2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
12 * Module: vol-salvage.c
13 * Institution: The Information Technology Center, Carnegie-Mellon University
17 Correct handling of bad "." and ".." entries.
18 Message if volume has "destroyMe" flag set--but doesn't delete yet.
19 Link count bug fixed--bug was that vnodeEssence link count was unsigned
20 14 bits. Needs to be signed.
23 Change to DirHandle stuff to make sure that cache entries are reused at the
24 right time (this parallels the file server change, but is not identical).
26 Added calls to directory salvager routines; doesn't salvage dir unless debug=1.
29 Fixed bug which was causing inode link counts to go bad (thus leaking
31 Vnodes with 0 inode pointers in RW volumes are now deleted.
32 An inode with a matching inode number to the vnode is preferred to an
33 inode with a higer data version.
34 Bug is probably fixed that was causing data version to remain wrong,
35 despite assurances from the salvager to the contrary.
38 Added limited salvaging: unless ForceSalvage is on, then the volume will
39 not be salvaged if the dontSalvage flag is set in the Volume Header.
40 The ForceSalvage flag is turned on if an individual volume is salvaged or
41 if the file FORCESALVAGE exists in the partition header of the file system
42 being salvaged. This isn't used for anything but could be set by vfsck.
43 A -f flag was also added to force salvage.
46 It now deletes obsolete volume inodes without complaining
49 Repairs rw volume headers (again).
52 Correlates volume headers & inodes correctly, thus preventing occasional deletion
53 of read-only volumes...
54 No longer forces a directory salvage for volume 144 (which may be a good volume
56 Some of the messages are cleaned up or made more explicit. One or two added.
58 A bug was fixed which forced salvage of read-only volumes without a corresponding
62 When a volume header is recreated, the new name will be "bogus.volume#"
65 Directory salvaging turned on!!!
68 Prints warning messages for setuid programs.
71 Logs missing inode numbers.
74 Increments directory version number by 200 (rather than by 1) when it is salvaged, in order to prevent problems due to the fact that a version number can be promised to a workstation before it is written to disk. If the server crashes, it may have an older version. Salvaging it could bring the version number up to the same version the workstation believed it already had a call back on.
77 Locks the file /vice/vol/salvage.lock before starting. Aborts if it can't acquire the lock.
78 Time stamps on log entries.
79 Fcntl on stdout to cause all entries to be appended.
80 Problems writing to temporary files are now all detected.
81 Inode summary files are now dynamically named (so that multiple salvagers wouldn't conflict).
82 Some cleanup of error messages.
86 #include <afsconfig.h>
87 #include <afs/param.h>
89 #include <afs/procmgmt.h>
92 #ifdef HAVE_SYS_FILE_H
93 # include <sys/file.h>
97 #include <WINNT/afsevent.h>
100 #define WCOREDUMP(x) ((x) & 0200)
103 #ifdef AFS_PTHREAD_ENV
104 # include <opr/lock.h>
107 #include <afs/afsint.h>
108 #if !defined(AFS_SGI_ENV) && !defined(AFS_NT40_ENV)
109 #if defined(AFS_VFSINCL_ENV)
110 #include <sys/vnode.h>
112 #include <sys/fs/ufs_inode.h>
114 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
115 #include <ufs/ufs/dinode.h>
116 #include <ufs/ffs/fs.h>
118 #include <ufs/inode.h>
121 #else /* AFS_VFSINCL_ENV */
123 #include <ufs/inode.h>
124 #else /* AFS_OSF_ENV */
125 #if !defined(AFS_LINUX20_ENV) && !defined(AFS_XBSD_ENV) && !defined(AFS_DARWIN_ENV)
126 #include <sys/inode.h>
129 #endif /* AFS_VFSINCL_ENV */
130 #endif /* AFS_SGI_ENV */
133 #include <sys/lockf.h>
136 #include <checklist.h>
138 #if defined(AFS_SGI_ENV)
141 #if defined(AFS_SUN_ENV) || defined(AFS_SUN5_ENV)
143 #include <sys/mnttab.h>
144 #include <sys/mntent.h>
149 #endif /* AFS_SGI_ENV */
150 #endif /* AFS_HPUX_ENV */
154 #include <afs/osi_inode.h>
158 #include <afs/afsutil.h>
159 #include <afs/fileutil.h>
160 #include <rx/rx_queue.h>
165 #include <afs/afssyscalls.h>
169 #include "partition.h"
170 #include "daemon_com.h"
171 #include "daemon_com_inline.h"
173 #include "fssync_inline.h"
174 #include "volume_inline.h"
175 #include "salvsync.h"
176 #include "viceinode.h"
178 #include "volinodes.h" /* header magic number, etc. stuff */
179 #include "vol-salvage.h"
181 #include "vol_internal.h"
183 #include <afs/prs_fs.h>
185 #ifdef FSSYNC_BUILD_CLIENT
186 #include "vg_cache.h"
194 extern void *calloc();
196 static char *TimeStamp(time_t clock, int precision);
199 int debug; /* -d flag */
200 extern int Testing; /* -n flag */
201 int ListInodeOption; /* -i flag */
202 int ShowRootFiles; /* -r flag */
203 int RebuildDirs; /* -sal flag */
204 int Parallel = 4; /* -para X flag */
205 int PartsPerDisk = 8; /* Salvage up to 8 partitions on same disk sequentially */
206 int forceR = 0; /* -b flag */
207 int ShowLog = 0; /* -showlog flag */
208 int ShowSuid = 0; /* -showsuid flag */
209 int ShowMounts = 0; /* -showmounts flag */
210 int orphans = ORPH_IGNORE; /* -orphans option */
215 int useSyslog = 0; /* -syslog flag */
216 int useSyslogFacility = LOG_DAEMON; /* -syslogfacility option */
225 #define MAXPARALLEL 32
227 int OKToZap; /* -o flag */
228 int ForceSalvage; /* If salvage should occur despite the DONT_SALVAGE flag
229 * in the volume header */
231 FILE *logFile = 0; /* one of {/usr/afs/logs,/vice/file}/SalvageLog */
233 #define ROOTINODE 2 /* Root inode of a 4.2 Unix file system
236 * information that is 'global' to a particular salvage job.
239 Device fileSysDevice; /**< The device number of the current partition
241 char fileSysPath[9]; /**< The path of the mounted partition currently
242 * being salvaged, i.e. the directory containing
243 * the volume headers */
244 char *fileSysPathName; /**< NT needs this to make name pretty log. */
245 IHandle_t *VGLinkH; /**< Link handle for current volume group. */
246 int VGLinkH_cnt; /**< # of references to lnk handle. */
247 struct DiskPartition64 *fileSysPartition; /**< Partition being salvaged */
250 char *fileSysDeviceName; /**< The block device where the file system being
251 * salvaged was mounted */
252 char *filesysfulldev;
254 int VolumeChanged; /**< Set by any routine which would change the
255 * volume in a way which would require callbacks
256 * to be broken if the volume was put back on
257 * on line by an active file server */
259 VolumeDiskData VolInfo; /**< A copy of the last good or salvaged volume
260 * header dealt with */
262 int nVolumesInInodeFile; /**< Number of read-write volumes summarized */
263 FD_t inodeFd; /**< File descriptor for inode file */
265 struct VolumeSummary *volumeSummaryp; /**< Holds all the volumes in a part */
266 int nVolumes; /**< Number of volumes (read-write and read-only)
267 * in volume summary */
268 struct InodeSummary *inodeSummary; /**< contains info on all the relevant
271 struct VnodeInfo vnodeInfo[nVNODECLASSES]; /**< contains info on all of the
272 * vnodes in the volume that
273 * we are currently looking
275 int useFSYNC; /**< 0 if the fileserver is unavailable; 1 if we should try
276 * to contact the fileserver over FSYNC */
283 /* Forward declarations */
284 static int IsVnodeOrphaned(struct SalvInfo *salvinfo, VnodeId vnode);
285 static int AskVolumeSummary(struct SalvInfo *salvinfo,
286 VolumeId singleVolumeNumber);
287 static void MaybeAskOnline(struct SalvInfo *salvinfo, VolumeId volumeId);
288 static void AskError(struct SalvInfo *salvinfo, VolumeId volumeId);
290 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
291 static int LockVolume(struct SalvInfo *salvinfo, VolumeId volumeId);
292 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
294 /* Uniquifier stored in the Inode */
299 return (u & 0x3fffff);
301 #if defined(AFS_SGI_EXMAG)
302 return (u & SGI_UNIQMASK);
305 #endif /* AFS_SGI_EXMAG */
312 if (aerror == EPERM || aerror == ENXIO || aerror == ENOENT)
314 return 0; /* otherwise may be transient, e.g. EMFILE */
319 char *save_args[MAX_ARGS];
321 extern pthread_t main_thread;
322 childJob_t myjob = { SALVAGER_MAGIC, NOT_CHILD, "" };
326 * Get the salvage lock if not already held. Hold until process exits.
328 * @param[in] locktype READ_LOCK or WRITE_LOCK
331 _ObtainSalvageLock(int locktype)
333 struct VLockFile salvageLock;
338 VLockFileInit(&salvageLock, AFSDIR_SERVER_SLVGLOCK_FILEPATH);
340 code = VLockFileLock(&salvageLock, offset, locktype, nonblock);
343 "salvager: There appears to be another salvager running! "
348 "salvager: Error %d trying to acquire salvage lock! "
354 ObtainSalvageLock(void)
356 _ObtainSalvageLock(WRITE_LOCK);
359 ObtainSharedSalvageLock(void)
361 _ObtainSalvageLock(READ_LOCK);
365 #ifdef AFS_SGI_XFS_IOPS_ENV
366 /* Check if the given partition is mounted. For XFS, the root inode is not a
367 * constant. So we check the hard way.
370 IsPartitionMounted(char *part)
373 struct mntent *mntent;
375 opr_Verify(mntfp = setmntent(MOUNTED, "r"));
376 while (mntent = getmntent(mntfp)) {
377 if (!strcmp(part, mntent->mnt_dir))
382 return mntent ? 1 : 1;
385 /* Check if the given inode is the root of the filesystem. */
386 #ifndef AFS_SGI_XFS_IOPS_ENV
388 IsRootInode(struct afs_stat_st *status)
391 * The root inode is not a fixed value in XFS partitions. So we need to
392 * see if the partition is in the list of mounted partitions. This only
393 * affects the SalvageFileSys path, so we check there.
395 return (status->st_ino == ROOTINODE);
400 #ifndef AFS_NAMEI_ENV
401 /* We don't want to salvage big files filesystems, since we can't put volumes on
405 CheckIfBigFilesFS(char *mountPoint, char *devName)
407 struct superblock fs;
410 if (strncmp(devName, "/dev/", 5)) {
411 (void)sprintf(name, "/dev/%s", devName);
413 (void)strcpy(name, devName);
416 if (ReadSuper(&fs, name) < 0) {
417 Log("Unable to read superblock. Not salvaging partition %s.\n",
421 if (IsBigFilesFileSystem(&fs)) {
422 Log("Partition %s is a big files filesystem, not salvaging.\n",
432 #define HDSTR "\\Device\\Harddisk"
433 #define HDLEN (sizeof(HDSTR)-1) /* Length of "\Device\Harddisk" */
435 SameDisk(struct DiskPartition64 *p1, struct DiskPartition64 *p2)
441 static int dowarn = 1;
443 if (!QueryDosDevice(p1->devName, res1, RES_LEN - 1))
445 if (strncmp(res1, HDSTR, HDLEN)) {
448 Log("WARNING: QueryDosDevice is returning %s, not %s for %s\n",
449 res1, HDSTR, p1->devName);
452 if (!QueryDosDevice(p2->devName, res2, RES_LEN - 1))
454 if (strncmp(res2, HDSTR, HDLEN)) {
457 Log("WARNING: QueryDosDevice is returning %s, not %s for %s\n",
458 res2, HDSTR, p2->devName);
462 return (0 == _strnicmp(res1, res2, RES_LEN - 1));
465 #define SameDisk(P1, P2) ((P1)->device/PartsPerDisk == (P2)->device/PartsPerDisk)
468 /* This assumes that two partitions with the same device number divided by
469 * PartsPerDisk are on the same disk.
472 SalvageFileSysParallel(struct DiskPartition64 *partP)
475 struct DiskPartition64 *partP;
476 int pid; /* Pid for this job */
477 int jobnumb; /* Log file job number */
478 struct job *nextjob; /* Next partition on disk to salvage */
480 static struct job *jobs[MAXPARALLEL] = { 0 }; /* Need to zero this */
481 struct job *thisjob = 0;
482 static int numjobs = 0;
483 static int jobcount = 0;
489 char logFileName[256];
493 /* We have a partition to salvage. Copy it into thisjob */
494 thisjob = calloc(1, sizeof(struct job));
496 Log("Can't salvage '%s'. Not enough memory\n", partP->name);
499 thisjob->partP = partP;
500 thisjob->jobnumb = jobcount;
502 } else if (jobcount == 0) {
503 /* We are asking to wait for all jobs (partp == 0), yet we never
506 Log("No file system partitions named %s* found; not salvaged\n",
507 VICE_PARTITION_PREFIX);
511 if (debug || Parallel == 1) {
513 SalvageFileSys(thisjob->partP, 0);
520 /* Check to see if thisjob is for a disk that we are already
521 * salvaging. If it is, link it in as the next job to do. The
522 * jobs array has 1 entry per disk being salvages. numjobs is
523 * the total number of disks currently being salvaged. In
524 * order to keep thejobs array compact, when a disk is
525 * completed, the hightest element in the jobs array is moved
526 * down to now open slot.
528 for (j = 0; j < numjobs; j++) {
529 if (SameDisk(jobs[j]->partP, thisjob->partP)) {
530 /* On same disk, add it to this list and return */
531 thisjob->nextjob = jobs[j]->nextjob;
532 jobs[j]->nextjob = thisjob;
539 /* Loop until we start thisjob or until all existing jobs are finished */
540 while (thisjob || (!partP && (numjobs > 0))) {
541 startjob = -1; /* No new job to start */
543 if ((numjobs >= Parallel) || (!partP && (numjobs > 0))) {
544 /* Either the max jobs are running or we have to wait for all
545 * the jobs to finish. In either case, we wait for at least one
546 * job to finish. When it's done, clean up after it.
548 pid = wait(&wstatus);
549 opr_Assert(pid != -1);
550 for (j = 0; j < numjobs; j++) { /* Find which job it is */
551 if (pid == jobs[j]->pid)
554 opr_Assert(j < numjobs);
555 if (WCOREDUMP(wstatus)) { /* Say if the job core dumped */
556 Log("Salvage of %s core dumped!\n", jobs[j]->partP->name);
559 numjobs--; /* job no longer running */
560 oldjob = jobs[j]; /* remember */
561 jobs[j] = jobs[j]->nextjob; /* Step to next part on same disk */
562 free(oldjob); /* free the old job */
564 /* If there is another partition on the disk to salvage, then
565 * say we will start it (startjob). If not, then put thisjob there
566 * and say we will start it.
568 if (jobs[j]) { /* Another partitions to salvage */
569 startjob = j; /* Will start it */
570 } else { /* There is not another partition to salvage */
572 jobs[j] = thisjob; /* Add thisjob */
574 startjob = j; /* Will start it */
576 jobs[j] = jobs[numjobs]; /* Move last job up to this slot */
577 startjob = -1; /* Don't start it - already running */
581 /* We don't have to wait for a job to complete */
583 jobs[numjobs] = thisjob; /* Add this job */
585 startjob = numjobs; /* Will start it */
589 /* Start up a new salvage job on a partition in job slot "startjob" */
590 if (startjob != -1) {
592 Log("Starting salvage of file system partition %s\n",
593 jobs[startjob]->partP->name);
595 /* For NT, we not only fork, but re-exec the salvager. Pass in the
596 * commands and pass the child job number via the data path.
599 nt_SalvagePartition(jobs[startjob]->partP->name,
600 jobs[startjob]->jobnumb);
601 jobs[startjob]->pid = pid;
606 jobs[startjob]->pid = pid;
612 for (fd = 0; fd < 16; fd++)
619 openlog("salvager", LOG_PID, useSyslogFacility);
623 snprintf(logFileName, sizeof logFileName, "%s.%d",
624 AFSDIR_SERVER_SLVGLOG_FILEPATH,
625 jobs[startjob]->jobnumb);
626 logFile = afs_fopen(logFileName, "w");
631 SalvageFileSys1(jobs[startjob]->partP, 0);
636 } /* while ( thisjob || (!partP && numjobs > 0) ) */
638 /* If waited for all jobs to complete, now collect log files and return */
640 if (!useSyslog) /* if syslogging - no need to collect */
643 for (i = 0; i < jobcount; i++) {
644 snprintf(logFileName, sizeof logFileName, "%s.%d",
645 AFSDIR_SERVER_SLVGLOG_FILEPATH, i);
646 if ((passLog = afs_fopen(logFileName, "r"))) {
647 while (fgets(buf, sizeof(buf), passLog)) {
652 (void)unlink(logFileName);
661 SalvageFileSys(struct DiskPartition64 *partP, VolumeId singleVolumeNumber)
663 if (!canfork || debug || Fork() == 0) {
664 SalvageFileSys1(partP, singleVolumeNumber);
665 if (canfork && !debug) {
670 Wait("SalvageFileSys");
674 get_DevName(char *pbuffer, char *wpath)
676 char pbuf[128], *ptr;
677 strcpy(pbuf, pbuffer);
678 ptr = (char *)strrchr(pbuf, OS_DIRSEPC);
684 ptr = (char *)strrchr(pbuffer, OS_DIRSEPC);
686 strcpy(pbuffer, ptr + 1);
693 SalvageFileSys1(struct DiskPartition64 *partP, VolumeId singleVolumeNumber)
696 char inodeListPath[256];
697 FD_t inodeFile = INVALID_FD;
698 static char tmpDevName[100];
699 static char wpath[100];
700 struct VolumeSummary *vsp, *esp;
704 struct SalvInfo l_salvinfo;
705 struct SalvInfo *salvinfo = &l_salvinfo;
708 memset(salvinfo, 0, sizeof(*salvinfo));
711 if (inodeFile != INVALID_FD) {
713 inodeFile = INVALID_FD;
715 if (tries > VOL_MAX_CHECKOUT_RETRIES) {
716 Abort("Raced too many times with fileserver restarts while trying to "
717 "checkout/lock volumes; Aborted\n");
719 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
721 /* unlock all previous volume locks, since we're about to lock them
723 VLockFileReinit(&partP->volLockFile);
725 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
727 salvinfo->fileSysPartition = partP;
728 salvinfo->fileSysDevice = salvinfo->fileSysPartition->device;
729 salvinfo->fileSysPathName = VPartitionPath(salvinfo->fileSysPartition);
732 /* Opendir can fail on "C:" but not on "C:\" if C is empty! */
733 (void)sprintf(salvinfo->fileSysPath, "%s" OS_DIRSEP, salvinfo->fileSysPathName);
734 name = partP->devName;
736 strlcpy(salvinfo->fileSysPath, salvinfo->fileSysPathName, sizeof(salvinfo->fileSysPath));
737 strcpy(tmpDevName, partP->devName);
738 name = get_DevName(tmpDevName, wpath);
739 salvinfo->fileSysDeviceName = name;
740 salvinfo->filesysfulldev = wpath;
743 if (singleVolumeNumber) {
744 #if !(defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL))
745 /* only non-DAFS locks the partition when salvaging a single volume;
746 * DAFS will lock the individual volumes in the VG */
747 VLockPartition(partP->name);
748 #endif /* !(AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL) */
752 /* salvageserver already setup fssync conn for us */
753 if ((programType != salvageServer) && !VConnectFS()) {
754 Abort("Couldn't connect to file server\n");
757 salvinfo->useFSYNC = 1;
758 AskOffline(salvinfo, singleVolumeNumber);
759 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
760 if (LockVolume(salvinfo, singleVolumeNumber)) {
763 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
766 salvinfo->useFSYNC = 0;
767 VLockPartition(partP->name);
771 ForceSalvage = UseTheForceLuke(salvinfo->fileSysPath);
774 Log("SALVAGING FILE SYSTEM PARTITION %s (device=%s%s)\n",
775 partP->name, name, (Testing ? "(READONLY mode)" : ""));
777 Log("***Forced salvage of all volumes on this partition***\n");
782 * Remove any leftover /vicepa/salvage.inodes.* or /vicepa/salvage.temp.*
789 opr_Verify((dirp = opendir(salvinfo->fileSysPath)) != NULL);
790 while ((dp = readdir(dirp))) {
791 if (!strncmp(dp->d_name, "salvage.inodes.", 15)
792 || !strncmp(dp->d_name, "salvage.temp.", 13)) {
794 Log("Removing old salvager temp files %s\n", dp->d_name);
795 strcpy(npath, salvinfo->fileSysPath);
796 strcat(npath, OS_DIRSEP);
797 strcat(npath, dp->d_name);
803 tdir = (tmpdir ? tmpdir : salvinfo->fileSysPath);
805 (void)_putenv("TMP="); /* If "TMP" is set, then that overrides tdir. */
806 (void)strncpy(inodeListPath, _tempnam(tdir, "salvage.inodes."), 255);
808 snprintf(inodeListPath, 255, "%s" OS_DIRSEP "salvage.inodes.%s.%d", tdir, name,
812 inodeFile = OS_OPEN(inodeListPath, O_RDWR|O_TRUNC|O_CREAT, 0666);
813 if (inodeFile == INVALID_FD) {
814 Abort("Error %d when creating inode description file %s; not salvaged\n", errno, inodeListPath);
817 /* Using nt_unlink here since we're really using the delete on close
818 * semantics of unlink. In most places in the salvager, we really do
819 * mean to unlink the file at that point. Those places have been
820 * modified to actually do that so that the NT crt can be used there.
822 * jaltman - On NT delete on close cannot be applied to a file while the
823 * process has an open file handle that does not have DELETE file
824 * access and FILE_SHARE_DELETE. fopen() calls CreateFile() without
825 * delete privileges. As a result the nt_unlink() call will always
828 code = nt_unlink(inodeListPath);
830 code = unlink(inodeListPath);
833 Log("Error %d when trying to unlink %s\n", errno, inodeListPath);
836 if (GetInodeSummary(salvinfo, inodeFile, singleVolumeNumber) < 0) {
840 salvinfo->inodeFd = inodeFile;
841 if (salvinfo->inodeFd == INVALID_FD)
842 Abort("Temporary file %s is missing...\n", inodeListPath);
843 OS_SEEK(salvinfo->inodeFd, 0L, SEEK_SET);
844 if (ListInodeOption) {
845 PrintInodeList(salvinfo);
846 if (singleVolumeNumber) {
847 /* We've checked out the volume from the fileserver, and we need
848 * to give it back. We don't know if the volume exists or not,
849 * so we don't know whether to AskOnline or not. Try to determine
850 * if the volume exists by trying to read the volume header, and
851 * AskOnline if it is readable. */
852 MaybeAskOnline(salvinfo, singleVolumeNumber);
856 /* enumerate volumes in the partition.
857 * figure out sets of read-only + rw volumes.
858 * salvage each set, read-only volumes first, then read-write.
859 * Fix up inodes on last volume in set (whether it is read-write
862 if (GetVolumeSummary(salvinfo, singleVolumeNumber)) {
866 if (singleVolumeNumber) {
867 /* If we delete a volume during the salvage, we indicate as such by
868 * setting the volsummary->deleted field. We need to know if we
869 * deleted a volume or not in order to know which volumes to bring
870 * back online after the salvage. If we fork, we will lose this
871 * information, since volsummary->deleted will not get set in the
872 * parent. So, don't fork. */
876 for (i = j = 0, vsp = salvinfo->volumeSummaryp, esp = vsp + salvinfo->nVolumes;
877 i < salvinfo->nVolumesInInodeFile; i = j) {
878 VolumeId rwvid = salvinfo->inodeSummary[i].RWvolumeId;
880 j < salvinfo->nVolumesInInodeFile && salvinfo->inodeSummary[j].RWvolumeId == rwvid;
882 VolumeId vid = salvinfo->inodeSummary[j].volumeId;
883 struct VolumeSummary *tsp;
884 /* Scan volume list (from partition root directory) looking for the
885 * current rw volume number in the volume list from the inode scan.
886 * If there is one here that is not in the inode volume list,
888 for (; vsp < esp && (vsp->header.parent < rwvid); vsp++) {
890 DeleteExtraVolumeHeaderFile(salvinfo, vsp);
892 /* Now match up the volume summary info from the root directory with the
893 * entry in the volume list obtained from scanning inodes */
894 salvinfo->inodeSummary[j].volSummary = NULL;
895 for (tsp = vsp; tsp < esp && (tsp->header.parent == rwvid); tsp++) {
896 if (tsp->header.id == vid) {
897 salvinfo->inodeSummary[j].volSummary = tsp;
903 /* Salvage the group of volumes (several read-only + 1 read/write)
904 * starting with the current read-only volume we're looking at.
907 nt_SalvageVolumeGroup(salvinfo, &salvinfo->inodeSummary[i], j - i);
909 DoSalvageVolumeGroup(salvinfo, &salvinfo->inodeSummary[i], j - i);
910 #endif /* AFS_NT40_ENV */
914 /* Delete any additional volumes that were listed in the partition but which didn't have any corresponding inodes */
915 for (; vsp < esp; vsp++) {
917 DeleteExtraVolumeHeaderFile(salvinfo, vsp);
920 if (!singleVolumeNumber) /* Remove the FORCESALVAGE file */
921 RemoveTheForce(salvinfo->fileSysPath);
923 if (!Testing && singleVolumeNumber) {
925 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
926 /* unlock vol headers so the fs can attach them when we AskOnline */
927 VLockFileReinit(&salvinfo->fileSysPartition->volLockFile);
928 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
930 /* Step through the volumeSummary list and set all volumes on-line.
931 * Most volumes were taken off-line in GetVolumeSummary.
932 * If a volume was deleted, don't tell the fileserver anything, since
933 * we already told the fileserver the volume was deleted back when we
934 * we destroyed the volume header.
935 * Also, make sure we bring the singleVolumeNumber back online first.
938 for (j = 0; j < salvinfo->nVolumes; j++) {
939 if (salvinfo->volumeSummaryp[j].header.id == singleVolumeNumber) {
941 if (!salvinfo->volumeSummaryp[j].deleted) {
942 AskOnline(salvinfo, singleVolumeNumber);
948 /* If singleVolumeNumber is not in our volumeSummary, it means that
949 * at least one other volume in the VG is on the partition, but the
950 * RW volume is not. We've already AskOffline'd it by now, though,
951 * so make sure we don't still have the volume checked out. */
952 AskDelete(salvinfo, singleVolumeNumber);
955 for (j = 0; j < salvinfo->nVolumes; j++) {
956 if (salvinfo->volumeSummaryp[j].header.id != singleVolumeNumber) {
957 if (!salvinfo->volumeSummaryp[j].deleted) {
958 AskOnline(salvinfo, salvinfo->volumeSummaryp[j].header.id);
964 Log("SALVAGING OF PARTITION %s%s COMPLETED\n",
965 salvinfo->fileSysPartition->name, (Testing ? " (READONLY mode)" : ""));
968 OS_CLOSE(inodeFile); /* SalvageVolumeGroup was the last which needed it. */
972 DeleteExtraVolumeHeaderFile(struct SalvInfo *salvinfo, struct VolumeSummary *vsp)
975 char filename[VMAXPATHLEN];
981 VolumeExternalName_r(vsp->header.id, filename, sizeof(filename));
982 sprintf(path, "%s" OS_DIRSEP "%s", salvinfo->fileSysPath, filename);
985 Log("The volume header file %s is not associated with any actual data (%sdeleted)\n", path, (Testing ? "would have been " : ""));
988 code = VDestroyVolumeDiskHeader(salvinfo->fileSysPartition, vsp->header.id, vsp->header.parent);
990 Log("Error %ld destroying volume disk header for volume %lu\n",
991 afs_printable_int32_ld(code),
992 afs_printable_uint32_lu(vsp->header.id));
995 /* make sure we actually delete the header file; ENOENT
996 * is fine, since VDestroyVolumeDiskHeader probably already
998 if (unlink(path) && errno != ENOENT) {
999 Log("Unable to unlink %s (errno = %d)\n", path, errno);
1001 if (salvinfo->useFSYNC) {
1002 AskDelete(salvinfo, vsp->header.id);
1009 CompareInodes(const void *_p1, const void *_p2)
1011 const struct ViceInodeInfo *p1 = _p1;
1012 const struct ViceInodeInfo *p2 = _p2;
1013 if (p1->u.vnode.vnodeNumber == INODESPECIAL
1014 || p2->u.vnode.vnodeNumber == INODESPECIAL) {
1015 VolumeId p1rwid, p2rwid;
1017 (p1->u.vnode.vnodeNumber ==
1018 INODESPECIAL ? p1->u.special.parentId : p1->u.vnode.volumeId);
1020 (p2->u.vnode.vnodeNumber ==
1021 INODESPECIAL ? p2->u.special.parentId : p2->u.vnode.volumeId);
1022 if (p1rwid < p2rwid)
1024 if (p1rwid > p2rwid)
1026 if (p1->u.vnode.vnodeNumber == INODESPECIAL
1027 && p2->u.vnode.vnodeNumber == INODESPECIAL) {
1028 if (p1->u.vnode.volumeId == p2->u.vnode.volumeId)
1029 return (p1->u.special.type < p2->u.special.type ? -1 : 1);
1030 if (p1->u.vnode.volumeId == p1rwid)
1032 if (p2->u.vnode.volumeId == p2rwid)
1034 return (p1->u.vnode.volumeId < p2->u.vnode.volumeId ? -1 : 1);
1036 if (p1->u.vnode.vnodeNumber != INODESPECIAL)
1037 return (p2->u.vnode.volumeId == p2rwid ? 1 : -1);
1038 return (p1->u.vnode.volumeId == p1rwid ? -1 : 1);
1040 if (p1->u.vnode.volumeId < p2->u.vnode.volumeId)
1042 if (p1->u.vnode.volumeId > p2->u.vnode.volumeId)
1044 if (p1->u.vnode.vnodeNumber < p2->u.vnode.vnodeNumber)
1046 if (p1->u.vnode.vnodeNumber > p2->u.vnode.vnodeNumber)
1048 /* The following tests are reversed, so that the most desirable
1049 * of several similar inodes comes first */
1050 if (p1->u.vnode.vnodeUniquifier > p2->u.vnode.vnodeUniquifier) {
1051 #ifdef AFS_3DISPARES
1052 if (p1->u.vnode.vnodeUniquifier > 3775414 /* 90% of 4.2M */ &&
1053 p2->u.vnode.vnodeUniquifier < 419490 /* 10% of 4.2M */ )
1056 #ifdef AFS_SGI_EXMAG
1057 if (p1->u.vnode.vnodeUniquifier > 15099494 /* 90% of 16M */ &&
1058 p2->u.vnode.vnodeUniquifier < 1677721 /* 10% of 16M */ )
1063 if (p1->u.vnode.vnodeUniquifier < p2->u.vnode.vnodeUniquifier) {
1064 #ifdef AFS_3DISPARES
1065 if (p2->u.vnode.vnodeUniquifier > 3775414 /* 90% of 4.2M */ &&
1066 p1->u.vnode.vnodeUniquifier < 419490 /* 10% of 4.2M */ )
1069 #ifdef AFS_SGI_EXMAG
1070 if (p2->u.vnode.vnodeUniquifier > 15099494 /* 90% of 16M */ &&
1071 p1->u.vnode.vnodeUniquifier < 1677721 /* 10% of 16M */ )
1076 if (p1->u.vnode.inodeDataVersion > p2->u.vnode.inodeDataVersion) {
1077 #ifdef AFS_3DISPARES
1078 if (p1->u.vnode.inodeDataVersion > 1887437 /* 90% of 2.1M */ &&
1079 p2->u.vnode.inodeDataVersion < 209716 /* 10% of 2.1M */ )
1082 #ifdef AFS_SGI_EXMAG
1083 if (p1->u.vnode.inodeDataVersion > 15099494 /* 90% of 16M */ &&
1084 p2->u.vnode.inodeDataVersion < 1677721 /* 10% of 16M */ )
1089 if (p1->u.vnode.inodeDataVersion < p2->u.vnode.inodeDataVersion) {
1090 #ifdef AFS_3DISPARES
1091 if (p2->u.vnode.inodeDataVersion > 1887437 /* 90% of 2.1M */ &&
1092 p1->u.vnode.inodeDataVersion < 209716 /* 10% of 2.1M */ )
1095 #ifdef AFS_SGI_EXMAG
1096 if (p2->u.vnode.inodeDataVersion > 15099494 /* 90% of 16M */ &&
1097 p1->u.vnode.inodeDataVersion < 1677721 /* 10% of 16M */ )
1106 CountVolumeInodes(struct ViceInodeInfo *ip, int maxInodes,
1107 struct InodeSummary *summary)
1109 VolumeId volume = ip->u.vnode.volumeId;
1110 VolumeId rwvolume = volume;
1115 while (maxInodes-- && volume == ip->u.vnode.volumeId) {
1117 if (ip->u.vnode.vnodeNumber == INODESPECIAL) {
1119 rwvolume = ip->u.special.parentId;
1120 /* This isn't quite right, as there could (in error) be different
1121 * parent inodes in different special vnodes */
1123 if (maxunique < ip->u.vnode.vnodeUniquifier)
1124 maxunique = ip->u.vnode.vnodeUniquifier;
1128 summary->volumeId = volume;
1129 summary->RWvolumeId = rwvolume;
1130 summary->nInodes = n;
1131 summary->nSpecialInodes = nSpecial;
1132 summary->maxUniquifier = maxunique;
1136 OnlyOneVolume(struct ViceInodeInfo *inodeinfo, afs_uint32 singleVolumeNumber, void *rock)
1138 if (inodeinfo->u.vnode.vnodeNumber == INODESPECIAL)
1139 return (inodeinfo->u.special.parentId == singleVolumeNumber);
1140 return (inodeinfo->u.vnode.volumeId == singleVolumeNumber);
1145 * Collect list of inodes in file named by path. If a truly fatal error,
1146 * unlink the file and abort. For lessor errors, return -1. The file will
1147 * be unlinked by the caller.
1150 GetInodeSummary(struct SalvInfo *salvinfo, FD_t inodeFile, VolumeId singleVolumeNumber)
1154 struct ViceInodeInfo *ip, *ip_save;
1155 struct InodeSummary summary;
1156 char summaryFileName[50];
1157 FD_t summaryFile = INVALID_FD;
1159 char *dev = salvinfo->fileSysPath;
1160 char *wpath = salvinfo->fileSysPath;
1162 char *dev = salvinfo->fileSysDeviceName;
1163 char *wpath = salvinfo->filesysfulldev;
1165 char *part = salvinfo->fileSysPath;
1170 afs_sfsize_t st_size;
1172 /* This file used to come from vfsck; cobble it up ourselves now... */
1174 ListViceInodes(dev, salvinfo->fileSysPath, inodeFile,
1175 singleVolumeNumber ? OnlyOneVolume : 0,
1176 singleVolumeNumber, &forceSal, forceR, wpath, NULL)) < 0) {
1178 Log("*** I/O error %d when writing a tmp inode file; Not salvaged %s ***\nIncrease space on partition or use '-tmpdir'\n", errno, dev);
1182 Abort("Unable to get inodes for \"%s\"; not salvaged\n", dev);
1184 if (forceSal && !ForceSalvage) {
1185 Log("***Forced salvage of all volumes on this partition***\n");
1188 OS_SEEK(inodeFile, 0L, SEEK_SET);
1189 salvinfo->inodeFd = inodeFile;
1190 if (salvinfo->inodeFd == INVALID_FD ||
1191 (st_size = OS_SIZE(salvinfo->inodeFd)) == -1) {
1192 Abort("No inode description file for \"%s\"; not salvaged\n", dev);
1194 tdir = (tmpdir ? tmpdir : part);
1196 (void)_putenv("TMP="); /* If "TMP" is set, then that overrides tdir. */
1197 (void)strcpy(summaryFileName, _tempnam(tdir, "salvage.temp."));
1199 snprintf(summaryFileName, sizeof summaryFileName,
1200 "%s" OS_DIRSEP "salvage.temp.%d", tdir, getpid());
1202 summaryFile = OS_OPEN(summaryFileName, O_RDWR|O_APPEND|O_CREAT, 0666);
1203 if (summaryFile == INVALID_FD) {
1204 Abort("Unable to create inode summary file\n");
1208 /* Using nt_unlink here since we're really using the delete on close
1209 * semantics of unlink. In most places in the salvager, we really do
1210 * mean to unlink the file at that point. Those places have been
1211 * modified to actually do that so that the NT crt can be used there.
1213 * jaltman - As commented elsewhere, this cannot work because fopen()
1214 * does not open files with DELETE and FILE_SHARE_DELETE.
1216 code = nt_unlink(summaryFileName);
1218 code = unlink(summaryFileName);
1221 Log("Error %d when trying to unlink %s\n", errno, summaryFileName);
1224 if (!canfork || debug || Fork() == 0) {
1225 int nInodes = st_size / sizeof(struct ViceInodeInfo);
1227 OS_CLOSE(summaryFile);
1228 if (!singleVolumeNumber) /* Remove the FORCESALVAGE file */
1229 RemoveTheForce(salvinfo->fileSysPath);
1231 struct VolumeSummary *vsp;
1235 GetVolumeSummary(salvinfo, singleVolumeNumber);
1237 for (i = 0, vsp = salvinfo->volumeSummaryp; i < salvinfo->nVolumes; i++) {
1239 if (vsp->header.id == singleVolumeNumber) {
1242 DeleteExtraVolumeHeaderFile(salvinfo, vsp);
1248 MaybeAskOnline(salvinfo, singleVolumeNumber);
1250 /* make sure we get rid of stray .vol headers, even if
1251 * they're not in our volume summary (might happen if
1252 * e.g. something else created them and they're not in the
1253 * fileserver VGC) */
1254 VDestroyVolumeDiskHeader(salvinfo->fileSysPartition,
1255 singleVolumeNumber, 0 /*parent*/);
1256 AskDelete(salvinfo, singleVolumeNumber);
1260 Log("%s vice inodes on %s; not salvaged\n",
1261 singleVolumeNumber ? "No applicable" : "No", dev);
1266 ip = malloc(nInodes*sizeof(struct ViceInodeInfo));
1268 OS_CLOSE(summaryFile);
1270 ("Unable to allocate enough space to read inode table; %s not salvaged\n",
1273 if (OS_READ(salvinfo->inodeFd, ip, st_size) != st_size) {
1274 OS_CLOSE(summaryFile);
1275 Abort("Unable to read inode table; %s not salvaged\n", dev);
1277 qsort(ip, nInodes, sizeof(struct ViceInodeInfo), CompareInodes);
1278 if (OS_SEEK(salvinfo->inodeFd, 0, SEEK_SET) == -1
1279 || OS_WRITE(salvinfo->inodeFd, ip, st_size) != st_size) {
1280 OS_CLOSE(summaryFile);
1281 Abort("Unable to rewrite inode table; %s not salvaged\n", dev);
1286 CountVolumeInodes(ip, nInodes, &summary);
1287 if (OS_WRITE(summaryFile, &summary, sizeof(summary)) != sizeof(summary)) {
1288 Log("Difficulty writing summary file (errno = %d); %s not salvaged\n", errno, dev);
1289 OS_CLOSE(summaryFile);
1293 summary.index += (summary.nInodes);
1294 nInodes -= summary.nInodes;
1295 ip += summary.nInodes;
1298 ip = ip_save = NULL;
1299 /* Following fflush is not fclose, because if it was debug mode would not work */
1300 if (OS_SYNC(summaryFile) == -1) {
1301 Log("Unable to write summary file (errno = %d); %s not salvaged\n", errno, dev);
1302 OS_CLOSE(summaryFile);
1306 if (canfork && !debug) {
1311 if (Wait("Inode summary") == -1) {
1312 OS_CLOSE(summaryFile);
1313 Exit(1); /* salvage of this partition aborted */
1317 st_size = OS_SIZE(summaryFile);
1318 opr_Assert(st_size >= 0);
1321 salvinfo->inodeSummary = malloc(st_size);
1322 opr_Assert(salvinfo->inodeSummary != NULL);
1323 /* For GNU we need to do lseek to get the file pointer moved. */
1324 opr_Assert(OS_SEEK(summaryFile, 0, SEEK_SET) == 0);
1325 ret = OS_READ(summaryFile, salvinfo->inodeSummary, st_size);
1326 opr_Assert(ret == st_size);
1328 salvinfo->nVolumesInInodeFile = st_size / sizeof(struct InodeSummary);
1329 for (i = 0; i < salvinfo->nVolumesInInodeFile; i++) {
1330 salvinfo->inodeSummary[i].volSummary = NULL;
1332 Log("%d nVolumesInInodeFile %lu \n",salvinfo->nVolumesInInodeFile,(unsigned long)st_size);
1333 OS_CLOSE(summaryFile);
1336 if (retcode && singleVolumeNumber && !deleted) {
1337 AskError(salvinfo, singleVolumeNumber);
1343 /* Comparison routine for volume sort.
1344 This is setup so that a read-write volume comes immediately before
1345 any read-only clones of that volume */
1347 CompareVolumes(const void *_p1, const void *_p2)
1349 const struct VolumeSummary *p1 = _p1;
1350 const struct VolumeSummary *p2 = _p2;
1351 if (p1->header.parent != p2->header.parent)
1352 return p1->header.parent < p2->header.parent ? -1 : 1;
1353 if (p1->header.id == p1->header.parent) /* p1 is rw volume */
1355 if (p2->header.id == p2->header.parent) /* p2 is rw volume */
1357 return p1->header.id < p2->header.id ? -1 : 1; /* Both read-only */
1361 * Gleans volumeSummary information by asking the fileserver
1363 * @param[in] singleVolumeNumber the volume we're salvaging. 0 if we're
1364 * salvaging a whole partition
1366 * @return whether we obtained the volume summary information or not
1367 * @retval 0 success; we obtained the volume summary information
1368 * @retval -1 we raced with a fileserver restart; volume locks and checkout
1370 * @retval 1 we did not get the volume summary information; either the
1371 * fileserver responded with an error, or we are not supposed to
1372 * ask the fileserver for the information (e.g. we are salvaging
1373 * the entire partition or we are not the salvageserver)
1375 * @note for non-DAFS, always returns 1
1378 AskVolumeSummary(struct SalvInfo *salvinfo, VolumeId singleVolumeNumber)
1381 #if defined(FSSYNC_BUILD_CLIENT) && defined(AFS_DEMAND_ATTACH_FS)
1382 if (programType == salvageServer) {
1383 if (singleVolumeNumber) {
1384 FSSYNC_VGQry_response_t q_res;
1386 struct VolumeSummary *vsp;
1388 struct VolumeDiskHeader diskHdr;
1390 memset(&res, 0, sizeof(res));
1392 code = FSYNC_VGCQuery(salvinfo->fileSysPartition->name, singleVolumeNumber, &q_res, &res);
1395 * We must wait for the partition to finish scanning before
1396 * can continue, since we will not know if we got the entire
1397 * VG membership unless the partition is fully scanned.
1398 * We could, in theory, just scan the partition ourselves if
1399 * the VG cache is not ready, but we would be doing the exact
1400 * same scan the fileserver is doing; it will almost always
1401 * be faster to wait for the fileserver. The only exceptions
1402 * are if the partition does not take very long to scan, and
1403 * in that case it's fast either way, so who cares?
1405 if (code == SYNC_FAILED && res.hdr.reason == FSYNC_PART_SCANNING) {
1406 Log("waiting for fileserver to finish scanning partition %s...\n",
1407 salvinfo->fileSysPartition->name);
1409 for (i = 1; code == SYNC_FAILED && res.hdr.reason == FSYNC_PART_SCANNING; i++) {
1410 /* linearly ramp up from 1 to 10 seconds; nothing fancy,
1411 * just so small partitions don't need to wait over 10
1412 * seconds every time, and large partitions are generally
1413 * polled only once every ten seconds. */
1414 sleep((i > 10) ? (i = 10) : i);
1416 code = FSYNC_VGCQuery(salvinfo->fileSysPartition->name, singleVolumeNumber, &q_res, &res);
1420 if (code == SYNC_FAILED && res.hdr.reason == FSYNC_UNKNOWN_VOLID) {
1421 /* This can happen if there's no header for the volume
1422 * we're salvaging, or no headers exist for the VG (if
1423 * we're salvaging an RW). Act as if we got a response
1424 * with no VG members. The headers may be created during
1425 * salvaging, if there are inodes in this VG. */
1427 memset(&q_res, 0, sizeof(q_res));
1428 q_res.rw = singleVolumeNumber;
1432 Log("fileserver refused VGCQuery request for volume %lu on "
1433 "partition %s, code %ld reason %ld\n",
1434 afs_printable_uint32_lu(singleVolumeNumber),
1435 salvinfo->fileSysPartition->name,
1436 afs_printable_int32_ld(code),
1437 afs_printable_int32_ld(res.hdr.reason));
1441 if (q_res.rw != singleVolumeNumber) {
1442 Log("fileserver requested salvage of clone %lu; scheduling salvage of volume group %lu...\n",
1443 afs_printable_uint32_lu(singleVolumeNumber),
1444 afs_printable_uint32_lu(q_res.rw));
1445 #ifdef SALVSYNC_BUILD_CLIENT
1446 if (SALVSYNC_LinkVolume(q_res.rw,
1448 salvinfo->fileSysPartition->name,
1450 Log("schedule request failed\n");
1452 #endif /* SALVSYNC_BUILD_CLIENT */
1453 Exit(SALSRV_EXIT_VOLGROUP_LINK);
1456 salvinfo->volumeSummaryp = calloc(VOL_VG_MAX_VOLS, sizeof(struct VolumeSummary));
1457 opr_Assert(salvinfo->volumeSummaryp != NULL);
1459 salvinfo->nVolumes = 0;
1460 vsp = salvinfo->volumeSummaryp;
1462 for (i = 0; i < VOL_VG_MAX_VOLS; i++) {
1463 char name[VMAXPATHLEN];
1465 if (!q_res.children[i]) {
1469 /* AskOffline for singleVolumeNumber was called much earlier */
1470 if (q_res.children[i] != singleVolumeNumber) {
1471 AskOffline(salvinfo, q_res.children[i]);
1472 if (LockVolume(salvinfo, q_res.children[i])) {
1478 code = VReadVolumeDiskHeader(q_res.children[i], salvinfo->fileSysPartition, &diskHdr);
1480 Log("Cannot read header for %lu; trying to salvage group anyway\n",
1481 afs_printable_uint32_lu(q_res.children[i]));
1486 DiskToVolumeHeader(&vsp->header, &diskHdr);
1487 VolumeExternalName_r(q_res.children[i], name, sizeof(name));
1489 salvinfo->nVolumes++;
1493 qsort(salvinfo->volumeSummaryp, salvinfo->nVolumes, sizeof(struct VolumeSummary),
1498 Log("Cannot get volume summary from fileserver; falling back to scanning "
1499 "entire partition\n");
1502 #endif /* FSSYNC_BUILD_CLIENT && AFS_DEMAND_ATTACH_FS */
1507 * count how many volume headers are found by VWalkVolumeHeaders.
1509 * @param[in] dp the disk partition (unused)
1510 * @param[in] name full path to the .vol header (unused)
1511 * @param[in] hdr the header data (unused)
1512 * @param[in] last whether this is the last try or not (unused)
1513 * @param[in] rock actually an afs_int32*; the running count of how many
1514 * volumes we have found
1519 CountHeader(struct DiskPartition64 *dp, const char *name,
1520 struct VolumeDiskHeader *hdr, int last, void *rock)
1522 afs_int32 *nvols = (afs_int32 *)rock;
1528 * parameters to pass to the VWalkVolumeHeaders callbacks when recording volume
1531 struct SalvageScanParams {
1532 VolumeId singleVolumeNumber; /**< 0 for a partition-salvage, otherwise the
1533 * vol id of the VG we're salvaging */
1534 struct VolumeSummary *vsp; /**< ptr to the current volume summary object
1535 * we're filling in */
1536 afs_int32 nVolumes; /**< # of vols we've encountered */
1537 afs_int32 totalVolumes; /**< max # of vols we should encounter (the
1538 * # of vols we've alloc'd memory for) */
1539 int retry; /**< do we need to retry vol lock/checkout? */
1540 struct SalvInfo *salvinfo; /**< salvage job info */
1544 * records volume summary info found from VWalkVolumeHeaders.
1546 * Found volumes are also taken offline if they are in the specific volume
1547 * group we are looking for.
1549 * @param[in] dp the disk partition
1550 * @param[in] name full path to the .vol header
1551 * @param[in] hdr the header data
1552 * @param[in] last 1 if this is the last try to read the header, 0 otherwise
1553 * @param[in] rock actually a struct SalvageScanParams*, containing the
1554 * information needed to record the volume summary data
1556 * @return operation status
1558 * @retval -1 volume locking raced with fileserver restart; checking out
1559 * and locking volumes needs to be retried
1560 * @retval 1 volume header is mis-named and should be deleted
1563 RecordHeader(struct DiskPartition64 *dp, const char *name,
1564 struct VolumeDiskHeader *hdr, int last, void *rock)
1566 char nameShouldBe[64];
1567 struct SalvageScanParams *params;
1568 struct VolumeSummary summary;
1569 VolumeId singleVolumeNumber;
1570 struct SalvInfo *salvinfo;
1572 params = (struct SalvageScanParams *)rock;
1574 memset(&summary, 0, sizeof(summary));
1576 singleVolumeNumber = params->singleVolumeNumber;
1577 salvinfo = params->salvinfo;
1579 DiskToVolumeHeader(&summary.header, hdr);
1581 if (singleVolumeNumber && summary.header.id == singleVolumeNumber
1582 && summary.header.parent != singleVolumeNumber) {
1584 if (programType == salvageServer) {
1585 #ifdef SALVSYNC_BUILD_CLIENT
1586 Log("fileserver requested salvage of clone %u; scheduling salvage of volume group %u...\n",
1587 summary.header.id, summary.header.parent);
1588 if (SALVSYNC_LinkVolume(summary.header.parent,
1592 Log("schedule request failed\n");
1595 Exit(SALSRV_EXIT_VOLGROUP_LINK);
1598 Log("%u is a read-only volume; not salvaged\n",
1599 singleVolumeNumber);
1604 if (!singleVolumeNumber || summary.header.id == singleVolumeNumber
1605 || summary.header.parent == singleVolumeNumber) {
1607 /* check if the header file is incorrectly named */
1609 const char *base = strrchr(name, OS_DIRSEPC);
1616 snprintf(nameShouldBe, sizeof nameShouldBe,
1617 VFORMAT, afs_printable_uint32_lu(summary.header.id));
1620 if (strcmp(nameShouldBe, base)) {
1621 /* .vol file has wrong name; retry/delete */
1625 if (!badname || last) {
1626 /* only offline the volume if the header is good, or if this is
1627 * the last try looking at it; avoid AskOffline'ing the same vol
1630 if (singleVolumeNumber
1631 && summary.header.id != singleVolumeNumber) {
1632 /* don't offline singleVolumeNumber; we already did that
1635 AskOffline(salvinfo, summary.header.id);
1637 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
1639 /* don't lock the volume if the header is bad, since we're
1640 * about to delete it anyway. */
1641 if (LockVolume(salvinfo, summary.header.id)) {
1646 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
1650 if (last && !Showmode) {
1651 Log("Volume header file %s is incorrectly named (should be %s "
1652 "not %s); %sdeleted (it will be recreated later, if "
1653 "necessary)\n", name, nameShouldBe, base,
1654 (Testing ? "it would have been " : ""));
1662 if (params->nVolumes > params->totalVolumes) {
1663 /* We found more volumes than we found on the first partition walk;
1664 * apparently something created a volume while we were
1665 * partition-salvaging, or we found more than 20 vols when salvaging a
1666 * particular volume. Abort if we detect this, since other programs
1667 * supposed to not touch the partition while it is partition-salvaging,
1668 * and we shouldn't find more than 20 vols in a VG.
1670 Abort("Found %ld vol headers, but should have found at most %ld! "
1671 "Make sure the volserver/fileserver are not running at the "
1672 "same time as a partition salvage\n",
1673 afs_printable_int32_ld(params->nVolumes),
1674 afs_printable_int32_ld(params->totalVolumes));
1677 memcpy(params->vsp, &summary, sizeof(summary));
1685 * possibly unlinks bad volume headers found from VWalkVolumeHeaders.
1687 * If the header could not be read in at all, the header is always unlinked.
1688 * If instead RecordHeader said the header was bad (that is, the header file
1689 * is mis-named), we only unlink if we are doing a partition salvage, as
1690 * opposed to salvaging a specific volume group.
1692 * @param[in] dp the disk partition
1693 * @param[in] name full path to the .vol header
1694 * @param[in] hdr header data, or NULL if the header could not be read
1695 * @param[in] rock actually a struct SalvageScanParams*, with some information
1699 UnlinkHeader(struct DiskPartition64 *dp, const char *name,
1700 struct VolumeDiskHeader *hdr, void *rock)
1702 struct SalvageScanParams *params;
1705 params = (struct SalvageScanParams *)rock;
1708 /* no header; header is too bogus to read in at all */
1710 Log("%s is not a legitimate volume header file; %sdeleted\n", name, (Testing ? "it would have been " : ""));
1716 } else if (!params->singleVolumeNumber) {
1717 /* We were able to read in a header, but RecordHeader said something
1718 * was wrong with it. We only unlink those if we are doing a partition
1725 if (dounlink && unlink(name)) {
1726 Log("Error %d while trying to unlink %s\n", errno, name);
1731 * Populates salvinfo->volumeSummaryp with volume summary information, either by asking
1732 * the fileserver for VG information, or by scanning the /vicepX partition.
1734 * @param[in] singleVolumeNumber the volume ID of the single volume group we
1735 * are salvaging, or 0 if this is a partition
1738 * @return operation status
1740 * @retval -1 we raced with a fileserver restart; checking out and locking
1741 * volumes must be retried
1744 GetVolumeSummary(struct SalvInfo *salvinfo, VolumeId singleVolumeNumber)
1746 afs_int32 nvols = 0;
1747 struct SalvageScanParams params;
1750 code = AskVolumeSummary(salvinfo, singleVolumeNumber);
1752 /* we successfully got the vol information from the fileserver; no
1753 * need to scan the partition */
1757 /* we need to retry volume checkout */
1761 if (!singleVolumeNumber) {
1762 /* Count how many volumes we have in /vicepX */
1763 code = VWalkVolumeHeaders(salvinfo->fileSysPartition, salvinfo->fileSysPath, CountHeader,
1766 Abort("Can't read directory %s; not salvaged\n", salvinfo->fileSysPath);
1771 nvols = VOL_VG_MAX_VOLS;
1774 salvinfo->volumeSummaryp = calloc(nvols, sizeof(struct VolumeSummary));
1775 opr_Assert(salvinfo->volumeSummaryp != NULL);
1777 params.singleVolumeNumber = singleVolumeNumber;
1778 params.vsp = salvinfo->volumeSummaryp;
1779 params.nVolumes = 0;
1780 params.totalVolumes = nvols;
1782 params.salvinfo = salvinfo;
1784 /* walk the partition directory of volume headers and record the info
1785 * about them; unlinking invalid headers */
1786 code = VWalkVolumeHeaders(salvinfo->fileSysPartition, salvinfo->fileSysPath, RecordHeader,
1787 UnlinkHeader, ¶ms);
1789 /* we apparently need to retry checking-out/locking volumes */
1793 Abort("Failed to get volume header summary\n");
1795 salvinfo->nVolumes = params.nVolumes;
1797 qsort(salvinfo->volumeSummaryp, salvinfo->nVolumes, sizeof(struct VolumeSummary),
1803 /* Find the link table. This should be associated with the RW volume or, if
1804 * a RO only site, then the RO volume. For now, be cautious and hunt carefully.
1807 FindLinkHandle(struct InodeSummary *isp, int nVols,
1808 struct ViceInodeInfo *allInodes)
1811 struct ViceInodeInfo *ip;
1813 for (i = 0; i < nVols; i++) {
1814 ip = allInodes + isp[i].index;
1815 for (j = 0; j < isp[i].nSpecialInodes; j++) {
1816 if (ip[j].u.special.type == VI_LINKTABLE)
1817 return ip[j].inodeNumber;
1824 CreateLinkTable(struct SalvInfo *salvinfo, struct InodeSummary *isp, Inode ino)
1826 struct versionStamp version;
1829 if (!VALID_INO(ino))
1831 IH_CREATE(NULL, salvinfo->fileSysDevice, salvinfo->fileSysPath, 0, isp->RWvolumeId,
1832 INODESPECIAL, VI_LINKTABLE, isp->RWvolumeId);
1833 if (!VALID_INO(ino))
1835 ("Unable to allocate link table inode for volume %u (error = %d)\n",
1836 isp->RWvolumeId, errno);
1837 IH_INIT(salvinfo->VGLinkH, salvinfo->fileSysDevice, isp->RWvolumeId, ino);
1838 fdP = IH_OPEN(salvinfo->VGLinkH);
1840 Abort("Can't open link table for volume %u (error = %d)\n",
1841 isp->RWvolumeId, errno);
1843 if (FDH_TRUNC(fdP, sizeof(version) + sizeof(short)) < 0)
1844 Abort("Can't truncate link table for volume %u (error = %d)\n",
1845 isp->RWvolumeId, errno);
1847 version.magic = LINKTABLEMAGIC;
1848 version.version = LINKTABLEVERSION;
1850 if (FDH_PWRITE(fdP, (char *)&version, sizeof(version), 0)
1852 Abort("Can't truncate link table for volume %u (error = %d)\n",
1853 isp->RWvolumeId, errno);
1855 FDH_REALLYCLOSE(fdP);
1857 /* If the volume summary exits (i.e., the V*.vol header file exists),
1858 * then set this inode there as well.
1860 if (isp->volSummary)
1861 isp->volSummary->header.linkTable = ino;
1870 SVGParms_t *parms = (SVGParms_t *) arg;
1871 DoSalvageVolumeGroup(parms->svgp_salvinfo, parms->svgp_inodeSummaryp, parms->svgp_count);
1876 nt_SalvageVolumeGroup(struct SalvInfo *salvinfo, struct InodeSummary *isp, int nVols)
1879 pthread_attr_t tattr;
1883 /* Initialize per volume global variables, even if later code does so */
1884 salvinfo->VolumeChanged = 0;
1885 salvinfo->VGLinkH = NULL;
1886 salvinfo->VGLinkH_cnt = 0;
1887 memset(&salvinfo->VolInfo, 0, sizeof(salvinfo->VolInfo));
1889 parms.svgp_inodeSummaryp = isp;
1890 parms.svgp_count = nVols;
1891 parms.svgp_salvinfo = salvinfo;
1892 code = pthread_attr_init(&tattr);
1894 Log("Failed to salvage volume group %u: pthread_attr_init()\n",
1898 code = pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_JOINABLE);
1900 Log("Failed to salvage volume group %u: pthread_attr_setdetachstate()\n", isp->RWvolumeId);
1903 code = pthread_create(&tid, &tattr, nt_SVG, &parms);
1905 Log("Failed to create thread to salvage volume group %u\n",
1909 (void)pthread_join(tid, NULL);
1911 #endif /* AFS_NT40_ENV */
1914 DoSalvageVolumeGroup(struct SalvInfo *salvinfo, struct InodeSummary *isp, int nVols)
1916 struct ViceInodeInfo *inodes, *allInodes, *ip;
1917 int i, totalInodes, size, salvageTo;
1921 int dec_VGLinkH = 0;
1923 FdHandle_t *fdP = NULL;
1925 salvinfo->VGLinkH_cnt = 0;
1926 haveRWvolume = (isp->volumeId == isp->RWvolumeId
1927 && isp->nSpecialInodes > 0);
1928 if ((!ShowMounts) || (ShowMounts && !haveRWvolume)) {
1929 if (!ForceSalvage && QuickCheck(salvinfo, isp, nVols))
1932 if (ShowMounts && !haveRWvolume)
1934 if (canfork && !debug && Fork() != 0) {
1935 (void)Wait("Salvage volume group");
1938 for (i = 0, totalInodes = 0; i < nVols; i++)
1939 totalInodes += isp[i].nInodes;
1940 size = totalInodes * sizeof(struct ViceInodeInfo);
1941 inodes = malloc(size);
1942 allInodes = inodes - isp->index; /* this would the base of all the inodes
1943 * for the partition, if all the inodes
1944 * had been read into memory */
1946 (salvinfo->inodeFd, isp->index * sizeof(struct ViceInodeInfo),
1948 opr_Verify(OS_READ(salvinfo->inodeFd, inodes, size) == size);
1950 /* Don't try to salvage a read write volume if there isn't one on this
1952 salvageTo = haveRWvolume ? 0 : 1;
1954 #ifdef AFS_NAMEI_ENV
1955 ino = FindLinkHandle(isp, nVols, allInodes);
1956 if (VALID_INO(ino)) {
1957 IH_INIT(salvinfo->VGLinkH, salvinfo->fileSysDevice, isp->RWvolumeId, ino);
1958 fdP = IH_OPEN(salvinfo->VGLinkH);
1960 if (VALID_INO(ino) && fdP != NULL) {
1961 struct versionStamp header;
1962 afs_sfsize_t nBytes;
1964 nBytes = FDH_PREAD(fdP, (char *)&header, sizeof(struct versionStamp), 0);
1965 if (nBytes != sizeof(struct versionStamp)
1966 || header.magic != LINKTABLEMAGIC) {
1967 Log("Bad linktable header for volume %u.\n", isp->RWvolumeId);
1968 FDH_REALLYCLOSE(fdP);
1972 if (!VALID_INO(ino) || fdP == NULL) {
1973 Log("%s link table for volume %u.\n",
1974 Testing ? "Would have recreated" : "Recreating", isp->RWvolumeId);
1976 IH_INIT(salvinfo->VGLinkH, salvinfo->fileSysDevice, -1, -1);
1979 struct ViceInodeInfo *ip;
1980 CreateLinkTable(salvinfo, isp, ino);
1981 fdP = IH_OPEN(salvinfo->VGLinkH);
1982 /* Sync fake 1 link counts to the link table, now that it exists */
1984 for (i = 0; i < nVols; i++) {
1985 ip = allInodes + isp[i].index;
1986 for (j = isp[i].nSpecialInodes; j < isp[i].nInodes; j++) {
1987 namei_SetLinkCount(fdP, ip[j].inodeNumber, 1, 1);
1994 FDH_REALLYCLOSE(fdP);
1996 IH_INIT(salvinfo->VGLinkH, salvinfo->fileSysDevice, -1, -1);
1999 /* Salvage in reverse order--read/write volume last; this way any
2000 * Inodes not referenced by the time we salvage the read/write volume
2001 * can be picked up by the read/write volume */
2002 /* ACTUALLY, that's not done right now--the inodes just vanish */
2003 for (i = nVols - 1; i >= salvageTo; i--) {
2005 struct InodeSummary *lisp = &isp[i];
2006 #ifdef AFS_NAMEI_ENV
2007 /* If only the RO is present on this partition, the link table
2008 * shows up as a RW volume special file. Need to make sure the
2009 * salvager doesn't try to salvage the non-existent RW.
