git://git.whamcloud.com - tools/e2fsprogs.git/log

Record e2fsprogs (1.47.1~rc1-1) in archive suite sid

e2fsprogs (1.47.1~rc1-1) unstable; urgency=medium

  * Re-enable metadata_csum_seed and orphan_file by default now that
    Debian Bookworm is released
  * New upstream version
  * Add support for post-2038 timestamps on platforms with 64-bit time_t.
  * Mke2fs -d can now support an input tar file if the libarchive library
    is available.
  * Install a udev rule to inihibit ext4 file systesm from being
    automounted by udisks.
  * Debugfs's 'hash' command has been enhanced to use the hash seed and
    algorithm from a superblock if a file system is opened and to display
    the hash seed and algorithm if the -v flag is given.
  * Teach mke2fs with a new extended options, root_perms, which overrides
    the permissions for the root directory for the new file system.
  * Preserve any error indicator in the superblock when replaying the
    journal so that a subsequent fsck can repair the file system afterwards.
  * Fix potential mke2fs failures when creating a file system with an
    orphan file when the storage device has a previous file system and
    does not support discard/trim commands.
  * E2fsck will clear the orphan_present feature silently in preen mode.
  * Fix potential checksum failures when performing an online resize when
    the mounted file system is actively modifying the superblock.
  * Fix a bug where a checksum failure in an htree directory can cause
    e2fsck's preen mode to abort unnecessarily.
  * Fix e2fsck's handling of an invalid symlink in an inline_data
    directory.
  * Fix e4crypt from issuing a spurious "success" error message when
    trying to set a policy on a non-directory.
  * Fix a potential infinite loop in debugfs's logdump command in some
    edge cases.
  * Fix e2fsck to correctly update quota usage after optimizing
    directories or deleting corrupted inodes.
  * Fix fuse2fs so that directories are created with the correct
    permissions instead of having the other and group write permissions
    masked off.
  * Fix a potential e2fsck divide by zero crash caused by a maliciously
    fuzzed file system.
  * Fix dumpe2fs to report free block ranges correctly for bigalloc file
    file systems.
  * Fix resize2fs where resizing a bigalloc file system can result in the
    free cluster count in the last block group and the total free clusters
    count to be incorrect.
  * Avoid spurious e2scrub failures caused by trying to scrub file
    syustems that do not have the journal enabled, and by aborting scrub
    runs while upgrading the e2fsprogs package
  * Teach tune2fs to detect a file system which is mounted but is not
    mentioned in the mount namespace where tune2fs is run by treating a
    block device which is busy as if it is mounted.
  * If tune2fs can't find the mountpoint for a file system which is
    apparently mounted (perhaps because it's not present in the current
    mount namespace) when attempting to set the label or UUID in the
    superblock, fall back to the old method of modifying block device and
    silence printing any error messages.
  * If both the primary superblock and first block group's backup
    superblock are corrupted, e2fsck will now try additional backup
    superblocks if they are available.
  * Avoid mke2fs from creating an invalid file system with an insufficient
    number of inodes when creating a file system which is very small
    (100k), a block size of 1k, and an inode size of 256 bytes.
  * Fix a potential deadlock caused by e2fsck being run in Direct I/O mode
    with the threading optimization enabled.
  * Update and clarify various man pages.  (Closes: #1038286)
  * Add support for SOURCE_DATE_EPOCH environment variable
  * Improve resize2fs's performance by eliminating extra cache flushes.
  * Improve mke2fs's performance when zeroing a large number of inode
    table blocks (when lazy inode table initialization is not enabled) by
    batching calls to ext2fs_zero_blocks.
  * Use a safe_getenv function for all calls to fetch the environment
    variable in libext2fs.
  * Upgrade fuse2fs to use fuse v3.
  * Build the binaries using FORTIFY_SOURCE=3 for better hardening
  * Add Romainian translation.
  * Update Malay translation.

