From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Gao Xiang <hsiangkao@redhat.com>
Cc: linux-xfs@vger.kernel.org, Brian Foster <bfoster@redhat.com>,
Eric Sandeen <sandeen@redhat.com>,
Dave Chinner <david@fromorbit.com>
Subject: Re: [PATCH v3 RESEND] xfs: introduce xfs_validate_stripe_geometry()
Date: Wed, 14 Oct 2020 09:19:22 -0700 [thread overview]
Message-ID: <20201014161922.GG9832@magnolia> (raw)
In-Reply-To: <20201014074550.20552-1-hsiangkao@redhat.com>
On Wed, Oct 14, 2020 at 03:45:50PM +0800, Gao Xiang wrote:
> Introduce a common helper to consolidate stripe validation process.
> Also make kernel code xfs_validate_sb_common() use it first.
>
> Signed-off-by: Gao Xiang <hsiangkao@redhat.com>
Looks ok,
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
--D
> ---
> [v3 RESEND]:
> sorry forget to drop a pair of unnecessary brace brackets.
>
> v2: https://lore.kernel.org/r/20201013034853.28236-1-hsiangkao@redhat.com
>
> Changes since v2:
> - update the expression on sb_unit and hasdalign check (Brian);
> - drop parentheses since modulus operation is a basic
> math operation (Brian);
> - (I missed earlier..) avoid div_s64_rem on modulus operation
> by checking swidth, sunit range first and casting to 32-bit
> integer. since sunit/swidth in the callers are in FSB or BB,
> so need to check the overflow first...
>
> Anyway, since logic change is made due to div_s64_rem() issue,
> please kindly help review again...
>
> Thanks,
> Gao Xiang
>
> fs/xfs/libxfs/xfs_sb.c | 77 ++++++++++++++++++++++++++++++++++++------
> fs/xfs/libxfs/xfs_sb.h | 3 ++
> 2 files changed, 69 insertions(+), 11 deletions(-)
>
> diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
> index 5aeafa59ed27..2078f4fe93b2 100644
> --- a/fs/xfs/libxfs/xfs_sb.c
> +++ b/fs/xfs/libxfs/xfs_sb.c
> @@ -360,21 +360,18 @@ xfs_validate_sb_common(
> }
> }
>
> - if (sbp->sb_unit) {
> - if (!xfs_sb_version_hasdalign(sbp) ||
> - sbp->sb_unit > sbp->sb_width ||
> - (sbp->sb_width % sbp->sb_unit) != 0) {
> - xfs_notice(mp, "SB stripe unit sanity check failed");
> - return -EFSCORRUPTED;
> - }
> - } else if (xfs_sb_version_hasdalign(sbp)) {
> + /*
> + * Either (sb_unit and !hasdalign) or (!sb_unit and hasdalign)
> + * would imply the image is corrupted.
> + */
> + if (!!sbp->sb_unit ^ xfs_sb_version_hasdalign(sbp)) {
> xfs_notice(mp, "SB stripe alignment sanity check failed");
> return -EFSCORRUPTED;
> - } else if (sbp->sb_width) {
> - xfs_notice(mp, "SB stripe width sanity check failed");
> - return -EFSCORRUPTED;
> }
>
> + if (!xfs_validate_stripe_geometry(mp, XFS_FSB_TO_B(mp, sbp->sb_unit),
> + XFS_FSB_TO_B(mp, sbp->sb_width), 0, false))
> + return -EFSCORRUPTED;
>
> if (xfs_sb_version_hascrc(&mp->m_sb) &&
> sbp->sb_blocksize < XFS_MIN_CRC_BLOCKSIZE) {
> @@ -1233,3 +1230,61 @@ xfs_sb_get_secondary(
> *bpp = bp;
> return 0;
> }
> +
> +/*
> + * sunit, swidth, sectorsize(optional with 0) should be all in bytes,
> + * so users won't be confused by values in error messages.
> + */
> +bool
> +xfs_validate_stripe_geometry(
> + struct xfs_mount *mp,
> + __s64 sunit,
> + __s64 swidth,
> + int sectorsize,
> + bool silent)
> +{
> + if (swidth > INT_MAX) {
> + if (!silent)
> + xfs_notice(mp,
> +"stripe width (%lld) is too large", swidth);
> + return false;
> + }
> +
> + if (sunit > swidth) {
> + if (!silent)
> + xfs_notice(mp,
> +"stripe unit (%lld) is larger than the stripe width (%lld)", sunit, swidth);
> + return false;
> + }
> +
> + if (sectorsize && (int)sunit % sectorsize) {
> + if (!silent)
> + xfs_notice(mp,
> +"stripe unit (%lld) must be a multiple of the sector size (%d)",
> + sunit, sectorsize);
> + return false;
> + }
> +
> + if (sunit && !swidth) {
> + if (!silent)
> + xfs_notice(mp,
> +"invalid stripe unit (%lld) and stripe width of 0", sunit);
> + return false;
> + }
> +
> + if (!sunit && swidth) {
> + if (!silent)
> + xfs_notice(mp,
> +"invalid stripe width (%lld) and stripe unit of 0", swidth);
> + return false;
> + }
> +
> + if (sunit && (int)swidth % (int)sunit) {
> + if (!silent)
> + xfs_notice(mp,
> +"stripe width (%lld) must be a multiple of the stripe unit (%lld)",
> + swidth, sunit);
> + return false;
> + }
> + return true;
> +}
> diff --git a/fs/xfs/libxfs/xfs_sb.h b/fs/xfs/libxfs/xfs_sb.h
> index 92465a9a5162..f79f9dc632b6 100644
> --- a/fs/xfs/libxfs/xfs_sb.h
> +++ b/fs/xfs/libxfs/xfs_sb.h
> @@ -42,4 +42,7 @@ extern int xfs_sb_get_secondary(struct xfs_mount *mp,
> struct xfs_trans *tp, xfs_agnumber_t agno,
> struct xfs_buf **bpp);
>
> +extern bool xfs_validate_stripe_geometry(struct xfs_mount *mp,
> + __s64 sunit, __s64 swidth, int sectorsize, bool silent);
> +
> #endif /* __XFS_SB_H__ */
> --
> 2.18.1
>
prev parent reply other threads:[~2020-10-14 16:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-13 23:13 [PATCH v3] xfs: introduce xfs_validate_stripe_geometry() Gao Xiang
2020-10-14 7:45 ` [PATCH v3 RESEND] " Gao Xiang
2020-10-14 13:24 ` Brian Foster
2020-10-14 16:19 ` Darrick J. Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201014161922.GG9832@magnolia \
--to=darrick.wong@oracle.com \
--cc=bfoster@redhat.com \
--cc=david@fromorbit.com \
--cc=hsiangkao@redhat.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).