| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Commit 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size
is too large") added a check for an insanely large s_desc_size to
prevent some failures triggered by fuzz testing. However, it would
allow e2fsck to fall back to recover the file system by using the
backup superblocks by having e2fsck pass the flag
EXT2_FLAG_IGNORE_SB_ERRORS. But by allowing an s_desc_Size of zero,
it's possible that e2fsck will die with a division of zero error.
With this fix, e2fsck will now print an error message and exit
instead.
https://github.com/tytso/e2fsprogs/issues/183
Fixes: 42c11edd0863 ("ext2fs_open[2](), return an error if s_desc_size is too large")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Creating a file system on Windows without a pre-existing file stopped
working because the Windows version of ext2fs_get_device_size2() doesn't
return ENOENT if the file doesn't exist. Fix this.
Fixes: 53464654bd33 ("mke2fs: fix creating a file system image w/o a pre-existing file")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230301034518.373859-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
For changing inode size (-I) and setting quota fearture (-Q), tune2fs
only check whether the filesystem is umounted. Considering mount
namepspaces, the filesystem is umounted, however it already be left
in other mount namespace.
So we add one check whether the filesystem is not in use with using
EXT2_MF_BUSY flag, which can indicate the device is already opened
with O_EXCL, as suggested by Ted.
Reported-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Link: https://lore.kernel.org/r/28455341-ca26-d203-8b54-792bae002251@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When creating a small fs with 100 1k blocks, mke2fs fails with:
Creating filesystem with 100 1k blocks and 8 inodes
Allocating group tables: done
Writing inode tables: done
ext2fs_mkdir: Could not allocate inode in ext2 filesystem while creating /lost+found
Increase s_inodes_per_group with a step of 8 to make
sure we have at least EXT2_FIRST_INO + 1 inodes.
Change-Id: Ib885735641dfa0ed9c6f6a4a1f9afec291673126
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230720125012.641504-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In function ext2fs_image_super_read(), the size of block group
descriptors should be (fs->blocksize * fs->desc_blocks), but not
(fs->blocksize * fs->group_desc_count).
Signed-off-by: Emoly Liu <emoly@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20230714005958.442487-1-dongyangli@ddn.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Update configure.ac to separate Version from Release if there is
a '-' in version.h::E2FSPROGS_VERSION (e.g. "1.46.6-rc1").
Otherwise, the '-' in the version can make RPM building unhappy.
Simplify the generation of E2FSPROGS_VERESION, E2FSPROGS_DATE and
E2FSPROGS_DAY to avoid multiple grep/awk/sed/tr stages.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/1683694677-9366-1-git-send-email-adilger@dilger.ca
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
dumpe2fs has never been modified to correctly report block ranges
corresponding to free clusters in block allocation bitmaps from bigalloc
file systems. Rather than reporting block ranges covering all the
blocks in free clusters found in a block bitmap, it either reports just
the first block number in a cluster for a single free cluster, or a
range beginning with the first block number in the first cluster in a
series of free clusters, and ending with the first block number in the
last cluster in that series.
This behavior causes xfstest shared/298 to fail when run on a bigalloc
file system with a 1k block size. The test uses dumpe2fs to collect
a list of the blocks freed when files are deleted from a file system.
When the test deletes a file containing blocks located after the first
block in the last cluster in a series of clusters, dumpe2fs does not
report those blocks as free per the test's expectations.
Modify dumpe2fs to report full block ranges for free clusters. At the
same time, fix a small bug causing unnecessary !in_use() retests while
iterating over a block bitmap.
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20230721185506.1020225-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When the package-specific copyright information was removed, it
resulted in some information being lost. It probably makes sence to
have all of the licensing information in a single file, so add it back
to the debian/copyright file.
Fixes: 76f2e8d11582 ("debian: remove package-specific copyright notices")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If the file system is mounted, the superblock can be changing while
resize2fs is trying to read the superblock, resulting in checksum
failures. One way of avoiding this problem is read the superblock
using Direct I/O, since the kernel makes sure that what gets written
to disk is self-consistent.
Suggested-by: Krister Johansen <kjlx@templeofstupid.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a test for the commit "e2fsck: fix handling of a invalid symlink
in an inline_data directory"
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If there is an inline directory that contains a directory entry to an
invalid symlink, and that invalid symlink is the portion of the inline
directory stored in an xattr portion of the inode, this can result in
a buffer overrun.
When check_dir_block() is handling the in-xattr portion of the inline
directory, it sets the buf pointer to the beginning of that part of
the inline directory. This results in the scratch buffer passed to
e2fsck_process_bad_inode() to incorrect, resulting in a buffer overrun
if e2fsck_pass1_check_symlink() needs to read the symlink target (when
the symlink is too long to fit in the i_blocks[] space).
This commit fixes this by using the original cd->buf instead of buf,
since it can get modified when handling inline directories.
Fixes: 0ac4b3973f31 ("e2fsck: inspect inline dir data as two directory blocks")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Commit 2d2d799c7261 ("Clean up codes for adding new quota type")
changed the second paramter of quota_write_inode() from taking a
single quota type to taking a logical OR of (1 << quota_types).
The one thing this commit didn't change was the function prototype for
quota_write_inode() in the header file from an enum to an unsigned
int. Most C compilers don't seem to mind, and omission is mostly
harmless. However, mingw64 does issue a warning which gets promoted
to an error.
Fixes: 2d2d799c7261 ("Clean up codes for adding new quota type")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add jobs that cross-compile e2fsprogs for Android using the Android NDK.
These use the autotools-based build system, so they're a bit different
from the actual Android builds, but they should still be useful.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Work around an issue with the Android NDK where its copy of
linux/fsmap.h is missing the inline functions fsmap_sizeof() and
fsmap_advance(). This was causing an error when building e2fsprogs
using the Android NDK, using the autotools-based build system.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix two compiler warnings on 32-bit platforms that have mallinfo() but
not mallinfo2(). These showed up when building e2fsprogs for armv7a or
i686 Android using the Android NDK, targeting Android API level 32 or
lower and using the autotools-based build system.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a test for commit bbe08adac044 ("e2fsck: fix bad htree checksums
in preen mode").
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
No functional changes; just move things around so we can avoid
indenting the code quite so much.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We attempt to fix directories which have a bad/corrupted htree index
node by completely rebuilding the directory htree nodes. Since this
is a very safe thing to do and has no risk of losing directory
entries, we've enabled this for preen mode. Unfortunately, subsequent
index nodes look like empty directory entries that fill the entire
block --- without a checksum at the end of the directory. So these
nodes will be treated as a completely corrupted directory block, and
this will *not* be fixed while in preen mode.
So add code to treat an empty directory entry which covers the entire
block as valid if the directory is already on the list of inodes to be
rebuilt.
Addresses-Gooogle-Bug: 178607853
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Store the config.h file for each platform as a workflow artifact, so
that it will be possible to download them and compare them to
util/android_config.h.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The check for the various unsupported OSes incorrectly checked if
the string "FreeBSD" was true, which it always was. Fix this.
Update the expect file as commit v1.46.4-17-g4ea80d031c7e did to
adjust the total number of blocks requested during resize.
