git://git.whamcloud.com - tools/e2fsprogs.git/log

libsupport: fix memory leak in error path in quota_compute_usage()

Fixes-Coverity-Bug: 1362023
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix potential resource leak in ext2fs_file_write

If EXT2_FLAG_SHARE_DUP is set, and ext2fs_bmap2() fails, it's possible
that we will leak the allocated memory in new_block.

Fixes-Coverity-Bug: 1437473
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc: add e2mmpstatus utility via dumpe2fs

e2mmpstatus is a Multi-Mount Protection (MMP) helper utility to read
an MMP block to see if it is being updated. It can also output the
latest update time, nodename, and device from the MMP block.

This is useful for HA and other maintenance scripts to determine if
the filesystem is in use on another node, and which node it is.

Signed-off-by: Shuichi Ihara <sihara@ddn.com>
Signed-off-by: Li Xi <lixi@ddn.com>
Signed-off-by: Wang Shilong <wshilong@ddn.com>
Moved e2mmpstatus checking/dumping code to be part of dumpe2fs rather
than a standalone program, using the "-m" option to check MMP status,
and "-i" to dump info. If dumpe2fs is called as "e2mmpstatus" (and
also "mmpstatus" for compatibility reasons), assume "-m" is specified.

Re-use the existing MMP block handing routines (with some changes) to
check and dump the MMP block, rather than adding duplicate versions.

Modify dumpe2fs to exit with a non-zero error code if there is an
error while reading the filesystem metadata or MMP block, or if
"-m" is used with the "mmp" feature and is in use by another node.

Add a configure check for gethostname() rather than depending on
_BSD_SOURCE or _XOPEN_SOURCE to be set.

Update the f_mmp, m_mmp, m_mmp_bad_csum, and m_mmp_bad_magic tests
to use e2mmpstatus to check and dump the MMP state before and after
e2fsck is run to verify that the tool is working correctly.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: set dir_nlink feature if large dir exists

If there is a directory with more than EXT2_LINK_MAX (65000)
subdirectories, but the DIR_NLINK feature is not set in the
superblock, the feature should be set before continuing on
to change the on-disk directory link count to 1.

While most filesystems should have DIR_NLINK set (it was set
by default for all ext4 filesystems, and all kernels between
2.6.23 and 4.12 automatically set it if the directory link
count grew too large), it is possible that this flag is lost
due to disk corruption or for an upgraded filesystem. We no
longer want kernels to automatically enable features.

Addresses: https://bugzilla.kernel.org/show_bug.cgi?id=196405
Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: remove pre-generated f_extent_htree image

The f_extent_htree test depends on the "mke2fs -d" functionality
that did not exist in the maint branch when the patch was landed.
On master this functionality exists and should be used instead of
a pre-generated image. That exercises the "mke2fs -d" functionality
as well as e2fsck better.

[ Fixed to add missing expect.pre.? files --tytso ]

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: don't run sed multiple times on test output

Don't call sed multiple times on the output, and avoid the use
of temporary files, or if possible. It would be convenient to
use "sed -i" to only update the output file once, but this is
not portable to all platforms.

[ Fixed a few test regression failures --tytso ]

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: remove redundant sed filtering

Now that the majority of device name filtering is in filter.sed,
it does not need to be specified explicitly for every test.

Fix the error message printed in debugfs when opening the device
to match that used in other tools. This simplifies the filtering,
and will be helpful if debugfs messages are internationalized.

[ Fixed up some test failures in m_hugefile t_uninit_bg_rm --tytso ]

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

ext2fs: annotate superblock/inode offsets

Add byte offsets for the fields in ext2_super_block and ext2_inode
for convenience when debugging on-disk structures.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: clean up $DEBUGFS_EXE usage in scripts

Instead of putting the entire test script under an implicit
"if test -x $DEBUGFS_EXE" conditional (sometimes indenting
the code, and sometimes not), rather check for the reverse
and exit the test script early if $DEBUGFS_EXE is missing.

In some places, tests were running $DEBUGFS_EXE directly,
when they should be running $DEBUGFS (which will run with
Fortify, or other options).

[ Fixed up missing exit statement in f_detect_junk. --tytso ]

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: don't unlink test image if SKIP_UNLINK set

Don't register a trap to unlink $TMPFILE at the test exit if
SKIP_UNLINK is set. Otherwise, this makes it difficult to
debug a failing test.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: don't use a sparse test file

If the TEST_BITS file is sparse, then the "debugfs -R write"
command may skip holes in the file when copying it into the
test image (depending on whether SEEK_HOLE/SEEK_DATA and/or
FIEMAP are available in the copy_file() function).

This was causing test failures on MacOS in the f_dup_resize
and d_loaddump tests because the TEST_BITS file was the
compiled "debugfs" binary, which apparently has holes when
built on MacOS, and the number of blocks allocated in the
test image was reduced as a result.  This caused the expect
output to differ in the summary line and resulted in failure.

Instead of using the debugfs binary for TEST_BITS, generate
a temporary file using /dev/urandom, if available.  If not,
fall back to the old behaviour or using debugfs.

[ Fixed up use of non-POSIX /bin/sh constructs and add test_data.tmp to
  .gitignore and files to be deleted on a make clean. --tytso ]

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: don't corrupt an blkmap64_rb when marking a range of size zero

Calling ext2fs_mark_block_bitmap_range2() with a count of zero can end
up corrupting the red-black block bitmap structure, since a an entry
in the rbtree with zero-length extent can end up causing the
find_first_{zero,set} operations to return incorrect results.

This was found by Adam Buchbinder, who created a fuzzed file system
using which AFL that caused e2fsck to hang in an infinite loop in in
e2fsck's readahead code.

Added a regression test to detect this failure.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

filefrag: don't ignore fsync errors

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

AOSP: Mark as recovery_available:true

Libraries that are direct or indirect dependencies of modules installed
to recovery partition (e.g. adbd) are marked as recovery_available:
true. This allows a recovery variant of the lib is created when it is
depended by other recovery or recovery_available modules.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 79146551
Test: m -j
Change-Id: I9db889c15e1f563a1e3f4e7dc5b630d19e3cf4c0
From AOSP commit: 4a9d5f4211818c70a1b2414e3774197386b7f245

AOSP: e2fsck: imply -f when using -E unshare_blocks

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Test: e2fsck -E unshare_blocks does a full scan
Change-Id: Idc36ceba3bf24e1fb1487feedefe9a68f9acc7f3
From AOSP commit: 7c180d6598363722de6195d142d7677bbc2b0161

AOSP: e2fsck: allow read-only testing if -E unshare_blocks will succeed

If -E unshare_blocks is used with -n, it will normally fail since the
filesystem is read-only. For Android's "adb remount" it is more useful
to report whether or not the unshare operation would succeed, were the
filesystem writable. We do that here by ignoring certain write
operations if -E unshare_blocks is specified with -n. It is not perfect,
since the actual unshare operation could still fail (for example if
new extents need to consume additional blocks).

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Test: e2fsck -f -n -E unshare_blocks on deduplicated image
Change-Id: Ia50ceb7b3745fdf8766cff06c697818f07411635
From AOSP commit: 9e76dc0f65d8a8dec27f57b9020e81cbbbe12faf

AOSP: Support UID/GID mapping

This reverts commit 797c9c47d8419f58f752a96ae972423ca32b4c30.
with the fix.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 78561186
Test: Ran on DUT.
Change-Id: I0d903cb08373aa5e9d79a1601d2e5ea9a59573fe
From AOSP commit: 5250966f2b7b7b4643235551b125ddbcfbd3d609

AOSP: libext2fs: Track the libsparse API change.

libsparse is updating the 'len' parameter, from 'int' to 'size_t', in
the callback parameter of sparse_file_foreach_chunk(). The value
represents the chunk size, which could be legitimately larger than
INT_MAX.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 78432315
Test: `m dist` with aosp_marlin-userdebug
Change-Id: I35f8a528aff461ce4d3b492a7ca2d4a23592be54
From AOSP commit: 019bed178935585d28cf702a8090a5598415312b

AOSP: e2fsck: Add an extended option for unsharing blocks.

Add an -E unshare_blocks flag for unsharing blocks that were created for
a filesystem with block sharing enabled. If the filesystem does not have
this feature enabled, the flag has no effect. If the filesystem does not
have free space, e2fsck will error.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Test: f_unshare_blocks_no_space, f_unshare_blocks_ok
Change-Id: I8821353e9e6200c6c0c71dd22f4f43d796fc720c
From AOSP commit: 8ba190e3135d61501d3a694b6960c2fbee98e7a6

AOSP: e2fsck: Skip duplicate blocks when RO_COMPAT_SHARED_BLOCKS is set.

