1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1980, 1986, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#if 0 33#ifndef lint 34static const char sccsid[] = "@(#)pass1.c 8.6 (Berkeley) 4/28/95"; 35#endif /* not lint */ 36#endif 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD$"); 39 40#include <sys/param.h> 41#include <sys/stat.h> 42#include <sys/sysctl.h> 43 44#include <ufs/ufs/dinode.h> 45#include <ufs/ufs/dir.h> 46#include <ufs/ffs/fs.h> 47 48#include <err.h> 49#include <limits.h> 50#include <stdint.h> 51#include <string.h> 52 53#include "fsck.h" 54 55static ufs2_daddr_t badblk; 56static ufs2_daddr_t dupblk; 57static ino_t lastino; /* last inode in use */ 58 59static int checkinode(ino_t inumber, struct inodesc *, int rebuildcg); 60 61void 62pass1(void) 63{ 64 struct inostat *info; 65 struct inodesc idesc; 66 struct bufarea *cgbp; 67 struct cg *cgp; 68 ino_t inumber, inosused, mininos; 69 ufs2_daddr_t i, cgd; 70 u_int8_t *cp; 71 int c, rebuildcg; 72 73 badblk = dupblk = lastino = 0; 74 75 /* 76 * Set file system reserved blocks in used block map. 77 */ 78 for (c = 0; c < sblock.fs_ncg; c++) { 79 cgd = cgdmin(&sblock, c); 80 if (c == 0) { 81 i = cgbase(&sblock, c); 82 } else 83 i = cgsblock(&sblock, c); 84 for (; i < cgd; i++) 85 setbmap(i); 86 } 87 i = sblock.fs_csaddr; 88 cgd = i + howmany(sblock.fs_cssize, sblock.fs_fsize); 89 for (; i < cgd; i++) 90 setbmap(i); 91 92 /* 93 * Find all allocated blocks. 94 */ 95 memset(&idesc, 0, sizeof(struct inodesc)); 96 idesc.id_func = pass1check; 97 n_files = n_blks = 0; 98 for (c = 0; c < sblock.fs_ncg; c++) { 99 inumber = c * sblock.fs_ipg; 100 setinodebuf(inumber); 101 cgbp = cglookup(c); 102 cgp = cgbp->b_un.b_cg; 103 rebuildcg = 0; 104 if (!check_cgmagic(c, cgbp)) 105 rebuildcg = 1; 106 if (!rebuildcg && sblock.fs_magic == FS_UFS2_MAGIC) { 107 inosused = cgp->cg_initediblk; 108 if (inosused > sblock.fs_ipg) { 109 pfatal( 110"Too many initialized inodes (%ju > %d) in cylinder group %d\nReset to %d\n", 111 (uintmax_t)inosused, 112 sblock.fs_ipg, c, sblock.fs_ipg); 113 inosused = sblock.fs_ipg; 114 } 115 } else { 116 inosused = sblock.fs_ipg; 117 } 118 if (got_siginfo) { 119 printf("%s: phase 1: cyl group %d of %d (%d%%)\n", 120 cdevname, c, sblock.fs_ncg, 121 c * 100 / sblock.fs_ncg); 122 got_siginfo = 0; 123 } 124 if (got_sigalarm) { 125 setproctitle("%s p1 %d%%", cdevname, 126 c * 100 / sblock.fs_ncg); 127 got_sigalarm = 0; 128 } 129 /* 130 * If we are using soft updates, then we can trust the 131 * cylinder group inode allocation maps to tell us which 132 * inodes are allocated. We will scan the used inode map 133 * to find the inodes that are really in use, and then 134 * read only those inodes in from disk. 135 */ 136 if ((preen || inoopt) && usedsoftdep && !rebuildcg) { 137 cp = &cg_inosused(cgp)[(inosused - 1) / CHAR_BIT]; 138 for ( ; inosused != 0; cp--) { 139 if (*cp == 0) { 140 if (inosused > CHAR_BIT) 141 inosused -= CHAR_BIT; 142 else 143 inosused = 0; 144 continue; 145 } 146 for (i = 1 << (CHAR_BIT - 1); i > 0; i >>= 1) { 147 if (*cp & i) 148 break; 149 inosused--; 150 } 151 break; 152 } 153 } 154 /* 155 * Allocate inoinfo structures for the allocated inodes. 