1
linux/fs/xfs/scrub/dirtree.c
Darrick J. Wong 3f31406aef xfs: fix corruptions in the directory tree
Repair corruptions in the directory tree itself.  Cycles are broken by
removing an incoming parent->child link.  Multiply-owned directories are
fixed by pruning the extra parent -> child links  Disconnected subtrees
are reconnected to the lost and found.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2024-04-23 16:55:17 -07:00

986 lines
25 KiB
C

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) 2023-2024 Oracle. All Rights Reserved.
* Author: Darrick J. Wong <djwong@kernel.org>
*/
#include "xfs.h"
#include "xfs_fs.h"
#include "xfs_shared.h"
#include "xfs_format.h"
#include "xfs_trans_resv.h"
#include "xfs_mount.h"
#include "xfs_log_format.h"
#include "xfs_trans.h"
#include "xfs_inode.h"
#include "xfs_icache.h"
#include "xfs_dir2.h"
#include "xfs_dir2_priv.h"
#include "xfs_attr.h"
#include "xfs_parent.h"
#include "scrub/scrub.h"
#include "scrub/common.h"
#include "scrub/bitmap.h"
#include "scrub/ino_bitmap.h"
#include "scrub/xfile.h"
#include "scrub/xfarray.h"
#include "scrub/xfblob.h"
#include "scrub/listxattr.h"
#include "scrub/trace.h"
#include "scrub/repair.h"
#include "scrub/orphanage.h"
#include "scrub/dirtree.h"
/*
* Directory Tree Structure Validation
* ===================================
*
* Validating the tree qualities of the directory tree structure can be
* difficult. If the tree is frozen, running a depth (or breadth) first search
* and marking a bitmap suffices to determine if there is a cycle. XORing the
* mark bitmap with the inode bitmap afterwards tells us if there are
* disconnected cycles. If the tree is not frozen, directory updates can move
* subtrees across the scanner wavefront, which complicates the design greatly.
*
* Directory parent pointers change that by enabling an incremental approach to
* validation of the tree structure. Instead of using one thread to scan the
* entire filesystem, we instead can have multiple threads walking individual
* subdirectories upwards to the root. In a perfect world, the IOLOCK would
* suffice to stabilize two directories in a parent -> child relationship.
* Unfortunately, the VFS does not take the IOLOCK when moving a child
* subdirectory, so we instead synchronize on ILOCK and use dirent update hooks
* to detect a race. If a race occurs in a path, we restart the scan.
*
* If the walk terminates without reaching the root, we know the path is
* disconnected and ought to be attached to the lost and found. If on the walk
* we find the same subdir that we're scanning, we know this is a cycle and
* should delete an incoming edge. If we find multiple paths to the root, we
* know to delete an incoming edge.
*
* There are two big hitches with this approach: first, all file link counts
* must be correct to prevent other writers from doing the wrong thing with the
* directory tree structure. Second, because we're walking upwards in a tree
* of arbitrary depth, we cannot hold all the ILOCKs. Instead, we will use a
* directory update hook to invalidate the scan results if one of the paths
* we've scanned has changed.
