[PATCH 0/2] Deal with incorrect checksums

[PATCH 0/2] Deal with incorrect checksums

[Gabriel de Perthuis]

This is to avoid exposing backend devices that are supposed
to be used through a stacked device.

Good magic / bad csum superblocks are still exposed to wipefs.

Prompted by the bcache patch.

Can be pulled from https://github.com/g2p/util-linux/commits

Gabriel de Perthuis (2):
  libblkid: Abort after an incorrect checksum
  wipefs: Also wipe superblocks with bad checksums

 libblkid/src/blkid.h.in                 | 1 +
 libblkid/src/blkidP.h                   | 6 ++++++
 libblkid/src/probe.c                    | 7 +++++++
 libblkid/src/superblocks/lvm.c          | 9 ++++++---
 libblkid/src/superblocks/nilfs.c        | 3 +--
 libblkid/src/superblocks/silicon_raid.c | 7 ++++---
 libblkid/src/superblocks/superblocks.c  | 9 +++++++++
 libblkid/src/superblocks/via_raid.c     | 4 ++--
 misc-utils/wipefs.c                     | 3 ++-
 9 files changed, 38 insertions(+), 11 deletions(-)

-- 
1.8.4.25.g05e4ae6

[PATCH 1/2] libblkid: Abort after an incorrect checksum

[Gabriel de Perthuis]

Log incorrect checksums and stop the superblock probing loop when
one is encountered.
This is to avoid exposing backend devices that are supposed
to be used through a stacked device (like raid or bcache).

Signed-off-by: Gabriel de Perthuis <g2p.code@gmail.com>
---
 libblkid/src/blkidP.h                   | 6 ++++++
 libblkid/src/probe.c                    | 7 +++++++
 libblkid/src/superblocks/lvm.c          | 9 ++++++---
 libblkid/src/superblocks/nilfs.c        | 3 +--
 libblkid/src/superblocks/silicon_raid.c | 7 ++++---
 libblkid/src/superblocks/superblocks.c  | 8 ++++++++
 libblkid/src/superblocks/via_raid.c     | 4 ++--
 7 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h
index 1c05968..76a3731 100644
--- a/libblkid/src/blkidP.h
+++ b/libblkid/src/blkidP.h
@@ -213,10 +213,13 @@ struct blkid_struct_probe
 	struct blkid_prval	vals[BLKID_NVALS];	/* results */
 	int			nvals;		/* number of assigned vals */
 
 	struct blkid_struct_probe *parent;	/* for clones */
 	struct blkid_struct_probe *disk_probe;	/* whole-disk probing */
+
+	uint64_t		csum;
+	uint64_t		csum_expected;
 };
 
 /* private flags library flags */
 #define BLKID_FL_PRIVATE_FD	(1 << 1)	/* see blkid_new_probe_from_filename() */
 #define BLKID_FL_TINY_DEV	(1 << 2)	/* <= 1.47MiB (floppy or so) */
@@ -514,10 +517,13 @@ extern int blkid_probe_sprintf_value(blkid_probe pr, const char *name,
 
 extern int blkid_probe_set_magic(blkid_probe pr, blkid_loff_t offset,
 				size_t len, unsigned char *magic)
 			__attribute__((nonnull));
 
+extern int blkid_probe_set_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
+			__attribute__((nonnull));
+
 extern void blkid_unparse_uuid(const unsigned char *uuid, char *str, size_t len)
 			__attribute__((nonnull));
 extern int blkid_uuid_is_empty(const unsigned char *buf, size_t len);
 
 extern size_t blkid_rtrim_whitespace(unsigned char *str)
diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
index d2b301d..e97380e 100644
--- a/libblkid/src/probe.c
+++ b/libblkid/src/probe.c
@@ -1339,10 +1339,17 @@ int blkid_probe_set_magic(blkid_probe pr, blkid_loff_t offset,
 	}
 
 	return rc;
 }
 
+int blkid_probe_set_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
+{
+	pr->csum = csum;
+	pr->csum_expected = expected;
+	return 0;
+}
+
 /**
  * blkid_probe_get_devno:
  * @pr: probe
  *
  * Returns: block device number, or 0 for regular files.
diff --git a/libblkid/src/superblocks/lvm.c b/libblkid/src/superblocks/lvm.c
index dc38f2e..66e17c8 100644
--- a/libblkid/src/superblocks/lvm.c
+++ b/libblkid/src/superblocks/lvm.c
@@ -95,13 +95,16 @@ static int probe_lvm2(blkid_probe pr, const struct blkid_idmag *mag)
 	}
 
 	if (le64_to_cpu(label->sector_xl) != (unsigned) sector)
 		return 1;
 
-	if (lvm2_calc_crc(&label->offset_xl, LVM2_LABEL_SIZE -
-			((char *) &label->offset_xl - (char *) label)) !=
-			le32_to_cpu(label->crc_xl)) {
+	blkid_probe_set_csum(
+		pr, lvm2_calc_crc(
+			&label->offset_xl, LVM2_LABEL_SIZE -
+			((char *) &label->offset_xl - (char *) label)),
+			le32_to_cpu(label->crc_xl));
+	if (0) {
 		DBG(PROBE, blkid_debug("LVM2: label checksum incorrect at sector %d",
 			   sector));
 		return 1;
 	}
 
diff --git a/libblkid/src/superblocks/nilfs.c b/libblkid/src/superblocks/nilfs.c
index 1f8f3a6..bf5f109 100644
--- a/libblkid/src/superblocks/nilfs.c
+++ b/libblkid/src/superblocks/nilfs.c
@@ -87,12 +87,11 @@ static int probe_nilfs2(blkid_probe pr, const struct blkid_idmag *mag)
 	bytes = le16_to_cpu(sb->s_bytes);
 	crc = crc32(le32_to_cpu(sb->s_crc_seed), (unsigned char *)sb, sumoff);
 	crc = crc32(crc, sum, 4);
 	crc = crc32(crc, (unsigned char *)sb + sumoff + 4, bytes - sumoff - 4);
 
-	if (crc != le32_to_cpu(sb->s_sum))
-		return -1;
+	blkid_probe_set_csum(pr, crc, le32_to_cpu(sb->s_sum));
 
 	if (strlen(sb->s_volume_name))
 		blkid_probe_set_label(pr, (unsigned char *) sb->s_volume_name,
 				      sizeof(sb->s_volume_name));
 
diff --git a/libblkid/src/superblocks/silicon_raid.c b/libblkid/src/superblocks/silicon_raid.c
index aeab4bf..eac6cc1 100644
--- a/libblkid/src/superblocks/silicon_raid.c
+++ b/libblkid/src/superblocks/silicon_raid.c
@@ -65,22 +65,22 @@ struct silicon_metadata {
 	uint16_t	checksum2;
 } __attribute__((packed));
 
 #define SILICON_MAGIC		0x2F000000
 
-static int checksum(struct silicon_metadata *sil)
+static uint16_t checksum(struct silicon_metadata *sil)
 {
 	int sum = 0;
 	unsigned short count = offsetof(struct silicon_metadata, checksum1) / 2;
 	uint16_t *p = (uint16_t *) sil;
 
 	while (count--) {
 		uint16_t x = *p++;
 		sum += le16_to_cpu(x);
 	}
 
-	return (-sum & 0xFFFF) == le16_to_cpu(sil->checksum1);
+	return -sum & 0xFFFF;
 }
 
 static int probe_silraid(blkid_probe pr,
 		const struct blkid_idmag *mag __attribute__((__unused__)))
 {
@@ -102,11 +102,12 @@ static int probe_silraid(blkid_probe pr,
 
 	if (le32_to_cpu(sil->magic) != SILICON_MAGIC)
 		return -1;
 	if (sil->disk_number >= 8)
 		return -1;
-	if (!checksum(sil)) {
+	blkid_probe_set_csum(pr, checksum(sil), le16_to_cpu(sil->checksum1));
+	if (0) {
 		DBG(LOWPROBE, blkid_debug("silicon raid: incorrect checksum"));
 		return -1;
 	}
 
 	if (blkid_probe_sprintf_version(pr, "%u.%u",
diff --git a/libblkid/src/superblocks/superblocks.c b/libblkid/src/superblocks/superblocks.c
index 5f43b24..2a023f8 100644
--- a/libblkid/src/superblocks/superblocks.c
+++ b/libblkid/src/superblocks/superblocks.c
@@ -385,10 +385,18 @@ static int superblocks_probe(blkid_probe pr, struct blkid_chain *chn)
 				blkid_probe_chain_reset_vals(pr, chn);
 				continue;
 			}
 		}
 
