1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (C) 2017 Oracle.  All Rights Reserved.
4  * Author: Darrick J. Wong <darrick.wong@oracle.com>
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_trans_resv.h"
11 #include "xfs_mount.h"
12 #include "xfs_btree.h"
13 #include "xfs_sb.h"
14 #include "xfs_alloc.h"
15 #include "xfs_ialloc.h"
16 #include "xfs_rmap.h"
17 #include "xfs_ag.h"
18 #include "scrub/scrub.h"
19 #include "scrub/common.h"
20 
21 /* Superblock */
22 
23 /* Cross-reference with the other btrees. */
24 STATIC void
xchk_superblock_xref(struct xfs_scrub * sc,struct xfs_buf * bp)25 xchk_superblock_xref(
26 	struct xfs_scrub	*sc,
27 	struct xfs_buf		*bp)
28 {
29 	struct xfs_mount	*mp = sc->mp;
30 	xfs_agnumber_t		agno = sc->sm->sm_agno;
31 	xfs_agblock_t		agbno;
32 	int			error;
33 
34 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
35 		return;
36 
37 	agbno = XFS_SB_BLOCK(mp);
38 
39 	error = xchk_ag_init_existing(sc, agno, &sc->sa);
40 	if (!xchk_xref_process_error(sc, agno, agbno, &error))
41 		return;
42 
43 	xchk_xref_is_used_space(sc, agbno, 1);
44 	xchk_xref_is_not_inode_chunk(sc, agbno, 1);
45 	xchk_xref_is_owned_by(sc, agbno, 1, &XFS_RMAP_OINFO_FS);
46 	xchk_xref_is_not_shared(sc, agbno, 1);
47 
48 	/* scrub teardown will take care of sc->sa for us */
49 }
50 
51 /*
52  * Scrub the filesystem superblock.
53  *
54  * Note: We do /not/ attempt to check AG 0's superblock.  Mount is
55  * responsible for validating all the geometry information in sb 0, so
56  * if the filesystem is capable of initiating online scrub, then clearly
57  * sb 0 is ok and we can use its information to check everything else.
58  */
59 int
xchk_superblock(struct xfs_scrub * sc)60 xchk_superblock(
61 	struct xfs_scrub	*sc)
62 {
63 	struct xfs_mount	*mp = sc->mp;
64 	struct xfs_buf		*bp;
65 	struct xfs_dsb		*sb;
66 	struct xfs_perag	*pag;
67 	xfs_agnumber_t		agno;
68 	uint32_t		v2_ok;
69 	__be32			features_mask;
70 	int			error;
71 	__be16			vernum_mask;
72 
73 	agno = sc->sm->sm_agno;
74 	if (agno == 0)
75 		return 0;
76 
77 	/*
78 	 * Grab an active reference to the perag structure.  If we can't get
79 	 * it, we're racing with something that's tearing down the AG, so
80 	 * signal that the AG no longer exists.
81 	 */
82 	pag = xfs_perag_get(mp, agno);
83 	if (!pag)
84 		return -ENOENT;
85 
86 	error = xfs_sb_read_secondary(mp, sc->tp, agno, &bp);
87 	/*
88 	 * The superblock verifier can return several different error codes
89 	 * if it thinks the superblock doesn't look right.  For a mount these
90 	 * would all get bounced back to userspace, but if we're here then the
91 	 * fs mounted successfully, which means that this secondary superblock
92 	 * is simply incorrect.  Treat all these codes the same way we treat
93 	 * any corruption.
94 	 */
95 	switch (error) {
96 	case -EINVAL:	/* also -EWRONGFS */
97 	case -ENOSYS:
98 	case -EFBIG:
99 		error = -EFSCORRUPTED;
100 		fallthrough;
101 	default:
102 		break;
103 	}
104 	if (!xchk_process_error(sc, agno, XFS_SB_BLOCK(mp), &error))
105 		goto out_pag;
106 
107 	sb = bp->b_addr;
108 
109 	/*
110 	 * Verify the geometries match.  Fields that are permanently
111 	 * set by mkfs are checked; fields that can be updated later
112 	 * (and are not propagated to backup superblocks) are preen
113 	 * checked.
