20c59c71ae
- Log faulting code locations when verifiers fail, for improved diagnosis of corrupt filesystems. - Implement metadata verifiers for local format inode fork data. - Online scrub now cross-references metadata records with other metadata. - Refactor the fs geometry ioctl generation functions. - Harden various metadata verifiers. - Fix various accounting problems. - Fix uncancelled transactions leaking when xattr functions fail. - Prevent the copy-on-write speculative preallocation garbage collector from racing with writeback. - Emit log reservation type information as trace data so that we can compare against xfsprogs. - Fix some erroneous asserts in the online scrub code. - Clean up the transaction reservation calculations. - Fix various minor bugs in online scrub. - Log complaints about mixed dio/buffered writes once per day and less noisily than before. - Refactor buffer log item lists to use list_head. - Break PNFS leases before reflinking blocks. - Reduce lock contention on reflink source files. - Fix some quota accounting problems with reflink. - Fix a serious corruption problem in the direct cow write code where we fed bad iomaps to the vfs iomap consumers. - Various other refactorings. - Remove EXPERIMENTAL tag from reflink! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJabz1mAAoJEPh/dxk0SrTrZ2YQAJDPbmq6efgIwXc8J7wf1SzI Djh9bQNfMllP6d6UfIsmWsktVvW8koIJ8I9gZLKjMREd7/UGlrhBvzEQT95X8JFb 6U+gAODOcRfRitDoISm4FRcxFo77B3OkmuzTM1sV6Z1On5qfMufmlDMg3CZbsB8b i/32BJb/r7AaU6Nfg/no0XPHi+5hdi1NhswM7i3mjqj83LPdobwE9lh2BaT0GZn0 gJs6zijPNfkg1+LFtciIk7PCcVlO49aLpKE1iP2UrUVYBuWcQmm97SiZgvydFGxg 48nIBQ6CJ3y1sR5USjejZZT0fAY37IAvlCfC9JCFrwqzSbxSMCCgyf8hhBLjGc25 EyEi9fuDdHS+Im4+5kb/vtdRfyoim5KwHGRpN6ZtqH8hYizFu3su9LsgHCXfGoI3 ehPgxWeQY9f+dUyJE060n/SF3uIw8+OnLtU7axxx4yvFiUuRgI4U0pLhpJdeRu3x ms1GZDgvhzsvX4h3b0Svv4Y2UHygvMYT1CR/gG9iXbFzUdg5wFJJ8dqgnnqoRfLT HnWOw93NTz62csxE+3RobYlNGNIeNBD0NjZiQsPKLuuVeJqT9llkL0/B7pKPYxQb KoDDkf/azgmH1gUs1XlDmPF5FE8DObeOMoXYn+693LpIMlewwqsyC3Ytu9+VJ6TZ X2+OAuTRGP+LYD6FNnEP =HL5B -----END PGP SIGNATURE----- Merge tag 'xfs-4.16-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs updates from Darrick Wong: "This merge cycle, we're again some substantive changes to XFS. Metadata verifiers have been restructured to provide more detail about which part of a metadata structure failed checks, and we've enhanced the new online fsck feature to cross-reference extent allocation information with the other metadata structures. With this pull, the metadata verification part of online fsck is more or less finished, though the feature is still experimental and still disabled by default. We're also preparing to remove the EXPERIMENTAL tag from a couple of features this cycle. This week we're committing a bunch of space accounting fixes for reflink and removing the EXPERIMENTAL tag from reflink; I anticipate that we'll be ready to do the same for the reverse mapping feature next week. (I don't have any pending fixes for rmap; however I wish to remove the tags one at a time.) This giant pile of patches has been run through a full xfstests run over the weekend and through a quick xfstests run against this morning's master, with no major failures reported. Let me know if there's any merge problems -- git merge reported that one of our patches touched the same function as the i_version series, but it resolved things cleanly. Summary: - Log faulting code locations when verifiers fail, for improved diagnosis of corrupt filesystems. - Implement metadata verifiers for local format inode fork data. - Online scrub now cross-references metadata records with other metadata. - Refactor the fs geometry ioctl generation functions. - Harden various metadata verifiers. - Fix various accounting problems. - Fix uncancelled transactions leaking when xattr functions fail. - Prevent the copy-on-write speculative preallocation garbage collector from racing with writeback. - Emit log reservation type information as trace data so that we can compare against xfsprogs. - Fix some erroneous asserts in the online scrub code. - Clean up the transaction reservation calculations. - Fix various minor bugs in online scrub. - Log complaints about mixed dio/buffered writes once per day and less noisily than before. - Refactor buffer log item lists to use list_head. - Break PNFS leases before reflinking blocks. - Reduce lock contention on reflink source files. - Fix some quota accounting problems with reflink. - Fix a serious corruption problem in the direct cow write code where we fed bad iomaps to the vfs iomap consumers. - Various other refactorings. - Remove EXPERIMENTAL tag from reflink!" * tag 'xfs-4.16-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (94 commits) xfs: remove experimental tag for reflinks xfs: don't screw up direct writes when freesp is fragmented xfs: check reflink allocation mappings iomap: warn on zero-length mappings xfs: treat CoW fork operations as delalloc for quota accounting xfs: only grab shared inode locks for source file during reflink xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes xfs: reflink should break pnfs leases before sharing blocks xfs: don't clobber inobt/finobt cursors when xref with rmap xfs: skip CoW writes past EOF when writeback races with truncate xfs: preserve i_rdev when recycling a reclaimable inode xfs: refactor accounting updates out of xfs_bmap_btalloc xfs: refactor inode verifier corruption error printing xfs: make tracepoint inode number format consistent xfs: always zero di_flags2 when we free the inode xfs: call xfs_qm_dqattach before performing reflink operations xfs: bmap code cleanup Use list_head infra-structure for buffer's log items list Split buffer's b_fspriv field Get rid of xfs_buf_log_item_t typedef ...
652 lines
19 KiB
C
652 lines
19 KiB
C
/*
|
|
* Copyright (c) 2000-2006 Silicon Graphics, Inc.
|
|
* All Rights Reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it would be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
#include "xfs.h"
|
|
#include "xfs_fs.h"
|
|
#include "xfs_shared.h"
|
|
#include "xfs_format.h"
|
|
#include "xfs_log_format.h"
|
|
#include "xfs_trans_resv.h"
|
|
#include "xfs_mount.h"
|
|
#include "xfs_defer.h"
|
|
#include "xfs_inode.h"
|
|
#include "xfs_errortag.h"
|
|
#include "xfs_error.h"
|
|
#include "xfs_cksum.h"
|
|
#include "xfs_icache.h"
|
|
#include "xfs_trans.h"
|
|
#include "xfs_ialloc.h"
|
|
#include "xfs_dir2.h"
|
|
|
|
#include <linux/iversion.h>
|
|
|
|
/*
|
|
* Check that none of the inode's in the buffer have a next
|
|
* unlinked field of 0.
|
|
*/
|
|
#if defined(DEBUG)
|
|
void
|
|
xfs_inobp_check(
|
|
xfs_mount_t *mp,
|
|
xfs_buf_t *bp)
|
|
{
|
|
int i;
|
|
int j;
|
|
xfs_dinode_t *dip;
|
|
|
|
j = mp->m_inode_cluster_size >> mp->m_sb.sb_inodelog;
|
|
|
|
for (i = 0; i < j; i++) {
|
|
dip = xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize);
|
|
if (!dip->di_next_unlinked) {
|
|
xfs_alert(mp,
|
|
"Detected bogus zero next_unlinked field in inode %d buffer 0x%llx.",
|
|
i, (long long)bp->b_bn);
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
|
|
bool
|
|
xfs_dinode_good_version(
|
|
struct xfs_mount *mp,
|
|
__u8 version)
|
|
{
|
|
if (xfs_sb_version_hascrc(&mp->m_sb))
|
|
return version == 3;
|
|
|
|
return version == 1 || version == 2;
|
|
}
|
|
|
|
/*
|
|
* If we are doing readahead on an inode buffer, we might be in log recovery
|
|
* reading an inode allocation buffer that hasn't yet been replayed, and hence
|
|
* has not had the inode cores stamped into it. Hence for readahead, the buffer
|
|
* may be potentially invalid.
|
|
*
|
|
* If the readahead buffer is invalid, we need to mark it with an error and
|
|
* clear the DONE status of the buffer so that a followup read will re-read it
|
|
* from disk. We don't report the error otherwise to avoid warnings during log
|
|
* recovery and we don't get unnecssary panics on debug kernels. We use EIO here
|
|
* because all we want to do is say readahead failed; there is no-one to report
|
|
* the error to, so this will distinguish it from a non-ra verifier failure.
