1 // SPDX-License-Identifier: GPL-2.0-only
2 /* -*- mode: c; c-basic-offset: 8; -*-
3 * vim: noexpandtab sw=8 ts=8 sts=0:
4 *
5 * blockcheck.c
6 *
7 * Checksum and ECC codes for the OCFS2 userspace library.
8 *
9 * Copyright (C) 2006, 2008 Oracle. All rights reserved.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/types.h>
14 #include <linux/crc32.h>
15 #include <linux/buffer_head.h>
16 #include <linux/bitops.h>
17 #include <linux/debugfs.h>
18 #include <linux/module.h>
19 #include <linux/fs.h>
20 #include <asm/byteorder.h>
21
22 #include <cluster/masklog.h>
23
24 #include "ocfs2.h"
25
26 #include "blockcheck.h"
27
28
29 /*
30 * We use the following conventions:
31 *
32 * d = # data bits
33 * p = # parity bits
34 * c = # total code bits (d + p)
35 */
36
37
38 /*
39 * Calculate the bit offset in the hamming code buffer based on the bit's
40 * offset in the data buffer. Since the hamming code reserves all
41 * power-of-two bits for parity, the data bit number and the code bit
42 * number are offset by all the parity bits beforehand.
43 *
44 * Recall that bit numbers in hamming code are 1-based. This function
45 * takes the 0-based data bit from the caller.
46 *
47 * An example. Take bit 1 of the data buffer. 1 is a power of two (2^0),
48 * so it's a parity bit. 2 is a power of two (2^1), so it's a parity bit.
49 * 3 is not a power of two. So bit 1 of the data buffer ends up as bit 3
50 * in the code buffer.
51 *
52 * The caller can pass in *p if it wants to keep track of the most recent
53 * number of parity bits added. This allows the function to start the
54 * calculation at the last place.
55 */
calc_code_bit(unsigned int i,unsigned int * p_cache)56 static unsigned int calc_code_bit(unsigned int i, unsigned int *p_cache)
57 {
58 unsigned int b, p = 0;
59
60 /*
61 * Data bits are 0-based, but we're talking code bits, which
62 * are 1-based.
63 */
64 b = i + 1;
65
66 /* Use the cache if it is there */
67 if (p_cache)
68 p = *p_cache;
69 b += p;
70
71 /*
72 * For every power of two below our bit number, bump our bit.
73 *
74 * We compare with (b + 1) because we have to compare with what b
75 * would be _if_ it were bumped up by the parity bit. Capice?
76 *
77 * p is set above.
78 */
79 for (; (1 << p) < (b + 1); p++)
80 b++;
81
82 if (p_cache)
83 *p_cache = p;
84
85 return b;
86 }
87
88 /*
89 * This is the low level encoder function. It can be called across
90 * multiple hunks just like the crc32 code. 'd' is the number of bits
91 * _in_this_hunk_. nr is the bit offset of this hunk. So, if you had
92 * two 512B buffers, you would do it like so:
93 *
94 * parity = ocfs2_hamming_encode(0, buf1, 512 * 8, 0);
95 * parity = ocfs2_hamming_encode(parity, buf2, 512 * 8, 512 * 8);
96 *
97 * If you just have one buffer, use ocfs2_hamming_encode_block().
98 */
ocfs2_hamming_encode(u32 parity,void * data,unsigned int d,unsigned int nr)99 u32 ocfs2_hamming_encode(u32 parity, void *data, unsigned int d, unsigned int nr)
100 {
101 unsigned int i, b, p = 0;
102
103 BUG_ON(!d);
104
105 /*
106 * b is the hamming code bit number. Hamming code specifies a
107 * 1-based array, but C uses 0-based. So 'i' is for C, and 'b' is
108 * for the algorithm.
109 *
110 * The i++ in the for loop is so that the start offset passed
111 * to ocfs2_find_next_bit_set() is one greater than the previously
112 * found bit.
113 */
114 for (i = 0; (i = ocfs2_find_next_bit(data, d, i)) < d; i++)
115 {
116 /*
117 * i is the offset in this hunk, nr + i is the total bit
118 * offset.
119 */
120 b = calc_code_bit(nr + i, &p);
121
122 /*
123 * Data bits in the resultant code are checked by
124 * parity bits that are part of the bit number
125 * representation. Huh?
126 *
127 * <wikipedia href="https://en.wikipedia.org/wiki/Hamming_code">
128 * In other words, the parity bit at position 2^k
129 * checks bits in positions having bit k set in
130 * their binary representation. Conversely, for
131 * instance, bit 13, i.e. 1101(2), is checked by
132 * bits 1000(2) = 8, 0100(2)=4 and 0001(2) = 1.
133 * </wikipedia>
134 *
135 * Note that 'k' is the _code_ bit number. 'b' in
136 * our loop.
137 */
138 parity ^= b;
139 }
140
141 /* While the data buffer was treated as little endian, the
142 * return value is in host endian. */
143 return parity;
144 }
145
ocfs2_hamming_encode_block(void * data,unsigned int blocksize)146 u32 ocfs2_hamming_encode_block(void *data, unsigned int blocksize)
147 {
148 return ocfs2_hamming_encode(0, data, blocksize * 8, 0);
149 }
150
151 /*
152 * Like ocfs2_hamming_encode(), this can handle hunks. nr is the bit
153 * offset of the current hunk. If bit to be fixed is not part of the
154 * current hunk, this does nothing.
155 *
156 * If you only have one hunk, use ocfs2_hamming_fix_block().
157 */
ocfs2_hamming_fix(void * data,unsigned int d,unsigned int nr,unsigned int fix)158 void ocfs2_hamming_fix(void *data, unsigned int d, unsigned int nr,
159 unsigned int fix)
160 {
161 unsigned int i, b;
162
163 BUG_ON(!d);
164
165 /*
166 * If the bit to fix has an hweight of 1, it's a parity bit. One
167 * busted parity bit is its own error. Nothing to do here.
168 */
169 if (hweight32(fix) == 1)
170 return;
171
172 /*
173 * nr + d is the bit right past the data hunk we're looking at.
174 * If fix after that, nothing to do
175 */
176 if (fix >= calc_code_bit(nr + d, NULL))
177 return;
178
179 /*
180 * nr is the offset in the data hunk we're starting at. Let's
181 * start b at the offset in the code buffer. See hamming_encode()
182 * for a more detailed description of 'b'.
183 */
184 b = calc_code_bit(nr, NULL);
185 /* If the fix is before this hunk, nothing to do */
186 if (fix < b)
187 return;
188
189 for (i = 0; i < d; i++, b++)
190 {
191 /* Skip past parity bits */
192 while (hweight32(b) == 1)
193 b++;
194
195 /*
196 * i is the offset in this data hunk.
197 * nr + i is the offset in the total data buffer.
198 * b is the offset in the total code buffer.
199 *
200 * Thus, when b == fix, bit i in the current hunk needs
201 * fixing.
202 */
203 if (b == fix)
204 {
205 if (ocfs2_test_bit(i, data))
206 ocfs2_clear_bit(i, data);
207 else
208 ocfs2_set_bit(i, data);
209 break;
210 }
211 }
212 }
213
ocfs2_hamming_fix_block(void * data,unsigned int blocksize,unsigned int fix)214 void ocfs2_hamming_fix_block(void *data, unsigned int blocksize,
215 unsigned int fix)
216 {
217 ocfs2_hamming_fix(data, blocksize * 8, 0, fix);
218 }
219
220
221 /*
222 * Debugfs handling.
