2 * Copyright (c) 2007, 2011 SGI
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include "xfs_metadump.h"
35 #define DEFAULT_MAX_EXT_SIZE 1000
38 * It's possible that multiple files in a directory (or attributes
39 * in a file) produce the same obfuscated name. If that happens, we
40 * try to create another one. After several rounds of this though,
41 * we just give up and leave the original name as-is.
43 #define DUP_MAX 5 /* Max duplicates before we give up */
45 /* copy all metadata structures to/from a file */
47 static int metadump_f(int argc
, char **argv
);
48 static void metadump_help(void);
51 * metadump commands issue info/wornings/errors to standard error as
52 * metadump supports stdout as a destination.
54 * All static functions return zero on failure, while the public functions
55 * return zero on success.
58 static const cmdinfo_t metadump_cmd
=
59 { "metadump", NULL
, metadump_f
, 0, -1, 0,
60 N_("[-a] [-e] [-g] [-m max_extent] [-w] [-o] filename"),
61 N_("dump metadata to a file"), metadump_help
};
63 static FILE *outf
; /* metadump file */
65 static xfs_metablock_t
*metablock
; /* header + index + buffers */
66 static __be64
*block_index
;
67 static char *block_buffer
;
69 static int num_indices
;
72 static xfs_ino_t cur_ino
;
74 static int show_progress
= 0;
75 static int stop_on_read_error
= 0;
76 static int max_extent_size
= DEFAULT_MAX_EXT_SIZE
;
77 static int obfuscate
= 1;
78 static int zero_stale_data
= 1;
79 static int show_warnings
= 0;
80 static int progress_since_warning
= 0;
81 static bool stdout_metadump
;
86 add_command(&metadump_cmd
);
94 " The 'metadump' command dumps the known metadata to a compact file suitable\n"
95 " for compressing and sending to an XFS maintainer for corruption analysis \n"
96 " or xfs_repair failures.\n\n"
98 " -a -- Copy full metadata blocks without zeroing unused space\n"
99 " -e -- Ignore read errors and keep going\n"
100 " -g -- Display dump progress\n"
101 " -m -- Specify max extent size in blocks to copy (default = %d blocks)\n"
102 " -o -- Don't obfuscate names and extended attributes\n"
103 " -w -- Show warnings of bad metadata information\n"
104 "\n"), DEFAULT_MAX_EXT_SIZE
);
108 print_warning(const char *fmt
, ...)
117 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
119 buf
[sizeof(buf
)-1] = '\0';
121 fprintf(stderr
, "%s%s: %s\n", progress_since_warning
? "\n" : "",
123 progress_since_warning
= 0;
127 print_progress(const char *fmt
, ...)
137 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
139 buf
[sizeof(buf
)-1] = '\0';
141 f
= stdout_metadump
? stderr
: stdout
;
142 fprintf(f
, "\r%-59s", buf
);
144 progress_since_warning
= 1;
148 * A complete dump file will have a "zero" entry in the last index block,
149 * even if the dump is exactly aligned, the last index will be full of
150 * zeros. If the last index entry is non-zero, the dump is incomplete.
151 * Correspondingly, the last chunk will have a count < num_indices.
153 * Return 0 for success, -1 for failure.
160 * write index block and following data blocks (streaming)
162 metablock
->mb_count
= cpu_to_be16(cur_index
);
163 if (fwrite(metablock
, (cur_index
+ 1) << BBSHIFT
, 1, outf
) != 1) {
164 print_warning("error writing to file: %s", strerror(errno
));
168 memset(block_index
, 0, num_indices
* sizeof(__be64
));
174 * Return 0 for success, -errno for failure.
185 for (i
= 0; i
< len
; i
++, off
++, data
+= BBSIZE
) {
186 block_index
[cur_index
] = cpu_to_be64(off
);
187 memcpy(&block_buffer
[cur_index
<< BBSHIFT
], data
, BBSIZE
);
188 if (++cur_index
== num_indices
) {
198 * we want to preserve the state of the metadata in the dump - whether it is
199 * intact or corrupt, so even if the buffer has a verifier attached to it we
200 * don't want to run it prior to writing the buffer to the metadump image.
202 * The only reason for running the verifier is to recalculate the CRCs on a
203 * buffer that has been obfuscated. i.e. a buffer than metadump modified itself.
204 * In this case, we only run the verifier if the buffer was not corrupt to begin
205 * with so that we don't accidentally correct buffers with CRC or errors in them
206 * when we are obfuscating them.
212 struct xfs_buf
*bp
= buf
->bp
;
217 * Run the write verifier to recalculate the buffer CRCs and check
218 * metadump didn't introduce a new corruption. Warn if the verifier
219 * failed, but still continue to dump it into the output file.
221 if (buf
->need_crc
&& bp
&& bp
->b_ops
&& !bp
->b_error
) {
222 bp
->b_ops
->verify_write(bp
);
225 "obfuscation corrupted block at %s bno 0x%llx/0x%x",
227 (long long)bp
->b_bn
, bp
->b_bcount
);
231 /* handle discontiguous buffers */
233 ret
= write_buf_segment(buf
->data
, buf
->bb
, buf
->blen
);
238 for (i
= 0; i
< buf
->bbmap
->nmaps
; i
++) {
239 ret
= write_buf_segment(buf
->data
+ BBTOB(len
),
240 buf
->bbmap
->b
[i
].bm_bn
,
241 buf
->bbmap
->b
[i
].bm_len
);
244 len
+= buf
->bbmap
->b
[i
].bm_len
;
247 return seenint() ? -EINTR
: 0;
251 * We could be processing a corrupt block, so we can't trust any of
252 * the offsets or lengths to be within the buffer range. Hence check
257 struct xfs_btree_block
*block
,
263 xfs_inobt_ptr_t
*ipp
;
264 xfs_inobt_key_t
*ikp
;
265 xfs_alloc_ptr_t
*app
;
266 xfs_alloc_key_t
*akp
;
270 nrecs
= be16_to_cpu(block
->bb_numrecs
);
277 if (nrecs
> mp
->m_bmap_dmxr
[1])
280 bkp
= XFS_BMBT_KEY_ADDR(mp
, block
, 1);
281 bpp
= XFS_BMBT_PTR_ADDR(mp
, block
, 1, mp
->m_bmap_dmxr
[1]);
282 zp1
= (char *)&bkp
[nrecs
];
283 zp2
= (char *)&bpp
[nrecs
];
284 key_end
= (char *)bpp
;
288 if (nrecs
> mp
->m_inobt_mxr
[1])
291 ikp
= XFS_INOBT_KEY_ADDR(mp
, block
, 1);
292 ipp
= XFS_INOBT_PTR_ADDR(mp
, block
, 1, mp
->m_inobt_mxr
[1]);
293 zp1
= (char *)&ikp
[nrecs
];
294 zp2
= (char *)&ipp
[nrecs
];
295 key_end
= (char *)ipp
;
299 if (nrecs
> mp
->m_alloc_mxr
[1])
302 akp
= XFS_ALLOC_KEY_ADDR(mp
, block
, 1);
303 app
= XFS_ALLOC_PTR_ADDR(mp
, block
, 1, mp
->m_alloc_mxr
[1]);
304 zp1
= (char *)&akp
[nrecs
];
305 zp2
= (char *)&app
[nrecs
];
306 key_end
= (char *)app
;
313 /* Zero from end of keys to beginning of pointers */
314 memset(zp1
, 0, key_end
- zp1
);
316 /* Zero from end of pointers to end of block */
317 memset(zp2
, 0, (char *)block
+ mp
->m_sb
.sb_blocksize
- zp2
);
321 * We could be processing a corrupt block, so we can't trust any of
322 * the offsets or lengths to be within the buffer range. Hence check
327 struct xfs_btree_block
*block
,
331 struct xfs_bmbt_rec
*brp
;
332 struct xfs_inobt_rec
*irp
;
333 struct xfs_alloc_rec
*arp
;
336 nrecs
= be16_to_cpu(block
->bb_numrecs
);
343 if (nrecs
> mp
->m_bmap_dmxr
[0])
346 brp
= XFS_BMBT_REC_ADDR(mp
, block
, 1);
347 zp
= (char *)&brp
[nrecs
];
351 if (nrecs
> mp
->m_inobt_mxr
[0])
354 irp
= XFS_INOBT_REC_ADDR(mp
, block
, 1);
355 zp
= (char *)&irp
[nrecs
];
359 if (nrecs
> mp
->m_alloc_mxr
[0])
362 arp
= XFS_ALLOC_REC_ADDR(mp
, block
, 1);
363 zp
= (char *)&arp
[nrecs
];
369 /* Zero from end of records to end of block */
370 memset(zp
, 0, (char *)block
+ mp
->m_sb
.sb_blocksize
- zp
);
375 struct xfs_btree_block
*block
,
380 level
= be16_to_cpu(block
->bb_level
);
383 zero_btree_node(block
, btype
);
385 zero_btree_leaf(block
, btype
);
395 int (*func
)(struct xfs_btree_block
*block
,
405 set_cur(&typtab
[btype
], XFS_AGB_TO_DADDR(mp
, agno
, agbno
), blkbb
,
407 if (iocur_top
->data
== NULL
) {
408 print_warning("cannot read %s block %u/%u", typtab
[btype
].name
,
410 rval
= !stop_on_read_error
;
414 if (zero_stale_data
) {
415 zero_btree_block(iocur_top
->data
, btype
);
416 iocur_top
->need_crc
= 1;
419 if (write_buf(iocur_top
))
422 if (!(*func
)(iocur_top
->data
, agno
, agbno
, level
- 1, btype
, arg
))
430 /* free space tree copy routines */
437 if (agno
< (mp
->m_sb
.sb_agcount
- 1) && agbno
> 0 &&
438 agbno
<= mp
->m_sb
.sb_agblocks
)
440 if (agno
== (mp
->m_sb
.sb_agcount
- 1) && agbno
> 0 &&
441 agbno
<= (mp
->m_sb
.sb_dblocks
-
442 (xfs_rfsblock_t
)(mp
->m_sb
.sb_agcount
- 1) *
443 mp
->m_sb
.sb_agblocks
))
452 struct xfs_btree_block
*block
,
466 numrecs
= be16_to_cpu(block
->bb_numrecs
);
467 if (numrecs
> mp
->m_alloc_mxr
[1]) {
469 print_warning("invalid numrecs (%u) in %s block %u/%u",
470 numrecs
, typtab
[btype
].name
, agno
, agbno
);
474 pp
= XFS_ALLOC_PTR_ADDR(mp
, block
, 1, mp
->m_alloc_mxr
[1]);
475 for (i
= 0; i
< numrecs
; i
++) {
476 if (!valid_bno(agno
, be32_to_cpu(pp
[i
]))) {
478 print_warning("invalid block number (%u/%u) "
480 agno
, be32_to_cpu(pp
[i
]),
481 typtab
[btype
].name
, agno
, agbno
);
484 if (!scan_btree(agno
, be32_to_cpu(pp
[i
]), level
, btype
, arg
,
499 root
= be32_to_cpu(agf
->agf_roots
[XFS_BTNUM_BNO
]);
500 levels
= be32_to_cpu(agf
->agf_levels
[XFS_BTNUM_BNO
]);
502 /* validate root and levels before processing the tree */
503 if (root
== 0 || root
> mp
->m_sb
.sb_agblocks
) {
505 print_warning("invalid block number (%u) in bnobt "
506 "root in agf %u", root
, agno
);
509 if (levels
>= XFS_BTREE_MAXLEVELS
) {
511 print_warning("invalid level (%u) in bnobt root "
512 "in agf %u", levels
, agno
);
516 return scan_btree(agno
, root
, levels
, TYP_BNOBT
, agf
, scanfunc_freesp
);
527 root
= be32_to_cpu(agf
->agf_roots
[XFS_BTNUM_CNT
]);
528 levels
= be32_to_cpu(agf
->agf_levels
[XFS_BTNUM_CNT
]);
530 /* validate root and levels before processing the tree */
531 if (root
== 0 || root
> mp
->m_sb
.sb_agblocks
) {
533 print_warning("invalid block number (%u) in cntbt "
534 "root in agf %u", root
, agno
);
537 if (levels
>= XFS_BTREE_MAXLEVELS
) {
539 print_warning("invalid level (%u) in cntbt root "
540 "in agf %u", levels
, agno
);
544 return scan_btree(agno
, root
, levels
, TYP_CNTBT
, agf
, scanfunc_freesp
);
549 struct xfs_btree_block
*block
,
563 numrecs
= be16_to_cpu(block
->bb_numrecs
);
564 if (numrecs
> mp
->m_rmap_mxr
[1]) {
566 print_warning("invalid numrecs (%u) in %s block %u/%u",
567 numrecs
, typtab
[btype
].name
, agno
, agbno
);
571 pp
= XFS_RMAP_PTR_ADDR(block
, 1, mp
->m_rmap_mxr
[1]);
572 for (i
= 0; i
< numrecs
; i
++) {
573 if (!valid_bno(agno
, be32_to_cpu(pp
[i
]))) {
575 print_warning("invalid block number (%u/%u) "
577 agno
, be32_to_cpu(pp
[i
]),
578 typtab
[btype
].name
, agno
, agbno
);
581 if (!scan_btree(agno
, be32_to_cpu(pp
[i
]), level
, btype
, arg
,
596 if (!xfs_sb_version_hasrmapbt(&mp
->m_sb
))
599 root
= be32_to_cpu(agf
->agf_roots
[XFS_BTNUM_RMAP
]);
600 levels
= be32_to_cpu(agf
->agf_levels
[XFS_BTNUM_RMAP
]);
602 /* validate root and levels before processing the tree */
603 if (root
== 0 || root
> mp
->m_sb
.sb_agblocks
) {
605 print_warning("invalid block number (%u) in rmapbt "
606 "root in agf %u", root
, agno
);
609 if (levels
>= XFS_BTREE_MAXLEVELS
) {
611 print_warning("invalid level (%u) in rmapbt root "
612 "in agf %u", levels
, agno
);
616 return scan_btree(agno
, root
, levels
, TYP_RMAPBT
, agf
, scanfunc_rmapbt
);
621 struct xfs_btree_block
*block
,
628 xfs_refcount_ptr_t
*pp
;
635 numrecs
= be16_to_cpu(block
->bb_numrecs
);
636 if (numrecs
> mp
->m_refc_mxr
[1]) {
638 print_warning("invalid numrecs (%u) in %s block %u/%u",
639 numrecs
, typtab
[btype
].name
, agno
, agbno
);
643 pp
= XFS_REFCOUNT_PTR_ADDR(block
, 1, mp
->m_refc_mxr
[1]);
644 for (i
= 0; i
< numrecs
; i
++) {
645 if (!valid_bno(agno
, be32_to_cpu(pp
[i
]))) {
647 print_warning("invalid block number (%u/%u) "
649 agno
, be32_to_cpu(pp
[i
]),
650 typtab
[btype
].name
, agno
, agbno
);
653 if (!scan_btree(agno
, be32_to_cpu(pp
[i
]), level
, btype
, arg
,
668 if (!xfs_sb_version_hasreflink(&mp
->m_sb
))
671 root
= be32_to_cpu(agf
->agf_refcount_root
);
672 levels
= be32_to_cpu(agf
->agf_refcount_level
);
674 /* validate root and levels before processing the tree */
675 if (root
== 0 || root
> mp
->m_sb
.sb_agblocks
) {
677 print_warning("invalid block number (%u) in refcntbt "
678 "root in agf %u", root
, agno
);
681 if (levels
>= XFS_BTREE_MAXLEVELS
) {
683 print_warning("invalid level (%u) in refcntbt root "
684 "in agf %u", levels
, agno
);
688 return scan_btree(agno
, root
, levels
, TYP_REFCBT
, agf
, scanfunc_refcntbt
);
691 /* filename and extended attribute obfuscation routines */
694 struct name_ent
*next
;
697 unsigned char name
[1];
700 #define NAME_TABLE_SIZE 4096
702 static struct name_ent
*nametable
[NAME_TABLE_SIZE
];
705 nametable_clear(void)
708 struct name_ent
*ent
;
710 for (i
= 0; i
< NAME_TABLE_SIZE
; i
++) {
711 while ((ent
= nametable
[i
])) {
712 nametable
[i
] = ent
->next
;
719 * See if the given name is already in the name table. If so,
720 * return a pointer to its entry, otherwise return a null pointer.
722 static struct name_ent
*
723 nametable_find(xfs_dahash_t hash
, int namelen
, unsigned char *name
)
725 struct name_ent
*ent
;
727 for (ent
= nametable
[hash
% NAME_TABLE_SIZE
]; ent
; ent
= ent
->next
) {
728 if (ent
->hash
== hash
&& ent
->namelen
== namelen
&&
729 !memcmp(ent
->name
, name
, namelen
))
736 * Add the given name to the name table. Returns a pointer to the
737 * name's new entry, or a null pointer if an error occurs.
739 static struct name_ent
*
740 nametable_add(xfs_dahash_t hash
, int namelen
, unsigned char *name
)
742 struct name_ent
*ent
;
744 ent
= malloc(sizeof *ent
+ namelen
);
748 ent
->namelen
= namelen
;
749 memcpy(ent
->name
, name
, namelen
);
751 ent
->next
= nametable
[hash
% NAME_TABLE_SIZE
];
753 nametable
[hash
% NAME_TABLE_SIZE
] = ent
;
758 #define is_invalid_char(c) ((c) == '/' || (c) == '\0')
759 #define rol32(x,y) (((x) << (y)) | ((x) >> (32 - (y))))
761 static inline unsigned char
762 random_filename_char(void)
764 static unsigned char filename_alphabet
[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
765 "abcdefghijklmnopqrstuvwxyz"
768 return filename_alphabet
[random() % (sizeof filename_alphabet
- 1)];
771 #define ORPHANAGE "lost+found"
772 #define ORPHANAGE_LEN (sizeof (ORPHANAGE) - 1)
776 struct xfs_mount
*mp
,
781 return dir_ino
== mp
->m_sb
.sb_rootino
&&
782 name_len
== ORPHANAGE_LEN
&&
783 !memcmp(name
, ORPHANAGE
, ORPHANAGE_LEN
);
787 * Determine whether a name is one we shouldn't obfuscate because
788 * it's an orphan (or the "lost+found" directory itself). Note
789 * "cur_ino" is the inode for the directory currently being
792 * Returns 1 if the name should NOT be obfuscated or 0 otherwise.
800 static xfs_ino_t orphanage_ino
= 0;
801 char s
[24]; /* 21 is enough (64 bits in decimal) */
804 /* Record the "lost+found" inode if we haven't done so already */
807 if (!orphanage_ino
&& is_orphanage_dir(mp
, cur_ino
, namelen
, name
))
810 /* We don't obfuscate the "lost+found" directory itself */
812 if (ino
== orphanage_ino
)
815 /* Most files aren't in "lost+found" at all */
817 if (cur_ino
!= orphanage_ino
)
821 * Within "lost+found", we don't obfuscate any file whose
822 * name is the same as its inode number. Any others are
823 * stray files and can be obfuscated.
825 slen
= snprintf(s
, sizeof (s
), "%llu", (unsigned long long) ino
);
827 return slen
== namelen
&& !memcmp(name
, s
, namelen
);
831 * Given a name and its hash value, massage the name in such a way
832 * that the result is another name of equal length which shares the
841 unsigned char *newp
= name
;
843 xfs_dahash_t new_hash
= 0;
844 unsigned char *first
;
845 unsigned char high_bit
;
849 * Our obfuscation algorithm requires at least 5-character
850 * names, so don't bother if the name is too short. We
851 * work backward from a hash value to determine the last
852 * five bytes in a name required to produce a new name
853 * with the same hash.
859 * The beginning of the obfuscated name can be pretty much
860 * anything, so fill it in with random characters.
861 * Accumulate its new hash value as we go.
863 for (i
= 0; i
< name_len
- 5; i
++) {
864 *newp
= random_filename_char();
865 new_hash
= *newp
^ rol32(new_hash
, 7);
870 * Compute which five bytes need to be used at the end of
871 * the name so the hash of the obfuscated name is the same
872 * as the hash of the original. If any result in an invalid
873 * character, flip a bit and arrange for a corresponding bit
874 * in a neighboring byte to be flipped as well. For the
875 * last byte, the "neighbor" to change is the first byte
876 * we're computing here.
878 new_hash
= rol32(new_hash
, 3) ^ hash
;
882 for (shift
= 28; shift
>= 0; shift
-= 7) {
883 *newp
= (new_hash
>> shift
& 0x7f) ^ high_bit
;
884 if (is_invalid_char(*newp
)) {
889 ASSERT(!is_invalid_char(*newp
));
894 * If we flipped a bit on the last byte, we need to fix up
895 * the matching bit in the first byte. The result will
896 * be a valid character, because we know that first byte
897 * has 0's in its upper four bits (it was produced by a
898 * 28-bit right-shift of a 32-bit unsigned value).
