1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_ialloc.h"
16 #include "xfs_alloc.h"
17 #include "xfs_error.h"
18 #include "xfs_trans.h"
19 #include "xfs_buf_item.h"
20 #include "xfs_bmap_btree.h"
21 #include "xfs_alloc_btree.h"
22 #include "xfs_log.h"
23 #include "xfs_rmap_btree.h"
24 #include "xfs_refcount_btree.h"
25 #include "xfs_da_format.h"
26 #include "xfs_health.h"
27 #include "xfs_ag.h"
28 #include "xfs_rtbitmap.h"
29 #include "xfs_exchrange.h"
30
31 /*
32 * Physical superblock buffer manipulations. Shared with libxfs in userspace.
33 */
34
35 /*
36 * Check that all the V4 feature bits that the V5 filesystem format requires are
37 * correctly set.
38 */
39 static bool
xfs_sb_validate_v5_features(struct xfs_sb * sbp)40 xfs_sb_validate_v5_features(
41 struct xfs_sb *sbp)
42 {
43 /* We must not have any unknown V4 feature bits set */
44 if (sbp->sb_versionnum & ~XFS_SB_VERSION_OKBITS)
45 return false;
46
47 /*
48 * The CRC bit is considered an invalid V4 flag, so we have to add it
49 * manually to the OKBITS mask.
50 */
51 if (sbp->sb_features2 & ~(XFS_SB_VERSION2_OKBITS |
52 XFS_SB_VERSION2_CRCBIT))
53 return false;
54
55 /* Now check all the required V4 feature flags are set. */
56
57 #define V5_VERS_FLAGS (XFS_SB_VERSION_NLINKBIT | \
58 XFS_SB_VERSION_ALIGNBIT | \
59 XFS_SB_VERSION_LOGV2BIT | \
60 XFS_SB_VERSION_EXTFLGBIT | \
61 XFS_SB_VERSION_DIRV2BIT | \
62 XFS_SB_VERSION_MOREBITSBIT)
63
64 #define V5_FEAT_FLAGS (XFS_SB_VERSION2_LAZYSBCOUNTBIT | \
65 XFS_SB_VERSION2_ATTR2BIT | \
66 XFS_SB_VERSION2_PROJID32BIT | \
67 XFS_SB_VERSION2_CRCBIT)
68
69 if ((sbp->sb_versionnum & V5_VERS_FLAGS) != V5_VERS_FLAGS)
70 return false;
71 if ((sbp->sb_features2 & V5_FEAT_FLAGS) != V5_FEAT_FLAGS)
72 return false;
73 return true;
74 }
75
76 /*
77 * We current support XFS v5 formats with known features and v4 superblocks with
78 * at least V2 directories.
79 */
80 bool
xfs_sb_good_version(struct xfs_sb * sbp)81 xfs_sb_good_version(
82 struct xfs_sb *sbp)
83 {
84 /*
85 * All v5 filesystems are supported, but we must check that all the
86 * required v4 feature flags are enabled correctly as the code checks
87 * those flags and not for v5 support.
88 */
89 if (xfs_sb_is_v5(sbp))
90 return xfs_sb_validate_v5_features(sbp);
91
92 /* versions prior to v4 are not supported */
93 if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_4)
94 return false;
95
96 /* We must not have any unknown v4 feature bits set */
97 if ((sbp->sb_versionnum & ~XFS_SB_VERSION_OKBITS) ||
98 ((sbp->sb_versionnum & XFS_SB_VERSION_MOREBITSBIT) &&
99 (sbp->sb_features2 & ~XFS_SB_VERSION2_OKBITS)))
100 return false;
101
102 /* V4 filesystems need v2 directories and unwritten extents */
103 if (!(sbp->sb_versionnum & XFS_SB_VERSION_DIRV2BIT))
104 return false;
105 if (!(sbp->sb_versionnum & XFS_SB_VERSION_EXTFLGBIT))
106 return false;
107
108 /* It's a supported v4 filesystem */
109 return true;
110 }
111
112 uint64_t
xfs_sb_version_to_features(struct xfs_sb * sbp)113 xfs_sb_version_to_features(
114 struct xfs_sb *sbp)
115 {
116 uint64_t features = 0;
117
118 /* optional V4 features */
119 if (sbp->sb_rblocks > 0)
120 features |= XFS_FEAT_REALTIME;
121 if (sbp->sb_versionnum & XFS_SB_VERSION_NLINKBIT)
122 features |= XFS_FEAT_NLINK;
123 if (sbp->sb_versionnum & XFS_SB_VERSION_ATTRBIT)
124 features |= XFS_FEAT_ATTR;
125 if (sbp->sb_versionnum & XFS_SB_VERSION_QUOTABIT)
126 features |= XFS_FEAT_QUOTA;
127 if (sbp->sb_versionnum & XFS_SB_VERSION_ALIGNBIT)
128 features |= XFS_FEAT_ALIGN;
129 if (sbp->sb_versionnum & XFS_SB_VERSION_LOGV2BIT)
130 features |= XFS_FEAT_LOGV2;
131 if (sbp->sb_versionnum & XFS_SB_VERSION_DALIGNBIT)
132 features |= XFS_FEAT_DALIGN;
133 if (sbp->sb_versionnum & XFS_SB_VERSION_EXTFLGBIT)
134 features |= XFS_FEAT_EXTFLG;
135 if (sbp->sb_versionnum & XFS_SB_VERSION_SECTORBIT)
136 features |= XFS_FEAT_SECTOR;
137 if (sbp->sb_versionnum & XFS_SB_VERSION_BORGBIT)
138 features |= XFS_FEAT_ASCIICI;
139 if (sbp->sb_versionnum & XFS_SB_VERSION_MOREBITSBIT) {
140 if (sbp->sb_features2 & XFS_SB_VERSION2_LAZYSBCOUNTBIT)
141 features |= XFS_FEAT_LAZYSBCOUNT;
142 if (sbp->sb_features2 & XFS_SB_VERSION2_ATTR2BIT)
143 features |= XFS_FEAT_ATTR2;
144 if (sbp->sb_features2 & XFS_SB_VERSION2_PROJID32BIT)
145 features |= XFS_FEAT_PROJID32;
146 if (sbp->sb_features2 & XFS_SB_VERSION2_FTYPE)
147 features |= XFS_FEAT_FTYPE;
148 }
149
150 if (!xfs_sb_is_v5(sbp))
151 return features;
152
153 /* Always on V5 features */
154 features |= XFS_FEAT_ALIGN | XFS_FEAT_LOGV2 | XFS_FEAT_EXTFLG |
155 XFS_FEAT_LAZYSBCOUNT | XFS_FEAT_ATTR2 | XFS_FEAT_PROJID32 |
156 XFS_FEAT_V3INODES | XFS_FEAT_CRC | XFS_FEAT_PQUOTINO;
157
158 /* Optional V5 features */
159 if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_FINOBT)
160 features |= XFS_FEAT_FINOBT;
161 if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_RMAPBT)
162 features |= XFS_FEAT_RMAPBT;
163 if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_REFLINK)
164 features |= XFS_FEAT_REFLINK;
165 if (sbp->sb_features_ro_compat & XFS_SB_FEAT_RO_COMPAT_INOBTCNT)
166 features |= XFS_FEAT_INOBTCNT;
167 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_FTYPE)
168 features |= XFS_FEAT_FTYPE;
169 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES)
170 features |= XFS_FEAT_SPINODES;
171 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID)
172 features |= XFS_FEAT_META_UUID;
173 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_BIGTIME)
174 features |= XFS_FEAT_BIGTIME;
175 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR)
176 features |= XFS_FEAT_NEEDSREPAIR;
177 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_NREXT64)
178 features |= XFS_FEAT_NREXT64;
179 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_EXCHRANGE)
180 features |= XFS_FEAT_EXCHANGE_RANGE;
181 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_PARENT)
182 features |= XFS_FEAT_PARENT;
183
184 return features;
185 }
186
187 /* Check all the superblock fields we care about when reading one in. */
188 STATIC int
xfs_validate_sb_read(struct xfs_mount * mp,struct xfs_sb * sbp)189 xfs_validate_sb_read(
190 struct xfs_mount *mp,
191 struct xfs_sb *sbp)
192 {
193 if (!xfs_sb_is_v5(sbp))
194 return 0;
195
196 /*
197 * Version 5 superblock feature mask validation. Reject combinations
198 * the kernel cannot support up front before checking anything else.