156 */ 157 inostathead[c].il_numalloced = inosused; 158 if (inosused == 0) { 159 inostathead[c].il_stat = NULL; 160 continue; 161 } 162 info = Calloc((unsigned)inosused, sizeof(struct inostat)); 163 if (info == NULL) 164 errx(EEXIT, "cannot alloc %u bytes for inoinfo", 165 (unsigned)(sizeof(struct inostat) * inosused)); 166 inostathead[c].il_stat = info; 167 /* 168 * Scan the allocated inodes. 169 */ 170 for (i = 0; i < inosused; i++, inumber++) { 171 if (inumber < UFS_ROOTINO) { 172 (void)getnextinode(inumber, rebuildcg); 173 continue; 174 } 175 /* 176 * NULL return indicates probable end of allocated 177 * inodes during cylinder group rebuild attempt. 178 * We always keep trying until we get to the minimum 179 * valid number for this cylinder group. 180 */ 181 if (checkinode(inumber, &idesc, rebuildcg) == 0 && 182 i > cgp->cg_initediblk) 183 break; 184 } 185 /* 186 * This optimization speeds up future runs of fsck 187 * by trimming down the number of inodes in cylinder 188 * groups that formerly had many inodes but now have 189 * fewer in use. 190 */ 191 mininos = roundup(inosused + INOPB(&sblock), INOPB(&sblock)); 192 if (inoopt && !preen && !rebuildcg && 193 sblock.fs_magic == FS_UFS2_MAGIC && 194 cgp->cg_initediblk > 2 * INOPB(&sblock) && 195 mininos < cgp->cg_initediblk) { 196 i = cgp->cg_initediblk; 197 if (mininos < 2 * INOPB(&sblock)) 198 cgp->cg_initediblk = 2 * INOPB(&sblock); 199 else 200 cgp->cg_initediblk = mininos; 201 pwarn("CYLINDER GROUP %d: RESET FROM %ju TO %d %s\n", 202 c, i, cgp->cg_initediblk, "VALID INODES"); 203 dirty(cgbp); 204 } 205 if (inosused < sblock.fs_ipg) 206 continue; 207 lastino += 1; 208 if (lastino < (c * sblock.fs_ipg)) 209 inosused = 0; 210 else 211 inosused = lastino - (c * sblock.fs_ipg); 212 if (rebuildcg && inosused > cgp->cg_initediblk && 213 sblock.fs_magic == FS_UFS2_MAGIC) { 214 cgp->cg_initediblk = roundup(inosused, INOPB(&sblock)); 215 pwarn("CYLINDER GROUP %d: FOUND %d VALID INODES\n", c, 216 cgp->cg_initediblk); 217 } 218 /* 219 * If we were not able to determine in advance which inodes 220 * were in use, then reduce the size of the inoinfo structure 221 * to the size necessary to describe the inodes that we 222 * really found. 223 */ 224 if (inumber == lastino) 225 continue; 226 inostathead[c].il_numalloced = inosused; 227 if (inosused == 0) { 228 free(inostathead[c].il_stat); 229 inostathead[c].il_stat = NULL; 230 continue; 231 } 232 info = Calloc((unsigned)inosused, sizeof(struct inostat)); 233 if (info == NULL) 234 errx(EEXIT, "cannot alloc %u bytes for inoinfo", 235 (unsigned)(sizeof(struct inostat) * inosused)); 236 memmove(info, inostathead[c].il_stat, inosused * sizeof(*info)); 237 free(inostathead[c].il_stat); 238 inostathead[c].il_stat = info; 239 } 240 freeinodebuf(); 241} 242 243static int 244checkinode(ino_t inumber, struct inodesc *idesc, int rebuildcg) 245{ 246 union dinode *dp; 247 off_t kernmaxfilesize; 248 ufs2_daddr_t ndb; 249 mode_t mode; 250 intmax_t size, fixsize; 251 int j, ret, offset; 252 253 if ((dp = getnextinode(inumber, rebuildcg)) == NULL) 254 goto unknown; 255 mode = DIP(dp, di_mode) & IFMT; 256 if (mode == 0) { 257 if ((sblock.fs_magic == FS_UFS1_MAGIC && 258 (memcmp(dp->dp1.di_db, ufs1_zino.di_db, 259 UFS_NDADDR * sizeof(ufs1_daddr_t)) || 260 memcmp(dp->dp1.di_ib, ufs1_zino.di_ib, 261 UFS_NIADDR * sizeof(ufs1_daddr_t)) || 262 dp->dp1.di_mode || dp->dp1.di_size)) || 263 (sblock.fs_magic == FS_UFS2_MAGIC && 264 (memcmp(dp->dp2.di_db, ufs2_zino.di_db, 265 UFS_NDADDR * sizeof(ufs2_daddr_t)) || 266 memcmp(dp->dp2.di_ib, ufs2_zino.di_ib, 267 UFS_NIADDR * sizeof(ufs2_daddr_t)) || 268 dp->dp2.di_mode || dp->dp2.di_size))) { 269 pfatal("PARTIALLY ALLOCATED INODE I=%lu", 270 (u_long)inumber); 271 if (reply("CLEAR") == 1) { 272 dp = ginode(inumber); 273 clearinode(dp); 274 inodirty(dp); 275 } 276 } 277 inoinfo(inumber)->ino_state = USTATE; 278 return (1); 279 } 280 lastino = inumber; 281 /* This should match the file size limit in ffs_mountfs(). */ 282 if (sblock.fs_magic == FS_UFS1_MAGIC) 283 kernmaxfilesize = (off_t)0x40000000 * sblock.fs_bsize - 1; 284 else 285 kernmaxfilesize = sblock.fs_maxfilesize; 286 if (DIP(dp, di_size) > kernmaxfilesize || 287 DIP(dp, di_size) > sblock.fs_maxfilesize || 288 (mode == IFDIR && DIP(dp, di_size) > MAXDIRSIZE)) { 289 if (debug) 290 printf("bad size %ju:", (uintmax_t)DIP(dp, di_size)); 291 goto unknown; 292 } 293 if (!preen && mode == IFMT && reply("HOLD BAD BLOCK") == 1) { 294 dp = ginode(inumber); 295 DIP_SET(dp, di_size, sblock.fs_fsize); 296 DIP_SET(dp, di_mode, IFREG|0600); 297 inodirty(dp); 298 } 299 if ((mode == IFBLK || mode == IFCHR || mode == IFIFO || 300 mode == IFSOCK) && DIP(dp, di_size) != 0) { 301 if (debug) 302 printf("bad special-file size %ju:", 303 (uintmax_t)DIP(dp, di_size)); 304 goto unknown; 305 } 306 if ((mode == IFBLK || mode == IFCHR) && 307 (dev_t)DIP(dp, di_rdev) == NODEV) { 308 if (debug) 309 printf("bad special-file rdev NODEV:"); 310 goto unknown; 311 } 312 ndb = howmany(DIP(dp, di_size), sblock.fs_bsize); 313 if (ndb < 0) { 314 if (debug) 315 printf("bad size %ju ndb %ju:", 316 (uintmax_t)DIP(dp, di_size), (uintmax_t)ndb); 317 goto unknown; 318 } 319 if (mode == IFBLK || mode == IFCHR) 320 ndb++; 321 if (mode == IFLNK) { 322 /* 323 * Fake ndb value so direct/indirect block checks below 324 * will detect any garbage after symlink string. 325 */ 326 if (DIP(dp, di_size) < (off_t)sblock.fs_maxsymlinklen) { 327 if (sblock.fs_magic == FS_UFS1_MAGIC) 328 ndb = howmany(DIP(dp, di_size), 329 sizeof(ufs1_daddr_t)); 330 else 331 ndb = howmany(DIP(dp, di_size), 332 sizeof(ufs2_daddr_t)); 333 if (ndb > UFS_NDADDR) { 334 j = ndb - UFS_NDADDR; 335 for (ndb = 1; j > 1; j--) 336 ndb *= NINDIR(&sblock); 337 ndb += UFS_NDADDR; 338 } 339 } 340 } 341 for (j = ndb; ndb < UFS_NDADDR && j < UFS_NDADDR; j++) 342 if (DIP(dp, di_db[j]) != 0) { 343 if (debug) 344 printf("bad direct addr[%d]: %ju\n", j, 345 (uintmax_t)DIP(dp, di_db[j])); 346 goto unknown; 347 } 348 for (j = 0, ndb -= UFS_NDADDR; ndb > 0; j++) 349 ndb /= NINDIR(&sblock); 350 for (; j < UFS_NIADDR; j++) 351 if (DIP(dp, di_ib[j]) != 0) { 352 if (debug) 353 printf("bad indirect addr: %ju\n", 354 (uintmax_t)DIP(dp, di_ib[j])); 355 goto unknown; 356 } 357 if (ftypeok(dp) == 0) 358 goto unknown; 359 n_files++; 360 inoinfo(inumber)->ino_linkcnt = DIP(dp, di_nlink); 361 if (mode == IFDIR) { 362 if (DIP(dp, di_size) == 0) 363 inoinfo(inumber)->ino_state = DCLEAR; 364 else if (DIP(dp, di_nlink) <= 0) 365 inoinfo(inumber)->ino_state = DZLINK; 366 else 367 inoinfo(inumber)->ino_state = DSTATE; 368 