2018-04-03 19:23:33 +02:00
// SPDX-License-Identifier: GPL-2.0
2017-10-09 01:51:02 +00:00
/*
* Copyright ( C ) Qu Wenruo 2017. All rights reserved .
*/
/*
* The module is used to catch unexpected / corrupted tree block data .
* Such behavior can be caused either by a fuzzed image or bugs .
*
* The objective is to do leaf / node validation checks when tree block is read
* from disk , and check * every * possible member , so other code won ' t
* need to checking them again .
*
* Due to the potential and unwanted damage , every checker needs to be
* carefully reviewed otherwise so it does not prevent mount of valid images .
*/
2019-04-24 15:22:53 +08:00
# include <linux/types.h>
# include <linux/stddef.h>
# include <linux/error-injection.h>
2017-10-09 01:51:02 +00:00
# include "ctree.h"
# include "tree-checker.h"
# include "disk-io.h"
# include "compression.h"
2018-07-03 17:10:05 +08:00
# include "volumes.h"
2019-10-01 19:44:42 +02:00
# include "misc.h"
2017-10-09 01:51:02 +00:00
2017-10-09 01:51:03 +00:00
/*
* Error message should follow the following format :
* corrupt < type > : < identifier > , < reason > [ , < bad_value > ]
*
* @ type : leaf or node
* @ identifier : the necessary info to locate the leaf / node .
2018-11-28 12:05:13 +01:00
* It ' s recommended to decode key . objecitd / offset if it ' s
2017-10-09 01:51:03 +00:00
* meaningful .
* @ reason : describe the error
2018-11-28 12:05:13 +01:00
* @ bad_value : optional , it ' s recommended to output bad value and its
2017-10-09 01:51:03 +00:00
* expected value ( range ) .
*
* Since comma is used to separate the components , only space is allowed
* inside each component .
*/
/*
* Append generic " corrupt leaf/node root=%llu block=%llu slot=%d: " to @ fmt .
* Allows callers to customize the output .
*/
2019-03-20 15:31:28 +01:00
__printf ( 3 , 4 )
2018-02-19 17:24:18 +01:00
__cold
2019-03-20 15:31:28 +01:00
static void generic_err ( const struct extent_buffer * eb , int slot ,
2017-10-09 01:51:03 +00:00
const char * fmt , . . . )
{
2019-03-20 15:31:28 +01:00
const struct btrfs_fs_info * fs_info = eb - > fs_info ;
2017-10-09 01:51:03 +00:00
struct va_format vaf ;
va_list args ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
2018-01-25 14:56:18 +08:00
btrfs_crit ( fs_info ,
2017-10-09 01:51:03 +00:00
" corrupt %s: root=%llu block=%llu slot=%d, %pV " ,
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
2018-01-25 14:56:18 +08:00
btrfs_header_owner ( eb ) , btrfs_header_bytenr ( eb ) , slot , & vaf ) ;
2017-10-09 01:51:03 +00:00
va_end ( args ) ;
}
2017-10-09 01:51:06 +00:00
/*
* Customized reporter for extent data item , since its key objectid and
* offset has its own meaning .
*/
2019-03-20 15:32:46 +01:00
__printf ( 3 , 4 )
2018-02-19 17:24:18 +01:00
__cold
2019-03-20 15:32:46 +01:00
static void file_extent_err ( const struct extent_buffer * eb , int slot ,
2017-10-09 01:51:06 +00:00
const char * fmt , . . . )
{
2019-03-20 15:32:46 +01:00
const struct btrfs_fs_info * fs_info = eb - > fs_info ;
2017-10-09 01:51:06 +00:00
struct btrfs_key key ;
struct va_format vaf ;
va_list args ;
btrfs_item_key_to_cpu ( eb , & key , slot ) ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
2018-01-25 14:56:18 +08:00
btrfs_crit ( fs_info ,
2017-10-09 01:51:06 +00:00
" corrupt %s: root=%llu block=%llu slot=%d ino=%llu file_offset=%llu, %pV " ,
2018-01-25 14:56:18 +08:00
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
btrfs_header_owner ( eb ) , btrfs_header_bytenr ( eb ) , slot ,
key . objectid , key . offset , & vaf ) ;
2017-10-09 01:51:06 +00:00
va_end ( args ) ;
}
/*
* Return 0 if the btrfs_file_extent_ # # name is aligned to @ alignment
* Else return 1
*/
2019-03-20 15:59:22 +01:00
# define CHECK_FE_ALIGNED(leaf, slot, fi, name, alignment) \
2017-10-09 01:51:06 +00:00
( { \
if ( ! IS_ALIGNED ( btrfs_file_extent_ # # name ( ( leaf ) , ( fi ) ) , ( alignment ) ) ) \
2019-03-20 15:32:46 +01:00
file_extent_err ( ( leaf ) , ( slot ) , \
2017-10-09 01:51:06 +00:00
" invalid %s for file extent, have %llu, should be aligned to %u " , \
( # name ) , btrfs_file_extent_ # # name ( ( leaf ) , ( fi ) ) , \
( alignment ) ) ; \
( ! IS_ALIGNED ( btrfs_file_extent_ # # name ( ( leaf ) , ( fi ) ) , ( alignment ) ) ) ; \
} )
2019-05-06 16:44:12 +01:00
static u64 file_extent_end ( struct extent_buffer * leaf ,
struct btrfs_key * key ,
struct btrfs_file_extent_item * extent )
{
u64 end ;
u64 len ;
if ( btrfs_file_extent_type ( leaf , extent ) = = BTRFS_FILE_EXTENT_INLINE ) {
len = btrfs_file_extent_ram_bytes ( leaf , extent ) ;
end = ALIGN ( key - > offset + len , leaf - > fs_info - > sectorsize ) ;
} else {
len = btrfs_file_extent_num_bytes ( leaf , extent ) ;
end = key - > offset + len ;
}
return end ;
}
2019-10-04 17:31:32 +08:00
/*
* Customized report for dir_item , the only new important information is
* key - > objectid , which represents inode number
*/
__printf ( 3 , 4 )
__cold
static void dir_item_err ( const struct extent_buffer * eb , int slot ,
const char * fmt , . . . )
{
const struct btrfs_fs_info * fs_info = eb - > fs_info ;
struct btrfs_key key ;
struct va_format vaf ;
va_list args ;
btrfs_item_key_to_cpu ( eb , & key , slot ) ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
btrfs_crit ( fs_info ,
" corrupt %s: root=%llu block=%llu slot=%d ino=%llu, %pV " ,
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
btrfs_header_owner ( eb ) , btrfs_header_bytenr ( eb ) , slot ,
key . objectid , & vaf ) ;
va_end ( args ) ;
}
/*
* This functions checks prev_key - > objectid , to ensure current key and prev_key
* share the same objectid as inode number .
*
* This is to detect missing INODE_ITEM in subvolume trees .
*
* Return true if everything is OK or we don ' t need to check .
* Return false if anything is wrong .
*/
static bool check_prev_ino ( struct extent_buffer * leaf ,
struct btrfs_key * key , int slot ,
struct btrfs_key * prev_key )
{
/* No prev key, skip check */
if ( slot = = 0 )
return true ;
/* Only these key->types needs to be checked */
ASSERT ( key - > type = = BTRFS_XATTR_ITEM_KEY | |
key - > type = = BTRFS_INODE_REF_KEY | |
key - > type = = BTRFS_DIR_INDEX_KEY | |
key - > type = = BTRFS_DIR_ITEM_KEY | |
key - > type = = BTRFS_EXTENT_DATA_KEY ) ;
/*
* Only subvolume trees along with their reloc trees need this check .
* Things like log tree doesn ' t follow this ino requirement .
*/
if ( ! is_fstree ( btrfs_header_owner ( leaf ) ) )
return true ;
if ( key - > objectid = = prev_key - > objectid )
return true ;
/* Error found */
dir_item_err ( leaf , slot ,
" invalid previous key objectid, have %llu expect %llu " ,
prev_key - > objectid , key - > objectid ) ;
return false ;
}
2019-03-20 16:21:10 +01:00
static int check_extent_data_item ( struct extent_buffer * leaf ,
2019-05-06 16:44:12 +01:00
struct btrfs_key * key , int slot ,
struct btrfs_key * prev_key )
2017-10-09 01:51:02 +00:00
{
2019-03-20 16:21:10 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2017-10-09 01:51:02 +00:00
struct btrfs_file_extent_item * fi ;
2018-01-25 14:56:18 +08:00
u32 sectorsize = fs_info - > sectorsize ;
2017-10-09 01:51:02 +00:00
u32 item_size = btrfs_item_size_nr ( leaf , slot ) ;
2019-05-03 08:30:54 +08:00
u64 extent_end ;
2017-10-09 01:51:02 +00:00
if ( ! IS_ALIGNED ( key - > offset , sectorsize ) ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" unaligned file_offset for file extent, have %llu should be aligned to %u " ,
key - > offset , sectorsize ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
2019-08-26 15:40:38 +08:00
/*
* Previous key must have the same key - > objectid ( ino ) .
* It can be XATTR_ITEM , INODE_ITEM or just another EXTENT_DATA .
* But if objectids mismatch , it means we have a missing
* INODE_ITEM .
*/
2019-10-04 17:31:32 +08:00
if ( ! check_prev_ino ( leaf , key , slot , prev_key ) )
2019-08-26 15:40:38 +08:00
return - EUCLEAN ;
2017-10-09 01:51:02 +00:00
fi = btrfs_item_ptr ( leaf , slot , struct btrfs_file_extent_item ) ;
2019-09-03 07:46:19 +08:00
/*
* Make sure the item contains at least inline header , so the file
* extent type is not some garbage .
*/
if ( item_size < BTRFS_FILE_EXTENT_INLINE_DATA_START ) {
file_extent_err ( leaf , slot ,
2019-11-08 22:38:52 +01:00
" invalid item size, have %u expect [%zu, %u) " ,
2019-09-03 07:46:19 +08:00
item_size , BTRFS_FILE_EXTENT_INLINE_DATA_START ,
SZ_4K ) ;
return - EUCLEAN ;
}
2019-10-10 15:59:58 +08:00
if ( btrfs_file_extent_type ( leaf , fi ) > = BTRFS_NR_FILE_EXTENT_TYPES ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" invalid type for file extent, have %u expect range [0, %u] " ,
btrfs_file_extent_type ( leaf , fi ) ,
2019-10-10 15:59:58 +08:00
BTRFS_NR_FILE_EXTENT_TYPES - 1 ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
/*
2018-11-28 12:05:13 +01:00
* Support for new compression / encryption must introduce incompat flag ,
2017-10-09 01:51:02 +00:00
* and must be caught in open_ctree ( ) .
*/
2019-10-10 15:59:57 +08:00
if ( btrfs_file_extent_compression ( leaf , fi ) > = BTRFS_NR_COMPRESS_TYPES ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" invalid compression for file extent, have %u expect range [0, %u] " ,
btrfs_file_extent_compression ( leaf , fi ) ,
2019-10-10 15:59:57 +08:00
BTRFS_NR_COMPRESS_TYPES - 1 ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
if ( btrfs_file_extent_encryption ( leaf , fi ) ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" invalid encryption for file extent, have %u expect 0 " ,
btrfs_file_extent_encryption ( leaf , fi ) ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
if ( btrfs_file_extent_type ( leaf , fi ) = = BTRFS_FILE_EXTENT_INLINE ) {
/* Inline extent must have 0 as key offset */
if ( key - > offset ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" invalid file_offset for inline file extent, have %llu expect 0 " ,
key - > offset ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
/* Compressed inline extent has no on-disk size, skip it */
if ( btrfs_file_extent_compression ( leaf , fi ) ! =
BTRFS_COMPRESS_NONE )
return 0 ;
/* Uncompressed inline extent size must match item size */
if ( item_size ! = BTRFS_FILE_EXTENT_INLINE_DATA_START +
btrfs_file_extent_ram_bytes ( leaf , fi ) ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-09 01:51:06 +00:00
" invalid ram_bytes for uncompressed inline extent, have %u expect %llu " ,
item_size , BTRFS_FILE_EXTENT_INLINE_DATA_START +
btrfs_file_extent_ram_bytes ( leaf , fi ) ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
return 0 ;
}
/* Regular or preallocated extent has fixed item size */
if ( item_size ! = sizeof ( * fi ) ) {
2019-03-20 15:32:46 +01:00
file_extent_err ( leaf , slot ,
2017-10-13 11:27:35 +02:00
" invalid item size for reg/prealloc file extent, have %u expect %zu " ,
2017-10-09 01:51:06 +00:00
item_size , sizeof ( * fi ) ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
2019-03-20 15:59:22 +01:00
if ( CHECK_FE_ALIGNED ( leaf , slot , fi , ram_bytes , sectorsize ) | |
CHECK_FE_ALIGNED ( leaf , slot , fi , disk_bytenr , sectorsize ) | |
CHECK_FE_ALIGNED ( leaf , slot , fi , disk_num_bytes , sectorsize ) | |
CHECK_FE_ALIGNED ( leaf , slot , fi , offset , sectorsize ) | |
CHECK_FE_ALIGNED ( leaf , slot , fi , num_bytes , sectorsize ) )
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
2019-05-06 16:44:12 +01:00
2019-05-03 08:30:54 +08:00
/* Catch extent end overflow */
if ( check_add_overflow ( btrfs_file_extent_num_bytes ( leaf , fi ) ,
key - > offset , & extent_end ) ) {
file_extent_err ( leaf , slot ,
" extent end overflow, have file offset %llu extent num bytes %llu " ,
key - > offset ,
btrfs_file_extent_num_bytes ( leaf , fi ) ) ;
return - EUCLEAN ;
}
2019-05-06 16:44:12 +01:00
/*
* Check that no two consecutive file extent items , in the same leaf ,
* present ranges that overlap each other .
*/
if ( slot > 0 & &
prev_key - > objectid = = key - > objectid & &
prev_key - > type = = BTRFS_EXTENT_DATA_KEY ) {
struct btrfs_file_extent_item * prev_fi ;
u64 prev_end ;
prev_fi = btrfs_item_ptr ( leaf , slot - 1 ,
struct btrfs_file_extent_item ) ;
prev_end = file_extent_end ( leaf , prev_key , prev_fi ) ;
if ( prev_end > key - > offset ) {
file_extent_err ( leaf , slot - 1 ,
" file extent end range (%llu) goes beyond start offset (%llu) of the next file extent " ,
prev_end , key - > offset ) ;
return - EUCLEAN ;
}
}
2017-10-09 01:51:02 +00:00
return 0 ;
}
2019-03-20 16:02:56 +01:00
static int check_csum_item ( struct extent_buffer * leaf , struct btrfs_key * key ,
2019-12-02 11:01:03 +00:00
int slot , struct btrfs_key * prev_key )
2017-10-09 01:51:02 +00:00
{
2019-03-20 16:02:56 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2018-01-25 14:56:18 +08:00
u32 sectorsize = fs_info - > sectorsize ;
u32 csumsize = btrfs_super_csum_size ( fs_info - > super_copy ) ;
2017-10-09 01:51:02 +00:00
if ( key - > objectid ! = BTRFS_EXTENT_CSUM_OBJECTID ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:05 +00:00
" invalid key objectid for csum item, have %llu expect %llu " ,
key - > objectid , BTRFS_EXTENT_CSUM_OBJECTID ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
if ( ! IS_ALIGNED ( key - > offset , sectorsize ) ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:05 +00:00
" unaligned key offset for csum item, have %llu should be aligned to %u " ,
key - > offset , sectorsize ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
if ( ! IS_ALIGNED ( btrfs_item_size_nr ( leaf , slot ) , csumsize ) ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:05 +00:00
" unaligned item size for csum item, have %u should be aligned to %u " ,
btrfs_item_size_nr ( leaf , slot ) , csumsize ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
2019-12-02 11:01:03 +00:00
if ( slot > 0 & & prev_key - > type = = BTRFS_EXTENT_CSUM_KEY ) {
u64 prev_csum_end ;
u32 prev_item_size ;
prev_item_size = btrfs_item_size_nr ( leaf , slot - 1 ) ;
prev_csum_end = ( prev_item_size / csumsize ) * sectorsize ;
prev_csum_end + = prev_key - > offset ;
if ( prev_csum_end > key - > offset ) {
generic_err ( leaf , slot - 1 ,
" csum end range (%llu) goes beyond the start range (%llu) of the next csum item " ,
prev_csum_end , key - > offset ) ;
return - EUCLEAN ;
}
}
2017-10-09 01:51:02 +00:00
return 0 ;
}
2019-12-09 18:54:33 +08:00
/* Inode item error output has the same format as dir_item_err() */
# define inode_item_err(eb, slot, fmt, ...) \
dir_item_err ( eb , slot , fmt , __VA_ARGS__ )
static int check_inode_key ( struct extent_buffer * leaf , struct btrfs_key * key ,
int slot )
{
struct btrfs_key item_key ;
bool is_inode_item ;
btrfs_item_key_to_cpu ( leaf , & item_key , slot ) ;
is_inode_item = ( item_key . type = = BTRFS_INODE_ITEM_KEY ) ;
/* For XATTR_ITEM, location key should be all 0 */
if ( item_key . type = = BTRFS_XATTR_ITEM_KEY ) {
if ( key - > type ! = 0 | | key - > objectid ! = 0 | | key - > offset ! = 0 )
return - EUCLEAN ;
return 0 ;
}
if ( ( key - > objectid < BTRFS_FIRST_FREE_OBJECTID | |
key - > objectid > BTRFS_LAST_FREE_OBJECTID ) & &
key - > objectid ! = BTRFS_ROOT_TREE_DIR_OBJECTID & &
key - > objectid ! = BTRFS_FREE_INO_OBJECTID ) {
if ( is_inode_item ) {
generic_err ( leaf , slot ,
" invalid key objectid: has %llu expect %llu or [%llu, %llu] or %llu " ,
key - > objectid , BTRFS_ROOT_TREE_DIR_OBJECTID ,
BTRFS_FIRST_FREE_OBJECTID ,
BTRFS_LAST_FREE_OBJECTID ,
BTRFS_FREE_INO_OBJECTID ) ;
} else {
dir_item_err ( leaf , slot ,
" invalid location key objectid: has %llu expect %llu or [%llu, %llu] or %llu " ,
key - > objectid , BTRFS_ROOT_TREE_DIR_OBJECTID ,
BTRFS_FIRST_FREE_OBJECTID ,
BTRFS_LAST_FREE_OBJECTID ,
BTRFS_FREE_INO_OBJECTID ) ;
}
return - EUCLEAN ;
}
if ( key - > offset ! = 0 ) {
if ( is_inode_item )
inode_item_err ( leaf , slot ,
" invalid key offset: has %llu expect 0 " ,
key - > offset ) ;
else
dir_item_err ( leaf , slot ,
" invalid location key offset:has %llu expect 0 " ,
key - > offset ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-12-09 18:54:34 +08:00
static int check_root_key ( struct extent_buffer * leaf , struct btrfs_key * key ,
int slot )
{
struct btrfs_key item_key ;
bool is_root_item ;
btrfs_item_key_to_cpu ( leaf , & item_key , slot ) ;
is_root_item = ( item_key . type = = BTRFS_ROOT_ITEM_KEY ) ;
/* No such tree id */
if ( key - > objectid = = 0 ) {
if ( is_root_item )
generic_err ( leaf , slot , " invalid root id 0 " ) ;
else
dir_item_err ( leaf , slot ,
" invalid location key root id 0 " ) ;
return - EUCLEAN ;
}
/* DIR_ITEM/INDEX/INODE_REF is not allowed to point to non-fs trees */
if ( ! is_fstree ( key - > objectid ) & & ! is_root_item ) {
dir_item_err ( leaf , slot ,
" invalid location key objectid, have %llu expect [%llu, %llu] " ,
key - > objectid , BTRFS_FIRST_FREE_OBJECTID ,
BTRFS_LAST_FREE_OBJECTID ) ;
return - EUCLEAN ;
}
/*
* ROOT_ITEM with non - zero offset means this is a snapshot , created at
* @ offset transid .
* Furthermore , for location key in DIR_ITEM , its offset is always - 1.
*
* So here we only check offset for reloc tree whose key - > offset must
* be a valid tree .
*/
if ( key - > objectid = = BTRFS_TREE_RELOC_OBJECTID & & key - > offset = = 0 ) {
generic_err ( leaf , slot , " invalid root id 0 for reloc tree " ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-03-20 16:17:46 +01:00
static int check_dir_item ( struct extent_buffer * leaf ,
2019-08-26 15:40:38 +08:00
struct btrfs_key * key , struct btrfs_key * prev_key ,
int slot )
2017-11-08 08:54:25 +08:00
{
2019-03-20 16:17:46 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2017-11-08 08:54:25 +08:00
struct btrfs_dir_item * di ;
u32 item_size = btrfs_item_size_nr ( leaf , slot ) ;
u32 cur = 0 ;
2019-10-04 17:31:32 +08:00
if ( ! check_prev_ino ( leaf , key , slot , prev_key ) )
2019-08-26 15:40:38 +08:00
return - EUCLEAN ;
2017-11-08 08:54:25 +08:00
di = btrfs_item_ptr ( leaf , slot , struct btrfs_dir_item ) ;
while ( cur < item_size ) {
2019-12-09 18:54:35 +08:00
struct btrfs_key location_key ;
2017-11-08 08:54:25 +08:00
u32 name_len ;
u32 data_len ;
u32 max_name_len ;
u32 total_size ;
u32 name_hash ;
u8 dir_type ;
2019-12-09 18:54:35 +08:00
int ret ;
2017-11-08 08:54:25 +08:00
/* header itself should not cross item boundary */
if ( cur + sizeof ( * di ) > item_size ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-12-06 15:18:14 +01:00
" dir item header crosses item boundary, have %zu boundary %u " ,
2017-11-08 08:54:25 +08:00
cur + sizeof ( * di ) , item_size ) ;
return - EUCLEAN ;
}
2019-12-09 18:54:35 +08:00
/* Location key check */
btrfs_dir_item_key_to_cpu ( leaf , di , & location_key ) ;
if ( location_key . type = = BTRFS_ROOT_ITEM_KEY ) {
ret = check_root_key ( leaf , & location_key , slot ) ;
if ( ret < 0 )
return ret ;
} else if ( location_key . type = = BTRFS_INODE_ITEM_KEY | |
location_key . type = = 0 ) {
ret = check_inode_key ( leaf , & location_key , slot ) ;
if ( ret < 0 )
return ret ;
} else {
dir_item_err ( leaf , slot ,
" invalid location key type, have %u, expect %u or %u " ,
location_key . type , BTRFS_ROOT_ITEM_KEY ,
BTRFS_INODE_ITEM_KEY ) ;
return - EUCLEAN ;
}
2017-11-08 08:54:25 +08:00
/* dir type check */
dir_type = btrfs_dir_type ( leaf , di ) ;
if ( dir_type > = BTRFS_FT_MAX ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" invalid dir item type, have %u expect [0, %u) " ,
dir_type , BTRFS_FT_MAX ) ;
return - EUCLEAN ;
}
if ( key - > type = = BTRFS_XATTR_ITEM_KEY & &
dir_type ! = BTRFS_FT_XATTR ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" invalid dir item type for XATTR key, have %u expect %u " ,
dir_type , BTRFS_FT_XATTR ) ;
return - EUCLEAN ;
}
if ( dir_type = = BTRFS_FT_XATTR & &
key - > type ! = BTRFS_XATTR_ITEM_KEY ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" xattr dir type found for non-XATTR key " ) ;
return - EUCLEAN ;
}
if ( dir_type = = BTRFS_FT_XATTR )
max_name_len = XATTR_NAME_MAX ;
else
max_name_len = BTRFS_NAME_LEN ;
/* Name/data length check */
name_len = btrfs_dir_name_len ( leaf , di ) ;
data_len = btrfs_dir_data_len ( leaf , di ) ;
if ( name_len > max_name_len ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" dir item name len too long, have %u max %u " ,
name_len , max_name_len ) ;
return - EUCLEAN ;
}
2018-01-25 14:56:18 +08:00
if ( name_len + data_len > BTRFS_MAX_XATTR_SIZE ( fs_info ) ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" dir item name and data len too long, have %u max %u " ,
name_len + data_len ,
2018-01-25 14:56:18 +08:00
BTRFS_MAX_XATTR_SIZE ( fs_info ) ) ;
2017-11-08 08:54:25 +08:00
return - EUCLEAN ;
}
if ( data_len & & dir_type ! = BTRFS_FT_XATTR ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" dir item with invalid data len, have %u expect 0 " ,
data_len ) ;
return - EUCLEAN ;
}
total_size = sizeof ( * di ) + name_len + data_len ;
/* header and name/data should not cross item boundary */
if ( cur + total_size > item_size ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" dir item data crosses item boundary, have %u boundary %u " ,
cur + total_size , item_size ) ;
return - EUCLEAN ;
}
/*
* Special check for XATTR / DIR_ITEM , as key - > offset is name
* hash , should match its name
*/
if ( key - > type = = BTRFS_DIR_ITEM_KEY | |
key - > type = = BTRFS_XATTR_ITEM_KEY ) {
2018-01-10 15:13:07 +01:00
char namebuf [ max ( BTRFS_NAME_LEN , XATTR_NAME_MAX ) ] ;
2017-11-08 08:54:25 +08:00
read_extent_buffer ( leaf , namebuf ,
( unsigned long ) ( di + 1 ) , name_len ) ;
name_hash = btrfs_name_hash ( namebuf , name_len ) ;
if ( key - > offset ! = name_hash ) {
2019-03-20 16:07:27 +01:00
dir_item_err ( leaf , slot ,
2017-11-08 08:54:25 +08:00
" name hash mismatch with key, have 0x%016x expect 0x%016llx " ,
name_hash , key - > offset ) ;
return - EUCLEAN ;
}
}
cur + = total_size ;
di = ( struct btrfs_dir_item * ) ( ( void * ) di + total_size ) ;
}
return 0 ;
}
2019-03-20 16:18:57 +01:00
__printf ( 3 , 4 )
2018-07-03 17:10:05 +08:00
__cold
2019-03-20 16:18:57 +01:00
static void block_group_err ( const struct extent_buffer * eb , int slot ,
2018-07-03 17:10:05 +08:00
const char * fmt , . . . )
{
2019-03-20 16:18:57 +01:00
const struct btrfs_fs_info * fs_info = eb - > fs_info ;
2018-07-03 17:10:05 +08:00
struct btrfs_key key ;
struct va_format vaf ;
va_list args ;
btrfs_item_key_to_cpu ( eb , & key , slot ) ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
btrfs_crit ( fs_info ,
" corrupt %s: root=%llu block=%llu slot=%d bg_start=%llu bg_len=%llu, %pV " ,
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
btrfs_header_owner ( eb ) , btrfs_header_bytenr ( eb ) , slot ,
key . objectid , key . offset , & vaf ) ;
va_end ( args ) ;
}
2019-03-20 16:19:31 +01:00
static int check_block_group_item ( struct extent_buffer * leaf ,
2018-07-03 17:10:05 +08:00
struct btrfs_key * key , int slot )
{
struct btrfs_block_group_item bgi ;
u32 item_size = btrfs_item_size_nr ( leaf , slot ) ;
u64 flags ;
u64 type ;
/*
* Here we don ' t really care about alignment since extent allocator can
btrfs: tree-checker: Don't check max block group size as current max chunk size limit is unreliable
[BUG]
A completely valid btrfs will refuse to mount, with error message like:
BTRFS critical (device sdb2): corrupt leaf: root=2 block=239681536 slot=172 \
bg_start=12018974720 bg_len=10888413184, invalid block group size, \
have 10888413184 expect (0, 10737418240]
This has been reported several times as the 4.19 kernel is now being
used. The filesystem refuses to mount, but is otherwise ok and booting
4.18 is a workaround.
Btrfs check returns no error, and all kernels used on this fs is later
than 2011, which should all have the 10G size limit commit.
[CAUSE]
For a 12 devices btrfs, we could allocate a chunk larger than 10G due to
stripe stripe bump up.
__btrfs_alloc_chunk()
|- max_stripe_size = 1G
|- max_chunk_size = 10G
|- data_stripe = 11
|- if (1G * 11 > 10G) {
stripe_size = 976128930;
stripe_size = round_up(976128930, SZ_16M) = 989855744
However the final stripe_size (989855744) * 11 = 10888413184, which is
still larger than 10G.
[FIX]
For the comprehensive check, we need to do the full check at chunk read
time, and rely on bg <-> chunk mapping to do the check.
We could just skip the length check for now.
Fixes: fce466eab7ac ("btrfs: tree-checker: Verify block_group_item")
Cc: stable@vger.kernel.org # v4.19+
Reported-by: Wang Yugui <wangyugui@e16-tech.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-23 09:06:36 +08:00
* handle it . We care more about the size .
2018-07-03 17:10:05 +08:00
*/
btrfs: tree-checker: Don't check max block group size as current max chunk size limit is unreliable
[BUG]
A completely valid btrfs will refuse to mount, with error message like:
BTRFS critical (device sdb2): corrupt leaf: root=2 block=239681536 slot=172 \
bg_start=12018974720 bg_len=10888413184, invalid block group size, \
have 10888413184 expect (0, 10737418240]
This has been reported several times as the 4.19 kernel is now being
used. The filesystem refuses to mount, but is otherwise ok and booting
4.18 is a workaround.
Btrfs check returns no error, and all kernels used on this fs is later
than 2011, which should all have the 10G size limit commit.
[CAUSE]
For a 12 devices btrfs, we could allocate a chunk larger than 10G due to
stripe stripe bump up.
__btrfs_alloc_chunk()
|- max_stripe_size = 1G
|- max_chunk_size = 10G
|- data_stripe = 11
|- if (1G * 11 > 10G) {
stripe_size = 976128930;
stripe_size = round_up(976128930, SZ_16M) = 989855744
However the final stripe_size (989855744) * 11 = 10888413184, which is
still larger than 10G.
[FIX]
For the comprehensive check, we need to do the full check at chunk read
time, and rely on bg <-> chunk mapping to do the check.
We could just skip the length check for now.
Fixes: fce466eab7ac ("btrfs: tree-checker: Verify block_group_item")
Cc: stable@vger.kernel.org # v4.19+
Reported-by: Wang Yugui <wangyugui@e16-tech.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-23 09:06:36 +08:00
if ( key - > offset = = 0 ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
btrfs: tree-checker: Don't check max block group size as current max chunk size limit is unreliable
[BUG]
A completely valid btrfs will refuse to mount, with error message like:
BTRFS critical (device sdb2): corrupt leaf: root=2 block=239681536 slot=172 \
bg_start=12018974720 bg_len=10888413184, invalid block group size, \
have 10888413184 expect (0, 10737418240]
This has been reported several times as the 4.19 kernel is now being
used. The filesystem refuses to mount, but is otherwise ok and booting
4.18 is a workaround.
