xref: /freebsd/sys/ufs/ffs/ffs_subr.c (revision e1ebda4458bbaf7d85fb803e20f3afc5441f24d9)
160727d8bSWarner Losh /*-
251369649SPedro F. Giffuni  * SPDX-License-Identifier: BSD-3-Clause
351369649SPedro F. Giffuni  *
4df8bae1dSRodney W. Grimes  * Copyright (c) 1982, 1986, 1989, 1993
5df8bae1dSRodney W. Grimes  *	The Regents of the University of California.  All rights reserved.
6df8bae1dSRodney W. Grimes  *
7df8bae1dSRodney W. Grimes  * Redistribution and use in source and binary forms, with or without
8df8bae1dSRodney W. Grimes  * modification, are permitted provided that the following conditions
9df8bae1dSRodney W. Grimes  * are met:
10df8bae1dSRodney W. Grimes  * 1. Redistributions of source code must retain the above copyright
11df8bae1dSRodney W. Grimes  *    notice, this list of conditions and the following disclaimer.
12df8bae1dSRodney W. Grimes  * 2. Redistributions in binary form must reproduce the above copyright
13df8bae1dSRodney W. Grimes  *    notice, this list of conditions and the following disclaimer in the
14df8bae1dSRodney W. Grimes  *    documentation and/or other materials provided with the distribution.
1515c377c3SEd Maste  * 3. Neither the name of the University nor the names of its contributors
16df8bae1dSRodney W. Grimes  *    may be used to endorse or promote products derived from this software
17df8bae1dSRodney W. Grimes  *    without specific prior written permission.
18df8bae1dSRodney W. Grimes  *
19df8bae1dSRodney W. Grimes  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20df8bae1dSRodney W. Grimes  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21df8bae1dSRodney W. Grimes  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22df8bae1dSRodney W. Grimes  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23df8bae1dSRodney W. Grimes  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24df8bae1dSRodney W. Grimes  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25df8bae1dSRodney W. Grimes  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26df8bae1dSRodney W. Grimes  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27df8bae1dSRodney W. Grimes  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28df8bae1dSRodney W. Grimes  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29df8bae1dSRodney W. Grimes  * SUCH DAMAGE.
30df8bae1dSRodney W. Grimes  */
31df8bae1dSRodney W. Grimes 
32df8bae1dSRodney W. Grimes #include <sys/param.h>
33b13110e9SAlfredo Dal'Ava Junior #include <sys/endian.h>
34076002f2SKirk McKusick #include <sys/limits.h>
35df8bae1dSRodney W. Grimes 
36c4473420SPeter Wemm #ifndef _KERNEL
371111a443SKirk McKusick #include <stdbool.h>
38dffce215SKirk McKusick #include <stdio.h>
39dffce215SKirk McKusick #include <string.h>
40dffce215SKirk McKusick #include <stdlib.h>
41dffce215SKirk McKusick #include <time.h>
42dffce215SKirk McKusick #include <sys/errno.h>
43996c772fSJohn Dyson #include <ufs/ufs/dinode.h>
441c85e6a3SKirk McKusick #include <ufs/ffs/fs.h>
45dffce215SKirk McKusick 
46ec888383SKirk McKusick uint32_t calculate_crc32c(uint32_t, const void *, size_t);
47ade67b50SKirk McKusick uint32_t ffs_calc_sbhash(struct fs *);
48dffce215SKirk McKusick struct malloc_type;
49dffce215SKirk McKusick #define UFS_MALLOC(size, type, flags) malloc(size)
50dffce215SKirk McKusick #define UFS_FREE(ptr, type) free(ptr)
51076002f2SKirk McKusick #define maxphys MAXPHYS
52dffce215SKirk McKusick 
53dffce215SKirk McKusick #else /* _KERNEL */
54df8bae1dSRodney W. Grimes #include <sys/systm.h>
55f89d2072SXin LI #include <sys/gsb_crc32.h>
561cd52ec3SBruce Evans #include <sys/lock.h>
571c85e6a3SKirk McKusick #include <sys/malloc.h>
581c85e6a3SKirk McKusick #include <sys/mount.h>
59df8bae1dSRodney W. Grimes #include <sys/vnode.h>
609626b608SPoul-Henning Kamp #include <sys/bio.h>
61df8bae1dSRodney W. Grimes #include <sys/buf.h>
6208637435SBruce Evans #include <sys/ucred.h>
631111a443SKirk McKusick #include <sys/sysctl.h>
6408637435SBruce Evans 
65df8bae1dSRodney W. Grimes #include <ufs/ufs/quota.h>
66df8bae1dSRodney W. Grimes #include <ufs/ufs/inode.h>
671c85e6a3SKirk McKusick #include <ufs/ufs/extattr.h>
681c85e6a3SKirk McKusick #include <ufs/ufs/ufsmount.h>
691c85e6a3SKirk McKusick #include <ufs/ufs/ufs_extern.h>
70996c772fSJohn Dyson #include <ufs/ffs/ffs_extern.h>
711c85e6a3SKirk McKusick #include <ufs/ffs/fs.h>
72df8bae1dSRodney W. Grimes 
73dffce215SKirk McKusick #define UFS_MALLOC(size, type, flags) malloc(size, type, flags)
74dffce215SKirk McKusick #define UFS_FREE(ptr, type) free(ptr, type)
75dffce215SKirk McKusick 
76fb14e73cSKirk McKusick #endif /* _KERNEL */
77df8bae1dSRodney W. Grimes 
78df8bae1dSRodney W. Grimes /*
798f829a5cSKirk McKusick  * Verify an inode check-hash.
808f829a5cSKirk McKusick  */
818f829a5cSKirk McKusick int
828f829a5cSKirk McKusick ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip)
838f829a5cSKirk McKusick {
84c8f55fc4SKirk McKusick 	uint32_t ckhash, save_ckhash;
858f829a5cSKirk McKusick 
868f829a5cSKirk McKusick 	/*
878f829a5cSKirk McKusick 	 * Return success if unallocated or we are not doing inode check-hash.
888f829a5cSKirk McKusick 	 */
898f829a5cSKirk McKusick 	if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0)
908f829a5cSKirk McKusick 		return (0);
918f829a5cSKirk McKusick 	/*
928f829a5cSKirk McKusick 	 * Exclude di_ckhash from the crc32 calculation, e.g., always use
938f829a5cSKirk McKusick 	 * a check-hash value of zero when calculating the check-hash.
948f829a5cSKirk McKusick 	 */
958f829a5cSKirk McKusick 	save_ckhash = dip->di_ckhash;
968f829a5cSKirk McKusick 	dip->di_ckhash = 0;
97c8f55fc4SKirk McKusick 	ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip));
988f829a5cSKirk McKusick 	dip->di_ckhash = save_ckhash;
99c8f55fc4SKirk McKusick 	if (save_ckhash == ckhash)
1008f829a5cSKirk McKusick 		return (0);
101c8f55fc4SKirk McKusick 	return (EINVAL);
1028f829a5cSKirk McKusick }
1038f829a5cSKirk McKusick 
1048f829a5cSKirk McKusick /*
1058f829a5cSKirk McKusick  * Update an inode check-hash.
1068f829a5cSKirk McKusick  */
1078f829a5cSKirk McKusick void
1088f829a5cSKirk McKusick ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip)
1098f829a5cSKirk McKusick {
1108f829a5cSKirk McKusick 
1118f829a5cSKirk McKusick 	if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0)
1128f829a5cSKirk McKusick 		return;
1138f829a5cSKirk McKusick 	/*
1148f829a5cSKirk McKusick 	 * Exclude old di_ckhash from the crc32 calculation, e.g., always use
1158f829a5cSKirk McKusick 	 * a check-hash value of zero when calculating the new check-hash.
1168f829a5cSKirk McKusick 	 */
1178f829a5cSKirk McKusick 	dip->di_ckhash = 0;
1188f829a5cSKirk McKusick 	dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip));
1198f829a5cSKirk McKusick }
1208f829a5cSKirk McKusick 
1218f829a5cSKirk McKusick /*
122dffce215SKirk McKusick  * These are the low-level functions that actually read and write
123dffce215SKirk McKusick  * the superblock and its associated data.
124dffce215SKirk McKusick  */
125dffce215SKirk McKusick static off_t sblock_try[] = SBLOCKSEARCH;
126b21582eeSKirk McKusick static int readsuper(void *, struct fs **, off_t, int,
127dffce215SKirk McKusick 	int (*)(void *, off_t, void **, int));
128661ca921SKirk McKusick static void ffs_oldfscompat_read(struct fs *, ufs2_daddr_t);
129076002f2SKirk McKusick static int validate_sblock(struct fs *, int);
130dffce215SKirk McKusick 
131dffce215SKirk McKusick /*
132dffce215SKirk McKusick  * Read a superblock from the devfd device.
133dffce215SKirk McKusick  *
134dffce215SKirk McKusick  * If an alternate superblock is specified, it is read. Otherwise the
135dffce215SKirk McKusick  * set of locations given in the SBLOCKSEARCH list is searched for a
136dffce215SKirk McKusick  * superblock. Memory is allocated for the superblock by the readfunc and
137dffce215SKirk McKusick  * is returned. If filltype is non-NULL, additional memory is allocated
138dffce215SKirk McKusick  * of type filltype and filled in with the superblock summary information.
139efbf3964SKirk McKusick  * All memory is freed when any error is returned.
140dffce215SKirk McKusick  *
141dffce215SKirk McKusick  * If a superblock is found, zero is returned. Otherwise one of the
142dffce215SKirk McKusick  * following error values is returned:
143dffce215SKirk McKusick  *     EIO: non-existent or truncated superblock.
144dffce215SKirk McKusick  *     EIO: error reading summary information.
145dffce215SKirk McKusick  *     ENOENT: no usable known superblock found.
146b13110e9SAlfredo Dal'Ava Junior  *     EILSEQ: filesystem with wrong byte order found.
147076002f2SKirk McKusick  *     ENOMEM: failed to allocate space for the superblock.
148dffce215SKirk McKusick  *     EINVAL: The previous newfs operation on this volume did not complete.
149dffce215SKirk McKusick  *         The administrator must complete newfs before using this volume.
150dffce215SKirk McKusick  */
151dffce215SKirk McKusick int
152b21582eeSKirk McKusick ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags,
153dffce215SKirk McKusick     struct malloc_type *filltype,
154dffce215SKirk McKusick     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
155dffce215SKirk McKusick {
156dffce215SKirk McKusick 	struct fs *fs;
15734816cb9SKirk McKusick 	struct fs_summary_info *fs_si;
158076002f2SKirk McKusick 	int i, error;
159076002f2SKirk McKusick 	uint64_t size, blks;
160dffce215SKirk McKusick 	uint8_t *space;
161dffce215SKirk McKusick 	int32_t *lp;
162dffce215SKirk McKusick 	char *buf;
163dffce215SKirk McKusick 
164efbf3964SKirk McKusick 	fs = NULL;
16516759360SMark Johnston 	*fsp = NULL;
166b21582eeSKirk McKusick 	if (sblock != UFS_STDSB) {
167b21582eeSKirk McKusick 		if ((error = readsuper(devfd, &fs, sblock,
168b21582eeSKirk McKusick 		    flags | UFS_ALTSBLK, readfunc)) != 0) {
169efbf3964SKirk McKusick 			if (fs != NULL)
170efbf3964SKirk McKusick 				UFS_FREE(fs, filltype);
1714cbd996aSKirk McKusick 			return (error);
172efbf3964SKirk McKusick 		}
173dffce215SKirk McKusick 	} else {
174dffce215SKirk McKusick 		for (i = 0; sblock_try[i] != -1; i++) {
175b21582eeSKirk McKusick 			if ((error = readsuper(devfd, &fs, sblock_try[i],
176b21582eeSKirk McKusick 			     flags, readfunc)) == 0) {
177b21582eeSKirk McKusick 				if ((flags & UFS_NOCSUM) != 0) {
178b21582eeSKirk McKusick 					*fsp = fs;
179b21582eeSKirk McKusick 					return (0);
180b21582eeSKirk McKusick 				}
181dffce215SKirk McKusick 				break;
182b21582eeSKirk McKusick 			}
183efbf3964SKirk McKusick 			if (fs != NULL) {
184efbf3964SKirk McKusick 				UFS_FREE(fs, filltype);
185efbf3964SKirk McKusick 				fs = NULL;
186efbf3964SKirk McKusick 			}
1874cbd996aSKirk McKusick 			if (error == ENOENT)
188dffce215SKirk McKusick 				continue;
1894cbd996aSKirk McKusick 			return (error);
190dffce215SKirk McKusick 		}
191dffce215SKirk McKusick 		if (sblock_try[i] == -1)
192dffce215SKirk McKusick 			return (ENOENT);
193dffce215SKirk McKusick 	}
194dffce215SKirk McKusick 	/*
195dffce215SKirk McKusick 	 * Read in the superblock summary information.
196dffce215SKirk McKusick 	 */
197dffce215SKirk McKusick 	size = fs->fs_cssize;
198dffce215SKirk McKusick 	blks = howmany(size, fs->fs_fsize);
199dffce215SKirk McKusick 	if (fs->fs_contigsumsize > 0)
200dffce215SKirk McKusick 		size += fs->fs_ncg * sizeof(int32_t);
201831b1ff7SKirk McKusick 	size += fs->fs_ncg * sizeof(uint8_t);
202076002f2SKirk McKusick 	if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) {
20334816cb9SKirk McKusick 		UFS_FREE(fs, filltype);
204076002f2SKirk McKusick 		return (ENOMEM);
20534816cb9SKirk McKusick 	}
20634816cb9SKirk McKusick 	bzero(fs_si, sizeof(*fs_si));
20734816cb9SKirk McKusick 	fs->fs_si = fs_si;
208076002f2SKirk McKusick 	if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) {
20934816cb9SKirk McKusick 		UFS_FREE(fs->fs_si, filltype);
210efbf3964SKirk McKusick 		UFS_FREE(fs, filltype);
211076002f2SKirk McKusick 		return (ENOMEM);
212efbf3964SKirk McKusick 	}
213dffce215SKirk McKusick 	fs->fs_csp = (struct csum *)space;
214dffce215SKirk McKusick 	for (i = 0; i < blks; i += fs->fs_frag) {
215dffce215SKirk McKusick 		size = fs->fs_bsize;
216dffce215SKirk McKusick 		if (i + fs->fs_frag > blks)
217dffce215SKirk McKusick 			size = (blks - i) * fs->fs_fsize;
21816759360SMark Johnston 		buf = NULL;
2194cbd996aSKirk McKusick 		error = (*readfunc)(devfd,
220dffce215SKirk McKusick 		    dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size);
2214cbd996aSKirk McKusick 		if (error) {
222efbf3964SKirk McKusick 			if (buf != NULL)
22316759360SMark Johnston 				UFS_FREE(buf, filltype);
224dffce215SKirk McKusick 			UFS_FREE(fs->fs_csp, filltype);
22534816cb9SKirk McKusick 			UFS_FREE(fs->fs_si, filltype);
226efbf3964SKirk McKusick 			UFS_FREE(fs, filltype);
2274cbd996aSKirk McKusick 			return (error);
228dffce215SKirk McKusick 		}
229dffce215SKirk McKusick 		memcpy(space, buf, size);
230dffce215SKirk McKusick 		UFS_FREE(buf, filltype);
231dffce215SKirk McKusick 		space += size;
232dffce215SKirk McKusick 	}
233dffce215SKirk McKusick 	if (fs->fs_contigsumsize > 0) {
234dffce215SKirk McKusick 		fs->fs_maxcluster = lp = (int32_t *)space;
235dffce215SKirk McKusick 		for (i = 0; i < fs->fs_ncg; i++)
236dffce215SKirk McKusick 			*lp++ = fs->fs_contigsumsize;
237dffce215SKirk McKusick 		space = (uint8_t *)lp;
238dffce215SKirk McKusick 	}
239831b1ff7SKirk McKusick 	size = fs->fs_ncg * sizeof(uint8_t);
240831b1ff7SKirk McKusick 	fs->fs_contigdirs = (uint8_t *)space;
241dffce215SKirk McKusick 	bzero(fs->fs_contigdirs, size);
242efbf3964SKirk McKusick 	*fsp = fs;
243dffce215SKirk McKusick 	return (0);
244dffce215SKirk McKusick }
245dffce215SKirk McKusick 
246dffce215SKirk McKusick /*
247dffce215SKirk McKusick  * Try to read a superblock from the location specified by sblockloc.
248dffce215SKirk McKusick  * Return zero on success or an errno on failure.
249dffce215SKirk McKusick  */
250dffce215SKirk McKusick static int
251b21582eeSKirk McKusick readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags,
252b21582eeSKirk McKusick     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
253dffce215SKirk McKusick {
254dffce215SKirk McKusick 	struct fs *fs;
255ec888383SKirk McKusick 	int error, res;
256ec888383SKirk McKusick 	uint32_t ckhash;
257dffce215SKirk McKusick 
258dffce215SKirk McKusick 	error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE);
259dffce215SKirk McKusick 	if (error != 0)
260dffce215SKirk McKusick 		return (error);
261dffce215SKirk McKusick 	fs = *fsp;
262dffce215SKirk McKusick 	if (fs->fs_magic == FS_BAD_MAGIC)
263dffce215SKirk McKusick 		return (EINVAL);
26436e08b01SKirk McKusick 	/*
26536e08b01SKirk McKusick 	 * For UFS1 with a 65536 block size, the first backup superblock
26636e08b01SKirk McKusick 	 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2
26736e08b01SKirk McKusick 	 * is the first location checked, the first backup is the superblock
26836e08b01SKirk McKusick 	 * that will be accessed. Here we fail the lookup so that we can
26936e08b01SKirk McKusick 	 * retry with the correct location for the UFS1 superblock.
27036e08b01SKirk McKusick 	 */
271b21582eeSKirk McKusick 	if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 &&
27236e08b01SKirk McKusick 	    fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2)
27336e08b01SKirk McKusick 		return (ENOENT);
274661ca921SKirk McKusick 	ffs_oldfscompat_read(fs, sblockloc);
275b21582eeSKirk McKusick 	if ((error = validate_sblock(fs, flags)) > 0)
276076002f2SKirk McKusick 		return (error);
277a02bd3e3SKirk McKusick 	/*
278a02bd3e3SKirk McKusick 	 * If the filesystem has been run on a kernel without
279a02bd3e3SKirk McKusick 	 * metadata check hashes, disable them.
280a02bd3e3SKirk McKusick 	 */
281a02bd3e3SKirk McKusick 	if ((fs->fs_flags & FS_METACKHASH) == 0)
282a02bd3e3SKirk McKusick 		fs->fs_metackhash = 0;
283996d40f9SKirk McKusick 	/*
284996d40f9SKirk McKusick 	 * Clear any check-hashes that are not maintained
285996d40f9SKirk McKusick 	 * by this kernel. Also clear any unsupported flags.
286996d40f9SKirk McKusick 	 */
287996d40f9SKirk McKusick 	fs->fs_metackhash &= CK_SUPPORTED;
288996d40f9SKirk McKusick 	fs->fs_flags &= FS_SUPPORTED;
289ade67b50SKirk McKusick 	if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) {
290b21582eeSKirk McKusick 		if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) ==
291b21582eeSKirk McKusick 		    (UFS_NOMSG | UFS_NOHASHFAIL))
292f2b39152SKirk McKusick 			return (0);
293b21582eeSKirk McKusick 		if ((flags & UFS_NOMSG) != 0)
294b21582eeSKirk McKusick 			return (EINTEGRITY);
295ec888383SKirk McKusick #ifdef _KERNEL
296ec888383SKirk McKusick 		res = uprintf("Superblock check-hash failed: recorded "
297fb14e73cSKirk McKusick 		    "check-hash 0x%x != computed check-hash 0x%x%s\n",
298fb14e73cSKirk McKusick 		    fs->fs_ckhash, ckhash,
299b21582eeSKirk McKusick 		    (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : "");
300ec888383SKirk McKusick #else
301ec888383SKirk McKusick 		res = 0;
302ec888383SKirk McKusick #endif
303ec888383SKirk McKusick 		/*
304ec888383SKirk McKusick 		 * Print check-hash failure if no controlling terminal
305ec888383SKirk McKusick 		 * in kernel or always if in user-mode (libufs).
306ec888383SKirk McKusick 		 */
307ec888383SKirk McKusick 		if (res == 0)
308ec888383SKirk McKusick 			printf("Superblock check-hash failed: recorded "
309ec888383SKirk McKusick 			    "check-hash 0x%x != computed check-hash "
310fb14e73cSKirk McKusick 			    "0x%x%s\n", fs->fs_ckhash, ckhash,
311b21582eeSKirk McKusick 			    (flags & UFS_NOHASHFAIL) ? " (Ignored)" : "");
312b21582eeSKirk McKusick 		if ((flags & UFS_NOHASHFAIL) != 0)
313fb14e73cSKirk McKusick 			return (0);
314b21582eeSKirk McKusick 		return (EINTEGRITY);
315fb14e73cSKirk McKusick 	}
316dffce215SKirk McKusick 	/* Have to set for old filesystems that predate this field */
317dffce215SKirk McKusick 	fs->fs_sblockactualloc = sblockloc;
318efbf3964SKirk McKusick 	/* Not yet any summary information */
31934816cb9SKirk McKusick 	fs->fs_si = NULL;
320dffce215SKirk McKusick 	return (0);
321dffce215SKirk McKusick }
322dffce215SKirk McKusick 
323dffce215SKirk McKusick /*
324661ca921SKirk McKusick  * Sanity checks for loading old filesystem superblocks.
325661ca921SKirk McKusick  * See ffs_oldfscompat_write below for unwound actions.
326661ca921SKirk McKusick  *
327661ca921SKirk McKusick  * XXX - Parts get retired eventually.
328661ca921SKirk McKusick  * Unfortunately new bits get added.
329661ca921SKirk McKusick  */
330661ca921SKirk McKusick static void
331661ca921SKirk McKusick ffs_oldfscompat_read(struct fs *fs, ufs2_daddr_t sblockloc)
332661ca921SKirk McKusick {
333661ca921SKirk McKusick 	uint64_t maxfilesize;
334661ca921SKirk McKusick 
335661ca921SKirk McKusick 	/*
336661ca921SKirk McKusick 	 * If not yet done, update fs_flags location and value of fs_sblockloc.
337661ca921SKirk McKusick 	 */
338661ca921SKirk McKusick 	if ((fs->fs_old_flags & FS_FLAGS_UPDATED) == 0) {
339661ca921SKirk McKusick 		fs->fs_flags = fs->fs_old_flags;
340661ca921SKirk McKusick 		fs->fs_old_flags |= FS_FLAGS_UPDATED;
341661ca921SKirk McKusick 		fs->fs_sblockloc = sblockloc;
342661ca921SKirk McKusick 	}
343661ca921SKirk McKusick 	/*
344661ca921SKirk McKusick 	 * If not yet done, update UFS1 superblock with new wider fields.
345661ca921SKirk McKusick 	 */
346661ca921SKirk McKusick 	if (fs->fs_magic == FS_UFS1_MAGIC && fs->fs_maxbsize != fs->fs_bsize) {
347661ca921SKirk McKusick 		fs->fs_maxbsize = fs->fs_bsize;
348661ca921SKirk McKusick 		fs->fs_time = fs->fs_old_time;
349661ca921SKirk McKusick 		fs->fs_size = fs->fs_old_size;
350661ca921SKirk McKusick 		fs->fs_dsize = fs->fs_old_dsize;
351661ca921SKirk McKusick 		fs->fs_csaddr = fs->fs_old_csaddr;
352661ca921SKirk McKusick 		fs->fs_cstotal.cs_ndir = fs->fs_old_cstotal.cs_ndir;
353661ca921SKirk McKusick 		fs->fs_cstotal.cs_nbfree = fs->fs_old_cstotal.cs_nbfree;
354661ca921SKirk McKusick 		fs->fs_cstotal.cs_nifree = fs->fs_old_cstotal.cs_nifree;
355661ca921SKirk McKusick 		fs->fs_cstotal.cs_nffree = fs->fs_old_cstotal.cs_nffree;
356661ca921SKirk McKusick 	}
357661ca921SKirk McKusick 	if (fs->fs_magic == FS_UFS1_MAGIC &&
358661ca921SKirk McKusick 	    fs->fs_old_inodefmt < FS_44INODEFMT) {
359661ca921SKirk McKusick 		fs->fs_maxfilesize = ((uint64_t)1 << 31) - 1;
360661ca921SKirk McKusick 		fs->fs_qbmask = ~fs->fs_bmask;
361661ca921SKirk McKusick 		fs->fs_qfmask = ~fs->fs_fmask;
362661ca921SKirk McKusick 	}
363661ca921SKirk McKusick 	if (fs->fs_magic == FS_UFS1_MAGIC) {
364661ca921SKirk McKusick 		fs->fs_save_maxfilesize = fs->fs_maxfilesize;
365661ca921SKirk McKusick 		maxfilesize = (uint64_t)0x80000000 * fs->fs_bsize - 1;
366661ca921SKirk McKusick 		if (fs->fs_maxfilesize > maxfilesize)
367661ca921SKirk McKusick 			fs->fs_maxfilesize = maxfilesize;
368661ca921SKirk McKusick 	}
369661ca921SKirk McKusick 	/* Compatibility for old filesystems */
370661ca921SKirk McKusick 	if (fs->fs_avgfilesize <= 0)
371661ca921SKirk McKusick 		fs->fs_avgfilesize = AVFILESIZ;
372661ca921SKirk McKusick 	if (fs->fs_avgfpdir <= 0)
373661ca921SKirk McKusick 		fs->fs_avgfpdir = AFPDIR;
374661ca921SKirk McKusick }
375661ca921SKirk McKusick 
376661ca921SKirk McKusick /*
377661ca921SKirk McKusick  * Unwinding superblock updates for old filesystems.
378661ca921SKirk McKusick  * See ffs_oldfscompat_read above for details.
379661ca921SKirk McKusick  *
380661ca921SKirk McKusick  * XXX - Parts get retired eventually.
381661ca921SKirk McKusick  * Unfortunately new bits get added.
382661ca921SKirk McKusick  */
383661ca921SKirk McKusick void
384661ca921SKirk McKusick ffs_oldfscompat_write(struct fs *fs)
385661ca921SKirk McKusick {
386661ca921SKirk McKusick 
387661ca921SKirk McKusick 	/*
388661ca921SKirk McKusick 	 * Copy back UFS2 updated fields that UFS1 inspects.
389661ca921SKirk McKusick 	 */
390661ca921SKirk McKusick 	if (fs->fs_magic == FS_UFS1_MAGIC) {
391661ca921SKirk McKusick 		fs->fs_old_time = fs->fs_time;
392661ca921SKirk McKusick 		fs->fs_old_cstotal.cs_ndir = fs->fs_cstotal.cs_ndir;
393661ca921SKirk McKusick 		fs->fs_old_cstotal.cs_nbfree = fs->fs_cstotal.cs_nbfree;
394661ca921SKirk McKusick 		fs->fs_old_cstotal.cs_nifree = fs->fs_cstotal.cs_nifree;
395661ca921SKirk McKusick 		fs->fs_old_cstotal.cs_nffree = fs->fs_cstotal.cs_nffree;
396661ca921SKirk McKusick 		fs->fs_maxfilesize = fs->fs_save_maxfilesize;
397661ca921SKirk McKusick 	}
398661ca921SKirk McKusick }
399661ca921SKirk McKusick 
400661ca921SKirk McKusick /*
4011111a443SKirk McKusick  * Sanity checks for loading old filesystem inodes.
4021111a443SKirk McKusick  *
4031111a443SKirk McKusick  * XXX - Parts get retired eventually.
4041111a443SKirk McKusick  * Unfortunately new bits get added.
4051111a443SKirk McKusick  */
4061111a443SKirk McKusick static int prttimechgs = 0;
4071111a443SKirk McKusick #ifdef _KERNEL
408*e1ebda44SGleb Smirnoff SYSCTL_NODE(_vfs, OID_AUTO, ffs, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
409*e1ebda44SGleb Smirnoff     "FFS filesystem");
410*e1ebda44SGleb Smirnoff 
4111111a443SKirk McKusick SYSCTL_INT(_vfs_ffs, OID_AUTO, prttimechgs, CTLFLAG_RWTUN, &prttimechgs, 0,
4121111a443SKirk McKusick 	"print UFS1 time changes made to inodes");
4131111a443SKirk McKusick #endif /* _KERNEL */
4141111a443SKirk McKusick bool
4151111a443SKirk McKusick ffs_oldfscompat_inode_read(struct fs *fs, union dinodep dp, time_t now)
4161111a443SKirk McKusick {
4171111a443SKirk McKusick 	bool change;
4181111a443SKirk McKusick 
4191111a443SKirk McKusick 	change = false;
4201111a443SKirk McKusick 	switch (fs->fs_magic) {
4211111a443SKirk McKusick 	case FS_UFS2_MAGIC:
4221111a443SKirk McKusick 		/* No changes for now */
4231111a443SKirk McKusick 		break;
4241111a443SKirk McKusick 
4251111a443SKirk McKusick 	case FS_UFS1_MAGIC:
4261111a443SKirk McKusick 		/*
4271111a443SKirk McKusick 		 * With the change to unsigned time values in UFS1, times set
4281111a443SKirk McKusick 		 * before Jan 1, 1970 will appear to be in the future. Check
4291111a443SKirk McKusick 		 * for future times and set them to be the current time.
4301111a443SKirk McKusick 		 */
4311111a443SKirk McKusick 		if (dp.dp1->di_ctime > now) {
4321111a443SKirk McKusick 			if (prttimechgs)
4331111a443SKirk McKusick 				printf("ctime %ud changed to %ld\n",
4341111a443SKirk McKusick 				    dp.dp1->di_ctime, (long)now);
4351111a443SKirk McKusick 			dp.dp1->di_ctime = now;
4361111a443SKirk McKusick 			change = true;
4371111a443SKirk McKusick 		}
4381111a443SKirk McKusick 		if (dp.dp1->di_mtime > now) {
4391111a443SKirk McKusick 			if (prttimechgs)
4401111a443SKirk McKusick 				printf("mtime %ud changed to %ld\n",
4411111a443SKirk McKusick 				    dp.dp1->di_mtime, (long)now);
4421111a443SKirk McKusick 			dp.dp1->di_mtime = now;
4431111a443SKirk McKusick 			dp.dp1->di_ctime = now;
4441111a443SKirk McKusick 			change = true;
4451111a443SKirk McKusick 		}
4461111a443SKirk McKusick 		if (dp.dp1->di_atime > now) {
4471111a443SKirk McKusick 			if (prttimechgs)
4481111a443SKirk McKusick 				printf("atime %ud changed to %ld\n",
4491111a443SKirk McKusick 				    dp.dp1->di_atime, (long)now);
4501111a443SKirk McKusick 			dp.dp1->di_atime = now;
4511111a443SKirk McKusick 			dp.dp1->di_ctime = now;
4521111a443SKirk McKusick 			change = true;
4531111a443SKirk McKusick 		}
4541111a443SKirk McKusick 		break;
4551111a443SKirk McKusick 	}
4561111a443SKirk McKusick 	return (change);
4571111a443SKirk McKusick }
4581111a443SKirk McKusick 
4591111a443SKirk McKusick /*
460076002f2SKirk McKusick  * Verify the filesystem values.
461076002f2SKirk McKusick  */
462076002f2SKirk McKusick #define ILOG2(num)	(fls(num) - 1)
46314821130SWarner Losh #ifdef STANDALONE_SMALL
46414821130SWarner Losh #define MPRINT(...)	do { } while (0)
46514821130SWarner Losh #else
46614821130SWarner Losh #define MPRINT(...)	if (prtmsg) printf(__VA_ARGS__)
46714821130SWarner Losh #endif
468d22531d5SKirk McKusick #define FCHK(lhs, op, rhs, fmt)						\
46950dc4c7dSKirk McKusick 	if (lhs op rhs) {						\
470b21582eeSKirk McKusick 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
47150dc4c7dSKirk McKusick 		    #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,	\
47250dc4c7dSKirk McKusick 		    #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs);	\
473f0be378aSKirk McKusick 		if (error < 0)						\
474f0be378aSKirk McKusick 			return (ENOENT);				\
475b21582eeSKirk McKusick 		if (error == 0)						\
476b21582eeSKirk McKusick 			error = ENOENT;					\
47750dc4c7dSKirk McKusick 	}
478d22531d5SKirk McKusick #define WCHK(lhs, op, rhs, fmt)						\
479d22531d5SKirk McKusick 	if (lhs op rhs) {						\
480d22531d5SKirk McKusick 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
481d22531d5SKirk McKusick 		    #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\
482d22531d5SKirk McKusick 		    #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\
483d22531d5SKirk McKusick 		if (error == 0)						\
484d22531d5SKirk McKusick 			error = warnerr;				\
4850eabe330SKirk McKusick 		if (warnerr == 0)					\
4860eabe330SKirk McKusick 			lhs = rhs;					\
487d22531d5SKirk McKusick 	}
488d22531d5SKirk McKusick #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt)			\
48950dc4c7dSKirk McKusick 	if (lhs1 op1 rhs1 && lhs2 op2 rhs2) {				\
490b21582eeSKirk McKusick 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
49150dc4c7dSKirk McKusick 		    #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n",	\
49250dc4c7dSKirk McKusick 		    fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1,	\
49350dc4c7dSKirk McKusick 		    (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2,	\
49450dc4c7dSKirk McKusick 		    (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2);	\
495f0be378aSKirk McKusick 		if (error < 0)						\
496f0be378aSKirk McKusick 			return (ENOENT);				\
497b21582eeSKirk McKusick 		if (error == 0)						\
498b21582eeSKirk McKusick 			error = ENOENT;					\
49950dc4c7dSKirk McKusick 	}
500076002f2SKirk McKusick 
501076002f2SKirk McKusick static int
502b21582eeSKirk McKusick validate_sblock(struct fs *fs, int flags)
503076002f2SKirk McKusick {
504831b1ff7SKirk McKusick 	uint64_t i, sectorsize;
505831b1ff7SKirk McKusick 	uint64_t maxfilesize, sizepb;
506d22531d5SKirk McKusick 	int error, prtmsg, warnerr;
507d22531d5SKirk McKusick 	char *wmsg;
508076002f2SKirk McKusick 
509b21582eeSKirk McKusick 	error = 0;
510076002f2SKirk McKusick 	sectorsize = dbtob(1);
511b21582eeSKirk McKusick 	prtmsg = ((flags & UFS_NOMSG) == 0);
512d22531d5SKirk McKusick 	warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT;
513d22531d5SKirk McKusick 	wmsg = warnerr ? "" : " (Ignored)";
514e6886616SKirk McKusick 	/*
515b13110e9SAlfredo Dal'Ava Junior 	 * Check for endian mismatch between machine and filesystem.
516b13110e9SAlfredo Dal'Ava Junior 	 */
517b13110e9SAlfredo Dal'Ava Junior 	if (((fs->fs_magic != FS_UFS2_MAGIC) &&
518b13110e9SAlfredo Dal'Ava Junior 	    (bswap32(fs->fs_magic) == FS_UFS2_MAGIC)) ||
519b13110e9SAlfredo Dal'Ava Junior 	    ((fs->fs_magic != FS_UFS1_MAGIC) &&
520b13110e9SAlfredo Dal'Ava Junior 	    (bswap32(fs->fs_magic) == FS_UFS1_MAGIC))) {
521b13110e9SAlfredo Dal'Ava Junior 		MPRINT("UFS superblock failed due to endian mismatch "
522b13110e9SAlfredo Dal'Ava Junior 		    "between machine and filesystem\n");
523b13110e9SAlfredo Dal'Ava Junior 		return(EILSEQ);
524b13110e9SAlfredo Dal'Ava Junior 	}
525b13110e9SAlfredo Dal'Ava Junior 	/*
526e6886616SKirk McKusick 	 * If just validating for recovery, then do just the minimal
527e6886616SKirk McKusick 	 * checks needed for the superblock fields needed to find
528e6886616SKirk McKusick 	 * alternate superblocks.
529e6886616SKirk McKusick 	 */
530e6886616SKirk McKusick 	if ((flags & UFS_FSRONLY) == UFS_FSRONLY &&
531e6886616SKirk McKusick 	    (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) {
532f0be378aSKirk McKusick 		error = -1; /* fail on first error */
533e6886616SKirk McKusick 		if (fs->fs_magic == FS_UFS2_MAGIC) {
534e6886616SKirk McKusick 			FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx);
535e6886616SKirk McKusick 		} else if (fs->fs_magic == FS_UFS1_MAGIC) {
536e6886616SKirk McKusick 			FCHK(fs->fs_sblockloc, <, 0, %jd);
537e6886616SKirk McKusick 			FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd);
538e6886616SKirk McKusick 		}
539e6886616SKirk McKusick 		FCHK(fs->fs_frag, <, 1, %jd);
540e6886616SKirk McKusick 		FCHK(fs->fs_frag, >, MAXFRAG, %jd);
541e6886616SKirk McKusick 		FCHK(fs->fs_bsize, <, MINBSIZE, %jd);
542e6886616SKirk McKusick 		FCHK(fs->fs_bsize, >, MAXBSIZE, %jd);
543e6886616SKirk McKusick 		FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE),
544e6886616SKirk McKusick 		    %jd);
545e6886616SKirk McKusick 		FCHK(fs->fs_fsize, <, sectorsize, %jd);
546e6886616SKirk McKusick 		FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd);
547e6886616SKirk McKusick 		FCHK(powerof2(fs->fs_fsize), ==, 0, %jd);
54882ee4e1cSKirk McKusick 		FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd);
54982ee4e1cSKirk McKusick 		FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd);
550e15d8f23SKirk McKusick 		FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd);
551e6886616SKirk McKusick 		FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd);
552e6886616SKirk McKusick 		FCHK(fs->fs_ncg, <, 1, %jd);
553e6886616SKirk McKusick 		FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd);
554e6886616SKirk McKusick 		FCHK(fs->fs_old_cgoffset, <, 0, %jd);
555e6886616SKirk McKusick 		FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd);
556e6886616SKirk McKusick 		FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg,
557e6886616SKirk McKusick 		    %jd);
558e6886616SKirk McKusick 		FCHK(fs->fs_sblkno, !=, roundup(
559e6886616SKirk McKusick 		    howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize),
560e6886616SKirk McKusick 		    fs->fs_frag), %jd);
5610eabe330SKirk McKusick 		FCHK(CGSIZE(fs), >, fs->fs_bsize, %jd);
5620eabe330SKirk McKusick 		/* Only need to validate these if reading in csum data */
5630eabe330SKirk McKusick 		if ((flags & UFS_NOCSUM) != 0)
5640eabe330SKirk McKusick 			return (error);
565831b1ff7SKirk McKusick 		FCHK((uint64_t)fs->fs_ipg * fs->fs_ncg, >,
5660eabe330SKirk McKusick 		    (((int64_t)(1)) << 32) - INOPB(fs), %jd);
5670eabe330SKirk McKusick 		FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd);
5680eabe330SKirk McKusick 		FCHK(fs->fs_cstotal.cs_nifree, >,
569831b1ff7SKirk McKusick 		    (uint64_t)fs->fs_ipg * fs->fs_ncg, %jd);
5700eabe330SKirk McKusick 		FCHK(fs->fs_cstotal.cs_ndir, >,
571831b1ff7SKirk McKusick 		    ((uint64_t)fs->fs_ipg * fs->fs_ncg) -
5720eabe330SKirk McKusick 		    fs->fs_cstotal.cs_nifree, %jd);
5730eabe330SKirk McKusick 		FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd);
5740eabe330SKirk McKusick 		FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg,
5750eabe330SKirk McKusick 		    %jd);
5760eabe330SKirk McKusick 		FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd);
5770eabe330SKirk McKusick 		FCHK(fs->fs_csaddr, <, 0, %jd);
5780eabe330SKirk McKusick 		FCHK(fs->fs_cssize, !=,
5790eabe330SKirk McKusick 		    fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd);
580c79a1416SKirk McKusick 		FCHK(fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize), >,
581c79a1416SKirk McKusick 		    fs->fs_size, %jd);
5820eabe330SKirk McKusick 		FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)),
5830eabe330SKirk McKusick 		    %jd);
5840eabe330SKirk McKusick 		FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize,
5850eabe330SKirk McKusick 		    fs->fs_fsize)), >, dtog(fs, fs->fs_csaddr), %jd);
586e6886616SKirk McKusick 		return (error);
587e6886616SKirk McKusick 	}
588076002f2SKirk McKusick 	if (fs->fs_magic == FS_UFS2_MAGIC) {
589184e3118SKirk McKusick 		if ((flags & UFS_ALTSBLK) == 0)
590d22531d5SKirk McKusick 			FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2,
59150dc4c7dSKirk McKusick 			    fs->fs_sblockactualloc, !=, 0, %jd);
592d22531d5SKirk McKusick 		FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx);
593d22531d5SKirk McKusick 		FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) *
59450dc4c7dSKirk McKusick 			sizeof(ufs2_daddr_t)), %jd);
595d22531d5SKirk McKusick 		FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t),
59650dc4c7dSKirk McKusick 		    %jd);
597d22531d5SKirk McKusick 		FCHK(fs->fs_inopb, !=,
598184e3118SKirk McKusick 		    fs->fs_bsize / sizeof(struct ufs2_dinode), %jd);
599076002f2SKirk McKusick 	} else if (fs->fs_magic == FS_UFS1_MAGIC) {
600184e3118SKirk McKusick 		if ((flags & UFS_ALTSBLK) == 0)
601d22531d5SKirk McKusick 			FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd);
602d22531d5SKirk McKusick 		FCHK(fs->fs_sblockloc, <, 0, %jd);
603d22531d5SKirk McKusick 		FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd);
604d22531d5SKirk McKusick 		FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t),
60550dc4c7dSKirk McKusick 		    %jd);
606d22531d5SKirk McKusick 		FCHK(fs->fs_inopb, !=,
607184e3118SKirk McKusick 		    fs->fs_bsize / sizeof(struct ufs1_dinode), %jd);
608d22531d5SKirk McKusick 		FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) *
60950dc4c7dSKirk McKusick 			sizeof(ufs1_daddr_t)), %jd);
610d22531d5SKirk McKusick 		WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd);
611d22531d5SKirk McKusick 		WCHK(fs->fs_old_rotdelay, !=, 0, %jd);
612d22531d5SKirk McKusick 		WCHK(fs->fs_old_rps, !=, 60, %jd);
613d22531d5SKirk McKusick 		WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd);
