3:48 a.m.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git
refactor-log-recovery
head: 2dcdc305cfc2b8b1beee483cf8ae5c674d9fac86
commit: 7a8499c691e3181c224841998ad2fb6b4377dcd0 [301/314] xfs: refactor log recovery
inode item dispatch for pass2 commit functions
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp(a)intel.com>
smatch warnings:
fs/xfs/xfs_inode_item.c:1076 xlog_recover_inode_pass2() error: potential null dereference
'in_f'. (kmem_alloc returns null)
vim +/in_f +1076 fs/xfs/xfs_inode_item.c
1040
1041 STATIC int
1042 xlog_recover_inode_pass2(
1043 struct xlog *log,
1044 struct list_head *buffer_list,
1045 struct xlog_recover_item *item,
1046 xfs_lsn_t current_lsn)
1047 {
1048 struct xfs_inode_log_format *in_f;
1049 xfs_mount_t *mp = log->l_mp;
1050 xfs_buf_t *bp;
1051 xfs_dinode_t *dip;
1052 int len;
1053 char *src;
1054 char *dest;
1055 int error;
1056 int attr_index;
1057 uint fields;
1058 struct xfs_log_dinode *ldip;
1059 uint isize;
1060 int need_free = 0;
1061
1062 if (item->ri_buf[0].i_len == sizeof(struct xfs_inode_log_format)) {
1063 in_f = item->ri_buf[0].i_addr;
1064 } else {
1065 in_f = kmem_alloc(sizeof(struct xfs_inode_log_format), 0);
1066 need_free = 1;
1067 error = xfs_inode_item_format_convert(&item->ri_buf[0], in_f);
1068 if (error)
1069 goto error;
1070 }
1071
1072 /*
1073 * Inode buffers can be freed, look out for it,
1074 * and do not replay the inode.
1075 */
1076 if (xlog_check_buffer_cancelled(log, in_f->ilf_blkno,
1077 in_f->ilf_len, 0)) {
1078 error = 0;
1079 trace_xfs_log_recover_inode_cancel(log, in_f);
1080 goto error;
1081 }
1082 trace_xfs_log_recover_inode_recover(log, in_f);
1083
1084 error = xfs_buf_read(mp->m_ddev_targp, in_f->ilf_blkno, in_f->ilf_len,
1085 0, &bp, &xfs_inode_buf_ops);
1086 if (error)
1087 goto error;
1088 ASSERT(in_f->ilf_fields & XFS_ILOG_CORE);
1089 dip = xfs_buf_offset(bp, in_f->ilf_boffset);
1090
1091 /*
1092 * Make sure the place we're flushing out to really looks
1093 * like an inode!
1094 */
1095 if (XFS_IS_CORRUPT(mp, !xfs_verify_magic16(bp, dip->di_magic))) {
1096 xfs_alert(mp,
1097 "%s: Bad inode magic number, dip = "PTR_FMT", dino bp =
"PTR_FMT", ino = %Ld",
1098 __func__, dip, bp, in_f->ilf_ino);
1099 error = -EFSCORRUPTED;
1100 goto out_release;
1101 }
1102 ldip = item->ri_buf[1].i_addr;
1103 if (XFS_IS_CORRUPT(mp, ldip->di_magic != XFS_DINODE_MAGIC)) {
1104 xfs_alert(mp,
1105 "%s: Bad inode log record, rec ptr "PTR_FMT", ino %Ld",
1106 __func__, item, in_f->ilf_ino);
1107 error = -EFSCORRUPTED;
1108 goto out_release;
1109 }
1110
1111 /*
1112 * If the inode has an LSN in it, recover the inode only if it's less
1113 * than the lsn of the transaction we are replaying. Note: we still
1114 * need to replay an owner change even though the inode is more recent
1115 * than the transaction as there is no guarantee that all the btree
1116 * blocks are more recent than this transaction, too.
