d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
75e3597abb
freebsd-nq/sys/kern
History
Kirk McKusick 75e3597abb Continuing efforts to provide hardening of FFS, this change adds a 
check hash to cylinder groups. If a check hash fails when a cylinder
group is read, no further allocations are attempted in that cylinder
group until it has been fixed by fsck. This avoids a class of
filesystem panics related to corrupted cylinder group maps. The
hash is done using crc32c.

Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily
used in embedded systems with small memories and low-powered processors
which need as light-weight a filesystem as possible.

Specifics of the changes:

sys/sys/buf.h:
    Add BX_FSPRIV to reserve a set of eight b_xflags that may be used
    by individual filesystems for their own purpose. Their specific
    definitions are found in the header files for each filesystem
    that uses them. Also add fields to struct buf as noted below.

sys/kern/vfs_bio.c:
    It is only necessary to compute a check hash for a cylinder
    group when it is actually read from disk. When calling bread,
    you do not know whether the buffer was found in the cache or
    read. So a new flag (GB_CKHASH) and a pointer to a function to
    perform the hash has been added to breadn_flags to say that the
    function should be called to calculate a hash if the data has
    been read. The check hash is placed in b_ckhash and the B_CKHASH
    flag is set to indicate that a read was done and a check hash
    calculated. Though a rather elaborate mechanism, it should
    also work for check hashing other metadata in the future. A
    kernel internal API change was to change breada into a static
    fucntion and add flags and a function pointer to a check-hash
    function.

sys/ufs/ffs/fs.h:
    Add flags for types of check hashes; stored in a new word in the
    superblock. Define corresponding BX_ flags for the different types
    of check hashes. Add a check hash word in the cylinder group.

sys/ufs/ffs/ffs_alloc.c:
    In ffs_getcg do the dance with breadn_flags to get a check hash and
    if one is provided, check it.

sys/ufs/ffs/ffs_vfsops.c:
    Copy across the BX_FFSTYPES flags in background writes.
    Update the check hash when writing out buffers that need them.

sys/ufs/ffs/ffs_snapshot.c:
    Recompute check hash when updating snapshot cylinder groups.

sys/libkern/crc32.c:
lib/libufs/Makefile:
lib/libufs/libufs.h:
lib/libufs/cgroup.c:
    Include libkern/crc32.c in libufs and use it to compute check
    hashes when updating cylinder groups.

Four utilities are affected:

sbin/newfs/mkfs.c:
    Add the check hashes when building the cylinder groups.

sbin/fsck_ffs/fsck.h:
sbin/fsck_ffs/fsutil.c:
    Verify and update check hashes when checking and writing cylinder groups.

sbin/fsck_ffs/pass5.c:
    Offer to add check hashes to existing filesystems.
    Precompute check hashes when rebuilding cylinder group
    (although this will be done when it is written in fsutil.c
    it is necessary to do it early before comparing with the old
    cylinder group)

sbin/dumpfs/dumpfs.c
    Print out the new check hash flag(s)

sbin/fsdb/Makefile:
    Needs to add libufs now used by pass5.c imported from fsck_ffs.

Reviewed by: kib
Tested by: Peter Holm (pho)
2017-09-22 12:45:15 +00:00
..
bus_if.m "Buses" is the preferred plural of "bus" 2017-01-15 17:54:01 +00:00
capabilities.conf Correct sysent flags for dynamically loaded syscalls. 2017-07-14 09:34:44 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh Don't prefix zero with 0x in assym.s. 2017-04-13 15:43:44 +00:00
imgact_aout.c Fix handling of the segment registers on i386. 2017-09-18 20:22:42 +00:00
imgact_binmisc.c tighten buffer bounds in imgact_binmisc_populate_interp 2017-03-21 18:02:14 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Add AT_HWCAP and AT_EHDRFLAGS on all platforms. 2017-09-14 14:26:55 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
init_main.c Move struct syscall_args syscall arguments parameters container into 2017-06-12 21:03:23 +00:00
init_sysent.c Regen. 2017-06-17 00:58:19 +00:00
kern_acct.c Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
kern_alq.c
kern_clock.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
kern_clocksource.c Remove cpu_deepest_sleep variable. 2017-02-24 16:11:55 +00:00
kern_condvar.c Introduce SCHEDULER_STOPPED_TD for use when the thread pointer was already read 2017-02-17 06:45:04 +00:00
kern_conf.c Undo r309891. Konstantin is right in that this condition normally 2016-12-12 19:11:04 +00:00
kern_cons.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
kern_context.c
kern_cpu.c
kern_cpuset.c Fix size to copyout(9) for cpuset_getid(2). 2017-08-22 20:46:29 +00:00
kern_ctf.c Fix improper use of "its". 2016-11-08 23:59:41 +00:00
kern_descrip.c ddb show files: fix up file types and whitespace 2017-06-14 07:46:52 +00:00
kern_dtrace.c Sprinkle __read_frequently on few obvious places. 2017-09-06 20:33:33 +00:00
kern_dump.c Rename mkdumpheader() and group EKCD functions in kern_shutdown.c. 2017-08-18 04:04:09 +00:00
kern_environment.c
kern_et.c Add labels to sysctls related to clocks. 2016-12-14 12:56:58 +00:00
kern_event.c Do not cast struct kevent_args or struct freebsd11_kevent_args to 2017-06-29 14:40:33 +00:00
kern_exec.c Resolve confusion between different error code spaces. 2017-07-03 20:44:01 +00:00
kern_exit.c Avoid reusing p_ksi while it is on queue. 2017-03-12 13:58:51 +00:00
kern_fail.c Avoid open-coding PRI_UNCHANGED. 2017-05-18 18:24:11 +00:00
kern_ffclock.c
kern_fork.c If the user tries to set kern.randompid to 1 (which is meaningless), set 2017-09-10 15:01:29 +00:00
kern_gzio.c
kern_hhook.c Get closer to a VIMAGE network stack teardown from top to bottom rather 2016-06-21 13:48:49 +00:00
kern_idle.c
kern_intr.c Extend cpuset_get/setaffinity() APIs 2017-05-03 18:41:08 +00:00
kern_jail.c Jails: Optionally prevent jailed root from binding to privileged ports 2017-06-06 02:15:00 +00:00
kern_khelp.c
kern_kthread.c Re-schedule signals after kthread exits, since apparently there are 2016-08-10 13:47:12 +00:00
kern_ktr.c Fix a couple of comment typos 2017-08-15 02:21:02 +00:00
kern_ktrace.c Ktracing kevent(2) calls with unusual arguments might leads to an 2017-03-12 13:48:24 +00:00
kern_linker.c kldstat: Use sizeof in place of named constants for sizing 2017-07-29 23:31:21 +00:00
kern_lock.c lockmgr: implement fast path 2017-02-12 09:49:44 +00:00
kern_lockf.c put very expensive sanity checks of advisory locks under DIAGNOSTIC 2017-01-30 15:20:13 +00:00
kern_lockstat.c Sprinkle __read_frequently on few obvious places. 2017-09-06 20:33:33 +00:00
kern_loginclass.c
kern_malloc.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
kern_mbuf.c
kern_mib.c All these files need sys/vmmeter.h, but now they got it implicitly 2017-04-17 17:07:00 +00:00
kern_module.c
kern_mtxpool.c
kern_mutex.c Annotate Giant with __exclusive_cache_line 2017-09-08 06:46:24 +00:00
kern_ntptime.c ANSIfy kern_ntptime.c 2017-01-25 20:22:32 +00:00
kern_numa.c Remove unneeded include of vm_phys.h. 2017-04-17 16:51:04 +00:00
kern_osd.c
kern_physio.c
kern_pmc.c Cast values to (int) before comparing them to the range of the 2017-02-24 01:39:12 +00:00
kern_poll.c
kern_priv.c
kern_proc.c Annotate global process locks with __exclusive_cache_line 2017-09-08 06:46:02 +00:00
kern_procctl.c reaper: Make REAPER_KILL_SUBTREE actually work. 2016-12-14 22:49:20 +00:00
kern_prot.c Add security.bsd.see_jail_proc 2017-05-23 16:59:24 +00:00
kern_racct.c try to fix RACCT_RSS accounting 2017-02-14 13:54:05 +00:00
kern_rangelock.c
kern_rctl.c
kern_resource.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
kern_rmlock.c Corrected misspelled versions of rendezvous. 2017-04-09 02:00:03 +00:00
kern_rwlock.c Sprinkle __read_frequently on few obvious places. 2017-09-06 20:33:33 +00:00
kern_sdt.c
kern_sema.c
kern_sendfile.c Use soref() in sendfile(2) instead fhold() to reference a socket. 2017-09-13 22:11:05 +00:00
kern_sharedpage.c
kern_shutdown.c Remove some unneeded subroutines for padding writes to dump devices. 2017-08-18 04:07:25 +00:00
kern_sig.c Make it possible to request nosys logging to console. 2017-07-27 20:45:41 +00:00
kern_switch.c Add comments explaining unobvious td_critnest adjustments in 2017-01-22 19:41:42 +00:00
kern_sx.c Sprinkle __read_frequently on few obvious places. 2017-09-06 20:33:33 +00:00
kern_synch.c - Remove 'struct vmmeter' from 'struct pcpu', leaving only global vmmeter 2017-04-17 17:34:47 +00:00
kern_syscalls.c
kern_sysctl.c Enhance debugibility of sysctl leaf re-use warnings 2017-08-27 17:12:30 +00:00
kern_tc.c Add missing pieces of r315280 2017-03-14 22:02:02 +00:00
kern_thr.c Defer ptracestop() signals that cannot be delivered immediately 2017-02-20 15:53:16 +00:00
kern_thread.c Move struct syscall_args syscall arguments parameters container into 2017-06-12 21:03:23 +00:00
kern_time.c Add clock_nanosleep() 2017-03-19 00:51:12 +00:00
kern_timeout.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
kern_umtx.c When the RTC is adjusted, reevaluate absolute sleep times based on the RTC 2017-03-14 19:06:44 +00:00
kern_uuid.c Hint at the intended usage for the "ll" field of struct uuid_private. 2017-06-13 15:37:04 +00:00
kern_xxx.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ksched.c
link_elf_obj.c Reduce stack usage in link_elf_load_file(), allocating struct nameidata. 2017-03-09 00:45:15 +00:00
link_elf.c
linker_if.m
Make.tags.inc
Makefile Don't create pointless backups of generated files in "make sysent". 2016-07-28 21:29:04 +00:00
makesyscalls.sh Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
md4c.c crypto routines: Hint minimum buffer sizes to the compiler 2016-05-26 19:29:29 +00:00
md5c.c crypto routines: Hint minimum buffer sizes to the compiler 2016-05-26 19:29:29 +00:00
msi_if.m
p1003_1b.c
pic_if.m INTRNG: Rework handling with resources. Partially revert r301453. 2016-08-19 10:52:39 +00:00
posix4_mib.c Make p1003_1b.aio_listio_max a tunable 2017-08-08 16:14:31 +00:00
sched_4bsd.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
sched_ule.c move thread switch tracing from mi_switch to sched_switch 2017-03-23 08:57:04 +00:00
serdev_if.m
stack_protector.c
subr_acl_nfs4.c
subr_acl_posix1e.c
subr_autoconf.c Add config_intrhook_oneshot(): schedule an intrhook function and unregister 2017-08-13 18:10:24 +00:00
subr_blist.c Modify blst_leaf_alloc to take only the cursor argument. 2017-09-16 18:12:15 +00:00
subr_bufring.c
subr_bus_dma.c Add CAM/NVMe support for CAM_DATA_SG 2017-08-29 15:29:57 +00:00
subr_bus.c "Buses" is the preferred plural of "bus" 2017-01-15 17:54:01 +00:00
subr_busdma_bufalloc.c
subr_capability.c
subr_clock.c Add common code to support realtime clocks that store year without century. 2017-07-23 21:28:00 +00:00
subr_counter.c Zero return value when counter_rate() switches over to next second and 2016-12-13 20:11:45 +00:00
subr_devmap.c o Replace __riscv__ with __riscv 2017-08-07 14:09:57 +00:00
subr_devstat.c
subr_disk.c
subr_dummy_vdso_tc.c
subr_eventhandler.c
subr_fattime.c
subr_firmware.c Fix improper use of "its". 2016-11-08 23:59:41 +00:00
subr_gtaskqueue.c Fix undeclared identifier error introduced in r323879 2017-09-21 23:27:35 +00:00
subr_hash.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_hints.c
subr_intr.c Fix compile error with option DEBUG. This is fallout from some long-ago 2017-08-16 16:51:55 +00:00
subr_kdb.c
subr_kobj.c - Also outside of the KOBJOPLOOKUP macro - which in turn is used by 2017-05-08 21:08:39 +00:00
subr_lock.c locks: follow up r313386 2017-02-07 16:01:07 +00:00
subr_log.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_mbpool.c
subr_mchain.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_module.c
subr_msgbuf.c
subr_param.c Allow sysctl kern.vm_guest to return bhyve when running under bhyve. 2017-06-08 04:02:14 +00:00
subr_pcpu.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_pctrie.c Make the number of children for pctrie node available outside subr_pctrie.c. 2017-07-27 16:40:14 +00:00
subr_power.c
subr_prf.c kvprintf %b enhancements 2017-07-12 07:30:14 +00:00
subr_prof.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_rman.c
subr_rtc.c Add clock_schedule(), a feature that allows realtime clock drivers to 2017-07-31 01:18:21 +00:00
subr_sbuf.c An off-by-one error exists in sbuf_vprintf()'s use of SBUF_HASROOM() when an 2017-08-18 02:06:28 +00:00
subr_scanf.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
subr_sfbuf.c subr_sfbus.c need sys/proc.h for struct thread definition. 2017-02-07 17:31:24 +00:00
subr_sglist.c Add sglist_append_sglist(). 2017-05-16 23:31:52 +00:00
subr_sleepqueue.c Add missing pieces of r315280 2017-03-14 22:02:02 +00:00
subr_smp.c Improve scheduler performance 2017-08-27 05:14:48 +00:00
subr_stack.c
subr_syscall.c Move struct syscall_args syscall arguments parameters container into 2017-06-12 21:03:23 +00:00
subr_taskqueue.c Add taskqueue_enqueue_timeout_sbt(), because sometimes you want more control 2017-07-31 00:54:50 +00:00
subr_terminal.c Oops, my fix for bright colors broke bright black some more (in cases 2017-03-27 10:48:28 +00:00
subr_trap.c - Remove 'struct vmmeter' from 'struct pcpu', leaving only global vmmeter 2017-04-17 17:34:47 +00:00
subr_turnstile.c Remove unused declaration and update ddb.4 2017-08-24 19:16:25 +00:00
subr_uio.c Simplify UIO_SYSSPACE and UIO_NOCOPY paths in uiomove 2017-07-06 15:03:54 +00:00
subr_unit.c Clean up trailing whitespace 2017-01-14 04:16:13 +00:00
subr_vmem.c Start annotating global _padalign locks with __exclusive_cache_line 2017-09-06 20:28:18 +00:00
subr_witness.c Amend r321884 to check the refcount and update the class with w_mtx held. 2017-08-01 23:14:38 +00:00
sys_capability.c capsicum: perform copyout without the fildesc lock held in sys_cap_ioctls_get 2016-10-21 16:12:23 +00:00
sys_generic.c Fix NULL pointer dereference and panic with shm file pread/pwrite. 2017-03-10 10:09:44 +00:00
sys_pipe.c Generate syscall tables and update pipe() implementation after r302094. 2016-06-22 21:18:19 +00:00
sys_procdesc.c Hide the boottime and bootimebin globals, provide the getboottime(9) 2016-07-27 11:08:59 +00:00
sys_process.c Store a 32-bit PT_LWPINFO struct for 32-bit process core dumps. 2017-06-29 21:31:13 +00:00
sys_socket.c Don't grab SOCK_LOCK for soref() when queuing an AIO request. 2017-08-25 23:10:27 +00:00
syscalls.c Regen. 2017-06-17 00:58:19 +00:00
syscalls.master Add abstime kqueue(2) timers and expand struct kevent members. 2017-06-17 00:57:26 +00:00
systrace_args.c Regen. 2017-06-17 00:58:19 +00:00
sysv_ipc.c
sysv_msg.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
sysv_sem.c Audit arguments to System V IPC system calls implementing sempahores, 2017-03-30 22:26:15 +00:00
sysv_shm.c Audit arguments to System V IPC system calls implementing sempahores, 2017-03-30 22:26:15 +00:00
tty_compat.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
tty_info.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
tty_inq.c Check tty_gone() after allocating IO buffers. The tty lock has to be 2017-01-13 16:37:38 +00:00
tty_outq.c Check tty_gone() after allocating IO buffers. The tty lock has to be 2017-01-13 16:37:38 +00:00
tty_pts.c Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
tty_tty.c
tty_ttydisc.c
tty.c Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
uipc_accf.c Listening sockets improvements. 2017-06-08 21:30:34 +00:00
uipc_debug.c ddb show socket debugging 2017-06-15 04:49:12 +00:00
uipc_domain.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
uipc_mbuf2.c Remove writability requirement for single-mbuf, contiguous-range 2017-01-12 06:38:03 +00:00
uipc_mbuf.c Fix one more place uio_resid is truncated to int 2017-06-27 17:23:20 +00:00
uipc_mbufhash.c
uipc_mqueue.c Correct sysent flags for dynamically loaded syscalls. 2017-07-14 09:34:44 +00:00
uipc_sem.c Audit arguments to POSIX message queues, semaphores, and shared memory. 2017-03-31 13:43:00 +00:00
uipc_shm.c Do not ignore an error from vm_mmap_object(). 2017-06-27 20:12:13 +00:00
uipc_sockbuf.c Third take on the r319685 and r320480. Actually allow for call soisconnected() 2017-08-24 20:49:19 +00:00
uipc_socket.c Fix locking in soisconnected(). 2017-09-14 18:05:54 +00:00
uipc_syscalls.c Listening sockets improvements. 2017-06-08 21:30:34 +00:00
uipc_usrreq.c Fix two issues with not ready data in sockets (read: sendfile) 2017-09-13 16:47:23 +00:00
vfs_acl.c Add system-call argument auditing for ACL-related system calls. 2017-03-30 22:00:58 +00:00
vfs_aio.c Make p1003_1b.aio_listio_max a tunable 2017-08-08 16:14:31 +00:00
vfs_bio.c Continuing efforts to provide hardening of FFS, this change adds a 2017-09-22 12:45:15 +00:00
vfs_cache.c namecache: clean up struct namecache_ts handling 2017-09-10 11:17:32 +00:00
vfs_cluster.c Move bogus_page declaration to vm_page.h and initialization to vm_page.c. 2017-01-04 22:27:19 +00:00
vfs_default.c Only handle _PC_MAX_CANON, _PC_MAX_INPUT, and _PC_VDISABLE for TTY devices. 2017-09-21 23:05:32 +00:00
vfs_export.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
vfs_extattr.c
vfs_hash.c
vfs_init.c Renumber license clauses in sys/kern to avoid skipping #3 2016-09-15 13:16:20 +00:00
vfs_lookup.c Use UMA_ALIGN_PTR instead of sizeof(void *) for zone alignment. 2017-03-15 18:23:32 +00:00
vfs_mount.c Do not vrele() covered vnode under the mp mutex. 2017-09-19 16:49:45 +00:00
vfs_mountroot.c Make root_mount_rel(9) ignore NULL arguments, like it used to before r313351. 2017-09-05 14:32:56 +00:00
vfs_subr.c For unlinked files, do not msync(2) or sync on the vnode deactivation. 2017-09-19 16:46:37 +00:00
vfs_syscalls.c Implement proper Linux /dev/fd and /proc/self/fd behavior by adding 2017-08-01 03:40:19 +00:00
vfs_vnops.c Use whole mnt_stat.f_fsid bits for st_dev. 2017-05-27 17:00:30 +00:00
vnode_if.src For UNIX sockets make vnode point not to the socket, but to the UNIX PCB, 2017-06-02 17:31:25 +00:00