2023-04-12 01:59:56 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2017-10-18 04:37:46 +00:00
|
|
|
/*
|
2023-04-12 01:59:57 +00:00
|
|
|
* Copyright (C) 2017-2023 Oracle. All Rights Reserved.
|
2023-04-12 01:59:56 +00:00
|
|
|
* Author: Darrick J. Wong <djwong@kernel.org>
|
2017-10-18 04:37:46 +00:00
|
|
|
*/
|
|
|
|
#include "xfs.h"
|
|
|
|
#include "xfs_fs.h"
|
|
|
|
#include "xfs_shared.h"
|
|
|
|
#include "xfs_format.h"
|
|
|
|
#include "xfs_trans_resv.h"
|
|
|
|
#include "xfs_mount.h"
|
|
|
|
#include "xfs_log_format.h"
|
2024-04-15 21:54:53 +00:00
|
|
|
#include "xfs_trans.h"
|
2017-10-18 04:37:46 +00:00
|
|
|
#include "xfs_inode.h"
|
|
|
|
#include "xfs_icache.h"
|
|
|
|
#include "xfs_dir2.h"
|
|
|
|
#include "xfs_dir2_priv.h"
|
|
|
|
#include "scrub/scrub.h"
|
|
|
|
#include "scrub/common.h"
|
2023-04-12 02:00:17 +00:00
|
|
|
#include "scrub/readdir.h"
|
2024-04-15 21:54:51 +00:00
|
|
|
#include "scrub/tempfile.h"
|
2024-04-15 21:54:53 +00:00
|
|
|
#include "scrub/repair.h"
|
2017-10-18 04:37:46 +00:00
|
|
|
|
|
|
|
/* Set us up to scrub parents. */
|
|
|
|
int
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_setup_parent(
|
2021-04-08 00:59:39 +00:00
|
|
|
struct xfs_scrub *sc)
|
2017-10-18 04:37:46 +00:00
|
|
|
{
|
2024-04-15 21:54:53 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if (xchk_could_repair(sc)) {
|
|
|
|
error = xrep_setup_parent(sc);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2021-04-08 00:59:39 +00:00
|
|
|
return xchk_setup_inode_contents(sc, 0);
|
2017-10-18 04:37:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Parent pointers */
|
|
|
|
|
|
|
|
/* Look for an entry in a parent pointing to this inode. */
|
|
|
|
|
2018-07-19 19:29:11 +00:00
|
|
|
struct xchk_parent_ctx {
|
2019-11-26 02:43:10 +00:00
|
|
|
struct xfs_scrub *sc;
|
2018-07-19 19:29:12 +00:00
|
|
|
xfs_nlink_t nlink;
|
2017-10-18 04:37:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* Look for a single entry in a directory pointing to an inode. */
|
2023-04-12 02:00:17 +00:00
|
|
|
STATIC int
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_parent_actor(
|
2023-04-12 02:00:17 +00:00
|
|
|
struct xfs_scrub *sc,
|
|
|
|
struct xfs_inode *dp,
|
|
|
|
xfs_dir2_dataptr_t dapos,
|
|
|
|
const struct xfs_name *name,
|
|
|
|
xfs_ino_t ino,
|
|
|
|
void *priv)
|
2017-10-18 04:37:46 +00:00
|
|
|
{
|
2023-04-12 02:00:17 +00:00
|
|
|
struct xchk_parent_ctx *spc = priv;
|
2019-11-26 02:43:10 +00:00
|
|
|
int error = 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
|
2023-04-12 02:00:17 +00:00
|
|
|
/* Does this name make sense? */
|
|
|
|
if (!xfs_dir2_namecheck(name->name, name->len))
|
|
|
|
error = -EFSCORRUPTED;
|
|
|
|
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0, &error))
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (sc->ip->i_ino == ino)
|
2017-10-18 04:37:46 +00:00
|
|
|
spc->nlink++;
|
2019-11-26 02:43:10 +00:00
|
|
|
|
|
|
|
if (xchk_should_terminate(spc->sc, &error))
|
2023-04-12 02:00:17 +00:00
|
|
|
return error;
|
2019-11-26 02:43:10 +00:00
|
|
|
|
2023-04-12 02:00:17 +00:00
|
|
|
return 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2023-04-12 02:00:20 +00:00
|
|
|
* Try to lock a parent directory for checking dirents. Returns the inode
|
|
|
|
* flags for the locks we now hold, or zero if we failed.
