1 /* verify.c --- verification of FSFS filesystems
3 * ====================================================================
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
20 * ====================================================================
23 #include "svn_sorts.h"
24 #include "svn_checksum.h"
26 #include "private/svn_subr_private.h"
31 #include "cached_data.h"
32 #include "rep-cache.h"
37 #include "../libsvn_fs/fs-loader.h"
39 #include "svn_private_config.h"
44 /* Baton type expected by verify_walker(). The purpose is to reuse open
45 * rev / pack file handles between calls. Its contents need to be cleaned
46 * periodically to limit resource usage.
48 typedef struct verify_walker_baton_t
50 /* number of calls to verify_walker() since the last clean */
53 /* number of files opened since the last clean */
56 /* progress notification callback to invoke periodically (may be NULL) */
57 svn_fs_progress_notify_func_t notify_func;
59 /* baton to use with NOTIFY_FUNC */
62 /* remember the last revision for which we called notify_func */
63 svn_revnum_t last_notified_revision;
65 /* cached hint for successive calls to svn_fs_fs__check_rep() */
68 /* pool to use for the file handles etc. */
70 } verify_walker_baton_t;
72 /* Used by svn_fs_fs__verify().
73 Implements svn_fs_fs__walk_rep_reference().walker. */
75 verify_walker(representation_t *rep,
78 apr_pool_t *scratch_pool)
80 verify_walker_baton_t *walker_baton = baton;
83 /* notify and free resources periodically */
84 if ( walker_baton->iteration_count > 1000
85 || walker_baton->file_count > 16)
87 if ( walker_baton->notify_func
88 && rep->revision != walker_baton->last_notified_revision)
90 walker_baton->notify_func(rep->revision,
91 walker_baton->notify_baton,
93 walker_baton->last_notified_revision = rep->revision;
96 svn_pool_clear(walker_baton->pool);
98 walker_baton->iteration_count = 0;
99 walker_baton->file_count = 0;
100 walker_baton->hint = NULL;
103 /* access the repo data */
104 previous_hint = walker_baton->hint;
105 SVN_ERR(svn_fs_fs__check_rep(rep, fs, &walker_baton->hint,
106 walker_baton->pool));
108 /* update resource usage counters */
109 walker_baton->iteration_count++;
110 if (previous_hint != walker_baton->hint)
111 walker_baton->file_count++;
116 /* Verify the rep cache DB's consistency with our rev / pack data.
117 * The function signature is similar to svn_fs_fs__verify.
118 * The values of START and END have already been auto-selected and
122 verify_rep_cache(svn_fs_t *fs,
125 svn_fs_progress_notify_func_t notify_func,
127 svn_cancel_func_t cancel_func,
131 svn_boolean_t exists;
133 /* rep-cache verification. */
134 SVN_ERR(svn_fs_fs__exists_rep_cache(&exists, fs, pool));
137 /* provide a baton to allow the reuse of open file handles between
138 iterations (saves 2/3 of OS level file operations). */
139 verify_walker_baton_t *baton = apr_pcalloc(pool, sizeof(*baton));
140 baton->pool = svn_pool_create(pool);
141 baton->last_notified_revision = SVN_INVALID_REVNUM;
142 baton->notify_func = notify_func;
143 baton->notify_baton = notify_baton;
145 /* tell the user that we are now ready to do *something* */
147 notify_func(SVN_INVALID_REVNUM, notify_baton, baton->pool);
149 /* Do not attempt to walk the rep-cache database if its file does
150 not exist, since doing so would create it --- which may confuse
151 the administrator. Don't take any lock. */
152 SVN_ERR(svn_fs_fs__walk_rep_reference(fs, start, end,
153 verify_walker, baton,
154 cancel_func, cancel_baton,
157 /* walker resource cleanup */
158 svn_pool_destroy(baton->pool);
164 /* Verify that the MD5 checksum of the data between offsets START and END
165 * in FILE matches the EXPECTED checksum. If there is a mismatch use the
166 * indedx NAME in the error message. Supports cancellation with CANCEL_FUNC
167 * and CANCEL_BATON. SCRATCH_POOL is for temporary allocations. */
169 verify_index_checksum(apr_file_t *file,
173 svn_checksum_t *expected,
174 svn_cancel_func_t cancel_func,
176 apr_pool_t *scratch_pool)
178 unsigned char buffer[SVN__STREAM_CHUNK_SIZE];
179 apr_off_t size = end - start;
180 svn_checksum_t *actual;
181 svn_checksum_ctx_t *context
182 = svn_checksum_ctx_create(svn_checksum_md5, scratch_pool);
184 /* Calculate the index checksum. */
185 SVN_ERR(svn_io_file_seek(file, APR_SET, &start, scratch_pool));
188 apr_size_t to_read = size > sizeof(buffer)
191 SVN_ERR(svn_io_file_read_full2(file, buffer, to_read, NULL, NULL,
193 SVN_ERR(svn_checksum_update(context, buffer, to_read));
197 SVN_ERR(cancel_func(cancel_baton));
200 SVN_ERR(svn_checksum_final(&actual, context, scratch_pool));
202 /* Verify that it matches the expected checksum. */
203 if (!svn_checksum_match(expected, actual))
205 const char *file_name;
207 SVN_ERR(svn_io_file_name_get(&file_name, file, scratch_pool));
208 SVN_ERR(svn_checksum_mismatch_err(expected, actual, scratch_pool,
209 _("%s checksum mismatch in file %s"),
216 /* Verify the MD5 checksums of the index data in the rev / pack file
217 * containing revision START in FS. If given, invoke CANCEL_FUNC with
218 * CANCEL_BATON at regular intervals. Use SCRATCH_POOL for temporary
222 verify_index_checksums(svn_fs_t *fs,
224 svn_cancel_func_t cancel_func,
226 apr_pool_t *scratch_pool)
228 svn_fs_fs__revision_file_t *rev_file;
230 /* Open the rev / pack file and read the footer */
231 SVN_ERR(svn_fs_fs__open_pack_or_rev_file(&rev_file, fs, start,
232 scratch_pool, scratch_pool));
233 SVN_ERR(svn_fs_fs__auto_read_footer(rev_file));
235 /* Verify the index contents against the checksum from the footer. */
236 SVN_ERR(verify_index_checksum(rev_file->file, "L2P index",
237 rev_file->l2p_offset, rev_file->p2l_offset,
238 rev_file->l2p_checksum,
239 cancel_func, cancel_baton, scratch_pool));
240 SVN_ERR(verify_index_checksum(rev_file->file, "P2L index",
241 rev_file->p2l_offset, rev_file->footer_offset,
242 rev_file->p2l_checksum,
243 cancel_func, cancel_baton, scratch_pool));
246 SVN_ERR(svn_fs_fs__close_revision_file(rev_file));
251 /* Verify that for all log-to-phys index entries for revisions START to
252 * START + COUNT-1 in FS there is a consistent entry in the phys-to-log
253 * index. If given, invoke CANCEL_FUNC with CANCEL_BATON at regular
254 * intervals. Use POOL for allocations.
