Commit Graph

324 Commits

Author SHA1 Message Date
Ulrich Spörlein
4b85a12f71 Spelling fixes for sbin/ 2012-01-07 16:09:33 +00:00
Ed Schouten
b3608ae18f Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
Konstantin Belousov
6f100596e5 Change the type of real_dev_bsize variable from long to u_int.
The DIOCGSECTORSIZE takes u_int * as an argument, using long *
causes failures on big-endian targets.

Diagnosed by:	Michiel Boland <boland37 xs4all nl>
PR:	sparc64/163460
Tested by:	pho (x86), flo (sparc64)
MFC after:	1 week
2011-12-20 20:39:00 +00:00
Dag-Erling Smørgrav
1d449f95f2 Forgot this nit in r221107.
Approved by:	re (kib)
2011-09-03 03:12:33 +00:00
Xin LI
fdc61a888d Fix the check in dircheck() on namlen.
The value of namlen is copied from on-disk d_namlen, which is a 8-bit
unsigned integer which can never exceed MAXNAMLEN (255) so the test is
always true.  Moreover, UFS does not allow d_namelen being zero.

Change namlen from u_int to u_int8_t, and replace the unneeded test
with a useful test.

PR:		bin/160339
Submitted by:	Eugene Grosbein <eugen grosbein.pp.ru>
MFC after:	2 weeks
Approved by:	re (kib)
2011-09-02 17:05:34 +00:00
Kirk McKusick
d2404f0470 Break out the pass 5 inode and block map updating into a separate function
so that the function can be used by the journaling soft updates recovery.
2011-07-15 15:43:40 +00:00
Jeff Roberson
85e9da38fe - Handle the JOP_SYNC case as appropriate.
Reported by:	pho
2011-06-30 05:28:10 +00:00
Jeff Roberson
280e091a99 Implement fully asynchronous partial truncation with softupdates journaling
to resolve errors which can cause corruption on recovery with the old
synchronous mechanism.

 - Append partial truncation freework structures to indirdeps while
   truncation is proceeding.  These prevent new block pointers from
   becoming valid until truncation completes and serialize truncations.
 - On completion of a partial truncate journal work waits for zeroed
   pointers to hit indirects.
 - softdep_journal_freeblocks() handles last frag allocation and last
   block zeroing.
 - vtruncbuf/ffs_page_remove moved into softdep_*_freeblocks() so it
   is only implemented in one place.
 - Block allocation failure handling moved up one level so it does not
   proceed with buf locks held.  This permits us to do more extensive
   reclaims when filesystem space is exhausted.
 - softdep_sync_metadata() is broken into two parts, the first executes
   once at the start of ffs_syncvnode() and flushes truncations and
   inode dependencies.  The second is called on each locked buf.  This
   eliminates excessive looping and rollbacks.
 - Improve the mechanism in process_worklist_item() that handles
   acquiring vnode locks for handle_workitem_remove() so that it works
   more generally and does not loop excessively over the same worklist
   items on each call.
 - Don't corrupt directories by zeroing the tail in fsck.  This is only
   done for regular files.
 - Push a fsync complete record for files that need it so the checker
   knows a truncation in the journal is no longer valid.

Discussed with:	mckusick, kib (ffs_pages_remove and ffs_truncate parts)
Tested by:	pho
2011-06-10 22:48:35 +00:00
Dag-Erling Smørgrav
8d3dfc2691 Add an -E option to mirror newfs's. The idea is that if you have a system
that was built before ffs grew support for TRIM, your filesystem will have
plenty of free blocks that the flash chip doesn't know are free, so it
can't take advantage of them for wear leveling.  Once you've upgraded your
kernel, you enable TRIM on the filesystem (tunefs -t enable), then run
fsck_ffs -E on it before mounting it.

I tested this patch by half-filling an mdconfig'ed filesystem image,
running fsck_ffs -E on it, then verifying that the contents were not
damaged by comparing them to a pristine copy using rsync's checksum
functionality.  There is no reliable way to test it on real hardware.

Many thanks to mckusick@, who provided the tricky parts of this patch and
reviewed the final version.

Reviewed by:	mckusick@
MFC after:	3 weeks
2011-04-29 23:00:23 +00:00
Dag-Erling Smørgrav
d40c066473 Mechanical whitespace cleanup.
MFC after:	3 weeks
2011-04-27 02:55:03 +00:00
Dag-Erling Smørgrav
dc069d64fb Fix boo-boo in previous commit.
MFC after:	3 weeks
2011-04-27 02:35:57 +00:00
Dag-Erling Smørgrav
af18c83560 Alphabetize the options. No date bump since no actual change to the text.
MFC after:	3 weeks
2011-04-27 02:32:41 +00:00
Konstantin Belousov
0947d19a09 In checker, read journal by sectors.
Due to UFS insistence to pretend that device sector size is 512 bytes,
sector size is obtained from ioctl(DIOCGSECTORSIZE) for real devices,
and from the label otherwise. The file images without label have to
be made with 512 sector size.

In collaboration with:	pho
Reviewed by:	jeff
Tested by:	bz, pho
2011-02-12 13:17:14 +00:00
Kirk McKusick
7649cb0043 The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities
include sys/time.h instead of time.h. This include is incorrect as
per the manpages for the APIs and the POSIX definitions. This commit
replaces sys/time.h where necessary with time.h.

The commit also includes some minor style(9) header fixup in newfs.

This commit is part of a larger effort by Garrett Cooper started in
//depot/user/gcooper/posix-conformance-work/ -- to make FreeBSD more
POSIX compliant.

Submitted by:  Garrett Cooper   yanegomi at gmail dot com
2011-01-24 06:17:05 +00:00
Ulrich Spörlein
cded07a878 Move most of the remaining USD/PSD/SMM papers into share/doc 2010-12-04 10:11:20 +00:00
Joel Dahl
c2025a7660 Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages.  Minor corrections by me.

Submitted by:	Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
2010-08-16 15:18:30 +00:00
Joel Dahl
f6ac23919b Fix typos and spelling mistakes. 2010-08-06 14:33:42 +00:00
Bjoern A. Zeeb
08bb15b96f One question mark per question; everything else is just exaggerating.
reply() will output a '?', when printing the question along with [yn],
so no need to have another here.
2010-08-03 09:21:13 +00:00
Kirk McKusick
5ee561ee3e Note that foreground fsck should be run after a filesystem related panic.
Suggested by:   Mikhail Teterin (mi@)
MFC after:      1 week
2010-07-23 14:35:51 +00:00
Jeff Roberson
24d37c1eec - Permit zero length directories as a handled inconsistency. This allows
directory truncation to proceed before the link has been cleared.  This
   is accomplished by detecting a directory with no . or .. links and
   clearing the named directory entry in the parent.
 - Add a new function ino_remref() which handles the details of removing
   a reference to an inode as a result of a lost directory.  There were
   some minor errors in various subcases of this routine.
2010-07-06 07:07:29 +00:00
Xin LI
edad602637 Improve fsck robustness for SU+J cases:
- Use err/errx only when the case is really fatal.  For other
   cases, fall back to full fsck instead of quiting fsck.
 - Plug a memory leak.
 - Avoid divide by zero when printing summary.
 - Output "FILE SYSTEM IS MARKED CLEAN" when a successful
   journal recovering is done.
 - When -f is specified, do full fsck instead of journal recovery.
2010-06-22 00:26:07 +00:00
Kirk McKusick
97fea87b49 Add support to background fsck to delete zero-length directories. 2010-05-20 06:05:40 +00:00
Pawel Jakub Dawidek
132f1ed585 suj.c seems to contain two versions of the code.
Remove the one that doesn't compile.
2010-04-24 07:58:59 +00:00
Pawel Jakub Dawidek
d00690aec5 Protect fsck.h from being included twice. 2010-04-24 07:54:49 +00:00
Jeff Roberson
113db2dddb - Merge soft-updates journaling from projects/suj/head into head. This
brings in support for an optional intent log which eliminates the need
   for background fsck on unclean shutdown.

Sponsored by:   iXsystems, Yahoo!, and Juniper.
With help from: McKusick and Peter Holm
2010-04-24 07:05:35 +00:00
Kirk McKusick
f83a0037c6 Cast 64-bit quantity to intptr_t rather than int so as to work properly
with 64-bit architectures (such as amd64).

Reported by:  Xin LI and Josh Paetzel
2010-01-11 23:33:30 +00:00
Kirk McKusick
77355ce0c0 This update utilizes new fsck sysctl commands that allow fsck running
in background mode to correct expected inconsistencies that arise
during directory rename (see immediately previous update to this
file for details). If run on a kernel without the new functionality,
background fsck will simply ignore these inconsistencies rather
than fail.

Reported by:    jeff
2010-01-11 20:05:38 +00:00
Kirk McKusick
3777607646 When renaming a directory it passes through several intermediate
states. First its new name will be created causing it to have two
names (from possibly different parents). Next, if it has different
parents, its value of ".." will be changed from pointing to the old
parent to pointing to the new parent. Concurrently, its old name
will be removed bringing it back into a consistent state. When fsck
encounters an extra name for a directory, it offers to remove the
"extraneous hard link"; when it finds that the names have been
changed but the update to ".." has not happened, it offers to rewrite
".." to point at the correct parent. Both of these changes were
considered unexpected so would cause fsck in preen mode or fsck in
background mode to fail with the need to run fsck manually to fix
these problems.

This update changes these errors to be expected so that in preen
mode fsck will simply fix these transitional errors. For now,
background fsck will note these errors, but will need additional
kernel support to fix them, so will simply ignore them rather than
fail. A future update will allow background fsck to fix these
problems.

Reported by:	jeff
2010-01-11 19:52:40 +00:00
Kirk McKusick
21be55cc4b Add some error messages suggested in PR bin/138043. The code to
correct the problem was added in r176575 by delphij on 2008-02-25.

PR:		138043
Reported by:	Heikki Suonsivu
2010-01-07 01:10:49 +00:00
Kirk McKusick
36ef6b65ff This corrects a bug that manifested itself as identifying the last
cylinder group of a UFS1 filesystem as bad. The error was in the check
and not in the cylinder group itself. So even though fsck fixed the
cylinder group correctly, it was still endlessly reported as bad.

