2018-06-06 10:42:14 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
2005-11-02 11:58:39 +08:00
|
|
|
* Copyright (c) 2000-2002,2005 Silicon Graphics, Inc.
|
|
|
|
* All Rights Reserved.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
#include "xfs.h"
|
2005-11-02 11:38:42 +08:00
|
|
|
#include "xfs_fs.h"
|
2013-10-23 07:36:05 +08:00
|
|
|
#include "xfs_shared.h"
|
2013-10-23 07:51:50 +08:00
|
|
|
#include "xfs_format.h"
|
2013-10-23 07:50:10 +08:00
|
|
|
#include "xfs_log_format.h"
|
|
|
|
#include "xfs_trans_resv.h"
|
2005-04-17 06:20:36 +08:00
|
|
|
#include "xfs_mount.h"
|
|
|
|
#include "xfs_inode.h"
|
2013-10-23 07:51:50 +08:00
|
|
|
#include "xfs_btree.h"
|
2005-04-17 06:20:36 +08:00
|
|
|
#include "xfs_ialloc.h"
|
2013-10-23 07:51:50 +08:00
|
|
|
#include "xfs_ialloc_btree.h"
|
2019-07-03 00:39:40 +08:00
|
|
|
#include "xfs_iwalk.h"
|
2005-04-17 06:20:36 +08:00
|
|
|
#include "xfs_itable.h"
|
|
|
|
#include "xfs_error.h"
|
2012-10-08 18:56:11 +08:00
|
|
|
#include "xfs_icache.h"
|
2019-04-12 22:41:18 +08:00
|
|
|
#include "xfs_health.h"
|
2021-08-07 02:05:43 +08:00
|
|
|
#include "xfs_trans.h"
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-06-23 16:11:11 +08:00
|
|
|
/*
|
2019-07-03 00:39:40 +08:00
|
|
|
* Bulk Stat
|
|
|
|
* =========
|
|
|
|
*
|
2019-07-04 11:36:26 +08:00
|
|
|
* Use the inode walking functions to fill out struct xfs_bulkstat for every
|
2019-07-03 00:39:40 +08:00
|
|
|
* allocated inode, then pass the stat information to some externally provided
|
|
|
|
* iteration function.
|
2010-06-23 16:11:11 +08:00
|
|
|
*/
|
2019-07-03 00:39:40 +08:00
|
|
|
|
|
|
|
struct xfs_bstat_chunk {
|
|
|
|
bulkstat_one_fmt_pf formatter;
|
|
|
|
struct xfs_ibulk *breq;
|
2019-07-04 11:36:26 +08:00
|
|
|
struct xfs_bulkstat *buf;
|
2019-07-03 00:39:40 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Fill out the bulkstat info for a single inode and report it somewhere.
|
|
|
|
*
|
|
|
|
* bc->breq->lastino is effectively the inode cursor as we walk through the
|
|
|
|
* filesystem. Therefore, we update it any time we need to move the cursor
|
|
|
|
* forward, regardless of whether or not we're sending any bstat information
|
|
|
|
* back to userspace. If the inode is internal metadata or, has been freed
|
|
|
|
* out from under us, we just simply keep going.
|
|
|
|
*
|
|
|
|
* However, if any other type of error happens we want to stop right where we
|
|
|
|
* are so that userspace will call back with exact number of the bad inode and
|
|
|
|
* we can send back an error code.
|
|
|
|
*
|
|
|
|
* Note that if the formatter tells us there's no space left in the buffer we
|
|
|
|
* move the cursor forward and abort the walk.
|
|
|
|
*/
|
|
|
|
STATIC int
|
2010-06-23 16:11:11 +08:00
|
|
|
xfs_bulkstat_one_int(
|
2019-07-03 00:39:40 +08:00
|
|
|
struct xfs_mount *mp,
|
2023-01-13 19:49:30 +08:00
|
|
|
struct mnt_idmap *idmap,
|
2019-07-03 00:39:40 +08:00
|
|
|
struct xfs_trans *tp,
|
|
|
|
xfs_ino_t ino,
|
|
|
|
struct xfs_bstat_chunk *bc)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2021-01-21 21:19:58 +08:00
|
|
|
struct user_namespace *sb_userns = mp->m_super->s_user_ns;
|
2010-06-23 16:11:11 +08:00
|
|
|
struct xfs_inode *ip; /* incore inode pointer */
|
2016-02-09 13:54:58 +08:00
|
|
|
struct inode *inode;
|
2019-07-04 11:36:26 +08:00
|
|
|
struct xfs_bulkstat *buf = bc->buf;
|
2022-03-09 20:58:37 +08:00
|
|
|
xfs_extnum_t nextents;
|
2019-07-03 00:39:40 +08:00
|
|
|
int error = -EINVAL;
|
2022-09-19 04:54:14 +08:00
|
|
|
vfsuid_t vfsuid;
|
|
|
|
vfsgid_t vfsgid;
|
2010-06-23 16:11:11 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
if (xfs_internal_inum(mp, ino))
|
|
|
|
goto out_advance;
|
2010-06-23 16:11:11 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
error = xfs_iget(mp, tp, ino,
|
2012-03-22 13:15:10 +08:00
|
|
|
(XFS_IGET_DONTCACHE | XFS_IGET_UNTRUSTED),
|
|
|
|
XFS_ILOCK_SHARED, &ip);
|
2019-07-03 00:39:40 +08:00
|
|
|
if (error == -ENOENT || error == -EINVAL)
|
|
|
|
goto out_advance;
|
2014-07-24 09:33:28 +08:00
|
|
|
if (error)
|
2019-07-03 00:39:40 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2023-09-24 23:35:53 +08:00
|
|
|
/* Reload the incore unlinked list to avoid failure in inodegc. */
|
2023-09-11 23:39:07 +08:00
|
|
|
if (xfs_inode_unlinked_incomplete(ip)) {
|
|
|
|
error = xfs_inode_reload_unlinked_bucket(tp, ip);
|
|
|
|
if (error) {
|
|
|
|
xfs_iunlock(ip, XFS_ILOCK_SHARED);
|
2023-09-24 23:35:53 +08:00
|
|
|
xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
|
2023-09-11 23:39:07 +08:00
|
|
|
xfs_irele(ip);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ASSERT(ip != NULL);
|
2008-11-28 11:23:41 +08:00
|
|
|
ASSERT(ip->i_imap.im_blkno != 0);
|
2016-02-09 13:54:58 +08:00
|
|
|
inode = VFS_I(ip);
|
2023-01-13 19:49:30 +08:00
|
|
|
vfsuid = i_uid_into_vfsuid(idmap, inode);
|
|
|
|
vfsgid = i_gid_into_vfsgid(idmap, inode);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* xfs_iget returns the following without needing
|
|
|
|
* further change.
|
|
|
|
*/
|
2021-03-30 02:11:39 +08:00
|
|
|
buf->bs_projectid = ip->i_projid;
|
2005-04-17 06:20:36 +08:00
|
|
|
buf->bs_ino = ino;
|
2022-09-19 04:54:14 +08:00
|
|
|
buf->bs_uid = from_kuid(sb_userns, vfsuid_into_kuid(vfsuid));
|
|
|
|
buf->bs_gid = from_kgid(sb_userns, vfsgid_into_kgid(vfsgid));
|
2021-03-30 02:11:40 +08:00
|
|
|
buf->bs_size = ip->i_disk_size;
|
2016-02-09 13:54:58 +08:00
|
|
|
|
2016-02-09 13:54:58 +08:00
|
|
|
buf->bs_nlink = inode->i_nlink;
|
2023-10-05 02:53:02 +08:00
|
|
|
buf->bs_atime = inode_get_atime_sec(inode);
|
|
|
|
buf->bs_atime_nsec = inode_get_atime_nsec(inode);
|
|
|
|
buf->bs_mtime = inode_get_mtime_sec(inode);
|
|
|
|
buf->bs_mtime_nsec = inode_get_mtime_nsec(inode);
|
|
|
|
buf->bs_ctime = inode_get_ctime_sec(inode);
|
|
|
|
buf->bs_ctime_nsec = inode_get_ctime_nsec(inode);
|
2016-02-09 13:54:58 +08:00
|
|
|
buf->bs_gen = inode->i_generation;
|
2016-02-09 13:54:58 +08:00
|
|
|
buf->bs_mode = inode->i_mode;
|
2016-02-09 13:54:58 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
buf->bs_xflags = xfs_ip2xflags(ip);
|
2021-03-30 02:11:41 +08:00
|
|
|
buf->bs_extsize_blks = ip->i_extsize;
|
2022-03-09 20:58:37 +08:00
|
|
|
|
|
|
|
nextents = xfs_ifork_nextents(&ip->i_df);
|
|
|
|
if (!(bc->breq->flags & XFS_IBULK_NREXT64))
|
|
|
|
buf->bs_extents = min(nextents, XFS_MAX_EXTCNT_DATA_FORK_SMALL);
|
|
|
|
else
|
|
|
|
buf->bs_extents64 = nextents;
|
|
|
|
|
2019-04-12 22:41:18 +08:00
|
|
|
xfs_bulkstat_health(ip, buf);
|
xfs: make inode attribute forks a permanent part of struct xfs_inode
Syzkaller reported a UAF bug a while back:
==================================================================
BUG: KASAN: use-after-free in xfs_ilock_attr_map_shared+0xe3/0xf6 fs/xfs/xfs_inode.c:127
Read of size 4 at addr ffff88802cec919c by task syz-executor262/2958
CPU: 2 PID: 2958 Comm: syz-executor262 Not tainted
5.15.0-0.30.3-20220406_1406 #3
Hardware name: Red Hat KVM, BIOS 1.13.0-2.module+el8.3.0+7860+a7792d29
04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106
print_address_description.constprop.9+0x21/0x2d5 mm/kasan/report.c:256
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold.14+0x7f/0x11b mm/kasan/report.c:459
