From owner-svn-src-head@freebsd.org Thu Dec 6 00:09:43 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3D98132B4E2; Thu, 6 Dec 2018 00:09:42 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9653C7113D; Thu, 6 Dec 2018 00:09:42 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5D2B11B9E3; Thu, 6 Dec 2018 00:09:42 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wB609gk2011142; Thu, 6 Dec 2018 00:09:42 GMT (envelope-from mckusick@FreeBSD.org) Received: (from mckusick@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wB609d7G011127; Thu, 6 Dec 2018 00:09:39 GMT (envelope-from mckusick@FreeBSD.org) Message-Id: <201812060009.wB609d7G011127@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mckusick set sender to mckusick@FreeBSD.org using -f From: Kirk McKusick Date: Thu, 6 Dec 2018 00:09:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r341608 - in head: lib/libufs sbin/dump sbin/fsck_ffs sbin/fsirand sbin/growfs sbin/quotacheck stand/libsa sys/geom/journal sys/geom/label sys/ufs/ffs usr.sbin/fstyp usr.sbin/quot X-SVN-Group: head X-SVN-Commit-Author: mckusick X-SVN-Commit-Paths: in head: lib/libufs sbin/dump sbin/fsck_ffs sbin/fsirand sbin/growfs sbin/quotacheck stand/libsa sys/geom/journal sys/geom/label sys/ufs/ffs usr.sbin/fstyp usr.sbin/quot X-SVN-Commit-Revision: 341608 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 9653C7113D X-Spamd-Result: default: False [-0.71 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.40)[-0.399,0]; NEURAL_HAM_SHORT(-0.29)[-0.290,0]; NEURAL_HAM_LONG(-0.02)[-0.024,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2018 00:09:43 -0000 Author: mckusick Date: Thu Dec 6 00:09:39 2018 New Revision: 341608 URL: https://svnweb.freebsd.org/changeset/base/341608 Log: Normally when an attempt is made to mount a UFS/FFS filesystem whose superblock has a check-hash error, an error message noting the superblock check-hash failure is printed and the mount fails. The administrator then runs fsck to repair the filesystem and when successful, the filesystem can once again be mounted. This approach fails if the filesystem in question is a root filesystem from which you are trying to boot. Here, the loader fails when trying to access the filesystem to get the kernel to boot. So it is necessary to allow the loader to ignore the superblock check-hash error and make a best effort to read the kernel. The filesystem may be suffiently corrupted that the read attempt fails, but there is no harm in trying since the loader makes no attempt to write to the filesystem. Once the kernel is loaded and starts to run, it attempts to mount its root filesystem. Once again, failure means that it breaks to its prompt to ask where to get its root filesystem. Unless you have an alternate root filesystem, you are stuck. Since the root filesystem is initially mounted read-only, it is safe to make an attempt to mount the root filesystem with the failed superblock check-hash. Thus, when asked to mount a root filesystem with a failed superblock check-hash, the kernel prints a warning message that the root filesystem superblock check-hash needs repair, but notes that it is ignoring the error and proceeding. It does mark the filesystem as needing an fsck which prevents it from being enabled for writing until fsck has been run on it. The net effect is that the reboot fails to single user, but at least at that point the administrator has the tools at hand to fix the problem. Reported by: Rick Macklem (rmacklem@) Discussed with: Warner Losh (imp@) Sponsored by: Netflix Modified: head/lib/libufs/libufs.h head/lib/libufs/sblock.c head/sbin/dump/main.c head/sbin/fsck_ffs/setup.c head/sbin/fsirand/fsirand.c head/sbin/growfs/growfs.c head/sbin/quotacheck/quotacheck.c head/stand/libsa/ufs.c head/sys/geom/journal/g_journal_ufs.c head/sys/geom/label/g_label_ufs.c head/sys/ufs/ffs/ffs_extern.h head/sys/ufs/ffs/ffs_subr.c head/sys/ufs/ffs/ffs_vfsops.c head/usr.sbin/fstyp/ufs.c head/usr.sbin/quot/quot.c Modified: head/lib/libufs/libufs.h ============================================================================== --- head/lib/libufs/libufs.h Wed Dec 5 21:51:39 2018 (r341607) +++ head/lib/libufs/libufs.h Thu Dec 6 00:09:39 2018 (r341608) @@ -118,6 +118,12 @@ int ffs_sbput(void *, struct fs *, off_t, int (*)(void *, off_t, void *, int)); /* + * Request standard superblock location in ffs_sbget + */ +#define STDSB -1 /* Fail if check-hash is bad */ +#define STDSB_NOHASHFAIL -2 /* Ignore check-hash failure */ + +/* * block.c */ ssize_t bread(struct uufsd *, ufs2_daddr_t, void *, size_t); Modified: head/lib/libufs/sblock.c ============================================================================== --- head/lib/libufs/sblock.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/lib/libufs/sblock.c Thu Dec 6 00:09:39 2018 (r341608) @@ -54,7 +54,7 @@ sbread(struct uufsd *disk) ERROR(disk, NULL); - if ((errno = sbget(disk->d_fd, &fs, -1)) != 0) { + if ((errno = sbget(disk->d_fd, &fs, STDSB)) != 0) { switch (errno) { case EIO: ERROR(disk, "non-existent or truncated superblock"); Modified: head/sbin/dump/main.c ============================================================================== --- head/sbin/dump/main.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sbin/dump/main.c Thu Dec 6 00:09:39 2018 (r341608) @@ -433,7 +433,7 @@ main(int argc, char *argv[]) msgtail("to %s\n", tape); sync(); - if ((ret = sbget(diskfd, &sblock, -1)) != 0) { + if ((ret = sbget(diskfd, &sblock, STDSB)) != 0) { switch (ret) { case ENOENT: warn("Cannot find file system superblock"); Modified: head/sbin/fsck_ffs/setup.c ============================================================================== --- head/sbin/fsck_ffs/setup.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sbin/fsck_ffs/setup.c Thu Dec 6 00:09:39 2018 (r341608) @@ -327,7 +327,7 @@ readsb(int listerr) int bad, ret; struct fs *fs; - super = bflag ? bflag * dev_bsize : -1; + super = bflag ? bflag * dev_bsize : STDSB; readcnt[sblk.b_type]++; if ((ret = sbget(fsreadfd, &fs, super)) != 0) { switch (ret) { Modified: head/sbin/fsirand/fsirand.c ============================================================================== --- head/sbin/fsirand/fsirand.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sbin/fsirand/fsirand.c Thu Dec 6 00:09:39 2018 (r341608) @@ -126,7 +126,7 @@ fsirand(char *device) dp2 = NULL; /* Read in master superblock */ - if ((ret = sbget(devfd, &sblock, -1)) != 0) { + if ((ret = sbget(devfd, &sblock, STDSB)) != 0) { switch (ret) { case ENOENT: warn("Cannot find file system superblock"); Modified: head/sbin/growfs/growfs.c ============================================================================== --- head/sbin/growfs/growfs.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sbin/growfs/growfs.c Thu Dec 6 00:09:39 2018 (r341608) @@ -1449,7 +1449,7 @@ main(int argc, char **argv) /* * Read the current superblock, and take a backup. */ - if ((ret = sbget(fsi, &fs, -1)) != 0) { + if ((ret = sbget(fsi, &fs, STDSB)) != 0) { switch (ret) { case ENOENT: errx(1, "superblock not recognized"); Modified: head/sbin/quotacheck/quotacheck.c ============================================================================== --- head/sbin/quotacheck/quotacheck.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sbin/quotacheck/quotacheck.c Thu Dec 6 00:09:39 2018 (r341608) @@ -321,7 +321,7 @@ chkquota(char *specname, struct quotafile *qfu, struct } } sync(); - if ((ret = sbget(fi, &fs, -1)) != 0) { + if ((ret = sbget(fi, &fs, STDSB)) != 0) { switch (ret) { case ENOENT: warn("Cannot find file system superblock"); Modified: head/stand/libsa/ufs.c ============================================================================== --- head/stand/libsa/ufs.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/stand/libsa/ufs.c Thu Dec 6 00:09:39 2018 (r341608) @@ -140,6 +140,11 @@ static int ufs_use_sa_read(void *, off_t, void **, int /* from ffs_subr.c */ int ffs_sbget(void *, struct fs **, off_t, char *, int (*)(void *, off_t, void **, int)); +/* + * Request standard superblock location in ffs_sbget + */ +#define STDSB -1 /* Fail if check-hash is bad */ +#define STDSB_NOHASHFAIL -2 /* Ignore check-hash failure */ /* * Read a new inode into a file structure. @@ -519,7 +524,8 @@ ufs_open(upath, f) /* read super block */ twiddle(1); - if ((rc = ffs_sbget(f, &fs, -1, "stand", ufs_use_sa_read)) != 0) + if ((rc = ffs_sbget(f, &fs, STDSB_NOHASHFAIL, "stand", + ufs_use_sa_read)) != 0) goto out; fp->f_fs = fs; /* Modified: head/sys/geom/journal/g_journal_ufs.c ============================================================================== --- head/sys/geom/journal/g_journal_ufs.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sys/geom/journal/g_journal_ufs.c Thu Dec 6 00:09:39 2018 (r341608) @@ -72,7 +72,7 @@ g_journal_ufs_dirty(struct g_consumer *cp) fs = NULL; if (SBLOCKSIZE % cp->provider->sectorsize != 0 || - ffs_sbget(cp, &fs, -1, M_GEOM, g_use_g_read_data) != 0) { + ffs_sbget(cp, &fs, STDSB, M_GEOM, g_use_g_read_data) != 0) { GJ_DEBUG(0, "Cannot find superblock to mark file system %s " "as dirty.", cp->provider->name); KASSERT(fs == NULL, Modified: head/sys/geom/label/g_label_ufs.c ============================================================================== --- head/sys/geom/label/g_label_ufs.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sys/geom/label/g_label_ufs.c Thu Dec 6 00:09:39 2018 (r341608) @@ -77,7 +77,7 @@ g_label_ufs_taste_common(struct g_consumer *cp, char * fs = NULL; if (SBLOCKSIZE % pp->sectorsize != 0 || - ffs_sbget(cp, &fs, -1, M_GEOM, g_use_g_read_data) != 0) { + ffs_sbget(cp, &fs, STDSB, M_GEOM, g_use_g_read_data) != 0) { KASSERT(fs == NULL, ("g_label_ufs_taste_common: non-NULL fs %p\n", fs)); return; Modified: head/sys/ufs/ffs/ffs_extern.h ============================================================================== --- head/sys/ufs/ffs/ffs_extern.h Wed Dec 5 21:51:39 2018 (r341607) +++ head/sys/ufs/ffs/ffs_extern.h Thu Dec 6 00:09:39 2018 (r341608) @@ -126,6 +126,12 @@ void process_deferred_inactive(struct mount *mp); #define FFSR_UNSUSPEND 0x0002 /* + * Request standard superblock location in ffs_sbget + */ +#define STDSB -1 /* Fail if check-hash is bad */ +#define STDSB_NOHASHFAIL -2 /* Ignore check-hash failure */ + +/* * Definitions for TRIM interface * * Special keys and recommended hash table size Modified: head/sys/ufs/ffs/ffs_subr.c ============================================================================== --- head/sys/ufs/ffs/ffs_subr.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sys/ufs/ffs/ffs_subr.c Thu Dec 6 00:09:39 2018 (r341608) @@ -51,6 +51,11 @@ struct malloc_type; #define UFS_MALLOC(size, type, flags) malloc(size) #define UFS_FREE(ptr, type) free(ptr) #define UFS_TIME time(NULL) +/* + * Request standard superblock location in ffs_sbget + */ +#define STDSB -1 /* Fail if check-hash is bad */ +#define STDSB_NOHASHFAIL -2 /* Ignore check-hash failure */ #else /* _KERNEL */ #include @@ -139,14 +144,14 @@ ffs_load_inode(struct buf *bp, struct inode *ip, struc ip->i_gid = dip2->di_gid; return (0); } -#endif /* KERNEL */ +#endif /* _KERNEL */ /* * These are the low-level functions that actually read and write * the superblock and its associated data. */ static off_t sblock_try[] = SBLOCKSEARCH; -static int readsuper(void *, struct fs **, off_t, int, +static int readsuper(void *, struct fs **, off_t, int, int, int (*)(void *, off_t, void **, int)); /* @@ -177,21 +182,25 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsbloc int i, error, size, blks; uint8_t *space; int32_t *lp; + int chkhash; char *buf; fs = NULL; *fsp = NULL; - if (altsblock != -1) { - if ((error = readsuper(devfd, &fs, altsblock, 1, + chkhash = 1; + if (altsblock >= 0) { + if ((error = readsuper(devfd, &fs, altsblock, 1, chkhash, readfunc)) != 0) { if (fs != NULL) UFS_FREE(fs, filltype); return (error); } } else { + if (altsblock == STDSB_NOHASHFAIL) + chkhash = 0; for (i = 0; sblock_try[i] != -1; i++) { if ((error = readsuper(devfd, &fs, sblock_try[i], 0, - readfunc)) == 0) + chkhash, readfunc)) == 0) break; if (fs != NULL) { UFS_FREE(fs, filltype); @@ -255,7 +264,7 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsbloc */ static int readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int isaltsblk, - int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) + int chkhash, int (*readfunc)(void *devfd, off_t loc, void **bufp, int size)) { struct fs *fs; int error, res; @@ -285,8 +294,9 @@ readsuper(void *devfd, struct fs **fsp, off_t sblocklo if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) { #ifdef _KERNEL res = uprintf("Superblock check-hash failed: recorded " - "check-hash 0x%x != computed check-hash 0x%x\n", - fs->fs_ckhash, ckhash); + "check-hash 0x%x != computed check-hash 0x%x%s\n", + fs->fs_ckhash, ckhash, + chkhash == 0 ? " (Ignored)" : ""); #else res = 0; #endif @@ -297,7 +307,14 @@ readsuper(void *devfd, struct fs **fsp, off_t sblocklo if (res == 0) printf("Superblock check-hash failed: recorded " "check-hash 0x%x != computed check-hash " - "0x%x\n", fs->fs_ckhash, ckhash); + "0x%x%s\n", fs->fs_ckhash, ckhash, + chkhash == 0 ? " (Ignored)" : ""); + if (chkhash == 0) { + fs->fs_flags |= FS_NEEDSFSCK; + fs->fs_fmod = 1; + return (0); + } + fs->fs_fmod = 0; return (EINVAL); } /* Have to set for old filesystems that predate this field */ Modified: head/sys/ufs/ffs/ffs_vfsops.c ============================================================================== --- head/sys/ufs/ffs/ffs_vfsops.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/sys/ufs/ffs/ffs_vfsops.c Thu Dec 6 00:09:39 2018 (r341608) @@ -774,6 +774,7 @@ ffs_mountfs(devvp, mp, td) struct g_consumer *cp; struct mount *nmp; int candelete; + off_t loc; fs = NULL; ump = NULL; @@ -810,9 +811,11 @@ ffs_mountfs(devvp, mp, td) goto out; } /* fetch the superblock and summary information */ - if ((error = ffs_sbget(devvp, &fs, -1, M_UFSMNT, ffs_use_bread)) != 0) + loc = STDSB; + if ((mp->mnt_flag & MNT_ROOTFS) != 0) + loc = STDSB_NOHASHFAIL; + if ((error = ffs_sbget(devvp, &fs, loc, M_UFSMNT, ffs_use_bread)) != 0) goto out; - fs->fs_fmod = 0; /* none of these types of check-hashes are maintained by this kernel */ fs->fs_metackhash &= ~(CK_INODE | CK_INDIR | CK_DIR); /* no support for any undefined flags */ Modified: head/usr.sbin/fstyp/ufs.c ============================================================================== --- head/usr.sbin/fstyp/ufs.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/usr.sbin/fstyp/ufs.c Thu Dec 6 00:09:39 2018 (r341608) @@ -50,7 +50,7 @@ fstyp_ufs(FILE *fp, char *label, size_t labelsize) { struct fs *fs; - switch (sbget(fileno(fp), &fs, -1)) { + switch (sbget(fileno(fp), &fs, STDSB)) { case 0: strlcpy(label, fs->fs_volname, labelsize); return (0); Modified: head/usr.sbin/quot/quot.c ============================================================================== --- head/usr.sbin/quot/quot.c Wed Dec 5 21:51:39 2018 (r341607) +++ head/usr.sbin/quot/quot.c Thu Dec 6 00:09:39 2018 (r341608) @@ -550,7 +550,7 @@ quot(char *name, char *mp) close(fd); return; } - switch (sbget(fd, &fs, -1)) { + switch (sbget(fd, &fs, STDSB)) { case 0: break; case ENOENT: