1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1980, 1986, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#if 0 33#ifndef lint 34static const char sccsid[] = "@(#)pass1.c 8.6 (Berkeley) 4/28/95"; 35#endif /* not lint */ 36#endif 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD$"); 39 40#include <sys/param.h> 41#include <sys/stat.h> 42#include <sys/sysctl.h> 43 44#include <ufs/ufs/dinode.h> 45#include <ufs/ufs/dir.h> 46#include <ufs/ffs/fs.h> 47 48#include <err.h> 49#include <limits.h> 50#include <stdint.h> 51#include <string.h> 52 53#include "fsck.h" 54 55static ufs2_daddr_t badblk; 56static ufs2_daddr_t dupblk; 57static ino_t lastino; /* last inode in use */ 58 59static int checkinode(ino_t inumber, struct inodesc *, int rebuildcg); 60 61void 62pass1(void) 63{ 64 struct inostat *info; 65 struct inodesc idesc; 66 struct bufarea *cgbp; 67 struct cg *cgp; 68 ino_t inumber, inosused, mininos; 69 ufs2_daddr_t i, cgd; 70 u_int8_t *cp; 71 int c, rebuildcg; 72 73 badblk = dupblk = lastino = 0; 74 75 /* 76 * Set file system reserved blocks in used block map. 77 */ 78 for (c = 0; c < sblock.fs_ncg; c++) { 79 cgd = cgdmin(&sblock, c); 80 if (c == 0) { 81 i = cgbase(&sblock, c); 82 } else 83 i = cgsblock(&sblock, c); 84 for (; i < cgd; i++) 85 setbmap(i); 86 } 87 i = sblock.fs_csaddr; 88 cgd = i + howmany(sblock.fs_cssize, sblock.fs_fsize); 89 for (; i < cgd; i++) 90 setbmap(i); 91 92 /* 93 * Find all allocated blocks. 94 */ 95 memset(&idesc, 0, sizeof(struct inodesc)); 96 idesc.id_func = pass1check; 97 n_files = n_blks = 0; 98 for (c = 0; c < sblock.fs_ncg; c++) { 99 inumber = c * sblock.fs_ipg; 100 cgbp = cglookup(c); 101 cgp = cgbp->b_un.b_cg; 102 rebuildcg = 0; 103 if (!check_cgmagic(c, cgbp, 1)) 104 rebuildcg = 1; 105 if (!rebuildcg && sblock.fs_magic == FS_UFS2_MAGIC) { 106 inosused = cgp->cg_initediblk; 107 if (inosused > sblock.fs_ipg) { 108 pfatal("Too many initialized inodes (%ju > %d) " 109 "in cylinder group %d\nReset to %d\n", 110 (uintmax_t)inosused, sblock.fs_ipg, c, 111 sblock.fs_ipg); 112 inosused = sblock.fs_ipg; 113 } 114 } else { 115 inosused = sblock.fs_ipg; 116 } 117 if (got_siginfo) { 118 printf("%s: phase 1: cyl group %d of %d (%d%%)\n", 119 cdevname, c, sblock.fs_ncg, 120 c * 100 / sblock.fs_ncg); 121 got_siginfo = 0; 122 } 123 if (got_sigalarm) { 124 setproctitle("%s p1 %d%%", cdevname, 125 c * 100 / sblock.fs_ncg); 126 got_sigalarm = 0; 127 } 128 /* 129 * If we are using soft updates, then we can trust the 130 * cylinder group inode allocation maps to tell us which 131 * inodes are allocated. We will scan the used inode map 132 * to find the inodes that are really in use, and then 133 * read only those inodes in from disk. 134 */ 135 if ((preen || inoopt) && usedsoftdep && !rebuildcg) { 136 cp = &cg_inosused(cgp)[(inosused - 1) / CHAR_BIT]; 137 for ( ; inosused != 0; cp--) { 138 if (*cp == 0) { 139 if (inosused > CHAR_BIT) 140 inosused -= CHAR_BIT; 141 else 142 inosused = 0; 143 continue; 144 } 145 for (i = 1 << (CHAR_BIT - 1); i > 0; i >>= 1) { 146 if (*cp & i) 147 break; 148 inosused--; 149 } 150 break; 151 } 152 } 153 /* 154 * Allocate inoinfo structures for the allocated inodes. 155 */ 156 inostathead[c].il_numalloced = inosused; 157 if (inosused == 0) { 158 inostathead[c].il_stat = NULL; 159 continue; 160 } 161 info = Calloc((unsigned)inosused, sizeof(struct inostat)); 162 if (info == NULL) 163 errx(EEXIT, "cannot alloc %u bytes for inoinfo", 164 (unsigned)(sizeof(struct inostat) * inosused)); 165 inostathead[c].il_stat = info; 166 /* 167 * Scan the allocated inodes. 168 */ 169 setinodebuf(c, inosused); 170 for (i = 0; i < inosused; i++, inumber++) { 171 if (inumber < UFS_ROOTINO) { 172 (void)getnextinode(inumber, rebuildcg); 173 continue; 174 } 175 /* 176 * NULL return indicates probable end of allocated 177 * inodes during cylinder group rebuild attempt. 178 * We always keep trying until we get to the minimum 179 * valid number for this cylinder group. 180 */ 181 if (checkinode(inumber, &idesc, rebuildcg) == 0 && 182 i > cgp->cg_initediblk) 183 break; 184 } 185 /* 186 * This optimization speeds up future runs of fsck 187 * by trimming down the number of inodes in cylinder 188 * groups that formerly had many inodes but now have 189 * fewer in use. 190 */ 191 mininos = roundup(inosused + INOPB(&sblock), INOPB(&sblock)); 192 if (inoopt && !preen && !rebuildcg && 193 sblock.fs_magic == FS_UFS2_MAGIC && 194 cgp->cg_initediblk > 2 * INOPB(&sblock) && 195 mininos < cgp->cg_initediblk) { 196 i = cgp->cg_initediblk; 197 if (mininos < 2 * INOPB(&sblock)) 198 cgp->cg_initediblk = 2 * INOPB(&sblock); 199 else 200 cgp->cg_initediblk = mininos; 201 pwarn("CYLINDER GROUP %d: RESET FROM %ju TO %d %s\n", 202 c, i, cgp->cg_initediblk, "VALID INODES"); 203 cgdirty(cgbp); 204 } 205 if (inosused < sblock.fs_ipg) 206 continue; 207 lastino += 1; 208 if (lastino < (c * sblock.fs_ipg)) 209 inosused = 0; 210 else 211 inosused = lastino - (c * sblock.fs_ipg); 212 if (rebuildcg && inosused > cgp->cg_initediblk && 213 sblock.fs_magic == FS_UFS2_MAGIC) { 214 cgp->cg_initediblk = roundup(inosused, INOPB(&sblock)); 215 pwarn("CYLINDER GROUP %d: FOUND %d VALID INODES\n", c, 216 cgp->cg_initediblk); 217 } 218 /* 219 * If we were not able to determine in advance which inodes 220 * were in use, then reduce the size of the inoinfo structure 221 * to the size necessary to describe the inodes that we 222 * really found. 223 */ 224 if (inumber == lastino) 225 continue; 226 inostathead[c].il_numalloced = inosused; 227 if (inosused == 0) { 228 free(inostathead[c].il_stat); 229 inostathead[c].il_stat = NULL; 230 continue; 231 } 232 info = Calloc((unsigned)inosused, sizeof(struct inostat)); 233 if (info == NULL) 234 errx(EEXIT, "cannot alloc %u bytes for inoinfo", 235 (unsigned)(sizeof(struct inostat) * inosused)); 236 memmove(info, inostathead[c].il_stat, inosused * sizeof(*info)); 237 free(inostathead[c].il_stat); 238 inostathead[c].il_stat = info; 239 } 240 freeinodebuf(); 241} 242 243static int 244checkinode(ino_t inumber, struct inodesc *idesc, int rebuildcg) 245{ 246 struct inode ip; 247 union dinode *dp; 248 off_t kernmaxfilesize; 249 ufs2_daddr_t ndb; 250 mode_t mode; 251 intmax_t size, fixsize; 252 int j, ret, offset; 253 254 if ((dp = getnextinode(inumber, rebuildcg)) == NULL) 255 goto unknown; 256 mode = DIP(dp, di_mode) & IFMT; 257 if (mode == 0) { 258 if ((sblock.fs_magic == FS_UFS1_MAGIC && 259 (memcmp(dp->dp1.di_db, zino.dp1.di_db, 260 UFS_NDADDR * sizeof(ufs1_daddr_t)) || 261 memcmp(dp->dp1.di_ib, zino.dp1.di_ib, 262 UFS_NIADDR * sizeof(ufs1_daddr_t)) || 263 dp->dp1.di_mode || dp->dp1.di_size)) || 264 (sblock.fs_magic == FS_UFS2_MAGIC && 265 (memcmp(dp->dp2.di_db, zino.dp2.di_db, 266 UFS_NDADDR * sizeof(ufs2_daddr_t)) || 267 memcmp(dp->dp2.di_ib, zino.dp2.di_ib, 268 UFS_NIADDR * sizeof(ufs2_daddr_t)) || 269 dp->dp2.di_mode || dp->dp2.di_size))) { 270 pfatal("PARTIALLY ALLOCATED INODE I=%lu", 271 (u_long)inumber); 272 if (reply("CLEAR") == 1) { 273 ginode(inumber, &ip); 274 clearinode(ip.i_dp); 275 inodirty(&ip); 276 irelse(&ip); 277 } 278 } 279 inoinfo(inumber)->ino_state = USTATE; 280 return (1); 281 } 282 lastino = inumber; 283 /* This should match the file size limit in ffs_mountfs(). */ 284 if (sblock.fs_magic == FS_UFS1_MAGIC) 285 kernmaxfilesize = (off_t)0x40000000 * sblock.fs_bsize - 1; 286 else 287 kernmaxfilesize = sblock.fs_maxfilesize; 288 if (DIP(dp, di_size) > kernmaxfilesize || 289 DIP(dp, di_size) > sblock.fs_maxfilesize || 290 (mode == IFDIR && DIP(dp, di_size) > MAXDIRSIZE)) { 291 if (debug) 292 printf("bad size %ju:", (uintmax_t)DIP(dp, di_size)); 293 goto unknown; 294 } 295 if (!preen && mode == IFMT && reply("HOLD BAD BLOCK") == 1) { 296 ginode(inumber, &ip); 297 dp = ip.i_dp; 298 DIP_SET(dp, di_size, sblock.fs_fsize); 299 DIP_SET(dp, di_mode, IFREG|0600); 300 inodirty(&ip); 301 irelse(&ip); 302 } 303 if ((mode == IFBLK || mode == IFCHR || mode == IFIFO || 304 mode == IFSOCK) && DIP(dp, di_size) != 0) { 305 if (debug) 306 printf("bad special-file size %ju:", 307 (uintmax_t)DIP(dp, di_size)); 308 goto unknown; 309 } 310 if ((mode == IFBLK || mode == IFCHR) && 311 (dev_t)DIP(dp, di_rdev) == NODEV) { 312 if (debug) 313 printf("bad special-file rdev NODEV:"); 314 goto unknown; 315 } 316 ndb = howmany(DIP(dp, di_size), sblock.fs_bsize); 317 if (ndb < 0) { 318 if (debug) 319 printf("bad size %ju ndb %ju:", 320 (uintmax_t)DIP(dp, di_size), (uintmax_t)ndb); 321 goto unknown; 322 } 323 if (mode == IFBLK || mode == IFCHR) 324 ndb++; 325 if (mode == IFLNK) { 326 /* 327 * Fake ndb value so direct/indirect block checks below 328 * will detect any garbage after symlink string. 329 */ 330 if (DIP(dp, di_size) < (off_t)sblock.fs_maxsymlinklen) { 331 if (sblock.fs_magic == FS_UFS1_MAGIC) 332 ndb = howmany(DIP(dp, di_size), 333 sizeof(ufs1_daddr_t)); 334 else 335 ndb = howmany(DIP(dp, di_size), 336 sizeof(ufs2_daddr_t)); 337 if (ndb > UFS_NDADDR) { 338 j = ndb - UFS_NDADDR; 339 for (ndb = 1; j > 1; j--) 340 ndb *= NINDIR(&sblock); 341 ndb += UFS_NDADDR; 342 } 343 } 344 } 345 for (j = ndb; ndb < UFS_NDADDR && j < UFS_NDADDR; j++) 346 if (DIP(dp, di_db[j]) != 0) { 347 if (debug) 348 printf("bad direct addr[%d]: %ju\n", j, 349 (uintmax_t)DIP(dp, di_db[j])); 350 goto unknown; 351 } 352 for (j = 0, ndb -= UFS_NDADDR; ndb > 0; j++) 353 ndb /= NINDIR(&sblock); 354 for (; j < UFS_NIADDR; j++) 355 if (DIP(dp, di_ib[j]) != 0) { 356 if (debug) 357 printf("bad indirect addr: %ju\n", 358 (uintmax_t)DIP(dp, di_ib[j])); 359 goto unknown; 360 } 361 if (ftypeok(dp) == 0) 362 goto unknown; 363 n_files++; 364 inoinfo(inumber)->ino_linkcnt = DIP(dp, di_nlink); 365 if (mode == IFDIR) { 366 if (DIP(dp, di_size) == 0) 367 inoinfo(inumber)->ino_state = DCLEAR; 368 else if (DIP(dp, di_nlink) <= 0) 369 inoinfo(inumber)->ino_state = DZLINK; 370 else 371 inoinfo(inumber)->ino_state = DSTATE; 372 cacheino(dp, inumber); 373 countdirs++; 374 } else if (DIP(dp, di_nlink) <= 0) 375 inoinfo(inumber)->ino_state = FZLINK; 376 else 377 inoinfo(inumber)->ino_state = FSTATE; 378 inoinfo(inumber)->ino_type = IFTODT(mode); 379 badblk = dupblk = 0; 380 idesc->id_number = inumber; 381 if (DIP(dp, di_flags) & SF_SNAPSHOT) 382 inoinfo(inumber)->ino_idtype = SNAP; 383 else 384 inoinfo(inumber)->ino_idtype = ADDR; 385 idesc->id_type = inoinfo(inumber)->ino_idtype; 386 (void)ckinode(dp, idesc); 387 if (sblock.fs_magic == FS_UFS2_MAGIC && dp->dp2.di_extsize > 0) { 388 ndb = howmany(dp->dp2.di_extsize, sblock.fs_bsize); 389 for (j = 0; j < UFS_NXADDR; j++) { 390 if (--ndb == 0 && 391 (offset = blkoff(&sblock, dp->dp2.di_extsize)) != 0) 392 idesc->id_numfrags = numfrags(&sblock, 393 fragroundup(&sblock, offset)); 394 else 395 idesc->id_numfrags = sblock.fs_frag; 396 if (dp->dp2.di_extb[j] == 0) 397 continue; 398 idesc->id_blkno = dp->dp2.di_extb[j]; 399 ret = (*idesc->id_func)(idesc); 400 if (ret & STOP) 401 break; 402 } 403 } 404 if (sblock.fs_magic == FS_UFS2_MAGIC) 405 eascan(idesc, &dp->dp2); 406 idesc->id_entryno *= btodb(sblock.fs_fsize); 407 if (DIP(dp, di_blocks) != idesc->id_entryno) { 408 pwarn("INCORRECT BLOCK COUNT I=%lu (%ju should be %ju)", 409 (u_long)inumber, (uintmax_t)DIP(dp, di_blocks), 410 (uintmax_t)idesc->id_entryno); 411 if (preen) 412 printf(" (CORRECTED)\n"); 413 else if (reply("CORRECT") == 0) 414 return (1); 415 if (bkgrdflag == 0) { 416 ginode(inumber, &ip); 417 DIP_SET(ip.i_dp, di_blocks, idesc->id_entryno); 418 inodirty(&ip); 419 irelse(&ip); 420 } else { 421 cmd.value = idesc->id_number; 422 cmd.size = idesc->id_entryno - DIP(dp, di_blocks); 423 if (debug) 424 printf("adjblkcnt ino %ju amount %lld\n", 425 (uintmax_t)cmd.value, (long long)cmd.size); 426 if (sysctl(adjblkcnt, MIBSIZE, 0, 0, 427 &cmd, sizeof cmd) == -1) 428 rwerror("ADJUST INODE BLOCK COUNT", cmd.value); 429 } 430 } 431 /* 432 * UFS does not allow files to end with a hole; it requires that 433 * the last block of a file be allocated. The last allocated block 434 * in a file is tracked in id_lballoc. Here, we check for a size 435 * past the last allocated block of the file and if that is found, 436 * shorten the file to reference the last allocated block to avoid 437 * having it reference a hole at its end. 438 * 439 * Soft updates will always ensure that the file size is correct 440 * for files that contain only direct block pointers. However 441 * soft updates does not roll back sizes for files with indirect 442 * blocks that it has set to unallocated because their contents 443 * have not yet been written to disk. Hence, the file can appear 444 * to have a hole at its end because the block pointer has been 445 * rolled back to zero. Thus finding a hole at the end of a file 446 * that is located in an indirect block receives only a warning 447 * while finding a hole at the end of a file in a direct block 448 * receives a fatal error message. 