Darrick J. Wong [Fri, 22 Jun 2018 19:15:42 +0000 (14:15 -0500)]
xfs_io: clarify -c in bmap documentation
The bmap -c parameter displays the cow fork information for a file if
the kernel was built with CONFIG_XFS_DEBUG=y. Since xfs_bmap doesn't
support it and it doesn't work generally, remove it from the manpages.
However, xfstests relies on the -c command to be documented in the help
screen so leave it there with a warning about its use.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Fri, 22 Jun 2018 00:46:25 +0000 (19:46 -0500)]
xfs_bmap: remove -c from manpage
There is no -c switch so remove the documentation.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Fri, 22 Jun 2018 00:46:24 +0000 (19:46 -0500)]
xfs_bmap: don't reject -e
The xfs_io bmap command has an -e switch that prints delalloc extents
without fsync'ing the file first. The xfs_bmap manpage says it'll pass
-e through, but it doesn't. Fix the script and fix the weird manpage
discrepancy where it doesn't list -e in the available options but
discusses it anyway.
Fixes: 7536ce44f6 ("xfs_io: bmap should support querying CoW fork, shared blocks") Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Marco Benatto [Fri, 22 Jun 2018 00:46:24 +0000 (19:46 -0500)]
xfs_repair: Fix root inode's parent when it's bogus for sf directory
Currently when root inode is in short-form and its parent ino
has an invalid value, process_sf_dir2() ends up not fixing it,
because if verify_inum() fails we never get to the next case which
would fix the root inode's parent pointer.
This behavior triggers the following assert on process_dir2():
Darrick J. Wong [Fri, 1 Jun 2018 00:38:54 +0000 (19:38 -0500)]
xfs_io: fix signed comparison problem in copy_file_range
cvtnum() returns a signed long long, so the type of 'len' should be a
signed type so that a user entering a negative length doesn't produce
some huge positive integer. The negative len check demands it anyway.
Coverity-id: 1435895 Fixes: 25b4549 ("xfs_io: Make copy_range arguments understand *iB values") Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
This can happen for corrupted metadata or even just a misdirected
user command; there's no reason to ASSERT. If we get here, print
something helpful and carry on.
[sandeen: write the commit log]
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Thu, 31 May 2018 19:09:55 +0000 (14:09 -0500)]
mkfs.xfs: if either sunit or swidth is nonzero, the other must be as well
Don't allow the user to set one but not the other.
Reported-by: Xiao Yang <yangx.jy@cn.fujitsu.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Bill O'Donnell <billodo@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:55 +0000 (14:09 -0500)]
xfs_db: handle realtime bitmap / summary files as text
Use handle_text to print realtime bitmap / summary file blocks instead
of erroring out.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Bill O'Donnell <billodo@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:55 +0000 (14:09 -0500)]
xfs_io: fix null pointer deref when complaining about scrub command
Don't increment optind until we've validated that argv[optind] is a
valid scrub/repair subcommand and do not need to complain about
argv[optind].
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Bill O'Donnell <billodo@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Thu, 31 May 2018 19:09:55 +0000 (14:09 -0500)]
xfs_repair: fix libxfs api violations in quota repair code
My "repair quotas" patch forgot about our libxfs API tricks,
fix that.
Fixes: 5857dce ("xfs_repair: check and repair quota metadata") Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
xfs_scrub: actually check for errors coming from close()
Report errors reported by close().
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
fsck: fix more bashisms
command -v is a bashism, so we need to get rid of it. The shell returns
an error code of 127 if it couldn't invoke xfs_repair, so teach
repair2fsck_code to deal with this.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
xfs_buflock: record buffer initialization
Buffers are created locked, so we have to factor that into the buffer
state machine that the script utilizes.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
xfs_buflock: record line number of trace where we locked the buffer
Enhance the debug output by reporting at which line in the trace output
we locked a particular buffer.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
xfs_buflock: ignore if buffer already locked
If the trace data says we ran trylock but we were already locked, don't
record another lock.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 31 May 2018 19:09:54 +0000 (14:09 -0500)]
xfs_repair: fix integer handling issues
When we shift sb_logblocks to the left we need to ensure that we have
enough storage space to shift correctly. Cast logblocks to a 64-bit
type so that we don't screw up the check.