PR:		141992
MFC after:	2 weeks
Reported by:	Dan Strick
2010-01-07 00:17:36 +00:00
Antoine Brodin
13e403fdea (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR:		137213
Submitted by:	Eygene Ryabinkin (initial version)
MFC after:	1 month
2009-12-28 22:56:30 +00:00
Pawel Jakub Dawidek
2b2dc3a904 Correct comment. 2009-06-03 09:23:31 +00:00
Ulf Lilleengen
fd02a3b5c9 - Use volatile for signal variables.
Suggested by:	Jaakko Heinonen <jh -at- saunalahti.fi>
2009-06-02 17:57:24 +00:00
Ulf Lilleengen
a0f163fd83 - Use sig_atomic_t for signal handler variables.
MFC after:	1 week
2009-05-29 20:01:50 +00:00
Kirk McKusick
910b491e7e Update the actions previously attempted by the -D option to make them
robust. With these changes fsck is now able to detect and reliably
rebuild corrupted cylinder group maps. The -D option is no longer
necessary as it has been replaced by a prompt asking whether the
corrupted cylinder group should be rebuilt and doing so when requested.
These actions are only offered and taken when running fsck in manual
mode. Corrupted cylinder groups found during preen mode cause the fsck
to fail.

Add the -r option to free up excess unused inodes. Decreasing the
number of preallocated inodes reduces the running time of future
runs of fsck and frees up space that can allocated to files. The -r
option is ignored when running in preen mode.

Reviewed by: Xin LI <delphij@>
Sponsored by: Rsync.net
2009-02-04 01:02:56 +00:00
David E. O'Brien
111a52201c Add the '-C' "check clean" flag. If the FS is marked clean, skip file
system checking.  However, if the file system is not clean, perform a
full fsck.

Reviewed by:	delphij
Obtained from:	Juniper Networks
2009-01-30 18:33:05 +00:00
Xin LI
ffed8dfb38 Follow up with previous commit: mention -D, not -C when cg check
failed.

Submitted by:	obrien
2009-01-27 00:29:19 +00:00
Xin LI
7f94ca7233 Rename option 'C' to 'D' (damaged) in order to avoid a conflict with upcoming
Juniper 'C' (clean) flag.

Requested by:	obrien
MFC after:	1 week
2009-01-20 22:49:49 +00:00
Xin LI
07580acce5 Fix typo.
Submitted by:	Ben Kaduk <minimarmot gmail com>
MFC after:	3 days
2009-01-12 03:33:48 +00:00
David E. O'Brien
defc9d504b Garbage collect 'fflags'. 2008-12-24 03:07:19 +00:00
Konstantin Belousov
e6e1a3a875 Background fsck applies twice some summary totals changes. The next
background fsck on the same file system might then print negative
numbers for reclaimed directories/files/fragments.

Address the issue in a limited degree, by using old summary data for
cg when bgfsck is performed.

Submitted by:	tegge
MFC after:	1 week
2008-10-13 14:01:05 +00:00
Konstantin Belousov
717902b613 check_maps() in /usr/src/sbin/fsck_ffs/pass5.c seems to be limited to file
systems less than 1 TB, due to using 32-bits integers for file system block
numbers. This also causes incorrect error reporting for foreground fsck.

Convert it to use ufs2_daddr_t for block numbers.

PR:	kern/127951
Submitted by:	tegge
MFC after:	1 week
2008-10-13 13:56:23 +00:00
Remko Lodder
6f5c443661 Document the -F 's return statement.
If the application returns succesfully
the return code is 7 (which means the
filesystem is clean).

PR:		127432
Submitted by:	edwin
MFC after:	3 days
2008-09-17 06:56:27 +00:00
Craig Rodrigues
6910e995d9 Instead of passing MNT_UPDATE, MNT_SNAPSHOT, MNT_RELOAD from
userspace to kernel via nmount(), pass in the strings
"update", "snapshot", "reload".

We want to move away from passing MNT_ flags from userspace -> kernel
via nmount(), and instead favor passing the string options.
2008-08-23 01:21:10 +00:00
Stanislav Sedov
4f38796595 - Display '-C' option in usage().
Approved by:	kib
2008-06-08 19:48:41 +00:00
Xin LI
14320f1e7f Add a new flag, '-C' which enables a special mode that is intended for
catastrophic recovery.  Currently, this mode only validates whether a
cylindergroup has good signature data, and prompts the user to decide
whether to clear it as a whole.

This mode is useful when there is data damage on a disk and you are
working on copy of the original disk, as fsck_ffs(8) tends to abnormally
exit in such case, as a last resort to recover data from the disk.
2008-04-10 23:49:23 +00:00
Craig Rodrigues
205e074f2c Add comment about specifying "ro" mount option when
doing an update mount on a read-only file system.

Requested by:	yar
2008-04-04 01:50:58 +00:00
Craig Rodrigues
d8f7b008a7 For a mounted file system which is read-only, when
doing the MNT_RELOAD, pass in "ro" and "update"
string mount options to nmount() instead of MNT_RDONLY and MNT_UPDATE flags.

Due to the complexity of the mount parsing code especially
with respect to the root file system, passing in MNT_RDONLY and MNT_UPDATE
flags would do weird things and would cause fsck to convert the root
file system from a read-only mount to read-write.

To test:
 - boot into single user mode
 - show mounted file systems with: mount
 - root file system should be mounted read-only
 - fsck /
 - show mounted file systems with: mount
 - root file system should still be mounted read-only

PR:		120319
MFC after:	1 month
Reported by:	yar
2008-03-05 08:25:49 +00:00
Craig Rodrigues
22a122f315 Remove hacks to filter out MNT_ROOTFS, since we now
do that internally inside nmount() in revision 1.267 of vfs_mount.c.
2008-03-05 06:24:42 +00:00
Xin LI
1aaf5f440f In pass1(), cap inosused to fs_ipg rather than allowing arbitrary
number read from cylinder group.  Chances that we read a smarshed
cylinder group, and we can not 100% trust information it has
supplied.  fsck_ffs(8) will crash otherwise for some cases.
2008-02-26 03:08:22 +00:00
Xin LI
33663c7246 In pass2check(): Be more strict with the inode information before further
processing the information.  chk1 is more prone to crash when insane
information is provided by the on-disk inode, and does not even work
if the inode is being smarshed badly.
2008-02-26 03:05:48 +00:00
Xin LI
8f0931174a Be more careful when checking superblock. We have already checked
whether fs_bsize is larger than MINBSIZE, which is larger than the
value that is used to compared with fs_bsize, the sizeof fs, so the
check followed, will be always true.

