1 /*        $NetBSD: lfs_rfw.c,v 1.36 2020/09/05 16:30:13 riastradh Exp $         */
2 
3 /*-
4  * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Konrad E. Schroder <perseant@hhhh.org>.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __KERNEL_RCSID(0, "$NetBSD: lfs_rfw.c,v 1.36 2020/09/05 16:30:13 riastradh Exp $");
34 
35 #if defined(_KERNEL_OPT)
36 #include "opt_quota.h"
37 #endif
38 
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/namei.h>
42 #include <sys/proc.h>
43 #include <sys/kernel.h>
44 #include <sys/vnode.h>
45 #include <sys/mount.h>
46 #include <sys/kthread.h>
47 #include <sys/buf.h>
48 #include <sys/device.h>
49 #include <sys/file.h>
50 #include <sys/disklabel.h>
51 #include <sys/ioctl.h>
52 #include <sys/errno.h>
53 #include <sys/malloc.h>
54 #include <sys/pool.h>
55 #include <sys/socket.h>
56 #include <sys/syslog.h>
57 #include <sys/sysctl.h>
58 #include <sys/conf.h>
59 #include <sys/kauth.h>
60 
61 #include <miscfs/specfs/specdev.h>
62 
63 #include <ufs/lfs/ulfs_quotacommon.h>
64 #include <ufs/lfs/ulfs_inode.h>
65 #include <ufs/lfs/ulfsmount.h>
66 #include <ufs/lfs/ulfs_extern.h>
67 
68 #include <uvm/uvm_extern.h>
69 
70 #include <ufs/lfs/lfs.h>
71 #include <ufs/lfs/lfs_accessors.h>
72 #include <ufs/lfs/lfs_kernel.h>
73 #include <ufs/lfs/lfs_extern.h>
74 
75 #include <miscfs/genfs/genfs.h>
76 #include <miscfs/genfs/genfs_node.h>
77 
78 /*
79  * Roll-forward code.
80  */
81 static daddr_t check_segsum(struct lfs *, daddr_t, u_int64_t,
82     kauth_cred_t, int, int *, struct lwp *);
83 
84 extern int lfs_do_rfw;
85 
86 /*
87  * Allocate a particular inode with a particular version number, freeing
88  * any previous versions of this inode that may have gone before.
89  * Used by the roll-forward code.
90  *
91  * XXX this function does not have appropriate locking to be used on a live fs;
92  * XXX but something similar could probably be used for an "undelete" call.
93  *
94  * Called with the Ifile inode locked.
95  */
96 int
lfs_rf_valloc(struct lfs * fs,ino_t ino,int vers,struct lwp * l,struct vnode ** vpp)97 lfs_rf_valloc(struct lfs *fs, ino_t ino, int vers, struct lwp *l,
98                 struct vnode **vpp)
99 {
100           struct vattr va;
101           struct vnode *vp;
102           struct inode *ip;
103           int error;
104 
105           ASSERT_SEGLOCK(fs); /* XXX it doesn't, really */
106 
107           /*
108            * First, just try a vget. If the version number is the one we want,
109            * we don't have to do anything else.  If the version number is wrong,
110            * take appropriate action.
