]> git.ipfire.org Git - thirdparty/xfsprogs-dev.git/blob - db/metadump.c
projects / thirdparty / xfsprogs-dev.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xfs_db: btdump should avoid eval for push and pop of cursor
[thirdparty/xfsprogs-dev.git] / db / metadump.c
1 /*
2 * Copyright (c) 2007, 2011 SGI
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 #include "libxfs.h"
20 #include "libxlog.h"
21 #include "bmap.h"
22 #include "command.h"
23 #include "metadump.h"
24 #include "io.h"
25 #include "output.h"
26 #include "type.h"
27 #include "init.h"
28 #include "sig.h"
29 #include "xfs_metadump.h"
30 #include "fprint.h"
31 #include "faddr.h"
32 #include "field.h"
33 #include "dir2.h"
34
35 #define DEFAULT_MAX_EXT_SIZE 1000
36
37 /*
38 * It's possible that multiple files in a directory (or attributes
39 * in a file) produce the same obfuscated name. If that happens, we
40 * try to create another one. After several rounds of this though,
41 * we just give up and leave the original name as-is.
42 */
43 #define DUP_MAX 5 /* Max duplicates before we give up */
44
45 /* copy all metadata structures to/from a file */
46
47 static int metadump_f(int argc, char **argv);
48 static void metadump_help(void);
49
50 /*
51 * metadump commands issue info/wornings/errors to standard error as
52 * metadump supports stdout as a destination.
53 *
54 * All static functions return zero on failure, while the public functions
55 * return zero on success.
56 */
57
58 static const cmdinfo_t metadump_cmd =
59 { "metadump", NULL, metadump_f, 0, -1, 0,
60 N_("[-a] [-e] [-g] [-m max_extent] [-w] [-o] filename"),
61 N_("dump metadata to a file"), metadump_help };
62
63 static FILE *outf; /* metadump file */
64
65 static xfs_metablock_t *metablock; /* header + index + buffers */
66 static __be64 *block_index;
67 static char *block_buffer;
68
69 static int num_indices;
70 static int cur_index;
71
72 static xfs_ino_t cur_ino;
73
74 static int show_progress = 0;
75 static int stop_on_read_error = 0;
76 static int max_extent_size = DEFAULT_MAX_EXT_SIZE;
77 static int obfuscate = 1;
78 static int zero_stale_data = 1;
79 static int show_warnings = 0;
80 static int progress_since_warning = 0;
81 static bool stdout_metadump;
82
83 void
84 metadump_init(void)
85 {
86 add_command(&metadump_cmd);
87 }
88
89 static void
90 metadump_help(void)
91 {
92 dbprintf(_(
93 "\n"
94 " The 'metadump' command dumps the known metadata to a compact file suitable\n"
95 " for compressing and sending to an XFS maintainer for corruption analysis \n"
96 " or xfs_repair failures.\n\n"
97 " Options:\n"
98 " -a -- Copy full metadata blocks without zeroing unused space\n"
99 " -e -- Ignore read errors and keep going\n"
100 " -g -- Display dump progress\n"
101 " -m -- Specify max extent size in blocks to copy (default = %d blocks)\n"
102 " -o -- Don't obfuscate names and extended attributes\n"
103 " -w -- Show warnings of bad metadata information\n"
104 "\n"), DEFAULT_MAX_EXT_SIZE);
105 }
106
107 static void
108 print_warning(const char *fmt, ...)
109 {
110 char buf[200];
111 va_list ap;
112
113 if (seenint())
114 return;
115
116 va_start(ap, fmt);
117 vsnprintf(buf, sizeof(buf), fmt, ap);
118 va_end(ap);
119 buf[sizeof(buf)-1] = '\0';
120
121 fprintf(stderr, "%s%s: %s\n", progress_since_warning ? "\n" : "",
122 progname, buf);
123 progress_since_warning = 0;
124 }
125
126 static void
127 print_progress(const char *fmt, ...)
128 {
129 char buf[60];
130 va_list ap;
131 FILE *f;
132
133 if (seenint())
134 return;
135
136 va_start(ap, fmt);
137 vsnprintf(buf, sizeof(buf), fmt, ap);
138 va_end(ap);
139 buf[sizeof(buf)-1] = '\0';
140
141 f = stdout_metadump ? stderr : stdout;
142 fprintf(f, "\r%-59s", buf);
143 fflush(f);
144 progress_since_warning = 1;
145 }
146
147 /*
148 * A complete dump file will have a "zero" entry in the last index block,
149 * even if the dump is exactly aligned, the last index will be full of
150 * zeros. If the last index entry is non-zero, the dump is incomplete.
151 * Correspondingly, the last chunk will have a count < num_indices.
152 *
153 * Return 0 for success, -1 for failure.
154 */
155
156 static int
157 write_index(void)
158 {
159 /*
160 * write index block and following data blocks (streaming)
161 */
162 metablock->mb_count = cpu_to_be16(cur_index);
163 if (fwrite(metablock, (cur_index + 1) << BBSHIFT, 1, outf) != 1) {
164 print_warning("error writing to file: %s", strerror(errno));
165 return -errno;
166 }
167
168 memset(block_index, 0, num_indices * sizeof(__be64));
169 cur_index = 0;
170 return 0;
171 }
172
173 /*
174 * Return 0 for success, -errno for failure.
175 */
176 static int
177 write_buf_segment(
178 char *data,
179 int64_t off,
180 int len)
181 {
182 int i;
183 int ret;
184
185 for (i = 0; i < len; i++, off++, data += BBSIZE) {
186 block_index[cur_index] = cpu_to_be64(off);
187 memcpy(&block_buffer[cur_index << BBSHIFT], data, BBSIZE);
188 if (++cur_index == num_indices) {
189 ret = write_index();
190 if (ret)
191 return -EIO;
192 }
193 }
194 return 0;
195 }
196
197 /*
198 * we want to preserve the state of the metadata in the dump - whether it is
199 * intact or corrupt, so even if the buffer has a verifier attached to it we
200 * don't want to run it prior to writing the buffer to the metadump image.
201 *
202 * The only reason for running the verifier is to recalculate the CRCs on a
203 * buffer that has been obfuscated. i.e. a buffer than metadump modified itself.
204 * In this case, we only run the verifier if the buffer was not corrupt to begin
205 * with so that we don't accidentally correct buffers with CRC or errors in them
206 * when we are obfuscating them.
207 */
208 static int
209 write_buf(
210 iocur_t *buf)
211 {
212 struct xfs_buf *bp = buf->bp;
213 int i;
214 int ret;
215
216 /*
217 * Run the write verifier to recalculate the buffer CRCs and check
218 * metadump didn't introduce a new corruption. Warn if the verifier
219 * failed, but still continue to dump it into the output file.
220 */
221 if (buf->need_crc && bp && bp->b_ops && !bp->b_error) {
222 bp->b_ops->verify_write(bp);
223 if (bp->b_error) {
224 print_warning(
225 "obfuscation corrupted block at %s bno 0x%llx/0x%x",
226 bp->b_ops->name,
227 (long long)bp->b_bn, bp->b_bcount);
228 }
229 }
230
231 /* handle discontiguous buffers */
232 if (!buf->bbmap) {
233 ret = write_buf_segment(buf->data, buf->bb, buf->blen);
234 if (ret)
235 return ret;
236 } else {
237 int len = 0;
238 for (i = 0; i < buf->bbmap->nmaps; i++) {
239 ret = write_buf_segment(buf->data + BBTOB(len),
240 buf->bbmap->b[i].bm_bn,
241 buf->bbmap->b[i].bm_len);
242 if (ret)
243 return ret;
244 len += buf->bbmap->b[i].bm_len;
245 }
246 }
247 return seenint() ? -EINTR : 0;
248 }
249
250 /*
251 * We could be processing a corrupt block, so we can't trust any of
252 * the offsets or lengths to be within the buffer range. Hence check
253 * carefully!
254 */
255 static void
256 zero_btree_node(
257 struct xfs_btree_block *block,
258 typnm_t btype)
259 {
260 int nrecs;
261 xfs_bmbt_ptr_t *bpp;
262 xfs_bmbt_key_t *bkp;
263 xfs_inobt_ptr_t *ipp;
264 xfs_inobt_key_t *ikp;
265 xfs_alloc_ptr_t *app;
266 xfs_alloc_key_t *akp;
267 char *zp1, *zp2;
268 char *key_end;
269
270 nrecs = be16_to_cpu(block->bb_numrecs);
271 if (nrecs < 0)
272 return;
273
274 switch (btype) {
275 case TYP_BMAPBTA:
276 case TYP_BMAPBTD:
277 if (nrecs > mp->m_bmap_dmxr[1])
278 return;
279
280 bkp = XFS_BMBT_KEY_ADDR(mp, block, 1);
281 bpp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
282 zp1 = (char *)&bkp[nrecs];
283 zp2 = (char *)&bpp[nrecs];
284 key_end = (char *)bpp;
285 break;
286 case TYP_INOBT:
287 case TYP_FINOBT:
288 if (nrecs > mp->m_inobt_mxr[1])
289 return;
290
291 ikp = XFS_INOBT_KEY_ADDR(mp, block, 1);
292 ipp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
293 zp1 = (char *)&ikp[nrecs];
294 zp2 = (char *)&ipp[nrecs];
295 key_end = (char *)ipp;
296 break;
297 case TYP_BNOBT:
298 case TYP_CNTBT:
299 if (nrecs > mp->m_alloc_mxr[1])
300 return;
301
302 akp = XFS_ALLOC_KEY_ADDR(mp, block, 1);
303 app = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
304 zp1 = (char *)&akp[nrecs];
305 zp2 = (char *)&app[nrecs];
306 key_end = (char *)app;
307 break;
308 default:
309 return;
310 }
311
312
313 /* Zero from end of keys to beginning of pointers */
314 memset(zp1, 0, key_end - zp1);
315
316 /* Zero from end of pointers to end of block */
317 memset(zp2, 0, (char *)block + mp->m_sb.sb_blocksize - zp2);
318 }
319
320 /*
321 * We could be processing a corrupt block, so we can't trust any of
322 * the offsets or lengths to be within the buffer range. Hence check
323 * carefully!
324 */
325 static void
326 zero_btree_leaf(
327 struct xfs_btree_block *block,
328 typnm_t btype)
329 {
330 int nrecs;
331 struct xfs_bmbt_rec *brp;
332 struct xfs_inobt_rec *irp;
333 struct xfs_alloc_rec *arp;
334 char *zp;
335
336 nrecs = be16_to_cpu(block->bb_numrecs);
337 if (nrecs < 0)
338 return;
339
340 switch (btype) {
341 case TYP_BMAPBTA:
342 case TYP_BMAPBTD:
343 if (nrecs > mp->m_bmap_dmxr[0])
344 return;
345
346 brp = XFS_BMBT_REC_ADDR(mp, block, 1);
347 zp = (char *)&brp[nrecs];
348 break;
349 case TYP_INOBT:
350 case TYP_FINOBT:
351 if (nrecs > mp->m_inobt_mxr[0])
352 return;
353
354 irp = XFS_INOBT_REC_ADDR(mp, block, 1);
355 zp = (char *)&irp[nrecs];
356 break;
357 case TYP_BNOBT:
358 case TYP_CNTBT:
359 if (nrecs > mp->m_alloc_mxr[0])
360 return;
361
362 arp = XFS_ALLOC_REC_ADDR(mp, block, 1);
363 zp = (char *)&arp[nrecs];
364 break;
365 default:
366 return;
367 }
368
369 /* Zero from end of records to end of block */
370 memset(zp, 0, (char *)block + mp->m_sb.sb_blocksize - zp);
371 }
372
373 static void
374 zero_btree_block(
375 struct xfs_btree_block *block,
376 typnm_t btype)
377 {
378 int level;
379
380 level = be16_to_cpu(block->bb_level);
381
382 if (level > 0)
383 zero_btree_node(block, btype);
384 else
385 zero_btree_leaf(block, btype);
386 }
387
388 static int
389 scan_btree(
390 xfs_agnumber_t agno,
391 xfs_agblock_t agbno,
392 int level,
393 typnm_t btype,
394 void *arg,
395 int (*func)(struct xfs_btree_block *block,
396 xfs_agnumber_t agno,
397 xfs_agblock_t agbno,
398 int level,
399 typnm_t btype,
400 void *arg))
401 {
402 int rval = 0;
403
404 push_cur();
405 set_cur(&typtab[btype], XFS_AGB_TO_DADDR(mp, agno, agbno), blkbb,
406 DB_RING_IGN, NULL);
407 if (iocur_top->data == NULL) {
408 print_warning("cannot read %s block %u/%u", typtab[btype].name,
409 agno, agbno);
410 rval = !stop_on_read_error;
411 goto pop_out;
412 }
413
414 if (zero_stale_data) {
415 zero_btree_block(iocur_top->data, btype);
416 iocur_top->need_crc = 1;
417 }
418
419 if (write_buf(iocur_top))
420 goto pop_out;
421
422 if (!(*func)(iocur_top->data, agno, agbno, level - 1, btype, arg))
423 goto pop_out;
424 rval = 1;
425 pop_out:
426 pop_cur();
427 return rval;
428 }
429
430 /* free space tree copy routines */
431
432 static int
433 valid_bno(
434 xfs_agnumber_t agno,
435 xfs_agblock_t agbno)
436 {
437 if (agno < (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
438 agbno <= mp->m_sb.sb_agblocks)
439 return 1;
440 if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
441 agbno <= (mp->m_sb.sb_dblocks -
442 (xfs_rfsblock_t)(mp->m_sb.sb_agcount - 1) *
443 mp->m_sb.sb_agblocks))
444 return 1;
445
446 return 0;
447 }
448
449
450 static int
451 scanfunc_freesp(
452 struct xfs_btree_block *block,
453 xfs_agnumber_t agno,
454 xfs_agblock_t agbno,
455 int level,
456 typnm_t btype,
457 void *arg)
458 {
459 xfs_alloc_ptr_t *pp;
460 int i;
461 int numrecs;
462
463 if (level == 0)
464 return 1;
465
466 numrecs = be16_to_cpu(block->bb_numrecs);
467 if (numrecs > mp->m_alloc_mxr[1]) {
468 if (show_warnings)
469 print_warning("invalid numrecs (%u) in %s block %u/%u",
470 numrecs, typtab[btype].name, agno, agbno);
471 return 1;
472 }
473
474 pp = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
475 for (i = 0; i < numrecs; i++) {
476 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
477 if (show_warnings)
478 print_warning("invalid block number (%u/%u) "
479 "in %s block %u/%u",
480 agno, be32_to_cpu(pp[i]),
481 typtab[btype].name, agno, agbno);
482 continue;
483 }
484 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
485 scanfunc_freesp))
486 return 0;
487 }
488 return 1;
489 }
490
491 static int
492 copy_free_bno_btree(
493 xfs_agnumber_t agno,
494 xfs_agf_t *agf)
495 {
496 xfs_agblock_t root;
497 int levels;
498
499 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_BNO]);
500 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]);
501
502 /* validate root and levels before processing the tree */
503 if (root == 0 || root > mp->m_sb.sb_agblocks) {
504 if (show_warnings)
505 print_warning("invalid block number (%u) in bnobt "
506 "root in agf %u", root, agno);
507 return 1;
508 }
509 if (levels >= XFS_BTREE_MAXLEVELS) {
510 if (show_warnings)
511 print_warning("invalid level (%u) in bnobt root "
512 "in agf %u", levels, agno);
513 return 1;
514 }
515
516 return scan_btree(agno, root, levels, TYP_BNOBT, agf, scanfunc_freesp);
517 }
518
519 static int
520 copy_free_cnt_btree(
521 xfs_agnumber_t agno,
522 xfs_agf_t *agf)
523 {
524 xfs_agblock_t root;
525 int levels;
526
527 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_CNT]);
528 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]);
529
530 /* validate root and levels before processing the tree */
531 if (root == 0 || root > mp->m_sb.sb_agblocks) {
532 if (show_warnings)
533 print_warning("invalid block number (%u) in cntbt "
534 "root in agf %u", root, agno);
535 return 1;
536 }
537 if (levels >= XFS_BTREE_MAXLEVELS) {
538 if (show_warnings)
539 print_warning("invalid level (%u) in cntbt root "
540 "in agf %u", levels, agno);
541 return 1;
542 }
543
544 return scan_btree(agno, root, levels, TYP_CNTBT, agf, scanfunc_freesp);
545 }
546
547 static int
548 scanfunc_rmapbt(
549 struct xfs_btree_block *block,
550 xfs_agnumber_t agno,
551 xfs_agblock_t agbno,
552 int level,
553 typnm_t btype,
554 void *arg)
555 {
556 xfs_rmap_ptr_t *pp;
557 int i;
558 int numrecs;
559
560 if (level == 0)
561 return 1;
562
563 numrecs = be16_to_cpu(block->bb_numrecs);
564 if (numrecs > mp->m_rmap_mxr[1]) {
565 if (show_warnings)
566 print_warning("invalid numrecs (%u) in %s block %u/%u",
567 numrecs, typtab[btype].name, agno, agbno);
568 return 1;
569 }
570
571 pp = XFS_RMAP_PTR_ADDR(block, 1, mp->m_rmap_mxr[1]);
572 for (i = 0; i < numrecs; i++) {
573 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
574 if (show_warnings)
575 print_warning("invalid block number (%u/%u) "
576 "in %s block %u/%u",
577 agno, be32_to_cpu(pp[i]),
578 typtab[btype].name, agno, agbno);
579 continue;
580 }
581 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
582 scanfunc_rmapbt))
583 return 0;
584 }
585 return 1;
586 }
587
588 static int
589 copy_rmap_btree(
590 xfs_agnumber_t agno,
591 struct xfs_agf *agf)
592 {
593 xfs_agblock_t root;
594 int levels;
595
596 if (!xfs_sb_version_hasrmapbt(&mp->m_sb))
597 return 1;
598
599 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_RMAP]);
600 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]);
601
602 /* validate root and levels before processing the tree */
603 if (root == 0 || root > mp->m_sb.sb_agblocks) {
604 if (show_warnings)
605 print_warning("invalid block number (%u) in rmapbt "
606 "root in agf %u", root, agno);
607 return 1;
608 }
609 if (levels >= XFS_BTREE_MAXLEVELS) {
610 if (show_warnings)
611 print_warning("invalid level (%u) in rmapbt root "
612 "in agf %u", levels, agno);
613 return 1;
614 }
615
616 return scan_btree(agno, root, levels, TYP_RMAPBT, agf, scanfunc_rmapbt);
617 }
618
619 static int
620 scanfunc_refcntbt(
621 struct xfs_btree_block *block,
622 xfs_agnumber_t agno,
623 xfs_agblock_t agbno,
624 int level,
625 typnm_t btype,
626 void *arg)
627 {
628 xfs_refcount_ptr_t *pp;
629 int i;
630 int numrecs;
631
632 if (level == 0)
633 return 1;
634
635 numrecs = be16_to_cpu(block->bb_numrecs);
636 if (numrecs > mp->m_refc_mxr[1]) {
637 if (show_warnings)
638 print_warning("invalid numrecs (%u) in %s block %u/%u",
639 numrecs, typtab[btype].name, agno, agbno);
640 return 1;
641 }
642
643 pp = XFS_REFCOUNT_PTR_ADDR(block, 1, mp->m_refc_mxr[1]);
644 for (i = 0; i < numrecs; i++) {
645 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
646 if (show_warnings)
647 print_warning("invalid block number (%u/%u) "
648 "in %s block %u/%u",
649 agno, be32_to_cpu(pp[i]),
650 typtab[btype].name, agno, agbno);
651 continue;
652 }
653 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
654 scanfunc_refcntbt))
655 return 0;
656 }
657 return 1;
658 }
659
660 static int
661 copy_refcount_btree(
662 xfs_agnumber_t agno,
663 struct xfs_agf *agf)
664 {
665 xfs_agblock_t root;
666 int levels;
667
668 if (!xfs_sb_version_hasreflink(&mp->m_sb))
669 return 1;
670
671 root = be32_to_cpu(agf->agf_refcount_root);
672 levels = be32_to_cpu(agf->agf_refcount_level);
673
674 /* validate root and levels before processing the tree */
675 if (root == 0 || root > mp->m_sb.sb_agblocks) {
676 if (show_warnings)
677 print_warning("invalid block number (%u) in refcntbt "
678 "root in agf %u", root, agno);
679 return 1;
680 }
681 if (levels >= XFS_BTREE_MAXLEVELS) {
682 if (show_warnings)
683 print_warning("invalid level (%u) in refcntbt root "
684 "in agf %u", levels, agno);
685 return 1;
686 }
687
688 return scan_btree(agno, root, levels, TYP_REFCBT, agf, scanfunc_refcntbt);
689 }
690
691 /* filename and extended attribute obfuscation routines */
692
693 struct name_ent {
694 struct name_ent *next;
695 xfs_dahash_t hash;
696 int namelen;
697 unsigned char name[1];
698 };
699
700 #define NAME_TABLE_SIZE 4096
701
702 static struct name_ent *nametable[NAME_TABLE_SIZE];
703
704 static void
705 nametable_clear(void)
706 {
707 int i;
708 struct name_ent *ent;
709
710 for (i = 0; i < NAME_TABLE_SIZE; i++) {
711 while ((ent = nametable[i])) {
712 nametable[i] = ent->next;
713 free(ent);
714 }
715 }
716 }
717
718 /*
719 * See if the given name is already in the name table. If so,
720 * return a pointer to its entry, otherwise return a null pointer.
721 */
722 static struct name_ent *
723 nametable_find(xfs_dahash_t hash, int namelen, unsigned char *name)
724 {
725 struct name_ent *ent;
726
727 for (ent = nametable[hash % NAME_TABLE_SIZE]; ent; ent = ent->next) {
728 if (ent->hash == hash && ent->namelen == namelen &&
729 !memcmp(ent->name, name, namelen))
730 return ent;
731 }
732 return NULL;
733 }
734
735 /*
736 * Add the given name to the name table. Returns a pointer to the
737 * name's new entry, or a null pointer if an error occurs.
738 */
739 static struct name_ent *
740 nametable_add(xfs_dahash_t hash, int namelen, unsigned char *name)
741 {
742 struct name_ent *ent;
743
744 ent = malloc(sizeof *ent + namelen);
745 if (!ent)
746 return NULL;
747
748 ent->namelen = namelen;
749 memcpy(ent->name, name, namelen);
750 ent->hash = hash;
751 ent->next = nametable[hash % NAME_TABLE_SIZE];
752
753 nametable[hash % NAME_TABLE_SIZE] = ent;
754
755 return ent;
756 }
757
758 #define is_invalid_char(c) ((c) == '/' || (c) == '\0')
759 #define rol32(x,y) (((x) << (y)) | ((x) >> (32 - (y))))
760
761 static inline unsigned char
762 random_filename_char(void)
763 {
764 static unsigned char filename_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
765 "abcdefghijklmnopqrstuvwxyz"
766 "0123456789-_";
767
768 return filename_alphabet[random() % (sizeof filename_alphabet - 1)];
769 }
770
771 #define ORPHANAGE "lost+found"
772 #define ORPHANAGE_LEN (sizeof (ORPHANAGE) - 1)
773
774 static inline int
775 is_orphanage_dir(
776 struct xfs_mount *mp,
777 xfs_ino_t dir_ino,
778 size_t name_len,
779 unsigned char *name)
780 {
781 return dir_ino == mp->m_sb.sb_rootino &&
782 name_len == ORPHANAGE_LEN &&
783 !memcmp(name, ORPHANAGE, ORPHANAGE_LEN);
784 }
785
786 /*
787 * Determine whether a name is one we shouldn't obfuscate because
788 * it's an orphan (or the "lost+found" directory itself). Note
789 * "cur_ino" is the inode for the directory currently being
790 * processed.
791 *
792 * Returns 1 if the name should NOT be obfuscated or 0 otherwise.
793 */
794 static int
795 in_lost_found(
796 xfs_ino_t ino,
797 int namelen,
798 unsigned char *name)
799 {
800 static xfs_ino_t orphanage_ino = 0;
801 char s[24]; /* 21 is enough (64 bits in decimal) */
802 int slen;
803
804 /* Record the "lost+found" inode if we haven't done so already */
805
806 ASSERT(ino != 0);
807 if (!orphanage_ino && is_orphanage_dir(mp, cur_ino, namelen, name))
808 orphanage_ino = ino;
809
810 /* We don't obfuscate the "lost+found" directory itself */
811
812 if (ino == orphanage_ino)
813 return 1;
814
815 /* Most files aren't in "lost+found" at all */
816
817 if (cur_ino != orphanage_ino)
818 return 0;
819
820 /*
821 * Within "lost+found", we don't obfuscate any file whose
822 * name is the same as its inode number. Any others are
823 * stray files and can be obfuscated.
824 */
825 slen = snprintf(s, sizeof (s), "%llu", (unsigned long long) ino);
826
827 return slen == namelen && !memcmp(name, s, namelen);
828 }
829
830 /*
831 * Given a name and its hash value, massage the name in such a way
832 * that the result is another name of equal length which shares the
833 * same hash value.
834 */
835 static void
836 obfuscate_name(
837 xfs_dahash_t hash,
838 size_t name_len,
839 unsigned char *name)
840 {
841 unsigned char *newp = name;
842 int i;
843 xfs_dahash_t new_hash = 0;
844 unsigned char *first;
845 unsigned char high_bit;
846 int shift;
847
848 /*
849 * Our obfuscation algorithm requires at least 5-character
850 * names, so don't bother if the name is too short. We
851 * work backward from a hash value to determine the last
852 * five bytes in a name required to produce a new name
853 * with the same hash.
854 */
855 if (name_len < 5)
856 return;
857
858 /*
859 * The beginning of the obfuscated name can be pretty much
860 * anything, so fill it in with random characters.
861 * Accumulate its new hash value as we go.
862 */
863 for (i = 0; i < name_len - 5; i++) {
864 *newp = random_filename_char();
865 new_hash = *newp ^ rol32(new_hash, 7);
866 newp++;
867 }
868
869 /*
870 * Compute which five bytes need to be used at the end of
871 * the name so the hash of the obfuscated name is the same
872 * as the hash of the original. If any result in an invalid
873 * character, flip a bit and arrange for a corresponding bit
874 * in a neighboring byte to be flipped as well. For the
875 * last byte, the "neighbor" to change is the first byte
876 * we're computing here.
877 */
878 new_hash = rol32(new_hash, 3) ^ hash;
879
880 first = newp;
881 high_bit = 0;
882 for (shift = 28; shift >= 0; shift -= 7) {
883 *newp = (new_hash >> shift & 0x7f) ^ high_bit;
884 if (is_invalid_char(*newp)) {
885 *newp ^= 1;
886 high_bit = 0x80;
887 } else
888 high_bit = 0;
889 ASSERT(!is_invalid_char(*newp));
890 newp++;
891 }
892
893 /*
894 * If we flipped a bit on the last byte, we need to fix up
895 * the matching bit in the first byte. The result will
896 * be a valid character, because we know that first byte
897 * has 0's in its upper four bits (it was produced by a
898 * 28-bit right-shift of a 32-bit unsigned value).
899 */
900 if (high_bit) {
901 *first ^= 0x10;
902 ASSERT(!is_invalid_char(*first));
903 }
904 ASSERT(libxfs_da_hashname(name, name_len) == hash);
905 }
906
907 /*
908 * Flip a bit in each of two bytes at the end of the given name.
909 * This is used in generating a series of alternate names to be used
910 * in the event a duplicate is found.
911 *
912 * The bits flipped are selected such that they both affect the same
913 * bit in the name's computed hash value, so flipping them both will
914 * preserve the hash.
915 *
916 * The following diagram aims to show the portion of a computed
917 * hash that a given byte of a name affects.
918 *
919 * 31 28 24 21 14 8 7 3 0
920 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
921 * hash: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
922 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
923 * last-4 ->| |<-- last-2 --->| |<--- last ---->|
924 * |<-- last-3 --->| |<-- last-1 --->| |<- last-4
925 * |<-- last-7 --->| |<-- last-5 --->|
926 * |<-- last-8 --->| |<-- last-6 --->|
927 * . . . and so on
928 *
929 * The last byte of the name directly affects the low-order byte of
930 * the hash. The next-to-last affects bits 7-14, the next one back
931 * affects bits 14-21, and so on. The effect wraps around when it
932 * goes beyond the top of the hash (as happens for byte last-4).
933 *
934 * Bits that are flipped together "overlap" on the hash value. As
935 * an example of overlap, the last two bytes both affect bit 7 in
936 * the hash. That pair of bytes (and their overlapping bits) can be
937 * used for this "flip bit" operation (it's the first pair tried,
938 * actually).
939 *
940 * A table defines overlapping pairs--the bytes involved and bits
941 * within them--that can be used this way. The byte offset is
942 * relative to a starting point within the name, which will be set
943 * to affect the bytes at the end of the name. The function is
944 * called with a "bitseq" value which indicates which bit flip is
945 * desired, and this translates directly into selecting which entry
946 * in the bit_to_flip[] table to apply.
947 *
948 * The function returns 1 if the operation was successful. It
949 * returns 0 if the result produced a character that's not valid in
950 * a name (either '/' or a '\0'). Finally, it returns -1 if the bit
951 * sequence number is beyond what is supported for a name of this
952 * length.
953 *
954 * Discussion
955 * ----------
956 * (Also see the discussion above find_alternate(), below.)
957 *
958 * In order to make this function work for any length name, the
959 * table is ordered by increasing byte offset, so that the earliest
960 * entries can apply to the shortest strings. This way all names
961 * are done consistently.
962 *
963 * When bit flips occur, they can convert printable characters
964 * into non-printable ones. In an effort to reduce the impact of
965 * this, the first bit flips are chosen to affect bytes the end of
966 * the name (and furthermore, toward the low bits of a byte). Those
967 * bytes are often non-printable anyway because of the way they are
968 * initially selected by obfuscate_name()). This is accomplished,
969 * using later table entries first.
970 *
971 * Each row in the table doubles the number of alternates that
972 * can be generated. A two-byte name is limited to using only
973 * the first row, so it's possible to generate two alternates
974 * (the original name, plus the alternate produced by flipping
975 * the one pair of bits). In a 5-byte name, the effect of the
976 * first byte overlaps the last by 4 its, and there are 8 bits
977 * to flip, allowing for 256 possible alternates.
978 *
979 * Short names (less than 5 bytes) are never even obfuscated, so for
980 * such names the relatively small number of alternates should never
981 * really be a problem.
982 *
983 * Long names (more than 6 bytes, say) are not likely to exhaust
984 * the number of available alternates. In fact, the table could
985 * probably have stopped at 8 entries, on the assumption that 256
986 * alternates should be enough for most any situation. The entries
987 * beyond those are present mostly for demonstration of how it could
988 * be populated with more entries, should it ever be necessary to do
989 * so.
990 */
991 static int
992 flip_bit(
993 size_t name_len,
994 unsigned char *name,
995 uint32_t bitseq)
996 {
997 int index;
998 size_t offset;
999 unsigned char *p0, *p1;
1000 unsigned char m0, m1;
1001 struct {
1002 int byte; /* Offset from start within name */
1003 unsigned char bit; /* Bit within that byte */
1004 } bit_to_flip[][2] = { /* Sorted by second entry's byte */
1005 { { 0, 0 }, { 1, 7 } }, /* Each row defines a pair */
1006 { { 1, 0 }, { 2, 7 } }, /* of bytes and a bit within */
1007 { { 2, 0 }, { 3, 7 } }, /* each byte. Each bit in */
1008 { { 0, 4 }, { 4, 0 } }, /* a pair affects the same */
1009 { { 0, 5 }, { 4, 1 } }, /* bit in the hash, so flipping */
1010 { { 0, 6 }, { 4, 2 } }, /* both will change the name */
1011 { { 0, 7 }, { 4, 3 } }, /* while preserving the hash. */
1012 { { 3, 0 }, { 4, 7 } },
1013 { { 0, 0 }, { 5, 3 } }, /* The first entry's byte offset */
1014 { { 0, 1 }, { 5, 4 } }, /* must be less than the second. */
1015 { { 0, 2 }, { 5, 5 } },
1016 { { 0, 3 }, { 5, 6 } }, /* The table can be extended to */
1017 { { 0, 4 }, { 5, 7 } }, /* an arbitrary number of entries */
1018 { { 4, 0 }, { 5, 7 } }, /* but there's not much point. */
1019 /* . . . */
1020 };
1021
1022 /* Find the first entry *not* usable for name of this length */
1023
1024 for (index = 0; index < ARRAY_SIZE(bit_to_flip); index++)
1025 if (bit_to_flip[index][1].byte >= name_len)
1026 break;
1027
1028 /*
1029 * Back up to the last usable entry. If that number is
1030 * smaller than the bit sequence number, inform the caller
1031 * that nothing this large (or larger) will work.
1032 */
1033 if (bitseq > --index)
1034 return -1;
1035
1036 /*
1037 * We will be switching bits at the end of name, with a
1038 * preference for affecting the last bytes first. Compute
1039 * where in the name we'll start applying the changes.
1040 */
1041 offset = name_len - (bit_to_flip[index][1].byte + 1);
1042 index -= bitseq; /* Use later table entries first */
1043
1044 p0 = name + offset + bit_to_flip[index][0].byte;
1045 p1 = name + offset + bit_to_flip[index][1].byte;
1046 m0 = 1 << bit_to_flip[index][0].bit;
1047 m1 = 1 << bit_to_flip[index][1].bit;
1048
1049 /* Only change the bytes if it produces valid characters */
1050
1051 if (is_invalid_char(*p0 ^ m0) || is_invalid_char(*p1 ^ m1))
1052 return 0;
1053
1054 *p0 ^= m0;
1055 *p1 ^= m1;
1056
1057 return 1;
1058 }
1059
1060 /*
1061 * This function generates a well-defined sequence of "alternate"
1062 * names for a given name. An alternate is a name having the same
1063 * length and same hash value as the original name. This is needed
1064 * because the algorithm produces only one obfuscated name to use
1065 * for a given original name, and it's possible that result matches
1066 * a name already seen. This function checks for this, and if it
1067 * occurs, finds another suitable obfuscated name to use.
1068 *
1069 * Each bit in the binary representation of the sequence number is
1070 * used to select one possible "bit flip" operation to perform on
1071 * the name. So for example:
1072 * seq = 0: selects no bits to flip
1073 * seq = 1: selects the 0th bit to flip
1074 * seq = 2: selects the 1st bit to flip
1075 * seq = 3: selects the 0th and 1st bit to flip
1076 * ... and so on.
1077 *
1078 * The flip_bit() function takes care of the details of the bit
1079 * flipping within the name. Note that the "1st bit" in this
1080 * context is a bit sequence number; i.e. it doesn't necessarily
1081 * mean bit 0x02 will be changed.
1082 *
1083 * If a valid name (one that contains no '/' or '\0' characters) is
1084 * produced by this process for the given sequence number, this
1085 * function returns 1. If the result is not valid, it returns 0.
1086 * Returns -1 if the sequence number is beyond the the maximum for
1087 * names of the given length.
1088 *
1089 *
1090 * Discussion
1091 * ----------
1092 * The number of alternates available for a given name is dependent
1093 * on its length. A "bit flip" involves inverting two bits in
1094 * a name--the two bits being selected such that their values
1095 * affect the name's hash value in the same way. Alternates are
1096 * thus generated by inverting the value of pairs of such
1097 * "overlapping" bits in the original name. Each byte after the
1098 * first in a name adds at least one bit of overlap to work with.
1099 * (See comments above flip_bit() for more discussion on this.)
1100 *
1101 * So the number of alternates is dependent on the number of such
1102 * overlapping bits in a name. If there are N bit overlaps, there
1103 * 2^N alternates for that hash value.
1104 *
1105 * Here are the number of overlapping bits available for generating
1106 * alternates for names of specific lengths:
1107 * 1 0 (must have 2 bytes to have any overlap)
1108 * 2 1 One bit overlaps--so 2 possible alternates
1109 * 3 2 Two bits overlap--so 4 possible alternates
1110 * 4 4 Three bits overlap, so 2^3 alternates
1111 * 5 8 8 bits overlap (due to wrapping), 256 alternates
1112 * 6 18 2^18 alternates
1113 * 7 28 2^28 alternates
1114 * ...
1115 * It's clear that the number of alternates grows very quickly with
1116 * the length of the name. But note that the set of alternates
1117 * includes invalid names. And for certain (contrived) names, the
1118 * number of valid names is a fairly small fraction of the total
1119 * number of alternates.
1120 *
1121 * The main driver for this infrastructure for coming up with
1122 * alternate names is really related to names 5 (or possibly 6)
1123 * bytes in length. 5-byte obfuscated names contain no randomly-
1124 * generated bytes in them, and the chance of an obfuscated name
1125 * matching an already-seen name is too high to just ignore. This
1126 * methodical selection of alternates ensures we don't produce
1127 * duplicate names unless we have exhausted our options.
1128 */
1129 static int
1130 find_alternate(
1131 size_t name_len,
1132 unsigned char *name,
1133 uint32_t seq)
1134 {
1135 uint32_t bitseq = 0;
1136 uint32_t bits = seq;
1137
1138 if (!seq)
1139 return 1; /* alternate 0 is the original name */
1140 if (name_len < 2) /* Must have 2 bytes to flip */
1141 return -1;
1142
1143 for (bitseq = 0; bits; bitseq++) {
1144 uint32_t mask = 1 << bitseq;
1145 int fb;
1146
1147 if (!(bits & mask))
1148 continue;
1149
1150 fb = flip_bit(name_len, name, bitseq);
1151 if (fb < 1)
1152 return fb ? -1 : 0;
1153 bits ^= mask;
1154 }
1155
1156 return 1;
1157 }
1158
1159 /*
1160 * Look up the given name in the name table. If it is already
1161 * present, iterate through a well-defined sequence of alternate
1162 * names and attempt to use an alternate name instead.
