* [RFC 00/12] xfs: more and better verifiers
@ 2017-08-17 23:31 Darrick J. Wong
2017-08-17 23:31 ` [PATCH 01/12] xfs: refactor long-format btree header verification routines Darrick J. Wong
` (12 more replies)
0 siblings, 13 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:31 UTC (permalink / raw)
To: linux-xfs, darrick.wong
Hi all,
This RFC combines all the random little fixes and improvements to the
verifiers that we've been talking about for the past month or so into a
single patch series!
We start by refactoring the long format btree block header verifier into
a single helper functionn and de-macroing dir block verifiers to make
them less shouty. Next, we change verifier functions to return the
approximate instruction pointer of the faulting test so that we can
report more precise fault information to dmesg/tracepoints. Then, we
move on to creating verifiers for all the inline format fork formats,
and create a helper function for _iget that can dispatch inline
verification. The ability to supply custom verifier functions will be
used by xfs_repair to deal with corrupt inodes. The last patch enables
us to (re)check the structure of incore metadata buffers to try to
detect memory corruption.
--D
^ permalink raw reply [flat|nested] 34+ messages in thread
* [PATCH 01/12] xfs: refactor long-format btree header verification routines
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
@ 2017-08-17 23:31 ` Darrick J. Wong
2017-08-17 23:31 ` [PATCH 02/12] xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers Darrick J. Wong
` (11 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:31 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Create two helper functions to verify the headers of a long format
btree block. We'll use this later for the realtime rmapbt.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_bmap_btree.c | 22 ++-----------------
fs/xfs/libxfs/xfs_btree.c | 47 ++++++++++++++++++++++++++++++++++++++++
fs/xfs/libxfs/xfs_btree.h | 3 +++
3 files changed, 52 insertions(+), 20 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
index eddc1df..99bdf08 100644
--- a/fs/xfs/libxfs/xfs_bmap_btree.c
+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
@@ -627,17 +627,11 @@ xfs_bmbt_verify(
switch (block->bb_magic) {
case cpu_to_be32(XFS_BMAP_CRC_MAGIC):
- if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
- if (!uuid_equal(&block->bb_u.l.bb_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
- if (be64_to_cpu(block->bb_u.l.bb_blkno) != bp->b_bn)
- return false;
/*
* XXX: need a better way of verifying the owner here. Right now
* just make sure there has been one set.
*/
- if (be64_to_cpu(block->bb_u.l.bb_owner) == 0)
+ if (!xfs_btree_lblock_v5hdr_verify(bp, XFS_RMAP_OWN_UNKNOWN))
return false;
/* fall through */
case cpu_to_be32(XFS_BMAP_MAGIC):
@@ -656,20 +650,8 @@ xfs_bmbt_verify(
level = be16_to_cpu(block->bb_level);
if (level > max(mp->m_bm_maxlevels[0], mp->m_bm_maxlevels[1]))
return false;
- if (be16_to_cpu(block->bb_numrecs) > mp->m_bmap_dmxr[level != 0])
- return false;
-
- /* sibling pointer verification */
- if (!block->bb_u.l.bb_leftsib ||
- (block->bb_u.l.bb_leftsib != cpu_to_be64(NULLFSBLOCK) &&
- !XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_leftsib))))
- return false;
- if (!block->bb_u.l.bb_rightsib ||
- (block->bb_u.l.bb_rightsib != cpu_to_be64(NULLFSBLOCK) &&
- !XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_rightsib))))
- return false;
- return true;
+ return xfs_btree_lblock_verify(bp, mp->m_bmap_dmxr[level != 0]);
}
static void
diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
index 9ba49dd..0ba9edb 100644
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -4493,6 +4493,53 @@ xfs_btree_change_owner(
&bbcoi);
}
+/* Verify the v5 fields of a long-format btree block. */
+bool
+xfs_btree_lblock_v5hdr_verify(
+ struct xfs_buf *bp,
+ uint64_t owner)
+{
+ struct xfs_mount *mp = bp->b_target->bt_mount;
+ struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+
+ if (!xfs_sb_version_hascrc(&mp->m_sb))
+ return false;
+ if (!uuid_equal(&block->bb_u.l.bb_uuid, &mp->m_sb.sb_meta_uuid))
+ return false;
+ if (block->bb_u.l.bb_blkno != cpu_to_be64(bp->b_bn))
+ return false;
+ if (owner != XFS_RMAP_OWN_UNKNOWN &&
+ be64_to_cpu(block->bb_u.l.bb_owner) != owner)
+ return false;
+ return true;
+}
+
+/* Verify a long-format btree block. */
+bool
+xfs_btree_lblock_verify(
+ struct xfs_buf *bp,
+ unsigned int max_recs)
+{
+ struct xfs_mount *mp = bp->b_target->bt_mount;
+ struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+
+ /* numrecs verification */
+ if (be16_to_cpu(block->bb_numrecs) > max_recs)
+ return false;
+
+ /* sibling pointer verification */
+ if (!block->bb_u.l.bb_leftsib ||
+ (block->bb_u.l.bb_leftsib != cpu_to_be64(NULLFSBLOCK) &&
+ !XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_leftsib))))
+ return false;
+ if (!block->bb_u.l.bb_rightsib ||
+ (block->bb_u.l.bb_rightsib != cpu_to_be64(NULLFSBLOCK) &&
+ !XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_rightsib))))
+ return false;
+
+ return true;
+}
+
/**
* xfs_btree_sblock_v5hdr_verify() -- verify the v5 fields of a short-format
* btree block
diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h
index 0575c56..0b5813e 100644
--- a/fs/xfs/libxfs/xfs_btree.h
+++ b/fs/xfs/libxfs/xfs_btree.h
@@ -480,6 +480,9 @@ static inline int xfs_btree_get_level(struct xfs_btree_block *block)
bool xfs_btree_sblock_v5hdr_verify(struct xfs_buf *bp);
bool xfs_btree_sblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+bool xfs_btree_lblock_v5hdr_verify(struct xfs_buf *bp, uint64_t owner);
+bool xfs_btree_lblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+
uint xfs_btree_compute_maxlevels(struct xfs_mount *mp, uint *limits,
unsigned long len);
unsigned long long xfs_btree_calc_size(struct xfs_mount *mp, uint *limits,
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 02/12] xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
2017-08-17 23:31 ` [PATCH 01/12] xfs: refactor long-format btree header verification routines Darrick J. Wong
@ 2017-08-17 23:31 ` Darrick J. Wong
2017-08-17 23:31 ` [PATCH 03/12] xfs: have buffer verifier functions report failing address Darrick J. Wong
` (10 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:31 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Since __xfs_dir3_data_check verifies on-disk metadata, we can't have it
noisily blowing asserts and hanging the system on corrupt data coming in
off the disk. Instead, have it return a boolean like all the other
checker functions, and only have it noisily fail if we fail in debug
mode.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_dir2_block.c | 4 --
fs/xfs/libxfs/xfs_dir2_data.c | 100 +++++++++++++++++++++-------------------
fs/xfs/libxfs/xfs_dir2_priv.h | 10 +++-
3 files changed, 61 insertions(+), 53 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
index 43c902f..e427249 100644
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -78,9 +78,7 @@ xfs_dir3_block_verify(
if (hdr3->magic != cpu_to_be32(XFS_DIR2_BLOCK_MAGIC))
return false;
}
- if (__xfs_dir3_data_check(NULL, bp))
- return false;
- return true;
+ return __xfs_dir3_data_check(NULL, bp);
}
static void
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index 8727a43..af15f705 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -36,9 +36,9 @@
/*
* Check the consistency of the data block.
* The input can also be a block-format directory.
- * Return 0 is the buffer is good, otherwise an error.
+ * Return true if the buffer is good.
*/
-int
+bool
__xfs_dir3_data_check(
struct xfs_inode *dp, /* incore inode pointer */
struct xfs_buf *bp) /* data block's buffer */
@@ -90,16 +90,16 @@ __xfs_dir3_data_check(
* so just ensure that the count falls somewhere inside the
* block right now.
*/
- XFS_WANT_CORRUPTED_RETURN(mp, be32_to_cpu(btp->count) <
- ((char *)btp - p) / sizeof(struct xfs_dir2_leaf_entry));
+ if (be32_to_cpu(btp->count) >=
+ ((char *)btp - p) / sizeof(struct xfs_dir2_leaf_entry))
+ return false;
break;
case cpu_to_be32(XFS_DIR3_DATA_MAGIC):
case cpu_to_be32(XFS_DIR2_DATA_MAGIC):
endp = (char *)hdr + geo->blksize;
break;
default:
- XFS_ERROR_REPORT("Bad Magic", XFS_ERRLEVEL_LOW, mp);
- return -EFSCORRUPTED;
+ return false;
}
/*
@@ -108,22 +108,25 @@ __xfs_dir3_data_check(
bf = ops->data_bestfree_p(hdr);
count = lastfree = freeseen = 0;
if (!bf[0].length) {
- XFS_WANT_CORRUPTED_RETURN(mp, !bf[0].offset);
+ if (bf[0].offset)
+ return false;
freeseen |= 1 << 0;
}
if (!bf[1].length) {
- XFS_WANT_CORRUPTED_RETURN(mp, !bf[1].offset);
+ if (bf[1].offset)
+ return false;
freeseen |= 1 << 1;
}
if (!bf[2].length) {
- XFS_WANT_CORRUPTED_RETURN(mp, !bf[2].offset);
+ if (bf[2].offset)
+ return false;
freeseen |= 1 << 2;
}
- XFS_WANT_CORRUPTED_RETURN(mp, be16_to_cpu(bf[0].length) >=
- be16_to_cpu(bf[1].length));
- XFS_WANT_CORRUPTED_RETURN(mp, be16_to_cpu(bf[1].length) >=
- be16_to_cpu(bf[2].length));
+ if (be16_to_cpu(bf[0].length) < be16_to_cpu(bf[1].length))
+ return false;
+ if (be16_to_cpu(bf[1].length) < be16_to_cpu(bf[2].length))
+ return false;
/*
* Loop over the data/unused entries.
*/
@@ -135,22 +138,23 @@ __xfs_dir3_data_check(
* doesn't need to be there.
*/
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
- XFS_WANT_CORRUPTED_RETURN(mp, lastfree == 0);
- XFS_WANT_CORRUPTED_RETURN(mp, endp >=
- p + be16_to_cpu(dup->length));
- XFS_WANT_CORRUPTED_RETURN(mp,
- be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) ==
- (char *)dup - (char *)hdr);
+ if (lastfree != 0)
+ return false;
+ if (endp < p + be16_to_cpu(dup->length))
+ return false;
+ if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
+ (char *)dup - (char *)hdr)
+ return false;
dfp = xfs_dir2_data_freefind(hdr, bf, dup);
if (dfp) {
i = (int)(dfp - bf);
- XFS_WANT_CORRUPTED_RETURN(mp,
- (freeseen & (1 << i)) == 0);
+ if ((freeseen & (1 << i)) != 0)
+ return false;
freeseen |= 1 << i;
} else {
- XFS_WANT_CORRUPTED_RETURN(mp,
- be16_to_cpu(dup->length) <=
- be16_to_cpu(bf[2].length));
+ if (be16_to_cpu(dup->length) >
+ be16_to_cpu(bf[2].length))
+ return false;
}
p += be16_to_cpu(dup->length);
lastfree = 1;
@@ -163,16 +167,17 @@ __xfs_dir3_data_check(
* The linear search is crude but this is DEBUG code.
*/
dep = (xfs_dir2_data_entry_t *)p;
- XFS_WANT_CORRUPTED_RETURN(mp, dep->namelen != 0);
- XFS_WANT_CORRUPTED_RETURN(mp,
- !xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)));
- XFS_WANT_CORRUPTED_RETURN(mp, endp >=
- p + ops->data_entsize(dep->namelen));
- XFS_WANT_CORRUPTED_RETURN(mp,
- be16_to_cpu(*ops->data_entry_tag_p(dep)) ==
- (char *)dep - (char *)hdr);
- XFS_WANT_CORRUPTED_RETURN(mp,
- ops->data_get_ftype(dep) < XFS_DIR3_FT_MAX);
+ if (dep->namelen == 0)
+ return false;
+ if (xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)))
+ return false;
+ if (endp < p + ops->data_entsize(dep->namelen))
+ return false;
+ if (be16_to_cpu(*ops->data_entry_tag_p(dep)) !=
+ (char *)dep - (char *)hdr)
+ return false;
+ if (ops->data_get_ftype(dep) >= XFS_DIR3_FT_MAX)
+ return false;
count++;
lastfree = 0;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
@@ -188,31 +193,32 @@ __xfs_dir3_data_check(
be32_to_cpu(lep[i].hashval) == hash)
break;
}
- XFS_WANT_CORRUPTED_RETURN(mp,
- i < be32_to_cpu(btp->count));
+ if (i >= be32_to_cpu(btp->count))
+ return false;
}
p += ops->data_entsize(dep->namelen);
}
/*
* Need to have seen all the entries and all the bestfree slots.
*/
- XFS_WANT_CORRUPTED_RETURN(mp, freeseen == 7);
+ if (freeseen != 7)
+ return false;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
hdr->magic == cpu_to_be32(XFS_DIR3_BLOCK_MAGIC)) {
for (i = stale = 0; i < be32_to_cpu(btp->count); i++) {
if (lep[i].address ==
cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
stale++;
- if (i > 0)
- XFS_WANT_CORRUPTED_RETURN(mp,
- be32_to_cpu(lep[i].hashval) >=
- be32_to_cpu(lep[i - 1].hashval));
+ if (i > 0 && be32_to_cpu(lep[i].hashval) <
+ be32_to_cpu(lep[i - 1].hashval))
+ return false;
}
- XFS_WANT_CORRUPTED_RETURN(mp, count ==
- be32_to_cpu(btp->count) - be32_to_cpu(btp->stale));
- XFS_WANT_CORRUPTED_RETURN(mp, stale == be32_to_cpu(btp->stale));
+ if (count != be32_to_cpu(btp->count) - be32_to_cpu(btp->stale))
+ return false;
+ if (stale != be32_to_cpu(btp->stale))
+ return false;
}
- return 0;
+ return true;
}
static bool
@@ -235,9 +241,7 @@ xfs_dir3_data_verify(
if (hdr3->magic != cpu_to_be32(XFS_DIR2_DATA_MAGIC))
return false;
}
- if (__xfs_dir3_data_check(NULL, bp))
- return false;
- return true;
+ return __xfs_dir3_data_check(NULL, bp);
}
/*
diff --git a/fs/xfs/libxfs/xfs_dir2_priv.h b/fs/xfs/libxfs/xfs_dir2_priv.h
index 4badd26..45c68d0 100644
--- a/fs/xfs/libxfs/xfs_dir2_priv.h
+++ b/fs/xfs/libxfs/xfs_dir2_priv.h
@@ -39,12 +39,18 @@ extern int xfs_dir2_leaf_to_block(struct xfs_da_args *args,
/* xfs_dir2_data.c */
#ifdef DEBUG
-#define xfs_dir3_data_check(dp,bp) __xfs_dir3_data_check(dp, bp);
+#define xfs_dir3_data_check(dp, bp) \
+do { \
+ if (!__xfs_dir3_data_check((dp), (bp))) { \
+ XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, \
+ (bp)->b_target->bt_mount, (bp)->b_addr); \
+ } \
+} while (0)
#else
#define xfs_dir3_data_check(dp,bp)
#endif
-extern int __xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
+extern bool __xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
extern int xfs_dir3_data_read(struct xfs_trans *tp, struct xfs_inode *dp,
xfs_dablk_t bno, xfs_daddr_t mapped_bno, struct xfs_buf **bpp);
extern int xfs_dir3_data_readahead(struct xfs_inode *dp, xfs_dablk_t bno,
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 03/12] xfs: have buffer verifier functions report failing address
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
2017-08-17 23:31 ` [PATCH 01/12] xfs: refactor long-format btree header verification routines Darrick J. Wong
2017-08-17 23:31 ` [PATCH 02/12] xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers Darrick J. Wong
@ 2017-08-17 23:31 ` Darrick J. Wong
2017-08-19 2:19 ` [PATCH v2 " Darrick J. Wong
2017-08-17 23:31 ` [PATCH 04/12] xfs: refactor verifier callers to print address of failing check Darrick J. Wong
` (9 subsequent siblings)
12 siblings, 1 reply; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:31 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Modify each function that checks the contents of a metadata buffer to
return the instruction address of the failing test so that we can report
more precise failure errors to the log.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_alloc.c | 43 ++++++++++++-----------
fs/xfs/libxfs/xfs_alloc_btree.c | 25 +++++++-------
fs/xfs/libxfs/xfs_attr_leaf.c | 20 +++++------
fs/xfs/libxfs/xfs_attr_remote.c | 36 ++++++++++----------
fs/xfs/libxfs/xfs_bmap_btree.c | 16 +++++----
fs/xfs/libxfs/xfs_btree.c | 46 +++++++++++++------------
fs/xfs/libxfs/xfs_btree.h | 8 ++--
fs/xfs/libxfs/xfs_da_btree.c | 26 +++++++-------
fs/xfs/libxfs/xfs_dir2_block.c | 16 ++++-----
fs/xfs/libxfs/xfs_dir2_data.c | 66 ++++++++++++++++++------------------
fs/xfs/libxfs/xfs_dir2_leaf.c | 30 ++++++++--------
fs/xfs/libxfs/xfs_dir2_node.c | 36 ++++++++++----------
fs/xfs/libxfs/xfs_dir2_priv.h | 6 ++-
fs/xfs/libxfs/xfs_ialloc.c | 22 ++++++------
fs/xfs/libxfs/xfs_ialloc_btree.c | 15 ++++----
fs/xfs/libxfs/xfs_inode_buf.c | 30 ++++++++--------
fs/xfs/libxfs/xfs_inode_buf.h | 4 +-
fs/xfs/libxfs/xfs_refcount_btree.c | 19 +++++-----
fs/xfs/libxfs/xfs_rmap_btree.c | 19 +++++-----
fs/xfs/libxfs/xfs_symlink_remote.c | 22 ++++++------
fs/xfs/xfs_linux.h | 1 +
21 files changed, 257 insertions(+), 249 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
index 90eb282..986456b 100644
--- a/fs/xfs/libxfs/xfs_alloc.c
+++ b/fs/xfs/libxfs/xfs_alloc.c
@@ -519,7 +519,7 @@ xfs_alloc_fixup_trees(
return 0;
}
-static bool
+static void *
xfs_agfl_verify(
struct xfs_buf *bp)
{
@@ -528,9 +528,9 @@ xfs_agfl_verify(
int i;
if (!uuid_equal(&agfl->agfl_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be32_to_cpu(agfl->agfl_magicnum) != XFS_AGFL_MAGIC)
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
* so we can't use it for any useful checking. growfs ensures we can't
@@ -538,16 +538,17 @@ xfs_agfl_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agfl->agfl_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
for (i = 0; i < XFS_AGFL_SIZE(mp); i++) {
if (be32_to_cpu(agfl->agfl_bno[i]) != NULLAGBLOCK &&
be32_to_cpu(agfl->agfl_bno[i]) >= mp->m_sb.sb_agblocks)
- return false;
+ return __this_address;
}
- return xfs_log_check_lsn(mp,
- be64_to_cpu(XFS_BUF_TO_AGFL(bp)->agfl_lsn));
+ if (!xfs_log_check_lsn(mp, be64_to_cpu(XFS_BUF_TO_AGFL(bp)->agfl_lsn)))
+ return __this_address;
+ return NULL;
}
static void
@@ -567,7 +568,7 @@ xfs_agfl_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_AGFL_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_agfl_verify(bp))
+ else if (xfs_agfl_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -585,7 +586,7 @@ xfs_agfl_write_verify(
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (!xfs_agfl_verify(bp)) {
+ if (xfs_agfl_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -2388,7 +2389,7 @@ xfs_alloc_put_freelist(
return 0;
}
-static bool
+static void *
xfs_agf_verify(
struct xfs_mount *mp,
struct xfs_buf *bp)
@@ -2397,10 +2398,10 @@ xfs_agf_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!uuid_equal(&agf->agf_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp,
be64_to_cpu(XFS_BUF_TO_AGF(bp)->agf_lsn)))
- return false;
+ return __this_address;
}
if (!(agf->agf_magicnum == cpu_to_be32(XFS_AGF_MAGIC) &&
@@ -2409,18 +2410,18 @@ xfs_agf_verify(
be32_to_cpu(agf->agf_flfirst) < XFS_AGFL_SIZE(mp) &&
be32_to_cpu(agf->agf_fllast) < XFS_AGFL_SIZE(mp) &&
be32_to_cpu(agf->agf_flcount) <= XFS_AGFL_SIZE(mp)))
- return false;
+ return __this_address;
if (be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) > XFS_BTREE_MAXLEVELS ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) > XFS_BTREE_MAXLEVELS)
- return false;
+ return __this_address;
if (xfs_sb_version_hasrmapbt(&mp->m_sb) &&
(be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
@@ -2429,18 +2430,18 @@ xfs_agf_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agf->agf_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
if (xfs_sb_version_haslazysbcount(&mp->m_sb) &&
be32_to_cpu(agf->agf_btreeblks) > be32_to_cpu(agf->agf_length))
- return false;
+ return __this_address;
if (xfs_sb_version_hasreflink(&mp->m_sb) &&
(be32_to_cpu(agf->agf_refcount_level) < 1 ||
be32_to_cpu(agf->agf_refcount_level) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
- return true;;
+ return NULL;
}
@@ -2453,7 +2454,7 @@ xfs_agf_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(!xfs_agf_verify(mp, bp), mp,
+ else if (XFS_TEST_ERROR(xfs_agf_verify(mp, bp), mp,
XFS_ERRTAG_ALLOC_READ_AGF))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
@@ -2468,7 +2469,7 @@ xfs_agf_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
- if (!xfs_agf_verify(mp, bp)) {
+ if (xfs_agf_verify(mp, bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_alloc_btree.c b/fs/xfs/libxfs/xfs_alloc_btree.c
index 89346e6..81e3bbc 100644
--- a/fs/xfs/libxfs/xfs_alloc_btree.c
+++ b/fs/xfs/libxfs/xfs_alloc_btree.c
@@ -307,13 +307,14 @@ xfs_cntbt_diff_two_keys(
be32_to_cpu(k2->alloc.ar_startblock);
}
-static bool
+static void *
xfs_allocbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
/*
@@ -331,29 +332,29 @@ xfs_allocbt_verify(
level = be16_to_cpu(block->bb_level);
switch (block->bb_magic) {
case cpu_to_be32(XFS_ABTB_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_ABTB_MAGIC):
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_BNOi])
- return false;
+ return __this_address;
} else if (level >= mp->m_ag_maxlevels)
- return false;
+ return __this_address;
break;
case cpu_to_be32(XFS_ABTC_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_ABTC_MAGIC):
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_CNTi])
- return false;
+ return __this_address;
} else if (level >= mp->m_ag_maxlevels)
- return false;
+ return __this_address;
break;
default:
- return false;
+ return __this_address;
}
return xfs_btree_sblock_verify(bp, mp->m_alloc_mxr[level != 0]);
@@ -365,7 +366,7 @@ xfs_allocbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_allocbt_verify(bp))
+ else if (xfs_allocbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -378,7 +379,7 @@ static void
xfs_allocbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_allocbt_verify(bp)) {
+ if (xfs_allocbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index c6c15e5..0a7cd48 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -247,7 +247,7 @@ xfs_attr3_leaf_hdr_to_disk(
}
}
-static bool
+static void *
xfs_attr3_leaf_verify(
struct xfs_buf *bp)
{
@@ -262,17 +262,17 @@ xfs_attr3_leaf_verify(
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
if (ichdr.magic != XFS_ATTR3_LEAF_MAGIC)
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (ichdr.magic != XFS_ATTR_LEAF_MAGIC)
- return false;
+ return __this_address;
}
/*
* In recovery there is a transient state where count == 0 is valid
@@ -280,12 +280,12 @@ xfs_attr3_leaf_verify(
* if the attr didn't fit in shortform.
*/
if (pag && pag->pagf_init && ichdr.count == 0)
- return false;
+ return __this_address;
/* XXX: need to range check rest of attr header values */
/* XXX: hash order check? */
- return true;
+ return NULL;
}
static void
@@ -296,7 +296,7 @@ xfs_attr3_leaf_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_attr3_leaf_hdr *hdr3 = bp->b_addr;
- if (!xfs_attr3_leaf_verify(bp)) {
+ if (xfs_attr3_leaf_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -326,7 +326,7 @@ xfs_attr3_leaf_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_ATTR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_attr3_leaf_verify(bp))
+ else if (xfs_attr3_leaf_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index 5236d8e..20d56bf 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -65,7 +65,7 @@ xfs_attr3_rmt_blocks(
* does CRC, location and bounds checking, the unpacking function checks the
* attribute parameters and owner.
*/
-static bool
+static void *
xfs_attr3_rmt_hdr_ok(
void *ptr,
xfs_ino_t ino,
@@ -76,19 +76,19 @@ xfs_attr3_rmt_hdr_ok(
struct xfs_attr3_rmt_hdr *rmt = ptr;
if (bno != be64_to_cpu(rmt->rm_blkno))
- return false;
+ return __this_address;
if (offset != be32_to_cpu(rmt->rm_offset))
- return false;
+ return __this_address;
if (size != be32_to_cpu(rmt->rm_bytes))
- return false;
+ return __this_address;
if (ino != be64_to_cpu(rmt->rm_owner))
- return false;
+ return __this_address;
/* ok */
- return true;
+ return NULL;
}
-static bool
+static void *
xfs_attr3_rmt_verify(
struct xfs_mount *mp,
void *ptr,
@@ -98,22 +98,22 @@ xfs_attr3_rmt_verify(
struct xfs_attr3_rmt_hdr *rmt = ptr;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (rmt->rm_magic != cpu_to_be32(XFS_ATTR3_RMT_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(rmt->rm_blkno) != bno)
- return false;
+ return __this_address;
if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
- return false;
+ return __this_address;
if (be32_to_cpu(rmt->rm_offset) +
be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
- return false;
+ return __this_address;
if (rmt->rm_owner == 0)
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
static void
@@ -140,7 +140,7 @@ xfs_attr3_rmt_read_verify(
xfs_buf_ioerror(bp, -EFSBADCRC);
break;
}
- if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
@@ -177,7 +177,7 @@ xfs_attr3_rmt_write_verify(
while (len > 0) {
struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
- if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -269,7 +269,7 @@ xfs_attr_rmtval_copyout(
byte_cnt = min(*valuelen, byte_cnt);
if (xfs_sb_version_hascrc(&mp->m_sb)) {
- if (!xfs_attr3_rmt_hdr_ok(src, ino, *offset,
+ if (xfs_attr3_rmt_hdr_ok(src, ino, *offset,
byte_cnt, bno)) {
xfs_alert(mp,
"remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
index 99bdf08..875e4fe 100644
--- a/fs/xfs/libxfs/xfs_bmap_btree.c
+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
@@ -617,12 +617,13 @@ xfs_bmbt_diff_two_keys(
be64_to_cpu(k2->bmbt.br_startoff);
}
-static bool
+static void *
xfs_bmbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+ void *failed_at;
unsigned int level;
switch (block->bb_magic) {
@@ -631,13 +632,14 @@ xfs_bmbt_verify(
* XXX: need a better way of verifying the owner here. Right now
* just make sure there has been one set.