If RO_COMPAT_SHARED_BLOCKS is set, the duplicate block pass is skipped
entirely.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Test: f_shared_blocks_ok
Change-Id: I49a9d6c5012d5e76c9a47578a45cae7484df4c4a
From AOSP commit: 93d12bc16bffd39a56b1e08aefbc641eba298077

AOSP: libext2fs: fix indentation whitespace

This fixes some whitespace inconsistency caused by change 3d7abcc.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Change-Id: I39862e542d1a502fac2f31ff08177d16db56d0c0
From AOSP commit: df538fa7eef0e67546f8abfc7d4eb1e8503cd9a4

AOSP: libext2fs: increment i_blocks for shared blocks

This fixes an incorrect i_blocks count when using shared blocks.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Change-Id: I44a4997f6a93f2a3fc9aa362fd39d72e7cc9ff84
From AOSP commit: 632cc1f02d47ce54d9f17ca5d80c2d7ba2851020

AOSP: libext2fs: add EXT2_FLAG_SHARE_DUP to de-duplicate data blocks

When assigning physical address for new data block, search sha
of existing blocks for match. If there's a match, reuse address
of the matched block.

Also set EXT4_FEATURE_RO_COMPAT_SHARED_BLOCKS in de-duped image.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Change-Id: I8d2d22e9c301264413c1454c84d7bf6bb32ac5c0
From AOSP commit: 3d7abcc7843d6dfdfdafabf43f5e072cb7aaffbd

AOSP: e2fsdroid/libext2fs: move hashmap into libext2fs

Also update it so that hash key can be arbitrary length instead of
null terminated string.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Google-Bug-Id: 64109868
Change-Id: Icb0d91d5d753e86edaffcacb043b6f1aa429a528
From AOSP commit: 9491100ffb74b13a10b5b0425b7691c3449ac2e6

e2fsck: report only one sb corruption

check_super_value() does not terminate in case of error anymore since
c8b20b40ebf0 "misc: add plausibility checks to
debugfs/tune2fs/dumpe2fs/e2fsck" which removed the PR_FATAL flag from
PR_0_SB_CORRUPT problem. This results in potentially many errors for
superblock being printed including the long message about how to deal
with corrupted superblock. Restore the original behavior of reporting
only one error and also remove the comments 'never get here' as they are
not true anymore.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

ext2fs: don't check s_inodes_count with EXT2_FLAG_IGNORE_SB_ERRORS

Don't verify s_inodes_count is correct with EXT2_FLAG_IGNORE_SB_ERRORS
flag set. This allows e2fsck and debugfs to fix this value.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: allow fixing superblock errors in catastrophic mode

Open filesystem with EXT2_FLAG_IGNORE_SB_ERRORS flag in catastrophic
mode so that superblock errors can be fixed in debugfs.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: allow read-write opening in catastrophic mode

Allow filesystem to be open read-write in catastrophic mode so that one
can fixup e.g. superblock breakage. The CHECK_FS_BITMAPS flag to
common_args_process() still guards us from doing operations on bitmaps
which we don't load in this mode.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: handle s_inodes_count corruption properly

When s_inodes_count would overflow given number of groups and inodes per
group, we cannot currently fix the breakage in e2fsck as that requires
trimming number of groups or inodes per group which both means data &
inode migration etc. Just trimming sb->s_inodes_count is not enough as
kernel's inode allocation code is not able to handle filesystems where
not all inodes in the last group are usable. So don't pretend we can fix
s_inodes_count overflow by just trimming the s_inodes_count value.

When s_inodes_count is just wrong but will not overflow, let's fix it.
Also move this check before we use s_inodes_count for checking
s_first_ino.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: allow to fix some superblock corruptions

Add a flag to ext2fs_open() which allows to open a filesystem even if
superblock is somewhat inconsistent. Use this flag from e2fsck as a last
resort to try to fix the superblok.

