Purge more stray embedded $FreeBSD$ strings

These do not use __FBSDID but instead use bare char arrays.

Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D41957

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

Diff reduction against NetBSD, no functional change.

MFC after: 1 week

Correct off-by-two issue when determining FAT type.

In the code we used NumClusters as the upper (non-inclusive) boundary
of valid cluster number, so the actual value was 2 (CLUST_FIRST) more
than the real number of clusters. This causes a FAT16 media with
65524 clusters be treated as FAT32 and might affect FAT12 media with
4084 clusters as well.

To fix this, we increment NumClusters by CLUST_FIRST after the type
determination.

PR: 243179
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D23082

Apply typo fix from NetBSD, we have already applied all NetBSD changes so
update the NetBSD tag while I'm there.

MFC after: 2 weeks

Require FAT to occupy at least one sector.

Obtained from: Android https://r.android.com/1205830
MFC after: 3 days

Reduce memory footprint of fsck_msdosfs.

This is a re-apply r356249 with changes to make GCC happy.

This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.

With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.

Address this by taking a different approach of validating the FAT.

The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.

We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.

When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.

As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.

sbin/fsck_msdosfs/boot.c:

- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.

sbin/fsck_msdosfs/check.c:

- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.

sbin/fsck_msdosfs/dir.c:

- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).

sbin/fsck_msdosfs/dosfs.h:

- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.

sbin/fsck_msdosfs/ext.h:

- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.

sbin/fsck_msdosfs/fat.c:

- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.

sbin/fsck_msdosfs/fat.c:

- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().

Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965

Revert r356249 for now as it broke GCC builds.

Reduce memory footprint of fsck_msdosfs.

This utility was initially written for FAT12/16, which were inherently
small. When FAT32 support was added, the old data structure and
algorithms remain used with minimal changes.

With growing size of FAT32 media, the current data structure that
requires 4 32-bit variables per each FAT32 table entry would consume up
to 4 GiB of RAM, which can be too big for systems with limited RAM
available.

Address this by taking a different approach of validating the FAT.

The FAT is essentially a set of linked lists of chains that was
referenced by directory entries, and the checker needs to make sure that
the linked chains of clusters do not have cross-linked chains, and every
chain were referenced by one and only one directory entry. Instead of
keeping track of the chain's 'head' cluster number, the size of the
chain, the used status of the chain and the "next" pointer which is
content of the FAT table, we create accessors for the FAT table data
for the "next" pointer, and keep only one bit to indicate if the
current cluster is a 'head' node of a cluster chain, in a bitmap.

We further overhaul the FAT checker to find out the possible head nodes
by excluding ones that are not (in other words, nodes that have some
other nodes claiming them as the next node) instead of marking the head
nodes for each node on the chain. This approach greatly reduced the
complexiety of computation from O(N^2) worst case, to an O(N) scan for
worst case. The file (cluster chain) length is not useful for the FAT
checker, so don't bother to calculate them in the FAT checker and
instead leave the task to the directory structure check, at which point
we would have non-crossed cluster chains, and we are guaranteed that
each cluster will be visited for at most one time.

When checking the directory structures, we use the head node indicator
to as the visited (used) flag: every cluster chain can only be
referenced by one directory entry, so we clear them when calculating
the length of the chain, and we can immediately tell if there are
anomalies in the directory entry.

As a result, the required RAM size is now 1 bit per each entry of
the FAT table, plus memory needed to hold the FAT table in memory,
instead of 16 bytes (=128 bits) per each entry. For FAT12 and FAT16,
we will load the whole FAT table into memory as they are smaller than
128KiB, and for FAT32, we first attempt to mmap() it into memory, and
when that fails, we would fall back to a simple LRU cache of 4 MiB of
RAM.

sbin/fsck_msdosfs/boot.c:

- Added additional sanity checks for valid FAT32/FAT16/FAT12 cluster
number.
- FAT32: check if root directory starts with a valid cluster number,
moved from dir.c. There is no point to proceed if the filesystem
is already damaged beyond repair.

sbin/fsck_msdosfs/check.c:

- Combine phase 1 and phase 2, now that the readfat() is able to
detect cross chains.

sbin/fsck_msdosfs/dir.c:

- Refactor code to use FAT accessor instead of accessing the internal
representation of FAT table.
- Make use of the cluster chain head bitmap.
- Clarify and simplify directory entry check, remove unnecessary
checks that are would be done at a later time (for example, whether
the directory's second cluster is a valid one, which is examined
more throughly in a later checkchain() and does not prevent us
from proceeding further).

sbin/fsck_msdosfs/dosfs.h:

- Remove internal representation of FAT table, which is replaced by
the head bitmap that is opaque to other code.
- Added a special CLUST_DEAD cluster type to indicate errors.

sbin/fsck_msdosfs/ext.h:

- Added a flag that overrides mmap(2) setting. The corresponding
command line option, -M is intentionally undocumented as we do not
expect users to need it.
- Added accessors for FAT table and convert existing interface to use
it.

sbin/fsck_msdosfs/fat.c:

- Added head bitmap to represent whether a cluster is a head cluster.
- Converted FAT internal representation to accessors.
- Implemented a LRU cache for FAT32 when mmap(2) should not or can not
be used.
- _readfat: Attempt a mmap(2) and fall back to regular read for
non-FAT32 file systems; use the LRU cache for FAT32 and prepopulate
the cache with the first 4MiB of the entries.
- readfat: Added support of head bitmap and use the population scan to
detect bogus chains.
- clusterdiff: removed, FATs are copied from the checked copy via
writefat()/copyfat().
- checkchain: calculates the length of a cluster chain and make sure
that it ends with a valid EOF marker.
- clearchain: follow and clear a chain and maintain the free cluster
count.
- checklost: convert to use head bitmap. At the end of all other scans,
the remaining 'head' nodes are leaders of lost cluster chains.

sbin/fsck_msdosfs/fat.c:

- Added a new -M option which is intentionally undocumented, to disable
the use of mmap().

Reviewed by: kevlo
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D22965

Avoid mixing cluster numbers and sector numbers. Makes code more readable.

Obtained from: NetBSD
MFC after: 2 weeks

Comment boot block checks and perform additional sanity checks:

The following checks are now being enforced:

- bpbBytesPerSec: only accept 512, 1024, 2048 and 4096.
- bpbSecPerClust: only accept 1, 2, 4, 8, 16, 32, 64 and 128.
- bpbResSectors: require non-zero.
- bpbFATs: require non-zero.
- bpbSectors: require zero for FAT32.
- bpbFATsmall: require zero for FAT32.
- bpbHugeSectors: require non-zero for FAT32.

Bail out if the BPB contained values that do not meet these requirements.

We also require FATsecs * FATsecs to not overflow 32-bit unsigned
integer.

Check for backup boot block was removed because the checker does not take
corrective action, and msdosfs driver ignores it too.

Blankspace. No actual code change.

MFC after: 2 weeks

Detect and handle invalid number of FATs

If the number of FATs field in the boot sector is zero, give
an appropriate error code.

Obtained from: Android https://android.googlesource.com/platform/external/fsck_msdos/+/6c29bbe8d58e6fe8755935a04166ecf82ff31f47%5E%21/
MFC after: 2 weeks

Detect exFAT filesystems and abort if found and tighten BPB sanity
check.

Obtained from: Android https://android-review.googlesource.com/61827
MFC after: 2 weeks

Fix division by zero when reading boot block by postponing division
until it is necessary and after we validated bytes per sector is non-
zero.

Obtained from: Android https://android-review.googlesource.com/c/platform/external/fsck_msdos/+/36362
MFC after: 2 weeks

Don't bail out when we find primary and secondary bootblocks miscompare.
We do not have code to fix this situation, and the mismatch does not
prevent the kernel driver from consuming the file system, and some factory
formatted SD cards seem to have a garbage backup block.

This makes the code match to its comments (replacing pfatal with pwarn).

Inspired by: NetBSD r1.13
Inspired by: https://android.googlesource.com/platform/external/fsck_msdos/+/b47b16353f3db228711dded9f7c975b820059ddc
MFC after: 2 weeks

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

fsck_msdosfs: Adjust a check.

The on-disk FAT array does not include anything before CLUST_FIRST,
compensate in size check.

Obtained from: NetBSD (CVS Rev. 1.20)
MFC after: 2 weeks

Make UEFI booting of 4Kn disks work:
- convert boot1.efi to corrrectly calculate the lba for what the
media reports and convert the size based on what FreeBSD uses.
The existing code would use the 512 byte lba and convert the
size using 4K byte size.
- make fsck_msdosfs read the boot block as 4K so the read doesn't
fail on a 4Kn drive since FreeBSD will error out parition reads
of a block. Make the bpbBytesPerSec check a multiple of 512 since
it can be 512 or 4K depending on the disk. This allows fsck to
pass checking the EFI partition on a 4Kn disk.

To create the EFI file system I used:
newfs_msdos -F 32 -S 4096 -c 1 -m 0xf8 <partition>
This works for booting 512 and 4Kn disks.

Caveat is that loader.efi cannot read the 4Kn EFI partition. This isn't
critical right now since boot1.efi will read loader.efi from the ufs
partition. It looks like loader.efi can be fixed via making some of the
512 bytes reads more flexible. loader.efi doesn't have trouble reading
the ufs partition. This is probably a simple fix.

I now have FreeBSD installed on a system with 4Kn drives and tested the
same code works on 512.

MFC after: 1 week

Make fsck and fsck_msdosfs WARNS=6 clean

- sprinkle const
- add volatile qualifier to avoid vfork clobbering

Inspired by: NetBSD
PR: bin/139802
Reviewed by: ed

sbin/fsck: s/perror/perr/ to avoid shadowing

- rename some other vars too
- merge NetBSD license changes

Obtained from: NetBSD
PR: bin/139802
Reviewed by: ed

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Fix some style(9), although there's a lot more issues here.
Fix some casting errors.

PR: 142384
Submitted by: giffunip at tutopia dot com
Obtained from: NetBSD
MFC after: 3 weeks

MFC r203874:
Rename fields to match better the msdosfs headers.

MFC r203872:
Bug fixes from NetBSD.

MFC r203871:
License changes from NetBSD.
Move to 2 clause license, approved by Wolfgang Solfrank.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Rename fields to match better the msdosfs headers. This work is still
incomplete as some info doesn't really belong to the structs where it is
defined.

Submitted by: Pedro F. Giffuni <giffunip tutopia com>
Reviewed by: bde
MFC after: 2 weeks

Bug fixes from NetBSD
- fix sign-compare issues.
- ANSIfy a couple of functions.
- Remove more duplicate #includes.
- Memory leak found by Coverity on NetBSD.

Submitted by: Pedro F. Giffuni <giffunip tutopia com>
Reviewed by: bde
MFC after: 2 weeks

License changes from NetBSD.
Move to 2 clause license, approved by Wolfgang Solfrank.

Submitted by: Pedro F. Giffuni <giffunip tutopia com>
MFC after: 2 weeks

- Import the HEAD csup code which is the basis for the cvsmode work.

Use consistent style in user prompts: the question is in a new line
and begins with a capital letter. The rest of pwarn/ask pairs here
follows this style.

Requested by: bde

Prevent the `fix?' question from running together
with the problem description on the terminal: use
conventional punctuation.

Only compare the interesting part of the bootblock with its backup.
Allow check to proceed with bad backup boot block if we're doing a
readonly check. Various typos in comments.

Obtained from: NetBSD

s/filesystem/file system/g as discussed on -developers

Add fsck_msdosfs.

Obtained from: NetBSD