* [PATCHSET 0/2] xfs: dquot recovery validation strengthening @ 2023-11-20 18:31 Darrick J. Wong 2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong 2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong 0 siblings, 2 replies; 7+ messages in thread From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw) To: david, djwong, chandanbabu; +Cc: linux-xfs Hi all, During my review of Dave's patches that fixed an inode recovery issue with nrext64 enabled on s390x, it occurred to me that recovery doesn't actually validate the ondisk dquot record after a replay. In the past we didn't do that for inodes or buffers either, but now we do. This series adds the missing validation for dquots, and cleans up some open coded pointer handling to avoid leaving logic bombs. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been lightly tested with fstests. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=dquot-recovery-checking-6.7 --- fs/xfs/xfs_dquot.c | 5 +++-- fs/xfs/xfs_dquot_item_recover.c | 21 ++++++++++++++++++--- 2 files changed, 21 insertions(+), 5 deletions(-) ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] xfs: clean up dqblk extraction 2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong @ 2023-11-20 18:31 ` Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:21 ` Dave Chinner 2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong 1 sibling, 2 replies; 7+ messages in thread From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw) To: david, djwong, chandanbabu; +Cc: linux-xfs From: Darrick J. Wong <djwong@kernel.org> Since the introduction of xfs_dqblk in V5, xfs really ought to find the dqblk pointer from the dquot buffer, then compute the xfs_disk_dquot pointer from the dqblk pointer. Fix the open-coded xfs_buf_offset calls and do the type checking in the correct order. Note that this has made no practical difference since the start of the xfs_disk_dquot is coincident with the start of the xfs_dqblk. Signed-off-by: Darrick J. Wong <djwong@kernel.org> --- fs/xfs/xfs_dquot.c | 5 +++-- fs/xfs/xfs_dquot_item_recover.c | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c index ac6ba646624d..a013b87ab8d5 100644 --- a/fs/xfs/xfs_dquot.c +++ b/fs/xfs/xfs_dquot.c @@ -562,7 +562,8 @@ xfs_dquot_from_disk( struct xfs_dquot *dqp, struct xfs_buf *bp) { - struct xfs_disk_dquot *ddqp = bp->b_addr + dqp->q_bufoffset; + struct xfs_dqblk *dqb = xfs_buf_offset(bp, dqp->q_bufoffset); + struct xfs_disk_dquot *ddqp = &dqb->dd_diskdq; /* * Ensure that we got the type and ID we were looking for. @@ -1250,7 +1251,7 @@ xfs_qm_dqflush( } /* Flush the incore dquot to the ondisk buffer. */ - dqblk = bp->b_addr + dqp->q_bufoffset; + dqblk = xfs_buf_offset(bp, dqp->q_bufoffset); xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp); /* diff --git a/fs/xfs/xfs_dquot_item_recover.c b/fs/xfs/xfs_dquot_item_recover.c index 8966ba842395..db2cb5e4197b 100644 --- a/fs/xfs/xfs_dquot_item_recover.c +++ b/fs/xfs/xfs_dquot_item_recover.c @@ -65,6 +65,7 @@ xlog_recover_dquot_commit_pass2( { struct xfs_mount *mp = log->l_mp; struct xfs_buf *bp; + struct xfs_dqblk *dqb; struct xfs_disk_dquot *ddq, *recddq; struct xfs_dq_logformat *dq_f; xfs_failaddr_t fa; @@ -130,14 +131,14 @@ xlog_recover_dquot_commit_pass2( return error; ASSERT(bp); - ddq = xfs_buf_offset(bp, dq_f->qlf_boffset); + dqb = xfs_buf_offset(bp, dq_f->qlf_boffset); + ddq = &dqb->dd_diskdq; /* * If the dquot has an LSN in it, recover the dquot only if it's less * than the lsn of the transaction we are replaying. */ if (xfs_has_crc(mp)) { - struct xfs_dqblk *dqb = (struct xfs_dqblk *)ddq; xfs_lsn_t lsn = be64_to_cpu(dqb->dd_lsn); if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) { @@ -147,7 +148,7 @@ xlog_recover_dquot_commit_pass2( memcpy(ddq, recddq, item->ri_buf[1].i_len); if (xfs_has_crc(mp)) { - xfs_update_cksum((char *)ddq, sizeof(struct xfs_dqblk), + xfs_update_cksum((char *)dqb, sizeof(struct xfs_dqblk), XFS_DQUOT_CRC_OFF); } ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] xfs: clean up dqblk extraction 2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong @ 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:21 ` Dave Chinner 1 sibling, 0 replies; 7+ messages in thread From: Christoph Hellwig @ 2023-11-21 4:34 UTC (permalink / raw) To: Darrick J. Wong; +Cc: david, chandanbabu, linux-xfs Looks good: Reviewed-by: Christoph Hellwig <hch@lst.de> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] xfs: clean up dqblk extraction 2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig @ 2023-11-21 21:21 ` Dave Chinner 1 sibling, 0 replies; 7+ messages in thread From: Dave Chinner @ 2023-11-21 21:21 UTC (permalink / raw) To: Darrick J. Wong; +Cc: chandanbabu, linux-xfs On Mon, Nov 20, 2023 at 10:31:38AM -0800, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@kernel.org> > > Since the introduction of xfs_dqblk in V5, xfs really ought to find the > dqblk pointer from the dquot buffer, then compute the xfs_disk_dquot > pointer from the dqblk pointer. Fix the open-coded xfs_buf_offset calls > and do the type checking in the correct order. > > Note that this has made no practical difference since the start of the > xfs_disk_dquot is coincident with the start of the xfs_dqblk. > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> Looks good. Reviewed-by: Dave Chinner <dchinner@redhat.com> -- Dave Chinner david@fromorbit.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot 2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong 2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong @ 2023-11-20 18:31 ` Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:25 ` Dave Chinner 1 sibling, 2 replies; 7+ messages in thread From: Darrick J. Wong @ 2023-11-20 18:31 UTC (permalink / raw) To: david, djwong, chandanbabu; +Cc: linux-xfs From: Darrick J. Wong <djwong@kernel.org> When we're recovering ondisk quota records from the log, we need to validate the recovered buffer contents before writing them to disk. Signed-off-by: Darrick J. Wong <djwong@kernel.org> --- fs/xfs/xfs_dquot_item_recover.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fs/xfs/xfs_dquot_item_recover.c b/fs/xfs/xfs_dquot_item_recover.c index db2cb5e4197b..2c2720ce6923 100644 --- a/fs/xfs/xfs_dquot_item_recover.c +++ b/fs/xfs/xfs_dquot_item_recover.c @@ -19,6 +19,7 @@ #include "xfs_log.h" #include "xfs_log_priv.h" #include "xfs_log_recover.h" +#include "xfs_error.h" STATIC void xlog_recover_dquot_ra_pass2( @@ -152,6 +153,19 @@ xlog_recover_dquot_commit_pass2( XFS_DQUOT_CRC_OFF); } + /* Validate the recovered dquot. */ + fa = xfs_dqblk_verify(log->l_mp, dqb, dq_f->qlf_id); + if (fa) { + XFS_CORRUPTION_ERROR("Bad dquot after recovery", + XFS_ERRLEVEL_LOW, mp, dqb, + sizeof(struct xfs_dqblk)); + xfs_alert(mp, + "Metadata corruption detected at %pS, dquot 0x%x", + fa, dq_f->qlf_id); + error = -EFSCORRUPTED; + goto out_release; + } + ASSERT(dq_f->qlf_size == 2); ASSERT(bp->b_mount == mp); bp->b_flags |= _XBF_LOGRECOVERY; ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot 2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong @ 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:25 ` Dave Chinner 1 sibling, 0 replies; 7+ messages in thread From: Christoph Hellwig @ 2023-11-21 4:34 UTC (permalink / raw) To: Darrick J. Wong; +Cc: david, chandanbabu, linux-xfs Looks good: Reviewed-by: Christoph Hellwig <hch@lst.de> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot 2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig @ 2023-11-21 21:25 ` Dave Chinner 1 sibling, 0 replies; 7+ messages in thread From: Dave Chinner @ 2023-11-21 21:25 UTC (permalink / raw) To: Darrick J. Wong; +Cc: chandanbabu, linux-xfs On Mon, Nov 20, 2023 at 10:31:44AM -0800, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@kernel.org> > > When we're recovering ondisk quota records from the log, we need to > validate the recovered buffer contents before writing them to disk. > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> Yup, another verifier hole closed. Reviewed-by: Dave Chinner <dchinner@redhat.com> -- Dave Chinner david@fromorbit.com ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-11-21 21:25 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-11-20 18:31 [PATCHSET 0/2] xfs: dquot recovery validation strengthening Darrick J. Wong 2023-11-20 18:31 ` [PATCH 1/2] xfs: clean up dqblk extraction Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:21 ` Dave Chinner 2023-11-20 18:31 ` [PATCH 2/2] xfs: dquot recovery does not validate the recovered dquot Darrick J. Wong 2023-11-21 4:34 ` Christoph Hellwig 2023-11-21 21:25 ` Dave Chinner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox