xref: /titanic_50/usr/src/cmd/fs.d/ufs/fsck/pass3.c (revision d1a180b0452ce86577a43be3245d2eacdeec1a34)
1 /*
2  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
7 /*	  All Rights Reserved  	*/
8 
9 /*
10  * Copyright (c) 1980, 1986, 1990 The Regents of the University of California.
11  * All rights reserved.
12  *
13  * Redistribution and use in source and binary forms are permitted
14  * provided that: (1) source distributions retain this entire copyright
15  * notice and comment, and (2) distributions including binaries display
16  * the following acknowledgement:  ``This product includes software
17  * developed by the University of California, Berkeley and its contributors''
18  * in the documentation or other materials provided with the distribution
19  * and in all advertising materials mentioning features or use of this
20  * software. Neither the name of the University nor the names of its
21  * contributors may be used to endorse or promote products derived
22  * from this software without specific prior written permission.
23  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
24  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
25  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
26  */
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 #include <string.h>
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/mntent.h>
37 #include <sys/fs/ufs_fs.h>
38 #include <sys/vnode.h>
39 #include <sys/fs/ufs_inode.h>
40 #define	_KERNEL
41 #include <sys/fs/ufs_fsdir.h>
42 #undef _KERNEL
43 #include "fsck.h"
44 
45 static int pass3acheck(struct inodesc *);
46 static void setcurino(struct inodesc *, struct dinode *, struct inoinfo *);
47 
48 void
49 pass3a(void)
50 {
51 	caddr_t flow;
52 	struct inoinfo **inpp, *inp;
53 	fsck_ino_t orphan;
54 	int loopcnt;
55 	int state;
56 	struct shadowclientinfo *sci, *sci_victim, *sci_prev, **sci_rootp;
57 	struct inodesc curino;
58 	struct dinode *dp;
59 	struct inodesc idesc;
60 	char namebuf[MAXNAMLEN + 1];
61 
62 	for (inpp = &inpsort[inplast - 1]; inpp >= inpsort; inpp--) {
63 		inp = *inpp;
64 		state = statemap[inp->i_number];
65 		if (inp->i_number == UFSROOTINO ||
66 		    (inp->i_parent != 0 && !S_IS_DUNFOUND(state)))
67 			continue;
68 		if (state == DCLEAR || state == USTATE || (state & INORPHAN))
69 			continue;
70 		/*
71 		 * If we are running with logging and we come
72 		 * across unreferenced directories, we just leave
73 		 * them in DSTATE which will cause them to be pitched
74 		 * in pass 4.
75 		 */
76 		if (preen && !iscorrupt && islog && S_IS_DUNFOUND(state)) {
77 			if (inp->i_dotdot >= UFSROOTINO) {
78 				LINK_RANGE(flow, lncntp[inp->i_dotdot], 1);
79 				if (flow != NULL) {
80 					dp = ginode(inp->i_dotdot);
81 					LINK_CLEAR(flow, inp->i_dotdot,
82 					    dp->di_mode, &idesc);
83 					if (statemap[inp->i_dotdot] == USTATE)
84 						continue;
85 				}
86 				TRACK_LNCNTP(inp->i_dotdot,
87 				    lncntp[inp->i_dotdot]++);
88 			}
89 			continue;
90 		}
91 
92 		for (loopcnt = 0; ; loopcnt++) {
93 			orphan = inp->i_number;
94 			/*
95 			 * Skip out if we aren't connected to the name
96 			 * space, or our parent is connected, or we've
97 			 * looked at too many directories.  Our parent
98 			 * being connected means that orphan is the
99 			 * first ancestor of *inpp with questionable
100 			 * antecedents.
101 			 */
102 			if (inp->i_parent == 0 ||
103 			    !INO_IS_DUNFOUND(inp->i_parent) ||
104 			    loopcnt > numdirs)
105 				break;
106 			inp = getinoinfo(inp->i_parent);
107 			/*
108 			 * Can't happen, because a non-zero parent's already
109 			 * been seen and therefore cached.
110 			 */
111 			if (inp == NULL)
112 				errexit("pass3 could not find cached "
113 					"inode I=%d\n",
114 					inp->i_parent);
115 		}
116 
117 		/*
118 		 * Already did this one.  Don't bother the user
119 		 * with redundant questions.
120 		 */
121 		if (statemap[orphan] & INORPHAN)
122 			continue;
123 
124 		/*
125 		 * A link count of 0 with parent and .. inodes of 0
126 		 * indicates a partly deleted directory.
127 		 * Clear it.
128 		 */
129 		dp = ginode(orphan);
130 		if (dp->di_nlink == 0 && inp->i_dotdot == 0 &&
131 		    inp->i_parent == 0) {
132 			/*
133 			 * clri() just uses curino.id_number; in other
134 			 * words, it won't use the callback that setcurino()
135 			 * puts in.
136 			 */
137 			setcurino(&curino, dp, inp);
138 			clri(&curino, "UNREF", CLRI_VERBOSE, CLRI_NOP_OK);
139 
140 			/*
141 			 * If we didn't clear it, at least mark it so
142 			 * we don't waste time on it again.
143 			 */
144 			if (statemap[orphan] != USTATE) {
145 				statemap[orphan] |= INORPHAN;
146 			}
147 			continue;
148 		}
149 
150 		/*
151 		 * We can call linkup() multiple times on the same directory
152 		 * inode, if we were told not to reconnect it the first time.
153 		 * This is because we find it as a disconnected parent of
154 		 * of its children (and mark it found), and then finally get
155 		 * to it in the inpsort array.  This is better than in the
156 		 * past, where we'd call it every time we found it as a
157 		 * child's parent.  Ideally, we'd suppress even the second
158 		 * query, but that confuses pass 4's interpretation of
159 		 * the state flags.
160 		 */
161 		if (loopcnt <= countdirs) {
162 			if (linkup(orphan, inp->i_dotdot, NULL)) {
163 				/*
164 				 * Bookkeeping for any sort of relinked
165 				 * directory.
166 				 */
167 				inp->i_dotdot = lfdir;
168 				inp->i_parent = inp->i_dotdot;
169 				statemap[orphan] &= ~(INORPHAN);
170 			} else {
171 				statemap[orphan] |= INORPHAN;
172 			}
173 			propagate();
174 			continue;
175 		}
176 
177 		/*
178 		 * We visited more directories than exist in the
179 		 * filesystem.  The only way to do that is if there's
180 		 * a loop.
181 		 */
182 		pfatal("ORPHANED DIRECTORY LOOP DETECTED I=%d\n", orphan);
183 
184 		/*
185 		 * Can never get here with inp->i_parent zero, because
186 		 * of the interactions between the for() and the
187 		 * if (loopcnt <= countdirs) above.
188 		 */
189 		init_inodesc(&idesc);
190 		idesc.id_type = DATA;
191 		idesc.id_number = inp->i_parent;
192 		idesc.id_parent = orphan;
193 		idesc.id_func = findname;
194 		idesc.id_name = namebuf;
195 		namebuf[0] = '\0';
196 
197 		/*
198 		 * Theoretically, this lookup via ckinode can't fail
199 		 * (if orphan doesn't exist in i_parent, then i_parent
200 		 * would not have been filled in by pass2check()).
201 		 * However, if we're interactive, we want to at least
202 		 * attempt to continue.  The worst case is that it
203 		 * gets reconnected as #nnn into lost+found instead of
204 		 * to its old parent with its old name.
205 		 */
206 		if ((ckinode(ginode(inp->i_parent),
207 		    &idesc, CKI_TRAVERSE) & FOUND) == 0)
208 			pfatal("COULD NOT FIND NAME IN PARENT DIRECTORY");
209 
210 		if (linkup(orphan, inp->i_parent, namebuf)) {
211 			if (cleardirentry(inp->i_parent, orphan) & FOUND) {
212 				LFDIR_LINK_RANGE_NORVAL(flow, lncntp[lfdir], 1,
213 				    &idesc);
214 				TRACK_LNCNTP(orphan, lncntp[orphan]++);
215 			}
216 			inp->i_parent = inp->i_dotdot = lfdir;
217 			LFDIR_LINK_RANGE_NORVAL(flow, lncntp[lfdir], -1,
218 			    &idesc);
219 			TRACK_LNCNTP(lfdir, lncntp[lfdir]--);
220 			statemap[orphan] = DFOUND;
221 		} else {
222 			/*
223 			 * Represents a on-disk leak, not an inconsistency,
224 			 * so don't set iscorrupt.  Such leaks are harmless
225 			 * in the context of discrepancies that the kernel
226 			 * will panic over.
227 			 *
228 			 * We don't care if tsearch() returns non-NULL
229 			 * != orphan, since there's no dynamic memory
230 			 * to free here.
231 			 */
232 			if (tsearch((void *)orphan, &limbo_dirs,
233 				    ino_t_cmp) == NULL)
234 				errexit("out of memory");
235 			statemap[orphan] |= INORPHAN;
236 			continue;
237 		}
238 		propagate();
239 	}
240 
241 	/*
242 	 * The essence of the inner loop is to update the inode of
243 	 * every shadow or attribute inode's lncntp[] by the number of
244 	 * links we've found to them in pass 2 and above.  Logically,
245 	 * all that is needed is just the one line:
246 	 *
247 	 * lncntp[sci->shadow] -= sci->totalclients;
248 	 *
249 	 * However, there's the possibility of wrapping the link count
250 	 * (this is especially true for shadows, which are expected to
251 	 * be shared amongst many files).  This means that we have to
252 	 * range-check before changing anything, and if the check
253 	 * fails, offer to clear the shadow or attribute.  If we do
254 	 * clear it, then we have to remove it from the linked list of
255 	 * all of the type of inodes that we're going through.
256 	 *
257 	 * Just to make things a little more complicated, these are
258 	 * singly-linked lists, so we have to do all the extra
259 	 * bookkeeping that goes along with that as well.
260 	 *
261 	 * The only connection between the shadowclientinfo and
262 	 * attrclientinfo lists is that they use the same underlying
263 	 * struct.  Both need this scan, so the outer loop is just to
264 	 * pick which one we're working on at the moment.  There is no
265 	 * requirement as to which of these lists is scanned first.
266 	 */
267 	for (loopcnt = 0; loopcnt < 2; loopcnt++) {
268 		if (loopcnt == 0)
269 			sci_rootp = &shadowclientinfo;
270 		else
271 			sci_rootp = &attrclientinfo;
272 
273 		sci = *sci_rootp;
274 		sci_prev = NULL;
275 		while (sci != NULL) {
276 			sci_victim = NULL;
277 			LINK_RANGE(flow, lncntp[sci->shadow],
278 			    -(sci->totalClients));
279 			if (flow != NULL) {
280 				/*
281 				 * Overflowed the link count.
282 				 */
283 				dp = ginode(sci->shadow);
284 				LINK_CLEAR(flow, sci->shadow, dp->di_mode,
285 				    &idesc);
286 				if (statemap[sci->shadow] == USTATE) {
287 					/*
288 					 * It's been cleared, fix the
289 					 * lists.
290 					 */
291 					if (sci_prev == NULL) {
292 						*sci_rootp = sci->next;
293 					} else {
294 						sci_prev->next = sci->next;
295 					}
296 					sci_victim = sci;
297 				}
298 			}
299 
300 			/*
301 			 * If we did not clear the shadow, then we
302 			 * need to update the count and advance the
303 			 * previous pointer.  Otherwise, finish the
304 			 * clean up once we're done with the struct.
305 			 */
306 			if (sci_victim == NULL) {
307 				TRACK_LNCNTP(sci->shadow,
308 				    lncntp[sci->shadow] -= sci->totalClients);
309 				sci_prev = sci;
310 			}
311 			sci = sci->next;
312 			if (sci_victim != NULL)
313 				deshadow(sci_victim, NULL);
314 		}
315 	}
316 }
317 
318 
319 /*
320  * This is used to verify the cflags of files
321  * under a directory that used to be an attrdir.