902 ASSERT(!is_invalid_char(*first
));
904 ASSERT(libxfs_da_hashname(name
, name_len
) == hash
);
908 * Flip a bit in each of two bytes at the end of the given name.
909 * This is used in generating a series of alternate names to be used
910 * in the event a duplicate is found.
912 * The bits flipped are selected such that they both affect the same
913 * bit in the name's computed hash value, so flipping them both will
916 * The following diagram aims to show the portion of a computed
917 * hash that a given byte of a name affects.
919 * 31 28 24 21 14 8 7 3 0
920 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
921 * hash: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
922 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
923 * last-4 ->| |<-- last-2 --->| |<--- last ---->|
924 * |<-- last-3 --->| |<-- last-1 --->| |<- last-4
925 * |<-- last-7 --->| |<-- last-5 --->|
926 * |<-- last-8 --->| |<-- last-6 --->|
929 * The last byte of the name directly affects the low-order byte of
930 * the hash. The next-to-last affects bits 7-14, the next one back
931 * affects bits 14-21, and so on. The effect wraps around when it
932 * goes beyond the top of the hash (as happens for byte last-4).
934 * Bits that are flipped together "overlap" on the hash value. As
935 * an example of overlap, the last two bytes both affect bit 7 in
936 * the hash. That pair of bytes (and their overlapping bits) can be
937 * used for this "flip bit" operation (it's the first pair tried,
940 * A table defines overlapping pairs--the bytes involved and bits
941 * within them--that can be used this way. The byte offset is
942 * relative to a starting point within the name, which will be set
943 * to affect the bytes at the end of the name. The function is
944 * called with a "bitseq" value which indicates which bit flip is
945 * desired, and this translates directly into selecting which entry
946 * in the bit_to_flip[] table to apply.
948 * The function returns 1 if the operation was successful. It
949 * returns 0 if the result produced a character that's not valid in
950 * a name (either '/' or a '\0'). Finally, it returns -1 if the bit
951 * sequence number is beyond what is supported for a name of this
956 * (Also see the discussion above find_alternate(), below.)
958 * In order to make this function work for any length name, the
959 * table is ordered by increasing byte offset, so that the earliest
960 * entries can apply to the shortest strings. This way all names
961 * are done consistently.
963 * When bit flips occur, they can convert printable characters
964 * into non-printable ones. In an effort to reduce the impact of
965 * this, the first bit flips are chosen to affect bytes the end of
966 * the name (and furthermore, toward the low bits of a byte). Those
967 * bytes are often non-printable anyway because of the way they are
968 * initially selected by obfuscate_name()). This is accomplished,
969 * using later table entries first.
971 * Each row in the table doubles the number of alternates that
972 * can be generated. A two-byte name is limited to using only
973 * the first row, so it's possible to generate two alternates
974 * (the original name, plus the alternate produced by flipping
975 * the one pair of bits). In a 5-byte name, the effect of the
976 * first byte overlaps the last by 4 its, and there are 8 bits
977 * to flip, allowing for 256 possible alternates.
979 * Short names (less than 5 bytes) are never even obfuscated, so for
980 * such names the relatively small number of alternates should never
981 * really be a problem.
983 * Long names (more than 6 bytes, say) are not likely to exhaust
984 * the number of available alternates. In fact, the table could
985 * probably have stopped at 8 entries, on the assumption that 256
986 * alternates should be enough for most any situation. The entries
987 * beyond those are present mostly for demonstration of how it could
988 * be populated with more entries, should it ever be necessary to do
999 unsigned char *p0
, *p1
;
1000 unsigned char m0
, m1
;
1002 int byte
; /* Offset from start within name */
1003 unsigned char bit
; /* Bit within that byte */
1004 } bit_to_flip
[][2] = { /* Sorted by second entry's byte */
1005 { { 0, 0 }, { 1, 7 } }, /* Each row defines a pair */
1006 { { 1, 0 }, { 2, 7 } }, /* of bytes and a bit within */
1007 { { 2, 0 }, { 3, 7 } }, /* each byte. Each bit in */
1008 { { 0, 4 }, { 4, 0 } }, /* a pair affects the same */
1009 { { 0, 5 }, { 4, 1 } }, /* bit in the hash, so flipping */
1010 { { 0, 6 }, { 4, 2 } }, /* both will change the name */
1011 { { 0, 7 }, { 4, 3 } }, /* while preserving the hash. */
1012 { { 3, 0 }, { 4, 7 } },
1013 { { 0, 0 }, { 5, 3 } }, /* The first entry's byte offset */
1014 { { 0, 1 }, { 5, 4 } }, /* must be less than the second. */
1015 { { 0, 2 }, { 5, 5 } },
1016 { { 0, 3 }, { 5, 6 } }, /* The table can be extended to */
1017 { { 0, 4 }, { 5, 7 } }, /* an arbitrary number of entries */
1018 { { 4, 0 }, { 5, 7 } }, /* but there's not much point. */
1022 /* Find the first entry *not* usable for name of this length */
1024 for (index
= 0; index
< ARRAY_SIZE(bit_to_flip
); index
++)
1025 if (bit_to_flip
[index
][1].byte
>= name_len
)
1029 * Back up to the last usable entry. If that number is
1030 * smaller than the bit sequence number, inform the caller
1031 * that nothing this large (or larger) will work.
1033 if (bitseq
> --index
)
1037 * We will be switching bits at the end of name, with a
1038 * preference for affecting the last bytes first. Compute
1039 * where in the name we'll start applying the changes.
1041 offset
= name_len
- (bit_to_flip
[index
][1].byte
+ 1);
1042 index
-= bitseq
; /* Use later table entries first */
1044 p0
= name
+ offset
+ bit_to_flip
[index
][0].byte
;
1045 p1
= name
+ offset
+ bit_to_flip
[index
][1].byte
;
1046 m0
= 1 << bit_to_flip
[index
][0].bit
;
1047 m1
= 1 << bit_to_flip
[index
][1].bit
;
1049 /* Only change the bytes if it produces valid characters */
1051 if (is_invalid_char(*p0
^ m0
) || is_invalid_char(*p1
^ m1
))
1061 * This function generates a well-defined sequence of "alternate"
1062 * names for a given name. An alternate is a name having the same
1063 * length and same hash value as the original name. This is needed
1064 * because the algorithm produces only one obfuscated name to use
1065 * for a given original name, and it's possible that result matches
1066 * a name already seen. This function checks for this, and if it
1067 * occurs, finds another suitable obfuscated name to use.
1069 * Each bit in the binary representation of the sequence number is
1070 * used to select one possible "bit flip" operation to perform on
1071 * the name. So for example:
1072 * seq = 0: selects no bits to flip
1073 * seq = 1: selects the 0th bit to flip
1074 * seq = 2: selects the 1st bit to flip
1075 * seq = 3: selects the 0th and 1st bit to flip
1078 * The flip_bit() function takes care of the details of the bit
1079 * flipping within the name. Note that the "1st bit" in this
1080 * context is a bit sequence number; i.e. it doesn't necessarily
1081 * mean bit 0x02 will be changed.
1083 * If a valid name (one that contains no '/' or '\0' characters) is
1084 * produced by this process for the given sequence number, this
1085 * function returns 1. If the result is not valid, it returns 0.
1086 * Returns -1 if the sequence number is beyond the the maximum for
1087 * names of the given length.
1092 * The number of alternates available for a given name is dependent
1093 * on its length. A "bit flip" involves inverting two bits in
1094 * a name--the two bits being selected such that their values
1095 * affect the name's hash value in the same way. Alternates are
1096 * thus generated by inverting the value of pairs of such
1097 * "overlapping" bits in the original name. Each byte after the
1098 * first in a name adds at least one bit of overlap to work with.
1099 * (See comments above flip_bit() for more discussion on this.)
1101 * So the number of alternates is dependent on the number of such
1102 * overlapping bits in a name. If there are N bit overlaps, there
1103 * 2^N alternates for that hash value.
1105 * Here are the number of overlapping bits available for generating
1106 * alternates for names of specific lengths:
1107 * 1 0 (must have 2 bytes to have any overlap)
1108 * 2 1 One bit overlaps--so 2 possible alternates
1109 * 3 2 Two bits overlap--so 4 possible alternates
1110 * 4 4 Three bits overlap, so 2^3 alternates
1111 * 5 8 8 bits overlap (due to wrapping), 256 alternates
1112 * 6 18 2^18 alternates
1113 * 7 28 2^28 alternates
1115 * It's clear that the number of alternates grows very quickly with
1116 * the length of the name. But note that the set of alternates
1117 * includes invalid names. And for certain (contrived) names, the
1118 * number of valid names is a fairly small fraction of the total
1119 * number of alternates.
1121 * The main driver for this infrastructure for coming up with
1122 * alternate names is really related to names 5 (or possibly 6)
1123 * bytes in length. 5-byte obfuscated names contain no randomly-
1124 * generated bytes in them, and the chance of an obfuscated name
1125 * matching an already-seen name is too high to just ignore. This
1126 * methodical selection of alternates ensures we don't produce
1127 * duplicate names unless we have exhausted our options.
1132 unsigned char *name
,
1135 uint32_t bitseq
= 0;
1136 uint32_t bits
= seq
;
1139 return 1; /* alternate 0 is the original name */
1140 if (name_len
< 2) /* Must have 2 bytes to flip */
1143 for (bitseq
= 0; bits
; bitseq
++) {
1144 uint32_t mask
= 1 << bitseq
;
1150 fb
= flip_bit(name_len
, name
, bitseq
);
1160 * Look up the given name in the name table. If it is already
1161 * present, iterate through a well-defined sequence of alternate
1162 * names and attempt to use an alternate name instead.
1164 * Returns 1 if the (possibly modified) name is not present in the
1165 * name table. Returns 0 if the name and all possible alternates
1166 * are already in the table.
1169 handle_duplicate_name(xfs_dahash_t hash
, size_t name_len
, unsigned char *name
)
1171 unsigned char new_name
[name_len
+ 1];
1174 if (!nametable_find(hash
, name_len
, name
))
1175 return 1; /* No duplicate */
1177 /* Name is already in use. Need to find an alternate. */
1182 /* Only change incoming name if we find an alternate */
1184 memcpy(new_name
, name
, name_len
);
1185 found
= find_alternate(name_len
, new_name
, seq
++);
1187 return 0; /* No more to check */
1189 } while (nametable_find(hash
, name_len
, new_name
));
1192 * The alternate wasn't in the table already. Pass it back
1195 memcpy(name
, new_name
, name_len
);
1201 generate_obfuscated_name(
1204 unsigned char *name
)
1209 * We don't obfuscate "lost+found" or any orphan files
1210 * therein. When the name table is used for extended
1211 * attributes, the inode number provided is 0, in which
1212 * case we don't need to make this check.
