ocfs2: better group descriptor consistency checks

Try to catch corrupted group descriptors with some stronger checks placed in a couple of strategic locations. Detect a failed resizefs and refuse to allocate past what bitmap i_clusters allows. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
author: Mark Fasheh <mark.fasheh@oracle.com> 2006-05-03 20:46:50 -0400
committer: Mark Fasheh <mark.fasheh@oracle.com> 2006-08-07 14:04:38 -0400
commit: 7bf72edee614e10b8d470c40a326f47bfdd69992 (patch)
tree: 8309812d2e256da821d2774a5a719663038093fa /fs
parent: 101ebf256de54e78e6d3277adacf656e125a2c5a (diff)
1 files changed, 94 insertions, 20 deletions
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index 195523090c87..7ac68cac041d 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -85,11 +85,6 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_super *osb,
                                     u64 *bg_blkno);
 static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
                                         int nr);
-static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
-                                             struct buffer_head *bg_bh,
-                                             unsigned int bits_wanted,
-                                             u16 *bit_off,
-                                             u16 *bits_found);
 static inline int ocfs2_block_group_set_bits(struct ocfs2_journal_handle *handle,
                                             struct inode *alloc_inode,
                                             struct ocfs2_group_desc *bg,
@@ -143,6 +138,64 @@ static u32 ocfs2_bits_per_group(struct ocfs2_chain_list *cl)
        return (u32)le16_to_cpu(cl->cl_cpg) * (u32)le16_to_cpu(cl->cl_bpc);
 }
+/* somewhat more expensive than our other checks, so use sparingly. */
+static int ocfs2_check_group_descriptor(struct super_block *sb,
+                                        struct ocfs2_dinode *di,
+                                        struct ocfs2_group_desc *gd)
+{
+        unsigned int max_bits;
+        if (!OCFS2_IS_VALID_GROUP_DESC(gd)) {
+                OCFS2_RO_ON_INVALID_GROUP_DESC(sb, gd);
+                return -EIO;
+        }
+        if (di->i_blkno != gd->bg_parent_dinode) {
+                ocfs2_error(sb, "Group descriptor # %llu has bad parent "
+                            "pointer (%llu, expected %llu)",
+                            (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                            (unsigned long long)le64_to_cpu(gd->bg_parent_dinode),
+                            (unsigned long long)le64_to_cpu(di->i_blkno));
+                return -EIO;
+        }
+        max_bits = le16_to_cpu(di->id2.i_chain.cl_cpg) * le16_to_cpu(di->id2.i_chain.cl_bpc);
+        if (le16_to_cpu(gd->bg_bits) > max_bits) {
+                ocfs2_error(sb, "Group descriptor # %llu has bit count of %u",
+                            (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                            le16_to_cpu(gd->bg_bits));
+                return -EIO;
+        }
+        if (le16_to_cpu(gd->bg_chain) >=
+            le16_to_cpu(di->id2.i_chain.cl_next_free_rec)) {
+                ocfs2_error(sb, "Group descriptor # %llu has bad chain %u",
+                            (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                            le16_to_cpu(gd->bg_chain));
+                return -EIO;
+        }
+        if (le16_to_cpu(gd->bg_free_bits_count) > le16_to_cpu(gd->bg_bits)) {
+                ocfs2_error(sb, "Group descriptor # %llu has bit count %u but "
+                            "claims that %u are free",