114 	 */
115 	if (sb->sb_blocksize != cpu_to_be32(mp->m_sb.sb_blocksize))
116 		xchk_block_set_corrupt(sc, bp);
117 
118 	if (sb->sb_dblocks != cpu_to_be64(mp->m_sb.sb_dblocks))
119 		xchk_block_set_corrupt(sc, bp);
120 
121 	if (sb->sb_rblocks != cpu_to_be64(mp->m_sb.sb_rblocks))
122 		xchk_block_set_corrupt(sc, bp);
123 
124 	if (sb->sb_rextents != cpu_to_be64(mp->m_sb.sb_rextents))
125 		xchk_block_set_corrupt(sc, bp);
126 
127 	if (!uuid_equal(&sb->sb_uuid, &mp->m_sb.sb_uuid))
128 		xchk_block_set_preen(sc, bp);
129 
130 	if (sb->sb_logstart != cpu_to_be64(mp->m_sb.sb_logstart))
131 		xchk_block_set_corrupt(sc, bp);
132 
133 	if (sb->sb_rootino != cpu_to_be64(mp->m_sb.sb_rootino))
134 		xchk_block_set_preen(sc, bp);
135 
136 	if (sb->sb_rbmino != cpu_to_be64(mp->m_sb.sb_rbmino))
137 		xchk_block_set_preen(sc, bp);
138 
139 	if (sb->sb_rsumino != cpu_to_be64(mp->m_sb.sb_rsumino))
140 		xchk_block_set_preen(sc, bp);
141 
142 	if (sb->sb_rextsize != cpu_to_be32(mp->m_sb.sb_rextsize))
143 		xchk_block_set_corrupt(sc, bp);
144 
145 	if (sb->sb_agblocks != cpu_to_be32(mp->m_sb.sb_agblocks))
146 		xchk_block_set_corrupt(sc, bp);
147 
148 	if (sb->sb_agcount != cpu_to_be32(mp->m_sb.sb_agcount))
149 		xchk_block_set_corrupt(sc, bp);
150 
151 	if (sb->sb_rbmblocks != cpu_to_be32(mp->m_sb.sb_rbmblocks))
152 		xchk_block_set_corrupt(sc, bp);
153 
154 	if (sb->sb_logblocks != cpu_to_be32(mp->m_sb.sb_logblocks))
155 		xchk_block_set_corrupt(sc, bp);
156 
157 	/* Check sb_versionnum bits that are set at mkfs time. */
158 	vernum_mask = cpu_to_be16(~XFS_SB_VERSION_OKBITS |
159 				  XFS_SB_VERSION_NUMBITS |
160 				  XFS_SB_VERSION_ALIGNBIT |
161 				  XFS_SB_VERSION_DALIGNBIT |
162 				  XFS_SB_VERSION_SHAREDBIT |
163 				  XFS_SB_VERSION_LOGV2BIT |
164 				  XFS_SB_VERSION_SECTORBIT |
165 				  XFS_SB_VERSION_EXTFLGBIT |
166 				  XFS_SB_VERSION_DIRV2BIT);
167 	if ((sb->sb_versionnum & vernum_mask) !=
168 	    (cpu_to_be16(mp->m_sb.sb_versionnum) & vernum_mask))
169 		xchk_block_set_corrupt(sc, bp);
170 
171 	/* Check sb_versionnum bits that can be set after mkfs time. */
172 	vernum_mask = cpu_to_be16(XFS_SB_VERSION_ATTRBIT |
173 				  XFS_SB_VERSION_NLINKBIT |
174 				  XFS_SB_VERSION_QUOTABIT);
175 	if ((sb->sb_versionnum & vernum_mask) !=
176 	    (cpu_to_be16(mp->m_sb.sb_versionnum) & vernum_mask))
177 		xchk_block_set_preen(sc, bp);
178 
179 	if (sb->sb_sectsize != cpu_to_be16(mp->m_sb.sb_sectsize))
180 		xchk_block_set_corrupt(sc, bp);
181 
182 	if (sb->sb_inodesize != cpu_to_be16(mp->m_sb.sb_inodesize))
183 		xchk_block_set_corrupt(sc, bp);
184 
185 	if (sb->sb_inopblock != cpu_to_be16(mp->m_sb.sb_inopblock))
186 		xchk_block_set_corrupt(sc, bp);
187 
188 	if (memcmp(sb->sb_fname, mp->m_sb.sb_fname, sizeof(sb->sb_fname)))
189 		xchk_block_set_preen(sc, bp);
190 
191 	if (sb->sb_blocklog != mp->m_sb.sb_blocklog)
192 		xchk_block_set_corrupt(sc, bp);
193 
194 	if (sb->sb_sectlog != mp->m_sb.sb_sectlog)
195 		xchk_block_set_corrupt(sc, bp);
196 
197 	if (sb->sb_inodelog != mp->m_sb.sb_inodelog)
198 		xchk_block_set_corrupt(sc, bp);
199 
200 	if (sb->sb_inopblog != mp->m_sb.sb_inopblog)
201 		xchk_block_set_corrupt(sc, bp);
202 
203 	if (sb->sb_agblklog != mp->m_sb.sb_agblklog)
204 		xchk_block_set_corrupt(sc, bp);
205 
206 	if (sb->sb_rextslog != mp->m_sb.sb_rextslog)
207 		xchk_block_set_corrupt(sc, bp);
208 
209 	if (sb->sb_imax_pct != mp->m_sb.sb_imax_pct)
210 		xchk_block_set_preen(sc, bp);
211 
212 	/*
213 	 * Skip the summary counters since we track them in memory anyway.
214 	 * sb_icount, sb_ifree, sb_fdblocks, sb_frexents
215 	 */
216 
217 	if (sb->sb_uquotino != cpu_to_be64(mp->m_sb.sb_uquotino))
218 		xchk_block_set_preen(sc, bp);
219 
220 	if (sb->sb_gquotino != cpu_to_be64(mp->m_sb.sb_gquotino))
221 		xchk_block_set_preen(sc, bp);
222 
223 	/*
224 	 * Skip the quota flags since repair will force quotacheck.
