[bug] fsck refuses to repair damaged UFS using backup superblock

Kirk McKusick mckusick at mckusick.com
Wed Nov 28 07:52:31 UTC 2018 

> From: Rick Macklem <rmacklem at uoguelph.ca>
> To: Warner Losh <imp at bsdimp.com>, Kirk McKusick <mckusick at mckusick.com>
> CC: Konstantin Belousov <kostikbel at gmail.com>,
>         FreeBSD FS <freebsd-fs at freebsd.org>,
>         "Julian H. Stacey" <jhs at berklix.com>,
>         "soralx at cydem.org" <soralx at cydem.org>
> Subject: Re: [bug] fsck refuses to repair damaged UFS using backup superblock
> Date: Wed, 28 Nov 2018 01:31:23 +0000
> 
> Kirk McKusick wrote:
>>
>> My proposal is that when a filesystem is being mounted read-only
>> that superblock check-hash failures should be warnings only. This
>> is true not just at boot time, but always. We should probably set
>> the FS_NEEDSFSCK flag so that if it is updated to read-write a
>> warning will get printed. Since booting always starts up with
>> the filesystem in read-only mode, this should solve the booting
>> problem. Does this seem like a sensible solution?
> 
> Is there a concern that a read-only mount of a corrupted non-root
> fs could cause the system to panic/crash?
> 
> For booting, I think Warner is correct to suggest "print a warning
> and soldier on..".  However, once the system has booted (maybe only
> single user), I'd think it would be better to fail the mount at
> least until an fsck is done on it than allow it to be mounted
> read-only, unless there is no risk that doing this mount could cause
> a crash/panic. Obviously, just my opinion given that I don't know UFS.
> 
> rick

Since the initial boot does a read-only mount, my proposal will have
the effect that the boot will "print a warning and soldier on..".

The root filesystem has to be intact enough to be able to read the
boot code and one or more kernel and configuration files from it.
If it is able to get that far, it will most likely be able to
read-only mount it and get /sbin/init and /bin/sh off it to get to
a single-user prompt.

By setting the FS_NEEDSFSCK flag on the filesystem, a full fsck
will be run as part of trying to come up and will fail to single
user if the fsck is not successful.

	Kirk McKusick

More information about the freebsd-fs mailing list