199 */
200 if (xfs_sb_has_compat_feature(sbp, XFS_SB_FEAT_COMPAT_UNKNOWN)) {
201 xfs_warn(mp,
202 "Superblock has unknown compatible features (0x%x) enabled.",
203 (sbp->sb_features_compat & XFS_SB_FEAT_COMPAT_UNKNOWN));
204 xfs_warn(mp,
205 "Using a more recent kernel is recommended.");
206 }
207
208 if (xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
209 xfs_alert(mp,
210 "Superblock has unknown read-only compatible features (0x%x) enabled.",
211 (sbp->sb_features_ro_compat &
212 XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
213 if (!xfs_is_readonly(mp)) {
214 xfs_warn(mp,
215 "Attempted to mount read-only compatible filesystem read-write.");
216 xfs_warn(mp,
217 "Filesystem can only be safely mounted read only.");
218
219 return -EINVAL;
220 }
221 }
222 if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
223 xfs_warn(mp,
224 "Superblock has unknown incompatible features (0x%x) enabled.",
225 (sbp->sb_features_incompat &
226 XFS_SB_FEAT_INCOMPAT_UNKNOWN));
227 xfs_warn(mp,
228 "Filesystem cannot be safely mounted by this kernel.");
229 return -EINVAL;
230 }
231
232 return 0;
233 }
234
235 static uint64_t
xfs_sb_calc_rbmblocks(struct xfs_sb * sbp)236 xfs_sb_calc_rbmblocks(
237 struct xfs_sb *sbp)
238 {
239 return howmany_64(sbp->sb_rextents, NBBY * sbp->sb_blocksize);
240 }
241
242 /* Validate the realtime geometry */
243 bool
xfs_validate_rt_geometry(struct xfs_sb * sbp)244 xfs_validate_rt_geometry(
245 struct xfs_sb *sbp)
246 {
247 if (sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE ||
248 sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE)
249 return false;
250
251 if (sbp->sb_rblocks == 0) {
252 if (sbp->sb_rextents != 0 || sbp->sb_rbmblocks != 0 ||
253 sbp->sb_rextslog != 0 || sbp->sb_frextents != 0)
254 return false;
255 return true;
256 }
257
258 if (sbp->sb_rextents == 0 ||
259 sbp->sb_rextents != div_u64(sbp->sb_rblocks, sbp->sb_rextsize) ||
260 sbp->sb_rextslog != xfs_compute_rextslog(sbp->sb_rextents) ||
261 sbp->sb_rbmblocks != xfs_sb_calc_rbmblocks(sbp))
262 return false;
263
264 return true;
265 }
266
267 /* Check all the superblock fields we care about when writing one out. */
268 STATIC int
xfs_validate_sb_write(struct xfs_mount * mp,struct xfs_buf * bp,struct xfs_sb * sbp)269 xfs_validate_sb_write(
270 struct xfs_mount *mp,
271 struct xfs_buf *bp,
272 struct xfs_sb *sbp)
273 {
274 /*
275 * Carry out additional sb summary counter sanity checks when we write
276 * the superblock. We skip this in the read validator because there
277 * could be newer superblocks in the log and if the values are garbage
278 * even after replay we'll recalculate them at the end of log mount.
279 *
280 * mkfs has traditionally written zeroed counters to inprogress and
281 * secondary superblocks, so allow this usage to continue because
282 * we never read counters from such superblocks.
283 */
284 if (xfs_buf_daddr(bp) == XFS_SB_DADDR && !sbp->sb_inprogress &&
285 (sbp->sb_fdblocks > sbp->sb_dblocks ||
286 !xfs_verify_icount(mp, sbp->sb_icount) ||
287 sbp->sb_ifree > sbp->sb_icount)) {
288 xfs_warn(mp, "SB summary counter sanity check failed");
289 return -EFSCORRUPTED;
290 }
291
292 if (!xfs_sb_is_v5(sbp))
293 return 0;
294
295 /*
296 * Version 5 superblock feature mask validation. Reject combinations
297 * the kernel cannot support since we checked for unsupported bits in
298 * the read verifier, which means that memory is corrupt.
299 */
300 if (!xfs_is_readonly(mp) &&
301 xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
302 xfs_alert(mp,
303 "Corruption detected in superblock read-only compatible features (0x%x)!",
304 (sbp->sb_features_ro_compat &
305 XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
306 return -EFSCORRUPTED;
307 }
308 if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
309 xfs_warn(mp,
310 "Corruption detected in superblock incompatible features (0x%x)!",
311 (sbp->sb_features_incompat &
312 XFS_SB_FEAT_INCOMPAT_UNKNOWN));
313 return -EFSCORRUPTED;
314 }
315 if (xfs_sb_has_incompat_log_feature(sbp,
316 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
317 xfs_warn(mp,
318 "Corruption detected in superblock incompatible log features (0x%x)!",
319 (sbp->sb_features_log_incompat &
320 XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
321 return -EFSCORRUPTED;
322 }
323
324 /*
325 * We can't read verify the sb LSN because the read verifier is called
326 * before the log is allocated and processed. We know the log is set up
327 * before write verifier calls, so check it here.
328 */
329 if (!xfs_log_check_lsn(mp, sbp->sb_lsn))
330 return -EFSCORRUPTED;
331
332 return 0;
333 }
334
335 /* Check the validity of the SB. */
336 STATIC int
xfs_validate_sb_common(struct xfs_mount * mp,struct xfs_buf * bp,struct xfs_sb * sbp)337 xfs_validate_sb_common(
338 struct xfs_mount *mp,
339 struct xfs_buf *bp,
340 struct xfs_sb *sbp)
341 {
342 struct xfs_dsb *dsb = bp->b_addr;
343 uint32_t agcount = 0;
344 uint32_t rem;
345 bool has_dalign;
346
347 if (!xfs_verify_magic(bp, dsb->sb_magicnum)) {
348 xfs_warn(mp,
349 "Superblock has bad magic number 0x%x. Not an XFS filesystem?",
350 be32_to_cpu(dsb->sb_magicnum));
351 return -EWRONGFS;
352 }
353
354 if (!xfs_sb_good_version(sbp)) {
355 xfs_warn(mp,
356 "Superblock has unknown features enabled or corrupted feature masks.");
357 return -EWRONGFS;
358 }
359
360 /*
361 * Validate feature flags and state
362 */
363 if (xfs_sb_is_v5(sbp)) {
364 if (sbp->sb_blocksize < XFS_MIN_CRC_BLOCKSIZE) {
365 xfs_notice(mp,
366 "Block size (%u bytes) too small for Version 5 superblock (minimum %d bytes)",
367 sbp->sb_blocksize, XFS_MIN_CRC_BLOCKSIZE);
368 return -EFSCORRUPTED;
369 }
370
371 /* V5 has a separate project quota inode */
372 if (sbp->sb_qflags & (XFS_OQUOTA_ENFD | XFS_OQUOTA_CHKD)) {
373 xfs_notice(mp,
374 "Version 5 of Super block has XFS_OQUOTA bits.");
375 return -EFSCORRUPTED;
376 }
377
378 /*
379 * Full inode chunks must be aligned to inode chunk size when
380 * sparse inodes are enabled to support the sparse chunk
381 * allocation algorithm and prevent overlapping inode records.
