1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/param.h> 33 #include <sys/endian.h> 34 #include <sys/limits.h> 35 36 #ifndef _KERNEL 37 #include <stdio.h> 38 #include <string.h> 39 #include <stdlib.h> 40 #include <time.h> 41 #include <sys/errno.h> 42 #include <ufs/ufs/dinode.h> 43 #include <ufs/ffs/fs.h> 44 45 uint32_t calculate_crc32c(uint32_t, const void *, size_t); 46 uint32_t ffs_calc_sbhash(struct fs *); 47 struct malloc_type; 48 #define UFS_MALLOC(size, type, flags) malloc(size) 49 #define UFS_FREE(ptr, type) free(ptr) 50 #define maxphys MAXPHYS 51 52 #else /* _KERNEL */ 53 #include <sys/systm.h> 54 #include <sys/gsb_crc32.h> 55 #include <sys/lock.h> 56 #include <sys/malloc.h> 57 #include <sys/mount.h> 58 #include <sys/vnode.h> 59 #include <sys/bio.h> 60 #include <sys/buf.h> 61 #include <sys/ucred.h> 62 63 #include <ufs/ufs/quota.h> 64 #include <ufs/ufs/inode.h> 65 #include <ufs/ufs/extattr.h> 66 #include <ufs/ufs/ufsmount.h> 67 #include <ufs/ufs/ufs_extern.h> 68 #include <ufs/ffs/ffs_extern.h> 69 #include <ufs/ffs/fs.h> 70 71 #define UFS_MALLOC(size, type, flags) malloc(size, type, flags) 72 #define UFS_FREE(ptr, type) free(ptr, type) 73 74 #endif /* _KERNEL */ 75 76 /* 77 * Verify an inode check-hash. 78 */ 79 int 80 ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 81 { 82 uint32_t ckhash, save_ckhash; 83 84 /* 85 * Return success if unallocated or we are not doing inode check-hash. 86 */ 87 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 88 return (0); 89 /* 90 * Exclude di_ckhash from the crc32 calculation, e.g., always use 91 * a check-hash value of zero when calculating the check-hash. 92 */ 93 save_ckhash = dip->di_ckhash; 94 dip->di_ckhash = 0; 95 ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 96 dip->di_ckhash = save_ckhash; 97 if (save_ckhash == ckhash) 98 return (0); 99 return (EINVAL); 100 } 101 102 /* 103 * Update an inode check-hash. 104 */ 105 void 106 ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 107 { 108 109 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 110 return; 111 /* 112 * Exclude old di_ckhash from the crc32 calculation, e.g., always use 113 * a check-hash value of zero when calculating the new check-hash. 114 */ 115 dip->di_ckhash = 0; 116 dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 117 } 118 119 /* 120 * These are the low-level functions that actually read and write 121 * the superblock and its associated data. 122 */ 123 static off_t sblock_try[] = SBLOCKSEARCH; 124 static int readsuper(void *, struct fs **, off_t, int, 125 int (*)(void *, off_t, void **, int)); 126 static int validate_sblock(struct fs *, int); 127 128 /* 129 * Read a superblock from the devfd device. 130 * 131 * If an alternate superblock is specified, it is read. Otherwise the 132 * set of locations given in the SBLOCKSEARCH list is searched for a 133 * superblock. Memory is allocated for the superblock by the readfunc and 134 * is returned. If filltype is non-NULL, additional memory is allocated 135 * of type filltype and filled in with the superblock summary information. 136 * All memory is freed when any error is returned. 137 * 138 * If a superblock is found, zero is returned. Otherwise one of the 139 * following error values is returned: 140 * EIO: non-existent or truncated superblock. 141 * EIO: error reading summary information. 142 * ENOENT: no usable known superblock found. 143 * EILSEQ: filesystem with wrong byte order found. 144 * ENOMEM: failed to allocate space for the superblock. 145 * EINVAL: The previous newfs operation on this volume did not complete. 146 * The administrator must complete newfs before using this volume. 147 */ 148 int 149 ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags, 150 struct malloc_type *filltype, 151 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 152 { 153 struct fs *fs; 154 struct fs_summary_info *fs_si; 155 int i, error; 156 uint64_t size, blks; 157 uint8_t *space; 158 int32_t *lp; 159 char *buf; 160 161 fs = NULL; 162 *fsp = NULL; 163 if (sblock != UFS_STDSB) { 164 if ((error = readsuper(devfd, &fs, sblock, 165 flags | UFS_ALTSBLK, readfunc)) != 0) { 166 if (fs != NULL) 167 UFS_FREE(fs, filltype); 168 return (error); 169 } 170 } else { 171 for (i = 0; sblock_try[i] != -1; i++) { 172 if ((error = readsuper(devfd, &fs, sblock_try[i], 173 flags, readfunc)) == 0) { 174 if ((flags & UFS_NOCSUM) != 0) { 175 *fsp = fs; 176 return (0); 177 } 178 break; 179 } 180 if (fs != NULL) { 181 UFS_FREE(fs, filltype); 182 fs = NULL; 183 } 184 if (error == ENOENT) 185 continue; 186 return (error); 187 } 188 if (sblock_try[i] == -1) 189 return (ENOENT); 190 } 191 /* 192 * Read in the superblock summary information. 193 */ 194 size = fs->fs_cssize; 195 blks = howmany(size, fs->fs_fsize); 196 if (fs->fs_contigsumsize > 0) 197 size += fs->fs_ncg * sizeof(int32_t); 198 size += fs->fs_ncg * sizeof(uint8_t); 199 if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) { 200 UFS_FREE(fs, filltype); 201 return (ENOMEM); 202 } 203 bzero(fs_si, sizeof(*fs_si)); 204 fs->fs_si = fs_si; 205 if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) { 206 UFS_FREE(fs->fs_si, filltype); 207 UFS_FREE(fs, filltype); 208 return (ENOMEM); 209 } 210 fs->fs_csp = (struct csum *)space; 211 for (i = 0; i < blks; i += fs->fs_frag) { 212 size = fs->fs_bsize; 213 if (i + fs->fs_frag > blks) 214 size = (blks - i) * fs->fs_fsize; 215 buf = NULL; 216 error = (*readfunc)(devfd, 217 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size); 218 if (error) { 219 if (buf != NULL) 220 UFS_FREE(buf, filltype); 221 UFS_FREE(fs->fs_csp, filltype); 222 UFS_FREE(fs->fs_si, filltype); 223 UFS_FREE(fs, filltype); 224 return (error); 225 } 226 memcpy(space, buf, size); 227 UFS_FREE(buf, filltype); 228 space += size; 229 } 230 if (fs->fs_contigsumsize > 0) { 231 fs->fs_maxcluster = lp = (int32_t *)space; 232 for (i = 0; i < fs->fs_ncg; i++) 233 *lp++ = fs->fs_contigsumsize; 234 space = (uint8_t *)lp; 235 } 236 size = fs->fs_ncg * sizeof(uint8_t); 237 fs->fs_contigdirs = (uint8_t *)space; 238 bzero(fs->fs_contigdirs, size); 239 *fsp = fs; 240 return (0); 241 } 242 243 /* 244 * Try to read a superblock from the location specified by sblockloc. 245 * Return zero on success or an errno on failure. 246 */ 247 static int 248 readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, 249 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 250 { 251 struct fs *fs; 252 int error, res; 253 uint32_t ckhash; 254 255 error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE); 256 if (error != 0) 257 return (error); 258 fs = *fsp; 259 if (fs->fs_magic == FS_BAD_MAGIC) 260 return (EINVAL); 261 /* 262 * For UFS1 with a 65536 block size, the first backup superblock 263 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2 264 * is the first location checked, the first backup is the superblock 265 * that will be accessed. Here we fail the lookup so that we can 266 * retry with the correct location for the UFS1 superblock. 267 */ 268 if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 && 269 fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2) 270 return (ENOENT); 271 if ((error = validate_sblock(fs, flags)) > 0) 272 return (error); 273 /* 274 * If the filesystem has been run on a kernel without 275 * metadata check hashes, disable them. 276 */ 277 if ((fs->fs_flags & FS_METACKHASH) == 0) 278 fs->fs_metackhash = 0; 279 /* 280 * Clear any check-hashes that are not maintained 281 * by this kernel. Also clear any unsupported flags. 282 */ 283 fs->fs_metackhash &= CK_SUPPORTED; 284 fs->fs_flags &= FS_SUPPORTED; 285 if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) { 286 if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) == 287 (UFS_NOMSG | UFS_NOHASHFAIL)) 288 return (0); 289 if ((flags & UFS_NOMSG) != 0) 290 return (EINTEGRITY); 291 #ifdef _KERNEL 292 res = uprintf("Superblock check-hash failed: recorded " 293 "check-hash 0x%x != computed check-hash 0x%x%s\n", 294 fs->fs_ckhash, ckhash, 295 (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : ""); 296 #else 297 res = 0; 298 #endif 299 /* 300 * Print check-hash failure if no controlling terminal 301 * in kernel or always if in user-mode (libufs). 302 */ 303 if (res == 0) 304 printf("Superblock check-hash failed: recorded " 305 "check-hash 0x%x != computed check-hash " 306 "0x%x%s\n", fs->fs_ckhash, ckhash, 307 (flags & UFS_NOHASHFAIL) ? " (Ignored)" : ""); 308 if ((flags & UFS_NOHASHFAIL) != 0) 309 return (0); 310 return (EINTEGRITY); 311 } 312 /* Have to set for old filesystems that predate this field */ 313 fs->fs_sblockactualloc = sblockloc; 314 /* Not yet any summary information */ 315 fs->fs_si = NULL; 316 return (0); 317 } 318 319 /* 320 * Verify the filesystem values. 