cacheino(dp, inumber); 369 countdirs++; 370 } else if (DIP(dp, di_nlink) <= 0) 371 inoinfo(inumber)->ino_state = FZLINK; 372 else 373 inoinfo(inumber)->ino_state = FSTATE; 374 inoinfo(inumber)->ino_type = IFTODT(mode); 375 badblk = dupblk = 0; 376 idesc->id_number = inumber; 377 if (DIP(dp, di_flags) & SF_SNAPSHOT) 378 idesc->id_type = SNAP; 379 else 380 idesc->id_type = ADDR; 381 (void)ckinode(dp, idesc); 382 if (sblock.fs_magic == FS_UFS2_MAGIC && dp->dp2.di_extsize > 0) { 383 idesc->id_type = ADDR; 384 ndb = howmany(dp->dp2.di_extsize, sblock.fs_bsize); 385 for (j = 0; j < UFS_NXADDR; j++) { 386 if (--ndb == 0 && 387 (offset = blkoff(&sblock, dp->dp2.di_extsize)) != 0) 388 idesc->id_numfrags = numfrags(&sblock, 389 fragroundup(&sblock, offset)); 390 else 391 idesc->id_numfrags = sblock.fs_frag; 392 if (dp->dp2.di_extb[j] == 0) 393 continue; 394 idesc->id_blkno = dp->dp2.di_extb[j]; 395 ret = (*idesc->id_func)(idesc); 396 if (ret & STOP) 397 break; 398 } 399 } 400 if (sblock.fs_magic == FS_UFS2_MAGIC) 401 eascan(idesc, &dp->dp2); 402 idesc->id_entryno *= btodb(sblock.fs_fsize); 403 if (DIP(dp, di_blocks) != idesc->id_entryno) { 404 pwarn("INCORRECT BLOCK COUNT I=%lu (%ju should be %ju)", 405 (u_long)inumber, (uintmax_t)DIP(dp, di_blocks), 406 (uintmax_t)idesc->id_entryno); 407 if (preen) 408 printf(" (CORRECTED)\n"); 409 else if (reply("CORRECT") == 0) 410 return (1); 411 if (bkgrdflag == 0) { 412 dp = ginode(inumber); 413 DIP_SET(dp, di_blocks, idesc->id_entryno); 414 inodirty(dp); 415 } else { 416 cmd.value = idesc->id_number; 417 cmd.size = idesc->id_entryno - DIP(dp, di_blocks); 418 if (debug) 419 printf("adjblkcnt ino %ju amount %lld\n", 420 (uintmax_t)cmd.value, (long long)cmd.size); 421 if (sysctl(adjblkcnt, MIBSIZE, 0, 0, 422 &cmd, sizeof cmd) == -1) 423 rwerror("ADJUST INODE BLOCK COUNT", cmd.value); 424 } 425 } 426 /* 427 * UFS does not allow files to end with a hole; it requires that 428 * the last block of a file be allocated. The last allocated block 429 * in a file is tracked in id_lballoc. Here, we check for a size 430 * past the last allocated block of the file and if that is found, 431 * shorten the file to reference the last allocated block to avoid 432 * having it reference a hole at its end. 433 * 434 * Soft updates will always ensure that the file size is correct 435 * for files that contain only direct block pointers. However 436 * soft updates does not roll back sizes for files with indirect 437 * blocks that it has set to unallocated because their contents 438 * have not yet been written to disk. Hence, the file can appear 439 * to have a hole at its end because the block pointer has been 440 * rolled back to zero. Thus finding a hole at the end of a file 441 * that is located in an indirect block receives only a warning 442 * while finding a hole at the end of a file in a direct block 443 * receives a fatal error message. 