fs/xfs/scrub/quota.c

   1 /*
   2  * Copyright (C) 2017 Oracle.  All Rights Reserved.
   3  *
   4  * Author: Darrick J. Wong <darrick.wong@oracle.com>
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version 2
   9  * of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it would be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write the Free Software Foundation,
  18  * Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 #include "xfs.h"
  21 #include "xfs_fs.h"
  22 #include "xfs_shared.h"
  23 #include "xfs_format.h"
  24 #include "xfs_trans_resv.h"
  25 #include "xfs_mount.h"
  26 #include "xfs_defer.h"
  27 #include "xfs_btree.h"
  28 #include "xfs_bit.h"
  29 #include "xfs_log_format.h"
  30 #include "xfs_trans.h"
  31 #include "xfs_sb.h"
  32 #include "xfs_inode.h"
  33 #include "xfs_inode_fork.h"
  34 #include "xfs_alloc.h"
  35 #include "xfs_bmap.h"
  36 #include "xfs_quota.h"
  37 #include "xfs_qm.h"
  38 #include "xfs_dquot.h"
  39 #include "xfs_dquot_item.h"
  40 #include "scrub/xfs_scrub.h"
  41 #include "scrub/scrub.h"
  42 #include "scrub/common.h"
  43 #include "scrub/trace.h"
  44
  45 /* Convert a scrub type code to a DQ flag, or return 0 if error. */
  46 static inline uint
  47 xfs_scrub_quota_to_dqtype(
  48         struct xfs_scrub_context        *sc)
  49 {
  50         switch (sc->sm->sm_type) {
  51         case XFS_SCRUB_TYPE_UQUOTA:
  52                 return XFS_DQ_USER;
  53         case XFS_SCRUB_TYPE_GQUOTA:
  54                 return XFS_DQ_GROUP;
  55         case XFS_SCRUB_TYPE_PQUOTA:
  56                 return XFS_DQ_PROJ;
  57         default:
  58                 return 0;
  59         }
  60 }
  61
  62 /* Set us up to scrub a quota. */
  63 int
  64 xfs_scrub_setup_quota(
  65         struct xfs_scrub_context        *sc,
  66         struct xfs_inode                *ip)
  67 {
  68         uint                            dqtype;
  69
  70         dqtype = xfs_scrub_quota_to_dqtype(sc);
  71         if (dqtype == 0)
  72                 return -EINVAL;
  73         if (!xfs_this_quota_on(sc->mp, dqtype))
  74                 return -ENOENT;
  75         return 0;
  76 }
  77
  78 /* Quotas. */
  79
  80 /* Scrub the fields in an individual quota item. */
  81 STATIC void
  82 xfs_scrub_quota_item(
  83         struct xfs_scrub_context        *sc,
  84         uint                            dqtype,
  85         struct xfs_dquot                *dq,
  86         xfs_dqid_t                      id)
  87 {
  88         struct xfs_mount                *mp = sc->mp;
  89         struct xfs_disk_dquot           *d = &dq->q_core;
  90         struct xfs_quotainfo            *qi = mp->m_quotainfo;
  91         xfs_fileoff_t                   offset;
  92         unsigned long long              bsoft;
  93         unsigned long long              isoft;
  94         unsigned long long              rsoft;
  95         unsigned long long              bhard;
  96         unsigned long long              ihard;
  97         unsigned long long              rhard;
  98         unsigned long long              bcount;
  99         unsigned long long              icount;
 100         unsigned long long              rcount;
 101         xfs_ino_t                       fs_icount;
 102
 103         offset = id / qi->qi_dqperchunk;
 104
 105         /*
 106          * We fed $id and DQNEXT into the xfs_qm_dqget call, which means
 107          * that the actual dquot we got must either have the same id or
 108          * the next higher id.
 109          */
 110         if (id > be32_to_cpu(d->d_id))
 111                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 112
 113         /* Did we get the dquot type we wanted? */
 114         if (dqtype != (d->d_flags & XFS_DQ_ALLTYPES))
 115                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 116
 117         if (d->d_pad0 != cpu_to_be32(0) || d->d_pad != cpu_to_be16(0))
 118                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 119
 120         /* Check the limits. */
 121         bhard = be64_to_cpu(d->d_blk_hardlimit);
 122         ihard = be64_to_cpu(d->d_ino_hardlimit);
 123         rhard = be64_to_cpu(d->d_rtb_hardlimit);
 124
 125         bsoft = be64_to_cpu(d->d_blk_softlimit);
 126         isoft = be64_to_cpu(d->d_ino_softlimit);
 127         rsoft = be64_to_cpu(d->d_rtb_softlimit);
 128
 129         /*
 130          * Warn if the hard limits are larger than the fs.
 131          * Administrators can do this, though in production this seems
 132          * suspect, which is why we flag it for review.
 133          *
 134          * Complain about corruption if the soft limit is greater than
 135          * the hard limit.
 136          */
 137         if (bhard > mp->m_sb.sb_dblocks)
 138                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 139         if (bsoft > bhard)
 140                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 141
 142         if (ihard > mp->m_maxicount)
 143                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 144         if (isoft > ihard)
 145                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 146
 147         if (rhard > mp->m_sb.sb_rblocks)
 148                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 149         if (rsoft > rhard)
 150                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 151
 152         /* Check the resource counts. */
 153         bcount = be64_to_cpu(d->d_bcount);
 154         icount = be64_to_cpu(d->d_icount);
 155         rcount = be64_to_cpu(d->d_rtbcount);
 156         fs_icount = percpu_counter_sum(&mp->m_icount);
 157
 158         /*
 159          * Check that usage doesn't exceed physical limits.  However, on
 160          * a reflink filesystem we're allowed to exceed physical space
 161          * if there are no quota limits.
