1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (c) 2018-2024 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <djwong@kernel.org>
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_trans_resv.h"
11 #include "xfs_mount.h"
12 #include "xfs_defer.h"
13 #include "xfs_btree.h"
15 #include "xfs_log_format.h"
16 #include "xfs_trans.h"
18 #include "xfs_inode.h"
19 #include "xfs_da_format.h"
20 #include "xfs_da_btree.h"
23 #include "xfs_attr_leaf.h"
24 #include "xfs_attr_sf.h"
25 #include "xfs_attr_remote.h"
27 #include "xfs_bmap_util.h"
28 #include "xfs_exchmaps.h"
29 #include "xfs_exchrange.h"
31 #include "scrub/xfs_scrub.h"
32 #include "scrub/scrub.h"
33 #include "scrub/common.h"
34 #include "scrub/trace.h"
35 #include "scrub/repair.h"
36 #include "scrub/tempfile.h"
37 #include "scrub/tempexch.h"
38 #include "scrub/xfile.h"
39 #include "scrub/xfarray.h"
40 #include "scrub/xfblob.h"
41 #include "scrub/attr.h"
42 #include "scrub/reap.h"
43 #include "scrub/attr_repair.h"
46 * Extended Attribute Repair
47 * =========================
49 * We repair extended attributes by reading the attr leaf blocks looking for
50 * attributes entries that look salvageable (name passes verifiers, value can
51 * be retrieved, etc). Each extended attribute worth salvaging is stashed in
52 * memory, and the stashed entries are periodically replayed into a temporary
53 * file to constrain memory use. Batching the construction of the temporary
54 * extended attribute structure in this fashion reduces lock cycling of the
55 * file being repaired and the temporary file.
57 * When salvaging completes, the remaining stashed attributes are replayed to
58 * the temporary file. An atomic file contents exchange is used to commit the
59 * new xattr blocks to the file being repaired. This will disrupt attrmulti
63 struct xrep_xattr_key {
64 /* Cookie for retrieval of the xattr name. */
65 xfblob_cookie name_cookie;
67 /* Cookie for retrieval of the xattr value. */
68 xfblob_cookie value_cookie;
70 /* XFS_ATTR_* flags */
73 /* Length of the value and name. */
79 * Stash up to 8 pages of attrs in xattr_records/xattr_blobs before we write
80 * them to the temp file.
82 #define XREP_XATTR_MAX_STASH_BYTES (PAGE_SIZE * 8)
87 /* Information for exchanging attr fork mappings at the end. */
88 struct xrep_tempexch tx;
91 struct xfarray *xattr_records;
94 struct xfblob *xattr_blobs;
96 /* Number of attributes that we are salvaging. */
97 unsigned long long attrs_found;
100 /* Set up to recreate the extended attributes. */
103 struct xfs_scrub *sc)
105 return xrep_tempfile_create(sc, S_IFREG);
109 * Decide if we want to salvage this attribute. We don't bother with
110 * incomplete or oversized keys or values. The @value parameter can be null
114 xrep_xattr_want_salvage(
115 struct xrep_xattr *rx,
116 unsigned int attr_flags,
122 if (attr_flags & XFS_ATTR_INCOMPLETE)
124 if (namelen > XATTR_NAME_MAX || namelen <= 0)
126 if (!xfs_attr_namecheck(attr_flags, name, namelen))
128 if (valuelen > XATTR_SIZE_MAX || valuelen < 0)
133 /* Allocate an in-core record to hold xattrs while we rebuild the xattr data. */
135 xrep_xattr_salvage_key(
136 struct xrep_xattr *rx,
140 unsigned char *value,
143 struct xrep_xattr_key key = {
144 .valuelen = valuelen,
145 .flags = flags & XFS_ATTR_NSP_ONDISK_MASK,
150 if (xchk_should_terminate(rx->sc, &error))
154 * Truncate the name to the first character that would trip namecheck.
155 * If we no longer have a name after that, ignore this attribute.
157 while (i < namelen && name[i] != 0)
163 trace_xrep_xattr_salvage_rec(rx->sc->ip, flags, name, key.namelen,
166 error = xfblob_store(rx->xattr_blobs, &key.name_cookie, name,
171 error = xfblob_store(rx->xattr_blobs, &key.value_cookie, value,
176 error = xfarray_append(rx->xattr_records, &key);
185 * Record a shortform extended attribute key & value for later reinsertion
189 xrep_xattr_salvage_sf_attr(
190 struct xrep_xattr *rx,
191 struct xfs_attr_sf_hdr *hdr,
192 struct xfs_attr_sf_entry *sfe)
194 struct xfs_scrub *sc = rx->sc;
195 struct xchk_xattr_buf *ab = sc->buf;
196 unsigned char *name = sfe->nameval;
197 unsigned char *value = &sfe->nameval[sfe->namelen];
199 if (!xchk_xattr_set_map(sc, ab->usedmap, (char *)name - (char *)hdr,
203 if (!xchk_xattr_set_map(sc, ab->usedmap, (char *)value - (char *)hdr,
207 if (!xrep_xattr_want_salvage(rx, sfe->flags, sfe->nameval,
208 sfe->namelen, value, sfe->valuelen))
211 return xrep_xattr_salvage_key(rx, sfe->flags, sfe->nameval,
212 sfe->namelen, value, sfe->valuelen);
216 * Record a local format extended attribute key & value for later reinsertion
220 xrep_xattr_salvage_local_attr(
221 struct xrep_xattr *rx,
222 struct xfs_attr_leaf_entry *ent,
223 unsigned int nameidx,
225 struct xfs_attr_leaf_name_local *lentry)
227 struct xchk_xattr_buf *ab = rx->sc->buf;
228 unsigned char *value;
229 unsigned int valuelen;
230 unsigned int namesize;
233 * Decode the leaf local entry format. If something seems wrong, we
234 * junk the attribute.
236 value = &lentry->nameval[lentry->namelen];
237 valuelen = be16_to_cpu(lentry->valuelen);
238 namesize = xfs_attr_leaf_entsize_local(lentry->namelen, valuelen);
239 if ((char *)lentry + namesize > buf_end)
241 if (!xrep_xattr_want_salvage(rx, ent->flags, lentry->nameval,
242 lentry->namelen, value, valuelen))
244 if (!xchk_xattr_set_map(rx->sc, ab->usedmap, nameidx, namesize))
247 /* Try to save this attribute. */
248 return xrep_xattr_salvage_key(rx, ent->flags, lentry->nameval,
249 lentry->namelen, value, valuelen);
253 * Record a remote format extended attribute key & value for later reinsertion
257 xrep_xattr_salvage_remote_attr(
258 struct xrep_xattr *rx,
259 struct xfs_attr_leaf_entry *ent,
260 unsigned int nameidx,
262 struct xfs_attr_leaf_name_remote *rentry,
263 unsigned int ent_idx,
264 struct xfs_buf *leaf_bp)
266 struct xchk_xattr_buf *ab = rx->sc->buf;
267 struct xfs_da_args args = {
271 .geo = rx->sc->mp->m_attr_geo,
272 .owner = rx->sc->ip->i_ino,
273 .attr_filter = ent->flags & XFS_ATTR_NSP_ONDISK_MASK,
274 .namelen = rentry->namelen,
275 .name = rentry->name,
277 .valuelen = be32_to_cpu(rentry->valuelen),
279 unsigned int namesize;
283 * Decode the leaf remote entry format. If something seems wrong, we
284 * junk the attribute. Note that we should never find a zero-length
285 * remote attribute value.
287 namesize = xfs_attr_leaf_entsize_remote(rentry->namelen);
288 if ((char *)rentry + namesize > buf_end)
290 if (args.valuelen == 0 ||
291 !xrep_xattr_want_salvage(rx, ent->flags, rentry->name,
292 rentry->namelen, NULL, args.valuelen))
294 if (!xchk_xattr_set_map(rx->sc, ab->usedmap, nameidx, namesize))
298 * Enlarge the buffer (if needed) to hold the value that we're trying
299 * to salvage from the old extended attribute data.
301 error = xchk_setup_xattr_buf(rx->sc, args.valuelen);
302 if (error == -ENOMEM)
307 /* Look up the remote value and stash it for reconstruction. */
308 error = xfs_attr3_leaf_getvalue(leaf_bp, &args);
309 if (error || args.rmtblkno == 0)
312 error = xfs_attr_rmtval_get(&args);
316 /* Try to save this attribute. */
317 error = xrep_xattr_salvage_key(rx, ent->flags, rentry->name,
318 rentry->namelen, ab->value, args.valuelen);
320 /* remote value was garbage, junk it */
321 if (error == -EFSBADCRC || error == -EFSCORRUPTED)
326 /* Extract every xattr key that we can from this attr fork block. */
328 xrep_xattr_recover_leaf(
329 struct xrep_xattr *rx,
332 struct xfs_attr3_icleaf_hdr leafhdr;
333 struct xfs_scrub *sc = rx->sc;
334 struct xfs_mount *mp = sc->mp;
335 struct xfs_attr_leafblock *leaf;
336 struct xfs_attr_leaf_name_local *lentry;
337 struct xfs_attr_leaf_name_remote *rentry;
338 struct xfs_attr_leaf_entry *ent;
339 struct xfs_attr_leaf_entry *entries;
340 struct xchk_xattr_buf *ab = rx->sc->buf;
343 unsigned int nameidx;
344 unsigned int hdrsize;
348 bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize);
350 /* Check the leaf header */
352 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &leafhdr, leaf);
353 hdrsize = xfs_attr3_leaf_hdr_size(leaf);
354 xchk_xattr_set_map(sc, ab->usedmap, 0, hdrsize);
355 entries = xfs_attr3_leaf_entryp(leaf);
357 buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
358 for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
359 if (xchk_should_terminate(sc, &error))
362 /* Skip key if it conflicts with something else? */
363 off = (char *)ent - (char *)leaf;
364 if (!xchk_xattr_set_map(sc, ab->usedmap, off,
365 sizeof(xfs_attr_leaf_entry_t)))
368 /* Check the name information. */
369 nameidx = be16_to_cpu(ent->nameidx);
370 if (nameidx < leafhdr.firstused ||
371 nameidx >= mp->m_attr_geo->blksize)
374 if (ent->flags & XFS_ATTR_LOCAL) {
375 lentry = xfs_attr3_leaf_name_local(leaf, i);
376 error = xrep_xattr_salvage_local_attr(rx, ent, nameidx,
379 rentry = xfs_attr3_leaf_name_remote(leaf, i);
380 error = xrep_xattr_salvage_remote_attr(rx, ent, nameidx,
381 buf_end, rentry, i, bp);
390 /* Try to recover shortform attrs. */
392 xrep_xattr_recover_sf(
393 struct xrep_xattr *rx)
395 struct xfs_scrub *sc = rx->sc;
396 struct xchk_xattr_buf *ab = sc->buf;
397 struct xfs_attr_sf_hdr *hdr;
398 struct xfs_attr_sf_entry *sfe;
399 struct xfs_attr_sf_entry *next;
400 struct xfs_ifork *ifp;
405 ifp = xfs_ifork_ptr(rx->sc->ip, XFS_ATTR_FORK);
408 bitmap_zero(ab->usedmap, ifp->if_bytes);
409 end = (unsigned char *)ifp->if_data + ifp->if_bytes;
410 xchk_xattr_set_map(sc, ab->usedmap, 0, sizeof(*hdr));
412 sfe = xfs_attr_sf_firstentry(hdr);
413 if ((unsigned char *)sfe > end)
416 for (i = 0; i < hdr->count; i++) {
417 if (xchk_should_terminate(sc, &error))
420 next = xfs_attr_sf_nextentry(sfe);
421 if ((unsigned char *)next > end)
424 if (xchk_xattr_set_map(sc, ab->usedmap,
425 (char *)sfe - (char *)hdr,
426 sizeof(struct xfs_attr_sf_entry))) {
428 * No conflicts with the sf entry; let's save this
431 error = xrep_xattr_salvage_sf_attr(rx, hdr, sfe);
443 * Try to return a buffer of xattr data for a given physical extent.
