* [PATCHSET 0/2] xfs: dquot recovery validation strengthening
@ 2023-11-20 18:31 Darrick J. Wong
2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong
2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong
0 siblings, 2 replies; 7+ messages in thread
From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw)
To: david, djwong, chandanbabu; +Cc: linux-xfs
Hi all,
During my review of Dave's patches that fixed an inode recovery issue
with nrext64 enabled on s390x, it occurred to me that recovery doesn't
actually validate the ondisk dquot record after a replay. In the past
we didn't do that for inodes or buffers either, but now we do.
This series adds the missing validation for dquots, and cleans up some
open coded pointer handling to avoid leaving logic bombs.
If you're going to start using this code, I strongly recommend pulling
from my git trees, which are linked below.
This has been lightly tested with fstests. Enjoy!
Comments and questions are, as always, welcome.
--D
kernel git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=dquot-recovery-checking-6.7
---
fs/xfs/xfs_dquot.c | 5 +++--
fs/xfs/xfs_dquot_item_recover.c | 21 ++++++++++++++++++---
2 files changed, 21 insertions(+), 5 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] xfs: clean up dqblk extraction
2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong
@ 2023-11-20 18:31 ` Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:21 ` Dave Chinner
2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong
1 sibling, 2 replies; 7+ messages in thread
From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw)
To: david, djwong, chandanbabu; +Cc: linux-xfs
From: Darrick J. Wong <djwong@kernel.org>
Since the introduction of xfs_dqblk in V5, xfs really ought to find the
dqblk pointer from the dquot buffer, then compute the xfs_disk_dquot
pointer from the dqblk pointer. Fix the open-coded xfs_buf_offset calls
and do the type checking in the correct order.
Note that this has made no practical difference since the start of the
xfs_disk_dquot is coincident with the start of the xfs_dqblk.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
fs/xfs/xfs_dquot.c | 5 +++--
fs/xfs/xfs_dquot_item_recover.c | 7 ++++---
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c
index ac6ba646624d..a013b87ab8d5 100644
--- a/fs/xfs/xfs_dquot.c
+++ b/fs/xfs/xfs_dquot.c
@@ -562,7 +562,8 @@ xfs_dquot_from_disk(
struct xfs_dquot *dqp,
struct xfs_buf *bp)
{
- struct xfs_disk_dquot *ddqp = bp->b_addr + dqp->q_bufoffset;
+ struct xfs_dqblk *dqb = xfs_buf_offset(bp, dqp->q_bufoffset);
+ struct xfs_disk_dquot *ddqp = &dqb->dd_diskdq;
/*
* Ensure that we got the type and ID we were looking for.
@@ -1250,7 +1251,7 @@ xfs_qm_dqflush(
}
/* Flush the incore dquot to the ondisk buffer. */
- dqblk = bp->b_addr + dqp->q_bufoffset;
+ dqblk = xfs_buf_offset(bp, dqp->q_bufoffset);
xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp);
/*
diff --git a/fs/xfs/xfs_dquot_item_recover.c b/fs/xfs/xfs_dquot_item_recover.c
index 8966ba842395..db2cb5e4197b 100644
--- a/fs/xfs/xfs_dquot_item_recover.c
+++ b/fs/xfs/xfs_dquot_item_recover.c
@@ -65,6 +65,7 @@ xlog_recover_dquot_commit_pass2(
{
struct xfs_mount *mp = log->l_mp;
struct xfs_buf *bp;
+ struct xfs_dqblk *dqb;
struct xfs_disk_dquot *ddq, *recddq;
struct xfs_dq_logformat *dq_f;
xfs_failaddr_t fa;
@@ -130,14 +131,14 @@ xlog_recover_dquot_commit_pass2(
return error;
ASSERT(bp);
- ddq = xfs_buf_offset(bp, dq_f->qlf_boffset);
+ dqb = xfs_buf_offset(bp, dq_f->qlf_boffset);
+ ddq = &dqb->dd_diskdq;
/*
* If the dquot has an LSN in it, recover the dquot only if it's less
* than the lsn of the transaction we are replaying.
*/
if (xfs_has_crc(mp)) {
- struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq;
xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn);
if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
@@ -147,7 +148,7 @@ xlog_recover_dquot_commit_pass2(
memcpy(ddq, recddq, item->ri_buf[1].i_len);
if (xfs_has_crc(mp)) {
- xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk),
+ xfs_update_cksum((char *)dqb, sizeof(struct xfs_dqblk),
XFS_DQUOT_CRC_OFF);
}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot
2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong
2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong
@ 2023-11-20 18:31 ` Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:25 ` Dave Chinner
1 sibling, 2 replies; 7+ messages in thread
From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw)
To: david, djwong, chandanbabu; +Cc: linux-xfs
From: Darrick J. Wong <djwong@kernel.org>
When we're recovering ondisk quota records from the log, we need to
validate the recovered buffer contents before writing them to disk.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
---
fs/xfs/xfs_dquot_item_recover.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/fs/xfs/xfs_dquot_item_recover.c b/fs/xfs/xfs_dquot_item_recover.c
index db2cb5e4197b..2c2720ce6923 100644
--- a/fs/xfs/xfs_dquot_item_recover.c
+++ b/fs/xfs/xfs_dquot_item_recover.c
@@ -19,6 +19,7 @@
#include "xfs_log.h"
#include "xfs_log_priv.h"
#include "xfs_log_recover.h"
+#include "xfs_error.h"
STATIC void
xlog_recover_dquot_ra_pass2(
@@ -152,6 +153,19 @@ xlog_recover_dquot_commit_pass2(
XFS_DQUOT_CRC_OFF);
}
+ /* Validate the recovered dquot. */
+ fa = xfs_dqblk_verify(log->l_mp, dqb, dq_f->qlf_id);
+ if (fa) {
+ XFS_CORRUPTION_ERROR("Bad dquot after recovery",
+ XFS_ERRLEVEL_LOW, mp, dqb,
+ sizeof(struct xfs_dqblk));
+ xfs_alert(mp,
+ "Metadata corruption detected at %pS, dquot 0x%x",
+ fa, dq_f->qlf_id);
+ error = -EFSCORRUPTED;
+ goto out_release;
+ }
+
ASSERT(dq_f->qlf_size == 2);
ASSERT(bp->b_mount == mp);
bp->b_flags |= _XBF_LOGRECOVERY;
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] xfs: clean up dqblk extraction
2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong
@ 2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:21 ` Dave Chinner
1 sibling, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2023-11-21 4:34 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: david, chandanbabu, linux-xfs
Looks good:
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot
2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong
@ 2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:25 ` Dave Chinner
1 sibling, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2023-11-21 4:34 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: david, chandanbabu, linux-xfs
Looks good:
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] xfs: clean up dqblk extraction
2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
@ 2023-11-21 21:21 ` Dave Chinner
1 sibling, 0 replies; 7+ messages in thread
From: Dave Chinner @ 2023-11-21 21:21 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: chandanbabu, linux-xfs
On Mon, Nov 20, 2023 at 10:31:38AM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> Since the introduction of xfs_dqblk in V5, xfs really ought to find the
> dqblk pointer from the dquot buffer, then compute the xfs_disk_dquot
> pointer from the dqblk pointer. Fix the open-coded xfs_buf_offset calls
> and do the type checking in the correct order.
>
> Note that this has made no practical difference since the start of the
> xfs_disk_dquot is coincident with the start of the xfs_dqblk.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Looks good.
Reviewed-by: Dave Chinner <dchinner@redhat.com>
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot
2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
@ 2023-11-21 21:25 ` Dave Chinner
1 sibling, 0 replies; 7+ messages in thread
From: Dave Chinner @ 2023-11-21 21:25 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: chandanbabu, linux-xfs
On Mon, Nov 20, 2023 at 10:31:44AM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> When we're recovering ondisk quota records from the log, we need to
> validate the recovered buffer contents before writing them to disk.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Yup, another verifier hole closed.
Reviewed-by: Dave Chinner <dchinner@redhat.com>
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-11-21 21:25 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong
2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:21 ` Dave Chinner
2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong
2023-11-21 4:34 ` Christoph Hellwig
2023-11-21 21:25 ` Dave Chinner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox