]> git.ipfire.org Git - thirdparty/xfsprogs-dev.git/blob - db/metadump.c
projects / thirdparty / xfsprogs-dev.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xfs_metadump: Zap unused space in inode btrees
[thirdparty/xfsprogs-dev.git] / db / metadump.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2007, 2011 SGI
4 * All Rights Reserved.
5 */
6
7 #include "libxfs.h"
8 #include "libxlog.h"
9 #include "bmap.h"
10 #include "command.h"
11 #include "metadump.h"
12 #include "io.h"
13 #include "output.h"
14 #include "type.h"
15 #include "init.h"
16 #include "sig.h"
17 #include "xfs_metadump.h"
18 #include "fprint.h"
19 #include "faddr.h"
20 #include "field.h"
21 #include "dir2.h"
22
23 #define DEFAULT_MAX_EXT_SIZE MAXEXTLEN
24
25 /* copy all metadata structures to/from a file */
26
27 static int metadump_f(int argc, char **argv);
28 static void metadump_help(void);
29
30 /*
31 * metadump commands issue info/wornings/errors to standard error as
32 * metadump supports stdout as a destination.
33 *
34 * All static functions return zero on failure, while the public functions
35 * return zero on success.
36 */
37
38 static const cmdinfo_t metadump_cmd =
39 { "metadump", NULL, metadump_f, 0, -1, 0,
40 N_("[-a] [-e] [-g] [-m max_extent] [-w] [-o] filename"),
41 N_("dump metadata to a file"), metadump_help };
42
43 static FILE *outf; /* metadump file */
44
45 static xfs_metablock_t *metablock; /* header + index + buffers */
46 static __be64 *block_index;
47 static char *block_buffer;
48
49 static int num_indices;
50 static int cur_index;
51
52 static xfs_ino_t cur_ino;
53
54 static int show_progress = 0;
55 static int stop_on_read_error = 0;
56 static int max_extent_size = DEFAULT_MAX_EXT_SIZE;
57 static int obfuscate = 1;
58 static int zero_stale_data = 1;
59 static int show_warnings = 0;
60 static int progress_since_warning = 0;
61 static bool stdout_metadump;
62
63 void
64 metadump_init(void)
65 {
66 add_command(&metadump_cmd);
67 }
68
69 static void
70 metadump_help(void)
71 {
72 dbprintf(_(
73 "\n"
74 " The 'metadump' command dumps the known metadata to a compact file suitable\n"
75 " for compressing and sending to an XFS maintainer for corruption analysis \n"
76 " or xfs_repair failures.\n\n"
77 " Options:\n"
78 " -a -- Copy full metadata blocks without zeroing unused space\n"
79 " -e -- Ignore read errors and keep going\n"
80 " -g -- Display dump progress\n"
81 " -m -- Specify max extent size in blocks to copy (default = %d blocks)\n"
82 " -o -- Don't obfuscate names and extended attributes\n"
83 " -w -- Show warnings of bad metadata information\n"
84 "\n"), DEFAULT_MAX_EXT_SIZE);
85 }
86
87 static void
88 print_warning(const char *fmt, ...)
89 {
90 char buf[200];
91 va_list ap;
92
93 if (seenint())
94 return;
95
96 va_start(ap, fmt);
97 vsnprintf(buf, sizeof(buf), fmt, ap);
98 va_end(ap);
99 buf[sizeof(buf)-1] = '\0';
100
101 fprintf(stderr, "%s%s: %s\n", progress_since_warning ? "\n" : "",
102 progname, buf);
103 progress_since_warning = 0;
104 }
105
106 static void
107 print_progress(const char *fmt, ...)
108 {
109 char buf[60];
110 va_list ap;
111 FILE *f;
112
113 if (seenint())
114 return;
115
116 va_start(ap, fmt);
117 vsnprintf(buf, sizeof(buf), fmt, ap);
118 va_end(ap);
119 buf[sizeof(buf)-1] = '\0';
120
121 f = stdout_metadump ? stderr : stdout;
122 fprintf(f, "\r%-59s", buf);
123 fflush(f);
124 progress_since_warning = 1;
125 }
126
127 /*
128 * A complete dump file will have a "zero" entry in the last index block,
129 * even if the dump is exactly aligned, the last index will be full of
130 * zeros. If the last index entry is non-zero, the dump is incomplete.
131 * Correspondingly, the last chunk will have a count < num_indices.
132 *
133 * Return 0 for success, -1 for failure.
134 */
135
136 static int
137 write_index(void)
138 {
139 /*
140 * write index block and following data blocks (streaming)
141 */
142 metablock->mb_count = cpu_to_be16(cur_index);
143 if (fwrite(metablock, (cur_index + 1) << BBSHIFT, 1, outf) != 1) {
144 print_warning("error writing to target file");
145 return -1;
146 }
147
148 memset(block_index, 0, num_indices * sizeof(__be64));
149 cur_index = 0;
150 return 0;
151 }
152
153 /*
154 * Return 0 for success, -errno for failure.
155 */
156 static int
157 write_buf_segment(
158 char *data,
159 int64_t off,
160 int len)
161 {
162 int i;
163 int ret;
164
165 for (i = 0; i < len; i++, off++, data += BBSIZE) {
166 block_index[cur_index] = cpu_to_be64(off);
167 memcpy(&block_buffer[cur_index << BBSHIFT], data, BBSIZE);
168 if (++cur_index == num_indices) {
169 ret = write_index();
170 if (ret)
171 return -EIO;
172 }
173 }
174 return 0;
175 }
176
177 /*
178 * we want to preserve the state of the metadata in the dump - whether it is
179 * intact or corrupt, so even if the buffer has a verifier attached to it we
180 * don't want to run it prior to writing the buffer to the metadump image.
181 *
182 * The only reason for running the verifier is to recalculate the CRCs on a
183 * buffer that has been obfuscated. i.e. a buffer than metadump modified itself.
184 * In this case, we only run the verifier if the buffer was not corrupt to begin
185 * with so that we don't accidentally correct buffers with CRC or errors in them
186 * when we are obfuscating them.
187 */
188 static int
189 write_buf(
190 iocur_t *buf)
191 {
192 struct xfs_buf *bp = buf->bp;
193 int i;
194 int ret;
195
196 /*
197 * Run the write verifier to recalculate the buffer CRCs and check
198 * metadump didn't introduce a new corruption. Warn if the verifier
199 * failed, but still continue to dump it into the output file.
200 */
201 if (buf->need_crc && bp && bp->b_ops && !bp->b_error) {
202 bp->b_ops->verify_write(bp);
203 if (bp->b_error) {
204 print_warning(
205 "obfuscation corrupted block at %s bno 0x%llx/0x%x",
206 bp->b_ops->name,
207 (long long)bp->b_bn, bp->b_bcount);
208 }
209 }
210
211 /* handle discontiguous buffers */
212 if (!buf->bbmap) {
213 ret = write_buf_segment(buf->data, buf->bb, buf->blen);
214 if (ret)
215 return ret;
216 } else {
217 int len = 0;
218 for (i = 0; i < buf->bbmap->nmaps; i++) {
219 ret = write_buf_segment(buf->data + BBTOB(len),
220 buf->bbmap->b[i].bm_bn,
221 buf->bbmap->b[i].bm_len);
222 if (ret)
223 return ret;
224 len += buf->bbmap->b[i].bm_len;
225 }
226 }
227 return seenint() ? -EINTR : 0;
228 }
229
230 /*
231 * We could be processing a corrupt block, so we can't trust any of
232 * the offsets or lengths to be within the buffer range. Hence check
233 * carefully!
234 */
235 static void
236 zero_btree_node(
237 struct xfs_btree_block *block,
238 typnm_t btype)
239 {
240 int nrecs;
241 xfs_bmbt_ptr_t *bpp;
242 xfs_bmbt_key_t *bkp;
243 xfs_inobt_ptr_t *ipp;
244 xfs_inobt_key_t *ikp;
245 xfs_alloc_ptr_t *app;
246 xfs_alloc_key_t *akp;
247 char *zp1, *zp2;
248 char *key_end;
249
250 nrecs = be16_to_cpu(block->bb_numrecs);
251 if (nrecs < 0)
252 return;
253
254 switch (btype) {
255 case TYP_BMAPBTA:
256 case TYP_BMAPBTD:
257 if (nrecs > mp->m_bmap_dmxr[1])
258 return;
259
260 bkp = XFS_BMBT_KEY_ADDR(mp, block, 1);
261 bpp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
262 zp1 = (char *)&bkp[nrecs];
263 zp2 = (char *)&bpp[nrecs];
264 key_end = (char *)bpp;
265 break;
266 case TYP_INOBT:
267 case TYP_FINOBT:
268 if (nrecs > mp->m_inobt_mxr[1])
269 return;
270
271 ikp = XFS_INOBT_KEY_ADDR(mp, block, 1);
272 ipp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
273 zp1 = (char *)&ikp[nrecs];
274 zp2 = (char *)&ipp[nrecs];
275 key_end = (char *)ipp;
276 break;
277 case TYP_BNOBT:
278 case TYP_CNTBT:
279 if (nrecs > mp->m_alloc_mxr[1])
280 return;
281
282 akp = XFS_ALLOC_KEY_ADDR(mp, block, 1);
283 app = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
284 zp1 = (char *)&akp[nrecs];
285 zp2 = (char *)&app[nrecs];
286 key_end = (char *)app;
287 break;
288 default:
289 return;
290 }
291
292
293 /* Zero from end of keys to beginning of pointers */
294 memset(zp1, 0, key_end - zp1);
295
296 /* Zero from end of pointers to end of block */
297 memset(zp2, 0, (char *)block + mp->m_sb.sb_blocksize - zp2);
298 }
299
300 /*
301 * We could be processing a corrupt block, so we can't trust any of
302 * the offsets or lengths to be within the buffer range. Hence check
303 * carefully!
304 */
305 static void
306 zero_btree_leaf(
307 struct xfs_btree_block *block,
308 typnm_t btype)
309 {
310 int nrecs;
311 struct xfs_bmbt_rec *brp;
312 struct xfs_inobt_rec *irp;
313 struct xfs_alloc_rec *arp;
314 char *zp;
315
316 nrecs = be16_to_cpu(block->bb_numrecs);
317 if (nrecs < 0)
318 return;
319
320 switch (btype) {
321 case TYP_BMAPBTA:
322 case TYP_BMAPBTD:
323 if (nrecs > mp->m_bmap_dmxr[0])
324 return;
325
326 brp = XFS_BMBT_REC_ADDR(mp, block, 1);
327 zp = (char *)&brp[nrecs];
328 break;
329 case TYP_INOBT:
330 case TYP_FINOBT:
331 if (nrecs > mp->m_inobt_mxr[0])
332 return;
333
334 irp = XFS_INOBT_REC_ADDR(mp, block, 1);
335 zp = (char *)&irp[nrecs];
336 break;
337 case TYP_BNOBT:
338 case TYP_CNTBT:
339 if (nrecs > mp->m_alloc_mxr[0])
340 return;
341
342 arp = XFS_ALLOC_REC_ADDR(mp, block, 1);
343 zp = (char *)&arp[nrecs];
344 break;
345 default:
346 return;
347 }
348
349 /* Zero from end of records to end of block */
350 memset(zp, 0, (char *)block + mp->m_sb.sb_blocksize - zp);
351 }
352
353 static void
354 zero_btree_block(
355 struct xfs_btree_block *block,
356 typnm_t btype)
357 {
358 int level;
359
360 level = be16_to_cpu(block->bb_level);
361
362 if (level > 0)
363 zero_btree_node(block, btype);
364 else
365 zero_btree_leaf(block, btype);
366 }
367
368 static int
369 scan_btree(
370 xfs_agnumber_t agno,
371 xfs_agblock_t agbno,
372 int level,
373 typnm_t btype,
374 void *arg,
375 int (*func)(struct xfs_btree_block *block,
376 xfs_agnumber_t agno,
377 xfs_agblock_t agbno,
378 int level,
379 typnm_t btype,
380 void *arg))
381 {
382 int rval = 0;
383
384 push_cur();
385 set_cur(&typtab[btype], XFS_AGB_TO_DADDR(mp, agno, agbno), blkbb,
386 DB_RING_IGN, NULL);
387 if (iocur_top->data == NULL) {
388 print_warning("cannot read %s block %u/%u", typtab[btype].name,
389 agno, agbno);
390 rval = !stop_on_read_error;
391 goto pop_out;
392 }
393
394 if (zero_stale_data) {
395 zero_btree_block(iocur_top->data, btype);
396 iocur_top->need_crc = 1;
397 }
398
399 if (write_buf(iocur_top))
400 goto pop_out;
401
402 if (!(*func)(iocur_top->data, agno, agbno, level - 1, btype, arg))
403 goto pop_out;
404 rval = 1;
405 pop_out:
406 pop_cur();
407 return rval;
408 }
409
410 /* free space tree copy routines */
411
412 static int
413 valid_bno(
414 xfs_agnumber_t agno,
415 xfs_agblock_t agbno)
416 {
417 if (agno < (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
418 agbno <= mp->m_sb.sb_agblocks)
419 return 1;
420 if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
421 agbno <= (mp->m_sb.sb_dblocks -
422 (xfs_rfsblock_t)(mp->m_sb.sb_agcount - 1) *
423 mp->m_sb.sb_agblocks))
424 return 1;
425
426 return 0;
427 }
428
429
430 static int
431 scanfunc_freesp(
432 struct xfs_btree_block *block,
433 xfs_agnumber_t agno,
434 xfs_agblock_t agbno,
435 int level,
436 typnm_t btype,
437 void *arg)
438 {
439 xfs_alloc_ptr_t *pp;
440 int i;
441 int numrecs;
442
443 if (level == 0)
444 return 1;
445
446 numrecs = be16_to_cpu(block->bb_numrecs);
447 if (numrecs > mp->m_alloc_mxr[1]) {
448 if (show_warnings)
449 print_warning("invalid numrecs (%u) in %s block %u/%u",
450 numrecs, typtab[btype].name, agno, agbno);
451 return 1;
452 }
453
454 pp = XFS_ALLOC_PTR_ADDR(mp, block, 1, mp->m_alloc_mxr[1]);
455 for (i = 0; i < numrecs; i++) {
456 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
457 if (show_warnings)
458 print_warning("invalid block number (%u/%u) "
459 "in %s block %u/%u",
460 agno, be32_to_cpu(pp[i]),
461 typtab[btype].name, agno, agbno);
462 continue;
463 }
464 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
465 scanfunc_freesp))
466 return 0;
467 }
468 return 1;
469 }
470
471 static int
472 copy_free_bno_btree(
473 xfs_agnumber_t agno,
474 xfs_agf_t *agf)
475 {
476 xfs_agblock_t root;
477 int levels;
478
479 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_BNO]);
480 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_BNO]);
481
482 /* validate root and levels before processing the tree */
483 if (root == 0 || root > mp->m_sb.sb_agblocks) {
484 if (show_warnings)
485 print_warning("invalid block number (%u) in bnobt "
486 "root in agf %u", root, agno);
487 return 1;
488 }
489 if (levels >= XFS_BTREE_MAXLEVELS) {
490 if (show_warnings)
491 print_warning("invalid level (%u) in bnobt root "
492 "in agf %u", levels, agno);
493 return 1;
494 }
495
496 return scan_btree(agno, root, levels, TYP_BNOBT, agf, scanfunc_freesp);
497 }
498
499 static int
500 copy_free_cnt_btree(
501 xfs_agnumber_t agno,
502 xfs_agf_t *agf)
503 {
504 xfs_agblock_t root;
505 int levels;
506
507 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_CNT]);
508 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_CNT]);
509
510 /* validate root and levels before processing the tree */
511 if (root == 0 || root > mp->m_sb.sb_agblocks) {
512 if (show_warnings)
513 print_warning("invalid block number (%u) in cntbt "
514 "root in agf %u", root, agno);
515 return 1;
516 }
517 if (levels >= XFS_BTREE_MAXLEVELS) {
518 if (show_warnings)
519 print_warning("invalid level (%u) in cntbt root "
520 "in agf %u", levels, agno);
521 return 1;
522 }
523
524 return scan_btree(agno, root, levels, TYP_CNTBT, agf, scanfunc_freesp);
525 }
526
527 static int
528 scanfunc_rmapbt(
529 struct xfs_btree_block *block,
530 xfs_agnumber_t agno,
531 xfs_agblock_t agbno,
532 int level,
533 typnm_t btype,
534 void *arg)
535 {
536 xfs_rmap_ptr_t *pp;
537 int i;
538 int numrecs;
539
540 if (level == 0)
541 return 1;
542
543 numrecs = be16_to_cpu(block->bb_numrecs);
544 if (numrecs > mp->m_rmap_mxr[1]) {
545 if (show_warnings)
546 print_warning("invalid numrecs (%u) in %s block %u/%u",
547 numrecs, typtab[btype].name, agno, agbno);
548 return 1;
549 }
550
551 pp = XFS_RMAP_PTR_ADDR(block, 1, mp->m_rmap_mxr[1]);
552 for (i = 0; i < numrecs; i++) {
553 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
554 if (show_warnings)
555 print_warning("invalid block number (%u/%u) "
556 "in %s block %u/%u",
557 agno, be32_to_cpu(pp[i]),
558 typtab[btype].name, agno, agbno);
559 continue;
560 }
561 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
562 scanfunc_rmapbt))
563 return 0;
564 }
565 return 1;
566 }
567
568 static int
569 copy_rmap_btree(
570 xfs_agnumber_t agno,
571 struct xfs_agf *agf)
572 {
573 xfs_agblock_t root;
574 int levels;
575
576 if (!xfs_sb_version_hasrmapbt(&mp->m_sb))
577 return 1;
578
579 root = be32_to_cpu(agf->agf_roots[XFS_BTNUM_RMAP]);
580 levels = be32_to_cpu(agf->agf_levels[XFS_BTNUM_RMAP]);
581
582 /* validate root and levels before processing the tree */
583 if (root == 0 || root > mp->m_sb.sb_agblocks) {
584 if (show_warnings)
585 print_warning("invalid block number (%u) in rmapbt "
586 "root in agf %u", root, agno);
587 return 1;
588 }
589 if (levels >= XFS_BTREE_MAXLEVELS) {
590 if (show_warnings)
591 print_warning("invalid level (%u) in rmapbt root "
592 "in agf %u", levels, agno);
593 return 1;
594 }
595
596 return scan_btree(agno, root, levels, TYP_RMAPBT, agf, scanfunc_rmapbt);
597 }
598
599 static int
600 scanfunc_refcntbt(
601 struct xfs_btree_block *block,
602 xfs_agnumber_t agno,
603 xfs_agblock_t agbno,
604 int level,
605 typnm_t btype,
606 void *arg)
607 {
608 xfs_refcount_ptr_t *pp;
609 int i;
610 int numrecs;
611
612 if (level == 0)
613 return 1;
614
615 numrecs = be16_to_cpu(block->bb_numrecs);
616 if (numrecs > mp->m_refc_mxr[1]) {
617 if (show_warnings)
618 print_warning("invalid numrecs (%u) in %s block %u/%u",
619 numrecs, typtab[btype].name, agno, agbno);
620 return 1;
621 }
622
623 pp = XFS_REFCOUNT_PTR_ADDR(block, 1, mp->m_refc_mxr[1]);
624 for (i = 0; i < numrecs; i++) {
625 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
626 if (show_warnings)
627 print_warning("invalid block number (%u/%u) "
628 "in %s block %u/%u",
629 agno, be32_to_cpu(pp[i]),
630 typtab[btype].name, agno, agbno);
631 continue;
632 }
633 if (!scan_btree(agno, be32_to_cpu(pp[i]), level, btype, arg,
634 scanfunc_refcntbt))
635 return 0;
636 }
637 return 1;
638 }
639
640 static int
641 copy_refcount_btree(
642 xfs_agnumber_t agno,
643 struct xfs_agf *agf)
644 {
645 xfs_agblock_t root;
646 int levels;
647
648 if (!xfs_sb_version_hasreflink(&mp->m_sb))
649 return 1;
650
651 root = be32_to_cpu(agf->agf_refcount_root);
652 levels = be32_to_cpu(agf->agf_refcount_level);
653
654 /* validate root and levels before processing the tree */
655 if (root == 0 || root > mp->m_sb.sb_agblocks) {
656 if (show_warnings)
657 print_warning("invalid block number (%u) in refcntbt "
658 "root in agf %u", root, agno);
659 return 1;
660 }
661 if (levels >= XFS_BTREE_MAXLEVELS) {
662 if (show_warnings)
663 print_warning("invalid level (%u) in refcntbt root "
664 "in agf %u", levels, agno);
665 return 1;
666 }
667
668 return scan_btree(agno, root, levels, TYP_REFCBT, agf, scanfunc_refcntbt);
669 }
670
671 /* filename and extended attribute obfuscation routines */
672
673 struct name_ent {
674 struct name_ent *next;
675 xfs_dahash_t hash;
676 int namelen;
677 unsigned char name[1];
678 };
679
680 #define NAME_TABLE_SIZE 4096
681
682 static struct name_ent *nametable[NAME_TABLE_SIZE];
683
684 static void
685 nametable_clear(void)
686 {
687 int i;
688 struct name_ent *ent;
689
690 for (i = 0; i < NAME_TABLE_SIZE; i++) {
691 while ((ent = nametable[i])) {
692 nametable[i] = ent->next;
693 free(ent);
694 }
695 }
696 }
697
698 /*
699 * See if the given name is already in the name table. If so,
700 * return a pointer to its entry, otherwise return a null pointer.
701 */
702 static struct name_ent *
703 nametable_find(xfs_dahash_t hash, int namelen, unsigned char *name)
704 {
705 struct name_ent *ent;
706
707 for (ent = nametable[hash % NAME_TABLE_SIZE]; ent; ent = ent->next) {
708 if (ent->hash == hash && ent->namelen == namelen &&
709 !memcmp(ent->name, name, namelen))
710 return ent;
711 }
712 return NULL;
713 }
714
715 /*
716 * Add the given name to the name table. Returns a pointer to the
717 * name's new entry, or a null pointer if an error occurs.
718 */
719 static struct name_ent *
720 nametable_add(xfs_dahash_t hash, int namelen, unsigned char *name)
721 {
722 struct name_ent *ent;
723
724 ent = malloc(sizeof *ent + namelen);
725 if (!ent)
726 return NULL;
727
728 ent->namelen = namelen;
729 memcpy(ent->name, name, namelen);
730 ent->hash = hash;
731 ent->next = nametable[hash % NAME_TABLE_SIZE];
732
733 nametable[hash % NAME_TABLE_SIZE] = ent;
734
735 return ent;
736 }
737
738 #define is_invalid_char(c) ((c) == '/' || (c) == '\0')
739 #define rol32(x,y) (((x) << (y)) | ((x) >> (32 - (y))))
740
741 static inline unsigned char
742 random_filename_char(void)
743 {
744 static unsigned char filename_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
745 "abcdefghijklmnopqrstuvwxyz"
746 "0123456789-_";
747
748 return filename_alphabet[random() % (sizeof filename_alphabet - 1)];
749 }
750
751 #define ORPHANAGE "lost+found"
752 #define ORPHANAGE_LEN (sizeof (ORPHANAGE) - 1)
753
754 static inline int
755 is_orphanage_dir(
756 struct xfs_mount *mp,
757 xfs_ino_t dir_ino,
758 size_t name_len,
759 unsigned char *name)
760 {
761 return dir_ino == mp->m_sb.sb_rootino &&
762 name_len == ORPHANAGE_LEN &&
763 !memcmp(name, ORPHANAGE, ORPHANAGE_LEN);
764 }
765
766 /*
767 * Determine whether a name is one we shouldn't obfuscate because
768 * it's an orphan (or the "lost+found" directory itself). Note
769 * "cur_ino" is the inode for the directory currently being
770 * processed.
771 *
772 * Returns 1 if the name should NOT be obfuscated or 0 otherwise.
773 */
774 static int
775 in_lost_found(
776 xfs_ino_t ino,
777 int namelen,
778 unsigned char *name)
779 {
780 static xfs_ino_t orphanage_ino = 0;
781 char s[24]; /* 21 is enough (64 bits in decimal) */
782 int slen;
783
784 /* Record the "lost+found" inode if we haven't done so already */
785
786 ASSERT(ino != 0);
787 if (!orphanage_ino && is_orphanage_dir(mp, cur_ino, namelen, name))
788 orphanage_ino = ino;
789
790 /* We don't obfuscate the "lost+found" directory itself */
791
792 if (ino == orphanage_ino)
793 return 1;
794
795 /* Most files aren't in "lost+found" at all */
796
797 if (cur_ino != orphanage_ino)
798 return 0;
799
800 /*
801 * Within "lost+found", we don't obfuscate any file whose
802 * name is the same as its inode number. Any others are
803 * stray files and can be obfuscated.
804 */
805 slen = snprintf(s, sizeof (s), "%llu", (unsigned long long) ino);
806
807 return slen == namelen && !memcmp(name, s, namelen);
808 }
809
810 /*
811 * Given a name and its hash value, massage the name in such a way
812 * that the result is another name of equal length which shares the
813 * same hash value.
814 */
815 static void
816 obfuscate_name(
817 xfs_dahash_t hash,
818 size_t name_len,
819 unsigned char *name)
820 {
821 unsigned char *newp = name;
822 int i;
823 xfs_dahash_t new_hash = 0;
824 unsigned char *first;
825 unsigned char high_bit;
826 int shift;
827
828 /*
829 * Our obfuscation algorithm requires at least 5-character
830 * names, so don't bother if the name is too short. We
831 * work backward from a hash value to determine the last
832 * five bytes in a name required to produce a new name
833 * with the same hash.
834 */
835 if (name_len < 5)
836 return;
837
838 /*
839 * The beginning of the obfuscated name can be pretty much
840 * anything, so fill it in with random characters.
841 * Accumulate its new hash value as we go.
842 */
843 for (i = 0; i < name_len - 5; i++) {
844 *newp = random_filename_char();
845 new_hash = *newp ^ rol32(new_hash, 7);
846 newp++;
847 }
848
849 /*
850 * Compute which five bytes need to be used at the end of
851 * the name so the hash of the obfuscated name is the same
852 * as the hash of the original. If any result in an invalid
853 * character, flip a bit and arrange for a corresponding bit
854 * in a neighboring byte to be flipped as well. For the
855 * last byte, the "neighbor" to change is the first byte
856 * we're computing here.
