1 /*
2  * e2fsck.c - superblock checks
3  *
4  * Copyright (C) 1993, 1994, 1995, 1996, 1997 Theodore Ts'o.
5  *
6  * %Begin-Header%
7  * This file may be redistributed under the terms of the GNU Public
8  * License.
9  * %End-Header%
10  */
11 
12 #include "config.h"
13 #ifdef HAVE_ERRNO_H
14 #include <errno.h>
15 #endif
16 
17 #ifndef EXT2_SKIP_UUID
18 #include "uuid/uuid.h"
19 #endif
20 #include "e2fsck.h"
21 #include "problem.h"
22 
23 #define MIN_CHECK 1
24 #define MAX_CHECK 2
25 #define LOG2_CHECK 4
26 
check_super_value(e2fsck_t ctx,const char * descr,unsigned long value,int flags,unsigned long min_val,unsigned long max_val)27 static void check_super_value(e2fsck_t ctx, const char *descr,
28 			      unsigned long value, int flags,
29 			      unsigned long min_val, unsigned long max_val)
30 {
31 	struct		problem_context pctx;
32 
33 	if ((flags & MIN_CHECK && value < min_val) ||
34 	    (flags & MAX_CHECK && value > max_val) ||
35 	    (flags & LOG2_CHECK && (value & (value - 1)) != 0)) {
36 		clear_problem_context(&pctx);
37 		pctx.num = value;
38 		pctx.str = descr;
39 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
40 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
41 	}
42 }
43 
44 /*
45  * helper function to release an inode
46  */
47 struct process_block_struct {
48 	e2fsck_t 	ctx;
49 	char 		*buf;
50 	struct problem_context *pctx;
51 	int		truncating;
52 	int		truncate_offset;
53 	e2_blkcnt_t	truncate_block;
54 	int		truncated_blocks;
55 	int		abort;
56 	errcode_t	errcode;
57 };
58 
release_inode_block(ext2_filsys fs,blk64_t * block_nr,e2_blkcnt_t blockcnt,blk64_t ref_blk EXT2FS_ATTR ((unused)),int ref_offset EXT2FS_ATTR ((unused)),void * priv_data)59 static int release_inode_block(ext2_filsys fs,
60 			       blk64_t	*block_nr,
61 			       e2_blkcnt_t blockcnt,
62 			       blk64_t	ref_blk EXT2FS_ATTR((unused)),
63 			       int	ref_offset EXT2FS_ATTR((unused)),
64 			       void *priv_data)
65 {
66 	struct process_block_struct *pb;
67 	e2fsck_t 		ctx;
68 	struct problem_context	*pctx;
69 	blk64_t			blk = *block_nr;
70 	int			retval = 0;
71 
72 	pb = (struct process_block_struct *) priv_data;
73 	ctx = pb->ctx;
74 	pctx = pb->pctx;
75 
76 	pctx->blk = blk;
77 	pctx->blkcount = blockcnt;
78 
79 	if (blk == 0)
80 		return 0;
81 
82 	if ((blk < fs->super->s_first_data_block) ||
83 	    (blk >= ext2fs_blocks_count(fs->super))) {
84 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_BLOCK_NUM, pctx);
85 	return_abort:
86 		pb->abort = 1;
87 		return BLOCK_ABORT;
88 	}
89 
90 	if (!ext2fs_test_block_bitmap2(fs->block_map, blk)) {
91 		fix_problem(ctx, PR_0_ORPHAN_ALREADY_CLEARED_BLOCK, pctx);
92 		goto return_abort;
93 	}
94 
95 	/*
96 	 * If we are deleting an orphan, then we leave the fields alone.
97 	 * If we are truncating an orphan, then update the inode fields
98 	 * and clean up any partial block data.
99 	 */
100 	if (pb->truncating) {
101 		/*
102 		 * We only remove indirect blocks if they are
103 		 * completely empty.
104 		 */
105 		if (blockcnt < 0) {
106 			int	i, limit;
107 			blk_t	*bp;
108 
109 			pb->errcode = io_channel_read_blk64(fs->io, blk, 1,
110 							pb->buf);
111 			if (pb->errcode)
112 				goto return_abort;
113 
114 			limit = fs->blocksize >> 2;
115 			for (i = 0, bp = (blk_t *) pb->buf;
116 			     i < limit;	 i++, bp++)
117 				if (*bp)
118 					return 0;
119 		}
120 		/*
121 		 * We don't remove direct blocks until we've reached
122 		 * the truncation block.
123 		 */
124 		if (blockcnt >= 0 && blockcnt < pb->truncate_block)
125 			return 0;
126 		/*
127 		 * If part of the last block needs truncating, we do
128 		 * it here.
129 		 */
130 		if ((blockcnt == pb->truncate_block) && pb->truncate_offset) {
131 			pb->errcode = io_channel_read_blk64(fs->io, blk, 1,
132 							pb->buf);
133 			if (pb->errcode)
134 				goto return_abort;
135 			memset(pb->buf + pb->truncate_offset, 0,
136 			       fs->blocksize - pb->truncate_offset);
137 			pb->errcode = io_channel_write_blk64(fs->io, blk, 1,
138 							 pb->buf);
139 			if (pb->errcode)
140 				goto return_abort;
141 		}
142 		pb->truncated_blocks++;
143 		*block_nr = 0;
144 		retval |= BLOCK_CHANGED;
145 	}
146 
147 	ext2fs_block_alloc_stats2(fs, blk, -1);
148 	ctx->free_blocks++;
149 	return retval;
150 }
151 
152 /*
153  * This function releases an inode.  Returns 1 if an inconsistency was
154  * found.  If the inode has a link count, then it is being truncated and
155  * not deleted.
156  */
release_inode_blocks(e2fsck_t ctx,ext2_ino_t ino,struct ext2_inode * inode,char * block_buf,struct problem_context * pctx)157 static int release_inode_blocks(e2fsck_t ctx, ext2_ino_t ino,
158 				struct ext2_inode *inode, char *block_buf,
159 				struct problem_context *pctx)
160 {
161 	struct process_block_struct 	pb;
162 	ext2_filsys			fs = ctx->fs;
163 	errcode_t			retval;
164 	__u32				count;
165 
166 	if (!ext2fs_inode_has_valid_blocks2(fs, inode))
167 		return 0;
168 
169 	pb.buf = block_buf + 3 * ctx->fs->blocksize;
170 	pb.ctx = ctx;
171 	pb.abort = 0;
172 	pb.errcode = 0;
173 	pb.pctx = pctx;
174 	if (inode->i_links_count) {
175 		pb.truncating = 1;
176 		pb.truncate_block = (e2_blkcnt_t)
177 			((EXT2_I_SIZE(inode) + fs->blocksize - 1) /
178 			 fs->blocksize);
179 		pb.truncate_offset = inode->i_size % fs->blocksize;
180 	} else {
181 		pb.truncating = 0;
182 		pb.truncate_block = 0;
183 		pb.truncate_offset = 0;
184 	}
185 	pb.truncated_blocks = 0;
186 	retval = ext2fs_block_iterate3(fs, ino, BLOCK_FLAG_DEPTH_TRAVERSE,
187 				      block_buf, release_inode_block, &pb);
188 	if (retval) {
189 		com_err("release_inode_blocks", retval,
190 			_("while calling ext2fs_block_iterate for inode %d"),
191 			ino);
192 		return 1;
193 	}
194 	if (pb.abort)
195 		return 1;
196 
197 	/* Refresh the inode since ext2fs_block_iterate may have changed it */
198 	e2fsck_read_inode(ctx, ino, inode, "release_inode_blocks");
199 
200 	if (pb.truncated_blocks)
201 		ext2fs_iblk_sub_blocks(fs, inode, pb.truncated_blocks);
202 
203 	if (ext2fs_file_acl_block(fs, inode)) {
204 		retval = ext2fs_adjust_ea_refcount3(fs,
205 				ext2fs_file_acl_block(fs, inode),
206 				block_buf, -1, &count, ino);
207 		if (retval == EXT2_ET_BAD_EA_BLOCK_NUM) {
208 			retval = 0;
209 			count = 1;
210 		}
211 		if (retval) {
212 			com_err("release_inode_blocks", retval,
213 		_("while calling ext2fs_adjust_ea_refcount2 for inode %d"),
214 				ino);
215 			return 1;
216 		}
217 		if (count == 0) {
218 			ext2fs_block_alloc_stats2(fs,
219 					ext2fs_file_acl_block(fs, inode), -1);
220 			ctx->free_blocks++;
221 		}
222 		ext2fs_file_acl_block_set(fs, inode, 0);
223 	}
224 	return 0;
225 }
226 
227 /*
228  * This function releases all of the orphan inodes.  It returns 1 if
229  * it hit some error, and 0 on success.
230  */
release_orphan_inodes(e2fsck_t ctx)231 static int release_orphan_inodes(e2fsck_t ctx)
232 {
233 	ext2_filsys fs = ctx->fs;
234 	ext2_ino_t	ino, next_ino;
235 	struct ext2_inode inode;
236 	struct problem_context pctx;
237 	char *block_buf;
238 
239 	if ((ino = fs->super->s_last_orphan) == 0)
240 		return 0;
241 
242 	/*
243 	 * Win or lose, we won't be using the head of the orphan inode
244 	 * list again.
245 	 */
246 	fs->super->s_last_orphan = 0;
247 	ext2fs_mark_super_dirty(fs);
248 
249 	/*
250 	 * If the filesystem contains errors, don't run the orphan
251 	 * list, since the orphan list can't be trusted; and we're
252 	 * going to be running a full e2fsck run anyway...
253 	 */
254 	if (fs->super->s_state & EXT2_ERROR_FS)
255 		return 0;
256 
257 	if ((ino < EXT2_FIRST_INODE(fs->super)) ||
258 	    (ino > fs->super->s_inodes_count)) {
259 		clear_problem_context(&pctx);
260 		pctx.ino = ino;
261 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_HEAD_INODE, &pctx);
262 		return 1;
263 	}
264 
265 	block_buf = (char *) e2fsck_allocate_memory(ctx, fs->blocksize * 4,
266 						    "block iterate buffer");
267 	e2fsck_read_bitmaps(ctx);
268 
269 	while (ino) {
270 		e2fsck_read_inode(ctx, ino, &inode, "release_orphan_inodes");
271 		clear_problem_context(&pctx);
272 		pctx.ino = ino;
273 		pctx.inode = &inode;
274 		pctx.str = inode.i_links_count ? _("Truncating") :
275 			_("Clearing");
276 
277 		fix_problem(ctx, PR_0_ORPHAN_CLEAR_INODE, &pctx);
278 
279 		next_ino = inode.i_dtime;
280 		if (next_ino &&
281 		    ((next_ino < EXT2_FIRST_INODE(fs->super)) ||
282 		     (next_ino > fs->super->s_inodes_count))) {
283 			pctx.ino = next_ino;
284 			fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_INODE, &pctx);
285 			goto return_abort;
286 		}
287 
288 		if (release_inode_blocks(ctx, ino, &inode, block_buf, &pctx))
289 			goto return_abort;
290 
291 		if (!inode.i_links_count) {
292 			ext2fs_inode_alloc_stats2(fs, ino, -1,
293 						  LINUX_S_ISDIR(inode.i_mode));
294 			ctx->free_inodes++;
295 			inode.i_dtime = ctx->now;
296 		} else {
297 			inode.i_dtime = 0;
298 		}
299 		e2fsck_write_inode(ctx, ino, &inode, "delete_file");
300 		ino = next_ino;
301 	}
302 	ext2fs_free_mem(&block_buf);
303 	return 0;
304 return_abort:
305 	ext2fs_free_mem(&block_buf);
306 	return 1;
307 }
308 
309 /*
310  * Check the resize inode to make sure it is sane.  We check both for
311  * the case where on-line resizing is not enabled (in which case the
312  * resize inode should be cleared) as well as the case where on-line
313  * resizing is enabled.
314  */
check_resize_inode(e2fsck_t ctx)315 void check_resize_inode(e2fsck_t ctx)
316 {
317 	ext2_filsys fs = ctx->fs;
318 	struct ext2_inode inode;
319 	struct problem_context	pctx;
320 	int		i, gdt_off, ind_off;
321 	dgrp_t		j;
322 	blk_t		blk, pblk;
323 	blk_t		expect;	/* for resize inode, which is 32-bit only */
324 	__u32 		*dind_buf = 0, *ind_buf;
325 	errcode_t	retval;
326 
327 	clear_problem_context(&pctx);
328 
329 	/*
330 	 * If the resize inode feature isn't set, then
331 	 * s_reserved_gdt_blocks must be zero.
332 	 */
333 	if (!ext2fs_has_feature_resize_inode(fs->super)) {
334 		if (fs->super->s_reserved_gdt_blocks) {
335 			pctx.num = fs->super->s_reserved_gdt_blocks;
336 			if (fix_problem(ctx, PR_0_NONZERO_RESERVED_GDT_BLOCKS,
337 					&pctx)) {
338 				fs->super->s_reserved_gdt_blocks = 0;
339 				ext2fs_mark_super_dirty(fs);
340 			}
341 		}
342 	}
343 
344 	/* Read the resize inode */
345 	pctx.ino = EXT2_RESIZE_INO;
346 	retval = ext2fs_read_inode(fs, EXT2_RESIZE_INO, &inode);
347 	if (retval) {
348 		if (ext2fs_has_feature_resize_inode(fs->super))
349 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
350 		return;
351 	}
352 
353 	/*
354 	 * If the resize inode feature isn't set, check to make sure
355 	 * the resize inode is cleared; then we're done.
356 	 */
357 	if (!ext2fs_has_feature_resize_inode(fs->super)) {
358 		for (i=0; i < EXT2_N_BLOCKS; i++) {
359 			if (inode.i_block[i])
360 				break;
361 		}
362 		if ((i < EXT2_N_BLOCKS) &&
363 		    fix_problem(ctx, PR_0_CLEAR_RESIZE_INODE, &pctx)) {
364 			memset(&inode, 0, sizeof(inode));
365 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
366 					   "clear_resize");
367 		}
368 		return;
369 	}
370 
371 	/*
372 	 * The resize inode feature is enabled; check to make sure the
373 	 * only block in use is the double indirect block
374 	 */
375 	blk = inode.i_block[EXT2_DIND_BLOCK];
376 	for (i=0; i < EXT2_N_BLOCKS; i++) {
377 		if (i != EXT2_DIND_BLOCK && inode.i_block[i])
378 			break;
379 	}
380 	if ((i < EXT2_N_BLOCKS) || !blk || !inode.i_links_count ||
381 	    !(inode.i_mode & LINUX_S_IFREG) ||
382 	    (blk < fs->super->s_first_data_block ||
383 	     blk >= ext2fs_blocks_count(fs->super))) {
384 	resize_inode_invalid:
385 		if (fix_problem(ctx, PR_0_RESIZE_INODE_INVALID, &pctx)) {
386 			memset(&inode, 0, sizeof(inode));
387 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
388 					   "clear_resize");
389 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
390 		}
391 		if (!(ctx->options & E2F_OPT_READONLY)) {
392 			fs->super->s_state &= ~EXT2_VALID_FS;
393 			ext2fs_mark_super_dirty(fs);
394 		}
395 		goto cleanup;
396 	}
397 	dind_buf = (__u32 *) e2fsck_allocate_memory(ctx, fs->blocksize * 2,
398 						    "resize dind buffer");
399 	ind_buf = (__u32 *) ((char *) dind_buf + fs->blocksize);
400 
401 	retval = ext2fs_read_ind_block(fs, blk, dind_buf);
402 	if (retval)
403 		goto resize_inode_invalid;
404 
405 	gdt_off = fs->desc_blocks;
406 	pblk = fs->super->s_first_data_block + 1 + fs->desc_blocks;
407 	if (fs->blocksize == 1024 && fs->super->s_first_data_block == 0)
408 		pblk++;	/* Deal with 1024 blocksize bigalloc fs */
409 	for (i = 0; i < fs->super->s_reserved_gdt_blocks / 4;
410 	     i++, gdt_off++, pblk++) {
411 		gdt_off %= fs->blocksize/4;
412 		if (dind_buf[gdt_off] != pblk)
413 			goto resize_inode_invalid;
414 		retval = ext2fs_read_ind_block(fs, pblk, ind_buf);
415 		if (retval)
416 			goto resize_inode_invalid;
417 		ind_off = 0;
418 		for (j = 1; j < fs->group_desc_count; j++) {
419 			if (!ext2fs_bg_has_super(fs, j))
420 				continue;
421 			expect = pblk + EXT2_GROUPS_TO_BLOCKS(fs->super, j);
422 			if (ind_buf[ind_off] != expect)
423 				goto resize_inode_invalid;
424 			ind_off++;
425 		}
426 	}
427 
428 cleanup:
429 	if (dind_buf)
430 		ext2fs_free_mem(&dind_buf);
431 
432  }
433 
434 /*
435  * This function checks the dirhash signed/unsigned hint if necessary.
436  */
e2fsck_fix_dirhash_hint(e2fsck_t ctx)437 static void e2fsck_fix_dirhash_hint(e2fsck_t ctx)
438 {
439 	struct ext2_super_block *sb = ctx->fs->super;
440 	struct problem_context pctx;
441 	char	c;
442 
443 	if ((ctx->options & E2F_OPT_READONLY) ||
444 	    !ext2fs_has_feature_dir_index(sb) ||
445 	    (sb->s_flags & (EXT2_FLAGS_SIGNED_HASH|EXT2_FLAGS_UNSIGNED_HASH)))
446 		return;
447 
448 	c = (char) 255;
449 
450 	clear_problem_context(&pctx);
451 	if (fix_problem(ctx, PR_0_DIRHASH_HINT, &pctx)) {
452 		if (((int) c) == -1) {
453 			sb->s_flags |= EXT2_FLAGS_SIGNED_HASH;
454 		} else {
455 			sb->s_flags |= EXT2_FLAGS_UNSIGNED_HASH;
456 		}
457 		ext2fs_mark_super_dirty(ctx->fs);
458 	}
459 }
460 
461 
check_super_block(e2fsck_t ctx)462 void check_super_block(e2fsck_t ctx)
463 {
464 	ext2_filsys fs = ctx->fs;
465 	blk64_t	first_block, last_block;
466 	struct ext2_super_block *sb = fs->super;
467 	unsigned int	ipg_max;
468 	problem_t	problem;
469 	blk64_t	blocks_per_group = fs->super->s_blocks_per_group;
470 	__u32	bpg_max, cpg_max;
471 	int	inodes_per_block;
472 	int	inode_size;
473 	int	accept_time_fudge;
474 	int	broken_system_clock;
475 	dgrp_t	i;
476 	blk64_t	should_be;
477 	struct problem_context	pctx;
478 	blk64_t	free_blocks = 0;
479 	ino_t	free_inodes = 0;
480 	int     csum_flag, clear_test_fs_flag;
481 
482 	inodes_per_block = EXT2_INODES_PER_BLOCK(fs->super);
483 	ipg_max = inodes_per_block * (blocks_per_group - 4);
484 	if (ipg_max > EXT2_MAX_INODES_PER_GROUP(sb))
485 		ipg_max = EXT2_MAX_INODES_PER_GROUP(sb);
486 	cpg_max = 8 * EXT2_BLOCK_SIZE(sb);
487 	if (cpg_max > EXT2_MAX_CLUSTERS_PER_GROUP(sb))
488 		cpg_max = EXT2_MAX_CLUSTERS_PER_GROUP(sb);
489 	bpg_max = 8 * EXT2_BLOCK_SIZE(sb) * EXT2FS_CLUSTER_RATIO(fs);
490 	if (bpg_max > EXT2_MAX_BLOCKS_PER_GROUP(sb))
491 		bpg_max = EXT2_MAX_BLOCKS_PER_GROUP(sb);
492 
493 	ctx->invalid_inode_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
494 		 sizeof(int) * fs->group_desc_count, "invalid_inode_bitmap");
495 	ctx->invalid_block_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
496 		 sizeof(int) * fs->group_desc_count, "invalid_block_bitmap");
497 	ctx->invalid_inode_table_flag = (int *) e2fsck_allocate_memory(ctx,
498 		sizeof(int) * fs->group_desc_count, "invalid_inode_table");
499 
500 	clear_problem_context(&pctx);
501 
502 	/*
503 	 * Verify the super block constants...
504 	 */
505 	check_super_value(ctx, "inodes_count", sb->s_inodes_count,
506 			  MIN_CHECK, 1, 0);
507 	check_super_value(ctx, "blocks_count", ext2fs_blocks_count(sb),
508 			  MIN_CHECK, 1, 0);
509 	check_super_value(ctx, "first_data_block", sb->s_first_data_block,
510 			  MAX_CHECK, 0, ext2fs_blocks_count(sb));
511 	check_super_value(ctx, "log_block_size", sb->s_log_block_size,
512 			  MIN_CHECK | MAX_CHECK, 0,
513 			  EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE);
514 	check_super_value(ctx, "log_cluster_size",
515 			  sb->s_log_cluster_size,
516 			  MIN_CHECK | MAX_CHECK, sb->s_log_block_size,
517 			  (EXT2_MAX_CLUSTER_LOG_SIZE -
518 			   EXT2_MIN_CLUSTER_LOG_SIZE));
519 	check_super_value(ctx, "clusters_per_group", sb->s_clusters_per_group,
520 			  MIN_CHECK | MAX_CHECK, 8, cpg_max);
521 	check_super_value(ctx, "blocks_per_group", sb->s_blocks_per_group,
522 			  MIN_CHECK | MAX_CHECK, 8, bpg_max);
523 	check_super_value(ctx, "inodes_per_group", sb->s_inodes_per_group,
524 			  MIN_CHECK | MAX_CHECK, inodes_per_block, ipg_max);
525 	check_super_value(ctx, "r_blocks_count", ext2fs_r_blocks_count(sb),
526 			  MAX_CHECK, 0, ext2fs_blocks_count(sb) / 2);
527 	check_super_value(ctx, "reserved_gdt_blocks",
528 			  sb->s_reserved_gdt_blocks, MAX_CHECK, 0,
529 			  fs->blocksize / sizeof(__u32));
530 	check_super_value(ctx, "desc_size",
531 			  sb->s_desc_size, MAX_CHECK | LOG2_CHECK, 0,
532 			  EXT2_MAX_DESC_SIZE);
533 	if (sb->s_rev_level > EXT2_GOOD_OLD_REV)
534 		check_super_value(ctx, "first_ino", sb->s_first_ino,
535 				  MIN_CHECK | MAX_CHECK,
536 				  EXT2_GOOD_OLD_FIRST_INO, sb->s_inodes_count);
537 	inode_size = EXT2_INODE_SIZE(sb);
538 	check_super_value(ctx, "inode_size",
539 			  inode_size, MIN_CHECK | MAX_CHECK | LOG2_CHECK,
540 			  EXT2_GOOD_OLD_INODE_SIZE, fs->blocksize);
