From: "Darrick J. Wong" <djwong@kernel.org>
To: cem@kernel.org, djwong@kernel.org
Cc: Dave Chinner <dchinner@redhat.com>, linux-xfs@vger.kernel.org
Subject: [PATCH 19/24] xfs: check record domain when accessing refcount records
Date: Tue, 08 Nov 2022 18:07:28 -0800 [thread overview]
Message-ID: <166795964870.3761583.7630465137549563227.stgit@magnolia> (raw)
In-Reply-To: <166795954256.3761583.3551179546135782562.stgit@magnolia>
From: Darrick J. Wong <djwong@kernel.org>
Source kernel commit: 607646ffbb04dd01e73c53f6ae22cfa63f44dfbd
Now that we've separated the startblock and CoW/shared extent domain in
the incore refcount record structure, check the domain whenever we
retrieve a record to ensure that it's still in the domain that we want.
Depending on the circumstances, a change in domain either means we're
done processing or that we've found a corruption and need to fail out.
The refcount check in xchk_xref_is_cow_staging is redundant since
_get_rec has done that for a long time now, so we can get rid of it.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
---
libxfs/xfs_refcount.c | 53 ++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 41 insertions(+), 12 deletions(-)
diff --git a/libxfs/xfs_refcount.c b/libxfs/xfs_refcount.c
index 192014d00c..179b686792 100644
--- a/libxfs/xfs_refcount.c
+++ b/libxfs/xfs_refcount.c
@@ -380,6 +380,8 @@ xfs_refcount_split_extent(
error = -EFSCORRUPTED;
goto out_error;
}
+ if (rcext.rc_domain != domain)
+ return 0;
if (rcext.rc_startblock == agbno || xfs_refc_next(&rcext) <= agbno)
return 0;
@@ -431,6 +433,9 @@ xfs_refcount_merge_center_extents(
trace_xfs_refcount_merge_center_extents(cur->bc_mp,
cur->bc_ag.pag->pag_agno, left, center, right);
+ ASSERT(left->rc_domain == center->rc_domain);
+ ASSERT(right->rc_domain == center->rc_domain);
+
/*
* Make sure the center and right extents are not in the btree.
* If the center extent was synthesized, the first delete call
@@ -507,6 +512,8 @@ xfs_refcount_merge_left_extent(
trace_xfs_refcount_merge_left_extent(cur->bc_mp,
cur->bc_ag.pag->pag_agno, left, cleft);
+ ASSERT(left->rc_domain == cleft->rc_domain);
+
/* If the extent at agbno (cleft) wasn't synthesized, remove it. */
if (cleft->rc_refcount > 1) {
error = xfs_refcount_lookup_le(cur, cleft->rc_domain,
@@ -568,6 +575,8 @@ xfs_refcount_merge_right_extent(
trace_xfs_refcount_merge_right_extent(cur->bc_mp,
cur->bc_ag.pag->pag_agno, cright, right);
+ ASSERT(right->rc_domain == cright->rc_domain);
+
/*
* If the extent ending at agbno+aglen (cright) wasn't synthesized,
* remove it.
@@ -648,12 +657,10 @@ xfs_refcount_find_left_extents(
goto out_error;
}
+ if (tmp.rc_domain != domain)
+ return 0;
if (xfs_refc_next(&tmp) != agbno)
return 0;
- if (domain == XFS_REFC_DOMAIN_SHARED && tmp.rc_refcount < 2)
- return 0;
- if (domain == XFS_REFC_DOMAIN_COW && tmp.rc_refcount > 1)
- return 0;
/* We have a left extent; retrieve (or invent) the next right one */
*left = tmp;
@@ -669,6 +676,9 @@ xfs_refcount_find_left_extents(
goto out_error;
}
+ if (tmp.rc_domain != domain)
+ goto not_found;
+
/* if tmp starts at the end of our range, just use that */
if (tmp.rc_startblock == agbno)
*cleft = tmp;
@@ -688,6 +698,7 @@ xfs_refcount_find_left_extents(
cleft->rc_domain = domain;
}
} else {
+not_found:
/*
* No extents, so pretend that there's one covering the whole
* range.
@@ -739,12 +750,10 @@ xfs_refcount_find_right_extents(
goto out_error;
}
+ if (tmp.rc_domain != domain)
+ return 0;
if (tmp.rc_startblock != agbno + aglen)
return 0;
- if (domain == XFS_REFC_DOMAIN_SHARED && tmp.rc_refcount < 2)
- return 0;
- if (domain == XFS_REFC_DOMAIN_COW && tmp.rc_refcount > 1)
- return 0;
/* We have a right extent; retrieve (or invent) the next left one */
*right = tmp;
@@ -760,6 +769,9 @@ xfs_refcount_find_right_extents(
goto out_error;
}
+ if (tmp.rc_domain != domain)
+ goto not_found;
+
/* if tmp ends at the end of our range, just use that */
if (xfs_refc_next(&tmp) == agbno + aglen)
*cright = tmp;
@@ -779,6 +791,7 @@ xfs_refcount_find_right_extents(
cright->rc_domain = domain;
}
} else {
+not_found:
/*
* No extents, so pretend that there's one covering the whole
* range.
@@ -888,7 +901,7 @@ xfs_refcount_merge_extents(
aglen);
}
- return error;
+ return 0;
}
/*
@@ -960,7 +973,7 @@ xfs_refcount_adjust_extents(
error = xfs_refcount_get_rec(cur, &ext, &found_rec);
if (error)
goto out_error;
- if (!found_rec) {
+ if (!found_rec || ext.rc_domain != XFS_REFC_DOMAIN_SHARED) {
ext.rc_startblock = cur->bc_mp->m_sb.sb_agblocks;
ext.rc_blockcount = 0;
ext.rc_refcount = 0;
@@ -1399,6 +1412,8 @@ xfs_refcount_find_shared(
error = -EFSCORRUPTED;
goto out_error;
}
+ if (tmp.rc_domain != XFS_REFC_DOMAIN_SHARED)
+ goto done;
/* If the extent ends before the start, look at the next one */
if (tmp.rc_startblock + tmp.rc_blockcount <= agbno) {
@@ -1414,6 +1429,8 @@ xfs_refcount_find_shared(
error = -EFSCORRUPTED;
goto out_error;
}
+ if (tmp.rc_domain != XFS_REFC_DOMAIN_SHARED)
+ goto done;
}
/* If the extent starts after the range we want, bail out */
@@ -1445,7 +1462,8 @@ xfs_refcount_find_shared(
error = -EFSCORRUPTED;
goto out_error;
}
- if (tmp.rc_startblock >= agbno + aglen ||
+ if (tmp.rc_domain != XFS_REFC_DOMAIN_SHARED ||
+ tmp.rc_startblock >= agbno + aglen ||
tmp.rc_startblock != *fbno + *flen)
break;
*flen = min(*flen + tmp.rc_blockcount, agbno + aglen - *fbno);
@@ -1536,6 +1554,11 @@ xfs_refcount_adjust_cow_extents(
error = xfs_refcount_get_rec(cur, &ext, &found_rec);
if (error)
goto out_error;
+ if (XFS_IS_CORRUPT(cur->bc_mp, found_rec &&
+ ext.rc_domain != XFS_REFC_DOMAIN_COW)) {
+ error = -EFSCORRUPTED;
+ goto out_error;
+ }
if (!found_rec) {
ext.rc_startblock = cur->bc_mp->m_sb.sb_agblocks;
ext.rc_blockcount = 0;
@@ -1745,8 +1768,14 @@ xfs_refcount_recover_extent(
rr = kmem_alloc(sizeof(struct xfs_refcount_recovery), 0);
xfs_refcount_btrec_to_irec(rec, &rr->rr_rrec);
+
+ if (XFS_IS_CORRUPT(cur->bc_mp,
+ rr->rr_rrec.rc_domain != XFS_REFC_DOMAIN_COW)) {
+ kmem_free(rr);
+ return -EFSCORRUPTED;
+ }
+
list_add_tail(&rr->rr_list, debris);
-
return 0;
}
