Commit Graph

84 Commits

Author SHA1 Message Date
mckusick
2c9178edde Normally when an attempt is made to mount a UFS/FFS filesystem whose
superblock has a check-hash error, an error message noting the
superblock check-hash failure is printed and the mount fails. The
administrator then runs fsck to repair the filesystem and when
successful, the filesystem can once again be mounted.

This approach fails if the filesystem in question is a root filesystem
from which you are trying to boot. Here, the loader fails when trying
to access the filesystem to get the kernel to boot. So it is necessary
to allow the loader to ignore the superblock check-hash error and make
a best effort to read the kernel. The filesystem may be suffiently
corrupted that the read attempt fails, but there is no harm in trying
since the loader makes no attempt to write to the filesystem.

Once the kernel is loaded and starts to run, it attempts to mount its
root filesystem. Once again, failure means that it breaks to its prompt
to ask where to get its root filesystem. Unless you have an alternate
root filesystem, you are stuck.

Since the root filesystem is initially mounted read-only, it is
safe to make an attempt to mount the root filesystem with the failed
superblock check-hash. Thus, when asked to mount a root filesystem
with a failed superblock check-hash, the kernel prints a warning
message that the root filesystem superblock check-hash needs repair,
but notes that it is ignoring the error and proceeding. It does
mark the filesystem as needing an fsck which prevents it from being
enabled for writing until fsck has been run on it. The net effect
is that the reboot fails to single user, but at least at that point
the administrator has the tools at hand to fix the problem.

Reported by:    Rick Macklem (rmacklem@)
Discussed with: Warner Losh (imp@)
Sponsored by:   Netflix
2018-12-06 00:09:39 +00:00
mckusick
030cd8e907 Fix build break from dump incompatibility I introduced in -r340411
Pointy-hat to: mckusick
2018-11-14 00:21:52 +00:00
glebius
d57682a7ee Plug build break after r340411. 2018-11-13 23:44:27 +00:00
imp
290ff202b2 Revert size limits.
The size limits came from a flawed understanding of dump records.
The real issue was that dump was bogusly interpreting c_count
sometimes. r334978 fixes that.
2018-06-11 20:38:30 +00:00
imp
8834ba64ed Don't initialize c_count. We don't need to. 2018-06-11 19:35:41 +00:00
imp
28ddc27660 Minor style polishing.
Declare c_count and initialize it with other ints.

Reported by: mjg@
2018-06-11 19:32:49 +00:00
db
658ea4391e Large file systems with inodes > 512K have been silently overflowing
c_addr in spcl. So check before we start dumping otherwise we can
end up with a corrupted dump.

PR:		228807
Submitted by:	db
Reviewed by:	imp
Approved by:	imp
2018-06-11 19:12:50 +00:00
mckusick
1727b537ef Ensure proper initialization of superblock.
Submitted by: Diane Bruce
2018-06-07 20:49:01 +00:00
emaste
61bad5ab72 Revert r313780 (UFS_ prefix) 2018-03-17 12:59:55 +00:00
emaste
e23f2eb452 Prefix UFS symbols with UFS_ to reduce namespace pollution
Followup to r313780.  Also prefix ext2's and nandfs's versions with
EXT2_ and NANDFS_.

Reported by:	kib
Reviewed by:	kib, mckusick
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9623
2018-03-17 01:48:27 +00:00
mckusick
f5e73a2c14 Refactoring of reading and writing of the UFS/FFS superblock.
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.

No functional change intended.

Reviewed by: kib
2018-01-26 00:58:32 +00:00
mckusick
a1eb6fa86e In preparation for converting to libufs to read the superblock,
change conflicting function names:

	getino => getinode
	bread => blkread

No functional change.
2017-12-27 22:18:56 +00:00
pfg
872b698bd4 General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
pfg
99c72370d1 sbin: ake use of our rounddown() macro when sys/param.h is available.
No functional change.
2016-05-01 02:24:05 +00:00
pfg
5c1c83ba38 dump: use NULL instead of zero for pointers.
Clean out the casts from calloc(3) while here.
2016-04-19 19:13:33 +00:00
ed
e7e5b53bf1 Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
mckusick
242bd272d9 The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities
include sys/time.h instead of time.h. This include is incorrect as
per the manpages for the APIs and the POSIX definitions. This commit
replaces sys/time.h where necessary with time.h.

The commit also includes some minor style(9) header fixup in newfs.

This commit is part of a larger effort by Garrett Cooper started in
//depot/user/gcooper/posix-conformance-work/ -- to make FreeBSD more
POSIX compliant.

Submitted by:  Garrett Cooper   yanegomi at gmail dot com
2011-01-24 06:17:05 +00:00
delphij
934832db48 Plug two memory leaks in error case.
MFC after:	1 month
2010-02-03 23:56:12 +00:00
mckusick
e0c188cb54 Expand dump to allow MAX_INT dump levels.
PR:           bin/100732
Submitted by: Matthew Vincenz <msvincen@midway.uchicago.edu>
2008-05-24 05:20:46 +00:00
mckusick
af9e967365 When using dump to generate level 0 dumps which are then rsync'ed
to a remote machine, the fact that the dump date is stored with
each header (inode) record makes rsync significantly less efficient
than necessary. This also applies to inode access times when they
are not important data to retain. When implementing an offsite
backup solution of this type, these dates in particular are not
important, especially if it prevents effective offsite backups.

PR:           bin/91049
Submitted by: Forrest W Christian <fwc@mt.net>
2008-05-23 23:13:14 +00:00
ru
83b5d57c41 Make "dump /filesystem" (without options) work.
PR:		docs/84408
MFC after:	3 days
2006-10-12 20:22:31 +00:00
mjacob
2a3041e6c3 If rawname returns NULL, deal with it appropriately.
PR:		94045
Submitted by:	Andrey Elsukov
MFC after:	1 week
2006-08-15 17:53:37 +00:00
imp
edc45448f9 'r' disk devices no longer exist, so don't try to create a pathname
that has an 'r' in it.

This also eliminates a bogus use of strlcat.
PR: 80064
2005-04-18 15:08:29 +00:00
ru
719be5d341 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 09:19:34 +00:00
wes
bb68fc2b6e Improved error checking for existence of a .snap directory to
generate snapshots in when -L is requested.  If the .snap directory
does not exist, or is not a directory, issue a warning and revert
to the non- live behavior.

Obtained from:	St. Bernard Software RAPID
2005-01-21 22:13:25 +00:00
green
581462d465 Add -P arguments for dump(8) and restore(8) which allow the user to
use backup methods other than files and tapes.  The -P argument is
a normal sh(1) pipeline with either $DUMP_VOLUME or $RESTORE_VOLUME
defined in the environment, respectively.

For example, I can back up my home to three DVD+R[W]s as so:
Filesystem  1K-blocks     Used    Avail Capacity  Mounted on
/dev/ad0s2e  40028550 10093140 26733126    27%    /home
green# dump -0 -L -C16 -B4589840 -P 'growisofs -Z /dev/cd0=/dev/fd/0' /home
2004-04-13 02:58:06 +00:00
green
92223ccc32 Improve the warnings for dump -L and do not bother doing the snapshot if
it is specified for read-only filesystems.

Submitted by:   Jason Young <jyoung8607@hotmail.com>
PR:     46672
2004-04-12 20:19:32 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
iedowse
6fde69b7d1 Define _PATH_MKSNAP_FFS and use it in dump(8) instead of assuming
that mksnap_ffs(8) can be found using the current $PATH.

Reviewed by:	mckusick
2004-01-04 17:17:46 +00:00
mckusick
afa1411453 Convert the live dump command (`dump -L') to use mksnap_ffs instead
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.

Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
2003-11-16 08:01:58 +00:00
johan
58da18523c Make this WARNS=2 clean by
- using (intmax_t) and %j
	- giving a non-empty format string to msg()

Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.

Tested by:	make universe
2003-11-14 13:07:38 +00:00
mckusick
2e1c393dfc Dump is hard-wired to believe that it can read disks on
1024-byte boundaries. For many years this was a reasonable
assumption. However, in recent years we have begun seeing
devices with 2048-byte sectors. These devices return errors
when dump tries to read starting in the middle of a sector
or when it tries to read only the first half of a sector.
Rather than change the native block size used by dump (and
thus create an incompatible dump format), this fix checks
for transfer requests that start and/or end on a non-sector
boundary. When such a read is detected, the new code reads
the entire sector and copies out just the part that dump
needs.

Reviewed by:	Poul-Henning Kamp <phk@critter.freebsd.dk>
Approved by:	re (John Baldwin <jhb@FreeBSD.org>)
Sponsored by:   DARPA & NAI Labs.
2003-05-07 18:27:09 +00:00
ru
f3e97543a1 Removed all vestiges of KerberosIV. 2003-05-01 21:18:36 +00:00
markm
4a635f887e De-Kerberise (KerberosIV). KerberosIV is no longer present, and
remote backups can still be done with Kerberos authentication using
SSH and Kerberos 5.
2003-05-01 20:09:58 +00:00
mdodd
02e573828b Avoid a name conflict with future functionality:
getfstab() -> dump_getfstab()
2003-04-07 11:34:12 +00:00
ru
8a2a909130 Sort options. 2003-02-23 01:50:07 +00:00
dillon
79dea7cf70 really, this time for sure. Fix formatting in usage(). 2003-01-13 19:58:05 +00:00
dillon
f496e8e19a Grr. I keep forgetting things. Include -C in dump's usage() . 2003-01-13 19:56:03 +00:00
dillon
e68d7b787c Add support for obsolete option form for -C 2003-01-13 19:50:46 +00:00
dillon
5b697ad7ba Add a caching option to dump. Use -C. Note that NetBSD has a caching option
called -r but it takes 512 byte blocks instead of megabytes, and I felt a
megabytes specification would be far more useful so I did not use the same
option character.

This will *greatly* improve dump performance at the cost of possibly
missing filesystem changes that occur between passes, and does a fairly
good job making up for the loss of buffered block devices.  Caching is disabled
by default to retain historical behavior.

In tests, dump performance improved by about 40% when dumping / or /usr.

Beware that dump forks and the cache may wind up being larger then you
specify, but a more complex shared memory implementation would not produce
results that are all that much better so I kept it simple for now.

MFC after:	3 days
2003-01-13 19:42:41 +00:00
mckusick
ea268a7016 Add the `L' option to dump to notify it that it is dumping a
live filesystem. To obtain a consistent dump image, dump takes
a snapshot of the filesystem and then does a dump of the snapshot.
The snapshot is removed when the dump is complete.

Also add an operator warning that the `L' option should be used
if dump is run on a live filesystem without the `L' option being
specified. The alternative would be to silently use a snapshot
any time that a live filesystem is dumped, but this change in
dump semantics seemed too drastic at this time.

Sponsored by:   DARPA & NAI Labs.
Approved by:	re
2002-12-03 18:21:09 +00:00
mckusick
9251693096 Create a new 32-bit fs_flags word in the superblock. Add code to move
the old 8-bit fs_old_flags to the new location the first time that the
filesystem is mounted by a new kernel. One of the unused flags in
fs_old_flags is used to indicate that the flags have been moved.
Leave the fs_old_flags word intact so that it will work properly if
used on an old kernel.

Change the fs_sblockloc superblock location field to be in units
of bytes instead of in units of filesystem fragments. The old units
did not work properly when the fragment size exceeeded the superblock
size (8192). Update old fs_sblockloc values at the same time that
the flags are moved.

Suggested by:	BOUWSMA Barry <freebsd-misuser@netscum.dyndns.dk>
Sponsored by:   DARPA & NAI Labs.
2002-11-27 02:18:58 +00:00
bde
810d5e3a0b Changed "file system" back to "filesystem" in the usage message. English
rules don't apply to tokens that are supposed to represent single args.
This was only fixed in the man page.

Fixed other differences between the man page and the usage message (1
formatting bug and 1 syntax bug).
2002-10-01 13:44:15 +00:00
mike
86a758e51b Use the standardized CHAR_BIT constant instead of NBBY in userland. 2002-09-25 04:06:37 +00:00
trhodes
136be46680 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
iedowse
40ca2ecbc9 Replace the use of %qd with intmax_t/%jd and fix a number of -Wall
and -Wformat warnings:
 o Include timeconv.h for the time conversion functions.
 o Remove unused variables.
 o Correct a few cases where %d was used when printing longs.
2002-07-08 00:29:23 +00:00
mckusick
88d85c15ef This commit adds basic support for the UFS2 filesystem. The UFS2
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.

Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.

Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).

Sponsored by: DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@freebsd.org>
2002-06-21 06:18:05 +00:00
trhodes
896f3841bf more file system > filesystem 2002-05-16 04:10:46 +00:00
phk
b9045b7d53 Sigh, more BBSIZE related breakage.
Sponsored by:	DARPA & NAI Labs.
2002-05-12 21:37:08 +00:00