321 */ 322 #define ILOG2(num) (fls(num) - 1) 323 #ifdef STANDALONE_SMALL 324 #define MPRINT(...) do { } while (0) 325 #else 326 #define MPRINT(...) if (prtmsg) printf(__VA_ARGS__) 327 #endif 328 #define FCHK(lhs, op, rhs, fmt) \ 329 if (lhs op rhs) { \ 330 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 331 #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, \ 332 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs); \ 333 if (error < 0) \ 334 return (ENOENT); \ 335 if (error == 0) \ 336 error = ENOENT; \ 337 } 338 #define WCHK(lhs, op, rhs, fmt) \ 339 if (lhs op rhs) { \ 340 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 341 #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\ 342 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\ 343 if (error == 0) \ 344 error = warnerr; \ 345 if (warnerr == 0) \ 346 lhs = rhs; \ 347 } 348 #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 349 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 350 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 351 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n", \ 352 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 353 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 354 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2); \ 355 if (error < 0) \ 356 return (ENOENT); \ 357 if (error == 0) \ 358 error = ENOENT; \ 359 } 360 361 static int 362 validate_sblock(struct fs *fs, int flags) 363 { 364 uint64_t i, sectorsize; 365 uint64_t maxfilesize, sizepb; 366 int error, prtmsg, warnerr; 367 char *wmsg; 368 369 error = 0; 370 sectorsize = dbtob(1); 371 prtmsg = ((flags & UFS_NOMSG) == 0); 372 warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT; 373 wmsg = warnerr ? "" : " (Ignored)"; 374 /* 375 * Check for endian mismatch between machine and filesystem. 376 */ 377 if (((fs->fs_magic != FS_UFS2_MAGIC) && 378 (bswap32(fs->fs_magic) == FS_UFS2_MAGIC)) || 379 ((fs->fs_magic != FS_UFS1_MAGIC) && 380 (bswap32(fs->fs_magic) == FS_UFS1_MAGIC))) { 381 MPRINT("UFS superblock failed due to endian mismatch " 382 "between machine and filesystem\n"); 383 return(EILSEQ); 384 } 385 /* 386 * If just validating for recovery, then do just the minimal 387 * checks needed for the superblock fields needed to find 388 * alternate superblocks. 389 */ 390 if ((flags & UFS_FSRONLY) == UFS_FSRONLY && 391 (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) { 392 error = -1; /* fail on first error */ 393 if (fs->fs_magic == FS_UFS2_MAGIC) { 394 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 395 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 396 FCHK(fs->fs_sblockloc, <, 0, %jd); 397 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 398 } 399 FCHK(fs->fs_frag, <, 1, %jd); 400 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 401 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 402 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 403 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), 404 %jd); 405 FCHK(fs->fs_fsize, <, sectorsize, %jd); 406 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 407 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 408 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 409 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 410 FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd); 411 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 412 FCHK(fs->fs_ncg, <, 1, %jd); 413 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 414 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 415 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 416 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, 417 %jd); 418 FCHK(fs->fs_sblkno, !=, roundup( 419 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 420 fs->fs_frag), %jd); 421 FCHK(CGSIZE(fs), >, fs->fs_bsize, %jd); 422 /* Only need to validate these if reading in csum data */ 423 if ((flags & UFS_NOCSUM) != 0) 424 return (error); 425 FCHK((uint64_t)fs->fs_ipg * fs->fs_ncg, >, 426 (((int64_t)(1)) << 32) - INOPB(fs), %jd); 427 FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd); 428 FCHK(fs->fs_cstotal.cs_nifree, >, 429 (uint64_t)fs->fs_ipg * fs->fs_ncg, %jd); 430 FCHK(fs->fs_cstotal.cs_ndir, >, 431 ((uint64_t)fs->fs_ipg * fs->fs_ncg) - 432 fs->fs_cstotal.cs_nifree, %jd); 433 FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); 434 FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg, 435 %jd); 436 FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd); 437 FCHK(fs->fs_csaddr, <, 0, %jd); 438 FCHK(fs->fs_cssize, !