541 	if (sb->s_blocks_per_group != (sb->s_clusters_per_group *
542 				       EXT2FS_CLUSTER_RATIO(fs))) {
543 		pctx.num = sb->s_clusters_per_group * EXT2FS_CLUSTER_RATIO(fs);
544 		pctx.str = "block_size";
545 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
546 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
547 		return;
548 	}
549 
550 	if ((ctx->flags & E2F_FLAG_GOT_DEVSIZE) &&
551 	    (ctx->num_blocks < ext2fs_blocks_count(sb))) {
552 		pctx.blk = ext2fs_blocks_count(sb);
553 		pctx.blk2 = ctx->num_blocks;
554 		if (fix_problem(ctx, PR_0_FS_SIZE_WRONG, &pctx)) {
555 			ctx->flags |= E2F_FLAG_ABORT;
556 			return;
557 		}
558 	}
559 
560 	should_be = (sb->s_log_block_size == 0 &&
561 		     EXT2FS_CLUSTER_RATIO(fs) == 1) ? 1 : 0;
562 	if (sb->s_first_data_block != should_be) {
563 		pctx.blk = sb->s_first_data_block;
564 		pctx.blk2 = should_be;
565 		fix_problem(ctx, PR_0_FIRST_DATA_BLOCK, &pctx);
566 		ctx->flags |= E2F_FLAG_ABORT;
567 		return;
568 	}
569 
570 	should_be = (blk64_t)sb->s_inodes_per_group * fs->group_desc_count;
571 	if (should_be > UINT_MAX)
572 		should_be = UINT_MAX;
573 	if (sb->s_inodes_count != should_be) {
574 		pctx.ino = sb->s_inodes_count;
575 		pctx.ino2 = should_be;
576 		if (fix_problem(ctx, PR_0_INODE_COUNT_WRONG, &pctx)) {
577 			sb->s_inodes_count = should_be;
578 			ext2fs_mark_super_dirty(fs);
579 		}
580 	}
581 	if (EXT2_INODE_SIZE(sb) > EXT2_GOOD_OLD_INODE_SIZE) {
582 		unsigned min =
583 			sizeof(((struct ext2_inode_large *) 0)->i_extra_isize) +
584 			sizeof(((struct ext2_inode_large *) 0)->i_checksum_hi);
585 		unsigned max = EXT2_INODE_SIZE(sb) - EXT2_GOOD_OLD_INODE_SIZE;
586 		pctx.num = sb->s_min_extra_isize;
587 		if (sb->s_min_extra_isize &&
588 		    (sb->s_min_extra_isize < min ||
589 		     sb->s_min_extra_isize > max ||
590 		     sb->s_min_extra_isize & 3) &&
591 		    fix_problem(ctx, PR_0_BAD_MIN_EXTRA_ISIZE, &pctx)) {
592 			sb->s_min_extra_isize =
593 				(sizeof(struct ext2_inode_large) -
594 				 EXT2_GOOD_OLD_INODE_SIZE);
595 			ext2fs_mark_super_dirty(fs);
596 		}
597 		pctx.num = sb->s_want_extra_isize;
598 		if (sb->s_want_extra_isize &&
599 		    (sb->s_want_extra_isize < min ||
600 		     sb->s_want_extra_isize > max ||
601 		     sb->s_want_extra_isize & 3) &&
602 		    fix_problem(ctx, PR_0_BAD_WANT_EXTRA_ISIZE, &pctx)) {
603 			sb->s_want_extra_isize =
604 				(sizeof(struct ext2_inode_large) -
605 				 EXT2_GOOD_OLD_INODE_SIZE);
606 			ext2fs_mark_super_dirty(fs);
607 		}
608 	}
609 
610 	/* Are metadata_csum and uninit_bg both set? */
611 	if (ext2fs_has_feature_metadata_csum(fs->super) &&
612 	    ext2fs_has_feature_gdt_csum(fs->super) &&
613 	    fix_problem(ctx, PR_0_META_AND_GDT_CSUM_SET, &pctx)) {
614 		ext2fs_clear_feature_gdt_csum(fs->super);
615 		ext2fs_mark_super_dirty(fs);
616 		for (i = 0; i < fs->group_desc_count; i++)
617 			ext2fs_group_desc_csum_set(fs, i);
618 	}
619 
620 	/* We can't have ^metadata_csum,metadata_csum_seed */
621 	if (!ext2fs_has_feature_metadata_csum(fs->super) &&
622 	    ext2fs_has_feature_csum_seed(fs->super) &&
623 	    fix_problem(ctx, PR_0_CSUM_SEED_WITHOUT_META_CSUM, &pctx)) {
624 		ext2fs_clear_feature_csum_seed(fs->super);
625 		fs->super->s_checksum_seed = 0;
626 		ext2fs_mark_super_dirty(fs);
627 	}
628 
629 	/* Is 64bit set and extents unset? */
630 	if (ext2fs_has_feature_64bit(fs->super) &&
631 	    !ext2fs_has_feature_extents(fs->super) &&
632 	    fix_problem(ctx, PR_0_64BIT_WITHOUT_EXTENTS, &pctx)) {
633 		ext2fs_set_feature_extents(fs->super);
634 		ext2fs_mark_super_dirty(fs);
635 	}
636 
637 	/* Did user ask us to convert files to extents? */
638 	if (ctx->options & E2F_OPT_CONVERT_BMAP) {
639 		ext2fs_set_feature_extents(fs->super);
640 		ext2fs_mark_super_dirty(fs);
641 	}
642 
643 	if (ext2fs_has_feature_meta_bg(fs->super) &&
644 	    (fs->super->s_first_meta_bg > fs->desc_blocks)) {
645 		pctx.group = fs->desc_blocks;
646 		pctx.num = fs->super->s_first_meta_bg;
647 		if (fix_problem(ctx, PR_0_FIRST_META_BG_TOO_BIG, &pctx)) {
648 			ext2fs_clear_feature_meta_bg(fs->super);
649 			fs->super->s_first_meta_bg = 0;
650 			ext2fs_mark_super_dirty(fs);
651 		}
652 	}
653 
654 	/*
655 	 * Verify the group descriptors....
656 	 */
657 	first_block = sb->s_first_data_block;
658 	last_block = ext2fs_blocks_count(sb)-1;
659 
660 	csum_flag = ext2fs_has_group_desc_csum(fs);
661 	for (i = 0; i < fs->group_desc_count; i++) {
662 		pctx.group = i;
663 
664 		if (!ext2fs_has_feature_flex_bg(fs->super)) {
665 			first_block = ext2fs_group_first_block2(fs, i);
666 			last_block = ext2fs_group_last_block2(fs, i);
667 		}
668 
669 		if ((ext2fs_block_bitmap_loc(fs, i) < first_block) ||
670 		    (ext2fs_block_bitmap_loc(fs, i) > last_block)) {
671 			pctx.blk = ext2fs_block_bitmap_loc(fs, i);
672 			if (fix_problem(ctx, PR_0_BB_NOT_GROUP, &pctx))
673 				ext2fs_block_bitmap_loc_set(fs, i, 0);
674 		}
675 		if (ext2fs_block_bitmap_loc(fs, i) == 0) {
676 			ctx->invalid_block_bitmap_flag[i]++;
677 			ctx->invalid_bitmaps++;
678 		}
679 		if ((ext2fs_inode_bitmap_loc(fs, i) < first_block) ||
680 		    (ext2fs_inode_bitmap_loc(fs, i) > last_block)) {
681 			pctx.blk = ext2fs_inode_bitmap_loc(fs, i);
682 			if (fix_problem(ctx, PR_0_IB_NOT_GROUP, &pctx))
683 				ext2fs_inode_bitmap_loc_set(fs, i, 0);
684 		}
685 		if (ext2fs_inode_bitmap_loc(fs, i) == 0) {
686 			ctx->invalid_inode_bitmap_flag[i]++;
687 			ctx->invalid_bitmaps++;
688 		}
689 		if ((ext2fs_inode_table_loc(fs, i) < first_block) ||
690 		    ((ext2fs_inode_table_loc(fs, i) +
691 		      fs->inode_blocks_per_group - 1) > last_block)) {
692 			pctx.blk = ext2fs_inode_table_loc(fs, i);
693 			if (fix_problem(ctx, PR_0_ITABLE_NOT_GROUP, &pctx))
694 				ext2fs_inode_table_loc_set(fs, i, 0);
695 		}
696 		if (ext2fs_inode_table_loc(fs, i) == 0) {
697 			ctx->invalid_inode_table_flag[i]++;
698 			ctx->invalid_bitmaps++;
699 		}
700 		free_blocks += ext2fs_bg_free_blocks_count(fs, i);
701 		free_inodes += ext2fs_bg_free_inodes_count(fs, i);
702 
703 		if ((ext2fs_bg_free_blocks_count(fs, i) > sb->s_blocks_per_group) ||
704 		    (ext2fs_bg_free_inodes_count(fs, i) > sb->s_inodes_per_group) ||
705 		    (ext2fs_bg_used_dirs_count(fs, i) > sb->s_inodes_per_group))
706 			ext2fs_unmark_valid(fs);
707 
708 		should_be = 0;
709 		if (!ext2fs_group_desc_csum_verify(fs, i)) {
710 			pctx.csum1 = ext2fs_bg_checksum(fs, i);
711 			pctx.csum2 = ext2fs_group_desc_csum(fs, i);
712 			if (fix_problem(ctx, PR_0_GDT_CSUM, &pctx)) {
713 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
714 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_INODE_UNINIT);
715 				ext2fs_bg_itable_unused_set(fs, i, 0);
716 				should_be = 1;
717 			}
718 			ext2fs_unmark_valid(fs);
719 		}
720 
721 		if (!csum_flag &&
722 		    (ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT) ||
723 		     ext2fs_bg_flags_test(fs, i, EXT2_BG_INODE_UNINIT) ||
724 		     ext2fs_bg_itable_unused(fs, i) != 0)) {
725 			if (fix_problem(ctx, PR_0_GDT_UNINIT, &pctx)) {
726 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
727 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_INODE_UNINIT);
728 				ext2fs_bg_itable_unused_set(fs, i, 0);
729 				should_be = 1;
730 			}
731 			ext2fs_unmark_valid(fs);
732 		}
733 
734 		if (i == fs->group_desc_count - 1 &&
735 		    ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT)) {
736 			if (fix_problem(ctx, PR_0_BB_UNINIT_LAST, &pctx)) {
737 				ext2fs_bg_flags_clear(fs, i, EXT2_BG_BLOCK_UNINIT);
738 				should_be = 1;
739 			}
740 			ext2fs_unmark_valid(fs);
741 		}
742 
743 		if (csum_flag &&
744 		    (ext2fs_bg_itable_unused(fs, i) > ext2fs_bg_free_inodes_count(fs, i) ||
745 		     ext2fs_bg_itable_unused(fs, i) > sb->s_inodes_per_group)) {
746 			pctx.blk = ext2fs_bg_itable_unused(fs, i);
747 			if (fix_problem(ctx, PR_0_GDT_ITABLE_UNUSED, &pctx)) {
748 				ext2fs_bg_itable_unused_set(fs, i, 0);
749 				should_be = 1;
750 			}
751 			ext2fs_unmark_valid(fs);
752 		}
753 
754 		if (should_be)
755 			ext2fs_group_desc_csum_set(fs, i);
756 		/* If the user aborts e2fsck by typing ^C, stop right away */
757 		if (ctx->flags & E2F_FLAG_SIGNAL_MASK)
758 			return;
759 	}
760 
761 	ctx->free_blocks = EXT2FS_C2B(fs, free_blocks);
762 	ctx->free_inodes = free_inodes;
763 
764 	if ((ext2fs_free_blocks_count(sb) > ext2fs_blocks_count(sb)) ||
765 	    (sb->s_free_inodes_count > sb->s_inodes_count))
766 		ext2fs_unmark_valid(fs);
767 
768 
769 	/*
770 	 * If we have invalid bitmaps, set the error state of the
771 	 * filesystem.
772 	 */
773 	if (ctx->invalid_bitmaps && !(ctx->options & E2F_OPT_READONLY)) {
774 		sb->s_state &= ~EXT2_VALID_FS;
775 		ext2fs_mark_super_dirty(fs);
776 	}
777 
778 	clear_problem_context(&pctx);
779 
780 #ifndef EXT2_SKIP_UUID
781 	/*
782 	 * If the UUID field isn't assigned, assign it.
783 	 * Skip if checksums are enabled and the filesystem is mounted,
784 	 * if the id changes under the kernel remounting rw may fail.
