The MMP code in libext2fs tries to gate MMP block swab'ing with this
test:
if (fs->super->s_magic == ext2fs_swab16(EXT2_SUPER_MAGIC))
However, EXT2FS_ENABLE_SWAPFS never seems to be defined anywhere (all
possible existed, the field fs->super->s_magic is always in host
byteorder, so the test always fails. So, we can change the #ifdef to
WORDS_BIGENDIAN (which is conditionally defined on BE platforms) and
get rid of the broken if test.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If MMP is enabled and e2fsck determines that it needs to restart
itself on account of various MMP conditions, it will close the current
fs and jump back to the start of fs checking. However, closing fs
also frees it, which means that we need to set ctx->fs to NULL to
prevent subsequent open code from accessing the old deleted pointer.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix several minor errors in structure definitions, the byteswap code,
and Makefiles that result from merging the crc32c and initial parts of
the metadata checksumming patchset.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If the enable_periodic_fsck option is false in /etc/mke2fs.conf (which
is also the default), s_max_mnt_count needs to be set to -1, instead
of 0. Kernels newer than 3.0 will interpret 0 to disable periodic
checks, but older kernels will print a warning message on each mount,
which will annoy users.
Addresses-Debian-Bug: #632637
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
All of the signals which the signal catcher tries to interpret aren't
necessarily defined on all systems. So add #ifdef's to protect
various signals to avoid compilation failures on non-x86 platforms.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The functions htole32(), le32toh(), be32toh(), htobe32() aren't
defined in all environments. Use the ext2fs byte swap functions for
portability.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
In some cases the bad block inode gets corrupted. If it looks insane,
offer to clear it before trying to interpret it does more harm than
good.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The debugging packages will contain no debugging symbols (since they
are in the unstripped executables and libraries) but at least the
build won't crash.
Addresses-Debian-Bug: #627535
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Fix up the debian/copyright file so it contains the full information
of the licenses used by all of the libraries. Also use a single
copyright file for e2fsprogs and e2fslibs, to make sure they are kept
in sync.
Addresses-Debian-Bug: #614662
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
If (!ino), the inode will be uninitialized when we print it
in the PARSE_OPT case.
So do the same as the LONG_OPT case, and memset it to 0 if
(!ino).
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Add tests for the MMP feature - creating a filesystem with mke2fs
and MMP enabled, enable/disable MMP with tune2fs, disabling the
e2fsck MMP flag with tune2fs after a failed e2fsck, and e2fsck
checking and fixing a corrupt MMP block.
The MMP tests need to be run from a real disk, not tmpfs, because
tmpfs doesn't support O_DIRECT reads, which MMP uses to ensure
that reads from the MMP block are not filled from the page cache.
Using a local disk does not slow down the tests noticably, since
they wait to detect if the MMP block is being modified.
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Multi-mount protection is feature that allows mke2fs, e2fsck, and
others to detect if the filesystem is mounted on a remote node (on
SAN disks) and avoid corrupting the filesystem. For e2fsprogs this
means that it checks the MMP block to see if the filesystem is in use,
and marks the filesystem busy while e2fsck is running on the system.
This is useful on SAN disks that are shared between high-availability
servers, or accessible by multiple nodes that aren't in HA pairs. MMP
isn't intended to serve as a primary HA exclusion mechanism, but as a
failsafe to protect against user, software, or hardware errors.
There is no requirement that e2fsck updates the MMP block at regular
intervals, but e2fsck does this occasionally to provide useful
information to the sysadmin in case of a detected conflict.
For the kernel (since Linux 3.0) MMP adds a "heartbeat" mechanism to
periodically write to disk (every few seconds by default) to notify
other nodes that the filesystem is still in use and unsafe to modify.
Originally-by: Kalpak Shah <kalpak@clusterfs.com>
Signed-off-by: Johann Lombardi <johann@whamcloud.com>
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Continue to remove the external journal device even if the device
cannot be found.
Add a test to verify that the journal device/UUID are actually removed
from the superblock. It isn't possible to use a real journal device
for testing without loopback devices and such (it must be a block device)
and this would invite complexity and failures in the regression test.
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Several compiler errors are quieted:
- zero-length gnu_printf format string
- unused variable
- uninitalized variable (though it isn't actually used for anything)
- fixed a bug in ext2fs_stat() if stat64() does not exist
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This adds new APIs: ext2fs_flush2 and ext2fs_close2 which take an
extra 'int flags' parameter.
This allows us to pass in an EXT2_FLAG_FLUSH_NO_SYNC flag which avoids
fsync'ing the filesystem when closing it. For the case we have in
mind where we are just constructing a throwaway ext2 filesystem in a
file in order to boot a VM, this saves over 5 seconds during the boot
process and avoids many unnecessary disk writes.
Existing code using ext2fs_flush and ext2fs_close remains unaffected
by this change.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Since the libquota library has namespace contamination issues, don't
build a shared library and link against it statically. Don't include
it as part of the Debian packages.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Enhance the debian build rules so it will create multiarch compliant
packages on those distributions that have support for it.
Also remove e2initrd-helper from the e2fsprogs package since no one
uses it any more.
Also update the debian policy standards version to 3.9.2.
