search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / xfs / libxfs / xfs_inode_buf.c
blob7183b7ea065b253b8c6799abfdc85d5147f404ab
1 /*
2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
24 #include "xfs_mount.h"
25 #include "xfs_inode.h"
26 #include "xfs_error.h"
27 #include "xfs_cksum.h"
28 #include "xfs_icache.h"
29 #include "xfs_trans.h"
30 #include "xfs_ialloc.h"
31
32 /*
33 * Check that none of the inode's in the buffer have a next
34 * unlinked field of 0.
35 */
36 #if defined(DEBUG)
37 void
38 xfs_inobp_check(
39 xfs_mount_t *mp,
40 xfs_buf_t *bp)
41 {
42 int i;
43 int j;
44 xfs_dinode_t *dip;
45
46 j = mp->m_inode_cluster_size >> mp->m_sb.sb_inodelog;
47
48 for (i = 0; i < j; i++) {
49 dip = xfs_buf_offset(bp, i * mp->m_sb.sb_inodesize);
50 if (!dip->di_next_unlinked) {
51 xfs_alert(mp,
52 "Detected bogus zero next_unlinked field in inode %d buffer 0x%llx.",
53 i, (long long)bp->b_bn);
54 }
55 }
56 }
57 #endif
58
59 /*
60 * If we are doing readahead on an inode buffer, we might be in log recovery
61 * reading an inode allocation buffer that hasn't yet been replayed, and hence
62 * has not had the inode cores stamped into it. Hence for readahead, the buffer
63 * may be potentially invalid.
64 *
65 * If the readahead buffer is invalid, we need to mark it with an error and
66 * clear the DONE status of the buffer so that a followup read will re-read it
67 * from disk. We don't report the error otherwise to avoid warnings during log
68 * recovery and we don't get unnecssary panics on debug kernels. We use EIO here
69 * because all we want to do is say readahead failed; there is no-one to report
70 * the error to, so this will distinguish it from a non-ra verifier failure.
71 * Changes to this readahead error behavour also need to be reflected in
72 * xfs_dquot_buf_readahead_verify().
73 */
74 static void
75 xfs_inode_buf_verify(
76 struct xfs_buf *bp,
77 bool readahead)
78 {
79 struct xfs_mount *mp = bp->b_target->bt_mount;
80 int i;
81 int ni;
82
83 /*
84 * Validate the magic number and version of every inode in the buffer
85 */
86 ni = XFS_BB_TO_FSB(mp, bp->b_length) * mp->m_sb.sb_inopblock;
87 for (i = 0; i < ni; i++) {
88 int di_ok;
89 xfs_dinode_t *dip;
90
91 dip = xfs_buf_offset(bp, (i << mp->m_sb.sb_inodelog));
92 di_ok = dip->di_magic == cpu_to_be16(XFS_DINODE_MAGIC) &&
93 XFS_DINODE_GOOD_VERSION(dip->di_version);
94 if (unlikely(XFS_TEST_ERROR(!di_ok, mp,
95 XFS_ERRTAG_ITOBP_INOTOBP,
96 XFS_RANDOM_ITOBP_INOTOBP))) {
97 if (readahead) {
98 bp->b_flags &= ~XBF_DONE;
99 xfs_buf_ioerror(bp, -EIO);
100 return;
101 }
102
103 xfs_buf_ioerror(bp, -EFSCORRUPTED);
104 xfs_verifier_error(bp);
105 #ifdef DEBUG
106 xfs_alert(mp,
107 "bad inode magic/vsn daddr %lld #%d (magic=%x)",
108 (unsigned long long)bp->b_bn, i,
109 be16_to_cpu(dip->di_magic));
110 #endif
111 }
112 }
113 xfs_inobp_check(mp, bp);
114 }
115
116
117 static void
118 xfs_inode_buf_read_verify(
119 struct xfs_buf *bp)
120 {
121 xfs_inode_buf_verify(bp, false);
122 }
123
124 static void
125 xfs_inode_buf_readahead_verify(
126 struct xfs_buf *bp)
127 {
128 xfs_inode_buf_verify(bp, true);
129 }
130
131 static void
132 xfs_inode_buf_write_verify(
133 struct xfs_buf *bp)
134 {
135 xfs_inode_buf_verify(bp, false);
136 }
137
138 const struct xfs_buf_ops xfs_inode_buf_ops = {
139 .name = "xfs_inode",
140 .verify_read = xfs_inode_buf_read_verify,
141 .verify_write = xfs_inode_buf_write_verify,
142 };
143
144 const struct xfs_buf_ops xfs_inode_buf_ra_ops = {
145 .name = "xxfs_inode_ra",
146 .verify_read = xfs_inode_buf_readahead_verify,
147 .verify_write = xfs_inode_buf_write_verify,
148 };
149
150
151 /*
152 * This routine is called to map an inode to the buffer containing the on-disk
153 * version of the inode. It returns a pointer to the buffer containing the
154 * on-disk inode in the bpp parameter, and in the dipp parameter it returns a
155 * pointer to the on-disk inode within that buffer.
