Theodore Ts'o [Mon, 17 Dec 2007 20:16:44 +0000 (15:16 -0500)]
libuuid: When starting uuidd, use waitpid() to reap the zombie process
The uuidd process will fork and let the parent process exit to create
the daemon. So use waitpid to reap the zombie, as well as using it to
time when it is safe to try to connect to the daemon.
Theodore Ts'o [Mon, 17 Dec 2007 20:12:04 +0000 (15:12 -0500)]
uuidd: Use /var/lib/libuuid instead of /var/run/uuidd
/var/run can get completely removed at reboot, and uuidd doesn't have
permissions to recreate /var/run/uuidd. So instead use
/var/lib/libuuidd for the unix domain socket and pid files.
Theodore Ts'o [Sun, 16 Dec 2007 22:21:38 +0000 (17:21 -0500)]
Add uuidd daemon to prevent duplicate time-based UUID's
Also store the clock sequence information in a state file in
/var/lib/misc/uuid-clock so that if the time goes backwards the clock
sequence counter can get bumped. This allows us to completely
correctly generate time-based (version 1) UUID's according to the
algorithm specified RFC 4122.
will cause fsck to issue warnings about invalid fstab lines, because
fsck was previously treating '#' as a comment when it appeared
anywhere in an fstab line, not just at the beginning of the line.
Theodore Ts'o [Sun, 16 Dec 2007 17:26:57 +0000 (12:26 -0500)]
blkid: Output non-printing characters using ^ and M- notation
When printing the value of tags in a formatted format, print control
characters and characters with the high eight bit set using the ^ and
M- notation, respectively. This prevents a filesystem with a garbage
label from potentially screwing up the user's screen (for example,
putting it into graphical mode).
Theodore Ts'o [Sun, 16 Dec 2007 03:31:03 +0000 (22:31 -0500)]
libcom_err: Fix sign-extension problem on 64-bit systems in error_message()
On 64-bit systems (or anything with sizeof(long) > sizeof(int)), we
sometimes get error codes passed to error_message which have been cast
from an (int) to an (unsigned int). This almost always happens if
you're using libgssapi_krb5, which returns an error code which is less
than 0 but is returned in an (unsigned int).
For example, -1765328377L gets cast to 2529638919, which is
0x96c73a07, not 0xffffffff96c73a07, so error_message() fails to find a
matching error table.
When error_message() then calls the error_table_name() function to get a
name to use in the "unknown code" message, it gets a correct value back.
This happens because error_table_name() drops most of the higher bits of
the parameter it's passed before doing anything else with it (& 077777777f,
or & 0xffffff). If we did the same thing in error_message(), we wouldn't
have a problem there, either.
Theodore Ts'o [Sun, 16 Dec 2007 00:39:37 +0000 (19:39 -0500)]
ext2fs_flushfs: Remove the NEEDS_RECOVERY from the backup superblocks
Now that e2fsck tries to backup the primary superblock to the backups
when the feature sets ar different, it's important when tune2fs writes
out a changed superblock, that we filter out the
EXT3_FEATURE_INCOMPAT_RECOVER feature to the backup superblocks, since
it will be removed from the primary superblock either when the
filesystem is mounted uncleanly or when journal is replayed.
Theodore Ts'o [Sat, 10 Nov 2007 00:01:06 +0000 (19:01 -0500)]
libext2fs: Add checks to prevent integer overflows passed to malloc()
This addresses a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small. This can
lead to either a crash or potentially a heap-based buffer overflow
crash. No known exploits exist, but main concern is where an
untrusted user who possesses privileged access in a guest Xen
environment could corrupt a filesystem which is then accessed by the
pygrub program, running as root in the dom0 host environment, thus
allowing the untrusted user to gain privileged access in the host OS.
Thanks to the McAfee AVERT Research group for reporting this issue.
Theodore Ts'o [Thu, 6 Dec 2007 02:01:22 +0000 (21:01 -0500)]
Add Ubuntu-specific e2fsck.conf file to work around Ubuntu issues
Ubuntu has init script and installer issues which cause them to have
significant problems with time zones. This is compounded with a
relatively inexperienced user base who want to dual boot with Windows
and so have their hardware clocks tick localtime.