111            */
112           error = VFS_VGET(fs->lfs_ivnode->v_mount, ino, LK_EXCLUSIVE, &vp);
113           if (error == 0) {
114                     DLOG((DLOG_RF, "lfs_rf_valloc[1]: ino %d vp %p\n", ino, vp));
115 
116                     *vpp = vp;
117                     ip = VTOI(vp);
118                     if (ip->i_gen == vers)
119                               return 0;
120                     else if (ip->i_gen < vers) {
121                               lfs_truncate(vp, (off_t)0, 0, NOCRED);
122                               ip->i_gen = vers;
123                               lfs_dino_setgen(fs, ip->i_din, vers);
124                               LFS_SET_UINO(ip, IN_CHANGE | IN_UPDATE);
125                               return 0;
126                     } else {
127                               DLOG((DLOG_RF, "ino %d: sought version %d, got %d\n",
128                                      ino, vers, lfs_dino_getgen(fs, ip->i_din)));
129                               vput(vp);
130                               *vpp = NULLVP;
131                               return EEXIST;
132                     }
133           }
134 
135           /* Not found, create as regular file. */
136           vattr_null(&va);
137           va.va_type = VREG;
138           va.va_mode = 0;
139           va.va_fileid = ino;
140           va.va_gen = vers;
141           error = vcache_new(fs->lfs_ivnode->v_mount, NULL, &va, NOCRED, NULL,
142               &vp);
143           if (error)
144                     return error;
145           error = vn_lock(vp, LK_EXCLUSIVE);
146           if (error) {
147                     vrele(vp);
148                     *vpp = NULLVP;
149                     return error;
150           }
151           ip = VTOI(vp);
152           ip->i_nlink = 1;
153           lfs_dino_setnlink(fs, ip->i_din, 1);
154           *vpp = vp;
155           return 0;
156 }
157 
158 /*
159  * Load the appropriate indirect block, and change the appropriate pointer.
160  * Mark the block dirty.  Do segment and avail accounting.
161  */
162 static int
update_meta(struct lfs * fs,ino_t ino,int vers,daddr_t lbn,daddr_t ndaddr,size_t size,struct lwp * l)163 update_meta(struct lfs *fs, ino_t ino, int vers, daddr_t lbn,
164               daddr_t ndaddr, size_t size, struct lwp *l)
165 {
166           int error;
167           struct vnode *vp;
168           struct inode *ip;
169 #ifdef DEBUG
170           daddr_t odaddr;
171           struct indir a[ULFS_NIADDR];
172           int num;
173           int i;
174 #endif /* DEBUG */
175           struct buf *bp;
176           SEGUSE *sup;
177 
178           KASSERT(lbn >= 0);  /* no indirect blocks */
179 
180           if ((error = lfs_rf_valloc(fs, ino, vers, l, &vp)) != 0) {
181                     DLOG((DLOG_RF, "update_meta: ino %d: lfs_rf_valloc"
182                           " returned %d\n", ino, error));
183                     return error;
184           }
185 
186           if ((error = lfs_balloc(vp, (lbn << lfs_sb_getbshift(fs)), size,
187                                         NOCRED, 0, &bp)) != 0) {
188                     vput(vp);
189                     return (error);
190           }
191           /* No need to write, the block is already on disk */
192           if (bp->b_oflags & BO_DELWRI) {
193                     LFS_UNLOCK_BUF(bp);
194                     lfs_sb_addavail(fs, lfs_btofsb(fs, bp->b_bcount));
195                     /* XXX should this wake up fs->lfs_availsleep? */
196           }
197           brelse(bp, BC_INVAL);
198 
199           /*
200            * Extend the file, if it is not large enough already.
201            * XXX this is not exactly right, we don't know how much of the
202            * XXX last block is actually used.  We hope that an inode will
203            * XXX appear later to give the correct size.
204            */
205           ip = VTOI(vp);
206           if (ip->i_size <= (lbn << lfs_sb_getbshift(fs))) {
207                     u_int64_t newsize;
208 
209                     if (lbn < ULFS_NDADDR) {
210                               newsize = (lbn << lfs_sb_getbshift(fs)) +
211                                         (size - lfs_sb_getfsize(fs)) + 1;
212                     } else {
213                               newsize = (lbn << lfs_sb_getbshift(fs)) + 1;
214                     }
215                     lfs_dino_setsize(fs, ip->i_din, newsize);
216 
217                     if (ip->i_size < newsize) {
218                               ip->i_size = newsize;
219                               /*
220                                * tell vm our new size for the case the inode won't
221                                * appear later.
