From: "Darrick J. Wong" <djwong@us.ibm.com>
To: Andreas Dilger <adilger.kernel@dilger.ca>,
Theodore Tso <tytso@mit.edu>,
"Darrick J. Wong" <djwong@us.ibm.com>
Cc: Sunil Mushran <sunil.mushran@oracle.com>,
Martin K Petersen <martin.petersen@oracle.com>,
Greg Freemyer <greg.freemyer@gmail.com>,
Amir Goldstein <amir73il@gmail.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Andi Kleen <andi@firstfloor.org>, Mingming Cao <cmm@us.ibm.com>,
Joel Becker <jlbec@evilplan.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-ext4@vger.kernel.org, Coly Li <colyli@gmail.com>
Subject: [PATCH 19/22] jbd2: Checksum revocation blocks
Date: Mon, 28 Nov 2011 15:28:29 -0800 [thread overview]
Message-ID: <20111128232829.19194.79159.stgit@elm3c44.beaverton.ibm.com> (raw)
In-Reply-To: <20111128232615.19194.80081.stgit@elm3c44.beaverton.ibm.com>
Compute and verify revoke blocks inside the journal.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
---
fs/jbd2/recovery.c | 35 +++++++++++++++++++++++++++++++++--
fs/jbd2/revoke.c | 27 ++++++++++++++++++++++++++-
include/linux/jbd2.h | 4 ++++
3 files changed, 63 insertions(+), 3 deletions(-)
diff --git a/fs/jbd2/recovery.c b/fs/jbd2/recovery.c
index da6d7ba..63885e0 100644
--- a/fs/jbd2/recovery.c
+++ b/fs/jbd2/recovery.c
@@ -662,8 +662,17 @@ static int do_one_pass(journal_t *journal,
err = scan_revoke_records(journal, bh,
next_commit_ID, info);
brelse(bh);
- if (err)
- goto failed;
+ if (err) {
+ if (err != -EINVAL)
+ goto failed;
+ /*
+ * Ignoring corrupt revoke blocks is safe
+ * because at worst it results in unnecessary
+ * writes during recovery.
+ */
+ jbd_debug(3, "Skipping corrupt revoke "
+ "block.\n");
+ }
continue;
default:
@@ -703,6 +712,25 @@ static int do_one_pass(journal_t *journal,
return err;
}
+static int jbd2_revoke_block_csum_verify(journal_t *j,
+ void *buf)
+{
+ struct jbd2_journal_revoke_tail *tail;
+ __u32 provided, calculated;
+
+ if (!JBD2_HAS_INCOMPAT_FEATURE(j, JBD2_FEATURE_INCOMPAT_CSUM_V2))
+ return 1;
+
+ tail = (struct jbd2_journal_revoke_tail *)(buf + j->j_blocksize -
+ sizeof(struct jbd2_journal_revoke_tail));
+ provided = tail->r_checksum;
+ tail->r_checksum = 0;
+ calculated = jbd2_chksum(j, j->j_uuid_csum, buf, j->j_blocksize);
+ tail->r_checksum = provided;
+
+ provided = be32_to_cpu(provided);
+ return provided == calculated;
+}
/* Scan a revoke record, marking all blocks mentioned as revoked. */
@@ -717,6 +745,9 @@ static int scan_revoke_records(journal_t *journal, struct buffer_head *bh,
offset = sizeof(jbd2_journal_revoke_header_t);
max = be32_to_cpu(header->r_count);
+ if (!jbd2_revoke_block_csum_verify(journal, header))
+ return -EINVAL;
+
if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_64BIT))
record_len = 8;
diff --git a/fs/jbd2/revoke.c b/fs/jbd2/revoke.c
index 69fd935..3b6aaab 100644
--- a/fs/jbd2/revoke.c
+++ b/fs/jbd2/revoke.c
@@ -548,6 +548,7 @@ static void write_one_revoke_record(journal_t *journal,
struct jbd2_revoke_record_s *record,
int write_op)
{
+ int csum_size = 0;
struct journal_head *descriptor;
int offset;
journal_header_t *header;
@@ -562,9 +563,13 @@ static void write_one_revoke_record(journal_t *journal,
descriptor = *descriptorp;
offset = *offsetp;
+ /* Do we need to leave space at the end for a checksum? */
+ if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_CSUM_V2))
+ csum_size = sizeof(struct jbd2_journal_revoke_tail);
+
/* Make sure we have a descriptor with space left for the record */
if (descriptor) {
- if (offset == journal->j_blocksize) {
+ if (offset >= journal->j_blocksize - csum_size) {
flush_descriptor(journal, descriptor, offset, write_op);
descriptor = NULL;
}
@@ -601,6 +606,24 @@ static void write_one_revoke_record(journal_t *journal,
*offsetp = offset;
}
+static void jbd2_revoke_csum_set(journal_t *j,
+ struct journal_head *descriptor)
+{
+ struct jbd2_journal_revoke_tail *tail;
+ __u32 csum;
+
+ if (!JBD2_HAS_INCOMPAT_FEATURE(j, JBD2_FEATURE_INCOMPAT_CSUM_V2))
+ return;
+
+ tail = (struct jbd2_journal_revoke_tail *)
+ (jh2bh(descriptor)->b_data + j->j_blocksize -
+ sizeof(struct jbd2_journal_revoke_tail));
+ tail->r_checksum = 0;
+ csum = jbd2_chksum(j, j->j_uuid_csum, jh2bh(descriptor)->b_data,
+ j->j_blocksize);
