fs/xfs/scrub/quota.c

   1 /*
   2  * Copyright (C) 2017 Oracle.  All Rights Reserved.
   3  *
   4  * Author: Darrick J. Wong <darrick.wong@oracle.com>
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version 2
   9  * of the License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it would be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write the Free Software Foundation,
  18  * Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301, USA.
  19  */
  20 #include "xfs.h"
  21 #include "xfs_fs.h"
  22 #include "xfs_shared.h"
  23 #include "xfs_format.h"
  24 #include "xfs_trans_resv.h"
  25 #include "xfs_mount.h"
  26 #include "xfs_defer.h"
  27 #include "xfs_btree.h"
  28 #include "xfs_bit.h"
  29 #include "xfs_log_format.h"
  30 #include "xfs_trans.h"
  31 #include "xfs_sb.h"
  32 #include "xfs_inode.h"
  33 #include "xfs_inode_fork.h"
  34 #include "xfs_alloc.h"
  35 #include "xfs_bmap.h"
  36 #include "xfs_quota.h"
  37 #include "xfs_qm.h"
  38 #include "xfs_dquot.h"
  39 #include "xfs_dquot_item.h"
  40 #include "scrub/xfs_scrub.h"
  41 #include "scrub/scrub.h"
  42 #include "scrub/common.h"
  43 #include "scrub/trace.h"
  44
  45 /* Convert a scrub type code to a DQ flag, or return 0 if error. */
  46 static inline uint
  47 xfs_scrub_quota_to_dqtype(
  48         struct xfs_scrub_context        *sc)
  49 {
  50         switch (sc->sm->sm_type) {
  51         case XFS_SCRUB_TYPE_UQUOTA:
  52                 return XFS_DQ_USER;
  53         case XFS_SCRUB_TYPE_GQUOTA:
  54                 return XFS_DQ_GROUP;
  55         case XFS_SCRUB_TYPE_PQUOTA:
  56                 return XFS_DQ_PROJ;
  57         default:
  58                 return 0;
  59         }
  60 }
  61
  62 /* Set us up to scrub a quota. */
  63 int
  64 xfs_scrub_setup_quota(
  65         struct xfs_scrub_context        *sc,
  66         struct xfs_inode                *ip)
  67 {
  68         uint                            dqtype;
  69
  70         /*
  71          * If userspace gave us an AG number or inode data, they don't
  72          * know what they're doing.  Get out.
  73          */
  74         if (sc->sm->sm_agno || sc->sm->sm_ino || sc->sm->sm_gen)
  75                 return -EINVAL;
  76
  77         dqtype = xfs_scrub_quota_to_dqtype(sc);
  78         if (dqtype == 0)
  79                 return -EINVAL;
  80         if (!xfs_this_quota_on(sc->mp, dqtype))
  81                 return -ENOENT;
  82         return 0;
  83 }
  84
  85 /* Quotas. */
  86
  87 /* Scrub the fields in an individual quota item. */
  88 STATIC void
  89 xfs_scrub_quota_item(
  90         struct xfs_scrub_context        *sc,
  91         uint                            dqtype,
  92         struct xfs_dquot                *dq,
  93         xfs_dqid_t                      id)
  94 {
  95         struct xfs_mount                *mp = sc->mp;
  96         struct xfs_disk_dquot           *d = &dq->q_core;
  97         struct xfs_quotainfo            *qi = mp->m_quotainfo;
  98         xfs_fileoff_t                   offset;
  99         unsigned long long              bsoft;
 100         unsigned long long              isoft;
 101         unsigned long long              rsoft;
 102         unsigned long long              bhard;
 103         unsigned long long              ihard;
 104         unsigned long long              rhard;
 105         unsigned long long              bcount;
 106         unsigned long long              icount;
 107         unsigned long long              rcount;
 108         xfs_ino_t                       fs_icount;
 109
 110         offset = id * qi->qi_dqperchunk;
 111
 112         /*
 113          * We fed $id and DQNEXT into the xfs_qm_dqget call, which means
 114          * that the actual dquot we got must either have the same id or
 115          * the next higher id.
 116          */
 117         if (id > be32_to_cpu(d->d_id))
 118                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 119
 120         /* Did we get the dquot type we wanted? */
 121         if (dqtype != (d->d_flags & XFS_DQ_ALLTYPES))
 122                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 123
 124         if (d->d_pad0 != cpu_to_be32(0) || d->d_pad != cpu_to_be16(0))
 125                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 126
 127         /* Check the limits. */
 128         bhard = be64_to_cpu(d->d_blk_hardlimit);
 129         ihard = be64_to_cpu(d->d_ino_hardlimit);
 130         rhard = be64_to_cpu(d->d_rtb_hardlimit);
 131
 132         bsoft = be64_to_cpu(d->d_blk_softlimit);
 133         isoft = be64_to_cpu(d->d_ino_softlimit);
 134         rsoft = be64_to_cpu(d->d_rtb_softlimit);
 135
 136         /*
 137          * Warn if the hard limits are larger than the fs.
 138          * Administrators can do this, though in production this seems
 139          * suspect, which is why we flag it for review.
 140          *
 141          * Complain about corruption if the soft limit is greater than
 142          * the hard limit.
 143          */
 144         if (bhard > mp->m_sb.sb_dblocks)
 145                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 146         if (bsoft > bhard)
 147                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 148
 149         if (ihard > mp->m_maxicount)
 150                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 151         if (isoft > ihard)
 152                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 153
 154         if (rhard > mp->m_sb.sb_rblocks)
 155                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 156         if (rsoft > rhard)
 157                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 158
 159         /* Check the resource counts. */
 160         bcount = be64_to_cpu(d->d_bcount);
 161         icount = be64_to_cpu(d->d_icount);
 162         rcount = be64_to_cpu(d->d_rtbcount);
 163         fs_icount = percpu_counter_sum(&mp->m_icount);
 164
 165         /*
 166          * Check that usage doesn't exceed physical limits.  However, on
 167          * a reflink filesystem we're allowed to exceed physical space
 168          * if there are no quota limits.
 169          */
 170         if (xfs_sb_version_hasreflink(&mp->m_sb)) {
 171                 if (mp->m_sb.sb_dblocks < bcount)
 172                         xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK,
 173                                         offset);
 174         } else {
 175                 if (mp->m_sb.sb_dblocks < bcount)
 176                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 177                                         offset);
 178         }
 179         if (icount > fs_icount || rcount > mp->m_sb.sb_rblocks)
 180                 xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);
 181
 182         /*
 183          * We can violate the hard limits if the admin suddenly sets a
 184          * lower limit than the actual usage.  However, we flag it for
 185          * admin review.
 186          */
 187         if (id != 0 && bhard != 0 && bcount > bhard)
 188                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 189         if (id != 0 && ihard != 0 && icount > ihard)
 190                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 191         if (id != 0 && rhard != 0 && rcount > rhard)
 192                 xfs_scrub_fblock_set_warning(sc, XFS_DATA_FORK, offset);
 193 }
 194
 195 /* Scrub all of a quota type's items. */
 196 int
 197 xfs_scrub_quota(
 198         struct xfs_scrub_context        *sc)
 199 {
 200         struct xfs_bmbt_irec            irec = { 0 };
 201         struct xfs_mount                *mp = sc->mp;
 202         struct xfs_inode                *ip;
 203         struct xfs_quotainfo            *qi = mp->m_quotainfo;
 204         struct xfs_dquot                *dq;
 205         xfs_fileoff_t                   max_dqid_off;
 206         xfs_fileoff_t                   off = 0;
 207         xfs_dqid_t                      id = 0;
 208         uint                            dqtype;
 209         int                             nimaps;
 210         int                             error;
 211
 212         if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
 213                 return -ENOENT;
 214
 215         mutex_lock(&qi->qi_quotaofflock);
 216         dqtype = xfs_scrub_quota_to_dqtype(sc);
 217         if (!xfs_this_quota_on(sc->mp, dqtype)) {
 218                 error = -ENOENT;
 219                 goto out_unlock_quota;
 220         }
 221
 222         /* Attach to the quota inode and set sc->ip so that reporting works. */
 223         ip = xfs_quota_inode(sc->mp, dqtype);
 224         sc->ip = ip;
 225
 226         /* Look for problem extents. */
 227         xfs_ilock(ip, XFS_ILOCK_EXCL);
 228         if (ip->i_d.di_flags & XFS_DIFLAG_REALTIME) {
 229                 xfs_scrub_ino_set_corrupt(sc, sc->ip->i_ino, NULL);
 230                 goto out_unlock_inode;
 231         }
 232         max_dqid_off = ((xfs_dqid_t)-1) / qi->qi_dqperchunk;
 233         while (1) {
 234                 if (xfs_scrub_should_terminate(sc, &error))
 235                         break;
 236
 237                 off = irec.br_startoff + irec.br_blockcount;
 238                 nimaps = 1;
 239                 error = xfs_bmapi_read(ip, off, -1, &irec, &nimaps,
 240                                 XFS_BMAPI_ENTIRE);
 241                 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK, off,
 242                                 &error))
 243                         goto out_unlock_inode;
 244                 if (!nimaps)
 245                         break;
 246                 if (irec.br_startblock == HOLESTARTBLOCK)
 247                         continue;
 248
 249                 /* Check the extent record doesn't point to crap. */
 250                 if (irec.br_startblock + irec.br_blockcount <=
 251                     irec.br_startblock)
 252                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 253                                         irec.br_startoff);
 254                 if (!xfs_verify_fsbno(mp, irec.br_startblock) ||
 255                     !xfs_verify_fsbno(mp, irec.br_startblock +
 256                                         irec.br_blockcount - 1))
 257                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK,
 258                                         irec.br_startoff);
 259
 260                 /*
 261                  * Unwritten extents or blocks mapped above the highest
 262                  * quota id shouldn't happen.
 263                  */
 264                 if (isnullstartblock(irec.br_startblock) ||
 265                     irec.br_startoff > max_dqid_off ||
 266                     irec.br_startoff + irec.br_blockcount > max_dqid_off + 1)
 267                         xfs_scrub_fblock_set_corrupt(sc, XFS_DATA_FORK, off);
 268         }
 269         xfs_iunlock(ip, XFS_ILOCK_EXCL);
 270         if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
 271                 goto out;
 272
 273         /* Check all the quota items. */
 274         while (id < ((xfs_dqid_t)-1ULL)) {
 275                 if (xfs_scrub_should_terminate(sc, &error))
 276                         break;
 277
 278                 error = xfs_qm_dqget(mp, NULL, id, dqtype, XFS_QMOPT_DQNEXT,
 279                                 &dq);
 280                 if (error == -ENOENT)
 281                         break;
 282                 if (!xfs_scrub_fblock_process_error(sc, XFS_DATA_FORK,
 283                                 id * qi->qi_dqperchunk, &error))
 284                         break;
 285
 286                 xfs_scrub_quota_item(sc, dqtype, dq, id);
 287
 288                 id = be32_to_cpu(dq->q_core.d_id) + 1;
 289                 xfs_qm_dqput(dq);
 290                 if (!id)
 291                         break;
 292         }
 293
 294 out:
 295         /* We set sc->ip earlier, so make sure we clear it now. */
 296         sc->ip = NULL;
 297 out_unlock_quota:
 298         mutex_unlock(&qi->qi_quotaofflock);
 299         return error;
 300
 301 out_unlock_inode:
 302         xfs_iunlock(ip, XFS_ILOCK_EXCL);
 303         goto out;
 304 }