1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * Copyright (c) 2013 Red Hat, Inc.
9 #include "xfs_shared.h"
10 #include "xfs_format.h"
11 #include "xfs_log_format.h"
12 #include "xfs_trans_resv.h"
14 #include "xfs_mount.h"
15 #include "xfs_defer.h"
16 #include "xfs_da_format.h"
17 #include "xfs_da_btree.h"
18 #include "xfs_inode.h"
19 #include "xfs_trans.h"
22 #include "xfs_attr_remote.h"
23 #include "xfs_trace.h"
24 #include "xfs_error.h"
25 #include "xfs_health.h"
27 #define ATTR_RMTVALUE_MAPSIZE 1 /* # of map entries at once */
30 * Remote Attribute Values
31 * =======================
33 * Remote extended attribute values are conceptually simple -- they're written
34 * to data blocks mapped by an inode's attribute fork, and they have an upper
35 * size limit of 64k. Setting a value does not involve the XFS log.
37 * However, on a v5 filesystem, maximally sized remote attr values require one
38 * block more than 64k worth of space to hold both the remote attribute value
39 * header (64 bytes). On a 4k block filesystem this results in a 68k buffer;
40 * on a 64k block filesystem, this would be a 128k buffer. Note that the log
41 * format can only handle a dirty buffer of XFS_MAX_BLOCKSIZE length (64k).
42 * Therefore, we /must/ ensure that remote attribute value buffers never touch
43 * the logging system and therefore never have a log item.
47 * Each contiguous block has a header, so it is not just a simple attribute
48 * length to FSB conversion.
55 if (xfs_has_crc(mp)) {
56 int buflen = XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
57 return (attrlen + buflen - 1) / buflen;
59 return XFS_B_TO_FSB(mp, attrlen);
63 * Checking of the remote attribute header is split into two parts. The verifier
64 * does CRC, location and bounds checking, the unpacking function checks the
65 * attribute parameters and owner.
75 struct xfs_attr3_rmt_hdr *rmt = ptr;
77 if (bno != be64_to_cpu(rmt->rm_blkno))
78 return __this_address;
79 if (offset != be32_to_cpu(rmt->rm_offset))
80 return __this_address;
81 if (size != be32_to_cpu(rmt->rm_bytes))
82 return __this_address;
83 if (ino != be64_to_cpu(rmt->rm_owner))
84 return __this_address;
98 struct xfs_attr3_rmt_hdr *rmt = ptr;
100 if (!xfs_verify_magic(bp, rmt->rm_magic))
101 return __this_address;
102 if (!uuid_equal(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid))
103 return __this_address;
104 if (be64_to_cpu(rmt->rm_blkno) != bno)
105 return __this_address;
106 if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
107 return __this_address;
108 if (be32_to_cpu(rmt->rm_offset) +
109 be32_to_cpu(rmt->rm_bytes) > XFS_XATTR_SIZE_MAX)
110 return __this_address;
111 if (rmt->rm_owner == 0)
112 return __this_address;
118 __xfs_attr3_rmt_read_verify(
121 xfs_failaddr_t *failaddr)
123 struct xfs_mount *mp = bp->b_mount;
127 int blksize = mp->m_attr_geo->blksize;
129 /* no verification of non-crc buffers */
130 if (!xfs_has_crc(mp))
134 bno = xfs_buf_daddr(bp);
135 len = BBTOB(bp->b_length);
136 ASSERT(len >= blksize);
140 !xfs_verify_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF)) {
141 *failaddr = __this_address;
144 *failaddr = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
146 return -EFSCORRUPTED;
149 bno += BTOBB(blksize);
153 *failaddr = __this_address;
154 return -EFSCORRUPTED;
161 xfs_attr3_rmt_read_verify(
167 error = __xfs_attr3_rmt_read_verify(bp, true, &fa);
169 xfs_verifier_error(bp, error, fa);
172 static xfs_failaddr_t
173 xfs_attr3_rmt_verify_struct(
179 error = __xfs_attr3_rmt_read_verify(bp, false, &fa);
180 return error ? fa : NULL;
184 xfs_attr3_rmt_write_verify(
187 struct xfs_mount *mp = bp->b_mount;
189 int blksize = mp->m_attr_geo->blksize;
194 /* no verification of non-crc buffers */
195 if (!xfs_has_crc(mp))
199 bno = xfs_buf_daddr(bp);
200 len = BBTOB(bp->b_length);
201 ASSERT(len >= blksize);
204 struct xfs_attr3_rmt_hdr *rmt = (struct xfs_attr3_rmt_hdr *)ptr;
206 fa = xfs_attr3_rmt_verify(mp, bp, ptr, blksize, bno);
208 xfs_verifier_error(bp, -EFSCORRUPTED, fa);
213 * Ensure we aren't writing bogus LSNs to disk. See
214 * xfs_attr3_rmt_hdr_set() for the explanation.
216 if (rmt->rm_lsn != cpu_to_be64(NULLCOMMITLSN)) {
217 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
220 xfs_update_cksum(ptr, blksize, XFS_ATTR3_RMT_CRC_OFF);
224 bno += BTOBB(blksize);
228 xfs_verifier_error(bp, -EFSCORRUPTED, __this_address);
231 const struct xfs_buf_ops xfs_attr3_rmt_buf_ops = {
232 .name = "xfs_attr3_rmt",
233 .magic = { 0, cpu_to_be32(XFS_ATTR3_RMT_MAGIC) },
234 .verify_read = xfs_attr3_rmt_read_verify,
235 .verify_write = xfs_attr3_rmt_write_verify,
236 .verify_struct = xfs_attr3_rmt_verify_struct,
240 xfs_attr3_rmt_hdr_set(
241 struct xfs_mount *mp,
248 struct xfs_attr3_rmt_hdr *rmt = ptr;
250 if (!xfs_has_crc(mp))
253 rmt->rm_magic = cpu_to_be32(XFS_ATTR3_RMT_MAGIC);
254 rmt->rm_offset = cpu_to_be32(offset);
255 rmt->rm_bytes = cpu_to_be32(size);
256 uuid_copy(&rmt->rm_uuid, &mp->m_sb.sb_meta_uuid);
257 rmt->rm_owner = cpu_to_be64(ino);
258 rmt->rm_blkno = cpu_to_be64(bno);
261 * Remote attribute blocks are written synchronously, so we don't
262 * have an LSN that we can stamp in them that makes any sense to log
263 * recovery. To ensure that log recovery handles overwrites of these
264 * blocks sanely (i.e. once they've been freed and reallocated as some
265 * other type of metadata) we need to ensure that the LSN has a value
266 * that tells log recovery to ignore the LSN and overwrite the buffer
267 * with whatever is in it's log. To do this, we use the magic
268 * NULLCOMMITLSN to indicate that the LSN is invalid.
270 rmt->rm_lsn = cpu_to_be64(NULLCOMMITLSN);
272 return sizeof(struct xfs_attr3_rmt_hdr);
276 * Helper functions to copy attribute data in and out of the one disk extents
279 xfs_attr_rmtval_copyout(
280 struct xfs_mount *mp,
282 struct xfs_inode *dp,
287 char *src = bp->b_addr;
288 xfs_ino_t ino = dp->i_ino;
289 xfs_daddr_t bno = xfs_buf_daddr(bp);
290 int len = BBTOB(bp->b_length);
291 int blksize = mp->m_attr_geo->blksize;
293 ASSERT(len >= blksize);
295 while (len > 0 && *valuelen > 0) {
297 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
299 byte_cnt = min(*valuelen, byte_cnt);
301 if (xfs_has_crc(mp)) {
302 if (xfs_attr3_rmt_hdr_ok(src, ino, *offset,
305 "remote attribute header mismatch bno/off/len/owner (0x%llx/0x%x/Ox%x/0x%llx)",
306 bno, *offset, byte_cnt, ino);
307 xfs_dirattr_mark_sick(dp, XFS_ATTR_FORK);
308 return -EFSCORRUPTED;
310 hdr_size = sizeof(struct xfs_attr3_rmt_hdr);
313 memcpy(*dst, src + hdr_size, byte_cnt);
315 /* roll buffer forwards */
318 bno += BTOBB(blksize);
320 /* roll attribute data forwards */
321 *valuelen -= byte_cnt;
329 xfs_attr_rmtval_copyin(
330 struct xfs_mount *mp,
337 char *dst = bp->b_addr;
338 xfs_daddr_t bno = xfs_buf_daddr(bp);
339 int len = BBTOB(bp->b_length);
340 int blksize = mp->m_attr_geo->blksize;
342 ASSERT(len >= blksize);
344 while (len > 0 && *valuelen > 0) {
346 int byte_cnt = XFS_ATTR3_RMT_BUF_SPACE(mp, blksize);
348 byte_cnt = min(*valuelen, byte_cnt);
349 hdr_size = xfs_attr3_rmt_hdr_set(mp, dst, ino, *offset,
352 memcpy(dst + hdr_size, *src, byte_cnt);
355 * If this is the last block, zero the remainder of it.
356 * Check that we are actually the last block, too.
358 if (byte_cnt + hdr_size < blksize) {
359 ASSERT(*valuelen - byte_cnt == 0);
360 ASSERT(len == blksize);
361 memset(dst + hdr_size + byte_cnt, 0,
362 blksize - hdr_size - byte_cnt);
365 /* roll buffer forwards */
368 bno += BTOBB(blksize);
370 /* roll attribute data forwards */
371 *valuelen -= byte_cnt;
378 * Read the value associated with an attribute from the out-of-line buffer
379 * that we stored it in.
381 * Returns 0 on successful retrieval, otherwise an error.
385 struct xfs_da_args *args)
387 struct xfs_bmbt_irec map[ATTR_RMTVALUE_MAPSIZE];
388 struct xfs_mount *mp = args->dp->i_mount;
390 xfs_dablk_t lblkno = args->rmtblkno;
391 uint8_t *dst = args->value;
395 int blkcnt = args->rmtblkcnt;
399 trace_xfs_attr_rmtval_get(args);
401 ASSERT(args->valuelen != 0);
402 ASSERT(args->rmtvaluelen == args->valuelen);
404 valuelen = args->rmtvaluelen;
405 while (valuelen > 0) {
406 nmap = ATTR_RMTVALUE_MAPSIZE;
407 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
414 for (i = 0; (i < nmap) && (valuelen > 0); i++) {
418 ASSERT((map[i].br_startblock != DELAYSTARTBLOCK) &&
419 (map[i].br_startblock != HOLESTARTBLOCK));
420 dblkno = XFS_FSB_TO_DADDR(mp, map[i].br_startblock);
421 dblkcnt = XFS_FSB_TO_BB(mp, map[i].br_blockcount);
422 error = xfs_buf_read(mp->m_ddev_targp, dblkno, dblkcnt,
423 0, &bp, &xfs_attr3_rmt_buf_ops);
424 if (xfs_metadata_is_sick(error))
425 xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK);
429 error = xfs_attr_rmtval_copyout(mp, bp, args->dp,
436 /* roll attribute extent map forwards */
437 lblkno += map[i].br_blockcount;
438 blkcnt -= map[i].br_blockcount;
441 ASSERT(valuelen == 0);
446 * Find a "hole" in the attribute address space large enough for us to drop the
447 * new attributes value into
450 xfs_attr_rmt_find_hole(
451 struct xfs_da_args *args)
453 struct xfs_inode *dp = args->dp;
454 struct xfs_mount *mp = dp->i_mount;
457 xfs_fileoff_t lfileoff = 0;
460 * Because CRC enable attributes have headers, we can't just do a
461 * straight byte to FSB conversion and have to take the header space
464 blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen);
465 error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,
470 args->rmtblkno = (xfs_dablk_t)lfileoff;
471 args->rmtblkcnt = blkcnt;
477 xfs_attr_rmtval_set_value(
478 struct xfs_da_args *args)
480 struct xfs_inode *dp = args->dp;
481 struct xfs_mount *mp = dp->i_mount;
482 struct xfs_bmbt_irec map;
484 uint8_t *src = args->value;
492 * Roll through the "value", copying the attribute value to the
493 * already-allocated blocks. Blocks are written synchronously
494 * so that we can know they are all on disk before we turn off
495 * the INCOMPLETE flag.
497 lblkno = args->rmtblkno;
498 blkcnt = args->rmtblkcnt;
499 valuelen = args->rmtvaluelen;
500 while (valuelen > 0) {
508 error = xfs_bmapi_read(dp, (xfs_fileoff_t)lblkno,
514 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
515 (map.br_startblock != HOLESTARTBLOCK));
517 dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock),
518 dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount);
520 error = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, &bp);
523 bp->b_ops = &xfs_attr3_rmt_buf_ops;
525 xfs_attr_rmtval_copyin(mp, bp, args->dp->i_ino, &offset,
528 error = xfs_bwrite(bp); /* GROT: NOTE: synchronous write */
534 /* roll attribute extent map forwards */
535 lblkno += map.br_blockcount;
536 blkcnt -= map.br_blockcount;
538 ASSERT(valuelen == 0);
542 /* Mark stale any incore buffers for the remote value. */
544 xfs_attr_rmtval_stale(
545 struct xfs_inode *ip,
546 struct xfs_bmbt_irec *map,
547 xfs_buf_flags_t incore_flags)
549 struct xfs_mount *mp = ip->i_mount;
553 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
555 if (XFS_IS_CORRUPT(mp, map->br_startblock == DELAYSTARTBLOCK) ||
556 XFS_IS_CORRUPT(mp, map->br_startblock == HOLESTARTBLOCK)) {
557 xfs_bmap_mark_sick(ip, XFS_ATTR_FORK);
558 return -EFSCORRUPTED;
561 error = xfs_buf_incore(mp->m_ddev_targp,
562 XFS_FSB_TO_DADDR(mp, map->br_startblock),
563 XFS_FSB_TO_BB(mp, map->br_blockcount),
566 if (error == -ENOENT)
577 * Find a hole for the attr and store it in the delayed attr context. This
578 * initializes the context to roll through allocating an attr extent for a
579 * delayed attr operation
582 xfs_attr_rmtval_find_space(
583 struct xfs_attr_intent *attr)
585 struct xfs_da_args *args = attr->xattri_da_args;
586 struct xfs_bmbt_irec *map = &attr->xattri_map;
589 attr->xattri_lblkno = 0;
590 attr->xattri_blkcnt = 0;
593 memset(map, 0, sizeof(struct xfs_bmbt_irec));
595 error = xfs_attr_rmt_find_hole(args);
599 attr->xattri_blkcnt = args->rmtblkcnt;
600 attr->xattri_lblkno = args->rmtblkno;
606 * Write one block of the value associated with an attribute into the
607 * out-of-line buffer that we have defined for it. This is similar to a subset
608 * of xfs_attr_rmtval_set, but records the current block to the delayed attr
609 * context, and leaves transaction handling to the caller.
612 xfs_attr_rmtval_set_blk(
613 struct xfs_attr_intent *attr)
615 struct xfs_da_args *args = attr->xattri_da_args;
616 struct xfs_inode *dp = args->dp;
617 struct xfs_bmbt_irec *map = &attr->xattri_map;
622 error = xfs_bmapi_write(args->trans, dp,
623 (xfs_fileoff_t)attr->xattri_lblkno,
624 attr->xattri_blkcnt, XFS_BMAPI_ATTRFORK, args->total,
630 ASSERT((map->br_startblock != DELAYSTARTBLOCK) &&
631 (map->br_startblock != HOLESTARTBLOCK));
633 /* roll attribute extent map forwards */
634 attr->xattri_lblkno += map->br_blockcount;
635 attr->xattri_blkcnt -= map->br_blockcount;
641 * Remove the value associated with an attribute by deleting the
642 * out-of-line buffer that it is stored on.
645 xfs_attr_rmtval_invalidate(
646 struct xfs_da_args *args)
653 * Roll through the "value", invalidating the attribute value's blocks.
655 lblkno = args->rmtblkno;
656 blkcnt = args->rmtblkcnt;
658 struct xfs_bmbt_irec map;
662 * Try to remember where we decided to put the value.
665 error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,
666 blkcnt, &map, &nmap, XFS_BMAPI_ATTRFORK);
669 if (XFS_IS_CORRUPT(args->dp->i_mount, nmap != 1)) {
670 xfs_bmap_mark_sick(args->dp, XFS_ATTR_FORK);
671 return -EFSCORRUPTED;
673 error = xfs_attr_rmtval_stale(args->dp, &map, XBF_TRYLOCK);
677 lblkno += map.br_blockcount;
678 blkcnt -= map.br_blockcount;
684 * Remove the value associated with an attribute by deleting the out-of-line
685 * buffer that it is stored on. Returns -EAGAIN for the caller to refresh the
686 * transaction and re-call the function. Callers should keep calling this
687 * routine until it returns something other than -EAGAIN.
690 xfs_attr_rmtval_remove(
691 struct xfs_attr_intent *attr)
693 struct xfs_da_args *args = attr->xattri_da_args;
697 * Unmap value blocks for this attr.
699 error = xfs_bunmapi(args->trans, args->dp, args->rmtblkno,
700 args->rmtblkcnt, XFS_BMAPI_ATTRFORK, 1, &done);
705 * We don't need an explicit state here to pick up where we left off. We
706 * can figure it out using the !done return code. The actual value of
707 * attr->xattri_dela_state may be some value reminiscent of the calling
708 * function, but it's value is irrelevant with in the context of this
709 * function. Once we are done here, the next state is set as needed by
713 trace_xfs_attr_rmtval_remove_return(attr->xattri_dela_state,