| blob | 8033ab9d8f47d51f63e64ac168f3a9ac82d23055 |
1 /*
2 * Copyright (C) 2017 Oracle. All Rights Reserved.
3 *
4 * Author: Darrick J. Wong <darrick.wong@oracle.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it would be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
19 */
53 /* Common code for the metadata scrubbers. */
55 /*
56 * Handling operational errors.
57 *
58 * The *_process_error() family of functions are used to process error return
59 * codes from functions called as part of a scrub operation.
60 *
61 * If there's no error, we return true to tell the caller that it's ok
62 * to move on to the next check in its list.
63 *
64 * For non-verifier errors (e.g. ENOMEM) we return false to tell the
65 * caller that something bad happened, and we preserve *error so that
66 * the caller can return the *error up the stack to userspace.
67 *
68 * Verifier errors (EFSBADCRC/EFSCORRUPTED) are recorded by setting
69 * OFLAG_CORRUPT in sm_flags and the *error is cleared. In other words,
70 * we track verifier errors (and failed scrub checks) via OFLAG_CORRUPT,
71 * not via return codes. We return false to tell the caller that
72 * something bad happened. Since the error has been cleared, the caller
73 * will (presumably) return that zero and scrubbing will move on to
74 * whatever's next.
75 *
76 * ftrace can be used to record the precise metadata location and the
77 * approximate code location of the failed operation.
78 */
80 /* Check for operational errors. */
81 static bool
84 xfs_agnumber_t agno,
85 xfs_agblock_t bno,
87 __u32 errflag,
89 {
94 /* Used to restart an op with deadlock avoidance. */
99 /* Note the badness but don't abort. */
102 /* fall through */
105 ret_ip);
107 }
109 }
111 bool
114 xfs_agnumber_t agno,
115 xfs_agblock_t bno,
117 {
120 }
122 bool
125 xfs_agnumber_t agno,
126 xfs_agblock_t bno,
128 {
131 }
133 /* Check for operational errors for a file offset. */
134 static bool
138 xfs_fileoff_t offset,
140 __u32 errflag,
142 {
147 /* Used to restart an op with deadlock avoidance. */
152 /* Note the badness but don't abort. */
155 /* fall through */
158 ret_ip);
160 }
162 }
164 bool
168 xfs_fileoff_t offset,
170 {
173 }
175 bool
179 xfs_fileoff_t offset,
181 {
184 }
186 /*
187 * Handling scrub corruption/optimization/warning checks.
188 *
189 * The *_set_{corrupt,preen,warning}() family of functions are used to
190 * record the presence of metadata that is incorrect (corrupt), could be
191 * optimized somehow (preen), or should be flagged for administrative
192 * review but is not incorrect (warn).
193 *
194 * ftrace can be used to record the precise metadata location and
195 * approximate code location of the failed check.
196 */
198 /* Record a block which could be optimized. */
199 void
203 {
206 }
208 /*
209 * Record an inode which could be optimized. The trace data will
210 * include the block given by bp if bp is given; otherwise it will use
211 * the block location of the inode record itself.
212 */
213 void
216 xfs_ino_t ino,
218 {
221 __return_address);
222 }
224 /* Record a corrupt block. */
225 void
229 {
232 }
234 /* Record a corruption while cross-referencing. */
235 void
239 {
242 }
244 /*
245 * Record a corrupt inode. The trace data will include the block given
246 * by bp if bp is given; otherwise it will use the block location of the
247 * inode record itself.
248 */
249 void
252 xfs_ino_t ino,
254 {
257 }
259 /* Record a corruption while cross-referencing with an inode. */
260 void
263 xfs_ino_t ino,
265 {
268 }
270 /* Record corruption in a block indexed by a file fork. */
271 void
275 xfs_fileoff_t offset)
276 {
279 }
281 /* Record a corruption while cross-referencing a fork block. */
282 void
286 xfs_fileoff_t offset)
287 {
290 }
292 /*
293 * Warn about inodes that need administrative review but is not
294 * incorrect.
295 */
296 void
299 xfs_ino_t ino,
301 {
304 __return_address);
305 }
307 /* Warn about a block indexed by a file fork that needs review. */
308 void
312 xfs_fileoff_t offset)
313 {
316 }
318 /* Signal an incomplete scrub. */
319 void
322 {
325 }
327 /*
328 * rmap scrubbing -- compute the number of blocks with a given owner,
329 * at least according to the reverse mapping data.
330 */
335 };
337 STATIC int
342 {
357 }
359 /*
360 * Calculate the number of blocks the rmap thinks are owned by something.
361 * The caller should pass us an rmapbt cursor.
362 */
363 int
369 {
378 }
380 /*
381 * AG scrubbing
382 *
383 * These helpers facilitate locking an allocation group's header
384 * buffers, setting up cursors for all btrees that are present, and
385 * cleaning everything up once we're through.
386 */
388 /* Decide if we want to return an AG header read failure. */
393 {
394 /* Return all AG header read failures when scanning btrees. */
399 /*
400 * If we're scanning a given type of AG header, we only want to
401 * see read failures from that specific header. We'd like the
402 * other headers to cross-check them, but this isn't required.
403 */
407 }
409 /*
410 * Grab all the headers for an AG.
411 *
412 * The headers should be released by xfs_scrub_ag_free, but as a fail
413 * safe we attach all the buffers we grab to the scrub transaction so
414 * they'll all be freed when we cancel it.
415 */
416 int
419 xfs_agnumber_t agno,
423 {
439 out:
441 }
443 /* Release all the AG btree cursors. */
444 void
447 {
467 }
469 /* Initialize all the btree cursors for an AG. */
470 int
474 {
479 /* Set up a bnobt cursor for cross-referencing. */
485 /* Set up a cntbt cursor for cross-referencing. */
490 }
492 /* Set up a inobt cursor for cross-referencing. */
498 }
500 /* Set up a finobt cursor for cross-referencing. */
506 }
508 /* Set up a rmapbt cursor for cross-referencing. */
511 agno);
514 }
516 /* Set up a refcountbt cursor for cross-referencing. */
522 }
525 err:
527 }
529 /* Release the AG header context and btree cursors. */
530 void
534 {
539 }
543 }
547 }
549 }
551 /*
552 * For scrub, grab the AGI and the AGF headers, in that order. Locking
553 * order requires us to get the AGI before the AGF. We use the
554 * transaction to avoid deadlocking on crosslinked metadata buffers;
555 * either the caller passes one in (bmap scrub) or we have to create a
556 * transaction ourselves.
557 */
558 int
561 xfs_agnumber_t agno,
563 {
573 }
575 /* Per-scrubber setup functions */
577 /* Set us up with a transaction and an empty context. */
578 int
582 {
584 }
586 /* Set us up with AG headers and btree cursors. */
587 int
592 {
596 /*
597 * If the caller asks us to checkpont the log, do so. This
598 * expensive operation should be performed infrequently and only
599 * as a last resort. Any caller that sets force_log should
600 * document why they need to do so.
601 */
606 }
613 }
615 /* Push everything out of the log onto disk. */
616 int
619 {
627 }
629 /*
630 * Given an inode and the scrub control structure, grab either the
631 * inode referenced in the control structure or the inode passed in.
632 * The inode is not locked.
633 */
634 int
638 {
644 /* We want to scan the inode we already had opened. */
648 }
650 /* Look up the inode, see if the generation number matches. */
657 /* Inode doesn't exist, just bail out. */
660 /* Got an inode, continue. */
663 /*
664 * -EINVAL with IGET_UNTRUSTED could mean one of several
665 * things: userspace gave us an inode number that doesn't
666 * correspond to fs space, or doesn't have an inobt entry;
667 * or it could simply mean that the inode buffer failed the
668 * read verifiers.
669 *
670 * Try just the inode mapping lookup -- if it succeeds, then
671 * the inode buffer verifier failed and something needs fixing.
672 * Otherwise, we really couldn't find it so tell userspace
673 * that it no longer exists.
674 */
680 /* fall through */
687 }
691 }
695 }
697 /* Set us up to scrub a file's contents. */
698 int
703 {
711 /* Got the inode, lock it and we're ready to go. */
720 out:
721 /* scrub teardown will unlock and release the inode for us */
723 }
725 /*
726 * Predicate that decides if we need to evaluate the cross-reference check.
727 * If there was an error accessing the cross-reference btree, just delete
728 * the cursor and skip the check.
729 */
730 bool
735 {
740 /* If we've already given up on xref, just bail out. */
744 /* xref error, delete cursor and bail out. */
747 }
752 /*
753 * Errors encountered during cross-referencing with another
754 * data structure should not cause this scrubber to abort.
755 */
758 }
760 /* Run the structure verifiers on in-memory buffers to detect bad memory. */
761 void
765 {
766 xfs_failaddr_t fa;
771 }
775 }
781 }