[PATCH FOR REVIEW] fsck_ffs: Recover from catastrophic damage

Maxim Sobolev sobomax at FreeBSD.org
Wed Feb 20 21:01:20 UTC 2008

Xin LI wrote:
> Hash: SHA1
> Alexander Leidinger wrote:
>> Quoting Xin LI <delphij at delphij.net> (from Tue, 19 Feb 2008 23:36:04
>> -0800):
>>> Change summary:
>>> fsutil.c:
>>>  - Really update standard superblock.  fsck_ffs -b used to update the
>>> backup superblock which does not recover file systems which have bad
>>> master superblocks.
>>>  - Instead of coredump, zero out whole cg if its signature is bad.
>>> inode.c:
>>>  - Instead of coredump, zero out whole cg if its signature is bad.
>> Does this modify (zero out) on-disk blocks? If yes, shouldn't this ask
>> for confirmation?
> My assumption is that if a cylinder group's magic number is damaged,
> then the whole stuff can not be trusted at all, but yes, I think this
> should come with a prompt, will add tomorrow.

Does it make sense to make this functionality only available if some 
special command-line flag has been specified? For example in the 
presence of silent data corruption (which as we all know now is real) it 
is possible that read would return incorrect data, while it's still 
perfectly OK on disk. Zeroing data would make an irreversible damage in 
such case. IMHO, fsck should bail by default in such case, since it 
can't tell for sure what the source of the error is.


More information about the freebsd-current mailing list