Change-Id: I272dbec67ab30bac6413eb4cba0e3ab00183b893
Fixes: 5a3ea3905f ("tests: force test file systems to be built for Linux OS")
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Older losetup does not have --sector-size, but this isn't really
needed for the test to work. Instead specify the filesystem block
size directly to mke2fs, so that it works on all distros instead
of being skipped.
Change-Id: I5a0c82a9efdefd1b48f4d4288998c7725c9ae71e
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
f_crashdisk test failed with UNIX_IO_FORCE_BOUNCE=yes due to unbalanced
mutex unlock in below path.
This patch fixes it.
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
These are causing a large number of Lintian warnings
"file-without-copyright-information".
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
test_rw() and test_nd() need to allocate two or three times the product
of the block size and the block counts. This can overflow the signed int
type of block_size and result in allocate_buffer() being called with a
value smaller than intended. Once that buffer is written to, badblocks
segfaults.
Since allocate_buffer() accepts a size_t, change the input validation to
use SIZE_MAX and cast accordingly when calculating the argument.
Fixing the segfault allows larger values to be passed to read() and
write(); these need to be cast to size_t as well in order to avoid a
signed integer overflow causing failure, in which case badblocks would
fall back to testing a single block at once.
Before:
$ misc/badblocks -w -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in read-write mode
From block 0 to 524287
Segmentation fault
$ misc/badblocks -n -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in non-destructive read-write mode
From block 0 to 524287
Checking for bad blocks (non-destructive read-write test)
Segmentation fault
After:
$ misc/badblocks -w -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in read-write mode
From block 0 to 524287
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done
Pass completed, 0 bad blocks found. (0/0/0 errors)
$ misc/badblocks -n -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in non-destructive read-write mode
From block 0 to 524287
Checking for bad blocks (non-destructive read-write test)
Testing with random pattern: done
Pass completed, 0 bad blocks found. (0/0/0 errors)
Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Since the conditional checks the product of block_size and
blocks_at_once, reporting that the problem is solely with
blocks_at_once is misleading.
Also change the error to use the name of the parameter listed in the
manual rather than the variable name.
Since blocks_at_once is unsigned, change the test to == rather than <=.
Before:
$ misc/badblocks -w -b 16777216 -c 524288 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: Invalid blocks_at_once: 524288
After:
$ misc/badblocks -w -b 16777216 -c 524288 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: For block size 16777216, blocks_at_once too large: 524288
$ misc/badblocks -w -b 16777216 -c 0 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: Invalid number of blocks: 0
Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
block_size is parsed as an unsigned int from parse_uint(), so retain it
as such until _after_ it has been constrained to a size within INT_MAX.
Lower level code still requires this to be an int, so cast to int for
anything below main().
Before:
$ misc/badblocks -w -b 4294967295 -c 1 /tmp/testfile.bin
misc/badblocks: Invalid block size: -1
After:
$ misc/badblocks -w -b 4294967295 -c 1 /tmp/testfile.bin
misc/badblocks: Invalid block size: 4294967295
Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Before:
$ misc/badblocks -w -b 4294967296 -c 1 /tmp/testfile.bin
misc/badblocks: invalid block size - 4294967296
After:
$ misc/badblocks -w -b 4294967296 -c 1 /tmp/testfile.bin
misc/badblocks: block size too large - 4294967296
The original error is retained for invalid arguments, e.g.:
$ misc/badblocks -w -b foo -c 1 /tmp/testfile.bin
misc/badblocks: invalid block size - foo
Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This works the same way that mount -o offset=<bytes> works, and can be
used to mount particular partitions from a whole disk image.
Signed-off-by: Matt Stark <msta@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Use lseek() with 64bit off_t when _FILE_OFFSET_BITS is 64
this fixes build with musl where there is no _llseek but lseek
is using off_t which is 64bit on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
fallocate can be used to have 64bit off_t provided its compiled with
_FILE_OFFSET_BITS=64 which will be added automatically when
--enable-largefile is used.
[ Run autoreconf to update configure and config.h.in -- TYT ]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
A file system where the superblock claims that the blocks per group is
less than 8 is invalid, so let's reject it at ext2fs_open() time.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We can't call the error handler while holding the CACHE_MUTEX (see
previous commit, "libext2fs: unix_io: fix_potential error path
deadlock in reuse_cache()" for details), so first try to write out all
of the dirty blocks in the cache, and then for those where we had
errors, then call the error handler.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This was reported by [1] but the fix was incorrect. The issue is that
when unix_io was made thread-safe, it was necessary that to add a
CACHE_MUTEX to protect multiple threads from potentially colliding
with the very simple writeback cache used by the unix_io I/O manager.
The original I/O manager was purposefully kept simple, used a
fixed-size cache; accordingly, the locking used also kept simple, and
used a single global mutex.
[1] https://lore.kernel.org/r/310fb77f-dfed-1196-c4ee-30d5138ee5a2@huawei.com
The problem was that if an application (such as e2fsck) registers a
write error handler, that handler would be called with the CACHE_MUTEX
still held, and if that application tried to do any I/O --- for
example, closing the file system using ext2fs_close() and then exiting
--- the application would deadlock.
We should perhaps fix this either by deciding that the simple Unix I/O
cache doesn't actually buy much beyond some system call overhead, or
by putting in a full-fledged buffer I/O cache system which uses a much
larger cache with allocated memory, fine-grained locking and Direct
I/O to prevent double cache at the kernel and userspace level.
However, for now, fix the problem by waiting until after we have
released the CACHE_MUTEX before calling the write handler. This is
good enough given how e2fsck's ehandler.c use case, and in practice no
one else really uses the error handler in any case.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Ran the following command:
bpfmt -w $(find . -name Android.bp)
Change-Id: Ia08c8d481199dfa917dbed2dc218df167f101ce5
From AOSP commit: 30fa5b9af82695711cc1bf749fbb0cd18afa008a
|
|
For warnings not supported by upstream e2fsprogs, it's a waste of time
to suppress them only in specific places, as they can show up anywhere
in future releases of e2fsprogs. Let's consolidate all these warning
suppressions into the top-level Android.bp for e2fsprogs.
Change-Id: Icebc03289dae920cb1b673e605c48f7f2b517625
From AOSP commit: d08d59557a34c6362e3660e7e35bc118591dbbfa
|
|
This is no longer needed.
Change-Id: Ie6a1c098a2e5b9db42c9a239ddfbf682cbd3bad2
From AOSP commit: 890e23673b7496bbf400e6bb5fd555bbb3c4b88f
|
|
Upstream fully supports -Wall now.
Change-Id: Ida895a1c5dfdf168bc6f50049680b2d2bfbb2942
From AOSP commit: 0ef947d1d4890b3fd4509bc1f3c98bb0f0a525f5
|
|
To match what the autotools-based build system does now, always add
include/mingw/ to the include path on Windows. I don't think this makes
a real difference anywhere, but this is much simpler.
Change-Id: I92fdaf3e58029dfca3187af928d943270b2a2109
From AOSP commit: c9aa74eac41f8feeabb2321383161c7cf92cb49b
|
|
Change-Id: Iafeccde9acca678e665b49a4cdb42ac0672e2a84
From AOSP commit: f22381d07818ff7e55e89698a1daf23ba2357d69
|
|
Since commit 4e5f24ae4267 ("Use an autoconf test to detect for a BSD- or
GNU-style qsort_r function"), e2fsck fails to build for Android because
lib/support/sort_r.h assumes that qsort_r() is always available on
"Linux", but in fact it's not supported by Android's libc.
