lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 21 Feb 2013 14:53:05 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Chris Naunton <chris@...nton.name>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: Filesystem corrupted by offline resize

On Thu, Feb 21, 2013 at 04:40:42PM +1100, Chris Naunton wrote:
> I think I'm the victim of a resize2fs bug that was addressed in
> 1.42.7: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.42.7
> 
> My senario:
> 
> * Running Ubuntu 12.10 with the latest x64 e2fsprogs package, which is 1.47.5
> 
> * I have a 3.6T ext4 filesystem that had been created with the "resize" option:
> 
>   mkfs -t ext4 -T ext4 -E stripe-width=64,resize=20T -i 1048576 -L
> data -m 0 /dev/raid5/data
> 
>   (This was three years ago. I think at the time I assumed if I didn't
> specify this option my ability to resize would be limited.)
>.....

Yup, I think you're correct.  You hit the bug which we only discovered
and fixed in time for the 1.42.7 release.  ;-(

Unfortunately, the corruption that happened included wiping out parts
of the inode table.  This means the data loss is going to be
non-trivial, and possibly extremely bad.   Sorry.  :-(

I don't know how big your RAID array is, and how recent was your last
backups, but basically, if you can afford to make a disk image copy of
the file system, I would recommend doing that first.  Then trying
running fsck -y on the copy, and see if that allows you to recover all
of the data that you really need.  If it doesn't, it may be possible
to get more data back by doing either (a) using tools that search for
critical keywords (i.e., if there is an extremely critical file, say
like a Ph.D. thesis for which ten years of work was un backed up), or
(b) by using tools that search for file signatures in the data blocks.

The tool I recommend for the latter is called PhotoRec:

    http://www.cgsecurity.org/wiki/PhotoRec

It was originally designed to extract digital photos from damaged SD
cards, but it now understands hundreds of file formats, including
OpenOffice/LibreOffice, zip files, MS Office files, etc.:

    http://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec

I'm sorry to have to tell you this, and I'm really sorry you ran
across this bug before we had a chance to get it fixed and pushed out
to the distributions.

Regards,

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists