aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-12-28ubi-utils: FIX DIVISION BY ZERO in ubinize.cAnton Moryakov
Report of the static analyzer: Variable vi->alignment, whose possible value set allows a zero value at ubinize.c:375, is used as a denominator at ubinize.c:410. If you look at the code more closely, it will be clear that the vi->alignment parameter is obtained from an external file passed as a command line argument. A check was also performed if you pass a test.ini file of the following type to the input: [jffs2-volume] mode=ubi image=../jffs2.img vol_id=1 vol_size=30MiB vol_type=dynamic vol_name=jffs2_volume vol_flags=autoresize vol_alignment=0 and execute the command: ./ubinize -o ubi.img -p 16KiB -m 512 -s 256 test.ini we will get the result: Floating point exception (core dumped) Corrections explained: Updated the validation logic for vi->alignment: - Replaced the check for negative alignment (`vi->id < 0`) with a more comprehensive check for non-positive alignment (`vi->alignment <= 0`). - Updated the corresponding error message to reflect the requirement for a positive volume alignment. This ensures more robust validation and improves error clarity when invalid alignment values are encountered. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-24jffsX-utils: fix integer overflow in jffs2dump.cAnton Moryakov
Report of the static analyzer: The value of an arithmetic expression 'datsize + oobsize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic. Corrections explained: - Added a check to validate datsize and oobsize to ensure they are non-negative and within a safe range. - Cast datsize and oobsize to long before performing arithmetic to prevent potential integer overflow. This change ensures safe computation of offsets and prevents undefined behavior caused by overflow. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-20misc-utils: add missing error handling for 'bam' allocation in ftl_check.cAnton Moryakov
Corrections explained: Added robust handling for malloc() failure by checking the returnvalueand providing a clear error message. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-17ubi-utils: Fix integer overflow in mtdinfo.cAnton Moryakov
Report of the static analyzer: The value of an arithmetic expression 'reginfo->offset + i * reginfo->erasesize' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: Added casting i and start to unsigned long long Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-17nand-utils: Fix integer overflow in nandflipbits.cAnton Moryakov
Report of the static analyzer: The value of an arithmetic expression 'bit_to_flip->block * mtd.eb_size + blkoffs' is a subject to overflow because its operands are not cast to a larger data type before performing arith$ Corrections explained: Prevent arithmetic overflow in OOB read operation Resolved an issue where the calculation of the offset in the OOB read operation could overflow due to operands not being cast to a larger data type. Specifically, the multiplication of bi$ Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-17misc-utils: flash_erase: FIX integer overflow in flash_erase.cAnton Moryakov
Report of the static analyzer: The value of an arithmetic expression 'eb_cnt * mtd.eb_size' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: Added explicit casting of eb_cnt to long long in the condition if (eb_start == 0 && mtd.size == eb_cnt * mtd.eb_size) to ensure the multiplication is performed in a 64-bit context, preventing potential overflow for large values of eb_cnt and mtd.eb_size. This ensures correct handling of devices with large block counts or block sizes. Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-17ubi-utils: ubirsvol: Fix integer overflow in ubirsvol.cAnton Moryakov
Report of the static analyzer: The value of an arithmetic expression 'vol_info.leb_size * args.lebs' is a subject to overflow because its operands are not cast to a larger data type before performing arithmetic Corrections explained: The fix ensures values ​​are checked before multiplication. Added casting vol_info.leb_size to long long Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-12-17Import a more recent version of libiniparserDavid Oberhollenzer
We use a vendored library for parsing ini files. Our copy of this library has not been updated since 2007. This commit imports the recent version of the ini parsing library from upstream source at https://gitlab.com/iniparser/iniparser Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11ubifs-utils: Support Address-Sanitizier debugZhihao Cheng
Add new option '--asan' for configuration to support dynamic Address-Sanitizier debugging, which could detect kinds of invalid memory accessing problems(eg. UAF, r/w OOB, etc.). Currently, only ubifs-utils(mkfs.ubifs/fsck.ubifs) is supported. Enable Address-Sanitizier debugging with configuration: ./configure --enable-asan Notice: The Address-Sanitizier will stop the program and print problems if memory problems are detected. Sometimes the memory problems come from third libs(not mtd-utils), which could stuck the testcases. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: Add READMEZhihao Cheng
Add document for fsck.ubifs and mkfs.ubifs testcases, explain all testcases and how to run them. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: Add run_all scriptZhihao Cheng
Add run_all script to run all UBIFS fsck & mkfs testcases. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: mkfs_tests: Add fs content check testZhihao Cheng
Initialize UBIFS image from a given directory, then check whether the fs content in mounted UBIFS is consistent with the original directory. Both UBI volume and file are chosen as storage mediums to test. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add bad images fixing testZhihao Cheng
For kinds of inconsistent UBIFS images(which can simulate corruptions caused by some potentional UBIFS bug), check the result of fsck. This testcase mainly checks whether the behavior is in expected after repairing specific inconsistent UBIFS image. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add corrupted imagesZhihao Cheng
This is a preparation for adding bad images fsck testcase. There is no debugfs tools (for example: debugfs[ext4], xfs_db) for UBIFS, so there is no way to inject precise corruption into UBIFS image, we have to prepare inconsistent UBIFS images in advance like e2fsprogs[1] does. (Goto [2] to see how to generate inconsistent UBIFS images). Original UBIFS image content: / ├── corrupt_file (xattr - user.corrupt:123, 2K data) ├── dir │   ├── block_dev │   ├── char_dev │   ├── dir │   └── file (content: '123') ├── hardl_corrupt_file => corrupt_file └── softl_corrupt_file -> corrupt_file Here's a descriptons of the various testing images: ========================================================================= image | Description | expectancy ------------------------------------------------------------------------- good | good image contains | fsck success, fs content is | kinds of files. | not changed. ------------------------------------------------------------------------- sb_fanout | invalid fanout in | fsck failed. | superblock. | ------------------------------------------------------------------------- sb_fmt_version | invalid fmt_version | fsck failed. | in superblock. | ------------------------------------------------------------------------- sb_leb_size | invalid leb_size in | fsck failed. | superblock. | ------------------------------------------------------------------------- sb_log_lebs | invalid log lebs in | fsck failed. | superblock. | ------------------------------------------------------------------------- sb_min_io_size | invalid min_io_size | fsck failed. | in superblock. | ------------------------------------------------------------------------- master_highest_inum | invalid highest_inum| fsck success, fs content is | in master nodes. | not changed. ------------------------------------------------------------------------- master_lpt | bad lpt pos in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- master_tnc | bad tnc pos in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- master_total_dead | bad total_dead in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- master_total_dirty | bad total_dirty in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- master_total_free | bad total_free in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- journal_log | corrupted log area. | fsck success, fs content is | | not changed. ------------------------------------------------------------------------- journal_bud | corrupted bud area. | fsck success, file data is | | lost. ------------------------------------------------------------------------- orphan_node | bad orphan node. | fsck success, file is | | deleted as expected. ------------------------------------------------------------------------- lpt_dirty | bad dirty in pnode. | fsck success, fs content is | | not changed. ------------------------------------------------------------------------- lpt_flags | bad flags in pnode | fsck success, fs content is | (eg. index). | not changed. ------------------------------------------------------------------------- lpt_free | bad free in pnode. | fsck success, fs content is | | not changed. ------------------------------------------------------------------------- lpt_pos | bad pos in nnode. | fsck success, fs content is | | not changed. ------------------------------------------------------------------------- ltab_dirty | bad dirty in lprops | fsck success, fs content is | table. | not changed. ------------------------------------------------------------------------- ltab_free | bad free in lprops | fsck success, fs content is | table. | not changed. ------------------------------------------------------------------------- index_size | bad index size in | fsck success, fs content is | master nodes. | not changed. ------------------------------------------------------------------------- tnc_lv0_key | bad key in lv0 | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- tnc_lv0_len | bad len in lv0 | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- tnc_lv0_pos | bad pos in lv0 | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- tnc_noleaf_key | bad key in non-leaf | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- tnc_noleaf_len | bad len in non-leaf | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- tnc_noleaf_pos | bad pos in non-leaf | fsck success, fs content is | znode. | not changed. ------------------------------------------------------------------------- corrupted_data_leb | corrupted data leb. | fsck success, partial data of | | file is lost. ------------------------------------------------------------------------- corrupted_idx_leb | corrupted index leb.| fsck success, fs content is | | not changed. ------------------------------------------------------------------------- inode_data | bad data node. | fsck success, file content | | is changed, other files are | | not changed. ------------------------------------------------------------------------- inode_mode | bad inode mode for | fsck success, file is | file. | dropped, other files are not | | changed. ------------------------------------------------------------------------- inode_nlink | wrong nlink for | fsck success, nlink is | file. | corrected, fs content is not | | changed. ------------------------------------------------------------------------- inode_size | wrong inode size | fsck success, inode size is | for file. | corrected, fs content is not | | changed. ------------------------------------------------------------------------- inode_xcnt | wrong inode | fsck success, xattr_cnt is | xattr_cnt for file. | corrected, fs content is not | | changed. ------------------------------------------------------------------------- soft_link_inode_mode| bad inode mode for | fsck success, soft link | solf link file. | file is dropped, other files | | are not changed. ------------------------------------------------------------------------- soft_link_data_len | bad inode data_len | fsck success, soft link | for solt link file. | file is dropped, other files | | are not changed. ------------------------------------------------------------------------- dentry_key | bad dentry key for | fsck success, dentry is | file. | removed, other files are | | not changed. ------------------------------------------------------------------------- dentry_nlen | inconsistent nlen | fsck success, dentry is | and name in dentry | removed, other files are | for file. | not changed. ------------------------------------------------------------------------- dentry_type | inconsistent type | fsck success, dentry is | between dentry and | removed, other files are | inode for file. | not changed. ------------------------------------------------------------------------- xinode_flags | lost UBIFS_XATTR_FL | fsck success, xattr is | in xattr inode | removed, other files are | flags for file. | not changed. ------------------------------------------------------------------------- xinode_key | bad xattr inode key | fsck success, xattr is | for file. | removed, other files are | | not changed. ------------------------------------------------------------------------- xinode_mode | bad xattr inode | fsck success, xattr is | mode for file. | removed, other files are | | not changed. ------------------------------------------------------------------------- xentry_key | bad xattr entry key | fsck success, xattr is | for file. | removed, other files are | | not changed. ------------------------------------------------------------------------- xentry_nlen | inconsistent nlen | fsck success, xattr is | and name in xattr | removed, other files are | entry for file. | not changed. ------------------------------------------------------------------------- xentry_type | inconsistent type | fsck success, xattr is | between xattr entry | removed, other files are | and xattr inode for | not changed. | file. | ------------------------------------------------------------------------- xent_host | the xattr's host | fsck success, file, hard | is a xattr too, the | link and soft link are | flag of corrupt_file| dropped, other files are | inode is modified. | not changed. ------------------------------------------------------------------------- dir_many_dentry | dir has too many | fsck success, hard link is | dentries, the dentry| dropped, other files are not | of hard link is | changed. | modified. | ------------------------------------------------------------------------- dir_lost | bad dentry for dir. | fsck success, the 'file' is | | recovered under lost+found, | | left files under dir are | | removed, other files are not | | changed. ------------------------------------------------------------------------- dir_lost_duplicated | bad inode for dir, | fsck success, the 'file' is | there is a file | recovered with INO_<inum>_1 | under lost+found, | under lost+found, left files | which named with the| under dir are removed, other | inum of the 'file'. | files are not changed. ------------------------------------------------------------------------- dir_lost_not_recover| bad inode for dir, | fsck success, all files | lost+found is a | under dir are removed, | regular file and | other files are not changed. | exists under root | | dir. | ------------------------------------------------------------------------- root_dir | bad '/'. | fsck success, create new | | root dir('/'). All regular | | files are reocovered under | | lost+found, other files are | | removed. ------------------------------------------------------------------------- empty_tnc | all files have bad | fsck success, fs content | inode. | becomes empty. ========================================================================= [1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/tests/README [2] https://bugzilla.kernel.org/show_bug.cgi?id=218924 Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add random_corrupt+fsck testZhihao Cheng
Inject random corruption on UBIFS image by writting random data on kinds of mtd devices (eg. nand, nor), check the consistency of UBIFS after fsck. This testcase simulates random bad UBIFS image caused by hardware exceptions(eg. ecc uncorrectable, unwritten), and makes sure that fsck.ubifs could make UBIFS be consistent after repairing UBIFS image. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add cycle_powercut+fsck testZhihao Cheng
Inject powercut while doing fsstress on mounted UBIFS, check the consistency of UBIFS after fsck. This testscase mainly makes sure that fsck.ubifs can make UBIFS image be consistent in common stress cases and powercut cases. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add corrupt+fsck+fault_inject testZhihao Cheng
Inject memory/io fault while doing fsck for corrupted UBIFS images. This testcase mainly checks whether fsck.ubifs has problems (eg. UAF, null-ptr-def, etc.) in random error paths. Besides, it provides a similar way to simulate powercut during fsck, and checks whether the fsck.ubifs can fix an UBIFS image after many rounds interrupted by kinds of errors. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add powercut+fsck+mount testZhihao Cheng
Inject powercut while doing fsstress on mounted UBIFS for kinds of flashes (eg. nand, nor). This testcase mainly makes sure that fsck.ubifs can make UBIFS image be consistent on different flashes (eg. nand, nor). Because the min_io_size of nor flash is 1, the UBIFS image on nor flash will be different from nand flash after doing powercut, so we need make sure fsck.ubifs can handle these two types of flash. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add cycle mount+fsck testZhihao Cheng
Do fsstress and fsck, check whether there are any files(and their data) are lost after fsck. This testcase mainly checks whether fsck.ubifs could corrupt the filesystem content in common case. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: ubifs_tools: fsck_tests: Add authentication refusing testZhihao Cheng
Authenticated UBIFS image is not supported in fsck, add testcase to check that. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11tests: Add common libs for testing fsck.ubifs/mkfs.ubifsZhihao Cheng
This is a preparation for adding testcases for fsck.ubifs and mkfs.ubifs. Add some common functions, for example: powercut, load_mtdram, mount_ubifs, encryption operations, etc. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Add README to describe fsckZhihao Cheng
Add documents to describe fsck, which includes introductions, designment, advantage and limitations. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Do final committingZhihao Cheng
This is the 18/18 step of fsck. Do final committing, commit problem fixing modifications(which are generated since step 14) to disk, and clear %UBIFS_MST_DIRTY flag for master node. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Handle disconnected filesZhihao Cheng
This is the 17/18 step of fsck. Recover disconnected files into lost+found. If there is no free space left to recover the disconnected files, fsck may delete the files to make filesystem be consistent. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and create the lost+foundHuang Xiaojia
This is the 16/18 step of fsck. Check whether the lost+found is existed, create a new one if it is not found. This step makes sure that disconnected file can be recovered under the lost+found. Signed-off-by: Huang Xiaojia <huangxiaojia2@huawei.com> Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and create the root dirZhihao Cheng
This is the 15/18 step of fsck. Check whether the root dir is existed, create a new one if it is not found. This step makes sure that filesystem can be mounted successful. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11ubifs-utils: libubifs: Support some file operationsZhihao Cheng
Add some file operations, such as ubifs_lookup, ubifs_mkdir, etc., this is a preparation for recovering disconnected files or root dir in fsck. File writing operations are based on the journal subsystem, generated dirty data depends on a new commit in subsequent steps to update disk content. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and correct the index sizeZhihao Cheng
This is the 14/18 step of fsck. Check and correct the index size by traversing TNC just like dbg_check_idx_size does. This step should be executed after first committing, because 'c->calc_idx_sz' can be changed in 'ubifs_tnc_start_commit' and the initial value of 'c->calc_idx_sz' read from disk is untrusted. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Commit problem fixing modifications to diskZhihao Cheng
This is the 13/18 step of fsck. Commit problem fixing modifications (which are generated from the previous steps) to disk. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: check and correct the space statisticsZhihao Cheng
This is the 12/18 step of fsck. Check and correct the space statistics. There could be following steps and possible errors: Step 1. Exit for check mode, if %FR_LPT_CORRUPTED or %FR_LPT_INCORRECT is set in lpt status, the exit code should have %FSCK_UNCORRECTED. Step 2. Check lpt status, if %FR_LPT_CORRUPTED is set in lpt status, normal mode with 'no' answer will exit, other modes will rebuild lpt. Step 3. Traverse LPT nodes, check the correctness of nnode and pnode, compare LEB scanning result with LEB properties. a. LPT node is corrupted, normal mode with 'no' answer will exit, rebuild lpt for other modes. b. Incorrect nnode/pnode, normal mode with 'no' answer will exit, other other modes will correct the nnode/pnode. c. Inconsistent comparing result, normal mode with 'no' answer will exit, other modes will correct the space statistics. Step 4. Check and correct the lprops table information. Step 5. Set gc lnum(ubifs_rcvry_gc_commit / take_gc_lnum). Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Move common functions and data structures into check_space.cZhihao Cheng
This is a preparation for adding LPT checking support. Move some data structures and functions into check_space.c, also factor out some common functions in libubifs: 1. Move 'lpts' from rebuild module, make it resuable for non-rebuild_fs modes. 2. Move function 'get_free_leb' from rebuild_fs.c, it could be reused in building LPT. 3. Move function 'build_lpt' from rebuild_fs.c, it could be reused in building LPT. 4. Factor out lpt nodes freeing into a new function ubifs_free_lpt_nodes. 5. Factor out nnode dirty marking implementations into a new function ubifs_make_nnode_dirty. 5. Export the function of nnode number calculation, calc_nnode_num is renamed as ubifs_calc_nnode_num. 6. Export the function of making pnode dirty, do_make_pnode_dirty is renamed as ubifs_make_pnode_dirty. 7. Rename next_pnode_to_dirty to ubifs_find_next_pnode and export it. 8. Export free_buds and expend its parameters. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check whether the TNC is emptyZhihao Cheng
This is the 11/18 step of fsck. Check whether the TNC is empty, turn to rebuild_fs if it is not found. Can we recreate a new root dir to avoid empty TNC? The answer is no, lpt fixing should be done before creating new entry, but lpt fixing needs a committing before new dirty data generated to ensure that bud data won't be overwritten(bud LEB could become freeable after replaying journal, corrected lpt may treat it as a free one to hold new data, see details in space checking & correcting step). Then we have to create the new root dir after fixing lpt and a committing, znode without children(empty TNC) maybe written on disk at the moment of committing, which corrupts the UBIFS image. So we choose to rebuild the filesystem if the TNC is empty, this case is equivalent to corrupted TNC. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and correct files' informationXiang Yang
This is the 10/18 step of fsck. Check and handle inconsistent files, the checking rule is same as rebuild mode which has been implemented in check_and_correct_files, but the methods of handling are different: 1. Correct the file information for safe mode, danger mode and normal mode with 'yes' answer, other modes will exit. Signed-off-by: Xiang Yang <xiangyang3@huawei.com> Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and handle unreachable filesZhihao Cheng
This is the 9/18 step of fsck. Check and handle unreachable files, the checking rule is same as rebuild mode which has been implemented in file_is_reachable, but the methods of handling are different: 1. Move unreachable regular file into disconnected list, let subsequent steps to handle them with lost+found. 2. Delete unreachable non-regular file. 3. Delete unreachable directory entries. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Check and handle invalid filesZhihao Cheng
This is the 8/18 step of fsck. Check and handle invalid files, the checking rule is same as rebuild mode which has been implemented in file_is_valid, but the methods of handling are different: 1. Move unattached(file has no dentries) regular file into disconnected list, let subsequent steps to handle them with lost+found. 2. Make file type be consistent between inode, detries and data nodes by deleting dentries or data blocks. 3. Delete file for other invalid cases(eg. file has no inode). Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Update files' size for check modeZhihao Cheng
This is the 7/18 step of fsck. Update files' size according to size tree for check mode, now all files are updated after replaying journal. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Ensure that TNC LEB can be scanned successfulZhihao Cheng
This is the second part of 6/18 step in fsck. Add an extra checking for non-check mode while traversing TNC, make sure that all LEBs(contains TNC) can be scanned successful. There could be following steps and possible errors: Step 2. Scan all LEBs(contain TNC), remove TNC branch which points to corrupted LEB. a. corrupted node is found by scanning: If current node is index node, danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit; If current node is non-index node, danger mode and normal mode with 'yes' answer will remove all TNC branches which point to the corrupted LEB, other modes will exit. b. LEB contains both index and non-index nodes: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. This is a preparation for space checking, which means that ubifs_scan will always succeed when check properties for any TNC LEBs. We do this before checking files(step 7) & extracting dentry tree(step 8), nodes cannot be dropped(which may corrupted file and make file inconsistent again) when scanning corrupted as long as the dentry tree is extracted. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Traverse TNC and construct filesZhihao Cheng
This is the 6/18 step of fsck. Traverse TNC and construct files. There could be following steps and possible errors: Step 1. Traverse TNC, check whether the leaf node is valid, remove invalid nodes, construct file for valid node and insert file into file tree. a. corrupted node searched from TNC: remove corresponding TNC branch for danger mode and normal mode with 'yes' answer, other modes will exit. b. corrupted index node read from TNC: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Move common functions and data structures into fsck.ubifs.cZhihao Cheng
