NetBSD Problem Report #59563
From www@netbsd.org Tue Jul 29 19:00:37 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 687801A923F
for <gnats-bugs@gnats.NetBSD.org>; Tue, 29 Jul 2025 19:00:37 +0000 (UTC)
Message-Id: <20250729190036.65E1B1A9241@mollari.NetBSD.org>
Date: Tue, 29 Jul 2025 19:00:36 +0000 (UTC)
From: thorpej@me.com
Reply-To: thorpej@me.com
To: gnats-bugs@NetBSD.org
Subject: Use of FS_UFS2_MAGIC is problematic
X-Send-Pr-Version: www-1.0
>Number: 59563
>Category: kern
>Synopsis: Use of FS_UFS2_MAGIC is problematic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jul 29 19:05:00 +0000 2025
>Last-Modified: Tue Jul 29 19:15:00 +0000 2025
>Originator: Jason Thorpe
>Release: NetBSD-current as of July 20, 2025
>Organization:
RISCy Business
>Environment:
[Doesn't matter]
>Description:
The use of FS_UFS2_MAGIC is problematic since the introduction of FS_UFS2EA_MAGIC. There are several cases where comparisons are made against FS_UFS2_MAGIC to select "UFS2 behavior". But of course, here is now a second UFS2 magic number which also should select the UFS2 behavior, but the comparison does not include it.
>How-To-Repeat:
Code inspection.
>Fix:
Probably invert the test (test for non-equality against the UFS1 magic number). And maybe wrap it in a macro or something.
>Audit-Trail:
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/59563: Use of FS_UFS2_MAGIC is problematic
Date: Tue, 29 Jul 2025 15:09:41 -0400
--Apple-Mail=_4BE8684E-8946-46D1-BA6E-65ADD54AC000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Does not matter, because:
/* Allow converting from UFS2 to UFS2EA but not vice versa. */
if (newfs->fs_magic =3D=3D FS_UFS2EA_MAGIC) {
ump->um_flags |=3D UFS_EA;
newfs->fs_magic =3D FS_UFS2_MAGIC;
} else {
if ((ump->um_flags & UFS_EA) !=3D 0)
return EINVAL;
}
If that was not the case we would get corruption and crashes. But I =
agree with you, it is better to do the test one way and perhaps put it =
in a macro.
christos=
--Apple-Mail=_4BE8684E-8946-46D1-BA6E-65ADD54AC000
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCaIkcdQAKCRBxESqxbLM7
Oo5uAKDKaG+aPrLtgl2pZ0FoT0kW6AV0twCdFZaMCq9aSSG1YFWheMme+fuTOzA=
=OI9O
-----END PGP SIGNATURE-----
--Apple-Mail=_4BE8684E-8946-46D1-BA6E-65ADD54AC000--
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
thorpej@me.com
Subject: Re: kern/59563: Use of FS_UFS2_MAGIC is problematic
Date: Tue, 29 Jul 2025 15:14:37 -0400
--Apple-Mail=_51C24F3A-4923-441F-A01B-8A48DF44B2B2
Content-Type: multipart/mixed;
boundary="Apple-Mail=_3D71D1DA-3C68-41C0-A60C-A8B9EFB2BD8F"
--Apple-Mail=_3D71D1DA-3C68-41C0-A60C-A8B9EFB2BD8F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Here is a patch that does the first. But we can't avoid comparisons with =
FS_UFS2_MAGIC completely...
christos
--Apple-Mail=_3D71D1DA-3C68-41C0-A60C-A8B9EFB2BD8F
Content-Disposition: attachment;
filename=ufs.patch
Content-Type: application/octet-stream;
name=ufs.patch;
x-unix-mode=0664
Content-Transfer-Encoding: 7bit
? o
Index: ffs/ffs_alloc.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_alloc.c,v
retrieving revision 1.174
diff -u -p -u -r1.174 ffs_alloc.c
--- ffs/ffs_alloc.c 27 Jun 2025 19:55:38 -0000 1.174
+++ ffs/ffs_alloc.c 29 Jul 2025 19:12:13 -0000
@@ -1280,7 +1280,7 @@ ffs_nodealloccg(struct inode *ip, u_int
return (0);
mutex_exit(&ump->um_lock);
ibp = NULL;
- if (fs->fs_magic == FS_UFS2_MAGIC) {
+ if (fs->fs_magic != FS_UFS1_MAGIC) {
initediblk = -1;
} else {
initediblk = fs->fs_ipg;
@@ -1305,7 +1305,7 @@ retry:
/*
* Check to see if we need to initialize more inodes.
*/
- if (fs->fs_magic == FS_UFS2_MAGIC && ibp == NULL) {
+ if (fs->fs_magic != FS_UFS1_MAGIC && ibp == NULL) {
initediblk = ufs_rw32(cgp->cg_initediblk, needswap);
maxiblk = initediblk;
nalloc = fs->fs_ipg - ufs_rw32(cgp->cg_cs.cs_nifree, needswap);
Index: ffs/ffs_balloc.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_balloc.c,v
retrieving revision 1.66
diff -u -p -u -r1.66 ffs_balloc.c
--- ffs/ffs_balloc.c 17 Nov 2022 06:40:40 -0000 1.66
+++ ffs/ffs_balloc.c 29 Jul 2025 19:12:13 -0000
@@ -95,7 +95,7 @@ ffs_balloc(struct vnode *vp, off_t off,
{
int error;
- if (VTOI(vp)->i_fs->fs_magic == FS_UFS2_MAGIC)
+ if (VTOI(vp)->i_fs->fs_magic != FS_UFS1_MAGIC)
error = ffs_balloc_ufs2(vp, off, size, cred, flags, bpp);
else
error = ffs_balloc_ufs1(vp, off, size, cred, flags, bpp);
Index: ffs/ffs_bswap.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_bswap.c,v
retrieving revision 1.40
diff -u -p -u -r1.40 ffs_bswap.c
--- ffs/ffs_bswap.c 9 Feb 2017 04:37:35 -0000 1.40
+++ ffs/ffs_bswap.c 29 Jul 2025 19:12:13 -0000
@@ -215,7 +215,7 @@ ffs_cg_swap(struct cg *o, struct cg *n,
for (i = 0; i < MAXFRAG; i++)
n->cg_frsum[i] = bswap32(o->cg_frsum[i]);
- if ((fs->fs_magic != FS_UFS2_MAGIC) &&
+ if ((fs->fs_magic == FS_UFS1_MAGIC) &&
(fs->fs_old_postblformat == FS_42POSTBLFMT)) { /* old format */
struct ocg *on, *oo;
int j;
@@ -258,7 +258,7 @@ ffs_cg_swap(struct cg *o, struct cg *n,
for (i = 1; i < fs->fs_contigsumsize + 1; i++)
n32[i] = bswap32(o32[i]);
- if (fs->fs_magic == FS_UFS2_MAGIC)
+ if (fs->fs_magic != FS_UFS1_MAGIC)
return;
n32 = (u_int32_t *)((u_int8_t *)n + btotoff);
Index: ffs/ffs_inode.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_inode.c,v
retrieving revision 1.131
diff -u -p -u -r1.131 ffs_inode.c
--- ffs/ffs_inode.c 31 Jul 2020 04:07:30 -0000 1.131
+++ ffs/ffs_inode.c 29 Jul 2025 19:12:13 -0000
@@ -247,7 +247,7 @@ ffs_truncate(struct vnode *ovp, off_t le
#define i_din2 i_din.ffs2_din
extblocks = 0;
datablocks = DIP(oip, blocks);
- if (fs->fs_magic == FS_UFS2_MAGIC && oip->i_din2->di_extsize > 0) {
+ if (fs->fs_magic != FS_UFS1_MAGIC && oip->i_din2->di_extsize > 0) {
extblocks = btodb(ffs_fragroundup(fs, oip->i_din2->di_extsize));
datablocks -= extblocks;
}
Index: ffs/ffs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_vfsops.c,v
retrieving revision 1.384
diff -u -p -u -r1.384 ffs_vfsops.c
--- ffs/ffs_vfsops.c 30 Dec 2024 09:03:07 -0000 1.384
+++ ffs/ffs_vfsops.c 29 Jul 2025 19:12:13 -0000
@@ -203,7 +203,7 @@ ffs_checkrange(struct mount *mp, ino_t i
* Need to check if inode is initialized because ffsv2 does
* lazy initialization and we can get here from nfs_fhtovp
*/
- if (fs->fs_magic != FS_UFS2_MAGIC)
+ if (fs->fs_magic == FS_UFS1_MAGIC)
return 0;
struct buf *bp;
@@ -2309,7 +2309,7 @@ ffs_newvnode(struct mount *mp, struct vn
/* Set up a new generation number for this inode. */
ip->i_gen++;
DIP_ASSIGN(ip, gen, ip->i_gen);
- if (fs->fs_magic == FS_UFS2_MAGIC) {
+ if (fs->fs_magic != FS_UFS1_MAGIC) {
vfs_timestamp(&ts);
ip->i_ffs2_birthtime = ts.tv_sec;
ip->i_ffs2_birthnsec = ts.tv_nsec;
Index: ffs/fs.h
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/fs.h,v
retrieving revision 1.73
diff -u -p -u -r1.73 fs.h
--- ffs/fs.h 13 Dec 2024 22:32:45 -0000 1.73
+++ ffs/fs.h 29 Jul 2025 19:12:13 -0000
@@ -634,8 +634,8 @@ struct ocg {
#define cgstart_ufs1(fs, c) \
(cgbase(fs, c) + (fs)->fs_old_cgoffset * ((c) & ~((fs)->fs_old_cgmask)))
#define cgstart_ufs2(fs, c) cgbase((fs), (c))
-#define cgstart(fs, c) ((fs)->fs_magic == FS_UFS2_MAGIC \
- ? cgstart_ufs2((fs), (c)) : cgstart_ufs1((fs), (c)))
+#define cgstart(fs, c) ((fs)->fs_magic == FS_UFS1_MAGIC \
+ ? cgstart_ufs1((fs), (c)) : cgstart_ufs2((fs), (c)))
#define cgdmin(fs, c) (cgstart(fs, c) + (fs)->fs_dblkno) /* 1st data */
#define cgimin(fs, c) (cgstart(fs, c) + (fs)->fs_iblkno) /* inode blk */
#define cgsblock(fs, c) (cgstart(fs, c) + (fs)->fs_sblkno) /* super blk */
@@ -704,13 +704,13 @@ struct ocg {
#define ffs_blknum(fs, fsb) /* calculates rounddown(fsb, fs->fs_frag) */ \
((fsb) &~ ((fs)->fs_frag - 1))
#define ffs_getdb(fs, ip, lb) \
- ((fs)->fs_magic == FS_UFS2_MAGIC ? \
- (daddr_t)ufs_rw64((ip)->i_ffs2_db[lb], UFS_FSNEEDSWAP(fs)) : \
- (daddr_t)ufs_rw32((ip)->i_ffs1_db[lb], UFS_FSNEEDSWAP(fs)))
+ ((fs)->fs_magic == FS_UFS1_MAGIC ? \
+ (daddr_t)ufs_rw32((ip)->i_ffs1_db[lb], UFS_FSNEEDSWAP(fs)) : \
+ (daddr_t)ufs_rw64((ip)->i_ffs2_db[lb], UFS_FSNEEDSWAP(fs)))
#define ffs_getib(fs, ip, lb) \
- ((fs)->fs_magic == FS_UFS2_MAGIC ? \
- (daddr_t)ufs_rw64((ip)->i_ffs2_ib[lb], UFS_FSNEEDSWAP(fs)) : \
- (daddr_t)ufs_rw32((ip)->i_ffs1_ib[lb], UFS_FSNEEDSWAP(fs)))
+ ((fs)->fs_magic == FS_UFS1_MAGIC ? \
+ (daddr_t)ufs_rw32((ip)->i_ffs1_ib[lb], UFS_FSNEEDSWAP(fs)) : \
+ (daddr_t)ufs_rw64((ip)->i_ffs2_ib[lb], UFS_FSNEEDSWAP(fs))
/*
* Determine the number of available frags given a
--Apple-Mail=_3D71D1DA-3C68-41C0-A60C-A8B9EFB2BD8F
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
--Apple-Mail=_3D71D1DA-3C68-41C0-A60C-A8B9EFB2BD8F--
--Apple-Mail=_51C24F3A-4923-441F-A01B-8A48DF44B2B2
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCaIkdnQAKCRBxESqxbLM7
OuPyAKCiKyEdE8fzEpxmWzH+asrifsJMKgCfby+6au4fc44EDo1KuR/4mrZLhgM=
=bnwu
-----END PGP SIGNATURE-----
--Apple-Mail=_51C24F3A-4923-441F-A01B-8A48DF44B2B2--
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home