![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to 3.t CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 05.fsck|
Return to 3.t CVS log | Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 05.fsck |
1.1 ! root 1: .\" Copyright (c) 1982 Regents of the University of California. ! 2: .\" All rights reserved. The Berkeley software License Agreement ! 3: .\" specifies the terms and conditions for redistribution. ! 4: .\" ! 5: .\" @(#)3.t 4.3 (Berkeley) 2/1/86 ! 6: .\" ! 7: .ds RH Fixing corrupted file systems ! 8: .NH ! 9: Fixing corrupted file systems ! 10: .PP ! 11: A file system ! 12: can become corrupted in several ways. ! 13: The most common of these ways are ! 14: improper shutdown procedures ! 15: and hardware failures. ! 16: .PP ! 17: File systems may become corrupted during an ! 18: .I "unclean halt" . ! 19: This happens when proper shutdown ! 20: procedures are not observed, ! 21: physically write-protecting a mounted file system, ! 22: or a mounted file system is taken off-line. ! 23: The most common operator procedural failure is forgetting to ! 24: .I sync ! 25: the system before halting the CPU. ! 26: .PP ! 27: File systems may become further corrupted if proper startup ! 28: procedures are not observed, e.g., ! 29: not checking a file system for inconsistencies, ! 30: and not repairing inconsistencies. ! 31: Allowing a corrupted file system to be used (and, thus, to be modified ! 32: further) can be disastrous. ! 33: .PP ! 34: Any piece of hardware can fail at any time. ! 35: Failures ! 36: can be as subtle as a bad block ! 37: on a disk pack, or as blatant as a non-functional disk-controller. ! 38: .NH 2 ! 39: Detecting and correcting corruption ! 40: .PP ! 41: Normally ! 42: .I fsck ! 43: is run non-interactively. ! 44: In this mode it will only fix ! 45: corruptions that are expected to occur from an unclean halt. ! 46: These actions are a proper subset of the actions that ! 47: .I fsck ! 48: will take when it is running interactively. ! 49: Throughout this paper we assume that ! 50: .I fsck ! 51: is being run interactively, ! 52: and all possible errors can be encountered. ! 53: When an inconsistency is discovered in this mode, ! 54: .I fsck ! 55: reports the inconsistency for the operator to ! 56: chose a corrective action. ! 57: .PP ! 58: A quiescent\(dd ! 59: .FS ! 60: \(dd I.e., unmounted and not being written on. ! 61: .FE ! 62: file system may be checked for structural integrity ! 63: by performing consistency checks on the ! 64: redundant data intrinsic to a file system. ! 65: The redundant data is either read from ! 66: the file system, ! 67: or computed from other known values. ! 68: The file system ! 69: .B must ! 70: be in a quiescent state when ! 71: .I fsck ! 72: is run, ! 73: since ! 74: .I fsck ! 75: is a multi-pass program. ! 76: .PP ! 77: In the following sections, ! 78: we discuss methods to discover inconsistencies ! 79: and possible corrective actions ! 80: for the cylinder group blocks, the inodes, the indirect blocks, and ! 81: the data blocks containing directory entries. ! 82: .NH 2 ! 83: Super-block checking ! 84: .PP ! 85: The most commonly corrupted item in a file system ! 86: is the summary information ! 87: associated with the super-block. ! 88: The summary information is prone to corruption ! 89: because it is modified with every change to the file ! 90: system's blocks or inodes, ! 91: and is usually corrupted ! 92: after an unclean halt. ! 93: .PP ! 94: The super-block is checked for inconsistencies ! 95: involving file-system size, number of inodes, ! 96: free-block count, and the free-inode count. ! 97: The file-system size must be larger than the ! 98: number of blocks used by the super-block ! 99: and the number of blocks used by the list of inodes. ! 100: The file-system size and layout information ! 101: are the most critical pieces of information for ! 102: .I fsck . ! 103: While there is no way to actually check these sizes, ! 104: since they are statically determined by ! 