By inspecting the code and some old commit log, I believe that the
check must be that *fs_sbsize* is larger than sizeof fs.  We round
up the size to nearest dev_bsize, as the smallest accepted fs_sbsize,
personally, I think this can be even changed to equal, because this
number is mostly an invariant in file systems.

With this check, fsck_ffs(8) will be more picky and has better
chance rejecting bad first superblock rather than referring to bad
value it supplied, thus gives better chance for it to check the
filesystem carefully.
2008-02-26 03:03:17 +00:00
Craig Rodrigues
24adb851f1 Convert fsck_ffs to nmount(). This seems to solve
an intermittent problem where MNT_RELOAD fails
for the root file system.

Reported and tested by: phk
Approved by:		re (bmah)
2007-09-19 01:24:19 +00:00
Pawel Jakub Dawidek
db3f838d97 Fix fscking gjournaled root file system: root file system is already mounted
read-only, so we can't simply exit right after calling gjournal_check(),
instead we need to ask about super block reload.

Submitted by:	Niki Denev <niki@totalterror.net>
PR:		misc/113889
Approved by:	re (kensmith)
2007-08-10 06:29:54 +00:00
Ruslan Ermilov
1675d675a7 Fix -fstrict-aliasing warning. 2006-11-01 10:56:33 +00:00
Pawel Jakub Dawidek
1a39ef9574 Forgot to add file with gjournal specific fsck code.
Sponsored by:	home.pl
2006-10-31 22:21:01 +00:00
Pawel Jakub Dawidek
aef8d2449b Implements gjournal support. If file system has gjournal support enabled
and -p flag was given perform fast file system checking (bascially only
garbage collecting of orphaned objects).

Rename bread() to blread() and bwrite() to blwrite() as we now link to
the libufs library, which also implement functions with that names.

Sponsored by:	home.pl
2006-10-31 22:06:56 +00:00
Xin LI
d80980c8de Mention the default location of alternative super block on a
UFS2 file system, in fsck_ffs(8).

Submitted by:	KOMATSU Shinichiro <koma2 at lovepeers ! org>
PR:		docs/86362
MFC After:	3 days
2005-09-20 08:02:38 +00:00
Xin LI
c0ed8991fb Make background fsck based summary adjustments actually work by
initializing the sysctl mibs data before actually using them.

The original patchset (which is the actual version that is running
on my testboxes) have checked whether all of these sysctls and
refuses to do background fsck if we don't have them.  Kirk has
pointed out that refusing running fsck on old kernels is pointless,
as old kernels will recompute the summary at mount time, so I
have removed these checks.

Unfortunatelly, as the checks will initialize the mib values of
those sysctl's, and which are vital for the runtime summary
adjustment to work, we can not simply remove the check, which
will lead to problem when running background fsck over a dirty
volume.  Add these checks in a different way: give a warning rather
than refusing to work, and complain if the functionality is not
available when adjustments are necessary.

Noticed by:	A power failure at my lab
Pointy hat:	me
MFC After:	3 days
2005-03-07 08:42:49 +00:00
Xin LI
a16baf37b9 The recomputation of file system summary at mount time can be a
very slow process, especially for large file systems that is just
recovered from a crash.

Since the summary is already re-sync'ed every 30 second, we will
not lag behind too much after a crash.  With this consideration
in mind, it is more reasonable to transfer the responsibility to
background fsck, to reduce the delay after a crash.

Add a new sysctl variable, vfs.ffs.compute_summary_at_mount, to
control this behavior.  When set to nonzero, we will get the
"old" behavior, that the summary is computed immediately at mount
time.

Add five new sysctl variables to adjust ndir, nbfree, nifree,
nffree and numclusters respectively.  Teach fsck_ffs about these
API, however, intentionally not to check the existence, since
kernels without these sysctls must have recomputed the summary
and hence no adjustments are necessary.

This change has eliminated the usual tens of minutes of delay of
mounting large dirty volumes.

Reviewed by:	mckusick
MFC After:	1 week
2005-02-20 08:02:15 +00:00
Ruslan Ermilov
8d646af581 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 09:19:34 +00:00
Ruslan Ermilov
a866e17077 Added the EXIT STATUS section where appropriate. 2005-01-17 07:44:44 +00:00
Poul-Henning Kamp
d90b3ef3c9 Do not pass random bits as mount arguments. 2004-12-12 11:04:52 +00:00
Robert Watson
60c9762920 Explicitly break out NETA license from Berkeley license to clearly
indicate license grant, as well as to indicate that NETA is asserting
only two clauses, not four clauses.

Requested by:	imp
2004-10-20 08:05:02 +00:00
Warner Losh
e94598bb16 The got_siginfo = 0 should have been got_sigalarm=0 to match the other
passes.

Submitted by: Dworkin Muller
2004-10-10 06:37:56 +00:00
Don Lewis
af6726e657 Eliminate linked list used to track inodes with an initial link
count of zero and instead encode this information in the inode state.
Pass 4 performed a linear search of this list for each inode in
the file system, which performs poorly if the list is long.

Reviewed by:    sam & keramida (an earlier version of the patch), mckusick
MFC after:	1 month
2004-10-08 20:44:47 +00:00
Scott Long
4e50d4499a Move back to WARNS=2 2004-09-01 08:26:39 +00:00
Scott Long
c3b2344b93 Create DIP_SET() and IBLK_SET() macros to fix lvalue warnings.
Inspired by: kan
2004-09-01 05:48:06 +00:00
John Baldwin
b72ea57f3b Generalize the UFS bad magic value used to determine when a filesystem
has only been partly initialized via newfs(8) so that it applies to both
UFS1 and UFS2.

Submitted by:	"Xin LI" delphij at frontfree dot net
MFC:		maybe?
2004-08-19 11:09:13 +00:00
Alexander Kabaev
bcd5ceac59 Downgrade WARNS level until GCC 3.4.2 warning have been fixed. 2004-07-28 05:57:48 +00:00
Ruslan Ermilov
9806e23132 Mechanically kill hard sentence breaks. 2004-07-02 21:45:06 +00:00
Scott Long
08983aee40 Improve the delay algorithm used in bgfsck. From the author:
shuffles the timing and sleep calls in bgfsck from:

 sleep timer_on io timer_off io io io io io io io
   to
 sleep io io io io io io io timer_on io timer_off

 The original method basically guaranteed that the timed I/O included a
 disk seek every time, which made bgfsck sleep for much longer than
 necessary.

Submitted by:   Dan Nelson
Reviewed by:    kirk
2004-05-18 19:51:41 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
David Malone
77d9382114 Remove a stray \n from a setproctitle.
Submitted by:	Niki Denev <nike_d@cytexbg.com>
2004-03-30 20:01:25 +00:00
Scott Long
1660ae8795 In the case of a background fsck, periodically update the process title
with a progress update.
2004-02-28 07:50:42 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Colin Percival
96e3efc09f Avoid dereferencing null pointers in fsck_ffs. (pfatal may return,
so it isn't a safe way of handling [mc]alloc failures.)

PR:		misc/61800
Approved by:	rwatson (mentor)
2004-01-26 15:05:30 +00:00
Simon L. B. Nielsen
11c3eb3e1d Add manual page links from fsck_ufs.8 and fsck_4.2bsd.8 to fsck_ffs.8,
since there are already the same links for the program binary.

Suggested by:	mat
2004-01-10 14:36:49 +00:00
Wes Peters
3b7e1bf6b5 Catch and report on filesystems that were interrupted during newfs,
sporting the new 'BAD' magic number.  Exit with a unique error code
(11) so callers who care about this can respond appropriately.
2003-11-16 07:10:55 +00:00
Ian Dowse
d6ad008082 Change the default mode for lost+found from 01777 to 0700. The
original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.

Reviewed by:	mckusick
2003-10-19 21:49:44 +00:00
Kirk McKusick
ff76fc7f16 Create a .snap directory mode 770 group operator in the root of each
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:

1) For terabyte-sized filesystems, the snapshot may require many
   minutes to build. Although the filesystem will not be suspended
   during most of the snapshot build, the snapshot file itself is
   locked during the entire snapshot build period. Thus, if it is
   accessed during the period that it is being built, the process
   trying to access it will block holding its containing directory
   locked. If the snapshot is in the root, the root will lock and
   the system will come to a halt until the snapshot finishes. By
   putting the snapshot in a subdirectory, it is out of the likely
   path of any process traversing through the root and hence much
   less likely to cause a lock race to the root.

2) The dump program is usually run by a non-root user running with
   operator group privilege. Such a user is typically not permitted
   to create files in the root of a filesystem. By having a directory
   in group operator with group write access available, such a user
   will be able to create a snapshot there. Having the dump program
   create its snapshot in a subdirectory below the root will benefit
   from point (1) as well.

Sponsored by:   DARPA & NAI Labs.
2003-10-08 02:14:03 +00:00
Ruslan Ermilov
e4e0776408 Spell "file system" correctly. 2003-08-01 11:31:19 +00:00
David E. O'Brien
c69284ca08 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
Kirk McKusick
363c185255 Correct lines incorrectly added to the copyright message. Add missing period.
Submitted by:	Bruce Evans <bde@zeta.org.au>
Sponsored by:   DARPA & NAI Labs.
2003-02-14 21:08:14 +00:00
Warner Losh
9cf092a263 MFp4: Make ifs consistant with rest of file. 2002-12-13 19:47:07 +00:00
Ruslan Ermilov
8d5d039f80 Uniformly refer to a file system as "file system".
Approved by:	re
2002-12-12 17:26:04 +00:00
Ian Dowse
9d580d7c5f Slow down the operation of background fsck so as to leave some disk
bandwidth for other processes. Since the sleeping is done from
userland, this avoids the locking issues that affected the kernel
version.

The algorithm used here is to measure a moving average of the times
taken by a sample of read operations and then delay 1 in 8 reads
by 16 times the measured average. This should correspond to a factor
of 3 slowdown, but in practice the factor is larger (3.5 to 4) due
to hz rounding effects.

Reviewed by:	mckusick
Approved by:	re
2002-12-07 21:40:31 +00:00
Kirk McKusick
f033309fcd Verify that alternate superblocks have a correct magic number before
trying to use them. Set a minimum value for numdirs when using an
alternate superblock to avoid spurious numdirs == 0 error. Calculate
new fields when using an alternate superblock from a UFS1 filesystem
to avoid segment faulting.

