1 /*
2 * journal.c --- code for handling the "ext3" journal
3 *
4 * Copyright (C) 2000 Andreas Dilger
5 * Copyright (C) 2000 Theodore Ts'o
6 *
7 * Parts of the code are based on fs/jfs/journal.c by Stephen C. Tweedie
8 * Copyright (C) 1999 Red Hat Software
9 *
10 * This file may be redistributed under the terms of the
11 * GNU General Public License version 2 or at your discretion
12 * any later version.
13 */
14
15 #include "config.h"
16 #ifdef HAVE_SYS_MOUNT_H
17 #include <sys/param.h>
18 #include <sys/mount.h>
19 #define MNT_FL (MS_MGC_VAL | MS_RDONLY)
20 #endif
21 #ifdef HAVE_SYS_STAT_H
22 #include <sys/stat.h>
23 #endif
24
25 #define E2FSCK_INCLUDE_INLINE_FUNCS
26 #include "jfs_user.h"
27 #include "problem.h"
28 #include "uuid/uuid.h"
29
30 #ifdef CONFIG_JBD_DEBUG /* Enabled by configure --enable-jfs-debug */
31 static int bh_count = 0;
32 #endif
33
34 /*
35 * Define USE_INODE_IO to use the inode_io.c / fileio.c codepaths.
36 * This creates a larger static binary, and a smaller binary using
37 * shared libraries. It's also probably slightly less CPU-efficient,
38 * which is why it's not on by default. But, it's a good way of
39 * testing the functions in inode_io.c and fileio.c.
40 */
41 #undef USE_INODE_IO
42
43 /* Checksumming functions */
e2fsck_journal_verify_csum_type(journal_t * j,journal_superblock_t * jsb)44 static int e2fsck_journal_verify_csum_type(journal_t *j,
45 journal_superblock_t *jsb)
46 {
47 if (!journal_has_csum_v2or3(j))
48 return 1;
49
50 return jsb->s_checksum_type == JBD2_CRC32C_CHKSUM;
51 }
52
e2fsck_journal_sb_csum(journal_superblock_t * jsb)53 static __u32 e2fsck_journal_sb_csum(journal_superblock_t *jsb)
54 {
55 __u32 crc, old_crc;
56
57 old_crc = jsb->s_checksum;
58 jsb->s_checksum = 0;
59 crc = ext2fs_crc32c_le(~0, (unsigned char *)jsb,
60 sizeof(journal_superblock_t));
61 jsb->s_checksum = old_crc;
62
63 return crc;
64 }
65
e2fsck_journal_sb_csum_verify(journal_t * j,journal_superblock_t * jsb)66 static int e2fsck_journal_sb_csum_verify(journal_t *j,
67 journal_superblock_t *jsb)
68 {
69 __u32 provided, calculated;
70
71 if (!journal_has_csum_v2or3(j))
72 return 1;
73
74 provided = ext2fs_be32_to_cpu(jsb->s_checksum);
75 calculated = e2fsck_journal_sb_csum(jsb);
76
77 return provided == calculated;
78 }
79
e2fsck_journal_sb_csum_set(journal_t * j,journal_superblock_t * jsb)80 static errcode_t e2fsck_journal_sb_csum_set(journal_t *j,
81 journal_superblock_t *jsb)
82 {
83 __u32 crc;
84
85 if (!journal_has_csum_v2or3(j))
86 return 0;
87
88 crc = e2fsck_journal_sb_csum(jsb);
89 jsb->s_checksum = ext2fs_cpu_to_be32(crc);
90 return 0;
91 }
92
93 /* Kernel compatibility functions for handling the journal. These allow us
94 * to use the recovery.c file virtually unchanged from the kernel, so we
95 * don't have to do much to keep kernel and user recovery in sync.
96 */
journal_bmap(journal_t * journal,blk64_t block,unsigned long long * phys)97 int journal_bmap(journal_t *journal, blk64_t block, unsigned long long *phys)
98 {
99 #ifdef USE_INODE_IO
100 *phys = block;
101 return 0;
102 #else
103 struct inode *inode = journal->j_inode;
104 errcode_t retval;
105 blk64_t pblk;
106
107 if (!inode) {
108 *phys = block;
109 return 0;
110 }
111
112 retval= ext2fs_bmap2(inode->i_ctx->fs, inode->i_ino,
113 &inode->i_ext2, NULL, 0, block, 0, &pblk);
114 *phys = pblk;
115 return -1 * ((int) retval);
116 #endif
117 }
118
getblk(kdev_t kdev,blk64_t blocknr,int blocksize)119 struct buffer_head *getblk(kdev_t kdev, blk64_t blocknr, int blocksize)
120 {
121 struct buffer_head *bh;
122 int bufsize = sizeof(*bh) + kdev->k_ctx->fs->blocksize -
123 sizeof(bh->b_data);
124
125 bh = e2fsck_allocate_memory(kdev->k_ctx, bufsize, "block buffer");
126 if (!bh)
127 return NULL;
128
129 #ifdef CONFIG_JBD_DEBUG
130 if (journal_enable_debug >= 3)
131 bh_count++;
132 #endif
133 jfs_debug(4, "getblk for block %llu (%d bytes)(total %d)\n",
134 (unsigned long long) blocknr, blocksize, bh_count);
135
136 bh->b_ctx = kdev->k_ctx;
137 if (kdev->k_dev == K_DEV_FS)
138 bh->b_io = kdev->k_ctx->fs->io;
139 else
140 bh->b_io = kdev->k_ctx->journal_io;
141 bh->b_size = blocksize;
142 bh->b_blocknr = blocknr;
143
144 return bh;
145 }
146
sync_blockdev(kdev_t kdev)147 int sync_blockdev(kdev_t kdev)
148 {
149 io_channel io;
150
151 if (kdev->k_dev == K_DEV_FS)
152 io = kdev->k_ctx->fs->io;
153 else
154 io = kdev->k_ctx->journal_io;
155
156 return io_channel_flush(io) ? -EIO : 0;
157 }
158
ll_rw_block(int rw,int nr,struct buffer_head * bhp[])159 void ll_rw_block(int rw, int nr, struct buffer_head *bhp[])
160 {
161 errcode_t retval;
162 struct buffer_head *bh;
163
164 for (; nr > 0; --nr) {
165 bh = *bhp++;
166 if (rw == READ && !bh->b_uptodate) {
167 jfs_debug(3, "reading block %llu/%p\n",
168 bh->b_blocknr, (void *) bh);
169 retval = io_channel_read_blk64(bh->b_io,
170 bh->b_blocknr,
171 1, bh->b_data);
172 if (retval) {
173 com_err(bh->b_ctx->device_name, retval,
174 "while reading block %llu\n",
175 bh->b_blocknr);
176 bh->b_err = (int) retval;
177 continue;
178 }
179 bh->b_uptodate = 1;
180 } else if (rw == WRITE && bh->b_dirty) {
181 jfs_debug(3, "writing block %llu/%p\n",
182 bh->b_blocknr,
183 (void *) bh);
184 retval = io_channel_write_blk64(bh->b_io,
185 bh->b_blocknr,
186 1, bh->b_data);
187 if (retval) {
188 com_err(bh->b_ctx->device_name, retval,
189 "while writing block %llu\n",
190 bh->b_blocknr);
191 bh->b_err = (int) retval;
192 continue;
193 }
194 bh->b_dirty = 0;
195 bh->b_uptodate = 1;
196 } else {
197 jfs_debug(3, "no-op %s for block %llu\n",
198 rw == READ ? "read" : "write",
199 bh->b_blocknr);
200 }
201 }
202 }
203
mark_buffer_dirty(struct buffer_head * bh)204 void mark_buffer_dirty(struct buffer_head *bh)
205 {
206 bh->b_dirty = 1;
207 }
208
mark_buffer_clean(struct buffer_head * bh)209 static void mark_buffer_clean(struct buffer_head * bh)
210 {
211 bh->b_dirty = 0;
212 }
213
brelse(struct buffer_head * bh)214 void brelse(struct buffer_head *bh)
215 {
216 if (bh->b_dirty)
217 ll_rw_block(WRITE, 1, &bh);
218 jfs_debug(3, "freeing block %llu/%p (total %d)\n",
219 bh->b_blocknr, (void *) bh, --bh_count);
220 ext2fs_free_mem(&bh);
221 }
222
buffer_uptodate(struct buffer_head * bh)223 int buffer_uptodate(struct buffer_head *bh)
224 {
225 return bh->b_uptodate;
226 }
227
mark_buffer_uptodate(struct buffer_head * bh,int val)228 void mark_buffer_uptodate(struct buffer_head *bh, int val)
229 {
230 bh->b_uptodate = val;
231 }
232
wait_on_buffer(struct buffer_head * bh)233 void wait_on_buffer(struct buffer_head *bh)
234 {
235 if (!bh->b_uptodate)
236 ll_rw_block(READ, 1, &bh);
237 }
238
239
e2fsck_clear_recover(e2fsck_t ctx,int error)240 static void e2fsck_clear_recover(e2fsck_t ctx, int error)
241 {
242 ext2fs_clear_feature_journal_needs_recovery(ctx->fs->super);
243
244 /* if we had an error doing journal recovery, we need a full fsck */
245 if (error)
246 ctx->fs->super->s_state &= ~EXT2_VALID_FS;
247 ext2fs_mark_super_dirty(ctx->fs);
248 }
249
250 /*
251 * This is a helper function to check the validity of the journal.
252 */
253 struct process_block_struct {
254 e2_blkcnt_t last_block;
255 };
256
process_journal_block(ext2_filsys fs,blk64_t * block_nr,e2_blkcnt_t blockcnt,blk64_t ref_block EXT2FS_ATTR ((unused)),int ref_offset EXT2FS_ATTR ((unused)),void * priv_data)257 static int process_journal_block(ext2_filsys fs,
258 blk64_t *block_nr,
259 e2_blkcnt_t blockcnt,
260 blk64_t ref_block EXT2FS_ATTR((unused)),
261 int ref_offset EXT2FS_ATTR((unused)),
262 void *priv_data)
263 {
264 struct process_block_struct *p;
265 blk64_t blk = *block_nr;
266
267 p = (struct process_block_struct *) priv_data;
268
269 if (!blk || blk < fs->super->s_first_data_block ||
270 blk >= ext2fs_blocks_count(fs->super))
271 return BLOCK_ABORT;
272
273 if (blockcnt >= 0)
274 p->last_block = blockcnt;
275 return 0;
276 }
277
e2fsck_get_journal(e2fsck_t ctx,journal_t ** ret_journal)278 static errcode_t e2fsck_get_journal(e2fsck_t ctx, journal_t **ret_journal)
279 {
280 struct process_block_struct pb;
281 struct ext2_super_block *sb = ctx->fs->super;
282 struct ext2_super_block jsuper;
283 struct problem_context pctx;
284 struct buffer_head *bh;
285 struct inode *j_inode = NULL;
286 struct kdev_s *dev_fs = NULL, *dev_journal;
287 const char *journal_name = 0;
288 journal_t *journal = NULL;
289 errcode_t retval = 0;
290 io_manager io_ptr = 0;
291 unsigned long long start = 0;
292 int ret;
293 int ext_journal = 0;
294 int tried_backup_jnl = 0;
295
296 clear_problem_context(&pctx);
297
298 journal = e2fsck_allocate_memory(ctx, sizeof(journal_t), "journal");
299 if (!journal) {
300 return EXT2_ET_NO_MEMORY;
301 }
302
303 dev_fs = e2fsck_allocate_memory(ctx, 2*sizeof(struct kdev_s), "kdev");
304 if (!dev_fs) {
305 retval = EXT2_ET_NO_MEMORY;
306 goto errout;
307 }
308 dev_journal = dev_fs+1;
309
310 dev_fs->k_ctx = dev_journal->k_ctx = ctx;
311 dev_fs->k_dev = K_DEV_FS;
312 dev_journal->k_dev = K_DEV_JOURNAL;
313
314 journal->j_dev = dev_journal;
315 journal->j_fs_dev = dev_fs;
316 journal->j_inode = NULL;
317 journal->j_blocksize = ctx->fs->blocksize;
318
319 if (uuid_is_null(sb->s_journal_uuid)) {
320 if (!sb->s_journal_inum) {
