2018-04-03 19:16:55 +02:00
/* SPDX-License-Identifier: GPL-2.0 */
2007-06-12 09:07:21 -04:00
/*
* Copyright ( C ) 2007 Oracle . All rights reserved .
*/
2018-04-03 19:16:55 +02:00
# ifndef BTRFS_DISK_IO_H
# define BTRFS_DISK_IO_H
2007-02-02 09:18:22 -05:00
2008-12-08 16:46:26 -05:00
# define BTRFS_SUPER_MIRROR_MAX 3
# define BTRFS_SUPER_MIRROR_SHIFT 12
2017-06-16 01:48:05 +02:00
/*
* Fixed blocksize for all devices , applies to specific ways of reading
* metadata like superblock . Must meet the set_blocksize requirements .
*
* Do not change .
*/
# define BTRFS_BDEV_BLOCKSIZE (4096)
2008-12-08 16:46:26 -05:00
static inline u64 btrfs_sb_offset ( int mirror )
{
2015-12-15 01:42:10 +09:00
u64 start = SZ_16K ;
2008-12-08 16:46:26 -05:00
if ( mirror )
return start < < ( BTRFS_SUPER_MIRROR_SHIFT * mirror ) ;
return BTRFS_SUPER_INFO_OFFSET ;
}
2008-03-24 15:01:56 -04:00
struct btrfs_device ;
2008-03-24 15:02:07 -04:00
struct btrfs_fs_devices ;
2022-11-15 10:44:04 +01:00
struct btrfs_tree_parent_check ;
2007-03-22 12:13:20 -04:00
2020-01-24 09:33:00 -05:00
void btrfs_check_leaked_roots ( struct btrfs_fs_info * fs_info ) ;
2020-01-24 09:32:59 -05:00
void btrfs_init_fs_info ( struct btrfs_fs_info * fs_info ) ;
2019-03-20 14:58:13 +01:00
int btrfs_verify_level_key ( struct extent_buffer * eb , int level ,
btrfs: Check the first key and level for cached extent buffer
[BUG]
When reading a file from a fuzzed image, kernel can panic like:
BTRFS warning (device loop0): csum failed root 5 ino 270 off 0 csum 0x98f94189 expected csum 0x00000000 mirror 1
assertion failed: !memcmp_extent_buffer(b, &disk_key, offsetof(struct btrfs_leaf, items[0].key), sizeof(disk_key)), file: fs/btrfs/ctree.c, line: 2544
------------[ cut here ]------------
kernel BUG at fs/btrfs/ctree.h:3500!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:btrfs_search_slot.cold.24+0x61/0x63 [btrfs]
Call Trace:
btrfs_lookup_csum+0x52/0x150 [btrfs]
__btrfs_lookup_bio_sums+0x209/0x640 [btrfs]
btrfs_submit_bio_hook+0x103/0x170 [btrfs]
submit_one_bio+0x59/0x80 [btrfs]
extent_read_full_page+0x58/0x80 [btrfs]
generic_file_read_iter+0x2f6/0x9d0
__vfs_read+0x14d/0x1a0
vfs_read+0x8d/0x140
ksys_read+0x52/0xc0
do_syscall_64+0x60/0x210
entry_SYSCALL_64_after_hwframe+0x49/0xbe
[CAUSE]
The fuzzed image has a corrupted leaf whose first key doesn't match its
parent:
checksum tree key (CSUM_TREE ROOT_ITEM 0)
node 29741056 level 1 items 14 free 107 generation 19 owner CSUM_TREE
fs uuid 3381d111-94a3-4ac7-8f39-611bbbdab7e6
chunk uuid 9af1c3c7-2af5-488b-8553-530bd515f14c
...
key (EXTENT_CSUM EXTENT_CSUM 79691776) block 29761536 gen 19
leaf 29761536 items 1 free space 1726 generation 19 owner CSUM_TREE
leaf 29761536 flags 0x1(WRITTEN) backref revision 1
fs uuid 3381d111-94a3-4ac7-8f39-611bbbdab7e6
chunk uuid 9af1c3c7-2af5-488b-8553-530bd515f14c
item 0 key (EXTENT_CSUM EXTENT_CSUM 8798638964736) itemoff 1751 itemsize 2244
range start 8798638964736 end 8798641262592 length 2297856
When reading the above tree block, we have extent_buffer->refs = 2 in
the context:
- initial one from __alloc_extent_buffer()
alloc_extent_buffer()
|- __alloc_extent_buffer()
|- atomic_set(&eb->refs, 1)
- one being added to fs_info->buffer_radix
alloc_extent_buffer()
|- check_buffer_tree_ref()
|- atomic_inc(&eb->refs)
So if even we call free_extent_buffer() in read_tree_block or other
similar situation, we only decrease the refs by 1, it doesn't reach 0
and won't be freed right now.
The staled eb and its corrupted content will still be kept cached.
Furthermore, we have several extra cases where we either don't do first
key check or the check is not proper for all callers:
- scrub
We just don't have first key in this context.
- shared tree block
One tree block can be shared by several snapshot/subvolume trees.
In that case, the first key check for one subvolume doesn't apply to
another.
So for the above reasons, a corrupted extent buffer can sneak into the
buffer cache.
[FIX]
Call verify_level_key in read_block_for_search to do another
verification. For that purpose the function is exported.
Due to above reasons, although we can free corrupted extent buffer from
cache, we still need the check in read_block_for_search(), for scrub and
shared tree blocks.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202755
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202757
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202759
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202761
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202767
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202769
Reported-by: Yoon Jungyeon <jungyeon@gatech.edu>
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-03-12 17:10:40 +08:00
struct btrfs_key * first_key , u64 parent_transid ) ;
2018-03-29 09:08:11 +08:00
struct extent_buffer * read_tree_block ( struct btrfs_fs_info * fs_info , u64 bytenr ,
2022-09-14 13:32:50 +08:00
struct btrfs_tree_parent_check * check ) ;
2016-06-22 18:54:24 -04:00
struct extent_buffer * btrfs_find_create_tree_block (
struct btrfs_fs_info * fs_info ,
2020-11-05 10:45:20 -05:00
u64 bytenr , u64 owner_root ,
int level ) ;
2019-03-20 14:30:02 +01:00
void btrfs_clean_tree_block ( struct extent_buffer * buf ) ;
2020-11-18 15:06:20 -08:00
void btrfs_clear_oneshot_options ( struct btrfs_fs_info * fs_info ) ;
btrfs: lift read-write mount setup from mount and remount
Mounting rw and remounting from ro to rw naturally share invariants and
functionality which result in a correctly setup rw filesystem. Luckily,
there is even a strong unity in the code which implements them. In
mount's open_ctree, these operations mostly happen after an early return
for ro file systems, and in remount, they happen in a section devoted to
remounting ro->rw, after some remount specific validation passes.
However, there are unfortunately a few differences. There are small
deviations in the order of some of the operations, remount does not
start orphan cleanup in root_tree or fs_tree, remount does not create
the free space tree, and remount does not handle "one-shot" mount
options like clear_cache and uuid tree rescan.
Since we want to add building the free space tree to remount, and also
to start the same orphan cleanup process on a filesystem mounted as ro
then remounted rw, we would benefit from unifying the logic between the
two code paths.
This patch only lifts the existing common functionality, and leaves a
natural path for fixing the discrepancies.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Boris Burkov <boris@bur.io>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-11-18 15:06:16 -08:00
int btrfs_start_pre_rw_mount ( struct btrfs_fs_info * fs_info ) ;
2022-10-18 09:56:38 +08:00
int btrfs_check_super_csum ( struct btrfs_fs_info * fs_info ,
const struct btrfs_super_block * disk_sb ) ;
2019-10-01 19:57:35 +02:00
int __cold open_ctree ( struct super_block * sb ,
2011-11-17 01:10:02 -05:00
struct btrfs_fs_devices * fs_devices ,
char * options ) ;
2019-10-01 19:57:35 +02:00
void __cold close_ctree ( struct btrfs_fs_info * fs_info ) ;
btrfs: check superblock to ensure the fs was not modified at thaw time
[BACKGROUND]
There is an incident report that, one user hibernated the system, with
one btrfs on removable device still mounted.
Then by some incident, the btrfs got mounted and modified by another
system/OS, then back to the hibernated system.
After resuming from the hibernation, new write happened into the victim btrfs.
Now the fs is completely broken, since the underlying btrfs is no longer
the same one before the hibernation, and the user lost their data due to
various transid mismatch.
[REPRODUCER]
We can emulate the situation using the following small script:
truncate -s 1G $dev
mkfs.btrfs -f $dev
mount $dev $mnt
fsstress -w -d $mnt -n 500
sync
xfs_freeze -f $mnt
cp $dev $dev.backup
# There is no way to mount the same cloned fs on the same system,
# as the conflicting fsid will be rejected by btrfs.
# Thus here we have to wipe the fs using a different btrfs.
mkfs.btrfs -f $dev.backup
dd if=$dev.backup of=$dev bs=1M
xfs_freeze -u $mnt
fsstress -w -d $mnt -n 20
umount $mnt
btrfs check $dev
The final fsck will fail due to some tree blocks has incorrect fsid.
This is enough to emulate the problem hit by the unfortunate user.
[ENHANCEMENT]
Although such case should not be that common, it can still happen from
time to time.
From the view of btrfs, we can detect any unexpected super block change,
and if there is any unexpected change, we just mark the fs read-only,
and thaw the fs.
By this we can limit the damage to minimal, and I hope no one would lose
their data by this anymore.
Suggested-by: Goffredo Baroncelli <kreijack@libero.it>
Link: https://lore.kernel.org/linux-btrfs/83bf3b4b-7f4c-387a-b286-9251e3991e34@bluemole.com/
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2022-08-24 20:16:22 +08:00
int btrfs_validate_super ( struct btrfs_fs_info * fs_info ,
struct btrfs_super_block * sb , int mirror_num ) ;
btrfs: relax block-group-tree feature dependency checks
[BUG]
When one user did a wrong attempt to clear block group tree, which can
not be done through mount option, by using "-o clear_cache,space_cache=v2",
it will cause the following error on a fs with block-group-tree feature:
BTRFS info (device dm-1): force clearing of disk cache
BTRFS info (device dm-1): using free space tree
BTRFS info (device dm-1): clearing free space tree
BTRFS info (device dm-1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
BTRFS info (device dm-1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
BTRFS error (device dm-1): block-group-tree feature requires fres-space-tree and no-holes
BTRFS error (device dm-1): super block corruption detected before writing it to disk
BTRFS: error (device dm-1) in write_all_supers:4318: errno=-117 Filesystem corrupted (unexpected superblock corruption detected)
BTRFS warning (device dm-1: state E): Skipping commit of aborted transaction.
[CAUSE]
Although the dependency for block-group-tree feature is just an
artificial one (to reduce test matrix), we put the dependency check into
btrfs_validate_super().
This is too strict, and during space cache clearing, we will have a
window where free space tree is cleared, and we need to commit the super
block.
In that window, we had block group tree without v2 cache, and triggered
the artificial dependency check.
This is not necessary at all, especially for such a soft dependency.
[FIX]
Introduce a new helper, btrfs_check_features(), to do all the runtime
limitation checks, including:
- Unsupported incompat flags check
- Unsupported compat RO flags check
- Setting missing incompat flags
- Artificial feature dependency checks
Currently only block group tree will rely on this.
- Subpage runtime check for v1 cache
With this helper, we can move quite some checks from
open_ctree()/btrfs_remount() into it, and just call it after
btrfs_parse_options().
Now "-o clear_cache,space_cache=v2" will not trigger the above error
anymore.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ edit messages ]
Signed-off-by: David Sterba <dsterba@suse.com>
2022-09-12 13:44:37 +08:00
int btrfs_check_features ( struct btrfs_fs_info * fs_info , struct super_block * sb ) ;
2017-02-10 19:04:32 +01:00
int write_all_supers ( struct btrfs_fs_info * fs_info , int max_mirrors ) ;
2020-02-14 00:24:32 +09:00
struct btrfs_super_block * btrfs_read_dev_super ( struct block_device * bdev ) ;
struct btrfs_super_block * btrfs_read_dev_one_super ( struct block_device * bdev ,
btrfs: check superblock to ensure the fs was not modified at thaw time
[BACKGROUND]
There is an incident report that, one user hibernated the system, with
one btrfs on removable device still mounted.
Then by some incident, the btrfs got mounted and modified by another
system/OS, then back to the hibernated system.
After resuming from the hibernation, new write happened into the victim btrfs.
Now the fs is completely broken, since the underlying btrfs is no longer
the same one before the hibernation, and the user lost their data due to
various transid mismatch.
[REPRODUCER]
We can emulate the situation using the following small script:
truncate -s 1G $dev
mkfs.btrfs -f $dev
mount $dev $mnt
fsstress -w -d $mnt -n 500
sync
xfs_freeze -f $mnt
cp $dev $dev.backup
# There is no way to mount the same cloned fs on the same system,
# as the conflicting fsid will be rejected by btrfs.
# Thus here we have to wipe the fs using a different btrfs.
mkfs.btrfs -f $dev.backup
dd if=$dev.backup of=$dev bs=1M
xfs_freeze -u $mnt
fsstress -w -d $mnt -n 20
umount $mnt
btrfs check $dev
The final fsck will fail due to some tree blocks has incorrect fsid.
This is enough to emulate the problem hit by the unfortunate user.
[ENHANCEMENT]
Although such case should not be that common, it can still happen from
time to time.
From the view of btrfs, we can detect any unexpected super block change,
and if there is any unexpected change, we just mark the fs read-only,
and thaw the fs.
By this we can limit the damage to minimal, and I hope no one would lose
their data by this anymore.
Suggested-by: Goffredo Baroncelli <kreijack@libero.it>
Link: https://lore.kernel.org/linux-btrfs/83bf3b4b-7f4c-387a-b286-9251e3991e34@bluemole.com/
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2022-08-24 20:16:22 +08:00
int copy_num , bool drop_cache ) ;
2016-06-21 21:16:51 -04:00
int btrfs_commit_super ( struct btrfs_fs_info * fs_info ) ;
2020-01-24 09:32:21 -05:00
struct btrfs_root * btrfs_read_tree_root ( struct btrfs_root * tree_root ,
struct btrfs_key * key ) ;
2013-05-15 07:48:19 +00:00
int btrfs_insert_fs_root ( struct btrfs_fs_info * fs_info ,
struct btrfs_root * root ) ;
2014-05-07 17:06:09 -04:00
void btrfs_free_fs_roots ( struct btrfs_fs_info * fs_info ) ;
2013-09-25 21:47:44 +08:00
struct btrfs_root * btrfs_get_fs_root ( struct btrfs_fs_info * fs_info ,
2020-05-15 19:35:55 +02:00
u64 objectid , bool check_ref ) ;
2020-06-16 10:17:36 +08:00
struct btrfs_root * btrfs_get_new_fs_root ( struct btrfs_fs_info * fs_info ,
u64 objectid , dev_t anon_dev ) ;
2020-10-19 16:02:31 -04:00
struct btrfs_root * btrfs_get_fs_root_commit_root ( struct btrfs_fs_info * fs_info ,
struct btrfs_path * path ,
u64 objectid ) ;
2021-11-05 16:45:51 -04:00
int btrfs_global_root_insert ( struct btrfs_root * root ) ;
void btrfs_global_root_delete ( struct btrfs_root * root ) ;
struct btrfs_root * btrfs_global_root ( struct btrfs_fs_info * fs_info ,
struct btrfs_key * key ) ;
struct btrfs_root * btrfs_csum_root ( struct btrfs_fs_info * fs_info , u64 bytenr ) ;
struct btrfs_root * btrfs_extent_root ( struct btrfs_fs_info * fs_info , u64 bytenr ) ;
2022-09-14 11:06:29 -04:00
struct btrfs_root * btrfs_block_group_root ( struct btrfs_fs_info * fs_info ) ;
2013-09-25 21:47:44 +08:00
2020-01-24 09:32:53 -05:00
void btrfs_free_fs_info ( struct btrfs_fs_info * fs_info ) ;
2008-11-12 14:34:12 -05:00
int btrfs_cleanup_fs_roots ( struct btrfs_fs_info * fs_info ) ;
2016-06-22 18:54:24 -04:00
void btrfs_btree_balance_dirty ( struct btrfs_fs_info * fs_info ) ;
void btrfs_btree_balance_dirty_nodelay ( struct btrfs_fs_info * fs_info ) ;
2013-05-15 07:48:19 +00:00
void btrfs_drop_and_free_fs_root ( struct btrfs_fs_info * fs_info ,
struct btrfs_root * root ) ;
2021-09-15 15:17:18 +08:00
int btrfs_validate_metadata_buffer ( struct btrfs_bio * bbio ,
2020-09-18 16:34:33 +03:00
struct page * page , u64 start , u64 end ,
int mirror ) ;
2022-10-27 02:41:32 +02:00
void btrfs_submit_metadata_bio ( struct btrfs_inode * inode , struct bio * bio , int mirror_num ) ;
2013-09-19 16:07:01 -04:00
# ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS
2016-06-15 09:22:56 -04:00
struct btrfs_root * btrfs_alloc_dummy_root ( struct btrfs_fs_info * fs_info ) ;
2013-09-19 16:07:01 -04:00
# endif
2013-05-15 07:48:20 +00:00
/*
* This function is used to grab the root , and avoid it is freed when we
* access it . But it doesn ' t ensure that the tree is not dropped .
*
* If you want to ensure the whole tree is safe , you should use
* fs_info - > subvol_srcu
*/
2020-01-24 09:33:01 -05:00
static inline struct btrfs_root * btrfs_grab_root ( struct btrfs_root * root )
2013-05-15 07:48:20 +00:00
{
2020-01-24 09:32:26 -05:00
if ( ! root )
return NULL ;
2017-03-03 10:55:18 +02:00
if ( refcount_inc_not_zero ( & root - > refs ) )
2013-05-15 07:48:20 +00:00
return root ;
return NULL ;
}
2020-02-14 16:11:42 -05:00
void btrfs_put_root ( struct btrfs_root * root ) ;
2007-10-15 16:14:19 -04:00
void btrfs_mark_buffer_dirty ( struct extent_buffer * buf ) ;
2012-05-06 07:23:47 -04:00
int btrfs_buffer_uptodate ( struct extent_buffer * buf , u64 parent_transid ,
int atomic ) ;
2022-09-14 13:32:50 +08:00
int btrfs_read_extent_buffer ( struct extent_buffer * buf ,
struct btrfs_tree_parent_check * check ) ;
2022-10-27 02:22:19 +02:00
enum btrfs_wq_submit_cmd {
WQ_SUBMIT_METADATA ,
WQ_SUBMIT_DATA ,
WQ_SUBMIT_DATA_DIO ,
} ;
2022-10-27 02:41:32 +02:00
bool btrfs_wq_submit_bio ( struct btrfs_inode * inode , struct bio * bio , int mirror_num ,
2022-10-27 02:22:19 +02:00
u64 dio_file_offset , enum btrfs_wq_submit_cmd cmd ) ;
2022-10-27 02:30:45 +02:00
blk_status_t btree_submit_bio_start ( struct bio * bio ) ;
2021-02-04 19:22:17 +09:00
int btrfs_alloc_log_tree_node ( struct btrfs_trans_handle * trans ,
struct btrfs_root * root ) ;
2008-09-05 16:13:11 -04:00
int btrfs_init_log_root_tree ( struct btrfs_trans_handle * trans ,
struct btrfs_fs_info * fs_info ) ;
2009-01-21 12:54:03 -05:00
int btrfs_add_log_tree ( struct btrfs_trans_handle * trans ,
struct btrfs_root * root ) ;
2016-07-20 17:44:12 -07:00
void btrfs_cleanup_dirty_bgs ( struct btrfs_transaction * trans ,
2016-06-22 18:54:24 -04:00
struct btrfs_fs_info * fs_info ) ;
2012-03-01 17:24:58 +01:00
void btrfs_cleanup_one_transaction ( struct btrfs_transaction * trans ,
2016-06-22 18:54:24 -04:00
struct btrfs_fs_info * fs_info ) ;
2011-09-13 12:44:20 +02:00
struct btrfs_root * btrfs_create_tree ( struct btrfs_trans_handle * trans ,
u64 objectid ) ;
2015-08-19 15:54:15 +08:00
int btrfs_get_num_tolerated_disk_barrier_failures ( u64 flags ) ;
2020-12-07 17:32:33 +02:00
int btrfs_get_free_objectid ( struct btrfs_root * root , u64 * objectid ) ;
2020-12-07 17:32:32 +02:00
int btrfs_init_root_free_objectid ( struct btrfs_root * root ) ;
2009-02-12 14:09:45 -05:00
2007-02-02 09:18:22 -05:00
# endif