linux/fs/xfs/scrub/dir.c
Darrick J. Wong b961c8bf1f xfs: deferred scrub of dirents
If the trylock-based parent pointer check fails, retain those dirents
and check them at the end.  This may involve dropping the locks on the
file being scanned, so yay.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2024-04-23 07:47:02 -07:00

1175 lines
30 KiB
C

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (C) 2017-2023 Oracle. All Rights Reserved.
* Author: Darrick J. Wong <djwong@kernel.org>
*/
#include "xfs.h"
#include "xfs_fs.h"
#include "xfs_shared.h"
#include "xfs_format.h"
#include "xfs_trans_resv.h"
#include "xfs_mount.h"
#include "xfs_log_format.h"
#include "xfs_trans.h"
#include "xfs_inode.h"
#include "xfs_icache.h"
#include "xfs_dir2.h"
#include "xfs_dir2_priv.h"
#include "xfs_health.h"
#include "xfs_attr.h"
#include "xfs_parent.h"
#include "scrub/scrub.h"
#include "scrub/common.h"
#include "scrub/dabtree.h"
#include "scrub/readdir.h"
#include "scrub/health.h"
#include "scrub/repair.h"
#include "scrub/trace.h"
#include "scrub/xfile.h"
#include "scrub/xfarray.h"
#include "scrub/xfblob.h"
/* Set us up to scrub directories. */
int
xchk_setup_directory(
struct xfs_scrub *sc)
{
int error;
if (xchk_could_repair(sc)) {
error = xrep_setup_directory(sc);
if (error)
return error;
}
return xchk_setup_inode_contents(sc, 0);
}
/* Directories */
/* Deferred directory entry that we saved for later. */
struct xchk_dirent {
/* Cookie for retrieval of the dirent name. */
xfblob_cookie name_cookie;
/* Child inode number. */
xfs_ino_t ino;
/* Length of the pptr name. */
uint8_t namelen;
};
struct xchk_dir {
struct xfs_scrub *sc;
/* information for parent pointer validation. */
struct xfs_parent_rec pptr_rec;
struct xfs_da_args pptr_args;
/* Fixed-size array of xchk_dirent structures. */
struct xfarray *dir_entries;
/* Blobs containing dirent names. */
struct xfblob *dir_names;
/* If we've cycled the ILOCK, we must revalidate deferred dirents. */
bool need_revalidate;
/* Name buffer for dirent revalidation. */
struct xfs_name xname;
uint8_t namebuf[MAXNAMELEN];
};
/* Scrub a directory entry. */
/* Check that an inode's mode matches a given XFS_DIR3_FT_* type. */
STATIC void
xchk_dir_check_ftype(
struct xfs_scrub *sc,
xfs_fileoff_t offset,
struct xfs_inode *ip,
int ftype)
{
struct xfs_mount *mp = sc->mp;
if (!xfs_has_ftype(mp)) {
if (ftype != XFS_DIR3_FT_UNKNOWN && ftype != XFS_DIR3_FT_DIR)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
return;
}
if (xfs_mode_to_ftype(VFS_I(ip)->i_mode) != ftype)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
}
/*
* Try to lock a child file for checking parent pointers. Returns the inode
* flags for the locks we now hold, or zero if we failed.
*/
STATIC unsigned int
xchk_dir_lock_child(
struct xfs_scrub *sc,
struct xfs_inode *ip)
{
if (!xfs_ilock_nowait(ip, XFS_IOLOCK_SHARED))
return 0;
if (!xfs_ilock_nowait(ip, XFS_ILOCK_SHARED)) {
xfs_iunlock(ip, XFS_IOLOCK_SHARED);
return 0;
}
if (!xfs_inode_has_attr_fork(ip) || !xfs_need_iread_extents(&ip->i_af))
return XFS_IOLOCK_SHARED | XFS_ILOCK_SHARED;
xfs_iunlock(ip, XFS_ILOCK_SHARED);
if (!xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) {
xfs_iunlock(ip, XFS_IOLOCK_SHARED);
return 0;
}
return XFS_IOLOCK_SHARED | XFS_ILOCK_EXCL;
}
/* Check the backwards link (parent pointer) associated with this dirent. */
STATIC int
xchk_dir_parent_pointer(
struct xchk_dir *sd,
const struct xfs_name *name,
struct xfs_inode *ip)
{
struct xfs_scrub *sc = sd->sc;
int error;
xfs_inode_to_parent_rec(&sd->pptr_rec, sc->ip);
error = xfs_parent_lookup(sc->tp, ip, name, &sd->pptr_rec,
&sd->pptr_args);
if (error == -ENOATTR)
xchk_fblock_xref_set_corrupt(sc, XFS_DATA_FORK, 0);
return 0;
}
/* Look for a parent pointer matching this dirent, if the child isn't busy. */
STATIC int
xchk_dir_check_pptr_fast(
struct xchk_dir *sd,
xfs_dir2_dataptr_t dapos,
const struct xfs_name *name,
struct xfs_inode *ip)
{
struct xfs_scrub *sc = sd->sc;
unsigned int lockmode;
int error;
/* dot and dotdot entries do not have parent pointers */
if (xfs_dir2_samename(name, &xfs_name_dot) ||
xfs_dir2_samename(name, &xfs_name_dotdot))
return 0;
/* No self-referential non-dot or dotdot dirents. */
if (ip == sc->ip) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
return -ECANCELED;
}
/* Try to lock the inode. */
lockmode = xchk_dir_lock_child(sc, ip);
if (!lockmode) {
struct xchk_dirent save_de = {
.namelen = name->len,
.ino = ip->i_ino,
};
/* Couldn't lock the inode, so save the dirent for later. */
trace_xchk_dir_defer(sc->ip, name, ip->i_ino);
error = xfblob_storename(sd->dir_names, &save_de.name_cookie,
name);
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0,
&error))
return error;
error = xfarray_append(sd->dir_entries, &save_de);
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0,
&error))
return error;
return 0;
}
error = xchk_dir_parent_pointer(sd, name, ip);
xfs_iunlock(ip, lockmode);
return error;
}
/*
* Scrub a single directory entry.
*
* Check the inode number to make sure it's sane, then we check that we can
* look up this filename. Finally, we check the ftype.
*/
STATIC int
xchk_dir_actor(
struct xfs_scrub *sc,
struct xfs_inode *dp,
xfs_dir2_dataptr_t dapos,
const struct xfs_name *name,
xfs_ino_t ino,
void *priv)
{
struct xfs_mount *mp = dp->i_mount;
struct xfs_inode *ip;
struct xchk_dir *sd = priv;
xfs_ino_t lookup_ino;
xfs_dablk_t offset;
int error = 0;
offset = xfs_dir2_db_to_da(mp->m_dir_geo,
xfs_dir2_dataptr_to_db(mp->m_dir_geo, dapos));
if (xchk_should_terminate(sc, &error))
return error;
/* Does this inode number make sense? */
if (!xfs_verify_dir_ino(mp, ino)) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
return -ECANCELED;
}
/* Does this name make sense? */
if (!xfs_dir2_namecheck(name->name, name->len)) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
return -ECANCELED;
}
if (xfs_dir2_samename(name, &xfs_name_dot)) {
/* If this is "." then check that the inum matches the dir. */
if (ino != dp->i_ino)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
} else if (xfs_dir2_samename(name, &xfs_name_dotdot)) {
/*
* If this is ".." in the root inode, check that the inum
* matches this dir.
*/
if (dp->i_ino == mp->m_sb.sb_rootino && ino != dp->i_ino)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
}
/* Verify that we can look up this name by hash. */
error = xchk_dir_lookup(sc, dp, name, &lookup_ino);
/* ENOENT means the hash lookup failed and the dir is corrupt */
if (error == -ENOENT)
error = -EFSCORRUPTED;
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, offset, &error))
goto out;
if (lookup_ino != ino) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
return -ECANCELED;
}
/*
* Grab the inode pointed to by the dirent. We release the inode
* before we cancel the scrub transaction.
*
* If _iget returns -EINVAL or -ENOENT then the child inode number is
* garbage and the directory is corrupt. If the _iget returns
* -EFSCORRUPTED or -EFSBADCRC then the child is corrupt which is a
* cross referencing error. Any other error is an operational error.
*/
error = xchk_iget(sc, ino, &ip);
if (error == -EINVAL || error == -ENOENT) {
error = -EFSCORRUPTED;
xchk_fblock_process_error(sc, XFS_DATA_FORK, 0, &error);
goto out;
}
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, offset, &error))
goto out;
xchk_dir_check_ftype(sc, offset, ip, name->type);
if (xfs_has_parent(mp)) {
error = xchk_dir_check_pptr_fast(sd, dapos, name, ip);
if (error)
goto out_rele;
}
out_rele:
xchk_irele(sc, ip);
out:
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
return -ECANCELED;
return error;
}
/* Scrub a directory btree record. */
STATIC int
xchk_dir_rec(
struct xchk_da_btree *ds,
int level)
{
struct xfs_name dname = { };
struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
struct xfs_mount *mp = ds->state->mp;
struct xfs_inode *dp = ds->dargs.dp;
struct xfs_da_geometry *geo = mp->m_dir_geo;
struct xfs_dir2_data_entry *dent;
struct xfs_buf *bp;
struct xfs_dir2_leaf_entry *ent;
unsigned int end;
unsigned int iter_off;
xfs_ino_t ino;
xfs_dablk_t rec_bno;
xfs_dir2_db_t db;
xfs_dir2_data_aoff_t off;
xfs_dir2_dataptr_t ptr;
xfs_dahash_t calc_hash;
xfs_dahash_t hash;
struct xfs_dir3_icleaf_hdr hdr;
unsigned int tag;
int error;
ASSERT(blk->magic == XFS_DIR2_LEAF1_MAGIC ||
blk->magic == XFS_DIR2_LEAFN_MAGIC);
xfs_dir2_leaf_hdr_from_disk(mp, &hdr, blk->bp->b_addr);
ent = hdr.ents + blk->index;
/* Check the hash of the entry. */
error = xchk_da_btree_hash(ds, level, &ent->hashval);
if (error)
goto out;
/* Valid hash pointer? */
ptr = be32_to_cpu(ent->address);
if (ptr == 0)
return 0;
/* Find the directory entry's location. */
db = xfs_dir2_dataptr_to_db(geo, ptr);
off = xfs_dir2_dataptr_to_off(geo, ptr);
rec_bno = xfs_dir2_db_to_da(geo, db);
if (rec_bno >= geo->leafblk) {
xchk_da_set_corrupt(ds, level);
goto out;
}
error = xfs_dir3_data_read(ds->dargs.trans, dp, ds->dargs.owner,
rec_bno, XFS_DABUF_MAP_HOLE_OK, &bp);
if (!xchk_fblock_process_error(ds->sc, XFS_DATA_FORK, rec_bno,
&error))
goto out;
if (!bp) {
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
goto out;
}
xchk_buffer_recheck(ds->sc, bp);
if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out_relse;
dent = bp->b_addr + off;
/* Make sure we got a real directory entry. */
iter_off = geo->data_entry_offset;
end = xfs_dir3_data_end_offset(geo, bp->b_addr);
if (!end) {
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
goto out_relse;
}
for (;;) {
struct xfs_dir2_data_entry *dep = bp->b_addr + iter_off;
struct xfs_dir2_data_unused *dup = bp->b_addr + iter_off;
if (iter_off >= end) {
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
goto out_relse;
}
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
iter_off += be16_to_cpu(dup->length);
continue;
}
if (dep == dent)
break;
iter_off += xfs_dir2_data_entsize(mp, dep->namelen);
}
/* Retrieve the entry, sanity check it, and compare hashes. */
ino = be64_to_cpu(dent->inumber);
hash = be32_to_cpu(ent->hashval);
tag = be16_to_cpup(xfs_dir2_data_entry_tag_p(mp, dent));
if (!xfs_verify_dir_ino(mp, ino) || tag != off)
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
if (dent->namelen == 0) {
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
goto out_relse;
}
/* Does the directory hash match? */
dname.name = dent->name;
dname.len = dent->namelen;
calc_hash = xfs_dir2_hashname(mp, &dname);
if (calc_hash != hash)
xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
out_relse:
xfs_trans_brelse(ds->dargs.trans, bp);
out:
return error;
}
/*
* Is this unused entry either in the bestfree or smaller than all of
* them? We've already checked that the bestfrees are sorted longest to
* shortest, and that there aren't any bogus entries.