Rename _SORT_R_LINUX to _SORT_R_GNU to clarify that it's really the
glibc convention for qsort_r(), not the "Linux" convention per se, and
make sort_r.h stop setting it automatically when __linux__ is defined.
Note: this change does *not* prevent glibc's qsort_r() from being used
when e2fsprogs is built using the autotools-based build system, as
'configure' checks for qsort_r() too. This change just affects the
fallback behavior for when qsort_r() was not already detected.
Fixes: 4e5f24ae4267 ("Use an autoconf test to detect for a BSD- or GNU-style qsort_r function")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230130215829.863455-1-ebiggers@kernel.org
Change-Id: I4ed2fd6aef5a0d62960988d29e35acd337bb7d02
From AOSP commit: 9f289d0add4f12fa2e4b21754141363a2759d152
|
|
The upstream build system for e2fsprogs doesn't use
-fno-strict-aliasing, so update the Android.bp files to match.
Note: Android's build system currently uses -fno-strict-aliasing by
default anyway, so this change doesn't actually enable strict aliasing.
But that's a bit besides the point. The point is that this project
doesn't need anything special, so we don't need to do anything special.
Change-Id: Ifa637058fd95fdc2b6994a8b801b238e929c1f13
From AOSP commit: c30a15e5d615748d4824dec26f1bda1a86be979c
|
|
The warning this was intended to suppress was already fixed by
upstream commit 108f3021a6b6 ("mke2fs: use ext2fs_get_device_size2() on
all platforms").
Test: mmm external/e2fsprogs
Change-Id: I12de1b58e839658568c2f7cd30f1c2a227fe15f2
From AOSP commit: 7c581e836497595d0748953eb2b533777d9f4fd4
|
|
Address sanitization was disabled in e2fsdroid over 5 years ago, due to
a bug in libext2fs. However, that bug has long since been fixed by
upstream commit 689b7be2da01 ("libext2fs: avoid dereferencing beyond
allocated memory in xattr code"). So it should be fine to re-enable
address sanitization now.
Bug: 68387795
Change-Id: I89a7a1ec1a45d0a2ed76d2e5938dbc127eb267a6
From AOSP commit: c3b223fedcb94e5763c48b93a4445289d13a5eb0
|
|
Compile windows_io.c on Windows, and unix_io.c everywhere else.
Change-Id: Ieab0b9ad5a9f7c275153e0f90553761693967762
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 0c82cec0d1aa70c993b5231a2c2244eb5175e638
|
|
Microdroid uses mke2fs to format encryptedstore partition. This happens
in parallel to apex activation by apexd. Hence, sometime, mke2fs would
fail if some linker libraries are not available.
Create a target (mke2fs.microdroid) with bootstrap: true
Bug: 238179332
Test: Build succeeds & atest MicrodroidTests#encryptedStorageAvailable
Change-Id: I1aa493bfc188bb78e21efe98423f4a79215f7d95
From AOSP commit: 54818f635e4249db903dd17fca22ae11b3c0f3a0
|
|
static_apexer_tools depends on deapexer which depends on blkid. So we
need a static version of blkid.
BUG: b/257933023
TEST: local build of blkid_static
Change-Id: I191840a21df1c10f4371acbe8067f39f148f28b8
From AOSP commit: 2aa5b65667e71bc278117caffa46c331d75d2803
|
|
We need blkid in deapexer to get the filesystem type of the payload
image. However, blkid will not be installed to host out dir unless we
make it host_supported which is what this change is about.
BUG: b/255963179, b/240288941
TEST: m deapexer; then check out/host/linux-x86/bin
Change-Id: I46c1e18b9dbdbeb41c7dfe4e26496004d1b2b3de
From AOSP commit: f12ebffc345741380d9a30ddac528a9b995657cd
|
|
Addresses-Coverity-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Debian introduced a machine-readable copyright file a while ago.
Convert the general copyright file and the package-specific ones,
splitting the info that belongs to the package-specific ones.
Drop debian/e2fsck-static.copyright because that does not have a
file set that is very distinct from the general source; it would
just replicate parts of it.
This change adds some missing licenses that have to be documented
according to Debian Policy §12.5 as well as the copyright info for
many files.
Signed-off-by: Viraj Shah <viraj.shah@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The Kazlib license says:
"Permission is also granted to adapt this software to produce
derivative works, as long as the modified versions carry this copyright
notice and additional notices stating that the work has been modified."
Add the missing notice stating that the work has been modified.
Signed-off-by: Bastian Germann <bage@linutronix.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This suppresses deprecation warnings from github saying that Node 12
has been deprecated and actions to migrate to using Node 16.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Some .c files in lib/uuid/ contain the following:
#ifdef _WIN32
#define _WIN32_WINNT 0x0500
#include <windows.h>
#define UUID MYUUID
#endif
This seems to have been intended to allow the use of a local "UUID" type
without colliding with "UUID" in the Windows API. However, this is
unnecessary because there's no local "UUID" type -- there's only uuid_t.
None of these .c files need the include of windows.h, either.
Finally, the unconditional definition of _WIN32_WINNT causes a compiler
warning when the user defines _WIN32_WINNT themself.
Since this code is unnecessary and is causing problems, just remove it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
It is expected that Windows doesn't have getmntent(), so don't warn
about it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
-Werror wasn't actually being used when building the libraries, as the
libraries use CFLAGS_STLIB instead of CFLAGS.
Use CFLAGS_WARN, which gets included in both.
Note: -Werror can't just be passed to 'configure' like the other flags
are, as it interferes with some of the configure checks.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Starting in Linux 6.2, char is forced to always unsigned when
compiling the kernel, even on those platforms (such as x86) where char
was traditionally signed. This exposed a bug in ext4, where when
calculating the extended attribute entry hash, we used a char value
from the extended attribute name. This resulted with the entry hash,
which is stored on-disk, to variable depending on whether the plaform
used a signed or unsigned char.
Fortunately, the xattr names tend to be ASCII characters with the 8th
bit zero, so it wasn't noticed two decades (this bugs dates back to
the introduction of extended attribute support to ext2 in 2.5.46).
However, when this change was made in v6.2-rc1, the inconsistency
between the extended attribute hash calculated by e2fsprogs (which was
still using a signed char on x86) was different from an x86 kernel,
and this triggered a test failure in generic/454.
This was fixed in kernel commit f3bbac32475b (" ext4: deal with legacy
signed xattr name hash values"), where Linus decreed that it wasn't
worth it to fix this the same way we had addressed has used by the
dir_index feature. Instead, starting in the 6.2 kernel, ext4 will
accept both the hash calculated using signed and unsigned chars, but
set the entry hash using the unsigned char. This commit makes
e2fsprogs follow suit.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Remove trailing newlines and downcase the starting word in the names
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The C standard is wrong[1] with respect to the function signature of
free(), while the kernel's kfree() is correct. Unfortunately, this
leads to compiler warnings.
Sayeth Dennis Ritchie: "Noalias must go. This is non-negotiable"[2].
Noalias went. The confusion around const, alas, still remains.
