Commit Graph

219 Commits

Author SHA1 Message Date
Kirk McKusick
d2404f0470 Break out the pass 5 inode and block map updating into a separate function
so that the function can be used by the journaling soft updates recovery.
2011-07-15 15:43:40 +00:00
Jeff Roberson
85e9da38fe - Handle the JOP_SYNC case as appropriate.
Reported by:	pho
2011-06-30 05:28:10 +00:00
Jeff Roberson
280e091a99 Implement fully asynchronous partial truncation with softupdates journaling
to resolve errors which can cause corruption on recovery with the old
synchronous mechanism.

 - Append partial truncation freework structures to indirdeps while
   truncation is proceeding.  These prevent new block pointers from
   becoming valid until truncation completes and serialize truncations.
 - On completion of a partial truncate journal work waits for zeroed
   pointers to hit indirects.
 - softdep_journal_freeblocks() handles last frag allocation and last
   block zeroing.
 - vtruncbuf/ffs_page_remove moved into softdep_*_freeblocks() so it
   is only implemented in one place.
 - Block allocation failure handling moved up one level so it does not
   proceed with buf locks held.  This permits us to do more extensive
   reclaims when filesystem space is exhausted.
 - softdep_sync_metadata() is broken into two parts, the first executes
   once at the start of ffs_syncvnode() and flushes truncations and
   inode dependencies.  The second is called on each locked buf.  This
   eliminates excessive looping and rollbacks.
 - Improve the mechanism in process_worklist_item() that handles
   acquiring vnode locks for handle_workitem_remove() so that it works
   more generally and does not loop excessively over the same worklist
   items on each call.
 - Don't corrupt directories by zeroing the tail in fsck.  This is only
   done for regular files.
 - Push a fsync complete record for files that need it so the checker
   knows a truncation in the journal is no longer valid.

Discussed with:	mckusick, kib (ffs_pages_remove and ffs_truncate parts)
Tested by:	pho
2011-06-10 22:48:35 +00:00
Dag-Erling Smørgrav
8d3dfc2691 Add an -E option to mirror newfs's. The idea is that if you have a system
that was built before ffs grew support for TRIM, your filesystem will have
plenty of free blocks that the flash chip doesn't know are free, so it
can't take advantage of them for wear leveling.  Once you've upgraded your
kernel, you enable TRIM on the filesystem (tunefs -t enable), then run
fsck_ffs -E on it before mounting it.

I tested this patch by half-filling an mdconfig'ed filesystem image,
running fsck_ffs -E on it, then verifying that the contents were not
damaged by comparing them to a pristine copy using rsync's checksum
functionality.  There is no reliable way to test it on real hardware.

Many thanks to mckusick@, who provided the tricky parts of this patch and
reviewed the final version.

Reviewed by:	mckusick@
MFC after:	3 weeks
2011-04-29 23:00:23 +00:00
Dag-Erling Smørgrav
d40c066473 Mechanical whitespace cleanup.
MFC after:	3 weeks
2011-04-27 02:55:03 +00:00
Dag-Erling Smørgrav
dc069d64fb Fix boo-boo in previous commit.
MFC after:	3 weeks
2011-04-27 02:35:57 +00:00
Dag-Erling Smørgrav
af18c83560 Alphabetize the options. No date bump since no actual change to the text.
MFC after:	3 weeks
2011-04-27 02:32:41 +00:00
Konstantin Belousov
0947d19a09 In checker, read journal by sectors.
Due to UFS insistence to pretend that device sector size is 512 bytes,
sector size is obtained from ioctl(DIOCGSECTORSIZE) for real devices,
and from the label otherwise. The file images without label have to
be made with 512 sector size.

In collaboration with:	pho
Reviewed by:	jeff
Tested by:	bz, pho
2011-02-12 13:17:14 +00:00
Kirk McKusick
7649cb0043 The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities
include sys/time.h instead of time.h. This include is incorrect as
per the manpages for the APIs and the POSIX definitions. This commit
replaces sys/time.h where necessary with time.h.

The commit also includes some minor style(9) header fixup in newfs.

This commit is part of a larger effort by Garrett Cooper started in
//depot/user/gcooper/posix-conformance-work/ -- to make FreeBSD more
POSIX compliant.