xfs_ilock_attr_map_shared+0xe3/0xf6 fs/xfs/xfs_inode.c:127
xfs_attr_get+0x378/0x4c2 fs/xfs/libxfs/xfs_attr.c:159
xfs_xattr_get+0xe3/0x150 fs/xfs/xfs_xattr.c:36
__vfs_getxattr+0xdf/0x13d fs/xattr.c:399
cap_inode_need_killpriv+0x41/0x5d security/commoncap.c:300
security_inode_need_killpriv+0x4c/0x97 security/security.c:1408
dentry_needs_remove_privs.part.28+0x21/0x63 fs/inode.c:1912
dentry_needs_remove_privs+0x80/0x9e fs/inode.c:1908
do_truncate+0xc3/0x1e0 fs/open.c:56
handle_truncate fs/namei.c:3084 [inline]
do_open fs/namei.c:3432 [inline]
path_openat+0x30ab/0x396d fs/namei.c:3561
do_filp_open+0x1c4/0x290 fs/namei.c:3588
do_sys_openat2+0x60d/0x98c fs/open.c:1212
do_sys_open+0xcf/0x13c fs/open.c:1228
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3a/0x7e arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0x0
RIP: 0033:0x7f7ef4bb753d
Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73
01 c3 48 8b 0d 1b 79 2c 00 f7 d8 64 89 01 48
RSP: 002b:00007f7ef52c2ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000404148 RCX: 00007f7ef4bb753d
RDX: 00007f7ef4bb753d RSI: 0000000000000000 RDI: 0000000020004fc0
RBP: 0000000000404140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 00007ffd794db37f R14: 00007ffd794db470 R15: 00007f7ef52c2fc0
</TASK>
Allocated by task 2953:
kasan_save_stack+0x19/0x38 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0x68/0x7c mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook mm/slab.h:519 [inline]
slab_alloc_node mm/slub.c:3213 [inline]
slab_alloc mm/slub.c:3221 [inline]
kmem_cache_alloc+0x11b/0x3eb mm/slub.c:3226
kmem_cache_zalloc include/linux/slab.h:711 [inline]
xfs_ifork_alloc+0x25/0xa2 fs/xfs/libxfs/xfs_inode_fork.c:287
xfs_bmap_add_attrfork+0x3f2/0x9b1 fs/xfs/libxfs/xfs_bmap.c:1098
xfs_attr_set+0xe38/0x12a7 fs/xfs/libxfs/xfs_attr.c:746
xfs_xattr_set+0xeb/0x1a9 fs/xfs/xfs_xattr.c:59
__vfs_setxattr+0x11b/0x177 fs/xattr.c:180
__vfs_setxattr_noperm+0x128/0x5e0 fs/xattr.c:214
__vfs_setxattr_locked+0x1d4/0x258 fs/xattr.c:275
vfs_setxattr+0x154/0x33d fs/xattr.c:301
setxattr+0x216/0x29f fs/xattr.c:575
__do_sys_fsetxattr fs/xattr.c:632 [inline]
__se_sys_fsetxattr fs/xattr.c:621 [inline]
__x64_sys_fsetxattr+0x243/0x2fe fs/xattr.c:621
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3a/0x7e arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0x0
Freed by task 2949:
kasan_save_stack+0x19/0x38 mm/kasan/common.c:38
kasan_set_track+0x1c/0x21 mm/kasan/common.c:46
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360
____kasan_slab_free mm/kasan/common.c:366 [inline]
____kasan_slab_free mm/kasan/common.c:328 [inline]
__kasan_slab_free+0xe2/0x10e mm/kasan/common.c:374
kasan_slab_free include/linux/kasan.h:230 [inline]
slab_free_hook mm/slub.c:1700 [inline]
slab_free_freelist_hook mm/slub.c:1726 [inline]
slab_free mm/slub.c:3492 [inline]
kmem_cache_free+0xdc/0x3ce mm/slub.c:3508
xfs_attr_fork_remove+0x8d/0x132 fs/xfs/libxfs/xfs_attr_leaf.c:773
xfs_attr_sf_removename+0x5dd/0x6cb fs/xfs/libxfs/xfs_attr_leaf.c:822
xfs_attr_remove_iter+0x68c/0x805 fs/xfs/libxfs/xfs_attr.c:1413
xfs_attr_remove_args+0xb1/0x10d fs/xfs/libxfs/xfs_attr.c:684
xfs_attr_set+0xf1e/0x12a7 fs/xfs/libxfs/xfs_attr.c:802
xfs_xattr_set+0xeb/0x1a9 fs/xfs/xfs_xattr.c:59
__vfs_removexattr+0x106/0x16a fs/xattr.c:468
cap_inode_killpriv+0x24/0x47 security/commoncap.c:324
security_inode_killpriv+0x54/0xa1 security/security.c:1414
setattr_prepare+0x1a6/0x897 fs/attr.c:146
xfs_vn_change_ok+0x111/0x15e fs/xfs/xfs_iops.c:682
xfs_vn_setattr_size+0x5f/0x15a fs/xfs/xfs_iops.c:1065
