Page MenuHomeFreeBSD
Differential D51573

Another fix for UFS with inode number sign propagation
ClosedPublic
Actions

Authored by kib on Jul 27 2025, 4:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 10, 11:18 PM
Unknown Object (File)
Fri, Oct 10, 11:18 PM
Unknown Object (File)
Fri, Oct 10, 11:18 PM
Unknown Object (File)
Fri, Oct 10, 11:18 PM
Unknown Object (File)
Fri, Oct 10, 5:01 PM
Unknown Object (File)
Sat, Oct 4, 2:31 AM
Unknown Object (File)
Fri, Oct 3, 6:55 AM
Unknown Object (File)
Tue, Sep 30, 10:47 PM
View All 39 Files
Subscribers
imp
olce
pfg

Details

Reviewers
mckusick
olce
Commits
rG610319c766e9: ufs_vnops.c: newparent is not bool
rGc069ca085bd1: ufs_vnops.c: use unsigned type for newparent inode number in ufs_rename()
Summary
ufs_vnops.c: use unsigned type for newparent inode number in ufs_rename()

Otherwise it is sign-extended into 64bit ino_t on the call to
ufs_dirrewrite().  This causes invalid inode number recorded in the SU
tracking structures (newdirem) and triggers corresponding panics.


ufs_vnops.c: newparent is not bool

Use proper comparision operators when we need to see if newparent was
set to not-zero value.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Jul 27 2025, 4:09 PM
Herald added a subscriber: imp. · View Herald TranscriptJul 27 2025, 4:09 PM
kib requested review of this revision.Jul 27 2025, 4:09 PM

This causes

panic: newdirrem: inum 2147911196 should be 18446744071562495516

2147911196 == 0x8006861c
18446744071562495516 == 0xffffffff8006861c

olce added a subscriber: olce.Jul 28 2025, 1:49 AM
olce added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

This is still wrong on 32-bit architectures.

1645–1647

While here.

olce added a reviewer: olce.Jul 28 2025, 1:50 AM
kib added inline comments.Jul 28 2025, 6:38 AM
sys/ufs/ufs/ufs_vnops.c
1272

In which way it is wrong? Or do you mean that your suggested change is wrong?

Anyway, I state that I do want it the way I provided it in review. u_int (might be uint32_t), not ino_t.

olce added inline comments.Jul 28 2025, 6:59 AM
sys/ufs/ufs/ufs_vnops.c
1272

ino_t is a uint64_t. I thought we were using 64-bit inode numbers everywhere. But I see that struct direct has a uint32_t d_ino, so I guess UFS is still limited to 32-bit inode numbers? In which case your change is indeed not wrong, although surprising given that involved functions take an ino_t parameter. I'd much prefer inconsistency reduction here, even at the price of handling a 64-bit number on 32-bit architectures (unless we gain something else by doing so that I don't see?).

olce added inline comments.Jul 28 2025, 7:10 AM
sys/ufs/ufs/ufs_vnops.c
1646–1647

This is the proper equivalent, my previous suggestion is wrong.

kib marked 2 inline comments as done.Jul 28 2025, 7:10 AM
kib added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

Inode numbers on UFS are 32bit, this is on-disk format, explicit as in the struct direct, and implicit in the mapping from inode number to inode block number. We should use that in the UFS/FFS code.

In fact doing inode number as uint64_t is probably wrong for inode block number calculation.

olce accepted this revision.Jul 28 2025, 7:14 AM
olce added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

In fact doing inode number as uint64_t is probably wrong for inode block number calculation.

If there is no UFS plan for an extension to 64-bit inode numbers, indeed. That should of course not block this change.

This revision is now accepted and ready to land.Jul 28 2025, 7:14 AM
kib marked 4 inline comments as done.Jul 28 2025, 7:35 AM
kib added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

This would be UFS3.
At least I do not plan to work on this in foreseeable future.

kib updated this revision to Diff 159263.Jul 28 2025, 7:36 AM
kib marked an inline comment as done.

Simplify one logical op.

This revision now requires review to proceed.Jul 28 2025, 7:36 AM
olce accepted this revision.Jul 28 2025, 7:37 AM
olce added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

I don't either. And I don't think mckusick@ does either.

This revision is now accepted and ready to land.Jul 28 2025, 7:37 AM
mckusick accepted this revision.Jul 28 2025, 8:52 PM

This change is correct.

Closed by commit rGc069ca085bd1: ufs_vnops.c: use unsigned type for newparent inode number in ufs_rename() (authored by kib). · Explain WhyJul 28 2025, 8:57 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rGc069ca085bd1: ufs_vnops.c: use unsigned type for newparent inode number in ufs_rename().
kib added a commit: rG610319c766e9: ufs_vnops.c: newparent is not bool.
pfg added a subscriber: pfg.Jul 29 2025, 6:36 AM
pfg added inline comments.
sys/ufs/ufs/ufs_vnops.c
1272

FWIW, and sorry for being late ...
There was an effort to move to standard types in UFS (831b1ff7913f), so that should have been unsigned int, or uint32_t

kib added inline comments.Jul 29 2025, 7:39 PM
sys/ufs/ufs/ufs_vnops.c
1272

Referenced revision removed u_intXX_t. I do not see a reason why u_int contraction would be banned.

pfg added inline comments.Jul 29 2025, 9:36 PM
sys/ufs/ufs/ufs_vnops.c
1272

It is not formally banned, but the idea was to favor standard types: u_int is in the same category of u_intXX_t. I recall there was another commit that also swept some u_ints but I can't find the log.

In any case ... nevermind, I am not asking for it to be changed, it just looked a little weird.

Revision Contents
Changeset List

PathSize
sys/
ufs/
ufs/
3 lines

Diff 159366

View Options

sys/ufs/ufs/ufs_vnops.c

Loading...