lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140512014119.GI5480@thunk.org>
Date:	Sun, 11 May 2014 21:41:19 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	"Darrick J. Wong" <darrick.wong@...cle.com>
Cc:	Lukáš Czerner <lczerner@...hat.com>,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH 06/37] debugfs: force logdump to display (old) journal
 contents

On Mon, May 05, 2014 at 05:24:53PM -0700, Darrick J. Wong wrote:
> I'll update the manpage.  -c seems to hexdump the contents of any block that we
> find while iterating the journal.  -b would seem to allow you to dump an
> arbitrary block #, but I could never get it to do that.

It's used to dump information _about_ an arbitrary block.  Here's an
example of some of the cool things you can do with logdump:

<tytso@...sure> {/usr/projects/e2fsprogs/e2fsprogs}   (next)
1742% gunzip <  tests/f_jnl_32bit/image.gz  > /tmp/image
<tytso@...sure> {/usr/projects/e2fsprogs/e2fsprogs}   (next)
1743% debugfs /tmp/image
debugfs 1.42.9 (4-Feb-2014)
debugfs:  logdump -b 680
Journal starts at block 1, transaction 2
  FS block 66 logged at sequence 3, journal block 8 (flags 0x2)
    (block bitmap for block 680: block is SET)
  FS block 680 logged at sequence 3, journal block 205 (flags 0x2)
  FS block 66 logged at sequence 4, journal block 231 (flags 0x2)
    (block bitmap for block 680: block is SET)
  FS block 680 logged at sequence 4, journal block 234 (flags 0x2)
  FS block 66 logged at sequence 5, journal block 339 (flags 0x2)
    (block bitmap for block 680: block is SET)
  FS block 680 logged at sequence 5, journal block 450 (flags 0x2)
No magic number at block 464: end of journal.
debugfs: icheck 680
Block	 Inode number
680	 2132
debugfs:  logdump -i <2132>
Inode 2132 is at group 1, block 364, offset 384
Journal starts at block 1, transaction 2
  FS block 364 logged at sequence 3, journal block 197 (flags 0x2)
    (inode block for inode 2132):
    Inode: 2132   Type: directory        Mode:  0755   Flags: 0x80000
    Generation: 3167953082    Version: 0x00000008
    User:     0   Group:     0   Size: 1024
    File ACL: 0    Directory ACL: 0
    Links: 9   Blockcount: 2
    Fragment:  Address: 0    Number: 0    Size: 0
    ctime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    atime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    mtime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    Blocks:  (0+1): 127754 (1+1): 4 (5+1): 680 
  FS block 364 logged at sequence 4, journal block 233 (flags 0x2)
    (inode block for inode 2132):
    Inode: 2132   Type: directory        Mode:  0755   Flags: 0x80000
    Generation: 3167953082    Version: 0x0000000c
    User:     0   Group:     0   Size: 1024
    File ACL: 0    Directory ACL: 0
    Links: 13   Blockcount: 2
    Fragment:  Address: 0    Number: 0    Size: 0
    ctime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    atime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    mtime: 0x4fa1639e -- Wed May  2 12:41:02 2012
    Blocks:  (0+1): 127754 (1+1): 4 (5+1): 680 
  FS block 364 logged at sequence 5, journal block 434 (flags 0x2)
    (inode block for inode 2132):
    Inode: 2132   Type: directory        Mode:  0755   Flags: 0x80000
    Generation: 3167953082    Version: 0x00000015
    User:     0   Group:     0   Size: 1024
    File ACL: 0    Directory ACL: 0
    Links: 4   Blockcount: 2
    Fragment:  Address: 0    Number: 0    Size: 0
    ctime: 0x4fa163a7 -- Wed May  2 12:41:11 2012
    atime: 0x4fa163a7 -- Wed May  2 12:41:11 2012
    mtime: 0x4fa163a7 -- Wed May  2 12:41:11 2012
    Blocks:  (0+1): 127754 (1+1): 4 (5+1): 680 
No magic number at block 464: end of journal.
debugfs: quit

The idea is that this can be useful when debugging a potentially
corrupted journal, or for advanced file system recovery.

Note that logdump -c is most useful in combination with -b, for
example: "logdump -b 680 -c".

	  	      	  	   	- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists