mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-23 04:34:11 +08:00
2e616d9f9c
Explicitly initialize the onstack structures to zero so we don't leak
kernel memory into userspace when converting the in-core inumbers
structure to the v1 inogrp ioctl structure. Add a comment about why we
have to use memset to ensure that the padding holes in the structures
are set to zero.
Fixes: 5f19c7fc68
("xfs: introduce v5 inode group structure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
398 lines
10 KiB
C
398 lines
10 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (c) 2000-2002,2005 Silicon Graphics, Inc.
|
|
* All Rights Reserved.
|
|
*/
|
|
#include "xfs.h"
|
|
#include "xfs_fs.h"
|
|
#include "xfs_shared.h"
|
|
#include "xfs_format.h"
|
|
#include "xfs_log_format.h"
|
|
#include "xfs_trans_resv.h"
|
|
#include "xfs_mount.h"
|
|
#include "xfs_inode.h"
|
|
#include "xfs_btree.h"
|
|
#include "xfs_ialloc.h"
|
|
#include "xfs_ialloc_btree.h"
|
|
#include "xfs_iwalk.h"
|
|
#include "xfs_itable.h"
|
|
#include "xfs_error.h"
|
|
#include "xfs_icache.h"
|
|
#include "xfs_health.h"
|
|
|
|
/*
|
|
* Bulk Stat
|
|
* =========
|
|
*
|
|
* Use the inode walking functions to fill out struct xfs_bulkstat for every
|
|
* allocated inode, then pass the stat information to some externally provided
|
|
* iteration function.
|
|
*/
|
|
|
|
struct xfs_bstat_chunk {
|
|
bulkstat_one_fmt_pf formatter;
|
|
struct xfs_ibulk *breq;
|
|
struct xfs_bulkstat *buf;
|
|
};
|
|
|
|
/*
|
|
* Fill out the bulkstat info for a single inode and report it somewhere.
|
|
*
|
|
* bc->breq->lastino is effectively the inode cursor as we walk through the
|
|
* filesystem. Therefore, we update it any time we need to move the cursor
|
|
* forward, regardless of whether or not we're sending any bstat information
|
|
* back to userspace. If the inode is internal metadata or, has been freed
|
|
* out from under us, we just simply keep going.
|
|
*
|
|
* However, if any other type of error happens we want to stop right where we
|
|
* are so that userspace will call back with exact number of the bad inode and
|
|
* we can send back an error code.
|
|
*
|
|
* Note that if the formatter tells us there's no space left in the buffer we
|
|
* move the cursor forward and abort the walk.
|
|
*/
|
|
STATIC int
|
|
xfs_bulkstat_one_int(
|
|
struct xfs_mount *mp,
|
|
struct xfs_trans *tp,
|
|
xfs_ino_t ino,
|
|
struct xfs_bstat_chunk *bc)
|
|
{
|
|
struct xfs_icdinode *dic; /* dinode core info pointer */
|
|
struct xfs_inode *ip; /* incore inode pointer */
|
|
struct inode *inode;
|
|
struct xfs_bulkstat *buf = bc->buf;
|
|
int error = -EINVAL;
|
|
|
|
if (xfs_internal_inum(mp, ino))
|
|
goto out_advance;
|
|
|
|
error = xfs_iget(mp, tp, ino,
|
|
(XFS_IGET_DONTCACHE | XFS_IGET_UNTRUSTED),
|
|
XFS_ILOCK_SHARED, &ip);
|
|
if (error == -ENOENT || error == -EINVAL)
|
|
goto out_advance;
|
|
if (error)
|
|
goto out;
|
|
|
|
ASSERT(ip != NULL);
|
|
ASSERT(ip->i_imap.im_blkno != 0);
|
|
inode = VFS_I(ip);
|
|
|
|
dic = &ip->i_d;
|
|
|
|
/* xfs_iget returns the following without needing
|
|
* further change.
|
|
*/
|
|
buf->bs_projectid = xfs_get_projid(ip);
|
|
buf->bs_ino = ino;
|
|
buf->bs_uid = dic->di_uid;
|
|
buf->bs_gid = dic->di_gid;
|
|
buf->bs_size = dic->di_size;
|
|
|
|
buf->bs_nlink = inode->i_nlink;
|
|
buf->bs_atime = inode->i_atime.tv_sec;
|
|
buf->bs_atime_nsec = inode->i_atime.tv_nsec;
|
|
buf->bs_mtime = inode->i_mtime.tv_sec;
|
|
buf->bs_mtime_nsec = inode->i_mtime.tv_nsec;
|
|
buf->bs_ctime = inode->i_ctime.tv_sec;
|
|
buf->bs_ctime_nsec = inode->i_ctime.tv_nsec;
|
|
buf->bs_btime = dic->di_crtime.t_sec;
|
|
buf->bs_btime_nsec = dic->di_crtime.t_nsec;
|
|
buf->bs_gen = inode->i_generation;
|
|
buf->bs_mode = inode->i_mode;
|
|
|
|
buf->bs_xflags = xfs_ip2xflags(ip);
|
|
buf->bs_extsize_blks = dic->di_extsize;
|
|
buf->bs_extents = dic->di_nextents;
|
|
xfs_bulkstat_health(ip, buf);
|
|
buf->bs_aextents = dic->di_anextents;
|
|
buf->bs_forkoff = XFS_IFORK_BOFF(ip);
|
|
buf->bs_version = XFS_BULKSTAT_VERSION_V5;
|
|
|
|
if (dic->di_version == 3) {
|
|
if (dic->di_flags2 & XFS_DIFLAG2_COWEXTSIZE)
|
|
buf->bs_cowextsize_blks = dic->di_cowextsize;
|
|
}
|
|
|
|
switch (dic->di_format) {
|
|
case XFS_DINODE_FMT_DEV:
|
|
buf->bs_rdev = sysv_encode_dev(inode->i_rdev);
|
|
buf->bs_blksize = BLKDEV_IOSIZE;
|
|
buf->bs_blocks = 0;
|
|
break;
|
|
case XFS_DINODE_FMT_LOCAL:
|
|
buf->bs_rdev = 0;
|
|
buf->bs_blksize = mp->m_sb.sb_blocksize;
|
|
buf->bs_blocks = 0;
|
|
break;
|
|
case XFS_DINODE_FMT_EXTENTS:
|
|
case XFS_DINODE_FMT_BTREE:
|
|
buf->bs_rdev = 0;
|
|
buf->bs_blksize = mp->m_sb.sb_blocksize;
|
|
buf->bs_blocks = dic->di_nblocks + ip->i_delayed_blks;
|
|
break;
|
|
}
|
|
xfs_iunlock(ip, XFS_ILOCK_SHARED);
|
|
xfs_irele(ip);
|
|
|
|
error = bc->formatter(bc->breq, buf);
|
|
if (error == XFS_IBULK_ABORT)
|
|
goto out_advance;
|
|
if (error)
|
|
goto out;
|
|
|
|
out_advance:
|
|
/*
|
|
* Advance the cursor to the inode that comes after the one we just
|
|
* looked at. We want the caller to move along if the bulkstat
|
|
* information was copied successfully; if we tried to grab the inode
|
|
* but it's no longer allocated; or if it's internal metadata.
|
|
*/
|
|
bc->breq->startino = ino + 1;
|
|
out:
|
|
return error;
|
|
}
|
|
|
|
/* Bulkstat a single inode. */
|
|
int
|
|
xfs_bulkstat_one(
|
|
struct xfs_ibulk *breq,
|
|
bulkstat_one_fmt_pf formatter)
|
|
{
|
|
struct xfs_bstat_chunk bc = {
|
|
.formatter = formatter,
|
|
.breq = breq,
|
|
};
|
|
int error;
|
|
|
|
ASSERT(breq->icount == 1);
|
|
|
|
bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
|
|
KM_SLEEP | KM_MAYFAIL);
|
|
if (!bc.buf)
|
|
return -ENOMEM;
|
|
|
|
error = xfs_bulkstat_one_int(breq->mp, NULL, breq->startino, &bc);
|
|
|
|
kmem_free(bc.buf);
|
|
|
|
/*
|
|
* If we reported one inode to userspace then we abort because we hit
|
|
* the end of the buffer. Don't leak that back to userspace.
|
|
*/
|
|
if (error == XFS_IWALK_ABORT)
|
|
error = 0;
|
|
|
|
return error;
|
|
}
|
|
|
|
static int
|
|
xfs_bulkstat_iwalk(
|
|
struct xfs_mount *mp,
|
|
struct xfs_trans *tp,
|
|
xfs_ino_t ino,
|
|
void *data)
|
|
{
|
|
int error;
|
|
|
|
error = xfs_bulkstat_one_int(mp, tp, ino, data);
|
|
/* bulkstat just skips over missing inodes */
|
|
if (error == -ENOENT || error == -EINVAL)
|
|
return 0;
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* Check the incoming lastino parameter.
