[45/50] e2fsck: Check revoke block checksum during recovery

Message ID	20111129003306.17953.35005.stgit@elm3c44.beaverton.ibm.com
State	Superseded, archived
Headers	show Return-Path: <linux-ext4-owner@vger.kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <linux-ext4@vger.kernel.org> from <djwong@us.ibm.com>; Mon, 28 Nov 2011 17:33:42 -0700 Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 28 Nov 2011 17:33:10 -0700 Subject: [PATCH 45/50] e2fsck: Check revoke block checksum during recovery To: Andreas Dilger <adilger.kernel@dilger.ca>, Theodore Tso <tytso@mit.edu>, "Darrick J. Wong" <djwong@us.ibm.com> From: "Darrick J. Wong" <djwong@us.ibm.com> Cc: Sunil Mushran <sunil.mushran@oracle.com>, Amir Goldstein <amir73il@gmail.com>, Andi Kleen <andi@firstfloor.org>, Mingming Cao <cmm@us.ibm.com>, Joel Becker <jlbec@evilplan.org>, linux-ext4@vger.kernel.org, Coly Li <colyli@gmail.com> Date: Mon, 28 Nov 2011 16:33:06 -0800 Message-ID: <20111129003306.17953.35005.stgit@elm3c44.beaverton.ibm.com> In-Reply-To: <20111129002755.17953.19556.stgit@elm3c44.beaverton.ibm.com> References: <20111129002755.17953.19556.stgit@elm3c44.beaverton.ibm.com> User-Agent: StGit/0.15 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk

Message ID

20111129003306.17953.35005.stgit@elm3c44.beaverton.ibm.com

State

Superseded, archived

Headers

Subject: [PATCH 45/50] e2fsck: Check revoke block checksum during recovery
To: Andreas Dilger <adilger.kernel@dilger.ca>, Theodore Tso <tytso@mit.edu>,
	"Darrick J. Wong" <djwong@us.ibm.com>
From: "Darrick J. Wong" <djwong@us.ibm.com>
Cc: Sunil Mushran <sunil.mushran@oracle.com>,
	Amir Goldstein <amir73il@gmail.com>, Andi Kleen <andi@firstfloor.org>,
	Mingming Cao <cmm@us.ibm.com>,
	Joel Becker <jlbec@evilplan.org>, linux-ext4@vger.kernel.org,
	Coly Li <colyli@gmail.com>
Date: Mon, 28 Nov 2011 16:33:06 -0800
Message-ID: <20111129003306.17953.35005.stgit@elm3c44.beaverton.ibm.com>
In-Reply-To: <20111129002755.17953.19556.stgit@elm3c44.beaverton.ibm.com>
References: <20111129002755.17953.19556.stgit@elm3c44.beaverton.ibm.com>
User-Agent: StGit/0.15
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: linux-ext4-owner@vger.kernel.org
Precedence: bulk

Commit Message

Darrick J. Wong Nov. 29, 2011, 12:33 a.m. UTC

Verify the revoke block checksum when recovering the journal.

Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
---
 e2fsck/recovery.c       |   37 +++++++++++++++++++++++++++++++++++--
 lib/ext2fs/kernel-jbd.h |    4 ++++
 2 files changed, 39 insertions(+), 2 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/e2fsck/recovery.c b/e2fsck/recovery.c
index b669941..8979193 100644
--- a/e2fsck/recovery.c
+++ b/e2fsck/recovery.c
@@ -674,8 +674,17 @@  static int do_one_pass(journal_t *journal,
 			err = scan_revoke_records(journal, bh,
 						  next_commit_ID, info);
 			brelse(bh);
-			if (err)
-				goto failed;
+			if (err) {
+				if (err != -EINVAL)
+					goto failed;
+				/*
+				 * Ignoring corrupt revoke blocks is safe
+				 * because at worst it results in unnecessary
+				 * writes during recovery.
+				 */
+				jbd_debug(3, "Skipping corrupt revoke "
+					  "block.\n");
+			}
 			continue;
 
 		default:
@@ -715,6 +724,27 @@  static int do_one_pass(journal_t *journal,
 	return err;
 }
 
+static int jbd2_revoke_block_csum_verify(journal_t *j,
+					 void *buf)
+{
+	struct journal_revoke_tail *tail;
+	__u32 provided, calculated;
+
+	if (!JFS_HAS_INCOMPAT_FEATURE(j, JFS_FEATURE_INCOMPAT_CSUM_V2))
+		return 1;
+
+	tail = (struct journal_revoke_tail *)(buf + j->j_blocksize -
+			sizeof(struct journal_revoke_tail));
+	provided = tail->r_checksum;
+	tail->r_checksum = 0;
+	calculated = ext2fs_crc32c_le(~0, j->j_superblock->s_uuid,
+				      sizeof(j->j_superblock->s_uuid));
+	calculated = ext2fs_crc32c_le(calculated, buf, j->j_blocksize);
+	tail->r_checksum = provided;
+
+	provided = ext2fs_be32_to_cpu(provided);
+	return provided == calculated;
+}
 
 /* Scan a revoke record, marking all blocks mentioned as revoked. */
 
@@ -729,6 +759,9 @@  static int scan_revoke_records(journal_t *journal, struct buffer_head *bh,
 	offset = sizeof(journal_revoke_header_t);
 	max = be32_to_cpu(header->r_count);
 
+	if (!jbd2_revoke_block_csum_verify(journal, header))
+		return -EINVAL;
+
 	if (JFS_HAS_INCOMPAT_FEATURE(journal, JFS_FEATURE_INCOMPAT_64BIT))
 		record_len = 8;
 
diff --git a/lib/ext2fs/kernel-jbd.h b/lib/ext2fs/kernel-jbd.h
index 08479d3..187cb38 100644
--- a/lib/ext2fs/kernel-jbd.h
+++ b/lib/ext2fs/kernel-jbd.h
@@ -157,6 +157,10 @@  typedef struct journal_revoke_header_s
 	int		 r_count;	/* Count of bytes used in the block */
 } journal_revoke_header_t;
 
+/* Tail of revoke block, for checksumming */
+struct journal_revoke_tail {
+	__u32		r_checksum;
+};
 
 /* Definitions for the journal tag flags word: */
 #define JFS_FLAG_ESCAPE		1	/* on-disk block is escaped */

[45/50] e2fsck: Check revoke block checksum during recovery

Commit Message

Patch