Submitted by:  Garrett Cooper   yanegomi at gmail dot com
2011-01-24 06:17:05 +00:00
Ulrich Spörlein
cded07a878 Move most of the remaining USD/PSD/SMM papers into share/doc 2010-12-04 10:11:20 +00:00
Joel Dahl
c2025a7660 Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
Joel Dahl
f6ac23919b Fix typos and spelling mistakes. 2010-08-06 14:33:42 +00:00
Bjoern A. Zeeb
08bb15b96f One question mark per question; everything else is just exaggerating.
reply() will output a '?', when printing the question along with [yn],
so no need to have another here.
2010-08-03 09:21:13 +00:00
Kirk McKusick
5ee561ee3e Note that foreground fsck should be run after a filesystem related panic.
Suggested by:   Mikhail Teterin (mi@)
MFC after:      1 week
2010-07-23 14:35:51 +00:00
Jeff Roberson
24d37c1eec - Permit zero length directories as a handled inconsistency. This allows
directory truncation to proceed before the link has been cleared.  This
   is accomplished by detecting a directory with no . or .. links and
   clearing the named directory entry in the parent.
 - Add a new function ino_remref() which handles the details of removing
   a reference to an inode as a result of a lost directory.  There were
   some minor errors in various subcases of this routine.
2010-07-06 07:07:29 +00:00
Xin LI
edad602637 Improve fsck robustness for SU+J cases:
- Use err/errx only when the case is really fatal.  For other
   cases, fall back to full fsck instead of quiting fsck.
 - Plug a memory leak.
 - Avoid divide by zero when printing summary.
 - Output "FILE SYSTEM IS MARKED CLEAN" when a successful
   journal recovering is done.
 - When -f is specified, do full fsck instead of journal recovery.
2010-06-22 00:26:07 +00:00
Kirk McKusick
97fea87b49 Add support to background fsck to delete zero-length directories. 2010-05-20 06:05:40 +00:00
Pawel Jakub Dawidek
132f1ed585 suj.c seems to contain two versions of the code.
Remove the one that doesn't compile.
2010-04-24 07:58:59 +00:00
Pawel Jakub Dawidek
d00690aec5 Protect fsck.h from being included twice. 2010-04-24 07:54:49 +00:00
Jeff Roberson
113db2dddb - Merge soft-updates journaling from projects/suj/head into head. This
brings in support for an optional intent log which eliminates the need
   for background fsck on unclean shutdown.

Sponsored by:   iXsystems, Yahoo!, and Juniper.
With help from: McKusick and Peter Holm
2010-04-24 07:05:35 +00:00
Kirk McKusick
f83a0037c6 Cast 64-bit quantity to intptr_t rather than int so as to work properly
with 64-bit architectures (such as amd64).

Reported by:  Xin LI and Josh Paetzel
2010-01-11 23:33:30 +00:00
Kirk McKusick
77355ce0c0 This update utilizes new fsck sysctl commands that allow fsck running
in background mode to correct expected inconsistencies that arise
during directory rename (see immediately previous update to this
file for details). If run on a kernel without the new functionality,
background fsck will simply ignore these inconsistencies rather
than fail.

Reported by:    jeff
2010-01-11 20:05:38 +00:00
Kirk McKusick
3777607646 When renaming a directory it passes through several intermediate
states. First its new name will be created causing it to have two
names (from possibly different parents). Next, if it has different
parents, its value of ".." will be changed from pointing to the old
parent to pointing to the new parent. Concurrently, its old name
will be removed bringing it back into a consistent state. When fsck
encounters an extra name for a directory, it offers to remove the
"extraneous hard link"; when it finds that the names have been
changed but the update to ".." has not happened, it offers to rewrite
".." to point at the correct parent. Both of these changes were
considered unexpected so would cause fsck in preen mode or fsck in
background mode to fail with the need to run fsck manually to fix
these problems.

This update changes these errors to be expected so that in preen
mode fsck will simply fix these transitional errors. For now,
background fsck will note these errors, but will need additional
kernel support to fix them, so will simply ignore them rather than
fail. A future update will allow background fsck to fix these
problems.

Reported by:	jeff
2010-01-11 19:52:40 +00:00
Kirk McKusick
21be55cc4b Add some error messages suggested in PR bin/138043. The code to
correct the problem was added in r176575 by delphij on 2008-02-25.

PR:		138043
Reported by:	Heikki Suonsivu
2010-01-07 01:10:49 +00:00
Kirk McKusick
36ef6b65ff This corrects a bug that manifested itself as identifying the last
cylinder group of a UFS1 filesystem as bad. The error was in the check
and not in the cylinder group itself. So even though fsck fixed the
cylinder group correctly, it was still endlessly reported as bad.

PR:		141992
MFC after:	2 weeks
Reported by:	Dan Strick
2010-01-07 00:17:36 +00:00
Antoine Brodin
13e403fdea (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR:		137213
Submitted by:	Eygene Ryabinkin (initial version)
MFC after:	1 month
2009-12-28 22:56:30 +00:00
Pawel Jakub Dawidek
2b2dc3a904 Correct comment. 2009-06-03 09:23:31 +00:00
Ulf Lilleengen
fd02a3b5c9 - Use volatile for signal variables.
Suggested by:	Jaakko Heinonen <jh -at- saunalahti.fi>
2009-06-02 17:57:24 +00:00
Ulf Lilleengen
a0f163fd83 - Use sig_atomic_t for signal handler variables.
MFC after:	1 week
2009-05-29 20:01:50 +00:00
Kirk McKusick
910b491e7e Update the actions previously attempted by the -D option to make them
robust. With these changes fsck is now able to detect and reliably
rebuild corrupted cylinder group maps. The -D option is no longer
necessary as it has been replaced by a prompt asking whether the
corrupted cylinder group should be rebuilt and doing so when requested.
These actions are only offered and taken when running fsck in manual
mode. Corrupted cylinder groups found during preen mode cause the fsck
to fail.

Add the -r option to free up excess unused inodes. Decreasing the
number of preallocated inodes reduces the running time of future
runs of fsck and frees up space that can allocated to files. The -r
option is ignored when running in preen mode.

Reviewed by: Xin LI <delphij@>
Sponsored by: Rsync.net
2009-02-04 01:02:56 +00:00
David E. O'Brien
111a52201c Add the '-C' "check clean" flag. If the FS is marked clean, skip file
system checking.  However, if the file system is not clean, perform a
full fsck.

Reviewed by:	delphij
Obtained from:	Juniper Networks
2009-01-30 18:33:05 +00:00
Xin LI
ffed8dfb38 Follow up with previous commit: mention -D, not -C when cg check
failed.

Submitted by:	obrien
2009-01-27 00:29:19 +00:00
Xin LI
7f94ca7233 Rename option 'C' to 'D' (damaged) in order to avoid a conflict with upcoming
Juniper 'C' (clean) flag.

Requested by:	obrien
MFC after:	1 week
2009-01-20 22:49:49 +00:00
Xin LI
07580acce5 Fix typo.
Submitted by:	Ben Kaduk <minimarmot gmail com>
MFC after:	3 days
2009-01-12 03:33:48 +00:00
David E. O'Brien
defc9d504b Garbage collect 'fflags'. 2008-12-24 03:07:19 +00:00
Konstantin Belousov
e6e1a3a875 Background fsck applies twice some summary totals changes. The next
background fsck on the same file system might then print negative
numbers for reclaimed directories/files/fragments.

Address the issue in a limited degree, by using old summary data for
cg when bgfsck is performed.

Submitted by:	tegge
MFC after:	1 week
2008-10-13 14:01:05 +00:00
Konstantin Belousov
717902b613 check_maps() in /usr/src/sbin/fsck_ffs/pass5.c seems to be limited to file
systems less than 1 TB, due to using 32-bits integers for file system block
numbers. This also causes incorrect error reporting for foreground fsck.

Convert it to use ufs2_daddr_t for block numbers.

PR:	kern/127951
Submitted by:	tegge
MFC after:	1 week
2008-10-13 13:56:23 +00:00
Remko Lodder
6f5c443661 Document the -F 's return statement.
If the application returns succesfully
the return code is 7 (which means the
filesystem is clean).

PR:		127432
Submitted by:	edwin
MFC after:	3 days
2008-09-17 06:56:27 +00:00
Craig Rodrigues
6910e995d9 Instead of passing MNT_UPDATE, MNT_SNAPSHOT, MNT_RELOAD from
userspace to kernel via nmount(), pass in the strings
"update", "snapshot", "reload".

We want to move away from passing MNT_ flags from userspace -> kernel
via nmount(), and instead favor passing the string options.
2008-08-23 01:21:10 +00:00
Stanislav Sedov
4f38796595 - Display '-C' option in usage().
Approved by:	kib
2008-06-08 19:48:41 +00:00
Xin LI
14320f1e7f Add a new flag, '-C' which enables a special mode that is intended for
catastrophic recovery.  Currently, this mode only validates whether a
cylindergroup has good signature data, and prompts the user to decide
whether to clear it as a whole.

This mode is useful when there is data damage on a disk and you are
working on copy of the original disk, as fsck_ffs(8) tends to abnormally
exit in such case, as a last resort to recover data from the disk.
2008-04-10 23:49:23 +00:00
Craig Rodrigues
205e074f2c Add comment about specifying "ro" mount option when
doing an update mount on a read-only file system.

Requested by:	yar
2008-04-04 01:50:58 +00:00
Craig Rodrigues
d8f7b008a7 For a mounted file system which is read-only, when
doing the MNT_RELOAD, pass in "ro" and "update"
string mount options to nmount() instead of MNT_RDONLY and MNT_UPDATE flags.

Due to the complexity of the mount parsing code especially
with respect to the root file system, passing in MNT_RDONLY and MNT_UPDATE
flags would do weird things and would cause fsck to convert the root
file system from a read-only mount to read-write.

To test:
 - boot into single user mode
 - show mounted file systems with: mount
 - root file system should be mounted read-only
 - fsck /
 - show mounted file systems with: mount
 - root file system should still be mounted read-only

PR:		120319
MFC after:	1 month
Reported by:	yar
2008-03-05 08:25:49 +00:00
Craig Rodrigues
22a122f315 Remove hacks to filter out MNT_ROOTFS, since we now
do that internally inside nmount() in revision 1.267 of vfs_mount.c.
2008-03-05 06:24:42 +00:00
Xin LI
1aaf5f440f In pass1(), cap inosused to fs_ipg rather than allowing arbitrary
number read from cylinder group.  Chances that we read a smarshed
cylinder group, and we can not 100% trust information it has
supplied.  fsck_ffs(8) will crash otherwise for some cases.
2008-02-26 03:08:22 +00:00
Xin LI
33663c7246 In pass2check(): Be more strict with the inode information before further
processing the information.  chk1 is more prone to crash when insane
information is provided by the on-disk inode, and does not even work
if the inode is being smarshed badly.
2008-02-26 03:05:48 +00:00
Xin LI
8f0931174a Be more careful when checking superblock. We have already checked
whether fs_bsize is larger than MINBSIZE, which is larger than the
value that is used to compared with fs_bsize, the sizeof fs, so the
check followed, will be always true.

By inspecting the code and some old commit log, I believe that the
check must be that *fs_sbsize* is larger than sizeof fs.  We round
up the size to nearest dev_bsize, as the smallest accepted fs_sbsize,
personally, I think this can be even changed to equal, because this
number is mostly an invariant in file systems.

With this check, fsck_ffs(8) will be more picky and has better
chance rejecting bad first superblock rather than referring to bad
value it supplied, thus gives better chance for it to check the
filesystem carefully.
2008-02-26 03:03:17 +00:00
Craig Rodrigues
24adb851f1 Convert fsck_ffs to nmount(). This seems to solve
an intermittent problem where MNT_RELOAD fails
for the root file system.

Reported and tested by: phk
Approved by:		re (bmah)
2007-09-19 01:24:19 +00:00
Pawel Jakub Dawidek
db3f838d97 Fix fscking gjournaled root file system: root file system is already mounted
read-only, so we can't simply exit right after calling gjournal_check(),
instead we need to ask about super block reload.

Submitted by:	Niki Denev <niki@totalterror.net>
PR:		misc/113889
Approved by:	re (kensmith)
2007-08-10 06:29:54 +00:00
Ruslan Ermilov
1675d675a7 Fix -fstrict-aliasing warning. 2006-11-01 10:56:33 +00:00