444 */ 445 size = DIP(dp, di_size); 446 if (idesc->id_lballoc < lblkno(&sblock, size - 1) && 447 /* exclude embedded symbolic links */ 448 ((mode != IFLNK) || size >= sblock.fs_maxsymlinklen)) { 449 fixsize = lblktosize(&sblock, idesc->id_lballoc + 1); 450 if (size > UFS_NDADDR * sblock.fs_bsize) 451 pwarn("INODE %lu: FILE SIZE %ju BEYOND END OF " 452 "ALLOCATED FILE, SIZE SHOULD BE %ju", 453 (u_long)inumber, size, fixsize); 454 else 455 pfatal("INODE %lu: FILE SIZE %ju BEYOND END OF " 456 "ALLOCATED FILE, SIZE SHOULD BE %ju", 457 (u_long)inumber, size, fixsize); 458 if (preen) 459 printf(" (ADJUSTED)\n"); 460 else if (reply("ADJUST") == 0) 461 return (1); 462 if (bkgrdflag == 0) { 463 dp = ginode(inumber); 464 DIP_SET(dp, di_size, fixsize); 465 inodirty(dp); 466 } else { 467 cmd.value = idesc->id_number; 468 cmd.size = fixsize; 469 if (debug) 470 printf("setsize ino %ju size set to %ju\n", 471 (uintmax_t)cmd.value, (uintmax_t)cmd.size); 472 if (sysctl(setsize, MIBSIZE, 0, 0, 473 &cmd, sizeof cmd) == -1) 474 rwerror("SET INODE SIZE", cmd.value); 475 } 476 477 } 478 return (1); 479unknown: 480 pfatal("UNKNOWN FILE TYPE I=%lu", (u_long)inumber); 481 inoinfo(inumber)->ino_state = FCLEAR; 482 if (reply("CLEAR") == 1) { 483 inoinfo(inumber)->ino_state = USTATE; 484 dp = ginode(inumber); 485 clearinode(dp); 486 inodirty(dp); 487 } 488 return (1); 489} 490 491int 492pass1check(struct inodesc *idesc) 493{ 494 int res = KEEPON; 495 int anyout, nfrags; 496 ufs2_daddr_t blkno = idesc->id_blkno; 497 struct dups *dlp; 498 struct dups *new; 499 500 if (idesc->id_type == SNAP) { 501 if (blkno == BLK_NOCOPY) 502 return (KEEPON); 503 if (idesc->id_number == cursnapshot) { 504 if (blkno == blkstofrags(&sblock, idesc->id_lbn)) 505 return (KEEPON); 506 if (blkno == BLK_SNAP) { 507 blkno = blkstofrags(&sblock, idesc->id_lbn); 508 idesc->id_entryno -= idesc->id_numfrags; 509 } 510 } else { 511 if (blkno == BLK_SNAP) 512 return (KEEPON); 513 } 514 } 515 if ((anyout = chkrange(blkno, idesc->id_numfrags)) != 0) { 516 blkerror(idesc->id_number, "BAD", blkno); 517 if (badblk++ >= MAXBAD) { 518 pwarn("EXCESSIVE BAD BLKS I=%lu", 519 (u_long)idesc->id_number); 520 if (preen) 521 printf(" (SKIPPING)\n"); 522 else if (reply("CONTINUE") == 0) { 523 ckfini(0); 524 exit(EEXIT); 525 } 526 rerun = 1; 527 return (STOP); 528 } 529 } 530 for (nfrags = idesc->id_numfrags; nfrags > 0; blkno++, nfrags--) { 531 if (anyout && chkrange(blkno, 1)) { 532 res = SKIP; 533 } else if (!testbmap(blkno)) { 534 n_blks++; 535 setbmap(blkno); 536 } else { 537 blkerror(idesc->id_number, "DUP", blkno); 538 if (dupblk++ >= MAXDUP) { 539 pwarn("EXCESSIVE DUP BLKS I=%lu", 540 (u_long)idesc->id_number); 541 if (preen) 542 printf(" (SKIPPING)\n"); 543 else if (reply("CONTINUE") == 0) { 544 ckfini(0); 545 exit(EEXIT); 546 } 547 rerun = 1; 548 return (STOP); 549 } 550 new = (struct dups *)Malloc(sizeof(struct dups)); 551 if (new == NULL) { 552 pfatal("DUP TABLE OVERFLOW."); 553 if (reply("CONTINUE") == 0) { 554 ckfini(0); 555 exit(EEXIT); 556 } 557 rerun = 1; 558 return (STOP); 559 } 560 new->dup = blkno; 561 if (muldup == NULL) { 562 duplist = muldup = new; 563 new->next = NULL; 564 } else { 565 new->next = muldup->next; 566 muldup->next = new; 567 } 568 for (dlp = duplist; dlp != muldup; dlp = dlp->next) 569 if (dlp->dup == blkno) 570 break; 571 if (dlp == muldup && dlp->dup != blkno) 572 muldup = new; 573 } 574 /* 575 * count the number of blocks found in id_entryno 576 */ 577 idesc->id_entryno++; 578 } 579 if (idesc->id_level == 0 && idesc->id_lballoc < idesc->id_lbn) 580 idesc->id_lballoc = idesc->id_lbn; 581 return (res); 582} 583