*/
STATIC void
xchk_directory_check_free_entry(
struct xfs_scrub *sc,
xfs_dablk_t lblk,
struct xfs_dir2_data_free *bf,
struct xfs_dir2_data_unused *dup)
{
struct xfs_dir2_data_free *dfp;
unsigned int dup_length;
dup_length = be16_to_cpu(dup->length);
/* Unused entry is shorter than any of the bestfrees */
if (dup_length < be16_to_cpu(bf[XFS_DIR2_DATA_FD_COUNT - 1].length))
return;
for (dfp = &bf[XFS_DIR2_DATA_FD_COUNT - 1]; dfp >= bf; dfp--)
if (dup_length == be16_to_cpu(dfp->length))
return;
/* Unused entry should be in the bestfrees but wasn't found. */
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
}
/* Check free space info in a directory data block. */
STATIC int
xchk_directory_data_bestfree(
struct xfs_scrub *sc,
xfs_dablk_t lblk,
bool is_block)
{
struct xfs_dir2_data_unused *dup;
struct xfs_dir2_data_free *dfp;
struct xfs_buf *bp;
struct xfs_dir2_data_free *bf;
struct xfs_mount *mp = sc->mp;
u16 tag;
unsigned int nr_bestfrees = 0;
unsigned int nr_frees = 0;
unsigned int smallest_bestfree;
int newlen;
unsigned int offset;
unsigned int end;
int error;
if (is_block) {
/* dir block format */
if (lblk != XFS_B_TO_FSBT(mp, XFS_DIR2_DATA_OFFSET))
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
error = xfs_dir3_block_read(sc->tp, sc->ip, sc->ip->i_ino, &bp);
} else {
/* dir data format */
error = xfs_dir3_data_read(sc->tp, sc->ip, sc->ip->i_ino, lblk,
0, &bp);
}
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
goto out;
xchk_buffer_recheck(sc, bp);
/* XXX: Check xfs_dir3_data_hdr.pad is zero once we start setting it. */
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out_buf;
/* Do the bestfrees correspond to actual free space? */
bf = xfs_dir2_data_bestfree_p(mp, bp->b_addr);
smallest_bestfree = UINT_MAX;
for (dfp = &bf[0]; dfp < &bf[XFS_DIR2_DATA_FD_COUNT]; dfp++) {
offset = be16_to_cpu(dfp->offset);
if (offset == 0)
continue;
if (offset >= mp->m_dir_geo->blksize) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out_buf;
}
dup = bp->b_addr + offset;
tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
/* bestfree doesn't match the entry it points at? */
if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG) ||
be16_to_cpu(dup->length) != be16_to_cpu(dfp->length) ||
tag != offset) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out_buf;
}
/* bestfree records should be ordered largest to smallest */
if (smallest_bestfree < be16_to_cpu(dfp->length)) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out_buf;
}
smallest_bestfree = be16_to_cpu(dfp->length);
nr_bestfrees++;
}
/* Make sure the bestfrees are actually the best free spaces. */
offset = mp->m_dir_geo->data_entry_offset;
end = xfs_dir3_data_end_offset(mp->m_dir_geo, bp->b_addr);
/* Iterate the entries, stopping when we hit or go past the end. */
while (offset < end) {
dup = bp->b_addr + offset;
/* Skip real entries */
if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG)) {
struct xfs_dir2_data_entry *dep = bp->b_addr + offset;
newlen = xfs_dir2_data_entsize(mp, dep->namelen);
if (newlen <= 0) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
lblk);
goto out_buf;
}
offset += newlen;
continue;
}
/* Spot check this free entry */
tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
if (tag != offset) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out_buf;
}
/*
* Either this entry is a bestfree or it's smaller than
* any of the bestfrees.
*/
xchk_directory_check_free_entry(sc, lblk, bf, dup);
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out_buf;
/* Move on. */
newlen = be16_to_cpu(dup->length);
if (newlen <= 0) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out_buf;
}
offset += newlen;
if (offset <= end)
nr_frees++;
}
/* We're required to fill all the space. */
if (offset != end)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
/* Did we see at least as many free slots as there are bestfrees? */
if (nr_frees < nr_bestfrees)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
out_buf:
xfs_trans_brelse(sc->tp, bp);
out:
return error;
}
/*
* Does the free space length in the free space index block ($len) match
* the longest length in the directory data block's bestfree array?
* Assume that we've already checked that the data block's bestfree
* array is in order.
*/
STATIC void
xchk_directory_check_freesp(
struct xfs_scrub *sc,
xfs_dablk_t lblk,
struct xfs_buf *dbp,
unsigned int len)
{
struct xfs_dir2_data_free *dfp;
dfp = xfs_dir2_data_bestfree_p(sc->mp, dbp->b_addr);
if (len != be16_to_cpu(dfp->length))
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
if (len > 0 && be16_to_cpu(dfp->offset) == 0)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
}
/* Check free space info in a directory leaf1 block. */
STATIC int
xchk_directory_leaf1_bestfree(
struct xfs_scrub *sc,
struct xfs_da_args *args,
xfs_dir2_db_t last_data_db,
xfs_dablk_t lblk)
{
struct xfs_dir3_icleaf_hdr leafhdr;
struct xfs_dir2_leaf_tail *ltp;
struct xfs_dir2_leaf *leaf;
struct xfs_buf *dbp;
struct xfs_buf *bp;
struct xfs_da_geometry *geo = sc->mp->m_dir_geo;
__be16 *bestp;
__u16 best;
__u32 hash;
__u32 lasthash = 0;
__u32 bestcount;
unsigned int stale = 0;
int i;
int error;
/* Read the free space block. */
error = xfs_dir3_leaf_read(sc->tp, sc->ip, sc->ip->i_ino, lblk, &bp);
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
return error;
xchk_buffer_recheck(sc, bp);
leaf = bp->b_addr;
xfs_dir2_leaf_hdr_from_disk(sc->ip->i_mount, &leafhdr, leaf);
ltp = xfs_dir2_leaf_tail_p(geo, leaf);
bestcount = be32_to_cpu(ltp->bestcount);
bestp = xfs_dir2_leaf_bests_p(ltp);
if (xfs_has_crc(sc->mp)) {
struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
if (hdr3->pad != cpu_to_be32(0))
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
}
/*
* There must be enough bestfree slots to cover all the directory data
* blocks that we scanned. It is possible for there to be a hole
* between the last data block and i_disk_size. This seems like an
* oversight to the scrub author, but as we have been writing out
* directories like this (and xfs_repair doesn't mind them) for years,
* that's what we have to check.
*/
if (bestcount != last_data_db + 1) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
/* Is the leaf count even remotely sane? */
if (leafhdr.count > geo->leaf_max_ents) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
/* Leaves and bests don't overlap in leaf format. */
if ((char *)&leafhdr.ents[leafhdr.count] > (char *)bestp) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
/* Check hash value order, count stale entries. */
for (i = 0; i < leafhdr.count; i++) {
hash = be32_to_cpu(leafhdr.ents[i].hashval);
if (i > 0 && lasthash > hash)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
lasthash = hash;
if (leafhdr.ents[i].address ==
cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
stale++;
}
if (leafhdr.stale != stale)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
/* Check all the bestfree entries. */
for (i = 0; i < bestcount; i++, bestp++) {
best = be16_to_cpu(*bestp);
error = xfs_dir3_data_read(sc->tp, sc->ip, args->owner,
xfs_dir2_db_to_da(args->geo, i),
XFS_DABUF_MAP_HOLE_OK, &dbp);
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
&error))
break;
if (!dbp) {
if (best != NULLDATAOFF) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
lblk);
break;
}
continue;
}
if (best == NULLDATAOFF)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
else
xchk_directory_check_freesp(sc, lblk, dbp, best);
xfs_trans_brelse(sc->tp, dbp);
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
break;
}
out:
xfs_trans_brelse(sc->tp, bp);
return error;
}
/* Check free space info in a directory freespace block. */
STATIC int
xchk_directory_free_bestfree(
struct xfs_scrub *sc,
struct xfs_da_args *args,
xfs_dablk_t lblk)
{
struct xfs_dir3_icfree_hdr freehdr;
struct xfs_buf *dbp;
struct xfs_buf *bp;
__u16 best;
unsigned int stale = 0;
int i;
int error;
/* Read the free space block */
error = xfs_dir2_free_read(sc->tp, sc->ip, sc->ip->i_ino, lblk, &bp);
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
return error;
xchk_buffer_recheck(sc, bp);
if (xfs_has_crc(sc->mp)) {
struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
if (hdr3->pad != cpu_to_be32(0))
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
}
/* Check all the entries. */
xfs_dir2_free_hdr_from_disk(sc->ip->i_mount, &freehdr, bp->b_addr);
for (i = 0; i < freehdr.nvalid; i++) {
best = be16_to_cpu(freehdr.bests[i]);
if (best == NULLDATAOFF) {
stale++;
continue;
}
error = xfs_dir3_data_read(sc->tp, sc->ip, args->owner,
(freehdr.firstdb + i) * args->geo->fsbcount,
0, &dbp);
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
&error))
goto out;
xchk_directory_check_freesp(sc, lblk, dbp, best);
xfs_trans_brelse(sc->tp, dbp);
}
if (freehdr.nused + stale != freehdr.nvalid)
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
out:
xfs_trans_brelse(sc->tp, bp);
return error;
}
/* Check free space information in directories. */
STATIC int
xchk_directory_blocks(
struct xfs_scrub *sc)
{
struct xfs_bmbt_irec got;
struct xfs_da_args args = {
.dp = sc->ip,
.whichfork = XFS_DATA_FORK,
.geo = sc->mp->m_dir_geo,
.trans = sc->tp,
.owner = sc->ip->i_ino,
};
struct xfs_ifork *ifp = xfs_ifork_ptr(sc->ip, XFS_DATA_FORK);
struct xfs_mount *mp = sc->mp;
xfs_fileoff_t leaf_lblk;
xfs_fileoff_t free_lblk;
xfs_fileoff_t lblk;
struct xfs_iext_cursor icur;
xfs_dablk_t dabno;
xfs_dir2_db_t last_data_db = 0;
bool found;
bool is_block = false;
int error;
/* Ignore local format directories. */
if (ifp->if_format != XFS_DINODE_FMT_EXTENTS &&
ifp->if_format != XFS_DINODE_FMT_BTREE)
return 0;
lblk = XFS_B_TO_FSB(mp, XFS_DIR2_DATA_OFFSET);
leaf_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_LEAF_OFFSET);
free_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_FREE_OFFSET);
/* Is this a block dir? */
error = xfs_dir2_isblock(&args, &is_block);
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
goto out;
/* Iterate all the data extents in the directory... */
found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
/* No more data blocks... */
if (got.br_startoff >= leaf_lblk)
break;
/*
* Check each data block's bestfree data.
*
* Iterate all the fsbcount-aligned block offsets in
* this directory. The directory block reading code is
* smart enough to do its own bmap lookups to handle
* discontiguous directory blocks. When we're done
* with the extent record, re-query the bmap at the
* next fsbcount-aligned offset to avoid redundant
* block checks.
*/
for (lblk = roundup((xfs_dablk_t)got.br_startoff,
args.geo->fsbcount);
lblk < got.br_startoff + got.br_blockcount;
lblk += args.geo->fsbcount) {
last_data_db = xfs_dir2_da_to_db(args.geo, lblk);
error = xchk_directory_data_bestfree(sc, lblk,
is_block);
if (error)
goto out;
}
dabno = got.br_startoff + got.br_blockcount;
lblk = roundup(dabno, args.geo->fsbcount);
found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
}
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
/* Look for a leaf1 block, which has free info. */
if (xfs_iext_lookup_extent(sc->ip, ifp, leaf_lblk, &icur, &got) &&
got.br_startoff == leaf_lblk &&
got.br_blockcount == args.geo->fsbcount &&
!xfs_iext_next_extent(ifp, &icur, &got)) {
if (is_block) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
error = xchk_directory_leaf1_bestfree(sc, &args, last_data_db,
leaf_lblk);
if (error)
goto out;
}
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
/* Scan for free blocks */
lblk = free_lblk;
found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
/*
* Dirs can't have blocks mapped above 2^32.
* Single-block dirs shouldn't even be here.
*/
lblk = got.br_startoff;
if (lblk & ~0xFFFFFFFFULL) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
if (is_block) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
goto out;
}
/*
* Check each dir free block's bestfree data.
*
* Iterate all the fsbcount-aligned block offsets in
* this directory. The directory block reading code is
* smart enough to do its own bmap lookups to handle
* discontiguous directory blocks. When we're done
* with the extent record, re-query the bmap at the
* next fsbcount-aligned offset to avoid redundant
* block checks.
*/
for (lblk = roundup((xfs_dablk_t)got.br_startoff,
args.geo->fsbcount);
lblk < got.br_startoff + got.br_blockcount;
lblk += args.geo->fsbcount) {
error = xchk_directory_free_bestfree(sc, &args,
lblk);
if (error)
goto out;
}
dabno = got.br_startoff + got.br_blockcount;
lblk = roundup(dabno, args.geo->fsbcount);
found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
}
out:
return error;
}
/*
* Revalidate a dirent that we collected in the past but couldn't check because
* of lock contention. Returns 0 if the dirent is still valid, -ENOENT if it
* has gone away on us, or a negative errno.
*/
STATIC int
xchk_dir_revalidate_dirent(
struct xchk_dir *sd,
const struct xfs_name *xname,
xfs_ino_t ino)
{
struct xfs_scrub *sc = sd->sc;
xfs_ino_t child_ino;
int error;
/*
* Look up the directory entry. If we get -ENOENT, the directory entry
* went away and there's nothing to revalidate. Return any other
* error.
*/
error = xchk_dir_lookup(sc, sc->ip, xname, &child_ino);
if (error)
return error;
/* The inode number changed, nothing to revalidate. */
if (ino != child_ino)
return -ENOENT;
return 0;
}
/*
* Check a directory entry's parent pointers the slow way, which means we cycle
* locks a bunch and put up with revalidation until we get it done.
*/
STATIC int
xchk_dir_slow_dirent(
struct xchk_dir *sd,
struct xchk_dirent *dirent,
const struct xfs_name *xname)
{
struct xfs_scrub *sc = sd->sc;
struct xfs_inode *ip;
unsigned int lockmode;
int error;
/* Check that the deferred dirent still exists. */
if (sd->need_revalidate) {
error = xchk_dir_revalidate_dirent(sd, xname, dirent->ino);
if (error == -ENOENT)
return 0;
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0,
&error))
return error;
}
error = xchk_iget(sc, dirent->ino, &ip);
if (error == -EINVAL || error == -ENOENT) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
return 0;
}
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0, &error))
return error;
/*
* If we can grab both IOLOCK and ILOCK of the alleged child, we can
* proceed with the validation.
*/
lockmode = xchk_dir_lock_child(sc, ip);
if (lockmode) {
trace_xchk_dir_slowpath(sc->ip, xname, ip->i_ino);
goto check_pptr;
}
/*
* We couldn't lock the child file. Drop all the locks and try to
* get them again, one at a time.
*/
xchk_iunlock(sc, sc->ilock_flags);
sd->need_revalidate = true;
trace_xchk_dir_ultraslowpath(sc->ip, xname, ip->i_ino);
error = xchk_dir_trylock_for_pptrs(sc, ip, &lockmode);
if (error)
goto out_rele;
/* Revalidate, since we just cycled the locks. */
error = xchk_dir_revalidate_dirent(sd, xname, dirent->ino);
if (error == -ENOENT) {
error = 0;
goto out_unlock;
}
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0, &error))
goto out_unlock;
check_pptr:
error = xchk_dir_parent_pointer(sd, xname, ip);
out_unlock:
xfs_iunlock(ip, lockmode);
out_rele:
xchk_irele(sc, ip);
return error;
}
/* Check all the dirents that we deferred the first time around. */
STATIC int
xchk_dir_finish_slow_dirents(
struct xchk_dir *sd)
{
xfarray_idx_t array_cur;
int error;
foreach_xfarray_idx(sd->dir_entries, array_cur) {
struct xchk_dirent dirent;
if (sd->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
return 0;
error = xfarray_load(sd->dir_entries, array_cur, &dirent);
if (error)
return error;
error = xfblob_loadname(sd->dir_names, dirent.name_cookie,
&sd->xname, dirent.namelen);
if (error)
return error;
error = xchk_dir_slow_dirent(sd, &dirent, &sd->xname);
if (error)
return error;
}
return 0;
}
/* Scrub a whole directory. */
int
xchk_directory(
struct xfs_scrub *sc)
{
struct xchk_dir *sd;
int error;
if (!S_ISDIR(VFS_I(sc->ip)->i_mode))
return -ENOENT;
if (xchk_file_looks_zapped(sc, XFS_SICK_INO_DIR_ZAPPED)) {
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
return 0;
}
/* Plausible size? */
if (sc->ip->i_disk_size < xfs_dir2_sf_hdr_size(0)) {
xchk_ino_set_corrupt(sc, sc->ip->i_ino);
return 0;
}
/* Check directory tree structure */
error = xchk_da_btree(sc, XFS_DATA_FORK, xchk_dir_rec, NULL);
if (error)
return error;
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
return 0;
/* Check the freespace. */
error = xchk_directory_blocks(sc);
if (error)
return error;
if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
return 0;
sd = kvzalloc(sizeof(struct xchk_dir), XCHK_GFP_FLAGS);
if (!sd)
return -ENOMEM;
sd->sc = sc;
sd->xname.name = sd->namebuf;
if (xfs_has_parent(sc->mp)) {
char *descr;
/*
* Set up some staging memory for dirents that we can't check
* due to locking contention.
*/
descr = xchk_xfile_ino_descr(sc, "slow directory entries");
error = xfarray_create(descr, 0, sizeof(struct xchk_dirent),
&sd->dir_entries);
kfree(descr);
if (error)
goto out_sd;
descr = xchk_xfile_ino_descr(sc, "slow directory entry names");
error = xfblob_create(descr, &sd->dir_names);
kfree(descr);
if (error)
goto out_entries;
}
/* Look up every name in this directory by hash. */
error = xchk_dir_walk(sc, sc->ip, xchk_dir_actor, sd);
if (error == -ECANCELED)
error = 0;
if (error)
goto out_names;
if (xfs_has_parent(sc->mp)) {
error = xchk_dir_finish_slow_dirents(sd);
if (error == -ETIMEDOUT) {
/* Couldn't grab a lock, scrub was marked incomplete */
error = 0;
goto out_names;
}
if (error)
goto out_names;
}
out_names:
if (sd->dir_names)
xfblob_destroy(sd->dir_names);
out_entries:
if (sd->dir_entries)
xfarray_destroy(sd->dir_entries);
out_sd:
kvfree(sd);
if (error)
return error;
/* If the dir is clean, it is clearly not zapped. */
xchk_mark_healthy_if_clean(sc, XFS_SICK_INO_DIR_ZAPPED);
return 0;
}
/*
* Decide if this directory has been zapped to satisfy the inode and ifork
* verifiers. Checking and repairing should be postponed until the directory
* is fixed.
*/
bool
xchk_dir_looks_zapped(
struct xfs_inode *dp)
{
/* Repair zapped this dir's data fork a short time ago */
if (xfs_ifork_zapped(dp, XFS_DATA_FORK))
return true;
/*
* If the dinode repair found a bad data fork, it will reset the fork
* to extents format with zero records and wait for the bmapbtd
* scrubber to reconstruct the block mappings. Directories always
* contain some content, so this is a clear sign of a zapped directory.
* The state checked by xfs_ifork_zapped is not persisted, so this is
* the secondary strategy if repairs are interrupted by a crash or an
* unmount.
*/
return dp->i_df.if_format == XFS_DINODE_FMT_EXTENTS &&
dp->i_df.if_nextents == 0;
}