| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | // SPDX-License-Identifier: GPL-2.0 |
| 2 | /* |
| 3 | * linux/fs/ext4/block_validity.c |
| 4 | * |
| 5 | * Copyright (C) 2009 |
| 6 | * Theodore Ts'o (tytso@mit.edu) |
| 7 | * |
| 8 | * Track which blocks in the filesystem are metadata blocks that |
| 9 | * should never be used as data blocks by files or directories. |
| 10 | */ |
| 11 | |
| 12 | #include <linux/time.h> |
| 13 | #include <linux/fs.h> |
| 14 | #include <linux/namei.h> |
| 15 | #include <linux/quotaops.h> |
| 16 | #include <linux/buffer_head.h> |
| 17 | #include <linux/swap.h> |
| 18 | #include <linux/pagemap.h> |
| 19 | #include <linux/blkdev.h> |
| 20 | #include <linux/slab.h> |
| 21 | #include "ext4.h" |
| 22 | |
| 23 | struct ext4_system_zone { |
| 24 | struct rb_node node; |
| 25 | ext4_fsblk_t start_blk; |
| 26 | unsigned int count; |
| 27 | }; |
| 28 | |
| 29 | static struct kmem_cache *ext4_system_zone_cachep; |
| 30 | |
| 31 | int __init ext4_init_system_zone(void) |
| 32 | { |
| 33 | ext4_system_zone_cachep = KMEM_CACHE(ext4_system_zone, 0); |
| 34 | if (ext4_system_zone_cachep == NULL) |
| 35 | return -ENOMEM; |
| 36 | return 0; |
| 37 | } |
| 38 | |
| 39 | void ext4_exit_system_zone(void) |
| 40 | { |
| 41 | kmem_cache_destroy(ext4_system_zone_cachep); |
| 42 | } |
| 43 | |
| 44 | static inline int can_merge(struct ext4_system_zone *entry1, |
| 45 | struct ext4_system_zone *entry2) |
| 46 | { |
| 47 | if ((entry1->start_blk + entry1->count) == entry2->start_blk) |
| 48 | return 1; |
| 49 | return 0; |
| 50 | } |
| 51 | |
| 52 | /* |
| 53 | * Mark a range of blocks as belonging to the "system zone" --- that |
| 54 | * is, filesystem metadata blocks which should never be used by |
| 55 | * inodes. |
| 56 | */ |
| 57 | static int add_system_zone(struct ext4_sb_info *sbi, |
| 58 | ext4_fsblk_t start_blk, |
| 59 | unsigned int count) |
| 60 | { |
| 61 | struct ext4_system_zone *new_entry = NULL, *entry; |
| 62 | struct rb_node **n = &sbi->system_blks.rb_node, *node; |
| 63 | struct rb_node *parent = NULL, *new_node = NULL; |
| 64 | |
| 65 | while (*n) { |
| 66 | parent = *n; |
| 67 | entry = rb_entry(parent, struct ext4_system_zone, node); |
| 68 | if (start_blk < entry->start_blk) |
| 69 | n = &(*n)->rb_left; |
| 70 | else if (start_blk >= (entry->start_blk + entry->count)) |
| 71 | n = &(*n)->rb_right; |
| 72 | else { |
| 73 | if (start_blk + count > (entry->start_blk + |
| 74 | entry->count)) |
| 75 | entry->count = (start_blk + count - |
| 76 | entry->start_blk); |
| 77 | new_node = *n; |
| 78 | new_entry = rb_entry(new_node, struct ext4_system_zone, |
| 79 | node); |
| 80 | break; |
| 81 | } |
| 82 | } |
| 83 | |
| 84 | if (!new_entry) { |
| 85 | new_entry = kmem_cache_alloc(ext4_system_zone_cachep, |
| 86 | GFP_KERNEL); |
| 87 | if (!new_entry) |
| 88 | return -ENOMEM; |
| 89 | new_entry->start_blk = start_blk; |
| 90 | new_entry->count = count; |
| 91 | new_node = &new_entry->node; |
| 92 | |
| 93 | rb_link_node(new_node, parent, n); |
| 94 | rb_insert_color(new_node, &sbi->system_blks); |
| 95 | } |
| 96 | |
| 97 | /* Can we merge to the left? */ |
| 98 | node = rb_prev(new_node); |
| 99 | if (node) { |
| 100 | entry = rb_entry(node, struct ext4_system_zone, node); |
| 101 | if (can_merge(entry, new_entry)) { |
| 102 | new_entry->start_blk = entry->start_blk; |