225 	 * sb_qflags
226 	 */
227 
228 	if (sb->sb_flags != mp->m_sb.sb_flags)
229 		xchk_block_set_corrupt(sc, bp);
230 
231 	if (sb->sb_shared_vn != mp->m_sb.sb_shared_vn)
232 		xchk_block_set_corrupt(sc, bp);
233 
234 	if (sb->sb_inoalignmt != cpu_to_be32(mp->m_sb.sb_inoalignmt))
235 		xchk_block_set_corrupt(sc, bp);
236 
237 	if (sb->sb_unit != cpu_to_be32(mp->m_sb.sb_unit))
238 		xchk_block_set_preen(sc, bp);
239 
240 	if (sb->sb_width != cpu_to_be32(mp->m_sb.sb_width))
241 		xchk_block_set_preen(sc, bp);
242 
243 	if (sb->sb_dirblklog != mp->m_sb.sb_dirblklog)
244 		xchk_block_set_corrupt(sc, bp);
245 
246 	if (sb->sb_logsectlog != mp->m_sb.sb_logsectlog)
247 		xchk_block_set_corrupt(sc, bp);
248 
249 	if (sb->sb_logsectsize != cpu_to_be16(mp->m_sb.sb_logsectsize))
250 		xchk_block_set_corrupt(sc, bp);
251 
252 	if (sb->sb_logsunit != cpu_to_be32(mp->m_sb.sb_logsunit))
253 		xchk_block_set_corrupt(sc, bp);
254 
255 	/* Do we see any invalid bits in sb_features2? */
256 	if (!xfs_sb_version_hasmorebits(&mp->m_sb)) {
257 		if (sb->sb_features2 != 0)
258 			xchk_block_set_corrupt(sc, bp);
259 	} else {
260 		v2_ok = XFS_SB_VERSION2_OKBITS;
261 		if (xfs_sb_is_v5(&mp->m_sb))
262 			v2_ok |= XFS_SB_VERSION2_CRCBIT;
263 
264 		if (!!(sb->sb_features2 & cpu_to_be32(~v2_ok)))
265 			xchk_block_set_corrupt(sc, bp);
266 
267 		if (sb->sb_features2 != sb->sb_bad_features2)
268 			xchk_block_set_preen(sc, bp);
269 	}
270 
271 	/* Check sb_features2 flags that are set at mkfs time. */
272 	features_mask = cpu_to_be32(XFS_SB_VERSION2_LAZYSBCOUNTBIT |
273 				    XFS_SB_VERSION2_PROJID32BIT |
274 				    XFS_SB_VERSION2_CRCBIT |
275 				    XFS_SB_VERSION2_FTYPE);
276 	if ((sb->sb_features2 & features_mask) !=
277 	    (cpu_to_be32(mp->m_sb.sb_features2) & features_mask))
278 		xchk_block_set_corrupt(sc, bp);
279 
280 	/* Check sb_features2 flags that can be set after mkfs time. */
281 	features_mask = cpu_to_be32(XFS_SB_VERSION2_ATTR2BIT);
282 	if ((sb->sb_features2 & features_mask) !=
283 	    (cpu_to_be32(mp->m_sb.sb_features2) & features_mask))
284 		xchk_block_set_preen(sc, bp);
285 
286 	if (!xfs_has_crc(mp)) {
287 		/* all v5 fields must be zero */
288 		if (memchr_inv(&sb->sb_features_compat, 0,
289 				sizeof(struct xfs_dsb) -
290 				offsetof(struct xfs_dsb, sb_features_compat)))
291 			xchk_block_set_corrupt(sc, bp);
292 	} else {
293 		/* compat features must match */
294 		if (sb->sb_features_compat !=
295 				cpu_to_be32(mp->m_sb.sb_features_compat))
296 			xchk_block_set_corrupt(sc, bp);
297 
298 		/* ro compat features must match */
299 		if (sb->sb_features_ro_compat !=
300 				cpu_to_be32(mp->m_sb.sb_features_ro_compat))
301 			xchk_block_set_corrupt(sc, bp);
302 
303 		/*
304 		 * NEEDSREPAIR is ignored on a secondary super, so we should
305 		 * clear it when we find it, though it's not a corruption.
306 		 */
307 		features_mask = cpu_to_be32(XFS_SB_FEAT_INCOMPAT_NEEDSREPAIR);
308 		if ((cpu_to_be32(mp->m_sb.sb_features_incompat) ^
309 				sb->sb_features_incompat) & features_mask)
310 			xchk_block_set_preen(sc, bp);
311 
312 		/* all other incompat features must match */
313 		if ((cpu_to_be32(mp->m_sb.sb_features_incompat) ^
314 				sb->sb_features_incompat) & ~features_mask)
315 			xchk_block_set_corrupt(sc, bp);
316 
317 		/*
318 		 * log incompat features protect newer log record types from
319 		 * older log recovery code.  Log recovery doesn't check the
320 		 * secondary supers, so we can clear these if needed.