321 retval = EXT2_ET_BAD_INODE_NUM;
322 goto errout;
323 }
324 j_inode = e2fsck_allocate_memory(ctx, sizeof(*j_inode),
325 "journal inode");
326 if (!j_inode) {
327 retval = EXT2_ET_NO_MEMORY;
328 goto errout;
329 }
330
331 j_inode->i_ctx = ctx;
332 j_inode->i_ino = sb->s_journal_inum;
333
334 if ((retval = ext2fs_read_inode(ctx->fs,
335 sb->s_journal_inum,
336 &j_inode->i_ext2))) {
337 try_backup_journal:
338 if (sb->s_jnl_backup_type != EXT3_JNL_BACKUP_BLOCKS ||
339 tried_backup_jnl)
340 goto errout;
341 memset(&j_inode->i_ext2, 0, sizeof(struct ext2_inode));
342 memcpy(&j_inode->i_ext2.i_block[0], sb->s_jnl_blocks,
343 EXT2_N_BLOCKS*4);
344 j_inode->i_ext2.i_size_high = sb->s_jnl_blocks[15];
345 j_inode->i_ext2.i_size = sb->s_jnl_blocks[16];
346 j_inode->i_ext2.i_links_count = 1;
347 j_inode->i_ext2.i_mode = LINUX_S_IFREG | 0600;
348 e2fsck_use_inode_shortcuts(ctx, 1);
349 ctx->stashed_ino = j_inode->i_ino;
350 ctx->stashed_inode = &j_inode->i_ext2;
351 tried_backup_jnl++;
352 }
353 if (!j_inode->i_ext2.i_links_count ||
354 !LINUX_S_ISREG(j_inode->i_ext2.i_mode)) {
355 retval = EXT2_ET_NO_JOURNAL;
356 goto try_backup_journal;
357 }
358 if (EXT2_I_SIZE(&j_inode->i_ext2) / journal->j_blocksize <
359 JFS_MIN_JOURNAL_BLOCKS) {
360 retval = EXT2_ET_JOURNAL_TOO_SMALL;
361 goto try_backup_journal;
362 }
363 pb.last_block = -1;
364 retval = ext2fs_block_iterate3(ctx->fs, j_inode->i_ino,
365 BLOCK_FLAG_HOLE, 0,
366 process_journal_block, &pb);
367 if ((pb.last_block + 1) * ctx->fs->blocksize <
368 (int) EXT2_I_SIZE(&j_inode->i_ext2)) {
369 retval = EXT2_ET_JOURNAL_TOO_SMALL;
370 goto try_backup_journal;
371 }
372 if (tried_backup_jnl && !(ctx->options & E2F_OPT_READONLY)) {
373 retval = ext2fs_write_inode(ctx->fs, sb->s_journal_inum,
374 &j_inode->i_ext2);
375 if (retval)
376 goto errout;
377 }
378
379 journal->j_maxlen = EXT2_I_SIZE(&j_inode->i_ext2) /
380 journal->j_blocksize;
381
382 #ifdef USE_INODE_IO
383 retval = ext2fs_inode_io_intern2(ctx->fs, sb->s_journal_inum,
384 &j_inode->i_ext2,
385 &journal_name);
386 if (retval)
387 goto errout;
388
389 io_ptr = inode_io_manager;
390 #else
391 journal->j_inode = j_inode;
392 ctx->journal_io = ctx->fs->io;
393 if ((ret = journal_bmap(journal, 0, &start)) != 0) {
394 retval = (errcode_t) (-1 * ret);
395 goto errout;
396 }
397 #endif
398 } else {
399 ext_journal = 1;
400 if (!ctx->journal_name) {
401 char uuid[37];
402
403 uuid_unparse(sb->s_journal_uuid, uuid);
404 ctx->journal_name = blkid_get_devname(ctx->blkid,
405 "UUID", uuid);
406 if (!ctx->journal_name)
407 ctx->journal_name = blkid_devno_to_devname(sb->s_journal_dev);
408 }
409 journal_name = ctx->journal_name;
410
411 if (!journal_name) {
412 fix_problem(ctx, PR_0_CANT_FIND_JOURNAL, &pctx);
413 retval = EXT2_ET_LOAD_EXT_JOURNAL;
414 goto errout;
415 }
416
417 jfs_debug(1, "Using journal file %s\n", journal_name);
418 io_ptr = unix_io_manager;
419 }
420
421 #if 0
422 test_io_backing_manager = io_ptr;
423 io_ptr = test_io_manager;
424 #endif
425 #ifndef USE_INODE_IO
426 if (ext_journal)
427 #endif
428 {
429 int flags = IO_FLAG_RW;
430 if (!(ctx->mount_flags & EXT2_MF_ISROOT &&
431 ctx->mount_flags & EXT2_MF_READONLY))
432 flags |= IO_FLAG_EXCLUSIVE;
433 if ((ctx->mount_flags & EXT2_MF_READONLY) &&
434 (ctx->options & E2F_OPT_FORCE))
435 flags &= ~IO_FLAG_EXCLUSIVE;
436
437
438 retval = io_ptr->open(journal_name, flags,
439 &ctx->journal_io);
440 }
441 if (retval)
442 goto errout;
443
444 io_channel_set_blksize(ctx->journal_io, ctx->fs->blocksize);
445
446 if (ext_journal) {
447 blk64_t maxlen;
448
449 start = ext2fs_journal_sb_start(ctx->fs->blocksize) - 1;
450 bh = getblk(dev_journal, start, ctx->fs->blocksize);
451 if (!bh) {
452 retval = EXT2_ET_NO_MEMORY;
453 goto errout;
454 }
455 ll_rw_block(READ, 1, &bh);
456 if ((retval = bh->b_err) != 0) {
457 brelse(bh);
458 goto errout;
459 }
460 memcpy(&jsuper, start ? bh->b_data : bh->b_data + SUPERBLOCK_OFFSET,
461 sizeof(jsuper));
462 #ifdef WORDS_BIGENDIAN
463 if (jsuper.s_magic == ext2fs_swab16(EXT2_SUPER_MAGIC))
464 ext2fs_swap_super(&jsuper);
465 #endif
466 if (jsuper.s_magic != EXT2_SUPER_MAGIC ||
467 !ext2fs_has_feature_journal_dev(&jsuper)) {
468 fix_problem(ctx, PR_0_EXT_JOURNAL_BAD_SUPER, &pctx);
469 retval = EXT2_ET_LOAD_EXT_JOURNAL;
470 brelse(bh);
471 goto errout;
472 }
473 /* Make sure the journal UUID is correct */
474 if (memcmp(jsuper.s_uuid, ctx->fs->super->s_journal_uuid,
475 sizeof(jsuper.s_uuid))) {
476 fix_problem(ctx, PR_0_JOURNAL_BAD_UUID, &pctx);
477 retval = EXT2_ET_LOAD_EXT_JOURNAL;
478 brelse(bh);
479 goto errout;
480 }
481
482 /* Check the superblock checksum */
483 if (ext2fs_has_feature_metadata_csum(&jsuper)) {
484 struct struct_ext2_filsys fsx;
485 struct ext2_super_block superx;
486 void *p;
487
488 p = start ? bh->b_data : bh->b_data + SUPERBLOCK_OFFSET;
489 memcpy(&fsx, ctx->fs, sizeof(fsx));
490 memcpy(&superx, ctx->fs->super, sizeof(superx));
491 fsx.super = &superx;
492 ext2fs_set_feature_metadata_csum(fsx.super);
493 if (!ext2fs_superblock_csum_verify(&fsx, p) &&
494 fix_problem(ctx, PR_0_EXT_JOURNAL_SUPER_CSUM_INVALID,
495 &pctx)) {
496 ext2fs_superblock_csum_set(&fsx, p);
497 mark_buffer_dirty(bh);
498 }
499 }
500 brelse(bh);
501
502 maxlen = ext2fs_blocks_count(&jsuper);
503 journal->j_maxlen = (maxlen < 1ULL << 32) ? maxlen : (1ULL << 32) - 1;
504 start++;
505 }
506
507 if (!(bh = getblk(dev_journal, start, journal->j_blocksize))) {
508 retval = EXT2_ET_NO_MEMORY;
509 goto errout;
510 }
511
512 journal->j_sb_buffer = bh;
513 journal->j_superblock = (journal_superblock_t *)bh->b_data;
514
515 #ifdef USE_INODE_IO
516 if (j_inode)
517 ext2fs_free_mem(&j_inode);
518 #endif
519
520 *ret_journal = journal;
521 e2fsck_use_inode_shortcuts(ctx, 0);
522 return 0;
523
524 errout:
525 e2fsck_use_inode_shortcuts(ctx, 0);
526 if (dev_fs)
527 ext2fs_free_mem(&dev_fs);
528 if (j_inode)
529 ext2fs_free_mem(&j_inode);
530 if (journal)
531 ext2fs_free_mem(&journal);
532 return retval;
533 }
534
e2fsck_journal_fix_bad_inode(e2fsck_t ctx,struct problem_context * pctx)535 static errcode_t e2fsck_journal_fix_bad_inode(e2fsck_t ctx,
536 struct problem_context *pctx)
537 {
538 struct ext2_super_block *sb = ctx->fs->super;
539 int recover = ext2fs_has_feature_journal_needs_recovery(ctx->fs->super);
540 int has_journal = ext2fs_has_feature_journal(ctx->fs->super);
541
542 if (has_journal || sb->s_journal_inum) {
543 /* The journal inode is bogus, remove and force full fsck */
544 pctx->ino = sb->s_journal_inum;
545 if (fix_problem(ctx, PR_0_JOURNAL_BAD_INODE, pctx)) {
546 if (has_journal && sb->s_journal_inum)
547 printf("*** journal has been deleted ***\n\n");
548 ext2fs_clear_feature_journal(sb);
549 sb->s_journal_inum = 0;
550 memset(sb->s_jnl_blocks, 0, sizeof(sb->s_jnl_blocks));
551 ctx->flags |= E2F_FLAG_JOURNAL_INODE;
552 ctx->fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
553 e2fsck_clear_recover(ctx, 1);
554 return 0;
555 }
556 return EXT2_ET_CORRUPT_JOURNAL_SB;
557 } else if (recover) {
558 if (fix_problem(ctx, PR_0_JOURNAL_RECOVER_SET, pctx)) {
559 e2fsck_clear_recover(ctx, 1);
560 return 0;
561 }
562 return EXT2_ET_UNSUPP_FEATURE;
563 }
564 return 0;
565 }
566
567 #define V1_SB_SIZE 0x0024
clear_v2_journal_fields(journal_t * journal)568 static void clear_v2_journal_fields(journal_t *journal)
569 {
570 e2fsck_t ctx = journal->j_dev->k_ctx;
571 struct problem_context pctx;
572
573 clear_problem_context(&pctx);
574
575 if (!fix_problem(ctx, PR_0_CLEAR_V2_JOURNAL, &pctx))
576 return;
577
578 ctx->flags |= E2F_FLAG_PROBLEMS_FIXED;
579 memset(((char *) journal->j_superblock) + V1_SB_SIZE, 0,
580 ctx->fs->blocksize-V1_SB_SIZE);
581 mark_buffer_dirty(journal->j_sb_buffer);
582 }
583
584
e2fsck_journal_load(journal_t * journal)585 static errcode_t e2fsck_journal_load(journal_t *journal)
586 {
587 e2fsck_t ctx = journal->j_dev->k_ctx;
588 journal_superblock_t *jsb;
589 struct buffer_head *jbh = journal->j_sb_buffer;
590 struct problem_context pctx;
591
592 clear_problem_context(&pctx);
593
594 ll_rw_block(READ, 1, &jbh);
595 if (jbh->b_err) {
596 com_err(ctx->device_name, jbh->b_err, "%s",
597 _("reading journal superblock\n"));
598 return jbh->b_err;
599 }
600
601 jsb = journal->j_superblock;
602 /* If we don't even have JFS_MAGIC, we probably have a wrong inode */
603 if (jsb->s_header.h_magic != htonl(JFS_MAGIC_NUMBER))
604 return e2fsck_journal_fix_bad_inode(ctx, &pctx);
605
606 switch (ntohl(jsb->s_header.h_blocktype)) {
607 case JFS_SUPERBLOCK_V1:
608 journal->j_format_version = 1;
609 if (jsb->s_feature_compat ||
610 jsb->s_feature_incompat ||
611 jsb->s_feature_ro_compat ||
612 jsb->s_nr_users)
613 clear_v2_journal_fields(journal);
614 break;
615
616 case JFS_SUPERBLOCK_V2:
617 journal->j_format_version = 2;
618 if (ntohl(jsb->s_nr_users) > 1 &&
619 uuid_is_null(ctx->fs->super->s_journal_uuid))
620 clear_v2_journal_fields(journal);
621 if (ntohl(jsb->s_nr_users) > 1) {
622 fix_problem(ctx, PR_0_JOURNAL_UNSUPP_MULTIFS, &pctx);
623 return EXT2_ET_JOURNAL_UNSUPP_VERSION;
624 }
625 break;
626
627 /*
628 * These should never appear in a journal super block, so if
629 * they do, the journal is badly corrupted.
630 */
631 case JFS_DESCRIPTOR_BLOCK:
632 case JFS_COMMIT_BLOCK:
633 case JFS_REVOKE_BLOCK:
634 return EXT2_ET_CORRUPT_JOURNAL_SB;
635
636 /* If we don't understand the superblock major type, but there
637 * is a magic number, then it is likely to be a new format we
638 * just don't understand, so leave it alone. */
639 default:
640 return EXT2_ET_JOURNAL_UNSUPP_VERSION;
641 }
642
643 if (JFS_HAS_INCOMPAT_FEATURE(journal, ~JFS_KNOWN_INCOMPAT_FEATURES))
644 return EXT2_ET_UNSUPP_FEATURE;
645
646 if (JFS_HAS_RO_COMPAT_FEATURE(journal, ~JFS_KNOWN_ROCOMPAT_FEATURES))
647 return EXT2_ET_RO_UNSUPP_FEATURE;
648
649 /* Checksum v1-3 are mutually exclusive features. */
650 if (jfs_has_feature_csum2(journal) && jfs_has_feature_csum3(journal))
651 return EXT2_ET_CORRUPT_JOURNAL_SB;
652
653 if (journal_has_csum_v2or3(journal) &&
654 jfs_has_feature_checksum(journal))
655 return EXT2_ET_CORRUPT_JOURNAL_SB;
656
657 if (!e2fsck_journal_verify_csum_type(journal, jsb) ||
658 !e2fsck_journal_sb_csum_verify(journal, jsb))
659 return EXT2_ET_CORRUPT_JOURNAL_SB;
660
661 if (journal_has_csum_v2or3(journal))
662 journal->j_csum_seed = jbd2_chksum(journal, ~0, jsb->s_uuid,
663 sizeof(jsb->s_uuid));
664
665 /* We have now checked whether we know enough about the journal
666 * format to be able to proceed safely, so any other checks that
667 * fail we should attempt to recover from. */
668 if (jsb->s_blocksize != htonl(journal->j_blocksize)) {
669 com_err(ctx->program_name, EXT2_ET_CORRUPT_JOURNAL_SB,
670 _("%s: no valid journal superblock found\n"),
671 ctx->device_name);
672 return EXT2_ET_CORRUPT_JOURNAL_SB;
673 }
674
675 if (ntohl(jsb->s_maxlen) < journal->j_maxlen)
676 journal->j_maxlen = ntohl(jsb->s_maxlen);
677 else if (ntohl(jsb->s_maxlen) > journal->j_maxlen) {
678 com_err(ctx->program_name, EXT2_ET_CORRUPT_JOURNAL_SB,
679 _("%s: journal too short\n"),
680 ctx->device_name);
681 return EXT2_ET_CORRUPT_JOURNAL_SB;
682 }
683
684 journal->j_tail_sequence = ntohl(jsb->s_sequence);
685 journal->j_transaction_sequence = journal->j_tail_sequence;
686 journal->j_tail = ntohl(jsb->s_start);
687 journal->j_first = ntohl(jsb->s_first);
688 journal->j_last = ntohl(jsb->s_maxlen);
689
690 return 0;
691 }
692
e2fsck_journal_reset_super(e2fsck_t ctx,journal_superblock_t * jsb,journal_t * journal)693 static void e2fsck_journal_reset_super(e2fsck_t ctx, journal_superblock_t *jsb,
694 journal_t *journal)
695 {
696 char *p;
697 union {
698 uuid_t uuid;
699 __u32 val[4];
700 } u;
701 __u32 new_seq = 0;
702 int i;
703
704 /* Leave a valid existing V1 superblock signature alone.
705 * Anything unrecognisable we overwrite with a new V2
706 * signature. */
707
708 if (jsb->s_header.h_magic != htonl(JFS_MAGIC_NUMBER) ||
709 jsb->s_header.h_blocktype != htonl(JFS_SUPERBLOCK_V1)) {
710 jsb->s_header.h_magic = htonl(JFS_MAGIC_NUMBER);
711 jsb->s_header.h_blocktype = htonl(JFS_SUPERBLOCK_V2);
712 }
713
714 /* Zero out everything else beyond the superblock header */
715
716 p = ((char *) jsb) + sizeof(journal_header_t);
717 memset (p, 0, ctx->fs->blocksize-sizeof(journal_header_t));
718
719 jsb->s_blocksize = htonl(ctx->fs->blocksize);
720 jsb->s_maxlen = htonl(journal->j_maxlen);
721 jsb->s_first = htonl(1);
722
723 /* Initialize the journal sequence number so that there is "no"
724 * chance we will find old "valid" transactions in the journal.
725 * This avoids the need to zero the whole journal (slow to do,
726 * and risky when we are just recovering the filesystem).