156 *
157 * If a non-zero error is returned, then the contents of bpp and dipp are
158 * undefined.
159 */
160 int
161 xfs_imap_to_bp(
162 struct xfs_mount *mp,
163 struct xfs_trans *tp,
164 struct xfs_imap *imap,
165 struct xfs_dinode **dipp,
166 struct xfs_buf **bpp,
167 uint buf_flags,
168 uint iget_flags)
169 {
170 struct xfs_buf *bp;
171 int error;
172
173 buf_flags |= XBF_UNMAPPED;
174 error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, imap->im_blkno,
175 (int)imap->im_len, buf_flags, &bp,
176 &xfs_inode_buf_ops);
177 if (error) {
178 if (error == -EAGAIN) {
179 ASSERT(buf_flags & XBF_TRYLOCK);
180 return error;
181 }
182
183 if (error == -EFSCORRUPTED &&
184 (iget_flags & XFS_IGET_UNTRUSTED))
185 return -EINVAL;
186
187 xfs_warn(mp, "%s: xfs_trans_read_buf() returned error %d.",
188 __func__, error);
189 return error;
190 }
191
192 *bpp = bp;
193 *dipp = xfs_buf_offset(bp, imap->im_boffset);
194 return 0;
195 }
196
197 void
198 xfs_dinode_from_disk(
199 xfs_icdinode_t *to,
200 xfs_dinode_t *from)
201 {
202 to->di_magic = be16_to_cpu(from->di_magic);
203 to->di_mode = be16_to_cpu(from->di_mode);
204 to->di_version = from ->di_version;
205 to->di_format = from->di_format;
206 to->di_onlink = be16_to_cpu(from->di_onlink);
207 to->di_uid = be32_to_cpu(from->di_uid);
208 to->di_gid = be32_to_cpu(from->di_gid);
209 to->di_nlink = be32_to_cpu(from->di_nlink);
210 to->di_projid_lo = be16_to_cpu(from->di_projid_lo);
211 to->di_projid_hi = be16_to_cpu(from->di_projid_hi);
212 memcpy(to->di_pad, from->di_pad, sizeof(to->di_pad));
213 to->di_flushiter = be16_to_cpu(from->di_flushiter);
214 to->di_atime.t_sec = be32_to_cpu(from->di_atime.t_sec);
215 to->di_atime.t_nsec = be32_to_cpu(from->di_atime.t_nsec);
216 to->di_mtime.t_sec = be32_to_cpu(from->di_mtime.t_sec);
217 to->di_mtime.t_nsec = be32_to_cpu(from->di_mtime.t_nsec);
218 to->di_ctime.t_sec = be32_to_cpu(from->di_ctime.t_sec);
219 to->di_ctime.t_nsec = be32_to_cpu(from->di_ctime.t_nsec);
220 to->di_size = be64_to_cpu(from->di_size);
221 to->di_nblocks = be64_to_cpu(from->di_nblocks);
222 to->di_extsize = be32_to_cpu(from->di_extsize);
223 to->di_nextents = be32_to_cpu(from->di_nextents);
224 to->di_anextents = be16_to_cpu(from->di_anextents);
225 to->di_forkoff = from->di_forkoff;
226 to->di_aformat = from->di_aformat;
227 to->di_dmevmask = be32_to_cpu(from->di_dmevmask);
228 to->di_dmstate = be16_to_cpu(from->di_dmstate);
229 to->di_flags = be16_to_cpu(from->di_flags);
230 to->di_gen = be32_to_cpu(from->di_gen);
231
232 if (to->di_version == 3) {
233 to->di_changecount = be64_to_cpu(from->di_changecount);
234 to->di_crtime.t_sec = be32_to_cpu(from->di_crtime.t_sec);
235 to->di_crtime.t_nsec = be32_to_cpu(from->di_crtime.t_nsec);
236 to->di_flags2 = be64_to_cpu(from->di_flags2);
237 to->di_ino = be64_to_cpu(from->di_ino);
238 to->di_lsn = be64_to_cpu(from->di_lsn);
239 memcpy(to->di_pad2, from->di_pad2, sizeof(to->di_pad2));
240 uuid_copy(&to->di_uuid, &from->di_uuid);
241 }
242 }
243
244 void
245 xfs_dinode_to_disk(
246 xfs_dinode_t *to,
247 xfs_icdinode_t *from)
248 {
249 to->di_magic = cpu_to_be16(from->di_magic);
250 to->di_mode = cpu_to_be16(from->di_mode);
251 to->di_version = from ->di_version;
252 to->di_format = from->di_format;
253 to->di_onlink = cpu_to_be16(from->di_onlink);
254 to->di_uid = cpu_to_be32(from->di_uid);
255 to->di_gid = cpu_to_be32(from->di_gid);
256 to->di_nlink = cpu_to_be32(from->di_nlink);
257 to->di_projid_lo = cpu_to_be16(from->di_projid_lo);
258 to->di_projid_hi = cpu_to_be16(from->di_projid_hi);
259 memcpy(to->di_pad, from->di_pad, sizeof(to->di_pad));
260 to->di_atime.t_sec = cpu_to_be32(from->di_atime.t_sec);
261 to->di_atime.t_nsec = cpu_to_be32(from->di_atime.t_nsec);
262 to->di_mtime.t_sec = cpu_to_be32(from->di_mtime.t_sec);
263 to->di_mtime.t_nsec = cpu_to_be32(from->di_mtime.t_nsec);
264 to->di_ctime.t_sec = cpu_to_be32(from->di_ctime.t_sec);
265 to->di_ctime.t_nsec = cpu_to_be32(from->di_ctime.t_nsec);
266 to->di_size = cpu_to_be64(from->di_size);
267 to->di_nblocks = cpu_to_be64(from->di_nblocks);
268 to->di_extsize = cpu_to_be32(from->di_extsize);
269 to->di_nextents = cpu_to_be32(from->di_nextents);
270 to->di_anextents = cpu_to_be16(from->di_anextents);
271 to->di_forkoff = from->di_forkoff;
272 to->di_aformat = from->di_aformat;
273 to->di_dmevmask = cpu_to_be32(from->di_dmevmask);
274 to->di_dmstate = cpu_to_be16(from->di_dmstate);
275 to->di_flags = cpu_to_be16(from->di_flags);
276 to->di_gen = cpu_to_be32(from->di_gen);
277
278 if (from->di_version == 3) {
279 to->di_changecount = cpu_to_be64(from->di_changecount);
280 to->di_crtime.t_sec = cpu_to_be32(from->di_crtime.t_sec);
281 to->di_crtime.t_nsec = cpu_to_be32(from->di_crtime.t_nsec);
282 to->di_flags2 = cpu_to_be64(from->di_flags2);
283 to->di_ino = cpu_to_be64(from->di_ino);
284 to->di_lsn = cpu_to_be64(from->di_lsn);
285 memcpy(to->di_pad2, from->di_pad2, sizeof(to->di_pad2));
286 uuid_copy(&to->di_uuid, &from->di_uuid);
287 to->di_flushiter = 0;
288 } else {
289 to->di_flushiter = cpu_to_be16(from->di_flushiter);
290 }
291 }
292
293 static bool
294 xfs_dinode_verify(
295 struct xfs_mount *mp,
296 struct xfs_inode *ip,
297 struct xfs_dinode *dip)
298 {
299 if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC))
300 return false;
301
302 /* don't allow invalid i_size */
