Eric Biggers [Mon, 30 Jan 2023 19:04:32 +0000 (19:04 +0000)]
AOSP: Android: consolidate addition of include/mingw/
To match what the autotools-based build system does now, always add
include/mingw/ to the include path on Windows. I don't think this makes
a real difference anywhere, but this is much simpler.
Eric Biggers [Mon, 30 Jan 2023 19:04:31 +0000 (19:04 +0000)]
AOSP: lib/support: don't assume qsort_r() is always available on Linux
Since commit 4e5f24ae4267 ("Use an autoconf test to detect for a BSD- or
GNU-style qsort_r function"), e2fsck fails to build for Android because
lib/support/sort_r.h assumes that qsort_r() is always available on
"Linux", but in fact it's not supported by Android's libc.
Rename _SORT_R_LINUX to _SORT_R_GNU to clarify that it's really the
glibc convention for qsort_r(), not the "Linux" convention per se, and
make sort_r.h stop setting it automatically when __linux__ is defined.
Note: this change does *not* prevent glibc's qsort_r() from being used
when e2fsprogs is built using the autotools-based build system, as
'configure' checks for qsort_r() too. This change just affects the
fallback behavior for when qsort_r() was not already detected.
The upstream build system for e2fsprogs doesn't use
-fno-strict-aliasing, so update the Android.bp files to match.
Note: Android's build system currently uses -fno-strict-aliasing by
default anyway, so this change doesn't actually enable strict aliasing.
But that's a bit besides the point. The point is that this project
doesn't need anything special, so we don't need to do anything special.
Eric Biggers [Wed, 25 Jan 2023 23:45:33 +0000 (23:45 +0000)]
AOSP: mke2fs: stop suppressing warnings for Windows build
The warning this was intended to suppress was already fixed by
upstream commit 108f3021a6b6 ("mke2fs: use ext2fs_get_device_size2() on
all platforms").
Address sanitization was disabled in e2fsdroid over 5 years ago, due to
a bug in libext2fs. However, that bug has long since been fixed by
upstream commit 689b7be2da01 ("libext2fs: avoid dereferencing beyond
allocated memory in xattr code"). So it should be fine to re-enable
address sanitization now.
Eric Biggers [Wed, 4 Jan 2023 18:59:15 +0000 (18:59 +0000)]
AOSP: Update lib/ext2fs/Android.bp for upstream change
Compile windows_io.c on Windows, and unix_io.c everywhere else.
Change-Id: Ieab0b9ad5a9f7c275153e0f90553761693967762 Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 0c82cec0d1aa70c993b5231a2c2244eb5175e638
Shikha Panwar [Fri, 9 Dec 2022 20:01:01 +0000 (20:01 +0000)]
AOSP: mke2fs.microdroid: Allow non-APEX version of libs
Microdroid uses mke2fs to format encryptedstore partition. This happens
in parallel to apex activation by apexd. Hence, sometime, mke2fs would
fail if some linker libraries are not available.
Create a target (mke2fs.microdroid) with bootstrap: true
Dennis Shen [Wed, 2 Nov 2022 14:47:38 +0000 (14:47 +0000)]
AOSP: Make blkid host_supported
We need blkid in deapexer to get the filesystem type of the payload
image. However, blkid will not be installed to host out dir unless we
make it host_supported which is what this change is about.
Viraj Shah [Mon, 17 Oct 2022 10:57:40 +0000 (12:57 +0200)]
debian: make the copyright file machine readable
Debian introduced a machine-readable copyright file a while ago.
Convert the general copyright file and the package-specific ones,
splitting the info that belongs to the package-specific ones.
Drop debian/e2fsck-static.copyright because that does not have a
file set that is very distinct from the general source; it would
just replicate parts of it.
This change adds some missing licenses that have to be documented
according to Debian Policy §12.5 as well as the copyright info for
many files.
Bastian Germann [Mon, 17 Oct 2022 16:50:35 +0000 (18:50 +0200)]
dict: Add modifification note required by license
The Kazlib license says:
"Permission is also granted to adapt this software to produce
derivative works, as long as the modified versions carry this copyright
notice and additional notices stating that the work has been modified."
Add the missing notice stating that the work has been modified.
This seems to have been intended to allow the use of a local "UUID" type
without colliding with "UUID" in the Windows API. However, this is
unnecessary because there's no local "UUID" type -- there's only uuid_t.
None of these .c files need the include of windows.h, either.
Finally, the unconditional definition of _WIN32_WINNT causes a compiler
warning when the user defines _WIN32_WINNT themself.
Since this code is unnecessary and is causing problems, just remove it.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sat, 28 Jan 2023 06:22:29 +0000 (01:22 -0500)]
Change the xattr entry hash to use an unsighed char by default
Starting in Linux 6.2, char is forced to always unsigned when
compiling the kernel, even on those platforms (such as x86) where char
was traditionally signed. This exposed a bug in ext4, where when
calculating the extended attribute entry hash, we used a char value
from the extended attribute name. This resulted with the entry hash,
which is stored on-disk, to variable depending on whether the plaform
used a signed or unsigned char.
Fortunately, the xattr names tend to be ASCII characters with the 8th
bit zero, so it wasn't noticed two decades (this bugs dates back to
the introduction of extended attribute support to ext2 in 2.5.46).
However, when this change was made in v6.2-rc1, the inconsistency
between the extended attribute hash calculated by e2fsprogs (which was
still using a signed char on x86) was different from an x86 kernel,
and this triggered a test failure in generic/454.
This was fixed in kernel commit f3bbac32475b (" ext4: deal with legacy
signed xattr name hash values"), where Linus decreed that it wasn't
worth it to fix this the same way we had addressed has used by the
dir_index feature. Instead, starting in the 6.2 kernel, ext4 will
accept both the hash calculated using signed and unsigned chars, but
set the entry hash using the unsigned char. This commit makes
e2fsprogs follow suit.
Theodore Ts'o [Fri, 27 Jan 2023 20:35:12 +0000 (15:35 -0500)]
e2fsck: double cast a pointer to suppress a bogus compiler warning in kfree()
The C standard is wrong[1] with respect to the function signature of
free(), while the kernel's kfree() is correct. Unfortunately, this
leads to compiler warnings.
Sayeth Dennis Ritchie: "Noalias must go. This is non-negotiable"[2].
Noalias went. The confusion around const, alas, still remains.
Theodore Ts'o [Fri, 27 Jan 2023 20:23:12 +0000 (15:23 -0500)]
e2fsck: use ext2_ino_t instead of ino_t
The ino_t type is defined by the system header files, and may be
anything from an unsigned int, unsigned long, or an unsigned long
long. So where we are referring to an ext2/ext3/ext4 inode number, we
should use ext2_ino_t to avoid this ambiguity, especially when passing
an inode number to a printf-style function.
This was detected via a compiler warning on MacOS, but it's
potentially a real bug, since it can cause an error message to print a
garbled inode number.
Eric Biggers [Sat, 21 Jan 2023 20:32:30 +0000 (12:32 -0800)]
Add a configuration file for GitHub Actions
Add a workflow file for GitHub Actions, with jobs that build and test
e2fsprogs on various platforms with various options.
The workflow is configured to run on pushes only, since e2fsprogs does
not use GitHub pull requests.
This will work on any e2fsprogs fork on Github that has GitHub Actions
enabled. For example, the results for the testing I've been doing are
at https://github.com/ebiggers/e2fsprogs/actions.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:29 +0000 (12:32 -0800)]
resize2fs: remove unused variable from adjust_superblock()
In adjust_superblock(), the 'group_block' variable is declared and set,
but it is never actually used. Remove it.
This addresses the following compiler warning with clang -Wall:
blk64_t group_block;
^
resize2fs.c:1119:11: warning: variable 'group_block' set but not used [-Wunused-but-set-variable] Reviewed-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:28 +0000 (12:32 -0800)]
misc/util.c: enable MinGW alarm() when building for Windows
To compile for Windows, this file needs MinGW's implementation of
alarm(). To expose that definition, some macros must be defined before
including the system headers. This was done in Android.bp, but it was
not done in the autotools-based build system. Define these macros in
the source file itself so that all build systems work.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:24 +0000 (12:32 -0800)]
misc/mke2fs: fix Windows build
unix_io_manager is no longer available on Windows. windows_io_manager
must be used instead.
Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager") Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:23 +0000 (12:32 -0800)]
misc/mk_hugefiles: simplify get_partition_start()
search_sysfs_block() is causing -Wformat-truncation warnings. These
could be fixed by checking the return value of snprintf(), instead of
doing buggy checks like 'strlen(p_de->d_name) > SYSFS_PATH_LEN -
strlen(path) - 32', which has an integer underflow bug.
