From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: tytso@mit.edu, darrick.wong@oracle.com
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 10/37] e2fsck: verify checksums after checking everything else
Date: Thu, 01 May 2014 16:13:28 -0700 [thread overview]
Message-ID: <20140501231328.31890.34436.stgit@birch.djwong.org> (raw)
In-Reply-To: <20140501231222.31890.82860.stgit@birch.djwong.org>
There's a particular problem with e2fsck's user interface where
checksum errors are concerned: Fixing the first complaint about
a checksum problem results in the inode being cleared even if e2fsck
could otherwise have recovered it. While this mode is useful for
cleaning the remaining broken crud off the filesystem, we could at
least default to checking everything /else/ and only complaining about
the incorrect checksum if fsck finds nothing else wrong.
So, plumb in a config option. We default to "verify and checksum"
unless the user tell us otherwise.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
e2fsck/e2fsck.8.in | 12 ++++++++++++
e2fsck/e2fsck.conf.5.in | 20 ++++++++++++++++++++
e2fsck/e2fsck.h | 1 +
e2fsck/problem.c | 18 ++++++++++++++----
e2fsck/problemP.h | 1 +
e2fsck/unix.c | 11 +++++++++++
6 files changed, 59 insertions(+), 4 deletions(-)
diff --git a/e2fsck/e2fsck.8.in b/e2fsck/e2fsck.8.in
index f5ed758..43ee063 100644
--- a/e2fsck/e2fsck.8.in
+++ b/e2fsck/e2fsck.8.in
@@ -207,6 +207,18 @@ option may prevent you from further manual data recovery.
.BI nodiscard
Do not attempt to discard free blocks and unused inode blocks. This option is
exactly the opposite of discard option. This is set as default.
+.TP
+.BI strict_csums
+Verify each metadata object's checksum before checking anything other fields
+in the metadata object. If the verification fails, offer to clear the item,
+also before checking any of the other fields. This option causes e2fsck to
+favor throwing away broken objects over trying to salvage them.
+.TP
+.BI no_strict_csums
+Perform all regular checks of a metadata object and only verify the checksum if
+no problems were found. This option causes e2fsck to try to salvage slightly
+damaged metadata objects, at the cost of spending processing time on recovering
+data. This is set as the default.
.RE
.TP
.B \-f
diff --git a/e2fsck/e2fsck.conf.5.in b/e2fsck/e2fsck.conf.5.in
index 9ebfbbf..a8219a8 100644
--- a/e2fsck/e2fsck.conf.5.in
+++ b/e2fsck/e2fsck.conf.5.in
@@ -222,6 +222,26 @@ If this boolean relation is true, e2fsck will run as if the option
.B -v
is always specified. This will cause e2fsck to print some additional
information at the end of each full file system check.
+.TP
+.I strict_csums
+If this boolean relation is true, e2fsck will run as if
+.B -E strict_csums
+is set. This causes e2fsck to verify each metadata object's checksum before
+checking anything other fields in the metadata object. If the verification
+fails, offer to clear the item, also before checking any of the other fields.
+This option causes e2fsck to favor throwing away broken objects over trying to
+salvage them.
+.IP
+If the boolean relation is false, e2fsck will run as if
+.B -E no_strict_csums
+is set. In this case, e2fsck will perform all regular checks of a metadata
+object and only verify the checksum if no problems were found. This option
+causes e2fsck to try to salvage slightly damaged metadata objects, at the cost
+of spending processing time on recovering data.
+.IP
+The default is for e2fsck to behave as if
+.B -E no_strict_csums
+is set.