This is a preparation for adding TNC checking support. Following data structures and functions are moved into fsck.ubifs.c: 1. Move 'scanned_files' and 'used_lebs' from rebuild module, make them resuable for non-rebuild_fs modes. 2. Move function 'handle_error' from load_fs.c, it could be reused in other steps. 3. Add new function ubifs_tnc_remove_node in libubifs, which could remove index entry for a node by given position. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Recover isizeZhihao Cheng
This is the 5/18 step of fsck. Recover isize. There could be following steps and possible errors: Step 1. Traverse size tree, lookup corresponding inode from TNC a. corrupted node searched from TNC: skip node for danger mode and normal mode with 'yes' answer, other modes will exit. b. corrupted index node read from TNC: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. Step 2. update isize for inode. Keep <inum, isize> in size tree for check mode, update inode node in place for other modes. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Consolidate logZhihao Cheng
This is the 4/18 step of fsck. Consolidate log to ensure enough space in log area. There could be following possible errors: 1. corrupted scanning data in log area: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Handle orphan nodesZhihao Cheng
This is the 3/18 step of fsck. Handle orphan nodes, update TNC & LPT. There could be following steps and possible errors: Step 1. scan orphan LEB, get all orphan nodes a. corrupted scanning data in orphan area: danger mode and normal mode with 'yes' answer will drop orphan LEB, other modes will exit. Step 2. parse orphan node, find the original inode for each inum a. corrupted node searched from TNC: skip node for danger mode and normal mode with 'yes' answer, other modes will exit. b. corrupted index node read from TNC: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. Step 4. remove inode for each inum, update TNC & LPT a. corrupted index node read from TNC: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. b. corrupted lpt: Set %FR_LPT_CORRUPTED for lpt status. Ignore the error. c. incorrect lpt: Set %FR_LPT_INCORRECT for lpt status. Ignore the error. d. If lpt status is not empty, skip updating lpt. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Replay journalZhihao Cheng
This is the 2/18 step of fsck. Replay journal, update TNC & LPT. There could be following steps and possible errors: Step 1. scan log LEB, get all bud LEBs a. corrupted scanning data in log area: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. Step 2. scan bud LEBs, get all nodes a. corrupted scanning data in bud LEB: danger mode and normal mode with 'yes' answer will drop bud LEB and set %FR_LPT_INCORRECT for lpt status, other modes will exit. Step 3. apply nodes, record latest isize into size_tree Step 4. apply nodes, update TNC & LPT a. corrupted data searched from TNC: skip node and set %FR_LPT_INCORRECT lpt status for danger mode and normal mode with 'yes' answer, other modes will exit. b. corrupted index node read from TNC: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. c. corrupted lpt: Set %FR_LPT_CORRUPTED for lpt status. Ignore the error. d. incorrect lpt: Set %FR_LPT_INCORRECT for lpt status. Ignore the error. e. If lpt status is not empty, skip updating lpt. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: Read master node & init lptZhihao Cheng
This is the 1/18 step of fsck. Read and check master node, init lpt. There could be following errors: 1. corrupted scanning data in master area or invalid master node: danger mode with rebuild_fs and normal mode with 'yes' answer will turn to rebuild filesystem, other modes will exit. 2. incorrect space statistics in master node: Set %FR_LPT_INCORRECT for for lpt status. Ignore the error. 3. corrupted lpt: Set %FR_LPT_CORRUPTED for lpt status. Ignore the error. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Write master nodeZhihao Cheng
This is the 12/12 step of rebuilding. Since all meta areas are ready, master node can be updated. After this step, a consistent UBIFS image can be mounted, and it should pass all tests from chk_fs, chk_general, chk_index, chk_lprops and chk_orphans. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Clean up log and orphan areaZhihao Cheng
This is the 11/12 step of rebuilding. Clean up log and orphan area, all nodes have been recovered, these two areas should be cleared, otherwise old content in journal/orphan could be replayed in next mounting. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Build LPTZhihao Cheng
This is the 10/12 step of rebuilding. All LEBs' properties can be calculated in previous steps according to all nodes' position, then construct LPT just like mkfs does, and write LPT on flash. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Build TNCZhihao Cheng
This is the 9/12 step of repairing. Construct TNC according to scanned files, and write TNC on flash, just like mkfs does. Building TNC can effectively solve many failed mounting problems caused by bad TNC (eg. bad node pointed by TNC, bad key order in znode, etc.). Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Create new root dir if there are no scanned filesZhihao Cheng
This is a preparation for building TNC, there must at least one file in filesystem, if not, just create new root dir. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2024-11-11fsck.ubifs: rebuild_fs: Re-write dataZhihao Cheng
This is the 8/12 step of rebuilding. Re-write data. Read data from LEB and write back data, make sure that all LEB is ended with empty data(0xFF). It will prevent failed gc scanning in next mounting. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>