|
|
*
|
|
* We allow any inode value that could map to physical space inside the
|
|
* filesystem because if there are no inodes there, bulkstat moves on to the
|
|
* next chunk. In other words, the magic agino value of zero takes us to the
|
|
* first chunk in the AG, and an agino value past the end of the AG takes us to
|
|
* the first chunk in the next AG.
|
|
*
|
|
* Therefore we can end early if the requested inode is beyond the end of the
|
|
* filesystem or doesn't map properly.
|
|
*/
|
|
static inline bool
|
|
xfs_bulkstat_already_done(
|
|
struct xfs_mount *mp,
|
|
xfs_ino_t startino)
|
|
{
|
|
xfs_agnumber_t agno = XFS_INO_TO_AGNO(mp, startino);
|
|
xfs_agino_t agino = XFS_INO_TO_AGINO(mp, startino);
|
|
|
|
return agno >= mp->m_sb.sb_agcount ||
|
|
startino != XFS_AGINO_TO_INO(mp, agno, agino);
|
|
}
|
|
|
|
/* Return stat information in bulk (by-inode) for the filesystem. */
|
|
int
|
|
xfs_bulkstat(
|
|
struct xfs_ibulk *breq,
|
|
bulkstat_one_fmt_pf formatter)
|
|
{
|
|
struct xfs_bstat_chunk bc = {
|
|
.formatter = formatter,
|
|
.breq = breq,
|
|
};
|
|
int error;
|
|
|
|
if (xfs_bulkstat_already_done(breq->mp, breq->startino))
|
|
return 0;
|
|
|
|
bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
|
|
KM_SLEEP | KM_MAYFAIL);
|
|
if (!bc.buf)
|
|
return -ENOMEM;
|
|
|
|
error = xfs_iwalk(breq->mp, NULL, breq->startino, breq->flags,
|
|
xfs_bulkstat_iwalk, breq->icount, &bc);
|
|
|
|
kmem_free(bc.buf);
|
|
|
|
/*
|
|
* We found some inodes, so clear the error status and return them.
|
|
* The lastino pointer will point directly at the inode that triggered
|
|
* any error that occurred, so on the next call the error will be
|
|
* triggered again and propagated to userspace as there will be no
|
|
* formatted inodes in the buffer.
|
|
*/
|
|
if (breq->ocount > 0)
|
|
error = 0;
|
|
|
|
return error;
|
|
}
|
|
|
|
/* Convert bulkstat (v5) to bstat (v1). */
|
|
void
|
|
xfs_bulkstat_to_bstat(
|
|
struct xfs_mount *mp,
|
|
struct xfs_bstat *bs1,
|
|
const struct xfs_bulkstat *bstat)
|
|
{
|
|
/* memset is needed here because of padding holes in the structure. */
|
|
memset(bs1, 0, sizeof(struct xfs_bstat));
|
|
bs1->bs_ino = bstat->bs_ino;
|
|
bs1->bs_mode = bstat->bs_mode;
|
|
bs1->bs_nlink = bstat->bs_nlink;
|
|
bs1->bs_uid = bstat->bs_uid;
|
|
bs1->bs_gid = bstat->bs_gid;
|
|
bs1->bs_rdev = bstat->bs_rdev;
|
|
bs1->bs_blksize = bstat->bs_blksize;
|
|
bs1->bs_size = bstat->bs_size;
|
|
bs1->bs_atime.tv_sec = bstat->bs_atime;
|
|
bs1->bs_mtime.tv_sec = bstat->bs_mtime;
|
|
bs1->bs_ctime.tv_sec = bstat->bs_ctime;
|
|
bs1->bs_atime.tv_nsec = bstat->bs_atime_nsec;
|
|
bs1->bs_mtime.tv_nsec = bstat->bs_mtime_nsec;
|
|
bs1->bs_ctime.tv_nsec = bstat->bs_ctime_nsec;
|
|
bs1->bs_blocks = bstat->bs_blocks;
|
|
bs1->bs_xflags = bstat->bs_xflags;
|
|
bs1->bs_extsize = XFS_FSB_TO_B(mp, bstat->bs_extsize_blks);
|
|
bs1->bs_extents = bstat->bs_extents;
|
|
bs1->bs_gen = bstat->bs_gen;
|
|
bs1->bs_projid_lo = bstat->bs_projectid & 0xFFFF;
|
|
bs1->bs_forkoff = bstat->bs_forkoff;
|
|
bs1->bs_projid_hi = bstat->bs_projectid >> 16;
|
|
bs1->bs_sick = bstat->bs_sick;
|
|
bs1->bs_checked = bstat->bs_checked;
|
|
bs1->bs_cowextsize = XFS_FSB_TO_B(mp, bstat->bs_cowextsize_blks);
|
|
bs1->bs_dmevmask = 0;
|
|
bs1->bs_dmstate = 0;
|
|
bs1->bs_aextents = bstat->bs_aextents;
|
|
}
|
|
|
|
struct xfs_inumbers_chunk {
|
|
inumbers_fmt_pf formatter;
|
|
struct xfs_ibulk *breq;
|
|
};
|
|
|
|
/*
|
|
* INUMBERS
|
|
* ========
|
|
* This is how we export inode btree records to userspace, so that XFS tools
|
|
* can figure out where inodes are allocated.
|
|
*/
|
|
|
|
/*
|
|
* Format the inode group structure and report it somewhere.
|
|
*
|
|
* Similar to xfs_bulkstat_one_int, lastino is the inode cursor as we walk
|
|
* through the filesystem so we move it forward unless there was a runtime
|
|
* error. If the formatter tells us the buffer is now full we also move the
|
|
* cursor forward and abort the walk.
|
|
*/
|
|
STATIC int
|
|
xfs_inumbers_walk(
|
|
struct xfs_mount *mp,
|
|
struct xfs_trans *tp,
|
|
xfs_agnumber_t agno,
|
|
const struct xfs_inobt_rec_incore *irec,
|
|
void *data)
|
|
{
|
|
struct xfs_inumbers inogrp = {
|
|
.xi_startino = XFS_AGINO_TO_INO(mp, agno, irec->ir_startino),
|
|
.xi_alloccount = irec->ir_count - irec->ir_freecount,
|
|
.xi_allocmask = ~irec->ir_free,
|
|
.xi_version = XFS_INUMBERS_VERSION_V5,
|
|
};
|
|
struct xfs_inumbers_chunk *ic = data;
|
|
int error;
|
|
|
|
error = ic->formatter(ic->breq, &inogrp);
|
|
if (error && error != XFS_IBULK_ABORT)
|
|
return error;
|
|
|
|
ic->breq->startino = XFS_AGINO_TO_INO(mp, agno, irec->ir_startino) +
|
|
XFS_INODES_PER_CHUNK;
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* Return inode number table for the filesystem.
|
|
*/
|
|
int
|
|
xfs_inumbers(
|
|
struct xfs_ibulk *breq,
|
|
inumbers_fmt_pf formatter)
|
|
{
|
|
struct xfs_inumbers_chunk ic = {
|
|
.formatter = formatter,
|
|
.breq = breq,
|
|
};
|
|
int error = 0;
|
|
|
|
if (xfs_bulkstat_already_done(breq->mp, breq->startino))
|
|
return 0;
|
|
|
|
error = xfs_inobt_walk(breq->mp, NULL, breq->startino, breq->flags,
|
|
xfs_inumbers_walk, breq->icount, &ic);
|
|
|
|
/*
|
|
* We found some inode groups, so clear the error status and return
|
|
* them. The lastino pointer will point directly at the inode that
|
|
* triggered any error that occurred, so on the next call the error
|
|
* will be triggered again and propagated to userspace as there will be
|
|
* no formatted inode groups in the buffer.
|
|
*/
|
|
if (breq->ocount > 0)
|
|
error = 0;
|
|
|
|
return error;
|
|
}
|
|
|
|
/* Convert an inumbers (v5) struct to a inogrp (v1) struct. */
|
|
void
|
|
xfs_inumbers_to_inogrp(
|
|
struct xfs_inogrp *ig1,
|
|
const struct xfs_inumbers *ig)
|
|
{
|
|
/* memset is needed here because of padding holes in the structure. */
|
|
memset(ig1, 0, sizeof(struct xfs_inogrp));
|
|
ig1->xi_startino = ig->xi_startino;
|
|
ig1->xi_alloccount = ig->xi_alloccount;
|
|
ig1->xi_allocmask = ig->xi_allocmask;
|
|
}
|