The heuristics in blkid/devname.c probe_all() for scanning whole disks
with no partitions assume that a device name with no digit on the end
will always be present as a delineator, i.e.:
sda
sda1
sdb
sdc
In this case, when sdc is seen, it's the clue to go back and scan sdb.
However, for something like:
sda
sda1
sdb
loop0
this falls down, and sdb is never scanned.
(thanks to Karel Zak for pointing this out).
Addresses-Red-Hat-Bugzilla: #400321
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Sat, 1 Dec 2007 12:08:45 +0000 (07:08 -0500)]
libext2fs: Fix a corner case bug in ext2fs_unlink
We cannot merge a removed directory entry to just arbitrary previous
directory entry. The previous entry must be in the same block. So
really bad things can happen when are deleting the first directory
entry in a block where the last directory entry in the previous
directory block is not in use. We fix this bug by checking to see if
the current entry is not the first one in the block before trying to
merge it to the previous entry.
Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Arun Thomas [Fri, 9 Nov 2007 20:46:10 +0000 (15:46 -0500)]
e2image in raw-mode appends an extra byte to image-file
In raw mode (-r), e2image appends an extra byte to the image-file's
end if the last block requires a sparse write. Consequently, the
resulting image-file is one byte larger than the original in
size. This patch fixes the problem by seeking to one less than the
given offset, so that the byte write does not overflow into the next
block.
This problem can be reproduced by doing an e2image -r dev image-file
and comparing the original and resulting image sizes. This assumes the
image is sparse at the end. For my tests, I created a 100MB sparse
image with two files.
Signed-off-by: Arun Thomas <thomasar@us.ibm.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Mon, 1 Oct 2007 13:18:54 +0000 (09:18 -0400)]
e2fsck: backup superblocks if key constants have changed
If the primary superblock differs from the backup superblock in
certain key respects, force a full check (if e2fsck was invoked in
preen mode). If the filesystem check passes cleanly, and the
filesystem was opened in read/write mode, then write the primary
superblock to all of the backups.
ext2fs_dblist_dir_iterate() calls ext2fs_dblist_iterate(), which calls
ext2fs_process_dir_block(), which in turn calls the helper function
db_dir_proc() which calls callback function passed into
ext2fs_dblist_dir_iterate(). At each stage the conventions for
signalling requests to abort the iteration or to signal errors
changes, db_dir_proc() was not properly mapping the abort request back
to ext2fs_dblist_iterate().
Currently db_dir_proc() is ignoring errors (i/o errors or directory
block corrupt errors) from ext2fs_process_dir_block(), since the main
user of ext2fs_dblist_dir_iterate() is e2fsck, for which this is the
correct behavior. In the future ext2fs_dblist_dir_iterate() could
take a flag which would cause it to abort if
ext2fs_process_dir_block() returns an error; however, it's not clear
how useful this would be since we don't have a way of signalling the
exact nature of which block had the error, and the caller wouldn't
have a good way of knowing what percentage of the directory block list
had been processed. Ultimately this may not be the best interface for
applications that need that level of error reporting.
Thanks to Vladimir V. Saveliev <vs@clusterfs.com> for pointing out
this problem.
libblkid: Add more magic numbers that might mean there is a FAT filesystem
The FAT filesystem doesn't have its superblock with a set of magic
strings in a fixed location. Therefore, we must also check for the
FAT filesystem if it looks like we have an MBR at the beginning of the
partition. We previously checked if the first byte was a jump
instruction but that missed some USB disks with only one bootable
partition. Now we check for the MBR signature (0x55AA at offset 510)
as well as any partition where byte 0 is \351 or \353.
Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
e2fsck: Don't mark the filesystem invalid because of time errors
If superblock mount time or last write time is in the future, and the
user refuses to fix the problem, don't mark the filesystem as being
invalid and needing to be checked.
Work around lame Ubuntu init scripts / installer bugs
The Ubuntu init scripts don't properly set the system time correctly
from hardware clock if the hardware clock is configured to tick local
time instead of GMT time.
Work around this as best as we can by providing an option in
/etc/e2fsck.conf which can be set on Ubuntu systems:
e2fsck: If the superblock is corrupt, automatically retry with the backup sb
E2fsck currently only retries with the backup superblock if the
primary superblock is missing (e.g., overwritten with garbage). If
the superblock is just corrupted enough that it looks like ext2/3/4
superblock, but it is corrupt enough that ext2fs_open2() returns an
error, e2fsck stops without retrying. Let's fix this oversight.
Any attempt to open a filesystem with s_inode_size set to zero causes
a floating point exception. This is true for e2fsck, dumpe2fs,
e2image, etc. Fix ext2fs_open2() so that it returns the error code
EXT2_ET_CORRUPT_SUPERBLOCK instead of crashing.
Theodore Ts'o [Tue, 21 Aug 2007 02:55:33 +0000 (22:55 -0400)]
Use sscanf instead of atoi when parsing e2fsck options
atoi() does not check for errors so it shouldn't be used for human
input. For example, if the user enters the command "e2fsck -C -n" and
forgets that -C requires an argument, the -n will be used as the
argument to -C, and not parsed as an option. When using sscanf(),
this error case can be detected.
Eric Sandeen [Fri, 20 Jul 2007 21:50:26 +0000 (16:50 -0500)]
Fix test in ext2fs_check_desc() for inode table within block group
The test in ext2fs_check_desc() is off by one; if the inode table
goes all the way to the last block of the block group, it will
falsely assert that it has extended past it. The last block
of a range is start + len -1, not start + len.
You can create (valid) filesystems that will cause e2fsck to complain
via one of the following mkfs commands:
Properly calculate overhead in ext2fs_initialize()
For some odd geometries*, mkfs will try to allocate inode tables off
the end of the block group and fail, rather than warning that too
many inodes have been requested.
This is because when ext2fs_initialize calculates metadata overhead,
it is only adding in group descriptor blocks and the superblock
if the *last* bg contains them - but the first bg also has all of
the various metadata bits taking up space.
We need to calculate the overhead both for the first block group and
the last block groups separately, since the two different tests need
to know what the overheads are for those two cases, which may be
different.
(Note, the test here is a little funky; the expected output is
actually a mkfs failure - but a proper failure instead of the
allocator catching the problem at the last minute)
Addresses-Red-Hat-Bugzilla: #241767
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix e2fsck segfault on very badly damaged filesystems
A recent change to e2fsck_add_dir_info() to use tdb files to check
filesystems with a very large number of filesystems had a typo which
caused us to resize the wrong data structure. This would cause a
array overrun leading to malloc pointer corruptions. Since we
normally can very accurately predict how big the the dirinfo array
needs to be, this bug only got triggered on very badly corrupted
filesystems.
Thanks to Andreas Dilger for submitting the test case which discovered
this problem, and to Kalpak Shah for writing a random testing script
which created the test case.
Kalpak Shah [Mon, 9 Jul 2007 17:05:45 +0000 (13:05 -0400)]
e2fsck: Fix salvage_directory when the last entry's rec_len is too big
Recently, one of our customers found this message in pass2 of e2fsck
while doing some regression testing:
"Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
rec_len of 14200, should be 26908."
Both the displayed rec_len and the "should be" value are bogus. The
reason is that salvage_directory sets a offset beyond blocksize
leading to bogus messages.
Stop after the second '.' when parsing version numbers
Now that we are moving to x.y.z version number scheme for maintenance
releases, we ned to change ext2fs_parse_version_string and
blkid_parse_version_string to ignore the second period so we don't
have maintenance releases with a substantially bigger verison number
than the initial x.y release.
Fix bug which could cause libblkid to loop forever
When revalidating a partition where there is obsolete information in
/etc/blkid.tab, we end up freeing a the type tag without clearing
dev->bid_type, causing blkid_verify() to loop forever.
Fix a potential security problem if e2fsprogs is built as root (as
Gentoo does!). In addition fix the script and how it is called from
the configure script so that it does the right thing when
cross-compiling.
Fix bogus strip permission errors when building under Debian
When building the e2fsprogs dpkg's, the dh_strip command emits a large
number of error messages caused by the permissions not being right. So
run dh_fixperms before running dh_strip.
Compile the default mke2fs.conf into mke2fs program
People are getting surprised by mke2fs creating filesystems with
different defaults than earlier versions of mke2fs if mke2fs.conf is
not present. Having gotten two complaints about ramdisks getting
created by with 4k blocksizes which then blow up when the ramdisk is
mounted with a "Magic mismatch, very weird" error message from the
kernel, let's fix this by making sure mke2fs has a built-in version of
mke2fs.conf file. People can still override the built-in version of
mke2fs.conf by editing /etc/mke2fs.conf, but this maintains the
previous behavior.
profile_set_default() sets the value of the pseudo file "<default>".
If the file "<default>" had previously been passed to profile_init(),
then def_string parameter will be parsed and used as the profile
information for the "<default>" file.
The Turkish translation has a bug in it where it has the translation
of "E@e '%Dn' in %p (%i)" to "E@E". This causes @E to be expanded at
@E, recursively, forever, until the stack fills up e2fsck core dumps.
Fix it by stopping after a recursive depth of 10, which is far more
than we need.
Theodore Ts'o [Sat, 30 Jun 2007 22:41:31 +0000 (18:41 -0400)]
Set LC_ALL instead of LANG in the test suite config
LC_ALL is the "high priority" environment variable that overrides all
others, where as LANG is the lowest priorty environment variable. If
LC_ALL is set, it doesn't matter whether LANG, LANGUAGE, LC_COLLATE,
LC_MESSAGES, and the all the rest are set. This will assure that the
locale when running the test suites is the "C" locale.
Kalpak Shah [Sat, 30 Jun 2007 01:40:19 +0000 (21:40 -0400)]
Fix byte swapping bug in get_next_inode_full()
On big-endian systems, while swapping, ext2fs_swap_inode_full() swaps
only 128+extra_isize bytes and the EAs if they are present. Now if inode
N has EAs, (and this is the inode in the "scratch inode") then inode N+1
also carries seems to have them since the "scratch inode" was never
zeroed.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Sun, 24 Jun 2007 20:59:36 +0000 (16:59 -0400)]
Fix the info-dir line for the com_err.texinfo file
Fix the info-dir line so that the menu name does not contain a .info
prefix. First of all, it's ugly, secondly, it causes the install-info
command to fail to remove the com_err info file from the
/usr/share/info/dir file when the comerr-dev package is removed and
purged.
Theodore Ts'o [Sun, 24 Jun 2007 20:49:14 +0000 (16:49 -0400)]
Remove RFC-4122 from e2fsprogs distribution
Documentation about UUID's is available in enough places, and it's
awkward to deal with debian-legal's insanities. So I'm caving in the
"more-lunatic-than-RMS" wing of Debian by removing RFC-4122 so we don't
have do the dfsg tarball. Also remove the rule that only tried to
install RFC-4122 on Ubuntu, since Ubuntu seems to want to fetch
e2fsprogs exclusively from Debian.
Andreas Dilger [Fri, 22 Jun 2007 06:22:38 +0000 (02:22 -0400)]
e2fsck: added sanity check for xattr validation
Add an extra validity test in check_ext_attr(). If an attribute's
e_value_size is zero the current code does not allocate a region for it
and as a result the e_value_offs value is not verified. However, if
e_value_offs is very large then the later call to
ext2fs_ext_attr_hash_entry() can dereference bad memory and crash
e2fsck.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com> Signed-off-by: Jim Garlick <garlick@llnl.gov>
Karsten Hopp [Thu, 21 Jun 2007 17:43:33 +0000 (13:43 -0400)]
Add support for LUKS encrypted partitions
This patch adds support for cryptsetup-luks (http://luks.endorphin.org)
UUIDs to libblkid. This is required p.e. to avoid hardcoding device
names for encrypted partitions. Could you please take a look at it and
consider inclusion in the next e2fsprogs release ?
projects / thirdparty / e2fsprogs.git / log
