Reserve feature bit and SB field bit for filename encoding
The s_encoding field in the superblock stores a magic number indicating
the encoding format and version used globally by file and directory
names in the filesystem.
The s_encoding_flags defines policies for using the charset encoding,
like how to handle invalid sequences and what kind of normalization to
use.
A feature flag is also allocated to indicate whether this filesystem has
encoding awareness enabled.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Re-sync the superblock structure declaration with its kernel counterpart
to include the fields added by kernel commit 6a0678a79bb3 ("ext4: super:
extend timestamps to 40 bits")
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Darrick J. Wong [Mon, 5 Nov 2018 17:59:46 +0000 (09:59 -0800)]
e2scrub: fix systemd escaping again
Apparently newer versions of systemd than the one on this author's
laptop <cough> now complain about lack of (path) escaping in unit
instance variable contents:
# e2scrub_all
Scrubbing /home...
Invalid unit name "e2scrub@/home" was escaped as "e2scrub@-home"
(maybe you should use systemd-escape?)
Starting Online ext4 Metadata Check for /home...
So change the escape_path_for_systemd function to escape paths
unconditionally to make the warning go away.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sun, 21 Oct 2018 13:32:37 +0000 (09:32 -0400)]
libext2fs: refactor code which fixes up the checksums in an extent tree
The code to recalculate the checksums in an extent tree (which is
needed after an inode is relocated so it has a different inode number)
was duplicated in tune2fs and resize2fs. In addition, this work could
be done in a much more efficient way inside lib/ext2fs/extent.c.
This commit creates a new library function which corrects the
checksums in an inode's extent tree, named: ext2fs_fix_extents_checksums()
Theodore Ts'o [Sun, 21 Oct 2018 11:35:53 +0000 (07:35 -0400)]
e4defrag: handle failure to open the file system gracefully
If e4defrag is run by root, it will try to open the underlying file
system for files that it is trying to defrag so it can get the file
system parameters. It's currently doing this by searching /etc/mtab.
This isn't the best way to go about doing things, but we'll leave it
for now, at least for a maintenance release. (The better way to do
things would be to look up the device using the blkid library, but
that's a more involved change.)
Since the file system parameters isn't strictly speaking necessary
(after all we get by without them when not running as root), we'll
allow e4defrag to continue running if we can't find the file system.
This can happen if /etc/mtab is pointing at /proc/mounts, and the
kernel can't properly identify the root file system, it is reported as
"/dev/root".
Theodore Ts'o [Sat, 20 Oct 2018 13:14:48 +0000 (09:14 -0400)]
resize2fs: update checksums in the extent tree's relocated block
When shrinking an file system, and we need to relocate an inode, the
checksums in its extent tree must get updated to reflect its new inode
number. When doing this, we need to do this *after* we update the
extent tree to reflect any blocks which need to be relocated due to
the file system shrink operation.
Otherwise, in the case where only an interior node of the extent tree
needs to get relocated, and none of the entries in that node need to
be adjusted, the checksum for that interior node is updated in the old
copy of that block, and then after the extent tree is updated to use
the new copy of that interior node, the extent tree is left with an
invalid checksum.
This is a relatively rare case, since it requires the following
conditions to be true:
*) The metadata checksum feature must be enabled.
*) An inode needs to be relocated.
*) The inode needs to have an interior node.
*) The block for that interior node needs to be relocated.
*) None of blocks addressed by entries in that interior node needs
to be relocated.
When all of these conditions are true, though, the file system is left
with corrupted with bad checksum for the extent tree block.
Nicholas Clark [Tue, 16 Oct 2018 19:37:45 +0000 (15:37 -0400)]
fuse2fs: add fakeroot option.
Add a new 'fakeroot' option to fuse2fs. When enabled, fuse2fs will
will pretend to be root when checking file permssions. This allows
fuse2fs to be used for building/modifying rootfs images as an
unprivileged user.
As per the maintainer's request, nosuid and nodev are automatically
enabled when fakeroot is selected (on platforms that support them)
to help prevent accidental misuse.
Signed-off-by: Nicholas Clark <nicholas.clark@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Nicholas Clark [Tue, 16 Oct 2018 19:34:20 +0000 (15:34 -0400)]
fuse2fs: fix fsname option in some cases
FUSE's parser allows command-line options to be specified before
or after the device/image and mount-path. This commit changes the
value of the fsname mount option to be correct even if options are
specified before the target device/image.
Signed-off-by: Nicholas Clark <nicholas.clark@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Nick Kralevich [Thu, 11 Oct 2018 03:35:17 +0000 (20:35 -0700)]
AOSP: android/perms.c: clean up error handling
There are a number of error conditions which, due to the way
ext2fs_dir_iterate2 operates, would not be propagated to the upper
layers of the call stack. As a result, certain error conditions,
such as not having enough room to allocate blocks for SELinux
labels, would fail silently, instead of causing a compile
failure.
As suggested in
https://android-review.googlesource.com/c/platform/external/e2fsprogs/+/324363
, add a error field to the caller's private data structure, and use the
bit in the field to indicate an error condition. Now, certain errors
which were silently ignored will cause a compile failure when compiling
Android.
Test: Artifically modify selabel_lookup() to return a failure, and
verify Android doesn't compile.
Test: Verify Android compiles under normal circumstances.
Test: Artifically modify ino_add_xattr() to return a failure, and
verify Android doesn't compile.
Bug: 117502873
Bug: 117567573
Bug: 117473440
Lukas Czerner [Tue, 14 Aug 2018 14:37:53 +0000 (16:37 +0200)]
libe2p: avoid segfault when s_nr_users is too high
Currently in e2fsprogs tools it's possible to access out of bounds
memory when reading list of ids sharing a journal log
(journal_superblock_t->s_users[]) in case where s_nr_users is too high.
This is because we never check whether the s_nr_users fits into the
restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not
bigger than JFS_USERS_MAX and error out when possiblem.
Also add test for dumpe2fs. The rest would require involving external
journal which is not possible to test with e2fsprogs test suite at the
moment.
Darrick J. Wong [Tue, 28 Aug 2018 23:38:07 +0000 (16:38 -0700)]
libext2fs: try to always use PUNCH_HOLE for unix_discard
Now that block devices support PUNCH_HOLE via fallocate, refactor the
unix_discard code into a helper that will always try to use it. For
block devices we can fall back to BLKDISCARD, but we prefer to use
fallocate because it will always invalidate the page cache of the zeroed
region.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Darrick J. Wong [Tue, 28 Aug 2018 23:38:00 +0000 (16:38 -0700)]
libext2fs: use ZERO_RANGE before PUNCH_HOLE in unix_zeroout
In unix_zeroout() for files, we should try a ZERO_RANGE before we try
PUNCH_HOLE because the former will not cause us to lose preallocated
blocks. Since block devices have supported fallocate for a few years
now, refactor the fallocate calls into a helper and call it from either
case.
Reported-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Fri, 24 Aug 2018 21:12:20 +0000 (17:12 -0400)]
For --enable-subset, change "make install" so it implies "make install-libs"
The e2fsprogs-libs-1.44.x.tar.gz subset distribution had a hack so
that "make install" would install the libraries via an implied "make
install-libs" --- since after all the tarball had was just the
libraries.
This commit makes "make install" behave the same was as the
e2fsprogs-libs distribution in the case of "configure --enable-subset"
Theodore Ts'o [Wed, 22 Aug 2018 20:33:10 +0000 (16:33 -0400)]
debian: remove hard-coded dependency for libss2 in e2fsprogs.shlibs.local
The hard-coded override is very old, and isn't necessary --- in fact,
it's actively harmful because we are using one or two symbols that
were added to libss2 after e2fsprogs 1.34. So remove it.
Eric Biggers [Tue, 21 Aug 2018 17:59:37 +0000 (10:59 -0700)]
e2fsck: allow verity files to have initialized blocks past i_size
Since ext4 verity is going to be an RO_COMPAT feature rather than an
INCOMPAT one, the on-disk i_size of verity inodes needs to be the data
size rather than the full size. Consequently, verity inodes will have
initialized blocks past i_size, containing the Merkle tree and other
verity metadata. So e2fsck must not fix the i_size of such inodes as it
normally would.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Tue, 21 Aug 2018 00:15:52 +0000 (17:15 -0700)]
libext2fs: add verity flag to EXT2_LIB_FEATURE_RO_COMPAT_SUPP
The new ro_compat filesystem feature flag for fs-verity was added to
EXT2_FEATURE_RO_COMPAT_SUPP, but that's not actually used by e2fsprogs
itself. So contrary to the v1.44.4 release notes, 'mke2fs -O verity'
doesn't actually work, nor does e2fsck allow the filesystem to have the
verity feature. Fix it by adding the flag to the correct place
(EXT2_LIB_FEATURE_RO_COMPAT_SUPP) too.
Fixes: faae7aa00df0 ("Reserve codepoints for the fsverity feature.") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Upendra [Thu, 1 Mar 2018 08:15:48 +0000 (17:15 +0900)]
AOSP: blkid: Correct the label name for exfat
Volume label name is 16 bit unicode string according to spec.
Currently blkid labels the device without converting it to
utf-8 chars due to which incorrect label is displayed.
Theodore Ts'o [Sat, 18 Aug 2018 15:19:25 +0000 (11:19 -0400)]
Drop subset tarball and replace it with "configure --enable-subset"
There's no point creating two separate tarfiles. It's not clear
anyone was actually using the subset tarball --- and if they are, they
can replace it by the full source distribution and using the
--enable-subset option.
Theodore Ts'o [Sat, 18 Aug 2018 13:55:26 +0000 (09:55 -0400)]
Remove obsolete files from the repository
They are removed when we generate the tarball, and they serve no
useful purpose, so let's remove them. This will be help us to create
the tarball using git archive more easily.
Theodore Ts'o [Sat, 18 Aug 2018 04:06:40 +0000 (00:06 -0400)]
gen-tarball: handle symlinks correctly in the created the tar file
Now that we use a symlink for the top-level RELEASE-NOTES file, the
previous strategy of using a symlink to force the prefix in the tar
file and then using tar -h won't work. So change how we generate the
tar file to take advantage of GNU tar's --transform option.
Theodore Ts'o [Sat, 18 Aug 2018 02:26:24 +0000 (22:26 -0400)]
configure: don't enable LTO by default
Not all compilers (or versions of compilers) use the same LTO options
or behave the same way with LTO. In particular, using clang and the
current LTO options cause the build to fail. We should probably fix
up the configure script to handle Clang and LTO, but for now, we won't
enable LTO unless the user explicitly passes --enable-lto to the
configure script.
Theodore Ts'o [Sun, 12 Aug 2018 04:30:07 +0000 (00:30 -0400)]
debian: use debhelper compat level 11 with a fallback to compat level 9
The dh_installsystemd command is only available with Debhelper v11 and
higher. So explicitly declare that we need debhelper 11, and create a
fallback for debhelper compat level 9 (so we can easily backport to
Debian Stretch and Ubuntu 16.04).
Lukas Czerner [Wed, 8 Aug 2018 11:52:56 +0000 (13:52 +0200)]
e2fsck: remove resize inode if both resize_inode and meta_bg are enabled
Previous e2fsprogs versions allowed to create a file system with both
resize_inode and meta_bg enabled. This was fixed by upstream commit 42e77d5d ("libext2fs: don't create filesystems with meta_bg and resize_inode")
However e2fsck still does not recognize the conflict and will attempt to
clear and recreate resize_inode if it's corrupted due to this incompatible
feature combination, though it will create it in the same wrong layout.
Fix it by teaching e2fsck to recognize resize_inode and meta_bg
conflict and fixing it by disabling and clearing resize inode.
Theodore Ts'o [Thu, 9 Aug 2018 01:33:27 +0000 (21:33 -0400)]
MCONFIG: move SANITIZER_CFLAGS out of CLFAGS
CFLAGS is supposed to be something that can be overridden by the
developer. So extra stuff like $(SANITIZER_CFLAGS) should not be
defined there, but rather in ALL_CFLAGS.