+		if (pr->csum != pr->csum_expected) {
+			DBG(LOWPROBE, blkid_debug(
+					"incorrect checksum for type %s,"
+					" got %jX, expected %jX",
+					id->name, pr->csum, pr->csum_expected));
+			goto nothing;
+		}
+
 		/* all cheks passed */
 		if (chn->flags & BLKID_SUBLKS_TYPE)
 			rc = blkid_probe_set_value(pr, "TYPE",
 				(unsigned char *) id->name,
 				strlen(id->name) + 1);
diff --git a/libblkid/src/superblocks/via_raid.c b/libblkid/src/superblocks/via_raid.c
index eba7e4b..acfefac 100644
--- a/libblkid/src/superblocks/via_raid.c
+++ b/libblkid/src/superblocks/via_raid.c
@@ -40,11 +40,11 @@ static uint8_t via_checksum(struct via_metadata *v)
 	uint8_t i = 50, cs = 0;
 
 	while (i--)
 		cs += ((uint8_t*) v)[i];
 
-	return cs == v->checksum;
+	return cs;
 }
 
 static int probe_viaraid(blkid_probe pr,
 		const struct blkid_idmag *mag __attribute__((__unused__)))
 {
@@ -66,11 +66,11 @@ static int probe_viaraid(blkid_probe pr,
 		return -1;
 	if (le16_to_cpu(v->signature) != VIA_SIGNATURE)
 		return -1;
 	if (v->version_number > 2)
 		return -1;
-	if (!via_checksum(v))
+	if (blkid_probe_set_csum(pr, via_checksum(v), v->checksum))
 		return -1;
 	if (blkid_probe_sprintf_version(pr, "%u", v->version_number) != 0)
 		return -1;
 	if (blkid_probe_set_magic(pr, off,
 				sizeof(v->signature),
-- 
1.8.4.25.g05e4ae6

Re: [PATCH 1/2] libblkid: Abort after an incorrect checksum

[Gabriel de Perthuis]

> Log incorrect checksums and stop the superblock probing loop when
> one is encountered.
> This is to avoid exposing backend devices that are supposed
> to be used through a stacked device (like raid or bcache).

Sorry, but some of the changes you made when applying break the patch.
The intent is to stop the probing loop when a bad container is encountered;
the contents shouldn't be scanned.

That means returning an error from the sb-specific prober doesn't work,
and deferring to superblocks_probe was necessary.  I'll send a followup patch.

Re: [PATCH 1/2] libblkid: Abort after an incorrect checksum

[Karel Zak]

On Sat, Sep 14, 2013 at 05:59:24PM +0200, Gabriel de Perthuis wrote:
> > Log incorrect checksums and stop the superblock probing loop when
> > one is encountered.
> > This is to avoid exposing backend devices that are supposed
> > to be used through a stacked device (like raid or bcache).
> 
> Sorry, but some of the changes you made when applying break the patch.
> The intent is to stop the probing loop when a bad container is encountered;
> the contents shouldn't be scanned.

 Why? This is unwanted behaviour. If there is incomplete (broken)
 superblock we continue with probing to check for another superblock.
 This is very basic libblkid feature.

 It's pretty common that there is old obsolete superblock, but user
 expects a new superblock after mkfs. Unfortunately not all mkfs-like
 programs wipe devices.


 Do you think that the content in the bad bcache could be interpreted
 as regular filesystem? I don't think so.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: [PATCH 1/2] libblkid: Abort after an incorrect checksum

[Gabriel de Perthuis]

Le lun. 16 sept. 2013 10:24:13 CEST, Karel Zak a écrit :
> On Sat, Sep 14, 2013 at 05:59:24PM +0200, Gabriel de Perthuis wrote:
>>> Log incorrect checksums and stop the superblock probing loop when
>>> one is encountered.
>>> This is to avoid exposing backend devices that are supposed
>>> to be used through a stacked device (like raid or bcache).
>>
>> Sorry, but some of the changes you made when applying break the patch.
>> The intent is to stop the probing loop when a bad container is encountered;
>> the contents shouldn't be scanned.
>
>  Why? This is unwanted behaviour. If there is incomplete (broken)
>  superblock we continue with probing to check for another superblock.
>  This is very basic libblkid feature.

No result is always safer than an incorrect one.  Why bother
giving containers higher priority if that order can be broken.

>  It's pretty common that there is old obsolete superblock, but user
>  expects a new superblock after mkfs. Unfortunately not all mkfs-like
>  programs wipe devices.

