Add an explanation of how e2fsck might decide to optimize a few
directories even without the -D option being specified.
Addresses-Debian-Bug: #441872
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Add some additional checks, primarily in resize2fs and in the rarely
used (and soon to-be-deprecated) e2fsck byte-swap filesystem function.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Ubuntu has init script and installer issues which cause them to have
significant problems with time zones. This is compounded with a
relatively inexperienced user base who want to dual boot with Windows
and so have their hardware clocks tick localtime.
Addresses-Ubuntu-Bug: #131201
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If the primary superblock differs from the backup superblock in
certain key respects, force a full check (if e2fsck was invoked in
preen mode). If the filesystem check passes cleanly, and the
filesystem was opened in read/write mode, then write the primary
superblock to all of the backups.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck adds or deletes any of the feature bitmasks, clear
EXT2_FLAG_MASTER_SB_ONLY so the backup superblocks are updated when
e2fsck finishes.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If superblock mount time or last write time is in the future, and the
user refuses to fix the problem, don't mark the filesystem as being
invalid and needing to be checked.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The Ubuntu init scripts don't properly set the system time correctly
from hardware clock if the hardware clock is configured to tick local
time instead of GMT time.
Work around this as best as we can by providing an option in
/etc/e2fsck.conf which can be set on Ubuntu systems:
[options]
buggy_init_scripts = 1
Addresses-Debian-Bug: #441093
Addresses-Ubuntu-Bug: #131201
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
E2fsck currently only retries with the backup superblock if the
primary superblock is missing (e.g., overwritten with garbage). If
the superblock is just corrupted enough that it looks like ext2/3/4
superblock, but it is corrupt enough that ext2fs_open2() returns an
error, e2fsck stops without retrying. Let's fix this oversight.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
atoi() does not check for errors so it shouldn't be used for human
input. For example, if the user enters the command "e2fsck -C -n" and
forgets that -C requires an argument, the -n will be used as the
argument to -C, and not parsed as an option. When using sscanf(),
this error case can be detected.
Addresses-Debian-Bug: #435381
Signed-off-by: Bernd Schubert <bs@q-leap.de>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Allow files to be preallocated on-disk up to the next multiple of the
system's page size without complaining about extra blocks.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Signed-off-by: Girish Shilamkar <girish@clusterfs.com>
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
A recent change to e2fsck_add_dir_info() to use tdb files to check
filesystems with a very large number of filesystems had a typo which
caused us to resize the wrong data structure. This would cause a
array overrun leading to malloc pointer corruptions. Since we
normally can very accurately predict how big the the dirinfo array
needs to be, this bug only got triggered on very badly corrupted
filesystems.
Thanks to Andreas Dilger for submitting the test case which discovered
this problem, and to Kalpak Shah for writing a random testing script
which created the test case.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Recently, one of our customers found this message in pass2 of e2fsck
while doing some regression testing:
"Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
rec_len of 14200, should be 26908."
Both the displayed rec_len and the "should be" value are bogus. The
reason is that salvage_directory sets a offset beyond blocksize
leading to bogus messages.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
profile_set_default() sets the value of the pseudo file "<default>".
If the file "<default>" had previously been passed to profile_init(),
then def_string parameter will be parsed and used as the profile
information for the "<default>" file.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The Turkish translation has a bug in it where it has the translation
of "E@e '%Dn' in %p (%i)" to "E@E". This causes @E to be expanded at
@E, recursively, forever, until the stack fills up e2fsck core dumps.
Fix it by stopping after a recursive depth of 10, which is far more
than we need.
Addresses-Sourceforge-Bug: 1646081
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Add an extra validity test in check_ext_attr(). If an attribute's
e_value_size is zero the current code does not allocate a region for it
and as a result the e_value_offs value is not verified. However, if
e_value_offs is very large then the later call to
ext2fs_ext_attr_hash_entry() can dereference bad memory and crash
e2fsck.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Signed-off-by: Jim Garlick <garlick@llnl.gov>
The original code only checked the direct blocks to make sure the
journal inode was sane. Unfortunately, if some or all of the indirect
or doubly indirect blocks were corrupted, this would not be caught.
Thanks to Andreas Dilger and Kalpak Shah for noticing this problem.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If the journal inode was corrected from s_jnl_blocks, write the fixed
journal inode back to disk.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
If the journal had been removed because it was corrupt, the
E2F_FLAG_JOURNAL_INODE flag will be set. If this flag is set, then
recreate the filesystem after checking the filesystem.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
This patch changes ext2fs_open() to set EXT2_FLAG_MASTER_SB_ONLY by
default. This avoids some problems in e2fsck (reported by Jim Garlick)
where a corrupt journal can end up writing the bad superblock to the
backups. In general, only e2fsck (after the filesystem is clean),
tune2fs, and resize2fs should change the backup superblocks by default.
