Theodore Ts'o [Mon, 14 Aug 2017 01:07:21 +0000 (21:07 -0400)]
mke2fs: fix UI problem caused by fuzzy translations
When the original message was changed from "(y, n)" to "(y, N)", this
caused the translations to be marked as "fuzzy". For those
translations that use a different characters for yes and no --- for
example, German, which uses j and n for "ja" and "nein" --- not having
the translation can cause user confusion since the user will type 'y',
and it will be interpreted as "No", since mke2fs is expecting that the
user will type some other character, such as 'j' or 'J' for "Ja" in
the German locale.
Theodore Ts'o [Sun, 13 Aug 2017 18:45:27 +0000 (14:45 -0400)]
libsupport: fix 32-bit quota test failures
On 32-bit platform some of the util_dqblk structures have a type of
long long. So we need to use %lld and casts to make sure the right
thing happens on both 32-bit and 64-bit platforms.
Theodore Ts'o [Fri, 4 Aug 2017 06:01:43 +0000 (02:01 -0400)]
Remove special mips libraries from Debian build
These libraries were needed to support arcboot, which is obsolete and
no longer part of Debian. So drop these non-standard, legacy special
libraries that were only built on the mips platform.
Theodore Ts'o [Tue, 1 Aug 2017 14:26:11 +0000 (10:26 -0400)]
e2fsck: fix e2fsck -D for encrypted directories
If the directory entry is encrypted there may be embedded NUL
characters; hence, we should use memcmp instead of strncmp when
comparing strings. Otherwise, e2fsck can erroneously report that a
directory have duplicant entries when doing an e2fsck -D check.
libsupport: fix error handling in quota_write_inode
The error return value of quota_file_create() is no longer < 0,
and the error handling in quota_write_inode() is incorrect,
fix these. This also fix a tune2fs segfault that currently
occurs when we add project and quota features to an inode
exhaustion ext4 filesystem.
debugfs: fix "ls -p" to avoid printing garbage after the file name
In commit 68a1de3df3 (debugfs: pretty print encrypted filenames in the
ls command), a change was introduced in debugfs/ls.c which instead of
copying dirent->name and 0-terminating it, dirent->name is used
directly in printf.
However, instead of using the precision to limit the number of
characters output, the code uses the field width. As a result,
characters are output until a 0 is read, which results in garbage
after the file name.
Also fix two other instances of this in debugging messages that aren't
used, but fixing them will avoid potential future copypasta bugs.
Reported-by: Christian Gabriel <ch_gabriel@web.de> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Extended attribute inodes have a link count of 1 but they are not
attached to any directories. When an xattr inode with zero ea
references is found, the remedy is to reconnect it to lost+found dir.
Since reconnect operation increments the link count, it would normally
become 2 but to avoid that, check_ea_inode() sets the link count to
zero in anticipation of reconnect operation. And it does it even when
e2fsck is invoked with -n option which causes a fatal e2fsck failure
as can be demonstrated with the following test script:
resize2fs: add support for resizing filesystems with ea_inode feature
Resizing filesystems with ea_inode feature was disallowed so far
because the code for updating the ea entries was missing. This patch
adds that support.
This patch is a major update to how we decide where to put extended
attributes. The main motivation is to enable creating values in
extended attribute inodes. While doing this, we want to implement a
behavior that is as close to kernel as possible.
Existing set ea code deviates from kernel behavior which makes it harder
to implement ea_inode feature:
- kernel only sorts ea entries in xattr block, e2fsprogs implementation
sorts all entries on every update.
- e2fsprogs implementation shuffled things on every update so the order
of updates does not matter. Kernel does not reshuffle things.
- e2fsprogs could evacuate entries from inode body to xattr block and
vice versa. This behavior does not exist in kernel.
Such differences could lead to inconsistent behavior between fuse2fs and
a kernel mount.
With ea_inode feature, we also need to decide whether to put a value
in an inode or keep it 'inline'. In kernel implementation this
depends on current placement of entries.
To close the behavioral gap, ext2fs_xattr_set() now takes over the
decision about where to place ea values. This also allows it to raise
errors early instead of delaying them to a separate
ext2fs_xattrs_write() call later.
libext2fs: eliminate empty element holes in ext2_xattr_handle->attrs
When an extended attribute is removed, its array element is emptied.
This creates holes in the array so various places that want to walk
filled elements have to do an empty element check.
Have remove operation shift remaining filled elements to the left.
This allows a simple iteration up to ext2_xattr_handle->count to walk
all filled entries, and so empty element checks become unnecessary.
libext2fs: rename ext2_xattr_handle->length to capacity
ext2_xattr_handle has two fields 'count' and 'length' which
represent number of filled elements vs total element count.
They have close meanings so are easy to confuse, thus make code less
readable. Rename length to capacity.
Eric Sandeen [Sun, 23 Jul 2017 22:34:57 +0000 (18:34 -0400)]
tune2fs: edit dire warning about check intervals
Time & mount-count based checks have been off by default for quite some
time now, but the dire warning about disabling them remains in the
tune2fs manpage, which is confusing. We did "strongly consider
the consequences" and disabled it by default, no need to scare the
user about it now. Inform the user of the consequences in a more
measured tone.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
resize2fs: sanity check the free blocks and inode counts
If the free block or free inodes count are larger than the number of
blocks or inodes in the system, request that the file system be
checked. Otherwise it's possible for calcuate_minimum_resize_size()
to hang in an infinite loop.
This problem was found using American Fuzzy Lop.
Reported-by: Adam Buchbinder <abuchbinder@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
E2fsck checks block numbers against the block_metadata_map before it
checks to see whether or not the block numbers are valid. So suppress
these harmless warnings.
If the superblock has invalid inode numbers for the user, group, or
project quota inodes, e2fsck should notice and offer to fix things by
zeroing out the invalid superblock field.
libext2fs: fix the s_log_block_size check in ext2fs_open()
The s_log_block_check can fail to detect an invalid value if it is
between UINT_MAX-9 and UINT_MAX, which can lead to ext2fs_open()
crashing with a division by zero error.
This bug was found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/
Tahsin Erdogan [Fri, 30 Jun 2017 01:31:59 +0000 (18:31 -0700)]
Use i_size to determine whether a symlink is a fast symlink
Current way of determining whether a symlink is in fast symlink
format is to call ext2fs_inode_data_blocks2(). If number of data
blocks is zero and EXT4_INLINE_DATA_FL flag is not set, then symlink
data must be in inode->i_block.
This heuristic is becoming increasingly hard to maintain because
inode->i_blocks count can also be incremented for blocks used by
extended attributes. Before ea_inode feature, extra block could come
from xattr block, now more blocks can be added because of xattr
inodes.
To address the issue, add a ext2fs_is_fast_symlink() function that
gives a direct answer based on inode->i_size field. This is
equivalent to kernel's ext4_inode_is_fast_symlink() function.
This patch also fixes a few issues related to fast symlink handling:
- Both rdump_symlink() and follow_link() interpreted symlinks with
0 data blocks to always mean fast symlinks. This is incorrect
because symlinks that are stored as inline data also have
0 data blocks. Thus, they try to read everything from
inode->i_block and miss the symlink suffix in inode extra area.
- e2fsck_pass1_check_symlink() had code to handle inode with
EXT4_INLINE_DATA_FL flag twice. The first if block always returns
from the function so the second one is unreachable code.
In some cases, resize2fs needs to move inodes because their inode
number is greater than the maximum allowed. Moving extended attribute
inodes would require updating all the references to them. This
is currently not supported.
ext2fs_xattr_set() currently does not support creating xattr inodes,
so allowing fuse2fs to mount a filesystem with ea_inode feature could
lead to corruption. Refuse to mount if the ea_inode feature is set.
tune2fs: update ea_inode hashes when fs uuid changes
Extended attribute inodes maintain a crc32c hash that is used for
deduplication. The crc seed derives from uuid so ea_inode hashes
must be updated when uuid changes.
The ea_inode hash is also incorporated into the xattr entry e_hash
so the entries that reference the inode also must be updated.
When check_inode_extra_space() detects a problem with the value of
i_extra_isize, it adjusts it and then returns without further validation
of contents in the inode body. Change this so that it will proceed to
check inline extended attributes.
In original implementation of ea_inode feature, each xattr inode had
a single parent. Child inode tracked the parent by storing its inode
number in i_mtime field. Also, child's i_generation matched parent's
i_generation.
With deduplication support, xattr inodes can now be shared so a single
backpointer is not sufficient to achieve strong binding. This is now
replaced by hash validation.
Disabling ea_inode feature would require inlining all the existing
xattr values that are currently stored in external inodes. This is
not always possible. Just disallow it.
Andreas Dilger [Wed, 5 Jul 2017 03:53:59 +0000 (23:53 -0400)]
e2fsck: add support for large xattrs in external inodes
Add support for the INCOMPAT_EA_INODE feature, which stores large
extended attributes into an external inode instead of data blocks.
The inode is referenced by the e_value_inum field (formerly the
unused e_value_block field) from the extent header, and stores the
xattr data starting at byte offset 0 in the inode data block.
The xattr inode stores the referring inode number in its i_mtime,
and the parent i_generation in its own i_generation, so that there
is a solid linkage between the two that e2fsck can verify. The
xattr inode is itself marked with EXT4_EA_INODE_FL as well.
Signed-off-by: Kalpak Shah <kalpak.shah@sun.com> Signed-off-by: Andreas Dilger <andreas.dilger@intel.com> Signed-off-by: Tahsin Erdogan <tahsin@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Compiling with -fsanitize=undefined -fsanitize=address causes some
warnings of C code that has undefined behavior according to the C
standard bugs. None of the warnings should cause e2fsprogs
malfunction given a sane compiler running on architectures that Linux
can support. Still, it's better to clean up to code than not.
To fix up a complaint of a negative shift in hash function, update the
very dated hash we had been using for the revoke table with the
current generic hash used by the kernel.
Marc Thomas [Mon, 26 Jun 2017 15:39:47 +0000 (16:39 +0100)]
filefrag: fix GCC7.x compiler warning
../../misc/filefrag.c:591:33: warning: comparison between pointer and
zero character constant [-Wpointer-compare]
for (cpp = argv + optind; *cpp != '\0'; cpp++) {
Signed-off-by: Marc Thomas <marc@dragonfly.plus.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Mon, 19 Jun 2017 22:39:55 +0000 (18:39 -0400)]
mke2fs: fix hugefile creation so the hugefile(s) are contiguous
Commit 4f868703f6f2: "libext2fs: use fallocate for creating journals
and hugefiles" introduced a regression for the mke2fs hugefile
feature. The problem is that the fallocate library function
intersperses the extent tree metadata blocks with the data blocks, and
this violates the hugefile guarantee that the created files should be
physically contiguous on disk.
Unfortuantely the m_hugefile regression test was flawed, and didn't
pick up the regression.
This commit fixes the regression test so that it detects the problem
before fixing mke2fs, and also fixes the mke2fs hugefile by reverting
the mke2fs hugefile portion of commit 4f868703f6f2.
Jan Kara [Wed, 7 Jun 2017 13:31:14 +0000 (15:31 +0200)]
libext2fs: fix fsync(2) detection
For some reason lib/config.h.in was missing a definition of HAVE_FSYNC
and as a result lib/config.h never had HAVE_FSYNC defined. As a result
we never called fsync(2) for example from
lib/ext2fs/unix_io.c:unix_flush() when we finished creating filesystem
and could miss IO errors happening during creating of the filesystem.
Test generic/405 exposes this problem.
Fix the problem by defining HAVE_FSYNC in lib/config.h.in.
Fixes: f47f31958578 Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sun, 4 Jun 2017 22:37:31 +0000 (18:37 -0400)]
libext2fs: correctly write up the backup superblocks in big endian systems
This bug has been around since we added support for metadata
checksums, but it was unmasked by commit bf9f3b6d5b ("e2fsck: exit
with exit status 0 if no errors were fixed"). The backup superblocks
are not supposed to have the EXT2_VALID_FS or the NEEDS_RECOVERY bits
set, and earlier 1.43.x versions of e2fsprogs were byte swapping the
shadow superblock each time it was written, so that every other backup
superblock was incorrectly byte swapped.
Fortunately the primary backup superblock was correctly written
(modulo having the VALID_FS bit set when it should not have been set)
so for the most part no one noticed. And very few architectures use
big endian byte ordering these days. (Even IBM has seen the light
with the ppcle architecture. :-)
Fortunately commit bf9f3b6d5b caused f_desc_size_bad and
f_resize_inode to fail on a big endian system, which allowed me to
notice the issue and investigate.
Darrick J. Wong [Mon, 15 May 2017 18:37:11 +0000 (11:37 -0700)]
e2freefrag: use GETFSMAP on mounted filesystems
Use GETFSMAP to query mounted filesystems for free space information.
This prevents us from reporting stale free space stats if there happen
to be uncheckpointed block bitmap updates sitting in the journal.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Wang shilong [Tue, 30 May 2017 00:36:51 +0000 (20:36 -0400)]
tune2fs: fix BUGs of tuning project quota
There are several problems for project quota enable/disable:
tune2fs -O ^project did not work, because @clear_ok_features
did not include @EXT4_FEATURE_RO_COMPAT_PROJECT.
update_feature_set() works for -O option, but tune2fs -Q prj/^prj
did not work well, because function handle_quota_options()
did not set and clear @EXT4_FEATURE_RO_COMPAT_PROJECT feature very well.
one warning message is removed, because with project feature
enabled, quota feature will be enabled automatically.
Signed-off-by: Wang Shilong <wshilong@ddn.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
e2fsck: don't flush to device opened in read-only mode
If the e2fsck is called with both the -f and -n options, it will
complete with an exit status of 8 due to an error when trying to flush
the io_channel (which was opened read-only) when built on on Cygwin on
Windows 8.1 and Windows 10. Apparently Cygwin is unhappy when fsync
is called on a file descriptor opened read-only.
