Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (c) 2000-2006 Silicon Graphics, Inc.
4 : * Copyright (c) 2013 Red Hat, Inc.
5 : * All Rights Reserved.
6 : */
7 : #include "xfs.h"
8 : #include "xfs_fs.h"
9 : #include "xfs_shared.h"
10 : #include "xfs_format.h"
11 : #include "xfs_log_format.h"
12 : #include "xfs_trans_resv.h"
13 : #include "xfs_mount.h"
14 : #include "xfs_inode.h"
15 : #include "xfs_quota.h"
16 : #include "xfs_trans.h"
17 : #include "xfs_qm.h"
18 : #include "xfs_error.h"
19 :
20 : int
21 6483015 : xfs_calc_dquots_per_chunk(
22 : unsigned int nbblks) /* basic block units */
23 : {
24 6483015 : ASSERT(nbblks > 0);
25 6483015 : return BBTOB(nbblks) / sizeof(struct xfs_dqblk);
26 : }
27 :
28 : /*
29 : * Do some primitive error checking on ondisk dquot data structures.
30 : *
31 : * The xfs_dqblk structure /contains/ the xfs_disk_dquot structure;
32 : * we verify them separately because at some points we have only the
33 : * smaller xfs_disk_dquot structure available.
34 : */
35 :
36 : xfs_failaddr_t
37 1171906382 : xfs_dquot_verify(
38 : struct xfs_mount *mp,
39 : struct xfs_disk_dquot *ddq,
40 : xfs_dqid_t id) /* used only during quotacheck */
41 : {
42 1171906382 : __u8 ddq_type;
43 :
44 : /*
45 : * We can encounter an uninitialized dquot buffer for 2 reasons:
46 : * 1. If we crash while deleting the quotainode(s), and those blks got
47 : * used for user data. This is because we take the path of regular
48 : * file deletion; however, the size field of quotainodes is never
49 : * updated, so all the tricks that we play in itruncate_finish
50 : * don't quite matter.
51 : *
52 : * 2. We don't play the quota buffers when there's a quotaoff logitem.
53 : * But the allocation will be replayed so we'll end up with an
54 : * uninitialized quota block.
55 : *
56 : * This is all fine; things are still consistent, and we haven't lost
57 : * any quota information. Just don't complain about bad dquot blks.
58 : */
59 1171906382 : if (ddq->d_magic != cpu_to_be16(XFS_DQUOT_MAGIC))
60 0 : return __this_address;
61 1171906382 : if (ddq->d_version != XFS_DQUOT_VERSION)
62 0 : return __this_address;
63 :
64 1171906382 : if (ddq->d_type & ~XFS_DQTYPE_ANY)
65 0 : return __this_address;
66 1171906382 : ddq_type = ddq->d_type & XFS_DQTYPE_REC_MASK;
67 1171906382 : if (ddq_type != XFS_DQTYPE_USER &&
68 1171906382 : ddq_type != XFS_DQTYPE_PROJ &&
69 1171906382 : ddq_type != XFS_DQTYPE_GROUP)
70 0 : return __this_address;
71 :
72 1171906382 : if ((ddq->d_type & XFS_DQTYPE_BIGTIME) &&
73 : !xfs_has_bigtime(mp))
74 0 : return __this_address;
75 :
76 1171906382 : if ((ddq->d_type & XFS_DQTYPE_BIGTIME) && !ddq->d_id)
77 0 : return __this_address;
78 :
79 2343514300 : if (id != -1 && id != be32_to_cpu(ddq->d_id))
80 0 : return __this_address;
81 :
82 1171906382 : if (!ddq->d_id)
83 : return NULL;
84 :
85 1169548329 : if (ddq->d_blk_softlimit &&
86 7077 : be64_to_cpu(ddq->d_bcount) > be64_to_cpu(ddq->d_blk_softlimit) &&
87 293 : !ddq->d_btimer)
88 0 : return __this_address;
89 :
90 1169548321 : if (ddq->d_ino_softlimit &&
91 7069 : be64_to_cpu(ddq->d_icount) > be64_to_cpu(ddq->d_ino_softlimit) &&
92 334 : !ddq->d_itimer)
93 0 : return __this_address;
94 :
95 1169541252 : if (ddq->d_rtb_softlimit &&
96 0 : be64_to_cpu(ddq->d_rtbcount) > be64_to_cpu(ddq->d_rtb_softlimit) &&
97 0 : !ddq->d_rtbtimer)
98 0 : return __this_address;
99 :
100 : return NULL;
101 : }
102 :
103 : xfs_failaddr_t
104 1165843052 : xfs_dqblk_verify(
105 : struct xfs_mount *mp,
106 : struct xfs_dqblk *dqb,
107 : xfs_dqid_t id) /* used only during quotacheck */
108 : {
109 2331684162 : if (xfs_has_crc(mp) &&
110 1165837991 : !uuid_equal(&dqb->dd_uuid, &mp->m_sb.sb_meta_uuid))
111 94 : return __this_address;
112 :
113 1165846077 : return xfs_dquot_verify(mp, &dqb->dd_diskdq, id);
114 : }
115 :
116 : /*
117 : * Do some primitive error checking on ondisk dquot data structures.