[1] https://yarchive.net/comp/const.html
[2] https://www.lysator.liu.se/c/dmr-on-noalias.html
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The ino_t type is defined by the system header files, and may be
anything from an unsigned int, unsigned long, or an unsigned long
long. So where we are referring to an ext2/ext3/ext4 inode number, we
should use ext2_ino_t to avoid this ambiguity, especially when passing
an inode number to a printf-style function.
This was detected via a compiler warning on MacOS, but it's
potentially a real bug, since it can cause an error message to print a
garbled inode number.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a workflow file for GitHub Actions, with jobs that build and test
e2fsprogs on various platforms with various options.
The workflow is configured to run on pushes only, since e2fsprogs does
not use GitHub pull requests.
This will work on any e2fsprogs fork on Github that has GitHub Actions
enabled. For example, the results for the testing I've been doing are
at https://github.com/ebiggers/e2fsprogs/actions.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In adjust_superblock(), the 'group_block' variable is declared and set,
but it is never actually used. Remove it.
This addresses the following compiler warning with clang -Wall:
blk64_t group_block;
^
resize2fs.c:1119:11: warning: variable 'group_block' set but not used [-Wunused-but-set-variable]
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
To compile for Windows, this file needs MinGW's implementation of
alarm(). To expose that definition, some macros must be defined before
including the system headers. This was done in Android.bp, but it was
not done in the autotools-based build system. Define these macros in
the source file itself so that all build systems work.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This showed up when building for Windows.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
unix_io_manager is no longer available on Windows. windows_io_manager
must be used instead.
Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
search_sysfs_block() is causing -Wformat-truncation warnings. These
could be fixed by checking the return value of snprintf(), instead of
doing buggy checks like 'strlen(p_de->d_name) > SYSFS_PATH_LEN -
strlen(path) - 32', which has an integer underflow bug.
However, the only purpose of search_sysfs_block() is to find the sysfs
directory for a block device by device number. That can trivially be
done using /sys/dev/block/$major:$minor. So just do that instead. Also
make get_partition_start() explicitly Linux-only, as it has never worked
anywhere else.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
'strncpy(dst, src, strlen(src))' is usually wrong, as it doesn't copy
the null terminator. For this reason, it causes a -Wstringop-truncation
warning with gcc 8 and later.
The code happens to be correct anyway, since the destination buffer is
zero-initialized. But to avoid relying on this, let's just copy the
terminating null.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix two -Wstringop-truncation warnings in is_ext4() by simplifying how
how mnt_type is handled and by using the correct bound for mnt_fsname.
Fix a -Wstringop-truncation warning in main() by replacing the fragile
pattern 'strncpy(dst, src, strnlen(src, N))', which doesn't
null-terminate the destination string, with a standard string copy. (It
happened to work anyway because dst happens to be zero-initialized.)
These warnings showed up when building with -Wall with gcc 8 or later.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The control flow in scandir() (only used on Windows) confuses gcc into
thinking that *name_list is not always set on success, which causes a
-Wmaybe-uninitialized warning in __populate_fs(). As far as I can tell
it's a false positive; however, avoid it by cleanly separating the
success and failure cases in scandir().
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
These showed up when building for Windows.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The macros that e2fsck uses to implement kmalloc et al. use only some of
their arguments, so unlike standard function calls, they can cause
compiler warnings like:
./../e2fsck/revoke.c:141:8: warning: variable 'gfp_mask' set but not used [-Wunused-but-set-variable]
Fix this by providing a proper definition for each function, making sure
to match the function prototypes used in the kernel.
Remove the kmem_cache_t typedef, as it doesn't exist in the kernel.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When building libuuid for Windows with MinGW with the default settings,
there is a build error in lib/uuid/gen_uuid.c because the explicit
definition of gettimeofday() conflicts with MinGW's declaration of
gettimeofday(). gen_uuid.c apparently expects USE_MINGW to be defined
to avoid that, but the build system doesn't actually do that.
Since native Windows builds of e2fsprogs are currently only supported
via MinGW anyway (in particular, Visual Studio is not supported), let's
fix this by just removing our own definition of gettimeofday().
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add braces to address the following compiler warning with gcc -Wall:
print_fs_flags.c:24:42: warning: missing braces around initializer [-Wmissing-braces]
24 | static struct flags_name flags_array[] = {
| ^
Also add 'const', and add an explicit NULL in the last entry.
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Address the following compiler warning with gcc -Wall:
devname.c: In function ‘get_devname’:
devname.c:61:1: warning: label ‘out_strdup’ defined but not used [-Wunused-label]
61 | out_strdup:
| ^~~~~~~~~~
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
'make install' does not work because libss tries to install a man page
without creating the directory first. Fix this.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
_WIN32 is the standard macro to detect (native) Windows, regardless of
32-bit or 64-bit. _WIN64 is for 64-bit Windows only. Use _WIN32 where
_WIN64 was incorrectly being used.
This fixes several 32-bit Windows build errors, for example this one:
plausible.c: In function ‘print_ext2_info’:
plausible.c:109:31: error: ‘unix_io_manager’ undeclared (first use in this function); did you mean ‘undo_io_manager’?
109 | unix_io_manager,
| ^~~~~~~~~~~~~~~
| undo_io_manager
Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This showed up when building for Windows.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
init_private_data() triggers a -Wstringop-truncation warning, due to a
real bug. Fix it.
windows_open() has a -Wunused-variable warning because some
macOS-specific code was copied there for no reason. Remove it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
size_t should be matched by %zu, not %lu. This fixes a -Wformat warning
when building for 32-bit x86.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Since the 'now' variable is only used to calculate 'inuse', and 'inuse'
is only used when defined(ENABLE_BMAP_STATS_OPS), it makes sense to
guard the declaration and initialization of 'now' and 'inuse' by the
same condition, just like the '*_perc' variables in the same function.
This addresses the following compiler warning with clang -Wall:
double inuse;
^
gen_bitmap64.c:187:9: warning: variable 'inuse' set but not used [-Wunused-but-set-variable]
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The EXT2FS_ADDR() macro is causing -Warray-bounds warnings because it
(sort of) dereferences past the end of the input array. It's not a
"real" dereference, since the result is passed as a memory operand to
inline asm. But in the C language sense, it is a dereference.
Instead of trying to fix this code, let's consider that libext2fs *only*
implements the bit operations in assembly for 32-bit x86, which is
rarely used anymore. The fact that compilers have also improved, and no
one has implemented these for another architecture, even x86_64,
suggests it's not useful either. So, let's just remove this outdated
code, which was maybe useful in the 90s, but now just causes problems.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In init_debug(), avoid -Wunused-variable and -Wunused-but-set-variable
warnings when HAVE_FCNTL is not defined by only declaring 'fd' and
'flags' when HAVE_FCNTL is defined. This affected Windows builds.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
As per 'man 3 errno':
On some ancient systems, <errno.h> was not present or did not
declare errno, so that it was necessary to declare errno manually
(i.e., extern int errno). **Do not do this**. It long ago ceased
to be necessary, and it will cause problems with modern versions of
the C library.
One of the platforms it causes a problem on is Windows:
In file included from fgetversion.c:28:
fgetversion.c: In function ‘fgetversion’:
fgetversion.c:68:20: warning: ‘_errno’ redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
68 | extern int errno;
| ^~~~~
Just remove these obsolete manual declarations of errno.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This affected Windows builds.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Unfortunately, gcc gets confused by blkid_strndup() and incorrectly
thinks the destination string is not being null-terminated. This is
part of -Wstringop-truncation, enabled automatically by -Wall in gcc 8
and later. Let's just suppress this warning here.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When _FORTIFY_SOURCE is defined, glibc annotates link() with the
warn_unused_result function attribute. With gcc, that makes
'(void) link()' cause a -Wunused-result warning, despite the explicit
cast to void. That's annoying, since the use case in lib/blkid/save.c
is legitimate (opportunistic backup). So let's suppress this warning.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This showed up when building for Windows. It's hard to conditionally
define this variable, so use the 'unused' attribute.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
With -Wall, gcc warns:
./probe.c:1209:42: error: taking address of packed member of
'struct hfs_mdb' may result in an unaligned pointer value
This seems to be a real unaligned memory access bug, as the offset of
the 64-bit value from the start of the buffer is 116, which is not a
multiple of 8. Fix it by using memcpy().
Do the same for hfsplus to fix the same warning, though in that case the
offset is a multiple of 8 so it was defined behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
libblkid contains 32-bit x86 assembly language implementations of 16-bit
and 32-bit byteswaps. However, modern compilers can easily generate the
bswap instruction automatically from the corresponding C expression.
And no one ever bothered to add assembly for x86_64 or other
architectures, anyway. So let's just remove this outdated code, which
was maybe useful in the 90s, but is no longer useful.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Currently Windows builds of e2fsprogs rely on the Windows Socket API
(Winsock) to provide htonl() and ntohl(). For this to actually work,
though, HAVE_WINSOCK_H needs to be defined, and the binaries need to be
linked to -lws2_32. The Android.bp files do this; however, the
autotools-based build system does not.
Since htonl() and ntohl() are trivial, let's instead just add a file
include/mingw/arpa/inet.h with definitions for these.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The version of install-sh in the source tree is extremely old and
doesn't work when passed multiple path arguments, which breaks
'make install' on macOS.
Therefore, delete this file and run 'autoreconf -i' to update it to the
latest version.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Run autoreconf.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Since the include/mingw/ directory needs to be on the include path when
building for Windows with MinGW, add it to INCLUDES automatically, and
AC_DEFINE the corresponding HAVE_*_H constants.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The tdb support does not build for Windows, due to the use of various
UNIX-isms, so disable it by default when building for Windows.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Cygwin and MSYS2 are UNIX-compatible platforms on top of Windows, so
they should use the UNIX I/O manager, not the Windows I/O manager.
(Note that "cygwin" was misspelled as "cigwin", so the code did not have
the intended effect anyway.)
Fixes: d1d44c146a5e ("ext2fs: compile the io implementation according to os")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In our knowledge, ext2fs_mmp_stop use to process the rest of work
when mmp will finish. Critically, it must check if the mmp block is
not changed. But there exist an error in comparing the mmp and mmp_cmp.
Look to ext2fs_mmp_read, the assignment of mmp_cmp retrieve from the
superblock of disk and it copy to mmp_buf if mmp_buf is not none
and not equal to mmp_cmp in the meanwhile. However, ext2fs_mmp_stop
pass the no NULL pointer fs->mmp_buf which has possed the mmp info to
ext2fs_mmp_read. Consequently, ext2fs_mmp_read override fs->mmp_buf
by fs->mmp_cmp so that loss the meaning of comparing themselves
after that and worse yet, couldn't judge whether the struct of mmp
has changed.
In fact, we only need to modify the parameter to NULL pointer for
solving this problem.
Signed-off-by: lihaoxiang <lihaoxiang9@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Typos found with codespell.
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When cloning multiply-claimed blocks for an inode,
clone_file() uses ext2fs_block_iterate3() to iterate
every block calling clone_file_block().
clone_file_block() calls check_if_fs_cluster(), even
the block is not on the block_dup_map, which could take
a long time on a large device.
Only check if it's metadata block when we need to clone
it.
Test block_metadata_map in check_if_fs_block()
and check_if_fs_cluster(), so we don't need to go over
each bg every time. The metadata blocks are already
marked in the bitmap.
Before this patch on a 500TB device with 3 files having
3 multiply-claimed blocks between them, pass1b is stuck
for more than 48 hours without progressing,
before e2fsck was terminated.
After this patch pass1b could finish in 180 seconds.
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Tune2fs hasn't consider about the result of executing ext2fs_mmp_update2
when it try to rewrite_metadata_checksums. If the ext2fs_mmp_update2
failed, multi-mount protection couldn't guard there has the only node
(i.e. this program) accessing this device in the meantime.
We solve this problem to verify the return value of ext2fs_mmp_update2.
It terminate rewrite_metadata_checksums and exit immediately if the
wrong error code returned.
Signed-off-by: lihaoxiang <lihaoxiang9@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix this reported typo.
Reported-by: paul kairis <kairis@gmail.com>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Currently this function was not correctly comparing against the right
length of the bitmap. Also when we compare bitarray v/s rbtree bitmap
the value returned by ext2fs_test_generic_bmap() could be different in
these two implementations. Hence only check against boolean value.
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Since the kernel is being fixed to consider journal inodes with the
'encrypt' flag set to be invalid, also update e2fsck accordingly.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
I find a error in misc/fsck.c, if run the fsck -N command, processes
don't execute, just show what would be done. However, the pid whose
value is -1 is added to the instance_list list in the execute
function,if the kill_all function is called later, kill(-1, signum)
is executed, Signals are sent to all processes except the number one
process and itself. Other processes will be killed if they use the
default signal processing function.
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
I encountered an I/O error on writing the superblock on a drive:
...
pwrite64(3, ..., 114688, 97844727808) = 114688
fsync(3) = -1 EIO (Input/output error)
close(3) = 0
...
The error was silently ignored, only indicated by the exit value. Let's
print an error message.
The error message was taken from mke2fs in order to reuse the
translations.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
A pseudo-filesystem, such as tmpfs, can have anything at all in its
mnt_fsname entry. Normally, it is just "tmpfs", like this:
tmpfs /tmp tmpfs rw,relatime,inode64 0 0
^^^^^
but in a pathological or malicious case, a system administrator can
specify a block device as its mnt_fsname which is the same as some
other block device. For example:
/dev/loop0 /tmp/test-tmpfs tmpfs rw,relatime,inode64 0 0
^^^^^^^^^^
/dev/loop0 /tmp/test-mnt ext4 rw,relatime 0 0
In this case, ext2fs_check_mount_point() may erroneously return that
the mountpoint for the file system on /dev/loop0 is mounted on
/tmp/test-tmpfs, instead of the correct /tmp/test-mnt. This causes
problems for resize2fs, since in order to do an online resize, it
needs to open the directory where the file system is mounted, and
trigger the online resize ioctl. If it opens the incorrect directory,
then resize2fs will fail.
So we need to add some additional checking to make sure that
directory's st_dev matches the block device's st_rdev field.
An example shell script which reproduces the problem fixed by this
commit is as follows:
loop_file=/tmp/foo.img
tmpfs_dir=/tmp/test-tmpfs
mnt_dir=/tmp/test-mnt
mkdir -p $tmpfs_dir $mnt_dir
dd if=/dev/zero of=$loop_file bs=1k count=65536
test_dev=$(losetup --show -f $loop_file)
mke2fs -t ext4 -F -b 1024 $test_dev 32768
mount -t tmpfs $test_dev $tmpfs_dir # create the evil /proc/mounts entry
mount -t ext4 $test_dev $mnt_dir
ln -f ${test_dev} ${test_dev}-ln
resize2fs ${test_dev}-ln
[ Fixed up the corrupted patch and rewrote the commit description to
be more clear -- tytso ]
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
$ tune2fs -O ^has_journal -ff /dev/sdh2
Recovering journal. tune2fs: Unknown code ____ 251 while recovering journal.
Before: Please run e2fsck -fy -O.
After: Please run e2fsck -fy /dev/sdh2.
Note this doesn't fix the "Unknown code" message, just the "Please run
e2fsck" one.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In ext2fs_run_ext3_journal(), fs will be freed and reallocated.
However, the reallocation by ext2fs_open() may fail in some cases ---
for example, when the device becomes offline. To avoid a segfault,
exit if fs is NULL.
[ Simplified the patch by by simply exiting if fs is NULL -TYT ]
Signed-off-by: Li Jinlin <lijinlin3@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
BSD is planning on changing their qsort_r() implementation to align
with the POSIX/GNU-style qsort_r() function signature. So use an
autoconf test to determine which qsort_r() a system has.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
As `set_inode_xattr()` doesn't fail if the `llistxattr()` function is
not available, it seems inconsistent to let `set_inode_xattr()` fail if
`llistxattr()` fails with `ENOTSUP`, indicating that the filesystem
doesn't support extended attributes.
Signed-off-by: Jürg Billeter <j@bitron.ch>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix a wrong mixed shared/static library inclusion that has been unveiled
by a recent clang upgrade to clang-r450784e: the linker couldn't find
the requested object reference and caused the tool to crash.
libsnapshot_fuzzer_test was luckily catching this misbehaviour as it was
crashing as well when trying to format a loop device as ext4.
Bug: 230851331
Test: m && atest libsnapshot_fuzzer_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I20b7b1d66920eb8f767e49311f913564f14ee30e
Fix AOSP commit: 83239ca87da0bbdb088be7f0d048472e837899c2
|
|
Test: Treehugger
Bug: 226636335
Change-Id: If46f7b11aadcb29e33e36b67c56078ce5fa17b94
Fix AOSP commit: 19f3f24750096491b74d1f990adb617f3a5bba40
|
|
The e2fsdroid build fails with musl because config.h is not included
before ext2fs.h, which causes HAVE_SYS_TYPES_H not to be defined
resulting in a missing definition for dev_t.
Include config.h at the top of each .c file, and remove extra
config.h include from perms.h.
Bug: 190084016
Test: m USE_HOST_MUSL=true fastboot
Change-Id: I95b3fff3f10ba85c00ec049811dd6b5d412e5dd2
From AOSP commit: 09c63d5edd35e3ca8366be0d92aad922d8895ac1
|
|
This is to support the cuttlefish f2fs/ext4
userdata filesystem.
Bug: 142424832
Test: local build
Change-Id: I7acb772e77d9250805e5a8a7e68f136deda7c5cb
From AOSP commit: 5df70145b418f84a2d0570e106fd055dbc9d0038
|
|
These checks will be skipped for e2fsck when it uses the flag
EXT2_FLAG_IGNORE_SB_ERRORS.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If some error occurs, tune2fs_main() will go to closefs tag for
releasing resource, and it should return correct value (rc) instead
of 0 when ext2fs_close_free(&fs) successes.
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Artem Blagodarenko <artem.blagodarenko@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When ext2fs_run_ext3_journal() fails, tune2fs cmd will occur one
segfault problem as follows.
(gdb) bt
#0 0x00007fdadad69917 in ext2fs_mmp_stop (fs=0x0) at mmp.c:405
#1 0x0000558fa5a9365a in main (argc=<optimized out>, argv=<optimized out>) at tune2fs.c:3440
misc/tune2fs.c:
main()
-> ext2fs_open2(&fs)
-> ext2fs_mmp_start
......
-> retval = ext2fs_run_ext3_journal(&fs)
-> if (retval)
// if ext2fs_run_ext3_journal fails, close and free fs.
-> ext2fs_close_free(&fs)
-> rc = 1
-> goto closefs
......
closefs:
-> if (rc)
-> ext2fs_mmp_stop(fs) // fs has been set to NULL, boom!!
-> (ext2fs_close_free(&fs) ? 1 : 0); // close and free fs
In main() of tune2fs cmd, if ext2fs_run_ext3_journal() fails,
we should set rc=1 and goto closefs tag, in which will release fs
resource.
Fix: a2292f8a5108 ("tune2fs: reset MMP state on error exit")
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This fixes failures when running "make install" or "make destclean"
from the top level directory.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
It doesn't seem to be necessary since ext2fs_mmp_write doesn't write
via mmp_fd, and opening the block device with O_RDWR will trigger
udev.
Triggering udev is bad because it leads to an infinite loop when
running dumpe2fs in response to a udev event.
[ Rebased onto the maint branch, and added O_RDONLY flag. From the
open(2) man page: "The argument flags must include one of the
following access modes: O_RDONLY, O_WRONLY, or O_RDWR." -- TYT ]
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
As submitted by Carlos Cabrera:
We need to set the `-install_name` flag so that library consumers
can find the linked libraries when installed outside the default
dyld search path. This is the case, for example, when installed
using the Homebrew package manager on Apple Silicon.
I've removed the `-flat_namespace` flag because this flag is
effectively deprecated, and can cause issues when using `dlopen`
[1]. We also need to change `-undefined warning` to `-undefined
dynamic_lookup`, since the former flag is not supported without
`-flat_namespace`. Using `-undefined dynamic_lookup` instructs the
dynamic loader to resolve undefined symbols at run/load-time.
These are the flags used by Libtool on the newest versions of
macOS, and we've applied similar patches to many other packages at
Homebrew without any issues.
[1] https://developer.apple.com/forums/thread/689991
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Addresses-Coverity-Bug: 709478
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Except for e2fsck (where we want to expose the corrupted directory
entries to e2fsck mostly so that the e2fsck output stays the same on
big-endian machines compared to little-endian machines, so we don't
break our regression tests), if the directory block is corrupted, and
ext2fs_dirent_swab_in[2](), trips across this, return an error. This
will make sure that naive users of libextfs will not try to handle a
corrupted directory block. This prevents potential buffer overruns in
the byte swapping code paths.
This commit does not cause any functional change on little-endian
systems.
Addresses-Coverity-Bug: 1433408
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If the number of blocks or inodes per block group is not a multiple of
8 (which are invalid values) ext2fs_image_bitmap{read,write} can loop
forever. These file systems should be not be allowed to be opened
(without EXT2_FLAG_IGNORE_SB_ERRORS) but for the fact that a long time
ago, Android devices used a buggy (but BSD-licensed, which was what
was important to the early Android founders) program for creating file
systems which would create these invalid file systems. E2fsck
couldn't actually correctly repair these file systems, but adding a
check to enforce this (in e2fsprogs and in the kernel) would have
broken some of these devices, so support for these bogus file system
was in a grey area for many years.
We will be tightening this up soon, but for now, we'll apply this
quick fix so attempts to use e2image won't hang forever. (Not that
Android ever shipped e2image in those days, of course...)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Currently in varisous e2fsprogs tools, most notably tune2fs and e2fsck
we will get the device name by passing the user provided string into
blkid_get_devname(). This library function however is primarily intended
for parsing "NAME=value" tokens. It will return the device matching the
specified token, NULL if nothing is found, or copy of the string if it's
not in "NAME=value" format.
However in case where we're passing in a file name that contains an
equal sign blkid_get_devname() will treat it as a token and will attempt
to find the device with the match. Likely finding nothing.
Fix it by checking existence of the file first and then attempt to call
blkid_get_devname(). In case of a collision, notify the user and
automatically prefer the one returned by blkid_get_devname(). Otherwise
return either the existing file, or NULL.
We do it this way to avoid some existing file in working directory (for
example LABEL=volume-name) masking an actual device containing the
matchin LABEL. User can specify full, or relative path (e.g.
./LABEL=volume-name) to make sure the file is used instead.
Link: https://lore.kernel.org/r/20220812130122.69468-1-lczerner@redhat.com
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Daniel Ng <danielng@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Addresses-Coverity-Bug: 1500765
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Blocksize can never be negative, and this makes the use of signed vs
unsigned variables for offsets be consistent.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Addresses-Coverity-Bug: 1500772
Addresses-Coverity-Bug: 1500769
Addresses-Coverity-Bug: 1500767
Addresses-Coverity-Bug: 1500758
Addresses-Coverity-Bug: 1500756
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We only print the parent directory to help provide context to the
user, but it's possible that a corrupted directory doesn't have a '..'
link.
Addresses-Coverity-Bug: 1507762
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
No functional changes, but streamline the logic, and avoid a coverity
warning.
Addresses-Coverity-Bug: 1507763
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
E2fsck will attempt to mutate filenames to ensure uniqueness if
necessary. If there are two unique filenames that are 254 or 255
characters in length and do not contain the '~' character, the
mutate_name() function would create a filename which is 256 bytes
long, which is not a legal filename in Linux. Adjust the mutate_name
function to avoid this possibility.
Addresses-Coverity-Bug: 1500768
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Neither of these two warnings can actually happen (other limits will
be hit first), but widening the integer to a 64-bit unsigned integer
is an cheap and effective way to silence the Coverity warnings.
Addresses-Coverity-Bug: 1500760
Addresses-Coverity-Bug: 1507886
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The use of ext2fs_get_arrayzero() to replace using ext2fs_get_array()
+ memset() does not result in any functional change, but it (a) is
slightly more efficient, and (b) makes it easier for Coverity to avoid
signalling a false positive.
Addresses-Coverity-Bug: 1500763
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The function recover_ext3_journal() in debugfs/journal.c, if the log
replay is over, the j_tail_sequence in journal superblock is not
changed to the value of the last transaction sequence. This will
cause subsequent log commitids to count from the commitid in last
time. After tune2fs -e, the log commitid is counted from the commitid
in last time, if the log ID of the current operation overlaps with
that of the last operation, this will cause logs that were previously
replayed by tune2fs to be replayed here.
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: liangyun <liangyun2@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If the ncheck argument is of the form "<ino>", allow it for ncheck
for consistency with other commands that accept an inode number.
Improve the error message, use "Invalid inode number" instead
of "Bad inode", which implies the inode content being bad.
Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When debugfs runs with "-c", it prints a scary-looking message:
catastrophic mode - not reading inode or group bitmaps
that is often misunderstood by users to mean that there is something
wrong with the filesystem, when there is no problem at all.
Not reading the bitmaps is totally normal and expected behavior for
the "-c" option, which is used to significantly shorten the debugfs
command execution time by not reading metadata that isn't needed for
commands run against very large filesystems.
Since there is often confusion about what this message means, it
would be better to just avoid printing anything at all, since the
use of "-c" is expressly requesting this behavior, and there are
no messages printed out for other options.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Dongyang Li <dongyang@ddn.com>
Change-Id: I59b26a601780544ab995aa4ca7ab0c2123c70118
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
We ran into this because we noticed that resize2fs -P $device was
triggering udev events.
I added a very simple test that just checks resize2fs -P on a file
lacking the w bit succeeds.
Signed-off-by: Michael Hudson-Doyle <michael.hudson@ubuntu.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix the ACL-printing tests to be more flexible for different systems.
If the MKFS_DIR is on tmpfs, it will not list "system.posix_acl*"
xattrs, so they will not be copied. Create this on a real filesystem
or skip the test if that doesn't work.
Filter out the security.selinux xattr if it is printed, since this
depends on the selinux configuration of the host system. However,
this also spills xattrs for "acl_dir/file" into an external xattr
block, and causes it to fail due to different block allocations.
Increase the filesystem inode size so that the allocation is the same
regardless of whether selinux is enabled or not.
Fixes: 67e6ae0a35 ("mke2fs: fix a importing a directory with an ACL")
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Artem Blagodarenko <artem.blagodarenko@hpe.com>
Reviewed-by: Li Dongyang <dongyangli@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Combining superblock (-b) with undo file (-z) fails iff the block size
is not specified (-B) and is different from the first blocksize probed
in try_open_fs (1k). The reason is as follows:
try_open_fs() will probe different blocksizes if none is provided on
the command line. It is done by opening and closing the filesystem
until it finds a blocksize that makes sense. This is fine for all
io_managers, but undo_io creates the undo file with that blocksize
during ext2fs_open. Once try_open_fs realizes it had the wrong
blocksize and retries with a different blocksize, undo_io will read
the previously created file and think it's corrupt for this
filesystem.
Ideally, undo_io would know this is a probe and would fix the undo file.
It is not simple, though, because it would require undo_io to know the
file was just created by the probe code, since an undo file survives
through different fsck sessions. We'd have to pass this information
around somehow. This seems like a complex change to solve a corner
case.
Instead, this patch changes the blocksize probe to always use the
unix_io_manager. This way, we safely probe for the blocksize without
side effects. Once the blocksize is known, we can safely reopen the
filesystem under the proper io_manager.
An easily reproducer for this issue (from Ted, adapted by me) is:
mke2fs -b 4k -q -t ext4 /tmp/foo.img 2G
e2fsck -b 32768 -z /tmp/undo /tmp/foo.img
Reported-by: Peter Urbanec <linux-ext4.vger.kernel.org@urbanec.net>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Quiet various compiler warnings about unreferenced or unset variables.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This patch rounds down the size provided to resize2fs to the nearest
cluster boundary for bigalloc filesystems. This is similar to the
trimming already done for page boundary alignment. Aligning the size in
the user space provides the right value feedback from the resize2fs
command, which is a better user experience than trimming the size
in the kernel.
Signed-off-by: Oleg Kiselev <okiselev@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Add a missing default: case when expanding percent expansions in the
log file specified in /etc/e2fsck.conf.