|
|
|
|
*/
|
|
|
|
STATIC unsigned int
|
|
|
|
xchk_parent_ilock_dir(
|
|
|
|
struct xfs_inode *dp)
|
|
|
|
{
|
|
|
|
if (!xfs_ilock_nowait(dp, XFS_ILOCK_SHARED))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!xfs_need_iread_extents(&dp->i_df))
|
|
|
|
return XFS_ILOCK_SHARED;
|
|
|
|
|
|
|
|
xfs_iunlock(dp, XFS_ILOCK_SHARED);
|
|
|
|
|
|
|
|
if (!xfs_ilock_nowait(dp, XFS_ILOCK_EXCL))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return XFS_ILOCK_EXCL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given the inode number of the alleged parent of the inode being scrubbed,
|
|
|
|
* try to validate that the parent has exactly one directory entry pointing
|
|
|
|
* back to the inode being scrubbed. Returns -EAGAIN if we need to revalidate
|
|
|
|
* the dotdot entry.
|
2017-10-18 04:37:46 +00:00
|
|
|
*/
|
|
|
|
STATIC int
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_parent_validate(
|
2018-07-19 19:29:12 +00:00
|
|
|
struct xfs_scrub *sc,
|
2023-04-12 02:00:20 +00:00
|
|
|
xfs_ino_t parent_ino)
|
2017-10-18 04:37:46 +00:00
|
|
|
{
|
2023-04-12 02:00:19 +00:00
|
|
|
struct xchk_parent_ctx spc = {
|
|
|
|
.sc = sc,
|
|
|
|
.nlink = 0,
|
|
|
|
};
|
2018-07-19 19:29:12 +00:00
|
|
|
struct xfs_mount *mp = sc->mp;
|
|
|
|
struct xfs_inode *dp = NULL;
|
|
|
|
xfs_nlink_t expected_nlink;
|
2023-04-12 02:00:20 +00:00
|
|
|
unsigned int lock_mode;
|
2018-07-19 19:29:12 +00:00
|
|
|
int error = 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
|
2023-04-12 02:00:19 +00:00
|
|
|
/* Is this the root dir? Then '..' must point to itself. */
|
|
|
|
if (sc->ip == mp->m_rootip) {
|
|
|
|
if (sc->ip->i_ino != mp->m_sb.sb_rootino ||
|
|
|
|
sc->ip->i_ino != parent_ino)
|
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2023-04-12 02:00:20 +00:00
|
|
|
return 0;
|
2023-04-12 02:00:19 +00:00
|
|
|
}
|
2018-05-14 13:34:32 +00:00
|
|
|
|
2017-10-18 04:37:46 +00:00
|
|
|
/* '..' must not point to ourselves. */
|
2023-04-12 02:00:19 +00:00
|
|
|
if (sc->ip->i_ino == parent_ino) {
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2023-04-12 02:00:20 +00:00
|
|
|
return 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're an unlinked directory, the parent /won't/ have a link
|
|
|
|
* to us. Otherwise, it should have one link.
|
|
|
|
*/
|
|
|
|
expected_nlink = VFS_I(sc->ip)->i_nlink == 0 ? 0 : 1;
|
|
|
|
|
|
|
|
/*
|
xfs: manage inode DONTCACHE status at irele time
Right now, there are statements scattered all over the online fsck
codebase about how we can't use XFS_IGET_DONTCACHE because of concerns
about scrub's unusual practice of releasing inodes with transactions
held.
However, iget is the wrong place to handle this -- the DONTCACHE state
doesn't matter at all until we try to *release* the inode, and here we
get things wrong in multiple ways:
First, if we /do/ have a transaction, we must NOT drop the inode,
because the inode could have dirty pages, dropping the inode will
trigger writeback, and writeback can trigger a nested transaction.
Second, if the inode already had an active reference and the DONTCACHE
flag set, the icache hit when scrub grabs another ref will not clear
DONTCACHE. This is sort of by design, since DONTCACHE is now used to
initiate cache drops so that sysadmins can change a file's access mode
between pagecache and DAX.
Third, if we do actually have the last active reference to the inode, we
can set DONTCACHE to avoid polluting the cache. This is the /one/ case
where we actually want that flag.
Create an xchk_irele helper to encode all that logic and switch the
online fsck code to use it. Since this now means that nearly all
scrubbers use the same xfs_iget flags, we can wrap them too.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
2023-04-12 02:00:20 +00:00
|
|
|
* Grab the parent directory inode. This must be released before we
|
|
|
|
* cancel the scrub transaction.
|
2018-03-23 17:06:56 +00:00
|
|
|
*
|
2020-12-02 20:25:44 +00:00
|
|
|
* If _iget returns -EINVAL or -ENOENT then the parent inode number is
|
|
|
|
* garbage and the directory is corrupt. If the _iget returns
|
|
|
|
* -EFSCORRUPTED or -EFSBADCRC then the parent is corrupt which is a
|
|
|
|
* cross referencing error. Any other error is an operational error.
|
2017-10-18 04:37:46 +00:00
|
|
|
*/
|
xfs: manage inode DONTCACHE status at irele time
Right now, there are statements scattered all over the online fsck
codebase about how we can't use XFS_IGET_DONTCACHE because of concerns
about scrub's unusual practice of releasing inodes with transactions
held.
