git://git.whamcloud.com - tools/e2fsprogs.git/log

misc/util.c: enable MinGW alarm() when building for Windows

To compile for Windows, this file needs MinGW's implementation of
alarm().  To expose that definition, some macros must be defined before
including the system headers.  This was done in Android.bp, but it was
not done in the autotools-based build system.  Define these macros in
the source file itself so that all build systems work.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mke2fs: fix a -Wunused-variable warning in PRS()

This showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mke2fs: fix Windows build

unix_io_manager is no longer available on Windows. windows_io_manager
must be used instead.

Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mk_hugefiles: simplify get_partition_start()

search_sysfs_block() is causing -Wformat-truncation warnings.  These
could be fixed by checking the return value of snprintf(), instead of
doing buggy checks like 'strlen(p_de->d_name) > SYSFS_PATH_LEN -
strlen(path) - 32', which has an integer underflow bug.

However, the only purpose of search_sysfs_block() is to find the sysfs
directory for a block device by device number.  That can trivially be
done using /sys/dev/block/$major:$minor.  So just do that instead.  Also
make get_partition_start() explicitly Linux-only, as it has never worked
anywhere else.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/fuse2fs: avoid error-prone strncpy() pattern

'strncpy(dst, src, strlen(src))' is usually wrong, as it doesn't copy
the null terminator. For this reason, it causes a -Wstringop-truncation
warning with gcc 8 and later.

The code happens to be correct anyway, since the destination buffer is
zero-initialized. But to avoid relying on this, let's just copy the
terminating null.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/e4defrag: fix -Wstringop-truncation warnings

Fix two -Wstringop-truncation warnings in is_ext4() by simplifying how
how mnt_type is handled and by using the correct bound for mnt_fsname.

Fix a -Wstringop-truncation warning in main() by replacing the fragile
pattern 'strncpy(dst, src, strnlen(src, N))', which doesn't
null-terminate the destination string, with a standard string copy. (It
happened to work anyway because dst happens to be zero-initialized.)

These warnings showed up when building with -Wall with gcc 8 or later.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/create_inode: simplify logic in scandir()

The control flow in scandir() (only used on Windows) confuses gcc into
thinking that *name_list is not always set on success, which causes a
-Wmaybe-uninitialized warning in __populate_fs(). As far as I can tell
it's a false positive; however, avoid it by cleanly separating the
success and failure cases in scandir().

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/create_inode: fix -Wunused-variable warnings in __populate_fs()

These showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: use real functions for kernel slab functions

The macros that e2fsck uses to implement kmalloc et al. use only some of
their arguments, so unlike standard function calls, they can cause
compiler warnings like:

./../e2fsck/revoke.c:141:8: warning: variable 'gfp_mask' set but not used [-Wunused-but-set-variable]

Fix this by providing a proper definition for each function, making sure
to match the function prototypes used in the kernel.

Remove the kmem_cache_t typedef, as it doesn't exist in the kernel.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/uuid: remove conflicting Windows implementation of gettimeofday()

When building libuuid for Windows with MinGW with the default settings,
there is a build error in lib/uuid/gen_uuid.c because the explicit
definition of gettimeofday() conflicts with MinGW's declaration of
gettimeofday(). gen_uuid.c apparently expects USE_MINGW to be defined
to avoid that, but the build system doesn't actually do that.

Since native Windows builds of e2fsprogs are currently only supported
via MinGW anyway (in particular, Visual Studio is not supported), let's
fix this by just removing our own definition of gettimeofday().

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/support: clean up definition of flags_array

Add braces to address the following compiler warning with gcc -Wall:

print_fs_flags.c:24:42: warning: missing braces around initializer [-Wmissing-braces]
24 | static struct flags_name flags_array[] = {
| ^

Also add 'const', and add an explicit NULL in the last entry.

Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/support: remove unused label in get_devname()

Address the following compiler warning with gcc -Wall:

devname.c: In function ‘get_devname’:
devname.c:61:1: warning: label ‘out_strdup’ defined but not used [-Wunused-label]
61 | out_strdup:
| ^~~~~~~~~~

Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ss: fix 'make install' by creating man1dir

'make install' does not work because libss tries to install a man page
without creating the directory first. Fix this.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/{ext2fs,support}: fix 32-bit Windows build

_WIN32 is the standard macro to detect (native) Windows, regardless of
32-bit or 64-bit.  _WIN64 is for 64-bit Windows only.  Use _WIN32 where
_WIN64 was incorrectly being used.

This fixes several 32-bit Windows build errors, for example this one:

plausible.c: In function ‘print_ext2_info’:
plausible.c:109:31: error: ‘unix_io_manager’ undeclared (first use in this function); did you mean ‘undo_io_manager’?
  109 |                               unix_io_manager,
      |                               ^~~~~~~~~~~~~~~
      |                               undo_io_manager

Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix a -Wpointer-sign warning in ext2fs_mmp_start()

This showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix two compiler warnings in windows_io.c

init_private_data() triggers a -Wstringop-truncation warning, due to a
real bug. Fix it.

windows_open() has a -Wunused-variable warning because some
macOS-specific code was copied there for no reason. Remove it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix a printf format specifier in file_test()

size_t should be matched by %zu, not %lu. This fixes a -Wformat warning
when building for 32-bit x86.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: consistently use #ifdefs in ext2fs_print_bmap_statistics()

Since the 'now' variable is only used to calculate 'inuse', and 'inuse'
is only used when defined(ENABLE_BMAP_STATS_OPS), it makes sense to
guard the declaration and initialization of 'now' and 'inuse' by the
same condition, just like the '*_perc' variables in the same function.

This addresses the following compiler warning with clang -Wall:

double inuse;
^

gen_bitmap64.c:187:9: warning: variable 'inuse' set but not used [-Wunused-but-set-variable]
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: remove 32-bit x86 bitops assembly

The EXT2FS_ADDR() macro is causing -Warray-bounds warnings because it
(sort of) dereferences past the end of the input array.  It's not a
"real" dereference, since the result is passed as a memory operand to
inline asm.  But in the C language sense, it is a dereference.

Instead of trying to fix this code, let's consider that libext2fs *only*
implements the bit operations in assembly for 32-bit x86, which is
rarely used anymore.  The fact that compilers have also improved, and no
one has implemented these for another architecture, even x86_64,
suggests it's not useful either.  So, let's just remove this outdated
code, which was maybe useful in the 90s, but now just causes problems.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/et: fix "unused variable" warnings when !HAVE_FCNTL

In init_debug(), avoid -Wunused-variable and -Wunused-but-set-variable
warnings when HAVE_FCNTL is not defined by only declaring 'fd' and
'flags' when HAVE_FCNTL is defined. This affected Windows builds.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/{e2p,ss}: remove manual declarations of errno

As per 'man 3 errno':

    On some ancient systems, <errno.h> was not present or did not
    declare errno, so that it was necessary to declare errno manually
    (i.e., extern int errno).   **Do not do this**.  It long ago ceased
    to be necessary, and it will cause problems with modern versions of
    the C library.

One of the platforms it causes a problem on is Windows:

    In file included from fgetversion.c:28:
    fgetversion.c: In function ‘fgetversion’:
    fgetversion.c:68:20: warning: ‘_errno’ redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
       68 |         extern int errno;
          |                    ^~~~~

Just remove these obsolete manual declarations of errno.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/e2p: fix a -Wunused-variable warning in getflags()

This affected Windows builds.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: suppress -Wstringop-truncation warning in blkid_strndup()

Unfortunately, gcc gets confused by blkid_strndup() and incorrectly
thinks the destination string is not being null-terminated. This is
part of -Wstringop-truncation, enabled automatically by -Wall in gcc 8
and later. Let's just suppress this warning here.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: suppress -Wunused-result warning in blkid_flush_cache()

When _FORTIFY_SOURCE is defined, glibc annotates link() with the
warn_unused_result function attribute.  With gcc, that makes
'(void) link()' cause a -Wunused-result warning, despite the explicit
cast to void.  That's annoying, since the use case in lib/blkid/save.c
is legitimate (opportunistic backup).  So let's suppress this warning.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: fix -Wunused-variable warning in blkid_get_dev_size()

This showed up when building for Windows. It's hard to conditionally
define this variable, so use the 'unused' attribute.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: fix unaligned access to hfs_mdb

With -Wall, gcc warns:

      ./probe.c:1209:42: error: taking address of packed member of
               'struct hfs_mdb' may result in an unaligned pointer value

This seems to be a real unaligned memory access bug, as the offset of
the 64-bit value from the start of the buffer is 116, which is not a
multiple of 8.  Fix it by using memcpy().

