]> git.ipfire.org Git - thirdparty/xfsprogs-dev.git/blob - db/metadump.c
projects / thirdparty / xfsprogs-dev.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xfs_db: use TYP_FINOBT for finobt metadump
[thirdparty/xfsprogs-dev.git] / db / metadump.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2007, 2011 SGI
4 * All Rights Reserved.
5 */
6
7 #include "libxfs.h"
8 #include "libxlog.h"
9 #include "bmap.h"
10 #include "command.h"
11 #include "metadump.h"
12 #include "io.h"
13 #include "output.h"
14 #include "type.h"
15 #include "init.h"
16 #include "sig.h"
17 #include "xfs_metadump.h"
18 #include "fprint.h"
19 #include "faddr.h"
20 #include "field.h"
21 #include "dir2.h"
22
23 #define DEFAULT_MAX_EXT_SIZE MAXEXTLEN
24
25 /* copy all metadata structures to/from a file */
26
27 static int metadump_f(int argc, char **argv);
28 static void metadump_help(void);
29
30 /*
31 * metadump commands issue info/wornings/errors to standard error as
32 * metadump supports stdout as a destination.
33 *
34 * All static functions return zero on failure, while the public functions
35 * return zero on success.
36 */
37
38 static const cmdinfo_t metadump_cmd =
39 { "metadump", NULL, metadump_f, 0, -1, 0,
40 N_("[-a] [-e] [-g] [-m max_extent] [-w] [-o] filename"),
41 N_("dump metadata to a file"), metadump_help };
42
43 static FILE *outf; /* metadump file */
44
45 static xfs_metablock_t *metablock; /* header + index + buffers */
46 static __be64 *block_index;
47 static char *block_buffer;
48
49 static int num_indices;
50 static int cur_index;
51
52 static xfs_ino_t cur_ino;
53
54 static int show_progress = 0;
55 static int stop_on_read_error = 0;
56 static int max_extent_size = DEFAULT_MAX_EXT_SIZE;
57 static int obfuscate = 1;
58 static int zero_stale_data = 1;
59 static int show_warnings = 0;
60 static int progress_since_warning = 0;
61 static bool stdout_metadump;
62
63 void
64 metadump_init(void)
65 {
66 add_command(&metadump_cmd);
67 }
68
69 static void
70 metadump_help(void)
71 {
72 dbprintf(_(
73 "\n"
74 " The 'metadump' command dumps the known metadata to a compact file suitable\n"
75 " for compressing and sending to an XFS maintainer for corruption analysis \n"
76 " or xfs_repair failures.\n\n"
77 " Options:\n"
78 " -a -- Copy full metadata blocks without zeroing unused space\n"
79 " -e -- Ignore read errors and keep going\n"
80 " -g -- Display dump progress\n"
81 " -m -- Specify max extent size in blocks to copy (default = %d blocks)\n"
82 " -o -- Don't obfuscate names and extended attributes\n"
83 " -w -- Show warnings of bad metadata information\n"
84 "\n"), DEFAULT_MAX_EXT_SIZE);
85 }
86
87 static void
88 print_warning(const char *fmt, ...)
89 {
90 char buf[200];
91 va_list ap;
92
93 if (seenint())
94 return;
95
96 va_start(ap, fmt);
97 vsnprintf(buf, sizeof(buf), fmt, ap);
98 va_end(ap);
99 buf[sizeof(buf)-1] = '\0';
100
101 fprintf(stderr, "%s%s: %s\n", progress_since_warning ? "\n" : "",
102 progname, buf);
103 progress_since_warning = 0;
104 }
105
106 static void
107 print_progress(const char *fmt, ...)
108 {
109 char buf[60];
110 va_list ap;
111 FILE *f;
112
113 if (seenint())
114 return;
115
116 va_start(ap, fmt);
117 vsnprintf(buf, sizeof(buf), fmt, ap);
118 va_end(ap);
119 buf[sizeof(buf)-1] = '\0';
120
121 f = stdout_metadump ? stderr : stdout;
122 fprintf(f, "\r%-59s", buf);
123 fflush(f);
124 progress_since_warning = 1;
125 }
126
127 /*
128 * A complete dump file will have a "zero" entry in the last index block,
129 * even if the dump is exactly aligned, the last index will be full of
130 * zeros. If the last index entry is non-zero, the dump is incomplete.
131 * Correspondingly, the last chunk will have a count < num_indices.
132 *
133 * Return 0 for success, -1 for failure.
134 */
135
136 static int
137 write_index(void)
138 {
139 /*
140 * write index block and following data blocks (streaming)
141 */
142 metablock->mb_count = cpu_to_be16(cur_index);
143 if (fwrite(metablock, (cur_index + 1) << BBSHIFT, 1, outf) != 1) {
144 print_warning("error writing to target file");
145 return -1;
146 }
147
148 memset(block_index, 0, num_indices * sizeof(__be64));
149 cur_index = 0;
150 return 0;
151 }
152
153 /*
154 * Return 0 for success, -errno for failure.
155 */
156 static int
157 write_buf_segment(
158 char *data,
159 int64_t off,
160 int len)
161 {
162 int i;
163 int ret;
164
165 for (i = 0; i < len; i++, off++, data += BBSIZE) {
166 block_index[cur_index] = cpu_to_be64(off);
167 memcpy(&block_buffer[cur_index << BBSHIFT], data, BBSIZE);
168 if (++cur_index == num_indices) {
169 ret = write_index();
170 if (ret)
171 return -EIO;
172 }
173 }
174 return 0;
175 }
176
177 /*
178 * we want to preserve the state of the metadata in the dump - whether it is
179 * intact or corrupt, so even if the buffer has a verifier attached to it we
180 * don't want to run it prior to writing the buffer to the metadump image.
181 *
182 * The only reason for running the verifier is to recalculate the CRCs on a
183 * buffer that has been obfuscated. i.e. a buffer than metadump modified itself.
184 * In this case, we only run the verifier if the buffer was not corrupt to begin
185 * with so that we don't accidentally correct buffers with CRC or errors in them
186 * when we are obfuscating them.
187 */
188 static int
189 write_buf(
190 iocur_t *buf)
191 {
192 struct xfs_buf *bp = buf->bp;
193 int i;
194 int ret;
195
196 /*
197 * Run the write verifier to recalculate the buffer CRCs and check
198 * metadump didn't introduce a new corruption. Warn if the verifier
199 * failed, but still continue to dump it into the output file.
200 */
201 if (buf->need_crc && bp && bp->b_ops && !bp->b_error) {
202 bp->b_ops->verify_write(bp);
203 if (bp->b_error) {
204 print_warning(
205 "obfuscation corrupted block at %s bno 0x%llx/0x%x",
206 bp->b_ops->name,
207 (long long)bp->b_bn, bp->b_bcount);
208 }
209 }
210
211 /* handle discontiguous buffers */
212 if (!buf->bbmap) {
213 ret = write_buf_segment(buf->data, buf->bb, buf->blen);
214 if (ret)
215 return ret;
216 } else {
217 int len = 0;
218 for (i = 0; i < buf->bbmap->nmaps; i++) {
219 ret = write_buf_segment(buf->data + BBTOB(len),
220 buf->bbmap->b[i].bm_bn,
221 buf->bbmap->b[i].bm_len);
222 if (ret)
223 return ret;
224 len += buf->bbmap->b[i].bm_len;
225 }
226 }
227 return seenint() ? -EINTR : 0;
228 }
229
230 /*
231 * We could be processing a corrupt block, so we can't trust any of
232 * the offsets or lengths to be within the buffer range. Hence check
233 * carefully!
234 */
235 static void
236 zero_btree_node(
237 struct xfs_btree_block *block,
238 typnm_t btype)
239 {
240 int nrecs;
241 xfs_bmbt_ptr_t *bpp;
242 xfs_bmbt_key_t *bkp;
243 xfs_inobt_ptr_t *ipp;
244 xfs_inobt_key_t *ikp;
245 xfs_alloc_ptr_t *app;
246 xfs_alloc_key_t *akp;
247 char *zp1, *zp2;
248 char *key_end;
249
250 nrecs = be16_to_cpu(block->bb_numrecs);
251 if (nrecs < 0)
252 return;
253
254 switch (btype) {
255 case TYP_BMAPBTA:
256 case TYP_BMAPBTD:
257 if (nrecs > mp->m_bmap_dmxr[1])
258 return;
259
260 bkp = XFS_BMBT_KEY_ADDR(mp, block, 1);
261 bpp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
262 zp1 = (char *)&bkp[nrecs];
263 zp2 = (char *)&bpp[nrecs];
264 key_end = (char *)bpp;
265 break;
266 case TYP_INOBT:
267 case TYP_FINOBT:
268 if (nrecs > mp->m_inobt_mxr[1])
269 return;
270
271 ikp = XFS_INOBT_KEY_ADDR(mp, block, 1);
272 ipp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
273 zp1 = (char *)&ikp[nrecs];
274 zp2 = (char *)&ipp[nrecs];
275 key_end = (char *)ipp;
276 break;
277 case TYP_BNOBT:
278 case TYP_CNTBT:
279 if (nrecs > mp->m_alloc_mxr[1])
280 return;
281
282 akp = XFS_ALLOC_KEY_ADDR(mp, block, 1);
283 app = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
284 zp1 = (char *)&akp[nrecs];
285 zp2 = (char *)&app[nrecs];
286 key_end = (char *)app;
287 break;
288 default:
289 return;
290 }
291
292
293 /* Zero from end of keys to beginning of pointers */
294 memset(zp1, 0, key_end - zp1);
295
296 /* Zero from end of pointers to end of block */
297 memset(zp2, 0, (char *)block + mp->m_sb.sb_blocksize - zp2);
298 }
299
300 /*
301 * We could be processing a corrupt block, so we can't trust any of
302 * the offsets or lengths to be within the buffer range. Hence check
303 * carefully!