Btrfs check returns no error, and all kernels used on this fs is later
than 2011, which should all have the 10G size limit commit.
[CAUSE]
For a 12 devices btrfs, we could allocate a chunk larger than 10G due to
stripe stripe bump up.
__btrfs_alloc_chunk()
|- max_stripe_size = 1G
|- max_chunk_size = 10G
|- data_stripe = 11
|- if (1G * 11 > 10G) {
stripe_size = 976128930;
stripe_size = round_up(976128930, SZ_16M) = 989855744
However the final stripe_size (989855744) * 11 = 10888413184, which is
still larger than 10G.
[FIX]
For the comprehensive check, we need to do the full check at chunk read
time, and rely on bg <-> chunk mapping to do the check.
We could just skip the length check for now.
Fixes: fce466eab7ac ("btrfs: tree-checker: Verify block_group_item")
Cc: stable@vger.kernel.org # v4.19+
Reported-by: Wang Yugui <wangyugui@e16-tech.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-23 09:06:36 +08:00
" invalid block group size 0 " ) ;
2018-07-03 17:10:05 +08:00
return - EUCLEAN ;
}
if ( item_size ! = sizeof ( bgi ) ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
2018-07-03 17:10:05 +08:00
" invalid item size, have %u expect %zu " ,
item_size , sizeof ( bgi ) ) ;
return - EUCLEAN ;
}
read_extent_buffer ( leaf , & bgi , btrfs_item_ptr_offset ( leaf , slot ) ,
sizeof ( bgi ) ) ;
2019-10-23 18:48:18 +02:00
if ( btrfs_stack_block_group_chunk_objectid ( & bgi ) ! =
2018-07-03 17:10:05 +08:00
BTRFS_FIRST_CHUNK_TREE_OBJECTID ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
2018-07-03 17:10:05 +08:00
" invalid block group chunk objectid, have %llu expect %llu " ,
2019-10-23 18:48:18 +02:00
btrfs_stack_block_group_chunk_objectid ( & bgi ) ,
2018-07-03 17:10:05 +08:00
BTRFS_FIRST_CHUNK_TREE_OBJECTID ) ;
return - EUCLEAN ;
}
2019-10-23 18:48:18 +02:00
if ( btrfs_stack_block_group_used ( & bgi ) > key - > offset ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
2018-07-03 17:10:05 +08:00
" invalid block group used, have %llu expect [0, %llu) " ,
2019-10-23 18:48:18 +02:00
btrfs_stack_block_group_used ( & bgi ) , key - > offset ) ;
2018-07-03 17:10:05 +08:00
return - EUCLEAN ;
}
2019-10-23 18:48:18 +02:00
flags = btrfs_stack_block_group_flags ( & bgi ) ;
2018-07-03 17:10:05 +08:00
if ( hweight64 ( flags & BTRFS_BLOCK_GROUP_PROFILE_MASK ) > 1 ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
2018-07-03 17:10:05 +08:00
" invalid profile flags, have 0x%llx (%lu bits set) expect no more than 1 bit set " ,
flags & BTRFS_BLOCK_GROUP_PROFILE_MASK ,
hweight64 ( flags & BTRFS_BLOCK_GROUP_PROFILE_MASK ) ) ;
return - EUCLEAN ;
}
type = flags & BTRFS_BLOCK_GROUP_TYPE_MASK ;
if ( type ! = BTRFS_BLOCK_GROUP_DATA & &
type ! = BTRFS_BLOCK_GROUP_METADATA & &
type ! = BTRFS_BLOCK_GROUP_SYSTEM & &
type ! = ( BTRFS_BLOCK_GROUP_METADATA |
BTRFS_BLOCK_GROUP_DATA ) ) {
2019-03-20 16:18:57 +01:00
block_group_err ( leaf , slot ,
2018-11-05 18:49:09 +08:00
" invalid type, have 0x%llx (%lu bits set) expect either 0x%llx, 0x%llx, 0x%llx or 0x%llx " ,
2018-07-03 17:10:05 +08:00
type , hweight64 ( type ) ,
BTRFS_BLOCK_GROUP_DATA , BTRFS_BLOCK_GROUP_METADATA ,
BTRFS_BLOCK_GROUP_SYSTEM ,
BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA ) ;
return - EUCLEAN ;
}
return 0 ;
2019-03-20 13:16:42 +08:00
}
2019-03-20 16:22:58 +01:00
__printf ( 4 , 5 )
2019-03-20 13:36:06 +08:00
__cold
2019-03-20 16:22:58 +01:00
static void chunk_err ( const struct extent_buffer * leaf ,
2019-03-20 13:36:06 +08:00
const struct btrfs_chunk * chunk , u64 logical ,
const char * fmt , . . . )
{
2019-03-20 16:22:58 +01:00
const struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2019-03-20 13:36:06 +08:00
bool is_sb ;
struct va_format vaf ;
va_list args ;
int i ;
int slot = - 1 ;
/* Only superblock eb is able to have such small offset */
is_sb = ( leaf - > start = = BTRFS_SUPER_INFO_OFFSET ) ;
if ( ! is_sb ) {
/*
* Get the slot number by iterating through all slots , this
* would provide better readability .
*/
for ( i = 0 ; i < btrfs_header_nritems ( leaf ) ; i + + ) {
if ( btrfs_item_ptr_offset ( leaf , i ) = =
( unsigned long ) chunk ) {
slot = i ;
break ;
}
}
}
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
if ( is_sb )
btrfs_crit ( fs_info ,
" corrupt superblock syschunk array: chunk_start=%llu, %pV " ,
logical , & vaf ) ;
else
btrfs_crit ( fs_info ,
" corrupt leaf: root=%llu block=%llu slot=%d chunk_start=%llu, %pV " ,
BTRFS_CHUNK_TREE_OBJECTID , leaf - > start , slot ,
logical , & vaf ) ;
va_end ( args ) ;
}
2019-03-20 13:16:42 +08:00
/*
* The common chunk check which could also work on super block sys chunk array .
*
2019-03-20 13:39:14 +08:00
* Return - EUCLEAN if anything is corrupted .
2019-03-20 13:16:42 +08:00
* Return 0 if everything is OK .
*/
2019-03-20 16:40:48 +01:00
int btrfs_check_chunk_valid ( struct extent_buffer * leaf ,
2019-03-20 13:16:42 +08:00
struct btrfs_chunk * chunk , u64 logical )
{
2019-03-20 16:40:48 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2019-03-20 13:16:42 +08:00
u64 length ;
u64 stripe_len ;
u16 num_stripes ;
u16 sub_stripes ;
u64 type ;
u64 features ;
bool mixed = false ;
length = btrfs_chunk_length ( leaf , chunk ) ;
stripe_len = btrfs_chunk_stripe_len ( leaf , chunk ) ;
num_stripes = btrfs_chunk_num_stripes ( leaf , chunk ) ;
sub_stripes = btrfs_chunk_sub_stripes ( leaf , chunk ) ;
type = btrfs_chunk_type ( leaf , chunk ) ;
if ( ! num_stripes ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" invalid chunk num_stripes, have %u " , num_stripes ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( ! IS_ALIGNED ( logical , fs_info - > sectorsize ) ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" invalid chunk logical, have %llu should aligned to %u " ,
logical , fs_info - > sectorsize ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( btrfs_chunk_sector_size ( leaf , chunk ) ! = fs_info - > sectorsize ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" invalid chunk sectorsize, have %u expect %u " ,
btrfs_chunk_sector_size ( leaf , chunk ) ,
fs_info - > sectorsize ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( ! length | | ! IS_ALIGNED ( length , fs_info - > sectorsize ) ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" invalid chunk length, have %llu " , length ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( ! is_power_of_2 ( stripe_len ) | | stripe_len ! = BTRFS_STRIPE_LEN ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" invalid chunk stripe length: %llu " ,
2019-03-20 13:16:42 +08:00
stripe_len ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( ~ ( BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK ) &
type ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" unrecognized chunk type: 0x%llx " ,
2019-03-20 13:16:42 +08:00
~ ( BTRFS_BLOCK_GROUP_TYPE_MASK |
BTRFS_BLOCK_GROUP_PROFILE_MASK ) &
btrfs_chunk_type ( leaf , chunk ) ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
2019-10-01 19:44:42 +02:00
if ( ! has_single_bit_set ( type & BTRFS_BLOCK_GROUP_PROFILE_MASK ) & &
2019-03-13 12:17:50 +08:00
( type & BTRFS_BLOCK_GROUP_PROFILE_MASK ) ! = 0 ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-13 12:17:50 +08:00
" invalid chunk profile flag: 0x%llx, expect 0 or 1 bit set " ,
type & BTRFS_BLOCK_GROUP_PROFILE_MASK ) ;
return - EUCLEAN ;
}
2019-03-20 13:16:42 +08:00
if ( ( type & BTRFS_BLOCK_GROUP_TYPE_MASK ) = = 0 ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" missing chunk type flag, have 0x%llx one bit must be set in 0x%llx " ,
type , BTRFS_BLOCK_GROUP_TYPE_MASK ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
if ( ( type & BTRFS_BLOCK_GROUP_SYSTEM ) & &
( type & ( BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA ) ) ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:36:06 +08:00
" system chunk with data or metadata type: 0x%llx " ,
type ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
features = btrfs_super_incompat_flags ( fs_info - > super_copy ) ;
if ( features & BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS )
mixed = true ;
if ( ! mixed ) {
if ( ( type & BTRFS_BLOCK_GROUP_METADATA ) & &
( type & BTRFS_BLOCK_GROUP_DATA ) ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:16:42 +08:00
" mixed chunk type in non-mixed mode: 0x%llx " , type ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
}
if ( ( type & BTRFS_BLOCK_GROUP_RAID10 & & sub_stripes ! = 2 ) | |
( type & BTRFS_BLOCK_GROUP_RAID1 & & num_stripes ! = 2 ) | |
( type & BTRFS_BLOCK_GROUP_RAID5 & & num_stripes < 2 ) | |
( type & BTRFS_BLOCK_GROUP_RAID6 & & num_stripes < 3 ) | |
( type & BTRFS_BLOCK_GROUP_DUP & & num_stripes ! = 2 ) | |
( ( type & BTRFS_BLOCK_GROUP_PROFILE_MASK ) = = 0 & & num_stripes ! = 1 ) ) {
2019-03-20 16:22:58 +01:00
chunk_err ( leaf , chunk , logical ,
2019-03-20 13:16:42 +08:00
" invalid num_stripes:sub_stripes %u:%u for profile %llu " ,
num_stripes , sub_stripes ,
type & BTRFS_BLOCK_GROUP_PROFILE_MASK ) ;
2019-03-20 13:39:14 +08:00
return - EUCLEAN ;
2019-03-20 13:16:42 +08:00
}
return 0 ;
2018-07-03 17:10:05 +08:00
}
2019-12-17 18:58:20 +08:00
/*
* Enhanced version of chunk item checker .