Do the same for hfsplus to fix the same warning, though in that case the
offset is a multiple of 8 so it was defined behavior.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: remove 32-bit x86 byteswap assembly

libblkid contains 32-bit x86 assembly language implementations of 16-bit
and 32-bit byteswaps. However, modern compilers can easily generate the
bswap instruction automatically from the corresponding C expression.
And no one ever bothered to add assembly for x86_64 or other
architectures, anyway. So let's just remove this outdated code, which
was maybe useful in the 90s, but is no longer useful.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib, misc: eliminate dependency on Winsock

Currently Windows builds of e2fsprogs rely on the Windows Socket API
(Winsock) to provide htonl() and ntohl(). For this to actually work,
though, HAVE_WINSOCK_H needs to be defined, and the binaries need to be
linked to -lws2_32. The Android.bp files do this; however, the
autotools-based build system does not.

Since htonl() and ntohl() are trivial, let's instead just add a file
include/mingw/arpa/inet.h with definitions for these.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

config/install-sh: update to latest version

The version of install-sh in the source tree is extremely old and
doesn't work when passed multiple path arguments, which breaks
'make install' on macOS.

Therefore, delete this file and run 'autoreconf -i' to update it to the
latest version.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

configure: regenerate

Run autoreconf.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

configure.ac: automatically add include/mingw/ headers

Since the include/mingw/ directory needs to be on the include path when
building for Windows with MinGW, add it to INCLUDES automatically, and
AC_DEFINE the corresponding HAVE_*_H constants.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

configure.ac: disable tdb by default on Windows

The tdb support does not build for Windows, due to the use of various
UNIX-isms, so disable it by default when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

configure.ac: only use Windows I/O manager on native Windows

Cygwin and MSYS2 are UNIX-compatible platforms on top of Windows, so
they should use the UNIX I/O manager, not the Windows I/O manager.

(Note that "cygwin" was misspelled as "cigwin", so the code did not have
the intended effect anyway.)

Fixes: d1d44c146a5e ("ext2fs: compile the io implementation according to os")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

mmp: fix wrong comparison in ext2fs_mmp_stop

In our knowledge, ext2fs_mmp_stop use to process the rest of work
when mmp will finish. Critically, it must check if the mmp block is
not changed. But there exist an error in comparing the mmp and mmp_cmp.

Look to ext2fs_mmp_read, the assignment of mmp_cmp retrieve from the
superblock of disk and it copy to mmp_buf if mmp_buf is not none
and not equal to mmp_cmp in the meanwhile. However, ext2fs_mmp_stop
pass the no NULL pointer fs->mmp_buf which has possed the mmp info to
ext2fs_mmp_read. Consequently, ext2fs_mmp_read override fs->mmp_buf
by fs->mmp_cmp so that loss the meaning of comparing themselves
after that and worse yet, couldn't judge whether the struct of mmp
has changed.

In fact, we only need to modify the parameter to NULL pointer for
solving this problem.

Signed-off-by: lihaoxiang <lihaoxiang9@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Fix various spelling typos

Typos found with codespell.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: optimize clone_file on large devices

When cloning multiply-claimed blocks for an inode,
clone_file() uses ext2fs_block_iterate3() to iterate
every block calling clone_file_block().
clone_file_block() calls check_if_fs_cluster(), even
the block is not on the block_dup_map, which could take
a long time on a large device.

Only check if it's metadata block when we need to clone
it.

Test block_metadata_map in check_if_fs_block()
and check_if_fs_cluster(), so we don't need to go over
each bg every time. The metadata blocks are already
marked in the bitmap.

Before this patch on a 500TB device with 3 files having
3 multiply-claimed blocks between them, pass1b is stuck
for more than 48 hours without progressing,
before e2fsck was terminated.
After this patch pass1b could finish in 180 seconds.

Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: check return value of ext2fs_mmp_update2 in rewrite_metadata_checksums

Tune2fs hasn't consider about the result of executing ext2fs_mmp_update2
when it try to rewrite_metadata_checksums. If the ext2fs_mmp_update2
failed, multi-mount protection couldn't guard there has the only node
(i.e. this program) accessing this device in the meantime.

We solve this problem to verify the return value of ext2fs_mmp_update2.
It terminate rewrite_metadata_checksums and exit immediately if the
wrong error code returned.

Signed-off-by: lihaoxiang <lihaoxiang9@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2scrub_all: fix typo in manpage

Fix this reported typo.

Reported-by: paul kairis <kairis@gmail.com>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix ext2fs_compare_generic_bmap logic

Currently this function was not correctly comparing against the right
length of the bitmap. Also when we compare bitarray v/s rbtree bitmap
the value returned by ext2fs_test_generic_bmap() could be different in
these two implementations. Hence only check against boolean value.

Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs.8: fix typo

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: don't allow journal inode to have encrypt flag

Since the kernel is being fixed to consider journal inodes with the
'encrypt' flag set to be invalid, also update e2fsck accordingly.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/fsck.c: Processes may kill other processes.

I find a error in misc/fsck.c, if run the fsck -N command, processes
don't execute, just show what would be done. However, the pid whose
value is -1 is added to the instance_list list in the execute
function,if the kill_all function is called later, kill(-1, signum)
is executed, Signals are sent to all processes except the number one
process and itself. Other processes will be killed if they use the
default signal processing function.

Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: print error message when closing the fs fails

I encountered an I/O error on writing the superblock on a drive:

  ...
  pwrite64(3, ..., 114688, 97844727808) = 114688
  fsync(3) = -1 EIO (Input/output error)
  close(3) = 0
  ...

The error was silently ignored, only indicated by the exit value. Let's
print an error message.

The error message was taken from mke2fs in order to reuse the
translations.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: add extra checks to ext2fs_check_mount_point()

A pseudo-filesystem, such as tmpfs, can have anything at all in its
mnt_fsname entry.  Normally, it is just "tmpfs", like this:

tmpfs /tmp tmpfs rw,relatime,inode64 0 0
^^^^^

but in a pathological or malicious case, a system administrator can
specify a block device as its mnt_fsname which is the same as some
other block device.  For example:

/dev/loop0 /tmp/test-tmpfs tmpfs rw,relatime,inode64 0 0
^^^^^^^^^^
/dev/loop0 /tmp/test-mnt ext4 rw,relatime 0 0

In this case, ext2fs_check_mount_point() may erroneously return that
the mountpoint for the file system on /dev/loop0 is mounted on
/tmp/test-tmpfs, instead of the correct /tmp/test-mnt.  This causes
problems for resize2fs, since in order to do an online resize, it
needs to open the directory where the file system is mounted, and
trigger the online resize ioctl.  If it opens the incorrect directory,
then resize2fs will fail.

So we need to add some additional checking to make sure that
directory's st_dev matches the block device's st_rdev field.

An example shell script which reproduces the problem fixed by this
commit is as follows:

   loop_file=/tmp/foo.img
   tmpfs_dir=/tmp/test-tmpfs
   mnt_dir=/tmp/test-mnt

   mkdir -p $tmpfs_dir $mnt_dir
   dd if=/dev/zero of=$loop_file bs=1k count=65536
   test_dev=$(losetup --show -f $loop_file)
   mke2fs -t ext4 -F -b 1024 $test_dev 32768
   mount -t tmpfs $test_dev $tmpfs_dir  # create the evil /proc/mounts entry
   mount -t ext4 $test_dev $mnt_dir
   ln -f ${test_dev} ${test_dev}-ln
   resize2fs ${test_dev}-ln

[ Fixed up the corrupted patch and rewrote the commit description to
  be more clear -- tytso ]

Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: fix an error message

  $ tune2fs -O ^has_journal -ff /dev/sdh2
  Recovering journal. tune2fs: Unknown code ____ 251 while recovering journal.

  Before: Please run e2fsck -fy -O.
  After: Please run e2fsck -fy /dev/sdh2.

Note this doesn't fix the "Unknown code" message, just the "Please run
e2fsck" one.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: exit directly when fs freed in ext2fs_run_ext3_journal

In ext2fs_run_ext3_journal(), fs will be freed and reallocated.
However, the reallocation by ext2fs_open() may fail in some cases ---
for example, when the device becomes offline. To avoid a segfault,
exit if fs is NULL.

[ Simplified the patch by by simply exiting if fs is NULL -TYT ]

Signed-off-by: Li Jinlin <lijinlin3@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Use an autoconf test to detect for a BSD- or GNU-style qsort_r function

BSD is planning on changing their qsort_r() implementation to align
with the POSIX/GNU-style qsort_r() function signature. So use an
autoconf test to determine which qsort_r() a system has.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

create_inode: do not fail if filesystem doesn't support xattr

As `set_inode_xattr()` doesn't fail if the `llistxattr()` function is
not available, it seems inconsistent to let `set_inode_xattr()` fail if
`llistxattr()` fails with `ENOTSUP`, indicating that the filesystem
doesn't support extended attributes.

Signed-off-by: Jürg Billeter <j@bitron.ch>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: update to standards version 4.6.1

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

AOSP: e2fsdroid: static import of libbase

Fix a wrong mixed shared/static library inclusion that has been unveiled
by a recent clang upgrade to clang-r450784e: the linker couldn't find
the requested object reference and caused the tool to crash.
libsnapshot_fuzzer_test was luckily catching this misbehaviour as it was
crashing as well when trying to format a loop device as ext4.