|
|
* Changes to this readahead error behavour also need to be reflected in
|
|
* xfs_dquot_buf_readahead_verify().
|
|
*/
|
|
static void
|
|
xfs_inode_buf_verify(
|
|
struct xfs_buf *bp,
|
|
bool readahead)
|
|
{
|
|
struct xfs_mount *mp = bp->b_target->bt_mount;
|
|
int i;
|
|
int ni;
|
|
|
|
/*
|
|
* Validate the magic number and version of every inode in the buffer
|
|
*/
|
|
ni = XFS_BB_TO_FSB(mp, bp->b_length) * mp->m_sb.sb_inopblock;
|
|
for (i = 0; i < ni; i++) {
|
|
int di_ok;
|
|
xfs_dinode_t *dip;
|
|
|
|
dip = xfs_buf_offset(bp, (i << mp->m_sb.sb_inodelog));
|
|
di_ok = dip->di_magic == cpu_to_be16(XFS_DINODE_MAGIC) &&
|
|
xfs_dinode_good_version(mp, dip->di_version);
|
|
if (unlikely(XFS_TEST_ERROR(!di_ok, mp,
|
|
XFS_ERRTAG_ITOBP_INOTOBP))) {
|
|
if (readahead) {
|
|
bp->b_flags &= ~XBF_DONE;
|
|
xfs_buf_ioerror(bp, -EIO);
|
|
return;
|
|
}
|
|
|
|
xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
|
|
#ifdef DEBUG
|
|
xfs_alert(mp,
|
|
"bad inode magic/vsn daddr %lld #%d (magic=%x)",
|
|
(unsigned long long)bp->b_bn, i,
|
|
be16_to_cpu(dip->di_magic));
|
|
#endif
|
|
}
|
|
}
|
|
xfs_inobp_check(mp, bp);
|
|
}
|
|
|
|
|
|
static void
|
|
xfs_inode_buf_read_verify(
|
|
struct xfs_buf *bp)
|
|
{
|
|
xfs_inode_buf_verify(bp, false);
|
|
}
|
|
|
|
static void
|
|
xfs_inode_buf_readahead_verify(
|
|
struct xfs_buf *bp)
|
|
{
|
|
xfs_inode_buf_verify(bp, true);
|
|
}
|
|
|
|
static void
|
|
xfs_inode_buf_write_verify(
|
|
struct xfs_buf *bp)
|
|
{
|
|
xfs_inode_buf_verify(bp, false);
|
|
}
|
|
|
|
const struct xfs_buf_ops xfs_inode_buf_ops = {
|
|
.name = "xfs_inode",
|
|
.verify_read = xfs_inode_buf_read_verify,
|
|
.verify_write = xfs_inode_buf_write_verify,
|
|
};
|
|
|
|
const struct xfs_buf_ops xfs_inode_buf_ra_ops = {
|
|
.name = "xxfs_inode_ra",
|
|
.verify_read = xfs_inode_buf_readahead_verify,
|
|
.verify_write = xfs_inode_buf_write_verify,
|
|
};
|
|
|
|
|
|
/*
|
|
* This routine is called to map an inode to the buffer containing the on-disk
|
|
* version of the inode. It returns a pointer to the buffer containing the
|
|
* on-disk inode in the bpp parameter, and in the dipp parameter it returns a
|
|
* pointer to the on-disk inode within that buffer.
|
|
*
|
|
* If a non-zero error is returned, then the contents of bpp and dipp are
|
|
* undefined.
|
|
*/
|
|
int
|
|
xfs_imap_to_bp(
|
|
struct xfs_mount *mp,
|
|
struct xfs_trans *tp,
|
|
struct xfs_imap *imap,
|
|
struct xfs_dinode **dipp,
|
|
struct xfs_buf **bpp,
|
|
uint buf_flags,
|
|
uint iget_flags)
|
|
{
|
|
struct xfs_buf *bp;
|
|
int error;
|
|
|
|
buf_flags |= XBF_UNMAPPED;
|
|
error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, imap->im_blkno,
|
|
(int)imap->im_len, buf_flags, &bp,
|
|
&xfs_inode_buf_ops);
|
|
if (error) {
|
|
if (error == -EAGAIN) {
|
|
ASSERT(buf_flags & XBF_TRYLOCK);
|
|
return error;
|
|
}
|
|
|
|
if (error == -EFSCORRUPTED &&
|
|
(iget_flags & XFS_IGET_UNTRUSTED))
|
|
return -EINVAL;
|
|
|
|
xfs_warn(mp, "%s: xfs_trans_read_buf() returned error %d.",
|
|
__func__, error);
|
|
return error;
|
|
}
|
|
|
|
*bpp = bp;
|
|
*dipp = xfs_buf_offset(bp, imap->im_boffset);
|
|
return 0;
|
|
}
|
|
|
|
void
|
|
xfs_inode_from_disk(
|
|
struct xfs_inode *ip,
|
|
struct xfs_dinode *from)
|
|
{
|
|
struct xfs_icdinode *to = &ip->i_d;
|
|
struct inode *inode = VFS_I(ip);
|
|
|
|
|
|
/*
|
|
* Convert v1 inodes immediately to v2 inode format as this is the
|
|
* minimum inode version format we support in the rest of the code.
|
|
*/
|
|
to->di_version = from->di_version;
|
|
if (to->di_version == 1) {
|
|
set_nlink(inode, be16_to_cpu(from->di_onlink));
|
|
to->di_projid_lo = 0;
|
|
to->di_projid_hi = 0;
|
|
to->di_version = 2;
|
|
} else {
|
|
set_nlink(inode, be32_to_cpu(from->di_nlink));
|
|
to->di_projid_lo = be16_to_cpu(from->di_projid_lo);
|
|
to->di_projid_hi = be16_to_cpu(from->di_projid_hi);
|
|
}
|
|
|
|
to->di_format = from->di_format;
|
|
to->di_uid = be32_to_cpu(from->di_uid);
|
|
to->di_gid = be32_to_cpu(from->di_gid);
|
|
to->di_flushiter = be16_to_cpu(from->di_flushiter);
|
|
|
|
/*
|
|
* Time is signed, so need to convert to signed 32 bit before
|
|
* storing in inode timestamp which may be 64 bit. Otherwise
|
|
* a time before epoch is converted to a time long after epoch
|
|
* on 64 bit systems.
|
|
*/
|
|
inode->i_atime.tv_sec = (int)be32_to_cpu(from->di_atime.t_sec);
|
|
inode->i_atime.tv_nsec = (int)be32_to_cpu(from->di_atime.t_nsec);
|
|
inode->i_mtime.tv_sec = (int)be32_to_cpu(from->di_mtime.t_sec);
|
|
inode->i_mtime.tv_nsec = (int)be32_to_cpu(from->di_mtime.t_nsec);
|
|
inode->i_ctime.tv_sec = (int)be32_to_cpu(from->di_ctime.t_sec);
|
|
inode->i_ctime.tv_nsec = (int)be32_to_cpu(from->di_ctime.t_nsec);
|
|
inode->i_generation = be32_to_cpu(from->di_gen);
|
|
inode->i_mode = be16_to_cpu(from->di_mode);
|
|
|
|
to->di_size = be64_to_cpu(from->di_size);
|
|
to->di_nblocks = be64_to_cpu(from->di_nblocks);
|
|
to->di_extsize = be32_to_cpu(from->di_extsize);
|
|
to->di_nextents = be32_to_cpu(from->di_nextents);
|
|
to->di_anextents = be16_to_cpu(from->di_anextents);
|
|
to->di_forkoff = from->di_forkoff;
|
|
to->di_aformat = from->di_aformat;
|
|
to->di_dmevmask = be32_to_cpu(from->di_dmevmask);
|
|
to->di_dmstate = be16_to_cpu(from->di_dmstate);
|
|
to->di_flags = be16_to_cpu(from->di_flags);
|
|
|
|
if (to->di_version == 3) {
|
|
inode_set_iversion_queried(inode,
|
|
be64_to_cpu(from->di_changecount));
|
|
to->di_crtime.t_sec = be32_to_cpu(from->di_crtime.t_sec);
|
|
to->di_crtime.t_nsec = be32_to_cpu(from->di_crtime.t_nsec);
|
|
to->di_flags2 = be64_to_cpu(from->di_flags2);
|
|
to->di_cowextsize = be32_to_cpu(from->di_cowextsize);
|
|
}
|
|
}
|
|
|
|
void
|
|
xfs_inode_to_disk(
|
|
struct xfs_inode *ip,
|
|
struct xfs_dinode *to,
|
|
xfs_lsn_t lsn)
|
|
{
|
|
struct xfs_icdinode *from = &ip->i_d;
|
|
struct inode *inode = VFS_I(ip);
|
|
|
|
to->di_magic = cpu_to_be16(XFS_DINODE_MAGIC);
|
|
to->di_onlink = 0;
|
|
|
|
to->di_version = from->di_version;
|
|
to->di_format = from->di_format;
|
|
to->di_uid = cpu_to_be32(from->di_uid);
|
|
to->di_gid = cpu_to_be32(from->di_gid);
|
|
to->di_projid_lo = cpu_to_be16(from->di_projid_lo);
|
|
to->di_projid_hi = cpu_to_be16(from->di_projid_hi);
|
|
|
|
memset(to->di_pad, 0, sizeof(to->di_pad));
|
|
to->di_atime.t_sec = cpu_to_be32(inode->i_atime.tv_sec);
|
|
to->di_atime.t_nsec = cpu_to_be32(inode->i_atime.tv_nsec);
|
|
to->di_mtime.t_sec = cpu_to_be32(inode->i_mtime.tv_sec);
|
|
to->di_mtime.t_nsec = cpu_to_be32(inode->i_mtime.tv_nsec);
|
|
to->di_ctime.t_sec = cpu_to_be32(inode->i_ctime.tv_sec);
|
|
to->di_ctime.t_nsec = cpu_to_be32(inode->i_ctime.tv_nsec);
|
|
to->di_nlink = cpu_to_be32(inode->i_nlink);
|
|
to->di_gen = cpu_to_be32(inode->i_generation);
|
|
to->di_mode = cpu_to_be16(inode->i_mode);
|
|
|
|
to->di_size = cpu_to_be64(from->di_size);
|
|
to->di_nblocks = cpu_to_be64(from->di_nblocks);
|
|
to->di_extsize = cpu_to_be32(from->di_extsize);
|
|
to->di_nextents = cpu_to_be32(from->di_nextents);
|
|
to->di_anextents = cpu_to_be16(from->di_anextents);
|
|
to->di_forkoff = from->di_forkoff;
|
|
to->di_aformat = from->di_aformat;
|
|
to->di_dmevmask = cpu_to_be32(from->di_dmevmask);
|
|
to->di_dmstate = cpu_to_be16(from->di_dmstate);
|
|
to->di_flags = cpu_to_be16(from->di_flags);
|
|
|
|
if (from->di_version == 3) {
|
|
to->di_changecount = cpu_to_be64(inode_peek_iversion(inode));
|
|
to->di_crtime.t_sec = cpu_to_be32(from->di_crtime.t_sec);
|
|
to->di_crtime.t_nsec = cpu_to_be32(from->di_crtime.t_nsec);
|
|
to->di_flags2 = cpu_to_be64(from->di_flags2);
|
|
to->di_cowextsize = cpu_to_be32(from->di_cowextsize);
|
|
to->di_ino = cpu_to_be64(ip->i_ino);
|
|
to->di_lsn = cpu_to_be64(lsn);
|
|
memset(to->di_pad2, 0, sizeof(to->di_pad2));
|
|
uuid_copy(&to->di_uuid, &ip->i_mount->m_sb.sb_meta_uuid);
|
|
to->di_flushiter = 0;
|
|
} else {
|
|
to->di_flushiter = cpu_to_be16(from->di_flushiter);
|
|
}
|
|
}
|
|
|
|
void
|
|
xfs_log_dinode_to_disk(
|
|
struct xfs_log_dinode *from,
|
|
struct xfs_dinode *to)
|
|
{
|
|
to->di_magic = cpu_to_be16(from->di_magic);
|
|
to->di_mode = cpu_to_be16(from->di_mode);
|
|
to->di_version = from->di_version;
|
|
to->di_format = from->di_format;
|
|
to->di_onlink = 0;
|
|
to->di_uid = cpu_to_be32(from->di_uid);
|
|
to->di_gid = cpu_to_be32(from->di_gid);
|
|
to->di_nlink = cpu_to_be32(from->di_nlink);
|
|
to->di_projid_lo = cpu_to_be16(from->di_projid_lo);
|
|
to->di_projid_hi = cpu_to_be16(from->di_projid_hi);
|
|
memcpy(to->di_pad, from->di_pad, sizeof(to->di_pad));
|
|
|
|