.SH THE [problems] STANZA
Each tag in the
.I [problems]
diff --git a/e2fsck/e2fsck.h b/e2fsck/e2fsck.h
index dbd6ea8..d7a7be9 100644
--- a/e2fsck/e2fsck.h
+++ b/e2fsck/e2fsck.h
@@ -167,6 +167,7 @@ struct resource_track {
#define E2F_OPT_FRAGCHECK 0x0800
#define E2F_OPT_JOURNAL_ONLY 0x1000 /* only replay the journal */
#define E2F_OPT_DISCARD 0x2000
+#define E2F_OPT_CSUM_FIRST 0x4000
/*
* E2fsck flags
diff --git a/e2fsck/problem.c b/e2fsck/problem.c
index 7f0ad6c..0999399 100644
--- a/e2fsck/problem.c
+++ b/e2fsck/problem.c
@@ -970,7 +970,7 @@ static struct e2fsck_problem problem_table[] = {
/* inode checksum does not match inode */
{ PR_1_INODE_CSUM_INVALID,
N_("@i %i checksum does not match @i. "),
- PROMPT_CLEAR, PR_PREEN_OK },
+ PROMPT_CLEAR, PR_PREEN_OK | PR_INITIAL_CSUM },
/* inode passes checks, but checksum does not match inode */
{ PR_1_INODE_ONLY_CSUM_INVALID,
@@ -981,7 +981,7 @@ static struct e2fsck_problem problem_table[] = {
{ PR_1_EXTENT_CSUM_INVALID,
N_("@i %i extent block checksum does not match extent\n\t(logical @b "
"%c, @n physical @b %b, len %N)\n"),
- PROMPT_CLEAR, 0 },
+ PROMPT_CLEAR, PR_INITIAL_CSUM },
/*
* Inode extent block passes checks, but checksum does not match
@@ -996,7 +996,7 @@ static struct e2fsck_problem problem_table[] = {
{ PR_1_EA_BLOCK_CSUM_INVALID,
N_("Extended attribute @a @b %b checksum for @i %i does not "
"match. "),
- PROMPT_CLEAR, 0 },
+ PROMPT_CLEAR, PR_INITIAL_CSUM },
/*
* Extended attribute block passes checks, but checksum for inode does
@@ -1470,7 +1470,7 @@ static struct e2fsck_problem problem_table[] = {
/* leaf node fails checksum */
{ PR_2_LEAF_NODE_CSUM_INVALID,
N_("@d @i %i, %B, offset %N: @d fails checksum\n"),
- PROMPT_SALVAGE, PR_PREEN_OK },
+ PROMPT_SALVAGE, PR_PREEN_OK | PR_INITIAL_CSUM },
/* leaf node has no checksum */
{ PR_2_LEAF_NODE_MISSING_CSUM,
@@ -1944,6 +1944,16 @@ int fix_problem(e2fsck_t ctx, problem_t code, struct problem_context *pctx)
printf(_("Unhandled error code (0x%x)!\n"), code);
return 0;
}
+
+ /*
+ * If there is a problem with the initial csum verification and the
+ * user told e2fsck to verify csums /after/ checking everything else,
+ * then don't "fix" anything.
+ */
+ if ((ptr->flags & PR_INITIAL_CSUM) &&
+ !(ctx->options & E2F_OPT_CSUM_FIRST))
+ return 0;
+
if (!(ptr->flags & PR_CONFIG)) {
char key[9], *new_desc = NULL;
diff --git a/e2fsck/problemP.h b/e2fsck/problemP.h
index 7944cd6..a983598 100644
--- a/e2fsck/problemP.h
+++ b/e2fsck/problemP.h
@@ -44,3 +44,4 @@ struct latch_descr {
#define PR_CONFIG 0x080000 /* This problem has been customized
from the config file */
#define PR_FORCE_NO 0x100000 /* Force the answer to be no */
+#define PR_INITIAL_CSUM 0x200000 /* User can ignore initial csum check */
diff --git a/e2fsck/unix.c b/e2fsck/unix.c
index b39383d..c6cdb49 100644
--- a/e2fsck/unix.c
+++ b/e2fsck/unix.c
@@ -692,6 +692,10 @@ static void parse_extended_opts(e2fsck_t ctx, const char *opts)
else
ctx->log_fn = string_copy(ctx, arg, 0);
continue;
+ } else if (strcmp(token, "strict_csums") == 0) {
+ ctx->options |= E2F_OPT_CSUM_FIRST;
+ } else if (strcmp(token, "no_strict_csums") == 0) {
+ ctx->options &= ~E2F_OPT_CSUM_FIRST;
} else {
fprintf(stderr, _("Unknown extended option: %s\n"),
token);
@@ -710,6 +714,8 @@ static void parse_extended_opts(e2fsck_t ctx, const char *opts)
fputs(("\tjournal_only\n"), stderr);
fputs(("\tdiscard\n"), stderr);
fputs(("\tnodiscard\n"), stderr);
+ fputs(("\tstrict_csums\n"), stderr);
+ fputs(("\tno_strict_csums\n"), stderr);
fputc('\n', stderr);
exit(1);
}
@@ -945,6 +951,11 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx)
profile_set_syntax_err_cb(syntax_err_report);
profile_init(config_fn, &ctx->profile);
+ profile_get_boolean(ctx->profile, "options", "strict_csums", NULL,
+ 0, &c);
+ if (c)
+ ctx->options |= E2F_OPT_CSUM_FIRST;
+
profile_get_boolean(ctx->profile, "options", "report_time", 0, 0,
&c);
if (c)
next prev parent reply other threads:[~2014-05-01 23:13 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-01 23:12 [PATCH 00/37] e2fsprogs patchbomb 5/14 Darrick J. Wong
2014-05-01 23:12 ` [PATCH 01/37] misc: create better-packaged static analysis reports Darrick J. Wong
2014-05-11 22:33 ` Theodore Ts'o
2014-05-01 23:12 ` [PATCH 02/37] misc: coverity fixes Darrick J. Wong
2014-05-02 11:17 ` Lukáš Czerner
2014-05-05 20:04 ` Darrick J. Wong
2014-05-11 22:40 ` Theodore Ts'o
2014-05-01 23:12 ` [PATCH 03/37] libext2fs: create sockets when populating filesystem Darrick J. Wong
2014-05-02 11:22 ` Lukáš Czerner
2014-05-05 20:08 ` Darrick J. Wong
2014-05-11 22:44 ` Theodore Ts'o
2014-05-01 23:12 ` [PATCH 04/37] mke2fs: always warn if 128-byte inode and inline_data Darrick J. Wong
2014-05-02 11:27 ` Lukáš Czerner
2014-05-05 20:10 ` Darrick J. Wong
2014-05-12 0:26 ` Theodore Ts'o
2014-05-01 23:12 ` [PATCH 05/37] debugfs: teach logdump to deal with 64bit revoke tables Darrick J. Wong
2014-05-02 11:38 ` Lukáš Czerner
2014-05-05 22:23 ` Darrick J. Wong
2014-05-06 11:35 ` Lukáš Czerner
2014-05-12 1:20 ` Theodore Ts'o
2014-05-01 23:13 ` [PATCH 06/37] debugfs: force logdump to display (old) journal contents Darrick J. Wong
2014-05-02 11:49 ` Lukáš Czerner
2014-05-06 0:24 ` Darrick J. Wong
2014-05-12 1:41 ` Theodore Ts'o
2014-05-12 3:31 ` Theodore Ts'o
2014-05-14 0:05 ` Darrick J. Wong
2014-05-01 23:13 ` [PATCH 07/37] resize2fs: fix check for collision between old GDT and superblock on sparse_super2 fs Darrick J. Wong
2014-05-12 3:35 ` Theodore Ts'o
2014-05-01 23:13 ` [PATCH 08/37] mke2fs: set gdt csum when creating packed fs Darrick J. Wong
2014-05-02 11:55 ` Lukáš Czerner
2014-05-12 4:22 ` Theodore Ts'o
2014-05-01 23:13 ` [PATCH 09/37] mke2fs: set error behavior at initialization time Darrick J. Wong
2014-05-02 12:13 ` Lukáš Czerner
2014-05-01 23:13 ` Darrick J. Wong [this message]
2014-05-02 12:32 ` [PATCH 10/37] e2fsck: verify checksums after checking everything else Lukáš Czerner
2014-05-05 22:56 ` Darrick J. Wong
2014-05-06 11:32 ` Lukáš Czerner
2014-05-08 0:05 ` Darrick J. Wong
2014-05-01 23:13 ` [PATCH 11/37] e2fsck: fix the extended attribute checksum error message Darrick J. Wong
2014-05-02 12:46 ` Lukáš Czerner
2014-05-05 23:08 ` Darrick J. Wong
2014-05-06 10:12 ` Lukáš Czerner
2014-05-01 23:13 ` [PATCH 12/37] e2fsck: insert a missing dirent tail for checksums if possible Darrick J. Wong
2014-05-02 12:54 ` Lukáš Czerner
2014-05-05 23:16 ` Darrick J. Wong
2014-05-01 23:13 ` [PATCH 13/37] e2fsck: write dir blocks after new inode when reconstructing root/lost+found Darrick J. Wong
