2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * Copyright (c) 2013 Red Hat, Inc.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it would be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 #include "xfs_shared.h"
22 #include "xfs_format.h"
23 #include "xfs_log_format.h"
24 #include "xfs_trans_resv.h"
25 #include "xfs_mount.h"
26 #include "xfs_inode.h"
27 #include "xfs_quota.h"
28 #include "xfs_trans.h"
30 #include "xfs_error.h"
31 #include "xfs_cksum.h"
32 #include "xfs_trace.h"
35 xfs_calc_dquots_per_chunk(
36 unsigned int nbblks) /* basic block units */
39 return BBTOB(nbblks) / sizeof(xfs_dqblk_t);
43 * Do some primitive error checking on ondisk dquot data structures.
48 xfs_disk_dquot_t *ddq,
50 uint type, /* used only when IO_dorepair is true */
54 xfs_dqblk_t *d = (xfs_dqblk_t *)ddq;
58 * We can encounter an uninitialized dquot buffer for 2 reasons:
59 * 1. If we crash while deleting the quotainode(s), and those blks got
60 * used for user data. This is because we take the path of regular
61 * file deletion; however, the size field of quotainodes is never
62 * updated, so all the tricks that we play in itruncate_finish
65 * 2. We don't play the quota buffers when there's a quotaoff logitem.
66 * But the allocation will be replayed so we'll end up with an
67 * uninitialized quota block.
69 * This is all fine; things are still consistent, and we haven't lost
70 * any quota information. Just don't complain about bad dquot blks.
72 if (ddq->d_magic != cpu_to_be16(XFS_DQUOT_MAGIC)) {
73 if (flags & XFS_QMOPT_DOWARN)
75 "%s : XFS dquot ID 0x%x, magic 0x%x != 0x%x",
76 str, id, be16_to_cpu(ddq->d_magic), XFS_DQUOT_MAGIC);
79 if (ddq->d_version != XFS_DQUOT_VERSION) {
80 if (flags & XFS_QMOPT_DOWARN)
82 "%s : XFS dquot ID 0x%x, version 0x%x != 0x%x",
83 str, id, ddq->d_version, XFS_DQUOT_VERSION);
87 if (ddq->d_flags != XFS_DQ_USER &&
88 ddq->d_flags != XFS_DQ_PROJ &&
89 ddq->d_flags != XFS_DQ_GROUP) {
90 if (flags & XFS_QMOPT_DOWARN)
92 "%s : XFS dquot ID 0x%x, unknown flags 0x%x",
93 str, id, ddq->d_flags);
97 if (id != -1 && id != be32_to_cpu(ddq->d_id)) {
98 if (flags & XFS_QMOPT_DOWARN)
100 "%s : ondisk-dquot 0x%p, ID mismatch: "
101 "0x%x expected, found id 0x%x",
102 str, ddq, id, be32_to_cpu(ddq->d_id));
106 if (!errs && ddq->d_id) {
107 if (ddq->d_blk_softlimit &&
108 be64_to_cpu(ddq->d_bcount) >
109 be64_to_cpu(ddq->d_blk_softlimit)) {
110 if (!ddq->d_btimer) {
111 if (flags & XFS_QMOPT_DOWARN)
113 "%s : Dquot ID 0x%x (0x%p) BLK TIMER NOT STARTED",
114 str, (int)be32_to_cpu(ddq->d_id), ddq);
118 if (ddq->d_ino_softlimit &&
119 be64_to_cpu(ddq->d_icount) >
120 be64_to_cpu(ddq->d_ino_softlimit)) {
121 if (!ddq->d_itimer) {
122 if (flags & XFS_QMOPT_DOWARN)
124 "%s : Dquot ID 0x%x (0x%p) INODE TIMER NOT STARTED",
125 str, (int)be32_to_cpu(ddq->d_id), ddq);
129 if (ddq->d_rtb_softlimit &&
130 be64_to_cpu(ddq->d_rtbcount) >
131 be64_to_cpu(ddq->d_rtb_softlimit)) {
132 if (!ddq->d_rtbtimer) {
133 if (flags & XFS_QMOPT_DOWARN)
135 "%s : Dquot ID 0x%x (0x%p) RTBLK TIMER NOT STARTED",
136 str, (int)be32_to_cpu(ddq->d_id), ddq);
142 if (!errs || !(flags & XFS_QMOPT_DQREPAIR))
145 if (flags & XFS_QMOPT_DOWARN)
146 xfs_notice(mp, "Re-initializing dquot ID 0x%x", id);
149 * Typically, a repair is only requested by quotacheck.
152 ASSERT(flags & XFS_QMOPT_DQREPAIR);
153 memset(d, 0, sizeof(xfs_dqblk_t));
155 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
156 d->dd_diskdq.d_version = XFS_DQUOT_VERSION;
157 d->dd_diskdq.d_flags = type;
158 d->dd_diskdq.d_id = cpu_to_be32(id);
160 if (xfs_sb_version_hascrc(&mp->m_sb)) {
161 uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid);
162 xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk),
170 xfs_dquot_buf_verify_crc(
171 struct xfs_mount *mp,
174 struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr;
178 if (!xfs_sb_version_hascrc(&mp->m_sb))
182 * if we are in log recovery, the quota subsystem has not been
183 * initialised so we have no quotainfo structure. In that case, we need
184 * to manually calculate the number of dquots in the buffer.
187 ndquots = mp->m_quotainfo->qi_dqperchunk;
189 ndquots = xfs_calc_dquots_per_chunk(bp->b_length);
191 for (i = 0; i < ndquots; i++, d++) {
192 if (!xfs_verify_cksum((char *)d, sizeof(struct xfs_dqblk),
195 if (!uuid_equal(&d->dd_uuid, &mp->m_sb.sb_meta_uuid))
202 xfs_dquot_buf_verify(
203 struct xfs_mount *mp,
207 struct xfs_dqblk *d = (struct xfs_dqblk *)bp->b_addr;
213 * if we are in log recovery, the quota subsystem has not been
214 * initialised so we have no quotainfo structure. In that case, we need
215 * to manually calculate the number of dquots in the buffer.
218 ndquots = mp->m_quotainfo->qi_dqperchunk;
220 ndquots = xfs_calc_dquots_per_chunk(bp->b_length);
223 * On the first read of the buffer, verify that each dquot is valid.
224 * We don't know what the id of the dquot is supposed to be, just that
225 * they should be increasing monotonically within the buffer. If the
226 * first id is corrupt, then it will fail on the second dquot in the
227 * buffer so corruptions could point to the wrong dquot in this case.
229 for (i = 0; i < ndquots; i++) {
230 struct xfs_disk_dquot *ddq;
233 ddq = &d[i].dd_diskdq;
236 id = be32_to_cpu(ddq->d_id);
238 error = xfs_dqcheck(mp, ddq, id + i, 0, warn, __func__);
246 xfs_dquot_buf_read_verify(
249 struct xfs_mount *mp = bp->b_target->bt_mount;
251 if (!xfs_dquot_buf_verify_crc(mp, bp))
252 xfs_buf_ioerror(bp, -EFSBADCRC);
253 else if (!xfs_dquot_buf_verify(mp, bp, XFS_QMOPT_DOWARN))
254 xfs_buf_ioerror(bp, -EFSCORRUPTED);
257 xfs_verifier_error(bp);
261 * readahead errors are silent and simply leave the buffer as !done so a real
262 * read will then be run with the xfs_dquot_buf_ops verifier. See
263 * xfs_inode_buf_verify() for why we use EIO and ~XBF_DONE here rather than
264 * reporting the failure.
267 xfs_dquot_buf_readahead_verify(
270 struct xfs_mount *mp = bp->b_target->bt_mount;
272 if (!xfs_dquot_buf_verify_crc(mp, bp) ||
273 !xfs_dquot_buf_verify(mp, bp, 0)) {
274 xfs_buf_ioerror(bp, -EIO);
275 bp->b_flags &= ~XBF_DONE;
280 * we don't calculate the CRC here as that is done when the dquot is flushed to
281 * the buffer after the update is done. This ensures that the dquot in the
282 * buffer always has an up-to-date CRC value.
285 xfs_dquot_buf_write_verify(
288 struct xfs_mount *mp = bp->b_target->bt_mount;
290 if (!xfs_dquot_buf_verify(mp, bp, XFS_QMOPT_DOWARN)) {
291 xfs_buf_ioerror(bp, -EFSCORRUPTED);
292 xfs_verifier_error(bp);
297 const struct xfs_buf_ops xfs_dquot_buf_ops = {
299 .verify_read = xfs_dquot_buf_read_verify,
300 .verify_write = xfs_dquot_buf_write_verify,
303 const struct xfs_buf_ops xfs_dquot_buf_ra_ops = {
304 .name = "xfs_dquot_ra",
305 .verify_read = xfs_dquot_buf_readahead_verify,
306 .verify_write = xfs_dquot_buf_write_verify,
projects / releases.git / blob