84 Commits

Author SHA1 Message Date
Kirk McKusick
fb14e73cb4 Normally when an attempt is made to mount a UFS/FFS filesystem whose
superblock has a check-hash error, an error message noting the
superblock check-hash failure is printed and the mount fails. The
administrator then runs fsck to repair the filesystem and when
successful, the filesystem can once again be mounted.

This approach fails if the filesystem in question is a root filesystem
from which you are trying to boot. Here, the loader fails when trying
to access the filesystem to get the kernel to boot. So it is necessary
to allow the loader to ignore the superblock check-hash error and make
a best effort to read the kernel. The filesystem may be suffiently
corrupted that the read attempt fails, but there is no harm in trying
since the loader makes no attempt to write to the filesystem.

Once the kernel is loaded and starts to run, it attempts to mount its
root filesystem. Once again, failure means that it breaks to its prompt
to ask where to get its root filesystem. Unless you have an alternate
root filesystem, you are stuck.

Since the root filesystem is initially mounted read-only, it is
safe to make an attempt to mount the root filesystem with the failed
superblock check-hash. Thus, when asked to mount a root filesystem
with a failed superblock check-hash, the kernel prints a warning
message that the root filesystem superblock check-hash needs repair,
but notes that it is ignoring the error and proceeding. It does
mark the filesystem as needing an fsck which prevents it from being
enabled for writing until fsck has been run on it. The net effect
is that the reboot fails to single user, but at least at that point
the administrator has the tools at hand to fix the problem.

Reported by:    Rick Macklem (rmacklem@)
Discussed with: Warner Losh (imp@)
Sponsored by:   Netflix
2018-12-06 00:09:39 +00:00
Kirk McKusick
07436eeb49 Fix build break from dump incompatibility I introduced in -r340411
Pointy-hat to: mckusick
2018-11-14 00:21:52 +00:00
Gleb Smirnoff
d4f7db4764 Plug build break after r340411. 2018-11-13 23:44:27 +00:00
Warner Losh
37d6a8f458 Revert size limits.
The size limits came from a flawed understanding of dump records.
The real issue was that dump was bogusly interpreting c_count
sometimes. r334978 fixes that.
2018-06-11 20:38:30 +00:00
Warner Losh
e26ce92b55 Don't initialize c_count. We don't need to. 2018-06-11 19:35:41 +00:00
Warner Losh
a86534e007 Minor style polishing.
Declare c_count and initialize it with other ints.

Reported by: mjg@
2018-06-11 19:32:49 +00:00
Diane Bruce
803fec5fdf Large file systems with inodes > 512K have been silently overflowing
c_addr in spcl. So check before we start dumping otherwise we can
end up with a corrupted dump.

PR:		228807
Submitted by:	db
Reviewed by:	imp
Approved by:	imp
2018-06-11 19:12:50 +00:00
Kirk McKusick
db9cb3e823 Ensure proper initialization of superblock.
Submitted by: Diane Bruce
2018-06-07 20:49:01 +00:00
Ed Maste
d8ba45e213 Revert r313780 (UFS_ prefix) 2018-03-17 12:59:55 +00:00
Ed Maste
1e2b9afca9 Prefix UFS symbols with UFS_ to reduce namespace pollution
Followup to r313780.  Also prefix ext2's and nandfs's versions with
EXT2_ and NANDFS_.

Reported by:	kib
Reviewed by:	kib, mckusick
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9623
2018-03-17 01:48:27 +00:00
Kirk McKusick
dffce2150e Refactoring of reading and writing of the UFS/FFS superblock.
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.

No functional change intended.

Reviewed by: kib
2018-01-26 00:58:32 +00:00
Kirk McKusick
a770ae06ed In preparation for converting to libufs to read the superblock,
change conflicting function names:

	getino => getinode
	bread => blkread

No functional change.
2017-12-27 22:18:56 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Pedro F. Giffuni
f32d2926b0 sbin: ake use of our rounddown() macro when sys/param.h is available.
No functional change.
2016-05-01 02:24:05 +00:00
Pedro F. Giffuni
4c8762f037 dump: use NULL instead of zero for pointers.
Clean out the casts from calloc(3) while here.
2016-04-19 19:13:33 +00:00
Ed Schouten
b3608ae18f Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
Kirk McKusick
7649cb0043 The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities
include sys/time.h instead of time.h. This include is incorrect as
per the manpages for the APIs and the POSIX definitions. This commit
replaces sys/time.h where necessary with time.h.

The commit also includes some minor style(9) header fixup in newfs.