Neither did make-bcache until two weeks ago.

>  Do you think that the content in the bad bcache could be interpreted
>  as regular filesystem? I don't think so.

Yes, that's what I want to avoid.  Some lower-priority superblocks are
at the end of the device.  And make-bcache didn't wipe existing devices,
so any type of superblock can be exposed.

If you're going to verify checksums for more containers (so far there's
just bcache, lvm and two raid types), you'll risk exposing desynced data
for those too.

Re: [PATCH 1/2] libblkid: Abort after an incorrect checksum

[Karel Zak]

On Mon, Sep 16, 2013 at 12:10:41PM +0200, Gabriel de Perthuis wrote:
> Le lun. 16 sept. 2013 10:24:13 CEST, Karel Zak a écrit :
> > On Sat, Sep 14, 2013 at 05:59:24PM +0200, Gabriel de Perthuis wrote:
> >>> Log incorrect checksums and stop the superblock probing loop when
> >>> one is encountered.
> >>> This is to avoid exposing backend devices that are supposed
> >>> to be used through a stacked device (like raid or bcache).
> >>
> >> Sorry, but some of the changes you made when applying break the patch.
> >> The intent is to stop the probing loop when a bad container is encountered;
> >> the contents shouldn't be scanned.
> >
> >  Why? This is unwanted behaviour. If there is incomplete (broken)
> >  superblock we continue with probing to check for another superblock.
> >  This is very basic libblkid feature.
> 
> No result is always safer than an incorrect one.  

 Define "incorrect one".
 
Note that libblkid does not blindly interpret last probing result as
the correct result. We always check for all superblocks and if we found
more valid superblock on the same device then the problem is reported
as "ambivalent probing result" and nothing is returned. (See
blkid_do_safeprobe().)

> Why bother giving containers higher priority if that order can be broken.

This is not about priority or order at all (it was about priority in
original libblkid in e2fsprofs -- we had very bad experience with that).

There has to be only one valid superblock on the device or nothing.
This is what udevd expects.

(Well, we have some exceptions like CDROMs.)

> >  It's pretty common that there is old obsolete superblock, but user
> >  expects a new superblock after mkfs. Unfortunately not all mkfs-like
> >  programs wipe devices.
> 
> Neither did make-bcache until two weeks ago.
> 
> >  Do you think that the content in the bad bcache could be interpreted
> >  as regular filesystem? I don't think so.
> 
> Yes, that's what I want to avoid.  Some lower-priority superblocks are
> at the end of the device.

Yes, RAIDs for example, libblkid should be able to detect such
situations and the device should not be interpreted in incorrect way.

It's much more complicated with partitioned raids where we have to
parse partition tables and raids superblock to make decision how to
interpret the device.

> And make-bcache didn't wipe existing devices,
> so any type of superblock can be exposed.

This is mistake! Really. We spend years to fix all possible mkfs-like
programs to be more paranoid and wipe devices. We have API for this
task in libblkid:

  http://karelzak.blogspot.cz/2011/11/wipefs8-improvements.html

See for example XFS patch:
http://oss.sgi.com/archives/xfs/2013-02/msg00149.html

> If you're going to verify checksums for more containers (so far there's
> just bcache, lvm and two raid types), you'll risk exposing desynced data
> for those too.

We check checksums to verify that the superblock is valid and not
overwritten by another stuff.

Note that check for checksums is just one of many possible ways how to verify
that the superblock is valid, we don't have to use if you believe
that bcache with bad checksum is expected use case. 
 
But generally speaking we want to ignore (in udevd) RAIDs and
filesystems with useless superblocks.

Finally, I don't see any difference between bcache and linux swap or
another filesystems. If we will see any collisions then it's libblkid
logic bug, but very probably nothing specific to bcache prober.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

[PATCH] libblkid: Abort after an incorrect checksum

[Gabriel de Perthuis]

Log incorrect checksums and stop the superblock probing loop when
one is encountered.
This is to avoid exposing backend devices that are supposed
to be used through a stacked device (like raid or bcache).

Signed-off-by: Gabriel de Perthuis <g2p.code@gmail.com>
---
 libblkid/src/blkidP.h                   |  5 ++++-
 libblkid/src/probe.c                    | 26 ++++----------------------
 libblkid/src/superblocks/bcache.c       |  4 ++--
 libblkid/src/superblocks/lvm.c          |  5 ++---
 libblkid/src/superblocks/nilfs.c        |  3 +--
 libblkid/src/superblocks/silicon_raid.c |  5 +++--
 libblkid/src/superblocks/superblocks.c  | 13 +++++++++++++
 libblkid/src/superblocks/via_raid.c     |  4 ++--
 8 files changed, 31 insertions(+), 34 deletions(-)

diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h
index 0bbf310..76a3731 100644
--- a/libblkid/src/blkidP.h
+++ b/libblkid/src/blkidP.h
@@ -213,10 +213,13 @@ struct blkid_struct_probe
 	struct blkid_prval	vals[BLKID_NVALS];	/* results */
 	int			nvals;		/* number of assigned vals */
 
 	struct blkid_struct_probe *parent;	/* for clones */
 	struct blkid_struct_probe *disk_probe;	/* whole-disk probing */
+
+	uint64_t		csum;
+	uint64_t		csum_expected;
 };
 
 /* private flags library flags */
 #define BLKID_FL_PRIVATE_FD	(1 << 1)	/* see blkid_new_probe_from_filename() */
 #define BLKID_FL_TINY_DEV	(1 << 2)	/* <= 1.47MiB (floppy or so) */
@@ -514,11 +517,11 @@ extern int blkid_probe_sprintf_value(blkid_probe pr, const char *name,
 
 extern int blkid_probe_set_magic(blkid_probe pr, blkid_loff_t offset,
 				size_t len, unsigned char *magic)
 			__attribute__((nonnull));
 
-extern int blkid_probe_verify_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
+extern int blkid_probe_set_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
 			__attribute__((nonnull));
 
 extern void blkid_unparse_uuid(const unsigned char *uuid, char *str, size_t len)
 			__attribute__((nonnull));
 extern int blkid_uuid_is_empty(const unsigned char *buf, size_t len);
diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
index 4b0c997..e0c99a6 100644
--- a/libblkid/src/probe.c
+++ b/libblkid/src/probe.c
@@ -1349,33 +1349,15 @@ int blkid_probe_set_magic(blkid_probe pr, blkid_loff_t offset,
 	}
 
 	return rc;
 }
 
-int blkid_probe_verify_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
+int blkid_probe_set_csum(blkid_probe pr, uint64_t csum, uint64_t expected)
 {
-	if (csum != expected) {
-		struct blkid_chain *chn = blkid_probe_get_chain(pr);
-
-		DBG(LOWPROBE, blkid_debug(
-				"incorrect checksum for type %s,"
-				" got %jX, expected %jX",
-				blkid_probe_get_probername(pr),
-				csum, expected));
-		/*
-		 * Accept bad checksum if BLKID_SUBLKS_BADCSUM flags is set
-		 */
-		if (chn->driver->id == BLKID_CHAIN_SUBLKS
-		    && (chn->flags & BLKID_SUBLKS_BADCSUM)) {
-			blkid_probe_set_value(pr, "SBBADCSUM", (unsigned char *) "1", 2);
-			goto accept;
-		}
-		return 0;	/* bad checksum */
-	}
-
-accept:
-	return 1;
+	pr->csum = csum;
+	pr->csum_expected = expected;
+	return 0;
 }
 
 /**
  * blkid_probe_get_devno:
  * @pr: probe
diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index 303f7ee..99d886d 100644
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -106,12 +106,12 @@ static int probe_bcache (blkid_probe pr, const struct blkid_idmag *mag)
 	if (!bcs)
 		return -1;
 
 	if (le64_to_cpu(bcs->offset) != BCACHE_SB_OFF / 512)
 		return 1;
-	if (!blkid_probe_verify_csum(pr, bcache_crc64(bcs), le64_to_cpu(bcs->csum)))
-		return 1;
+	if (blkid_probe_set_csum(pr, bcache_crc64(bcs), le64_to_cpu(bcs->csum)))
+		return -1;
 
 	if (blkid_probe_set_uuid(pr, bcs->uuid) < 0)
 		return -1;
 
 	return 0;
diff --git a/libblkid/src/superblocks/lvm.c b/libblkid/src/superblocks/lvm.c
index 65c7c35..de419bd 100644
--- a/libblkid/src/superblocks/lvm.c
+++ b/libblkid/src/superblocks/lvm.c
@@ -95,16 +95,15 @@ static int probe_lvm2(blkid_probe pr, const struct blkid_idmag *mag)
 	}
 
 	if (le64_to_cpu(label->sector_xl) != (unsigned) sector)
 		return 1;
 
