1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (C) 2017 Oracle. All Rights Reserved.
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_trans_resv.h"
11 #include "xfs_mount.h"
12 #include "xfs_log_format.h"
13 #include "xfs_trans.h"
14 #include "xfs_inode.h"
15 #include "xfs_icache.h"
16 #include "xfs_dir2.h"
17 #include "xfs_dir2_priv.h"
18 #include "scrub/scrub.h"
19 #include "scrub/common.h"
20 #include "scrub/dabtree.h"
21
22 /* Set us up to scrub directories. */
23 int
xchk_setup_directory(struct xfs_scrub * sc,struct xfs_inode * ip)24 xchk_setup_directory(
25 struct xfs_scrub *sc,
26 struct xfs_inode *ip)
27 {
28 return xchk_setup_inode_contents(sc, ip, 0);
29 }
30
31 /* Directories */
32
33 /* Scrub a directory entry. */
34
35 struct xchk_dir_ctx {
36 /* VFS fill-directory iterator */
37 struct dir_context dir_iter;
38
39 struct xfs_scrub *sc;
40 };
41
42 /* Check that an inode's mode matches a given DT_ type. */
43 STATIC int
xchk_dir_check_ftype(struct xchk_dir_ctx * sdc,xfs_fileoff_t offset,xfs_ino_t inum,int dtype)44 xchk_dir_check_ftype(
45 struct xchk_dir_ctx *sdc,
46 xfs_fileoff_t offset,
47 xfs_ino_t inum,
48 int dtype)
49 {
50 struct xfs_mount *mp = sdc->sc->mp;
51 struct xfs_inode *ip;
52 int ino_dtype;
53 int error = 0;
54
55 if (!xfs_sb_version_hasftype(&mp->m_sb)) {
56 if (dtype != DT_UNKNOWN && dtype != DT_DIR)
57 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
58 offset);
59 goto out;
60 }
61
62 /*
63 * Grab the inode pointed to by the dirent. We release the
64 * inode before we cancel the scrub transaction. Since we're
65 * don't know a priori that releasing the inode won't trigger
66 * eofblocks cleanup (which allocates what would be a nested
67 * transaction), we can't use DONTCACHE here because DONTCACHE
68 * inodes can trigger immediate inactive cleanup of the inode.
69 */
70 error = xfs_iget(mp, sdc->sc->tp, inum, 0, 0, &ip);
71 if (!xchk_fblock_xref_process_error(sdc->sc, XFS_DATA_FORK, offset,
72 &error))
73 goto out;
74
75 /* Convert mode to the DT_* values that dir_emit uses. */
76 ino_dtype = xfs_dir3_get_dtype(mp,
77 xfs_mode_to_ftype(VFS_I(ip)->i_mode));
78 if (ino_dtype != dtype)
79 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
80 xfs_irele(ip);
81 out:
82 return error;
83 }
84
85 /*
86 * Scrub a single directory entry.
87 *
88 * We use the VFS directory iterator (i.e. readdir) to call this
89 * function for every directory entry in a directory. Once we're here,
90 * we check the inode number to make sure it's sane, then we check that
91 * we can look up this filename. Finally, we check the ftype.
92 */
93 STATIC int
xchk_dir_actor(struct dir_context * dir_iter,const char * name,int namelen,loff_t pos,u64 ino,unsigned type)94 xchk_dir_actor(
95 struct dir_context *dir_iter,
96 const char *name,
97 int namelen,
98 loff_t pos,
99 u64 ino,
100 unsigned type)
101 {
102 struct xfs_mount *mp;
103 struct xfs_inode *ip;
104 struct xchk_dir_ctx *sdc;
105 struct xfs_name xname;
106 xfs_ino_t lookup_ino;
107 xfs_dablk_t offset;
108 int error = 0;
109
110 sdc = container_of(dir_iter, struct xchk_dir_ctx, dir_iter);
111 ip = sdc->sc->ip;
112 mp = ip->i_mount;
113 offset = xfs_dir2_db_to_da(mp->m_dir_geo,
114 xfs_dir2_dataptr_to_db(mp->m_dir_geo, pos));
115
116 if (xchk_should_terminate(sdc->sc, &error))
117 return error;
118
119 /* Does this inode number make sense? */
120 if (!xfs_verify_dir_ino(mp, ino)) {
121 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
122 goto out;
123 }
124
125 /* Does this name make sense? */
126 if (!xfs_dir2_namecheck(name, namelen)) {
127 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
128 goto out;
129 }
130
131 if (!strncmp(".", name, namelen)) {
132 /* If this is "." then check that the inum matches the dir. */
133 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR)
134 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
135 offset);
136 if (ino != ip->i_ino)
137 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
138 offset);
139 } else if (!strncmp("..", name, namelen)) {
140 /*
141 * If this is ".." in the root inode, check that the inum
142 * matches this dir.
