| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
v1.47.1
|
|
This fixes a Lintian warning which is triggered by an arbtrary
MANROFFSEQ='' environment variable:
an.tmac:<standard input>:376: warning: tbl preprocessor failed, or it or soelim was not run; table(s) likely not rendered (TE macro called with TW register undefined)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
So far, we have used `instalable: false` to avoid collision with the
other modules that are installed to the same path. A typical example was
<foo> and <foo>.microdroid. The latter is a modified version of the
former for the inclusion of the microdroid image. They however both have
the same instalation path (ex: system/bin) and stem (ex: foo) so that we
can reference them using the same path regardless of whether we are in
Android or microdroid.
However, the use of `installable: false` for the purpose is actually
incorrect, because `installable: false` also means, obviously, "this
module shouldn't be installed". The only reason this incorrect way has
worked is simply because packaging modules (ex: android_filesystem)
didn't respect the property when gathering the modules.
As packaging modules are now fixed to respect `installable: false`, we
need a correct way of avoiding the collision. `no_full_install: true` is
it.
If a module has this property set to true, it is never installed to the
full instal path like out/target/product/<partition>/... It can be
installed only via packaging modules.
Bug: 338160898
Test: m
Change-Id: Idb173a7e3528c96b23f857bb3bdf5f37e698c445
From AOSP commit: 21a895548df7de83ce1e2e146e1718e5f723af7f
|
|
borked and breaks asan build
Bugs: me
Test: build with SANITIZE_HOST=address
Change-Id: I9ae15ba328081c38e31c61834e80ce10765f9e30
From AOSP commit: eff2c071b546c3d2d3ea5eb89328babcc48e4bc2
|
|
vendor_init needs to execute these binaries when converting partitions
to EXT4.
Test: th
Bug: 293313353
Change-Id: I1fa49c1a0f802b3c36e96112ef262bae4d5d394a
From AOSP commit: 0b54b8227815d447b52de76bb419735b21608941
|
|
It was being installed on some products when it shouldn't be.
Bug: 205632228
Test: m installclean && m with aosp/2773149
Change-Id: I7f4642ba6fa8d97f7711b6df57c4e3fd781b40fd
From AOSP commit: ecb8d2faa7411d9de228a3bd8b883ed2d5220188
|
|
launcher
Test: m libext2_blkid libext2_uuid
Bug: 288342686
Change-Id: Ieaf2b73efe4b9e1ed0b52e12cf931d225cd8844d
From AOSP commit: 24d1f08c6c42a292cb49c0526d2a39e889c50683
|
|
Fix same_file() to use stat() instead of lstat() when checking the
paths, so that symlinks are dereferenced. This is needed to be
consistent with how the paths are actually accessed later. Otherwise,
not all cases where the input and output file are the same are detected.
Also just use the stat() result to check whether the output file exists,
instead of using a separate call to access().
Fixes: db6f320912cf ("AOSP: android: add the ext2simg tool")
Change-Id: Ie36981f9dbc19494732f518488a75fb92c0f0343
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 08c122f12fc231029a74c24b969e337203c7b6e2
|
|
Check the return value of io_channel_read_blk64() correctly, considering
that it returns an errcode_t, which can be positive.
Fixes: db6f320912cf ("AOSP: android: add the ext2simg tool")
Change-Id: Iafc6c0169bc8ac79198f285da0246ff3b841ded8
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 60634ff32a0d8c0d7942c6e522a74a5051d4b6e9
|
|
libsparse assumes 32-bit block numbers. Also, ext2simg might read
nearly the entire filesystem into memory.
Therefore, make ext2simg use appropriate integer types, and explicitly
check for when the filesystem is too large or allocating memory failed.
Change-Id: Ic415d0e974dce2b4ff6e7fa9265f6e86d371a274
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 8fff11068c100be627745967992fb88759dea9c1
|
|
Remove a level of indentation, check a bool in the normal way, and
simplify the linked list handling. No change in behavior.
Change-Id: I12589a254f155b1c40418458a666b87c7ef5c1cf
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 7d0f5c1aca332da22e4878f5825e0ffb5122f96b
|
|
Use a standard flexible array instead of a nonstandard zero-length
array. No change in behavior.
Change-Id: Ifdce24f5d6e2471634bb785527def3fe8fefc202
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: c88ea796fbf7f4c79155196ec483681b3733bbff
|
|
For the values that get used as the 'bool' parameters of
sparse_file_write(), use 'bool' in ext2simg too. No change in behavior.
Change-Id: I05f7d6fd3027eb10231c035f9fdc8e946e2c4c90
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 2728c6e766976acbf442d3721f2d93960e13682e
|
|
File identity is determined by the combination of st_dev and st_ino, not
by st_ino alone.
This fixes a bug where ext2simg would needlessly make a copy of all the
data when the input and output files happened to have the same st_ino.
Fixes: db6f320912cf ("AOSP: android: add the ext2simg tool")
Change-Id: I94e4bf57d9f91b31e5438768805e9f10bec3411d
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 0749f83a2cf4c134a2403701ab78388500e53f76
|
|
The chunk_end parameter to add_chunk() is exclusive, but two callers
incorrectly treat it as inclusive: when the maximum chunk length of
'INT32_MAX - 12' bytes is reached, and when a chunk extends to the very
end of the filesystem. The result is that the output simg file contains
zeroes for the last block of these chunks instead of the correct data.
A related bug is that the expanded size of the simg file is set to the
filesystem size (in blocks) minus s_first_data_block. On filesystems
where s_first_data_block != 0, i.e. 1K blocksize filesystems without
bigalloc enabled, this truncates the last block of the filesystem.
Fix these bugs by (a) making add_chunk() take the chunk length and
passing the correct values, and (b) using the filesystem size properly.
Here is a reproducer that shows the last block of the filesystem being
truncated (bsize=1024) and being corrupted with zeroes (bsize=4096):
for bsize in 1024 4096; do
rm -f ext4.img
mkfs.ext4 -b $bsize ext4.img 10000
mkdir -p mnt
sudo mount -t ext4 -o loop ext4.img mnt
sudo cp /dev/urandom mnt/fill
sudo umount mnt
ext2simg ext4.img ext4.simg
simg2img ext4.simg ext4.img.restored
cmp ext4.img ext4.img.restored
done
Fixes: db6f320912cf ("AOSP: android: add the ext2simg tool")
Reported-by: Clemens Lang <clemens.lang@bmw.de>
Change-Id: I3b64c4fbffa5821b431f29e99b36168617da7563
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 1e498908c6ac13b4d5ec0117f4ddcd577aac607e
|
|
It turns out the "Can't use getmntent or getmntinfo" warning was the
only warning remaining in the macOS build via the Android build system.
So now that it's fixed, -Wno-error can be removed.
That being said, the upstream CI (GitHub Actions) currently uses
-Wno-error=deprecated-declarations for the macOS build, since it's still
needed for some files (which aren't built by the Android build system).