This commit is part of a larger effort by Garrett Cooper started in
//depot/user/gcooper/posix-conformance-work/ -- to make FreeBSD more
POSIX compliant.

Submitted by:  Garrett Cooper   yanegomi at gmail dot com
2011-01-24 06:17:05 +00:00
Xin LI
80ca1f34b5 Plug two memory leaks in error case.
MFC after:	1 month
2010-02-03 23:56:12 +00:00
Kirk McKusick
f72ab79315 Expand dump to allow MAX_INT dump levels.
PR:           bin/100732
Submitted by: Matthew Vincenz <msvincen@midway.uchicago.edu>
2008-05-24 05:20:46 +00:00
Kirk McKusick
693c40a39a When using dump to generate level 0 dumps which are then rsync'ed
to a remote machine, the fact that the dump date is stored with
each header (inode) record makes rsync significantly less efficient
than necessary. This also applies to inode access times when they
are not important data to retain. When implementing an offsite
backup solution of this type, these dates in particular are not
important, especially if it prevents effective offsite backups.

PR:           bin/91049
Submitted by: Forrest W Christian <fwc@mt.net>
2008-05-23 23:13:14 +00:00
Ruslan Ermilov
ef4e780539 Make "dump /filesystem" (without options) work.
PR:		docs/84408
MFC after:	3 days
2006-10-12 20:22:31 +00:00
Matt Jacob
90bdcf6bdc If rawname returns NULL, deal with it appropriately.
PR:		94045
Submitted by:	Andrey Elsukov
MFC after:	1 week
2006-08-15 17:53:37 +00:00
Warner Losh
f8aa7a835c 'r' disk devices no longer exist, so don't try to create a pathname
that has an 'r' in it.

This also eliminates a bogus use of strlcat.
PR: 80064
2005-04-18 15:08:29 +00:00
Ruslan Ermilov
8d646af581 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 09:19:34 +00:00
Wes Peters
73e31afa1a Improved error checking for existence of a .snap directory to
generate snapshots in when -L is requested.  If the .snap directory
does not exist, or is not a directory, issue a warning and revert
to the non- live behavior.

Obtained from:	St. Bernard Software RAPID
2005-01-21 22:13:25 +00:00
Brian Feldman
c51d70c690 Add -P arguments for dump(8) and restore(8) which allow the user to
use backup methods other than files and tapes.  The -P argument is
a normal sh(1) pipeline with either $DUMP_VOLUME or $RESTORE_VOLUME
defined in the environment, respectively.

For example, I can back up my home to three DVD+R[W]s as so:
Filesystem  1K-blocks     Used    Avail Capacity  Mounted on
/dev/ad0s2e  40028550 10093140 26733126    27%    /home
green# dump -0 -L -C16 -B4589840 -P 'growisofs -Z /dev/cd0=/dev/fd/0' /home
2004-04-13 02:58:06 +00:00
Brian Feldman
f7c7b87fbd Improve the warnings for dump -L and do not bother doing the snapshot if
it is specified for read-only filesystems.

Submitted by:   Jason Young <jyoung8607@hotmail.com>
PR:     46672
2004-04-12 20:19:32 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Ian Dowse
6e3aaeb2d7 Define _PATH_MKSNAP_FFS and use it in dump(8) instead of assuming
that mksnap_ffs(8) can be found using the current $PATH.

Reviewed by:	mckusick
2004-01-04 17:17:46 +00:00
Kirk McKusick
d46b52859a Convert the live dump command (`dump -L') to use mksnap_ffs instead
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.

Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
2003-11-16 08:01:58 +00:00
Johan Karlsson
8a0453d614 Make this WARNS=2 clean by
- using (intmax_t) and %j
	- giving a non-empty format string to msg()

Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.

Tested by:	make universe
2003-11-14 13:07:38 +00:00
Kirk McKusick
924a7003b0 Dump is hard-wired to believe that it can read disks on
1024-byte boundaries. For many years this was a reasonable
assumption. However, in recent years we have begun seeing
devices with 2048-byte sectors. These devices return errors
when dump tries to read starting in the middle of a sector
or when it tries to read only the first half of a sector.
Rather than change the native block size used by dump (and
thus create an incompatible dump format), this fix checks
for transfer requests that start and/or end on a non-sector
boundary. When such a read is detected, the new code reads
the entire sector and copies out just the part that dump
needs.

Reviewed by:	Poul-Henning Kamp <phk@critter.freebsd.dk>
Approved by:	re (John Baldwin <jhb@FreeBSD.org>)
Sponsored by:   DARPA & NAI Labs.
2003-05-07 18:27:09 +00:00
Ruslan Ermilov
44b81f0f89 Removed all vestiges of KerberosIV. 2003-05-01 21:18:36 +00:00
Mark Murray
8edde085dd De-Kerberise (KerberosIV). KerberosIV is no longer present, and
remote backups can still be done with Kerberos authentication using
SSH and Kerberos 5.
2003-05-01 20:09:58 +00:00
Matthew N. Dodd
a3165d16af Avoid a name conflict with future functionality:
getfstab() -> dump_getfstab()
2003-04-07 11:34:12 +00:00
Ruslan Ermilov
1f6a46318d Sort options. 2003-02-23 01:50:07 +00:00
Matthew Dillon
be013c3a8c really, this time for sure. Fix formatting in usage(). 2003-01-13 19:58:05 +00:00
Matthew Dillon
f2dddb665e Grr. I keep forgetting things. Include -C in dump's usage() . 2003-01-13 19:56:03 +00:00
Matthew Dillon
ea8123f92b Add support for obsolete option form for -C 2003-01-13 19:50:46 +00:00
Matthew Dillon
5941e412ca Add a caching option to dump. Use -C. Note that NetBSD has a caching option
called -r but it takes 512 byte blocks instead of megabytes, and I felt a
megabytes specification would be far more useful so I did not use the same
option character.

This will *greatly* improve dump performance at the cost of possibly
missing filesystem changes that occur between passes, and does a fairly
good job making up for the loss of buffered block devices.  Caching is disabled
by default to retain historical behavior.

In tests, dump performance improved by about 40% when dumping / or /usr.

Beware that dump forks and the cache may wind up being larger then you
specify, but a more complex shared memory implementation would not produce
results that are all that much better so I kept it simple for now.

MFC after:	3 days
2003-01-13 19:42:41 +00:00
Kirk McKusick
194a666749 Add the `L' option to dump to notify it that it is dumping a
live filesystem. To obtain a consistent dump image, dump takes
a snapshot of the filesystem and then does a dump of the snapshot.
The snapshot is removed when the dump is complete.

Also add an operator warning that the `L' option should be used
if dump is run on a live filesystem without the `L' option being
specified. The alternative would be to silently use a snapshot
any time that a live filesystem is dumped, but this change in
dump semantics seemed too drastic at this time.

Sponsored by:   DARPA & NAI Labs.
Approved by:	re
2002-12-03 18:21:09 +00:00
Kirk McKusick
ada981b228 Create a new 32-bit fs_flags word in the superblock. Add code to move
the old 8-bit fs_old_flags to the new location the first time that the
filesystem is mounted by a new kernel. One of the unused flags in
fs_old_flags is used to indicate that the flags have been moved.
Leave the fs_old_flags word intact so that it will work properly if
used on an old kernel.

Change the fs_sblockloc superblock location field to be in units
of bytes instead of in units of filesystem fragments. The old units
did not work properly when the fragment size exceeeded the superblock
size (8192). Update old fs_sblockloc values at the same time that
the flags are moved.

Suggested by:	BOUWSMA Barry <freebsd-misuser@netscum.dyndns.dk>
Sponsored by:   DARPA & NAI Labs.
2002-11-27 02:18:58 +00:00
Bruce Evans
4fb133adea Changed "file system" back to "filesystem" in the usage message. English
rules don't apply to tokens that are supposed to represent single args.
This was only fixed in the man page.

Fixed other differences between the man page and the usage message (1
formatting bug and 1 syntax bug).
2002-10-01 13:44:15 +00:00
Mike Barcroft
89fdc4e117 Use the standardized CHAR_BIT constant instead of NBBY in userland. 2002-09-25 04:06:37 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Ian Dowse
617dbd3c84 Replace the use of %qd with intmax_t/%jd and fix a number of -Wall
and -Wformat warnings:
 o Include timeconv.h for the time conversion functions.
 o Remove unused variables.
 o Correct a few cases where %d was used when printing longs.
2002-07-08 00:29:23 +00:00
Kirk McKusick
1c85e6a35d This commit adds basic support for the UFS2 filesystem. The UFS2
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.

Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.

Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).

Sponsored by: DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@freebsd.org>
2002-06-21 06:18:05 +00:00
Tom Rhodes
3468b317cb more file system > filesystem 2002-05-16 04:10:46 +00:00
Poul-Henning Kamp
75766e179d Sigh, more BBSIZE related breakage.
Sponsored by:	DARPA & NAI Labs.
2002-05-12 21:37:08 +00:00