118 : */
119 : void
120 180 : xfs_dqblk_repair(
121 : struct xfs_mount *mp,
122 : struct xfs_dqblk *dqb,
123 : xfs_dqid_t id,
124 : xfs_dqtype_t type)
125 : {
126 : /*
127 : * Typically, a repair is only requested by quotacheck.
128 : */
129 180 : ASSERT(id != -1);
130 180 : memset(dqb, 0, sizeof(struct xfs_dqblk));
131 :
132 180 : dqb->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
133 180 : dqb->dd_diskdq.d_version = XFS_DQUOT_VERSION;
134 180 : dqb->dd_diskdq.d_type = type;
135 180 : dqb->dd_diskdq.d_id = cpu_to_be32(id);
136 :
137 180 : if (xfs_has_crc(mp)) {
138 90 : uuid_copy(&dqb->dd_uuid, &mp->m_sb.sb_meta_uuid);
139 90 : xfs_update_cksum((char *)dqb, sizeof(struct xfs_dqblk),
140 : XFS_DQUOT_CRC_OFF);
141 : }
142 180 : }
143 :
144 : STATIC bool
145 12296606 : xfs_dquot_buf_verify_crc(
146 : struct xfs_mount *mp,
147 : struct xfs_buf *bp,
148 : bool readahead)
149 : {
150 12296606 : struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr;
151 12296606 : int ndquots;
152 12296606 : int i;
153 :
154 12296606 : if (!xfs_has_crc(mp))
155 : return true;
156 :
157 : /*
158 : * if we are in log recovery, the quota subsystem has not been
159 : * initialised so we have no quotainfo structure. In that case, we need
160 : * to manually calculate the number of dquots in the buffer.
161 : */
162 12296592 : if (mp->m_quotainfo)
163 11476618 : ndquots = mp->m_quotainfo->qi_dqperchunk;
164 : else
165 819974 : ndquots = xfs_calc_dquots_per_chunk(bp->b_length);
166 :
167 384567851 : for (i = 0; i < ndquots; i++, d++) {
168 372274699 : if (!xfs_verify_cksum((char *)d, sizeof(struct xfs_dqblk),
169 : XFS_DQUOT_CRC_OFF)) {
170 3441 : if (!readahead)
171 18 : xfs_buf_verifier_error(bp, -EFSBADCRC, __func__,
172 9 : d, sizeof(*d), __this_address);
173 3441 : return false;
174 : }
175 : }
176 : return true;
177 : }
178 :
179 : STATIC xfs_failaddr_t
180 37825256 : xfs_dquot_buf_verify(
181 : struct xfs_mount *mp,
182 : struct xfs_buf *bp,
183 : bool readahead)
184 : {
185 37825256 : struct xfs_dqblk *dqb = bp->b_addr;
186 37825256 : xfs_failaddr_t fa;
187 37825256 : xfs_dqid_t id = 0;
188 37825256 : int ndquots;
189 37825256 : int i;
190 :
191 : /*
192 : * if we are in log recovery, the quota subsystem has not been
193 : * initialised so we have no quotainfo structure. In that case, we need
194 : * to manually calculate the number of dquots in the buffer.
195 : */
196 37825256 : if (mp->m_quotainfo)
197 32184517 : ndquots = mp->m_quotainfo->qi_dqperchunk;
198 : else
199 5640739 : ndquots = xfs_calc_dquots_per_chunk(bp->b_length);
200 :
201 : /*
202 : * On the first read of the buffer, verify that each dquot is valid.
203 : * We don't know what the id of the dquot is supposed to be, just that
204 : * they should be increasing monotonically within the buffer. If the
205 : * first id is corrupt, then it will fail on the second dquot in the
206 : * buffer so corruptions could point to the wrong dquot in this case.
207 : */
208 1203631938 : for (i = 0; i < ndquots; i++) {
209 1165806573 : struct xfs_disk_dquot *ddq;
210 :
211 1165806573 : ddq = &dqb[i].dd_diskdq;
212 :
213 1165806573 : if (i == 0)
214 37825263 : id = be32_to_cpu(ddq->d_id);
215 :
216 1165806573 : fa = xfs_dqblk_verify(mp, &dqb[i], id + i);
217 1165806686 : if (fa) {
218 4 : if (!readahead)
219 0 : xfs_buf_verifier_error(bp, -EFSCORRUPTED,
220 : __func__, &dqb[i],
221 : sizeof(struct xfs_dqblk), fa);
222 4 : return fa;
223 : }
224 : }
225 :
226 : return NULL;
227 : }
228 :
229 : static xfs_failaddr_t
230 0 : xfs_dquot_buf_verify_struct(
231 : struct xfs_buf *bp)
232 : {
233 0 : struct xfs_mount *mp = bp->b_mount;
234 :
235 0 : return xfs_dquot_buf_verify(mp, bp, false);
236 : }
237 :
238 : static void
239 11476633 : xfs_dquot_buf_read_verify(
240 : struct xfs_buf *bp)
241 : {
242 11476633 : struct xfs_mount *mp = bp->b_mount;
243 :
244 11476633 : if (!xfs_dquot_buf_verify_crc(mp, bp, false))
245 : return;
246 11476624 : xfs_dquot_buf_verify(mp, bp, false);
247 : }
248 :
249 : /*
250 : * readahead errors are silent and simply leave the buffer as !done so a real
251 : * read will then be run with the xfs_dquot_buf_ops verifier. See
252 : * xfs_inode_buf_verify() for why we use EIO and ~XBF_DONE here rather than
253 : * reporting the failure.
254 : */
255 : static void
256 819974 : xfs_dquot_buf_readahead_verify(
257 : struct xfs_buf *bp)
258 : {
259 819974 : struct xfs_mount *mp = bp->b_mount;
260 :
261 1636516 : if (!xfs_dquot_buf_verify_crc(mp, bp, true) ||
262 816542 : xfs_dquot_buf_verify(mp, bp, true) != NULL) {
263 3436 : xfs_buf_ioerror(bp, -EIO);
264 3436 : bp->b_flags &= ~XBF_DONE;
265 : }
266 819974 : }
267 :
268 : /*
269 : * we don't calculate the CRC here as that is done when the dquot is flushed to
270 : * the buffer after the update is done. This ensures that the dquot in the
271 : * buffer always has an up-to-date CRC value.
272 : */
273 : static void
274 25532228 : xfs_dquot_buf_write_verify(
275 : struct xfs_buf *bp)
276 : {
277 25532228 : struct xfs_mount *mp = bp->b_mount;
278 :
279 25532228 : xfs_dquot_buf_verify(mp, bp, false);
280 25532231 : }
281 :
282 : const struct xfs_buf_ops xfs_dquot_buf_ops = {
283 : .name = "xfs_dquot",
284 : .magic16 = { cpu_to_be16(XFS_DQUOT_MAGIC),
285 : cpu_to_be16(XFS_DQUOT_MAGIC) },
286 : .verify_read = xfs_dquot_buf_read_verify,
287 : .verify_write = xfs_dquot_buf_write_verify,
288 : .verify_struct = xfs_dquot_buf_verify_struct,
289 : };
290 :
291 : const struct xfs_buf_ops xfs_dquot_buf_ra_ops = {
292 : .name = "xfs_dquot_ra",
293 : .magic16 = { cpu_to_be16(XFS_DQUOT_MAGIC),
294 : cpu_to_be16(XFS_DQUOT_MAGIC) },
295 : .verify_read = xfs_dquot_buf_readahead_verify,
296 : .verify_write = xfs_dquot_buf_write_verify,
297 : };
298 :
299 : /* Convert an on-disk timer value into an incore timer value. */
300 : time64_t
301 50895425 : xfs_dquot_from_disk_ts(
302 : struct xfs_disk_dquot *ddq,
303 : __be32 dtimer)
304 : {
305 50895425 : uint32_t t = be32_to_cpu(dtimer);
306 :
307 50895425 : if (t != 0 && (ddq->d_type & XFS_DQTYPE_BIGTIME))
308 228 : return xfs_dq_bigtime_to_unix(t);
309 :
310 50895197 : return t;
311 : }
312 :
313 : /* Convert an incore timer value into an on-disk timer value. */
314 : __be32
315 13787922378 : xfs_dquot_to_disk_ts(
316 : struct xfs_dquot *dqp,
317 : time64_t timer)
318 : {
319 13787922378 : uint32_t t = timer;
320 :
321 13787922378 : if (timer != 0 && (dqp->q_type & XFS_DQTYPE_BIGTIME))
322 9505 : t = xfs_dq_unix_to_bigtime(timer);
323 :
324 13787922378 : return cpu_to_be32(t);
325 : }
|