304 */
305 static void
306 zero_btree_leaf(
307 struct xfs_btree_block *block,
308 typnm_t btype)
309 {
310 int nrecs;
311 struct xfs_bmbt_rec *brp;
312 struct xfs_inobt_rec *irp;
313 struct xfs_alloc_rec *arp;
314 char *zp;
315
316 nrecs = be16_to_cpu(block->bb_numrecs);
317 if (nrecs < 0)
318 return;
319
320 switch (btype) {
321 case TYP_BMAPBTA:
322 case TYP_BMAPBTD:
323 if (nrecs > mp->m_bmap_dmxr[0])
324 return;
325
326 brp = XFS_BMBT_REC_ADDR(mp, block, 1);
327 zp = (char *)&brp[nrecs];
328 break;
329 case TYP_INOBT:
330 case TYP_FINOBT:
331 if (nrecs > mp->m_inobt_mxr[0])
332 return;
333
334 irp = XFS_INOBT_REC_ADDR(mp, block, 1);
335 zp = (char *)&irp[nrecs];
336 break;
337 case TYP_BNOBT:
338 case TYP_CNTBT:
339 if (nrecs > mp->m_alloc_mxr[0])
340 return;
341
342 arp = XFS_ALLOC_REC_ADDR(mp, block, 1);
343 zp = (char *)&arp[nrecs];
344 break;
345 default:
346 return;
347 }
348
349 /* Zero from end of records to end of block */
350 memset(zp, 0, (char *)block + mp->m_sb.sb_blocksize - zp);
351 }
352
353 static void
354 zero_btree_block(
355 struct xfs_btree_block *block,
356 typnm_t btype)
357 {
358 int level;
359
360 level = be16_to_cpu(block->bb_level);
361
362 if (level > 0)
363 zero_btree_node(block, btype);
364 else
365 zero_btree_leaf(block, btype);
366 }
367
368 static int
369 scan_btree(
370 xfs_agnumber_t agno,
371 xfs_agblock_t agbno,
372 int level,
373 typnm_t btype,
374 void *arg,
375 int (*func)(struct xfs_btree_block *block,
376 xfs_agnumber_t agno,
377 xfs_agblock_t agbno,
378 int level,
379 typnm_t btype,
380 void *arg))
381 {
382 int rval = 0;
383
384 push_cur();
385 set_cur(&typtab[btype], XFS_AGB_TO_DADDR(mp, agno, agbno), blkbb,
386 DB_RING_IGN, NULL);
387 if (iocur_top->data == NULL) {
388 print_warning("cannot read %s block %u/%u", typtab[btype].name,
389 agno, agbno);
390 rval = !stop_on_read_error;
391 goto pop_out;
392 }
393
394 if (zero_stale_data) {
395 zero_btree_block(iocur_top->data, btype);
396 iocur_top->need_crc = 1;
397 }
398
399 if (write_buf(iocur_top))
400 goto pop_out;
401
402 if (!(*func)(iocur_top->data, agno, agbno, level - 1, btype, arg))
403 goto pop_out;
404 rval = 1;
405 pop_out:
406 pop_cur();
407 return rval;
408 }
409
410 /* free space tree copy routines */
411
412 static int
413 valid_bno(
414 xfs_agnumber_t agno,
415 xfs_agblock_t agbno)
416 {
417 if (agno < (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
418 agbno <= mp->m_sb.sb_agblocks)
419 return 1;
420 if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
421 agbno <= (mp->m_sb.sb_dblocks -
422 (xfs_rfsblock_t)(mp->m_sb.sb_agcount - 1) *
423 mp->m_sb.sb_agblocks))
424 return 1;
425
426 return 0;
427 }
428
429
430 static int
431 scanfunc_freesp(
432 struct xfs_btree_block *block,
433 xfs_agnumber_t agno,
434 xfs_agblock_t agbno,
435 int level,
436 typnm_t btype,
437 void *arg)
438 {
439 xfs_alloc_ptr_t *pp;
440 int i;
441 int numrecs;
442
443 if (level == 0)
444 return 1;
445
446 numrecs = be16_to_cpu(block->bb_numrecs);
447 if (numrecs > mp->m_alloc_mxr[1]) {
448 if (show_warnings)
449 print_warning("invalid numrecs (%u) in %s block %u/%u",
450 numrecs, typtab[btype].name, agno, agbno);
451 return 1;
452 }
453
454 pp = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
455 for (i = 0; i < numrecs; i++) {
456 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
457 if (show_warnings)
458 print_warning("invalid block number (%u/%u) "
459 "in %s block %u/%u",
460 agno, be32_to_cpu(pp[i]),
461 typtab[btype].name, agno, agbno);
462 continue;
463 }
464 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
465 scanfunc_freesp))
466 return 0;
467 }
468 return 1;
469 }
470
471 static int
472 copy_free_bno_btree(
473 xfs_agnumber_t agno,
474 xfs_agf_t *agf)
475 {
476 xfs_agblock_t root;
477 int levels;
478
479 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_BNO]);
480 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]);
481
482 /* validate root and levels before processing the tree */
483 if (root == 0 || root > mp->m_sb.sb_agblocks) {
484 if (show_warnings)
485 print_warning("invalid block number (%u) in bnobt "
486 "root in agf %u", root, agno);
487 return 1;
488 }
489 if (levels >= XFS_BTREE_MAXLEVELS) {
490 if (show_warnings)
491 print_warning("invalid level (%u) in bnobt root "
492 "in agf %u", levels, agno);
493 return 1;
494 }
495
496 return scan_btree(agno, root, levels, TYP_BNOBT, agf, scanfunc_freesp);
497 }
498
499 static int
500 copy_free_cnt_btree(
501 xfs_agnumber_t agno,
502 xfs_agf_t *agf)
503 {
504 xfs_agblock_t root;
505 int levels;
506
507 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_CNT]);
508 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]);
509
510 /* validate root and levels before processing the tree */
511 if (root == 0 || root > mp->m_sb.sb_agblocks) {
512 if (show_warnings)
513 print_warning("invalid block number (%u) in cntbt "
514 "root in agf %u", root, agno);
515 return 1;
516 }
517 if (levels >= XFS_BTREE_MAXLEVELS) {
518 if (show_warnings)
519 print_warning("invalid level (%u) in cntbt root "
520 "in agf %u", levels, agno);
521 return 1;
522 }
523
524 return scan_btree(agno, root, levels, TYP_CNTBT, agf, scanfunc_freesp);
525 }
526
527 static int
528 scanfunc_rmapbt(
529 struct xfs_btree_block *block,
530 xfs_agnumber_t agno,
531 xfs_agblock_t agbno,
532 int level,
533 typnm_t btype,
534 void *arg)
535 {
536 xfs_rmap_ptr_t *pp;
537 int i;
538 int numrecs;
539
540 if (level == 0)
541 return 1;
542
543 numrecs = be16_to_cpu(block->bb_numrecs);
544 if (numrecs > mp->m_rmap_mxr[1]) {
545 if (show_warnings)
546 print_warning("invalid numrecs (%u) in %s block %u/%u",
547 numrecs, typtab[btype].name, agno, agbno);
548 return 1;
549 }
550
551 pp = XFS_RMAP_PTR_ADDR(block, 1, mp->m_rmap_mxr[1]);
552 for (i = 0; i < numrecs; i++) {
553 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
554 if (show_warnings)
555 print_warning("invalid block number (%u/%u) "
556 "in %s block %u/%u",
557 agno, be32_to_cpu(pp[i]),
558 typtab[btype].name, agno, agbno);
559 continue;
560 }
561 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
562 scanfunc_rmapbt))
563 return 0;
564 }
565 return 1;
566 }
567
568 static int
569 copy_rmap_btree(
570 xfs_agnumber_t agno,
571 struct xfs_agf *agf)
572 {
573 xfs_agblock_t root;
574 int levels;
575
576 if (!xfs_sb_version_hasrmapbt(&mp->m_sb))
577 return 1;
578
579 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_RMAP]);
580 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]);
581
582 /* validate root and levels before processing the tree */
583 if (root == 0 || root > mp->m_sb.sb_agblocks) {
584 if (show_warnings)
585 print_warning("invalid block number (%u) in rmapbt "
586 "root in agf %u", root, agno);
587 return 1;
588 }
589 if (levels >= XFS_BTREE_MAXLEVELS) {
590 if (show_warnings)
591 print_warning("invalid level (%u) in rmapbt root "
592 "in agf %u", levels, agno);
593 return 1;
594 }
595
596 return scan_btree(agno, root, levels, TYP_RMAPBT, agf, scanfunc_rmapbt);
597 }
598
599 static int
600 scanfunc_refcntbt(
601 struct xfs_btree_block *block,
602 xfs_agnumber_t agno,
603 xfs_agblock_t agbno,
604 int level,
605 typnm_t btype,
606 void *arg)
607 {
608 xfs_refcount_ptr_t *pp;
609 int i;
610 int numrecs;
611
612 if (level == 0)
613 return 1;
614
615 numrecs = be16_to_cpu(block->bb_numrecs);
616 if (numrecs > mp->m_refc_mxr[1]) {
617 if (show_warnings)
618 print_warning("invalid numrecs (%u) in %s block %u/%u",
619 numrecs, typtab[btype].name, agno, agbno);
620 return 1;
621 }
622
623 pp = XFS_REFCOUNT_PTR_ADDR(block, 1, mp->m_refc_mxr[1]);
624 for (i = 0; i < numrecs; i++) {
625 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
626 if (show_warnings)
627 print_warning("invalid block number (%u/%u) "
628 "in %s block %u/%u",
629 agno, be32_to_cpu(pp[i]),
630 typtab[btype].name, agno, agbno);
631 continue;
632 }
633 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
634 scanfunc_refcntbt))
635 return 0;
636 }
637 return 1;
638 }
639
640 static int
641 copy_refcount_btree(
642 xfs_agnumber_t agno,
643 struct xfs_agf *agf)
644 {
645 xfs_agblock_t root;
646 int levels;
647
648 if (!xfs_sb_version_hasreflink(&mp->m_sb))
649 return 1;
650
651 root = be32_to_cpu(agf->agf_refcount_root);
652 levels = be32_to_cpu(agf->agf_refcount_level);
653
654 /* validate root and levels before processing the tree */
655 if (root == 0 || root > mp->m_sb.sb_agblocks) {
656 if (show_warnings)
657 print_warning("invalid block number (%u) in refcntbt "
658 "root in agf %u", root, agno);
659 return 1;
660 }
661 if (levels >= XFS_BTREE_MAXLEVELS) {
662 if (show_warnings)
663 print_warning("invalid level (%u) in refcntbt root "
664 "in agf %u", levels, agno);
665 return 1;
666 }
667
668 return scan_btree(agno, root, levels, TYP_REFCBT, agf, scanfunc_refcntbt);
669 }
670
671 /* filename and extended attribute obfuscation routines */
672
673 struct name_ent {
674 struct name_ent *next;
675 xfs_dahash_t hash;
676 int namelen;
677 unsigned char name[1];
678 };
679
680 #define NAME_TABLE_SIZE 4096
681
682 static struct name_ent *nametable[NAME_TABLE_SIZE];
683
684 static void
685 nametable_clear(void)
686 {
687 int i;
688 struct name_ent *ent;
689
690 for (i = 0; i < NAME_TABLE_SIZE; i++) {
691 while ((ent = nametable[i])) {
692 nametable[i] = ent->next;
693 free(ent);
694 }
695 }
696 }
697
698 /*
699 * See if the given name is already in the name table. If so,
700 * return a pointer to its entry, otherwise return a null pointer.
701 */
702 static struct name_ent *
703 nametable_find(xfs_dahash_t hash, int namelen, unsigned char *name)
704 {
705 struct name_ent *ent;
706
707 for (ent = nametable[hash % NAME_TABLE_SIZE]; ent; ent = ent->next) {
708 if (ent->hash == hash && ent->namelen == namelen &&
709 !memcmp(ent->name, name, namelen))
710 return ent;
711 }
712 return NULL;
713 }
714
715 /*
716 * Add the given name to the name table. Returns a pointer to the
717 * name's new entry, or a null pointer if an error occurs.
718 */
719 static struct name_ent *
720 nametable_add(xfs_dahash_t hash, int namelen, unsigned char *name)
721 {
722 struct name_ent *ent;
723
724 ent = malloc(sizeof *ent + namelen);
725 if (!ent)
726 return NULL;
727
728 ent->namelen = namelen;
729 memcpy(ent->name, name, namelen);
730 ent->hash = hash;
731 ent->next = nametable[hash % NAME_TABLE_SIZE];
732
733 nametable[hash % NAME_TABLE_SIZE] = ent;
734
735 return ent;
736 }
737
738 #define is_invalid_char(c) ((c) == '/' || (c) == '\0')
739 #define rol32(x,y) (((x) << (y)) | ((x) >> (32 - (y))))
740
741 static inline unsigned char
742 random_filename_char(void)
743 {
744 static unsigned char filename_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
745 "abcdefghijklmnopqrstuvwxyz"
746 "0123456789-_";
747
748 return filename_alphabet[random() % (sizeof filename_alphabet - 1)];
749 }
750
751 #define ORPHANAGE "lost+found"
752 #define ORPHANAGE_LEN (sizeof (ORPHANAGE) - 1)
753
754 static inline int
755 is_orphanage_dir(
756 struct xfs_mount *mp,
757 xfs_ino_t dir_ino,
758 size_t name_len,
759 unsigned char *name)
760 {
761 return dir_ino == mp->m_sb.sb_rootino &&
762 name_len == ORPHANAGE_LEN &&
763 !memcmp(name, ORPHANAGE, ORPHANAGE_LEN);
764 }
765
766 /*
767 * Determine whether a name is one we shouldn't obfuscate because
768 * it's an orphan (or the "lost+found" directory itself). Note
769 * "cur_ino" is the inode for the directory currently being
770 * processed.
771 *
772 * Returns 1 if the name should NOT be obfuscated or 0 otherwise.
773 */
774 static int
775 in_lost_found(
776 xfs_ino_t ino,
777 int namelen,
778 unsigned char *name)
779 {
780 static xfs_ino_t orphanage_ino = 0;
781 char s[24]; /* 21 is enough (64 bits in decimal) */
782 int slen;
783
784 /* Record the "lost+found" inode if we haven't done so already */
785
786 ASSERT(ino != 0);
787 if (!orphanage_ino && is_orphanage_dir(mp, cur_ino, namelen, name))
788 orphanage_ino = ino;
789
790 /* We don't obfuscate the "lost+found" directory itself */
791
792 if (ino == orphanage_ino)
793 return 1;
794
795 /* Most files aren't in "lost+found" at all */
796
797 if (cur_ino != orphanage_ino)
798 return 0;
799
800 /*
801 * Within "lost+found", we don't obfuscate any file whose
802 * name is the same as its inode number. Any others are
803 * stray files and can be obfuscated.
804 */
805 slen = snprintf(s, sizeof (s), "%llu", (unsigned long long) ino);
806
807 return slen == namelen && !memcmp(name, s, namelen);
808 }
809
810 /*
811 * Given a name and its hash value, massage the name in such a way
812 * that the result is another name of equal length which shares the
813 * same hash value.
814 */
815 static void
816 obfuscate_name(
817 xfs_dahash_t hash,
818 size_t name_len,
819 unsigned char *name)
820 {
821 unsigned char *newp = name;
822 int i;
823 xfs_dahash_t new_hash = 0;
824 unsigned char *first;
825 unsigned char high_bit;
826 int shift;
827
828 /*
829 * Our obfuscation algorithm requires at least 5-character
830 * names, so don't bother if the name is too short. We
831 * work backward from a hash value to determine the last
832 * five bytes in a name required to produce a new name
833 * with the same hash.
834 */
835 if (name_len < 5)
836 return;
837
838 /*
839 * The beginning of the obfuscated name can be pretty much
840 * anything, so fill it in with random characters.
841 * Accumulate its new hash value as we go.
842 */
843 for (i = 0; i < name_len - 5; i++) {
844 *newp = random_filename_char();
845 new_hash = *newp ^ rol32(new_hash, 7);
846 newp++;
847 }
848
849 /*
850 * Compute which five bytes need to be used at the end of
851 * the name so the hash of the obfuscated name is the same
852 * as the hash of the original. If any result in an invalid
853 * character, flip a bit and arrange for a corresponding bit
854 * in a neighboring byte to be flipped as well. For the
855 * last byte, the "neighbor" to change is the first byte
856 * we're computing here.
857 */
858 new_hash = rol32(new_hash, 3) ^ hash;
859
860 first = newp;
861 high_bit = 0;
862 for (shift = 28; shift >= 0; shift -= 7) {
863 *newp = (new_hash >> shift & 0x7f) ^ high_bit;
864 if (is_invalid_char(*newp)) {
865 *newp ^= 1;
866 high_bit = 0x80;
867 } else
868 high_bit = 0;
869 ASSERT(!is_invalid_char(*newp));
870 newp++;
871 }
872
873 /*
874 * If we flipped a bit on the last byte, we need to fix up
875 * the matching bit in the first byte. The result will
876 * be a valid character, because we know that first byte
877 * has 0's in its upper four bits (it was produced by a
878 * 28-bit right-shift of a 32-bit unsigned value).
879 */
880 if (high_bit) {
881 *first ^= 0x10;
882 ASSERT(!is_invalid_char(*first));
883 }
884 ASSERT(libxfs_da_hashname(name, name_len) == hash);
885 }
886
887 /*
888 * Flip a bit in each of two bytes at the end of the given name.
889 * This is used in generating a series of alternate names to be used
890 * in the event a duplicate is found.
891 *
892 * The bits flipped are selected such that they both affect the same
893 * bit in the name's computed hash value, so flipping them both will
894 * preserve the hash.
895 *
896 * The following diagram aims to show the portion of a computed
897 * hash that a given byte of a name affects.
898 *
899 * 31 28 24 21 14 8 7 3 0
900 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
901 * hash: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
902 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
903 * last-4 ->| |<-- last-2 --->| |<--- last ---->|
904 * |<-- last-3 --->| |<-- last-1 --->| |<- last-4
905 * |<-- last-7 --->| |<-- last-5 --->|
906 * |<-- last-8 --->| |<-- last-6 --->|
907 * . . . and so on
908 *
909 * The last byte of the name directly affects the low-order byte of
910 * the hash. The next-to-last affects bits 7-14, the next one back
911 * affects bits 14-21, and so on. The effect wraps around when it
912 * goes beyond the top of the hash (as happens for byte last-4).
913 *
914 * Bits that are flipped together "overlap" on the hash value. As
915 * an example of overlap, the last two bytes both affect bit 7 in
916 * the hash. That pair of bytes (and their overlapping bits) can be
917 * used for this "flip bit" operation (it's the first pair tried,
918 * actually).
919 *
920 * A table defines overlapping pairs--the bytes involved and bits
921 * within them--that can be used this way. The byte offset is
922 * relative to a starting point within the name, which will be set
923 * to affect the bytes at the end of the name. The function is
924 * called with a "bitseq" value which indicates which bit flip is
925 * desired, and this translates directly into selecting which entry
926 * in the bit_to_flip[] table to apply.
927 *
928 * The function returns 1 if the operation was successful. It
929 * returns 0 if the result produced a character that's not valid in
930 * a name (either '/' or a '\0'). Finally, it returns -1 if the bit
931 * sequence number is beyond what is supported for a name of this
932 * length.
933 *
934 * Discussion
935 * ----------
936 * (Also see the discussion above find_alternate(), below.)
937 *
938 * In order to make this function work for any length name, the
939 * table is ordered by increasing byte offset, so that the earliest
940 * entries can apply to the shortest strings. This way all names
941 * are done consistently.
942 *
943 * When bit flips occur, they can convert printable characters
944 * into non-printable ones. In an effort to reduce the impact of
945 * this, the first bit flips are chosen to affect bytes the end of
946 * the name (and furthermore, toward the low bits of a byte). Those
947 * bytes are often non-printable anyway because of the way they are
948 * initially selected by obfuscate_name()). This is accomplished,
949 * using later table entries first.
950 *
951 * Each row in the table doubles the number of alternates that
952 * can be generated. A two-byte name is limited to using only
953 * the first row, so it's possible to generate two alternates
954 * (the original name, plus the alternate produced by flipping
955 * the one pair of bits). In a 5-byte name, the effect of the
956 * first byte overlaps the last by 4 its, and there are 8 bits
957 * to flip, allowing for 256 possible alternates.
958 *
959 * Short names (less than 5 bytes) are never even obfuscated, so for
960 * such names the relatively small number of alternates should never
961 * really be a problem.
962 *
963 * Long names (more than 6 bytes, say) are not likely to exhaust
964 * the number of available alternates. In fact, the table could
965 * probably have stopped at 8 entries, on the assumption that 256
966 * alternates should be enough for most any situation. The entries
967 * beyond those are present mostly for demonstration of how it could
968 * be populated with more entries, should it ever be necessary to do
969 * so.
970 */
971 static int
972 flip_bit(
973 size_t name_len,
974 unsigned char *name,
975 uint32_t bitseq)
976 {
977 int index;
978 size_t offset;
979 unsigned char *p0, *p1;
980 unsigned char m0, m1;
981 struct {
982 int byte; /* Offset from start within name */
983 unsigned char bit; /* Bit within that byte */
984 } bit_to_flip[][2] = { /* Sorted by second entry's byte */
985 { { 0, 0 }, { 1, 7 } }, /* Each row defines a pair */
986 { { 1, 0 }, { 2, 7 } }, /* of bytes and a bit within */
987 { { 2, 0 }, { 3, 7 } }, /* each byte. Each bit in */
988 { { 0, 4 }, { 4, 0 } }, /* a pair affects the same */
989 { { 0, 5 }, { 4, 1 } }, /* bit in the hash, so flipping */
990 { { 0, 6 }, { 4, 2 } }, /* both will change the name */
991 { { 0, 7 }, { 4, 3 } }, /* while preserving the hash. */
992 { { 3, 0 }, { 4, 7 } },
993 { { 0, 0 }, { 5, 3 } }, /* The first entry's byte offset */
994 { { 0, 1 }, { 5, 4 } }, /* must be less than the second. */
995 { { 0, 2 }, { 5, 5 } },
996 { { 0, 3 }, { 5, 6 } }, /* The table can be extended to */
997 { { 0, 4 }, { 5, 7 } }, /* an arbitrary number of entries */
998 { { 4, 0 }, { 5, 7 } }, /* but there's not much point. */
999 /* . . . */
1000 };
1001
1002 /* Find the first entry *not* usable for name of this length */
1003
1004 for (index = 0; index < ARRAY_SIZE(bit_to_flip); index++)
1005 if (bit_to_flip[index][1].byte >= name_len)
1006 break;
1007
1008 /*
1009 * Back up to the last usable entry. If that number is
1010 * smaller than the bit sequence number, inform the caller
1011 * that nothing this large (or larger) will work.
1012 */
1013 if (bitseq > --index)
1014 return -1;
1015
1016 /*
1017 * We will be switching bits at the end of name, with a
1018 * preference for affecting the last bytes first. Compute
1019 * where in the name we'll start applying the changes.
1020 */
1021 offset = name_len - (bit_to_flip[index][1].byte + 1);
1022 index -= bitseq; /* Use later table entries first */
1023
1024 p0 = name + offset + bit_to_flip[index][0].byte;
1025 p1 = name + offset + bit_to_flip[index][1].byte;
1026 m0 = 1 << bit_to_flip[index][0].bit;
1027 m1 = 1 << bit_to_flip[index][1].bit;
1028
1029 /* Only change the bytes if it produces valid characters */
1030
1031 if (is_invalid_char(*p0 ^ m0) || is_invalid_char(*p1 ^ m1))
1032 return 0;
1033
1034 *p0 ^= m0;
1035 *p1 ^= m1;
1036
1037 return 1;
1038 }
1039
1040 /*
1041 * This function generates a well-defined sequence of "alternate"
1042 * names for a given name. An alternate is a name having the same
1043 * length and same hash value as the original name. This is needed
1044 * because the algorithm produces only one obfuscated name to use
1045 * for a given original name, and it's possible that result matches
1046 * a name already seen. This function checks for this, and if it
1047 * occurs, finds another suitable obfuscated name to use.
1048 *
1049 * Each bit in the binary representation of the sequence number is
1050 * used to select one possible "bit flip" operation to perform on
1051 * the name. So for example:
1052 * seq = 0: selects no bits to flip
1053 * seq = 1: selects the 0th bit to flip
1054 * seq = 2: selects the 1st bit to flip
1055 * seq = 3: selects the 0th and 1st bit to flip
1056 * ... and so on.
1057 *
1058 * The flip_bit() function takes care of the details of the bit
1059 * flipping within the name. Note that the "1st bit" in this
1060 * context is a bit sequence number; i.e. it doesn't necessarily
1061 * mean bit 0x02 will be changed.
1062 *
1063 * If a valid name (one that contains no '/' or '\0' characters) is
1064 * produced by this process for the given sequence number, this
1065 * function returns 1. If the result is not valid, it returns 0.
1066 * Returns -1 if the sequence number is beyond the the maximum for
1067 * names of the given length.
1068 *
1069 *
1070 * Discussion
1071 * ----------
1072 * The number of alternates available for a given name is dependent
1073 * on its length. A "bit flip" involves inverting two bits in
1074 * a name--the two bits being selected such that their values
1075 * affect the name's hash value in the same way. Alternates are
1076 * thus generated by inverting the value of pairs of such
1077 * "overlapping" bits in the original name. Each byte after the
1078 * first in a name adds at least one bit of overlap to work with.
1079 * (See comments above flip_bit() for more discussion on this.)
1080 *
1081 * So the number of alternates is dependent on the number of such
1082 * overlapping bits in a name. If there are N bit overlaps, there
1083 * 2^N alternates for that hash value.
1084 *
1085 * Here are the number of overlapping bits available for generating
1086 * alternates for names of specific lengths:
1087 * 1 0 (must have 2 bytes to have any overlap)
1088 * 2 1 One bit overlaps--so 2 possible alternates
1089 * 3 2 Two bits overlap--so 4 possible alternates
1090 * 4 4 Three bits overlap, so 2^3 alternates
1091 * 5 8 8 bits overlap (due to wrapping), 256 alternates
1092 * 6 18 2^18 alternates
1093 * 7 28 2^28 alternates
1094 * ...
1095 * It's clear that the number of alternates grows very quickly with
1096 * the length of the name. But note that the set of alternates
1097 * includes invalid names. And for certain (contrived) names, the
1098 * number of valid names is a fairly small fraction of the total
1099 * number of alternates.
1100 *
1101 * The main driver for this infrastructure for coming up with
1102 * alternate names is really related to names 5 (or possibly 6)
1103 * bytes in length. 5-byte obfuscated names contain no randomly-
1104 * generated bytes in them, and the chance of an obfuscated name
1105 * matching an already-seen name is too high to just ignore. This
1106 * methodical selection of alternates ensures we don't produce
1107 * duplicate names unless we have exhausted our options.
1108 */
1109 static int
1110 find_alternate(
1111 size_t name_len,
1112 unsigned char *name,
1113 uint32_t seq)
1114 {
1115 uint32_t bitseq = 0;
1116 uint32_t bits = seq;
1117
1118 if (!seq)
1119 return 1; /* alternate 0 is the original name */
1120 if (name_len < 2) /* Must have 2 bytes to flip */
1121 return -1;
1122
1123 for (bitseq = 0; bits; bitseq++) {
1124 uint32_t mask = 1 << bitseq;
1125 int fb;
1126
1127 if (!(bits & mask))
1128 continue;
1129
1130 fb = flip_bit(name_len, name, bitseq);
1131 if (fb < 1)
1132 return fb ? -1 : 0;
1133 bits ^= mask;
1134 }
1135
1136 return 1;
1137 }
1138
1139 /*
1140 * Look up the given name in the name table. If it is already
1141 * present, iterate through a well-defined sequence of alternate
1142 * names and attempt to use an alternate name instead.
1143 *
1144 * Returns 1 if the (possibly modified) name is not present in the
1145 * name table. Returns 0 if the name and all possible alternates
1146 * are already in the table.
1147 */
1148 static int
1149 handle_duplicate_name(xfs_dahash_t hash, size_t name_len, unsigned char *name)
1150 {
1151 unsigned char new_name[name_len + 1];
1152 uint32_t seq = 1;
1153
1154 if (!nametable_find(hash, name_len, name))
1155 return 1; /* No duplicate */
1156
1157 /* Name is already in use. Need to find an alternate. */
1158
1159 do {
1160 int found;
1161
1162 /* Only change incoming name if we find an alternate */
1163 do {
1164 memcpy(new_name, name, name_len);
1165 found = find_alternate(name_len, new_name, seq++);
1166 if (found < 0)
1167 return 0; /* No more to check */
1168 } while (!found);
1169 } while (nametable_find(hash, name_len, new_name));
1170
1171 /*
1172 * The alternate wasn't in the table already. Pass it back
1173 * to the caller.
1174 */
1175 memcpy(name, new_name, name_len);
1176
1177 return 1;
1178 }
1179
1180 static void
1181 generate_obfuscated_name(
1182 xfs_ino_t ino,
1183 int namelen,
1184 unsigned char *name)
1185 {
1186 xfs_dahash_t hash;
1187
1188 /*
1189 * We don't obfuscate "lost+found" or any orphan files
1190 * therein. When the name table is used for extended
1191 * attributes, the inode number provided is 0, in which
1192 * case we don't need to make this check.
1193 */
1194 if (ino && in_lost_found(ino, namelen, name))
1195 return;
1196
1197 /*
1198 * If the name starts with a slash, just skip over it. It
1199 * isn't included in the hash and we don't record it in the
1200 * name table. Note that the namelen value passed in does
1201 * not count the leading slash (if one is present).
1202 */
1203 if (*name == '/')
1204 name++;
1205
1206 /* Obfuscate the name (if possible) */
1207
1208 hash = libxfs_da_hashname(name, namelen);
1209 obfuscate_name(hash, namelen, name);
1210
1211 /*
1212 * Make sure the name is not something already seen. If we
1213 * fail to find a suitable alternate, we're dealing with a
1214 * very pathological situation, and we may end up creating
1215 * a duplicate name in the metadump, so issue a warning.
1216 */
1217 if (!handle_duplicate_name(hash, namelen, name)) {
1218 print_warning("duplicate name for inode %llu "
1219 "in dir inode %llu\n",
1220 (unsigned long long) ino,
1221 (unsigned long long) cur_ino);
1222 return;
1223 }
1224
1225 /* Create an entry for the new name in the name table. */
1226
1227 if (!nametable_add(hash, namelen, name))
1228 print_warning("unable to record name for inode %llu "
1229 "in dir inode %llu\n",
1230 (unsigned long long) ino,
1231 (unsigned long long) cur_ino);
1232 }
1233
1234 static void
1235 process_sf_dir(
1236 xfs_dinode_t *dip)
1237 {
1238 struct xfs_dir2_sf_hdr *sfp;
1239 xfs_dir2_sf_entry_t *sfep;
1240 uint64_t ino_dir_size;
1241 int i;
1242
1243 sfp = (struct xfs_dir2_sf_hdr *)XFS_DFORK_DPTR(dip);
1244 ino_dir_size = be64_to_cpu(dip->di_size);
1245 if (ino_dir_size > XFS_DFORK_DSIZE(dip, mp)) {
1246 ino_dir_size = XFS_DFORK_DSIZE(dip, mp);
1247 if (show_warnings)
1248 print_warning("invalid size in dir inode %llu",
1249 (long long)cur_ino);
1250 }
1251
1252 sfep = xfs_dir2_sf_firstentry(sfp);
1253 for (i = 0; (i < sfp->count) &&
1254 ((char *)sfep - (char *)sfp < ino_dir_size); i++) {
1255
1256 /*
1257 * first check for bad name lengths. If they are bad, we
1258 * have limitations to how much can be obfuscated.
1259 */
1260 int namelen = sfep->namelen;
1261
1262 if (namelen == 0) {
1263 if (show_warnings)
1264 print_warning("zero length entry in dir inode "
1265 "%llu", (long long)cur_ino);
1266 if (i != sfp->count - 1)
1267 break;
1268 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1269 (char *)sfp);
1270 } else if ((char *)sfep - (char *)sfp +
1271 M_DIROPS(mp)->sf_entsize(sfp, sfep->namelen) >
1272 ino_dir_size) {
1273 if (show_warnings)
1274 print_warning("entry length in dir inode %llu "
1275 "overflows space", (long long)cur_ino);
1276 if (i != sfp->count - 1)
1277 break;
1278 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1279 (char *)sfp);
1280 }
1281
1282 if (obfuscate)
1283 generate_obfuscated_name(
1284 M_DIROPS(mp)->sf_get_ino(sfp, sfep),
1285 namelen, &sfep->name[0]);
1286
1287 sfep = (xfs_dir2_sf_entry_t *)((char *)sfep +
1288 M_DIROPS(mp)->sf_entsize(sfp, namelen));
1289 }
1290
1291 /* zero stale data in rest of space in data fork, if any */
1292 if (zero_stale_data && (ino_dir_size < XFS_DFORK_DSIZE(dip, mp)))
1293 memset(sfep, 0, XFS_DFORK_DSIZE(dip, mp) - ino_dir_size);
1294 }
1295
1296 /*
1297 * The pathname may not be null terminated. It may be terminated by the end of
1298 * a buffer or inode literal area, and the start of the next region contains
1299 * unknown data. Therefore, when we get to the last component of the symlink, we
1300 * cannot assume that strlen() will give us the right result. Hence we need to
1301 * track the remaining pathname length and use that instead.
1302 */
1303 static void
1304 obfuscate_path_components(
1305 char *buf,
1306 uint64_t len)
1307 {
1308 unsigned char *comp = (unsigned char *)buf;
1309 unsigned char *end = comp + len;
1310 xfs_dahash_t hash;
1311
1312 while (comp < end) {
1313 char *slash;
1314 int namelen;
1315
1316 /* find slash at end of this component */
1317 slash = strchr((char *)comp, '/');
1318 if (!slash) {
1319 /* last (or single) component */
1320 namelen = strnlen((char *)comp, len);
1321 hash = libxfs_da_hashname(comp, namelen);
1322 obfuscate_name(hash, namelen, comp);
1323 break;
1324 }
1325 namelen = slash - (char *)comp;
1326 /* handle leading or consecutive slashes */
1327 if (!namelen) {
1328 comp++;
1329 len--;
1330 continue;
1331 }
1332 hash = libxfs_da_hashname(comp, namelen);
1333 obfuscate_name(hash, namelen, comp);
1334 comp += namelen + 1;
1335 len -= namelen + 1;
1336 }
1337 }
1338
1339 static void
1340 process_sf_symlink(
1341 xfs_dinode_t *dip)
1342 {
1343 uint64_t len;
1344 char *buf;
1345
1346 len = be64_to_cpu(dip->di_size);
1347 if (len > XFS_DFORK_DSIZE(dip, mp)) {
1348 if (show_warnings)
1349 print_warning("invalid size (%d) in symlink inode %llu",
1350 len, (long long)cur_ino);
1351 len = XFS_DFORK_DSIZE(dip, mp);
1352 }
1353
1354 buf = (char *)XFS_DFORK_DPTR(dip);
1355 if (obfuscate)
1356 obfuscate_path_components(buf, len);
1357
1358 /* zero stale data in rest of space in data fork, if any */
1359 if (zero_stale_data && len < XFS_DFORK_DSIZE(dip, mp))
1360 memset(&buf[len], 0, XFS_DFORK_DSIZE(dip, mp) - len);
1361 }
1362
1363 static void
1364 process_sf_attr(
1365 xfs_dinode_t *dip)
1366 {
1367 /*
1368 * with extended attributes, obfuscate the names and fill the actual
1369 * values with 'v' (to see a valid string length, as opposed to NULLs)
1370 */
1371
1372 xfs_attr_shortform_t *asfp;
1373 xfs_attr_sf_entry_t *asfep;
1374 int ino_attr_size;
1375 int i;
1376
1377 asfp = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);
1378 if (asfp->hdr.count == 0)
1379 return;
1380
1381 ino_attr_size = be16_to_cpu(asfp->hdr.totsize);
1382 if (ino_attr_size > XFS_DFORK_ASIZE(dip, mp)) {
1383 ino_attr_size = XFS_DFORK_ASIZE(dip, mp);
1384 if (show_warnings)
1385 print_warning("invalid attr size in inode %llu",
1386 (long long)cur_ino);
1387 }
1388
1389 asfep = &asfp->list[0];
1390 for (i = 0; (i < asfp->hdr.count) &&
1391 ((char *)asfep - (char *)asfp < ino_attr_size); i++) {
1392
1393 int namelen = asfep->namelen;
1394
1395 if (namelen == 0) {
1396 if (show_warnings)
1397 print_warning("zero length attr entry in inode "
1398 "%llu", (long long)cur_ino);
1399 break;
1400 } else if ((char *)asfep - (char *)asfp +
1401 XFS_ATTR_SF_ENTSIZE(asfep) > ino_attr_size) {
1402 if (show_warnings)
1403 print_warning("attr entry length in inode %llu "
1404 "overflows space", (long long)cur_ino);
1405 break;
1406 }
1407
1408 if (obfuscate) {
1409 generate_obfuscated_name(0, asfep->namelen,
1410 &asfep->nameval[0]);
1411 memset(&asfep->nameval[asfep->namelen], 'v',
1412 asfep->valuelen);
1413 }
1414
1415 asfep = (xfs_attr_sf_entry_t *)((char *)asfep +
1416 XFS_ATTR_SF_ENTSIZE(asfep));
1417 }
1418
1419 /* zero stale data in rest of space in attr fork, if any */
1420 if (zero_stale_data && (ino_attr_size < XFS_DFORK_ASIZE(dip, mp)))
1421 memset(asfep, 0, XFS_DFORK_ASIZE(dip, mp) - ino_attr_size);
1422 }
1423
1424 static void
1425 process_dir_free_block(
1426 char *block)
1427 {
1428 struct xfs_dir2_free *free;
1429 struct xfs_dir3_icfree_hdr freehdr;
1430
1431 if (!zero_stale_data)
1432 return;
1433
1434 free = (struct xfs_dir2_free *)block;
1435 M_DIROPS(mp)->free_hdr_from_disk(&freehdr, free);
1436
1437 switch (freehdr.magic) {
1438 case XFS_DIR2_FREE_MAGIC:
1439 case XFS_DIR3_FREE_MAGIC: {
1440 __be16 *bests;
1441 char *high;
1442 int used;
1443
1444 /* Zero out space from end of bests[] to end of block */
1445 bests = M_DIROPS(mp)->free_bests_p(free);
1446 high = (char *)&bests[freehdr.nvalid];
1447 used = high - (char*)free;
1448 memset(high, 0, mp->m_dir_geo->blksize - used);
1449 iocur_top->need_crc = 1;
1450 break;
1451 }
1452 default:
1453 if (show_warnings)
1454 print_warning("invalid magic in dir inode %llu "
1455 "free block",
1456 (unsigned long long)cur_ino);
1457 break;
1458 }
1459 }
1460
1461 static void
1462 process_dir_leaf_block(
1463 char *block)
1464 {
1465 struct xfs_dir2_leaf *leaf;
1466 struct xfs_dir3_icleaf_hdr leafhdr;
1467
1468 if (!zero_stale_data)
1469 return;
1470
1471 /* Yes, this works for dir2 & dir3. Difference is padding. */
1472 leaf = (struct xfs_dir2_leaf *)block;
1473 M_DIROPS(mp)->leaf_hdr_from_disk(&leafhdr, leaf);
1474
1475 switch (leafhdr.magic) {
1476 case XFS_DIR2_LEAF1_MAGIC:
1477 case XFS_DIR3_LEAF1_MAGIC: {
1478 struct xfs_dir2_leaf_tail *ltp;
1479 __be16 *lbp;
1480 struct xfs_dir2_leaf_entry *ents;
1481 char *free; /* end of ents */
1482
1483 /* Zero out space from end of ents[] to bests */
1484 ents = M_DIROPS(mp)->leaf_ents_p(leaf);
1485 free = (char *)&ents[leafhdr.count];
1486 ltp = xfs_dir2_leaf_tail_p(mp->m_dir_geo, leaf);
1487 lbp = xfs_dir2_leaf_bests_p(ltp);
1488 memset(free, 0, (char *)lbp - free);
1489 iocur_top->need_crc = 1;
1490 break;
1491 }
1492 case XFS_DIR2_LEAFN_MAGIC:
1493 case XFS_DIR3_LEAFN_MAGIC: {
1494 struct xfs_dir2_leaf_entry *ents;
1495 char *free;
1496 int used;
1497
1498 /* Zero out space from end of ents[] to end of block */
1499 ents = M_DIROPS(mp)->leaf_ents_p(leaf);
1500 free = (char *)&ents[leafhdr.count];
1501 used = free - (char*)leaf;
1502 memset(free, 0, mp->m_dir_geo->blksize - used);
1503 iocur_top->need_crc = 1;
1504 break;
1505 }
1506 default:
1507 break;
1508 }
1509 }
1510
1511 static void
1512 process_dir_data_block(
1513 char *block,
1514 xfs_fileoff_t offset,
1515 int is_block_format)
1516 {
1517 /*
1518 * we have to rely on the fileoffset and signature of the block to
1519 * handle it's contents. If it's invalid, leave it alone.
1520 * for multi-fsblock dir blocks, if a name crosses an extent boundary,
1521 * ignore it and continue.
1522 */
1523 int dir_offset;
1524 char *ptr;
1525 char *endptr;
1526 int end_of_data;
1527 int wantmagic;
1528 struct xfs_dir2_data_hdr *datahdr;
1529
1530 datahdr = (struct xfs_dir2_data_hdr *)block;
1531
1532 if (is_block_format) {
1533 xfs_dir2_leaf_entry_t *blp;
1534 xfs_dir2_block_tail_t *btp;
1535
1536 btp = xfs_dir2_block_tail_p(mp->m_dir_geo, datahdr);
1537 blp = xfs_dir2_block_leaf_p(btp);
1538 if ((char *)blp > (char *)btp)
1539 blp = (xfs_dir2_leaf_entry_t *)btp;
1540
1541 end_of_data = (char *)blp - block;
1542 if (xfs_sb_version_hascrc(&mp->m_sb))
1543 wantmagic = XFS_DIR3_BLOCK_MAGIC;
1544 else
1545 wantmagic = XFS_DIR2_BLOCK_MAGIC;
1546 } else { /* leaf/node format */
1547 end_of_data = mp->m_dir_geo->fsbcount << mp->m_sb.sb_blocklog;
1548 if (xfs_sb_version_hascrc(&mp->m_sb))
1549 wantmagic = XFS_DIR3_DATA_MAGIC;
1550 else
1551 wantmagic = XFS_DIR2_DATA_MAGIC;
1552 }
1553
1554 if (be32_to_cpu(datahdr->magic) != wantmagic) {
1555 if (show_warnings)
1556 print_warning(
1557 "invalid magic in dir inode %llu block %ld",
1558 (unsigned long long)cur_ino, (long)offset);
1559 return;
1560 }
1561
1562 dir_offset = M_DIROPS(mp)->data_entry_offset;
1563 ptr = block + dir_offset;
1564 endptr = block + mp->m_dir_geo->blksize;
1565
1566 while (ptr < endptr && dir_offset < end_of_data) {
1567 xfs_dir2_data_entry_t *dep;
1568 xfs_dir2_data_unused_t *dup;
1569 int length;
1570
1571 dup = (xfs_dir2_data_unused_t *)ptr;
1572
1573 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
1574 int free_length = be16_to_cpu(dup->length);
1575 if (dir_offset + free_length > end_of_data ||
1576 !free_length ||
1577 (free_length & (XFS_DIR2_DATA_ALIGN - 1))) {
1578 if (show_warnings)
1579 print_warning(
1580 "invalid length for dir free space in inode %llu",
1581 (long long)cur_ino);
1582 return;
1583 }
1584 if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
1585 dir_offset)
1586 return;
1587 dir_offset += free_length;
1588 ptr += free_length;
1589 /*
1590 * Zero the unused space up to the tag - the tag is
1591 * actually at a variable offset, so zeroing &dup->tag
1592 * is zeroing the free space in between
1593 */
1594 if (zero_stale_data) {
1595 int zlen = free_length -
1596 sizeof(xfs_dir2_data_unused_t);
1597
1598 if (zlen > 0) {
1599 memset(&dup->tag, 0, zlen);
1600 iocur_top->need_crc = 1;
1601 }
1602 }
1603 if (dir_offset >= end_of_data || ptr >= endptr)
1604 return;
1605 }
1606
1607 dep = (xfs_dir2_data_entry_t *)ptr;
1608 length = M_DIROPS(mp)->data_entsize(dep->namelen);
1609
1610 if (dir_offset + length > end_of_data ||
1611 ptr + length > endptr) {
1612 if (show_warnings)
1613 print_warning(
1614 "invalid length for dir entry name in inode %llu",
1615 (long long)cur_ino);
1616 return;
1617 }
1618 if (be16_to_cpu(*M_DIROPS(mp)->data_entry_tag_p(dep)) !=
1619 dir_offset)
1620 return;
1621
1622 if (obfuscate)
1623 generate_obfuscated_name(be64_to_cpu(dep->inumber),
1624 dep->namelen, &dep->name[0]);
1625 dir_offset += length;
1626 ptr += length;
1627 /* Zero the unused space after name, up to the tag */
1628 if (zero_stale_data) {
1629 /* 1 byte for ftype; don't bother with conditional */
1630 int zlen =
1631 (char *)M_DIROPS(mp)->data_entry_tag_p(dep) -
1632 (char *)&dep->name[dep->namelen] - 1;
1633 if (zlen > 0) {
1634 memset(&dep->name[dep->namelen] + 1, 0, zlen);
1635 iocur_top->need_crc = 1;
1636 }
1637 }
1638 }
1639 }
1640
1641 static void
1642 process_symlink_block(
1643 char *block)
1644 {
1645 char *link = block;
1646
1647 if (xfs_sb_version_hascrc(&(mp)->m_sb))
1648 link += sizeof(struct xfs_dsymlink_hdr);
1649
1650 if (obfuscate)
1651 obfuscate_path_components(link, XFS_SYMLINK_BUF_SPACE(mp,
1652 mp->m_sb.sb_blocksize));
1653 if (zero_stale_data) {
1654 size_t linklen, zlen;
1655
1656 linklen = strlen(link);
1657 zlen = mp->m_sb.sb_blocksize - linklen;
1658 if (xfs_sb_version_hascrc(&mp->m_sb))
1659 zlen -= sizeof(struct xfs_dsymlink_hdr);
1660 if (zlen < mp->m_sb.sb_blocksize)
1661 memset(link + linklen, 0, zlen);
1662 }
1663 }
1664
1665 #define MAX_REMOTE_VALS 4095
1666
1667 static struct attr_data_s {
1668 int remote_val_count;
1669 xfs_dablk_t remote_vals[MAX_REMOTE_VALS];
1670 } attr_data;
1671
1672 static inline void
1673 add_remote_vals(
1674 xfs_dablk_t blockidx,
1675 int length)
1676 {
1677 while (length > 0 && attr_data.remote_val_count < MAX_REMOTE_VALS) {
1678 attr_data.remote_vals[attr_data.remote_val_count] = blockidx;
1679 attr_data.remote_val_count++;
1680 blockidx++;
1681 length -= XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
1682 }
1683
1684 if (attr_data.remote_val_count >= MAX_REMOTE_VALS) {
1685 print_warning(
1686 "Overflowed attr obfuscation array. No longer obfuscating remote attrs.");
1687 }
1688 }
1689
1690 /* Handle remote and leaf attributes */
1691 static void
1692 process_attr_block(
1693 char *block,
1694 xfs_fileoff_t offset)
1695 {
1696 struct xfs_attr_leafblock *leaf;
1697 struct xfs_attr3_icleaf_hdr hdr;
1698 int i;
1699 int nentries;
1700 xfs_attr_leaf_entry_t *entry;
1701 xfs_attr_leaf_name_local_t *local;
1702 xfs_attr_leaf_name_remote_t *remote;
1703 uint32_t bs = mp->m_sb.sb_blocksize;
1704 char *first_name;
1705
1706
1707 leaf = (xfs_attr_leafblock_t *)block;
1708
1709 /* Remote attributes - attr3 has XFS_ATTR3_RMT_MAGIC, attr has none */
1710 if ((be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR_LEAF_MAGIC) &&
1711 (be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR3_LEAF_MAGIC)) {
1712 for (i = 0; i < attr_data.remote_val_count; i++) {
1713 if (obfuscate && attr_data.remote_vals[i] == offset)
1714 /* Macros to handle both attr and attr3 */
1715 memset(block +
1716 (bs - XFS_ATTR3_RMT_BUF_SPACE(mp, bs)),
1717 'v', XFS_ATTR3_RMT_BUF_SPACE(mp, bs));
1718 }
1719 return;
1720 }
1721
1722 /* Ok, it's a leaf - get header; accounts for crc & non-crc */
1723 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &hdr, leaf);
1724
1725 nentries = hdr.count;
1726 if (nentries == 0 ||
1727 nentries * sizeof(xfs_attr_leaf_entry_t) +
1728 xfs_attr3_leaf_hdr_size(leaf) >
1729 XFS_ATTR3_RMT_BUF_SPACE(mp, bs)) {
1730 if (show_warnings)
1731 print_warning("invalid attr count in inode %llu",
1732 (long long)cur_ino);
1733 return;
1734 }
1735
1736 entry = xfs_attr3_leaf_entryp(leaf);
1737 /* We will move this as we parse */
1738 first_name = NULL;
1739 for (i = 0; i < nentries; i++, entry++) {
1740 int nlen, vlen, zlen;
1741
1742 /* Grows up; if this name is topmost, move first_name */
1743 if (!first_name || xfs_attr3_leaf_name(leaf, i) < first_name)
1744 first_name = xfs_attr3_leaf_name(leaf, i);
1745
1746 if (be16_to_cpu(entry->nameidx) > mp->m_sb.sb_blocksize) {
1747 if (show_warnings)
1748 print_warning(
1749 "invalid attr nameidx in inode %llu",
1750 (long long)cur_ino);
1751 break;
1752 }
1753 if (entry->flags & XFS_ATTR_LOCAL) {
1754 local = xfs_attr3_leaf_name_local(leaf, i);
1755 if (local->namelen == 0) {
1756 if (show_warnings)
1757 print_warning(
1758 "zero length for attr name in inode %llu",
1759 (long long)cur_ino);
1760 break;
1761 }
1762 if (obfuscate) {
1763 generate_obfuscated_name(0, local->namelen,
1764 &local->nameval[0]);
1765 memset(&local->nameval[local->namelen], 'v',
1766 be16_to_cpu(local->valuelen));
1767 }
1768 /* zero from end of nameval[] to next name start */
1769 nlen = local->namelen;
1770 vlen = be16_to_cpu(local->valuelen);
1771 zlen = xfs_attr_leaf_entsize_local(nlen, vlen) -
1772 (sizeof(xfs_attr_leaf_name_local_t) - 1 +
1773 nlen + vlen);
1774 if (zero_stale_data)
1775 memset(&local->nameval[nlen + vlen], 0, zlen);
1776 } else {
1777 remote = xfs_attr3_leaf_name_remote(leaf, i);
1778 if (remote->namelen == 0 || remote->valueblk == 0) {
1779 if (show_warnings)
1780 print_warning(
1781 "invalid attr entry in inode %llu",
1782 (long long)cur_ino);
1783 break;
1784 }
1785 if (obfuscate) {
1786 generate_obfuscated_name(0, remote->namelen,
1787 &remote->name[0]);
1788 add_remote_vals(be32_to_cpu(remote->valueblk),
1789 be32_to_cpu(remote->valuelen));
1790 }
1791 /* zero from end of name[] to next name start */
1792 nlen = remote->namelen;
1793 zlen = xfs_attr_leaf_entsize_remote(nlen) -
1794 (sizeof(xfs_attr_leaf_name_remote_t) - 1 +
1795 nlen);
1796 if (zero_stale_data)
1797 memset(&remote->name[nlen], 0, zlen);
1798 }
1799 }
1800
1801 /* Zero from end of entries array to the first name/val */
1802 if (zero_stale_data) {
1803 struct xfs_attr_leaf_entry *entries;
1804
1805 entries = xfs_attr3_leaf_entryp(leaf);
1806 memset(&entries[nentries], 0,
1807 first_name - (char *)&entries[nentries]);
1808 }
1809 }
1810
1811 /* Processes symlinks, attrs, directories ... */
1812 static int
1813 process_single_fsb_objects(
1814 xfs_fileoff_t o,
1815 xfs_fsblock_t s,
1816 xfs_filblks_t c,
1817 typnm_t btype,
1818 xfs_fileoff_t last)
1819 {
1820 char *dp;
1821 int ret = 0;
1822 int i;
1823
1824 for (i = 0; i < c; i++) {
1825 push_cur();
1826 set_cur(&typtab[btype], XFS_FSB_TO_DADDR(mp, s), blkbb,
1827 DB_RING_IGN, NULL);
1828
1829 if (!iocur_top->data) {
1830 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1831 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1832
1833 print_warning("cannot read %s block %u/%u (%llu)",
1834 typtab[btype].name, agno, agbno, s);
1835 if (stop_on_read_error)
1836 ret = -EIO;
1837 goto out_pop;
1838
1839 }
1840
1841 if (!obfuscate && !zero_stale_data)
1842 goto write;
1843
1844 /* Zero unused part of interior nodes */
1845 if (zero_stale_data) {
1846 xfs_da_intnode_t *node = iocur_top->data;
1847 int magic = be16_to_cpu(node->hdr.info.magic);
1848
1849 if (magic == XFS_DA_NODE_MAGIC ||
1850 magic == XFS_DA3_NODE_MAGIC) {
1851 struct xfs_da3_icnode_hdr hdr;
1852 int used;
1853
1854 M_DIROPS(mp)->node_hdr_from_disk(&hdr, node);
1855 used = M_DIROPS(mp)->node_hdr_size;
1856
1857 used += hdr.count
1858 * sizeof(struct xfs_da_node_entry);
1859
1860 if (used < mp->m_sb.sb_blocksize) {
1861 memset((char *)node + used, 0,
1862 mp->m_sb.sb_blocksize - used);
1863 iocur_top->need_crc = 1;
1864 }
1865 }
1866 }
1867
1868 /* Handle leaf nodes */
1869 dp = iocur_top->data;
1870 switch (btype) {
1871 case TYP_DIR2:
1872 if (o >= mp->m_dir_geo->freeblk) {
1873 process_dir_free_block(dp);
1874 } else if (o >= mp->m_dir_geo->leafblk) {
1875 process_dir_leaf_block(dp);
1876 } else {
1877 process_dir_data_block(dp, o,
1878 last == mp->m_dir_geo->fsbcount);
1879 }
1880 iocur_top->need_crc = 1;
1881 break;
1882 case TYP_SYMLINK:
1883 process_symlink_block(dp);
1884 iocur_top->need_crc = 1;
1885 break;
1886 case TYP_ATTR:
1887 process_attr_block(dp, o);
1888 iocur_top->need_crc = 1;
1889 break;
1890 default:
1891 break;
1892 }
1893
1894 write:
1895 ret = write_buf(iocur_top);
1896 out_pop:
1897 pop_cur();
1898 if (ret)
1899 break;
1900 o++;
1901 s++;
1902 }
1903
1904 return ret;
1905 }
1906
1907 /*
1908 * Static map to aggregate multiple extents into a single directory block.
