aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuido van Rooij <guido@FreeBSD.org>1997-03-23 20:08:22 +0000
committerGuido van Rooij <guido@FreeBSD.org>1997-03-23 20:08:22 +0000
commit8f89943eda4491e3d0a67cc4084e0c9c49d5be52 (patch)
treeb9411eec7d5aa143a88d2b00622c513c58e81906
parent8187fe48133bc2a01ee7fcbb9ad4589c545490f0 (diff)
downloadsrc-8f89943eda4491e3d0a67cc4084e0c9c49d5be52.tar.gz
src-8f89943eda4491e3d0a67cc4084e0c9c49d5be52.zip
Add generation number randomization. Newly created filesystems wil now
automatically have random generation numbers. The kenel way of handling those also changed. Further it is advised to run fsirand on all your nfs exported filesystems. the code is mostly copied from OpenBSD, with the randomization chanegd to use /dev/urandom Reviewed by: Garrett Obtained from: OpenBSD
Notes
Notes: svn path=/head/; revision=24149
-rw-r--r--sbin/Makefile2
-rw-r--r--sbin/fsirand/Makefile8
-rw-r--r--sbin/fsirand/fsirand.8109
-rw-r--r--sbin/fsirand/fsirand.c292
-rw-r--r--sbin/newfs/Makefile2
-rw-r--r--sbin/newfs/mkfs.c43
-rw-r--r--sys/kern/vfs_extattr.c14
-rw-r--r--sys/kern/vfs_syscalls.c14
-rw-r--r--sys/ufs/ffs/ffs_alloc.c9
-rw-r--r--sys/ufs/ffs/ffs_vfsops.c13
-rw-r--r--sys/ufs/ffs/fs.h5
11 files changed, 486 insertions, 25 deletions
diff --git a/sbin/Makefile b/sbin/Makefile
index 930798028ee5..dc06d5307391 100644
--- a/sbin/Makefile
+++ b/sbin/Makefile
@@ -3,7 +3,7 @@
# XXX MISSING: icheck ncheck
SUBDIR= adjkerntz badsect ccdconfig clri disklabel dmesg dset dump dumpfs \
- dumpon fsck fsdb ifconfig init ipfw md5 mknod modload \
+ dumpon fsck fsdb fsirand ifconfig init ipfw md5 mknod modload \
modunload mount mount_cd9660 mount_ext2fs \
mount_lfs mount_nfs mount_null mount_portal mount_std \
mount_umap mount_union mountd newfs nfsd nfsiod \
diff --git a/sbin/fsirand/Makefile b/sbin/fsirand/Makefile
new file mode 100644
index 000000000000..5f2446bb9e82
--- /dev/null
+++ b/sbin/fsirand/Makefile
@@ -0,0 +1,8 @@
+# $OpenBSD: Makefile,v 1.1 1997/01/26 02:23:20 millert Exp $
+
+PROG= fsirand
+MAN= fsirand.8
+DPADD= ${LIBUTIL}
+LDADD= -lutil
+
+.include <bsd.prog.mk>
diff --git a/sbin/fsirand/fsirand.8 b/sbin/fsirand/fsirand.8
new file mode 100644
index 000000000000..94a02e36c072
--- /dev/null
+++ b/sbin/fsirand/fsirand.8
@@ -0,0 +1,109 @@
+.\" Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by Todd C. Miller.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\" derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $OpenBSD: fsirand.8,v 1.6 1997/02/23 03:58:26 millert Exp $
+.\"
+.Dd January 25, 1997
+.Dt FSIRAND 8
+.Os
+.Sh NAME
+.Nm fsirand
+.Nd randomize inode generation numbers
+.Sh SYNOPSIS
+.Nm fsirand
+.Op Fl b
+.Op Fl f
+.Op Fl p
+.Ar special
+.Op Ar "special ..."
+.Sh DESCRIPTION
+The
+.Nm fsirand
+command installs random generation numbers on all the inodes for
+each filesystem specified on the command line by
+.Ar special .
+This increases the security of NFS-exported filesystems by making
+it difficult to ``guess'' filehandles.
+.Pp
+.Em Note:
+.Xr newfs 8
+now does the equivalent of
+.Nm
+itself so it is no longer necesary to
+run
+.Nm
+by hand on a new filesystem. It is only used to
+re-randomize or report on an existing filesystem.
+.Pp
+.Nm Fsirand
+should only be used on an unmounted filesystem that
+has been checked with
+.Xr fsck 8
+or a filesystem that is mounted read-only.
+.Nm Fsirand
+may be used on the root filesystem in single-user mode
+but the system should be rebooted via ``reboot -n'' afterwards.
+.Sh OPTIONS
+.Bl -tag -width indent
+The available options are as follows:
+.It Fl b
+Use the default block size (usuallyt 512 bytes) instead
+of the value gleaned from the disklabel.
+.It Fl f
+Force
+.Nm
+to run even if the filesystem on
+.Ar special
+is not marked as clean.
+.It Fl p
+Print the current generation numbers for all inodes instead of
+generating new ones.
+.Sh CAVEATS
+Since
+.Nm
+allocates enough memory to hold all the inodes in
+a given cylinder group it is may use a large amount
+of memory for large disks with few cylinder groups.
+.Sh SEE ALSO
+.Xr fs 5 ,
+.Xr fsck 8 ,
+.Xr newfs 8 .
+.Sh HISTORY
+The
+.Nm
+command appeared in SunOS 3.x.
+.br
+This version of
+.Nm
+first appeared in
+.Bx Open
+2.1.
+.Sh AUTHOR
+.nf
+Todd C. Miller <Todd.Miller@courtesan.com>
+.fi
diff --git a/sbin/fsirand/fsirand.c b/sbin/fsirand/fsirand.c
new file mode 100644
index 000000000000..4875ef59482d
--- /dev/null
+++ b/sbin/fsirand/fsirand.c
@@ -0,0 +1,292 @@
+/* $OpenBSD: fsirand.c,v 1.9 1997/02/28 00:46:33 millert Exp $ */
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Todd C. Miller.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$OpenBSD: fsirand.c,v 1.9 1997/02/28 00:46:33 millert Exp $";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/disklabel.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <ufs/ffs/fs.h>
+#include <ufs/ufs/dinode.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void usage __P((int));
+int fsirand __P((char *));
+
+extern char *__progname;
+
+int printonly = 0, force = 0, ignorelabel = 0;
+
+int
+main(argc, argv)
+ int argc;
+ char *argv[];
+{
+ int n, ex = 0;
+ struct rlimit rl;
+
+ while ((n = getopt(argc, argv, "bfp")) != -1) {
+ switch (n) {
+ case 'b':
+ ignorelabel++;
+ break;
+ case 'p':
+ printonly++;
+ break;
+ case 'f':
+ force++;
+ break;
+ default:
+ usage(1);
+ }
+ }
+ if (argc - optind < 1)
+ usage(1);
+
+ /* Increase our data size to the max */
+ if (getrlimit(RLIMIT_DATA, &rl) == 0) {
+ rl.rlim_cur = rl.rlim_max;
+ if (setrlimit(RLIMIT_DATA, &rl) < 0)
+ warn("Can't get resource limit to max data size");
+ } else
+ warn("Can't get resource limit for data size");
+
+ for (n = optind; n < argc; n++) {
+ if (argc - optind != 1)
+ (void)puts(argv[n]);
+ ex += fsirand(argv[n]);
+ if (n < argc - 1)
+ putchar('\n');
+ }
+
+ exit(ex);
+}
+
+int
+fsirand(device)
+ char *device;
+{
+ static struct dinode *inodebuf;
+ static size_t oldibufsize;
+ size_t ibufsize;
+ struct fs *sblock;
+ ino_t inumber, maxino;
+ daddr_t dblk;
+ char sbuf[SBSIZE], sbuftmp[SBSIZE];
+ int devfd, n, cg;
+ u_int32_t bsize = DEV_BSIZE;
+ struct disklabel label;
+
+ if ((devfd = open(device, printonly ? O_RDONLY : O_RDWR)) < 0) {
+ warn("Can't open %s", device);
+ return (1);
+ }
+
+ /* Get block size (usually 512) from disklabel if possible */
+ if (!ignorelabel) {
+ if (ioctl(devfd, DIOCGDINFO, &label) < 0)
+ warn("Can't read disklabel, using sector size of %d",
+ bsize);
+ else
+ bsize = label.d_secsize;
+ }
+
+ /* Read in master superblock */
+ (void)memset(&sbuf, 0, sizeof(sbuf));
+ sblock = (struct fs *)&sbuf;
+ if (lseek(devfd, SBOFF, SEEK_SET) == -1) {
+ warn("Can't seek to superblock (%qd) on %s", SBOFF, device);
+ return (1);
+ }
+ if ((n = read(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warnx("Can't read superblock on %s: %s", device,
+ (n < SBSIZE) ? "short read" : strerror(errno));
+ return (1);
+ }
+ maxino = sblock->fs_ncg * sblock->fs_ipg;
+
+ /* Simple sanity checks on the superblock */
+ if (sblock->fs_magic != FS_MAGIC) {
+ warnx("Bad magic number in superblock");
+ return (1);
+ }
+ if (sblock->fs_sbsize > SBSIZE) {
+ warnx("Superblock size is preposterous");
+ return (1);
+ }
+ if (sblock->fs_postblformat == FS_42POSTBLFMT) {
+ warnx("Filesystem format is too old, sorry");
+ return (1);
+ }
+ if (!force && !printonly && sblock->fs_clean != 1) {
+ warnx("Filesystem is not clean, fsck %s first.", device);
+ return (1);
+ }
+
+ /* Make sure backup superblocks are sane. */
+ sblock = (struct fs *)&sbuftmp;
+ for (cg = 0; cg < sblock->fs_ncg; cg++) {
+ dblk = fsbtodb(sblock, cgsblock(sblock, cg));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read backup superblock %d on %s: %s",
+ cg + 1, device, (n < SBSIZE) ? "short write"
+ : strerror(errno));
+ return (1);
+ }
+ if (sblock->fs_magic != FS_MAGIC) {
+ warnx("Bad magic number in backup superblock %d on %s",
+ cg + 1, device);
+ return (1);
+ }
+ if (sblock->fs_sbsize > SBSIZE) {
+ warnx("Size of backup superblock %d on %s is preposterous",
+ cg + 1, device);
+ return (1);
+ }
+ }
+ sblock = (struct fs *)&sbuf;
+
+ /* XXX - should really cap buffer at 512kb or so */
+ ibufsize = sizeof(struct dinode) * sblock->fs_ipg;
+ if (oldibufsize < ibufsize) {
+ if ((inodebuf = realloc(inodebuf, ibufsize)) == NULL)
+ errx(1, "Can't allocate memory for inode buffer");
+ oldibufsize = ibufsize;
+ }
+
+ if (printonly && (sblock->fs_id[0] || sblock->fs_id[1])) {
+ if (sblock->fs_inodefmt >= FS_44INODEFMT && sblock->fs_id[0])
+ (void)printf("%s was randomized on %s", device,
+ ctime((const time_t *)&(sblock->fs_id[0])));
+ (void)printf("fsid: %x %x\n", sblock->fs_id[0],
+ sblock->fs_id[1]);
+ }
+
+ /* Randomize fs_id unless old 4.2BSD filesystem */
+ if ((sblock->fs_inodefmt >= FS_44INODEFMT) && !printonly) {
+ /* Randomize fs_id and write out new sblock and backups */
+ sblock->fs_id[0] = (u_int32_t)time(NULL);
+ sblock->fs_id[1] = random();
+
+ if (lseek(devfd, SBOFF, SEEK_SET) == -1) {
+ warn("Can't seek to superblock (%qd) on %s", SBOFF,
+ device);
+ return (1);
+ }
+ if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read superblock on %s: %s", device,
+ (n < SBSIZE) ? "short write" : strerror(errno));
+ return (1);
+ }
+ }
+
+ /* For each cylinder group, randomize inodes and update backup sblock */
+ for (cg = 0, inumber = 0; cg < sblock->fs_ncg; cg++) {
+ /* Update superblock if appropriate */
+ if ((sblock->fs_inodefmt >= FS_44INODEFMT) && !printonly) {
