]>
Commit | Line | Data |
---|---|---|
c1d7c514 | 1 | // SPDX-License-Identifier: GPL-2.0 |
557ea5dd QW |
2 | /* |
3 | * Copyright (C) Qu Wenruo 2017. All rights reserved. | |
557ea5dd QW |
4 | */ |
5 | ||
6 | /* | |
7 | * The module is used to catch unexpected/corrupted tree block data. | |
8 | * Such behavior can be caused either by a fuzzed image or bugs. | |
9 | * | |
10 | * The objective is to do leaf/node validation checks when tree block is read | |
11 | * from disk, and check *every* possible member, so other code won't | |
12 | * need to checking them again. | |
13 | * | |
14 | * Due to the potential and unwanted damage, every checker needs to be | |
15 | * carefully reviewed otherwise so it does not prevent mount of valid images. | |
16 | */ | |
17 | ||
02529d7a QW |
18 | #include <linux/types.h> |
19 | #include <linux/stddef.h> | |
20 | #include <linux/error-injection.h> | |
557ea5dd QW |
21 | #include "ctree.h" |
22 | #include "tree-checker.h" | |
23 | #include "disk-io.h" | |
24 | #include "compression.h" | |
fce466ea | 25 | #include "volumes.h" |
557ea5dd | 26 | |
bba4f298 QW |
27 | /* |
28 | * Error message should follow the following format: | |
29 | * corrupt <type>: <identifier>, <reason>[, <bad_value>] | |
30 | * | |
31 | * @type: leaf or node | |
32 | * @identifier: the necessary info to locate the leaf/node. | |
52042d8e | 33 | * It's recommended to decode key.objecitd/offset if it's |
bba4f298 QW |
34 | * meaningful. |
35 | * @reason: describe the error | |
52042d8e | 36 | * @bad_value: optional, it's recommended to output bad value and its |
bba4f298 QW |
37 | * expected value (range). |
38 | * | |
39 | * Since comma is used to separate the components, only space is allowed | |
40 | * inside each component. | |
41 | */ | |
42 | ||
43 | /* | |
44 | * Append generic "corrupt leaf/node root=%llu block=%llu slot=%d: " to @fmt. | |
45 | * Allows callers to customize the output. | |
46 | */ | |
86a6be3a | 47 | __printf(3, 4) |
e67c718b | 48 | __cold |
86a6be3a | 49 | static void generic_err(const struct extent_buffer *eb, int slot, |
bba4f298 QW |
50 | const char *fmt, ...) |
51 | { | |
86a6be3a | 52 | const struct btrfs_fs_info *fs_info = eb->fs_info; |
bba4f298 QW |
53 | struct va_format vaf; |
54 | va_list args; | |
55 | ||
56 | va_start(args, fmt); | |
57 | ||
58 | vaf.fmt = fmt; | |
59 | vaf.va = &args; | |
60 | ||
2f659546 | 61 | btrfs_crit(fs_info, |
bba4f298 QW |
62 | "corrupt %s: root=%llu block=%llu slot=%d, %pV", |
63 | btrfs_header_level(eb) == 0 ? "leaf" : "node", | |
2f659546 | 64 | btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot, &vaf); |
bba4f298 QW |
65 | va_end(args); |
66 | } | |
67 | ||
8806d718 QW |
68 | /* |
69 | * Customized reporter for extent data item, since its key objectid and | |
70 | * offset has its own meaning. | |
71 | */ | |
1fd715ff | 72 | __printf(3, 4) |
e67c718b | 73 | __cold |
1fd715ff | 74 | static void file_extent_err(const struct extent_buffer *eb, int slot, |
8806d718 QW |
75 | const char *fmt, ...) |
76 | { | |
1fd715ff | 77 | const struct btrfs_fs_info *fs_info = eb->fs_info; |
8806d718 QW |
78 | struct btrfs_key key; |
79 | struct va_format vaf; | |
80 | va_list args; | |
81 | ||
82 | btrfs_item_key_to_cpu(eb, &key, slot); | |
83 | va_start(args, fmt); | |
84 | ||
85 | vaf.fmt = fmt; | |
86 | vaf.va = &args; | |
87 | ||
2f659546 | 88 | btrfs_crit(fs_info, |
8806d718 | 89 | "corrupt %s: root=%llu block=%llu slot=%d ino=%llu file_offset=%llu, %pV", |
2f659546 QW |
90 | btrfs_header_level(eb) == 0 ? "leaf" : "node", |
91 | btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot, | |
92 | key.objectid, key.offset, &vaf); | |
8806d718 QW |
93 | va_end(args); |
94 | } | |
95 | ||
96 | /* | |
97 | * Return 0 if the btrfs_file_extent_##name is aligned to @alignment | |
98 | * Else return 1 | |
99 | */ | |
033774dc | 100 | #define CHECK_FE_ALIGNED(leaf, slot, fi, name, alignment) \ |
8806d718 QW |
101 | ({ \ |
102 | if (!IS_ALIGNED(btrfs_file_extent_##name((leaf), (fi)), (alignment))) \ | |
1fd715ff | 103 | file_extent_err((leaf), (slot), \ |
8806d718 QW |
104 | "invalid %s for file extent, have %llu, should be aligned to %u", \ |
105 | (#name), btrfs_file_extent_##name((leaf), (fi)), \ | |
106 | (alignment)); \ | |
107 | (!IS_ALIGNED(btrfs_file_extent_##name((leaf), (fi)), (alignment))); \ | |
108 | }) | |
109 | ||
4e9845ef FM |
110 | static u64 file_extent_end(struct extent_buffer *leaf, |
111 | struct btrfs_key *key, | |
112 | struct btrfs_file_extent_item *extent) | |
113 | { | |
114 | u64 end; | |
115 | u64 len; | |
116 | ||
117 | if (btrfs_file_extent_type(leaf, extent) == BTRFS_FILE_EXTENT_INLINE) { | |
118 | len = btrfs_file_extent_ram_bytes(leaf, extent); | |
119 | end = ALIGN(key->offset + len, leaf->fs_info->sectorsize); | |
120 | } else { | |
121 | len = btrfs_file_extent_num_bytes(leaf, extent); | |
122 | end = key->offset + len; | |
123 | } | |
124 | return end; | |
125 | } | |
126 | ||
ae2a19d8 | 127 | static int check_extent_data_item(struct extent_buffer *leaf, |
4e9845ef FM |
128 | struct btrfs_key *key, int slot, |
129 | struct btrfs_key *prev_key) | |
557ea5dd | 130 | { |
ae2a19d8 | 131 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
557ea5dd | 132 | struct btrfs_file_extent_item *fi; |
2f659546 | 133 | u32 sectorsize = fs_info->sectorsize; |
557ea5dd QW |
134 | u32 item_size = btrfs_item_size_nr(leaf, slot); |
135 | ||
136 | if (!IS_ALIGNED(key->offset, sectorsize)) { | |
1fd715ff | 137 | file_extent_err(leaf, slot, |
8806d718 QW |
138 | "unaligned file_offset for file extent, have %llu should be aligned to %u", |
139 | key->offset, sectorsize); | |
557ea5dd QW |
140 | return -EUCLEAN; |
141 | } | |
142 | ||
143 | fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); | |
144 | ||
145 | if (btrfs_file_extent_type(leaf, fi) > BTRFS_FILE_EXTENT_TYPES) { | |
1fd715ff | 146 | file_extent_err(leaf, slot, |
8806d718 QW |
147 | "invalid type for file extent, have %u expect range [0, %u]", |
148 | btrfs_file_extent_type(leaf, fi), | |
149 | BTRFS_FILE_EXTENT_TYPES); | |
557ea5dd QW |
150 | return -EUCLEAN; |
151 | } | |
152 | ||
153 | /* | |
52042d8e | 154 | * Support for new compression/encryption must introduce incompat flag, |
557ea5dd QW |
155 | * and must be caught in open_ctree(). |
156 | */ | |
157 | if (btrfs_file_extent_compression(leaf, fi) > BTRFS_COMPRESS_TYPES) { | |
1fd715ff | 158 | file_extent_err(leaf, slot, |
8806d718 QW |
159 | "invalid compression for file extent, have %u expect range [0, %u]", |
160 | btrfs_file_extent_compression(leaf, fi), | |
161 | BTRFS_COMPRESS_TYPES); | |
557ea5dd QW |
162 | return -EUCLEAN; |
163 | } | |
164 | if (btrfs_file_extent_encryption(leaf, fi)) { | |
1fd715ff | 165 | file_extent_err(leaf, slot, |
8806d718 QW |
166 | "invalid encryption for file extent, have %u expect 0", |
167 | btrfs_file_extent_encryption(leaf, fi)); | |
557ea5dd QW |
168 | return -EUCLEAN; |
169 | } | |
170 | if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) { | |
171 | /* Inline extent must have 0 as key offset */ | |
172 | if (key->offset) { | |
1fd715ff | 173 | file_extent_err(leaf, slot, |
8806d718 QW |
174 | "invalid file_offset for inline file extent, have %llu expect 0", |
175 | key->offset); | |
557ea5dd QW |
176 | return -EUCLEAN; |
177 | } | |
178 | ||
179 | /* Compressed inline extent has no on-disk size, skip it */ | |
180 | if (btrfs_file_extent_compression(leaf, fi) != | |
181 | BTRFS_COMPRESS_NONE) | |
182 | return 0; | |
183 | ||
184 | /* Uncompressed inline extent size must match item size */ | |
185 | if (item_size != BTRFS_FILE_EXTENT_INLINE_DATA_START + | |
186 | btrfs_file_extent_ram_bytes(leaf, fi)) { | |
1fd715ff | 187 | file_extent_err(leaf, slot, |
8806d718 QW |
188 | "invalid ram_bytes for uncompressed inline extent, have %u expect %llu", |
189 | item_size, BTRFS_FILE_EXTENT_INLINE_DATA_START + | |
190 | btrfs_file_extent_ram_bytes(leaf, fi)); | |
557ea5dd QW |
191 | return -EUCLEAN; |
192 | } | |
193 | return 0; | |
194 | } | |
195 | ||
196 | /* Regular or preallocated extent has fixed item size */ | |
197 | if (item_size != sizeof(*fi)) { | |
1fd715ff | 198 | file_extent_err(leaf, slot, |
709a95c3 | 199 | "invalid item size for reg/prealloc file extent, have %u expect %zu", |
8806d718 | 200 | item_size, sizeof(*fi)); |
557ea5dd QW |
201 | return -EUCLEAN; |
202 | } | |
033774dc DS |
203 | if (CHECK_FE_ALIGNED(leaf, slot, fi, ram_bytes, sectorsize) || |
204 | CHECK_FE_ALIGNED(leaf, slot, fi, disk_bytenr, sectorsize) || | |
205 | CHECK_FE_ALIGNED(leaf, slot, fi, disk_num_bytes, sectorsize) || | |
206 | CHECK_FE_ALIGNED(leaf, slot, fi, offset, sectorsize) || | |
207 | CHECK_FE_ALIGNED(leaf, slot, fi, num_bytes, sectorsize)) | |
557ea5dd | 208 | return -EUCLEAN; |
4e9845ef FM |
209 | |
210 | /* | |
211 | * Check that no two consecutive file extent items, in the same leaf, | |
212 | * present ranges that overlap each other. | |
213 | */ | |
214 | if (slot > 0 && | |
215 | prev_key->objectid == key->objectid && | |
216 | prev_key->type == BTRFS_EXTENT_DATA_KEY) { | |
217 | struct btrfs_file_extent_item *prev_fi; | |
218 | u64 prev_end; | |
219 | ||
220 | prev_fi = btrfs_item_ptr(leaf, slot - 1, | |
221 | struct btrfs_file_extent_item); | |
222 | prev_end = file_extent_end(leaf, prev_key, prev_fi); | |
223 | if (prev_end > key->offset) { | |
224 | file_extent_err(leaf, slot - 1, | |
225 | "file extent end range (%llu) goes beyond start offset (%llu) of the next file extent", | |
226 | prev_end, key->offset); | |
227 | return -EUCLEAN; | |
228 | } | |
229 | } | |
230 | ||
557ea5dd QW |
231 | return 0; |
232 | } | |
233 | ||
68128ce7 | 234 | static int check_csum_item(struct extent_buffer *leaf, struct btrfs_key *key, |
2f659546 | 235 | int slot) |
557ea5dd | 236 | { |
68128ce7 | 237 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
2f659546 QW |
238 | u32 sectorsize = fs_info->sectorsize; |
239 | u32 csumsize = btrfs_super_csum_size(fs_info->super_copy); | |
557ea5dd QW |
240 | |
241 | if (key->objectid != BTRFS_EXTENT_CSUM_OBJECTID) { | |
86a6be3a | 242 | generic_err(leaf, slot, |
d508c5f0 QW |
243 | "invalid key objectid for csum item, have %llu expect %llu", |
244 | key->objectid, BTRFS_EXTENT_CSUM_OBJECTID); | |
557ea5dd QW |
245 | return -EUCLEAN; |
246 | } | |
247 | if (!IS_ALIGNED(key->offset, sectorsize)) { | |
86a6be3a | 248 | generic_err(leaf, slot, |
d508c5f0 QW |
249 | "unaligned key offset for csum item, have %llu should be aligned to %u", |
250 | key->offset, sectorsize); | |
557ea5dd QW |
251 | return -EUCLEAN; |
252 | } | |
253 | if (!IS_ALIGNED(btrfs_item_size_nr(leaf, slot), csumsize)) { | |
86a6be3a | 254 | generic_err(leaf, slot, |
d508c5f0 QW |
255 | "unaligned item size for csum item, have %u should be aligned to %u", |
256 | btrfs_item_size_nr(leaf, slot), csumsize); | |
557ea5dd QW |
257 | return -EUCLEAN; |
258 | } | |
259 | return 0; | |
260 | } | |
261 | ||
ad7b0368 QW |
262 | /* |
263 | * Customized reported for dir_item, only important new info is key->objectid, | |
264 | * which represents inode number | |
265 | */ | |
d98ced68 | 266 | __printf(3, 4) |
e67c718b | 267 | __cold |
d98ced68 | 268 | static void dir_item_err(const struct extent_buffer *eb, int slot, |
ad7b0368 QW |
269 | const char *fmt, ...) |
270 | { | |
d98ced68 | 271 | const struct btrfs_fs_info *fs_info = eb->fs_info; |
ad7b0368 QW |
272 | struct btrfs_key key; |
273 | struct va_format vaf; | |
274 | va_list args; | |
275 | ||
276 | btrfs_item_key_to_cpu(eb, &key, slot); | |
277 | va_start(args, fmt); | |
278 | ||
279 | vaf.fmt = fmt; | |
280 | vaf.va = &args; | |
281 | ||
2f659546 | 282 | btrfs_crit(fs_info, |
ad7b0368 | 283 | "corrupt %s: root=%llu block=%llu slot=%d ino=%llu, %pV", |
2f659546 QW |
284 | btrfs_header_level(eb) == 0 ? "leaf" : "node", |
285 | btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot, | |
286 | key.objectid, &vaf); | |
ad7b0368 QW |
287 | va_end(args); |
288 | } | |
289 | ||
ce4252c0 | 290 | static int check_dir_item(struct extent_buffer *leaf, |
ad7b0368 QW |
291 | struct btrfs_key *key, int slot) |
292 | { | |
ce4252c0 | 293 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
ad7b0368 QW |
294 | struct btrfs_dir_item *di; |
295 | u32 item_size = btrfs_item_size_nr(leaf, slot); | |
296 | u32 cur = 0; | |
297 | ||
298 | di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item); | |
299 | while (cur < item_size) { | |
ad7b0368 QW |
300 | u32 name_len; |
301 | u32 data_len; | |
302 | u32 max_name_len; | |
303 | u32 total_size; | |
304 | u32 name_hash; | |
305 | u8 dir_type; | |
306 | ||
307 | /* header itself should not cross item boundary */ | |
308 | if (cur + sizeof(*di) > item_size) { | |
d98ced68 | 309 | dir_item_err(leaf, slot, |
7cfad652 | 310 | "dir item header crosses item boundary, have %zu boundary %u", |
ad7b0368 QW |
311 | cur + sizeof(*di), item_size); |
312 | return -EUCLEAN; | |
313 | } | |
314 | ||
315 | /* dir type check */ | |
316 | dir_type = btrfs_dir_type(leaf, di); | |
317 | if (dir_type >= BTRFS_FT_MAX) { | |
d98ced68 | 318 | dir_item_err(leaf, slot, |
ad7b0368 QW |
319 | "invalid dir item type, have %u expect [0, %u)", |
320 | dir_type, BTRFS_FT_MAX); | |
321 | return -EUCLEAN; | |
322 | } | |
323 | ||
324 | if (key->type == BTRFS_XATTR_ITEM_KEY && | |
325 | dir_type != BTRFS_FT_XATTR) { | |
d98ced68 | 326 | dir_item_err(leaf, slot, |
ad7b0368 QW |
327 | "invalid dir item type for XATTR key, have %u expect %u", |
328 | dir_type, BTRFS_FT_XATTR); | |
329 | return -EUCLEAN; | |
330 | } | |
331 | if (dir_type == BTRFS_FT_XATTR && | |
332 | key->type != BTRFS_XATTR_ITEM_KEY) { | |
d98ced68 | 333 | dir_item_err(leaf, slot, |
ad7b0368 QW |
334 | "xattr dir type found for non-XATTR key"); |
335 | return -EUCLEAN; | |
336 | } | |
337 | if (dir_type == BTRFS_FT_XATTR) | |
338 | max_name_len = XATTR_NAME_MAX; | |
339 | else | |
340 | max_name_len = BTRFS_NAME_LEN; | |
341 | ||
342 | /* Name/data length check */ | |
343 | name_len = btrfs_dir_name_len(leaf, di); | |
344 | data_len = btrfs_dir_data_len(leaf, di); | |
345 | if (name_len > max_name_len) { | |
d98ced68 | 346 | dir_item_err(leaf, slot, |
ad7b0368 QW |
347 | "dir item name len too long, have %u max %u", |
348 | name_len, max_name_len); | |
349 | return -EUCLEAN; | |
350 | } | |
2f659546 | 351 | if (name_len + data_len > BTRFS_MAX_XATTR_SIZE(fs_info)) { |
d98ced68 | 352 | dir_item_err(leaf, slot, |
ad7b0368 QW |
353 | "dir item name and data len too long, have %u max %u", |
354 | name_len + data_len, | |
2f659546 | 355 | BTRFS_MAX_XATTR_SIZE(fs_info)); |
ad7b0368 QW |
356 | return -EUCLEAN; |
357 | } | |
358 | ||
359 | if (data_len && dir_type != BTRFS_FT_XATTR) { | |
d98ced68 | 360 | dir_item_err(leaf, slot, |
ad7b0368 QW |
361 | "dir item with invalid data len, have %u expect 0", |
362 | data_len); | |
363 | return -EUCLEAN; | |
364 | } | |
365 | ||
366 | total_size = sizeof(*di) + name_len + data_len; | |
367 | ||
368 | /* header and name/data should not cross item boundary */ | |
369 | if (cur + total_size > item_size) { | |
d98ced68 | 370 | dir_item_err(leaf, slot, |
ad7b0368 QW |
371 | "dir item data crosses item boundary, have %u boundary %u", |
372 | cur + total_size, item_size); | |
373 | return -EUCLEAN; | |
374 | } | |
375 | ||
376 | /* | |
377 | * Special check for XATTR/DIR_ITEM, as key->offset is name | |
378 | * hash, should match its name | |
379 | */ | |
380 | if (key->type == BTRFS_DIR_ITEM_KEY || | |
381 | key->type == BTRFS_XATTR_ITEM_KEY) { | |
e2683fc9 DS |
382 | char namebuf[max(BTRFS_NAME_LEN, XATTR_NAME_MAX)]; |
383 | ||
ad7b0368 QW |
384 | read_extent_buffer(leaf, namebuf, |
385 | (unsigned long)(di + 1), name_len); | |
386 | name_hash = btrfs_name_hash(namebuf, name_len); | |
387 | if (key->offset != name_hash) { | |
d98ced68 | 388 | dir_item_err(leaf, slot, |
ad7b0368 QW |
389 | "name hash mismatch with key, have 0x%016x expect 0x%016llx", |
390 | name_hash, key->offset); | |
391 | return -EUCLEAN; | |
392 | } | |
393 | } | |
394 | cur += total_size; | |
395 | di = (struct btrfs_dir_item *)((void *)di + total_size); | |
396 | } | |
397 | return 0; | |
398 | } | |
399 | ||
4806bd88 | 400 | __printf(3, 4) |
fce466ea | 401 | __cold |
4806bd88 | 402 | static void block_group_err(const struct extent_buffer *eb, int slot, |
fce466ea QW |
403 | const char *fmt, ...) |
404 | { | |
4806bd88 | 405 | const struct btrfs_fs_info *fs_info = eb->fs_info; |
fce466ea QW |
406 | struct btrfs_key key; |
407 | struct va_format vaf; | |
408 | va_list args; | |
409 | ||
410 | btrfs_item_key_to_cpu(eb, &key, slot); | |
411 | va_start(args, fmt); | |
412 | ||
413 | vaf.fmt = fmt; | |
414 | vaf.va = &args; | |
415 | ||
416 | btrfs_crit(fs_info, | |
417 | "corrupt %s: root=%llu block=%llu slot=%d bg_start=%llu bg_len=%llu, %pV", | |
418 | btrfs_header_level(eb) == 0 ? "leaf" : "node", | |
419 | btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot, | |
420 | key.objectid, key.offset, &vaf); | |
421 | va_end(args); | |
422 | } | |
423 | ||
af60ce2b | 424 | static int check_block_group_item(struct extent_buffer *leaf, |
fce466ea QW |
425 | struct btrfs_key *key, int slot) |
426 | { | |
427 | struct btrfs_block_group_item bgi; | |
428 | u32 item_size = btrfs_item_size_nr(leaf, slot); | |
429 | u64 flags; | |
430 | u64 type; | |
431 | ||
432 | /* | |
433 | * Here we don't really care about alignment since extent allocator can | |
10950929 | 434 | * handle it. We care more about the size. |
fce466ea | 435 | */ |
10950929 | 436 | if (key->offset == 0) { |
4806bd88 | 437 | block_group_err(leaf, slot, |
10950929 | 438 | "invalid block group size 0"); |
fce466ea QW |
439 | return -EUCLEAN; |
440 | } | |
441 | ||
442 | if (item_size != sizeof(bgi)) { | |
4806bd88 | 443 | block_group_err(leaf, slot, |
fce466ea QW |
444 | "invalid item size, have %u expect %zu", |
445 | item_size, sizeof(bgi)); | |
446 | return -EUCLEAN; | |
447 | } | |
448 | ||
449 | read_extent_buffer(leaf, &bgi, btrfs_item_ptr_offset(leaf, slot), | |
450 | sizeof(bgi)); | |
451 | if (btrfs_block_group_chunk_objectid(&bgi) != | |
452 | BTRFS_FIRST_CHUNK_TREE_OBJECTID) { | |
4806bd88 | 453 | block_group_err(leaf, slot, |
fce466ea QW |
454 | "invalid block group chunk objectid, have %llu expect %llu", |
455 | btrfs_block_group_chunk_objectid(&bgi), | |
456 | BTRFS_FIRST_CHUNK_TREE_OBJECTID); | |
457 | return -EUCLEAN; | |
458 | } | |
459 | ||
460 | if (btrfs_block_group_used(&bgi) > key->offset) { | |
4806bd88 | 461 | block_group_err(leaf, slot, |
fce466ea QW |
462 | "invalid block group used, have %llu expect [0, %llu)", |
463 | btrfs_block_group_used(&bgi), key->offset); | |
464 | return -EUCLEAN; | |
465 | } | |
466 | ||
467 | flags = btrfs_block_group_flags(&bgi); | |
468 | if (hweight64(flags & BTRFS_BLOCK_GROUP_PROFILE_MASK) > 1) { | |
4806bd88 | 469 | block_group_err(leaf, slot, |
fce466ea QW |
470 | "invalid profile flags, have 0x%llx (%lu bits set) expect no more than 1 bit set", |
471 | flags & BTRFS_BLOCK_GROUP_PROFILE_MASK, | |
472 | hweight64(flags & BTRFS_BLOCK_GROUP_PROFILE_MASK)); | |
473 | return -EUCLEAN; | |
474 | } | |
475 | ||
476 | type = flags & BTRFS_BLOCK_GROUP_TYPE_MASK; | |
477 | if (type != BTRFS_BLOCK_GROUP_DATA && | |
478 | type != BTRFS_BLOCK_GROUP_METADATA && | |
479 | type != BTRFS_BLOCK_GROUP_SYSTEM && | |
480 | type != (BTRFS_BLOCK_GROUP_METADATA | | |
481 | BTRFS_BLOCK_GROUP_DATA)) { | |
4806bd88 | 482 | block_group_err(leaf, slot, |
761333f2 | 483 | "invalid type, have 0x%llx (%lu bits set) expect either 0x%llx, 0x%llx, 0x%llx or 0x%llx", |
fce466ea QW |
484 | type, hweight64(type), |
485 | BTRFS_BLOCK_GROUP_DATA, BTRFS_BLOCK_GROUP_METADATA, | |
486 | BTRFS_BLOCK_GROUP_SYSTEM, | |
487 | BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA); | |
488 | return -EUCLEAN; | |
489 | } | |
490 | return 0; | |
82fc28fb QW |
491 | } |
492 | ||
d001e4a3 | 493 | __printf(4, 5) |
f1140243 | 494 | __cold |
d001e4a3 | 495 | static void chunk_err(const struct extent_buffer *leaf, |
f1140243 QW |
496 | const struct btrfs_chunk *chunk, u64 logical, |
497 | const char *fmt, ...) | |
498 | { | |
d001e4a3 | 499 | const struct btrfs_fs_info *fs_info = leaf->fs_info; |
f1140243 QW |
500 | bool is_sb; |
501 | struct va_format vaf; | |
502 | va_list args; | |
503 | int i; | |
504 | int slot = -1; | |
505 | ||
506 | /* Only superblock eb is able to have such small offset */ | |
507 | is_sb = (leaf->start == BTRFS_SUPER_INFO_OFFSET); | |
508 | ||
509 | if (!is_sb) { | |
510 | /* | |
511 | * Get the slot number by iterating through all slots, this | |
512 | * would provide better readability. | |
513 | */ | |
514 | for (i = 0; i < btrfs_header_nritems(leaf); i++) { | |
515 | if (btrfs_item_ptr_offset(leaf, i) == | |
516 | (unsigned long)chunk) { | |
517 | slot = i; | |
518 | break; | |
519 | } | |
520 | } | |
521 | } | |
522 | va_start(args, fmt); | |
523 | vaf.fmt = fmt; | |
524 | vaf.va = &args; | |
525 | ||
526 | if (is_sb) | |
527 | btrfs_crit(fs_info, | |
528 | "corrupt superblock syschunk array: chunk_start=%llu, %pV", | |
529 | logical, &vaf); | |
530 | else | |
531 | btrfs_crit(fs_info, | |
532 | "corrupt leaf: root=%llu block=%llu slot=%d chunk_start=%llu, %pV", | |
533 | BTRFS_CHUNK_TREE_OBJECTID, leaf->start, slot, | |
534 | logical, &vaf); | |
535 | va_end(args); | |
536 | } | |
537 | ||
82fc28fb QW |
538 | /* |
539 | * The common chunk check which could also work on super block sys chunk array. | |
540 | * | |
bf871c3b | 541 | * Return -EUCLEAN if anything is corrupted. |
82fc28fb QW |
542 | * Return 0 if everything is OK. |
543 | */ | |
ddaf1d5a | 544 | int btrfs_check_chunk_valid(struct extent_buffer *leaf, |
82fc28fb QW |
545 | struct btrfs_chunk *chunk, u64 logical) |
546 | { | |
ddaf1d5a | 547 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
82fc28fb QW |
548 | u64 length; |
549 | u64 stripe_len; | |
550 | u16 num_stripes; | |
551 | u16 sub_stripes; | |
552 | u64 type; | |
553 | u64 features; | |
554 | bool mixed = false; | |
555 | ||
556 | length = btrfs_chunk_length(leaf, chunk); | |
557 | stripe_len = btrfs_chunk_stripe_len(leaf, chunk); | |
558 | num_stripes = btrfs_chunk_num_stripes(leaf, chunk); | |
559 | sub_stripes = btrfs_chunk_sub_stripes(leaf, chunk); | |
560 | type = btrfs_chunk_type(leaf, chunk); | |
561 | ||
562 | if (!num_stripes) { | |
d001e4a3 | 563 | chunk_err(leaf, chunk, logical, |
f1140243 | 564 | "invalid chunk num_stripes, have %u", num_stripes); |
bf871c3b | 565 | return -EUCLEAN; |
82fc28fb QW |
566 | } |
567 | if (!IS_ALIGNED(logical, fs_info->sectorsize)) { | |
d001e4a3 | 568 | chunk_err(leaf, chunk, logical, |
f1140243 QW |
569 | "invalid chunk logical, have %llu should aligned to %u", |
570 | logical, fs_info->sectorsize); | |
bf871c3b | 571 | return -EUCLEAN; |
82fc28fb QW |
572 | } |
573 | if (btrfs_chunk_sector_size(leaf, chunk) != fs_info->sectorsize) { | |
d001e4a3 | 574 | chunk_err(leaf, chunk, logical, |
f1140243 QW |
575 | "invalid chunk sectorsize, have %u expect %u", |
576 | btrfs_chunk_sector_size(leaf, chunk), | |
577 | fs_info->sectorsize); | |
bf871c3b | 578 | return -EUCLEAN; |
82fc28fb QW |
579 | } |
580 | if (!length || !IS_ALIGNED(length, fs_info->sectorsize)) { | |
d001e4a3 | 581 | chunk_err(leaf, chunk, logical, |
f1140243 | 582 | "invalid chunk length, have %llu", length); |
bf871c3b | 583 | return -EUCLEAN; |
82fc28fb QW |
584 | } |
585 | if (!is_power_of_2(stripe_len) || stripe_len != BTRFS_STRIPE_LEN) { | |
d001e4a3 | 586 | chunk_err(leaf, chunk, logical, |
f1140243 | 587 | "invalid chunk stripe length: %llu", |
82fc28fb | 588 | stripe_len); |
bf871c3b | 589 | return -EUCLEAN; |
82fc28fb QW |
590 | } |
591 | if (~(BTRFS_BLOCK_GROUP_TYPE_MASK | BTRFS_BLOCK_GROUP_PROFILE_MASK) & | |
592 | type) { | |
d001e4a3 | 593 | chunk_err(leaf, chunk, logical, |
f1140243 | 594 | "unrecognized chunk type: 0x%llx", |
82fc28fb QW |
595 | ~(BTRFS_BLOCK_GROUP_TYPE_MASK | |
596 | BTRFS_BLOCK_GROUP_PROFILE_MASK) & | |
597 | btrfs_chunk_type(leaf, chunk)); | |
bf871c3b | 598 | return -EUCLEAN; |
82fc28fb QW |
599 | } |
600 | ||
80e46cf2 QW |
601 | if (!is_power_of_2(type & BTRFS_BLOCK_GROUP_PROFILE_MASK) && |
602 | (type & BTRFS_BLOCK_GROUP_PROFILE_MASK) != 0) { | |
d001e4a3 | 603 | chunk_err(leaf, chunk, logical, |
80e46cf2 QW |
604 | "invalid chunk profile flag: 0x%llx, expect 0 or 1 bit set", |
605 | type & BTRFS_BLOCK_GROUP_PROFILE_MASK); | |
606 | return -EUCLEAN; | |
607 | } | |
82fc28fb | 608 | if ((type & BTRFS_BLOCK_GROUP_TYPE_MASK) == 0) { |
d001e4a3 | 609 | chunk_err(leaf, chunk, logical, |
f1140243 QW |
610 | "missing chunk type flag, have 0x%llx one bit must be set in 0x%llx", |
611 | type, BTRFS_BLOCK_GROUP_TYPE_MASK); | |
bf871c3b | 612 | return -EUCLEAN; |
82fc28fb QW |
613 | } |
614 | ||
615 | if ((type & BTRFS_BLOCK_GROUP_SYSTEM) && | |
616 | (type & (BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA))) { | |
d001e4a3 | 617 | chunk_err(leaf, chunk, logical, |
f1140243 QW |
618 | "system chunk with data or metadata type: 0x%llx", |
619 | type); | |
bf871c3b | 620 | return -EUCLEAN; |
82fc28fb QW |
621 | } |
622 | ||
623 | features = btrfs_super_incompat_flags(fs_info->super_copy); | |
624 | if (features & BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS) | |
625 | mixed = true; | |
626 | ||
627 | if (!mixed) { | |
628 | if ((type & BTRFS_BLOCK_GROUP_METADATA) && | |
629 | (type & BTRFS_BLOCK_GROUP_DATA)) { | |
d001e4a3 | 630 | chunk_err(leaf, chunk, logical, |
82fc28fb | 631 | "mixed chunk type in non-mixed mode: 0x%llx", type); |
bf871c3b | 632 | return -EUCLEAN; |
82fc28fb QW |
633 | } |
634 | } | |
635 | ||
636 | if ((type & BTRFS_BLOCK_GROUP_RAID10 && sub_stripes != 2) || | |
637 | (type & BTRFS_BLOCK_GROUP_RAID1 && num_stripes != 2) || | |
638 | (type & BTRFS_BLOCK_GROUP_RAID5 && num_stripes < 2) || | |
639 | (type & BTRFS_BLOCK_GROUP_RAID6 && num_stripes < 3) || | |
640 | (type & BTRFS_BLOCK_GROUP_DUP && num_stripes != 2) || | |
641 | ((type & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0 && num_stripes != 1)) { | |
d001e4a3 | 642 | chunk_err(leaf, chunk, logical, |
82fc28fb QW |
643 | "invalid num_stripes:sub_stripes %u:%u for profile %llu", |
644 | num_stripes, sub_stripes, | |
645 | type & BTRFS_BLOCK_GROUP_PROFILE_MASK); | |
bf871c3b | 646 | return -EUCLEAN; |
82fc28fb QW |
647 | } |
648 | ||
649 | return 0; | |
fce466ea QW |
650 | } |
651 | ||
5617ed80 | 652 | __printf(3, 4) |
ab4ba2e1 | 653 | __cold |
5617ed80 | 654 | static void dev_item_err(const struct extent_buffer *eb, int slot, |
ab4ba2e1 QW |
655 | const char *fmt, ...) |
656 | { | |
657 | struct btrfs_key key; | |
658 | struct va_format vaf; | |
659 | va_list args; | |
660 | ||
661 | btrfs_item_key_to_cpu(eb, &key, slot); | |
662 | va_start(args, fmt); | |
663 | ||
664 | vaf.fmt = fmt; | |
665 | vaf.va = &args; | |
666 | ||
5617ed80 | 667 | btrfs_crit(eb->fs_info, |
ab4ba2e1 QW |
668 | "corrupt %s: root=%llu block=%llu slot=%d devid=%llu %pV", |
669 | btrfs_header_level(eb) == 0 ? "leaf" : "node", | |
670 | btrfs_header_owner(eb), btrfs_header_bytenr(eb), slot, | |
671 | key.objectid, &vaf); | |
672 | va_end(args); | |
673 | } | |
674 | ||
412a2312 | 675 | static int check_dev_item(struct extent_buffer *leaf, |
ab4ba2e1 QW |
676 | struct btrfs_key *key, int slot) |
677 | { | |
412a2312 | 678 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
ab4ba2e1 QW |
679 | struct btrfs_dev_item *ditem; |
680 | u64 max_devid = max(BTRFS_MAX_DEVS(fs_info), BTRFS_MAX_DEVS_SYS_CHUNK); | |
681 | ||
682 | if (key->objectid != BTRFS_DEV_ITEMS_OBJECTID) { | |
5617ed80 | 683 | dev_item_err(leaf, slot, |
ab4ba2e1 QW |
684 | "invalid objectid: has=%llu expect=%llu", |
685 | key->objectid, BTRFS_DEV_ITEMS_OBJECTID); | |
686 | return -EUCLEAN; | |
687 | } | |
688 | if (key->offset > max_devid) { | |
5617ed80 | 689 | dev_item_err(leaf, slot, |
ab4ba2e1 QW |
690 | "invalid devid: has=%llu expect=[0, %llu]", |
691 | key->offset, max_devid); | |
692 | return -EUCLEAN; | |
693 | } | |
694 | ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item); | |
695 | if (btrfs_device_id(leaf, ditem) != key->offset) { | |
5617ed80 | 696 | dev_item_err(leaf, slot, |
ab4ba2e1 QW |
697 | "devid mismatch: key has=%llu item has=%llu", |
698 | key->offset, btrfs_device_id(leaf, ditem)); | |
699 | return -EUCLEAN; | |
700 | } | |
701 | ||
702 | /* | |
703 | * For device total_bytes, we don't have reliable way to check it, as | |
704 | * it can be 0 for device removal. Device size check can only be done | |
705 | * by dev extents check. | |
706 | */ | |
707 | if (btrfs_device_bytes_used(leaf, ditem) > | |
708 | btrfs_device_total_bytes(leaf, ditem)) { | |
5617ed80 | 709 | dev_item_err(leaf, slot, |
ab4ba2e1 QW |
710 | "invalid bytes used: have %llu expect [0, %llu]", |
711 | btrfs_device_bytes_used(leaf, ditem), | |
712 | btrfs_device_total_bytes(leaf, ditem)); | |
713 | return -EUCLEAN; | |
714 | } | |
715 | /* | |
716 | * Remaining members like io_align/type/gen/dev_group aren't really | |
717 | * utilized. Skip them to make later usage of them easier. | |
718 | */ | |
719 | return 0; | |
720 | } | |
721 | ||
496245ca QW |
722 | /* Inode item error output has the same format as dir_item_err() */ |
723 | #define inode_item_err(fs_info, eb, slot, fmt, ...) \ | |
d98ced68 | 724 | dir_item_err(eb, slot, fmt, __VA_ARGS__) |
496245ca | 725 | |
39e57f49 | 726 | static int check_inode_item(struct extent_buffer *leaf, |
496245ca QW |
727 | struct btrfs_key *key, int slot) |
728 | { | |
39e57f49 | 729 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
496245ca QW |
730 | struct btrfs_inode_item *iitem; |
731 | u64 super_gen = btrfs_super_generation(fs_info->super_copy); | |
732 | u32 valid_mask = (S_IFMT | S_ISUID | S_ISGID | S_ISVTX | 0777); | |
733 | u32 mode; | |
734 | ||
735 | if ((key->objectid < BTRFS_FIRST_FREE_OBJECTID || | |
736 | key->objectid > BTRFS_LAST_FREE_OBJECTID) && | |
737 | key->objectid != BTRFS_ROOT_TREE_DIR_OBJECTID && | |
738 | key->objectid != BTRFS_FREE_INO_OBJECTID) { | |
86a6be3a | 739 | generic_err(leaf, slot, |
496245ca QW |
740 | "invalid key objectid: has %llu expect %llu or [%llu, %llu] or %llu", |
741 | key->objectid, BTRFS_ROOT_TREE_DIR_OBJECTID, | |
742 | BTRFS_FIRST_FREE_OBJECTID, | |
743 | BTRFS_LAST_FREE_OBJECTID, | |
744 | BTRFS_FREE_INO_OBJECTID); | |
745 | return -EUCLEAN; | |
746 | } | |
747 | if (key->offset != 0) { | |
748 | inode_item_err(fs_info, leaf, slot, | |
749 | "invalid key offset: has %llu expect 0", | |
750 | key->offset); | |
751 | return -EUCLEAN; | |
752 | } | |
753 | iitem = btrfs_item_ptr(leaf, slot, struct btrfs_inode_item); | |
754 | ||
755 | /* Here we use super block generation + 1 to handle log tree */ | |
756 | if (btrfs_inode_generation(leaf, iitem) > super_gen + 1) { | |
757 | inode_item_err(fs_info, leaf, slot, | |
758 | "invalid inode generation: has %llu expect (0, %llu]", | |
759 | btrfs_inode_generation(leaf, iitem), | |
760 | super_gen + 1); | |
761 | return -EUCLEAN; | |
762 | } | |
763 | /* Note for ROOT_TREE_DIR_ITEM, mkfs could set its transid 0 */ | |
764 | if (btrfs_inode_transid(leaf, iitem) > super_gen + 1) { | |
765 | inode_item_err(fs_info, leaf, slot, | |
766 | "invalid inode generation: has %llu expect [0, %llu]", | |
767 | btrfs_inode_transid(leaf, iitem), super_gen + 1); | |
768 | return -EUCLEAN; | |
769 | } | |
770 | ||
771 | /* | |
772 | * For size and nbytes it's better not to be too strict, as for dir | |
773 | * item its size/nbytes can easily get wrong, but doesn't affect | |
774 | * anything in the fs. So here we skip the check. | |
775 | */ | |
776 | mode = btrfs_inode_mode(leaf, iitem); | |
777 | if (mode & ~valid_mask) { | |
778 | inode_item_err(fs_info, leaf, slot, | |
779 | "unknown mode bit detected: 0x%x", | |
780 | mode & ~valid_mask); | |
781 | return -EUCLEAN; | |
782 | } | |
783 | ||
784 | /* | |
785 | * S_IFMT is not bit mapped so we can't completely rely on is_power_of_2, | |
786 | * but is_power_of_2() can save us from checking FIFO/CHR/DIR/REG. | |
787 | * Only needs to check BLK, LNK and SOCKS | |
788 | */ | |
789 | if (!is_power_of_2(mode & S_IFMT)) { | |
790 | if (!S_ISLNK(mode) && !S_ISBLK(mode) && !S_ISSOCK(mode)) { | |
791 | inode_item_err(fs_info, leaf, slot, | |
792 | "invalid mode: has 0%o expect valid S_IF* bit(s)", | |
793 | mode & S_IFMT); | |
794 | return -EUCLEAN; | |
795 | } | |
796 | } | |
797 | if (S_ISDIR(mode) && btrfs_inode_nlink(leaf, iitem) > 1) { | |
798 | inode_item_err(fs_info, leaf, slot, | |
799 | "invalid nlink: has %u expect no more than 1 for dir", | |
800 | btrfs_inode_nlink(leaf, iitem)); | |
801 | return -EUCLEAN; | |
802 | } | |
803 | if (btrfs_inode_flags(leaf, iitem) & ~BTRFS_INODE_FLAG_MASK) { | |
804 | inode_item_err(fs_info, leaf, slot, | |
805 | "unknown flags detected: 0x%llx", | |
806 | btrfs_inode_flags(leaf, iitem) & | |
807 | ~BTRFS_INODE_FLAG_MASK); | |
808 | return -EUCLEAN; | |
809 | } | |
810 | return 0; | |
811 | } | |
812 | ||
557ea5dd QW |
813 | /* |
814 | * Common point to switch the item-specific validation. | |
815 | */ | |
0076bc89 | 816 | static int check_leaf_item(struct extent_buffer *leaf, |
4e9845ef FM |
817 | struct btrfs_key *key, int slot, |
818 | struct btrfs_key *prev_key) | |
557ea5dd QW |
819 | { |
820 | int ret = 0; | |
075cb3c7 | 821 | struct btrfs_chunk *chunk; |
557ea5dd QW |
822 | |
823 | switch (key->type) { | |
824 | case BTRFS_EXTENT_DATA_KEY: | |
4e9845ef | 825 | ret = check_extent_data_item(leaf, key, slot, prev_key); |
557ea5dd QW |
826 | break; |
827 | case BTRFS_EXTENT_CSUM_KEY: | |
68128ce7 | 828 | ret = check_csum_item(leaf, key, slot); |
557ea5dd | 829 | break; |
ad7b0368 QW |
830 | case BTRFS_DIR_ITEM_KEY: |
831 | case BTRFS_DIR_INDEX_KEY: | |
832 | case BTRFS_XATTR_ITEM_KEY: | |
ce4252c0 | 833 | ret = check_dir_item(leaf, key, slot); |
ad7b0368 | 834 | break; |
fce466ea | 835 | case BTRFS_BLOCK_GROUP_ITEM_KEY: |
af60ce2b | 836 | ret = check_block_group_item(leaf, key, slot); |
fce466ea | 837 | break; |
075cb3c7 QW |
838 | case BTRFS_CHUNK_ITEM_KEY: |
839 | chunk = btrfs_item_ptr(leaf, slot, struct btrfs_chunk); | |
ddaf1d5a | 840 | ret = btrfs_check_chunk_valid(leaf, chunk, key->offset); |
075cb3c7 | 841 | break; |
ab4ba2e1 | 842 | case BTRFS_DEV_ITEM_KEY: |
412a2312 | 843 | ret = check_dev_item(leaf, key, slot); |
ab4ba2e1 | 844 | break; |
496245ca | 845 | case BTRFS_INODE_ITEM_KEY: |
39e57f49 | 846 | ret = check_inode_item(leaf, key, slot); |
496245ca | 847 | break; |
557ea5dd QW |
848 | } |
849 | return ret; | |
850 | } | |
851 | ||
e2ccd361 | 852 | static int check_leaf(struct extent_buffer *leaf, bool check_item_data) |
557ea5dd | 853 | { |
e2ccd361 | 854 | struct btrfs_fs_info *fs_info = leaf->fs_info; |
557ea5dd QW |
855 | /* No valid key type is 0, so all key should be larger than this key */ |
856 | struct btrfs_key prev_key = {0, 0, 0}; | |
857 | struct btrfs_key key; | |
858 | u32 nritems = btrfs_header_nritems(leaf); | |
859 | int slot; | |
860 | ||
f556faa4 | 861 | if (btrfs_header_level(leaf) != 0) { |
86a6be3a | 862 | generic_err(leaf, 0, |
f556faa4 QW |
863 | "invalid level for leaf, have %d expect 0", |
864 | btrfs_header_level(leaf)); | |
865 | return -EUCLEAN; | |
866 | } | |
867 | ||
557ea5dd QW |
868 | /* |
869 | * Extent buffers from a relocation tree have a owner field that | |
870 | * corresponds to the subvolume tree they are based on. So just from an | |
871 | * extent buffer alone we can not find out what is the id of the | |
872 | * corresponding subvolume tree, so we can not figure out if the extent | |
873 | * buffer corresponds to the root of the relocation tree or not. So | |
874 | * skip this check for relocation trees. | |
875 | */ | |
876 | if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) { | |
ba480dd4 | 877 | u64 owner = btrfs_header_owner(leaf); |
557ea5dd | 878 | |
ba480dd4 QW |
879 | /* These trees must never be empty */ |
880 | if (owner == BTRFS_ROOT_TREE_OBJECTID || | |
881 | owner == BTRFS_CHUNK_TREE_OBJECTID || | |
882 | owner == BTRFS_EXTENT_TREE_OBJECTID || | |
883 | owner == BTRFS_DEV_TREE_OBJECTID || | |
884 | owner == BTRFS_FS_TREE_OBJECTID || | |
885 | owner == BTRFS_DATA_RELOC_TREE_OBJECTID) { | |
86a6be3a | 886 | generic_err(leaf, 0, |
ba480dd4 QW |
887 | "invalid root, root %llu must never be empty", |
888 | owner); | |
889 | return -EUCLEAN; | |
890 | } | |
557ea5dd QW |
891 | return 0; |
892 | } | |
893 | ||
894 | if (nritems == 0) | |
895 | return 0; | |
896 | ||
897 | /* | |
898 | * Check the following things to make sure this is a good leaf, and | |
899 | * leaf users won't need to bother with similar sanity checks: | |
900 | * | |
901 | * 1) key ordering | |
902 | * 2) item offset and size | |
903 | * No overlap, no hole, all inside the leaf. | |
904 | * 3) item content | |
905 | * If possible, do comprehensive sanity check. | |
906 | * NOTE: All checks must only rely on the item data itself. | |
907 | */ | |
908 | for (slot = 0; slot < nritems; slot++) { | |
909 | u32 item_end_expected; | |
910 | int ret; | |
911 | ||
912 | btrfs_item_key_to_cpu(leaf, &key, slot); | |
913 | ||
914 | /* Make sure the keys are in the right order */ | |
915 | if (btrfs_comp_cpu_keys(&prev_key, &key) >= 0) { | |
86a6be3a | 916 | generic_err(leaf, slot, |
478d01b3 QW |
917 | "bad key order, prev (%llu %u %llu) current (%llu %u %llu)", |
918 | prev_key.objectid, prev_key.type, | |
919 | prev_key.offset, key.objectid, key.type, | |
920 | key.offset); | |
557ea5dd QW |
921 | return -EUCLEAN; |
922 | } | |
923 | ||
924 | /* | |
925 | * Make sure the offset and ends are right, remember that the | |
926 | * item data starts at the end of the leaf and grows towards the | |
927 | * front. | |
928 | */ | |
929 | if (slot == 0) | |
930 | item_end_expected = BTRFS_LEAF_DATA_SIZE(fs_info); | |
931 | else | |
932 | item_end_expected = btrfs_item_offset_nr(leaf, | |
933 | slot - 1); | |
934 | if (btrfs_item_end_nr(leaf, slot) != item_end_expected) { | |
86a6be3a | 935 | generic_err(leaf, slot, |
478d01b3 QW |
936 | "unexpected item end, have %u expect %u", |
937 | btrfs_item_end_nr(leaf, slot), | |
938 | item_end_expected); | |
557ea5dd QW |
939 | return -EUCLEAN; |
940 | } | |
941 | ||
942 | /* | |
943 | * Check to make sure that we don't point outside of the leaf, | |
944 | * just in case all the items are consistent to each other, but | |
945 | * all point outside of the leaf. | |
946 | */ | |
947 | if (btrfs_item_end_nr(leaf, slot) > | |
948 | BTRFS_LEAF_DATA_SIZE(fs_info)) { | |
86a6be3a | 949 | generic_err(leaf, slot, |
478d01b3 QW |
950 | "slot end outside of leaf, have %u expect range [0, %u]", |
951 | btrfs_item_end_nr(leaf, slot), | |
952 | BTRFS_LEAF_DATA_SIZE(fs_info)); | |
557ea5dd QW |
953 | return -EUCLEAN; |
954 | } | |
955 | ||
956 | /* Also check if the item pointer overlaps with btrfs item. */ | |
957 | if (btrfs_item_nr_offset(slot) + sizeof(struct btrfs_item) > | |
958 | btrfs_item_ptr_offset(leaf, slot)) { | |
86a6be3a | 959 | generic_err(leaf, slot, |
478d01b3 QW |
960 | "slot overlaps with its data, item end %lu data start %lu", |
961 | btrfs_item_nr_offset(slot) + | |
962 | sizeof(struct btrfs_item), | |
963 | btrfs_item_ptr_offset(leaf, slot)); | |
557ea5dd QW |
964 | return -EUCLEAN; |
965 | } | |
966 | ||
69fc6cbb QW |
967 | if (check_item_data) { |
968 | /* | |
969 | * Check if the item size and content meet other | |
970 | * criteria | |
971 | */ | |
4e9845ef | 972 | ret = check_leaf_item(leaf, &key, slot, &prev_key); |
69fc6cbb QW |
973 | if (ret < 0) |
974 | return ret; | |
975 | } | |
557ea5dd QW |
976 | |
977 | prev_key.objectid = key.objectid; | |
978 | prev_key.type = key.type; | |
979 | prev_key.offset = key.offset; | |
980 | } | |
981 | ||
982 | return 0; | |
983 | } | |
984 | ||
1c4360ee | 985 | int btrfs_check_leaf_full(struct extent_buffer *leaf) |
69fc6cbb | 986 | { |
e2ccd361 | 987 | return check_leaf(leaf, true); |
69fc6cbb | 988 | } |
02529d7a | 989 | ALLOW_ERROR_INJECTION(btrfs_check_leaf_full, ERRNO); |
69fc6cbb | 990 | |
cfdaad5e | 991 | int btrfs_check_leaf_relaxed(struct extent_buffer *leaf) |
69fc6cbb | 992 | { |
e2ccd361 | 993 | return check_leaf(leaf, false); |
69fc6cbb QW |
994 | } |
995 | ||
813fd1dc | 996 | int btrfs_check_node(struct extent_buffer *node) |
557ea5dd | 997 | { |
813fd1dc | 998 | struct btrfs_fs_info *fs_info = node->fs_info; |
557ea5dd QW |
999 | unsigned long nr = btrfs_header_nritems(node); |
1000 | struct btrfs_key key, next_key; | |
1001 | int slot; | |
f556faa4 | 1002 | int level = btrfs_header_level(node); |
557ea5dd QW |
1003 | u64 bytenr; |
1004 | int ret = 0; | |
1005 | ||
f556faa4 | 1006 | if (level <= 0 || level >= BTRFS_MAX_LEVEL) { |
86a6be3a | 1007 | generic_err(node, 0, |
f556faa4 QW |
1008 | "invalid level for node, have %d expect [1, %d]", |
1009 | level, BTRFS_MAX_LEVEL - 1); | |
1010 | return -EUCLEAN; | |
1011 | } | |
2f659546 QW |
1012 | if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(fs_info)) { |
1013 | btrfs_crit(fs_info, | |
bba4f298 | 1014 | "corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%u]", |
2f659546 | 1015 | btrfs_header_owner(node), node->start, |
bba4f298 | 1016 | nr == 0 ? "small" : "large", nr, |
2f659546 | 1017 | BTRFS_NODEPTRS_PER_BLOCK(fs_info)); |
bba4f298 | 1018 | return -EUCLEAN; |
557ea5dd QW |
1019 | } |
1020 | ||
1021 | for (slot = 0; slot < nr - 1; slot++) { | |
1022 | bytenr = btrfs_node_blockptr(node, slot); | |
1023 | btrfs_node_key_to_cpu(node, &key, slot); | |
1024 | btrfs_node_key_to_cpu(node, &next_key, slot + 1); | |
1025 | ||
1026 | if (!bytenr) { | |
86a6be3a | 1027 | generic_err(node, slot, |
bba4f298 QW |
1028 | "invalid NULL node pointer"); |
1029 | ret = -EUCLEAN; | |
1030 | goto out; | |
1031 | } | |
2f659546 | 1032 | if (!IS_ALIGNED(bytenr, fs_info->sectorsize)) { |
86a6be3a | 1033 | generic_err(node, slot, |
bba4f298 | 1034 | "unaligned pointer, have %llu should be aligned to %u", |
2f659546 | 1035 | bytenr, fs_info->sectorsize); |
bba4f298 | 1036 | ret = -EUCLEAN; |
557ea5dd QW |
1037 | goto out; |
1038 | } | |
1039 | ||
1040 | if (btrfs_comp_cpu_keys(&key, &next_key) >= 0) { | |
86a6be3a | 1041 | generic_err(node, slot, |
bba4f298 QW |
1042 | "bad key order, current (%llu %u %llu) next (%llu %u %llu)", |
1043 | key.objectid, key.type, key.offset, | |
1044 | next_key.objectid, next_key.type, | |
1045 | next_key.offset); | |
1046 | ret = -EUCLEAN; | |
557ea5dd QW |
1047 | goto out; |
1048 | } | |
1049 | } | |
1050 | out: | |
1051 | return ret; | |
1052 | } | |
02529d7a | 1053 | ALLOW_ERROR_INJECTION(btrfs_check_node, ERRNO); |