1214 if (ino
&& in_lost_found(ino
, namelen
, name
))
1218 * If the name starts with a slash, just skip over it. It
1219 * isn't included in the hash and we don't record it in the
1220 * name table. Note that the namelen value passed in does
1221 * not count the leading slash (if one is present).
1226 /* Obfuscate the name (if possible) */
1228 hash
= libxfs_da_hashname(name
, namelen
);
1229 obfuscate_name(hash
, namelen
, name
);
1232 * Make sure the name is not something already seen. If we
1233 * fail to find a suitable alternate, we're dealing with a
1234 * very pathological situation, and we may end up creating
1235 * a duplicate name in the metadump, so issue a warning.
1237 if (!handle_duplicate_name(hash
, namelen
, name
)) {
1238 print_warning("duplicate name for inode %llu "
1239 "in dir inode %llu\n",
1240 (unsigned long long) ino
,
1241 (unsigned long long) cur_ino
);
1245 /* Create an entry for the new name in the name table. */
1247 if (!nametable_add(hash
, namelen
, name
))
1248 print_warning("unable to record name for inode %llu "
1249 "in dir inode %llu\n",
1250 (unsigned long long) ino
,
1251 (unsigned long long) cur_ino
);
1258 struct xfs_dir2_sf_hdr
*sfp
;
1259 xfs_dir2_sf_entry_t
*sfep
;
1260 uint64_t ino_dir_size
;
1263 sfp
= (struct xfs_dir2_sf_hdr
*)XFS_DFORK_DPTR(dip
);
1264 ino_dir_size
= be64_to_cpu(dip
->di_size
);
1265 if (ino_dir_size
> XFS_DFORK_DSIZE(dip
, mp
)) {
1266 ino_dir_size
= XFS_DFORK_DSIZE(dip
, mp
);
1268 print_warning("invalid size in dir inode %llu",
1269 (long long)cur_ino
);
1272 sfep
= xfs_dir2_sf_firstentry(sfp
);
1273 for (i
= 0; (i
< sfp
->count
) &&
1274 ((char *)sfep
- (char *)sfp
< ino_dir_size
); i
++) {
1277 * first check for bad name lengths. If they are bad, we
1278 * have limitations to how much can be obfuscated.
1280 int namelen
= sfep
->namelen
;
1284 print_warning("zero length entry in dir inode "
1285 "%llu", (long long)cur_ino
);
1286 if (i
!= sfp
->count
- 1)
1288 namelen
= ino_dir_size
- ((char *)&sfep
->name
[0] -
1290 } else if ((char *)sfep
- (char *)sfp
+
1291 M_DIROPS(mp
)->sf_entsize(sfp
, sfep
->namelen
) >
1294 print_warning("entry length in dir inode %llu "
1295 "overflows space", (long long)cur_ino
);
1296 if (i
!= sfp
->count
- 1)
1298 namelen
= ino_dir_size
- ((char *)&sfep
->name
[0] -
1303 generate_obfuscated_name(
1304 M_DIROPS(mp
)->sf_get_ino(sfp
, sfep
),
1305 namelen
, &sfep
->name
[0]);
1307 sfep
= (xfs_dir2_sf_entry_t
*)((char *)sfep
+
1308 M_DIROPS(mp
)->sf_entsize(sfp
, namelen
));
1311 /* zero stale data in rest of space in data fork, if any */
1312 if (zero_stale_data
&& (ino_dir_size
< XFS_DFORK_DSIZE(dip
, mp
)))
1313 memset(sfep
, 0, XFS_DFORK_DSIZE(dip
, mp
) - ino_dir_size
);
1317 * The pathname may not be null terminated. It may be terminated by the end of
1318 * a buffer or inode literal area, and the start of the next region contains
1319 * unknown data. Therefore, when we get to the last component of the symlink, we
1320 * cannot assume that strlen() will give us the right result. Hence we need to
1321 * track the remaining pathname length and use that instead.
1324 obfuscate_path_components(
1328 unsigned char *comp
= (unsigned char *)buf
;
1329 unsigned char *end
= comp
+ len
;
1332 while (comp
< end
) {
1336 /* find slash at end of this component */
1337 slash
= strchr((char *)comp
, '/');
1339 /* last (or single) component */
1340 namelen
= strnlen((char *)comp
, len
);
1341 hash
= libxfs_da_hashname(comp
, namelen
);
1342 obfuscate_name(hash
, namelen
, comp
);
1345 namelen
= slash
- (char *)comp
;
1346 /* handle leading or consecutive slashes */
1352 hash
= libxfs_da_hashname(comp
, namelen
);
1353 obfuscate_name(hash
, namelen
, comp
);
1354 comp
+= namelen
+ 1;
1366 len
= be64_to_cpu(dip
->di_size
);
1367 if (len
> XFS_DFORK_DSIZE(dip
, mp
)) {
1369 print_warning("invalid size (%d) in symlink inode %llu",
1370 len
, (long long)cur_ino
);
1371 len
= XFS_DFORK_DSIZE(dip
, mp
);
1374 buf
= (char *)XFS_DFORK_DPTR(dip
);
1376 obfuscate_path_components(buf
, len
);
1378 /* zero stale data in rest of space in data fork, if any */
1379 if (zero_stale_data
&& len
< XFS_DFORK_DSIZE(dip
, mp
))
1380 memset(&buf
[len
], 0, XFS_DFORK_DSIZE(dip
, mp
) - len
);
1388 * with extended attributes, obfuscate the names and fill the actual
1389 * values with 'v' (to see a valid string length, as opposed to NULLs)
1392 xfs_attr_shortform_t
*asfp
;
1393 xfs_attr_sf_entry_t
*asfep
;
1397 asfp
= (xfs_attr_shortform_t
*)XFS_DFORK_APTR(dip
);
1398 if (asfp
->hdr
.count
== 0)
1401 ino_attr_size
= be16_to_cpu(asfp
->hdr
.totsize
);
1402 if (ino_attr_size
> XFS_DFORK_ASIZE(dip
, mp
)) {
1403 ino_attr_size
= XFS_DFORK_ASIZE(dip
, mp
);
1405 print_warning("invalid attr size in inode %llu",
1406 (long long)cur_ino
);
1409 asfep
= &asfp
->list
[0];
1410 for (i
= 0; (i
< asfp
->hdr
.count
) &&
1411 ((char *)asfep
- (char *)asfp
< ino_attr_size
); i
++) {
1413 int namelen
= asfep
->namelen
;
1417 print_warning("zero length attr entry in inode "
1418 "%llu", (long long)cur_ino
);
1420 } else if ((char *)asfep
- (char *)asfp
+
1421 XFS_ATTR_SF_ENTSIZE(asfep
) > ino_attr_size
) {
1423 print_warning("attr entry length in inode %llu "
1424 "overflows space", (long long)cur_ino
);
1429 generate_obfuscated_name(0, asfep
->namelen
,
1430 &asfep
->nameval
[0]);
1431 memset(&asfep
->nameval
[asfep
->namelen
], 'v',
1435 asfep
= (xfs_attr_sf_entry_t
*)((char *)asfep
+
1436 XFS_ATTR_SF_ENTSIZE(asfep
));
1439 /* zero stale data in rest of space in attr fork, if any */
1440 if (zero_stale_data
&& (ino_attr_size
< XFS_DFORK_ASIZE(dip
, mp
)))
1441 memset(asfep
, 0, XFS_DFORK_ASIZE(dip
, mp
) - ino_attr_size
);
1445 process_dir_data_block(
1447 xfs_fileoff_t offset
,
1448 int is_block_format
)
1451 * we have to rely on the fileoffset and signature of the block to
1452 * handle it's contents. If it's invalid, leave it alone.
1453 * for multi-fsblock dir blocks, if a name crosses an extent boundary,
1454 * ignore it and continue.
1461 struct xfs_dir2_data_hdr
*datahdr
;
1463 datahdr
= (struct xfs_dir2_data_hdr
*)block
;
1465 if (is_block_format
) {
1466 xfs_dir2_leaf_entry_t
*blp
;
1467 xfs_dir2_block_tail_t
*btp
;
1469 btp
= xfs_dir2_block_tail_p(mp
->m_dir_geo
, datahdr
);
1470 blp
= xfs_dir2_block_leaf_p(btp
);
1471 if ((char *)blp
> (char *)btp
)
1472 blp
= (xfs_dir2_leaf_entry_t
*)btp
;
1474 end_of_data
= (char *)blp
- block
;
1475 if (xfs_sb_version_hascrc(&mp
->m_sb
))
1476 wantmagic
= XFS_DIR3_BLOCK_MAGIC
;
1478 wantmagic
= XFS_DIR2_BLOCK_MAGIC
;
1479 } else { /* leaf/node format */
1480 end_of_data
= mp
->m_dir_geo
->fsbcount
<< mp
->m_sb
.sb_blocklog
;
1481 if (xfs_sb_version_hascrc(&mp
->m_sb
))
1482 wantmagic
= XFS_DIR3_DATA_MAGIC
;
1484 wantmagic
= XFS_DIR2_DATA_MAGIC
;
1487 if (be32_to_cpu(datahdr
->magic
) != wantmagic
) {
1490 "invalid magic in dir inode %llu block %ld",
1491 (long long)cur_ino
, (long)offset
);
1495 dir_offset
= M_DIROPS(mp
)->data_entry_offset
;
1496 ptr
= block
+ dir_offset
;
1497 endptr
= block
+ mp
->m_dir_geo
->blksize
;
1499 while (ptr
< endptr
&& dir_offset
< end_of_data
) {
1500 xfs_dir2_data_entry_t
*dep
;
1501 xfs_dir2_data_unused_t
*dup
;
1504 dup
= (xfs_dir2_data_unused_t
*)ptr
;
1506 if (be16_to_cpu(dup
->freetag
) == XFS_DIR2_DATA_FREE_TAG
) {
1507 int length
= be16_to_cpu(dup
->length
);
1508 if (dir_offset
+ length
> end_of_data
||
1509 !length
|| (length
& (XFS_DIR2_DATA_ALIGN
- 1))) {
1512 "invalid length for dir free space in inode %llu",
1513 (long long)cur_ino
);
1516 if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup
)) !=
1519 dir_offset
+= length
;
1522 * Zero the unused space up to the tag - the tag is
1523 * actually at a variable offset, so zeroing &dup->tag
1524 * is zeroing the free space in between
1526 if (zero_stale_data
) {
1528 sizeof(xfs_dir2_data_unused_t
);
1531 memset(&dup
->tag
, 0, zlen
);
1532 iocur_top
->need_crc
= 1;
1535 if (dir_offset
>= end_of_data
|| ptr
>= endptr
)
1539 dep
= (xfs_dir2_data_entry_t
*)ptr
;
1540 length
= M_DIROPS(mp
)->data_entsize(dep
->namelen
);
1542 if (dir_offset
+ length
> end_of_data
||
1543 ptr
+ length
> endptr
) {
1546 "invalid length for dir entry name in inode %llu",
1547 (long long)cur_ino
);
1550 if (be16_to_cpu(*M_DIROPS(mp
)->data_entry_tag_p(dep
)) !=
1555 generate_obfuscated_name(be64_to_cpu(dep
->inumber
),
1556 dep
->namelen
, &dep
->name
[0]);
1557 dir_offset
+= length
;
1559 /* Zero the unused space after name, up to the tag */
1560 if (zero_stale_data
) {
1561 /* 1 byte for ftype; don't bother with conditional */
1563 (char *)M_DIROPS(mp
)->data_entry_tag_p(dep
) -
1564 (char *)&dep
->name
[dep
->namelen
] - 1;
1566 memset(&dep
->name
[dep
->namelen
] + 1, 0, zlen
);
1567 iocur_top
->need_crc
= 1;
1574 process_symlink_block(
1579 if (xfs_sb_version_hascrc(&(mp
)->m_sb
))
1580 link
+= sizeof(struct xfs_dsymlink_hdr
);
1583 obfuscate_path_components(link
, XFS_SYMLINK_BUF_SPACE(mp
,
1584 mp
->m_sb
.sb_blocksize
));
1585 if (zero_stale_data
) {
1586 size_t linklen
, zlen
;
1588 linklen
= strlen(link
);
1589 zlen
= mp
->m_sb
.sb_blocksize
- linklen
;
1590 if (xfs_sb_version_hascrc(&mp
->m_sb
))
1591 zlen
-= sizeof(struct xfs_dsymlink_hdr
);
1592 if (zlen
< mp
->m_sb
.sb_blocksize
)
1593 memset(link
+ linklen
, 0, zlen
);
1597 #define MAX_REMOTE_VALS 4095
1599 static struct attr_data_s
{
1600 int remote_val_count
;
1601 xfs_dablk_t remote_vals
[MAX_REMOTE_VALS
];
1606 xfs_dablk_t blockidx
,
1609 while (length
> 0 && attr_data
.remote_val_count
< MAX_REMOTE_VALS
) {
1610 attr_data
.remote_vals
[attr_data
.remote_val_count
] = blockidx
;
1611 attr_data
.remote_val_count
++;
1613 length
-= XFS_ATTR3_RMT_BUF_SPACE(mp
, mp
->m_sb
.sb_blocksize
);
1616 if (attr_data
.remote_val_count
>= MAX_REMOTE_VALS
) {
1618 "Overflowed attr obfuscation array. No longer obfuscating remote attrs.");
1622 /* Handle remote and leaf attributes */
1626 xfs_fileoff_t offset
)
1628 struct xfs_attr_leafblock
*leaf
;
1629 struct xfs_attr3_icleaf_hdr hdr
;
1632 xfs_attr_leaf_entry_t
*entry
;
1633 xfs_attr_leaf_name_local_t
*local
;
1634 xfs_attr_leaf_name_remote_t
*remote
;
1635 uint32_t bs
= mp
->m_sb
.sb_blocksize
;
1639 leaf
= (xfs_attr_leafblock_t
*)block
;
1641 /* Remote attributes - attr3 has XFS_ATTR3_RMT_MAGIC, attr has none */
1642 if ((be16_to_cpu(leaf
->hdr
.info
.magic
) != XFS_ATTR_LEAF_MAGIC
) &&
1643 (be16_to_cpu(leaf
->hdr
.info
.magic
) != XFS_ATTR3_LEAF_MAGIC
)) {
1644 for (i
= 0; i
< attr_data
.remote_val_count
; i
++) {
1645 if (obfuscate
&& attr_data
.remote_vals
[i
] == offset
)
1646 /* Macros to handle both attr and attr3 */
1648 (bs
- XFS_ATTR3_RMT_BUF_SPACE(mp
, bs
)),
1649 'v', XFS_ATTR3_RMT_BUF_SPACE(mp
, bs
));
1654 /* Ok, it's a leaf - get header; accounts for crc & non-crc */
1655 xfs_attr3_leaf_hdr_from_disk(mp
->m_attr_geo
, &hdr
, leaf
);
1657 nentries
= hdr
.count
;
1658 if (nentries
== 0 ||
1659 nentries
* sizeof(xfs_attr_leaf_entry_t
) +
1660 xfs_attr3_leaf_hdr_size(leaf
) >
1661 XFS_ATTR3_RMT_BUF_SPACE(mp
, bs
)) {
1663 print_warning("invalid attr count in inode %llu",
1664 (long long)cur_ino
);
1668 entry
= xfs_attr3_leaf_entryp(leaf
);
1669 /* We will move this as we parse */
1671 for (i
= 0; i
< nentries
; i
++, entry
++) {
1672 int nlen
, vlen
, zlen
;
1674 /* Grows up; if this name is topmost, move first_name */
1675 if (!first_name
|| xfs_attr3_leaf_name(leaf
, i
) < first_name
)
1676 first_name
= xfs_attr3_leaf_name(leaf
, i
);
1678 if (be16_to_cpu(entry
->nameidx
) > mp
->m_sb
.sb_blocksize
) {
1681 "invalid attr nameidx in inode %llu",
1682 (long long)cur_ino
);
1685 if (entry
->flags
& XFS_ATTR_LOCAL
) {
1686 local
= xfs_attr3_leaf_name_local(leaf
, i
);
1687 if (local
->namelen
== 0) {
1690 "zero length for attr name in inode %llu",
1691 (long long)cur_ino
);
1695 generate_obfuscated_name(0, local
->namelen
,
1696 &local
->nameval
[0]);
1697 memset(&local
->nameval
[local
->namelen
], 'v',
1698 be16_to_cpu(local
->valuelen
));
1700 /* zero from end of nameval[] to next name start */
1701 nlen
= local
->namelen
;
1702 vlen
= be16_to_cpu(local
->valuelen
);
1703 zlen
= xfs_attr_leaf_entsize_local(nlen
, vlen
) -
1704 (sizeof(xfs_attr_leaf_name_local_t
) - 1 +
1706 if (zero_stale_data
)
1707 memset(&local
->nameval
[nlen
+ vlen
], 0, zlen
);
1709 remote
= xfs_attr3_leaf_name_remote(leaf
, i
);
1710 if (remote
->namelen
== 0 || remote
->valueblk
== 0) {
1713 "invalid attr entry in inode %llu",
1714 (long long)cur_ino
);
1718 generate_obfuscated_name(0, remote
->namelen
,
1720 add_remote_vals(be32_to_cpu(remote
->valueblk
),
1721 be32_to_cpu(remote
->valuelen
));
1723 /* zero from end of name[] to next name start */
1724 nlen
= remote
->namelen
;
1725 zlen
= xfs_attr_leaf_entsize_remote(nlen
) -
1726 (sizeof(xfs_attr_leaf_name_remote_t
) - 1 +
1728 if (zero_stale_data
)
1729 memset(&remote
->name
[nlen
], 0, zlen
);
1733 /* Zero from end of entries array to the first name/val */
1734 if (zero_stale_data
) {
1735 struct xfs_attr_leaf_entry
*entries
;
1737 entries
= xfs_attr3_leaf_entryp(leaf
);
1738 memset(&entries
[nentries
], 0,
1739 first_name
- (char *)&entries
[nentries
]);
1743 /* Processes symlinks, attrs, directories ... */
1745 process_single_fsb_objects(
1756 for (i
= 0; i
< c
; i
++) {
1758 set_cur(&typtab
[btype
], XFS_FSB_TO_DADDR(mp
, s
), blkbb
,
1761 if (!iocur_top
->data
) {
1762 xfs_agnumber_t agno
= XFS_FSB_TO_AGNO(mp
, s
);
1763 xfs_agblock_t agbno
= XFS_FSB_TO_AGBNO(mp
, s
);
1765 print_warning("cannot read %s block %u/%u (%llu)",
1766 typtab
[btype
].name
, agno
, agbno
, s
);
1767 if (stop_on_read_error
)
1773 if (!obfuscate
&& !zero_stale_data
)
1776 /* Zero unused part of interior nodes */
1777 if (zero_stale_data
) {
1778 xfs_da_intnode_t
*node
= iocur_top
->data
;
1779 int magic
= be16_to_cpu(node
->hdr
.info
.magic
);
1781 if (magic
== XFS_DA_NODE_MAGIC
||
1782 magic
== XFS_DA3_NODE_MAGIC
) {
1783 struct xfs_da3_icnode_hdr hdr
;
1786 M_DIROPS(mp
)->node_hdr_from_disk(&hdr
, node
);
1787 used
= M_DIROPS(mp
)->node_hdr_size
;
1790 * sizeof(struct xfs_da_node_entry
);
1792 if (used
< mp
->m_sb
.sb_blocksize
) {
1793 memset((char *)node
+ used
, 0,
1794 mp
->m_sb
.sb_blocksize
- used
);
1795 iocur_top
->need_crc
= 1;
1800 /* Handle leaf nodes */
1801 dp
= iocur_top
->data
;
1804 if (o
>= mp
->m_dir_geo
->leafblk
)
1807 process_dir_data_block(dp
, o
,
1808 last
== mp
->m_dir_geo
->fsbcount
);
1809 iocur_top
->need_crc
= 1;
1812 process_symlink_block(dp
);
1813 iocur_top
->need_crc
= 1;
1816 process_attr_block(dp
, o
);
1817 iocur_top
->need_crc
= 1;
1824 ret
= write_buf(iocur_top
);
1837 * Static map to aggregate multiple extents into a single directory block.
