for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
a raw partition at a nonzero offset (EINVAL should have been EXDEV;
DIOCSDINFO was broken, and DIOCWDINFO was broken because it depended
on DIOCSDINFO).
A zero offset for the raw partition should probably be enforced in
setdisklabel(), and DIOCWDINFO should probably always be handled by
first calling setdisklabel() so that writedisklabel() doesn't need to
enforce it, but this has never been done; dsioctl() has a special
check. Changes in this commit are limited to dsioctl() to preserve
bug for bug compatibility in drivers that don't use the slice code
(notably the ccd driver, which allows setting a bogus label in
DIOCWDINFO and doesn't undo the setting when writedisklabel() fails).
and DSO_NOLABELS flags prevent searching for slices and labels
respectively. Current drivers don't set these flags. When
DSO_NOLABELS is set, the in-core label for the whole disk is cloned
to create an in-core label for each slice. This gives the correct
result (a good in-core label for the compatibility slice) if
DSO_ONESLICE is set or only one slice is found, but usually gives
broken labels otherwise, so DSO_ONESLICE should be set if DSO_NOLABELS
is set.
protection checks. Using the partition-relative blkno in some
parts broke the write protection for partitions at unusual
offsets (only for partitions at offset 1 on i386's).
best place to set it, and the wd and wfd strategy routines don't
set it (for failed transfers) because they expect dscheck() to
initialize everything necessary. dscheck() has always set B_ERROR,
but this is not quite sufficient, because b_resid is used by physio()
to decide how much of a B_ERROR'ed i/o was done.
Callers only need to initialize d_secperunit now, but should
initialize d_type (to reduce the IDE/SCSI confusion), d_typename
(put the disk model in it) and geometry info (if it isn't completely
ficticious). Callers will soon need to initialize d_secsize.
normally only defined in opt_devfs.h, so testing it before including
anything is normally a no-op. Undef'ing DEVFS before including
opt_devfs.h is similarly useless. OTOH, DEVFS support for sliced
but not SLICEd (despite defined(SLICE)) devices is either harmless
(if there are no such devices, then nothing in this file is used)
or necessary (otherwise). It even seems to work for sliced cd
devices.
There is only cdevsw (which should be renamed in a later edit to deventry
or something). cdevsw contains the union of what were in both bdevsw an
cdevsw entries. The bdevsw[] table stiff exists and is a second pointer
to the cdevsw entry of the device. it's major is in d_bmaj rather than
d_maj. some cleanup still to happen (e.g. dsopen now gets two pointers
to the same cdevsw struct instead of one to a bdevsw and one to a cdevsw).
rawread()/rawwrite() went away as part of this though it's not strictly
the same patch, just that it involves all the same lines in the drivers.
cdroms no longer have write() entries (they did have rawwrite (?)).
tapes no longer have support for bdev operations.
Reviewed by: Eivind Eklund and Mike Smith
Changes suggested by eivind.
The slices "struct" isn't really a struct; we allocate only part of
it in the fully dangerously dedicated case. Since the "struct" is
malloced, the page beyond it may not be mapped, so attempts to copy
it would crash. This problem became larger when the full struct was
bloated from < 1K to > 3K by the addition of (mostly unused) DEVFS
tokens some time before 2.2.0 was released.
This code will be turned on with the TWO options
DEVFS and SLICE. (see LINT)
Two labels PRE_DEVFS_SLICE and POST_DEVFS_SLICE will deliniate these changes.
/dev will be automatically mounted by init (thanks phk)
on bootup. See /sys/dev/slice/slice.4 for more info.
All code should act the same without these options enabled.
Mike Smith, Poul Henning Kamp, Soeren, and a few dozen others
This code does not support the following:
bad144 handling.
Persistance. (My head is still hurting from the last time we discussed this)
ATAPI flopies are not handled by the SLICE code yet.
When this code is running, all major numbers are arbitrary and COULD
be dynamically assigned. (this is not done, for POLA only)
Minor numbers for disk slices ARE arbitray and dynamically assigned.
or shrinking an open partition (by changing the label for a compatibility
slice while partitions on the corresponding real slice are open, or vice
versa).
This introduce an xxxFS_BOOT for each of the rootable filesystems.
(Presently not required, but encouraged to allow a smooth move of option *FS
to opt_dontuse.h later.)
LFS is temporarily disabled, and will be re-enabled tomorrow.
or a partition is larger than the slice.
Now `disklabel -Brw sdX auto' should fail properly on sliced disks
without partition of type 165, e.g., on zip disks with the factory
default formatting. Previously it set a bogus in-core label for
the compatibility slice and used this to corrupt the MBR (the slice
has offset 0 and size 0, but setting the label in effect corrupted
its size to nonzero).
`disklabel -Brw sdX auto' already failed properly on normally (not
dangerously dedicated) sliced disks _with_ partition of type 165,
because the compatibility slice has a nonzero offset so the MBR
remained inaccessible when the size was corrupted.
This bug only affected in-core labels. On-disk labels are checked
carefully when they read and written.
changes, so don't expect to be able to run the kernel as-is (very well)
without the appropriate Lite/2 userland changes.
The system boots and can mount UFS filesystems.
Untested: ext2fs, msdosfs, NFS
Known problems: Incorrect Berkeley ID strings in some files.
Mount_std mounts will not work until the getfsent
library routine is changed.
Reviewed by: various people
Submitted by: Jeffery Hsu <hsu@freebsd.org>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
the sd & od drivers. There is also slight changes to fdisk & newfs
in order to comply with different sectorsizes.
Currently sectors of size 512, 1024 & 2048 are supported, the only
restriction beeing in fdisk, which hunts for the sectorsize of
the device.
This is based on patches to od.c and the other system files by
John Gumb & Barry Scott, minor changes and the sd.c patches by
me.
There also exist some patches for the msdos filesys code, but I
havn't been able to test those (yet).
John Gumb (john@talisker.demon.co.uk)
Barry Scott (barry@scottb.demon.co.uk)
If DEVFS is configured, create devfs devices for previously invisible
partitions on the slices.
Fixed an old aliasing bug which caused E=17 errors from DEVFS for
DIOCSDINFO when there were no real slices.
It is needed for implementation details but very little of it is
needed for the interface. Include it in the few places that didn't
already include it.
Include <sys/ioccom.h> in <sys/disklabel.h> (as already in
<sys/diskslice.h>) so that all the disk-related headers are almost
self-sufficient.
block number.. (assuming Debugger() returned). The disk drivers assume
that dscheck() sets both error markers (bp->b_error and set B_ERROR in
bp->b_flags) if it fails.
disklabel(8) to the kernel (dsopen()). Drivers should initialize the
hardware values (rpm, interleave, skews). Drivers currently don't do
this, but it usually doesn't matter since rotational position stuff is
normally disabled.
compatibility slice. They were forgotten on last-close and then
creating them on first-open failed.
Devfs entries for slices other than the one containing the root file
system are still invisible unless you open a non-devfs inode on the
slice.
Added scsi control devices.
Converted almost everything that I changed to use devfs_add_devswf()
and verbose id macros.
st.c:
Renamed enrst* to erst* since that's what the current name is (enrst
seems to be an old name).
First attempt at creating devfs entries for sliced devices. Doesn't
quite work yet, so the heart of it is disabled.
Added bdev and cdev args to dsopen().
Create devfs entries in dsopen() and (unsuccessfully) attempt to make
them go away at the right times. DEVFS is #undefed at the start so
that this shouldn't cause problems.
device.
v_numoutput wasn't incremented to match the b_iodone nesting. It's still
fishy that vwakeup() clears B_WRITEINPROG before biodone() has finished;
however, B_WRITEINPROG seems to be never used.
Submitted by: Bruce Evans
Reopen the bdev for the raw partition and not the cdev if only the bdev
was open.
Don't use a bogus limit for the number of partitions to possibly reopen
(bug found by Julian).
Add function dssize() to help fix wdsize() and sdsize(). The slice
layer knows more about (un)open partitions and partition sizes than
the driver layer.