| Age | Commit message (Collapse) | Author | 
|---|
|  | Add descritpions for kernel resource files.
Remove crc32 related descritpions, there is no crc32 related files
imported from the linux kernel.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The compiler complains following message:
 tests/checkfs/comm.c:37:5: warning: no previous prototype for
 ‘do_pwr_dn’
The function do_pwr_dn() is only used in tests/checkfs/checkfs.c, but
we still keep it in tests/checkfs/comm.c in case the function() is
used by more callers. Fix it by adding a previous declaration.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | warning for 'path'
The compiler compains following message:
 jffsX-utils/jffs2reader.c:697:6: warning: potential null pointer
 dereference
It won't bring any problems because the 'path' is guaranteed to be a
non-NULL variable. Fix the warning by adding a NULL pointer check.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | warning
The compiler compains following message:
 misc-utils/flashcp.c:439:3: warning: ‘wrlast_buf’ may be used
 uninitialized in this function
It won't bring any problems because variable '‘wrlast_buf’ is always
initialized before being used. Fix the warning by setting 'wrlast_buf'
as NULL when declaring it.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | 'dumpfile'
The const pointer argument cannot be passed into libc function 'free()',
otherwise the compiler will complain following message:
 nand-utils/nanddump.c:168:10: warning: passing argument 1 of ‘free’
 discards ‘const’ qualifier from pointer target type
Fixes: c89009463888 ("nanddump: don't leak copied command line arguments")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Fix following compiling warning by using the right format:
 ubi-utils/mtdinfo.c:207:21: warning: format ‘%lx’ expects argument of
 type ‘long unsigned int’, but argument 4 has type ‘long long unsigned
 int’
Fixes: 78f4f38bd3de8 ("ubi-utils: Fix integer overflow in mtdinfo.c")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
Variable vi->alignment, whose possible value set allows a zero value at ubinize.c:375, is used as a denominator at ubinize.c:410.
If you look at the code more closely, it will be clear that the vi->alignment parameter is obtained from an external file passed as a command line argument.
A check was also performed if you pass a test.ini file of the following type to the input:
[jffs2-volume]
mode=ubi
image=../jffs2.img
vol_id=1
vol_size=30MiB
vol_type=dynamic
vol_name=jffs2_volume
vol_flags=autoresize
vol_alignment=0
and execute the command:
./ubinize -o ubi.img -p 16KiB -m 512 -s 256 test.ini
we will get the result:
Floating point exception (core dumped)
Corrections explained:
Updated the validation logic for vi->alignment:
- Replaced the check for negative alignment (`vi->id < 0`) with a more comprehensive check for non-positive alignment (`vi->alignment <= 0`).
- Updated the corresponding error message to reflect the requirement for a positive volume alignment.
This ensures more robust validation and improves error clarity when invalid alignment values are encountered.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
The value of an arithmetic expression 'datsize + oobsize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic.
Corrections explained:
- Added a check to validate datsize and oobsize to ensure they are non-negative and within a safe range.
- Cast datsize and oobsize to long before performing arithmetic to prevent potential integer overflow.
This change ensures safe computation of offsets and prevents undefined behavior caused by overflow.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Corrections explained:
Added robust handling for malloc() failure by checking the returnvalueand providing a clear error message.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow
because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
Added casting i and start to unsigned long long
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$
Corrections explained:
Prevent arithmetic overflow in OOB read operation
Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
Added explicit casting of eb_cnt to long long in the condition
if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size)
to ensure the multiplication is performed in a 64-bit context,
preventing potential overflow for large values of eb_cnt and mtd.eb_size.
This ensures correct handling of devices with large block counts or block sizes.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Report of the static analyzer:
The value of an arithmetic expression 'vol_info.leb_size * args.lebs' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic
Corrections explained:
The fix ensures values are checked before multiplication.
Added casting vol_info.leb_size to long long
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | We use a vendored library for parsing ini files. Our copy of this
library has not been updated since 2007.
This commit imports the recent version of the ini parsing library
from upstream source at https://gitlab.com/iniparser/iniparser
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Add new option '--asan' for configuration to support dynamic
Address-Sanitizier debugging, which could detect kinds of invalid
memory accessing problems(eg. UAF, r/w OOB, etc.). Currently, only
ubifs-utils(mkfs.ubifs/fsck.ubifs) is supported.