727 */
728 uuid_generate(u.uuid);
729 for (i = 0; i < 4; i ++)
730 new_seq ^= u.val[i];
731 jsb->s_sequence = htonl(new_seq);
732 e2fsck_journal_sb_csum_set(journal, jsb);
733
734 mark_buffer_dirty(journal->j_sb_buffer);
735 ll_rw_block(WRITE, 1, &journal->j_sb_buffer);
736 }
737
e2fsck_journal_fix_corrupt_super(e2fsck_t ctx,journal_t * journal,struct problem_context * pctx)738 static errcode_t e2fsck_journal_fix_corrupt_super(e2fsck_t ctx,
739 journal_t *journal,
740 struct problem_context *pctx)
741 {
742 struct ext2_super_block *sb = ctx->fs->super;
743 int recover = ext2fs_has_feature_journal_needs_recovery(ctx->fs->super);
744
745 if (ext2fs_has_feature_journal(sb)) {
746 if (fix_problem(ctx, PR_0_JOURNAL_BAD_SUPER, pctx)) {
747 e2fsck_journal_reset_super(ctx, journal->j_superblock,
748 journal);
749 journal->j_transaction_sequence = 1;
750 e2fsck_clear_recover(ctx, recover);
751 return 0;
752 }
753 return EXT2_ET_CORRUPT_JOURNAL_SB;
754 } else if (e2fsck_journal_fix_bad_inode(ctx, pctx))
755 return EXT2_ET_CORRUPT_JOURNAL_SB;
756
757 return 0;
758 }
759
e2fsck_journal_release(e2fsck_t ctx,journal_t * journal,int reset,int drop)760 static void e2fsck_journal_release(e2fsck_t ctx, journal_t *journal,
761 int reset, int drop)
762 {
763 journal_superblock_t *jsb;
764
765 if (drop)
766 mark_buffer_clean(journal->j_sb_buffer);
767 else if (!(ctx->options & E2F_OPT_READONLY)) {
768 jsb = journal->j_superblock;
769 jsb->s_sequence = htonl(journal->j_tail_sequence);
770 if (reset)
771 jsb->s_start = 0; /* this marks the journal as empty */
772 e2fsck_journal_sb_csum_set(journal, jsb);
773 mark_buffer_dirty(journal->j_sb_buffer);
774 }
775 brelse(journal->j_sb_buffer);
776
777 if (ctx->journal_io) {
778 if (ctx->fs && ctx->fs->io != ctx->journal_io)
779 io_channel_close(ctx->journal_io);
780 ctx->journal_io = 0;
781 }
782
783 #ifndef USE_INODE_IO
784 if (journal->j_inode)
785 ext2fs_free_mem(&journal->j_inode);
786 #endif
787 if (journal->j_fs_dev)
788 ext2fs_free_mem(&journal->j_fs_dev);
789 ext2fs_free_mem(&journal);
790 }
791
792 /*
793 * This function makes sure that the superblock fields regarding the
794 * journal are consistent.
795 */
e2fsck_check_ext3_journal(e2fsck_t ctx)796 errcode_t e2fsck_check_ext3_journal(e2fsck_t ctx)
797 {
798 struct ext2_super_block *sb = ctx->fs->super;
799 journal_t *journal;
800 int recover = ext2fs_has_feature_journal_needs_recovery(ctx->fs->super);
801 struct problem_context pctx;
802 problem_t problem;
803 int reset = 0, force_fsck = 0;
804 errcode_t retval;
805
806 /* If we don't have any journal features, don't do anything more */
807 if (!ext2fs_has_feature_journal(sb) &&
808 !recover && sb->s_journal_inum == 0 && sb->s_journal_dev == 0 &&
809 uuid_is_null(sb->s_journal_uuid))
810 return 0;
811
812 clear_problem_context(&pctx);
813 pctx.num = sb->s_journal_inum;
814
815 retval = e2fsck_get_journal(ctx, &journal);
816 if (retval) {
817 if ((retval == EXT2_ET_BAD_INODE_NUM) ||
818 (retval == EXT2_ET_BAD_BLOCK_NUM) ||
819 (retval == EXT2_ET_JOURNAL_TOO_SMALL) ||
820 (retval == EXT2_ET_NO_JOURNAL))
821 return e2fsck_journal_fix_bad_inode(ctx, &pctx);
822 return retval;
823 }
824
825 retval = e2fsck_journal_load(journal);
826 if (retval) {
827 if ((retval == EXT2_ET_CORRUPT_JOURNAL_SB) ||
828 ((retval == EXT2_ET_UNSUPP_FEATURE) &&
829 (!fix_problem(ctx, PR_0_JOURNAL_UNSUPP_INCOMPAT,
830 &pctx))) ||
831 ((retval == EXT2_ET_RO_UNSUPP_FEATURE) &&
832 (!fix_problem(ctx, PR_0_JOURNAL_UNSUPP_ROCOMPAT,
833 &pctx))) ||
834 ((retval == EXT2_ET_JOURNAL_UNSUPP_VERSION) &&
835 (!fix_problem(ctx, PR_0_JOURNAL_UNSUPP_VERSION, &pctx))))
836 retval = e2fsck_journal_fix_corrupt_super(ctx, journal,
837 &pctx);
838 e2fsck_journal_release(ctx, journal, 0, 1);
839 return retval;
840 }
841
842 /*
843 * We want to make the flags consistent here. We will not leave with
844 * needs_recovery set but has_journal clear. We can't get in a loop
845 * with -y, -n, or -p, only if a user isn't making up their mind.
846 */
847 no_has_journal:
848 if (!ext2fs_has_feature_journal(sb)) {
849 recover = ext2fs_has_feature_journal_needs_recovery(sb);
850 if (fix_problem(ctx, PR_0_JOURNAL_HAS_JOURNAL, &pctx)) {
851 if (recover &&
852 !fix_problem(ctx, PR_0_JOURNAL_RECOVER_SET, &pctx))
853 goto no_has_journal;
854 /*
855 * Need a full fsck if we are releasing a
856 * journal stored on a reserved inode.
857 */
858 force_fsck = recover ||
859 (sb->s_journal_inum < EXT2_FIRST_INODE(sb));
860 /* Clear all of the journal fields */
861 sb->s_journal_inum = 0;
862 sb->s_journal_dev = 0;
863 memset(sb->s_journal_uuid, 0,
864 sizeof(sb->s_journal_uuid));
865 e2fsck_clear_recover(ctx, force_fsck);
866 } else if (!(ctx->options & E2F_OPT_READONLY)) {
867 ext2fs_set_feature_journal(sb);
868 ctx->fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
869 ext2fs_mark_super_dirty(ctx->fs);
870 }
871 }
872
873 if (ext2fs_has_feature_journal(sb) &&
874 !ext2fs_has_feature_journal_needs_recovery(sb) &&
875 journal->j_superblock->s_start != 0) {
876 /* Print status information */
877 fix_problem(ctx, PR_0_JOURNAL_RECOVERY_CLEAR, &pctx);
878 if (ctx->superblock)
879 problem = PR_0_JOURNAL_RUN_DEFAULT;
880 else
881 problem = PR_0_JOURNAL_RUN;
882 if (fix_problem(ctx, problem, &pctx)) {
883 ctx->options |= E2F_OPT_FORCE;
884 ext2fs_set_feature_journal_needs_recovery(sb);
885 ext2fs_mark_super_dirty(ctx->fs);
886 } else if (fix_problem(ctx,
887 PR_0_JOURNAL_RESET_JOURNAL, &pctx)) {
888 reset = 1;
889 sb->s_state &= ~EXT2_VALID_FS;
890 ext2fs_mark_super_dirty(ctx->fs);
891 }
892 /*
893 * If the user answers no to the above question, we
894 * ignore the fact that journal apparently has data;
895 * accidentally replaying over valid data would be far
896 * worse than skipping a questionable recovery.
897 *
898 * XXX should we abort with a fatal error here? What
899 * will the ext3 kernel code do if a filesystem with
900 * !NEEDS_RECOVERY but with a non-zero
901 * journal->j_superblock->s_start is mounted?
902 */
903 }
904
905 /*
906 * If we don't need to do replay the journal, check to see if
907 * the journal's errno is set; if so, we need to mark the file
908 * system as being corrupt and clear the journal's s_errno.
909 */
910 if (!ext2fs_has_feature_journal_needs_recovery(sb) &&
911 journal->j_superblock->s_errno) {
912 ctx->fs->super->s_state |= EXT2_ERROR_FS;
913 ext2fs_mark_super_dirty(ctx->fs);
914 journal->j_superblock->s_errno = 0;
915 e2fsck_journal_sb_csum_set(journal, journal->j_superblock);
916 mark_buffer_dirty(journal->j_sb_buffer);
917 }
918
919 e2fsck_journal_release(ctx, journal, reset, 0);
920 return retval;
921 }
922
recover_ext3_journal(e2fsck_t ctx)923 static errcode_t recover_ext3_journal(e2fsck_t ctx)
924 {
925 struct problem_context pctx;
926 journal_t *journal;
927 errcode_t retval;
928
929 clear_problem_context(&pctx);
930
931 journal_init_revoke_caches();
932 retval = e2fsck_get_journal(ctx, &journal);
933 if (retval)
934 return retval;
935
936 retval = e2fsck_journal_load(journal);
937 if (retval)
938 goto errout;
939
940 retval = journal_init_revoke(journal, 1024);
941 if (retval)
942 goto errout;
943
944 retval = -journal_recover(journal);
945 if (retval)
946 goto errout;
947
948 if (journal->j_failed_commit) {
949 pctx.ino = journal->j_failed_commit;
950 fix_problem(ctx, PR_0_JNL_TXN_CORRUPT, &pctx);
951 journal->j_superblock->s_errno = -EINVAL;
952 mark_buffer_dirty(journal->j_sb_buffer);
953 }
954
955 journal->j_tail_sequence = journal->j_transaction_sequence;
956
957 errout:
958 journal_destroy_revoke(journal);
959 journal_destroy_revoke_caches();
960 e2fsck_journal_release(ctx, journal, 1, 0);
961 return retval;
962 }
963
e2fsck_run_ext3_journal(e2fsck_t ctx)964 errcode_t e2fsck_run_ext3_journal(e2fsck_t ctx)
965 {
966 io_manager io_ptr = ctx->fs->io->manager;
967 int blocksize = ctx->fs->blocksize;
968 errcode_t retval, recover_retval;
969 io_stats stats = 0;
970 unsigned long long kbytes_written = 0;
971
972 printf(_("%s: recovering journal\n"), ctx->device_name);
973 if (ctx->options & E2F_OPT_READONLY) {
974 printf(_("%s: won't do journal recovery while read-only\n"),
975 ctx->device_name);
976 return EXT2_ET_FILE_RO;
977 }
978
979 if (ctx->fs->flags & EXT2_FLAG_DIRTY)
980 ext2fs_flush(ctx->fs); /* Force out any modifications */
981
982 recover_retval = recover_ext3_journal(ctx);
983
984 /*
985 * Reload the filesystem context to get up-to-date data from disk
986 * because journal recovery will change the filesystem under us.
987 */
988 if (ctx->fs->super->s_kbytes_written &&
989 ctx->fs->io->manager->get_stats)
990 ctx->fs->io->manager->get_stats(ctx->fs->io, &stats);
991 if (stats && stats->bytes_written)
992 kbytes_written = stats->bytes_written >> 10;
993
994 ext2fs_mmp_stop(ctx->fs);
995 ext2fs_free(ctx->fs);
996 retval = ext2fs_open(ctx->filesystem_name, ctx->openfs_flags,
997 ctx->superblock, blocksize, io_ptr,
998 &ctx->fs);
999 if (retval) {
1000 com_err(ctx->program_name, retval,
1001 _("while trying to re-open %s"),
1002 ctx->device_name);
1003 fatal_error(ctx, 0);
1004 }
1005 ctx->fs->priv_data = ctx;
1006 ctx->fs->now = ctx->now;
1007 ctx->fs->flags |= EXT2_FLAG_MASTER_SB_ONLY;
1008 ctx->fs->super->s_kbytes_written += kbytes_written;
1009
1010 /* Set the superblock flags */
1011 e2fsck_clear_recover(ctx, recover_retval != 0);
1012
1013 /*
1014 * Do one last sanity check, and propagate journal->s_errno to
1015 * the EXT2_ERROR_FS flag in the fs superblock if needed.
1016 */
1017 retval = e2fsck_check_ext3_journal(ctx);
1018 return retval ? retval : recover_retval;
1019 }
1020
1021 /*
1022 * This function will move the journal inode from a visible file in
1023 * the filesystem directory hierarchy to the reserved inode if necessary.