 162          */
 163         if (xfs_sb_version_hasreflink(&mp->m_sb)) {
 164                 if (mp->m_sb.sb_dblocks < bcount)
 165                         xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK,
 166                                         offset);
 167         } else {
 168                 if (mp->m_sb.sb_dblocks < bcount)
 169                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 170                                         offset);
 171         }
 172         if (icount > fs_icount || rcount > mp->m_sb.sb_rblocks)
 173                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 174
 175         /*
 176          * We can violate the hard limits if the admin suddenly sets a
 177          * lower limit than the actual usage.  However, we flag it for
 178          * admin review.
 179          */
 180         if (id != 0 && bhard != 0 && bcount > bhard)
 181                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 182         if (id != 0 && ihard != 0 && icount > ihard)
 183                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 184         if (id != 0 && rhard != 0 && rcount > rhard)
 185                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 186 }
 187
 188 /* Scrub all of a quota type's items. */
 189 int
 190 xfs_scrub_quota(
 191         struct xfs_scrub_context        *sc)
 192 {
 193         struct xfs_bmbt_irec            irec = { 0 };
 194         struct xfs_mount                *mp = sc->mp;
 195         struct xfs_inode                *ip;
 196         struct xfs_quotainfo            *qi = mp->m_quotainfo;
 197         struct xfs_dquot                *dq;
 198         xfs_fileoff_t                   max_dqid_off;
 199         xfs_fileoff_t                   off = 0;
 200         xfs_dqid_t                      id = 0;
 201         uint                            dqtype;
 202         int                             nimaps;
 203         int                             error = 0;
 204
 205         if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
 206                 return -ENOENT;
 207
 208         mutex_lock(&qi->qi_quotaofflock);
 209         dqtype = xfs_scrub_quota_to_dqtype(sc);
 210         if (!xfs_this_quota_on(sc->mp, dqtype)) {
 211                 error = -ENOENT;
 212                 goto out_unlock_quota;
 213         }
 214
 215         /* Attach to the quota inode and set sc->ip so that reporting works. */
 216         ip = xfs_quota_inode(sc->mp, dqtype);
 217         sc->ip = ip;
 218
 219         /* Look for problem extents. */
 220         xfs_ilock(ip, XFS_ILOCK_EXCL);
 221         if (ip->i_d.di_flags & XFS_DIFLAG_REALTIME) {
 222                 xfs_scrub_ino_set_corrupt(sc, sc->ip->i_ino);
 223                 goto out_unlock_inode;
 224         }
 225         max_dqid_off = ((xfs_dqid_t)-1) / qi->qi_dqperchunk;
 226         while (1) {
 227                 if (xfs_scrub_should_terminate(sc, &error))
 228                         break;
 229
 230                 off = irec.br_startoff + irec.br_blockcount;
 231                 nimaps = 1;
 232                 error = xfs_bmapi_read(ip, off, -1, &irec, &nimaps,
 233                                 XFS_BMAPI_ENTIRE);
 234                 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, off,
 235                                 &error))
 236                         goto out_unlock_inode;
 237                 if (!nimaps)
 238                         break;
 239                 if (irec.br_startblock == HOLESTARTBLOCK)
 240                         continue;
 241
 242                 /* Check the extent record doesn't point to crap. */
 243                 if (irec.br_startblock + irec.br_blockcount <=
 244                     irec.br_startblock)
 245                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 246                                         irec.br_startoff);
 247                 if (!xfs_verify_fsbno(mp, irec.br_startblock) ||
 248                     !xfs_verify_fsbno(mp, irec.br_startblock +
 249                                         irec.br_blockcount - 1))
 250                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 251                                         irec.br_startoff);
 252
 253                 /*
 254                  * Unwritten extents or blocks mapped above the highest
 255                  * quota id shouldn't happen.
 256                  */
 257                 if (isnullstartblock(irec.br_startblock) ||
 258                     irec.br_startoff > max_dqid_off ||
 259                     irec.br_startoff + irec.br_blockcount > max_dqid_off + 1)
 260                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, off);
 261         }
 262         xfs_iunlock(ip, XFS_ILOCK_EXCL);
 263         if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 264                 goto out;
 265
 266         /* Check all the quota items. */
 267         while (id < ((xfs_dqid_t)-1ULL)) {
 268                 if (xfs_scrub_should_terminate(sc, &error))
 269                         break;
 270
 271                 error = xfs_qm_dqget(mp, NULL, id, dqtype, XFS_QMOPT_DQNEXT,
 272                                 &dq);
 273                 if (error == -ENOENT)
 274                         break;
 275                 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK,
 276                                 id * qi->qi_dqperchunk, &error))
 277                         break;
 278
 279                 xfs_scrub_quota_item(sc, dqtype, dq, id);
 280
 281                 id = be32_to_cpu(dq->q_core.d_id) + 1;
 282                 xfs_qm_dqput(dq);
 283                 if (!id)
 284                         break;
 285         }
 286
 287 out:
 288         /* We set sc->ip earlier, so make sure we clear it now. */
 289         sc->ip = NULL;
 290 out_unlock_quota:
 291         mutex_unlock(&qi->qi_quotaofflock);
 292         return error;
 293
 294 out_unlock_inode:
 295         xfs_iunlock(ip, XFS_ILOCK_EXCL);
 296         goto out;
 297 }