Theodore Ts'o [Sun, 10 Feb 2008 03:30:20 +0000 (22:30 -0500)]
blkid: Flush cached filesystem information on any error other than EPERM
USB devices can return ENOMEDIUM, and when the filesystem cached
information wasn't flushed, it resulted in the wrong location of a
filesystem to be returned to the caller. The only justification for
using cached information when the open fails is in the case of a
permission denied error.
Theodore Ts'o [Fri, 8 Feb 2008 21:04:12 +0000 (16:04 -0500)]
blkid: Automatically chose between ext4 and ext4dev as appropriate
Add logic that on Linux systems will check for the presence of the
ext4dev filesystem; if it isn't present, fall back to ext4 for
filesystems that are marked as being "OK for use on test filesystem
code". If they are OK for use for in-development filesystem code, it
should also be fine to use stable filesystem code if there is no test
filesystem code (ext4dev) available.
The reverse is not true, of course. We don't ever want to mount a
production filesystem using test filesystem code unless the user gives
us explicit permission via "tune2fs -E test_fs".
Theodore Ts'o [Mon, 28 Jan 2008 00:38:46 +0000 (19:38 -0500)]
Create filesystems with the ext_attr feature by default
Since recent kernels have a tendency to set this feature willy-nilly,
let's just enable by default. It's only very old kernels that don't
support it any more.
Theodore Ts'o [Sun, 27 Jan 2008 22:43:10 +0000 (17:43 -0500)]
Don't build e2fsck statically by default anymore
Also removed the --enable-dynamic-static configure option.
Unfortunately the usefulness of building e2fsck statically is gone on
all modern distributions, since everything else on the system is built
dynamically these days. In fact on some distributions it is almost
impossible to build programs statically any more.
Theodore Ts'o [Sun, 27 Jan 2008 05:35:32 +0000 (00:35 -0500)]
Use lseek() instead of llseek() of sizeof(long) == sizeof(long long)
Previously we used a hard-coded test where for the Alpha and the IA64,
we used lseek instead of llseek(). Generalize this to whenver
sizeof(long) is the same as sizeof(long long).
It turns out this fixes a FTBFS problem on the x86_64 for Debian,
since dietlibc doesn't provide llseek() on that architecture.
Theodore Ts'o [Sun, 27 Jan 2008 04:17:50 +0000 (23:17 -0500)]
Ignore "safe" flag differences when e2fsck compares superblocks
Recent e2fsprogs (1.40.3 and higher) fsck compares primary superblock to
backups, and if things differ, it forces a full check. However, the
kernel has a penchant for updating flags the first time a feature is
used - attributes, large files, etc.
This is a bad idea, and we should break the kernel of this habit,
especially for the ext4 feature flags. But for now, let's make e2fsck
avoid forcing a full check and backup except when absolutely
necessary.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Sun, 27 Jan 2008 00:06:35 +0000 (19:06 -0500)]
Add support for the test_fs flag
The test_fs flag is an "ok to be used with test kernel code" flag. It
makes it easier for us to determine whether a filesystem should be
mounted using ext4 or not.
Theodore Ts'o [Mon, 21 Jan 2008 18:45:00 +0000 (13:45 -0500)]
Explicitly check for ftruncate64() in configure.in
Apparently Mac OS 10.5 defines fstat64(), but not ftruncate64(),
causing resize2fs to fail to build. So check explicitly for
ftruncate64(), and fall back to ftruncate() if necessary.
Theodore Ts'o [Mon, 21 Jan 2008 18:43:18 +0000 (13:43 -0500)]
resize2fs: Add sanity check for off_t overflow before truncating
If we can't use ftruncate64(), and have to use ftruncate() instead,
make sure that we don't accidentally truncate the size when we chop it
down to an off_t before calling ftruncate(), lest we severely damage a
filesystem image file.
Theodore Ts'o [Fri, 4 Jan 2008 21:55:37 +0000 (16:55 -0500)]
If --sbindir, et. al are specified to configure set $root_sbindir, et al.
If the user specifies as arguments to configure --bindir, --sbindir,
--libdir, or --sysconfdir, then set corresponding $root_FOO variable,
so that the request from the user to set a specific --sbindir is
honored.
Theodore Ts'o [Wed, 2 Jan 2008 01:05:04 +0000 (20:05 -0500)]
Use pkg-config to determine where to find the devmapper library
Fedora and Red Hat puts the devmapper library in different locations
compared to Debian, so we use pkg-config. Unfortunately Debian's
devmapper.pc file is buggy (See Debian Bug #390243), so we have to
work around it.
Historically, e2fsprogs has tried not to depend on pkg-config, since
its answers are so often **wrong** (the Debian bug has been ignored
for over a year), so I'm hoping I'm not going to regret this.
Theodore Ts'o [Tue, 1 Jan 2008 21:48:09 +0000 (16:48 -0500)]
Fix profile, checker, and shared-library building on non-Linux platforms
Approximately two years ago a revamp of the e2fsprogs build
infrastructure broke the Makefile fragments for building BSD, Solaris,
and Darwin shared libraries, as well as profiling and checker
libraries. Apparently no one had noticed except for
pierre42@users.sourceforge.net.