105: .I newfs , ! 106: .I fsck ! 107: can check that these sizes are within reasonable bounds. ! 108: All other file system checks require that these sizes be correct. ! 109: If ! 110: .I fsck ! 111: detects corruption in the static parameters of the default super-block, ! 112: .I fsck ! 113: requests the operator to specify the location of an alternate super-block. ! 114: .NH 2 ! 115: Free block checking ! 116: .PP ! 117: .I Fsck ! 118: checks that all the blocks ! 119: marked as free in the cylinder group block maps ! 120: are not claimed by any files. ! 121: When all the blocks have been initially accounted for, ! 122: .I fsck ! 123: checks that ! 124: the number of free blocks ! 125: plus the number of blocks claimed by the inodes ! 126: equals the total number of blocks in the file system. ! 127: .PP ! 128: If anything is wrong with the block allocation maps, ! 129: .I fsck ! 130: will rebuild them, ! 131: based on the list it has computed of allocated blocks. ! 132: .PP ! 133: The summary information associated with the super-block ! 134: counts the total number of free blocks within the file system. ! 135: .I Fsck ! 136: compares this count to the ! 137: number of free blocks it found within the file system. ! 138: If the two counts do not agree, then ! 139: .I fsck ! 140: replaces the incorrect count in the summary information ! 141: by the actual free-block count. ! 142: .PP ! 143: The summary information ! 144: counts the total number of free inodes within the file system. ! 145: .I Fsck ! 146: compares this count to the number ! 147: of free inodes it found within the file system. ! 148: If the two counts do not agree, then ! 149: .I fsck ! 150: replaces the incorrect count in the ! 151: summary information by the actual free-inode count. ! 152: .NH 2 ! 153: Checking the inode state ! 154: .PP ! 155: An individual inode is not as likely to be corrupted as ! 156: the allocation information. ! 157: However, because of the great number of active inodes, ! 158: a few of the inodes are usually corrupted. ! 159: .PP ! 160: The list of inodes in the file system ! 161: is checked sequentially starting with inode 2 ! 162: (inode 0 marks unused inodes; ! 163: inode 1 is saved for future generations) ! 164: and progressing through the last inode in the file system. ! 165: The state of each inode is checked for ! 166: inconsistencies involving format and type, ! 167: link count, ! 168: duplicate blocks, ! 169: bad blocks, ! 170: and inode size. ! 171: .PP ! 172: Each inode contains a mode word. ! 173: This mode word describes the type and state of the inode. ! 174: Inodes must be one of six types: ! 175: regular inode, directory inode, symbolic link inode, ! 176: special block inode, special character inode, or socket inode. ! 177: Inodes may be found in one of three allocation states: ! 178: unallocated, allocated, and neither unallocated nor allocated. ! 179: This last state suggests an incorrectly formated inode. ! 180: An inode can get in this state if ! 181: bad data is written into the inode list. ! 182: The only possible corrective action is for ! 183: .I fsck ! 184: is to clear the inode. ! 185: .NH 2 ! 186: Inode links ! 187: .PP ! 188: Each inode counts the ! 189: total number of directory entries ! 190: linked to the inode. ! 191: .I Fsck ! 192: verifies the link count of each inode ! 193: by starting at the root of the file system, ! 194: and descending through the directory structure. ! 195: The actual link count for each inode ! 196: is calculated during the descent. ! 197: .PP ! 198: If the stored link count is non-zero and the actual ! 199: link count is zero, ! 200: then no directory entry appears for the inode. ! 201: If this happens, ! 202: .I fsck ! 203: will place the disconnected file in the ! 204: .I lost+found ! 205: directory. ! 206: If the stored and actual link counts are non-zero and unequal, ! 207: a directory entry may have been added or removed without the inode being ! 208: updated. ! 209: If this happens, ! 210: .I fsck ! 211: replaces the incorrect stored link count by the actual link count. ! 212: .PP ! 213: Each inode contains a list, ! 214: or pointers to ! 215: lists (indirect blocks), ! 216: of all the blocks claimed by the inode. ! 217: Since indirect blocks are owned by an inode, ! 218: inconsistencies in indirect blocks directly ! 219: affect the inode that owns it. ! 220: .PP ! 221: .I Fsck ! 222: compares each block number claimed by an inode ! 223: against a list of already allocated blocks. ! 224: If another inode already claims a block number, ! 225: then the block number is added to a list of ! 226: .I "duplicate blocks" . ! 227: Otherwise, the list of allocated blocks ! 228: is updated to include the block number. ! 229: .PP ! 230: If there are any duplicate blocks, ! 231: .I fsck ! 232: will perform a partial second ! 233: pass over the inode list ! 234: to find the inode of the duplicated block. ! 235: The second pass is needed, ! 236: since without examining the files associated with ! 237: these inodes for correct content, ! 238: not enough information is available ! 239: to determine which inode is corrupted and should be cleared. ! 240: If this condition does arise ! 241: (only hardware failure will cause it), ! 242: then the inode with the earliest ! 243: modify time is usually incorrect, ! 244: and should be cleared. ! 245: If this happens, ! 246: .I fsck ! 247: prompts the operator to clear both inodes. ! 248: The operator must decide which one should be kept ! 249: and which one should be cleared. ! 250: .PP ! 251: .I Fsck ! 252: checks the range of each block number claimed by an inode. ! 253: If the block number is ! 254: lower than the first data block in the file system, ! 255: or greater than the last data block, ! 256: then the block number is a ! 257: .I "bad block number" . ! 258: Many bad blocks in an inode are usually caused by ! 259: an indirect block that was not written to the file system, ! 260: a condition which can only occur if there has been a hardware failure. ! 261: If an inode contains bad block numbers, ! 262: .I fsck ! 263: prompts the operator to clear it. ! 264: .NH 2 ! 265: Inode data size ! 266: .PP ! 267: Each inode contains a count of the number of data blocks ! 268: that it contains. ! 269: The number of actual data blocks ! 270: is the sum of the allocated data blocks ! 271: and the indirect blocks. ! 272: .I Fsck ! 273: computes the actual number of data blocks ! 274: and compares that block count against ! 275: the actual number of blocks the inode claims. ! 276: If an inode contains an incorrect count ! 277: .I fsck ! 278: prompts the operator to fix it. ! 279: .PP ! 280: Each inode contains a thirty-two bit size field. ! 281: The size is the number of data bytes ! 282: in the file associated with the inode. ! 283: The consistency of the byte size field is roughly checked ! 284: by computing from the size field the maximum number of blocks ! 285: that should be associated with the inode, ! 286: and comparing that expected block count against ! 287: the actual number of blocks the inode claims. ! 288: .NH 2 ! 289: Checking the data associated with an inode ! 290: .PP ! 291: An inode can directly or indirectly ! 292: reference three kinds of data blocks. ! 293: All referenced blocks must be the same kind. ! 294: The three types of data blocks are: ! 295: plain data blocks, symbolic link data blocks, and directory data blocks. ! 296: Plain data blocks ! 297: contain the information stored in a file; ! 298: symbolic link data blocks ! 299: contain the path name stored in a link. ! 300: Directory data blocks contain directory entries. ! 301: .I Fsck ! 302: can only check the validity of directory data blocks. ! 303: .PP ! 304: Each directory data block is checked for ! 305: several types of inconsistencies. ! 306: These inconsistencies include ! 307: directory inode numbers pointing to unallocated inodes, ! 308: directory inode numbers that are greater than ! 309: the number of inodes in the file system, ! 310: incorrect directory inode numbers for ``\fB.\fP'' and ``\fB..\fP'', ! 311: and directories that are not attached to the file system. ! 312: If the inode number in a directory data block ! 313: references an unallocated inode, ! 314: then ! 315: .I fsck ! 316: will remove that directory entry. ! 317: Again, ! 318: this condition can only arise when there has been a hardware failure. ! 319: .PP ! 320: If a directory entry inode number references ! 321: outside the inode list, then ! 322: .I fsck ! 323: will remove that directory entry. ! 324: This condition occurs if bad data is written into a directory data block. ! 325: .PP ! 326: The directory inode number entry for ``\fB.\fP'' ! 327: must be the first entry in the directory data block. ! 328: The inode number for ``\fB.\fP'' ! 329: must reference itself; ! 330: e.g., it must equal the inode number ! 331: for the directory data block. ! 332: The directory inode number entry ! 333: for ``\fB..\fP'' must be ! 334: the second entry in the directory data block. ! 335: Its value must equal the inode number for the ! 336: parent of the directory entry ! 337: (or the inode number of the directory ! 338: data block if the directory is the ! 339: root directory). ! 340: If the directory inode numbers are ! 341: incorrect, ! 342: .I fsck ! 343: will replace them with the correct values. ! 344: If there are multiple hard links to a directory, ! 345: the first one encountered is considered the real parent ! 346: to which ``\fB..\fP'' should point; ! 347: \fIfsck\P recommends deletion for the subsequently discovered names. ! 348: .NH 2 ! 349: File system connectivity ! 350: .PP ! 351: .I Fsck ! 352: checks the general connectivity of the file system. ! 353: If directories are not linked into the file system, then ! 354: .I fsck ! 355: links the directory back into the file system in the ! 356: .I lost+found ! 357: directory. ! 358: This condition only occurs when there has been a hardware failure. ! 359: .ds RH "References" ! 360: .SH ! 361: \s+2Acknowledgements\s0 ! 362: .PP ! 363: I thank Bill Joy, Sam Leffler, Robert Elz and Dennis Ritchie ! 364: for their suggestions and help in implementing the new file system. ! 365: Thanks also to Robert Henry for his editorial input to ! 366: get this document together. ! 367: Finally we thank our sponsors, ! 368: the National Science Foundation under grant MCS80-05144, ! 369: and the Defense Advance Research Projects Agency (DoD) under ! 370: Arpa Order No. 4031 monitored by Naval Electronic System Command under ! 371: Contract No. N00039-82-C-0235. (Kirk McKusick, July 1983) ! 372: .PP ! 373: I would like to thank Larry A. Wehr for advice that lead ! 374: to the first version of ! 375: .I fsck ! 376: and Rick B. Brandt for adapting ! 377: .I fsck ! 378: to ! 379: UNIX/TS. (T. Kowalski, July 1979) ! 380: .sp 2 ! 381: .SH ! 382: \s+2References\s0 ! 383: .LP ! 384: .IP [Dolotta78] 20 ! 385: Dolotta, T. A., and Olsson, S. B. eds., ! 386: .I "UNIX User's Manual, Edition 1.1\^" , ! 387: January 1978. ! 388: .IP [Joy83] 20 ! 389: Joy, W., Cooper, E., Fabry, R., Leffler, S., McKusick, M., and Mosher, D. ! 390: 4.2BSD System Manual, ! 391: .I "University of California at Berkeley" , ! 392: .I "Computer Systems Research Group Technical Report" ! 393: #4, 1982. ! 394: .IP [McKusick84] 20 ! 395: McKusick, M., Joy, W., Leffler, S., and Fabry, R. ! 396: A Fast File System for UNIX, ! 397: \fIACM Transactions on Computer Systems 2\fP, 3. ! 398: pp. 181-197, August 1984. ! 399: .IP [Ritchie78] 20 ! 400: Ritchie, D. M., and Thompson, K., ! 401: The UNIX Time-Sharing System, ! 402: .I "The Bell System Technical Journal" ! 403: .B 57 , ! 404: 6 (July-August 1978, Part 2), pp. 1905-29. ! 405: .IP [Thompson78] 20 ! 406: Thompson, K., ! 407: UNIX Implementation, ! 408: .I "The Bell System Technical Journal\^" ! 409: .B 57 , ! 410: 6 (July-August 1978, Part 2), pp. 1931-46. ! 411: .ds RH Appendix A \- Fsck Error Conditions ! 412: .bp
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.