2 * journal.c --- code for handling the "ext3" journal
4 * Copyright (C) 2000 Andreas Dilger
5 * Copyright (C) 2000 Theodore Ts'o
7 * Parts of the code are based on fs/jfs/journal.c by Stephen C. Tweedie
8 * Copyright (C) 1999 Red Hat Software
10 * This file may be redistributed under the terms of the
11 * GNU General Public License version 2 or at your discretion
15 #ifdef HAVE_SYS_MOUNT_H
16 #include <sys/mount.h>
17 #define MNT_FL (MS_MGC_VAL | MS_RDONLY)
19 #ifdef HAVE_SYS_STAT_H
23 #define E2FSCK_INCLUDE_INLINE_FUNCS
26 #include "uuid/uuid.h"
29 static int bh_count = 0;
30 int journal_enable_debug = 0;
33 /* Kernel compatibility functions for handling the journal. These allow us
34 * to use the recovery.c file virtually unchanged from the kernel, so we
35 * don't have to do much to keep kernel and user recovery in sync.
37 int bmap(struct inode *inode, int block)
42 retval = ext2fs_bmap(inode->i_ctx->fs, inode->i_ino, &inode->i_ext2,
43 NULL, 0, block, &phys);
46 com_err(inode->i_ctx->device_name, retval,
47 _("bmap journal inode %ld, block %d\n"),
53 struct buffer_head *getblk(e2fsck_t ctx, blk_t blocknr, int blocksize)
55 struct buffer_head *bh;
57 bh = e2fsck_allocate_memory(ctx, sizeof(*bh), "block buffer");
61 jfs_debug(4, "getblk for block %lu (%d bytes)(total %d)\n",
62 (unsigned long) blocknr, blocksize, ++bh_count);
65 bh->b_size = blocksize;
66 bh->b_blocknr = blocknr;
71 void ll_rw_block(int rw, int nr, struct buffer_head *bhp[])
74 struct buffer_head *bh;
76 for (; nr > 0; --nr) {
78 if (rw == READ && !bh->b_uptodate) {
79 jfs_debug(3, "reading block %lu/%p\n",
80 (unsigned long) bh->b_blocknr, (void *) bh);
81 retval = io_channel_read_blk(bh->b_ctx->fs->io,
85 com_err(bh->b_ctx->device_name, retval,
86 "while reading block %ld\n",
92 } else if (rw == WRITE && bh->b_dirty) {
93 jfs_debug(3, "writing block %lu/%p\n",
94 (unsigned long) bh->b_blocknr, (void *) bh);
95 retval = io_channel_write_blk(bh->b_ctx->fs->io,
99 com_err(bh->b_ctx->device_name, retval,
100 "while writing block %ld\n",
108 jfs_debug(3, "no-op %s for block %lu\n",
109 rw == READ ? "read" : "write",
110 (unsigned long) bh->b_blocknr);
114 void mark_buffer_dirty(struct buffer_head *bh, int dummy)
116 bh->b_dirty = dummy | 1; /* use dummy to avoid unused variable */
119 static void mark_buffer_clean(struct buffer_head * bh)
124 void brelse(struct buffer_head *bh)
127 ll_rw_block(WRITE, 1, &bh);
128 jfs_debug(3, "freeing block %lu/%p (total %d)\n",
129 (unsigned long) bh->b_blocknr, (void *) bh, --bh_count);
130 ext2fs_free_mem((void **) &bh);
133 int buffer_uptodate(struct buffer_head *bh)
135 return bh->b_uptodate;
138 void wait_on_buffer(struct buffer_head *bh)
141 ll_rw_block(READ, 1, &bh);
145 static void e2fsck_clear_recover(e2fsck_t ctx, int error)
147 ctx->fs->super->s_feature_incompat &= ~EXT3_FEATURE_INCOMPAT_RECOVER;
149 /* if we had an error doing journal recovery, we need a full fsck */
151 ctx->fs->super->s_state &= ~EXT2_VALID_FS;
152 ext2fs_mark_super_dirty(ctx->fs);
155 static errcode_t e2fsck_journal_init_inode(e2fsck_t ctx,
156 struct ext2_super_block *s,
157 ext2_ino_t journal_inum,
161 struct buffer_head *bh;
165 jfs_debug(1, "Using journal inode %u\n", journal_inum);
166 *journal = e2fsck_allocate_memory(ctx, sizeof(journal_t), "journal");
168 return EXT2_ET_NO_MEMORY;
171 inode = e2fsck_allocate_memory(ctx, sizeof(*inode), "journal inode");
173 retval = EXT2_ET_NO_MEMORY;
178 inode->i_ino = journal_inum;
179 retval = ext2fs_read_inode(ctx->fs, journal_inum, &inode->i_ext2);
183 (*journal)->j_dev = ctx;
184 (*journal)->j_inode = inode;
185 (*journal)->j_blocksize = ctx->fs->blocksize;
186 (*journal)->j_maxlen = inode->i_ext2.i_size / (*journal)->j_blocksize;
188 if (!inode->i_ext2.i_links_count ||
189 !LINUX_S_ISREG(inode->i_ext2.i_mode) ||
190 (*journal)->j_maxlen < JFS_MIN_JOURNAL_BLOCKS ||
191 (start = bmap(inode, 0)) == 0) {
192 retval = EXT2_ET_BAD_INODE_NUM;
196 bh = getblk(ctx, start, (*journal)->j_blocksize);
198 retval = EXT2_ET_NO_MEMORY;
201 (*journal)->j_sb_buffer = bh;
202 (*journal)->j_superblock = (journal_superblock_t *)bh->b_data;
207 ext2fs_free_mem((void **)&inode);
209 ext2fs_free_mem((void **)journal);
214 static errcode_t e2fsck_get_journal(e2fsck_t ctx, journal_t **journal)
217 struct problem_context pctx;
218 struct ext2_super_block *sb = ctx->fs->super;
220 clear_problem_context(&pctx);
222 if (sb->s_feature_compat & EXT3_FEATURE_COMPAT_HAS_JOURNAL) {
223 /* FIXME: check if dev is valid block dev, has a journal */
224 if (sb->s_journal_dev) {
225 pctx.num = sb->s_journal_dev;
226 /* this problem aborts on -y, -p, unsupported on -n */
227 if (!fix_problem(ctx, PR_0_JOURNAL_UNSUPP_DEV, &pctx))
228 return EXT2_ET_UNSUPP_FEATURE;
229 sb->s_journal_dev = 0;
230 sb->s_state &= ~EXT2_VALID_FS;
231 ext2fs_mark_super_dirty(ctx->fs);
233 /* FIXME: check if UUID is valid block dev, has a journal */
234 if (!uuid_is_null(sb->s_journal_uuid)) {
235 uuid_unparse(sb->s_journal_uuid, uuid_str);
237 /* this problem aborts on -y, -p, unsupported on -n */
238 if (!fix_problem(ctx, PR_0_JOURNAL_UNSUPP_UUID, &pctx))
239 return EXT2_ET_UNSUPP_FEATURE;
240 uuid_clear(sb->s_journal_uuid);
241 sb->s_state &= ~EXT2_VALID_FS;
242 ext2fs_mark_super_dirty(ctx->fs);
244 if (!sb->s_journal_inum)
245 return EXT2_ET_BAD_INODE_NUM;
248 if (sb->s_journal_dev) {
249 pctx.num = sb->s_journal_dev;
250 if (!fix_problem(ctx, PR_0_JOURNAL_BAD_DEV, &pctx))
251 return EXT2_ET_UNSUPP_FEATURE;
252 sb->s_journal_dev = 0;
253 sb->s_state &= ~EXT2_VALID_FS;
254 ext2fs_mark_super_dirty(ctx->fs);
256 if (!uuid_is_null(sb->s_journal_uuid)) {
257 uuid_unparse(sb->s_journal_uuid, uuid_str);
259 if (!fix_problem(ctx, PR_0_JOURNAL_BAD_UUID, &pctx))
260 return EXT2_ET_UNSUPP_FEATURE;
261 uuid_clear(sb->s_journal_uuid);
262 sb->s_state &= ~EXT2_VALID_FS;
263 ext2fs_mark_super_dirty(ctx->fs);
266 return e2fsck_journal_init_inode(ctx, sb, sb->s_journal_inum, journal);
269 static errcode_t e2fsck_journal_fix_bad_inode(e2fsck_t ctx,
270 struct problem_context *pctx)
272 struct ext2_super_block *sb = ctx->fs->super;
273 int recover = ctx->fs->super->s_feature_incompat &
274 EXT3_FEATURE_INCOMPAT_RECOVER;
275 int has_journal = ctx->fs->super->s_feature_compat &
276 EXT3_FEATURE_COMPAT_HAS_JOURNAL;
278 if (has_journal || sb->s_journal_inum) {
279 /* The journal inode is bogus, remove and force full fsck */
280 pctx->ino = sb->s_journal_inum;
281 if (fix_problem(ctx, PR_0_JOURNAL_BAD_INODE, pctx)) {
282 if (has_journal && sb->s_journal_inum)
283 printf("*** ext3 journal has been deleted - "
284 "filesystem is now ext2 only ***\n\n");
285 sb->s_feature_compat &= ~EXT3_FEATURE_COMPAT_HAS_JOURNAL;
286 sb->s_journal_inum = 0;
287 e2fsck_clear_recover(ctx, 1);
290 return EXT2_ET_BAD_INODE_NUM;
291 } else if (recover) {
292 if (fix_problem(ctx, PR_0_JOURNAL_RECOVER_SET, pctx)) {
293 e2fsck_clear_recover(ctx, 1);
296 return EXT2_ET_UNSUPP_FEATURE;
301 static errcode_t e2fsck_journal_load(journal_t *journal)
303 e2fsck_t ctx = journal->j_dev;
304 journal_superblock_t *jsb;
305 struct buffer_head *jbh = journal->j_sb_buffer;
306 struct problem_context pctx;
308 clear_problem_context(&pctx);
310 ll_rw_block(READ, 1, &jbh);
312 com_err(ctx->device_name, jbh->b_err,
313 _("reading journal superblock\n"));
317 jsb = journal->j_superblock;
318 /* If we don't even have JFS_MAGIC, we probably have a wrong inode */
319 if (jsb->s_header.h_magic != htonl(JFS_MAGIC_NUMBER))
320 return e2fsck_journal_fix_bad_inode(ctx, &pctx);
322 switch (ntohl(jsb->s_header.h_blocktype)) {
323 case JFS_SUPERBLOCK_V1:
324 journal->j_format_version = 1;
327 case JFS_SUPERBLOCK_V2:
328 journal->j_format_version = 2;
331 /* If we don't understand the superblock major type, but there
332 * is a magic number, then it is likely to be a new format we
333 * just don't understand, so leave it alone. */
335 com_err(ctx->program_name, EXT2_ET_UNSUPP_FEATURE,
336 _("%s: journal has unrecognised format\n"),
338 return EXT2_ET_UNSUPP_FEATURE;
341 if (JFS_HAS_INCOMPAT_FEATURE(journal, ~JFS_KNOWN_INCOMPAT_FEATURES)) {
342 com_err(ctx->program_name, EXT2_ET_UNSUPP_FEATURE,
343 _("%s: journal has incompatible features\n"),
345 return EXT2_ET_UNSUPP_FEATURE;
348 if (JFS_HAS_RO_COMPAT_FEATURE(journal, ~JFS_KNOWN_ROCOMPAT_FEATURES)) {
349 com_err(ctx->program_name, EXT2_ET_UNSUPP_FEATURE,
350 _("%s: journal has readonly-incompatible features\n"),
352 return EXT2_ET_RO_UNSUPP_FEATURE;
355 /* We have now checked whether we know enough about the journal
356 * format to be able to proceed safely, so any other checks that
357 * fail we should attempt to recover from. */
358 if (jsb->s_blocksize != htonl(journal->j_blocksize)) {
359 com_err(ctx->program_name, EXT2_ET_CORRUPT_SUPERBLOCK,
360 _("%s: no valid journal superblock found\n"),
362 return EXT2_ET_CORRUPT_SUPERBLOCK;
365 if (ntohl(jsb->s_maxlen) < journal->j_maxlen)
366 journal->j_maxlen = ntohl(jsb->s_maxlen);
367 else if (ntohl(jsb->s_maxlen) > journal->j_maxlen) {
368 com_err(ctx->program_name, EXT2_ET_CORRUPT_SUPERBLOCK,
369 _("%s: journal too short\n"),
371 return EXT2_ET_CORRUPT_SUPERBLOCK;
374 journal->j_tail_sequence = ntohl(jsb->s_sequence);
375 journal->j_transaction_sequence = journal->j_tail_sequence;
376 journal->j_tail = ntohl(jsb->s_start);
377 journal->j_first = ntohl(jsb->s_first);
378 journal->j_last = ntohl(jsb->s_maxlen);
383 static void e2fsck_journal_reset_super(e2fsck_t ctx, journal_superblock_t *jsb,
388 /* Leave a valid existing V1 superblock signature alone.
389 * Anything unrecognisable we overwrite with a new V2
392 if (jsb->s_header.h_magic != htonl(JFS_MAGIC_NUMBER) ||
393 jsb->s_header.h_blocktype != htonl(JFS_SUPERBLOCK_V1)) {
394 jsb->s_header.h_magic = htonl(JFS_MAGIC_NUMBER);
395 jsb->s_header.h_blocktype = htonl(JFS_SUPERBLOCK_V2);
398 /* Zero out everything else beyond the superblock header */
400 p = ((char *) jsb) + sizeof(journal_header_t);
401 memset (p, 0, ctx->fs->blocksize-sizeof(journal_header_t));
403 jsb->s_blocksize = htonl(ctx->fs->blocksize);
404 jsb->s_maxlen = htonl(journal->j_maxlen);
405 jsb->s_first = htonl(1);
406 jsb->s_sequence = htonl(1);
408 /* In theory we should also re-zero the entire journal here.
409 * Initialising s_sequence to a random value would be a
410 * reasonable compromise. */
412 ll_rw_block(WRITE, 1, &journal->j_sb_buffer);
415 static errcode_t e2fsck_journal_fix_corrupt_super(e2fsck_t ctx,
417 struct problem_context *pctx)
419 struct ext2_super_block *sb = ctx->fs->super;
420 int recover = ctx->fs->super->s_feature_incompat &
421 EXT3_FEATURE_INCOMPAT_RECOVER;
423 pctx->num = journal->j_inode->i_ino;
425 if (sb->s_feature_compat & EXT3_FEATURE_COMPAT_HAS_JOURNAL) {
426 if (fix_problem(ctx, PR_0_JOURNAL_BAD_SUPER, pctx)) {
427 e2fsck_journal_reset_super(ctx, journal->j_superblock,
429 journal->j_transaction_sequence = 1;
430 e2fsck_clear_recover(ctx, recover);
433 return EXT2_ET_CORRUPT_SUPERBLOCK;
434 } else if (e2fsck_journal_fix_bad_inode(ctx, pctx))
435 return EXT2_ET_CORRUPT_SUPERBLOCK;
440 static void e2fsck_journal_release(e2fsck_t ctx, journal_t *journal,
443 journal_superblock_t *jsb;
446 mark_buffer_clean(journal->j_sb_buffer);
447 else if (!(ctx->options & E2F_OPT_READONLY)) {
448 jsb = journal->j_superblock;
449 jsb->s_sequence = htonl(journal->j_transaction_sequence);
451 jsb->s_start = 0; /* this marks the journal as empty */
452 mark_buffer_dirty(journal->j_sb_buffer, 1);
454 brelse(journal->j_sb_buffer);
456 if (journal->j_inode)
457 ext2fs_free_mem((void **)&journal->j_inode);
458 ext2fs_free_mem((void **)&journal);
462 * This function makes sure that the superblock fields regarding the
463 * journal are consistent.