Sponsored by:   DARPA & NAI Labs.
2002-12-02 19:30:37 +00:00
Kirk McKusick
ada981b228 Create a new 32-bit fs_flags word in the superblock. Add code to move
the old 8-bit fs_old_flags to the new location the first time that the
filesystem is mounted by a new kernel. One of the unused flags in
fs_old_flags is used to indicate that the flags have been moved.
Leave the fs_old_flags word intact so that it will work properly if
used on an old kernel.

Change the fs_sblockloc superblock location field to be in units
of bytes instead of in units of filesystem fragments. The old units
did not work properly when the fragment size exceeeded the superblock
size (8192). Update old fs_sblockloc values at the same time that
the flags are moved.

Suggested by:	BOUWSMA Barry <freebsd-misuser@netscum.dyndns.dk>
Sponsored by:   DARPA & NAI Labs.
2002-11-27 02:18:58 +00:00
Julian Elischer
bbed4456c1 Fsck needs to check each CG's rotor values to ensure thay are not -ve.
It seems a common corruption to have them -ve (I've seen it several times)
and if fsck doesn't fix it, it leads to a kernel pagefault.

Reviewd by: kirk
Submitted by: Eric Jacobs <eaja@erols.com> and me independently.
MFC in: 2 days
PR: bin/40967
Approved by: re
2002-11-24 21:41:42 +00:00
Kirk McKusick
68aff0840c Clear the pending counts in the superblock after a successful run
of fsck so that the kernel does not complain about them being
non-zero when the filesystem is mounted.

Sponsored by:	DARPA & NAI Labs.
2002-10-19 05:36:48 +00:00
Kirk McKusick
1546eccd21 When verifying a superblock, the lower bound on block size is MINBSIZE
(4096), not SBLOCKSIZE (8192).

Submitted by:	Tor.Egge@cvsup.no.freebsd.org
Sponsored by:	DARPA & NAI Labs.
2002-10-10 00:50:56 +00:00
Mike Barcroft
89fdc4e117 Use the standardized CHAR_BIT constant instead of NBBY in userland. 2002-09-25 04:06:37 +00:00
Kirk McKusick
c18ef4c018 Add support to fsck_ffs to account for storage for extended
attributes.

Sponsored by:	DARPA & NAI Labs.
2002-09-24 05:18:17 +00:00
Poul-Henning Kamp
5186921306 Add a source file where EXTATTR checks will happen and hook it in even
if it doesn't do anything yet.

Sponsored by: DARPA & NAI Labs.
2002-09-16 11:27:47 +00:00
Tom Rhodes
5af4935a22 Fix some 'SYNOPSIS' and 'usage' messages. 2002-08-27 00:49:27 +00:00
Philippe Charnier
7fed38d0a0 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Bosko Milekic
b35e69503a Fix more breakage due to FSTYPENAMES/DKTYPENAMES split.
Also submitted by: David Wolfskill <david@catwhisker.org>
2002-08-16 16:08:36 +00:00
Alfred Perlstein
b42db77473 Don't '#define DKTYPENAMES', we don't use the variable it exposes from
the header file.
2002-08-16 07:34:19 +00:00
Poul-Henning Kamp
9b32d51a51 preen.c was a stragler after the fsck/fsck_ffs divorce.
fsck_ffs did not need it, but quotacheck did include it from fsck_ffs.

A repocopy has now moved the fsck_ffs/preen.c file to quotacheck/preen.c

quotacheck and fsck should probably use the same checkfstab() function
and it should possibly live in libufs.

Trouble is: they have diverged in the meantime.

At least now fsck_ffs is not in the equation anymore.

Sponsored by:	DARPA & NAI Labs.
2002-08-09 14:41:37 +00:00
Maxime Henrion
84fc0d7e7f Fix a bunch of format string warnings which broke
the sparc64 build.

Tested on:	sparc64, i386
2002-07-31 12:01:14 +00:00
Poul-Henning Kamp
a490e80ce6 Remove some additional paranoia which Kirk forgot to remove from his
UFS2 commit.

These bits in essence made any instance of "softupdates expected
corrution", (ie blocks marked allocated but not referenced by an
inode etc) result in a exit value for fsck_ffs of 2.

2 is part of the magic and appearantly undocumented protocol between
fsck_FOO and fsck and means "dump into single user mode ASAP.

Sponsored by:	DARPA & NAI Labs.
2002-07-30 20:49:29 +00:00
Poul-Henning Kamp
599304a42f Warning cleanup.
Format changes by peter
2002-07-30 13:01:25 +00:00
Ian Dowse
8f42fb8fc9 Remove the kernel file-size limit for UFS2, so that only the limit
imposed by the filesystem structure itself remains. With 16k blocks,
the maximum file size is now just over 128TB.

For now, the UFS1 file size limit is left unchanged so as to remain
consistent with RELENG_4, but it too could be removed in the future.

Reviewed by:	mckusick
2002-06-26 18:34:51 +00:00
Ian Dowse
6a26192ada Fix an integer overflow that causes fsck_ffs to crash when it
encounters very large file sizes in the filesystem.

Reviewed by:	mckusick
2002-06-26 16:40:25 +00:00
Kirk McKusick
1c85e6a35d This commit adds basic support for the UFS2 filesystem. The UFS2
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.

Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.

Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).