445 * Because the buffer cache get function complains if it finds a buffer
446 * matching the block number but not matching the length, we must be careful to
447 * look for incore buffers (up to the maximum length of a remote value) that
448 * could be hiding anywhere in the physical range. If we find an incore
449 * buffer, we can pass that to the caller. Optionally, read a single block and
452 * Note the subtlety that remote attr value blocks for which there is no incore
453 * buffer will be passed to the callback one block at a time. These buffers
454 * will not have any ops attached and must be staled to prevent aliasing with
455 * multiblock buffers once we drop the ILOCK.
459 struct xfs_mount *mp,
461 xfs_extlen_t max_len,
463 struct xfs_buf **bpp)
465 struct xrep_bufscan scan = {
466 .daddr = XFS_FSB_TO_DADDR(mp, fsbno),
467 .max_sectors = xrep_bufscan_max_sectors(mp, max_len),
468 .daddr_step = XFS_FSB_TO_BB(mp, 1),
472 while ((bp = xrep_bufscan_advance(mp, &scan)) != NULL) {
482 return xfs_buf_read(mp->m_ddev_targp, scan.daddr, XFS_FSB_TO_BB(mp, 1),
483 XBF_TRYLOCK, bpp, NULL);
487 * Deal with a buffer that we found during our walk of the attr fork.
489 * Attribute leaf and node blocks are simple -- they're a single block, so we
490 * can walk them one at a time and we never have to worry about discontiguous
491 * multiblock buffers like we do for directories.
493 * Unfortunately, remote attr blocks add a lot of complexity here. Each disk
494 * block is totally self contained, in the sense that the v5 header provides no
495 * indication that there could be more data in the next block. The incore
496 * buffers can span multiple blocks, though they never cross extent records.
497 * However, they don't necessarily start or end on an extent record boundary.
498 * Therefore, we need a special buffer find function to walk the buffer cache
501 * The caller must hold the ILOCK on the file being repaired. We use
502 * XBF_TRYLOCK here to skip any locked buffer on the assumption that we don't
503 * own the block and don't want to hang the system on a potentially garbage
507 xrep_xattr_recover_block(
508 struct xrep_xattr *rx,
511 xfs_extlen_t max_len,
512 xfs_extlen_t *actual_len)
514 struct xfs_da_blkinfo *info;
518 error = xrep_xattr_find_buf(rx->sc->mp, fsbno, max_len, true, &bp);
522 *actual_len = XFS_BB_TO_FSB(rx->sc->mp, bp->b_length);
524 trace_xrep_xattr_recover_leafblock(rx->sc->ip, dabno,
525 be16_to_cpu(info->magic));
528 * If the buffer has the right magic number for an attr leaf block and
529 * passes a structure check (we don't care about checksums), salvage
530 * as much as we can from the block. */
531 if (info->magic == cpu_to_be16(XFS_ATTR3_LEAF_MAGIC) &&
532 xrep_buf_verify_struct(bp, &xfs_attr3_leaf_buf_ops) &&
533 xfs_attr3_leaf_header_check(bp, rx->sc->ip->i_ino) == NULL)
534 error = xrep_xattr_recover_leaf(rx, bp);
537 * If the buffer didn't already have buffer ops set, it was read in by
538 * the _find_buf function and could very well be /part/ of a multiblock
539 * remote block. Mark it stale so that it doesn't hang around in
540 * memory to cause problems.
542 if (bp->b_ops == NULL)
549 /* Insert one xattr key/value. */
551 xrep_xattr_insert_rec(
552 struct xrep_xattr *rx,
553 const struct xrep_xattr_key *key)
555 struct xfs_da_args args = {
556 .dp = rx->sc->tempip,
557 .attr_filter = key->flags,
558 .namelen = key->namelen,
559 .valuelen = key->valuelen,
560 .owner = rx->sc->ip->i_ino,
562 struct xchk_xattr_buf *ab = rx->sc->buf;
566 * Grab pointers to the scrub buffer so that we can use them to insert
567 * attrs into the temp file.
569 args.name = ab->name;
570 args.value = ab->value;
573 * The attribute name is stored near the end of the in-core buffer,
574 * though we reserve one more byte to ensure null termination.