Bug: 230851331
Test: m && atest libsnapshot_fuzzer_test
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I20b7b1d66920eb8f767e49311f913564f14ee30e
Fix AOSP commit: 83239ca87da0bbdb088be7f0d048472e837899c2

AOSP: Moved contents of clang_cflags into cflags

Test: Treehugger
Bug: 226636335
Change-Id: If46f7b11aadcb29e33e36b67c56078ce5fa17b94
Fix AOSP commit: 19f3f24750096491b74d1f990adb617f3a5bba40

AOSP: Fix e2fsdroid build with musl

The e2fsdroid build fails with musl because config.h is not included
before ext2fs.h, which causes HAVE_SYS_TYPES_H not to be defined
resulting in a missing definition for dev_t.

Include config.h at the top of each .c file, and remove extra
config.h include from perms.h.

Bug: 190084016
Test: m USE_HOST_MUSL=true fastboot
Change-Id: I95b3fff3f10ba85c00ec049811dd6b5d412e5dd2
From AOSP commit: 09c63d5edd35e3ca8366be0d92aad922d8895ac1

AOSP: Add vendor available for libext2_blkid library

This is to support the cuttlefish f2fs/ext4
userdata filesystem.

Bug: 142424832
Test: local build
Change-Id: I7acb772e77d9250805e5a8a7e68f136deda7c5cb
From AOSP commit: 5df70145b418f84a2d0570e106fd055dbc9d0038

libext2fs: in ext2fs_open[2](), return an error if s_first_meta_bg is too big

These checks will be skipped for e2fsck when it uses the flag
EXT2_FLAG_IGNORE_SB_ERRORS.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: add release notes for 1.46.5-2 to the debian changelog

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update release notes, etc. for the 1.46.6-rc1 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc fix the chattr's man page regarding the -x flag

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: tune2fs_main() should return rc when some error, occurs

If some error occurs, tune2fs_main() will go to closefs tag for
releasing resource, and it should return correct value (rc) instead
of 0 when ext2fs_close_free(&fs) successes.

Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: Artem Blagodarenko <artem.blagodarenko@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: fix tune2fs segfault when ext2fs_run_ext3_journal() fails

When ext2fs_run_ext3_journal() fails, tune2fs cmd will occur one
segfault problem as follows.
(gdb) bt
#0  0x00007fdadad69917 in ext2fs_mmp_stop (fs=0x0) at mmp.c:405
#1  0x0000558fa5a9365a in main (argc=<optimized out>, argv=<optimized out>) at tune2fs.c:3440

misc/tune2fs.c:
main()
  -> ext2fs_open2(&fs)
    -> ext2fs_mmp_start
  ......
  -> retval = ext2fs_run_ext3_journal(&fs)
  -> if (retval)
    // if ext2fs_run_ext3_journal fails, close and free fs.
    -> ext2fs_close_free(&fs)
    -> rc = 1
    -> goto closefs
  ......
closefs:
  -> if (rc)
    -> ext2fs_mmp_stop(fs)     // fs has been set to NULL, boom!!
  -> (ext2fs_close_free(&fs) ? 1 : 0); // close and free fs

In main() of tune2fs cmd, if ext2fs_run_ext3_journal() fails,
we should set rc=1 and goto closefs tag, in which will release fs
resource.

Fix: a2292f8a5108 ("tune2fs: reset MMP state on error exit")
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update the binary gmo files

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: add Friulian lagnuage

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

config: update config.{guess,sub}

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update makefile dependencies

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Start bumping version numbers in preparation for 1.46.6 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update zh_CN.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update ms.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests/fuzz: add missing targets to the Makefile in in tests/fuzz

This fixes failures when running "make install" or "make destclean"
from the top level directory.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

mmp: don't use O_RDWR in ext2fs_mmp_read

It doesn't seem to be necessary since ext2fs_mmp_write doesn't write
via mmp_fd, and opening the block device with O_RDWR will trigger
udev.

Triggering udev is bad because it leads to an infinite loop when
running dumpe2fs in response to a udev event.

[ Rebased onto the maint branch, and added O_RDONLY flag.  From the
  open(2) man page: "The argument flags must include one of the
  following access modes: O_RDONLY, O_WRONLY, or O_RDWR." -- TYT ]

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update shared library flags used for Apple/Darwin

As submitted by Carlos Cabrera:

    We need to set the `-install_name` flag so that library consumers
    can find the linked libraries when installed outside the default
    dyld search path. This is the case, for example, when installed
    using the Homebrew package manager on Apple Silicon.

    I've removed the `-flat_namespace` flag because this flag is
    effectively deprecated, and can cause issues when using `dlopen`
    [1]. We also need to change `-undefined warning` to `-undefined
    dynamic_lookup`, since the former flag is not supported without
    `-flat_namespace`. Using `-undefined dynamic_lookup` instructs the
    dynamic loader to resolve undefined symbols at run/load-time.

    These are the flags used by Libtool on the newest versions of
    macOS, and we've applied similar patches to many other packages at
    Homebrew without any issues.

    [1] https://developer.apple.com/forums/thread/689991

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2image: checking the retval for the last update_refcount() is unnecessary

Addresses-Coverity-Bug: 709478
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: return an error when byte swapping a corrupted dirblock block

Except for e2fsck (where we want to expose the corrupted directory
entries to e2fsck mostly so that the e2fsck output stays the same on
big-endian machines compared to little-endian machines, so we don't
break our regression tests), if the directory block is corrupted, and
ext2fs_dirent_swab_in[2](), trips across this, return an error. This
will make sure that naive users of libextfs will not try to handle a
corrupted directory block. This prevents potential buffer overruns in
the byte swapping code paths.

This commit does not cause any functional change on little-endian
systems.

Addresses-Coverity-Bug: 1433408
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: remove unneeded automatic variable program_name

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: avoid looping forever in e2image when superblock is invalid

If the number of blocks or inodes per block group is not a multiple of
8 (which are invalid values) ext2fs_image_bitmap{read,write} can loop
forever.  These file systems should be not be allowed to be opened
(without EXT2_FLAG_IGNORE_SB_ERRORS) but for the fact that a long time
ago, Android devices used a buggy (but BSD-licensed, which was what
was important to the early Android founders) program for creating file
systems which would create these invalid file systems.  E2fsck
couldn't actually correctly repair these file systems, but adding a
check to enforce this (in e2fsprogs and in the kernel) would have
broken some of these devices, so support for these bogus file system
was in a grey area for many years.

We will be tightening this up soon, but for now, we'll apply this
quick fix so attempts to use e2image won't hang forever.  (Not that
Android ever shipped e2image in those days, of course...)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsprogs: fix device name parsing to resolve names containing '='

Currently in varisous e2fsprogs tools, most notably tune2fs and e2fsck
we will get the device name by passing the user provided string into
blkid_get_devname(). This library function however is primarily intended
for parsing "NAME=value" tokens. It will return the device matching the
specified token, NULL if nothing is found, or copy of the string if it's
not in "NAME=value" format.

However in case where we're passing in a file name that contains an
equal sign blkid_get_devname() will treat it as a token and will attempt
to find the device with the match. Likely finding nothing.

Fix it by checking existence of the file first and then attempt to call
blkid_get_devname(). In case of a collision, notify the user and
automatically prefer the one returned by blkid_get_devname(). Otherwise
return either the existing file, or NULL.

We do it this way to avoid some existing file in working directory (for
example LABEL=volume-name) masking an actual device containing the
matchin LABEL. User can specify full, or relative path (e.g.
./LABEL=volume-name) to make sure the file is used instead.

Link: https://lore.kernel.org/r/20220812130122.69468-1-lczerner@redhat.com
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Daniel Ng <danielng@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: validate i_extra_size in ext4_fc_handle_inode

Addresses-Coverity-Bug: 1500765
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: make blocksize be unsigned in logdump.c

Blocksize can never be negative, and this makes the use of signed vs
unsigned variables for offsets be consistent.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Avoid potential NULL dereference when argv[0]

Addresses-Coverity-Bug: 1500772
Addresses-Coverity-Bug: 1500769
Addresses-Coverity-Bug: 1500767
Addresses-Coverity-Bug: 1500758
Addresses-Coverity-Bug: 1500756
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: mark that we don't care about the return value of e2fsck_lookup()

We only print the parent directory to help provide context to the
user, but it's possible that a corrupted directory doesn't have a '..'
link.

Addresses-Coverity-Bug: 1507762
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: streamline problem latch handling

No functional changes, but streamline the logic, and avoid a coverity
warning.

Addresses-Coverity-Bug: 1507763
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: when mutating file name make sure its length never exceeds 255

E2fsck will attempt to mutate filenames to ensure uniqueness if
necessary. If there are two unique filenames that are 254 or 255
characters in length and do not contain the '~' character, the
mutate_name() function would create a filename which is 256 bytes
long, which is not a legal filename in Linux. Adjust the mutate_name
function to avoid this possibility.

Addresses-Coverity-Bug: 1500768
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Fix Coverity unintentional integer overflow warnings

Neither of these two warnings can actually happen (other limits will
be hit first), but widening the integer to a 64-bit unsigned integer
is an cheap and effective way to silence the Coverity warnings.

Addresses-Coverity-Bug: 1500760
Addresses-Coverity-Bug: 1507886
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

resize2fs: use ext2fs_get_arrayzero() instead of ext2fs_get_array() + memset()

The use of ext2fs_get_arrayzero() to replace using ext2fs_get_array()
+ memset() does not result in any functional change, but it (a) is
slightly more efficient, and (b) makes it easier for Coverity to avoid
signalling a false positive.

Addresses-Coverity-Bug: 1500763
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tune2fs: do not change j_tail_sequence in journal superblock

The function recover_ext3_journal() in debugfs/journal.c, if the log
replay is over, the j_tail_sequence in journal superblock is not
changed to the value of the last transaction sequence. This will
cause subsequent log commitids to count from the commitid in last
time. After tune2fs -e, the log commitid is counted from the commitid
in last time, if the log ID of the current operation overlaps with
that of the last operation, this will cause logs that were previously
replayed by tune2fs to be replayed here.

Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: liangyun <liangyun2@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: allow <inode> for ncheck

If the ncheck argument is of the form "<ino>", allow it for ncheck
for consistency with other commands that accept an inode number.

Improve the error message, use "Invalid inode number" instead
of "Bad inode", which implies the inode content being bad.

Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: quiet debugfs 'catastrophic' message

When debugfs runs with "-c", it prints a scary-looking message:

catastrophic mode - not reading inode or group bitmaps

that is often misunderstood by users to mean that there is something
wrong with the filesystem, when there is no problem at all.

Not reading the bitmaps is totally normal and expected behavior for
the "-c" option, which is used to significantly shorten the debugfs
command execution time by not reading metadata that isn't needed for
commands run against very large filesystems.

Since there is often confusion about what this message means, it
would be better to just avoid printing anything at all, since the
use of "-c" is expressly requesting this behavior, and there are
no messages printed out for other options.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Dongyang Li <dongyang@ddn.com>
Change-Id: I59b26a601780544ab995aa4ca7ab0c2123c70118
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

resize2fs: open device read-only when -P is passed

We ran into this because we noticed that resize2fs -P $device was
triggering udev events.

I added a very simple test that just checks resize2fs -P on a file
lacking the w bit succeeds.

Signed-off-by: Michael Hudson-Doyle <michael.hudson@ubuntu.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: fix ACL-printing tests

Fix the ACL-printing tests to be more flexible for different systems.
If the MKFS_DIR is on tmpfs, it will not list "system.posix_acl*"
xattrs, so they will not be copied. Create this on a real filesystem
or skip the test if that doesn't work.

Filter out the security.selinux xattr if it is printed, since this
depends on the selinux configuration of the host system. However,
this also spills xattrs for "acl_dir/file" into an external xattr
block, and causes it to fail due to different block allocations.
Increase the filesystem inode size so that the allocation is the same
regardless of whether selinux is enabled or not.

Fixes: 67e6ae0a35 ("mke2fs: fix a importing a directory with an ACL")
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Artem Blagodarenko <artem.blagodarenko@hpe.com>
Reviewed-by: Li Dongyang <dongyangli@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: always probe filesystem blocksize with simple io_manager

Combining superblock (-b) with undo file (-z) fails iff the block size
is not specified (-B) and is different from the first blocksize probed
in try_open_fs (1k).  The reason is as follows:

try_open_fs() will probe different blocksizes if none is provided on
the command line. It is done by opening and closing the filesystem
until it finds a blocksize that makes sense. This is fine for all
io_managers, but undo_io creates the undo file with that blocksize
during ext2fs_open.  Once try_open_fs realizes it had the wrong
blocksize and retries with a different blocksize, undo_io will read
the previously created file and think it's corrupt for this
filesystem.

Ideally, undo_io would know this is a probe and would fix the undo file.
It is not simple, though, because it would require undo_io to know the
file was just created by the probe code, since an undo file survives
through different fsck sessions.  We'd have to pass this information
around somehow.  This seems like a complex change to solve a corner
case.

Instead, this patch changes the blocksize probe to always use the
unix_io_manager. This way, we safely probe for the blocksize without
side effects.  Once the blocksize is known, we can safely reopen the
filesystem under the proper io_manager.

An easily reproducer for this issue (from Ted, adapted by me) is:

mke2fs -b 4k -q -t ext4 /tmp/foo.img 2G
e2fsck -b 32768 -z /tmp/undo /tmp/foo.img

Reported-by: Peter Urbanec <linux-ext4.vger.kernel.org@urbanec.net>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Quiet unused variable warnings

Quiet various compiler warnings about unreferenced or unset variables.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

resize2fs: trim resize to cluster boundary

This patch rounds down the size provided to resize2fs to the nearest
cluster boundary for bigalloc filesystems. This is similar to the
trimming already done for page boundary alignment. Aligning the size in
the user space provides the right value feedback from the resize2fs
command, which is a better user experience than trimming the size
in the kernel.

Signed-off-by: Oleg Kiselev <okiselev@amazon.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: handle invalid percent expansions in the log filename

Add a missing default: case when expanding percent expansions in the
log file specified in /etc/e2fsck.conf.

Addresses-Coverity-Bug: 1500757
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: validate block # of the inode table in ext2fs_image_inode_write()

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Build the fuzzers from oss-fuzz

The fuzzers from oss-fuzz in projects/e2fsprogs/fuzz (as of commit
78ecd3f07fca with some slight modifications for better error
reporting) have been placed in the tests/fuzz directory and the
configure script now supports a new option --enable-fuzzing which will
build these fuzzers using clang's -fsanitize=fuzzer command line
option.

In general, some sanitizer such as --enable-addrsan or --enable-ubsan
(to enable ASAN or UBSAN, respectively) should be enabled alongside
--enable-fuzzing.

A typical configure command to build the fuzzers might be:

configure CC=clang CXX=clang++ CFLAGS=-g --enable-fuzzing --enable-addrsan

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix potential integer overflow in bitmap accessors

bmap->cluster_bits has a maximum value of 19, but Coverity doesn't
know that. To make it happy, and just in case there is a bug where
somehow the cluster size does get set to an invalid value and the rest
of the library doesn't check it, use 1ULL instead of 1 to avoid the
integer overflow.

Addresses-Coverity-Bug: 1500759
Addresses-Coverity-Bug: 1500764
Addresses-Coverity-Bug: 1500771
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: fix potential fencepost error in e2fsck_should_rebuild_extents()

The ext2_extent_info.max_depth is zero-based (e.g., it is zero when
the entire extent tree fits in the inode).  Hence, if it is equal to
MAX_EXTENT_DEPTH_COUNT we should always rebuild the extent tree to
shorten it.

Also, for 1k block file systems, it's possible for the worst-case
extent tree in its most compact form to have a maximum depth of 6, not
5.  So set MAX_EXTENT_DEPTH_COUNT to 8 just to be sure we have plenty
of headroom.  (The kernel supports an extent depth up to 2**16, but
e2fsck only keeps statistics up to MAX_EXTENT_DEPTH_COUNT, and if it's
deeper than that, we know that it will be profitable to rebuild the
extent tree in any case.)

Addresses-Coverity-Bug: 1507761
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: make sure the bitmap locations are valid when writing bitmaps

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: reject various bitmap and inode operations for journal_dev file systems

The ext2fs_open() function will only allow journal_dev file systems to
be open if explicitly requested by programs using the
EXT2_FLAG_JOURNAL_DEV_OK flag. Those programs will not try to call
functions that make no sense, such as ext2fs_read_inode(),
ext2fs_read_bitmaps(), etc. Just to make things the library more
robust against buggy programs (or unrealistic fuzzers) add a check for
journal_dev file systems to various ext2fs library functions to return
a new error, EXT2_ET_EXTERNAL_JOURNAL_NOSUPP.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: in ext2fs_open[2](), return an error if s_desc_size is too large

Previously, ext2fs_open() and ext2fs_open2() would return an error if
s_desc_size is too small. Add a check so it will return an error if
s_desc_size is too large, as well.

These checks will be skipped for e2fsck when it uses the flag
EXT2_FLAG_IGNORE_SB_ERRORS.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update configure/configure.ac/aclocal.m4 to use autoconf 2.71

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Fix UBSAN if s_log_groups_per_flex is 31

It is logal (albeit rare) for the number of block groups per flex_bg
to 2**31 (which effectively means to put all of the block groups into
a single flex_bg). However, in that case "1 << 31" is undefined on
architectures with a 32-bit integer. Fix this UBSAN complaint by
using "1U << 31" instead.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>