*/
- if (!xfs_btree_lblock_v5hdr_verify(bp, XFS_RMAP_OWN_UNKNOWN))
- return false;
+ if ((failed_at = xfs_btree_lblock_v5hdr_verify(bp,
+ XFS_RMAP_OWN_UNKNOWN)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_BMAP_MAGIC):
break;
default:
- return false;
+ return __this_address;
}
/*
@@ -649,7 +651,7 @@ xfs_bmbt_verify(
*/
level = be16_to_cpu(block->bb_level);
if (level > max(mp->m_bm_maxlevels[0], mp->m_bm_maxlevels[1]))
- return false;
+ return __this_address;
return xfs_btree_lblock_verify(bp, mp->m_bmap_dmxr[level != 0]);
}
@@ -660,7 +662,7 @@ xfs_bmbt_read_verify(
{
if (!xfs_btree_lblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_bmbt_verify(bp))
+ else if (xfs_bmbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -673,7 +675,7 @@ static void
xfs_bmbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_bmbt_verify(bp)) {
+ if (xfs_bmbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
index 0ba9edb..277e2fc 100644
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -302,7 +302,7 @@ xfs_btree_sblock_verify_crc(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!xfs_log_check_lsn(mp, be64_to_cpu(block->bb_u.s.bb_lsn)))
- return false;
+ return __this_address;
return xfs_buf_verify_cksum(bp, XFS_BTREE_SBLOCK_CRC_OFF);
}
@@ -4494,7 +4494,7 @@ xfs_btree_change_owner(
}
/* Verify the v5 fields of a long-format btree block. */
-bool
+void *
xfs_btree_lblock_v5hdr_verify(
struct xfs_buf *bp,
uint64_t owner)
@@ -4503,19 +4503,19 @@ xfs_btree_lblock_v5hdr_verify(
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!uuid_equal(&block->bb_u.l.bb_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (block->bb_u.l.bb_blkno != cpu_to_be64(bp->b_bn))
- return false;
+ return __this_address;
if (owner != XFS_RMAP_OWN_UNKNOWN &&
be64_to_cpu(block->bb_u.l.bb_owner) != owner)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/* Verify a long-format btree block. */
-bool
+void *
xfs_btree_lblock_verify(
struct xfs_buf *bp,
unsigned int max_recs)
@@ -4525,19 +4525,19 @@ xfs_btree_lblock_verify(
/* numrecs verification */
if (be16_to_cpu(block->bb_numrecs) > max_recs)
- return false;
+ return __this_address;
/* sibling pointer verification */
if (!block->bb_u.l.bb_leftsib ||
(block->bb_u.l.bb_leftsib != cpu_to_be64(NULLFSBLOCK) &&
!XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_leftsib))))
- return false;
+ return __this_address;
if (!block->bb_u.l.bb_rightsib ||
(block->bb_u.l.bb_rightsib != cpu_to_be64(NULLFSBLOCK) &&
!XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_rightsib))))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
/**
@@ -4548,7 +4548,7 @@ xfs_btree_lblock_verify(
* @max_recs: pointer to the m_*_mxr max records field in the xfs mount
* @pag_max_level: pointer to the per-ag max level field
*/
-bool
+void *
xfs_btree_sblock_v5hdr_verify(
struct xfs_buf *bp)
{
@@ -4557,14 +4557,14 @@ xfs_btree_sblock_v5hdr_verify(
struct xfs_perag *pag = bp->b_pag;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
- return false;
+ return __this_address;
if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/**
@@ -4573,7 +4573,7 @@ xfs_btree_sblock_v5hdr_verify(
* @bp: buffer containing the btree block
* @max_recs: maximum records allowed in this btree node
*/
-bool
+void *
xfs_btree_sblock_verify(
struct xfs_buf *bp,
unsigned int max_recs)
@@ -4583,19 +4583,19 @@ xfs_btree_sblock_verify(
/* numrecs verification */
if (be16_to_cpu(block->bb_numrecs) > max_recs)
- return false;
+ return __this_address;
/* sibling pointer verification */
if (!block->bb_u.s.bb_leftsib ||
(be32_to_cpu(block->bb_u.s.bb_leftsib) >= mp->m_sb.sb_agblocks &&
block->bb_u.s.bb_leftsib != cpu_to_be32(NULLAGBLOCK)))
- return false;
+ return __this_address;
if (!block->bb_u.s.bb_rightsib ||
(be32_to_cpu(block->bb_u.s.bb_rightsib) >= mp->m_sb.sb_agblocks &&
block->bb_u.s.bb_rightsib != cpu_to_be32(NULLAGBLOCK)))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
/*
diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h
index 0b5813e..a83ae23 100644
--- a/fs/xfs/libxfs/xfs_btree.h
+++ b/fs/xfs/libxfs/xfs_btree.h
@@ -478,10 +478,10 @@ static inline int xfs_btree_get_level(struct xfs_btree_block *block)
#define XFS_BTREE_TRACE_ARGR(c, r)
#define XFS_BTREE_TRACE_CURSOR(c, t)
-bool xfs_btree_sblock_v5hdr_verify(struct xfs_buf *bp);
-bool xfs_btree_sblock_verify(struct xfs_buf *bp, unsigned int max_recs);
-bool xfs_btree_lblock_v5hdr_verify(struct xfs_buf *bp, uint64_t owner);
-bool xfs_btree_lblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+void *xfs_btree_sblock_v5hdr_verify(struct xfs_buf *bp);
+void *xfs_btree_sblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+void *xfs_btree_lblock_v5hdr_verify(struct xfs_buf *bp, uint64_t owner);
+void *xfs_btree_lblock_verify(struct xfs_buf *bp, unsigned int max_recs);
uint xfs_btree_compute_maxlevels(struct xfs_mount *mp, uint *limits,
unsigned long len);
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index 6d43358..2ce0fee 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -128,7 +128,7 @@ xfs_da_state_free(xfs_da_state_t *state)
kmem_zone_free(xfs_da_state_zone, state);
}
-static bool
+static void *
xfs_da3_node_verify(
struct xfs_buf *bp)
{
@@ -145,24 +145,24 @@ xfs_da3_node_verify(
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
if (ichdr.magic != XFS_DA3_NODE_MAGIC)
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (ichdr.magic != XFS_DA_NODE_MAGIC)
- return false;
+ return __this_address;
}
if (ichdr.level == 0)
- return false;
+ return __this_address;
if (ichdr.level > XFS_DA_NODE_MAXDEPTH)
- return false;
+ return __this_address;
if (ichdr.count == 0)
- return false;
+ return __this_address;
/*
* we don't know if the node is for and attribute or directory tree,
@@ -170,11 +170,11 @@ xfs_da3_node_verify(
*/
if (ichdr.count > mp->m_dir_geo->node_ents &&
ichdr.count > mp->m_attr_geo->node_ents)
- return false;
+ return __this_address;
/* XXX: hash order check? */
- return true;
+ return NULL;
}
static void
@@ -185,7 +185,7 @@ xfs_da3_node_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
- if (!xfs_da3_node_verify(bp)) {
+ if (xfs_da3_node_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -220,7 +220,7 @@ xfs_da3_node_read_verify(
}
/* fall through */
case XFS_DA_NODE_MAGIC:
- if (!xfs_da3_node_verify(bp)) {
+ if (xfs_da3_node_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
index e427249..480a180 100644
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -58,7 +58,7 @@ xfs_dir_startup(void)
xfs_dir_hash_dotdot = xfs_da_hashname((unsigned char *)"..", 2);
}
-static bool
+static void *
xfs_dir3_block_verify(
struct xfs_buf *bp)
{
@@ -67,16 +67,16 @@ xfs_dir3_block_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (hdr3->magic != cpu_to_be32(XFS_DIR3_BLOCK_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr3->magic != cpu_to_be32(XFS_DIR2_BLOCK_MAGIC))
- return false;
+ return __this_address;
}
return __xfs_dir3_data_check(NULL, bp);
}
@@ -90,7 +90,7 @@ xfs_dir3_block_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_block_verify(bp))
+ else if (xfs_dir3_block_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -105,7 +105,7 @@ xfs_dir3_block_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_block_verify(bp)) {
+ if (xfs_dir3_block_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index af15f705..b2375bf 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -36,9 +36,9 @@
/*
* Check the consistency of the data block.
* The input can also be a block-format directory.
- * Return true if the buffer is good.
+ * Return NULL if the buffer is good, otherwise the address of the error.
*/
-bool
+void *
__xfs_dir3_data_check(
struct xfs_inode *dp, /* incore inode pointer */
struct xfs_buf *bp) /* data block's buffer */
@@ -92,14 +92,14 @@ __xfs_dir3_data_check(
*/
if (be32_to_cpu(btp->count) >=
((char *)btp - p) / sizeof(struct xfs_dir2_leaf_entry))
- return false;
+ return __this_address;
break;
case cpu_to_be32(XFS_DIR3_DATA_MAGIC):
case cpu_to_be32(XFS_DIR2_DATA_MAGIC):
endp = (char *)hdr + geo->blksize;
break;
default:
- return false;
+ return __this_address;
}
/*
@@ -109,24 +109,24 @@ __xfs_dir3_data_check(
count = lastfree = freeseen = 0;
if (!bf[0].length) {
if (bf[0].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 0;
}
if (!bf[1].length) {
if (bf[1].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 1;
}
if (!bf[2].length) {
if (bf[2].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 2;
}
if (be16_to_cpu(bf[0].length) < be16_to_cpu(bf[1].length))
- return false;
+ return __this_address;
if (be16_to_cpu(bf[1].length) < be16_to_cpu(bf[2].length))
- return false;
+ return __this_address;
/*
* Loop over the data/unused entries.
*/
@@ -139,22 +139,22 @@ __xfs_dir3_data_check(
*/
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
if (lastfree != 0)
- return false;
+ return __this_address;
if (endp < p + be16_to_cpu(dup->length))
- return false;
+ return __this_address;
if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
(char *)dup - (char *)hdr)
- return false;
+ return __this_address;
dfp = xfs_dir2_data_freefind(hdr, bf, dup);
if (dfp) {
i = (int)(dfp - bf);
if ((freeseen & (1 << i)) != 0)
- return false;
+ return __this_address;
freeseen |= 1 << i;
} else {
if (be16_to_cpu(dup->length) >
be16_to_cpu(bf[2].length))
- return false;
+ return __this_address;
}
p += be16_to_cpu(dup->length);
lastfree = 1;
@@ -168,16 +168,16 @@ __xfs_dir3_data_check(
*/
dep = (xfs_dir2_data_entry_t *)p;
if (dep->namelen == 0)
- return false;
+ return __this_address;
if (xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)))
- return false;
+ return __this_address;
if (endp < p + ops->data_entsize(dep->namelen))
- return false;
+ return __this_address;
if (be16_to_cpu(*ops->data_entry_tag_p(dep)) !=
(char *)dep - (char *)hdr)
- return false;
+ return __this_address;
if (ops->data_get_ftype(dep) >= XFS_DIR3_FT_MAX)
- return false;
+ return __this_address;
count++;
lastfree = 0;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
@@ -194,7 +194,7 @@ __xfs_dir3_data_check(
break;
}
if (i >= be32_to_cpu(btp->count))
- return false;
+ return __this_address;
}
p += ops->data_entsize(dep->namelen);
}
@@ -202,7 +202,7 @@ __xfs_dir3_data_check(
* Need to have seen all the entries and all the bestfree slots.
*/
if (freeseen != 7)
- return false;
+ return __this_address;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
hdr->magic == cpu_to_be32(XFS_DIR3_BLOCK_MAGIC)) {
for (i = stale = 0; i < be32_to_cpu(btp->count); i++) {
@@ -211,17 +211,17 @@ __xfs_dir3_data_check(
stale++;
if (i > 0 && be32_to_cpu(lep[i].hashval) <
be32_to_cpu(lep[i - 1].hashval))
- return false;
+ return __this_address;
}
if (count != be32_to_cpu(btp->count) - be32_to_cpu(btp->stale))
- return false;
+ return __this_address;
if (stale != be32_to_cpu(btp->stale))
- return false;
+ return __this_address;
}
- return true;
+ return NULL;
}
-static bool
+static void *
xfs_dir3_data_verify(
struct xfs_buf *bp)
{
@@ -230,16 +230,16 @@ xfs_dir3_data_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (hdr3->magic != cpu_to_be32(XFS_DIR3_DATA_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr3->magic != cpu_to_be32(XFS_DIR2_DATA_MAGIC))
- return false;
+ return __this_address;
}
return __xfs_dir3_data_check(NULL, bp);
}
@@ -282,7 +282,7 @@ xfs_dir3_data_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_data_verify(bp))
+ else if (xfs_dir3_data_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -297,7 +297,7 @@ xfs_dir3_data_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_data_verify(bp)) {
+ if (xfs_dir3_data_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
index 27297a6..6eb7939 100644
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -73,13 +73,13 @@ xfs_dir3_leaf1_check(
} else if (leafhdr.magic != XFS_DIR2_LEAF1_MAGIC)
return false;
- return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf);
+ return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf) == NULL;
}
#else
#define xfs_dir3_leaf_check(dp, bp)
#endif
-bool
+void *
xfs_dir3_leaf_check_int(
struct xfs_mount *mp,
struct xfs_inode *dp,
@@ -114,27 +114,27 @@ xfs_dir3_leaf_check_int(
* We can deduce a value for that from di_size.
*/
if (hdr->count > ops->leaf_max_ents(geo))
- return false;
+ return __this_address;
/* Leaves and bests don't overlap in leaf format. */
if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
(char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
- return false;
+ return __this_address;
/* Check hash value order, count stale entries. */
for (i = stale = 0; i < hdr->count; i++) {
if (i + 1 < hdr->count) {
if (be32_to_cpu(ents[i].hashval) >
be32_to_cpu(ents[i + 1].hashval))
- return false;
+ return __this_address;
}
if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
stale++;
}
if (hdr->stale != stale)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/*
@@ -142,7 +142,7 @@ xfs_dir3_leaf_check_int(
* kernels we don't get assertion failures in xfs_dir3_leaf_hdr_from_disk() due
* to incorrect magic numbers.
*/
-static bool
+static void *
xfs_dir3_leaf_verify(
struct xfs_buf *bp,
uint16_t magic)
@@ -160,16 +160,16 @@ xfs_dir3_leaf_verify(
: XFS_DIR3_LEAFN_MAGIC;
if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
- return false;
+ return __this_address;
if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (leaf->hdr.info.magic != cpu_to_be16(magic))
- return false;
+ return __this_address;
}
return xfs_dir3_leaf_check_int(mp, NULL, NULL, leaf);
@@ -185,7 +185,7 @@ __read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_leaf_verify(bp, magic))
+ else if (xfs_dir3_leaf_verify(bp, magic))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -201,7 +201,7 @@ __write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_leaf_verify(bp, magic)) {
+ if (xfs_dir3_leaf_verify(bp, magic)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
index 682e2bf..b596b5f 100644
--- a/fs/xfs/libxfs/xfs_dir2_node.c
+++ b/fs/xfs/libxfs/xfs_dir2_node.c
@@ -76,13 +76,13 @@ xfs_dir3_leafn_check(
} else if (leafhdr.magic != XFS_DIR2_LEAFN_MAGIC)
return false;
- return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf);
+ return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf) == NULL;
}
#else
#define xfs_dir3_leaf_check(dp, bp)
#endif
-static bool
+static void *
xfs_dir3_free_verify(
struct xfs_buf *bp)
{
@@ -93,21 +93,21 @@ xfs_dir3_free_verify(
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
if (hdr3->magic != cpu_to_be32(XFS_DIR3_FREE_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr->magic != cpu_to_be32(XFS_DIR2_FREE_MAGIC))
- return false;
+ return __this_address;
}
/* XXX: should bounds check the xfs_dir3_icfree_hdr here */
- return true;
+ return NULL;
}
static void
@@ -119,7 +119,7 @@ xfs_dir3_free_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_FREE_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_free_verify(bp))
+ else if (xfs_dir3_free_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -134,7 +134,7 @@ xfs_dir3_free_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_free_verify(bp)) {
+ if (xfs_dir3_free_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -174,22 +174,22 @@ xfs_dir3_free_header_check(
struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
if (be32_to_cpu(hdr3->firstdb) != firstdb)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr3->nvalid) > maxbests)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr3->nvalid) < be32_to_cpu(hdr3->nused))
- return false;
+ return __this_address;
} else {
struct xfs_dir2_free_hdr *hdr = bp->b_addr;
if (be32_to_cpu(hdr->firstdb) != firstdb)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr->nvalid) > maxbests)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr->nvalid) < be32_to_cpu(hdr->nused))
- return false;
+ return __this_address;
}
- return true;
+ return NULL;
}
static int
@@ -208,7 +208,7 @@ __xfs_dir3_free_read(
return err;
/* Check things that we can't do in the verifier. */
- if (!xfs_dir3_free_header_check(dp, fbno, *bpp)) {
+ if (xfs_dir3_free_header_check(dp, fbno, *bpp)) {
xfs_buf_ioerror(*bpp, -EFSCORRUPTED);
xfs_verifier_error(*bpp);
xfs_trans_brelse(tp, *bpp);
diff --git a/fs/xfs/libxfs/xfs_dir2_priv.h b/fs/xfs/libxfs/xfs_dir2_priv.h
index 45c68d0..d1a441f 100644
--- a/fs/xfs/libxfs/xfs_dir2_priv.h
+++ b/fs/xfs/libxfs/xfs_dir2_priv.h
@@ -41,7 +41,7 @@ extern int xfs_dir2_leaf_to_block(struct xfs_da_args *args,
#ifdef DEBUG
#define xfs_dir3_data_check(dp, bp) \
do { \
- if (!__xfs_dir3_data_check((dp), (bp))) { \
+ if (__xfs_dir3_data_check((dp), (bp))) { \
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, \
(bp)->b_target->bt_mount, (bp)->b_addr); \
} \
@@ -50,7 +50,7 @@ do { \
#define xfs_dir3_data_check(dp,bp)
#endif
-extern bool __xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
+extern void *__xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
extern int xfs_dir3_data_read(struct xfs_trans *tp, struct xfs_inode *dp,
xfs_dablk_t bno, xfs_daddr_t mapped_bno, struct xfs_buf **bpp);
extern int xfs_dir3_data_readahead(struct xfs_inode *dp, xfs_dablk_t bno,
@@ -95,7 +95,7 @@ xfs_dir3_leaf_find_entry(struct xfs_dir3_icleaf_hdr *leafhdr,
int lowstale, int highstale, int *lfloglow, int *lfloghigh);
extern int xfs_dir2_node_to_leaf(struct xfs_da_state *state);
-extern bool xfs_dir3_leaf_check_int(struct xfs_mount *mp, struct xfs_inode *dp,
+extern void *xfs_dir3_leaf_check_int(struct xfs_mount *mp, struct xfs_inode *dp,
struct xfs_dir3_icleaf_hdr *hdr, struct xfs_dir2_leaf *leaf);
/* xfs_dir2_node.c */
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index a5d34f0..3f95dff 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2497,7 +2497,7 @@ xfs_check_agi_unlinked(
#define xfs_check_agi_unlinked(agi)
#endif
-static bool
+static void *
xfs_agi_verify(
struct xfs_buf *bp)
{
@@ -2506,28 +2506,28 @@ xfs_agi_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!uuid_equal(&agi->agi_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp,
be64_to_cpu(XFS_BUF_TO_AGI(bp)->agi_lsn)))
- return false;
+ return __this_address;
}
/*
* Validate the magic number of the agi block.
*/
if (agi->agi_magicnum != cpu_to_be32(XFS_AGI_MAGIC))
- return false;
+ return __this_address;
if (!XFS_AGI_GOOD_VERSION(be32_to_cpu(agi->agi_versionnum)))
- return false;
+ return __this_address;
if (be32_to_cpu(agi->agi_level) < 1 ||
be32_to_cpu(agi->agi_level) > XFS_BTREE_MAXLEVELS)
- return false;
+ return __this_address;
if (xfs_sb_version_hasfinobt(&mp->m_sb) &&
(be32_to_cpu(agi->agi_free_level) < 1 ||
be32_to_cpu(agi->agi_free_level) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
@@ -2536,10 +2536,10 @@ xfs_agi_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agi->agi_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
xfs_check_agi_unlinked(agi);
- return true;
+ return NULL;
}
static void
@@ -2551,7 +2551,7 @@ xfs_agi_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGI_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(!xfs_agi_verify(bp), mp,
+ else if (XFS_TEST_ERROR(xfs_agi_verify(bp), mp,
XFS_ERRTAG_IALLOC_READ_AGI))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
@@ -2566,7 +2566,7 @@ xfs_agi_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
- if (!xfs_agi_verify(bp)) {
+ if (xfs_agi_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c
index 2d2c3ea..89e928c 100644
--- a/fs/xfs/libxfs/xfs_ialloc_btree.c
+++ b/fs/xfs/libxfs/xfs_ialloc_btree.c
@@ -250,12 +250,13 @@ xfs_inobt_diff_two_keys(
be32_to_cpu(k2->inobt.ir_startino);
}
-static int
+static void *
xfs_inobt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+ void *failed_at;
unsigned int level;
/*
@@ -271,20 +272,20 @@ xfs_inobt_verify(
switch (block->bb_magic) {
case cpu_to_be32(XFS_IBT_CRC_MAGIC):
case cpu_to_be32(XFS_FIBT_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_IBT_MAGIC):
case cpu_to_be32(XFS_FIBT_MAGIC):
break;
default:
- return 0;
+ return NULL;
}
/* level verification */
level = be16_to_cpu(block->bb_level);
if (level >= mp->m_in_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_inobt_mxr[level != 0]);
}
@@ -295,7 +296,7 @@ xfs_inobt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_inobt_verify(bp))
+ else if (xfs_inobt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -308,7 +309,7 @@ static void
xfs_inobt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_inobt_verify(bp)) {
+ if (xfs_inobt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index 378f8fb..02700428 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -380,7 +380,7 @@ xfs_log_dinode_to_disk(
}
}
-bool
+void *
xfs_dinode_verify(
struct xfs_mount *mp,
xfs_ino_t ino,
@@ -391,33 +391,33 @@ xfs_dinode_verify(
uint64_t flags2;
if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
- return false;
+ return __this_address;
/* don't allow invalid i_size */
if (be64_to_cpu(dip->di_size) & (1ULL << 63))
- return false;
+ return __this_address;
mode = be16_to_cpu(dip->di_mode);
if (mode && xfs_mode_to_ftype(mode) == XFS_DIR3_FT_UNKNOWN)
- return false;
+ return __this_address;
/* No zero-length symlinks/dirs. */
if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
- return false;
+ return __this_address;
/* only version 3 or greater inodes are extensively verified here */
if (dip->di_version < 3)
- return true;
+ return NULL;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
XFS_DINODE_CRC_OFF))
- return false;
+ return __this_address;
if (be64_to_cpu(dip->di_ino) != ino)
- return false;
+ return __this_address;
if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
flags = be16_to_cpu(dip->di_flags);
flags2 = be64_to_cpu(dip->di_flags2);
@@ -425,17 +425,17 @@ xfs_dinode_verify(
/* don't allow reflink/cowextsize if we don't have reflink */
if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) &&
!xfs_sb_version_hasreflink(&mp->m_sb))
- return false;
+ return __this_address;
/* don't let reflink and realtime mix */
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME))
- return false;
+ return __this_address;
/* don't let reflink and dax mix */
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags2 & XFS_DIFLAG2_DAX))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
void
@@ -506,7 +506,7 @@ xfs_iread(
return error;
/* even unallocated inodes are verified */
- if (!xfs_dinode_verify(mp, ip->i_ino, dip)) {
+ if (xfs_dinode_verify(mp, ip->i_ino, dip)) {
xfs_alert(mp, "%s: validation failed for inode %lld",
__func__, ip->i_ino);
diff --git a/fs/xfs/libxfs/xfs_inode_buf.h b/fs/xfs/libxfs/xfs_inode_buf.h
index a9c97a3..2317511 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.h
+++ b/fs/xfs/libxfs/xfs_inode_buf.h
@@ -82,7 +82,7 @@ void xfs_inobp_check(struct xfs_mount *, struct xfs_buf *);
#define xfs_inobp_check(mp, bp)
#endif /* DEBUG */
-bool xfs_dinode_verify(struct xfs_mount *mp, xfs_ino_t ino,
- struct xfs_dinode *dip);
+void *xfs_dinode_verify(struct xfs_mount *mp, xfs_ino_t ino,
+ struct xfs_dinode *dip);
#endif /* __XFS_INODE_BUF_H__ */
diff --git a/fs/xfs/libxfs/xfs_refcount_btree.c b/fs/xfs/libxfs/xfs_refcount_btree.c
index 3c59dd3..48f651a 100644
--- a/fs/xfs/libxfs/xfs_refcount_btree.c
+++ b/fs/xfs/libxfs/xfs_refcount_btree.c
@@ -223,29 +223,30 @@ xfs_refcountbt_diff_two_keys(
be32_to_cpu(k2->refc.rc_startblock);
}
-STATIC bool
+STATIC void *
xfs_refcountbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
if (block->bb_magic != cpu_to_be32(XFS_REFC_CRC_MAGIC))
- return false;
+ return __this_address;
if (!xfs_sb_version_hasreflink(&mp->m_sb))
- return false;
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ return __this_address;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
level = be16_to_cpu(block->bb_level);
if (pag && pag->pagf_init) {
if (level >= pag->pagf_refcount_level)
- return false;
+ return __this_address;
} else if (level >= mp->m_refc_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_refc_mxr[level != 0]);
}
@@ -256,7 +257,7 @@ xfs_refcountbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_refcountbt_verify(bp))
+ else if (xfs_refcountbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -269,7 +270,7 @@ STATIC void
xfs_refcountbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_refcountbt_verify(bp)) {
+ if (xfs_refcountbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c
index 9d9c919..77e23c9 100644
--- a/fs/xfs/libxfs/xfs_rmap_btree.c
+++ b/fs/xfs/libxfs/xfs_rmap_btree.c
@@ -303,13 +303,14 @@ xfs_rmapbt_diff_two_keys(
return 0;
}
-static bool
+static void *
xfs_rmapbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
/*
@@ -325,19 +326,19 @@ xfs_rmapbt_verify(
* in this case.
*/
if (block->bb_magic != cpu_to_be32(XFS_RMAP_CRC_MAGIC))
- return false;
+ return __this_address;
if (!xfs_sb_version_hasrmapbt(&mp->m_sb))
- return false;
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ return __this_address;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
level = be16_to_cpu(block->bb_level);
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_RMAPi])
- return false;
+ return __this_address;
} else if (level >= mp->m_rmap_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_rmap_mxr[level != 0]);
}
@@ -348,7 +349,7 @@ xfs_rmapbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_rmapbt_verify(bp))
+ else if (xfs_rmapbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -361,7 +362,7 @@ static void
xfs_rmapbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_rmapbt_verify(bp)) {
+ if (xfs_rmapbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
index c484877..b53a4c9 100644
--- a/fs/xfs/libxfs/xfs_symlink_remote.c
+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
@@ -98,7 +98,7 @@ xfs_symlink_hdr_ok(
return true;
}
-static bool
+static void *
xfs_symlink_verify(
struct xfs_buf *bp)
{
@@ -106,22 +106,22 @@ xfs_symlink_verify(
struct xfs_dsymlink_hdr *dsl = bp->b_addr;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (dsl->sl_magic != cpu_to_be32(XFS_SYMLINK_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&dsl->sl_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (bp->b_bn != be64_to_cpu(dsl->sl_blkno))
- return false;
+ return __this_address;
if (be32_to_cpu(dsl->sl_offset) +
be32_to_cpu(dsl->sl_bytes) >= XFS_SYMLINK_MAXLEN)
- return false;
+ return __this_address;
if (dsl->sl_owner == 0)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(dsl->sl_lsn)))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
static void
@@ -136,7 +136,7 @@ xfs_symlink_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_SYMLINK_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_symlink_verify(bp))
+ else if (xfs_symlink_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -154,7 +154,7 @@ xfs_symlink_write_verify(
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (!xfs_symlink_verify(bp)) {
+ if (xfs_symlink_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
index 9301c5a..adf769a 100644
--- a/fs/xfs/xfs_linux.h
+++ b/fs/xfs/xfs_linux.h
@@ -141,6 +141,7 @@ typedef __u32 xfs_nlink_t;
#define SYNCHRONIZE() barrier()
#define __return_address __builtin_return_address(0)
+#define __this_address ({ __label__ __here; __here: &&__here; })
#define XFS_PROJID_DEFAULT 0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 04/12] xfs: refactor verifier callers to print address of failing check
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (2 preceding siblings ...)
