1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * @(#)ffs_subr.c 8.5 (Berkeley) 3/21/95 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/endian.h> 39 #include <sys/limits.h> 40 41 #ifndef _KERNEL 42 #include <stdio.h> 43 #include <string.h> 44 #include <stdlib.h> 45 #include <time.h> 46 #include <sys/errno.h> 47 #include <ufs/ufs/dinode.h> 48 #include <ufs/ffs/fs.h> 49 50 uint32_t calculate_crc32c(uint32_t, const void *, size_t); 51 uint32_t ffs_calc_sbhash(struct fs *); 52 struct malloc_type; 53 #define UFS_MALLOC(size, type, flags) malloc(size) 54 #define UFS_FREE(ptr, type) free(ptr) 55 #define maxphys MAXPHYS 56 57 #else /* _KERNEL */ 58 #include <sys/systm.h> 59 #include <sys/gsb_crc32.h> 60 #include <sys/lock.h> 61 #include <sys/malloc.h> 62 #include <sys/mount.h> 63 #include <sys/vnode.h> 64 #include <sys/bio.h> 65 #include <sys/buf.h> 66 #include <sys/ucred.h> 67 68 #include <ufs/ufs/quota.h> 69 #include <ufs/ufs/inode.h> 70 #include <ufs/ufs/extattr.h> 71 #include <ufs/ufs/ufsmount.h> 72 #include <ufs/ufs/ufs_extern.h> 73 #include <ufs/ffs/ffs_extern.h> 74 #include <ufs/ffs/fs.h> 75 76 #define UFS_MALLOC(size, type, flags) malloc(size, type, flags) 77 #define UFS_FREE(ptr, type) free(ptr, type) 78 79 #endif /* _KERNEL */ 80 81 /* 82 * Verify an inode check-hash. 83 */ 84 int 85 ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 86 { 87 uint32_t ckhash, save_ckhash; 88 89 /* 90 * Return success if unallocated or we are not doing inode check-hash. 91 */ 92 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 93 return (0); 94 /* 95 * Exclude di_ckhash from the crc32 calculation, e.g., always use 96 * a check-hash value of zero when calculating the check-hash. 97 */ 98 save_ckhash = dip->di_ckhash; 99 dip->di_ckhash = 0; 100 ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 101 dip->di_ckhash = save_ckhash; 102 if (save_ckhash == ckhash) 103 return (0); 104 return (EINVAL); 105 } 106 107 /* 108 * Update an inode check-hash. 109 */ 110 void 111 ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip) 112 { 113 114 if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0) 115 return; 116 /* 117 * Exclude old di_ckhash from the crc32 calculation, e.g., always use 118 * a check-hash value of zero when calculating the new check-hash. 119 */ 120 dip->di_ckhash = 0; 121 dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip)); 122 } 123 124 /* 125 * These are the low-level functions that actually read and write 126 * the superblock and its associated data. 127 */ 128 static off_t sblock_try[] = SBLOCKSEARCH; 129 static int readsuper(void *, struct fs **, off_t, int, 130 int (*)(void *, off_t, void **, int)); 131 static int validate_sblock(struct fs *, int); 132 133 /* 134 * Read a superblock from the devfd device. 135 * 136 * If an alternate superblock is specified, it is read. Otherwise the 137 * set of locations given in the SBLOCKSEARCH list is searched for a 138 * superblock. Memory is allocated for the superblock by the readfunc and 139 * is returned. If filltype is non-NULL, additional memory is allocated 140 * of type filltype and filled in with the superblock summary information. 141 * All memory is freed when any error is returned. 142 * 143 * If a superblock is found, zero is returned. Otherwise one of the 144 * following error values is returned: 145 * EIO: non-existent or truncated superblock. 146 * EIO: error reading summary information. 147 * ENOENT: no usable known superblock found. 148 * EILSEQ: filesystem with wrong byte order found. 149 * ENOMEM: failed to allocate space for the superblock. 150 * EINVAL: The previous newfs operation on this volume did not complete. 151 * The administrator must complete newfs before using this volume. 152 */ 153 int 154 ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags, 155 struct malloc_type *filltype, 156 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 157 { 158 struct fs *fs; 159 struct fs_summary_info *fs_si; 160 int i, error; 161 uint64_t size, blks; 162 uint8_t *space; 163 int32_t *lp; 164 char *buf; 165 166 fs = NULL; 167 *fsp = NULL; 168 if (sblock != UFS_STDSB) { 169 if ((error = readsuper(devfd, &fs, sblock, 170 flags | UFS_ALTSBLK, readfunc)) != 0) { 171 if (fs != NULL) 172 UFS_FREE(fs, filltype); 173 return (error); 174 } 175 } else { 176 for (i = 0; sblock_try[i] != -1; i++) { 177 if ((error = readsuper(devfd, &fs, sblock_try[i], 178 flags, readfunc)) == 0) { 179 if ((flags & UFS_NOCSUM) != 0) { 180 *fsp = fs; 181 return (0); 182 } 183 break; 184 } 185 if (fs != NULL) { 186 UFS_FREE(fs, filltype); 187 fs = NULL; 188 } 189 if (error == ENOENT) 190 continue; 191 return (error); 192 } 193 if (sblock_try[i] == -1) 194 return (ENOENT); 195 } 196 /* 197 * Read in the superblock summary information. 198 */ 199 size = fs->fs_cssize; 200 blks = howmany(size, fs->fs_fsize); 201 if (fs->fs_contigsumsize > 0) 202 size += fs->fs_ncg * sizeof(int32_t); 203 size += fs->fs_ncg * sizeof(u_int8_t); 204 if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) { 205 UFS_FREE(fs, filltype); 206 return (ENOMEM); 207 } 208 bzero(fs_si, sizeof(*fs_si)); 209 fs->fs_si = fs_si; 210 if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) { 211 UFS_FREE(fs->fs_si, filltype); 212 UFS_FREE(fs, filltype); 213 return (ENOMEM); 214 } 215 fs->fs_csp = (struct csum *)space; 216 for (i = 0; i < blks; i += fs->fs_frag) { 217 size = fs->fs_bsize; 218 if (i + fs->fs_frag > blks) 219 size = (blks - i) * fs->fs_fsize; 220 buf = NULL; 221 error = (*readfunc)(devfd, 222 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size); 223 if (error) { 224 if (buf != NULL) 225 UFS_FREE(buf, filltype); 226 UFS_FREE(fs->fs_csp, filltype); 227 UFS_FREE(fs->fs_si, filltype); 228 UFS_FREE(fs, filltype); 229 return (error); 230 } 231 memcpy(space, buf, size); 232 UFS_FREE(buf, filltype); 233 space += size; 234 } 235 if (fs->fs_contigsumsize > 0) { 236 fs->fs_maxcluster = lp = (int32_t *)space; 237 for (i = 0; i < fs->fs_ncg; i++) 238 *lp++ = fs->fs_contigsumsize; 239 space = (uint8_t *)lp; 240 } 241 size = fs->fs_ncg * sizeof(u_int8_t); 242 fs->fs_contigdirs = (u_int8_t *)space; 243 bzero(fs->fs_contigdirs, size); 244 *fsp = fs; 245 return (0); 246 } 247 248 /* 249 * Try to read a superblock from the location specified by sblockloc. 250 * Return zero on success or an errno on failure. 251 */ 252 static int 253 readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, 254 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 255 { 256 struct fs *fs; 257 int error, res; 258 uint32_t ckhash; 259 260 error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE); 261 if (error != 0) 262 return (error); 263 fs = *fsp; 264 if (fs->fs_magic == FS_BAD_MAGIC) 265 return (EINVAL); 266 /* 267 * For UFS1 with a 65536 block size, the first backup superblock 268 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2 269 * is the first location checked, the first backup is the superblock 270 * that will be accessed. Here we fail the lookup so that we can 271 * retry with the correct location for the UFS1 superblock. 272 */ 273 if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 && 274 fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2) 275 return (ENOENT); 276 if ((error = validate_sblock(fs, flags)) > 0) 277 return (error); 278 /* 279 * If the filesystem has been run on a kernel without 280 * metadata check hashes, disable them. 281 */ 282 if ((fs->fs_flags & FS_METACKHASH) == 0) 283 fs->fs_metackhash = 0; 284 /* 285 * Clear any check-hashes that are not maintained 286 * by this kernel. Also clear any unsupported flags. 287 */ 288 fs->fs_metackhash &= CK_SUPPORTED; 289 fs->fs_flags &= FS_SUPPORTED; 290 if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) { 291 if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) == 292 (UFS_NOMSG | UFS_NOHASHFAIL)) 293 return (0); 294 if ((flags & UFS_NOMSG) != 0) 295 return (EINTEGRITY); 296 #ifdef _KERNEL 297 res = uprintf("Superblock check-hash failed: recorded " 298 "check-hash 0x%x != computed check-hash 0x%x%s\n", 299 fs->fs_ckhash, ckhash, 300 (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : ""); 301 #else 302 res = 0; 303 #endif 304 /* 305 * Print check-hash failure if no controlling terminal 306 * in kernel or always if in user-mode (libufs). 307 */ 308 if (res == 0) 309 printf("Superblock check-hash failed: recorded " 310 "check-hash 0x%x != computed check-hash " 311 "0x%x%s\n", fs->fs_ckhash, ckhash, 312 (flags & UFS_NOHASHFAIL) ? " (Ignored)" : ""); 313 if ((flags & UFS_NOHASHFAIL) != 0) 314 return (0); 315 return (EINTEGRITY); 316 } 317 /* Have to set for old filesystems that predate this field */ 318 fs->fs_sblockactualloc = sblockloc; 319 /* Not yet any summary information */ 320 fs->fs_si = NULL; 321 return (0); 322 } 323 324 /* 325 * Verify the filesystem values. 