2011 if (rw && nVols > 1 && isp[i].nSpecialInodes == 1) {
2012 /* If this only special inode is the link table, continue */
2013 if (inodes->u.special.type == VI_LINKTABLE) {
2020 Log("%s VOLUME %u%s.\n", rw ? "SALVAGING" : "CHECKING CLONED",
2021 lisp->volumeId, (Testing ? "(READONLY mode)" : ""));
2022 /* Check inodes twice. The second time do things seriously. This
2023 * way the whole RO volume can be deleted, below, if anything goes wrong */
2024 for (check = 1; check >= 0; check--) {
2026 if (SalvageVolumeHeaderFile(salvinfo, lisp, allInodes, rw, check, &deleteMe)
2028 MaybeZapVolume(salvinfo, lisp, "Volume header", deleteMe, check);
2029 if (rw && deleteMe) {
2030 haveRWvolume = 0; /* This will cause its inodes to be deleted--since salvage
2031 * volume won't be called */
2037 if (rw && check == 1)
2039 if (SalvageVnodes(salvinfo, isp, lisp, allInodes, check) == -1) {
2040 MaybeZapVolume(salvinfo, lisp, "Vnode index", 0, check);
2046 /* Fix actual inode counts */
2049 Log("totalInodes %d\n",totalInodes);
2050 for (ip = inodes; totalInodes; ip++, totalInodes--) {
2051 static int TraceBadLinkCounts = 0;
2052 #ifdef AFS_NAMEI_ENV
2053 if (salvinfo->VGLinkH->ih_ino == ip->inodeNumber) {
2054 dec_VGLinkH = ip->linkCount - salvinfo->VGLinkH_cnt;
2055 VGLinkH_p1 = ip->u.param[0];
2056 continue; /* Deal with this last. */
2059 if (ip->linkCount != 0 && TraceBadLinkCounts) {
2060 TraceBadLinkCounts--; /* Limit reports, per volume */
2061 Log("#### DEBUG #### Link count incorrect by %d; inode %s, size %llu, p=(%u,%u,%u,%u)\n", ip->linkCount, PrintInode(stmp, ip->inodeNumber), (afs_uintmax_t) ip->byteCount, ip->u.param[0], ip->u.param[1], ip->u.param[2], ip->u.param[3]);
2063 while (ip->linkCount > 0) {
2064 /* below used to assert, not break */
2066 if (IH_DEC(salvinfo->VGLinkH, ip->inodeNumber, ip->u.param[0])) {
2067 Log("idec failed. inode %s errno %d\n",
2068 PrintInode(stmp, ip->inodeNumber), errno);
2074 while (ip->linkCount < 0) {
2075 /* these used to be asserts */
2077 if (IH_INC(salvinfo->VGLinkH, ip->inodeNumber, ip->u.param[0])) {
2078 Log("iinc failed. inode %s errno %d\n",
2079 PrintInode(stmp, ip->inodeNumber), errno);
2086 #ifdef AFS_NAMEI_ENV
2087 while (dec_VGLinkH > 0) {
2088 if (IH_DEC(salvinfo->VGLinkH, salvinfo->VGLinkH->ih_ino, VGLinkH_p1) < 0) {
2089 Log("idec failed on link table, errno = %d\n", errno);
2093 while (dec_VGLinkH < 0) {
2094 if (IH_INC(salvinfo->VGLinkH, salvinfo->VGLinkH->ih_ino, VGLinkH_p1) < 0) {
2095 Log("iinc failed on link table, errno = %d\n", errno);
2102 /* Directory consistency checks on the rw volume */
2104 SalvageVolume(salvinfo, isp, salvinfo->VGLinkH);
2105 IH_RELEASE(salvinfo->VGLinkH);
2107 if (canfork && !debug) {
2114 QuickCheck(struct SalvInfo *salvinfo, struct InodeSummary *isp, int nVols)
2116 /* Check headers BEFORE forking */
2120 for (i = 0; i < nVols; i++) {
2121 struct VolumeSummary *vs = isp[i].volSummary;
2122 VolumeDiskData volHeader;
2124 /* Don't salvage just because phantom rw volume is there... */
2125 /* (If a read-only volume exists, read/write inodes must also exist) */
2126 if (i == 0 && isp->nSpecialInodes == 0 && nVols > 1)
2130 IH_INIT(h, salvinfo->fileSysDevice, vs->header.parent, vs->header.volumeInfo);
2131 if (IH_IREAD(h, 0, (char *)&volHeader, sizeof(volHeader))
2132 == sizeof(volHeader)
2133 && volHeader.stamp.magic == VOLUMEINFOMAGIC
2134 && volHeader.dontSalvage == DONT_SALVAGE
2135 && volHeader.needsSalvaged == 0 && volHeader.destroyMe == 0) {
2136 if (volHeader.inUse != 0) {
2137 volHeader.inUse = 0;
2138 volHeader.inService = 1;
2140 if (IH_IWRITE(h, 0, (char *)&volHeader, sizeof(volHeader))
2141 != sizeof(volHeader)) {
2157 /* SalvageVolumeHeaderFile
2159 * Salvage the top level V*.vol header file. Make sure the special files
2160 * exist and that there are no duplicates.
2162 * Calls SalvageHeader for each possible type of volume special file.
2166 SalvageVolumeHeaderFile(struct SalvInfo *salvinfo, struct InodeSummary *isp,
2167 struct ViceInodeInfo *inodes, int RW,
2168 int check, int *deleteMe)
2171 struct ViceInodeInfo *ip;
2172 int allinodesobsolete = 1;
2173 struct VolumeDiskHeader diskHeader;
2174 afs_int32 (*writefunc)(VolumeDiskHeader_t *, struct DiskPartition64 *) = NULL;
2176 struct VolumeHeader tempHeader;
2177 struct afs_inode_info stuff[MAXINODETYPE];
2179 /* keeps track of special inodes that are probably 'good'; they are
2180 * referenced in the vol header, and are included in the given inodes
2185 } goodspecial[MAXINODETYPE];
2190 memset(goodspecial, 0, sizeof(goodspecial));
2192 skip = calloc(isp->nSpecialInodes, sizeof(*skip));
2194 Log("cannot allocate memory for inode skip array when salvaging "
2195 "volume %lu; not performing duplicate special inode recovery\n",
2196 afs_printable_uint32_lu(isp->volumeId));
2197 /* still try to perform the salvage; the skip array only does anything
2198 * if we detect duplicate special inodes */
2201 init_inode_info(&tempHeader, stuff);
2204 * First, look at the special inodes and see if any are referenced by
2205 * the existing volume header. If we find duplicate special inodes, we
2206 * can use this information to use the referenced inode (it's more
2207 * likely to be the 'good' one), and throw away the duplicates.
2209 if (isp->volSummary && skip) {
2210 /* use tempHeader, so we can use the stuff[] array to easily index
2211 * into the isp->volSummary special inodes */
2212 memcpy(&tempHeader, &isp->volSummary->header, sizeof(struct VolumeHeader));
2214 for (i = 0; i < isp->nSpecialInodes; i++) {
2215 ip = &inodes[isp->index + i];
2216 if (ip->u.special.type <= 0 || ip->u.special.type > MAXINODETYPE) {
2217 /* will get taken care of in a later loop */
2220 if (ip->inodeNumber == *(stuff[ip->u.special.type - 1].inode)) {
2221 goodspecial[ip->u.special.type-1].valid = 1;
2222 goodspecial[ip->u.special.type-1].inode = ip->inodeNumber;
2227 memset(&tempHeader, 0, sizeof(tempHeader));
2228 tempHeader.stamp.magic = VOLUMEHEADERMAGIC;
2229 tempHeader.stamp.version = VOLUMEHEADERVERSION;
2230 tempHeader.id = isp->volumeId;
2231 tempHeader.parent = isp->RWvolumeId;
2233 /* Check for duplicates (inodes are sorted by type field) */
2234 for (i = 0; i < isp->nSpecialInodes - 1; i++) {
2235 ip = &inodes[isp->index + i];
2236 if (ip->u.special.type == (ip + 1)->u.special.type) {
2237 afs_ino_str_t stmp1, stmp2;
2239 if (ip->u.special.type <= 0 || ip->u.special.type > MAXINODETYPE) {
2240 /* Will be caught in the loop below */
2244 Log("Duplicate special %d inodes for volume %u found (%s, %s);\n",
2245 ip->u.special.type, isp->volumeId,
2246 PrintInode(stmp1, ip->inodeNumber),
2247 PrintInode(stmp2, (ip+1)->inodeNumber));
2249 if (skip && goodspecial[ip->u.special.type-1].valid) {
2250 Inode gi = goodspecial[ip->u.special.type-1].inode;
2253 Log("using special inode referenced by vol header (%s)\n",
2254 PrintInode(stmp1, gi));
2257 /* the volume header references some special inode of
2258 * this type in the inodes array; are we it? */
2259 if (ip->inodeNumber != gi) {
2261 } else if ((ip+1)->inodeNumber != gi) {
2262 /* in case this is the last iteration; we need to
2263 * make sure we check ip+1, too */
2268 Log("cannot determine which is correct; salvage of volume %u aborted\n", isp->volumeId);
2276 for (i = 0; i < isp->nSpecialInodes; i++) {
2278 ip = &inodes[isp->index + i];
2279 if (ip->u.special.type <= 0 || ip->u.special.type > MAXINODETYPE) {
2281 Log("Rubbish header inode %s of type %d\n",
2282 PrintInode(stmp, ip->inodeNumber),
2283 ip->u.special.type);
2289 Log("Rubbish header inode %s of type %d; deleted\n",
2290 PrintInode(stmp, ip->inodeNumber),
2291 ip->u.special.type);
2292 } else if (!stuff[ip->u.special.type - 1].obsolete) {
2293 if (skip && skip[i]) {
2294 if (orphans == ORPH_REMOVE) {
2295 Log("Removing orphan special inode %s of type %d\n",
2296 PrintInode(stmp, ip->inodeNumber), ip->u.special.type);
2299 Log("Ignoring orphan special inode %s of type %d\n",
2300 PrintInode(stmp, ip->inodeNumber), ip->u.special.type);
2301 /* fall through to the ip->linkCount--; line below */
2304 *(stuff[ip->u.special.type - 1].inode) = ip->inodeNumber;
2305 allinodesobsolete = 0;
2307 if (!check && ip->u.special.type != VI_LINKTABLE)
2308 ip->linkCount--; /* Keep the inode around */
2316 if (allinodesobsolete) {
2323 salvinfo->VGLinkH_cnt++; /* one for every header. */
2325 if (!RW && !check && isp->volSummary) {
2326 ClearROInUseBit(isp->volSummary);
2330 for (i = 0; i < MAXINODETYPE; i++) {
2331 if (stuff[i].inodeType == VI_LINKTABLE) {
2332 /* Gross hack: SalvageHeader does a bcmp on the volume header.
2333 * And we may have recreated the link table earlier, so set the
2334 * RW header as well. The header magic was already checked.
2336 if (VALID_INO(salvinfo->VGLinkH->ih_ino)) {
2337 *stuff[i].inode = salvinfo->VGLinkH->ih_ino;
2341 if (SalvageHeader(salvinfo, &stuff[i], isp, check, deleteMe) == -1 && check)
2345 if (isp->volSummary == NULL) {
2347 char headerName[64];
2348 snprintf(headerName, sizeof headerName, VFORMAT,
2349 afs_printable_uint32_lu(isp->volumeId));
2350 snprintf(path, sizeof path, "%s" OS_DIRSEP "%s",
2351 salvinfo->fileSysPath, headerName);
2353 Log("No header file for volume %u\n", isp->volumeId);
2357 Log("No header file for volume %u; %screating %s\n",
2358 isp->volumeId, (Testing ? "it would have been " : ""),
2360 isp->volSummary = calloc(1, sizeof(struct VolumeSummary));
2362 writefunc = VCreateVolumeDiskHeader;
2365 char headerName[64];
2366 /* hack: these two fields are obsolete... */
2367 isp->volSummary->header.volumeAcl = 0;
2368 isp->volSummary->header.volumeMountTable = 0;
2371 (&isp->volSummary->header, &tempHeader,
2372 sizeof(struct VolumeHeader))) {
2373 VolumeExternalName_r(isp->volumeId, headerName, sizeof(headerName));
2374 snprintf(path, sizeof path, "%s" OS_DIRSEP "%s",
2375 salvinfo->fileSysPath, headerName);
2377 Log("Header file %s is damaged or no longer valid%s\n", path,
2378 (check ? "" : "; repairing"));
2382 writefunc = VWriteVolumeDiskHeader;
2386 memcpy(&isp->volSummary->header, &tempHeader,
2387 sizeof(struct VolumeHeader));
2390 Log("It would have written a new header file for volume %u\n",
2394 VolumeHeaderToDisk(&diskHeader, &tempHeader);
2395 code = (*writefunc)(&diskHeader, salvinfo->fileSysPartition);
2397 Log("Error %ld writing volume header file for volume %lu\n",
2398 afs_printable_int32_ld(code),
2399 afs_printable_uint32_lu(diskHeader.id));
2404 IH_INIT(isp->volSummary->volumeInfoHandle, salvinfo->fileSysDevice, isp->RWvolumeId,
2405 isp->volSummary->header.volumeInfo);
2410 SalvageHeader(struct SalvInfo *salvinfo, struct afs_inode_info *sp,
2411 struct InodeSummary *isp, int check, int *deleteMe)
2414 VolumeDiskData volumeInfo;
2415 struct versionStamp fileHeader;
2424 #ifndef AFS_NAMEI_ENV
2425 if (sp->inodeType == VI_LINKTABLE)
2426 return 0; /* header magic was already checked */
2428 if (*(sp->inode) == 0) {
2430 Log("Missing inode in volume header (%s)\n", sp->description);
2434 Log("Missing inode in volume header (%s); %s\n", sp->description,
2435 (Testing ? "it would have recreated it" : "recreating"));
2438 IH_CREATE(NULL, salvinfo->fileSysDevice, salvinfo->fileSysPath, 0, isp->volumeId,
2439 INODESPECIAL, sp->inodeType, isp->RWvolumeId);
2440 if (!VALID_INO(*(sp->inode)))
2442 ("Unable to allocate inode (%s) for volume header (error = %d)\n",
2443 sp->description, errno);
2448 IH_INIT(specH, salvinfo->fileSysDevice, isp->RWvolumeId, *(sp->inode));
2449 fdP = IH_OPEN(specH);
2450 if (OKToZap && (fdP == NULL) && BadError(errno)) {
2451 /* bail out early and destroy the volume */
2453 Log("Still can't open volume header inode (%s), destroying volume\n", sp->description);
2460 Abort("Unable to open inode (%s) of volume header (error = %d)\n",
2461 sp->description, errno);
2464 && (FDH_PREAD(fdP, (char *)&header, sp->size, 0) != sp->size
2465 || header.fileHeader.magic != sp->stamp.magic)) {
2467 Log("Part of the header (%s) is corrupted\n", sp->description);
2468 FDH_REALLYCLOSE(fdP);
2472 Log("Part of the header (%s) is corrupted; recreating\n",
2475 /* header can be garbage; make sure we don't read garbage data from
2477 memset(&header, 0, sizeof(header));
2479 #ifdef AFS_NAMEI_ENV
2480 if (namei_FixSpecialOGM(fdP, check)) {
2481 Log("Error with namei header OGM data (%s)\n", sp->description);
2482 FDH_REALLYCLOSE(fdP);
2487 if (sp->inodeType == VI_VOLINFO
2488 && header.volumeInfo.destroyMe == DESTROY_ME) {
2491 FDH_REALLYCLOSE(fdP);
2495 if (recreate && !Testing) {
2498 ("Internal error: recreating volume header (%s) in check mode\n",
2500 nBytes = FDH_TRUNC(fdP, 0);
2502 Abort("Unable to truncate volume header file (%s) (error = %d)\n",
2503 sp->description, errno);
2505 /* The following code should be moved into vutil.c */
2506 if (sp->inodeType == VI_VOLINFO) {
2508 memset(&header.volumeInfo, 0, sizeof(header.volumeInfo));
2509 header.volumeInfo.stamp = sp->stamp;
2510 header.volumeInfo.id = isp->volumeId;
2511 header.volumeInfo.parentId = isp->RWvolumeId;
2512 sprintf(header.volumeInfo.name, "bogus.%u", isp->volumeId);
2513 Log("Warning: the name of volume %u is now \"bogus.%u\"\n",
2514 isp->volumeId, isp->volumeId);
2515 header.volumeInfo.inService = 0;
2516 header.volumeInfo.blessed = 0;
2517 /* The + 1000 is a hack in case there are any files out in venus caches */
2518 header.volumeInfo.uniquifier = (isp->maxUniquifier + 1) + 1000;
2519 header.volumeInfo.type = (isp->volumeId == isp->RWvolumeId ? readwriteVolume : readonlyVolume); /* XXXX */
2520 header.volumeInfo.needsCallback = 0;
2521 gettimeofday(&tp, NULL);
2522 header.volumeInfo.creationDate = tp.tv_sec;
2524 FDH_PWRITE(fdP, (char *)&header.volumeInfo,
2525 sizeof(header.volumeInfo), 0);
2526 if (nBytes != sizeof(header.volumeInfo)) {
2529 ("Unable to write volume header file (%s) (errno = %d)\n",
2530 sp->description, errno);
2531 Abort("Unable to write entire volume header file (%s)\n",
2535 nBytes = FDH_PWRITE(fdP, (char *)&sp->stamp, sizeof(sp->stamp), 0);
2536 if (nBytes != sizeof(sp->stamp)) {
2539 ("Unable to write version stamp in volume header file (%s) (errno = %d)\n",
2540 sp->description, errno);
2542 ("Unable to write entire version stamp in volume header file (%s)\n",
2547 FDH_REALLYCLOSE(fdP);
2549 if (sp->inodeType == VI_VOLINFO) {
2550 salvinfo->VolInfo = header.volumeInfo;
2554 if (salvinfo->VolInfo.updateDate) {
2555 strcpy(update, TimeStamp(salvinfo->VolInfo.updateDate, 0));
2557 Log("%s (%u) %supdated %s\n", salvinfo->VolInfo.name,
2558 salvinfo->VolInfo.id,
2559 (Testing ? "it would have been " : ""), update);
2561 strcpy(update, TimeStamp(salvinfo->VolInfo.creationDate, 0));
2563 Log("%s (%u) not updated (created %s)\n",
2564 salvinfo->VolInfo.name, salvinfo->VolInfo.id, update);
2574 SalvageVnodes(struct SalvInfo *salvinfo,
2575 struct InodeSummary *rwIsp,
2576 struct InodeSummary *thisIsp,
2577 struct ViceInodeInfo *inodes, int check)
2579 int ilarge, ismall, ioffset, RW, nInodes;
2580 ioffset = rwIsp->index + rwIsp->nSpecialInodes; /* first inode */
2583 RW = (rwIsp == thisIsp);
2584 nInodes = (rwIsp->nInodes - rwIsp->nSpecialInodes);
2586 SalvageIndex(salvinfo, thisIsp->volSummary->header.smallVnodeIndex, vSmall, RW,
2587 &inodes[ioffset], nInodes, thisIsp->volSummary, check);
2588 if (check && ismall == -1)
2591 SalvageIndex(salvinfo, thisIsp->volSummary->header.largeVnodeIndex, vLarge, RW,
2592 &inodes[ioffset], nInodes, thisIsp->volSummary, check);
2593 return (ilarge == 0 && ismall == 0 ? 0 : -1);
2597 SalvageIndex(struct SalvInfo *salvinfo, Inode ino, VnodeClass class, int RW,
2598 struct ViceInodeInfo *ip, int nInodes,
2599 struct VolumeSummary *volSummary, int check)
2601 char buf[SIZEOF_LARGEDISKVNODE];
2602 struct VnodeDiskObject *vnode = (struct VnodeDiskObject *)buf;
2604 StreamHandle_t *file;
2605 struct VnodeClassInfo *vcp;
2607 afs_sfsize_t nVnodes;
2608 afs_fsize_t vnodeLength;
2610 afs_ino_str_t stmp1, stmp2;
2614 IH_INIT(handle, salvinfo->fileSysDevice, volSummary->header.parent, ino);
2615 fdP = IH_OPEN(handle);
2616 opr_Assert(fdP != NULL);
2617 file = FDH_FDOPEN(fdP, "r+");
2618 opr_Assert(file != NULL);
2619 vcp = &VnodeClassInfo[class];
2620 size = OS_SIZE(fdP->fd_fd);
2621 opr_Assert(size != -1);
2622 nVnodes = (size / vcp->diskSize) - 1;
2624 opr_Assert((nVnodes + 1) * vcp->diskSize == size);
2625 opr_Verify(STREAM_ASEEK(file, vcp->diskSize) == 0);
2629 for (vnodeIndex = 0;
2630 nVnodes && STREAM_READ(vnode, vcp->diskSize, 1, file) == 1;
2631 nVnodes--, vnodeIndex++) {
2632 if (vnode->type != vNull) {
2633 int vnodeChanged = 0;
2634 int vnodeNumber = bitNumberToVnodeNumber(vnodeIndex, class);
2635 if (VNDISK_GET_INO(vnode) == 0) {
2637 /* Log("### DEBUG ### Deleted Vnode with 0 inode (vnode %d)\n", vnodeNumber); */
2638 memset(vnode, 0, vcp->diskSize);
2642 if (vcp->magic != vnode->vnodeMagic) {
2643 /* bad magic #, probably partially created vnode */
2645 Log("Partially allocated vnode %d: bad magic (is %lx should be %lx)\n",
2646 vnodeNumber, afs_printable_uint32_lu(vnode->vnodeMagic),
2647 afs_printable_uint32_lu(vcp->magic));
2648 memset(vnode, 0, vcp->diskSize);
2652 Log("Partially allocated vnode %d deleted.\n",
2654 memset(vnode, 0, vcp->diskSize);
2658 /* ****** Should do a bit more salvage here: e.g. make sure
2659 * vnode type matches what it should be given the index */
2660 while (nInodes && ip->u.vnode.vnodeNumber < vnodeNumber) {
2661 /* if (vnodeIdToClass(ip->u.vnode.vnodeNumber) == class && RW) {
2662 * Log("Inode %d: says it belongs to non-existing vnode %d\n",
2663 * ip->inodeNumber, ip->u.vnode.vnodeNumber);
2670 while (nInodes && ip->u.vnode.vnodeNumber == vnodeNumber) {
2671 /* The following doesn't work, because the version number
2672 * is not maintained correctly by the file server */
2673 /*if (vnode->uniquifier == ip->u.vnode.vnodeUniquifier &&
2674 * vnode->dataVersion == ip->u.vnode.inodeDataVersion)
2676 if (VNDISK_GET_INO(vnode) == ip->inodeNumber)
2682 /* For RW volume, look for vnode with matching inode number;
2683 * if no such match, take the first determined by our sort
2685 struct ViceInodeInfo *lip = ip;
2686 int lnInodes = nInodes;
2688 && lip->u.vnode.vnodeNumber == vnodeNumber) {
2689 if (VNDISK_GET_INO(vnode) == lip->inodeNumber) {
2698 if (nInodes && ip->u.vnode.vnodeNumber == vnodeNumber) {
2699 /* "Matching" inode */
2703 vu = vnode->uniquifier;
2704 iu = ip->u.vnode.vnodeUniquifier;
2705 vd = vnode->dataVersion;
2706 id = ip->u.vnode.inodeDataVersion;
2708 * Because of the possibility of the uniquifier overflows (> 4M)
2709 * we compare them modulo the low 22-bits; we shouldn't worry
2710 * about mismatching since they shouldn't to many old
2711 * uniquifiers of the same vnode...
2713 if (IUnique(vu) != IUnique(iu)) {
2715 Log("Vnode %u: vnode.unique, %u, does not match inode unique, %u; fixed, but status will be wrong\n", vnodeNumber, IUnique(vu), IUnique(iu));
2718 vnode->uniquifier = iu;
2719 #ifdef AFS_3DISPARES
2720 vnode->dataVersion = (id >= vd ?
2723 1887437 ? vd : id) :
2726 1887437 ? id : vd));
2728 #if defined(AFS_SGI_EXMAG)
2729 vnode->dataVersion = (id >= vd ?
2732 15099494 ? vd : id) :
2735 15099494 ? id : vd));
2737 vnode->dataVersion = (id > vd ? id : vd);
2738 #endif /* AFS_SGI_EXMAG */
2739 #endif /* AFS_3DISPARES */
2742 /* don't bother checking for vd > id any more, since
2743 * partial file transfers always result in this state,
2744 * and you can't do much else anyway (you've already
2745 * found the best data you can) */
2746 #ifdef AFS_3DISPARES
2747 if (!vnodeIsDirectory(vnodeNumber)
2748 && ((vd < id && (id - vd) < 1887437)
2749 || ((vd > id && (vd - id) > 1887437)))) {
2751 #if defined(AFS_SGI_EXMAG)
2752 if (!vnodeIsDirectory(vnodeNumber)
2753 && ((vd < id && (id - vd) < 15099494)
2754 || ((vd > id && (vd - id) > 15099494)))) {
2756 if (!vnodeIsDirectory(vnodeNumber) && vd < id) {
2757 #endif /* AFS_SGI_EXMAG */
2760 Log("Vnode %d: version < inode version; fixed (old status)\n", vnodeNumber);
2761 vnode->dataVersion = id;
2766 if (ip->inodeNumber != VNDISK_GET_INO(vnode)) {
2769 Log("Vnode %d: inode number incorrect (is %s should be %s). FileSize=%llu\n", vnodeNumber, PrintInode(stmp1, VNDISK_GET_INO(vnode)), PrintInode(stmp2, ip->inodeNumber), (afs_uintmax_t) ip->byteCount);
2771 VNDISK_SET_INO(vnode, ip->inodeNumber);
2776 Log("Vnode %d: inode number incorrect; changed from %s to %s. FileSize=%llu\n", vnodeNumber, PrintInode(stmp1, VNDISK_GET_INO(vnode)), PrintInode(stmp2, ip->inodeNumber), (afs_uintmax_t) ip->byteCount);
2778 VNDISK_SET_INO(vnode, ip->inodeNumber);
2781 VNDISK_GET_LEN(vnodeLength, vnode);
2782 if (ip->byteCount != vnodeLength) {
2785 Log("Vnode %d: length incorrect; (is %llu should be %llu)\n", vnodeNumber, (afs_uintmax_t) vnodeLength, (afs_uintmax_t) ip->byteCount);
2790 Log("Vnode %d: length incorrect; changed from %llu to %llu\n", vnodeNumber, (afs_uintmax_t) vnodeLength, (afs_uintmax_t) ip->byteCount);
2791 VNDISK_SET_LEN(vnode, ip->byteCount);
2795 ip->linkCount--; /* Keep the inode around */
2798 } else { /* no matching inode */
2800 if (VNDISK_GET_INO(vnode) != 0
2801 || vnode->type == vDirectory) {
2802 /* No matching inode--get rid of the vnode */
2804 if (VNDISK_GET_INO(vnode)) {
2806 Log("Vnode %d (unique %u): corresponding inode %s is missing\n", vnodeNumber, vnode->uniquifier, PrintInode(stmp, VNDISK_GET_INO(vnode)));
2810 Log("Vnode %d (unique %u): bad directory vnode (no inode number listed)\n", vnodeNumber, vnode->uniquifier);
2815 if (VNDISK_GET_INO(vnode)) {
2817 time_t serverModifyTime = vnode->serverModifyTime;
2818 Log("Vnode %d (unique %u): corresponding inode %s is missing; vnode deleted, vnode mod time=%s", vnodeNumber, vnode->uniquifier, PrintInode(stmp, VNDISK_GET_INO(vnode)), ctime(&serverModifyTime));
2822 time_t serverModifyTime = vnode->serverModifyTime;
2823 Log("Vnode %d (unique %u): bad directory vnode (no inode number listed); vnode deleted, vnode mod time=%s", vnodeNumber, vnode->uniquifier, ctime(&serverModifyTime));
2826 memset(vnode, 0, vcp->diskSize);
2829 /* Should not reach here becuase we checked for
2830 * (inodeNumber == 0) above. And where we zero the vnode,
2831 * we also goto vnodeDone.
2835 while (nInodes && ip->u.vnode.vnodeNumber == vnodeNumber) {
2839 } /* VNDISK_GET_INO(vnode) != 0 */
2841 opr_Assert(!(vnodeChanged && check));
2842 if (vnodeChanged && !Testing) {
2843 opr_Verify(IH_IWRITE(handle,
2844 vnodeIndexOffset(vcp, vnodeNumber),
2845 (char *)vnode, vcp->diskSize)
2847 salvinfo->VolumeChanged = 1; /* For break call back */
2858 struct VnodeEssence *
2859 CheckVnodeNumber(struct SalvInfo *salvinfo, VnodeId vnodeNumber)
2862 struct VnodeInfo *vip;
2865 class = vnodeIdToClass(vnodeNumber);
2866 vip = &salvinfo->vnodeInfo[class];
2867 offset = vnodeIdToBitNumber(vnodeNumber);
2868 return (offset >= vip->nVnodes ? NULL : &vip->vnodes[offset]);
2872 CopyOnWrite(struct SalvInfo *salvinfo, struct DirSummary *dir)
2874 /* Copy the directory unconditionally if we are going to change it:
2875 * not just if was cloned.
2877 struct VnodeDiskObject vnode;
2878 struct VnodeClassInfo *vcp = &VnodeClassInfo[vLarge];
2879 Inode oldinode, newinode;
2882 if (dir->copied || Testing)
2884 DFlush(); /* Well justified paranoia... */
2887 IH_IREAD(salvinfo->vnodeInfo[vLarge].handle,
2888 vnodeIndexOffset(vcp, dir->vnodeNumber), (char *)&vnode,
2890 opr_Assert(code == sizeof(vnode));
2891 oldinode = VNDISK_GET_INO(&vnode);
2892 /* Increment the version number by a whole lot to avoid problems with
2893 * clients that were promised new version numbers--but the file server
2894 * crashed before the versions were written to disk.
2897 IH_CREATE(dir->ds_linkH, salvinfo->fileSysDevice, salvinfo->fileSysPath, 0, dir->rwVid,
2898 dir->vnodeNumber, vnode.uniquifier, vnode.dataVersion +=
2900 opr_Assert(VALID_INO(newinode));
2901 opr_Verify(CopyInode(salvinfo->fileSysDevice, oldinode, newinode,
2904 VNDISK_SET_INO(&vnode, newinode);
2906 IH_IWRITE(salvinfo->vnodeInfo[vLarge].handle,
2907 vnodeIndexOffset(vcp, dir->vnodeNumber), (char *)&vnode,
2909 opr_Assert(code == sizeof(vnode));
2911 SetSalvageDirHandle(&dir->dirHandle, dir->dirHandle.dirh_handle->ih_vid,
2912 salvinfo->fileSysDevice, newinode,
2913 &salvinfo->VolumeChanged);
2914 /* Don't delete the original inode right away, because the directory is
2915 * still being scanned.
2921 * This function should either successfully create a new dir, or give up
2922 * and leave things the way they were. In particular, if it fails to write
2923 * the new dir properly, it should return w/o changing the reference to the
2927 CopyAndSalvage(struct SalvInfo *salvinfo, struct DirSummary *dir)
2929 struct VnodeDiskObject vnode;
2930 struct VnodeClassInfo *vcp = &VnodeClassInfo[vLarge];
2931 Inode oldinode, newinode;
2936 afs_int32 parentUnique = 1;
2937 struct VnodeEssence *vnodeEssence;
2942 Log("Salvaging directory %u...\n", dir->vnodeNumber);
2944 IH_IREAD(salvinfo->vnodeInfo[vLarge].handle,
2945 vnodeIndexOffset(vcp, dir->vnodeNumber), (char *)&vnode,
2947 opr_Assert(lcode == sizeof(vnode));
2948 oldinode = VNDISK_GET_INO(&vnode);
2949 /* Increment the version number by a whole lot to avoid problems with
2950 * clients that were promised new version numbers--but the file server
2951 * crashed before the versions were written to disk.
2954 IH_CREATE(dir->ds_linkH, salvinfo->fileSysDevice, salvinfo->fileSysPath, 0, dir->rwVid,
2955 dir->vnodeNumber, vnode.uniquifier, vnode.dataVersion +=
2957 opr_Assert(VALID_INO(newinode));
2958 SetSalvageDirHandle(&newdir, dir->rwVid, salvinfo->fileSysDevice, newinode,
2959 &salvinfo->VolumeChanged);
2961 /* Assign . and .. vnode numbers from dir and vnode.parent.
2962 * The uniquifier for . is in the vnode.
2963 * The uniquifier for .. might be set to a bogus value of 1 and
2964 * the salvager will later clean it up.
2966 if (vnode.parent && (vnodeEssence = CheckVnodeNumber(salvinfo, vnode.parent))) {
2967 parentUnique = (vnodeEssence->unique ? vnodeEssence->unique : 1);
2970 DirSalvage(&dir->dirHandle, &newdir, dir->vnodeNumber,
2972 (vnode.parent ? vnode.parent : dir->vnodeNumber),
2977 /* didn't really build the new directory properly, let's just give up. */
2978 code = IH_DEC(dir->ds_linkH, newinode, dir->rwVid);
2979 Log("Directory salvage returned code %d, continuing.\n", code);
2981 Log("also failed to decrement link count on new inode");
2985 Log("Checking the results of the directory salvage...\n");
2986 if (!DirOK(&newdir)) {
2987 Log("Directory salvage failed!!!; restoring old version of the directory.\n");
2988 code = IH_DEC(dir->ds_linkH, newinode, dir->rwVid);
2989 opr_Assert(code == 0);
2993 VNDISK_SET_INO(&vnode, newinode);
2994 length = afs_dir_Length(&newdir);
2995 VNDISK_SET_LEN(&vnode, length);
2997 IH_IWRITE(salvinfo->vnodeInfo[vLarge].handle,
2998 vnodeIndexOffset(vcp, dir->vnodeNumber), (char *)&vnode,
3000 opr_Assert(lcode == sizeof(vnode));
3003 nt_sync(salvinfo->fileSysDevice);
3005 sync(); /* this is slow, but hopefully rarely called. We don't have
3006 * an open FD on the file itself to fsync.
3010 salvinfo->vnodeInfo[vLarge].handle->ih_synced = 1;
3012 /* make sure old directory file is really closed */
3013 fdP = IH_OPEN(dir->dirHandle.dirh_handle);
3014 FDH_REALLYCLOSE(fdP);
3016 code = IH_DEC(dir->ds_linkH, oldinode, dir->rwVid);
3017 opr_Assert(code == 0);
3018 dir->dirHandle = newdir;
3022 * arguments for JudgeEntry.
3024 struct judgeEntry_params {
3025 struct DirSummary *dir; /**< directory we're examining entries in */
3026 struct SalvInfo *salvinfo; /**< SalvInfo for the current salvage job */
3030 JudgeEntry(void *arock, char *name, afs_int32 vnodeNumber,
3033 struct judgeEntry_params *params = arock;
3034 struct DirSummary *dir = params->dir;
3035 struct SalvInfo *salvinfo = params->salvinfo;
3036 struct VnodeEssence *vnodeEssence;
3037 afs_int32 dirOrphaned, todelete;
3039 dirOrphaned = IsVnodeOrphaned(salvinfo, dir->vnodeNumber);
3041 vnodeEssence = CheckVnodeNumber(salvinfo, vnodeNumber);
3042 if (vnodeEssence == NULL) {
3044 Log("dir vnode %u: invalid entry deleted: %s" OS_DIRSEP "%s (vnode %u, unique %u)\n", dir->vnodeNumber, dir->name ? dir->name : "??", name, vnodeNumber, unique);
3047 CopyOnWrite(salvinfo, dir);
3048 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3053 #ifndef AFS_NAMEI_ENV
3054 /* On AIX machines, don't allow entries to point to inode 0. That is a special
3055 * mount inode for the partition. If this inode were deleted, it would crash
3058 if (vnodeEssence->InodeNumber == 0) {
3059 Log("dir vnode %d: invalid entry: %s" OS_DIRSEP "%s has no inode (vnode %d, unique %d)%s\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeNumber, unique, (Testing ? "-- would have deleted" : " -- deleted"));
3061 CopyOnWrite(salvinfo, dir);
3062 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3069 if (!(vnodeNumber & 1) && !Showmode
3070 && !(vnodeEssence->count || vnodeEssence->unique
3071 || vnodeEssence->modeBits)) {
3072 Log("dir vnode %u: invalid entry: %s" OS_DIRSEP "%s (vnode %u, unique %u)%s\n",
3073 dir->vnodeNumber, (dir->name ? dir->name : "??"), name,
3074 vnodeNumber, unique,
3075 ((!unique) ? (Testing ? "-- would have deleted" : " -- deleted") :
3079 CopyOnWrite(salvinfo, dir);
3080 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3086 /* Check if the Uniquifiers match. If not, change the directory entry
3087 * so its unique matches the vnode unique. Delete if the unique is zero
3088 * or if the directory is orphaned.
3090 if (!vnodeEssence->unique || (vnodeEssence->unique) != unique) {
3091 if (!vnodeEssence->unique
3092 && ((strcmp(name, "..") == 0) || (strcmp(name, ".") == 0))) {
3093 /* This is an orphaned directory. Don't delete the . or ..
3094 * entry. Otherwise, it will get created in the next
3095 * salvage and deleted again here. So Just skip it.