223 */
224
225 #ifdef CONFIG_DEBUG_FS
226
blockcheck_u64_get(void * data,u64 * val)227 static int blockcheck_u64_get(void *data, u64 *val)
228 {
229 *val = *(u64 *)data;
230 return 0;
231 }
232 DEFINE_SIMPLE_ATTRIBUTE(blockcheck_fops, blockcheck_u64_get, NULL, "%llu\n");
233
ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats * stats)234 static void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats)
235 {
236 if (stats) {
237 debugfs_remove_recursive(stats->b_debug_dir);
238 stats->b_debug_dir = NULL;
239 }
240 }
241
ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats * stats,struct dentry * parent)242 static void ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats,
243 struct dentry *parent)
244 {
245 struct dentry *dir;
246
247 dir = debugfs_create_dir("blockcheck", parent);
248 stats->b_debug_dir = dir;
249
250 debugfs_create_file("blocks_checked", S_IFREG | S_IRUSR, dir,
251 &stats->b_check_count, &blockcheck_fops);
252
253 debugfs_create_file("checksums_failed", S_IFREG | S_IRUSR, dir,
254 &stats->b_failure_count, &blockcheck_fops);
255
256 debugfs_create_file("ecc_recoveries", S_IFREG | S_IRUSR, dir,
257 &stats->b_recover_count, &blockcheck_fops);
258
259 }
260 #else
ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats * stats,struct dentry * parent)261 static inline void ocfs2_blockcheck_debug_install(struct ocfs2_blockcheck_stats *stats,
262 struct dentry *parent)
263 {
264 }
265
ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats * stats)266 static inline void ocfs2_blockcheck_debug_remove(struct ocfs2_blockcheck_stats *stats)
267 {
268 }
269 #endif /* CONFIG_DEBUG_FS */
270
271 /* Always-called wrappers for starting and stopping the debugfs files */
ocfs2_blockcheck_stats_debugfs_install(struct ocfs2_blockcheck_stats * stats,struct dentry * parent)272 void ocfs2_blockcheck_stats_debugfs_install(struct ocfs2_blockcheck_stats *stats,
273 struct dentry *parent)
274 {
275 ocfs2_blockcheck_debug_install(stats, parent);
276 }
277
ocfs2_blockcheck_stats_debugfs_remove(struct ocfs2_blockcheck_stats * stats)278 void ocfs2_blockcheck_stats_debugfs_remove(struct ocfs2_blockcheck_stats *stats)
279 {
280 ocfs2_blockcheck_debug_remove(stats);
281 }
282
ocfs2_blockcheck_inc_check(struct ocfs2_blockcheck_stats * stats)283 static void ocfs2_blockcheck_inc_check(struct ocfs2_blockcheck_stats *stats)
284 {
285 u64 new_count;
286
287 if (!stats)
288 return;
289
290 spin_lock(&stats->b_lock);
291 stats->b_check_count++;
292 new_count = stats->b_check_count;
293 spin_unlock(&stats->b_lock);
294
295 if (!new_count)
296 mlog(ML_NOTICE, "Block check count has wrapped\n");
297 }
298
ocfs2_blockcheck_inc_failure(struct ocfs2_blockcheck_stats * stats)299 static void ocfs2_blockcheck_inc_failure(struct ocfs2_blockcheck_stats *stats)
300 {
301 u64 new_count;
302
303 if (!stats)
304 return;
305
306 spin_lock(&stats->b_lock);
307 stats->b_failure_count++;
308 new_count = stats->b_failure_count;
309 spin_unlock(&stats->b_lock);
310
311 if (!new_count)
312 mlog(ML_NOTICE, "Checksum failure count has wrapped\n");
313 }
314
ocfs2_blockcheck_inc_recover(struct ocfs2_blockcheck_stats * stats)315 static void ocfs2_blockcheck_inc_recover(struct ocfs2_blockcheck_stats *stats)
316 {
317 u64 new_count;
318
319 if (!stats)
320 return;
321
322 spin_lock(&stats->b_lock);
323 stats->b_recover_count++;
324 new_count = stats->b_recover_count;
325 spin_unlock(&stats->b_lock);
326
327 if (!new_count)
328 mlog(ML_NOTICE, "ECC recovery count has wrapped\n");
329 }
330
331
332
333 /*
334 * These are the low-level APIs for using the ocfs2_block_check structure.