382 */
383 if (sbp->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_SPINODES) {
384 uint32_t align;
385
386 align = XFS_INODES_PER_CHUNK * sbp->sb_inodesize
387 >> sbp->sb_blocklog;
388 if (sbp->sb_inoalignmt != align) {
389 xfs_warn(mp,
390 "Inode block alignment (%u) must match chunk size (%u) for sparse inodes.",
391 sbp->sb_inoalignmt, align);
392 return -EINVAL;
393 }
394
395 if (sbp->sb_spino_align &&
396 (sbp->sb_spino_align > sbp->sb_inoalignmt ||
397 (sbp->sb_inoalignmt % sbp->sb_spino_align) != 0)) {
398 xfs_warn(mp,
399 "Sparse inode alignment (%u) is invalid, must be integer factor of (%u).",
400 sbp->sb_spino_align,
401 sbp->sb_inoalignmt);
402 return -EINVAL;
403 }
404 } else if (sbp->sb_spino_align) {
405 xfs_warn(mp,
406 "Sparse inode alignment (%u) should be zero.",
407 sbp->sb_spino_align);
408 return -EINVAL;
409 }
410 } else if (sbp->sb_qflags & (XFS_PQUOTA_ENFD | XFS_GQUOTA_ENFD |
411 XFS_PQUOTA_CHKD | XFS_GQUOTA_CHKD)) {
412 xfs_notice(mp,
413 "Superblock earlier than Version 5 has XFS_{P|G}QUOTA_{ENFD|CHKD} bits.");
414 return -EFSCORRUPTED;
415 }
416
417 if (unlikely(
418 sbp->sb_logstart == 0 && mp->m_logdev_targp == mp->m_ddev_targp)) {
419 xfs_warn(mp,
420 "filesystem is marked as having an external log; "
421 "specify logdev on the mount command line.");
422 return -EINVAL;
423 }
424
425 if (unlikely(
426 sbp->sb_logstart != 0 && mp->m_logdev_targp != mp->m_ddev_targp)) {
427 xfs_warn(mp,
428 "filesystem is marked as having an internal log; "
429 "do not specify logdev on the mount command line.");
430 return -EINVAL;
431 }
432
433 /* Compute agcount for this number of dblocks and agblocks */
434 if (sbp->sb_agblocks) {
435 agcount = div_u64_rem(sbp->sb_dblocks, sbp->sb_agblocks, &rem);
436 if (rem)
437 agcount++;
438 }
439
440 /*
441 * More sanity checking. Most of these were stolen directly from
442 * xfs_repair.
443 */
444 if (unlikely(
445 sbp->sb_agcount <= 0 ||
446 sbp->sb_sectsize < XFS_MIN_SECTORSIZE ||
447 sbp->sb_sectsize > XFS_MAX_SECTORSIZE ||
448 sbp->sb_sectlog < XFS_MIN_SECTORSIZE_LOG ||
449 sbp->sb_sectlog > XFS_MAX_SECTORSIZE_LOG ||
450 sbp->sb_sectsize != (1 << sbp->sb_sectlog) ||
451 sbp->sb_blocksize < XFS_MIN_BLOCKSIZE ||
452 sbp->sb_blocksize > XFS_MAX_BLOCKSIZE ||
453 sbp->sb_blocklog < XFS_MIN_BLOCKSIZE_LOG ||
454 sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG ||
455 sbp->sb_blocksize != (1 << sbp->sb_blocklog) ||
456 sbp->sb_dirblklog + sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG ||
457 sbp->sb_inodesize < XFS_DINODE_MIN_SIZE ||
458 sbp->sb_inodesize > XFS_DINODE_MAX_SIZE ||
459 sbp->sb_inodelog < XFS_DINODE_MIN_LOG ||
460 sbp->sb_inodelog > XFS_DINODE_MAX_LOG ||
461 sbp->sb_inodesize != (1 << sbp->sb_inodelog) ||
462 sbp->sb_inopblock != howmany(sbp->sb_blocksize,sbp->sb_inodesize) ||
463 XFS_FSB_TO_B(mp, sbp->sb_agblocks) < XFS_MIN_AG_BYTES ||
464 XFS_FSB_TO_B(mp, sbp->sb_agblocks) > XFS_MAX_AG_BYTES ||
465 sbp->sb_agblklog != xfs_highbit32(sbp->sb_agblocks - 1) + 1 ||
466 agcount == 0 || agcount != sbp->sb_agcount ||
467 (sbp->sb_blocklog - sbp->sb_inodelog != sbp->sb_inopblog) ||
468 (sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE) ||
469 (sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE) ||
470 (sbp->sb_imax_pct > 100 /* zero sb_imax_pct is valid */) ||
471 sbp->sb_dblocks == 0 ||
472 sbp->sb_dblocks > XFS_MAX_DBLOCKS(sbp) ||
473 sbp->sb_dblocks < XFS_MIN_DBLOCKS(sbp) ||
474 sbp->sb_shared_vn != 0)) {
475 xfs_notice(mp, "SB sanity check failed");
476 return -EFSCORRUPTED;
477 }
478
479 /*
480 * Logs that are too large are not supported at all. Reject them
481 * outright. Logs that are too small are tolerated on v4 filesystems,
482 * but we can only check that when mounting the log. Hence we skip
483 * those checks here.
484 */
485 if (sbp->sb_logblocks > XFS_MAX_LOG_BLOCKS) {
486 xfs_notice(mp,
487 "Log size 0x%x blocks too large, maximum size is 0x%llx blocks",
488 sbp->sb_logblocks, XFS_MAX_LOG_BLOCKS);
489 return -EFSCORRUPTED;
490 }
491
492 if (XFS_FSB_TO_B(mp, sbp->sb_logblocks) > XFS_MAX_LOG_BYTES) {
493 xfs_warn(mp,
494 "log size 0x%llx bytes too large, maximum size is 0x%llx bytes",
495 XFS_FSB_TO_B(mp, sbp->sb_logblocks),
496 XFS_MAX_LOG_BYTES);
497 return -EFSCORRUPTED;
498 }
499
500 /*
501 * Do not allow filesystems with corrupted log sector or stripe units to
502 * be mounted. We cannot safely size the iclogs or write to the log if
503 * the log stripe unit is not valid.
504 */
505 if (sbp->sb_versionnum & XFS_SB_VERSION_SECTORBIT) {
506 if (sbp->sb_logsectsize != (1U << sbp->sb_logsectlog)) {
507 xfs_notice(mp,
508 "log sector size in bytes/log2 (0x%x/0x%x) must match",
509 sbp->sb_logsectsize, 1U << sbp->sb_logsectlog);
510 return -EFSCORRUPTED;
511 }
512 } else if (sbp->sb_logsectsize || sbp->sb_logsectlog) {
513 xfs_notice(mp,
514 "log sector size in bytes/log2 (0x%x/0x%x) are not zero",
515 sbp->sb_logsectsize, sbp->sb_logsectlog);
516 return -EFSCORRUPTED;
517 }
518
519 if (sbp->sb_logsunit > 1) {
520 if (sbp->sb_logsunit % sbp->sb_blocksize) {
521 xfs_notice(mp,
522 "log stripe unit 0x%x bytes must be a multiple of block size",
523 sbp->sb_logsunit);
524 return -EFSCORRUPTED;
525 }
526 if (sbp->sb_logsunit > XLOG_MAX_RECORD_BSIZE) {
527 xfs_notice(mp,
528 "log stripe unit 0x%x bytes over maximum size (0x%x bytes)",
529 sbp->sb_logsunit, XLOG_MAX_RECORD_BSIZE);
530 return -EFSCORRUPTED;
531 }
532 }
533
534 if (!xfs_validate_rt_geometry(sbp)) {
535 xfs_notice(mp,
536 "realtime %sgeometry check failed",
537 sbp->sb_rblocks ? "" : "zeroed ");
538 return -EFSCORRUPTED;
539 }
540
541 /*
542 * Either (sb_unit and !hasdalign) or (!sb_unit and hasdalign)
543 * would imply the image is corrupted.
544 */
545 has_dalign = sbp->sb_versionnum & XFS_SB_VERSION_DALIGNBIT;
546 if (!!sbp->sb_unit ^ has_dalign) {
547 xfs_notice(mp, "SB stripe alignment sanity check failed");
548 return -EFSCORRUPTED;
549 }
550
551 if (!xfs_validate_stripe_geometry(mp, XFS_FSB_TO_B(mp, sbp->sb_unit),
552 XFS_FSB_TO_B(mp, sbp->sb_width), 0,
553 xfs_buf_daddr(bp) == XFS_SB_DADDR, false))
554 return -EFSCORRUPTED;
555
556 /*
557 * Currently only very few inode sizes are supported.
558 */
559 switch (sbp->sb_inodesize) {
560 case 256:
561 case 512:
562 case 1024:
563 case 2048:
564 break;
565 default:
566 xfs_warn(mp, "inode size of %d bytes not supported",
567 sbp->sb_inodesize);
568 return -ENOSYS;
569 }
570
571 return 0;
572 }
573
574 void
xfs_sb_quota_from_disk(struct xfs_sb * sbp)575 xfs_sb_quota_from_disk(struct xfs_sb *sbp)
576 {
577 /*
578 * older mkfs doesn't initialize quota inodes to NULLFSINO. This
579 * leads to in-core values having two different values for a quota
580 * inode to be invalid: 0 and NULLFSINO. Change it to a single value
581 * NULLFSINO.
582 *
583 * Note that this change affect only the in-core values. These
584 * values are not written back to disk unless any quota information
585 * is written to the disk. Even in that case, sb_pquotino field is
586 * not written to disk unless the superblock supports pquotino.
587 */
588 if (sbp->sb_uquotino == 0)
589 sbp->sb_uquotino = NULLFSINO;
590 if (sbp->sb_gquotino == 0)
591 sbp->sb_gquotino = NULLFSINO;
592 if (sbp->sb_pquotino == 0)
593 sbp->sb_pquotino = NULLFSINO;
594
595 /*
596 * We need to do these manipilations only if we are working
597 * with an older version of on-disk superblock.
598 */
599 if (xfs_sb_is_v5(sbp))
600 return;
601
602 if (sbp->sb_qflags & XFS_OQUOTA_ENFD)
603 sbp->sb_qflags |= (sbp->sb_qflags & XFS_PQUOTA_ACCT) ?
604 XFS_PQUOTA_ENFD : XFS_GQUOTA_ENFD;
605 if (sbp->sb_qflags & XFS_OQUOTA_CHKD)
606 sbp->sb_qflags |= (sbp->sb_qflags & XFS_PQUOTA_ACCT) ?
607 XFS_PQUOTA_CHKD : XFS_GQUOTA_CHKD;
608 sbp->sb_qflags &= ~(XFS_OQUOTA_ENFD | XFS_OQUOTA_CHKD);
609
610 if (sbp->sb_qflags & XFS_PQUOTA_ACCT &&
611 sbp->sb_gquotino != NULLFSINO) {
612 /*
613 * In older version of superblock, on-disk superblock only
614 * has sb_gquotino, and in-core superblock has both sb_gquotino
615 * and sb_pquotino. But, only one of them is supported at any
616 * point of time. So, if PQUOTA is set in disk superblock,
617 * copy over sb_gquotino to sb_pquotino. The NULLFSINO test
618 * above is to make sure we don't do this twice and wipe them
619 * both out!
620 */
621 sbp->sb_pquotino = sbp->sb_gquotino;
622 sbp->sb_gquotino = NULLFSINO;
623 }
624 }
625
626 static void
__xfs_sb_from_disk(struct xfs_sb * to,struct xfs_dsb * from,bool convert_xquota)627 __xfs_sb_from_disk(
628 struct xfs_sb *to,
629 struct xfs_dsb *from,
630 bool convert_xquota)
631 {
632 to->sb_magicnum = be32_to_cpu(from->sb_magicnum);
633 to->sb_blocksize = be32_to_cpu(from->sb_blocksize);
634 to->sb_dblocks = be64_to_cpu(from->sb_dblocks);
635 to->sb_rblocks = be64_to_cpu(from->sb_rblocks);
636 to->sb_rextents = be64_to_cpu(from->sb_rextents);
637 memcpy(&to->sb_uuid, &from->sb_uuid, sizeof(to->sb_uuid));
638 to->sb_logstart = be64_to_cpu(from->sb_logstart);
639 to->sb_rootino = be64_to_cpu(from->sb_rootino);
640 to->sb_rbmino = be64_to_cpu(from->sb_rbmino);
641 to->sb_rsumino = be64_to_cpu(from->sb_rsumino);
642 to->sb_rextsize = be32_to_cpu(from->sb_rextsize);
643 to->sb_agblocks = be32_to_cpu(from->sb_agblocks);
644 to->sb_agcount = be32_to_cpu(from->sb_agcount);
645 to->sb_rbmblocks = be32_to_cpu(from->sb_rbmblocks);
646 to->sb_logblocks = be32_to_cpu(from->sb_logblocks);
647 to->sb_versionnum = be16_to_cpu(from->sb_versionnum);
648 to->sb_sectsize = be16_to_cpu(from->sb_sectsize);
649 to->sb_inodesize = be16_to_cpu(from->sb_inodesize);
650 to->sb_inopblock = be16_to_cpu(from->sb_inopblock);
651 memcpy(&to->sb_fname, &from->sb_fname, sizeof(to->sb_fname));
652 to->sb_blocklog = from->sb_blocklog;
653 to->sb_sectlog = from->sb_sectlog;
654 to->sb_inodelog = from->sb_inodelog;
655 to->sb_inopblog = from->sb_inopblog;
656 to->sb_agblklog = from->sb_agblklog;
657 to->sb_rextslog = from->sb_rextslog;
658 to->sb_inprogress = from->sb_inprogress;
659 to->sb_imax_pct = from->sb_imax_pct;
660 to->sb_icount = be64_to_cpu(from->sb_icount);
661 to->sb_ifree = be64_to_cpu(from->sb_ifree);
662 to->sb_fdblocks = be64_to_cpu(from->sb_fdblocks);
663 to->sb_frextents = be64_to_cpu(from->sb_frextents);
664 to->sb_uquotino = be64_to_cpu(from->sb_uquotino);
665 to->sb_gquotino = be64_to_cpu(from->sb_gquotino);
666 to->sb_qflags = be16_to_cpu(from->sb_qflags);
667 to->sb_flags = from->sb_flags;
668 to->sb_shared_vn = from->sb_shared_vn;
669 to->sb_inoalignmt = be32_to_cpu(from->sb_inoalignmt);
670 to->sb_unit = be32_to_cpu(from->sb_unit);
671 to->sb_width = be32_to_cpu(from->sb_width);
672 to->sb_dirblklog = from->sb_dirblklog;
673 to->sb_logsectlog = from->sb_logsectlog;
674 to->sb_logsectsize = be16_to_cpu(from->sb_logsectsize);
675 to->sb_logsunit = be32_to_cpu(from->sb_logsunit);
676 to->sb_features2 = be32_to_cpu(from->sb_features2);
677 to->sb_bad_features2 = be32_to_cpu(from->sb_bad_features2);
678 to->sb_features_compat = be32_to_cpu(from->sb_features_compat);
679 to->sb_features_ro_compat = be32_to_cpu(from->sb_features_ro_compat);
680 to->sb_features_incompat = be32_to_cpu(from->sb_features_incompat);
681 to->sb_features_log_incompat =
682 be32_to_cpu(from->sb_features_log_incompat);
683 /* crc is only used on disk, not in memory; just init to 0 here. */
684 to->sb_crc = 0;
685 to->sb_spino_align = be32_to_cpu(from->sb_spino_align);
686 to->sb_pquotino = be64_to_cpu(from->sb_pquotino);
687 to->sb_lsn = be64_to_cpu(from->sb_lsn);
688 /*
689 * sb_meta_uuid is only on disk if it differs from sb_uuid and the
690 * feature flag is set; if not set we keep it only in memory.
691 */
692 if (xfs_sb_is_v5(to) &&
693 (to->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID))
694 uuid_copy(&to->sb_meta_uuid, &from->sb_meta_uuid);
695 else
696 uuid_copy(&to->sb_meta_uuid, &from->sb_uuid);
697 /* Convert on-disk flags to in-memory flags? */
698 if (convert_xquota)
699 xfs_sb_quota_from_disk(to);
700 }
701
702 void
xfs_sb_from_disk(struct xfs_sb * to,struct xfs_dsb * from)703 xfs_sb_from_disk(
704 struct xfs_sb *to,
705 struct xfs_dsb *from)
706 {
707 __xfs_sb_from_disk(to, from, true);
708 }
709
710 static void
xfs_sb_quota_to_disk(struct xfs_dsb * to,struct xfs_sb * from)711 xfs_sb_quota_to_disk(
712 struct xfs_dsb *to,
713 struct xfs_sb *from)
714 {
715 uint16_t qflags = from->sb_qflags;
716
717 to->sb_uquotino = cpu_to_be64(from->sb_uquotino);
718
719 /*
720 * The in-memory superblock quota state matches the v5 on-disk format so
721 * just write them out and return
722 */
723 if (xfs_sb_is_v5(from)) {
724 to->sb_qflags = cpu_to_be16(from->sb_qflags);
725 to->sb_gquotino = cpu_to_be64(from->sb_gquotino);
726 to->sb_pquotino = cpu_to_be64(from->sb_pquotino);
727 return;
728 }
729
730 /*
731 * For older superblocks (v4), the in-core version of sb_qflags do not
732 * have XFS_OQUOTA_* flags, whereas the on-disk version does. So,
733 * convert incore XFS_{PG}QUOTA_* flags to on-disk XFS_OQUOTA_* flags.