576 ab->name[XATTR_NAME_MAX] = 0;
578 error = xfblob_load(rx->xattr_blobs, key->name_cookie, ab->name,
583 error = xfblob_free(rx->xattr_blobs, key->name_cookie);
587 error = xfblob_load(rx->xattr_blobs, key->value_cookie, args.value,
592 error = xfblob_free(rx->xattr_blobs, key->value_cookie);
596 ab->name[key->namelen] = 0;
598 trace_xrep_xattr_insert_rec(rx->sc->tempip, key->flags, ab->name,
599 key->namelen, key->valuelen);
602 * xfs_attr_set creates and commits its own transaction. If the attr
603 * already exists, we'll just drop it during the rebuild.
605 error = xfs_attr_set(&args, XFS_ATTRUPDATE_CREATE);
606 if (error == -EEXIST)
613 * Periodically flush salvaged attributes to the temporary file. This is done
614 * to reduce the memory requirements of the xattr rebuild because files can
615 * contain millions of attributes.
618 xrep_xattr_flush_stashed(
619 struct xrep_xattr *rx)
621 xfarray_idx_t array_cur;
625 * Entering this function, the scrub context has a reference to the
626 * inode being repaired, the temporary file, and a scrub transaction
627 * that we use during xattr salvaging to avoid livelocking if there
628 * are cycles in the xattr structures. We hold ILOCK_EXCL on both
629 * the inode being repaired, though it is not ijoined to the scrub
632 * To constrain kernel memory use, we occasionally flush salvaged
633 * xattrs from the xfarray and xfblob structures into the temporary
634 * file in preparation for exchanging the xattr structures at the end.
635 * Updating the temporary file requires a transaction, so we commit the
636 * scrub transaction and drop the two ILOCKs so that xfs_attr_set can
637 * allocate whatever transaction it wants.
639 * We still hold IOLOCK_EXCL on the inode being repaired, which
640 * prevents anyone from modifying the damaged xattr data while we
643 error = xrep_trans_commit(rx->sc);
646 xchk_iunlock(rx->sc, XFS_ILOCK_EXCL);
649 * Take the IOLOCK of the temporary file while we modify xattrs. This
650 * isn't strictly required because the temporary file is never revealed
651 * to userspace, but we follow the same locking rules. We still hold
654 error = xrep_tempfile_iolock_polled(rx->sc);
658 /* Add all the salvaged attrs to the temporary file. */
659 foreach_xfarray_idx(rx->xattr_records, array_cur) {
660 struct xrep_xattr_key key;
662 error = xfarray_load(rx->xattr_records, array_cur, &key);
666 error = xrep_xattr_insert_rec(rx, &key);
671 /* Empty out both arrays now that we've added the entries. */
672 xfarray_truncate(rx->xattr_records);
673 xfblob_truncate(rx->xattr_blobs);
675 xrep_tempfile_iounlock(rx->sc);
677 /* Recreate the salvage transaction and relock the inode. */
678 error = xchk_trans_alloc(rx->sc, 0);
681 xchk_ilock(rx->sc, XFS_ILOCK_EXCL);
685 /* Decide if we've stashed too much xattr data in memory. */
687 xrep_xattr_want_flush_stashed(
688 struct xrep_xattr *rx)
690 unsigned long long bytes;
692 bytes = xfarray_bytes(rx->xattr_records) +
693 xfblob_bytes(rx->xattr_blobs);
694 return bytes > XREP_XATTR_MAX_STASH_BYTES;
697 /* Extract as many attribute keys and values as we can. */
700 struct xrep_xattr *rx)
702 struct xfs_bmbt_irec got;
703 struct xfs_scrub *sc = rx->sc;
704 struct xfs_da_geometry *geo = sc->mp->m_attr_geo;
705 xfs_fileoff_t offset;
712 * Iterate each xattr leaf block in the attr fork to scan them for any
713 * attributes that we might salvage.
