Commit Graph

82 Commits

Author SHA1 Message Date
iedowse
1904591561 Fsck_ffs did not properly range-check the inode 'di_size'
field, so it was possible for a filesystem marked clean by fsck_ffs
to cause kernel crashes later when mounted. This could occur when
fsck_ffs was used to repair a badly corrupted filesystem.

As pointed out by bde, it is not sufficient to restrict di_size to
just the superblock fs_maxfilesize limit. The use of 32-bit logical
block numbers (both in fsck and the kernel) induces another file
size limit which is usually lower than fs_maxfilesize. Also, the
old 4.3BSD filesystem does not have fs_maxfilesize initialised.

Following this change, fsck_ffs will enforce exactly the same
file size limits as are used by the kernel.

PR:		kern/15065
Discussed with:	bde
Reviewed by:	bde, mckusick
2001-01-31 15:16:56 +00:00
iedowse
5cc8ff22fa The ffs superblock includes a 128-byte region for use by temporary
in-core pointers to summary information. An array in this region
(fs_csp) could overflow on filesystems with a very large number of
cylinder groups (~16000 on i386 with 8k blocks). When this happens,
other fields in the superblock get corrupted, and fsck refuses to
check the filesystem.

Solve this problem by replacing the fs_csp array in 'struct fs'
with a single pointer, and add padding to keep the length of the
128-byte region fixed. Update the kernel and userland utilities
to use just this single pointer.

With this change, the kernel no longer makes use of the superblock
fields 'fs_csshift' and 'fs_csmask'. Add a comment to newfs/mkfs.c
to indicate that these fields must be calculated for compatibility
with older kernels.

Reviewed by:	mckusick
2001-01-15 18:30:40 +00:00
iedowse
05f978a26a Document fsck_ffs's new SIGINFO handler.
Reviewed by:	sheldonh
2001-01-03 13:53:48 +00:00
phk
c5b98ef61d Add a missing period and newline to a message.
PR:	23334
Submitted by:	Rich Morin <rdm@cfcl.com>
2000-12-18 21:14:25 +00:00
ru
7fe8bd2b88 Prepare for mdoc(7)NG. 2000-12-18 15:16:24 +00:00
iedowse
3e3c84c80c Add a simple SIGINFO handler to fsck_ffs. Shortly after receipt of
a SIGINFO (normally via Ctrl-T), a line will be output indicating
the current phase number and progress information relevant to the
current phase.

Approved by:	mckusick
2000-12-15 14:23:55 +00:00
tomsoft
a11b7b009a added growfs(8) including ffsinfo(8) to the freebsd base system
Reviewed by:	 grog
2000-12-09 15:27:35 +00:00
ru
ea31070695 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
adrian
c1572ba8f4 .. forgot a ; at the end of the $FreeBSD$ string. How did I actually forget
this? :-)

It builds again.
2000-10-09 09:42:51 +00:00
adrian
a8492d4f89 Some missed magic in the fsck wrapper commit which is required by other
utilities which use bits of fsck_ffs - namely quotacheck and fsdb.
In depth, utilities.c contains blockcheck() which is needed by both,
but also a slew of routines which require bits of the FFS code to be
compiled in. This breaks the fs-specific and non-fs-specific code
up into two files (well, blockcheck() is the only routine in utilities.c,
that'll change later) which makes building fsck_ffs, quotacheck and
fsdb work yet again.

(You won't find commits to fsdb and quotacheck here before I haven't
committed the post-fsck-wrappers version of them yet.)
2000-10-09 09:21:04 +00:00
adrian
336dc694cc Reviewed by: rwatson, bp
Approved by:	rwatson
Obtained from:	NetBSD-current source tree

The beginnings of the fsck wrappers stuff from NetBSD. This particular commit
brings a newly repo-copied sbin/fsck_ffs/ (from sbin/fsck/) into fsck wrappers
mode.

A quick overview (the code reflects this):

* Documentation changed to reflect fsck_ffs instead of fsck
* Simply acts on a single filesystem, doesn't try to do any multiple filesystem
  magic - this is done by the fsck wrappers now

And then specific to fsck_ffs:

* link to /sbin/fsck_4.2bsd and /sbin/fsck_ufs. This is because right now
  the filesystem is of type ufs not ffs, and that during autodetection the
  labeltype rather than the VFS type is used - this is because when doing
  an autodetection of filesystem type in the fsck wrapper program, it does
  not have any link between label type (4.2bsd, vinum, etc) and VFS string.

Note that this shouldn't break a build since the required buildworld Makefile
magic and import of the fsck wrapper code into src/sbin/fsck/ will happen
in a seperate commit.
2000-10-09 08:26:35 +00:00
kris
41cfb7f781 Format string fix. 2000-10-06 23:24:45 +00:00
mckusick
281c060000 If the lost+found directory is created by fsck, it will do a cacheino()
which sets the inoinfo's i_parent and i_dotdot to 0, but they never get
set to ROOTINO. This means that propagate will never find lost+found and
its descendents, subdirectories will remain DSTATE (instead of DFOUND)
even though they *are* correctly linked in, and pass4.c will try to
clear them unsuccessfully, thinking that there is no link count from the
DSTATE directory's parent. The result is that you need to run fsck twice
and get link count increasing errors (which are unexpected and fatal
when running in preen mode). The fix is to set i_parent and i_dotdot to
"parent" after the second cacheino() call in dir.c:allocdir().

Obtained from:	"Ethan Solomita" <ethan@geocast.com> (of the NetBSD Project)
2000-07-24 19:50:20 +00:00
mckusick
a40b145d3c Make a tighter test for valid inode numbers in getnextinode(). 2000-07-15 18:28:36 +00:00
mckusick
64fa502890 Ensure that block and character devices as well as fifo's and sockets
all have zero length. A non-zero length panic's the kernel when one
of these is deleted.

PR:		19426
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
Reviewed by:	dwmalone@FreeBSD.org
2000-07-12 06:19:22 +00:00
mckusick
61ae57db56 Teach fsck about snapshot files. These changes should have no
effect on operation of fsck on filesystems without snapshots.
If you get compilation errors, be sure that you have copies of
/usr/include/sys/mount.h (1.94), /usr/include/sys/stat.h (1.21),
and /usr/include/ufs/ffs/fs.h (1.16) as of July 4, 2000 or later.
2000-07-06 02:03:11 +00:00
mckusick
bd94887961 Yesterday I had to fix a badly broken disk, and found that fsck kept dying:
DIR I=64512 CONNECTED. PARENT WAS I=4032
  fsck: cannot find inode 995904

fsdb found the inodes with no problem:

  fsdb (inum: 64512)> inode 995904
  current inode: directory
  I=995904 MODE=40777 SIZE=512
        MTIME=Feb 14 15:27:07 2000 [0 nsec]
        CTIME=Feb 14 15:27:07 2000 [0 nsec]
        ATIME=Feb 24 10:31:58 2000 [0 nsec]
  OWNER=nobody GRP=nobody LINKCNT=4 FLAGS=0 BLKCNT=2 GEN=38a41386
  Direct blocks: 8094568 0 0 0 0 0 0 0 0 0 0 0
  Indirect blocks:  0 0 0

The problem turns out to be a program logic error in fsck.  It stores
directory inodes internally in hash lists, using the number of
directories to form the hash key:

        inpp = &inphead[inumber % numdirs];

Elsewhere, however, it increments numdirs when it finds unattached
directories.  I've made the following fix, which solved the problem in
the case in hand.

Submitted by:	Greg Lehey <grog@lemis.com>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Approved by:	Kirk McKusick <mckusick@mckusick.com>
2000-02-28 20:02:41 +00:00
peter
c1ef93f5ca Fix the use of an uninitialized variable in the previous commit.
Also, in addition to the previous log message, the last change had a fix
for the case where where f.mntfromname is a relative path like da0a.

Submitted by:	bde
2000-01-10 14:20:53 +00:00
peter
a5aad10b74 - Style/bde changes.
- Don't use realpath as stat does the right thing.
  - Only check ufs filesystems in getmntpt.
  - Dont' bother checking that the ufs-mounted-on
    device is a special file.  It *must* be a special
    file, or ufs wouldn't have mounted it.

Submitted by:	Paul Saab <ps@yahoo-inc.com>
2000-01-10 08:21:22 +00:00
peter
e29b764b39 - Forgot to nuke hotroot completely.
Submitted by:	Paul Saab <ps@yahoo-inc.com>
2000-01-10 08:18:18 +00:00
peter
cbb9d1f6ae Make fsck(8) do a MNT_RELOAD after cleaning for all read-only mounted
filesystems, not just for the root fs.

Reviewed by:	mckusick
Submitted by:	Paul Saab <ps@yahoo-inc.com>
1999-12-30 16:32:40 +00:00
phk
44eb44a9e8 Make fsck even more char/blk dev tolerant. 1999-11-27 20:02:27 +00:00
phk
adcb797761 Allow root-reloading also for chr devices. 1999-11-27 16:10:31 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
phk
cf4a7fab74 Also check against chardevs when looking for root. 1999-07-20 08:50:54 +00:00
julian
d77705b6d8 Cosmetic and documentation changes brought from earlier FreeBSD versions.
(e.g. RCS Id:)
1998-12-03 02:41:11 +00:00
julian
c1ef9f83c9 Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com>
Submitted by:	Kirk McKusick <mckusick@McKusick.COM>
Obtained from:	Mckusick, BSDI and a host of others

This exactly matches Kirks sources imported under the
Tag MCKUSICK2. These are as supplied by kirk with one small
change needed to compile under freeBSD.

Some FreeBSD patches will be added back, though many have been
added to Kirk's sources already.
1998-12-03 02:27:35 +00:00
mjacob
33cd29fe0d For large filesystems you can run past default resource limits causing
fsck to exit unhappily. Fix this by doing a getrlimit/setrlimit for
RLIMIT_DATA. I made the same fix in NetBSD.

Reviewed by:	dg@root.com
1998-11-05 03:26:36 +00:00
nate
c241d61f20 - Back out softupdate change that already existed in FreeBSD from V1.6,
which caused the reference count of a directory to get doubly
  decremented.

PR:		bin/8030
Reviewed by:	nate
Submitted by:	Don Lewis <Don.Lewis@tsc.tdk.com>
1998-09-23 05:37:35 +00:00
dfr
2abe006488 Use explicitly sized types when laying out the cylinder groups. This
bug was the cause of the 'freeing free frag' panics that people have been
seeing with FreeBSD/alpha. I have a similar patch to newfs but I've not
finished testing it.
1998-08-15 10:07:33 +00:00
phk
cec4f27a0f There seem to be two messages that were added with soft-updates
support, which need a final "\n". I only observed one line of
mangled output, but I think there is another one which suffers
from the same problem, and thus I provide a patch that covers
both.

PR:		7483
Reviewed by:	phk
Submitted by:	Stefan Esser <se@FreeBSD.org>
1998-08-04 09:19:03 +00:00
dfr
09c162db9e Avoid trying to malloc > (1<<32) bytes of memory due to an arithmetic
underflow on the alpha.
1998-08-01 18:03:28 +00:00
bde
e1c554bc5f Restored rev.1.11, which I somehow clobbered in rev.1.12. 1998-07-06 19:11:35 +00:00
bde
4af99ce07c Fixed printf format errors. 1998-06-28 19:23:03 +00:00
charnier
07d25baf9d Correct use of .Nm. Add rcsid. Remove unused #includes. Use err(3). 1998-06-15 07:07:21 +00:00
julian
54743b71f3 Reviewed by: Kirk Mckusick (mckusick@mckusick.com)
Submitted by:	luoqi Chen
fix a type in fsck.
(also add a comment that got picked up by mistake but is worth adding)
1998-06-05 23:33:26 +00:00
bde
0c33af9265 Guess the position of the drive number in the device name better so
that `fsck -p' doesn't check multiple slices on the same drive
concurrently.  Don't invoke undefined behaviour when searching for
the drive number in strange device names.

PR:		6129
Reviewed by:	phk
Submitted by:	Yuichi MATSUTAKA <matutaka@osa.att.ne.jp>, but rewritten
		by me.
1998-04-07 12:43:57 +00:00
julian
10c5ccc30a Reviewed by: dyson@freebsd.org (john Dyson), dg@root.com (david greenman)
Submitted by:	Kirk McKusick (mcKusick@mckusick.com)
Obtained from:  WHistle development tree
1998-03-08 09:59:44 +00:00
phk
3acc203e1d If numdirs is zero, print a helpful message instead of divding by zero later. 1998-03-04 18:03:54 +00:00
jhay
62746984d7 opt_diagnostic.h isn't needed anymore. 1998-02-06 22:31:14 +00:00
jhay
c3aba9f5d2 fsdb and fsck use the ffs code which needs opt_diagnostic.h. 1998-02-05 14:31:05 +00:00
bde
ac4b63f133 Guard against a block size of 0 in the label. When the first
superblock is invalid, fsck looks at the label to help guess where
the next superblock should be.  If the partition type is 4.2BSD,
fsck assumed that the block size was valid and divided by it, so
it dumped core if the size was 0.

Initialization of the label was broken almost 3 years ago in rev.1.9
of newfs/newfs.c.  Newfs does not change the label at all, so there
is no problem (except the breakage of the automatic search for
backup superblocks) unless something else sets the partition type
to 4.2BSD.  However, it is too easy to set partition types to
4.2.BSD by copying an old label or by using a disktab entry to
create the label.

PR:	2537
1998-01-19 16:28:29 +00:00
bde
efbb6fdc12 Fixed overflow in chkrange(). Some out of bounds block numbers,
e.g. -1, were not detected.  Use a bulletproof check that doesn't
depend on special properties of the args or the limit.

PR:	3528
1997-12-21 00:00:44 +00:00
bde
4c386d1f18 Fixed style bugs in the printing of statistics after preening. Use
floating point better in the percentage calculation there to avoid
overflow when there are more than about 20 million fragments.  Start
using floating point in the other percentage calculation to avoid
overflow when there are more than about 2 million fragments.

Fixed printf format strings.

Converted sccsid to rcsid.
1997-12-20 22:24:32 +00:00
bde
65928cad92 Don't attempt to print the statistics for a "clean" preened filesystem
when there isn't even a filesystem.  Attempting to print them tended
to cause SIGSEGV or SIGFPE depending on how far setup() got before it
returned 0.  This was broken in the previous revision by removing a
return statement that the previous case depended on falling into.

PR:	4840 (fixed by this commit)
PR:	2537 (possibly fixed by Lite2 merge and later changes.  setup()
	      does more checking now)
1997-12-20 21:36:58 +00:00
peter
12d9e0792e patch up some "int *" vs. "time_t *" (long) mismatches. They could be
nasty if sizeof(int) != sizeof(long).
1997-03-18 20:02:18 +00:00
peter
6ae0d54833 Restore check for ridiculous directory sizes. 1997-03-18 19:53:54 +00:00
peter
2d879de2ad Kill the Lite2 early "filesystem clean abort" check and go back to
something closer to how we used to do it.  The Lite2 way is to check the
"fsclean" flag in the superblock and stop there if so (during preen).
We now do the various superblock sanity checks that we used to do before
since it's cheap.  We now get the filesystem state summary again instead
of "FILESYSTEM CLEAN; CHECKING SKIPPED" (or whatever).
1997-03-13 15:37:23 +00:00
bde
1b52927894 Finished (?) merging with Lite2: cleaned up #include mess. 1997-03-12 17:01:11 +00:00
bde
a54018968d Finished (?) merging with Lite2: cleaned up #include mess.
Fixed style bugs in FreeBSD changes.
1997-03-12 16:58:35 +00:00