GitLab

Move the mke2fs "-d" option to be alphabetical like other options.

Rename "root_dir" to "src_root_dir" to avoid confusion with the
actual root inode in the new filesystem.
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

When creating a file in op_create, set the file's uid and gid to the
user's uid and gid.  Do the same in op_mknod.
Reported-by: Lennart Lövstrand <lennart@lovstrand.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

When an extent-mapped directory is compacted by "e2fsck -fD" and
frees enough leaf blocks that it loses an extent tree index block,
the old e2fsck_rehash_dir->ext2fs_block_iterate3->write_dir_block()
code would not free the extent block, which would result in the
extent tree becoming corrupted when it is written out.

    Pass 1: Checking inodes, blocks, and sizes
    Inode 17825800, end of extent exceeds allowed value
            (logical block 710, physical block 570459684, len 1019)

This results in loss of a whole index block of directory leaf blocks
and maybe thousands or millions of files in lost+found.

Fix e2fsck_rehash_dir() to call ext2fs_punch() to free the blocks
at the end of the directory instead of trying to handle this itself
while writing out the directory.  That properly handles all of the
cases of updating the extent tree as well as accounting for blocks
that are released (both leaf blocks and index blocks).

Add a test case for compacting the directory to be smaller than the
index block that originally caused the corruption.
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

If ext2fs_punch() was called with "end = ~0ULL" to indicate truncate
to the end of file it tried to compute "count" for ext2fs_punch_ind()
based on "start" and "end", but incorrectly passed "count = ~0U" even
when "start" was non-zero, causing an overflow in some cases.

The calling convention for ext2fs_punch_ind() was also gratuitously
different from ext2fs_punch() and ext2fs_punch_extent(), passing
"count" instead of "end" as the last parameter.  Fix this by passing
it "end" like the other functions, and handle "count" internally.

Add checks to ext2fs_punch_ind() if "end" is at or beyond the 2^32
indirect block limit so the 32-bit internal variables don't overflow.
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

The kernel requires all inodes with the extent flag set to have a
valid extent tree header in i_block.  The ext2fs_extent_open2 prefers
to initialize the header if i_block is zeroed, but e2fsck never writes
the new header to disk.  Since the kernel won't create inodes with the
flag and no header anyway, zap such files.
Reported-by: Bo Branten <bosse@acc.umu.se>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Running tune2fs on a filesystem with an unrecovered journal can
cause the tune2fs settings changes in the superblock to be reverted
when the journal is replayed if it contains an uncommitted copy of
the superblock.  Print a warning if this is detected so that the
user isn't surprised if it happens.
Signed-off-by: Jim Garlick <garlick@llnl.gov>

Updated message printed to include steps to replay journal.
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

The test2[] array is not 0-terminated and the create_test_list() for
loop does not terminate properly at the end of this array, but
continues until it hits the 0 at the end of test3[].
Reported-by: Hanno Boeck <hanno@hboeck.de>
Addresses: https://bugzilla.kernel.org/show_bug.cgi?id=104311

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

In check_inode_extra_space(), if we attempt to read an EA header at
the end of the extra space, in a corrupted filesystem it may result in
a read beyond the bounds of the inode. Add a check to prevent this.

Reproduced by running ./test_one --valgrind f_write_ea_toobig_extra_isize.
Signed-off-by: Artemiy Volkov <artemiyv@acm.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Acked-by: Darrick J. Wong <darrick.wong@oracle.com>

Signed-off-by: Jan Kara <jack@suse.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

This code is partially derived from patches from David Turner to allow
debugfs to properly support extended timestamps.

Cc: David Turner <novalis@novalis.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

There is a bug in how e2fsck handles being interrupted by CTRL-C.
If CTRL-C is pressed to kill e2fsck rather than e.g. kill -9, then
the interrupt handler sets E2F_FLAG_CANCEL in the context but doesn't
actually kill the process.  Instead, e2fsck_pass1() checks this flag
before processing the next inode.

If a filesystem is running in fix mode (e2fsck -fy) is interrupted,
and the quota feature is enabled, then the quota file will still be
written to disk even though the inode scan was not complete and the
quota information is totally inaccurate.  Even worse, if the Pass 1
inode and block scan was not finished, then the in-memory block
bitmaps (which are used for block allocation during e2fsck) are also
invalid, so any blocks allocated to the quota files may corrupt other
files if those blocks were actually used.

  e2fsck 1.42.13.wc3 (28-Aug-2015)
  Pass 1: Checking inodes, blocks, and sizes
  ^C[QUOTA WARNING] Usage inconsistent for ID 0:
      actual (6455296, 168) != expected (8568832, 231)
  [QUOTA WARNING] Usage inconsistent for ID 695:
      actual (614932320256, 63981) != expected (2102405386240, 176432)
  Update quota info for quota type 0? yes

  [QUOTA WARNING] Usage inconsistent for ID 0:
      actual (6455296, 168) != expected (8568832, 231)
  [QUOTA WARNING] Usage inconsistent for ID 538:
      actual (614932320256, 63981) != expected (2102405386240, 176432)
  Update quota info for quota type 1? yes

  myth-OST0001: e2fsck canceled.
  myth-OST0001: ***** FILE SYSTEM WAS MODIFIED *****

There may be a desire to flush out modified inodes and such that have
been repaired, so that restarting an interrupted e2fsck will make
progress, but the quota file update is plain wrong unless at least
pass1 has finished, and the journal recreation is also dangerous if
the block bitmaps have not been fully updated.
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

In ext2fs_extent_set_bmap() and ext2fs_punch_extent(), fix the parents
when altering either end of an extent so that the parent nodes reflect
the added mapping.

There's a slight complication to using fix_parents: if there are two
mappings to an lblk in the tree, the value of handle->path->curr can
point to either extent afterwards), which is documented in a comment.

Some additional color commentary from Darrick:

  In the _set_bmap() case, I noticed that the "remapping last block in
  extent" case would produce symptoms if we are trying to remap a
  block from "extent" to "next_extent", and the two extents are
  pointed to by different index nodes.  _extent_replace(...,
  next_extent) updates e_lblk in the leaf extent, but because there's
  no _extent_fix_parents() call, the index nodes never get updated.

  In the _punch_extent() case, we conclude that we need to split an
  extent into two pieces since we're punching out the middle.  If the
  extent is the last extent in the block, the second extent will be
  inserted into a new leaf node block.  Without _fix_parents(), the
  index node doesn't seem to get updated.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

Signed-off-by: Matthieu Dupont <matt.59491@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros.  Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

If during formatting we'd lose more than 75% a block group to group
descriptors and other metadata, enable the meta_bg feature.  This
enables us to create >500T filesystems with default options.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

When meta_bg is enabled at mkfs time, we put at most one group
descriptor block in each blockgroup.  Unfortunately, the calculation
of max overhead per bg doesn't know this, so mkfs fails when it isn't
strictly necessary.  Fix it, since Dave reported that he couldn't
create a 500TB ext4 filesystem.
Reported-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

When running on NFS, opening files with 0444 perms for writing can
sometimes fail.  This is arguably an NFS server bug, but work around
it by creating the file with 0644 permissions, and only change the
permissions to be 0444 right before we close the file.

URL: https://bugs.gentoo.org/550986

Reported-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Addresses-Debian-Bug: #798425
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

There are times when it is necessary to update the UUID on a mounted
root file system (for example).  So when we add this this safety check
to e2fsprogs 1.43, we will likely break some scripts.  Allow the -f
option to force an override of this safety check.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

The posix_fadvise() to hint to the system that the file can be removed
from memory will probably not work well without the sync_file_range(2)
call, but e4defrag should still fundamentally work, and this will
allow e4defrag to compile if the C library doesn't happen this system
call exposed.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

If malloc fails, properly handle the error condition.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

readlink does not nul terminate its result, therefore one extra byte
has to be taken into account.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

We weren't verifying the checksum of an htree leaf block due to a
coding error that marked all htree blocks as not having checksums.
While we're at it, fix the error message that gets displayed so that
it doesn't print a meaningless block offset.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

If there are directory entries with file names which are less than 16
bytes, it turns out that passing less than the crypto block size to
the kernel's crypto layer will cause the kernel to crash.

However, since there never should be encrypted directory entries where
the file name is less than 16 bytes (the AES block size), change
e2fsck to offer to address this corruption by deleting the directory
entry.

(We need to checks for this condition into the kernel as well.)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

The /lost+found directory must not be encrypted, since e2fsck won't
have any keys.  If we find an encrypted lost+found directory, we
should delete the directory and recreate it.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Also change ext2fs_symlink() so that the target parameter is a const
char *, thus promising that we will never change the incoming string.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

We are using __func__ without any backup definition in the rest of
e2fsprogs, and this is causing warnings in the Android build, so just
remove it.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>