Addresses-Coverity-Bug: 1500757
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The fuzzers from oss-fuzz in projects/e2fsprogs/fuzz (as of commit
78ecd3f07fca with some slight modifications for better error
reporting) have been placed in the tests/fuzz directory and the
configure script now supports a new option --enable-fuzzing which will
build these fuzzers using clang's -fsanitize=fuzzer command line
option.
In general, some sanitizer such as --enable-addrsan or --enable-ubsan
(to enable ASAN or UBSAN, respectively) should be enabled alongside
--enable-fuzzing.
A typical configure command to build the fuzzers might be:
configure CC=clang CXX=clang++ CFLAGS=-g --enable-fuzzing --enable-addrsan
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
bmap->cluster_bits has a maximum value of 19, but Coverity doesn't
know that. To make it happy, and just in case there is a bug where
somehow the cluster size does get set to an invalid value and the rest
of the library doesn't check it, use 1ULL instead of 1 to avoid the
integer overflow.
Addresses-Coverity-Bug: 1500759
Addresses-Coverity-Bug: 1500764
Addresses-Coverity-Bug: 1500771
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The ext2_extent_info.max_depth is zero-based (e.g., it is zero when
the entire extent tree fits in the inode). Hence, if it is equal to
MAX_EXTENT_DEPTH_COUNT we should always rebuild the extent tree to
shorten it.
Also, for 1k block file systems, it's possible for the worst-case
extent tree in its most compact form to have a maximum depth of 6, not
5. So set MAX_EXTENT_DEPTH_COUNT to 8 just to be sure we have plenty
of headroom. (The kernel supports an extent depth up to 2**16, but
e2fsck only keeps statistics up to MAX_EXTENT_DEPTH_COUNT, and if it's
deeper than that, we know that it will be profitable to rebuild the
extent tree in any case.)
Addresses-Coverity-Bug: 1507761
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
systems
The ext2fs_open() function will only allow journal_dev file systems to
be open if explicitly requested by programs using the
EXT2_FLAG_JOURNAL_DEV_OK flag. Those programs will not try to call
functions that make no sense, such as ext2fs_read_inode(),
ext2fs_read_bitmaps(), etc. Just to make things the library more
robust against buggy programs (or unrealistic fuzzers) add a check for
journal_dev file systems to various ext2fs library functions to return
a new error, EXT2_ET_EXTERNAL_JOURNAL_NOSUPP.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Previously, ext2fs_open() and ext2fs_open2() would return an error if
s_desc_size is too small. Add a check so it will return an error if
s_desc_size is too large, as well.
These checks will be skipped for e2fsck when it uses the flag
EXT2_FLAG_IGNORE_SB_ERRORS.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
It is logal (albeit rare) for the number of block groups per flex_bg
to 2**31 (which effectively means to put all of the block groups into
a single flex_bg). However, in that case "1 << 31" is undefined on
architectures with a 32-bit integer. Fix this UBSAN complaint by
using "1U << 31" instead.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
flex_bg size
If s_log_groups_per_flex is greater than 31, it will result in an
UBSAN error, since it will result in an invalid shift exponent when
calculating the flex_bg size. So reject such file systems when they
are opened. (The mke2fs program will not allow the creation of such
file systems, so they can only occur due to corruption.)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
cluster size
If the cluster size is smaller than the block size, this can result in
a negative shift, which is undefined. When such a file system is
opened, immediately return an error indicating that the file system is
corrupted.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When performing an off-line resize, if an inode's block map needs to
be updated, resize2fs will update the inode's ctime. In addition, if
inode numbers need to be renumbered due to the file system shrinking
forcing the inode table to be shrunk, any directories which need to be
modified will have their ctime and mtime updated.
If the E2FSPROGS_FAkE_TIME environment variable is set, when the file
system is opened, fs->now will be set to this value, and resize2fs
needs to use it instead of calling time(0) to get their current time.
Addresses-Google-Bug: 230874381
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If the extent tree has out-of-range physical block numbers, don't try
to release them.
Also add a similar check in ext2fs_block_alloc_stats2() to avoid a
NULL pointer dereference.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
In the extent tree handling code in libext2fs, when we go move down
the extent tree, if a cyclic loop is detected, return an error.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
The kernel doesn't support extent trees deeper than 5
(EXT4_MAX_EXTENT_DEPTH). For this reason we only maintain the extent
tree statistics for 5 levels. Avoid out-of-bounds writes and reads if
the extent tree is deeper than this.
We keep these statistics to determine whether we should rebuild the
extent tree. If the extent tree is too deep, we don't need the
statistics because we should always rebuild the it.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
When checking an extended attrbiute block for correctness, we check if
the starting offset plus the value size exceeds the end of the block.
However, we weren't checking if the size was too large, and if it is
so large that it triggers a wraparound when we added the starting
offset, we won't notice the problem. Add the missing check.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If there is an inline data directory which is smaller than 8 bytes
(which should never happen but for corrupted or fuzzed file systems),
ext2fs_process_dir_block() will now abort EXT2_ET_DIR_CORRUPTED to
avoid an out-of-bounds read.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If there isn't enough space for a full extended attribute entry,
inc_ea_inode_refs() might end up reading beyond the allocated memory
buffer.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
E2fsck replays the journal before sanity checking the full superblock.
So it's possible that the journal inode number is not valid relative
to the number of block groups. So to avoid potentially an array
bounds overrun, sanity check this before trying to find the journal
inode.
Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
If the quota type is invalid, quota_sb_inump will return NULL; this
should not cause the program to crash.
Link: https://lore.kernel.org/r/ee0b034c-71f3-63b7-a8de-d8e7760b9545@huawei.com
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Link: https://lore.kernel.org/r/d0632bbc-9713-38a9-c914-137b702f6ae1@huawei.com
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
This should only happen if there is a programming bug, but better safe
than sorry.
Link: https://lore.kernel.org/r/9a9c6658-a8b3-794a-85df-c3bdf0470111@huawei.com
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Link: https://lore.kernel.org/r/cbfd9852-bc89-1e83-f101-36fd29a0e70e@huawei.com
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Link: https://lore.kernel.org/r/6d2844c7-0fd2-e432-3c7e-bb8de8c8a186@huawei.com
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Don't call into ext2fs_get_pathname() to do a name lookup for a
disconnected directory, since the directory block traversal in
pass1 has already scanned all of the leaf blocks and never finds
the entry, always printing "???". If the name entry had been
found earlier, the directory would not be disconnected in pass3.
Instead, lookup ".." and print the parent name in the prompt, and
then do not search for the current directory name at all. This
avoids a useless full directory scan for each disconnected entry,
which can potentially be slow if the parent directory is large.
Separate the recursively looped directory case to a new error code,
since it is a different problem that should use its own descriptive
text, and a proper pathname can be shown in this case.
Lustre-bug-Id: https://jira.whamcloud.com/browse/LU-15330
Change-Id: If17a92689f24f365ca1fbe5c837e7d5f383ebbe5
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
It isn't totally clear when searching the code for PROMPT_*
constants from problem codes where these messages come from.
Similarly, there isn't a direct mapping from the prompt string
to the constant.
Add comments that make this mapping more clear.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Fix the "chattr -h" usage message to properly document that the
"-p" option takes a project argument, like "-v" takes a version.
Update the man page formatting to emphasize literal strings.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
