Print the actual errors returned by ext2fs_open2() and
ext2fs_check_desc() before we fall back to the backup block group
descriptors so that it's easier to see if there is some obscure
failure that is causing e2fsck to think that it should use the backup
block group descriptors.
Addresses-Google-Bug: #6208183
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
For file systems that do not use MMP, there's no reason to close the
file system and then re-open the file system a second time, since
EXT2_FLAG_SKIP_MMP has no meaning for non-MMP file systems anyway.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Andreas Dilger <adilger@whamcloud.com>
We were checking for ENOMEM, but in fact if the malloc() fails,
ext2fs_check_desc() will return EXT2_ET_NO_MEMORY.
Addresses-Google-Bug: #6208183
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Add the ability to log messages about a file system to a specified
directory, using a file name templace that can be specified in
/etc/e2fsck.conf. This allows us to suppress the output of overly
verbose e2fsck outputs while still allowing the full logging output to
go to an appropriate file.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Also add appropriate documentation for options/max_count_problems and
problems/0xXXXXXX/max_count settings in /etc/e2fsck.conf
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This throttles the output of a particular problem type, to avoid a
bottleneck caused by (for example) printing a large number of
characters over a rate-limited a serial console.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If an extent has e_len set to zero, the kernel will oops with a
BUG_ON. Unfortunately, e2fsck wasn't catching this case. The kernel
needs to be fixed to notice this case and call ext4_error() instead of
failing an assertion check, but e2fsck should catch this case and
repair it (by deleting the errant extent).
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
We do not want to discard inode table if the underlying device does not
return zeros when reading non-provisioned blocks. The reason is that if
the inode table is not zeroed yet, then discard would not help us since
we would have to zero it anyway. In the case that inode table was
already zeroed, then the discard would cause subsequent reads to contain
non-deterministic data so we would not be able to assume that the inode
table was zeroed and we would need to zero it again, which does not
really make sense.
This commit adds check to prevent inode table from being discarded if
the discard does not zero data.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
When argument '-n' was specified and should run in read-only mode, we
should not attempt to discard anything. In order to do that we have to
check for E2F_OPT_NO flag and clear E2F_OPT_DISCARD flag if E2F_OPT_NO
is set.
This commit fixes the problem when we would mark inode tables as zeroed
(EXT2_BG_INODE_ZEROED) even when e2fsck is running in read-only mode. We
also move the check for E2F_OPT_NO so we can clear E2F_OPT_DISCARD as
early as possible.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The boolean expression (!skip_group || csum_flag) is always true,
since if csum_flag is FALSE, skip_group must also be FALSE. Hence, we
can just remove the expression from the conditional altogether, thus
simplifying the code and making it easier to read/understand.
Also, in the case where the bit is set in the bitmap, there's no point
repeatedly setting first_free to be ext2fs_block_count(fs->super).
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Previously when running e2fsck with '-E discard' argument the end of
the last group has not been discarded. This patch fixes it so we
always discard the end of the last group if needed.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
When calling e2fsck with '-E discard' option it might happen that
valid inodes are discarded accidentally. This is because we just
discard the part of inode table which lies past the free inode count.
This is terribly wrong (sorry!).
This patch fixes it so only the free parts of an inode table
is discarded, leaving used inodes intact. This was tested with highly
fragmented inode tables with block size 4k and 1k.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Phillip Susi <psusi@ubuntu.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Removing this check will allow us to eventually eliminate code from
the kernel which forcibly initialized the block bitmap when the inode
bitmap is first used. This would eliminate a required journal credit
and extra disk write.
Addresses-Google-Bug: #5944440
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Now that we have multiple backend implementations of the bitmap code,
this commit teaches e2fsck to use either the most appropriate backend
for each use case.
Since we don't know for sure if we will get it all right, the default
choices can be overridden via e2fsck.conf. The various definitions
are shown here, with the current defaults (which may change as we add
more bitmap implementations and as learn what works better).
; EXT2FS_BAMP64_BITARRAY is 1
; EXT2FS_BMAP64_RBTREE is 2
; EXT2FS_BMAP64_AUTODIR is 3
[bitmaps]
inode_used_map = 2 ; pass1
inode_dir_map = 3 ; pass1
inode_reg_map = 2 ; pass1
block_found_map = 2 ; pass1
inode_bad_map = 2 ; pass1
inode_imagic_map = 2 ; pass1
block_dup_map = 2 ; pass1
block_ea_map = 2 ; pass1
inode_link_info = 2 ; pass1
inode_dup_map = 2 ; pass1b
inode_done_map = 3 ; pass3
inode_loop_detect = 3 ; pass3
fs_bitmaps = 2
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The pass5 checks would fail if the expected and current {inode,block}
bitmaps used different back ends that returned different non-zero
values from the test_*_bitmap() functions. Fix this by changing
"(actual == bitmap)" to "(!actual == !bitmap)".
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Optimize how the tdb library so that running with [scratch_files] in
/etc/e2fsck.conf is more efficient. Use a better hash function,
supplied by Rogier Wolff, and supply an estimate of the size of the
hash table to tdb_open instead of using the default (which is way too
small in most cases). Also, disable the tdb locking and fsync calls,
since it's not necessary for our use in this case (which is
essentially as cheap swap space; the tdb files do not contain
persistent data.)
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
We need to do an accounting of duplicate clusters on a per-cluster
instead of a per-block basis so we know when we've correctly accounted
for all of the multiply claimed blocks in a particular inode.
Thanks to Robin Dong for reporting this bug.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
PATH_MAX is not portable (for example, it doesn't exist on the Hurd).
So replace it with a new define, which defines the maximum length of
the base quota name. As it turns out, this is substantially smaller
than PATH_MAX.
Also move the definitions relating to quotaio.c from mkquota.h to
quotaio.h, as a cleanup.
Addresses-Debian-Bug: #649689
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
When I create a non-extent file with the maximum size in ext4,
e2fsck detects the following error:
Pass 1: Checking inodes, blocks, and sizes
Inode 12, i_size is 4402345721856, should be 4402345721856. Fix?
As we know, e2fsck checks the size field of the inode in pass 1.
However, in case of the ext4 with the feature of ^extent and huge_file,
the maximum file size calculated in e2fsck is less than the real one.
The patch fixes this problem.
Signed-off-by: Kazuya Mio <k-mio@sx.jp.nec.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
If we abort fsck (due to ENOMEM for example) we exit
with only the FSCK_ERROR flag. It seems useful
to do the same sorts of checks as we do on normal
exit, and return whether the filesystem was modified,
whether there are still uncorrected errors, etc, even
in the abort case.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This patch cleans up the quota code as suggested in previous reviews. This
includes
* remove BUG_ON()s and 'exit()' calls from library code
* remove calls to malloc/free and instead use ext2fs_get/free_mem functions.
* lib/quota/common.c file in not needed anymore and is removed.
* rename exported functions to start with quota_
(ex: init_quota_context --> quota_init_context)
* better error handling in quota library
Signed-off-by: Aditya Kali <adityakali@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The ext2fs_file_acl_block() and ext2fs_set_file_acl_block() needs to
only check i_file_acl_high if the 64-bit flag is set. This is needed
because otherwise we will run into problems on Hurd systems which
actually use that field for h_i_mode_high.
This involves an ABI change since we need to pass ext2_filsys to these
functions. Fortunately these functions were first included in the
1.42-WIP series, so it's OK for us to change them now. (This is why
we have 1.42-WIP releases. :-)
Addresses-Sourceforge-Bug: #3379227
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Since the advent of 64bit filesystems, revoke blocks store 64-bit
block numbers instead of 32-bit block numbers. Therefore we need to
be able to handle that case.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Also remove the _("<foo>") marker from a string that was all numbers
and hence didn't need punctuation.
Thanks to Philipp Thomas and Goeran Uddeborg for reporting these
buglets.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
For those e2fsprogs programs which use libcom_err and are
internationalized, pass the gettext() function to libcom_err during
program initialization.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The get_qf_name() function used PATH_MAX, which is non-portable.