3100 todelete = ((!vnodeEssence->unique || dirOrphaned) ? 1 : 0);
3103 Log("dir vnode %u: %s" OS_DIRSEP "%s (vnode %u): unique changed from %u to %u %s\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeNumber, unique, vnodeEssence->unique, (!todelete ? "" : (Testing ? "-- would have deleted" : "-- deleted")));
3107 fid.Vnode = vnodeNumber;
3108 fid.Unique = vnodeEssence->unique;
3109 CopyOnWrite(salvinfo, dir);
3110 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3112 opr_Verify(afs_dir_Create(&dir->dirHandle, name, &fid) == 0);
3115 return 0; /* no need to continue */
3118 if (strcmp(name, ".") == 0) {
3119 if (dir->vnodeNumber != vnodeNumber || (dir->unique != unique)) {
3121 Log("directory vnode %u.%u: bad '.' entry (was %u.%u); fixed\n", dir->vnodeNumber, dir->unique, vnodeNumber, unique);
3124 CopyOnWrite(salvinfo, dir);
3125 opr_Verify(afs_dir_Delete(&dir->dirHandle, ".") == 0);
3126 fid.Vnode = dir->vnodeNumber;
3127 fid.Unique = dir->unique;
3128 opr_Verify(afs_dir_Create(&dir->dirHandle, ".", &fid) == 0);
3129 vnodeNumber = fid.Vnode; /* Get the new Essence */
3130 unique = fid.Unique;
3131 vnodeEssence = CheckVnodeNumber(salvinfo, vnodeNumber);
3135 } else if (strcmp(name, "..") == 0) {
3138 struct VnodeEssence *dotdot;
3139 pa.Vnode = dir->parent;
3140 dotdot = CheckVnodeNumber(salvinfo, pa.Vnode);
3141 opr_Assert(dotdot != NULL); /* XXX Should not be assert */
3142 pa.Unique = dotdot->unique;
3144 pa.Vnode = dir->vnodeNumber;
3145 pa.Unique = dir->unique;
3147 if ((pa.Vnode != vnodeNumber) || (pa.Unique != unique)) {
3149 Log("directory vnode %u.%u: bad '..' entry (was %u.%u); fixed\n", dir->vnodeNumber, dir->unique, vnodeNumber, unique);
3151 CopyOnWrite(salvinfo, dir);
3152 opr_Verify(afs_dir_Delete(&dir->dirHandle, "..") == 0);
3153 opr_Verify(afs_dir_Create(&dir->dirHandle, "..", &pa) == 0);
3156 vnodeNumber = pa.Vnode; /* Get the new Essence */
3158 vnodeEssence = CheckVnodeNumber(salvinfo, vnodeNumber);
3160 dir->haveDotDot = 1;
3161 } else if (strncmp(name, ".__afs", 6) == 0) {
3163 Log("dir vnode %u: special old unlink-while-referenced file %s %s deleted (vnode %u)\n", dir->vnodeNumber, name, (Testing ? "would have been" : "is"), vnodeNumber);
3166 CopyOnWrite(salvinfo, dir);
3167 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3169 vnodeEssence->claimed = 0; /* Not claimed: Orphaned */
3170 vnodeEssence->todelete = 1; /* Will later delete vnode and decr inode */
3173 if (ShowSuid && (vnodeEssence->modeBits & 06000))
3174 Log("FOUND suid/sgid file: %s" OS_DIRSEP "%s (%u.%u %05o) author %u (vnode %u dir %u)\n", dir->name ? dir->name : "??", name, vnodeEssence->owner, vnodeEssence->group, vnodeEssence->modeBits, vnodeEssence->author, vnodeNumber, dir->vnodeNumber);
3175 if (/* ShowMounts && */ (vnodeEssence->type == vSymlink)
3176 && !(vnodeEssence->modeBits & 0111)) {
3177 afs_sfsize_t nBytes;
3183 IH_INIT(ihP, salvinfo->fileSysDevice, dir->dirHandle.dirh_handle->ih_vid,
3184 vnodeEssence->InodeNumber);
3187 Log("ERROR %s could not open mount point vnode %u\n", dir->vname, vnodeNumber);
3191 size = FDH_SIZE(fdP);
3193 Log("ERROR %s mount point has invalid size %d, vnode %u\n", dir->vname, (int)size, vnodeNumber);
3194 FDH_REALLYCLOSE(fdP);
3201 nBytes = FDH_PREAD(fdP, buf, size, 0);
3202 if (nBytes == size) {
3204 if ( (*buf != '#' && *buf != '%') || buf[strlen(buf)-1] != '.' ) {
3205 Log("Volume %u (%s) mount point %s" OS_DIRSEP "%s to '%s' invalid, %s to symbolic link\n",
3206 dir->dirHandle.dirh_handle->ih_vid, dir->vname, dir->name ? dir->name : "??", name, buf,
3207 Testing ? "would convert" : "converted");
3208 vnodeEssence->modeBits |= 0111;
3209 vnodeEssence->changed = 1;
3210 } else if (ShowMounts) Log("In volume %u (%s) found mountpoint %s" OS_DIRSEP "%s to '%s'\n",
3211 dir->dirHandle.dirh_handle->ih_vid, dir->vname,
3212 dir->name ? dir->name : "??", name, buf);
3214 Log("Volume %s cound not read mount point vnode %u size %d code %d\n",
3215 dir->vname, vnodeNumber, (int)size, (int)nBytes);
3217 FDH_REALLYCLOSE(fdP);
3220 if (ShowRootFiles && vnodeEssence->owner == 0 && vnodeNumber != 1)
3221 Log("FOUND root file: %s" OS_DIRSEP "%s (%u.%u %05o) author %u (vnode %u dir %u)\n", dir->name ? dir->name : "??", name, vnodeEssence->owner, vnodeEssence->group, vnodeEssence->modeBits, vnodeEssence->author, vnodeNumber, dir->vnodeNumber);
3222 if (vnodeIdToClass(vnodeNumber) == vLarge
3223 && vnodeEssence->name == NULL) {
3224 vnodeEssence->name = strdup(name);
3227 /* The directory entry points to the vnode. Check to see if the
3228 * vnode points back to the directory. If not, then let the
3229 * directory claim it (else it might end up orphaned). Vnodes
3230 * already claimed by another directory are deleted from this
3231 * directory: hardlinks to the same vnode are not allowed
3232 * from different directories.
3234 if (vnodeEssence->parent != dir->vnodeNumber) {
3235 if (!vnodeEssence->claimed && !dirOrphaned && vnodeNumber != 1) {
3236 /* Vnode does not point back to this directory.
3237 * Orphaned dirs cannot claim a file (it may belong to
3238 * another non-orphaned dir).
3241 Log("dir vnode %u: %s" OS_DIRSEP "%s (vnode %u, unique %u) -- parent vnode %schanged from %u to %u\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeNumber, unique, (Testing ? "would have been " : ""), vnodeEssence->parent, dir->vnodeNumber);
3243 vnodeEssence->parent = dir->vnodeNumber;
3244 vnodeEssence->changed = 1;
3246 /* Vnode was claimed by another directory */
3249 Log("dir vnode %u: %s" OS_DIRSEP "%s parent vnode is %u (vnode %u, unique %u) -- %sdeleted\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeEssence->parent, vnodeNumber, unique, (Testing ? "would have been " : ""));
3250 } else if (vnodeNumber == 1) {
3251 Log("dir vnode %d: %s" OS_DIRSEP "%s is invalid (vnode %d, unique %d) -- %sdeleted\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeNumber, unique, (Testing ? "would have been " : ""));
3253 Log("dir vnode %u: %s" OS_DIRSEP "%s already claimed by directory vnode %u (vnode %u, unique %u) -- %sdeleted\n", dir->vnodeNumber, (dir->name ? dir->name : "??"), name, vnodeEssence->parent, vnodeNumber, unique, (Testing ? "would have been " : ""));
3257 CopyOnWrite(salvinfo, dir);
3258 opr_Verify(afs_dir_Delete(&dir->dirHandle, name) == 0);
3263 /* This directory claims the vnode */
3264 vnodeEssence->claimed = 1;
3266 vnodeEssence->count--;
3271 DistilVnodeEssence(struct SalvInfo *salvinfo, VolumeId rwVId,
3272 VnodeClass class, Inode ino, Unique * maxu)
3274 struct VnodeInfo *vip = &salvinfo->vnodeInfo[class];
3275 struct VnodeClassInfo *vcp = &VnodeClassInfo[class];
3276 char buf[SIZEOF_LARGEDISKVNODE];
3277 struct VnodeDiskObject *vnode = (struct VnodeDiskObject *)buf;
3279 StreamHandle_t *file;
3284 IH_INIT(vip->handle, salvinfo->fileSysDevice, rwVId, ino);
3285 fdP = IH_OPEN(vip->handle);
3286 opr_Assert(fdP != NULL);
3287 file = FDH_FDOPEN(fdP, "r+");
3288 opr_Assert(file != NULL);
3289 size = OS_SIZE(fdP->fd_fd);
3290 opr_Assert(size != -1);
3291 vip->nVnodes = (size / vcp->diskSize) - 1;
3292 if (vip->nVnodes > 0) {
3293 opr_Assert((vip->nVnodes + 1) * vcp->diskSize == size);
3294 opr_Verify(STREAM_ASEEK(file, vcp->diskSize) == 0);
3295 opr_Verify((vip->vnodes = calloc(vip->nVnodes,
3296 sizeof(struct VnodeEssence)))
3298 if (class == vLarge) {
3299 opr_Verify((vip->inodes = calloc(vip->nVnodes, sizeof(Inode)))
3309 vip->volumeBlockCount = vip->nAllocatedVnodes = 0;
3310 for (vnodeIndex = 0, nVnodes = vip->nVnodes;
3311 nVnodes && STREAM_READ(vnode, vcp->diskSize, 1, file) == 1;
3312 nVnodes--, vnodeIndex++) {
3313 if (vnode->type != vNull) {
3314 struct VnodeEssence *vep = &vip->vnodes[vnodeIndex];
3315 afs_fsize_t vnodeLength;
3316 vip->nAllocatedVnodes++;
3317 vep->count = vnode->linkCount;
3318 VNDISK_GET_LEN(vnodeLength, vnode);
3319 vep->blockCount = nBlocks(vnodeLength);
3320 vip->volumeBlockCount += vep->blockCount;
3321 vep->parent = vnode->parent;
3322 vep->unique = vnode->uniquifier;
3323 if (*maxu < vnode->uniquifier)
3324 *maxu = vnode->uniquifier;
3325 vep->modeBits = vnode->modeBits;
3326 vep->InodeNumber = VNDISK_GET_INO(vnode);
3327 vep->type = vnode->type;
3328 vep->author = vnode->author;
3329 vep->owner = vnode->owner;
3330 vep->group = vnode->group;
3331 if (vnode->type == vDirectory) {
3332 if (class != vLarge) {
3333 VnodeId vnodeNumber = bitNumberToVnodeNumber(vnodeIndex, class);
3334 vip->nAllocatedVnodes--;
3335 memset(vnode, 0, sizeof(*vnode));
3336 IH_IWRITE(salvinfo->vnodeInfo[vSmall].handle,
3337 vnodeIndexOffset(vcp, vnodeNumber),
3338 (char *)&vnode, sizeof(vnode));
3339 salvinfo->VolumeChanged = 1;
3341 vip->inodes[vnodeIndex] = VNDISK_GET_INO(vnode);
3350 GetDirName(struct SalvInfo *salvinfo, VnodeId vnode, struct VnodeEssence *vp,
3353 struct VnodeEssence *parentvp;
3359 if (vp->parent && vp->name && (parentvp = CheckVnodeNumber(salvinfo, vp->parent))
3360 && GetDirName(salvinfo, vp->parent, parentvp, path)) {
3361 strcat(path, OS_DIRSEP);
3362 strcat(path, vp->name);
3368 /* To determine if a vnode is orhpaned or not, the vnode and all its parent
3369 * vnodes must be "claimed". The vep->claimed flag is set in JudgeEntry().
3372 IsVnodeOrphaned(struct SalvInfo *salvinfo, VnodeId vnode)
3374 struct VnodeEssence *vep;
3377 return (1); /* Vnode zero does not exist */
3379 return (0); /* The root dir vnode is always claimed */
3380 vep = CheckVnodeNumber(salvinfo, vnode); /* Get the vnode essence */
3381 if (!vep || !vep->claimed)
3382 return (1); /* Vnode is not claimed - it is orphaned */
3384 return (IsVnodeOrphaned(salvinfo, vep->parent));
3388 SalvageDir(struct SalvInfo *salvinfo, char *name, VolumeId rwVid,
3389 struct VnodeInfo *dirVnodeInfo, IHandle_t * alinkH, int i,
3390 struct DirSummary *rootdir, int *rootdirfound)
3392 static struct DirSummary dir;
3393 static struct DirHandle dirHandle;
3394 struct VnodeEssence *parent;
3395 static char path[MAXPATHLEN];
3398 if (dirVnodeInfo->vnodes[i].salvaged)
3399 return; /* already salvaged */
3402 dirVnodeInfo->vnodes[i].salvaged = 1;
3404 if (dirVnodeInfo->inodes[i] == 0)
3405 return; /* Not allocated to a directory */
3407 if (bitNumberToVnodeNumber(i, vLarge) == 1) {
3408 if (dirVnodeInfo->vnodes[i].parent) {
3409 Log("Bad parent, vnode 1; %s...\n",
3410 (Testing ? "skipping" : "salvaging"));
3411 dirVnodeInfo->vnodes[i].parent = 0;
3412 dirVnodeInfo->vnodes[i].changed = 1;
3415 parent = CheckVnodeNumber(salvinfo, dirVnodeInfo->vnodes[i].parent);
3416 if (parent && parent->salvaged == 0)
3417 SalvageDir(salvinfo, name, rwVid, dirVnodeInfo, alinkH,
3418 vnodeIdToBitNumber(dirVnodeInfo->vnodes[i].parent),
3419 rootdir, rootdirfound);
3422 dir.vnodeNumber = bitNumberToVnodeNumber(i, vLarge);
3423 dir.unique = dirVnodeInfo->vnodes[i].unique;
3426 dir.parent = dirVnodeInfo->vnodes[i].parent;
3427 dir.haveDot = dir.haveDotDot = 0;
3428 dir.ds_linkH = alinkH;
3429 SetSalvageDirHandle(&dir.dirHandle, dir.rwVid, salvinfo->fileSysDevice,
3430 dirVnodeInfo->inodes[i], &salvinfo->VolumeChanged);
3432 dirok = ((RebuildDirs && !Testing) ? 0 : DirOK(&dir.dirHandle));
3435 Log("Directory bad, vnode %u; %s...\n", dir.vnodeNumber,
3436 (Testing ? "skipping" : "salvaging"));
3439 CopyAndSalvage(salvinfo, &dir);
3441 dirVnodeInfo->inodes[i] = dir.dirHandle.dirh_inode;
3444 dirHandle = dir.dirHandle;
3447 GetDirName(salvinfo, bitNumberToVnodeNumber(i, vLarge),
3448 &dirVnodeInfo->vnodes[i], path);
3451 /* If enumeration failed for random reasons, we will probably delete
3452 * too much stuff, so we guard against this instead.
3454 struct judgeEntry_params judge_params;
3455 judge_params.salvinfo = salvinfo;
3456 judge_params.dir = &dir;
3458 opr_Verify(afs_dir_EnumerateDir(&dirHandle, JudgeEntry,
3459 &judge_params) == 0);
3462 /* Delete the old directory if it was copied in order to salvage.
3463 * CopyOnWrite has written the new inode # to the disk, but we still
3464 * have the old one in our local structure here. Thus, we idec the
3468 if (dir.copied && !Testing) {
3469 code = IH_DEC(dir.ds_linkH, dirHandle.dirh_handle->ih_ino, rwVid);
3470 opr_Assert(code == 0);
3471 dirVnodeInfo->inodes[i] = dir.dirHandle.dirh_inode;
3474 /* Remember rootdir DirSummary _after_ it has been judged */
3475 if (dir.vnodeNumber == 1 && dir.unique == 1) {
3476 memcpy(rootdir, &dir, sizeof(struct DirSummary));
3484 * Get a new FID that can be used to create a new file.
3486 * @param[in] volHeader vol header for the volume
3487 * @param[in] class what type of vnode we'll be creating (vLarge or vSmall)
3488 * @param[out] afid the FID that we can use (only Vnode and Unique are set)
3489 * @param[inout] maxunique max uniquifier for all vnodes in the volume;
3490 * updated to the new max unique if we create a new
3494 GetNewFID(struct SalvInfo *salvinfo, VolumeDiskData *volHeader,
3495 VnodeClass class, AFSFid *afid, Unique *maxunique)
3498 for (i = 0; i < salvinfo->vnodeInfo[class].nVnodes; i++) {
3499 if (salvinfo->vnodeInfo[class].vnodes[i].type == vNull) {
3503 if (i == salvinfo->vnodeInfo[class].nVnodes) {
3504 /* no free vnodes; make a new one */
3505 salvinfo->vnodeInfo[class].nVnodes++;
3506 salvinfo->vnodeInfo[class].vnodes =
3507 realloc(salvinfo->vnodeInfo[class].vnodes,
3508 sizeof(struct VnodeEssence) * (i+1));
3510 salvinfo->vnodeInfo[class].vnodes[i].type = vNull;
3513 afid->Vnode = bitNumberToVnodeNumber(i, class);
3515 if (volHeader->uniquifier < (*maxunique + 1)) {
3516 /* header uniq is bad; it will get bumped by 2000 later */
3517 afid->Unique = *maxunique + 1 + 2000;
3520 /* header uniq seems okay; just use that */
3521 afid->Unique = *maxunique = volHeader->uniquifier++;
3526 * Create a vnode for a README file explaining not to use a recreated-root vol.
3528 * @param[in] volHeader vol header for the volume
3529 * @param[in] alinkH ihandle for i/o for the volume
3530 * @param[in] vid volume id
3531 * @param[inout] maxunique max uniquifier for all vnodes in the volume;
3532 * updated to the new max unique if we create a new
3534 * @param[out] afid FID for the new readme vnode
3535 * @param[out] ainode the inode for the new readme file
3537 * @return operation status
3542 CreateReadme(struct SalvInfo *salvinfo, VolumeDiskData *volHeader,
3543 IHandle_t *alinkH, VolumeId vid, Unique *maxunique, AFSFid *afid,
3547 struct VnodeDiskObject *rvnode = NULL;
3549 IHandle_t *readmeH = NULL;
3550 struct VnodeEssence *vep;
3552 time_t now = time(NULL);
3554 /* Try to make the note brief, but informative. Only administrators should
3555 * be able to read this file at first, so we can hopefully assume they
3556 * know what AFS is, what a volume is, etc. */
3558 "This volume has been salvaged, but has lost its original root directory.\n"
3559 "The root directory that exists now has been recreated from orphan files\n"
3560 "from the rest of the volume. This recreated root directory may interfere\n"
3561 "with old cached data on clients, and there is no way the salvager can\n"
3562 "reasonably prevent that. So, it is recommended that you do not continue to\n"
3563 "use this volume, but only copy the salvaged data to a new volume.\n"
3564 "Continuing to use this volume as it exists now may cause some clients to\n"
3565 "behave oddly when accessing this volume.\n"
3566 "\n\t -- Your friendly neighborhood OpenAFS salvager\n";
3567 /* ^ the person reading this probably just lost some data, so they could
3568 * use some cheering up. */
3570 /* -1 for the trailing NUL */
3571 length = sizeof(readme) - 1;
3573 GetNewFID(salvinfo, volHeader, vSmall, afid, maxunique);
3575 vep = &salvinfo->vnodeInfo[vSmall].vnodes[vnodeIdToBitNumber(afid->Vnode)];
3577 /* create the inode and write the contents */
3578 readmeinode = IH_CREATE(alinkH, salvinfo->fileSysDevice,
3579 salvinfo->fileSysPath, 0, vid,
3580 afid->Vnode, afid->Unique, 1);
3581 if (!VALID_INO(readmeinode)) {
3582 Log("CreateReadme: readme IH_CREATE failed\n");
3586 IH_INIT(readmeH, salvinfo->fileSysDevice, vid, readmeinode);
3587 bytes = IH_IWRITE(readmeH, 0, readme, length);
3588 IH_RELEASE(readmeH);
3590 if (bytes != length) {
3591 Log("CreateReadme: IWRITE failed (%d/%d)\n", (int)bytes,
3592 (int)sizeof(readme));
3596 /* create the vnode and write it out */
3597 rvnode = calloc(1, SIZEOF_SMALLDISKVNODE);
3599 Log("CreateRootDir: error alloc'ing memory\n");
3603 rvnode->type = vFile;
3605 rvnode->modeBits = 0777;
3606 rvnode->linkCount = 1;
3607 VNDISK_SET_LEN(rvnode, length);
3608 rvnode->uniquifier = afid->Unique;
3609 rvnode->dataVersion = 1;
3610 VNDISK_SET_INO(rvnode, readmeinode);
3611 rvnode->unixModifyTime = rvnode->serverModifyTime = now;
3616 rvnode->vnodeMagic = VnodeClassInfo[vSmall].magic;
3618 bytes = IH_IWRITE(salvinfo->vnodeInfo[vSmall].handle,
3619 vnodeIndexOffset(&VnodeClassInfo[vSmall], afid->Vnode),
3620 (char*)rvnode, SIZEOF_SMALLDISKVNODE);
3622 if (bytes != SIZEOF_SMALLDISKVNODE) {
3623 Log("CreateReadme: IH_IWRITE failed (%d/%d)\n", (int)bytes,
3624 (int)SIZEOF_SMALLDISKVNODE);
3628 /* update VnodeEssence for new readme vnode */
3629 salvinfo->vnodeInfo[vSmall].nAllocatedVnodes++;
3631 vep->blockCount = nBlocks(length);
3632 salvinfo->vnodeInfo[vSmall].volumeBlockCount += vep->blockCount;
3633 vep->parent = rvnode->parent;
3634 vep->unique = rvnode->uniquifier;
3635 vep->modeBits = rvnode->modeBits;
3636 vep->InodeNumber = VNDISK_GET_INO(rvnode);
3637 vep->type = rvnode->type;
3638 vep->author = rvnode->author;
3639 vep->owner = rvnode->owner;
3640 vep->group = rvnode->group;
3650 *ainode = readmeinode;
3655 if (IH_DEC(alinkH, readmeinode, vid)) {
3656 Log("CreateReadme (recovery): IH_DEC failed\n");
3668 * create a root dir for a volume that lacks one.
3670 * @param[in] volHeader vol header for the volume
3671 * @param[in] alinkH ihandle for disk access for this volume group
3672 * @param[in] vid volume id we're dealing with
3673 * @param[out] rootdir populated with info about the new root dir
3674 * @param[inout] maxunique max uniquifier for all vnodes in the volume;
3675 * updated to the new max unique if we create a new
3678 * @return operation status
3683 CreateRootDir(struct SalvInfo *salvinfo, VolumeDiskData *volHeader,
3684 IHandle_t *alinkH, VolumeId vid, struct DirSummary *rootdir,
3688 int decroot = 0, decreadme = 0;
3689 AFSFid did, readmeid;
3692 struct VnodeDiskObject *rootvnode = NULL;
3693 struct acl_accessList *ACL;
3696 struct VnodeEssence *vep;
3697 Inode readmeinode = 0;
3698 time_t now = time(NULL);
3700 if (!salvinfo->vnodeInfo[vLarge].vnodes && !salvinfo->vnodeInfo[vSmall].vnodes) {
3701 Log("Not creating new root dir; volume appears to lack any vnodes\n");
3705 if (!salvinfo->vnodeInfo[vLarge].vnodes) {
3706 /* We don't have any large vnodes in the volume; allocate room
3707 * for one so we can recreate the root dir */
3708 salvinfo->vnodeInfo[vLarge].nVnodes = 1;
3709 salvinfo->vnodeInfo[vLarge].vnodes = calloc(1, sizeof(struct VnodeEssence));
3710 salvinfo->vnodeInfo[vLarge].inodes = calloc(1, sizeof(Inode));
3712 opr_Assert(salvinfo->vnodeInfo[vLarge].vnodes);
3713 opr_Assert(salvinfo->vnodeInfo[vLarge].inodes);
3716 vep = &salvinfo->vnodeInfo[vLarge].vnodes[vnodeIdToBitNumber(1)];
3717 ip = &salvinfo->vnodeInfo[vLarge].inodes[vnodeIdToBitNumber(1)];
3718 if (vep->type != vNull) {
3719 Log("Not creating new root dir; existing vnode 1 is non-null\n");
3723 if (CreateReadme(salvinfo, volHeader, alinkH, vid, maxunique, &readmeid,
3724 &readmeinode) != 0) {
3729 /* set the DV to a very high number, so it is unlikely that we collide
3730 * with a cached DV */
3733 rootinode = IH_CREATE(alinkH, salvinfo->fileSysDevice, salvinfo->fileSysPath,
3735 if (!VALID_INO(rootinode)) {
3736 Log("CreateRootDir: IH_CREATE failed\n");
3741 SetSalvageDirHandle(&rootdir->dirHandle, vid, salvinfo->fileSysDevice,
3742 rootinode, &salvinfo->VolumeChanged);
3746 if (afs_dir_MakeDir(&rootdir->dirHandle, (afs_int32*)&did, (afs_int32*)&did)) {
3747 Log("CreateRootDir: MakeDir failed\n");
3750 if (afs_dir_Create(&rootdir->dirHandle, "README.ROOTDIR", &readmeid)) {
3751 Log("CreateRootDir: Create failed\n");
3755 length = afs_dir_Length(&rootdir->dirHandle);
3756 DZap(&rootdir->dirHandle);
3758 /* create the new root dir vnode */
3759 rootvnode = calloc(1, SIZEOF_LARGEDISKVNODE);
3761 Log("CreateRootDir: malloc failed\n");
3765 /* only give 'rl' permissions to 'system:administrators'. We do this to
3766 * try to catch the attention of an administrator, that they should not
3767 * be writing to this directory or continue to use it. */
3768 ACL = VVnodeDiskACL(rootvnode);
3769 ACL->size = sizeof(struct acl_accessList);
3770 ACL->version = ACL_ACLVERSION;
3774 ACL->entries[0].id = -204; /* system:administrators */
3775 ACL->entries[0].rights = PRSFS_READ | PRSFS_LOOKUP;
3777 rootvnode->type = vDirectory;
3778 rootvnode->cloned = 0;
3779 rootvnode->modeBits = 0777;
3780 rootvnode->linkCount = 2;
3781 VNDISK_SET_LEN(rootvnode, length);
3782 rootvnode->uniquifier = 1;
3783 rootvnode->dataVersion = dv;
3784 VNDISK_SET_INO(rootvnode, rootinode);
3785 rootvnode->unixModifyTime = rootvnode->serverModifyTime = now;
3786 rootvnode->author = 0;
3787 rootvnode->owner = 0;
3788 rootvnode->parent = 0;
3789 rootvnode->group = 0;
3790 rootvnode->vnodeMagic = VnodeClassInfo[vLarge].magic;
3792 /* write it out to disk */
3793 bytes = IH_IWRITE(salvinfo->vnodeInfo[vLarge].handle,
3794 vnodeIndexOffset(&VnodeClassInfo[vLarge], 1),
3795 (char*)rootvnode, SIZEOF_LARGEDISKVNODE);
3797 if (bytes != SIZEOF_LARGEDISKVNODE) {
3798 /* just cast to int and don't worry about printing real 64-bit ints;
3799 * a large disk vnode isn't anywhere near the 32-bit limit */
3800 Log("CreateRootDir: IH_IWRITE failed (%d/%d)\n", (int)bytes,
3801 (int)SIZEOF_LARGEDISKVNODE);
3805 /* update VnodeEssence for the new root vnode */
3806 salvinfo->vnodeInfo[vLarge].nAllocatedVnodes++;
3808 vep->blockCount = nBlocks(length);
3809 salvinfo->vnodeInfo[vLarge].volumeBlockCount += vep->blockCount;
3810 vep->parent = rootvnode->parent;
3811 vep->unique = rootvnode->uniquifier;
3812 vep->modeBits = rootvnode->modeBits;
3813 vep->InodeNumber = VNDISK_GET_INO(rootvnode);
3814 vep->type = rootvnode->type;
3815 vep->author = rootvnode->author;
3816 vep->owner = rootvnode->owner;
3817 vep->group = rootvnode->group;
3827 /* update DirSummary for the new root vnode */
3828 rootdir->vnodeNumber = 1;
3829 rootdir->unique = 1;
3830 rootdir->haveDot = 1;
3831 rootdir->haveDotDot = 1;
3832 rootdir->rwVid = vid;
3833 rootdir->copied = 0;
3834 rootdir->parent = 0;
3835 rootdir->name = strdup(".");
3836 rootdir->vname = volHeader->name;
3837 rootdir->ds_linkH = alinkH;
3844 if (decroot && IH_DEC(alinkH, rootinode, vid)) {
3845 Log("CreateRootDir (recovery): IH_DEC (root) failed\n");
3847 if (decreadme && IH_DEC(alinkH, readmeinode, vid)) {
3848 Log("CreateRootDir (recovery): IH_DEC (readme) failed\n");
3858 * salvage a volume group.
3860 * @param[in] salvinfo information for the curent salvage job
3861 * @param[in] rwIsp inode summary for rw volume
3862 * @param[in] alinkH link table inode handle
3864 * @return operation status
3868 SalvageVolume(struct SalvInfo *salvinfo, struct InodeSummary *rwIsp, IHandle_t * alinkH)
3870 /* This routine, for now, will only be called for read-write volumes */
3872 int BlocksInVolume = 0, FilesInVolume = 0;
3874 struct DirSummary rootdir, oldrootdir;
3875 struct VnodeInfo *dirVnodeInfo;
3876 struct VnodeDiskObject vnode;
3877 VolumeDiskData volHeader;
3879 int orphaned, rootdirfound = 0;
3880 Unique maxunique = 0; /* the maxUniquifier from the vnodes */
3881 afs_int32 ofiles = 0, oblocks = 0; /* Number of orphaned files/blocks */
3882 struct VnodeEssence *vep;
3885 afs_sfsize_t nBytes;
3887 VnodeId LFVnode, ThisVnode;
3888 Unique LFUnique, ThisUnique;
3892 vid = rwIsp->volSummary->header.id;
3893 IH_INIT(h, salvinfo->fileSysDevice, vid, rwIsp->volSummary->header.volumeInfo);
3894 nBytes = IH_IREAD(h, 0, (char *)&volHeader, sizeof(volHeader));
3895 opr_Assert(nBytes == sizeof(volHeader));
3896 opr_Assert(volHeader.stamp.magic == VOLUMEINFOMAGIC);
3897 opr_Assert(volHeader.destroyMe != DESTROY_ME);
3898 /* (should not have gotten this far with DESTROY_ME flag still set!) */
3900 DistilVnodeEssence(salvinfo, vid, vLarge,
3901 rwIsp->volSummary->header.largeVnodeIndex, &maxunique);
3902 DistilVnodeEssence(salvinfo, vid, vSmall,
3903 rwIsp->volSummary->header.smallVnodeIndex, &maxunique);
3905 dirVnodeInfo = &salvinfo->vnodeInfo[vLarge];
3906 for (i = 0; i < dirVnodeInfo->nVnodes; i++) {
3907 SalvageDir(salvinfo, volHeader.name, vid, dirVnodeInfo, alinkH, i,
3908 &rootdir, &rootdirfound);
3911 nt_sync(salvinfo->fileSysDevice);
3913 sync(); /* This used to be done lower level, for every dir */
3920 if (!rootdirfound && (orphans == ORPH_ATTACH) && !Testing) {
3922 Log("Cannot find root directory for volume %lu; attempting to create "
3923 "a new one\n", afs_printable_uint32_lu(vid));
3925 code = CreateRootDir(salvinfo, &volHeader, alinkH, vid, &rootdir,
3930 salvinfo->VolumeChanged = 1;
3934 /* Parse each vnode looking for orphaned vnodes and
3935 * connect them to the tree as orphaned (if requested).
3937 oldrootdir = rootdir;
3938 for (class = 0; class < nVNODECLASSES; class++) {
3939 for (v = 0; v < salvinfo->vnodeInfo[class].nVnodes; v++) {
3940 vep = &(salvinfo->vnodeInfo[class].vnodes[v]);
3941 ThisVnode = bitNumberToVnodeNumber(v, class);
3942 ThisUnique = vep->unique;
3944 if ((vep->type == 0) || vep->claimed || ThisVnode == 1)
3945 continue; /* Ignore unused, claimed, and root vnodes */
3947 /* This vnode is orphaned. If it is a directory vnode, then the '..'
3948 * entry in this vnode had incremented the parent link count (In
3949 * JudgeEntry()). We need to go to the parent and decrement that
3950 * link count. But if the parent's unique is zero, then the parent
3951 * link count was not incremented in JudgeEntry().
3953 if (class == vLarge) { /* directory vnode */
3954 pv = vnodeIdToBitNumber(vep->parent);
3955 if (salvinfo->vnodeInfo[vLarge].vnodes[pv].unique != 0) {
3956 if (vep->parent == 1 && newrootdir) {
3957 /* this vnode's parent was the volume root, and
3958 * we just created the volume root. So, the parent
3959 * dir didn't exist during JudgeEntry, so the link
3960 * count was not inc'd there, so don't dec it here.
3966 salvinfo->vnodeInfo[vLarge].vnodes[pv].count++;
3972 continue; /* If no rootdir, can't attach orphaned files */
3974 /* Here we attach orphaned files and directories into the
3975 * root directory, LVVnode, making sure link counts stay correct.
3977 if ((orphans == ORPH_ATTACH) && !vep->todelete && !Testing) {
3978 LFVnode = rootdir.vnodeNumber; /* Lost+Found vnode number */
3979 LFUnique = rootdir.unique; /* Lost+Found uniquifier */
3981 /* Update this orphaned vnode's info. Its parent info and
3982 * link count (do for orphaned directories and files).
3984 vep->parent = LFVnode; /* Parent is the root dir */
3985 vep->unique = LFUnique;
3988 vep->count--; /* Inc link count (root dir will pt to it) */
3990 /* If this orphaned vnode is a directory, change '..'.
3991 * The name of the orphaned dir/file is unknown, so we
3992 * build a unique name. No need to CopyOnWrite the directory
3993 * since it is not connected to tree in BK or RO volume and
3994 * won't be visible there.
3996 if (class == vLarge) {
4000 /* Remove and recreate the ".." entry in this orphaned directory */
4001 SetSalvageDirHandle(&dh, vid, salvinfo->fileSysDevice,
4002 salvinfo->vnodeInfo[class].inodes[v],
4003 &salvinfo->VolumeChanged);
4005 pa.Unique = LFUnique;
4006 opr_Verify(afs_dir_Delete(&dh, "..") == 0);
4007 opr_Verify(afs_dir_Create(&dh, "..", &pa) == 0);
4009 /* The original parent's link count was decremented above.
4010 * Here we increment the new parent's link count.
4012 pv = vnodeIdToBitNumber(LFVnode);
4013 salvinfo->vnodeInfo[vLarge].vnodes[pv].count--;
4017 /* Go to the root dir and add this entry. The link count of the
4018 * root dir was incremented when ".." was created. Try 10 times.
4020 for (j = 0; j < 10; j++) {
4021 pa.Vnode = ThisVnode;
4022 pa.Unique = ThisUnique;
4024 snprintf(npath, sizeof npath, "%s.%u.%u",
4025 ((class == vLarge) ? "__ORPHANDIR__"
4026 : "__ORPHANFILE__"),
4027 ThisVnode, ThisUnique);
4029 CopyOnWrite(salvinfo, &rootdir);
4030 code = afs_dir_Create(&rootdir.dirHandle, npath, &pa);
4034 ThisUnique += 50; /* Try creating a different file */
4036 opr_Assert(code == 0);
4037 Log("Attaching orphaned %s to volume's root dir as %s\n",
4038 ((class == vLarge) ? "directory" : "file"), npath);
4040 } /* for each vnode in the class */
4041 } /* for each class of vnode */
4043 /* Delete the old rootinode directory if the rootdir was CopyOnWrite */
4045 if (rootdirfound && !oldrootdir.copied && rootdir.copied) {
4047 IH_DEC(oldrootdir.ds_linkH, oldrootdir.dirHandle.dirh_inode,
4049 opr_Assert(code == 0);
4050 /* dirVnodeInfo->inodes[?] is not updated with new inode number */
4053 DFlush(); /* Flush the changes */
4054 if (!rootdirfound && (orphans == ORPH_ATTACH)) {
4055 Log("Cannot attach orphaned files and directories: Root directory not found\n");
4056 orphans = ORPH_IGNORE;
4059 /* Write out all changed vnodes. Orphaned files and directories
4060 * will get removed here also (if requested).
4062 for (class = 0; class < nVNODECLASSES; class++) {
4063 afs_sfsize_t nVnodes = salvinfo->vnodeInfo[class].nVnodes;
4064 struct VnodeClassInfo *vcp = &VnodeClassInfo[class];
4065 struct VnodeEssence *vnodes = salvinfo->vnodeInfo[class].vnodes;
4066 FilesInVolume += salvinfo->vnodeInfo[class].nAllocatedVnodes;
4067 BlocksInVolume += salvinfo->vnodeInfo[class].volumeBlockCount;
4068 for (i = 0; i < nVnodes; i++) {
4069 struct VnodeEssence *vnp = &vnodes[i];
4070 VnodeId vnodeNumber = bitNumberToVnodeNumber(i, class);
4072 /* If the vnode is good but is unclaimed (not listed in
4073 * any directory entries), then it is orphaned.
4076 if ((vnp->type != 0) && (orphaned = IsVnodeOrphaned(salvinfo, vnodeNumber))) {
4077 vnp->claimed = 0; /* Makes IsVnodeOrphaned calls faster */
4081 if (vnp->changed || vnp->count) {
4084 IH_IREAD(salvinfo->vnodeInfo[class].handle,
4085 vnodeIndexOffset(vcp, vnodeNumber),
4086 (char *)&vnode, sizeof(vnode));
4087 opr_Assert(nBytes == sizeof(vnode));
4089 vnode.parent = vnp->parent;
4090 oldCount = vnode.linkCount;
4091 vnode.linkCount = vnode.linkCount - vnp->count;
4094 orphaned = IsVnodeOrphaned(salvinfo, vnodeNumber);
4096 if (!vnp->todelete) {
4097 /* Orphans should have already been attached (if requested) */
4098 opr_Assert(orphans != ORPH_ATTACH);
4099 oblocks += vnp->blockCount;
4102 if (((orphans == ORPH_REMOVE) || vnp->todelete)
4104 BlocksInVolume -= vnp->blockCount;
4106 if (VNDISK_GET_INO(&vnode)) {
4108 IH_DEC(alinkH, VNDISK_GET_INO(&vnode), vid);
4109 opr_Assert(code == 0);
4111 memset(&vnode, 0, sizeof(vnode));
4113 } else if (vnp->count) {
4115 Log("Vnode %u: link count incorrect (was %d, %s %d)\n", vnodeNumber, oldCount, (Testing ? "would have changed to" : "now"), vnode.linkCount);
4118 vnode.modeBits = vnp->modeBits;
4121 vnode.dataVersion++;
4124 IH_IWRITE(salvinfo->vnodeInfo[class].handle,
4125 vnodeIndexOffset(vcp, vnodeNumber),
4126 (char *)&vnode, sizeof(vnode));
4127 opr_Assert(nBytes == sizeof(vnode));
4129 salvinfo->VolumeChanged = 1;
4133 if (!Showmode && ofiles) {
4134 Log("%s %d orphaned files and directories (approx. %u KB)\n",
4136 && (orphans == ORPH_REMOVE)) ? "Removed" : "Found", ofiles,
4140 for (class = 0; class < nVNODECLASSES; class++) {
4141 struct VnodeInfo *vip = &salvinfo->vnodeInfo[class];
4142 for (i = 0; i < vip->nVnodes; i++)
4143 if (vip->vnodes[i].name)
4144 free(vip->vnodes[i].name);
4151 /* Set correct resource utilization statistics */
4152 volHeader.filecount = FilesInVolume;
4153 volHeader.diskused = BlocksInVolume;
4155 /* Make sure the uniquifer is big enough: maxunique is the real maxUniquifier */
4156 if (volHeader.uniquifier < (maxunique + 1)) {
4158 Log("Volume uniquifier is too low; fixed\n");
4159 /* Plus 2,000 in case there are workstations out there with
4160 * cached vnodes that have since been deleted
4162 volHeader.uniquifier = (maxunique + 1 + 2000);
4166 Log("*** WARNING: Root directory recreated, but volume is fragile! "
4167 "Only use this salvaged volume to copy data to another volume; "
4168 "do not continue to use this volume (%lu) as-is.\n",
4169 afs_printable_uint32_lu(vid));
4172 if (!Testing && salvinfo->VolumeChanged) {
4173 #ifdef FSSYNC_BUILD_CLIENT
4174 if (salvinfo->useFSYNC) {
4175 afs_int32 fsync_code;
4177 fsync_code = FSYNC_VolOp(vid, NULL, FSYNC_VOL_BREAKCBKS, FSYNC_SALVAGE, NULL);
4179 Log("Error trying to tell the fileserver to break callbacks for "
4180 "changed volume %lu; error code %ld\n",
4181 afs_printable_uint32_lu(vid),
4182 afs_printable_int32_ld(fsync_code));
4184 salvinfo->VolumeChanged = 0;
4187 #endif /* FSSYNC_BUILD_CLIENT */
4189 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4190 if (!salvinfo->useFSYNC) {
4191 /* A volume's contents have changed, but the fileserver will not
4192 * break callbacks on the volume until it tries to load the vol
4193 * header. So, to reduce the amount of time a client could have
4194 * stale data, remove fsstate.dat, so the fileserver will init
4195 * callback state with all clients. This is a very coarse hammer,
4196 * and in the future we should just record which volumes have
4198 code = unlink(AFSDIR_SERVER_FSSTATE_FILEPATH);
4199 if (code && errno != ENOENT) {
4200 Log("Error %d when trying to unlink FS state file %s\n", errno,
4201 AFSDIR_SERVER_FSSTATE_FILEPATH);
4207 /* Turn off the inUse bit; the volume's been salvaged! */
4208 volHeader.inUse = 0; /* clear flag indicating inUse@last crash */
4209 volHeader.needsSalvaged = 0; /* clear 'damaged' flag */
4210 volHeader.inService = 1; /* allow service again */
4211 volHeader.needsCallback = (salvinfo->VolumeChanged != 0);
4212 volHeader.dontSalvage = DONT_SALVAGE;
4213 salvinfo->VolumeChanged = 0;
4215 nBytes = IH_IWRITE(h, 0, (char *)&volHeader, sizeof(volHeader));
4216 opr_Assert(nBytes == sizeof(volHeader));
4219 Log("%sSalvaged %s (%u): %d files, %d blocks\n",
4220 (Testing ? "It would have " : ""), volHeader.name, volHeader.id,
4221 FilesInVolume, BlocksInVolume);
4224 IH_RELEASE(salvinfo->vnodeInfo[vSmall].handle);
4225 IH_RELEASE(salvinfo->vnodeInfo[vLarge].handle);
4231 ClearROInUseBit(struct VolumeSummary *summary)
4233 IHandle_t *h = summary->volumeInfoHandle;
4234 afs_sfsize_t nBytes;
4236 VolumeDiskData volHeader;
4238 nBytes = IH_IREAD(h, 0, (char *)&volHeader, sizeof(volHeader));
4239 opr_Assert(nBytes == sizeof(volHeader));
4240 opr_Assert(volHeader.stamp.magic == VOLUMEINFOMAGIC);
4241 volHeader.inUse = 0;
4242 volHeader.needsSalvaged = 0;
4243 volHeader.inService = 1;
4244 volHeader.dontSalvage = DONT_SALVAGE;
4246 nBytes = IH_IWRITE(h, 0, (char *)&volHeader, sizeof(volHeader));
4247 opr_Assert(nBytes == sizeof(volHeader));
4252 * Possible delete the volume.
