2017-11-27 15:37:16 +00:00
|
|
|
/*-
|
|
|
|
|
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
|
|
|
|
|
*
|
2001-07-09 10:35:18 +00:00
|
|
|
* Copyright (C) 1995, 1997 Wolfgang Solfrank
|
|
|
|
|
* Copyright (c) 1995 Martin Husemann
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
|
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
#ifndef lint
|
2020-02-02 20:53:31 +00:00
|
|
|
__RCSID("$NetBSD: boot.c,v 1.22 2020/01/11 16:29:07 christos Exp $");
|
2001-07-09 10:35:18 +00:00
|
|
|
static const char rcsid[] =
|
|
|
|
|
"$FreeBSD$";
|
|
|
|
|
#endif /* not lint */
|
|
|
|
|
|
2019-08-26 06:41:17 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
|
|
|
|
|
#include <stdint.h>
|
2001-07-09 10:35:18 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
#include "ext.h"
|
|
|
|
|
#include "fsutil.h"
|
|
|
|
|
|
|
|
|
|
int
|
2010-02-14 12:30:30 +00:00
|
|
|
readboot(int dosfs, struct bootblock *boot)
|
2001-07-09 10:35:18 +00:00
|
|
|
{
|
|
|
|
|
u_char block[DOSBOOTBLOCKSIZE];
|
|
|
|
|
u_char fsinfo[2 * DOSBOOTBLOCKSIZE];
|
|
|
|
|
int ret = FSOK;
|
2019-06-15 06:51:46 +00:00
|
|
|
|
2012-10-21 12:01:19 +00:00
|
|
|
if ((size_t)read(dosfs, block, sizeof block) != sizeof block) {
|
2012-10-21 12:01:11 +00:00
|
|
|
perr("could not read boot block");
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (block[510] != 0x55 || block[511] != 0xaa) {
|
2010-06-20 09:40:54 +00:00
|
|
|
pfatal("Invalid signature in boot block: %02x%02x",
|
|
|
|
|
block[511], block[510]);
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(boot, 0, sizeof *boot);
|
|
|
|
|
boot->ValidFat = -1;
|
|
|
|
|
|
2019-08-26 06:41:17 +00:00
|
|
|
/* Decode BIOS Parameter Block */
|
|
|
|
|
|
|
|
|
|
/* Bytes per sector: can only be 512, 1024, 2048 and 4096. */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbBytesPerSec = block[11] + (block[12] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbBytesPerSec < DOSBOOTBLOCKSIZE_REAL ||
|
|
|
|
|
boot->bpbBytesPerSec > DOSBOOTBLOCKSIZE ||
|
|
|
|
|
!powerof2(boot->bpbBytesPerSec)) {
|
|
|
|
|
pfatal("Invalid sector size: %u", boot->bpbBytesPerSec);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Sectors per cluster: can only be: 1, 2, 4, 8, 16, 32, 64, 128. */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbSecPerClust = block[13];
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbSecPerClust == 0 || !powerof2(boot->bpbSecPerClust)) {
|
|
|
|
|
pfatal("Invalid cluster size: %u", boot->bpbSecPerClust);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Reserved sectors: must be non-zero */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbResSectors = block[14] + (block[15] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbResSectors < 1) {
|
|
|
|
|
pfatal("Invalid reserved sectors: %u",
|
|
|
|
|
boot->bpbResSectors);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Number of FATs */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbFATs = block[16];
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbFATs == 0) {
|
|
|
|
|
pfatal("Invalid number of FATs: %u", boot->bpbFATs);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Root directory entries for FAT12 and FAT16 */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbRootDirEnts = block[17] + (block[18] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (!boot->bpbRootDirEnts) {
|
|
|
|
|
/* bpbRootDirEnts = 0 suggests that we are FAT32 */
|
|
|
|
|
boot->flags |= FAT32;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Total sectors (16 bits) */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbSectors = block[19] + (block[20] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbSectors != 0 && (boot->flags & FAT32)) {
|
|
|
|
|
pfatal("Invalid 16-bit total sector count on FAT32: %u",
|
|
|
|
|
boot->bpbSectors);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Media type: ignored */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbMedia = block[21];
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/* FAT12/FAT16: 16-bit count of sectors per FAT */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbFATsmall = block[22] + (block[23] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbFATsmall != 0 && (boot->flags & FAT32)) {
|
|
|
|
|
pfatal("Invalid 16-bit FAT sector count on FAT32: %u",
|
|
|
|
|
boot->bpbFATsmall);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Legacy CHS geometry numbers: ignored */
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->SecPerTrack = block[24] + (block[25] << 8);
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbHeads = block[26] + (block[27] << 8);
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/* Hidden sectors: ignored */
|
2010-06-20 09:40:54 +00:00
|
|
|
boot->bpbHiddenSecs = block[28] + (block[29] << 8) +
|
|
|
|
|
(block[30] << 16) + (block[31] << 24);
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/* Total sectors (32 bits) */
|
2010-06-20 09:40:54 +00:00
|
|
|
boot->bpbHugeSectors = block[32] + (block[33] << 8) +
|
|
|
|
|
(block[34] << 16) + (block[35] << 24);
|
2019-08-26 06:41:17 +00:00
|
|
|
if (boot->bpbHugeSectors == 0) {
|
|
|
|
|
if (boot->flags & FAT32) {
|
|
|
|
|
pfatal("FAT32 with sector count of zero");
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
} else if (boot->bpbSectors == 0) {
|
|
|
|
|
pfatal("FAT with sector count of zero");
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
boot->NumSectors = boot->bpbSectors;
|
|
|
|
|
} else {
|
|
|
|
|
if (boot->bpbSectors != 0) {
|
|
|
|
|
pfatal("Invalid FAT sector count");
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
boot->NumSectors = boot->bpbHugeSectors;
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-09 10:35:18 +00:00
|
|
|
if (boot->flags & FAT32) {
|
2019-08-26 06:41:17 +00:00
|
|
|
/* If the OEM Name field is EXFAT, it's not FAT32, so bail */
|
|
|
|
|
if (!memcmp(&block[3], "EXFAT ", 8)) {
|
|
|
|
|
pfatal("exFAT filesystem is not supported.");
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* 32-bit count of sectors per FAT */
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->FATsecs = block[36] + (block[37] << 8)
|
|
|
|
|
+ (block[38] << 16) + (block[39] << 24);
|
2019-08-26 06:41:17 +00:00
|
|
|
|
2001-07-09 10:35:18 +00:00
|
|
|
if (block[40] & 0x80)
|
|
|
|
|
boot->ValidFat = block[40] & 0x0f;
|
|
|
|
|
|
2019-08-26 06:41:17 +00:00
|
|
|
/* FAT32 version, bail out if not 0.0 */
|
2001-07-09 10:35:18 +00:00
|
|
|
if (block[42] || block[43]) {
|
2002-08-21 18:11:48 +00:00
|
|
|
pfatal("Unknown file system version: %x.%x",
|
2001-07-09 10:35:18 +00:00
|
|
|
block[43], block[42]);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Cluster number of the first cluster of root directory.
|
|
|
|
|
*
|
|
|
|
|
* Should be 2 but do not require it.
|
|
|
|
|
*/
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbRootClust = block[44] + (block[45] << 8)
|
2001-07-09 10:35:18 +00:00
|
|
|
+ (block[46] << 16) + (block[47] << 24);
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/* Sector number of the FSInfo structure, usually 1 */
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbFSInfo = block[48] + (block[49] << 8);
|
2001-07-09 10:35:18 +00:00
|
|
|
|
2019-08-26 06:41:17 +00:00
|
|
|
/* Sector number of the backup boot block, ignored */
|
|
|
|
|
boot->bpbBackup = block[50] + (block[51] << 8);
|
2018-06-27 06:49:20 +00:00
|
|
|
|
2019-08-26 06:41:17 +00:00
|
|
|
/* Check basic parameters */
|
|
|
|
|
if (boot->bpbFSInfo == 0) {
|
2018-06-27 06:49:20 +00:00
|
|
|
/*
|
|
|
|
|
* Either the BIOS Parameter Block has been corrupted,
|
|
|
|
|
* or this is not a FAT32 filesystem, most likely an
|
|
|
|
|
* exFAT filesystem.
|
|
|
|
|
*/
|
|
|
|
|
pfatal("Invalid FAT32 Extended BIOS Parameter Block");
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
2019-08-26 06:41:17 +00:00
|
|
|
|
|
|
|
|
/* Read in and verify the FSInfo block */
|
2010-06-20 09:40:54 +00:00
|
|
|
if (lseek(dosfs, boot->bpbFSInfo * boot->bpbBytesPerSec,
|
|
|
|
|
SEEK_SET) != boot->bpbFSInfo * boot->bpbBytesPerSec
|
|
|
|
|
|| read(dosfs, fsinfo, sizeof fsinfo) != sizeof fsinfo) {
|
2012-10-21 12:01:11 +00:00
|
|
|
perr("could not read fsinfo block");
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
if (memcmp(fsinfo, "RRaA", 4)
|
|
|
|
|
|| memcmp(fsinfo + 0x1e4, "rrAa", 4)
|
|
|
|
|
|| fsinfo[0x1fc]
|
|
|
|
|
|| fsinfo[0x1fd]
|
|
|
|
|
|| fsinfo[0x1fe] != 0x55
|
|
|
|
|
|| fsinfo[0x1ff] != 0xaa
|
|
|
|
|
|| fsinfo[0x3fc]
|
|
|
|
|
|| fsinfo[0x3fd]
|
|
|
|
|
|| fsinfo[0x3fe] != 0x55
|
|
|
|
|
|| fsinfo[0x3ff] != 0xaa) {
|
2008-01-31 13:16:29 +00:00
|
|
|
pwarn("Invalid signature in fsinfo block\n");
|
|
|
|
|
if (ask(0, "Fix")) {
|
2001-07-09 10:35:18 +00:00
|
|
|
memcpy(fsinfo, "RRaA", 4);
|
|
|
|
|
memcpy(fsinfo + 0x1e4, "rrAa", 4);
|
|
|
|
|
fsinfo[0x1fc] = fsinfo[0x1fd] = 0;
|
|
|
|
|
fsinfo[0x1fe] = 0x55;
|
|
|
|
|
fsinfo[0x1ff] = 0xaa;
|
|
|
|
|
fsinfo[0x3fc] = fsinfo[0x3fd] = 0;
|
|
|
|
|
fsinfo[0x3fe] = 0x55;
|
|
|
|
|
fsinfo[0x3ff] = 0xaa;
|
2010-06-20 09:40:54 +00:00
|
|
|
if (lseek(dosfs, boot->bpbFSInfo *
|
|
|
|
|
boot->bpbBytesPerSec, SEEK_SET)
|
2010-02-14 12:31:28 +00:00
|
|
|
!= boot->bpbFSInfo * boot->bpbBytesPerSec
|
2001-07-09 10:35:18 +00:00
|
|
|
|| write(dosfs, fsinfo, sizeof fsinfo)
|
|
|
|
|
!= sizeof fsinfo) {
|
2012-10-21 12:01:11 +00:00
|
|
|
perr("Unable to write bpbFSInfo");
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
ret = FSBOOTMOD;
|
|
|
|
|
} else
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->bpbFSInfo = 0;
|
2019-08-26 06:41:17 +00:00
|
|
|
} else {
|
|
|
|
|
/* We appear to have a valid FSInfo block, decode */
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->FSFree = fsinfo[0x1e8] + (fsinfo[0x1e9] << 8)
|
|
|
|
|
+ (fsinfo[0x1ea] << 16)
|
|
|
|
|
+ (fsinfo[0x1eb] << 24);
|
|
|
|
|
boot->FSNext = fsinfo[0x1ec] + (fsinfo[0x1ed] << 8)
|
|
|
|
|
+ (fsinfo[0x1ee] << 16)
|
|
|
|
|
+ (fsinfo[0x1ef] << 24);
|
|
|
|
|
}
|
2019-08-26 06:41:17 +00:00
|
|
|
} else {
|
|
|
|
|
/* !FAT32: FAT12/FAT16 */
|
|
|
|
|
boot->FATsecs = boot->bpbFATsmall;
|
2001-07-09 10:35:18 +00:00
|
|
|
}
|
|
|
|
|
|
2020-01-11 03:59:06 +00:00
|
|
|
if (boot->FATsecs < 1 || boot->FATsecs > UINT32_MAX / boot->bpbFATs) {
|
2019-08-26 06:41:17 +00:00
|
|
|
pfatal("Invalid FATs(%u) with FATsecs(%zu)",
|
|
|
|
|
boot->bpbFATs, (size_t)boot->FATsecs);
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
2019-08-26 06:41:17 +00:00
|
|
|
|
2019-09-15 19:41:54 +00:00
|
|
|
boot->FirstCluster = (boot->bpbRootDirEnts * 32 +
|
2018-06-26 06:18:59 +00:00
|
|
|
boot->bpbBytesPerSec - 1) / boot->bpbBytesPerSec +
|
2019-09-15 19:41:54 +00:00
|
|
|
boot->bpbResSectors + boot->bpbFATs * boot->FATsecs;
|
|
|
|
|
|
|
|
|
|
if (boot->FirstCluster + boot->bpbSecPerClust > boot->NumSectors) {
|
|
|
|
|
pfatal("Cluster offset too large (%u clusters)\n",
|
|
|
|
|
boot->FirstCluster);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-11 17:41:20 +00:00
|
|
|
/*
|
2020-02-02 20:53:31 +00:00
|
|
|
* The number of clusters is derived from available data sectors,
|
|
|
|
|
* divided by sectors per cluster.
|
2020-01-11 17:41:20 +00:00
|
|
|
*/
|
2020-02-02 20:53:31 +00:00
|
|
|
boot->NumClusters =
|
|
|
|
|
(boot->NumSectors - boot->FirstCluster) / boot->bpbSecPerClust;
|
2001-07-09 10:35:18 +00:00
|
|
|
|
Reduce memory footprint of fsck_msdosfs.
This is a re-apply r356249 with changes to make GCC happy.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.
With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.
Address this by taking a different approach of validating the FAT.
The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.
We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.
When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.
As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.
sbin/fsck_msdosfs/boot.c:
- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.
sbin/fsck_msdosfs/check.c:
- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.
sbin/fsck_msdosfs/dir.c:
- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).
sbin/fsck_msdosfs/dosfs.h:
- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.
sbin/fsck_msdosfs/ext.h:
- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.
sbin/fsck_msdosfs/fat.c:
- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.
sbin/fsck_msdosfs/fat.c:
- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().
Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965
2020-01-03 00:31:48 +00:00
|
|
|
if (boot->flags & FAT32) {
|
|
|
|
|
if (boot->NumClusters > (CLUST_RSRVD & CLUST32_MASK)) {
|
|
|
|
|
pfatal("Filesystem too big (%u clusters) for FAT32 partition",
|
|
|
|
|
boot->NumClusters);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
if (boot->NumClusters < (CLUST_RSRVD & CLUST16_MASK)) {
|
|
|
|
|
pfatal("Filesystem too small (%u clusters) for FAT32 partition",
|
|
|
|
|
boot->NumClusters);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->ClustMask = CLUST32_MASK;
|
Reduce memory footprint of fsck_msdosfs.
This is a re-apply r356249 with changes to make GCC happy.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.
With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.
Address this by taking a different approach of validating the FAT.
The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.
We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.
When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.
As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.
sbin/fsck_msdosfs/boot.c:
- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.
sbin/fsck_msdosfs/check.c:
- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.
sbin/fsck_msdosfs/dir.c:
- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).
sbin/fsck_msdosfs/dosfs.h:
- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.
sbin/fsck_msdosfs/ext.h:
- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.
sbin/fsck_msdosfs/fat.c:
- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.
sbin/fsck_msdosfs/fat.c:
- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().
Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965
2020-01-03 00:31:48 +00:00
|
|
|
|
|
|
|
|
if (boot->bpbRootClust < CLUST_FIRST ||
|
|
|
|
|
boot->bpbRootClust >= boot->NumClusters) {
|
|
|
|
|
pfatal("Root directory starts with cluster out of range(%u)",
|
|
|
|
|
boot->bpbRootClust);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
} else if (boot->NumClusters < (CLUST_RSRVD&CLUST12_MASK)) {
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->ClustMask = CLUST12_MASK;
|
Reduce memory footprint of fsck_msdosfs.
This is a re-apply r356249 with changes to make GCC happy.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.
With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.
Address this by taking a different approach of validating the FAT.
The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.
We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.
When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.
As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.
sbin/fsck_msdosfs/boot.c:
- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.
sbin/fsck_msdosfs/check.c:
- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.
sbin/fsck_msdosfs/dir.c:
- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).
sbin/fsck_msdosfs/dosfs.h:
- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.
sbin/fsck_msdosfs/ext.h:
- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.
sbin/fsck_msdosfs/fat.c:
- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.
sbin/fsck_msdosfs/fat.c:
- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().
Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965
2020-01-03 00:31:48 +00:00
|
|
|
} else if (boot->NumClusters < (CLUST_RSRVD&CLUST16_MASK)) {
|
2001-07-09 10:35:18 +00:00
|
|
|
boot->ClustMask = CLUST16_MASK;
|
Reduce memory footprint of fsck_msdosfs.
This is a re-apply r356249 with changes to make GCC happy.
This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.
With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.
Address this by taking a different approach of validating the FAT.
The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.
We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.
When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.
As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.
sbin/fsck_msdosfs/boot.c:
- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.
sbin/fsck_msdosfs/check.c:
- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.
sbin/fsck_msdosfs/dir.c:
- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).
sbin/fsck_msdosfs/dosfs.h:
- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.
sbin/fsck_msdosfs/ext.h:
- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.
sbin/fsck_msdosfs/fat.c:
- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.
sbin/fsck_msdosfs/fat.c:
- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().
Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965
2020-01-03 00:31:48 +00:00
|
|
|
} else {
|
2001-07-09 10:35:18 +00:00
|
|
|
pfatal("Filesystem too big (%u clusters) for non-FAT32 partition",
|
|
|
|
|
boot->NumClusters);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (boot->ClustMask) {
|
|
|
|
|
case CLUST32_MASK:
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->NumFatEntries = (boot->FATsecs * boot->bpbBytesPerSec) / 4;
|
2001-07-09 10:35:18 +00:00
|
|
|
break;
|
|
|
|
|
case CLUST16_MASK:
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->NumFatEntries = (boot->FATsecs * boot->bpbBytesPerSec) / 2;
|
2001-07-09 10:35:18 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->NumFatEntries = (boot->FATsecs * boot->bpbBytesPerSec * 2) / 3;
|
2001-07-09 10:35:18 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-11 17:41:20 +00:00
|
|
|
if (boot->NumFatEntries < boot->NumClusters) {
|
2001-07-09 10:35:18 +00:00
|
|
|
pfatal("FAT size too small, %u entries won't fit into %u sectors\n",
|
|
|
|
|
boot->NumClusters, boot->FATsecs);
|
|
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
2020-01-11 17:41:20 +00:00
|
|
|
|
|
|
|
|
/*
|
2020-02-02 20:53:31 +00:00
|
|
|
* There are two reserved clusters. To avoid adding CLUST_FIRST every
|
|
|
|
|
* time we perform boundary checks, we increment the NumClusters by 2,
|
2020-01-11 17:41:20 +00:00
|
|
|
* which is CLUST_FIRST to denote the first out-of-range cluster number.
|
|
|
|
|
*/
|
|
|
|
|
boot->NumClusters += CLUST_FIRST;
|
|
|
|
|
|
2010-02-14 12:31:28 +00:00
|
|
|
boot->ClusterSize = boot->bpbBytesPerSec * boot->bpbSecPerClust;
|
2001-07-09 10:35:18 +00:00
|
|
|
|
|
|
|
|
boot->NumFiles = 1;
|
|
|
|
|
boot->NumFree = 0;
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2010-02-14 12:30:30 +00:00
|
|
|
writefsinfo(int dosfs, struct bootblock *boot)
|
2001-07-09 10:35:18 +00:00
|
|
|
{
|
|
|
|
|
u_char fsinfo[2 * DOSBOOTBLOCKSIZE];
|
|
|
|
|
|
2010-02-14 12:31:28 +00:00
|
|
|
if (lseek(dosfs, boot->bpbFSInfo * boot->bpbBytesPerSec, SEEK_SET)
|
|
|
|
|
!= boot->bpbFSInfo * boot->bpbBytesPerSec
|
2001-07-09 10:35:18 +00:00
|
|
|
|| read(dosfs, fsinfo, sizeof fsinfo) != sizeof fsinfo) {
|
2012-10-21 12:01:11 +00:00
|
|
|
perr("could not read fsinfo block");
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
fsinfo[0x1e8] = (u_char)boot->FSFree;
|
|
|
|
|
fsinfo[0x1e9] = (u_char)(boot->FSFree >> 8);
|
|
|
|
|
fsinfo[0x1ea] = (u_char)(boot->FSFree >> 16);
|
|
|
|
|
fsinfo[0x1eb] = (u_char)(boot->FSFree >> 24);
|
|
|
|
|
fsinfo[0x1ec] = (u_char)boot->FSNext;
|
|
|
|
|
fsinfo[0x1ed] = (u_char)(boot->FSNext >> 8);
|
|
|
|
|
fsinfo[0x1ee] = (u_char)(boot->FSNext >> 16);
|
|
|
|
|
fsinfo[0x1ef] = (u_char)(boot->FSNext >> 24);
|
2010-02-14 12:31:28 +00:00
|
|
|
if (lseek(dosfs, boot->bpbFSInfo * boot->bpbBytesPerSec, SEEK_SET)
|
|
|
|
|
!= boot->bpbFSInfo * boot->bpbBytesPerSec
|
2001-07-09 10:35:18 +00:00
|
|
|
|| write(dosfs, fsinfo, sizeof fsinfo)
|
|
|
|
|
!= sizeof fsinfo) {
|
2012-10-21 12:01:11 +00:00
|
|
|
perr("Unable to write bpbFSInfo");
|
2001-07-09 10:35:18 +00:00
|
|
|
return FSFATAL;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Technically, we should return FSBOOTMOD here.
|
|
|
|
|
*
|
|
|
|
|
* However, since Win95 OSR2 (the first M$ OS that has
|
|
|
|
|
* support for FAT32) doesn't maintain the FSINFO block
|
|
|
|
|
* correctly, it has to be fixed pretty often.
|
|
|
|
|
*
|
2020-01-11 04:02:40 +00:00
|
|
|
* Therefore, we handle the FSINFO block only informally,
|
2004-04-20 11:41:57 +00:00
|
|
|
* fixing it if necessary, but otherwise ignoring the
|
2001-07-09 10:35:18 +00:00
|
|
|
* fact that it was incorrect.
|
|
|
|
|
*/
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