*
* The common btrfs_check_chunk_valid ( ) doesn ' t check item size since it needs
* to work on super block sys_chunk_array which doesn ' t have full item ptr .
*/
static int check_leaf_chunk_item ( struct extent_buffer * leaf ,
struct btrfs_chunk * chunk ,
struct btrfs_key * key , int slot )
{
int num_stripes ;
if ( btrfs_item_size_nr ( leaf , slot ) < sizeof ( struct btrfs_chunk ) ) {
chunk_err ( leaf , chunk , key - > offset ,
" invalid chunk item size: have %u expect [%zu, %u) " ,
btrfs_item_size_nr ( leaf , slot ) ,
sizeof ( struct btrfs_chunk ) ,
BTRFS_LEAF_DATA_SIZE ( leaf - > fs_info ) ) ;
return - EUCLEAN ;
}
num_stripes = btrfs_chunk_num_stripes ( leaf , chunk ) ;
/* Let btrfs_check_chunk_valid() handle this error type */
if ( num_stripes = = 0 )
goto out ;
if ( btrfs_chunk_item_size ( num_stripes ) ! =
btrfs_item_size_nr ( leaf , slot ) ) {
chunk_err ( leaf , chunk , key - > offset ,
" invalid chunk item size: have %u expect %lu " ,
btrfs_item_size_nr ( leaf , slot ) ,
btrfs_chunk_item_size ( num_stripes ) ) ;
return - EUCLEAN ;
}
out :
return btrfs_check_chunk_valid ( leaf , chunk , key - > offset ) ;
}
2019-03-20 16:22:58 +01:00
__printf ( 3 , 4 )
2019-03-08 14:20:03 +08:00
__cold
2019-03-20 16:22:58 +01:00
static void dev_item_err ( const struct extent_buffer * eb , int slot ,
2019-03-08 14:20:03 +08:00
const char * fmt , . . . )
{
struct btrfs_key key ;
struct va_format vaf ;
va_list args ;
btrfs_item_key_to_cpu ( eb , & key , slot ) ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
2019-03-20 16:22:58 +01:00
btrfs_crit ( eb - > fs_info ,
2019-03-08 14:20:03 +08:00
" corrupt %s: root=%llu block=%llu slot=%d devid=%llu %pV " ,
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
btrfs_header_owner ( eb ) , btrfs_header_bytenr ( eb ) , slot ,
key . objectid , & vaf ) ;
va_end ( args ) ;
}
2019-03-20 16:22:58 +01:00
static int check_dev_item ( struct extent_buffer * leaf ,
2019-03-08 14:20:03 +08:00
struct btrfs_key * key , int slot )
{
struct btrfs_dev_item * ditem ;
if ( key - > objectid ! = BTRFS_DEV_ITEMS_OBJECTID ) {
2019-03-20 16:22:58 +01:00
dev_item_err ( leaf , slot ,
2019-03-08 14:20:03 +08:00
" invalid objectid: has=%llu expect=%llu " ,
key - > objectid , BTRFS_DEV_ITEMS_OBJECTID ) ;
return - EUCLEAN ;
}
ditem = btrfs_item_ptr ( leaf , slot , struct btrfs_dev_item ) ;
if ( btrfs_device_id ( leaf , ditem ) ! = key - > offset ) {
2019-03-20 16:22:58 +01:00
dev_item_err ( leaf , slot ,
2019-03-08 14:20:03 +08:00
" devid mismatch: key has=%llu item has=%llu " ,
key - > offset , btrfs_device_id ( leaf , ditem ) ) ;
return - EUCLEAN ;
}
/*
* For device total_bytes , we don ' t have reliable way to check it , as
* it can be 0 for device removal . Device size check can only be done
* by dev extents check .
*/
if ( btrfs_device_bytes_used ( leaf , ditem ) >
btrfs_device_total_bytes ( leaf , ditem ) ) {
2019-03-20 16:22:58 +01:00
dev_item_err ( leaf , slot ,
2019-03-08 14:20:03 +08:00
" invalid bytes used: have %llu expect [0, %llu] " ,
btrfs_device_bytes_used ( leaf , ditem ) ,
btrfs_device_total_bytes ( leaf , ditem ) ) ;
return - EUCLEAN ;
}
/*
* Remaining members like io_align / type / gen / dev_group aren ' t really
* utilized . Skip them to make later usage of them easier .
*/
return 0 ;
}
2019-03-13 14:31:35 +08:00
/* Inode item error output has the same format as dir_item_err() */
2019-12-09 18:54:32 +08:00
# define inode_item_err(eb, slot, fmt, ...) \
2019-03-20 16:07:27 +01:00
dir_item_err ( eb , slot , fmt , __VA_ARGS__ )
2019-03-13 14:31:35 +08:00
2019-03-20 16:22:58 +01:00
static int check_inode_item ( struct extent_buffer * leaf ,
2019-03-13 14:31:35 +08:00
struct btrfs_key * key , int slot )
{
2019-03-20 16:22:58 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2019-03-13 14:31:35 +08:00
struct btrfs_inode_item * iitem ;
u64 super_gen = btrfs_super_generation ( fs_info - > super_copy ) ;
u32 valid_mask = ( S_IFMT | S_ISUID | S_ISGID | S_ISVTX | 0777 ) ;
u32 mode ;
2019-12-09 18:54:33 +08:00
int ret ;
ret = check_inode_key ( leaf , key , slot ) ;
if ( ret < 0 )
return ret ;
2019-03-13 14:31:35 +08:00
iitem = btrfs_item_ptr ( leaf , slot , struct btrfs_inode_item ) ;
/* Here we use super block generation + 1 to handle log tree */
if ( btrfs_inode_generation ( leaf , iitem ) > super_gen + 1 ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" invalid inode generation: has %llu expect (0, %llu] " ,
btrfs_inode_generation ( leaf , iitem ) ,
super_gen + 1 ) ;
return - EUCLEAN ;
}
/* Note for ROOT_TREE_DIR_ITEM, mkfs could set its transid 0 */
if ( btrfs_inode_transid ( leaf , iitem ) > super_gen + 1 ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" invalid inode generation: has %llu expect [0, %llu] " ,
btrfs_inode_transid ( leaf , iitem ) , super_gen + 1 ) ;
return - EUCLEAN ;
}
/*
* For size and nbytes it ' s better not to be too strict , as for dir
* item its size / nbytes can easily get wrong , but doesn ' t affect
* anything in the fs . So here we skip the check .
*/
mode = btrfs_inode_mode ( leaf , iitem ) ;
if ( mode & ~ valid_mask ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" unknown mode bit detected: 0x%x " ,
mode & ~ valid_mask ) ;
return - EUCLEAN ;
}
/*
2019-10-01 19:44:42 +02:00
* S_IFMT is not bit mapped so we can ' t completely rely on
* is_power_of_2 / has_single_bit_set , but it can save us from checking
* FIFO / CHR / DIR / REG . Only needs to check BLK , LNK and SOCKS
2019-03-13 14:31:35 +08:00
*/
2019-10-01 19:44:42 +02:00
if ( ! has_single_bit_set ( mode & S_IFMT ) ) {
2019-03-13 14:31:35 +08:00
if ( ! S_ISLNK ( mode ) & & ! S_ISBLK ( mode ) & & ! S_ISSOCK ( mode ) ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" invalid mode: has 0%o expect valid S_IF* bit(s) " ,
mode & S_IFMT ) ;
return - EUCLEAN ;
}
}
if ( S_ISDIR ( mode ) & & btrfs_inode_nlink ( leaf , iitem ) > 1 ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" invalid nlink: has %u expect no more than 1 for dir " ,
btrfs_inode_nlink ( leaf , iitem ) ) ;
return - EUCLEAN ;
}
if ( btrfs_inode_flags ( leaf , iitem ) & ~ BTRFS_INODE_FLAG_MASK ) {
2019-12-09 18:54:32 +08:00
inode_item_err ( leaf , slot ,
2019-03-13 14:31:35 +08:00
" unknown flags detected: 0x%llx " ,
btrfs_inode_flags ( leaf , iitem ) &
~ BTRFS_INODE_FLAG_MASK ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-07-16 17:00:34 +08:00
static int check_root_item ( struct extent_buffer * leaf , struct btrfs_key * key ,
int slot )
{
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
struct btrfs_root_item ri ;
const u64 valid_root_flags = BTRFS_ROOT_SUBVOL_RDONLY |
BTRFS_ROOT_SUBVOL_DEAD ;
2019-12-09 18:54:34 +08:00
int ret ;
2019-07-16 17:00:34 +08:00
2019-12-09 18:54:34 +08:00
ret = check_root_key ( leaf , key , slot ) ;
if ( ret < 0 )
return ret ;
2019-07-16 17:00:34 +08:00
if ( btrfs_item_size_nr ( leaf , slot ) ! = sizeof ( ri ) ) {
generic_err ( leaf , slot ,
" invalid root item size, have %u expect %zu " ,
btrfs_item_size_nr ( leaf , slot ) , sizeof ( ri ) ) ;
}
read_extent_buffer ( leaf , & ri , btrfs_item_ptr_offset ( leaf , slot ) ,
sizeof ( ri ) ) ;
/* Generation related */
if ( btrfs_root_generation ( & ri ) >
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) {
generic_err ( leaf , slot ,
" invalid root generation, have %llu expect (0, %llu] " ,
btrfs_root_generation ( & ri ) ,
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) ;
return - EUCLEAN ;
}
if ( btrfs_root_generation_v2 ( & ri ) >
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) {
generic_err ( leaf , slot ,
" invalid root v2 generation, have %llu expect (0, %llu] " ,
btrfs_root_generation_v2 ( & ri ) ,
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) ;
return - EUCLEAN ;
}
if ( btrfs_root_last_snapshot ( & ri ) >
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) {
generic_err ( leaf , slot ,
" invalid root last_snapshot, have %llu expect (0, %llu] " ,
btrfs_root_last_snapshot ( & ri ) ,
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) ;
return - EUCLEAN ;
}
/* Alignment and level check */
if ( ! IS_ALIGNED ( btrfs_root_bytenr ( & ri ) , fs_info - > sectorsize ) ) {
generic_err ( leaf , slot ,
" invalid root bytenr, have %llu expect to be aligned to %u " ,
btrfs_root_bytenr ( & ri ) , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
if ( btrfs_root_level ( & ri ) > = BTRFS_MAX_LEVEL ) {
generic_err ( leaf , slot ,
" invalid root level, have %u expect [0, %u] " ,
btrfs_root_level ( & ri ) , BTRFS_MAX_LEVEL - 1 ) ;
return - EUCLEAN ;
}
if ( ri . drop_level > = BTRFS_MAX_LEVEL ) {
generic_err ( leaf , slot ,
" invalid root level, have %u expect [0, %u] " ,
ri . drop_level , BTRFS_MAX_LEVEL - 1 ) ;
return - EUCLEAN ;
}
/* Flags check */
if ( btrfs_root_flags ( & ri ) & ~ valid_root_flags ) {
generic_err ( leaf , slot ,
" invalid root flags, have 0x%llx expect mask 0x%llx " ,
btrfs_root_flags ( & ri ) , valid_root_flags ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-08-09 09:24:22 +08:00
__printf ( 3 , 4 )
__cold
static void extent_err ( const struct extent_buffer * eb , int slot ,
const char * fmt , . . . )
{
struct btrfs_key key ;
struct va_format vaf ;
va_list args ;
u64 bytenr ;
u64 len ;
btrfs_item_key_to_cpu ( eb , & key , slot ) ;
bytenr = key . objectid ;
2019-08-09 09:24:23 +08:00
if ( key . type = = BTRFS_METADATA_ITEM_KEY | |
key . type = = BTRFS_TREE_BLOCK_REF_KEY | |
key . type = = BTRFS_SHARED_BLOCK_REF_KEY )
2019-08-09 09:24:22 +08:00
len = eb - > fs_info - > nodesize ;
else
len = key . offset ;
va_start ( args , fmt ) ;
vaf . fmt = fmt ;
vaf . va = & args ;
btrfs_crit ( eb - > fs_info ,
" corrupt %s: block=%llu slot=%d extent bytenr=%llu len=%llu %pV " ,
btrfs_header_level ( eb ) = = 0 ? " leaf " : " node " ,
eb - > start , slot , bytenr , len , & vaf ) ;
va_end ( args ) ;
}
static int check_extent_item ( struct extent_buffer * leaf ,
struct btrfs_key * key , int slot )
{
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
struct btrfs_extent_item * ei ;
bool is_tree_block = false ;
unsigned long ptr ; /* Current pointer inside inline refs */
unsigned long end ; /* Extent item end */
const u32 item_size = btrfs_item_size_nr ( leaf , slot ) ;
u64 flags ;
u64 generation ;
u64 total_refs ; /* Total refs in btrfs_extent_item */
u64 inline_refs = 0 ; /* found total inline refs */
if ( key - > type = = BTRFS_METADATA_ITEM_KEY & &
! btrfs_fs_incompat ( fs_info , SKINNY_METADATA ) ) {
generic_err ( leaf , slot ,
" invalid key type, METADATA_ITEM type invalid when SKINNY_METADATA feature disabled " ) ;
return - EUCLEAN ;
}
/* key->objectid is the bytenr for both key types */
if ( ! IS_ALIGNED ( key - > objectid , fs_info - > sectorsize ) ) {
generic_err ( leaf , slot ,
" invalid key objectid, have %llu expect to be aligned to %u " ,
key - > objectid , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
/* key->offset is tree level for METADATA_ITEM_KEY */
if ( key - > type = = BTRFS_METADATA_ITEM_KEY & &
key - > offset > = BTRFS_MAX_LEVEL ) {
extent_err ( leaf , slot ,
" invalid tree level, have %llu expect [0, %u] " ,
key - > offset , BTRFS_MAX_LEVEL - 1 ) ;
return - EUCLEAN ;
}
/*
* EXTENT / METADATA_ITEM consists of :
* 1 ) One btrfs_extent_item
* Records the total refs , type and generation of the extent .
*
* 2 ) One btrfs_tree_block_info ( for EXTENT_ITEM and tree backref only )
* Records the first key and level of the tree block .
*
* 2 ) Zero or more btrfs_extent_inline_ref ( s )
* Each inline ref has one btrfs_extent_inline_ref shows :
* 2.1 ) The ref type , one of the 4
* TREE_BLOCK_REF Tree block only
* SHARED_BLOCK_REF Tree block only
* EXTENT_DATA_REF Data only
* SHARED_DATA_REF Data only
* 2.2 ) Ref type specific data
* Either using btrfs_extent_inline_ref : : offset , or specific
* data structure .
*/
if ( item_size < sizeof ( * ei ) ) {
extent_err ( leaf , slot ,
" invalid item size, have %u expect [%zu, %u) " ,
item_size , sizeof ( * ei ) ,
BTRFS_LEAF_DATA_SIZE ( fs_info ) ) ;
return - EUCLEAN ;
}
end = item_size + btrfs_item_ptr_offset ( leaf , slot ) ;
/* Checks against extent_item */
ei = btrfs_item_ptr ( leaf , slot , struct btrfs_extent_item ) ;
flags = btrfs_extent_flags ( leaf , ei ) ;
total_refs = btrfs_extent_refs ( leaf , ei ) ;
generation = btrfs_extent_generation ( leaf , ei ) ;
if ( generation > btrfs_super_generation ( fs_info - > super_copy ) + 1 ) {
extent_err ( leaf , slot ,
" invalid generation, have %llu expect (0, %llu] " ,
generation ,
btrfs_super_generation ( fs_info - > super_copy ) + 1 ) ;
return - EUCLEAN ;
}
2019-10-01 19:44:42 +02:00
if ( ! has_single_bit_set ( flags & ( BTRFS_EXTENT_FLAG_DATA |
BTRFS_EXTENT_FLAG_TREE_BLOCK ) ) ) {
2019-08-09 09:24:22 +08:00
extent_err ( leaf , slot ,
" invalid extent flag, have 0x%llx expect 1 bit set in 0x%llx " ,
flags , BTRFS_EXTENT_FLAG_DATA |
BTRFS_EXTENT_FLAG_TREE_BLOCK ) ;
return - EUCLEAN ;
}
is_tree_block = ! ! ( flags & BTRFS_EXTENT_FLAG_TREE_BLOCK ) ;
if ( is_tree_block ) {
if ( key - > type = = BTRFS_EXTENT_ITEM_KEY & &
key - > offset ! = fs_info - > nodesize ) {
extent_err ( leaf , slot ,
" invalid extent length, have %llu expect %u " ,
key - > offset , fs_info - > nodesize ) ;
return - EUCLEAN ;
}
} else {
if ( key - > type ! = BTRFS_EXTENT_ITEM_KEY ) {
extent_err ( leaf , slot ,
" invalid key type, have %u expect %u for data backref " ,
key - > type , BTRFS_EXTENT_ITEM_KEY ) ;
return - EUCLEAN ;
}
if ( ! IS_ALIGNED ( key - > offset , fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid extent length, have %llu expect aligned to %u " ,
key - > offset , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
}
ptr = ( unsigned long ) ( struct btrfs_extent_item * ) ( ei + 1 ) ;
/* Check the special case of btrfs_tree_block_info */
if ( is_tree_block & & key - > type ! = BTRFS_METADATA_ITEM_KEY ) {
struct btrfs_tree_block_info * info ;
info = ( struct btrfs_tree_block_info * ) ptr ;
if ( btrfs_tree_block_level ( leaf , info ) > = BTRFS_MAX_LEVEL ) {
extent_err ( leaf , slot ,
" invalid tree block info level, have %u expect [0, %u] " ,
btrfs_tree_block_level ( leaf , info ) ,
BTRFS_MAX_LEVEL - 1 ) ;
return - EUCLEAN ;
}
ptr = ( unsigned long ) ( struct btrfs_tree_block_info * ) ( info + 1 ) ;
}
/* Check inline refs */
while ( ptr < end ) {
struct btrfs_extent_inline_ref * iref ;
struct btrfs_extent_data_ref * dref ;
struct btrfs_shared_data_ref * sref ;
u64 dref_offset ;
u64 inline_offset ;
u8 inline_type ;
if ( ptr + sizeof ( * iref ) > end ) {
extent_err ( leaf , slot ,
" inline ref item overflows extent item, ptr %lu iref size %zu end %lu " ,
ptr , sizeof ( * iref ) , end ) ;
return - EUCLEAN ;
}
iref = ( struct btrfs_extent_inline_ref * ) ptr ;
inline_type = btrfs_extent_inline_ref_type ( leaf , iref ) ;
inline_offset = btrfs_extent_inline_ref_offset ( leaf , iref ) ;
if ( ptr + btrfs_extent_inline_ref_size ( inline_type ) > end ) {
extent_err ( leaf , slot ,
" inline ref item overflows extent item, ptr %lu iref size %u end %lu " ,
ptr , inline_type , end ) ;
return - EUCLEAN ;
}
switch ( inline_type ) {
/* inline_offset is subvolid of the owner, no need to check */
case BTRFS_TREE_BLOCK_REF_KEY :
inline_refs + + ;
break ;
/* Contains parent bytenr */
case BTRFS_SHARED_BLOCK_REF_KEY :
if ( ! IS_ALIGNED ( inline_offset , fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid tree parent bytenr, have %llu expect aligned to %u " ,
inline_offset , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
inline_refs + + ;
break ;
/*
* Contains owner subvolid , owner key objectid , adjusted offset .
* The only obvious corruption can happen in that offset .
