Commit Graph

580 Commits

Author SHA1 Message Date
Konstantin Belousov
53fcc6c960 Plug the rest of undef behavior places that were missed in r337456.
There are three more places in msdosfs_fat.c which might shift one
into the sign bit.  While there, fix formatting of KASSERTs.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-10-11 18:37:02 +00:00
Kyle Evans
5fdac75222 msdosfs: do not deget unlinked denodes
When a file is unlinked, the denode is not reclaimed until the last
reference is dropped, but the directory entry is immediately up for reuse.
This is a problem later when createde goes to grab a denode for the newly
created entry -- we search the hash and find a dead denode, then return that
without even bumping the reference count and the data later gets truncated
when the the last reference to the unlinked file is dropped.

This manifested itself as a broken in-place strip(1) on msdosfs. elfcopy
will do a sequence incredibly roughly like this:

open("/mnt/foo", ...) => fd 3
mmap()
unlink("/mnt/foo")
open("/mnt/foo", ...) => fd 4
write(4, ...)
close(4)
close(3)

and the resulting file would be truncated, but the write succeeded, as long
as a reference to the unlinked file had not been closed.

Some archaeology indicates that this bug has likely existed since msdosfs
was converted to use vfs_hash instead of a home rolled hash implementation
in r143570. Prior to that point, the hashget implementation would do a
refcnt check while searching and explicitly only return a denode with
de_refcnt != 0. vfs_hash did not yet have the callback that it does today,
so this slipped away and did not come back when it later grew that
functionality.

The comment indicating that we want to skip these denodes has been updated
to reflect where this is actually done. My repo-diving session seems to
indicate that the refcnt check was likely never actually below the comment,
to be pedantic, but instead a detail wrapped up in the hashget
implementation since the beginning of its inclusion into FreeBSD.

This bug was the cause behind the issue addressed in r352557.

Reported by:	jhibbits
Reviewed by:	kib
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D21731
2019-09-20 20:47:10 +00:00
Conrad Meyer
aaa3852435 buf: Add B_INVALONERR flag to discard data
Setting the B_INVALONERR flag before a synchronous write causes the buf
cache to forcibly invalidate contents if the write fails (BIO_ERROR).

This is intended to be used to allow layers above the buffer cache to make
more informed decisions about when discarding dirty buffers without
successful write is acceptable.

As a proof of concept, use in msdosfs to handle failures to mark the on-disk
'dirty' bit during rw mount or ro->rw update.

Extending this to other filesystems is left as future work.

PR:		210316
Reviewed by:	kib (with objections)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21539
2019-09-11 21:24:14 +00:00
Ed Maste
4f0372f8cb msdosfsmount.h: fix ifdef comment 2019-09-09 18:35:17 +00:00
Conrad Meyer
454409a372 msdosfs: Remove redundant brelse() after r294954
Same automation.

No functional change.
2019-09-06 08:08:10 +00:00
Conrad Meyer
f80cbeb292 msdosfs: Drop an unneeded brelse in bread error condition
After r294954, it is an invariant that bread returns non-NULL bp if and only
if the routine succeeded.  On error, it handles any buffer cleanup
internally.  So the brelse(NULL) here was just redundant.

No functional change.

Discussed with:	kib (extracted from a larger differential)
2019-09-05 21:30:52 +00:00
Ed Maste
840aca2880 makefs: share msdosfsmount.h between kernel msdosfs and makefs
Sponsored by:	The FreeBSD Foundation
2019-09-01 16:55:33 +00:00
Konstantin Belousov
6470c8d3db Rework v_object lifecycle for vnodes.
Current implementation of vnode_create_vobject() and
vnode_destroy_vobject() is written so that it prepared to handle the
vm object destruction for live vnode.  Practically, no filesystems use
this, except for some remnants that were present in UFS till today.
One of the consequences of that model is that each filesystem must
call vnode_destroy_vobject() in VOP_RECLAIM() or earlier, as result
all of them get rid of the v_object in reclaim.

Move the call to vnode_destroy_vobject() to vgonel() before
VOP_RECLAIM().  This makes v_object stable: either the object is NULL,
or it is valid vm object till the vnode reclamation.  Remove code from
vnode_create_vobject() to handle races with the parallel destruction.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D21412
2019-08-29 07:50:25 +00:00
Ed Maste
b257feb247 msdosfs_fat: reduce diffs with NetBSD and makefs
Use pointer arithmetic (as now done in makefs, and in NetBSD) instead of
taking the address of array element.  No functional change, but this
makes it easier to compare different versions of this file.

Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21365
2019-08-22 16:06:52 +00:00
Ed Maste
476b0ab758 makefs: share denode.h between kernel msdosfs and makefs
There is no need to duplicate this file when it can be trivially
shared (just exposing sections previously under #ifdef _KERNEL).

MFC with:	r351273
Differential Revision:	The FreeBSD Foundation
2019-08-21 19:07:13 +00:00
Ed Maste
51e79affa3 makefs: share fat.h between kernel msdosfs and makefs
There is no reason to duplicate this file when it can be trivially
shared (just exposing one section previously under #ifdef _KERNEL).

Reviewed by:	imp, cem
MFC with:	r351273
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21346
2019-08-21 02:21:40 +00:00
Alan Somers
65417f5e27 Remove "struct ucred*" argument from vtruncbuf
vtruncbuf takes a "struct ucred*" argument. AFAICT, it's been unused ever
since that function was first added in r34611. Remove it.  Also, remove some
"struct ucred" arguments from fuse and nfs functions that were only used by
vtruncbuf.

Reviewed by:	cem
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20377
2019-05-24 20:27:50 +00:00
Konstantin Belousov
ae90941431 Add vn_fsync_buf().
Provide a convenience function to avoid the hack with filling fake
struct vop_fsync_args and then calling vop_stdfsync().

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-09 20:20:04 +00:00
Konstantin Belousov
997febb1e7 Fix dirty buf exhaustion easily triggered with msdosfs.
If truncate(2) is performed on msdosfs file, which extends the file by
system-depended large amount, fs creates corresponding amount of dirty
delayed-write buffers, which can consume all buffers.  Such buffers
cannot be flushed by the bufdaemon because the ftruncate() thread owns
the vnode lock.  So the system runs out of free buffers, and even
truncate() thread starves, which means deadlock because it owns the
vnode lock.

Fix this by doing vnode fsync in extendfile() when low memory or low
buffers condition detected, which flushes all dirty buffers belonging
to the file being extended.

Note that the more usual fallback to bawrite() does not work
acceptable in this situation, because it would only allow one buffer
to be recycled.  Other filesystems, most important UFS, do not allow
userspace to create arbitrary amount of dirty delayed-write buffers
without feedback, so bawrite() is good enough for them.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-09 19:55:02 +00:00
Konstantin Belousov
c973ee9e06 msdosfs: zero tail of the last block on truncation for VREG vnodes as well.
Despite the call to vtruncbuf() from detrunc(), which results in
zeroing part of the partial page after EOF, there still is a
possibility to retain the stale data which is revived on file
enlargement.  If the filesystem block size is greater than the page
size, partial block might keep other after-EOF pages wired and they
get reused then.  Fix it by zeroing whole part of the partial buffer
after EOF, not relying on vnode_pager_setsize().

PR:	236977
Reported by:	asomers
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-04-03 17:02:18 +00:00
Bruce Evans
416e232cc6 Fix clobbering of the fatchain cache for clustered i/o's when full
clustering is not done.  The bug caused extreme slowness for large
files in some cases.

There is no way to tell VOP_BMAP() how many blocks are wanted, so for
all file systems it has to waste time in some cases by searching for
more contiguous blocks than will be accessed.  For msdosfs, it also
clobbered the fatchain cache in these cases by advancing the cache to
point to the chain entry for block that won't be read.  This makes
the cache useless for the next sequential i/o (or VOP_BMAP()), so the
fat chain is searched from the beginning.  The cache only has 1 relevant
entry, so it is similarly useless for random i/o.

Fix this by only advancing the cache to point to the chain entry for
the first block that will be read.  Clustering uses results from
VOP_BMAP(), so when more than 1 block is read by clustering, the cache
is not advanced as optimally as before, but it is at most 1 cluster
size behind and searching the chain through the blocks for this cluster
doesn't take too long.
2018-12-21 21:17:45 +00:00
Bruce Evans
8ec22c4d65 Quick fix for initialization of mnt_iosize_max. (This limit controls
mainly clustering and read-ahead.)  Copy the initialization from ffs,
and also copy a couple of lines of ffs's nearby style for initialization
order and whitespace.

