Re: [PATCH v2] btrfs-progs: dump-super: Refactor print function and add extra check

[Goffredo Baroncelli]

Hi Qu,

On 04/09/2018 11:19 AM, Qu Wenruo wrote:
> When manually patching super blocks, current validation check is pretty
> weak (limited to magic number and csum) and doesn't provide extra check
> for some obvious corruption (like invalid sectorsize).
[...]
> 
> Signed-off-by: Qu Wenruo <w...@suse.com>
> ---
> changelog:
> v2:
>   Generate tab based indent string in helper macro instead of passing spacer
>   string from outside, suggested by Nikolay.
>   (In fact, if using %*s it would be much easier, however it needs extra
>    rework for existing code as they still use tab as indent)
> ---
>  cmds-inspect-dump-super.c | 206 +++++++++++++++++++++++++-------------
>  1 file changed, 137 insertions(+), 69 deletions(-)
> 
> diff --git a/cmds-inspect-dump-super.c b/cmds-inspect-dump-super.c
> index 24588c87cce6..68d6f59ad727 100644
> --- a/cmds-inspect-dump-super.c
> +++ b/cmds-inspect-dump-super.c
> @@ -312,11 +312,80 @@ static void print_readable_super_flag(u64 flag)
>                                    super_flags_num, BTRFS_SUPER_FLAG_SUPP);
>  }
>  
> +#define INDENT_BUFFER_LEN    80
> +#define TAB_LEN                      8
> +#define SUPER_INDENT         24
> +
> +/* helper to generate tab based indent string */
> +static void generate_tab_indent(char *buf, unsigned int indent)
> +{
> +     buf[0] = '\0';
> +     for (indent = round_up(indent, TAB_LEN); indent > 0; indent -= TAB_LEN)
> +             strncat(buf, "\t", INDENT_BUFFER_LEN);
> +}
> +
> +/* Helper to print member in %llu */
> +#define print_super(sb, member)                                              
> \
> +({                                                                   \
> +     int indent = SUPER_INDENT - strlen(#member);                    \
> +     char indent_str[INDENT_BUFFER_LEN];                             \
> +                                                                     \
> +     generate_tab_indent(indent_str, indent);                        \
> +     printf("%s%s%llu\n", #member, indent_str,                       \
> +            (u64) btrfs_super_##member(sb));                         \

Why not something like:

            static const char tabs[] = "\t\t\t\t";        \
            int i = (sizeof(#member)+6)/8;                \
            if (i > sizeof(tabs)-1)                       \
                i = sizeof(tabs-1);                       \
            u64 value = (u64)btrfs_super_##member(sb);    \
            printf("%s%s" format,                         \
                #member, tabs+i, value);  


so to get rid  of generate_tab_indent and indent_str

> +})
> +
> +/* Helper to print member in %llx */
> +#define print_super_hex(sb, member)                                  \
> +({                                                                   \
> +     int indent = SUPER_INDENT - strlen(#member);                    \
> +     char indent_str[INDENT_BUFFER_LEN];                             \
> +                                                                     \
> +     generate_tab_indent(indent_str, indent);                        \
> +     printf("%s%s0x%llx\n", #member, indent_str,                     \
> +            (u64) btrfs_super_##member(sb));                         \
> +})
> +
> +/*
> + * Helper macro to wrap member checker
> + *
> + * Only support %llu output for member.
> + */
> +#define print_check_super(sb, member, bad_condition)                 \
> +({                                                                   \
> +     int indent = SUPER_INDENT - strlen(#member);                    \
> +     char indent_str[INDENT_BUFFER_LEN];                             \
> +     u64 value;                                                      \
> +                                                                     \
> +     generate_tab_indent(indent_str, indent);                        \
> +     value = btrfs_super_##member(sb);                               \
> +     printf("%s%s%llu", #member, indent_str, (u64) value);           \
> +     if (bad_condition)                                              \
> +             printf(" [INVALID]");                                   \

What about printing also the condition: something like

+       if (bad_condition)                                              \
+               printf(" [INVALID '%s']", #bad_condition);              \

it would be even better a "good_condition":

so instead of:
+       print_check_super(sb, bytenr, (!IS_ALIGNED(value, SZ_4K)));
do
+       print_check_super(sb, bytenr, (IS_ALIGNED(value, SZ_4K)));

and

+       if (!good_condition)                                            \
+               printf(" [ERROR: required '%s']", #good_condition);     \


All above functions could be written as:

  #define __print_and_check(sb, member, format, expected)   \
        do{                                               \
            static const char tabs[] = "\t\t\t\t";        \
            int i = (sizeof(#member)+6)/8;                \
            if (i > sizeof(tabs)-1)                       \
                i = sizeof(tabs-1);                       \
            u64 value = (u64)btrfs_super_##member(sb);    \
            printf("%s%s" format,                         \
                #member, tabs+i, value);                  \
            if (!(expected))                              \
                printf(" [ERROR: expected '%s']", #expected);    \
            printf("\n");                           \
         } while(0)
         
  #define print_super(sb, member) \
    __print_and_check(sb, member, "%llu", 1);

  #define print_super_hex(sb, member) \
    __print_and_check(sb, member, "0x%llx", 1);

  #define print_check_super(sb, member, condition) \
    __print_and_check(sb, member, "0x%llx", condition);


And the value should be printed as (I removed the !):

  print_check_super(sb, root, (IS_ALIGNED(value, SZ_4K)));

In case of error:

test                        12 [ERROR: expected 'IS_ALIGNED(value, SZ_4K)']




> +     printf("\n");                                                   \
> +})
> +
> +#define DEV_INDENT   (SUPER_INDENT - strlen("dev_item."))
> +BUILD_ASSERT(DEV_INDENT > 0);
> +
> +/* Helper to print sb->dev_item members */
> +#define print_super_dev(sb, member)                                  \
> +({                                                                   \
> +     int indent = DEV_INDENT - strlen(#member);                      \
> +     char indent_str[INDENT_BUFFER_LEN];                             \
> +                                                                     \
> +     generate_tab_indent(indent_str, indent);                        \
> +     printf("dev_item.%s%s%llu\n", #member, indent_str,              \
> +            (u64) btrfs_stack_device_##member(&sb->dev_item));       \
> +})
> +
>  static void dump_superblock(struct btrfs_super_block *sb, int full)
>  {
>       int i;
>       char *s, buf[BTRFS_UUID_UNPARSED_SIZE];
> +     int max_level = BTRFS_MAX_LEVEL; /* to save several chars */
>       u8 *p;
> +     u64 super_gen;
>       u32 csum_size;
>       u16 csum_type;
>  
> @@ -348,10 +417,16 @@ static void dump_superblock(struct btrfs_super_block 
> *sb, int full)
>               printf(" [DON'T MATCH]");
>       putchar('\n');
>  
> -     printf("bytenr\t\t\t%llu\n",
> -             (unsigned long long)btrfs_super_bytenr(sb));
> -     printf("flags\t\t\t0x%llx\n",
> -             (unsigned long long)btrfs_super_flags(sb));
> +     /*
> +      * Use btrfs minimal sector size as basic check for bytenr, since we
> +      * can't trust sector size from super block.
> +      * This 4K check should works fine for most architecture, and will be
> +      * just a little loose for 64K page system.
> +      *
> +      * And such 4K check will be used for other members too.
> +      */
> +     print_check_super(sb, bytenr, (!IS_ALIGNED(value, SZ_4K)));
> +     print_super_hex(sb, flags);
>       print_readable_super_flag(btrfs_super_flags(sb));
>  
>       printf("magic\t\t\t");
> @@ -372,53 +447,56 @@ static void dump_superblock(struct btrfs_super_block 
> *sb, int full)
>               putchar(isprint(s[i]) ? s[i] : '.');
>       putchar('\n');
>  
> -     printf("generation\t\t%llu\n",
> -            (unsigned long long)btrfs_super_generation(sb));
> -     printf("root\t\t\t%llu\n", (unsigned long long)btrfs_super_root(sb));
> -     printf("sys_array_size\t\t%llu\n",
> -            (unsigned long long)btrfs_super_sys_array_size(sb));
> -     printf("chunk_root_generation\t%llu\n",
> -            (unsigned long long)btrfs_super_chunk_root_generation(sb));
> -     printf("root_level\t\t%llu\n",
> -            (unsigned long long)btrfs_super_root_level(sb));
> -     printf("chunk_root\t\t%llu\n",
> -            (unsigned long long)btrfs_super_chunk_root(sb));
> -     printf("chunk_root_level\t%llu\n",
> -            (unsigned long long)btrfs_super_chunk_root_level(sb));
> -     printf("log_root\t\t%llu\n",
> -            (unsigned long long)btrfs_super_log_root(sb));
> -     printf("log_root_transid\t%llu\n",
> -            (unsigned long long)btrfs_super_log_root_transid(sb));
> -     printf("log_root_level\t\t%llu\n",
> -            (unsigned long long)btrfs_super_log_root_level(sb));
> -     printf("total_bytes\t\t%llu\n",
> -            (unsigned long long)btrfs_super_total_bytes(sb));
> -     printf("bytes_used\t\t%llu\n",
> -            (unsigned long long)btrfs_super_bytes_used(sb));
> -     printf("sectorsize\t\t%llu\n",
> -            (unsigned long long)btrfs_super_sectorsize(sb));
> -     printf("nodesize\t\t%llu\n",
> -            (unsigned long long)btrfs_super_nodesize(sb));
> +     print_check_super(sb, sys_array_size,
> +                       (value > BTRFS_SYSTEM_CHUNK_ARRAY_SIZE));
> +
> +     super_gen = btrfs_super_generation(sb);
> +     print_check_super(sb, root, (!IS_ALIGNED(value, SZ_4K)));
> +     print_check_super(sb, root_level, (value >= max_level));
> +     print_super(sb, generation);
> +
> +     print_check_super(sb, chunk_root, (!IS_ALIGNED(value, SZ_4K)));
> +     print_check_super(sb, chunk_root_level, (value >= max_level));
> +     /*
> +      * Here we trust super generation, and use it as checker for other
> +      * tree roots. Applies to all other trees.
> +      */
> +     print_check_super(sb, chunk_root_generation, (value > super_gen));
> +
> +     print_check_super(sb, log_root, (!IS_ALIGNED(value, SZ_4K)));
> +     print_check_super(sb, log_root_level, (value >= max_level));
> +     print_check_super(sb, log_root_transid, (value > super_gen + 1));
> +
> +     /*
> +      * For total bytes, it's possible that old kernel is using unaligned
> +      * size, not critical so don't do 4K check here.
> +      */
> +     print_super(sb, total_bytes);
> +
> +     /* Used bytes must be aligned to 4K */
> +     print_check_super(sb, bytes_used, (!IS_ALIGNED(value, SZ_4K)));
> +     print_check_super(sb, sectorsize,
> +                       (!(is_power_of_2(value) && value >= SZ_4K &&
> +                          value <= SZ_64K)));
> +     print_check_super(sb, nodesize,
> +                       (!(is_power_of_2(value) && value >= SZ_4K &&
> +                          value <= SZ_64K &&
> +                          value > btrfs_super_sectorsize(sb))));
>       printf("leafsize (deprecated)\t%u\n",
>              le32_to_cpu(sb->__unused_leafsize));
> -     printf("stripesize\t\t%llu\n",
> -            (unsigned long long)btrfs_super_stripesize(sb));
> -     printf("root_dir\t\t%llu\n",
> -            (unsigned long long)btrfs_super_root_dir(sb));
> -     printf("num_devices\t\t%llu\n",
> -            (unsigned long long)btrfs_super_num_devices(sb));
> -     printf("compat_flags\t\t0x%llx\n",
> -            (unsigned long long)btrfs_super_compat_flags(sb));
> -     printf("compat_ro_flags\t\t0x%llx\n",
> -            (unsigned long long)btrfs_super_compat_ro_flags(sb));
> +
> +     /* Not really used, just check it the same way as kernel */
> +     print_check_super(sb, stripesize, (!is_power_of_2(value)));
> +     print_super(sb, root_dir);
> +     print_super(sb, num_devices);
> +     print_super_hex(sb, compat_flags);
> +     print_super_hex(sb, compat_ro_flags);
>       print_readable_compat_ro_flag(btrfs_super_compat_ro_flags(sb));
> -     printf("incompat_flags\t\t0x%llx\n",
> -            (unsigned long long)btrfs_super_incompat_flags(sb));
> +     print_super_hex(sb, incompat_flags);
>       print_readable_incompat_flag(btrfs_super_incompat_flags(sb));
> -     printf("cache_generation\t%llu\n",
> -            (unsigned long long)btrfs_super_cache_generation(sb));
> -     printf("uuid_tree_generation\t%llu\n",
> -            (unsigned long long)btrfs_super_uuid_tree_generation(sb));
> +     print_check_super(sb, cache_generation,
> +                       (value > super_gen && value != (u64)-1));
> +     print_check_super(sb, uuid_tree_generation, (value > super_gen));
>  
>       uuid_unparse(sb->dev_item.uuid, buf);
>       printf("dev_item.uuid\t\t%s\n", buf);
> @@ -428,28 +506,18 @@ static void dump_superblock(struct btrfs_super_block 
> *sb, int full)
>               !memcmp(sb->dev_item.fsid, sb->fsid, BTRFS_FSID_SIZE) ?
>                       "[match]" : "[DON'T MATCH]");
>  
> -     printf("dev_item.type\t\t%llu\n", (unsigned long long)
> -            btrfs_stack_device_type(&sb->dev_item));
> -     printf("dev_item.total_bytes\t%llu\n", (unsigned long long)
> -            btrfs_stack_device_total_bytes(&sb->dev_item));
> -     printf("dev_item.bytes_used\t%llu\n", (unsigned long long)
> -            btrfs_stack_device_bytes_used(&sb->dev_item));
> -     printf("dev_item.io_align\t%u\n", (unsigned int)
> -            btrfs_stack_device_io_align(&sb->dev_item));
> -     printf("dev_item.io_width\t%u\n", (unsigned int)
> -            btrfs_stack_device_io_width(&sb->dev_item));
> -     printf("dev_item.sector_size\t%u\n", (unsigned int)
> -            btrfs_stack_device_sector_size(&sb->dev_item));
> -     printf("dev_item.devid\t\t%llu\n",
> -            btrfs_stack_device_id(&sb->dev_item));
> -     printf("dev_item.dev_group\t%u\n", (unsigned int)
> -            btrfs_stack_device_group(&sb->dev_item));
> -     printf("dev_item.seek_speed\t%u\n", (unsigned int)
> -            btrfs_stack_device_seek_speed(&sb->dev_item));
> -     printf("dev_item.bandwidth\t%u\n", (unsigned int)
> -            btrfs_stack_device_bandwidth(&sb->dev_item));
> -     printf("dev_item.generation\t%llu\n", (unsigned long long)
> -            btrfs_stack_device_generation(&sb->dev_item));
> +     /* For embedded device item, don't do extra check, just like kernel */
> +     print_super_dev(sb, type);
> +     print_super_dev(sb, total_bytes);
> +     print_super_dev(sb, bytes_used);
> +     print_super_dev(sb, io_align);
> +     print_super_dev(sb, io_width);
> +     print_super_dev(sb, sector_size);
> +     print_super_dev(sb, id);
> +     print_super_dev(sb, group);
> +     print_super_dev(sb, seek_speed);
> +     print_super_dev(sb, bandwidth);
> +     print_super_dev(sb, generation);
>       if (full) {
>               printf("sys_chunk_array[%d]:\n", BTRFS_SYSTEM_CHUNK_ARRAY_SIZE);
>               print_sys_chunk_array(sb);
> 


-- 
gpg @keyserver.linux.it: Goffredo Baroncelli <kreijackATinwind.it>
Key fingerprint BBF5 1610 0B64 DAC6 5F7D  17B2 0EDA 9B37 8B82 E0B5
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html