linux/fs/xfs/scrub/ialloc.c

662 lines
18 KiB
C
Raw Normal View History

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (C) 2017-2023 Oracle. All Rights Reserved.
* Author: Darrick J. Wong <djwong@kernel.org>
*/
#include "xfs.h"
#include "xfs_fs.h"
#include "xfs_shared.h"
#include "xfs_format.h"
#include "xfs_trans_resv.h"
#include "xfs_mount.h"
#include "xfs_btree.h"
#include "xfs_log_format.h"
#include "xfs_trans.h"
#include "xfs_inode.h"
#include "xfs_ialloc.h"
#include "xfs_ialloc_btree.h"
#include "xfs_icache.h"
#include "xfs_rmap.h"
#include "scrub/scrub.h"
#include "scrub/common.h"
#include "scrub/btree.h"
#include "scrub/trace.h"
#include "xfs_ag.h"
/*
* Set us up to scrub inode btrees.
* If we detect a discrepancy between the inobt and the inode,
* try again after forcing logged inode cores out to disk.
*/
int
xchk_setup_ag_iallocbt(
struct xfs_scrub *sc)
{
if (xchk_need_intent_drain(sc))
xchk_fsgates_enable(sc, XCHK_FSGATES_DRAIN);
return xchk_setup_ag_btree(sc, sc->flags & XCHK_TRY_HARDER);
}
/* Inode btree scrubber. */
struct xchk_iallocbt {
/* Number of inodes we see while scanning inobt. */
unsigned long long inodes;
/* Expected next startino, for big block filesystems. */
xfs_agino_t next_startino;
/* Expected end of the current inode cluster. */
xfs_agino_t next_cluster_ino;
};
/*
* If we're checking the finobt, cross-reference with the inobt.
* Otherwise we're checking the inobt; if there is an finobt, make sure
* we have a record or not depending on freecount.
*/
static inline void
xchk_iallocbt_chunk_xref_other(
struct xfs_scrub *sc,
struct xfs_inobt_rec_incore *irec,
xfs_agino_t agino)
{
struct xfs_btree_cur **pcur;
bool has_irec;
int error;
if (sc->sm->sm_type == XFS_SCRUB_TYPE_FINOBT)
pcur = &sc->sa.ino_cur;
else
pcur = &sc->sa.fino_cur;
if (!(*pcur))
return;
error = xfs_ialloc_has_inode_record(*pcur, agino, agino, &has_irec);
if (!xchk_should_check_xref(sc, &error, pcur))
return;
if (((irec->ir_freecount > 0 && !has_irec) ||
(irec->ir_freecount == 0 && has_irec)))
xchk_btree_xref_set_corrupt(sc, *pcur, 0);
}
/* Cross-reference with the other btrees. */
STATIC void
xchk_iallocbt_chunk_xref(
struct xfs_scrub *sc,
struct xfs_inobt_rec_incore *irec,
xfs_agino_t agino,
xfs_agblock_t agbno,
xfs_extlen_t len)
{
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
return;
xchk_xref_is_used_space(sc, agbno, len);
xchk_iallocbt_chunk_xref_other(sc, irec, agino);
xchk_xref_is_owned_by(sc, agbno, len, &XFS_RMAP_OINFO_INODES);
xchk_xref_is_not_shared(sc, agbno, len);
}
/* Is this chunk worth checking? */
STATIC bool
xchk_iallocbt_chunk(
struct xchk_btree *bs,
struct xfs_inobt_rec_incore *irec,
xfs_agino_t agino,
xfs_extlen_t len)
{
struct xfs_mount *mp = bs->cur->bc_mp;
xfs: Pre-calculate per-AG agbno geometry There is a lot of overhead in functions like xfs_verify_agbno() that repeatedly calculate the geometry limits of an AG. These can be pre-calculated as they are static and the verification context has a per-ag context it can quickly reference. In the case of xfs_verify_agbno(), we now always have a perag context handy, so we can store the AG length and the minimum valid block in the AG in the perag. This means we don't have to calculate it on every call and it can be inlined in callers if we move it to xfs_ag.h. Move xfs_ag_block_count() to xfs_ag.c because it's really a per-ag function and not an XFS type function. We need a little bit of rework that is specific to xfs_initialise_perag() to allow growfs to calculate the new perag sizes before we've updated the primary superblock during the grow (chicken/egg situation). Note that we leave the original xfs_verify_agbno in place in xfs_types.c as a static function as other callers in that file do not have per-ag contexts so still need to go the long way. It's been renamed to xfs_verify_agno_agbno() to indicate it takes both an agno and an agbno to differentiate it from new function. Future commits will make similar changes for other per-ag geometry validation functions. Further: $ size --totals fs/xfs/built-in.a text data bss dec hex filename before 1483006 329588 572 1813166 1baaae (TOTALS) after 1482185 329588 572 1812345 1ba779 (TOTALS) This rework reduces the binary size by ~820 bytes, indicating that much less work is being done to bounds check the agbno values against on per-ag geometry information. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Darrick J. Wong <djwong@kernel.org>
2022-07-07 19:13:02 +10:00
struct xfs_perag *pag = bs->cur->bc_ag.pag;
xfs_agblock_t bno;
bno = XFS_AGINO_TO_AGBNO(mp, agino);
if (!xfs_verify_agbext(pag, bno, len))
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
xchk_iallocbt_chunk_xref(bs->sc, irec, agino, bno, len);
return true;
}
/* Count the number of free inodes. */
static unsigned int
xchk_iallocbt_freecount(
xfs_inofree_t freemask)
{
BUILD_BUG_ON(sizeof(freemask) != sizeof(__u64));
return hweight64(freemask);
}
/*
* Check that an inode's allocation status matches ir_free in the inobt
* record. First we try querying the in-core inode state, and if the inode
* isn't loaded we examine the on-disk inode directly.
*
* Since there can be 1:M and M:1 mappings between inobt records and inode
* clusters, we pass in the inode location information as an inobt record;
* the index of an inode cluster within the inobt record (as well as the
* cluster buffer itself); and the index of the inode within the cluster.
*
* @irec is the inobt record.
* @irec_ino is the inode offset from the start of the record.
* @dip is the on-disk inode.
*/
STATIC int
xchk_iallocbt_check_cluster_ifree(
struct xchk_btree *bs,
struct xfs_inobt_rec_incore *irec,
unsigned int irec_ino,
struct xfs_dinode *dip)
{
struct xfs_mount *mp = bs->cur->bc_mp;
xfs_ino_t fsino;
xfs_agino_t agino;
bool irec_free;
bool ino_inuse;
bool freemask_ok;
int error = 0;
if (xchk_should_terminate(bs->sc, &error))
return error;
/*
* Given an inobt record and the offset of an inode from the start of
* the record, compute which fs inode we're talking about.
*/
agino = irec->ir_startino + irec_ino;
fsino = XFS_AGINO_TO_INO(mp, bs->cur->bc_ag.pag->pag_agno, agino);
irec_free = (irec->ir_free & XFS_INOBT_MASK(irec_ino));
if (be16_to_cpu(dip->di_magic) != XFS_DINODE_MAGIC ||
(dip->di_version >= 3 && be64_to_cpu(dip->di_ino) != fsino)) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
goto out;
}
error = xfs_icache_inode_is_allocated(mp, bs->cur->bc_tp, fsino,
&ino_inuse);
if (error == -ENODATA) {
/* Not cached, just read the disk buffer */
freemask_ok = irec_free ^ !!(dip->di_mode);
if (!(bs->sc->flags & XCHK_TRY_HARDER) && !freemask_ok)
return -EDEADLOCK;
} else if (error < 0) {
/*
* Inode is only half assembled, or there was an IO error,
* or the verifier failed, so don't bother trying to check.
* The inode scrubber can deal with this.
*/
goto out;
} else {
/* Inode is all there. */
freemask_ok = irec_free ^ ino_inuse;
}
if (!freemask_ok)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
out:
return 0;
}
/*
* Check that the holemask and freemask of a hypothetical inode cluster match
* what's actually on disk. If sparse inodes are enabled, the cluster does
* not actually have to map to inodes if the corresponding holemask bit is set.
*
* @cluster_base is the first inode in the cluster within the @irec.
*/
STATIC int
xchk_iallocbt_check_cluster(
struct xchk_btree *bs,
struct xfs_inobt_rec_incore *irec,
unsigned int cluster_base)
{
struct xfs_imap imap;
struct xfs_mount *mp = bs->cur->bc_mp;
struct xfs_buf *cluster_bp;
unsigned int nr_inodes;
xfs_agnumber_t agno = bs->cur->bc_ag.pag->pag_agno;
xfs_agblock_t agbno;
unsigned int cluster_index;
uint16_t cluster_mask = 0;
uint16_t ir_holemask;
int error = 0;
nr_inodes = min_t(unsigned int, XFS_INODES_PER_CHUNK,
M_IGEO(mp)->inodes_per_cluster);
/* Map this inode cluster */
agbno = XFS_AGINO_TO_AGBNO(mp, irec->ir_startino + cluster_base);
/* Compute a bitmask for this cluster that can be used for holemask. */
for (cluster_index = 0;
cluster_index < nr_inodes;
cluster_index += XFS_INODES_PER_HOLEMASK_BIT)
cluster_mask |= XFS_INOBT_MASK((cluster_base + cluster_index) /
XFS_INODES_PER_HOLEMASK_BIT);
/*
* Map the first inode of this cluster to a buffer and offset.
* Be careful about inobt records that don't align with the start of
* the inode buffer when block sizes are large enough to hold multiple
* inode chunks. When this happens, cluster_base will be zero but
* ir_startino can be large enough to make im_boffset nonzero.
*/
ir_holemask = (irec->ir_holemask & cluster_mask);
imap.im_blkno = XFS_AGB_TO_DADDR(mp, agno, agbno);
imap.im_len = XFS_FSB_TO_BB(mp, M_IGEO(mp)->blocks_per_cluster);
imap.im_boffset = XFS_INO_TO_OFFSET(mp, irec->ir_startino) <<
mp->m_sb.sb_inodelog;
if (imap.im_boffset != 0 && cluster_base != 0) {
ASSERT(imap.im_boffset == 0 || cluster_base == 0);
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return 0;
}
trace_xchk_iallocbt_check_cluster(mp, agno, irec->ir_startino,
imap.im_blkno, imap.im_len, cluster_base, nr_inodes,
cluster_mask, ir_holemask,
XFS_INO_TO_OFFSET(mp, irec->ir_startino +
cluster_base));
/* The whole cluster must be a hole or not a hole. */
if (ir_holemask != cluster_mask && ir_holemask != 0) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return 0;
}
/* If any part of this is a hole, skip it. */
if (ir_holemask) {
xchk_xref_is_not_owned_by(bs->sc, agbno,
M_IGEO(mp)->blocks_per_cluster,
&XFS_RMAP_OINFO_INODES);
return 0;
}
xchk_xref_is_owned_by(bs->sc, agbno, M_IGEO(mp)->blocks_per_cluster,
&XFS_RMAP_OINFO_INODES);
/* Grab the inode cluster buffer. */
error = xfs_imap_to_bp(mp, bs->cur->bc_tp, &imap, &cluster_bp);
if (!xchk_btree_xref_process_error(bs->sc, bs->cur, 0, &error))
return error;
/* Check free status of each inode within this cluster. */
for (cluster_index = 0; cluster_index < nr_inodes; cluster_index++) {
struct xfs_dinode *dip;
if (imap.im_boffset >= BBTOB(cluster_bp->b_length)) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
break;
}
dip = xfs_buf_offset(cluster_bp, imap.im_boffset);
error = xchk_iallocbt_check_cluster_ifree(bs, irec,
cluster_base + cluster_index, dip);
if (error)
break;
imap.im_boffset += mp->m_sb.sb_inodesize;
}
xfs_trans_brelse(bs->cur->bc_tp, cluster_bp);
return error;
}
/*
* For all the inode clusters that could map to this inobt record, make sure
* that the holemask makes sense and that the allocation status of each inode
* matches the freemask.
*/
STATIC int
xchk_iallocbt_check_clusters(
struct xchk_btree *bs,
struct xfs_inobt_rec_incore *irec)
{
unsigned int cluster_base;
int error = 0;
/*
* For the common case where this inobt record maps to multiple inode
* clusters this will call _check_cluster for each cluster.
*
* For the case that multiple inobt records map to a single cluster,
* this will call _check_cluster once.
*/
for (cluster_base = 0;
cluster_base < XFS_INODES_PER_CHUNK;
cluster_base += M_IGEO(bs->sc->mp)->inodes_per_cluster) {
error = xchk_iallocbt_check_cluster(bs, irec, cluster_base);
if (error)
break;
}
return error;
}
/*
* Make sure this inode btree record is aligned properly. Because a fs block
* contains multiple inodes, we check that the inobt record is aligned to the
* correct inode, not just the correct block on disk. This results in a finer
* grained corruption check.
*/
STATIC void
xchk_iallocbt_rec_alignment(
struct xchk_btree *bs,
struct xfs_inobt_rec_incore *irec)
{
struct xfs_mount *mp = bs->sc->mp;
struct xchk_iallocbt *iabt = bs->private;
struct xfs_ino_geometry *igeo = M_IGEO(mp);
/*
* finobt records have different positioning requirements than inobt
* records: each finobt record must have a corresponding inobt record.
* That is checked in the xref function, so for now we only catch the
* obvious case where the record isn't at all aligned properly.
*
* Note that if a fs block contains more than a single chunk of inodes,
* we will have finobt records only for those chunks containing free
* inodes, and therefore expect chunk alignment of finobt records.
* Otherwise, we expect that the finobt record is aligned to the
* cluster alignment as told by the superblock.
*/
if (bs->cur->bc_btnum == XFS_BTNUM_FINO) {
unsigned int imask;
imask = min_t(unsigned int, XFS_INODES_PER_CHUNK,
igeo->cluster_align_inodes) - 1;
if (irec->ir_startino & imask)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return;
}
if (iabt->next_startino != NULLAGINO) {
/*
* We're midway through a cluster of inodes that is mapped by
* multiple inobt records. Did we get the record for the next
* irec in the sequence?
*/
if (irec->ir_startino != iabt->next_startino) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return;
}
iabt->next_startino += XFS_INODES_PER_CHUNK;
/* Are we done with the cluster? */
if (iabt->next_startino >= iabt->next_cluster_ino) {
iabt->next_startino = NULLAGINO;
iabt->next_cluster_ino = NULLAGINO;
}
return;
}
/* inobt records must be aligned to cluster and inoalignmnt size. */
if (irec->ir_startino & (igeo->cluster_align_inodes - 1)) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return;
}
if (irec->ir_startino & (igeo->inodes_per_cluster - 1)) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
return;
}
if (igeo->inodes_per_cluster <= XFS_INODES_PER_CHUNK)
return;
/*
* If this is the start of an inode cluster that can be mapped by
* multiple inobt records, the next inobt record must follow exactly
* after this one.
*/
iabt->next_startino = irec->ir_startino + XFS_INODES_PER_CHUNK;
iabt->next_cluster_ino = irec->ir_startino + igeo->inodes_per_cluster;
}
/* Scrub an inobt/finobt record. */
STATIC int
xchk_iallocbt_rec(
struct xchk_btree *bs,
const union xfs_btree_rec *rec)
{
struct xfs_mount *mp = bs->cur->bc_mp;
struct xfs_perag *pag = bs->cur->bc_ag.pag;
struct xchk_iallocbt *iabt = bs->private;
struct xfs_inobt_rec_incore irec;
uint64_t holes;
xfs_agino_t agino;
xfs_extlen_t len;
int holecount;
int i;
int error = 0;
unsigned int real_freecount;
uint16_t holemask;
xfs_inobt_btrec_to_irec(mp, rec, &irec);
if (irec.ir_count > XFS_INODES_PER_CHUNK ||
irec.ir_freecount > XFS_INODES_PER_CHUNK)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
real_freecount = irec.ir_freecount +
(XFS_INODES_PER_CHUNK - irec.ir_count);
if (real_freecount != xchk_iallocbt_freecount(irec.ir_free))
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
agino = irec.ir_startino;
/* Record has to be properly aligned within the AG. */
if (!xfs_verify_agino(pag, agino) ||
!xfs_verify_agino(pag, agino + XFS_INODES_PER_CHUNK - 1)) {
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
goto out;
}
xchk_iallocbt_rec_alignment(bs, &irec);
if (bs->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
iabt->inodes += irec.ir_count;
/* Handle non-sparse inodes */
if (!xfs_inobt_issparse(irec.ir_holemask)) {
len = XFS_B_TO_FSB(mp,
XFS_INODES_PER_CHUNK * mp->m_sb.sb_inodesize);
if (irec.ir_count != XFS_INODES_PER_CHUNK)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
if (!xchk_iallocbt_chunk(bs, &irec, agino, len))
goto out;
goto check_clusters;
}
/* Check each chunk of a sparse inode cluster. */
holemask = irec.ir_holemask;
holecount = 0;
len = XFS_B_TO_FSB(mp,
XFS_INODES_PER_HOLEMASK_BIT * mp->m_sb.sb_inodesize);
holes = ~xfs_inobt_irec_to_allocmask(&irec);
if ((holes & irec.ir_free) != holes ||
irec.ir_freecount > irec.ir_count)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
for (i = 0; i < XFS_INOBT_HOLEMASK_BITS; i++) {
if (holemask & 1)
holecount += XFS_INODES_PER_HOLEMASK_BIT;
else if (!xchk_iallocbt_chunk(bs, &irec, agino, len))
break;
holemask >>= 1;
agino += XFS_INODES_PER_HOLEMASK_BIT;
}
if (holecount > XFS_INODES_PER_CHUNK ||
holecount + irec.ir_count != XFS_INODES_PER_CHUNK)
xchk_btree_set_corrupt(bs->sc, bs->cur, 0);
check_clusters:
error = xchk_iallocbt_check_clusters(bs, &irec);
if (error)
goto out;
out:
return error;
}
/*
* Make sure the inode btrees are as large as the rmap thinks they are.
* Don't bother if we're missing btree cursors, as we're already corrupt.
*/
STATIC void
xchk_iallocbt_xref_rmap_btreeblks(
struct xfs_scrub *sc,
int which)
{
xfs_filblks_t blocks;
xfs_extlen_t inobt_blocks = 0;
xfs_extlen_t finobt_blocks = 0;
int error;
if (!sc->sa.ino_cur || !sc->sa.rmap_cur ||
(xfs_has_finobt(sc->mp) && !sc->sa.fino_cur) ||
xchk_skip_xref(sc->sm))
return;
/* Check that we saw as many inobt blocks as the rmap says. */
error = xfs_btree_count_blocks(sc->sa.ino_cur, &inobt_blocks);
if (!xchk_process_error(sc, 0, 0, &error))
return;
if (sc->sa.fino_cur) {
error = xfs_btree_count_blocks(sc->sa.fino_cur, &finobt_blocks);
if (!xchk_process_error(sc, 0, 0, &error))
return;
}
error = xchk_count_rmap_ownedby_ag(sc, sc->sa.rmap_cur,
&XFS_RMAP_OINFO_INOBT, &blocks);
if (!xchk_should_check_xref(sc, &error, &sc->sa.rmap_cur))
return;
if (blocks != inobt_blocks + finobt_blocks)
xchk_btree_set_corrupt(sc, sc->sa.ino_cur, 0);
}
/*
* Make sure that the inobt records point to the same number of blocks as
* the rmap says are owned by inodes.