[dgit import unpatched e2fsprogs 1.47.1~rc1-1]

Import e2fsprogs_1.47.1~rc1.orig.tar.gz

[dgit import orig e2fsprogs_1.47.1~rc1.orig.tar.gz]

Import e2fsprogs_1.47.1~rc1-1.debian.tar.xz

[dgit import tarball e2fsprogs 1.47.1~rc1-1 e2fsprogs_1.47.1~rc1-1.debian.tar.xz]

Update debian/changelog and debian/patches for the 1.47.0-2 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Disable metadata_csum_seed and orphan_file by default for Debian

There are a lot of debian packages that assume that mkfs.ext4 for
Debian N will work on Debian N-1 (and sometimes N-2, N-3, etc.). This
is a bad assumption, but it's too late to fix this for Debian
Bookworm.

So revert making these feature a default for now. We will enable it
again post Bookworm.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge tag 'v1.47.0' into debian/master

v1.47.0

Update release notes, etc., for the 1.47.0 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: update to standards version 4.6.2

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge branch 'maint' into next

Fix date in the release notes for v1.46.6

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update e2fsprogs.lsm for 1.46.6 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: remove package-specific copyright notices

These are causing a large number of Lintian warnings
"file-without-copyright-information".

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge branch 'maint' into next

Update release notes, etc., for the 1.46.6 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

config: update config.{guess,sub}

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update zh_CN.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update uk.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update sv.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update sr.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update pl.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update nl.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update ms.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update fr.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update es.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update de.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update cs.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Declare fast forward from 1.46.6~rc1-1.1

[dgit --overwrite]

Merge tag 'v1.46.6' into debian/master

v1.46.6

badblocks: fix operation with large-ish block sizes and/or counts

test_rw() and test_nd() need to allocate two or three times the product
of the block size and the block counts. This can overflow the signed int
type of block_size and result in allocate_buffer() being called with a
value smaller than intended. Once that buffer is written to, badblocks
segfaults.

Since allocate_buffer() accepts a size_t, change the input validation to
use SIZE_MAX and cast accordingly when calculating the argument.

Fixing the segfault allows larger values to be passed to read() and
write(); these need to be cast to size_t as well in order to avoid a
signed integer overflow causing failure, in which case badblocks would
fall back to testing a single block at once.

Before:
$ misc/badblocks -w -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in read-write mode
From block 0 to 524287
Segmentation fault

$ misc/badblocks -n -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in non-destructive read-write mode
From block 0 to 524287
Checking for bad blocks (non-destructive read-write test)
Segmentation fault

After:
$ misc/badblocks -w -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in read-write mode
From block 0 to 524287
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done
Pass completed, 0 bad blocks found. (0/0/0 errors)

$ misc/badblocks -n -b 4096 -c 524288 -e 1 -s -v /tmp/testfile.bin
Checking for bad blocks in non-destructive read-write mode
From block 0 to 524287
Checking for bad blocks (non-destructive read-write test)
Testing with random pattern: done
Pass completed, 0 bad blocks found. (0/0/0 errors)

Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

badblocks: separate and improve error messages for blocks_at_once

Since the conditional checks the product of block_size and
blocks_at_once, reporting that the problem is solely with
blocks_at_once is misleading.

Also change the error to use the name of the parameter listed in the
manual rather than the variable name.

Since blocks_at_once is unsigned, change the test to == rather than <=.

Before:
$ misc/badblocks -w -b 16777216 -c 524288 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: Invalid blocks_at_once: 524288

After:
$ misc/badblocks -w -b 16777216 -c 524288 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: For block size 16777216, blocks_at_once too large: 524288

$ misc/badblocks -w -b 16777216 -c 0 -e 1 -s -v /tmp/testfile.bin
misc/badblocks: Invalid number of blocks: 0

Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

badblocks: fix mis-printed error from block size check

block_size is parsed as an unsigned int from parse_uint(), so retain it
as such until _after_ it has been constrained to a size within INT_MAX.

Lower level code still requires this to be an int, so cast to int for
anything below main().