1117 */
1118 if (dip->di_version >= 3) {
1119 xfs_lsn_t lsn = be64_to_cpu(dip->di_lsn);
1120
1121 if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) {
1122 trace_xfs_log_recover_inode_skip(log, in_f);
1123 error = 0;
1124 goto out_owner_change;
1125 }
1126 }
1127
1128 /*
1129 * di_flushiter is only valid for v1/2 inodes. All changes for v3 inodes
1130 * are transactional and if ordering is necessary we can determine that
1131 * more accurately by the LSN field in the V3 inode core. Don't trust
1132 * the inode versions we might be changing them here - use the
1133 * superblock flag to determine whether we need to look at di_flushiter
1134 * to skip replay when the on disk inode is newer than the log one
1135 */
1136 if (!xfs_sb_version_has_v3inode(&mp->m_sb) &&
1137 ldip->di_flushiter < be16_to_cpu(dip->di_flushiter)) {
1138 /*
1139 * Deal with the wrap case, DI_MAX_FLUSH is less
1140 * than smaller numbers
1141 */
1142 if (be16_to_cpu(dip->di_flushiter) == DI_MAX_FLUSH &&
1143 ldip->di_flushiter < (DI_MAX_FLUSH >> 1)) {
1144 /* do nothing */
1145 } else {
1146 trace_xfs_log_recover_inode_skip(log, in_f);
1147 error = 0;
1148 goto out_release;
1149 }
1150 }
1151
1152 /* Take the opportunity to reset the flush iteration count */
1153 ldip->di_flushiter = 0;
1154
1155 if (unlikely(S_ISREG(ldip->di_mode))) {
1156 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
1157 (ldip->di_format != XFS_DINODE_FMT_RMAP) &&
1158 (ldip->di_format != XFS_DINODE_FMT_BTREE)) {
1159 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(3)",
1160 XFS_ERRLEVEL_LOW, mp, ldip,
1161 sizeof(*ldip));
1162 xfs_alert(mp,
1163 "%s: Bad regular inode log record, rec ptr "PTR_FMT", "
1164 "ino ptr = "PTR_FMT", ino bp = "PTR_FMT", ino
%Ld",
1165 __func__, item, dip, bp, in_f->ilf_ino);
1166 error = -EFSCORRUPTED;
1167 goto out_release;
1168 }
1169 } else if (unlikely(S_ISDIR(ldip->di_mode))) {
1170 if ((ldip->di_format != XFS_DINODE_FMT_EXTENTS) &&
1171 (ldip->di_format != XFS_DINODE_FMT_BTREE) &&
1172 (ldip->di_format != XFS_DINODE_FMT_LOCAL)) {
1173 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(4)",
1174 XFS_ERRLEVEL_LOW, mp, ldip,
1175 sizeof(*ldip));
1176 xfs_alert(mp,
1177 "%s: Bad dir inode log record, rec ptr "PTR_FMT", "
1178 "ino ptr = "PTR_FMT", ino bp = "PTR_FMT", ino
%Ld",
1179 __func__, item, dip, bp, in_f->ilf_ino);
1180 error = -EFSCORRUPTED;
1181 goto out_release;
1182 }
1183 }
1184 if (unlikely(ldip->di_nextents + ldip->di_anextents >
ldip->di_nblocks)){
1185 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(5)",
1186 XFS_ERRLEVEL_LOW, mp, ldip,
1187 sizeof(*ldip));
1188 xfs_alert(mp,
1189 "%s: Bad inode log record, rec ptr "PTR_FMT", dino ptr
"PTR_FMT", "
1190 "dino bp "PTR_FMT", ino %Ld, total extents = %d, nblocks =
%Ld",
1191 __func__, item, dip, bp, in_f->ilf_ino,
1192 ldip->di_nextents + ldip->di_anextents,
1193 ldip->di_nblocks);
1194 error = -EFSCORRUPTED;
1195 goto out_release;
1196 }
1197 if (unlikely(ldip->di_forkoff > mp->m_sb.sb_inodesize)) {
1198 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(6)",
1199 XFS_ERRLEVEL_LOW, mp, ldip,
1200 sizeof(*ldip));
1201 xfs_alert(mp,
1202 "%s: Bad inode log record, rec ptr "PTR_FMT", dino ptr
"PTR_FMT", "
1203 "dino bp "PTR_FMT", ino %Ld, forkoff 0x%x", __func__,
1204 item, dip, bp, in_f->ilf_ino, ldip->di_forkoff);
1205 error = -EFSCORRUPTED;
1206 goto out_release;
1207 }
1208 isize = xfs_log_dinode_size(mp);
1209 if (unlikely(item->ri_buf[1].i_len > isize)) {
1210 XFS_CORRUPTION_ERROR("xlog_recover_inode_pass2(7)",
1211 XFS_ERRLEVEL_LOW, mp, ldip,
1212 sizeof(*ldip));
1213 xfs_alert(mp,
1214 "%s: Bad inode log record length %d, rec ptr "PTR_FMT,
1215 __func__, item->ri_buf[1].i_len, item);
1216 error = -EFSCORRUPTED;
1217 goto out_release;
1218 }
1219
1220 /* recover the log dinode inode into the on disk inode */
1221 xfs_log_dinode_to_disk(ldip, dip);
1222
1223 fields = in_f->ilf_fields;
1224 if (fields & XFS_ILOG_DEV)
1225 xfs_dinode_put_rdev(dip, in_f->ilf_u.ilfu_rdev);
1226
1227 if (in_f->ilf_size == 2)
1228 goto out_owner_change;
1229 len = item->ri_buf[2].i_len;
1230 src = item->ri_buf[2].i_addr;
1231 ASSERT(in_f->ilf_size <= 4);
1232 ASSERT((in_f->ilf_size == 3) || (fields & XFS_ILOG_AFORK));
1233 ASSERT(!(fields & XFS_ILOG_DFORK) ||
1234 (len == in_f->ilf_dsize));
1235
1236 switch (fields & XFS_ILOG_DFORK) {
1237 case XFS_ILOG_DDATA:
1238 case XFS_ILOG_DEXT:
1239 memcpy(XFS_DFORK_DPTR(dip), src, len);
1240 break;
1241
1242 case XFS_ILOG_DBROOT:
1243 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src, len,
1244 (xfs_bmdr_block_t *)XFS_DFORK_DPTR(dip),
1245 XFS_DFORK_DSIZE(dip, mp));
1246 break;
1247
1248 default:
1249 /*
1250 * There are no data fork flags set.
1251 */
1252 ASSERT((fields & XFS_ILOG_DFORK) == 0);
1253 break;
1254 }
1255
1256 /*
1257 * If we logged any attribute data, recover it. There may or
1258 * may not have been any other non-core data logged in this
1259 * transaction.
1260 */
1261 if (in_f->ilf_fields & XFS_ILOG_AFORK) {
1262 if (in_f->ilf_fields & XFS_ILOG_DFORK) {
1263 attr_index = 3;
1264 } else {
1265 attr_index = 2;
1266 }
1267 len = item->ri_buf[attr_index].i_len;
1268 src = item->ri_buf[attr_index].i_addr;
1269 ASSERT(len == in_f->ilf_asize);
1270
1271 switch (in_f->ilf_fields & XFS_ILOG_AFORK) {
1272 case XFS_ILOG_ADATA:
1273 case XFS_ILOG_AEXT:
1274 dest = XFS_DFORK_APTR(dip);
1275 ASSERT(len <= XFS_DFORK_ASIZE(dip, mp));
1276 memcpy(dest, src, len);
1277 break;
1278
1279 case XFS_ILOG_ABROOT:
1280 dest = XFS_DFORK_APTR(dip);
1281 xfs_bmbt_to_bmdr(mp, (struct xfs_btree_block *)src,
1282 len, (xfs_bmdr_block_t*)dest,
1283 XFS_DFORK_ASIZE(dip, mp));
1284 break;
1285
1286 default:
1287 xfs_warn(log->l_mp, "%s: Invalid flag", __func__);
1288 ASSERT(0);
1289 error = -EFSCORRUPTED;
1290 goto out_release;
1291 }
1292 }
1293
1294 out_owner_change:
1295 /* Recover the swapext owner change unless inode has been deleted */
1296 if ((in_f->ilf_fields & (XFS_ILOG_DOWNER|XFS_ILOG_AOWNER)) &&
1297 (dip->di_mode != 0))
1298 error = xfs_recover_inode_owner_change(mp, dip, in_f,
1299 buffer_list);
1300 /* re-generate the checksum. */
1301 xfs_dinode_calc_crc(log->l_mp, dip);
1302
1303 ASSERT(bp->b_mount == mp);
1304 bp->b_iodone = xlog_recover_iodone;
1305 xfs_buf_delwri_queue(bp, buffer_list);
1306
1307 out_release:
1308 xfs_buf_relse(bp);
1309 error:
1310 if (need_free)
1311 kmem_free(in_f);
1312 return error;
1313 }
1314
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org