Worse, it blindly assumed that PATH_MAX was the size of the buffer
passed to it --- which in the one and only place where it was used in
libquota, was a buffer declared to a fixed size 256 bytes.
Fix this by simply getting rid of the function altogether.
Cc: Aditya Kali <adityakali@google.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
One table got missed when adding #ifdef's so that e2fsck/sigcatcher.c
would compile on non-Linux systems.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck modifies certain superblock fields which the kernel doesn't
look at, mark the superblock as dirty without marking the file system
as changed. This will avoid e2fsck signalling the init scripts that a
reboot is necessary. This is safe, because the kernel doesn't
actually look at these superblock fields.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If MMP is enabled and e2fsck determines that it needs to restart
itself on account of various MMP conditions, it will close the current
fs and jump back to the start of fs checking. However, closing fs
also frees it, which means that we need to set ctx->fs to NULL to
prevent subsequent open code from accessing the old deleted pointer.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
All of the signals which the signal catcher tries to interpret aren't
necessarily defined on all systems. So add #ifdef's to protect
various signals to avoid compilation failures on non-x86 platforms.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
In some cases the bad block inode gets corrupted. If it looks insane,
offer to clear it before trying to interpret it does more harm than
good.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Multi-mount protection is feature that allows mke2fs, e2fsck, and
others to detect if the filesystem is mounted on a remote node (on
SAN disks) and avoid corrupting the filesystem. For e2fsprogs this
means that it checks the MMP block to see if the filesystem is in use,
and marks the filesystem busy while e2fsck is running on the system.
This is useful on SAN disks that are shared between high-availability
servers, or accessible by multiple nodes that aren't in HA pairs. MMP
isn't intended to serve as a primary HA exclusion mechanism, but as a
failsafe to protect against user, software, or hardware errors.
There is no requirement that e2fsck updates the MMP block at regular
intervals, but e2fsck does this occasionally to provide useful
information to the sysadmin in case of a detected conflict.
For the kernel (since Linux 3.0) MMP adds a "heartbeat" mechanism to
periodically write to disk (every few seconds by default) to notify
other nodes that the filesystem is still in use and unsafe to modify.
Originally-by: Kalpak Shah <kalpak@clusterfs.com>
Signed-off-by: Johann Lombardi <johann@whamcloud.com>
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Several compiler errors are quieted:
- zero-length gnu_printf format string
- unused variable
- uninitalized variable (though it isn't actually used for anything)
- fixed a bug in ext2fs_stat() if stat64() does not exist
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The DEFS line in MCONFIG had gotten so long that it exceeded 4k, and
this was starting to cause some tools heartburn. It also made "make
V=1" almost useless, since trying to following the individual commands
run by make was lost in the noise of all of the defines.
So fix this by putting the configure-generated defines in lib/config.h
and the directory pathnames to lib/dirpaths.h.
In addition, clean up some vestigal defines in configure.in and in the
Makefiles to further shorten the cc command lines.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
These reflect either file descriptors which aren't tested
for failure, or closures of fd's which may have failed.
In setup_tdb(), test for failure of mkstemp and return
without trying to open the file (again).
In reserve_stdio_fds, rather than closing the "extra"
fd == 3 due to the way the loop is written, just
don't go that far by using while (fd <= 2).
In logsave, it forks and retries forever if open fails,
but at least make coverity happy by explicitly not
trying to close a negative file descriptor.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
fn and/or array was not freed in some error paths.
[ Also make sure the array is NULL terminated before we free it in
get_dirlist(). --tytso]
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
e2fsck_allocate_memory() already sets allocated memory to 0,
so remove the explicit memset.
Especially since it was setting the wrong size (iter not *iter)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
old_op is set but never used, because we restore "0"
not old_op. So don't bother with it.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
testing fs for NULL in expand_percent_expression():
e2fsck_ctx = fs ? (e2fsck_t) fs->priv_data : NULL;
implies that fs could be NULL, but it's passed to print_pathname()
which defererences it without further testing.
So make this safe by returning "???" for a nul fs.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>