next prev parent reply other threads:[~2022-11-09 2:07 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 2:05 [PATCHSET 00/24] xfsprogs: sync with 6.1 Darrick J. Wong
2022-11-09 2:05 ` [PATCH 01/24] xfs: clean up "%Ld/%Lu" which doesn't meet C standard Darrick J. Wong
2022-11-09 2:05 ` [PATCH 02/24] xfs: Remove the unneeded result variable Darrick J. Wong
2022-11-09 2:05 ` [PATCH 03/24] xfs: trim the mapp array accordingly in xfs_da_grow_inode_int Darrick J. Wong
2022-11-09 2:06 ` [PATCH 04/24] xfs: rearrange the logic and remove the broken comment for xfs_dir2_isxx Darrick J. Wong
2022-11-09 2:06 ` [PATCH 05/24] treewide: use prandom_u32_max() when possible, part 1 Darrick J. Wong
2022-11-09 2:06 ` [PATCH 06/24] treewide: use get_random_u32() when possible Darrick J. Wong
2022-11-09 2:06 ` [PATCH 07/24] xfs: fix exception caused by unexpected illegal bestcount in leaf dir Darrick J. Wong
2022-11-09 2:06 ` [PATCH 08/24] xfs: increase rename inode reservation Darrick J. Wong
2022-11-09 2:06 ` [PATCH 09/24] xfs: fix memcpy fortify errors in EFI log format copying Darrick J. Wong
2022-11-09 2:06 ` [PATCH 10/24] xfs: refactor all the EFI/EFD log format sizeof logic Darrick J. Wong
2022-11-09 2:06 ` [PATCH 11/24] xfs: make sure aglen never goes negative in xfs_refcount_adjust_extents Darrick J. Wong
2022-11-09 2:06 ` [PATCH 12/24] xfs: create a predicate to verify per-AG extents Darrick J. Wong
2022-11-09 2:06 ` [PATCH 13/24] xfs: check deferred refcount op continuation parameters Darrick J. Wong
2022-11-09 2:07 ` [PATCH 14/24] xfs: move _irec structs to xfs_types.h Darrick J. Wong
2022-11-09 2:07 ` [PATCH 15/24] xfs: track cow/shared record domains explicitly in xfs_refcount_irec Darrick J. Wong
2022-11-18 10:17 ` Carlos Maiolino
2022-11-21 17:05 ` Darrick J. Wong
2022-11-22 9:55 ` Carlos Maiolino
2022-11-09 2:07 ` [PATCH 16/24] xfs: report refcount domain in tracepoints Darrick J. Wong
2022-11-09 2:07 ` [PATCH 17/24] xfs: refactor domain and refcount checking Darrick J. Wong
2022-11-09 2:07 ` [PATCH 18/24] xfs: remove XFS_FIND_RCEXT_SHARED and _COW Darrick J. Wong
2022-11-09 2:07 ` Darrick J. Wong [this message]
2022-11-09 2:07 ` [PATCH 20/24] xfs: fix agblocks check in the cow leftover recovery function Darrick J. Wong
2022-11-09 2:07 ` [PATCH 21/24] xfs: fix uninitialized list head in struct xfs_refcount_recovery Darrick J. Wong
2022-11-09 2:07 ` [PATCH 22/24] xfs: rename XFS_REFC_COW_START to _COWFLAG Darrick J. Wong
2022-11-09 2:07 ` [PATCH 23/24] xfs_{db,repair}: fix XFS_REFC_COW_START usage Darrick J. Wong
2022-11-09 2:07 ` [PATCH 24/24] mkfs.xfs: add mkfs config file for the 6.1 LTS kernel Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=166795964870.3761583.7630465137549563227.stgit@magnolia \
--to=djwong@kernel.org \
--cc=cem@kernel.org \
--cc=dchinner@redhat.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.