*/
/* Clean up the dirtree checking resources. */
STATIC void
xchk_dirtree_buf_cleanup(
void *buf)
{
struct xchk_dirtree *dl = buf;
struct xchk_dirpath *path, *n;
if (dl->scan_ino != NULLFSINO)
xfs_dir_hook_del(dl->sc->mp, &dl->dhook);
xchk_dirtree_for_each_path_safe(dl, path, n) {
list_del_init(&path->list);
xino_bitmap_destroy(&path->seen_inodes);
kfree(path);
}
xfblob_destroy(dl->path_names);
xfarray_destroy(dl->path_steps);
mutex_destroy(&dl->lock);
}
/* Set us up to look for directory loops. */
int
xchk_setup_dirtree(
struct xfs_scrub *sc)
{
struct xchk_dirtree *dl;
char *descr;
int error;
xchk_fsgates_enable(sc, XCHK_FSGATES_DIRENTS);
if (xchk_could_repair(sc)) {
error = xrep_setup_dirtree(sc);
if (error)
return error;
}
dl = kvzalloc(sizeof(struct xchk_dirtree), XCHK_GFP_FLAGS);
if (!dl)
return -ENOMEM;
dl->sc = sc;
dl->xname.name = dl->namebuf;
dl->hook_xname.name = dl->hook_namebuf;
INIT_LIST_HEAD(&dl->path_list);
dl->root_ino = NULLFSINO;
dl->scan_ino = NULLFSINO;
dl->parent_ino = NULLFSINO;
mutex_init(&dl->lock);
descr = xchk_xfile_ino_descr(sc, "dirtree path steps");
error = xfarray_create(descr, 0, sizeof(struct xchk_dirpath_step),
&dl->path_steps);
kfree(descr);
if (error)
goto out_dl;
descr = xchk_xfile_ino_descr(sc, "dirtree path names");
error = xfblob_create(descr, &dl->path_names);
kfree(descr);
if (error)
goto out_steps;
error = xchk_setup_inode_contents(sc, 0);
if (error)
goto out_names;
sc->buf = dl;
sc->buf_cleanup = xchk_dirtree_buf_cleanup;
return 0;
out_names:
xfblob_destroy(dl->path_names);
out_steps:
xfarray_destroy(dl->path_steps);
out_dl:
mutex_destroy(&dl->lock);
kvfree(dl);
return error;
}
/*
* Add the parent pointer described by @dl->pptr to the given path as a new
* step. Returns -ELNRNG if the path is too deep.
*/
int
xchk_dirpath_append(
struct xchk_dirtree *dl,
struct xfs_inode *ip,
struct xchk_dirpath *path,
const struct xfs_name *name,
const struct xfs_parent_rec *pptr)
{
struct xchk_dirpath_step step = {
.pptr_rec = *pptr, /* struct copy */
.name_len = name->len,
};
int error;
/*
* If this path is more than 2 billion steps long, this directory tree
* is too far gone to fix.
*/
if (path->nr_steps >= XFS_MAXLINK)
return -ELNRNG;
error = xfblob_storename(dl->path_names, &step.name_cookie, name);
if (error)
return error;
error = xino_bitmap_set(&path->seen_inodes, ip->i_ino);
if (error)
return error;
error = xfarray_append(dl->path_steps, &step);
if (error)
return error;
path->nr_steps++;
return 0;
}
/*
* Create an xchk_path for each parent pointer of the directory that we're
* scanning. For each path created, we will eventually try to walk towards the
* root with the goal of deleting all parents except for one that leads to the
* root.
*
* Returns -EFSCORRUPTED to signal that the inode being scanned has a corrupt
* parent pointer and hence there's no point in continuing; or -ENOSR if there
* are too many parent pointers for this directory.
*/
STATIC int
xchk_dirtree_create_path(
struct xfs_scrub *sc,
struct xfs_inode *ip,
unsigned int attr_flags,
const unsigned char *name,
unsigned int namelen,
const void *value,
unsigned int valuelen,
void *priv)
{
struct xfs_name xname = {
.name = name,
.len = namelen,
};
struct xchk_dirtree *dl = priv;
struct xchk_dirpath *path;
const struct xfs_parent_rec *rec = value;
int error;
if (!(attr_flags & XFS_ATTR_PARENT))
return 0;
error = xfs_parent_from_attr(sc->mp, attr_flags, name, namelen, value,
valuelen, NULL, NULL);
if (error)
return error;
/*
* If there are more than 2 billion actual parent pointers for this
* subdirectory, this fs is too far gone to fix.
*/
if (dl->nr_paths >= XFS_MAXLINK)
return -ENOSR;
trace_xchk_dirtree_create_path(sc, ip, dl->nr_paths, &xname, rec);
/*
* Create a new xchk_path structure to remember this parent pointer
* and record the first name step.
*/
path = kmalloc(sizeof(struct xchk_dirpath), XCHK_GFP_FLAGS);
if (!path)
return -ENOMEM;
INIT_LIST_HEAD(&path->list);
xino_bitmap_init(&path->seen_inodes);
path->nr_steps = 0;
path->outcome = XCHK_DIRPATH_SCANNING;
error = xchk_dirpath_append(dl, sc->ip, path, &xname, rec);
if (error)
goto out_path;
path->first_step = xfarray_length(dl->path_steps) - 1;
path->second_step = XFARRAY_NULLIDX;
path->path_nr = dl->nr_paths;
list_add_tail(&path->list, &dl->path_list);
dl->nr_paths++;
return 0;
out_path:
kfree(path);
return error;
}
/*
* Validate that the first step of this path still has a corresponding
* parent pointer in @sc->ip. We probably dropped @sc->ip's ILOCK while
* walking towards the roots, which is why this is necessary.
*
* This function has a side effect of loading the first parent pointer of this
* path into the parent pointer scratch pad. This prepares us to walk up the
* directory tree towards the root. Returns -ESTALE if the scan data is now
* out of date.
*/
STATIC int
xchk_dirpath_revalidate(
struct xchk_dirtree *dl,
struct xchk_dirpath *path)
{
struct xfs_scrub *sc = dl->sc;
int error;
/*
* Look up the parent pointer that corresponds to the start of this
* path. If the parent pointer has disappeared on us, dump all the
* scan results and try again.
*/
error = xfs_parent_lookup(sc->tp, sc->ip, &dl->xname, &dl->pptr_rec,
&dl->pptr_args);
if (error == -ENOATTR) {
trace_xchk_dirpath_disappeared(dl->sc, sc->ip, path->path_nr,
path->first_step, &dl->xname, &dl->pptr_rec);
dl->stale = true;
return -ESTALE;
}
return error;
}
/*
* Walk the parent pointers of a directory at the end of a path and record
* the parent that we find in @dl->xname/pptr_rec.
*/
STATIC int
xchk_dirpath_find_next_step(
struct xfs_scrub *sc,
struct xfs_inode *ip,
unsigned int attr_flags,
const unsigned char *name,
unsigned int namelen,
const void *value,
unsigned int valuelen,
void *priv)
{
struct xchk_dirtree *dl = priv;
const struct xfs_parent_rec *rec = value;
int error;
if (!(attr_flags & XFS_ATTR_PARENT))
return 0;
error = xfs_parent_from_attr(sc->mp, attr_flags, name, namelen, value,
valuelen, NULL, NULL);
if (error)
return error;
/*
* If we've already set @dl->pptr_rec, then this directory has multiple
* parents. Signal this back to the caller via -EMLINK.
*/
if (dl->parents_found > 0)
return -EMLINK;
dl->parents_found++;
memcpy(dl->namebuf, name, namelen);
dl->xname.len = namelen;
dl->pptr_rec = *rec; /* struct copy */
return 0;
}
/* Set and log the outcome of a path walk. */
static inline void
xchk_dirpath_set_outcome(
struct xchk_dirtree *dl,
struct xchk_dirpath *path,
enum xchk_dirpath_outcome outcome)
{
trace_xchk_dirpath_set_outcome(dl->sc, path->path_nr, path->nr_steps,
outcome);
path->outcome = outcome;
}
/*
* Scan the directory at the end of this path for its parent directory link.
* If we find one, extend the path. Returns -ESTALE if the scan data out of
* date. Returns -EFSCORRUPTED if the parent pointer is bad; or -ELNRNG if
* the path got too deep.
*/
STATIC int
xchk_dirpath_step_up(
struct xchk_dirtree *dl,
struct xchk_dirpath *path)
{
struct xfs_scrub *sc = dl->sc;
struct xfs_inode *dp;
xfs_ino_t parent_ino = be64_to_cpu(dl->pptr_rec.p_ino);
unsigned int lock_mode;
int error;
/* Grab and lock the parent directory. */
error = xchk_iget(sc, parent_ino, &dp);
if (error)
return error;
lock_mode = xfs_ilock_attr_map_shared(dp);
mutex_lock(&dl->lock);
if (dl->stale) {
error = -ESTALE;
goto out_scanlock;
}
/* We've reached the root directory; the path is ok. */
if (parent_ino == dl->root_ino) {
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_OK);
error = 0;
goto out_scanlock;
}
/*
* The inode being scanned is its own distant ancestor! Get rid of
* this path.
*/
if (parent_ino == sc->ip->i_ino) {
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_DELETE);
error = 0;
goto out_scanlock;
}
/*
* We've seen this inode before during the path walk. There's a loop
* above us in the directory tree. This probably means that we cannot
* continue, but let's keep walking paths to get a full picture.
*/
if (xino_bitmap_test(&path->seen_inodes, parent_ino)) {
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_LOOP);
error = 0;
goto out_scanlock;
}
/* The handle encoded in the parent pointer must match. */
if (VFS_I(dp)->i_generation != be32_to_cpu(dl->pptr_rec.p_gen)) {
trace_xchk_dirpath_badgen(dl->sc, dp, path->path_nr,
path->nr_steps, &dl->xname, &dl->pptr_rec);
error = -EFSCORRUPTED;
goto out_scanlock;
}
/* Parent pointer must point up to a directory. */
if (!S_ISDIR(VFS_I(dp)->i_mode)) {
trace_xchk_dirpath_nondir_parent(dl->sc, dp, path->path_nr,
path->nr_steps, &dl->xname, &dl->pptr_rec);
error = -EFSCORRUPTED;
goto out_scanlock;
}
/* Parent cannot be an unlinked directory. */
if (VFS_I(dp)->i_nlink == 0) {
trace_xchk_dirpath_unlinked_parent(dl->sc, dp, path->path_nr,
path->nr_steps, &dl->xname, &dl->pptr_rec);
error = -EFSCORRUPTED;
goto out_scanlock;
}
/*
* If the extended attributes look as though they has been zapped by
* the inode record repair code, we cannot scan for parent pointers.
*/
if (xchk_pptr_looks_zapped(dp)) {
error = -EBUSY;
xchk_set_incomplete(sc);
goto out_scanlock;
}
/*
* Walk the parent pointers of @dp to find the parent of this directory
* to find the next step in our walk. If we find that @dp has exactly
* one parent, the parent pointer information will be stored in
* @dl->pptr_rec. This prepares us for the next step of the walk.
*/
mutex_unlock(&dl->lock);
dl->parents_found = 0;
error = xchk_xattr_walk(sc, dp, xchk_dirpath_find_next_step, NULL, dl);
mutex_lock(&dl->lock);
if (error == -EFSCORRUPTED || error == -EMLINK ||
(!error && dl->parents_found == 0)) {
/*
* Further up the directory tree from @sc->ip, we found a
* corrupt parent pointer, multiple parent pointers while
* finding this directory's parent, or zero parents despite
* having a nonzero link count. Keep looking for other paths.
*/
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_CORRUPT);
error = 0;
goto out_scanlock;
}
if (error)
goto out_scanlock;
if (dl->stale) {
error = -ESTALE;
goto out_scanlock;
}
trace_xchk_dirpath_found_next_step(sc, dp, path->path_nr,
path->nr_steps, &dl->xname, &dl->pptr_rec);
/* Append to the path steps */
error = xchk_dirpath_append(dl, dp, path, &dl->xname, &dl->pptr_rec);
if (error)
goto out_scanlock;
if (path->second_step == XFARRAY_NULLIDX)
path->second_step = xfarray_length(dl->path_steps) - 1;
out_scanlock:
mutex_unlock(&dl->lock);
xfs_iunlock(dp, lock_mode);
xchk_irele(sc, dp);
return error;
}
/*
* Walk the directory tree upwards towards what is hopefully the root
* directory, recording path steps as we go. The current path components are
* stored in dl->pptr_rec and dl->xname.
*
* Returns -ESTALE if the scan data are out of date. Returns -EFSCORRUPTED
* only if the direct parent pointer of @sc->ip associated with this path is
* corrupt.
*/
STATIC int
xchk_dirpath_walk_upwards(
struct xchk_dirtree *dl,
struct xchk_dirpath *path)
{
struct xfs_scrub *sc = dl->sc;
int error;
ASSERT(sc->ilock_flags & XFS_ILOCK_EXCL);
/* Reload the start of this path and make sure it's still there. */
error = xchk_dirpath_revalidate(dl, path);
if (error)
return error;
trace_xchk_dirpath_walk_upwards(sc, sc->ip, path->path_nr, &dl->xname,
&dl->pptr_rec);
/*
* The inode being scanned is its own direct ancestor!
* Get rid of this path.
*/
if (be64_to_cpu(dl->pptr_rec.p_ino) == sc->ip->i_ino) {
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_DELETE);
return 0;
}
/*
* Drop ILOCK_EXCL on the inode being scanned. We still hold
* IOLOCK_EXCL on it, so it cannot move around or be renamed.