A correct fix would de-duplicate the initialization and fix bitrot in it
instead of adding another instance of the duplication.  Complications to
use the size preferred by the device have been reduced to hard-coding
slightly pessimal and/or inconsistent defaults, using large code that was
almost needed to support the complications.

For msdosfs, the result was that mnt_iosize_max was DFTLPHYS (64K) but is
now MAXPHYS (128K).
2018-12-21 20:12:43 +00:00
Mateusz Guzik
cc426dd319 Remove unused argument to priv_check_cred.
Patch mostly generated with cocinnelle:

@@
expression E1,E2;
@@

- priv_check_cred(E1,E2,0)
+ priv_check_cred(E1,E2)

Sponsored by:	The FreeBSD Foundation
2018-12-11 19:32:16 +00:00
Mark Johnston
6d2e2df764 Ensure that directory entry padding bytes are zeroed.
Directory entries must be padded to maintain alignment; in many
filesystems the padding was not initialized, resulting in stack
memory being copied out to userspace.  With the ino64 work there
are also some explicit pad fields in struct dirent.  Add a subroutine
to clear these bytes and use it in the in-tree filesystems.  The
NFS client is omitted for now as it was fixed separately in r340787.

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Reviewed by:	kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-11-23 22:24:59 +00:00
Konstantin Belousov
1c4ca77890 Add d_off support for multiple filesystems.
The d_off field has been added to the dirent structure recently.
Currently filesystems don't support this feature.  Support has been
added and tested for zfs, ufs, ext2fs, fdescfs, msdosfs and unionfs.
A stub implementation is available for cd9660, nandfs, udf and
pseudofs but hasn't been tested.

Motivation for this feature: our usecase is for a userspace nfs server
(nfs-ganesha) with zfs.  At the moment we cache direntry offsets by
calling lseek once per entry, with this patch we can get the offset
directly from getdirentries(2) calls which provides a significant
speedup.

Submitted by:	Jack Halford <jack@gandi.net>
Reviewed by:	mckusick, pfg, rmacklem (previous versions)
Sponsored by:	Gandi.net
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D17917
2018-11-14 14:18:35 +00:00
Pedro F. Giffuni
c820acbf0a msdosfs: fixes for Undefined Behavior.
These were found by the Undefined Behaviour GsoC project at NetBSD:

Do not change signedness bit with left shift.
While there avoid signed integer overflow.
Address both issues with using unsigned type.

msdosfs_fat.c:512:42, left shift of 1 by 31 places cannot be represented
in type 'int'
msdosfs_fat.c:521:44, left shift of 1 by 31 places cannot be represented
in type 'int'
msdosfs_fat.c:744:14, left shift of 1 by 31 places cannot be represented
in type 'int'
msdosfs_fat.c:744:24, signed integer overflow: -2147483648 - 1 cannot be
represented in type 'int [20]'
msdosfs_fat.c:840:13, left shift of 1 by 31 places cannot be represented
in type 'int'
msdosfs_fat.c:840:36, signed integer overflow: -2147483648 - 1 cannot be
represented in type 'int [20]'

Detected with micro-UBSan in the user mode.

Hinted from:	NetBSD (CVS 1.33)
MFC after:	2 weeks
Differenctial Revision:	https://reviews.freebsd.org/D16615
2018-08-08 15:08:22 +00:00
Ed Maste
195e6c50d3 msdosfs: trim EOL whitespace 2018-07-31 12:44:28 +00:00
Ed Maste
22e56aea3f msdosfs: use same max filesize #define as NetBSD and move to header
For use by makefs msdosfs support.

Obtained from:	NetBSD denode.h 1.6
Sponsored by:	The FreeBSD Foundation
2018-07-30 20:36:51 +00:00
Ed Maste
6ae00e306f Revert msdosfs MAKEFS #ifdef changes from r319870
These changes are not needed for current msdosfs makefs WIP.

Submitted by:	Siva Mahadevan
Sponsored by:	The FreeBSD Foundation
2018-07-24 21:10:17 +00:00
Kirk McKusick
4111ab7088 Revert change made in base r171522
(https://svnweb.freebsd.org/base?view=revision&revision=304232)
converting clrbuf() (which clears the entire buffer) to vfs_bio_clrbuf()
(which clears only the new pages that have been added to the buffer).