1839 static struct bbmap mfsb_map
;
1840 static int mfsb_length
;
1843 process_multi_fsb_objects(
1856 print_warning("bad type for multi-fsb object %d", btype
);
1861 unsigned int bm_len
;
1863 if (mfsb_length
+ c
>= mp
->m_dir_geo
->fsbcount
) {
1864 bm_len
= mp
->m_dir_geo
->fsbcount
- mfsb_length
;
1871 mfsb_map
.b
[mfsb_map
.nmaps
].bm_bn
= XFS_FSB_TO_DADDR(mp
, s
);
1872 mfsb_map
.b
[mfsb_map
.nmaps
].bm_len
= XFS_FSB_TO_BB(mp
, bm_len
);
1875 if (mfsb_length
== 0) {
1877 set_cur(&typtab
[btype
], 0, 0, DB_RING_IGN
, &mfsb_map
);
1878 if (!iocur_top
->data
) {
1879 xfs_agnumber_t agno
= XFS_FSB_TO_AGNO(mp
, s
);
1880 xfs_agblock_t agbno
= XFS_FSB_TO_AGBNO(mp
, s
);
1882 print_warning("cannot read %s block %u/%u (%llu)",
1883 typtab
[btype
].name
, agno
, agbno
, s
);
1884 if (stop_on_read_error
)
1890 if ((!obfuscate
&& !zero_stale_data
) ||
1891 o
>= mp
->m_dir_geo
->leafblk
) {
1892 ret
= write_buf(iocur_top
);
1896 process_dir_data_block(iocur_top
->data
, o
,
1897 last
== mp
->m_dir_geo
->fsbcount
);
1898 iocur_top
->need_crc
= 1;
1899 ret
= write_buf(iocur_top
);
1913 /* inode copy routines */
1915 process_bmbt_reclist(
1921 xfs_fileoff_t o
, op
= NULLFILEOFF
;
1923 xfs_filblks_t c
, cp
= NULLFILEOFF
;
1926 xfs_agnumber_t agno
;
1927 xfs_agblock_t agbno
;
1930 if (btype
== TYP_DATA
)
1933 convert_extent(&rp
[numrecs
- 1], &o
, &s
, &c
, &f
);
1936 for (i
= 0; i
< numrecs
; i
++, rp
++) {
1937 convert_extent(rp
, &o
, &s
, &c
, &f
);
1940 * ignore extents that are clearly bogus, and if a bogus
1941 * one is found, stop processing remaining extents
1943 if (i
> 0 && op
+ cp
> o
) {
1945 print_warning("bmap extent %d in %s ino %llu "
1946 "starts at %llu, previous extent "
1948 typtab
[btype
].name
, (long long)cur_ino
,
1953 if (c
> max_extent_size
) {
1955 * since we are only processing non-data extents,
1956 * large numbers of blocks in a metadata extent is
1957 * extremely rare and more than likely to be corrupt.
1960 print_warning("suspicious count %u in bmap "
1961 "extent %d in %s ino %llu", c
, i
,
1962 typtab
[btype
].name
, (long long)cur_ino
);
1969 agno
= XFS_FSB_TO_AGNO(mp
, s
);
1970 agbno
= XFS_FSB_TO_AGBNO(mp
, s
);
1972 if (!valid_bno(agno
, agbno
)) {
1974 print_warning("invalid block number %u/%u "
1975 "(%llu) in bmap extent %d in %s ino "
1976 "%llu", agno
, agbno
, s
, i
,
1977 typtab
[btype
].name
, (long long)cur_ino
);
1981 if (!valid_bno(agno
, agbno
+ c
- 1)) {
1983 print_warning("bmap extent %i in %s inode %llu "
1984 "overflows AG (end is %u/%u)", i
,
1985 typtab
[btype
].name
, (long long)cur_ino
,
1986 agno
, agbno
+ c
- 1);
1990 /* multi-extent blocks require special handling */
1991 if (btype
!= TYP_DIR2
|| mp
->m_dir_geo
->fsbcount
== 1) {
1992 error
= process_single_fsb_objects(o
, s
, c
, btype
, last
);
1994 error
= process_multi_fsb_objects(o
, s
, c
, btype
, last
);
2005 struct xfs_btree_block
*block
,
2006 xfs_agnumber_t agno
,
2007 xfs_agblock_t agbno
,
2010 void *arg
) /* ptr to itype */
2016 nrecs
= be16_to_cpu(block
->bb_numrecs
);
2019 if (nrecs
> mp
->m_bmap_dmxr
[0]) {
2021 print_warning("invalid numrecs (%u) in %s "
2022 "block %u/%u", nrecs
,
2023 typtab
[btype
].name
, agno
, agbno
);
2026 return process_bmbt_reclist(XFS_BMBT_REC_ADDR(mp
, block
, 1),
2027 nrecs
, *(typnm_t
*)arg
);
2030 if (nrecs
> mp
->m_bmap_dmxr
[1]) {
2032 print_warning("invalid numrecs (%u) in %s block %u/%u",
2033 nrecs
, typtab
[btype
].name
, agno
, agbno
);
2036 pp
= XFS_BMBT_PTR_ADDR(mp
, block
, 1, mp
->m_bmap_dmxr
[1]);
2037 for (i
= 0; i
< nrecs
; i
++) {
2041 ag
= XFS_FSB_TO_AGNO(mp
, get_unaligned_be64(&pp
[i
]));
2042 bno
= XFS_FSB_TO_AGBNO(mp
, get_unaligned_be64(&pp
[i
]));
2044 if (bno
== 0 || bno
> mp
->m_sb
.sb_agblocks
||
2045 ag
> mp
->m_sb
.sb_agcount
) {
2047 print_warning("invalid block number (%u/%u) "
2048 "in %s block %u/%u", ag
, bno
,
2049 typtab
[btype
].name
, agno
, agbno
);
2053 if (!scan_btree(ag
, bno
, level
, btype
, arg
, scanfunc_bmap
))
2064 xfs_bmdr_block_t
*dib
;
2073 whichfork
= (itype
== TYP_ATTR
) ? XFS_ATTR_FORK
: XFS_DATA_FORK
;
2074 btype
= (itype
== TYP_ATTR
) ? TYP_BMAPBTA
: TYP_BMAPBTD
;
2076 dib
= (xfs_bmdr_block_t
*)XFS_DFORK_PTR(dip
, whichfork
);
2077 level
= be16_to_cpu(dib
->bb_level
);
2078 nrecs
= be16_to_cpu(dib
->bb_numrecs
);
2080 if (level
> XFS_BM_MAXLEVELS(mp
, whichfork
)) {
2082 print_warning("invalid level (%u) in inode %lld %s "
2083 "root", level
, (long long)cur_ino
,
2084 typtab
[btype
].name
);
2089 return process_bmbt_reclist(XFS_BMDR_REC_ADDR(dib
, 1),
2093 maxrecs
= libxfs_bmdr_maxrecs(XFS_DFORK_SIZE(dip
, mp
, whichfork
), 0);
2094 if (nrecs
> maxrecs
) {
2096 print_warning("invalid numrecs (%u) in inode %lld %s "
2097 "root", nrecs
, (long long)cur_ino
,
2098 typtab
[btype
].name
);
2102 pp
= XFS_BMDR_PTR_ADDR(dib
, 1, maxrecs
);
2103 for (i
= 0; i
< nrecs
; i
++) {
2107 ag
= XFS_FSB_TO_AGNO(mp
, get_unaligned_be64(&pp
[i
]));
2108 bno
= XFS_FSB_TO_AGBNO(mp
, get_unaligned_be64(&pp
[i
]));
2110 if (bno
== 0 || bno
> mp
->m_sb
.sb_agblocks
||
2111 ag
> mp
->m_sb
.sb_agcount
) {
2113 print_warning("invalid block number (%u/%u) "
2114 "in inode %llu %s root", ag
,
2115 bno
, (long long)cur_ino
,
2116 typtab
[btype
].name
);
2120 if (!scan_btree(ag
, bno
, level
, btype
, &itype
, scanfunc_bmap
))
2135 whichfork
= (itype
== TYP_ATTR
) ? XFS_ATTR_FORK
: XFS_DATA_FORK
;
2137 nex
= XFS_DFORK_NEXTENTS(dip
, whichfork
);
2138 used
= nex
* sizeof(xfs_bmbt_rec_t
);
2139 if (nex
< 0 || used
> XFS_DFORK_SIZE(dip
, mp
, whichfork
)) {
2141 print_warning("bad number of extents %d in inode %lld",
2142 nex
, (long long)cur_ino
);
2146 /* Zero unused data fork past used extents */
2147 if (zero_stale_data
&& (used
< XFS_DFORK_SIZE(dip
, mp
, whichfork
)))
2148 memset(XFS_DFORK_PTR(dip
, whichfork
) + used
, 0,
2149 XFS_DFORK_SIZE(dip
, mp
, whichfork
) - used
);
2152 return process_bmbt_reclist((xfs_bmbt_rec_t
*)XFS_DFORK_PTR(dip
,
2153 whichfork
), nex
, itype
);
2161 switch (dip
->di_format
) {
2162 case XFS_DINODE_FMT_LOCAL
:
2163 if (obfuscate
|| zero_stale_data
)
2166 process_sf_dir(dip
);
2170 process_sf_symlink(dip
);
2177 case XFS_DINODE_FMT_EXTENTS
:
2178 return process_exinode(dip
, itype
);
2180 case XFS_DINODE_FMT_BTREE
:
2181 return process_btinode(dip
, itype
);
2187 * when we process the inode, we may change the data in the data and/or
2188 * attribute fork if they are in short form and we are obfuscating names.
2189 * In this case we need to recalculate the CRC of the inode, but we should
2190 * only do that if the CRC in the inode is good to begin with. If the crc
2191 * is not ok, we just leave it alone.