1909 */
1910 static struct bbmap mfsb_map;
1911 static int mfsb_length;
1912
1913 static int
1914 process_multi_fsb_objects(
1915 xfs_fileoff_t o,
1916 xfs_fsblock_t s,
1917 xfs_filblks_t c,
1918 typnm_t btype,
1919 xfs_fileoff_t last)
1920 {
1921 char *dp;
1922 int ret = 0;
1923
1924 switch (btype) {
1925 case TYP_DIR2:
1926 break;
1927 default:
1928 print_warning("bad type for multi-fsb object %d", btype);
1929 return -EINVAL;
1930 }
1931
1932 while (c > 0) {
1933 unsigned int bm_len;
1934
1935 if (mfsb_length + c >= mp->m_dir_geo->fsbcount) {
1936 bm_len = mp->m_dir_geo->fsbcount - mfsb_length;
1937 mfsb_length = 0;
1938 } else {
1939 mfsb_length += c;
1940 bm_len = c;
1941 }
1942
1943 mfsb_map.b[mfsb_map.nmaps].bm_bn = XFS_FSB_TO_DADDR(mp, s);
1944 mfsb_map.b[mfsb_map.nmaps].bm_len = XFS_FSB_TO_BB(mp, bm_len);
1945 mfsb_map.nmaps++;
1946
1947 if (mfsb_length == 0) {
1948 push_cur();
1949 set_cur(&typtab[btype], 0, 0, DB_RING_IGN, &mfsb_map);
1950 if (!iocur_top->data) {
1951 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1952 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1953
1954 print_warning("cannot read %s block %u/%u (%llu)",
1955 typtab[btype].name, agno, agbno, s);
1956 if (stop_on_read_error)
1957 ret = -1;
1958 goto out_pop;
1959
1960 }
1961
1962 if (!obfuscate && !zero_stale_data)
1963 goto write;
1964
1965 dp = iocur_top->data;
1966 if (o >= mp->m_dir_geo->freeblk) {
1967 process_dir_free_block(dp);
1968 } else if (o >= mp->m_dir_geo->leafblk) {
1969 process_dir_leaf_block(dp);
1970 } else {
1971 process_dir_data_block(dp, o,
1972 last == mp->m_dir_geo->fsbcount);
1973 }
1974 iocur_top->need_crc = 1;
1975 write:
1976 ret = write_buf(iocur_top);
1977 out_pop:
1978 pop_cur();
1979 mfsb_map.nmaps = 0;
1980 if (ret)
1981 break;
1982 }
1983 c -= bm_len;
1984 s += bm_len;
1985 }
1986
1987 return ret;
1988 }
1989
1990 /* inode copy routines */
1991 static int
1992 process_bmbt_reclist(
1993 xfs_bmbt_rec_t *rp,
1994 int numrecs,
1995 typnm_t btype)
1996 {
1997 int i;
1998 xfs_fileoff_t o, op = NULLFILEOFF;
1999 xfs_fsblock_t s;
2000 xfs_filblks_t c, cp = NULLFILEOFF;
2001 int f;
2002 xfs_fileoff_t last;
2003 xfs_agnumber_t agno;
2004 xfs_agblock_t agbno;
2005 int error;
2006
2007 if (btype == TYP_DATA)
2008 return 1;
2009
2010 convert_extent(&rp[numrecs - 1], &o, &s, &c, &f);
2011 last = o + c;
2012
2013 for (i = 0; i < numrecs; i++, rp++) {
2014 convert_extent(rp, &o, &s, &c, &f);
2015
2016 /*
2017 * ignore extents that are clearly bogus, and if a bogus
2018 * one is found, stop processing remaining extents
2019 */
2020 if (i > 0 && op + cp > o) {
2021 if (show_warnings)
2022 print_warning("bmap extent %d in %s ino %llu "
2023 "starts at %llu, previous extent "
2024 "ended at %llu", i,
2025 typtab[btype].name, (long long)cur_ino,
2026 o, op + cp - 1);
2027 break;
2028 }
2029
2030 if (c > max_extent_size) {
2031 /*
2032 * since we are only processing non-data extents,
2033 * large numbers of blocks in a metadata extent is
2034 * extremely rare and more than likely to be corrupt.
2035 */
2036 if (show_warnings)
2037 print_warning("suspicious count %u in bmap "
2038 "extent %d in %s ino %llu", c, i,
2039 typtab[btype].name, (long long)cur_ino);
2040 break;
2041 }
2042
2043 op = o;
2044 cp = c;
2045
2046 agno = XFS_FSB_TO_AGNO(mp, s);
2047 agbno = XFS_FSB_TO_AGBNO(mp, s);
2048
2049 if (!valid_bno(agno, agbno)) {
2050 if (show_warnings)
2051 print_warning("invalid block number %u/%u "
2052 "(%llu) in bmap extent %d in %s ino "
2053 "%llu", agno, agbno, s, i,
2054 typtab[btype].name, (long long)cur_ino);
2055 break;
2056 }
2057
2058 if (!valid_bno(agno, agbno + c - 1)) {
2059 if (show_warnings)
2060 print_warning("bmap extent %i in %s inode %llu "
2061 "overflows AG (end is %u/%u)", i,
2062 typtab[btype].name, (long long)cur_ino,
2063 agno, agbno + c - 1);
2064 break;
2065 }
2066
2067 /* multi-extent blocks require special handling */
2068 if (btype != TYP_DIR2 || mp->m_dir_geo->fsbcount == 1) {
2069 error = process_single_fsb_objects(o, s, c, btype, last);
2070 } else {
2071 error = process_multi_fsb_objects(o, s, c, btype, last);
2072 }
2073 if (error)
2074 return 0;
2075 }
2076
2077 return 1;
2078 }
2079
2080 static int
2081 scanfunc_bmap(
2082 struct xfs_btree_block *block,
2083 xfs_agnumber_t agno,
2084 xfs_agblock_t agbno,
2085 int level,
2086 typnm_t btype,
2087 void *arg) /* ptr to itype */
2088 {
2089 int i;
2090 xfs_bmbt_ptr_t *pp;
2091 int nrecs;
2092
2093 nrecs = be16_to_cpu(block->bb_numrecs);
2094
2095 if (level == 0) {
2096 if (nrecs > mp->m_bmap_dmxr[0]) {
2097 if (show_warnings)
2098 print_warning("invalid numrecs (%u) in %s "
2099 "block %u/%u", nrecs,
2100 typtab[btype].name, agno, agbno);
2101 return 1;
2102 }
2103 return process_bmbt_reclist(XFS_BMBT_REC_ADDR(mp, block, 1),
2104 nrecs, *(typnm_t*)arg);
2105 }
2106
2107 if (nrecs > mp->m_bmap_dmxr[1]) {
2108 if (show_warnings)
2109 print_warning("invalid numrecs (%u) in %s block %u/%u",
2110 nrecs, typtab[btype].name, agno, agbno);
2111 return 1;
2112 }
2113 pp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
2114 for (i = 0; i < nrecs; i++) {
2115 xfs_agnumber_t ag;
2116 xfs_agblock_t bno;
2117
2118 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2119 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2120
2121 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2122 ag > mp->m_sb.sb_agcount) {
2123 if (show_warnings)
2124 print_warning("invalid block number (%u/%u) "
2125 "in %s block %u/%u", ag, bno,
2126 typtab[btype].name, agno, agbno);
2127 continue;
2128 }
2129
2130 if (!scan_btree(ag, bno, level, btype, arg, scanfunc_bmap))
2131 return 0;
2132 }
2133 return 1;
2134 }
2135
2136 static int
2137 process_btinode(
2138 xfs_dinode_t *dip,
2139 typnm_t itype)
2140 {
2141 xfs_bmdr_block_t *dib;
2142 int i;
2143 xfs_bmbt_ptr_t *pp;
2144 int level;
2145 int nrecs;
2146 int maxrecs;
2147 int whichfork;
2148 typnm_t btype;
2149
2150 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2151 btype = (itype == TYP_ATTR) ? TYP_BMAPBTA : TYP_BMAPBTD;
2152
2153 dib = (xfs_bmdr_block_t *)XFS_DFORK_PTR(dip, whichfork);
2154 level = be16_to_cpu(dib->bb_level);
2155 nrecs = be16_to_cpu(dib->bb_numrecs);
2156
2157 if (level > XFS_BM_MAXLEVELS(mp, whichfork)) {
2158 if (show_warnings)
2159 print_warning("invalid level (%u) in inode %lld %s "
2160 "root", level, (long long)cur_ino,
2161 typtab[btype].name);
2162 return 1;
2163 }
2164
2165 if (level == 0) {
2166 return process_bmbt_reclist(XFS_BMDR_REC_ADDR(dib, 1),
2167 nrecs, itype);
2168 }
2169
2170 maxrecs = libxfs_bmdr_maxrecs(XFS_DFORK_SIZE(dip, mp, whichfork), 0);
2171 if (nrecs > maxrecs) {
2172 if (show_warnings)
2173 print_warning("invalid numrecs (%u) in inode %lld %s "
2174 "root", nrecs, (long long)cur_ino,
2175 typtab[btype].name);
2176 return 1;
2177 }
2178
2179 pp = XFS_BMDR_PTR_ADDR(dib, 1, maxrecs);
2180
2181 if (zero_stale_data) {
2182 char *top;
2183
2184 /* Unused btree key space */
2185 top = (char*)XFS_BMDR_KEY_ADDR(dib, nrecs + 1);
2186 memset(top, 0, (char*)pp - top);
2187
2188 /* Unused btree ptr space */
2189 top = (char*)&pp[nrecs];
2190 memset(top, 0, (char*)dib + XFS_DFORK_SIZE(dip, mp, whichfork) - top);
2191 }
2192
2193 for (i = 0; i < nrecs; i++) {
2194 xfs_agnumber_t ag;
2195 xfs_agblock_t bno;
2196
2197 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2198 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2199
2200 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2201 ag > mp->m_sb.sb_agcount) {
2202 if (show_warnings)
2203 print_warning("invalid block number (%u/%u) "
2204 "in inode %llu %s root", ag,
2205 bno, (long long)cur_ino,
2206 typtab[btype].name);
2207 continue;
2208 }
2209
2210 if (!scan_btree(ag, bno, level, btype, &itype, scanfunc_bmap))
2211 return 0;
2212 }
2213 return 1;
2214 }
2215
2216 static int
2217 process_exinode(
2218 xfs_dinode_t *dip,
2219 typnm_t itype)
2220 {
2221 int whichfork;
2222 int used;
2223 xfs_extnum_t nex;
2224
2225 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2226
2227 nex = XFS_DFORK_NEXTENTS(dip, whichfork);
2228 used = nex * sizeof(xfs_bmbt_rec_t);
2229 if (nex < 0 || used > XFS_DFORK_SIZE(dip, mp, whichfork)) {
2230 if (show_warnings)
2231 print_warning("bad number of extents %d in inode %lld",
2232 nex, (long long)cur_ino);
2233 return 1;
2234 }
2235
2236 /* Zero unused data fork past used extents */
2237 if (zero_stale_data && (used < XFS_DFORK_SIZE(dip, mp, whichfork)))
2238 memset(XFS_DFORK_PTR(dip, whichfork) + used, 0,
2239 XFS_DFORK_SIZE(dip, mp, whichfork) - used);
2240
2241
2242 return process_bmbt_reclist((xfs_bmbt_rec_t *)XFS_DFORK_PTR(dip,
2243 whichfork), nex, itype);
2244 }
2245
2246 static int
2247 process_inode_data(
2248 xfs_dinode_t *dip,
2249 typnm_t itype)
2250 {
2251 switch (dip->di_format) {
2252 case XFS_DINODE_FMT_LOCAL:
2253 if (obfuscate || zero_stale_data)
2254 switch (itype) {
2255 case TYP_DIR2:
2256 process_sf_dir(dip);
2257 break;
2258
2259 case TYP_SYMLINK:
2260 process_sf_symlink(dip);
2261 break;
2262
2263 default: ;
2264 }
2265 break;
2266
2267 case XFS_DINODE_FMT_EXTENTS:
2268 return process_exinode(dip, itype);
2269
2270 case XFS_DINODE_FMT_BTREE:
2271 return process_btinode(dip, itype);
2272 }
2273 return 1;
2274 }
2275
2276 static int
2277 process_dev_inode(
2278 xfs_dinode_t *dip)
2279 {
2280 if (XFS_DFORK_NEXTENTS(dip, XFS_DATA_FORK)) {
2281 if (show_warnings)
2282 print_warning("inode %llu has unexpected extents",
2283 (unsigned long long)cur_ino);
2284 return 0;
2285 } else {
2286 if (zero_stale_data) {
2287 unsigned int size = sizeof(xfs_dev_t);
2288
2289 memset(XFS_DFORK_DPTR(dip) + size, 0,
2290 XFS_DFORK_DSIZE(dip, mp) - size);
2291 }
2292 return 1;
2293 }
2294 }
2295
2296 /*
2297 * when we process the inode, we may change the data in the data and/or
2298 * attribute fork if they are in short form and we are obfuscating names.
2299 * In this case we need to recalculate the CRC of the inode, but we should
2300 * only do that if the CRC in the inode is good to begin with. If the crc
2301 * is not ok, we just leave it alone.
2302 */
2303 static int
2304 process_inode(
2305 xfs_agnumber_t agno,
2306 xfs_agino_t agino,
2307 xfs_dinode_t *dip,
2308 bool free_inode)
2309 {
2310 int success;
2311 bool crc_was_ok = false; /* no recalc by default */
2312 bool need_new_crc = false;
2313
2314 success = 1;
2315 cur_ino = XFS_AGINO_TO_INO(mp, agno, agino);
2316
2317 /* we only care about crc recalculation if we will modify the inode. */
2318 if (obfuscate || zero_stale_data) {
2319 crc_was_ok = libxfs_verify_cksum((char *)dip,
2320 mp->m_sb.sb_inodesize,
2321 offsetof(struct xfs_dinode, di_crc));
2322 }
2323
2324 if (free_inode) {
2325 if (zero_stale_data) {
2326 /* Zero all of the inode literal area */
2327 memset(XFS_DFORK_DPTR(dip), 0,
2328 XFS_LITINO(mp, dip->di_version));
2329 }
2330 goto done;
2331 }
2332
2333 /* copy appropriate data fork metadata */
2334 switch (be16_to_cpu(dip->di_mode) & S_IFMT) {
2335 case S_IFDIR:
2336 success = process_inode_data(dip, TYP_DIR2);
2337 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2338 need_new_crc = 1;
2339 break;
2340 case S_IFLNK:
2341 success = process_inode_data(dip, TYP_SYMLINK);
2342 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2343 need_new_crc = 1;
2344 break;
2345 case S_IFREG:
2346 success = process_inode_data(dip, TYP_DATA);
2347 break;
2348 case S_IFIFO:
2349 case S_IFCHR:
2350 case S_IFBLK:
2351 case S_IFSOCK:
2352 success = process_dev_inode(dip);
2353 need_new_crc = 1;
2354 break;
2355 default:
2356 break;
2357 }
2358 nametable_clear();
2359
2360 /* copy extended attributes if they exist and forkoff is valid */
2361 if (success &&
2362 XFS_DFORK_DSIZE(dip, mp) < XFS_LITINO(mp, dip->di_version)) {
2363 attr_data.remote_val_count = 0;
2364 switch (dip->di_aformat) {
2365 case XFS_DINODE_FMT_LOCAL:
2366 need_new_crc = 1;
2367 if (obfuscate || zero_stale_data)
2368 process_sf_attr(dip);
2369 break;
2370
2371 case XFS_DINODE_FMT_EXTENTS:
2372 success = process_exinode(dip, TYP_ATTR);
2373 break;
2374
2375 case XFS_DINODE_FMT_BTREE:
2376 success = process_btinode(dip, TYP_ATTR);
2377 break;
2378 }
2379 nametable_clear();
2380 }
2381
2382 done:
2383 /* Heavy handed but low cost; just do it as a catch-all. */
2384 if (zero_stale_data)
2385 need_new_crc = 1;
2386
2387 if (crc_was_ok && need_new_crc)
2388 libxfs_dinode_calc_crc(mp, dip);
2389 return success;
2390 }
2391
2392 static uint32_t inodes_copied;
2393
2394 static int
2395 copy_inode_chunk(
2396 xfs_agnumber_t agno,
2397 xfs_inobt_rec_t *rp)
2398 {
2399 xfs_agino_t agino;
2400 int off;
2401 xfs_agblock_t agbno;
2402 xfs_agblock_t end_agbno;
2403 int i;
2404 int rval = 0;
2405 int blks_per_buf;
2406 int inodes_per_buf;
2407 int ioff;
2408
2409 agino = be32_to_cpu(rp->ir_startino);
2410 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2411 end_agbno = agbno + mp->m_ialloc_blks;
2412 off = XFS_INO_TO_OFFSET(mp, agino);
2413
2414 /*
2415 * If the fs supports sparse inode records, we must process inodes a
2416 * cluster at a time because that is the sparse allocation granularity.
2417 * Otherwise, we risk CRC corruption errors on reads of inode chunks.
2418 *
2419 * Also make sure that that we don't process more than the single record
2420 * we've been passed (large block sizes can hold multiple inode chunks).
2421 */
2422 if (xfs_sb_version_hassparseinodes(&mp->m_sb))
2423 blks_per_buf = mp->m_blocks_per_cluster;
2424 else
2425 blks_per_buf = mp->m_ialloc_blks;
2426 inodes_per_buf = min(XFS_FSB_TO_INO(mp, blks_per_buf),
2427 XFS_INODES_PER_CHUNK);
2428
2429 /*
2430 * Sanity check that we only process a single buffer if ir_startino has
2431 * a buffer offset. A non-zero offset implies that the entire chunk lies
2432 * within a block.
2433 */
2434 if (off && inodes_per_buf != XFS_INODES_PER_CHUNK) {
2435 print_warning("bad starting inode offset %d", off);
2436 return 0;
2437 }
2438
2439 if (agino == 0 || agino == NULLAGINO || !valid_bno(agno, agbno) ||
2440 !valid_bno(agno, XFS_AGINO_TO_AGBNO(mp,
2441 agino + XFS_INODES_PER_CHUNK - 1))) {
2442 if (show_warnings)
2443 print_warning("bad inode number %llu (%u/%u)",
2444 XFS_AGINO_TO_INO(mp, agno, agino), agno, agino);
2445 return 1;
2446 }
2447
2448 /*
2449 * check for basic assumptions about inode chunks, and if any
2450 * assumptions fail, don't process the inode chunk.
2451 */
2452 if ((mp->m_sb.sb_inopblock <= XFS_INODES_PER_CHUNK && off != 0) ||
2453 (mp->m_sb.sb_inopblock > XFS_INODES_PER_CHUNK &&
2454 off % XFS_INODES_PER_CHUNK != 0) ||
2455 (xfs_sb_version_hasalign(&mp->m_sb) &&
2456 mp->m_sb.sb_inoalignmt != 0 &&
2457 agbno % mp->m_sb.sb_inoalignmt != 0)) {
2458 if (show_warnings)
2459 print_warning("badly aligned inode (start = %llu)",
2460 XFS_AGINO_TO_INO(mp, agno, agino));
2461 return 1;
2462 }
2463
2464 push_cur();
2465 ioff = 0;
2466 while (agbno < end_agbno && ioff < XFS_INODES_PER_CHUNK) {
2467 if (xfs_inobt_is_sparse_disk(rp, ioff))
2468 goto next_bp;
2469
2470 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2471 XFS_FSB_TO_BB(mp, blks_per_buf), DB_RING_IGN, NULL);
2472 if (iocur_top->data == NULL) {
2473 print_warning("cannot read inode block %u/%u",
2474 agno, agbno);
2475 rval = !stop_on_read_error;
2476 goto pop_out;
2477 }
2478
2479 for (i = 0; i < inodes_per_buf; i++) {
2480 xfs_dinode_t *dip;
2481
2482 dip = (xfs_dinode_t *)((char *)iocur_top->data +
2483 ((off + i) << mp->m_sb.sb_inodelog));
2484
2485 /* process_inode handles free inodes, too */
2486 if (!process_inode(agno, agino + ioff + i, dip,
2487 XFS_INOBT_IS_FREE_DISK(rp, ioff + i)))
2488 goto pop_out;
2489
2490 inodes_copied++;
2491 }
2492
2493 if (write_buf(iocur_top))
2494 goto pop_out;
2495
2496 next_bp:
2497 agbno += blks_per_buf;
2498 ioff += inodes_per_buf;
2499 }
2500
2501 if (show_progress)
2502 print_progress("Copied %u of %u inodes (%u of %u AGs)",
2503 inodes_copied, mp->m_sb.sb_icount, agno,
2504 mp->m_sb.sb_agcount);
2505 rval = 1;
2506 pop_out:
2507 pop_cur();
2508 return rval;
2509 }
2510
2511 static int
2512 scanfunc_ino(
2513 struct xfs_btree_block *block,
2514 xfs_agnumber_t agno,
2515 xfs_agblock_t agbno,
2516 int level,
2517 typnm_t btype,
2518 void *arg)
2519 {
2520 xfs_inobt_rec_t *rp;
2521 xfs_inobt_ptr_t *pp;
2522 int i;
2523 int numrecs;
2524 int finobt = *(int *) arg;
2525
2526 numrecs = be16_to_cpu(block->bb_numrecs);
2527
2528 if (level == 0) {
2529 if (numrecs > mp->m_inobt_mxr[0]) {
2530 if (show_warnings)
2531 print_warning("invalid numrecs %d in %s "
2532 "block %u/%u", numrecs,
2533 typtab[btype].name, agno, agbno);
2534 numrecs = mp->m_inobt_mxr[0];
2535 }
2536
2537 /*
2538 * Only copy the btree blocks for the finobt. The inobt scan
2539 * copies the inode chunks.
2540 */
2541 if (finobt)
2542 return 1;
2543
2544 rp = XFS_INOBT_REC_ADDR(mp, block, 1);
2545 for (i = 0; i < numrecs; i++, rp++) {
2546 if (!copy_inode_chunk(agno, rp))
2547 return 0;
2548 }
2549 return 1;
2550 }
2551
2552 if (numrecs > mp->m_inobt_mxr[1]) {
2553 if (show_warnings)
2554 print_warning("invalid numrecs %d in %s block %u/%u",
2555 numrecs, typtab[btype].name, agno, agbno);
2556 numrecs = mp->m_inobt_mxr[1];
2557 }
2558
2559 pp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
2560 for (i = 0; i < numrecs; i++) {
2561 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
2562 if (show_warnings)
2563 print_warning("invalid block number (%u/%u) "
2564 "in %s block %u/%u",
2565 agno, be32_to_cpu(pp[i]),
2566 typtab[btype].name, agno, agbno);
2567 continue;
2568 }
2569 if (!scan_btree(agno, be32_to_cpu(pp[i]), level,
2570 btype, arg, scanfunc_ino))
2571 return 0;
2572 }
2573 return 1;
2574 }
2575
2576 static int
2577 copy_inodes(
2578 xfs_agnumber_t agno,
2579 xfs_agi_t *agi)
2580 {
2581 xfs_agblock_t root;
2582 int levels;
2583 int finobt = 0;
2584
2585 root = be32_to_cpu(agi->agi_root);
2586 levels = be32_to_cpu(agi->agi_level);
2587
2588 /* validate root and levels before processing the tree */
2589 if (root == 0 || root > mp->m_sb.sb_agblocks) {
2590 if (show_warnings)
2591 print_warning("invalid block number (%u) in inobt "
2592 "root in agi %u", root, agno);
2593 return 1;
2594 }
2595 if (levels >= XFS_BTREE_MAXLEVELS) {
2596 if (show_warnings)
2597 print_warning("invalid level (%u) in inobt root "
2598 "in agi %u", levels, agno);
2599 return 1;
2600 }
2601
2602 if (!scan_btree(agno, root, levels, TYP_INOBT, &finobt, scanfunc_ino))
2603 return 0;
2604
2605 if (xfs_sb_version_hasfinobt(&mp->m_sb)) {
2606 root = be32_to_cpu(agi->agi_free_root);
2607 levels = be32_to_cpu(agi->agi_free_level);
2608
2609 finobt = 1;
2610 if (!scan_btree(agno, root, levels, TYP_FINOBT, &finobt,
2611 scanfunc_ino))
2612 return 0;
2613 }
2614
2615 return 1;
2616 }
2617
2618 static int
2619 scan_ag(
2620 xfs_agnumber_t agno)
2621 {
2622 xfs_agf_t *agf;
2623 xfs_agi_t *agi;
2624 int stack_count = 0;
2625 int rval = 0;
2626
2627 /* copy the superblock of the AG */
2628 push_cur();
2629 stack_count++;
2630 set_cur(&typtab[TYP_SB], XFS_AG_DADDR(mp, agno, XFS_SB_DADDR),
2631 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2632 if (!iocur_top->data) {
2633 print_warning("cannot read superblock for ag %u", agno);
2634 if (stop_on_read_error)
2635 goto pop_out;
2636 } else {
2637 /* Replace any filesystem label with "L's" */
2638 if (obfuscate) {
2639 struct xfs_sb *sb = iocur_top->data;
2640 memset(sb->sb_fname, 'L',
2641 min(strlen(sb->sb_fname), sizeof(sb->sb_fname)));
2642 iocur_top->need_crc = 1;
2643 }
2644 if (write_buf(iocur_top))
2645 goto pop_out;
2646 }
2647
2648 /* copy the AG free space btree root */
2649 push_cur();
2650 stack_count++;
2651 set_cur(&typtab[TYP_AGF], XFS_AG_DADDR(mp, agno, XFS_AGF_DADDR(mp)),
2652 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2653 agf = iocur_top->data;
2654 if (iocur_top->data == NULL) {
2655 print_warning("cannot read agf block for ag %u", agno);
2656 if (stop_on_read_error)
2657 goto pop_out;
2658 } else {
2659 if (write_buf(iocur_top))
2660 goto pop_out;
2661 }
2662
2663 /* copy the AG inode btree root */
2664 push_cur();
2665 stack_count++;
2666 set_cur(&typtab[TYP_AGI], XFS_AG_DADDR(mp, agno, XFS_AGI_DADDR(mp)),
2667 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2668 agi = iocur_top->data;
2669 if (iocur_top->data == NULL) {
2670 print_warning("cannot read agi block for ag %u", agno);
2671 if (stop_on_read_error)
2672 goto pop_out;
2673 } else {
2674 if (write_buf(iocur_top))
2675 goto pop_out;
2676 }
2677
2678 /* copy the AG free list header */
2679 push_cur();
2680 stack_count++;
2681 set_cur(&typtab[TYP_AGFL], XFS_AG_DADDR(mp, agno, XFS_AGFL_DADDR(mp)),
2682 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2683 if (iocur_top->data == NULL) {
2684 print_warning("cannot read agfl block for ag %u", agno);
2685 if (stop_on_read_error)
2686 goto pop_out;
2687 } else {
2688 if (agf && zero_stale_data) {
2689 /* Zero out unused bits of agfl */
2690 int i;
2691 __be32 *agfl_bno;
2692
2693 agfl_bno = XFS_BUF_TO_AGFL_BNO(mp, iocur_top->bp);
2694 i = be32_to_cpu(agf->agf_fllast);
2695
2696 for (;;) {
2697 if (++i == libxfs_agfl_size(mp))
2698 i = 0;
2699 if (i == be32_to_cpu(agf->agf_flfirst))
2700 break;
2701 agfl_bno[i] = cpu_to_be32(NULLAGBLOCK);
2702 }
2703 iocur_top->need_crc = 1;
2704 }
2705 if (write_buf(iocur_top))
2706 goto pop_out;
2707 }
2708
2709 /* copy AG free space btrees */
2710 if (agf) {
2711 if (show_progress)
2712 print_progress("Copying free space trees of AG %u",
2713 agno);
2714 if (!copy_free_bno_btree(agno, agf))
2715 goto pop_out;
2716 if (!copy_free_cnt_btree(agno, agf))
2717 goto pop_out;
2718 if (!copy_rmap_btree(agno, agf))
2719 goto pop_out;
2720 if (!copy_refcount_btree(agno, agf))
2721 goto pop_out;
2722 }
2723
2724 /* copy inode btrees and the inodes and their associated metadata */
2725 if (agi) {
2726 if (!copy_inodes(agno, agi))
2727 goto pop_out;
2728 }
2729 rval = 1;
2730 pop_out:
2731 while (stack_count--)
2732 pop_cur();
2733 return rval;
2734 }
2735
2736 static int
2737 copy_ino(
2738 xfs_ino_t ino,
2739 typnm_t itype)
2740 {
2741 xfs_agnumber_t agno;
2742 xfs_agblock_t agbno;
2743 xfs_agino_t agino;
2744 int offset;
2745 int rval = 0;
2746
2747 if (ino == 0 || ino == NULLFSINO)
2748 return 1;
2749
2750 agno = XFS_INO_TO_AGNO(mp, ino);
2751 agino = XFS_INO_TO_AGINO(mp, ino);
2752 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2753 offset = XFS_AGINO_TO_OFFSET(mp, agino);
2754
2755 if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
2756 offset >= mp->m_sb.sb_inopblock) {
2757 if (show_warnings)
2758 print_warning("invalid %s inode number (%lld)",
2759 typtab[itype].name, (long long)ino);
2760 return 1;
2761 }
2762
2763 push_cur();
2764 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2765 blkbb, DB_RING_IGN, NULL);
2766 if (iocur_top->data == NULL) {
2767 print_warning("cannot read %s inode %lld",
2768 typtab[itype].name, (long long)ino);
2769 rval = !stop_on_read_error;
2770 goto pop_out;
2771 }
2772 off_cur(offset << mp->m_sb.sb_inodelog, mp->m_sb.sb_inodesize);
2773
2774 cur_ino = ino;
2775 rval = process_inode_data(iocur_top->data, itype);
2776 pop_out:
2777 pop_cur();
2778 return rval;
2779 }
2780
2781
2782 static int
2783 copy_sb_inodes(void)
2784 {
2785 if (!copy_ino(mp->m_sb.sb_rbmino, TYP_RTBITMAP))
2786 return 0;
2787
2788 if (!copy_ino(mp->m_sb.sb_rsumino, TYP_RTSUMMARY))
2789 return 0;
2790
2791 if (!copy_ino(mp->m_sb.sb_uquotino, TYP_DQBLK))
2792 return 0;
2793
2794 if (!copy_ino(mp->m_sb.sb_gquotino, TYP_DQBLK))
2795 return 0;
2796
2797 return copy_ino(mp->m_sb.sb_pquotino, TYP_DQBLK);
2798 }
2799
2800 static int
2801 copy_log(void)
2802 {
2803 struct xlog log;
2804 int dirty;
2805 xfs_daddr_t logstart;
2806 int logblocks;
2807 int logversion;
2808 int cycle = XLOG_INIT_CYCLE;
2809
2810 if (show_progress)
2811 print_progress("Copying log");
2812
2813 push_cur();
2814 set_cur(&typtab[TYP_LOG], XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2815 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2816 if (iocur_top->data == NULL) {
2817 pop_cur();
2818 print_warning("cannot read log");
2819 return !stop_on_read_error;
2820 }
2821
2822 /* If not obfuscating or zeroing, just copy the log as it is */
2823 if (!obfuscate && !zero_stale_data)
2824 goto done;
2825
2826 dirty = xlog_is_dirty(mp, &log, &x, 0);
2827
2828 switch (dirty) {
2829 case 0:
2830 /* clear out a clean log */
2831 if (show_progress)
2832 print_progress("Zeroing clean log");
2833
2834 logstart = XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart);
2835 logblocks = XFS_FSB_TO_BB(mp, mp->m_sb.sb_logblocks);
2836 logversion = xfs_sb_version_haslogv2(&mp->m_sb) ? 2 : 1;
2837 if (xfs_sb_version_hascrc(&mp->m_sb))
2838 cycle = log.l_curr_cycle + 1;
2839
2840 libxfs_log_clear(NULL, iocur_top->data, logstart, logblocks,
2841 &mp->m_sb.sb_uuid, logversion,
2842 mp->m_sb.sb_logsunit, XLOG_FMT, cycle, true);
2843 break;
2844 case 1:
2845 /* keep the dirty log */
2846 if (obfuscate)
2847 print_warning(
2848 _("Warning: log recovery of an obfuscated metadata image can leak "
2849 "unobfuscated metadata and/or cause image corruption. If possible, "
2850 "please mount the filesystem to clean the log, or disable obfuscation."));
2851 break;
2852 case -1:
2853 /* log detection error */
2854 if (obfuscate)
2855 print_warning(
2856 _("Could not discern log; image will contain unobfuscated metadata in log."));
2857 break;
2858 }
2859
2860 done:
2861 return !write_buf(iocur_top);
2862 }
2863
2864 static int
2865 metadump_f(
2866 int argc,
2867 char **argv)
2868 {
2869 xfs_agnumber_t agno;
2870 int c;
2871 int start_iocur_sp;
2872 int outfd = -1;
2873 int ret;
2874 char *p;
2875
2876 exitcode = 1;
2877 show_progress = 0;
2878 show_warnings = 0;
2879 stop_on_read_error = 0;
2880
2881 if (mp->m_sb.sb_magicnum != XFS_SB_MAGIC) {
2882 print_warning("bad superblock magic number %x, giving up",
2883 mp->m_sb.sb_magicnum);
2884 return 0;
2885 }
2886
2887 /*
2888 * on load, we sanity-checked agcount and possibly set to 1
2889 * if it was corrupted and large.
2890 */
2891 if (mp->m_sb.sb_agcount == 1 &&
2892 XFS_MAX_DBLOCKS(&mp->m_sb) < mp->m_sb.sb_dblocks) {
2893 print_warning("truncated agcount, giving up");
2894 return 0;
2895 }
2896
2897 while ((c = getopt(argc, argv, "aegm:ow")) != EOF) {
2898 switch (c) {
2899 case 'a':
2900 zero_stale_data = 0;
2901 break;
2902 case 'e':
2903 stop_on_read_error = 1;
2904 break;
2905 case 'g':
2906 show_progress = 1;
2907 break;
2908 case 'm':
2909 max_extent_size = (int)strtol(optarg, &p, 0);
2910 if (*p != '\0' || max_extent_size <= 0) {
2911 print_warning("bad max extent size %s",
2912 optarg);
2913 return 0;
2914 }
2915 break;
2916 case 'o':
2917 obfuscate = 0;
2918 break;
2919 case 'w':
2920 show_warnings = 1;
2921 break;
2922 default:
2923 print_warning("bad option for metadump command");
2924 return 0;
2925 }
2926 }
2927
2928 if (optind != argc - 1) {
2929 print_warning("too few options for metadump (no filename given)");
2930 return 0;
2931 }
2932
2933 metablock = (xfs_metablock_t *)calloc(BBSIZE + 1, BBSIZE);
2934 if (metablock == NULL) {
2935 print_warning("memory allocation failure");
2936 return 0;
2937 }
2938 metablock->mb_blocklog = BBSHIFT;
2939 metablock->mb_magic = cpu_to_be32(XFS_MD_MAGIC);
2940
2941 /* Set flags about state of metadump */
2942 metablock->mb_info = XFS_METADUMP_INFO_FLAGS;
2943 if (obfuscate)
2944 metablock->mb_info |= XFS_METADUMP_OBFUSCATED;
2945 if (!zero_stale_data)
2946 metablock->mb_info |= XFS_METADUMP_FULLBLOCKS;
2947
2948 /* If we'll copy the log, see if the log is dirty */
2949 if (mp->m_sb.sb_logstart) {
2950 push_cur();
2951 set_cur(&typtab[TYP_LOG],
2952 XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2953 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2954 if (iocur_top->data) { /* best effort */
2955 struct xlog log;
2956
2957 if (xlog_is_dirty(mp, &log, &x, 0))
2958 metablock->mb_info |= XFS_METADUMP_DIRTYLOG;
2959 }
2960 pop_cur();
2961 }
2962
2963 block_index = (__be64 *)((char *)metablock + sizeof(xfs_metablock_t));
2964 block_buffer = (char *)metablock + BBSIZE;
2965 num_indices = (BBSIZE - sizeof(xfs_metablock_t)) / sizeof(__be64);
2966
2967 /*
2968 * A metadump block can hold at most num_indices of BBSIZE sectors;
2969 * do not try to dump a filesystem with a sector size which does not
2970 * fit within num_indices (i.e. within a single metablock).
2971 */
2972 if (mp->m_sb.sb_sectsize > num_indices * BBSIZE) {
2973 print_warning("Cannot dump filesystem with sector size %u",
2974 mp->m_sb.sb_sectsize);
2975 free(metablock);
2976 return 0;
2977 }
2978
2979 cur_index = 0;
2980 start_iocur_sp = iocur_sp;
2981
2982 if (strcmp(argv[optind], "-") == 0) {
2983 if (isatty(fileno(stdout))) {
2984 print_warning("cannot write to a terminal");
2985 free(metablock);
2986 return 0;
2987 }
2988 /*
2989 * Redirect stdout to stderr for the duration of the
2990 * metadump operation so that dbprintf and other messages
2991 * are sent to the console instead of polluting the
2992 * metadump stream.
2993 *
2994 * We get to do this the hard way because musl doesn't
2995 * allow reassignment of stdout.
2996 */
2997 fflush(stdout);
2998 outfd = dup(STDOUT_FILENO);
2999 if (outfd < 0) {
3000 perror("opening dump stream");
3001 goto out;
3002 }
3003 ret = dup2(STDERR_FILENO, STDOUT_FILENO);
3004 if (ret < 0) {
3005 perror("redirecting stdout");
3006 close(outfd);
3007 goto out;
3008 }
3009 outf = fdopen(outfd, "a");
3010 if (outf == NULL) {
3011 fprintf(stderr, "cannot create dump stream\n");
3012 dup2(outfd, STDOUT_FILENO);
3013 close(outfd);
3014 goto out;
3015 }
3016 stdout_metadump = true;
3017 } else {
3018 outf = fopen(argv[optind], "wb");
3019 if (outf == NULL) {
3020 print_warning("cannot create dump file");
3021 goto out;
3022 }
3023 }
3024
3025 exitcode = 0;
3026
3027 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3028 if (!scan_ag(agno)) {
3029 exitcode = 1;
3030 break;
3031 }
3032 }
3033
3034 /* copy realtime and quota inode contents */
3035 if (!exitcode)
3036 exitcode = !copy_sb_inodes();
3037
3038 /* copy log if it's internal */
3039 if ((mp->m_sb.sb_logstart != 0) && !exitcode)
3040 exitcode = !copy_log();
3041
3042 /* write the remaining index */
3043 if (!exitcode)
3044 exitcode = write_index() < 0;
3045
3046 if (progress_since_warning)
3047 fputc('\n', stdout_metadump ? stderr : stdout);
3048
3049 if (stdout_metadump) {
3050 fflush(outf);
3051 fflush(stdout);
3052 ret = dup2(outfd, STDOUT_FILENO);
3053 if (ret < 0)
3054 perror("un-redirecting stdout");
3055 stdout_metadump = false;
3056 }
3057 fclose(outf);
3058
3059 /* cleanup iocur stack */
3060 while (iocur_sp > start_iocur_sp)
3061 pop_cur();
3062 out:
3063 free(metablock);
3064
3065 return 0;
3066 }
Unnamed repository; edit this file 'description' to name the repository.