1024 */
1025 static const char * const journal_names[] = {
1026 ".journal", "journal", ".journal.dat", "journal.dat", 0 };
1027
e2fsck_move_ext3_journal(e2fsck_t ctx)1028 void e2fsck_move_ext3_journal(e2fsck_t ctx)
1029 {
1030 struct ext2_super_block *sb = ctx->fs->super;
1031 struct problem_context pctx;
1032 struct ext2_inode inode;
1033 ext2_filsys fs = ctx->fs;
1034 ext2_ino_t ino;
1035 errcode_t retval;
1036 const char * const * cpp;
1037 dgrp_t group;
1038 int mount_flags;
1039
1040 clear_problem_context(&pctx);
1041
1042 /*
1043 * If the filesystem is opened read-only, or there is no
1044 * journal, then do nothing.
1045 */
1046 if ((ctx->options & E2F_OPT_READONLY) ||
1047 (sb->s_journal_inum == 0) ||
1048 !ext2fs_has_feature_journal(sb))
1049 return;
1050
1051 /*
1052 * Read in the journal inode
1053 */
1054 if (ext2fs_read_inode(fs, sb->s_journal_inum, &inode) != 0)
1055 return;
1056
1057 /*
1058 * If it's necessary to backup the journal inode, do so.
1059 */
1060 if ((sb->s_jnl_backup_type == 0) ||
1061 ((sb->s_jnl_backup_type == EXT3_JNL_BACKUP_BLOCKS) &&
1062 memcmp(inode.i_block, sb->s_jnl_blocks, EXT2_N_BLOCKS*4))) {
1063 if (fix_problem(ctx, PR_0_BACKUP_JNL, &pctx)) {
1064 memcpy(sb->s_jnl_blocks, inode.i_block,
1065 EXT2_N_BLOCKS*4);
1066 sb->s_jnl_blocks[15] = inode.i_size_high;
1067 sb->s_jnl_blocks[16] = inode.i_size;
1068 sb->s_jnl_backup_type = EXT3_JNL_BACKUP_BLOCKS;
1069 ext2fs_mark_super_dirty(fs);
1070 fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
1071 }
1072 }
1073
1074 /*
1075 * If the journal is already the hidden inode, then do nothing
1076 */
1077 if (sb->s_journal_inum == EXT2_JOURNAL_INO)
1078 return;
1079
1080 /*
1081 * The journal inode had better have only one link and not be readable.
1082 */
1083 if (inode.i_links_count != 1)
1084 return;
1085
1086 /*
1087 * If the filesystem is mounted, or we can't tell whether
1088 * or not it's mounted, do nothing.
1089 */
1090 retval = ext2fs_check_if_mounted(ctx->filesystem_name, &mount_flags);
1091 if (retval || (mount_flags & EXT2_MF_MOUNTED))
1092 return;
1093
1094 /*
1095 * If we can't find the name of the journal inode, then do
1096 * nothing.
1097 */
1098 for (cpp = journal_names; *cpp; cpp++) {
1099 retval = ext2fs_lookup(fs, EXT2_ROOT_INO, *cpp,
1100 strlen(*cpp), 0, &ino);
1101 if ((retval == 0) && (ino == sb->s_journal_inum))
1102 break;
1103 }
1104 if (*cpp == 0)
1105 return;
1106
1107 /* We need the inode bitmap to be loaded */
1108 retval = ext2fs_read_bitmaps(fs);
1109 if (retval)
1110 return;
1111
1112 pctx.str = *cpp;
1113 if (!fix_problem(ctx, PR_0_MOVE_JOURNAL, &pctx))
1114 return;
1115
1116 /*
1117 * OK, we've done all the checks, let's actually move the
1118 * journal inode. Errors at this point mean we need to force
1119 * an ext2 filesystem check.
1120 */
1121 if ((retval = ext2fs_unlink(fs, EXT2_ROOT_INO, *cpp, ino, 0)) != 0)
1122 goto err_out;
1123 if ((retval = ext2fs_write_inode(fs, EXT2_JOURNAL_INO, &inode)) != 0)
1124 goto err_out;
1125 sb->s_journal_inum = EXT2_JOURNAL_INO;
1126 ext2fs_mark_super_dirty(fs);
1127 fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
1128 inode.i_links_count = 0;
1129 inode.i_dtime = ctx->now;
1130 if ((retval = ext2fs_write_inode(fs, ino, &inode)) != 0)
1131 goto err_out;
1132
1133 group = ext2fs_group_of_ino(fs, ino);
1134 ext2fs_unmark_inode_bitmap2(fs->inode_map, ino);
1135 ext2fs_mark_ib_dirty(fs);
1136 ext2fs_bg_free_inodes_count_set(fs, group, ext2fs_bg_free_inodes_count(fs, group) + 1);
1137 ext2fs_group_desc_csum_set(fs, group);
1138 fs->super->s_free_inodes_count++;
1139 return;
1140
1141 err_out:
1142 pctx.errcode = retval;
1143 fix_problem(ctx, PR_0_ERR_MOVE_JOURNAL, &pctx);
1144 fs->super->s_state &= ~EXT2_VALID_FS;
1145 ext2fs_mark_super_dirty(fs);
1146 return;
1147 }
1148
1149 /*
1150 * This function makes sure the superblock hint for the external
1151 * journal is correct.
1152 */
e2fsck_fix_ext3_journal_hint(e2fsck_t ctx)1153 int e2fsck_fix_ext3_journal_hint(e2fsck_t ctx)
1154 {
1155 struct ext2_super_block *sb = ctx->fs->super;
1156 struct problem_context pctx;
1157 char uuid[37], *journal_name;
1158 struct stat st;
1159
1160 if (!ext2fs_has_feature_journal(sb) ||
1161 uuid_is_null(sb->s_journal_uuid))
1162 return 0;
1163
1164 uuid_unparse(sb->s_journal_uuid, uuid);
1165 journal_name = blkid_get_devname(ctx->blkid, "UUID", uuid);
1166 if (!journal_name)
1167 return 0;
1168
1169 if (stat(journal_name, &st) < 0) {
1170 free(journal_name);
1171 return 0;
1172 }
1173
1174 if (st.st_rdev != sb->s_journal_dev) {
1175 clear_problem_context(&pctx);
1176 pctx.num = st.st_rdev;
1177 if (fix_problem(ctx, PR_0_EXTERNAL_JOURNAL_HINT, &pctx)) {
1178 sb->s_journal_dev = st.st_rdev;
1179 ext2fs_mark_super_dirty(ctx->fs);
1180 }
1181 }
1182
1183 free(journal_name);
1184 return 0;
1185 }
1186