326 */ 327 #define ILOG2(num) (fls(num) - 1) 328 #ifdef STANDALONE_SMALL 329 #define MPRINT(...) do { } while (0) 330 #else 331 #define MPRINT(...) if (prtmsg) printf(__VA_ARGS__) 332 #endif 333 #define FCHK(lhs, op, rhs, fmt) \ 334 if (lhs op rhs) { \ 335 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 336 #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, \ 337 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs); \ 338 if (error < 0) \ 339 return (ENOENT); \ 340 if (error == 0) \ 341 error = ENOENT; \ 342 } 343 #define WCHK(lhs, op, rhs, fmt) \ 344 if (lhs op rhs) { \ 345 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 346 #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\ 347 #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\ 348 if (error == 0) \ 349 error = warnerr; \ 350 } 351 #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 352 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 353 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 354 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n", \ 355 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 356 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 357 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2); \ 358 if (error < 0) \ 359 return (ENOENT); \ 360 if (error == 0) \ 361 error = ENOENT; \ 362 } 363 #define WCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ 364 if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ 365 MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ 366 #fmt ") && %s (" #fmt ") %s %s (" #fmt ")%s\n", \ 367 fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ 368 (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ 369 (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2, wmsg); \ 370 if (error == 0) \ 371 error = warnerr; \ 372 } 373 374 static int 375 validate_sblock(struct fs *fs, int flags) 376 { 377 u_long i, sectorsize; 378 u_int64_t maxfilesize, sizepb; 379 int error, prtmsg, warnerr; 380 char *wmsg; 381 382 error = 0; 383 sectorsize = dbtob(1); 384 prtmsg = ((flags & UFS_NOMSG) == 0); 385 warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT; 386 wmsg = warnerr ? "" : " (Ignored)"; 387 /* 388 * Check for endian mismatch between machine and filesystem. 389 */ 390 if (((fs->fs_magic != FS_UFS2_MAGIC) && 391 (bswap32(fs->fs_magic) == FS_UFS2_MAGIC)) || 392 ((fs->fs_magic != FS_UFS1_MAGIC) && 393 (bswap32(fs->fs_magic) == FS_UFS1_MAGIC))) { 394 MPRINT("UFS superblock failed due to endian mismatch " 395 "between machine and filesystem\n"); 396 return(EILSEQ); 397 } 398 /* 399 * If just validating for recovery, then do just the minimal 400 * checks needed for the superblock fields needed to find 401 * alternate superblocks. 402 */ 403 if ((flags & UFS_FSRONLY) == UFS_FSRONLY && 404 (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) { 405 error = -1; /* fail on first error */ 406 if (fs->fs_magic == FS_UFS2_MAGIC) { 407 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 408 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 409 FCHK(fs->fs_sblockloc, <, 0, %jd); 410 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 411 } 412 FCHK(fs->fs_frag, <, 1, %jd); 413 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 414 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 415 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 416 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), 417 %jd); 418 FCHK(fs->fs_fsize, <, sectorsize, %jd); 419 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 420 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 421 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 422 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 423 FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd); 424 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 425 FCHK(fs->fs_ncg, <, 1, %jd); 426 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 427 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 428 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 429 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, 430 %jd); 431 FCHK(fs->fs_sblkno, !=, roundup( 432 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 433 fs->fs_frag), %jd); 434 return (error); 435 } 436 if (fs->fs_magic == FS_UFS2_MAGIC) { 437 if ((flags & UFS_ALTSBLK) == 0) 438 FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, 439 fs->fs_sblockactualloc, !=, 0, %jd); 440 FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); 441 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 442 sizeof(ufs2_daddr_t)), %jd); 443 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), 444 %jd); 445 FCHK(fs->fs_inopb, !=, 446 fs->fs_bsize / sizeof(struct ufs2_dinode), %jd); 447 } else if (fs->fs_magic == FS_UFS1_MAGIC) { 448 if ((flags & UFS_ALTSBLK) == 0) 449 FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); 450 FCHK(fs->fs_sblockloc, <, 0, %jd); 451 FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); 452 FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), 453 %jd); 454 FCHK(fs->fs_inopb, !=, 455 fs->fs_bsize / sizeof(struct ufs1_dinode), %jd); 456 FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * 457 sizeof(ufs1_daddr_t)), %jd); 458 WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); 459 WCHK(fs->fs_old_rotdelay, !=, 0, %jd); 460 WCHK(fs->fs_old_rps, !=, 60, %jd); 461 WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); 462 FCHK(fs->fs_old_cpg, !=, 1, %jd); 463 WCHK(fs->fs_old_interleave, !=, 1, %jd); 464 WCHK(fs->fs_old_trackskew, !=, 0, %jd); 465 WCHK(fs->fs_old_cpc, !=, 0, %jd); 466 WCHK(fs->fs_old_postblformat, !=, 1, %jd); 467 FCHK(fs->fs_old_nrpos, !=, 1, %jd); 468 WCHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd); 469 WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); 470 WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); 471 FCHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd); 472 } else { 473 /* Bad magic number, so assume not a superblock */ 474 return (ENOENT); 475 } 476 FCHK(fs->fs_bsize, <, MINBSIZE, %jd); 477 FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); 478 FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); 479 FCHK(powerof2(fs->fs_bsize), ==, 0, %jd); 480 FCHK(fs->fs_frag, <, 1, %jd); 481 FCHK(fs->fs_frag, >, MAXFRAG, %jd); 482 FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); 483 FCHK(fs->fs_fsize, <, sectorsize, %jd); 484 FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); 485 FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); 486 FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); 487 FCHK(fs->fs_ncg, <, 1, %jd); 488 FCHK(fs->fs_ipg, <, fs->fs_inopb, %jd); 489 FCHK((u_int64_t)fs->fs_ipg * fs->fs_ncg, >, 490 (((int64_t)(1)) << 32) - INOPB(fs), %jd); 491 FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd); 492 FCHK(fs->fs_cstotal.cs_nifree, >, (u_int64_t)fs->fs_ipg * fs->fs_ncg, 493 %jd); 494 FCHK(fs->fs_cstotal.cs_ndir, <, 0, %jd); 495 FCHK(fs->fs_cstotal.cs_ndir, >, 496 ((u_int64_t)fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree, 497 %jd); 498 FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); 499 FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); 500 FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); 501 FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); 502 FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); 503 FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); 504 FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); 505 FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); 506 FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); 507 FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); 508 FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); 509 FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); 510 FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); 511 FCHK(fs->fs_old_cgoffset, <, 0, %jd); 512 FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); 513 FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); 514 /* 515 * If anything has failed up to this point, it is usafe to proceed 516 * as checks below may divide by zero or make other fatal calculations. 517 * So if we have any errors at this point, give up. 518 */ 519 if (error) 520 return (error); 521 FCHK(fs->fs_sbsize % sectorsize, !=, 0, %jd); 522 FCHK(fs->fs_ipg % fs->fs_inopb, !=, 0, %jd); 523 FCHK(fs->fs_sblkno, !