Addresses-Debian-Bug: #632169
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
The DEFS line in MCONFIG had gotten so long that it exceeded 4k, and
this was starting to cause some tools heartburn. It also made "make
V=1" almost useless, since trying to following the individual commands
run by make was lost in the noise of all of the defines.
So fix this by putting the configure-generated defines in lib/config.h
and the directory pathnames to lib/dirpaths.h.
In addition, clean up some vestigal defines in configure.in and in the
Makefiles to further shorten the cc command lines.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
if tdb_dir points to a string allocated from profile_get_string,
it should be freed again before we exit.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
In theory sysconf() can fail, so check for an error return.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
These reflect either file descriptors which aren't tested
for failure, or closures of fd's which may have failed.
In setup_tdb(), test for failure of mkstemp and return
without trying to open the file (again).
In reserve_stdio_fds, rather than closing the "extra"
fd == 3 due to the way the loop is written, just
don't go that far by using while (fd <= 2).
In logsave, it forks and retries forever if open fails,
but at least make coverity happy by explicitly not
trying to close a negative file descriptor.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Handle these failures in resize_inode, and handle the propagated
error in the caller.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
fn and/or array was not freed in some error paths.
[ Also make sure the array is NULL terminated before we free it in
get_dirlist(). --tytso]
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
block_buf and/or inode_buf may not be properly freed on an error
return.
Create a new errout: target to free them as needed in error conditions.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Some error paths did not properly free "buf"
And the normal exit seemed to close e2_file twice (?)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
In addition to not making sense, it causes a memory leak
when fs_type gets overwritten.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
e2fsck_allocate_memory() already sets allocated memory to 0,
so remove the explicit memset.
Especially since it was setting the wrong size (iter not *iter)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The "count" variable is only ever set if FIBMAP is used,
due to the -B switch, or a fiemap failure. However,
we use it unconditionally to calculate "expected" for
extN files, so we can end up printing garbage.
Initialize count to 0, and unless we go through the FIBMAP
path, expected will be 0 as well, and in that case do not
print the message.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
in add_subst(), if the malloc of ent->name fails, we goto fail;
which will free ent->name (which is null, so OK) but also free
ent->value (which is uninitialized). There is no case where
we must free ent->value on an error (it is allocated last, and
if it fails it of course doesn't need to be freed) so just
remove it.
Also "retval" is only assigned once to the constant ENOMEM,
so we can just return that explicitly in the failure case.
Signed-off-by: Eric Saneeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
In inode_open(), if the allocation of &io fails, we go to cleanup
and dereference io to test io->name, which is a bug.
Similarly in undo_open() if allocation of &data fails, we
go to cleanup and dereference data to test data->real.
In the test_open() case we explicitly set retval to the only
possible error return from ext2fs_get_mem(), so remove that
for tidiness.
The other changes just make make earlier returns go through
the error goto for consistency.
In many cases we returned directly from the first error, but
"goto cleanup" etc for every subsequent error. In some
cases this leads to "impossible" tests such as:
if (ptr)
ext2fs_free_mem(&ptr)
on paths where ptr cannot be null because we would have
returned directly earlier, and Coverity flags this.
This isn't really indicative of an error in most cases, but
I think it can be clearer to always exit through the error goto
if it's used later in the function.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
old_op is set but never used, because we restore "0"
not old_op. So don't bother with it.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The EOPNOTSUPP case is unreachable, being outside a set of:
#if
...
return;
#else
...
return;
#endif
Fix this up so that if neither HAVE_CHFLAGS nor
HAVE_EXT2_IOCTLS applies, we set EOPNOTSUPP.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
There is no need to print out a "bad option" message; getopt
does that for us, and in fact will change "c" to "?" so
it's not even useful.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Specifying the "-n" option to uuidd would incorrectly
fall through to the "-p" case, and assign that number to
the pidfile_path.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Using the /* fallthrough */ comment lets Coverity (and humans)
know that we really do want to fall through in these case statements.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
testing fs for NULL in expand_percent_expression():
e2fsck_ctx = fs ? (e2fsck_t) fs->priv_data : NULL;
implies that fs could be NULL, but it's passed to print_pathname()
which defererences it without further testing.
So make this safe by returning "???" for a nul fs.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
In the !undo_io_backing_manager case, undo_err_handler_init
will be passed a null data->real, which will be dereferenced.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
If !WORDS_BIGENDIAN, it is pointless to test whether buf
is NULL, because it is initialized to NULL and never changed.
This makes Coverity complain, so we can just move all handling
of "buf" under the #ifdef.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
parse_fs_type explicitly sets usage_types if it is null,
so there is no need to test for null later.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The i++; statement is unreachable; fix same as commit
f1c2eaac535bd9172a35ce39b6d8f392321f274d in util-linux
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
The name_len field in ext2_dir_entry is actually comprised of
the name length in the lower 8 bytes, and the filetype in the
high 8 bytes. So in places, we mask name_len with 0xFF to
get the actual length.
But once we have masked name_len with 0xFF, there is no point
in testing whether it is greater than EXT2_NAME_LEN, which
is 255 - or 0xFF. So all of these tests are extraneous.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>