465 int e2fsck_check_ext3_journal(e2fsck_t ctx)
467 struct ext2_super_block *sb = ctx->fs->super;
469 int recover = ctx->fs->super->s_feature_incompat &
470 EXT3_FEATURE_INCOMPAT_RECOVER;
471 struct problem_context pctx;
472 int reset = 0, force_fsck = 0;
475 /* If we don't have any journal features, don't do anything more */
476 if (!(sb->s_feature_compat & EXT3_FEATURE_COMPAT_HAS_JOURNAL) &&
477 !recover && sb->s_journal_inum == 0 && sb->s_journal_dev == 0 &&
478 uuid_is_null(sb->s_journal_uuid))
481 #ifdef JFS_DEBUG /* Enabled by configure --enable-jfs-debug */
482 journal_enable_debug = 2;
484 clear_problem_context(&pctx);
485 pctx.num = sb->s_journal_inum;
487 retval = e2fsck_get_journal(ctx, &journal);
489 if (retval == EXT2_ET_BAD_INODE_NUM)
490 return e2fsck_journal_fix_bad_inode(ctx, &pctx);
494 retval = e2fsck_journal_load(journal);
496 if (retval == EXT2_ET_CORRUPT_SUPERBLOCK)
497 retval = e2fsck_journal_fix_corrupt_super(ctx, journal,
499 e2fsck_journal_release(ctx, journal, 0, 1);
504 * We want to make the flags consistent here. We will not leave with
505 * needs_recovery set but has_journal clear. We can't get in a loop
506 * with -y, -n, or -p, only if a user isn't making up their mind.
509 if (!(sb->s_feature_compat & EXT3_FEATURE_COMPAT_HAS_JOURNAL)) {
510 recover = sb->s_feature_incompat & EXT3_FEATURE_INCOMPAT_RECOVER;
512 if (fix_problem(ctx, PR_0_JOURNAL_HAS_JOURNAL, &pctx)) {
514 !fix_problem(ctx, PR_0_JOURNAL_RECOVER_SET, &pctx))
517 * Need a full fsck if we are releasing a
518 * journal stored on a reserved inode.
520 force_fsck = recover ||
521 (sb->s_journal_inum < EXT2_FIRST_INODE(sb));
522 /* Clear all of the journal fields */
523 sb->s_journal_inum = 0;
524 sb->s_journal_dev = 0;
525 memset(sb->s_journal_uuid, 0,
526 sizeof(sb->s_journal_uuid));
527 e2fsck_clear_recover(ctx, force_fsck);
528 } else if (!(ctx->options & E2F_OPT_READONLY)) {
529 sb->s_feature_compat |= EXT3_FEATURE_COMPAT_HAS_JOURNAL;
530 ext2fs_mark_super_dirty(ctx->fs);
534 if (sb->s_feature_compat & EXT3_FEATURE_COMPAT_HAS_JOURNAL &&
535 !(sb->s_feature_incompat & EXT3_FEATURE_INCOMPAT_RECOVER) &&
536 journal->j_superblock->s_start != 0) {
537 if (fix_problem(ctx, PR_0_JOURNAL_RESET_JOURNAL, &pctx)) {
539 sb->s_state &= ~EXT2_VALID_FS;
540 ext2fs_mark_super_dirty(ctx->fs);
543 * If the user answers no to the above question, we
544 * ignore the fact that journal apparently has data;
545 * accidentally replaying over valid data would be far
546 * worse than skipping a questionable recovery.
548 * XXX should we abort with a fatal error here? What
549 * will the ext3 kernel code do if a filesystem with
550 * !NEEDS_RECOVERY but with a non-zero
551 * journal->j_superblock->s_start is mounted?
555 e2fsck_journal_release(ctx, journal, reset, 0);
559 static errcode_t recover_ext3_journal(e2fsck_t ctx)
564 retval = e2fsck_get_journal(ctx, &journal);
568 retval = e2fsck_journal_load(journal);
572 retval = journal_init_revoke(journal, 1024);
576 retval = -journal_recover(journal);
578 e2fsck_journal_release(ctx, journal, 1, 0);
584 #define TEMPLATE "/tmp/ext3.XXXXXX"
587 * This function attempts to mount and unmount an ext3 filesystem,
588 * which is a cheap way to force the kernel to run the journal and
589 * handle the recovery for us.
591 static errcode_t recover_ext3_journal_via_mount(e2fsck_t ctx)
593 ext2_filsys fs = ctx->fs;
594 char *dirlist[] = {"/mnt","/lost+found","/tmp","/root","/boot",0};
595 errcode_t retval, retval2;
597 char template[] = TEMPLATE;
601 if (ctx->options & E2F_OPT_READONLY) {
602 printf("%s: won't do journal recovery while read-only\n",
604 return EXT2_ET_FILE_RO;
607 printf(_("%s: trying for ext3 kernel journal recovery\n"),
610 * First try to make a temporary directory. This may fail if
611 * the root partition is still mounted read-only.
614 tmpdir = mktemp(template);
616 jfs_debug(2, "trying %s as ext3 temp mount point\n", tmpdir);
617 if (mkdir(template, 0700)) {
618 if (errno == EROFS) {
621 } else if (errno == EEXIST && count++ < 10) {
622 strcpy(template, TEMPLATE);
630 * OK, creating a temporary directory didn't work.
631 * Let's try a list of possible temporary mountpoints.
640 rootdev = buf.st_dev;
643 * Check that dir is on the same device as root (no other
644 * filesystem is mounted there), and it's a directory.
646 for (cpp = dirlist; (dir = *cpp); cpp++)
647 if (stat(dir, &buf) == 0 && buf.st_dev == rootdev &&
648 S_ISDIR(buf.st_mode)) {
655 io_manager io_ptr = fs->io->manager;
656 int blocksize = fs->blocksize;
658 jfs_debug(2, "using %s for ext3 mount\n", tmpdir);
659 /* FIXME - need to handle loop devices here */
660 if (mount(ctx->device_name, tmpdir, "ext3", MNT_FL, NULL)) {
662 com_err(ctx->program_name, errno,
663 "when mounting %s", ctx->device_name);
669 * Now that it mounted cleanly, the filesystem will have been
670 * recovered, so we can now unmount it.
676 * Remove the temporary directory, if it was created.
685 int e2fsck_run_ext3_journal(e2fsck_t ctx)
687 io_manager io_ptr = ctx->fs->io->manager;
688 int blocksize = ctx->fs->blocksize;
689 errcode_t retval, recover_retval;
691 printf(_("%s: recovering journal\n"), ctx->device_name);
692 if (ctx->options & E2F_OPT_READONLY) {
693 printf(_("%s: won't do journal recovery while read-only\n"),
695 return EXT2_ET_FILE_RO;
698 ext2fs_flush(ctx->fs); /* Force out any modifications */
700 recover_retval = recover_ext3_journal(ctx);
703 * Reload the filesystem context to get up-to-date data from disk
704 * because journal recovery will change the filesystem under us.
706 ext2fs_close(ctx->fs);
707 retval = ext2fs_open(ctx->filesystem_name, EXT2_FLAG_RW,
708 ctx->superblock, blocksize, io_ptr,
712 com_err(ctx->program_name, retval,
713 _("while trying to re-open %s"),
717 ctx->fs->priv_data = ctx;
719 /* Set the superblock flags */
720 e2fsck_clear_recover(ctx, recover_retval);
721 return recover_retval;
git://git.whamcloud.com / tools / e2fsprogs.git / blob