716 offset < XFS_MAX_FILEOFF;
717 offset = got.br_startoff + got.br_blockcount) {
719 error = xfs_bmapi_read(sc->ip, offset, XFS_MAX_FILEOFF - offset,
720 &got, &nmap, XFS_BMAPI_ATTRFORK);
724 return -EFSCORRUPTED;
725 if (!xfs_bmap_is_written_extent(&got))
728 for (dabno = round_up(got.br_startoff, geo->fsbcount);
729 dabno < got.br_startoff + got.br_blockcount;
731 xfs_fileoff_t curr_offset = dabno - got.br_startoff;
734 if (xchk_should_terminate(rx->sc, &error))
737 maxlen = min_t(xfs_filblks_t, INT_MAX,
738 got.br_blockcount - curr_offset);
739 error = xrep_xattr_recover_block(rx, dabno,
740 curr_offset + got.br_startblock,
745 if (xrep_xattr_want_flush_stashed(rx)) {
746 error = xrep_xattr_flush_stashed(rx);
757 * Reset the extended attribute fork to a state where we can start re-adding
758 * the salvaged attributes.
761 xrep_xattr_fork_remove(
762 struct xfs_scrub *sc,
763 struct xfs_inode *ip)
765 struct xfs_attr_sf_hdr *hdr;
766 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_ATTR_FORK);
769 * If the data fork is in btree format, we can't change di_forkoff
770 * because we could run afoul of the rule that the data fork isn't
771 * supposed to be in btree format if there's enough space in the fork
772 * that it could have used extents format. Instead, reinitialize the
773 * attr fork to have a shortform structure with zero attributes.
775 if (ip->i_df.if_format == XFS_DINODE_FMT_BTREE) {
776 ifp->if_format = XFS_DINODE_FMT_LOCAL;
777 hdr = xfs_idata_realloc(ip, (int)sizeof(*hdr) - ifp->if_bytes,
780 hdr->totsize = cpu_to_be16(sizeof(*hdr));
781 xfs_trans_log_inode(sc->tp, ip,
782 XFS_ILOG_CORE | XFS_ILOG_ADATA);
786 /* If we still have attr fork extents, something's wrong. */
787 if (ifp->if_nextents != 0) {
788 struct xfs_iext_cursor icur;
789 struct xfs_bmbt_irec irec;
793 "inode 0x%llx attr fork still has %llu attr extents, format %d?!",
794 ip->i_ino, ifp->if_nextents, ifp->if_format);
795 for_each_xfs_iext(ifp, &icur, &irec) {
797 "[%u]: startoff %llu startblock %llu blockcount %llu state %u",
798 i++, irec.br_startoff,
799 irec.br_startblock, irec.br_blockcount,
803 return -EFSCORRUPTED;
806 xfs_attr_fork_remove(ip, sc->tp);
811 * Free all the attribute fork blocks of the file being repaired and delete the
812 * fork. The caller must ILOCK the scrub file and join it to the transaction.
813 * This function returns with the inode joined to a clean transaction.
816 xrep_xattr_reset_fork(
817 struct xfs_scrub *sc)
821 trace_xrep_xattr_reset_fork(sc->ip, sc->ip);
823 /* Unmap all the attr blocks. */
824 if (xfs_ifork_has_extents(&sc->ip->i_af)) {
825 error = xrep_reap_ifork(sc, sc->ip, XFS_ATTR_FORK);
830 error = xrep_xattr_fork_remove(sc, sc->ip);
834 return xfs_trans_roll_inode(&sc->tp, sc->ip);
838 * Free all the attribute fork blocks of the temporary file and delete the attr
839 * fork. The caller must ILOCK the tempfile and join it to the transaction.
840 * This function returns with the inode joined to a clean scrub transaction.
843 xrep_xattr_reset_tempfile_fork(
844 struct xfs_scrub *sc)
848 trace_xrep_xattr_reset_fork(sc->ip, sc->tempip);
851 * Wipe out the attr fork of the temp file so that regular inode
852 * inactivation won't trip over the corrupt attr fork.
854 if (xfs_ifork_has_extents(&sc->tempip->i_af)) {
855 error = xrep_reap_ifork(sc, sc->tempip, XFS_ATTR_FORK);
860 return xrep_xattr_fork_remove(sc, sc->tempip);
864 * Find all the extended attributes for this inode by scraping them out of the
865 * attribute key blocks by hand, and flushing them into the temp file.
866 * When we're done, free the staging memory before exchanging the xattr
867 * structures to reduce memory usage.