303 if (be64_to_cpu(dip->di_size) & (1ULL << 63))
304 return false;
305
306 /* No zero-length symlinks. */
307 if (S_ISLNK(be16_to_cpu(dip->di_mode)) && dip->di_size == 0)
308 return false;
309
310 /* only version 3 or greater inodes are extensively verified here */
311 if (dip->di_version < 3)
312 return true;
313
314 if (!xfs_sb_version_hascrc(&mp->m_sb))
315 return false;
316 if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize,
317 XFS_DINODE_CRC_OFF))
318 return false;
319 if (be64_to_cpu(dip->di_ino) != ip->i_ino)
320 return false;
321 if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid))
322 return false;
323 return true;
324 }
325
326 void
327 xfs_dinode_calc_crc(
328 struct xfs_mount *mp,
329 struct xfs_dinode *dip)
330 {
331 __uint32_t crc;
332
333 if (dip->di_version < 3)
334 return;
335
336 ASSERT(xfs_sb_version_hascrc(&mp->m_sb));
337 crc = xfs_start_cksum((char *)dip, mp->m_sb.sb_inodesize,
338 XFS_DINODE_CRC_OFF);
339 dip->di_crc = xfs_end_cksum(crc);
340 }
341
342 /*
343 * Read the disk inode attributes into the in-core inode structure.
344 *
345 * For version 5 superblocks, if we are initialising a new inode and we are not
346 * utilising the XFS_MOUNT_IKEEP inode cluster mode, we can simple build the new
347 * inode core with a random generation number. If we are keeping inodes around,
348 * we need to read the inode cluster to get the existing generation number off
349 * disk. Further, if we are using version 4 superblocks (i.e. v1/v2 inode
350 * format) then log recovery is dependent on the di_flushiter field being
351 * initialised from the current on-disk value and hence we must also read the
352 * inode off disk.
353 */
354 int
355 xfs_iread(
356 xfs_mount_t *mp,
357 xfs_trans_t *tp,
358 xfs_inode_t *ip,
359 uint iget_flags)
360 {
361 xfs_buf_t *bp;
362 xfs_dinode_t *dip;
363 int error;
364
365 /*
366 * Fill in the location information in the in-core inode.
367 */
368 error = xfs_imap(mp, tp, ip->i_ino, &ip->i_imap, iget_flags);
369 if (error)
370 return error;
371
372 /* shortcut IO on inode allocation if possible */
373 if ((iget_flags & XFS_IGET_CREATE) &&
374 xfs_sb_version_hascrc(&mp->m_sb) &&
375 !(mp->m_flags & XFS_MOUNT_IKEEP)) {
376 /* initialise the on-disk inode core */
377 memset(&ip->i_d, 0, sizeof(ip->i_d));
378 ip->i_d.di_magic = XFS_DINODE_MAGIC;
379 ip->i_d.di_gen = prandom_u32();
380 if (xfs_sb_version_hascrc(&mp->m_sb)) {
381 ip->i_d.di_version = 3;
382 ip->i_d.di_ino = ip->i_ino;
383 uuid_copy(&ip->i_d.di_uuid, &mp->m_sb.sb_meta_uuid);
384 } else
385 ip->i_d.di_version = 2;
386 return 0;
387 }
388
389 /*
390 * Get pointers to the on-disk inode and the buffer containing it.