+ tail->r_checksum = cpu_to_be32(csum);
+}
+
/*
* Flush a revoke descriptor out to the journal. If we are aborting,
* this is a noop; otherwise we are generating a buffer which needs to
@@ -622,6 +645,8 @@ static void flush_descriptor(journal_t *journal,
header = (jbd2_journal_revoke_header_t *) jh2bh(descriptor)->b_data;
header->r_count = cpu_to_be32(offset);
+ jbd2_revoke_csum_set(journal, descriptor);
+
set_buffer_jwrite(bh);
BUFFER_TRACE(bh, "write");
set_buffer_dirty(bh);
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
index 3bf4fe3..c8e1abe 100644
--- a/include/linux/jbd2.h
+++ b/include/linux/jbd2.h
@@ -194,6 +194,10 @@ typedef struct jbd2_journal_revoke_header_s
__be32 r_count; /* Count of bytes used in the block */
} jbd2_journal_revoke_header_t;
+/* Tail of revoke block, for checksumming */
+struct jbd2_journal_revoke_tail {
+ __be32 r_checksum; /* crc32c(uuid+revoke_block) */
+};
/* Definitions for the journal tag flags word: */
#define JBD2_FLAG_ESCAPE 1 /* on-disk block is escaped */
next prev parent reply other threads:[~2011-11-28 23:28 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-28 23:26 [PATCH v2.1 00/22] ext4: Add metadata checksumming Darrick J. Wong
2011-11-28 23:26 ` [PATCH 01/22] ext4: Create a new BH_Verified flag to avoid unnecessary metadata validation Darrick J. Wong
2011-11-28 23:26 ` [PATCH 02/22] ext4: Create a rocompat flag for extended metadata checksumming Darrick J. Wong
2011-11-28 23:26 ` [PATCH 03/22] ext4: Record the checksum algorithm in use in the superblock Darrick J. Wong
[not found] ` <E0964BB6-793D-49AF-A2B0-20748C6DAE2B@dilger.ca>
2011-12-07 7:42 ` Darrick J. Wong
2011-11-28 23:26 ` [PATCH 04/22] ext4: Only call out to crc32c if necessary Darrick J. Wong
2011-11-28 23:26 ` [PATCH 05/22] ext4: Calculate and verify superblock checksum Darrick J. Wong
2011-11-28 23:26 ` [PATCH 06/22] ext4: Calculate and verify inode checksums Darrick J. Wong
2011-11-28 23:27 ` [PATCH 07/22] ext4: Create bitmap checksum helper functions Darrick J. Wong
2011-12-05 16:33 ` Ted Ts'o
2011-12-05 20:31 ` Darrick J. Wong
2011-12-05 23:54 ` Darrick J. Wong
2011-12-06 17:19 ` Andreas Dilger
2011-12-06 20:59 ` Darrick J. Wong
2011-11-28 23:27 ` [PATCH 08/22] ext4: Calculate and verify checksums for inode bitmaps Darrick J. Wong
2011-11-28 23:27 ` [PATCH 09/22] ext4: Calculate and verify block bitmap checksum Darrick J. Wong
2011-11-28 23:27 ` [PATCH 10/22] ext4: Verify and calculate checksums for extent tree blocks Darrick J. Wong
2011-12-05 16:40 ` Ted Ts'o
2011-12-05 19:50 ` Darrick J. Wong
2011-11-28 23:27 ` [PATCH 11/22] ext4: Calculate and verify checksums for htree nodes Darrick J. Wong
2011-11-28 23:27 ` [PATCH 12/22] ext4: Calculate and verify checksums of directory leaf blocks Darrick J. Wong
2011-11-28 23:27 ` [PATCH 13/22] ext4: Calculate and verify checksums of extended attribute blocks Darrick J. Wong
2011-11-28 23:27 ` [PATCH 14/22] ext4: Add new feature to make block group checksums use metadata_csum algorithm Darrick J. Wong
2011-11-28 23:28 ` [PATCH 15/22] ext4: Add checksums to the MMP block Darrick J. Wong
2011-11-28 23:28 ` [PATCH 16/22] jbd2: Update structure definitions and flags to support extended checksumming Darrick J. Wong
2011-11-28 23:28 ` [PATCH 17/22] jbd2: Grab a reference to the crc32c driver only when necessary Darrick J. Wong
2011-11-28 23:28 ` [PATCH 18/22] jbd2: Update structure definitions and flags to support extended checksumming Darrick J. Wong
2011-11-28 23:28 ` Darrick J. Wong [this message]
2011-11-28 23:28 ` [PATCH 20/22] jbd2: Checksum descriptor blocks Darrick J. Wong
2011-11-28 23:28 ` [PATCH 21/22] jbd2: Checksum commit blocks Darrick J. Wong
2011-11-28 23:28 ` [PATCH 22/22] jbd2: Checksum data blocks that are stored in the journal Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111128232829.19194.79159.stgit@elm3c44.beaverton.ibm.com \
--to=djwong@us.ibm.com \
--cc=adilger.kernel@dilger.ca \
--cc=amir73il@gmail.com \
--cc=andi@firstfloor.org \
--cc=cmm@us.ibm.com \
--cc=colyli@gmail.com \
--cc=greg.freemyer@gmail.com \
--cc=jlbec@evilplan.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sunil.mushran@oracle.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).