Theodore Ts'o [Mon, 16 Oct 2017 04:38:00 +0000 (00:38 -0400)]
debian: fix FTBFS regression caused by debhelper/10.9
The problem is caused by obsolete packages referenced in the rules
file. The latest version of debhelper is no longer forgiving about
non-existing packages being referenced in debhelper commands.
Theodore Ts'o [Mon, 16 Oct 2017 04:28:45 +0000 (00:28 -0400)]
libext2fs: fix potential memory access overrun in ext2fs_inode_csum()
If the superblock has a revision level of 0, then s_inode_size is
undefined, and the actual inode size is 128 bytes. This is handled by
the EXT2_INODE_SIZE() helper macro. If s_inode_size is maliciously
set to a large value, and the s_rev_level is 0, then this could result
in an illegal memory pointer dereference.
Addresses-Debian-Bug: #878104 Reported-by: Jakub Wilk <jwilk@jwilk.net> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Andreas Dilger [Sun, 15 Oct 2017 20:23:24 +0000 (16:23 -0400)]
tests: shorten test descriptions to fit in 80 columns
While not critical to functionality, it is easier to see the pass/fail
status of each test if they are not wrapped onto the next line.
Shorten test descriptions so the name+description fit in 80 columns.
Signed-off-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sun, 15 Oct 2017 20:19:04 +0000 (16:19 -0400)]
tests: fix d_inline_dump and f_mke2fs_baddisk from leaving behind temp files
These two tests could leave an temp file behind if the test is
skipped. In general test script files should avoid using 'exit',
since this bypasses the test cleanup scripting.
Andreas Dilger [Tue, 10 Oct 2017 22:39:52 +0000 (16:39 -0600)]
tests: don't leave temporary files at end of test
Don't leave temp files around after test has completed successfully.
Some test scripts were creating their own temporary files, and in
some cases test_one was skipping a test completely (e.g. slow) after
the temp file had been created.
Signed-off-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sun, 15 Oct 2017 04:22:20 +0000 (00:22 -0400)]
misc: clean up error handling for ext2fs_run_ext3_journal()
The ext2fs_run_ext3_journal() function is in debugfs/journal.c, and in
some error conditions cases may close the passed-in file system handle.
Clean up the both the function so that it reliably clears the file
system handle if it has been freed, and its callers so that they do
not crash by dereferencing a null pointer if it has been freed.
Reported-by: Erkki Ruohtula <eru@netti.fi> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Lukas Czerner [Sat, 14 Oct 2017 14:42:30 +0000 (10:42 -0400)]
libext2fs: skip start_blk adjustment when stride and flex_bg is set
Currently some stride optimization is done in
ext2fs_allocate_group_table() by adjusting start_blk block where we
start allocating block, or inode bitmaps.
However in flex_bg case this is currently useless since the values are
going to be overridden anyway. Moreover in flex_bg case the group might
already be full and the stride optimization will fail. As a result file
system resize might fail needlessly in some situations.
It can be shown by this example:
mke2fs -b 1024 -i 1024 -E stride=8192 -t ext4 /dev/loop0 1024000
resize2fs /dev/loop0 102400000
resize2fs 1.43.5 (04-Aug-2017)
Resizing the filesystem on /dev/loop0 to 102400000 (1k) blocks.
./resize/resize2fs: Could not allocate block in ext2 filesystem while trying to resize /dev/loop0
Please run 'e2fsck -fy /dev/loop0' to fix the filesystem
after the aborted resize operation.
Fix this by not doing the stride adjustment in case of flex_bg.
Lukas Czerner [Sat, 14 Oct 2017 14:33:10 +0000 (10:33 -0400)]
libext2fs: prevent allocating inode table from already used blocks
Currently it's possible for ext2fs_allocate_group_table() to place inode
tables to blocks that are already occupied by different inode table.
This can be reproduced by resize2fs on the file system where we need to
move more than one inode table to a different location due to increase
in group descriptor blocks, inode and block bitmaps.
Best way I can reproduce this is to create big enough file system with
huge amount of inodes and without resize_inode
e2fsck -fn /dev/loop0 | less
e2fsck 1.43.5 (04-Aug-2017)
ext2fs_check_desc: Corrupt group descriptor: bad block for inode table
e2fsck: Group descriptors look bad... trying backup blocks...
e2fsck: The journal superblock is corrupt while checking journal for /dev/loop0
e2fsck: Cannot proceed with file system check
Superblock has an invalid journal (inode 8).
Clear? no
/dev/loop0: ********** WARNING: Filesystem still has errors **********
None of the settings are strictly necessary and it can be reproducer in
various ways. This is just an example of one easy way to reproduce this.
This bug was introduced with commit fccdbac39454 ("libext2fs: optimize
ext2fs_allocate_group_table()") and is caused by the fact that wrong
bitmap is used to mark the blocks as used.
Fix this by using ext2fs_mark_block_bitmap_range2() in both (flex_bg and
non flex_bg) cases and handle flex_bg case manually instead of relying
on ext2fs_block_alloc_stats_range() because there is no way in that
function to use different bitmap than fs->block_map.
debian: clean up conditional fuse2fs pacakge build rules
There's no point conditionalizing fuse2fs in the control file, since
we control whether or not fuse2fs is built in the rules file, and the
control file is going to be the same when built on all of the debian
build servers.
Also key off of DEB_HOST_ARCH_OS to determine whether or not we are
building for the Hurd, and define it so the right thing happens if
./debian/rules is run by hand on a Hurd system.
Matthias Andree [Tue, 29 Aug 2017 05:02:36 +0000 (01:02 -0400)]
Search for GNU-compatible dd for self-tests.
This checks for a dd that supports iflag=fullblock oflag=append,
and looks at gdd and dd for now, and warns of failing self-tests
if neither supports these two flags.
Theodore Ts'o [Sat, 26 Aug 2017 17:42:30 +0000 (13:42 -0400)]
Silence valgrind warnings
Valgrind doesn't understand that the kernel will be initializing the
struct termios and struct loop_info64 structures. Since they occur in
functions which are not in the hot path, preinitialize to zero to
prevent valgrind from producing a huge number of false positives.
Jaco Kroon [Wed, 23 Aug 2017 18:21:43 +0000 (14:21 -0400)]
e2fsck: add optimization for heavily hard-linked file systems
In the case of file system with large number of hard links, e2fsck can
take a large amount of time in pass 2 due to binary search lookup of
inode numbers. This implements a memory trade-off (storing 2 bytes
in-memory for each inode to store inode counts).
For a 40TB filesystem with 2.8bn inodes this map alone requires 5.7GB
of RAM. For this reason, we don't enable this optimization by
default. It can be enabled using either an extended option to e2fsck
or via a seting in e2fsck.conf.
Even when the fullmap optimization is enabled, we don't use this for
the icount structure in pass 1. This is because the gain CPU gain is
nearly nil for that pass and the sacrificed memory does not justify
the increase in RAM.
(It could be that during pass 1, if more than 17% if possible inodes
has link_count>1 (466m inodes in the 40TB with 2.8bn possible inodes
case) then it becomes more memory efficient to use the full map
implementation in terms of memory. However, this is extremely
unlikely given that most file systems are heavily over-provisioned in
terms of the number of inodes in the system.)
Jaco Kroon [Wed, 23 Aug 2017 17:54:25 +0000 (13:54 -0400)]
e2fsck: optimize out the use region_t in scan_extent_node()
Since extents have a guarantee of being monotonically increasing we
merely need to check that block n+1 starts after block n. This is a
simple enough check and we can perform this by calculating the next
expected logical block instead of using the region usage tracking data
abstraction.
Theodore Ts'o [Wed, 23 Aug 2017 14:57:25 +0000 (10:57 -0400)]
tune2fs: explain why an fsck is needed
Currently tune2fs just says without any explanation, "run fsck -f".
Add a short explanation that a freshly checked file system is required
to reduce user confusion. (We could add even more details, but
hopefully this is enough.)
Theodore Ts'o [Wed, 23 Aug 2017 14:30:09 +0000 (10:30 -0400)]
mke2fs: automatically use 256 byte inodes if project feature enabled
If the inode size is not implicitly requested on the command line, and
it is too small to support the project feature, automatically promote
the inode size to be 256 bytes so that the project feature will work.
Note the previous test to check for a too-small inode size didn't work
because it checked before inode size was set in fs_param. Hence, it
was possible to create file systems with a 128 byte inode and the
project feature enabled.
Theodore Ts'o [Tue, 22 Aug 2017 16:15:26 +0000 (12:15 -0400)]
debian: remove support for pre-multiarch versions of Debian
All versions of Debian after Wheezy support Multiarch, so we can
simply the Debian control.in and rules file by removing support for
older versions of Debian without Multiarch support.
Theodore Ts'o [Tue, 22 Aug 2017 15:23:21 +0000 (11:23 -0400)]
libext2fs: avoid potential out-of-bounds write if pread/pread64 fails
In unix_io.c's raw_read_block(), if the initial attempt to call
pread/pread64 fails because the offset is insane, the variable
"actual" is left at -1, and then when lseek fails, the cleanup
function will try to clear (as an out-of-bounds write) a single byte
before the buffer. Fix this.
Addresses-Debian-Bug: #871539
Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reported-by: Jakub Wilk <jwilk@jwilk.net>
Theodore Ts'o [Tue, 22 Aug 2017 14:37:10 +0000 (10:37 -0400)]
debian: remove support libuuid/libblkid packages
Remove support for util-linux prior to 2.16, when e2fsprogs provided
its own copy of libuuid and libblkid. This is only needed for Debian
distributions prior to Wheezy, which is no longer supported.
Theodore Ts'o [Tue, 22 Aug 2017 04:54:15 +0000 (00:54 -0400)]
libsupport: don't try accessing the project quota for 128 byte inodes
If the file system has 128 byte inode, it's not possible to access its
project quota id, since the inode is too small. So prevent a
potential out-of-bounds read in get_qid().
The problem was found by valgrind and American Fuzzy Lop.
Theodore Ts'o [Tue, 22 Aug 2017 01:20:38 +0000 (21:20 -0400)]
e2fsck: in ask_yn() fall back to English yes/no characters
In the case of missing translations, if the translation for y/n is
missing due to fuzzy transactions, such that user is told to use
<y/n>, those characters will work correctly.
Theodore Ts'o [Mon, 14 Aug 2017 23:52:39 +0000 (19:52 -0400)]
e2fsck: add optimization for large, fragmented sparse files
The code which checks for overlapping logical blocks in an extent tree
is O(h*e) in time, where h is the number of holes in the file, and e
is the number of extents in the file. So a file with a large number
of holes can take e2fsck a long time process. Optimize this taking
advantage of the fact the vast majority of the time, region_allocate()
is called with increasing logical block numbers, so we are almost
always append onto the end of the region list.
Theodore Ts'o [Mon, 14 Aug 2017 01:07:21 +0000 (21:07 -0400)]
mke2fs: fix UI problem caused by fuzzy translations
When the original message was changed from "(y, n)" to "(y, N)", this
caused the translations to be marked as "fuzzy". For those
translations that use a different characters for yes and no --- for
example, German, which uses j and n for "ja" and "nein" --- not having
the translation can cause user confusion since the user will type 'y',
and it will be interpreted as "No", since mke2fs is expecting that the
user will type some other character, such as 'j' or 'J' for "Ja" in
the German locale.
Theodore Ts'o [Sun, 13 Aug 2017 18:45:27 +0000 (14:45 -0400)]
libsupport: fix 32-bit quota test failures
On 32-bit platform some of the util_dqblk structures have a type of
long long. So we need to use %lld and casts to make sure the right
thing happens on both 32-bit and 64-bit platforms.
Theodore Ts'o [Fri, 4 Aug 2017 06:01:43 +0000 (02:01 -0400)]
Remove special mips libraries from Debian build
These libraries were needed to support arcboot, which is obsolete and
no longer part of Debian. So drop these non-standard, legacy special
libraries that were only built on the mips platform.
Theodore Ts'o [Tue, 1 Aug 2017 14:26:11 +0000 (10:26 -0400)]
e2fsck: fix e2fsck -D for encrypted directories
If the directory entry is encrypted there may be embedded NUL
characters; hence, we should use memcmp instead of strncmp when
comparing strings. Otherwise, e2fsck can erroneously report that a
directory have duplicant entries when doing an e2fsck -D check.
libsupport: fix error handling in quota_write_inode
The error return value of quota_file_create() is no longer < 0,
and the error handling in quota_write_inode() is incorrect,
fix these. This also fix a tune2fs segfault that currently
occurs when we add project and quota features to an inode
exhaustion ext4 filesystem.
debugfs: fix "ls -p" to avoid printing garbage after the file name
In commit 68a1de3df3 (debugfs: pretty print encrypted filenames in the
ls command), a change was introduced in debugfs/ls.c which instead of
copying dirent->name and 0-terminating it, dirent->name is used
directly in printf.
However, instead of using the precision to limit the number of
characters output, the code uses the field width. As a result,
characters are output until a 0 is read, which results in garbage
after the file name.
Also fix two other instances of this in debugging messages that aren't
used, but fixing them will avoid potential future copypasta bugs.
Reported-by: Christian Gabriel <ch_gabriel@web.de> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Sandeen [Sun, 23 Jul 2017 22:34:57 +0000 (18:34 -0400)]
tune2fs: edit dire warning about check intervals
Time & mount-count based checks have been off by default for quite some
time now, but the dire warning about disabling them remains in the
tune2fs manpage, which is confusing. We did "strongly consider
the consequences" and disabled it by default, no need to scare the
user about it now. Inform the user of the consequences in a more
measured tone.
Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
resize2fs: sanity check the free blocks and inode counts
If the free block or free inodes count are larger than the number of
blocks or inodes in the system, request that the file system be
checked. Otherwise it's possible for calcuate_minimum_resize_size()
to hang in an infinite loop.
This problem was found using American Fuzzy Lop.
Reported-by: Adam Buchbinder <abuchbinder@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
E2fsck checks block numbers against the block_metadata_map before it
checks to see whether or not the block numbers are valid. So suppress
these harmless warnings.
If the superblock has invalid inode numbers for the user, group, or
project quota inodes, e2fsck should notice and offer to fix things by
zeroing out the invalid superblock field.
libext2fs: fix the s_log_block_size check in ext2fs_open()
The s_log_block_check can fail to detect an invalid value if it is
between UINT_MAX-9 and UINT_MAX, which can lead to ext2fs_open()
crashing with a division by zero error.
This bug was found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/
Compiling with -fsanitize=undefined -fsanitize=address causes some
warnings of C code that has undefined behavior according to the C
standard bugs. None of the warnings should cause e2fsprogs
malfunction given a sane compiler running on architectures that Linux
can support. Still, it's better to clean up to code than not.
To fix up a complaint of a negative shift in hash function, update the
very dated hash we had been using for the revoke table with the
current generic hash used by the kernel.
Marc Thomas [Mon, 26 Jun 2017 15:39:47 +0000 (16:39 +0100)]
filefrag: fix GCC7.x compiler warning
../../misc/filefrag.c:591:33: warning: comparison between pointer and
zero character constant [-Wpointer-compare]
for (cpp = argv + optind; *cpp != '\0'; cpp++) {
Signed-off-by: Marc Thomas <marc@dragonfly.plus.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Mon, 19 Jun 2017 22:39:55 +0000 (18:39 -0400)]
mke2fs: fix hugefile creation so the hugefile(s) are contiguous
Commit 4f868703f6f2: "libext2fs: use fallocate for creating journals
and hugefiles" introduced a regression for the mke2fs hugefile
feature. The problem is that the fallocate library function
intersperses the extent tree metadata blocks with the data blocks, and
this violates the hugefile guarantee that the created files should be
physically contiguous on disk.
Unfortuantely the m_hugefile regression test was flawed, and didn't
pick up the regression.
This commit fixes the regression test so that it detects the problem
before fixing mke2fs, and also fixes the mke2fs hugefile by reverting
the mke2fs hugefile portion of commit 4f868703f6f2.