321 		 */
322 		if (sb->sb_features_log_incompat)
323 			xchk_block_set_preen(sc, bp);
324 
325 		/* Don't care about sb_crc */
326 
327 		if (sb->sb_spino_align != cpu_to_be32(mp->m_sb.sb_spino_align))
328 			xchk_block_set_corrupt(sc, bp);
329 
330 		if (sb->sb_pquotino != cpu_to_be64(mp->m_sb.sb_pquotino))
331 			xchk_block_set_preen(sc, bp);
332 
333 		/* Don't care about sb_lsn */
334 	}
335 
336 	if (xfs_has_metauuid(mp)) {
337 		/* The metadata UUID must be the same for all supers */
338 		if (!uuid_equal(&sb->sb_meta_uuid, &mp->m_sb.sb_meta_uuid))
339 			xchk_block_set_corrupt(sc, bp);
340 	}
341 
342 	/* Everything else must be zero. */
343 	if (memchr_inv(sb + 1, 0,
344 			BBTOB(bp->b_length) - sizeof(struct xfs_dsb)))
345 		xchk_block_set_corrupt(sc, bp);
346 
347 	xchk_superblock_xref(sc, bp);
348 out_pag:
349 	xfs_perag_put(pag);
350 	return error;
351 }
352 
353 /* AGF */
354 
355 /* Tally freespace record lengths. */
356 STATIC int
xchk_agf_record_bno_lengths(struct xfs_btree_cur * cur,const struct xfs_alloc_rec_incore * rec,void * priv)357 xchk_agf_record_bno_lengths(
358 	struct xfs_btree_cur		*cur,
359 	const struct xfs_alloc_rec_incore *rec,
360 	void				*priv)
361 {
362 	xfs_extlen_t			*blocks = priv;
363 
364 	(*blocks) += rec->ar_blockcount;
365 	return 0;
366 }
367 
368 /* Check agf_freeblks */
369 static inline void
xchk_agf_xref_freeblks(struct xfs_scrub * sc)370 xchk_agf_xref_freeblks(
371 	struct xfs_scrub	*sc)
372 {
373 	struct xfs_agf		*agf = sc->sa.agf_bp->b_addr;
374 	xfs_extlen_t		blocks = 0;
375 	int			error;
376 
377 	if (!sc->sa.bno_cur)
378 		return;
379 
380 	error = xfs_alloc_query_all(sc->sa.bno_cur,
381 			xchk_agf_record_bno_lengths, &blocks);
382 	if (!xchk_should_check_xref(sc, &error, &sc->sa.bno_cur))
383 		return;
384 	if (blocks != be32_to_cpu(agf->agf_freeblks))
385 		xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
386 }
387 
388 /* Cross reference the AGF with the cntbt (freespace by length btree) */
389 static inline void
xchk_agf_xref_cntbt(struct xfs_scrub * sc)390 xchk_agf_xref_cntbt(
391 	struct xfs_scrub	*sc)
392 {
393 	struct xfs_agf		*agf = sc->sa.agf_bp->b_addr;
394 	xfs_agblock_t		agbno;
395 	xfs_extlen_t		blocks;
396 	int			have;
397 	int			error;
398 
399 	if (!sc->sa.cnt_cur)
400 		return;
401 
402 	/* Any freespace at all? */
403 	error = xfs_alloc_lookup_le(sc->sa.cnt_cur, 0, -1U, &have);
404 	if (!xchk_should_check_xref(sc, &error, &sc->sa.cnt_cur))
405 		return;
406 	if (!have) {
407 		if (agf->agf_freeblks != cpu_to_be32(0))
408 			xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
409 		return;
410 	}
411 
412 	/* Check agf_longest */
413 	error = xfs_alloc_get_rec(sc->sa.cnt_cur, &agbno, &blocks, &have);
414 	if (!xchk_should_check_xref(sc, &error, &sc->sa.cnt_cur))
415 		return;
416 	if (!have || blocks != be32_to_cpu(agf->agf_longest))
417 		xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
418 }
419 
420 /* Check the btree block counts in the AGF against the btrees. */
421 STATIC void
xchk_agf_xref_btreeblks(struct xfs_scrub * sc)422 xchk_agf_xref_btreeblks(
423 	struct xfs_scrub	*sc)
424 {
425 	struct xfs_agf		*agf = sc->sa.agf_bp->b_addr;
426 	struct xfs_mount	*mp = sc->mp;
427 	xfs_agblock_t		blocks;
428 	xfs_agblock_t		btreeblks;
429 	int			error;
430 
431 	/* agf_btreeblks didn't exist before lazysbcount */
432 	if (!xfs_has_lazysbcount(sc->mp))
433 		return;
434 
435 	/* Check agf_rmap_blocks; set up for agf_btreeblks check */
436 	if (sc->sa.rmap_cur) {
437 		error = xfs_btree_count_blocks(sc->sa.rmap_cur, &blocks);
438 		if (!xchk_should_check_xref(sc, &error, &sc->sa.rmap_cur))
439 			return;
440 		btreeblks = blocks - 1;
441 		if (blocks != be32_to_cpu(agf->agf_rmap_blocks))
442 			xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
443 	} else {
444 		btreeblks = 0;
445 	}
446 
447 	/*
448 	 * No rmap cursor; we can't xref if we have the rmapbt feature.
