• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * e2fsck.c - superblock checks
3  *
4  * Copyright (C) 1993, 1994, 1995, 1996, 1997 Theodore Ts'o.
5  *
6  * %Begin-Header%
7  * This file may be redistributed under the terms of the GNU Public
8  * License.
9  * %End-Header%
10  */
11 
12 #ifdef HAVE_ERRNO_H
13 #include <errno.h>
14 #endif
15 
16 #ifndef EXT2_SKIP_UUID
17 #include "uuid/uuid.h"
18 #endif
19 #include "e2fsck.h"
20 #include "problem.h"
21 
22 #define MIN_CHECK 1
23 #define MAX_CHECK 2
24 
check_super_value(e2fsck_t ctx,const char * descr,unsigned long value,int flags,unsigned long min_val,unsigned long max_val)25 static void check_super_value(e2fsck_t ctx, const char *descr,
26 			      unsigned long value, int flags,
27 			      unsigned long min_val, unsigned long max_val)
28 {
29 	struct		problem_context pctx;
30 
31 	if (((flags & MIN_CHECK) && (value < min_val)) ||
32 	    ((flags & MAX_CHECK) && (value > max_val))) {
33 		clear_problem_context(&pctx);
34 		pctx.num = value;
35 		pctx.str = descr;
36 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
37 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
38 	}
39 }
40 
41 /*
42  * helper function to release an inode
43  */
44 struct process_block_struct {
45 	e2fsck_t 	ctx;
46 	char 		*buf;
47 	struct problem_context *pctx;
48 	int		truncating;
49 	int		truncate_offset;
50 	e2_blkcnt_t	truncate_block;
51 	int		truncated_blocks;
52 	int		abort;
53 	errcode_t	errcode;
54 };
55 
release_inode_block(ext2_filsys fs,blk_t * block_nr,e2_blkcnt_t blockcnt,blk_t ref_blk EXT2FS_ATTR ((unused)),int ref_offset EXT2FS_ATTR ((unused)),void * priv_data)56 static int release_inode_block(ext2_filsys fs,
57 			       blk_t	*block_nr,
58 			       e2_blkcnt_t blockcnt,
59 			       blk_t	ref_blk EXT2FS_ATTR((unused)),
60 			       int	ref_offset EXT2FS_ATTR((unused)),
61 			       void *priv_data)
62 {
63 	struct process_block_struct *pb;
64 	e2fsck_t 		ctx;
65 	struct problem_context	*pctx;
66 	blk_t			blk = *block_nr;
67 	int			retval = 0;
68 
69 	pb = (struct process_block_struct *) priv_data;
70 	ctx = pb->ctx;
71 	pctx = pb->pctx;
72 
73 	pctx->blk = blk;
74 	pctx->blkcount = blockcnt;
75 
76 	if (HOLE_BLKADDR(blk))
77 		return 0;
78 
79 	if ((blk < fs->super->s_first_data_block) ||
80 	    (blk >= fs->super->s_blocks_count)) {
81 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_BLOCK_NUM, pctx);
82 	return_abort:
83 		pb->abort = 1;
84 		return BLOCK_ABORT;
85 	}
86 
87 	if (!ext2fs_test_block_bitmap(fs->block_map, blk)) {
88 		fix_problem(ctx, PR_0_ORPHAN_ALREADY_CLEARED_BLOCK, pctx);
89 		goto return_abort;
90 	}
91 
92 	/*
93 	 * If we are deleting an orphan, then we leave the fields alone.
94 	 * If we are truncating an orphan, then update the inode fields
95 	 * and clean up any partial block data.
96 	 */
97 	if (pb->truncating) {
98 		/*
99 		 * We only remove indirect blocks if they are
100 		 * completely empty.
101 		 */
102 		if (blockcnt < 0) {
103 			int	i, limit;
104 			blk_t	*bp;
105 
106 			pb->errcode = io_channel_read_blk(fs->io, blk, 1,
107 							pb->buf);
108 			if (pb->errcode)
109 				goto return_abort;
110 
111 			limit = fs->blocksize >> 2;
112 			for (i = 0, bp = (blk_t *) pb->buf;
113 			     i < limit;	 i++, bp++)
114 				if (*bp)
115 					return 0;
116 		}
117 		/*
118 		 * We don't remove direct blocks until we've reached
119 		 * the truncation block.
120 		 */
121 		if (blockcnt >= 0 && blockcnt < pb->truncate_block)
122 			return 0;
123 		/*
124 		 * If part of the last block needs truncating, we do
125 		 * it here.
126 		 */
127 		if ((blockcnt == pb->truncate_block) && pb->truncate_offset) {
128 			pb->errcode = io_channel_read_blk(fs->io, blk, 1,
129 							pb->buf);
130 			if (pb->errcode)
131 				goto return_abort;
132 			memset(pb->buf + pb->truncate_offset, 0,
133 			       fs->blocksize - pb->truncate_offset);
134 			pb->errcode = io_channel_write_blk(fs->io, blk, 1,
135 							 pb->buf);
136 			if (pb->errcode)
137 				goto return_abort;
138 		}
139 		pb->truncated_blocks++;
140 		*block_nr = 0;
141 		retval |= BLOCK_CHANGED;
142 	}
143 
144 	ext2fs_block_alloc_stats(fs, blk, -1);
145 	return retval;
146 }
147 
148 /*
149  * This function releases an inode.  Returns 1 if an inconsistency was
150  * found.  If the inode has a link count, then it is being truncated and
151  * not deleted.
152  */
release_inode_blocks(e2fsck_t ctx,ext2_ino_t ino,struct ext2_inode * inode,char * block_buf,struct problem_context * pctx)153 static int release_inode_blocks(e2fsck_t ctx, ext2_ino_t ino,
154 				struct ext2_inode *inode, char *block_buf,
155 				struct problem_context *pctx)
156 {
157 	struct process_block_struct 	pb;
158 	ext2_filsys			fs = ctx->fs;
159 	errcode_t			retval;
160 	__u32				count;
161 
162 	if (!ext2fs_inode_has_valid_blocks(inode))
163 		return 0;
164 
165 	pb.buf = block_buf + 3 * ctx->fs->blocksize;
166 	pb.ctx = ctx;
167 	pb.abort = 0;
168 	pb.errcode = 0;
169 	pb.pctx = pctx;
170 	if (inode->i_links_count) {
171 		pb.truncating = 1;
172 		pb.truncate_block = (e2_blkcnt_t)
173 			((((long long)inode->i_size_high << 32) +
174 			  inode->i_size + fs->blocksize - 1) /
175 			 fs->blocksize);
176 		pb.truncate_offset = inode->i_size % fs->blocksize;
177 	} else {
178 		pb.truncating = 0;
179 		pb.truncate_block = 0;
180 		pb.truncate_offset = 0;
181 	}
182 	pb.truncated_blocks = 0;
183 	retval = ext2fs_block_iterate2(fs, ino, BLOCK_FLAG_DEPTH_TRAVERSE,
184 				      block_buf, release_inode_block, &pb);
185 	if (retval) {
186 		com_err("release_inode_blocks", retval,
187 			_("while calling ext2fs_block_iterate for inode %d"),
188 			ino);
189 		return 1;
190 	}
191 	if (pb.abort)
192 		return 1;
193 
194 	/* Refresh the inode since ext2fs_block_iterate may have changed it */
195 	e2fsck_read_inode(ctx, ino, inode, "release_inode_blocks");
196 
197 	if (pb.truncated_blocks)
198 		ext2fs_iblk_sub_blocks(fs, inode, pb.truncated_blocks);
199 
200 	if (inode->i_file_acl) {
201 		retval = ext2fs_adjust_ea_refcount(fs, inode->i_file_acl,
202 						   block_buf, -1, &count);
203 		if (retval == EXT2_ET_BAD_EA_BLOCK_NUM) {
204 			retval = 0;
205 			count = 1;
206 		}
207 		if (retval) {
208 			com_err("release_inode_blocks", retval,
209 		_("while calling ext2fs_adjust_ea_refcount for inode %d"),
210 				ino);
211 			return 1;
212 		}
213 		if (count == 0)
214 			ext2fs_block_alloc_stats(fs, inode->i_file_acl, -1);
215 		inode->i_file_acl = 0;
216 	}
217 	return 0;
218 }
219 
220 /*
221  * This function releases all of the orphan inodes.  It returns 1 if
222  * it hit some error, and 0 on success.
223  */
release_orphan_inodes(e2fsck_t ctx)224 static int release_orphan_inodes(e2fsck_t ctx)
225 {
226 	ext2_filsys fs = ctx->fs;
227 	ext2_ino_t	ino, next_ino;
228 	struct ext2_inode inode;
229 	struct problem_context pctx;
230 	char *block_buf;
231 
232 	if ((ino = fs->super->s_last_orphan) == 0)
233 		return 0;
234 
235 	/*
236 	 * Win or lose, we won't be using the head of the orphan inode
237 	 * list again.
238 	 */
239 	fs->super->s_last_orphan = 0;
240 	ext2fs_mark_super_dirty(fs);
241 
242 	/*
243 	 * If the filesystem contains errors, don't run the orphan
244 	 * list, since the orphan list can't be trusted; and we're
245 	 * going to be running a full e2fsck run anyway...
246 	 */
247 	if (fs->super->s_state & EXT2_ERROR_FS)
248 		return 0;
249 
250 	if ((ino < EXT2_FIRST_INODE(fs->super)) ||
251 	    (ino > fs->super->s_inodes_count)) {
252 		clear_problem_context(&pctx);
253 		pctx.ino = ino;
254 		fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_HEAD_INODE, &pctx);
255 		return 1;
256 	}
257 
258 	block_buf = (char *) e2fsck_allocate_memory(ctx, fs->blocksize * 4,
259 						    "block iterate buffer");
260 	e2fsck_read_bitmaps(ctx);
261 
262 	while (ino) {
263 		e2fsck_read_inode(ctx, ino, &inode, "release_orphan_inodes");
264 		clear_problem_context(&pctx);
265 		pctx.ino = ino;
266 		pctx.inode = &inode;
267 		pctx.str = inode.i_links_count ? _("Truncating") :
268 			_("Clearing");
269 
270 		fix_problem(ctx, PR_0_ORPHAN_CLEAR_INODE, &pctx);
271 
272 		next_ino = inode.i_dtime;
273 		if (next_ino &&
274 		    ((next_ino < EXT2_FIRST_INODE(fs->super)) ||
275 		     (next_ino > fs->super->s_inodes_count))) {
276 			pctx.ino = next_ino;
277 			fix_problem(ctx, PR_0_ORPHAN_ILLEGAL_INODE, &pctx);
278 			goto return_abort;
279 		}
280 
281 		if (release_inode_blocks(ctx, ino, &inode, block_buf, &pctx))
282 			goto return_abort;
283 
284 		if (!inode.i_links_count) {
285 			ext2fs_inode_alloc_stats2(fs, ino, -1,
286 						  LINUX_S_ISDIR(inode.i_mode));
287 			inode.i_dtime = ctx->now;
288 		} else {
289 			inode.i_dtime = 0;
290 		}
291 		e2fsck_write_inode(ctx, ino, &inode, "delete_file");
292 		ino = next_ino;
293 	}
294 	ext2fs_free_mem(&block_buf);
295 	return 0;
296 return_abort:
297 	ext2fs_free_mem(&block_buf);
298 	return 1;
299 }
300 
301 /*
302  * Check the resize inode to make sure it is sane.  We check both for
303  * the case where on-line resizing is not enabled (in which case the
304  * resize inode should be cleared) as well as the case where on-line
305  * resizing is enabled.
306  */
check_resize_inode(e2fsck_t ctx)307 void check_resize_inode(e2fsck_t ctx)
308 {
309 	ext2_filsys fs = ctx->fs;
310 	struct ext2_inode inode;
311 	struct problem_context	pctx;
312 	int		i, gdt_off, ind_off;
313 	dgrp_t		j;
314 	blk_t		blk, pblk, expect;
315 	__u32 		*dind_buf = 0, *ind_buf;
316 	errcode_t	retval;
317 
318 	clear_problem_context(&pctx);
319 
320 	/*
321 	 * If the resize inode feature isn't set, then
322 	 * s_reserved_gdt_blocks must be zero.
323 	 */
324 	if (!(fs->super->s_feature_compat &
325 	      EXT2_FEATURE_COMPAT_RESIZE_INODE)) {
326 		if (fs->super->s_reserved_gdt_blocks) {
327 			pctx.num = fs->super->s_reserved_gdt_blocks;
328 			if (fix_problem(ctx, PR_0_NONZERO_RESERVED_GDT_BLOCKS,
329 					&pctx)) {
330 				fs->super->s_reserved_gdt_blocks = 0;
331 				ext2fs_mark_super_dirty(fs);
332 			}
333 		}
334 	}
335 
336 	/* Read the resize inode */
337 	pctx.ino = EXT2_RESIZE_INO;
338 	retval = ext2fs_read_inode(fs, EXT2_RESIZE_INO, &inode);
339 	if (retval) {
340 		if (fs->super->s_feature_compat &
341 		    EXT2_FEATURE_COMPAT_RESIZE_INODE)
342 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
343 		return;
344 	}
345 
346 	/*
347 	 * If the resize inode feature isn't set, check to make sure
348 	 * the resize inode is cleared; then we're done.
349 	 */
350 	if (!(fs->super->s_feature_compat &
351 	      EXT2_FEATURE_COMPAT_RESIZE_INODE)) {
352 		for (i=0; i < EXT2_N_BLOCKS; i++) {
353 			if (inode.i_block[i])
354 				break;
355 		}
356 		if ((i < EXT2_N_BLOCKS) &&
357 		    fix_problem(ctx, PR_0_CLEAR_RESIZE_INODE, &pctx)) {
358 			memset(&inode, 0, sizeof(inode));
359 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
360 					   "clear_resize");
361 		}
362 		return;
363 	}
364 
365 	/*
366 	 * The resize inode feature is enabled; check to make sure the
367 	 * only block in use is the double indirect block
368 	 */
369 	blk = inode.i_block[EXT2_DIND_BLOCK];
370 	for (i=0; i < EXT2_N_BLOCKS; i++) {
371 		if (i != EXT2_DIND_BLOCK && inode.i_block[i])
372 			break;
373 	}
374 	if ((i < EXT2_N_BLOCKS) || !blk || !inode.i_links_count ||
375 	    !(inode.i_mode & LINUX_S_IFREG) ||
376 	    (blk < fs->super->s_first_data_block ||
377 	     blk >= fs->super->s_blocks_count)) {
378 	resize_inode_invalid:
379 		if (fix_problem(ctx, PR_0_RESIZE_INODE_INVALID, &pctx)) {
380 			memset(&inode, 0, sizeof(inode));
381 			e2fsck_write_inode(ctx, EXT2_RESIZE_INO, &inode,
382 					   "clear_resize");
383 			ctx->flags |= E2F_FLAG_RESIZE_INODE;
384 		}
385 		if (!(ctx->options & E2F_OPT_READONLY)) {
386 			fs->super->s_state &= ~EXT2_VALID_FS;
387 			ext2fs_mark_super_dirty(fs);
388 		}
389 		goto cleanup;
390 	}
391 	dind_buf = (__u32 *) e2fsck_allocate_memory(ctx, fs->blocksize * 2,
392 						    "resize dind buffer");
393 	ind_buf = (__u32 *) ((char *) dind_buf + fs->blocksize);
394 
395 	retval = ext2fs_read_ind_block(fs, blk, dind_buf);
396 	if (retval)
397 		goto resize_inode_invalid;
398 
399 	gdt_off = fs->desc_blocks;
400 	pblk = fs->super->s_first_data_block + 1 + fs->desc_blocks;
401 	for (i = 0; i < fs->super->s_reserved_gdt_blocks / 4;
402 	     i++, gdt_off++, pblk++) {
403 		gdt_off %= fs->blocksize/4;
404 		if (dind_buf[gdt_off] != pblk)
405 			goto resize_inode_invalid;
406 		retval = ext2fs_read_ind_block(fs, pblk, ind_buf);
407 		if (retval)
408 			goto resize_inode_invalid;
409 		ind_off = 0;
410 		for (j = 1; j < fs->group_desc_count; j++) {
411 			if (!ext2fs_bg_has_super(fs, j))
412 				continue;
413 			expect = pblk + (j * fs->super->s_blocks_per_group);
414 			if (ind_buf[ind_off] != expect)
415 				goto resize_inode_invalid;
416 			ind_off++;
417 		}
418 	}
419 
420 cleanup:
421 	if (dind_buf)
422 		ext2fs_free_mem(&dind_buf);
423 
424  }
425 
426 /*
427  * This function checks the dirhash signed/unsigned hint if necessary.