For now, let's just replace -Wno-error with
-Wno-error=deprecated-declarations to match what the upstream CI uses.
Change-Id: I77f6649b99432ef1d73a0c7e30bbb150c3111b27
From AOSP commit: 6ea38ded59fe970704612a31a3aea4ccaf923d6a
|
|
macOS supports getmntinfo(), but not getmntent(). To match what the
'configure' script detects, define HAVE_GETMNTINFO to 1.
This prevents the following warning:
#warning "Can't use getmntent or getmntinfo to check for mounted filesystems!"
Bug: 267448785
Change-Id: I3131563fc317fa9fef7745937ec2c4b09a1d29b0
From AOSP commit: bb6d46cc9770f4f15a5e52122a16f762c1bb567a
|
|
Unfortunately, the macOS build is not tested either by presubmit or by
local builds. A macOS build *is* being tested in the upstream GitHub
Actions workflow now; however, that uses the autotools-based build
system, and there can be issues specific to the Android build system.
As a result, removing -Wno-error was not safe yet, and the macOS build
is currently broken in postsubmit. As there could be multiple issues,
let's restore -Wno-error until I've had a chance to fix the warnings.
Bug: 267448785
Change-Id: I305f73d1f8637477da3d57b6c93037a6e3d9e829
From AOSP commit: 0ed82a3f0a393605b56672704379f4fc1e53d281
|
|
Addresses-Debian-Bug: #1041115
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The qcow2.h header file uses types such __u32 which are defined in
ext2_types.h. So include it directly to avoid relying on users of the
qcow2.h header file to include right dependencies.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Some old tests of EA inodes were not in fact completely fixing the
filesystem (like they were leaving directories with EA_INODE_FL set or
EA inodes referenced from directory hierarchy). New e2fsck checks fix
these so golden output changes. Update it.
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240506174132.12883-3-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add tests exercising EA inodes and testing various types of corruption.
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240506174132.12883-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Currently checking of EA inodes was rather weak. Add several more
consistency checks.
1) Check that EA inode is a regular file.
2) Check that EA_INODE feature is set if the filesystem has EA inodes.
3) Make sure that no EA inode is referenced from directory hierarchy.
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240506174132.12883-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
There's a issue:
[]$~/e2fsprogs/e2fsck/e2fsck -f scsi-disk2.img
e2fsck 1.47.0 (5-Feb-2023)
scsi-disk2.img: recovering journal
Clearing orphaned inode 12 (uid=0, gid=0, mode=0140777, size=0)
Pass 1: Checking inodes, blocks, and sizes
Extended attribute block 4247 has reference count 3, should be 2. Fix<y>? no
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong (249189, counted=249188).
Fix<y>? no
Free inodes count wrong (65526, counted=65523).
Fix<y>? no
scsi-disk2.img: ***** FILE SYSTEM WAS MODIFIED *****
scsi-disk2.img: ********** WARNING: Filesystem still has errors **********
scsi-disk2.img: 10/65536 files (0.0% non-contiguous), 12955/262144 blocks
Above issue can reproduce as follows:
step1: socat UNIX-LISTEN:/home/test/mysocket.sock,mode=777,reuseaddr,fork EXEC:/home/test &
step2: setfacl some xattr for mysocket.sock
step3: cp -a /home/test/mysocket.sock /home/test/sock1
cp -a /home/test/mysocket.sock /home/test/sock2
step4: sync
step5: Power-off
step6: run e2fsck
As after commit 42475e281d22 add ext2fs_inode_has_valid_blocks() judgement in
release_inode_blocks() which means socket type file skip realse block include
ACL block. The kernel does not restrict the setting of extended attributes for
socket files. So this will lead to ACL block leak.
To solve above issue there's need to release ACL block for other kind of
special file.
Fixes: 42475e281d22 ("super.c (release_inode_blocks): Don't try to release the blocks if the orphaned inode is a device file, symlink, or some other kind of special file that doesn't have a block list.")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240418063946.2802835-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If sysconf(_SC_NPROCESSORS_CONF) returns zero, this can cause a divide
by zero. Make ext2fs_rw_bitmaps() more robust defaulting to 4 threads
if _SC_NPROCESSORS_CONF returns an invalid value.
https://github.com/tytso/e2fsprogs/issues/114
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fixes: 80abfebc673b ("e2image: add support for post-2038 dates...")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The pkg-config package has been obsoleted by pkgconf.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The size of msg_buffer is carefully calculated so it can never
overflow, but it triggers a Coverity warning. Use snprintf instead of
sprintf to silence the Coverity warning.
Addresses-Coverty-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The in-memory data structures used time_t for the grace period (which
is a delta timestamp denominated in seconds), as well as the soft
limit expiration time (which is an actual time_t). Use an explicit
__u32 for the former, and the __u64 for the latter.
This silences a Coverity warning, but more importantly, using an
explicit __u64 for the expiration time means that running e2fsck on a
platform with a 32-bit time_t, and it needs to read and then modify a
quota structure, we won't lose the high 32-bits of the quota
expiration time.
Addresses-Coverity-Bug: 1531824
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
v1.47.1-rc2
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If read of a block fails, we offer the user the opportunity to force a
rewrite to that sector to force the storage device to remap the LBA to
its spare block pool. Check that write so if it fails, we can let the
user know.
Addresses-Coverity-bug: 1432422
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When moving the inode table, if writing the (partially overlapping)
inode table fails, we need to write it back in its original location
before bailing out. If that write unding the initial write fails,
there's nothing we can do, so we ignore it. Mark this to avoid a
false positive from Coverity.
Fixes-Coverity-bug: 1432422
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Debian has a package called "systemctl" which provides a systemctl
executable to "manage services without systemd". So test for whether
we have a fully functional systemd system by checking for the
existence of /run/systemd/system instead testing for the presence of
the command named systemctl.
Addresses-Debian-Bug: #1070107
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The problem with explicitly setting _FILE_OFFSET_BITS is that
it's not necessarily a no-op on a 64-bit platform with a 64-bit off_t.
Apparently glibc's mips64el which end up using a different structure
definition for struct stat, and this causes a compatibility problem
with libarchive. It's not needed on mips64el, since off_t is 64-bits,
but it actually causes problems.
So remove it, since we now use the autoconf's AC_SYS_LARGEFILE, which
will set _FILE_OFFSET_BITS when it is necessary (such as on a 32-bit
i386 Linux platform), and will skip it when it is unnecessary.
Addresses-Debian-Bug: #1070042
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
[dgit --overwrite]
|
|
The upload of 1.47.1~rc-2 was defective, so we need to bump the
version number and try again....
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This speeds up package builds using "make -jN" and "make -jN check".
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The libarchive functionality in "mke2fs -d foo.tar" is breaking the
regression test[1]. Since this is working everywhere _except_
mips64el, as a short-term workaround disable libarchive support on
this platform until it can be fixed.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070042
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The e2scrub scripts rely on systemd, which isn't present on non-Linux
systems, so they aren't built. So we need to skip trying to run
dh_installsystemd since it will fail on the Hurd build since the
requisite files aren't being built.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Teach configure the --without-libarchive option, which forcibly
disables use of the libarchive library.
The option --with-libarchive=direct will disable the use of dlopen,
and will link mke2fs with -larchive directly. This doesn't work when
building mke2f.static, since -larchive has a large number of
depedencies, and even "pkgconf --libs --static libarchive" doesn't
provide all of the appropriate library dependencies. :-(
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fixes-Coverity-bug: 1596645
Fixes: d43fb24ca0db ("resize2fs: fix r_bigalloc_big_expand test failure")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
The metadata_csum_seed and orphan_file features were disabled before
Debian Bookworm was released, but now that it's released, we are now
re-enabling those features for Debian testing and the next version of
Debian stable (trixie).
Also, remove some spurious whitespace.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Manually count the number free clusters in the last block group since
it might not be a multiple of 8, and using ext2fs_bitcount() might not
work if bitmap isn't properly padding out.
In addition, when setting up the block bitmap for the resized file
system, resize2fs was setting up the "real end" of the bitmap in units
of blocks instead of clusters.
We didn't notice this problem earlier because of a test failure which
caused the test to be skipped.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
A broken OS check was causing a few tests that were supposed to be
skipped on MacOS, Hurd, and FreeBSD systems to be always skipped.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fixes: 54765493af7d ("libe2p: remove tabs from "Inode size" and "Journal device" in `tune2fs -l` output")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
* Re-enable metadata_csum_seed and orphan_file by default now that
Debian Bookworm is released
* New upstream version
* Add support for post-2038 timestamps on platforms with 64-bit time_t.
* Mke2fs -d can now support an input tar file if the libarchive library
is available.
* Install a udev rule to inihibit ext4 file systesm from being
automounted by udisks.
* Debugfs's 'hash' command has been enhanced to use the hash seed and
algorithm from a superblock if a file system is opened and to display
the hash seed and algorithm if the -v flag is given.
* Teach mke2fs with a new extended options, root_perms, which overrides
the permissions for the root directory for the new file system.
* Preserve any error indicator in the superblock when replaying the
journal so that a subsequent fsck can repair the file system afterwards.
* Fix potential mke2fs failures when creating a file system with an
orphan file when the storage device has a previous file system and
does not support discard/trim commands.
* E2fsck will clear the orphan_present feature silently in preen mode.
* Fix potential checksum failures when performing an online resize when
the mounted file system is actively modifying the superblock.
* Fix a bug where a checksum failure in an htree directory can cause
e2fsck's preen mode to abort unnecessarily.
* Fix e2fsck's handling of an invalid symlink in an inline_data
directory.
* Fix e4crypt from issuing a spurious "success" error message when
trying to set a policy on a non-directory.
* Fix a potential infinite loop in debugfs's logdump command in some
edge cases.
* Fix e2fsck to correctly update quota usage after optimizing
directories or deleting corrupted inodes.
* Fix fuse2fs so that directories are created with the correct
permissions instead of having the other and group write permissions
masked off.
* Fix a potential e2fsck divide by zero crash caused by a maliciously
fuzzed file system.
* Fix dumpe2fs to report free block ranges correctly for bigalloc file
file systems.
* Fix resize2fs where resizing a bigalloc file system can result in the
free cluster count in the last block group and the total free clusters
count to be incorrect.
* Avoid spurious e2scrub failures caused by trying to scrub file
syustems that do not have the journal enabled, and by aborting scrub
runs while upgrading the e2fsprogs package
* Teach tune2fs to detect a file system which is mounted but is not
mentioned in the mount namespace where tune2fs is run by treating a
block device which is busy as if it is mounted.
* If tune2fs can't find the mountpoint for a file system which is
apparently mounted (perhaps because it's not present in the current
mount namespace) when attempting to set the label or UUID in the
superblock, fall back to the old method of modifying block device and
silence printing any error messages.
* If both the primary superblock and first block group's backup
superblock are corrupted, e2fsck will now try additional backup
superblocks if they are available.
* Avoid mke2fs from creating an invalid file system with an insufficient
number of inodes when creating a file system which is very small
(100k), a block size of 1k, and an inode size of 256 bytes.
* Fix a potential deadlock caused by e2fsck being run in Direct I/O mode
with the threading optimization enabled.
* Update and clarify various man pages. (Closes: #1038286)
* Add support for SOURCE_DATE_EPOCH environment variable
* Improve resize2fs's performance by eliminating extra cache flushes.
* Improve mke2fs's performance when zeroing a large number of inode
table blocks (when lazy inode table initialization is not enabled) by
batching calls to ext2fs_zero_blocks.
* Use a safe_getenv function for all calls to fetch the environment
variable in libext2fs.
* Upgrade fuse2fs to use fuse v3.
* Build the binaries using FORTIFY_SOURCE=3 for better hardening
* Add Romainian translation.
* Update Malay translation.
[dgit import unpatched e2fsprogs 1.47.1~rc1-1]
|
|
[dgit import orig e2fsprogs_1.47.1~rc1.orig.tar.gz]
|
|
[dgit import tarball e2fsprogs 1.47.1~rc1-1 e2fsprogs_1.47.1~rc1-1.debian.tar.xz]
|
|
Addresses-Debian-Bug: #1038286
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We explicitly decided not to reserve space for a 64-bit dtime, since
it's never displayed or exposed to userspace. The dtime field is used
a linked list for the ophan list, and for forensic purposes when
trying to determine when an inode was deleted. So right after the
2038 epoch, a deleted inode might end up with a dtime which is zero or
smaller than the number of inodes, which will result in e2fsck
reporting a potential problems. So when we set the dtime, make sure
that the dtime won't be mistaken for an inode number.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This issue was flagged by Coverity, although its analysis was
incorrect. This isn't actually a memory overrun / security issue, but
rather a functional correctness issue since POSIX allows reads and
writes to be partially completed, and in those cases qcow2_copy_data()
could result in a corrutped qcow2 file.
Addresses-Coverity-Bug: 1531830
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
FORTIFY_SOURCE=3 provides much more robust checks for buffer overruns
and other memory bugs[1]. It requires gcc 12 and glibc 2.34 which
should be available on most modern distributions (which are the ones
that use --enable-hardening).
[1] https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This reduces noise from a static analyzer.
https://github.com/tytso/e2fsprogs/issues/160
Signed-off-by: Theodore Ts'o <tytso@mit.
|
|
Fixes: eefbea0da810 ("libext2fs: use a safe_getenv() function everywhere")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fixes: 54765493af7d ("libe2p: remove tabs from "Inode size" and "Journal device" in `tune2fs -l` output")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
https://github.com/steffen-kiess/e2fsprogs into next
|
|
https://github.com/richardfearn/e2fsprogs into next
|
|
|
|
When copying files to the newly created file system using "mke2fs -d",
and there are timestamps greater than what is specified by
SOURCE_DATE_EPOCH, clamp the timestamp to the SOURCE_DATE_EPOCH
timestamp.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add SOURCE_DATE_EPOCH support as documented in [1].
[1] https://reproducible-builds.org/specs/source-date-epoch
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Hoist safe_getenv() from test_io.c and unix_io.c to a globally
exported ext2fs_safe_getenv() and use it instead of getenv() in
libext2fs. This provides a bit more safety if e2fsprogs programs are
used in setuid contexts.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fixes: a12302fa683e ("e2fsck: make sure get_backup_sb() works ...")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This changes were missed in commit ca8bc9240a00 ("Add post-2038
timestamp support to e2fsprogs").
Addresses-Coverity-Bug: 1531832
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Commit ca8bc9240a00 ("Add post-2038 timestamp support...") did things
like casting a 64-bit unsigned integer into a signed 32-bit integer
deliberately; but Coverity thinks this is a bug. So mask off the bits
to make it clear this was deliberate.
Addresses-Coverity-Bug: 1596519
Addresses-Coverity-Bug: 1596515
Addresses-Coverity-Bug: 1596514
Addresses-Coverity-Bug: 1596513
Addresses-Coverity-Bug: 1596511
Addresses-Coverity-Bug: 1596509
Addresses-Coverity-Bug: 1596508
Addresses-Coverity-Bug: 1596504
Addresses-Coverity-Bug: 1596502
Addresses-Coverity-Bug: 1596501
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The print_e2fsck_message() function can call get_backup_sb() with the
ctx variable set to NULL. In that case, we can't dereference
ctx->filesystem_name; instead, we can get the size of the file system
from the ext2fs_block_count(fs->super).
Addresses-Coverity-Bug: 1596517
Addresses-Coverity-Bug: 1596505
Fixes: b53ce7848c2e ("e2fsck: don't try backup superblocks beyond...")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Clang 17's Undefined Behaviour Sanitizer will throw run-time warnings
if a function pointer is dereferenced with a different function
signature than one in the pointer --- even if the difference is a
missing const qualifier. To fix regression test failures, change
declarations of argv to use ss_argv_t instead of an inconsistently
open-coded type.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Also add Debian dependencies for libarchive-dev and change the
dependency from libfuse-dev to libfuse3-dev.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Adjust for the fact that Linux uses libarchive.so.13, while freeBSD
uses libarchive.so.7.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The mkgnutar.pl file only works if the developer had a specific
username and uid. In addition, if it is used, the round-trip from tar
to an ext4 file system and back to tar isn't properly tested. So only
use mkgnutar.pl if the system doesn't have GNU TAR.
In addition, make sure all of the temp files created by the test are
deleted when the test is completed.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
FreeBSD 14 has changed the definition of qsort_r to align it with the
POSIX, but it did this with a #define. So when sort_r.h tries to
provide a function prototype, surround the function name with
parenthesis so it doesn't get expanded by FreeBSD's #define.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
|
|
Debugfs's stat command called ext2fs_inode_xtime_get() with a struct
inode * instead of a struct large_inode *. As a result, printing
inode timestamps will be incorrect if the time value is larger than
2**32.
Fixes: ca8bc9240a00 ("Add post-2038 timestamp support to e2fsprogs")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Since a23b50cd ("mke2fs: warn about missing y2038 support when
formatting fresh ext4 fs"), the default inode size is 256 bytes
for all filesystems, including small and floppy, except for the
Hurd since it currently only supports 128-byte inodes.
Signed-off-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/E1rx4t4-00073d-1e@zenith
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
How timestamps are encoded in inodes and superblocks are different.
Unfortunately, commit ca8bc9240a00 which added post-2038 timestamps
was (a) overwriting adjacent superblock fields and/or attempting
unaligned writes to a 8-bit field from a 32-bit pointer, and (b) using
the incorrect encoding for timestamps stored in inodes. Fix both of
these issues, which were found thanks to UBSAN.
Fixes: ca8bc9240a00 ("Add post-2038 timestamp support to e2fsprogs")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If archive.h is available during compilation, enable mke2fs to read a
tarball as input. Since libarchive.so.13 is opened with dlopen,
libarchive is not a hard library dependency of the resulting binary.
In comparison with feeding a directory tree to mke2fs via -d this has
the following advantages:
- no superuser privileges, nor fakeroot, nor unshared user namespaces
are needed to create filesystems with arbitrary ownership information
and special files like device nodes which otherwise require being root
- by reading a tarball from standard input, no temporary files need to
be written out first as mke2fs can be used as part of a shell pipeline
which reduces disk usage and makes the conversion independent of the
underlying file system
A round-trip from tarball to ext4 to tarball yields bit-by-bit identical
results
Signed-off-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
Also upgrade to v4 of the upload-artifact and checkout actions.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Commit ca8bc9240a00 ("Add post-2038 timestamp support to e2fsprogs")
was never built or tested on a 32-bit. It introduced some build
problems when time_t is a 32-bit integer, and it exposed some test
bugs. Fix them.
Fixes: ca8bc9240a00 ("Add post-2038 timestamp support to e2fsprogs")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Commit f7ef5f3e356d ("e2fsck: check all sparse_super backups") tries
to limit the number of block groups to search for backup superblocks
based on ctx->num_blocks. Unfortunately, get_backup_sb() gets called
before ctx->num_blocks is set, so we try all block groups up to 2**32
- 1. Not only does this waste time trying to read from blocks that
don't exist, it triggers the UBSAN checker when multiplying a very
large number by the block size.
Fix this by using ext2fs_get_Device_size(), and if that isn't
available, arbitrarily cap things so that we search block groups up to
128.
Fixes: f7ef5f3e356d ("e2fsck: check all sparse_super backups")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
```
lib/ext2fs/hashmap.c:37:36: warning: allocation of insufficient size ‘1’ for type ‘struct ext2fs_hashmap’ with size ‘20’ [-Walloc-size]
```
The calloc prototype is:
```
void *calloc(size_t nmemb, size_t size);
```
So, just swap the number of members and size arguments to match the prototype, as
we're initialising 1 struct of size `sizeof(...)`. GCC then sees we're not
doing anything wrong.
Signed-off-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/r/20231107233122.2013191-1-sam@gentoo.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Before:
# e4crypt set_policy 0000000000000000 /dev/null
/dev/null is not a directory
/dev/null: Success
After:
# e4crypt set_policy 0000000000000000 /dev/null
/dev/null: Not a directory
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Link: https://lore.kernel.org/r/20231227080805.6801-1-jwilk@jwilk.net
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
There are 2 scenarios which would trigger infinite loop:
1. None log is recorded, then dumplog with "-n", for example:
debugfs -R "logdump -O -n 10" /dev/xxx
while /dev/xxx has no valid log recorded.
2. The log area is full and cycle write is triggered, then dumplog with
debugfs -R "logdump -aOS" /dev/xxx
This patch add a new flag "wrapped_flag" to mark if logdump has
reached to tail of logarea set in macro WRAP().
If wrapped_flag is true, and we comes to first_transaction_blocknr
again, just break the logdump loop.
[ Renamed reverse_flag to wrapped_flag to make it clearer what it is. -- TYT ]
Signed-off-by: Wenchao Hao <haowenchao2@huawei.com>
Link: https://lore.kernel.org/r/20231117102315.2431846-1-haowenchao2@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
resize2fs block_mover() flushes data after each extent and, curiously,
only if progress indicator is enabled, every inode_blocks_per_group
blocks.
This significantly affects performance, e.g. on a tested large
filesystem on top of MD-RAID6+LVM+dm-crypt these flush calls reduce the
operation rate from approx. 500MB/s to 5MB/s, causing extremely long
shrinking times for large size deltas (70TB in my case).
Since this step performs just plain data copying and does not e.g. save
any progress/checkpoint information or similar metadata, it seems like
this flushing is of very limited usefulness, especially when considering
the (in some cases) 100x performance impact.
Remove the mid-operation flushes and only flush after all blocks have
been moved.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Link: https://lore.kernel.org/r/20231107094920.4056281-1-anssi.hannula@iki.fi
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
This new test validates e2fsck by verifying that quota is updated after a bad
inode is deallocated. It mimics fstest ext4/019 by including a filesystem image
where a symbolic link was created to an existing file, using a long symlink
name. This symbolic link was then wiped with:
# debugfs -w -R 'zap -f /testlink 0' f_testnew/image
Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20240405142405.12312-5-luis.henriques@linux.dev
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This new test validates e2fsck by verifying that quota data is updated after a
directory optimization is performed. This issue was initially found by fstest
ext4/014, and this test was based on it. It includes a filesystem image where
the lost+found directory is unlinked after a new link to it is created:
# debugfs -w -R "ln lost+found foo" f_testnew/image
# debugfs -w -R "unlink lost+found" f_testnew/image
Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev>
Link: https://lore.kernel.org/r/20240405142405.12312-4-luis.henriques@linux.dev
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If a bad inode is found it will be deallocated. However, if the filesystem has
quota enabled, the quota information isn't being updated accordingly. This
issue was detected by running fstest ext4/019.
This patch fixes the issue by decreasing the inode count from the
quota and, if blocks are also being released, also subtract them as well.
While there, and as suggested by Andreas Dilger, the deallocate_inode()
function documentation is also updated by this patch to make it clear what
that function really does.
Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev>
Link: https://lore.kernel.org/r/20240405142405.12312-3-luis.henriques@linux.dev
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In "Pass 3A: Optimizing directories", a directory may have it's size reduced.
If that happens and quota is enabled in the filesystem, the quota information
will be incorrect because it doesn't take the rehash into account. This issue
was detected by running fstest ext4/014.
This patch simply updates the quota data accordingly, after the directory is
written and it's size has been updated.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218626
Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20240405142405.12312-2-luis.henriques@linux.dev
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
According to the mke2fs man page, the supported cluster-size values
for an ext4 filesystem are 2048 to 256M bytes. However, this is not
the case.
When mkfs is run to create a filesystem with following specifications:
* 1k blocksize and cluster-size greater than 32M
* 2k blocksize and cluster-size greater than 64M
* 4k blocksize and cluster-size greater than 128M
mkfs fails with "Invalid argument passed to ext2 library while trying
to create journal" error. In general, when the cluster-size to blocksize
ratio is greater than 32k, mkfs fails with this error.
Went through the code and found out that the function
`ext2fs_new_range()` is the source of this error. This is because when
the cluster-size to blocksize ratio exceeds 32k, the length argument
to the function `ext2fs_new_range()` results in 0. Hence, the error.
This patch corrects the valid cluster-size values.
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20240403043037.3992724-1-srivathsa.d.dara@oracle.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
On 32-bit musl systems, off_t is always 8 bytes regardless of
_FILE_OFFSET_BITS. The previous code did not cover this case.
The previous #ifdef logic was rather confusing, so I reworked it into a
more understandable form.
Bug: https://bugs.gentoo.org/908892
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Closes: https://github.com/tytso/e2fsprogs/pull/150
Signed-off-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/r/20231107233323.2013334-2-sam@gentoo.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
Link: https://lore.kernel.org/r/20231107233323.2013334-1-sam@gentoo.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This patch prepares the expansion of GDT blocks beyond a
single group, by make mke2fs to not set BLOCK_UNINIT on
groups with GDT blocks, block/inode bitmaps, or inode table
blocks allocated.
Otherwise, we still rely on kernel side to initialize the
block bitmap if the groups has BLOCK_UNINIT set, and the
kernel doesn't know a group could have GDT blocks allocated,
so it would make an bad block bitmap.
As a result, expect output of several tests needs to be changed,
especially if the test uses dumpe2fs to print the group summary.
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230925060801.1397581-2-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This patch is part of the preparation required to allow
GDT blocks expand beyond a single group,
it introduces 2 new interfaces:
- ext2fs_count_used_blocks(), to return the blocks used
in the bitmap range.
- ext2fs_reserve_super_and_bgd2() to return blocks used by
superblock/GDT blocks for every group, by looking up blocks used.
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230925060801.1397581-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Teach e2fsck to look for backup super blocks in the "sparse_super"
groups, by checking group #1 first and then powers of 3^n, 5^n,
and 7^n, up to the limit of available block groups.
Export ext2fs_list_backups() function to efficiently iterate groups
for backup sb/GDT instead of checking every group. Ensure that the
group counters do not try to overflow the 2^32-1 group limit, and
try to limit scanning to the size of the block device (if available).
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Link: https://lore.kernel.org/r/20230904045742.827584-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
For flex_bg enabled fs, we could merge the
inode table blocks into a contiguous range,
this improves mke2fs time on large devices
when lazy_itable_init is disabled.
On a 977TB device, unpatched mke2fs was running
for 449m10s before getting terminated manually.
strace shows huge number of fallocate, given the
offset from fallocate it has done 41% of the inode
tables, the estimated time needed would be 1082m.
unpatched patched
real 449m10.954s 4m20.531s
user 0m18.217s 0m16.147s
sys 0m20.311s 0m8.944s
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Link: https://lore.kernel.org/r/20230904045806.827621-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Commit 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size
is too large") added a check for an insanely large s_desc_size to
prevent some failures triggered by fuzz testing. However, it would
allow e2fsck to fall back to recover the file system by using the
backup superblocks by having e2fsck pass the flag
EXT2_FLAG_IGNORE_SB_ERRORS. But by allowing an s_desc_Size of zero,
it's possible that e2fsck will die with a division of zero error.
With this fix, e2fsck will now print an error message and exit
instead.
https://github.com/tytso/e2fsprogs/issues/183
Fixes: 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size is too large")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The ext4 kernel code implemented support for s_mtime_hi,
s_wtime_hi, and related timestamp fields to avoid timestamp
overflow in 2038, but similar handling is not in e2fsprogs.
Add helper macros for the superblock _hi timestamp fields
ext2fs_super_tstamp_get() and ext2fs_super_tstamp_set().
Add helper macro for inode _extra timestamp fields
ext2fs_inode_xtime_get() and ext2fs_inode_xtime_set().
Add helper macro ext2fs_actual_inode_size() to avoid open
coding the i_extra_isize check in multiple places.
Remove inode_time_to_string() since this is unused once callers
change to time_to_string(ext2fs_inode_xtime_get()) directly.
Fix inode_includes() macro to properly wrap "inode" parameter,
and rename to ext2fs_inode_includes() to avoid potential name
clashes. Use this to check inode field inclusion in debugfs
instead of bare constants for inode field offsets.
Use these interfaces to access timestamps in debugfs, e2fsck,
libext2fs, fuse2fs, tune2fs, and e2undo.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230927054016.16645-1-adilger@dilger.ca
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Creating a file system on Windows without a pre-existing file stopped
working because the Windows version of ext2fs_get_device_size2() doesn't
return ENOENT if the file doesn't exist. Fix this.
Fixes: 53464654bd33 ("mke2fs: fix creating a file system image w/o a pre-existing file")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230301034518.373859-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The Lintian tag package-supports-alternative-init-but-no-init.d-script
has been removed, as it's obsolete.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Brian J. Murrell reported that e2scrub reports failures with one of his
filesystems. From the email discussion after he supplied a metadump:
AHA! This is an ext2 filesystem, since it doesn't have the
"has_journal" or "extents" features turned on:
# e2image -r /tmp/disk.qcow2 /dev/sda
# dumpe2fs /dev/sda -h
dumpe2fs 1.47.1~WIP-2023-12-27 (27-Dec-2023)
Filesystem volume name: <none>
Last mounted on: /opt
Filesystem UUID: 2c70368a-0d54-4805-8620-fda19466d819
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: ext_attr resize_inode dir_index filetype sparse_super large_file
Filesystem flags: signed_directory_hash
Default mount options: user_xattr acl
Filesystem state: not clean with errors
(Note: Filesystem state == "clean" means that EXT2_VALID_FS is set in
the superblock s_state field; "not clean with errors" means that the
flag is not set.)
I bet the "journal only" preen doesn't actually reset the filesystem
state either:
# e2fsck -E journal_only -p /dev/sda
# dumpe2fs /dev/sda -h | grep state
dumpe2fs 1.47.1~WIP-2023-12-27 (27-Dec-2023)
Filesystem state: not clean with errors
Nope.
So now I know what happened -- when mounting an ext* filesystem that
doesn't have a journal, the driver clears EXT2_VALID_FS from the primary
superblock. This forces the system to run e2fsck after a crash, because
that's what you have to do for unjournalled filesystems.
The "e2fsck -E journal_only -p" call in e2scrub only replays the
journal. Since there is no journal, it exits almost immediately.
That's the intended behavior, but then it means that the "e2fsck -fy"
call immediately after sees that the superblock doesn't have
EXT2_VALID_FS set, sets it, and makes e2fsck return 1.
So that's why you're getting the e2scrub failures.
Contrast this to what you get when the filesystem has a journal:
# dumpe2fs -h /dev/sdb
dumpe2fs 1.47.0 (5-Feb-2023)
Filesystem volume name: <none>
Last mounted on: <not available>
Filesystem UUID: e18b8b57-a75e-4316-87ce-6a08969476c3
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file
Filesystem flags: signed_directory_hash
Default mount options: user_xattr acl
Filesystem state: clean
Filesystems with journals retain their EXT4_VALID_FS state when they're
mounted.
Hmm. What e2scrub should do about unjournalled filesystems is a thorny
question. My initial thought is that it should skip them, because a
mounted unjournalled filesystem cannot by definition be kept consistent.
Therefore, teach e2scrub_all to avoid them and e2scrub to fail them at
the onset.
Restricting the scope of e2scrub sucks, but in the meantime at least it
means that your filesystem isn't massively corrupt. Thanks for the
metadump, it was very useful for root cause analysis.
Reported-by: "Brian J. Murrell" <brian@interlinx.bc.ca>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20240110055809.GD722946@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When installing or upgrading the e2fsprogs package, only start the
e2scrub_all timer and the reaping service. Don't restart e2scrub_all
itself, because that will kill any scrubs in progress, which will
trigger the failure reporting.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Link: https://lore.kernel.org/r/20240110055724.GC722946@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Per FHS 3.0, non-PATH executable binaries are supposed to live under
/usr/libexec, not /usr/lib. e2scrub_fail is an executable script, so
move it to libexec in case some distro some day tries to mount /usr/lib
as noexec or something. Also, there's no reason why these scripts need
to be put under an arch-dependent path.
Cc: Neal Gompa <neal@gompa.dev>
Link: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Link: https://lore.kernel.org/r/20231231203903.GC36164@frogsfrogsfrogs
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
https://git.kernel.org/pub/scm/linux/kernel/git/djwong/e2fsprogs into next
|
|
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
For changing inode size (-I) and setting quota fearture (-Q), tune2fs
only check whether the filesystem is umounted. Considering mount
namepspaces, the filesystem is umounted, however it already be left
in other mount namespace.
So we add one check whether the filesystem is not in use with using
EXT2_MF_BUSY flag, which can indicate the device is already opened
with O_EXCL, as suggested by Ted.
Reported-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Link: https://lore.kernel.org/r/28455341-ca26-d203-8b54-792bae002251@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When creating a small fs with 100 1k blocks, mke2fs fails with:
Creating filesystem with 100 1k blocks and 8 inodes
Allocating group tables: done
Writing inode tables: done
ext2fs_mkdir: Could not allocate inode in ext2 filesystem while creating /lost+found
Increase s_inodes_per_group with a step of 8 to make
sure we have at least EXT2_FIRST_INO + 1 inodes.
Change-Id: Ib885735641dfa0ed9c6f6a4a1f9afec291673126
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230720125012.641504-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In function ext2fs_image_super_read(), the size of block group
descriptors should be (fs->blocksize * fs->desc_blocks), but not
(fs->blocksize * fs->group_desc_count).
Signed-off-by: Emoly Liu <emoly@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230714005958.442487-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If we are using the hash seed and hash version from an open file
systenm, then we should also use the unsigned version of the hash
algorithm if the superblock as the unsigned hash flag set.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add an option for dx_hash to print more details about the hash
algorithm and hash seed to calculate the directory hash value.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
The unending stream of syzbot bug reports and overwrought filing of CVEs
for corner case handling (i.e. things that distract from actual user
complaints) in ext4 has generated all sorts of of overheated rhetoric
about how every bug is a Serious Security Issue(tm) because anyone can
craft a malicious filesystem on a USB stick, insert the stick into a
victim machine, and mount will trigger a bug in the kernel driver that
leads to some compromise or DoS or something.
I thought that nobody would be foolish enough to automount an ext4
filesystem. What a fool I was! It turns out that udisks can be told
that it's okay to automount things, and then GNOME will do exactly that.
Including mounting mangled ext4 filesystems!