=, roundup( 524 howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), 525 fs->fs_frag), %jd); 526 FCHK(fs->fs_cblkno, !=, fs->fs_sblkno + 527 roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); 528 FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); 529 FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); 530 FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); 531 FCHK(fs->fs_cgsize, <, fs->fs_fsize, %jd); 532 FCHK(fs->fs_cgsize % fs->fs_fsize, !=, 0, %jd); 533 /* 534 * This test is valid, however older versions of growfs failed 535 * to correctly update fs_dsize so will fail this test. Thus we 536 * exclude it from the requirements. 537 */ 538 #ifdef notdef 539 WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - 540 fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) - 541 howmany(fs->fs_cssize, fs->fs_fsize), %jd); 542 #endif 543 WCHK(fs->fs_metaspace, <, 0, %jd); 544 WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); 545 WCHK(fs->fs_minfree, >, 99, %jd%%); 546 maxfilesize = fs->fs_bsize * UFS_NDADDR - 1; 547 for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) { 548 sizepb *= NINDIR(fs); 549 maxfilesize += sizepb; 550 } 551 WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); 552 /* 553 * These values have a tight interaction with each other that 554 * makes it hard to tightly bound them. So we can only check 555 * that they are within a broader possible range. 556 * 557 * The size cannot always be accurately determined, but ensure 558 * that it is consistent with the number of cylinder groups (fs_ncg) 559 * and the number of fragments per cylinder group (fs_fpg). Ensure 560 * that the summary information size is correct and that it starts 561 * and ends in the data area of the same cylinder group. 562 */ 563 FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); 564 FCHK(fs->fs_size, <=, ((int64_t)fs->fs_ncg - 1) * fs->fs_fpg, %jd); 565 FCHK(fs->fs_size, >, (int64_t)fs->fs_ncg * fs->fs_fpg, %jd); 566 /* 567 * If we are not requested to read in the csum data stop here 568 * as the correctness of the remaining values is only important 569 * to bound the space needed to be allocated to hold the csum data. 570 */ 571 if ((flags & UFS_NOCSUM) != 0) 572 return (error); 573 FCHK(fs->fs_csaddr, <, 0, %jd); 574 FCHK(fs->fs_cssize, !=, 575 fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); 576 FCHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd); 577 FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); 578 FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, 579 dtog(fs, fs->fs_csaddr), %jd); 580 /* 581 * With file system clustering it is possible to allocate 582 * many contiguous blocks. The kernel variable maxphys defines 583 * the maximum transfer size permitted by the controller and/or 584 * buffering. The fs_maxcontig parameter controls the maximum 585 * number of blocks that the filesystem will read or write 586 * in a single transfer. It is calculated when the filesystem 587 * is created as maxphys / fs_bsize. The loader uses a maxphys 588 * of 128K even when running on a system that supports larger 589 * values. If the filesystem was built on a system that supports 590 * a larger maxphys (1M is typical) it will have configured 591 * fs_maxcontig for that larger system. So we bound the upper 592 * allowable limit for fs_maxconfig to be able to at least 593 * work with a 1M maxphys on the smallest block size filesystem: 594 * 1M / 4096 == 256. There is no harm in allowing the mounting of 595 * filesystems that make larger than maxphys I/O requests because 596 * those (mostly 32-bit machines) can (very slowly) handle I/O 597 * requests that exceed maxphys. 598 */ 599 WCHK(fs->fs_maxcontig, <, 0, %jd); 600 WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); 601 FCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); 602 FCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, 603 MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd); 604 return (error); 605 } 606 607 /* 608 * Make an extensive search to find a superblock. If the superblock 609 * in the standard place cannot be used, try looking for one of the 610 * backup superblocks. 611 * 612 * Flags are made up of the following or'ed together options: 613 * 614 * UFS_NOMSG indicates that superblock inconsistency error messages 615 * should not be printed. 616 * 617 * UFS_NOCSUM causes only the superblock itself to be returned, but does 618 * not read in any auxillary data structures like the cylinder group 619 * summary information. 620 */ 621 int 622 ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags, 623 struct malloc_type *filltype, 624 int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) 625 { 626 struct fsrecovery *fsr; 627 struct fs *protofs; 628 void *fsrbuf; 629 char *cp; 630 long nocsum, flags, msg, cg; 631 off_t sblk, secsize; 632 int error; 633 634 msg = (reqflags & UFS_NOMSG) == 0; 635 nocsum = reqflags & UFS_NOCSUM; 636 /* 637 * Try normal superblock read and return it if it works. 638 * 639 * Suppress messages if it fails until we find out if 640 * failure can be avoided. 641 */ 642 flags = UFS_NOMSG | nocsum; 643 error = ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc); 644 /* 645 * If successful or endian error, no need to try further. 646 */ 647 if (error == 0 || error == EILSEQ) { 648 if (msg && error == EILSEQ) 649 printf("UFS superblock failed due to endian mismatch " 650 "between machine and filesystem\n"); 651 return (error); 652 } 653 /* 654 * First try: ignoring hash failures. 655 */ 656 flags |= UFS_NOHASHFAIL; 657 if (msg) 658 flags &= ~UFS_NOMSG; 659 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0) 660 return (0); 661 /* 662 * Next up is to check if fields of the superblock that are 663 * needed to find backup superblocks are usable. 664 */ 665 if (msg) 666 printf("Attempted recovery for standard superblock: failed\n"); 667 flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOMSG; 668 if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype, 669 readfunc) == 0) { 670 if (msg) 671 printf("Attempt extraction of recovery data from " 672 "standard superblock.\n"); 673 } else { 674 /* 675 * Final desperation is to see if alternate superblock 676 * parameters have been saved in the boot area. 677 */ 678 if (msg) 679 printf("Attempted extraction of recovery data from " 680 "standard superblock: failed\nAttempt to find " 681 "boot zone recovery data.\n"); 682 /* 683 * Look to see if recovery information has been saved. 684 * If so we can generate a prototype superblock based 685 * on that information. 686 * 687 * We need fragments-per-group, number of cylinder groups, 688 * location of the superblock within the cylinder group, and 689 * the conversion from filesystem fragments to disk blocks. 690 * 691 * When building a UFS2 filesystem, newfs(8) stores these 692 * details at the end of the boot block area at the start 693 * of the filesystem partition. If they have been overwritten 694 * by a boot block, we fail. But usually they are there 695 * and we can use them. 696 * 697 * We could ask the underlying device for its sector size, 698 * but some devices lie. So we just try a plausible range. 699 */ 700 error = ENOENT; 701 fsrbuf = NULL; 702 for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2) 703 if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize), 704 &fsrbuf, secsize)) == 0) 705 break; 706 if (error != 0) 707 goto trynowarn; 708 cp = fsrbuf; /* type change to keep compiler happy */ 709 fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr]; 710 if (fsr->fsr_magic != FS_UFS2_MAGIC || 711 (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT)) 712 == NULL) { 713 UFS_FREE(fsrbuf, filltype); 714 goto trynowarn; 715 } 716 memset(protofs, 0, sizeof(struct fs)); 717 protofs->fs_fpg = fsr->fsr_fpg; 718 protofs->fs_fsbtodb = fsr->fsr_fsbtodb; 719 protofs->fs_sblkno = fsr->fsr_sblkno; 720 protofs->fs_magic = fsr->fsr_magic; 721 protofs->fs_ncg = fsr->fsr_ncg; 722 UFS_FREE(fsrbuf, filltype); 723 } 724 /* 725 * Scan looking for alternative superblocks. 726 */ 727 flags = nocsum; 728 if (!msg) 729 flags |= UFS_NOMSG; 730 for (cg = 0; cg < protofs->fs_ncg; cg++) { 731 sblk = fsbtodb(protofs, cgsblock(protofs, cg)); 732 if (msg) 733 printf("Try cg %ld at sblock loc %jd\n", cg, 734 (intmax_t)sblk); 735 if (ffs_sbget(devfd, fsp, dbtob(sblk), flags, filltype, 736 readfunc) == 0) { 737 if (msg) 738 printf("Succeeded with alternate superblock " 739 "at %jd\n", (intmax_t)sblk); 740 UFS_FREE(protofs, filltype); 741 return (0); 742 } 743 } 744 UFS_FREE(protofs, filltype); 745 /* 746 * Our alternate superblock strategies failed. Our last ditch effort 747 * is to see if the standard superblock has only non-critical errors. 