xfs_vn_setattr+0x125/0x2ad fs/xfs/xfs_iops.c:1093
notify_change+0xae5/0x10a1 fs/attr.c:410
do_truncate+0x134/0x1e0 fs/open.c:64
handle_truncate fs/namei.c:3084 [inline]
do_open fs/namei.c:3432 [inline]
path_openat+0x30ab/0x396d fs/namei.c:3561
do_filp_open+0x1c4/0x290 fs/namei.c:3588
do_sys_openat2+0x60d/0x98c fs/open.c:1212
do_sys_open+0xcf/0x13c fs/open.c:1228
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3a/0x7e arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0x0
The buggy address belongs to the object at ffff88802cec9188
which belongs to the cache xfs_ifork of size 40
The buggy address is located 20 bytes inside of
40-byte region [ffff88802cec9188, ffff88802cec91b0)
The buggy address belongs to the page:
page:00000000c3af36a1 refcount:1 mapcount:0 mapping:0000000000000000
index:0x0 pfn:0x2cec9
flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
raw: 000fffffc0000200 ffffea00009d2580 0000000600000006 ffff88801a9ffc80
raw: 0000000000000000 0000000080490049 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88802cec9080: fb fb fb fc fc fa fb fb fb fb fc fc fb fb fb fb
ffff88802cec9100: fb fc fc fb fb fb fb fb fc fc fb fb fb fb fb fc
>ffff88802cec9180: fc fa fb fb fb fb fc fc fa fb fb fb fb fc fc fb
^
ffff88802cec9200: fb fb fb fb fc fc fb fb fb fb fb fc fc fb fb fb
ffff88802cec9280: fb fb fc fc fa fb fb fb fb fc fc fa fb fb fb fb
==================================================================
The root cause of this bug is the unlocked access to xfs_inode.i_afp
from the getxattr code paths while trying to determine which ILOCK mode
to use to stabilize the xattr data. Unfortunately, the VFS does not
acquire i_rwsem when vfs_getxattr (or listxattr) call into the
filesystem, which means that getxattr can race with a removexattr that's
tearing down the attr fork and crash:
xfs_attr_set: xfs_attr_get:
xfs_attr_fork_remove: xfs_ilock_attr_map_shared:
xfs_idestroy_fork(ip->i_afp);
kmem_cache_free(xfs_ifork_cache, ip->i_afp);
if (ip->i_afp &&
ip->i_afp = NULL;
xfs_need_iread_extents(ip->i_afp))
<KABOOM>
ip->i_forkoff = 0;
Regrettably, the VFS is much more lax about i_rwsem and getxattr than
is immediately obvious -- not only does it not guarantee that we hold
i_rwsem, it actually doesn't guarantee that we *don't* hold it either.
The getxattr system call won't acquire the lock before calling XFS, but
the file capabilities code calls getxattr with and without i_rwsem held
to determine if the "security.capabilities" xattr is set on the file.
Fixing the VFS locking requires a treewide investigation into every code
path that could touch an xattr and what i_rwsem state it expects or sets
up. That could take years or even prove impossible; fortunately, we
can fix this UAF problem inside XFS.
An earlier version of this patch used smp_wmb in xfs_attr_fork_remove to
ensure that i_forkoff is always zeroed before i_afp is set to null and
changed the read paths to use smp_rmb before accessing i_forkoff and
i_afp, which avoided these UAF problems. However, the patch author was
too busy dealing with other problems in the meantime, and by the time he
came back to this issue, the situation had changed a bit.
On a modern system with selinux, each inode will always have at least
one xattr for the selinux label, so it doesn't make much sense to keep
incurring the extra pointer dereference. Furthermore, Allison's
upcoming parent pointer patchset will also cause nearly every inode in
the filesystem to have extended attributes. Therefore, make the inode
attribute fork structure part of struct xfs_inode, at a cost of 40 more
bytes.
This patch adds a clunky if_present field where necessary to maintain
the existing logic of xattr fork null pointer testing in the existing
codebase. The next patch switches the logic over to XFS_IFORK_Q and it
all goes away.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
2022-07-10 01:56:06 +08:00
|
|
|
buf->bs_aextents = xfs_ifork_nextents(&ip->i_af);
|
2022-07-10 01:56:07 +08:00
|
|
|
buf->bs_forkoff = xfs_inode_fork_boff(ip);
|
2019-07-04 11:36:26 +08:00
|
|
|
buf->bs_version = XFS_BULKSTAT_VERSION_V5;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2021-08-19 09:46:37 +08:00
|
|
|
if (xfs_has_v3inodes(mp)) {
|
2021-03-30 02:11:45 +08:00
|
|
|
buf->bs_btime = ip->i_crtime.tv_sec;
|
|
|
|
buf->bs_btime_nsec = ip->i_crtime.tv_nsec;
|
2021-03-30 02:11:45 +08:00
|
|
|
if (ip->i_diflags2 & XFS_DIFLAG2_COWEXTSIZE)
|
2021-03-30 02:11:42 +08:00
|
|
|
buf->bs_cowextsize_blks = ip->i_cowextsize;
|
2016-10-04 00:11:43 +08:00
|
|
|
}
|
|
|
|
|
2020-05-19 01:28:05 +08:00
|
|
|
switch (ip->i_df.if_format) {
|
2005-04-17 06:20:36 +08:00
|
|
|
case XFS_DINODE_FMT_DEV:
|
2017-10-20 02:07:09 +08:00
|
|
|
buf->bs_rdev = sysv_encode_dev(inode->i_rdev);
|
2005-04-17 06:20:36 +08:00
|
|
|
buf->bs_blksize = BLKDEV_IOSIZE;
|
|
|
|
buf->bs_blocks = 0;
|
|
|
|
break;
|
|
|
|
case XFS_DINODE_FMT_LOCAL:
|
|
|
|
buf->bs_rdev = 0;
|
|
|
|
buf->bs_blksize = mp->m_sb.sb_blocksize;
|
|
|
|
buf->bs_blocks = 0;
|
|
|
|
break;
|
|
|
|
case XFS_DINODE_FMT_EXTENTS:
|
|
|
|
case XFS_DINODE_FMT_BTREE:
|
|
|
|
buf->bs_rdev = 0;
|
|
|
|
buf->bs_blksize = mp->m_sb.sb_blocksize;
|
2021-03-30 02:11:40 +08:00
|
|
|
buf->bs_blocks = ip->i_nblocks + ip->i_delayed_blks;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
2010-06-24 09:52:50 +08:00
|
|
|
xfs_iunlock(ip, XFS_ILOCK_SHARED);
|
2018-07-26 03:52:32 +08:00
|
|
|
xfs_irele(ip);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
error = bc->formatter(bc->breq, buf);
|
2019-08-29 05:37:57 +08:00
|
|
|
if (error == -ECANCELED)
|
2019-07-03 00:39:40 +08:00
|
|
|
goto out_advance;
|
|
|
|
if (error)
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
out_advance:
|
|
|
|
/*
|
|
|
|
* Advance the cursor to the inode that comes after the one we just
|
|
|
|
* looked at. We want the caller to move along if the bulkstat
|
|
|
|
* information was copied successfully; if we tried to grab the inode
|
|
|
|
* but it's no longer allocated; or if it's internal metadata.
|
|
|
|
*/
|
|
|
|
bc->breq->startino = ino + 1;
|
|
|
|
out:
|
2010-06-23 16:11:11 +08:00
|
|
|
return error;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
/* Bulkstat a single inode. */
|
2008-11-26 11:20:11 +08:00
|
|
|
int
|
|
|
|
xfs_bulkstat_one(
|
2019-07-03 00:39:40 +08:00
|
|
|
struct xfs_ibulk *breq,
|
|
|
|
bulkstat_one_fmt_pf formatter)
|
2008-11-26 11:20:11 +08:00
|
|
|
{
|
2019-07-03 00:39:40 +08:00
|
|
|
struct xfs_bstat_chunk bc = {
|
|
|
|
.formatter = formatter,
|
|
|
|
.breq = breq,
|
|
|
|
};
|
2021-08-07 02:05:43 +08:00
|
|
|
struct xfs_trans *tp;
|
2019-07-03 00:39:40 +08:00
|
|
|
int error;
|
|
|
|
|
2023-01-13 19:49:30 +08:00
|
|
|
if (breq->idmap != &nop_mnt_idmap) {
|
2021-03-15 01:59:39 +08:00
|
|
|
xfs_warn_ratelimited(breq->mp,
|
|
|
|
"bulkstat not supported inside of idmapped mounts.");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
ASSERT(breq->icount == 1);
|
|
|
|
|
2019-07-04 11:36:26 +08:00
|
|
|
bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
|
2019-08-27 03:06:22 +08:00
|
|
|
KM_MAYFAIL);
|
2019-07-03 00:39:40 +08:00
|
|
|
if (!bc.buf)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2021-08-07 02:05:43 +08:00
|
|
|
/*
|
|
|
|
* Grab an empty transaction so that we can use its recursive buffer
|
|
|
|
* locking abilities to detect cycles in the inobt without deadlocking.
|
|
|
|
*/
|
|
|
|
error = xfs_trans_alloc_empty(breq->mp, &tp);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
2019-07-03 00:39:40 +08:00
|
|
|
|
2023-01-13 19:49:30 +08:00
|
|
|
error = xfs_bulkstat_one_int(breq->mp, breq->idmap, tp,
|
2021-08-07 02:05:43 +08:00
|
|
|
breq->startino, &bc);
|
|
|
|
xfs_trans_cancel(tp);
|
|
|
|
out:
|
2019-07-03 00:39:40 +08:00
|
|
|
kmem_free(bc.buf);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we reported one inode to userspace then we abort because we hit
|
|
|
|
* the end of the buffer. Don't leak that back to userspace.
