1 /*
2  * e2fsck.c - superblock checks
3  *
4  * Copyright (C) 1993, 1994, 1995, 1996, 1997 Theodore Ts'o.
5  *
6  * %Begin-Header%
7  * This file may be redistributed under the terms of the GNU Public
8  * License.
9  * %End-Header%
10  */
11 
12 #ifdef HAVE_ERRNO_H
13 #include <errno.h>
14 #endif
15 
16 #ifndef EXT2_SKIP_UUID
17 #include "uuid/uuid.h"
18 #endif
19 #include "e2fsck.h"
20 #include "problem.h"
21 
22 #define MIN_CHECK 1
23 #define MAX_CHECK 2
24 #define LOG2_CHECK 4
25 
check_super_value(e2fsck_t ctx,const char * descr,unsigned long value,int flags,unsigned long min_val,unsigned long max_val)26 static void check_super_value(e2fsck_t ctx, const char *descr,
27 			      unsigned long value, int flags,
28 			      unsigned long min_val, unsigned long max_val)
29 {
30 	struct		problem_context pctx;
31 
32 	if (((flags & MIN_CHECK) && (value < min_val)) ||
33 	    ((flags & MAX_CHECK) && (value > max_val)) ||
34 	    ((flags & LOG2_CHECK) && (value & (value - 1) != 0))) {
35 		clear_problem_context(&pctx);
36 		pctx.num = value;
37 		pctx.str = descr;
38 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
39 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
40 	}
41 }
42 
43 /*
44  * helper function to release an inode
45  */
46 struct process_block_struct {
47 	e2fsck_t 	ctx;
48 	char 		*buf;
49 	struct problem_context *pctx;
50 	int		truncating;
51 	int		truncate_offset;
52 	e2_blkcnt_t	truncate_block;
53 	int		truncated_blocks;
54 	int		abort;
55 	errcode_t	errcode;
56 };
57 
release_inode_block(ext2_filsys fs,blk64_t * block_nr,e2_blkcnt_t blockcnt,blk64_t ref_blk EXT2FS_ATTR ((unused)),int ref_offset EXT2FS_ATTR ((unused)),void * priv_data)58 static int release_inode_block(ext2_filsys fs,
59 			       blk64_t	*block_nr,
60 			       e2_blkcnt_t blockcnt,
61 			       blk64_t	ref_blk EXT2FS_ATTR((unused)),
62 			       int	ref_offset EXT2FS_ATTR((unused)),
63 			       void *priv_data)
64 {
65 	struct process_block_struct *pb;
66 	e2fsck_t 		ctx;
67 	struct problem_context	*pctx;
68 	blk64_t			blk = *block_nr;
69 	int			retval = 0;
70 
71 	pb = (struct process_block_struct *) priv_data;
72 	ctx = pb->ctx;
73 	pctx = pb->pctx;
74 
75 	pctx->blk = blk;
76 	pctx->blkcount = blockcnt;
77 
78 	if (HOLE_BLKADDR(blk))
79 		return 0;
80 
81 	if ((blk < fs->super->s_first_data_block) ||
82 	    (blk >= ext2fs_blocks_count(fs->super))) {
83 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_BLOCK_NUM, pctx);
84 	return_abort:
85 		pb->abort = 1;
86 		return BLOCK_ABORT;
87 	}
88 
89 	if (!ext2fs_test_block_bitmap2(fs->block_map, blk)) {
90 		fix_problem(ctx, PR_0_ORPHAN_ALREADY_CLEARED_BLOCK, pctx);
91 		goto return_abort;
92 	}
93 
94 	/*
95 	 * If we are deleting an orphan, then we leave the fields alone.
96 	 * If we are truncating an orphan, then update the inode fields
97 	 * and clean up any partial block data.
98 	 */
99 	if (pb->truncating) {
100 		/*
101 		 * We only remove indirect blocks if they are
102 		 * completely empty.
103 		 */
104 		if (blockcnt < 0) {
105 			int	i, limit;
106 			blk_t	*bp;
107 
108 			pb->errcode = io_channel_read_blk64(fs->io, blk, 1,
109 							pb->buf);
110 			if (pb->errcode)
111 				goto return_abort;
112 
113 			limit = fs->blocksize >> 2;
114 			for (i = 0, bp = (blk_t *) pb->buf;
115 			     i < limit;	 i++, bp++)
116 				if (*bp)
117 					return 0;
118 		}
119 		/*
120 		 * We don't remove direct blocks until we've reached
121 		 * the truncation block.
122 		 */
123 		if (blockcnt >= 0 && blockcnt < pb->truncate_block)
124 			return 0;
125 		/*
126 		 * If part of the last block needs truncating, we do
127 		 * it here.
128 		 */
129 		if ((blockcnt == pb->truncate_block) && pb->truncate_offset) {
130 			pb->errcode = io_channel_read_blk64(fs->io, blk, 1,
131 							pb->buf);
132 			if (pb->errcode)
133 				goto return_abort;
134 			memset(pb->buf + pb->truncate_offset, 0,
135 			       fs->blocksize - pb->truncate_offset);
136 			pb->errcode = io_channel_write_blk64(fs->io, blk, 1,
137 							 pb->buf);
138 			if (pb->errcode)
139 				goto return_abort;
140 		}
141 		pb->truncated_blocks++;
142 		*block_nr = 0;
143 		retval |= BLOCK_CHANGED;
144 	}
145 
146 	ext2fs_block_alloc_stats2(fs, blk, -1);
147 	ctx->free_blocks++;
148 	return retval;
149 }
150 
151 /*
152  * This function releases an inode.  Returns 1 if an inconsistency was
153  * found.  If the inode has a link count, then it is being truncated and
154  * not deleted.
155  */
release_inode_blocks(e2fsck_t ctx,ext2_ino_t ino,struct ext2_inode * inode,char * block_buf,struct problem_context * pctx)156 static int release_inode_blocks(e2fsck_t ctx, ext2_ino_t ino,
157 				struct ext2_inode *inode, char *block_buf,
158 				struct problem_context *pctx)
159 {
160 	struct process_block_struct 	pb;
161 	ext2_filsys			fs = ctx->fs;
162 	errcode_t			retval;
163 	__u32				count;
164 
165 	if (!ext2fs_inode_has_valid_blocks2(fs, inode))
166 		return 0;
167 
168 	pb.buf = block_buf + 3 * ctx->fs->blocksize;
169 	pb.ctx = ctx;
170 	pb.abort = 0;
171 	pb.errcode = 0;
172 	pb.pctx = pctx;
173 	if (inode->i_links_count) {
174 		pb.truncating = 1;
175 		pb.truncate_block = (e2_blkcnt_t)
176 			((EXT2_I_SIZE(inode) + fs->blocksize - 1) /
177 			 fs->blocksize);
178 		pb.truncate_offset = inode->i_size % fs->blocksize;
179 	} else {
180 		pb.truncating = 0;
181 		pb.truncate_block = 0;
182 		pb.truncate_offset = 0;
183 	}
184 	pb.truncated_blocks = 0;
185 	retval = ext2fs_block_iterate3(fs, ino, BLOCK_FLAG_DEPTH_TRAVERSE,
186 				      block_buf, release_inode_block, &pb);
187 	if (retval) {
188 		com_err("release_inode_blocks", retval,
189 			_("while calling ext2fs_block_iterate for inode %d"),
190 			ino);
191 		return 1;
192 	}
193 	if (pb.abort)
194 		return 1;
195 
196 	/* Refresh the inode since ext2fs_block_iterate may have changed it */
197 	e2fsck_read_inode(ctx, ino, inode, "release_inode_blocks");
198 
199 	if (pb.truncated_blocks)
200 		ext2fs_iblk_sub_blocks(fs, inode, pb.truncated_blocks);
201 
202 	if (ext2fs_file_acl_block(fs, inode)) {
203 		retval = ext2fs_adjust_ea_refcount2(fs,
204 					ext2fs_file_acl_block(fs, inode),
205 					block_buf, -1, &count);
206 		if (retval == EXT2_ET_BAD_EA_BLOCK_NUM) {
207 			retval = 0;
208 			count = 1;
209 		}
210 		if (retval) {
211 			com_err("release_inode_blocks", retval,
212 		_("while calling ext2fs_adjust_ea_refcount2 for inode %d"),
213 				ino);
214 			return 1;
215 		}
216 		if (count == 0) {
217 			ext2fs_block_alloc_stats2(fs,
218 					ext2fs_file_acl_block(fs, inode), -1);
219 			ctx->free_blocks++;
220 		}
221 		ext2fs_file_acl_block_set(fs, inode, 0);
222 	}
223 	return 0;
224 }
225 
226 /*
227  * This function releases all of the orphan inodes.  It returns 1 if
228  * it hit some error, and 0 on success.
229  */
release_orphan_inodes(e2fsck_t ctx)230 static int release_orphan_inodes(e2fsck_t ctx)
231 {
232 	ext2_filsys fs = ctx->fs;
233 	ext2_ino_t	ino, next_ino;
234 	struct ext2_inode inode;
235 	struct problem_context pctx;
236 	char *block_buf;
237 
238 	if ((ino = fs->super->s_last_orphan) == 0)
239 		return 0;
240 
241 	/*
242 	 * Win or lose, we won't be using the head of the orphan inode
243 	 * list again.
244 	 */
245 	fs->super->s_last_orphan = 0;
246 	ext2fs_mark_super_dirty(fs);
247 
248 	/*
249 	 * If the filesystem contains errors, don't run the orphan
250 	 * list, since the orphan list can't be trusted; and we're
251 	 * going to be running a full e2fsck run anyway...
252 	 */
253 	if (fs->super->s_state & EXT2_ERROR_FS)
254 		return 0;
255 
256 	if ((ino < EXT2_FIRST_INODE(fs->super)) ||
257 	    (ino > fs->super->s_inodes_count)) {
258 		clear_problem_context(&pctx);
259 		pctx.ino = ino;
260 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_HEAD_INODE, &pctx);
261 		return 1;
262 	}
263 
264 	block_buf = (char *) e2fsck_allocate_memory(ctx, fs->blocksize * 4,
265 						    "block iterate buffer");
266 	e2fsck_read_bitmaps(ctx);
267 
268 	while (ino) {
269 		e2fsck_read_inode(ctx, ino, &inode, "release_orphan_inodes");
270 		clear_problem_context(&pctx);
271 		pctx.ino = ino;
272 		pctx.inode = &inode;
273 		pctx.str = inode.i_links_count ? _("Truncating") :
274 			_("Clearing");
275 
276 		fix_problem(ctx, PR_0_ORPHAN_CLEAR_INODE, &pctx);
277 
278 		next_ino = inode.i_dtime;
279 		if (next_ino &&
280 		    ((next_ino < EXT2_FIRST_INODE(fs->super)) ||
281 		     (next_ino > fs->super->s_inodes_count))) {
282 			pctx.ino = next_ino;
283 			fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_INODE, &pctx);
284 			goto return_abort;
285 		}
286 
287 		if (release_inode_blocks(ctx, ino, &inode, block_buf, &pctx))
288 			goto return_abort;
289 
290 		if (!inode.i_links_count) {
291 			ext2fs_inode_alloc_stats2(fs, ino, -1,
292 						  LINUX_S_ISDIR(inode.i_mode));
293 			ctx->free_inodes++;
294 			inode.i_dtime = ctx->now;
295 		} else {
296 			inode.i_dtime = 0;
297 		}
298 		e2fsck_write_inode(ctx, ino, &inode, "delete_file");
299 		ino = next_ino;
300 	}
301 	ext2fs_free_mem(&block_buf);
302 	return 0;
303 return_abort:
304 	ext2fs_free_mem(&block_buf);
305 	return 1;
306 }
307 
308 /*
309  * Check the resize inode to make sure it is sane.  We check both for
310  * the case where on-line resizing is not enabled (in which case the
311  * resize inode should be cleared) as well as the case where on-line
312  * resizing is enabled.
313  */
check_resize_inode(e2fsck_t ctx)314 void check_resize_inode(e2fsck_t ctx)
315 {
316 	ext2_filsys fs = ctx->fs;
317 	struct ext2_inode inode;
318 	struct problem_context	pctx;
319 	int		i, gdt_off, ind_off;
320 	dgrp_t		j;
321 	blk_t		blk, pblk;
322 	blk_t		expect;	/* for resize inode, which is 32-bit only */
323 	__u32 		*dind_buf = 0, *ind_buf;
324 	errcode_t	retval;
325 
326 	clear_problem_context(&pctx);
327 
328 	/*
329 	 * If the resize inode feature isn't set, then
330 	 * s_reserved_gdt_blocks must be zero.
331 	 */
332 	if (!(fs->super->s_feature_compat &
333 	      EXT2_FEATURE_COMPAT_RESIZE_INODE)) {
334 		if (fs->super->s_reserved_gdt_blocks) {
335 			pctx.num = fs->super->s_reserved_gdt_blocks;
336 			if (fix_problem(ctx, PR_0_NONZERO_RESERVED_GDT_BLOCKS,
337 					&pctx)) {
338 				fs->super->s_reserved_gdt_blocks = 0;
339 				ext2fs_mark_super_dirty(fs);
340 			}
341 		}
342 	}
343 
344 	/* Read the resize inode */
345 	pctx.ino = EXT2_RESIZE_INO;
346 	retval = ext2fs_read_inode(fs, EXT2_RESIZE_INO, &inode);
347 	if (retval) {
348 		if (fs->super->s_feature_compat &
349 		    EXT2_FEATURE_COMPAT_RESIZE_INODE)
350 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
351 		return;
352 	}
353 
354 	/*
355 	 * If the resize inode feature isn't set, check to make sure
356 	 * the resize inode is cleared; then we're done.
357 	 */
358 	if (!(fs->super->s_feature_compat &
359 	      EXT2_FEATURE_COMPAT_RESIZE_INODE)) {
360 		for (i=0; i < EXT2_N_BLOCKS; i++) {
361 			if (inode.i_block[i])
362 				break;
363 		}
364 		if ((i < EXT2_N_BLOCKS) &&
365 		    fix_problem(ctx, PR_0_CLEAR_RESIZE_INODE, &pctx)) {
366 			memset(&inode, 0, sizeof(inode));
367 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
368 					   "clear_resize");
369 		}
370 		return;
371 	}
372 
373 	/*
374 	 * The resize inode feature is enabled; check to make sure the
375 	 * only block in use is the double indirect block
376 	 */
377 	blk = inode.i_block[EXT2_DIND_BLOCK];
378 	for (i=0; i < EXT2_N_BLOCKS; i++) {
379 		if (i != EXT2_DIND_BLOCK && inode.i_block[i])
380 			break;
381 	}
382 	if ((i < EXT2_N_BLOCKS) || !blk || !inode.i_links_count ||
383 	    !(inode.i_mode & LINUX_S_IFREG) ||
384 	    (blk < fs->super->s_first_data_block ||
385 	     blk >= ext2fs_blocks_count(fs->super))) {
386 	resize_inode_invalid:
387 		if (fix_problem(ctx, PR_0_RESIZE_INODE_INVALID, &pctx)) {
388 			memset(&inode, 0, sizeof(inode));
389 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
390 					   "clear_resize");
391 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
392 		}
393 		if (!(ctx->options & E2F_OPT_READONLY)) {
394 			fs->super->s_state &= ~EXT2_VALID_FS;
395 			ext2fs_mark_super_dirty(fs);
396 		}
397 		goto cleanup;
398 	}
399 	dind_buf = (__u32 *) e2fsck_allocate_memory(ctx, fs->blocksize * 2,
400 						    "resize dind buffer");
401 	ind_buf = (__u32 *) ((char *) dind_buf + fs->blocksize);
402 
403 	retval = ext2fs_read_ind_block(fs, blk, dind_buf);
404 	if (retval)
405 		goto resize_inode_invalid;
406 
407 	gdt_off = fs->desc_blocks;
408 	pblk = fs->super->s_first_data_block + 1 + fs->desc_blocks;
409 	if (fs->blocksize == 1024 && fs->super->s_first_data_block == 0)
410 		pblk++;	/* Deal with 1024 blocksize bigalloc fs */
411 	for (i = 0; i < fs->super->s_reserved_gdt_blocks / 4;
412 	     i++, gdt_off++, pblk++) {
413 		gdt_off %= fs->blocksize/4;
414 		if (dind_buf[gdt_off] != pblk)
415 			goto resize_inode_invalid;
416 		retval = ext2fs_read_ind_block(fs, pblk, ind_buf);
417 		if (retval)
418 			goto resize_inode_invalid;
419 		ind_off = 0;
420 		for (j = 1; j < fs->group_desc_count; j++) {
421 			if (!ext2fs_bg_has_super(fs, j))
422 				continue;
423 			expect = pblk + (j * fs->super->s_blocks_per_group);
424 			if (ind_buf[ind_off] != expect)
425 				goto resize_inode_invalid;
426 			ind_off++;
427 		}
428 	}
429 
430 cleanup:
431 	if (dind_buf)
432 		ext2fs_free_mem(&dind_buf);
433 
434  }
435 
436 /*
437  * This function checks the dirhash signed/unsigned hint if necessary.
438  */
e2fsck_fix_dirhash_hint(e2fsck_t ctx)439 static void e2fsck_fix_dirhash_hint(e2fsck_t ctx)
440 {
441 	struct ext2_super_block *sb = ctx->fs->super;
442 	struct problem_context pctx;
443 	char	c;
444 
445 	if ((ctx->options & E2F_OPT_READONLY) ||
446 	    !(sb->s_feature_compat & EXT2_FEATURE_COMPAT_DIR_INDEX) ||
447 	    (sb->s_flags & (EXT2_FLAGS_SIGNED_HASH|EXT2_FLAGS_UNSIGNED_HASH)))
448 		return;
449 
450 	c = (char) 255;
451 
452 	clear_problem_context(&pctx);
453 	if (fix_problem(ctx, PR_0_DIRHASH_HINT, &pctx)) {
454 		if (((int) c) == -1) {
455 			sb->s_flags |= EXT2_FLAGS_SIGNED_HASH;
456 		} else {
457 			sb->s_flags |= EXT2_FLAGS_UNSIGNED_HASH;
458 		}
459 		ext2fs_mark_super_dirty(ctx->fs);
460 	}
461 }
462 
463 
check_super_block(e2fsck_t ctx)464 void check_super_block(e2fsck_t ctx)
465 {
466 	ext2_filsys fs = ctx->fs;
467 	blk64_t	first_block, last_block;
468 	struct ext2_super_block *sb = fs->super;
469 	unsigned int	ipg_max;
470 	problem_t	problem;
471 	blk64_t	blocks_per_group = fs->super->s_blocks_per_group;
472 	__u32	bpg_max, cpg_max;
473 	int	inodes_per_block;
474 	int	inode_size;
475 	int	accept_time_fudge;
476 	int	broken_system_clock;
477 	dgrp_t	i;
478 	blk64_t	should_be;
479 	struct problem_context	pctx;
480 	blk64_t	free_blocks = 0;
481 	ino_t	free_inodes = 0;
482 	int     csum_flag, clear_test_fs_flag;
483 
484 	inodes_per_block = EXT2_INODES_PER_BLOCK(fs->super);
485 	ipg_max = inodes_per_block * (blocks_per_group - 4);
486 	if (ipg_max > EXT2_MAX_INODES_PER_GROUP(sb))
487 		ipg_max = EXT2_MAX_INODES_PER_GROUP(sb);
488 	cpg_max = 8 * EXT2_BLOCK_SIZE(sb);
489 	if (cpg_max > EXT2_MAX_CLUSTERS_PER_GROUP(sb))
490 		cpg_max = EXT2_MAX_CLUSTERS_PER_GROUP(sb);
491 	bpg_max = 8 * EXT2_BLOCK_SIZE(sb) * EXT2FS_CLUSTER_RATIO(fs);
492 	if (bpg_max > EXT2_MAX_BLOCKS_PER_GROUP(sb))
493 		bpg_max = EXT2_MAX_BLOCKS_PER_GROUP(sb);
494 
495 	ctx->invalid_inode_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
496 		 sizeof(int) * fs->group_desc_count, "invalid_inode_bitmap");
497 	ctx->invalid_block_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
498 		 sizeof(int) * fs->group_desc_count, "invalid_block_bitmap");
499 	ctx->invalid_inode_table_flag = (int *) e2fsck_allocate_memory(ctx,
500 		sizeof(int) * fs->group_desc_count, "invalid_inode_table");
501 
502 	clear_problem_context(&pctx);
503 
504 	/*
505 	 * Verify the super block constants...
506 	 */
507 	check_super_value(ctx, "inodes_count", sb->s_inodes_count,
508 			  MIN_CHECK, 1, 0);
509 	check_super_value(ctx, "blocks_count", ext2fs_blocks_count(sb),
510 			  MIN_CHECK, 1, 0);
511 	check_super_value(ctx, "first_data_block", sb->s_first_data_block,
512 			  MAX_CHECK, 0, ext2fs_blocks_count(sb));
513 	check_super_value(ctx, "log_block_size", sb->s_log_block_size,
514 			  MIN_CHECK | MAX_CHECK, 0,
515 			  EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE);
516 	check_super_value(ctx, "log_cluster_size",
517 			  sb->s_log_cluster_size,
518 			  MIN_CHECK | MAX_CHECK, sb->s_log_block_size,
519 			  (EXT2_MAX_CLUSTER_LOG_SIZE -
520 			   EXT2_MIN_CLUSTER_LOG_SIZE));
521 	check_super_value(ctx, "clusters_per_group", sb->s_clusters_per_group,
522 			  MIN_CHECK | MAX_CHECK, 8, cpg_max);
523 	check_super_value(ctx, "blocks_per_group", sb->s_blocks_per_group,
524 			  MIN_CHECK | MAX_CHECK, 8, bpg_max);
525 	check_super_value(ctx, "inodes_per_group", sb->s_inodes_per_group,
526 			  MIN_CHECK | MAX_CHECK, inodes_per_block, ipg_max);
527 	check_super_value(ctx, "r_blocks_count", ext2fs_r_blocks_count(sb),
528 			  MAX_CHECK, 0, ext2fs_blocks_count(sb) / 2);
529 	check_super_value(ctx, "reserved_gdt_blocks",
530 			  sb->s_reserved_gdt_blocks, MAX_CHECK, 0,
531 			  fs->blocksize / sizeof(__u32));
532 	check_super_value(ctx, "desc_size",
533 			  sb->s_desc_size, MAX_CHECK | LOG2_CHECK, 0,
534 			  EXT2_MAX_DESC_SIZE);
535 	if (sb->s_rev_level > EXT2_GOOD_OLD_REV)
536 		check_super_value(ctx, "first_ino", sb->s_first_ino,
537 				  MIN_CHECK | MAX_CHECK,
538 				  EXT2_GOOD_OLD_FIRST_INO, sb->s_inodes_count);
539 	inode_size = EXT2_INODE_SIZE(sb);
540 	check_super_value(ctx, "inode_size",
541 			  inode_size, MIN_CHECK | MAX_CHECK | LOG2_CHECK,
542 			  EXT2_GOOD_OLD_INODE_SIZE, fs->blocksize);
543 	if (sb->s_blocks_per_group != (sb->s_clusters_per_group *
544 				       EXT2FS_CLUSTER_RATIO(fs))) {
545 		pctx.num = sb->s_clusters_per_group * EXT2FS_CLUSTER_RATIO(fs);
546 		pctx.str = "block_size";
547 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
548 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
549 		return;
550 	}
551 
552 	if ((ctx->flags & E2F_FLAG_GOT_DEVSIZE) &&
553 	    (ctx->num_blocks < ext2fs_blocks_count(sb))) {
554 		pctx.blk = ext2fs_blocks_count(sb);
555 		pctx.blk2 = ctx->num_blocks;
556 		if (fix_problem(ctx, PR_0_FS_SIZE_WRONG, &pctx)) {
557 			ctx->flags |= E2F_FLAG_ABORT;
558 			return;
559 		}
560 	}
561 
562 	should_be = (sb->s_log_block_size == 0 &&
563 		     EXT2FS_CLUSTER_RATIO(fs) == 1) ? 1 : 0;
564 	if (sb->s_first_data_block != should_be) {
565 		pctx.blk = sb->s_first_data_block;
566 		pctx.blk2 = should_be;
567 		fix_problem(ctx, PR_0_FIRST_DATA_BLOCK, &pctx);
568 		ctx->flags |= E2F_FLAG_ABORT;
569 		return;
570 	}
571 
572 	should_be = sb->s_inodes_per_group * fs->group_desc_count;
573 	if (sb->s_inodes_count != should_be) {
574 		pctx.ino = sb->s_inodes_count;
575 		pctx.ino2 = should_be;
576 		if (fix_problem(ctx, PR_0_INODE_COUNT_WRONG, &pctx)) {
577 			sb->s_inodes_count = should_be;
578 			ext2fs_mark_super_dirty(fs);
579 		}
580 	}
581 
582 	/* Is 64bit set and extents unset? */
583 	if (EXT2_HAS_INCOMPAT_FEATURE(fs->super,
584 				      EXT4_FEATURE_INCOMPAT_64BIT) &&
585 	    !EXT2_HAS_INCOMPAT_FEATURE(fs->super,
586 				       EXT3_FEATURE_INCOMPAT_EXTENTS) &&
587 	    fix_problem(ctx, PR_0_64BIT_WITHOUT_EXTENTS, &pctx)) {
588 		fs->super->s_feature_incompat |=
589 			EXT3_FEATURE_INCOMPAT_EXTENTS;
590 		ext2fs_mark_super_dirty(fs);
591 	}
592 
593 	/*
594 	 * Verify the group descriptors....
595 	 */
596 	first_block = sb->s_first_data_block;
597 	last_block = ext2fs_blocks_count(sb)-1;
598 
599 	csum_flag = EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
600 					       EXT4_FEATURE_RO_COMPAT_GDT_CSUM);
601 	for (i = 0; i < fs->group_desc_count; i++) {
602 		pctx.group = i;
603 
604 		if (!EXT2_HAS_INCOMPAT_FEATURE(fs->super,
605 					       EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
606 			first_block = ext2fs_group_first_block2(fs, i);
607 			last_block = ext2fs_group_last_block2(fs, i);
608 		}
609 
610 		if ((ext2fs_block_bitmap_loc(fs, i) < first_block) ||
611 		    (ext2fs_block_bitmap_loc(fs, i) > last_block)) {
612 			pctx.blk = ext2fs_block_bitmap_loc(fs, i);
613 			if (fix_problem(ctx, PR_0_BB_NOT_GROUP, &pctx))
614 				ext2fs_block_bitmap_loc_set(fs, i, 0);
615 		}
616 		if (ext2fs_block_bitmap_loc(fs, i) == 0) {
617 			ctx->invalid_block_bitmap_flag[i]++;
618 			ctx->invalid_bitmaps++;
619 		}
620 		if ((ext2fs_inode_bitmap_loc(fs, i) < first_block) ||
621 		    (ext2fs_inode_bitmap_loc(fs, i) > last_block)) {
622 			pctx.blk = ext2fs_inode_bitmap_loc(fs, i);
623 			if (fix_problem(ctx, PR_0_IB_NOT_GROUP, &pctx))
624 				ext2fs_inode_bitmap_loc_set(fs, i, 0);
625 		}
626 		if (ext2fs_inode_bitmap_loc(fs, i) == 0) {
627 			ctx->invalid_inode_bitmap_flag[i]++;
628 			ctx->invalid_bitmaps++;
629 		}
630 		if ((ext2fs_inode_table_loc(fs, i) < first_block) ||
631 		    ((ext2fs_inode_table_loc(fs, i) +
632 		      fs->inode_blocks_per_group - 1) > last_block)) {
633 			pctx.blk = ext2fs_inode_table_loc(fs, i);
634 			if (fix_problem(ctx, PR_0_ITABLE_NOT_GROUP, &pctx))
635 				ext2fs_inode_table_loc_set(fs, i, 0);
636 		}
637 		if (ext2fs_inode_table_loc(fs, i) == 0) {
638 			ctx->invalid_inode_table_flag[i]++;
639 			ctx->invalid_bitmaps++;
640 		}
641 		free_blocks += ext2fs_bg_free_blocks_count(fs, i);
642 		free_inodes += ext2fs_bg_free_inodes_count(fs, i);
643 
644 		if ((ext2fs_bg_free_blocks_count(fs, i) > sb->s_blocks_per_group) ||
645 		    (ext2fs_bg_free_inodes_count(fs, i) > sb->s_inodes_per_group) ||
646 		    (ext2fs_bg_used_dirs_count(fs, i) > sb->s_inodes_per_group))
647 			ext2fs_unmark_valid(fs);
648 
649 		should_be = 0;
650 		if (!ext2fs_group_desc_csum_verify(fs, i)) {
651 			pctx.csum1 = ext2fs_bg_checksum(fs, i);
652 			pctx.csum2 = ext2fs_group_desc_csum(fs, i);
653 			if (fix_problem(ctx, PR_0_GDT_CSUM, &pctx)) {
654 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
655 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_INODE_UNINIT);
656 				ext2fs_bg_itable_unused_set(fs, i, 0);
657 				should_be = 1;
658 			}
659 			ext2fs_unmark_valid(fs);
660 		}
661 
662 		if (!csum_flag &&
663 		    (ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT) ||
664 		     ext2fs_bg_flags_test(fs, i, EXT2_BG_INODE_UNINIT) ||
665 		     ext2fs_bg_itable_unused(fs, i) != 0)) {
666 			if (fix_problem(ctx, PR_0_GDT_UNINIT, &pctx)) {
667 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
668 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_INODE_UNINIT);
669 				ext2fs_bg_itable_unused_set(fs, i, 0);
670 				should_be = 1;
671 			}
672 			ext2fs_unmark_valid(fs);
673 		}
674 
675 		if (i == fs->group_desc_count - 1 &&
676 		    ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT)) {
677 			if (fix_problem(ctx, PR_0_BB_UNINIT_LAST, &pctx)) {
678 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
679 				should_be = 1;
680 			}
681 			ext2fs_unmark_valid(fs);
682 		}
683 
684 		if (csum_flag &&
685 		    (ext2fs_bg_itable_unused(fs, i) > ext2fs_bg_free_inodes_count(fs, i) ||
686 		     ext2fs_bg_itable_unused(fs, i) > sb->s_inodes_per_group)) {
687 			pctx.blk = ext2fs_bg_itable_unused(fs, i);
688 			if (fix_problem(ctx, PR_0_GDT_ITABLE_UNUSED, &pctx)) {
689 				ext2fs_bg_itable_unused_set(fs, i, 0);
690 				should_be = 1;
691 			}
692 			ext2fs_unmark_valid(fs);
693 		}
694 
695 		if (should_be)
696 			ext2fs_group_desc_csum_set(fs, i);
697 		/* If the user aborts e2fsck by typing ^C, stop right away */
698 		if (ctx->flags & E2F_FLAG_SIGNAL_MASK)
699 			return;
700 	}
701 
702 	ctx->free_blocks = EXT2FS_C2B(fs, free_blocks);
703 	ctx->free_inodes = free_inodes;
704 
705 	if ((ext2fs_free_blocks_count(sb) > ext2fs_blocks_count(sb)) ||
706 	    (sb->s_free_inodes_count > sb->s_inodes_count))
707 		ext2fs_unmark_valid(fs);
708 
709 
710 	/*
711 	 * If we have invalid bitmaps, set the error state of the
712 	 * filesystem.
713 	 */
714 	if (ctx->invalid_bitmaps && !(ctx->options & E2F_OPT_READONLY)) {
715 		sb->s_state &= ~EXT2_VALID_FS;
716 		ext2fs_mark_super_dirty(fs);
717 	}
718 
719 	clear_problem_context(&pctx);
720 
721 #ifndef EXT2_SKIP_UUID
722 	/*
723 	 * If the UUID field isn't assigned, assign it.
724 	 */
725 	if (!(ctx->options & E2F_OPT_READONLY) && uuid_is_null(sb->s_uuid)) {
726 		if (fix_problem(ctx, PR_0_ADD_UUID, &pctx)) {
727 			uuid_generate(sb->s_uuid);
728 			fs->flags |= EXT2_FLAG_DIRTY;
729 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
730 		}
731 	}
732 #endif
733 
734 	/*
735 	 * Check to see if we should disable the test_fs flag
736 	 */
737 	profile_get_boolean(ctx->profile, "options",
738 			    "clear_test_fs_flag", 0, 1,
739 			    &clear_test_fs_flag);
740 	if (!(ctx->options & E2F_OPT_READONLY) &&
741 	    clear_test_fs_flag &&
742 	    (fs->super->s_flags & EXT2_FLAGS_TEST_FILESYS) &&
743 	    (fs_proc_check("ext4") || check_for_modules("ext4"))) {
744 		if (fix_problem(ctx, PR_0_CLEAR_TESTFS_FLAG, &pctx)) {
745 			fs->super->s_flags &= ~EXT2_FLAGS_TEST_FILESYS;
746 			fs->flags |= EXT2_FLAG_DIRTY;
747 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
748 		}
749 	}
750 
751 	/*
752 	 * For the Hurd, check to see if the filetype option is set,
753 	 * since it doesn't support it.
754 	 */
755 	if (!(ctx->options & E2F_OPT_READONLY) &&
756 	    fs->super->s_creator_os == EXT2_OS_HURD &&
757 	    (fs->super->s_feature_incompat &
758 	     EXT2_FEATURE_INCOMPAT_FILETYPE)) {
759 		if (fix_problem(ctx, PR_0_HURD_CLEAR_FILETYPE, &pctx)) {
760 			fs->super->s_feature_incompat &=
761 				~EXT2_FEATURE_INCOMPAT_FILETYPE;
762 			ext2fs_mark_super_dirty(fs);
763 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
764 		}
765 	}
766 
767 	/*
768 	 * If we have any of the compatibility flags set, we need to have a
769 	 * revision 1 filesystem.  Most kernels will not check the flags on
770 	 * a rev 0 filesystem and we may have corruption issues because of
771 	 * the incompatible changes to the filesystem.
772 	 */
773 	if (!(ctx->options & E2F_OPT_READONLY) &&
774 	    fs->super->s_rev_level == EXT2_GOOD_OLD_REV &&
775 	    (fs->super->s_feature_compat ||
776 	     fs->super->s_feature_ro_compat ||
777 	     fs->super->s_feature_incompat) &&
778 	    fix_problem(ctx, PR_0_FS_REV_LEVEL, &pctx)) {
779 		ext2fs_update_dynamic_rev(fs);
780 		ext2fs_mark_super_dirty(fs);
781 		fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
782 	}
783 
784 	/*
785 	 * Clean up any orphan inodes, if present.
786 	 */
787 	if (!(ctx->options & E2F_OPT_READONLY) && release_orphan_inodes(ctx)) {
788 		fs->super->s_state &= ~EXT2_VALID_FS;
789 		ext2fs_mark_super_dirty(fs);
790 	}
791 
792 	/*
793 	 * Unfortunately, due to Windows' unfortunate design decision
794 	 * to configure the hardware clock to tick localtime, instead
795 	 * of the more proper and less error-prone UTC time, many
796 	 * users end up in the situation where the system clock is
797 	 * incorrectly set at the time when e2fsck is run.
798 	 *
799 	 * Historically this was usually due to some distributions
800 	 * having buggy init scripts and/or installers that didn't
801 	 * correctly detect this case and take appropriate
802 	 * countermeasures.  However, it's still possible, despite the
803 	 * best efforts of init script and installer authors to not be
804 	 * able to detect this misconfiguration, usually due to a
805 	 * buggy or misconfigured virtualization manager or the
806 	 * installer not having access to a network time server during
807 	 * the installation process.  So by default, we allow the
808 	 * superblock times to be fudged by up to 24 hours.  This can
809 	 * be disabled by setting options.accept_time_fudge to the
810 	 * boolean value of false in e2fsck.conf.  We also support
811 	 * options.buggy_init_scripts for backwards compatibility.
812 	 */
813 	profile_get_boolean(ctx->profile, "options", "accept_time_fudge",
814 			    0, 1, &accept_time_fudge);
815 	profile_get_boolean(ctx->profile, "options", "buggy_init_scripts",
816 			    0, accept_time_fudge, &accept_time_fudge);
817 	ctx->time_fudge = accept_time_fudge ? 86400 : 0;
818 
819 	profile_get_boolean(ctx->profile, "options", "broken_system_clock",
820 			    0, 0, &broken_system_clock);
821 
822 	/*
823 	 * Check to see if the superblock last mount time or last
824 	 * write time is in the future.
825 	 */
826 	if (!broken_system_clock &&
827 	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
828 	    fs->super->s_mtime > (__u32) ctx->now) {
829 		pctx.num = fs->super->s_mtime;
830 		problem = PR_0_FUTURE_SB_LAST_MOUNT;
831 		if (fs->super->s_mtime <= (__u32) ctx->now + ctx->time_fudge)
832 			problem = PR_0_FUTURE_SB_LAST_MOUNT_FUDGED;
833 		if (fix_problem(ctx, problem, &pctx)) {
834 			fs->super->s_mtime = ctx->now;
835 			fs->flags |= EXT2_FLAG_DIRTY;
836 		}
837 	}
838 	if (!broken_system_clock &&
839 	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
840 	    fs->super->s_wtime > (__u32) ctx->now) {
841 		pctx.num = fs->super->s_wtime;
842 		problem = PR_0_FUTURE_SB_LAST_WRITE;
843 		if (fs->super->s_wtime <= (__u32) ctx->now + ctx->time_fudge)
844 			problem = PR_0_FUTURE_SB_LAST_WRITE_FUDGED;
845 		if (fix_problem(ctx, problem, &pctx)) {
846 			fs->super->s_wtime = ctx->now;
847 			fs->flags |= EXT2_FLAG_DIRTY;
848 		}
849 	}
850 
851 	/*
852 	 * Move the ext3 journal file, if necessary.
853 	 */
854 	e2fsck_move_ext3_journal(ctx);
855 
856 	/*
857 	 * Fix journal hint, if necessary
858 	 */
859 	e2fsck_fix_ext3_journal_hint(ctx);
860 
861 	/*
862 	 * Add dirhash hint if necessary
863 	 */
864 	e2fsck_fix_dirhash_hint(ctx);
865 
866 	/*
867 	 * Hide quota inodes if necessary.
868 	 */
869 	e2fsck_hide_quota(ctx);
870 
871 	return;
872 }
873 
874 /*
875  * Check to see if we should backup the master sb to the backup super
876  * blocks.  Returns non-zero if the sb should be backed up.
877  */
878 
879 /*
880  * A few flags are set on the fly by the kernel, but only in the
881  * primary superblock.  This is actually a bad thing, and we should
882  * try to discourage it in the future.  In particular, for the newer
883  * ext4 files, especially EXT4_FEATURE_RO_COMPAT_DIR_NLINK and
884  * EXT3_FEATURE_INCOMPAT_EXTENTS.  So some of these may go away in the
885  * future.  EXT3_FEATURE_INCOMPAT_RECOVER may also get set when
886  * copying the primary superblock during online resize.
887  *
888  * The kernel will set EXT2_FEATURE_COMPAT_EXT_ATTR, but
889  * unfortunately, we shouldn't ignore it since if it's not set in the
890  * backup, the extended attributes in the filesystem will be stripped
891  * away.
892  */
893 #define FEATURE_RO_COMPAT_IGNORE	(EXT2_FEATURE_RO_COMPAT_LARGE_FILE| \
894 					 EXT4_FEATURE_RO_COMPAT_DIR_NLINK)
895 #define FEATURE_INCOMPAT_IGNORE		(EXT3_FEATURE_INCOMPAT_EXTENTS| \
896 					 EXT3_FEATURE_INCOMPAT_RECOVER)
897 
check_backup_super_block(e2fsck_t ctx)898 int check_backup_super_block(e2fsck_t ctx)
899 {
900 	ext2_filsys	fs = ctx->fs;
901 	errcode_t	retval;
902 	dgrp_t		g;
903 	blk64_t		sb;
904 	int		ret = 0;
905 	char		buf[SUPERBLOCK_SIZE];
906 	struct ext2_super_block	*backup_sb;
907 
908 	/*
909 	 * If we are already writing out the backup blocks, then we
910 	 * don't need to test.  Also, if the filesystem is invalid, or
911 	 * the check was aborted or cancelled, we also don't want to
912 	 * do the backup.  If the filesystem was opened read-only then
913 	 * we can't do the backup.
914 	 */
915 	if (((fs->flags & EXT2_FLAG_MASTER_SB_ONLY) == 0) ||
916 	    !ext2fs_test_valid(fs) ||
917 	    (fs->super->s_state & EXT2_ERROR_FS) ||
918 	    (ctx->flags & (E2F_FLAG_ABORT | E2F_FLAG_CANCEL)) ||
919 	    (ctx->options & E2F_OPT_READONLY))
920 		return 0;
921 
922 	for (g = 1; g < fs->group_desc_count; g++) {
923 		if (!ext2fs_bg_has_super(fs, g))
924 			continue;
925 
926 		sb = ext2fs_group_first_block2(fs, g);
927 
928 		retval = io_channel_read_blk(fs->io, sb, -SUPERBLOCK_SIZE,
929 					     buf);
930 		if (retval)
931 			continue;
932 		backup_sb = (struct ext2_super_block *) buf;
933 #ifdef WORDS_BIGENDIAN
934 		ext2fs_swap_super(backup_sb);
935 #endif
936 		if ((backup_sb->s_magic != EXT2_SUPER_MAGIC) ||
937 		    (backup_sb->s_rev_level > EXT2_LIB_CURRENT_REV) ||
938 		    ((backup_sb->s_log_block_size + EXT2_MIN_BLOCK_LOG_SIZE) >
939 		     EXT2_MAX_BLOCK_LOG_SIZE) ||
940 		    (EXT2_INODE_SIZE(backup_sb) < EXT2_GOOD_OLD_INODE_SIZE))
941 			continue;
942 
943 #define SUPER_INCOMPAT_DIFFERENT(x)	\
944 	((fs->super->x & ~FEATURE_INCOMPAT_IGNORE) !=	\
945 	 (backup_sb->x & ~FEATURE_INCOMPAT_IGNORE))
946 #define SUPER_RO_COMPAT_DIFFERENT(x)	\
947 	((fs->super->x & ~FEATURE_RO_COMPAT_IGNORE) !=	\
948 	 (backup_sb->x & ~FEATURE_RO_COMPAT_IGNORE))
949 #define SUPER_DIFFERENT(x)		\
950 	(fs->super->x != backup_sb->x)
951 
952 		if (SUPER_DIFFERENT(s_feature_compat) ||
953 		    SUPER_INCOMPAT_DIFFERENT(s_feature_incompat) ||
954 		    SUPER_RO_COMPAT_DIFFERENT(s_feature_ro_compat) ||
955 		    SUPER_DIFFERENT(s_blocks_count) ||
956 		    SUPER_DIFFERENT(s_blocks_count_hi) ||
957 		    SUPER_DIFFERENT(s_inodes_count) ||
958 		    memcmp(fs->super->s_uuid, backup_sb->s_uuid,
959 			   sizeof(fs->super->s_uuid)))
960 			ret = 1;
961 		break;
962 	}
963 	return ret;
964 }
965