449 	 * We also can't do it if we're missing the free space btree cursors.
450 	 */
451 	if ((xfs_has_rmapbt(mp) && !sc->sa.rmap_cur) ||
452 	    !sc->sa.bno_cur || !sc->sa.cnt_cur)
453 		return;
454 
455 	/* Check agf_btreeblks */
456 	error = xfs_btree_count_blocks(sc->sa.bno_cur, &blocks);
457 	if (!xchk_should_check_xref(sc, &error, &sc->sa.bno_cur))
458 		return;
459 	btreeblks += blocks - 1;
460 
461 	error = xfs_btree_count_blocks(sc->sa.cnt_cur, &blocks);
462 	if (!xchk_should_check_xref(sc, &error, &sc->sa.cnt_cur))
463 		return;
464 	btreeblks += blocks - 1;
465 
466 	if (btreeblks != be32_to_cpu(agf->agf_btreeblks))
467 		xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
468 }
469 
470 /* Check agf_refcount_blocks against tree size */
471 static inline void
xchk_agf_xref_refcblks(struct xfs_scrub * sc)472 xchk_agf_xref_refcblks(
473 	struct xfs_scrub	*sc)
474 {
475 	struct xfs_agf		*agf = sc->sa.agf_bp->b_addr;
476 	xfs_agblock_t		blocks;
477 	int			error;
478 
479 	if (!sc->sa.refc_cur)
480 		return;
481 
482 	error = xfs_btree_count_blocks(sc->sa.refc_cur, &blocks);
483 	if (!xchk_should_check_xref(sc, &error, &sc->sa.refc_cur))
484 		return;
485 	if (blocks != be32_to_cpu(agf->agf_refcount_blocks))
486 		xchk_block_xref_set_corrupt(sc, sc->sa.agf_bp);
487 }
488 
489 /* Cross-reference with the other btrees. */
490 STATIC void
xchk_agf_xref(struct xfs_scrub * sc)491 xchk_agf_xref(
492 	struct xfs_scrub	*sc)
493 {
494 	struct xfs_mount	*mp = sc->mp;
495 	xfs_agblock_t		agbno;
496 
497 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
498 		return;
499 
500 	agbno = XFS_AGF_BLOCK(mp);
501 
502 	xchk_ag_btcur_init(sc, &sc->sa);
503 
504 	xchk_xref_is_used_space(sc, agbno, 1);
505 	xchk_agf_xref_freeblks(sc);
506 	xchk_agf_xref_cntbt(sc);
507 	xchk_xref_is_not_inode_chunk(sc, agbno, 1);
508 	xchk_xref_is_owned_by(sc, agbno, 1, &XFS_RMAP_OINFO_FS);
509 	xchk_agf_xref_btreeblks(sc);
510 	xchk_xref_is_not_shared(sc, agbno, 1);
511 	xchk_agf_xref_refcblks(sc);
512 
513 	/* scrub teardown will take care of sc->sa for us */
514 }
515 
516 /* Scrub the AGF. */
517 int
xchk_agf(struct xfs_scrub * sc)518 xchk_agf(
519 	struct xfs_scrub	*sc)
520 {
521 	struct xfs_mount	*mp = sc->mp;
522 	struct xfs_agf		*agf;
523 	struct xfs_perag	*pag;
524 	xfs_agnumber_t		agno = sc->sm->sm_agno;
525 	xfs_agblock_t		agbno;
526 	xfs_agblock_t		eoag;
527 	xfs_agblock_t		agfl_first;
528 	xfs_agblock_t		agfl_last;
529 	xfs_agblock_t		agfl_count;
530 	xfs_agblock_t		fl_count;
531 	int			level;
532 	int			error = 0;
533 
534 	error = xchk_ag_read_headers(sc, agno, &sc->sa);
535 	if (!xchk_process_error(sc, agno, XFS_AGF_BLOCK(sc->mp), &error))
536 		goto out;
537 	xchk_buffer_recheck(sc, sc->sa.agf_bp);
538 
539 	agf = sc->sa.agf_bp->b_addr;
540 	pag = sc->sa.pag;
541 
542 	/* Check the AG length */
543 	eoag = be32_to_cpu(agf->agf_length);
544 	if (eoag != pag->block_count)
545 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
546 
547 	/* Check the AGF btree roots and levels */
548 	agbno = be32_to_cpu(agf->agf_roots[XFS_BTNUM_BNO]);
549 	if (!xfs_verify_agbno(pag, agbno))
550 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
551 
552 	agbno = be32_to_cpu(agf->agf_roots[XFS_BTNUM_CNT]);
553 	if (!xfs_verify_agbno(pag, agbno))
554 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
555 
556 	level = be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]);
557 	if (level <= 0 || level > mp->m_alloc_maxlevels)
558 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
559 
560 	level = be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]);
561 	if (level <= 0 || level > mp->m_alloc_maxlevels)
562 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
563 
564 	if (xfs_has_rmapbt(mp)) {
565 		agbno = be32_to_cpu(agf->agf_roots[XFS_BTNUM_RMAP]);
566 		if (!xfs_verify_agbno(pag, agbno))