143 */
144 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR)
145 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
146 offset);
147 if (ip->i_ino == mp->m_sb.sb_rootino && ino != ip->i_ino)
148 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK,
149 offset);
150 }
151
152 /* Verify that we can look up this name by hash. */
153 xname.name = name;
154 xname.len = namelen;
155 xname.type = XFS_DIR3_FT_UNKNOWN;
156
157 error = xfs_dir_lookup(sdc->sc->tp, ip, &xname, &lookup_ino, NULL);
158 /* ENOENT means the hash lookup failed and the dir is corrupt */
159 if (error == -ENOENT)
160 error = -EFSCORRUPTED;
161 if (!xchk_fblock_process_error(sdc->sc, XFS_DATA_FORK, offset,
162 &error))
163 goto out;
164 if (lookup_ino != ino) {
165 xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset);
166 goto out;
167 }
168
169 /* Verify the file type. This function absorbs error codes. */
170 error = xchk_dir_check_ftype(sdc, offset, lookup_ino, type);
171 if (error)
172 goto out;
173 out:
174 /*
175 * A negative error code returned here is supposed to cause the
176 * dir_emit caller (xfs_readdir) to abort the directory iteration
177 * and return zero to xchk_directory.
178 */
179 if (error == 0 && sdc->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
180 return -EFSCORRUPTED;
181 return error;
182 }
183
184 /* Scrub a directory btree record. */
185 STATIC int
xchk_dir_rec(struct xchk_da_btree * ds,int level)186 xchk_dir_rec(
187 struct xchk_da_btree *ds,
188 int level)
189 {
190 struct xfs_da_state_blk *blk = &ds->state->path.blk[level];
191 struct xfs_mount *mp = ds->state->mp;
192 struct xfs_inode *dp = ds->dargs.dp;
193 struct xfs_da_geometry *geo = mp->m_dir_geo;
194 struct xfs_dir2_data_entry *dent;
195 struct xfs_buf *bp;
196 struct xfs_dir2_leaf_entry *ent;
197 unsigned int end;
198 unsigned int iter_off;
199 xfs_ino_t ino;
200 xfs_dablk_t rec_bno;
201 xfs_dir2_db_t db;
202 xfs_dir2_data_aoff_t off;
203 xfs_dir2_dataptr_t ptr;
204 xfs_dahash_t calc_hash;
205 xfs_dahash_t hash;
206 struct xfs_dir3_icleaf_hdr hdr;
207 unsigned int tag;
208 int error;
209
210 ASSERT(blk->magic == XFS_DIR2_LEAF1_MAGIC ||
211 blk->magic == XFS_DIR2_LEAFN_MAGIC);
212
213 xfs_dir2_leaf_hdr_from_disk(mp, &hdr, blk->bp->b_addr);
214 ent = hdr.ents + blk->index;
215
216 /* Check the hash of the entry. */
217 error = xchk_da_btree_hash(ds, level, &ent->hashval);
218 if (error)
219 goto out;
220
221 /* Valid hash pointer? */
222 ptr = be32_to_cpu(ent->address);
223 if (ptr == 0)
224 return 0;
225
226 /* Find the directory entry's location. */
227 db = xfs_dir2_dataptr_to_db(geo, ptr);
228 off = xfs_dir2_dataptr_to_off(geo, ptr);
229 rec_bno = xfs_dir2_db_to_da(geo, db);
230
231 if (rec_bno >= geo->leafblk) {
232 xchk_da_set_corrupt(ds, level);
233 goto out;
234 }
235 error = xfs_dir3_data_read(ds->dargs.trans, dp, rec_bno,
236 XFS_DABUF_MAP_HOLE_OK, &bp);
237 if (!xchk_fblock_process_error(ds->sc, XFS_DATA_FORK, rec_bno,
238 &error))
239 goto out;
240 if (!bp) {
241 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
242 goto out;
243 }
244 xchk_buffer_recheck(ds->sc, bp);
245
246 if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
247 goto out_relse;
248
249 dent = bp->b_addr + off;
250
251 /* Make sure we got a real directory entry. */
252 iter_off = geo->data_entry_offset;
