/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* Copyright (c) 1980, 1986, 1990 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that: (1) source distributions retain this entire copyright
* notice and comment, and (2) distributions including binaries display
* the following acknowledgement: ``This product includes software
* developed by the University of California, Berkeley and its contributors''
* in the documentation or other materials provided with the distribution
* and in all advertising materials mentioning features or use of this
* software. Neither the name of the University nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <stdlib.h>
#include <sys/sysmacros.h>
#define _KERNEL
#include <string.h>
#include "fsck.h"
static int blksort(const void *, const void *);
static int pass2check(struct inodesc *);
void
pass2(void)
{
int found;
int dirtype;
case USTATE:
pfatal("ROOT INODE UNALLOCATED");
if (reply("ALLOCATE") == 0) {
errexit("Program terminated.");
}
errexit("CANNOT ALLOCATE ROOT INODE\n");
break;
case DCLEAR:
0755, 0) != UFSROOTINO)
errexit("CANNOT ALLOCATE ROOT INODE\n");
break;
}
if (reply("CONTINUE") == 0) {
errexit("Program terminated.");
}
break;
case FSTATE:
case FCLEAR:
case FZLINK:
case SSTATE:
case SCLEAR:
pfatal("ROOT INODE NOT DIRECTORY");
errexit("CANNOT ALLOCATE ROOT INODE\n");
break;
}
if (reply("FIX") == 0) {
ckfini();
errexit("Program terminated.");
}
inodirty();
break;
case DSTATE:
case DZLINK:
break;
default:
errexit("BAD STATE 0x%x FOR ROOT INODE\n",
}
/*
* Technically, we do know who the parent is. However,
* if this is set, then we'll get confused during the
* second-dir-entry-is-dotdot test for the root inode.
*/
/*
* Sort the directory list into disk block order. There's no
* requirement to do this, but it may help improve our i/o times
* somewhat.
*/
/*
* Check the integrity of each directory. In general, we treat
* attribute directories just like normal ones. Only the handling
* of .. is really different.
*/
continue;
/* != DSTATE also covers case of == USTATE */
continue;
inodirty();
} else {
iscorrupt = 1;
}
}
pwarn("DIRECTORY %s: LENGTH %lld NOT MULTIPLE OF %d",
inodirty();
if (preen)
(void) printf(" (ADJUSTED)\n");
} else {
iscorrupt = 1;
}
}
pwarn("ATTRIBUTE DIRECTORY I=%d MISSING IXATTR FLAG",
inodirty();
if (preen)
(void) printf(" (CORRECTED)\n");
}
}
inp->i_blkssize);
/*
* Make sure we mark attrdirs as DFOUND, since they won't
* be located during normal scan of standard directories.
*/
}
}
}
}
}
/*
* Now that the parents of all directories have been found,
* make another pass to verify the value of ..
*/
continue;
/*
* There are only directories in inpsort[], so only
* directory-related states need to be checked. There
* should never be any flags associated with USTATE.
*/
continue;
}
}
continue;
}
"MISSING '..'");
if (reply("FIX") == 0) {
iscorrupt = 1;
continue;
}
found = 0;
/*
* See if this is an attrdir that we located in pass1.
* i.e. it was on an i_oeftflag of some other inode.
* if it isn't found then we have an orphaned attrdir
* that needs to be tossed into lost+found.
*/
for (sci = attrclientinfo;
found = 1;
}
}
}
/*
* We've already proven there's no "..", so this
* can't create a duplicate.
*/
/*
* is it an orphaned attrdir?
*/
/*
* Throw it into lost+found
*/
NULL) == 0) {
"Unable to move attrdir I=%d to lost+found\n",
iscorrupt = 1;
}
}
&ldesc);
USTATE) {
/*
* iscorrupt is
* already set
*/
continue;
}
}
}
continue;
}
pfatal("CANNOT FIX, INSUFFICIENT SPACE TO ADD '..'\n");
iscorrupt = 1;
continue;
}
continue;
}
"BAD INODE NUMBER FOR '..'");
if (reply("FIX") == 0) {
iscorrupt = 1;
continue;
}
/* iscorrupt is already set */
continue;
}
}
/* iscorrupt is already set */
continue;
}
}
}
/*
* Mark all the directories that can be found from the root.
*/
propagate();
}
/*
* Sanity-check a single directory entry. Which entry is being
* examined is tracked via idesc->id_entryno. There are two
* special ones, 0 (.) and 1 (..). Those have to exist in order
* in the first two locations in the directory, and have the usual
* properties. All other entries have to not be for either of
* the special two, and the inode they reference has to be
* reasonable.
*
* This is only called from dirscan(), which looks for the
* ALTERED flag after each invocation. If it finds it, the
* relevant buffer gets pushed out, so we don't have to worry
* about it here.
*/
static int
{
int ret = 0;
int isattr;
int pdirtype;
int breakout = 0;
int dontreconnect;
if (idesc->id_entryno != 0)
goto chk1;
/*
* check for "."
