Theodore Ts'o [Mon, 1 Oct 2007 13:18:54 +0000 (09:18 -0400)]
e2fsck: backup superblocks if key constants have changed
If the primary superblock differs from the backup superblock in
certain key respects, force a full check (if e2fsck was invoked in
preen mode). If the filesystem check passes cleanly, and the
filesystem was opened in read/write mode, then write the primary
superblock to all of the backups.
ext2fs_dblist_dir_iterate() calls ext2fs_dblist_iterate(), which calls
ext2fs_process_dir_block(), which in turn calls the helper function
db_dir_proc() which calls callback function passed into
ext2fs_dblist_dir_iterate(). At each stage the conventions for
signalling requests to abort the iteration or to signal errors
changes, db_dir_proc() was not properly mapping the abort request back
to ext2fs_dblist_iterate().
Currently db_dir_proc() is ignoring errors (i/o errors or directory
block corrupt errors) from ext2fs_process_dir_block(), since the main
user of ext2fs_dblist_dir_iterate() is e2fsck, for which this is the
correct behavior. In the future ext2fs_dblist_dir_iterate() could
take a flag which would cause it to abort if
ext2fs_process_dir_block() returns an error; however, it's not clear
how useful this would be since we don't have a way of signalling the
exact nature of which block had the error, and the caller wouldn't
have a good way of knowing what percentage of the directory block list
had been processed. Ultimately this may not be the best interface for
applications that need that level of error reporting.
Thanks to Vladimir V. Saveliev <vs@clusterfs.com> for pointing out
this problem.
libblkid: Add more magic numbers that might mean there is a FAT filesystem
The FAT filesystem doesn't have its superblock with a set of magic
strings in a fixed location. Therefore, we must also check for the
FAT filesystem if it looks like we have an MBR at the beginning of the
partition. We previously checked if the first byte was a jump
instruction but that missed some USB disks with only one bootable
partition. Now we check for the MBR signature (0x55AA at offset 510)
as well as any partition where byte 0 is \351 or \353.
Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
e2fsck: Don't mark the filesystem invalid because of time errors
If superblock mount time or last write time is in the future, and the
user refuses to fix the problem, don't mark the filesystem as being
invalid and needing to be checked.
Work around lame Ubuntu init scripts / installer bugs
The Ubuntu init scripts don't properly set the system time correctly
from hardware clock if the hardware clock is configured to tick local
time instead of GMT time.
Work around this as best as we can by providing an option in
/etc/e2fsck.conf which can be set on Ubuntu systems:
e2fsck: If the superblock is corrupt, automatically retry with the backup sb
E2fsck currently only retries with the backup superblock if the
primary superblock is missing (e.g., overwritten with garbage). If
the superblock is just corrupted enough that it looks like ext2/3/4
superblock, but it is corrupt enough that ext2fs_open2() returns an
error, e2fsck stops without retrying. Let's fix this oversight.
Any attempt to open a filesystem with s_inode_size set to zero causes
a floating point exception. This is true for e2fsck, dumpe2fs,
e2image, etc. Fix ext2fs_open2() so that it returns the error code
EXT2_ET_CORRUPT_SUPERBLOCK instead of crashing.
Theodore Ts'o [Tue, 21 Aug 2007 02:55:33 +0000 (22:55 -0400)]
Use sscanf instead of atoi when parsing e2fsck options
atoi() does not check for errors so it shouldn't be used for human
input. For example, if the user enters the command "e2fsck -C -n" and
forgets that -C requires an argument, the -n will be used as the
argument to -C, and not parsed as an option. When using sscanf(),
this error case can be detected.
Theodore Ts'o [Sat, 11 Aug 2007 03:58:56 +0000 (23:58 -0400)]
Remove e2fsck's -s and -S options to byte-swap ancient PPC filesystems
The need for fixing byte-swapped filesystems is long-gone, and this is
getting in the way of cleaning up e2fsprogs's bitmaps code. So let's
get rid of it; modern kernels haven't been able to deal with a
byte-swapped filesystem in in about 9 years.
Create new functions ext2fs_{set,get}_{inode,block}_bitmap_range()
which allow programs like e2fsck, dumpe2fs, etc. to get and set chunks
of the bitmap at a time.
Move the representation details of the 32-bit old-style bitmaps into
gen_bitmap.c.
Change calls in dumpe2fs, mke2s, et. al to use the new abstractions.
Move the 32-bit specific bitmap code into gen_bitmap.c, and the
high-level interfaces into bitmaps.c. Eventually we'll move the
new-style bitmap code into gen_bitmap64.c, but first we need to
isolate the code with knowledge of the bitmap internals in one place
first.
In this patch we move allocation, free, copy, clear, set_padding, and
fudge_end function into gen_bitmap.c, and make sure that the bitmaps.c
and bitops.c no longer have any knowledge of the bitmap internals.
Eric Sandeen [Fri, 20 Jul 2007 21:50:26 +0000 (16:50 -0500)]
Fix test in ext2fs_check_desc() for inode table within block group
The test in ext2fs_check_desc() is off by one; if the inode table
goes all the way to the last block of the block group, it will
falsely assert that it has extended past it. The last block
of a range is start + len -1, not start + len.
You can create (valid) filesystems that will cause e2fsck to complain
via one of the following mkfs commands:
Properly calculate overhead in ext2fs_initialize()
For some odd geometries*, mkfs will try to allocate inode tables off
the end of the block group and fail, rather than warning that too
many inodes have been requested.
This is because when ext2fs_initialize calculates metadata overhead,
it is only adding in group descriptor blocks and the superblock
if the *last* bg contains them - but the first bg also has all of
the various metadata bits taking up space.
We need to calculate the overhead both for the first block group and
the last block groups separately, since the two different tests need
to know what the overheads are for those two cases, which may be
different.
(Note, the test here is a little funky; the expected output is
actually a mkfs failure - but a proper failure instead of the
allocator catching the problem at the last minute)
Addresses-Red-Hat-Bugzilla: #241767
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix e2fsck segfault on very badly damaged filesystems
A recent change to e2fsck_add_dir_info() to use tdb files to check
filesystems with a very large number of filesystems had a typo which
caused us to resize the wrong data structure. This would cause a
array overrun leading to malloc pointer corruptions. Since we
normally can very accurately predict how big the the dirinfo array
needs to be, this bug only got triggered on very badly corrupted
filesystems.
Thanks to Andreas Dilger for submitting the test case which discovered
this problem, and to Kalpak Shah for writing a random testing script
which created the test case.
Kalpak Shah [Mon, 9 Jul 2007 17:05:45 +0000 (13:05 -0400)]
e2fsck: Fix salvage_directory when the last entry's rec_len is too big
Recently, one of our customers found this message in pass2 of e2fsck
while doing some regression testing:
"Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
rec_len of 14200, should be 26908."
Both the displayed rec_len and the "should be" value are bogus. The
reason is that salvage_directory sets a offset beyond blocksize
leading to bogus messages.
Stop after the second '.' when parsing version numbers
Now that we are moving to x.y.z version number scheme for maintenance
releases, we ned to change ext2fs_parse_version_string and
blkid_parse_version_string to ignore the second period so we don't
have maintenance releases with a substantially bigger verison number
than the initial x.y release.
Fix bug which could cause libblkid to loop forever
When revalidating a partition where there is obsolete information in
/etc/blkid.tab, we end up freeing a the type tag without clearing
dev->bid_type, causing blkid_verify() to loop forever.
Fix a potential security problem if e2fsprogs is built as root (as
Gentoo does!). In addition fix the script and how it is called from
the configure script so that it does the right thing when
cross-compiling.
Fix bogus strip permission errors when building under Debian
When building the e2fsprogs dpkg's, the dh_strip command emits a large
number of error messages caused by the permissions not being right. So
run dh_fixperms before running dh_strip.
