• Kirk McKusick's avatar
    Continuing efforts to provide hardening of FFS. This change adds a · 8f829a5c
    Kirk McKusick authored
    check hash to the filesystem inodes. Access attempts to files
    associated with an inode with an invalid check hash will fail with
    EINVAL (Invalid argument). Access is reestablished after an fsck
    is run to find and validate the inodes with invalid check-hashes.
    This check avoids a class of filesystem panics related to corrupted
    inodes. The hash is done using crc32c.
    Note this check-hash is for the inode itself and not any of its
    indirect blocks. Check-hash validation may be extended to also
    cover indirect block pointers, but that will be a separate (and
    more costly) feature.
    Check hashes are added only to UFS2 and not to UFS1 as UFS1 is
    primarily used in embedded systems with small memories and low-powered
    processors which need as light-weight a filesystem as possible.
    Reviewed by:  kib
    Tested by:    Peter Holm
    Sponsored by: Netflix