+                            (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                            le16_to_cpu(gd->bg_bits),
+                            le16_to_cpu(gd->bg_free_bits_count));
+                return -EIO;
+        }
+        if (le16_to_cpu(gd->bg_bits) > (8 * le16_to_cpu(gd->bg_size))) {
+                ocfs2_error(sb, "Group descriptor # %llu has bit count %u but "
+                            "max bitmap bits of %u",
+                            (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                            le16_to_cpu(gd->bg_bits),
+                            8 * le16_to_cpu(gd->bg_size));
+                return -EIO;
+        }
+        return 0;
+}
 static int ocfs2_block_group_fill(struct ocfs2_journal_handle *handle,
                                  struct inode *alloc_inode,
                                  struct buffer_head *bg_bh,
@@ -663,6 +716,7 @@ static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
 static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
                                             struct buffer_head *bg_bh,
                                             unsigned int bits_wanted,
+                                             unsigned int total_bits,
                                             u16 *bit_off,
                                             u16 *bits_found)
 {
@@ -679,10 +733,8 @@ static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
        found = start = best_offset = best_size = 0;
        bitmap = bg->bg_bitmap;
-        while((offset = ocfs2_find_next_zero_bit(bitmap,
+        while((offset = ocfs2_find_next_zero_bit(bitmap, total_bits, start)) != -1) {
-                                                 le16_to_cpu(bg->bg_bits),
+                if (offset == total_bits)
-                                                 start)) != -1) {
-                if (offset == le16_to_cpu(bg->bg_bits))
                        break;
                if (!ocfs2_test_bg_bit_allocatable(bg_bh, offset)) {
@@ -911,14 +963,35 @@ static int ocfs2_cluster_group_search(struct inode *inode,
 {
        int search = -ENOSPC;
        int ret;
-        struct ocfs2_group_desc *bg = (struct ocfs2_group_desc *) group_bh->b_data;
+        struct ocfs2_group_desc *gd = (struct ocfs2_group_desc *) group_bh->b_data;
        u16 tmp_off, tmp_found;
+        unsigned int max_bits, gd_cluster_off;
        BUG_ON(!ocfs2_is_cluster_bitmap(inode));
-        if (bg->bg_free_bits_count) {
+        if (gd->bg_free_bits_count) {
+                max_bits = le16_to_cpu(gd->bg_bits);
+                /* Tail groups in cluster bitmaps which aren't cpg
+                 * aligned are prone to partial extention by a failed
+                 * fs resize. If the file system resize never got to
+                 * update the dinode cluster count, then we don't want
+                 * to trust any clusters past it, regardless of what
+                 * the group descriptor says. */
+                gd_cluster_off = ocfs2_blocks_to_clusters(inode->i_sb,
+                                                          le64_to_cpu(gd->bg_blkno));
+                if ((gd_cluster_off + max_bits) >
+                    OCFS2_I(inode)->ip_clusters) {
+                        max_bits = OCFS2_I(inode)->ip_clusters - gd_cluster_off;
+                        mlog(0, "Desc %llu, bg_bits %u, clusters %u, use %u\n",
+                             (unsigned long long)le64_to_cpu(gd->bg_blkno),
+                             le16_to_cpu(gd->bg_bits),
+                             OCFS2_I(inode)->ip_clusters, max_bits);
+                }
                ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),
                                                        group_bh, bits_wanted,
+                                                        max_bits,
                                                        &tmp_off, &tmp_found);
                if (ret)
                        return ret;
@@ -951,6 +1024,7 @@ static int ocfs2_block_group_search(struct inode *inode,
        if (bg->bg_free_bits_count)
                ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),
                                                        group_bh, bits_wanted,
+                                                        le16_to_cpu(bg->bg_bits),
                                                        bit_off, bits_found);
        return ret;
@@ -988,9 +1062,9 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac,
                goto bail;
        }
        bg = (struct ocfs2_group_desc *) group_bh->b_data;
-        if (!OCFS2_IS_VALID_GROUP_DESC(bg)) {
+        status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, bg);
-                OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, bg);
+        if (status) {
-                status = -EIO;
+                mlog_errno(status);
                goto bail;
        }
@@ -1018,9 +1092,9 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac,
                        goto bail;
                }
                bg = (struct ocfs2_group_desc *) group_bh->b_data;
-                if (!OCFS2_IS_VALID_GROUP_DESC(bg)) {
+                status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, bg);
-                        OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, bg);
+                if (status) {
-                        status = -EIO;
+                        mlog_errno(status);
                        goto bail;
                }
        }
@@ -1494,9 +1568,9 @@ static int ocfs2_free_suballoc_bits(struct ocfs2_journal_handle *handle,
        }
        group = (struct ocfs2_group_desc *) group_bh->b_data;
-        if (!OCFS2_IS_VALID_GROUP_DESC(group)) {
+        status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, group);
-                OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, group);
+        if (status) {
-                status = -EIO;
+                mlog_errno(status);
                goto bail;
        }
        BUG_ON((count + start_bit) > le16_to_cpu(group->bg_bits));
author	Mark Fasheh <mark.fasheh@oracle.com>	2006-05-03 20:46:50 -0400
committer	Mark Fasheh <mark.fasheh@oracle.com>	2006-08-07 14:04:38 -0400
commit	7bf72edee614e10b8d470c40a326f47bfdd69992 (patch)
tree	8309812d2e256da821d2774a5a719663038093fa /fs
parent	101ebf256de54e78e6d3277adacf656e125a2c5a (diff)

diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index 195523090c87..7ac68cac041d 100644 --- a/fs/ocfs2/suballoc.c +++ b/fs/ocfs2/suballoc.c
@@ -85,11 +85,6 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_super *osb,
85	u64 *bg_blkno);	85	u64 *bg_blkno);
86	static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,	86	static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
87	int nr);	87	int nr);
88	static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
89	struct buffer_head *bg_bh,
90	unsigned int bits_wanted,
91	u16 *bit_off,
92	u16 *bits_found);
93	static inline int ocfs2_block_group_set_bits(struct ocfs2_journal_handle *handle,	88	static inline int ocfs2_block_group_set_bits(struct ocfs2_journal_handle *handle,
94	struct inode *alloc_inode,	89	struct inode *alloc_inode,
95	struct ocfs2_group_desc *bg,	90	struct ocfs2_group_desc *bg,
@@ -143,6 +138,64 @@ static u32 ocfs2_bits_per_group(struct ocfs2_chain_list *cl)
143	return (u32)le16_to_cpu(cl->cl_cpg) * (u32)le16_to_cpu(cl->cl_bpc);	138	return (u32)le16_to_cpu(cl->cl_cpg) * (u32)le16_to_cpu(cl->cl_bpc);
144	}	139	}
145		140
		141	/* somewhat more expensive than our other checks, so use sparingly. */
		142	static int ocfs2_check_group_descriptor(struct super_block *sb,
		143	struct ocfs2_dinode *di,
		144	struct ocfs2_group_desc *gd)
		145	{
		146	unsigned int max_bits;
		147
		148	if (!OCFS2_IS_VALID_GROUP_DESC(gd)) {
		149	OCFS2_RO_ON_INVALID_GROUP_DESC(sb, gd);
		150	return -EIO;
		151	}
		152
		153	if (di->i_blkno != gd->bg_parent_dinode) {
		154	ocfs2_error(sb, "Group descriptor # %llu has bad parent "
		155	"pointer (%llu, expected %llu)",
		156	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		157	(unsigned long long)le64_to_cpu(gd->bg_parent_dinode),
		158	(unsigned long long)le64_to_cpu(di->i_blkno));
		159	return -EIO;
		160	}
		161
		162	max_bits = le16_to_cpu(di->id2.i_chain.cl_cpg) * le16_to_cpu(di->id2.i_chain.cl_bpc);
		163	if (le16_to_cpu(gd->bg_bits) > max_bits) {
		164	ocfs2_error(sb, "Group descriptor # %llu has bit count of %u",
		165	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		166	le16_to_cpu(gd->bg_bits));
		167	return -EIO;
		168	}
		169
		170	if (le16_to_cpu(gd->bg_chain) >=
		171	le16_to_cpu(di->id2.i_chain.cl_next_free_rec)) {
		172	ocfs2_error(sb, "Group descriptor # %llu has bad chain %u",
		173	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		174	le16_to_cpu(gd->bg_chain));
		175	return -EIO;
		176	}
		177
		178	if (le16_to_cpu(gd->bg_free_bits_count) > le16_to_cpu(gd->bg_bits)) {
		179	ocfs2_error(sb, "Group descriptor # %llu has bit count %u but "
		180	"claims that %u are free",
		181	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		182	le16_to_cpu(gd->bg_bits),
		183	le16_to_cpu(gd->bg_free_bits_count));
		184	return -EIO;
		185	}
		186
		187	if (le16_to_cpu(gd->bg_bits) > (8 * le16_to_cpu(gd->bg_size))) {
		188	ocfs2_error(sb, "Group descriptor # %llu has bit count %u but "
		189	"max bitmap bits of %u",
		190	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		191	le16_to_cpu(gd->bg_bits),
		192	8 * le16_to_cpu(gd->bg_size));
		193	return -EIO;
		194	}
		195
		196	return 0;
		197	}
		198
146	static int ocfs2_block_group_fill(struct ocfs2_journal_handle *handle,	199	static int ocfs2_block_group_fill(struct ocfs2_journal_handle *handle,
147	struct inode *alloc_inode,	200	struct inode *alloc_inode,
148	struct buffer_head *bg_bh,	201	struct buffer_head *bg_bh,
@@ -663,6 +716,7 @@ static int ocfs2_test_bg_bit_allocatable(struct buffer_head *bg_bh,
663	static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,	716	static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
664	struct buffer_head *bg_bh,	717	struct buffer_head *bg_bh,
665	unsigned int bits_wanted,	718	unsigned int bits_wanted,
		719	unsigned int total_bits,
666	u16 *bit_off,	720	u16 *bit_off,
667	u16 *bits_found)	721	u16 *bits_found)
668	{	722	{
@@ -679,10 +733,8 @@ static int ocfs2_block_group_find_clear_bits(struct ocfs2_super *osb,
679	found = start = best_offset = best_size = 0;	733	found = start = best_offset = best_size = 0;
680	bitmap = bg->bg_bitmap;	734	bitmap = bg->bg_bitmap;
681		735
682	while((offset = ocfs2_find_next_zero_bit(bitmap,	736	while((offset = ocfs2_find_next_zero_bit(bitmap, total_bits, start)) != -1) {
683	le16_to_cpu(bg->bg_bits),	737	if (offset == total_bits)
684	start)) != -1) {
685	if (offset == le16_to_cpu(bg->bg_bits))
686	break;	738	break;
687		739
688	if (!ocfs2_test_bg_bit_allocatable(bg_bh, offset)) {	740	if (!ocfs2_test_bg_bit_allocatable(bg_bh, offset)) {
@@ -911,14 +963,35 @@ static int ocfs2_cluster_group_search(struct inode *inode,
911	{	963	{
912	int search = -ENOSPC;	964	int search = -ENOSPC;
913	int ret;	965	int ret;
914	struct ocfs2_group_desc bg = (struct ocfs2_group_desc ) group_bh->b_data;	966	struct ocfs2_group_desc gd = (struct ocfs2_group_desc ) group_bh->b_data;
915	u16 tmp_off, tmp_found;	967	u16 tmp_off, tmp_found;
		968	unsigned int max_bits, gd_cluster_off;
916		969
917	BUG_ON(!ocfs2_is_cluster_bitmap(inode));	970	BUG_ON(!ocfs2_is_cluster_bitmap(inode));
918		971
919	if (bg->bg_free_bits_count) {	972	if (gd->bg_free_bits_count) {
		973	max_bits = le16_to_cpu(gd->bg_bits);
		974
		975	/* Tail groups in cluster bitmaps which aren't cpg
		976	* aligned are prone to partial extention by a failed
		977	* fs resize. If the file system resize never got to
		978	* update the dinode cluster count, then we don't want
		979	* to trust any clusters past it, regardless of what
		980	* the group descriptor says. */
		981	gd_cluster_off = ocfs2_blocks_to_clusters(inode->i_sb,
		982	le64_to_cpu(gd->bg_blkno));
		983	if ((gd_cluster_off + max_bits) >
		984	OCFS2_I(inode)->ip_clusters) {
		985	max_bits = OCFS2_I(inode)->ip_clusters - gd_cluster_off;
		986	mlog(0, "Desc %llu, bg_bits %u, clusters %u, use %u\n",
		987	(unsigned long long)le64_to_cpu(gd->bg_blkno),
		988	le16_to_cpu(gd->bg_bits),
		989	OCFS2_I(inode)->ip_clusters, max_bits);
		990	}
		991
920	ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),	992	ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),
921	group_bh, bits_wanted,	993	group_bh, bits_wanted,
		994	max_bits,
922	&tmp_off, &tmp_found);	995	&tmp_off, &tmp_found);
923	if (ret)	996	if (ret)
924	return ret;	997	return ret;
@@ -951,6 +1024,7 @@ static int ocfs2_block_group_search(struct inode *inode,
951	if (bg->bg_free_bits_count)	1024	if (bg->bg_free_bits_count)
952	ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),	1025	ret = ocfs2_block_group_find_clear_bits(OCFS2_SB(inode->i_sb),
953	group_bh, bits_wanted,	1026	group_bh, bits_wanted,
		1027	le16_to_cpu(bg->bg_bits),
954	bit_off, bits_found);	1028	bit_off, bits_found);
955		1029
956	return ret;	1030	return ret;
@@ -988,9 +1062,9 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac,
988	goto bail;	1062	goto bail;
989	}	1063	}
990	bg = (struct ocfs2_group_desc *) group_bh->b_data;	1064	bg = (struct ocfs2_group_desc *) group_bh->b_data;
991	if (!OCFS2_IS_VALID_GROUP_DESC(bg)) {	1065	status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, bg);
992	OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, bg);	1066	if (status) {
993	status = -EIO;	1067	mlog_errno(status);
994	goto bail;	1068	goto bail;
995	}	1069	}
996		1070
@@ -1018,9 +1092,9 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac,
1018	goto bail;	1092	goto bail;
1019	}	1093	}
1020	bg = (struct ocfs2_group_desc *) group_bh->b_data;	1094	bg = (struct ocfs2_group_desc *) group_bh->b_data;
1021	if (!OCFS2_IS_VALID_GROUP_DESC(bg)) {	1095	status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, bg);
1022	OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, bg);	1096	if (status) {
1023	status = -EIO;	1097	mlog_errno(status);
1024	goto bail;	1098	goto bail;
1025	}	1099	}
1026	}	1100	}
@@ -1494,9 +1568,9 @@ static int ocfs2_free_suballoc_bits(struct ocfs2_journal_handle *handle,
1494	}	1568	}
1495		1569
1496	group = (struct ocfs2_group_desc *) group_bh->b_data;	1570	group = (struct ocfs2_group_desc *) group_bh->b_data;
1497	if (!OCFS2_IS_VALID_GROUP_DESC(group)) {	1571	status = ocfs2_check_group_descriptor(alloc_inode->i_sb, fe, group);
1498	OCFS2_RO_ON_INVALID_GROUP_DESC(alloc_inode->i_sb, group);	1572	if (status) {
1499	status = -EIO;	1573	mlog_errno(status);
1500	goto bail;	1574	goto bail;
1501	}	1575	}
1502	BUG_ON((count + start_bit) > le16_to_cpu(group->bg_bits));	1576	BUG_ON((count + start_bit) > le16_to_cpu(group->bg_bits));