322  */
323 
324 static int
325 pass3acheck(struct inodesc *idesc)
326 {
327 	struct direct *dirp = idesc->id_dirp;
328 	int n = 0, ret = 0;
329 	struct dinode *dp, *pdirp;
330 	int isattr;
331 	int dirtype;
332 	int inotype;
333 
334 	if (dirp->d_ino == 0)
335 		return (KEEPON);
336 
337 	idesc->id_entryno++;
338 	if ((strcmp(dirp->d_name, ".") == 0) ||
339 	    (strcmp(dirp->d_name, "..") == 0)) {
340 		return (KEEPON);
341 	}
342 
343 	switch (statemap[dirp->d_ino] & ~(INDELAYD)) {
344 	case DSTATE:
345 	case DFOUND:
346 	case FSTATE:
347 		/*
348 		 * Accept DSTATE and DFOUND so we can handle normal
349 		 * directories as well as xattr directories.
350 		 *
351 		 * For extended attribute directories .. may point
352 		 * to a file.  In this situation we don't want
353 		 * to decrement link count as it was already
354 		 * decremented when the entry was seen and decremented
355 		 * in the directory it actually lives in.
356 		 */
357 		dp = ginode(dirp->d_ino);
358 		isattr = (dp->di_cflags & IXATTR);
359 		inotype = (dp->di_mode & IFMT);
360 		pdirp = ginode(idesc->id_number);
361 		dirtype = (pdirp->di_mode & IFMT);
362 		/*
363 		 * IXATTR indicates that an object is itself an extended
364 		 * attribute.  An IFMT of IFATTRDIR means we are looking
365 		 * at a directory which contains files which should all
366 		 * have IXATTR set.  The IFATTRDIR case was handled in
367 		 * pass 2b.
368 		 *
369 		 * Note that the following code actually handles
370 		 * anything that's marked as an extended attribute but
371 		 * in a regular directory, not just files.
372 		 */
373 		if ((dirtype == IFDIR) && isattr) {
374 			fileerror(idesc->id_number, dirp->d_ino,
375 		    "%s I=%d should NOT be marked as extended attribute\n",
376 			    (inotype == IFDIR) ? "Directory" : "File",
377 			    dirp->d_ino);
378 			dp = ginode(dirp->d_ino);
379 			dp->di_cflags &= ~IXATTR;
380 			if ((n = reply("FIX")) == 1) {
381 				inodirty();
382 			} else {
383 				iscorrupt = 1;
384 			}
385 			if (n != 0)
386 				return (KEEPON | ALTERED);
387 		}
388 		break;
389 	default:
390 		errexit("PASS3: BAD STATE %d FOR INODE I=%d",
391 		    statemap[dirp->d_ino], dirp->d_ino);
392 		/* NOTREACHED */
393 	}
394 	if (n == 0)
395 		return (ret|KEEPON);
396 	return (ret|KEEPON|ALTERED);
397 }
398 
399 static void
400 setcurino(struct inodesc *idesc, struct dinode *dp, struct inoinfo *inp)
401 {
402 	(void) memmove((void *)&dp->di_db[0], (void *)&inp->i_blks[0],
403 		inp->i_blkssize);
404 
405 	init_inodesc(idesc);
406 	idesc->id_number = inp->i_number;
407 	idesc->id_parent = inp->i_parent;
408 	idesc->id_fix = DONTKNOW;
409 	idesc->id_type = DATA;
410 	idesc->id_func = pass3acheck;
411 }
412 
413 void
414 maybe_convert_attrdir_to_dir(fsck_ino_t orphan)
415 {
416 	struct dinode *dp = ginode(orphan);
417 	struct inoinfo *inp = getinoinfo(orphan);
418 	struct inodesc idesc;
419 
420 	if (dp->di_cflags & IXATTR) {
421 		dp->di_cflags &= ~IXATTR;
422 		inodirty();
423 	}
424 
425 	if ((dp->di_mode & IFMT) == IFATTRDIR) {
426 		dp->di_mode &= ~IFATTRDIR;
427 		dp->di_mode |= IFDIR;
428 		inodirty();
429 
430 		setcurino(&idesc, dp, inp);
431 		idesc.id_fix = FIX;
432 		idesc.id_filesize = dp->di_size;
433 		(void) ckinode(dp, &idesc, CKI_TRAVERSE);
434 	}
435 }
436