Whamcloud - gitweb
libext2fs: avoid buffer overflow if s_first_meta_bg is too big
[tools/e2fsprogs.git] / lib / ext2fs / openfs.c
1 /*
2  * openfs.c --- open an ext2 filesystem
3  *
4  * Copyright (C) 1993, 1994, 1995, 1996 Theodore Ts'o.
5  *
6  * %Begin-Header%
7  * This file may be redistributed under the terms of the GNU Library
8  * General Public License, version 2.
9  * %End-Header%
10  */
11
12 #include "config.h"
13 #include <stdio.h>
14 #include <string.h>
15 #if HAVE_UNISTD_H
16 #include <unistd.h>
17 #endif
18 #include <fcntl.h>
19 #include <time.h>
20 #if HAVE_SYS_STAT_H
21 #include <sys/stat.h>
22 #endif
23 #if HAVE_SYS_TYPES_H
24 #include <sys/types.h>
25 #endif
26 #ifdef HAVE_ERRNO_H
27 #include <errno.h>
28 #endif
29
30 #include "ext2_fs.h"
31
32
33 #include "ext2fs.h"
34 #include "e2image.h"
35
36 blk64_t ext2fs_descriptor_block_loc2(ext2_filsys fs, blk64_t group_block,
37                                      dgrp_t i)
38 {
39         int     bg;
40         int     has_super = 0, group_zero_adjust = 0;
41         blk64_t ret_blk;
42
43         /*
44          * On a bigalloc FS with 1K blocks, block 0 is reserved for non-ext4
45          * stuff, so adjust for that if we're being asked for group 0.
46          */
47         if (i == 0 && fs->blocksize == 1024 && EXT2FS_CLUSTER_RATIO(fs) > 1)
48                 group_zero_adjust = 1;
49
50         if (!(fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) ||
51             (i < fs->super->s_first_meta_bg))
52                 return group_block + i + 1 + group_zero_adjust;
53
54         bg = EXT2_DESC_PER_BLOCK(fs->super) * i;
55         if (ext2fs_bg_has_super(fs, bg))
56                 has_super = 1;
57         ret_blk = ext2fs_group_first_block2(fs, bg);
58         /*
59          * If group_block is not the normal value, we're trying to use
60          * the backup group descriptors and superblock --- so use the
61          * alternate location of the second block group in the
62          * metablock group.  Ideally we should be testing each bg
63          * descriptor block individually for correctness, but we don't
64          * have the infrastructure in place to do that.
65          */
66         if (group_block != fs->super->s_first_data_block &&
67             ((ret_blk + has_super + fs->super->s_blocks_per_group) <
68              ext2fs_blocks_count(fs->super))) {
69                 ret_blk += fs->super->s_blocks_per_group;
70
71                 /*
72                  * If we're going to jump forward a block group, make sure
73                  * that we adjust has_super to account for the next group's
74                  * backup superblock (or lack thereof).
75                  */
76                 if (ext2fs_bg_has_super(fs, bg + 1))
77                         has_super = 1;
78                 else
79                         has_super = 0;
80         }
81         return ret_blk + has_super + group_zero_adjust;
82 }
83
84 blk_t ext2fs_descriptor_block_loc(ext2_filsys fs, blk_t group_block, dgrp_t i)
85 {
86         return ext2fs_descriptor_block_loc2(fs, group_block, i);
87 }
88
89 errcode_t ext2fs_open(const char *name, int flags, int superblock,
90                       unsigned int block_size, io_manager manager,
91                       ext2_filsys *ret_fs)
92 {
93         return ext2fs_open2(name, 0, flags, superblock, block_size,
94                             manager, ret_fs);
95 }
96
97 /*
98  *  Note: if superblock is non-zero, block-size must also be non-zero.
99  *      Superblock and block_size can be zero to use the default size.
100  *
101  * Valid flags for ext2fs_open()
102  *
103  *      EXT2_FLAG_RW    - Open the filesystem for read/write.
104  *      EXT2_FLAG_FORCE - Open the filesystem even if some of the
105  *                              features aren't supported.
106  *      EXT2_FLAG_JOURNAL_DEV_OK - Open an ext3 journal device
107  *      EXT2_FLAG_SKIP_MMP - Open without multi-mount protection check.
108  *      EXT2_FLAG_64BITS - Allow 64-bit bitfields (needed for large
109  *                              filesystems)
110  */
111 errcode_t ext2fs_open2(const char *name, const char *io_options,
112                        int flags, int superblock,
113                        unsigned int block_size, io_manager manager,
114                        ext2_filsys *ret_fs)
115 {
116         ext2_filsys     fs;
117         errcode_t       retval;
118         unsigned long   i, first_meta_bg;
119         __u32           features;
120         unsigned int    blocks_per_group, io_flags;
121         blk64_t         group_block, blk;
122         char            *dest, *cp;
123         int             group_zero_adjust = 0;
124 #ifdef WORDS_BIGENDIAN
125         unsigned int    groups_per_block;
126         struct ext2_group_desc *gdp;
127         int             j;
128 #endif
129
130         EXT2_CHECK_MAGIC(manager, EXT2_ET_MAGIC_IO_MANAGER);
131
132         retval = ext2fs_get_mem(sizeof(struct struct_ext2_filsys), &fs);
133         if (retval)
134                 return retval;
135
136         memset(fs, 0, sizeof(struct struct_ext2_filsys));
137         fs->magic = EXT2_ET_MAGIC_EXT2FS_FILSYS;
138         fs->flags = flags;
139         /* don't overwrite sb backups unless flag is explicitly cleared */
140         fs->flags |= EXT2_FLAG_MASTER_SB_ONLY;
141         fs->umask = 022;
142         retval = ext2fs_get_mem(strlen(name)+1, &fs->device_name);
143         if (retval)
144                 goto cleanup;
145         strcpy(fs->device_name, name);
146         cp = strchr(fs->device_name, '?');
147         if (!io_options && cp) {
148                 *cp++ = 0;
149                 io_options = cp;
150         }
151
152         io_flags = 0;
153         if (flags & EXT2_FLAG_RW)
154                 io_flags |= IO_FLAG_RW;
155         if (flags & EXT2_FLAG_EXCLUSIVE)
156                 io_flags |= IO_FLAG_EXCLUSIVE;
157         if (flags & EXT2_FLAG_DIRECT_IO)
158                 io_flags |= IO_FLAG_DIRECT_IO;
159         retval = manager->open(fs->device_name, io_flags, &fs->io);
160         if (retval)
161                 goto cleanup;
162         if (io_options &&
163             (retval = io_channel_set_options(fs->io, io_options)))
164                 goto cleanup;
165         fs->image_io = fs->io;
166         fs->io->app_data = fs;
167         retval = io_channel_alloc_buf(fs->io, -SUPERBLOCK_SIZE, &fs->super);
168         if (retval)
169                 goto cleanup;
170         if (flags & EXT2_FLAG_IMAGE_FILE) {
171                 retval = ext2fs_get_mem(sizeof(struct ext2_image_hdr),
172                                         &fs->image_header);
173                 if (retval)
174                         goto cleanup;
175                 retval = io_channel_read_blk(fs->io, 0,
176                                              -(int)sizeof(struct ext2_image_hdr),
177                                              fs->image_header);
178                 if (retval)
179                         goto cleanup;
180                 if (fs->image_header->magic_number != EXT2_ET_MAGIC_E2IMAGE)
181                         return EXT2_ET_MAGIC_E2IMAGE;
182                 superblock = 1;
183                 block_size = fs->image_header->fs_blocksize;
184         }
185
186         /*
187          * If the user specifies a specific block # for the
188          * superblock, then he/she must also specify the block size!
189          * Otherwise, read the master superblock located at offset
190          * SUPERBLOCK_OFFSET from the start of the partition.
191          *
192          * Note: we only save a backup copy of the superblock if we
193          * are reading the superblock from the primary superblock location.
194          */
195         if (superblock) {
196                 if (!block_size) {
197                         retval = EXT2_ET_INVALID_ARGUMENT;
198                         goto cleanup;
199                 }
200                 io_channel_set_blksize(fs->io, block_size);
201                 group_block = superblock;
202                 fs->orig_super = 0;
203         } else {
204                 io_channel_set_blksize(fs->io, SUPERBLOCK_OFFSET);
205                 superblock = 1;
206                 group_block = 0;
207                 retval = ext2fs_get_mem(SUPERBLOCK_SIZE, &fs->orig_super);
208                 if (retval)
209                         goto cleanup;
210         }
211         retval = io_channel_read_blk(fs->io, superblock, -SUPERBLOCK_SIZE,
212                                      fs->super);
213         if (retval)
214                 goto cleanup;
215         if (fs->orig_super)
216                 memcpy(fs->orig_super, fs->super, SUPERBLOCK_SIZE);
217
218 #ifdef WORDS_BIGENDIAN
219         fs->flags |= EXT2_FLAG_SWAP_BYTES;
220         ext2fs_swap_super(fs->super);
221 #else
222         if (fs->flags & EXT2_FLAG_SWAP_BYTES) {
223                 retval = EXT2_ET_UNIMPLEMENTED;
224                 goto cleanup;
225         }
226 #endif
227
228         if (fs->super->s_magic != EXT2_SUPER_MAGIC) {
229                 retval = EXT2_ET_BAD_MAGIC;
230                 goto cleanup;
231         }
232         if (fs->super->s_rev_level > EXT2_LIB_CURRENT_REV) {
233                 retval = EXT2_ET_REV_TOO_HIGH;
234                 goto cleanup;
235         }
236
237         /*
238          * Check for feature set incompatibility
239          */
240         if (!(flags & EXT2_FLAG_FORCE)) {
241                 features = fs->super->s_feature_incompat;
242 #ifdef EXT2_LIB_SOFTSUPP_INCOMPAT
243                 if (flags & EXT2_FLAG_SOFTSUPP_FEATURES)
244                         features &= ~EXT2_LIB_SOFTSUPP_INCOMPAT;
245 #endif
246                 if (features & ~EXT2_LIB_FEATURE_INCOMPAT_SUPP) {
247                         retval = EXT2_ET_UNSUPP_FEATURE;
248                         goto cleanup;
249                 }
250
251                 features = fs->super->s_feature_ro_compat;
252 #ifdef EXT2_LIB_SOFTSUPP_RO_COMPAT
253                 if (flags & EXT2_FLAG_SOFTSUPP_FEATURES)
254                         features &= ~EXT2_LIB_SOFTSUPP_RO_COMPAT;
255 #endif
256                 if ((flags & EXT2_FLAG_RW) &&
257                     (features & ~EXT2_LIB_FEATURE_RO_COMPAT_SUPP)) {
258                         retval = EXT2_ET_RO_UNSUPP_FEATURE;
259                         goto cleanup;
260                 }
261
262                 if (!(flags & EXT2_FLAG_JOURNAL_DEV_OK) &&
263                     (fs->super->s_feature_incompat &
264                      EXT3_FEATURE_INCOMPAT_JOURNAL_DEV)) {
265                         retval = EXT2_ET_UNSUPP_FEATURE;
266                         goto cleanup;
267                 }
268         }
269
270         if ((fs->super->s_log_block_size + EXT2_MIN_BLOCK_LOG_SIZE) >
271             EXT2_MAX_BLOCK_LOG_SIZE) {
272                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
273                 goto cleanup;
274         }
275
276         /*
277          * bigalloc requires cluster-aware bitfield operations, which at the
278          * moment means we need EXT2_FLAG_64BITS.
279          */
280         if (EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
281                                        EXT4_FEATURE_RO_COMPAT_BIGALLOC) &&
282             !(flags & EXT2_FLAG_64BITS)) {
283                 retval = EXT2_ET_CANT_USE_LEGACY_BITMAPS;
284                 goto cleanup;
285         }
286
287         if (!EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
288                                         EXT4_FEATURE_RO_COMPAT_BIGALLOC) &&
289             (fs->super->s_log_block_size != fs->super->s_log_cluster_size)) {
290                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
291                 goto cleanup;
292         }
293         fs->fragsize = fs->blocksize = EXT2_BLOCK_SIZE(fs->super);
294         if (EXT2_INODE_SIZE(fs->super) < EXT2_GOOD_OLD_INODE_SIZE) {
295                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
296                 goto cleanup;
297         }
298         fs->cluster_ratio_bits = fs->super->s_log_cluster_size -
299                 fs->super->s_log_block_size;
300         if (EXT2_BLOCKS_PER_GROUP(fs->super) !=
301             EXT2_CLUSTERS_PER_GROUP(fs->super) << fs->cluster_ratio_bits) {
302                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
303                 goto cleanup;
304         }
305         fs->inode_blocks_per_group = ((EXT2_INODES_PER_GROUP(fs->super) *
306                                        EXT2_INODE_SIZE(fs->super) +
307                                        EXT2_BLOCK_SIZE(fs->super) - 1) /
308                                       EXT2_BLOCK_SIZE(fs->super));
309         if (block_size) {
310                 if (block_size != fs->blocksize) {
311                         retval = EXT2_ET_UNEXPECTED_BLOCK_SIZE;
312                         goto cleanup;
313                 }
314         }
315         /*
316          * Set the blocksize to the filesystem's blocksize.