335 */
336
337 /*
338 * This function generates check information for a block.
339 * data is the block to be checked. bc is a pointer to the
340 * ocfs2_block_check structure describing the crc32 and the ecc.
341 *
342 * bc should be a pointer inside data, as the function will
343 * take care of zeroing it before calculating the check information. If
344 * bc does not point inside data, the caller must make sure any inline
345 * ocfs2_block_check structures are zeroed.
346 *
347 * The data buffer must be in on-disk endian (little endian for ocfs2).
348 * bc will be filled with little-endian values and will be ready to go to
349 * disk.
350 */
ocfs2_block_check_compute(void * data,size_t blocksize,struct ocfs2_block_check * bc)351 void ocfs2_block_check_compute(void *data, size_t blocksize,
352 struct ocfs2_block_check *bc)
353 {
354 u32 crc;
355 u32 ecc;
356
357 memset(bc, 0, sizeof(struct ocfs2_block_check));
358
359 crc = crc32_le(~0, data, blocksize);
360 ecc = ocfs2_hamming_encode_block(data, blocksize);
361
362 /*
363 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no
364 * larger than 16 bits.
365 */
366 BUG_ON(ecc > USHRT_MAX);
367
368 bc->bc_crc32e = cpu_to_le32(crc);
369 bc->bc_ecc = cpu_to_le16((u16)ecc);
370 }
371
372 /*
373 * This function validates existing check information. Like _compute,
374 * the function will take care of zeroing bc before calculating check codes.
375 * If bc is not a pointer inside data, the caller must have zeroed any
376 * inline ocfs2_block_check structures.
377 *
378 * Again, the data passed in should be the on-disk endian.
379 */
ocfs2_block_check_validate(void * data,size_t blocksize,struct ocfs2_block_check * bc,struct ocfs2_blockcheck_stats * stats)380 int ocfs2_block_check_validate(void *data, size_t blocksize,
381 struct ocfs2_block_check *bc,
382 struct ocfs2_blockcheck_stats *stats)
383 {
384 int rc = 0;
385 u32 bc_crc32e;
386 u16 bc_ecc;
387 u32 crc, ecc;
388
389 ocfs2_blockcheck_inc_check(stats);
390
391 bc_crc32e = le32_to_cpu(bc->bc_crc32e);
392 bc_ecc = le16_to_cpu(bc->bc_ecc);
393
394 memset(bc, 0, sizeof(struct ocfs2_block_check));
395
396 /* Fast path - if the crc32 validates, we're good to go */
397 crc = crc32_le(~0, data, blocksize);
398 if (crc == bc_crc32e)
399 goto out;
400
401 ocfs2_blockcheck_inc_failure(stats);
402 mlog(ML_ERROR,
403 "CRC32 failed: stored: 0x%x, computed 0x%x. Applying ECC.\n",
404 (unsigned int)bc_crc32e, (unsigned int)crc);
405
406 /* Ok, try ECC fixups */
407 ecc = ocfs2_hamming_encode_block(data, blocksize);
408 ocfs2_hamming_fix_block(data, blocksize, ecc ^ bc_ecc);
409
410 /* And check the crc32 again */
411 crc = crc32_le(~0, data, blocksize);
412 if (crc == bc_crc32e) {
413 ocfs2_blockcheck_inc_recover(stats);
414 goto out;
415 }
416
417 mlog(ML_ERROR, "Fixed CRC32 failed: stored: 0x%x, computed 0x%x\n",
418 (unsigned int)bc_crc32e, (unsigned int)crc);
419
420 rc = -EIO;
421
422 out:
423 bc->bc_crc32e = cpu_to_le32(bc_crc32e);
424 bc->bc_ecc = cpu_to_le16(bc_ecc);
425
426 return rc;
427 }
428
429 /*
430 * This function generates check information for a list of buffer_heads.
431 * bhs is the blocks to be checked. bc is a pointer to the
432 * ocfs2_block_check structure describing the crc32 and the ecc.
433 *
434 * bc should be a pointer inside data, as the function will
435 * take care of zeroing it before calculating the check information. If
436 * bc does not point inside data, the caller must make sure any inline
437 * ocfs2_block_check structures are zeroed.
438 *
439 * The data buffer must be in on-disk endian (little endian for ocfs2).
440 * bc will be filled with little-endian values and will be ready to go to
441 * disk.
442 */
ocfs2_block_check_compute_bhs(struct buffer_head ** bhs,int nr,struct ocfs2_block_check * bc)443 void ocfs2_block_check_compute_bhs(struct buffer_head **bhs, int nr,
444 struct ocfs2_block_check *bc)
445 {
446 int i;
447 u32 crc, ecc;
448
449 BUG_ON(nr < 0);
450
451 if (!nr)
452 return;
453
454 memset(bc, 0, sizeof(struct ocfs2_block_check));
455
456 for (i = 0, crc = ~0, ecc = 0; i < nr; i++) {
457 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
458 /*
459 * The number of bits in a buffer is obviously b_size*8.
460 * The offset of this buffer is b_size*i, so the bit offset
461 * of this buffer is b_size*8*i.
462 */
463 ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data,
464 bhs[i]->b_size * 8,
465 bhs[i]->b_size * 8 * i);
466 }
467
468 /*
469 * No ecc'd ocfs2 structure is larger than 4K, so ecc will be no
470 * larger than 16 bits.
471 */
472 BUG_ON(ecc > USHRT_MAX);
473
474 bc->bc_crc32e = cpu_to_le32(crc);
475 bc->bc_ecc = cpu_to_le16((u16)ecc);
476 }
477
478 /*
479 * This function validates existing check information on a list of
480 * buffer_heads. Like _compute_bhs, the function will take care of
481 * zeroing bc before calculating check codes. If bc is not a pointer
482 * inside data, the caller must have zeroed any inline
483 * ocfs2_block_check structures.
484 *
485 * Again, the data passed in should be the on-disk endian.
486 */
ocfs2_block_check_validate_bhs(struct buffer_head ** bhs,int nr,struct ocfs2_block_check * bc,struct ocfs2_blockcheck_stats * stats)487 int ocfs2_block_check_validate_bhs(struct buffer_head **bhs, int nr,
488 struct ocfs2_block_check *bc,
489 struct ocfs2_blockcheck_stats *stats)
490 {
491 int i, rc = 0;
492 u32 bc_crc32e;
493 u16 bc_ecc;
494 u32 crc, ecc, fix;
495
496 BUG_ON(nr < 0);
497
498 if (!nr)
499 return 0;
500
501 ocfs2_blockcheck_inc_check(stats);
502
503 bc_crc32e = le32_to_cpu(bc->bc_crc32e);
504 bc_ecc = le16_to_cpu(bc->bc_ecc);
505
506 memset(bc, 0, sizeof(struct ocfs2_block_check));
507
508 /* Fast path - if the crc32 validates, we're good to go */
509 for (i = 0, crc = ~0; i < nr; i++)
510 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
511 if (crc == bc_crc32e)
512 goto out;
513
514 ocfs2_blockcheck_inc_failure(stats);
515 mlog(ML_ERROR,
516 "CRC32 failed: stored: %u, computed %u. Applying ECC.\n",
517 (unsigned int)bc_crc32e, (unsigned int)crc);
518
519 /* Ok, try ECC fixups */
520 for (i = 0, ecc = 0; i < nr; i++) {
521 /*
522 * The number of bits in a buffer is obviously b_size*8.
523 * The offset of this buffer is b_size*i, so the bit offset
524 * of this buffer is b_size*8*i.
525 */
526 ecc = (u16)ocfs2_hamming_encode(ecc, bhs[i]->b_data,
527 bhs[i]->b_size * 8,
528 bhs[i]->b_size * 8 * i);
529 }
530 fix = ecc ^ bc_ecc;
531 for (i = 0; i < nr; i++) {
532 /*
533 * Try the fix against each buffer. It will only affect
534 * one of them.
535 */
536 ocfs2_hamming_fix(bhs[i]->b_data, bhs[i]->b_size * 8,
537 bhs[i]->b_size * 8 * i, fix);
538 }
539
540 /* And check the crc32 again */
541 for (i = 0, crc = ~0; i < nr; i++)
542 crc = crc32_le(crc, bhs[i]->b_data, bhs[i]->b_size);
543 if (crc == bc_crc32e) {
544 ocfs2_blockcheck_inc_recover(stats);
545 goto out;
546 }
547
548 mlog(ML_ERROR, "Fixed CRC32 failed: stored: %u, computed %u\n",
549 (unsigned int)bc_crc32e, (unsigned int)crc);
550
551 rc = -EIO;
552
553 out:
554 bc->bc_crc32e = cpu_to_le32(bc_crc32e);
555 bc->bc_ecc = cpu_to_le16(bc_ecc);
556
557 return rc;
558 }
559
560 /*
561 * These are the main API. They check the superblock flag before
562 * calling the underlying operations.
563 *
564 * They expect the buffer(s) to be in disk format.
565 */
ocfs2_compute_meta_ecc(struct super_block * sb,void * data,struct ocfs2_block_check * bc)566 void ocfs2_compute_meta_ecc(struct super_block *sb, void *data,
567 struct ocfs2_block_check *bc)
568 {
569 if (ocfs2_meta_ecc(OCFS2_SB(sb)))
570 ocfs2_block_check_compute(data, sb->s_blocksize, bc);
571 }
572
ocfs2_validate_meta_ecc(struct super_block * sb,void * data,struct ocfs2_block_check * bc)573 int ocfs2_validate_meta_ecc(struct super_block *sb, void *data,
574 struct ocfs2_block_check *bc)
575 {
576 int rc = 0;
577 struct ocfs2_super *osb = OCFS2_SB(sb);
578
579 if (ocfs2_meta_ecc(osb))
580 rc = ocfs2_block_check_validate(data, sb->s_blocksize, bc,
581 &osb->osb_ecc_stats);
582
583 return rc;
584 }
585
ocfs2_compute_meta_ecc_bhs(struct super_block * sb,struct buffer_head ** bhs,int nr,struct ocfs2_block_check * bc)586 void ocfs2_compute_meta_ecc_bhs(struct super_block *sb,
587 struct buffer_head **bhs, int nr,
588 struct ocfs2_block_check *bc)
589 {
590 if (ocfs2_meta_ecc(OCFS2_SB(sb)))
591 ocfs2_block_check_compute_bhs(bhs, nr, bc);
592 }
593
ocfs2_validate_meta_ecc_bhs(struct super_block * sb,struct buffer_head ** bhs,int nr,struct ocfs2_block_check * bc)594 int ocfs2_validate_meta_ecc_bhs(struct super_block *sb,
595 struct buffer_head **bhs, int nr,
596 struct ocfs2_block_check *bc)
597 {
598 int rc = 0;
599 struct ocfs2_super *osb = OCFS2_SB(sb);
600
601 if (ocfs2_meta_ecc(osb))
602 rc = ocfs2_block_check_validate_bhs(bhs, nr, bc,
603 &osb->osb_ecc_stats);
604
605 return rc;
606 }
607
608