Currently, the flag does nothing. We'll relax checks in ext2fs_open()
once e2fsck is able to handle corresponding corruption gracefully.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: don't create filesystems with meta_bg and resize_inode

ext2fs_initialize() may end up enabling meta_bg feature for filesystem
which have resize_inode. Such combination is invalid to make sure we
disable resize_inode when enabling meta_bg.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

resize2fs: add missing EOL to error message

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix overflow when checking s_inodes_count in ext2fs_open()

The check whether s_inodes_count is correct in ext2fs_open() can
overflow and thus not catch all problematic cases. Fix the test.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix possible inode count overflow when creating fs

If blocks count is exactly 1<<32, then the code computing number of
inode count in ext2fs_initialize() will overflow and set number of
inodes to 0 (which will be later fixed up to EXT2_FIRST_INODE(super)+1).
Fix the off-by-one bug in the check.

Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: allow file systems which have insane values in s_desc_size

If the 64-bit feature is not set, the kernel does not pay attention to
the s_desc_size field in the superblock. Change ext2fs_open2() and
other library functions to similarly ignore s_desc_size if the 64-bit
feature is not set.

The EXT2_DESC_SIZE macro should be used in most cases instead of
referecing the s_desc_size field directly.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: add support to display details of extended attribute structures

Teach the inode_dump and block_dump commands the -x option, which
tries to interpret the data structures as xattr data strucgtures.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e4defrag: fix typo in man page

Addresses-Launchpad-Bug: #1743553

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: add -b and -e options to the inode_dump command

Teach the inode_dump command to dump out just the i_block array and
the extra space in the inode, as a convenience to someone
investigating a corrupted inode.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update vi.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update uk.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update sv.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update pl.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update fr.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update es.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update cs.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsprogs: Use 32-bit variant of ext2fs_swab to read i_projid

i_projid is a 32-bit field of the inode. Hence this commit uses
ext2fs_swab32() to convert the i_projid field from the on-disk little
endian format to the host cpu format. Without this change, project quota
consistency check used to fail on big endian powerpc systems.

Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>

Update release notes, etc., for the 1.44.2 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update pl.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: demote e2fsprogs from Essential: yes to XB-Important: yes

Addresses-Debian-Bug: #474540

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

mke2fs: print error string if ext2fs_close_free() fails

There are multiple reasons why ext2fs_close_free() might fail, not
just an I/O error while writing out a backup superblock. Print the
error code, and then allow mke2fs to exit with an exit status code of
1, instead of whatever random error code ext2fs_close_free() might
have returned with.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Use @AR@ instead of hardcoded 'ar'

e2fsprogs currently hardcodes 'ar' in one of it's makefiles. This is
fixed with this patch:

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsprogs: fix Free Software Foundation address

This is mostly automatic replace of Free Software Foundation address in
all our files with the correct address that can be found at
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

chattr.1: 'a' and 'i' attribute do not affect existing file descriptors

Change chattr man page to make it clear that 'i' and 'a' attributes
does not affect the ability to write to already existing file
descriptors

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: add changelog entry for 1.44.1-2 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: don't leave temp files behind after running i_bitmaps

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: warn if checkinterval and broken_system_clock both set

If broken_system_clock is set in e2fsck.conf and this causes
the check interval to be ignored, make that clear to the user:

e2fsck 1.44.1 (24-Mar-2018)
/dev/sda1: ignoring check interval, broken_system_clock set
/dev/sda1: clean, 11/65536 files, 12955/262144 blocks

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>

e2image: fix metadata image handling on big endian systems

Currently e2image metadata image handling and creating is completely
broken on big endian systems. It just does not care about endianness at
all. This was uncovered With addition of i_bitmaps test, which is the
first test that actually tests e2image metadata image.

Fix it by making sure that all on-disk metadata that we write and read
to/from the metadata image is properly converted.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: add new test f_ea_inode_self_ref

Make sure we can handle a maliciously created file system containing
an inode containing an extended attribute whose e_value_inum points
back at itself.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: add sanity checks for ea_in_inode

An inode containing the value for an extended attribute (aka an
ea_in_inode) must not have the INLINE_DATA flag and must have the
EA_INODE flag set. Enforcing this prevents e2fsck and debugfs crashes
caused by a maliciously crafted file system containing an inode which
has both the EA_INODE and INLINE_DATA flags set, and where that inode
has an extended attribute whose e_value_inum points to itself.

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: don't use "debugfs -f /dev/stdin"

Don't use "debugfs -f /dev/stdin" for portability reasons --- not all
systems have /dev/stdin. Simply dropping "-f /dev/stdin" works just
fine.

Signed-off-by: Ingo Brückl <ib@wupperonline.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: use mke2fs and debugfs from the build tree

The tests f_bigalloc_badinode and f_bigalloc_orphan_list were not
using the version of mke2fs and debugfs from the build tree, and if
mke2fs and debugfs are not in the user's PATH, these tests would fail.
Fix this.

Reported-by: Somchai Smythe <buraphalinuxserver@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: adjust quota counters when clearing orphaned inodes

If e2fsck encounters a filesystem that supports internal quotas, it is
responsible for adjusting the quota counters if it decides to clear any
orphaned inodes. Therefore, we must read the quota files, adjust the
counters, and write the quota files back out when we are done.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

filefrag: avoid temporary buffer overflow

If an unknown flag is present in a FIEMAP extent, it is printed as a
hex value into a temporary buffer before adding it to the flags. If
that unknown flag is over 0xfff then it will overflow the temporary
buffer.

Reported-by: Sarah Liu <wei3.liu@intel.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-10335
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update release notes, etc., for the 1.44.1 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: support operating systems that don't have strnlen()

Someone was trying to build e2fsprogs on MacOS 10.6.8, and ran into
build problems because MacOS didn't have strnlen() support until seven
years ago.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Jens Bauer <jens@plustv.dk>

Add some minor clarifications to chattr's man page

Addresses-Debian-Bug: #890390

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debian: add Vcs-* fields to debian packaging

Addresses-Debian-Bug: #887512

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: explicitly specify 1k block sizes when creating test file systems

On the Hurd, mke2fs will force the use of 4k block sizes by default
because the Hurd's implemntation of ext2 doesn't support any other
block sizes. This causes spurious test failures. Since these test
are testing e2fsprogs functionality, force the use of 1k block sizes
so the test output matches the expected output.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update sv.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: delete bad inode fix for bigalloc

While deleting a bad inode in fsck pass2, we should remove clusters
only once. We do it by remembering last released cluster while
deleting clusters one by one.

Signed-off-by: Harshad Shirwadkar <harshads@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: release clusters only once in release_blocks_proc

While killing file by inode in debugfs (kill_file_by_inode), if
bigalloc feature is turned on, release clusters only once. We do it by
remembering the last released cluster while releasing blocks. We
release a cluster only if it is not already released.

Signed-off-by: Harshad Shirwadkar <harshads@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

debugfs: read allocation bitmaps more efficiently

It is more efficient to use ext2fs_read_bitmaps() than to read the
inode and block bitmaps separately, since extra seeks.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: add new test i_bitmaps

This is a test to make sure e2image and its associated library
routines can correctly read the inode and block allocation bitmaps.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

util: allow subst to build in cross build environemnt

In a cross build environment we don't get definition of
HAVE_SYS_STAT_H from config.h, therefore we need to define it locally
in that case similar to HAVE_SYS_TIME_H.

Fixes: 7fd537401270 ("misc: add missing declarations on maint")
Signed-off-by: Robert Schiele <rschiele@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix reading bitmaps from e2image files

The loop termination code was broken, so that only the first block's
worth of bitmap data was getting read.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Kazuya Mio <k-mio@sx.jp.nec.com>

libext2fs: teach e2image imager to handle bigalloc file systems

Previously, "mke2fs -t ext4 -O bigalloc /tmp/foo.img 4G ;
e2image /tmp/foo.img /tmp/foo.e2i" would result in e2image
dumping core. Fix ext2fs_image_bitmap_write() so it handles
file systems with bigalloc correctly.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc: add makefile rules for dumpe2fs.static and e2image.static

These makefile targets are not built by default, but making them
available makes debugging easier.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

libext2fs: fix ext2fs_open2() error for meta_bg image file

dumpe2fs/debugfs can examine the image file by using the -i option.
However, if meta_bg feature is enabled, dumpe2fs/debugfs cannot open
the image file.

$ dumpe2fs -i test.img
dumpe2fs: Attempt to read block from filesystem resulted in short read while trying to open test.img
Couldn't find valid filesystem superblock.

In case of specifying an image file, the location of block group descriptors
is the same as the case of default filesystem regardless of meta_bg feature.
So if EXT2_FLAG_IMAGE_FILE flag is set in ext2fs_open2(),
don't use the meta_bg handling.

Signed-off-by: Kazuya Mio <k-mio@sx.jp.nec.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: add new test f_bigalloc_orphan_list

This is a regression test for the bugfix found in commit 707599bf:
"e2fsck: release clusters only once in release_inode_blocks"

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: release clusters only once in release_inode_blocks

While releasing inode blocks, if bigalloc feature is turned on,
release clusters only once. We do it by remembering the last released
cluster while iterating through blocks and releasing a cluster only if
it is not already released.

Signed-off-by: Harshad Shirwadkar <harshads@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

misc/fsck: fix potential memory leak on error path

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: fix endianness problem when reading htree nodes

Wrong directory block number can be saved in ->previous on big endian
system in parse_int_node(). Fix it by moving the mask out of the endian
conversion.

Fixes: ae9efd05a986 ("e2fsck: 3 level hash tree directory optimization")
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Fix build problems on the Hurd OS

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Fix date for v1.44.0 release notes

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update release notes, etc., for the 1.44.0 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update vi.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update uk.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update ms.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update fr.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update es.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

po: update cs.po (from translationproject.org)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Update release notes, etc., for the 1.44.0-rc2 release

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

tests: test e2fsck's handling of bad symlinks

Add a test which verifies that e2fsck will detect a variety of bad
symlinks, both fast and slow, and with several combinations of
filesystem features including extents, encryption, and inline_data.
There was already a similar test (f_badsymlinks), but it's an old test
that doesn't use any of these newer filesystem features.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: require that fast symlinks don't have EXT4_EXTENTS_FL

It doesn't make sense for EXT4_EXTENTS_FL to be set on a fast symlink.
The kernel doesn't set it, and it ignores it if set. Meanwhile, e2fsck
is stricter: it will try to validate the extent tree, which will almost
certainly fail (assuming the symlink is, in fact, a fast symlink).

Make this behavior more explicit by rejecting EXT4_EXTENTS_FL for fast
symlinks, rather than going ahead and trying to validate an extent tree.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: validate the targets of extent-based symlinks

e2fsck is validating the target (requiring that it be NUL-terminated at
i_size, or something a bit different for encrypted symlinks) of slow
symlinks that use a traditional block list but not ones that use an
extent tree. As far as I can tell this is simply a bug: there's no
reason for the representation of the block list to affect how the
symlink target is validated. And either way the kernel won't create
symlinks with embedded NULs and will always add a terminating NUL.

Thus, make e2fsck_pass1_check_symlink() start validating the targets of
extent-based symlinks.

Fixes: 7cadc57780f3 ("e2fsck: Support long symlinks which use extents")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: drop redundant checks of symlink i_size

e2fsck_pass1_check_symlink() verifies that the symlink inode's i_size is
less than the buffer length (60 for fast symlinks, fs->blocksize for
slow symlinks). But it also verifies that len == i_size &&
len < buflen, which already implies i_size < buflen. Thus, remove the
redundant checks of i_size.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: require i_size == fscrypt_symlink_data.len + 2

e2fsck validates that unencrypted symlinks have their strlen() equal to
i_size.  But it skips the equivalent check of i_size ==
fscrypt_symlink_data.len + 2 for encrypted symlinks.  Actually, the
encrypted symlink header is redundant with i_size and shouldn't exist.
But it's there, and the kernel does in fact use the length in the header
instead of i_size -- so e2fsck should validate the header.

Thus, remove the exception for encrypted symlinks, so e2fsck will now
require i_size == fscrypt_symlink_data.len + 2.  I think the exception
was only there originally because for encrypted fast symlinks we were
calculating the length using strnlen() which was wrong.  But that was
fixed by the previous patch.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

e2fsck: validate fscrypt_symlink_data.len for fast symlinks too

Both fast and slow encrypted symlinks are prefixed with the ciphertext
length field (fscrypt_symlink_data.len). But e2fsck was only checking
it for slow symlinks. Start checking it for fast symlinks too. This
matches the kernel handling of encrypted symlinks.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Merge branch 'maint' into next

e2fsck: validate that fscrypt_symlink_data.len is not too large

Make e2fsck start validating that the ciphertext length stored in the
header of an encrypted symlink target, plus the header itself, is no
larger than a filesystem block. Previously e2fsck only verified that
this size is not exactly equal to a filesystem block. This was
sufficient for unencrypted symlinks, where the "actual length" is
computed using strnlen(), but not for encrypted symlinks; the kernel
also considers encrypted symlinks with too-large ciphertext length to be
invalid.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>