Theodore Ts'o [Thu, 9 Aug 2018 01:23:59 +0000 (21:23 -0400)]
e2fsck: fix LTO type warnings
The jfs_user.h, which is used by the journal functions didn't include
config.h before including e2fsck.h. This caused the e2fsck structure
to be different compared how it's compiled for the other e2fsck source
files.
Theodore Ts'o [Wed, 8 Aug 2018 17:53:11 +0000 (13:53 -0400)]
libext2fs: revamp bitmap types to fix LTO warnings
We play games with pointers to incomplete types to handle subclassing
using the C language, use the first four bytes (the magic number)
field to disambiguate between different subclasses. The way we were
doing it before, we relied defining the structure differently
depending on the C file implementing different backend subclasses.
This triggers LTO warnings, since it appears (and in fact, we are)
using functions defined with different types than how they were
defined by calling C file.
Fix the LTO warnings by using an explicit base bitmap structure, and
then casting it to the 32-bit or 64-bit variant as needed.
Darrick J. Wong [Sat, 24 Mar 2018 01:57:09 +0000 (18:57 -0700)]
e2scrub: create online fsck tool of sorts
Implement online fsck for ext* filesystems which live on LVM-managed
logical volumes. The basic strategy mirrors that of e2croncheck --
create a snapshot, fsck the snapshot, report whatever errors appear,
remove snapshot. Unlike e2croncheck, this utility accepts any LVM
device path, knows about snapshots running out of space, and can call
fstrim having validated that the fs metadata is ok.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
David Anderson [Thu, 12 Jul 2018 23:55:08 +0000 (16:55 -0700)]
AOSP: Update Android.bp files.
debugfs now links to a new libext2_support library, which only includes
cstring.c (Android separates other pieces of libsupport into separate
libraries).
Jaco Kroon [Thu, 2 Aug 2018 18:06:46 +0000 (20:06 +0200)]
debugfs: fix ncheck so it handles hard links correctly
Due to hard links inodes can have multiple names (except for folders),
ncheck should find all of the names (equal to the number of links to the
inodes, directories excepted), not names to the count of the provided
inodes.
Theodore Ts'o [Sun, 5 Aug 2018 01:06:19 +0000 (21:06 -0400)]
debian: stop using symlinks to save space on *-dev packages
Using symlinks to save space on duplicate copies of the
/usr/share/doc/*/changelog.Debian.gz is a bit of a mess, since when
the foo-dev package is removed, the files in /usr/share/doc/libfoo/*
get removed, which means the copyright file gets removed.
So stop doing this altogether, and set up maintainer scripts to clean
up the mess so that the symlinks are removed when the packages get
upgraded.
resize2fs: Remove the real kilobytes rant from man page
Remove the rant about the "real" kilobytes from the man page and just
make it more clear that the suffixed units are representing power-of-two
units as we do in mke2fs man page. Also add terabytes to the list.
Li Dongyang [Sat, 14 Jul 2018 00:42:48 +0000 (18:42 -0600)]
Fix compile error and warnings for old gcc versions
-Wimplicit-fallthrough option was added in gcc7 and
-Wpedantic was added in gcc4.8, while #pragma GCC diagnostic
support was not available until gcc4.6
We got following warnings:
../lib/ext2fs/fiemap.h:35: warning: expected [error|warning|ignored] after ‘#pragma GCC diagnostic’
../lib/ext2fs/fiemap.h:36: warning: unknown option after ‘#pragma GCC diagnostic’ kind
../lib/ext2fs/fiemap.h:38: warning: expected [error|warning|ignored] after ‘#pragma GCC diagnostic’
and error:
filefrag.c: In function ‘main’:
filefrag.c:577: error: #pragma GCC diagnostic not allowed inside functions
filefrag.c:578: error: #pragma GCC diagnostic not allowed inside functions
filefrag.c:595: error: #pragma GCC diagnostic not allowed inside functions
when compiling latest e2fsprogs with a gcc older than 4.6
e.g. on CentOS 6.9
Signed-off-by: Li Dongyang <dongyangli@ddn.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>