |
208 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
209 | } | |
210 | ||
211 | /* Make sure the di_flags make sense for the inode. */ | |
212 | STATIC void | |
213 | xfs_scrub_inode_flags( | |
214 | struct xfs_scrub_context *sc, | |
215 | struct xfs_buf *bp, | |
216 | struct xfs_dinode *dip, | |
217 | xfs_ino_t ino, | |
218 | uint16_t mode, | |
219 | uint16_t flags) | |
220 | { | |
221 | struct xfs_mount *mp = sc->mp; | |
222 | ||
223 | if (flags & ~XFS_DIFLAG_ANY) | |
224 | goto bad; | |
225 | ||
226 | /* rt flags require rt device */ | |
227 | if ((flags & (XFS_DIFLAG_REALTIME | XFS_DIFLAG_RTINHERIT)) && | |
228 | !mp->m_rtdev_targp) | |
229 | goto bad; | |
230 | ||
231 | /* new rt bitmap flag only valid for rbmino */ | |
232 | if ((flags & XFS_DIFLAG_NEWRTBM) && ino != mp->m_sb.sb_rbmino) | |
233 | goto bad; | |
234 | ||
235 | /* directory-only flags */ | |
236 | if ((flags & (XFS_DIFLAG_RTINHERIT | | |
237 | XFS_DIFLAG_EXTSZINHERIT | | |
238 | XFS_DIFLAG_PROJINHERIT | | |
239 | XFS_DIFLAG_NOSYMLINKS)) && | |
240 | !S_ISDIR(mode)) | |
241 | goto bad; | |
242 | ||
243 | /* file-only flags */ | |
244 | if ((flags & (XFS_DIFLAG_REALTIME | FS_XFLAG_EXTSIZE)) && | |
245 | !S_ISREG(mode)) | |
246 | goto bad; | |
247 | ||
248 | /* filestreams and rt make no sense */ | |
249 | if ((flags & XFS_DIFLAG_FILESTREAM) && (flags & XFS_DIFLAG_REALTIME)) | |
250 | goto bad; | |
251 | ||
252 | return; | |
253 | bad: | |
254 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
255 | } | |
256 | ||
257 | /* Make sure the di_flags2 make sense for the inode. */ | |
258 | STATIC void | |
259 | xfs_scrub_inode_flags2( | |
260 | struct xfs_scrub_context *sc, | |
261 | struct xfs_buf *bp, | |
262 | struct xfs_dinode *dip, | |
263 | xfs_ino_t ino, | |
264 | uint16_t mode, | |
265 | uint16_t flags, | |
266 | uint64_t flags2) | |
267 | { | |
268 | struct xfs_mount *mp = sc->mp; | |
269 | ||
270 | if (flags2 & ~XFS_DIFLAG2_ANY) | |
271 | goto bad; | |
272 | ||
273 | /* reflink flag requires reflink feature */ | |
274 | if ((flags2 & XFS_DIFLAG2_REFLINK) && | |
275 | !xfs_sb_version_hasreflink(&mp->m_sb)) | |
276 | goto bad; | |
277 | ||
278 | /* cowextsize flag is checked w.r.t. mode separately */ | |
279 | ||
280 | /* file/dir-only flags */ | |
281 | if ((flags2 & XFS_DIFLAG2_DAX) && !(S_ISREG(mode) || S_ISDIR(mode))) | |
282 | goto bad; | |
283 | ||
284 | /* file-only flags */ | |
285 | if ((flags2 & XFS_DIFLAG2_REFLINK) && !S_ISREG(mode)) | |
286 | goto bad; | |
287 | ||
288 | /* realtime and reflink make no sense, currently */ | |
289 | if ((flags & XFS_DIFLAG_REALTIME) && (flags2 & XFS_DIFLAG2_REFLINK)) | |
290 | goto bad; | |
291 | ||
292 | /* dax and reflink make no sense, currently */ | |
293 | if ((flags2 & XFS_DIFLAG2_DAX) && (flags2 & XFS_DIFLAG2_REFLINK)) | |
294 | goto bad; | |
295 | ||
296 | return; | |
297 | bad: | |
298 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
299 | } | |
300 | ||
301 | /* Scrub all the ondisk inode fields. */ | |
302 | STATIC void | |
303 | xfs_scrub_dinode( | |
304 | struct xfs_scrub_context *sc, | |
305 | struct xfs_buf *bp, | |
306 | struct xfs_dinode *dip, | |
307 | xfs_ino_t ino) | |
308 | { | |
309 | struct xfs_mount *mp = sc->mp; | |
310 | size_t fork_recs; | |
311 | unsigned long long isize; | |
312 | uint64_t flags2; | |
313 | uint32_t nextents; | |
314 | uint16_t flags; | |
315 | uint16_t mode; | |
316 | ||
317 | flags = be16_to_cpu(dip->di_flags); | |
318 | if (dip->di_version >= 3) | |
319 | flags2 = be64_to_cpu(dip->di_flags2); | |
320 | else | |
321 | flags2 = 0; | |
322 | ||
323 | /* di_mode */ | |
324 | mode = be16_to_cpu(dip->di_mode); | |
3b42d385 DW |
325 | switch (mode & S_IFMT) { |
326 | case S_IFLNK: | |
327 | case S_IFREG: | |
328 | case S_IFDIR: | |
329 | case S_IFCHR: | |
330 | case S_IFBLK: | |
331 | case S_IFIFO: | |
332 | case S_IFSOCK: | |
333 | /* mode is recognized */ | |
334 | break; | |
335 | default: | |
80e4e126 | 336 | xfs_scrub_ino_set_corrupt(sc, ino, bp); |
3b42d385 DW |
337 | break; |
338 | } | |
80e4e126 DW |
339 | |
340 | /* v1/v2 fields */ | |
341 | switch (dip->di_version) { | |
342 | case 1: | |
343 | /* | |
344 | * We autoconvert v1 inodes into v2 inodes on writeout, | |
345 | * so just mark this inode for preening. | |
346 | */ | |
0a1e1567 | 347 | xfs_scrub_ino_set_preen(sc, ino, bp); |
80e4e126 DW |
348 | break; |
349 | case 2: | |
350 | case 3: | |
351 | if (dip->di_onlink != 0) | |
352 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
353 | ||
354 | if (dip->di_mode == 0 && sc->ip) | |
355 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
356 | ||
357 | if (dip->di_projid_hi != 0 && | |
358 | !xfs_sb_version_hasprojid32bit(&mp->m_sb)) | |
359 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
360 | break; | |
361 | default: | |
362 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
363 | return; | |
364 | } | |
365 | ||
366 | /* | |
367 | * di_uid/di_gid -- -1 isn't invalid, but there's no way that | |
368 | * userspace could have created that. | |
369 | */ | |
370 | if (dip->di_uid == cpu_to_be32(-1U) || | |
371 | dip->di_gid == cpu_to_be32(-1U)) | |
0a1e1567 | 372 | xfs_scrub_ino_set_warning(sc, ino, bp); |
80e4e126 DW |
373 | |
374 | /* di_format */ | |
375 | switch (dip->di_format) { | |
376 | case XFS_DINODE_FMT_DEV: | |
377 | if (!S_ISCHR(mode) && !S_ISBLK(mode) && | |
378 | !S_ISFIFO(mode) && !S_ISSOCK(mode)) | |
379 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
380 | break; | |
381 | case XFS_DINODE_FMT_LOCAL: | |
382 | if (!S_ISDIR(mode) && !S_ISLNK(mode)) | |
383 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
384 | break; | |
385 | case XFS_DINODE_FMT_EXTENTS: | |
386 | if (!S_ISREG(mode) && !S_ISDIR(mode) && !S_ISLNK(mode)) | |
387 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
388 | break; | |
389 | case XFS_DINODE_FMT_BTREE: | |
390 | if (!S_ISREG(mode) && !S_ISDIR(mode)) | |
391 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
392 | break; | |
393 | case XFS_DINODE_FMT_UUID: | |
394 | default: | |
395 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
396 | break; | |
397 | } | |
398 | ||
29c1c123 DW |
399 | /* di_[amc]time.nsec */ |
400 | if (be32_to_cpu(dip->di_atime.t_nsec) >= NSEC_PER_SEC) | |
401 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
402 | if (be32_to_cpu(dip->di_mtime.t_nsec) >= NSEC_PER_SEC) | |
403 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
404 | if (be32_to_cpu(dip->di_ctime.t_nsec) >= NSEC_PER_SEC) | |
405 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
406 | ||
80e4e126 DW |
407 | /* |
408 | * di_size. xfs_dinode_verify checks for things that screw up | |
409 | * the VFS such as the upper bit being set and zero-length | |
410 | * symlinks/directories, but we can do more here. | |
411 | */ | |
412 | isize = be64_to_cpu(dip->di_size); | |
413 | if (isize & (1ULL << 63)) | |
414 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
415 | ||
416 | /* Devices, fifos, and sockets must have zero size */ | |
417 | if (!S_ISDIR(mode) && !S_ISREG(mode) && !S_ISLNK(mode) && isize != 0) | |
418 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
419 | ||
420 | /* Directories can't be larger than the data section size (32G) */ | |
421 | if (S_ISDIR(mode) && (isize == 0 || isize >= XFS_DIR2_SPACE_SIZE)) | |
422 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
423 | ||
424 | /* Symlinks can't be larger than SYMLINK_MAXLEN */ | |
425 | if (S_ISLNK(mode) && (isize == 0 || isize >= XFS_SYMLINK_MAXLEN)) | |
426 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
427 | ||
428 | /* | |
429 | * Warn if the running kernel can't handle the kinds of offsets | |
430 | * needed to deal with the file size. In other words, if the | |
431 | * pagecache can't cache all the blocks in this file due to | |
432 | * overly large offsets, flag the inode for admin review. | |
433 | */ | |
434 | if (isize >= mp->m_super->s_maxbytes) | |
0a1e1567 | 435 | xfs_scrub_ino_set_warning(sc, ino, bp); |
80e4e126 DW |
436 | |
437 | /* di_nblocks */ | |
438 | if (flags2 & XFS_DIFLAG2_REFLINK) { | |
439 | ; /* nblocks can exceed dblocks */ | |
440 | } else if (flags & XFS_DIFLAG_REALTIME) { | |
441 | /* | |
442 | * nblocks is the sum of data extents (in the rtdev), | |
443 | * attr extents (in the datadev), and both forks' bmbt | |
444 | * blocks (in the datadev). This clumsy check is the | |
445 | * best we can do without cross-referencing with the | |
446 | * inode forks. | |
447 | */ | |
448 | if (be64_to_cpu(dip->di_nblocks) >= | |
449 | mp->m_sb.sb_dblocks + mp->m_sb.sb_rblocks) | |
450 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
451 | } else { | |
452 | if (be64_to_cpu(dip->di_nblocks) >= mp->m_sb.sb_dblocks) | |
453 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
454 | } | |
455 | ||
456 | xfs_scrub_inode_flags(sc, bp, dip, ino, mode, flags); | |
457 | ||
458 | xfs_scrub_inode_extsize(sc, bp, dip, ino, mode, flags); | |
459 | ||
460 | /* di_nextents */ | |
461 | nextents = be32_to_cpu(dip->di_nextents); | |
462 | fork_recs = XFS_DFORK_DSIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); | |
463 | switch (dip->di_format) { | |
464 | case XFS_DINODE_FMT_EXTENTS: | |
465 | if (nextents > fork_recs) | |
466 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
467 | break; | |
468 | case XFS_DINODE_FMT_BTREE: | |
469 | if (nextents <= fork_recs) | |
470 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
471 | break; | |
472 | default: | |
473 | if (nextents != 0) | |
474 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
475 | break; | |
476 | } | |
477 | ||
478 | /* di_forkoff */ | |
479 | if (XFS_DFORK_APTR(dip) >= (char *)dip + mp->m_sb.sb_inodesize) | |
480 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
481 | if (dip->di_anextents != 0 && dip->di_forkoff == 0) | |
482 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
483 | if (dip->di_forkoff == 0 && dip->di_aformat != XFS_DINODE_FMT_EXTENTS) | |
484 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
485 | ||
486 | /* di_aformat */ | |
487 | if (dip->di_aformat != XFS_DINODE_FMT_LOCAL && | |
488 | dip->di_aformat != XFS_DINODE_FMT_EXTENTS && | |
489 | dip->di_aformat != XFS_DINODE_FMT_BTREE) | |
490 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
491 | ||
492 | /* di_anextents */ | |
493 | nextents = be16_to_cpu(dip->di_anextents); | |
494 | fork_recs = XFS_DFORK_ASIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); | |
495 | switch (dip->di_aformat) { | |
496 | case XFS_DINODE_FMT_EXTENTS: | |
497 | if (nextents > fork_recs) | |
498 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
499 | break; | |
500 | case XFS_DINODE_FMT_BTREE: | |
501 | if (nextents <= fork_recs) | |
502 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
503 | break; | |
504 | default: | |
505 | if (nextents != 0) | |
506 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
507 | } | |
508 | ||
509 | if (dip->di_version >= 3) { | |
29c1c123 DW |
510 | if (be32_to_cpu(dip->di_crtime.t_nsec) >= NSEC_PER_SEC) |
511 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
80e4e126 DW |
512 | xfs_scrub_inode_flags2(sc, bp, dip, ino, mode, flags, flags2); |
513 | xfs_scrub_inode_cowextsize(sc, bp, dip, ino, mode, flags, | |
514 | flags2); | |
515 | } | |
516 | } | |
517 | ||
518 | /* Map and read a raw inode. */ | |
519 | STATIC int | |
520 | xfs_scrub_inode_map_raw( | |
521 | struct xfs_scrub_context *sc, | |
522 | xfs_ino_t ino, | |
523 | struct xfs_buf **bpp, | |
524 | struct xfs_dinode **dipp) | |
525 | { | |
526 | struct xfs_imap imap; | |
527 | struct xfs_mount *mp = sc->mp; | |
528 | struct xfs_buf *bp = NULL; | |
529 | struct xfs_dinode *dip; | |
530 | int error; | |
531 | ||
532 | error = xfs_imap(mp, sc->tp, ino, &imap, XFS_IGET_UNTRUSTED); | |
533 | if (error == -EINVAL) { | |
534 | /* | |
535 | * Inode could have gotten deleted out from under us; | |
536 | * just forget about it. | |
537 | */ | |
538 | error = -ENOENT; | |
539 | goto out; | |
540 | } | |
541 | if (!xfs_scrub_process_error(sc, XFS_INO_TO_AGNO(mp, ino), | |
542 | XFS_INO_TO_AGBNO(mp, ino), &error)) | |
543 | goto out; | |
544 | ||
545 | error = xfs_trans_read_buf(mp, sc->tp, mp->m_ddev_targp, | |
546 | imap.im_blkno, imap.im_len, XBF_UNMAPPED, &bp, | |
547 | NULL); | |
548 | if (!xfs_scrub_process_error(sc, XFS_INO_TO_AGNO(mp, ino), | |
549 | XFS_INO_TO_AGBNO(mp, ino), &error)) | |
550 | goto out; | |
551 | ||
552 | /* | |
553 | * Is this really an inode? We disabled verifiers in the above | |
554 | * xfs_trans_read_buf call because the inode buffer verifier | |
555 | * fails on /any/ inode record in the inode cluster with a bad | |
556 | * magic or version number, not just the one that we're | |
557 | * checking. Therefore, grab the buffer unconditionally, attach | |
558 | * the inode verifiers by hand, and run the inode verifier only | |
559 | * on the one inode we want. | |
560 | */ | |
561 | bp->b_ops = &xfs_inode_buf_ops; | |
562 | dip = xfs_buf_offset(bp, imap.im_boffset); | |
a6a781a5 | 563 | if (xfs_dinode_verify(mp, ino, dip) != NULL || |
80e4e126 DW |
564 | !xfs_dinode_good_version(mp, dip->di_version)) { |
565 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
566 | goto out_buf; | |
567 | } | |
568 | ||
569 | /* ...and is it the one we asked for? */ | |
570 | if (be32_to_cpu(dip->di_gen) != sc->sm->sm_gen) { | |
571 | error = -ENOENT; | |
572 | goto out_buf; | |
573 | } | |
574 | ||
575 | *dipp = dip; | |
576 | *bpp = bp; | |
577 | out: | |
578 | return error; | |
579 | out_buf: | |
580 | xfs_trans_brelse(sc->tp, bp); | |
581 | return error; | |
582 | } | |
583 | ||
2e6f2756 DW |
584 | /* |
585 | * Make sure the finobt doesn't think this inode is free. | |
586 | * We don't have to check the inobt ourselves because we got the inode via | |
587 | * IGET_UNTRUSTED, which checks the inobt for us. | |
588 | */ | |
589 | static void | |
590 | xfs_scrub_inode_xref_finobt( | |
591 | struct xfs_scrub_context *sc, | |
592 | xfs_ino_t ino) | |
593 | { | |
594 | struct xfs_inobt_rec_incore rec; | |
595 | xfs_agino_t agino; | |
596 | int has_record; | |
597 | int error; | |
598 | ||
599 | if (!sc->sa.fino_cur) | |
600 | return; | |
601 | ||
602 | agino = XFS_INO_TO_AGINO(sc->mp, ino); | |
603 | ||
604 | /* | |
605 | * Try to get the finobt record. If we can't get it, then we're | |
606 | * in good shape. | |
607 | */ | |
608 | error = xfs_inobt_lookup(sc->sa.fino_cur, agino, XFS_LOOKUP_LE, | |
609 | &has_record); | |
610 | if (!xfs_scrub_should_check_xref(sc, &error, &sc->sa.fino_cur) || | |
611 | !has_record) | |
612 | return; | |
613 | ||
614 | error = xfs_inobt_get_rec(sc->sa.fino_cur, &rec, &has_record); | |
615 | if (!xfs_scrub_should_check_xref(sc, &error, &sc->sa.fino_cur) || | |
616 | !has_record) | |
617 | return; | |
618 | ||
619 | /* | |
620 | * Otherwise, make sure this record either doesn't cover this inode, | |
621 | * or that it does but it's marked present. | |
622 | */ | |
623 | if (rec.ir_startino > agino || | |
624 | rec.ir_startino + XFS_INODES_PER_CHUNK <= agino) | |
625 | return; | |
626 | ||
627 | if (rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino)) | |
628 | xfs_scrub_btree_xref_set_corrupt(sc, sc->sa.fino_cur, 0); | |
629 | } | |
630 | ||
561f648a DW |
631 | /* Cross reference the inode fields with the forks. */ |
632 | STATIC void | |
633 | xfs_scrub_inode_xref_bmap( | |
634 | struct xfs_scrub_context *sc, | |
635 | struct xfs_dinode *dip) | |
636 | { | |
637 | xfs_extnum_t nextents; | |
638 | xfs_filblks_t count; | |
639 | xfs_filblks_t acount; | |
640 | int error; | |
641 | ||
642 | /* Walk all the extents to check nextents/naextents/nblocks. */ | |
643 | error = xfs_bmap_count_blocks(sc->tp, sc->ip, XFS_DATA_FORK, | |
644 | &nextents, &count); | |
645 | if (!xfs_scrub_should_check_xref(sc, &error, NULL)) | |
646 | return; | |
647 | if (nextents < be32_to_cpu(dip->di_nextents)) | |
648 | xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); | |
649 | ||
650 | error = xfs_bmap_count_blocks(sc->tp, sc->ip, XFS_ATTR_FORK, | |
651 | &nextents, &acount); | |
652 | if (!xfs_scrub_should_check_xref(sc, &error, NULL)) | |
653 | return; | |
654 | if (nextents != be16_to_cpu(dip->di_anextents)) | |
655 | xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); | |
656 | ||
657 | /* Check nblocks against the inode. */ | |
658 | if (count + acount != be64_to_cpu(dip->di_nblocks)) | |
659 | xfs_scrub_ino_xref_set_corrupt(sc, sc->ip->i_ino, NULL); | |
660 | } | |
661 | ||
166d7641 DW |
662 | /* Cross-reference with the other btrees. */ |
663 | STATIC void | |
664 | xfs_scrub_inode_xref( | |
665 | struct xfs_scrub_context *sc, | |
666 | xfs_ino_t ino, | |
667 | struct xfs_dinode *dip) | |
668 | { | |
d852657c | 669 | struct xfs_owner_info oinfo; |
52dc4b44 DW |
670 | xfs_agnumber_t agno; |
671 | xfs_agblock_t agbno; | |
672 | int error; | |
673 | ||
166d7641 DW |
674 | if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) |
675 | return; | |
52dc4b44 DW |
676 | |
677 | agno = XFS_INO_TO_AGNO(sc->mp, ino); | |
678 | agbno = XFS_INO_TO_AGBNO(sc->mp, ino); | |
679 | ||
680 | error = xfs_scrub_ag_init(sc, agno, &sc->sa); | |
681 | if (!xfs_scrub_xref_process_error(sc, agno, agbno, &error)) | |
682 | return; | |
683 | ||
684 | xfs_scrub_xref_is_used_space(sc, agbno, 1); | |
2e6f2756 | 685 | xfs_scrub_inode_xref_finobt(sc, ino); |
d852657c DW |
686 | xfs_rmap_ag_owner(&oinfo, XFS_RMAP_OWN_INODES); |
687 | xfs_scrub_xref_is_owned_by(sc, agbno, 1, &oinfo); | |
f6d5fc21 | 688 | xfs_scrub_xref_is_not_shared(sc, agbno, 1); |
561f648a | 689 | xfs_scrub_inode_xref_bmap(sc, dip); |
52dc4b44 DW |
690 | |
691 | xfs_scrub_ag_free(sc, &sc->sa); | |
166d7641 DW |
692 | } |
693 | ||
f6d5fc21 DW |
694 | /* |
695 | * If the reflink iflag disagrees with a scan for shared data fork extents, | |
696 | * either flag an error (shared extents w/ no flag) or a preen (flag set w/o | |
697 | * any shared extents). We already checked for reflink iflag set on a non | |
698 | * reflink filesystem. | |
699 | */ | |
700 | static void | |
701 | xfs_scrub_inode_check_reflink_iflag( | |
702 | struct xfs_scrub_context *sc, | |
703 | xfs_ino_t ino, | |
704 | struct xfs_buf *bp) | |
705 | { | |
706 | struct xfs_mount *mp = sc->mp; | |
707 | bool has_shared; | |
708 | int error; | |
709 | ||
710 | if (!xfs_sb_version_hasreflink(&mp->m_sb)) | |
711 | return; | |
712 | ||
713 | error = xfs_reflink_inode_has_shared_extents(sc->tp, sc->ip, | |
714 | &has_shared); | |
715 | if (!xfs_scrub_xref_process_error(sc, XFS_INO_TO_AGNO(mp, ino), | |
716 | XFS_INO_TO_AGBNO(mp, ino), &error)) | |
717 | return; | |
718 | if (xfs_is_reflink_inode(sc->ip) && !has_shared) | |
719 | xfs_scrub_ino_set_preen(sc, ino, bp); | |
720 | else if (!xfs_is_reflink_inode(sc->ip) && has_shared) | |
721 | xfs_scrub_ino_set_corrupt(sc, ino, bp); | |
722 | } | |
723 | ||
80e4e126 DW |
724 | /* Scrub an inode. */ |
725 | int | |
726 | xfs_scrub_inode( | |
727 | struct xfs_scrub_context *sc) | |
728 | { | |
729 | struct xfs_dinode di; | |
80e4e126 DW |
730 | struct xfs_buf *bp = NULL; |
731 | struct xfs_dinode *dip; | |
732 | xfs_ino_t ino; | |
80e4e126 DW |
733 | int error = 0; |
734 | ||
735 | /* Did we get the in-core inode, or are we doing this manually? */ | |
736 | if (sc->ip) { | |
737 | ino = sc->ip->i_ino; | |
738 | xfs_inode_to_disk(sc->ip, &di, 0); | |
739 | dip = &di; | |
740 | } else { | |
741 | /* Map & read inode. */ | |
742 | ino = sc->sm->sm_ino; | |
743 | error = xfs_scrub_inode_map_raw(sc, ino, &bp, &dip); | |
744 | if (error || !bp) | |
745 | goto out; | |
746 | } | |
747 | ||
748 | xfs_scrub_dinode(sc, bp, dip, ino); | |
749 | if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) | |
750 | goto out; | |
751 | ||
752 | /* Now let's do the things that require a live inode. */ | |
753 | if (!sc->ip) | |
754 | goto out; | |
755 | ||
756 | /* | |
f6d5fc21 DW |
757 | * Look for discrepancies between file's data blocks and the reflink |
758 | * iflag. We already checked the iflag against the file mode when | |
759 | * we scrubbed the dinode. | |
80e4e126 | 760 | */ |
f6d5fc21 DW |
761 | if (S_ISREG(VFS_I(sc->ip)->i_mode)) |
762 | xfs_scrub_inode_check_reflink_iflag(sc, ino, bp); | |
80e4e126 | 763 | |
166d7641 | 764 | xfs_scrub_inode_xref(sc, ino, dip); |
80e4e126 DW |
765 | out: |
766 | if (bp) | |
767 | xfs_trans_brelse(sc->tp, bp); | |
768 | return error; | |
769 | } |