614d22531d5SKirk McKusick 		WCHK(fs->fs_old_interleave, !=, 1, %jd);
615d22531d5SKirk McKusick 		WCHK(fs->fs_old_trackskew, !=, 0, %jd);
616d22531d5SKirk McKusick 		WCHK(fs->fs_old_cpc, !=, 0, %jd);
617d22531d5SKirk McKusick 		WCHK(fs->fs_old_postblformat, !=, 1, %jd);
618f0be378aSKirk McKusick 		FCHK(fs->fs_old_nrpos, !=, 1, %jd);
619d22531d5SKirk McKusick 		WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd);
620d22531d5SKirk McKusick 		WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd);
621076002f2SKirk McKusick 	} else {
62250dc4c7dSKirk McKusick 		/* Bad magic number, so assume not a superblock */
623076002f2SKirk McKusick 		return (ENOENT);
624076002f2SKirk McKusick 	}
625d22531d5SKirk McKusick 	FCHK(fs->fs_bsize, <, MINBSIZE, %jd);
626d22531d5SKirk McKusick 	FCHK(fs->fs_bsize, >, MAXBSIZE, %jd);
627d22531d5SKirk McKusick 	FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd);
628d22531d5SKirk McKusick 	FCHK(powerof2(fs->fs_bsize), ==, 0, %jd);
629d22531d5SKirk McKusick 	FCHK(fs->fs_frag, <, 1, %jd);
630d22531d5SKirk McKusick 	FCHK(fs->fs_frag, >, MAXFRAG, %jd);
631d22531d5SKirk McKusick 	FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd);
632d22531d5SKirk McKusick 	FCHK(fs->fs_fsize, <, sectorsize, %jd);
633d22531d5SKirk McKusick 	FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd);
634d22531d5SKirk McKusick 	FCHK(powerof2(fs->fs_fsize), ==, 0, %jd);
635d22531d5SKirk McKusick 	FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd);
636d22531d5SKirk McKusick 	FCHK(fs->fs_ncg, <, 1, %jd);
637f0be378aSKirk McKusick 	FCHK(fs->fs_ipg, <, fs->fs_inopb, %jd);
638831b1ff7SKirk McKusick 	FCHK((uint64_t)fs->fs_ipg * fs->fs_ncg, >,
6398435a9b2SKirk McKusick 	    (((int64_t)(1)) << 32) - INOPB(fs), %jd);
640f0be378aSKirk McKusick 	FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd);
641831b1ff7SKirk McKusick 	FCHK(fs->fs_cstotal.cs_nifree, >, (uint64_t)fs->fs_ipg * fs->fs_ncg,
6428435a9b2SKirk McKusick 	    %jd);
643f0be378aSKirk McKusick 	FCHK(fs->fs_cstotal.cs_ndir, <, 0, %jd);
644f0be378aSKirk McKusick 	FCHK(fs->fs_cstotal.cs_ndir, >,
645831b1ff7SKirk McKusick 	    ((uint64_t)fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree,
6468435a9b2SKirk McKusick 	    %jd);
647d22531d5SKirk McKusick 	FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd);
648f0be378aSKirk McKusick 	FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd);
649a2d1957bSKirk McKusick 	/* fix for misconfigured filesystems */
650a2d1957bSKirk McKusick 	if (fs->fs_maxbsize == 0)
651a2d1957bSKirk McKusick 		fs->fs_maxbsize = fs->fs_bsize;
652d22531d5SKirk McKusick 	FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd);
653d22531d5SKirk McKusick 	FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd);
654d22531d5SKirk McKusick 	FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd);
655d22531d5SKirk McKusick 	FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx);
656d22531d5SKirk McKusick 	FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx);
657d22531d5SKirk McKusick 	FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx);
658d22531d5SKirk McKusick 	FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx);
659d22531d5SKirk McKusick 	FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd);
660d22531d5SKirk McKusick 	FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd);
661d22531d5SKirk McKusick 	FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd);
662d22531d5SKirk McKusick 	FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd);
663d22531d5SKirk McKusick 	FCHK(fs->fs_old_cgoffset, <, 0, %jd);
664d22531d5SKirk McKusick 	FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd);
665d22531d5SKirk McKusick 	FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd);
6660eabe330SKirk McKusick 	FCHK(CGSIZE(fs), >, fs->fs_bsize, %jd);
667f0be378aSKirk McKusick 	/*
668f0be378aSKirk McKusick 	 * If anything has failed up to this point, it is usafe to proceed
669f0be378aSKirk McKusick 	 * as checks below may divide by zero or make other fatal calculations.
670f0be378aSKirk McKusick 	 * So if we have any errors at this point, give up.
671f0be378aSKirk McKusick 	 */
672f0be378aSKirk McKusick 	if (error)
673f0be378aSKirk McKusick 		return (error);
674e15d8f23SKirk McKusick 	FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd);
6759dee5da7SKirk McKusick 	FCHK(fs->fs_ipg % fs->fs_inopb, !=, 0, %jd);
676d22531d5SKirk McKusick 	FCHK(fs->fs_sblkno, !=, roundup(
67750dc4c7dSKirk McKusick 	    howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize),
67850dc4c7dSKirk McKusick 	    fs->fs_frag), %jd);
679d22531d5SKirk McKusick 	FCHK(fs->fs_cblkno, !=, fs->fs_sblkno +
68050dc4c7dSKirk McKusick 	    roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd);
681d22531d5SKirk McKusick 	FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd);
682d22531d5SKirk McKusick 	FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd);
683d22531d5SKirk McKusick 	FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd);
684f0be378aSKirk McKusick 	FCHK(fs->fs_cgsize, <, fs->fs_fsize, %jd);
685f0be378aSKirk McKusick 	FCHK(fs->fs_cgsize % fs->fs_fsize, !=, 0, %jd);
6865bc926afSKirk McKusick 	/*
6875bc926afSKirk McKusick 	 * This test is valid, however older versions of growfs failed
6885bc926afSKirk McKusick 	 * to correctly update fs_dsize so will fail this test. Thus we
6895bc926afSKirk McKusick 	 * exclude it from the requirements.
6905bc926afSKirk McKusick 	 */
6915bc926afSKirk McKusick #ifdef notdef
692d22531d5SKirk McKusick 	WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno -
693076002f2SKirk McKusick 		fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) -
69450dc4c7dSKirk McKusick 		howmany(fs->fs_cssize, fs->fs_fsize), %jd);
6955bc926afSKirk McKusick #endif
696d22531d5SKirk McKusick 	WCHK(fs->fs_metaspace, <, 0, %jd);
697d22531d5SKirk McKusick 	WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd);
698d22531d5SKirk McKusick 	WCHK(fs->fs_minfree, >, 99, %jd%%);
699076002f2SKirk McKusick 	maxfilesize = fs->fs_bsize * UFS_NDADDR - 1;
700076002f2SKirk McKusick 	for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) {
701076002f2SKirk McKusick 		sizepb *= NINDIR(fs);
702076002f2SKirk McKusick 		maxfilesize += sizepb;
703076002f2SKirk McKusick 	}
704661ca921SKirk McKusick 	WCHK(fs->fs_maxfilesize, >, maxfilesize, %jd);
705076002f2SKirk McKusick 	/*
706076002f2SKirk McKusick 	 * These values have a tight interaction with each other that
707076002f2SKirk McKusick 	 * makes it hard to tightly bound them. So we can only check
708076002f2SKirk McKusick 	 * that they are within a broader possible range.
709076002f2SKirk McKusick 	 *
710f3f5368dSKirk McKusick 	 * The size cannot always be accurately determined, but ensure
711f3f5368dSKirk McKusick 	 * that it is consistent with the number of cylinder groups (fs_ncg)
712f3f5368dSKirk McKusick 	 * and the number of fragments per cylinder group (fs_fpg). Ensure
713f3f5368dSKirk McKusick 	 * that the summary information size is correct and that it starts
714f3f5368dSKirk McKusick 	 * and ends in the data area of the same cylinder group.
715076002f2SKirk McKusick 	 */
716d22531d5SKirk McKusick 	FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd);
717017367c1SKonstantin Belousov 	FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg, %jd);
718017367c1SKonstantin Belousov 	FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd);
719b21582eeSKirk McKusick 	/*
720b21582eeSKirk McKusick 	 * If we are not requested to read in the csum data stop here
721b21582eeSKirk McKusick 	 * as the correctness of the remaining values is only important
722b21582eeSKirk McKusick 	 * to bound the space needed to be allocated to hold the csum data.
723b21582eeSKirk McKusick 	 */
724b21582eeSKirk McKusick 	if ((flags & UFS_NOCSUM) != 0)
725b21582eeSKirk McKusick 		return (error);
726d22531d5SKirk McKusick 	FCHK(fs->fs_csaddr, <, 0, %jd);
727d22531d5SKirk McKusick 	FCHK(fs->fs_cssize, !=,
728f3f5368dSKirk McKusick 	    fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd);
729c79a1416SKirk McKusick 	FCHK(fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize), >,
730c79a1416SKirk McKusick 	    fs->fs_size, %jd);
731d22531d5SKirk McKusick 	FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd);
732d22531d5SKirk McKusick 	FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >,
733548045bfSKirk McKusick 	    dtog(fs, fs->fs_csaddr), %jd);
734076002f2SKirk McKusick 	/*
735bc218d89SKirk McKusick 	 * With file system clustering it is possible to allocate
736bc218d89SKirk McKusick 	 * many contiguous blocks. The kernel variable maxphys defines
737bc218d89SKirk McKusick 	 * the maximum transfer size permitted by the controller and/or
738bc218d89SKirk McKusick 	 * buffering. The fs_maxcontig parameter controls the maximum
739bc218d89SKirk McKusick 	 * number of blocks that the filesystem will read or write
740bc218d89SKirk McKusick 	 * in a single transfer. It is calculated when the filesystem
741bc218d89SKirk McKusick 	 * is created as maxphys / fs_bsize. The loader uses a maxphys
742bc218d89SKirk McKusick 	 * of 128K even when running on a system that supports larger
743bc218d89SKirk McKusick 	 * values. If the filesystem was built on a system that supports
744bc218d89SKirk McKusick 	 * a larger maxphys (1M is typical) it will have configured
745bc218d89SKirk McKusick 	 * fs_maxcontig for that larger system. So we bound the upper
746bc218d89SKirk McKusick 	 * allowable limit for fs_maxconfig to be able to at least
747bc218d89SKirk McKusick 	 * work with a 1M maxphys on the smallest block size filesystem:
748bc218d89SKirk McKusick 	 * 1M / 4096 == 256. There is no harm in allowing the mounting of
749bc218d89SKirk McKusick 	 * filesystems that make larger than maxphys I/O requests because
750bc218d89SKirk McKusick 	 * those (mostly 32-bit machines) can (very slowly) handle I/O
751bc218d89SKirk McKusick 	 * requests that exceed maxphys.