1163 *
1164 * Returns 1 if the (possibly modified) name is not present in the
1165 * name table. Returns 0 if the name and all possible alternates
1166 * are already in the table.
1167 */
1168 static int
1169 handle_duplicate_name(xfs_dahash_t hash, size_t name_len, unsigned char *name)
1170 {
1171 unsigned char new_name[name_len + 1];
1172 uint32_t seq = 1;
1173
1174 if (!nametable_find(hash, name_len, name))
1175 return 1; /* No duplicate */
1176
1177 /* Name is already in use. Need to find an alternate. */
1178
1179 do {
1180 int found;
1181
1182 /* Only change incoming name if we find an alternate */
1183 do {
1184 memcpy(new_name, name, name_len);
1185 found = find_alternate(name_len, new_name, seq++);
1186 if (found < 0)
1187 return 0; /* No more to check */
1188 } while (!found);
1189 } while (nametable_find(hash, name_len, new_name));
1190
1191 /*
1192 * The alternate wasn't in the table already. Pass it back
1193 * to the caller.
1194 */
1195 memcpy(name, new_name, name_len);
1196
1197 return 1;
1198 }
1199
1200 static void
1201 generate_obfuscated_name(
1202 xfs_ino_t ino,
1203 int namelen,
1204 unsigned char *name)
1205 {
1206 xfs_dahash_t hash;
1207
1208 /*
1209 * We don't obfuscate "lost+found" or any orphan files
1210 * therein. When the name table is used for extended
1211 * attributes, the inode number provided is 0, in which
1212 * case we don't need to make this check.
1213 */
1214 if (ino && in_lost_found(ino, namelen, name))
1215 return;
1216
1217 /*
1218 * If the name starts with a slash, just skip over it. It
1219 * isn't included in the hash and we don't record it in the
1220 * name table. Note that the namelen value passed in does
1221 * not count the leading slash (if one is present).
1222 */
1223 if (*name == '/')
1224 name++;
1225
1226 /* Obfuscate the name (if possible) */
1227
1228 hash = libxfs_da_hashname(name, namelen);
1229 obfuscate_name(hash, namelen, name);
1230
1231 /*
1232 * Make sure the name is not something already seen. If we
1233 * fail to find a suitable alternate, we're dealing with a
1234 * very pathological situation, and we may end up creating
1235 * a duplicate name in the metadump, so issue a warning.
1236 */
1237 if (!handle_duplicate_name(hash, namelen, name)) {
1238 print_warning("duplicate name for inode %llu "
1239 "in dir inode %llu\n",
1240 (unsigned long long) ino,
1241 (unsigned long long) cur_ino);
1242 return;
1243 }
1244
1245 /* Create an entry for the new name in the name table. */
1246
1247 if (!nametable_add(hash, namelen, name))
1248 print_warning("unable to record name for inode %llu "
1249 "in dir inode %llu\n",
1250 (unsigned long long) ino,
1251 (unsigned long long) cur_ino);
1252 }
1253
1254 static void
1255 process_sf_dir(
1256 xfs_dinode_t *dip)
1257 {
1258 struct xfs_dir2_sf_hdr *sfp;
1259 xfs_dir2_sf_entry_t *sfep;
1260 uint64_t ino_dir_size;
1261 int i;
1262
1263 sfp = (struct xfs_dir2_sf_hdr *)XFS_DFORK_DPTR(dip);
1264 ino_dir_size = be64_to_cpu(dip->di_size);
1265 if (ino_dir_size > XFS_DFORK_DSIZE(dip, mp)) {
1266 ino_dir_size = XFS_DFORK_DSIZE(dip, mp);
1267 if (show_warnings)
1268 print_warning("invalid size in dir inode %llu",
1269 (long long)cur_ino);
1270 }
1271
1272 sfep = xfs_dir2_sf_firstentry(sfp);
1273 for (i = 0; (i < sfp->count) &&
1274 ((char *)sfep - (char *)sfp < ino_dir_size); i++) {
1275
1276 /*
1277 * first check for bad name lengths. If they are bad, we
1278 * have limitations to how much can be obfuscated.
1279 */
1280 int namelen = sfep->namelen;
1281
1282 if (namelen == 0) {
1283 if (show_warnings)
1284 print_warning("zero length entry in dir inode "
1285 "%llu", (long long)cur_ino);
1286 if (i != sfp->count - 1)
1287 break;
1288 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1289 (char *)sfp);
1290 } else if ((char *)sfep - (char *)sfp +
1291 M_DIROPS(mp)->sf_entsize(sfp, sfep->namelen) >
1292 ino_dir_size) {
1293 if (show_warnings)
1294 print_warning("entry length in dir inode %llu "
1295 "overflows space", (long long)cur_ino);
1296 if (i != sfp->count - 1)
1297 break;
1298 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1299 (char *)sfp);
1300 }
1301
1302 if (obfuscate)
1303 generate_obfuscated_name(
1304 M_DIROPS(mp)->sf_get_ino(sfp, sfep),
1305 namelen, &sfep->name[0]);
1306
1307 sfep = (xfs_dir2_sf_entry_t *)((char *)sfep +
1308 M_DIROPS(mp)->sf_entsize(sfp, namelen));
1309 }
1310
1311 /* zero stale data in rest of space in data fork, if any */
1312 if (zero_stale_data && (ino_dir_size < XFS_DFORK_DSIZE(dip, mp)))
1313 memset(sfep, 0, XFS_DFORK_DSIZE(dip, mp) - ino_dir_size);
1314 }
1315
1316 /*
1317 * The pathname may not be null terminated. It may be terminated by the end of
1318 * a buffer or inode literal area, and the start of the next region contains
1319 * unknown data. Therefore, when we get to the last component of the symlink, we
1320 * cannot assume that strlen() will give us the right result. Hence we need to
1321 * track the remaining pathname length and use that instead.
1322 */
1323 static void
1324 obfuscate_path_components(
1325 char *buf,
1326 uint64_t len)
1327 {
1328 unsigned char *comp = (unsigned char *)buf;
1329 unsigned char *end = comp + len;
1330 xfs_dahash_t hash;
1331
1332 while (comp < end) {
1333 char *slash;
1334 int namelen;
1335
1336 /* find slash at end of this component */
1337 slash = strchr((char *)comp, '/');
1338 if (!slash) {
1339 /* last (or single) component */
1340 namelen = strnlen((char *)comp, len);
1341 hash = libxfs_da_hashname(comp, namelen);
1342 obfuscate_name(hash, namelen, comp);
1343 break;
1344 }
1345 namelen = slash - (char *)comp;
1346 /* handle leading or consecutive slashes */
1347 if (!namelen) {
1348 comp++;
1349 len--;
1350 continue;
1351 }
1352 hash = libxfs_da_hashname(comp, namelen);
1353 obfuscate_name(hash, namelen, comp);
1354 comp += namelen + 1;
1355 len -= namelen + 1;
1356 }
1357 }
1358
1359 static void
1360 process_sf_symlink(
1361 xfs_dinode_t *dip)
1362 {
1363 uint64_t len;
1364 char *buf;
1365
1366 len = be64_to_cpu(dip->di_size);
1367 if (len > XFS_DFORK_DSIZE(dip, mp)) {
1368 if (show_warnings)
1369 print_warning("invalid size (%d) in symlink inode %llu",
1370 len, (long long)cur_ino);
1371 len = XFS_DFORK_DSIZE(dip, mp);
1372 }
1373
1374 buf = (char *)XFS_DFORK_DPTR(dip);
1375 if (obfuscate)
1376 obfuscate_path_components(buf, len);
1377
1378 /* zero stale data in rest of space in data fork, if any */
1379 if (zero_stale_data && len < XFS_DFORK_DSIZE(dip, mp))
1380 memset(&buf[len], 0, XFS_DFORK_DSIZE(dip, mp) - len);
1381 }
1382
1383 static void
1384 process_sf_attr(
1385 xfs_dinode_t *dip)
1386 {
1387 /*
1388 * with extended attributes, obfuscate the names and fill the actual
1389 * values with 'v' (to see a valid string length, as opposed to NULLs)
1390 */
1391
1392 xfs_attr_shortform_t *asfp;
1393 xfs_attr_sf_entry_t *asfep;
1394 int ino_attr_size;
1395 int i;
1396
1397 asfp = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);
1398 if (asfp->hdr.count == 0)
1399 return;
1400
1401 ino_attr_size = be16_to_cpu(asfp->hdr.totsize);
1402 if (ino_attr_size > XFS_DFORK_ASIZE(dip, mp)) {
1403 ino_attr_size = XFS_DFORK_ASIZE(dip, mp);
1404 if (show_warnings)
1405 print_warning("invalid attr size in inode %llu",
1406 (long long)cur_ino);
1407 }
1408
1409 asfep = &asfp->list[0];
1410 for (i = 0; (i < asfp->hdr.count) &&
1411 ((char *)asfep - (char *)asfp < ino_attr_size); i++) {
1412
1413 int namelen = asfep->namelen;
1414
1415 if (namelen == 0) {
1416 if (show_warnings)
1417 print_warning("zero length attr entry in inode "
1418 "%llu", (long long)cur_ino);
1419 break;
1420 } else if ((char *)asfep - (char *)asfp +
1421 XFS_ATTR_SF_ENTSIZE(asfep) > ino_attr_size) {
1422 if (show_warnings)
1423 print_warning("attr entry length in inode %llu "
1424 "overflows space", (long long)cur_ino);
1425 break;
1426 }
1427
1428 if (obfuscate) {
1429 generate_obfuscated_name(0, asfep->namelen,
1430 &asfep->nameval[0]);
1431 memset(&asfep->nameval[asfep->namelen], 'v',
1432 asfep->valuelen);
1433 }
1434
1435 asfep = (xfs_attr_sf_entry_t *)((char *)asfep +
1436 XFS_ATTR_SF_ENTSIZE(asfep));
1437 }
1438
1439 /* zero stale data in rest of space in attr fork, if any */
1440 if (zero_stale_data && (ino_attr_size < XFS_DFORK_ASIZE(dip, mp)))
1441 memset(asfep, 0, XFS_DFORK_ASIZE(dip, mp) - ino_attr_size);
1442 }
1443
1444 static void
1445 process_dir_data_block(
1446 char *block,
1447 xfs_fileoff_t offset,
1448 int is_block_format)
1449 {
1450 /*
1451 * we have to rely on the fileoffset and signature of the block to
1452 * handle it's contents. If it's invalid, leave it alone.
1453 * for multi-fsblock dir blocks, if a name crosses an extent boundary,
1454 * ignore it and continue.