*
* Beyond this point we're walking up the directory tree, which means
* that we can acquire and drop the ILOCK on an alias of sc->ip. The
* ILOCK state is no longer tracked in the scrub context. Hence we
* must drop @sc->ip's ILOCK during the walk.
*/
mutex_unlock(&dl->lock);
xchk_iunlock(sc, XFS_ILOCK_EXCL);
/*
* Take the first step in the walk towards the root by checking the
* start of this path, which is a direct parent pointer of @sc->ip.
* If we see any kind of error here (including corruptions), the parent
* pointer of @sc->ip is corrupt. Stop the whole scan.
*/
error = xchk_dirpath_step_up(dl, path);
if (error) {
xchk_ilock(sc, XFS_ILOCK_EXCL);
mutex_lock(&dl->lock);
return error;
}
/*
* Take steps upward from the second step in this path towards the
* root. If we hit corruption errors here, there's a problem
* *somewhere* in the path, but we don't need to stop scanning.
*/
while (!error && path->outcome == XCHK_DIRPATH_SCANNING)
error = xchk_dirpath_step_up(dl, path);
/* Retake the locks we had, mark paths, etc. */
xchk_ilock(sc, XFS_ILOCK_EXCL);
mutex_lock(&dl->lock);
if (error == -EFSCORRUPTED) {
xchk_dirpath_set_outcome(dl, path, XCHK_DIRPATH_CORRUPT);
error = 0;
}
if (!error && dl->stale)
return -ESTALE;
return error;
}
/*
* Decide if this path step has been touched by this live update. Returns
* 1 for yes, 0 for no, or a negative errno.
*/
STATIC int
xchk_dirpath_step_is_stale(
struct xchk_dirtree *dl,
struct xchk_dirpath *path,
unsigned int step_nr,
xfarray_idx_t step_idx,
struct xfs_dir_update_params *p,
xfs_ino_t *cursor)
{
struct xchk_dirpath_step step;
xfs_ino_t child_ino = *cursor;
int error;
error = xfarray_load(dl->path_steps, step_idx, &step);
if (error)
return error;
*cursor = be64_to_cpu(step.pptr_rec.p_ino);
/*
* If the parent and child being updated are not the ones mentioned in
* this path step, the scan data is still ok.
*/
if (p->ip->i_ino != child_ino || p->dp->i_ino != *cursor)
return 0;
/*
* If the dirent name lengths or byte sequences are different, the scan
* data is still ok.
*/
if (p->name->len != step.name_len)
return 0;
error = xfblob_loadname(dl->path_names, step.name_cookie,
&dl->hook_xname, step.name_len);
if (error)
return error;
if (memcmp(dl->hook_xname.name, p->name->name, p->name->len) != 0)
return 0;
/*
* If the update comes from the repair code itself, walk the state
* machine forward.
*/
if (p->ip->i_ino == dl->scan_ino &&
path->outcome == XREP_DIRPATH_ADOPTING) {
xchk_dirpath_set_outcome(dl, path, XREP_DIRPATH_ADOPTED);
return 0;
}
if (p->ip->i_ino == dl->scan_ino &&
path->outcome == XREP_DIRPATH_DELETING) {
xchk_dirpath_set_outcome(dl, path, XREP_DIRPATH_DELETED);
return 0;
}
/* Exact match, scan data is out of date. */
trace_xchk_dirpath_changed(dl->sc, path->path_nr, step_nr, p->dp,
p->ip, p->name);
return 1;
}
/*
* Decide if this path has been touched by this live update. Returns 1 for
* yes, 0 for no, or a negative errno.
*/
STATIC int
xchk_dirpath_is_stale(
struct xchk_dirtree *dl,
struct xchk_dirpath *path,
struct xfs_dir_update_params *p)
{
xfs_ino_t cursor = dl->scan_ino;
xfarray_idx_t idx = path->first_step;
unsigned int i;
int ret;
/*
* The child being updated has not been seen by this path at all; this
* path cannot be stale.
*/
if (!xino_bitmap_test(&path->seen_inodes, p->ip->i_ino))
return 0;
ret = xchk_dirpath_step_is_stale(dl, path, 0, idx, p, &cursor);
if (ret != 0)
return ret;
for (i = 1, idx = path->second_step; i < path->nr_steps; i++, idx++) {
ret = xchk_dirpath_step_is_stale(dl, path, i, idx, p, &cursor);
if (ret != 0)
return ret;
}
return 0;
}
/*
* Decide if a directory update from the regular filesystem touches any of the
* paths we've scanned, and invalidate the scan data if true.