748 */ 749 trynowarn: 750 flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum; 751 if (msg) { 752 printf("Finding an alternate superblock failed.\nCheck for " 753 "only non-critical errors in standard superblock\n"); 754 flags &= ~UFS_NOMSG; 755 } 756 if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0) { 757 if (msg) 758 printf("Failed, superblock has critical errors\n"); 759 return (ENOENT); 760 } 761 if (msg) 762 printf("Success, using standard superblock with " 763 "non-critical errors.\n"); 764 return (0); 765 } 766 767 /* 768 * Write a superblock to the devfd device from the memory pointed to by fs. 769 * Write out the superblock summary information if it is present. 770 * 771 * If the write is successful, zero is returned. Otherwise one of the 772 * following error values is returned: 773 * EIO: failed to write superblock. 774 * EIO: failed to write superblock summary information. 775 */ 776 int 777 ffs_sbput(void *devfd, struct fs *fs, off_t loc, 778 int (*writefunc)(void *devfd, off_t loc, void *buf, int size)) 779 { 780 int i, error, blks, size; 781 uint8_t *space; 782 783 /* 784 * If there is summary information, write it first, so if there 785 * is an error, the superblock will not be marked as clean. 786 */ 787 if (fs->fs_si != NULL && fs->fs_csp != NULL) { 788 blks = howmany(fs->fs_cssize, fs->fs_fsize); 789 space = (uint8_t *)fs->fs_csp; 790 for (i = 0; i < blks; i += fs->fs_frag) { 791 size = fs->fs_bsize; 792 if (i + fs->fs_frag > blks) 793 size = (blks - i) * fs->fs_fsize; 794 if ((error = (*writefunc)(devfd, 795 dbtob(fsbtodb(fs, fs->fs_csaddr + i)), 796 space, size)) != 0) 797 return (error); 798 space += size; 799 } 800 } 801 fs->fs_fmod = 0; 802 #ifndef _KERNEL 803 { 804 struct fs_summary_info *fs_si; 805 806 fs->fs_time = time(NULL); 807 /* Clear the pointers for the duration of writing. */ 808 fs_si = fs->fs_si; 809 fs->fs_si = NULL; 810 fs->fs_ckhash = ffs_calc_sbhash(fs); 811 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 812 fs->fs_si = fs_si; 813 } 814 #else /* _KERNEL */ 815 fs->fs_time = time_second; 816 fs->fs_ckhash = ffs_calc_sbhash(fs); 817 error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize); 818 #endif /* _KERNEL */ 819 return (error); 820 } 821 822 /* 823 * Calculate the check-hash for a superblock. 824 */ 825 uint32_t 826 ffs_calc_sbhash(struct fs *fs) 827 { 828 uint32_t ckhash, save_ckhash; 829 830 /* 831 * A filesystem that was using a superblock ckhash may be moved 832 * to an older kernel that does not support ckhashes. The 833 * older kernel will clear the FS_METACKHASH flag indicating 834 * that it does not update hashes. When the disk is moved back 835 * to a kernel capable of ckhashes it disables them on mount: 836 * 837 * if ((fs->fs_flags & FS_METACKHASH) == 0) 838 * fs->fs_metackhash = 0; 839 * 840 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an 841 * old stale value in the fs->fs_ckhash field. Thus the need to 842 * just accept what is there. 843 */ 844 if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0) 845 return (fs->fs_ckhash); 846 847 save_ckhash = fs->fs_ckhash; 848 fs->fs_ckhash = 0; 849 /* 850 * If newly read from disk, the caller is responsible for 851 * verifying that fs->fs_sbsize <= SBLOCKSIZE. 852 */ 853 ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize); 854 fs->fs_ckhash = save_ckhash; 855 return (ckhash); 856 } 857 858 /* 859 * Update the frsum fields to reflect addition or deletion 860 * of some frags. 861 */ 862 void 863 ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt) 864 { 865 int inblk; 866 int field, subfield; 867 int siz, pos; 868 869 inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1; 870 fragmap <<= 1; 871 for (siz = 1; siz < fs->fs_frag; siz++) { 872 if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0) 873 continue; 874 field = around[siz]; 875 subfield = inside[siz]; 876 for (pos = siz; pos <= fs->fs_frag; pos++) { 877 if ((fragmap & field) == subfield) { 878 fraglist[siz] += cnt; 879 pos += siz; 880 field <<= siz; 881 subfield <<= siz; 882 } 883 field <<= 1; 884 subfield <<= 1; 885 } 886 } 887 } 888 889 /* 890 * block operations 891 * 892 * check if a block is available 893 */ 894 int 895 ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 896 { 897 unsigned char mask; 898 899 switch ((int)fs->fs_frag) { 900 case 8: 901 return (cp[h] == 0xff); 902 case 4: 903 mask = 0x0f << ((h & 0x1) << 2); 904 return ((cp[h >> 1] & mask) == mask); 905 case 2: 906 mask = 0x03 << ((h & 0x3) << 1); 907 return ((cp[h >> 2] & mask) == mask); 908 case 1: 909 mask = 0x01 << (h & 0x7); 910 return ((cp[h >> 3] & mask) == mask); 911 default: 912 #ifdef _KERNEL 913 panic("ffs_isblock"); 914 #endif 915 break; 916 } 917 return (0); 918 } 919 920 /* 921 * check if a block is free 922 */ 923 int 924 ffs_isfreeblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 925 { 926 927 switch ((int)fs->fs_frag) { 928 case 8: 929 return (cp[h] == 0); 930 case 4: 931 return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0); 932 case 2: 933 return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0); 934 case 1: 935 return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0); 936 default: 937 #ifdef _KERNEL 938 panic("ffs_isfreeblock"); 939 #endif 940 break; 941 } 942 return (0); 943 } 944 945 /* 946 * take a block out of the map 947 */ 948 void 949 ffs_clrblock(struct fs *fs, u_char *cp, ufs1_daddr_t h) 950 { 951 952 switch ((int)fs->fs_frag) { 953 case 8: 954 cp[h] = 0; 955 return; 956 case 4: 957 cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2)); 958 return; 959 case 2: 960 cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1)); 961 return; 962 case 1: 963 cp[h >> 3] &= ~(0x01 << (h & 0x7)); 964 return; 965 default: 966 #ifdef _KERNEL 967 panic("ffs_clrblock"); 968 #endif 969 break; 970 } 971 } 972 973 /* 974 * put a block into the map 975 */ 976 void 977 ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h) 978 { 979 980 switch ((int)fs->fs_frag) { 981 case 8: 982 cp[h] = 0xff; 983 return; 984 case 4: 985 cp[h >> 1] |= (0x0f << ((h & 0x1) << 2)); 986 return; 987 case 2: 988 cp[h >> 2] |= (0x03 << ((h & 0x3) << 1)); 989 return; 990 case 1: 991 cp[h >> 3] |= (0x01 << (h & 0x7)); 992 return; 993 default: 994 #ifdef _KERNEL 995 panic("ffs_setblock"); 996 #endif 997 break; 998 } 999 } 1000 1001 /* 1002 * Update the cluster map because of an allocation or free. 1003 * 1004 * Cnt == 1 means free; cnt == -1 means allocating. 1005 */ 1006 void 1007 ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt) 1008 { 1009 int32_t *sump; 1010 int32_t *lp; 1011 u_char *freemapp, *mapp; 1012 int i, start, end, forw, back, map; 1013 u_int bit; 1014 1015 if (fs->fs_contigsumsize <= 0) 1016 return; 1017 freemapp = cg_clustersfree(cgp); 1018 sump = cg_clustersum(cgp); 1019 /* 1020 * Allocate or clear the actual block. 1021 */ 1022 if (cnt > 0) 1023 setbit(freemapp, blkno); 1024 else 1025 clrbit(freemapp, blkno); 1026 /* 1027 * Find the size of the cluster going forward. 1028 */ 1029 start = blkno + 1; 1030 end = start + fs->fs_contigsumsize; 1031 if (end >= cgp->cg_nclusterblks) 1032 end = cgp->cg_nclusterblks; 1033 mapp = &freemapp[start / NBBY]; 1034 map = *mapp++; 1035 bit = 1U << (start % NBBY); 1036 for (i = start; i < end; i++) { 1037 if ((map & bit) == 0) 1038 break; 1039 if ((i & (NBBY - 1)) != (NBBY - 1)) { 1040 bit <<= 1; 1041 } else { 1042 map = *mapp++; 1043 bit = 1; 1044 } 1045 } 1046 forw = i - start; 1047 /* 1048 * Find the size of the cluster going backward. 1049 */ 1050 start = blkno - 1; 1051 end = start - fs->fs_contigsumsize; 1052 if (end < 0) 1053 end = -1; 1054 mapp = &freemapp[start / NBBY]; 1055 map = *mapp--; 1056 bit = 1U << (start % NBBY); 1057 for (i = start; i > end; i--) { 1058 if ((map & bit) == 0) 1059 break; 1060 if ((i & (NBBY - 1)) != 0) { 1061 bit >>= 1; 1062 } else { 1063 map = *mapp--; 1064 bit = 1U << (NBBY - 1); 1065 } 1066 } 1067 back = start - i; 1068 /* 1069 * Account for old cluster and the possibly new forward and 1070 * back clusters. 1071 */ 1072 i = back + forw + 1; 1073 if (i > fs->fs_contigsumsize) 1074 i = fs->fs_contigsumsize; 1075 sump[i] += cnt; 1076 if (back > 0) 1077 sump[back] -= cnt; 1078 if (forw > 0) 1079 sump[forw] -= cnt; 1080 /* 1081 * Update cluster summary information. 1082 */ 1083 lp = &sump[fs->fs_contigsumsize]; 1084 for (i = fs->fs_contigsumsize; i > 0; i--) 1085 if (*lp-- > 0) 1086 break; 1087 fs->fs_maxcluster[cgp->cg_cgx] = i; 1088 } 1089