857 */
858 new_hash = rol32(new_hash, 3) ^ hash;
859
860 first = newp;
861 high_bit = 0;
862 for (shift = 28; shift >= 0; shift -= 7) {
863 *newp = (new_hash >> shift & 0x7f) ^ high_bit;
864 if (is_invalid_char(*newp)) {
865 *newp ^= 1;
866 high_bit = 0x80;
867 } else
868 high_bit = 0;
869 ASSERT(!is_invalid_char(*newp));
870 newp++;
871 }
872
873 /*
874 * If we flipped a bit on the last byte, we need to fix up
875 * the matching bit in the first byte. The result will
876 * be a valid character, because we know that first byte
877 * has 0's in its upper four bits (it was produced by a
878 * 28-bit right-shift of a 32-bit unsigned value).
879 */
880 if (high_bit) {
881 *first ^= 0x10;
882 ASSERT(!is_invalid_char(*first));
883 }
884 ASSERT(libxfs_da_hashname(name, name_len) == hash);
885 }
886
887 /*
888 * Flip a bit in each of two bytes at the end of the given name.
889 * This is used in generating a series of alternate names to be used
890 * in the event a duplicate is found.
891 *
892 * The bits flipped are selected such that they both affect the same
893 * bit in the name's computed hash value, so flipping them both will
894 * preserve the hash.
895 *
896 * The following diagram aims to show the portion of a computed
897 * hash that a given byte of a name affects.
898 *
899 * 31 28 24 21 14 8 7 3 0
900 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
901 * hash: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
902 * +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
903 * last-4 ->| |<-- last-2 --->| |<--- last ---->|
904 * |<-- last-3 --->| |<-- last-1 --->| |<- last-4
905 * |<-- last-7 --->| |<-- last-5 --->|
906 * |<-- last-8 --->| |<-- last-6 --->|
907 * . . . and so on
908 *
909 * The last byte of the name directly affects the low-order byte of
910 * the hash. The next-to-last affects bits 7-14, the next one back
911 * affects bits 14-21, and so on. The effect wraps around when it
912 * goes beyond the top of the hash (as happens for byte last-4).
913 *
914 * Bits that are flipped together "overlap" on the hash value. As
915 * an example of overlap, the last two bytes both affect bit 7 in
916 * the hash. That pair of bytes (and their overlapping bits) can be
917 * used for this "flip bit" operation (it's the first pair tried,
918 * actually).
919 *
920 * A table defines overlapping pairs--the bytes involved and bits
921 * within them--that can be used this way. The byte offset is
922 * relative to a starting point within the name, which will be set
923 * to affect the bytes at the end of the name. The function is
924 * called with a "bitseq" value which indicates which bit flip is
925 * desired, and this translates directly into selecting which entry
926 * in the bit_to_flip[] table to apply.
927 *
928 * The function returns 1 if the operation was successful. It
929 * returns 0 if the result produced a character that's not valid in
930 * a name (either '/' or a '\0'). Finally, it returns -1 if the bit
931 * sequence number is beyond what is supported for a name of this
932 * length.
933 *
934 * Discussion
935 * ----------
936 * (Also see the discussion above find_alternate(), below.)
937 *
938 * In order to make this function work for any length name, the
939 * table is ordered by increasing byte offset, so that the earliest
940 * entries can apply to the shortest strings. This way all names
941 * are done consistently.
942 *
943 * When bit flips occur, they can convert printable characters
944 * into non-printable ones. In an effort to reduce the impact of
945 * this, the first bit flips are chosen to affect bytes the end of
946 * the name (and furthermore, toward the low bits of a byte). Those
947 * bytes are often non-printable anyway because of the way they are
948 * initially selected by obfuscate_name()). This is accomplished,
949 * using later table entries first.
950 *
951 * Each row in the table doubles the number of alternates that
952 * can be generated. A two-byte name is limited to using only
953 * the first row, so it's possible to generate two alternates
954 * (the original name, plus the alternate produced by flipping
955 * the one pair of bits). In a 5-byte name, the effect of the
956 * first byte overlaps the last by 4 its, and there are 8 bits
957 * to flip, allowing for 256 possible alternates.
958 *
959 * Short names (less than 5 bytes) are never even obfuscated, so for
960 * such names the relatively small number of alternates should never
961 * really be a problem.
962 *
963 * Long names (more than 6 bytes, say) are not likely to exhaust
964 * the number of available alternates. In fact, the table could
965 * probably have stopped at 8 entries, on the assumption that 256
966 * alternates should be enough for most any situation. The entries
967 * beyond those are present mostly for demonstration of how it could
968 * be populated with more entries, should it ever be necessary to do
969 * so.
970 */
971 static int
972 flip_bit(
973 size_t name_len,
974 unsigned char *name,
975 uint32_t bitseq)
976 {
977 int index;
978 size_t offset;
979 unsigned char *p0, *p1;
980 unsigned char m0, m1;
981 struct {
982 int byte; /* Offset from start within name */
983 unsigned char bit; /* Bit within that byte */
984 } bit_to_flip[][2] = { /* Sorted by second entry's byte */
985 { { 0, 0 }, { 1, 7 } }, /* Each row defines a pair */
986 { { 1, 0 }, { 2, 7 } }, /* of bytes and a bit within */
987 { { 2, 0 }, { 3, 7 } }, /* each byte. Each bit in */
988 { { 0, 4 }, { 4, 0 } }, /* a pair affects the same */
989 { { 0, 5 }, { 4, 1 } }, /* bit in the hash, so flipping */
990 { { 0, 6 }, { 4, 2 } }, /* both will change the name */
991 { { 0, 7 }, { 4, 3 } }, /* while preserving the hash. */
992 { { 3, 0 }, { 4, 7 } },
993 { { 0, 0 }, { 5, 3 } }, /* The first entry's byte offset */
994 { { 0, 1 }, { 5, 4 } }, /* must be less than the second. */
995 { { 0, 2 }, { 5, 5 } },
996 { { 0, 3 }, { 5, 6 } }, /* The table can be extended to */
997 { { 0, 4 }, { 5, 7 } }, /* an arbitrary number of entries */
998 { { 4, 0 }, { 5, 7 } }, /* but there's not much point. */
999 /* . . . */
1000 };
1001
1002 /* Find the first entry *not* usable for name of this length */
1003
1004 for (index = 0; index < ARRAY_SIZE(bit_to_flip); index++)
1005 if (bit_to_flip[index][1].byte >= name_len)
1006 break;
1007
1008 /*
1009 * Back up to the last usable entry. If that number is
1010 * smaller than the bit sequence number, inform the caller
1011 * that nothing this large (or larger) will work.
1012 */
1013 if (bitseq > --index)
1014 return -1;
1015
1016 /*
1017 * We will be switching bits at the end of name, with a
1018 * preference for affecting the last bytes first. Compute
1019 * where in the name we'll start applying the changes.
1020 */
1021 offset = name_len - (bit_to_flip[index][1].byte + 1);
1022 index -= bitseq; /* Use later table entries first */
1023
1024 p0 = name + offset + bit_to_flip[index][0].byte;
1025 p1 = name + offset + bit_to_flip[index][1].byte;
1026 m0 = 1 << bit_to_flip[index][0].bit;
1027 m1 = 1 << bit_to_flip[index][1].bit;
1028
1029 /* Only change the bytes if it produces valid characters */
1030
1031 if (is_invalid_char(*p0 ^ m0) || is_invalid_char(*p1 ^ m1))
1032 return 0;
1033
1034 *p0 ^= m0;
1035 *p1 ^= m1;
1036
1037 return 1;
1038 }
1039
1040 /*
1041 * This function generates a well-defined sequence of "alternate"
1042 * names for a given name. An alternate is a name having the same
1043 * length and same hash value as the original name. This is needed
1044 * because the algorithm produces only one obfuscated name to use
1045 * for a given original name, and it's possible that result matches
1046 * a name already seen. This function checks for this, and if it
1047 * occurs, finds another suitable obfuscated name to use.
1048 *
1049 * Each bit in the binary representation of the sequence number is
1050 * used to select one possible "bit flip" operation to perform on
1051 * the name. So for example:
1052 * seq = 0: selects no bits to flip
1053 * seq = 1: selects the 0th bit to flip
1054 * seq = 2: selects the 1st bit to flip
1055 * seq = 3: selects the 0th and 1st bit to flip
1056 * ... and so on.
1057 *
1058 * The flip_bit() function takes care of the details of the bit
1059 * flipping within the name. Note that the "1st bit" in this
1060 * context is a bit sequence number; i.e. it doesn't necessarily
1061 * mean bit 0x02 will be changed.
1062 *
1063 * If a valid name (one that contains no '/' or '\0' characters) is
1064 * produced by this process for the given sequence number, this
1065 * function returns 1. If the result is not valid, it returns 0.
1066 * Returns -1 if the sequence number is beyond the the maximum for
1067 * names of the given length.
1068 *
1069 *
1070 * Discussion
1071 * ----------
1072 * The number of alternates available for a given name is dependent
1073 * on its length. A "bit flip" involves inverting two bits in
1074 * a name--the two bits being selected such that their values
1075 * affect the name's hash value in the same way. Alternates are
1076 * thus generated by inverting the value of pairs of such
1077 * "overlapping" bits in the original name. Each byte after the
1078 * first in a name adds at least one bit of overlap to work with.
1079 * (See comments above flip_bit() for more discussion on this.)
1080 *
1081 * So the number of alternates is dependent on the number of such
1082 * overlapping bits in a name. If there are N bit overlaps, there
1083 * 2^N alternates for that hash value.
1084 *
1085 * Here are the number of overlapping bits available for generating
1086 * alternates for names of specific lengths:
1087 * 1 0 (must have 2 bytes to have any overlap)
1088 * 2 1 One bit overlaps--so 2 possible alternates
1089 * 3 2 Two bits overlap--so 4 possible alternates
1090 * 4 4 Three bits overlap, so 2^3 alternates
1091 * 5 8 8 bits overlap (due to wrapping), 256 alternates
1092 * 6 18 2^18 alternates
1093 * 7 28 2^28 alternates
1094 * ...
1095 * It's clear that the number of alternates grows very quickly with
1096 * the length of the name. But note that the set of alternates
1097 * includes invalid names. And for certain (contrived) names, the
1098 * number of valid names is a fairly small fraction of the total
1099 * number of alternates.
1100 *
1101 * The main driver for this infrastructure for coming up with
1102 * alternate names is really related to names 5 (or possibly 6)
1103 * bytes in length. 5-byte obfuscated names contain no randomly-
1104 * generated bytes in them, and the chance of an obfuscated name
1105 * matching an already-seen name is too high to just ignore. This
1106 * methodical selection of alternates ensures we don't produce
1107 * duplicate names unless we have exhausted our options.
1108 */
1109 static int
1110 find_alternate(
1111 size_t name_len,
1112 unsigned char *name,
1113 uint32_t seq)
1114 {
1115 uint32_t bitseq = 0;
1116 uint32_t bits = seq;
1117
1118 if (!seq)
1119 return 1; /* alternate 0 is the original name */
1120 if (name_len < 2) /* Must have 2 bytes to flip */
1121 return -1;
1122
1123 for (bitseq = 0; bits; bitseq++) {
1124 uint32_t mask = 1 << bitseq;
1125 int fb;
1126
1127 if (!(bits & mask))
1128 continue;
1129
1130 fb = flip_bit(name_len, name, bitseq);
1131 if (fb < 1)
1132 return fb ? -1 : 0;
1133 bits ^= mask;
1134 }
1135
1136 return 1;
1137 }
1138
1139 /*
1140 * Look up the given name in the name table. If it is already
1141 * present, iterate through a well-defined sequence of alternate
1142 * names and attempt to use an alternate name instead.
1143 *
1144 * Returns 1 if the (possibly modified) name is not present in the
1145 * name table. Returns 0 if the name and all possible alternates
1146 * are already in the table.
1147 */
1148 static int
1149 handle_duplicate_name(xfs_dahash_t hash, size_t name_len, unsigned char *name)
1150 {
1151 unsigned char new_name[name_len + 1];
1152 uint32_t seq = 1;
1153
1154 if (!nametable_find(hash, name_len, name))
1155 return 1; /* No duplicate */
1156
1157 /* Name is already in use. Need to find an alternate. */
1158
1159 do {
1160 int found;
1161
1162 /* Only change incoming name if we find an alternate */
1163 do {
1164 memcpy(new_name, name, name_len);
1165 found = find_alternate(name_len, new_name, seq++);
1166 if (found < 0)
1167 return 0; /* No more to check */
1168 } while (!found);
1169 } while (nametable_find(hash, name_len, new_name));
1170
1171 /*
1172 * The alternate wasn't in the table already. Pass it back
1173 * to the caller.
1174 */
1175 memcpy(name, new_name, name_len);
1176
1177 return 1;
1178 }
1179
1180 static void
1181 generate_obfuscated_name(
1182 xfs_ino_t ino,
1183 int namelen,
1184 unsigned char *name)
1185 {
1186 xfs_dahash_t hash;
1187
1188 /*
1189 * We don't obfuscate "lost+found" or any orphan files
1190 * therein. When the name table is used for extended
1191 * attributes, the inode number provided is 0, in which
1192 * case we don't need to make this check.
1193 */
1194 if (ino && in_lost_found(ino, namelen, name))
1195 return;
1196
1197 /*
1198 * If the name starts with a slash, just skip over it. It
1199 * isn't included in the hash and we don't record it in the
1200 * name table. Note that the namelen value passed in does
1201 * not count the leading slash (if one is present).
1202 */
1203 if (*name == '/')
1204 name++;
1205
1206 /* Obfuscate the name (if possible) */
1207
1208 hash = libxfs_da_hashname(name, namelen);
1209 obfuscate_name(hash, namelen, name);
1210
1211 /*
1212 * Make sure the name is not something already seen. If we
1213 * fail to find a suitable alternate, we're dealing with a
1214 * very pathological situation, and we may end up creating
1215 * a duplicate name in the metadump, so issue a warning.
1216 */
1217 if (!handle_duplicate_name(hash, namelen, name)) {
1218 print_warning("duplicate name for inode %llu "
1219 "in dir inode %llu\n",
1220 (unsigned long long) ino,
1221 (unsigned long long) cur_ino);
1222 return;
1223 }
1224
1225 /* Create an entry for the new name in the name table. */
1226
1227 if (!nametable_add(hash, namelen, name))
1228 print_warning("unable to record name for inode %llu "
1229 "in dir inode %llu\n",
1230 (unsigned long long) ino,
1231 (unsigned long long) cur_ino);
1232 }
1233
1234 static void
1235 process_sf_dir(
1236 xfs_dinode_t *dip)
1237 {
1238 struct xfs_dir2_sf_hdr *sfp;
1239 xfs_dir2_sf_entry_t *sfep;
1240 uint64_t ino_dir_size;
1241 int i;
1242
1243 sfp = (struct xfs_dir2_sf_hdr *)XFS_DFORK_DPTR(dip);
1244 ino_dir_size = be64_to_cpu(dip->di_size);
1245 if (ino_dir_size > XFS_DFORK_DSIZE(dip, mp)) {
1246 ino_dir_size = XFS_DFORK_DSIZE(dip, mp);
1247 if (show_warnings)
1248 print_warning("invalid size in dir inode %llu",
1249 (long long)cur_ino);
1250 }
1251
1252 sfep = xfs_dir2_sf_firstentry(sfp);
1253 for (i = 0; (i < sfp->count) &&
1254 ((char *)sfep - (char *)sfp < ino_dir_size); i++) {
1255
1256 /*
1257 * first check for bad name lengths. If they are bad, we
1258 * have limitations to how much can be obfuscated.
1259 */
1260 int namelen = sfep->namelen;
1261
1262 if (namelen == 0) {
1263 if (show_warnings)
1264 print_warning("zero length entry in dir inode "
1265 "%llu", (long long)cur_ino);
1266 if (i != sfp->count - 1)
1267 break;
1268 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1269 (char *)sfp);
1270 } else if ((char *)sfep - (char *)sfp +
1271 M_DIROPS(mp)->sf_entsize(sfp, sfep->namelen) >
1272 ino_dir_size) {
1273 if (show_warnings)
1274 print_warning("entry length in dir inode %llu "
1275 "overflows space", (long long)cur_ino);
1276 if (i != sfp->count - 1)
1277 break;
1278 namelen = ino_dir_size - ((char *)&sfep->name[0] -
1279 (char *)sfp);
1280 }
1281
1282 if (obfuscate)
1283 generate_obfuscated_name(
1284 M_DIROPS(mp)->sf_get_ino(sfp, sfep),
1285 namelen, &sfep->name[0]);
1286
1287 sfep = (xfs_dir2_sf_entry_t *)((char *)sfep +
1288 M_DIROPS(mp)->sf_entsize(sfp, namelen));
1289 }
1290
1291 /* zero stale data in rest of space in data fork, if any */
1292 if (zero_stale_data && (ino_dir_size < XFS_DFORK_DSIZE(dip, mp)))
1293 memset(sfep, 0, XFS_DFORK_DSIZE(dip, mp) - ino_dir_size);
1294 }
1295
1296 /*
1297 * The pathname may not be null terminated. It may be terminated by the end of
1298 * a buffer or inode literal area, and the start of the next region contains
1299 * unknown data. Therefore, when we get to the last component of the symlink, we
1300 * cannot assume that strlen() will give us the right result. Hence we need to
1301 * track the remaining pathname length and use that instead.
