/*
* returns 1 if attributes got cleared
* and 0 if things are ok.
*/
int
process_attributes(
xfs_mount_t *mp,
xfs_ino_t ino,
xfs_dinode_t *dip,
blkmap_t *blkmap,
int *repair) /* returned if we did repair */
{
int err;
__u8 aformat = dip->di_aformat;
#ifdef DEBUG
xfs_attr_shortform_t *asf;
asf = (xfs_attr_shortform_t *) XFS_DFORK_APTR(dip);
#endif
if (aformat == XFS_DINODE_FMT_LOCAL) {
ASSERT(be16_to_cpu(asf->hdr.totsize) <=
XFS_DFORK_ASIZE(dip, mp));
err = process_shortform_attr(mp, ino, dip, repair);
} else if (aformat == XFS_DINODE_FMT_EXTENTS ||
aformat == XFS_DINODE_FMT_BTREE) {
err = process_longform_attr(mp, ino, dip, blkmap,
repair);
/* if err, convert this to shortform and clear it */
/* if repair and no error, it's taken care of */
} else {
do_warn(_("illegal attribute format %d, ino %" PRIu64 "\n"),
aformat, ino);
err = 1;
}
return (err); /* and repair */
}
int
inode_a_size(
void *obj,
int startoff,
int idx)
{
xfs_attr_shortform_t *asf;
xfs_dinode_t *dip;
ASSERT(startoff == 0);
ASSERT(idx == 0);
dip = obj;
switch (dip->di_aformat) {
case XFS_DINODE_FMT_LOCAL:
asf = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);
return bitize(be16_to_cpu(asf->hdr.totsize));
case XFS_DINODE_FMT_EXTENTS:
return (int)be16_to_cpu(dip->di_anextents) *
bitsz(xfs_bmbt_rec_t);
case XFS_DINODE_FMT_BTREE:
return bitize((int)XFS_DFORK_ASIZE(dip, mp));
default:
return 0;
}
}
static int
inode_a_offset(
void *obj,
int startoff,
int idx)
{
xfs_dinode_t *dip;
ASSERT(startoff == 0);
ASSERT(idx == 0);
dip = obj;
ASSERT(XFS_DFORK_Q(dip));
return bitize((int)((char *)XFS_DFORK_APTR(dip) - (char *)dip));
}
static int
inode_a_sfattr_count(
void *obj,
int startoff)
{
xfs_dinode_t *dip;
ASSERT(bitoffs(startoff) == 0);
ASSERT(obj == iocur_top->data);
dip = obj;
if (!XFS_DFORK_Q(dip))
return 0;
ASSERT((char *)XFS_DFORK_APTR(dip) - (char *)dip == byteize(startoff));
return dip->di_aformat == XFS_DINODE_FMT_LOCAL;
}
static int
inode_a_bmx_count(
void *obj,
int startoff)
{
xfs_dinode_t *dip;
ASSERT(bitoffs(startoff) == 0);
ASSERT(obj == iocur_top->data);
dip = obj;
if (!XFS_DFORK_Q(dip))
return 0;
ASSERT((char *)XFS_DFORK_APTR(dip) - (char *)dip == byteize(startoff));
return dip->di_aformat == XFS_DINODE_FMT_EXTENTS ?
be16_to_cpu(dip->di_anextents) : 0;
}
char *
xfs_dfork_aptr(xfs_dinode_t *dip)
{
return XFS_DFORK_APTR(dip);
}
/* Scrub all the ondisk inode fields. */
STATIC void
xchk_dinode(
struct xfs_scrub *sc,
struct xfs_dinode *dip,
xfs_ino_t ino)
{
struct xfs_mount *mp = sc->mp;
size_t fork_recs;
unsigned long long isize;
uint64_t flags2;
uint32_t nextents;
uint16_t flags;
uint16_t mode;
flags = be16_to_cpu(dip->di_flags);
if (dip->di_version >= 3)
flags2 = be64_to_cpu(dip->di_flags2);
else
flags2 = 0;
/* di_mode */
mode = be16_to_cpu(dip->di_mode);
switch (mode & S_IFMT) {
case S_IFLNK:
case S_IFREG:
case S_IFDIR:
case S_IFCHR:
case S_IFBLK:
case S_IFIFO:
case S_IFSOCK:
/* mode is recognized */
break;
default:
xchk_ino_set_corrupt(sc, ino);
break;
}
/* v1/v2 fields */
switch (dip->di_version) {
case 1:
/*
* We autoconvert v1 inodes into v2 inodes on writeout,
* so just mark this inode for preening.
*/
xchk_ino_set_preen(sc, ino);
break;
case 2:
case 3:
if (dip->di_onlink != 0)
xchk_ino_set_corrupt(sc, ino);
if (dip->di_mode == 0 && sc->ip)
xchk_ino_set_corrupt(sc, ino);
if (dip->di_projid_hi != 0 &&
!xfs_sb_version_hasprojid32bit(&mp->m_sb))
xchk_ino_set_corrupt(sc, ino);
break;
default:
xchk_ino_set_corrupt(sc, ino);
return;
}
/*
* di_uid/di_gid -- -1 isn't invalid, but there's no way that
* userspace could have created that.
*/
if (dip->di_uid == cpu_to_be32(-1U) ||
dip->di_gid == cpu_to_be32(-1U))
xchk_ino_set_warning(sc, ino);
/* di_format */
switch (dip->di_format) {
case XFS_DINODE_FMT_DEV:
if (!S_ISCHR(mode) && !S_ISBLK(mode) &&
!S_ISFIFO(mode) && !S_ISSOCK(mode))
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_LOCAL:
if (!S_ISDIR(mode) && !S_ISLNK(mode))
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_EXTENTS:
if (!S_ISREG(mode) && !S_ISDIR(mode) && !S_ISLNK(mode))
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_BTREE:
if (!S_ISREG(mode) && !S_ISDIR(mode))
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_UUID:
default:
xchk_ino_set_corrupt(sc, ino);
break;
}
/* di_[amc]time.nsec */
if (be32_to_cpu(dip->di_atime.t_nsec) >= NSEC_PER_SEC)
xchk_ino_set_corrupt(sc, ino);
if (be32_to_cpu(dip->di_mtime.t_nsec) >= NSEC_PER_SEC)
xchk_ino_set_corrupt(sc, ino);
if (be32_to_cpu(dip->di_ctime.t_nsec) >= NSEC_PER_SEC)
xchk_ino_set_corrupt(sc, ino);
/*
* di_size. xfs_dinode_verify checks for things that screw up
* the VFS such as the upper bit being set and zero-length
* symlinks/directories, but we can do more here.
*/
isize = be64_to_cpu(dip->di_size);
if (isize & (1ULL << 63))
xchk_ino_set_corrupt(sc, ino);
/* Devices, fifos, and sockets must have zero size */
if (!S_ISDIR(mode) && !S_ISREG(mode) && !S_ISLNK(mode) && isize != 0)
xchk_ino_set_corrupt(sc, ino);
/* Directories can't be larger than the data section size (32G) */
if (S_ISDIR(mode) && (isize == 0 || isize >= XFS_DIR2_SPACE_SIZE))
xchk_ino_set_corrupt(sc, ino);
/* Symlinks can't be larger than SYMLINK_MAXLEN */
if (S_ISLNK(mode) && (isize == 0 || isize >= XFS_SYMLINK_MAXLEN))
xchk_ino_set_corrupt(sc, ino);
/*
* Warn if the running kernel can't handle the kinds of offsets
* needed to deal with the file size. In other words, if the
* pagecache can't cache all the blocks in this file due to
* overly large offsets, flag the inode for admin review.
*/
if (isize >= mp->m_super->s_maxbytes)
xchk_ino_set_warning(sc, ino);
/* di_nblocks */
if (flags2 & XFS_DIFLAG2_REFLINK) {
; /* nblocks can exceed dblocks */
} else if (flags & XFS_DIFLAG_REALTIME) {
/*
* nblocks is the sum of data extents (in the rtdev),
* attr extents (in the datadev), and both forks' bmbt
* blocks (in the datadev). This clumsy check is the
* best we can do without cross-referencing with the
* inode forks.
*/
if (be64_to_cpu(dip->di_nblocks) >=
mp->m_sb.sb_dblocks + mp->m_sb.sb_rblocks)
xchk_ino_set_corrupt(sc, ino);
} else {
if (be64_to_cpu(dip->di_nblocks) >= mp->m_sb.sb_dblocks)
xchk_ino_set_corrupt(sc, ino);
}
xchk_inode_flags(sc, dip, ino, mode, flags);
xchk_inode_extsize(sc, dip, ino, mode, flags);
/* di_nextents */
nextents = be32_to_cpu(dip->di_nextents);
fork_recs = XFS_DFORK_DSIZE(dip, mp) / sizeof(struct xfs_bmbt_rec);
switch (dip->di_format) {
case XFS_DINODE_FMT_EXTENTS:
if (nextents > fork_recs)
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_BTREE:
if (nextents <= fork_recs)
xchk_ino_set_corrupt(sc, ino);
break;
default:
if (nextents != 0)
xchk_ino_set_corrupt(sc, ino);
break;
}
/* di_forkoff */
if (XFS_DFORK_APTR(dip) >= (char *)dip + mp->m_sb.sb_inodesize)
xchk_ino_set_corrupt(sc, ino);
if (dip->di_anextents != 0 && dip->di_forkoff == 0)
xchk_ino_set_corrupt(sc, ino);
if (dip->di_forkoff == 0 && dip->di_aformat != XFS_DINODE_FMT_EXTENTS)
xchk_ino_set_corrupt(sc, ino);
/* di_aformat */
if (dip->di_aformat != XFS_DINODE_FMT_LOCAL &&
dip->di_aformat != XFS_DINODE_FMT_EXTENTS &&
dip->di_aformat != XFS_DINODE_FMT_BTREE)
xchk_ino_set_corrupt(sc, ino);
/* di_anextents */
nextents = be16_to_cpu(dip->di_anextents);
fork_recs = XFS_DFORK_ASIZE(dip, mp) / sizeof(struct xfs_bmbt_rec);
switch (dip->di_aformat) {
case XFS_DINODE_FMT_EXTENTS:
if (nextents > fork_recs)
xchk_ino_set_corrupt(sc, ino);
break;
case XFS_DINODE_FMT_BTREE:
if (nextents <= fork_recs)
xchk_ino_set_corrupt(sc, ino);
break;
default:
if (nextents != 0)
xchk_ino_set_corrupt(sc, ino);
}
if (dip->di_version >= 3) {
if (be32_to_cpu(dip->di_crtime.t_nsec) >= NSEC_PER_SEC)
xchk_ino_set_corrupt(sc, ino);
xchk_inode_flags2(sc, dip, ino, mode, flags, flags2);
xchk_inode_cowextsize(sc, dip, ino, mode, flags,
flags2);
}
}
/*
* this routine validates the attributes in shortform format.
* a non-zero return repair value means certain attributes are bogus
* and were cleared if possible. Warnings do not generate error conditions
* if you cannot modify the structures. repair is set to 1, if anything
* was fixed.
*/
static int
process_shortform_attr(
struct xfs_mount *mp,
xfs_ino_t ino,
xfs_dinode_t *dip,
int *repair)
{
xfs_attr_shortform_t *asf;
xfs_attr_sf_entry_t *currententry, *nextentry, *tempentry;
int i, junkit;
int currentsize, remainingspace;
*repair = 0;
asf = (xfs_attr_shortform_t *) XFS_DFORK_APTR(dip);
/* Assumption: hdr.totsize is less than a leaf block and was checked
* by lclinode for valid sizes. Check the count though.
*/
if (asf->hdr.count == 0)
/* then the total size should just be the header length */
if (be16_to_cpu(asf->hdr.totsize) != sizeof(xfs_attr_sf_hdr_t)) {
/* whoops there's a discrepancy. Clear the hdr */
if (!no_modify) {
do_warn(
_("there are no attributes in the fork for inode %" PRIu64 "\n"),
ino);
asf->hdr.totsize =
cpu_to_be16(sizeof(xfs_attr_sf_hdr_t));
*repair = 1;
return(1);
} else {
do_warn(
_("would junk the attribute fork since count is 0 for inode %" PRIu64 "\n"),
ino);
return(1);
}
}
currentsize = sizeof(xfs_attr_sf_hdr_t);
remainingspace = be16_to_cpu(asf->hdr.totsize) - currentsize;
nextentry = &asf->list[0];
for (i = 0; i < asf->hdr.count; i++) {
currententry = nextentry;
junkit = 0;
/* don't go off the end if the hdr.count was off */
if ((currentsize + (sizeof(xfs_attr_sf_entry_t) - 1)) >
be16_to_cpu(asf->hdr.totsize))
break; /* get out and reset count and totSize */
/* if the namelen is 0, can't get to the rest of the entries */
if (currententry->namelen == 0) {
do_warn(_("zero length name entry in attribute fork,"));
if (!no_modify) {
do_warn(
_(" truncating attributes for inode %" PRIu64 " to %d\n"), ino, i);
*repair = 1;
break; /* and then update hdr fields */
} else {
do_warn(
_(" would truncate attributes for inode %" PRIu64 " to %d\n"), ino, i);
break;
}
} else {
/* It's okay to have a 0 length valuelen, but do a
* rough check to make sure we haven't gone outside of
* totsize.
*/
if (remainingspace < currententry->namelen ||
((remainingspace - currententry->
namelen) < currententry->valuelen)) {
do_warn(
_("name or value attribute lengths are too large,\n"));
if (!no_modify) {
do_warn(
_(" truncating attributes for inode %" PRIu64 " to %d\n"),
ino, i);
*repair = 1;
break; /* and then update hdr fields */
} else {
do_warn(
_(" would truncate attributes for inode %" PRIu64 " to %d\n"),
ino, i);
break;
}
}
}
/* namecheck checks for / and null terminated for file names.
* attributes names currently follow the same rules.
*/
if (namecheck((char *)¤tentry->nameval[0],
currententry->namelen)) {
do_warn(
_("entry contains illegal character in shortform attribute name\n"));
junkit = 1;
}
if (currententry->flags & XFS_ATTR_INCOMPLETE) {
do_warn(
_("entry has INCOMPLETE flag on in shortform attribute\n"));
junkit = 1;
}
/* Only check values for root security attributes */
if (currententry->flags & XFS_ATTR_ROOT)
junkit |= valuecheck(mp,
(char *)¤tentry->nameval[0],
NULL, currententry->namelen,
currententry->valuelen);
remainingspace = remainingspace -
XFS_ATTR_SF_ENTSIZE(currententry);
if (junkit) {
if (!no_modify) {
/* get rid of only this entry */
do_warn(
_("removing attribute entry %d for inode %" PRIu64 "\n"),
i, ino);
tempentry = (xfs_attr_sf_entry_t *)
((intptr_t) currententry +
XFS_ATTR_SF_ENTSIZE(currententry));
memmove(currententry,tempentry,remainingspace);
asf->hdr.count -= 1;
i--; /* no worries, it will wrap back to 0 */
*repair = 1;
continue; /* go back up now */
} else {
do_warn(
_("would remove attribute entry %d for inode %" PRIu64 "\n"),
i, ino);
}
}
/* Let's get ready for the next entry... */
nextentry = (xfs_attr_sf_entry_t *)((intptr_t) nextentry +
XFS_ATTR_SF_ENTSIZE(currententry));
currentsize = currentsize + XFS_ATTR_SF_ENTSIZE(currententry);
} /* end the loop */
if (asf->hdr.count != i) {
if (no_modify) {
do_warn(
_("would have corrected attribute entry count in inode %" PRIu64 " from %d to %d\n"),
ino, asf->hdr.count, i);
} else {
do_warn(
_("corrected attribute entry count in inode %" PRIu64 ", was %d, now %d\n"),
ino, asf->hdr.count, i);
asf->hdr.count = i;
*repair = 1;
}
}
/* ASSUMPTION: currentsize <= totsize */
if (be16_to_cpu(asf->hdr.totsize) != currentsize) {
if (no_modify) {
do_warn(
_("would have corrected attribute totsize in inode %" PRIu64 " from %d to %d\n"),
ino, be16_to_cpu(asf->hdr.totsize),
currentsize);
} else {
do_warn(
_("corrected attribute entry totsize in inode %" PRIu64 ", was %d, now %d\n"),
ino, be16_to_cpu(asf->hdr.totsize),
currentsize);
asf->hdr.totsize = cpu_to_be16(currentsize);
*repair = 1;
}
}
return(*repair);
}