317          */
318         io_channel_set_blksize(fs->io, fs->blocksize);
319
320         /*
321          * If this is an external journal device, don't try to read
322          * the group descriptors, because they're not there.
323          */
324         if (fs->super->s_feature_incompat &
325             EXT3_FEATURE_INCOMPAT_JOURNAL_DEV) {
326                 fs->group_desc_count = 0;
327                 *ret_fs = fs;
328                 return 0;
329         }
330
331         if (EXT2_INODES_PER_GROUP(fs->super) == 0) {
332                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
333                 goto cleanup;
334         }
335
336         /*
337          * Read group descriptors
338          */
339         blocks_per_group = EXT2_BLOCKS_PER_GROUP(fs->super);
340         if (blocks_per_group == 0 ||
341             blocks_per_group > EXT2_MAX_BLOCKS_PER_GROUP(fs->super) ||
342             fs->inode_blocks_per_group > EXT2_MAX_INODES_PER_GROUP(fs->super) ||
343            EXT2_DESC_PER_BLOCK(fs->super) == 0 ||
344            fs->super->s_first_data_block >= ext2fs_blocks_count(fs->super)) {
345                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
346                 goto cleanup;
347         }
348         fs->group_desc_count = ext2fs_div64_ceil(ext2fs_blocks_count(fs->super) -
349                                                  fs->super->s_first_data_block,
350                                                  blocks_per_group);
351         if (fs->group_desc_count * EXT2_INODES_PER_GROUP(fs->super) !=
352             fs->super->s_inodes_count) {
353                 retval = EXT2_ET_CORRUPT_SUPERBLOCK;
354                 goto cleanup;
355         }
356         fs->desc_blocks = ext2fs_div_ceil(fs->group_desc_count,
357                                           EXT2_DESC_PER_BLOCK(fs->super));
358         retval = ext2fs_get_array(fs->desc_blocks, fs->blocksize,
359                                 &fs->group_desc);
360         if (retval)
361                 goto cleanup;
362         if (!group_block)
363                 group_block = fs->super->s_first_data_block;
364         /*
365          * On a FS with a 1K blocksize, block 0 is reserved for bootloaders
366          * so we must increment block numbers to any group 0 items.
367          *
368          * However, we cannot touch group_block directly because in the meta_bg
369          * case, the ext2fs_descriptor_block_loc2() function will interpret
370          * group_block != s_first_data_block to mean that we want to access the
371          * backup group descriptors.  This is not what we want if the caller
372          * set superblock == 0 (i.e. auto-detect the superblock), which is
373          * what's going on here.
374          */
375         if (group_block == 0 && fs->blocksize == 1024)
376                 group_zero_adjust = 1;
377         dest = (char *) fs->group_desc;
378 #ifdef WORDS_BIGENDIAN
379         groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
380 #endif
381         if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
382                 first_meta_bg = fs->super->s_first_meta_bg;
383                 if (first_meta_bg > fs->desc_blocks)
384                         first_meta_bg = fs->desc_blocks;
385         } else
386                 first_meta_bg = fs->desc_blocks;
387         if (first_meta_bg) {
388                 retval = io_channel_read_blk(fs->io, group_block +
389                                              group_zero_adjust + 1,
390                                              first_meta_bg, dest);
391                 if (retval)
392                         goto cleanup;
393 #ifdef WORDS_BIGENDIAN
394                 gdp = (struct ext2_group_desc *) dest;
395                 for (j=0; j < groups_per_block*first_meta_bg; j++) {
396                         gdp = ext2fs_group_desc(fs, fs->group_desc, j);
397                         ext2fs_swap_group_desc2(fs, gdp);
398                 }
399 #endif
400                 dest += fs->blocksize*first_meta_bg;
401         }
402         for (i=first_meta_bg ; i < fs->desc_blocks; i++) {
403                 blk = ext2fs_descriptor_block_loc2(fs, group_block, i);
404                 retval = io_channel_read_blk64(fs->io, blk, 1, dest);
405                 if (retval)
406                         goto cleanup;
407 #ifdef WORDS_BIGENDIAN
408                 for (j=0; j < groups_per_block; j++) {
409                         gdp = ext2fs_group_desc(fs, fs->group_desc,
410                                                 i * groups_per_block + j);
411                         ext2fs_swap_group_desc2(fs, gdp);
412                 }
413 #endif
414                 dest += fs->blocksize;
415         }
416
417         fs->stride = fs->super->s_raid_stride;
418
419         /*
420          * If recovery is from backup superblock, Clear _UNININT flags &
421          * reset bg_itable_unused to zero
422          */
423         if (superblock > 1 && EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
424                                         EXT4_FEATURE_RO_COMPAT_GDT_CSUM)) {
425                 dgrp_t group;
426
427                 for (group = 0; group < fs->group_desc_count; group++) {
428                         ext2fs_bg_flags_clear(fs, group, EXT2_BG_BLOCK_UNINIT);
429                         ext2fs_bg_flags_clear(fs, group, EXT2_BG_INODE_UNINIT);
430                         ext2fs_bg_itable_unused_set(fs, group, 0);
431                         /* The checksum will be reset later, but fix it here
432                          * anyway to avoid printing a lot of spurious errors. */
433                         ext2fs_group_desc_csum_set(fs, group);
434                 }
435                 if (fs->flags & EXT2_FLAG_RW)
436                         ext2fs_mark_super_dirty(fs);
437         }
438
439         if ((fs->super->s_feature_incompat & EXT4_FEATURE_INCOMPAT_MMP) &&
440             !(flags & EXT2_FLAG_SKIP_MMP) &&
441             (flags & (EXT2_FLAG_RW | EXT2_FLAG_EXCLUSIVE))) {
442                 retval = ext2fs_mmp_start(fs);
443                 if (retval) {
444                         fs->flags |= EXT2_FLAG_SKIP_MMP; /* just do cleanup */
445                         ext2fs_mmp_stop(fs);
446                         goto cleanup;
447                 }
448         }
449
450         fs->flags &= ~EXT2_FLAG_NOFREE_ON_ERROR;
451         *ret_fs = fs;
452
453         return 0;
454 cleanup:
455         if (!(flags & EXT2_FLAG_NOFREE_ON_ERROR)) {
456                 ext2fs_free(fs);
457                 fs = NULL;
458         }
459         *ret_fs = fs;
460         return retval;
461 }
462
463 /*
464  * Set/get the filesystem data I/O channel.
465  *
466  * These functions are only valid if EXT2_FLAG_IMAGE_FILE is true.
467  */
468 errcode_t ext2fs_get_data_io(ext2_filsys fs, io_channel *old_io)
469 {
470         if ((fs->flags & EXT2_FLAG_IMAGE_FILE) == 0)
471                 return EXT2_ET_NOT_IMAGE_FILE;
472         if (old_io) {
473                 *old_io = (fs->image_io == fs->io) ? 0 : fs->io;
474         }
475         return 0;
476 }
477
478 errcode_t ext2fs_set_data_io(ext2_filsys fs, io_channel new_io)
479 {
480         if ((fs->flags & EXT2_FLAG_IMAGE_FILE) == 0)
481                 return EXT2_ET_NOT_IMAGE_FILE;
482         fs->io = new_io ? new_io : fs->image_io;
483         return 0;
484 }
485
486 errcode_t ext2fs_rewrite_to_io(ext2_filsys fs, io_channel new_io)
487 {
488         errcode_t err;
489
490         if ((fs->flags & EXT2_FLAG_IMAGE_FILE) == 0)
491                 return EXT2_ET_NOT_IMAGE_FILE;
492         err = io_channel_set_blksize(new_io, fs->blocksize);
493         if (err)
494                 return err;
495         if ((new_io == fs->image_io) || (new_io == fs->io))
496                 return 0;
497         if ((fs->image_io != fs->io) &&
498             fs->image_io)
499                 io_channel_close(fs->image_io);
500         if (fs->io)
501                 io_channel_close(fs->io);
502         fs->io = fs->image_io = new_io;
503         fs->flags |= EXT2_FLAG_DIRTY | EXT2_FLAG_RW |
504                 EXT2_FLAG_BB_DIRTY | EXT2_FLAG_IB_DIRTY;
505         fs->flags &= ~EXT2_FLAG_IMAGE_FILE;
506         return 0;
507 }