2017-08-17 23:31 ` [PATCH 03/12] xfs: have buffer verifier functions report failing address Darrick J. Wong
@ 2017-08-17 23:31 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 05/12] xfs: verify dinode header first Darrick J. Wong
` (8 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:31 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Refactor the callers of verifiers to print the instruction address of a
failing check.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_alloc.c | 20 ++++++++++++--------
fs/xfs/libxfs/xfs_alloc_btree.c | 12 ++++++++----
fs/xfs/libxfs/xfs_attr_leaf.c | 10 ++++++----
fs/xfs/libxfs/xfs_attr_remote.c | 12 +++++++-----
fs/xfs/libxfs/xfs_bmap_btree.c | 12 ++++++++----
fs/xfs/libxfs/xfs_da_btree.c | 11 +++++++----
fs/xfs/libxfs/xfs_dir2_block.c | 10 ++++++----
fs/xfs/libxfs/xfs_dir2_data.c | 12 +++++++-----
fs/xfs/libxfs/xfs_dir2_leaf.c | 10 ++++++----
fs/xfs/libxfs/xfs_dir2_node.c | 17 ++++++++++-------
fs/xfs/libxfs/xfs_dquot_buf.c | 4 ++--
fs/xfs/libxfs/xfs_ialloc.c | 10 ++++++----
fs/xfs/libxfs/xfs_ialloc_btree.c | 12 ++++++++----
fs/xfs/libxfs/xfs_inode_buf.c | 24 +++++++++++++-----------
fs/xfs/libxfs/xfs_refcount_btree.c | 12 ++++++++----
fs/xfs/libxfs/xfs_rmap_btree.c | 12 ++++++++----
fs/xfs/libxfs/xfs_sb.c | 4 ++--
fs/xfs/libxfs/xfs_symlink_remote.c | 10 ++++++----
fs/xfs/xfs_error.c | 6 ++++--
fs/xfs/xfs_error.h | 2 +-
20 files changed, 135 insertions(+), 87 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
index 986456b..d49b1e3 100644
--- a/fs/xfs/libxfs/xfs_alloc.c
+++ b/fs/xfs/libxfs/xfs_alloc.c
@@ -556,6 +556,7 @@ xfs_agfl_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
/*
* There is no verification of non-crc AGFLs because mkfs does not
@@ -568,11 +569,11 @@ xfs_agfl_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_AGFL_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_agfl_verify(bp))
+ else if ((failed_at = xfs_agfl_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -581,14 +582,15 @@ xfs_agfl_write_verify(
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
+ void *failed_at;
/* no verification of non-crc AGFLs */
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (xfs_agfl_verify(bp)) {
+ if ((failed_at = xfs_agfl_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
@@ -2450,16 +2452,17 @@ xfs_agf_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(xfs_agf_verify(mp, bp), mp,
+ else if (XFS_TEST_ERROR((failed_at = xfs_agf_verify(mp, bp)), mp,
XFS_ERRTAG_ALLOC_READ_AGF))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -2468,10 +2471,11 @@ xfs_agf_write_verify(
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
+ void *failed_at;
- if (xfs_agf_verify(mp, bp)) {
+ if ((failed_at = xfs_agf_verify(mp, bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/libxfs/xfs_alloc_btree.c b/fs/xfs/libxfs/xfs_alloc_btree.c
index 81e3bbc..8d4c004 100644
--- a/fs/xfs/libxfs/xfs_alloc_btree.c
+++ b/fs/xfs/libxfs/xfs_alloc_btree.c
@@ -364,14 +364,16 @@ static void
xfs_allocbt_read_verify(
struct xfs_buf *bp)
{
+ void *failed_at = __this_address;
+
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_allocbt_verify(bp))
+ else if ((failed_at = xfs_allocbt_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
}
@@ -379,10 +381,12 @@ static void
xfs_allocbt_write_verify(
struct xfs_buf *bp)
{
- if (xfs_allocbt_verify(bp)) {
+ void *failed_at;
+
+ if ((failed_at = xfs_allocbt_verify(bp))) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
xfs_btree_sblock_calc_crc(bp);
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index 0a7cd48..16bc966 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -295,10 +295,11 @@ xfs_attr3_leaf_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_attr3_leaf_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_attr3_leaf_verify(bp)) {
+ if ((failed_at = xfs_attr3_leaf_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
@@ -322,15 +323,16 @@ xfs_attr3_leaf_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_ATTR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_attr3_leaf_verify(bp))
+ else if ((failed_at = xfs_attr3_leaf_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
const struct xfs_buf_ops xfs_attr3_leaf_buf_ops = {
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index 20d56bf..d33a4d3 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -122,6 +122,7 @@ xfs_attr3_rmt_read_verify(
{
struct xfs_mount *mp = bp->b_target->bt_mount;
char *ptr;
+ void *failed_at = __this_address;
int len;
xfs_daddr_t bno;
int blksize = mp->m_attr_geo->blksize;
@@ -140,7 +141,7 @@ xfs_attr3_rmt_read_verify(
xfs_buf_ioerror(bp, -EFSBADCRC);
break;
}
- if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if ((failed_at = xfs_attr3_rmt_verify(mp, ptr, blksize, bno))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
@@ -150,7 +151,7 @@ xfs_attr3_rmt_read_verify(
}
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
else
ASSERT(len == 0);
}
@@ -160,6 +161,7 @@ xfs_attr3_rmt_write_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at;
int blksize = mp->m_attr_geo->blksize;
char *ptr;
int len;
@@ -177,9 +179,9 @@ xfs_attr3_rmt_write_verify(
while (len > 0) {
struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
- if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if ((failed_at = xfs_attr3_rmt_verify(mp, ptr, blksize, bno))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
@@ -189,7 +191,7 @@ xfs_attr3_rmt_write_verify(
*/
if (rmt->rm_lsn != cpu_to_be64(NULLCOMMITLSN)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
return;
}
xfs_update_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF);
diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
index 875e4fe..d613080 100644
--- a/fs/xfs/libxfs/xfs_bmap_btree.c
+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
@@ -660,14 +660,16 @@ static void
xfs_bmbt_read_verify(
struct xfs_buf *bp)
{
+ void *failed_at = __this_address;
+
if (!xfs_btree_lblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_bmbt_verify(bp))
+ else if ((failed_at = xfs_bmbt_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
}
@@ -675,10 +677,12 @@ static void
xfs_bmbt_write_verify(
struct xfs_buf *bp)
{
- if (xfs_bmbt_verify(bp)) {
+ void *failed_at;
+
+ if ((failed_at = xfs_bmbt_verify(bp))) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
xfs_btree_lblock_calc_crc(bp);
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index 2ce0fee..f3544fb 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -184,10 +184,11 @@ xfs_da3_node_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_da3_node_verify(bp)) {
+ if ((failed_at = xfs_da3_node_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
@@ -211,6 +212,7 @@ xfs_da3_node_read_verify(
struct xfs_buf *bp)
{
struct xfs_da_blkinfo *info = bp->b_addr;
+ void *failed_at = __this_address;
switch (be16_to_cpu(info->magic)) {
case XFS_DA3_NODE_MAGIC:
@@ -220,7 +222,7 @@ xfs_da3_node_read_verify(
}
/* fall through */
case XFS_DA_NODE_MAGIC:
- if (xfs_da3_node_verify(bp)) {
+ if ((failed_at = xfs_da3_node_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
@@ -236,12 +238,13 @@ xfs_da3_node_read_verify(
bp->b_ops->verify_read(bp);
return;
default:
+ failed_at = __this_address;
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
/* corrupt block */
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
const struct xfs_buf_ops xfs_da3_node_buf_ops = {
diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
index 480a180..6c54d03 100644
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -86,15 +86,16 @@ xfs_dir3_block_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_dir3_block_verify(bp))
+ else if ((failed_at = xfs_dir3_block_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -104,10 +105,11 @@ xfs_dir3_block_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_dir3_block_verify(bp)) {
+ if ((failed_at = xfs_dir3_block_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index b2375bf..5e27b71 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -268,7 +268,7 @@ xfs_dir3_data_reada_verify(
return;
default:
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
break;
}
}
@@ -278,15 +278,16 @@ xfs_dir3_data_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_dir3_data_verify(bp))
+ else if ((failed_at = xfs_dir3_data_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -296,10 +297,11 @@ xfs_dir3_data_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_dir3_data_verify(bp)) {
+ if ((failed_at = xfs_dir3_data_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
index 6eb7939..00dcfef 100644
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -181,15 +181,16 @@ __read_verify(
uint16_t magic)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_dir3_leaf_verify(bp, magic))
+ else if ((failed_at = xfs_dir3_leaf_verify(bp, magic)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -200,10 +201,11 @@ __write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_dir3_leaf_verify(bp, magic)) {
+ if ((failed_at = xfs_dir3_leaf_verify(bp, magic))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
index b596b5f..a11585b 100644
--- a/fs/xfs/libxfs/xfs_dir2_node.c
+++ b/fs/xfs/libxfs/xfs_dir2_node.c
@@ -115,15 +115,16 @@ xfs_dir3_free_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_FREE_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_dir3_free_verify(bp))
+ else if ((failed_at = xfs_dir3_free_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -133,10 +134,11 @@ xfs_dir3_free_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
+ void *failed_at;
- if (xfs_dir3_free_verify(bp)) {
+ if ((failed_at = xfs_dir3_free_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
@@ -156,7 +158,7 @@ const struct xfs_buf_ops xfs_dir3_free_buf_ops = {
};
/* Everything ok in the free block header? */
-static bool
+static void *
xfs_dir3_free_header_check(
struct xfs_inode *dp,
xfs_dablk_t fbno,
@@ -200,6 +202,7 @@ __xfs_dir3_free_read(
xfs_daddr_t mappedbno,
struct xfs_buf **bpp)
{
+ void *failed_at;
int err;
err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
@@ -208,9 +211,9 @@ __xfs_dir3_free_read(
return err;
/* Check things that we can't do in the verifier. */
- if (xfs_dir3_free_header_check(dp, fbno, *bpp)) {
+ if ((failed_at = xfs_dir3_free_header_check(dp, fbno, *bpp))) {
xfs_buf_ioerror(*bpp, -EFSCORRUPTED);
- xfs_verifier_error(*bpp);
+ xfs_verifier_error(*bpp, failed_at);
xfs_trans_brelse(tp, *bpp);
return -EFSCORRUPTED;
}
diff --git a/fs/xfs/libxfs/xfs_dquot_buf.c b/fs/xfs/libxfs/xfs_dquot_buf.c
index 747085b..5561011 100644
--- a/fs/xfs/libxfs/xfs_dquot_buf.c
+++ b/fs/xfs/libxfs/xfs_dquot_buf.c
@@ -254,7 +254,7 @@ xfs_dquot_buf_read_verify(
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
}
/*
@@ -289,7 +289,7 @@ xfs_dquot_buf_write_verify(
if (!xfs_dquot_buf_verify(mp, bp, XFS_QMOPT_DOWARN)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
return;
}
}
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index 3f95dff..f27edc9 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2547,16 +2547,17 @@ xfs_agi_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGI_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(xfs_agi_verify(bp), mp,
+ else if (XFS_TEST_ERROR((failed_at = xfs_agi_verify(bp)), mp,
XFS_ERRTAG_IALLOC_READ_AGI))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -2565,10 +2566,11 @@ xfs_agi_write_verify(
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
+ void *failed_at;
- if (xfs_agi_verify(bp)) {
+ if ((failed_at = xfs_agi_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c
index 89e928c..38d6a50 100644
--- a/fs/xfs/libxfs/xfs_ialloc_btree.c
+++ b/fs/xfs/libxfs/xfs_ialloc_btree.c
@@ -294,14 +294,16 @@ static void
xfs_inobt_read_verify(
struct xfs_buf *bp)
{
+ void *failed_at = __this_address;
+
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_inobt_verify(bp))
+ else if ((failed_at = xfs_inobt_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
}
@@ -309,10 +311,12 @@ static void
xfs_inobt_write_verify(
struct xfs_buf *bp)
{
- if (xfs_inobt_verify(bp)) {
+ void *failed_at;
+
+ if ((failed_at = xfs_inobt_verify(bp))) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
xfs_btree_sblock_calc_crc(bp);
diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index 02700428..a5bcf2b 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -113,7 +113,7 @@ xfs_inode_buf_verify(
}
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
#ifdef DEBUG
xfs_alert(mp,
"bad inode magic/vsn daddr %lld #%d (magic=%x)",
@@ -468,14 +468,15 @@ xfs_dinode_calc_crc(
*/
int
xfs_iread(
- xfs_mount_t *mp,
- xfs_trans_t *tp,
- xfs_inode_t *ip,
- uint iget_flags)
+ struct xfs_mount *mp,
+ struct xfs_trans *tp,
+ struct xfs_inode *ip,
+ uint iget_flags)
{
- xfs_buf_t *bp;
- xfs_dinode_t *dip;
- int error;
+ struct xfs_buf *bp;
+ struct xfs_dinode *dip;
+ void *failed_at;
+ int error;
/*
* Fill in the location information in the in-core inode.
@@ -506,9 +507,10 @@ xfs_iread(
return error;
/* even unallocated inodes are verified */
- if (xfs_dinode_verify(mp, ip->i_ino, dip)) {
- xfs_alert(mp, "%s: validation failed for inode %lld",
- __func__, ip->i_ino);
+ failed_at = xfs_dinode_verify(mp, ip->i_ino, dip);
+ if (failed_at) {
+ xfs_alert(mp, "%s: validation failed for inode %lld at %pF",
+ __func__, ip->i_ino, failed_at);
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, dip);
error = -EFSCORRUPTED;
diff --git a/fs/xfs/libxfs/xfs_refcount_btree.c b/fs/xfs/libxfs/xfs_refcount_btree.c
index 48f651a..8d6c0fc 100644
--- a/fs/xfs/libxfs/xfs_refcount_btree.c
+++ b/fs/xfs/libxfs/xfs_refcount_btree.c
@@ -255,14 +255,16 @@ STATIC void
xfs_refcountbt_read_verify(
struct xfs_buf *bp)
{
+ void *failed_at = __this_address;
+
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_refcountbt_verify(bp))
+ else if ((failed_at = xfs_refcountbt_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
}
@@ -270,10 +272,12 @@ STATIC void
xfs_refcountbt_write_verify(
struct xfs_buf *bp)
{
- if (xfs_refcountbt_verify(bp)) {
+ void *failed_at;
+
+ if ((failed_at = xfs_refcountbt_verify(bp))) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
xfs_btree_sblock_calc_crc(bp);
diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c
index 77e23c9..4fd77e7 100644
--- a/fs/xfs/libxfs/xfs_rmap_btree.c
+++ b/fs/xfs/libxfs/xfs_rmap_btree.c
@@ -347,14 +347,16 @@ static void
xfs_rmapbt_read_verify(
struct xfs_buf *bp)
{
+ void *failed_at = __this_address;
+
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_rmapbt_verify(bp))
+ else if ((failed_at = xfs_rmapbt_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
}
@@ -362,10 +364,12 @@ static void
xfs_rmapbt_write_verify(
struct xfs_buf *bp)
{
- if (xfs_rmapbt_verify(bp)) {
+ void *failed_at;
+
+ if ((failed_at = xfs_rmapbt_verify(bp))) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
xfs_btree_sblock_calc_crc(bp);
diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
index 9b5aae2..9b49640 100644
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -643,7 +643,7 @@ xfs_sb_read_verify(
if (error) {
xfs_buf_ioerror(bp, error);
if (error == -EFSCORRUPTED || error == -EFSBADCRC)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
}
}
@@ -679,7 +679,7 @@ xfs_sb_write_verify(
error = xfs_sb_verify(bp, false);
if (error) {
xfs_buf_ioerror(bp, error);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, __this_address);
return;
}
diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
index b53a4c9..1ac8c4d 100644
--- a/fs/xfs/libxfs/xfs_symlink_remote.c
+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
@@ -129,6 +129,7 @@ xfs_symlink_read_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
+ void *failed_at = __this_address;
/* no verification of non-crc buffers */
if (!xfs_sb_version_hascrc(&mp->m_sb))
@@ -136,11 +137,11 @@ xfs_symlink_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_SYMLINK_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (xfs_symlink_verify(bp))
+ else if ((failed_at = xfs_symlink_verify(bp)))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
}
static void
@@ -149,14 +150,15 @@ xfs_symlink_write_verify(
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
+ void *failed_at;
/* no verification of non-crc buffers */
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (xfs_symlink_verify(bp)) {
+ if ((failed_at = xfs_symlink_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
- xfs_verifier_error(bp);
+ xfs_verifier_error(bp, failed_at);
return;
}
diff --git a/fs/xfs/xfs_error.c b/fs/xfs/xfs_error.c
index 782bc00..1022e98 100644
--- a/fs/xfs/xfs_error.c
+++ b/fs/xfs/xfs_error.c
@@ -345,7 +345,8 @@ xfs_corruption_error(
*/
void
xfs_verifier_error(
- struct xfs_buf *bp)
+ struct xfs_buf *bp,
+ void *failed_at)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
@@ -354,7 +355,8 @@ xfs_verifier_error(
xfs_alert(mp, "Metadata %s detected at %pF, %s block 0x%llx",
bp->b_error == -EFSBADCRC ? "CRC error" : "corruption",
- __return_address, bp->b_ops->name, bp->b_bn);
+ failed_at ? failed_at : __return_address, bp->b_ops->name,
+ bp->b_bn);
xfs_alert(mp, "Unmount and run xfs_repair");
diff --git a/fs/xfs/xfs_error.h b/fs/xfs/xfs_error.h
index 6ee23eb..c204b8a 100644
--- a/fs/xfs/xfs_error.h
+++ b/fs/xfs/xfs_error.h
@@ -25,7 +25,7 @@ extern void xfs_error_report(const char *tag, int level, struct xfs_mount *mp,
extern void xfs_corruption_error(const char *tag, int level,
struct xfs_mount *mp, void *p, const char *filename,
int linenum, void *ra);
-extern void xfs_verifier_error(struct xfs_buf *bp);
+extern void xfs_verifier_error(struct xfs_buf *bp, void *failed_at);
#define XFS_ERROR_REPORT(e, lvl, mp) \
xfs_error_report(e, lvl, mp, __FILE__, __LINE__, __return_address)
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 05/12] xfs: verify dinode header first
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (3 preceding siblings ...)
2017-08-17 23:31 ` [PATCH 04/12] xfs: refactor verifier callers to print address of failing check Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 06/12] xfs: move inode fork verifiers to xfs_dinode_verify Darrick J. Wong
` (7 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Move the v3 inode integrity information (crc, owner, metauuid) before we
look at anything else in the inode so that we don't waste time on a torn
write or a totally garbled block. This makes xfs_dinode_verify more
consistent with the other verifiers.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_inode_buf.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index a5bcf2b..b2423a3 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -393,6 +393,19 @@ xfs_dinode_verify(
if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
return __this_address;
+ /* Verify v3 integrity information first */
+ if (dip->di_version >= 3) {
+ if (!xfs_sb_version_hascrc(&mp->m_sb))
+ return __this_address;
+ if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
+ XFS_DINODE_CRC_OFF))
+ return __this_address;
+ if (be64_to_cpu(dip->di_ino) != ino)
+ return __this_address;
+ if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
+ return __this_address;
+ }
+
/* don't allow invalid i_size */
if (be64_to_cpu(dip->di_size) & (1ULL << 63))
return __this_address;
@@ -409,16 +422,6 @@ xfs_dinode_verify(
if (dip->di_version < 3)
return NULL;
- if (!xfs_sb_version_hascrc(&mp->m_sb))
- return __this_address;
- if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
- XFS_DINODE_CRC_OFF))
- return __this_address;
- if (be64_to_cpu(dip->di_ino) != ino)
- return __this_address;
- if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
- return __this_address;
-
flags = be16_to_cpu(dip->di_flags);
flags2 = be64_to_cpu(dip->di_flags2);
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 06/12] xfs: move inode fork verifiers to xfs_dinode_verify
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (4 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 05/12] xfs: verify dinode header first Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 07/12] xfs: create structure verifier function for shortform xattrs Darrick J. Wong
` (6 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Consolidate the fork size and format verifiers to xfs_dinode_verify so
that we can reject bad inodes earlier and in a single place.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_inode_buf.c | 68 ++++++++++++++++++++++++++-
fs/xfs/libxfs/xfs_inode_fork.c | 99 ----------------------------------------
2 files changed, 65 insertions(+), 102 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index b2423a3..35d8605 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -389,6 +389,7 @@ xfs_dinode_verify(
uint16_t mode;
uint16_t flags;
uint64_t flags2;
+ uint64_t di_size;
if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
return __this_address;
@@ -407,7 +408,8 @@ xfs_dinode_verify(
}
/* don't allow invalid i_size */
- if (be64_to_cpu(dip->di_size) & (1ULL << 63))
+ di_size = be64_to_cpu(dip->di_size);
+ if (di_size & (1ULL << 63))
return __this_address;
mode = be16_to_cpu(dip->di_mode);
@@ -415,14 +417,74 @@ xfs_dinode_verify(
return __this_address;
/* No zero-length symlinks/dirs. */
- if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
+ if ((S_ISLNK(mode) || S_ISDIR(mode)) && di_size == 0)
return __this_address;
+ /* Fork checks carried over from xfs_iformat_fork */
+ if (mode &&
+ be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) >
+ be64_to_cpu(dip->di_nblocks))
+ return __this_address;
+
+ if (mode && dip->di_forkoff > mp->m_sb.sb_inodesize)
+ return __this_address;
+
+ flags = be16_to_cpu(dip->di_flags);
+
+ if (mode && (flags & XFS_DIFLAG_REALTIME) && !mp->m_rtdev_targp)
+ return __this_address;
+
+ /* Do we have appropriate data fork formats for the mode? */
+ switch (mode & S_IFMT) {
+ case S_IFIFO:
+ case S_IFCHR:
+ case S_IFBLK:
+ case S_IFSOCK:
+ if (dip->di_format != XFS_DINODE_FMT_DEV)
+ return __this_address;
+ break;
+ case S_IFREG:
+ case S_IFLNK:
+ case S_IFDIR:
+ switch (dip->di_format) {
+ case XFS_DINODE_FMT_LOCAL:
+ /*
+ * no local regular files yet
+ */
+ if (S_ISREG(mode))
+ return __this_address;
+ if (di_size > XFS_DFORK_DSIZE(dip, mp))
+ return __this_address;
+ /* fall through */
+ case XFS_DINODE_FMT_EXTENTS:
+ case XFS_DINODE_FMT_BTREE:
+ break;
+ default:
+ return __this_address;
+ }
+ break;
+ case 0:
+ /* Uninitialized inode ok. */
+ break;
+ default:
+ return __this_address;
+ }
+
+ if (XFS_DFORK_Q(dip)) {
+ switch (dip->di_aformat) {
+ case XFS_DINODE_FMT_LOCAL:
+ case XFS_DINODE_FMT_EXTENTS:
+ case XFS_DINODE_FMT_BTREE:
+ break;
+ default:
+ return __this_address;
+ }
+ }
+
/* only version 3 or greater inodes are extensively verified here */
if (dip->di_version < 3)
return NULL;
- flags = be16_to_cpu(dip->di_flags);
flags2 = be64_to_cpu(dip->di_flags2);
/* don't allow reflink/cowextsize if we don't have reflink */
diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
index 0e80f34..bba45f1 100644
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -61,70 +61,11 @@ xfs_iformat_fork(
int error = 0;
xfs_fsize_t di_size;
- if (unlikely(be32_to_cpu(dip->di_nextents) +
- be16_to_cpu(dip->di_anextents) >
- be64_to_cpu(dip->di_nblocks))) {
- xfs_warn(ip->i_mount,
- "corrupt dinode %Lu, extent total = %d, nblocks = %Lu.",
- (unsigned long long)ip->i_ino,
- (int)(be32_to_cpu(dip->di_nextents) +
- be16_to_cpu(dip->di_anextents)),
- (unsigned long long)
- be64_to_cpu(dip->di_nblocks));
- XFS_CORRUPTION_ERROR("xfs_iformat(1)", XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
- if (unlikely(dip->di_forkoff > ip->i_mount->m_sb.sb_inodesize)) {
- xfs_warn(ip->i_mount, "corrupt dinode %Lu, forkoff = 0x%x.",
- (unsigned long long)ip->i_ino,
- dip->di_forkoff);
- XFS_CORRUPTION_ERROR("xfs_iformat(2)", XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
- if (unlikely((ip->i_d.di_flags & XFS_DIFLAG_REALTIME) &&
- !ip->i_mount->m_rtdev_targp)) {
- xfs_warn(ip->i_mount,
- "corrupt dinode %Lu, has realtime flag set.",
- ip->i_ino);
- XFS_CORRUPTION_ERROR("xfs_iformat(realtime)",
- XFS_ERRLEVEL_LOW, ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
- if (unlikely(xfs_is_reflink_inode(ip) &&
- (VFS_I(ip)->i_mode & S_IFMT) != S_IFREG)) {
- xfs_warn(ip->i_mount,
- "corrupt dinode %llu, wrong file type for reflink.",
- ip->i_ino);
- XFS_CORRUPTION_ERROR("xfs_iformat(reflink)",
- XFS_ERRLEVEL_LOW, ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
- if (unlikely(xfs_is_reflink_inode(ip) &&
- (ip->i_d.di_flags & XFS_DIFLAG_REALTIME))) {
- xfs_warn(ip->i_mount,
- "corrupt dinode %llu, has reflink+realtime flag set.",
- ip->i_ino);
- XFS_CORRUPTION_ERROR("xfs_iformat(reflink)",
- XFS_ERRLEVEL_LOW, ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
switch (VFS_I(ip)->i_mode & S_IFMT) {
case S_IFIFO:
case S_IFCHR:
case S_IFBLK:
case S_IFSOCK:
- if (unlikely(dip->di_format != XFS_DINODE_FMT_DEV)) {
- XFS_CORRUPTION_ERROR("xfs_iformat(3)", XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
ip->i_d.di_size = 0;
ip->i_df.if_u2.if_rdev = xfs_dinode_get_rdev(dip);
break;
@@ -134,32 +75,7 @@ xfs_iformat_fork(
case S_IFDIR:
switch (dip->di_format) {
case XFS_DINODE_FMT_LOCAL:
- /*
- * no local regular files yet
- */
- if (unlikely(S_ISREG(be16_to_cpu(dip->di_mode)))) {
- xfs_warn(ip->i_mount,
- "corrupt inode %Lu (local format for regular file).",
- (unsigned long long) ip->i_ino);
- XFS_CORRUPTION_ERROR("xfs_iformat(4)",
- XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
di_size = be64_to_cpu(dip->di_size);
- if (unlikely(di_size < 0 ||
- di_size > XFS_DFORK_DSIZE(dip, ip->i_mount))) {
- xfs_warn(ip->i_mount,
- "corrupt inode %Lu (bad size %Ld for local inode).",
- (unsigned long long) ip->i_ino,
- (long long) di_size);
- XFS_CORRUPTION_ERROR("xfs_iformat(5)",
- XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- return -EFSCORRUPTED;
- }
-
size = (int)di_size;
error = xfs_iformat_local(ip, dip, XFS_DATA_FORK, size);
break;
@@ -170,14 +86,11 @@ xfs_iformat_fork(
error = xfs_iformat_btree(ip, dip, XFS_DATA_FORK);
break;
default:
- XFS_ERROR_REPORT("xfs_iformat(6)", XFS_ERRLEVEL_LOW,
- ip->i_mount);
return -EFSCORRUPTED;
}
break;
default:
- XFS_ERROR_REPORT("xfs_iformat(7)", XFS_ERRLEVEL_LOW, ip->i_mount);
return -EFSCORRUPTED;
}
if (error)
@@ -209,18 +122,6 @@ xfs_iformat_fork(
atp = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);
size = be16_to_cpu(atp->hdr.totsize);
- if (unlikely(size < sizeof(struct xfs_attr_sf_hdr))) {
- xfs_warn(ip->i_mount,
- "corrupt inode %Lu (bad attr fork size %Ld).",
- (unsigned long long) ip->i_ino,
- (long long) size);
- XFS_CORRUPTION_ERROR("xfs_iformat(8)",
- XFS_ERRLEVEL_LOW,
- ip->i_mount, dip);
- error = -EFSCORRUPTED;
- break;
- }
-
error = xfs_iformat_local(ip, dip, XFS_ATTR_FORK, size);
break;
case XFS_DINODE_FMT_EXTENTS:
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 07/12] xfs: create structure verifier function for shortform xattrs
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (5 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 06/12] xfs: move inode fork verifiers to xfs_dinode_verify Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 08/12] xfs: create structure verifier function for short form symlinks Darrick J. Wong
` (5 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Create a function to perform structure verification for short form
extended attributes.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_attr_leaf.c | 70 +++++++++++++++++++++++++++++++++++++++++
fs/xfs/libxfs/xfs_attr_leaf.h | 1 +
2 files changed, 71 insertions(+)
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index 16bc966..742e8a3 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -873,6 +873,76 @@ xfs_attr_shortform_allfit(
return xfs_attr_shortform_bytesfit(dp, bytes);
}
+/* Verify the consistency of an inline attribute fork. */
+void *
+xfs_attr_shortform_verify(
+ struct xfs_inode *ip)
+{
+ struct xfs_attr_shortform *sfp;
+ struct xfs_attr_sf_entry *sfep;
+ struct xfs_attr_sf_entry *next_sfep;
+ char *endp;
+ struct xfs_ifork *ifp;
+ int i;
+ int size;
+
+ ASSERT(ip->i_d.di_aformat == XFS_DINODE_FMT_LOCAL);
+ ifp = XFS_IFORK_PTR(ip, XFS_ATTR_FORK);
+ sfp = (struct xfs_attr_shortform *)ifp->if_u1.if_data;
+ size = ifp->if_bytes;
+
+ /*
+ * Give up if the attribute is way too short.
