Theodore Ts'o [Mon, 14 May 2018 22:22:09 +0000 (18:22 -0400)]
mke2fs: print error string if ext2fs_close_free() fails
There are multiple reasons why ext2fs_close_free() might fail, not
just an I/O error while writing out a backup superblock. Print the
error code, and then allow mke2fs to exit with an exit status code of
1, instead of whatever random error code ext2fs_close_free() might
have returned with.
This is mostly automatic replace of Free Software Foundation address in
all our files with the correct address that can be found at
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
e2image: fix metadata image handling on big endian systems
Currently e2image metadata image handling and creating is completely
broken on big endian systems. It just does not care about endianness at
all. This was uncovered With addition of i_bitmaps test, which is the
first test that actually tests e2image metadata image.
Fix it by making sure that all on-disk metadata that we write and read
to/from the metadata image is properly converted.
Make sure we can handle a maliciously created file system containing
an inode containing an extended attribute whose e_value_inum points
back at itself.
An inode containing the value for an extended attribute (aka an
ea_in_inode) must not have the INLINE_DATA flag and must have the
EA_INODE flag set. Enforcing this prevents e2fsck and debugfs crashes
caused by a maliciously crafted file system containing an inode which
has both the EA_INODE and INLINE_DATA flags set, and where that inode
has an extended attribute whose e_value_inum points to itself.
Theodore Ts'o [Sat, 31 Mar 2018 20:38:48 +0000 (16:38 -0400)]
tests: use mke2fs and debugfs from the build tree
The tests f_bigalloc_badinode and f_bigalloc_orphan_list were not
using the version of mke2fs and debugfs from the build tree, and if
mke2fs and debugfs are not in the user's PATH, these tests would fail.
Fix this.
Darrick J. Wong [Sun, 25 Mar 2018 19:01:33 +0000 (12:01 -0700)]
e2fsck: adjust quota counters when clearing orphaned inodes
If e2fsck encounters a filesystem that supports internal quotas, it is
responsible for adjusting the quota counters if it decides to clear any
orphaned inodes. Therefore, we must read the quota files, adjust the
counters, and write the quota files back out when we are done.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Andreas Dilger [Thu, 29 Mar 2018 18:36:54 +0000 (12:36 -0600)]
filefrag: avoid temporary buffer overflow
If an unknown flag is present in a FIEMAP extent, it is printed as a
hex value into a temporary buffer before adding it to the flags. If
that unknown flag is over 0xfff then it will overflow the temporary
buffer.
Reported-by: Sarah Liu <wei3.liu@intel.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-10335 Signed-off-by: Andreas Dilger <andreas.dilger@intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Sat, 24 Mar 2018 15:39:09 +0000 (11:39 -0400)]
tests: explicitly specify 1k block sizes when creating test file systems
On the Hurd, mke2fs will force the use of 4k block sizes by default
because the Hurd's implemntation of ext2 doesn't support any other
block sizes. This causes spurious test failures. Since these test
are testing e2fsprogs functionality, force the use of 1k block sizes
so the test output matches the expected output.
harshads [Fri, 23 Mar 2018 18:34:05 +0000 (11:34 -0700)]
e2fsck: delete bad inode fix for bigalloc
While deleting a bad inode in fsck pass2, we should remove clusters
only once. We do it by remembering last released cluster while
deleting clusters one by one.
harshads [Fri, 23 Mar 2018 18:32:49 +0000 (11:32 -0700)]
debugfs: release clusters only once in release_blocks_proc
While killing file by inode in debugfs (kill_file_by_inode), if
bigalloc feature is turned on, release clusters only once. We do it by
remembering the last released cluster while releasing blocks. We
release a cluster only if it is not already released.
Robert Schiele [Tue, 20 Mar 2018 04:38:48 +0000 (00:38 -0400)]
util: allow subst to build in cross build environemnt
In a cross build environment we don't get definition of
HAVE_SYS_STAT_H from config.h, therefore we need to define it locally
in that case similar to HAVE_SYS_TIME_H.
Fixes: 7fd537401270 ("misc: add missing declarations on maint") Signed-off-by: Robert Schiele <rschiele@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Mon, 19 Mar 2018 22:23:04 +0000 (18:23 -0400)]
libext2fs: teach e2image imager to handle bigalloc file systems
Previously, "mke2fs -t ext4 -O bigalloc /tmp/foo.img 4G ;
e2image /tmp/foo.img /tmp/foo.e2i" would result in e2image
dumping core. Fix ext2fs_image_bitmap_write() so it handles
file systems with bigalloc correctly.
Kazuya Mio [Sat, 17 Mar 2018 18:56:15 +0000 (14:56 -0400)]
libext2fs: fix ext2fs_open2() error for meta_bg image file
dumpe2fs/debugfs can examine the image file by using the -i option.
However, if meta_bg feature is enabled, dumpe2fs/debugfs cannot open
the image file.
$ dumpe2fs -i test.img
dumpe2fs: Attempt to read block from filesystem resulted in short read while trying to open test.img
Couldn't find valid filesystem superblock.
In case of specifying an image file, the location of block group descriptors
is the same as the case of default filesystem regardless of meta_bg feature.
So if EXT2_FLAG_IMAGE_FILE flag is set in ext2fs_open2(),
don't use the meta_bg handling.
harshads [Tue, 13 Mar 2018 23:19:07 +0000 (16:19 -0700)]
e2fsck: release clusters only once in release_inode_blocks
While releasing inode blocks, if bigalloc feature is turned on,
release clusters only once. We do it by remembering the last released
cluster while iterating through blocks and releasing a cluster only if
it is not already released.
Lukas Czerner [Fri, 9 Mar 2018 11:28:02 +0000 (12:28 +0100)]
e2fsck: fix endianness problem when reading htree nodes
Wrong directory block number can be saved in ->previous on big endian
system in parse_int_node(). Fix it by moving the mask out of the endian
conversion.
Eric Biggers [Sat, 3 Mar 2018 00:59:23 +0000 (16:59 -0800)]
tests: test e2fsck's handling of bad symlinks
Add a test which verifies that e2fsck will detect a variety of bad
symlinks, both fast and slow, and with several combinations of
filesystem features including extents, encryption, and inline_data.
There was already a similar test (f_badsymlinks), but it's an old test
that doesn't use any of these newer filesystem features.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:22 +0000 (16:59 -0800)]
e2fsck: require that fast symlinks don't have EXT4_EXTENTS_FL
It doesn't make sense for EXT4_EXTENTS_FL to be set on a fast symlink.
The kernel doesn't set it, and it ignores it if set. Meanwhile, e2fsck
is stricter: it will try to validate the extent tree, which will almost
certainly fail (assuming the symlink is, in fact, a fast symlink).
Make this behavior more explicit by rejecting EXT4_EXTENTS_FL for fast
symlinks, rather than going ahead and trying to validate an extent tree.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:21 +0000 (16:59 -0800)]
e2fsck: validate the targets of extent-based symlinks
e2fsck is validating the target (requiring that it be NUL-terminated at
i_size, or something a bit different for encrypted symlinks) of slow
symlinks that use a traditional block list but not ones that use an
extent tree. As far as I can tell this is simply a bug: there's no
reason for the representation of the block list to affect how the
symlink target is validated. And either way the kernel won't create
symlinks with embedded NULs and will always add a terminating NUL.
Thus, make e2fsck_pass1_check_symlink() start validating the targets of
extent-based symlinks.
Fixes: 7cadc57780f3 ("e2fsck: Support long symlinks which use extents") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:20 +0000 (16:59 -0800)]
e2fsck: drop redundant checks of symlink i_size
e2fsck_pass1_check_symlink() verifies that the symlink inode's i_size is
less than the buffer length (60 for fast symlinks, fs->blocksize for
slow symlinks). But it also verifies that len == i_size &&
len < buflen, which already implies i_size < buflen. Thus, remove the
redundant checks of i_size.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
e2fsck validates that unencrypted symlinks have their strlen() equal to
i_size. But it skips the equivalent check of i_size ==
fscrypt_symlink_data.len + 2 for encrypted symlinks. Actually, the
encrypted symlink header is redundant with i_size and shouldn't exist.
But it's there, and the kernel does in fact use the length in the header
instead of i_size -- so e2fsck should validate the header.
Thus, remove the exception for encrypted symlinks, so e2fsck will now
require i_size == fscrypt_symlink_data.len + 2. I think the exception
was only there originally because for encrypted fast symlinks we were
calculating the length using strnlen() which was wrong. But that was
fixed by the previous patch.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:18 +0000 (16:59 -0800)]
e2fsck: validate fscrypt_symlink_data.len for fast symlinks too
Both fast and slow encrypted symlinks are prefixed with the ciphertext
length field (fscrypt_symlink_data.len). But e2fsck was only checking
it for slow symlinks. Start checking it for fast symlinks too. This
matches the kernel handling of encrypted symlinks.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:17 +0000 (16:59 -0800)]
e2fsck: validate that fscrypt_symlink_data.len is not too large
Make e2fsck start validating that the ciphertext length stored in the
header of an encrypted symlink target, plus the header itself, is no
larger than a filesystem block. Previously e2fsck only verified that
this size is not exactly equal to a filesystem block. This was
sufficient for unencrypted symlinks, where the "actual length" is
computed using strnlen(), but not for encrypted symlinks; the kernel
also considers encrypted symlinks with too-large ciphertext length to be
invalid.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:16 +0000 (16:59 -0800)]
e2fsck: fix reading fscrypt_symlink_data.len
The ciphertext length field stored at the beginning of encrypted symlink
targets is 16-bit. But e2fsck_pass1_check_symlink() is reading it as
32-bit. This was apparently left over from an earlier on-disk format
that was not merged. Fix it.