However, the only purpose of search_sysfs_block() is to find the sysfs
directory for a block device by device number. That can trivially be
done using /sys/dev/block/$major:$minor. So just do that instead. Also
make get_partition_start() explicitly Linux-only, as it has never worked
anywhere else.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:22 +0000 (12:32 -0800)]
misc/fuse2fs: avoid error-prone strncpy() pattern
'strncpy(dst, src, strlen(src))' is usually wrong, as it doesn't copy
the null terminator. For this reason, it causes a -Wstringop-truncation
warning with gcc 8 and later.
The code happens to be correct anyway, since the destination buffer is
zero-initialized. But to avoid relying on this, let's just copy the
terminating null.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:21 +0000 (12:32 -0800)]
misc/e4defrag: fix -Wstringop-truncation warnings
Fix two -Wstringop-truncation warnings in is_ext4() by simplifying how
how mnt_type is handled and by using the correct bound for mnt_fsname.
Fix a -Wstringop-truncation warning in main() by replacing the fragile
pattern 'strncpy(dst, src, strnlen(src, N))', which doesn't
null-terminate the destination string, with a standard string copy. (It
happened to work anyway because dst happens to be zero-initialized.)
These warnings showed up when building with -Wall with gcc 8 or later.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:20 +0000 (12:32 -0800)]
misc/create_inode: simplify logic in scandir()
The control flow in scandir() (only used on Windows) confuses gcc into
thinking that *name_list is not always set on success, which causes a
-Wmaybe-uninitialized warning in __populate_fs(). As far as I can tell
it's a false positive; however, avoid it by cleanly separating the
success and failure cases in scandir().
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:18 +0000 (12:32 -0800)]
e2fsck: use real functions for kernel slab functions
The macros that e2fsck uses to implement kmalloc et al. use only some of
their arguments, so unlike standard function calls, they can cause
compiler warnings like:
./../e2fsck/revoke.c:141:8: warning: variable 'gfp_mask' set but not used [-Wunused-but-set-variable]
Fix this by providing a proper definition for each function, making sure
to match the function prototypes used in the kernel.
Remove the kmem_cache_t typedef, as it doesn't exist in the kernel.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:17 +0000 (12:32 -0800)]
lib/uuid: remove conflicting Windows implementation of gettimeofday()
When building libuuid for Windows with MinGW with the default settings,
there is a build error in lib/uuid/gen_uuid.c because the explicit
definition of gettimeofday() conflicts with MinGW's declaration of
gettimeofday(). gen_uuid.c apparently expects USE_MINGW to be defined
to avoid that, but the build system doesn't actually do that.
Since native Windows builds of e2fsprogs are currently only supported
via MinGW anyway (in particular, Visual Studio is not supported), let's
fix this by just removing our own definition of gettimeofday().
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:13 +0000 (12:32 -0800)]
lib/{ext2fs,support}: fix 32-bit Windows build
_WIN32 is the standard macro to detect (native) Windows, regardless of
32-bit or 64-bit. _WIN64 is for 64-bit Windows only. Use _WIN32 where
_WIN64 was incorrectly being used.
This fixes several 32-bit Windows build errors, for example this one:
plausible.c: In function ‘print_ext2_info’:
plausible.c:109:31: error: ‘unix_io_manager’ undeclared (first use in this function); did you mean ‘undo_io_manager’?
109 | unix_io_manager,
| ^~~~~~~~~~~~~~~
| undo_io_manager
Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager") Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:08 +0000 (12:32 -0800)]
lib/ext2fs: consistently use #ifdefs in ext2fs_print_bmap_statistics()
Since the 'now' variable is only used to calculate 'inuse', and 'inuse'
is only used when defined(ENABLE_BMAP_STATS_OPS), it makes sense to
guard the declaration and initialization of 'now' and 'inuse' by the
same condition, just like the '*_perc' variables in the same function.
This addresses the following compiler warning with clang -Wall:
double inuse;
^
gen_bitmap64.c:187:9: warning: variable 'inuse' set but not used [-Wunused-but-set-variable] Reviewed-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:07 +0000 (12:32 -0800)]
lib/ext2fs: remove 32-bit x86 bitops assembly
The EXT2FS_ADDR() macro is causing -Warray-bounds warnings because it
(sort of) dereferences past the end of the input array. It's not a
"real" dereference, since the result is passed as a memory operand to
inline asm. But in the C language sense, it is a dereference.
Instead of trying to fix this code, let's consider that libext2fs *only*
implements the bit operations in assembly for 32-bit x86, which is
rarely used anymore. The fact that compilers have also improved, and no
one has implemented these for another architecture, even x86_64,
suggests it's not useful either. So, let's just remove this outdated
code, which was maybe useful in the 90s, but now just causes problems.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:06 +0000 (12:32 -0800)]
lib/et: fix "unused variable" warnings when !HAVE_FCNTL
In init_debug(), avoid -Wunused-variable and -Wunused-but-set-variable
warnings when HAVE_FCNTL is not defined by only declaring 'fd' and
'flags' when HAVE_FCNTL is defined. This affected Windows builds.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:05 +0000 (12:32 -0800)]
lib/{e2p,ss}: remove manual declarations of errno
As per 'man 3 errno':
On some ancient systems, <errno.h> was not present or did not
declare errno, so that it was necessary to declare errno manually
(i.e., extern int errno). **Do not do this**. It long ago ceased
to be necessary, and it will cause problems with modern versions of
the C library.
One of the platforms it causes a problem on is Windows:
In file included from fgetversion.c:28:
fgetversion.c: In function ‘fgetversion’:
fgetversion.c:68:20: warning: ‘_errno’ redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
68 | extern int errno;
| ^~~~~
Just remove these obsolete manual declarations of errno.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:03 +0000 (12:32 -0800)]
lib/blkid: suppress -Wstringop-truncation warning in blkid_strndup()
Unfortunately, gcc gets confused by blkid_strndup() and incorrectly
thinks the destination string is not being null-terminated. This is
part of -Wstringop-truncation, enabled automatically by -Wall in gcc 8
and later. Let's just suppress this warning here.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:02 +0000 (12:32 -0800)]
lib/blkid: suppress -Wunused-result warning in blkid_flush_cache()
When _FORTIFY_SOURCE is defined, glibc annotates link() with the
warn_unused_result function attribute. With gcc, that makes
'(void) link()' cause a -Wunused-result warning, despite the explicit
cast to void. That's annoying, since the use case in lib/blkid/save.c
is legitimate (opportunistic backup). So let's suppress this warning.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:32:00 +0000 (12:32 -0800)]
lib/blkid: fix unaligned access to hfs_mdb
With -Wall, gcc warns:
./probe.c:1209:42: error: taking address of packed member of
'struct hfs_mdb' may result in an unaligned pointer value
This seems to be a real unaligned memory access bug, as the offset of
the 64-bit value from the start of the buffer is 116, which is not a
multiple of 8. Fix it by using memcpy().
Do the same for hfsplus to fix the same warning, though in that case the
offset is a multiple of 8 so it was defined behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:31:59 +0000 (12:31 -0800)]
lib/blkid: remove 32-bit x86 byteswap assembly
libblkid contains 32-bit x86 assembly language implementations of 16-bit
and 32-bit byteswaps. However, modern compilers can easily generate the
bswap instruction automatically from the corresponding C expression.
And no one ever bothered to add assembly for x86_64 or other
architectures, anyway. So let's just remove this outdated code, which
was maybe useful in the 90s, but is no longer useful.
Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:31:58 +0000 (12:31 -0800)]
lib, misc: eliminate dependency on Winsock
Currently Windows builds of e2fsprogs rely on the Windows Socket API
(Winsock) to provide htonl() and ntohl(). For this to actually work,
though, HAVE_WINSOCK_H needs to be defined, and the binaries need to be
linked to -lws2_32. The Android.bp files do this; however, the
autotools-based build system does not.
Since htonl() and ntohl() are trivial, let's instead just add a file
include/mingw/arpa/inet.h with definitions for these.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:31:57 +0000 (12:31 -0800)]
config/install-sh: update to latest version
The version of install-sh in the source tree is extremely old and
doesn't work when passed multiple path arguments, which breaks
'make install' on macOS.
Therefore, delete this file and run 'autoreconf -i' to update it to the
latest version.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Since the include/mingw/ directory needs to be on the include path when
building for Windows with MinGW, add it to INCLUDES automatically, and
AC_DEFINE the corresponding HAVE_*_H constants.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 21 Jan 2023 20:31:53 +0000 (12:31 -0800)]
configure.ac: only use Windows I/O manager on native Windows
Cygwin and MSYS2 are UNIX-compatible platforms on top of Windows, so
they should use the UNIX I/O manager, not the Windows I/O manager.
(Note that "cygwin" was misspelled as "cigwin", so the code did not have
the intended effect anyway.)
Fixes: d1d44c146a5e ("ext2fs: compile the io implementation according to os") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
lihaoxiang (F) [Tue, 29 Nov 2022 07:02:39 +0000 (15:02 +0800)]
mmp: fix wrong comparison in ext2fs_mmp_stop
In our knowledge, ext2fs_mmp_stop use to process the rest of work
when mmp will finish. Critically, it must check if the mmp block is
not changed. But there exist an error in comparing the mmp and mmp_cmp.
Look to ext2fs_mmp_read, the assignment of mmp_cmp retrieve from the
superblock of disk and it copy to mmp_buf if mmp_buf is not none
and not equal to mmp_cmp in the meanwhile. However, ext2fs_mmp_stop
pass the no NULL pointer fs->mmp_buf which has possed the mmp info to
ext2fs_mmp_read. Consequently, ext2fs_mmp_read override fs->mmp_buf
by fs->mmp_cmp so that loss the meaning of comparing themselves
after that and worse yet, couldn't judge whether the struct of mmp
has changed.
In fact, we only need to modify the parameter to NULL pointer for
solving this problem.
Li Dongyang [Mon, 19 Dec 2022 13:05:44 +0000 (00:05 +1100)]
e2fsck: optimize clone_file on large devices
When cloning multiply-claimed blocks for an inode,
clone_file() uses ext2fs_block_iterate3() to iterate
every block calling clone_file_block().
clone_file_block() calls check_if_fs_cluster(), even
the block is not on the block_dup_map, which could take
a long time on a large device.
Only check if it's metadata block when we need to clone
it.
Test block_metadata_map in check_if_fs_block()
and check_if_fs_cluster(), so we don't need to go over
each bg every time. The metadata blocks are already
marked in the bitmap.
Before this patch on a 500TB device with 3 files having
3 multiply-claimed blocks between them, pass1b is stuck
for more than 48 hours without progressing,
before e2fsck was terminated.
After this patch pass1b could finish in 180 seconds.
Signed-off-by: Li Dongyang <dongyangli@ddn.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
lihaoxiang (F) [Tue, 29 Nov 2022 06:58:12 +0000 (14:58 +0800)]
tune2fs: check return value of ext2fs_mmp_update2 in rewrite_metadata_checksums
Tune2fs hasn't consider about the result of executing ext2fs_mmp_update2
when it try to rewrite_metadata_checksums. If the ext2fs_mmp_update2
failed, multi-mount protection couldn't guard there has the only node
(i.e. this program) accessing this device in the meantime.
We solve this problem to verify the return value of ext2fs_mmp_update2.
It terminate rewrite_metadata_checksums and exit immediately if the
wrong error code returned.
Currently this function was not correctly comparing against the right
length of the bitmap. Also when we compare bitarray v/s rbtree bitmap
the value returned by ext2fs_test_generic_bmap() could be different in
these two implementations. Hence only check against boolean value.
zhanchengbin [Mon, 10 Oct 2022 08:56:58 +0000 (16:56 +0800)]
misc/fsck.c: Processes may kill other processes.
I find a error in misc/fsck.c, if run the fsck -N command, processes
don't execute, just show what would be done. However, the pid whose
value is -1 is added to the instance_list list in the execute
function,if the kill_all function is called later, kill(-1, signum)
is executed, Signals are sent to all processes except the number one
process and itself. Other processes will be killed if they use the
default signal processing function.
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com> Signed-off-by: Lukas Czerner <lczerner@redhat.com> Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
zhanchengbin [Tue, 4 Jan 2022 14:23:52 +0000 (22:23 +0800)]
libext2fs: add extra checks to ext2fs_check_mount_point()
A pseudo-filesystem, such as tmpfs, can have anything at all in its
mnt_fsname entry. Normally, it is just "tmpfs", like this:
tmpfs /tmp tmpfs rw,relatime,inode64 0 0
^^^^^
but in a pathological or malicious case, a system administrator can
specify a block device as its mnt_fsname which is the same as some
other block device. For example:
In this case, ext2fs_check_mount_point() may erroneously return that
the mountpoint for the file system on /dev/loop0 is mounted on
/tmp/test-tmpfs, instead of the correct /tmp/test-mnt. This causes
problems for resize2fs, since in order to do an online resize, it
needs to open the directory where the file system is mounted, and
trigger the online resize ioctl. If it opens the incorrect directory,
then resize2fs will fail.
So we need to add some additional checking to make sure that
directory's st_dev matches the block device's st_rdev field.
An example shell script which reproduces the problem fixed by this
commit is as follows:
Li Jinlin [Fri, 16 Sep 2022 07:42:23 +0000 (15:42 +0800)]
tune2fs: exit directly when fs freed in ext2fs_run_ext3_journal
In ext2fs_run_ext3_journal(), fs will be freed and reallocated.
However, the reallocation by ext2fs_open() may fail in some cases ---
for example, when the device becomes offline. To avoid a segfault,
exit if fs is NULL.
[ Simplified the patch by by simply exiting if fs is NULL -TYT ]
Signed-off-by: Li Jinlin <lijinlin3@huawei.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Use an autoconf test to detect for a BSD- or GNU-style qsort_r function
BSD is planning on changing their qsort_r() implementation to align
with the POSIX/GNU-style qsort_r() function signature. So use an
autoconf test to determine which qsort_r() a system has.
Jürg Billeter [Thu, 18 Aug 2022 16:31:32 +0000 (18:31 +0200)]
create_inode: do not fail if filesystem doesn't support xattr
As `set_inode_xattr()` doesn't fail if the `llistxattr()` function is
not available, it seems inconsistent to let `set_inode_xattr()` fail if
`llistxattr()` fails with `ENOTSUP`, indicating that the filesystem
doesn't support extended attributes.
Alessio Balsini [Wed, 18 May 2022 17:09:16 +0000 (18:09 +0100)]
AOSP: e2fsdroid: static import of libbase
Fix a wrong mixed shared/static library inclusion that has been unveiled
by a recent clang upgrade to clang-r450784e: the linker couldn't find
the requested object reference and caused the tool to crash.
libsnapshot_fuzzer_test was luckily catching this misbehaviour as it was
crashing as well when trying to format a loop device as ext4.
Colin Cross [Tue, 17 Aug 2021 00:17:03 +0000 (17:17 -0700)]
AOSP: Fix e2fsdroid build with musl
The e2fsdroid build fails with musl because config.h is not included
before ext2fs.h, which causes HAVE_SYS_TYPES_H not to be defined
resulting in a missing definition for dev_t.
Include config.h at the top of each .c file, and remove extra
config.h include from perms.h.
Zhiqiang Liu [Mon, 5 Sep 2022 15:40:01 +0000 (23:40 +0800)]
tune2fs: tune2fs_main() should return rc when some error, occurs
If some error occurs, tune2fs_main() will go to closefs tag for
releasing resource, and it should return correct value (rc) instead
of 0 when ext2fs_close_free(&fs) successes.
Zhiqiang Liu [Mon, 5 Sep 2022 11:16:03 +0000 (19:16 +0800)]
tune2fs: fix tune2fs segfault when ext2fs_run_ext3_journal() fails
When ext2fs_run_ext3_journal() fails, tune2fs cmd will occur one
segfault problem as follows.
(gdb) bt
#0 0x00007fdadad69917 in ext2fs_mmp_stop (fs=0x0) at mmp.c:405
#1 0x0000558fa5a9365a in main (argc=<optimized out>, argv=<optimized out>) at tune2fs.c:3440
misc/tune2fs.c:
main()
-> ext2fs_open2(&fs)
-> ext2fs_mmp_start
......
-> retval = ext2fs_run_ext3_journal(&fs)
-> if (retval)
// if ext2fs_run_ext3_journal fails, close and free fs.
-> ext2fs_close_free(&fs)
-> rc = 1
-> goto closefs
......
closefs:
-> if (rc)
-> ext2fs_mmp_stop(fs) // fs has been set to NULL, boom!!
-> (ext2fs_close_free(&fs) ? 1 : 0); // close and free fs
In main() of tune2fs cmd, if ext2fs_run_ext3_journal() fails,
we should set rc=1 and goto closefs tag, in which will release fs
resource.