to->di_atime.t_sec = cpu_to_be32(from->di_atime.t_sec);
|
|
to->di_atime.t_nsec = cpu_to_be32(from->di_atime.t_nsec);
|
|
to->di_mtime.t_sec = cpu_to_be32(from->di_mtime.t_sec);
|
|
to->di_mtime.t_nsec = cpu_to_be32(from->di_mtime.t_nsec);
|
|
to->di_ctime.t_sec = cpu_to_be32(from->di_ctime.t_sec);
|
|
to->di_ctime.t_nsec = cpu_to_be32(from->di_ctime.t_nsec);
|
|
|
|
to->di_size = cpu_to_be64(from->di_size);
|
|
to->di_nblocks = cpu_to_be64(from->di_nblocks);
|
|
to->di_extsize = cpu_to_be32(from->di_extsize);
|
|
to->di_nextents = cpu_to_be32(from->di_nextents);
|
|
to->di_anextents = cpu_to_be16(from->di_anextents);
|
|
to->di_forkoff = from->di_forkoff;
|
|
to->di_aformat = from->di_aformat;
|
|
to->di_dmevmask = cpu_to_be32(from->di_dmevmask);
|
|
to->di_dmstate = cpu_to_be16(from->di_dmstate);
|
|
to->di_flags = cpu_to_be16(from->di_flags);
|
|
to->di_gen = cpu_to_be32(from->di_gen);
|
|
|
|
if (from->di_version == 3) {
|
|
to->di_changecount = cpu_to_be64(from->di_changecount);
|
|
to->di_crtime.t_sec = cpu_to_be32(from->di_crtime.t_sec);
|
|
to->di_crtime.t_nsec = cpu_to_be32(from->di_crtime.t_nsec);
|
|
to->di_flags2 = cpu_to_be64(from->di_flags2);
|
|
to->di_cowextsize = cpu_to_be32(from->di_cowextsize);
|
|
to->di_ino = cpu_to_be64(from->di_ino);
|
|
to->di_lsn = cpu_to_be64(from->di_lsn);
|
|
memcpy(to->di_pad2, from->di_pad2, sizeof(to->di_pad2));
|
|
uuid_copy(&to->di_uuid, &from->di_uuid);
|
|
to->di_flushiter = 0;
|
|
} else {
|
|
to->di_flushiter = cpu_to_be16(from->di_flushiter);
|
|
}
|
|
}
|
|
|
|
xfs_failaddr_t
|
|
xfs_dinode_verify(
|
|
struct xfs_mount *mp,
|
|
xfs_ino_t ino,
|
|
struct xfs_dinode *dip)
|
|
{
|
|
uint16_t mode;
|
|
uint16_t flags;
|
|
uint64_t flags2;
|
|
uint64_t di_size;
|
|
|
|
if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
|
|
return __this_address;
|
|
|
|
/* Verify v3 integrity information first */
|
|
if (dip->di_version >= 3) {
|
|
if (!xfs_sb_version_hascrc(&mp->m_sb))
|
|
return __this_address;
|
|
if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
|
|
XFS_DINODE_CRC_OFF))
|
|
return __this_address;
|
|
if (be64_to_cpu(dip->di_ino) != ino)
|
|
return __this_address;
|
|
if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
|
|
return __this_address;
|
|
}
|
|
|
|
/* don't allow invalid i_size */
|
|
di_size = be64_to_cpu(dip->di_size);
|
|
if (di_size & (1ULL << 63))
|
|
return __this_address;
|
|
|
|
mode = be16_to_cpu(dip->di_mode);
|
|
if (mode && xfs_mode_to_ftype(mode) == XFS_DIR3_FT_UNKNOWN)
|
|
return __this_address;
|
|
|
|
/* No zero-length symlinks/dirs. */
|
|
if ((S_ISLNK(mode) || S_ISDIR(mode)) && di_size == 0)
|
|
return __this_address;
|
|
|
|
/* Fork checks carried over from xfs_iformat_fork */
|
|
if (mode &&
|
|
be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) >
|
|
be64_to_cpu(dip->di_nblocks))
|
|
return __this_address;
|
|
|
|
if (mode && XFS_DFORK_BOFF(dip) > mp->m_sb.sb_inodesize)
|
|
return __this_address;
|
|
|
|
flags = be16_to_cpu(dip->di_flags);
|
|
|
|
if (mode && (flags & XFS_DIFLAG_REALTIME) && !mp->m_rtdev_targp)
|
|
return __this_address;
|
|
|
|
/* Do we have appropriate data fork formats for the mode? */