257 compare_l2p_to_p2l_index(svn_fs_t *fs,
260 svn_cancel_func_t cancel_func,
265 apr_pool_t *iterpool = svn_pool_create(pool);
266 apr_array_header_t *max_ids;
268 /* common file access structure */
269 svn_fs_fs__revision_file_t *rev_file;
270 SVN_ERR(svn_fs_fs__open_pack_or_rev_file(&rev_file, fs, start, pool,
273 /* determine the range of items to check for each revision */
274 SVN_ERR(svn_fs_fs__l2p_get_max_ids(&max_ids, fs, start, count, pool,
277 /* check all items in all revisions if the given range */
278 for (i = 0; i < max_ids->nelts; ++i)
281 apr_uint64_t max_id = APR_ARRAY_IDX(max_ids, i, apr_uint64_t);
282 svn_revnum_t revision = start + i;
284 for (k = 0; k < max_id; ++k)
287 svn_fs_fs__p2l_entry_t *p2l_entry;
288 svn_pool_clear(iterpool);
290 /* get L2P entry. Ignore unused entries. */
291 SVN_ERR(svn_fs_fs__item_offset(&offset, fs, rev_file, revision,
296 /* find the corresponding P2L entry */
297 SVN_ERR(svn_fs_fs__p2l_entry_lookup(&p2l_entry, fs, rev_file,
298 revision, offset, iterpool,
301 if (p2l_entry == NULL)
302 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT,
304 _("p2l index entry not found for "
305 "PHYS %s returned by "
306 "l2p index for LOG r%ld:i%ld"),
307 apr_off_t_toa(pool, offset),
310 if ( p2l_entry->item.number != k
311 || p2l_entry->item.revision != revision)
312 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT,
314 _("p2l index info LOG r%ld:i%ld"
316 "l2p index for LOG r%ld:i%ld"),
317 p2l_entry->item.revision,
318 (long)p2l_entry->item.number,
323 SVN_ERR(cancel_func(cancel_baton));
326 svn_pool_destroy(iterpool);
328 SVN_ERR(svn_fs_fs__close_revision_file(rev_file));
333 /* Verify that for all phys-to-log index entries for revisions START to
334 * START + COUNT-1 in FS there is a consistent entry in the log-to-phys
335 * index. If given, invoke CANCEL_FUNC with CANCEL_BATON at regular
336 * intervals. Use POOL for allocations.
338 * Please note that we can only check on pack / rev file granularity and
339 * must only be called for a single rev / pack file.
342 compare_p2l_to_l2p_index(svn_fs_t *fs,
345 svn_cancel_func_t cancel_func,
349 fs_fs_data_t *ffd = fs->fsap_data;
350 apr_pool_t *iterpool = svn_pool_create(pool);
351 apr_off_t max_offset;
352 apr_off_t offset = 0;
354 /* common file access structure */
355 svn_fs_fs__revision_file_t *rev_file;
356 SVN_ERR(svn_fs_fs__open_pack_or_rev_file(&rev_file, fs, start, pool,
359 /* get the size of the rev / pack file as covered by the P2L index */
360 SVN_ERR(svn_fs_fs__p2l_get_max_offset(&max_offset, fs, rev_file, start,
363 /* for all offsets in the file, get the P2L index entries and check
364 them against the L2P index */
365 for (offset = 0; offset < max_offset; )
367 apr_array_header_t *entries;
368 svn_fs_fs__p2l_entry_t *last_entry;
371 svn_pool_clear(iterpool);
373 /* get all entries for the current block */
374 SVN_ERR(svn_fs_fs__p2l_index_lookup(&entries, fs, rev_file, start,
375 offset, ffd->p2l_page_size,
376 iterpool, iterpool));
377 if (entries->nelts == 0)
378 return svn_error_createf(SVN_ERR_FS_INDEX_CORRUPTION,
380 _("p2l does not cover offset %s"
381 " for revision %ld"),
382 apr_off_t_toa(pool, offset), start);
384 /* process all entries (and later continue with the next block) */
386 = &APR_ARRAY_IDX(entries, entries->nelts-1, svn_fs_fs__p2l_entry_t);
387 offset = last_entry->offset + last_entry->size;
389 for (i = 0; i < entries->nelts; ++i)
391 svn_fs_fs__p2l_entry_t *entry
392 = &APR_ARRAY_IDX(entries, i, svn_fs_fs__p2l_entry_t);
394 /* check all sub-items for consist entries in the L2P index */
395 if (entry->type == SVN_FS_FS__ITEM_TYPE_UNUSED)
397 /* There is no L2P entry for unused rev file sections.
398 * And its P2L index data is hardly ever used. But we
399 * should still check whether someone tempered with it. */
400 if ( entry->item.revision != SVN_INVALID_REVNUM
401 && ( entry->item.revision < start
402 || entry->item.revision >= start + count))
403 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT,
405 _("Empty P2L entry for PHYS %s "
406 "refers to revision %ld outside "
407 "the rev / pack file (%ld-%ld)"),
408 apr_off_t_toa(pool, entry->offset),
409 entry->item.revision,
410 start, start + count - 1);
414 apr_off_t l2p_offset;
415 SVN_ERR(svn_fs_fs__item_offset(&l2p_offset, fs, rev_file,
416 entry->item.revision, NULL,
417 entry->item.number, iterpool));
419 if (l2p_offset != entry->offset)
420 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT,
422 _("l2p index entry PHYS %s"
423 "does not match p2l index value "
424 "LOG r%ld:i%ld for PHYS %s"),
425 apr_off_t_toa(pool, l2p_offset),
426 entry->item.revision,
427 (long)entry->item.number,
428 apr_off_t_toa(pool, entry->offset));
433 SVN_ERR(cancel_func(cancel_baton));
436 svn_pool_destroy(iterpool);
438 SVN_ERR(svn_fs_fs__close_revision_file(rev_file));
443 /* Items smaller than this can be read at once into a buffer and directly
444 * be checksummed. Larger items require stream processing.
445 * Must be a multiple of 8. */
446 #define STREAM_THRESHOLD 4096
448 /* Verify that the next SIZE bytes read from FILE are NUL.
449 * SIZE must not exceed STREAM_THRESHOLD. Use POOL for allocations.
452 expect_buffer_nul(apr_file_t *file,
458 unsigned char buffer[STREAM_THRESHOLD];
459 apr_uint64_t chunks[STREAM_THRESHOLD / sizeof(apr_uint64_t)];
463 SVN_ERR_ASSERT(size <= STREAM_THRESHOLD);
465 /* read the whole data block; error out on failure */
466 data.chunks[(size - 1)/ sizeof(apr_uint64_t)] = 0;
467 SVN_ERR(svn_io_file_read_full2(file, data.buffer, (apr_size_t)size, NULL,
471 for (i = 0; i < size / sizeof(apr_uint64_t); ++i)
472 if (data.chunks[i] != 0)
475 /* byte-wise check upon mismatch or at the end of the block */
476 for (i *= sizeof(apr_uint64_t); i < size; ++i)
477 if (data.buffer[i] != 0)
479 const char *file_name;
482 SVN_ERR(svn_io_file_name_get(&file_name, file, pool));
483 SVN_ERR(svn_io_file_get_offset(&offset, file, pool));
486 return svn_error_createf(SVN_ERR_FS_CORRUPT, NULL,
487 _("Empty section in file %s contains "
488 "non-NUL data at offset %s"),
489 file_name, apr_off_t_toa(pool, offset));
495 /* Verify that the next SIZE bytes read from FILE are NUL.
496 * Use POOL for allocations.
499 read_all_nul(apr_file_t *file,
503 for (; size >= STREAM_THRESHOLD; size -= STREAM_THRESHOLD)
504 SVN_ERR(expect_buffer_nul(file, STREAM_THRESHOLD, pool));
507 SVN_ERR(expect_buffer_nul(file, size, pool));
512 /* Compare the ACTUAL checksum with the one expected by ENTRY.
513 * Return an error in case of mismatch. Use the name of FILE
514 * in error message. Allocate data in POOL.
517 expected_checksum(apr_file_t *file,
518 svn_fs_fs__p2l_entry_t *entry,
522 if (actual != entry->fnv1_checksum)
524 const char *file_name;
526 SVN_ERR(svn_io_file_name_get(&file_name, file, pool));
527 return svn_error_createf(SVN_ERR_FS_CORRUPT, NULL,
528 _("Checksum mismatch in item at offset %s of "
529 "length %s bytes in file %s"),
530 apr_off_t_toa(pool, entry->offset),
531 apr_off_t_toa(pool, entry->size), file_name);
537 /* Verify that the FNV checksum over the next ENTRY->SIZE bytes read
538 * from FILE will match ENTRY's expected checksum. SIZE must not
539 * exceed STREAM_THRESHOLD. Use POOL for allocations.