253 end = xfs_dir3_data_end_offset(geo, bp->b_addr);
254 if (!end) {
255 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
256 goto out_relse;
257 }
258 for (;;) {
259 struct xfs_dir2_data_entry *dep = bp->b_addr + iter_off;
260 struct xfs_dir2_data_unused *dup = bp->b_addr + iter_off;
261
262 if (iter_off >= end) {
263 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
264 goto out_relse;
265 }
266
267 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
268 iter_off += be16_to_cpu(dup->length);
269 continue;
270 }
271 if (dep == dent)
272 break;
273 iter_off += xfs_dir2_data_entsize(mp, dep->namelen);
274 }
275
276 /* Retrieve the entry, sanity check it, and compare hashes. */
277 ino = be64_to_cpu(dent->inumber);
278 hash = be32_to_cpu(ent->hashval);
279 tag = be16_to_cpup(xfs_dir2_data_entry_tag_p(mp, dent));
280 if (!xfs_verify_dir_ino(mp, ino) || tag != off)
281 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
282 if (dent->namelen == 0) {
283 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
284 goto out_relse;
285 }
286 calc_hash = xfs_da_hashname(dent->name, dent->namelen);
287 if (calc_hash != hash)
288 xchk_fblock_set_corrupt(ds->sc, XFS_DATA_FORK, rec_bno);
289
290 out_relse:
291 xfs_trans_brelse(ds->dargs.trans, bp);
292 out:
293 return error;
294 }
295
296 /*
297 * Is this unused entry either in the bestfree or smaller than all of
298 * them? We've already checked that the bestfrees are sorted longest to
299 * shortest, and that there aren't any bogus entries.
300 */
301 STATIC void
xchk_directory_check_free_entry(struct xfs_scrub * sc,xfs_dablk_t lblk,struct xfs_dir2_data_free * bf,struct xfs_dir2_data_unused * dup)302 xchk_directory_check_free_entry(
303 struct xfs_scrub *sc,
304 xfs_dablk_t lblk,
305 struct xfs_dir2_data_free *bf,
306 struct xfs_dir2_data_unused *dup)
307 {
308 struct xfs_dir2_data_free *dfp;
309 unsigned int dup_length;
310
311 dup_length = be16_to_cpu(dup->length);
312
313 /* Unused entry is shorter than any of the bestfrees */
314 if (dup_length < be16_to_cpu(bf[XFS_DIR2_DATA_FD_COUNT - 1].length))
315 return;
316
317 for (dfp = &bf[XFS_DIR2_DATA_FD_COUNT - 1]; dfp >= bf; dfp--)
318 if (dup_length == be16_to_cpu(dfp->length))
319 return;
320
321 /* Unused entry should be in the bestfrees but wasn't found. */
322 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
323 }
324
325 /* Check free space info in a directory data block. */
326 STATIC int
xchk_directory_data_bestfree(struct xfs_scrub * sc,xfs_dablk_t lblk,bool is_block)327 xchk_directory_data_bestfree(
328 struct xfs_scrub *sc,
329 xfs_dablk_t lblk,
330 bool is_block)
331 {
332 struct xfs_dir2_data_unused *dup;
333 struct xfs_dir2_data_free *dfp;
334 struct xfs_buf *bp;
335 struct xfs_dir2_data_free *bf;
336 struct xfs_mount *mp = sc->mp;
337 u16 tag;
338 unsigned int nr_bestfrees = 0;
339 unsigned int nr_frees = 0;
340 unsigned int smallest_bestfree;
341 int newlen;
342 unsigned int offset;
343 unsigned int end;
344 int error;
345
346 if (is_block) {
347 /* dir block format */
348 if (lblk != XFS_B_TO_FSBT(mp, XFS_DIR2_DATA_OFFSET))
349 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
350 error = xfs_dir3_block_read(sc->tp, sc->ip, &bp);
351 } else {
352 /* dir data format */
353 error = xfs_dir3_data_read(sc->tp, sc->ip, lblk, 0, &bp);
354 }