|
|
switch (mode & S_IFMT) {
|
|
case S_IFIFO:
|
|
case S_IFCHR:
|
|
case S_IFBLK:
|
|
case S_IFSOCK:
|
|
if (dip->di_format != XFS_DINODE_FMT_DEV)
|
|
return __this_address;
|
|
break;
|
|
case S_IFREG:
|
|
case S_IFLNK:
|
|
case S_IFDIR:
|
|
switch (dip->di_format) {
|
|
case XFS_DINODE_FMT_LOCAL:
|
|
/*
|
|
* no local regular files yet
|
|
*/
|
|
if (S_ISREG(mode))
|
|
return __this_address;
|
|
if (di_size > XFS_DFORK_DSIZE(dip, mp))
|
|
return __this_address;
|
|
/* fall through */
|
|
case XFS_DINODE_FMT_EXTENTS:
|
|
case XFS_DINODE_FMT_BTREE:
|
|
break;
|
|
default:
|
|
return __this_address;
|
|
}
|
|
break;
|
|
case 0:
|
|
/* Uninitialized inode ok. */
|
|
break;
|
|
default:
|
|
return __this_address;
|
|
}
|
|
|
|
if (XFS_DFORK_Q(dip)) {
|
|
switch (dip->di_aformat) {
|
|
case XFS_DINODE_FMT_LOCAL:
|
|
case XFS_DINODE_FMT_EXTENTS:
|
|
case XFS_DINODE_FMT_BTREE:
|
|
break;
|
|
default:
|
|
return __this_address;
|
|
}
|
|
}
|
|
|
|
/* only version 3 or greater inodes are extensively verified here */
|
|
if (dip->di_version < 3)
|
|
return NULL;
|
|
|
|
flags2 = be64_to_cpu(dip->di_flags2);
|
|
|
|
/* don't allow reflink/cowextsize if we don't have reflink */
|
|
if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) &&
|
|
!xfs_sb_version_hasreflink(&mp->m_sb))
|
|
return __this_address;
|
|
|
|
/* only regular files get reflink */
|
|
if ((flags2 & XFS_DIFLAG2_REFLINK) && (mode & S_IFMT) != S_IFREG)
|
|
return __this_address;
|
|
|
|
/* don't let reflink and realtime mix */
|
|
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME))
|
|
return __this_address;
|
|
|
|
/* don't let reflink and dax mix */
|
|
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags2 & XFS_DIFLAG2_DAX))
|
|
return __this_address;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
void
|
|
xfs_dinode_calc_crc(
|
|
struct xfs_mount *mp,
|
|
struct xfs_dinode *dip)
|
|
{
|
|
uint32_t crc;
|
|
|
|
if (dip->di_version < 3)
|
|
return;
|
|
|
|
ASSERT(xfs_sb_version_hascrc(&mp->m_sb));
|
|
crc = xfs_start_cksum_update((char *)dip, mp->m_sb.sb_inodesize,
|
|
XFS_DINODE_CRC_OFF);
|
|
dip->di_crc = xfs_end_cksum(crc);
|
|
}
|
|
|
|
/*
|
|
* Read the disk inode attributes into the in-core inode structure.
|
|
*
|
|
* For version 5 superblocks, if we are initialising a new inode and we are not
|
|
* utilising the XFS_MOUNT_IKEEP inode cluster mode, we can simple build the new
|
|
* inode core with a random generation number. If we are keeping inodes around,
|
|
* we need to read the inode cluster to get the existing generation number off
|
|
* disk. Further, if we are using version 4 superblocks (i.e. v1/v2 inode
|
|
* format) then log recovery is dependent on the di_flushiter field being
|
|
* initialised from the current on-disk value and hence we must also read the
|
|
* inode off disk.
|
|
*/
|
|
int
|
|
xfs_iread(
|
|
xfs_mount_t *mp,
|
|
xfs_trans_t *tp,
|
|
xfs_inode_t *ip,
|
|
uint iget_flags)
|
|
{
|
|
xfs_buf_t *bp;
|
|
xfs_dinode_t *dip;
|
|
xfs_failaddr_t fa;
|
|
int error;
|
|
|
|
/*
|
|
* Fill in the location information in the in-core inode.
|
|
*/
|
|
error = xfs_imap(mp, tp, ip->i_ino, &ip->i_imap, iget_flags);
|
|
if (error)
|
|
return error;
|
|
|
|
/* shortcut IO on inode allocation if possible */
|
|
if ((iget_flags & XFS_IGET_CREATE) &&
|
|
xfs_sb_version_hascrc(&mp->m_sb) &&
|
|
!(mp->m_flags & XFS_MOUNT_IKEEP)) {
|
|
/* initialise the on-disk inode core */
|
|
memset(&ip->i_d, 0, sizeof(ip->i_d));
|
|
VFS_I(ip)->i_generation = prandom_u32();
|
|
if (xfs_sb_version_hascrc(&mp->m_sb))
|
|
ip->i_d.di_version = 3;
|
|
else
|
|
ip->i_d.di_version = 2;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Get pointers to the on-disk inode and the buffer containing it.
|
|
*/
|
|
error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &bp, 0, iget_flags);
|
|
if (error)
|
|
return error;
|
|
|
|
/* even unallocated inodes are verified */
|
|
fa = xfs_dinode_verify(mp, ip->i_ino, dip);
|
|
if (fa) {
|
|
xfs_inode_verifier_error(ip, -EFSCORRUPTED, "dinode", dip,
|
|
sizeof(*dip), fa);
|
|
error = -EFSCORRUPTED;
|
|
goto out_brelse;
|
|
}
|
|
|
|
/*
|
|
* If the on-disk inode is already linked to a directory
|
|
* entry, copy all of the inode into the in-core inode.
|
|
* xfs_iformat_fork() handles copying in the inode format
|
|
* specific information.
|
|
* Otherwise, just get the truly permanent information.
|
|
*/
|
|
if (dip->di_mode) {
|
|
xfs_inode_from_disk(ip, dip);
|
|
error = xfs_iformat_fork(ip, dip);
|
|
if (error) {
|
|
#ifdef DEBUG
|
|
xfs_alert(mp, "%s: xfs_iformat() returned error %d",
|
|
__func__, error);
|
|
#endif /* DEBUG */
|
|
goto out_brelse;
|
|
}
|
|
} else {
|
|
/*
|
|
* Partial initialisation of the in-core inode. Just the bits
|
|
* that xfs_ialloc won't overwrite or relies on being correct.
|
|
*/
|
|
ip->i_d.di_version = dip->di_version;
|
|
VFS_I(ip)->i_generation = be32_to_cpu(dip->di_gen);
|
|
ip->i_d.di_flushiter = be16_to_cpu(dip->di_flushiter);
|
|
|
|
/*
|
|
* Make sure to pull in the mode here as well in
|
|
* case the inode is released without being used.
|
|
* This ensures that xfs_inactive() will see that
|
|
* the inode is already free and not try to mess
|
|
* with the uninitialized part of it.
|
|
*/
|
|
VFS_I(ip)->i_mode = 0;
|
|
}
|
|
|
|
ASSERT(ip->i_d.di_version >= 2);
|
|
ip->i_delayed_blks = 0;
|
|
|
|
/*
|
|
* Mark the buffer containing the inode as something to keep
|
|
* around for a while. This helps to keep recently accessed
|
|
* meta-data in-core longer.
|
|
*/
|
|
xfs_buf_set_ref(bp, XFS_INO_REF);
|
|
|
|
/*
|
|
* Use xfs_trans_brelse() to release the buffer containing the on-disk
|
|
* inode, because it was acquired with xfs_trans_read_buf() in
|
|
* xfs_imap_to_bp() above. If tp is NULL, this is just a normal
|
|
* brelse(). If we're within a transaction, then xfs_trans_brelse()
|
|
* will only release the buffer if it is not dirty within the
|
|
* transaction. It will be OK to release the buffer in this case,
|
|
* because inodes on disk are never destroyed and we will be locking the
|
|
* new in-core inode before putting it in the cache where other
|
|
* processes can find it. Thus we don't have to worry about the inode
|
|
* being changed just because we released the buffer.
|
|
*/
|
|
out_brelse:
|
|
xfs_trans_brelse(tp, bp);
|
|
return error;
|
|
}
|