Continuing efforts to provide hardening of FFS, this change adds a

check hash to the superblock. If a check hash fails when an attempt
is made to mount a filesystem, the mount fails with EINVAL (Invalid
argument). This avoids a class of filesystem panics related to
corrupted superblocks. The hash is done using crc32c.

Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily
used in embedded systems with small memories and low-powered processors
which need as light-weight a filesystem as possible.

Reviewed by:  kib
Tested by:    Peter Holm
Sponsored by: Netflix

1 files changed, 5 insertions, 3 deletions

diff --git a/sbin/fsck_ffs/main.c b/sbin/fsck_ffs/main.c
index c160295d2702..e5118619475b 100644
--- a/sbin/fsck_ffs/main.c
+++ b/sbin/fsck_ffs/main.c
@@ -460,11 +460,13 @@ checkfilesys(char *filesys)
 		if ((sblock.fs_metackhash & CK_CYLGRP) == 0 &&
 		    reply("ADD CYLINDER GROUP CHECK-HASH PROTECTION") != 0)
 			ckhashadd |= CK_CYLGRP;
-#ifdef notyet
 		if ((sblock.fs_metackhash & CK_SUPERBLOCK) == 0 &&
 		    getosreldate() >= P_OSREL_CK_SUPERBLOCK &&
-		    reply("ADD SUPERBLOCK CHECK-HASH PROTECTION") != 0)
-			ckhashadd |= CK_SUPERBLOCK;
+		    reply("ADD SUPERBLOCK CHECK-HASH PROTECTION") != 0) {
+			sblock.fs_metackhash |= CK_SUPERBLOCK;
+			sbdirty();
+		}
+#ifdef notyet
 		if ((sblock.fs_metackhash & CK_INODE) == 0 &&
 		    getosreldate() >= P_OSREL_CK_INODE &&
 		    reply("ADD INODE CHECK-HASH PROTECTION") != 0)