870 xrep_xattr_salvage_attributes(
871 struct xrep_xattr *rx)
873 struct xfs_inode *ip = rx->sc->ip;
876 /* Short format xattrs are easy! */
877 if (rx->sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL) {
878 error = xrep_xattr_recover_sf(rx);
882 return xrep_xattr_flush_stashed(rx);
886 * For non-inline xattr structures, the salvage function scans the
887 * buffer cache looking for potential attr leaf blocks. The scan
888 * requires the ability to lock any buffer found and runs independently
889 * of any transaction <-> buffer item <-> buffer linkage. Therefore,
890 * roll the transaction to ensure there are no buffers joined. We hold
891 * the ILOCK independently of the transaction.
893 error = xfs_trans_roll(&rx->sc->tp);
897 error = xfs_iread_extents(rx->sc->tp, ip, XFS_ATTR_FORK);
901 error = xrep_xattr_recover(rx);
905 return xrep_xattr_flush_stashed(rx);
909 * Prepare both inodes' attribute forks for an exchange. Promote the tempfile
910 * from short format to leaf format, and if the file being repaired has a short
911 * format attr fork, turn it into an empty extent list.
914 xrep_xattr_swap_prep(
915 struct xfs_scrub *sc,
922 * If the tempfile's attributes are in shortform format, convert that
923 * to a single leaf extent so that we can use the atomic mapping
927 struct xfs_da_args args = {
929 .geo = sc->mp->m_attr_geo,
930 .whichfork = XFS_ATTR_FORK,
933 .owner = sc->ip->i_ino,
936 error = xfs_attr_shortform_to_leaf(&args);
941 * Roll the deferred log items to get us back to a clean
944 error = xfs_defer_finish(&sc->tp);
950 * If the file being repaired had a shortform attribute fork, convert
951 * that to an empty extent list in preparation for the atomic mapping
955 struct xfs_ifork *ifp;
957 ifp = xfs_ifork_ptr(sc->ip, XFS_ATTR_FORK);
959 xfs_idestroy_fork(ifp);
960 ifp->if_format = XFS_DINODE_FMT_EXTENTS;
961 ifp->if_nextents = 0;
966 xfs_trans_log_inode(sc->tp, sc->ip,
967 XFS_ILOG_CORE | XFS_ILOG_ADATA);
973 /* Exchange the temporary file's attribute fork with the one being repaired. */
976 struct xfs_scrub *sc,
977 struct xrep_tempexch *tx)
979 bool ip_local, temp_local;
982 ip_local = sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL;
983 temp_local = sc->tempip->i_af.if_format == XFS_DINODE_FMT_LOCAL;
986 * If the both files have a local format attr fork and the rebuilt
987 * xattr data would fit in the repaired file's attr fork, just copy
988 * the contents from the tempfile and declare ourselves done.
990 if (ip_local && temp_local) {
994 newsize = xfs_attr_sf_totsize(sc->tempip);
995 forkoff = xfs_attr_shortform_bytesfit(sc->ip, newsize);
997 sc->ip->i_forkoff = forkoff;
998 xrep_tempfile_copyout_local(sc, XFS_ATTR_FORK);
1003 /* Otherwise, make sure both attr forks are in block-mapping mode. */
1004 error = xrep_xattr_swap_prep(sc, temp_local, ip_local);
1008 return xrep_tempexch_contents(sc, tx);
1012 * Exchange the new extended attribute data (which we created in the tempfile)
1013 * with the file being repaired.
1016 xrep_xattr_rebuild_tree(
1017 struct xrep_xattr *rx)
1019 struct xfs_scrub *sc = rx->sc;
1023 * If we didn't find any attributes to salvage, repair the file by
1024 * zapping its attr fork.
1026 if (rx->attrs_found == 0) {
1027 xfs_trans_ijoin(sc->tp, sc->ip, 0);
1028 error = xrep_xattr_reset_fork(sc);
1035 trace_xrep_xattr_rebuild_tree(sc->ip, sc->tempip);
1038 * Commit the repair transaction and drop the ILOCKs so that we can use
1039 * the atomic file content exchange helper functions to compute the
1040 * correct resource reservations.
1042 * We still hold IOLOCK_EXCL (aka i_rwsem) which will prevent xattr
1043 * modifications, but there's nothing to prevent userspace from reading
1044 * the attributes until we're ready for the exchange operation. Reads
1045 * will return -EIO without shutting down the fs, so we're ok with
1048 error = xrep_trans_commit(sc);
1052 xchk_iunlock(sc, XFS_ILOCK_EXCL);
1055 * Take the IOLOCK on the temporary file so that we can run xattr
1056 * operations with the same locks held as we would for a normal file.
1057 * We still hold sc->ip's IOLOCK.
1059 error = xrep_tempfile_iolock_polled(rx->sc);
1063 /* Allocate exchange transaction and lock both inodes. */
1064 error = xrep_tempexch_trans_alloc(rx->sc, XFS_ATTR_FORK, &rx->tx);
1069 * Exchange the blocks mapped by the tempfile's attr fork with the file
1070 * being repaired. The old attr blocks will then be attached to the
1071 * tempfile, so reap its attr fork.
1073 error = xrep_xattr_swap(sc, &rx->tx);
1077 error = xrep_xattr_reset_tempfile_fork(sc);
1082 * Roll to get a transaction without any inodes joined to it. Then we
1083 * can drop the tempfile's ILOCK and IOLOCK before doing more work on
1084 * the scrub target file.
1086 error = xfs_trans_roll(&sc->tp);
1090 xrep_tempfile_iunlock(sc);
1091 xrep_tempfile_iounlock(sc);
1094 /* Invalidate cached ACLs now that we've reloaded all the xattrs. */
1095 xfs_forget_acl(VFS_I(sc->ip), SGI_ACL_FILE);
1096 xfs_forget_acl(VFS_I(sc->ip), SGI_ACL_DEFAULT);
1100 /* Tear down all the incore scan stuff we created. */
1102 xrep_xattr_teardown(
1103 struct xrep_xattr *rx)
1105 xfblob_destroy(rx->xattr_blobs);
1106 xfarray_destroy(rx->xattr_records);
1110 /* Set up the filesystem scan so we can regenerate extended attributes. */
1112 xrep_xattr_setup_scan(
1113 struct xfs_scrub *sc,
1114 struct xrep_xattr **rxp)
1116 struct xrep_xattr *rx;
1121 rx = kzalloc(sizeof(struct xrep_xattr), XCHK_GFP_FLAGS);
1127 * Allocate enough memory to handle loading local attr values from the
1128 * xfblob data while flushing stashed attrs to the temporary file.
1129 * We only realloc the buffer when salvaging remote attr values.
1131 max_len = xfs_attr_leaf_entsize_local_max(sc->mp->m_attr_geo->blksize);
1132 error = xchk_setup_xattr_buf(rx->sc, max_len);
1133 if (error == -ENOMEM)
1138 /* Set up some staging for salvaged attribute keys and values */
1139 descr = xchk_xfile_ino_descr(sc, "xattr keys");
1140 error = xfarray_create(descr, 0, sizeof(struct xrep_xattr_key),
1141 &rx->xattr_records);
1146 descr = xchk_xfile_ino_descr(sc, "xattr names");
1147 error = xfblob_create(descr, &rx->xattr_blobs);
1155 xfarray_destroy(rx->xattr_records);
1162 * Repair the extended attribute metadata.
1164 * XXX: Remote attribute value buffers encompass the entire (up to 64k) buffer.
1165 * The buffer cache in XFS can't handle aliased multiblock buffers, so this
1166 * might misbehave if the attr fork is crosslinked with other filesystem
1171 struct xfs_scrub *sc)
1173 struct xrep_xattr *rx = NULL;
1176 if (!xfs_inode_hasattr(sc->ip))
1179 /* The rmapbt is required to reap the old attr fork. */
1180 if (!xfs_has_rmapbt(sc->mp))
1183 error = xrep_xattr_setup_scan(sc, &rx);
1187 ASSERT(sc->ilock_flags & XFS_ILOCK_EXCL);
1189 error = xrep_xattr_salvage_attributes(rx);
1193 /* Last chance to abort before we start committing fixes. */
1194 if (xchk_should_terminate(sc, &error))
1197 error = xrep_xattr_rebuild_tree(rx);
1202 xrep_xattr_teardown(rx);
projects / linux-2.6-block.git / blob