#
f190f919 |
| 21-May-2021 |
Kirk McKusick <mckusick@FreeBSD.org> |
Fix fsck_ufs segfaults with gjournal (SU+J)
The segfault was being hit in ckfini() (sbin/fsck_ffs/fsutil.c) while attempting to traverse the buffer cache to flush dirty buffers. The tail queue used
Fix fsck_ufs segfaults with gjournal (SU+J)
The segfault was being hit in ckfini() (sbin/fsck_ffs/fsutil.c) while attempting to traverse the buffer cache to flush dirty buffers. The tail queue used for the buffer cache was not initialized before dropping into gjournal_check(). Move the buffer initialization earlier so that it has been done before calling gjournal_check().
Reported by: crypt47, nvass Fix by: Robert Wing Tested by: Robert Wing PR: 255030 PR: 255979 MFC after: 3 days Sponsored by: Netflix
show more ...
|
Revision tags: release/13.0.0 |
|
#
fc56fd26 |
| 02-Apr-2021 |
Kirk McKusick <mckusick@FreeBSD.org> |
Ensure that all allocated data structures in fsck_ffs are freed.
Several large data structures are allocated by fsck_ffs to track resource usage. Most but not all were deallocated at the end of chec
Ensure that all allocated data structures in fsck_ffs are freed.
Several large data structures are allocated by fsck_ffs to track resource usage. Most but not all were deallocated at the end of checking each filesystem. This commit consolidates the freeing of all data structures in one place and adds one that had previously been missing.
It is important to clean up these data structures as they can be large. If the previous allocations have not been freed, fsck_ffs can run out of address space when many large filesystems are being checked. An alternative would be to fork a new instance of fsck_ffs for each filesystem to be checked, but we choose to free the small set of large structures to save the fork overhead.
Reported by: Chuck Silvers Tested by: Chuck Silvers MFC after: 7 days Sponsored by: Netflix
show more ...
|
#
5cc52631 |
| 07-Jan-2021 |
Kirk McKusick <mckusick@FreeBSD.org> |
Rewrite the disk I/O management system in fsck_ffs(8). Other than making fsck_ffs(8) run faster, there should be no functional change.
The original fsck_ffs(8) had its own disk I/O management system
Rewrite the disk I/O management system in fsck_ffs(8). Other than making fsck_ffs(8) run faster, there should be no functional change.
The original fsck_ffs(8) had its own disk I/O management system. When gjournal(8) was added to FreeBSD 7, code was added to fsck_ffs(8) to do the necessary gjournal rollback. Rather than use the existing fsck_ffs(8) disk I/O system, it wrote its own from scratch. Similarly when journalled soft updates were added in FreeBSD 9, code was added to fsck_ffs(8) to do the necessary journal rollback. And once again, rather than using either of the existing fsck_ffs(8) disk I/O systems, it wrote its own from scratch. Lastly the fsdb(8) utility uses the fsck_ffs(8) disk I/O management system. In preparation for making the changes necessary to enable snapshots to be taken when using journalled soft updates, it was necessary to have a single disk I/O system used by all the various subsystems in fsck_ffs(8).
This commit merges the functionality required by all the different subsystems into a single disk I/O system that supports all of their needs. In so doing it picks up optimizations from each of them with the results that each of the subsystems does fewer reads and writes than it did with its own customized I/O system. It also greatly simplifies making changes to fsck_ffs(8) since everything goes through a single place. For example the ginode() function fetches an inode from the disk. When inode check hashes were added, they previously had to be checked in the code implementing inode fetch in each of the three different disk I/O systems. Now they need only be checked in ginode().
Tested by: Peter Holm Sponsored by: Netflix
show more ...
|
Revision tags: release/12.2.0 |
|
#
e8337044 |
| 01-Sep-2020 |
Chuck Silvers <chs@FreeBSD.org> |
Move all of the error prints in readsb() from stderr to stdout. The only output from fsck that should go to stderr is the usage message. if setup() fails then exit with EEXIT rather than 0.