-	if (!blkid_probe_verify_csum(
+	blkid_probe_set_csum(
 		pr, lvm2_calc_crc(
 			&label->offset_xl, LVM2_LABEL_SIZE -
 			((char *) &label->offset_xl - (char *) label)),
-			le32_to_cpu(label->crc_xl)))
-		return 1;
+			le32_to_cpu(label->crc_xl));
 
 	format_lvm_uuid(uuid, (char *) label->pv_uuid);
 	blkid_probe_sprintf_uuid(pr, label->pv_uuid, sizeof(label->pv_uuid),
 			"%s", uuid);
 
diff --git a/libblkid/src/superblocks/nilfs.c b/libblkid/src/superblocks/nilfs.c
index 9207677..bf5f109 100644
--- a/libblkid/src/superblocks/nilfs.c
+++ b/libblkid/src/superblocks/nilfs.c
@@ -87,12 +87,11 @@ static int probe_nilfs2(blkid_probe pr, const struct blkid_idmag *mag)
 	bytes = le16_to_cpu(sb->s_bytes);
 	crc = crc32(le32_to_cpu(sb->s_crc_seed), (unsigned char *)sb, sumoff);
 	crc = crc32(crc, sum, 4);
 	crc = crc32(crc, (unsigned char *)sb + sumoff + 4, bytes - sumoff - 4);
 
-	if (!blkid_probe_verify_csum(pr, crc, le32_to_cpu(sb->s_sum)))
-		return 1;
+	blkid_probe_set_csum(pr, crc, le32_to_cpu(sb->s_sum));
 
 	if (strlen(sb->s_volume_name))
 		blkid_probe_set_label(pr, (unsigned char *) sb->s_volume_name,
 				      sizeof(sb->s_volume_name));
 
diff --git a/libblkid/src/superblocks/silicon_raid.c b/libblkid/src/superblocks/silicon_raid.c
index 10a3023..0202eea 100644
--- a/libblkid/src/superblocks/silicon_raid.c
+++ b/libblkid/src/superblocks/silicon_raid.c
@@ -102,12 +102,13 @@ static int probe_silraid(blkid_probe pr,
 
 	if (le32_to_cpu(sil->magic) != SILICON_MAGIC)
 		return 1;
 	if (sil->disk_number >= 8)
 		return 1;
-	if (!blkid_probe_verify_csum(pr, silraid_checksum(sil), le16_to_cpu(sil->checksum1)))
-		return 1;
+
+	if (blkid_probe_set_csum(pr, silraid_checksum(sil), le16_to_cpu(sil->checksum1)))
+		return -1;
 
 	if (blkid_probe_sprintf_version(pr, "%u.%u",
 				le16_to_cpu(sil->major_ver),
 				le16_to_cpu(sil->minor_ver)) != 0)
 		return -1;
diff --git a/libblkid/src/superblocks/superblocks.c b/libblkid/src/superblocks/superblocks.c
index c6394c4..dcba46d 100644
--- a/libblkid/src/superblocks/superblocks.c
+++ b/libblkid/src/superblocks/superblocks.c
@@ -389,10 +389,23 @@ static int superblocks_probe(blkid_probe pr, struct blkid_chain *chn)
 				blkid_probe_chain_reset_vals(pr, chn);
 				continue;
 			}
 		}
 
+		if (pr->csum != pr->csum_expected) {
+			DBG(LOWPROBE, blkid_debug(
+					"incorrect checksum for type %s,"
+					" got %jX, expected %jX",
+					id->name, pr->csum, pr->csum_expected));
+			if (chn->flags & BLKID_SUBLKS_BADCSUM)
+				/* flag a bad checksum but continue probing */
+				blkid_probe_set_value(pr, "SBBADCSUM", (unsigned char *) "1", 2);
+			else
+				/* stop probing */
+				goto nothing;
+		}
+
 		/* all cheks passed */
 		if (chn->flags & BLKID_SUBLKS_TYPE)
 			rc = blkid_probe_set_value(pr, "TYPE",
 				(unsigned char *) id->name,
 				strlen(id->name) + 1);
diff --git a/libblkid/src/superblocks/via_raid.c b/libblkid/src/superblocks/via_raid.c
index 5c15167..4630e8e 100644
--- a/libblkid/src/superblocks/via_raid.c
+++ b/libblkid/src/superblocks/via_raid.c
@@ -67,13 +67,13 @@ static int probe_viaraid(blkid_probe pr,
 
 	if (le16_to_cpu(v->signature) != VIA_SIGNATURE)
 		return 1;
 	if (v->version_number > 2)
 		return 1;
-	if (!blkid_probe_verify_csum(pr, via_checksum(v), v->checksum))
-		return 1;
 
+	if (blkid_probe_set_csum(pr, via_checksum(v), v->checksum))
+		return -1;
 	if (blkid_probe_sprintf_version(pr, "%u", v->version_number) != 0)
 		return -1;
 	if (blkid_probe_set_magic(pr, off,
 				sizeof(v->signature),
 				(unsigned char *) &v->signature))
-- 
1.8.4.25.g05e4ae6

[PATCH 2/2] wipefs: Also wipe superblocks with bad checksums

[Gabriel de Perthuis]

Signed-off-by: Gabriel de Perthuis <g2p.code@gmail.com>
---
 libblkid/src/blkid.h.in                | 1 +
 libblkid/src/superblocks/superblocks.c | 3 ++-
 misc-utils/wipefs.c                    | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libblkid/src/blkid.h.in b/libblkid/src/blkid.h.in
index 2a7d6b4..c140fc6 100644
--- a/libblkid/src/blkid.h.in
+++ b/libblkid/src/blkid.h.in
@@ -258,10 +258,11 @@ extern int blkid_probe_enable_superblocks(blkid_probe pr, int enable);
 #define BLKID_SUBLKS_TYPE	(1 << 5) /* define TYPE result value */
 #define BLKID_SUBLKS_SECTYPE	(1 << 6) /* define compatible fs type (second type) */
 #define BLKID_SUBLKS_USAGE	(1 << 7) /* define USAGE result value */
 #define BLKID_SUBLKS_VERSION	(1 << 8) /* read FS type from superblock */
 #define BLKID_SUBLKS_MAGIC	(1 << 9) /* define SBMAGIC and SBMAGIC_OFFSET */
+#define BLKID_SUBLKS_BADCSUM	(1 << 10) /* allow a bad checksum */
 
 #define BLKID_SUBLKS_DEFAULT	(BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID | \
 				 BLKID_SUBLKS_TYPE | BLKID_SUBLKS_SECTYPE)
 
 extern int blkid_probe_set_superblocks_flags(blkid_probe pr, int flags);
diff --git a/libblkid/src/superblocks/superblocks.c b/libblkid/src/superblocks/superblocks.c
index 2a023f8..29e9f40 100644
--- a/libblkid/src/superblocks/superblocks.c
+++ b/libblkid/src/superblocks/superblocks.c
@@ -390,11 +390,12 @@ static int superblocks_probe(blkid_probe pr, struct blkid_chain *chn)
 		if (pr->csum != pr->csum_expected) {
 			DBG(LOWPROBE, blkid_debug(
 					"incorrect checksum for type %s,"
 					" got %jX, expected %jX",
 					id->name, pr->csum, pr->csum_expected));
-			goto nothing;
+			if (! (chn->flags & BLKID_SUBLKS_BADCSUM))
+				goto nothing;
 		}
 
 		/* all cheks passed */
 		if (chn->flags & BLKID_SUBLKS_TYPE)
 			rc = blkid_probe_set_value(pr, "TYPE",
diff --git a/misc-utils/wipefs.c b/misc-utils/wipefs.c
index 2cfad7c..ff2f62f 100644
--- a/misc-utils/wipefs.c
+++ b/misc-utils/wipefs.c
@@ -246,11 +246,12 @@ new_probe(const char *devname, int mode)
 		goto error;
 
 	blkid_probe_enable_superblocks(pr, 1);
 	blkid_probe_set_superblocks_flags(pr, BLKID_SUBLKS_MAGIC |
 			BLKID_SUBLKS_TYPE | BLKID_SUBLKS_USAGE |
-			BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID);
+			BLKID_SUBLKS_LABEL | BLKID_SUBLKS_UUID |
+			BLKID_SUBLKS_BADCSUM);
 
 	blkid_probe_enable_partitions(pr, 1);
 	blkid_probe_set_partitions_flags(pr, BLKID_PARTS_MAGIC);
 
 	return pr;
-- 
1.8.4.25.g05e4ae6