Enable Address-Sanitizier debugging with configuration:
  ./configure --enable-asan
Notice: The Address-Sanitizier will stop the program and print
problems if memory problems are detected. Sometimes the memory
problems come from third libs(not mtd-utils), which could stuck
the testcases.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Add document for fsck.ubifs and mkfs.ubifs testcases, explain all
testcases and how to run them.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Add run_all script to run all UBIFS fsck & mkfs testcases.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Initialize UBIFS image from a given directory, then check whether the
fs content in mounted UBIFS is consistent with the original directory.
Both UBI volume and file are chosen as storage mediums to test.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | For kinds of inconsistent UBIFS images(which can simulate corruptions
caused by some potentional UBIFS bug), check the result of fsck.
This testcase mainly checks whether the behavior is in expected after
repairing specific inconsistent UBIFS image.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is a preparation for adding bad images fsck testcase. There is
no debugfs tools (for example: debugfs[ext4], xfs_db) for UBIFS, so
there is no way to inject precise corruption into UBIFS image, we have
to prepare inconsistent UBIFS images in advance like e2fsprogs[1] does.
(Goto [2] to see how to generate inconsistent UBIFS images).
Original UBIFS image content:
 /
 ├── corrupt_file (xattr - user.corrupt:123, 2K data)
 ├── dir
 │   ├── block_dev
 │   ├── char_dev
 │   ├── dir
 │   └── file (content: '123')
 ├── hardl_corrupt_file => corrupt_file
 └── softl_corrupt_file -> corrupt_file
Here's a descriptons of the various testing images:
=========================================================================
      image         |     Description     |          expectancy
-------------------------------------------------------------------------
good                | good image contains | fsck success, fs content is
                    | kinds of files.     | not changed.
-------------------------------------------------------------------------
sb_fanout           | invalid fanout in   | fsck failed.
                    | superblock.         |
-------------------------------------------------------------------------
sb_fmt_version      | invalid fmt_version | fsck failed.
                    | in superblock.      |
-------------------------------------------------------------------------
sb_leb_size         | invalid leb_size in | fsck failed.
                    | superblock.         |
-------------------------------------------------------------------------
sb_log_lebs         | invalid log lebs in | fsck failed.
                    | superblock.         |
-------------------------------------------------------------------------
sb_min_io_size      | invalid min_io_size | fsck failed.
                    | in superblock.      |
-------------------------------------------------------------------------
master_highest_inum | invalid highest_inum| fsck success, fs content is
                    | in master nodes.    | not changed.
-------------------------------------------------------------------------
master_lpt          | bad lpt pos in      | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
master_tnc          | bad tnc pos in      | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
master_total_dead   | bad total_dead in   | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
master_total_dirty  | bad total_dirty in  | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
master_total_free   | bad total_free in   | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
journal_log         | corrupted log area. | fsck success, fs content is
                    |                     | not changed.
-------------------------------------------------------------------------
journal_bud         | corrupted bud area. | fsck success, file data is
                    |                     | lost.
-------------------------------------------------------------------------
orphan_node         | bad orphan node.    | fsck success, file is
                    |                     | deleted as expected.
-------------------------------------------------------------------------
lpt_dirty           | bad dirty in pnode. | fsck success, fs content is
                    |                     | not changed.
-------------------------------------------------------------------------
lpt_flags           | bad flags in pnode  | fsck success, fs content is
                    | (eg. index).        | not changed.
-------------------------------------------------------------------------
lpt_free            | bad free in pnode.  | fsck success, fs content is
                    |                     | not changed.
-------------------------------------------------------------------------
lpt_pos             | bad pos in nnode.   | fsck success, fs content is
                    |                     | not changed.
-------------------------------------------------------------------------
ltab_dirty          | bad dirty in lprops | fsck success, fs content is
                    | table.              | not changed.
-------------------------------------------------------------------------
ltab_free           | bad free in lprops  | fsck success, fs content is
                    | table.              | not changed.
-------------------------------------------------------------------------
index_size          | bad index size in   | fsck success, fs content is
                    | master nodes.       | not changed.
-------------------------------------------------------------------------
tnc_lv0_key         | bad key in lv0      | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
tnc_lv0_len         | bad len in lv0      | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
tnc_lv0_pos         | bad pos in lv0      | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
tnc_noleaf_key      | bad key in non-leaf | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
tnc_noleaf_len      | bad len in non-leaf | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
tnc_noleaf_pos      | bad pos in non-leaf | fsck success, fs content is
                    | znode.              | not changed.
-------------------------------------------------------------------------
corrupted_data_leb  | corrupted data leb. | fsck success, partial data of
                    |                     | file is lost.
-------------------------------------------------------------------------
corrupted_idx_leb   | corrupted index leb.| fsck success, fs content is
                    |                     | not changed.
-------------------------------------------------------------------------
inode_data          | bad data node.      | fsck success, file content
                    |                     | is changed, other files are
                    |                     | not changed.
-------------------------------------------------------------------------
inode_mode          | bad inode mode for  | fsck success, file is
                    | file.               | dropped, other files are not
                    |                     | changed.
-------------------------------------------------------------------------
inode_nlink         | wrong nlink for     | fsck success, nlink is
                    | file.               | corrected, fs content is not
                    |                     | changed.
-------------------------------------------------------------------------
inode_size          | wrong inode size    | fsck success, inode size is
                    | for file.           | corrected, fs content is not
                    |                     | changed.
-------------------------------------------------------------------------
inode_xcnt          | wrong inode         | fsck success, xattr_cnt is
                    | xattr_cnt for file. | corrected, fs content is not
                    |                     | changed.
-------------------------------------------------------------------------
soft_link_inode_mode| bad inode mode for  | fsck success, soft link
                    | solf link file.     | file is dropped, other files
                    |                     | are not changed.
-------------------------------------------------------------------------
soft_link_data_len  | bad inode data_len  | fsck success, soft link
                    | for solt link file. | file is dropped, other files
                    |                     | are not changed.
-------------------------------------------------------------------------
dentry_key          | bad dentry key for  | fsck success, dentry is
                    | file.               | removed, other files are
                    |                     | not changed.
-------------------------------------------------------------------------
dentry_nlen         | inconsistent nlen   | fsck success, dentry is
                    | and name in dentry  | removed, other files are
                    | for file.           | not changed.
-------------------------------------------------------------------------
dentry_type         | inconsistent type   | fsck success, dentry is
                    | between dentry and  | removed, other files are
                    | inode for file.     | not changed.
-------------------------------------------------------------------------
xinode_flags        | lost UBIFS_XATTR_FL | fsck success, xattr is
                    | in xattr inode      | removed, other files are
                    | flags for file.     | not changed.
-------------------------------------------------------------------------
xinode_key          | bad xattr inode key | fsck success, xattr is
                    | for file.           | removed, other files are
                    |                     | not changed.
-------------------------------------------------------------------------
xinode_mode         | bad xattr inode     | fsck success, xattr is
                    | mode for file.      | removed, other files are
                    |                     | not changed.
-------------------------------------------------------------------------
xentry_key          | bad xattr entry key | fsck success, xattr is
                    | for file.           | removed, other files are
                    |                     | not changed.
-------------------------------------------------------------------------
xentry_nlen         | inconsistent nlen   | fsck success, xattr is
                    | and name in xattr   | removed, other files are
                    | entry for file.     | not changed.
-------------------------------------------------------------------------
xentry_type         | inconsistent type   | fsck success, xattr is
                    | between xattr entry | removed, other files are
                    | and xattr inode for | not changed.
                    | file.               |
-------------------------------------------------------------------------
xent_host           | the xattr's host    | fsck success, file, hard
                    | is a xattr too, the | link and soft link are
                    | flag of corrupt_file| dropped, other files are
                    | inode is modified.  | not changed.
-------------------------------------------------------------------------
dir_many_dentry     | dir has too many    | fsck success, hard link is
                    | dentries, the dentry| dropped, other files are not
                    | of hard link is     | changed.
                    | modified.           |
-------------------------------------------------------------------------
dir_lost            | bad dentry for dir. | fsck success, the 'file' is
                    |                     | recovered under lost+found,
                    |                     | left files under dir are
                    |                     | removed, other files are not
                    |                     | changed.
-------------------------------------------------------------------------
dir_lost_duplicated | bad inode for dir,  | fsck success, the 'file' is
                    | there is a file     | recovered with INO_<inum>_1
                    | under lost+found,   | under lost+found, left files
                    | which named with the| under dir are removed, other
                    | inum of the 'file'. | files are not changed.
-------------------------------------------------------------------------
dir_lost_not_recover| bad inode for dir,  | fsck success, all files
                    | lost+found is a     | under dir are removed,
                    | regular file and    | other files are not changed.
                    | exists under root   |
                    | dir.                |
-------------------------------------------------------------------------
root_dir            | bad '/'.            | fsck success, create new
                    |                     | root dir('/'). All regular
                    |                     | files are reocovered under
                    |                     | lost+found, other files are
                    |                     | removed.
-------------------------------------------------------------------------
empty_tnc           | all files have bad  | fsck success, fs content
                    | inode.              | becomes empty.
=========================================================================
[1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/tests/README
[2] https://bugzilla.kernel.org/show_bug.cgi?id=218924
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Inject random corruption on UBIFS image by writting random data on
kinds of mtd devices (eg. nand, nor), check the consistency of UBIFS
after fsck.
This testcase simulates random bad UBIFS image caused by hardware
exceptions(eg. ecc uncorrectable, unwritten), and makes sure that
fsck.ubifs could make UBIFS be consistent after repairing UBIFS
image.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Inject powercut while doing fsstress on mounted UBIFS, check the
consistency of UBIFS after fsck.
This testscase mainly makes sure that fsck.ubifs can make UBIFS
image be consistent in common stress cases and powercut cases.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Inject memory/io fault while doing fsck for corrupted UBIFS images.
This testcase mainly checks whether fsck.ubifs has problems (eg.
UAF, null-ptr-def, etc.) in random error paths. Besides, it provides
a similar way to simulate powercut during fsck, and checks whether
the fsck.ubifs can fix an UBIFS image after many rounds interrupted
by kinds of errors.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Inject powercut while doing fsstress on mounted UBIFS for kinds of
flashes (eg. nand, nor).
This testcase mainly makes sure that fsck.ubifs can make UBIFS image
be consistent on different flashes (eg. nand, nor). Because the
min_io_size of nor flash is 1, the UBIFS image on nor flash will be
different from nand flash after doing powercut, so we need make sure
fsck.ubifs can handle these two types of flash.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Do fsstress and fsck, check whether there are any files(and their data)
are lost after fsck. This testcase mainly checks whether fsck.ubifs could
corrupt the filesystem content in common case.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Authenticated UBIFS image is not supported in fsck, add testcase
to check that.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is a preparation for adding testcases for fsck.ubifs and
mkfs.ubifs. Add some common functions, for example: powercut,
load_mtdram, mount_ubifs, encryption operations, etc.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Add documents to describe fsck, which includes introductions, designment,
advantage and limitations.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 18/18 step of fsck. Do final committing, commit problem
fixing modifications(which are generated since step 14) to disk, and
clear %UBIFS_MST_DIRTY flag for master node.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 17/18 step of fsck. Recover disconnected files into
lost+found. If there is no free space left to recover the disconnected
files, fsck may delete the files to make filesystem be consistent.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 16/18 step of fsck. Check whether the lost+found is existed,
create a new one if it is not found. This step makes sure that disconnected
file can be recovered under the lost+found.
Signed-off-by: Huang Xiaojia <huangxiaojia2@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 15/18 step of fsck. Check whether the root dir is existed,
create a new one if it is not found. This step makes sure that filesystem
can be mounted successful.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Add some file operations, such as ubifs_lookup, ubifs_mkdir, etc., this
is a preparation for recovering disconnected files or root dir in fsck.
File writing operations are based on the journal subsystem, generated
dirty data depends on a new commit in subsequent steps to update disk
content.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 14/18 step of fsck. Check and correct the index size by
traversing TNC just like dbg_check_idx_size does. This step should
be executed after first committing, because 'c->calc_idx_sz' can be
changed in 'ubifs_tnc_start_commit' and the initial value of
'c->calc_idx_sz' read from disk is untrusted.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 13/18 step of fsck. Commit problem fixing modifications
(which are generated from the previous steps) to disk.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 12/18 step of fsck. Check and correct the space statistics.