Reviewed
Move all of the error prints in readsb() from stderr to stdout. The only output from fsck that should go to stderr is the usage message. if setup() fails then exit with EEXIT rather than 0.
Reviewed by: mckusick Sponsored by: Netflix
show more ...
|
#
e2515283 |
| 27-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
#
518eb03e |
| 16-Aug-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r364251 through r364263.
|
#
f644caad |
| 15-Aug-2020 |
Kirk McKusick <mckusick@FreeBSD.org> |
Use the sbput() function to write alternate superblocks so that they get a checkhash.
PR: 246983 Sponsored by: Netflix
|
Revision tags: release/11.4.0 |
|
#
c094263a |
| 25-Dec-2019 |
Kirk McKusick <mckusick@FreeBSD.org> |
When running fsck_ffs manually, do not ask:
USE JOURNAL? [yn]
when the journal timestamp does not match the filesystem mount time as we are just going to print an error and fall through to a full
When running fsck_ffs manually, do not ask:
USE JOURNAL? [yn]
when the journal timestamp does not match the filesystem mount time as we are just going to print an error and fall through to a full fsck. Instead, just run a full fsck.
Requested by: Bjoern A. Zeeb (bz) MFC after: 7 days
show more ...
|
Revision tags: release/12.1.0, release/11.3.0 |
|
#
7648bc9f |
| 13-May-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @347527
Sponsored by: The FreeBSD Foundation
|
#
0061238f |
| 03-May-2019 |
Kirk McKusick <mckusick@FreeBSD.org> |
This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk. It can be viewed by any user with read a
This update eliminates a kernel stack disclosure bug in UFS/FFS directory entries that is caused by uninitialized directory entry padding written to the disk. It can be viewed by any user with read access to that directory. Up to 3 bytes of kernel stack are disclosed per file entry, depending on the the amount of padding the kernel needs to pad out the entry to a 32 bit boundry. The offset in the kernel stack that is disclosed is a function of the filename size. Furthermore, if the user can create files in a directory, this 3 byte window can be expanded 3 bytes at a time to a 254 byte window with 75% of the data in that window exposed. The additional exposure is done by removing the entry, creating a new entry with a 4-byte longer name, extracting 3 more bytes by reading the directory, and repeating until a 252 byte name is created.
This exploit works in part because the area of the kernel stack that is being disclosed is in an area that typically doesn't change that often (perhaps a few times a second on a lightly loaded system), and these file creates and unlinks themselves don't overwrite the area of kernel stack being disclosed.
It appears that this bug originated with the creation of the Fast File System in 4.1b-BSD (Circa 1982, more than 36 years ago!), and is likely present in every Unix or Unix-like system that uses UFS/FFS. Amazingly, nobody noticed until now.
This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running.
Submitted by: David G. Lawrence <dg@dglawrence.com> Reviewed by: kib MFC after: 1 week
show more ...
|
#
8f829a5c |
| 11-Dec-2018 |
Kirk McKusick <mckusick@FreeBSD.org> |
Continuing efforts to provide hardening of FFS. This change adds a check hash to the filesystem inodes. Access attempts to files associated with an inode with an invalid check hash will fail with EIN
Continuing efforts to provide hardening of FFS. This change adds a check hash to the filesystem inodes. Access attempts to files associated with an inode with an invalid check hash will fail with EINVAL (Invalid argument). Access is reestablished after an fsck is run to find and validate the inodes with invalid check-hashes. This check avoids a class of filesystem panics related to corrupted inodes. The hash is done using crc32c.
Note this check-hash is for the inode itself and not any of its indirect blocks. Check-hash validation may be extended to also cover indirect block pointers, but that will be a separate (and more costly) feature.
Check hashes are added only to UFS2 and not to UFS1 as UFS1 is primarily used in embedded systems with small memories and low-powered processors which need as light-weight a filesystem as possible.
Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix
show more ...
|
Revision tags: release/12.0.0 |
|
#
6149ed01 |
| 14-Nov-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r340368 through r340426.
|
#
9fc5d538 |
| 13-Nov-2018 |
Kirk McKusick <mckusick@FreeBSD.org> |
In preparation for adding inode check-hashes, clean up and document the libufs interface for fetching and storing inodes. The undocumented getino / putino interface has been replaced with a new getin
In preparation for adding inode check-hashes, clean up and document the libufs interface for fetching and storing inodes. The undocumented getino / putino interface has been replaced with a new getinode / putinode interface.
Convert the utilities that had been using the undocumented interface to use the new documented interface.
No functional change (as for now the libufs library does not do inode check-hashes).
Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix
show more ...
|
#
fda9adaf |
| 27-Oct-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r339670 through r339812.
|
#
ec888383 |
| 23-Oct-2018 |
Kirk McKusick <mckusick@FreeBSD.org> |
Continuing efforts to provide hardening of FFS, this change adds a check hash to the superblock. If a check hash fails when an attempt is made to mount a filesystem, the mount fails with EINVAL (Inva
Continuing efforts to provide hardening of FFS, this change adds a check hash to the superblock. If a check hash fails when an attempt is made to mount a filesystem, the mount fails with EINVAL (Invalid argument). This avoids a class of filesystem panics related to corrupted superblocks. The hash is done using crc32c.
Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily used in embedded systems with small memories and low-powered processors which need as light-weight a filesystem as possible.
Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix
show more ...
|
Revision tags: release/11.2.0 |
|
#
31461aa2 |
| 09-Feb-2018 |
Kirk McKusick <mckusick@FreeBSD.org> |
Include files missed in 329051.
|
#
469759f8 |
| 15-Jan-2018 |
David Bright <dab@FreeBSD.org> |
Exit fsck_ffs with non-zero status when file system is not repaired.
When the fsck_ffs program cannot fully repair a file system, it will output the message PLEASE RERUN FSCK. However, it does not e
Exit fsck_ffs with non-zero status when file system is not repaired.
When the fsck_ffs program cannot fully repair a file system, it will output the message PLEASE RERUN FSCK. However, it does not exit with a non-zero status in this case (contradicting the man page claim that it "exits with 0 on success, and >0 if an error occurs." The fsck rc-script (when running "fsck -y") tests the status from fsck (which passes along the exit status from fsck_ffs) and issues a "stop_boot" if the status fails. However, this is not effective since fsck_ffs can return zero even on (some) errors. Effectively, it is left to a later step in the boot process when the file systems are mounted to detect the still-unclean file system and stop the boot.
This change modifies fsck_ffs so that when it cannot fully repair the file system and issues the PLEASE RERUN FSCK message it also exits with a non-zero status.
While here, the fsck_ffs man page has also been updated to document the failing exit status codes used by fsck_ffs. Previously, only exit status 7 was documented. Some of these exit statuses are tested for in the fsck rc-script, so they are clearly depended upon and deserve documentation.
Reviewed by: mckusick, vangyzen, jilles (manpages) MFC after: 1 week Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D13862
show more ...
|
#
82725ba9 |
| 23-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325999 through r326131.
|
#
8a16b7a1 |
| 20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier f
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
show more ...
|
#
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
#
50896984 |
| 10-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324482
|
#
91882068 |
| 10-Oct-2017 |
Kirk McKusick <mckusick@FreeBSD.org> |
Do not report the filesystem as modified when the only change is to update the timestamp in the superblock.
Reported by: Peter Holm MFC after: 1 week
|
Revision tags: release/10.4.0, release/11.1.0 |
|
#
348238db |
| 01-Mar-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r314420 through r314481.
|
#
fbbd9655 |
| 01-Mar-2017 |
Warner Losh <imp@FreeBSD.org> |
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
show more ...
|
#
a3906ca5 |
| 17-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313644 through r313895.
|