+ dblk = fsbtodb(sblock, cgsblock(sblock, cg));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, (void *)sblock, SBSIZE)) != SBSIZE) {
+ warn("Can't read backup superblock %d on %s: %s",
+ cg + 1, device, (n < SBSIZE) ? "short write"
+ : strerror(errno));
+ return (1);
+ }
+ }
+
+ /* Read in inodes, then print or randomize generation nums */
+ dblk = fsbtodb(sblock, ino_to_fsba(sblock, inumber));
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd", (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = read(devfd, inodebuf, ibufsize)) != ibufsize) {
+ warnx("Can't read inodes: %s",
+ (n < ibufsize) ? "short read" : strerror(errno));
+ return (1);
+ }
+
+ for (n = 0; n < sblock->fs_ipg; n++, inumber++) {
+ if (inumber >= ROOTINO) {
+ if (printonly)
+ (void)printf("ino %d gen %x\n", inumber,
+ inodebuf[n].di_gen);
+ else
+ inodebuf[n].di_gen = random();
+ }
+ }
+
+ /* Write out modified inodes */
+ if (!printonly) {
+ if (lseek(devfd, (off_t)dblk * bsize, SEEK_SET) < 0) {
+ warn("Can't seek to %qd",
+ (off_t)dblk * bsize);
+ return (1);
+ } else if ((n = write(devfd, inodebuf, ibufsize)) !=
+ ibufsize) {
+ warnx("Can't write inodes: %s",
+ (n != ibufsize) ? "short write" :
+ strerror(errno));
+ return (1);
+ }
+ }
+ }
+ (void)close(devfd);
+
+ return(0);
+}
+
+void
+usage(ex)
+ int ex;
+{
+ (void)fprintf(stderr, "Usage: %s [ -b ] [ -f ] [ -p ] special [special ...]\n",
+ __progname);
+ exit(ex);
+}
diff --git a/sbin/newfs/Makefile b/sbin/newfs/Makefile
index ed9ad9d8d27c..d44fdbaa63fb 100644
--- a/sbin/newfs/Makefile
+++ b/sbin/newfs/Makefile
@@ -6,7 +6,7 @@ MAN8= newfs.8
MOUNT= ${.CURDIR}/../mount
CFLAGS+= -D_NEW_VFSCONF
-CFLAGS+=-DMFS -I${MOUNT}
+CFLAGS+=-DMFS -DFSIRAND -I${MOUNT}
.PATH: ${MOUNT} ${.CURDIR}/../disklabel
LINKS= ${BINDIR}/newfs ${BINDIR}/mount_mfs
diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c
index ab4713da4b61..63ad1bf0bbc3 100644
--- a/sbin/newfs/mkfs.c
+++ b/sbin/newfs/mkfs.c
@@ -86,8 +86,6 @@ extern int realsectorsize; /* bytes/sector in hardware*/
extern int rpm; /* revolutions/minute of drive */
extern int interleave; /* hardware sector interleave */
extern int trackskew; /* sector 0 skew, per track */
-extern int headswitch; /* head switch time, usec */
-extern int trackseek; /* track-to-track seek, usec */
extern int fsize; /* fragment size */
extern int bsize; /* block size */
extern int cpg; /* cylinders/cylinder group */
@@ -121,6 +119,10 @@ union {
struct dinode zino[MAXBSIZE / sizeof(struct dinode)];
+#ifdef FSIRAND
+long fsi_random __P((void));
+#endif
+
int fsi, fso;
daddr_t alloc();
static int charsperline();
@@ -591,8 +593,6 @@ next:
sblock.fs_rotdelay = rotdelay;
sblock.fs_minfree = minfree;
sblock.fs_maxcontig = maxcontig;
- sblock.fs_headswitch = headswitch;
- sblock.fs_trkseek = trackseek;
sblock.fs_maxbpg = maxbpg;
sblock.fs_rps = rpm / 60;
sblock.fs_optim = opt;
@@ -604,6 +604,11 @@ next:
sblock.fs_fmod = 0;
sblock.fs_ronly = 0;
sblock.fs_clean = 1;
+#ifdef FSIRAND
+ sblock.fs_id[0] = (long)utime;
+ sblock.fs_id[1] = fsi_random();
+#endif
+
/*
* Dump out summary information about file system.
*/
@@ -751,9 +756,14 @@ initcg(cylno, utime)
setbit(cg_inosused(&acg), i);
acg.cg_cs.cs_nifree--;
}
- for (i = 0; i < sblock.fs_ipg / INOPF(&sblock); i += sblock.fs_frag)
+ for (i = 0; i < sblock.fs_ipg / INOPF(&sblock); i += sblock.fs_frag) {
+#ifdef FSIRAND
+ for (j = 0; j < sblock.fs_bsize / sizeof(struct dinode); j++)
+ zino[j].di_gen = fsi_random();
+#endif
wtfs(fsbtodb(&sblock, cgimin(&sblock, cylno) + i),
sblock.fs_bsize, (char *)zino);
+ }
if (cylno > 0) {
/*
* In cylno 0, beginning space is reserved
@@ -1057,6 +1067,9 @@ iput(ip, ino)
daddr_t d;
int c;
+#ifdef FSIRAND
+ ip->di_gen = fsi_random();
+#endif
c = ino_to_cg(&sblock, ino);
rdfs(fsbtodb(&sblock, cgtod(&sblock, 0)), sblock.fs_cgsize,
(char *)&acg);
@@ -1336,3 +1349,23 @@ charsperline()
columns = 80; /* last resort */
return columns;
}
+
+#ifdef FSIRAND
+long
+fsi_random(void) {
+ static int fd = -1;
+ long ret;
+
+ if (fd == -1) {
+ if ((fd = open("/dev/urandom", O_RDONLY)) == -1) {
+ perror("open /dev/urandom");
+ exit(1);
+ }
+ }
+ if (read(fd, &ret, sizeof(ret)) != sizeof(ret)) {
+ perror("read /dev/urandom");
+ exit(1);
+ }
+ return(ret);
+}
+#endif
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 6404a8c502a7..2997fe56500b 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
- * $Id: vfs_syscalls.c,v 1.59 1997/03/05 01:42:14 msmith Exp $
+ * $Id: vfs_syscalls.c,v 1.60 1997/03/23 03:36:35 bde Exp $
*/
/*
@@ -558,6 +558,7 @@ statfs(p, uap, retval)
register struct statfs *sp;
int error;
struct nameidata nd;
+ struct statfs sb;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if (error = namei(&nd))
@@ -569,6 +570,11 @@ statfs(p, uap, retval)
if (error)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
+ if (p->p_ucred->cr_uid != 0) {
+ bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
+ sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
+ sp = &sb;
+ }
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
}
@@ -595,6 +601,7 @@ fstatfs(p, uap, retval)
struct mount *mp;
register struct statfs *sp;
int error;
+ struct statfs sb;
if (error = getvnode(p->p_fd, SCARG(uap, fd), &fp))
return (error);
@@ -604,6 +611,11 @@ fstatfs(p, uap, retval)
if (error)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
+ if (p->p_ucred->cr_uid != 0) {
+ bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
+ sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
+ sp = &sb;
+ }
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
}
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 6404a8c502a7..2997fe56500b 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
- * $Id: vfs_syscalls.c,v 1.59 1997/03/05 01:42:14 msmith Exp $
+ * $Id: vfs_syscalls.c,v 1.60 1997/03/23 03:36:35 bde Exp $
*/
/*
@@ -558,6 +558,7 @@ statfs(p, uap, retval)
register struct statfs *sp;
int error;
struct nameidata nd;
+ struct statfs sb;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if (error = namei(&nd))
@@ -569,6 +570,11 @@ statfs(p, uap, retval)
if (error)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
+ if (p->p_ucred->cr_uid != 0) {
+ bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
+ sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
+ sp = &sb;
+ }
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
}
@@ -595,6 +601,7 @@ fstatfs(p, uap, retval)
struct mount *mp;
register struct statfs *sp;
int error;
+ struct statfs sb;
if (error = getvnode(p->p_fd, SCARG(uap, fd), &fp))
return (error);
@@ -604,6 +611,11 @@ fstatfs(p, uap, retval)
if (error)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
+ if (p->p_ucred->cr_uid != 0) {
+ bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
+ sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
+ sp = &sb;
+ }
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
}
diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c
index 3be3f2fde5c8..3483b560a388 100644
--- a/sys/ufs/ffs/ffs_alloc.c
+++ b/sys/ufs/ffs/ffs_alloc.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ffs_alloc.c 8.18 (Berkeley) 5/26/95
- * $Id: ffs_alloc.c,v 1.31 1997/03/09 06:00:40 mpp Exp $
+ * $Id: ffs_alloc.c,v 1.32 1997/03/22 06:53:28 bde Exp $
*/
#include "opt_quota.h"
@@ -55,8 +55,6 @@
#include <ufs/ffs/fs.h>
#include <ufs/ffs/ffs_extern.h>
-extern u_long nextgennumber;
-
typedef ufs_daddr_t allocfcn_t __P((struct inode *ip, int cg, ufs_daddr_t bpref,
int size));
@@ -601,9 +599,8 @@ ffs_valloc(ap)
/*
* Set up a new generation number for this inode.
*/
- if (++nextgennumber < (u_long)time.tv_sec)
- nextgennumber = time.tv_sec;
- ip->i_gen = nextgennumber;
+ if (ip->i_gen == 0 || ++(ip->i_gen) == 0)
+ ip->i_gen = random() / 2 + 1;
return (0);
noinodes:
ffs_fserr(fs, ap->a_cred->cr_uid, "out of inodes");
diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 625097537a53..31c54863689d 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ffs_vfsops.c 8.31 (Berkeley) 5/20/95
- * $Id: ffs_vfsops.c,v 1.49 1997/03/22 06:53:30 bde Exp $
+ * $Id: ffs_vfsops.c,v 1.50 1997/03/23 03:37:34 bde Exp $
*/
#include "opt_quota.h"
@@ -92,8 +92,6 @@ struct vfsops ufs_vfsops = {
VFS_SET(ufs_vfsops, ufs, MOUNT_UFS, 0);
-extern u_long nextgennumber;
-
/*
* ffs_mount
*
@@ -585,7 +583,10 @@ ffs_mountfs(devvp, mp, p)
}
mp->mnt_data = (qaddr_t)ump;
mp->mnt_stat.f_fsid.val[0] = (long)dev;
- mp->mnt_stat.f_fsid.val[1] = mp->mnt_vfc->vfc_typenum;
+ if (fs->fs_id[0] != 0 && fs->fs_id[1] != 0)
+ mp->mnt_stat.f_fsid.val[1] = fs->fs_id[1];
+ else
+ mp->mnt_stat.f_fsid.val[1] = mp->mnt_vfc->vfc_typenum;
mp->mnt_maxsymlinklen = fs->fs_maxsymlinklen;
mp->mnt_flag |= MNT_LOCAL;
ump->um_mountp = mp;
@@ -1015,9 +1016,7 @@ restart:
* already have one. This should only happen on old filesystems.
*/
if (ip->i_gen == 0) {
- if (++nextgennumber < (u_long)time.tv_sec)
- nextgennumber = time.tv_sec;
- ip->i_gen = nextgennumber;
+ ip->i_gen = random() / 2 + 1;
if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0)
ip->i_flag |= IN_MODIFIED;
}
diff --git a/sys/ufs/ffs/fs.h b/sys/ufs/ffs/fs.h
index df9f95a769db..9c9debe9336d 100644
--- a/sys/ufs/ffs/fs.h
+++ b/sys/ufs/ffs/fs.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)fs.h 8.13 (Berkeley) 3/21/95
- * $Id$
+ * $Id: fs.h,v 1.10 1997/02/22 09:47:11 peter Exp $
*/
#ifndef _UFS_FFS_FS_H_
@@ -200,8 +200,7 @@ struct fs {
int32_t fs_npsect; /* # sectors/track including spares */
int32_t fs_interleave; /* hardware sector interleave */
int32_t fs_trackskew; /* sector 0 skew, per track */
- int32_t fs_headswitch; /* head switch time, usec */
- int32_t fs_trkseek; /* track-to-track seek, usec */
+/* fs_id takes the space of the unused fs_headswitch and fs_trkseek fields */ int32_t fs_id[2]; /* unique filesystem id */
/* sizes determined by number of cylinder groups and their sizes */
ufs_daddr_t fs_csaddr; /* blk addr of cyl grp summary area */
int32_t fs_cssize; /* size of cyl grp summary area */