*/
STATIC int
xchk_dirtree_live_update(
struct notifier_block *nb,
unsigned long action,
void *data)
{
struct xfs_dir_update_params *p = data;
struct xchk_dirtree *dl;
struct xchk_dirpath *path;
int ret;
dl = container_of(nb, struct xchk_dirtree, dhook.dirent_hook.nb);
trace_xchk_dirtree_live_update(dl->sc, p->dp, action, p->ip, p->delta,
p->name);
mutex_lock(&dl->lock);
if (dl->stale || dl->aborted)
goto out_unlock;
xchk_dirtree_for_each_path(dl, path) {
ret = xchk_dirpath_is_stale(dl, path, p);
if (ret < 0) {
dl->aborted = true;
break;
}
if (ret == 1) {
dl->stale = true;
break;
}
}
out_unlock:
mutex_unlock(&dl->lock);
return NOTIFY_DONE;
}
/* Delete all the collected path information. */
STATIC void
xchk_dirtree_reset(
void *buf)
{
struct xchk_dirtree *dl = buf;
struct xchk_dirpath *path, *n;
ASSERT(dl->sc->ilock_flags & XFS_ILOCK_EXCL);
xchk_dirtree_for_each_path_safe(dl, path, n) {
list_del_init(&path->list);
xino_bitmap_destroy(&path->seen_inodes);
kfree(path);
}
dl->nr_paths = 0;
xfarray_truncate(dl->path_steps);
xfblob_truncate(dl->path_names);
dl->stale = false;
}
/*
* Load the name/pptr from the first step in this path into @dl->pptr_rec and
* @dl->xname.
*/
STATIC int
xchk_dirtree_load_path(
struct xchk_dirtree *dl,
struct xchk_dirpath *path)
{
struct xchk_dirpath_step step;
int error;
error = xfarray_load(dl->path_steps, path->first_step, &step);
if (error)
return error;
error = xfblob_loadname(dl->path_names, step.name_cookie, &dl->xname,
step.name_len);
if (error)
return error;
dl->pptr_rec = step.pptr_rec; /* struct copy */
return 0;
}
/*
* For each parent pointer of this subdir, trace a path upwards towards the
* root directory and record what we find. Returns 0 for success;
* -EFSCORRUPTED if walking the parent pointers of @sc->ip failed, -ELNRNG if a
* path was too deep; -ENOSR if there were too many parent pointers; or
* a negative errno.
*/
int
xchk_dirtree_find_paths_to_root(
struct xchk_dirtree *dl)
{
struct xfs_scrub *sc = dl->sc;
struct xchk_dirpath *path;
int error = 0;
do {
if (xchk_should_terminate(sc, &error))
return error;
xchk_dirtree_reset(dl);
/*
* If the extended attributes look as though they has been
* zapped by the inode record repair code, we cannot scan for
* parent pointers.
*/
if (xchk_pptr_looks_zapped(sc->ip)) {
xchk_set_incomplete(sc);
return -EBUSY;
}
/*
* Create path walk contexts for each parent of the directory
* that is being scanned. Directories are supposed to have
* only one parent, but this is how we detect multiple parents.
*/
error = xchk_xattr_walk(sc, sc->ip, xchk_dirtree_create_path,
NULL, dl);
if (error)
return error;
xchk_dirtree_for_each_path(dl, path) {
/* Load path components into dl->pptr/xname */
error = xchk_dirtree_load_path(dl, path);
if (error)
return error;
/*
* Try to walk up each path to the root. This enables
* us to find directory loops in ancestors, and the
* like.
*/
error = xchk_dirpath_walk_upwards(dl, path);
if (error == -EFSCORRUPTED) {
/*
* A parent pointer of @sc->ip is bad, don't
* bother continuing.
*/
break;
}
if (error == -ESTALE) {
/* This had better be an invalidation. */
ASSERT(dl->stale);
break;
}
if (error)
return error;
if (dl->aborted)
return 0;
}
} while (dl->stale);
return error;
}
/*
* Figure out what to do with the paths we tried to find. Do not call this
* if the scan results are stale.
*/
void
xchk_dirtree_evaluate(
struct xchk_dirtree *dl,
struct xchk_dirtree_outcomes *oc)
{
struct xchk_dirpath *path;
ASSERT(!dl->stale);
/* Scan the paths we have to decide what to do. */
memset(oc, 0, sizeof(struct xchk_dirtree_outcomes));
xchk_dirtree_for_each_path(dl, path) {
trace_xchk_dirpath_evaluate_path(dl->sc, path->path_nr,
path->nr_steps, path->outcome);
switch (path->outcome) {
case XCHK_DIRPATH_SCANNING:
/* shouldn't get here */
ASSERT(0);
break;
case XCHK_DIRPATH_DELETE:
/* This one is already going away. */
oc->bad++;
break;
case XCHK_DIRPATH_CORRUPT:
case XCHK_DIRPATH_LOOP:
/* Couldn't find the end of this path. */
oc->suspect++;
break;
case XCHK_DIRPATH_STALE:
/* shouldn't get here either */
ASSERT(0);
break;
case XCHK_DIRPATH_OK:
/* This path got all the way to the root. */
oc->good++;
break;
case XREP_DIRPATH_DELETING:
case XREP_DIRPATH_DELETED:
case XREP_DIRPATH_ADOPTING:
case XREP_DIRPATH_ADOPTED:
/* These should not be in progress! */
ASSERT(0);
break;
}
}
trace_xchk_dirtree_evaluate(dl, oc);
}
/* Look for directory loops. */
int
xchk_dirtree(
struct xfs_scrub *sc)
{
struct xchk_dirtree_outcomes oc;
struct xchk_dirtree *dl = sc->buf;
int error;
/*
* Nondirectories do not point downwards to other files, so they cannot
* cause a cycle in the directory tree.
*/
if (!S_ISDIR(VFS_I(sc->ip)->i_mode))
return -ENOENT;
ASSERT(xfs_has_parent(sc->mp));
/*
* Find the root of the directory tree. Remember which directory to
* scan, because the hook doesn't detach until after sc->ip gets
* released during teardown.
*/
dl->root_ino = sc->mp->m_rootip->i_ino;
dl->scan_ino = sc->ip->i_ino;
trace_xchk_dirtree_start(sc->ip, sc->sm, 0);
/*
* Hook into the directory entry code so that we can capture updates to
* paths that we have already scanned. The scanner thread takes each
* directory's ILOCK, which means that any in-progress directory update
* will finish before we can scan the directory.
*/
ASSERT(sc->flags & XCHK_FSGATES_DIRENTS);
xfs_dir_hook_setup(&dl->dhook, xchk_dirtree_live_update);
error = xfs_dir_hook_add(sc->mp, &dl->dhook);
if (error)
goto out;
mutex_lock(&dl->lock);
/* Trace each parent pointer's path to the root. */
error = xchk_dirtree_find_paths_to_root(dl);
if (error == -EFSCORRUPTED || error == -ELNRNG || error == -ENOSR) {
/*
* Don't bother walking the paths if the xattr structure or the
* parent pointers are corrupt; this scan cannot be completed
* without full information.
*/
xchk_ino_xref_set_corrupt(sc, sc->ip->i_ino);
error = 0;
goto out_scanlock;
}
if (error == -EBUSY) {
/*
* We couldn't scan some directory's parent pointers because
* the attr fork looked like it had been zapped. The
* scan was marked incomplete, so no further error code
* is necessary.
*/
error = 0;
goto out_scanlock;
}
if (error)
goto out_scanlock;
if (dl->aborted) {
xchk_set_incomplete(sc);
goto out_scanlock;
}
/* Assess what we found in our path evaluation. */
xchk_dirtree_evaluate(dl, &oc);
if (xchk_dirtree_parentless(dl)) {
if (oc.good || oc.bad || oc.suspect)
xchk_ino_set_corrupt(sc, sc->ip->i_ino);
} else {
if (oc.bad || oc.good + oc.suspect != 1)
xchk_ino_set_corrupt(sc, sc->ip->i_ino);
if (oc.suspect)
xchk_ino_xref_set_corrupt(sc, sc->ip->i_ino);
}
out_scanlock:
mutex_unlock(&dl->lock);
out:
trace_xchk_dirtree_done(sc->ip, sc->sm, error);
return error;
}