1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * @(#)ffs_subr.c 8.5 (Berkeley) 3/21/95 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/limits.h> 39 40 #ifndef _KERNEL 41 #include <stdio.h> 42 #include <string.h> 43 #include <stdlib.h> 44 #include <time.h> 45 #include <sys/errno.h> 46 #include <ufs/ufs/dinode.h> 47 #include <ufs/ffs/fs.h> 48 49 uint32_t calculate_crc32c(uint32_t, const void *, size_t); 50 uint32_t ffs_calc_sbhash(struct fs *); 51 struct malloc_type; 52 #define UFS_MALLOC(size, type, flags) malloc(size) 53 #define UFS_FREE(ptr, type) free(ptr) 54 #define maxphys MAXPHYS 55 56 #else /* _KERNEL */ 57 #include <sys/systm.h> 58 #include <sys/gsb_crc32.h> 59 #include <sys/lock.h> 60 #include <sys/malloc.h> 61 #include <sys/mount.h> 62 #include <sys/vnode.h> 63 #include <sys/bio.h> 64 #include <sys/buf.h> 65 #include <sys/ucred.h> 66 67 #include <ufs/ufs/quota.h> 68 #include <ufs/ufs/inode.h> 69 #include <ufs/ufs/extattr.h> 70 #include <ufs/ufs/ufsmount.h> 71 #include <ufs/ufs/ufs_extern.h> 72 #include <ufs/ffs/ffs_extern.h> 73 #include <ufs/ffs/fs.h> 74 75 #define UFS_MALLOC(size, type, flags) malloc(size, type, flags) 76 #define UFS_FREE(ptr, type) free(ptr, type) 77 78 #endif /* _KERNEL */ 79 80 /* 81 * Verify an inode check-hash. 82 */ 83 int 84 ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 85 { 86 uint32_t ckhash, save_ckhash; 87 88 /* 89 * Return success if unallocated or we are not doing inode check-hash. 90 */ 91 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 92 return (0); 93 /* 94 * Exclude di_ckhash from the crc32 calculation, e.g., always use 95 * a check-hash value of zero when calculating the check-hash. 96 */ 97 save_ckhash = dip->di_ckhash; 98 dip->di_ckhash = 0; 99 ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 100 dip->di_ckhash = save_ckhash; 101 if (save_ckhash == ckhash) 102 return (0); 103 return (EINVAL); 104 } 105 106 /* 107 * Update an inode check-hash. 108 */ 109 void 110 ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 111 { 112 113 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 114 return; 115 /* 116 * Exclude old di_ckhash from the crc32 calculation, e.g., always use 117 * a check-hash value of zero when calculating the new check-hash. 118 */ 119 dip->di_ckhash = 0; 120 dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 121 } 122 123 /* 124 * These are the low-level functions that actually read and write 125 * the superblock and its associated data. 126 */ 127 static off_t sblock_try[] = SBLOCKSEARCH; 128 static int readsuper(void *, struct fs **, off_t, int, 129 int (*)(void *, off_t, void **, int)); 130 static int validate_sblock(struct fs *, int); 131 132 /* 133 * Read a superblock from the devfd device. 134 * 135 * If an alternate superblock is specified, it is read. Otherwise the 136 * set of locations given in the SBLOCKSEARCH list is searched for a 137 * superblock. Memory is allocated for the superblock by the readfunc and 138 * is returned. If filltype is non-NULL, additional memory is allocated 139 * of type filltype and filled in with the superblock summary information. 140 * All memory is freed when any error is returned. 141 * 142 * If a superblock is found, zero is returned. Otherwise one of the 143 * following error values is returned: 144 * EIO: non-existent or truncated superblock. 145 * EIO: error reading summary information. 146 * ENOENT: no usable known superblock found. 147 * ENOMEM: failed to allocate space for the superblock. 148 * EINVAL: The previous newfs operation on this volume did not complete. 149 * The administrator must complete newfs before using this volume. 150 */ 151 int 152 ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags, 153 struct malloc_type *filltype, 154 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 155 { 156 struct fs *fs; 157 struct fs_summary_info *fs_si; 158 int i, error; 159 uint64_t size, blks; 160 uint8_t *space; 161 int32_t *lp; 162 char *buf; 163 164 fs = NULL; 165 *fsp = NULL; 166 if (sblock != UFS_STDSB) { 167 if ((error = readsuper(devfd, &fs, sblock, 168 flags | UFS_ALTSBLK, readfunc)) != 0) { 169 if (fs != NULL) 170 UFS_FREE(fs, filltype); 171 return (error); 172 } 173 } else { 174 for (i = 0; sblock_try[i] != -1; i++) { 175 if ((error = readsuper(devfd, &fs, sblock_try[i], 176 flags, readfunc)) == 0) { 177 if ((flags & UFS_NOCSUM) != 0) { 178 *fsp = fs; 179 return (0); 180 } 181 break; 182 } 183 if (fs != NULL) { 184 UFS_FREE(fs, filltype); 185 fs = NULL; 186 } 187 if (error == ENOENT) 188 continue; 189 return (error); 190 } 191 if (sblock_try[i] == -1) 192 return (ENOENT); 193 } 194 /* 195 * Read in the superblock summary information. 196 */ 197 size = fs->fs_cssize; 198 blks = howmany(size, fs->fs_fsize); 199 if (fs->fs_contigsumsize > 0) 200 size += fs->fs_ncg * sizeof(int32_t); 201 size += fs->fs_ncg * sizeof(u_int8_t); 202 if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) { 203 UFS_FREE(fs, filltype); 204 return (ENOMEM); 205 } 206 bzero(fs_si, sizeof(*fs_si)); 207 fs->fs_si = fs_si; 208 if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) { 209 UFS_FREE(fs->fs_si, filltype); 210 UFS_FREE(fs, filltype); 211 return (ENOMEM); 212 } 213 fs->fs_csp = (struct csum *)space; 214 for (i = 0; i < blks; i += fs->fs_frag) { 215 size = fs->fs_bsize; 216 if (i + fs->fs_frag > blks) 217 size = (blks - i) * fs->fs_fsize; 218 buf = NULL; 219 error = (*readfunc)(devfd, 220 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size); 221 if (error) { 222 if (buf != NULL) 223 UFS_FREE(buf, filltype); 224 UFS_FREE(fs->fs_csp, filltype); 225 UFS_FREE(fs->fs_si, filltype); 226 UFS_FREE(fs, filltype); 227 return (error); 228 } 229 memcpy(space, buf, size); 230 UFS_FREE(buf, filltype); 231 space += size; 232 } 233 if (fs->fs_contigsumsize > 0) { 234 fs->fs_maxcluster = lp = (int32_t *)space; 235 for (i = 0; i < fs->fs_ncg; i++) 236 *lp++ = fs->fs_contigsumsize; 237 space = (uint8_t *)lp; 238 } 239 size = fs->fs_ncg * sizeof(u_int8_t); 240 fs->fs_contigdirs = (u_int8_t *)space; 241 bzero(fs->fs_contigdirs, size); 242 *fsp = fs; 243 return (0); 244 } 245 246 /* 247 * Try to read a superblock from the location specified by sblockloc. 248 * Return zero on success or an errno on failure. 249 */ 250 static int 251 readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, 252 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 253 { 254 struct fs *fs; 255 int error, res; 256 uint32_t ckhash; 257 258 error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE); 259 if (error != 0) 260 return (error); 261 fs = *fsp; 262 if (fs->fs_magic == FS_BAD_MAGIC) 263 return (EINVAL); 264 /* 265 * For UFS1 with a 65536 block size, the first backup superblock 266 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2 267 * is the first location checked, the first backup is the superblock 268 * that will be accessed. Here we fail the lookup so that we can 269 * retry with the correct location for the UFS1 superblock. 270 */ 271 if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 && 272 fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2) 273 return (ENOENT); 274 if ((error = validate_sblock(fs, flags)) > 0) 275 return (error); 276 /* 277 * If the filesystem has been run on a kernel without 278 * metadata check hashes, disable them. 279 */ 280 if ((fs->fs_flags & FS_METACKHASH) == 0) 281 fs->fs_metackhash = 0; 282 /* 283 * Clear any check-hashes that are not maintained 284 * by this kernel. Also clear any unsupported flags. 285 */ 286 fs->fs_metackhash &= CK_SUPPORTED; 287 fs->fs_flags &= FS_SUPPORTED; 288 if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) { 289 if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) == 290 (UFS_NOMSG | UFS_NOHASHFAIL)) 291 return (0); 292 if ((flags & UFS_NOMSG) != 0) 293 return (EINTEGRITY); 294 #ifdef _KERNEL 295 res = uprintf("Superblock check-hash failed: recorded " 296 "check-hash 0x%x != computed check-hash 0x%x%s\n", 297 fs->fs_ckhash, ckhash, 298 (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : ""); 299 #else 300 res = 0; 301 #endif 302 /* 303 * Print check-hash failure if no controlling terminal 304 * in kernel or always if in user-mode (libufs). 305 */ 306 if (res == 0) 307 printf("Superblock check-hash failed: recorded " 308 "check-hash 0x%x != computed check-hash " 309 "0x%x%s\n", fs->fs_ckhash, ckhash, 310 (flags & UFS_NOHASHFAIL) ? " (Ignored)" : ""); 311 if ((flags & UFS_NOHASHFAIL) != 0) 312 return (0); 313 return (EINTEGRITY); 314 } 315 /* Have to set for old filesystems that predate this field */ 316 fs->fs_sblockactualloc = sblockloc; 317 /* Not yet any summary information */ 318 fs->fs_si = NULL; 319 return (0); 320 } 321 322 /* 323 * Verify the filesystem values. 324 */ 325 #define ILOG2(num) (fls(num) - 1) 326 #ifdef STANDALONE_SMALL 327 #define MPRINT(...) do { } while (0) 328 #else 329 #define MPRINT(...) if (prtmsg) printf(__VA_ARGS__) 330 #endif 331 #define FCHK(lhs, op, rhs, fmt) \ 332 if (lhs op rhs) { \ 333 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 334 #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, \ 335 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs); \ 336 if (error == 0) \ 337 error = ENOENT; \ 338 } 339 #define WCHK(lhs, op, rhs, fmt) \ 340 if (lhs op rhs) { \ 341 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 342 #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\ 343 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\ 344 if (error == 0) \ 345 error = warnerr; \ 346 } 347 #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 348 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 349 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 350 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n", \ 351 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 352 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 353 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2); \ 354 if (error == 0) \ 355 error = ENOENT; \ 356 } 357 #define WCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 358 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 359 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 360 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")%s\n", \ 361 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 362 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 363 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2, wmsg); \ 364 if (error == 0) \ 365 error = warnerr; \ 366 } 367 368 static int 369 validate_sblock(struct fs *fs, int flags) 370 { 371 u_long i, sectorsize; 372 u_int64_t maxfilesize, sizepb; 373 int error, prtmsg, warnerr; 374 char *wmsg; 375 376 error = 0; 377 sectorsize = dbtob(1); 378 prtmsg = ((flags & UFS_NOMSG) == 0); 379 warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT; 380 wmsg = warnerr ? "" : " (Ignored)"; 381 /* 382 * If just validating for recovery, then do just the minimal 383 * checks needed for the superblock fields needed to find 384 * alternate superblocks. 385 */ 386 if ((flags & UFS_FSRONLY) == UFS_FSRONLY && 387 (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) { 388 if (fs->fs_magic == FS_UFS2_MAGIC) { 389 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 390 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 391 FCHK(fs->fs_sblockloc, <, 0, %jd); 392 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 393 } 394 FCHK(fs->fs_frag, <, 1, %jd); 395 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 396 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 397 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 398 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), 399 %jd); 400 FCHK(fs->fs_fsize, <, sectorsize, %jd); 401 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 402 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 403 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 404 FCHK(fs->fs_ncg, <, 1, %jd); 405 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 406 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 407 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 408 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, 409 %jd); 410 FCHK(fs->fs_sblkno, !=, roundup( 411 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 412 fs->fs_frag), %jd); 413 return (error); 414 } 415 if (fs->fs_magic == FS_UFS2_MAGIC) { 416 if ((flags & UFS_ALTSBLK) == 0) 417 FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, 418 fs->fs_sblockactualloc, !=, 0, %jd); 419 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 420 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 421 sizeof(ufs2_daddr_t)), %jd); 422 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), 423 %jd); 424 FCHK(fs->fs_inopb, !=, 425 fs->fs_bsize / sizeof(struct ufs2_dinode), %jd); 426 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 427 if ((flags & UFS_ALTSBLK) == 0) 428 FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); 429 FCHK(fs->fs_sblockloc, <, 0, %jd); 430 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 431 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), 432 %jd); 433 FCHK(fs->fs_inopb, !=, 434 fs->fs_bsize / sizeof(struct ufs1_dinode), %jd); 435 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 436 sizeof(ufs1_daddr_t)), %jd); 437 WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); 438 WCHK(fs->fs_old_rotdelay, !=, 0, %jd); 439 WCHK(fs->fs_old_rps, !=, 60, %jd); 440 WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); 441 WCHK(fs->fs_old_cpg, !=, 1, %jd); 442 WCHK(fs->fs_old_interleave, !=, 1, %jd); 443 WCHK(fs->fs_old_trackskew, !=, 0, %jd); 444 WCHK(fs->fs_old_cpc, !=, 0, %jd); 445 WCHK(fs->fs_old_postblformat, !=, 1, %jd); 446 WCHK(fs->fs_old_nrpos, !=, 1, %jd); 447 WCHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd); 448 WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); 449 WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); 450 FCHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd); 451 } else { 452 /* Bad magic number, so assume not a superblock */ 453 return (ENOENT); 454 } 455 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 456 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 457 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); 458 FCHK(powerof2(fs->fs_bsize), ==, 0, %jd); 459 FCHK(fs->fs_frag, <, 1, %jd); 460 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 461 FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); 462 FCHK(fs->fs_fsize, <, sectorsize, %jd); 463 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 464 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 465 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 466 FCHK(fs->fs_ncg, <, 1, %jd); 467 FCHK(fs->fs_ipg, <, 1, %jd); 468 FCHK(fs->fs_ipg * fs->fs_ncg, >, (((int64_t)(1)) << 32) - INOPB(fs), 469 %jd); 470 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 471 FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); 472 FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); 473 FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); 474 FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); 475 FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); 476 FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); 477 FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); 478 FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); 479 FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); 480 FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); 481 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 482 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 483 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 484 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); 485 FCHK(fs->fs_sblkno, !=, roundup( 486 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 487 fs->fs_frag), %jd); 488 FCHK(fs->fs_cblkno, !=, fs->fs_sblkno + 489 roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); 490 FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); 491 FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); 492 FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); 493 /* 494 * This test is valid, however older versions of growfs failed 495 * to correctly update fs_dsize so will fail this test. Thus we 496 * exclude it from the requirements. 