]> git.ipfire.org Git - thirdparty/e2fsprogs.git/blob - misc/e2fuzz.c
Merge remote-tracking branch 'origin/maint' into next
[thirdparty/e2fsprogs.git] / misc / e2fuzz.c
1 /*
2 * e2fuzz.c -- Fuzz an ext4 image, for testing purposes.
3 *
4 * Copyright (C) 2014 Oracle.
5 *
6 * %Begin-Header%
7 * This file may be redistributed under the terms of the GNU Library
8 * General Public License, version 2.
9 * %End-Header%
10 */
11 #define _XOPEN_SOURCE 600
12 #define _FILE_OFFSET_BITS 64
13 #define _LARGEFILE64_SOURCE 1
14 #define _GNU_SOURCE 1
15
16 #include "config.h"
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <fcntl.h>
20 #include <stdint.h>
21 #include <unistd.h>
22 #ifdef HAVE_GETOPT_H
23 #include <getopt.h>
24 #endif
25
26 #include "ext2fs/ext2_fs.h"
27 #include "ext2fs/ext2fs.h"
28
29 static int dryrun = 0;
30 static int verbose = 0;
31 static int metadata_only = 1;
32 static unsigned long long user_corrupt_bytes = 0;
33 static double user_corrupt_pct = 0.0;
34
35 #if !defined HAVE_PWRITE64 && !defined HAVE_PWRITE
36 static ssize_t my_pwrite(int fd, const void *buf, size_t count, off_t offset)
37 {
38 if (lseek(fd, offset, SEEK_SET) < 0)
39 return 0;
40
41 return write(fd, buf, count);
42 }
43 #endif /* !defined HAVE_PWRITE64 && !defined HAVE_PWRITE */
44
45 static int getseed(void)
46 {
47 int r;
48 int fd;
49
50 fd = open("/dev/urandom", O_RDONLY);
51 if (fd < 0) {
52 perror("open");
53 exit(0);
54 }
55 if (read(fd, &r, sizeof(r)) != sizeof(r))
56 printf("Unable to read random seed!\n");
57 close(fd);
58 return r;
59 }
60
61 struct find_block {
62 ext2_ino_t ino;
63 ext2fs_block_bitmap bmap;
64 struct ext2_inode *inode;
65 blk64_t corrupt_blocks;
66 };
67
68 static int find_block_helper(ext2_filsys fs EXT2FS_ATTR((unused)),
69 blk64_t *blocknr, e2_blkcnt_t blockcnt,
70 blk64_t ref_blk EXT2FS_ATTR((unused)),
71 int ref_offset EXT2FS_ATTR((unused)),
72 void *priv_data)
73 {
74 struct find_block *fb = (struct find_block *)priv_data;
75
76 if (S_ISDIR(fb->inode->i_mode) || !metadata_only || blockcnt < 0) {
77 ext2fs_mark_block_bitmap2(fb->bmap, *blocknr);
78 fb->corrupt_blocks++;
79 }
80
81 return 0;
82 }
83
84 static errcode_t find_metadata_blocks(ext2_filsys fs, ext2fs_block_bitmap bmap,
85 off_t *corrupt_bytes)
86 {
87 dgrp_t i;
88 blk64_t b, c;
89 ext2_inode_scan scan;
90 ext2_ino_t ino;
91 struct ext2_inode inode;
92 struct find_block fb;
93 errcode_t retval;
94
95 *corrupt_bytes = 0;
96 fb.corrupt_blocks = 0;
97
98 /* Construct bitmaps of super/descriptor blocks */
99 for (i = 0; i < fs->group_desc_count; i++) {
100 ext2fs_reserve_super_and_bgd(fs, i, bmap);
101
102 /* bitmaps and inode table */
103 b = ext2fs_block_bitmap_loc(fs, i);
104 ext2fs_mark_block_bitmap2(bmap, b);
105 fb.corrupt_blocks++;
106
107 b = ext2fs_inode_bitmap_loc(fs, i);
108 ext2fs_mark_block_bitmap2(bmap, b);
109 fb.corrupt_blocks++;
110
111 c = ext2fs_inode_table_loc(fs, i);
112 ext2fs_mark_block_bitmap_range2(bmap, c,
113 fs->inode_blocks_per_group);
114 fb.corrupt_blocks += fs->inode_blocks_per_group;
115 }
116
117 /* Scan inodes */
118 fb.bmap = bmap;
119 fb.inode = &inode;
120 memset(&inode, 0, sizeof(inode));
121 retval = ext2fs_open_inode_scan(fs, 0, &scan);
122 if (retval)
123 goto out;
124
125 retval = ext2fs_get_next_inode_full(scan, &ino, &inode, sizeof(inode));
126 if (retval)
127 goto out2;
128 while (ino) {
129 if (inode.i_links_count == 0)
130 goto next_loop;
131
132 b = ext2fs_file_acl_block(fs, &inode);
133 if (b) {
134 ext2fs_mark_block_bitmap2(bmap, b);
135 fb.corrupt_blocks++;
136 }
137
138 /*
139 * Inline data, sockets, devices, and symlinks have
140 * no blocks to iterate.
141 */
142 if ((inode.i_flags & EXT4_INLINE_DATA_FL) ||
143 S_ISLNK(inode.i_mode) || S_ISFIFO(inode.i_mode) ||
144 S_ISCHR(inode.i_mode) || S_ISBLK(inode.i_mode) ||
145 S_ISSOCK(inode.i_mode))
146 goto next_loop;
147 fb.ino = ino;
148 retval = ext2fs_block_iterate3(fs, ino, BLOCK_FLAG_READ_ONLY,
149 NULL, find_block_helper, &fb);
150 if (retval)
151 goto out2;
152 next_loop:
153 retval = ext2fs_get_next_inode_full(scan, &ino, &inode,
154 sizeof(inode));
155 if (retval)
156 goto out2;
157 }
158 out2:
159 ext2fs_close_inode_scan(scan);
160 out:
161 if (!retval)
162 *corrupt_bytes = fb.corrupt_blocks * fs->blocksize;
163 return retval;
164 }
165
166 static uint64_t rand_num(uint64_t min, uint64_t max)
167 {
168 uint64_t x;
169 unsigned int i;
170 uint8_t *px = (uint8_t *)&x;
171
172 for (i = 0; i < sizeof(x); i++)
173 px[i] = random();
174
175 return min + (uint64_t)((double)(max - min) * (x / (UINT64_MAX + 1.0)));
176 }
177
178 static int process_fs(const char *fsname)
179 {
180 errcode_t ret;
181 int flags, fd;
182 ext2_filsys fs = NULL;
183 ext2fs_block_bitmap corrupt_map;
184 off_t hsize, count, off, offset, corrupt_bytes;
185 unsigned char c;
186 off_t i;
187
188 /* If mounted rw, force dryrun mode */
189 ret = ext2fs_check_if_mounted(fsname, &flags);
190 if (ret) {
191 fprintf(stderr, "%s: failed to determine filesystem mount "
192 "state.\n", fsname);
193 return 1;
194 }
195
196 if (!dryrun && (flags & EXT2_MF_MOUNTED) &&
197 !(flags & EXT2_MF_READONLY)) {
198 fprintf(stderr, "%s: is mounted rw, performing dry run.\n",
199 fsname);
200 dryrun = 1;
201 }
202
203 /* Ensure the fs is clean and does not have errors */
204 ret = ext2fs_open(fsname, EXT2_FLAG_64BITS, 0, 0, unix_io_manager,
205 &fs);
206 if (ret) {
207 fprintf(stderr, "%s: failed to open filesystem.\n",
208 fsname);
209 return 1;
210 }
211
212 if ((fs->super->s_state & EXT2_ERROR_FS)) {
213 fprintf(stderr, "%s: errors detected, run fsck.\n",
214 fsname);
215 goto fail;
216 }
217
218 if (!dryrun && (fs->super->s_state & EXT2_VALID_FS) == 0) {
219 fprintf(stderr, "%s: unclean shutdown, performing dry run.\n",
220 fsname);
221 dryrun = 1;
222 }
223
224 /* Construct a bitmap of whatever we're corrupting */
225 if (!metadata_only) {
226 /* Load block bitmap */
227 ret = ext2fs_read_block_bitmap(fs);
228 if (ret) {
229 fprintf(stderr, "%s: error while reading block bitmap\n",
230 fsname);
231 goto fail;
232 }
233 corrupt_map = fs->block_map;
234 corrupt_bytes = (ext2fs_blocks_count(fs->super) -
235 ext2fs_free_blocks_count(fs->super)) *
236 fs->blocksize;
237 } else {
238 ret = ext2fs_allocate_block_bitmap(fs, "metadata block map",
239 &corrupt_map);
240 if (ret) {
241 fprintf(stderr, "%s: unable to create block bitmap\n",
242 fsname);
243 goto fail;
244 }
245
246 /* Iterate everything... */
247 ret = find_metadata_blocks(fs, corrupt_map, &corrupt_bytes);
248 if (ret) {
249 fprintf(stderr, "%s: while finding metadata\n",
250 fsname);
251 goto fail;
252 }
253 }
254
255 /* Run around corrupting things */
256 fd = open(fsname, O_RDWR);
257 if (fd < 0) {
258 perror(fsname);
259 goto fail;
260 }
261 srandom(getseed());
262 hsize = fs->blocksize * ext2fs_blocks_count(fs->super);
263 if (user_corrupt_bytes > 0)
264 count = user_corrupt_bytes;
265 else if (user_corrupt_pct > 0.0)
266 count = user_corrupt_pct * corrupt_bytes / 100;
267 else
268 count = rand_num(0, corrupt_bytes / 100);
269 offset = 4096; /* never corrupt superblock */
270 for (i = 0; i < count; i++) {
271 do
272 off = rand_num(offset, hsize);
273 while (!ext2fs_test_block_bitmap2(corrupt_map,
274 off / fs->blocksize));
275 c = rand() % 256;
276 if ((rand() % 2) && c < 128)
277 c |= 0x80;
278 if (verbose)
279 printf("Corrupting byte %zu in block %zu to 0x%x\n",
280 off % fs->blocksize, off / fs->blocksize, c);
281 if (dryrun)
282 continue;
283 #ifdef HAVE_PWRITE64
284 if (pwrite64(fd, &c, sizeof(c), off) != sizeof(c)) {
285 perror(fsname);
286 goto fail3;
287 }
288 #elif HAVE_PWRITE
289 if (pwrite(fd, &c, sizeof(c), off) != sizeof(c)) {
290 perror(fsname);
291 goto fail3;
292 }
293 #else
294 if (my_pwrite(fd, &c, sizeof(c), off) != sizeof(c)) {
295 perror(fsname);
296 goto fail3;
297 }
298 #endif
299 }
300 close(fd);
301
302 /* Clean up */
303 ret = ext2fs_close_free(&fs);
304 if (ret) {
305 fprintf(stderr, "%s: error while closing filesystem\n",
306 fsname);
307 return 1;
308 }
309
310 return 0;
311 fail3:
312 close(fd);
313 if (corrupt_map != fs->block_map)
314 ext2fs_free_block_bitmap(corrupt_map);
315 fail:
316 ext2fs_close_free(&fs);
317 return 1;
318 }
319
320 static void print_help(const char *progname)
321 {
322 printf("Usage: %s OPTIONS device\n", progname);
323 printf("-b: Corrupt this many bytes.\n");
324 printf("-d: Fuzz data blocks too.\n");
325 printf("-n: Dry run only.\n");
326 printf("-v: Verbose output.\n");
327 exit(0);
328 }
329
330 int main(int argc, char *argv[])
331 {
332 int c;
333
334 while ((c = getopt(argc, argv, "b:dnv")) != -1) {
335 switch (c) {
336 case 'b':
337 if (optarg[strlen(optarg) - 1] == '%') {
338 user_corrupt_pct = strtod(optarg, NULL);
339 if (user_corrupt_pct > 100 ||
340 user_corrupt_pct < 0) {
341 fprintf(stderr, "%s: Invalid percentage.\n",
342 optarg);
343 return 1;
344 }
345 } else
346 user_corrupt_bytes = strtoull(optarg, NULL, 0);
347 if (errno) {
348 perror(optarg);
349 return 1;
350 }
351 break;
352 case 'd':
353 metadata_only = 0;
354 break;
355 case 'n':
356 dryrun = 1;
357 break;
358 case 'v':
359 verbose = 1;
360 break;
361 default:
362 print_help(argv[0]);
363 }
364 }
365
366 for (c = optind; c < argc; c++)
367 if (process_fs(argv[c]))
368 return 1;
369 return 0;
370 }