542 expected_buffered_checksum(apr_file_t *file,
543 svn_fs_fs__p2l_entry_t *entry,
546 unsigned char buffer[STREAM_THRESHOLD];
547 SVN_ERR_ASSERT(entry->size <= STREAM_THRESHOLD);
549 SVN_ERR(svn_io_file_read_full2(file, buffer, (apr_size_t)entry->size,
551 SVN_ERR(expected_checksum(file, entry,
552 svn__fnv1a_32x4(buffer, (apr_size_t)entry->size),
558 /* Verify that the FNV checksum over the next ENTRY->SIZE bytes read from
559 * FILE will match ENTRY's expected checksum. Use POOL for allocations.
562 expected_streamed_checksum(apr_file_t *file,
563 svn_fs_fs__p2l_entry_t *entry,
566 unsigned char buffer[STREAM_THRESHOLD];
567 svn_checksum_t *checksum;
568 svn_checksum_ctx_t *context
569 = svn_checksum_ctx_create(svn_checksum_fnv1a_32x4, pool);
570 apr_off_t size = entry->size;
574 apr_size_t to_read = size > sizeof(buffer)
577 SVN_ERR(svn_io_file_read_full2(file, buffer, to_read, NULL, NULL,
579 SVN_ERR(svn_checksum_update(context, buffer, to_read));
583 SVN_ERR(svn_checksum_final(&checksum, context, pool));
584 SVN_ERR(expected_checksum(file, entry,
585 ntohl(*(const apr_uint32_t *)checksum->digest),
591 /* Verify that for all phys-to-log index entries for revisions START to
592 * START + COUNT-1 in FS match the actual pack / rev file contents.
593 * If given, invoke CANCEL_FUNC with CANCEL_BATON at regular intervals.
594 * Use POOL for allocations.
596 * Please note that we can only check on pack / rev file granularity and
597 * must only be called for a single rev / pack file.
600 compare_p2l_to_rev(svn_fs_t *fs,
603 svn_cancel_func_t cancel_func,
607 fs_fs_data_t *ffd = fs->fsap_data;
608 apr_pool_t *iterpool = svn_pool_create(pool);
609 apr_off_t max_offset;
610 apr_off_t offset = 0;
611 svn_fs_fs__revision_file_t *rev_file;
613 /* open the pack / rev file that is covered by the p2l index */
614 SVN_ERR(svn_fs_fs__open_pack_or_rev_file(&rev_file, fs, start, pool,
617 /* check file size vs. range covered by index */
618 SVN_ERR(svn_fs_fs__auto_read_footer(rev_file));
619 SVN_ERR(svn_fs_fs__p2l_get_max_offset(&max_offset, fs, rev_file, start,
622 if (rev_file->l2p_offset != max_offset)
623 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT, NULL,
624 _("File size of %s for revision r%ld does "
625 "not match p2l index size of %s"),
626 apr_off_t_toa(pool, rev_file->l2p_offset), start,
627 apr_off_t_toa(pool, max_offset));
629 SVN_ERR(svn_io_file_aligned_seek(rev_file->file, ffd->block_size, NULL, 0,
632 /* for all offsets in the file, get the P2L index entries and check
633 them against the L2P index */
634 for (offset = 0; offset < max_offset; )
636 apr_array_header_t *entries;
639 svn_pool_clear(iterpool);
641 /* get all entries for the current block */
642 SVN_ERR(svn_fs_fs__p2l_index_lookup(&entries, fs, rev_file, start,
643 offset, ffd->p2l_page_size,
644 iterpool, iterpool));
646 /* The above might have moved the file pointer.
647 * Ensure we actually start reading at OFFSET. */
648 SVN_ERR(svn_io_file_aligned_seek(rev_file->file, ffd->block_size,
649 NULL, offset, iterpool));
651 /* process all entries (and later continue with the next block) */
652 for (i = 0; i < entries->nelts; ++i)
654 svn_fs_fs__p2l_entry_t *entry
655 = &APR_ARRAY_IDX(entries, i, svn_fs_fs__p2l_entry_t);
657 /* skip bits we previously checked */
658 if (i == 0 && entry->offset < offset)
661 /* skip zero-sized entries */
662 if (entry->size == 0)
665 /* p2l index must cover all rev / pack file offsets exactly once */
666 if (entry->offset != offset)
667 return svn_error_createf(SVN_ERR_FS_INDEX_INCONSISTENT,
669 _("p2l index entry for revision r%ld"
670 " is non-contiguous between offsets "
673 apr_off_t_toa(pool, offset),
674 apr_off_t_toa(pool, entry->offset));
676 /* Check type <-> item dependencies. */
678 /* Entry types must be within the valid range. */
679 if (entry->type >= SVN_FS_FS__ITEM_TYPE_ANY_REP)
680 return svn_error_createf(SVN_ERR_FS_INDEX_CORRUPTION,
682 _("p2l index entry for revision r%ld"
683 " at offset %s contains invalid item"
686 apr_off_t_toa(pool, offset),
689 /* There can be only one changes entry and that has a fixed type
690 * and item number. Its presence and parse-ability will be checked
691 * during later stages of the verification process. */
692 if ( (entry->type == SVN_FS_FS__ITEM_TYPE_CHANGES)
693 != (entry->item.number == SVN_FS_FS__ITEM_INDEX_CHANGES))
694 return svn_error_createf(SVN_ERR_FS_INDEX_CORRUPTION,
696 _("p2l index entry for changes in"
697 " revision r%ld is item %ld of type"
699 entry->item.revision,
702 apr_off_t_toa(pool, offset));
704 /* Check contents. */
705 if (entry->type == SVN_FS_FS__ITEM_TYPE_UNUSED)
707 /* Empty sections must contain NUL bytes only.
708 * Beware of the filler at the end of the p2l index. */
709 if (entry->offset != max_offset)
710 SVN_ERR(read_all_nul(rev_file->file, entry->size, pool));
714 /* Generic contents check against checksum. */
715 if (entry->size < STREAM_THRESHOLD)
716 SVN_ERR(expected_buffered_checksum(rev_file->file, entry,
719 SVN_ERR(expected_streamed_checksum(rev_file->file, entry,
724 offset += entry->size;
728 SVN_ERR(cancel_func(cancel_baton));
731 svn_pool_destroy(iterpool);
733 SVN_ERR(svn_fs_fs__close_revision_file(rev_file));
738 /* Verify that the revprops of the revisions START to END in FS can be
739 * accessed. Invoke CANCEL_FUNC with CANCEL_BATON at regular intervals.
741 * The values of START and END have already been auto-selected and
745 verify_revprops(svn_fs_t *fs,
748 svn_cancel_func_t cancel_func,
752 svn_revnum_t revision;
753 apr_pool_t *iterpool = svn_pool_create(pool);
755 /* Invalidate the revprop cache once.
756 * Use the cache inside the loop to speed up packed revprop access. */
757 svn_fs_fs__reset_revprop_cache(fs);
759 for (revision = start; revision < end; ++revision)
764 svn_pool_clear(iterpool);
766 /* Access the svn:date revprop.
767 * This implies parsing all revprops for that revision. */
768 SVN_ERR(svn_fs_fs__revision_prop(&date, fs, revision,
769 SVN_PROP_REVISION_DATE, FALSE,
770 iterpool, iterpool));
772 /* The time stamp is the only revprop that, if given, needs to
773 * have a valid content. */
775 SVN_ERR(svn_time_from_cstring(&timetemp, date->data, iterpool));
778 SVN_ERR(cancel_func(cancel_baton));
781 svn_pool_destroy(iterpool);
787 pack_size(svn_fs_t *fs, svn_revnum_t rev)
789 fs_fs_data_t *ffd = fs->fsap_data;
791 return rev < ffd->min_unpacked_rev ? ffd->max_files_per_dir : 1;
794 /* Verify that on-disk representation has not been tempered with (in a way
795 * that leaves the repository in a corrupted state). This compares log-to-
796 * phys with phys-to-log indexes, verifies the low-level checksums and
797 * checks that all revprops are available. The function signature is
798 * similar to svn_fs_fs__verify.
800 * The values of START and END have already been auto-selected and
801 * verified. You may call this for format7 or higher repos.
804 verify_f7_metadata_consistency(svn_fs_t *fs,
807 svn_fs_progress_notify_func_t notify_func,
809 svn_cancel_func_t cancel_func,
813 fs_fs_data_t *ffd = fs->fsap_data;
814 svn_revnum_t revision, next_revision;
815 apr_pool_t *iterpool = svn_pool_create(pool);
817 for (revision = start; revision <= end; revision = next_revision)
819 svn_error_t *err = SVN_NO_ERROR;
821 svn_revnum_t count = pack_size(fs, revision);
822 svn_revnum_t pack_start = svn_fs_fs__packed_base_rev(fs, revision);
823 svn_revnum_t pack_end = pack_start + count;
825 svn_pool_clear(iterpool);
827 if (notify_func && (pack_start % ffd->max_files_per_dir == 0))
828 notify_func(pack_start, notify_baton, iterpool);
830 /* Check for external corruption to the indexes. */
831 err = verify_index_checksums(fs, pack_start, cancel_func,
832 cancel_baton, iterpool);
834 /* two-way index check */
836 err = compare_l2p_to_p2l_index(fs, pack_start, pack_end - pack_start,
837 cancel_func, cancel_baton, iterpool);
839 err = compare_p2l_to_l2p_index(fs, pack_start, pack_end - pack_start,
840 cancel_func, cancel_baton, iterpool);
842 /* verify in-index checksums and types vs. actual rev / pack files */
844 err = compare_p2l_to_rev(fs, pack_start, pack_end - pack_start,
845 cancel_func, cancel_baton, iterpool);
847 /* ensure that revprops are available and accessible */
849 err = verify_revprops(fs, pack_start, pack_end,
850 cancel_func, cancel_baton, iterpool);
852 /* concurrent packing is one of the reasons why verification may fail.
853 Make sure, we operate on up-to-date information. */
857 = svn_fs_fs__read_min_unpacked_rev(&ffd->min_unpacked_rev,
860 /* Be careful to not leak ERR. */
862 return svn_error_trace(svn_error_compose_create(err, err2));
865 /* retry the whole shard if it got packed in the meantime */
866 if (err && count != pack_size(fs, revision))
868 svn_error_clear(err);
870 /* We could simply assign revision here but the code below is
871 more intuitive to maintainers. */
872 next_revision = svn_fs_fs__packed_base_rev(fs, revision);
877 next_revision = pack_end;
881 svn_pool_destroy(iterpool);
887 svn_fs_fs__verify(svn_fs_t *fs,
890 svn_fs_progress_notify_func_t notify_func,
892 svn_cancel_func_t cancel_func,
896 fs_fs_data_t *ffd = fs->fsap_data;
898 /* Input validation. */
899 if (! SVN_IS_VALID_REVNUM(start))
901 if (! SVN_IS_VALID_REVNUM(end))
903 SVN_ERR(svn_fs_fs__youngest_rev(&end, fs, pool));
906 SVN_ERR(svn_fs_fs__ensure_revision_exists(start, fs, pool));
907 SVN_ERR(svn_fs_fs__ensure_revision_exists(end, fs, pool));
909 /* log/phys index consistency. We need to check them first to make
910 sure we can access the rev / pack files in format7. */
911 if (svn_fs_fs__use_log_addressing(fs))
912 SVN_ERR(verify_f7_metadata_consistency(fs, start, end,
913 notify_func, notify_baton,
914 cancel_func, cancel_baton, pool));
916 /* rep cache consistency */
917 if (ffd->format >= SVN_FS_FS__MIN_REP_SHARING_FORMAT)
918 SVN_ERR(verify_rep_cache(fs, start, end, notify_func, notify_baton,
919 cancel_func, cancel_baton, pool));