449 */ 450 size = DIP(dp, di_size); 451 if (idesc->id_lballoc < lblkno(&sblock, size - 1) && 452 /* exclude embedded symbolic links */ 453 ((mode != IFLNK) || size >= sblock.fs_maxsymlinklen)) { 454 fixsize = lblktosize(&sblock, idesc->id_lballoc + 1); 455 if (size > UFS_NDADDR * sblock.fs_bsize) 456 pwarn("INODE %lu: FILE SIZE %ju BEYOND END OF " 457 "ALLOCATED FILE, SIZE SHOULD BE %ju", 458 (u_long)inumber, size, fixsize); 459 else 460 pfatal("INODE %lu: FILE SIZE %ju BEYOND END OF " 461 "ALLOCATED FILE, SIZE SHOULD BE %ju", 462 (u_long)inumber, size, fixsize); 463 if (preen) 464 printf(" (ADJUSTED)\n"); 465 else if (reply("ADJUST") == 0) 466 return (1); 467 if (bkgrdflag == 0) { 468 ginode(inumber, &ip); 469 DIP_SET(ip.i_dp, di_size, fixsize); 470 inodirty(&ip); 471 irelse(&ip); 472 } else { 473 cmd.value = idesc->id_number; 474 cmd.size = fixsize; 475 if (debug) 476 printf("setsize ino %ju size set to %ju\n", 477 (uintmax_t)cmd.value, (uintmax_t)cmd.size); 478 if (sysctl(setsize, MIBSIZE, 0, 0, 479 &cmd, sizeof cmd) == -1) 480 rwerror("SET INODE SIZE", cmd.value); 481 } 482 483 } 484 return (1); 485unknown: 486 pfatal("UNKNOWN FILE TYPE I=%lu", (u_long)inumber); 487 inoinfo(inumber)->ino_state = FCLEAR; 488 if (reply("CLEAR") == 1) { 489 inoinfo(inumber)->ino_state = USTATE; 490 ginode(inumber, &ip); 491 clearinode(ip.i_dp); 492 inodirty(&ip); 493 irelse(&ip); 494 } 495 return (1); 496} 497 498int 499pass1check(struct inodesc *idesc) 500{ 501 int res = KEEPON; 502 int anyout, nfrags; 503 ufs2_daddr_t blkno = idesc->id_blkno; 504 struct dups *dlp; 505 struct dups *new; 506 507 if (idesc->id_type == SNAP) { 508 if (blkno == BLK_NOCOPY) 509 return (KEEPON); 510 if (idesc->id_number == cursnapshot) { 511 if (blkno == blkstofrags(&sblock, idesc->id_lbn)) 512 return (KEEPON); 513 if (blkno == BLK_SNAP) { 514 blkno = blkstofrags(&sblock, idesc->id_lbn); 515 idesc->id_entryno -= idesc->id_numfrags; 516 } 517 } else { 518 if (blkno == BLK_SNAP) 519 return (KEEPON); 520 } 521 } 522 if ((anyout = chkrange(blkno, idesc->id_numfrags)) != 0) { 523 blkerror(idesc->id_number, "BAD", blkno); 524 if (badblk++ >= MAXBAD) { 525 pwarn("EXCESSIVE BAD BLKS I=%lu", 526 (u_long)idesc->id_number); 527 if (preen) 528 printf(" (SKIPPING)\n"); 529 else if (reply("CONTINUE") == 0) { 530 ckfini(0); 531 exit(EEXIT); 532 } 533 rerun = 1; 534 return (STOP); 535 } 536 } 537 for (nfrags = idesc->id_numfrags; nfrags > 0; blkno++, nfrags--) { 538 if (anyout && chkrange(blkno, 1)) { 539 res = SKIP; 540 } else if (!testbmap(blkno)) { 541 n_blks++; 542 setbmap(blkno); 543 } else { 544 blkerror(idesc->id_number, "DUP", blkno); 545 if (dupblk++ >= MAXDUP) { 546 pwarn("EXCESSIVE DUP BLKS I=%lu", 547 (u_long)idesc->id_number); 548 if (preen) 549 printf(" (SKIPPING)\n"); 550 else if (reply("CONTINUE") == 0) { 551 ckfini(0); 552 exit(EEXIT); 553 } 554 rerun = 1; 555 return (STOP); 556 } 557 new = (struct dups *)Malloc(sizeof(struct dups)); 558 if (new == NULL) { 559 pfatal("DUP TABLE OVERFLOW."); 560 if (reply("CONTINUE") == 0) { 561 ckfini(0); 562 exit(EEXIT); 563 } 564 rerun = 1; 565 return (STOP); 566 } 567 new->dup = blkno; 568 if (muldup == NULL) { 569 duplist = muldup = new; 570 new->next = NULL; 571 } else { 572 new->next = muldup->next; 573 muldup->next = new; 574 } 575 for (dlp = duplist; dlp != muldup; dlp = dlp->next) 576 if (dlp->dup == blkno) 577 break; 578 if (dlp == muldup && dlp->dup != blkno) 579 muldup = new; 580 } 581 /* 582 * count the number of blocks found in id_entryno 583 */ 584 idesc->id_entryno++; 585 } 586 if (idesc->id_level == 0 && idesc->id_lballoc < idesc->id_lbn) 587 idesc->id_lballoc = idesc->id_lbn; 588 return (res); 589} 590