trace MKFS

Peter Teoh htmldeveloper at gmail.com
Fri Jan 4 23:02:48 EST 2013 

when u execute "mkfs", based on your "-t" filesystem passed in to mkfs, one
of the following command line utility will be executed:

mkfs.cramfs    mkfs.ext4      mkfs.minix     mkfs.reiserfs
mkfs.bfs       mkfs.ext2      mkfs.ext4dev   mkfs.msdos     mkfs.vfat
mkfs.btrfs     mkfs.ext3      mkfs.jfs       mkfs.ntfs      mkfs.xfs

and for each of the above command line there is a fs utility that include
it.   Look into the source for good understanding.   For ext2/ext3 fs, it
is called e2fsprogs. So in Ubuntu (or Debian-based distro) u do a "apt-get
source e2fsprogs" to get the source:

reading the source of mkfs's main() function:

http://pastebin.com/xcsB6GUC

u can see that after lots of code on setting structures in memory, it start
by writing the inode table etc:

write_inode_tables(fs, lazy_itable_init, itable_zeroed);
create_root_dir(fs);
create_lost_and_found(fs);
reserve_inodes(fs);
create_bad_block_inode(fs, bb_list);

Following through the source code is much more understandable than going
through output of "strace", which records all the interface with the kernel.

Follow through the following slide:

http://www.geego.com/free-linux-lpic-training-material-study-guide/lpic1-modules/4-5/ext2-ext3.html

and forward a few slides and u will understand that mkfs is just making the
header structures on the harddisk to contain the definition of the FS :

Similarly u can find many university courses on filesystem internal, eg:

http://scx010c06a.blogspot.sg/2012/03/second-extended-file-system-ext2.html

Generally, real-life analysis of the harddisk/filesystem is done in
forensic, so if u googling for fs forensics u can find lots of tools that
walk the harddisk for the different components:

http://www.dfrws.org/2007/proceedings/p55-barik.pdf

http://www.cs.kau.se/~stefan/forensics/chapter14-15.pdf

http://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-grugq/bh-asia-03-grugq.pdf

http://www.dfrws.org/2007/proceedings/p55-barik_pres.pdf

and this is forensics of ext4 filesystem:

http://www.dfrws.org/2012/proceedings/DFRWS2012-13.pdf

Understanding "mkfs", is really as good as understanding FS internals.

On Fri, Jan 4, 2013 at 11:12 PM, KASHISH BHATIA <
kashish.bhatia1989 at gmail.com> wrote:

> Hi,
>
> I want to trace the overall flow of mkfs inside linux kernel. Specifically
> want to know which
> kernel fs data structures are affected when we run "mkfs" ?
> What all "mkfs" command writes on the block device when we run the
> command?
> Are there any good documents which can explain the same?
>
> --
>
> Regards,
> Kashish Bhatia
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>


-- 
Regards,
Peter Teoh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130105/c8ea3b70/attachment.html

More information about the Kernelnewbies mailing list