=, 439 fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); 440 FCHK(fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize), >, 441 fs->fs_size, %jd); 442 FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), 443 %jd); 444 FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, 445 fs->fs_fsize)), >, dtog(fs, fs->fs_csaddr), %jd); 446 return (error); 447 } 448 if (fs->fs_magic == FS_UFS2_MAGIC) { 449 if ((flags & UFS_ALTSBLK) == 0) 450 FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, 451 fs->fs_sblockactualloc, !=, 0, %jd); 452 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 453 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 454 sizeof(ufs2_daddr_t)), %jd); 455 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), 456 %jd); 457 FCHK(fs->fs_inopb, !=, 458 fs->fs_bsize / sizeof(struct ufs2_dinode), %jd); 459 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 460 if ((flags & UFS_ALTSBLK) == 0) 461 FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); 462 FCHK(fs->fs_sblockloc, <, 0, %jd); 463 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 464 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), 465 %jd); 466 FCHK(fs->fs_inopb, !=, 467 fs->fs_bsize / sizeof(struct ufs1_dinode), %jd); 468 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 469 sizeof(ufs1_daddr_t)), %jd); 470 WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); 471 WCHK(fs->fs_old_rotdelay, !=, 0, %jd); 472 WCHK(fs->fs_old_rps, !=, 60, %jd); 473 WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); 474 WCHK(fs->fs_old_interleave, !=, 1, %jd); 475 WCHK(fs->fs_old_trackskew, !=, 0, %jd); 476 WCHK(fs->fs_old_cpc, !=, 0, %jd); 477 WCHK(fs->fs_old_postblformat, !=, 1, %jd); 478 FCHK(fs->fs_old_nrpos, !=, 1, %jd); 479 WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); 480 WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); 481 } else { 482 /* Bad magic number, so assume not a superblock */ 483 return (ENOENT); 484 } 485 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 486 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 487 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); 488 FCHK(powerof2(fs->fs_bsize), ==, 0, %jd); 489 FCHK(fs->fs_frag, <, 1, %jd); 490 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 491 FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); 492 FCHK(fs->fs_fsize, <, sectorsize, %jd); 493 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 494 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 495 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 496 FCHK(fs->fs_ncg, <, 1, %jd); 497 FCHK(fs->fs_ipg, <, fs->fs_inopb, %jd); 498 FCHK((uint64_t)fs->fs_ipg * fs->fs_ncg, >, 499 (((int64_t)(1)) << 32) - INOPB(fs), %jd); 500 FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd); 501 FCHK(fs->fs_cstotal.cs_nifree, >, (uint64_t)fs->fs_ipg * fs->fs_ncg, 502 %jd); 503 FCHK(fs->fs_cstotal.cs_ndir, <, 0, %jd); 504 FCHK(fs->fs_cstotal.cs_ndir, >, 505 ((uint64_t)fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree, 506 %jd); 507 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 508 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 509 /* fix for misconfigured filesystems */ 510 if (fs->fs_maxbsize == 0) 511 fs->fs_maxbsize = fs->fs_bsize; 512 FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); 513 FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); 514 FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); 515 FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); 516 FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); 517 FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); 518 FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); 519 FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); 520 FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); 521 FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); 522 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 523 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 524 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 525 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); 526 FCHK(CGSIZE(fs), >, fs->fs_bsize, %jd); 527 /* 528 * If anything has failed up to this point, it is usafe to proceed 529 * as checks below may divide by zero or make other fatal calculations. 