Sponsored by: DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@freebsd.org>
2002-06-21 06:18:05 +00:00
Tom Rhodes
3468b317cb more file system > filesystem 2002-05-16 04:10:46 +00:00
Poul-Henning Kamp
381ee4c2e8 UFS2 preparation commit:
Remove support for converting old FFS formats to newer.

Submitted by:	mckusick
Sponspored by: DARPA & NAI Labs.
2002-05-12 23:44:15 +00:00
Poul-Henning Kamp
77068a7fe2 Retire the bogus uses of the disklabel field d_sbsize and begin to
initialize it to zero so we don't have to have everbody and their
aunt including FFS specific header files.

Sponsored by: DARPA & NAI Labs.
2002-05-12 20:49:41 +00:00
Kirk McKusick
088f357d12 Minor bug fixes uncovered while working on UFS2.
They should have no effect on existing systems.
2002-05-02 01:03:06 +00:00
Dag-Erling Smørgrav
d397408818 Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2002-04-22 13:44:47 +00:00
Kirk McKusick
cdd5d266b2 When checking the alternate superblock, we used to copy any fields
that might have changed, then did a byte-by-byte comparison with
the alternate. If any unused fields got used, they had to be added
to the exception list. Such changes caused too many false alarms.
So, I have changed the comparison algorithm to compare a selected
set of fields that are not expected to change. This new algorithm
causes far fewer false hits and still does a good job of detecting
problems when they have really occurred. In particular, this change
should ease the transition to kernels supporting UFS2 which make
some significant changes to the superblock.

Sponsored by:	DARPA, NAI Labs
2002-04-07 05:16:33 +00:00
Mark Murray
8e2e167cdd Replace __progname with the documented, more acceptable and functionally identical getprogname(3). 2002-03-24 15:17:53 +00:00
Warner Losh
b70cd7ee68 o __P removed
o ansi function prototypes
o unifdef -D__STDC__
o __dead2 on usage prototype
o remove now-bogus main prototype
2002-03-20 22:57:10 +00:00
David E. O'Brien
3d438ad61f Remove 'register' keyword.
It does not help modern compilers, and some may take some hit from it.
(I also found several functions that listed *every* of its 10 local vars with
 "register" -- just how many free registers do people think machines have?)
2002-03-20 17:55:10 +00:00
Alfred Perlstein
a2d440dae0 declare locally used globals as static. 2001-12-22 12:35:03 +00:00
Ian Dowse
c5f6da70ca Ignore the value of fs_active when comparing superblocks.
Noticed by:	"Niels Chr. Bank-Pedersen" <ncbp@bank-pedersen.dk>
2001-12-17 01:33:27 +00:00
Philippe Charnier
f73eedd8a6 Spelling 2001-12-11 18:24:59 +00:00
Ruslan Ermilov
830a9d770e mdoc(7) police: section 1 and 8 manpages document their exit
codes under the DIAGNOSTICS section, not RETURN VALUES, which
is for section 2, 3, and 9 manpages.
2001-12-04 16:17:35 +00:00
David E. O'Brien
17489e76f0 Actually I haven't enumerated the return values yet (thats why I hadn't
committed it yet).  So vague'ize the wording a little bit to make up
for it.
2001-12-04 02:26:47 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
Ian Dowse
bf58d635ba Fix a large number of -Wall, -Wformat and -W compiler warnings.
These were mainly missing casts or wrong format strings in printf
statements, but there were also missing includes, unused variables,
functions and arguments.

The choice of `long' vs `int' still seems almost random in a lot
of places though.
2001-11-17 23:48:21 +00:00
Ian Dowse
25211b35bf Give a more useful diagnostic when an extraneous hard link to a
directory is encountered. This includes the full path of the
directory that will be removed if the user answers "y" to the
"REMOVE?" question.

PR:		bin/226851
Submitted by:	KOIE Hide <hide@koie.org>
MFC after:	1 week
2001-11-17 22:46:36 +00:00
Kris Kennaway
5979df34a6 Silence non-constant format string warnings by marking functions
as __printflike()/__printf0like(), adding const, or adding missing "%s"
format strings, as appropriate.

MFC after:	2 weeks
2001-08-19 08:19:37 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ian Dowse
e23faa1027 Ignore the new superblock fields fs_pendingblocks and fs_pendinginodes
when comparing with the alternate superblock. These fields are used
for temporary in-core information only. This should fix the "VALUES
IN SUPER BLOCK DISAGREE WITH THOSE IN FIRST ALTERNATE" error from
fsck_ffs that has been seen a lot recently.
2001-05-29 20:45:08 +00:00
Kirk McKusick
9361d9fe0b Just notify us once when encountering a partially allocated inode. 2001-05-08 06:41:56 +00:00
Kirk McKusick
f4a225c706 Update usage message with new options.
Submitted by:	Ruslan Ermilov <ru@FreeBSD.org>
2001-04-30 05:36:32 +00:00
Ruslan Ermilov
f8923543de mdoc(7) police:
document date updated, removed history info from the .Os call, cosmetics.
2001-04-27 08:36:48 +00:00
Kirk McKusick
15fca934f6 Add support for the -F flag which determines whether a specified
filesystem needs foreground checking (usually at boot time) or
can defer to background checking (after the system is up and running).
See the manual page, fsck_ffs(8), for details on the -F and -B options.
These options are primarily intended for use by the fsck front end.

All output is directed to stdout so that the output is coherent
when redirected to a file or a pipe. Unify the code with the fsck
front end that allows either a device or a mount point to be
specified as the argument to be checked.
2001-04-24 22:38:08 +00:00
Ian Dowse
d164d805c7 In fsdb, call sblock_init() which is now necessary to initialise
the global variable dev_bsize. Add a prototype for sblock_init()
to fsck.h, and set the return type correctly.
2001-04-23 21:39:14 +00:00
Kirk McKusick
38375c40b8 Minor background cleanups:
1) Set the FS_NEEDSFSCK flag when unexpected problems are encountered.
2) Clear the FS_NEEDSFSCK flag after a successful foreground cleanup.
3) Refuse to run in background when the FS_NEEDSFSCK flag is set.
4) Avoid taking and removing a snapshot when the filesystem is already clean.
5) Properly implement the force cleaning (-f) flag when in preen mode.

Note that you need to have revision 1.21 (date: 2001/04/14 05:26:28) of
fs.h installed in <ufs/ffs/fs.h> defining FS_NEEDSFSCK for this to compile.
2001-04-16 22:22:21 +00:00
Ruslan Ermilov
7df8ffa198 mdoc(7) police: prepare for mdocNG. 2001-04-16 15:12:58 +00:00
John Baldwin
3e6b5668b4 Catch up to the dirpref changes by copying new fields in the alternate
superblock from the original superblock so that differences in those new
fields are ignored.
2001-04-10 22:11:01 +00:00
Kirk McKusick
853f677e4d Use fs->fs_ipg rather than cg->cg_niblk as the latter is only
16-bits and may overflow.

Obtained from:	Bruce Evans <bde@zeta.org.au>
2001-03-31 22:17:38 +00:00
Ruslan Ermilov
0a5779d45b - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
Kirk McKusick
7578c6ab98 Additions to run checks on live filesystems. This change will not
affect current systems until fsck is modified to use these new
facilities. To try out this change, set the fsck passno to zero
in /etc/fstab to cause the filesystem to be mounted without running
fsck, then run `fsck_ffs -p -B <filesystem>' after the system has
been brought up multiuser to run a background cleanup on <filesystem>.
Note that the <filesystem> in question must have soft updates enabled.
2001-03-21 09:48:03 +00:00
Ruslan Ermilov
fe655281c5 Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
Jeroen Ruigrok van der Werven
7c63796828 Preceed/preceeding are not english words. Use precede or preceding. 2001-02-18 10:25:42 +00:00
Tor Egge
a46d9bce72 Don't allow special devices of type NODEV (NOUDEV as seen from kernel).
They can't be created via mknod and the kernel crashes if it encounters
such an inode.
Approved by:	mckusick
2001-02-15 22:26:21 +00:00
Nik Clayton
8684bec007 Use ".Nm fsck_ffs", so that this turns up in whatis(1), and others.
Add .Xr to fsck.

Prompted by:	JM Jr's script that shows binaries with no whatis info
Reviewed by:	adrian
2001-02-12 17:50:14 +00:00
Ian Dowse
16241a05dd Fsck_ffs did not properly range-check the inode 'di_size'
field, so it was possible for a filesystem marked clean by fsck_ffs
to cause kernel crashes later when mounted. This could occur when
fsck_ffs was used to repair a badly corrupted filesystem.

As pointed out by bde, it is not sufficient to restrict di_size to
just the superblock fs_maxfilesize limit. The use of 32-bit logical
block numbers (both in fsck and the kernel) induces another file
size limit which is usually lower than fs_maxfilesize. Also, the
old 4.3BSD filesystem does not have fs_maxfilesize initialised.

Following this change, fsck_ffs will enforce exactly the same
file size limits as are used by the kernel.

PR:		kern/15065
Discussed with:	bde
Reviewed by:	bde, mckusick
2001-01-31 15:16:56 +00:00
Ian Dowse
f55ff3f3ef The ffs superblock includes a 128-byte region for use by temporary
in-core pointers to summary information. An array in this region
(fs_csp) could overflow on filesystems with a very large number of
cylinder groups (~16000 on i386 with 8k blocks). When this happens,
other fields in the superblock get corrupted, and fsck refuses to
check the filesystem.

Solve this problem by replacing the fs_csp array in 'struct fs'
with a single pointer, and add padding to keep the length of the
128-byte region fixed. Update the kernel and userland utilities
to use just this single pointer.

With this change, the kernel no longer makes use of the superblock
fields 'fs_csshift' and 'fs_csmask'. Add a comment to newfs/mkfs.c
to indicate that these fields must be calculated for compatibility
with older kernels.

Reviewed by:	mckusick
2001-01-15 18:30:40 +00:00
Ian Dowse
fefd74d87c Document fsck_ffs's new SIGINFO handler.
Reviewed by:	sheldonh
2001-01-03 13:53:48 +00:00
Poul-Henning Kamp
70d8bdef9d Add a missing period and newline to a message.
PR:	23334
Submitted by:	Rich Morin <rdm@cfcl.com>
2000-12-18 21:14:25 +00:00
Ruslan Ermilov
1252c1bb05 Prepare for mdoc(7)NG. 2000-12-18 15:16:24 +00:00
Ian Dowse
6db798cae4 Add a simple SIGINFO handler to fsck_ffs. Shortly after receipt of
a SIGINFO (normally via Ctrl-T), a line will be output indicating
the current phase number and progress information relevant to the
current phase.

Approved by:	mckusick
2000-12-15 14:23:55 +00:00
Thomas-Henning von Kamptz
3d5000784d added growfs(8) including ffsinfo(8) to the freebsd base system
Reviewed by:	 grog
2000-12-09 15:27:35 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00