Commit 9cfb9b47 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: provide a centralized method for verifying inline fork data 



Replace the current haphazard dir2 shortform verifier callsites with a
centralized verifier function that can be called either with the default
verifier functions or with a custom set.  This helps us strengthen
integrity checking while providing us with flexibility for repair tools.

xfs_repair wants this to be able to supply its own verifier functions
when trying to fix possibly corrupt metadata.

Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
parent dc042c2d

fs/xfs/libxfs/xfs_inode_fork.c

+44 −20
Original line number Diff line number Diff line
@@ -35,6 +35,8 @@ 
#include "xfs_da_format.h"

#include "xfs_da_btree.h"

#include "xfs_dir2_priv.h"

#include "xfs_attr_leaf.h"

#include "xfs_shared.h"



kmem_zone_t *xfs_ifork_zone;
@@ -97,14 +99,6 @@ xfs_iformat_fork( 
	if (error)

		return error;



	/* Check inline dir contents. */

	if (S_ISDIR(inode->i_mode) && dip->di_format == XFS_DINODE_FMT_LOCAL) {

		if (xfs_dir2_sf_verify(ip)) {

			xfs_idestroy_fork(ip, XFS_DATA_FORK);

			return -EFSCORRUPTED;

		}

	}



	if (xfs_is_reflink_inode(ip)) {

		ASSERT(ip->i_cowfp == NULL);

		xfs_ifork_init_cow(ip);
@@ -121,18 +115,6 @@ xfs_iformat_fork( 
		atp = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);

		size = be16_to_cpu(atp->hdr.totsize);



		if (unlikely(size < sizeof(struct xfs_attr_sf_hdr))) {

			xfs_warn(ip->i_mount,

				"corrupt inode %Lu (bad attr fork size %Ld).",

				(unsigned long long) ip->i_ino,

				(long long) size);

			XFS_CORRUPTION_ERROR("xfs_iformat(8)",

					     XFS_ERRLEVEL_LOW,

					     ip->i_mount, dip);

			error = -EFSCORRUPTED;

			break;

		}



		error = xfs_iformat_local(ip, dip, XFS_ATTR_FORK, size);

		break;

	case XFS_DINODE_FMT_EXTENTS:
@@ -740,3 +722,45 @@ xfs_ifork_init_cow( 
	ip->i_cformat = XFS_DINODE_FMT_EXTENTS;

	ip->i_cnextents = 0;

}



/* Default fork content verifiers. */

struct xfs_ifork_ops xfs_default_ifork_ops = {

	.verify_attr	= xfs_attr_shortform_verify,

	.verify_dir	= xfs_dir2_sf_verify,

	.verify_symlink	= xfs_symlink_shortform_verify,

};



/* Verify the inline contents of the data fork of an inode. */

xfs_failaddr_t

xfs_ifork_verify_data(

	struct xfs_inode	*ip,

	struct xfs_ifork_ops	*ops)

{

	/* Non-local data fork, we're done. */

	if (ip->i_d.di_format != XFS_DINODE_FMT_LOCAL)

		return NULL;



	/* Check the inline data fork if there is one. */

	switch (VFS_I(ip)->i_mode & S_IFMT) {

	case S_IFDIR:

		return ops->verify_dir(ip);

	case S_IFLNK:

		return ops->verify_symlink(ip);

	default:

		return NULL;

	}

}



/* Verify the inline contents of the attr fork of an inode. */

xfs_failaddr_t

xfs_ifork_verify_attr(

	struct xfs_inode	*ip,

	struct xfs_ifork_ops	*ops)

{

	/* There has to be an attr fork allocated if aformat is local. */

	if (ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)

		return NULL;

	if (!XFS_IFORK_PTR(ip, XFS_ATTR_FORK))

		return __this_address;

	return ops->verify_attr(ip);

}

fs/xfs/libxfs/xfs_inode_fork.h

+14 −0
Original line number Diff line number Diff line
@@ -186,4 +186,18 @@ extern struct kmem_zone *xfs_ifork_zone; 


extern void xfs_ifork_init_cow(struct xfs_inode *ip);



typedef xfs_failaddr_t (*xfs_ifork_verifier_t)(struct xfs_inode *);



struct xfs_ifork_ops {

	xfs_ifork_verifier_t	verify_symlink;

	xfs_ifork_verifier_t	verify_dir;

	xfs_ifork_verifier_t	verify_attr;

};

extern struct xfs_ifork_ops	xfs_default_ifork_ops;



xfs_failaddr_t xfs_ifork_verify_data(struct xfs_inode *ip,

		struct xfs_ifork_ops *ops);

xfs_failaddr_t xfs_ifork_verify_attr(struct xfs_inode *ip,

		struct xfs_ifork_ops *ops);



#endif	/* __XFS_INODE_FORK_H__ */

fs/xfs/xfs_icache.c

+5 −0
Original line number Diff line number Diff line
@@ -473,6 +473,11 @@ xfs_iget_cache_miss( 
	if (error)

		goto out_destroy;



	if (!xfs_inode_verify_forks(ip)) {

		error = -EFSCORRUPTED;

		goto out_destroy;

	}



	trace_xfs_iget_miss(ip);



	if ((VFS_I(ip)->i_mode == 0) && !(flags & XFS_IGET_CREATE)) {

fs/xfs/xfs_inode.c

+30 −4
Original line number Diff line number Diff line
@@ -3479,6 +3479,34 @@ xfs_iflush( 
	return error;

}



/*

 * If there are inline format data / attr forks attached to this inode,

 * make sure they're not corrupt.

 */

bool

xfs_inode_verify_forks(

	struct xfs_inode	*ip)

{

	xfs_failaddr_t		fa;



	fa = xfs_ifork_verify_data(ip, &xfs_default_ifork_ops);

	if (fa) {

		xfs_alert(ip->i_mount,

				"%s: bad inode %llu inline data fork at %pF",

				__func__, ip->i_ino, fa);

		return false;

	}



	fa = xfs_ifork_verify_attr(ip, &xfs_default_ifork_ops);

	if (fa) {

		xfs_alert(ip->i_mount,

				"%s: bad inode %llu inline attr fork at %pF",

				__func__, ip->i_ino, fa);

		return false;

	}

	return true;

}



STATIC int

xfs_iflush_int(

	struct xfs_inode	*ip,
@@ -3557,10 +3585,8 @@ xfs_iflush_int( 
	if (ip->i_d.di_version < 3)

		ip->i_d.di_flushiter++;



	/* Check the inline directory data. */

	if (S_ISDIR(VFS_I(ip)->i_mode) &&

	    ip->i_d.di_format == XFS_DINODE_FMT_LOCAL &&

	    xfs_dir2_sf_verify(ip))

	/* Check the inline fork data before we write out. */

	if (!xfs_inode_verify_forks(ip))

		goto corrupt_out;



	/*

fs/xfs/xfs_inode.h

+2 −0
Original line number Diff line number Diff line
@@ -491,4 +491,6 @@ extern struct kmem_zone *xfs_inode_zone; 
/* The default CoW extent size hint. */

#define XFS_DEFAULT_COWEXTSZ_HINT 32



bool xfs_inode_verify_forks(struct xfs_inode *ip);



#endif	/* __XFS_INODE_H__ */