222                                */
223                               uvm_vnp_setsize(vp, newsize);
224                     }
225           }
226 
227           lfs_update_single(fs, NULL, vp, lbn, ndaddr, size);
228 
229           LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, ndaddr), bp);
230           sup->su_nbytes += size;
231           LFS_WRITESEGENTRY(sup, fs, lfs_dtosn(fs, ndaddr), bp);
232 
233           /* differences here should be due to UNWRITTEN indirect blocks. */
234           KASSERT((lfs_lblkno(fs, ip->i_size) > ULFS_NDADDR &&
235               ip->i_lfs_effnblks == lfs_dino_getblocks(fs, ip->i_din)) ||
236               ip->i_lfs_effnblks >= lfs_dino_getblocks(fs, ip->i_din));
237 
238 #ifdef DEBUG
239           /* Now look again to make sure it worked */
240           ulfs_bmaparray(vp, lbn, &odaddr, &a[0], &num, NULL, NULL);
241           for (i = num; i > 0; i--) {
242                     if (!a[i].in_exists)
243                               panic("update_meta: absent %d lv indirect block", i);
244           }
245           if (LFS_DBTOFSB(fs, odaddr) != ndaddr)
246                     DLOG((DLOG_RF, "update_meta: failed setting ino %d lbn %"
247                           PRId64 " to %" PRId64 "\n", ino, lbn, ndaddr));
248 #endif /* DEBUG */
249           vput(vp);
250           return 0;
251 }
252 
253 /*
254  * Copy some the fields of the dinode as needed by update_inoblk().
255  */
256 static void
update_inoblk_copy_dinode(struct lfs * fs,union lfs_dinode * dstu,const union lfs_dinode * srcu)257 update_inoblk_copy_dinode(struct lfs *fs,
258     union lfs_dinode *dstu, const union lfs_dinode *srcu)
259 {
260           if (fs->lfs_is64) {
261                     struct lfs64_dinode *dst = &dstu->u_64;
262                     const struct lfs64_dinode *src = &srcu->u_64;
263                     unsigned i;
264 
265                     /*
266                      * Copy everything but the block pointers and di_blocks.
267                      * XXX what about di_extb?
268                      */
269                     dst->di_mode = src->di_mode;
270                     dst->di_nlink = src->di_nlink;
271                     dst->di_uid = src->di_uid;
272                     dst->di_gid = src->di_gid;
273                     dst->di_blksize = src->di_blksize;
274                     dst->di_size = src->di_size;
275                     dst->di_atime = src->di_atime;
276                     dst->di_mtime = src->di_mtime;
277                     dst->di_ctime = src->di_ctime;
278                     dst->di_birthtime = src->di_birthtime;
279                     dst->di_mtimensec = src->di_mtimensec;
280                     dst->di_atimensec = src->di_atimensec;
281                     dst->di_ctimensec = src->di_ctimensec;
282                     dst->di_birthnsec = src->di_birthnsec;
283                     dst->di_gen = src->di_gen;
284                     dst->di_kernflags = src->di_kernflags;
285                     dst->di_flags = src->di_flags;
286                     dst->di_extsize = src->di_extsize;
287                     dst->di_modrev = src->di_modrev;
288                     dst->di_inumber = src->di_inumber;
289                     for (i = 0; i < __arraycount(src->di_spare); i++) {
290                               dst->di_spare[i] = src->di_spare[i];
291                     }
292           } else {
293                     struct lfs32_dinode *dst = &dstu->u_32;
294                     const struct lfs32_dinode *src = &srcu->u_32;
295 
296                     /* Get mode, link count, size, and times */
297                     memcpy(dst, src, offsetof(struct lfs32_dinode, di_db[0]));
298 
299                     /* Then the rest, except di_blocks */
300                     dst->di_flags = src->di_flags;
301                     dst->di_gen = src->di_gen;
302                     dst->di_uid = src->di_uid;
303                     dst->di_gid = src->di_gid;
304                     dst->di_modrev = src->di_modrev;
305           }
306 }
307 
308 static int
update_inoblk(struct lfs * fs,daddr_t offset,kauth_cred_t cred,struct lwp * l)309 update_inoblk(struct lfs *fs, daddr_t offset, kauth_cred_t cred,
310                 struct lwp *l)
311 {
312           struct vnode *devvp, *vp;
313           struct inode *ip;
314           union lfs_dinode *dip;
315           struct buf *dbp, *ibp;
316           int error;
317           daddr_t daddr;
318           IFILE *ifp;
319           SEGUSE *sup;
320           unsigned i, num;
321 
322           devvp = VTOI(fs->lfs_ivnode)->i_devvp;
323 
324           /*
325            * Get the inode, update times and perms.
326            * DO NOT update disk blocks, we do that separately.
327            */
328           error = bread(devvp, LFS_FSBTODB(fs, offset), lfs_sb_getibsize(fs),
329               0, &dbp);
330           if (error) {
331                     DLOG((DLOG_RF, "update_inoblk: bread returned %d\n", error));
332                     return error;
333           }
334           num = LFS_INOPB(fs);
335           for (i = num; i-- > 0; ) {
336                     dip = DINO_IN_BLOCK(fs, dbp->b_data, i);
337                     if (lfs_dino_getinumber(fs, dip) > LFS_IFILE_INUM) {
338                               error = lfs_rf_valloc(fs, lfs_dino_getinumber(fs, dip),
339                                                         lfs_dino_getgen(fs, dip),
340                                                         l, &vp);
341                               if (error) {
342                                         DLOG((DLOG_RF, "update_inoblk: lfs_rf_valloc"
343                                               " returned %d\n", error));
344                                         continue;
345                               }
346                               ip = VTOI(vp);
347                               if (lfs_dino_getsize(fs, dip) != ip->i_size)
348                                         lfs_truncate(vp, lfs_dino_getsize(fs, dip), 0,
349                                                        NOCRED);
350                               update_inoblk_copy_dinode(fs, ip->i_din, dip);
351 
352                               ip->i_flags = lfs_dino_getflags(fs, dip);
353                               ip->i_gen = lfs_dino_getgen(fs, dip);
354                               ip->i_uid = lfs_dino_getuid(fs, dip);
355                               ip->i_gid = lfs_dino_getgid(fs, dip);
356 
357                               ip->i_mode = lfs_dino_getmode(fs, dip);
358                               ip->i_nlink = lfs_dino_getnlink(fs, dip);
359                               ip->i_size = lfs_dino_getsize(fs, dip);
360 
361                               LFS_SET_UINO(ip, IN_CHANGE | IN_UPDATE);
362 
363                               /* Re-initialize to get type right */
364                               ulfs_vinit(vp->v_mount, lfs_specop_p, lfs_fifoop_p,
365                                           &vp);
366                               vput(vp);
367 
368                               /* Record change in location */
369                               LFS_IENTRY(ifp, fs, lfs_dino_getinumber(fs, dip), ibp);
370                               daddr = lfs_if_getdaddr(fs, ifp);
371                               lfs_if_setdaddr(fs, ifp, LFS_DBTOFSB(fs, dbp->b_blkno));
372                               error = LFS_BWRITE_LOG(ibp); /* Ifile */
373                               /* And do segment accounting */
374                               if (lfs_dtosn(fs, daddr) != lfs_dtosn(fs, LFS_DBTOFSB(fs, dbp->b_blkno))) {
375                                         if (daddr > 0) {
376                                                   LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, daddr),
377                                                                  ibp);
378                                                   sup->su_nbytes -= DINOSIZE(fs);
379                                                   LFS_WRITESEGENTRY(sup, fs,
380                                                                         lfs_dtosn(fs, daddr),
381                                                                         ibp);
382                                         }
383                                         LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, LFS_DBTOFSB(fs, dbp->b_blkno)),
384                                                        ibp);
385                                         sup->su_nbytes += DINOSIZE(fs);
386                                         LFS_WRITESEGENTRY(sup, fs,
387                                                               lfs_dtosn(fs, LFS_DBTOFSB(fs, dbp->b_blkno)),
388                                                               ibp);
389                               }
390                     }
391           }
392           brelse(dbp, BC_AGE);
393 
394           return 0;
395 }
396 
397 #define CHECK_CKSUM   0x0001  /* Check the checksum to make sure it's valid */
398 #define CHECK_UPDATE  0x0002  /* Update Ifile for new data blocks / inodes */
399 
400 static daddr_t
check_segsum(struct lfs * fs,daddr_t offset,u_int64_t nextserial,kauth_cred_t cred,int flags,int * pseg_flags,struct lwp * l)401 check_segsum(struct lfs *fs, daddr_t offset, u_int64_t nextserial,
402                kauth_cred_t cred, int flags, int *pseg_flags, struct lwp *l)
403 {
404           struct vnode *devvp;
405           struct buf *bp, *dbp;
406           int error, nblocks = 0, ninos, i, j; /* XXX: gcc */
407           SEGSUM *ssp;
408           u_long *dp = NULL, *datap = NULL; /* XXX u_int32_t */
409           daddr_t oldoffset;
410           IINFO *iip;
411           FINFO *fip;
412           SEGUSE *sup;
413           size_t size;
414           uint32_t datasum, foundsum;
415 
416           devvp = VTOI(fs->lfs_ivnode)->i_devvp;
417           /*
418            * If the segment has a superblock and we're at the top
419            * of the segment, skip the superblock.
420            */
421           if (lfs_sntod(fs, lfs_dtosn(fs, offset)) == offset) {
422                     LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, offset), bp);
423                     if (sup->su_flags & SEGUSE_SUPERBLOCK)
424                               offset += lfs_btofsb(fs, LFS_SBPAD);
425                     brelse(bp, 0);
426           }
427 
428           /* Read in the segment summary */
429           error = bread(devvp, LFS_FSBTODB(fs, offset), lfs_sb_getsumsize(fs),
430               0, &bp);
431           if (error)
432                     return -1;
433 
434           /* Check summary checksum */
435           ssp = (SEGSUM *)bp->b_data;
436           if (flags & CHECK_CKSUM) {
437                     size_t sumstart;
438 
439                     sumstart = lfs_ss_getsumstart(fs);
440                     if (lfs_ss_getsumsum(fs, ssp) !=
441                         cksum((char *)ssp + sumstart,
442                                 lfs_sb_getsumsize(fs) - sumstart)) {
443                               DLOG((DLOG_RF, "Sumsum error at 0x%" PRIx64 "\n", offset));
444                               offset = -1;
445                               goto err1;
446                     }
447                     if (lfs_ss_getnfinfo(fs, ssp) == 0 &&
448                         lfs_ss_getninos(fs, ssp) == 0) {
449                               DLOG((DLOG_RF, "Empty pseg at 0x%" PRIx64 "\n", offset));
450                               offset = -1;
451                               goto err1;
452                     }
453                     if (lfs_ss_getcreate(fs, ssp) < lfs_sb_gettstamp(fs)) {
454                               DLOG((DLOG_RF, "Old data at 0x%" PRIx64 "\n", offset));
455                               offset = -1;
456                               goto err1;
457                     }
458           }
459           if (lfs_sb_getversion(fs) > 1) {
460                     if (lfs_ss_getserial(fs, ssp) != nextserial) {
461                               DLOG((DLOG_RF, "Unexpected serial number at 0x%" PRIx64
462                                     "\n", offset));
463                               offset = -1;
464                               goto err1;
465                     }
466                     if (lfs_ss_getident(fs, ssp) != lfs_sb_getident(fs)) {
467                               DLOG((DLOG_RF, "Incorrect fsid (0x%x vs 0x%x) at 0x%"
468                                     PRIx64 "\n", lfs_ss_getident(fs, ssp),
469                                     lfs_sb_getident(fs), offset));
470                               offset = -1;
471                               goto err1;
472                     }
473           }
474           if (pseg_flags)
475                     *pseg_flags = lfs_ss_getflags(fs, ssp);
476           oldoffset = offset;
477           offset += lfs_btofsb(fs, lfs_sb_getsumsize(fs));