4254 * deleteMe - Always do so, only a partial volume.
4257 MaybeZapVolume(struct SalvInfo *salvinfo, struct InodeSummary *isp,
4258 char *message, int deleteMe, int check)
4260 if (readOnly(isp) || deleteMe) {
4261 if (isp->volSummary && !isp->volSummary->deleted) {
4264 Log("Volume %u (is only a partial volume--probably an attempt was made to move/restore it when a machine crash occured.\n", isp->volumeId);
4266 Log("It will be deleted on this server (you may find it elsewhere)\n");
4269 Log("Volume %u needs to be salvaged. Since it is read-only, however,\n", isp->volumeId);
4271 Log("it will be deleted instead. It should be recloned.\n");
4276 char filename[VMAXPATHLEN];
4277 VolumeExternalName_r(isp->volumeId, filename, sizeof(filename));
4278 sprintf(path, "%s" OS_DIRSEP "%s", salvinfo->fileSysPath, filename);
4280 code = VDestroyVolumeDiskHeader(salvinfo->fileSysPartition, isp->volumeId, isp->RWvolumeId);
4282 Log("Error %ld destroying volume disk header for volume %lu\n",
4283 afs_printable_int32_ld(code),
4284 afs_printable_uint32_lu(isp->volumeId));
4287 /* make sure we actually delete the header file; ENOENT
4288 * is fine, since VDestroyVolumeDiskHeader probably already
4290 if (unlink(path) && errno != ENOENT) {
4291 Log("Unable to unlink %s (errno = %d)\n", path, errno);
4293 if (salvinfo->useFSYNC) {
4294 AskDelete(salvinfo, isp->volumeId);
4296 isp->volSummary->deleted = 1;
4299 } else if (!check) {
4300 Log("%s salvage was unsuccessful: read-write volume %u\n", message,
4302 Abort("Salvage of volume %u aborted\n", isp->volumeId);
4306 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4308 * Locks a volume on disk for salvaging.
4310 * @param[in] volumeId volume ID to lock
4312 * @return operation status
4314 * @retval -1 volume lock raced with a fileserver restart; all volumes must
4315 * checked out and locked again
4320 LockVolume(struct SalvInfo *salvinfo, VolumeId volumeId)
4325 /* should always be WRITE_LOCK, but keep the lock-type logic all
4326 * in one place, in VVolLockType. Params will be ignored, but
4327 * try to provide what we're logically doing. */
4328 locktype = VVolLockType(V_VOLUPD, 1);
4330 code = VLockVolumeByIdNB(volumeId, salvinfo->fileSysPartition, locktype);
4332 if (code == EBUSY) {
4333 Abort("Someone else appears to be using volume %lu; Aborted\n",
4334 afs_printable_uint32_lu(volumeId));
4336 Abort("Error %ld trying to lock volume %lu; Aborted\n",
4337 afs_printable_int32_ld(code),
4338 afs_printable_uint32_lu(volumeId));
4341 code = FSYNC_VerifyCheckout(volumeId, salvinfo->fileSysPartition->name, FSYNC_VOL_OFF, FSYNC_SALVAGE);
4342 if (code == SYNC_DENIED) {
4343 /* need to retry checking out volumes */
4346 if (code != SYNC_OK) {
4347 Abort("FSYNC_VerifyCheckout failed for volume %lu with code %ld\n",
4348 afs_printable_uint32_lu(volumeId), afs_printable_int32_ld(code));
4351 /* set inUse = programType in the volume header to ensure that nobody
4352 * tries to use this volume again without salvaging, if we somehow crash
4353 * or otherwise exit before finishing the salvage.
4357 struct VolumeHeader header;
4358 struct VolumeDiskHeader diskHeader;
4359 struct VolumeDiskData volHeader;
4361 code = VReadVolumeDiskHeader(volumeId, salvinfo->fileSysPartition, &diskHeader);
4366 DiskToVolumeHeader(&header, &diskHeader);
4368 IH_INIT(h, salvinfo->fileSysDevice, header.parent, header.volumeInfo);
4369 if (IH_IREAD(h, 0, (char*)&volHeader, sizeof(volHeader)) != sizeof(volHeader) ||
4370 volHeader.stamp.magic != VOLUMEINFOMAGIC) {
4376 volHeader.inUse = programType;
4378 /* If we can't re-write the header, bail out and error. We don't
4379 * assert when reading the header, since it's possible the
4380 * header isn't really there (when there's no data associated
4381 * with the volume; we just delete the vol header file in that
4382 * case). But if it's there enough that we can read it, but
4383 * somehow we cannot write to it to signify we're salvaging it,
4384 * we've got a big problem and we cannot continue. */
4385 opr_Verify(IH_IWRITE(h, 0, (char*)&volHeader, sizeof(volHeader))
4386 == sizeof(volHeader));
4393 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
4396 AskError(struct SalvInfo *salvinfo, VolumeId volumeId)
4398 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4400 code = FSYNC_VolOp(volumeId, salvinfo->fileSysPartition->name,
4401 FSYNC_VOL_FORCE_ERROR, FSYNC_WHATEVER, NULL);
4402 if (code != SYNC_OK) {
4403 Log("AskError: failed to force volume %lu into error state; "
4404 "SYNC error code %ld (%s)\n", (long unsigned)volumeId,
4405 (long)code, SYNC_res2string(code));
4407 #endif /* AFS_DEMAND_ATTACH_FS || AFS_DEMAND_ATTACH_UTIL */
4411 AskOffline(struct SalvInfo *salvinfo, VolumeId volumeId)
4416 memset(&res, 0, sizeof(res));
4418 for (i = 0; i < 3; i++) {
4419 code = FSYNC_VolOp(volumeId, salvinfo->fileSysPartition->name,
4420 FSYNC_VOL_OFF, FSYNC_SALVAGE, &res);
4422 if (code == SYNC_OK) {
4424 } else if (code == SYNC_DENIED) {
4426 Log("AskOffline: file server denied offline request; a general salvage may be required.\n");
4428 Log("AskOffline: file server denied offline request; a general salvage is required.\n");
4429 Abort("Salvage aborted\n");
4430 } else if (code == SYNC_BAD_COMMAND) {
4431 Log("AskOffline: fssync protocol mismatch (bad command word '%d'); salvage aborting.\n",
4434 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4435 Log("AskOffline: please make sure dafileserver, davolserver, salvageserver and dasalvager binaries are same version.\n");
4437 Log("AskOffline: fileserver is DAFS but we are not.\n");
4440 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4441 Log("AskOffline: fileserver is not DAFS but we are.\n");
4443 Log("AskOffline: please make sure fileserver, volserver and salvager binaries are same version.\n");
4446 Abort("Salvage aborted\n");
4449 Log("AskOffline: request for fileserver to take volume offline failed; trying again...\n");
4450 FSYNC_clientFinis();
4454 if (code != SYNC_OK) {
4455 Log("AskOffline: request for fileserver to take volume offline failed; salvage aborting.\n");
4456 Abort("Salvage aborted\n");
4460 /* don't want to pass around state; remember it here */
4461 static int isDAFS = -1;
4466 afs_int32 code = 1, i;
4468 /* we don't care if we race. the answer shouldn't change */
4472 memset(&res, 0, sizeof(res));
4474 for (i = 0; code && i < 3; i++) {
4475 code = FSYNC_VolOp(0, NULL, FSYNC_VOL_LISTVOLUMES, FSYNC_SALVAGE, &res);
4477 Log("AskDAFS: FSYNC_VOL_LISTVOLUMES failed with code %ld reason "
4478 "%ld (%s); trying again...\n", (long)code, (long)res.hdr.reason,
4479 FSYNC_reason2string(res.hdr.reason));
4480 FSYNC_clientFinis();
4486 Log("AskDAFS: could not determine DAFS-ness, assuming not DAFS\n");
4490 if ((res.hdr.flags & SYNC_FLAG_DAFS_EXTENSIONS)) {
4500 MaybeAskOnline(struct SalvInfo *salvinfo, VolumeId volumeId)
4502 struct VolumeDiskHeader diskHdr;
4504 code = VReadVolumeDiskHeader(volumeId, salvinfo->fileSysPartition, &diskHdr);
4506 /* volume probably does not exist; no need to bring back online */
4509 AskOnline(salvinfo, volumeId);
4513 AskOnline(struct SalvInfo *salvinfo, VolumeId volumeId)
4517 for (i = 0; i < 3; i++) {
4518 code = FSYNC_VolOp(volumeId, salvinfo->fileSysPartition->name,
4519 FSYNC_VOL_ON, FSYNC_WHATEVER, NULL);
4521 if (code == SYNC_OK) {
4523 } else if (code == SYNC_DENIED) {
4524 Log("AskOnline: file server denied online request to volume %u partition %s; trying again...\n", volumeId, salvinfo->fileSysPartition->name);
4525 } else if (code == SYNC_BAD_COMMAND) {
4526 Log("AskOnline: fssync protocol mismatch (bad command word '%d')\n",
4528 Log("AskOnline: please make sure file server binaries are same version.\n");
4532 Log("AskOnline: request for fileserver to put volume online failed; trying again...\n");
4533 FSYNC_clientFinis();
4540 AskDelete(struct SalvInfo *salvinfo, VolumeId volumeId)
4545 for (i = 0; i < 3; i++) {
4546 memset(&res, 0, sizeof(res));
4547 code = FSYNC_VolOp(volumeId, salvinfo->fileSysPartition->name,
4548 FSYNC_VOL_DONE, FSYNC_SALVAGE, &res);
4550 if (code == SYNC_OK) {
4552 } else if (code == SYNC_DENIED) {
4553 Log("AskOnline: file server denied DONE request to volume %u partition %s; trying again...\n", volumeId, salvinfo->fileSysPartition->name);
4554 } else if (code == SYNC_BAD_COMMAND) {
4555 Log("AskOnline: fssync protocol mismatch (bad command word '%d')\n",
4558 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4559 Log("AskOnline: please make sure dafileserver, davolserver, salvageserver and dasalvager binaries are same version.\n");
4561 Log("AskOnline: fileserver is DAFS but we are not.\n");
4564 #if defined(AFS_DEMAND_ATTACH_FS) || defined(AFS_DEMAND_ATTACH_UTIL)
4565 Log("AskOnline: fileserver is not DAFS but we are.\n");
4567 Log("AskOnline: please make sure fileserver, volserver and salvager binaries are same version.\n");
4571 } else if (code == SYNC_FAILED &&
4572 (res.hdr.reason == FSYNC_UNKNOWN_VOLID ||
4573 res.hdr.reason == FSYNC_WRONG_PART)) {
4574 /* volume is already effectively 'deleted' */
4578 Log("AskOnline: request for fileserver to delete volume failed; trying again...\n");
4579 FSYNC_clientFinis();
4586 CopyInode(Device device, Inode inode1, Inode inode2, int rwvolume)
4588 /* Volume parameter is passed in case iopen is upgraded in future to
4589 * require a volume Id to be passed
4592 IHandle_t *srcH, *destH;
4593 FdHandle_t *srcFdP, *destFdP;
4595 afs_foff_t size = 0;
4597 IH_INIT(srcH, device, rwvolume, inode1);
4598 srcFdP = IH_OPEN(srcH);
4599 opr_Assert(srcFdP != NULL);
4600 IH_INIT(destH, device, rwvolume, inode2);
4601 destFdP = IH_OPEN(destH);
4602 while ((nBytes = FDH_PREAD(srcFdP, buf, sizeof(buf), size)) > 0) {
4603 opr_Verify(FDH_PWRITE(destFdP, buf, nBytes, size) == nBytes);
4606 opr_Assert(nBytes == 0);
4607 FDH_REALLYCLOSE(srcFdP);
4608 FDH_REALLYCLOSE(destFdP);
4615 PrintInodeList(struct SalvInfo *salvinfo)
4617 struct ViceInodeInfo *ip;
4618 struct ViceInodeInfo *buf;
4621 afs_sfsize_t st_size;
4623 st_size = OS_SIZE(salvinfo->inodeFd);
4624 opr_Assert(st_size >= 0);
4625 buf = malloc(st_size);
4626 opr_Assert(buf != NULL);
4627 nInodes = st_size / sizeof(struct ViceInodeInfo);
4628 opr_Verify(OS_READ(salvinfo->inodeFd, buf, st_size) == st_size);
4629 for (ip = buf; nInodes--; ip++) {
4630 Log("Inode:%s, linkCount=%d, size=%#llx, p=(%u,%u,%u,%u)\n",
4631 PrintInode(stmp, ip->inodeNumber), ip->linkCount,
4632 (afs_uintmax_t) ip->byteCount, ip->u.param[0], ip->u.param[1],
4633 ip->u.param[2], ip->u.param[3]);
4639 PrintInodeSummary(struct SalvInfo *salvinfo)
4642 struct InodeSummary *isp;
4644 for (i = 0; i < salvinfo->nVolumesInInodeFile; i++) {
4645 isp = &salvinfo->inodeSummary[i];
4646 Log("VID:%u, RW:%u, index:%d, nInodes:%d, nSpecialInodes:%d, maxUniquifier:%u, volSummary\n", isp->volumeId, isp->RWvolumeId, isp->index, isp->nInodes, isp->nSpecialInodes, isp->maxUniquifier);
4656 opr_Assert(0); /* Fork is never executed in the NT code path */
4660 #ifdef AFS_DEMAND_ATTACH_FS
4661 if ((f == 0) && (programType == salvageServer)) {
4662 /* we are a salvageserver child */
4663 #ifdef FSSYNC_BUILD_CLIENT
4664 VChildProcReconnectFS_r();
4666 #ifdef SALVSYNC_BUILD_CLIENT
4670 #endif /* AFS_DEMAND_ATTACH_FS */
4671 #endif /* !AFS_NT40_ENV */
4681 #ifdef AFS_DEMAND_ATTACH_FS
4682 if (programType == salvageServer) {
4683 /* release all volume locks before closing down our SYNC channels.
4684 * the fileserver may try to online volumes we have checked out when
4685 * we close down FSSYNC, so we should make sure we don't have those
4686 * volumes locked when it does */
4687 struct DiskPartition64 *dp;
4689 for (i = 0; i <= VOLMAXPARTS; i++) {
4690 dp = VGetPartitionById(i, 0);
4692 VLockFileReinit(&dp->volLockFile);
4695 # ifdef SALVSYNC_BUILD_CLIENT
4698 # ifdef FSSYNC_BUILD_CLIENT
4702 #endif /* AFS_DEMAND_ATTACH_FS */
4705 if (main_thread != pthread_self())
4706 pthread_exit((void *)code);
4719 pid = wait(&status);
4720 opr_Assert(pid != -1);
4721 if (WCOREDUMP(status))
4722 Log("\"%s\" core dumped!\n", prog);
4723 if (WIFSIGNALED(status) != 0 || WEXITSTATUS(status) != 0)
4729 TimeStamp(time_t clock, int precision)
4732 static char timestamp[20];
4733 lt = localtime(&clock);
4735 (void)strftime(timestamp, 20, "%m/%d/%Y %H:%M:%S", lt);
4737 (void)strftime(timestamp, 20, "%m/%d/%Y %H:%M", lt);
4742 CheckLogFile(char * log_path)
4744 char oldSlvgLog[AFSDIR_PATH_MAX];
4746 #ifndef AFS_NT40_ENV
4753 strcpy(oldSlvgLog, log_path);
4754 strcat(oldSlvgLog, ".old");
4756 rk_rename(log_path, oldSlvgLog);
4757 logFile = afs_fopen(log_path, "a");
4759 if (!logFile) { /* still nothing, use stdout */
4763 #ifndef AFS_NAMEI_ENV
4764 AFS_DEBUG_IOPS_LOG(logFile);
4769 #ifndef AFS_NT40_ENV
4771 TimeStampLogFile(char * log_path)
4773 char stampSlvgLog[AFSDIR_PATH_MAX];
4778 lt = localtime(&now);
4779 snprintf(stampSlvgLog, sizeof stampSlvgLog,
4780 "%s.%04d-%02d-%02d.%02d:%02d:%02d", log_path,
4781 lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, lt->tm_hour,
4782 lt->tm_min, lt->tm_sec);
4784 /* try to link the logfile to a timestamped filename */
4785 /* if it fails, oh well, nothing we can do */
4786 link(log_path, stampSlvgLog);
4795 #ifndef AFS_NT40_ENV
4797 printf("Can't show log since using syslog.\n");
4808 logFile = afs_fopen(AFSDIR_SERVER_SLVGLOG_FILEPATH, "r");
4811 printf("Can't read %s, exiting\n", AFSDIR_SERVER_SLVGLOG_FILEPATH);
4814 while (fgets(line, sizeof(line), logFile))
4821 Log(const char *format, ...)
4827 va_start(args, format);
4828 vsnprintf(tmp, sizeof tmp, format, args);
4830 #ifndef AFS_NT40_ENV
4832 syslog(LOG_INFO, "%s", tmp);
4836 gettimeofday(&now, NULL);
4837 fprintf(logFile, "%s %s", TimeStamp(now.tv_sec, 1), tmp);
4843 Abort(const char *format, ...)
4848 va_start(args, format);
4849 vsnprintf(tmp, sizeof tmp, format, args);
4851 #ifndef AFS_NT40_ENV
4853 syslog(LOG_INFO, "%s", tmp);
4857 fprintf(logFile, "%s", tmp);
4869 ToString(const char *s)
4873 opr_Assert(p != NULL);
4877 /* Remove the FORCESALVAGE file */
4879 RemoveTheForce(char *path)
4882 struct afs_stat_st force; /* so we can use afs_stat to find it */
4883 strcpy(target,path);
4884 strcat(target,"/FORCESALVAGE");
4885 if (!Testing && ForceSalvage) {
4886 if (afs_stat(target,&force) == 0) unlink(target);
4890 #ifndef AFS_AIX32_ENV
4892 * UseTheForceLuke - see if we can use the force
4895 UseTheForceLuke(char *path)
4897 struct afs_stat_st force;
4899 strcpy(target,path);
4900 strcat(target,"/FORCESALVAGE");
4902 return (afs_stat(target, &force) == 0);
4906 * UseTheForceLuke - see if we can use the force
4909 * The VRMIX fsck will not muck with the filesystem it is supposedly
4910 * fixing and create a "FORCESALVAGE" file (by design). Instead, we
4911 * muck directly with the root inode, which is within the normal
4913 * ListViceInodes() has a side effect of setting ForceSalvage if
4914 * it detects a need, based on root inode examination.
4917 UseTheForceLuke(char *path)
4920 return 0; /* sorry OB1 */
4925 /* NT support routines */
4927 static char execpathname[MAX_PATH];
4929 nt_SalvagePartition(char *partName, int jobn)
4934 if (!*execpathname) {
4935 n = GetModuleFileName(NULL, execpathname, MAX_PATH - 1);
4936 if (!n || n == 1023)
4939 job.cj_magic = SALVAGER_MAGIC;
4940 job.cj_number = jobn;
4941 (void)strcpy(job.cj_part, partName);
4942 pid = (int)spawnprocveb(execpathname, save_args, NULL, &job, sizeof(job));
4947 nt_SetupPartitionSalvage(void *datap, int len)
4949 childJob_t *jobp = (childJob_t *) datap;
4950 char logname[AFSDIR_PATH_MAX];
4952 if (len != sizeof(childJob_t))
4954 if (jobp->cj_magic != SALVAGER_MAGIC)
4959 (void)sprintf(logname, "%s.%d", AFSDIR_SERVER_SLVGLOG_FILEPATH,
4961 logFile = afs_fopen(logname, "w");
4969 #endif /* AFS_NT40_ENV */
git://git.openafs.org / openafs.git / blob