This bug caused a small proportion of encrypted symlinks with 4092-byte
targets to be considered invalid by e2fsck, but otherwise had no effect.
Fixes: 62ad24802c6e ("e2fsck: handle encrypted directories which are indexed using htree") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:15 +0000 (16:59 -0800)]
libext2fs: make sure the system.data xattr gets created
Both the kernel and e2fsck expect that if an inode has inline data, then
it contains a "system.data" xattr -- even if i_size <= 60 so the data
fits entirely in i_block.
But if a symlink of exactly 60 bytes (not counting a NUL terminator) was
created using ext2fs_symlink() and the inline data feature was enabled,
then the symlink inode ended up with inline data but without a
system.data xattr. This is possible because "fast" symlinks store a NUL
terminator but inline data symlinks do not. So 60 bytes is too long for
a real fast symlink, but still short enough to fit the entire target in
i_block as a "slow" symlink using inline data.
Some places use ext2fs_inline_data_init() to ensure the system.data
xattr is created, but the symlink path does not.
Fix this by making ext2fs_inline_data_set() set system.data to an empty
string when i_size <= 60.
Fixes: 54e880b870f7 ("libext2fs: handle inline data in read/write function") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Sat, 3 Mar 2018 00:59:14 +0000 (16:59 -0800)]
libext2fs: forbid creating symlinks using entire block
ext2fs_symlink() didn't count the NUL terminator when limiting the
symlink target length to fs->blocksize, so it could create symlinks
using the entire block. Such symlinks are problematic because if
block_size == PAGE_SIZE (as is usually the case), then when following
such a symlink the kernel will truncate the last byte because it needs
to ensure the symlink page is NUL-terminated (see page_get_link()).
Perhaps for that reason, e2fsck considers such symlinks to be invalid
(although only if they use the traditional block list rather than an
extent tree, which seems to be another bug).
Fix this by counting the NUL terminator, thereby decreasing the maximum
accepted symlink target length by 1. Note that this matches the
kernel's behavior in ext4_symlink().
This breaks the test 'f_create_symlinks' which was using debugfs to
create a 1024-byte symlink (not counting the NUL terminator) on a
1024-byte block filesystem. Fix it by removing the leading '/' from the
test's symlink targets so that their lengths are decreased by 1.
Fixes: f01c1a6bce5e ("libext2fs: add the ext2fs_symlink() function") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Eric Biggers [Fri, 2 Mar 2018 05:21:35 +0000 (21:21 -0800)]
blkid: fix building e2fsprogs with internal libblkid
Building e2fsprogs with the internal libblkid fails for me with the
following compiler error:
In file included from blkidP.h:27:0,
from dev.c:17:
dev.c: In function ‘blkid_free_dev’:
../../lib/blkid/list.h:149:42: error: ‘intptr_t’ undeclared (first use in this function); did you mean ‘__intptr_t’?
((type *)((char *)(ptr)-(unsigned long)(intptr_t)(&((type *)0)->member)))
The problem is that lib/blkid/list.h is now using 'intptr_t', but
stdint.h is not guaranteed to have been included yet. Include it.
[ Changed to use inttypes.h if it is available and fall back to stdint.h
if it is not available - tytso ]
Fixes: 0a3d8041892c ("AOSP: build mke2fs for windows using android mingw library") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Theodore Ts'o [Wed, 28 Feb 2018 03:15:54 +0000 (22:15 -0500)]
libext2fs: declare local functions static to avoid namespace leakage
The functions, xattr_array_update() and space_used() were accidentally
allowed to be declared extern and were thus made available via the
shared library. Fix this.
Theodore Ts'o [Tue, 27 Feb 2018 22:32:27 +0000 (17:32 -0500)]
Break up RELEASE-NOTES into files in doc/RelNotes
The RELEASE-NOTES file was getting too big as be unweildy. It also
made it hard to have simultaneous releases of older maintenance
releases. So split it up into smaller files in the doc/RelNotes
directory.
Theodore Ts'o [Tue, 27 Feb 2018 06:27:10 +0000 (01:27 -0500)]
resize2fs: remove bigalloc warning for online resizing
The kernel supports online resizing of bigalloc file systems. There's
no real point to have a scary messaging when doing an online resize of
bigalloc file systems, since all of the heavy lifting is done by the
kernel.
Theodore Ts'o [Tue, 27 Feb 2018 01:56:33 +0000 (20:56 -0500)]
remove AOSP's lib/config.h and update util/android_config.h
While synchronizing with the AOSP e2fsprogs tree, lib/config.h was
accidentally checked in. In the upstream repository, the official
copy of lib/config.h for Android should be stored in
util/android_config.h, since lib/config.h will confuse Unix builds.
This means that when synchronizing with the AOSP tree, changes
lib/config.h need to be reflected in util/android_config.h
Steven Moreland [Mon, 12 Feb 2018 23:18:03 +0000 (15:18 -0800)]
AOSP: mke2fs: Don't require mke2fs.conf on Windows.
This target doesn't exist on Windows.
Fixes the following error:
build/make/core/main.mk:586: warning: Missing required dependency host_cross_mke2fs.conf from module host_cross_mke2fs defined in out/soong/Android-aosp_walleye.mk
Nick Kralevich [Mon, 27 Nov 2017 22:07:42 +0000 (14:07 -0800)]
AOSP: Standarize on VFS_CAP_REVISION_2
In https://github.com/torvalds/linux/commit/8db6c34f1dbc8 , namespaced
file capabilities were introduced. That change updated VFS_CAP_REVISION
from VFS_CAP_REVISION_2 to VFS_CAP_REVISION_3.
Android code is written assuming v2 capabilities, and the code will
break if we naively try to treat a v2 structure as a v3 structure.
So don't even try.
Android kernels prior to v4.14 will not support this extended capability
structure, so attempting to set such capabilities will ultimately fail.
With 8db6c34f1dbc8, it appears that attempting to read a v3 capabilities
xattr will always downgrade the capability to a v2 capability, so it
really doesn't make sense to look for a v3 capability.
Android capabilities are only created at /system and /vendor filesystem
creation time by host tools. Android processes, within or outside a
namespace, are not permitted CAP_SETFCAP
(https://android-review.googlesource.com/c/platform/system/sepolicy/+/547801/1/public/domain.te
line 1101). So we should never have to deal with a v3 capability other
than those that might appear on the /system / /vendor partition at a
future date by a future author.
Stephen Hines [Fri, 27 Oct 2017 18:44:15 +0000 (11:44 -0700)]
AOSP: Suppress use of ASan on e2fsdroid temporarily.
There is a heap buffer overflow that the next toolchain detects on
e2fsdroid. In order to expedite deploying that toolchain, which has been
validated on all of our other targets, we are going to suppress
host sanitization of this executable until we can resolve the actual
bug.
Bug: http://b/68387795
Test: ASAN_OPTIONS=detect_leaks=0 SANITIZE_HOST=address m -j48
Change-Id: I35126c25a65304e53a18031d99334cc57e21a6a5
From AOSP commit: 4705e518c65bf38d876188f28b65fd4815c716d7
Jin Qian [Thu, 10 Aug 2017 18:11:09 +0000 (11:11 -0700)]
AOSP: misc: fix resource leak in populate_fs
Contributed-By: Ivan Maidanski <i.maidanski@samsung.com>
Change-Id: Ibffdeea347d993c97f86ff7bfc5e78024048afce
From AOSP commit: 978002e04483ddab12187f2e08b28996657bc818
Theodore Ts'o [Sun, 25 Feb 2018 01:23:24 +0000 (20:23 -0500)]
tune2fs: if turning off csum_seed and the UUID has changed, require fsck
In the case where the UUID has changed and the user wants to turn off
the csum_seed feature, it's important that file system be freshly
checked. That's also the only case when it's necessary to recalculate
all of the metadata file systems.
Theodore Ts'o [Sat, 24 Feb 2018 23:11:19 +0000 (18:11 -0500)]
tune2fs/fuse2fs/debugfs: after replaying the journal, fix up s_lastcheck
If the file system needs to have the journal replayed, but definition
it can't be freshly checked. So if the time when the file system was
last checked (s_lastcheck) is before the time it was last mounted
(s_mtime), force s_lastcheck to be before s_mtime.
This is necessary to make sure some of tune2fs's safety checks work
correctly after replaying the journal, since some of tune2fs's
operations really require that the file system be self-consistent or
grave damage can result.
projects / thirdparty / e2fsprogs.git / log