*/
case BTRFS_EXTENT_DATA_REF_KEY :
dref = ( struct btrfs_extent_data_ref * ) ( & iref - > offset ) ;
dref_offset = btrfs_extent_data_ref_offset ( leaf , dref ) ;
if ( ! IS_ALIGNED ( dref_offset , fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid data ref offset, have %llu expect aligned to %u " ,
dref_offset , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
inline_refs + = btrfs_extent_data_ref_count ( leaf , dref ) ;
break ;
/* Contains parent bytenr and ref count */
case BTRFS_SHARED_DATA_REF_KEY :
sref = ( struct btrfs_shared_data_ref * ) ( iref + 1 ) ;
if ( ! IS_ALIGNED ( inline_offset , fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid data parent bytenr, have %llu expect aligned to %u " ,
inline_offset , fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
inline_refs + = btrfs_shared_data_ref_count ( leaf , sref ) ;
break ;
default :
extent_err ( leaf , slot , " unknown inline ref type: %u " ,
inline_type ) ;
return - EUCLEAN ;
}
ptr + = btrfs_extent_inline_ref_size ( inline_type ) ;
}
/* No padding is allowed */
if ( ptr ! = end ) {
extent_err ( leaf , slot ,
" invalid extent item size, padding bytes found " ) ;
return - EUCLEAN ;
}
/* Finally, check the inline refs against total refs */
if ( inline_refs > total_refs ) {
extent_err ( leaf , slot ,
" invalid extent refs, have %llu expect >= inline %llu " ,
total_refs , inline_refs ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-08-09 09:24:23 +08:00
static int check_simple_keyed_refs ( struct extent_buffer * leaf ,
struct btrfs_key * key , int slot )
{
u32 expect_item_size = 0 ;
if ( key - > type = = BTRFS_SHARED_DATA_REF_KEY )
expect_item_size = sizeof ( struct btrfs_shared_data_ref ) ;
if ( btrfs_item_size_nr ( leaf , slot ) ! = expect_item_size ) {
generic_err ( leaf , slot ,
" invalid item size, have %u expect %u for key type %u " ,
btrfs_item_size_nr ( leaf , slot ) ,
expect_item_size , key - > type ) ;
return - EUCLEAN ;
}
if ( ! IS_ALIGNED ( key - > objectid , leaf - > fs_info - > sectorsize ) ) {
generic_err ( leaf , slot ,
" invalid key objectid for shared block ref, have %llu expect aligned to %u " ,
key - > objectid , leaf - > fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
if ( key - > type ! = BTRFS_TREE_BLOCK_REF_KEY & &
! IS_ALIGNED ( key - > offset , leaf - > fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid tree parent bytenr, have %llu expect aligned to %u " ,
key - > offset , leaf - > fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
return 0 ;
}
2019-08-09 09:24:24 +08:00
static int check_extent_data_ref ( struct extent_buffer * leaf ,
struct btrfs_key * key , int slot )
{
struct btrfs_extent_data_ref * dref ;
unsigned long ptr = btrfs_item_ptr_offset ( leaf , slot ) ;
const unsigned long end = ptr + btrfs_item_size_nr ( leaf , slot ) ;
if ( btrfs_item_size_nr ( leaf , slot ) % sizeof ( * dref ) ! = 0 ) {
generic_err ( leaf , slot ,
" invalid item size, have %u expect aligned to %zu for key type %u " ,
btrfs_item_size_nr ( leaf , slot ) ,
sizeof ( * dref ) , key - > type ) ;
}
if ( ! IS_ALIGNED ( key - > objectid , leaf - > fs_info - > sectorsize ) ) {
generic_err ( leaf , slot ,
" invalid key objectid for shared block ref, have %llu expect aligned to %u " ,
key - > objectid , leaf - > fs_info - > sectorsize ) ;
return - EUCLEAN ;
}
for ( ; ptr < end ; ptr + = sizeof ( * dref ) ) {
u64 root_objectid ;
u64 owner ;
u64 offset ;
u64 hash ;
dref = ( struct btrfs_extent_data_ref * ) ptr ;
root_objectid = btrfs_extent_data_ref_root ( leaf , dref ) ;
owner = btrfs_extent_data_ref_objectid ( leaf , dref ) ;
offset = btrfs_extent_data_ref_offset ( leaf , dref ) ;
hash = hash_extent_data_ref ( root_objectid , owner , offset ) ;
if ( hash ! = key - > offset ) {
extent_err ( leaf , slot ,
" invalid extent data ref hash, item has 0x%016llx key has 0x%016llx " ,
hash , key - > offset ) ;
return - EUCLEAN ;
}
if ( ! IS_ALIGNED ( offset , leaf - > fs_info - > sectorsize ) ) {
extent_err ( leaf , slot ,
" invalid extent data backref offset, have %llu expect aligned to %u " ,
offset , leaf - > fs_info - > sectorsize ) ;
}
}
return 0 ;
}
2019-12-09 18:54:32 +08:00
# define inode_ref_err(eb, slot, fmt, args...) \
inode_item_err ( eb , slot , fmt , # # args )
2019-08-26 15:40:39 +08:00
static int check_inode_ref ( struct extent_buffer * leaf ,
struct btrfs_key * key , struct btrfs_key * prev_key ,
int slot )
{
struct btrfs_inode_ref * iref ;
unsigned long ptr ;
unsigned long end ;
2019-10-04 17:31:32 +08:00
if ( ! check_prev_ino ( leaf , key , slot , prev_key ) )
return - EUCLEAN ;
2019-08-26 15:40:39 +08:00
/* namelen can't be 0, so item_size == sizeof() is also invalid */
if ( btrfs_item_size_nr ( leaf , slot ) < = sizeof ( * iref ) ) {
2019-12-09 18:54:32 +08:00
inode_ref_err ( leaf , slot ,
2019-08-26 15:40:39 +08:00
" invalid item size, have %u expect (%zu, %u) " ,
btrfs_item_size_nr ( leaf , slot ) ,
sizeof ( * iref ) , BTRFS_LEAF_DATA_SIZE ( leaf - > fs_info ) ) ;
return - EUCLEAN ;
}
ptr = btrfs_item_ptr_offset ( leaf , slot ) ;
end = ptr + btrfs_item_size_nr ( leaf , slot ) ;
while ( ptr < end ) {
u16 namelen ;
if ( ptr + sizeof ( iref ) > end ) {
2019-12-09 18:54:32 +08:00
inode_ref_err ( leaf , slot ,
2019-08-26 15:40:39 +08:00
" inode ref overflow, ptr %lu end %lu inode_ref_size %zu " ,
ptr , end , sizeof ( iref ) ) ;
return - EUCLEAN ;
}
iref = ( struct btrfs_inode_ref * ) ptr ;
namelen = btrfs_inode_ref_name_len ( leaf , iref ) ;
if ( ptr + sizeof ( * iref ) + namelen > end ) {
2019-12-09 18:54:32 +08:00
inode_ref_err ( leaf , slot ,
2019-08-26 15:40:39 +08:00
" inode ref overflow, ptr %lu end %lu namelen %u " ,
ptr , end , namelen ) ;
return - EUCLEAN ;
}
/*
* NOTE : In theory we should record all found index numbers
* to find any duplicated indexes , but that will be too time
* consuming for inodes with too many hard links .
*/
ptr + = sizeof ( * iref ) + namelen ;
}
return 0 ;
}
2017-10-09 01:51:02 +00:00
/*
* Common point to switch the item - specific validation .
*/
2019-03-20 16:22:00 +01:00
static int check_leaf_item ( struct extent_buffer * leaf ,
2019-05-06 16:44:12 +01:00
struct btrfs_key * key , int slot ,
struct btrfs_key * prev_key )
2017-10-09 01:51:02 +00:00
{
int ret = 0 ;
2019-03-20 13:42:33 +08:00
struct btrfs_chunk * chunk ;
2017-10-09 01:51:02 +00:00
switch ( key - > type ) {
case BTRFS_EXTENT_DATA_KEY :
2019-05-06 16:44:12 +01:00
ret = check_extent_data_item ( leaf , key , slot , prev_key ) ;
2017-10-09 01:51:02 +00:00
break ;
case BTRFS_EXTENT_CSUM_KEY :
2019-12-02 11:01:03 +00:00
ret = check_csum_item ( leaf , key , slot , prev_key ) ;
2017-10-09 01:51:02 +00:00
break ;
2017-11-08 08:54:25 +08:00
case BTRFS_DIR_ITEM_KEY :
case BTRFS_DIR_INDEX_KEY :
case BTRFS_XATTR_ITEM_KEY :
2019-08-26 15:40:38 +08:00
ret = check_dir_item ( leaf , key , prev_key , slot ) ;
2017-11-08 08:54:25 +08:00
break ;
2019-08-26 15:40:39 +08:00
case BTRFS_INODE_REF_KEY :
ret = check_inode_ref ( leaf , key , prev_key , slot ) ;
break ;
2018-07-03 17:10:05 +08:00
case BTRFS_BLOCK_GROUP_ITEM_KEY :
2019-03-20 16:19:31 +01:00
ret = check_block_group_item ( leaf , key , slot ) ;
2018-07-03 17:10:05 +08:00
break ;
2019-03-20 13:42:33 +08:00
case BTRFS_CHUNK_ITEM_KEY :
chunk = btrfs_item_ptr ( leaf , slot , struct btrfs_chunk ) ;
2019-12-17 18:58:20 +08:00
ret = check_leaf_chunk_item ( leaf , chunk , key , slot ) ;
2019-03-20 13:42:33 +08:00
break ;
2019-03-08 14:20:03 +08:00
case BTRFS_DEV_ITEM_KEY :
2019-03-20 16:22:58 +01:00
ret = check_dev_item ( leaf , key , slot ) ;
2019-03-08 14:20:03 +08:00
break ;
2019-03-13 14:31:35 +08:00
case BTRFS_INODE_ITEM_KEY :
2019-03-20 16:22:58 +01:00
ret = check_inode_item ( leaf , key , slot ) ;
2019-03-13 14:31:35 +08:00
break ;
2019-07-16 17:00:34 +08:00
case BTRFS_ROOT_ITEM_KEY :
ret = check_root_item ( leaf , key , slot ) ;
break ;
2019-08-09 09:24:22 +08:00
case BTRFS_EXTENT_ITEM_KEY :
case BTRFS_METADATA_ITEM_KEY :
ret = check_extent_item ( leaf , key , slot ) ;
break ;
2019-08-09 09:24:23 +08:00
case BTRFS_TREE_BLOCK_REF_KEY :
case BTRFS_SHARED_DATA_REF_KEY :
case BTRFS_SHARED_BLOCK_REF_KEY :
ret = check_simple_keyed_refs ( leaf , key , slot ) ;
break ;
2019-08-09 09:24:24 +08:00
case BTRFS_EXTENT_DATA_REF_KEY :
ret = check_extent_data_ref ( leaf , key , slot ) ;
break ;
2017-10-09 01:51:02 +00:00
}
return ret ;
}
2019-03-20 16:22:58 +01:00
static int check_leaf ( struct extent_buffer * leaf , bool check_item_data )
2017-10-09 01:51:02 +00:00
{
2019-03-20 16:22:58 +01:00
struct btrfs_fs_info * fs_info = leaf - > fs_info ;
2017-10-09 01:51:02 +00:00
/* No valid key type is 0, so all key should be larger than this key */
struct btrfs_key prev_key = { 0 , 0 , 0 } ;
struct btrfs_key key ;
u32 nritems = btrfs_header_nritems ( leaf ) ;
int slot ;
2018-09-28 07:59:34 +08:00
if ( btrfs_header_level ( leaf ) ! = 0 ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , 0 ,
2018-09-28 07:59:34 +08:00
" invalid level for leaf, have %d expect 0 " ,
btrfs_header_level ( leaf ) ) ;
return - EUCLEAN ;
}
2017-10-09 01:51:02 +00:00
/*
* Extent buffers from a relocation tree have a owner field that
* corresponds to the subvolume tree they are based on . So just from an
* extent buffer alone we can not find out what is the id of the
* corresponding subvolume tree , so we can not figure out if the extent
* buffer corresponds to the root of the relocation tree or not . So
* skip this check for relocation trees .
