From: Darrick J. Wong <djwong@xxxxxxxxxx>
Teach online repair to check for unused fsverity metadata and purge it
on reconstruction.
Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
---
fs/xfs/scrub/attr.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
fs/xfs/scrub/attr.h | 4 ++
fs/xfs/scrub/common.c | 27 +++++++++++++
3 files changed, 133 insertions(+)
diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c
index ae4227cb55ec..c69dee281984 100644
--- a/fs/xfs/scrub/attr.c
+++ b/fs/xfs/scrub/attr.c
@@ -21,6 +21,8 @@
#include "scrub/dabtree.h"
#include "scrub/attr.h"
+#include <linux/fsverity.h>
+
/* Free the buffers linked from the xattr buffer. */
static void
xchk_xattr_buf_cleanup(
@@ -135,6 +137,91 @@ xchk_setup_xattr(
return xchk_setup_inode_contents(sc, 0);
}
+#ifdef CONFIG_FS_VERITY
+/* Extract merkle tree geometry from incore information. */
+static int
+xchk_xattr_extract_verity(
+ struct xfs_scrub *sc)
+{
+ struct xchk_xattr_buf *ab = sc->buf;
+
+ /* setup should have allocated the buffer */
+ if (!ab) {
+ ASSERT(0);
+ return -EFSCORRUPTED;
+ }
+
+ return fsverity_merkle_tree_geometry(VFS_I(sc->ip),
+ &ab->merkle_blocksize, &ab->merkle_tree_size);
+}
+
+/* Check the merkle tree xattrs. */
+STATIC void
+xchk_xattr_verity(
+ struct xfs_scrub *sc,
+ xfs_dablk_t blkno,
+ const unsigned char *name,
+ unsigned int namelen,
+ unsigned int valuelen)
+{
+ struct xchk_xattr_buf *ab = sc->buf;
+
+ /* Non-verity filesystems should never have verity xattrs. */
+ if (!xfs_has_verity(sc->mp)) {
+ xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, blkno);
+ return;
+ }
+
+ /*
+ * Any verity metadata on a non-verity file are leftovers from a
+ * previous attempt to enable verity.
+ */
+ if (!IS_VERITY(VFS_I(sc->ip))) {
+ xchk_ino_set_preen(sc, sc->ip->i_ino);
+ return;
+ }
+
+ switch (namelen) {
+ case sizeof(struct xfs_verity_merkle_key):
+ /* Oversized blocks are not allowed */
+ if (valuelen > ab->merkle_blocksize) {
+ xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, blkno);
+ return;
+ }
+ break;
+ case XFS_VERITY_DESCRIPTOR_NAME_LEN:
+ /* Has to match the descriptor xattr name */
+ if (memcmp(name, XFS_VERITY_DESCRIPTOR_NAME, namelen)) {
+ xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, blkno);
+ }
+ return;
+ default:
+ xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, blkno);
+ return;
+ }
+
+ /*
+ * Merkle tree blocks beyond the end of the tree are leftovers from
+ * a previous failed attempt to enable verity.
+ */
+ if (xfs_verity_merkle_key_from_disk(name) >= ab->merkle_tree_size)
+ xchk_ino_set_preen(sc, sc->ip->i_ino);
+}
+#else
+# define xchk_xattr_extract_verity(sc) (0)
+
+static void
+xchk_xattr_verity(
+ struct xfs_scrub *sc,
+ xfs_dablk_t blkno,
+ const unsigned char *name,
+ unsigned int namelen)
+{
+ /* Should never see verity xattrs when verity is not enabled. */
+ xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, blkno);
+}
+#endif /* CONFIG_FS_VERITY */
+
/* Extended Attributes */
struct xchk_xattr {
@@ -194,6 +281,15 @@ xchk_xattr_listent(
goto fail_xref;
}
+ /* Check verity xattr geometry */
+ if (flags & XFS_ATTR_VERITY) {
+ xchk_xattr_verity(sx->sc, args.blkno, name, namelen, valuelen);
+ if (sx->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT) {
+ context->seen_enough = 1;
+ return;
+ }
+ }
+
/* Does this name make sense? */
if (!xfs_attr_namecheck(sx->sc->mp, name, namelen, flags)) {
xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
@@ -611,6 +707,12 @@ xchk_xattr(
if (error)
return error;
+ if (IS_VERITY(VFS_I(sc->ip))) {
+ error = xchk_xattr_extract_verity(sc);
+ if (error)
+ return error;
+ }
+
/* Check the physical structure of the xattr. */
if (sc->ip->i_af.if_format == XFS_DINODE_FMT_LOCAL)
error = xchk_xattr_check_sf(sc);
diff --git a/fs/xfs/scrub/attr.h b/fs/xfs/scrub/attr.h
index 48fd9402c432..37849ffb0375 100644
--- a/fs/xfs/scrub/attr.h
+++ b/fs/xfs/scrub/attr.h
@@ -19,6 +19,10 @@ struct xchk_xattr_buf {
/* Memory buffer used to extract xattr values. */
void *value;
size_t value_sz;
+
+ /* Geometry of the merkle tree attached to this verity file. */
+ u64 merkle_tree_size;
+ unsigned int merkle_blocksize;
};
#endif /* __XFS_SCRUB_ATTR_H__ */
diff --git a/fs/xfs/scrub/common.c b/fs/xfs/scrub/common.c
index abff79a77c72..dd2ed1f833c5 100644
--- a/fs/xfs/scrub/common.c
+++ b/fs/xfs/scrub/common.c
@@ -37,6 +37,8 @@
#include "scrub/repair.h"
#include "scrub/health.h"
+#include <linux/fsverity.h>
+
/* Common code for the metadata scrubbers. */
/*
@@ -1073,6 +1075,25 @@ xchk_irele(
xfs_irele(ip);
}
+#ifdef CONFIG_FS_VERITY
+/*
+ * Make sure the fsverity information is attached, so we don't have to do that
+ * later after taking locks.
+ */
+static inline int
+xchk_setup_fsverity(
+ struct xfs_scrub *sc)
+{
+ unsigned int dontcare;
+ u64 alsodontcare;
+
+ return fsverity_merkle_tree_geometry(VFS_I(sc->ip),
+ &dontcare, &alsodontcare);
+}
+#else
+# define xchk_setup_fsverity(sc) (0)
+#endif
+
/*
* Set us up to scrub metadata mapped by a file's fork. Callers must not use
* this to operate on user-accessible regular file data because the MMAPLOCK is
@@ -1092,6 +1113,12 @@ xchk_setup_inode_contents(
/* Lock the inode so the VFS cannot touch this file. */
xchk_ilock(sc, XFS_IOLOCK_EXCL);
+ if (IS_VERITY(VFS_I(sc->ip))) {
+ error = xchk_setup_fsverity(sc);
+ if (error)
+ goto out;
+ }
+
error = xchk_trans_alloc(sc, resblks);
if (error)
goto out;