391 */
392 error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &bp, 0, iget_flags);
393 if (error)
394 return error;
395
396 /* even unallocated inodes are verified */
397 if (!xfs_dinode_verify(mp, ip, dip)) {
398 xfs_alert(mp, "%s: validation failed for inode %lld failed",
399 __func__, ip->i_ino);
400
401 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, dip);
402 error = -EFSCORRUPTED;
403 goto out_brelse;
404 }
405
406 /*
407 * If the on-disk inode is already linked to a directory
408 * entry, copy all of the inode into the in-core inode.
409 * xfs_iformat_fork() handles copying in the inode format
410 * specific information.
411 * Otherwise, just get the truly permanent information.
412 */
413 if (dip->di_mode) {
414 xfs_dinode_from_disk(&ip->i_d, dip);
415 error = xfs_iformat_fork(ip, dip);
416 if (error) {
417 #ifdef DEBUG
418 xfs_alert(mp, "%s: xfs_iformat() returned error %d",
419 __func__, error);
420 #endif /* DEBUG */
421 goto out_brelse;
422 }
423 } else {
424 /*
425 * Partial initialisation of the in-core inode. Just the bits
426 * that xfs_ialloc won't overwrite or relies on being correct.
427 */
428 ip->i_d.di_magic = be16_to_cpu(dip->di_magic);
429 ip->i_d.di_version = dip->di_version;
430 ip->i_d.di_gen = be32_to_cpu(dip->di_gen);
431 ip->i_d.di_flushiter = be16_to_cpu(dip->di_flushiter);
432
433 if (dip->di_version == 3) {
434 ip->i_d.di_ino = be64_to_cpu(dip->di_ino);
435 uuid_copy(&ip->i_d.di_uuid, &dip->di_uuid);
436 }
437
438 /*
439 * Make sure to pull in the mode here as well in
440 * case the inode is released without being used.
441 * This ensures that xfs_inactive() will see that
442 * the inode is already free and not try to mess
443 * with the uninitialized part of it.
444 */
445 ip->i_d.di_mode = 0;
446 }
447
448 /*
449 * Automatically convert version 1 inode formats in memory to version 2
450 * inode format. If the inode is modified, it will get logged and
451 * rewritten as a version 2 inode. We can do this because we set the
452 * superblock feature bit for v2 inodes unconditionally during mount
453 * and it means the reast of the code can assume the inode version is 2
454 * or higher.
455 */
456 if (ip->i_d.di_version == 1) {
457 ip->i_d.di_version = 2;
458 memset(&(ip->i_d.di_pad[0]), 0, sizeof(ip->i_d.di_pad));
459 ip->i_d.di_nlink = ip->i_d.di_onlink;
460 ip->i_d.di_onlink = 0;
461 xfs_set_projid(ip, 0);
462 }
463
464 ip->i_delayed_blks = 0;
465
466 /*
467 * Mark the buffer containing the inode as something to keep
468 * around for a while. This helps to keep recently accessed
469 * meta-data in-core longer.
470 */
471 xfs_buf_set_ref(bp, XFS_INO_REF);
472
473 /*
474 * Use xfs_trans_brelse() to release the buffer containing the on-disk
475 * inode, because it was acquired with xfs_trans_read_buf() in
476 * xfs_imap_to_bp() above. If tp is NULL, this is just a normal
477 * brelse(). If we're within a transaction, then xfs_trans_brelse()
478 * will only release the buffer if it is not dirty within the
479 * transaction. It will be OK to release the buffer in this case,
480 * because inodes on disk are never destroyed and we will be locking the
481 * new in-core inode before putting it in the cache where other
482 * processes can find it. Thus we don't have to worry about the inode
483 * being changed just because we released the buffer.
484 */
485 out_brelse:
486 xfs_trans_brelse(tp, bp);
487 return error;
488 }
Linux with added FPC-III support