2014-05-05 17:13 ` Lukáš Czerner
2014-05-01 23:13 ` [PATCH 14/37] dumpe2fs: add switch to disable checksum verification Darrick J. Wong
2014-05-05 17:20 ` Lukáš Czerner
2014-05-01 23:14 ` [PATCH 15/37] mke2fs: set block_validity as a default mount option Darrick J. Wong
2014-05-05 17:24 ` Lukáš Czerner
2014-05-01 23:14 ` [PATCH 16/37] libext2fs: support allocating uninit blocks in bmap2() Darrick J. Wong
2014-05-06 15:45 ` Lukáš Czerner
2014-05-06 19:59 ` Darrick J. Wong
2014-05-07 10:02 ` Lukáš Czerner
2014-05-07 21:37 ` Darrick J. Wong
2014-05-08 0:13 ` [PATCH 1/2] libext2fs: support BLKZEROOUT/FALLOC_FL_ZERO_RANGE in ext2fs_zero_blocks Darrick J. Wong
2014-05-13 11:11 ` Lukáš Czerner
2014-05-08 0:14 ` [PATCH 2/2] libext2fs: support allocating uninit blocks in bmap2() Darrick J. Wong
2014-05-27 16:28 ` Lukáš Czerner
2014-05-28 19:48 ` Darrick J. Wong
2014-05-01 23:14 ` [PATCH 17/37] libext2fs: file IO routines should handle uninit blocks Darrick J. Wong
2014-05-01 23:14 ` [PATCH 18/37] resize2fs: convert fs to and from 64bit mode Darrick J. Wong
2014-05-01 23:14 ` [PATCH 19/37] resize2fs: when toggling 64bit, don't free in-use bg data clusters Darrick J. Wong
2014-05-01 23:14 ` [PATCH 20/37] resize2fs: adjust reserved_gdt_blocks when changing group descriptor size Darrick J. Wong
2014-05-01 23:14 ` [PATCH 21/37] libext2fs: have UNIX IO manager use pread/pwrite Darrick J. Wong
2014-08-02 23:16 ` Theodore Ts'o
2014-05-01 23:14 ` [PATCH 22/37] ext2fs: add readahead method to improve scanning Darrick J. Wong
2014-05-01 23:14 ` [PATCH 23/37] e2fsck: provide routines to read-ahead metadata Darrick J. Wong
2014-05-01 23:14 ` [PATCH 24/37] e2fsck: read-ahead metadata during passes 1, 2, and 4 Darrick J. Wong
2014-07-28 22:25 ` Darrick J. Wong
2014-05-01 23:15 ` [PATCH 25/37] libext2fs: when appending to a file, don't split an index block in equal halves Darrick J. Wong
2014-08-02 23:43 ` Theodore Ts'o
2014-05-01 23:15 ` [PATCH 26/37] libext2fs: find inode goal when allocating blocks Darrick J. Wong
2014-05-01 23:15 ` [PATCH 27/37] libext2fs: find a range of empty blocks Darrick J. Wong
2014-05-01 23:15 ` [PATCH 28/37] libext2fs: provide a function to set inode size Darrick J. Wong
2014-07-26 18:37 ` Theodore Ts'o
2014-05-01 23:15 ` [PATCH 29/37] libext2fs: implement fallocate Darrick J. Wong
2014-05-01 23:15 ` [PATCH 31/37] fuse2fs: translate ACL structures Darrick J. Wong
2014-05-01 23:15 ` [PATCH 32/37] fuse2fs: handle 64-bit dates correctly Darrick J. Wong
2014-05-01 23:16 ` [PATCH 33/37] fuse2fs: implement fallocate Darrick J. Wong
2014-05-01 23:16 ` [PATCH 35/37] tests: enable using fuse2fs with metadata checksum test Darrick J. Wong
2014-05-01 23:16 ` [PATCH 36/37] tests: test date handling Darrick J. Wong
2014-05-01 23:16 ` [PATCH 37/37] ext5: define new subtype to add features and reduce testing complexity Darrick J. Wong
2014-05-02 9:45 ` Lukáš Czerner
2014-05-02 14:04 ` Theodore Ts'o
2014-05-06 1:59 ` Darrick J. Wong
2014-05-06 1:33 ` Darrick J. Wong
2014-05-06 12:50 ` Lukáš Czerner
2014-05-06 15:21 ` Theodore Ts'o
2014-05-06 15:30 ` Lukáš Czerner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140501231328.31890.34436.stgit@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.