567 			xchk_block_set_corrupt(sc, sc->sa.agf_bp);
568 
569 		level = be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]);
570 		if (level <= 0 || level > mp->m_rmap_maxlevels)
571 			xchk_block_set_corrupt(sc, sc->sa.agf_bp);
572 	}
573 
574 	if (xfs_has_reflink(mp)) {
575 		agbno = be32_to_cpu(agf->agf_refcount_root);
576 		if (!xfs_verify_agbno(pag, agbno))
577 			xchk_block_set_corrupt(sc, sc->sa.agf_bp);
578 
579 		level = be32_to_cpu(agf->agf_refcount_level);
580 		if (level <= 0 || level > mp->m_refc_maxlevels)
581 			xchk_block_set_corrupt(sc, sc->sa.agf_bp);
582 	}
583 
584 	/* Check the AGFL counters */
585 	agfl_first = be32_to_cpu(agf->agf_flfirst);
586 	agfl_last = be32_to_cpu(agf->agf_fllast);
587 	agfl_count = be32_to_cpu(agf->agf_flcount);
588 	if (agfl_last > agfl_first)
589 		fl_count = agfl_last - agfl_first + 1;
590 	else
591 		fl_count = xfs_agfl_size(mp) - agfl_first + agfl_last + 1;
592 	if (agfl_count != 0 && fl_count != agfl_count)
593 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
594 
595 	/* Do the incore counters match? */
596 	if (pag->pagf_freeblks != be32_to_cpu(agf->agf_freeblks))
597 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
598 	if (pag->pagf_flcount != be32_to_cpu(agf->agf_flcount))
599 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
600 	if (xfs_has_lazysbcount(sc->mp) &&
601 	    pag->pagf_btreeblks != be32_to_cpu(agf->agf_btreeblks))
602 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
603 
604 	xchk_agf_xref(sc);
605 out:
606 	return error;
607 }
608 
609 /* AGFL */
610 
611 struct xchk_agfl_info {
612 	unsigned int		sz_entries;
613 	unsigned int		nr_entries;
614 	xfs_agblock_t		*entries;
615 	struct xfs_scrub	*sc;
616 };
617 
618 /* Cross-reference with the other btrees. */
619 STATIC void
xchk_agfl_block_xref(struct xfs_scrub * sc,xfs_agblock_t agbno)620 xchk_agfl_block_xref(
621 	struct xfs_scrub	*sc,
622 	xfs_agblock_t		agbno)
623 {
624 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
625 		return;
626 
627 	xchk_xref_is_used_space(sc, agbno, 1);
628 	xchk_xref_is_not_inode_chunk(sc, agbno, 1);
629 	xchk_xref_is_owned_by(sc, agbno, 1, &XFS_RMAP_OINFO_AG);
630 	xchk_xref_is_not_shared(sc, agbno, 1);
631 }
632 
633 /* Scrub an AGFL block. */
634 STATIC int
xchk_agfl_block(struct xfs_mount * mp,xfs_agblock_t agbno,void * priv)635 xchk_agfl_block(
636 	struct xfs_mount	*mp,
637 	xfs_agblock_t		agbno,
638 	void			*priv)
639 {
640 	struct xchk_agfl_info	*sai = priv;
641 	struct xfs_scrub	*sc = sai->sc;
642 
643 	if (xfs_verify_agbno(sc->sa.pag, agbno) &&
644 	    sai->nr_entries < sai->sz_entries)
645 		sai->entries[sai->nr_entries++] = agbno;
646 	else
647 		xchk_block_set_corrupt(sc, sc->sa.agfl_bp);
648 
649 	xchk_agfl_block_xref(sc, agbno);
650 
651 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
652 		return -ECANCELED;
653 
654 	return 0;
655 }
656 
657 static int
xchk_agblock_cmp(const void * pa,const void * pb)658 xchk_agblock_cmp(
659 	const void		*pa,
660 	const void		*pb)
661 {
662 	const xfs_agblock_t	*a = pa;
663 	const xfs_agblock_t	*b = pb;
664 
665 	return (int)*a - (int)*b;
666 }
667 
668 /* Cross-reference with the other btrees. */
669 STATIC void
xchk_agfl_xref(struct xfs_scrub * sc)670 xchk_agfl_xref(
671 	struct xfs_scrub	*sc)
672 {
673 	struct xfs_mount	*mp = sc->mp;
674 	xfs_agblock_t		agbno;
675 
676 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
677 		return;
678 
679 	agbno = XFS_AGFL_BLOCK(mp);
680 
681 	xchk_ag_btcur_init(sc, &sc->sa);
682 
683 	xchk_xref_is_used_space(sc, agbno, 1);
684 	xchk_xref_is_not_inode_chunk(sc, agbno, 1);
685 	xchk_xref_is_owned_by(sc, agbno, 1, &XFS_RMAP_OINFO_FS);
686 	xchk_xref_is_not_shared(sc, agbno, 1);
687 
688 	/*
689 	 * Scrub teardown will take care of sc->sa for us.  Leave sc->sa
690 	 * active so that the agfl block xref can use it too.