Before:
$ misc/badblocks -w -b 4294967295 -c 1 /tmp/testfile.bin
misc/badblocks: Invalid block size: -1

After:
$ misc/badblocks -w -b 4294967295 -c 1 /tmp/testfile.bin
misc/badblocks: Invalid block size: 4294967295

Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

badblocks: print a more explanatory message when a parameter is too large

Before:
$ misc/badblocks -w -b 4294967296 -c 1 /tmp/testfile.bin
misc/badblocks: invalid block size - 4294967296

After:
$ misc/badblocks -w -b 4294967296 -c 1 /tmp/testfile.bin
misc/badblocks: block size too large - 4294967296

The original error is retained for invalid arguments, e.g.:
$ misc/badblocks -w -b foo -c 1 /tmp/testfile.bin
misc/badblocks: invalid block size - foo

Signed-off-by: Corey Hickey <bugfood-c@fatooh.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

fuse2fs: support "fuse2fs -o offset=<bytes>"

This works the same way that mount -o offset=<bytes> works, and can be
used to mount particular partitions from a whole disk image.

Signed-off-by: Matt Stark <msta@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

ext2fs: Use 64bit lseek when _FILE_OFFSET_BITS is 64

Use lseek() with 64bit off_t when _FILE_OFFSET_BITS is 64
this fixes build with musl where there is no _llseek but lseek
is using off_t which is 64bit on musl

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Add option to enable/disable largefile support

fallocate can be used to have 64bit off_t provided its compiled with
_FILE_OFFSET_BITS=64 which will be added automatically when
--enable-largefile is used.

[ Run autoreconf to update configure and config.h.in -- TYT ]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: reject opening a file system where the blocks per group < 8

A file system where the superblock claims that the blocks per group is
less than 8 is invalid, so let's reject it at ext2fs_open() time.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update Makefile dependencies

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: unix_io: fix_potential error path deadlock in flush_cached_blocks()

We can't call the error handler while holding the CACHE_MUTEX (see
previous commit, "libext2fs: unix_io: fix_potential error path
deadlock in reuse_cache()" for details), so first try to write out all
of the dirty blocks in the cache, and then for those where we had
errors, then call the error handler.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: unix_io: fix potential error path deadlock in reuse_cache()

This was reported by [1] but the fix was incorrect. The issue is that
when unix_io was made thread-safe, it was necessary that to add a
CACHE_MUTEX to protect multiple threads from potentially colliding
with the very simple writeback cache used by the unix_io I/O manager.
The original I/O manager was purposefully kept simple, used a
fixed-size cache; accordingly, the locking used also kept simple, and
used a single global mutex.

[1] https://lore.kernel.org/r/310fb77f-dfed-1196-c4ee-30d5138ee5a2@huawei.com

The problem was that if an application (such as e2fsck) registers a
write error handler, that handler would be called with the CACHE_MUTEX
still held, and if that application tried to do any I/O --- for
example, closing the file system using ext2fs_close() and then exiting
--- the application would deadlock.

We should perhaps fix this either by deciding that the simple Unix I/O
cache doesn't actually buy much beyond some system call overhead, or
by putting in a full-fledged buffer I/O cache system which uses a much
larger cache with allocated memory, fine-grained locking and Direct
I/O to prevent double cache at the kernel and userspace level.
However, for now, fix the problem by waiting until after we have
released the CACHE_MUTEX before calling the write handler. This is
good enough given how e2fsck's ehandler.c use case, and in practice no
one else really uses the error handler in any case.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: unix_io: add flag which suppresses calling the write error handler

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

AOSP: Android: run bpfmt on all bp files

Ran the following command:

bpfmt -w $(find . -name Android.bp)

Change-Id: Ia08c8d481199dfa917dbed2dc218df167f101ce5
From AOSP commit: 30fa5b9af82695711cc1bf749fbb0cd18afa008a

AOSP: Android: consolidate warning suppressions

For warnings not supported by upstream e2fsprogs, it's a waste of time
to suppress them only in specific places, as they can show up anywhere
in future releases of e2fsprogs. Let's consolidate all these warning
suppressions into the top-level Android.bp for e2fsprogs.

Change-Id: Icebc03289dae920cb1b673e605c48f7f2b517625
From AOSP commit: d08d59557a34c6362e3660e7e35bc118591dbbfa

AOSP: Android: stop suppressing warnings from macOS build

This is no longer needed.

Change-Id: Ie6a1c098a2e5b9db42c9a239ddfbf682cbd3bad2
From AOSP commit: 890e23673b7496bbf400e6bb5fd555bbb3c4b88f

AOSP: Android: stop suppressing warnings controlled by -Wall

Upstream fully supports -Wall now.

Change-Id: Ida895a1c5dfdf168bc6f50049680b2d2bfbb2942
From AOSP commit: 0ef947d1d4890b3fd4509bc1f3c98bb0f0a525f5

AOSP: Android: consolidate addition of include/mingw/

To match what the autotools-based build system does now, always add
include/mingw/ to the include path on Windows. I don't think this makes
a real difference anywhere, but this is much simpler.

Change-Id: I92fdaf3e58029dfca3187af928d943270b2a2109
From AOSP commit: c9aa74eac41f8feeabb2321383161c7cf92cb49b

AOSP: Android: add a new upstream source file

Change-Id: Iafeccde9acca678e665b49a4cdb42ac0672e2a84
From AOSP commit: f22381d07818ff7e55e89698a1daf23ba2357d69

AOSP: lib/support: don't assume qsort_r() is always available on Linux

Since commit 4e5f24ae4267 ("Use an autoconf test to detect for a BSD- or
GNU-style qsort_r function"), e2fsck fails to build for Android because
lib/support/sort_r.h assumes that qsort_r() is always available on
"Linux", but in fact it's not supported by Android's libc.

Rename _SORT_R_LINUX to _SORT_R_GNU to clarify that it's really the
glibc convention for qsort_r(), not the "Linux" convention per se, and
make sort_r.h stop setting it automatically when __linux__ is defined.

Note: this change does *not* prevent glibc's qsort_r() from being used
when e2fsprogs is built using the autotools-based build system, as
'configure' checks for qsort_r() too. This change just affects the
fallback behavior for when qsort_r() was not already detected.

Fixes: 4e5f24ae4267 ("Use an autoconf test to detect for a BSD- or GNU-style qsort_r function")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20230130215829.863455-1-ebiggers@kernel.org
Change-Id: I4ed2fd6aef5a0d62960988d29e35acd337bb7d02
From AOSP commit: 9f289d0add4f12fa2e4b21754141363a2759d152

AOSP: Stop explicitly specifying -fno-strict-aliasing

The upstream build system for e2fsprogs doesn't use
-fno-strict-aliasing, so update the Android.bp files to match.

Note: Android's build system currently uses -fno-strict-aliasing by
default anyway, so this change doesn't actually enable strict aliasing.
But that's a bit besides the point. The point is that this project
doesn't need anything special, so we don't need to do anything special.

Change-Id: Ifa637058fd95fdc2b6994a8b801b238e929c1f13
From AOSP commit: c30a15e5d615748d4824dec26f1bda1a86be979c

AOSP: mke2fs: stop suppressing warnings for Windows build

The warning this was intended to suppress was already fixed by
upstream commit 108f3021a6b6 ("mke2fs: use ext2fs_get_device_size2() on
all platforms").

Test: mmm external/e2fsprogs
Change-Id: I12de1b58e839658568c2f7cd30f1c2a227fe15f2
From AOSP commit: 7c581e836497595d0748953eb2b533777d9f4fd4

AOSP: e2fsdroid: stop disabling address sanitization

Address sanitization was disabled in e2fsdroid over 5 years ago, due to
a bug in libext2fs. However, that bug has long since been fixed by
upstream commit 689b7be2da01 ("libext2fs: avoid dereferencing beyond
allocated memory in xattr code"). So it should be fine to re-enable
address sanitization now.

Bug: 68387795
Change-Id: I89a7a1ec1a45d0a2ed76d2e5938dbc127eb267a6
From AOSP commit: c3b223fedcb94e5763c48b93a4445289d13a5eb0

AOSP: Update lib/ext2fs/Android.bp for upstream change

Compile windows_io.c on Windows, and unix_io.c everywhere else.

Change-Id: Ieab0b9ad5a9f7c275153e0f90553761693967762
Signed-off-by: Eric Biggers <ebiggers@google.com>
From AOSP commit: 0c82cec0d1aa70c993b5231a2c2244eb5175e638

AOSP: mke2fs.microdroid: Allow non-APEX version of libs

Microdroid uses mke2fs to format encryptedstore partition. This happens
in parallel to apex activation by apexd. Hence, sometime, mke2fs would
fail if some linker libraries are not available.

Create a target (mke2fs.microdroid) with bootstrap: true

Bug: 238179332
Test: Build succeeds & atest MicrodroidTests#encryptedStorageAvailable
Change-Id: I1aa493bfc188bb78e21efe98423f4a79215f7d95
From AOSP commit: 54818f635e4249db903dd17fca22ae11b3c0f3a0

AOSP: Create blkid_static

static_apexer_tools depends on deapexer which depends on blkid. So we
need a static version of blkid.

BUG: b/257933023
TEST: local build of blkid_static
Change-Id: I191840a21df1c10f4371acbe8067f39f148f28b8
From AOSP commit: 2aa5b65667e71bc278117caffa46c331d75d2803

AOSP: Make blkid host_supported

We need blkid in deapexer to get the filesystem type of the payload
image. However, blkid will not be installed to host out dir unless we
make it host_supported which is what this change is about.

BUG: b/255963179, b/240288941
TEST: m deapexer; then check out/host/linux-x86/bin
Change-Id: I46c1e18b9dbdbeb41c7dfe4e26496004d1b2b3de
From AOSP commit: f12ebffc345741380d9a30ddac528a9b995657cd

e4defrag: avoid potential buffer overflow caused by very long file names

Addresses-Coverity-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: make the copyright file machine readable

Debian introduced a machine-readable copyright file a while ago.
Convert the general copyright file and the package-specific ones,
splitting the info that belongs to the package-specific ones.
Drop debian/e2fsck-static.copyright because that does not have a
file set that is very distinct from the general source; it would
just replicate parts of it.

This change adds some missing licenses that have to be documented
according to Debian Policy §12.5 as well as the copyright info for
many files.

Signed-off-by: Viraj Shah <viraj.shah@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

dict: Add modifification note required by license

The Kazlib license says:

"Permission is also granted to adapt this software to produce
derivative works, as long as the modified versions carry this copyright
notice and additional notices stating that the work has been modified."

Add the missing notice stating that the work has been modified.

Signed-off-by: Bastian Germann <bage@linutronix.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge branch 'maint' into next

ci.yml: use actions/checkout@v3 to switch to using Node 16

This suppresses deprecation warnings from github saying that Node 12
has been deprecated and actions to migrate to using Node 16.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/uuid: remove unneeded Windows UUID workaround

Some .c files in lib/uuid/ contain the following:

#ifdef _WIN32
#define _WIN32_WINNT 0x0500
#include <windows.h>
#define UUID MYUUID
#endif

This seems to have been intended to allow the use of a local "UUID" type
without colliding with "UUID" in the Windows API. However, this is
unnecessary because there's no local "UUID" type -- there's only uuid_t.

None of these .c files need the include of windows.h, either.

Finally, the unconditional definition of _WIN32_WINNT causes a compiler
warning when the user defines _WIN32_WINNT themself.

Since this code is unnecessary and is causing problems, just remove it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: don't warn about lack of getmntent on Windows

It is expected that Windows doesn't have getmntent(), so don't warn
about it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

ci.yml: ensure -Werror really gets used in all cases

-Werror wasn't actually being used when building the libraries, as the
libraries use CFLAGS_STLIB instead of CFLAGS.

Use CFLAGS_WARN, which gets included in both.

Note: -Werror can't just be passed to 'configure' like the other flags
are, as it interferes with some of the configure checks.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Change the xattr entry hash to use an unsighed char by default

Starting in Linux 6.2, char is forced to always unsigned when
compiling the kernel, even on those platforms (such as x86) where char
was traditionally signed.  This exposed a bug in ext4, where when
calculating the extended attribute entry hash, we used a char value
from the extended attribute name.  This resulted with the entry hash,
which is stored on-disk, to variable depending on whether the plaform
used a signed or unsigned char.