However, iget is the wrong place to handle this -- the DONTCACHE state
doesn't matter at all until we try to *release* the inode, and here we
get things wrong in multiple ways:
First, if we /do/ have a transaction, we must NOT drop the inode,
because the inode could have dirty pages, dropping the inode will
trigger writeback, and writeback can trigger a nested transaction.
Second, if the inode already had an active reference and the DONTCACHE
flag set, the icache hit when scrub grabs another ref will not clear
DONTCACHE. This is sort of by design, since DONTCACHE is now used to
initiate cache drops so that sysadmins can change a file's access mode
between pagecache and DAX.
Third, if we do actually have the last active reference to the inode, we
can set DONTCACHE to avoid polluting the cache. This is the /one/ case
where we actually want that flag.
Create an xchk_irele helper to encode all that logic and switch the
online fsck code to use it. Since this now means that nearly all
scrubbers use the same xfs_iget flags, we can wrap them too.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
2023-04-12 02:00:20 +00:00
|
|
|
error = xchk_iget(sc, parent_ino, &dp);
|
2020-12-02 20:25:44 +00:00
|
|
|
if (error == -EINVAL || error == -ENOENT) {
|
2018-03-23 17:06:56 +00:00
|
|
|
error = -EFSCORRUPTED;
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_process_error(sc, XFS_DATA_FORK, 0, &error);
|
2023-04-12 02:00:20 +00:00
|
|
|
return error;
|
2018-03-23 17:06:56 +00:00
|
|
|
}
|
2018-07-19 19:29:11 +00:00
|
|
|
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0, &error))
|
2023-04-12 02:00:20 +00:00
|
|
|
return error;
|
2024-04-15 21:54:51 +00:00
|
|
|
if (dp == sc->ip || xrep_is_tempfile(dp) ||
|
|
|
|
!S_ISDIR(VFS_I(dp)->i_mode)) {
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2017-10-18 04:37:46 +00:00
|
|
|
goto out_rele;
|
|
|
|
}
|
|
|
|
|
2023-04-12 02:00:20 +00:00
|
|
|
lock_mode = xchk_parent_ilock_dir(dp);
|
|
|
|
if (!lock_mode) {
|
2023-08-10 14:48:08 +00:00
|
|
|
xchk_iunlock(sc, XFS_ILOCK_EXCL);
|
|
|
|
xchk_ilock(sc, XFS_ILOCK_EXCL);
|
2023-04-12 02:00:20 +00:00
|
|
|
error = -EAGAIN;
|
2018-05-14 13:34:34 +00:00
|
|
|
goto out_rele;
|
2023-04-12 02:00:19 +00:00
|
|
|
}
|
2017-10-18 04:37:46 +00:00
|
|
|
|
2023-12-15 18:03:37 +00:00
|
|
|
/*
|
|
|
|
* We cannot yet validate this parent pointer if the directory looks as
|
|
|
|
* though it has been zapped by the inode record repair code.
|
|
|
|
*/
|
|
|
|
if (xchk_dir_looks_zapped(dp)) {
|
|
|
|
error = -EBUSY;
|
|
|
|
xchk_set_incomplete(sc);
|
|
|
|
goto out_unlock;
|
|
|
|
}
|
|
|
|
|
2023-04-12 02:00:20 +00:00
|
|
|
/* Look for a directory entry in the parent pointing to the child. */
|
2023-04-12 02:00:19 +00:00
|
|
|
error = xchk_dir_walk(sc, dp, xchk_parent_actor, &spc);
|
2018-07-19 19:29:11 +00:00
|
|
|
if (!xchk_fblock_xref_process_error(sc, XFS_DATA_FORK, 0, &error))
|
2017-10-18 04:37:46 +00:00
|
|
|
goto out_unlock;
|
|
|
|
|
2023-04-12 02:00:20 +00:00
|
|
|
/*
|
|
|
|
* Ensure that the parent has as many links to the child as the child
|
|
|
|
* thinks it has to the parent.
|
|
|
|
*/
|
2023-04-12 02:00:19 +00:00
|
|
|
if (spc.nlink != expected_nlink)
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2017-10-18 04:37:46 +00:00
|
|
|
|
|
|
|
out_unlock:
|
2023-04-12 02:00:20 +00:00
|
|
|
xfs_iunlock(dp, lock_mode);
|
2017-10-18 04:37:46 +00:00
|
|
|
out_rele:
|
xfs: manage inode DONTCACHE status at irele time
Right now, there are statements scattered all over the online fsck
codebase about how we can't use XFS_IGET_DONTCACHE because of concerns
about scrub's unusual practice of releasing inodes with transactions
held.
