1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * Copyright (c) 2013 Red Hat, Inc.
9 #include "xfs_shared.h"
10 #include "xfs_format.h"
11 #include "xfs_log_format.h"
12 #include "xfs_trans_resv.h"
14 #include "xfs_mount.h"
15 #include "xfs_defer.h"
16 #include "xfs_da_format.h"
17 #include "xfs_da_btree.h"
18 #include "xfs_inode.h"
19 #include "xfs_alloc.h"
20 #include "xfs_trans.h"
21 #include "xfs_inode_item.h"
23 #include "xfs_bmap_util.h"
25 #include "xfs_attr_leaf.h"
26 #include "xfs_attr_remote.h"
27 #include "xfs_trans_space.h"
28 #include "xfs_trace.h"
29 #include "xfs_cksum.h"
30 #include "xfs_buf_item.h"
31 #include "xfs_error.h"
33 #define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */
36 * Each contiguous block has a header, so it is not just a simple attribute
37 * length to FSB conversion.
44 if (xfs_sb_version_hascrc(&mp->m_sb)) {
45 int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
46 return (attrlen + buflen - 1) / buflen;
48 return XFS_B_TO_FSB(mp, attrlen);
52 * Checking of the remote attribute header is split into two parts. The verifier
53 * does CRC, location and bounds checking, the unpacking function checks the
54 * attribute parameters and owner.
64 struct xfs_attr3_rmt_hdr *rmt = ptr;
66 if (bno != be64_to_cpu(rmt->rm_blkno))
67 return __this_address;
68 if (offset != be32_to_cpu(rmt->rm_offset))
69 return __this_address;
70 if (size != be32_to_cpu(rmt->rm_bytes))
71 return __this_address;
72 if (ino != be64_to_cpu(rmt->rm_owner))
73 return __this_address;
87 struct xfs_attr3_rmt_hdr *rmt = ptr;
89 if (!xfs_sb_version_hascrc(&mp->m_sb))
90 return __this_address;
91 if (!xfs_verify_magic(bp, rmt->rm_magic))
92 return __this_address;
93 if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
94 return __this_address;
95 if (be64_to_cpu(rmt->rm_blkno) != bno)
96 return __this_address;
97 if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
98 return __this_address;
99 if (be32_to_cpu(rmt->rm_offset) +
100 be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
101 return __this_address;
102 if (rmt->rm_owner == 0)
103 return __this_address;
109 __xfs_attr3_rmt_read_verify(
112 xfs_failaddr_t *failaddr)
114 struct xfs_mount *mp = bp->b_target->bt_mount;
118 int blksize = mp->m_attr_geo->blksize;
120 /* no verification of non-crc buffers */
121 if (!xfs_sb_version_hascrc(&mp->m_sb))
126 len = BBTOB(bp->b_length);
127 ASSERT(len >= blksize);
131 !xfs_verify_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF)) {
132 *failaddr = __this_address;
135 *failaddr = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
137 return -EFSCORRUPTED;
140 bno += BTOBB(blksize);
144 *failaddr = __this_address;
145 return -EFSCORRUPTED;
152 xfs_attr3_rmt_read_verify(
158 error = __xfs_attr3_rmt_read_verify(bp, true, &fa);
160 xfs_verifier_error(bp, error, fa);
163 static xfs_failaddr_t
164 xfs_attr3_rmt_verify_struct(
170 error = __xfs_attr3_rmt_read_verify(bp, false, &fa);
171 return error ? fa : NULL;
175 xfs_attr3_rmt_write_verify(
178 struct xfs_mount *mp = bp->b_target->bt_mount;
180 int blksize = mp->m_attr_geo->blksize;
185 /* no verification of non-crc buffers */
186 if (!xfs_sb_version_hascrc(&mp->m_sb))
191 len = BBTOB(bp->b_length);
192 ASSERT(len >= blksize);
195 struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
197 fa = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
199 xfs_verifier_error(bp, -EFSCORRUPTED, fa);
204 * Ensure we aren't writing bogus LSNs to disk. See
205 * xfs_attr3_rmt_hdr_set() for the explanation.
207 if (rmt->rm_lsn != cpu_to_be64(NULLCOMMITLSN)) {
208 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
211 xfs_update_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF);
215 bno += BTOBB(blksize);
219 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
222 const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = {
223 .name = "xfs_attr3_rmt",
224 .magic = { 0, cpu_to_be32(XFS_ATTR3_RMT_MAGIC) },
225 .verify_read = xfs_attr3_rmt_read_verify,
226 .verify_write = xfs_attr3_rmt_write_verify,
227 .verify_struct = xfs_attr3_rmt_verify_struct,
231 xfs_attr3_rmt_hdr_set(
232 struct xfs_mount *mp,
239 struct xfs_attr3_rmt_hdr *rmt = ptr;
241 if (!xfs_sb_version_hascrc(&mp->m_sb))
244 rmt->rm_magic = cpu_to_be32(XFS_ATTR3_RMT_MAGIC);
245 rmt->rm_offset = cpu_to_be32(offset);
246 rmt->rm_bytes = cpu_to_be32(size);
247 uuid_copy(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid);
248 rmt->rm_owner = cpu_to_be64(ino);
249 rmt->rm_blkno = cpu_to_be64(bno);
252 * Remote attribute blocks are written synchronously, so we don't
253 * have an LSN that we can stamp in them that makes any sense to log
254 * recovery. To ensure that log recovery handles overwrites of these
255 * blocks sanely (i.e. once they've been freed and reallocated as some
256 * other type of metadata) we need to ensure that the LSN has a value
257 * that tells log recovery to ignore the LSN and overwrite the buffer
258 * with whatever is in it's log. To do this, we use the magic
259 * NULLCOMMITLSN to indicate that the LSN is invalid.
261 rmt->rm_lsn = cpu_to_be64(NULLCOMMITLSN);
263 return sizeof(struct xfs_attr3_rmt_hdr);
267 * Helper functions to copy attribute data in and out of the one disk extents
270 xfs_attr_rmtval_copyout(
271 struct xfs_mount *mp,
278 char *src = bp->b_addr;
279 xfs_daddr_t bno = bp->b_bn;
280 int len = BBTOB(bp->b_length);
281 int blksize = mp->m_attr_geo->blksize;
283 ASSERT(len >= blksize);
285 while (len > 0 && *valuelen > 0) {
287 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
289 byte_cnt = min(*valuelen, byte_cnt);
291 if (xfs_sb_version_hascrc(&mp->m_sb)) {
292 if (xfs_attr3_rmt_hdr_ok(src, ino, *offset,
295 "remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
296 bno, *offset, byte_cnt, ino);
297 return -EFSCORRUPTED;
299 hdr_size = sizeof(struct xfs_attr3_rmt_hdr);
302 memcpy(*dst, src + hdr_size, byte_cnt);
304 /* roll buffer forwards */
307 bno += BTOBB(blksize);
309 /* roll attribute data forwards */
310 *valuelen -= byte_cnt;
318 xfs_attr_rmtval_copyin(
319 struct xfs_mount *mp,
326 char *dst = bp->b_addr;
327 xfs_daddr_t bno = bp->b_bn;
328 int len = BBTOB(bp->b_length);
329 int blksize = mp->m_attr_geo->blksize;
331 ASSERT(len >= blksize);
333 while (len > 0 && *valuelen > 0) {
335 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
337 byte_cnt = min(*valuelen, byte_cnt);
338 hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset,
341 memcpy(dst + hdr_size, *src, byte_cnt);
344 * If this is the last block, zero the remainder of it.
345 * Check that we are actually the last block, too.
347 if (byte_cnt + hdr_size < blksize) {
348 ASSERT(*valuelen - byte_cnt == 0);
349 ASSERT(len == blksize);
350 memset(dst + hdr_size + byte_cnt, 0,
351 blksize - hdr_size - byte_cnt);
354 /* roll buffer forwards */
357 bno += BTOBB(blksize);
359 /* roll attribute data forwards */
360 *valuelen -= byte_cnt;
367 * Read the value associated with an attribute from the out-of-line buffer
368 * that we stored it in.
372 struct xfs_da_args *args)
374 struct xfs_bmbt_irec map[ATTR_RMTVALUE_MAPSIZE];
375 struct xfs_mount *mp = args->dp->i_mount;
377 xfs_dablk_t lblkno = args->rmtblkno;
378 uint8_t *dst = args->value;
382 int blkcnt = args->rmtblkcnt;
386 trace_xfs_attr_rmtval_get(args);
388 ASSERT(!(args->flags & ATTR_KERNOVAL));
389 ASSERT(args->rmtvaluelen == args->valuelen);
391 valuelen = args->rmtvaluelen;
392 while (valuelen > 0) {
393 nmap = ATTR_RMTVALUE_MAPSIZE;
394 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
401 for (i = 0; (i < nmap) && (valuelen > 0); i++) {
405 ASSERT((map[i].br_startblock != DELAYSTARTBLOCK) &&
406 (map[i].br_startblock != HOLESTARTBLOCK));
407 dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock);
408 dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount);
409 error = xfs_trans_read_buf(mp, args->trans,
411 dblkno, dblkcnt, 0, &bp,
412 &xfs_attr3_rmt_buf_ops);
416 error = xfs_attr_rmtval_copyout(mp, bp, args->dp->i_ino,
419 xfs_trans_brelse(args->trans, bp);
423 /* roll attribute extent map forwards */
424 lblkno += map[i].br_blockcount;
425 blkcnt -= map[i].br_blockcount;
428 ASSERT(valuelen == 0);
433 * Write the value associated with an attribute into the out-of-line buffer
434 * that we have defined for it.