355 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
356 goto out;
357 xchk_buffer_recheck(sc, bp);
358
359 /* XXX: Check xfs_dir3_data_hdr.pad is zero once we start setting it. */
360
361 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
362 goto out_buf;
363
364 /* Do the bestfrees correspond to actual free space? */
365 bf = xfs_dir2_data_bestfree_p(mp, bp->b_addr);
366 smallest_bestfree = UINT_MAX;
367 for (dfp = &bf[0]; dfp < &bf[XFS_DIR2_DATA_FD_COUNT]; dfp++) {
368 offset = be16_to_cpu(dfp->offset);
369 if (offset == 0)
370 continue;
371 if (offset >= mp->m_dir_geo->blksize) {
372 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
373 goto out_buf;
374 }
375 dup = bp->b_addr + offset;
376 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
377
378 /* bestfree doesn't match the entry it points at? */
379 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG) ||
380 be16_to_cpu(dup->length) != be16_to_cpu(dfp->length) ||
381 tag != offset) {
382 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
383 goto out_buf;
384 }
385
386 /* bestfree records should be ordered largest to smallest */
387 if (smallest_bestfree < be16_to_cpu(dfp->length)) {
388 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
389 goto out_buf;
390 }
391
392 smallest_bestfree = be16_to_cpu(dfp->length);
393 nr_bestfrees++;
394 }
395
396 /* Make sure the bestfrees are actually the best free spaces. */
397 offset = mp->m_dir_geo->data_entry_offset;
398 end = xfs_dir3_data_end_offset(mp->m_dir_geo, bp->b_addr);
399
400 /* Iterate the entries, stopping when we hit or go past the end. */
401 while (offset < end) {
402 dup = bp->b_addr + offset;
403
404 /* Skip real entries */
405 if (dup->freetag != cpu_to_be16(XFS_DIR2_DATA_FREE_TAG)) {
406 struct xfs_dir2_data_entry *dep = bp->b_addr + offset;
407
408 newlen = xfs_dir2_data_entsize(mp, dep->namelen);
409 if (newlen <= 0) {
410 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
411 lblk);
412 goto out_buf;
413 }
414 offset += newlen;
415 continue;
416 }
417
418 /* Spot check this free entry */
419 tag = be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup));
420 if (tag != offset) {
421 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
422 goto out_buf;
423 }
424
425 /*
426 * Either this entry is a bestfree or it's smaller than
427 * any of the bestfrees.
428 */
429 xchk_directory_check_free_entry(sc, lblk, bf, dup);
430 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
431 goto out_buf;
432
433 /* Move on. */
434 newlen = be16_to_cpu(dup->length);
435 if (newlen <= 0) {
436 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
437 goto out_buf;
438 }
439 offset += newlen;
440 if (offset <= end)
441 nr_frees++;
442 }
443
444 /* We're required to fill all the space. */
445 if (offset != end)
446 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
447
448 /* Did we see at least as many free slots as there are bestfrees? */
449 if (nr_frees < nr_bestfrees)
450 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
451 out_buf:
452 xfs_trans_brelse(sc->tp, bp);
453 out:
454 return error;
455 }
456
457 /*
458 * Does the free space length in the free space index block ($len) match
459 * the longest length in the directory data block's bestfree array?
460 * Assume that we've already checked that the data block's bestfree
461 * array is in order.
