nilfs2: verify btree node after reading
authorRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Fri, 16 Jul 2010 14:52:40 +0000 (23:52 +0900)
committerRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Fri, 23 Jul 2010 01:02:13 +0000 (10:02 +0900)
This inserts sanity checks soon after read btree node from disk.  This
allows early detection of broken btree nodes, and helps to narrow down
problems due to file system corruption.

Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
fs/nilfs2/btree.c
fs/nilfs2/btree.h
fs/nilfs2/gcinode.c

index 386356707f90b10f827a3db3c7effae86c55f637..6c9ec566d000b4d120c00d4caa32c0252563aeb3 100644 (file)
@@ -71,17 +71,24 @@ static int nilfs_btree_get_block(const struct nilfs_btree *btree, __u64 ptr,
 {
        struct address_space *btnc =
                &NILFS_BMAP_I((struct nilfs_bmap *)btree)->i_btnode_cache;
+       struct buffer_head *bh;
        int err;
 
        err = nilfs_btnode_submit_block(btnc, ptr, 0, bhp);
        if (err)
                return err == -EEXIST ? 0 : err;
 
-       wait_on_buffer(*bhp);
-       if (!buffer_uptodate(*bhp)) {
-               brelse(*bhp);
+       bh = *bhp;
+       wait_on_buffer(bh);
+       if (!buffer_uptodate(bh)) {
+               brelse(bh);
                return -EIO;
        }
+       if (nilfs_btree_broken_node_block(bh)) {
+               clear_buffer_uptodate(bh);
+               brelse(bh);
+               return -EINVAL;
+       }
        return 0;
 }
 
@@ -382,6 +389,43 @@ static int nilfs_btree_node_lookup(const struct nilfs_btree_node *node,
        return s == 0;
 }
 
+/**
+ * nilfs_btree_node_broken - verify consistency of btree node
+ * @node: btree node block to be examined
+ * @size: node size (in bytes)
+ * @blocknr: block number
+ *
+ * Return Value: If node is broken, 1 is returned. Otherwise, 0 is returned.
+ */
+static int nilfs_btree_node_broken(const struct nilfs_btree_node *node,
+                                  size_t size, sector_t blocknr)
+{
+       int level, flags, nchildren;
+       int ret = 0;
+
+       level = nilfs_btree_node_get_level(node);
+       flags = nilfs_btree_node_get_flags(node);
+       nchildren = nilfs_btree_node_get_nchildren(node);
+
+       if (unlikely(level < NILFS_BTREE_LEVEL_NODE_MIN ||
+                    level >= NILFS_BTREE_LEVEL_MAX ||
+                    (flags & NILFS_BTREE_NODE_ROOT) ||
+                    nchildren < 0 ||
+                    nchildren > NILFS_BTREE_NODE_NCHILDREN_MAX(size))) {
+               printk(KERN_CRIT "NILFS: bad btree node (blocknr=%llu): "
+                      "level = %d, flags = 0x%x, nchildren = %d\n",
+                      (unsigned long long)blocknr, level, flags, nchildren);
+               ret = 1;
+       }
+       return ret;
+}
+
+int nilfs_btree_broken_node_block(struct buffer_head *bh)
+{
+       return nilfs_btree_node_broken((struct nilfs_btree_node *)bh->b_data,
+                                      bh->b_size, bh->b_blocknr);
+}
+
 static inline struct nilfs_btree_node *
 nilfs_btree_get_root(const struct nilfs_btree *btree)
 {
index 43c8c5b541fd84c09d0af119b8f555a247d04522..980e1e8ec53a12265c84c8209187d0e19e108126 100644 (file)
@@ -80,4 +80,6 @@ int nilfs_btree_convert_and_insert(struct nilfs_bmap *, __u64, __u64,
                                   const __u64 *, const __u64 *, int);
 void nilfs_btree_init_gc(struct nilfs_bmap *);
 
+int nilfs_btree_broken_node_block(struct buffer_head *bh);
+
 #endif /* _NILFS_BTREE_H */
index 145f03cd7d3e0299cda6786313804f1f1bf009ce..edb53fcb7f839a5eea6fa2f6446b5738dfff284d 100644 (file)
@@ -164,10 +164,15 @@ int nilfs_gccache_wait_and_mark_dirty(struct buffer_head *bh)
        if (buffer_dirty(bh))
                return -EEXIST;
 
-       if (buffer_nilfs_node(bh))
+       if (buffer_nilfs_node(bh)) {
+               if (nilfs_btree_broken_node_block(bh)) {
+                       clear_buffer_uptodate(bh);
+                       return -EIO;
+               }
                nilfs_btnode_mark_dirty(bh);
-       else
+       } else {
                nilfs_mdt_mark_buffer_dirty(bh);
+       }
        return 0;
 }