Commit Graph

6412 Commits

Author SHA1 Message Date
Theodore Ts'o
1d4074f3ed libext2fs: chage ext2_off_t and ext2_off64_t to be signed types
The ext2_off_t and ext2_off64_t types are used by ext2_file_lseek()
and ext2_file_llseek(), and they need to be signed so that it can be a
negative offset from the end of the file when EXT2_SEEK_END is used.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:35 -05:00
Theodore Ts'o
193cf9be4b libext2fs: use __u64 instead of ext2_off64_t in qcow.c
The type ext2_off64_t should only be used in the context of the ext2fs
library's llseek() and ftruncate() analogs, ext2_file_llseek() and
ext2_inode_set_size().  That's because like the POSIX.1's off_t, it
needs to be a signed integer value so that SEEK_END will work
correctly.

qcow.c's use of ext2_off64_t is only internal, and not in any exposed
interfaces, so changes nothing; it just prepares us to be able to
change the type of ext2_off64_t.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:35 -05:00
Li Dongyang
d23f88ebaa mke2fs: fix setting bad blocks in the block bitmap
We mark the bad blocks as used on fs->block_map before allocating
group tables.  Don't translate the block number to cluster number when
doing this, the fs->block_map is still a block-granularity allocation
map, it will be coverted later by ext2fs_convert_subcluster_bitmap().

Signed-off-by: Li Dongyang <dongyangli@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:35 -05:00
Benno Schulenberg
6607eaad26 e2image: remove redundant -fr from man page and usage message
Also, add a missing dash and two missing brackets and two missing
spaces, and remove three excess spaces.

Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:35 -05:00
David Anderson
67467ea5d7 AOSP: e2fsdroid: Skip Base FS entries that no longer exist.
Don't reserve blocks in the base map if the file does not exist in the
target image. This can happen if a file is removed or renamed in between
two builds. If the removed file is quite large, skipping it is important
since otherwise it will prevent blocks from being allocated for new files.

Bug: 145316683
Test: e2fsdroid with dynamic partitions
Change-Id: I63a9372c58adeaae3e1235fd92fed78a284ed391
From AOSP commit: 2b6646a3d2a7dd9972275cb829239ae033762da5
2020-01-01 13:41:35 -05:00
David Anderson
0f3291fdf1 AOSP: e2fsdroid: Allow re-use of deduplicated blocks.
When using a Base FS map, track deduplicated blocks in a separate
bitmap. The first inode to request a block from this set will succeed
in getting the block. Blocks in the dedup set are not available for
libext2fs to allocate; this ensures that previously deduplicated blocks
are re-used for their original purpose.

Note that deduplication takes priority over block allocation, so that
once a block is removed from the dedup set, that does not actually
prevent it from being re-used. Similarly, a file that was not previously
sharing a block may have its blocks shared in the new image.

Bug: 145316683
Test: e2fsdroid with dynamic partitions
Change-Id: I73856faa5d294a7b5fb985ccd1a6974a989481ea
From AOSP commit: 4e55425ff5d7d7cea27dcf79125766762e2b3529
2020-01-01 13:41:35 -05:00
David Anderson
af4d3f8916 AOSP: e2fsdroid: Do not allocate invalid blocks from BaseFS.
If certain metadata properties change in between builds, such as the
inode table size, then block mappings may not be valid from one build to
the next. For example, build A could allocate block N for a file. If
build B has a larger inode table, block N may no longer be a data block.

In this case, we need to remove the block from the BaseFS range list so
we do not give it back to libext2fs for writing data. We do this with a
new "owned_block_map" bitmap. If a block from the base FS is not in use
by the initial image, and is not used by any other file, it is
considered owned, and can be claimed by that file.

Note that while this produces correct images, it also prevents
deduplicated blocks from being re-used. This will be addressed in a
follow-up patch.

Bug: 145316683
Test: e2fsdroid block mapping with dynamic partitions
Change-Id: I3145e45156f7879bdf956384723fab4bd69acb93
Signed-off-by: David Anderson <dvander@google.com>
From AOSP commit: b3d1ccdb673772588b7bb14c4581980ef549a0b8
2020-01-01 13:41:35 -05:00
David Anderson
dcbe79c4fa AOSP: e2fsdroid: Refactor basefs allocation.
This refactors base_fs_alloc_load() to address two issues. First, the
failure cases have been made simpler by factoring out a common helper
for freeing a base_fs_allocator. Second, we no longer return
EXIT_FAILURE, since this is not an errcode_t.

Bug: 145316683
Change-Id: I8b28c684ecf3423b605b550177d7ead4eb2821a4
From AOSP commit: b461ade872a809ab913d7506e9b8ed597d57dc87
2020-01-01 13:41:34 -05:00
David Anderson
269f4c1bc7 AOSP: e2fsdroid: Refactor block_range.
block_range is a singly-linked list, but the head/tail links are
manually managed all over. Instead, introduce a block_range_list
structure and refactor list helpers to operate on this instead. This
ensures head/tail are maintained properly (in some cases, like
delete_block_range, they were not).

Bug: 145316683
Test: manual test
Change-Id: Ieec6324549e2c3a71129871f703f4f0a37aeb1fa
From AOSP commit: 4220594792297619d2e70a29476667d1698dbd63
2020-01-01 13:41:34 -05:00
Justin Yun
c7b7c439bd AOSP: Add vendor_available: true
Make libext2-headers and libext2_uuid available to vendor and
product. They are required by f2fs-tools which are installed in
product partition.

Bug: 120954888
Bug: 145580164
Test: set PRODUCT_PRODUCT_VNDK_VERSION := current and build
Change-Id: Ibf5678448f9efbcb72c0544a3a50280fbfee2f38
From AOSP commit: 2c79a5f79197c090fc9c9534546f4ab4f7690809
2020-01-01 13:41:34 -05:00
Wang Shilong
101e73e99c e2fsck: fix use after free in calculate_tree()
The problem is alloc_blocks() will call get_next_block() which might
reallocate outdir->buf, and memory address could be changed after
this.  To fix this, pointers that point into outdir->buf, such as
int_limit and root need to be recaulated based on the new starting
address of outdir->buf.

[ Changed to correctly recalculate int_limit, and to optimize how we
  reallocate outdir->buf.  -TYT ]

Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:34 -05:00
Wang Shilong
927ebc78a2 e2fsck: fix to return ENOMEM in alloc_size_dir()
Two memory allocation return check is missed.

Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:34 -05:00
Theodore Ts'o
3a15d85bfb ext2fs: add ext2fs_get_stat_i_blocks() function
The function ext2fs_inode_i_blocks() is a bit confusing whether it is
returning the inode's i_blocks value, or whether it is returning the
value ala the stat(2) system call, which returns i_blocks in units of
512 byte sectors.  This caused ext2fs_inode_i_blocks() to be
incorrectly used in fuse2fs and the function quota_compute_usage().

To address this, we add a new function, ext2fs_get_stat_i_blocks()
which is clearly labelled what it is returning, and use it in fuse2fs
and quota_compute_usage().  It's also a bit more convenient to use it
in e2fsck, so use it there too.

Reported-by: Wang Shilong <wangshilong1991@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2020-01-01 13:41:28 -05:00
Theodore Ts'o
dae1ecc244 fuse2fs: add support for 32-bit uids and gids
Previously, uids were truncated at 16 bits because we weren't properly
handling i_uid_high and i_gid_high.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-20 15:16:09 -05:00
Theodore Ts'o
23f94dde25 mke2fs: fix "mke2fs -d /path/to/files" to support 32-bit uids and gids
https://github.com/tytso/e2fsprogs/issues/29

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-20 14:58:41 -05:00
Theodore Ts'o
71ba137553 e2fsck: don't try to rehash a deleted directory
If directory has been deleted in pass1[bcd] processing, then we
shouldn't try to rehash the directory in pass 3a when we try to
rehash/reoptimize directories.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-20 12:39:00 -05:00
Theodore Ts'o
8dd73c149f e2fsck: abort if there is a corrupted directory block when rehashing
In e2fsck pass 3a, when we are rehashing directories, at least in
theory, all of the directories should have had corruptions with
respect to directory entry structure fixed.  However, it's possible
(for example, if the user declined a fix) that we can reach this stage
of processing with a corrupted directory entries.

So check for that case and don't try to process a corrupted directory
block so we don't run into trouble in mutate_name() if there is a
zero-length file name.

Addresses: TALOS-2019-0973
Addresses: CVE-2019-5188
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-20 12:38:53 -05:00
Theodore Ts'o
c4e7324243 e2fsck: optimize away repeated calls to gettext()
Optimize _("getting next inode from scan") so it is not called for
each initialized inode in the file system, and make a similar
optimization in pass 2 for each directory block.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-13 23:30:53 -05:00
Theodore Ts'o
1f0f27059a e2scrub: fix the 30 second timeout when trying to remove a snapshot
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-12-13 23:23:06 -05:00
Theodore Ts'o
bb7a3dc251 Add a program to test images provided by UBSAN fuzzing reports
This program calls a few ext2fs library functions used by the current
generation of libext2fs fuzzers, and is helpful in reproducing UBSAN
failures reported externally.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-22 23:27:47 -05:00
Theodore Ts'o
612296d63e libext2fs: define PATH_MAX if not provided by the system headers
This is needed to compile on Illumos and its derivatives.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-22 23:26:39 -05:00
Darrick J. Wong
3f21d82395 tune2fs: prohibit toggling uninit_bg on live filesystems
An internal customer followed an erroneous AskUbuntu article[1] to try to
change the UUID of a live ext4 filesystem.  The article claims that you
can work around tune2fs' "cannot change UUID on live fs" error by
disabling uninit_bg, changing the UUID, and re-enabling the feature.

This led to metadata corruption because tune2fs' journal descriptor
rewrite races with regular filesystem writes.  Therefore, prevent
administrators from turning on or off uninit_bg on a mounted fs.

[1] https://askubuntu.com/questions/132079/how-do-i-change-uuid-of-a-disk-to-whatever-i-want/195839#459097

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-20 22:58:55 -05:00
Eric Biggers
446483e398 chattr.1: say "cleared" instead of "reset"
Setting a bit to 0 is normally called "clearing", not "resetting"; and
chattr.1 already says "clear" in some places.  Use "clear" consistently.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Eric Biggers
f08f1c6492 chattr.1: clarify that ext4 doesn't support tail-merging either
This old text was never updated to mention ext4 in addition to ext2 and
ext3.  Do so now.  Also don't bother to mention old unmerged patches.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Eric Biggers
26d6e57c5c chattr.1: fix some grammatical errors
- "can only be open" => "can only be opened"
- "is not candidate" => "is not a candidate"
- "written ... on the disk" => "written ... to the disk"

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Eric Biggers
6e58704680 chattr.1: add casefold attribute to mode string
When the casefold attribute ('F') was added to the chattr man page, it
was forgotten to add it to the mode string.  Add it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Eric Biggers
93cea43534 chattr.1: adjust documentation for encryption attribute
Adjust the documentation for the encryption attribute ('E') to clarify
that encryption isn't experimental anymore and isn't restricted to
regular files, and that the encryption is done by the filesystem.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Eric Biggers
be335e31e7 chattr.1: document the verity attribute
Document the verity file attribute ('V').

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-18 12:14:33 -05:00
Theodore Ts'o
b9bb6a512e configure: don't fail if /usr/include/sys/mount.h does not exist
The AX_CHECK_MOUNT_OPT macro fails if /usr/include/sys/mount.h.
Unfortunately, the GNU HURD doesn't have this header file.  Drop the
requirement, since if it doesn't exist, the macro will assume that
given mount options don't exist, which for e2fsprogs is used to test
to for the existence of the mount options nosuid and nodev.  This is
only used for fuse2fs, and HURD doesn't support fuse2fs anyway.

Addresses-Debian-Bug: #944649
Reported-by: Svante Signell <svante.signell@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-13 13:55:29 -05:00
Theodore Ts'o
ea4d53b7b9 libext2fs/ismounted.c: check device id in advance to skip false device names
If there is a trickster which tries to use device names as the mount
device for pseudo-file systems, the resulting /proc/mounts can confuse
ext2fs_check_mount_point().  (So far as I can tell, there's no good
reason to do this, but sysadmins do the darnest things.)

An example of this might be the following /proc/mounts excerpt:

/dev/sdb /mnt2 tmpfs rw,relatime 0 0
/dev/sdb /mnt ext4 rw,relatime 0 0

This is created via "mount -t tmpfs /dev/sdb /mnt2" followed via
"mount -t ext4 /dev/sdb /mnt".  (Normally, a sane mount of tmpfs would
use something like "mount -t tmpfs tmpfs /mnt2".)

Fix this by double checking the st_rdev of the claimed mountpoint and
match it with the dev_t of the device.  (Note that the GNU HURD
doesn't support st_rdev, so we can't solve this problem for the HURD.)

Reported-by: GuiYao <guiyao@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-10 12:11:49 -05:00
Jan Kara
ac94445fc0 resize2fs: make minimum size estimates more reliable for mounted fs
Currently, the estimate of minimum filesystem size is using free blocks
counter in the superblock. The counter generally doesn't get updated
while the filesystem is mounted and thus the estimate is very unreliable
for a mounted filesystem. For some usecases such as automated
partitioning proposal to the user it is desirable that the estimate of
minimum filesystem size is reasonably accurate even for a mounted
filesystem. So use group descriptor counters of free blocks for the
estimate of minimum filesystem size. These get updated together with
block being allocated and so the resulting estimate is more accurate.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-10 08:13:53 -05:00
Darrick J. Wong
04335dbf32 e2scrub_all: fix broken stdin redirection
gregor herrmann reports that the weekly e2scrub cronjob emits these
errors:

/sbin/e2scrub_all: line 173: /proc/8234/fd/pipe:[90083173]: No such file or directory

The root cause of this is that the ls_targets stdout is piped to stdin
to the entire ls_targets loop body to prevent the loop body from reading
the loop iteration items.  Remove all the broken hackery by reading the
target list into a bash array and iterating the bash array.

Addresses-Debian-Bug: #944033

Reported-by: gregor herrmann <gregoa@debian.org>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-09 20:29:12 -05:00
Darrick J. Wong
333268d65d e2scrub_all: don't even reap if the config file doesn't allow it
Dave Chinner complains that the automated on-boot e2scrub reaping takes
a long time (because the lvs command can take a while to run) even
though the automated e2scrub is disabled via e2scrub.conf on his
systems.

We still need the reaping service to kill off stale e2scrub snapshots
after a crash, but it's unnecessary to annoy everyone with slow bootup.
Because we can look for the e2scrub snapshots in /dev/mapper, let's
skip reaping if periodic e2scrub is disabled unless we find evidence of
e2scrub snapshots in /dev.

Reported-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-09 20:29:12 -05:00
Theodore Ts'o
b99ffaffc9 libext2fs: verify the block numbers for the allocation bitmaps are valid
This avoids a potential UBsan failure when we multiply an insanely
high block number with the block size and we get a multiplication
overflow.

Google-Bug-Id: 128130353
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-08 12:02:48 -05:00
Theodore Ts'o
a2a8cec68c libext2fs: properly free the bitmaps in read_bitmap()'s error/cleanup path
Use ext2fs_free_{block,inode}_bitmaps() instead of ext2fs_free_mem()
to avoid some memory leaks if there is an error while calling
read_bitmaps().

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-08 09:49:51 -05:00
Theodore Ts'o
6dac306792 Fix UBSan when shifting (1LL << 63)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-04 21:22:54 -05:00
Theodore Ts'o
41c05c9dc2 libext2fs: fix UBSan when updating an inline_data file
What memcpy does when the length is zero is not well-defined.  So
avoid it.

Bug: https://github.com/tytso/e2fsprogs/issues/25
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-04 18:43:49 -05:00
Theodore Ts'o
9bfbf1d5b9 libext2fs: fix bug when reading or writing more than 2GB in unix_io
If count * block_size exceeds 2GB, we will overflow a 32-bit signed
integer value.  This shouldn't happen in practice except for
fuzz-corrupted file systems, but let's fix the code so it's correct.

Bug: https://github.com/tytso/e2fsprogs/issues/24
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-11-04 16:43:41 -05:00
Eric Biggers
8692a3acf9 AOSP: Link to production releases, not testing releases
The testing links are not stable and are not guaranteed to exist.

Test: After re-generating the generated files, the link works now.
Change-Id: I36e73ef74571b3246f470280a75ae1098245eff5
From AOSP commit: 5971f6a5113b12b33d9454229bf27621853e1da7
2019-10-31 18:53:29 -04:00
Eric Biggers
de027d1c7a AOSP: Add new source files to Android.bp files
Test: see I3781b6d1e55923e9410644e8a7ba834b4d13b733
Change-Id: Ie071b30937dcf73f34df5dc3aa08d23ae30d9c63
From AOSP commit: d2a16e1616b807a6143b9c6232a1c54f90dc06f6
2019-10-31 18:51:34 -04:00
Theodore Ts'o
41479cc21d Define the codepoint for the fast_commit compat feature
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-10-03 21:15:22 -04:00
Theodore Ts'o
c2a8499d5d Update release notes, etc., for the 1.45.4 release
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 16:04:59 -04:00
Eric Biggers
040cd2479d tune2fs.8: tweak the documentation for the encrypt feature
Try to make it clearer that enabling 'encrypt' just enables *support*
for encryption; it doesn't actually encrypt anything by itself.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Eric Biggers
5f1e5f5e88 tune2fs.8: document the verity feature
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Eric Biggers
4ef530d95a ext4.5: tweak the documentation for the encrypt feature
Try to make it clearer that enabling 'encrypt' just enables *support*
for encryption; it doesn't actually encrypt anything by itself.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Eric Biggers
4cc90574e4 ext4.5: document the verity feature
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Eric Biggers
4ecbee2cfd ext4.5: document first kernel version to support casefold feature
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Eric Biggers
fea937ee09 ext4.5: move casefold feature to correct position
The features are listed in alphabetic order, so put the casefold feature
in the right place.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:28:36 -04:00
Theodore Ts'o
8111b79da7 e2scrub_all: make sure fd 3 is closed before running lvm commands
Some versions of cron leave fd 3 open for some unknown reason.  So
when e2scrub_all is run by cron (on non-systemd systems) this results
in an annoying message from the Cron Daemon because lvm will print
warning messages about "leaked file descriptors.  So force close fd 3
at the beginning of e2scrub and e2scrub_all.

Addresses-Debian-Bug: #940240
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:17:13 -04:00
Trần Ngọc Quân
1b866f5584 po: update vi.po (from translationproject.org)
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-09-23 13:10:37 -04:00