/* * returns 1 if attributes got cleared * and 0 if things are ok. */ int process_attributes( xfs_mount_t *mp, xfs_ino_t ino, xfs_dinode_t *dip, blkmap_t *blkmap, int *repair) /* returned if we did repair */ { int err; __u8 aformat = dip->di_aformat; #ifdef DEBUG xfs_attr_shortform_t *asf; asf = (xfs_attr_shortform_t *) XFS_DFORK_APTR(dip); #endif if (aformat == XFS_DINODE_FMT_LOCAL) { ASSERT(be16_to_cpu(asf->hdr.totsize) <= XFS_DFORK_ASIZE(dip, mp)); err = process_shortform_attr(mp, ino, dip, repair); } else if (aformat == XFS_DINODE_FMT_EXTENTS || aformat == XFS_DINODE_FMT_BTREE) { err = process_longform_attr(mp, ino, dip, blkmap, repair); /* if err, convert this to shortform and clear it */ /* if repair and no error, it's taken care of */ } else { do_warn(_("illegal attribute format %d, ino %" PRIu64 "\n"), aformat, ino); err = 1; } return (err); /* and repair */ }
int inode_a_size( void *obj, int startoff, int idx) { xfs_attr_shortform_t *asf; xfs_dinode_t *dip; ASSERT(startoff == 0); ASSERT(idx == 0); dip = obj; switch (dip->di_aformat) { case XFS_DINODE_FMT_LOCAL: asf = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip); return bitize(be16_to_cpu(asf->hdr.totsize)); case XFS_DINODE_FMT_EXTENTS: return (int)be16_to_cpu(dip->di_anextents) * bitsz(xfs_bmbt_rec_t); case XFS_DINODE_FMT_BTREE: return bitize((int)XFS_DFORK_ASIZE(dip, mp)); default: return 0; } }
static int inode_a_offset( void *obj, int startoff, int idx) { xfs_dinode_t *dip; ASSERT(startoff == 0); ASSERT(idx == 0); dip = obj; ASSERT(XFS_DFORK_Q(dip)); return bitize((int)((char *)XFS_DFORK_APTR(dip) - (char *)dip)); }
static int inode_a_sfattr_count( void *obj, int startoff) { xfs_dinode_t *dip; ASSERT(bitoffs(startoff) == 0); ASSERT(obj == iocur_top->data); dip = obj; if (!XFS_DFORK_Q(dip)) return 0; ASSERT((char *)XFS_DFORK_APTR(dip) - (char *)dip == byteize(startoff)); return dip->di_aformat == XFS_DINODE_FMT_LOCAL; }
static int inode_a_bmx_count( void *obj, int startoff) { xfs_dinode_t *dip; ASSERT(bitoffs(startoff) == 0); ASSERT(obj == iocur_top->data); dip = obj; if (!XFS_DFORK_Q(dip)) return 0; ASSERT((char *)XFS_DFORK_APTR(dip) - (char *)dip == byteize(startoff)); return dip->di_aformat == XFS_DINODE_FMT_EXTENTS ? be16_to_cpu(dip->di_anextents) : 0; }
char * xfs_dfork_aptr(xfs_dinode_t *dip) { return XFS_DFORK_APTR(dip); }
/* Scrub all the ondisk inode fields. */ STATIC void xchk_dinode( struct xfs_scrub *sc, struct xfs_dinode *dip, xfs_ino_t ino) { struct xfs_mount *mp = sc->mp; size_t fork_recs; unsigned long long isize; uint64_t flags2; uint32_t nextents; uint16_t flags; uint16_t mode; flags = be16_to_cpu(dip->di_flags); if (dip->di_version >= 3) flags2 = be64_to_cpu(dip->di_flags2); else flags2 = 0; /* di_mode */ mode = be16_to_cpu(dip->di_mode); switch (mode & S_IFMT) { case S_IFLNK: case S_IFREG: case S_IFDIR: case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK: /* mode is recognized */ break; default: xchk_ino_set_corrupt(sc, ino); break; } /* v1/v2 fields */ switch (dip->di_version) { case 1: /* * We autoconvert v1 inodes into v2 inodes on writeout, * so just mark this inode for preening. */ xchk_ino_set_preen(sc, ino); break; case 2: case 3: if (dip->di_onlink != 0) xchk_ino_set_corrupt(sc, ino); if (dip->di_mode == 0 && sc->ip) xchk_ino_set_corrupt(sc, ino); if (dip->di_projid_hi != 0 && !xfs_sb_version_hasprojid32bit(&mp->m_sb)) xchk_ino_set_corrupt(sc, ino); break; default: xchk_ino_set_corrupt(sc, ino); return; } /* * di_uid/di_gid -- -1 isn't invalid, but there's no way that * userspace could have created that. */ if (dip->di_uid == cpu_to_be32(-1U) || dip->di_gid == cpu_to_be32(-1U)) xchk_ino_set_warning(sc, ino); /* di_format */ switch (dip->di_format) { case XFS_DINODE_FMT_DEV: if (!S_ISCHR(mode) && !S_ISBLK(mode) && !S_ISFIFO(mode) && !S_ISSOCK(mode)) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_LOCAL: if (!S_ISDIR(mode) && !S_ISLNK(mode)) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_EXTENTS: if (!S_ISREG(mode) && !S_ISDIR(mode) && !S_ISLNK(mode)) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_BTREE: if (!S_ISREG(mode) && !S_ISDIR(mode)) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_UUID: default: xchk_ino_set_corrupt(sc, ino); break; } /* di_[amc]time.nsec */ if (be32_to_cpu(dip->di_atime.t_nsec) >= NSEC_PER_SEC) xchk_ino_set_corrupt(sc, ino); if (be32_to_cpu(dip->di_mtime.t_nsec) >= NSEC_PER_SEC) xchk_ino_set_corrupt(sc, ino); if (be32_to_cpu(dip->di_ctime.t_nsec) >= NSEC_PER_SEC) xchk_ino_set_corrupt(sc, ino); /* * di_size. xfs_dinode_verify checks for things that screw up * the VFS such as the upper bit being set and zero-length * symlinks/directories, but we can do more here. */ isize = be64_to_cpu(dip->di_size); if (isize & (1ULL << 63)) xchk_ino_set_corrupt(sc, ino); /* Devices, fifos, and sockets must have zero size */ if (!S_ISDIR(mode) && !S_ISREG(mode) && !S_ISLNK(mode) && isize != 0) xchk_ino_set_corrupt(sc, ino); /* Directories can't be larger than the data section size (32G) */ if (S_ISDIR(mode) && (isize == 0 || isize >= XFS_DIR2_SPACE_SIZE)) xchk_ino_set_corrupt(sc, ino); /* Symlinks can't be larger than SYMLINK_MAXLEN */ if (S_ISLNK(mode) && (isize == 0 || isize >= XFS_SYMLINK_MAXLEN)) xchk_ino_set_corrupt(sc, ino); /* * Warn if the running kernel can't handle the kinds of offsets * needed to deal with the file size. In other words, if the * pagecache can't cache all the blocks in this file due to * overly large offsets, flag the inode for admin review. */ if (isize >= mp->m_super->s_maxbytes) xchk_ino_set_warning(sc, ino); /* di_nblocks */ if (flags2 & XFS_DIFLAG2_REFLINK) { ; /* nblocks can exceed dblocks */ } else if (flags & XFS_DIFLAG_REALTIME) { /* * nblocks is the sum of data extents (in the rtdev), * attr extents (in the datadev), and both forks' bmbt * blocks (in the datadev). This clumsy check is the * best we can do without cross-referencing with the * inode forks. */ if (be64_to_cpu(dip->di_nblocks) >= mp->m_sb.sb_dblocks + mp->m_sb.sb_rblocks) xchk_ino_set_corrupt(sc, ino); } else { if (be64_to_cpu(dip->di_nblocks) >= mp->m_sb.sb_dblocks) xchk_ino_set_corrupt(sc, ino); } xchk_inode_flags(sc, dip, ino, mode, flags); xchk_inode_extsize(sc, dip, ino, mode, flags); /* di_nextents */ nextents = be32_to_cpu(dip->di_nextents); fork_recs = XFS_DFORK_DSIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); switch (dip->di_format) { case XFS_DINODE_FMT_EXTENTS: if (nextents > fork_recs) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_BTREE: if (nextents <= fork_recs) xchk_ino_set_corrupt(sc, ino); break; default: if (nextents != 0) xchk_ino_set_corrupt(sc, ino); break; } /* di_forkoff */ if (XFS_DFORK_APTR(dip) >= (char *)dip + mp->m_sb.sb_inodesize) xchk_ino_set_corrupt(sc, ino); if (dip->di_anextents != 0 && dip->di_forkoff == 0) xchk_ino_set_corrupt(sc, ino); if (dip->di_forkoff == 0 && dip->di_aformat != XFS_DINODE_FMT_EXTENTS) xchk_ino_set_corrupt(sc, ino); /* di_aformat */ if (dip->di_aformat != XFS_DINODE_FMT_LOCAL && dip->di_aformat != XFS_DINODE_FMT_EXTENTS && dip->di_aformat != XFS_DINODE_FMT_BTREE) xchk_ino_set_corrupt(sc, ino); /* di_anextents */ nextents = be16_to_cpu(dip->di_anextents); fork_recs = XFS_DFORK_ASIZE(dip, mp) / sizeof(struct xfs_bmbt_rec); switch (dip->di_aformat) { case XFS_DINODE_FMT_EXTENTS: if (nextents > fork_recs) xchk_ino_set_corrupt(sc, ino); break; case XFS_DINODE_FMT_BTREE: if (nextents <= fork_recs) xchk_ino_set_corrupt(sc, ino); break; default: if (nextents != 0) xchk_ino_set_corrupt(sc, ino); } if (dip->di_version >= 3) { if (be32_to_cpu(dip->di_crtime.t_nsec) >= NSEC_PER_SEC) xchk_ino_set_corrupt(sc, ino); xchk_inode_flags2(sc, dip, ino, mode, flags, flags2); xchk_inode_cowextsize(sc, dip, ino, mode, flags, flags2); } }
/* * this routine validates the attributes in shortform format. * a non-zero return repair value means certain attributes are bogus * and were cleared if possible. Warnings do not generate error conditions * if you cannot modify the structures. repair is set to 1, if anything * was fixed. */ static int process_shortform_attr( struct xfs_mount *mp, xfs_ino_t ino, xfs_dinode_t *dip, int *repair) { xfs_attr_shortform_t *asf; xfs_attr_sf_entry_t *currententry, *nextentry, *tempentry; int i, junkit; int currentsize, remainingspace; *repair = 0; asf = (xfs_attr_shortform_t *) XFS_DFORK_APTR(dip); /* Assumption: hdr.totsize is less than a leaf block and was checked * by lclinode for valid sizes. Check the count though. */ if (asf->hdr.count == 0) /* then the total size should just be the header length */ if (be16_to_cpu(asf->hdr.totsize) != sizeof(xfs_attr_sf_hdr_t)) { /* whoops there's a discrepancy. Clear the hdr */ if (!no_modify) { do_warn( _("there are no attributes in the fork for inode %" PRIu64 "\n"), ino); asf->hdr.totsize = cpu_to_be16(sizeof(xfs_attr_sf_hdr_t)); *repair = 1; return(1); } else { do_warn( _("would junk the attribute fork since count is 0 for inode %" PRIu64 "\n"), ino); return(1); } } currentsize = sizeof(xfs_attr_sf_hdr_t); remainingspace = be16_to_cpu(asf->hdr.totsize) - currentsize; nextentry = &asf->list[0]; for (i = 0; i < asf->hdr.count; i++) { currententry = nextentry; junkit = 0; /* don't go off the end if the hdr.count was off */ if ((currentsize + (sizeof(xfs_attr_sf_entry_t) - 1)) > be16_to_cpu(asf->hdr.totsize)) break; /* get out and reset count and totSize */ /* if the namelen is 