734 */
735 qflags &= ~(XFS_PQUOTA_ENFD | XFS_PQUOTA_CHKD |
736 XFS_GQUOTA_ENFD | XFS_GQUOTA_CHKD);
737
738 if (from->sb_qflags &
739 (XFS_PQUOTA_ENFD | XFS_GQUOTA_ENFD))
740 qflags |= XFS_OQUOTA_ENFD;
741 if (from->sb_qflags &
742 (XFS_PQUOTA_CHKD | XFS_GQUOTA_CHKD))
743 qflags |= XFS_OQUOTA_CHKD;
744 to->sb_qflags = cpu_to_be16(qflags);
745
746 /*
747 * GQUOTINO and PQUOTINO cannot be used together in versions
748 * of superblock that do not have pquotino. from->sb_flags
749 * tells us which quota is active and should be copied to
750 * disk. If neither are active, we should NULL the inode.
751 *
752 * In all cases, the separate pquotino must remain 0 because it
753 * is beyond the "end" of the valid non-pquotino superblock.
754 */
755 if (from->sb_qflags & XFS_GQUOTA_ACCT)
756 to->sb_gquotino = cpu_to_be64(from->sb_gquotino);
757 else if (from->sb_qflags & XFS_PQUOTA_ACCT)
758 to->sb_gquotino = cpu_to_be64(from->sb_pquotino);
759 else {
760 /*
761 * We can't rely on just the fields being logged to tell us
762 * that it is safe to write NULLFSINO - we should only do that
763 * if quotas are not actually enabled. Hence only write
764 * NULLFSINO if both in-core quota inodes are NULL.
765 */
766 if (from->sb_gquotino == NULLFSINO &&
767 from->sb_pquotino == NULLFSINO)
768 to->sb_gquotino = cpu_to_be64(NULLFSINO);
769 }
770
771 to->sb_pquotino = 0;
772 }
773
774 void
xfs_sb_to_disk(struct xfs_dsb * to,struct xfs_sb * from)775 xfs_sb_to_disk(
776 struct xfs_dsb *to,
777 struct xfs_sb *from)
778 {
779 xfs_sb_quota_to_disk(to, from);
780
781 to->sb_magicnum = cpu_to_be32(from->sb_magicnum);
782 to->sb_blocksize = cpu_to_be32(from->sb_blocksize);
783 to->sb_dblocks = cpu_to_be64(from->sb_dblocks);
784 to->sb_rblocks = cpu_to_be64(from->sb_rblocks);
785 to->sb_rextents = cpu_to_be64(from->sb_rextents);
786 memcpy(&to->sb_uuid, &from->sb_uuid, sizeof(to->sb_uuid));
787 to->sb_logstart = cpu_to_be64(from->sb_logstart);
788 to->sb_rootino = cpu_to_be64(from->sb_rootino);
789 to->sb_rbmino = cpu_to_be64(from->sb_rbmino);
790 to->sb_rsumino = cpu_to_be64(from->sb_rsumino);
791 to->sb_rextsize = cpu_to_be32(from->sb_rextsize);
792 to->sb_agblocks = cpu_to_be32(from->sb_agblocks);
793 to->sb_agcount = cpu_to_be32(from->sb_agcount);
794 to->sb_rbmblocks = cpu_to_be32(from->sb_rbmblocks);
795 to->sb_logblocks = cpu_to_be32(from->sb_logblocks);
796 to->sb_versionnum = cpu_to_be16(from->sb_versionnum);
797 to->sb_sectsize = cpu_to_be16(from->sb_sectsize);
798 to->sb_inodesize = cpu_to_be16(from->sb_inodesize);
799 to->sb_inopblock = cpu_to_be16(from->sb_inopblock);
800 memcpy(&to->sb_fname, &from->sb_fname, sizeof(to->sb_fname));
801 to->sb_blocklog = from->sb_blocklog;
802 to->sb_sectlog = from->sb_sectlog;
803 to->sb_inodelog = from->sb_inodelog;
804 to->sb_inopblog = from->sb_inopblog;
805 to->sb_agblklog = from->sb_agblklog;
806 to->sb_rextslog = from->sb_rextslog;
807 to->sb_inprogress = from->sb_inprogress;
808 to->sb_imax_pct = from->sb_imax_pct;
809 to->sb_icount = cpu_to_be64(from->sb_icount);
810 to->sb_ifree = cpu_to_be64(from->sb_ifree);
811 to->sb_fdblocks = cpu_to_be64(from->sb_fdblocks);
812 to->sb_frextents = cpu_to_be64(from->sb_frextents);
813
814 to->sb_flags = from->sb_flags;
815 to->sb_shared_vn = from->sb_shared_vn;
816 to->sb_inoalignmt = cpu_to_be32(from->sb_inoalignmt);
817 to->sb_unit = cpu_to_be32(from->sb_unit);
818 to->sb_width = cpu_to_be32(from->sb_width);
819 to->sb_dirblklog = from->sb_dirblklog;
820 to->sb_logsectlog = from->sb_logsectlog;
821 to->sb_logsectsize = cpu_to_be16(from->sb_logsectsize);
822 to->sb_logsunit = cpu_to_be32(from->sb_logsunit);
823
824 /*
825 * We need to ensure that bad_features2 always matches features2.
826 * Hence we enforce that here rather than having to remember to do it
827 * everywhere else that updates features2.
828 */
829 from->sb_bad_features2 = from->sb_features2;
830 to->sb_features2 = cpu_to_be32(from->sb_features2);
831 to->sb_bad_features2 = cpu_to_be32(from->sb_bad_features2);
832
833 if (!xfs_sb_is_v5(from))
834 return;
835
836 to->sb_features_compat = cpu_to_be32(from->sb_features_compat);
837 to->sb_features_ro_compat =
838 cpu_to_be32(from->sb_features_ro_compat);
839 to->sb_features_incompat =
840 cpu_to_be32(from->sb_features_incompat);
841 to->sb_features_log_incompat =
842 cpu_to_be32(from->sb_features_log_incompat);
843 to->sb_spino_align = cpu_to_be32(from->sb_spino_align);
844 to->sb_lsn = cpu_to_be64(from->sb_lsn);
845 if (from->sb_features_incompat & XFS_SB_FEAT_INCOMPAT_META_UUID)
846 uuid_copy(&to->sb_meta_uuid, &from->sb_meta_uuid);
847 }
848
849 /*
850 * If the superblock has the CRC feature bit set or the CRC field is non-null,
851 * check that the CRC is valid. We check the CRC field is non-null because a
852 * single bit error could clear the feature bit and unused parts of the
853 * superblock are supposed to be zero. Hence a non-null crc field indicates that
854 * we've potentially lost a feature bit and we should check it anyway.
855 *
856 * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
857 * last field in V4 secondary superblocks. So for secondary superblocks,
858 * we are more forgiving, and ignore CRC failures if the primary doesn't
859 * indicate that the fs version is V5.
860 */
861 static void
xfs_sb_read_verify(struct xfs_buf * bp)862 xfs_sb_read_verify(
863 struct xfs_buf *bp)
864 {
865 struct xfs_sb sb;
866 struct xfs_mount *mp = bp->b_mount;
867 struct xfs_dsb *dsb = bp->b_addr;
868 int error;
869
870 /*
871 * open code the version check to avoid needing to convert the entire
872 * superblock from disk order just to check the version number
873 */
874 if (dsb->sb_magicnum == cpu_to_be32(XFS_SB_MAGIC) &&
875 (((be16_to_cpu(dsb->sb_versionnum) & XFS_SB_VERSION_NUMBITS) ==
876 XFS_SB_VERSION_5) ||
877 dsb->sb_crc != 0)) {
878
879 if (!xfs_buf_verify_cksum(bp, XFS_SB_CRC_OFF)) {
880 /* Only fail bad secondaries on a known V5 filesystem */
881 if (xfs_buf_daddr(bp) == XFS_SB_DADDR ||
882 xfs_has_crc(mp)) {
883 error = -EFSBADCRC;
884 goto out_error;
885 }
886 }
887 }
888
889 /*
890 * Check all the superblock fields. Don't byteswap the xquota flags
891 * because _verify_common checks the on-disk values.
892 */
893 __xfs_sb_from_disk(&sb, dsb, false);
894 error = xfs_validate_sb_common(mp, bp, &sb);
895 if (error)
896 goto out_error;
897 error = xfs_validate_sb_read(mp, &sb);
898
899 out_error:
900 if (error == -EFSCORRUPTED || error == -EFSBADCRC)
901 xfs_verifier_error(bp, error, __this_address);
902 else if (error)
903 xfs_buf_ioerror(bp, error);
904 }
905
906 /*
907 * We may be probed for a filesystem match, so we may not want to emit
908 * messages when the superblock buffer is not actually an XFS superblock.
909 * If we find an XFS superblock, then run a normal, noisy mount because we are
910 * really going to mount it and want to know about errors.
911 */
912 static void
xfs_sb_quiet_read_verify(struct xfs_buf * bp)913 xfs_sb_quiet_read_verify(
914 struct xfs_buf *bp)
915 {
916 struct xfs_dsb *dsb = bp->b_addr;
917
918 if (dsb->sb_magicnum == cpu_to_be32(XFS_SB_MAGIC)) {
919 /* XFS filesystem, verify noisily! */
920 xfs_sb_read_verify(bp);
921 return;
922 }
923 /* quietly fail */
924 xfs_buf_ioerror(bp, -EWRONGFS);
925 }
926
927 static void
xfs_sb_write_verify(struct xfs_buf * bp)928 xfs_sb_write_verify(
929 struct xfs_buf *bp)
930 {
931 struct xfs_sb sb;
932 struct xfs_mount *mp = bp->b_mount;
933 struct xfs_buf_log_item *bip = bp->b_log_item;
934 struct xfs_dsb *dsb = bp->b_addr;
935 int error;
936
937 /*
938 * Check all the superblock fields. Don't byteswap the xquota flags
939 * because _verify_common checks the on-disk values.
940 */
941 __xfs_sb_from_disk(&sb, dsb, false);
942 error = xfs_validate_sb_common(mp, bp, &sb);
943 if (error)
944 goto out_error;
945 error = xfs_validate_sb_write(mp, bp, &sb);
946 if (error)
947 goto out_error;
948
949 if (!xfs_sb_is_v5(&sb))
950 return;
951
952 if (bip)
953 dsb->sb_lsn = cpu_to_be64(bip->bli_item.li_lsn);
954
955 xfs_buf_update_cksum(bp, XFS_SB_CRC_OFF);
956 return;
957
958 out_error:
959 xfs_verifier_error(bp, error, __this_address);
960 }
961
962 const struct xfs_buf_ops xfs_sb_buf_ops = {
963 .name = "xfs_sb",
964 .magic = { cpu_to_be32(XFS_SB_MAGIC), cpu_to_be32(XFS_SB_MAGIC) },
965 .verify_read = xfs_sb_read_verify,
966 .verify_write = xfs_sb_write_verify,
967 };
968
969 const struct xfs_buf_ops xfs_sb_quiet_buf_ops = {
970 .name = "xfs_sb_quiet",
971 .magic = { cpu_to_be32(XFS_SB_MAGIC), cpu_to_be32(XFS_SB_MAGIC) },
972 .verify_read = xfs_sb_quiet_read_verify,
973 .verify_write = xfs_sb_write_verify,
974 };
975
976 void
xfs_mount_sb_set_rextsize(struct xfs_mount * mp,struct xfs_sb * sbp)977 xfs_mount_sb_set_rextsize(
978 struct xfs_mount *mp,
979 struct xfs_sb *sbp)
980 {
981 mp->m_rtxblklog = log2_if_power2(sbp->sb_rextsize);
982 mp->m_rtxblkmask = mask64_if_power2(sbp->sb_rextsize);
983 }
984
985 /*
986 * xfs_mount_common
987 *
988 * Mount initialization code establishing various mount
989 * fields from the superblock associated with the given
990 * mount structure.
991 *
992 * Inode geometry are calculated in xfs_ialloc_setup_geometry.
993 */
994 void
xfs_sb_mount_common(struct xfs_mount * mp,struct xfs_sb * sbp)995 xfs_sb_mount_common(
996 struct xfs_mount *mp,
997 struct xfs_sb *sbp)
998 {
999 mp->m_agfrotor = 0;
1000 atomic_set(&mp->m_agirotor, 0);
1001 mp->m_maxagi = mp->m_sb.sb_agcount;
1002 mp->m_blkbit_log = sbp->sb_blocklog + XFS_NBBYLOG;
1003 mp->m_blkbb_log = sbp->sb_blocklog - BBSHIFT;
1004 mp->m_sectbb_log = sbp->sb_sectlog - BBSHIFT;
1005 mp->m_agno_log = xfs_highbit32(sbp->sb_agcount - 1) + 1;
1006 mp->m_blockmask = sbp->sb_blocksize - 1;
1007 mp->m_blockwsize = sbp->sb_blocksize >> XFS_WORDLOG;
1008 mp->m_blockwmask = mp->m_blockwsize - 1;
1009 xfs_mount_sb_set_rextsize(mp, sbp);
1010
1011 mp->m_alloc_mxr[0] = xfs_allocbt_maxrecs(mp, sbp->sb_blocksize, true);
1012 mp->m_alloc_mxr[1] = xfs_allocbt_maxrecs(mp, sbp->sb_blocksize, false);
1013 mp->m_alloc_mnr[0] = mp->m_alloc_mxr[0] / 2;
1014 mp->m_alloc_mnr[1] = mp->m_alloc_mxr[1] / 2;
1015
1016 mp->m_bmap_dmxr[0] = xfs_bmbt_maxrecs(mp, sbp->sb_blocksize, true);
1017 mp->m_bmap_dmxr[1] = xfs_bmbt_maxrecs(mp, sbp->sb_blocksize, false);
1018 mp->m_bmap_dmnr[0] = mp->m_bmap_dmxr[0] / 2;
1019 mp->m_bmap_dmnr[1] = mp->m_bmap_dmxr[1] / 2;
1020
1021 mp->m_rmap_mxr[0] = xfs_rmapbt_maxrecs(mp, sbp->sb_blocksize, true);
1022 mp->m_rmap_mxr[1] = xfs_rmapbt_maxrecs(mp, sbp->sb_blocksize, false);
1023 mp->m_rmap_mnr[0] = mp->m_rmap_mxr[0] / 2;
1024 mp->m_rmap_mnr[1] = mp->m_rmap_mxr[1] / 2;
1025
1026 mp->m_refc_mxr[0] = xfs_refcountbt_maxrecs(mp, sbp->sb_blocksize, true);
1027 mp->m_refc_mxr[1] = xfs_refcountbt_maxrecs(mp, sbp->sb_blocksize, false);
1028 mp->m_refc_mnr[0] = mp->m_refc_mxr[0] / 2;
1029 mp->m_refc_mnr[1] = mp->m_refc_mxr[1] / 2;
1030
1031 mp->m_bsize = XFS_FSB_TO_BB(mp, 1);
1032 mp->m_alloc_set_aside = xfs_alloc_set_aside(mp);
1033 mp->m_ag_max_usable = xfs_alloc_ag_max_usable(mp);
1034 }
1035
1036 /*
1037 * xfs_log_sb() can be used to copy arbitrary changes to the in-core superblock
1038 * into the superblock buffer to be logged. It does not provide the higher
1039 * level of locking that is needed to protect the in-core superblock from
1040 * concurrent access.
1041 */
1042 void
xfs_log_sb(struct xfs_trans * tp)1043 xfs_log_sb(
1044 struct xfs_trans *tp)
1045 {
1046 struct xfs_mount *mp = tp->t_mountp;
1047 struct xfs_buf *bp = xfs_trans_getsb(tp);
1048
1049 /*
1050 * Lazy sb counters don't update the in-core superblock so do that now.
1051 * If this is at unmount, the counters will be exactly correct, but at
1052 * any other time they will only be ballpark correct because of
1053 * reservations that have been taken out percpu counters. If we have an
1054 * unclean shutdown, this will be corrected by log recovery rebuilding
1055 * the counters from the AGF block counts.
1056 *
1057 * Do not update sb_frextents here because it is not part of the lazy
1058 * sb counters, despite having a percpu counter. It is always kept
1059 * consistent with the ondisk rtbitmap by xfs_trans_apply_sb_deltas()
1060 * and hence we don't need have to update it here.