*/
if ( nritems = = 0 & & ! btrfs_header_flag ( leaf , BTRFS_HEADER_FLAG_RELOC ) ) {
2018-07-03 17:10:06 +08:00
u64 owner = btrfs_header_owner ( leaf ) ;
2017-10-09 01:51:02 +00:00
2018-07-03 17:10:06 +08:00
/* These trees must never be empty */
if ( owner = = BTRFS_ROOT_TREE_OBJECTID | |
owner = = BTRFS_CHUNK_TREE_OBJECTID | |
owner = = BTRFS_EXTENT_TREE_OBJECTID | |
owner = = BTRFS_DEV_TREE_OBJECTID | |
owner = = BTRFS_FS_TREE_OBJECTID | |
owner = = BTRFS_DATA_RELOC_TREE_OBJECTID ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , 0 ,
2018-07-03 17:10:06 +08:00
" invalid root, root %llu must never be empty " ,
owner ) ;
return - EUCLEAN ;
}
2019-08-22 10:14:15 +08:00
/* Unknown tree */
if ( owner = = 0 ) {
generic_err ( leaf , 0 ,
" invalid owner, root 0 is not defined " ) ;
return - EUCLEAN ;
}
2017-10-09 01:51:02 +00:00
return 0 ;
}
if ( nritems = = 0 )
return 0 ;
/*
* Check the following things to make sure this is a good leaf , and
* leaf users won ' t need to bother with similar sanity checks :
*
* 1 ) key ordering
* 2 ) item offset and size
* No overlap , no hole , all inside the leaf .
* 3 ) item content
* If possible , do comprehensive sanity check .
* NOTE : All checks must only rely on the item data itself .
*/
for ( slot = 0 ; slot < nritems ; slot + + ) {
u32 item_end_expected ;
int ret ;
btrfs_item_key_to_cpu ( leaf , & key , slot ) ;
/* Make sure the keys are in the right order */
if ( btrfs_comp_cpu_keys ( & prev_key , & key ) > = 0 ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:04 +00:00
" bad key order, prev (%llu %u %llu) current (%llu %u %llu) " ,
prev_key . objectid , prev_key . type ,
prev_key . offset , key . objectid , key . type ,
key . offset ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
/*
* Make sure the offset and ends are right , remember that the
* item data starts at the end of the leaf and grows towards the
* front .
*/
if ( slot = = 0 )
item_end_expected = BTRFS_LEAF_DATA_SIZE ( fs_info ) ;
else
item_end_expected = btrfs_item_offset_nr ( leaf ,
slot - 1 ) ;
if ( btrfs_item_end_nr ( leaf , slot ) ! = item_end_expected ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:04 +00:00
" unexpected item end, have %u expect %u " ,
btrfs_item_end_nr ( leaf , slot ) ,
item_end_expected ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
/*
* Check to make sure that we don ' t point outside of the leaf ,
* just in case all the items are consistent to each other , but
* all point outside of the leaf .
*/
if ( btrfs_item_end_nr ( leaf , slot ) >
BTRFS_LEAF_DATA_SIZE ( fs_info ) ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:04 +00:00
" slot end outside of leaf, have %u expect range [0, %u] " ,
btrfs_item_end_nr ( leaf , slot ) ,
BTRFS_LEAF_DATA_SIZE ( fs_info ) ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
/* Also check if the item pointer overlaps with btrfs item. */
if ( btrfs_item_nr_offset ( slot ) + sizeof ( struct btrfs_item ) >
btrfs_item_ptr_offset ( leaf , slot ) ) {
2019-03-20 15:31:28 +01:00
generic_err ( leaf , slot ,
2017-10-09 01:51:04 +00:00
" slot overlaps with its data, item end %lu data start %lu " ,
btrfs_item_nr_offset ( slot ) +
sizeof ( struct btrfs_item ) ,
btrfs_item_ptr_offset ( leaf , slot ) ) ;
2017-10-09 01:51:02 +00:00
return - EUCLEAN ;
}
2017-11-08 08:54:24 +08:00
if ( check_item_data ) {
/*
* Check if the item size and content meet other
* criteria
*/
2019-05-06 16:44:12 +01:00
ret = check_leaf_item ( leaf , & key , slot , & prev_key ) ;
2017-11-08 08:54:24 +08:00
if ( ret < 0 )
return ret ;
}
2017-10-09 01:51:02 +00:00
prev_key . objectid = key . objectid ;
prev_key . type = key . type ;
prev_key . offset = key . offset ;
}
return 0 ;
}
2019-03-20 16:23:29 +01:00
int btrfs_check_leaf_full ( struct extent_buffer * leaf )
2017-11-08 08:54:24 +08:00
{
2019-03-20 16:22:58 +01:00
return check_leaf ( leaf , true ) ;
2017-11-08 08:54:24 +08:00
}
2019-04-24 15:22:53 +08:00
ALLOW_ERROR_INJECTION ( btrfs_check_leaf_full , ERRNO ) ;
2017-11-08 08:54:24 +08:00
2019-03-20 16:24:18 +01:00
int btrfs_check_leaf_relaxed ( struct extent_buffer * leaf )
2017-11-08 08:54:24 +08:00
{
2019-03-20 16:22:58 +01:00
return check_leaf ( leaf , false ) ;
2017-11-08 08:54:24 +08:00
}
2019-03-20 16:25:00 +01:00
int btrfs_check_node ( struct extent_buffer * node )
2017-10-09 01:51:02 +00:00
{
2019-03-20 16:25:00 +01:00
struct btrfs_fs_info * fs_info = node - > fs_info ;
2017-10-09 01:51:02 +00:00
unsigned long nr = btrfs_header_nritems ( node ) ;
struct btrfs_key key , next_key ;
int slot ;
2018-09-28 07:59:34 +08:00
int level = btrfs_header_level ( node ) ;
2017-10-09 01:51:02 +00:00
u64 bytenr ;
int ret = 0 ;
2018-09-28 07:59:34 +08:00
if ( level < = 0 | | level > = BTRFS_MAX_LEVEL ) {
2019-03-20 15:31:28 +01:00
generic_err ( node , 0 ,
2018-09-28 07:59:34 +08:00
" invalid level for node, have %d expect [1, %d] " ,
level , BTRFS_MAX_LEVEL - 1 ) ;
return - EUCLEAN ;
}
2018-01-25 14:56:18 +08:00
if ( nr = = 0 | | nr > BTRFS_NODEPTRS_PER_BLOCK ( fs_info ) ) {
btrfs_crit ( fs_info ,
2017-10-09 01:51:03 +00:00
" corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%u] " ,
2018-01-25 14:56:18 +08:00
btrfs_header_owner ( node ) , node - > start ,
2017-10-09 01:51:03 +00:00
nr = = 0 ? " small " : " large " , nr ,
2018-01-25 14:56:18 +08:00
BTRFS_NODEPTRS_PER_BLOCK ( fs_info ) ) ;
2017-10-09 01:51:03 +00:00
return - EUCLEAN ;
2017-10-09 01:51:02 +00:00
}
for ( slot = 0 ; slot < nr - 1 ; slot + + ) {
bytenr = btrfs_node_blockptr ( node , slot ) ;
btrfs_node_key_to_cpu ( node , & key , slot ) ;
btrfs_node_key_to_cpu ( node , & next_key , slot + 1 ) ;
if ( ! bytenr ) {
2019-03-20 15:31:28 +01:00
generic_err ( node , slot ,
2017-10-09 01:51:03 +00:00
" invalid NULL node pointer " ) ;
ret = - EUCLEAN ;
goto out ;
}
2018-01-25 14:56:18 +08:00
if ( ! IS_ALIGNED ( bytenr , fs_info - > sectorsize ) ) {
2019-03-20 15:31:28 +01:00
generic_err ( node , slot ,
2017-10-09 01:51:03 +00:00
" unaligned pointer, have %llu should be aligned to %u " ,
2018-01-25 14:56:18 +08:00
bytenr , fs_info - > sectorsize ) ;
2017-10-09 01:51:03 +00:00
ret = - EUCLEAN ;
2017-10-09 01:51:02 +00:00
goto out ;
}
if ( btrfs_comp_cpu_keys ( & key , & next_key ) > = 0 ) {
2019-03-20 15:31:28 +01:00
generic_err ( node , slot ,
2017-10-09 01:51:03 +00:00
" bad key order, current (%llu %u %llu) next (%llu %u %llu) " ,
key . objectid , key . type , key . offset ,
next_key . objectid , next_key . type ,
next_key . offset ) ;
ret = - EUCLEAN ;
2017-10-09 01:51:02 +00:00
goto out ;
}
}
out :
return ret ;
}
2019-04-24 15:22:53 +08:00
ALLOW_ERROR_INJECTION ( btrfs_check_node , ERRNO ) ;