Fortunately, the xattr names tend to be ASCII characters with the 8th
bit zero, so it wasn't noticed two decades (this bugs dates back to
the introduction of extended attribute support to ext2 in 2.5.46).
However, when this change was made in v6.2-rc1, the inconsistency
between the extended attribute hash calculated by e2fsprogs (which was
still using a signed char on x86) was different from an x86 kernel,
and this triggered a test failure in generic/454.

This was fixed in kernel commit f3bbac32475b (" ext4: deal with legacy
signed xattr name hash values"), where Linus decreed that it wasn't
worth it to fix this the same way we had addressed has used by the
dir_index feature.  Instead, starting in the 6.2 kernel, ext4 will
accept both the hash calculated using signed and unsigned chars, but
set the entry hash using the unsigned char.  This commit makes
e2fsprogs follow suit.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: print the extended attribute's e_hash field

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: clean up test names

Remove trailing newlines and downcase the starting word in the names

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: fix a printf format compiler warning on 64-bit architectures

Sometimes the only way to shut up a compiler warning is to use
a cast. :-(

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: double cast a pointer to suppress a bogus compiler warning in kfree()

The C standard is wrong[1] with respect to the function signature of
free(), while the kernel's kfree() is correct.  Unfortunately, this
leads to compiler warnings.

Sayeth Dennis Ritchie: "Noalias must go.  This is non-negotiable"[2].
Noalias went.  The confusion around const, alas, still remains.

[1] https://yarchive.net/comp/const.html
[2] https://www.lysator.liu.se/c/dmr-on-noalias.html

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: use ext2_ino_t instead of ino_t

The ino_t type is defined by the system header files, and may be
anything from an unsigned int, unsigned long, or an unsigned long
long. So where we are referring to an ext2/ext3/ext4 inode number, we
should use ext2_ino_t to avoid this ambiguity, especially when passing
an inode number to a printf-style function.

This was detected via a compiler warning on MacOS, but it's
potentially a real bug, since it can cause an error message to print a
garbled inode number.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/tune2fs: fix -Wunused-variable warnings in handle_fslabel()

These warnings show up in non-Linux builds. To fix them, only declare
local variables when they are needed.

While we're here, also make handle_fslabel() static.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/tune2fs: fix setting fsuuid::fsu_len

Minus does not mean equals.

Besides fixing an obvious bug, this avoids the following compiler
warning with clang -Wall:

tune2fs.c:3625:20: warning: expression result unused [-Wunused-value]
fsuuid->fsu_len - UUID_SIZE;
~~~~~~~~~~~~~~~ ^ ~~~~~~~~~

Fixes: a83e199da0ca ("tune2fs: Add support for get/set UUID ioctls.")
Reviewed-by: Jeremy Bongio <bongiojp@gmail.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: remove unused variable in ext2fs_xattrs_read_inode()

Address the following compiler warning with gcc -Wall:

ext_attr.c: In function ‘ext2fs_xattrs_read_inode’:
ext_attr.c:1000:16: warning: unused variable ‘i’ [-Wunused-variable]
1000 | size_t i;
| ^

Cc: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge branch 'maint' into next

Add a configuration file for GitHub Actions

Add a workflow file for GitHub Actions, with jobs that build and test
e2fsprogs on various platforms with various options.

The workflow is configured to run on pushes only, since e2fsprogs does
not use GitHub pull requests.

This will work on any e2fsprogs fork on Github that has GitHub Actions
enabled. For example, the results for the testing I've been doing are
at https://github.com/ebiggers/e2fsprogs/actions.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

resize2fs: remove unused variable from adjust_superblock()

In adjust_superblock(), the 'group_block' variable is declared and set,
but it is never actually used.  Remove it.

This addresses the following compiler warning with clang -Wall:

        blk64_t         group_block;
                        ^

resize2fs.c:1119:11: warning: variable 'group_block' set but not used [-Wunused-but-set-variable]
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/util.c: enable MinGW alarm() when building for Windows

To compile for Windows, this file needs MinGW's implementation of
alarm().  To expose that definition, some macros must be defined before
including the system headers.  This was done in Android.bp, but it was
not done in the autotools-based build system.  Define these macros in
the source file itself so that all build systems work.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mke2fs: fix a -Wunused-variable warning in PRS()

This showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mke2fs: fix Windows build

unix_io_manager is no longer available on Windows. windows_io_manager
must be used instead.

Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/mk_hugefiles: simplify get_partition_start()

search_sysfs_block() is causing -Wformat-truncation warnings.  These
could be fixed by checking the return value of snprintf(), instead of
doing buggy checks like 'strlen(p_de->d_name) > SYSFS_PATH_LEN -
strlen(path) - 32', which has an integer underflow bug.

However, the only purpose of search_sysfs_block() is to find the sysfs
directory for a block device by device number.  That can trivially be
done using /sys/dev/block/$major:$minor.  So just do that instead.  Also
make get_partition_start() explicitly Linux-only, as it has never worked
anywhere else.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/fuse2fs: avoid error-prone strncpy() pattern

'strncpy(dst, src, strlen(src))' is usually wrong, as it doesn't copy
the null terminator. For this reason, it causes a -Wstringop-truncation
warning with gcc 8 and later.

The code happens to be correct anyway, since the destination buffer is
zero-initialized. But to avoid relying on this, let's just copy the
terminating null.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/e4defrag: fix -Wstringop-truncation warnings

Fix two -Wstringop-truncation warnings in is_ext4() by simplifying how
how mnt_type is handled and by using the correct bound for mnt_fsname.

Fix a -Wstringop-truncation warning in main() by replacing the fragile
pattern 'strncpy(dst, src, strnlen(src, N))', which doesn't
null-terminate the destination string, with a standard string copy. (It
happened to work anyway because dst happens to be zero-initialized.)

These warnings showed up when building with -Wall with gcc 8 or later.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/create_inode: simplify logic in scandir()

The control flow in scandir() (only used on Windows) confuses gcc into
thinking that *name_list is not always set on success, which causes a
-Wmaybe-uninitialized warning in __populate_fs(). As far as I can tell
it's a false positive; however, avoid it by cleanly separating the
success and failure cases in scandir().

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/create_inode: fix -Wunused-variable warnings in __populate_fs()

These showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: use real functions for kernel slab functions

The macros that e2fsck uses to implement kmalloc et al. use only some of
their arguments, so unlike standard function calls, they can cause
compiler warnings like:

./../e2fsck/revoke.c:141:8: warning: variable 'gfp_mask' set but not used [-Wunused-but-set-variable]

Fix this by providing a proper definition for each function, making sure
to match the function prototypes used in the kernel.

Remove the kmem_cache_t typedef, as it doesn't exist in the kernel.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/uuid: remove conflicting Windows implementation of gettimeofday()

When building libuuid for Windows with MinGW with the default settings,
there is a build error in lib/uuid/gen_uuid.c because the explicit
definition of gettimeofday() conflicts with MinGW's declaration of
gettimeofday(). gen_uuid.c apparently expects USE_MINGW to be defined
to avoid that, but the build system doesn't actually do that.

Since native Windows builds of e2fsprogs are currently only supported
via MinGW anyway (in particular, Visual Studio is not supported), let's
fix this by just removing our own definition of gettimeofday().

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/support: clean up definition of flags_array

Add braces to address the following compiler warning with gcc -Wall:

