From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Eric Sandeen <sandeen@sandeen.net>
Cc: Jan Tulak <jtulak@redhat.com>, linux-xfs@vger.kernel.org
Subject: Re: [PATCH 2/2 v5] fsck.xfs: allow forced repairs using xfs_repair
Date: Thu, 22 Mar 2018 20:25:48 -0700 [thread overview]
Message-ID: <20180323032548.GG4818@magnolia> (raw)
In-Reply-To: <709ab06b-4efc-2925-6621-f17ed4c048c6@sandeen.net>
On Thu, Mar 22, 2018 at 09:37:08PM -0500, Eric Sandeen wrote:
> On 3/16/18 12:07 PM, Jan Tulak wrote:
> > The fsck.xfs script did nothing, because xfs doesn't need a fsck to be
> > run on every unclean shutdown. However, sometimes it may happen that the
> > root filesystem really requires the usage of xfs_repair and then it is a
> > hassle. This patch makes the situation a bit easier by detecting forced
> > checks (/forcefsck or fsck.mode=force)
>
> and invoking xfs_repair.
>
> (and then can strike the rest below)
>
> >, so user can require the repair,
> > without the repair being run all the time.
> >
> > Signed-off-by: Jan Tulak <jtulak@redhat.com>
> >
> > ---
> > Changelog:
> > v5:
> > - Change the message for xfs_repair code 2
> > v4:
> > - man page changes
> > v3:
> > - too quick with fixing in v2... add line at the end of the file
> > v2:
> > - return the "exit 0" at the end
> > v1:
> > - test for xfs_repair binary
> > - run only in non-interactive session
> > - translate xfs_repair return codes to fsck ones
> > - run only if the filesystem is not mounted
> > - add manpage update
> > ---
> > fsck/xfs_fsck.sh | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
> > man/man8/fsck.xfs.8 | 7 ++++++
> > 2 files changed, 73 insertions(+), 1 deletion(-)
> >
> > diff --git a/fsck/xfs_fsck.sh b/fsck/xfs_fsck.sh
> > index e52969e4..2ac09aeb 100755
> > --- a/fsck/xfs_fsck.sh
> > +++ b/fsck/xfs_fsck.sh
> > @@ -3,11 +3,44 @@
> > # Copyright (c) 2006 Silicon Graphics, Inc. All Rights Reserved.
> > #
> >
> > +NAME=$0
> > +
> > +# get the right return code for fsck
> > +function repair2fsck_code() {
> > + case $1 in
> > + 0) return 0 # everything is ok
> > + ;;
> > + 1) echo "$NAME error: xfs_repair could not fix the filesystem." 1>&2
> > + return 4 # errors left uncorrected
> > + ;;
> > + 2) echo "$NAME error: The filesystem log is dirty, mount it to recover" \
> > + "the log. If that fails, refer to the section DIRTY LOGS in the" \
> > + "xfs_repair manual page." 1>&2
> > + return 4 # dirty log, don't do anything and let the user solve it
> > + ;;
> > + 3) return 1 # The fs has been fixed
>
> (4, if patch 1/2 changes ...)
>
> > + ;;
> > + *) echo "$NAME error: An unknown return code from xfs_repair '$1'" 1>&2
> > + return 4 # something went wrong with xfs_repair
> > + esac
> > +}
> > +
> > +function ensure_not_mounted() {
> > + local dev=$1
> > + mounted=`grep -c "^$dev " /proc/mounts`
> > + if [ $mounted -ne 0 ]; then
> > + echo "$NAME error: The filesystem to be checked must not be mounted." 1>&2
> > + exit 4
> > + fi
> > +}
>
> Is this necessary? Doesn't xfs_repair already check this?
>
> # xfs_repair /dev/loop0
> xfs_repair: /dev/loop0 contains a mounted filesystem
> xfs_repair: /dev/loop0 contains a mounted and writable filesystem
>
> fatal error -- couldn't initialize XFS library
>
> # echo $?
> 1
>
> (script would then say "error: xfs_repair could not fix the filesystem."
> and exit with 4.)
>
> It might be nice to have the cleaner message above, but I wonder about
> the wisdom and safety of hand-rolling another simplistic mount check in a bash
> script.... thoughts?
>
> > +
> > AUTO=false
> > -while getopts ":aApy" c
> > +FORCE=false
> > +while getopts ":aApyf" c
> > do
> > case $c in
> > a|A|p|y) AUTO=true;;
> > + f) FORCE=true;;
> > esac
> > done
> > eval DEV=\${$#}
> > @@ -15,6 +48,38 @@ if [ ! -e $DEV ]; then
> > echo "$0: $DEV does not exist"
> > exit 8
> > fi
> > +
> > +# The flag -f is added by systemd/init scripts when /forcefsck file is present
> > +# or fsck.mode=force is used during boot; an unclean shutdown won't trigger
> > +# this check, user has to explicitly require a forced fsck.
> > +# But first of all, test if it is a non-interactive session.
>
> Let's say why, here:
>
> "Invoking xfs_repair via fsck.xfs is only intended to happen via initscripts.
> Normal administrative filesystem repairs should always invoke xfs_repair directly."
>
> or something like that.
>
> > Use multiple
> > +# methods to capture most of the cases:
> > +# The case for *i* and -n "$PS1" are commonly suggested in bash manual
> > +# and the -t 0 test checks stdin
> > +case $- in
> > + *i*) FORCE=false ;;
> > +esac
> > +if [ -n "$PS1" -o -t 0 ]; then
> > + FORCE=false
> > +fi
>
> Ok - I thought maybe we should be noisy about ignoring -f, but on
> second thought, I like hiding it.
>
> > +
> > +if $FORCE; then
> > + if [ -f /sbin/xfs_repair ]; then
> > + BIN="/sbin/xfs_repair"
> > + elif [ -f /usr/sbin/xfs_repair ]; then
> > + BIN="/usr/sbin/xfs_repair"
> > + else
> > + echo "$NAME error: xfs_repair was not found!" 1>&2
> > + exit 4
> > + fi
>
> Ok, similar question as Darrick had - why hardcode paths? Seems reasonable
> to assume that xfs_repair will be in the path, and who knows what the
> path may be in any given initrd...
>
> Could just do:
>
> XFS_REPAIR=$(command -v xfs_repair)
> if [ ! -x "$XFS_REPAIR" ] ; then
> echo "$NAME error: xfs_repair was not found!" 1>&2
> exit 4
> fi
>
> It make sense to check that it's available before running it, but I think
> hardcoding paths runs the risk of missing it if it's somewhere unique.
OTOH hardcoding the path (since we control where xfs_repair gets
installed) means that we avoid the "someone poisoned PATH" attack. I'm
not sure I buy that argument since if you have root access you probably
can just bind mount a garbage atop /sbin/xfs_repair, but eh.
If you really /do/ want to hardcode paths into the script, you should
pick up PKG_ROOT_SBIN_DIR from the build system.
--D
>
> > +
> > + ensure_not_mounted $DEV
> > +
> > + $BIN -e $DEV
>
> please rename $BIN as $XFS_REPAIR for clarity?
>
> > + repair2fsck_code $?
> > + exit $?
> > +fi
> > +
> > if $AUTO; then
> > echo "$0: XFS file system."
> > else
> > diff --git a/man/man8/fsck.xfs.8 b/man/man8/fsck.xfs.8
> > index ace7252d..08812be8 100644
> > --- a/man/man8/fsck.xfs.8
> > +++ b/man/man8/fsck.xfs.8
> > @@ -21,6 +21,13 @@ If you wish to check the consistency of an XFS filesystem,
> > or repair a damaged or corrupt XFS filesystem,
> > see
> > .BR xfs_repair (8).
> > +.PP
> > +However, the system administrator can force
> > +.B fsck.xfs
> > +to run
> > +.BR xfs_repair (8)
>
> at boot time
>
> > +by creating a /forcefsck file or booting the system with
> > +"fsck.mode=force" on the kernel command line.
> > .
> > .SH FILES
> > .IR /etc/fstab .
> >
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-23 3:25 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-05 15:05 [PATCH] fsck.xfs: allow forced repairs using xfs_repair Jan Tulak
2018-03-05 21:56 ` Dave Chinner
2018-03-05 22:06 ` Eric Sandeen
2018-03-05 22:20 ` Darrick J. Wong
2018-03-05 22:31 ` Dave Chinner
2018-03-05 23:33 ` Eric Sandeen
2018-03-06 11:51 ` Jan Tulak
2018-03-06 21:39 ` Dave Chinner
2018-03-08 10:57 ` Jan Tulak
2018-03-08 16:28 ` Darrick J. Wong
2018-03-08 22:36 ` Dave Chinner
2018-03-14 13:51 ` Jan Tulak
2018-03-14 15:25 ` Darrick J. Wong
2018-03-14 21:10 ` Dave Chinner
2018-03-15 17:01 ` Jan Tulak
2018-03-08 23:28 ` Eric Sandeen
2018-03-14 13:30 ` Jan Tulak
2018-03-14 15:19 ` Eric Sandeen
2018-03-15 11:16 ` Jan Tulak
2018-03-15 22:19 ` Dave Chinner
2018-03-15 17:45 ` [PATCH 1/2] xfs_repair: add flag -e to detect corrected errors Jan Tulak
2018-03-15 17:45 ` [PATCH 2/2 v1] fsck.xfs: allow forced repairs using xfs_repair Jan Tulak
2018-03-15 17:47 ` [PATCH 2/2 v2] " Jan Tulak
2018-03-15 17:50 ` [PATCH 2/2] " Jan Tulak
2018-03-15 18:11 ` Darrick J. Wong
2018-03-15 18:22 ` Jan Tulak
2018-03-15 18:28 ` [PATCH 2/2 v4] " Jan Tulak
2018-03-15 18:49 ` Darrick J. Wong
2018-03-16 10:19 ` Jan Tulak
2018-03-16 15:39 ` Darrick J. Wong
2018-03-16 17:07 ` [PATCH 2/2 v5] " Jan Tulak
2018-03-23 2:37 ` Eric Sandeen
2018-03-23 3:25 ` Darrick J. Wong [this message]
2018-03-23 3:29 ` Eric Sandeen
2018-03-23 3:42 ` Darrick J. Wong
2018-03-23 14:00 ` Jan Tulak
2018-03-23 14:14 ` Jan Tulak
2018-03-23 14:33 ` [PATCH 2/2 v6] " Jan Tulak
2022-09-28 5:28 ` Darrick J. Wong
2022-09-29 8:31 ` Carlos Maiolino
2018-03-15 18:03 ` [PATCH 1/2] xfs_repair: add flag -e to detect corrected errors Darrick J. Wong
2018-03-15 18:23 ` [PATCH 1/2 v2] " Jan Tulak
2018-03-15 18:44 ` Darrick J. Wong
2018-03-23 1:57 ` Eric Sandeen
2018-03-23 9:24 ` Jan Tulak
2018-03-23 14:32 ` [PATCH 1/2 v3] xfs_repair: add flag -e to modify exit code for " Jan Tulak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180323032548.GG4818@magnolia \
--to=darrick.wong@oracle.com \
--cc=jtulak@redhat.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.