xfs: fix the xattr scrub to detect freemap/entries array collisions

[ Upstream commit 6fed8270448c246e706921c177e9633013dd3fcf ]

In the previous patches, we observed that it's possible for there to be
freemap entries with zero size but a nonzero base.  This isn't an
inconsistency per se, but older kernels can get confused by this and
corrupt the block, leading to corruption.

If we see this, flag the xattr structure for optimization so that it
gets rebuilt.

Cc: <stable@vger.kernel.org> # v4.15
Fixes: 13791d3b833428 ("xfs: scrub extended attribute leaf space")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c
index 708334f9b2bd13747da3804cca3124863eaa57f7..ef299be01de5eac53f41eeb517390b6874f98fe0 100644 (file)
--- a/fs/xfs/scrub/attr.c
+++ b/fs/xfs/scrub/attr.c
@@ -287,32 +287,6 @@ xchk_xattr_set_map(
        return ret;
 }
 
-/*
- * Check the leaf freemap from the usage bitmap.  Returns false if the
- * attr freemap has problems or points to used space.
- */
-STATIC bool
-xchk_xattr_check_freemap(
-       struct xfs_scrub                *sc,
-       struct xfs_attr3_icleaf_hdr     *leafhdr)
-{
-       struct xchk_xattr_buf           *ab = sc->buf;
-       unsigned int                    mapsize = sc->mp->m_attr_geo->blksize;
-       int                             i;
-
-       /* Construct bitmap of freemap contents. */
-       bitmap_zero(ab->freemap, mapsize);
-       for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
-               if (!xchk_xattr_set_map(sc, ab->freemap,
-                               leafhdr->freemap[i].base,
-                               leafhdr->freemap[i].size))
-                       return false;
-       }
-
-       /* Look for bits that are set in freemap and are marked in use. */
-       return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize);
-}
-
 /*
  * Check this leaf entry's relations to everything else.
  * Returns the number of bytes used for the name/value data.
@@ -403,6 +377,7 @@ xchk_xattr_block(
 
        *last_checked = blk->blkno;
        bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize);
+       bitmap_zero(ab->freemap, mp->m_attr_geo->blksize);
 
        /* Check all the padding. */
        if (xfs_has_crc(ds->sc->mp)) {
@@ -449,6 +424,9 @@ xchk_xattr_block(
        if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
                xchk_da_set_corrupt(ds, level);
 
+       if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
+               goto out;
+
        buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
        for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
                /* Mark the leaf entry itself. */
@@ -467,7 +445,29 @@ xchk_xattr_block(
                        goto out;
        }
 
-       if (!xchk_xattr_check_freemap(ds->sc, &leafhdr))
+       /* Construct bitmap of freemap contents. */
+       for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
+               if (!xchk_xattr_set_map(ds->sc, ab->freemap,
+                               leafhdr.freemap[i].base,
+                               leafhdr.freemap[i].size))
+                       xchk_da_set_corrupt(ds, level);
+
+               /*
+                * freemap entries with zero length and nonzero base can cause
+                * problems with older kernels, so we mark these for preening
+                * even though there's no inconsistency.
+                */
+               if (leafhdr.freemap[i].size == 0 &&
+                   leafhdr.freemap[i].base > 0)
+                       xchk_da_set_preen(ds, level);
+
+               if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
+                       goto out;
+       }
+
+       /* Look for bits that are set in freemap and are marked in use. */
+       if (bitmap_intersects(ab->freemap, ab->usedmap,
+                       mp->m_attr_geo->blksize))
                xchk_da_set_corrupt(ds, level);
 
        if (leafhdr.usedbytes != usedbytes)