Theodore Ts'o [Tue, 1 Jan 2008 16:37:20 +0000 (11:37 -0500)]
debugfs: allow the undel command reallocate without linking the inode
When recovering a large number of deleted files, linking the undeleted
inodes to directories may require a directory to be expanded. This
could allocate a block that that had been used by one of the
yet-to-be-undeleted files. So the 'undel' command been enhanced to
allow the destination pathname to be optional. This will allow the
cautious user to undelete all of the inodes without specifying a
destination pathname, and then either use debugfs's link command to
add hard links, or use e2fsck to link all of the recovered files to
the lost+found directory.
Theodore Ts'o [Tue, 1 Jan 2008 15:59:57 +0000 (10:59 -0500)]
e2fsck: When optimizing non-htree directories, sort by inode number
Previously "e2fsck -fD" on a non-htree directory would sort the
directory alphabetically by name. That's stupid. Better to sort the
directory by inode number, since that will optimize performance much
more significantly than sorting by name!
Theodore Ts'o [Tue, 1 Jan 2008 15:42:41 +0000 (10:42 -0500)]
e2image: If there is an error while writing a block, call exit(1)
If the disk fills while e2image is writing its output file, it will
spew a large number of error messages instead of exiting with a
non-zero status code after the first failure.
Theodore Ts'o [Tue, 1 Jan 2008 03:22:46 +0000 (22:22 -0500)]
debian: Use useradd and groupadd in favor of adduser
The adduser package is 'important', and while it is often installed,
we can't guarantee that it will always be there. A required package,
or a package which is dragged in by a required package, such as
libuuid1, shouldn't depend on an 'important' package since that would
implicitly make it be required, which shouldn't be done unless
absolutely necesary.
So we replace the call to adduser with the lower-level useradd and
groupadd programs. They are part of the passwd package, which is
required to be on all Debian systems.
Theodore Ts'o [Mon, 31 Dec 2007 22:17:39 +0000 (17:17 -0500)]
debian: build the e2fsck-static package so it works on 2.4 kernels
Some people are still running ancient Debian distributions, such as
woody, with a 2.4 kernel, and they want to be able to use the
e2fsck-static package on backlevel systems.
It turns out that we can't just statically link against glibc anymore,
since glibc now uses thread-local storage everywhere. So we now build
e2fsck-static using dietlibc.
Theodore Ts'o [Mon, 31 Dec 2007 19:43:11 +0000 (14:43 -0500)]
Fix build error in blkid/tst_types.c when using diet libc
When compiling with diet libc, <sys/types.h> must be included in order
to define the types used in asm/types.h. Strange choice, but
workable. This doesn't cause much problems for e2fsprogs except
blkid/tst_types.h, which needed a #include of <sys/types.h>.
Theodore Ts'o [Mon, 31 Dec 2007 19:36:48 +0000 (14:36 -0500)]
Test for sys/syscall.h in configure to fix dietlibc build problem
When compiling with dietlibc, sys/syscall.h isn't supported; as of
dietlibc 0.30, it exists but it references a non-existent asm/unistd.h
header file. So we have to test for its existence and avoid using it
in lib/uuid/gen_uuid.c if it is not supported.
Theodore Ts'o [Tue, 25 Dec 2007 19:19:15 +0000 (14:19 -0500)]
uuidd: Avoid race conditions to that only one uuidd is started
Use an improved locking protocol based on the pid file to assure that
only one uuidd is started. Apparently the kernel does not prevent
multiple processes from racing to bind to a Unix domain socket.
Theodore Ts'o [Mon, 17 Dec 2007 20:16:44 +0000 (15:16 -0500)]
libuuid: When starting uuidd, use waitpid() to reap the zombie process
The uuidd process will fork and let the parent process exit to create
the daemon. So use waitpid to reap the zombie, as well as using it to
time when it is safe to try to connect to the daemon.
Theodore Ts'o [Mon, 17 Dec 2007 20:12:04 +0000 (15:12 -0500)]
uuidd: Use /var/lib/libuuid instead of /var/run/uuidd
/var/run can get completely removed at reboot, and uuidd doesn't have
permissions to recreate /var/run/uuidd. So instead use
/var/lib/libuuidd for the unix domain socket and pid files.
Theodore Ts'o [Sun, 16 Dec 2007 22:21:38 +0000 (17:21 -0500)]
Add uuidd daemon to prevent duplicate time-based UUID's
Also store the clock sequence information in a state file in
/var/lib/misc/uuid-clock so that if the time goes backwards the clock
sequence counter can get bumped. This allows us to completely
correctly generate time-based (version 1) UUID's according to the
algorithm specified RFC 4122.
will cause fsck to issue warnings about invalid fstab lines, because
fsck was previously treating '#' as a comment when it appeared
anywhere in an fstab line, not just at the beginning of the line.
Theodore Ts'o [Sun, 16 Dec 2007 17:26:57 +0000 (12:26 -0500)]
blkid: Output non-printing characters using ^ and M- notation
When printing the value of tags in a formatted format, print control
characters and characters with the high eight bit set using the ^ and
M- notation, respectively. This prevents a filesystem with a garbage
label from potentially screwing up the user's screen (for example,
putting it into graphical mode).
Theodore Ts'o [Sun, 16 Dec 2007 03:31:03 +0000 (22:31 -0500)]
libcom_err: Fix sign-extension problem on 64-bit systems in error_message()
On 64-bit systems (or anything with sizeof(long) > sizeof(int)), we
sometimes get error codes passed to error_message which have been cast
from an (int) to an (unsigned int). This almost always happens if
you're using libgssapi_krb5, which returns an error code which is less
than 0 but is returned in an (unsigned int).
For example, -1765328377L gets cast to 2529638919, which is
0x96c73a07, not 0xffffffff96c73a07, so error_message() fails to find a
matching error table.
When error_message() then calls the error_table_name() function to get a
name to use in the "unknown code" message, it gets a correct value back.
This happens because error_table_name() drops most of the higher bits of
the parameter it's passed before doing anything else with it (& 077777777f,
or & 0xffffff). If we did the same thing in error_message(), we wouldn't
have a problem there, either.
Theodore Ts'o [Sun, 16 Dec 2007 00:39:37 +0000 (19:39 -0500)]
ext2fs_flushfs: Remove the NEEDS_RECOVERY from the backup superblocks
Now that e2fsck tries to backup the primary superblock to the backups
when the feature sets ar different, it's important when tune2fs writes
out a changed superblock, that we filter out the
EXT3_FEATURE_INCOMPAT_RECOVER feature to the backup superblocks, since
it will be removed from the primary superblock either when the
filesystem is mounted uncleanly or when journal is replayed.
Theodore Ts'o [Sat, 10 Nov 2007 00:01:06 +0000 (19:01 -0500)]
libext2fs: Add checks to prevent integer overflows passed to malloc()
This addresses a potential security vulnerability where an untrusted
filesystem can be corrupted in such a way that a program using
libext2fs will allocate a buffer which is far too small. This can
lead to either a crash or potentially a heap-based buffer overflow
crash. No known exploits exist, but main concern is where an
untrusted user who possesses privileged access in a guest Xen
environment could corrupt a filesystem which is then accessed by the
pygrub program, running as root in the dom0 host environment, thus
allowing the untrusted user to gain privileged access in the host OS.
Thanks to the McAfee AVERT Research group for reporting this issue.
Theodore Ts'o [Thu, 6 Dec 2007 02:01:22 +0000 (21:01 -0500)]
Add Ubuntu-specific e2fsck.conf file to work around Ubuntu issues
Ubuntu has init script and installer issues which cause them to have
significant problems with time zones. This is compounded with a
relatively inexperienced user base who want to dual boot with Windows
and so have their hardware clocks tick localtime.
The heuristics in blkid/devname.c probe_all() for scanning whole disks
with no partitions assume that a device name with no digit on the end
will always be present as a delineator, i.e.:
sda
sda1
sdb
sdc
In this case, when sdc is seen, it's the clue to go back and scan sdb.
However, for something like:
sda
sda1
sdb
loop0
this falls down, and sdb is never scanned.
(thanks to Karel Zak for pointing this out).
Addresses-Red-Hat-Bugzilla: #400321
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Sat, 1 Dec 2007 12:08:45 +0000 (07:08 -0500)]
libext2fs: Fix a corner case bug in ext2fs_unlink
We cannot merge a removed directory entry to just arbitrary previous
directory entry. The previous entry must be in the same block. So
really bad things can happen when are deleting the first directory
entry in a block where the last directory entry in the previous
directory block is not in use. We fix this bug by checking to see if
the current entry is not the first one in the block before trying to
merge it to the previous entry.
Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Arun Thomas [Fri, 9 Nov 2007 20:46:10 +0000 (15:46 -0500)]
e2image in raw-mode appends an extra byte to image-file
In raw mode (-r), e2image appends an extra byte to the image-file's
end if the last block requires a sparse write. Consequently, the
resulting image-file is one byte larger than the original in
size. This patch fixes the problem by seeking to one less than the
given offset, so that the byte write does not overflow into the next
block.
This problem can be reproduced by doing an e2image -r dev image-file
and comparing the original and resulting image sizes. This assumes the
image is sparse at the end. For my tests, I created a 100MB sparse
image with two files.
Signed-off-by: Arun Thomas <thomasar@us.ibm.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Theodore Ts'o [Mon, 1 Oct 2007 13:18:54 +0000 (09:18 -0400)]
e2fsck: backup superblocks if key constants have changed
If the primary superblock differs from the backup superblock in
certain key respects, force a full check (if e2fsck was invoked in
preen mode). If the filesystem check passes cleanly, and the
filesystem was opened in read/write mode, then write the primary
superblock to all of the backups.