<delete angry rant about poor decisionmaking and armchair fs developers
blasting us on X while not actually doing any of the work>
Turn off /this/ idiocy by adding a udev rule to tell udisks not to
automount ext4 filesystems.
This will not stop a logged in user from unwittingly inserting a
malicious storage device and pressing [mount] and getting breached.
This is not a substitute for a thorough audit of all codebases. This is
not a substitute for lklfuse. This does not solve the general problem
of in-kernel fs drivers being a huge attack surface. I just want a
vacation from the sh*tstorm of bad ideas and threat models that I never
agreed to support.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
|
|
systemd services provide an "instance name" that can be associated with
a particular invocation of a service. This allows service users to
invoke multiple copies of a service, each with a unique string. For
e2scrub, we pass the mountpoint of the filesystem as the instance name.
However, systemd services aren't supposed to have slashes in them, so
we're supposed to escape them.
The canonical escaping scheme for pathnames is defined by the
systemd-escape --path command. Unfortunately, we've been adding our own
opinionated sauce for years, to work around the fact that --path didn't
quite work right in systemd before January 2017. The special sauce is
incorrect, and we no longer care about systemd of 7 years past.
Clean up this mess by following the systemd escaping scheme throughout
the service units. Now we can use the '%f' specifier in them, which
makes things a lot less complicated.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
|
|
|
|
The debugfs program's dx_hash command computes the hash for the given
filename, taking the hash_seed and hash_version (i.e hash algorithm)
as arguments. So the user has to refer to the superblock to get these
values used by the filesystem. So if debugfs has an opened file
system, use those values from the current file system.
[ Fixed patch to avoid crashing when a file system is not opened. --TYT ]
Signed-off-by: Srivathsa Dara <srivathsa.d.dara@oracle.com>
Link: https://lore.kernel.org/r/20230824065634.2662858-1-srivathsa.d.dara@oracle.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If we fail to get/open the mount point for get/set
fs label ioctl, just fall back to old method and
silence the error messages.
Fixes: f85b4526f ("tune2fs: implement support for set/get label iocts")
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Link: https://lore.kernel.org/r/20230520104329.2402182-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Call safe_getenv(UNIX_IO_NOZEROOUT) once when the device is
opened and set CHANNEL_FLAG_NOZEROOUT if present instead of
getting uid/euid/getenv every time unix_zeroout() is called.
For unix_discard() and unix_zeroout() don't continue to call
them if the block device doesn't support these operations.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/1683695929-26972-1-git-send-email-adilger@dilger.ca
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Saving error information during journal replay, as in the kernel,
prevents information loss from making problems difficult to locate.
We save these error information until someone uses e2fsck to check
for and fix possible errors.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: zhanchengbin <zhanchengbin1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230217100922.588961-3-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When repairing a file system with s_errno missing from the journal
superblock but the file system superblock contains the ERROR_FS flag,
the ERROR_FS flag on the file system image is overwritten after the
journal replay, followed by a reload of the file system data from disk
and the ERROR_FS flag in memory is overwritten. Also s_errno is not set
and the ERROR_FS flag is not reset. Therefore, when checked later, no
forced check is performed, which makes it possible to have some errors
hidden in the disk image, which may make it read-only when using the
file system. So we save the ERROR_FS flag to the superblock after the
journal replay, instead of just relying on the jsb->s_errno to do this.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: zhanchengbin <zhanchengbin1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230217100922.588961-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Update configure.ac to separate Version from Release if there is
a '-' in version.h::E2FSPROGS_VERSION (e.g. "1.46.6-rc1").
Otherwise, the '-' in the version can make RPM building unhappy.
Simplify the generation of E2FSPROGS_VERESION, E2FSPROGS_DATE and
E2FSPROGS_DAY to avoid multiple grep/awk/sed/tr stages.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/1683694677-9366-1-git-send-email-adilger@dilger.ca
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This options allows user to specify custom root dir
permissions at FS creation time. If no perms are specified
then the root dir permissions would be set to default.
Signed-off-by: Dmitriy Chestnykh <dm.chestnykh@gmail.com>
|
|
At the moment, op_mkdir() ORs the requested mode with fs->umask, which
results in the group/other write permission bits always being cleared
regardless of what the creating process requested. Instead, leave the
requested mode alone so that the resulting directory has the permssions
the creator expects.
Signed-off-by: Steven Luo <steven@steven676.net>
|
|
This is needed to compile on GNU/Hurd.
Addresses-Debian-Bug: #1056145
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
output
Fixes #165
Signed-off-by: Richard Fearn <richardfearn@gmail.com>
|
|
In ext2fs_create_orphan_file(), don't try truncating inode for the
orphan file if ext2fs_create_orphan_file() allocated the inode. This
avoids problems where the newly allocated inode in the inode table
might contain garbage; if the metadata checksum feature is enabled,
this will generally result in the function failing with a checksum
invalid error, but this can cause mke2fs (which calls
ext2fs_create_orphan_file) to fail.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
dumpe2fs has never been modified to correctly report block ranges
corresponding to free clusters in block allocation bitmaps from bigalloc
file systems. Rather than reporting block ranges covering all the
blocks in free clusters found in a block bitmap, it either reports just
the first block number in a cluster for a single free cluster, or a
range beginning with the first block number in the first cluster in a
series of free clusters, and ending with the first block number in the
last cluster in that series.
This behavior causes xfstest shared/298 to fail when run on a bigalloc
file system with a 1k block size. The test uses dumpe2fs to collect
a list of the blocks freed when files are deleted from a file system.
When the test deletes a file containing blocks located after the first
block in the last cluster in a series of clusters, dumpe2fs does not
report those blocks as free per the test's expectations.
Modify dumpe2fs to report full block ranges for free clusters. At the
same time, fix a small bug causing unnecessary !in_use() retests while
iterating over a block bitmap.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20230721185506.1020225-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When the package-specific copyright information was removed, it
resulted in some information being lost. It probably makes sence to
have all of the licensing information in a single file, so add it back
to the debian/copyright file.
Fixes: 76f2e8d11582 ("debian: remove package-specific copyright notices")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
dumpe2fs has never been modified to correctly report block ranges
corresponding to free clusters in block allocation bitmaps from bigalloc
file systems. Rather than reporting block ranges covering all the
blocks in free clusters found in a block bitmap, it either reports just
the first block number in a cluster for a single free cluster, or a
range beginning with the first block number in the first cluster in a
series of free clusters, and ending with the first block number in the
last cluster in that series.
This behavior causes xfstest shared/298 to fail when run on a bigalloc
file system with a 1k block size. The test uses dumpe2fs to collect
a list of the blocks freed when files are deleted from a file system.
When the test deletes a file containing blocks located after the first
block in the last cluster in a series of clusters, dumpe2fs does not
report those blocks as free per the test's expectations.
Modify dumpe2fs to report full block ranges for free clusters. At the
same time, fix a small bug causing unnecessary !in_use() retests while
iterating over a block bitmap.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20230721185506.1020225-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When the package-specific copyright information was removed, it
resulted in some information being lost. It probably makes sence to
have all of the licensing information in a single file, so add it back
to the debian/copyright file.
Fixes: 76f2e8d11582 ("debian: remove package-specific copyright notices")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Update the changelog and debian/patches to reflect the cherry pick of
"e2fsck: fix handling of a invalid symlink in an inline_data
directory"
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If there is an inline directory that contains a directory entry to an
invalid symlink, and that invalid symlink is the portion of the inline
directory stored in an xattr portion of the inode, this can result in
a buffer overrun.
When check_dir_block() is handling the in-xattr portion of the inline
directory, it sets the buf pointer to the beginning of that part of
the inline directory. This results in the scratch buffer passed to
e2fsck_process_bad_inode() to incorrect, resulting in a buffer overrun
if e2fsck_pass1_check_symlink() needs to read the symlink target (when
the symlink is too long to fit in the i_blocks[] space).
This commit fixes this by using the original cd->buf instead of buf,
since it can get modified when handling inline directories.
Fixes: 0ac4b3973f31 ("e2fsck: inspect inline dir data as two directory blocks")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
If the file system is mounted, the superblock can be changing while
resize2fs is trying to read the superblock, resulting in checksum
failures. One way of avoiding this problem is read the superblock
using Direct I/O, since the kernel makes sure that what gets written
to disk is self-consistent.
Suggested-by: Krister Johansen <kjlx@templeofstupid.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a test for the commit "e2fsck: fix handling of a invalid symlink
in an inline_data directory"
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If there is an inline directory that contains a directory entry to an
invalid symlink, and that invalid symlink is the portion of the inline
directory stored in an xattr portion of the inode, this can result in
a buffer overrun.
When check_dir_block() is handling the in-xattr portion of the inline
directory, it sets the buf pointer to the beginning of that part of
the inline directory. This results in the scratch buffer passed to
e2fsck_process_bad_inode() to incorrect, resulting in a buffer overrun
if e2fsck_pass1_check_symlink() needs to read the symlink target (when
the symlink is too long to fit in the i_blocks[] space).
This commit fixes this by using the original cd->buf instead of buf,
since it can get modified when handling inline directories.
Fixes: 0ac4b3973f31 ("e2fsck: inspect inline dir data as two directory blocks")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
|
Commit 2d2d799c7261 ("Clean up codes for adding new quota type")
changed the second paramter of quota_write_inode() from taking a
single quota type to taking a logical OR of (1 << quota_types).
The one thing this commit didn't change was the function prototype for
quota_write_inode() in the header file from an enum to an unsigned
int. Most C compilers don't seem to mind, and omission is mostly
harmless. However, mingw64 does issue a warning which gets promoted
to an error.
Fixes: 2d2d799c7261 ("Clean up codes for adding new quota type")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The e2fsck report, "Feature orphan_present is set but orphan file is
clean" is intended to request permission before removing the r/o
compat feature, orphan_present. However, it is normal if the orphan
file is empty, and removing the r/o compat feature is a good thing so
that the file system can be mounted on older kernels.
When a file system with an orphan_file feature is mounted, the
orphan_present feature is set, and it is cleared when the file system
is cleanly unmounted. IF the sytstem crashes when there are no inodes
in the orphan file, e2fsck should just silently clear the flag in
preen mode.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Update the debian/patches directory now that we've reverted
the patch disable-metadata_csum_seed-and-orphan_file-by-default.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This reverts commit 1181f164c48574a4813bfa203dbd7b4123154021.
|
|
Add jobs that cross-compile e2fsprogs for Android using the Android NDK.
These use the autotools-based build system, so they're a bit different
from the actual Android builds, but they should still be useful.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Work around an issue with the Android NDK where its copy of
linux/fsmap.h is missing the inline functions fsmap_sizeof() and
fsmap_advance(). This was causing an error when building e2fsprogs
using the Android NDK, using the autotools-based build system.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix two compiler warnings on 32-bit platforms that have mallinfo() but
not mallinfo2(). These showed up when building e2fsprogs for armv7a or
i686 Android using the Android NDK, targeting Android API level 32 or
lower and using the autotools-based build system.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The e2fsck report, "Feature orphan_present is set but orphan file is
clean" is intended to request permission before removing the r/o
compat feature, orphan_present. However, it is normal if the orphan
file is empty, and removing the r/o compat feature is a good thing so
that the file system can be mounted on older kernels.
When a file system with an orphan_file feature is mounted, the
orphan_present feature is set, and it is cleared when the file system
is cleanly unmounted. IF the sytstem crashes when there are no inodes
in the orphan file, e2fsck should just silently clear the flag in
preen mode.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
SetFilePointer requires the upper 32 bit of the position to be passed
separately, which the code did not do, causing the position to be
interpreted as a 32-bit value. Use SetFilePointerEx instead and pass the
entire 64-bit value.
Signed-off-by: Steffen Kieß <kiess@ki4.de>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a test for commit bbe08adac044 ("e2fsck: fix bad htree checksums
in preen mode").
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
No functional changes; just move things around so we can avoid
indenting the code quite so much.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We attempt to fix directories which have a bad/corrupted htree index
node by completely rebuilding the directory htree nodes. Since this
is a very safe thing to do and has no risk of losing directory
entries, we've enabled this for preen mode. Unfortunately, subsequent
index nodes look like empty directory entries that fill the entire
block --- without a checksum at the end of the directory. So these
nodes will be treated as a completely corrupted directory block, and
this will *not* be fixed while in preen mode.
So add code to treat an empty directory entry which covers the entire
block as valid if the directory is already on the list of inodes to be
rebuilt.
Addresses-Gooogle-Bug: 178607853
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Store the config.h file for each platform as a workflow artifact, so
that it will be possible to download them and compare them to
util/android_config.h.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The check for the various unsupported OSes incorrectly checked if
the string "FreeBSD" was true, which it always was. Fix this.
Update the expect file as commit v1.46.4-17-g4ea80d031c7e did to
adjust the total number of blocks requested during resize.
Change-Id: I272dbec67ab30bac6413eb4cba0e3ab00183b893
Fixes: 5a3ea3905f ("tests: force test file systems to be built for Linux OS")
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Older losetup does not have --sector-size, but this isn't really
needed for the test to work. Instead specify the filesystem block
size directly to mke2fs, so that it works on all distros instead
of being skipped.
Change-Id: I5a0c82a9efdefd1b48f4d4288998c7725c9ae71e
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
There are a lot of debian packages that assume that mkfs.ext4 for
Debian N will work on Debian N-1 (and sometimes N-2, N-3, etc.). This
is a bad assumption, but it's too late to fix this for Debian
Bookworm.
So revert making these feature a default for now. We will enable it
again post Bookworm.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
v1.47.0
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
f_crashdisk test failed with UNIX_IO_FORCE_BOUNCE=yes due to unbalanced
mutex unlock in below path.
This patch fixes it.
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