1061 */
1062 if (xfs_has_lazysbcount(mp)) {
1063 mp->m_sb.sb_icount = percpu_counter_sum_positive(&mp->m_icount);
1064 mp->m_sb.sb_ifree = min_t(uint64_t,
1065 percpu_counter_sum_positive(&mp->m_ifree),
1066 mp->m_sb.sb_icount);
1067 mp->m_sb.sb_fdblocks =
1068 percpu_counter_sum_positive(&mp->m_fdblocks);
1069 }
1070
1071 xfs_sb_to_disk(bp->b_addr, &mp->m_sb);
1072 xfs_trans_buf_set_type(tp, bp, XFS_BLFT_SB_BUF);
1073 xfs_trans_log_buf(tp, bp, 0, sizeof(struct xfs_dsb) - 1);
1074 }
1075
1076 /*
1077 * xfs_sync_sb
1078 *
1079 * Sync the superblock to disk.
1080 *
1081 * Note that the caller is responsible for checking the frozen state of the
1082 * filesystem. This procedure uses the non-blocking transaction allocator and
1083 * thus will allow modifications to a frozen fs. This is required because this
1084 * code can be called during the process of freezing where use of the high-level
1085 * allocator would deadlock.
1086 */
1087 int
xfs_sync_sb(struct xfs_mount * mp,bool wait)1088 xfs_sync_sb(
1089 struct xfs_mount *mp,
1090 bool wait)
1091 {
1092 struct xfs_trans *tp;
1093 int error;
1094
1095 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0,
1096 XFS_TRANS_NO_WRITECOUNT, &tp);
1097 if (error)
1098 return error;
1099
1100 xfs_log_sb(tp);
1101 if (wait)
1102 xfs_trans_set_sync(tp);
1103 return xfs_trans_commit(tp);
1104 }
1105
1106 /*
1107 * Update all the secondary superblocks to match the new state of the primary.
1108 * Because we are completely overwriting all the existing fields in the
1109 * secondary superblock buffers, there is no need to read them in from disk.
1110 * Just get a new buffer, stamp it and write it.
1111 *
1112 * The sb buffers need to be cached here so that we serialise against other
1113 * operations that access the secondary superblocks, but we don't want to keep
1114 * them in memory once it is written so we mark it as a one-shot buffer.
1115 */
1116 int
xfs_update_secondary_sbs(struct xfs_mount * mp)1117 xfs_update_secondary_sbs(
1118 struct xfs_mount *mp)
1119 {
1120 struct xfs_perag *pag;
1121 xfs_agnumber_t agno = 1;
1122 int saved_error = 0;
1123 int error = 0;
1124 LIST_HEAD (buffer_list);
1125
1126 /* update secondary superblocks. */
1127 for_each_perag_from(mp, agno, pag) {
1128 struct xfs_buf *bp;
1129
1130 error = xfs_buf_get(mp->m_ddev_targp,
1131 XFS_AG_DADDR(mp, pag->pag_agno, XFS_SB_DADDR),
1132 XFS_FSS_TO_BB(mp, 1), &bp);
1133 /*
1134 * If we get an error reading or writing alternate superblocks,
1135 * continue. xfs_repair chooses the "best" superblock based
1136 * on most matches; if we break early, we'll leave more
1137 * superblocks un-updated than updated, and xfs_repair may
1138 * pick them over the properly-updated primary.
1139 */
1140 if (error) {
1141 xfs_warn(mp,
1142 "error allocating secondary superblock for ag %d",
1143 pag->pag_agno);
1144 if (!saved_error)
1145 saved_error = error;
1146 continue;
1147 }
1148
1149 bp->b_ops = &xfs_sb_buf_ops;
1150 xfs_buf_oneshot(bp);
1151 xfs_buf_zero(bp, 0, BBTOB(bp->b_length));
1152 xfs_sb_to_disk(bp->b_addr, &mp->m_sb);
1153 xfs_buf_delwri_queue(bp, &buffer_list);
1154 xfs_buf_relse(bp);
1155
1156 /* don't hold too many buffers at once */
1157 if (agno % 16)
1158 continue;
1159
1160 error = xfs_buf_delwri_submit(&buffer_list);
1161 if (error) {
1162 xfs_warn(mp,
1163 "write error %d updating a secondary superblock near ag %d",
1164 error, pag->pag_agno);
1165 if (!saved_error)
1166 saved_error = error;
1167 continue;
1168 }
1169 }
1170 error = xfs_buf_delwri_submit(&buffer_list);
1171 if (error) {
1172 xfs_warn(mp,
1173 "write error %d updating a secondary superblock near ag %d",
1174 error, agno);
1175 }
1176
1177 return saved_error ? saved_error : error;
1178 }
1179
1180 /*
1181 * Same behavior as xfs_sync_sb, except that it is always synchronous and it
1182 * also writes the superblock buffer to disk sector 0 immediately.
1183 */
1184 int
xfs_sync_sb_buf(struct xfs_mount * mp)1185 xfs_sync_sb_buf(
1186 struct xfs_mount *mp)
1187 {
1188 struct xfs_trans *tp;
1189 struct xfs_buf *bp;
1190 int error;
1191
1192 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0, 0, &tp);
1193 if (error)
1194 return error;
1195
1196 bp = xfs_trans_getsb(tp);
1197 xfs_log_sb(tp);
1198 xfs_trans_bhold(tp, bp);
1199 xfs_trans_set_sync(tp);
1200 error = xfs_trans_commit(tp);
1201 if (error)
1202 goto out;
1203 /*
1204 * write out the sb buffer to get the changes to disk
1205 */
1206 error = xfs_bwrite(bp);
1207 out:
1208 xfs_buf_relse(bp);
1209 return error;
1210 }
1211
1212 void
xfs_fs_geometry(struct xfs_mount * mp,struct xfs_fsop_geom * geo,int struct_version)1213 xfs_fs_geometry(
1214 struct xfs_mount *mp,
1215 struct xfs_fsop_geom *geo,
1216 int struct_version)
1217 {
1218 struct xfs_sb *sbp = &mp->m_sb;
1219
1220 memset(geo, 0, sizeof(struct xfs_fsop_geom));
1221
1222 geo->blocksize = sbp->sb_blocksize;
1223 geo->rtextsize = sbp->sb_rextsize;
1224 geo->agblocks = sbp->sb_agblocks;
1225 geo->agcount = sbp->sb_agcount;
1226 geo->logblocks = sbp->sb_logblocks;
1227 geo->sectsize = sbp->sb_sectsize;
1228 geo->inodesize = sbp->sb_inodesize;
1229 geo->imaxpct = sbp->sb_imax_pct;
1230 geo->datablocks = sbp->sb_dblocks;
1231 geo->rtblocks = sbp->sb_rblocks;
1232 geo->rtextents = sbp->sb_rextents;
1233 geo->logstart = sbp->sb_logstart;
1234 BUILD_BUG_ON(sizeof(geo->uuid) != sizeof(sbp->sb_uuid));
1235 memcpy(geo->uuid, &sbp->sb_uuid, sizeof(sbp->sb_uuid));
1236
1237 if (struct_version < 2)
1238 return;
1239
1240 geo->sunit = sbp->sb_unit;
1241 geo->swidth = sbp->sb_width;
1242
1243 if (struct_version < 3)
1244 return;
1245
1246 geo->version = XFS_FSOP_GEOM_VERSION;
1247 geo->flags = XFS_FSOP_GEOM_FLAGS_NLINK |
1248 XFS_FSOP_GEOM_FLAGS_DIRV2 |
1249 XFS_FSOP_GEOM_FLAGS_EXTFLG;
1250 if (xfs_has_attr(mp))
1251 geo->flags |= XFS_FSOP_GEOM_FLAGS_ATTR;
1252 if (xfs_has_quota(mp))
1253 geo->flags |= XFS_FSOP_GEOM_FLAGS_QUOTA;
1254 if (xfs_has_align(mp))
1255 geo->flags |= XFS_FSOP_GEOM_FLAGS_IALIGN;
1256 if (xfs_has_dalign(mp))
1257 geo->flags |= XFS_FSOP_GEOM_FLAGS_DALIGN;