752076002f2SKirk McKusick 	 */
753d22531d5SKirk McKusick 	WCHK(fs->fs_maxcontig, <, 0, %jd);
754d22531d5SKirk McKusick 	WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd);
755f0be378aSKirk McKusick 	FCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd);
756f0be378aSKirk McKusick 	FCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=,
75750dc4c7dSKirk McKusick 	    MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd);
758b21582eeSKirk McKusick 	return (error);
759076002f2SKirk McKusick }
760076002f2SKirk McKusick 
761076002f2SKirk McKusick /*
762e6886616SKirk McKusick  * Make an extensive search to find a superblock. If the superblock
763e6886616SKirk McKusick  * in the standard place cannot be used, try looking for one of the
764e6886616SKirk McKusick  * backup superblocks.
765e6886616SKirk McKusick  *
766e6886616SKirk McKusick  * Flags are made up of the following or'ed together options:
767e6886616SKirk McKusick  *
768e6886616SKirk McKusick  * UFS_NOMSG indicates that superblock inconsistency error messages
769e6886616SKirk McKusick  *    should not be printed.
770e6886616SKirk McKusick  *
771e6886616SKirk McKusick  * UFS_NOCSUM causes only the superblock itself to be returned, but does
772e6886616SKirk McKusick  *    not read in any auxillary data structures like the cylinder group
773e6886616SKirk McKusick  *    summary information.
774e6886616SKirk McKusick  */
775e6886616SKirk McKusick int
776e6886616SKirk McKusick ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags,
777e6886616SKirk McKusick     struct malloc_type *filltype,
778e6886616SKirk McKusick     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
779e6886616SKirk McKusick {
780e6886616SKirk McKusick 	struct fsrecovery *fsr;
781e6886616SKirk McKusick 	struct fs *protofs;
782e6886616SKirk McKusick 	void *fsrbuf;
783e6886616SKirk McKusick 	char *cp;
784e6886616SKirk McKusick 	long nocsum, flags, msg, cg;
785e6886616SKirk McKusick 	off_t sblk, secsize;
786e6886616SKirk McKusick 	int error;
787e6886616SKirk McKusick 
788e6886616SKirk McKusick 	msg = (reqflags & UFS_NOMSG) == 0;
789e6886616SKirk McKusick 	nocsum = reqflags & UFS_NOCSUM;
790e6886616SKirk McKusick 	/*
791e6886616SKirk McKusick 	 * Try normal superblock read and return it if it works.
792e6886616SKirk McKusick 	 *
793e6886616SKirk McKusick 	 * Suppress messages if it fails until we find out if
794e6886616SKirk McKusick 	 * failure can be avoided.
795e6886616SKirk McKusick 	 */
796e6886616SKirk McKusick 	flags = UFS_NOMSG | nocsum;
797b13110e9SAlfredo Dal'Ava Junior 	error = ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc);
798b13110e9SAlfredo Dal'Ava Junior 	/*
799b13110e9SAlfredo Dal'Ava Junior 	 * If successful or endian error, no need to try further.
800b13110e9SAlfredo Dal'Ava Junior 	 */
801b13110e9SAlfredo Dal'Ava Junior 	if (error == 0 || error == EILSEQ) {
802b13110e9SAlfredo Dal'Ava Junior 		if (msg && error == EILSEQ)
803b13110e9SAlfredo Dal'Ava Junior 			printf("UFS superblock failed due to endian mismatch "
804b13110e9SAlfredo Dal'Ava Junior 			    "between machine and filesystem\n");
805b13110e9SAlfredo Dal'Ava Junior 		return (error);
806b13110e9SAlfredo Dal'Ava Junior 	}
807e6886616SKirk McKusick 	/*
808e6886616SKirk McKusick 	 * First try: ignoring hash failures.
809e6886616SKirk McKusick 	 */
810e6886616SKirk McKusick 	flags |= UFS_NOHASHFAIL;
811e6886616SKirk McKusick 	if (msg)
812e6886616SKirk McKusick 		flags &= ~UFS_NOMSG;
813e6886616SKirk McKusick 	if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0)
814e6886616SKirk McKusick 		return (0);
815e6886616SKirk McKusick 	/*
816e6886616SKirk McKusick 	 * Next up is to check if fields of the superblock that are
817e6886616SKirk McKusick 	 * needed to find backup superblocks are usable.
818e6886616SKirk McKusick 	 */
819e6886616SKirk McKusick 	if (msg)
820e6886616SKirk McKusick 		printf("Attempted recovery for standard superblock: failed\n");
82142c82aadSKirk McKusick 	flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOCSUM | UFS_NOMSG;
822e6886616SKirk McKusick 	if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype,
823e6886616SKirk McKusick 	    readfunc) == 0) {
824e6886616SKirk McKusick 		if (msg)
825f0be378aSKirk McKusick 			printf("Attempt extraction of recovery data from "
826f0be378aSKirk McKusick 			    "standard superblock.\n");
827e6886616SKirk McKusick 	} else {
828e6886616SKirk McKusick 		/*
829e6886616SKirk McKusick 		 * Final desperation is to see if alternate superblock
830e6886616SKirk McKusick 		 * parameters have been saved in the boot area.
831e6886616SKirk McKusick 		 */
832e6886616SKirk McKusick 		if (msg)
833e6886616SKirk McKusick 			printf("Attempted extraction of recovery data from "
834e6886616SKirk McKusick 			    "standard superblock: failed\nAttempt to find "
835f0be378aSKirk McKusick 			    "boot zone recovery data.\n");
836e6886616SKirk McKusick 		/*
837e6886616SKirk McKusick 		 * Look to see if recovery information has been saved.
838e6886616SKirk McKusick 		 * If so we can generate a prototype superblock based
839e6886616SKirk McKusick 		 * on that information.
840e6886616SKirk McKusick 		 *
841e6886616SKirk McKusick 		 * We need fragments-per-group, number of cylinder groups,
842e6886616SKirk McKusick 		 * location of the superblock within the cylinder group, and
843e6886616SKirk McKusick 		 * the conversion from filesystem fragments to disk blocks.
844e6886616SKirk McKusick 		 *
845e6886616SKirk McKusick 		 * When building a UFS2 filesystem, newfs(8) stores these
846e6886616SKirk McKusick 		 * details at the end of the boot block area at the start
847e6886616SKirk McKusick 		 * of the filesystem partition. If they have been overwritten
848e6886616SKirk McKusick 		 * by a boot block, we fail.  But usually they are there
849e6886616SKirk McKusick 		 * and we can use them.
850e6886616SKirk McKusick 		 *
851e6886616SKirk McKusick 		 * We could ask the underlying device for its sector size,
852e6886616SKirk McKusick 		 * but some devices lie. So we just try a plausible range.
853e6886616SKirk McKusick 		 */
854e6886616SKirk McKusick 		error = ENOENT;
855b13110e9SAlfredo Dal'Ava Junior 		fsrbuf = NULL;
856e6886616SKirk McKusick 		for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2)
857e6886616SKirk McKusick 			if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize),
858e6886616SKirk McKusick 			    &fsrbuf, secsize)) == 0)
859e6886616SKirk McKusick 				break;
860e6886616SKirk McKusick 		if (error != 0)
861e6886616SKirk McKusick 			goto trynowarn;
862e6886616SKirk McKusick 		cp = fsrbuf; /* type change to keep compiler happy */
863e6886616SKirk McKusick 		fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr];
864e6886616SKirk McKusick 		if (fsr->fsr_magic != FS_UFS2_MAGIC ||
865e6886616SKirk McKusick 		    (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT))
866e6886616SKirk McKusick 		    == NULL) {
867e6886616SKirk McKusick 			UFS_FREE(fsrbuf, filltype);
868e6886616SKirk McKusick 			goto trynowarn;
869e6886616SKirk McKusick 		}
870e6886616SKirk McKusick 		memset(protofs, 0, sizeof(struct fs));
871e6886616SKirk McKusick 		protofs->fs_fpg = fsr->fsr_fpg;
872e6886616SKirk McKusick 		protofs->fs_fsbtodb = fsr->fsr_fsbtodb;
873e6886616SKirk McKusick 		protofs->fs_sblkno = fsr->fsr_sblkno;
874e6886616SKirk McKusick 		protofs->fs_magic = fsr->fsr_magic;
875e6886616SKirk McKusick 		protofs->fs_ncg = fsr->fsr_ncg;
876e6886616SKirk McKusick 		UFS_FREE(fsrbuf, filltype);
877e6886616SKirk McKusick 	}
878e6886616SKirk McKusick 	/*
879e6886616SKirk McKusick 	 * Scan looking for alternative superblocks.
880e6886616SKirk McKusick 	 */
881f0be378aSKirk McKusick 	flags = nocsum;
882f0be378aSKirk McKusick 	if (!msg)
883f0be378aSKirk McKusick 		flags |= UFS_NOMSG;
884e6886616SKirk McKusick 	for (cg = 0; cg < protofs->fs_ncg; cg++) {
885f0be378aSKirk McKusick 		sblk = fsbtodb(protofs, cgsblock(protofs, cg));
886f0be378aSKirk McKusick 		if (msg)
887f0be378aSKirk McKusick 			printf("Try cg %ld at sblock loc %jd\n", cg,
888f0be378aSKirk McKusick 			    (intmax_t)sblk);
889f0be378aSKirk McKusick 		if (ffs_sbget(devfd, fsp, dbtob(sblk), flags, filltype,
890e6886616SKirk McKusick 		    readfunc) == 0) {
891e6886616SKirk McKusick 			if (msg)
892f0be378aSKirk McKusick 				printf("Succeeded with alternate superblock "
893f0be378aSKirk McKusick 				    "at %jd\n", (intmax_t)sblk);
894e6886616SKirk McKusick 			UFS_FREE(protofs, filltype);
895e6886616SKirk McKusick 			return (0);
896e6886616SKirk McKusick 		}
897e6886616SKirk McKusick 	}
898e6886616SKirk McKusick 	UFS_FREE(protofs, filltype);
899e6886616SKirk McKusick 	/*
900e6886616SKirk McKusick 	 * Our alternate superblock strategies failed. Our last ditch effort
901e6886616SKirk McKusick 	 * is to see if the standard superblock has only non-critical errors.
902e6886616SKirk McKusick 	 */
903e6886616SKirk McKusick trynowarn:
904e6886616SKirk McKusick 	flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum;
905e6886616SKirk McKusick 	if (msg) {
906f0be378aSKirk McKusick 		printf("Finding an alternate superblock failed.\nCheck for "
907f0be378aSKirk McKusick 		    "only non-critical errors in standard superblock\n");
908e6886616SKirk McKusick 		flags &= ~UFS_NOMSG;
909e6886616SKirk McKusick 	}
910f0be378aSKirk McKusick 	if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0) {
911e6886616SKirk McKusick 		if (msg)
912f0be378aSKirk McKusick 			printf("Failed, superblock has critical errors\n");
913f0be378aSKirk McKusick 		return (ENOENT);
914f0be378aSKirk McKusick 	}
915f0be378aSKirk McKusick 	if (msg)
916f0be378aSKirk McKusick 		printf("Success, using standard superblock with "
917f0be378aSKirk McKusick 		    "non-critical errors.\n");
918e6886616SKirk McKusick 	return (0);
919e6886616SKirk McKusick }
920e6886616SKirk McKusick 
921e6886616SKirk McKusick /*
922dffce215SKirk McKusick  * Write a superblock to the devfd device from the memory pointed to by fs.
923dffce215SKirk McKusick  * Write out the superblock summary information if it is present.
924dffce215SKirk McKusick  *
925dffce215SKirk McKusick  * If the write is successful, zero is returned. Otherwise one of the
926dffce215SKirk McKusick  * following error values is returned:
927dffce215SKirk McKusick  *     EIO: failed to write superblock.
928dffce215SKirk McKusick  *     EIO: failed to write superblock summary information.
929dffce215SKirk McKusick  */
930dffce215SKirk McKusick int
931dffce215SKirk McKusick ffs_sbput(void *devfd, struct fs *fs, off_t loc,
932dffce215SKirk McKusick     int (*writefunc)(void *devfd, off_t loc, void *buf, int size))
933dffce215SKirk McKusick {
934dffce215SKirk McKusick 	int i, error, blks, size;
935dffce215SKirk McKusick 	uint8_t *space;
936dffce215SKirk McKusick 
937dffce215SKirk McKusick 	/*
938dffce215SKirk McKusick 	 * If there is summary information, write it first, so if there
939dffce215SKirk McKusick 	 * is an error, the superblock will not be marked as clean.
940dffce215SKirk McKusick 	 */
94134816cb9SKirk McKusick 	if (fs->fs_si != NULL && fs->fs_csp != NULL) {
942dffce215SKirk McKusick 		blks = howmany(fs->fs_cssize, fs->fs_fsize);
943dffce215SKirk McKusick 		space = (uint8_t *)fs->fs_csp;
944dffce215SKirk McKusick 		for (i = 0; i < blks; i += fs->fs_frag) {
945dffce215SKirk McKusick 			size = fs->fs_bsize;
946dffce215SKirk McKusick 			if (i + fs->fs_frag > blks)
947dffce215SKirk McKusick 				size = (blks - i) * fs->fs_fsize;
948dffce215SKirk McKusick 			if ((error = (*writefunc)(devfd,
949dffce215SKirk McKusick 			     dbtob(fsbtodb(fs, fs->fs_csaddr + i)),
950dffce215SKirk McKusick 			     space, size)) != 0)
951dffce215SKirk McKusick 				return (error);
952dffce215SKirk McKusick 			space += size;
953dffce215SKirk McKusick 		}
954dffce215SKirk McKusick 	}
955dffce215SKirk McKusick 	fs->fs_fmod = 0;
95693440bbeSKirk McKusick #ifndef _KERNEL
95793440bbeSKirk McKusick 	{
95893440bbeSKirk McKusick 		struct fs_summary_info *fs_si;
95993440bbeSKirk McKusick 
96093440bbeSKirk McKusick 		fs->fs_time = time(NULL);
96193440bbeSKirk McKusick 		/* Clear the pointers for the duration of writing. */
96293440bbeSKirk McKusick 		fs_si = fs->fs_si;
96393440bbeSKirk McKusick 		fs->fs_si = NULL;
964ade67b50SKirk McKusick 		fs->fs_ckhash = ffs_calc_sbhash(fs);
96593440bbeSKirk McKusick 		error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize);
96693440bbeSKirk McKusick 		fs->fs_si = fs_si;
96793440bbeSKirk McKusick 	}
96893440bbeSKirk McKusick #else /* _KERNEL */
96993440bbeSKirk McKusick 	fs->fs_time = time_second;
97093440bbeSKirk McKusick 	fs->fs_ckhash = ffs_calc_sbhash(fs);
97193440bbeSKirk McKusick 	error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize);
97293440bbeSKirk McKusick #endif /* _KERNEL */
973dffce215SKirk McKusick 	return (error);
974dffce215SKirk McKusick }
975dffce215SKirk McKusick 
976dffce215SKirk McKusick /*
977ec888383SKirk McKusick  * Calculate the check-hash for a superblock.
978ec888383SKirk McKusick  */
979ade67b50SKirk McKusick uint32_t
980ade67b50SKirk McKusick ffs_calc_sbhash(struct fs *fs)
981ec888383SKirk McKusick {
982ec888383SKirk McKusick 	uint32_t ckhash, save_ckhash;
983ec888383SKirk McKusick 
984ec888383SKirk McKusick 	/*
985ec888383SKirk McKusick 	 * A filesystem that was using a superblock ckhash may be moved
986ec888383SKirk McKusick 	 * to an older kernel that does not support ckhashes. The
987ec888383SKirk McKusick 	 * older kernel will clear the FS_METACKHASH flag indicating
988ec888383SKirk McKusick 	 * that it does not update hashes. When the disk is moved back
989ec888383SKirk McKusick 	 * to a kernel capable of ckhashes it disables them on mount:
990ec888383SKirk McKusick 	 *
991ec888383SKirk McKusick 	 *	if ((fs->fs_flags & FS_METACKHASH) == 0)
992ec888383SKirk McKusick 	 *		fs->fs_metackhash = 0;
993ec888383SKirk McKusick 	 *
994ec888383SKirk McKusick 	 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an
995ec888383SKirk McKusick 	 * old stale value in the fs->fs_ckhash field. Thus the need to
996ec888383SKirk McKusick 	 * just accept what is there.
997ec888383SKirk McKusick 	 */
998ec888383SKirk McKusick 	if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0)
999ec888383SKirk McKusick 		return (fs->fs_ckhash);
1000ec888383SKirk McKusick 
1001ec888383SKirk McKusick 	save_ckhash = fs->fs_ckhash;
1002ec888383SKirk McKusick 	fs->fs_ckhash = 0;
1003ec888383SKirk McKusick 	/*
1004ec888383SKirk McKusick 	 * If newly read from disk, the caller is responsible for
1005ec888383SKirk McKusick 	 * verifying that fs->fs_sbsize <= SBLOCKSIZE.
1006ec888383SKirk McKusick 	 */
1007ec888383SKirk McKusick 	ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize);
1008ec888383SKirk McKusick 	fs->fs_ckhash = save_ckhash;
1009ec888383SKirk McKusick 	return (ckhash);
1010ec888383SKirk McKusick }
1011ec888383SKirk McKusick 
1012ec888383SKirk McKusick /*
1013df8bae1dSRodney W. Grimes  * Update the frsum fields to reflect addition or deletion
1014df8bae1dSRodney W. Grimes  * of some frags.
1015df8bae1dSRodney W. Grimes  */
1016df8bae1dSRodney W. Grimes void
101715c377c3SEd Maste ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt)
1018df8bae1dSRodney W. Grimes {
1019df8bae1dSRodney W. Grimes 	int inblk;
102005f4ff5dSPoul-Henning Kamp 	int field, subfield;
102105f4ff5dSPoul-Henning Kamp 	int siz, pos;
1022df8bae1dSRodney W. Grimes 
1023df8bae1dSRodney W. Grimes 	inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1;
1024df8bae1dSRodney W. Grimes 	fragmap <<= 1;
1025df8bae1dSRodney W. Grimes 	for (siz = 1; siz < fs->fs_frag; siz++) {
1026df8bae1dSRodney W. Grimes 		if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0)
1027df8bae1dSRodney W. Grimes 			continue;
1028df8bae1dSRodney W. Grimes 		field = around[siz];
1029df8bae1dSRodney W. Grimes 		subfield = inside[siz];
1030df8bae1dSRodney W. Grimes 		for (pos = siz; pos <= fs->fs_frag; pos++) {
1031df8bae1dSRodney W. Grimes 			if ((fragmap & field) == subfield) {
1032df8bae1dSRodney W. Grimes 				fraglist[siz] += cnt;
1033df8bae1dSRodney W. Grimes 				pos += siz;
1034df8bae1dSRodney W. Grimes 				field <<= siz;
1035df8bae1dSRodney W. Grimes 				subfield <<= siz;
1036df8bae1dSRodney W. Grimes 			}
1037df8bae1dSRodney W. Grimes 			field <<= 1;
1038df8bae1dSRodney W. Grimes 			subfield <<= 1;
1039df8bae1dSRodney W. Grimes 		}
1040df8bae1dSRodney W. Grimes 	}
1041df8bae1dSRodney W. Grimes }
1042df8bae1dSRodney W. Grimes 
1043df8bae1dSRodney W. Grimes /*
1044df8bae1dSRodney W. Grimes  * block operations
1045df8bae1dSRodney W. Grimes  *
1046df8bae1dSRodney W. Grimes  * check if a block is available
1047df8bae1dSRodney W. Grimes  */
1048df8bae1dSRodney W. Grimes int
104915c377c3SEd Maste ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h)
1050df8bae1dSRodney W. Grimes {
1051df8bae1dSRodney W. Grimes 	unsigned char mask;
1052df8bae1dSRodney W. Grimes 
1053df8bae1dSRodney W. Grimes 	switch ((int)fs->fs_frag) {
1054df8bae1dSRodney W. Grimes 	case 8:
1055df8bae1dSRodney W. Grimes 		return (cp[h] == 0xff);
1056df8bae1dSRodney W. Grimes 	case 4:
1057df8bae1dSRodney W. Grimes 		mask = 0x0f << ((h & 0x1) << 2);
1058df8bae1dSRodney W. Grimes 		return ((cp[h >> 1] & mask) == mask);
1059df8bae1dSRodney W. Grimes 	case 2:
1060df8bae1dSRodney W. Grimes 		mask = 0x03 << ((h & 0x3) << 1);
1061df8bae1dSRodney W. Grimes 		return ((cp[h >> 2] & mask) == mask);
1062df8bae1dSRodney W. Grimes 	case 1:
1063df8bae1dSRodney W. Grimes 		mask = 0x01 << (h & 0x7);
1064df8bae1dSRodney W. Grimes 		return ((cp[h >> 3] & mask) == mask);
1065df8bae1dSRodney W. Grimes 	default:
1066113db2ddSJeff Roberson #ifdef _KERNEL
1067df8bae1dSRodney W. Grimes 		panic("ffs_isblock");
1068113db2ddSJeff Roberson #endif
1069113db2ddSJeff Roberson 		break;
1070113db2ddSJeff Roberson 	}
1071113db2ddSJeff Roberson 	return (0);
1072113db2ddSJeff Roberson }
1073113db2ddSJeff Roberson 
1074113db2ddSJeff Roberson /*
1075113db2ddSJeff Roberson  * check if a block is free
1076113db2ddSJeff Roberson  */
1077113db2ddSJeff Roberson int
1078831b1ff7SKirk McKusick ffs_isfreeblock(struct fs *fs, uint8_t *cp, ufs1_daddr_t h)
1079113db2ddSJeff Roberson {
1080113db2ddSJeff Roberson 
1081113db2ddSJeff Roberson 	switch ((int)fs->fs_frag) {
1082113db2ddSJeff Roberson 	case 8:
1083113db2ddSJeff Roberson 		return (cp[h] == 0);
1084113db2ddSJeff Roberson 	case 4:
1085113db2ddSJeff Roberson 		return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0);
1086113db2ddSJeff Roberson 	case 2:
1087113db2ddSJeff Roberson 		return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0);
1088113db2ddSJeff Roberson 	case 1:
1089113db2ddSJeff Roberson 		return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0);
1090113db2ddSJeff Roberson 	default:
1091113db2ddSJeff Roberson #ifdef _KERNEL
1092113db2ddSJeff Roberson 		panic("ffs_isfreeblock");
1093113db2ddSJeff Roberson #endif
1094113db2ddSJeff Roberson 		break;
1095df8bae1dSRodney W. Grimes 	}
1096589c7af9SKirk McKusick 	return (0);
1097df8bae1dSRodney W. Grimes }
1098df8bae1dSRodney W. Grimes 
1099df8bae1dSRodney W. Grimes /*
1100df8bae1dSRodney W. Grimes  * take a block out of the map
1101df8bae1dSRodney W. Grimes  */
1102df8bae1dSRodney W. Grimes void
1103831b1ff7SKirk McKusick ffs_clrblock(struct fs *fs, uint8_t *cp, ufs1_daddr_t h)
1104df8bae1dSRodney W. Grimes {
1105df8bae1dSRodney W. Grimes 
1106df8bae1dSRodney W. Grimes 	switch ((int)fs->fs_frag) {
1107df8bae1dSRodney W. Grimes 	case 8:
1108df8bae1dSRodney W. Grimes 		cp[h] = 0;
1109df8bae1dSRodney W. Grimes 		return;
1110df8bae1dSRodney W. Grimes 	case 4:
1111df8bae1dSRodney W. Grimes 		cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2));
1112df8bae1dSRodney W. Grimes 		return;
1113df8bae1dSRodney W. Grimes 	case 2:
1114df8bae1dSRodney W. Grimes 		cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1));
1115df8bae1dSRodney W. Grimes 		return;
1116df8bae1dSRodney W. Grimes 	case 1:
1117df8bae1dSRodney W. Grimes 		cp[h >> 3] &= ~(0x01 << (h & 0x7));
1118df8bae1dSRodney W. Grimes 		return;
1119df8bae1dSRodney W. Grimes 	default:
1120113db2ddSJeff Roberson #ifdef _KERNEL
1121df8bae1dSRodney W. Grimes 		panic("ffs_clrblock");
1122113db2ddSJeff Roberson #endif
1123113db2ddSJeff Roberson 		break;
1124df8bae1dSRodney W. Grimes 	}
1125df8bae1dSRodney W. Grimes }
1126df8bae1dSRodney W. Grimes 
1127df8bae1dSRodney W. Grimes /*
1128df8bae1dSRodney W. Grimes  * put a block into the map
1129df8bae1dSRodney W. Grimes  */
1130df8bae1dSRodney W. Grimes void
113115c377c3SEd Maste ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h)
1132df8bae1dSRodney W. Grimes {
1133df8bae1dSRodney W. Grimes 
1134df8bae1dSRodney W. Grimes 	switch ((int)fs->fs_frag) {
1135df8bae1dSRodney W. Grimes 	case 8:
1136df8bae1dSRodney W. Grimes 		cp[h] = 0xff;
1137df8bae1dSRodney W. Grimes 		return;
1138df8bae1dSRodney W. Grimes 	case 4:
1139df8bae1dSRodney W. Grimes 		cp[h >> 1] |= (0x0f << ((h & 0x1) << 2));
1140df8bae1dSRodney W. Grimes 		return;
1141df8bae1dSRodney W. Grimes 	case 2:
1142df8bae1dSRodney W. Grimes 		cp[h >> 2] |= (0x03 << ((h & 0x3) << 1));
1143df8bae1dSRodney W. Grimes 		return;
1144df8bae1dSRodney W. Grimes 	case 1:
1145df8bae1dSRodney W. Grimes 		cp[h >> 3] |= (0x01 << (h & 0x7));
1146df8bae1dSRodney W. Grimes 		return;
1147df8bae1dSRodney W. Grimes 	default:
1148113db2ddSJeff Roberson #ifdef _KERNEL
1149df8bae1dSRodney W. Grimes 		panic("ffs_setblock");
1150113db2ddSJeff Roberson #endif
1151113db2ddSJeff Roberson 		break;
1152df8bae1dSRodney W. Grimes 	}
1153df8bae1dSRodney W. Grimes }
1154113db2ddSJeff Roberson 
1155113db2ddSJeff Roberson /*
1156113db2ddSJeff Roberson  * Update the cluster map because of an allocation or free.
1157113db2ddSJeff Roberson  *
1158113db2ddSJeff Roberson  * Cnt == 1 means free; cnt == -1 means allocating.
1159113db2ddSJeff Roberson  */
1160113db2ddSJeff Roberson void
116115c377c3SEd Maste ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt)
1162113db2ddSJeff Roberson {
1163113db2ddSJeff Roberson 	int32_t *sump;
1164113db2ddSJeff Roberson 	int32_t *lp;
1165831b1ff7SKirk McKusick 	uint8_t *freemapp, *mapp;
1166e1c27cf7SKirk McKusick 	int i, start, end, forw, back, map;
1167831b1ff7SKirk McKusick 	uint64_t bit;
1168113db2ddSJeff Roberson 
1169113db2ddSJeff Roberson 	if (fs->fs_contigsumsize <= 0)
1170113db2ddSJeff Roberson 		return;
1171113db2ddSJeff Roberson 	freemapp = cg_clustersfree(cgp);
1172113db2ddSJeff Roberson 	sump = cg_clustersum(cgp);
1173113db2ddSJeff Roberson 	/*
1174113db2ddSJeff Roberson 	 * Allocate or clear the actual block.
1175113db2ddSJeff Roberson 	 */
1176113db2ddSJeff Roberson 	if (cnt > 0)
1177113db2ddSJeff Roberson 		setbit(freemapp, blkno);
1178113db2ddSJeff Roberson 	else
1179113db2ddSJeff Roberson 		clrbit(freemapp, blkno);
1180113db2ddSJeff Roberson 	/*
1181113db2ddSJeff Roberson 	 * Find the size of the cluster going forward.
1182113db2ddSJeff Roberson 	 */
1183113db2ddSJeff Roberson 	start = blkno + 1;
1184113db2ddSJeff Roberson 	end = start + fs->fs_contigsumsize;
1185113db2ddSJeff Roberson 	if (end >= cgp->cg_nclusterblks)
1186113db2ddSJeff Roberson 		end = cgp->cg_nclusterblks;
1187113db2ddSJeff Roberson 	mapp = &freemapp[start / NBBY];
1188113db2ddSJeff Roberson 	map = *mapp++;
1189e1c27cf7SKirk McKusick 	bit = 1U << (start % NBBY);
1190113db2ddSJeff Roberson 	for (i = start; i < end; i++) {
1191113db2ddSJeff Roberson 		if ((map & bit) == 0)
1192113db2ddSJeff Roberson 			break;
1193113db2ddSJeff Roberson 		if ((i & (NBBY - 1)) != (NBBY - 1)) {
1194113db2ddSJeff Roberson 			bit <<= 1;
1195113db2ddSJeff Roberson 		} else {
1196113db2ddSJeff Roberson 			map = *mapp++;
1197113db2ddSJeff Roberson 			bit = 1;
1198113db2ddSJeff Roberson 		}
1199113db2ddSJeff Roberson 	}
1200113db2ddSJeff Roberson 	forw = i - start;
1201113db2ddSJeff Roberson 	/*
1202113db2ddSJeff Roberson 	 * Find the size of the cluster going backward.
1203113db2ddSJeff Roberson 	 */
1204113db2ddSJeff Roberson 	start = blkno - 1;
1205113db2ddSJeff Roberson 	end = start - fs->fs_contigsumsize;
1206113db2ddSJeff Roberson 	if (end < 0)
1207113db2ddSJeff Roberson 		end = -1;
1208113db2ddSJeff Roberson 	mapp = &freemapp[start / NBBY];
1209113db2ddSJeff Roberson 	map = *mapp--;
1210e1c27cf7SKirk McKusick 	bit = 1U << (start % NBBY);
1211113db2ddSJeff Roberson 	for (i = start; i > end; i--) {
1212113db2ddSJeff Roberson 		if ((map & bit) == 0)
1213113db2ddSJeff Roberson 			break;
1214113db2ddSJeff Roberson 		if ((i & (NBBY - 1)) != 0) {
1215113db2ddSJeff Roberson 			bit >>= 1;
1216113db2ddSJeff Roberson 		} else {
1217113db2ddSJeff Roberson 			map = *mapp--;
1218e1c27cf7SKirk McKusick 			bit = 1U << (NBBY - 1);
1219113db2ddSJeff Roberson 		}
1220113db2ddSJeff Roberson 	}
1221113db2ddSJeff Roberson 	back = start - i;
1222113db2ddSJeff Roberson 	/*
1223113db2ddSJeff Roberson 	 * Account for old cluster and the possibly new forward and
1224113db2ddSJeff Roberson 	 * back clusters.
1225113db2ddSJeff Roberson 	 */
1226113db2ddSJeff Roberson 	i = back + forw + 1;
1227113db2ddSJeff Roberson 	if (i > fs->fs_contigsumsize)
1228113db2ddSJeff Roberson 		i = fs->fs_contigsumsize;
1229113db2ddSJeff Roberson 	sump[i] += cnt;
1230113db2ddSJeff Roberson 	if (back > 0)
1231113db2ddSJeff Roberson 		sump[back] -= cnt;
1232113db2ddSJeff Roberson 	if (forw > 0)
1233113db2ddSJeff Roberson 		sump[forw] -= cnt;
1234113db2ddSJeff Roberson 	/*
1235113db2ddSJeff Roberson 	 * Update cluster summary information.
1236113db2ddSJeff Roberson 	 */
1237113db2ddSJeff Roberson 	lp = &sump[fs->fs_contigsumsize];
1238113db2ddSJeff Roberson 	for (i = fs->fs_contigsumsize; i > 0; i--)
1239113db2ddSJeff Roberson 		if (*lp-- > 0)
1240113db2ddSJeff Roberson 			break;
1241113db2ddSJeff Roberson 	fs->fs_maxcluster[cgp->cg_cgx] = i;
1242113db2ddSJeff Roberson }
1243