print_fs_flags.c:24:42: warning: missing braces around initializer [-Wmissing-braces]
24 | static struct flags_name flags_array[] = {
| ^

Also add 'const', and add an explicit NULL in the last entry.

Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/support: remove unused label in get_devname()

Address the following compiler warning with gcc -Wall:

devname.c: In function ‘get_devname’:
devname.c:61:1: warning: label ‘out_strdup’ defined but not used [-Wunused-label]
61 | out_strdup:
| ^~~~~~~~~~

Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ss: fix 'make install' by creating man1dir

'make install' does not work because libss tries to install a man page
without creating the directory first. Fix this.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/{ext2fs,support}: fix 32-bit Windows build

_WIN32 is the standard macro to detect (native) Windows, regardless of
32-bit or 64-bit.  _WIN64 is for 64-bit Windows only.  Use _WIN32 where
_WIN64 was incorrectly being used.

This fixes several 32-bit Windows build errors, for example this one:

plausible.c: In function ‘print_ext2_info’:
plausible.c:109:31: error: ‘unix_io_manager’ undeclared (first use in this function); did you mean ‘undo_io_manager’?
  109 |                               unix_io_manager,
      |                               ^~~~~~~~~~~~~~~
      |                               undo_io_manager

Fixes: 86b6db9f5a43 ("libext2fs: code adaptation to use the Windows IO manager")
Cc: Paulo Antonio Alvarez <pauloaalvarez@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix a -Wpointer-sign warning in ext2fs_mmp_start()

This showed up when building for Windows.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix two compiler warnings in windows_io.c

init_private_data() triggers a -Wstringop-truncation warning, due to a
real bug. Fix it.

windows_open() has a -Wunused-variable warning because some
macOS-specific code was copied there for no reason. Remove it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: fix a printf format specifier in file_test()

size_t should be matched by %zu, not %lu. This fixes a -Wformat warning
when building for 32-bit x86.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: consistently use #ifdefs in ext2fs_print_bmap_statistics()

Since the 'now' variable is only used to calculate 'inuse', and 'inuse'
is only used when defined(ENABLE_BMAP_STATS_OPS), it makes sense to
guard the declaration and initialization of 'now' and 'inuse' by the
same condition, just like the '*_perc' variables in the same function.

This addresses the following compiler warning with clang -Wall:

double inuse;
^

gen_bitmap64.c:187:9: warning: variable 'inuse' set but not used [-Wunused-but-set-variable]
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs: remove 32-bit x86 bitops assembly

The EXT2FS_ADDR() macro is causing -Warray-bounds warnings because it
(sort of) dereferences past the end of the input array.  It's not a
"real" dereference, since the result is passed as a memory operand to
inline asm.  But in the C language sense, it is a dereference.

Instead of trying to fix this code, let's consider that libext2fs *only*
implements the bit operations in assembly for 32-bit x86, which is
rarely used anymore.  The fact that compilers have also improved, and no
one has implemented these for another architecture, even x86_64,
suggests it's not useful either.  So, let's just remove this outdated
code, which was maybe useful in the 90s, but now just causes problems.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/et: fix "unused variable" warnings when !HAVE_FCNTL

In init_debug(), avoid -Wunused-variable and -Wunused-but-set-variable
warnings when HAVE_FCNTL is not defined by only declaring 'fd' and
'flags' when HAVE_FCNTL is defined. This affected Windows builds.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/{e2p,ss}: remove manual declarations of errno

As per 'man 3 errno':

    On some ancient systems, <errno.h> was not present or did not
    declare errno, so that it was necessary to declare errno manually
    (i.e., extern int errno).   **Do not do this**.  It long ago ceased
    to be necessary, and it will cause problems with modern versions of
    the C library.

One of the platforms it causes a problem on is Windows:

    In file included from fgetversion.c:28:
    fgetversion.c: In function ‘fgetversion’:
    fgetversion.c:68:20: warning: ‘_errno’ redeclared without dllimport attribute: previous dllimport ignored [-Wattributes]
       68 |         extern int errno;
          |                    ^~~~~

Just remove these obsolete manual declarations of errno.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/e2p: fix a -Wunused-variable warning in getflags()

This affected Windows builds.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: suppress -Wstringop-truncation warning in blkid_strndup()

Unfortunately, gcc gets confused by blkid_strndup() and incorrectly
thinks the destination string is not being null-terminated. This is
part of -Wstringop-truncation, enabled automatically by -Wall in gcc 8
and later. Let's just suppress this warning here.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: suppress -Wunused-result warning in blkid_flush_cache()

When _FORTIFY_SOURCE is defined, glibc annotates link() with the
warn_unused_result function attribute.  With gcc, that makes
'(void) link()' cause a -Wunused-result warning, despite the explicit
cast to void.  That's annoying, since the use case in lib/blkid/save.c
is legitimate (opportunistic backup).  So let's suppress this warning.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/blkid: fix -Wunused-variable warning in blkid_get_dev_size()

This showed up when building for Windows. It's hard to conditionally
define this variable, so use the 'unused' attribute.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>