[PATCH 1/5] e2fsck: quiet some harmless bitmap warnings

[PATCH 1/5] e2fsck: quiet some harmless bitmap warnings

[Theodore Ts'o]

E2fsck checks block numbers against the block_metadata_map before it
checks to see whether or not the block numbers are valid.  So suppress
these harmless warnings.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 e2fsck/pass1.c                       | 2 ++
 tests/f_ind_inode_collision/expect.1 | 1 -
 tests/f_itable_collision/expect.1    | 8 --------
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 160e677ab..c358eec0f 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -2710,6 +2710,7 @@ report_problem:
 			 * will reallocate the block; then we can try again.
 			 */
 			if (pb->ino != EXT2_RESIZE_INO &&
+			    extent.e_pblk < ctx->fs->super->s_blocks_count &&
 			    ext2fs_test_block_bitmap2(ctx->block_metadata_map,
 						      extent.e_pblk)) {
 				next_try_repairs = 0;
@@ -3448,6 +3449,7 @@ static int process_block(ext2_filsys fs,
 	 */
 	if (blockcnt < 0 &&
 	    p->ino != EXT2_RESIZE_INO &&
+	    blk < ctx->fs->super->s_blocks_count &&
 	    ext2fs_test_block_bitmap2(ctx->block_metadata_map, blk)) {
 		pctx->blk = blk;
 		fix_problem(ctx, PR_1_CRITICAL_METADATA_COLLISION, pctx);
diff --git a/tests/f_ind_inode_collision/expect.1 b/tests/f_ind_inode_collision/expect.1
index 012cd9ffb..63c128b44 100644
--- a/tests/f_ind_inode_collision/expect.1
+++ b/tests/f_ind_inode_collision/expect.1
@@ -2,7 +2,6 @@ Pass 1: Checking inodes, blocks, and sizes
 Inode 12 block 41 conflicts with critical metadata, skipping block checks.
 Inode 12 block 40 conflicts with critical metadata, skipping block checks.
 Inode 12 block 34 conflicts with critical metadata, skipping block checks.
-Illegal block number passed to ext2fs_test_block_bitmap #16777215 for metadata block map
 Inode 12 block 1 conflicts with critical metadata, skipping block checks.
 Inode 12, i_size is 33, should be 25227264.  Fix? yes
 
diff --git a/tests/f_itable_collision/expect.1 b/tests/f_itable_collision/expect.1
index 00cdced80..01c85d4d2 100644
--- a/tests/f_itable_collision/expect.1
+++ b/tests/f_itable_collision/expect.1
@@ -12,23 +12,15 @@ Inodes that were part of a corrupted orphan linked list found.  Fix? yes
 
 Inode 49 was part of the orphaned inode list.  FIXED.
 Inode 14 block 36 conflicts with critical metadata, skipping block checks.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Inode 14 has illegal block(s).  Clear? yes
 
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Illegal indirect block (4294967295) in inode 14.  CLEARED.
-Illegal block number passed to ext2fs_test_block_bitmap #4294967295 for metadata block map
 Too many illegal blocks in inode 14.
 Clear inode? yes
 
-- 
2.11.0.rc0.7.gbe5a750

[PATCH 2/5] e2fsck: don't restart after a critical metadata collision in e2fsck -n mode

[Theodore Ts'o]

If the file system isn't going to be changed, there's no point
restarting; it will just cause e2fsck to loop forever.

This problem was found using American Fuzzy Lop.

Reported-by: Adam Buchbinder <abuchbinder@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 e2fsck/pass1.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index c358eec0f..8044beed6 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -2718,7 +2718,8 @@ report_problem:
 				fix_problem(ctx,
 					    PR_1_CRITICAL_METADATA_COLLISION,
 					    pctx);
-				ctx->flags |= E2F_FLAG_RESTART_LATER;
+				if ((ctx->options & E2F_OPT_NO) == 0)
+					ctx->flags |= E2F_FLAG_RESTART_LATER;
 			}
 			pctx->errcode = ext2fs_extent_get(ehandle,
 						  EXT2_EXTENT_DOWN, &extent);
@@ -3453,7 +3454,8 @@ static int process_block(ext2_filsys fs,
 	    ext2fs_test_block_bitmap2(ctx->block_metadata_map, blk)) {
 		pctx->blk = blk;
 		fix_problem(ctx, PR_1_CRITICAL_METADATA_COLLISION, pctx);
-		ctx->flags |= E2F_FLAG_RESTART_LATER;
+		if ((ctx->options & E2F_OPT_NO) == 0)
+			ctx->flags |= E2F_FLAG_RESTART_LATER;
 	}
 
 	if (problem) {
-- 
2.11.0.rc0.7.gbe5a750

[PATCH 3/5] libext2fs: add stricter checks on the inode size in ext2fs_open2()

[Theodore Ts'o]

An inode size larger than the block size can cause userspace programs
to crash.

This problem was found using American Fuzzy Lop.

Reported-by: Adam Buchbinder <abuchbinder@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 lib/ext2fs/openfs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 0362b2839..da03bc147 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -121,6 +121,7 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
 	blk64_t		group_block, blk;
 	char		*dest, *cp;
 	int		group_zero_adjust = 0;
+	int		inode_size;
 #ifdef WORDS_BIGENDIAN
 	unsigned int	groups_per_block;
 	struct ext2_group_desc *gdp;
@@ -297,7 +298,10 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
 		goto cleanup;
 	}
 	fs->fragsize = fs->blocksize = EXT2_BLOCK_SIZE(fs->super);
-	if (EXT2_INODE_SIZE(fs->super) < EXT2_GOOD_OLD_INODE_SIZE) {
+	inode_size = EXT2_INODE_SIZE(fs->super);
+	if ((inode_size < EXT2_GOOD_OLD_INODE_SIZE) ||
+	    (inode_size > fs->blocksize) ||
+	    (inode_size & (inode_size - 1))) {
 		retval = EXT2_ET_CORRUPT_SUPERBLOCK;
 		goto cleanup;
 	}
-- 
2.11.0.rc0.7.gbe5a750

[PATCH 4/5] debugfs: add sanity checking to the string_to_inode() utility function

[Theodore Ts'o]

Otherwise it's possible for a corrupt file system or bad user input to
cause debugfs to crash if the resulting inode number is insanely
large.

This problem was found using American Fuzzy Lop.

Reported-by: Adam Buchbinder <abuchbinder@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 debugfs/util.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/debugfs/util.c b/debugfs/util.c
index bd5de79e4..5f101f48d 100644
--- a/debugfs/util.c
+++ b/debugfs/util.c
@@ -119,7 +119,7 @@ ext2_ino_t string_to_inode(char *str)
 	 */
 	if ((len > 2) && (str[0] == '<') && (str[len-1] == '>')) {
 		ino = strtoul(str+1, &end, 0);
-		if (*end=='>')
+		if (*end=='>' && (ino <= current_fs->super->s_inodes_count))
 			return ino;
 	}
 
@@ -128,6 +128,11 @@ ext2_ino_t string_to_inode(char *str)
 		com_err(str, retval, 0);
 		return 0;
 	}
+	if (ino > current_fs->super->s_inodes_count) {
+		com_err(str, 0, "resolves to an illegal inode number: %u\n",
+			ino);
+		return 0;
+	}
 	return ino;
 }
 
-- 
2.11.0.rc0.7.gbe5a750

[PATCH 5/5] resize2fs: sanity check the free blocks and inode counts

[Theodore Ts'o]

If the free block or free inodes count are larger than the number of
blocks or inodes in the system, request that the file system be
checked.  Otherwise it's possible for calcuate_minimum_resize_size()
to hang in an infinite loop.

This problem was found using American Fuzzy Lop.

Reported-by: Adam Buchbinder <abuchbinder@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 resize/main.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/resize/main.c b/resize/main.c
index 396391b68..ab7375c17 100644
--- a/resize/main.c
+++ b/resize/main.c
@@ -440,6 +440,10 @@ int main (int argc, char ** argv)
 		    !print_min_size)
 			checkit = 1;
 
+		if ((fs->super->s_free_blocks_count > fs->super->s_blocks_count) ||
+		    (fs->super->s_free_inodes_count > fs->super->s_inodes_count))
+			checkit = 1;
+
 		if (checkit) {
 			fprintf(stderr,
 				_("Please run 'e2fsck -f %s' first.\n\n"),
-- 
2.11.0.rc0.7.gbe5a750