| 103 | new_entry->count += entry->count; |
| 104 | rb_erase(node, &sbi->system_blks); |
| 105 | kmem_cache_free(ext4_system_zone_cachep, entry); |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | /* Can we merge to the right? */ |
| 110 | node = rb_next(new_node); |
| 111 | if (node) { |
| 112 | entry = rb_entry(node, struct ext4_system_zone, node); |
| 113 | if (can_merge(new_entry, entry)) { |
| 114 | new_entry->count += entry->count; |
| 115 | rb_erase(node, &sbi->system_blks); |
| 116 | kmem_cache_free(ext4_system_zone_cachep, entry); |
| 117 | } |
| 118 | } |
| 119 | return 0; |
| 120 | } |
| 121 | |
| 122 | static void debug_print_tree(struct ext4_sb_info *sbi) |
| 123 | { |
| 124 | struct rb_node *node; |
| 125 | struct ext4_system_zone *entry; |
| 126 | int first = 1; |
| 127 | |
| 128 | printk(KERN_INFO "System zones: "); |
| 129 | node = rb_first(&sbi->system_blks); |
| 130 | while (node) { |
| 131 | entry = rb_entry(node, struct ext4_system_zone, node); |
| 132 | printk(KERN_CONT "%s%llu-%llu", first ? "" : ", ", |
| 133 | entry->start_blk, entry->start_blk + entry->count - 1); |
| 134 | first = 0; |
| 135 | node = rb_next(node); |
| 136 | } |
| 137 | printk(KERN_CONT "\n"); |
| 138 | } |
| 139 | |
| 140 | static int ext4_protect_reserved_inode(struct super_block *sb, u32 ino) |
| 141 | { |
| 142 | struct inode *inode; |
| 143 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
| 144 | struct ext4_map_blocks map; |
| 145 | u32 i = 0, num; |
| 146 | int err = 0, n; |
| 147 | |
| 148 | if ((ino < EXT4_ROOT_INO) || |
| 149 | (ino > le32_to_cpu(sbi->s_es->s_inodes_count))) |
| 150 | return -EINVAL; |
| 151 | inode = ext4_iget(sb, ino, EXT4_IGET_SPECIAL); |
| 152 | if (IS_ERR(inode)) |
| 153 | return PTR_ERR(inode); |
| 154 | num = (inode->i_size + sb->s_blocksize - 1) >> sb->s_blocksize_bits; |
| 155 | while (i < num) { |
| 156 | cond_resched(); |
| 157 | map.m_lblk = i; |
| 158 | map.m_len = num - i; |
| 159 | n = ext4_map_blocks(NULL, inode, &map, 0); |
| 160 | if (n < 0) { |
| 161 | err = n; |
| 162 | break; |
| 163 | } |
| 164 | if (n == 0) { |
| 165 | i++; |
| 166 | } else { |
| 167 | if (!ext4_data_block_valid(sbi, map.m_pblk, n)) { |
| 168 | ext4_error(sb, "blocks %llu-%llu from inode %u " |
| 169 | "overlap system zone", map.m_pblk, |
| 170 | map.m_pblk + map.m_len - 1, ino); |
| 171 | err = -EFSCORRUPTED; |
| 172 | break; |
| 173 | } |
| 174 | err = add_system_zone(sbi, map.m_pblk, n); |
| 175 | if (err < 0) |
| 176 | break; |
| 177 | i += n; |
| 178 | } |
| 179 | } |
| 180 | iput(inode); |
| 181 | return err; |
| 182 | } |
| 183 | |
| 184 | int ext4_setup_system_zone(struct super_block *sb) |
| 185 | { |
| 186 | ext4_group_t ngroups = ext4_get_groups_count(sb); |
| 187 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
| 188 | struct ext4_group_desc *gdp; |
| 189 | ext4_group_t i; |
| 190 | int flex_size = ext4_flex_bg_size(sbi); |
| 191 | int ret; |
| 192 | |
| 193 | if (!test_opt(sb, BLOCK_VALIDITY)) { |
| 194 | if (EXT4_SB(sb)->system_blks.rb_node) |
| 195 | ext4_release_system_zone(sb); |
| 196 | return 0; |
| 197 | } |
| 198 | if (EXT4_SB(sb)->system_blks.rb_node) |
| 199 | return 0; |
| 200 | |
| 201 | for (i=0; i < ngroups; i++) { |
| 202 | if (ext4_bg_has_super(sb, i) && |
| 203 | ((i < 5) || ((i % flex_size) == 0))) |
| 204 | add_system_zone(sbi, ext4_group_first_block_no(sb, i), |
| 205 | ext4_bg_num_gdb(sb, i) + 1); |
| 206 | gdp = ext4_get_group_desc(sb, i, NULL); |
| 207 | ret = add_system_zone(sbi, ext4_block_bitmap(sb, gdp), 1); |
| 208 | if (ret) |
| 209 | return ret; |
| 210 | ret = add_system_zone(sbi, ext4_inode_bitmap(sb, gdp), 1); |
| 211 | if (ret) |
| 212 | return ret; |
| 213 | ret = add_system_zone(sbi, ext4_inode_table(sb, gdp), |
| 214 | sbi->s_itb_per_group); |
| 215 | if (ret) |
| 216 | return ret; |
| 217 | } |
| 218 | if (ext4_has_feature_journal(sb) && sbi->s_es->s_journal_inum) { |
| 219 | ret = ext4_protect_reserved_inode(sb, |
| 220 | le32_to_cpu(sbi->s_es->s_journal_inum)); |
| 221 | if (ret) |
| 222 | return ret; |
| 223 | } |
| 224 | |
| 225 | if (test_opt(sb, DEBUG)) |
| 226 | debug_print_tree(EXT4_SB(sb)); |
| 227 | return 0; |
| 228 | } |
| 229 | |
| 230 | /* Called when the filesystem is unmounted */ |
| 231 | void ext4_release_system_zone(struct super_block *sb) |
| 232 | { |
| 233 | struct ext4_system_zone *entry, *n; |
| 234 | |
| 235 | rbtree_postorder_for_each_entry_safe(entry, n, |
| 236 | &EXT4_SB(sb)->system_blks, node) |
| 237 | kmem_cache_free(ext4_system_zone_cachep, entry); |
| 238 | |
| 239 | EXT4_SB(sb)->system_blks = RB_ROOT; |
| 240 | } |
| 241 | |
| 242 | /* |
| 243 | * Returns 1 if the passed-in block region (start_blk, |
| 244 | * start_blk+count) is valid; 0 if some part of the block region |
| 245 | * overlaps with filesystem metadata blocks. |
| 246 | */ |
| 247 | int ext4_data_block_valid(struct ext4_sb_info *sbi, ext4_fsblk_t start_blk, |
| 248 | unsigned int count) |
| 249 | { |
| 250 | struct ext4_system_zone *entry; |
| 251 | struct rb_node *n = sbi->system_blks.rb_node; |
| 252 | |
| 253 | if ((start_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || |
| 254 | (start_blk + count < start_blk) || |
| 255 | (start_blk + count > ext4_blocks_count(sbi->s_es))) { |
| 256 | sbi->s_es->s_last_error_block = cpu_to_le64(start_blk); |
| 257 | return 0; |
| 258 | } |
| 259 | while (n) { |
| 260 | entry = rb_entry(n, struct ext4_system_zone, node); |
| 261 | if (start_blk + count - 1 < entry->start_blk) |
| 262 | n = n->rb_left; |
| 263 | else if (start_blk >= (entry->start_blk + entry->count)) |
| 264 | n = n->rb_right; |
| 265 | else { |
| 266 | sbi->s_es->s_last_error_block = cpu_to_le64(start_blk); |
| 267 | return 0; |
| 268 | } |
| 269 | } |
| 270 | return 1; |
| 271 | } |
| 272 | |
| 273 | int ext4_check_blockref(const char *function, unsigned int line, |
| 274 | struct inode *inode, __le32 *p, unsigned int max) |
| 275 | { |
| 276 | struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es; |
| 277 | __le32 *bref = p; |
| 278 | unsigned int blk; |
| 279 | |
| 280 | if (ext4_has_feature_journal(inode->i_sb) && |
| 281 | (inode->i_ino == |
| 282 | le32_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_journal_inum))) |
| 283 | return 0; |
| 284 | |
| 285 | while (bref < p+max) { |
| 286 | blk = le32_to_cpu(*bref++); |
| 287 | if (blk && |
| 288 | unlikely(!ext4_data_block_valid(EXT4_SB(inode->i_sb), |
| 289 | blk, 1))) { |
| 290 | es->s_last_error_block = cpu_to_le64(blk); |
| 291 | ext4_error_inode(inode, function, line, blk, |
| 292 | "invalid block"); |
| 293 | return -EFSCORRUPTED; |
| 294 | } |
| 295 | } |
| 296 | return 0; |
| 297 | } |
| 298 | |