0, can't get to the rest of the entries */ if (currententry->namelen == 0) { do_warn(_("zero length name entry in attribute fork,")); if (!no_modify) { do_warn( _(" truncating attributes for inode %" PRIu64 " to %d\n"), ino, i); *repair = 1; break; /* and then update hdr fields */ } else { do_warn( _(" would truncate attributes for inode %" PRIu64 " to %d\n"), ino, i); break; } } else { /* It's okay to have a 0 length valuelen, but do a * rough check to make sure we haven't gone outside of * totsize. */ if (remainingspace < currententry->namelen || ((remainingspace - currententry-> namelen) < currententry->valuelen)) { do_warn( _("name or value attribute lengths are too large,\n")); if (!no_modify) { do_warn( _(" truncating attributes for inode %" PRIu64 " to %d\n"), ino, i); *repair = 1; break; /* and then update hdr fields */ } else { do_warn( _(" would truncate attributes for inode %" PRIu64 " to %d\n"), ino, i); break; } } } /* namecheck checks for / and null terminated for file names. * attributes names currently follow the same rules. */ if (namecheck((char *)¤tentry->nameval[0], currententry->namelen)) { do_warn( _("entry contains illegal character in shortform attribute name\n")); junkit = 1; } if (currententry->flags & XFS_ATTR_INCOMPLETE) { do_warn( _("entry has INCOMPLETE flag on in shortform attribute\n")); junkit = 1; } /* Only check values for root security attributes */ if (currententry->flags & XFS_ATTR_ROOT) junkit |= valuecheck(mp, (char *)¤tentry->nameval[0], NULL, currententry->namelen, currententry->valuelen); remainingspace = remainingspace - XFS_ATTR_SF_ENTSIZE(currententry); if (junkit) { if (!no_modify) { /* get rid of only this entry */ do_warn( _("removing attribute entry %d for inode %" PRIu64 "\n"), i, ino); tempentry = (xfs_attr_sf_entry_t *) ((intptr_t) currententry + XFS_ATTR_SF_ENTSIZE(currententry)); memmove(currententry,tempentry,remainingspace); asf->hdr.count -= 1; i--; /* no worries, it will wrap back to 0 */ *repair = 1; continue; /* go back up now */ } else { do_warn( _("would remove attribute entry %d for inode %" PRIu64 "\n"), i, ino); } } /* Let's get ready for the next entry... */ nextentry = (xfs_attr_sf_entry_t *)((intptr_t) nextentry + XFS_ATTR_SF_ENTSIZE(currententry)); currentsize = currentsize + XFS_ATTR_SF_ENTSIZE(currententry); } /* end the loop */ if (asf->hdr.count != i) { if (no_modify) { do_warn( _("would have corrected attribute entry count in inode %" PRIu64 " from %d to %d\n"), ino, asf->hdr.count, i); } else { do_warn( _("corrected attribute entry count in inode %" PRIu64 ", was %d, now %d\n"), ino, asf->hdr.count, i); asf->hdr.count = i; *repair = 1; } } /* ASSUMPTION: currentsize <= totsize */ if (be16_to_cpu(asf->hdr.totsize) != currentsize) { if (no_modify) { do_warn( _("would have corrected attribute totsize in inode %" PRIu64 " from %d to %d\n"), ino, be16_to_cpu(asf->hdr.totsize), currentsize); } else { do_warn( _("corrected attribute entry totsize in inode %" PRIu64 ", was %d, now %d\n"), ino, be16_to_cpu(asf->hdr.totsize), currentsize); asf->hdr.totsize = cpu_to_be16(currentsize); *repair = 1; } } return(*repair); }