785 	 */
786 	if (!(ctx->options & E2F_OPT_READONLY) && uuid_is_null(sb->s_uuid) &&
787 	    !ext2fs_has_feature_metadata_csum(ctx->fs->super) &&
788 	    (!csum_flag || !(ctx->mount_flags & EXT2_MF_MOUNTED))) {
789 		if (fix_problem(ctx, PR_0_ADD_UUID, &pctx)) {
790 			uuid_generate(sb->s_uuid);
791 			ext2fs_init_csum_seed(fs);
792 			fs->flags |= EXT2_FLAG_DIRTY;
793 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
794 		}
795 	}
796 #endif
797 
798 	/*
799 	 * Check to see if we should disable the test_fs flag
800 	 */
801 	profile_get_boolean(ctx->profile, "options",
802 			    "clear_test_fs_flag", 0, 1,
803 			    &clear_test_fs_flag);
804 	if (!(ctx->options & E2F_OPT_READONLY) &&
805 	    clear_test_fs_flag &&
806 	    (fs->super->s_flags & EXT2_FLAGS_TEST_FILESYS) &&
807 	    (fs_proc_check("ext4") || check_for_modules("ext4"))) {
808 		if (fix_problem(ctx, PR_0_CLEAR_TESTFS_FLAG, &pctx)) {
809 			fs->super->s_flags &= ~EXT2_FLAGS_TEST_FILESYS;
810 			fs->flags |= EXT2_FLAG_DIRTY;
811 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
812 		}
813 	}
814 
815 	/*
816 	 * For the Hurd, check to see if the filetype option is set,
817 	 * since it doesn't support it.
818 	 */
819 	if (!(ctx->options & E2F_OPT_READONLY) &&
820 	    fs->super->s_creator_os == EXT2_OS_HURD &&
821 	    ext2fs_has_feature_filetype(fs->super)) {
822 		if (fix_problem(ctx, PR_0_HURD_CLEAR_FILETYPE, &pctx)) {
823 			ext2fs_clear_feature_filetype(fs->super);
824 			ext2fs_mark_super_dirty(fs);
825 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
826 		}
827 	}
828 
829 	/*
830 	 * If we have any of the compatibility flags set, we need to have a
831 	 * revision 1 filesystem.  Most kernels will not check the flags on
832 	 * a rev 0 filesystem and we may have corruption issues because of
833 	 * the incompatible changes to the filesystem.
834 	 */
835 	if (!(ctx->options & E2F_OPT_READONLY) &&
836 	    fs->super->s_rev_level == EXT2_GOOD_OLD_REV &&
837 	    (fs->super->s_feature_compat ||
838 	     fs->super->s_feature_ro_compat ||
839 	     fs->super->s_feature_incompat) &&
840 	    fix_problem(ctx, PR_0_FS_REV_LEVEL, &pctx)) {
841 		ext2fs_update_dynamic_rev(fs);
842 		ext2fs_mark_super_dirty(fs);
843 		fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
844 	}
845 
846 	/*
847 	 * Clean up any orphan inodes, if present.
848 	 */
849 	if (!(ctx->options & E2F_OPT_READONLY) && release_orphan_inodes(ctx)) {
850 		fs->super->s_state &= ~EXT2_VALID_FS;
851 		ext2fs_mark_super_dirty(fs);
852 	}
853 
854 	/*
855 	 * Unfortunately, due to Windows' unfortunate design decision
856 	 * to configure the hardware clock to tick localtime, instead
857 	 * of the more proper and less error-prone UTC time, many
858 	 * users end up in the situation where the system clock is
859 	 * incorrectly set at the time when e2fsck is run.
860 	 *
861 	 * Historically this was usually due to some distributions
862 	 * having buggy init scripts and/or installers that didn't
863 	 * correctly detect this case and take appropriate
864 	 * countermeasures.  However, it's still possible, despite the
865 	 * best efforts of init script and installer authors to not be
866 	 * able to detect this misconfiguration, usually due to a
867 	 * buggy or misconfigured virtualization manager or the
868 	 * installer not having access to a network time server during
869 	 * the installation process.  So by default, we allow the
870 	 * superblock times to be fudged by up to 24 hours.  This can
871 	 * be disabled by setting options.accept_time_fudge to the
872 	 * boolean value of false in e2fsck.conf.  We also support
873 	 * options.buggy_init_scripts for backwards compatibility.
874 	 */
875 	profile_get_boolean(ctx->profile, "options", "accept_time_fudge",
876 			    0, 1, &accept_time_fudge);
877 	profile_get_boolean(ctx->profile, "options", "buggy_init_scripts",
878 			    0, accept_time_fudge, &accept_time_fudge);
879 	ctx->time_fudge = accept_time_fudge ? 86400 : 0;
880 
881 	profile_get_boolean(ctx->profile, "options", "broken_system_clock",
882 			    0, 0, &broken_system_clock);
883 
884 	/*
885 	 * Check to see if the superblock last mount time or last
886 	 * write time is in the future.
887 	 */
888 	if (!broken_system_clock &&
889 	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
890 	    fs->super->s_mtime > (__u32) ctx->now) {
891 		pctx.num = fs->super->s_mtime;
892 		problem = PR_0_FUTURE_SB_LAST_MOUNT;
893 		if (fs->super->s_mtime <= (__u32) ctx->now + ctx->time_fudge)
894 			problem = PR_0_FUTURE_SB_LAST_MOUNT_FUDGED;
895 		if (fix_problem(ctx, problem, &pctx)) {
896 			fs->super->s_mtime = ctx->now;
897 			fs->flags |= EXT2_FLAG_DIRTY;
898 		}
899 	}
900 	if (!broken_system_clock &&
901 	    !(ctx->flags & E2F_FLAG_TIME_INSANE) &&
902 	    fs->super->s_wtime > (__u32) ctx->now) {
903 		pctx.num = fs->super->s_wtime;
904 		problem = PR_0_FUTURE_SB_LAST_WRITE;
905 		if (fs->super->s_wtime <= (__u32) ctx->now + ctx->time_fudge)
906 			problem = PR_0_FUTURE_SB_LAST_WRITE_FUDGED;
907 		if (fix_problem(ctx, problem, &pctx)) {
908 			fs->super->s_wtime = ctx->now;
909 			fs->flags |= EXT2_FLAG_DIRTY;
910 		}
911 	}
912 
913 	/*
914 	 * Move the ext3 journal file, if necessary.
915 	 */
916 	e2fsck_move_ext3_journal(ctx);
917 
918 	/*
919 	 * Fix journal hint, if necessary
920 	 */
921 	e2fsck_fix_ext3_journal_hint(ctx);
922 
923 	/*
924 	 * Add dirhash hint if necessary
925 	 */
926 	e2fsck_fix_dirhash_hint(ctx);
927 
928 	/*
929 	 * Hide quota inodes if necessary.
930 	 */
931 	e2fsck_hide_quota(ctx);
932 
933 	return;
934 }
935 
936 /*
937  * Check to see if we should backup the master sb to the backup super
938  * blocks.  Returns non-zero if the sb should be backed up.
939  */
940 
941 /*
942  * A few flags are set on the fly by the kernel, but only in the
943  * primary superblock.  This is actually a bad thing, and we should
944  * try to discourage it in the future.  In particular, for the newer
945  * ext4 files, especially EXT4_FEATURE_RO_COMPAT_DIR_NLINK and
946  * EXT3_FEATURE_INCOMPAT_EXTENTS.  So some of these may go away in the
947  * future.  EXT3_FEATURE_INCOMPAT_RECOVER may also get set when
948  * copying the primary superblock during online resize.
949  *
950  * The kernel will set EXT2_FEATURE_COMPAT_EXT_ATTR, but
951  * unfortunately, we shouldn't ignore it since if it's not set in the
952  * backup, the extended attributes in the filesystem will be stripped
953  * away.
954  */
955 #define FEATURE_RO_COMPAT_IGNORE	(EXT2_FEATURE_RO_COMPAT_LARGE_FILE| \
956 					 EXT4_FEATURE_RO_COMPAT_DIR_NLINK)
957 #define FEATURE_INCOMPAT_IGNORE		(EXT3_FEATURE_INCOMPAT_EXTENTS| \
958 					 EXT3_FEATURE_INCOMPAT_RECOVER)
959 
check_backup_super_block(e2fsck_t ctx)960 int check_backup_super_block(e2fsck_t ctx)
961 {
962 	ext2_filsys	fs = ctx->fs;
963 	errcode_t	retval;
964 	dgrp_t		g;
965 	blk64_t		sb;
966 	int		ret = 0;
967 	char		buf[SUPERBLOCK_SIZE];
968 	struct ext2_super_block	*backup_sb;
969 
970 	/*
971 	 * If we are already writing out the backup blocks, then we
972 	 * don't need to test.  Also, if the filesystem is invalid, or
973 	 * the check was aborted or cancelled, we also don't want to
974 	 * do the backup.  If the filesystem was opened read-only then
975 	 * we can't do the backup.
976 	 */
977 	if (((fs->flags & EXT2_FLAG_MASTER_SB_ONLY) == 0) ||
978 	    !ext2fs_test_valid(fs) ||
979 	    (fs->super->s_state & EXT2_ERROR_FS) ||
980 	    (ctx->flags & (E2F_FLAG_ABORT | E2F_FLAG_CANCEL)) ||
981 	    (ctx->options & E2F_OPT_READONLY))
982 		return 0;
983 
984 	for (g = 1; g < fs->group_desc_count; g++) {
985 		if (!ext2fs_bg_has_super(fs, g))
986 			continue;
987 
988 		sb = ext2fs_group_first_block2(fs, g);
989 
990 		retval = io_channel_read_blk(fs->io, sb, -SUPERBLOCK_SIZE,
991 					     buf);
992 		if (retval)
993 			continue;
994 		backup_sb = (struct ext2_super_block *) buf;
995 #ifdef WORDS_BIGENDIAN
996 		ext2fs_swap_super(backup_sb);
997 #endif
998 		if ((backup_sb->s_magic != EXT2_SUPER_MAGIC) ||
999 		    (backup_sb->s_rev_level > EXT2_LIB_CURRENT_REV) ||
1000 		    ((backup_sb->s_log_block_size + EXT2_MIN_BLOCK_LOG_SIZE) >
1001 		     EXT2_MAX_BLOCK_LOG_SIZE) ||
1002 		    (EXT2_INODE_SIZE(backup_sb) < EXT2_GOOD_OLD_INODE_SIZE))
1003 			continue;
1004 
1005 #define SUPER_INCOMPAT_DIFFERENT(x)	\
1006 	((fs->super->x & ~FEATURE_INCOMPAT_IGNORE) !=	\
1007 	 (backup_sb->x & ~FEATURE_INCOMPAT_IGNORE))
1008 #define SUPER_RO_COMPAT_DIFFERENT(x)	\
1009 	((fs->super->x & ~FEATURE_RO_COMPAT_IGNORE) !=	\
1010 	 (backup_sb->x & ~FEATURE_RO_COMPAT_IGNORE))
1011 #define SUPER_DIFFERENT(x)		\
1012 	(fs->super->x != backup_sb->x)
1013 
1014 		if (SUPER_DIFFERENT(s_feature_compat) ||
1015 		    SUPER_INCOMPAT_DIFFERENT(s_feature_incompat) ||
1016 		    SUPER_RO_COMPAT_DIFFERENT(s_feature_ro_compat) ||
1017 		    SUPER_DIFFERENT(s_blocks_count) ||
1018 		    SUPER_DIFFERENT(s_blocks_count_hi) ||
1019 		    SUPER_DIFFERENT(s_inodes_count) ||
1020 		    memcmp(fs->super->s_uuid, backup_sb->s_uuid,
1021 			   sizeof(fs->super->s_uuid)))
1022 			ret = 1;
1023 		break;
1024 	}
1025 	return ret;
1026 }
1027