xfs: fix the xattr scrub to detect freemap/entries array collisions

In the previous patches, we observed that it's possible for there to be
freemap entries with zero size but a nonzero base.  This isn't an
inconsistency per se, but older kernels can get confused by this and
corrupt the block, leading to corruption.

If we see this, flag the xattr structure for optimization so that it
gets rebuilt.

Cc: <stable@vger.kernel.org> # v4.15
Fixes: 13791d3b833428 ("xfs: scrub extended attribute leaf space")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>

diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c
index eeb5ac34d7422f947fd3337a55f660c4e1e7f463..a397c50b77943eaf6f2717d72747c5f808635f3b 100644 (file)
--- a/fs/xfs/scrub/attr.c
+++ b/fs/xfs/scrub/attr.c
@@ -287,32 +287,6 @@ xchk_xattr_set_map(
        return ret;
 }
 
-/*
- * Check the leaf freemap from the usage bitmap.  Returns false if the
- * attr freemap has problems or points to used space.
- */
-STATIC bool
-xchk_xattr_check_freemap(
-       struct xfs_scrub                *sc,
-       struct xfs_attr3_icleaf_hdr     *leafhdr)
-{
-       struct xchk_xattr_buf           *ab = sc->buf;
-       unsigned int                    mapsize = sc->mp->m_attr_geo->blksize;
-       int                             i;
-
-       /* Construct bitmap of freemap contents. */
-       bitmap_zero(ab->freemap, mapsize);
-       for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
-               if (!xchk_xattr_set_map(sc, ab->freemap,
-                               leafhdr->freemap[i].base,
-                               leafhdr->freemap[i].size))
-                       return false;
-       }
-
-       /* Look for bits that are set in freemap and are marked in use. */
-       return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize);
-}
-
 /*
  * Check this leaf entry's relations to everything else.
  * Returns the number of bytes used for the name/value data.
@@ -403,6 +377,7 @@ xchk_xattr_block(
 
        *last_checked = blk->blkno;
        bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize);
+       bitmap_zero(ab->freemap, mp->m_attr_geo->blksize);
 
        /* Check all the padding. */
        if (xfs_has_crc(ds->sc->mp)) {
@@ -449,6 +424,9 @@ xchk_xattr_block(
        if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
                xchk_da_set_corrupt(ds, level);
 
+       if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
+               goto out;
+
        buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
        for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
                /* Mark the leaf entry itself. */
@@ -467,7 +445,29 @@ xchk_xattr_block(
                        goto out;
        }
 
-       if (!xchk_xattr_check_freemap(ds->sc, &leafhdr))
+       /* Construct bitmap of freemap contents. */
+       for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
+               if (!xchk_xattr_set_map(ds->sc, ab->freemap,
+                               leafhdr.freemap[i].base,
+                               leafhdr.freemap[i].size))
+                       xchk_da_set_corrupt(ds, level);
+
+               /*
+                * freemap entries with zero length and nonzero base can cause
+                * problems with older kernels, so we mark these for preening
+                * even though there's no inconsistency.
+                */
+               if (leafhdr.freemap[i].size == 0 &&
+                   leafhdr.freemap[i].base > 0)
+                       xchk_da_set_preen(ds, level);
+
+               if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
+                       goto out;
+       }
+
+       /* Look for bits that are set in freemap and are marked in use. */
+       if (bitmap_intersects(ab->freemap, ab->usedmap,
+                       mp->m_attr_geo->blksize))
                xchk_da_set_corrupt(ds, level);
 
        if (leafhdr.usedbytes != usedbytes)