Coverity-id: 1435810 Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
David Howells [Thu, 24 May 2018 19:48:41 +0000 (14:48 -0500)]
xfs_io: Allow -P and -L to be given to open for O_PATH and O_NOFOLLOW
Allow "open -P" to specify O_PATH so that paths which would otherwise be
unopenable might be opened for stat()'ing. Such things include files that
would incur an access error or device files for which no corresponding
driver is available.
Allow "-L" to be given in conjunction with O_PATH to specify O_NOFOLLOW
also.
We also have to avoid calling xfsctl() if O_PATH is given as ioctls are
forbidden on such fds. This means we cannot retrieve the geometry
information on an XFS filesystem, so the record gets cleared instead. For
the moment, only the xfsctl() calls in the 'open' command are
conditionalised.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Wed, 23 May 2018 21:30:49 +0000 (16:30 -0500)]
xfs_repair: check and repair quota metadata
Today, quota inodes are not checked at all in xfs_repair. (This is
a little odd, because xfs_check used to do it in process_quota()).
The kernel has quota inode validation and repair routines, but it is
out of the ordinary for the kernel to be doing metadata repair. And
now that we have metadata verifiers, this also yields a surprisingly
noisy mount if quota inodes are corrupted, even immediately after an
xfs_repair.
So this patch allows xfs_repair to fix the quota inode metadata.
Quotacheck is still left for the kernel. After a few more releases,
I'll propose removing the repair calls from quotacheck.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Wed, 23 May 2018 21:30:49 +0000 (16:30 -0500)]
xfsprogs: be careful about what we stat in platform_check_mount
After we lost ustat(2) in commit 4e7a824, we ended up with a slightly
bonkers method to determine if our target block device was mounted:
it goes through every entry returned by getmntent and stats the dir
to see if its underlying device matches ours.
Unfortunately that dir might be a hung nfs server and sadness ensues.
So just do a really simple sanity check before we try to stat the
mountpoint: does its device start with a / ? If not, skip it.
Fixes: 4e7a824 ("libxfs/linux.c: Replace use of ustat by stat") Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_growfs: refactor geometry reporting
Use the new geometry pretty-printing function.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_info: call xfs_db for offline filesystems
If the online filesystem geometry query doesn't work, try using xfs_db
to see if we can grab the information offline.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_info: move to xfs_spaceman
Move xfs_info to be under spaceman so that we can remove growfs -N.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_spaceman: add a superblock info command
Add an 'info' command to pretty-print the superblock geometry.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_spaceman: print a nicer message when file path isn't on xfs
If the file path passed in is not something on an xfs filesystem, print
a nice message about that instead of yelling about ioctls.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_db: add a superblock info command
Add an 'info' command to pretty-print the superblock geometry.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
mkfs: use geometry generation / helper functions
Since libxfs now has a function to fill out the geometry structure
and libfrog has a function to pretty-print the geometry, have mkfs
use the two helpers instead of open-coding it.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
libfrog: refactor fs geometry printing function
Move the fs geometry printing function to libfrog so that mkfs and others
can share.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
libfrog: move platform specific runtime support code out of libxfs
Move the platform support code to libfrog, which should remove the final
dependency of libfrog on libxfs. libfrog is the runtime support
library, and these files provide platform support.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: don't assert on bad '.' entry in no-modify mode
During phase 3, we check the '.' entry of a directory inode and (in
modify mode) zap it if the name isn't valid. During phase 6, we assert
that the '.' entry now reflects the correct name. In no-modify mode
this is incorrect because we didn't actually fix anything, so repair
asserts and crashes.
Found by fuzzing bu[0].namelen = 4 in xfs/387 and running xfs_repair -n.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: check inode nsec for obviously garbage values
It makes no sense to have an nsec value that is larger than 1 second,
so zero the field if this is the case.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: actually fix .. entries that point to inode zero
If we encounter a directory with an entry that points to inode zero,
we'll crash due to an ASSERT during process_inode_chunk. This is due to
process_dir2_data not arranging for phase 6 to fix the parent pointer
when '..' -> 0, so do that. Found via xfs/386 fuzzing bu[1].inumber to
zero.
[sandeen: change "parent pointer" to parent directory for clarity]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: don't crash if da btree is corrupt
In the recursive verify_da_path call chain, we decide to examine the
next upper level if the current entry points past the end of the
entries. However, we don't check for a node with zero entries (which
should be impossible) so we run right off the end of the da cursor's
level array and crash. Found by fuzzing hdr.count in xfs/402.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: only update in-core extent state after scanning full extent
In process_bmbt_reclist_int, only update the in-core extent state after
clearing the entire extent for conflicts. If we encounter conflicts
we'll try rebuilding the fork from rmap data and rescanning the fork.
It is essential to avoid polluting the in-memory state with garbage
data so that we don't end up nuking other files needlessly. Found by
fuzzing recs[1].blockcount = middlebit in xfs/380.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: invalidate dirty dir buffers when we zap a directory
If we decide to rebuild a directory in phase 6, we need to find and
invalidate all of the old directory buffers so that they don't get
written out, which can trigger write verifier errors when we finish.
This fixes the write verifier errors in phase 7 that can occur via
xfs/382.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: treat zero da btree pointers as corruption
If a da btree pointer is zero (i.e. the beginning of the fork) report
this as a corrupt tree to the caller instead of telling it that
everything is good. Fixes assertion errors when fuzzing
nbtree[0].before to zero in xfs/394.
[sandeen: tweak comment above change for clarity]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: zap corrupt remote symlink
If a remote symlink has a corrupted remote block, just zap the symlink.
Fixes total lack of repair activity in xfs/382.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:48 +0000 (16:30 -0500)]
xfs_repair: validate some of the log space information
Validate the log space information in a similar manner to the kernel so
that repair will stumble over (and fix) broken log info that prevents
mounting. Fixes logsunit fuzz-and-fix failures in xfs/350.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:47 +0000 (16:30 -0500)]
xfs_repair: don't leak buffer on xattr remote buf verifier error
If we try to read an xattr remote buffer and hit a verifier error,
release the buffer instead of leaking it.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Wed, 23 May 2018 21:30:47 +0000 (16:30 -0500)]
xfs_repair: examine all remote attribute blocks
Examine all remote xattr values of a file, not just the XFS_ATTR_ROOT
values. This enables us to detect and zap corrupt user xattrs, as
tested by xfs/404.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Allison Henderson <allison.henderson@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Kanda Motohiro reported that expanding a tiny xattr into a large xattr
fails on XFS because we remove the tiny xattr from a shortform fork and
then try to re-add it after converting the fork to extents format having
not removed the ATTR_REPLACE flag. This fails because the attr is no
longer present, causing a fs shutdown.
This is derived from the patch in his bug report, but we really
shouldn't ignore a nonzero retval from the remove call.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199119 Reported-by: kanda.motohiro@gmail.com Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
If xfs_bmap_extents_to_btree fails in a mode where we call
xfs_iroot_realloc(-1) to de-allocate the root, set the
format back to extents.
Otherwise we can assume we can dereference ifp->if_broot
based on the XFS_DINODE_FMT_BTREE format, and crash.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423 Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Add several more validations to xfs_dinode_verify:
- For LOCAL data fork formats, di_nextents must be 0.
- For LOCAL attr fork formats, di_anextents must be 0.
- For inodes with no attr fork offset,
- format must be XFS_DINODE_FMT_EXTENTS if set at all
- di_anextents must be 0.
Thanks to dchinner for pointing out a couple related checks I had
forgotten to add.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377 Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 1 May 2018 02:26:24 +0000 (21:26 -0500)]
fsck.xfs: do not use 'function' keyword
It was pointed out on irc that fsck.xfs uses the 'function' keyword
although it invokes /bin/sh - 'function' is a bashism. It's not needed
here, so just remove it.
Fixes: 04a2d5d ("fsck.xfs: allow forced repairs using xfs_repair") Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Most of the generic data structures embedded in xfs_mount are
dynamically initialized immediately after mp is allocated. A few
fields are left out and initialized during the xfs_mountfs()
sequence, after mp has been attached to the superblock.