462 */
463 STATIC void
xchk_directory_check_freesp(struct xfs_scrub * sc,xfs_dablk_t lblk,struct xfs_buf * dbp,unsigned int len)464 xchk_directory_check_freesp(
465 struct xfs_scrub *sc,
466 xfs_dablk_t lblk,
467 struct xfs_buf *dbp,
468 unsigned int len)
469 {
470 struct xfs_dir2_data_free *dfp;
471
472 dfp = xfs_dir2_data_bestfree_p(sc->mp, dbp->b_addr);
473
474 if (len != be16_to_cpu(dfp->length))
475 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
476
477 if (len > 0 && be16_to_cpu(dfp->offset) == 0)
478 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
479 }
480
481 /* Check free space info in a directory leaf1 block. */
482 STATIC int
xchk_directory_leaf1_bestfree(struct xfs_scrub * sc,struct xfs_da_args * args,xfs_dablk_t lblk)483 xchk_directory_leaf1_bestfree(
484 struct xfs_scrub *sc,
485 struct xfs_da_args *args,
486 xfs_dablk_t lblk)
487 {
488 struct xfs_dir3_icleaf_hdr leafhdr;
489 struct xfs_dir2_leaf_tail *ltp;
490 struct xfs_dir2_leaf *leaf;
491 struct xfs_buf *dbp;
492 struct xfs_buf *bp;
493 struct xfs_da_geometry *geo = sc->mp->m_dir_geo;
494 __be16 *bestp;
495 __u16 best;
496 __u32 hash;
497 __u32 lasthash = 0;
498 __u32 bestcount;
499 unsigned int stale = 0;
500 int i;
501 int error;
502
503 /* Read the free space block. */
504 error = xfs_dir3_leaf_read(sc->tp, sc->ip, lblk, &bp);
505 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
506 return error;
507 xchk_buffer_recheck(sc, bp);
508
509 leaf = bp->b_addr;
510 xfs_dir2_leaf_hdr_from_disk(sc->ip->i_mount, &leafhdr, leaf);
511 ltp = xfs_dir2_leaf_tail_p(geo, leaf);
512 bestcount = be32_to_cpu(ltp->bestcount);
513 bestp = xfs_dir2_leaf_bests_p(ltp);
514
515 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) {
516 struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
517
518 if (hdr3->pad != cpu_to_be32(0))
519 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
520 }
521
522 /*
523 * There should be as many bestfree slots as there are dir data
524 * blocks that can fit under i_size.
525 */
526 if (bestcount != xfs_dir2_byte_to_db(geo, sc->ip->i_d.di_size)) {
527 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
528 goto out;
529 }
530
531 /* Is the leaf count even remotely sane? */
532 if (leafhdr.count > geo->leaf_max_ents) {
533 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
534 goto out;
535 }
536
537 /* Leaves and bests don't overlap in leaf format. */
538 if ((char *)&leafhdr.ents[leafhdr.count] > (char *)bestp) {
539 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
540 goto out;
541 }
542
543 /* Check hash value order, count stale entries. */
544 for (i = 0; i < leafhdr.count; i++) {
545 hash = be32_to_cpu(leafhdr.ents[i].hashval);
546 if (i > 0 && lasthash > hash)
547 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
548 lasthash = hash;
549 if (leafhdr.ents[i].address ==
550 cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
551 stale++;
552 }
553 if (leafhdr.stale != stale)
554 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
555 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
556 goto out;
557
558 /* Check all the bestfree entries. */
559 for (i = 0; i < bestcount; i++, bestp++) {
560 best = be16_to_cpu(*bestp);
561 error = xfs_dir3_data_read(sc->tp, sc->ip,
562 xfs_dir2_db_to_da(args->geo, i),
563 XFS_DABUF_MAP_HOLE_OK,
564 &dbp);
565 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
566 &error))
567 break;
568
569 if (!dbp) {
570 if (best != NULLDATAOFF) {
571 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
572 lblk);
573 break;
574 }
575 continue;
576 }
577
578 if (best == NULLDATAOFF)
579 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
580 else
581 xchk_directory_check_freesp(sc, lblk, dbp, best);
582 xfs_trans_brelse(sc->tp, dbp);
583 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
584 break;
585 }
586 out:
587 xfs_trans_brelse(sc->tp, bp);
588 return error;
589 }
590
591 /* Check free space info in a directory freespace block. */
592 STATIC int
xchk_directory_free_bestfree(struct xfs_scrub * sc,struct xfs_da_args * args,xfs_dablk_t lblk)593 xchk_directory_free_bestfree(
594 struct xfs_scrub *sc,
595 struct xfs_da_args *args,
596 xfs_dablk_t lblk)
597 {
598 struct xfs_dir3_icfree_hdr freehdr;
599 struct xfs_buf *dbp;
600 struct xfs_buf *bp;
601 __u16 best;
602 unsigned int stale = 0;
603 int i;
604 int error;
605
606 /* Read the free space block */
607 error = xfs_dir2_free_read(sc->tp, sc->ip, lblk, &bp);