428  */
e2fsck_fix_dirhash_hint(e2fsck_t ctx)429 static void e2fsck_fix_dirhash_hint(e2fsck_t ctx)
430 {
431 	struct ext2_super_block *sb = ctx->fs->super;
432 	struct problem_context pctx;
433 	char	c;
434 
435 	if ((ctx->options & E2F_OPT_READONLY) ||
436 	    !(sb->s_feature_compat & EXT2_FEATURE_COMPAT_DIR_INDEX) ||
437 	    (sb->s_flags & (EXT2_FLAGS_SIGNED_HASH|EXT2_FLAGS_UNSIGNED_HASH)))
438 		return;
439 
440 	c = (char) 255;
441 
442 	clear_problem_context(&pctx);
443 	if (fix_problem(ctx, PR_0_DIRHASH_HINT, &pctx)) {
444 		if (((int) c) == -1) {
445 			sb->s_flags |= EXT2_FLAGS_SIGNED_HASH;
446 		} else {
447 			sb->s_flags |= EXT2_FLAGS_UNSIGNED_HASH;
448 		}
449 		ext2fs_mark_super_dirty(ctx->fs);
450 	}
451 }
452 
453 
check_super_block(e2fsck_t ctx)454 void check_super_block(e2fsck_t ctx)
455 {
456 	ext2_filsys fs = ctx->fs;
457 	blk_t	first_block, last_block;
458 	struct ext2_super_block *sb = fs->super;
459 	struct ext2_group_desc *gd;
460 	problem_t	problem;
461 	blk_t	blocks_per_group = fs->super->s_blocks_per_group;
462 	blk_t	bpg_max;
463 	int	inodes_per_block;
464 	int	ipg_max;
465 	int	inode_size;
466 	int	accept_time_fudge;
467 	dgrp_t	i;
468 	blk_t	should_be;
469 	struct problem_context	pctx;
470 	blk_t	free_blocks = 0;
471 	ino_t	free_inodes = 0;
472 	int     csum_flag, clear_test_fs_flag;
473 
474 	inodes_per_block = EXT2_INODES_PER_BLOCK(fs->super);
475 	ipg_max = inodes_per_block * (blocks_per_group - 4);
476 	if (ipg_max > EXT2_MAX_INODES_PER_GROUP(sb))
477 		ipg_max = EXT2_MAX_INODES_PER_GROUP(sb);
478 	bpg_max = 8 * EXT2_BLOCK_SIZE(sb);
479 	if (bpg_max > EXT2_MAX_BLOCKS_PER_GROUP(sb))
480 		bpg_max = EXT2_MAX_BLOCKS_PER_GROUP(sb);
481 
482 	ctx->invalid_inode_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
483 		 sizeof(int) * fs->group_desc_count, "invalid_inode_bitmap");
484 	ctx->invalid_block_bitmap_flag = (int *) e2fsck_allocate_memory(ctx,
485 		 sizeof(int) * fs->group_desc_count, "invalid_block_bitmap");
486 	ctx->invalid_inode_table_flag = (int *) e2fsck_allocate_memory(ctx,
487 		sizeof(int) * fs->group_desc_count, "invalid_inode_table");
488 
489 	clear_problem_context(&pctx);
490 
491 	/*
492 	 * Verify the super block constants...
493 	 */
494 	check_super_value(ctx, "inodes_count", sb->s_inodes_count,
495 			  MIN_CHECK, 1, 0);
496 	check_super_value(ctx, "blocks_count", sb->s_blocks_count,
497 			  MIN_CHECK, 1, 0);
498 	check_super_value(ctx, "first_data_block", sb->s_first_data_block,
499 			  MAX_CHECK, 0, sb->s_blocks_count);
500 	check_super_value(ctx, "log_block_size", sb->s_log_block_size,
501 			  MIN_CHECK | MAX_CHECK, 0,
502 			  EXT2_MAX_BLOCK_LOG_SIZE - EXT2_MIN_BLOCK_LOG_SIZE);
503 	check_super_value(ctx, "log_frag_size", sb->s_log_frag_size,
504 			  MIN_CHECK | MAX_CHECK, 0, sb->s_log_block_size);
505 	check_super_value(ctx, "frags_per_group", sb->s_frags_per_group,
506 			  MIN_CHECK | MAX_CHECK, sb->s_blocks_per_group,
507 			  bpg_max);
508 	check_super_value(ctx, "blocks_per_group", sb->s_blocks_per_group,
509 			  MIN_CHECK | MAX_CHECK, 8, bpg_max);
510 	check_super_value(ctx, "inodes_per_group", sb->s_inodes_per_group,
511 			  MIN_CHECK | MAX_CHECK, inodes_per_block, ipg_max);
512 	check_super_value(ctx, "r_blocks_count", sb->s_r_blocks_count,
513 			  MAX_CHECK, 0, sb->s_blocks_count / 2);
514 	check_super_value(ctx, "reserved_gdt_blocks",
515 			  sb->s_reserved_gdt_blocks, MAX_CHECK, 0,
516 			  fs->blocksize/4);
517 	if (sb->s_rev_level > EXT2_GOOD_OLD_REV)
518 		check_super_value(ctx, "first_ino", sb->s_first_ino,
519 				  MIN_CHECK | MAX_CHECK,
520 				  EXT2_GOOD_OLD_FIRST_INO, sb->s_inodes_count);
521 	inode_size = EXT2_INODE_SIZE(sb);
522 	check_super_value(ctx, "inode_size",
523 			  inode_size, MIN_CHECK | MAX_CHECK,
524 			  EXT2_GOOD_OLD_INODE_SIZE, fs->blocksize);
525 	if (inode_size & (inode_size - 1)) {
526 		pctx.num = inode_size;
527 		pctx.str = "inode_size";
528 		fix_problem(ctx, PR_0_MISC_CORRUPT_SUPER, &pctx);
529 		ctx->flags |= E2F_FLAG_ABORT; /* never get here! */
530 		return;
531 	}
532 
533 	if ((ctx->flags & E2F_FLAG_GOT_DEVSIZE) &&
534 	    (ctx->num_blocks < sb->s_blocks_count)) {
535 		pctx.blk = sb->s_blocks_count;
536 		pctx.blk2 = ctx->num_blocks;
537 		if (fix_problem(ctx, PR_0_FS_SIZE_WRONG, &pctx)) {
538 			ctx->flags |= E2F_FLAG_ABORT;
539 			return;
540 		}
541 	}
542 
543 	if (sb->s_log_block_size != (__u32) sb->s_log_frag_size) {
544 		pctx.blk = EXT2_BLOCK_SIZE(sb);
545 		pctx.blk2 = EXT2_FRAG_SIZE(sb);
546 		fix_problem(ctx, PR_0_NO_FRAGMENTS, &pctx);
547 		ctx->flags |= E2F_FLAG_ABORT;
548 		return;
549 	}
550 
551 	should_be = sb->s_frags_per_group >>
552 		(sb->s_log_block_size - sb->s_log_frag_size);
553 	if (sb->s_blocks_per_group != should_be) {
554 		pctx.blk = sb->s_blocks_per_group;
555 		pctx.blk2 = should_be;
556 		fix_problem(ctx, PR_0_BLOCKS_PER_GROUP, &pctx);
557 		ctx->flags |= E2F_FLAG_ABORT;
558 		return;
559 	}
560 
561 	should_be = (sb->s_log_block_size == 0) ? 1 : 0;
562 	if (sb->s_first_data_block != should_be) {
563 		pctx.blk = sb->s_first_data_block;
564 		pctx.blk2 = should_be;
565 		fix_problem(ctx, PR_0_FIRST_DATA_BLOCK, &pctx);
566 		ctx->flags |= E2F_FLAG_ABORT;
567 		return;
568 	}
569 
570 	should_be = sb->s_inodes_per_group * fs->group_desc_count;
571 	if (sb->s_inodes_count != should_be) {
572 		pctx.ino = sb->s_inodes_count;
573 		pctx.ino2 = should_be;
574 		if (fix_problem(ctx, PR_0_INODE_COUNT_WRONG, &pctx)) {
575 			sb->s_inodes_count = should_be;
576 			ext2fs_mark_super_dirty(fs);
577 		}
578 	}
579 
580 	/*
581 	 * Verify the group descriptors....
582 	 */
583 	first_block = sb->s_first_data_block;
584 	last_block = sb->s_blocks_count-1;
585 
586 	csum_flag = EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
587 					       EXT4_FEATURE_RO_COMPAT_GDT_CSUM);
588 	for (i = 0, gd=fs->group_desc; i < fs->group_desc_count; i++, gd++) {
589 		pctx.group = i;
590 
591 		if (!EXT2_HAS_INCOMPAT_FEATURE(fs->super,
592 					       EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
593 			first_block = ext2fs_group_first_block(fs, i);
594 			last_block = ext2fs_group_last_block(fs, i);
595 		}
596 
597 		if ((gd->bg_block_bitmap < first_block) ||
598 		    (gd->bg_block_bitmap > last_block)) {
599 			pctx.blk = gd->bg_block_bitmap;
600 			if (fix_problem(ctx, PR_0_BB_NOT_GROUP, &pctx))
601 				gd->bg_block_bitmap = 0;
602 		}
603 		if (gd->bg_block_bitmap == 0) {
604 			ctx->invalid_block_bitmap_flag[i]++;
605 			ctx->invalid_bitmaps++;
606 		}
607 		if ((gd->bg_inode_bitmap < first_block) ||
608 		    (gd->bg_inode_bitmap > last_block)) {
609 			pctx.blk = gd->bg_inode_bitmap;
610 			if (fix_problem(ctx, PR_0_IB_NOT_GROUP, &pctx))
611 				gd->bg_inode_bitmap = 0;
612 		}
613 		if (gd->bg_inode_bitmap == 0) {
614 			ctx->invalid_inode_bitmap_flag[i]++;
615 			ctx->invalid_bitmaps++;
616 		}
617 		if ((gd->bg_inode_table < first_block) ||
618 		    ((gd->bg_inode_table +
619 		      fs->inode_blocks_per_group - 1) > last_block)) {
620 			pctx.blk = gd->bg_inode_table;
621 			if (fix_problem(ctx, PR_0_ITABLE_NOT_GROUP, &pctx))
622 				gd->bg_inode_table = 0;
623 		}
624 		if (gd->bg_inode_table == 0) {
625 			ctx->invalid_inode_table_flag[i]++;
626 			ctx->invalid_bitmaps++;
627 		}
628 		free_blocks += gd->bg_free_blocks_count;
629 		free_inodes += gd->bg_free_inodes_count;
630 
631 		if ((gd->bg_free_blocks_count > sb->s_blocks_per_group) ||
632 		    (gd->bg_free_inodes_count > sb->s_inodes_per_group) ||
633 		    (gd->bg_used_dirs_count > sb->s_inodes_per_group))
634 			ext2fs_unmark_valid(fs);
635 
636 		should_be = 0;
637 		if (!ext2fs_group_desc_csum_verify(fs, i)) {
638 			if (fix_problem(ctx, PR_0_GDT_CSUM, &pctx)) {
639 				gd->bg_flags &=	~(EXT2_BG_BLOCK_UNINIT |
640 				                  EXT2_BG_INODE_UNINIT);
641 				gd->bg_itable_unused = 0;
642 				should_be = 1;
643 			}
644 			ext2fs_unmark_valid(fs);
645 		}
646 
647 		if (!csum_flag &&
648 		    (gd->bg_flags &(EXT2_BG_BLOCK_UNINIT|EXT2_BG_INODE_UNINIT)||
649 		     gd->bg_itable_unused != 0)){
650 			if (fix_problem(ctx, PR_0_GDT_UNINIT, &pctx)) {
651 				gd->bg_flags &= ~(EXT2_BG_BLOCK_UNINIT |
652 						  EXT2_BG_INODE_UNINIT);
653 				gd->bg_itable_unused = 0;
654 				should_be = 1;
655 			}
656 			ext2fs_unmark_valid(fs);
657 		}
658 
659 		if (i == fs->group_desc_count - 1 &&
660 		    gd->bg_flags & EXT2_BG_BLOCK_UNINIT) {
661 			if (fix_problem(ctx, PR_0_BB_UNINIT_LAST, &pctx)) {
662 				gd->bg_flags &= ~EXT2_BG_BLOCK_UNINIT;
663 				should_be = 1;
664 			}
665 			ext2fs_unmark_valid(fs);
666 		}
667 
668 		if (gd->bg_flags & EXT2_BG_BLOCK_UNINIT &&
669 		    !(gd->bg_flags & EXT2_BG_INODE_UNINIT)) {
670 			if (fix_problem(ctx, PR_0_BB_UNINIT_IB_INIT, &pctx)) {
671 				gd->bg_flags &= ~EXT2_BG_BLOCK_UNINIT;
672 				should_be = 1;
673 			}
674 			ext2fs_unmark_valid(fs);
675 		}
676 
677 		if (csum_flag &&
678 		    (gd->bg_itable_unused > gd->bg_free_inodes_count ||
679 		     gd->bg_itable_unused > sb->s_inodes_per_group)) {
680 			pctx.blk = gd->bg_itable_unused;
681 			if (fix_problem(ctx, PR_0_GDT_ITABLE_UNUSED, &pctx)) {
682 				gd->bg_itable_unused = 0;
683 				should_be = 1;
684 			}
685 			ext2fs_unmark_valid(fs);
686 		}
687 
688 		if (should_be)
689 			ext2fs_group_desc_csum_set(fs, i);
690 	}
691 
692 	/*
693 	 * Update the global counts from the block group counts.  This
694 	 * is needed for an experimental patch which eliminates
695 	 * locking the entire filesystem when allocating blocks or
696 	 * inodes; if the filesystem is not unmounted cleanly, the
697 	 * global counts may not be accurate.
698 	 */
699 	if ((free_blocks != sb->s_free_blocks_count) ||
700 	    (free_inodes != sb->s_free_inodes_count)) {
701 		if (ctx->options & E2F_OPT_READONLY)
702 			ext2fs_unmark_valid(fs);
703 		else {
704 			sb->s_free_blocks_count = free_blocks;
705 			sb->s_free_inodes_count = free_inodes;
706 			ext2fs_mark_super_dirty(fs);
707 		}
708 	}
709 
710 	if ((sb->s_free_blocks_count > sb->s_blocks_count) ||
711 	    (sb->s_free_inodes_count > sb->s_inodes_count))
712 		ext2fs_unmark_valid(fs);
713 
714 
715 	/*
716 	 * If we have invalid bitmaps, set the error state of the
717 	 * filesystem.
718 	 */
719 	if (ctx->invalid_bitmaps && !(ctx->options & E2F_OPT_READONLY)) {
720 		sb->s_state &= ~EXT2_VALID_FS;
721 		ext2fs_mark_super_dirty(fs);
722 	}
723 
724 	clear_problem_context(&pctx);
725 
726 #ifndef EXT2_SKIP_UUID
727 	/*
728 	 * If the UUID field isn't assigned, assign it.
729 	 */
730 	if (!(ctx->options & E2F_OPT_READONLY) && uuid_is_null(sb->s_uuid)) {
731 		if (fix_problem(ctx, PR_0_ADD_UUID, &pctx)) {
732 			uuid_generate(sb->s_uuid);
733 			ext2fs_mark_super_dirty(fs);
734 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
735 		}
736 	}
737 #endif
738 
739 	/*
740 	 * Check to see if we should disable the test_fs flag
741 	 */
742 	profile_get_boolean(ctx->profile, "options",
743 			    "clear_test_fs_flag", 0, 1,
744 			    &clear_test_fs_flag);
745 	if (!(ctx->options & E2F_OPT_READONLY) &&
746 	    clear_test_fs_flag &&
747 	    (fs->super->s_flags & EXT2_FLAGS_TEST_FILESYS) &&
748 	    (fs_proc_check("ext4") || check_for_modules("ext4"))) {
749 		if (fix_problem(ctx, PR_0_CLEAR_TESTFS_FLAG, &pctx)) {
750 			fs->super->s_flags &= ~EXT2_FLAGS_TEST_FILESYS;
751 			ext2fs_mark_super_dirty(fs);
752 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
753 		}
754 	}
755 
756 	/*
757 	 * For the Hurd, check to see if the filetype option is set,
758 	 * since it doesn't support it.
759 	 */
760 	if (!(ctx->options & E2F_OPT_READONLY) &&
761 	    fs->super->s_creator_os == EXT2_OS_HURD &&
762 	    (fs->super->s_feature_incompat &
763 	     EXT2_FEATURE_INCOMPAT_FILETYPE)) {
764 		if (fix_problem(ctx, PR_0_HURD_CLEAR_FILETYPE, &pctx)) {
765 			fs->super->s_feature_incompat &=
766 				~EXT2_FEATURE_INCOMPAT_FILETYPE;
767 			ext2fs_mark_super_dirty(fs);
768 			fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
769 		}
770 	}
771 
772 	/*
773 	 * If we have any of the compatibility flags set, we need to have a
774 	 * revision 1 filesystem.  Most kernels will not check the flags on
775 	 * a rev 0 filesystem and we may have corruption issues because of
776 	 * the incompatible changes to the filesystem.
777 	 */
778 	if (!(ctx->options & E2F_OPT_READONLY) &&
779 	    fs->super->s_rev_level == EXT2_GOOD_OLD_REV &&
780 	    (fs->super->s_feature_compat ||
781 	     fs->super->s_feature_ro_compat ||
782 	     fs->super->s_feature_incompat) &&
783 	    fix_problem(ctx, PR_0_FS_REV_LEVEL, &pctx)) {
784 		ext2fs_update_dynamic_rev(fs);
785 		ext2fs_mark_super_dirty(fs);
786 		fs->flags &= ~EXT2_FLAG_MASTER_SB_ONLY;
787 	}
788 
789 	/*
790 	 * Clean up any orphan inodes, if present.
791 	 */
792 	if (!(ctx->options & E2F_OPT_READONLY) && release_orphan_inodes(ctx)) {
793 		fs->super->s_state &= ~EXT2_VALID_FS;
794 		ext2fs_mark_super_dirty(fs);
795 	}
796 
797 	/*
798 	 * Unfortunately, due to Windows' unfortunate design decision
799 	 * to configure the hardware clock to tick localtime, instead
800 	 * of the more proper and less error-prone UTC time, many
801 	 * users end up in the situation where the system clock is
802 	 * incorrectly set at the time when e2fsck is run.
803 	 *
804 	 * Historically this was usually due to some distributions
805 	 * having buggy init scripts and/or installers that didn't
806 	 * correctly detect this case and take appropriate
807 	 * countermeasures.  However, it's still possible, despite the
808 	 * best efforts of init script and installer authors to not be
809 	 * able to detect this misconfiguration, usually due to a
810 	 * buggy or misconfigured virtualization manager or the
811 	 * installer not having access to a network time server during
812 	 * the installation process.  So by default, we allow the
813 	 * superblock times to be fudged by up to 24 hours.  This can
814 	 * be disabled by setting options.accept_time_fudge to the
815 	 * boolean value of false in e2fsck.conf.  We also support
816 	 * options.buggy_init_scripts for backwards compatibility.
817 	 */
818 	profile_get_boolean(ctx->profile, "options", "accept_time_fudge",
819 			    0, 1, &accept_time_fudge);
820 	profile_get_boolean(ctx->profile, "options", "buggy_init_scripts",
821 			    0, accept_time_fudge, &accept_time_fudge);
822 	ctx->time_fudge = accept_time_fudge ? 86400 : 0;
823 
824 	/*
825 	 * Check to see if the superblock last mount time or last
826 	 * write time is in the future.
827 	 */
828 	if (fs->super->s_mtime > (__u32) ctx->now) {
829 		pctx.num = fs->super->s_mtime;
830 		problem = PR_0_FUTURE_SB_LAST_MOUNT;
831 		if (fs->super->s_mtime <= (__u32) ctx->now + ctx->time_fudge)
832 			problem = PR_0_FUTURE_SB_LAST_MOUNT_FUDGED;
833 		if (fix_problem(ctx, problem, &pctx)) {
834 			fs->super->s_mtime = ctx->now;
835 			ext2fs_mark_super_dirty(fs);
836 		}
837 	}
838 	if (fs->super->s_wtime > (__u32) ctx->now) {
839 		pctx.num = fs->super->s_wtime;
840 		problem = PR_0_FUTURE_SB_LAST_WRITE;
841 		if (fs->super->s_wtime <= (__u32) ctx->now + ctx->time_fudge)
842 			problem = PR_0_FUTURE_SB_LAST_WRITE_FUDGED;
843 		if (fix_problem(ctx, problem, &pctx)) {
844 			fs->super->s_wtime = ctx->now;
845 			ext2fs_mark_super_dirty(fs);
846 		}
847 	}
848 
849 	/*
850 	 * Move the ext3 journal file, if necessary.
851 	 */
852 	e2fsck_move_ext3_journal(ctx);
853 
854 	/*
855 	 * Fix journal hint, if necessary
856 	 */
857 	e2fsck_fix_ext3_journal_hint(ctx);
858 
859 	/*
860 	 * Add dirhash hint if necessary
861 	 */
862 	e2fsck_fix_dirhash_hint(ctx);
863 
864 	return;
865 }
866 
867 /*
868  * Check to see if we should backup the master sb to the backup super
869  * blocks.  Returns non-zero if the sb should be backed up.
870  */
871 
872 /*
873  * A few flags are set on the fly by the kernel, but only in the
874  * primary superblock.  This is actually a bad thing, and we should
875  * try to discourage it in the future.  In particular, for the newer
876  * ext4 files, especially EXT4_FEATURE_RO_COMPAT_DIR_NLINK and
877  * EXT3_FEATURE_INCOMPAT_EXTENTS.  So some of these may go away in the
878  * future.  EXT3_FEATURE_INCOMPAT_RECOVER may also get set when
879  * copying the primary superblock during online resize.
880  *
881  * The kernel will set EXT2_FEATURE_COMPAT_EXT_ATTR, but
882  * unfortunately, we shouldn't ignore it since if it's not set in the
883  * backup, the extended attributes in the filesystem will be stripped
884  * away.
885  */
886 #define FEATURE_RO_COMPAT_IGNORE	(EXT2_FEATURE_RO_COMPAT_LARGE_FILE| \
887 					 EXT4_FEATURE_RO_COMPAT_DIR_NLINK)
888 #define FEATURE_INCOMPAT_IGNORE		(EXT3_FEATURE_INCOMPAT_EXTENTS| \
889 					 EXT3_FEATURE_INCOMPAT_RECOVER)
890 
check_backup_super_block(e2fsck_t ctx)891 int check_backup_super_block(e2fsck_t ctx)
892 {
893 	ext2_filsys	fs = ctx->fs;
894 	errcode_t	retval;
895 	dgrp_t		g;
896 	blk_t		sb;
897 	int		ret = 0;
898 	char		buf[SUPERBLOCK_SIZE];
899 	struct ext2_super_block	*backup_sb;
900 
901 	/*
902 	 * If we are already writing out the backup blocks, then we
903 	 * don't need to test.  Also, if the filesystem is invalid, or
904 	 * the check was aborted or cancelled, we also don't want to
905 	 * do the backup.  If the filesystem was opened read-only then
906 	 * we can't do the backup.
907 	 */
908 	if (((fs->flags & EXT2_FLAG_MASTER_SB_ONLY) == 0) ||
909 	    !ext2fs_test_valid(fs) ||
910 	    (fs->super->s_state & EXT2_ERROR_FS) ||
911 	    (ctx->flags & (E2F_FLAG_ABORT | E2F_FLAG_CANCEL)) ||
912 	    (ctx->options & E2F_OPT_READONLY))
913 		return 0;
914 
915 	for (g = 1; g < fs->group_desc_count; g++) {
916 		if (!ext2fs_bg_has_super(fs, g))
917 			continue;
918 
919 		sb = fs->super->s_first_data_block +
920 			(g * fs->super->s_blocks_per_group);
921 
922 		retval = io_channel_read_blk(fs->io, sb, -SUPERBLOCK_SIZE,
923 					     buf);
924 		if (retval)
925 			continue;
926 		backup_sb = (struct ext2_super_block *) buf;
927 #ifdef WORDS_BIGENDIAN
928 		ext2fs_swap_super(backup_sb);
929 #endif
930 		if ((backup_sb->s_magic != EXT2_SUPER_MAGIC) ||
931 		    (backup_sb->s_rev_level > EXT2_LIB_CURRENT_REV) ||
932 		    ((backup_sb->s_log_block_size + EXT2_MIN_BLOCK_LOG_SIZE) >
933 		     EXT2_MAX_BLOCK_LOG_SIZE) ||
934 		    (EXT2_INODE_SIZE(backup_sb) < EXT2_GOOD_OLD_INODE_SIZE))
935 			continue;
936 
937 #define SUPER_INCOMPAT_DIFFERENT(x)	\
938 	((fs->super->x & ~FEATURE_INCOMPAT_IGNORE) !=	\
939 	 (backup_sb->x & ~FEATURE_INCOMPAT_IGNORE))
940 #define SUPER_RO_COMPAT_DIFFERENT(x)	\
941 	((fs->super->x & ~FEATURE_RO_COMPAT_IGNORE) !=	\
942 	 (backup_sb->x & ~FEATURE_RO_COMPAT_IGNORE))
943 #define SUPER_DIFFERENT(x)		\
944 	(fs->super->x != backup_sb->x)
945 
946 		if (SUPER_DIFFERENT(s_feature_compat) ||
947 		    SUPER_INCOMPAT_DIFFERENT(s_feature_incompat) ||
948 		    SUPER_RO_COMPAT_DIFFERENT(s_feature_ro_compat) ||
949 		    SUPER_DIFFERENT(s_blocks_count) ||
950 		    SUPER_DIFFERENT(s_inodes_count) ||
951 		    memcmp(fs->super->s_uuid, backup_sb->s_uuid,
952 			   sizeof(fs->super->s_uuid)))
953 			ret = 1;
954 		break;
955 	}
956 	return ret;
957 }
958