691 	 */
692 }
693 
694 /* Scrub the AGFL. */
695 int
xchk_agfl(struct xfs_scrub * sc)696 xchk_agfl(
697 	struct xfs_scrub	*sc)
698 {
699 	struct xchk_agfl_info	sai;
700 	struct xfs_agf		*agf;
701 	xfs_agnumber_t		agno = sc->sm->sm_agno;
702 	unsigned int		agflcount;
703 	unsigned int		i;
704 	int			error;
705 
706 	error = xchk_ag_read_headers(sc, agno, &sc->sa);
707 	if (!xchk_process_error(sc, agno, XFS_AGFL_BLOCK(sc->mp), &error))
708 		goto out;
709 	if (!sc->sa.agf_bp)
710 		return -EFSCORRUPTED;
711 	xchk_buffer_recheck(sc, sc->sa.agfl_bp);
712 
713 	xchk_agfl_xref(sc);
714 
715 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
716 		goto out;
717 
718 	/* Allocate buffer to ensure uniqueness of AGFL entries. */
719 	agf = sc->sa.agf_bp->b_addr;
720 	agflcount = be32_to_cpu(agf->agf_flcount);
721 	if (agflcount > xfs_agfl_size(sc->mp)) {
722 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
723 		goto out;
724 	}
725 	memset(&sai, 0, sizeof(sai));
726 	sai.sc = sc;
727 	sai.sz_entries = agflcount;
728 	sai.entries = kmem_zalloc(sizeof(xfs_agblock_t) * agflcount,
729 			KM_MAYFAIL);
730 	if (!sai.entries) {
731 		error = -ENOMEM;
732 		goto out;
733 	}
734 
735 	/* Check the blocks in the AGFL. */
736 	error = xfs_agfl_walk(sc->mp, sc->sa.agf_bp->b_addr,
737 			sc->sa.agfl_bp, xchk_agfl_block, &sai);
738 	if (error == -ECANCELED) {
739 		error = 0;
740 		goto out_free;
741 	}
742 	if (error)
743 		goto out_free;
744 
745 	if (agflcount != sai.nr_entries) {
746 		xchk_block_set_corrupt(sc, sc->sa.agf_bp);
747 		goto out_free;
748 	}
749 
750 	/* Sort entries, check for duplicates. */
751 	sort(sai.entries, sai.nr_entries, sizeof(sai.entries[0]),
752 			xchk_agblock_cmp, NULL);
753 	for (i = 1; i < sai.nr_entries; i++) {
754 		if (sai.entries[i] == sai.entries[i - 1]) {
755 			xchk_block_set_corrupt(sc, sc->sa.agf_bp);
756 			break;
757 		}
758 	}
759 
760 out_free:
761 	kmem_free(sai.entries);
762 out:
763 	return error;
764 }
765 
766 /* AGI */
767 
768 /* Check agi_count/agi_freecount */
769 static inline void
xchk_agi_xref_icounts(struct xfs_scrub * sc)770 xchk_agi_xref_icounts(
771 	struct xfs_scrub	*sc)
772 {
773 	struct xfs_agi		*agi = sc->sa.agi_bp->b_addr;
774 	xfs_agino_t		icount;
775 	xfs_agino_t		freecount;
776 	int			error;
777 
778 	if (!sc->sa.ino_cur)
779 		return;
780 
781 	error = xfs_ialloc_count_inodes(sc->sa.ino_cur, &icount, &freecount);
782 	if (!xchk_should_check_xref(sc, &error, &sc->sa.ino_cur))
783 		return;
784 	if (be32_to_cpu(agi->agi_count) != icount ||
785 	    be32_to_cpu(agi->agi_freecount) != freecount)
786 		xchk_block_xref_set_corrupt(sc, sc->sa.agi_bp);
787 }
788 
789 /* Check agi_[fi]blocks against tree size */
790 static inline void
xchk_agi_xref_fiblocks(struct xfs_scrub * sc)791 xchk_agi_xref_fiblocks(
792 	struct xfs_scrub	*sc)
793 {
794 	struct xfs_agi		*agi = sc->sa.agi_bp->b_addr;
795 	xfs_agblock_t		blocks;
796 	int			error = 0;
797 
798 	if (!xfs_has_inobtcounts(sc->mp))
799 		return;
800 
801 	if (sc->sa.ino_cur) {
802 		error = xfs_btree_count_blocks(sc->sa.ino_cur, &blocks);
803 		if (!xchk_should_check_xref(sc, &error, &sc->sa.ino_cur))
804 			return;
805 		if (blocks != be32_to_cpu(agi->agi_iblocks))
806 			xchk_block_xref_set_corrupt(sc, sc->sa.agi_bp);
807 	}
808 
809 	if (sc->sa.fino_cur) {
810 		error = xfs_btree_count_blocks(sc->sa.fino_cur, &blocks);
811 		if (!xchk_should_check_xref(sc, &error, &sc->sa.fino_cur))
812 			return;
813 		if (blocks != be32_to_cpu(agi->agi_fblocks))
814 			xchk_block_xref_set_corrupt(sc, sc->sa.agi_bp);
815 	}
816 }
817 
818 /* Cross-reference with the other btrees. */
819 STATIC void
xchk_agi_xref(struct xfs_scrub * sc)820 xchk_agi_xref(
821 	struct xfs_scrub	*sc)
822 {
823 	struct xfs_mount	*mp = sc->mp;
824 	xfs_agblock_t		agbno;
825 
826 	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
827 		return;
828 
829 	agbno = XFS_AGI_BLOCK(mp);
830 
831 	xchk_ag_btcur_init(sc, &sc->sa);
832 
833 	xchk_xref_is_used_space(sc, agbno, 1);
834 	xchk_xref_is_not_inode_chunk(sc, agbno, 1);
835 	xchk_agi_xref_icounts(sc);
836 	xchk_xref_is_owned_by(sc, agbno, 1, &XFS_RMAP_OINFO_FS);
837 	xchk_xref_is_not_shared(sc, agbno, 1);
838 	xchk_agi_xref_fiblocks(sc);
839 
840 	/* scrub teardown will take care of sc->sa for us */
841 }
842 
843 /* Scrub the AGI. */
844 int
xchk_agi(struct xfs_scrub * sc)845 xchk_agi(
846 	struct xfs_scrub	*sc)
847 {
848 	struct xfs_mount	*mp = sc->mp;
849 	struct xfs_agi		*agi;
850 	struct xfs_perag	*pag;
851 	struct xfs_ino_geometry	*igeo = M_IGEO(sc->mp);
852 	xfs_agnumber_t		agno = sc->sm->sm_agno;
853 	xfs_agblock_t		agbno;
854 	xfs_agblock_t		eoag;
855 	xfs_agino_t		agino;
856 	xfs_agino_t		first_agino;
857 	xfs_agino_t		last_agino;
858 	xfs_agino_t		icount;
859 	int			i;
860 	int			level;
861 	int			error = 0;
862 
863 	error = xchk_ag_read_headers(sc, agno, &sc->sa);
864 	if (!xchk_process_error(sc, agno, XFS_AGI_BLOCK(sc->mp), &error))
865 		goto out;
866 	xchk_buffer_recheck(sc, sc->sa.agi_bp);
867 
868 	agi = sc->sa.agi_bp->b_addr;
869 	pag = sc->sa.pag;
870 
871 	/* Check the AG length */
872 	eoag = be32_to_cpu(agi->agi_length);
873 	if (eoag != pag->block_count)
874 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
875 
876 	/* Check btree roots and levels */
877 	agbno = be32_to_cpu(agi->agi_root);
878 	if (!xfs_verify_agbno(pag, agbno))
879 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
880 
881 	level = be32_to_cpu(agi->agi_level);
882 	if (level <= 0 || level > igeo->inobt_maxlevels)
883 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
884 
885 	if (xfs_has_finobt(mp)) {
886 		agbno = be32_to_cpu(agi->agi_free_root);
887 		if (!xfs_verify_agbno(pag, agbno))
888 			xchk_block_set_corrupt(sc, sc->sa.agi_bp);
889 
890 		level = be32_to_cpu(agi->agi_free_level);
891 		if (level <= 0 || level > igeo->inobt_maxlevels)
892 			xchk_block_set_corrupt(sc, sc->sa.agi_bp);
893 	}
894 
895 	/* Check inode counters */
896 	xfs_agino_range(mp, agno, &first_agino, &last_agino);
897 	icount = be32_to_cpu(agi->agi_count);
898 	if (icount > last_agino - first_agino + 1 ||
899 	    icount < be32_to_cpu(agi->agi_freecount))
900 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
901 
902 	/* Check inode pointers */
903 	agino = be32_to_cpu(agi->agi_newino);
904 	if (!xfs_verify_agino_or_null(pag, agino))
905 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
906 
907 	agino = be32_to_cpu(agi->agi_dirino);
908 	if (!xfs_verify_agino_or_null(pag, agino))
909 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
910 
911 	/* Check unlinked inode buckets */
912 	for (i = 0; i < XFS_AGI_UNLINKED_BUCKETS; i++) {
913 		agino = be32_to_cpu(agi->agi_unlinked[i]);
914 		if (!xfs_verify_agino_or_null(pag, agino))
915 			xchk_block_set_corrupt(sc, sc->sa.agi_bp);
916 	}
917 
918 	if (agi->agi_pad32 != cpu_to_be32(0))
919 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
920 
921 	/* Do the incore counters match? */
922 	if (pag->pagi_count != be32_to_cpu(agi->agi_count))
923 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
924 	if (pag->pagi_freecount != be32_to_cpu(agi->agi_freecount))
925 		xchk_block_set_corrupt(sc, sc->sa.agi_bp);
926 
927 	xchk_agi_xref(sc);
928 out:
929 	return error;
930 }
931