2195 xfs_agnumber_t agno
,
2201 bool crc_was_ok
= false; /* no recalc by default */
2202 bool need_new_crc
= false;
2205 cur_ino
= XFS_AGINO_TO_INO(mp
, agno
, agino
);
2207 /* we only care about crc recalculation if we will modify the inode. */
2208 if (obfuscate
|| zero_stale_data
) {
2209 crc_was_ok
= libxfs_verify_cksum((char *)dip
,
2210 mp
->m_sb
.sb_inodesize
,
2211 offsetof(struct xfs_dinode
, di_crc
));
2215 if (zero_stale_data
) {
2216 /* Zero all of the inode literal area */
2217 memset(XFS_DFORK_DPTR(dip
), 0,
2218 XFS_LITINO(mp
, dip
->di_version
));
2223 /* copy appropriate data fork metadata */
2224 switch (be16_to_cpu(dip
->di_mode
) & S_IFMT
) {
2226 success
= process_inode_data(dip
, TYP_DIR2
);
2227 if (dip
->di_format
== XFS_DINODE_FMT_LOCAL
)
2231 success
= process_inode_data(dip
, TYP_SYMLINK
);
2232 if (dip
->di_format
== XFS_DINODE_FMT_LOCAL
)
2236 success
= process_inode_data(dip
, TYP_DATA
);
2242 /* copy extended attributes if they exist and forkoff is valid */
2244 XFS_DFORK_DSIZE(dip
, mp
) < XFS_LITINO(mp
, dip
->di_version
)) {
2245 attr_data
.remote_val_count
= 0;
2246 switch (dip
->di_aformat
) {
2247 case XFS_DINODE_FMT_LOCAL
:
2249 if (obfuscate
|| zero_stale_data
)
2250 process_sf_attr(dip
);
2253 case XFS_DINODE_FMT_EXTENTS
:
2254 success
= process_exinode(dip
, TYP_ATTR
);
2257 case XFS_DINODE_FMT_BTREE
:
2258 success
= process_btinode(dip
, TYP_ATTR
);
2265 /* Heavy handed but low cost; just do it as a catch-all. */
2266 if (zero_stale_data
)
2269 if (crc_was_ok
&& need_new_crc
)
2270 libxfs_dinode_calc_crc(mp
, dip
);
2274 static uint32_t inodes_copied
;
2278 xfs_agnumber_t agno
,
2279 xfs_inobt_rec_t
*rp
)
2283 xfs_agblock_t agbno
;
2284 xfs_agblock_t end_agbno
;
2291 agino
= be32_to_cpu(rp
->ir_startino
);
2292 agbno
= XFS_AGINO_TO_AGBNO(mp
, agino
);
2293 end_agbno
= agbno
+ mp
->m_ialloc_blks
;
2294 off
= XFS_INO_TO_OFFSET(mp
, agino
);
2297 * If the fs supports sparse inode records, we must process inodes a
2298 * cluster at a time because that is the sparse allocation granularity.
2299 * Otherwise, we risk CRC corruption errors on reads of inode chunks.
2301 * Also make sure that that we don't process more than the single record
2302 * we've been passed (large block sizes can hold multiple inode chunks).
2304 if (xfs_sb_version_hassparseinodes(&mp
->m_sb
))
2305 blks_per_buf
= xfs_icluster_size_fsb(mp
);
2307 blks_per_buf
= mp
->m_ialloc_blks
;
2308 inodes_per_buf
= min(blks_per_buf
<< mp
->m_sb
.sb_inopblog
,
2309 XFS_INODES_PER_CHUNK
);
2312 * Sanity check that we only process a single buffer if ir_startino has
2313 * a buffer offset. A non-zero offset implies that the entire chunk lies
2316 if (off
&& inodes_per_buf
!= XFS_INODES_PER_CHUNK
) {
2317 print_warning("bad starting inode offset %d", off
);
2321 if (agino
== 0 || agino
== NULLAGINO
|| !valid_bno(agno
, agbno
) ||
2322 !valid_bno(agno
, XFS_AGINO_TO_AGBNO(mp
,
2323 agino
+ XFS_INODES_PER_CHUNK
- 1))) {
2325 print_warning("bad inode number %llu (%u/%u)",
2326 XFS_AGINO_TO_INO(mp
, agno
, agino
), agno
, agino
);
2331 * check for basic assumptions about inode chunks, and if any
2332 * assumptions fail, don't process the inode chunk.
2334 if ((mp
->m_sb
.sb_inopblock
<= XFS_INODES_PER_CHUNK
&& off
!= 0) ||
2335 (mp
->m_sb
.sb_inopblock
> XFS_INODES_PER_CHUNK
&&
2336 off
% XFS_INODES_PER_CHUNK
!= 0) ||
2337 (xfs_sb_version_hasalign(&mp
->m_sb
) &&
2338 mp
->m_sb
.sb_inoalignmt
!= 0 &&
2339 agbno
% mp
->m_sb
.sb_inoalignmt
!= 0)) {
2341 print_warning("badly aligned inode (start = %llu)",
2342 XFS_AGINO_TO_INO(mp
, agno
, agino
));
2348 while (agbno
< end_agbno
&& ioff
< XFS_INODES_PER_CHUNK
) {
2349 if (xfs_inobt_is_sparse_disk(rp
, ioff
))
2352 set_cur(&typtab
[TYP_INODE
], XFS_AGB_TO_DADDR(mp
, agno
, agbno
),
2353 XFS_FSB_TO_BB(mp
, blks_per_buf
), DB_RING_IGN
, NULL
);
2354 if (iocur_top
->data
== NULL
) {
2355 print_warning("cannot read inode block %u/%u",
2357 rval
= !stop_on_read_error
;
2361 for (i
= 0; i
< inodes_per_buf
; i
++) {
2364 dip
= (xfs_dinode_t
*)((char *)iocur_top
->data
+
2365 ((off
+ i
) << mp
->m_sb
.sb_inodelog
));
2367 /* process_inode handles free inodes, too */
2368 if (!process_inode(agno
, agino
+ ioff
+ i
, dip
,
2369 XFS_INOBT_IS_FREE_DISK(rp
, ioff
+ i
)))
2375 if (write_buf(iocur_top
))
2379 agbno
+= blks_per_buf
;
2380 ioff
+= inodes_per_buf
;
2384 print_progress("Copied %u of %u inodes (%u of %u AGs)",
2385 inodes_copied
, mp
->m_sb
.sb_icount
, agno
,
2386 mp
->m_sb
.sb_agcount
);
2395 struct xfs_btree_block
*block
,
2396 xfs_agnumber_t agno
,
2397 xfs_agblock_t agbno
,
2402 xfs_inobt_rec_t
*rp
;
2403 xfs_inobt_ptr_t
*pp
;
2406 int finobt
= *(int *) arg
;
2408 numrecs
= be16_to_cpu(block
->bb_numrecs
);
2411 if (numrecs
> mp
->m_inobt_mxr
[0]) {
2413 print_warning("invalid numrecs %d in %s "
2414 "block %u/%u", numrecs
,
2415 typtab
[btype
].name
, agno
, agbno
);
2416 numrecs
= mp
->m_inobt_mxr
[0];
2420 * Only copy the btree blocks for the finobt. The inobt scan
2421 * copies the inode chunks.
2426 rp
= XFS_INOBT_REC_ADDR(mp
, block
, 1);
2427 for (i
= 0; i
< numrecs
; i
++, rp
++) {
2428 if (!copy_inode_chunk(agno
, rp
))
2434 if (numrecs
> mp
->m_inobt_mxr
[1]) {
2436 print_warning("invalid numrecs %d in %s block %u/%u",
2437 numrecs
, typtab
[btype
].name
, agno
, agbno
);
2438 numrecs
= mp
->m_inobt_mxr
[1];
2441 pp
= XFS_INOBT_PTR_ADDR(mp
, block
, 1, mp
->m_inobt_mxr
[1]);
2442 for (i
= 0; i
< numrecs
; i
++) {
2443 if (!valid_bno(agno
, be32_to_cpu(pp
[i
]))) {
2445 print_warning("invalid block number (%u/%u) "
2446 "in %s block %u/%u",
2447 agno
, be32_to_cpu(pp
[i
]),
2448 typtab
[btype
].name
, agno
, agbno
);
2451 if (!scan_btree(agno
, be32_to_cpu(pp
[i
]), level
,
2452 btype
, arg
, scanfunc_ino
))
2460 xfs_agnumber_t agno
,
2467 root
= be32_to_cpu(agi
->agi_root
);
2468 levels
= be32_to_cpu(agi
->agi_level
);
2470 /* validate root and levels before processing the tree */
2471 if (root
== 0 || root
> mp
->m_sb
.sb_agblocks
) {
2473 print_warning("invalid block number (%u) in inobt "
2474 "root in agi %u", root
, agno
);
2477 if (levels
>= XFS_BTREE_MAXLEVELS
) {
2479 print_warning("invalid level (%u) in inobt root "
2480 "in agi %u", levels
, agno
);
2484 if (!scan_btree(agno
, root
, levels
, TYP_INOBT
, &finobt
, scanfunc_ino
))
2487 if (xfs_sb_version_hasfinobt(&mp
->m_sb
)) {
2488 root
= be32_to_cpu(agi
->agi_free_root
);
2489 levels
= be32_to_cpu(agi
->agi_free_level
);
2492 if (!scan_btree(agno
, root
, levels
, TYP_INOBT
, &finobt
,
2502 xfs_agnumber_t agno
)
2506 int stack_count
= 0;
2509 /* copy the superblock of the AG */
2512 set_cur(&typtab
[TYP_SB
], XFS_AG_DADDR(mp
, agno
, XFS_SB_DADDR
),
2513 XFS_FSS_TO_BB(mp
, 1), DB_RING_IGN
, NULL
);
2514 if (!iocur_top
->data
) {
2515 print_warning("cannot read superblock for ag %u", agno
);
2516 if (stop_on_read_error
)
2519 /* Replace any filesystem label with "L's" */
2521 struct xfs_sb
*sb
= iocur_top
->data
;
2522 memset(sb
->sb_fname
, 'L',
2523 min(strlen(sb
->sb_fname
), sizeof(sb
->sb_fname
)));
2524 iocur_top
->need_crc
= 1;
2526 if (write_buf(iocur_top
))
2530 /* copy the AG free space btree root */
2533 set_cur(&typtab
[TYP_AGF
], XFS_AG_DADDR(mp
, agno
, XFS_AGF_DADDR(mp
)),
2534 XFS_FSS_TO_BB(mp
, 1), DB_RING_IGN
, NULL
);
2535 agf
= iocur_top
->data
;
2536 if (iocur_top
->data
== NULL
) {
2537 print_warning("cannot read agf block for ag %u", agno
);
2538 if (stop_on_read_error
)
2541 if (write_buf(iocur_top
))
2545 /* copy the AG inode btree root */
2548 set_cur(&typtab
[TYP_AGI
], XFS_AG_DADDR(mp
, agno
, XFS_AGI_DADDR(mp
)),
2549 XFS_FSS_TO_BB(mp
, 1), DB_RING_IGN
, NULL
);
2550 agi
= iocur_top
->data
;
2551 if (iocur_top
->data
== NULL
) {
2552 print_warning("cannot read agi block for ag %u", agno
);
2553 if (stop_on_read_error
)
2556 if (write_buf(iocur_top
))
2560 /* copy the AG free list header */
2563 set_cur(&typtab
[TYP_AGFL
], XFS_AG_DADDR(mp
, agno
, XFS_AGFL_DADDR(mp
)),
2564 XFS_FSS_TO_BB(mp
, 1), DB_RING_IGN
, NULL
);
2565 if (iocur_top
->data
== NULL
) {
2566 print_warning("cannot read agfl block for ag %u", agno
);
2567 if (stop_on_read_error
)
2570 if (agf
&& zero_stale_data
) {
2571 /* Zero out unused bits of agfl */
2575 agfl_bno
= XFS_BUF_TO_AGFL_BNO(mp
, iocur_top
->bp
);
2576 i
= be32_to_cpu(agf
->agf_fllast
);
2579 if (++i
== XFS_AGFL_SIZE(mp
))
2581 if (i
== be32_to_cpu(agf
->agf_flfirst
))
2583 agfl_bno
[i
] = cpu_to_be32(NULLAGBLOCK
);
2585 iocur_top
->need_crc
= 1;
2587 if (write_buf(iocur_top
))
2591 /* copy AG free space btrees */
2594 print_progress("Copying free space trees of AG %u",
2596 if (!copy_free_bno_btree(agno
, agf
))
2598 if (!copy_free_cnt_btree(agno
, agf
))
2600 if (!copy_rmap_btree(agno
, agf
))
2602 if (!copy_refcount_btree(agno
, agf
))
2606 /* copy inode btrees and the inodes and their associated metadata */
2608 if (!copy_inodes(agno
, agi
))
2613 while (stack_count
--)
2623 xfs_agnumber_t agno
;
2624 xfs_agblock_t agbno
;
2629 if (ino
== 0 || ino
== NULLFSINO
)
2632 agno
= XFS_INO_TO_AGNO(mp
, ino
);
2633 agino
= XFS_INO_TO_AGINO(mp
, ino
);
2634 agbno
= XFS_AGINO_TO_AGBNO(mp
, agino
);
2635 offset
= XFS_AGINO_TO_OFFSET(mp
, agino
);
2637 if (agno
>= mp
->m_sb
.sb_agcount
|| agbno
>= mp
->m_sb
.sb_agblocks
||
2638 offset
>= mp
->m_sb
.sb_inopblock
) {
2640 print_warning("invalid %s inode number (%lld)",
2641 typtab
[itype
].name
, (long long)ino
);
2646 set_cur(&typtab
[TYP_INODE
], XFS_AGB_TO_DADDR(mp
, agno
, agbno
),
2647 blkbb
, DB_RING_IGN
, NULL
);
2648 if (iocur_top
->data
== NULL
) {
2649 print_warning("cannot read %s inode %lld",
2650 typtab
[itype
].name
, (long long)ino
);
2651 rval
= !stop_on_read_error
;
2654 off_cur(offset
<< mp
->m_sb
.sb_inodelog
, mp
->m_sb
.sb_inodesize
);
2657 rval
= process_inode_data(iocur_top
->data
, itype
);
2665 copy_sb_inodes(void)
2667 if (!copy_ino(mp
->m_sb
.sb_rbmino
, TYP_RTBITMAP
))
2670 if (!copy_ino(mp
->m_sb
.sb_rsumino
, TYP_RTSUMMARY
))
2673 if (!copy_ino(mp
->m_sb
.sb_uquotino
, TYP_DQBLK
))
2676 if (!copy_ino(mp
->m_sb
.sb_gquotino
, TYP_DQBLK
))
2679 return copy_ino(mp
->m_sb
.sb_pquotino
, TYP_DQBLK
);
2687 xfs_daddr_t logstart
;
2690 int cycle
= XLOG_INIT_CYCLE
;
2693 print_progress("Copying log");
2696 set_cur(&typtab
[TYP_LOG
], XFS_FSB_TO_DADDR(mp
, mp
->m_sb
.sb_logstart
),
2697 mp
->m_sb
.sb_logblocks
* blkbb
, DB_RING_IGN
, NULL
);
2698 if (iocur_top
->data
== NULL
) {
2700 print_warning("cannot read log");
2701 return !stop_on_read_error
;
2704 /* If not obfuscating or zeroing, just copy the log as it is */
2705 if (!obfuscate
&& !zero_stale_data
)
2708 dirty
= xlog_is_dirty(mp
, &log
, &x
, 0);
2712 /* clear out a clean log */
2714 print_progress("Zeroing clean log");
2716 logstart
= XFS_FSB_TO_DADDR(mp
, mp
->m_sb
.sb_logstart
);
2717 logblocks
= XFS_FSB_TO_BB(mp
, mp
->m_sb
.sb_logblocks
);
2718 logversion
= xfs_sb_version_haslogv2(&mp
->m_sb
) ? 2 : 1;
2719 if (xfs_sb_version_hascrc(&mp
->m_sb
))
2720 cycle
= log
.l_curr_cycle
+ 1;
2722 libxfs_log_clear(NULL
, iocur_top
->data
, logstart
, logblocks
,
2723 &mp
->m_sb
.sb_uuid
, logversion
,
2724 mp
->m_sb
.sb_logsunit
, XLOG_FMT
, cycle
, true);
2727 /* keep the dirty log */
2730 _("Warning: log recovery of an obfuscated metadata image can leak "
2731 "unobfuscated metadata and/or cause image corruption. If possible, "
2732 "please mount the filesystem to clean the log, or disable obfuscation."));
2735 /* log detection error */
2738 _("Could not discern log; image will contain unobfuscated metadata in log."));
2743 return !write_buf(iocur_top
);
2751 xfs_agnumber_t agno
;
2761 stop_on_read_error
= 0;
2763 if (mp
->m_sb
.sb_magicnum
!= XFS_SB_MAGIC
) {
2764 print_warning("bad superblock magic number %x, giving up",
2765 mp
->m_sb
.sb_magicnum
);
2770 * on load, we sanity-checked agcount and possibly set to 1
2771 * if it was corrupted and large.
2773 if (mp
->m_sb
.sb_agcount
== 1 &&
2774 XFS_MAX_DBLOCKS(&mp
->m_sb
) < mp
->m_sb
.sb_dblocks
) {
2775 print_warning("truncated agcount, giving up");
2779 while ((c
= getopt(argc
, argv
, "aegm:ow")) != EOF
) {
2782 zero_stale_data
= 0;
2785 stop_on_read_error
= 1;
2791 max_extent_size
= (int)strtol(optarg
, &p
, 0);
2792 if (*p
!= '\0' || max_extent_size
<= 0) {
2793 print_warning("bad max extent size %s",
2805 print_warning("bad option for metadump command");
2810 if (optind
!= argc
- 1) {
2811 print_warning("too few options for metadump (no filename given)");
2815 metablock
= (xfs_metablock_t
*)calloc(BBSIZE
+ 1, BBSIZE
);
2816 if (metablock
== NULL
) {
2817 print_warning("memory allocation failure");
2820 metablock
->mb_blocklog
= BBSHIFT
;
2821 metablock
->mb_magic
= cpu_to_be32(XFS_MD_MAGIC
);
2823 /* Set flags about state of metadump */
2824 metablock
->mb_info
= XFS_METADUMP_INFO_FLAGS
;
2826 metablock
->mb_info
|= XFS_METADUMP_OBFUSCATED
;
2827 if (!zero_stale_data
)
2828 metablock
->mb_info
|= XFS_METADUMP_FULLBLOCKS
;
2830 /* If we'll copy the log, see if the log is dirty */
2831 if (mp
->m_sb
.sb_logstart
) {
2833 set_cur(&typtab
[TYP_LOG
],
2834 XFS_FSB_TO_DADDR(mp
, mp
->m_sb
.sb_logstart
),
2835 mp
->m_sb
.sb_logblocks
* blkbb
, DB_RING_IGN
, NULL
);
2836 if (iocur_top
->data
) { /* best effort */
2839 if (xlog_is_dirty(mp
, &log
, &x
, 0))
2840 metablock
->mb_info
|= XFS_METADUMP_DIRTYLOG
;
2845 block_index
= (__be64
*)((char *)metablock
+ sizeof(xfs_metablock_t
));
2846 block_buffer
= (char *)metablock
+ BBSIZE
;
2847 num_indices
= (BBSIZE
- sizeof(xfs_metablock_t
)) / sizeof(__be64
);
2850 * A metadump block can hold at most num_indices of BBSIZE sectors;
2851 * do not try to dump a filesystem with a sector size which does not
2852 * fit within num_indices (i.e. within a single metablock).
2854 if (mp
->m_sb
.sb_sectsize
> num_indices
* BBSIZE
) {
2855 print_warning("Cannot dump filesystem with sector size %u",
2856 mp
->m_sb
.sb_sectsize
);
2862 start_iocur_sp
= iocur_sp
;
2864 if (strcmp(argv
[optind
], "-") == 0) {
2865 if (isatty(fileno(stdout
))) {
2866 print_warning("cannot write to a terminal");
2871 * Redirect stdout to stderr for the duration of the
2872 * metadump operation so that dbprintf and other messages
2873 * are sent to the console instead of polluting the
2876 * We get to do this the hard way because musl doesn't
2877 * allow reassignment of stdout.
2880 outfd
= dup(STDOUT_FILENO
);
2882 perror("opening dump stream");
2885 ret
= dup2(STDERR_FILENO
, STDOUT_FILENO
);
2887 perror("redirecting stdout");
2891 outf
= fdopen(outfd
, "a");
2893 fprintf(stderr
, "cannot create dump stream\n");
2894 dup2(outfd
, STDOUT_FILENO
);
2898 stdout_metadump
= true;
2900 outf
= fopen(argv
[optind
], "wb");
2902 print_warning("cannot create dump file");
2909 for (agno
= 0; agno
< mp
->m_sb
.sb_agcount
; agno
++) {
2910 if (!scan_ag(agno
)) {
2916 /* copy realtime and quota inode contents */
2918 exitcode
= !copy_sb_inodes();
2920 /* copy log if it's internal */
2921 if ((mp
->m_sb
.sb_logstart
!= 0) && !exitcode
)
2922 exitcode
= !copy_log();
2924 /* write the remaining index */
2926 exitcode
= write_index() < 0;
2928 if (progress_since_warning
)
2929 fputc('\n', stdout_metadump
? stderr
: stdout
);
2931 if (stdout_metadump
) {
2934 ret
= dup2(outfd
, STDOUT_FILENO
);
2936 perror("un-redirecting stdout");
2940 /* cleanup iocur stack */
2941 while (iocur_sp
> start_iocur_sp
)