+ */
+ if (size < sizeof(struct xfs_attr_sf_hdr))
+ return __this_address;
+
+ endp = (char *)sfp + size;
+
+ /* Check all reported entries */
+ sfep = &sfp->list[0];
+ for (i = 0; i < sfp->hdr.count; i++) {
+ /*
+ * struct xfs_attr_sf_entry has a variable length.
+ * Check the fixed-offset parts of the structure are
+ * within the data buffer.
+ */
+ if (((char *)sfep + sizeof(*sfep)) >= endp)
+ return __this_address;
+
+ /* Don't allow names with known bad length. */
+ if (sfep->namelen == 0)
+ return __this_address;
+
+ /*
+ * Check that the variable-length part of the structure is
+ * within the data buffer. The next entry starts after the
+ * name component, so nextentry is an acceptable test.
+ */
+ next_sfep = XFS_ATTR_SF_NEXTENTRY(sfep);
+ if ((char *)next_sfep > endp)
+ return __this_address;
+
+ /*
+ * Check for unknown flags. Short form doesn't support
+ * the incomplete or local bits.
+ */
+ if (sfep->flags & ~(XFS_ATTR_ROOT | XFS_ATTR_SECURE))
+ return __this_address;
+
+ /* Check for invalid namespace combinations. */
+ if ((sfep->flags & XFS_ATTR_ROOT) &&
+ (sfep->flags & XFS_ATTR_SECURE))
+ return __this_address;
+
+ sfep = next_sfep;
+ }
+ if ((void *)sfep != (void *)endp)
+ return __this_address;
+
+ return NULL;
+}
+
/*
* Convert a leaf attribute list to shortform attribute list
*/
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.h b/fs/xfs/libxfs/xfs_attr_leaf.h
index f7dda0c..f7bc912 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.h
+++ b/fs/xfs/libxfs/xfs_attr_leaf.h
@@ -52,6 +52,7 @@ int xfs_attr_shortform_to_leaf(struct xfs_da_args *args);
int xfs_attr_shortform_remove(struct xfs_da_args *args);
int xfs_attr_shortform_allfit(struct xfs_buf *bp, struct xfs_inode *dp);
int xfs_attr_shortform_bytesfit(struct xfs_inode *dp, int bytes);
+void *xfs_attr_shortform_verify(struct xfs_inode *ip);
void xfs_attr_fork_remove(struct xfs_inode *ip, struct xfs_trans *tp);
/*
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 08/12] xfs: create structure verifier function for short form symlinks
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (6 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 07/12] xfs: create structure verifier function for shortform xattrs Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 09/12] xfs: refactor short form directory structure verifier function Darrick J. Wong
` (4 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Create a function to check the structure of short form symlink targets.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_shared.h | 1 +
fs/xfs/libxfs/xfs_symlink_remote.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 37 insertions(+)
diff --git a/fs/xfs/libxfs/xfs_shared.h b/fs/xfs/libxfs/xfs_shared.h
index c6f4eb4..536fb35 100644
--- a/fs/xfs/libxfs/xfs_shared.h
+++ b/fs/xfs/libxfs/xfs_shared.h
@@ -143,5 +143,6 @@ bool xfs_symlink_hdr_ok(xfs_ino_t ino, uint32_t offset,
uint32_t size, struct xfs_buf *bp);
void xfs_symlink_local_to_remote(struct xfs_trans *tp, struct xfs_buf *bp,
struct xfs_inode *ip, struct xfs_ifork *ifp);
+void *xfs_symlink_shortform_verify(struct xfs_inode *ip);
#endif /* __XFS_SHARED_H__ */
diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
index 1ac8c4d..ef5e754 100644
--- a/fs/xfs/libxfs/xfs_symlink_remote.c
+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
@@ -209,3 +209,39 @@ xfs_symlink_local_to_remote(
xfs_trans_log_buf(tp, bp, 0, sizeof(struct xfs_dsymlink_hdr) +
ifp->if_bytes - 1);
}
+
+/* Verify the consistency of an inline symlink. */
+void *
+xfs_symlink_shortform_verify(
+ struct xfs_inode *ip)
+{
+ char *sfp;
+ char *endp;
+ struct xfs_ifork *ifp;
+ int size;
+
+ ASSERT(ip->i_d.di_format == XFS_DINODE_FMT_LOCAL);
+ ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
+ sfp = (char *)ifp->if_u1.if_data;
+ size = ifp->if_bytes;
+ endp = sfp + size;
+
+ /* Zero length symlinks can exist while we're deleting a remote one. */
+ if (size == 0)
+ return NULL;
+
+ /* No negative sizes or overly long symlink targets. */
+ if (size < 0 || size > XFS_SYMLINK_MAXLEN)
+ return __this_address;
+
+ /* No NULLs in the target either. */
+ for (; sfp < endp; sfp++) {
+ if (*sfp == 0)
+ return __this_address;
+ }
+
+ /* We /did/ null-terminate the buffer, right? */
+ if (*endp != 0)
+ return __this_address;
+ return NULL;
+}
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 09/12] xfs: refactor short form directory structure verifier function
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (7 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 08/12] xfs: create structure verifier function for short form symlinks Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 10/12] xfs: provide a centralized method for verifying inline fork data Darrick J. Wong
` (3 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Change the short form directory structure verifier function to return
the instruction pointer of a failing check or NULL if everything's ok.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_dir2_priv.h | 2 +-
fs/xfs/libxfs/xfs_dir2_sf.c | 26 +++++++++++++-------------
fs/xfs/libxfs/xfs_inode_fork.c | 5 ++---
3 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_dir2_priv.h b/fs/xfs/libxfs/xfs_dir2_priv.h
index d1a441f..0f19489 100644
--- a/fs/xfs/libxfs/xfs_dir2_priv.h
+++ b/fs/xfs/libxfs/xfs_dir2_priv.h
@@ -133,7 +133,7 @@ extern int xfs_dir2_sf_create(struct xfs_da_args *args, xfs_ino_t pino);
extern int xfs_dir2_sf_lookup(struct xfs_da_args *args);
extern int xfs_dir2_sf_removename(struct xfs_da_args *args);
extern int xfs_dir2_sf_replace(struct xfs_da_args *args);
-extern int xfs_dir2_sf_verify(struct xfs_inode *ip);
+extern void *xfs_dir2_sf_verify(struct xfs_inode *ip);
/* xfs_dir2_readdir.c */
extern int xfs_readdir(struct xfs_trans *tp, struct xfs_inode *dp,
diff --git a/fs/xfs/libxfs/xfs_dir2_sf.c b/fs/xfs/libxfs/xfs_dir2_sf.c
index be8b975..b4d31cb 100644
--- a/fs/xfs/libxfs/xfs_dir2_sf.c
+++ b/fs/xfs/libxfs/xfs_dir2_sf.c
@@ -630,7 +630,7 @@ xfs_dir2_sf_check(
#endif /* DEBUG */
/* Verify the consistency of an inline directory. */
-int
+void *
xfs_dir2_sf_verify(
struct xfs_inode *ip)
{
@@ -665,7 +665,7 @@ xfs_dir2_sf_verify(
*/
if (size <= offsetof(struct xfs_dir2_sf_hdr, parent) ||
size < xfs_dir2_sf_hdr_size(sfp->i8count))
- return -EFSCORRUPTED;
+ return __this_address;
endp = (char *)sfp + size;
@@ -674,7 +674,7 @@ xfs_dir2_sf_verify(
i8count = ino > XFS_DIR2_MAX_SHORT_INUM;
error = xfs_dir_ino_validate(mp, ino);
if (error)
- return error;
+ return __this_address;
offset = dops->data_first_offset;
/* Check all reported entries */
@@ -686,11 +686,11 @@ xfs_dir2_sf_verify(
* within the data buffer.
*/
if (((char *)sfep + sizeof(*sfep)) >= endp)
- return -EFSCORRUPTED;
+ return __this_address;
/* Don't allow names with known bad length. */
if (sfep->namelen == 0)
- return -EFSCORRUPTED;
+ return __this_address;
/*
* Check that the variable-length part of the structure is
@@ -699,23 +699,23 @@ xfs_dir2_sf_verify(
*/
next_sfep = dops->sf_nextentry(sfp, sfep);
if (endp < (char *)next_sfep)
- return -EFSCORRUPTED;
+ return __this_address;
/* Check that the offsets always increase. */
if (xfs_dir2_sf_get_offset(sfep) < offset)
- return -EFSCORRUPTED;
+ return __this_address;
/* Check the inode number. */
ino = dops->sf_get_ino(sfp, sfep);
i8count += ino > XFS_DIR2_MAX_SHORT_INUM;
error = xfs_dir_ino_validate(mp, ino);
if (error)
- return error;
+ return __this_address;
/* Check the file type. */
filetype = dops->sf_get_ftype(sfep);
if (filetype >= XFS_DIR3_FT_MAX)
- return -EFSCORRUPTED;
+ return __this_address;
offset = xfs_dir2_sf_get_offset(sfep) +
dops->data_entsize(sfep->namelen);
@@ -723,16 +723,16 @@ xfs_dir2_sf_verify(
sfep = next_sfep;
}
if (i8count != sfp->i8count)
- return -EFSCORRUPTED;
+ return __this_address;
if ((void *)sfep != (void *)endp)
- return -EFSCORRUPTED;
+ return __this_address;
/* Make sure this whole thing ought to be in local format. */
if (offset + (sfp->count + 2) * (uint)sizeof(xfs_dir2_leaf_entry_t) +
(uint)sizeof(xfs_dir2_block_tail_t) > mp->m_dir_geo->blksize)
- return -EFSCORRUPTED;
+ return __this_address;
- return 0;
+ return NULL;
}
/*
diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
index bba45f1..43213d5 100644
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -99,10 +99,9 @@ xfs_iformat_fork(
/* Check inline dir contents. */
if (S_ISDIR(VFS_I(ip)->i_mode) &&
dip->di_format == XFS_DINODE_FMT_LOCAL) {
- error = xfs_dir2_sf_verify(ip);
- if (error) {
+ if (xfs_dir2_sf_verify(ip)) {
xfs_idestroy_fork(ip, XFS_DATA_FORK);
- return error;
+ return -EFSCORRUPTED;
}
}
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 10/12] xfs: provide a centralized method for verifying inline fork data
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (8 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 09/12] xfs: refactor short form directory structure verifier function Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 11/12] xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt Darrick J. Wong
` (2 subsequent siblings)
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Replace the current haphazard dir2 shortform verifier callsites with a
centralized verifier function that can be called either with the default
verifier functions or with a custom set. This helps us strengthen
integrity checking while providing us with flexibility for repair tools.
xfs_repair wants this to be able to supply its own verifier functions
when trying to fix possibly corrupt metadata.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_inode_fork.c | 62 ++++++++++++++++++++++++++++++++++------
fs/xfs/libxfs/xfs_inode_fork.h | 12 ++++++++
fs/xfs/xfs_icache.c | 6 +++-
fs/xfs/xfs_inode.c | 34 +++++++++++++++++++---
fs/xfs/xfs_inode.h | 2 +
fs/xfs/xfs_log_recover.c | 4 +++
6 files changed, 106 insertions(+), 14 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
index 43213d5..ec9df5f 100644
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -35,6 +35,8 @@
#include "xfs_da_format.h"
#include "xfs_da_btree.h"
#include "xfs_dir2_priv.h"
+#include "xfs_attr_leaf.h"
+#include "xfs_shared.h"
kmem_zone_t *xfs_ifork_zone;
@@ -96,15 +98,6 @@ xfs_iformat_fork(
if (error)
return error;
- /* Check inline dir contents. */
- if (S_ISDIR(VFS_I(ip)->i_mode) &&
- dip->di_format == XFS_DINODE_FMT_LOCAL) {
- if (xfs_dir2_sf_verify(ip)) {
- xfs_idestroy_fork(ip, XFS_DATA_FORK);
- return -EFSCORRUPTED;
- }
- }
-
if (xfs_is_reflink_inode(ip)) {
ASSERT(ip->i_cowfp == NULL);
xfs_ifork_init_cow(ip);
@@ -1923,3 +1916,54 @@ xfs_iext_get_extent(
xfs_bmbt_get_all(xfs_iext_get_ext(ifp, idx), gotp);
return true;
}
+
+/* Default fork content verifiers. */
+struct xfs_ifork_ops xfs_default_ifork_ops = {
+ .verify_attr = xfs_attr_shortform_verify,
+ .verify_dir = xfs_dir2_sf_verify,
+ .verify_symlink = xfs_symlink_shortform_verify,
+};
+
+/* Verify the inline contents of the data fork of an inode. */
+void *
+xfs_ifork_verify_data(
+ struct xfs_inode *ip,
+ struct xfs_ifork_ops *ops)
+{
+ xfs_ifork_verifier_t fn = NULL;
+
+ /* Non-local data fork, we're done. */
+ if (ip->i_d.di_format != XFS_DINODE_FMT_LOCAL)
+ return NULL;
+
+ /* Check the inline data fork if there is one. */
+ if (S_ISDIR(VFS_I(ip)->i_mode))
+ fn = ops->verify_dir;
+ else if (S_ISLNK(VFS_I(ip)->i_mode))
+ fn = ops->verify_symlink;
+
+ if (fn)
+ return fn(ip);
+ return NULL;
+}
+
+/* Verify the inline contents of the attr fork of an inode. */
+void *
+xfs_ifork_verify_attr(
+ struct xfs_inode *ip,
+ struct xfs_ifork_ops *ops)
+{
+ xfs_ifork_verifier_t fn = NULL;
+
+ /* There has to be an attr fork allocated if aformat is local. */
+ if (ip->i_d.di_aformat == XFS_DINODE_FMT_LOCAL) {
+ if (XFS_IFORK_PTR(ip, XFS_ATTR_FORK))
+ fn = ops->verify_attr;
+ else
+ return __this_address;
+ }
+
+ if (fn)
+ return fn(ip);
+ return NULL;
+}
diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h
index 7fb8365..abab8fb 100644
--- a/fs/xfs/libxfs/xfs_inode_fork.h
+++ b/fs/xfs/libxfs/xfs_inode_fork.h
@@ -192,4 +192,16 @@ extern struct kmem_zone *xfs_ifork_zone;
extern void xfs_ifork_init_cow(struct xfs_inode *ip);
+typedef void *(*xfs_ifork_verifier_t)(struct xfs_inode *);
+
+struct xfs_ifork_ops {
+ xfs_ifork_verifier_t verify_symlink;
+ xfs_ifork_verifier_t verify_dir;
+ xfs_ifork_verifier_t verify_attr;
+};
+extern struct xfs_ifork_ops xfs_default_ifork_ops;
+
+void *xfs_ifork_verify_data(struct xfs_inode *ip, struct xfs_ifork_ops *ops);
+void *xfs_ifork_verify_attr(struct xfs_inode *ip, struct xfs_ifork_ops *ops);
+
#endif /* __XFS_INODE_FORK_H__ */
diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
index 7a715cd..89567b9 100644
--- a/fs/xfs/xfs_icache.c
+++ b/fs/xfs/xfs_icache.c
@@ -449,7 +449,6 @@ xfs_iget_cache_hit(
return error;
}
-
static int
xfs_iget_cache_miss(
struct xfs_mount *mp,
@@ -473,6 +472,11 @@ xfs_iget_cache_miss(
if (error)
goto out_destroy;
+ if (!xfs_inode_verify_forks(ip)) {
+ error = -EFSCORRUPTED;
+ goto out_destroy;
+ }
+
trace_xfs_iget_miss(ip);
if ((VFS_I(ip)->i_mode == 0) && !(flags & XFS_IGET_CREATE)) {
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index ff48f00..4e05325 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -3471,6 +3471,34 @@ xfs_iflush(
return error;
}
+/*
+ * If there are inline format data / attr forks attached to this inode,
+ * make sure they're not corrupt.
+ */
+bool
+xfs_inode_verify_forks(
+ struct xfs_inode *ip)
+{
+ void *failed_at;
+
+ failed_at = xfs_ifork_verify_data(ip, &xfs_default_ifork_ops);
+ if (failed_at) {
+ xfs_alert(ip->i_mount,
+ "%s: bad inode %llu inline data fork at %pF",
+ __func__, ip->i_ino, failed_at);
+ return false;
+ }
+
+ failed_at = xfs_ifork_verify_attr(ip, &xfs_default_ifork_ops);
+ if (failed_at) {
+ xfs_alert(ip->i_mount,
+ "%s: bad inode %llu inline attr fork at %pF",
+ __func__, ip->i_ino, failed_at);
+ return false;
+ }
+ return true;
+}
+
STATIC int
xfs_iflush_int(
struct xfs_inode *ip,
@@ -3549,10 +3577,8 @@ xfs_iflush_int(
if (ip->i_d.di_version < 3)
ip->i_d.di_flushiter++;
- /* Check the inline directory data. */
- if (S_ISDIR(VFS_I(ip)->i_mode) &&
- ip->i_d.di_format == XFS_DINODE_FMT_LOCAL &&
- xfs_dir2_sf_verify(ip))
+ /* Check the inline fork data before we write out. */
+ if (!xfs_inode_verify_forks(ip))
goto corrupt_out;
/*
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
index 0ee453d..fcd1192 100644
--- a/fs/xfs/xfs_inode.h
+++ b/fs/xfs/xfs_inode.h
@@ -490,4 +490,6 @@ extern struct kmem_zone *xfs_inode_zone;
/* The default CoW extent size hint. */
#define XFS_DEFAULT_COWEXTSZ_HINT 32
+bool xfs_inode_verify_forks(struct xfs_inode *ip);
+
#endif /* __XFS_INODE_H__ */
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 9549188..6c72bdf 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2920,6 +2920,10 @@ xfs_recover_inode_owner_change(
if (error)
goto out_free_ip;
+ if (!xfs_inode_verify_forks(ip)) {
+ error = -EFSCORRUPTED;
+ goto out_free_ip;
+ }
if (in_f->ilf_fields & XFS_ILOG_DOWNER) {
ASSERT(in_f->ilf_fields & XFS_ILOG_DBROOT);
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 11/12] xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (9 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 10/12] xfs: provide a centralized method for verifying inline fork data Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-17 23:32 ` [PATCH 12/12] xfs: create a new buf_ops pointer to verify structure metadata Darrick J. Wong
2017-08-18 7:05 ` [RFC 00/12] xfs: more and better verifiers Christoph Hellwig
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
If the xattr leaf block looks corrupt, return -EFSCORRUPTED to userspace
instead of ASSERTing on debug kernels or running off the end of the
buffer on regular kernels.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_attr_leaf.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index 742e8a3..bde5269 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -2246,7 +2246,8 @@ xfs_attr3_leaf_lookup_int(
leaf = bp->b_addr;
xfs_attr3_leaf_hdr_from_disk(args->geo, &ichdr, leaf);
entries = xfs_attr3_leaf_entryp(leaf);
- ASSERT(ichdr.count < args->geo->blksize / 8);
+ if (ichdr.count >= args->geo->blksize / 8)
+ return -EFSCORRUPTED;
/*
* Binary search. (note: small blocks will skip this loop)
@@ -2262,8 +2263,10 @@ xfs_attr3_leaf_lookup_int(
else
break;
}
- ASSERT(probe >= 0 && (!ichdr.count || probe < ichdr.count));
- ASSERT(span <= 4 || be32_to_cpu(entry->hashval) == hashval);
+ if (!(probe >= 0 && (!ichdr.count || probe < ichdr.count)))
+ return -EFSCORRUPTED;
+ if (!(span <= 4 || be32_to_cpu(entry->hashval) == hashval))
+ return -EFSCORRUPTED;
/*
* Since we may have duplicate hashval's, find the first matching
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 12/12] xfs: create a new buf_ops pointer to verify structure metadata
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (10 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 11/12] xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt Darrick J. Wong
@ 2017-08-17 23:32 ` Darrick J. Wong
2017-08-18 7:05 ` [RFC 00/12] xfs: more and better verifiers Christoph Hellwig
12 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-17 23:32 UTC (permalink / raw)
To: linux-xfs, darrick.wong
From: Darrick J. Wong <darrick.wong@oracle.com>
Expose all metadata structure buffer verifier functions via buf_ops.
These will be used by the online scrub mechanism to look for problems
with buffers that are already sitting around in memory.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_alloc.c | 14 ++++++++------
fs/xfs/libxfs/xfs_alloc_btree.c | 1 +
fs/xfs/libxfs/xfs_attr_leaf.c | 1 +
fs/xfs/libxfs/xfs_attr_remote.c | 32 ++++++++++++++++++++++++++++++++
fs/xfs/libxfs/xfs_bmap_btree.c | 1 +
fs/xfs/libxfs/xfs_da_btree.c | 25 +++++++++++++++++++++++++
fs/xfs/libxfs/xfs_dir2_block.c | 1 +
fs/xfs/libxfs/xfs_dir2_data.c | 1 +
fs/xfs/libxfs/xfs_dir2_leaf.c | 16 ++++++++++++++++
fs/xfs/libxfs/xfs_dir2_node.c | 1 +
fs/xfs/libxfs/xfs_dquot_buf.c | 12 ++++++++++++
fs/xfs/libxfs/xfs_ialloc.c | 1 +
fs/xfs/libxfs/xfs_ialloc_btree.c | 1 +
fs/xfs/libxfs/xfs_refcount_btree.c | 1 +
fs/xfs/libxfs/xfs_rmap_btree.c | 1 +
fs/xfs/libxfs/xfs_symlink_remote.c | 1 +
fs/xfs/xfs_buf.h | 1 +
17 files changed, 105 insertions(+), 6 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
index d49b1e3..21a1c21 100644
--- a/fs/xfs/libxfs/xfs_alloc.c
+++ b/fs/xfs/libxfs/xfs_alloc.c
@@ -604,6 +604,7 @@ const struct xfs_buf_ops xfs_agfl_buf_ops = {
.name = "xfs_agfl",
.verify_read = xfs_agfl_read_verify,
.verify_write = xfs_agfl_write_verify,
+ .verify_struct = xfs_agfl_verify,
};
/*
@@ -2393,10 +2394,10 @@ xfs_alloc_put_freelist(
static void *
xfs_agf_verify(
- struct xfs_mount *mp,
- struct xfs_buf *bp)
- {
- struct xfs_agf *agf = XFS_BUF_TO_AGF(bp);
+ struct xfs_buf *bp)
+{
+ struct xfs_mount *mp = bp->b_target->bt_mount;
+ struct xfs_agf *agf = XFS_BUF_TO_AGF(bp);
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!uuid_equal(&agf->agf_uuid, &mp->m_sb.sb_meta_uuid))
@@ -2457,7 +2458,7 @@ xfs_agf_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR((failed_at = xfs_agf_verify(mp, bp)), mp,
+ else if (XFS_TEST_ERROR((failed_at = xfs_agf_verify(bp)), mp,
XFS_ERRTAG_ALLOC_READ_AGF))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
@@ -2473,7 +2474,7 @@ xfs_agf_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
void *failed_at;
- if ((failed_at = xfs_agf_verify(mp, bp))) {
+ if ((failed_at = xfs_agf_verify(bp))) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp, failed_at);
return;
@@ -2492,6 +2493,7 @@ const struct xfs_buf_ops xfs_agf_buf_ops = {
.name = "xfs_agf",
.verify_read = xfs_agf_read_verify,
.verify_write = xfs_agf_write_verify,
+ .verify_struct = xfs_agf_verify,
};
/*
diff --git a/fs/xfs/libxfs/xfs_alloc_btree.c b/fs/xfs/libxfs/xfs_alloc_btree.c
index 8d4c004..eb79f6c 100644
--- a/fs/xfs/libxfs/xfs_alloc_btree.c
+++ b/fs/xfs/libxfs/xfs_alloc_btree.c
@@ -397,6 +397,7 @@ const struct xfs_buf_ops xfs_allocbt_buf_ops = {
.name = "xfs_allocbt",
.verify_read = xfs_allocbt_read_verify,
.verify_write = xfs_allocbt_write_verify,
+ .verify_struct = xfs_allocbt_verify,
};
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index bde5269..3a563c5 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -339,6 +339,7 @@ const struct xfs_buf_ops xfs_attr3_leaf_buf_ops = {
.name = "xfs_attr3_leaf",
.verify_read = xfs_attr3_leaf_read_verify,
.verify_write = xfs_attr3_leaf_write_verify,
+ .verify_struct = xfs_attr3_leaf_verify,
};
int
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index d33a4d3..164c366 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -203,10 +203,42 @@ xfs_attr3_rmt_write_verify(
ASSERT(len == 0);
}
+static void *
+xfs_attr3_rmt_verify_struct(
+ struct xfs_buf *bp)
+{
+ struct xfs_mount *mp = bp->b_target->bt_mount;
+ char *ptr;
+ void *failed_at;
+ int len;
+ xfs_daddr_t bno;
+ int blksize = mp->m_attr_geo->blksize;
+
+ /* no verification of non-crc buffers */
+ if (!xfs_sb_version_hascrc(&mp->m_sb))
+ return NULL;
+
+ ptr = bp->b_addr;
+ bno = bp->b_bn;
+ len = BBTOB(bp->b_length);
+ ASSERT(len >= blksize);
+
+ while (len > 0) {
+ if ((failed_at = xfs_attr3_rmt_verify(mp, ptr, blksize, bno)))
+ return failed_at;
+ len -= blksize;
+ ptr += blksize;
+ bno += BTOBB(blksize);
+ }
+
+ return NULL;
+}
+
const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = {
.name = "xfs_attr3_rmt",
.verify_read = xfs_attr3_rmt_read_verify,
.verify_write = xfs_attr3_rmt_write_verify,
+ .verify_struct = xfs_attr3_rmt_verify_struct,
};
STATIC int
diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
index d613080..0d5dd7b 100644
--- a/fs/xfs/libxfs/xfs_bmap_btree.c
+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
@@ -692,6 +692,7 @@ const struct xfs_buf_ops xfs_bmbt_buf_ops = {
.name = "xfs_bmbt",
.verify_read = xfs_bmbt_read_verify,
.verify_write = xfs_bmbt_write_verify,
+ .verify_struct = xfs_bmbt_verify,
};
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index f3544fb..af738bf 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -247,10 +247,35 @@ xfs_da3_node_read_verify(
xfs_verifier_error(bp, failed_at);
}
+/* Verify the structure of a da3 block. */
+static void *
+xfs_da3_node_verify_struct(
+ struct xfs_buf *bp)
+{
+ struct xfs_da_blkinfo *info = bp->b_addr;
+
+ switch (be16_to_cpu(info->magic)) {
+ case XFS_DA3_NODE_MAGIC:
+ case XFS_DA_NODE_MAGIC:
+ return xfs_da3_node_verify(bp);
+ case XFS_ATTR_LEAF_MAGIC:
+ case XFS_ATTR3_LEAF_MAGIC:
+ bp->b_ops = &xfs_attr3_leaf_buf_ops;
+ return bp->b_ops->verify_struct(bp);
+ case XFS_DIR2_LEAFN_MAGIC:
+ case XFS_DIR3_LEAFN_MAGIC:
+ bp->b_ops = &xfs_dir3_leafn_buf_ops;
+ return bp->b_ops->verify_struct(bp);
+ default:
+ return __this_address;
+ }
+}
+
const struct xfs_buf_ops xfs_da3_node_buf_ops = {
.name = "xfs_da3_node",
.verify_read = xfs_da3_node_read_verify,
.verify_write = xfs_da3_node_write_verify,
+ .verify_struct = xfs_da3_node_verify_struct,
};
int
diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
index 6c54d03..6dce935 100644
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -126,6 +126,7 @@ const struct xfs_buf_ops xfs_dir3_block_buf_ops = {
.name = "xfs_dir3_block",
.verify_read = xfs_dir3_block_read_verify,
.verify_write = xfs_dir3_block_write_verify,
+ .verify_struct = xfs_dir3_block_verify,
};
int
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index 5e27b71..d08a7ac 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -318,6 +318,7 @@ const struct xfs_buf_ops xfs_dir3_data_buf_ops = {
.name = "xfs_dir3_data",
.verify_read = xfs_dir3_data_read_verify,
.verify_write = xfs_dir3_data_write_verify,
+ .verify_struct = xfs_dir3_data_verify,
};
static const struct xfs_buf_ops xfs_dir3_data_reada_buf_ops = {
diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
index 00dcfef..792fd98 100644
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -218,6 +218,13 @@ __write_verify(
xfs_buf_update_cksum(bp, XFS_DIR3_LEAF_CRC_OFF);
}
+static void *
+xfs_dir3_leaf1_verify(
+ struct xfs_buf *bp)
+{
+ return xfs_dir3_leaf_verify(bp, XFS_DIR2_LEAF1_MAGIC);
+}
+
static void
xfs_dir3_leaf1_read_verify(
struct xfs_buf *bp)
@@ -232,6 +239,13 @@ xfs_dir3_leaf1_write_verify(
__write_verify(bp, XFS_DIR2_LEAF1_MAGIC);
}
+static void *
+xfs_dir3_leafn_verify(
+ struct xfs_buf *bp)
+{
+ return xfs_dir3_leaf_verify(bp, XFS_DIR2_LEAFN_MAGIC);
+}
+
static void
xfs_dir3_leafn_read_verify(
struct xfs_buf *bp)
@@ -250,12 +264,14 @@ const struct xfs_buf_ops xfs_dir3_leaf1_buf_ops = {
.name = "xfs_dir3_leaf1",
.verify_read = xfs_dir3_leaf1_read_verify,
.verify_write = xfs_dir3_leaf1_write_verify,
+ .verify_struct = xfs_dir3_leaf1_verify,
};
const struct xfs_buf_ops xfs_dir3_leafn_buf_ops = {
.name = "xfs_dir3_leafn",
.verify_read = xfs_dir3_leafn_read_verify,
.verify_write = xfs_dir3_leafn_write_verify,
+ .verify_struct = xfs_dir3_leafn_verify,
};
int
diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
index a11585b..1a5e383 100644
--- a/fs/xfs/libxfs/xfs_dir2_node.c
+++ b/fs/xfs/libxfs/xfs_dir2_node.c
@@ -155,6 +155,7 @@ const struct xfs_buf_ops xfs_dir3_free_buf_ops = {
.name = "xfs_dir3_free",
.verify_read = xfs_dir3_free_read_verify,
.verify_write = xfs_dir3_free_write_verify,
+ .verify_struct = xfs_dir3_free_verify,
};
/* Everything ok in the free block header? */
diff --git a/fs/xfs/libxfs/xfs_dquot_buf.c b/fs/xfs/libxfs/xfs_dquot_buf.c
index 5561011..8ce5239 100644
--- a/fs/xfs/libxfs/xfs_dquot_buf.c
+++ b/fs/xfs/libxfs/xfs_dquot_buf.c
@@ -242,6 +242,17 @@ xfs_dquot_buf_verify(
return true;
}
+static void *
+xfs_dquot_buf_verify_struct(
+ struct xfs_buf *bp)
+{
+ struct xfs_mount *mp = bp->b_target->bt_mount;
+
+ if (!xfs_dquot_buf_verify(mp, bp, 0))
+ return __this_address;
+ return NULL;
+}
+
static void
xfs_dquot_buf_read_verify(
struct xfs_buf *bp)
@@ -298,6 +309,7 @@ const struct xfs_buf_ops xfs_dquot_buf_ops = {
.name = "xfs_dquot",
.verify_read = xfs_dquot_buf_read_verify,
.verify_write = xfs_dquot_buf_write_verify,
+ .verify_struct = xfs_dquot_buf_verify_struct,
};
const struct xfs_buf_ops xfs_dquot_buf_ra_ops = {
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index f27edc9..1c316f8 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2586,6 +2586,7 @@ const struct xfs_buf_ops xfs_agi_buf_ops = {
.name = "xfs_agi",
.verify_read = xfs_agi_read_verify,
.verify_write = xfs_agi_write_verify,
+ .verify_struct = xfs_agi_verify,
};
/*
diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c
index 38d6a50..f920ca6 100644
--- a/fs/xfs/libxfs/xfs_ialloc_btree.c
+++ b/fs/xfs/libxfs/xfs_ialloc_btree.c
@@ -327,6 +327,7 @@ const struct xfs_buf_ops xfs_inobt_buf_ops = {
.name = "xfs_inobt",
.verify_read = xfs_inobt_read_verify,
.verify_write = xfs_inobt_write_verify,
+ .verify_struct = xfs_inobt_verify,
};
STATIC int
diff --git a/fs/xfs/libxfs/xfs_refcount_btree.c b/fs/xfs/libxfs/xfs_refcount_btree.c
index 8d6c0fc..a151b4d 100644
--- a/fs/xfs/libxfs/xfs_refcount_btree.c
+++ b/fs/xfs/libxfs/xfs_refcount_btree.c
@@ -288,6 +288,7 @@ const struct xfs_buf_ops xfs_refcountbt_buf_ops = {
.name = "xfs_refcountbt",
.verify_read = xfs_refcountbt_read_verify,
.verify_write = xfs_refcountbt_write_verify,
+ .verify_struct = xfs_refcountbt_verify,
};
STATIC int
diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c
index 4fd77e7..ec7b216 100644
--- a/fs/xfs/libxfs/xfs_rmap_btree.c
+++ b/fs/xfs/libxfs/xfs_rmap_btree.c
@@ -380,6 +380,7 @@ const struct xfs_buf_ops xfs_rmapbt_buf_ops = {
.name = "xfs_rmapbt",
.verify_read = xfs_rmapbt_read_verify,
.verify_write = xfs_rmapbt_write_verify,
+ .verify_struct = xfs_rmapbt_verify,
};
STATIC int
diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
index ef5e754..53732f4 100644
--- a/fs/xfs/libxfs/xfs_symlink_remote.c
+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
@@ -173,6 +173,7 @@ const struct xfs_buf_ops xfs_symlink_buf_ops = {
.name = "xfs_symlink",
.verify_read = xfs_symlink_read_verify,
.verify_write = xfs_symlink_write_verify,
+ .verify_struct = xfs_symlink_verify,
};
void
diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h
index 2072126..094e3e7 100644
--- a/fs/xfs/xfs_buf.h
+++ b/fs/xfs/xfs_buf.h
@@ -139,6 +139,7 @@ struct xfs_buf_ops {
char *name;
void (*verify_read)(struct xfs_buf *);
void (*verify_write)(struct xfs_buf *);
+ void *(*verify_struct)(struct xfs_buf *);
};
typedef struct xfs_buf {
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
` (11 preceding siblings ...)
2017-08-17 23:32 ` [PATCH 12/12] xfs: create a new buf_ops pointer to verify structure metadata Darrick J. Wong
@ 2017-08-18 7:05 ` Christoph Hellwig
2017-08-18 17:06 ` Darrick J. Wong
12 siblings, 1 reply; 34+ messages in thread
From: Christoph Hellwig @ 2017-08-18 7:05 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: linux-xfs
On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> Hi all,
>
> This RFC combines all the random little fixes and improvements to the
> verifiers that we've been talking about for the past month or so into a
> single patch series!
>
> We start by refactoring the long format btree block header verifier into
> a single helper functionn and de-macroing dir block verifiers to make
> them less shouty. Next, we change verifier functions to return the
> approximate instruction pointer of the faulting test so that we can
> report more precise fault information to dmesg/tracepoints.
Just jumping here quickly because I don't have time for a detailed
review:
How good does this instruction pointer thing resolved to the actual
issue? I'm currently watching a customer issue where a write verifier
triggers, and I gave them a patch to add a debug print to every failing
statement, including printing out the mismatch values if it's not
simply a binary comparism. I though about preparing that patch as
well as others for mainline. Here is the one I have at the moment:
---
>From 6c5e2efc6f857228461d439feb3c98be58fb9744 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Sat, 5 Aug 2017 16:34:15 +0200
Subject: xfs: print verbose information on dir leaf verifier failures
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
fs/xfs/libxfs/xfs_dir2_leaf.c | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
index b887fb2a2bcf..4386c68f72c6 100644
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -113,27 +113,37 @@ xfs_dir3_leaf_check_int(
* Should factor in the size of the bests table as well.
* We can deduce a value for that from di_size.
*/
- if (hdr->count > ops->leaf_max_ents(geo))
+ if (hdr->count > ops->leaf_max_ents(geo)) {
+ xfs_warn(mp, "count (%d) above max (%d)\n",
+ hdr->count, ops->leaf_max_ents(geo));
return false;
+ }
/* Leaves and bests don't overlap in leaf format. */
if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
- (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
+ (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp)) {
+ xfs_warn(mp, "ents overlappings bests\n");
return false;
+ }
/* Check hash value order, count stale entries. */
for (i = stale = 0; i < hdr->count; i++) {
if (i + 1 < hdr->count) {
if (be32_to_cpu(ents[i].hashval) >
- be32_to_cpu(ents[i + 1].hashval))
+ be32_to_cpu(ents[i + 1].hashval)) {
+ xfs_warn(mp, "broken hash order\n");
return false;
+ }
}
if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
stale++;
}
- if (hdr->stale != stale)
+ if (hdr->stale != stale) {
+ xfs_warn(mp, "incorrect stalte count (%d, expected %d)\n",
+ hdr->stale, stale);
return false;
+ }
return true;
}
@@ -159,12 +169,21 @@ xfs_dir3_leaf_verify(
magic3 = (magic == XFS_DIR2_LEAF1_MAGIC) ? XFS_DIR3_LEAF1_MAGIC
: XFS_DIR3_LEAFN_MAGIC;
- if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
+ if (leaf3->info.hdr.magic != cpu_to_be16(magic3)) {
+ xfs_warn(mp, "incorrect magic number (0x%hx, expected 0x%hx)\n",
+ leaf3->info.hdr.magic, magic3);
return false;
- if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
+ }
+ if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid)) {
+ xfs_warn(mp, "incorrect uuid, (%pUb, expected %pUb)\n",
+ &leaf3->info.uuid, &mp->m_sb.sb_meta_uuid);
return false;
- if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
+ }
+ if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn) {
+ xfs_warn(mp, "incorrect blkno, (%lld, expected %lld)\n",
+ be64_to_cpu(leaf3->info.blkno), bp->b_bn);
return false;
+ }
if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
return false;
} else {
--
2.11.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-18 7:05 ` [RFC 00/12] xfs: more and better verifiers Christoph Hellwig
@ 2017-08-18 17:06 ` Darrick J. Wong
2017-08-18 18:45 ` Darrick J. Wong
2017-08-21 8:13 ` Christoph Hellwig
0 siblings, 2 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-18 17:06 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-xfs
On Fri, Aug 18, 2017 at 12:05:16AM -0700, Christoph Hellwig wrote:
> On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> > Hi all,
> >
> > This RFC combines all the random little fixes and improvements to the
> > verifiers that we've been talking about for the past month or so into a
> > single patch series!
> >
> > We start by refactoring the long format btree block header verifier into
> > a single helper functionn and de-macroing dir block verifiers to make
> > them less shouty. Next, we change verifier functions to return the
> > approximate instruction pointer of the faulting test so that we can
> > report more precise fault information to dmesg/tracepoints.
>
> Just jumping here quickly because I don't have time for a detailed
> review:
>
> How good does this instruction pointer thing resolved to the actual
> issue?
Ugh, it's terrible once you turn on the optimizer.
if (!xfs_sb_version_hascrc(&mp->m_sb))
return __this_address;
if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
return __this_address;
if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
return __this_address;
if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
return __this_address;
return NULL;
becomes:
if (!xfs_sb_version_hascrc(&mp->m_sb))
goto out;
if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
goto out;
if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
goto out;
if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
goto out;
return NULL;
out:
return __this_address;
...which is totally worthless, unless we want to compile all the verifier
functions with __attribute__((optimize("O0"))), which is bogus.
<sigh> Back to the drawing board on that one.
--D
> I'm currently watching a customer issue where a write verifier
> triggers, and I gave them a patch to add a debug print to every failing
> statement, including printing out the mismatch values if it's not
> simply a binary comparism. I though about preparing that patch as
> well as others for mainline. Here is the one I have at the moment:
>
> ---
> From 6c5e2efc6f857228461d439feb3c98be58fb9744 Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch@lst.de>
> Date: Sat, 5 Aug 2017 16:34:15 +0200
> Subject: xfs: print verbose information on dir leaf verifier failures
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> fs/xfs/libxfs/xfs_dir2_leaf.c | 33 ++++++++++++++++++++++++++-------
> 1 file changed, 26 insertions(+), 7 deletions(-)
>
> diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
> index b887fb2a2bcf..4386c68f72c6 100644
> --- a/fs/xfs/libxfs/xfs_dir2_leaf.c
> +++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
> @@ -113,27 +113,37 @@ xfs_dir3_leaf_check_int(
> * Should factor in the size of the bests table as well.
> * We can deduce a value for that from di_size.
> */
> - if (hdr->count > ops->leaf_max_ents(geo))
> + if (hdr->count > ops->leaf_max_ents(geo)) {
> + xfs_warn(mp, "count (%d) above max (%d)\n",
> + hdr->count, ops->leaf_max_ents(geo));
> return false;
> + }
>
> /* Leaves and bests don't overlap in leaf format. */
> if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
> hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
> - (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
> + (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp)) {
> + xfs_warn(mp, "ents overlappings bests\n");
> return false;
> + }
>
> /* Check hash value order, count stale entries. */
> for (i = stale = 0; i < hdr->count; i++) {
> if (i + 1 < hdr->count) {
> if (be32_to_cpu(ents[i].hashval) >
> - be32_to_cpu(ents[i + 1].hashval))
> + be32_to_cpu(ents[i + 1].hashval)) {
> + xfs_warn(mp, "broken hash order\n");
> return false;
> + }
> }
> if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
> stale++;
> }
> - if (hdr->stale != stale)
> + if (hdr->stale != stale) {
> + xfs_warn(mp, "incorrect stalte count (%d, expected %d)\n",
> + hdr->stale, stale);
> return false;
> + }
> return true;
> }
>
> @@ -159,12 +169,21 @@ xfs_dir3_leaf_verify(
> magic3 = (magic == XFS_DIR2_LEAF1_MAGIC) ? XFS_DIR3_LEAF1_MAGIC
> : XFS_DIR3_LEAFN_MAGIC;
>
> - if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
> + if (leaf3->info.hdr.magic != cpu_to_be16(magic3)) {
> + xfs_warn(mp, "incorrect magic number (0x%hx, expected 0x%hx)\n",
> + leaf3->info.hdr.magic, magic3);
> return false;
> - if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
> + }
> + if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid)) {
> + xfs_warn(mp, "incorrect uuid, (%pUb, expected %pUb)\n",
> + &leaf3->info.uuid, &mp->m_sb.sb_meta_uuid);
> return false;
> - if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
> + }
> + if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn) {
> + xfs_warn(mp, "incorrect blkno, (%lld, expected %lld)\n",
> + be64_to_cpu(leaf3->info.blkno), bp->b_bn);
> return false;
> + }
> if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
> return false;
> } else {
> --
> 2.11.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-18 17:06 ` Darrick J. Wong
@ 2017-08-18 18:45 ` Darrick J. Wong
2017-08-18 18:59 ` Darrick J. Wong
2017-08-19 0:33 ` Dave Chinner
2017-08-21 8:13 ` Christoph Hellwig
1 sibling, 2 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-18 18:45 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-xfs
On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> On Fri, Aug 18, 2017 at 12:05:16AM -0700, Christoph Hellwig wrote:
> > On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> > > Hi all,
> > >
> > > This RFC combines all the random little fixes and improvements to the
> > > verifiers that we've been talking about for the past month or so into a
> > > single patch series!
> > >
> > > We start by refactoring the long format btree block header verifier into
> > > a single helper functionn and de-macroing dir block verifiers to make
> > > them less shouty. Next, we change verifier functions to return the
> > > approximate instruction pointer of the faulting test so that we can
> > > report more precise fault information to dmesg/tracepoints.
> >
> > Just jumping here quickly because I don't have time for a detailed
> > review:
> >
> > How good does this instruction pointer thing resolved to the actual
> > issue?
>
> Ugh, it's terrible once you turn on the optimizer.
>
> if (!xfs_sb_version_hascrc(&mp->m_sb))
> return __this_address;
> if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> return __this_address;
> if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> return __this_address;
> if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> return __this_address;
> return NULL;
>
> becomes:
>
> if (!xfs_sb_version_hascrc(&mp->m_sb))
> goto out;
> if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> goto out;
> if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> goto out;
> if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> goto out;
> return NULL;
> out:
> return __this_address;
>
> ...which is totally worthless, unless we want to compile all the verifier
> functions with __attribute__((optimize("O0"))), which is bogus.
>
> <sigh> Back to the drawing board on that one.
Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
verifier function to the point of imprecise pointer value, but it involves
writing to a volatile int:
/* stupidly prevent gcc from over-optimizing getting the instruction ptr */
extern volatile int xfs_lineno;
#define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
<grumble> Yucky, but it more or less works.
--D
>
> > I'm currently watching a customer issue where a write verifier
> > triggers, and I gave them a patch to add a debug print to every failing
> > statement, including printing out the mismatch values if it's not
> > simply a binary comparism. I though about preparing that patch as
> > well as others for mainline. Here is the one I have at the moment:
> >
> > ---
> > From 6c5e2efc6f857228461d439feb3c98be58fb9744 Mon Sep 17 00:00:00 2001
> > From: Christoph Hellwig <hch@lst.de>
> > Date: Sat, 5 Aug 2017 16:34:15 +0200
> > Subject: xfs: print verbose information on dir leaf verifier failures
> >
> > Signed-off-by: Christoph Hellwig <hch@lst.de>
> > ---
> > fs/xfs/libxfs/xfs_dir2_leaf.c | 33 ++++++++++++++++++++++++++-------
> > 1 file changed, 26 insertions(+), 7 deletions(-)
> >
> > diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
> > index b887fb2a2bcf..4386c68f72c6 100644
> > --- a/fs/xfs/libxfs/xfs_dir2_leaf.c
> > +++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
> > @@ -113,27 +113,37 @@ xfs_dir3_leaf_check_int(
> > * Should factor in the size of the bests table as well.
> > * We can deduce a value for that from di_size.
> > */
> > - if (hdr->count > ops->leaf_max_ents(geo))
> > + if (hdr->count > ops->leaf_max_ents(geo)) {
> > + xfs_warn(mp, "count (%d) above max (%d)\n",
> > + hdr->count, ops->leaf_max_ents(geo));
> > return false;
> > + }
> >
> > /* Leaves and bests don't overlap in leaf format. */
> > if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
> > hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
> > - (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
> > + (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp)) {
> > + xfs_warn(mp, "ents overlappings bests\n");
> > return false;
> > + }
> >
> > /* Check hash value order, count stale entries. */
> > for (i = stale = 0; i < hdr->count; i++) {
> > if (i + 1 < hdr->count) {
> > if (be32_to_cpu(ents[i].hashval) >
> > - be32_to_cpu(ents[i + 1].hashval))
> > + be32_to_cpu(ents[i + 1].hashval)) {
> > + xfs_warn(mp, "broken hash order\n");
> > return false;
> > + }
> > }
> > if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
> > stale++;
> > }
> > - if (hdr->stale != stale)
> > + if (hdr->stale != stale) {
> > + xfs_warn(mp, "incorrect stalte count (%d, expected %d)\n",
> > + hdr->stale, stale);
> > return false;
> > + }
> > return true;
> > }
> >
> > @@ -159,12 +169,21 @@ xfs_dir3_leaf_verify(
> > magic3 = (magic == XFS_DIR2_LEAF1_MAGIC) ? XFS_DIR3_LEAF1_MAGIC
> > : XFS_DIR3_LEAFN_MAGIC;
> >
> > - if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
> > + if (leaf3->info.hdr.magic != cpu_to_be16(magic3)) {
> > + xfs_warn(mp, "incorrect magic number (0x%hx, expected 0x%hx)\n",
> > + leaf3->info.hdr.magic, magic3);
> > return false;
> > - if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
> > + }
> > + if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid)) {
> > + xfs_warn(mp, "incorrect uuid, (%pUb, expected %pUb)\n",
> > + &leaf3->info.uuid, &mp->m_sb.sb_meta_uuid);
> > return false;
> > - if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
> > + }
> > + if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn) {
> > + xfs_warn(mp, "incorrect blkno, (%lld, expected %lld)\n",
> > + be64_to_cpu(leaf3->info.blkno), bp->b_bn);
> > return false;
> > + }
> > if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
> > return false;
> > } else {
> > --
> > 2.11.0
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-18 18:45 ` Darrick J. Wong
@ 2017-08-18 18:59 ` Darrick J. Wong
2017-08-19 0:33 ` Dave Chinner
1 sibling, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-18 18:59 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-xfs
On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > On Fri, Aug 18, 2017 at 12:05:16AM -0700, Christoph Hellwig wrote:
> > > On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> > > > Hi all,
> > > >
> > > > This RFC combines all the random little fixes and improvements to the
> > > > verifiers that we've been talking about for the past month or so into a
> > > > single patch series!
> > > >
> > > > We start by refactoring the long format btree block header verifier into
> > > > a single helper functionn and de-macroing dir block verifiers to make
> > > > them less shouty. Next, we change verifier functions to return the
> > > > approximate instruction pointer of the faulting test so that we can
> > > > report more precise fault information to dmesg/tracepoints.
> > >
> > > Just jumping here quickly because I don't have time for a detailed
> > > review:
> > >
> > > How good does this instruction pointer thing resolved to the actual
> > > issue?
> >
> > Ugh, it's terrible once you turn on the optimizer.
> >
> > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > return __this_address;
> > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > return __this_address;
> > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > return __this_address;
> > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > return __this_address;
> > return NULL;
> >
> > becomes:
> >
> > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > goto out;
> > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > goto out;
> > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > goto out;
> > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > goto out;
> > return NULL;
> > out:
> > return __this_address;
> >
> > ...which is totally worthless, unless we want to compile all the verifier
> > functions with __attribute__((optimize("O0"))), which is bogus.
> >
> > <sigh> Back to the drawing board on that one.
>
> Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> verifier function to the point of imprecise pointer value, but it involves
> writing to a volatile int:
>
> /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> extern volatile int xfs_lineno;
> #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
>
> <grumble> Yucky, but it more or less works.
Demonstration on a filesystem with a corrupt refcountbt root:
# dmesg &
# mount /dev/sdf /opt
XFS (sdf): EXPERIMENTAL reverse mapping btree feature enabled. Use at your own risk!
XFS (sdf): EXPERIMENTAL reflink feature enabled. Use at your own risk!
XFS (sdf): Mounting V5 Filesystem
XFS (sdf): Starting recovery (logdev: internal)
XFS (sdf): Ending recovery (logdev: internal)
XFS (sdf): Metadata corruption detected at xfs_btree_sblock_v5hdr_verify+0x7e/0xc0 [xfs], xfs_refcountbt block 0x230
XFS (sdf): Unmount and run xfs_repair
<snip>
mount: mount /dev/sdf on /opt failed: Structure needs cleaning
# gdb /usr/lib/debug/lib/modules/4.13.0-rc5-xfsx/vmlinux /proc/kcore
<snip>
(gdb) l *(xfs_btree_sblock_v5hdr_verify+0x7e)
0xffffffffa021cc4e is in xfs_btree_sblock_v5hdr_verify (fs/xfs/libxfs/xfs_btree.c:4656).
4651 fs/xfs/libxfs/xfs_btree.c: No such file or directory.
(gdb) quit
# gdb --args xfs_db /dev/sdf
<snip>
(gdb) run
<snip>
xfs_db> agf 0
xfs_db> addr refcntroot
Metadata corruption detected at 0x449d68, xfs_refcountbt block 0x230/0x1000
xfs_db> ^Z
Program received signal SIGTSTP, Stopped (user).
0x00007f3e83045500 in __read_nocancel () at ../sysdeps/unix/syscall-template.S:84
84 ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) l *(0x449d68)
0x449d68 is in xfs_btree_sblock_v5hdr_verify (xfs_btree.c:4656).
4651 xfs_btree.c: No such file or directory.
xfs_btree.c:
4645:void *
4646:xfs_btree_sblock_v5hdr_verify(
4647: struct xfs_buf *bp)
4648:{
4649: struct xfs_mount *mp = bp->b_target->bt_mount;
4650: struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
4651: struct xfs_perag *pag = bp->b_pag;
4652:
4653: if (!xfs_sb_version_hascrc(&mp->m_sb))
4654: return __this_address;
4655: if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
4656: return __this_address;
4657: if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
4658: return __this_address;
4659: if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
4660: return __this_address;
4661: return NULL;
4662: }
So assuming that the volatile int stuff isn't too horrifyingly gross, it
actually /does/ allow us to pinpoint exactly which test tripped the
verifier.
--D
>
> --D
>
> >
> > > I'm currently watching a customer issue where a write verifier
> > > triggers, and I gave them a patch to add a debug print to every failing
> > > statement, including printing out the mismatch values if it's not
> > > simply a binary comparism. I though about preparing that patch as
> > > well as others for mainline. Here is the one I have at the moment:
> > >
> > > ---
> > > From 6c5e2efc6f857228461d439feb3c98be58fb9744 Mon Sep 17 00:00:00 2001
> > > From: Christoph Hellwig <hch@lst.de>
> > > Date: Sat, 5 Aug 2017 16:34:15 +0200
> > > Subject: xfs: print verbose information on dir leaf verifier failures
> > >
> > > Signed-off-by: Christoph Hellwig <hch@lst.de>
> > > ---
> > > fs/xfs/libxfs/xfs_dir2_leaf.c | 33 ++++++++++++++++++++++++++-------
> > > 1 file changed, 26 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
> > > index b887fb2a2bcf..4386c68f72c6 100644
> > > --- a/fs/xfs/libxfs/xfs_dir2_leaf.c
> > > +++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
> > > @@ -113,27 +113,37 @@ xfs_dir3_leaf_check_int(
> > > * Should factor in the size of the bests table as well.
> > > * We can deduce a value for that from di_size.
> > > */
> > > - if (hdr->count > ops->leaf_max_ents(geo))
> > > + if (hdr->count > ops->leaf_max_ents(geo)) {
> > > + xfs_warn(mp, "count (%d) above max (%d)\n",
> > > + hdr->count, ops->leaf_max_ents(geo));
> > > return false;
> > > + }
> > >
> > > /* Leaves and bests don't overlap in leaf format. */
> > > if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
> > > hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
> > > - (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
> > > + (char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp)) {
> > > + xfs_warn(mp, "ents overlappings bests\n");
> > > return false;
> > > + }
> > >
> > > /* Check hash value order, count stale entries. */
> > > for (i = stale = 0; i < hdr->count; i++) {
> > > if (i + 1 < hdr->count) {
> > > if (be32_to_cpu(ents[i].hashval) >
> > > - be32_to_cpu(ents[i + 1].hashval))
> > > + be32_to_cpu(ents[i + 1].hashval)) {
> > > + xfs_warn(mp, "broken hash order\n");
> > > return false;
> > > + }
> > > }
> > > if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
> > > stale++;
> > > }
> > > - if (hdr->stale != stale)
> > > + if (hdr->stale != stale) {
> > > + xfs_warn(mp, "incorrect stalte count (%d, expected %d)\n",
> > > + hdr->stale, stale);
> > > return false;
> > > + }
> > > return true;
> > > }
> > >
> > > @@ -159,12 +169,21 @@ xfs_dir3_leaf_verify(
> > > magic3 = (magic == XFS_DIR2_LEAF1_MAGIC) ? XFS_DIR3_LEAF1_MAGIC
> > > : XFS_DIR3_LEAFN_MAGIC;
> > >
> > > - if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
> > > + if (leaf3->info.hdr.magic != cpu_to_be16(magic3)) {
> > > + xfs_warn(mp, "incorrect magic number (0x%hx, expected 0x%hx)\n",
> > > + leaf3->info.hdr.magic, magic3);
> > > return false;
> > > - if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
> > > + }
> > > + if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid)) {
> > > + xfs_warn(mp, "incorrect uuid, (%pUb, expected %pUb)\n",
> > > + &leaf3->info.uuid, &mp->m_sb.sb_meta_uuid);
> > > return false;
> > > - if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
> > > + }
> > > + if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn) {
> > > + xfs_warn(mp, "incorrect blkno, (%lld, expected %lld)\n",
> > > + be64_to_cpu(leaf3->info.blkno), bp->b_bn);
> > > return false;
> > > + }
> > > if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
> > > return false;
> > > } else {
> > > --
> > > 2.11.0
> > >
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-18 18:45 ` Darrick J. Wong
2017-08-18 18:59 ` Darrick J. Wong
@ 2017-08-19 0:33 ` Dave Chinner
2017-08-19 0:58 ` Darrick J. Wong
1 sibling, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-19 0:33 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > On Fri, Aug 18, 2017 at 12:05:16AM -0700, Christoph Hellwig wrote:
> > > On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> > > > Hi all,
> > > >
> > > > This RFC combines all the random little fixes and improvements to the
> > > > verifiers that we've been talking about for the past month or so into a
> > > > single patch series!
> > > >
> > > > We start by refactoring the long format btree block header verifier into
> > > > a single helper functionn and de-macroing dir block verifiers to make
> > > > them less shouty. Next, we change verifier functions to return the
> > > > approximate instruction pointer of the faulting test so that we can
> > > > report more precise fault information to dmesg/tracepoints.
> > >
> > > Just jumping here quickly because I don't have time for a detailed
> > > review:
> > >
> > > How good does this instruction pointer thing resolved to the actual
> > > issue?
> >
> > Ugh, it's terrible once you turn on the optimizer.
> >
> > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > return __this_address;
> > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > return __this_address;
> > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > return __this_address;
> > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > return __this_address;
> > return NULL;
> >
> > becomes:
> >
> > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > goto out;
> > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > goto out;
> > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > goto out;
> > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > goto out;
> > return NULL;
> > out:
> > return __this_address;
> >
> > ...which is totally worthless, unless we want to compile all the verifier
> > functions with __attribute__((optimize("O0"))), which is bogus.
> >
> > <sigh> Back to the drawing board on that one.
>
> Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> verifier function to the point of imprecise pointer value, but it involves
> writing to a volatile int:
>
> /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> extern volatile int xfs_lineno;
> #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
>
> <grumble> Yucky, but it more or less works.
Can you declare the label as volatile, like you can an asm
statement to prevent the compiler from optimising out asm
statements?
Even so, given the yuckiness is very isolated and should only affect
the slow path code, I can live with this.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-19 0:33 ` Dave Chinner
@ 2017-08-19 0:58 ` Darrick J. Wong
2017-08-19 1:12 ` Dave Chinner
0 siblings, 1 reply; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-19 0:58 UTC (permalink / raw)
To: Dave Chinner; +Cc: Christoph Hellwig, linux-xfs
On Sat, Aug 19, 2017 at 10:33:00AM +1000, Dave Chinner wrote:
> On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> > On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > > On Fri, Aug 18, 2017 at 12:05:16AM -0700, Christoph Hellwig wrote:
> > > > On Thu, Aug 17, 2017 at 04:31:29PM -0700, Darrick J. Wong wrote:
> > > > > Hi all,
> > > > >
> > > > > This RFC combines all the random little fixes and improvements to the
> > > > > verifiers that we've been talking about for the past month or so into a
> > > > > single patch series!
> > > > >
> > > > > We start by refactoring the long format btree block header verifier into
> > > > > a single helper functionn and de-macroing dir block verifiers to make
> > > > > them less shouty. Next, we change verifier functions to return the
> > > > > approximate instruction pointer of the faulting test so that we can
> > > > > report more precise fault information to dmesg/tracepoints.
> > > >
> > > > Just jumping here quickly because I don't have time for a detailed
> > > > review:
> > > >
> > > > How good does this instruction pointer thing resolved to the actual
> > > > issue?
> > >
> > > Ugh, it's terrible once you turn on the optimizer.
> > >
> > > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > > return __this_address;
> > > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > > return __this_address;
> > > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > > return __this_address;
> > > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > > return __this_address;
> > > return NULL;
> > >
> > > becomes:
> > >
> > > if (!xfs_sb_version_hascrc(&mp->m_sb))
> > > goto out;
> > > if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
> > > goto out;
> > > if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
> > > goto out;
> > > if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
> > > goto out;
> > > return NULL;
> > > out:
> > > return __this_address;
> > >
> > > ...which is totally worthless, unless we want to compile all the verifier
> > > functions with __attribute__((optimize("O0"))), which is bogus.
> > >
> > > <sigh> Back to the drawing board on that one.
> >
> > Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> > verifier function to the point of imprecise pointer value, but it involves
> > writing to a volatile int:
> >
> > /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> > extern volatile int xfs_lineno;
> > #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
> >
> > <grumble> Yucky, but it more or less works.
>
> Can you declare the label as volatile, like you can an asm
> statement to prevent the compiler from optimising out asm
> statements?
>
> Even so, given the yuckiness is very isolated and should only affect
> the slow path code, I can live with this.
Hmmm. I can't declare the label as volatile, but I /can/ inject
asm volatile("") and that seems to prevent gcc from moving code hunks
around:
#define __this_address ({ __label__ __here; __here: asm volatile(""); &&__here; })
--D
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@fromorbit.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-19 0:58 ` Darrick J. Wong
@ 2017-08-19 1:12 ` Dave Chinner
2017-08-19 1:17 ` Darrick J. Wong
0 siblings, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-19 1:12 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On Fri, Aug 18, 2017 at 05:58:16PM -0700, Darrick J. Wong wrote:
> On Sat, Aug 19, 2017 at 10:33:00AM +1000, Dave Chinner wrote:
> > On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> > > On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > > > ...which is totally worthless, unless we want to compile all the verifier
> > > > functions with __attribute__((optimize("O0"))), which is bogus.
> > > >
> > > > <sigh> Back to the drawing board on that one.
> > >
> > > Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> > > verifier function to the point of imprecise pointer value, but it involves
> > > writing to a volatile int:
> > >
> > > /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> > > extern volatile int xfs_lineno;
> > > #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
> > >
> > > <grumble> Yucky, but it more or less works.
> >
> > Can you declare the label as volatile, like you can an asm
> > statement to prevent the compiler from optimising out asm
> > statements?
> >
> > Even so, given the yuckiness is very isolated and should only affect
> > the slow path code, I can live with this.
>
> Hmmm. I can't declare the label as volatile, but I /can/ inject
> asm volatile("") and that seems to prevent gcc from moving code hunks
> around:
>
> #define __this_address ({ __label__ __here; __here: asm volatile(""); &&__here; })
That seems cleaner to me, and I /think/ the gcc manual says it won't
remove such statements, but it also says:
Under certain circumstances, GCC may duplicate (or remove duplicates
of) your assembly code when optimizing.
So I have no real idea whether this is going to be robust or not.
I'm not a gcc/asm expert at all (that stuff is mostly black magic
to me).
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-19 1:12 ` Dave Chinner
@ 2017-08-19 1:17 ` Darrick J. Wong
2017-08-19 23:20 ` Dave Chinner
0 siblings, 1 reply; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-19 1:17 UTC (permalink / raw)
To: Dave Chinner; +Cc: Christoph Hellwig, linux-xfs
On Sat, Aug 19, 2017 at 11:12:46AM +1000, Dave Chinner wrote:
> On Fri, Aug 18, 2017 at 05:58:16PM -0700, Darrick J. Wong wrote:
> > On Sat, Aug 19, 2017 at 10:33:00AM +1000, Dave Chinner wrote:
> > > On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> > > > On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > > > > ...which is totally worthless, unless we want to compile all the verifier
> > > > > functions with __attribute__((optimize("O0"))), which is bogus.
> > > > >
> > > > > <sigh> Back to the drawing board on that one.
> > > >
> > > > Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> > > > verifier function to the point of imprecise pointer value, but it involves
> > > > writing to a volatile int:
> > > >
> > > > /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> > > > extern volatile int xfs_lineno;
> > > > #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
> > > >
> > > > <grumble> Yucky, but it more or less works.
> > >
> > > Can you declare the label as volatile, like you can an asm
> > > statement to prevent the compiler from optimising out asm
> > > statements?
> > >
> > > Even so, given the yuckiness is very isolated and should only affect
> > > the slow path code, I can live with this.
> >
> > Hmmm. I can't declare the label as volatile, but I /can/ inject
> > asm volatile("") and that seems to prevent gcc from moving code hunks
> > around:
> >
> > #define __this_address ({ __label__ __here; __here: asm volatile(""); &&__here; })
>
> That seems cleaner to me, and I /think/ the gcc manual says it won't
> remove such statements, but it also says:
>
> Under certain circumstances, GCC may duplicate (or remove duplicates
> of) your assembly code when optimizing.
>
> So I have no real idea whether this is going to be robust or not.
> I'm not a gcc/asm expert at all (that stuff is mostly black magic
> to me).
Same here. I figure if we start getting complaints about totally wacko
function pointers in the dmesg/xfsrepair output, we can put the
set-a-volatile-int cobwebs back in.
--D
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@fromorbit.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* [PATCH v2 03/12] xfs: have buffer verifier functions report failing address
2017-08-17 23:31 ` [PATCH 03/12] xfs: have buffer verifier functions report failing address Darrick J. Wong
@ 2017-08-19 2:19 ` Darrick J. Wong
0 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-19 2:19 UTC (permalink / raw)
To: linux-xfs
From: Darrick J. Wong <darrick.wong@oracle.com>
Modify each function that checks the contents of a metadata buffer to
return the instruction address of the failing test so that we can report
more precise failure errors to the log.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_alloc.c | 43 ++++++++++++-----------
fs/xfs/libxfs/xfs_alloc_btree.c | 25 +++++++-------
fs/xfs/libxfs/xfs_attr_leaf.c | 20 +++++------
fs/xfs/libxfs/xfs_attr_remote.c | 36 ++++++++++----------
fs/xfs/libxfs/xfs_bmap_btree.c | 16 +++++----
fs/xfs/libxfs/xfs_btree.c | 46 +++++++++++++------------
fs/xfs/libxfs/xfs_btree.h | 8 ++--
fs/xfs/libxfs/xfs_da_btree.c | 26 +++++++-------
fs/xfs/libxfs/xfs_dir2_block.c | 16 ++++-----
fs/xfs/libxfs/xfs_dir2_data.c | 66 ++++++++++++++++++------------------
fs/xfs/libxfs/xfs_dir2_leaf.c | 30 ++++++++--------
fs/xfs/libxfs/xfs_dir2_node.c | 36 ++++++++++----------
fs/xfs/libxfs/xfs_dir2_priv.h | 6 ++-
fs/xfs/libxfs/xfs_ialloc.c | 22 ++++++------
fs/xfs/libxfs/xfs_ialloc_btree.c | 15 ++++----
fs/xfs/libxfs/xfs_inode_buf.c | 30 ++++++++--------
fs/xfs/libxfs/xfs_inode_buf.h | 4 +-
fs/xfs/libxfs/xfs_refcount_btree.c | 19 +++++-----
fs/xfs/libxfs/xfs_rmap_btree.c | 19 +++++-----
fs/xfs/libxfs/xfs_symlink_remote.c | 22 ++++++------
fs/xfs/xfs_linux.h | 7 ++++
21 files changed, 263 insertions(+), 249 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
index 90eb282..986456b 100644
--- a/fs/xfs/libxfs/xfs_alloc.c
+++ b/fs/xfs/libxfs/xfs_alloc.c
@@ -519,7 +519,7 @@ xfs_alloc_fixup_trees(
return 0;
}
-static bool
+static void *
xfs_agfl_verify(
struct xfs_buf *bp)
{
@@ -528,9 +528,9 @@ xfs_agfl_verify(
int i;
if (!uuid_equal(&agfl->agfl_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be32_to_cpu(agfl->agfl_magicnum) != XFS_AGFL_MAGIC)
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
* so we can't use it for any useful checking. growfs ensures we can't
@@ -538,16 +538,17 @@ xfs_agfl_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agfl->agfl_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
for (i = 0; i < XFS_AGFL_SIZE(mp); i++) {
if (be32_to_cpu(agfl->agfl_bno[i]) != NULLAGBLOCK &&
be32_to_cpu(agfl->agfl_bno[i]) >= mp->m_sb.sb_agblocks)
- return false;
+ return __this_address;
}
- return xfs_log_check_lsn(mp,
- be64_to_cpu(XFS_BUF_TO_AGFL(bp)->agfl_lsn));
+ if (!xfs_log_check_lsn(mp, be64_to_cpu(XFS_BUF_TO_AGFL(bp)->agfl_lsn)))
+ return __this_address;
+ return NULL;
}
static void
@@ -567,7 +568,7 @@ xfs_agfl_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_AGFL_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_agfl_verify(bp))
+ else if (xfs_agfl_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -585,7 +586,7 @@ xfs_agfl_write_verify(
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (!xfs_agfl_verify(bp)) {
+ if (xfs_agfl_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -2388,7 +2389,7 @@ xfs_alloc_put_freelist(
return 0;
}
-static bool
+static void *
xfs_agf_verify(
struct xfs_mount *mp,
struct xfs_buf *bp)
@@ -2397,10 +2398,10 @@ xfs_agf_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!uuid_equal(&agf->agf_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp,
be64_to_cpu(XFS_BUF_TO_AGF(bp)->agf_lsn)))
- return false;
+ return __this_address;
}
if (!(agf->agf_magicnum == cpu_to_be32(XFS_AGF_MAGIC) &&
@@ -2409,18 +2410,18 @@ xfs_agf_verify(
be32_to_cpu(agf->agf_flfirst) < XFS_AGFL_SIZE(mp) &&
be32_to_cpu(agf->agf_fllast) < XFS_AGFL_SIZE(mp) &&
be32_to_cpu(agf->agf_flcount) <= XFS_AGFL_SIZE(mp)))
- return false;
+ return __this_address;
if (be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]) > XFS_BTREE_MAXLEVELS ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]) > XFS_BTREE_MAXLEVELS)
- return false;
+ return __this_address;
if (xfs_sb_version_hasrmapbt(&mp->m_sb) &&
(be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) < 1 ||
be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
@@ -2429,18 +2430,18 @@ xfs_agf_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agf->agf_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
if (xfs_sb_version_haslazysbcount(&mp->m_sb) &&
be32_to_cpu(agf->agf_btreeblks) > be32_to_cpu(agf->agf_length))
- return false;
+ return __this_address;
if (xfs_sb_version_hasreflink(&mp->m_sb) &&
(be32_to_cpu(agf->agf_refcount_level) < 1 ||
be32_to_cpu(agf->agf_refcount_level) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
- return true;;
+ return NULL;
}
@@ -2453,7 +2454,7 @@ xfs_agf_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(!xfs_agf_verify(mp, bp), mp,
+ else if (XFS_TEST_ERROR(xfs_agf_verify(mp, bp), mp,
XFS_ERRTAG_ALLOC_READ_AGF))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
@@ -2468,7 +2469,7 @@ xfs_agf_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
- if (!xfs_agf_verify(mp, bp)) {
+ if (xfs_agf_verify(mp, bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_alloc_btree.c b/fs/xfs/libxfs/xfs_alloc_btree.c
index 89346e6..81e3bbc 100644
--- a/fs/xfs/libxfs/xfs_alloc_btree.c
+++ b/fs/xfs/libxfs/xfs_alloc_btree.c
@@ -307,13 +307,14 @@ xfs_cntbt_diff_two_keys(
be32_to_cpu(k2->alloc.ar_startblock);
}
-static bool
+static void *
xfs_allocbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
/*
@@ -331,29 +332,29 @@ xfs_allocbt_verify(
level = be16_to_cpu(block->bb_level);
switch (block->bb_magic) {
case cpu_to_be32(XFS_ABTB_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_ABTB_MAGIC):
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_BNOi])
- return false;
+ return __this_address;
} else if (level >= mp->m_ag_maxlevels)
- return false;
+ return __this_address;
break;
case cpu_to_be32(XFS_ABTC_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_ABTC_MAGIC):
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_CNTi])
- return false;
+ return __this_address;
} else if (level >= mp->m_ag_maxlevels)
- return false;
+ return __this_address;
break;
default:
- return false;
+ return __this_address;
}
return xfs_btree_sblock_verify(bp, mp->m_alloc_mxr[level != 0]);
@@ -365,7 +366,7 @@ xfs_allocbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_allocbt_verify(bp))
+ else if (xfs_allocbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -378,7 +379,7 @@ static void
xfs_allocbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_allocbt_verify(bp)) {
+ if (xfs_allocbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index c6c15e5..0a7cd48 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -247,7 +247,7 @@ xfs_attr3_leaf_hdr_to_disk(
}
}
-static bool
+static void *
xfs_attr3_leaf_verify(
struct xfs_buf *bp)
{
@@ -262,17 +262,17 @@ xfs_attr3_leaf_verify(
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
if (ichdr.magic != XFS_ATTR3_LEAF_MAGIC)
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (ichdr.magic != XFS_ATTR_LEAF_MAGIC)
- return false;
+ return __this_address;
}
/*
* In recovery there is a transient state where count == 0 is valid
@@ -280,12 +280,12 @@ xfs_attr3_leaf_verify(
* if the attr didn't fit in shortform.
*/
if (pag && pag->pagf_init && ichdr.count == 0)
- return false;
+ return __this_address;
/* XXX: need to range check rest of attr header values */
/* XXX: hash order check? */
- return true;
+ return NULL;
}
static void
@@ -296,7 +296,7 @@ xfs_attr3_leaf_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_attr3_leaf_hdr *hdr3 = bp->b_addr;
- if (!xfs_attr3_leaf_verify(bp)) {
+ if (xfs_attr3_leaf_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -326,7 +326,7 @@ xfs_attr3_leaf_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_ATTR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_attr3_leaf_verify(bp))
+ else if (xfs_attr3_leaf_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index 5236d8e..20d56bf 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -65,7 +65,7 @@ xfs_attr3_rmt_blocks(
* does CRC, location and bounds checking, the unpacking function checks the
* attribute parameters and owner.
*/
-static bool
+static void *
xfs_attr3_rmt_hdr_ok(
void *ptr,
xfs_ino_t ino,
@@ -76,19 +76,19 @@ xfs_attr3_rmt_hdr_ok(
struct xfs_attr3_rmt_hdr *rmt = ptr;
if (bno != be64_to_cpu(rmt->rm_blkno))
- return false;
+ return __this_address;
if (offset != be32_to_cpu(rmt->rm_offset))
- return false;
+ return __this_address;
if (size != be32_to_cpu(rmt->rm_bytes))
- return false;
+ return __this_address;
if (ino != be64_to_cpu(rmt->rm_owner))
- return false;
+ return __this_address;
/* ok */
- return true;
+ return NULL;
}
-static bool
+static void *
xfs_attr3_rmt_verify(
struct xfs_mount *mp,
void *ptr,
@@ -98,22 +98,22 @@ xfs_attr3_rmt_verify(
struct xfs_attr3_rmt_hdr *rmt = ptr;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (rmt->rm_magic != cpu_to_be32(XFS_ATTR3_RMT_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(rmt->rm_blkno) != bno)
- return false;
+ return __this_address;
if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
- return false;
+ return __this_address;
if (be32_to_cpu(rmt->rm_offset) +
be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
- return false;
+ return __this_address;
if (rmt->rm_owner == 0)
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
static void
@@ -140,7 +140,7 @@ xfs_attr3_rmt_read_verify(
xfs_buf_ioerror(bp, -EFSBADCRC);
break;
}
- if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
@@ -177,7 +177,7 @@ xfs_attr3_rmt_write_verify(
while (len > 0) {
struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
- if (!xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
+ if (xfs_attr3_rmt_verify(mp, ptr, blksize, bno)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -269,7 +269,7 @@ xfs_attr_rmtval_copyout(
byte_cnt = min(*valuelen, byte_cnt);
if (xfs_sb_version_hascrc(&mp->m_sb)) {
- if (!xfs_attr3_rmt_hdr_ok(src, ino, *offset,
+ if (xfs_attr3_rmt_hdr_ok(src, ino, *offset,
byte_cnt, bno)) {
xfs_alert(mp,
"remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
index 99bdf08..875e4fe 100644
--- a/fs/xfs/libxfs/xfs_bmap_btree.c
+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
@@ -617,12 +617,13 @@ xfs_bmbt_diff_two_keys(
be64_to_cpu(k2->bmbt.br_startoff);
}
-static bool
+static void *
xfs_bmbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+ void *failed_at;
unsigned int level;
switch (block->bb_magic) {
@@ -631,13 +632,14 @@ xfs_bmbt_verify(
* XXX: need a better way of verifying the owner here. Right now
* just make sure there has been one set.
*/
- if (!xfs_btree_lblock_v5hdr_verify(bp, XFS_RMAP_OWN_UNKNOWN))
- return false;
+ if ((failed_at = xfs_btree_lblock_v5hdr_verify(bp,
+ XFS_RMAP_OWN_UNKNOWN)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_BMAP_MAGIC):
break;
default:
- return false;
+ return __this_address;
}
/*
@@ -649,7 +651,7 @@ xfs_bmbt_verify(
*/
level = be16_to_cpu(block->bb_level);
if (level > max(mp->m_bm_maxlevels[0], mp->m_bm_maxlevels[1]))
- return false;
+ return __this_address;
return xfs_btree_lblock_verify(bp, mp->m_bmap_dmxr[level != 0]);
}
@@ -660,7 +662,7 @@ xfs_bmbt_read_verify(
{
if (!xfs_btree_lblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_bmbt_verify(bp))
+ else if (xfs_bmbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -673,7 +675,7 @@ static void
xfs_bmbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_bmbt_verify(bp)) {
+ if (xfs_bmbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
index 0ba9edb..277e2fc 100644
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -302,7 +302,7 @@ xfs_btree_sblock_verify_crc(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!xfs_log_check_lsn(mp, be64_to_cpu(block->bb_u.s.bb_lsn)))
- return false;
+ return __this_address;
return xfs_buf_verify_cksum(bp, XFS_BTREE_SBLOCK_CRC_OFF);
}
@@ -4494,7 +4494,7 @@ xfs_btree_change_owner(
}
/* Verify the v5 fields of a long-format btree block. */
-bool
+void *
xfs_btree_lblock_v5hdr_verify(
struct xfs_buf *bp,
uint64_t owner)
@@ -4503,19 +4503,19 @@ xfs_btree_lblock_v5hdr_verify(
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!uuid_equal(&block->bb_u.l.bb_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (block->bb_u.l.bb_blkno != cpu_to_be64(bp->b_bn))
- return false;
+ return __this_address;
if (owner != XFS_RMAP_OWN_UNKNOWN &&
be64_to_cpu(block->bb_u.l.bb_owner) != owner)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/* Verify a long-format btree block. */
-bool
+void *
xfs_btree_lblock_verify(
struct xfs_buf *bp,
unsigned int max_recs)
@@ -4525,19 +4525,19 @@ xfs_btree_lblock_verify(
/* numrecs verification */
if (be16_to_cpu(block->bb_numrecs) > max_recs)
- return false;
+ return __this_address;
/* sibling pointer verification */
if (!block->bb_u.l.bb_leftsib ||
(block->bb_u.l.bb_leftsib != cpu_to_be64(NULLFSBLOCK) &&
!XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_leftsib))))
- return false;
+ return __this_address;
if (!block->bb_u.l.bb_rightsib ||
(block->bb_u.l.bb_rightsib != cpu_to_be64(NULLFSBLOCK) &&
!XFS_FSB_SANITY_CHECK(mp, be64_to_cpu(block->bb_u.l.bb_rightsib))))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
/**
@@ -4548,7 +4548,7 @@ xfs_btree_lblock_verify(
* @max_recs: pointer to the m_*_mxr max records field in the xfs mount
* @pag_max_level: pointer to the per-ag max level field
*/
-bool
+void *
xfs_btree_sblock_v5hdr_verify(
struct xfs_buf *bp)
{
@@ -4557,14 +4557,14 @@ xfs_btree_sblock_v5hdr_verify(
struct xfs_perag *pag = bp->b_pag;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!uuid_equal(&block->bb_u.s.bb_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (block->bb_u.s.bb_blkno != cpu_to_be64(bp->b_bn))
- return false;
+ return __this_address;
if (pag && be32_to_cpu(block->bb_u.s.bb_owner) != pag->pag_agno)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/**
@@ -4573,7 +4573,7 @@ xfs_btree_sblock_v5hdr_verify(
* @bp: buffer containing the btree block
* @max_recs: maximum records allowed in this btree node
*/
-bool
+void *
xfs_btree_sblock_verify(
struct xfs_buf *bp,
unsigned int max_recs)
@@ -4583,19 +4583,19 @@ xfs_btree_sblock_verify(
/* numrecs verification */
if (be16_to_cpu(block->bb_numrecs) > max_recs)
- return false;
+ return __this_address;
/* sibling pointer verification */
if (!block->bb_u.s.bb_leftsib ||
(be32_to_cpu(block->bb_u.s.bb_leftsib) >= mp->m_sb.sb_agblocks &&
block->bb_u.s.bb_leftsib != cpu_to_be32(NULLAGBLOCK)))
- return false;
+ return __this_address;
if (!block->bb_u.s.bb_rightsib ||
(be32_to_cpu(block->bb_u.s.bb_rightsib) >= mp->m_sb.sb_agblocks &&
block->bb_u.s.bb_rightsib != cpu_to_be32(NULLAGBLOCK)))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
/*
diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h
index 0b5813e..a83ae23 100644
--- a/fs/xfs/libxfs/xfs_btree.h
+++ b/fs/xfs/libxfs/xfs_btree.h
@@ -478,10 +478,10 @@ static inline int xfs_btree_get_level(struct xfs_btree_block *block)
#define XFS_BTREE_TRACE_ARGR(c, r)
#define XFS_BTREE_TRACE_CURSOR(c, t)
-bool xfs_btree_sblock_v5hdr_verify(struct xfs_buf *bp);
-bool xfs_btree_sblock_verify(struct xfs_buf *bp, unsigned int max_recs);
-bool xfs_btree_lblock_v5hdr_verify(struct xfs_buf *bp, uint64_t owner);
-bool xfs_btree_lblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+void *xfs_btree_sblock_v5hdr_verify(struct xfs_buf *bp);
+void *xfs_btree_sblock_verify(struct xfs_buf *bp, unsigned int max_recs);
+void *xfs_btree_lblock_v5hdr_verify(struct xfs_buf *bp, uint64_t owner);
+void *xfs_btree_lblock_verify(struct xfs_buf *bp, unsigned int max_recs);
uint xfs_btree_compute_maxlevels(struct xfs_mount *mp, uint *limits,
unsigned long len);
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index 6d43358..2ce0fee 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -128,7 +128,7 @@ xfs_da_state_free(xfs_da_state_t *state)
kmem_zone_free(xfs_da_state_zone, state);
}
-static bool
+static void *
xfs_da3_node_verify(
struct xfs_buf *bp)
{
@@ -145,24 +145,24 @@ xfs_da3_node_verify(
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
if (ichdr.magic != XFS_DA3_NODE_MAGIC)
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (ichdr.magic != XFS_DA_NODE_MAGIC)
- return false;
+ return __this_address;
}
if (ichdr.level == 0)
- return false;
+ return __this_address;
if (ichdr.level > XFS_DA_NODE_MAXDEPTH)
- return false;
+ return __this_address;
if (ichdr.count == 0)
- return false;
+ return __this_address;
/*
* we don't know if the node is for and attribute or directory tree,
@@ -170,11 +170,11 @@ xfs_da3_node_verify(
*/
if (ichdr.count > mp->m_dir_geo->node_ents &&
ichdr.count > mp->m_attr_geo->node_ents)
- return false;
+ return __this_address;
/* XXX: hash order check? */
- return true;
+ return NULL;
}
static void
@@ -185,7 +185,7 @@ xfs_da3_node_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_da3_node_hdr *hdr3 = bp->b_addr;
- if (!xfs_da3_node_verify(bp)) {
+ if (xfs_da3_node_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -220,7 +220,7 @@ xfs_da3_node_read_verify(
}
/* fall through */
case XFS_DA_NODE_MAGIC:
- if (!xfs_da3_node_verify(bp)) {
+ if (xfs_da3_node_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
break;
}
diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
index e427249..480a180 100644
--- a/fs/xfs/libxfs/xfs_dir2_block.c
+++ b/fs/xfs/libxfs/xfs_dir2_block.c
@@ -58,7 +58,7 @@ xfs_dir_startup(void)
xfs_dir_hash_dotdot = xfs_da_hashname((unsigned char *)"..", 2);
}
-static bool
+static void *
xfs_dir3_block_verify(
struct xfs_buf *bp)
{
@@ -67,16 +67,16 @@ xfs_dir3_block_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (hdr3->magic != cpu_to_be32(XFS_DIR3_BLOCK_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr3->magic != cpu_to_be32(XFS_DIR2_BLOCK_MAGIC))
- return false;
+ return __this_address;
}
return __xfs_dir3_data_check(NULL, bp);
}
@@ -90,7 +90,7 @@ xfs_dir3_block_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_block_verify(bp))
+ else if (xfs_dir3_block_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -105,7 +105,7 @@ xfs_dir3_block_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_block_verify(bp)) {
+ if (xfs_dir3_block_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
index af15f705..b2375bf 100644
--- a/fs/xfs/libxfs/xfs_dir2_data.c
+++ b/fs/xfs/libxfs/xfs_dir2_data.c
@@ -36,9 +36,9 @@
/*
* Check the consistency of the data block.
* The input can also be a block-format directory.
- * Return true if the buffer is good.
+ * Return NULL if the buffer is good, otherwise the address of the error.
*/
-bool
+void *
__xfs_dir3_data_check(
struct xfs_inode *dp, /* incore inode pointer */
struct xfs_buf *bp) /* data block's buffer */
@@ -92,14 +92,14 @@ __xfs_dir3_data_check(
*/
if (be32_to_cpu(btp->count) >=
((char *)btp - p) / sizeof(struct xfs_dir2_leaf_entry))
- return false;
+ return __this_address;
break;
case cpu_to_be32(XFS_DIR3_DATA_MAGIC):
case cpu_to_be32(XFS_DIR2_DATA_MAGIC):
endp = (char *)hdr + geo->blksize;
break;
default:
- return false;
+ return __this_address;
}
/*
@@ -109,24 +109,24 @@ __xfs_dir3_data_check(
count = lastfree = freeseen = 0;
if (!bf[0].length) {
if (bf[0].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 0;
}
if (!bf[1].length) {
if (bf[1].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 1;
}
if (!bf[2].length) {
if (bf[2].offset)
- return false;
+ return __this_address;
freeseen |= 1 << 2;
}
if (be16_to_cpu(bf[0].length) < be16_to_cpu(bf[1].length))
- return false;
+ return __this_address;
if (be16_to_cpu(bf[1].length) < be16_to_cpu(bf[2].length))
- return false;
+ return __this_address;
/*
* Loop over the data/unused entries.
*/
@@ -139,22 +139,22 @@ __xfs_dir3_data_check(
*/
if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
if (lastfree != 0)
- return false;
+ return __this_address;
if (endp < p + be16_to_cpu(dup->length))
- return false;
+ return __this_address;
if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
(char *)dup - (char *)hdr)
- return false;
+ return __this_address;
dfp = xfs_dir2_data_freefind(hdr, bf, dup);
if (dfp) {
i = (int)(dfp - bf);
if ((freeseen & (1 << i)) != 0)
- return false;
+ return __this_address;
freeseen |= 1 << i;
} else {
if (be16_to_cpu(dup->length) >
be16_to_cpu(bf[2].length))
- return false;
+ return __this_address;
}
p += be16_to_cpu(dup->length);
lastfree = 1;
@@ -168,16 +168,16 @@ __xfs_dir3_data_check(
*/
dep = (xfs_dir2_data_entry_t *)p;
if (dep->namelen == 0)
- return false;
+ return __this_address;
if (xfs_dir_ino_validate(mp, be64_to_cpu(dep->inumber)))
- return false;
+ return __this_address;
if (endp < p + ops->data_entsize(dep->namelen))
- return false;
+ return __this_address;
if (be16_to_cpu(*ops->data_entry_tag_p(dep)) !=
(char *)dep - (char *)hdr)
- return false;
+ return __this_address;
if (ops->data_get_ftype(dep) >= XFS_DIR3_FT_MAX)
- return false;
+ return __this_address;
count++;
lastfree = 0;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
@@ -194,7 +194,7 @@ __xfs_dir3_data_check(
break;
}
if (i >= be32_to_cpu(btp->count))
- return false;
+ return __this_address;
}
p += ops->data_entsize(dep->namelen);
}
@@ -202,7 +202,7 @@ __xfs_dir3_data_check(
* Need to have seen all the entries and all the bestfree slots.
*/
if (freeseen != 7)
- return false;
+ return __this_address;
if (hdr->magic == cpu_to_be32(XFS_DIR2_BLOCK_MAGIC) ||
hdr->magic == cpu_to_be32(XFS_DIR3_BLOCK_MAGIC)) {
for (i = stale = 0; i < be32_to_cpu(btp->count); i++) {
@@ -211,17 +211,17 @@ __xfs_dir3_data_check(
stale++;
if (i > 0 && be32_to_cpu(lep[i].hashval) <
be32_to_cpu(lep[i - 1].hashval))
- return false;
+ return __this_address;
}
if (count != be32_to_cpu(btp->count) - be32_to_cpu(btp->stale))
- return false;
+ return __this_address;
if (stale != be32_to_cpu(btp->stale))
- return false;
+ return __this_address;
}
- return true;
+ return NULL;
}
-static bool
+static void *
xfs_dir3_data_verify(
struct xfs_buf *bp)
{
@@ -230,16 +230,16 @@ xfs_dir3_data_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (hdr3->magic != cpu_to_be32(XFS_DIR3_DATA_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr3->magic != cpu_to_be32(XFS_DIR2_DATA_MAGIC))
- return false;
+ return __this_address;
}
return __xfs_dir3_data_check(NULL, bp);
}
@@ -282,7 +282,7 @@ xfs_dir3_data_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_DATA_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_data_verify(bp))
+ else if (xfs_dir3_data_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -297,7 +297,7 @@ xfs_dir3_data_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_data_verify(bp)) {
+ if (xfs_dir3_data_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_leaf.c b/fs/xfs/libxfs/xfs_dir2_leaf.c
index 27297a6..6eb7939 100644
--- a/fs/xfs/libxfs/xfs_dir2_leaf.c
+++ b/fs/xfs/libxfs/xfs_dir2_leaf.c
@@ -73,13 +73,13 @@ xfs_dir3_leaf1_check(
} else if (leafhdr.magic != XFS_DIR2_LEAF1_MAGIC)
return false;
- return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf);
+ return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf) == NULL;
}
#else
#define xfs_dir3_leaf_check(dp, bp)
#endif
-bool
+void *
xfs_dir3_leaf_check_int(
struct xfs_mount *mp,
struct xfs_inode *dp,
@@ -114,27 +114,27 @@ xfs_dir3_leaf_check_int(
* We can deduce a value for that from di_size.
*/
if (hdr->count > ops->leaf_max_ents(geo))
- return false;
+ return __this_address;
/* Leaves and bests don't overlap in leaf format. */
if ((hdr->magic == XFS_DIR2_LEAF1_MAGIC ||
hdr->magic == XFS_DIR3_LEAF1_MAGIC) &&
(char *)&ents[hdr->count] > (char *)xfs_dir2_leaf_bests_p(ltp))
- return false;
+ return __this_address;
/* Check hash value order, count stale entries. */
for (i = stale = 0; i < hdr->count; i++) {
if (i + 1 < hdr->count) {
if (be32_to_cpu(ents[i].hashval) >
be32_to_cpu(ents[i + 1].hashval))
- return false;
+ return __this_address;
}
if (ents[i].address == cpu_to_be32(XFS_DIR2_NULL_DATAPTR))
stale++;
}
if (hdr->stale != stale)
- return false;
- return true;
+ return __this_address;
+ return NULL;
}
/*
@@ -142,7 +142,7 @@ xfs_dir3_leaf_check_int(
* kernels we don't get assertion failures in xfs_dir3_leaf_hdr_from_disk() due
* to incorrect magic numbers.
*/
-static bool
+static void *
xfs_dir3_leaf_verify(
struct xfs_buf *bp,
uint16_t magic)
@@ -160,16 +160,16 @@ xfs_dir3_leaf_verify(
: XFS_DIR3_LEAFN_MAGIC;
if (leaf3->info.hdr.magic != cpu_to_be16(magic3))
- return false;
+ return __this_address;
if (!uuid_equal(&leaf3->info.uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(leaf3->info.blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(leaf3->info.lsn)))
- return false;
+ return __this_address;
} else {
if (leaf->hdr.info.magic != cpu_to_be16(magic))
- return false;
+ return __this_address;
}
return xfs_dir3_leaf_check_int(mp, NULL, NULL, leaf);
@@ -185,7 +185,7 @@ __read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_LEAF_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_leaf_verify(bp, magic))
+ else if (xfs_dir3_leaf_verify(bp, magic))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -201,7 +201,7 @@ __write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_leaf_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_leaf_verify(bp, magic)) {
+ if (xfs_dir3_leaf_verify(bp, magic)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
index 682e2bf..b596b5f 100644
--- a/fs/xfs/libxfs/xfs_dir2_node.c
+++ b/fs/xfs/libxfs/xfs_dir2_node.c
@@ -76,13 +76,13 @@ xfs_dir3_leafn_check(
} else if (leafhdr.magic != XFS_DIR2_LEAFN_MAGIC)
return false;
- return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf);
+ return xfs_dir3_leaf_check_int(dp->i_mount, dp, &leafhdr, leaf) == NULL;
}
#else
#define xfs_dir3_leaf_check(dp, bp)
#endif
-static bool
+static void *
xfs_dir3_free_verify(
struct xfs_buf *bp)
{
@@ -93,21 +93,21 @@ xfs_dir3_free_verify(
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
if (hdr3->magic != cpu_to_be32(XFS_DIR3_FREE_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&hdr3->uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (be64_to_cpu(hdr3->blkno) != bp->b_bn)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(hdr3->lsn)))
- return false;
+ return __this_address;
} else {
if (hdr->magic != cpu_to_be32(XFS_DIR2_FREE_MAGIC))
- return false;
+ return __this_address;
}
/* XXX: should bounds check the xfs_dir3_icfree_hdr here */
- return true;
+ return NULL;
}
static void
@@ -119,7 +119,7 @@ xfs_dir3_free_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_DIR3_FREE_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_dir3_free_verify(bp))
+ else if (xfs_dir3_free_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -134,7 +134,7 @@ xfs_dir3_free_write_verify(
struct xfs_buf_log_item *bip = bp->b_fspriv;
struct xfs_dir3_blk_hdr *hdr3 = bp->b_addr;
- if (!xfs_dir3_free_verify(bp)) {
+ if (xfs_dir3_free_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
@@ -174,22 +174,22 @@ xfs_dir3_free_header_check(
struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
if (be32_to_cpu(hdr3->firstdb) != firstdb)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr3->nvalid) > maxbests)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr3->nvalid) < be32_to_cpu(hdr3->nused))
- return false;
+ return __this_address;
} else {
struct xfs_dir2_free_hdr *hdr = bp->b_addr;
if (be32_to_cpu(hdr->firstdb) != firstdb)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr->nvalid) > maxbests)
- return false;
+ return __this_address;
if (be32_to_cpu(hdr->nvalid) < be32_to_cpu(hdr->nused))
- return false;
+ return __this_address;
}
- return true;
+ return NULL;
}
static int
@@ -208,7 +208,7 @@ __xfs_dir3_free_read(
return err;
/* Check things that we can't do in the verifier. */
- if (!xfs_dir3_free_header_check(dp, fbno, *bpp)) {
+ if (xfs_dir3_free_header_check(dp, fbno, *bpp)) {
xfs_buf_ioerror(*bpp, -EFSCORRUPTED);
xfs_verifier_error(*bpp);
xfs_trans_brelse(tp, *bpp);
diff --git a/fs/xfs/libxfs/xfs_dir2_priv.h b/fs/xfs/libxfs/xfs_dir2_priv.h
index 45c68d0..d1a441f 100644
--- a/fs/xfs/libxfs/xfs_dir2_priv.h
+++ b/fs/xfs/libxfs/xfs_dir2_priv.h
@@ -41,7 +41,7 @@ extern int xfs_dir2_leaf_to_block(struct xfs_da_args *args,
#ifdef DEBUG
#define xfs_dir3_data_check(dp, bp) \
do { \
- if (!__xfs_dir3_data_check((dp), (bp))) { \
+ if (__xfs_dir3_data_check((dp), (bp))) { \
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, \
(bp)->b_target->bt_mount, (bp)->b_addr); \
} \
@@ -50,7 +50,7 @@ do { \
#define xfs_dir3_data_check(dp,bp)
#endif
-extern bool __xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
+extern void *__xfs_dir3_data_check(struct xfs_inode *dp, struct xfs_buf *bp);
extern int xfs_dir3_data_read(struct xfs_trans *tp, struct xfs_inode *dp,
xfs_dablk_t bno, xfs_daddr_t mapped_bno, struct xfs_buf **bpp);
extern int xfs_dir3_data_readahead(struct xfs_inode *dp, xfs_dablk_t bno,
@@ -95,7 +95,7 @@ xfs_dir3_leaf_find_entry(struct xfs_dir3_icleaf_hdr *leafhdr,
int lowstale, int highstale, int *lfloglow, int *lfloghigh);
extern int xfs_dir2_node_to_leaf(struct xfs_da_state *state);
-extern bool xfs_dir3_leaf_check_int(struct xfs_mount *mp, struct xfs_inode *dp,
+extern void *xfs_dir3_leaf_check_int(struct xfs_mount *mp, struct xfs_inode *dp,
struct xfs_dir3_icleaf_hdr *hdr, struct xfs_dir2_leaf *leaf);
/* xfs_dir2_node.c */
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index a5d34f0..3f95dff 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2497,7 +2497,7 @@ xfs_check_agi_unlinked(
#define xfs_check_agi_unlinked(agi)
#endif
-static bool
+static void *
xfs_agi_verify(
struct xfs_buf *bp)
{
@@ -2506,28 +2506,28 @@ xfs_agi_verify(
if (xfs_sb_version_hascrc(&mp->m_sb)) {
if (!uuid_equal(&agi->agi_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp,
be64_to_cpu(XFS_BUF_TO_AGI(bp)->agi_lsn)))
- return false;
+ return __this_address;
}
/*
* Validate the magic number of the agi block.
*/
if (agi->agi_magicnum != cpu_to_be32(XFS_AGI_MAGIC))
- return false;
+ return __this_address;
if (!XFS_AGI_GOOD_VERSION(be32_to_cpu(agi->agi_versionnum)))
- return false;
+ return __this_address;
if (be32_to_cpu(agi->agi_level) < 1 ||
be32_to_cpu(agi->agi_level) > XFS_BTREE_MAXLEVELS)
- return false;
+ return __this_address;
if (xfs_sb_version_hasfinobt(&mp->m_sb) &&
(be32_to_cpu(agi->agi_free_level) < 1 ||
be32_to_cpu(agi->agi_free_level) > XFS_BTREE_MAXLEVELS))
- return false;
+ return __this_address;
/*
* during growfs operations, the perag is not fully initialised,
@@ -2536,10 +2536,10 @@ xfs_agi_verify(
* so we can detect and avoid this problem.
*/
if (bp->b_pag && be32_to_cpu(agi->agi_seqno) != bp->b_pag->pag_agno)
- return false;
+ return __this_address;
xfs_check_agi_unlinked(agi);
- return true;
+ return NULL;
}
static void
@@ -2551,7 +2551,7 @@ xfs_agi_read_verify(
if (xfs_sb_version_hascrc(&mp->m_sb) &&
!xfs_buf_verify_cksum(bp, XFS_AGI_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (XFS_TEST_ERROR(!xfs_agi_verify(bp), mp,
+ else if (XFS_TEST_ERROR(xfs_agi_verify(bp), mp,
XFS_ERRTAG_IALLOC_READ_AGI))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
@@ -2566,7 +2566,7 @@ xfs_agi_write_verify(
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_buf_log_item *bip = bp->b_fspriv;
- if (!xfs_agi_verify(bp)) {
+ if (xfs_agi_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c
index 2d2c3ea..89e928c 100644
--- a/fs/xfs/libxfs/xfs_ialloc_btree.c
+++ b/fs/xfs/libxfs/xfs_ialloc_btree.c
@@ -250,12 +250,13 @@ xfs_inobt_diff_two_keys(
be32_to_cpu(k2->inobt.ir_startino);
}
-static int
+static void *
xfs_inobt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
+ void *failed_at;
unsigned int level;
/*
@@ -271,20 +272,20 @@ xfs_inobt_verify(
switch (block->bb_magic) {
case cpu_to_be32(XFS_IBT_CRC_MAGIC):
case cpu_to_be32(XFS_FIBT_CRC_MAGIC):
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
/* fall through */
case cpu_to_be32(XFS_IBT_MAGIC):
case cpu_to_be32(XFS_FIBT_MAGIC):
break;
default:
- return 0;
+ return NULL;
}
/* level verification */
level = be16_to_cpu(block->bb_level);
if (level >= mp->m_in_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_inobt_mxr[level != 0]);
}
@@ -295,7 +296,7 @@ xfs_inobt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_inobt_verify(bp))
+ else if (xfs_inobt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -308,7 +309,7 @@ static void
xfs_inobt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_inobt_verify(bp)) {
+ if (xfs_inobt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index 378f8fb..02700428 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -380,7 +380,7 @@ xfs_log_dinode_to_disk(
}
}
-bool
+void *
xfs_dinode_verify(
struct xfs_mount *mp,
xfs_ino_t ino,
@@ -391,33 +391,33 @@ xfs_dinode_verify(
uint64_t flags2;
if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
- return false;
+ return __this_address;
/* don't allow invalid i_size */
if (be64_to_cpu(dip->di_size) & (1ULL << 63))
- return false;
+ return __this_address;
mode = be16_to_cpu(dip->di_mode);
if (mode && xfs_mode_to_ftype(mode) == XFS_DIR3_FT_UNKNOWN)
- return false;
+ return __this_address;
/* No zero-length symlinks/dirs. */
if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
- return false;
+ return __this_address;
/* only version 3 or greater inodes are extensively verified here */
if (dip->di_version < 3)
- return true;
+ return NULL;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
XFS_DINODE_CRC_OFF))
- return false;
+ return __this_address;
if (be64_to_cpu(dip->di_ino) != ino)
- return false;
+ return __this_address;
if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
flags = be16_to_cpu(dip->di_flags);
flags2 = be64_to_cpu(dip->di_flags2);
@@ -425,17 +425,17 @@ xfs_dinode_verify(
/* don't allow reflink/cowextsize if we don't have reflink */
if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) &&
!xfs_sb_version_hasreflink(&mp->m_sb))
- return false;
+ return __this_address;
/* don't let reflink and realtime mix */
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME))
- return false;
+ return __this_address;
/* don't let reflink and dax mix */
if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags2 & XFS_DIFLAG2_DAX))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
void
@@ -506,7 +506,7 @@ xfs_iread(
return error;
/* even unallocated inodes are verified */
- if (!xfs_dinode_verify(mp, ip->i_ino, dip)) {
+ if (xfs_dinode_verify(mp, ip->i_ino, dip)) {
xfs_alert(mp, "%s: validation failed for inode %lld",
__func__, ip->i_ino);
diff --git a/fs/xfs/libxfs/xfs_inode_buf.h b/fs/xfs/libxfs/xfs_inode_buf.h
index a9c97a3..2317511 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.h
+++ b/fs/xfs/libxfs/xfs_inode_buf.h
@@ -82,7 +82,7 @@ void xfs_inobp_check(struct xfs_mount *, struct xfs_buf *);
#define xfs_inobp_check(mp, bp)
#endif /* DEBUG */
-bool xfs_dinode_verify(struct xfs_mount *mp, xfs_ino_t ino,
- struct xfs_dinode *dip);
+void *xfs_dinode_verify(struct xfs_mount *mp, xfs_ino_t ino,
+ struct xfs_dinode *dip);
#endif /* __XFS_INODE_BUF_H__ */
diff --git a/fs/xfs/libxfs/xfs_refcount_btree.c b/fs/xfs/libxfs/xfs_refcount_btree.c
index 3c59dd3..48f651a 100644
--- a/fs/xfs/libxfs/xfs_refcount_btree.c
+++ b/fs/xfs/libxfs/xfs_refcount_btree.c
@@ -223,29 +223,30 @@ xfs_refcountbt_diff_two_keys(
be32_to_cpu(k2->refc.rc_startblock);
}
-STATIC bool
+STATIC void *
xfs_refcountbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
if (block->bb_magic != cpu_to_be32(XFS_REFC_CRC_MAGIC))
- return false;
+ return __this_address;
if (!xfs_sb_version_hasreflink(&mp->m_sb))
- return false;
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ return __this_address;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
level = be16_to_cpu(block->bb_level);
if (pag && pag->pagf_init) {
if (level >= pag->pagf_refcount_level)
- return false;
+ return __this_address;
} else if (level >= mp->m_refc_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_refc_mxr[level != 0]);
}
@@ -256,7 +257,7 @@ xfs_refcountbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_refcountbt_verify(bp))
+ else if (xfs_refcountbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -269,7 +270,7 @@ STATIC void
xfs_refcountbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_refcountbt_verify(bp)) {
+ if (xfs_refcountbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c
index 9d9c919..77e23c9 100644
--- a/fs/xfs/libxfs/xfs_rmap_btree.c
+++ b/fs/xfs/libxfs/xfs_rmap_btree.c
@@ -303,13 +303,14 @@ xfs_rmapbt_diff_two_keys(
return 0;
}
-static bool
+static void *
xfs_rmapbt_verify(
struct xfs_buf *bp)
{
struct xfs_mount *mp = bp->b_target->bt_mount;
struct xfs_btree_block *block = XFS_BUF_TO_BLOCK(bp);
struct xfs_perag *pag = bp->b_pag;
+ void *failed_at;
unsigned int level;
/*
@@ -325,19 +326,19 @@ xfs_rmapbt_verify(
* in this case.
*/
if (block->bb_magic != cpu_to_be32(XFS_RMAP_CRC_MAGIC))
- return false;
+ return __this_address;
if (!xfs_sb_version_hasrmapbt(&mp->m_sb))
- return false;
- if (!xfs_btree_sblock_v5hdr_verify(bp))
- return false;
+ return __this_address;
+ if ((failed_at = xfs_btree_sblock_v5hdr_verify(bp)))
+ return failed_at;
level = be16_to_cpu(block->bb_level);
if (pag && pag->pagf_init) {
if (level >= pag->pagf_levels[XFS_BTNUM_RMAPi])
- return false;
+ return __this_address;
} else if (level >= mp->m_rmap_maxlevels)
- return false;
+ return __this_address;
return xfs_btree_sblock_verify(bp, mp->m_rmap_mxr[level != 0]);
}
@@ -348,7 +349,7 @@ xfs_rmapbt_read_verify(
{
if (!xfs_btree_sblock_verify_crc(bp))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_rmapbt_verify(bp))
+ else if (xfs_rmapbt_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error) {
@@ -361,7 +362,7 @@ static void
xfs_rmapbt_write_verify(
struct xfs_buf *bp)
{
- if (!xfs_rmapbt_verify(bp)) {
+ if (xfs_rmapbt_verify(bp)) {
trace_xfs_btree_corrupt(bp, _RET_IP_);
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c
index c484877..b53a4c9 100644
--- a/fs/xfs/libxfs/xfs_symlink_remote.c
+++ b/fs/xfs/libxfs/xfs_symlink_remote.c
@@ -98,7 +98,7 @@ xfs_symlink_hdr_ok(
return true;
}
-static bool
+static void *
xfs_symlink_verify(
struct xfs_buf *bp)
{
@@ -106,22 +106,22 @@ xfs_symlink_verify(
struct xfs_dsymlink_hdr *dsl = bp->b_addr;
if (!xfs_sb_version_hascrc(&mp->m_sb))
- return false;
+ return __this_address;
if (dsl->sl_magic != cpu_to_be32(XFS_SYMLINK_MAGIC))
- return false;
+ return __this_address;
if (!uuid_equal(&dsl->sl_uuid, &mp->m_sb.sb_meta_uuid))
- return false;
+ return __this_address;
if (bp->b_bn != be64_to_cpu(dsl->sl_blkno))
- return false;
+ return __this_address;
if (be32_to_cpu(dsl->sl_offset) +
be32_to_cpu(dsl->sl_bytes) >= XFS_SYMLINK_MAXLEN)
- return false;
+ return __this_address;
if (dsl->sl_owner == 0)
- return false;
+ return __this_address;
if (!xfs_log_check_lsn(mp, be64_to_cpu(dsl->sl_lsn)))
- return false;
+ return __this_address;
- return true;
+ return NULL;
}
static void
@@ -136,7 +136,7 @@ xfs_symlink_read_verify(
if (!xfs_buf_verify_cksum(bp, XFS_SYMLINK_CRC_OFF))
xfs_buf_ioerror(bp, -EFSBADCRC);
- else if (!xfs_symlink_verify(bp))
+ else if (xfs_symlink_verify(bp))
xfs_buf_ioerror(bp, -EFSCORRUPTED);
if (bp->b_error)
@@ -154,7 +154,7 @@ xfs_symlink_write_verify(
if (!xfs_sb_version_hascrc(&mp->m_sb))
return;
- if (!xfs_symlink_verify(bp)) {
+ if (xfs_symlink_verify(bp)) {
xfs_buf_ioerror(bp, -EFSCORRUPTED);
xfs_verifier_error(bp);
return;
diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
index 9301c5a..1ce728f 100644
--- a/fs/xfs/xfs_linux.h
+++ b/fs/xfs/xfs_linux.h
@@ -142,6 +142,13 @@ typedef __u32 xfs_nlink_t;
#define SYNCHRONIZE() barrier()
#define __return_address __builtin_return_address(0)
+/*
+ * Return the address of a label. Use asm volatile so that the optimizer
+ * won't try anything stupid like refactoring the error jumpouts into a
+ * single return, which throws off the reported address.
+ */
+#define __this_address ({ __label__ __here; __here: asm volatile(""); &&__here; })
+
#define XFS_PROJID_DEFAULT 0
#define MIN(a,b) (min(a,b))
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-19 1:17 ` Darrick J. Wong
@ 2017-08-19 23:20 ` Dave Chinner
0 siblings, 0 replies; 34+ messages in thread
From: Dave Chinner @ 2017-08-19 23:20 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On Fri, Aug 18, 2017 at 06:17:21PM -0700, Darrick J. Wong wrote:
> On Sat, Aug 19, 2017 at 11:12:46AM +1000, Dave Chinner wrote:
> > On Fri, Aug 18, 2017 at 05:58:16PM -0700, Darrick J. Wong wrote:
> > > On Sat, Aug 19, 2017 at 10:33:00AM +1000, Dave Chinner wrote:
> > > > On Fri, Aug 18, 2017 at 11:45:11AM -0700, Darrick J. Wong wrote:
> > > > > On Fri, Aug 18, 2017 at 10:06:07AM -0700, Darrick J. Wong wrote:
> > > > > > ...which is totally worthless, unless we want to compile all the verifier
> > > > > > functions with __attribute__((optimize("O0"))), which is bogus.
> > > > > >
> > > > > > <sigh> Back to the drawing board on that one.
> > > > >
> > > > > Ok, there's /slightly/ less awful way to prevent gcc from optimizing the
> > > > > verifier function to the point of imprecise pointer value, but it involves
> > > > > writing to a volatile int:
> > > > >
> > > > > /* stupidly prevent gcc from over-optimizing getting the instruction ptr */
> > > > > extern volatile int xfs_lineno;
> > > > > #define __this_address ({ __label__ __here; __here: xfs_lineno = __LINE__; &&__here; })
> > > > >
> > > > > <grumble> Yucky, but it more or less works.
> > > >
> > > > Can you declare the label as volatile, like you can an asm
> > > > statement to prevent the compiler from optimising out asm
> > > > statements?
> > > >
> > > > Even so, given the yuckiness is very isolated and should only affect
> > > > the slow path code, I can live with this.
> > >
> > > Hmmm. I can't declare the label as volatile, but I /can/ inject
> > > asm volatile("") and that seems to prevent gcc from moving code hunks
> > > around:
> > >
> > > #define __this_address ({ __label__ __here; __here: asm volatile(""); &&__here; })
> >
> > That seems cleaner to me, and I /think/ the gcc manual says it won't
> > remove such statements, but it also says:
> >
> > Under certain circumstances, GCC may duplicate (or remove duplicates
> > of) your assembly code when optimizing.
> >
> > So I have no real idea whether this is going to be robust or not.
> > I'm not a gcc/asm expert at all (that stuff is mostly black magic
> > to me).
>
> Same here. I figure if we start getting complaints about totally wacko
> function pointers in the dmesg/xfsrepair output, we can put the
> set-a-volatile-int cobwebs back in.
Doh, it's taking me longer to remember things I forgot 10+ years ago
these days...
>From include/linux/gcc-compiler.h:
/* Optimization barrier */
/* The "volatile" is due to gcc bugs */
#define barrier() __asm__ __volatile__("": : :"memory")
So I think we can just dump a barrier() call in the macro and it
should work without us having to care about it. Still need a comment
to explain why the barrier is there, though...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-18 17:06 ` Darrick J. Wong
2017-08-18 18:45 ` Darrick J. Wong
@ 2017-08-21 8:13 ` Christoph Hellwig
2017-08-29 15:11 ` Christoph Hellwig
1 sibling, 1 reply; 34+ messages in thread
From: Christoph Hellwig @ 2017-08-21 8:13 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
So what do you think of the version that adds real printks for
each condition including more details like the one verifier I
did below? Probably needs some unlikely annotations, though.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-21 8:13 ` Christoph Hellwig
@ 2017-08-29 15:11 ` Christoph Hellwig
2017-08-29 16:57 ` Darrick J. Wong
2017-08-29 22:22 ` Dave Chinner
0 siblings, 2 replies; 34+ messages in thread
From: Christoph Hellwig @ 2017-08-29 15:11 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> So what do you think of the version that adds real printks for
> each condition including more details like the one verifier I
> did below? Probably needs some unlikely annotations, though.
Given that there was another resend of the series I'd be really
curious about the answer to this?
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-29 15:11 ` Christoph Hellwig
@ 2017-08-29 16:57 ` Darrick J. Wong
2017-08-29 22:22 ` Dave Chinner
1 sibling, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-29 16:57 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: linux-xfs
On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > So what do you think of the version that adds real printks for
> > each condition including more details like the one verifier I
> > did below? Probably needs some unlikely annotations, though.
>
> Given that there was another resend of the series I'd be really
> curious about the answer to this?
Oh! Sorry, I lost the thread and forgot to reply. :(
For debug kernels, I think it's definitely valuable to us to enhance the
corruption reports by printing out the expected value(s) and the
observed value so that we can pinpoint quickly exactly which test failed
and why.
I'm not as strongly convinced that it's worth it to put all those
strings into release builds and have to carry those around in memory.
Then again, on my rc7 dev build the strings only contribute about 120K
to a 1.4MB .ko file so it might not be a big deal.
I also think it would be useful for xfs_verifier_error to print more of
the corrupted buffer.
--D
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-29 15:11 ` Christoph Hellwig
2017-08-29 16:57 ` Darrick J. Wong
@ 2017-08-29 22:22 ` Dave Chinner
2017-08-31 0:10 ` Darrick J. Wong
1 sibling, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-29 22:22 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: Darrick J. Wong, linux-xfs
On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > So what do you think of the version that adds real printks for
> > each condition including more details like the one verifier I
> > did below? Probably needs some unlikely annotations, though.
>
> Given that there was another resend of the series I'd be really
> curious about the answer to this?
If we increase the size of the hexdump on error, then most of the
specific numbers in the print statements can be pulled from the
hexdump. And if the verifier tells us exactly what check failed,
we don't have to decode the entire hexdump to know what field was
out of band.
Perhaps what we should think about here is adding a mode to xfs_db
to decode the hexdump into structured output so we don't have to
manually decode the hex dumps ever again....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-29 22:22 ` Dave Chinner
@ 2017-08-31 0:10 ` Darrick J. Wong
2017-08-31 2:43 ` Dave Chinner
0 siblings, 1 reply; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-31 0:10 UTC (permalink / raw)
To: Dave Chinner; +Cc: Christoph Hellwig, linux-xfs
On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> > On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > > So what do you think of the version that adds real printks for
> > > each condition including more details like the one verifier I
> > > did below? Probably needs some unlikely annotations, though.
> >
> > Given that there was another resend of the series I'd be really
> > curious about the answer to this?
>
> If we increase the size of the hexdump on error, then most of the
> specific numbers in the print statements can be pulled from the
> hexdump. And if the verifier tells us exactly what check failed,
> we don't have to decode the entire hexdump to know what field was
> out of band.
How much do we increase the size of the hexdump? 64 -> 128? Or
whatever the structure header size is? How about if xfs_error_level >=
XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
> Perhaps what we should think about here is adding a mode to xfs_db
> to decode the hexdump into structured output so we don't have to
> manually decode the hex dumps ever again....
Seems useful, yes.
--D
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@fromorbit.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 0:10 ` Darrick J. Wong
@ 2017-08-31 2:43 ` Dave Chinner
2017-08-31 3:05 ` Eric Sandeen
0 siblings, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-31 2:43 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> > On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> > > On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > > > So what do you think of the version that adds real printks for
> > > > each condition including more details like the one verifier I
> > > > did below? Probably needs some unlikely annotations, though.
> > >
> > > Given that there was another resend of the series I'd be really
> > > curious about the answer to this?
> >
> > If we increase the size of the hexdump on error, then most of the
> > specific numbers in the print statements can be pulled from the
> > hexdump. And if the verifier tells us exactly what check failed,
> > we don't have to decode the entire hexdump to know what field was
> > out of band.
>
> How much do we increase the size of the hexdump? 64 -> 128? Or
> whatever the structure header size is?
I choose 64 because it captured the primary header for most
structures for CRC enabled filesystems, so it would have
owner/crc/uuid/etc in it. I wasn't really trying to capture the
object specific metadata in it, but increasing to 128 bytes would
capture most of that block headers, too. Won't really help with
inodes, though, as the core is 176 bytes and the owner/crc stuff is
at the end....
> How about if xfs_error_level >=
> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
Excellent idea. We can easily capture the entire output for
corruptions the users can easily trip over. Maybe put in the short
dump a line "turn error level up to 11 to get a full dump of the
corruption"?
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 2:43 ` Dave Chinner
@ 2017-08-31 3:05 ` Eric Sandeen
2017-08-31 3:27 ` Dave Chinner
0 siblings, 1 reply; 34+ messages in thread
From: Eric Sandeen @ 2017-08-31 3:05 UTC (permalink / raw)
To: Dave Chinner, Darrick J. Wong; +Cc: Christoph Hellwig, linux-xfs
On 8/30/17 9:43 PM, Dave Chinner wrote:
> On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
>> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
>>> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
>>>> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
>>>>> So what do you think of the version that adds real printks for
>>>>> each condition including more details like the one verifier I
>>>>> did below? Probably needs some unlikely annotations, though.
>>>>
>>>> Given that there was another resend of the series I'd be really
>>>> curious about the answer to this?
>>>
>>> If we increase the size of the hexdump on error, then most of the
>>> specific numbers in the print statements can be pulled from the
>>> hexdump. And if the verifier tells us exactly what check failed,
>>> we don't have to decode the entire hexdump to know what field was
>>> out of band.
>>
>> How much do we increase the size of the hexdump? 64 -> 128? Or
>> whatever the structure header size is?
>
> I choose 64 because it captured the primary header for most
> structures for CRC enabled filesystems, so it would have
> owner/crc/uuid/etc in it. I wasn't really trying to capture the
> object specific metadata in it, but increasing to 128 bytes would
> capture most of that block headers, too. Won't really help with
> inodes, though, as the core is 176 bytes and the owner/crc stuff is
> at the end....
>
>> How about if xfs_error_level >=
>> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
>
> Excellent idea. We can easily capture the entire output for
> corruptions the users can easily trip over. Maybe put in the short
> dump a line "turn error level up to 11 to get a full dump of the
> corruption"?
Yep, the thing about "more info only if you tune it" is that nobody
will know to tune it. Unless you printk that info...
Of course nobody will know what "turn error up ..." means, either.
Hm, at one point I had a patch to add object size to the
xfs_buf_ops struct and print that many bytes, but can't find it now :/
(not that it was very complicated...)
Anyway, point is making it vary with the size of the object wouldn't
be too hard.
-Eric
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 3:05 ` Eric Sandeen
@ 2017-08-31 3:27 ` Dave Chinner
2017-08-31 5:44 ` Darrick J. Wong
0 siblings, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-31 3:27 UTC (permalink / raw)
To: Eric Sandeen; +Cc: Darrick J. Wong, Christoph Hellwig, linux-xfs
On Wed, Aug 30, 2017 at 10:05:25PM -0500, Eric Sandeen wrote:
> On 8/30/17 9:43 PM, Dave Chinner wrote:
> > On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
> >> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> >>> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> >>>> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> >>>>> So what do you think of the version that adds real printks for
> >>>>> each condition including more details like the one verifier I
> >>>>> did below? Probably needs some unlikely annotations, though.
> >>>>
> >>>> Given that there was another resend of the series I'd be really
> >>>> curious about the answer to this?
> >>>
> >>> If we increase the size of the hexdump on error, then most of the
> >>> specific numbers in the print statements can be pulled from the
> >>> hexdump. And if the verifier tells us exactly what check failed,
> >>> we don't have to decode the entire hexdump to know what field was
> >>> out of band.
> >>
> >> How much do we increase the size of the hexdump? 64 -> 128? Or
> >> whatever the structure header size is?
> >
> > I choose 64 because it captured the primary header for most
> > structures for CRC enabled filesystems, so it would have
> > owner/crc/uuid/etc in it. I wasn't really trying to capture the
> > object specific metadata in it, but increasing to 128 bytes would
> > capture most of that block headers, too. Won't really help with
> > inodes, though, as the core is 176 bytes and the owner/crc stuff is
> > at the end....
> >
> >> How about if xfs_error_level >=
> >> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
> >
> > Excellent idea. We can easily capture the entire output for
> > corruptions the users can easily trip over. Maybe put in the short
> > dump a line "turn error level up to 11 to get a full dump of the
> > corruption"?
>
> Yep, the thing about "more info only if you tune it" is that nobody
> will know to tune it. Unless you printk that info...
>
> Of course nobody will know what "turn error up ..." means, either.
Sure, I was just paraphrasing how an error message might look. A
few quick coats of paint on the bikeshed will result in something
like:
"If this is a recurring error, please set
/proc/sys/fs/xfs/error_level to ...."
> Hm, at one point I had a patch to add object size to the
> xfs_buf_ops struct and print that many bytes, but can't find it now :/
> (not that it was very complicated...)
>
> Anyway, point is making it vary with the size of the object wouldn't
> be too hard.
Probably not, but it is complicated by the fact we have a couple of
different ways of dumping corruption errors. e.g. inode verifier
warnings are dumped through XFS_CORRUPTION_ERROR() rather than
xfs_verifier_error() as they are not buffer based verifiers. Other
things like log record CRC failures are hard coded to dump 32 bytes,
as is xlog_print_trans() on transaction overruns....
That's not a show stopper, but it would be nice to have consistent
behaviour across all the mechanisms we use to dump object data that
failed verification...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 3:27 ` Dave Chinner
@ 2017-08-31 5:44 ` Darrick J. Wong
2017-08-31 23:37 ` Dave Chinner
0 siblings, 1 reply; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-31 5:44 UTC (permalink / raw)
To: Dave Chinner; +Cc: Eric Sandeen, Christoph Hellwig, linux-xfs
On Thu, Aug 31, 2017 at 01:27:36PM +1000, Dave Chinner wrote:
> On Wed, Aug 30, 2017 at 10:05:25PM -0500, Eric Sandeen wrote:
> > On 8/30/17 9:43 PM, Dave Chinner wrote:
> > > On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
> > >> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> > >>> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> > >>>> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > >>>>> So what do you think of the version that adds real printks for
> > >>>>> each condition including more details like the one verifier I
> > >>>>> did below? Probably needs some unlikely annotations, though.
> > >>>>
> > >>>> Given that there was another resend of the series I'd be really
> > >>>> curious about the answer to this?
> > >>>
> > >>> If we increase the size of the hexdump on error, then most of the
> > >>> specific numbers in the print statements can be pulled from the
> > >>> hexdump. And if the verifier tells us exactly what check failed,
> > >>> we don't have to decode the entire hexdump to know what field was
> > >>> out of band.
> > >>
> > >> How much do we increase the size of the hexdump? 64 -> 128? Or
> > >> whatever the structure header size is?
> > >
> > > I choose 64 because it captured the primary header for most
> > > structures for CRC enabled filesystems, so it would have
> > > owner/crc/uuid/etc in it. I wasn't really trying to capture the
> > > object specific metadata in it, but increasing to 128 bytes would
> > > capture most of that block headers, too. Won't really help with
> > > inodes, though, as the core is 176 bytes and the owner/crc stuff is
> > > at the end....
> > >
> > >> How about if xfs_error_level >=
> > >> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
> > >
> > > Excellent idea. We can easily capture the entire output for
> > > corruptions the users can easily trip over. Maybe put in the short
> > > dump a line "turn error level up to 11 to get a full dump of the
> > > corruption"?
> >
> > Yep, the thing about "more info only if you tune it" is that nobody
> > will know to tune it. Unless you printk that info...
> >
> > Of course nobody will know what "turn error up ..." means, either.
>
> Sure, I was just paraphrasing how an error message might look. A
> few quick coats of paint on the bikeshed will result in something
> like:
>
> "If this is a recurring error, please set
> /proc/sys/fs/xfs/error_level to ...."
>
> > Hm, at one point I had a patch to add object size to the
> > xfs_buf_ops struct and print that many bytes, but can't find it now :/
> > (not that it was very complicated...)
> >
> > Anyway, point is making it vary with the size of the object wouldn't
> > be too hard.
>
> Probably not, but it is complicated by the fact we have a couple of
> different ways of dumping corruption errors. e.g. inode verifier
> warnings are dumped through XFS_CORRUPTION_ERROR() rather than
> xfs_verifier_error() as they are not buffer based verifiers. Other
> things like log record CRC failures are hard coded to dump 32 bytes,
> as is xlog_print_trans() on transaction overruns....
>
> That's not a show stopper, but it would be nice to have consistent
> behaviour across all the mechanisms we use to dump object data that
> failed verification...
/me wonders if it'd suffice just to add an xfs_params value in /proc,
set its default to 128 bytes, and make the corruption reporters query
the xfs_param. Then we could tell users to set it to some magic value
(-1? 0?) to get the entire buffer.
I just had another thought -- what if we always dump the whole buffer if
the corruption would result in fs shutdown?
--D
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@fromorbit.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 5:44 ` Darrick J. Wong
@ 2017-08-31 23:37 ` Dave Chinner
2017-08-31 23:49 ` Darrick J. Wong
0 siblings, 1 reply; 34+ messages in thread
From: Dave Chinner @ 2017-08-31 23:37 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: Eric Sandeen, Christoph Hellwig, linux-xfs
On Wed, Aug 30, 2017 at 10:44:43PM -0700, Darrick J. Wong wrote:
> On Thu, Aug 31, 2017 at 01:27:36PM +1000, Dave Chinner wrote:
> > On Wed, Aug 30, 2017 at 10:05:25PM -0500, Eric Sandeen wrote:
> > > On 8/30/17 9:43 PM, Dave Chinner wrote:
> > > > On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
> > > >> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> > > >>> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> > > >>>> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > > >>>>> So what do you think of the version that adds real printks for
> > > >>>>> each condition including more details like the one verifier I
> > > >>>>> did below? Probably needs some unlikely annotations, though.
> > > >>>>
> > > >>>> Given that there was another resend of the series I'd be really
> > > >>>> curious about the answer to this?
> > > >>>
> > > >>> If we increase the size of the hexdump on error, then most of the
> > > >>> specific numbers in the print statements can be pulled from the
> > > >>> hexdump. And if the verifier tells us exactly what check failed,
> > > >>> we don't have to decode the entire hexdump to know what field was
> > > >>> out of band.
> > > >>
> > > >> How much do we increase the size of the hexdump? 64 -> 128? Or
> > > >> whatever the structure header size is?
> > > >
> > > > I choose 64 because it captured the primary header for most
> > > > structures for CRC enabled filesystems, so it would have
> > > > owner/crc/uuid/etc in it. I wasn't really trying to capture the
> > > > object specific metadata in it, but increasing to 128 bytes would
> > > > capture most of that block headers, too. Won't really help with
> > > > inodes, though, as the core is 176 bytes and the owner/crc stuff is
> > > > at the end....
> > > >
> > > >> How about if xfs_error_level >=
> > > >> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
> > > >
> > > > Excellent idea. We can easily capture the entire output for
> > > > corruptions the users can easily trip over. Maybe put in the short
> > > > dump a line "turn error level up to 11 to get a full dump of the
> > > > corruption"?
> > >
> > > Yep, the thing about "more info only if you tune it" is that nobody
> > > will know to tune it. Unless you printk that info...
> > >
> > > Of course nobody will know what "turn error up ..." means, either.
> >
> > Sure, I was just paraphrasing how an error message might look. A
> > few quick coats of paint on the bikeshed will result in something
> > like:
> >
> > "If this is a recurring error, please set
> > /proc/sys/fs/xfs/error_level to ...."
> >
> > > Hm, at one point I had a patch to add object size to the
> > > xfs_buf_ops struct and print that many bytes, but can't find it now :/
> > > (not that it was very complicated...)
> > >
> > > Anyway, point is making it vary with the size of the object wouldn't
> > > be too hard.
> >
> > Probably not, but it is complicated by the fact we have a couple of
> > different ways of dumping corruption errors. e.g. inode verifier
> > warnings are dumped through XFS_CORRUPTION_ERROR() rather than
> > xfs_verifier_error() as they are not buffer based verifiers. Other
> > things like log record CRC failures are hard coded to dump 32 bytes,
> > as is xlog_print_trans() on transaction overruns....
> >
> > That's not a show stopper, but it would be nice to have consistent
> > behaviour across all the mechanisms we use to dump object data that
> > failed verification...
>
> /me wonders if it'd suffice just to add an xfs_params value in /proc,
> set its default to 128 bytes, and make the corruption reporters query
> the xfs_param. Then we could tell users to set it to some magic value
> (-1? 0?) to get the entire buffer.
Let's avoid adding a new proc entries to configure error verbosity
when we already have a proc entry that controls error verbosity....
> I just had another thought -- what if we always dump the whole buffer if
> the corruption would result in fs shutdown?
How do you know that a verifier failure (or any specific call to
XFS_CORRUPTION_ERROR) is going to result in a filesystem shutdown?
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [RFC 00/12] xfs: more and better verifiers
2017-08-31 23:37 ` Dave Chinner
@ 2017-08-31 23:49 ` Darrick J. Wong
0 siblings, 0 replies; 34+ messages in thread
From: Darrick J. Wong @ 2017-08-31 23:49 UTC (permalink / raw)
To: Dave Chinner; +Cc: Eric Sandeen, Christoph Hellwig, linux-xfs
On Fri, Sep 01, 2017 at 09:37:26AM +1000, Dave Chinner wrote:
> On Wed, Aug 30, 2017 at 10:44:43PM -0700, Darrick J. Wong wrote:
> > On Thu, Aug 31, 2017 at 01:27:36PM +1000, Dave Chinner wrote:
> > > On Wed, Aug 30, 2017 at 10:05:25PM -0500, Eric Sandeen wrote:
> > > > On 8/30/17 9:43 PM, Dave Chinner wrote:
> > > > > On Wed, Aug 30, 2017 at 05:10:09PM -0700, Darrick J. Wong wrote:
> > > > >> On Wed, Aug 30, 2017 at 08:22:47AM +1000, Dave Chinner wrote:
> > > > >>> On Tue, Aug 29, 2017 at 08:11:59AM -0700, Christoph Hellwig wrote:
> > > > >>>> On Mon, Aug 21, 2017 at 01:13:33AM -0700, Christoph Hellwig wrote:
> > > > >>>>> So what do you think of the version that adds real printks for
> > > > >>>>> each condition including more details like the one verifier I
> > > > >>>>> did below? Probably needs some unlikely annotations, though.
> > > > >>>>
> > > > >>>> Given that there was another resend of the series I'd be really
> > > > >>>> curious about the answer to this?
> > > > >>>
> > > > >>> If we increase the size of the hexdump on error, then most of the
> > > > >>> specific numbers in the print statements can be pulled from the
> > > > >>> hexdump. And if the verifier tells us exactly what check failed,
> > > > >>> we don't have to decode the entire hexdump to know what field was
> > > > >>> out of band.
> > > > >>
> > > > >> How much do we increase the size of the hexdump? 64 -> 128? Or
> > > > >> whatever the structure header size is?
> > > > >
> > > > > I choose 64 because it captured the primary header for most
> > > > > structures for CRC enabled filesystems, so it would have
> > > > > owner/crc/uuid/etc in it. I wasn't really trying to capture the
> > > > > object specific metadata in it, but increasing to 128 bytes would
> > > > > capture most of that block headers, too. Won't really help with
> > > > > inodes, though, as the core is 176 bytes and the owner/crc stuff is
> > > > > at the end....
> > > > >
> > > > >> How about if xfs_error_level >=
> > > > >> XFS_ERRORLEVEL_HIGH then we dump the entire buffer?
> > > > >
> > > > > Excellent idea. We can easily capture the entire output for
> > > > > corruptions the users can easily trip over. Maybe put in the short
> > > > > dump a line "turn error level up to 11 to get a full dump of the
> > > > > corruption"?
> > > >
> > > > Yep, the thing about "more info only if you tune it" is that nobody
> > > > will know to tune it. Unless you printk that info...
> > > >
> > > > Of course nobody will know what "turn error up ..." means, either.
> > >
> > > Sure, I was just paraphrasing how an error message might look. A
> > > few quick coats of paint on the bikeshed will result in something
> > > like:
> > >
> > > "If this is a recurring error, please set
> > > /proc/sys/fs/xfs/error_level to ...."
> > >
> > > > Hm, at one point I had a patch to add object size to the
> > > > xfs_buf_ops struct and print that many bytes, but can't find it now :/
> > > > (not that it was very complicated...)
> > > >
> > > > Anyway, point is making it vary with the size of the object wouldn't
> > > > be too hard.
> > >
> > > Probably not, but it is complicated by the fact we have a couple of
> > > different ways of dumping corruption errors. e.g. inode verifier
> > > warnings are dumped through XFS_CORRUPTION_ERROR() rather than
> > > xfs_verifier_error() as they are not buffer based verifiers. Other
> > > things like log record CRC failures are hard coded to dump 32 bytes,
> > > as is xlog_print_trans() on transaction overruns....
> > >
> > > That's not a show stopper, but it would be nice to have consistent
> > > behaviour across all the mechanisms we use to dump object data that
> > > failed verification...
> >
> > /me wonders if it'd suffice just to add an xfs_params value in /proc,
> > set its default to 128 bytes, and make the corruption reporters query
> > the xfs_param. Then we could tell users to set it to some magic value
> > (-1? 0?) to get the entire buffer.
>
> Let's avoid adding a new proc entries to configure error verbosity
> when we already have a proc entry that controls error verbosity....
Fair enough.
> > I just had another thought -- what if we always dump the whole buffer if
> > the corruption would result in fs shutdown?
>
> How do you know that a verifier failure (or any specific call to
> XFS_CORRUPTION_ERROR) is going to result in a filesystem shutdown?
Nuts. For a minute there I thought that if we were trying to get/read
a buffer we'd have assigned it to a transaction before calling the
verifier, but that's not true. Oh well. I'll start with a simpler
patch to increase the dump size if xfs_error_level is high.
--D
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david@fromorbit.com
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2017-08-31 23:49 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-17 23:31 [RFC 00/12] xfs: more and better verifiers Darrick J. Wong
2017-08-17 23:31 ` [PATCH 01/12] xfs: refactor long-format btree header verification routines Darrick J. Wong
2017-08-17 23:31 ` [PATCH 02/12] xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers Darrick J. Wong
2017-08-17 23:31 ` [PATCH 03/12] xfs: have buffer verifier functions report failing address Darrick J. Wong
2017-08-19 2:19 ` [PATCH v2 " Darrick J. Wong
2017-08-17 23:31 ` [PATCH 04/12] xfs: refactor verifier callers to print address of failing check Darrick J. Wong
2017-08-17 23:32 ` [PATCH 05/12] xfs: verify dinode header first Darrick J. Wong
2017-08-17 23:32 ` [PATCH 06/12] xfs: move inode fork verifiers to xfs_dinode_verify Darrick J. Wong
2017-08-17 23:32 ` [PATCH 07/12] xfs: create structure verifier function for shortform xattrs Darrick J. Wong
2017-08-17 23:32 ` [PATCH 08/12] xfs: create structure verifier function for short form symlinks Darrick J. Wong
2017-08-17 23:32 ` [PATCH 09/12] xfs: refactor short form directory structure verifier function Darrick J. Wong
2017-08-17 23:32 ` [PATCH 10/12] xfs: provide a centralized method for verifying inline fork data Darrick J. Wong
2017-08-17 23:32 ` [PATCH 11/12] xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt Darrick J. Wong
2017-08-17 23:32 ` [PATCH 12/12] xfs: create a new buf_ops pointer to verify structure metadata Darrick J. Wong
2017-08-18 7:05 ` [RFC 00/12] xfs: more and better verifiers Christoph Hellwig
2017-08-18 17:06 ` Darrick J. Wong
2017-08-18 18:45 ` Darrick J. Wong
2017-08-18 18:59 ` Darrick J. Wong
2017-08-19 0:33 ` Dave Chinner
2017-08-19 0:58 ` Darrick J. Wong
2017-08-19 1:12 ` Dave Chinner
2017-08-19 1:17 ` Darrick J. Wong
2017-08-19 23:20 ` Dave Chinner
2017-08-21 8:13 ` Christoph Hellwig
2017-08-29 15:11 ` Christoph Hellwig
2017-08-29 16:57 ` Darrick J. Wong
2017-08-29 22:22 ` Dave Chinner
2017-08-31 0:10 ` Darrick J. Wong
2017-08-31 2:43 ` Dave Chinner
2017-08-31 3:05 ` Eric Sandeen
2017-08-31 3:27 ` Dave Chinner
2017-08-31 5:44 ` Darrick J. Wong
2017-08-31 23:37 ` Dave Chinner
2017-08-31 23:49 ` Darrick J. Wong
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.