Fix: a2292f8a5108 ("tune2fs: reset MMP state on error exit") Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Marius Vollmer [Wed, 24 Aug 2022 11:38:48 +0000 (14:38 +0300)]
mmp: don't use O_RDWR in ext2fs_mmp_read
It doesn't seem to be necessary since ext2fs_mmp_write doesn't write
via mmp_fd, and opening the block device with O_RDWR will trigger
udev.
Triggering udev is bad because it leads to an infinite loop when
running dumpe2fs in response to a udev event.
[ Rebased onto the maint branch, and added O_RDONLY flag. From the
open(2) man page: "The argument flags must include one of the
following access modes: O_RDONLY, O_WRONLY, or O_RDWR." -- TYT ]
Theodore Ts'o [Thu, 18 Aug 2022 21:24:17 +0000 (17:24 -0400)]
Update shared library flags used for Apple/Darwin
As submitted by Carlos Cabrera:
We need to set the `-install_name` flag so that library consumers
can find the linked libraries when installed outside the default
dyld search path. This is the case, for example, when installed
using the Homebrew package manager on Apple Silicon.
I've removed the `-flat_namespace` flag because this flag is
effectively deprecated, and can cause issues when using `dlopen`
[1]. We also need to change `-undefined warning` to `-undefined
dynamic_lookup`, since the former flag is not supported without
`-flat_namespace`. Using `-undefined dynamic_lookup` instructs the
dynamic loader to resolve undefined symbols at run/load-time.
These are the flags used by Libtool on the newest versions of
macOS, and we've applied similar patches to many other packages at
Homebrew without any issues.
Theodore Ts'o [Sun, 14 Aug 2022 03:32:42 +0000 (23:32 -0400)]
libext2fs: return an error when byte swapping a corrupted dirblock block
Except for e2fsck (where we want to expose the corrupted directory
entries to e2fsck mostly so that the e2fsck output stays the same on
big-endian machines compared to little-endian machines, so we don't
break our regression tests), if the directory block is corrupted, and
ext2fs_dirent_swab_in[2](), trips across this, return an error. This
will make sure that naive users of libextfs will not try to handle a
corrupted directory block. This prevents potential buffer overruns in
the byte swapping code paths.
This commit does not cause any functional change on little-endian
systems.
Theodore Ts'o [Sat, 13 Aug 2022 20:39:17 +0000 (16:39 -0400)]
libext2fs: avoid looping forever in e2image when superblock is invalid
If the number of blocks or inodes per block group is not a multiple of
8 (which are invalid values) ext2fs_image_bitmap{read,write} can loop
forever. These file systems should be not be allowed to be opened
(without EXT2_FLAG_IGNORE_SB_ERRORS) but for the fact that a long time
ago, Android devices used a buggy (but BSD-licensed, which was what
was important to the early Android founders) program for creating file
systems which would create these invalid file systems. E2fsck
couldn't actually correctly repair these file systems, but adding a
check to enforce this (in e2fsprogs and in the kernel) would have
broken some of these devices, so support for these bogus file system
was in a grey area for many years.
We will be tightening this up soon, but for now, we'll apply this
quick fix so attempts to use e2image won't hang forever. (Not that
Android ever shipped e2image in those days, of course...)
Lukas Czerner [Fri, 12 Aug 2022 13:01:22 +0000 (15:01 +0200)]
e2fsprogs: fix device name parsing to resolve names containing '='
Currently in varisous e2fsprogs tools, most notably tune2fs and e2fsck
we will get the device name by passing the user provided string into
blkid_get_devname(). This library function however is primarily intended
for parsing "NAME=value" tokens. It will return the device matching the
specified token, NULL if nothing is found, or copy of the string if it's
not in "NAME=value" format.
However in case where we're passing in a file name that contains an
equal sign blkid_get_devname() will treat it as a token and will attempt
to find the device with the match. Likely finding nothing.
Fix it by checking existence of the file first and then attempt to call
blkid_get_devname(). In case of a collision, notify the user and
automatically prefer the one returned by blkid_get_devname(). Otherwise
return either the existing file, or NULL.
We do it this way to avoid some existing file in working directory (for
example LABEL=volume-name) masking an actual device containing the
matchin LABEL. User can specify full, or relative path (e.g.
./LABEL=volume-name) to make sure the file is used instead.