There could be following steps and possible errors:
 Step 1. Exit for check mode, if %FR_LPT_CORRUPTED or %FR_LPT_INCORRECT
 is set in lpt status, the exit code should have %FSCK_UNCORRECTED.
 Step 2. Check lpt status, if %FR_LPT_CORRUPTED is set in lpt status,
 normal mode with 'no' answer will exit, other modes will rebuild lpt.
 Step 3. Traverse LPT nodes, check the correctness of nnode and pnode,
 compare LEB scanning result with LEB properties.
  a. LPT node is corrupted, normal mode with 'no' answer will exit,
     rebuild lpt for other modes.
  b. Incorrect nnode/pnode, normal mode with 'no' answer will exit,
     other other modes will correct the nnode/pnode.
  c. Inconsistent comparing result, normal mode with 'no' answer
     will exit, other modes will correct the space statistics.
 Step 4. Check and correct the lprops table information.
 Step 5. Set gc lnum(ubifs_rcvry_gc_commit / take_gc_lnum).
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is a preparation for adding LPT checking support. Move some data
structures and functions into check_space.c, also factor out some common
functions in libubifs:
 1. Move 'lpts' from rebuild module, make it resuable for non-rebuild_fs
    modes.
 2. Move function 'get_free_leb' from rebuild_fs.c, it could be reused in
    building LPT.
 3. Move function 'build_lpt' from rebuild_fs.c, it could be reused in
    building LPT.
 4. Factor out lpt nodes freeing into a new function ubifs_free_lpt_nodes.
 5. Factor out nnode dirty marking implementations into a new function
    ubifs_make_nnode_dirty.
 5. Export the function of nnode number calculation, calc_nnode_num is
    renamed as ubifs_calc_nnode_num.
 6. Export the function of making pnode dirty, do_make_pnode_dirty is
    renamed as ubifs_make_pnode_dirty.
 7. Rename next_pnode_to_dirty to ubifs_find_next_pnode and export it.
 8. Export free_buds and expend its parameters.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 11/18 step of fsck. Check whether the TNC is empty, turn to
rebuild_fs if it is not found. Can we recreate a new root dir to avoid
empty TNC? The answer is no, lpt fixing should be done before creating
new entry, but lpt fixing needs a committing before new dirty data
generated to ensure that bud data won't be overwritten(bud LEB could
become freeable after replaying journal, corrected lpt may treat it as
a free one to hold new data, see details in space checking & correcting
step). Then we have to create the new root dir after fixing lpt and a
committing, znode without children(empty TNC) maybe written on disk at
the moment of committing, which corrupts the UBIFS image. So we choose
to rebuild the filesystem if the TNC is empty, this case is equivalent
to corrupted TNC.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 10/18 step of fsck. Check and handle inconsistent files, the
checking rule is same as rebuild mode which has been implemented in
check_and_correct_files, but the methods of handling are different:
 1. Correct the file information for safe mode, danger mode and normal
    mode with 'yes' answer, other modes will exit.
Signed-off-by: Xiang Yang <xiangyang3@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 9/18 step of fsck. Check and handle unreachable files, the
checking rule is same as rebuild mode which has been implemented in
file_is_reachable, but the methods of handling are different:
1. Move unreachable regular file into disconnected list, let subsequent
   steps to handle them with lost+found.
2. Delete unreachable non-regular file.
3. Delete unreachable directory entries.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 8/18 step of fsck. Check and handle invalid files, the
checking rule is same as rebuild mode which has been implemented in
file_is_valid, but the methods of handling are different:
 1. Move unattached(file has no dentries) regular file into disconnected
    list, let subsequent steps to handle them with lost+found.
 2. Make file type be consistent between inode, detries and data nodes by
    deleting dentries or data blocks.
 3. Delete file for other invalid cases(eg. file has no inode).
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 7/18 step of fsck. Update files' size according to size
tree for check mode, now all files are updated after replaying journal.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the second part of 6/18 step in fsck. Add an extra checking for
non-check mode while traversing TNC, make sure that all LEBs(contains TNC)
can be scanned successful. There could be following steps and possible
errors:
 Step 2. Scan all LEBs(contain TNC), remove TNC branch which points to
 corrupted LEB.
  a. corrupted node is found by scanning: If current node is index node,
     danger mode with rebuild_fs and normal mode with 'yes' answer will
     turn to rebuild filesystem, other modes will exit; If current node
     is non-index node, danger mode and normal mode with 'yes' answer
     will remove all TNC branches which point to the corrupted LEB,
     other modes will exit.
  b. LEB contains both index and non-index nodes: danger mode with
     rebuild_fs and normal mode with 'yes' answer will turn to rebuild
     filesystem, other modes will exit.
This is a preparation for space checking, which means that ubifs_scan
will always succeed when check properties for any TNC LEBs. We do this
before checking files(step 7) & extracting dentry tree(step 8), nodes
cannot be dropped(which may corrupted file and make file inconsistent
again) when scanning corrupted as long as the dentry tree is extracted.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 6/18 step of fsck. Traverse TNC and construct files. There
could be following steps and possible errors:
 Step 1. Traverse TNC, check whether the leaf node is valid, remove invalid
 nodes, construct file for valid node and insert file into file tree.
  a. corrupted node searched from TNC: remove corresponding TNC branch for
     danger mode and normal mode with 'yes' answer, other modes will exit.
  b. corrupted index node read from TNC: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is a preparation for adding TNC checking support. Following data
structures and functions are moved into fsck.ubifs.c:
 1. Move 'scanned_files' and 'used_lebs' from rebuild module, make them
    resuable for non-rebuild_fs modes.
 2. Move function 'handle_error' from load_fs.c, it could be reused in
    other steps.
 3. Add new function ubifs_tnc_remove_node in libubifs, which could
    remove index entry for a node by given position.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 5/18 step of fsck. Recover isize. There could be following
steps and possible errors:
 Step 1. Traverse size tree, lookup corresponding inode from TNC
  a. corrupted node searched from TNC: skip node for danger mode and
     normal mode with 'yes' answer, other modes will exit.
  b. corrupted index node read from TNC: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
 Step 2. update isize for inode. Keep <inum, isize> in size tree for check
 mode, update inode node in place for other modes.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 4/18 step of fsck. Consolidate log to ensure enough space
in log area. There could be following possible errors:
 1. corrupted scanning data in log area: danger mode with rebuild_fs and
    normal mode with 'yes' answer will turn to rebuild filesystem, other
    modes will exit.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 3/18 step of fsck. Handle orphan nodes, update TNC & LPT.
There could be following steps and possible errors:
 Step 1. scan orphan LEB, get all orphan nodes
  a. corrupted scanning data in orphan area: danger mode and normal mode
     with 'yes' answer will drop orphan LEB, other modes will exit.
 Step 2. parse orphan node, find the original inode for each inum
  a. corrupted node searched from TNC: skip node for danger mode and
     normal mode with 'yes' answer, other modes will exit.
  b. corrupted index node read from TNC: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
 Step 4. remove inode for each inum, update TNC & LPT
  a. corrupted index node read from TNC: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
  b. corrupted lpt: Set %FR_LPT_CORRUPTED for lpt status. Ignore the
     error.
  c. incorrect lpt: Set %FR_LPT_INCORRECT for lpt status. Ignore the
     error.
  d. If lpt status is not empty, skip updating lpt.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This is the 2/18 step of fsck. Replay journal, update TNC & LPT.
There could be following steps and possible errors:
 Step 1. scan log LEB, get all bud LEBs
  a. corrupted scanning data in log area: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
 Step 2. scan bud LEBs, get all nodes
  a. corrupted scanning data in bud LEB: danger mode and normal mode with
     'yes' answer will drop bud LEB and set %FR_LPT_INCORRECT for lpt
     status, other modes will exit.
 Step 3. apply nodes, record latest isize into size_tree
 Step 4. apply nodes, update TNC & LPT
  a. corrupted data searched from TNC: skip node and set %FR_LPT_INCORRECT
     lpt status for danger mode and normal mode with 'yes' answer, other
     modes will exit.
  b. corrupted index node read from TNC: danger mode with rebuild_fs and
     normal mode with 'yes' answer will turn to rebuild filesystem, other
     modes will exit.
  c. corrupted lpt: Set %FR_LPT_CORRUPTED for lpt status. Ignore the
     error.
  d. incorrect lpt: Set %FR_LPT_INCORRECT for lpt status. Ignore the
     error.
  e. If lpt status is not empty, skip updating lpt.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> |