To clean this up and help prevent premature access of associated
fields, refactor xfs_mount allocation and all dependent init calls
into a new helper. This self-documents that all low level data
structures (i.e., locks, trees, etc.) should be initialized before
xfs_mount is attached to the superblock.
Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
We can only get into the branch if CRCs are enabled, so there's no
need to check inside the branch for CRCs being enabled....
Signed-Off-By: Dave Chinner <dchinner@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
When we're verifying inode buffers, sanity-check the unlinked pointer.
We don't want to run the risk of trying to purge something that's
obviously broken.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Extent size hint validation is used by scrub to decide if there's an
error, and it will be used by repair to decide to remove the hint.
Since these use the same validation functions, move them to libxfs.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
When the inode buffer verifier encounters an error, it's much more
helpful to print a buffer from the offending inode instead of just the
start of the inode chunk buffer.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Refactor some of the inode verifier failure logging call sites to use
the new xfs_inode_verifier_error method which dumps the offending buffer
as well as the code location of the failed check. This trims the
output, makes it clearer to the admin that repair must be run, and gives
the developers more details to work from.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Refactor the bmap validator into a more complete helper that looks for
extents that run off the end of the device, overflow into the next AG,
or have invalid flag states.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
In xfs_dir2_data_use_free, we examine on-disk metadata and ASSERT if
it doesn't make sense. Since a carefully crafted fuzzed image can cause
the kernel to crash after blowing a bunch of assertions, let's move
those checks into a validator function and rig everything up to return
EFSCORRUPTED to userspace. Found by lastbit fuzzing ltail.bestcount via
xfs/391.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
The struct xfs_agfl v5 header was originally introduced with
unexpected padding that caused the AGFL to operate with one less
slot than intended. The header has since been packed, but the fix
left an incompatibility for users who upgrade from an old kernel
with the unpacked header to a newer kernel with the packed header
while the AGFL happens to wrap around the end. The newer kernel
recognizes one extra slot at the physical end of the AGFL that the
previous kernel did not. The new kernel will eventually attempt to
allocate a block from that slot, which contains invalid data, and
cause a crash.
This condition can be detected by comparing the active range of the
AGFL to the count. While this detects a padding mismatch, it can
also trigger false positives for unrelated flcount corruption. Since
we cannot distinguish a size mismatch due to padding from unrelated
corruption, we can't trust the AGFL enough to simply repopulate the
empty slot.
Instead, avoid unnecessarily complex detection logic and and use a
solution that can handle any form of flcount corruption that slips
through read verifiers: distrust the entire AGFL and reset it to an
empty state. Any valid blocks within the AGFL are intentionally
leaked. This requires xfs_repair to rectify (which was already
necessary based on the state the AGFL was found in). The reset
mitigates the side effect of the padding mismatch problem from a
filesystem crash to a free space accounting inconsistency. The
generic approach also means that this patch can be safely backported
to kernels with or without a packed struct xfs_agfl.
Check the AGF for an invalid freelist count on initial read from
disk. If detected, set a flag on the xfs_perag to indicate that a
reset is required before the AGFL can be used. In the first
transaction that attempts to use a flagged AGFL, reset it to empty,
warn the user about the inconsistency and allow the freelist fixup
code to repopulate the AGFL with new blocks. The xfs_perag flag is
cleared to eliminate the need for repeated checks on each block
allocation operation.
This allows kernels that include the packing fix commit 96f859d52bcb
("libxfs: pack the agfl header structure so XFS_AGFL_SIZE is correct")
to handle older unpacked AGFL formats without a filesystem crash.
Suggested-by: Dave Chinner <david@fromorbit.com> Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by Dave Chiluk <chiluk+linuxxfs@indeed.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
The rmapbt perag metadata reservation reserves blocks for the
reverse mapping btree (rmapbt). Since the rmapbt uses blocks from
the agfl and perag accounting is updated as blocks are allocated
from the allocation btrees, the reservation actually accounts blocks
as they are allocated to (or freed from) the agfl rather than the
rmapbt itself.
While this works for blocks that are eventually used for the rmapbt,
not all agfl blocks are destined for the rmapbt. Blocks that are
allocated to the agfl (and thus "reserved" for the rmapbt) but then
used by another structure leads to a growing inconsistency over time
between the runtime tracking of rmapbt usage vs. actual rmapbt
usage. Since the runtime tracking thinks all agfl blocks are rmapbt
blocks, it essentially believes that less future reservation is
required to satisfy the rmapbt than what is actually necessary.
The inconsistency is rectified across mount cycles because the perag
reservation is initialized based on the actual rmapbt usage at mount
time. The problem, however, is that the excessive drain of the
reservation at runtime opens a window to allocate blocks for other
purposes that might be required for the rmapbt on a subsequent
mount. This problem can be demonstrated by a simple test that runs
an allocation workload to consume agfl blocks over time and then
observe the difference in the agfl reservation requirement across an
unmount/mount cycle:
mount ...: xfs_ag_resv_init: ... resv 3193 ask 3194 len 3194
...
... : xfs_ag_resv_alloc_extent: ... resv 2957 ask 3194 len 1
umount...: xfs_ag_resv_free: ... resv 2956 ask 3194 len 0
mount ...: xfs_ag_resv_init: ... resv 3052 ask 3194 len 3194
As the above tracepoints show, the reservation requirement reduces
from 3194 blocks to 2956 blocks as the workload runs. Without any
other changes in the filesystem, the same reservation requirement
jumps from 2956 to 3052 blocks over a umount/mount cycle.
To address this divergence, update the RMAPBT reservation to account
blocks used for the rmapbt only rather than all blocks filled into
the agfl. This patch makes several high-level changes toward that
end:
1.) Reintroduce an AGFL reservation type to serve as an accounting
no-op for blocks allocated to (or freed from) the AGFL.
2.) Invoke RMAPBT usage accounting from the actual rmapbt block
allocation path rather than the AGFL allocation path.
The first change is required because agfl blocks are considered free
blocks throughout their lifetime. The perag reservation subsystem is
invoked unconditionally by the allocation subsystem, so we need a
way to tell the perag subsystem (via the allocation subsystem) to
not make any accounting changes for blocks filled into the AGFL.
The second change causes the in-core RMAPBT reservation usage
accounting to remain consistent with the on-disk state at all times
and eliminates the risk of leaving the rmapbt reservation
underfilled.
Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
The AGFL perag reservation type accounts all allocations that feed
into (or are released from) the allocation group free list (agfl).
The purpose of the reservation is to support worst case conditions
for the reverse mapping btree (rmapbt). As such, the agfl
reservation usage accounting only considers rmapbt usage when the
in-core counters are initialized at mount time.
This implementation inconsistency leads to divergence of the in-core
and on-disk usage accounting over time. In preparation to resolve
this inconsistency and adjust the AGFL reservation into an rmapbt
specific reservation, rename the AGFL reservation type and
associated accounting fields to something more rmapbt-specific. Also
fix up a couple tracepoints that incorrectly use the AGFL
reservation type to pass the agfl state of the associated extent
where the raw reservation type is expected.
Note that this patch does not change perag reservation behavior.
Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
The AGFL size calculation is about to get more complex, so lets turn
the macro into a function first and remove the macro.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
[darrick: forward port to newer kernel, simplify the helper] Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Yet another round of playing whack-a-mole with directory code that
asserts on corrupt on-disk metadata when it really should be returning
-EFSCORRUPTED instead of ASSERTing. Found by a xfs/391 crash while
lastbit fuzzing of ltail.bestcount.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_repair: fix getsubopt name definitions to use enums
Convert the getsubopt usage in xfs_repair to use enums and explicitly
initialized array elements, similar to mkfs. This also fixes the hole
in the o_opts table caused by 42fa89bc1b8dc8 ("xfs_repair: remove
pre_65_beta option") that causes segfaults in xfs/179 and xfs/202.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Fixes: 42fa89bc1b ("xfs_repair: remove pre_65_beta option") Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub_all: use system encoding for lsblk output decoding
Don't hardcode utf-8 as the decoding scheme for lsblk output, since the
system could set it to anything else.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub_all: escape paths being passed to systemd service instances
systemd doesn't like unit instance names with slashes in them, so it
replaces them with dashes when it invokes the service. However, it's
not smart enough to convert the dashes to something else, so when it
unescapes the instance name to feed to xfs_scrub, it turns all dashes
into slashes. "/moo-cow" becomes "-moo-cow" becomes "/moo/cow", which
is wrong. systemd actually /can/ escape the dashes correctly if it is
told that this is a path (and not a unit name), but it didn't do this
prior to January 2017, so fix this for them.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: disable private /tmp for scrub service
Don't make /tmp private when invoking xfs_scrub as a service, because
/tmp might contain or itself be an xfs filesystem mountpoint.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub_all: report version
Make xfs_scrub_all -V report its version like the other xfs tools.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: refactor mountpoint finding code to use libfrog path code
Use the libfrog path finding code to determine if the argument being
passed in is a mountpoint, remove all mention of taking a block device
(we have never supported that) from the documentation, and fix some
potential memory leaks.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: don't warn about confusing names if dir/file only writable by root
If we are scanning the directory entries or attribute names of a
dir/file and the inode can only be written by root, don't warn about
Unicode confusable names by default because the system administrator
presumably made the system like that. Also don't warn about really
short confusable names because of the high chance of collisions. If
the caller really wants all the output, they can run in verbose mode.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: use Unicode skeleton function to find confusing names
Drop the weak normalization-based Unicode name collision detection in
favor of the confusable name guidelines provided in Unicode TR36 & TR39.
This means that we transform the original name into its Unicode skeleton
in order to do hashing-based collision detection.
The Unicode skeleton is defined as nfd(translation(nfd(string))), which
is to say that it flattens sequences that render ambiguously into a
unambiguous format. For example, 'l' and '1' can render identically in
some typefaces, so they're both squashed to 'l'. From the skeletons we
can figure out if two names will look the same, and thereby complain
about them. The unicode spoofing is provided by libicu, hence the
switch away from libunistring.
Note that potentially confusable names are only worth an informational
warning, since it's entirely possible that with the system typefaces in
use, two names will render distinctly enough that users can tell the
difference.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: check name for suspicious characters
Look for suspicious characters in each name we process. This includes
control characters, text direction overrides, zero-width code points,
and names that mix characters from different directionalities.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: transition from libunistring to libicu for Unicode processing
Move off of libunistring and onto libicu for Unicode name scanning.
This will make it easy to warn about unicode code points that do not
belong in identifiers (directional overrides, zero width elements) and
warn about names that could render similarly enough to cause confusion.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: make name_entry a first class structure
Instead of open-coding the construction and hashtable insertion of name
entries, make name_entry a first class object. This means that we now
have name_entry_ prefix functions that take care of computing Unicode
normalized names as part of name_entry construction, and we pass around
the name_entries when we're looking for suspicious characters and
identically rendering names.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Acked-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:11 +0000 (10:34 -0500)]
xfs_scrub: communicate name problems via flagset instead of booleans
Use an unsigned int to pass around name error flags instead of booleans.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:08 +0000 (10:34 -0500)]
xfs_scrub: don't complain about different normalization
Since there are different ways to normalize utf8 names, don't complain
when we find a name that is normalized in a different way than the NFKC
that we use to find duplicate names.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:08 +0000 (10:34 -0500)]
xfs_scrub: only run ascii name checks if unicode name checker
Skip the ASCII name checks if the Unicode name checker is going to run,
since the latter covers everything that the former does.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Thu, 12 Apr 2018 15:34:08 +0000 (10:34 -0500)]
xfs_scrub: avoid buffer overflow when scanning attributes
Avoid a buffer overflow when we're formatting extended attribute names
for name checking. The kernel headers provide us with XATTR_NAME_MAX,
so we can rely on that.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:58 +0000 (11:13 -0500)]
libxfs: warn about deprecation of irix, freebsd, darwin
It's not clear that anyone is using these platforms or if
they even build at this point. Get someone's attention if
they are trying to use it.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:57 +0000 (11:13 -0500)]
xfs_repair: test XFS_SB_VERSION_SHAREDBIT only once
Remove 2 of the 3 identical tests for XFS_SB_VERSION_SHAREDBIT
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:57 +0000 (11:13 -0500)]
xfsprogs: remove unused delete_attr_ok
delete_attr_ok is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:57 +0000 (11:13 -0500)]
xfs_repair: remove pre_65_beta option
Irix 6.5 was released 20 years ago. Remove this option from
the code. (nb: it's not present in the manpage.)