Most callers of ext2fs_open() should not be touching anything where the
backups should be touched. So let's change the defaults to avoid
potential problems.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The Linux floppy driver is a bit different from the other block device
drivers, in that if the device has been opened with O_EXCL, it disallows
another open(), even if the second open() does not have the O_EXCL flag.
So this patch moves the call to ext2fs_get_device_size() so that if it
returns EBUSY, e2fsck can close the filesystem, retry the device size,
and then reopen it. This rather complicated approach is required since
we need to know the blocksize of the filesystem before we can call
ext2fs_get_device_size().
Addresses Debian Bug: #410569
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
I've been investigating why e2fsck refuses to restore the backup superblock
of a partition with a broken primary superblock.
The partition in question has a block size of 4096, and mke2fs reports that
backup superblocks were created on blocks 32768, 98304, 163840, ...
When running e2fsck, get_backup_sb starts by guessing a block size of 1024
and backup superblock at block 8193. I'm not sure why, but it actually finds
a superblock at this location, so returns a context with superblock 8193,
blocksize 1024.
Later on, ext2fs_open2() tries to process this superblock. It then realises
that the block size value stored in the superblock (4096) does not match what
it was told (1024), so it bails out with EXT2_ET_UNEXPECTED_BLOCK_SIZE. fsck
aborts without fixing the partition.
The following patch solves the problem by discounting superblocks which do
not meet the currently-sought block size.
As a result, block 32768 (blocksize=4096) is now used to restore the backup,
which agrees with the first location that mke2fs listed.
Signed-off-by: Daniel Drake <d.drake@mmm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
At the second conditional iter->file could still be NULL. We need to
check for it again. Should never happen in practice, but better to be
sure.
Coverity ID: 6: Forward Null
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This patch removes a code snippet from check_ea_in_inode() in pass1 which checks
if the EA values in the inode are sorted or not. The comments in fs/ext*/xattr.c
state that the EA values in the external EA block are sorted but those in the
inode need not be sorted. I have also attached a test image which has unsorted
EAs in the inodes. The current e2fsck wrongly clears the EAs in the inode.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Mke2fs is supposed to set the uid/gid ownership of the root directory when
a non-rooot user creates the filesystem. This wasn't working correctly
if the uid/gid was > 16 bits. In additional, debugfs wasn't displaying
large uid/gid's correctly. This patch fixes these two programs.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Another small bug I think: if the root directory contains shared
blocks, e2fsck pass1c search_dirent_proc() will be looking for
one more containing directory than it will ever find, and thus
loses an opportunity to terminate early.
Signed-off-by: Jim Garlick <garlick@llnl.gov>
Fix a problem byte-swapping fast symlinks inodes that contain extended
attributes.
Addresses Red Hat Bugzilla: #232663
Addresses LTC Bugzilla: #27634
Signed-off-by: "Bryn M. Reeves" <breeves@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix a typo which could cause e2fsck to throw an I/O error while doubling
checking whether or not a special device file was really an inode.
Also, don't do this tests on symbolic links since for filesystems with a
large numbers of symlinks it could degrade performance and increases the
risk for false positives.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Add better ehandler_operation() markers so it is clearer what e2fsck was
doing when an I/O error is reported.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
I think this is a small buglet in e2fsck: if a file has multiple hard
links, e2fsck pass1c search_dirent_proc() doesn't maintain its count
properly and may return DIRENT_ABORT before it has found containing
directories for all inodes sharing blocks.
Signed-off-by: Jim Garlick <garlick@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck.conf configures a scratch_files directory which is available,
and the number of directories exceeds scratch_files.numdirs_threshold,
then try to use the tdb library to store the directory information
abstraction. This allows us to check very large filesystems without
needing as much physical memory.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck.conf configures a scratch_files directory which is available,
and the number of directories exceeds scratch_files.numdirs_threshold,
then try to use the tdb library to store the inode count abstraction.
This allows us to check very large filesystems without needing as much
physical memory.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Change the iterator abstraction and replace e2fsck_get_dir_info() with
e2fsck_dir_info_{set,get}_{parent,dotdot} so that we can support an
on-disk dirinfo implementation. This allows e2fsck to check very large
filesystems on systems with smaller amounts of memory and/or address
space.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This is probably only useful in artificial test cases, but it will be
useful if we ever do the "inodes in directory" idea for ext4.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If there is an orphaned inode whose '..' entry is pointing at a special
file, the filetype of the '..' entry will set to the type of the special
file. When the orphaned directory is reconnected to /lost+found, the
filetype of the '..' field is not reset to EXT2_FT_DIR, so a second
e2fsck is required to repair the filesystem.
We address this situation by setting the filetype of '..' when we
reconnect the inode to /lost+found.
Addresses Lustre Bug: #11645
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Don't assume that a special device is bogus just because i_blocks is
non-zero. The i_blocks field could get adjusted later, and if this
happens it will confuse the e2fsck_process_bad_inode() in pass 2. In
practice true garbage inodes will have random non-zero in
i_blocks[4..15], so there's no point doing the check for an illegal
i_blocks value.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>