1455 */
1456 int dir_offset;
1457 char *ptr;
1458 char *endptr;
1459 int end_of_data;
1460 int wantmagic;
1461 struct xfs_dir2_data_hdr *datahdr;
1462
1463 datahdr = (struct xfs_dir2_data_hdr *)block;
1464
1465 if (is_block_format) {
1466 xfs_dir2_leaf_entry_t *blp;
1467 xfs_dir2_block_tail_t *btp;
1468
1469 btp = xfs_dir2_block_tail_p(mp->m_dir_geo, datahdr);
1470 blp = xfs_dir2_block_leaf_p(btp);
1471 if ((char *)blp > (char *)btp)
1472 blp = (xfs_dir2_leaf_entry_t *)btp;
1473
1474 end_of_data = (char *)blp - block;
1475 if (xfs_sb_version_hascrc(&mp->m_sb))
1476 wantmagic = XFS_DIR3_BLOCK_MAGIC;
1477 else
1478 wantmagic = XFS_DIR2_BLOCK_MAGIC;
1479 } else { /* leaf/node format */
1480 end_of_data = mp->m_dir_geo->fsbcount << mp->m_sb.sb_blocklog;
1481 if (xfs_sb_version_hascrc(&mp->m_sb))
1482 wantmagic = XFS_DIR3_DATA_MAGIC;
1483 else
1484 wantmagic = XFS_DIR2_DATA_MAGIC;
1485 }
1486
1487 if (be32_to_cpu(datahdr->magic) != wantmagic) {
1488 if (show_warnings)
1489 print_warning(
1490 "invalid magic in dir inode %llu block %ld",
1491 (long long)cur_ino, (long)offset);
1492 return;
1493 }
1494
1495 dir_offset = M_DIROPS(mp)->data_entry_offset;
1496 ptr = block + dir_offset;
1497 endptr = block + mp->m_dir_geo->blksize;
1498
1499 while (ptr < endptr && dir_offset < end_of_data) {
1500 xfs_dir2_data_entry_t *dep;
1501 xfs_dir2_data_unused_t *dup;
1502 int length;
1503
1504 dup = (xfs_dir2_data_unused_t *)ptr;
1505
1506 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
1507 int length = be16_to_cpu(dup->length);
1508 if (dir_offset + length > end_of_data ||
1509 !length || (length & (XFS_DIR2_DATA_ALIGN - 1))) {
1510 if (show_warnings)
1511 print_warning(
1512 "invalid length for dir free space in inode %llu",
1513 (long long)cur_ino);
1514 return;
1515 }
1516 if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
1517 dir_offset)
1518 return;
1519 dir_offset += length;
1520 ptr += length;
1521 /*
1522 * Zero the unused space up to the tag - the tag is
1523 * actually at a variable offset, so zeroing &dup->tag
1524 * is zeroing the free space in between
1525 */
1526 if (zero_stale_data) {
1527 int zlen = length -
1528 sizeof(xfs_dir2_data_unused_t);
1529
1530 if (zlen > 0) {
1531 memset(&dup->tag, 0, zlen);
1532 iocur_top->need_crc = 1;
1533 }
1534 }
1535 if (dir_offset >= end_of_data || ptr >= endptr)
1536 return;
1537 }
1538
1539 dep = (xfs_dir2_data_entry_t *)ptr;
1540 length = M_DIROPS(mp)->data_entsize(dep->namelen);
1541
1542 if (dir_offset + length > end_of_data ||
1543 ptr + length > endptr) {
1544 if (show_warnings)
1545 print_warning(
1546 "invalid length for dir entry name in inode %llu",
1547 (long long)cur_ino);
1548 return;
1549 }
1550 if (be16_to_cpu(*M_DIROPS(mp)->data_entry_tag_p(dep)) !=
1551 dir_offset)
1552 return;
1553
1554 if (obfuscate)
1555 generate_obfuscated_name(be64_to_cpu(dep->inumber),
1556 dep->namelen, &dep->name[0]);
1557 dir_offset += length;
1558 ptr += length;
1559 /* Zero the unused space after name, up to the tag */
1560 if (zero_stale_data) {
1561 /* 1 byte for ftype; don't bother with conditional */
1562 int zlen =
1563 (char *)M_DIROPS(mp)->data_entry_tag_p(dep) -
1564 (char *)&dep->name[dep->namelen] - 1;
1565 if (zlen > 0) {
1566 memset(&dep->name[dep->namelen] + 1, 0, zlen);
1567 iocur_top->need_crc = 1;
1568 }
1569 }
1570 }
1571 }
1572
1573 static void
1574 process_symlink_block(
1575 char *block)
1576 {
1577 char *link = block;
1578
1579 if (xfs_sb_version_hascrc(&(mp)->m_sb))
1580 link += sizeof(struct xfs_dsymlink_hdr);
1581
1582 if (obfuscate)
1583 obfuscate_path_components(link, XFS_SYMLINK_BUF_SPACE(mp,
1584 mp->m_sb.sb_blocksize));
1585 if (zero_stale_data) {
1586 size_t linklen, zlen;
1587
1588 linklen = strlen(link);
1589 zlen = mp->m_sb.sb_blocksize - linklen;
1590 if (xfs_sb_version_hascrc(&mp->m_sb))
1591 zlen -= sizeof(struct xfs_dsymlink_hdr);
1592 if (zlen < mp->m_sb.sb_blocksize)
1593 memset(link + linklen, 0, zlen);
1594 }
1595 }
1596
1597 #define MAX_REMOTE_VALS 4095
1598
1599 static struct attr_data_s {
1600 int remote_val_count;
1601 xfs_dablk_t remote_vals[MAX_REMOTE_VALS];
1602 } attr_data;
1603
1604 static inline void
1605 add_remote_vals(
1606 xfs_dablk_t blockidx,
1607 int length)
1608 {
1609 while (length > 0 && attr_data.remote_val_count < MAX_REMOTE_VALS) {
1610 attr_data.remote_vals[attr_data.remote_val_count] = blockidx;
1611 attr_data.remote_val_count++;
1612 blockidx++;
1613 length -= XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
1614 }
1615
1616 if (attr_data.remote_val_count >= MAX_REMOTE_VALS) {
1617 print_warning(
1618 "Overflowed attr obfuscation array. No longer obfuscating remote attrs.");
1619 }
1620 }
1621
1622 /* Handle remote and leaf attributes */
1623 static void
1624 process_attr_block(
1625 char *block,
1626 xfs_fileoff_t offset)
1627 {
1628 struct xfs_attr_leafblock *leaf;
1629 struct xfs_attr3_icleaf_hdr hdr;
1630 int i;
1631 int nentries;
1632 xfs_attr_leaf_entry_t *entry;
1633 xfs_attr_leaf_name_local_t *local;
1634 xfs_attr_leaf_name_remote_t *remote;
1635 uint32_t bs = mp->m_sb.sb_blocksize;
1636 char *first_name;
1637
1638
1639 leaf = (xfs_attr_leafblock_t *)block;
1640
1641 /* Remote attributes - attr3 has XFS_ATTR3_RMT_MAGIC, attr has none */
1642 if ((be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR_LEAF_MAGIC) &&
1643 (be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR3_LEAF_MAGIC)) {
1644 for (i = 0; i < attr_data.remote_val_count; i++) {
1645 if (obfuscate && attr_data.remote_vals[i] == offset)
1646 /* Macros to handle both attr and attr3 */
1647 memset(block +
1648 (bs - XFS_ATTR3_RMT_BUF_SPACE(mp, bs)),
1649 'v', XFS_ATTR3_RMT_BUF_SPACE(mp, bs));
1650 }
1651 return;
1652 }
1653
1654 /* Ok, it's a leaf - get header; accounts for crc & non-crc */
1655 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &hdr, leaf);
1656
1657 nentries = hdr.count;
1658 if (nentries == 0 ||
1659 nentries * sizeof(xfs_attr_leaf_entry_t) +
1660 xfs_attr3_leaf_hdr_size(leaf) >
1661 XFS_ATTR3_RMT_BUF_SPACE(mp, bs)) {
1662 if (show_warnings)
1663 print_warning("invalid attr count in inode %llu",
1664 (long long)cur_ino);
1665 return;
1666 }
1667
1668 entry = xfs_attr3_leaf_entryp(leaf);
1669 /* We will move this as we parse */
1670 first_name = NULL;
1671 for (i = 0; i < nentries; i++, entry++) {
1672 int nlen, vlen, zlen;
1673
1674 /* Grows up; if this name is topmost, move first_name */
1675 if (!first_name || xfs_attr3_leaf_name(leaf, i) < first_name)
1676 first_name = xfs_attr3_leaf_name(leaf, i);
1677
1678 if (be16_to_cpu(entry->nameidx) > mp->m_sb.sb_blocksize) {
1679 if (show_warnings)
1680 print_warning(
1681 "invalid attr nameidx in inode %llu",
1682 (long long)cur_ino);
1683 break;
1684 }
1685 if (entry->flags & XFS_ATTR_LOCAL) {
1686 local = xfs_attr3_leaf_name_local(leaf, i);
1687 if (local->namelen == 0) {
1688 if (show_warnings)
1689 print_warning(
1690 "zero length for attr name in inode %llu",
1691 (long long)cur_ino);
1692 break;
1693 }
1694 if (obfuscate) {
1695 generate_obfuscated_name(0, local->namelen,
1696 &local->nameval[0]);
1697 memset(&local->nameval[local->namelen], 'v',
1698 be16_to_cpu(local->valuelen));
1699 }
1700 /* zero from end of nameval[] to next name start */
1701 nlen = local->namelen;
1702 vlen = be16_to_cpu(local->valuelen);
1703 zlen = xfs_attr_leaf_entsize_local(nlen, vlen) -
1704 (sizeof(xfs_attr_leaf_name_local_t) - 1 +
1705 nlen + vlen);
1706 if (zero_stale_data)
1707 memset(&local->nameval[nlen + vlen], 0, zlen);
1708 } else {
1709 remote = xfs_attr3_leaf_name_remote(leaf, i);
1710 if (remote->namelen == 0 || remote->valueblk == 0) {
1711 if (show_warnings)
1712 print_warning(
1713 "invalid attr entry in inode %llu",
1714 (long long)cur_ino);
1715 break;
1716 }
1717 if (obfuscate) {
1718 generate_obfuscated_name(0, remote->namelen,
1719 &remote->name[0]);
1720 add_remote_vals(be32_to_cpu(remote->valueblk),
1721 be32_to_cpu(remote->valuelen));
1722 }
1723 /* zero from end of name[] to next name start */
1724 nlen = remote->namelen;
1725 zlen = xfs_attr_leaf_entsize_remote(nlen) -
1726 (sizeof(xfs_attr_leaf_name_remote_t) - 1 +
1727 nlen);
1728 if (zero_stale_data)
1729 memset(&remote->name[nlen], 0, zlen);
1730 }
1731 }
1732
1733 /* Zero from end of entries array to the first name/val */
1734 if (zero_stale_data) {
1735 struct xfs_attr_leaf_entry *entries;
1736
1737 entries = xfs_attr3_leaf_entryp(leaf);
1738 memset(&entries[nentries], 0,
1739 first_name - (char *)&entries[nentries]);
1740 }
1741 }
1742
1743 /* Processes symlinks, attrs, directories ... */
1744 static int
1745 process_single_fsb_objects(
1746 xfs_fileoff_t o,
1747 xfs_fsblock_t s,
1748 xfs_filblks_t c,
1749 typnm_t btype,
1750 xfs_fileoff_t last)
1751 {
1752 char *dp;
1753 int ret = 0;
1754 int i;
1755
1756 for (i = 0; i < c; i++) {
1757 push_cur();
1758 set_cur(&typtab[btype], XFS_FSB_TO_DADDR(mp, s), blkbb,
1759 DB_RING_IGN, NULL);
1760
1761 if (!iocur_top->data) {
1762 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1763 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1764
1765 print_warning("cannot read %s block %u/%u (%llu)",
1766 typtab[btype].name, agno, agbno, s);
1767 if (stop_on_read_error)
1768 ret = -EIO;
1769 goto out_pop;
1770
1771 }
1772
1773 if (!obfuscate && !zero_stale_data)
1774 goto write;
1775
1776 /* Zero unused part of interior nodes */
1777 if (zero_stale_data) {
1778 xfs_da_intnode_t *node = iocur_top->data;
1779 int magic = be16_to_cpu(node->hdr.info.magic);
1780
1781 if (magic == XFS_DA_NODE_MAGIC ||
1782 magic == XFS_DA3_NODE_MAGIC) {
1783 struct xfs_da3_icnode_hdr hdr;
1784 int used;
1785
1786 M_DIROPS(mp)->node_hdr_from_disk(&hdr, node);
1787 used = M_DIROPS(mp)->node_hdr_size;
1788
1789 used += hdr.count
1790 * sizeof(struct xfs_da_node_entry);
1791
1792 if (used < mp->m_sb.sb_blocksize) {
1793 memset((char *)node + used, 0,
1794 mp->m_sb.sb_blocksize - used);
1795 iocur_top->need_crc = 1;
1796 }
1797 }
1798 }
1799
1800 /* Handle leaf nodes */
1801 dp = iocur_top->data;
1802 switch (btype) {
1803 case TYP_DIR2:
1804 if (o >= mp->m_dir_geo->leafblk)
1805 break;
1806
1807 process_dir_data_block(dp, o,
1808 last == mp->m_dir_geo->fsbcount);
1809 iocur_top->need_crc = 1;
1810 break;
1811 case TYP_SYMLINK:
1812 process_symlink_block(dp);
1813 iocur_top->need_crc = 1;
1814 break;
1815 case TYP_ATTR:
1816 process_attr_block(dp, o);
1817 iocur_top->need_crc = 1;
1818 break;
1819 default:
1820 break;
1821 }
1822
1823 write:
1824 ret = write_buf(iocur_top);
1825 out_pop:
1826 pop_cur();
1827 if (ret)
1828 break;
1829 o++;
1830 s++;
1831 }
1832
1833 return ret;
1834 }
1835
1836 /*
1837 * Static map to aggregate multiple extents into a single directory block.