530 * So if we have any errors at this point, give up. 531 */ 532 if (error) 533 return (error); 534 FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd); 535 FCHK(fs->fs_ipg % fs->fs_inopb, !=, 0, %jd); 536 FCHK(fs->fs_sblkno, !=, roundup( 537 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 538 fs->fs_frag), %jd); 539 FCHK(fs->fs_cblkno, !=, fs->fs_sblkno + 540 roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); 541 FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); 542 FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); 543 FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); 544 FCHK(fs->fs_cgsize, <, fs->fs_fsize, %jd); 545 FCHK(fs->fs_cgsize % fs->fs_fsize, !=, 0, %jd); 546 /* 547 * This test is valid, however older versions of growfs failed 548 * to correctly update fs_dsize so will fail this test. Thus we 549 * exclude it from the requirements. 550 */ 551 #ifdef notdef 552 WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - 553 fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) - 554 howmany(fs->fs_cssize, fs->fs_fsize), %jd); 555 #endif 556 WCHK(fs->fs_metaspace, <, 0, %jd); 557 WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); 558 WCHK(fs->fs_minfree, >, 99, %jd%%); 559 maxfilesize = fs->fs_bsize * UFS_NDADDR - 1; 560 for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) { 561 sizepb *= NINDIR(fs); 562 maxfilesize += sizepb; 563 } 564 WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); 565 /* 566 * These values have a tight interaction with each other that 567 * makes it hard to tightly bound them. So we can only check 568 * that they are within a broader possible range. 569 * 570 * The size cannot always be accurately determined, but ensure 571 * that it is consistent with the number of cylinder groups (fs_ncg) 572 * and the number of fragments per cylinder group (fs_fpg). Ensure 573 * that the summary information size is correct and that it starts 574 * and ends in the data area of the same cylinder group. 575 */ 576 FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); 577 FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg, %jd); 578 FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd); 579 /* 580 * If we are not requested to read in the csum data stop here 581 * as the correctness of the remaining values is only important 582 * to bound the space needed to be allocated to hold the csum data. 583 */ 584 if ((flags & UFS_NOCSUM) != 0) 585 return (error); 586 FCHK(fs->fs_csaddr, <, 0, %jd); 587 FCHK(fs->fs_cssize, !=, 588 fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); 589 FCHK(fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize), >, 590 fs->fs_size, %jd); 591 FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); 592 FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, 593 dtog(fs, fs->fs_csaddr), %jd); 594 /* 595 * With file system clustering it is possible to allocate 596 * many contiguous blocks. The kernel variable maxphys defines 597 * the maximum transfer size permitted by the controller and/or 598 * buffering. The fs_maxcontig parameter controls the maximum 599 * number of blocks that the filesystem will read or write 600 * in a single transfer. It is calculated when the filesystem 601 * is created as maxphys / fs_bsize. The loader uses a maxphys 602 * of 128K even when running on a system that supports larger 603 * values. If the filesystem was built on a system that supports 604 * a larger maxphys (1M is typical) it will have configured 605 * fs_maxcontig for that larger system. So we bound the upper 606 * allowable limit for fs_maxconfig to be able to at least 607 * work with a 1M maxphys on the smallest block size filesystem: 608 * 1M / 4096 == 256. There is no harm in allowing the mounting of 609 * filesystems that make larger than maxphys I/O requests because 610 * those (mostly 32-bit machines) can (very slowly) handle I/O 611 * requests that exceed maxphys. 612 */ 613 WCHK(fs->fs_maxcontig, <, 0, %jd); 614 WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); 615 FCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); 616 FCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, 617 MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd); 618 return (error); 619 } 620 621 /* 622 * Make an extensive search to find a superblock. If the superblock 623 * in the standard place cannot be used, try looking for one of the 624 * backup superblocks. 625 * 626 * Flags are made up of the following or'ed together options: 627 * 628 * UFS_NOMSG indicates that superblock inconsistency error messages 629 * should not be printed. 630 * 631 * UFS_NOCSUM causes only the superblock itself to be returned, but does 632 * not read in any auxillary data structures like the cylinder group 633 * summary information. 634 */ 635 int 636 ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags, 637 struct malloc_type *filltype, 638 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 639 { 640 struct fsrecovery *fsr; 641 struct fs *protofs; 642 void *fsrbuf; 643 char *cp; 644 long nocsum, flags, msg, cg; 645 off_t sblk, secsize; 646 int error; 647 648 msg = (reqflags & UFS_NOMSG) == 0; 649 nocsum = reqflags & UFS_NOCSUM; 650 /* 651 * Try normal superblock read and return it if it works. 652 * 653 * Suppress messages if it fails until we find out if 654 * failure can be avoided. 655 */ 656 flags = UFS_NOMSG | nocsum; 657 error = ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc); 658 /* 659 * If successful or endian error, no need to try further. 660 */ 661 if (error == 0 || error == EILSEQ) { 662 if (msg && error == EILSEQ) 663 printf("UFS superblock failed due to endian mismatch " 664 "between machine and filesystem\n"); 665 return (error); 666 } 667 /* 668 * First try: ignoring hash failures. 669 */ 670 flags |= UFS_NOHASHFAIL; 671 if (msg) 672 flags &= ~UFS_NOMSG; 673 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 674 return (0); 675 /* 676 * Next up is to check if fields of the superblock that are 677 * needed to find backup superblocks are usable. 678 */ 679 if (msg) 680 printf("Attempted recovery for standard superblock: failed\n"); 681 flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOCSUM | UFS_NOMSG; 682 if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype, 683 readfunc) == 0) { 684 if (msg) 685 printf("Attempt extraction of recovery data from " 686 "standard superblock.\n"); 687 } else { 688 /* 689 * Final desperation is to see if alternate superblock 690 * parameters have been saved in the boot area. 691 */ 692 if (msg) 693 printf("Attempted extraction of recovery data from " 694 "standard superblock: failed\nAttempt to find " 695 "boot zone recovery data.\n"); 696 /* 697 * Look to see if recovery information has been saved. 698 * If so we can generate a prototype superblock based 699 * on that information. 700 * 701 * We need fragments-per-group, number of cylinder groups, 702 * location of the superblock within the cylinder group, and 703 * the conversion from filesystem fragments to disk blocks. 704 * 705 * When building a UFS2 filesystem, newfs(8) stores these 706 * details at the end of the boot block area at the start 707 * of the filesystem partition. If they have been overwritten 708 * by a boot block, we fail. But usually they are there 709 * and we can use them. 710 * 711 * We could ask the underlying device for its sector size, 712 * but some devices lie. So we just try a plausible range. 713 */ 714 error = ENOENT; 715 fsrbuf = NULL; 716 for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2) 717 if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize), 718 &fsrbuf, secsize)) == 0) 719 break; 720 if (error != 0) 721 goto trynowarn; 722 cp = fsrbuf; /* type change to keep compiler happy */ 723 fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr]; 724 if (fsr->fsr_magic != FS_UFS2_MAGIC || 725 (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT)) 726 == NULL) { 727 UFS_FREE(fsrbuf, filltype); 728 goto trynowarn; 729 } 730 memset(protofs, 0, sizeof(struct fs)); 731 protofs->fs_fpg = fsr->fsr_fpg; 732 protofs->fs_fsbtodb = fsr->fsr_fsbtodb; 733 protofs->fs_sblkno = fsr->fsr_sblkno; 734 protofs->fs_magic = fsr->fsr_magic; 735 protofs->fs_ncg = fsr->fsr_ncg; 736 UFS_FREE(fsrbuf, filltype); 737 } 738 /* 739 * Scan looking for alternative superblocks. 740 */ 741 flags = nocsum; 742 if (!msg) 743 flags |= UFS_NOMSG; 744 for (cg = 0; cg < protofs->fs_ncg; cg++) { 745 sblk = fsbtodb(protofs, cgsblock(protofs, cg)); 746 if (msg) 747 printf("Try cg %ld at sblock loc %jd\n", cg, 748 (intmax_t)sblk); 749 if (ffs_sbget(devfd, fsp, dbtob(sblk), flags, filltype, 750 readfunc) == 0) { 751 if (msg) 752 printf("Succeeded with alternate superblock " 753 "at %jd\n", (intmax_t)sblk); 754 UFS_FREE(protofs, filltype); 755 return (0); 756 } 757 } 758 UFS_FREE(protofs, filltype); 759 /* 760 * Our alternate superblock strategies failed. Our last ditch effort 761 * is to see if the standard superblock has only non-critical errors. 762 */ 763 trynowarn: 764 flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum; 765 if (msg) { 766 printf("Finding an alternate superblock failed.\nCheck for " 767 "only non-critical errors in standard superblock\n"); 768 flags &= ~UFS_NOMSG; 769 } 770 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0) { 771 if (msg) 772 printf("Failed, superblock has critical errors\n"); 773 return (ENOENT); 774 } 775 if (msg) 776 printf("Success, using standard superblock with " 777 "non-critical errors.\n"); 778 return (0); 779 } 780 781 /* 782 * Write a superblock to the devfd device from the memory pointed to by fs. 783 * Write out the superblock summary information if it is present. 784 * 785 * If the write is successful, zero is returned. Otherwise one of the 786 * following error values is returned: 787 * EIO: failed to write superblock. 788 * EIO: failed to write superblock summary information. 789 */ 790 int 791 ffs_sbput(void *devfd, struct fs *fs, off_t loc, 792 int (*writefunc)(void *devfd, off_t loc, void *buf, int size)) 793 { 794 int i, error, blks, size; 795 uint8_t *space; 796 797 /* 798 * If there is summary information, write it first, so if there 799 * is an error, the superblock will not be marked as clean. 800 */ 801 if (fs->fs_si != NULL && fs->fs_csp != NULL) { 802 blks = howmany(fs->fs_cssize, fs->fs_fsize); 803 space = (uint8_t *)fs->fs_csp; 804 for (i = 0; i < blks; i += fs->fs_frag) { 805 size = fs->fs_bsize; 806 if (i + fs->fs_frag > blks) 807 size = (blks - i) * fs->fs_fsize; 808 if ((error = (*writefunc)(devfd, 809 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), 810 space, size)) != 0) 811 return (error); 812 space += size; 813 } 814 } 815 fs->fs_fmod = 0; 816 #ifndef _KERNEL 817 { 818 struct fs_summary_info *fs_si; 819 820 fs->fs_time = time(NULL); 821 /* Clear the pointers for the duration of writing. */ 822 fs_si = fs->fs_si; 823 fs->fs_si = NULL; 824 fs->fs_ckhash = ffs_calc_sbhash(fs); 825 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 826 fs->fs_si = fs_si; 827 } 828 #else /* _KERNEL */ 829 fs->fs_time = time_second; 830 fs->fs_ckhash = ffs_calc_sbhash(fs); 831 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 832 #endif /* _KERNEL */ 833 return (error); 834 } 835 836 /* 837 * Calculate the check-hash for a superblock. 838 */ 839 uint32_t 840 ffs_calc_sbhash(struct fs *fs) 841 { 842 uint32_t ckhash, save_ckhash; 843 844 /* 845 * A filesystem that was using a superblock ckhash may be moved 846 * to an older kernel that does not support ckhashes. The 847 * older kernel will clear the FS_METACKHASH flag indicating 848 * that it does not update hashes. When the disk is moved back 849 * to a kernel capable of ckhashes it disables them on mount: 850 * 851 * if ((fs->fs_flags & FS_METACKHASH) == 0) 852 * fs->fs_metackhash = 0; 853 * 854 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an 855 * old stale value in the fs->fs_ckhash field. Thus the need to 856 * just accept what is there. 857 */ 858 if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0) 859 return (fs->fs_ckhash); 860 861 save_ckhash = fs->fs_ckhash; 862 fs->fs_ckhash = 0; 863 /* 864 * If newly read from disk, the caller is responsible for 865 * verifying that fs->fs_sbsize <= SBLOCKSIZE. 866 */ 867 ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize); 868 fs->fs_ckhash = save_ckhash; 869 return (ckhash); 870 } 871 872 /* 873 * Update the frsum fields to reflect addition or deletion 874 * of some frags. 875 */ 876 void 877 ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt) 878 { 879 int inblk; 880 int field, subfield; 881 int siz, pos; 882 883 inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1; 884 fragmap <<= 1; 885 for (siz = 1; siz < fs->fs_frag; siz++) { 886 if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0) 887 continue; 888 field = around[siz]; 889 subfield = inside[siz]; 890 for (pos = siz; pos <= fs->fs_frag; pos++) { 891 if ((fragmap & field) == subfield) { 892 fraglist[siz] += cnt; 893 pos += siz; 894 field <<= siz; 895 subfield <<= siz; 896 } 897 field <<= 1; 898 subfield <<= 1; 899 } 900 } 901 } 902 903 /* 904 * block operations 905 * 906 * check if a block is available 907 */ 908 int 909 ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 910 { 911 unsigned char mask; 912 913 switch ((int)fs->fs_frag) { 914 case 8: 915 return (cp[h] == 0xff); 916 case 4: 917 mask = 0x0f << ((h & 0x1) << 2); 918 return ((cp[h >> 1] & mask) == mask); 919 case 2: 920 mask = 0x03 << ((h & 0x3) << 1); 921 return ((cp[h >> 2] & mask) == mask); 922 case 1: 923 mask = 0x01 << (h & 0x7); 924 return ((cp[h >> 3] & mask) == mask); 925 default: 926 #ifdef _KERNEL 927 panic("ffs_isblock"); 928 #endif 929 break; 930 } 931 return (0); 932 } 933 934 /* 935 * check if a block is free 936 */ 937 int 938 ffs_isfreeblock(struct fs *fs, uint8_t *cp, ufs1_daddr_t h) 939 { 940 941 switch ((int)fs->fs_frag) { 942 case 8: 943 return (cp[h] == 0); 944 case 4: 945 return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0); 946 case 2: 947 return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0); 948 case 1: 949 return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0); 950 default: 951 #ifdef _KERNEL 952 panic("ffs_isfreeblock"); 953 #endif 954 break; 955 } 956 return (0); 957 } 958 959 /* 960 * take a block out of the map 961 */ 962 void 963 ffs_clrblock(struct fs *fs, uint8_t *cp, ufs1_daddr_t h) 964 { 965 966 switch ((int)fs->fs_frag) { 967 case 8: 968 cp[h] = 0; 969 return; 970 case 4: 971 cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2)); 972 return; 973 case 2: 974 cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1)); 975 return; 976 case 1: 977 cp[h >> 3] &= ~(0x01 << (h & 0x7)); 978 return; 979 default: 980 #ifdef _KERNEL 981 panic("ffs_clrblock"); 982 #endif 983 break; 984 } 985 } 986 987 /* 988 * put a block into the map 989 */ 990 void 991 ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 992 { 993 994 switch ((int)fs->fs_frag) { 995 case 8: 996 cp[h] = 0xff; 997 return; 998 case 4: 999 cp[h >> 1] |= (0x0f << ((h & 0x1) << 2)); 1000 return; 1001 case 2: 1002 cp[h >> 2] |= (0x03 << ((h & 0x3) << 1)); 1003 return; 1004 case 1: 1005 cp[h >> 3] |= (0x01 << (h & 0x7)); 1006 return; 1007 default: 1008 #ifdef _KERNEL 1009 panic("ffs_setblock"); 1010 #endif 1011 break; 1012 } 1013 } 1014 1015 /* 1016 * Update the cluster map because of an allocation or free. 1017 * 1018 * Cnt == 1 means free; cnt == -1 means allocating. 1019 */ 1020 void 1021 ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt) 1022 { 1023 int32_t *sump; 1024 int32_t *lp; 1025 uint8_t *freemapp, *mapp; 1026 int i, start, end, forw, back, map; 1027 uint64_t bit; 1028 1029 if (fs->fs_contigsumsize <= 0) 1030 return; 1031 freemapp = cg_clustersfree(cgp); 1032 sump = cg_clustersum(cgp); 1033 /* 1034 * Allocate or clear the actual block. 1035 */ 1036 if (cnt > 0) 1037 setbit(freemapp, blkno); 1038 else 1039 clrbit(freemapp, blkno); 1040 /* 1041 * Find the size of the cluster going forward. 1042 */ 1043 start = blkno + 1; 1044 end = start + fs->fs_contigsumsize; 1045 if (end >= cgp->cg_nclusterblks) 1046 end = cgp->cg_nclusterblks; 1047 mapp = &freemapp[start / NBBY]; 1048 map = *mapp++; 1049 bit = 1U << (start % NBBY); 1050 for (i = start; i < end; i++) { 1051 if ((map & bit) == 0) 1052 break; 1053 if ((i & (NBBY - 1)) != (NBBY - 1)) { 1054 bit <<= 1; 1055 } else { 1056 map = *mapp++; 1057 bit = 1; 1058 } 1059 } 1060 forw = i - start; 1061 /* 1062 * Find the size of the cluster going backward. 1063 */ 1064 start = blkno - 1; 1065 end = start - fs->fs_contigsumsize; 1066 if (end < 0) 1067 end = -1; 1068 mapp = &freemapp[start / NBBY]; 1069 map = *mapp--; 1070 bit = 1U << (start % NBBY); 1071 for (i = start; i > end; i--) { 1072 if ((map & bit) == 0) 1073 break; 1074 if ((i & (NBBY - 1)) != 0) { 1075 bit >>= 1; 1076 } else { 1077 map = *mapp--; 1078 bit = 1U << (NBBY - 1); 1079 } 1080 } 1081 back = start - i; 1082 /* 1083 * Account for old cluster and the possibly new forward and 1084 * back clusters. 1085 */ 1086 i = back + forw + 1; 1087 if (i > fs->fs_contigsumsize) 1088 i = fs->fs_contigsumsize; 1089 sump[i] += cnt; 1090 if (back > 0) 1091 sump[back] -= cnt; 1092 if (forw > 0) 1093 sump[forw] -= cnt; 1094 /* 1095 * Update cluster summary information. 1096 */ 1097 lp = &sump[fs->fs_contigsumsize]; 1098 for (i = fs->fs_contigsumsize; i > 0; i--) 1099 if (*lp-- > 0) 1100 break; 1101 fs->fs_maxcluster[cgp->cg_cgx] = i; 1102 } 1103