608 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
609 return error;
610 xchk_buffer_recheck(sc, bp);
611
612 if (xfs_sb_version_hascrc(&sc->mp->m_sb)) {
613 struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
614
615 if (hdr3->pad != cpu_to_be32(0))
616 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
617 }
618
619 /* Check all the entries. */
620 xfs_dir2_free_hdr_from_disk(sc->ip->i_mount, &freehdr, bp->b_addr);
621 for (i = 0; i < freehdr.nvalid; i++) {
622 best = be16_to_cpu(freehdr.bests[i]);
623 if (best == NULLDATAOFF) {
624 stale++;
625 continue;
626 }
627 error = xfs_dir3_data_read(sc->tp, sc->ip,
628 (freehdr.firstdb + i) * args->geo->fsbcount,
629 0, &dbp);
630 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk,
631 &error))
632 goto out;
633 xchk_directory_check_freesp(sc, lblk, dbp, best);
634 xfs_trans_brelse(sc->tp, dbp);
635 }
636
637 if (freehdr.nused + stale != freehdr.nvalid)
638 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
639 out:
640 xfs_trans_brelse(sc->tp, bp);
641 return error;
642 }
643
644 /* Check free space information in directories. */
645 STATIC int
xchk_directory_blocks(struct xfs_scrub * sc)646 xchk_directory_blocks(
647 struct xfs_scrub *sc)
648 {
649 struct xfs_bmbt_irec got;
650 struct xfs_da_args args;
651 struct xfs_ifork *ifp = XFS_IFORK_PTR(sc->ip, XFS_DATA_FORK);
652 struct xfs_mount *mp = sc->mp;
653 xfs_fileoff_t leaf_lblk;
654 xfs_fileoff_t free_lblk;
655 xfs_fileoff_t lblk;
656 struct xfs_iext_cursor icur;
657 xfs_dablk_t dabno;
658 bool found;
659 int is_block = 0;
660 int error;
661
662 /* Ignore local format directories. */
663 if (ifp->if_format != XFS_DINODE_FMT_EXTENTS &&
664 ifp->if_format != XFS_DINODE_FMT_BTREE)
665 return 0;
666
667 lblk = XFS_B_TO_FSB(mp, XFS_DIR2_DATA_OFFSET);
668 leaf_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_LEAF_OFFSET);
669 free_lblk = XFS_B_TO_FSB(mp, XFS_DIR2_FREE_OFFSET);
670
671 /* Is this a block dir? */
672 args.dp = sc->ip;
673 args.geo = mp->m_dir_geo;
674 args.trans = sc->tp;
675 error = xfs_dir2_isblock(&args, &is_block);
676 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, lblk, &error))
677 goto out;
678
679 /* Iterate all the data extents in the directory... */
680 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
681 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
682 /* Block directories only have a single block at offset 0. */
683 if (is_block &&
684 (got.br_startoff > 0 ||
685 got.br_blockcount != args.geo->fsbcount)) {
686 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK,
687 got.br_startoff);
688 break;
689 }
690
691 /* No more data blocks... */
692 if (got.br_startoff >= leaf_lblk)
693 break;
694
695 /*
696 * Check each data block's bestfree data.
697 *
698 * Iterate all the fsbcount-aligned block offsets in
699 * this directory. The directory block reading code is
700 * smart enough to do its own bmap lookups to handle
701 * discontiguous directory blocks. When we're done
702 * with the extent record, re-query the bmap at the
703 * next fsbcount-aligned offset to avoid redundant
704 * block checks.
705 */
706 for (lblk = roundup((xfs_dablk_t)got.br_startoff,
707 args.geo->fsbcount);
708 lblk < got.br_startoff + got.br_blockcount;
709 lblk += args.geo->fsbcount) {
710 error = xchk_directory_data_bestfree(sc, lblk,
711 is_block);
712 if (error)
713 goto out;
714 }
715 dabno = got.br_startoff + got.br_blockcount;
716 lblk = roundup(dabno, args.geo->fsbcount);
717 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
718 }
719
720 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
721 goto out;
722
723 /* Look for a leaf1 block, which has free info. */
724 if (xfs_iext_lookup_extent(sc->ip, ifp, leaf_lblk, &icur, &got) &&
725 got.br_startoff == leaf_lblk &&
726 got.br_blockcount == args.geo->fsbcount &&
727 !xfs_iext_next_extent(ifp, &icur, &got)) {
728 if (is_block) {
729 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
730 goto out;
731 }
732 error = xchk_directory_leaf1_bestfree(sc, &args,
733 leaf_lblk);
734 if (error)
735 goto out;
736 }
737
738 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
739 goto out;
740
741 /* Scan for free blocks */
742 lblk = free_lblk;
743 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
744 while (found && !(sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)) {
745 /*
746 * Dirs can't have blocks mapped above 2^32.
747 * Single-block dirs shouldn't even be here.
748 */
749 lblk = got.br_startoff;
750 if (lblk & ~0xFFFFFFFFULL) {
751 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
752 goto out;
753 }
754 if (is_block) {
755 xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, lblk);
756 goto out;
757 }
758
759 /*
760 * Check each dir free block's bestfree data.
761 *
762 * Iterate all the fsbcount-aligned block offsets in
763 * this directory. The directory block reading code is
764 * smart enough to do its own bmap lookups to handle
765 * discontiguous directory blocks. When we're done
766 * with the extent record, re-query the bmap at the
767 * next fsbcount-aligned offset to avoid redundant
768 * block checks.
769 */
770 for (lblk = roundup((xfs_dablk_t)got.br_startoff,
771 args.geo->fsbcount);
772 lblk < got.br_startoff + got.br_blockcount;
773 lblk += args.geo->fsbcount) {
774 error = xchk_directory_free_bestfree(sc, &args,
775 lblk);
776 if (error)
777 goto out;
778 }
779 dabno = got.br_startoff + got.br_blockcount;
780 lblk = roundup(dabno, args.geo->fsbcount);
781 found = xfs_iext_lookup_extent(sc->ip, ifp, lblk, &icur, &got);
782 }
783 out:
784 return error;
785 }
786
787 /* Scrub a whole directory. */
788 int
xchk_directory(struct xfs_scrub * sc)789 xchk_directory(
790 struct xfs_scrub *sc)
791 {
792 struct xchk_dir_ctx sdc = {
793 .dir_iter.actor = xchk_dir_actor,
794 .dir_iter.pos = 0,
795 .sc = sc,
796 };
797 size_t bufsize;
798 loff_t oldpos;
799 int error = 0;
800
801 if (!S_ISDIR(VFS_I(sc->ip)->i_mode))
802 return -ENOENT;
803
804 /* Plausible size? */
805 if (sc->ip->i_d.di_size < xfs_dir2_sf_hdr_size(0)) {
806 xchk_ino_set_corrupt(sc, sc->ip->i_ino);
807 goto out;
808 }
809
810 /* Check directory tree structure */
811 error = xchk_da_btree(sc, XFS_DATA_FORK, xchk_dir_rec, NULL);
812 if (error)
813 return error;
814
815 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
816 return error;
817
818 /* Check the freespace. */
819 error = xchk_directory_blocks(sc);
820 if (error)
821 return error;
822
823 if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
824 return error;
825
826 /*
827 * Check that every dirent we see can also be looked up by hash.
828 * Userspace usually asks for a 32k buffer, so we will too.
829 */
830 bufsize = (size_t)min_t(loff_t, XFS_READDIR_BUFSIZE,
831 sc->ip->i_d.di_size);
832
833 /*
834 * Look up every name in this directory by hash.
835 *
836 * Use the xfs_readdir function to call xchk_dir_actor on
837 * every directory entry in this directory. In _actor, we check
838 * the name, inode number, and ftype (if applicable) of the
839 * entry. xfs_readdir uses the VFS filldir functions to provide
840 * iteration context.
841 *
842 * The VFS grabs a read or write lock via i_rwsem before it reads
843 * or writes to a directory. If we've gotten this far we've
844 * already obtained IOLOCK_EXCL, which (since 4.10) is the same as
845 * getting a write lock on i_rwsem. Therefore, it is safe for us
846 * to drop the ILOCK here in order to reuse the _readdir and
847 * _dir_lookup routines, which do their own ILOCK locking.
848 */
849 oldpos = 0;
850 sc->ilock_flags &= ~XFS_ILOCK_EXCL;
851 xfs_iunlock(sc->ip, XFS_ILOCK_EXCL);
852 while (true) {
853 error = xfs_readdir(sc->tp, sc->ip, &sdc.dir_iter, bufsize);
854 if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, 0,
855 &error))
856 goto out;
857 if (oldpos == sdc.dir_iter.pos)
858 break;
859 oldpos = sdc.dir_iter.pos;
860 }
861
862 out:
863 return error;
864 }
865