Compile the default mke2fs.conf into mke2fs program
People are getting surprised by mke2fs creating filesystems with
different defaults than earlier versions of mke2fs if mke2fs.conf is
not present. Having gotten two complaints about ramdisks getting
created by with 4k blocksizes which then blow up when the ramdisk is
mounted with a "Magic mismatch, very weird" error message from the
kernel, let's fix this by making sure mke2fs has a built-in version of
mke2fs.conf file. People can still override the built-in version of
mke2fs.conf by editing /etc/mke2fs.conf, but this maintains the
previous behavior.
profile_set_default() sets the value of the pseudo file "<default>".
If the file "<default>" had previously been passed to profile_init(),
then def_string parameter will be parsed and used as the profile
information for the "<default>" file.
The Turkish translation has a bug in it where it has the translation
of "E@e '%Dn' in %p (%i)" to "E@E". This causes @E to be expanded at
@E, recursively, forever, until the stack fills up e2fsck core dumps.
Fix it by stopping after a recursive depth of 10, which is far more
than we need.
Theodore Ts'o [Sat, 30 Jun 2007 22:41:31 +0000 (18:41 -0400)]
Set LC_ALL instead of LANG in the test suite config
LC_ALL is the "high priority" environment variable that overrides all
others, where as LANG is the lowest priorty environment variable. If
LC_ALL is set, it doesn't matter whether LANG, LANGUAGE, LC_COLLATE,
LC_MESSAGES, and the all the rest are set. This will assure that the
locale when running the test suites is the "C" locale.
Kalpak Shah [Sat, 30 Jun 2007 01:40:19 +0000 (21:40 -0400)]
Fix byte swapping bug in get_next_inode_full()
On big-endian systems, while swapping, ext2fs_swap_inode_full() swaps
only 128+extra_isize bytes and the EAs if they are present. Now if inode
N has EAs, (and this is the inode in the "scratch inode") then inode N+1
also carries seems to have them since the "scratch inode" was never
zeroed.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Sun, 24 Jun 2007 20:59:36 +0000 (16:59 -0400)]
Fix the info-dir line for the com_err.texinfo file
Fix the info-dir line so that the menu name does not contain a .info
prefix. First of all, it's ugly, secondly, it causes the install-info
command to fail to remove the com_err info file from the
/usr/share/info/dir file when the comerr-dev package is removed and
purged.
Theodore Ts'o [Sun, 24 Jun 2007 20:49:14 +0000 (16:49 -0400)]
Remove RFC-4122 from e2fsprogs distribution
Documentation about UUID's is available in enough places, and it's
awkward to deal with debian-legal's insanities. So I'm caving in the
"more-lunatic-than-RMS" wing of Debian by removing RFC-4122 so we don't
have do the dfsg tarball. Also remove the rule that only tried to
install RFC-4122 on Ubuntu, since Ubuntu seems to want to fetch
e2fsprogs exclusively from Debian.
Andreas Dilger [Fri, 22 Jun 2007 06:22:38 +0000 (02:22 -0400)]
e2fsck: added sanity check for xattr validation
Add an extra validity test in check_ext_attr(). If an attribute's
e_value_size is zero the current code does not allocate a region for it
and as a result the e_value_offs value is not verified. However, if
e_value_offs is very large then the later call to
ext2fs_ext_attr_hash_entry() can dereference bad memory and crash
e2fsck.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com> Signed-off-by: Jim Garlick <garlick@llnl.gov>
Karsten Hopp [Thu, 21 Jun 2007 17:43:33 +0000 (13:43 -0400)]
Add support for LUKS encrypted partitions
This patch adds support for cryptsetup-luks (http://luks.endorphin.org)
UUIDs to libblkid. This is required p.e. to avoid hardcoding device
names for encrypted partitions. Could you please take a look at it and
consider inclusion in the next e2fsprogs release ?
Theodore Ts'o [Thu, 21 Jun 2007 15:59:06 +0000 (11:59 -0400)]
e2fsck: Check the all of journal blocks for validity
The original code only checked the direct blocks to make sure the
journal inode was sane. Unfortunately, if some or all of the indirect
or doubly indirect blocks were corrupted, this would not be caught.
Thanks to Andreas Dilger and Kalpak Shah for noticing this problem.
Kalpak Shah [Thu, 21 Jun 2007 15:59:06 +0000 (11:59 -0400)]
Recreate journal that had been removed previously due to corruption
If the journal had been removed because it was corrupt, the
E2F_FLAG_JOURNAL_INODE flag will be set. If this flag is set, then
recreate the filesystem after checking the filesystem.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com> Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Theodore Ts'o [Mon, 18 Jun 2007 22:26:50 +0000 (18:26 -0400)]
Don't write changes to the backup superblocks by default
This patch changes ext2fs_open() to set EXT2_FLAG_MASTER_SB_ONLY by
default. This avoids some problems in e2fsck (reported by Jim Garlick)
where a corrupt journal can end up writing the bad superblock to the
backups. In general, only e2fsck (after the filesystem is clean),
tune2fs, and resize2fs should change the backup superblocks by default.
Most callers of ext2fs_open() should not be touching anything where the
backups should be touched. So let's change the defaults to avoid
potential problems.
Theodore Ts'o [Mon, 4 Jun 2007 05:14:52 +0000 (01:14 -0400)]
Fix e2fsck's get_size logic so it will work with the Linux floppy driver
The Linux floppy driver is a bit different from the other block device
drivers, in that if the device has been opened with O_EXCL, it disallows
another open(), even if the second open() does not have the O_EXCL flag.
So this patch moves the call to ext2fs_get_device_size() so that if it
returns EBUSY, e2fsck can close the filesystem, retry the device size,
and then reopen it. This rather complicated approach is required since
we need to know the blocksize of the filesystem before we can call
ext2fs_get_device_size().
Andreas Dilger [Thu, 31 May 2007 16:25:46 +0000 (12:25 -0400)]
Reserve superblock fields for multiple mount protection feature
There have been reported instances of a filesystem having been mounted
at 2 places at the same time causing a lot of damage to the
filesystem. This patch reserves superblock fields and an INCOMPAT flag
for adding multiple mount protection(MMP) support within the ext4
filesystem itself. The superblock will have a block number
(s_mmp_block) which will hold a MMP structure which has a sequence
number which will be periodically updated every 5 seconds by a mounted
filesystem. Whenever a filesystem will be mounted it will wait for
s_mmp_interval seconds to make sure that the MMP sequence does not
change. To further make sure, we write a random sequence number into
the MMP block and wait for another s_mmp_interval secs. If the
sequence no. doesn't change then the mount will succeed. In case of
failure, the nodename, bdevname and the time at which the MMP block
was last updated will be displayed. tune2fs can be used to set
s_mmp_interval as desired.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com> Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Daniel Drake [Thu, 31 May 2007 15:56:17 +0000 (11:56 -0400)]
e2fsck: Add blocksize sanity check when finding a backup superblock
I've been investigating why e2fsck refuses to restore the backup superblock
of a partition with a broken primary superblock.
The partition in question has a block size of 4096, and mke2fs reports that
backup superblocks were created on blocks 32768, 98304, 163840, ...
When running e2fsck, get_backup_sb starts by guessing a block size of 1024
and backup superblock at block 8193. I'm not sure why, but it actually finds
a superblock at this location, so returns a context with superblock 8193,
blocksize 1024.
Later on, ext2fs_open2() tries to process this superblock. It then realises
that the block size value stored in the superblock (4096) does not match what
it was told (1024), so it bails out with EXT2_ET_UNEXPECTED_BLOCK_SIZE. fsck
aborts without fixing the partition.
The following patch solves the problem by discounting superblocks which do
not meet the currently-sought block size.
As a result, block 32768 (blocksize=4096) is now used to restore the backup,
which agrees with the first location that mke2fs listed.
Signed-off-by: Daniel Drake <d.drake@mmm.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>