1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * @(#)ffs_subr.c 8.5 (Berkeley) 3/21/95 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/limits.h> 39 40 #ifndef _KERNEL 41 #include <stdio.h> 42 #include <string.h> 43 #include <stdlib.h> 44 #include <time.h> 45 #include <sys/errno.h> 46 #include <ufs/ufs/dinode.h> 47 #include <ufs/ffs/fs.h> 48 49 uint32_t calculate_crc32c(uint32_t, const void *, size_t); 50 uint32_t ffs_calc_sbhash(struct fs *); 51 struct malloc_type; 52 #define UFS_MALLOC(size, type, flags) malloc(size) 53 #define UFS_FREE(ptr, type) free(ptr) 54 #define maxphys MAXPHYS 55 56 #else /* _KERNEL */ 57 #include <sys/systm.h> 58 #include <sys/gsb_crc32.h> 59 #include <sys/lock.h> 60 #include <sys/malloc.h> 61 #include <sys/mount.h> 62 #include <sys/vnode.h> 63 #include <sys/bio.h> 64 #include <sys/buf.h> 65 #include <sys/ucred.h> 66 67 #include <ufs/ufs/quota.h> 68 #include <ufs/ufs/inode.h> 69 #include <ufs/ufs/extattr.h> 70 #include <ufs/ufs/ufsmount.h> 71 #include <ufs/ufs/ufs_extern.h> 72 #include <ufs/ffs/ffs_extern.h> 73 #include <ufs/ffs/fs.h> 74 75 #define UFS_MALLOC(size, type, flags) malloc(size, type, flags) 76 #define UFS_FREE(ptr, type) free(ptr, type) 77 78 #endif /* _KERNEL */ 79 80 /* 81 * Verify an inode check-hash. 82 */ 83 int 84 ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 85 { 86 uint32_t ckhash, save_ckhash; 87 88 /* 89 * Return success if unallocated or we are not doing inode check-hash. 90 */ 91 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 92 return (0); 93 /* 94 * Exclude di_ckhash from the crc32 calculation, e.g., always use 95 * a check-hash value of zero when calculating the check-hash. 96 */ 97 save_ckhash = dip->di_ckhash; 98 dip->di_ckhash = 0; 99 ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 100 dip->di_ckhash = save_ckhash; 101 if (save_ckhash == ckhash) 102 return (0); 103 return (EINVAL); 104 } 105 106 /* 107 * Update an inode check-hash. 108 */ 109 void 110 ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 111 { 112 113 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 114 return; 115 /* 116 * Exclude old di_ckhash from the crc32 calculation, e.g., always use 117 * a check-hash value of zero when calculating the new check-hash. 118 */ 119 dip->di_ckhash = 0; 120 dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 121 } 122 123 /* 124 * These are the low-level functions that actually read and write 125 * the superblock and its associated data. 126 */ 127 static off_t sblock_try[] = SBLOCKSEARCH; 128 static int readsuper(void *, struct fs **, off_t, int, 129 int (*)(void *, off_t, void **, int)); 130 static int validate_sblock(struct fs *, int); 131 132 /* 133 * Read a superblock from the devfd device. 134 * 135 * If an alternate superblock is specified, it is read. Otherwise the 136 * set of locations given in the SBLOCKSEARCH list is searched for a 137 * superblock. Memory is allocated for the superblock by the readfunc and 138 * is returned. If filltype is non-NULL, additional memory is allocated 139 * of type filltype and filled in with the superblock summary information. 140 * All memory is freed when any error is returned. 141 * 142 * If a superblock is found, zero is returned. Otherwise one of the 143 * following error values is returned: 144 * EIO: non-existent or truncated superblock. 145 * EIO: error reading summary information. 146 * ENOENT: no usable known superblock found. 147 * ENOMEM: failed to allocate space for the superblock. 148 * EINVAL: The previous newfs operation on this volume did not complete. 149 * The administrator must complete newfs before using this volume. 150 */ 151 int 152 ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags, 153 struct malloc_type *filltype, 154 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 155 { 156 struct fs *fs; 157 struct fs_summary_info *fs_si; 158 int i, error; 159 uint64_t size, blks; 160 uint8_t *space; 161 int32_t *lp; 162 char *buf; 163 164 fs = NULL; 165 *fsp = NULL; 166 if (sblock != UFS_STDSB) { 167 if ((error = readsuper(devfd, &fs, sblock, 168 flags | UFS_ALTSBLK, readfunc)) != 0) { 169 if (fs != NULL) 170 UFS_FREE(fs, filltype); 171 return (error); 172 } 173 } else { 174 for (i = 0; sblock_try[i] != -1; i++) { 175 if ((error = readsuper(devfd, &fs, sblock_try[i], 176 flags, readfunc)) == 0) { 177 if ((flags & UFS_NOCSUM) != 0) { 178 *fsp = fs; 179 return (0); 180 } 181 break; 182 } 183 if (fs != NULL) { 184 UFS_FREE(fs, filltype); 185 fs = NULL; 186 } 187 if (error == ENOENT) 188 continue; 189 return (error); 190 } 191 if (sblock_try[i] == -1) 192 return (ENOENT); 193 } 194 /* 195 * Read in the superblock summary information. 196 */ 197 size = fs->fs_cssize; 198 blks = howmany(size, fs->fs_fsize); 199 if (fs->fs_contigsumsize > 0) 200 size += fs->fs_ncg * sizeof(int32_t); 201 size += fs->fs_ncg * sizeof(u_int8_t); 202 if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) { 203 UFS_FREE(fs, filltype); 204 return (ENOMEM); 205 } 206 bzero(fs_si, sizeof(*fs_si)); 207 fs->fs_si = fs_si; 208 if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) { 209 UFS_FREE(fs->fs_si, filltype); 210 UFS_FREE(fs, filltype); 211 return (ENOMEM); 212 } 213 fs->fs_csp = (struct csum *)space; 214 for (i = 0; i < blks; i += fs->fs_frag) { 215 size = fs->fs_bsize; 216 if (i + fs->fs_frag > blks) 217 size = (blks - i) * fs->fs_fsize; 218 buf = NULL; 219 error = (*readfunc)(devfd, 220 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size); 221 if (error) { 222 if (buf != NULL) 223 UFS_FREE(buf, filltype); 224 UFS_FREE(fs->fs_csp, filltype); 225 UFS_FREE(fs->fs_si, filltype); 226 UFS_FREE(fs, filltype); 227 return (error); 228 } 229 memcpy(space, buf, size); 230 UFS_FREE(buf, filltype); 231 space += size; 232 } 233 if (fs->fs_contigsumsize > 0) { 234 fs->fs_maxcluster = lp = (int32_t *)space; 235 for (i = 0; i < fs->fs_ncg; i++) 236 *lp++ = fs->fs_contigsumsize; 237 space = (uint8_t *)lp; 238 } 239 size = fs->fs_ncg * sizeof(u_int8_t); 240 fs->fs_contigdirs = (u_int8_t *)space; 241 bzero(fs->fs_contigdirs, size); 242 *fsp = fs; 243 return (0); 244 } 245 246 /* 247 * Try to read a superblock from the location specified by sblockloc. 248 * Return zero on success or an errno on failure. 249 */ 250 static int 251 readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, 252 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 253 { 254 struct fs *fs; 255 int error, res; 256 uint32_t ckhash; 257 258 error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE); 259 if (error != 0) 260 return (error); 261 fs = *fsp; 262 if (fs->fs_magic == FS_BAD_MAGIC) 263 return (EINVAL); 264 /* 265 * For UFS1 with a 65536 block size, the first backup superblock 266 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2 267 * is the first location checked, the first backup is the superblock 268 * that will be accessed. Here we fail the lookup so that we can 269 * retry with the correct location for the UFS1 superblock. 270 */ 271 if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 && 272 fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2) 273 return (ENOENT); 274 if ((error = validate_sblock(fs, flags)) > 0) 275 return (error); 276 /* 277 * If the filesystem has been run on a kernel without 278 * metadata check hashes, disable them. 279 */ 280 if ((fs->fs_flags & FS_METACKHASH) == 0) 281 fs->fs_metackhash = 0; 282 /* 283 * Clear any check-hashes that are not maintained 284 * by this kernel. Also clear any unsupported flags. 285 */ 286 fs->fs_metackhash &= CK_SUPPORTED; 287 fs->fs_flags &= FS_SUPPORTED; 288 if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) { 289 if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) == 290 (UFS_NOMSG | UFS_NOHASHFAIL)) 291 return (0); 292 if ((flags & UFS_NOMSG) != 0) 293 return (EINTEGRITY); 294 #ifdef _KERNEL 295 res = uprintf("Superblock check-hash failed: recorded " 296 "check-hash 0x%x != computed check-hash 0x%x%s\n", 297 fs->fs_ckhash, ckhash, 298 (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : ""); 299 #else 300 res = 0; 301 #endif 302 /* 303 * Print check-hash failure if no controlling terminal 304 * in kernel or always if in user-mode (libufs). 305 */ 306 if (res == 0) 307 printf("Superblock check-hash failed: recorded " 308 "check-hash 0x%x != computed check-hash " 309 "0x%x%s\n", fs->fs_ckhash, ckhash, 310 (flags & UFS_NOHASHFAIL) ? " (Ignored)" : ""); 311 if ((flags & UFS_NOHASHFAIL) != 0) 312 return (0); 313 return (EINTEGRITY); 314 } 315 /* Have to set for old filesystems that predate this field */ 316 fs->fs_sblockactualloc = sblockloc; 317 /* Not yet any summary information */ 318 fs->fs_si = NULL; 319 return (0); 320 } 321 322 /* 323 * Verify the filesystem values. 324 */ 325 #define ILOG2(num) (fls(num) - 1) 326 #ifdef STANDALONE_SMALL 327 #define MPRINT(...) do { } while (0) 328 #else 329 #define MPRINT(...) if (prtmsg) printf(__VA_ARGS__) 330 #endif 331 #define FCHK(lhs, op, rhs, fmt) \ 332 if (lhs op rhs) { \ 333 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 334 #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, \ 335 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs); \ 336 if (error < 0) \ 337 return (ENOENT); \ 338 if (error == 0) \ 339 error = ENOENT; \ 340 } 341 #define WCHK(lhs, op, rhs, fmt) \ 342 if (lhs op rhs) { \ 343 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 344 #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\ 345 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\ 346 if (error == 0) \ 347 error = warnerr; \ 348 } 349 #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 350 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 351 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 352 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n", \ 353 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 354 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 355 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2); \ 356 if (error < 0) \ 357 return (ENOENT); \ 358 if (error == 0) \ 359 error = ENOENT; \ 360 } 361 #define WCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 362 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 363 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 364 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")%s\n", \ 365 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 366 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 367 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2, wmsg); \ 368 if (error == 0) \ 369 error = warnerr; \ 370 } 371 372 static int 373 validate_sblock(struct fs *fs, int flags) 374 { 375 u_long i, sectorsize; 376 u_int64_t maxfilesize, sizepb; 377 int error, prtmsg, warnerr; 378 char *wmsg; 379 380 error = 0; 381 sectorsize = dbtob(1); 382 prtmsg = ((flags & UFS_NOMSG) == 0); 383 warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT; 384 wmsg = warnerr ? "" : " (Ignored)"; 385 /* 386 * If just validating for recovery, then do just the minimal 387 * checks needed for the superblock fields needed to find 388 * alternate superblocks. 389 */ 390 if ((flags & UFS_FSRONLY) == UFS_FSRONLY && 391 (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) { 392 error = -1; /* fail on first error */ 393 if (fs->fs_magic == FS_UFS2_MAGIC) { 394 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 395 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 396 FCHK(fs->fs_sblockloc, <, 0, %jd); 397 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 398 } 399 FCHK(fs->fs_frag, <, 1, %jd); 400 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 401 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 402 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 403 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), 404 %jd); 405 FCHK(fs->fs_fsize, <, sectorsize, %jd); 406 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 407 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 408 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 409 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 410 FCHK(fs->fs_sbsize % dbtob(1), !=, 0, %jd); 411 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 412 FCHK(fs->fs_ncg, <, 1, %jd); 413 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 414 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 415 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 416 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, 417 %jd); 418 FCHK(fs->fs_sblkno, !=, roundup( 419 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 420 fs->fs_frag), %jd); 421 return (error); 422 } 423 if (fs->fs_magic == FS_UFS2_MAGIC) { 424 if ((flags & UFS_ALTSBLK) == 0) 425 FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, 426 fs->fs_sblockactualloc, !=, 0, %jd); 427 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 428 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 429 sizeof(ufs2_daddr_t)), %jd); 430 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), 431 %jd); 432 FCHK(fs->fs_inopb, !=, 433 fs->fs_bsize / sizeof(struct ufs2_dinode), %jd); 434 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 435 if ((flags & UFS_ALTSBLK) == 0) 436 FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); 437 FCHK(fs->fs_sblockloc, <, 0, %jd); 438 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 439 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), 440 %jd); 441 FCHK(fs->fs_inopb, !=, 442 fs->fs_bsize / sizeof(struct ufs1_dinode), %jd); 443 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 444 sizeof(ufs1_daddr_t)), %jd); 445 WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); 446 WCHK(fs->fs_old_rotdelay, !=, 0, %jd); 447 WCHK(fs->fs_old_rps, !=, 60, %jd); 448 WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); 449 FCHK(fs->fs_old_cpg, !=, 1, %jd); 450 WCHK(fs->fs_old_interleave, !=, 1, %jd); 451 WCHK(fs->fs_old_trackskew, !=, 0, %jd); 452 WCHK(fs->fs_old_cpc, !=, 0, %jd); 453 WCHK(fs->fs_old_postblformat, !=, 1, %jd); 454 FCHK(fs->fs_old_nrpos, !=, 1, %jd); 455 WCHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd); 456 WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); 457 WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); 458 FCHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd); 459 } else { 460 /* Bad magic number, so assume not a superblock */ 461 return (ENOENT); 462 } 463 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 464 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 465 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); 466 FCHK(powerof2(fs->fs_bsize), ==, 0, %jd); 467 FCHK(fs->fs_frag, <, 1, %jd); 468 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 469 FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); 470 FCHK(fs->fs_fsize, <, sectorsize, %jd); 471 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 472 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 473 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 474 FCHK(fs->fs_ncg, <, 1, %jd); 475 FCHK(fs->fs_ipg, <, fs->fs_inopb, %jd); 476 FCHK((u_int64_t)fs->fs_ipg * fs->fs_ncg, >, 477 (((int64_t)(1)) << 32) - INOPB(fs), %jd); 478 FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd); 479 FCHK(fs->fs_cstotal.cs_nifree, >, (u_int64_t)fs->fs_ipg * fs->fs_ncg, 480 %jd); 481 FCHK(fs->fs_cstotal.cs_ndir, <, 0, %jd); 482 FCHK(fs->fs_cstotal.cs_ndir, >, 483 ((u_int64_t)fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree, 484 %jd); 485 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 486 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 487 FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); 488 FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); 489 FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); 490 FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); 491 FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); 492 FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); 493 FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); 494 FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); 495 FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); 496 FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); 497 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 498 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 499 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 500 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); 501 /* 502 * If anything has failed up to this point, it is usafe to proceed 503 * as checks below may divide by zero or make other fatal calculations. 504 * So if we have any errors at this point, give up. 505 */ 506 if (error) 507 return (error); 508 FCHK(fs->fs_sbsize % dbtob(1), !=, 0, %jd); 509 FCHK(fs->fs_ipg % fs->fs_inopb, !=, 0, %jd); 510 FCHK(fs->fs_sblkno, !=, roundup( 511 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 512 fs->fs_frag), %jd); 513 FCHK(fs->fs_cblkno, !=, fs->fs_sblkno + 514 roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); 515 FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); 516 FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); 517 FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); 518 FCHK(fs->fs_cgsize, <, fs->fs_fsize, %jd); 519 FCHK(fs->fs_cgsize % fs->fs_fsize, !=, 0, %jd); 520 /* 521 * This test is valid, however older versions of growfs failed 522 * to correctly update fs_dsize so will fail this test. Thus we 523 * exclude it from the requirements. 524 */ 525 #ifdef notdef 526 WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - 527 fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) - 528 howmany(fs->fs_cssize, fs->fs_fsize), %jd); 529 #endif 530 WCHK(fs->fs_metaspace, <, 0, %jd); 531 WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); 532 WCHK(fs->fs_minfree, >, 99, %jd%%); 533 maxfilesize = fs->fs_bsize * UFS_NDADDR - 1; 534 for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) { 535 sizepb *= NINDIR(fs); 536 maxfilesize += sizepb; 537 } 538 WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); 539 /* 540 * These values have a tight interaction with each other that 541 * makes it hard to tightly bound them. So we can only check 542 * that they are within a broader possible range. 543 * 544 * The size cannot always be accurately determined, but ensure 545 * that it is consistent with the number of cylinder groups (fs_ncg) 546 * and the number of fragments per cylinder group (fs_fpg). Ensure 547 * that the summary information size is correct and that it starts 548 * and ends in the data area of the same cylinder group. 549 */ 550 FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); 551 FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg, %jd); 552 FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd); 553 /* 554 * If we are not requested to read in the csum data stop here 555 * as the correctness of the remaining values is only important 556 * to bound the space needed to be allocated to hold the csum data. 557 */ 558 if ((flags & UFS_NOCSUM) != 0) 559 return (error); 560 FCHK(fs->fs_csaddr, <, 0, %jd); 561 FCHK(fs->fs_cssize, !=, 562 fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); 563 FCHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd); 564 FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); 565 FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, 566 dtog(fs, fs->fs_csaddr), %jd); 567 /* 568 * With file system clustering it is possible to allocate 569 * many contiguous blocks. The kernel variable maxphys defines 570 * the maximum transfer size permitted by the controller and/or 571 * buffering. The fs_maxcontig parameter controls the maximum 572 * number of blocks that the filesystem will read or write 573 * in a single transfer. It is calculated when the filesystem 574 * is created as maxphys / fs_bsize. The loader uses a maxphys 575 * of 128K even when running on a system that supports larger 576 * values. If the filesystem was built on a system that supports 577 * a larger maxphys (1M is typical) it will have configured 578 * fs_maxcontig for that larger system. So we bound the upper 579 * allowable limit for fs_maxconfig to be able to at least 580 * work with a 1M maxphys on the smallest block size filesystem: 581 * 1M / 4096 == 256. There is no harm in allowing the mounting of 582 * filesystems that make larger than maxphys I/O requests because 583 * those (mostly 32-bit machines) can (very slowly) handle I/O 584 * requests that exceed maxphys. 585 */ 586 WCHK(fs->fs_maxcontig, <, 0, %jd); 587 WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); 588 FCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); 589 FCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, 590 MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd); 591 return (error); 592 } 593 594 /* 595 * Make an extensive search to find a superblock. If the superblock 596 * in the standard place cannot be used, try looking for one of the 597 * backup superblocks. 598 * 599 * Flags are made up of the following or'ed together options: 600 * 601 * UFS_NOMSG indicates that superblock inconsistency error messages 602 * should not be printed. 603 * 604 * UFS_NOCSUM causes only the superblock itself to be returned, but does 605 * not read in any auxillary data structures like the cylinder group 606 * summary information. 607 */ 608 int 609 ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags, 610 struct malloc_type *filltype, 611 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 612 { 613 struct fsrecovery *fsr; 614 struct fs *protofs; 615 void *fsrbuf; 616 char *cp; 617 long nocsum, flags, msg, cg; 618 off_t sblk, secsize; 619 int error; 620 621 msg = (reqflags & UFS_NOMSG) == 0; 622 nocsum = reqflags & UFS_NOCSUM; 623 /* 624 * Try normal superblock read and return it if it works. 625 * 626 * Suppress messages if it fails until we find out if 627 * failure can be avoided. 628 */ 629 flags = UFS_NOMSG | nocsum; 630 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 631 return (0); 632 /* 633 * First try: ignoring hash failures. 634 */ 635 flags |= UFS_NOHASHFAIL; 636 if (msg) 637 flags &= ~UFS_NOMSG; 638 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 639 return (0); 640 /* 641 * Next up is to check if fields of the superblock that are 642 * needed to find backup superblocks are usable. 643 */ 644 if (msg) 645 printf("Attempted recovery for standard superblock: failed\n"); 646 flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOMSG; 647 if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype, 648 readfunc) == 0) { 649 if (msg) 650 printf("Attempt extraction of recovery data from " 651 "standard superblock.\n"); 652 } else { 653 /* 654 * Final desperation is to see if alternate superblock 655 * parameters have been saved in the boot area. 656 */ 657 if (msg) 658 printf("Attempted extraction of recovery data from " 659 "standard superblock: failed\nAttempt to find " 660 "boot zone recovery data.\n"); 661 /* 662 * Look to see if recovery information has been saved. 663 * If so we can generate a prototype superblock based 664 * on that information. 665 * 666 * We need fragments-per-group, number of cylinder groups, 667 * location of the superblock within the cylinder group, and 668 * the conversion from filesystem fragments to disk blocks. 669 * 670 * When building a UFS2 filesystem, newfs(8) stores these 671 * details at the end of the boot block area at the start 672 * of the filesystem partition. If they have been overwritten 673 * by a boot block, we fail. But usually they are there 674 * and we can use them. 675 * 676 * We could ask the underlying device for its sector size, 677 * but some devices lie. So we just try a plausible range. 678 */ 679 error = ENOENT; 680 for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2) 681 if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize), 682 &fsrbuf, secsize)) == 0) 683 break; 684 if (error != 0) 685 goto trynowarn; 686 cp = fsrbuf; /* type change to keep compiler happy */ 687 fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr]; 688 if (fsr->fsr_magic != FS_UFS2_MAGIC || 689 (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT)) 690 == NULL) { 691 UFS_FREE(fsrbuf, filltype); 692 goto trynowarn; 693 } 694 memset(protofs, 0, sizeof(struct fs)); 695 protofs->fs_fpg = fsr->fsr_fpg; 696 protofs->fs_fsbtodb = fsr->fsr_fsbtodb; 697 protofs->fs_sblkno = fsr->fsr_sblkno; 698 protofs->fs_magic = fsr->fsr_magic; 699 protofs->fs_ncg = fsr->fsr_ncg; 700 UFS_FREE(fsrbuf, filltype); 701 } 702 /* 703 * Scan looking for alternative superblocks. 704 */ 705 flags = nocsum; 706 if (!msg) 707 flags |= UFS_NOMSG; 708 for (cg = 0; cg < protofs->fs_ncg; cg++) { 709 sblk = fsbtodb(protofs, cgsblock(protofs, cg)); 710 if (msg) 711 printf("Try cg %ld at sblock loc %jd\n", cg, 712 (intmax_t)sblk); 713 if (ffs_sbget(devfd, fsp, dbtob(sblk), flags, filltype, 714 readfunc) == 0) { 715 if (msg) 716 printf("Succeeded with alternate superblock " 717 "at %jd\n", (intmax_t)sblk); 718 UFS_FREE(protofs, filltype); 719 return (0); 720 } 721 } 722 UFS_FREE(protofs, filltype); 723 /* 724 * Our alternate superblock strategies failed. Our last ditch effort 725 * is to see if the standard superblock has only non-critical errors. 726 */ 727 trynowarn: 728 flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum; 729 if (msg) { 730 printf("Finding an alternate superblock failed.\nCheck for " 731 "only non-critical errors in standard superblock\n"); 732 flags &= ~UFS_NOMSG; 733 } 734 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0) { 735 if (msg) 736 printf("Failed, superblock has critical errors\n"); 737 return (ENOENT); 738 } 739 if (msg) 740 printf("Success, using standard superblock with " 741 "non-critical errors.\n"); 742 return (0); 743 } 744 745 /* 746 * Write a superblock to the devfd device from the memory pointed to by fs. 747 * Write out the superblock summary information if it is present. 748 * 749 * If the write is successful, zero is returned. Otherwise one of the 750 * following error values is returned: 751 * EIO: failed to write superblock. 752 * EIO: failed to write superblock summary information. 753 */ 754 int 755 ffs_sbput(void *devfd, struct fs *fs, off_t loc, 756 int (*writefunc)(void *devfd, off_t loc, void *buf, int size)) 757 { 758 int i, error, blks, size; 759 uint8_t *space; 760 761 /* 762 * If there is summary information, write it first, so if there 763 * is an error, the superblock will not be marked as clean. 764 */ 765 if (fs->fs_si != NULL && fs->fs_csp != NULL) { 766 blks = howmany(fs->fs_cssize, fs->fs_fsize); 767 space = (uint8_t *)fs->fs_csp; 768 for (i = 0; i < blks; i += fs->fs_frag) { 769 size = fs->fs_bsize; 770 if (i + fs->fs_frag > blks) 771 size = (blks - i) * fs->fs_fsize; 772 if ((error = (*writefunc)(devfd, 773 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), 774 space, size)) != 0) 775 return (error); 776 space += size; 777 } 778 } 779 fs->fs_fmod = 0; 780 #ifndef _KERNEL 781 { 782 struct fs_summary_info *fs_si; 783 784 fs->fs_time = time(NULL); 785 /* Clear the pointers for the duration of writing. */ 786 fs_si = fs->fs_si; 787 fs->fs_si = NULL; 788 fs->fs_ckhash = ffs_calc_sbhash(fs); 789 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 790 fs->fs_si = fs_si; 791 } 792 #else /* _KERNEL */ 793 fs->fs_time = time_second; 794 fs->fs_ckhash = ffs_calc_sbhash(fs); 795 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 796 #endif /* _KERNEL */ 797 return (error); 798 } 799 800 /* 801 * Calculate the check-hash for a superblock. 802 */ 803 uint32_t 804 ffs_calc_sbhash(struct fs *fs) 805 { 806 uint32_t ckhash, save_ckhash; 807 808 /* 809 * A filesystem that was using a superblock ckhash may be moved 810 * to an older kernel that does not support ckhashes. The 811 * older kernel will clear the FS_METACKHASH flag indicating 812 * that it does not update hashes. When the disk is moved back 813 * to a kernel capable of ckhashes it disables them on mount: 814 * 815 * if ((fs->fs_flags & FS_METACKHASH) == 0) 816 * fs->fs_metackhash = 0; 817 * 818 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an 819 * old stale value in the fs->fs_ckhash field. Thus the need to 820 * just accept what is there. 821 */ 822 if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0) 823 return (fs->fs_ckhash); 824 825 save_ckhash = fs->fs_ckhash; 826 fs->fs_ckhash = 0; 827 /* 828 * If newly read from disk, the caller is responsible for 829 * verifying that fs->fs_sbsize <= SBLOCKSIZE. 830 */ 831 ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize); 832 fs->fs_ckhash = save_ckhash; 833 return (ckhash); 834 } 835 836 /* 837 * Update the frsum fields to reflect addition or deletion 838 * of some frags. 839 */ 840 void 841 ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt) 842 { 843 int inblk; 844 int field, subfield; 845 int siz, pos; 846 847 inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1; 848 fragmap <<= 1; 849 for (siz = 1; siz < fs->fs_frag; siz++) { 850 if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0) 851 continue; 852 field = around[siz]; 853 subfield = inside[siz]; 854 for (pos = siz; pos <= fs->fs_frag; pos++) { 855 if ((fragmap & field) == subfield) { 856 fraglist[siz] += cnt; 857 pos += siz; 858 field <<= siz; 859 subfield <<= siz; 860 } 861 field <<= 1; 862 subfield <<= 1; 863 } 864 } 865 } 866 867 /* 868 * block operations 869 * 870 * check if a block is available 871 */ 872 int 873 ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 874 { 875 unsigned char mask; 876 877 switch ((int)fs->fs_frag) { 878 case 8: 879 return (cp[h] == 0xff); 880 case 4: 881 mask = 0x0f << ((h & 0x1) << 2); 882 return ((cp[h >> 1] & mask) == mask); 883 case 2: 884 mask = 0x03 << ((h & 0x3) << 1); 885 return ((cp[h >> 2] & mask) == mask); 886 case 1: 887 mask = 0x01 << (h & 0x7); 888 return ((cp[h >> 3] & mask) == mask); 889 default: 890 #ifdef _KERNEL 891 panic("ffs_isblock"); 892 #endif 893 break; 894 } 895 return (0); 896 } 897 898 /* 899 * check if a block is free 900 */ 901 int 902 ffs_isfreeblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 903 { 904 905 switch ((int)fs->fs_frag) { 906 case 8: 907 return (cp[h] == 0); 908 case 4: 909 return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0); 910 case 2: 911 return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0); 912 case 1: 913 return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0); 914 default: 915 #ifdef _KERNEL 916 panic("ffs_isfreeblock"); 917 #endif 918 break; 919 } 920 return (0); 921 } 922 923 /* 924 * take a block out of the map 925 */ 926 void 927 ffs_clrblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 928 { 929 930 switch ((int)fs->fs_frag) { 931 case 8: 932 cp[h] = 0; 933 return; 934 case 4: 935 cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2)); 936 return; 937 case 2: 938 cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1)); 939 return; 940 case 1: 941 cp[h >> 3] &= ~(0x01 << (h & 0x7)); 942 return; 943 default: 944 #ifdef _KERNEL 945 panic("ffs_clrblock"); 946 #endif 947 break; 948 } 949 } 950 951 /* 952 * put a block into the map 953 */ 954 void 955 ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 956 { 957 958 switch ((int)fs->fs_frag) { 959 case 8: 960 cp[h] = 0xff; 961 return; 962 case 4: 963 cp[h >> 1] |= (0x0f << ((h & 0x1) << 2)); 964 return; 965 case 2: 966 cp[h >> 2] |= (0x03 << ((h & 0x3) << 1)); 967 return; 968 case 1: 969 cp[h >> 3] |= (0x01 << (h & 0x7)); 970 return; 971 default: 972 #ifdef _KERNEL 973 panic("ffs_setblock"); 974 #endif 975 break; 976 } 977 } 978 979 /* 980 * Update the cluster map because of an allocation or free. 981 * 982 * Cnt == 1 means free; cnt == -1 means allocating. 983 */ 984 void 985 ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt) 986 { 987 int32_t *sump; 988 int32_t *lp; 989 u_char *freemapp, *mapp; 990 int i, start, end, forw, back, map; 991 u_int bit; 992 993 if (fs->fs_contigsumsize <= 0) 994 return; 995 freemapp = cg_clustersfree(cgp); 996 sump = cg_clustersum(cgp); 997 /* 998 * Allocate or clear the actual block. 999 */ 1000 if (cnt > 0) 1001 setbit(freemapp, blkno); 1002 else 1003 clrbit(freemapp, blkno); 1004 /* 1005 * Find the size of the cluster going forward. 1006 */ 1007 start = blkno + 1; 1008 end = start + fs->fs_contigsumsize; 1009 if (end >= cgp->cg_nclusterblks) 1010 end = cgp->cg_nclusterblks; 1011 mapp = &freemapp[start / NBBY]; 1012 map = *mapp++; 1013 bit = 1U << (start % NBBY); 1014 for (i = start; i < end; i++) { 1015 if ((map & bit) == 0) 1016 break; 1017 if ((i & (NBBY - 1)) != (NBBY - 1)) { 1018 bit <<= 1; 1019 } else { 1020 map = *mapp++; 1021 bit = 1; 1022 } 1023 } 1024 forw = i - start; 1025 /* 1026 * Find the size of the cluster going backward. 1027 */ 1028 start = blkno - 1; 1029 end = start - fs->fs_contigsumsize; 1030 if (end < 0) 1031 end = -1; 1032 mapp = &freemapp[start / NBBY]; 1033 map = *mapp--; 1034 bit = 1U << (start % NBBY); 1035 for (i = start; i > end; i--) { 1036 if ((map & bit) == 0) 1037 break; 1038 if ((i & (NBBY - 1)) != 0) { 1039 bit >>= 1; 1040 } else { 1041 map = *mapp--; 1042 bit = 1U << (NBBY - 1); 1043 } 1044 } 1045 back = start - i; 1046 /* 1047 * Account for old cluster and the possibly new forward and 1048 * back clusters. 1049 */ 1050 i = back + forw + 1; 1051 if (i > fs->fs_contigsumsize) 1052 i = fs->fs_contigsumsize; 1053 sump[i] += cnt; 1054 if (back > 0) 1055 sump[back] -= cnt; 1056 if (forw > 0) 1057 sump[forw] -= cnt; 1058 /* 1059 * Update cluster summary information. 1060 */ 1061 lp = &sump[fs->fs_contigsumsize]; 1062 for (i = fs->fs_contigsumsize; i > 0; i--) 1063 if (*lp-- > 0) 1064 break; 1065 fs->fs_maxcluster[cgp->cg_cgx] = i; 1066 } 1067