|
|
|
|
*/
|
2019-08-29 05:37:57 +08:00
|
|
|
if (error == -ECANCELED)
|
2019-07-03 00:39:40 +08:00
|
|
|
error = 0;
|
|
|
|
|
|
|
|
return error;
|
2006-09-28 09:01:46 +08:00
|
|
|
}
|
|
|
|
|
2014-11-07 05:30:30 +08:00
|
|
|
static int
|
2019-07-03 00:39:40 +08:00
|
|
|
xfs_bulkstat_iwalk(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
struct xfs_trans *tp,
|
|
|
|
xfs_ino_t ino,
|
|
|
|
void *data)
|
2014-08-04 09:22:31 +08:00
|
|
|
{
|
2021-01-21 21:19:58 +08:00
|
|
|
struct xfs_bstat_chunk *bc = data;
|
2019-07-03 00:39:40 +08:00
|
|
|
int error;
|
2014-11-07 05:33:52 +08:00
|
|
|
|
2023-01-13 19:49:30 +08:00
|
|
|
error = xfs_bulkstat_one_int(mp, bc->breq->idmap, tp, ino, data);
|
2019-07-03 00:39:40 +08:00
|
|
|
/* bulkstat just skips over missing inodes */
|
|
|
|
if (error == -ENOENT || error == -EINVAL)
|
|
|
|
return 0;
|
2014-08-04 09:22:31 +08:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
2019-07-03 00:39:40 +08:00
|
|
|
* Check the incoming lastino parameter.
|
|
|
|
*
|
|
|
|
* We allow any inode value that could map to physical space inside the
|
|
|
|
* filesystem because if there are no inodes there, bulkstat moves on to the
|
|
|
|
* next chunk. In other words, the magic agino value of zero takes us to the
|
|
|
|
* first chunk in the AG, and an agino value past the end of the AG takes us to
|
|
|
|
* the first chunk in the next AG.
|
|
|
|
*
|
|
|
|
* Therefore we can end early if the requested inode is beyond the end of the
|
|
|
|
* filesystem or doesn't map properly.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2019-07-03 00:39:40 +08:00
|
|
|
static inline bool
|
|
|
|
xfs_bulkstat_already_done(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
xfs_ino_t startino)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-07-03 00:39:40 +08:00
|
|
|
xfs_agnumber_t agno = XFS_INO_TO_AGNO(mp, startino);
|
|
|
|
xfs_agino_t agino = XFS_INO_TO_AGINO(mp, startino);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
return agno >= mp->m_sb.sb_agcount ||
|
|
|
|
startino != XFS_AGINO_TO_INO(mp, agno, agino);
|
|
|
|
}
|
2014-07-24 16:40:26 +08:00
|
|
|
|
2019-07-03 00:39:40 +08:00
|
|
|
/* Return stat information in bulk (by-inode) for the filesystem. */
|
|
|
|
int
|
|
|
|
xfs_bulkstat(
|
|
|
|
struct xfs_ibulk *breq,
|
|
|
|
bulkstat_one_fmt_pf formatter)
|
|
|
|
{
|
|
|
|
struct xfs_bstat_chunk bc = {
|
|
|
|
.formatter = formatter,
|
|
|
|
.breq = breq,
|
|
|
|
};
|
2021-08-07 02:05:43 +08:00
|
|
|
struct xfs_trans *tp;
|
2022-03-09 20:34:04 +08:00
|
|
|
unsigned int iwalk_flags = 0;
|
2019-07-03 00:39:40 +08:00
|
|
|
int error;
|
2014-11-07 05:30:30 +08:00
|
|
|
|
2023-01-13 19:49:30 +08:00
|
|
|
if (breq->idmap != &nop_mnt_idmap) {
|
2021-01-21 21:19:58 +08:00
|
|
|
xfs_warn_ratelimited(breq->mp,
|
|
|
|
"bulkstat not supported inside of idmapped mounts.");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2019-07-03 00:39:40 +08:00
|
|
|
if (xfs_bulkstat_already_done(breq->mp, breq->startino))
|
|
|
|
return 0;
|
2014-11-07 05:30:30 +08:00
|
|
|
|
2019-07-04 11:36:26 +08:00
|
|
|
bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
|
2019-08-27 03:06:22 +08:00
|
|
|
KM_MAYFAIL);
|
2019-07-03 00:39:40 +08:00
|
|
|
if (!bc.buf)
|
2014-06-25 12:58:08 +08:00
|
|
|
return -ENOMEM;
|
2014-11-07 05:30:30 +08:00
|
|
|
|
2021-08-07 02:05:43 +08:00
|
|
|
/*
|
|
|
|
* Grab an empty transaction so that we can use its recursive buffer
|
|
|
|
* locking abilities to detect cycles in the inobt without deadlocking.
