1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2017 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_trans_resv.h"
11 #include "xfs_mount.h"
12 #include "xfs_defer.h"
13 #include "xfs_btree.h"
14 #include "xfs_bit.h"
15 #include "xfs_log_format.h"
16 #include "xfs_trans.h"
17 #include "xfs_sb.h"
18 #include "xfs_inode.h"
19 #include "xfs_icache.h"
20 #include "xfs_itable.h"
21 #include "xfs_da_format.h"
22 #include "xfs_da_btree.h"
23 #include "xfs_dir2.h"
24 #include "xfs_dir2_priv.h"
25 #include "xfs_ialloc.h"
26 #include "scrub/xfs_scrub.h"
27 #include "scrub/scrub.h"
28 #include "scrub/common.h"
29 #include "scrub/trace.h"
30 #include "scrub/dabtree.h"
31
32 /* Set us up to scrub directories. */
33 int
xchk_setup_directory(struct xfs_scrub * sc,struct xfs_inode * ip)34 xchk_setup_directory(
35 struct xfs_scrub *sc,
36 struct xfs_inode *ip)
37 {
38 return xchk_setup_inode_contents(sc, ip, 0);
39 }
40
41 /* Directories */
42
43 /* Scrub a directory entry. */
44
45 struct xchk_dir_ctx {
46 /* VFS fill-directory iterator */
47 struct dir_context dir_iter;
48
49 struct xfs_scrub *sc;
50 };
51
52 /* Check that an inode's mode matches a given DT_ type. */
53 STATIC int
xchk_dir_check_ftype(struct xchk_dir_ctx * sdc,xfs_fileoff_t offset,xfs_ino_t inum,int dtype)54 xchk_dir_check_ftype(
55 struct xchk_dir_ctx *sdc,
56 xfs_fileoff_t offset,
57 xfs_ino_t inum,
58 int dtype)
59 {
60 struct xfs_mount *mp = sdc->sc->mp;
61 struct xfs_inode *ip;
62 int ino_dtype;
63 int error = 0;
64
65 if (!xfs_sb_version_hasftype(&mp->m_sb)) {
66 if (dtype != DT_UNKNOWN && dtype != DT_DIR)
67 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
68 offset);
69 goto out;
70 }
71
72 /*
73 * Grab the inode pointed to by the dirent. We release the
74 * inode before we cancel the scrub transaction. Since we're
75 * don't know a priori that releasing the inode won't trigger
76 * eofblocks cleanup (which allocates what would be a nested
77 * transaction), we can't use DONTCACHE here because DONTCACHE
78 * inodes can trigger immediate inactive cleanup of the inode.
79 */
80 error = xfs_iget(mp, sdc->sc->tp, inum, 0, 0, &ip);
81 if (!xchk_fblock_xref_process_error(sdc->sc, XFS_DATA_FORK, offset,
82 &error))
83 goto out;
84
85 /* Convert mode to the DT_* values that dir_emit uses. */
86 ino_dtype = xfs_dir3_get_dtype(mp,
87 xfs_mode_to_ftype(VFS_I(ip)->i_mode));
88 if (ino_dtype != dtype)
89 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
90 xfs_irele(ip);
91 out:
92 return error;
93 }
94
95 /*
96 * Scrub a single directory entry.
97 *
98 * We use the VFS directory iterator (i.e. readdir) to call this
99 * function for every directory entry in a directory. Once we're here,
100 * we check the inode number to make sure it's sane, then we check that
101 * we can look up this filename. Finally, we check the ftype.
102 */
103 STATIC int
xchk_dir_actor(struct dir_context * dir_iter,const char * name,int namelen,loff_t pos,u64 ino,unsigned type)104 xchk_dir_actor(
105 struct dir_context *dir_iter,
106 const char *name,
107 int namelen,
108 loff_t pos,
109 u64 ino,
110 unsigned type)
111 {
112 struct xfs_mount *mp;
113 struct xfs_inode *ip;
114 struct xchk_dir_ctx *sdc;
115 struct xfs_name xname;
116 xfs_ino_t lookup_ino;
117 xfs_dablk_t offset;
118 int error = 0;
119
120 sdc = container_of(dir_iter, struct xchk_dir_ctx, dir_iter);
121 ip = sdc->sc->ip;
122 mp = ip->i_mount;
123 offset = xfs_dir2_db_to_da(mp->m_dir_geo,
124 xfs_dir2_dataptr_to_db(mp->m_dir_geo, pos));
125
126 /* Does this inode number make sense? */
127 if (!xfs_verify_dir_ino(mp, ino)) {
128 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
129 goto out;
130 }
131
132 if (!strncmp(".", name, namelen)) {
133 /* If this is "." then check that the inum matches the dir. */
134 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR)
135 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
136 offset);
137 if (ino != ip->i_ino)
138 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
139 offset);
140 } else if (!strncmp("..", name, namelen)) {
141 /*
142 * If this is ".." in the root inode, check that the inum
143 * matches this dir.
144 */
145 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR)
146 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
147 offset);
148 if (ip->i_ino == mp->m_sb.sb_rootino && ino != ip->i_ino)
149 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
150 offset);
151 }
152
153 /* Verify that we can look up this name by hash. */
154 xname.name = name;
155 xname.len = namelen;
156 xname.type = XFS_DIR3_FT_UNKNOWN;
157
158 error = xfs_dir_lookup(sdc->sc->tp, ip, &xname, &lookup_ino, NULL);
159 /* ENOENT means the hash lookup failed and the dir is corrupt */
160 if (error == -ENOENT)
161 error = -EFSCORRUPTED;
162 if (!xchk_fblock_process_error(sdc->sc, XFS_DATA_FORK, offset,
163 &error))
164 goto out;
165 if (lookup_ino != ino) {
166 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
167 goto out;
168 }
169
170 /* Verify the file type. This function absorbs error codes. */
171 error = xchk_dir_check_ftype(sdc, offset, lookup_ino, type);
172 if (error)
173 goto out;
174 out:
175 /*
176 * A negative error code returned here is supposed to cause the
177 * dir_emit caller (xfs_readdir) to abort the directory iteration
178 * and return zero to xchk_directory.
179 */
180 if (error == 0 && sdc->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
181 return -EFSCORRUPTED;
182 return error;
183 }
184
185 /* Scrub a directory btree record. */
186 STATIC int
xchk_dir_rec(struct xchk_da_btree * ds,int level,void * rec)187 xchk_dir_rec(
188 struct xchk_da_btree *ds,
189 int level,
190 void *rec)
191 {
192 struct xfs_mount *mp = ds->state->mp;
193 struct xfs_dir2_leaf_entry *ent = rec;
194 struct xfs_inode *dp = ds->dargs.dp;
195 struct xfs_dir2_data_entry *dent;
196 struct xfs_buf *bp;
197 char *p, *endp;
198 xfs_ino_t ino;
199 xfs_dablk_t rec_bno;
200 xfs_dir2_db_t db;
201 xfs_dir2_data_aoff_t off;
202 xfs_dir2_dataptr_t ptr;
203 xfs_dahash_t calc_hash;
204 xfs_dahash_t hash;
205 unsigned int tag;
206 int error;
207
208 /* Check the hash of the entry. */
209 error = xchk_da_btree_hash(ds, level, &ent->hashval);
210 if (error)
211 goto out;
212
213 /* Valid hash pointer? */
214 ptr = be32_to_cpu(ent->address);
215 if (ptr == 0)
216 return 0;
217
218 /* Find the directory entry's location. */
219 db = xfs_dir2_dataptr_to_db(mp->m_dir_geo, ptr);
220 off = xfs_dir2_dataptr_to_off(mp->m_dir_geo, ptr);
221 rec_bno = xfs_dir2_db_to_da(mp->m_dir_geo, db);
222
223 if (rec_bno >= mp->m_dir_geo->leafblk) {
224 xchk_da_set_corrupt(ds, level);
225 goto out;
226 }
227 error = xfs_dir3_data_read(ds->dargs.trans, dp, rec_bno, -2, &bp);
228 if (!xchk_fblock_process_error(ds->sc, XFS_DATA_FORK, rec_bno,
229 &error))
230 goto out;
231 if (!bp) {
232 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
233 goto out;
234 }
235 xchk_buffer_recheck(ds->sc, bp);
236
237 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
238 goto out_relse;
239
240 dent = (struct xfs_dir2_data_entry *)(((char *)bp->b_addr) + off);
241
242 /* Make sure we got a real directory entry. */
243 p = (char *)mp->m_dir_inode_ops->data_entry_p(bp->b_addr);
244 endp = xfs_dir3_data_endp(mp->m_dir_geo, bp->b_addr);
245 if (!endp) {
246 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
247 goto out_relse;
248 }
249 while (p < endp) {
250 struct xfs_dir2_data_entry *dep;
251 struct xfs_dir2_data_unused *dup;
252
253 dup = (struct xfs_dir2_data_unused *)p;
254 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
255 p += be16_to_cpu(dup->length);
256 continue;
257 }
258 dep = (struct xfs_dir2_data_entry *)p;
259 if (dep == dent)
260 break;
261 p += mp->m_dir_inode_ops->data_entsize(dep->namelen);
262 }
263 if (p >= endp) {
264 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
265 goto out_relse;
266 }
267
268 /* Retrieve the entry, sanity check it, and compare hashes. */
269 ino = be64_to_cpu(dent->inumber);
270 hash = be32_to_cpu(ent->hashval);
271 tag = be16_to_cpup(dp->d_ops->data_entry_tag_p(dent));
272 if (!xfs_verify_dir_ino(mp, ino) || tag != off)
273 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
274 if (dent->namelen == 0) {
275 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
276 goto out_relse;
277 }
278 calc_hash = xfs_da_hashname(dent->name, dent->namelen);
279 if (calc_hash != hash)
280 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
281
282 out_relse:
283 xfs_trans_brelse(ds->dargs.trans, bp);
284 out:
285 return error;
286 }
287
288 /*
289 * Is this unused entry either in the bestfree or smaller than all of
290 * them? We've already checked that the bestfrees are sorted longest to
291 * shortest, and that there aren't any bogus entries.
292 */
293 STATIC void
xchk_directory_check_free_entry(struct xfs_scrub * sc,xfs_dablk_t lblk,struct xfs_dir2_data_free * bf,struct xfs_dir2_data_unused * dup)294 xchk_directory_check_free_entry(
295 struct xfs_scrub *sc,
296 xfs_dablk_t lblk,
297 struct xfs_dir2_data_free *bf,
298 struct xfs_dir2_data_unused *dup)
299 {
300 struct xfs_dir2_data_free *dfp;
301 unsigned int dup_length;
302
303 dup_length = be16_to_cpu(dup->length);
304
305 /* Unused entry is shorter than any of the bestfrees */
306 if (dup_length < be16_to_cpu(bf[XFS_DIR2_DATA_FD_COUNT - 1].length))
307 return;
308
309 for (dfp = &bf[XFS_DIR2_DATA_FD_COUNT - 1]; dfp >= bf; dfp--)
310 if (dup_length == be16_to_cpu(dfp->length))
311 return;
312
313 /* Unused entry should be in the bestfrees but wasn't found. */
314 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
315 }
316
317 /* Check free space info in a directory data block. */
318 STATIC int
xchk_directory_data_bestfree(struct xfs_scrub * sc,xfs_dablk_t lblk,bool is_block)319 xchk_directory_data_bestfree(
320 struct xfs_scrub *sc,
321 xfs_dablk_t lblk,
322 bool is_block)
323 {
324 struct xfs_dir2_data_unused *dup;
325 struct xfs_dir2_data_free *dfp;
326 struct xfs_buf *bp;
327 struct xfs_dir2_data_free *bf;
328 struct xfs_mount *mp = sc->mp;
329 const struct xfs_dir_ops *d_ops;
330 char *ptr;
331 char *endptr;
332 u16 tag;
333 unsigned int nr_bestfrees = 0;
334 unsigned int nr_frees = 0;
335 unsigned int smallest_bestfree;
336 int newlen;
337 int offset;
338 int error;
339
340 d_ops = sc->ip->d_ops;
341
342 if (is_block) {
343 /* dir block format */
344 if (lblk != XFS_B_TO_FSBT(mp, XFS_DIR2_DATA_OFFSET))
345 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
346 error = xfs_dir3_block_read(sc->tp, sc->ip, &bp);
347 } else {
348 /* dir data format */
349 error = xfs_dir3_data_read(sc->tp, sc->ip, lblk, -1, &bp);
350 }
351 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
352 goto out;
353 xchk_buffer_recheck(sc, bp);
354
355 /* XXX: Check xfs_dir3_data_hdr.pad is zero once we start setting it. */
356
357 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
358 goto out_buf;
359
360 /* Do the bestfrees correspond to actual free space? */
361 bf = d_ops->data_bestfree_p(bp->b_addr);
362 smallest_bestfree = UINT_MAX;
363 for (dfp = &bf[0]; dfp < &bf[XFS_DIR2_DATA_FD_COUNT]; dfp++) {
364 offset = be16_to_cpu(dfp->offset);
365 if (offset == 0)
366 continue;
367 if (offset >= mp->m_dir_geo->blksize) {
368 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
369 goto out_buf;
370 }
371 dup = (struct xfs_dir2_data_unused *)(bp->b_addr + offset);
372 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
373
374 /* bestfree doesn't match the entry it points at? */
375 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG) ||
376 be16_to_cpu(dup->length) != be16_to_cpu(dfp->length) ||
377 tag != ((char *)dup - (char *)bp->b_addr)) {
378 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
379 goto out_buf;
380 }
381
382 /* bestfree records should be ordered largest to smallest */
383 if (smallest_bestfree < be16_to_cpu(dfp->length)) {
384 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
385 goto out_buf;
386 }
387
388 smallest_bestfree = be16_to_cpu(dfp->length);
389 nr_bestfrees++;
390 }
391
392 /* Make sure the bestfrees are actually the best free spaces. */
393 ptr = (char *)d_ops->data_entry_p(bp->b_addr);
394 endptr = xfs_dir3_data_endp(mp->m_dir_geo, bp->b_addr);
395
396 /* Iterate the entries, stopping when we hit or go past the end. */
397 while (ptr < endptr) {
398 dup = (struct xfs_dir2_data_unused *)ptr;
399 /* Skip real entries */
400 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG)) {
401 struct xfs_dir2_data_entry *dep;
402
403 dep = (struct xfs_dir2_data_entry *)ptr;
404 newlen = d_ops->data_entsize(dep->namelen);
405 if (newlen <= 0) {
406 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
407 lblk);
408 goto out_buf;
409 }
410 ptr += newlen;
411 continue;
412 }
413
414 /* Spot check this free entry */
415 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
416 if (tag != ((char *)dup - (char *)bp->b_addr)) {
417 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
418 goto out_buf;
419 }
420
421 /*
422 * Either this entry is a bestfree or it's smaller than
423 * any of the bestfrees.
424 */
425 xchk_directory_check_free_entry(sc, lblk, bf, dup);
426 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
427 goto out_buf;
428
429 /* Move on. */
430 newlen = be16_to_cpu(dup->length);
431 if (newlen <= 0) {
432 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
433 goto out_buf;
434 }
435 ptr += newlen;
436 if (ptr <= endptr)
437 nr_frees++;
438 }
439
440 /* We're required to fill all the space. */
441 if (ptr != endptr)
442 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
443
444 /* Did we see at least as many free slots as there are bestfrees? */
445 if (nr_frees < nr_bestfrees)
446 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
447 out_buf:
448 xfs_trans_brelse(sc->tp, bp);
449 out:
450 return error;
451 }
452
453 /*
454 * Does the free space length in the free space index block ($len) match
455 * the longest length in the directory data block's bestfree array?
456 * Assume that we've already checked that the data block's bestfree
457 * array is in order.
458 */
459 STATIC void
xchk_directory_check_freesp(struct xfs_scrub * sc,xfs_dablk_t lblk,struct xfs_buf * dbp,unsigned int len)460 xchk_directory_check_freesp(
461 struct xfs_scrub *sc,
462 xfs_dablk_t lblk,
463 struct xfs_buf *dbp,
464 unsigned int len)
465 {
466 struct xfs_dir2_data_free *dfp;
467
468 dfp = sc->ip->d_ops->data_bestfree_p(dbp->b_addr);
469
470 if (len != be16_to_cpu(dfp->length))
471 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
472
473 if (len > 0 && be16_to_cpu(dfp->offset) == 0)
474 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
475 }
476
477 /* Check free space info in a directory leaf1 block. */
478 STATIC int
xchk_directory_leaf1_bestfree(struct xfs_scrub * sc,struct xfs_da_args * args,xfs_dablk_t lblk)479 xchk_directory_leaf1_bestfree(
480 struct xfs_scrub *sc,
481 struct xfs_da_args *args,
482 xfs_dablk_t lblk)
483 {
484 struct xfs_dir3_icleaf_hdr leafhdr;
485 struct xfs_dir2_leaf_entry *ents;
486 struct xfs_dir2_leaf_tail *ltp;
487 struct xfs_dir2_leaf *leaf;
488 struct xfs_buf *dbp;
489 struct xfs_buf *bp;
490 const struct xfs_dir_ops *d_ops = sc->ip->d_ops;
491 struct xfs_da_geometry *geo = sc->mp->m_dir_geo;
492 __be16 *bestp;
493 __u16 best;
494 __u32 hash;
495 __u32 lasthash = 0;
496 __u32 bestcount;
497 unsigned int stale = 0;
498 int i;
499 int error;
500
501 /* Read the free space block. */
502 error = xfs_dir3_leaf_read(sc->tp, sc->ip, lblk, -1, &bp);
503 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
504 goto out;
505 xchk_buffer_recheck(sc, bp);
506
507 leaf = bp->b_addr;
508 d_ops->leaf_hdr_from_disk(&leafhdr, leaf);
509 ents = d_ops->leaf_ents_p(leaf);
510 ltp = xfs_dir2_leaf_tail_p(geo, leaf);
511 bestcount = be32_to_cpu(ltp->bestcount);
512 bestp = xfs_dir2_leaf_bests_p(ltp);
513
514 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) {
515 struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
516
517 if (hdr3->pad != cpu_to_be32(0))
518 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
519 }
520
521 /*
522 * There should be as many bestfree slots as there are dir data
523 * blocks that can fit under i_size.
524 */
525 if (bestcount != xfs_dir2_byte_to_db(geo, sc->ip->i_d.di_size)) {
526 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
527 goto out;
528 }
529
530 /* Is the leaf count even remotely sane? */
531 if (leafhdr.count > d_ops->leaf_max_ents(geo)) {
532 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
533 goto out;
534 }
535
536 /* Leaves and bests don't overlap in leaf format. */
537 if ((char *)&ents[leafhdr.count] > (char *)bestp) {
538 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
539 goto out;
540 }
541
542 /* Check hash value order, count stale entries. */
543 for (i = 0; i < leafhdr.count; i++) {
544 hash = be32_to_cpu(ents[i].hashval);
545 if (i > 0 && lasthash > hash)
546 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
547 lasthash = hash;
548 if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
549 stale++;
550 }
551 if (leafhdr.stale != stale)
552 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
553 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
554 goto out;
555
556 /* Check all the bestfree entries. */
557 for (i = 0; i < bestcount; i++, bestp++) {
558 best = be16_to_cpu(*bestp);
559 if (best == NULLDATAOFF)
560 continue;
561 error = xfs_dir3_data_read(sc->tp, sc->ip,
562 i * args->geo->fsbcount, -1, &dbp);
563 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
564 &error))
565 break;
566 xchk_directory_check_freesp(sc, lblk, dbp, best);
567 xfs_trans_brelse(sc->tp, dbp);
568 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
569 goto out;
570 }
571 out:
572 return error;
573 }
574
575 /* Check free space info in a directory freespace block. */
576 STATIC int
xchk_directory_free_bestfree(struct xfs_scrub * sc,struct xfs_da_args * args,xfs_dablk_t lblk)577 xchk_directory_free_bestfree(
578 struct xfs_scrub *sc,
579 struct xfs_da_args *args,
580 xfs_dablk_t lblk)
581 {
582 struct xfs_dir3_icfree_hdr freehdr;
583 struct xfs_buf *dbp;
584 struct xfs_buf *bp;
585 __be16 *bestp;
586 __u16 best;
587 unsigned int stale = 0;
588 int i;
589 int error;
590
591 /* Read the free space block */
592 error = xfs_dir2_free_read(sc->tp, sc->ip, lblk, &bp);
593 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
594 goto out;
595 xchk_buffer_recheck(sc, bp);
596
597 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) {
598 struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
599
600 if (hdr3->pad != cpu_to_be32(0))
601 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
602 }
603
604 /* Check all the entries. */
605 sc->ip->d_ops->free_hdr_from_disk(&freehdr, bp->b_addr);
606 bestp = sc->ip->d_ops->free_bests_p(bp->b_addr);
607 for (i = 0; i < freehdr.nvalid; i++, bestp++) {
608 best = be16_to_cpu(*bestp);
609 if (best == NULLDATAOFF) {
610 stale++;
611 continue;
612 }
613 error = xfs_dir3_data_read(sc->tp, sc->ip,
614 (freehdr.firstdb + i) * args->geo->fsbcount,
615 -1, &dbp);
616 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
617 &error))
618 break;
619 xchk_directory_check_freesp(sc, lblk, dbp, best);
620 xfs_trans_brelse(sc->tp, dbp);
621 }
622
623 if (freehdr.nused + stale != freehdr.nvalid)
624 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
625 out:
626 return error;
627 }
628
629 /* Check free space information in directories. */
630 STATIC int
xchk_directory_blocks(struct xfs_scrub * sc)631 xchk_directory_blocks(
632 struct xfs_scrub *sc)
633 {
634 struct xfs_bmbt_irec got;
635 struct xfs_da_args args;
636 struct xfs_ifork *ifp;
637 struct xfs_mount *mp = sc->mp;
638 xfs_fileoff_t leaf_lblk;
639 xfs_fileoff_t free_lblk;
640 xfs_fileoff_t lblk;
641 struct xfs_iext_cursor icur;
642 xfs_dablk_t dabno;
643 bool found;
644 int is_block = 0;
645 int error;
646
647 /* Ignore local format directories. */
648 if (sc->ip->i_d.di_format != XFS_DINODE_FMT_EXTENTS &&
649 sc->ip->i_d.di_format != XFS_DINODE_FMT_BTREE)
650 return 0;
651
652 ifp = XFS_IFORK_PTR(sc->ip, XFS_DATA_FORK);
653 lblk = XFS_B_TO_FSB(mp, XFS_DIR2_DATA_OFFSET);
654 leaf_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_LEAF_OFFSET);
655 free_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_FREE_OFFSET);
656
657 /* Is this a block dir? */
658 args.dp = sc->ip;
659 args.geo = mp->m_dir_geo;
660 args.trans = sc->tp;
661 error = xfs_dir2_isblock(&args, &is_block);
662 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
663 goto out;
664
665 /* Iterate all the data extents in the directory... */
666 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
667 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
668 /* Block directories only have a single block at offset 0. */
669 if (is_block &&
670 (got.br_startoff > 0 ||
671 got.br_blockcount != args.geo->fsbcount)) {
672 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
673 got.br_startoff);
674 break;
675 }
676
677 /* No more data blocks... */
678 if (got.br_startoff >= leaf_lblk)
679 break;
680
681 /*
682 * Check each data block's bestfree data.
683 *
684 * Iterate all the fsbcount-aligned block offsets in
685 * this directory. The directory block reading code is
686 * smart enough to do its own bmap lookups to handle
687 * discontiguous directory blocks. When we're done
688 * with the extent record, re-query the bmap at the
689 * next fsbcount-aligned offset to avoid redundant
690 * block checks.
691 */
692 for (lblk = roundup((xfs_dablk_t)got.br_startoff,
693 args.geo->fsbcount);
694 lblk < got.br_startoff + got.br_blockcount;
695 lblk += args.geo->fsbcount) {
696 error = xchk_directory_data_bestfree(sc, lblk,
697 is_block);
698 if (error)
699 goto out;
700 }
701 dabno = got.br_startoff + got.br_blockcount;
702 lblk = roundup(dabno, args.geo->fsbcount);
703 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
704 }
705
706 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
707 goto out;
708
709 /* Look for a leaf1 block, which has free info. */
710 if (xfs_iext_lookup_extent(sc->ip, ifp, leaf_lblk, &icur, &got) &&
711 got.br_startoff == leaf_lblk &&
712 got.br_blockcount == args.geo->fsbcount &&
713 !xfs_iext_next_extent(ifp, &icur, &got)) {
714 if (is_block) {
715 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
716 goto out;
717 }
718 error = xchk_directory_leaf1_bestfree(sc, &args,
719 leaf_lblk);
720 if (error)
721 goto out;
722 }
723
724 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
725 goto out;
726
727 /* Scan for free blocks */
728 lblk = free_lblk;
729 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
730 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
731 /*
732 * Dirs can't have blocks mapped above 2^32.
733 * Single-block dirs shouldn't even be here.
734 */
735 lblk = got.br_startoff;
736 if (lblk & ~0xFFFFFFFFULL) {
737 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
738 goto out;
739 }
740 if (is_block) {
741 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
742 goto out;
743 }
744
745 /*
746 * Check each dir free block's bestfree data.
747 *
748 * Iterate all the fsbcount-aligned block offsets in
749 * this directory. The directory block reading code is
750 * smart enough to do its own bmap lookups to handle
751 * discontiguous directory blocks. When we're done
752 * with the extent record, re-query the bmap at the
753 * next fsbcount-aligned offset to avoid redundant
754 * block checks.
755 */
756 for (lblk = roundup((xfs_dablk_t)got.br_startoff,
757 args.geo->fsbcount);
758 lblk < got.br_startoff + got.br_blockcount;
759 lblk += args.geo->fsbcount) {
760 error = xchk_directory_free_bestfree(sc, &args,
761 lblk);
762 if (error)
763 goto out;
764 }
765 dabno = got.br_startoff + got.br_blockcount;
766 lblk = roundup(dabno, args.geo->fsbcount);
767 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
768 }
769 out:
770 return error;
771 }
772
773 /* Scrub a whole directory. */
774 int
xchk_directory(struct xfs_scrub * sc)775 xchk_directory(
776 struct xfs_scrub *sc)
777 {
778 struct xchk_dir_ctx sdc = {
779 .dir_iter.actor = xchk_dir_actor,
780 .dir_iter.pos = 0,
781 .sc = sc,
782 };
783 size_t bufsize;
784 loff_t oldpos;
785 int error = 0;
786
787 if (!S_ISDIR(VFS_I(sc->ip)->i_mode))
788 return -ENOENT;
789
790 /* Plausible size? */
791 if (sc->ip->i_d.di_size < xfs_dir2_sf_hdr_size(0)) {
792 xchk_ino_set_corrupt(sc, sc->ip->i_ino);
793 goto out;
794 }
795
796 /* Check directory tree structure */
797 error = xchk_da_btree(sc, XFS_DATA_FORK, xchk_dir_rec, NULL);
798 if (error)
799 return error;
800
801 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
802 return error;
803
804 /* Check the freespace. */
805 error = xchk_directory_blocks(sc);
806 if (error)
807 return error;
808
809 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
810 return error;
811
812 /*
813 * Check that every dirent we see can also be looked up by hash.
814 * Userspace usually asks for a 32k buffer, so we will too.
815 */
816 bufsize = (size_t)min_t(loff_t, XFS_READDIR_BUFSIZE,
817 sc->ip->i_d.di_size);
818
819 /*
820 * Look up every name in this directory by hash.
821 *
822 * Use the xfs_readdir function to call xchk_dir_actor on
823 * every directory entry in this directory. In _actor, we check
824 * the name, inode number, and ftype (if applicable) of the
825 * entry. xfs_readdir uses the VFS filldir functions to provide
826 * iteration context.
827 *
828 * The VFS grabs a read or write lock via i_rwsem before it reads
829 * or writes to a directory. If we've gotten this far we've
830 * already obtained IOLOCK_EXCL, which (since 4.10) is the same as
831 * getting a write lock on i_rwsem. Therefore, it is safe for us
832 * to drop the ILOCK here in order to reuse the _readdir and
833 * _dir_lookup routines, which do their own ILOCK locking.
834 */
835 oldpos = 0;
836 sc->ilock_flags &= ~XFS_ILOCK_EXCL;
837 xfs_iunlock(sc->ip, XFS_ILOCK_EXCL);
838 while (true) {
839 error = xfs_readdir(sc->tp, sc->ip, &sdc.dir_iter, bufsize);
840 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, 0,
841 &error))
842 goto out;
843 if (oldpos == sdc.dir_iter.pos)
844 break;
845 oldpos = sdc.dir_iter.pos;
846 }
847
848 out:
849 return error;
850 }
851