*/
} else {
iscorrupt = 1;
}
}
goto chk1;
}
/*
* Build up a new one, and make sure there's room to put
* it where it belongs.
*/
pfatal("CANNOT FIX, FIRST ENTRY IN DIRECTORY CONTAINS %s\n",
iscorrupt = 1;
pfatal("CANNOT FIX, INSUFFICIENT SPACE TO ADD '.'\n");
iscorrupt = 1;
/*
* No room for another entry after us ("." is the
* smallest entry you can have), so just put all
* of the old entry's space into the new entry.
*
* Because we don't touch id_entryno, we end up going
* through the chk2 tests as well.
*/
} else {
iscorrupt = 1;
}
} else {
/*
* There's enough room for an entire additional entry
* after this, so create the "." entry and follow it
* with an empty entry that covers the rest of the
* space.
*
* The increment of id_entryno means we'll skip the
* "." case of chk1, doing the ".." tests instead.
* Since we know that there's not a ".." where it
* should be (because we just created an empty entry
* there), that's the best way of getting it recreated
* as well.
*/
idesc->id_entryno++;
/*
* Make sure the link count is in range before updating
* it. This makes the assumption that the link count
* for this inode included one for ".", even though
* there wasn't a "." entry. Even if that's not true,
* it's a reasonable working hypothesis, and the link
* count verification done in pass4 will fix it for
* us anyway.
*/
/*
* The inode got zapped, so reset the
* directory entry. Extend it to also
* cover the space we were going to make
* into a new entry.
*/
return (ret);
}
}
/*
* Create the new empty entry.
*/
/* LINTED pointer cast alignment (entrysize is valid) */
/*
* Did the user want us to create a new "."? This
* query assumes that the direrror(MISSING) was the
* last thing printed, so if the LINK_RANGE() check
* fails, it can't pass through here.
*/
} else {
iscorrupt = 1;
}
}
/*
* XXX The next few lines are needed whether we're processing "."
* or "..". However, there are some extra steps still needed
* for the former, hence the big block of code for
* id_entryno == 0. Alternatively, there could be a label just
* before this comment, and everything through the end of that
* block moved there. In some ways, that might make the
* control flow more logical (factoring out to separate functions
* would be even better).
*/
chk1:
goto chk2;
/*
* This is a can't-happen, since inodes get cached before
* we get called on them.
*/
errexit("pass2check got NULL from getinoinfo at chk1 I=%d\n",
}
if (idesc->id_entryno == 0) {
/*
* We may not actually need to split things up, but if
* there's room to do so, we should, as that implies
* that the "." entry is larger than it is supposed
* to be, and therefore there's something wrong, albeit
* possibly harmlessly so.
*/
/*
* Not enough room for inserting a ".." after
* the "." entry.
*/
goto chk2;
}
/*
* There's enough room for an entire additional entry
* after "."'s, so split it up. There's no reason "."
* should be bigger than the minimum, so shrink it to
* fit, too. Since by the time we're done with this
* part, dirp will be pointing at where ".." should be,
* update id_entryno to show that that's the entry
* we're on.
*/
idesc->id_entryno++;
/*
* Account for the link to ourselves.
*/
/*
* We were going to split the entry
* up, but the link count overflowed.
* Since we got rid of the inode,
* we need to also zap the directory
* entry, and restoring the original
* state of things is the least-bad
* result.
*/
return (ret);
}
}
/*
* Make sure the new entry doesn't get interpreted
* as having actual content.
*/
/* LINTED pointer cast alignment (reclen is valid) */
} else {
/*
* Everything was fine, up until we realized that
* the indicated inode was impossible. By clearing
* d_ino here, we'll trigger the recreation of it
* down below, using i_parent. Unlike the other
* half of this if(), we're everything so it shows
* that we're still on the "." entry.
*/
"I OUT OF RANGE");
} else {
iscorrupt = 1;
}
}
}
/*
* Record this ".." inode, but only if we haven't seen one before.
* If this isn't the first, it'll get cleared below, and so we
* want to remember the entry that'll still be around later.
*/
goto chk2;
}
pfatal("CANNOT FIX, SECOND ENTRY IN DIRECTORY CONTAINS %s\n",
iscorrupt = 1;
pfatal("CANNOT FIX, INSUFFICIENT SPACE TO ADD '..'\n");
/* XXX Same consideration as immediately above. */
iscorrupt = 1;
/*
* We know the parent, so fix now.
*/
/*
* Lint won't be quiet about d_reclen being set but not
* used. It apparently doesn't understand the implications
* of calling memmove(), and won't believe us that it's ok.
*/
} else {
iscorrupt = 1;
}
/*
* Always know parent of root inode, so fix now.
*/
/*
* Lint won't be quiet about d_reclen being set but not
* used. It apparently doesn't understand the implications
* of calling memmove(), and won't believe us that it's ok.
*/
} else {
iscorrupt = 1;
}
}
idesc->id_entryno++;
}
}
}
chk2:
} else {
iscorrupt = 1;
}
}
} else {
iscorrupt = 1;
}
}
}
/*
* Because of this increment, all tests for skipping . and ..
* below are ``> 2'', not ``> 1'' as would logically be expected.
*/
idesc->id_entryno++;
act = -1;
/*
* The obvious check would be for d_ino < UFSROOTINO. However,
* 1 is a valid inode number. Although it isn't currently used,
* as it was once the bad block list, there's nothing to prevent
* it from acquiring a new purpose in the future. So, don't
* arbitrarily disallow it. We don't test for <= zero, because
* d_ino is unsigned.
*/
update_lncntp = 0;
} else {
update_lncntp = 0;
case USTATE:
break;
break;
case DCLEAR:
case FCLEAR:
case SCLEAR:
break;
"REFERENCE TO ZERO LENGTH ATTRIBUTE DIRECTORY" :
"REFERENCE TO ZERO LENGTH DIRECTORY";
/*
* The inode doesn't exist, as all
* should be cached by now. This
* gets caught by the range check
* above, and so it is a can't-happen
* at this point.
*/
errexit("pass2check found a zero-len "
"reference to bad I=%d\n",
}
(void) printf(
"Multiple links to I=%d, link counts wrong, rerun fsck\n",
iscorrupt = 1;
}
/*
* In theory, this is a can't-happen,
* because shadows don't appear in directory
* entries. However, an inode might've
* been reused without a stale directory
* entry having been cleared, so check
* for it just in case. We'll check for
* the no-dir-entry shadows in pass3b().
*/
errmsg = "ZERO LENGTH SHADOW";
} else {
}
break;
/*
* Not doing anything about it, so just try
* again as whatever the base type was.
*
* fileerror() invalidated dp. Lint thinks this
* is unnecessary, but we know better.
*/
goto again;
case DSTATE:
case DZLINK:
}
/* FALLTHROUGH */
case DFOUND:
/*
* This is encouraging the best-practice of not
* hard-linking directories. It's legal (see POSIX),
* but not a good idea. So, don't consider it an
* instance of corruption, but offer to nuke it.
*/
/*
* Same can't-happen argument as in the
* zero-len case above.
*/
errexit("pass2check found bad reference to "
"hard-linked directory I=%d\n",
}
/*
* XXX For nested dirs, this can report
* the same name for both paths.
*/
"%s IS AN EXTRANEOUS HARD LINK TO DIRECTORY %s\n",
if (preen)
(void) printf(" (IGNORED)\n");
update_lncntp = 1;
broke_dir_link = 1;
break;
}
}
}
/* FALLTHROUGH */
case FSTATE:
case FZLINK:
/*
* There's nothing to do for normal file-like
* things. Extended attributes come through
* here as well, though, and for them, .. may point
* to a file. In this situation we don't want
* to decrement link count as it was already
* decremented when the entry was seen in the
* directory it actually lives in.
*/
act = -1;
dontreconnect = 0;
if (dp->di_oeftflag != 0) {
/*
* is it really an attrdir?
* if so, then don't do anything.
*/
dontreconnect = 1;
}
/*
* Rare corner case - the attrdir's ..
* points to the attrdir itself.
*/
dontreconnect = 1;
}
/*
* Lets see if we have an orphaned attrdir
* that thinks it belongs to this file.
* Only re-connect it if the current
* attrdir is 0 or not an attrdir.
*/
(dontreconnect == 0)) {
"Attribute directory I=%d not "
"attached to file I=%d\n",
if (debug)
(void) printf(
"debug: changing i=%d's oeft from %d ",
dp->di_oeftflag);
dp->di_oeftflag =
if (debug)
(void) printf("to %d\n",
dp->di_oeftflag);
inodirty();
}
}
/*
* This can only be true if we've modified
* don't keep track of those in the link
* counts. So, skipping the checks just
* after this is not a problem.
*/
if (act > 0)
/*
* Don't screw up link counts for directories.
* If we aren't careful we can perform
* an extra decrement, since the .. of
* an attrdir could be either a file or a
* directory. If it's a file then its link
* should be correct after it is seen when the
* directory it lives in scanned.
*/
breakout = 1;
breakout = 1;
"File should NOT be marked as "
"extended attribute\n");
if (debug)
(void) printf(
"changing i=%d's cflags from 0x%x to ",
if (debug)
(void) printf("0x%x\n",
inodirty();
IFATTRDIR) {
inodirty();
if (pdirp->di_oeftflag
!= 0) {
pdirp->di_oeftflag = 0;
inodirty();
}
}
}
} else {
(isattr == 0)) {
"File should BE marked as "
"extended attribute\n");
/*
* Make sure it's a file
* while we're at it.
*/
inodirty();
}
}
}
}
if (breakout == 0 || dontreconnect == 0) {
if (act > 0)
}
break;
case SSTATE:
errmsg = "ACL IN DIRECTORY";
break;
default:
errexit("BAD STATE 0x%x FOR INODE I=%d",
}
}
if (act == 0) {
iscorrupt = 1;
}
if (act <= 0)
if (update_lncntp) {
}
}
}
}
/*
* Routine to sort disk blocks.
*/
static int
{
}