Theodore Ts'o [Thu, 25 May 2017 17:11:40 +0000 (13:11 -0400)]
tests: fix expected output for f_detect_junk
The expect files for f_detect_junk had gotten out of sync with the
code base, and since this test is optional (it depends on libmagic
being installed), we hadn't noticed.
Darrick J. Wong [Thu, 25 May 2017 01:56:36 +0000 (21:56 -0400)]
e2fsck: fix sparse bmap to extent conversion
When e2fsck is trying to convert a sparse block-mapped file to an extent
file, we incorrectly merge block mappings that are physically contiguous
but not logically contiguous because of insufficient checking with the
extent we're constructing. Therefore, compare the logical offsets for
contiguity as well.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Thu, 25 May 2017 01:48:41 +0000 (21:48 -0400)]
libext2fs: correctly subtract xattr blocks on bigalloc filesystems
ext2fs_inode_data_blocks2() calculates an inode's data block count by
subtracting the external xattr block, if any, from the total blocks.
But on bigalloc filesystems, the xattr "block" is actually a whole
cluster, so ext2fs_inode_data_blocks2() would return a too-large value.
It seems this could have caused several different problems, but the one
I encountered was that xfstest generic/399 failed in the "bigalloc"
config because e2fsck incorrectly considered a symlink on the filesystem
to be corrupted at the end of the test. This happened because e2fsck
incorrectly calculated a nonzero data block count for a "fast" symlink
with an external xattr block and therefore treated it as a "slow"
symlink, which failed validation.
Fix this by updating ext2fs_inode_data_blocks2() to subtract the cluster
size rather than the block size.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Whitney [Thu, 25 May 2017 01:34:20 +0000 (21:34 -0400)]
e2fsck: fix multiply-claimed block quota accounting when deleting files
As e2fsck processes each file in pass1, the actual file system quota is
increased by the number of blocks discovered in the file. This can
include both non-multiply-claimed and multiply-claimed blocks, if the
latter exist. However, if a file containing multiply-claimed blocks
is then deleted in pass1b, those blocks are not taken into account when
decreasing the actual quota. In this case, the new quota values written
to the file system by e2fsck overstate the space actually consumed.
And, e2fsck must be run twice on the file system to fully correct
quota.
Fix this by counting multiply-claimed blocks as a debit to quota when
deleting files in pass1b.
Signed-off-by: Eric Whitney <enwlinux@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Alex Deymo [Thu, 26 Jan 2017 01:47:50 +0000 (17:47 -0800)]
AOSP: Add "libc" to soong static_executable targets.
When building a static exectuable for "arm", the libgcc is automatically
included by the build system *after* libc, but libgcc has some symbol
dependencies on "libc", like for example the "raise" symbol.
libgcc, libatomic and libcompiler_rt-extras are passed in a group
(enclosed by --start-group and --end-group) so they all are included
regardless of the order inside that group. Nevertheless libc only
appears outside this group and before them, so the undefined references
from libgcc are not resolved.
This patch adds "libc" as a explicit static_libs dependency to
static_executable targets forcing it to be included in the group.
Alex Deymo [Thu, 12 Jan 2017 17:48:04 +0000 (09:48 -0800)]
AOSP: Convert e2fsprogs targets to soong.
This patch also removes all the "-host" and "_static" suffix from all
the libraries adding "unique_host_soname: true". This prevents
confusions with the host installed libraries.
A new "libext2_misc" library is introduced to export some files from
the misc/ directory to other binaries in this project.
Nick Kralevich [Wed, 18 Jan 2017 23:17:42 +0000 (15:17 -0800)]
AOSP: HACK: android: exit(1) if selabel_lookup fails
If selabel_lookup fails, the current implementation of set_selinux_xattr
returns -1, but the command line tool e2fsdroid reports success.
There's a bunch of things wrong:
1) -1 does not appear to be a legal errcode_t value. The appropriate
return value appears to be DIRENT_ABORT.
2) A return value of DIRENT_ABORT is ignored by the upper layers of the
code.
3) Attempting to fix the upper layers of the code to not ignore
DIRENT_ABORT results in complaints about not being able to create
/lost+found.
I'm honestly not sure how to fix this, so just throw an exit(1) in
there, to make sure the program dies a horrible death if
selabel_lookup() fails. This is much better than the alternative of
e2fsdroid returning success with an improperly labeled file.
Bug: 34358308
Test: Artifically modify selabel_lookup() to return a failure, and
verify Android doesn't compile.
Test: Verify Android compiles under normal circumstances.
Change-Id: I60e04bc6559a66d3f3202f2c28e2519856385ded
From AOSP commit: 87a7db7cf2ca0feecaccad94bf22f92c726000c3