*/
STATIC void
xchk_iallocbt_xref_rmap_inodes(
struct xfs_scrub *sc,
int which,
unsigned long long inodes)
{
xfs_filblks_t blocks;
xfs_filblks_t inode_blocks;
int error;
if (!sc->sa.rmap_cur || xchk_skip_xref(sc->sm))
return;
/* Check that we saw as many inode blocks as the rmap knows about. */
error = xchk_count_rmap_ownedby_ag(sc, sc->sa.rmap_cur,
&XFS_RMAP_OINFO_INODES, &blocks);
if (!xchk_should_check_xref(sc, &error, &sc->sa.rmap_cur))
return;
inode_blocks = XFS_B_TO_FSB(sc->mp, inodes * sc->mp->m_sb.sb_inodesize);
if (blocks != inode_blocks)
xchk_btree_xref_set_corrupt(sc, sc->sa.rmap_cur, 0);
}
/* Scrub the inode btrees for some AG. */
STATIC int
xchk_iallocbt(
struct xfs_scrub *sc,
xfs_btnum_t which)
{
struct xfs_btree_cur *cur;
struct xchk_iallocbt iabt = {
.inodes = 0,
.next_startino = NULLAGINO,
.next_cluster_ino = NULLAGINO,
};
int error;
cur = which == XFS_BTNUM_INO ? sc->sa.ino_cur : sc->sa.fino_cur;
error = xchk_btree(sc, cur, xchk_iallocbt_rec, &XFS_RMAP_OINFO_INOBT,
&iabt);
if (error)
return error;
xchk_iallocbt_xref_rmap_btreeblks(sc, which);
/*
* If we're scrubbing the inode btree, inode_blocks is the number of
* blocks pointed to by all the inode chunk records. Therefore, we
* should compare to the number of inode chunk blocks that the rmap
* knows about. We can't do this for the finobt since it only points
* to inode chunks with free inodes.
*/
if (which == XFS_BTNUM_INO)
xchk_iallocbt_xref_rmap_inodes(sc, which, iabt.inodes);
return error;
}
int
xchk_inobt(
struct xfs_scrub *sc)
{
return xchk_iallocbt(sc, XFS_BTNUM_INO);
}
int
xchk_finobt(
struct xfs_scrub *sc)
{
return xchk_iallocbt(sc, XFS_BTNUM_FINO);
}
/* See if an inode btree has (or doesn't have) an inode chunk record. */
static inline void
xchk_xref_inode_check(
struct xfs_scrub *sc,
xfs_agblock_t agbno,
xfs_extlen_t len,
struct xfs_btree_cur **icur,
bool should_have_inodes)
{
bool has_inodes;
int error;
if (!(*icur) || xchk_skip_xref(sc->sm))
return;
error = xfs_ialloc_has_inodes_at_extent(*icur, agbno, len, &has_inodes);
if (!xchk_should_check_xref(sc, &error, icur))
return;
if (has_inodes != should_have_inodes)
xchk_btree_xref_set_corrupt(sc, *icur, 0);
}
/* xref check that the extent is not covered by inodes */
void
xchk_xref_is_not_inode_chunk(
struct xfs_scrub *sc,
xfs_agblock_t agbno,
xfs_extlen_t len)
{
xchk_xref_inode_check(sc, agbno, len, &sc->sa.ino_cur, false);
xchk_xref_inode_check(sc, agbno, len, &sc->sa.fino_cur, false);
}
/* xref check that the extent is covered by inodes */
void
xchk_xref_is_inode_chunk(
struct xfs_scrub *sc,
xfs_agblock_t agbno,
xfs_extlen_t len)
{
xchk_xref_inode_check(sc, agbno, len, &sc->sa.ino_cur, true);
}