From nobody Mon Aug 01 05:12:59 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lx5qH61tVz4X8bh; Mon, 1 Aug 2022 05:12:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lx5qH5ct0z4NX5; Mon, 1 Aug 2022 05:12:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659330779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=M/YmUD5eHLlzq8n9ZxKkZselSejZyZs1INmgsw/gZ94=; b=JJFrhoDGqia/5SEpONGj+a5KfR3ZJ0Ma9QoykSgXRgMCMGiD7k5cYMGsV0kSDAh23JtQMZ UKiLp6LkP3dCwsZE36mBGSxN7zLQW3MiAcQA0Lp03PanB6I6UBqGCM10ceMch6GN+EwzLN 8xND3avkhUaXaZ2gSN5+huNFI01gBFNq7Pnw1n1EC+cDO3ab8a45M4uy56eDgYFq0wy/EG G7WlhuRNXsiTT0S9WtQMIux31VBEcBKIAsM2oJckzF7st3ylvXlGxVsAz6jlAs5yuWox9P uHxKDL1773p5lWUHTi2uG+yEaC4m8WT8ACiYsMI4yzpd1gm7xNJ2GVaQKlZAUg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lx5qH4ds7zLv9; Mon, 1 Aug 2022 05:12:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2715CxDN093947; Mon, 1 Aug 2022 05:12:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2715CxOC093946; Mon, 1 Aug 2022 05:12:59 GMT (envelope-from git) Date: Mon, 1 Aug 2022 05:12:59 GMT Message-Id: <202208010512.2715CxOC093946@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kirk McKusick Subject: git: d22531d57282 - main - Identify each UFS/FFS superblock integrity check as a warning or fatal error. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mckusick X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d22531d5728298deda1ce9f7cdebcd4fd8d9ddb2 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659330779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=M/YmUD5eHLlzq8n9ZxKkZselSejZyZs1INmgsw/gZ94=; b=shTlh7TJpZByVtAj+3oGO8kmXLVb88GUFkn1n1tuBvhU/NaTA50XFBsrWdiJgYNrPB6FZq qHJgaJAChnLpoR80gJOY4YaxfGj5IlE3c/k5GXYBX7lqhpCq+mTZKFM+OXaxxrNbm6qgko A16SuvHsrKDJZJulxwz6cBwmZs4ucHBF7ncs5mE/54PrxfMgrp1WdWPgH+d/PKTP+MMOJg 6XnRne8V3+DS3tkYHWNE3C2hlUnAR/ueVrL/GdBpyRyKl3UU0u7W13xpcJd6hOw0lJ1+ao jLmnTKfzLGfPCD/cRnNAvFTtRkUS8GgMJcqaTB8dmFEzKrQfGynOnAuFGiEXLw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659330779; a=rsa-sha256; cv=none; b=xieyk8uUV3Q73c4Br44/fvYCaIuRYJ+2uJWkyc1rVhP8vY2aKz0lrlIIbeMzoYGxdteUsu 8zSJoOZQEkXW2Q10/Z/Oi+gvVNCPVC8GqzhDLz1F11n+4BaOFDTU/zfQeTHtllIjxgykM7 jhR12j2KrgtSfKh0FMS9WtZyeA227IG9NNXN4mR0yVph3QS+AKVDuL44KMyhI/tm5VyfD2 ELpa5moqmen/7H6BmlpNGsSlv6W9WOgBLwfLJ6KNS+2h4AU/dAba3qDe7CXkfmmjo1z8Hm 0qIUQp5hRcinD3+XQZenqHM7I3OVfrPeKG96ETYKsghlGDJsLY4Nx+NObEQiDg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mckusick: URL: https://cgit.FreeBSD.org/src/commit/?id=d22531d5728298deda1ce9f7cdebcd4fd8d9ddb2 commit d22531d5728298deda1ce9f7cdebcd4fd8d9ddb2 Author: Kirk McKusick AuthorDate: 2022-08-01 05:07:20 +0000 Commit: Kirk McKusick CommitDate: 2022-08-01 05:07:20 +0000 Identify each UFS/FFS superblock integrity check as a warning or fatal error. Identify each of the superblock validation checks as either a warning or a fatal error. Any integrity check that can cause a system hang or crash is marked as fatal. Those that may simply lead to poor file layoutor other less good operating conditions are marked as warning. Normally both fatal and warning are treated as errors and prevent the superblock from being loaded. A new flag, UFS_NOWARNFAIL, is added. When passed to ffs_sbget() it will note warnings that it finds, but will still proceed with loading the superblock. Note that when UFS_NOWARNFAIL is used, it also includes UFS_NOHASHFAIL. No legitimate superblocks should fail as a result of these changes. --- sys/ufs/ffs/ffs_subr.c | 182 +++++++++++++++++++++++++++---------------------- sys/ufs/ffs/fs.h | 5 ++ 2 files changed, 106 insertions(+), 81 deletions(-) diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c index 0bcc43fae4d4..8768c5588def 100644 --- a/sys/ufs/ffs/ffs_subr.c +++ b/sys/ufs/ffs/ffs_subr.c @@ -324,8 +324,7 @@ readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, */ #define ILOG2(num) (fls(num) - 1) #define MPRINT if (prtmsg) printf -#undef CHK -#define CHK(lhs, op, rhs, fmt) \ +#define FCHK(lhs, op, rhs, fmt) \ if (lhs op rhs) { \ MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, \ @@ -333,124 +332,145 @@ readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags, if (error == 0) \ error = ENOENT; \ } -#define CHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ +#define WCHK(lhs, op, rhs, fmt) \ + if (lhs op rhs) { \ + MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ + #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\ + #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\ + if (error == 0) \ + error = warnerr; \ + } +#define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n", \ - fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ + fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2); \ if (error == 0) \ error = ENOENT; \ } +#define WCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt) \ + if (lhs1 op1 rhs1 && lhs2 op2 rhs2) { \ + MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s (" \ + #fmt ") && %s (" #fmt ") %s %s (" #fmt ")%s\n", \ + fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1, \ + (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2, \ + (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2, wmsg); \ + if (error == 0) \ + error = warnerr; \ + } static int validate_sblock(struct fs *fs, int flags) { u_long i, sectorsize; u_int64_t maxfilesize, sizepb; - int error, prtmsg; + int error, prtmsg, warnerr; + char *wmsg; error = 0; sectorsize = dbtob(1); prtmsg = ((flags & UFS_NOMSG) == 0); + warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT; + wmsg = warnerr ? "" : " (Ignored)"; if (fs->fs_magic == FS_UFS2_MAGIC) { if ((flags & UFS_ALTSBLK) == 0) - CHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, + FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2, fs->fs_sblockactualloc, !=, 0, %jd); - CHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); - CHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * + FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx); + FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * sizeof(ufs2_daddr_t)), %jd); - CHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), + FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t), %jd); - CHK(fs->fs_inopb, !=, + FCHK(fs->fs_inopb, !=, fs->fs_bsize / sizeof(struct ufs2_dinode), %jd); } else if (fs->fs_magic == FS_UFS1_MAGIC) { if ((flags & UFS_ALTSBLK) == 0) - CHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); - CHK(fs->fs_sblockloc, <, 0, %jd); - CHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); - CHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), + FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd); + FCHK(fs->fs_sblockloc, <, 0, %jd); + FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); + FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t), %jd); - CHK(fs->fs_inopb, !=, + FCHK(fs->fs_inopb, !=, fs->fs_bsize / sizeof(struct ufs1_dinode), %jd); - CHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * + FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) * sizeof(ufs1_daddr_t)), %jd); - CHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); - CHK(fs->fs_old_rotdelay, !=, 0, %jd); - CHK(fs->fs_old_rps, !=, 60, %jd); - CHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); - CHK(fs->fs_old_cpg, !=, 1, %jd); - CHK(fs->fs_old_interleave, !=, 1, %jd); - CHK(fs->fs_old_trackskew, !=, 0, %jd); - CHK(fs->fs_old_cpc, !=, 0, %jd); - CHK(fs->fs_old_postblformat, !=, 1, %jd); - CHK(fs->fs_old_nrpos, !=, 1, %jd); - CHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd); - CHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); - CHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); - CHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd); + WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd); + WCHK(fs->fs_old_rotdelay, !=, 0, %jd); + WCHK(fs->fs_old_rps, !=, 60, %jd); + WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd); + WCHK(fs->fs_old_cpg, !=, 1, %jd); + WCHK(fs->fs_old_interleave, !=, 1, %jd); + WCHK(fs->fs_old_trackskew, !=, 0, %jd); + WCHK(fs->fs_old_cpc, !=, 0, %jd); + WCHK(fs->fs_old_postblformat, !=, 1, %jd); + WCHK(fs->fs_old_nrpos, !=, 1, %jd); + WCHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd); + WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd); + WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd); + FCHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd); } else { /* Bad magic number, so assume not a superblock */ return (ENOENT); } - CHK(fs->fs_bsize, <, MINBSIZE, %jd); - CHK(fs->fs_bsize, >, MAXBSIZE, %jd); - CHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); - CHK(powerof2(fs->fs_bsize), ==, 0, %jd); - CHK(fs->fs_frag, <, 1, %jd); - CHK(fs->fs_frag, >, MAXFRAG, %jd); - CHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); - CHK(fs->fs_fsize, <, sectorsize, %jd); - CHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); - CHK(powerof2(fs->fs_fsize), ==, 0, %jd); - CHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); - CHK(fs->fs_ncg, <, 1, %jd); - CHK(fs->fs_ipg, <, 1, %jd); - CHK(fs->fs_ipg * fs->fs_ncg, >, (((int64_t)(1)) << 32) - INOPB(fs), + FCHK(fs->fs_bsize, <, MINBSIZE, %jd); + FCHK(fs->fs_bsize, >, MAXBSIZE, %jd); + FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd); + FCHK(powerof2(fs->fs_bsize), ==, 0, %jd); + FCHK(fs->fs_frag, <, 1, %jd); + FCHK(fs->fs_frag, >, MAXFRAG, %jd); + FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd); + FCHK(fs->fs_fsize, <, sectorsize, %jd); + FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); + FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); + FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); + FCHK(fs->fs_ncg, <, 1, %jd); + FCHK(fs->fs_ipg, <, 1, %jd); + FCHK(fs->fs_ipg * fs->fs_ncg, >, (((int64_t)(1)) << 32) - INOPB(fs), %jd); - CHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); - CHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); - CHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); - CHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); - CHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); - CHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); - CHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); - CHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); - CHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); - CHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); - CHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); - CHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); - CHK(fs->fs_old_cgoffset, <, 0, %jd); - CHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); - CHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); - CHK(fs->fs_sblkno, !=, roundup( + FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); + FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); + FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); + FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); + FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx); + FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx); + FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx); + FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx); + FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd); + FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd); + FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd); + FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); + FCHK(fs->fs_old_cgoffset, <, 0, %jd); + FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd); + FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd); + FCHK(fs->fs_sblkno, !=, roundup( howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); - CHK(fs->fs_cblkno, !=, fs->fs_sblkno + + FCHK(fs->fs_cblkno, !=, fs->fs_sblkno + roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd); - CHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); - CHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); - CHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); + FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd); + FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd); + FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd); /* * This test is valid, however older versions of growfs failed * to correctly update fs_dsize so will fail this test. Thus we * exclude it from the requirements. */ #ifdef notdef - CHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - + WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno - fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) - howmany(fs->fs_cssize, fs->fs_fsize), %jd); #endif - CHK(fs->fs_metaspace, <, 0, %jd); - CHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); - CHK(fs->fs_minfree, >, 99, %jd%%); + WCHK(fs->fs_metaspace, <, 0, %jd); + WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd); + WCHK(fs->fs_minfree, >, 99, %jd%%); maxfilesize = fs->fs_bsize * UFS_NDADDR - 1; for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) { sizepb *= NINDIR(fs); maxfilesize += sizepb; } - CHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); + WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd); /* * These values have a tight interaction with each other that * makes it hard to tightly bound them. So we can only check @@ -462,9 +482,9 @@ validate_sblock(struct fs *fs, int flags) * that the summary information size is correct and that it starts * and ends in the data area of the same cylinder group. */ - CHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); - CHK(fs->fs_size, <=, (fs->fs_ncg - 1) * fs->fs_fpg, %jd); - CHK(fs->fs_size, >, fs->fs_ncg * fs->fs_fpg, %jd); + FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd); + WCHK(fs->fs_size, <=, (fs->fs_ncg - 1) * fs->fs_fpg, %jd); + WCHK(fs->fs_size, >, fs->fs_ncg * fs->fs_fpg, %jd); /* * If we are not requested to read in the csum data stop here * as the correctness of the remaining values is only important @@ -472,12 +492,12 @@ validate_sblock(struct fs *fs, int flags) */ if ((flags & UFS_NOCSUM) != 0) return (error); - CHK(fs->fs_csaddr, <, 0, %jd); - CHK(fs->fs_cssize, !=, + FCHK(fs->fs_csaddr, <, 0, %jd); + FCHK(fs->fs_cssize, !=, fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd); - CHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd); - CHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); - CHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, + FCHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd); + FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd); + FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >, dtog(fs, fs->fs_csaddr), %jd); /* * With file system clustering it is possible to allocate @@ -498,10 +518,10 @@ validate_sblock(struct fs *fs, int flags) * those (mostly 32-bit machines) can (very slowly) handle I/O * requests that exceed maxphys. */ - CHK(fs->fs_maxcontig, <, 0, %jd); - CHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); - CHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); - CHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, + WCHK(fs->fs_maxcontig, <, 0, %jd); + WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd); + WCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd); + WCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=, MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd); return (error); } diff --git a/sys/ufs/ffs/fs.h b/sys/ufs/ffs/fs.h index 81cb416b383d..0a546e40e82a 100644 --- a/sys/ufs/ffs/fs.h +++ b/sys/ufs/ffs/fs.h @@ -98,8 +98,13 @@ * return the superblock. This is used by the bootstrap code to * give the system a chance to come up so that fsck can be run to * correct the problem. + * + * UFS_NOWARNFAIL will warn about inconsistencies but still return the + * superblock. It includes UFS_NOHASHFAIL. UFS_NOWARNFAIL is used by + * programs like fsck_ffs(8) to debug broken filesystems. */ #define UFS_NOHASHFAIL 0x0001 /* Ignore check-hash failure */ +#define UFS_NOWARNFAIL 0x0003 /* Ignore non-fatal inconsistencies */ #define UFS_NOMSG 0x0004 /* Print no error message */ #define UFS_NOCSUM 0x0008 /* Read just the superblock without csum */ #define UFS_ALTSBLK 0x1000 /* Flag used internally */