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
The fs_shared_allowed global was set to 1 and then ignored, and
in fact the feature is never actualy allowed. Remove it and
the last stragglers of the old features comment.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
fs_has_extflgbit_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
fs_sb_feature_bits_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
fs_aligned_inodes_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
fs_has_extflgbit_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:56 +0000 (11:13 -0500)]
xfs_repair: remove unused fs_attributes2_allowed
fs_attributes2_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 3 Apr 2018 16:13:49 +0000 (11:13 -0500)]
xfs_repair: remove unused fs_attributes_allowed
fs_attributes_allowed is never set to anything but 1;
remove it and all associated code.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 27 Mar 2018 22:43:37 +0000 (17:43 -0500)]
libfrog: handle NULL dir && blkdev in __fs_table_lookup_mount
If neither dir nor blkdev is set, dpath never gets set,
and then gets used (uninitalized) later on.
If we are asked where "nothing" is mounted, just return
"nowhere."
Fixes-coverity-id: 1433615
Fixes-coverity-id: 1433616 Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 27 Mar 2018 22:43:37 +0000 (17:43 -0500)]
xfs_scrub: initialize movon in xfs_scrub_connections
Given the logic in xfs_scrub_connections, it's possible to
fail all 3 tests and wind up checking an uninitialized moveon
variable at the end. Start out with "true" to avoid this and
move on even if all the conditions in the function are false.
Fixes-coverity-id: 1433617 Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 27 Mar 2018 22:43:37 +0000 (17:43 -0500)]
xfs_scrub: synchronize error levels & logging
Having only a subset of the five error_levels present in
the log_level[] array is asking for trouble when someone
tries to __str_log(S_PREEN ...) and overruns the array.
Tie it all together in a single structure that's
initialized together to make the mapping more obvious and
idiot-proof.
Fixes-coverity-id: 1433618 Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Darrick J. Wong [Tue, 27 Mar 2018 22:43:37 +0000 (17:43 -0500)]
xfs_spaceman: remove incorrect linux/fs.h include
Remove the direct linux/fs.h include from spaceman because all xfs
utilities should include xfs.h so that we can wrap missing kernel header
declarations properly.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Jan Tulak [Tue, 27 Mar 2018 02:27:31 +0000 (21:27 -0500)]
fsck.xfs: allow forced repairs using xfs_repair
The fsck.xfs script did nothing, because xfs doesn't need a fsck to be
run on every unclean shutdown. However, sometimes it may happen that the
root filesystem really requires the usage of xfs_repair and then it is a
hassle. This patch makes the situation a bit easier by detecting forced
checks (/forcefsck or fsck.mode=force) and invoking xfs_repair.
Signed-off-by: Jan Tulak <jtulak@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Jan Tulak [Tue, 27 Mar 2018 02:27:31 +0000 (21:27 -0500)]
xfs_repair: add flag -e to modify exit code for corrected errors
xfs_repair without -n ends with a return code 0 if it finished ok,
no matter if there were some errors in the fs, or not. The new flag
-e means that we can avoid screenscraping and parsing text output to
detect if an error was found (and corrected).
If something could not be corrected or in any other case than the "found
something but fixed it all," the behaviour with this flag is unchanged.
Signed-off-by: Jan Tulak <jtulak@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com>
[sandeen: make -e and -n exclusivity clear in manpage synopsis] Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Eric Sandeen [Tue, 27 Mar 2018 02:27:31 +0000 (21:27 -0500)]
metadump/restore: don't use errno after fwrite/fread failures
fread/fwrite don't set errno, so printing out strerror(errno)
after a failure leads to incorrect and confusing messages:
# xfs_mdrestore pre_repair.meta pre_repair.img
xfs_mdrestore: error reading from file: Success
Don't return unset errno from write_index, either.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
projects / thirdparty / xfsprogs-dev.git / log