478 
479           ninos = howmany(lfs_ss_getninos(fs, ssp), LFS_INOPB(fs));
480           iip = SEGSUM_IINFOSTART(fs, bp->b_data);
481           if (flags & CHECK_CKSUM) {
482                     /* Count blocks */
483                     nblocks = 0;
484                     fip = SEGSUM_FINFOBASE(fs, (SEGSUM *)bp->b_data);
485                     for (i = 0; i < lfs_ss_getnfinfo(fs, ssp); ++i) {
486                               nblocks += lfs_fi_getnblocks(fs, fip);
487                               if (lfs_fi_getnblocks(fs, fip) <= 0)
488                                         break;
489                               fip = NEXT_FINFO(fs, fip);
490                     }
491                     nblocks += ninos;
492                     /* Create the sum array */
493                     datap = dp = malloc(nblocks * sizeof(u_long),
494                                             M_SEGMENT, M_WAITOK);
495           }
496 
497           /* Handle individual blocks */
498           fip = SEGSUM_FINFOBASE(fs, (SEGSUM *)bp->b_data);
499           for (i = 0; i < lfs_ss_getnfinfo(fs, ssp) || ninos; ++i) {
500                     /* Inode block? */
501                     if (ninos && lfs_ii_getblock(fs, iip) == offset) {
502                               if (flags & CHECK_CKSUM) {
503                                         /* Read in the head and add to the buffer */
504                                         error = bread(devvp, LFS_FSBTODB(fs, offset), lfs_sb_getbsize(fs),
505                                                         0, &dbp);
506                                         if (error) {
507                                                   offset = -1;
508                                                   goto err2;
509                                         }
510                                         /* XXX this can't be right, on-disk u_long? */
511                                         (*dp++) = ((u_long *)(dbp->b_data))[0];
512                                         brelse(dbp, BC_AGE);
513                               }
514                               if (flags & CHECK_UPDATE) {
515                                         if ((error = update_inoblk(fs, offset, cred, l))
516                                             != 0) {
517                                                   offset = -1;
518                                                   goto err2;
519                                         }
520                               }
521                               offset += lfs_btofsb(fs, lfs_sb_getibsize(fs));
522                               iip = NEXTLOWER_IINFO(fs, iip);
523                               --ninos;
524                               --i; /* compensate for ++i in loop header */
525                               continue;
526                     }
527                     size = lfs_sb_getbsize(fs);
528                     for (j = 0; j < lfs_fi_getnblocks(fs, fip); ++j) {
529                               if (j == lfs_fi_getnblocks(fs, fip) - 1)
530                                         size = lfs_fi_getlastlength(fs, fip);
531                               if (flags & CHECK_CKSUM) {
532                                         error = bread(devvp, LFS_FSBTODB(fs, offset), size,
533                                             0, &dbp);
534                                         if (error) {
535                                                   offset = -1;
536                                                   goto err2;
537                                         }
538                                         (*dp++) = ((u_long *)(dbp->b_data))[0];
539                                         brelse(dbp, BC_AGE);
540                               }
541                               /* Account for and update any direct blocks */
542                               if ((flags & CHECK_UPDATE) &&
543                                  lfs_fi_getino(fs, fip) > LFS_IFILE_INUM &&
544                                  lfs_fi_getblock(fs, fip, j) >= 0) {
545                                         update_meta(fs, lfs_fi_getino(fs, fip),
546                                                       lfs_fi_getversion(fs, fip),
547                                                       lfs_fi_getblock(fs, fip, j),
548                                                       offset, size, l);
549                               }
550                               offset += lfs_btofsb(fs, size);
551                     }
552                     fip = NEXT_FINFO(fs, fip);
553           }
554           /* Checksum the array, compare */
555           datasum = lfs_ss_getdatasum(fs, ssp);
556           foundsum = cksum(datap, nblocks * sizeof(u_long));
557           if ((flags & CHECK_CKSUM) && datasum != foundsum) {
558                     DLOG((DLOG_RF, "Datasum error at 0x%" PRIx64
559                           " (wanted %x got %x)\n",
560                           offset, datasum, foundsum));
561                     offset = -1;
562                     goto err2;
563           }
564 
565           /* If we're at the end of the segment, move to the next */
566           if (lfs_dtosn(fs, offset + lfs_btofsb(fs, lfs_sb_getsumsize(fs) + lfs_sb_getbsize(fs))) !=
567              lfs_dtosn(fs, offset)) {
568                     if (lfs_dtosn(fs, offset) == lfs_dtosn(fs, lfs_ss_getnext(fs, ssp))) {
569                               offset = -1;
570                               goto err2;
571                     }
572                     offset = lfs_ss_getnext(fs, ssp);
573                     DLOG((DLOG_RF, "LFS roll forward: moving to offset 0x%" PRIx64
574                            " -> segment %d\n", offset, lfs_dtosn(fs,offset)));
575           }
576 
577           if (flags & CHECK_UPDATE) {
578                     lfs_sb_subavail(fs, offset - oldoffset);
579                     /* Don't clog the buffer queue */
580                     mutex_enter(&lfs_lock);
581                     if (locked_queue_count > LFS_MAX_BUFS ||
582                         locked_queue_bytes > LFS_MAX_BYTES) {
583                               lfs_flush(fs, SEGM_CKP, 0);
584                     }
585                     mutex_exit(&lfs_lock);
586           }
587 
588     err2:
589           if (flags & CHECK_CKSUM)
590                     free(datap, M_SEGMENT);
591     err1:
592           brelse(bp, BC_AGE);
593 
594           /* XXX should we update the serial number even for bad psegs? */
595           if ((flags & CHECK_UPDATE) && offset > 0 && lfs_sb_getversion(fs) > 1)
596                     lfs_sb_setserial(fs, nextserial);
597           return offset;
598 }
599 
600 void
lfs_roll_forward(struct lfs * fs,struct mount * mp,struct lwp * l)601 lfs_roll_forward(struct lfs *fs, struct mount *mp, struct lwp *l)
602 {
603           int flags, dirty;
604           daddr_t offset, oldoffset, lastgoodpseg;
605           int sn, curseg, do_rollforward;
606           struct proc *p;
607           kauth_cred_t cred;
608           SEGUSE *sup;
609           struct buf *bp;
610 
611           p = l ? l->l_proc : NULL;
612           cred = p ? p->p_cred : NOCRED;
613 
614           /*
615            * Roll forward.
616            *
617            * We don't roll forward for v1 filesystems, because
618            * of the danger that the clock was turned back between the last
619            * checkpoint and crash.  This would roll forward garbage.
620            *
621            * v2 filesystems don't have this problem because they use a
622            * monotonically increasing serial number instead of a timestamp.
623            */
624           do_rollforward = (!(lfs_sb_getpflags(fs) & LFS_PF_CLEAN) &&
625                                 lfs_do_rfw && lfs_sb_getversion(fs) > 1 && p != NULL);
626           if (do_rollforward) {
627                     u_int64_t nextserial;
628                     /*
629                      * Phase I: Find the address of the last good partial
630                      * segment that was written after the checkpoint.  Mark
631                      * the segments in question dirty, so they won't be
632                      * reallocated.
633                      */
634                     lastgoodpseg = oldoffset = offset = lfs_sb_getoffset(fs);
635                     flags = 0x0;
636                     DLOG((DLOG_RF, "LFS roll forward phase 1: start at offset 0x%"
637                           PRIx64 "\n", offset));
638                     LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, offset), bp);
639                     if (!(sup->su_flags & SEGUSE_DIRTY))
640                               lfs_sb_subnclean(fs, 1);
641                     sup->su_flags |= SEGUSE_DIRTY;
642                     LFS_WRITESEGENTRY(sup, fs, lfs_dtosn(fs, offset), bp);
643                     nextserial = lfs_sb_getserial(fs) + 1;
644                     while ((offset = check_segsum(fs, offset, nextserial,
645                         cred, CHECK_CKSUM, &flags, l)) > 0) {
646                               nextserial++;
647                               if (lfs_sntod(fs, oldoffset) != lfs_sntod(fs, offset)) {
648                                         LFS_SEGENTRY(sup, fs, lfs_dtosn(fs, oldoffset),
649                                                        bp);
650                                         if (!(sup->su_flags & SEGUSE_DIRTY))
651                                                   lfs_sb_subnclean(fs, 1);
652                                         sup->su_flags |= SEGUSE_DIRTY;
653                                         LFS_WRITESEGENTRY(sup, fs, lfs_dtosn(fs, oldoffset),
654                                                        bp);
655                               }
656 
657                               DLOG((DLOG_RF, "LFS roll forward phase 1: offset=0x%"
658                                     PRIx64 "\n", offset));
659                               if (flags & SS_DIROP) {
660                                         DLOG((DLOG_RF, "lfs_mountfs: dirops at 0x%"
661                                               PRIx64 "\n", oldoffset));
662                                         if (!(flags & SS_CONT)) {
663                                              DLOG((DLOG_RF, "lfs_mountfs: dirops end "
664                                                      "at 0x%" PRIx64 "\n", oldoffset));
665                                         }
666                               }
667                               if (!(flags & SS_CONT))
668                                         lastgoodpseg = offset;
669                               oldoffset = offset;
670                     }
671                     if (flags & SS_CONT) {
672                               DLOG((DLOG_RF, "LFS roll forward: warning: incomplete "
673                                     "dirops discarded\n"));
674                     }
675                     DLOG((DLOG_RF, "LFS roll forward phase 1: completed: "
676                           "lastgoodpseg=0x%" PRIx64 "\n", lastgoodpseg));
677                     oldoffset = lfs_sb_getoffset(fs);
678                     if (lfs_sb_getoffset(fs) != lastgoodpseg) {
679                               /* Don't overwrite what we're trying to preserve */
680                               offset = lfs_sb_getoffset(fs);
681                               lfs_sb_setoffset(fs, lastgoodpseg);
682                               lfs_sb_setcurseg(fs, lfs_sntod(fs, lfs_dtosn(fs, lfs_sb_getoffset(fs))));
683                               for (sn = curseg = lfs_dtosn(fs, lfs_sb_getcurseg(fs));;) {
684                                         sn = (sn + 1) % lfs_sb_getnseg(fs);
685                                         if (sn == curseg)
686                                                   panic("lfs_mountfs: no clean segments");
687                                         LFS_SEGENTRY(sup, fs, sn, bp);
688                                         dirty = (sup->su_flags & SEGUSE_DIRTY);
689                                         brelse(bp, 0);
690                                         if (!dirty)
691                                                   break;
692                               }
693                               lfs_sb_setnextseg(fs, lfs_sntod(fs, sn));
694 
695                               /*
696                                * Phase II: Roll forward from the first superblock.
697                                */
698                               while (offset != lastgoodpseg) {
699                                         DLOG((DLOG_RF, "LFS roll forward phase 2: 0x%"
700                                               PRIx64 "\n", offset));
701                                         offset = check_segsum(fs, offset,
702                                             lfs_sb_getserial(fs) + 1, cred, CHECK_UPDATE,
703                                             NULL, l);
704                               }
705 
706                               /*
707                                * Finish: flush our changes to disk.
708                                */
709                               lfs_segwrite(mp, SEGM_CKP | SEGM_SYNC);
710                               DLOG((DLOG_RF, "lfs_mountfs: roll forward ",
711                                     "recovered %jd blocks\n",
712                                     (intmax_t)(lastgoodpseg - oldoffset)));
713                     }
714                     DLOG((DLOG_RF, "LFS roll forward complete\n"));
715           }
716 }
717