git: f030f1102c62 - main - Delete UFS2 backup superblock recovery info when building a UFS1 filesystem.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kirk McKusick <mckusick_at_FreeBSD.org>
Date: Thu, 21 Jul 2022 05:52:41 UTC
The branch main has been updated by mckusick:

URL: https://cgit.FreeBSD.org/src/commit/?id=f030f1102c62d3de498cf2b5f0ce8d3582182923

commit f030f1102c62d3de498cf2b5f0ce8d3582182923
Author:     Kirk McKusick <mckusick@FreeBSD.org>
AuthorDate: 2022-07-21 05:45:18 +0000
Commit:     Kirk McKusick <mckusick@FreeBSD.org>
CommitDate: 2022-07-21 05:52:10 +0000

    Delete UFS2 backup superblock recovery info when building a UFS1 filesystem.
    
    Only the UFS2 filesystem has support for storing information needed
    to find alternate superblocks. If that information is inadvertently
    left in place when building a UFS1 filesystem, fsck_ffs may stumble
    across it and attempt to use it to recover the UFS1 filesystem
    which can only end poorly.
---
 sbin/newfs/mkfs.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c
index a6c4ee60c2d5..48091d7882d0 100644
--- a/sbin/newfs/mkfs.c
+++ b/sbin/newfs/mkfs.c
@@ -636,23 +636,26 @@ restart:
 	 * Read the last sector of the boot block, replace the last
 	 * 20 bytes with the recovery information, then write it back.
 	 * The recovery information only works for UFS2 filesystems.
+	 * For UFS1, zero out the area to ensure that an old UFS2
+	 * recovery block is not accidentally found.
 	 */
-	if (sblock.fs_magic == FS_UFS2_MAGIC) {
-		if ((fsrbuf = malloc(realsectorsize)) == NULL || bread(&disk,
-		    part_ofs + (SBLOCK_UFS2 - realsectorsize) / disk.d_bsize,
-		    fsrbuf, realsectorsize) == -1)
-			err(1, "can't read recovery area: %s", disk.d_error);
-		fsr =
-		    (struct fsrecovery *)&fsrbuf[realsectorsize - sizeof *fsr];
+	if ((fsrbuf = malloc(realsectorsize)) == NULL || bread(&disk,
+	    part_ofs + (SBLOCK_UFS2 - realsectorsize) / disk.d_bsize,
+	    fsrbuf, realsectorsize) == -1)
+		err(1, "can't read recovery area: %s", disk.d_error);
+	fsr = (struct fsrecovery *)&fsrbuf[realsectorsize - sizeof *fsr];
+	if (sblock.fs_magic != FS_UFS2_MAGIC) {
+		memset(fsr, 0, sizeof *fsr);
+	} else {
 		fsr->fsr_magic = sblock.fs_magic;
 		fsr->fsr_fpg = sblock.fs_fpg;
 		fsr->fsr_fsbtodb = sblock.fs_fsbtodb;
 		fsr->fsr_sblkno = sblock.fs_sblkno;
 		fsr->fsr_ncg = sblock.fs_ncg;
-		wtfs((SBLOCK_UFS2 - realsectorsize) / disk.d_bsize,
-		    realsectorsize, fsrbuf);
-		free(fsrbuf);
 	}
+	wtfs((SBLOCK_UFS2 - realsectorsize) / disk.d_bsize,
+	    realsectorsize, fsrbuf);
+	free(fsrbuf);
 	/*
 	 * Update information about this partition in pack
 	 * label, to that it may be updated on disk.