438 struct xfs_da_args *args)
440 struct xfs_inode *dp = args->dp;
441 struct xfs_mount *mp = dp->i_mount;
442 struct xfs_bmbt_irec map;
444 xfs_fileoff_t lfileoff = 0;
445 uint8_t *src = args->value;
452 trace_xfs_attr_rmtval_set(args);
455 * Find a "hole" in the attribute address space large enough for
456 * us to drop the new attribute's value into. Because CRC enable
457 * attributes have headers, we can't just do a straight byte to FSB
458 * conversion and have to take the header space into account.
460 blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen);
461 error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,
466 args->rmtblkno = lblkno = (xfs_dablk_t)lfileoff;
467 args->rmtblkcnt = blkcnt;
470 * Roll through the "value", allocating blocks on disk as required.
474 * Allocate a single extent, up to the size of the value.
476 * Note that we have to consider this a data allocation as we
477 * write the remote attribute without logging the contents.
478 * Hence we must ensure that we aren't using blocks that are on
479 * the busy list so that we don't overwrite blocks which have
480 * recently been freed but their transactions are not yet
481 * committed to disk. If we overwrite the contents of a busy
482 * extent and then crash then the block may not contain the
483 * correct metadata after log recovery occurs.
486 error = xfs_bmapi_write(args->trans, dp, (xfs_fileoff_t)lblkno,
487 blkcnt, XFS_BMAPI_ATTRFORK, args->total, &map,
491 error = xfs_defer_finish(&args->trans);
496 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
497 (map.br_startblock != HOLESTARTBLOCK));
498 lblkno += map.br_blockcount;
499 blkcnt -= map.br_blockcount;
502 * Start the next trans in the chain.
504 error = xfs_trans_roll_inode(&args->trans, dp);
510 * Roll through the "value", copying the attribute value to the
511 * already-allocated blocks. Blocks are written synchronously
512 * so that we can know they are all on disk before we turn off
513 * the INCOMPLETE flag.
515 lblkno = args->rmtblkno;
516 blkcnt = args->rmtblkcnt;
517 valuelen = args->rmtvaluelen;
518 while (valuelen > 0) {
526 error = xfs_bmapi_read(dp, (xfs_fileoff_t)lblkno,
532 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
533 (map.br_startblock != HOLESTARTBLOCK));
535 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
536 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
538 bp = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0);
541 bp->b_ops = &xfs_attr3_rmt_buf_ops;
543 xfs_attr_rmtval_copyin(mp, bp, args->dp->i_ino, &offset,
546 error = xfs_bwrite(bp); /* GROT: NOTE: synchronous write */
552 /* roll attribute extent map forwards */
553 lblkno += map.br_blockcount;
554 blkcnt -= map.br_blockcount;
556 ASSERT(valuelen == 0);
561 * Remove the value associated with an attribute by deleting the
562 * out-of-line buffer that it is stored on.
565 xfs_attr_rmtval_remove(
566 struct xfs_da_args *args)
568 struct xfs_mount *mp = args->dp->i_mount;
574 trace_xfs_attr_rmtval_remove(args);
577 * Roll through the "value", invalidating the attribute value's blocks.
579 lblkno = args->rmtblkno;
580 blkcnt = args->rmtblkcnt;
582 struct xfs_bmbt_irec map;
589 * Try to remember where we decided to put the value.
592 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
593 blkcnt, &map, &nmap, XFS_BMAPI_ATTRFORK);
597 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
598 (map.br_startblock != HOLESTARTBLOCK));
600 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
601 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
604 * If the "remote" value is in the cache, remove it.
606 bp = xfs_buf_incore(mp->m_ddev_targp, dblkno, dblkcnt, XBF_TRYLOCK);
613 lblkno += map.br_blockcount;
614 blkcnt -= map.br_blockcount;
618 * Keep de-allocating extents until the remote-value region is gone.
620 lblkno = args->rmtblkno;
621 blkcnt = args->rmtblkcnt;
624 error = xfs_bunmapi(args->trans, args->dp, lblkno, blkcnt,
625 XFS_BMAPI_ATTRFORK, 1, &done);
628 error = xfs_defer_finish(&args->trans);
633 * Close out trans and start the next one in the chain.
635 error = xfs_trans_roll_inode(&args->trans, args->dp);