[PATCH FOR REVIEW] fsck_ffs: Recover from catastrophic damage
Maxim Sobolev
sobomax at FreeBSD.org
Wed Feb 20 21:01:20 UTC 2008
Xin LI wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Alexander Leidinger wrote:
>> Quoting Xin LI <delphij at delphij.net> (from Tue, 19 Feb 2008 23:36:04
>> -0800):
>>
>>> Change summary:
>>>
>>> fsutil.c:
>>> - Really update standard superblock. fsck_ffs -b used to update the
>>> backup superblock which does not recover file systems which have bad
>>> master superblocks.
>>> - Instead of coredump, zero out whole cg if its signature is bad.
>>>
>>> inode.c:
>>> - Instead of coredump, zero out whole cg if its signature is bad.
>> Does this modify (zero out) on-disk blocks? If yes, shouldn't this ask
>> for confirmation?
>
> My assumption is that if a cylinder group's magic number is damaged,
> then the whole stuff can not be trusted at all, but yes, I think this
> should come with a prompt, will add tomorrow.
Does it make sense to make this functionality only available if some
special command-line flag has been specified? For example in the
presence of silent data corruption (which as we all know now is real) it
is possible that read would return incorrect data, while it's still
perfectly OK on disk. Zeroing data would make an irreversible damage in
such case. IMHO, fsck should bail by default in such case, since it
can't tell for sure what the source of the error is.
-Maxim
More information about the freebsd-current
mailing list