However, iget is the wrong place to handle this -- the DONTCACHE state
doesn't matter at all until we try to *release* the inode, and here we
get things wrong in multiple ways:
First, if we /do/ have a transaction, we must NOT drop the inode,
because the inode could have dirty pages, dropping the inode will
trigger writeback, and writeback can trigger a nested transaction.
Second, if the inode already had an active reference and the DONTCACHE
flag set, the icache hit when scrub grabs another ref will not clear
DONTCACHE. This is sort of by design, since DONTCACHE is now used to
initiate cache drops so that sysadmins can change a file's access mode
between pagecache and DAX.
Third, if we do actually have the last active reference to the inode, we
can set DONTCACHE to avoid polluting the cache. This is the /one/ case
where we actually want that flag.
Create an xchk_irele helper to encode all that logic and switch the
online fsck code to use it. Since this now means that nearly all
scrubbers use the same xfs_iget flags, we can wrap them too.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
2023-04-12 02:00:20 +00:00
|
|
|
xchk_irele(sc, dp);
|
2017-10-18 04:37:46 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Scrub a parent pointer. */
|
|
|
|
int
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_parent(
|
2018-07-19 19:29:12 +00:00
|
|
|
struct xfs_scrub *sc)
|
2017-10-18 04:37:46 +00:00
|
|
|
{
|
2018-07-19 19:29:12 +00:00
|
|
|
struct xfs_mount *mp = sc->mp;
|
2023-04-12 02:00:19 +00:00
|
|
|
xfs_ino_t parent_ino;
|
2018-07-19 19:29:12 +00:00
|
|
|
int error = 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're a directory, check that the '..' link points up to
|
|
|
|
* a directory that has one entry pointing to us.
|
|
|
|
*/
|
|
|
|
if (!S_ISDIR(VFS_I(sc->ip)->i_mode))
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
/* We're not a special inode, are we? */
|
|
|
|
if (!xfs_verify_dir_ino(mp, sc->ip->i_ino)) {
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2023-04-12 02:00:20 +00:00
|
|
|
return 0;
|
2017-10-18 04:37:46 +00:00
|
|
|
}
|
|
|
|
|
2023-04-12 02:00:19 +00:00
|
|
|
do {
|
2023-04-12 02:00:20 +00:00
|
|
|
if (xchk_should_terminate(sc, &error))
|
|
|
|
break;
|
|
|
|
|
2023-04-12 02:00:19 +00:00
|
|
|
/* Look up '..' */
|
2023-04-12 02:00:20 +00:00
|
|
|
error = xchk_dir_lookup(sc, sc->ip, &xfs_name_dotdot,
|
|
|
|
&parent_ino);
|
2023-04-12 02:00:19 +00:00
|
|
|
if (!xchk_fblock_process_error(sc, XFS_DATA_FORK, 0, &error))
|
2023-04-12 02:00:20 +00:00
|
|
|
return error;
|
2023-04-12 02:00:19 +00:00
|
|
|
if (!xfs_verify_dir_ino(mp, parent_ino)) {
|
2018-07-19 19:29:11 +00:00
|
|
|
xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, 0);
|
2023-04-12 02:00:20 +00:00
|
|
|
return 0;
|
2023-04-12 02:00:19 +00:00
|
|
|
}
|
2017-10-18 04:37:46 +00:00
|
|
|
|
2023-04-12 02:00:20 +00:00
|
|
|
/*
|
|
|
|
* Check that the dotdot entry points to a parent directory
|
|
|
|
* containing a dirent pointing to this subdirectory.
|
|
|
|
*/
|
|
|
|
error = xchk_parent_validate(sc, parent_ino);
|
|
|
|
} while (error == -EAGAIN);
|
2023-12-15 18:03:37 +00:00
|
|
|
if (error == -EBUSY) {
|
|
|
|
/*
|
|
|
|
* We could not scan a directory, so we marked the check
|
|
|
|
* incomplete. No further error return is necessary.
|
|
|
|
*/
|
|
|
|
return 0;
|
|
|
|
}
|
2017-10-18 04:37:46 +00:00
|
|
|
|
|
|
|
return error;
|
|
|
|
}
|