1258 if (xfs_has_asciici(mp))
1259 geo->flags |= XFS_FSOP_GEOM_FLAGS_DIRV2CI;
1260 if (xfs_has_lazysbcount(mp))
1261 geo->flags |= XFS_FSOP_GEOM_FLAGS_LAZYSB;
1262 if (xfs_has_attr2(mp))
1263 geo->flags |= XFS_FSOP_GEOM_FLAGS_ATTR2;
1264 if (xfs_has_projid32(mp))
1265 geo->flags |= XFS_FSOP_GEOM_FLAGS_PROJID32;
1266 if (xfs_has_crc(mp))
1267 geo->flags |= XFS_FSOP_GEOM_FLAGS_V5SB;
1268 if (xfs_has_ftype(mp))
1269 geo->flags |= XFS_FSOP_GEOM_FLAGS_FTYPE;
1270 if (xfs_has_finobt(mp))
1271 geo->flags |= XFS_FSOP_GEOM_FLAGS_FINOBT;
1272 if (xfs_has_sparseinodes(mp))
1273 geo->flags |= XFS_FSOP_GEOM_FLAGS_SPINODES;
1274 if (xfs_has_rmapbt(mp))
1275 geo->flags |= XFS_FSOP_GEOM_FLAGS_RMAPBT;
1276 if (xfs_has_reflink(mp))
1277 geo->flags |= XFS_FSOP_GEOM_FLAGS_REFLINK;
1278 if (xfs_has_bigtime(mp))
1279 geo->flags |= XFS_FSOP_GEOM_FLAGS_BIGTIME;
1280 if (xfs_has_inobtcounts(mp))
1281 geo->flags |= XFS_FSOP_GEOM_FLAGS_INOBTCNT;
1282 if (xfs_has_parent(mp))
1283 geo->flags |= XFS_FSOP_GEOM_FLAGS_PARENT;
1284 if (xfs_has_sector(mp)) {
1285 geo->flags |= XFS_FSOP_GEOM_FLAGS_SECTOR;
1286 geo->logsectsize = sbp->sb_logsectsize;
1287 } else {
1288 geo->logsectsize = BBSIZE;
1289 }
1290 if (xfs_has_large_extent_counts(mp))
1291 geo->flags |= XFS_FSOP_GEOM_FLAGS_NREXT64;
1292 if (xfs_has_exchange_range(mp))
1293 geo->flags |= XFS_FSOP_GEOM_FLAGS_EXCHANGE_RANGE;
1294 geo->rtsectsize = sbp->sb_blocksize;
1295 geo->dirblocksize = xfs_dir2_dirblock_bytes(sbp);
1296
1297 if (struct_version < 4)
1298 return;
1299
1300 if (xfs_has_logv2(mp))
1301 geo->flags |= XFS_FSOP_GEOM_FLAGS_LOGV2;
1302
1303 geo->logsunit = sbp->sb_logsunit;
1304
1305 if (struct_version < 5)
1306 return;
1307
1308 geo->version = XFS_FSOP_GEOM_VERSION_V5;
1309 }
1310
1311 /* Read a secondary superblock. */
1312 int
xfs_sb_read_secondary(struct xfs_mount * mp,struct xfs_trans * tp,xfs_agnumber_t agno,struct xfs_buf ** bpp)1313 xfs_sb_read_secondary(
1314 struct xfs_mount *mp,
1315 struct xfs_trans *tp,
1316 xfs_agnumber_t agno,
1317 struct xfs_buf **bpp)
1318 {
1319 struct xfs_buf *bp;
1320 int error;
1321
1322 ASSERT(agno != 0 && agno != NULLAGNUMBER);
1323 error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp,
1324 XFS_AG_DADDR(mp, agno, XFS_SB_BLOCK(mp)),
1325 XFS_FSS_TO_BB(mp, 1), 0, &bp, &xfs_sb_buf_ops);
1326 if (xfs_metadata_is_sick(error))
1327 xfs_agno_mark_sick(mp, agno, XFS_SICK_AG_SB);
1328 if (error)
1329 return error;
1330 xfs_buf_set_ref(bp, XFS_SSB_REF);
1331 *bpp = bp;
1332 return 0;
1333 }
1334
1335 /* Get an uninitialised secondary superblock buffer. */
1336 int
xfs_sb_get_secondary(struct xfs_mount * mp,struct xfs_trans * tp,xfs_agnumber_t agno,struct xfs_buf ** bpp)1337 xfs_sb_get_secondary(
1338 struct xfs_mount *mp,
1339 struct xfs_trans *tp,
1340 xfs_agnumber_t agno,
1341 struct xfs_buf **bpp)
1342 {
1343 struct xfs_buf *bp;
1344 int error;
1345
1346 ASSERT(agno != 0 && agno != NULLAGNUMBER);
1347 error = xfs_trans_get_buf(tp, mp->m_ddev_targp,
1348 XFS_AG_DADDR(mp, agno, XFS_SB_BLOCK(mp)),
1349 XFS_FSS_TO_BB(mp, 1), 0, &bp);
1350 if (error)
1351 return error;
1352 bp->b_ops = &xfs_sb_buf_ops;
1353 xfs_buf_oneshot(bp);
1354 *bpp = bp;
1355 return 0;
1356 }
1357
1358 /*
1359 * sunit, swidth, sectorsize(optional with 0) should be all in bytes, so users
1360 * won't be confused by values in error messages. This function returns false
1361 * if the stripe geometry is invalid and the caller is unable to repair the
1362 * stripe configuration later in the mount process.
1363 */
1364 bool
xfs_validate_stripe_geometry(struct xfs_mount * mp,__s64 sunit,__s64 swidth,int sectorsize,bool may_repair,bool silent)1365 xfs_validate_stripe_geometry(
1366 struct xfs_mount *mp,
1367 __s64 sunit,
1368 __s64 swidth,
1369 int sectorsize,
1370 bool may_repair,
1371 bool silent)
1372 {
1373 if (swidth > INT_MAX) {
1374 if (!silent)
1375 xfs_notice(mp,
1376 "stripe width (%lld) is too large", swidth);
1377 goto check_override;
1378 }
1379
1380 if (sunit > swidth) {
1381 if (!silent)
1382 xfs_notice(mp,
1383 "stripe unit (%lld) is larger than the stripe width (%lld)", sunit, swidth);
1384 goto check_override;
1385 }
1386
1387 if (sectorsize && (int)sunit % sectorsize) {
1388 if (!silent)
1389 xfs_notice(mp,
1390 "stripe unit (%lld) must be a multiple of the sector size (%d)",
1391 sunit, sectorsize);
1392 goto check_override;
1393 }
1394
1395 if (sunit && !swidth) {
1396 if (!silent)
1397 xfs_notice(mp,
1398 "invalid stripe unit (%lld) and stripe width of 0", sunit);
1399 goto check_override;
1400 }
1401
1402 if (!sunit && swidth) {
1403 if (!silent)
1404 xfs_notice(mp,
1405 "invalid stripe width (%lld) and stripe unit of 0", swidth);
1406 goto check_override;
1407 }
1408
1409 if (sunit && (int)swidth % (int)sunit) {
1410 if (!silent)
1411 xfs_notice(mp,
1412 "stripe width (%lld) must be a multiple of the stripe unit (%lld)",
1413 swidth, sunit);
1414 goto check_override;
1415 }
1416 return true;
1417
1418 check_override:
1419 if (!may_repair)
1420 return false;
1421 /*
1422 * During mount, mp->m_dalign will not be set unless the sunit mount
1423 * option was set. If it was set, ignore the bad stripe alignment values
1424 * and allow the validation and overwrite later in the mount process to
1425 * attempt to overwrite the bad stripe alignment values with the values
1426 * supplied by mount options.
1427 */
1428 if (!mp->m_dalign)
1429 return false;
1430 if (!silent)
1431 xfs_notice(mp,
1432 "Will try to correct with specified mount options sunit (%d) and swidth (%d)",
1433 BBTOB(mp->m_dalign), BBTOB(mp->m_swidth));
1434 return true;
1435 }
1436
1437 /*
1438 * Compute the maximum level number of the realtime summary file, as defined by
1439 * mkfs. The historic use of highbit32 on a 64-bit quantity prohibited correct
1440 * use of rt volumes with more than 2^32 extents.
1441 */
1442 uint8_t
xfs_compute_rextslog(xfs_rtbxlen_t rtextents)1443 xfs_compute_rextslog(
1444 xfs_rtbxlen_t rtextents)
1445 {
1446 if (!rtextents)
1447 return 0;
1448 return xfs_highbit64(rtextents);
1449 }
1450