497 */ 498 #ifdef notdef 499 WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - 500 fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) - 501 howmany(fs->fs_cssize, fs->fs_fsize), %jd); 502 #endif 503 WCHK(fs->fs_metaspace, <, 0, %jd); 504 WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); 505 WCHK(fs->fs_minfree, >, 99, %jd%%); 506 maxfilesize = fs->fs_bsize * UFS_NDADDR - 1; 507 for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) { 508 sizepb *= NINDIR(fs); 509 maxfilesize += sizepb; 510 } 511 WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); 512 /* 513 * These values have a tight interaction with each other that 514 * makes it hard to tightly bound them. So we can only check 515 * that they are within a broader possible range. 516 * 517 * The size cannot always be accurately determined, but ensure 518 * that it is consistent with the number of cylinder groups (fs_ncg) 519 * and the number of fragments per cylinder group (fs_fpg). Ensure 520 * that the summary information size is correct and that it starts 521 * and ends in the data area of the same cylinder group. 522 */ 523 FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); 524 WCHK(fs->fs_size, <=, (fs->fs_ncg - 1) * fs->fs_fpg, %jd); 525 WCHK(fs->fs_size, >, fs->fs_ncg * fs->fs_fpg, %jd); 526 /* 527 * If we are not requested to read in the csum data stop here 528 * as the correctness of the remaining values is only important 529 * to bound the space needed to be allocated to hold the csum data. 530 */ 531 if ((flags & UFS_NOCSUM) != 0) 532 return (error); 533 FCHK(fs->fs_csaddr, <, 0, %jd); 534 FCHK(fs->fs_cssize, !=, 535 fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); 536 FCHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd); 537 FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); 538 FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, 539 dtog(fs, fs->fs_csaddr), %jd); 540 /* 541 * With file system clustering it is possible to allocate 542 * many contiguous blocks. The kernel variable maxphys defines 543 * the maximum transfer size permitted by the controller and/or 544 * buffering. The fs_maxcontig parameter controls the maximum 545 * number of blocks that the filesystem will read or write 546 * in a single transfer. It is calculated when the filesystem 547 * is created as maxphys / fs_bsize. The loader uses a maxphys 548 * of 128K even when running on a system that supports larger 549 * values. If the filesystem was built on a system that supports 550 * a larger maxphys (1M is typical) it will have configured 551 * fs_maxcontig for that larger system. So we bound the upper 552 * allowable limit for fs_maxconfig to be able to at least 553 * work with a 1M maxphys on the smallest block size filesystem: 554 * 1M / 4096 == 256. There is no harm in allowing the mounting of 555 * filesystems that make larger than maxphys I/O requests because 556 * those (mostly 32-bit machines) can (very slowly) handle I/O 557 * requests that exceed maxphys. 558 */ 559 WCHK(fs->fs_maxcontig, <, 0, %jd); 560 WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); 561 WCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); 562 WCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, 563 MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd); 564 return (error); 565 } 566 567 /* 568 * Make an extensive search to find a superblock. If the superblock 569 * in the standard place cannot be used, try looking for one of the 570 * backup superblocks. 571 * 572 * Flags are made up of the following or'ed together options: 573 * 574 * UFS_NOMSG indicates that superblock inconsistency error messages 575 * should not be printed. 576 * 577 * UFS_NOCSUM causes only the superblock itself to be returned, but does 578 * not read in any auxillary data structures like the cylinder group 579 * summary information. 580 */ 581 int 582 ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags, 583 struct malloc_type *filltype, 584 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 585 { 586 struct fsrecovery *fsr; 587 struct fs *protofs; 588 void *fsrbuf; 589 char *cp; 590 long nocsum, flags, msg, cg; 591 off_t sblk, secsize; 592 int error; 593 594 msg = (reqflags & UFS_NOMSG) == 0; 595 nocsum = reqflags & UFS_NOCSUM; 596 /* 597 * Try normal superblock read and return it if it works. 598 * 599 * Suppress messages if it fails until we find out if 600 * failure can be avoided. 601 */ 602 flags = UFS_NOMSG | nocsum; 603 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 604 return (0); 605 /* 606 * First try: ignoring hash failures. 607 */ 608 flags |= UFS_NOHASHFAIL; 609 if (msg) 610 flags &= ~UFS_NOMSG; 611 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 612 return (0); 613 /* 614 * Next up is to check if fields of the superblock that are 615 * needed to find backup superblocks are usable. 616 */ 617 if (msg) 618 printf("Attempted recovery for standard superblock: failed\n"); 619 flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOMSG; 620 if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype, 621 readfunc) == 0) { 622 if (msg) 623 printf("Attempted extraction of recovery data from " 624 "standard superblock: "); 625 } else { 626 /* 627 * Final desperation is to see if alternate superblock 628 * parameters have been saved in the boot area. 629 */ 630 if (msg) 631 printf("Attempted extraction of recovery data from " 632 "standard superblock: failed\nAttempt to find " 633 "boot zone recovery data: "); 634 /* 635 * Look to see if recovery information has been saved. 636 * If so we can generate a prototype superblock based 637 * on that information. 638 * 639 * We need fragments-per-group, number of cylinder groups, 640 * location of the superblock within the cylinder group, and 641 * the conversion from filesystem fragments to disk blocks. 642 * 643 * When building a UFS2 filesystem, newfs(8) stores these 644 * details at the end of the boot block area at the start 645 * of the filesystem partition. If they have been overwritten 646 * by a boot block, we fail. But usually they are there 647 * and we can use them. 648 * 649 * We could ask the underlying device for its sector size, 650 * but some devices lie. So we just try a plausible range. 651 */ 652 error = ENOENT; 653 for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2) 654 if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize), 655 &fsrbuf, secsize)) == 0) 656 break; 657 if (error != 0) 658 goto trynowarn; 659 cp = fsrbuf; /* type change to keep compiler happy */ 660 fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr]; 661 if (fsr->fsr_magic != FS_UFS2_MAGIC || 662 (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT)) 663 == NULL) { 664 UFS_FREE(fsrbuf, filltype); 665 goto trynowarn; 666 } 667 memset(protofs, 0, sizeof(struct fs)); 668 protofs->fs_fpg = fsr->fsr_fpg; 669 protofs->fs_fsbtodb = fsr->fsr_fsbtodb; 670 protofs->fs_sblkno = fsr->fsr_sblkno; 671 protofs->fs_magic = fsr->fsr_magic; 672 protofs->fs_ncg = fsr->fsr_ncg; 673 UFS_FREE(fsrbuf, filltype); 674 } 675 /* 676 * Scan looking for alternative superblocks. 677 */ 678 for (cg = 0; cg < protofs->fs_ncg; cg++) { 679 sblk = dbtob(fsbtodb(protofs, cgsblock(protofs, cg))); 680 if (ffs_sbget(devfd, fsp, sblk, UFS_NOMSG | nocsum, filltype, 681 readfunc) == 0) { 682 if (msg) 683 printf("succeeded with alternate superblock " 684 "at %jd\n", (intmax_t)btodb(sblk)); 685 UFS_FREE(protofs, filltype); 686 return (0); 687 } 688 } 689 UFS_FREE(protofs, filltype); 690 /* 691 * Our alternate superblock strategies failed. Our last ditch effort 692 * is to see if the standard superblock has only non-critical errors. 693 */ 694 trynowarn: 695 flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum; 696 if (msg) { 697 printf("failed\n"); 698 flags &= ~UFS_NOMSG; 699 } 700 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0) 701 return (ENOENT); 702 if (msg) 703 printf("Using standard superblock with non-critical errors.\n"); 704 return (0); 705 } 706 707 /* 708 * Write a superblock to the devfd device from the memory pointed to by fs. 709 * Write out the superblock summary information if it is present. 710 * 711 * If the write is successful, zero is returned. Otherwise one of the 712 * following error values is returned: 713 * EIO: failed to write superblock. 714 * EIO: failed to write superblock summary information. 715 */ 716 int 717 ffs_sbput(void *devfd, struct fs *fs, off_t loc, 718 int (*writefunc)(void *devfd, off_t loc, void *buf, int size)) 719 { 720 int i, error, blks, size; 721 uint8_t *space; 722 723 /* 724 * If there is summary information, write it first, so if there 725 * is an error, the superblock will not be marked as clean. 726 */ 727 if (fs->fs_si != NULL && fs->fs_csp != NULL) { 728 blks = howmany(fs->fs_cssize, fs->fs_fsize); 729 space = (uint8_t *)fs->fs_csp; 730 for (i = 0; i < blks; i += fs->fs_frag) { 731 size = fs->fs_bsize; 732 if (i + fs->fs_frag > blks) 733 size = (blks - i) * fs->fs_fsize; 734 if ((error = (*writefunc)(devfd, 735 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), 736 space, size)) != 0) 737 return (error); 738 space += size; 739 } 740 } 741 fs->fs_fmod = 0; 742 #ifndef _KERNEL 743 { 744 struct fs_summary_info *fs_si; 745 746 fs->fs_time = time(NULL); 747 /* Clear the pointers for the duration of writing. */ 748 fs_si = fs->fs_si; 749 fs->fs_si = NULL; 750 fs->fs_ckhash = ffs_calc_sbhash(fs); 751 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 752 fs->fs_si = fs_si; 753 } 754 #else /* _KERNEL */ 755 fs->fs_time = time_second; 756 fs->fs_ckhash = ffs_calc_sbhash(fs); 757 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 758 #endif /* _KERNEL */ 759 return (error); 760 } 761 762 /* 763 * Calculate the check-hash for a superblock. 764 */ 765 uint32_t 766 ffs_calc_sbhash(struct fs *fs) 767 { 768 uint32_t ckhash, save_ckhash; 769 770 /* 771 * A filesystem that was using a superblock ckhash may be moved 772 * to an older kernel that does not support ckhashes. The 773 * older kernel will clear the FS_METACKHASH flag indicating 774 * that it does not update hashes. When the disk is moved back 775 * to a kernel capable of ckhashes it disables them on mount: 776 * 777 * if ((fs->fs_flags & FS_METACKHASH) == 0) 778 * fs->fs_metackhash = 0; 779 * 780 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an 781 * old stale value in the fs->fs_ckhash field. Thus the need to 782 * just accept what is there. 783 */ 784 if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0) 785 return (fs->fs_ckhash); 786 787 save_ckhash = fs->fs_ckhash; 788 fs->fs_ckhash = 0; 789 /* 790 * If newly read from disk, the caller is responsible for 791 * verifying that fs->fs_sbsize <= SBLOCKSIZE. 792 */ 793 ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize); 794 fs->fs_ckhash = save_ckhash; 795 return (ckhash); 796 } 797 798 /* 799 * Update the frsum fields to reflect addition or deletion 800 * of some frags. 801 */ 802 void 803 ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt) 804 { 805 int inblk; 806 int field, subfield; 807 int siz, pos; 808 809 inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1; 810 fragmap <<= 1; 811 for (siz = 1; siz < fs->fs_frag; siz++) { 812 if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0) 813 continue; 814 field = around[siz]; 815 subfield = inside[siz]; 816 for (pos = siz; pos <= fs->fs_frag; pos++) { 817 if ((fragmap & field) == subfield) { 818 fraglist[siz] += cnt; 819 pos += siz; 820 field <<= siz; 821 subfield <<= siz; 822 } 823 field <<= 1; 824 subfield <<= 1; 825 } 826 } 827 } 828 829 /* 830 * block operations 831 * 832 * check if a block is available 833 */ 834 int 835 ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 836 { 837 unsigned char mask; 838 839 switch ((int)fs->fs_frag) { 840 case 8: 841 return (cp[h] == 0xff); 842 case 4: 843 mask = 0x0f << ((h & 0x1) << 2); 844 return ((cp[h >> 1] & mask) == mask); 845 case 2: 846 mask = 0x03 << ((h & 0x3) << 1); 847 return ((cp[h >> 2] & mask) == mask); 848 case 1: 849 mask = 0x01 << (h & 0x7); 850 return ((cp[h >> 3] & mask) == mask); 851 default: 852 #ifdef _KERNEL 853 panic("ffs_isblock"); 854 #endif 855 break; 856 } 857 return (0); 858 } 859 860 /* 861 * check if a block is free 862 */ 863 int 864 ffs_isfreeblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 865 { 866 867 switch ((int)fs->fs_frag) { 868 case 8: 869 return (cp[h] == 0); 870 case 4: 871 return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0); 872 case 2: 873 return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0); 874 case 1: 875 return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0); 876 default: 877 #ifdef _KERNEL 878 panic("ffs_isfreeblock"); 879 #endif 880 break; 881 } 882 return (0); 883 } 884 885 /* 886 * take a block out of the map 887 */ 888 void 889 ffs_clrblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 890 { 891 892 switch ((int)fs->fs_frag) { 893 case 8: 894 cp[h] = 0; 895 return; 896 case 4: 897 cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2)); 898 return; 899 case 2: 900 cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1)); 901 return; 902 case 1: 903 cp[h >> 3] &= ~(0x01 << (h & 0x7)); 904 return; 905 default: 906 #ifdef _KERNEL 907 panic("ffs_clrblock"); 908 #endif 909 break; 910 } 911 } 912 913 /* 914 * put a block into the map 915 */ 916 void 917 ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 918 { 919 920 switch ((int)fs->fs_frag) { 921 case 8: 922 cp[h] = 0xff; 923 return; 924 case 4: 925 cp[h >> 1] |= (0x0f << ((h & 0x1) << 2)); 926 return; 927 case 2: 928 cp[h >> 2] |= (0x03 << ((h & 0x3) << 1)); 929 return; 930 case 1: 931 cp[h >> 3] |= (0x01 << (h & 0x7)); 932 return; 933 default: 934 #ifdef _KERNEL 935 panic("ffs_setblock"); 936 #endif 937 break; 938 } 939 } 940 941 /* 942 * Update the cluster map because of an allocation or free. 943 * 944 * Cnt == 1 means free; cnt == -1 means allocating. 945 */ 946 void 947 ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt) 948 { 949 int32_t *sump; 950 int32_t *lp; 951 u_char *freemapp, *mapp; 952 int i, start, end, forw, back, map; 953 u_int bit; 954 955 if (fs->fs_contigsumsize <= 0) 956 return; 957 freemapp = cg_clustersfree(cgp); 958 sump = cg_clustersum(cgp); 959 /* 960 * Allocate or clear the actual block. 961 */ 962 if (cnt > 0) 963 setbit(freemapp, blkno); 964 else 965 clrbit(freemapp, blkno); 966 /* 967 * Find the size of the cluster going forward. 968 */ 969 start = blkno + 1; 970 end = start + fs->fs_contigsumsize; 971 if (end >= cgp->cg_nclusterblks) 972 end = cgp->cg_nclusterblks; 973 mapp = &freemapp[start / NBBY]; 974 map = *mapp++; 975 bit = 1U << (start % NBBY); 976 for (i = start; i < end; i++) { 977 if ((map & bit) == 0) 978 break; 979 if ((i & (NBBY - 1)) != (NBBY - 1)) { 980 bit <<= 1; 981 } else { 982 map = *mapp++; 983 bit = 1; 984 } 985 } 986 forw = i - start; 987 /* 988 * Find the size of the cluster going backward. 989 */ 990 start = blkno - 1; 991 end = start - fs->fs_contigsumsize; 992 if (end < 0) 993 end = -1; 994 mapp = &freemapp[start / NBBY]; 995 map = *mapp--; 996 bit = 1U << (start % NBBY); 997 for (i = start; i > end; i--) { 998 if ((map & bit) == 0) 999 break; 1000 if ((i & (NBBY - 1)) != 0) { 1001 bit >>= 1; 1002 } else { 1003 map = *mapp--; 1004 bit = 1U << (NBBY - 1); 1005 } 1006 } 1007 back = start - i; 1008 /* 1009 * Account for old cluster and the possibly new forward and 1010 * back clusters. 1011 */ 1012 i = back + forw + 1; 1013 if (i > fs->fs_contigsumsize) 1014 i = fs->fs_contigsumsize; 1015 sump[i] += cnt; 1016 if (back > 0) 1017 sump[back] -= cnt; 1018 if (forw > 0) 1019 sump[forw] -= cnt; 1020 /* 1021 * Update cluster summary information. 1022 */ 1023 lp = &sump[fs->fs_contigsumsize]; 1024 for (i = fs->fs_contigsumsize; i > 0; i--) 1025 if (*lp-- > 0) 1026 break; 1027 fs->fs_maxcluster[cgp->cg_cgx] = i; 1028 } 1029