1838 */
1839 static struct bbmap mfsb_map;
1840 static int mfsb_length;
1841
1842 static int
1843 process_multi_fsb_objects(
1844 xfs_fileoff_t o,
1845 xfs_fsblock_t s,
1846 xfs_filblks_t c,
1847 typnm_t btype,
1848 xfs_fileoff_t last)
1849 {
1850 int ret = 0;
1851
1852 switch (btype) {
1853 case TYP_DIR2:
1854 break;
1855 default:
1856 print_warning("bad type for multi-fsb object %d", btype);
1857 return -EINVAL;
1858 }
1859
1860 while (c > 0) {
1861 unsigned int bm_len;
1862
1863 if (mfsb_length + c >= mp->m_dir_geo->fsbcount) {
1864 bm_len = mp->m_dir_geo->fsbcount - mfsb_length;
1865 mfsb_length = 0;
1866 } else {
1867 mfsb_length += c;
1868 bm_len = c;
1869 }
1870
1871 mfsb_map.b[mfsb_map.nmaps].bm_bn = XFS_FSB_TO_DADDR(mp, s);
1872 mfsb_map.b[mfsb_map.nmaps].bm_len = XFS_FSB_TO_BB(mp, bm_len);
1873 mfsb_map.nmaps++;
1874
1875 if (mfsb_length == 0) {
1876 push_cur();
1877 set_cur(&typtab[btype], 0, 0, DB_RING_IGN, &mfsb_map);
1878 if (!iocur_top->data) {
1879 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1880 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1881
1882 print_warning("cannot read %s block %u/%u (%llu)",
1883 typtab[btype].name, agno, agbno, s);
1884 if (stop_on_read_error)
1885 ret = -1;
1886 goto out_pop;
1887
1888 }
1889
1890 if ((!obfuscate && !zero_stale_data) ||
1891 o >= mp->m_dir_geo->leafblk) {
1892 ret = write_buf(iocur_top);
1893 goto out_pop;
1894 }
1895
1896 process_dir_data_block(iocur_top->data, o,
1897 last == mp->m_dir_geo->fsbcount);
1898 iocur_top->need_crc = 1;
1899 ret = write_buf(iocur_top);
1900 out_pop:
1901 pop_cur();
1902 mfsb_map.nmaps = 0;
1903 if (ret)
1904 break;
1905 }
1906 c -= bm_len;
1907 s += bm_len;
1908 }
1909
1910 return ret;
1911 }
1912
1913 /* inode copy routines */
1914 static int
1915 process_bmbt_reclist(
1916 xfs_bmbt_rec_t *rp,
1917 int numrecs,
1918 typnm_t btype)
1919 {
1920 int i;
1921 xfs_fileoff_t o, op = NULLFILEOFF;
1922 xfs_fsblock_t s;
1923 xfs_filblks_t c, cp = NULLFILEOFF;
1924 int f;
1925 xfs_fileoff_t last;
1926 xfs_agnumber_t agno;
1927 xfs_agblock_t agbno;
1928 int error;
1929
1930 if (btype == TYP_DATA)
1931 return 1;
1932
1933 convert_extent(&rp[numrecs - 1], &o, &s, &c, &f);
1934 last = o + c;
1935
1936 for (i = 0; i < numrecs; i++, rp++) {
1937 convert_extent(rp, &o, &s, &c, &f);
1938
1939 /*
1940 * ignore extents that are clearly bogus, and if a bogus
1941 * one is found, stop processing remaining extents
1942 */
1943 if (i > 0 && op + cp > o) {
1944 if (show_warnings)
1945 print_warning("bmap extent %d in %s ino %llu "
1946 "starts at %llu, previous extent "
1947 "ended at %llu", i,
1948 typtab[btype].name, (long long)cur_ino,
1949 o, op + cp - 1);
1950 break;
1951 }
1952
1953 if (c > max_extent_size) {
1954 /*
1955 * since we are only processing non-data extents,
1956 * large numbers of blocks in a metadata extent is
1957 * extremely rare and more than likely to be corrupt.
1958 */
1959 if (show_warnings)
1960 print_warning("suspicious count %u in bmap "
1961 "extent %d in %s ino %llu", c, i,
1962 typtab[btype].name, (long long)cur_ino);
1963 break;
1964 }
1965
1966 op = o;
1967 cp = c;
1968
1969 agno = XFS_FSB_TO_AGNO(mp, s);
1970 agbno = XFS_FSB_TO_AGBNO(mp, s);
1971
1972 if (!valid_bno(agno, agbno)) {
1973 if (show_warnings)
1974 print_warning("invalid block number %u/%u "
1975 "(%llu) in bmap extent %d in %s ino "
1976 "%llu", agno, agbno, s, i,
1977 typtab[btype].name, (long long)cur_ino);
1978 break;
1979 }
1980
1981 if (!valid_bno(agno, agbno + c - 1)) {
1982 if (show_warnings)
1983 print_warning("bmap extent %i in %s inode %llu "
1984 "overflows AG (end is %u/%u)", i,
1985 typtab[btype].name, (long long)cur_ino,
1986 agno, agbno + c - 1);
1987 break;
1988 }
1989
1990 /* multi-extent blocks require special handling */
1991 if (btype != TYP_DIR2 || mp->m_dir_geo->fsbcount == 1) {
1992 error = process_single_fsb_objects(o, s, c, btype, last);
1993 } else {
1994 error = process_multi_fsb_objects(o, s, c, btype, last);
1995 }
1996 if (error)
1997 return 0;
1998 }
1999
2000 return 1;
2001 }
2002
2003 static int
2004 scanfunc_bmap(
2005 struct xfs_btree_block *block,
2006 xfs_agnumber_t agno,
2007 xfs_agblock_t agbno,
2008 int level,
2009 typnm_t btype,
2010 void *arg) /* ptr to itype */
2011 {
2012 int i;
2013 xfs_bmbt_ptr_t *pp;
2014 int nrecs;
2015
2016 nrecs = be16_to_cpu(block->bb_numrecs);
2017
2018 if (level == 0) {
2019 if (nrecs > mp->m_bmap_dmxr[0]) {
2020 if (show_warnings)
2021 print_warning("invalid numrecs (%u) in %s "
2022 "block %u/%u", nrecs,
2023 typtab[btype].name, agno, agbno);
2024 return 1;
2025 }
2026 return process_bmbt_reclist(XFS_BMBT_REC_ADDR(mp, block, 1),
2027 nrecs, *(typnm_t*)arg);
2028 }
2029
2030 if (nrecs > mp->m_bmap_dmxr[1]) {
2031 if (show_warnings)
2032 print_warning("invalid numrecs (%u) in %s block %u/%u",
2033 nrecs, typtab[btype].name, agno, agbno);
2034 return 1;
2035 }
2036 pp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
2037 for (i = 0; i < nrecs; i++) {
2038 xfs_agnumber_t ag;
2039 xfs_agblock_t bno;
2040
2041 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2042 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2043
2044 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2045 ag > mp->m_sb.sb_agcount) {
2046 if (show_warnings)
2047 print_warning("invalid block number (%u/%u) "
2048 "in %s block %u/%u", ag, bno,
2049 typtab[btype].name, agno, agbno);
2050 continue;
2051 }
2052
2053 if (!scan_btree(ag, bno, level, btype, arg, scanfunc_bmap))
2054 return 0;
2055 }
2056 return 1;
2057 }
2058
2059 static int
2060 process_btinode(
2061 xfs_dinode_t *dip,
2062 typnm_t itype)
2063 {
2064 xfs_bmdr_block_t *dib;
2065 int i;
2066 xfs_bmbt_ptr_t *pp;
2067 int level;
2068 int nrecs;
2069 int maxrecs;
2070 int whichfork;
2071 typnm_t btype;
2072
2073 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2074 btype = (itype == TYP_ATTR) ? TYP_BMAPBTA : TYP_BMAPBTD;
2075
2076 dib = (xfs_bmdr_block_t *)XFS_DFORK_PTR(dip, whichfork);
2077 level = be16_to_cpu(dib->bb_level);
2078 nrecs = be16_to_cpu(dib->bb_numrecs);
2079
2080 if (level > XFS_BM_MAXLEVELS(mp, whichfork)) {
2081 if (show_warnings)
2082 print_warning("invalid level (%u) in inode %lld %s "
2083 "root", level, (long long)cur_ino,
2084 typtab[btype].name);
2085 return 1;
2086 }
2087
2088 if (level == 0) {
2089 return process_bmbt_reclist(XFS_BMDR_REC_ADDR(dib, 1),
2090 nrecs, itype);
2091 }
2092
2093 maxrecs = libxfs_bmdr_maxrecs(XFS_DFORK_SIZE(dip, mp, whichfork), 0);
2094 if (nrecs > maxrecs) {
2095 if (show_warnings)
2096 print_warning("invalid numrecs (%u) in inode %lld %s "
2097 "root", nrecs, (long long)cur_ino,
2098 typtab[btype].name);
2099 return 1;
2100 }
2101
2102 pp = XFS_BMDR_PTR_ADDR(dib, 1, maxrecs);
2103 for (i = 0; i < nrecs; i++) {
2104 xfs_agnumber_t ag;
2105 xfs_agblock_t bno;
2106
2107 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2108 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2109
2110 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2111 ag > mp->m_sb.sb_agcount) {
2112 if (show_warnings)
2113 print_warning("invalid block number (%u/%u) "
2114 "in inode %llu %s root", ag,
2115 bno, (long long)cur_ino,
2116 typtab[btype].name);
2117 continue;
2118 }
2119
2120 if (!scan_btree(ag, bno, level, btype, &itype, scanfunc_bmap))
2121 return 0;
2122 }
2123 return 1;
2124 }
2125
2126 static int
2127 process_exinode(
2128 xfs_dinode_t *dip,
2129 typnm_t itype)
2130 {
2131 int whichfork;
2132 int used;
2133 xfs_extnum_t nex;
2134
2135 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2136
2137 nex = XFS_DFORK_NEXTENTS(dip, whichfork);
2138 used = nex * sizeof(xfs_bmbt_rec_t);
2139 if (nex < 0 || used > XFS_DFORK_SIZE(dip, mp, whichfork)) {
2140 if (show_warnings)
2141 print_warning("bad number of extents %d in inode %lld",
2142 nex, (long long)cur_ino);
2143 return 1;
2144 }
2145
2146 /* Zero unused data fork past used extents */
2147 if (zero_stale_data && (used < XFS_DFORK_SIZE(dip, mp, whichfork)))
2148 memset(XFS_DFORK_PTR(dip, whichfork) + used, 0,
2149 XFS_DFORK_SIZE(dip, mp, whichfork) - used);
2150
2151
2152 return process_bmbt_reclist((xfs_bmbt_rec_t *)XFS_DFORK_PTR(dip,
2153 whichfork), nex, itype);
2154 }
2155
2156 static int
2157 process_inode_data(
2158 xfs_dinode_t *dip,
2159 typnm_t itype)
2160 {
2161 switch (dip->di_format) {
2162 case XFS_DINODE_FMT_LOCAL:
2163 if (obfuscate || zero_stale_data)
2164 switch (itype) {
2165 case TYP_DIR2:
2166 process_sf_dir(dip);
2167 break;
2168
2169 case TYP_SYMLINK:
2170 process_sf_symlink(dip);
2171 break;
2172
2173 default: ;
2174 }
2175 break;
2176
2177 case XFS_DINODE_FMT_EXTENTS:
2178 return process_exinode(dip, itype);
2179
2180 case XFS_DINODE_FMT_BTREE:
2181 return process_btinode(dip, itype);
2182 }
2183 return 1;
2184 }
2185
2186 /*
2187 * when we process the inode, we may change the data in the data and/or
2188 * attribute fork if they are in short form and we are obfuscating names.
2189 * In this case we need to recalculate the CRC of the inode, but we should
2190 * only do that if the CRC in the inode is good to begin with. If the crc
2191 * is not ok, we just leave it alone.
2192 */
2193 static int
2194 process_inode(
2195 xfs_agnumber_t agno,
2196 xfs_agino_t agino,
2197 xfs_dinode_t *dip,
2198 bool free_inode)
2199 {
2200 int success;
2201 bool crc_was_ok = false; /* no recalc by default */
2202 bool need_new_crc = false;
2203
2204 success = 1;
2205 cur_ino = XFS_AGINO_TO_INO(mp, agno, agino);
2206
2207 /* we only care about crc recalculation if we will modify the inode. */
2208 if (obfuscate || zero_stale_data) {
2209 crc_was_ok = libxfs_verify_cksum((char *)dip,
2210 mp->m_sb.sb_inodesize,
2211 offsetof(struct xfs_dinode, di_crc));
2212 }
2213
2214 if (free_inode) {
2215 if (zero_stale_data) {
2216 /* Zero all of the inode literal area */
2217 memset(XFS_DFORK_DPTR(dip), 0,
2218 XFS_LITINO(mp, dip->di_version));
2219 }
2220 goto done;
2221 }
2222
2223 /* copy appropriate data fork metadata */
2224 switch (be16_to_cpu(dip->di_mode) & S_IFMT) {
2225 case S_IFDIR:
2226 success = process_inode_data(dip, TYP_DIR2);
2227 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2228 need_new_crc = 1;
2229 break;
2230 case S_IFLNK:
2231 success = process_inode_data(dip, TYP_SYMLINK);
2232 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2233 need_new_crc = 1;
2234 break;
2235 case S_IFREG:
2236 success = process_inode_data(dip, TYP_DATA);
2237 break;
2238 default: ;
2239 }
2240 nametable_clear();
2241
2242 /* copy extended attributes if they exist and forkoff is valid */
2243 if (success &&
2244 XFS_DFORK_DSIZE(dip, mp) < XFS_LITINO(mp, dip->di_version)) {
2245 attr_data.remote_val_count = 0;
2246 switch (dip->di_aformat) {
2247 case XFS_DINODE_FMT_LOCAL:
2248 need_new_crc = 1;
2249 if (obfuscate || zero_stale_data)
2250 process_sf_attr(dip);
2251 break;
2252
2253 case XFS_DINODE_FMT_EXTENTS:
2254 success = process_exinode(dip, TYP_ATTR);
2255 break;
2256
2257 case XFS_DINODE_FMT_BTREE:
2258 success = process_btinode(dip, TYP_ATTR);
2259 break;
2260 }
2261 nametable_clear();
2262 }
2263
2264 done:
2265 /* Heavy handed but low cost; just do it as a catch-all. */
2266 if (zero_stale_data)
2267 need_new_crc = 1;
2268
2269 if (crc_was_ok && need_new_crc)
2270 libxfs_dinode_calc_crc(mp, dip);
2271 return success;
2272 }
2273
2274 static uint32_t inodes_copied;
2275
2276 static int
2277 copy_inode_chunk(
2278 xfs_agnumber_t agno,
2279 xfs_inobt_rec_t *rp)
2280 {
2281 xfs_agino_t agino;
2282 int off;
2283 xfs_agblock_t agbno;
2284 xfs_agblock_t end_agbno;
2285 int i;
2286 int rval = 0;
2287 int blks_per_buf;
2288 int inodes_per_buf;
2289 int ioff;
2290
2291 agino = be32_to_cpu(rp->ir_startino);
2292 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2293 end_agbno = agbno + mp->m_ialloc_blks;
2294 off = XFS_INO_TO_OFFSET(mp, agino);
2295
2296 /*
2297 * If the fs supports sparse inode records, we must process inodes a
2298 * cluster at a time because that is the sparse allocation granularity.
2299 * Otherwise, we risk CRC corruption errors on reads of inode chunks.
2300 *
2301 * Also make sure that that we don't process more than the single record
2302 * we've been passed (large block sizes can hold multiple inode chunks).
2303 */
2304 if (xfs_sb_version_hassparseinodes(&mp->m_sb))
2305 blks_per_buf = xfs_icluster_size_fsb(mp);
2306 else
2307 blks_per_buf = mp->m_ialloc_blks;
2308 inodes_per_buf = min(blks_per_buf << mp->m_sb.sb_inopblog,
2309 XFS_INODES_PER_CHUNK);
2310
2311 /*
2312 * Sanity check that we only process a single buffer if ir_startino has
2313 * a buffer offset. A non-zero offset implies that the entire chunk lies
2314 * within a block.
2315 */
2316 if (off && inodes_per_buf != XFS_INODES_PER_CHUNK) {
2317 print_warning("bad starting inode offset %d", off);
2318 return 0;
2319 }
2320
2321 if (agino == 0 || agino == NULLAGINO || !valid_bno(agno, agbno) ||
2322 !valid_bno(agno, XFS_AGINO_TO_AGBNO(mp,
2323 agino + XFS_INODES_PER_CHUNK - 1))) {
2324 if (show_warnings)
2325 print_warning("bad inode number %llu (%u/%u)",
2326 XFS_AGINO_TO_INO(mp, agno, agino), agno, agino);
2327 return 1;
2328 }
2329
2330 /*
2331 * check for basic assumptions about inode chunks, and if any
2332 * assumptions fail, don't process the inode chunk.
2333 */
2334 if ((mp->m_sb.sb_inopblock <= XFS_INODES_PER_CHUNK && off != 0) ||
2335 (mp->m_sb.sb_inopblock > XFS_INODES_PER_CHUNK &&
2336 off % XFS_INODES_PER_CHUNK != 0) ||
2337 (xfs_sb_version_hasalign(&mp->m_sb) &&
2338 mp->m_sb.sb_inoalignmt != 0 &&
2339 agbno % mp->m_sb.sb_inoalignmt != 0)) {
2340 if (show_warnings)
2341 print_warning("badly aligned inode (start = %llu)",
2342 XFS_AGINO_TO_INO(mp, agno, agino));
2343 return 1;
2344 }
2345
2346 push_cur();
2347 ioff = 0;
2348 while (agbno < end_agbno && ioff < XFS_INODES_PER_CHUNK) {
2349 if (xfs_inobt_is_sparse_disk(rp, ioff))
2350 goto next_bp;
2351
2352 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2353 XFS_FSB_TO_BB(mp, blks_per_buf), DB_RING_IGN, NULL);
2354 if (iocur_top->data == NULL) {
2355 print_warning("cannot read inode block %u/%u",
2356 agno, agbno);
2357 rval = !stop_on_read_error;
2358 goto pop_out;
2359 }
2360
2361 for (i = 0; i < inodes_per_buf; i++) {
2362 xfs_dinode_t *dip;
2363
2364 dip = (xfs_dinode_t *)((char *)iocur_top->data +
2365 ((off + i) << mp->m_sb.sb_inodelog));
2366
2367 /* process_inode handles free inodes, too */
2368 if (!process_inode(agno, agino + ioff + i, dip,
2369 XFS_INOBT_IS_FREE_DISK(rp, ioff + i)))
2370 goto pop_out;
2371
2372 inodes_copied++;
2373 }
2374
2375 if (write_buf(iocur_top))
2376 goto pop_out;
2377
2378 next_bp:
2379 agbno += blks_per_buf;
2380 ioff += inodes_per_buf;
2381 }
2382
2383 if (show_progress)
2384 print_progress("Copied %u of %u inodes (%u of %u AGs)",
2385 inodes_copied, mp->m_sb.sb_icount, agno,
2386 mp->m_sb.sb_agcount);
2387 rval = 1;
2388 pop_out:
2389 pop_cur();
2390 return rval;
2391 }
2392
2393 static int
2394 scanfunc_ino(
2395 struct xfs_btree_block *block,
2396 xfs_agnumber_t agno,
2397 xfs_agblock_t agbno,
2398 int level,
2399 typnm_t btype,
2400 void *arg)
2401 {
2402 xfs_inobt_rec_t *rp;
2403 xfs_inobt_ptr_t *pp;
2404 int i;
2405 int numrecs;
2406 int finobt = *(int *) arg;
2407
2408 numrecs = be16_to_cpu(block->bb_numrecs);
2409
2410 if (level == 0) {
2411 if (numrecs > mp->m_inobt_mxr[0]) {
2412 if (show_warnings)
2413 print_warning("invalid numrecs %d in %s "
2414 "block %u/%u", numrecs,
2415 typtab[btype].name, agno, agbno);
2416 numrecs = mp->m_inobt_mxr[0];
2417 }
2418
2419 /*
2420 * Only copy the btree blocks for the finobt. The inobt scan
2421 * copies the inode chunks.
2422 */
2423 if (finobt)
2424 return 1;
2425
2426 rp = XFS_INOBT_REC_ADDR(mp, block, 1);
2427 for (i = 0; i < numrecs; i++, rp++) {
2428 if (!copy_inode_chunk(agno, rp))
2429 return 0;
2430 }
2431 return 1;
2432 }
2433
2434 if (numrecs > mp->m_inobt_mxr[1]) {
2435 if (show_warnings)
2436 print_warning("invalid numrecs %d in %s block %u/%u",
2437 numrecs, typtab[btype].name, agno, agbno);
2438 numrecs = mp->m_inobt_mxr[1];
2439 }
2440
2441 pp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
2442 for (i = 0; i < numrecs; i++) {
2443 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
2444 if (show_warnings)
2445 print_warning("invalid block number (%u/%u) "
2446 "in %s block %u/%u",
2447 agno, be32_to_cpu(pp[i]),
2448 typtab[btype].name, agno, agbno);
2449 continue;
2450 }
2451 if (!scan_btree(agno, be32_to_cpu(pp[i]), level,
2452 btype, arg, scanfunc_ino))
2453 return 0;
2454 }
2455 return 1;
2456 }
2457
2458 static int
2459 copy_inodes(
2460 xfs_agnumber_t agno,
2461 xfs_agi_t *agi)
2462 {
2463 xfs_agblock_t root;
2464 int levels;
2465 int finobt = 0;
2466
2467 root = be32_to_cpu(agi->agi_root);
2468 levels = be32_to_cpu(agi->agi_level);
2469
2470 /* validate root and levels before processing the tree */
2471 if (root == 0 || root > mp->m_sb.sb_agblocks) {
2472 if (show_warnings)
2473 print_warning("invalid block number (%u) in inobt "
2474 "root in agi %u", root, agno);
2475 return 1;
2476 }
2477 if (levels >= XFS_BTREE_MAXLEVELS) {
2478 if (show_warnings)
2479 print_warning("invalid level (%u) in inobt root "
2480 "in agi %u", levels, agno);
2481 return 1;
2482 }
2483
2484 if (!scan_btree(agno, root, levels, TYP_INOBT, &finobt, scanfunc_ino))
2485 return 0;
2486
2487 if (xfs_sb_version_hasfinobt(&mp->m_sb)) {
2488 root = be32_to_cpu(agi->agi_free_root);
2489 levels = be32_to_cpu(agi->agi_free_level);
2490
2491 finobt = 1;
2492 if (!scan_btree(agno, root, levels, TYP_INOBT, &finobt,
2493 scanfunc_ino))
2494 return 0;
2495 }
2496
2497 return 1;
2498 }
2499
2500 static int
2501 scan_ag(
2502 xfs_agnumber_t agno)
2503 {
2504 xfs_agf_t *agf;
2505 xfs_agi_t *agi;
2506 int stack_count = 0;
2507 int rval = 0;
2508
2509 /* copy the superblock of the AG */
2510 push_cur();
2511 stack_count++;
2512 set_cur(&typtab[TYP_SB], XFS_AG_DADDR(mp, agno, XFS_SB_DADDR),
2513 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2514 if (!iocur_top->data) {
2515 print_warning("cannot read superblock for ag %u", agno);
2516 if (stop_on_read_error)
2517 goto pop_out;
2518 } else {
2519 /* Replace any filesystem label with "L's" */
2520 if (obfuscate) {
2521 struct xfs_sb *sb = iocur_top->data;
2522 memset(sb->sb_fname, 'L',
2523 min(strlen(sb->sb_fname), sizeof(sb->sb_fname)));
2524 iocur_top->need_crc = 1;
2525 }
2526 if (write_buf(iocur_top))
2527 goto pop_out;
2528 }
2529
2530 /* copy the AG free space btree root */
2531 push_cur();
2532 stack_count++;
2533 set_cur(&typtab[TYP_AGF], XFS_AG_DADDR(mp, agno, XFS_AGF_DADDR(mp)),
2534 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2535 agf = iocur_top->data;
2536 if (iocur_top->data == NULL) {
2537 print_warning("cannot read agf block for ag %u", agno);
2538 if (stop_on_read_error)
2539 goto pop_out;
2540 } else {
2541 if (write_buf(iocur_top))
2542 goto pop_out;
2543 }
2544
2545 /* copy the AG inode btree root */
2546 push_cur();
2547 stack_count++;
2548 set_cur(&typtab[TYP_AGI], XFS_AG_DADDR(mp, agno, XFS_AGI_DADDR(mp)),
2549 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2550 agi = iocur_top->data;
2551 if (iocur_top->data == NULL) {
2552 print_warning("cannot read agi block for ag %u", agno);
2553 if (stop_on_read_error)
2554 goto pop_out;
2555 } else {
2556 if (write_buf(iocur_top))
2557 goto pop_out;
2558 }
2559
2560 /* copy the AG free list header */
2561 push_cur();
2562 stack_count++;
2563 set_cur(&typtab[TYP_AGFL], XFS_AG_DADDR(mp, agno, XFS_AGFL_DADDR(mp)),
2564 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2565 if (iocur_top->data == NULL) {
2566 print_warning("cannot read agfl block for ag %u", agno);
2567 if (stop_on_read_error)
2568 goto pop_out;
2569 } else {
2570 if (agf && zero_stale_data) {
2571 /* Zero out unused bits of agfl */
2572 int i;
2573 __be32 *agfl_bno;
2574
2575 agfl_bno = XFS_BUF_TO_AGFL_BNO(mp, iocur_top->bp);
2576 i = be32_to_cpu(agf->agf_fllast);
2577
2578 for (;;) {
2579 if (++i == XFS_AGFL_SIZE(mp))
2580 i = 0;
2581 if (i == be32_to_cpu(agf->agf_flfirst))
2582 break;
2583 agfl_bno[i] = cpu_to_be32(NULLAGBLOCK);
2584 }
2585 iocur_top->need_crc = 1;
2586 }
2587 if (write_buf(iocur_top))
2588 goto pop_out;
2589 }
2590
2591 /* copy AG free space btrees */
2592 if (agf) {
2593 if (show_progress)
2594 print_progress("Copying free space trees of AG %u",
2595 agno);
2596 if (!copy_free_bno_btree(agno, agf))
2597 goto pop_out;
2598 if (!copy_free_cnt_btree(agno, agf))
2599 goto pop_out;
2600 if (!copy_rmap_btree(agno, agf))
2601 goto pop_out;
2602 if (!copy_refcount_btree(agno, agf))
2603 goto pop_out;
2604 }
2605
2606 /* copy inode btrees and the inodes and their associated metadata */
2607 if (agi) {
2608 if (!copy_inodes(agno, agi))
2609 goto pop_out;
2610 }
2611 rval = 1;
2612 pop_out:
2613 while (stack_count--)
2614 pop_cur();
2615 return rval;
2616 }
2617
2618 static int
2619 copy_ino(
2620 xfs_ino_t ino,
2621 typnm_t itype)
2622 {
2623 xfs_agnumber_t agno;
2624 xfs_agblock_t agbno;
2625 xfs_agino_t agino;
2626 int offset;
2627 int rval = 0;
2628
2629 if (ino == 0 || ino == NULLFSINO)
2630 return 1;
2631
2632 agno = XFS_INO_TO_AGNO(mp, ino);
2633 agino = XFS_INO_TO_AGINO(mp, ino);
2634 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2635 offset = XFS_AGINO_TO_OFFSET(mp, agino);
2636
2637 if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
2638 offset >= mp->m_sb.sb_inopblock) {
2639 if (show_warnings)
2640 print_warning("invalid %s inode number (%lld)",
2641 typtab[itype].name, (long long)ino);
2642 return 1;
2643 }
2644
2645 push_cur();
2646 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2647 blkbb, DB_RING_IGN, NULL);
2648 if (iocur_top->data == NULL) {
2649 print_warning("cannot read %s inode %lld",
2650 typtab[itype].name, (long long)ino);
2651 rval = !stop_on_read_error;
2652 goto pop_out;
2653 }
2654 off_cur(offset << mp->m_sb.sb_inodelog, mp->m_sb.sb_inodesize);
2655
2656 cur_ino = ino;
2657 rval = process_inode_data(iocur_top->data, itype);
2658 pop_out:
2659 pop_cur();
2660 return rval;
2661 }
2662
2663
2664 static int
2665 copy_sb_inodes(void)
2666 {
2667 if (!copy_ino(mp->m_sb.sb_rbmino, TYP_RTBITMAP))
2668 return 0;
2669
2670 if (!copy_ino(mp->m_sb.sb_rsumino, TYP_RTSUMMARY))
2671 return 0;
2672
2673 if (!copy_ino(mp->m_sb.sb_uquotino, TYP_DQBLK))
2674 return 0;
2675
2676 if (!copy_ino(mp->m_sb.sb_gquotino, TYP_DQBLK))
2677 return 0;
2678
2679 return copy_ino(mp->m_sb.sb_pquotino, TYP_DQBLK);
2680 }
2681
2682 static int
2683 copy_log(void)
2684 {
2685 struct xlog log;
2686 int dirty;
2687 xfs_daddr_t logstart;
2688 int logblocks;
2689 int logversion;
2690 int cycle = XLOG_INIT_CYCLE;
2691
2692 if (show_progress)
2693 print_progress("Copying log");
2694
2695 push_cur();
2696 set_cur(&typtab[TYP_LOG], XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2697 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2698 if (iocur_top->data == NULL) {
2699 pop_cur();
2700 print_warning("cannot read log");
2701 return !stop_on_read_error;
2702 }
2703
2704 /* If not obfuscating or zeroing, just copy the log as it is */
2705 if (!obfuscate && !zero_stale_data)
2706 goto done;
2707
2708 dirty = xlog_is_dirty(mp, &log, &x, 0);
2709
2710 switch (dirty) {
2711 case 0:
2712 /* clear out a clean log */
2713 if (show_progress)
2714 print_progress("Zeroing clean log");
2715
2716 logstart = XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart);
2717 logblocks = XFS_FSB_TO_BB(mp, mp->m_sb.sb_logblocks);
2718 logversion = xfs_sb_version_haslogv2(&mp->m_sb) ? 2 : 1;
2719 if (xfs_sb_version_hascrc(&mp->m_sb))
2720 cycle = log.l_curr_cycle + 1;
2721
2722 libxfs_log_clear(NULL, iocur_top->data, logstart, logblocks,
2723 &mp->m_sb.sb_uuid, logversion,
2724 mp->m_sb.sb_logsunit, XLOG_FMT, cycle, true);
2725 break;
2726 case 1:
2727 /* keep the dirty log */
2728 if (obfuscate)
2729 print_warning(
2730 _("Warning: log recovery of an obfuscated metadata image can leak "
2731 "unobfuscated metadata and/or cause image corruption. If possible, "
2732 "please mount the filesystem to clean the log, or disable obfuscation."));
2733 break;
2734 case -1:
2735 /* log detection error */
2736 if (obfuscate)
2737 print_warning(
2738 _("Could not discern log; image will contain unobfuscated metadata in log."));
2739 break;
2740 }
2741
2742 done:
2743 return !write_buf(iocur_top);
2744 }
2745
2746 static int
2747 metadump_f(
2748 int argc,
2749 char **argv)
2750 {
2751 xfs_agnumber_t agno;
2752 int c;
2753 int start_iocur_sp;
2754 int outfd = -1;
2755 int ret;
2756 char *p;
2757
2758 exitcode = 1;
2759 show_progress = 0;
2760 show_warnings = 0;
2761 stop_on_read_error = 0;
2762
2763 if (mp->m_sb.sb_magicnum != XFS_SB_MAGIC) {
2764 print_warning("bad superblock magic number %x, giving up",
2765 mp->m_sb.sb_magicnum);
2766 return 0;
2767 }
2768
2769 /*
2770 * on load, we sanity-checked agcount and possibly set to 1
2771 * if it was corrupted and large.
2772 */
2773 if (mp->m_sb.sb_agcount == 1 &&
2774 XFS_MAX_DBLOCKS(&mp->m_sb) < mp->m_sb.sb_dblocks) {
2775 print_warning("truncated agcount, giving up");
2776 return 0;
2777 }
2778
2779 while ((c = getopt(argc, argv, "aegm:ow")) != EOF) {
2780 switch (c) {
2781 case 'a':
2782 zero_stale_data = 0;
2783 break;
2784 case 'e':
2785 stop_on_read_error = 1;
2786 break;
2787 case 'g':
2788 show_progress = 1;
2789 break;
2790 case 'm':
2791 max_extent_size = (int)strtol(optarg, &p, 0);
2792 if (*p != '\0' || max_extent_size <= 0) {
2793 print_warning("bad max extent size %s",
2794 optarg);
2795 return 0;
2796 }
2797 break;
2798 case 'o':
2799 obfuscate = 0;
2800 break;
2801 case 'w':
2802 show_warnings = 1;
2803 break;
2804 default:
2805 print_warning("bad option for metadump command");
2806 return 0;
2807 }
2808 }
2809
2810 if (optind != argc - 1) {
2811 print_warning("too few options for metadump (no filename given)");
2812 return 0;
2813 }
2814
2815 metablock = (xfs_metablock_t *)calloc(BBSIZE + 1, BBSIZE);
2816 if (metablock == NULL) {
2817 print_warning("memory allocation failure");
2818 return 0;
2819 }
2820 metablock->mb_blocklog = BBSHIFT;
2821 metablock->mb_magic = cpu_to_be32(XFS_MD_MAGIC);
2822
2823 /* Set flags about state of metadump */
2824 metablock->mb_info = XFS_METADUMP_INFO_FLAGS;
2825 if (obfuscate)
2826 metablock->mb_info |= XFS_METADUMP_OBFUSCATED;
2827 if (!zero_stale_data)
2828 metablock->mb_info |= XFS_METADUMP_FULLBLOCKS;
2829
2830 /* If we'll copy the log, see if the log is dirty */
2831 if (mp->m_sb.sb_logstart) {
2832 push_cur();
2833 set_cur(&typtab[TYP_LOG],
2834 XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2835 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2836 if (iocur_top->data) { /* best effort */
2837 struct xlog log;
2838
2839 if (xlog_is_dirty(mp, &log, &x, 0))
2840 metablock->mb_info |= XFS_METADUMP_DIRTYLOG;
2841 }
2842 pop_cur();
2843 }
2844
2845 block_index = (__be64 *)((char *)metablock + sizeof(xfs_metablock_t));
2846 block_buffer = (char *)metablock + BBSIZE;
2847 num_indices = (BBSIZE - sizeof(xfs_metablock_t)) / sizeof(__be64);
2848
2849 /*
2850 * A metadump block can hold at most num_indices of BBSIZE sectors;
2851 * do not try to dump a filesystem with a sector size which does not
2852 * fit within num_indices (i.e. within a single metablock).
2853 */
2854 if (mp->m_sb.sb_sectsize > num_indices * BBSIZE) {
2855 print_warning("Cannot dump filesystem with sector size %u",
2856 mp->m_sb.sb_sectsize);
2857 free(metablock);
2858 return 0;
2859 }
2860
2861 cur_index = 0;
2862 start_iocur_sp = iocur_sp;
2863
2864 if (strcmp(argv[optind], "-") == 0) {
2865 if (isatty(fileno(stdout))) {
2866 print_warning("cannot write to a terminal");
2867 free(metablock);
2868 return 0;
2869 }
2870 /*
2871 * Redirect stdout to stderr for the duration of the
2872 * metadump operation so that dbprintf and other messages
2873 * are sent to the console instead of polluting the
2874 * metadump stream.
2875 *
2876 * We get to do this the hard way because musl doesn't
2877 * allow reassignment of stdout.
2878 */
2879 fflush(stdout);
2880 outfd = dup(STDOUT_FILENO);
2881 if (outfd < 0) {
2882 perror("opening dump stream");
2883 goto out;
2884 }
2885 ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2886 if (ret < 0) {
2887 perror("redirecting stdout");
2888 close(outfd);
2889 goto out;
2890 }
2891 outf = fdopen(outfd, "a");
2892 if (outf == NULL) {
2893 fprintf(stderr, "cannot create dump stream\n");
2894 dup2(outfd, STDOUT_FILENO);
2895 close(outfd);
2896 goto out;
2897 }
2898 stdout_metadump = true;
2899 } else {
2900 outf = fopen(argv[optind], "wb");
2901 if (outf == NULL) {
2902 print_warning("cannot create dump file");
2903 goto out;
2904 }
2905 }
2906
2907 exitcode = 0;
2908
2909 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
2910 if (!scan_ag(agno)) {
2911 exitcode = 1;
2912 break;
2913 }
2914 }
2915
2916 /* copy realtime and quota inode contents */
2917 if (!exitcode)
2918 exitcode = !copy_sb_inodes();
2919
2920 /* copy log if it's internal */
2921 if ((mp->m_sb.sb_logstart != 0) && !exitcode)
2922 exitcode = !copy_log();
2923
2924 /* write the remaining index */
2925 if (!exitcode)
2926 exitcode = write_index() < 0;
2927
2928 if (progress_since_warning)
2929 fputc('\n', stdout_metadump ? stderr : stdout);
2930
2931 if (stdout_metadump) {
2932 fflush(outf);
2933 fflush(stdout);
2934 ret = dup2(outfd, STDOUT_FILENO);
2935 if (ret < 0)
2936 perror("un-redirecting stdout");
2937 }
2938 fclose(outf);
2939
2940 /* cleanup iocur stack */
2941 while (iocur_sp > start_iocur_sp)
2942 pop_cur();
2943 out:
2944 free(metablock);
2945
2946 return 0;
2947 }
Unnamed repository; edit this file 'description' to name the repository.