Failure to properly remove pages from the buffer cache can make
pages that appear not to need clearing to actually have bad random
data in them. See for example base r304232
(https://svnweb.freebsd.org/base?view=revision&revision=304232)
which noted the need to set B_INVAL and B_NOCACHE as well as clear
the B_CACHE flag before calling brelse() to release the buffer.

Rather than trying to find all the incomplete brelse() calls, it
is simpler, though more slightly expensive, to simply clear the
entire buffer when it is newly allocated.

PR: 213507
Submitted by: Damjan Jovanovic
Reviewed by:  kib
2018-05-16 23:30:03 +00:00
Pedro F. Giffuni
b732ceb6ca msdosfs: use vfs_timestamp() to generate timestamps instead of getnanotime().
Most filesystems, with the notable exceptions of msdosfs and autofs use
only vfs_timestamp() to read the current time. This has the benefit of
configurable granularity (using the vfs.timestamp_precision sysctl).

For convenience, use it on msdosfs too.

Submitted by:	Damjan Jovanovic
Differential Revision:	https://reviews.freebsd.org/D15297
2018-05-06 21:29:29 +00:00
Pedro F. Giffuni
c85866888d msdosfs: long names of files are created incorrectly.
This fixes a regression that happened in r120492 (2003) where libkiconv
was introduced and we went from checking unlen to checking for '\0'.

PR:		111843
Patch by:	Damjan Jovanovic
MFC after:	1 week
2018-05-04 03:44:12 +00:00
John Baldwin
599afe53a8 Move NAME_MAX, LINK_MAX, and CHOWN_RESTRICTED out of vop_stdpathconf().
Having all filesystems fall through to default values isn't always correct
and these values can vary for different filesystem implementations.  Most
of these changes just use the existing default values with a few exceptions:
- Don't report CHOWN_RESTRICTED for ZFS since it doesn't do the exact
  permissions check this claims for chown().
- Use NANDFS_NAME_LEN for NAME_MAX for nandfs.
- Don't report a LINK_MAX of 0 on smbfs.  Now fail with EINVAL to
  indicate hard links aren't supported.

Requested by:	bde (though perhaps not this exact implementation)
Reviewed by:	kib (earlier version)
MFC after:	1 month
Sponsored by:	Chelsio Communications
2017-12-19 19:51:36 +00:00
John Baldwin
853b3a8ae8 Support _PC_FILESIZEBITS in msdosfs' VOP_PATHCONF().
MFC after:	1 month
Sponsored by:	Chelsio Communications
2017-12-19 19:10:00 +00:00
Pedro F. Giffuni
d63027b668 sys/fs: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-27 15:15:37 +00:00
Conrad Meyer
60965b7606 msdosfs(5): Reflect READONLY attribute in file mode
Msdosfs allows setting READONLY by clearing the owner write bit of the file
mode.  (While here, correct the misspelling of S_IWUSR as VWRITE.  No
functional change.)

In msdosfs_getattr, intuitively reflect that READONLY attribute to userspace
in the file mode.

Reported by:	Karl Denninger <karl AT denninger.net>
Sponsored by:	Dell EMC Isilon
2017-11-20 21:38:24 +00:00
Ed Maste
027bebe8e1 msdosfs: fix build with MSDOSFS_DEBUG
Inspired by a patch submission by longwitz@incore.de with many changes
for ino64 in HEAD.

PR:		199152
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2017-10-19 12:55:11 +00:00
Konstantin Belousov
4eeec01fee Style.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-08-28 21:04:56 +00:00
Konstantin Belousov
fbcbbe78dc Verify that the BPB media descriptor and FAT ID match.
FAT specification requires that for valid FAT, FAT cluster 0 has a
specific value derived from the BPB media descriptor.  The lowest
(little-endian) byte must be equal to bpb.bpbMedia, other bits in the
cluster number must be all 1's.  Implement the check to reduce the
chance of the randomly corrupted FAT to pass the mount attempt.

Submitted by:	Siva Mahadevan <smahadevan@freebsdfoundation.org>
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D12124
2017-08-28 20:52:32 +00:00
John Baldwin
15a88f8158 Consistently use vop_stdpathconf() for default pathconf values.
Update filesystems not currently using vop_stdpathconf() in pathconf
VOPs to use vop_stdpathconf() for any configuration variables that do
not have filesystem-specific values.  vop_stdpathconf() is used for
variables that have system-wide settings as well as providing default
values for some values based on system limits.  Filesystems can still
explicitly override individual settings.

PR:		219851
Reported by:	cem
Reviewed by:	cem, kib, ngie
MFC after:	1 month
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11541
2017-07-11 21:55:20 +00:00
Ed Maste
1f7d7cd76a msdosfs: reformat a comment to reduce NetBSD diffs 2017-06-22 01:11:20 +00:00
Ed Maste
db20c27d28 msdosfs: adjust #ifdefs to be similar to NetBSD
- Add header guards where missing
- Make parts available for use in makefs

Sponsored by:	The FreeBSD Foundation
2017-06-12 20:42:37 +00:00
Konstantin Belousov
40373cf5b8 Remove msdosfs -o large support.
Its purpose was to translate the values for msdosfs inode numbers,
which is calculated from the msdosfs structures describing the file,
into the range representable by 32bit ino_t.  The translation acted
for filesystems larger than 128Gb, it reserved the range 0xf0000000
(FILENO_FIRST_DYN) to UINT32_MAX and remembered some arbitrary
translation of ino >= FILENO_FIRST_DYN into this range.  It consumed
memory that could be only freed by unmount, and the translation was
not stable across remounts.

With ino_t type extended to 64 bit, there is no such issue and values
can be returned without compaction to 32bit.  That is, for the native
environments, the translation layer is not necessary and adds
significant undeserved code complexity.  For compat ABIs which use
32bit ino_t, the vfs.ino64_trunc_error sysctl provides some measures
to soften the failure mode when inode numbers truncation is not safe.

Discussed with:	bde
Sponsored by:	The FreeBSD Foundation
2017-06-09 12:06:22 +00:00
Ed Maste
6a1c2e1fce msdosfs: use mem{cpy,move,set} instead of bcopy,bzero
This somewhat simplifies use of msdosfs code in userland (for makefs),
reduces diffs with NetBSD and is standard C as of C89.

Reviewed by:	imp
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D11014
2017-06-02 18:39:53 +00:00
Ed Maste
6403a57bcc msdosfs: constify
Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
2017-05-21 20:00:49 +00:00
Ed Maste
c8b163b617 msdosfs: correct constant and typo in comment
Revisions:
fat.h	1.5 1.6

Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
2017-05-21 19:48:16 +00:00
Ed Maste
9287dbaae9 msdosfs: capitalize FAT appropriately
Diff reduction with NetBSD, including some nearby minor whitespace or
style fixes.

Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
2017-05-21 19:29:28 +00:00
Ed Maste
23c5331208 msdosfs: use C99 types
General cleanup, for diff reduction with NetBSD and future use by FAT
support in makefs.

Submitted by:	Siva Mahadevan <smahadevan@freebsdfoundation.org>
Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D10821
2017-05-19 18:13:41 +00:00
Gleb Smirnoff
9ed01c32e0 All these files need sys/vmmeter.h, but now they got it implicitly
included via sys/pcpu.h.
2017-04-17 17:07:00 +00:00
Konstantin Belousov
06965e96b3 Use buffer pager for msdosfs.
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:46:15 +00:00
Konstantin Belousov
2aa3944510 Enable vn_io_fault() deadlock avoidance for msdosfs.
Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:35:06 +00:00
Konstantin Belousov
b05088aeeb Ensure that cluster allocations never allocate clusters outside the
volume limits.  In particular:
- Assert that usemap_alloc() and usemap_free() cluster number argument
  is valid.
- In chainlength(), return 0 if cluster start is after the max cluster.
- In chainlength(), cut the calculated cluster chain length at the max
  cluster.
- For true paranoia, after the pm_inusemap is calculated in
  fillinusemap(), reset all bits in the array for clusters after the
  max cluster, as in-use.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:34:32 +00:00
Konstantin Belousov
03b8a419e4 If the fatchain() call in chainalloc() returned an error, revert
marking the cluster run as in-use.

Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:26:44 +00:00
Konstantin Belousov
f33d62b2d2 Use symbolic name for the value of fully free word in pm_inusemap.
Explicitely mention every bit in the value.

Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:23:36 +00:00
Konstantin Belousov
1c4ec415e2 Use symbolic name for the free cluster number.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-10-28 11:01:49 +00:00