Add an extra validity test in check_ext_attr(). If an attribute's
e_value_size is zero the current code does not allocate a region for it
and as a result the e_value_offs value is not verified. However, if
e_value_offs is very large then the later call to
ext2fs_ext_attr_hash_entry() can dereference bad memory and crash
e2fsck.
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Signed-off-by: Jim Garlick <garlick@llnl.gov>
This patch changes ext2fs_open() to set EXT2_FLAG_MASTER_SB_ONLY by
default. This avoids some problems in e2fsck (reported by Jim Garlick)
where a corrupt journal can end up writing the bad superblock to the
backups. In general, only e2fsck (after the filesystem is clean),
tune2fs, and resize2fs should change the backup superblocks by default.
Most callers of ext2fs_open() should not be touching anything where the
backups should be touched. So let's change the defaults to avoid
potential problems.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The Linux floppy driver is a bit different from the other block device
drivers, in that if the device has been opened with O_EXCL, it disallows
another open(), even if the second open() does not have the O_EXCL flag.
So this patch moves the call to ext2fs_get_device_size() so that if it
returns EBUSY, e2fsck can close the filesystem, retry the device size,
and then reopen it. This rather complicated approach is required since
we need to know the blocksize of the filesystem before we can call
ext2fs_get_device_size().
Addresses Debian Bug: #410569
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
I've been investigating why e2fsck refuses to restore the backup superblock
of a partition with a broken primary superblock.
The partition in question has a block size of 4096, and mke2fs reports that
backup superblocks were created on blocks 32768, 98304, 163840, ...
When running e2fsck, get_backup_sb starts by guessing a block size of 1024
and backup superblock at block 8193. I'm not sure why, but it actually finds
a superblock at this location, so returns a context with superblock 8193,
blocksize 1024.
Later on, ext2fs_open2() tries to process this superblock. It then realises
that the block size value stored in the superblock (4096) does not match what
it was told (1024), so it bails out with EXT2_ET_UNEXPECTED_BLOCK_SIZE. fsck
aborts without fixing the partition.
The following patch solves the problem by discounting superblocks which do
not meet the currently-sought block size.
As a result, block 32768 (blocksize=4096) is now used to restore the backup,
which agrees with the first location that mke2fs listed.
Signed-off-by: Daniel Drake <d.drake@mmm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
At the second conditional iter->file could still be NULL. We need to
check for it again. Should never happen in practice, but better to be
sure.
Coverity ID: 6: Forward Null
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This patch removes a code snippet from check_ea_in_inode() in pass1 which checks
if the EA values in the inode are sorted or not. The comments in fs/ext*/xattr.c
state that the EA values in the external EA block are sorted but those in the
inode need not be sorted. I have also attached a test image which has unsorted
EAs in the inodes. The current e2fsck wrongly clears the EAs in the inode.
Signed-off-by: Kalpak Shah <kalpak@clusterfs.com>
Mke2fs is supposed to set the uid/gid ownership of the root directory when
a non-rooot user creates the filesystem. This wasn't working correctly
if the uid/gid was > 16 bits. In additional, debugfs wasn't displaying
large uid/gid's correctly. This patch fixes these two programs.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix a problem byte-swapping fast symlinks inodes that contain extended
attributes.
Addresses Red Hat Bugzilla: #232663
Addresses LTC Bugzilla: #27634
Signed-off-by: "Bryn M. Reeves" <breeves@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix a typo which could cause e2fsck to throw an I/O error while doubling
checking whether or not a special device file was really an inode.
Also, don't do this tests on symbolic links since for filesystems with a
large numbers of symlinks it could degrade performance and increases the
risk for false positives.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Add better ehandler_operation() markers so it is clearer what e2fsck was
doing when an I/O error is reported.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
I think this is a small buglet in e2fsck: if a file has multiple hard
links, e2fsck pass1c search_dirent_proc() doesn't maintain its count
properly and may return DIRENT_ABORT before it has found containing
directories for all inodes sharing blocks.
Signed-off-by: Jim Garlick <garlick@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck.conf configures a scratch_files directory which is available,
and the number of directories exceeds scratch_files.numdirs_threshold,
then try to use the tdb library to store the directory information
abstraction. This allows us to check very large filesystems without
needing as much physical memory.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If e2fsck.conf configures a scratch_files directory which is available,
and the number of directories exceeds scratch_files.numdirs_threshold,
then try to use the tdb library to store the inode count abstraction.
This allows us to check very large filesystems without needing as much
physical memory.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Change the iterator abstraction and replace e2fsck_get_dir_info() with
e2fsck_dir_info_{set,get}_{parent,dotdot} so that we can support an
on-disk dirinfo implementation. This allows e2fsck to check very large
filesystems on systems with smaller amounts of memory and/or address
space.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This is probably only useful in artificial test cases, but it will be
useful if we ever do the "inodes in directory" idea for ext4.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If there is an orphaned inode whose '..' entry is pointing at a special
file, the filetype of the '..' entry will set to the type of the special
file. When the orphaned directory is reconnected to /lost+found, the
filetype of the '..' field is not reset to EXT2_FT_DIR, so a second
e2fsck is required to repair the filesystem.
We address this situation by setting the filetype of '..' when we
reconnect the inode to /lost+found.
Addresses Lustre Bug: #11645
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Don't assume that a special device is bogus just because i_blocks is
non-zero. The i_blocks field could get adjusted later, and if this
happens it will confuse the e2fsck_process_bad_inode() in pass 2. In
practice true garbage inodes will have random non-zero in
i_blocks[4..15], so there's no point doing the check for an illegal
i_blocks value.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The profile must be freed early if the subsequent memory allocation
fails for 'expanded_filename'.
Coverity ID: 14: Resource Leak
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
It is possible that e2fsck_get_dir_info() returns a NULL pointer.
We do not want to blow up when dereferencing p. It seems to be
more sane/safe to call fix_problem(ctx, PR_3_NO_DIRINFO, pctx)
if p is NULL at this point since we do not have any DIRINFO
for pctx->ino.
Also fix another (already existing) error check for
e2fsck_get_dir_info() later in the function so that it reports the
correct inode number if the dirinfo information is not found for
p->parent.
(Both of these are "should-never-happen" internal e2fsck errors that
would indicate a programming bug of some kind.)
Coverity ID: 10: Null Returns
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The dict_lookup() function can potentially return a NULL dnode_t. It is
not checked in two places in the clone_file() function. Looks to be
safe to continue if n is NULL, so just print a warning message and
continue.
Coverity ID: 9: Null Returns
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Change all of the e2fsprogs programs to use the newer add_error_table()
and remove_error_table() interfaces instead of the much older
initialize_*_error_table() function.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The e2fsprogs and kernel implementation of directory hash tree has a
bug which causes the implementation to be dependent on whether
characters are signed or unsigned. Platforms such as the PowerPC,
Arm, and S/390 have signed characters by default, which means that
hash directories on those systems are incompatible with hash
directories on other systems, such as the x86.
To fix this we add a new flags field to the superblock, and define two
new bits in that field to indicate whether or not the directory should
be signed or unsigned. If the bits are not set, e2fsck and fixed
kernels will set them to the signed/unsigned value of the currently
running platform, and then respect those bits when calculating the
directory hash. This allows compatibility with current filesystems,
as well as allowing cross-architectural compatibility.
Addresses Debian Bug: #389772
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
- EXT4_FEATURE_RO_COMPAT_HUGE_FILE (0x0008) - change i_blocks to be
in units of s_blocksize units instead of 512-byte sectors, use
l_i_frag and l_i_fsize as i_blocks_hi (could also be part of 64BIT).
E2fsck and debugfs changed to support i_blocks_hi instead of l_i_frag and
l_i_fsize.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Badblocks now interprets last_block argument as the last block to check,
instead of the number of blocks to check, to be consistent with the
badblocks man page.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Don't core dump if there is a corrupt htree interior node. If the block
number is larger than the number of blocks in the directory, don't write
past the end of malloc'ed memory.
Addresses SourceForge Bug: #1512778
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Create new ext2fs library inline functions in order to calculate
the starting and ending blocks in a block group.
Signed-off-by: Eric Sandeen <esandeen@redhat.com>
There were still some %d's lurking when we print blocks & inodes; also
many of the counters in the e2fsck_struct were signed, and probably
need to be unsigned to avoid overflows.
Signed-off-by: Eric Sandeen <esandeen@redhat.com>
For loops iterating over all group descriptors, consistently define
first_block and last_block in a way that they are inclusive of the
range, and do not overflow.
Previously on the last block group we did a test of <= first +
dec_blocks; this would actually wrap back to 0 for a total block count
of 2^32-1
Also add handling of last block group which may be smaller.
Signed-off-by: Eric Sandeen <esandeen@redhat.com>
Theodore Ts'o