|
|
|
|
*/
|
|
|
|
error = xfs_trans_alloc_empty(breq->mp, &tp);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
2014-11-07 05:31:13 +08:00
|
|
|
|
2022-03-09 20:34:04 +08:00
|
|
|
if (breq->flags & XFS_IBULK_SAME_AG)
|
|
|
|
iwalk_flags |= XFS_IWALK_SAME_AG;
|
|
|
|
|
|
|
|
error = xfs_iwalk(breq->mp, tp, breq->startino, iwalk_flags,
|
2021-08-07 02:05:43 +08:00
|
|
|
xfs_bulkstat_iwalk, breq->icount, &bc);
|
|
|
|
xfs_trans_cancel(tp);
|
|
|
|
out:
|
2019-07-03 00:39:40 +08:00
|
|
|
kmem_free(bc.buf);
|
2014-11-07 05:31:15 +08:00
|
|
|
|
2007-11-23 13:30:32 +08:00
|
|
|
/*
|
2014-11-07 05:31:15 +08:00
|
|
|
* We found some inodes, so clear the error status and return them.
|
|
|
|
* The lastino pointer will point directly at the inode that triggered
|
|
|
|
* any error that occurred, so on the next call the error will be
|
|
|
|
* triggered again and propagated to userspace as there will be no
|
|
|
|
* formatted inodes in the buffer.
|
2007-11-23 13:30:32 +08:00
|
|
|
*/
|
2019-07-03 00:39:40 +08:00
|
|
|
if (breq->ocount > 0)
|
2014-11-07 05:31:15 +08:00
|
|
|
error = 0;
|
|
|
|
|
|
|
|
return error;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2019-07-04 11:36:26 +08:00
|
|
|
/* Convert bulkstat (v5) to bstat (v1). */
|
|
|
|
void
|
|
|
|
xfs_bulkstat_to_bstat(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
struct xfs_bstat *bs1,
|
|
|
|
const struct xfs_bulkstat *bstat)
|
|
|
|
{
|
2019-07-29 12:12:32 +08:00
|
|
|
/* memset is needed here because of padding holes in the structure. */
|
2019-07-04 11:36:26 +08:00
|
|
|
memset(bs1, 0, sizeof(struct xfs_bstat));
|
|
|
|
bs1->bs_ino = bstat->bs_ino;
|
|
|
|
bs1->bs_mode = bstat->bs_mode;
|
|
|
|
bs1->bs_nlink = bstat->bs_nlink;
|
|
|
|
bs1->bs_uid = bstat->bs_uid;
|
|
|
|
bs1->bs_gid = bstat->bs_gid;
|
|
|
|
bs1->bs_rdev = bstat->bs_rdev;
|
|
|
|
bs1->bs_blksize = bstat->bs_blksize;
|
|
|
|
bs1->bs_size = bstat->bs_size;
|
|
|
|
bs1->bs_atime.tv_sec = bstat->bs_atime;
|
|
|
|
bs1->bs_mtime.tv_sec = bstat->bs_mtime;
|
|
|
|
bs1->bs_ctime.tv_sec = bstat->bs_ctime;
|
|
|
|
bs1->bs_atime.tv_nsec = bstat->bs_atime_nsec;
|
|
|
|
bs1->bs_mtime.tv_nsec = bstat->bs_mtime_nsec;
|
|
|
|
bs1->bs_ctime.tv_nsec = bstat->bs_ctime_nsec;
|
|
|
|
bs1->bs_blocks = bstat->bs_blocks;
|
|
|
|
bs1->bs_xflags = bstat->bs_xflags;
|
|
|
|
bs1->bs_extsize = XFS_FSB_TO_B(mp, bstat->bs_extsize_blks);
|
|
|
|
bs1->bs_extents = bstat->bs_extents;
|
|
|
|
bs1->bs_gen = bstat->bs_gen;
|
|
|
|
bs1->bs_projid_lo = bstat->bs_projectid & 0xFFFF;
|
|
|
|
bs1->bs_forkoff = bstat->bs_forkoff;
|
|
|
|
bs1->bs_projid_hi = bstat->bs_projectid >> 16;
|
|
|
|
bs1->bs_sick = bstat->bs_sick;
|
|
|
|
bs1->bs_checked = bstat->bs_checked;
|
|
|
|
bs1->bs_cowextsize = XFS_FSB_TO_B(mp, bstat->bs_cowextsize_blks);
|
|
|
|
bs1->bs_dmevmask = 0;
|
|
|
|
bs1->bs_dmstate = 0;
|
|
|
|
bs1->bs_aextents = bstat->bs_aextents;
|
|
|
|
}
|
|
|
|
|
2019-07-03 00:39:43 +08:00
|
|
|
struct xfs_inumbers_chunk {
|
|
|
|
inumbers_fmt_pf formatter;
|
|
|
|
struct xfs_ibulk *breq;
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* INUMBERS
|
|
|
|
* ========
|
|
|
|
* This is how we export inode btree records to userspace, so that XFS tools
|
|
|
|
* can figure out where inodes are allocated.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Format the inode group structure and report it somewhere.
|
|
|
|
*
|
|
|
|
* Similar to xfs_bulkstat_one_int, lastino is the inode cursor as we walk
|
|
|
|
* through the filesystem so we move it forward unless there was a runtime
|
|
|
|
* error. If the formatter tells us the buffer is now full we also move the
|
|
|
|
* cursor forward and abort the walk.
|
|
|
|
*/
|
|
|
|
STATIC int
|
|
|
|
xfs_inumbers_walk(
|
|
|
|
struct xfs_mount *mp,
|
|
|
|
struct xfs_trans *tp,
|
|
|
|
xfs_agnumber_t agno,
|
|
|
|
const struct xfs_inobt_rec_incore *irec,
|
|
|
|
void *data)
|
2007-07-11 09:10:19 +08:00
|
|
|
{
|
2019-07-04 11:36:27 +08:00
|
|
|
struct xfs_inumbers inogrp = {
|
2019-07-03 00:39:43 +08:00
|
|
|
.xi_startino = XFS_AGINO_TO_INO(mp, agno, irec->ir_startino),
|
|
|
|
.xi_alloccount = irec->ir_count - irec->ir_freecount,
|
|
|
|
.xi_allocmask = ~irec->ir_free,
|
2019-07-04 11:36:27 +08:00
|
|
|
.xi_version = XFS_INUMBERS_VERSION_V5,
|
2019-07-03 00:39:43 +08:00
|
|
|
};
|
|
|
|
struct xfs_inumbers_chunk *ic = data;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = ic->formatter(ic->breq, &inogrp);
|
2019-08-29 05:37:57 +08:00
|
|
|
if (error && error != -ECANCELED)
|
2019-07-03 00:39:43 +08:00
|
|
|
return error;
|
|
|
|
|
2019-07-09 10:36:17 +08:00
|
|
|
ic->breq->startino = XFS_AGINO_TO_INO(mp, agno, irec->ir_startino) +
|
|
|
|
XFS_INODES_PER_CHUNK;
|
2019-07-03 00:39:43 +08:00
|
|
|
return error;
|
2007-07-11 09:10:19 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Return inode number table for the filesystem.
|
|
|
|
*/
|
2019-07-03 00:39:43 +08:00
|
|
|
int
|
2005-04-17 06:20:36 +08:00
|
|
|
xfs_inumbers(
|
2019-07-03 00:39:43 +08:00
|
|
|
struct xfs_ibulk *breq,
|
2014-07-24 10:11:47 +08:00
|
|
|
inumbers_fmt_pf formatter)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-07-03 00:39:43 +08:00
|
|
|
struct xfs_inumbers_chunk ic = {
|
|
|
|
.formatter = formatter,
|
|
|
|
.breq = breq,
|
|
|
|
};
|
2021-08-07 02:05:43 +08:00
|
|
|
struct xfs_trans *tp;
|
2014-07-24 10:11:47 +08:00
|
|
|
int error = 0;
|
|
|
|
|
2019-07-03 00:39:43 +08:00
|
|
|
if (xfs_bulkstat_already_done(breq->mp, breq->startino))
|
|
|
|
return 0;
|
2014-07-24 10:11:47 +08:00
|
|
|
|
2021-08-07 02:05:43 +08:00
|
|
|
/*
|
|
|
|
* Grab an empty transaction so that we can use its recursive buffer
|
|
|
|
* locking abilities to detect cycles in the inobt without deadlocking.
|
|
|
|
*/
|
|
|
|
error = xfs_trans_alloc_empty(breq->mp, &tp);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
error = xfs_inobt_walk(breq->mp, tp, breq->startino, breq->flags,
|
2019-07-03 00:39:43 +08:00
|
|
|
xfs_inumbers_walk, breq->icount, &ic);
|
2021-08-07 02:05:43 +08:00
|
|
|
xfs_trans_cancel(tp);
|
|
|
|
out:
|
2014-07-24 10:18:47 +08:00
|
|
|
|
2019-07-03 00:39:43 +08:00
|
|
|
/*
|
|
|
|
* We found some inode groups, so clear the error status and return
|
|
|
|
* them. The lastino pointer will point directly at the inode that
|
|
|
|
* triggered any error that occurred, so on the next call the error
|
|
|
|
* will be triggered again and propagated to userspace as there will be
|
|
|
|
* no formatted inode groups in the buffer.
|
|
|
|
*/
|
|
|
|
if (breq->ocount > 0)
|
|
|
|
error = 0;
|
2014-07-24 10:18:47 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return error;
|
|
|
|
}
|
2019-07-04 11:36:27 +08:00
|
|
|
|
|
|
|
/* Convert an inumbers (v5) struct to a inogrp (v1) struct. */
|
|
|
|
void
|
|
|
|
xfs_inumbers_to_inogrp(
|
|
|
|
struct xfs_inogrp *ig1,
|
|
|
|
const struct xfs_inumbers *ig)
|
|
|
|
{
|
2019-07-29 12:12:32 +08:00
|
|
|
/* memset is needed here because of padding holes in the structure. */
|
|
|
|
memset(ig1, 0, sizeof(struct xfs_inogrp));
|
2019-07-04 11:36:27 +08:00
|
|
|
ig1->xi_startino = ig->xi_startino;
|
|
|
|
ig1->xi_alloccount = ig->xi_alloccount;
|
|
|
|
ig1->xi_allocmask = ig->xi_allocmask;
|
|
|
|
}
|