From 068beacf21ea3ca33dd07741bb23939e24d84bef Mon Sep 17 00:00:00 2001 From: Kirk McKusick Date: Thu, 8 Feb 2018 23:06:58 +0000 Subject: [PATCH] The goal of this change is to prevent accidental foot shooting by folks running filesystems created on check-hash enabled kernels (which I will call "new") on a non-check-hash enabled kernels (which I will call "old). The idea here is to detect when a filesystem is run on an old kernel and flag the filesystem so that when it gets moved back to a new kernel, it will not start getting a slew of check-hash errors. Back when the UFS version 2 filesystem was created, it added a file flag FS_INDEXDIRS that was to be set on any filesystem that kept some sort of on-disk indexing for directories. The idea was precisely to solve the issue we have today. Specifically that a newer kernel that supported indexing would be able to tell that the filesystem had been run on an older non-indexing kernel and that the indexes should not be used until they had been rebuilt. Since we have never implemented on-disk directory indicies, the FS_INDEXDIRS flag is cleared every time any UFS version 2 filesystem ever created is mounted for writing. This commit repurposes the FS_INDEXDIRS flag as the FS_METACKHASH flag. Thus, the FS_METACKHASH is definitively known to have always been cleared. The FS_INDEXDIRS flag has been moved to a new block of flags that will always be cleared starting with this commit (until they get used to implement some future feature which needs to detect that the filesystem was mounted on a kernel that predates the new feature). If a filesystem with check-hashes enabled is mounted on an old kernel the FS_METACKHASH flag is cleared. When that filesystem is mounted on a new kernel it will see that the FS_METACKHASH has been cleared and clears all of the fs_metackhash flags. To get them re-enabled the user must run fsck (in interactive mode without the -y flag) which will ask for each supported check hash whether it should be rebuilt and enabled. When fsck is run in its default preen mode, it will just ignore the check hashes so they will remain disabled. The kernel has always disabled any check hash functions that it does not support, so as more types of check hashes are added, we will get a non-surprising result. Specifically if filesystems get moved to kernels supporting fewer of the check hashes, those that are not supported will be disabled. If the filesystem is moved back to a kernel with more of the check-hashes available and fsck is run interactively to rebuild them, then their checking will resume. Otherwise just the smaller subset will be checked. A side effect of this commit is that filesystems running with cylinder-group check hashes will stop having them checked until fsck is run to re-enable them (since none of them currently have the FS_METACKHASH flag set). So, if you want check hashes enabled on your filesystems after booting a kernel with these changes, you need to run fsck to enable them. Any newly created filesystems will have check hashes enabled. If in doubt as to whether you have check hashes emabled, run dumpfs and look at the list of enabled flags at the end of the superblock details. --- sbin/dumpfs/dumpfs.c | 42 +++++++++++++++++++++------------------- sbin/fsck_ffs/pass5.c | 20 ++++++++++--------- sbin/newfs/mkfs.c | 10 ++++++++-- sys/ufs/ffs/ffs_vfsops.c | 8 +++++--- sys/ufs/ffs/fs.h | 37 +++++++++++++++++++++++------------ 5 files changed, 71 insertions(+), 46 deletions(-) diff --git a/sbin/dumpfs/dumpfs.c b/sbin/dumpfs/dumpfs.c index 87e28366a1a..d1ba635f9f2 100644 --- a/sbin/dumpfs/dumpfs.c +++ b/sbin/dumpfs/dumpfs.c @@ -257,9 +257,9 @@ dumpfs(const char *name) if (fsflags & FS_DOSOFTDEP) printf("soft-updates%s ", (fsflags & FS_SUJ) ? "+journal" : ""); if (fsflags & FS_NEEDSFSCK) - printf("needs fsck run "); + printf("needs-fsck-run "); if (fsflags & FS_INDEXDIRS) - printf("indexed directories "); + printf("indexed-directories "); if (fsflags & FS_ACLS) printf("acls "); if (fsflags & FS_MULTILABEL) @@ -267,31 +267,33 @@ dumpfs(const char *name) if (fsflags & FS_GJOURNAL) printf("gjournal "); if (fsflags & FS_FLAGS_UPDATED) - printf("fs_flags expanded "); + printf("fs_flags-expanded "); if (fsflags & FS_NFS4ACLS) printf("nfsv4acls "); if (fsflags & FS_TRIM) printf("trim "); - fsflags &= ~(FS_UNCLEAN | FS_DOSOFTDEP | FS_NEEDSFSCK | FS_INDEXDIRS | + fsflags &= ~(FS_UNCLEAN | FS_DOSOFTDEP | FS_NEEDSFSCK | FS_METACKHASH | FS_ACLS | FS_MULTILABEL | FS_GJOURNAL | FS_FLAGS_UPDATED | - FS_NFS4ACLS | FS_SUJ | FS_TRIM); + FS_NFS4ACLS | FS_SUJ | FS_TRIM | FS_INDEXDIRS); if (fsflags != 0) - printf("unknown flags (%#x)", fsflags); + printf("unknown-flags (%#x)", fsflags); putchar('\n'); - printf("check hashes\t"); - fsflags = afs.fs_metackhash; - if (fsflags == 0) - printf("none"); - if (fsflags & CK_SUPERBLOCK) - printf("superblock "); - if (fsflags & CK_CYLGRP) - printf("cylinder-groups "); - if (fsflags & CK_INODE) - printf("inodes "); - if (fsflags & CK_INDIR) - printf("indirect-blocks "); - if (fsflags & CK_DIR) - printf("directories "); + if (afs.fs_flags & FS_METACKHASH) { + printf("check hashes\t"); + fsflags = afs.fs_metackhash; + if (fsflags == 0) + printf("none"); + if (fsflags & CK_SUPERBLOCK) + printf("superblock "); + if (fsflags & CK_CYLGRP) + printf("cylinder-groups "); + if (fsflags & CK_INODE) + printf("inodes "); + if (fsflags & CK_INDIR) + printf("indirect-blocks "); + if (fsflags & CK_DIR) + printf("directories "); + } fsflags &= ~(CK_SUPERBLOCK | CK_CYLGRP | CK_INODE | CK_INDIR | CK_DIR); if (fsflags != 0) printf("unknown flags (%#x)", fsflags); diff --git a/sbin/fsck_ffs/pass5.c b/sbin/fsck_ffs/pass5.c index 6876f859140..0da8998f9b5 100644 --- a/sbin/fsck_ffs/pass5.c +++ b/sbin/fsck_ffs/pass5.c @@ -37,7 +37,6 @@ static const char sccsid[] = "@(#)pass5.c 8.9 (Berkeley) 4/28/95"; #include __FBSDID("$FreeBSD$"); -#define IN_RTLD /* So we pickup the P_OSREL defines */ #include #include @@ -63,7 +62,7 @@ pass5(void) int inomapsize, blkmapsize; struct fs *fs = &sblock; ufs2_daddr_t d, dbase, dmax, start; - int rewritecg = 0, cgckadd = 0; + int rewritecg = 0; struct csum *cs; struct csum_total cstotal; struct inodesc idesc[3]; @@ -74,13 +73,10 @@ pass5(void) inoinfo(UFS_WINO)->ino_state = USTATE; memset(newcg, 0, (size_t)fs->fs_cgsize); newcg->cg_niblk = fs->fs_ipg; - if (preen == 0 && yflag == 0 && fs->fs_magic == FS_UFS2_MAGIC && - fswritefd != -1 && (fs->fs_metackhash & CK_CYLGRP) == 0 && - getosreldate() >= P_OSREL_CK_CYLGRP && - reply("ADD CYLINDER GROUP CHECKSUM PROTECTION") != 0) { + /* check to see if we are to add a cylinder group check hash */ + if ((ckhashadd & CK_CYLGRP) != 0) { fs->fs_metackhash |= CK_CYLGRP; rewritecg = 1; - cgckadd = 1; sbdirty(); } if (cvtlevel >= 3) { @@ -178,14 +174,20 @@ pass5(void) cg = cgbp->b_un.b_cg; if (!cg_chkmagic(cg)) pfatal("CG %d: BAD MAGIC NUMBER\n", c); - if ((fs->fs_metackhash & CK_CYLGRP) != 0 && cgckadd == 0) { + /* + * If we have a cylinder group check hash and are not adding + * it for the first time, verify that it is good. + */ + if ((fs->fs_metackhash & CK_CYLGRP) != 0 && + (ckhashadd & CK_CYLGRP) == 0) { uint32_t ckhash, thishash; ckhash = cg->cg_ckhash; cg->cg_ckhash = 0; thishash = calculate_crc32c(~0L, cg, fs->fs_cgsize); if (ckhash != thishash) - pwarn("CG %d: BAD CHECKSUM %#x vs %#x", c, ckhash, thishash); + pwarn("CG %d: BAD CHECK-HASH %#x vs %#x", + c, ckhash, thishash); cg->cg_ckhash = ckhash; } newcg->cg_time = cg->cg_time; diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c index 1a2993a205b..79fc627e5f7 100644 --- a/sbin/newfs/mkfs.c +++ b/sbin/newfs/mkfs.c @@ -489,9 +489,15 @@ restart: } /* * Set flags for metadata that is being check-hashed. + * + * Metadata check hashes are not supported in the UFS version 1 + * filesystem to keep it as small and simple as possible. */ - if (Oflag > 1 && getosreldate() >= P_OSREL_CK_CYLGRP) - sblock.fs_metackhash = CK_CYLGRP; + if (Oflag > 1) { + sblock.fs_flags |= FS_METACKHASH; + if (getosreldate() >= P_OSREL_CK_CYLGRP) + sblock.fs_metackhash = CK_CYLGRP; + } /* * Dump out summary information about file system. diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 88d921b6b7d..4737cd21b65 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -809,10 +809,12 @@ ffs_mountfs(devvp, mp, td) if ((error = ffs_sbget(devvp, &fs, -1, M_UFSMNT, ffs_use_bread)) != 0) goto out; fs->fs_fmod = 0; - /* none of these types of check-hashes are maintained */ + /* if we ran on a kernel without metadata check hashes, disable them */ + if ((fs->fs_flags & FS_METACKHASH) == 0) + fs->fs_metackhash = 0; + /* none of these types of check-hashes are maintained by this kernel */ fs->fs_metackhash &= ~(CK_SUPERBLOCK | CK_INODE | CK_INDIR | CK_DIR); - /* no support for directory indices or any other undefined flags */ - fs->fs_flags &= ~FS_INDEXDIRS; + /* no support for any undefined flags */ fs->fs_flags &= FS_SUPPORTED; fs->fs_flags &= ~FS_UNCLEAN; if (fs->fs_clean == 0) { diff --git a/sys/ufs/ffs/fs.h b/sys/ufs/ffs/fs.h index 81deda7b851..30925d72165 100644 --- a/sys/ufs/ffs/fs.h +++ b/sys/ufs/ffs/fs.h @@ -433,18 +433,31 @@ CTASSERT(sizeof(struct fs) == 1376); * labels into extended attributes on the file system rather than maintain * a single mount label for all objects. */ -#define FS_UNCLEAN 0x0001 /* filesystem not clean at mount */ -#define FS_DOSOFTDEP 0x0002 /* filesystem using soft dependencies */ -#define FS_NEEDSFSCK 0x0004 /* filesystem needs sync fsck before mount */ -#define FS_SUJ 0x0008 /* Filesystem using softupdate journal */ -#define FS_ACLS 0x0010 /* file system has POSIX.1e ACLs enabled */ -#define FS_MULTILABEL 0x0020 /* file system is MAC multi-label */ -#define FS_GJOURNAL 0x0040 /* gjournaled file system */ -#define FS_FLAGS_UPDATED 0x0080 /* flags have been moved to new location */ -#define FS_NFS4ACLS 0x0100 /* file system has NFSv4 ACLs enabled */ -#define FS_INDEXDIRS 0x0200 /* kernel supports indexed directories */ -#define FS_TRIM 0x0400 /* issue BIO_DELETE for deleted blocks */ -#define FS_SUPPORTED 0xFFFF /* supported flags, others cleared at mount */ +#define FS_UNCLEAN 0x00000001 /* filesystem not clean at mount */ +#define FS_DOSOFTDEP 0x00000002 /* filesystem using soft dependencies */ +#define FS_NEEDSFSCK 0x00000004 /* filesystem needs sync fsck before mount */ +#define FS_SUJ 0x00000008 /* Filesystem using softupdate journal */ +#define FS_ACLS 0x00000010 /* file system has POSIX.1e ACLs enabled */ +#define FS_MULTILABEL 0x00000020 /* file system is MAC multi-label */ +#define FS_GJOURNAL 0x00000040 /* gjournaled file system */ +#define FS_FLAGS_UPDATED 0x0000080 /* flags have been moved to new location */ +#define FS_NFS4ACLS 0x00000100 /* file system has NFSv4 ACLs enabled */ +#define FS_METACKHASH 0x00000200 /* kernel supports metadata check hashes */ +#define FS_TRIM 0x00000400 /* issue BIO_DELETE for deleted blocks */ +#define FS_SUPPORTED 0x00FFFFFF /* supported flags, others cleared at mount*/ +/* + * Things that we may someday support, but currently do not. + * These flags are all cleared so we know if we ran on a kernel + * that does not support them. + */ +#define FS_INDEXDIRS 0x01000000 /* kernel supports indexed directories */ +#define FS_VARBLKSIZE 0x02000000 /* kernel supports variable block sizes */ +#define FS_COOLOPT1 0x04000000 /* kernel supports cool option 1 */ +#define FS_COOLOPT2 0x08000000 /* kernel supports cool option 2 */ +#define FS_COOLOPT3 0x10000000 /* kernel supports cool option 3 */ +#define FS_COOLOPT4 0x20000000 /* kernel supports cool option 4 */ +#define FS_COOLOPT5 0x40000000 /* kernel supports cool option 5 */ +#define FS_COOLOPT6 0x80000000 /* kernel supports cool option 6 */ /* * The fs_metackhash field indicates the types of metadata check-hash