1302 */
1303 static void
1304 obfuscate_path_components(
1305 char *buf,
1306 uint64_t len)
1307 {
1308 unsigned char *comp = (unsigned char *)buf;
1309 unsigned char *end = comp + len;
1310 xfs_dahash_t hash;
1311
1312 while (comp < end) {
1313 char *slash;
1314 int namelen;
1315
1316 /* find slash at end of this component */
1317 slash = strchr((char *)comp, '/');
1318 if (!slash) {
1319 /* last (or single) component */
1320 namelen = strnlen((char *)comp, len);
1321 hash = libxfs_da_hashname(comp, namelen);
1322 obfuscate_name(hash, namelen, comp);
1323 break;
1324 }
1325 namelen = slash - (char *)comp;
1326 /* handle leading or consecutive slashes */
1327 if (!namelen) {
1328 comp++;
1329 len--;
1330 continue;
1331 }
1332 hash = libxfs_da_hashname(comp, namelen);
1333 obfuscate_name(hash, namelen, comp);
1334 comp += namelen + 1;
1335 len -= namelen + 1;
1336 }
1337 }
1338
1339 static void
1340 process_sf_symlink(
1341 xfs_dinode_t *dip)
1342 {
1343 uint64_t len;
1344 char *buf;
1345
1346 len = be64_to_cpu(dip->di_size);
1347 if (len > XFS_DFORK_DSIZE(dip, mp)) {
1348 if (show_warnings)
1349 print_warning("invalid size (%d) in symlink inode %llu",
1350 len, (long long)cur_ino);
1351 len = XFS_DFORK_DSIZE(dip, mp);
1352 }
1353
1354 buf = (char *)XFS_DFORK_DPTR(dip);
1355 if (obfuscate)
1356 obfuscate_path_components(buf, len);
1357
1358 /* zero stale data in rest of space in data fork, if any */
1359 if (zero_stale_data && len < XFS_DFORK_DSIZE(dip, mp))
1360 memset(&buf[len], 0, XFS_DFORK_DSIZE(dip, mp) - len);
1361 }
1362
1363 static void
1364 process_sf_attr(
1365 xfs_dinode_t *dip)
1366 {
1367 /*
1368 * with extended attributes, obfuscate the names and fill the actual
1369 * values with 'v' (to see a valid string length, as opposed to NULLs)
1370 */
1371
1372 xfs_attr_shortform_t *asfp;
1373 xfs_attr_sf_entry_t *asfep;
1374 int ino_attr_size;
1375 int i;
1376
1377 asfp = (xfs_attr_shortform_t *)XFS_DFORK_APTR(dip);
1378 if (asfp->hdr.count == 0)
1379 return;
1380
1381 ino_attr_size = be16_to_cpu(asfp->hdr.totsize);
1382 if (ino_attr_size > XFS_DFORK_ASIZE(dip, mp)) {
1383 ino_attr_size = XFS_DFORK_ASIZE(dip, mp);
1384 if (show_warnings)
1385 print_warning("invalid attr size in inode %llu",
1386 (long long)cur_ino);
1387 }
1388
1389 asfep = &asfp->list[0];
1390 for (i = 0; (i < asfp->hdr.count) &&
1391 ((char *)asfep - (char *)asfp < ino_attr_size); i++) {
1392
1393 int namelen = asfep->namelen;
1394
1395 if (namelen == 0) {
1396 if (show_warnings)
1397 print_warning("zero length attr entry in inode "
1398 "%llu", (long long)cur_ino);
1399 break;
1400 } else if ((char *)asfep - (char *)asfp +
1401 XFS_ATTR_SF_ENTSIZE(asfep) > ino_attr_size) {
1402 if (show_warnings)
1403 print_warning("attr entry length in inode %llu "
1404 "overflows space", (long long)cur_ino);
1405 break;
1406 }
1407
1408 if (obfuscate) {
1409 generate_obfuscated_name(0, asfep->namelen,
1410 &asfep->nameval[0]);
1411 memset(&asfep->nameval[asfep->namelen], 'v',
1412 asfep->valuelen);
1413 }
1414
1415 asfep = (xfs_attr_sf_entry_t *)((char *)asfep +
1416 XFS_ATTR_SF_ENTSIZE(asfep));
1417 }
1418
1419 /* zero stale data in rest of space in attr fork, if any */
1420 if (zero_stale_data && (ino_attr_size < XFS_DFORK_ASIZE(dip, mp)))
1421 memset(asfep, 0, XFS_DFORK_ASIZE(dip, mp) - ino_attr_size);
1422 }
1423
1424 static void
1425 process_dir_free_block(
1426 char *block)
1427 {
1428 struct xfs_dir2_free *free;
1429 struct xfs_dir3_icfree_hdr freehdr;
1430
1431 if (!zero_stale_data)
1432 return;
1433
1434 free = (struct xfs_dir2_free *)block;
1435 M_DIROPS(mp)->free_hdr_from_disk(&freehdr, free);
1436
1437 switch (freehdr.magic) {
1438 case XFS_DIR2_FREE_MAGIC:
1439 case XFS_DIR3_FREE_MAGIC: {
1440 __be16 *bests;
1441 char *high;
1442 int used;
1443
1444 /* Zero out space from end of bests[] to end of block */
1445 bests = M_DIROPS(mp)->free_bests_p(free);
1446 high = (char *)&bests[freehdr.nvalid];
1447 used = high - (char*)free;
1448 memset(high, 0, mp->m_dir_geo->blksize - used);
1449 iocur_top->need_crc = 1;
1450 break;
1451 }
1452 default:
1453 if (show_warnings)
1454 print_warning("invalid magic in dir inode %llu "
1455 "free block",
1456 (unsigned long long)cur_ino);
1457 break;
1458 }
1459 }
1460
1461 static void
1462 process_dir_leaf_block(
1463 char *block)
1464 {
1465 struct xfs_dir2_leaf *leaf;
1466 struct xfs_dir3_icleaf_hdr leafhdr;
1467
1468 if (!zero_stale_data)
1469 return;
1470
1471 /* Yes, this works for dir2 & dir3. Difference is padding. */
1472 leaf = (struct xfs_dir2_leaf *)block;
1473 M_DIROPS(mp)->leaf_hdr_from_disk(&leafhdr, leaf);
1474
1475 switch (leafhdr.magic) {
1476 case XFS_DIR2_LEAF1_MAGIC:
1477 case XFS_DIR3_LEAF1_MAGIC: {
1478 struct xfs_dir2_leaf_tail *ltp;
1479 __be16 *lbp;
1480 struct xfs_dir2_leaf_entry *ents;
1481 char *free; /* end of ents */
1482
1483 /* Zero out space from end of ents[] to bests */
1484 ents = M_DIROPS(mp)->leaf_ents_p(leaf);
1485 free = (char *)&ents[leafhdr.count];
1486 ltp = xfs_dir2_leaf_tail_p(mp->m_dir_geo, leaf);
1487 lbp = xfs_dir2_leaf_bests_p(ltp);
1488 memset(free, 0, (char *)lbp - free);
1489 iocur_top->need_crc = 1;
1490 break;
1491 }
1492 case XFS_DIR2_LEAFN_MAGIC:
1493 case XFS_DIR3_LEAFN_MAGIC: {
1494 struct xfs_dir2_leaf_entry *ents;
1495 char *free;
1496 int used;
1497
1498 /* Zero out space from end of ents[] to end of block */
1499 ents = M_DIROPS(mp)->leaf_ents_p(leaf);
1500 free = (char *)&ents[leafhdr.count];
1501 used = free - (char*)leaf;
1502 memset(free, 0, mp->m_dir_geo->blksize - used);
1503 iocur_top->need_crc = 1;
1504 break;
1505 }
1506 default:
1507 break;
1508 }
1509 }
1510
1511 static void
1512 process_dir_data_block(
1513 char *block,
1514 xfs_fileoff_t offset,
1515 int is_block_format)
1516 {
1517 /*
1518 * we have to rely on the fileoffset and signature of the block to
1519 * handle it's contents. If it's invalid, leave it alone.
1520 * for multi-fsblock dir blocks, if a name crosses an extent boundary,
1521 * ignore it and continue.
1522 */
1523 int dir_offset;
1524 char *ptr;
1525 char *endptr;
1526 int end_of_data;
1527 int wantmagic;
1528 struct xfs_dir2_data_hdr *datahdr;
1529
1530 datahdr = (struct xfs_dir2_data_hdr *)block;
1531
1532 if (is_block_format) {
1533 xfs_dir2_leaf_entry_t *blp;
1534 xfs_dir2_block_tail_t *btp;
1535
1536 btp = xfs_dir2_block_tail_p(mp->m_dir_geo, datahdr);
1537 blp = xfs_dir2_block_leaf_p(btp);
1538 if ((char *)blp > (char *)btp)
1539 blp = (xfs_dir2_leaf_entry_t *)btp;
1540
1541 end_of_data = (char *)blp - block;
1542 if (xfs_sb_version_hascrc(&mp->m_sb))
1543 wantmagic = XFS_DIR3_BLOCK_MAGIC;
1544 else
1545 wantmagic = XFS_DIR2_BLOCK_MAGIC;
1546 } else { /* leaf/node format */
1547 end_of_data = mp->m_dir_geo->fsbcount << mp->m_sb.sb_blocklog;
1548 if (xfs_sb_version_hascrc(&mp->m_sb))
1549 wantmagic = XFS_DIR3_DATA_MAGIC;
1550 else
1551 wantmagic = XFS_DIR2_DATA_MAGIC;
1552 }
1553
1554 if (be32_to_cpu(datahdr->magic) != wantmagic) {
1555 if (show_warnings)
1556 print_warning(
1557 "invalid magic in dir inode %llu block %ld",
1558 (unsigned long long)cur_ino, (long)offset);
1559 return;
1560 }
1561
1562 dir_offset = M_DIROPS(mp)->data_entry_offset;
1563 ptr = block + dir_offset;
1564 endptr = block + mp->m_dir_geo->blksize;
1565
1566 while (ptr < endptr && dir_offset < end_of_data) {
1567 xfs_dir2_data_entry_t *dep;
1568 xfs_dir2_data_unused_t *dup;
1569 int length;
1570
1571 dup = (xfs_dir2_data_unused_t *)ptr;
1572
1573 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
1574 int free_length = be16_to_cpu(dup->length);
1575 if (dir_offset + free_length > end_of_data ||
1576 !free_length ||
1577 (free_length & (XFS_DIR2_DATA_ALIGN - 1))) {
1578 if (show_warnings)
1579 print_warning(
1580 "invalid length for dir free space in inode %llu",
1581 (long long)cur_ino);
1582 return;
1583 }
1584 if (be16_to_cpu(*xfs_dir2_data_unused_tag_p(dup)) !=
1585 dir_offset)
1586 return;
1587 dir_offset += free_length;
1588 ptr += free_length;
1589 /*
1590 * Zero the unused space up to the tag - the tag is
1591 * actually at a variable offset, so zeroing &dup->tag
1592 * is zeroing the free space in between
1593 */
1594 if (zero_stale_data) {
1595 int zlen = free_length -
1596 sizeof(xfs_dir2_data_unused_t);
1597
1598 if (zlen > 0) {
1599 memset(&dup->tag, 0, zlen);
1600 iocur_top->need_crc = 1;
1601 }
1602 }
1603 if (dir_offset >= end_of_data || ptr >= endptr)
1604 return;
1605 }
1606
1607 dep = (xfs_dir2_data_entry_t *)ptr;
1608 length = M_DIROPS(mp)->data_entsize(dep->namelen);
1609
1610 if (dir_offset + length > end_of_data ||
1611 ptr + length > endptr) {
1612 if (show_warnings)
1613 print_warning(
1614 "invalid length for dir entry name in inode %llu",
1615 (long long)cur_ino);
1616 return;
1617 }
1618 if (be16_to_cpu(*M_DIROPS(mp)->data_entry_tag_p(dep)) !=
1619 dir_offset)
1620 return;
1621
1622 if (obfuscate)
1623 generate_obfuscated_name(be64_to_cpu(dep->inumber),
1624 dep->namelen, &dep->name[0]);
1625 dir_offset += length;
1626 ptr += length;
1627 /* Zero the unused space after name, up to the tag */
1628 if (zero_stale_data) {
1629 /* 1 byte for ftype; don't bother with conditional */
1630 int zlen =
1631 (char *)M_DIROPS(mp)->data_entry_tag_p(dep) -
1632 (char *)&dep->name[dep->namelen] - 1;
1633 if (zlen > 0) {
1634 memset(&dep->name[dep->namelen] + 1, 0, zlen);
1635 iocur_top->need_crc = 1;
1636 }
1637 }
1638 }
1639 }
1640
1641 static void
1642 process_symlink_block(
1643 char *block)
1644 {
1645 char *link = block;
1646
1647 if (xfs_sb_version_hascrc(&(mp)->m_sb))
1648 link += sizeof(struct xfs_dsymlink_hdr);
1649
1650 if (obfuscate)
1651 obfuscate_path_components(link, XFS_SYMLINK_BUF_SPACE(mp,
1652 mp->m_sb.sb_blocksize));
1653 if (zero_stale_data) {
1654 size_t linklen, zlen;
1655
1656 linklen = strlen(link);
1657 zlen = mp->m_sb.sb_blocksize - linklen;
1658 if (xfs_sb_version_hascrc(&mp->m_sb))
1659 zlen -= sizeof(struct xfs_dsymlink_hdr);
1660 if (zlen < mp->m_sb.sb_blocksize)
1661 memset(link + linklen, 0, zlen);
1662 }
1663 }
1664
1665 #define MAX_REMOTE_VALS 4095
1666
1667 static struct attr_data_s {
1668 int remote_val_count;
1669 xfs_dablk_t remote_vals[MAX_REMOTE_VALS];
1670 } attr_data;
1671
1672 static inline void
1673 add_remote_vals(
1674 xfs_dablk_t blockidx,
1675 int length)
1676 {
1677 while (length > 0 && attr_data.remote_val_count < MAX_REMOTE_VALS) {
1678 attr_data.remote_vals[attr_data.remote_val_count] = blockidx;
1679 attr_data.remote_val_count++;
1680 blockidx++;
1681 length -= XFS_ATTR3_RMT_BUF_SPACE(mp, mp->m_sb.sb_blocksize);
1682 }
1683
1684 if (attr_data.remote_val_count >= MAX_REMOTE_VALS) {
1685 print_warning(
1686 "Overflowed attr obfuscation array. No longer obfuscating remote attrs.");
1687 }
1688 }
1689
1690 /* Handle remote and leaf attributes */
1691 static void
1692 process_attr_block(
1693 char *block,
1694 xfs_fileoff_t offset)
1695 {
1696 struct xfs_attr_leafblock *leaf;
1697 struct xfs_attr3_icleaf_hdr hdr;
1698 int i;
1699 int nentries;
1700 xfs_attr_leaf_entry_t *entry;
1701 xfs_attr_leaf_name_local_t *local;
1702 xfs_attr_leaf_name_remote_t *remote;
1703 uint32_t bs = mp->m_sb.sb_blocksize;
1704 char *first_name;
1705
1706
1707 leaf = (xfs_attr_leafblock_t *)block;
1708
1709 /* Remote attributes - attr3 has XFS_ATTR3_RMT_MAGIC, attr has none */
1710 if ((be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR_LEAF_MAGIC) &&
1711 (be16_to_cpu(leaf->hdr.info.magic) != XFS_ATTR3_LEAF_MAGIC)) {
1712 for (i = 0; i < attr_data.remote_val_count; i++) {
1713 if (obfuscate && attr_data.remote_vals[i] == offset)
1714 /* Macros to handle both attr and attr3 */
1715 memset(block +
1716 (bs - XFS_ATTR3_RMT_BUF_SPACE(mp, bs)),
1717 'v', XFS_ATTR3_RMT_BUF_SPACE(mp, bs));
1718 }
1719 return;
1720 }
1721
1722 /* Ok, it's a leaf - get header; accounts for crc & non-crc */
1723 xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &hdr, leaf);
1724
1725 nentries = hdr.count;
1726 if (nentries == 0 ||
1727 nentries * sizeof(xfs_attr_leaf_entry_t) +
1728 xfs_attr3_leaf_hdr_size(leaf) >
1729 XFS_ATTR3_RMT_BUF_SPACE(mp, bs)) {
1730 if (show_warnings)
1731 print_warning("invalid attr count in inode %llu",
1732 (long long)cur_ino);
1733 return;
1734 }
1735
1736 entry = xfs_attr3_leaf_entryp(leaf);
1737 /* We will move this as we parse */
1738 first_name = NULL;
1739 for (i = 0; i < nentries; i++, entry++) {
1740 int nlen, vlen, zlen;
1741
1742 /* Grows up; if this name is topmost, move first_name */
1743 if (!first_name || xfs_attr3_leaf_name(leaf, i) < first_name)
1744 first_name = xfs_attr3_leaf_name(leaf, i);
1745
1746 if (be16_to_cpu(entry->nameidx) > mp->m_sb.sb_blocksize) {
1747 if (show_warnings)
1748 print_warning(
1749 "invalid attr nameidx in inode %llu",
1750 (long long)cur_ino);
1751 break;
1752 }
1753 if (entry->flags & XFS_ATTR_LOCAL) {
1754 local = xfs_attr3_leaf_name_local(leaf, i);
1755 if (local->namelen == 0) {
1756 if (show_warnings)
1757 print_warning(
1758 "zero length for attr name in inode %llu",
1759 (long long)cur_ino);
1760 break;
1761 }
1762 if (obfuscate) {
1763 generate_obfuscated_name(0, local->namelen,
1764 &local->nameval[0]);
1765 memset(&local->nameval[local->namelen], 'v',
1766 be16_to_cpu(local->valuelen));
1767 }
1768 /* zero from end of nameval[] to next name start */
1769 nlen = local->namelen;
1770 vlen = be16_to_cpu(local->valuelen);
1771 zlen = xfs_attr_leaf_entsize_local(nlen, vlen) -
1772 (sizeof(xfs_attr_leaf_name_local_t) - 1 +
1773 nlen + vlen);
1774 if (zero_stale_data)
1775 memset(&local->nameval[nlen + vlen], 0, zlen);
1776 } else {
1777 remote = xfs_attr3_leaf_name_remote(leaf, i);
1778 if (remote->namelen == 0 || remote->valueblk == 0) {
1779 if (show_warnings)
1780 print_warning(
1781 "invalid attr entry in inode %llu",
1782 (long long)cur_ino);
1783 break;
1784 }
1785 if (obfuscate) {
1786 generate_obfuscated_name(0, remote->namelen,
1787 &remote->name[0]);
1788 add_remote_vals(be32_to_cpu(remote->valueblk),
1789 be32_to_cpu(remote->valuelen));
1790 }
1791 /* zero from end of name[] to next name start */
1792 nlen = remote->namelen;
1793 zlen = xfs_attr_leaf_entsize_remote(nlen) -
1794 (sizeof(xfs_attr_leaf_name_remote_t) - 1 +
1795 nlen);
1796 if (zero_stale_data)
1797 memset(&remote->name[nlen], 0, zlen);
1798 }
1799 }
1800
1801 /* Zero from end of entries array to the first name/val */
1802 if (zero_stale_data) {
1803 struct xfs_attr_leaf_entry *entries;
1804
1805 entries = xfs_attr3_leaf_entryp(leaf);
1806 memset(&entries[nentries], 0,
1807 first_name - (char *)&entries[nentries]);
1808 }
1809 }
1810
1811 /* Processes symlinks, attrs, directories ... */
1812 static int
1813 process_single_fsb_objects(
1814 xfs_fileoff_t o,
1815 xfs_fsblock_t s,
1816 xfs_filblks_t c,
1817 typnm_t btype,
1818 xfs_fileoff_t last)
1819 {
1820 char *dp;
1821 int ret = 0;
1822 int i;
1823
1824 for (i = 0; i < c; i++) {
1825 push_cur();
1826 set_cur(&typtab[btype], XFS_FSB_TO_DADDR(mp, s), blkbb,
1827 DB_RING_IGN, NULL);
1828
1829 if (!iocur_top->data) {
1830 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1831 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1832
1833 print_warning("cannot read %s block %u/%u (%llu)",
1834 typtab[btype].name, agno, agbno, s);
1835 if (stop_on_read_error)
1836 ret = -EIO;
1837 goto out_pop;
1838
1839 }
1840
1841 if (!obfuscate && !zero_stale_data)
1842 goto write;
1843
1844 /* Zero unused part of interior nodes */
1845 if (zero_stale_data) {
1846 xfs_da_intnode_t *node = iocur_top->data;
1847 int magic = be16_to_cpu(node->hdr.info.magic);
1848
1849 if (magic == XFS_DA_NODE_MAGIC ||
1850 magic == XFS_DA3_NODE_MAGIC) {
1851 struct xfs_da3_icnode_hdr hdr;
1852 int used;
1853
1854 M_DIROPS(mp)->node_hdr_from_disk(&hdr, node);
1855 used = M_DIROPS(mp)->node_hdr_size;
1856
1857 used += hdr.count
1858 * sizeof(struct xfs_da_node_entry);
1859
1860 if (used < mp->m_sb.sb_blocksize) {
1861 memset((char *)node + used, 0,
1862 mp->m_sb.sb_blocksize - used);
1863 iocur_top->need_crc = 1;
1864 }
1865 }
1866 }
1867
1868 /* Handle leaf nodes */
1869 dp = iocur_top->data;
1870 switch (btype) {
1871 case TYP_DIR2:
1872 if (o >= mp->m_dir_geo->freeblk) {
1873 process_dir_free_block(dp);
1874 } else if (o >= mp->m_dir_geo->leafblk) {
1875 process_dir_leaf_block(dp);
1876 } else {
1877 process_dir_data_block(dp, o,
1878 last == mp->m_dir_geo->fsbcount);
1879 }
1880 iocur_top->need_crc = 1;
1881 break;
1882 case TYP_SYMLINK:
1883 process_symlink_block(dp);
1884 iocur_top->need_crc = 1;
1885 break;
1886 case TYP_ATTR:
1887 process_attr_block(dp, o);
1888 iocur_top->need_crc = 1;
1889 break;
1890 default:
1891 break;
1892 }
1893
1894 write:
1895 ret = write_buf(iocur_top);
1896 out_pop:
1897 pop_cur();
1898 if (ret)
1899 break;
1900 o++;
1901 s++;
1902 }
1903
1904 return ret;
1905 }
1906
1907 /*
1908 * Static map to aggregate multiple extents into a single directory block.
1909 */
1910 static struct bbmap mfsb_map;
1911 static int mfsb_length;
1912
1913 static int
1914 process_multi_fsb_objects(
1915 xfs_fileoff_t o,
1916 xfs_fsblock_t s,
1917 xfs_filblks_t c,
1918 typnm_t btype,
1919 xfs_fileoff_t last)
1920 {
1921 char *dp;
1922 int ret = 0;
1923
1924 switch (btype) {
1925 case TYP_DIR2:
1926 break;
1927 default:
1928 print_warning("bad type for multi-fsb object %d", btype);
1929 return -EINVAL;
1930 }
1931
1932 while (c > 0) {
1933 unsigned int bm_len;
1934
1935 if (mfsb_length + c >= mp->m_dir_geo->fsbcount) {
1936 bm_len = mp->m_dir_geo->fsbcount - mfsb_length;
1937 mfsb_length = 0;
1938 } else {
1939 mfsb_length += c;
1940 bm_len = c;
1941 }
1942
1943 mfsb_map.b[mfsb_map.nmaps].bm_bn = XFS_FSB_TO_DADDR(mp, s);
1944 mfsb_map.b[mfsb_map.nmaps].bm_len = XFS_FSB_TO_BB(mp, bm_len);
1945 mfsb_map.nmaps++;
1946
1947 if (mfsb_length == 0) {
1948 push_cur();
1949 set_cur(&typtab[btype], 0, 0, DB_RING_IGN, &mfsb_map);
1950 if (!iocur_top->data) {
1951 xfs_agnumber_t agno = XFS_FSB_TO_AGNO(mp, s);
1952 xfs_agblock_t agbno = XFS_FSB_TO_AGBNO(mp, s);
1953
1954 print_warning("cannot read %s block %u/%u (%llu)",
1955 typtab[btype].name, agno, agbno, s);
1956 if (stop_on_read_error)
1957 ret = -1;
1958 goto out_pop;
1959
1960 }
1961
1962 if (!obfuscate && !zero_stale_data)
1963 goto write;
1964
1965 dp = iocur_top->data;
1966 if (o >= mp->m_dir_geo->freeblk) {
1967 process_dir_free_block(dp);
1968 } else if (o >= mp->m_dir_geo->leafblk) {
1969 process_dir_leaf_block(dp);
1970 } else {
1971 process_dir_data_block(dp, o,
1972 last == mp->m_dir_geo->fsbcount);
1973 }
1974 iocur_top->need_crc = 1;
1975 write:
1976 ret = write_buf(iocur_top);
1977 out_pop:
1978 pop_cur();
1979 mfsb_map.nmaps = 0;
1980 if (ret)
1981 break;
1982 }
1983 c -= bm_len;
1984 s += bm_len;
1985 }
1986
1987 return ret;
1988 }
1989
1990 /* inode copy routines */
1991 static int
1992 process_bmbt_reclist(
1993 xfs_bmbt_rec_t *rp,
1994 int numrecs,
1995 typnm_t btype)
1996 {
1997 int i;
1998 xfs_fileoff_t o, op = NULLFILEOFF;
1999 xfs_fsblock_t s;
2000 xfs_filblks_t c, cp = NULLFILEOFF;
2001 int f;
2002 xfs_fileoff_t last;
2003 xfs_agnumber_t agno;
2004 xfs_agblock_t agbno;
2005 int error;
2006
2007 if (btype == TYP_DATA)
2008 return 1;
2009
2010 convert_extent(&rp[numrecs - 1], &o, &s, &c, &f);
2011 last = o + c;
2012
2013 for (i = 0; i < numrecs; i++, rp++) {
2014 convert_extent(rp, &o, &s, &c, &f);
2015
2016 /*
2017 * ignore extents that are clearly bogus, and if a bogus
2018 * one is found, stop processing remaining extents
2019 */
2020 if (i > 0 && op + cp > o) {
2021 if (show_warnings)
2022 print_warning("bmap extent %d in %s ino %llu "
2023 "starts at %llu, previous extent "
2024 "ended at %llu", i,
2025 typtab[btype].name, (long long)cur_ino,
2026 o, op + cp - 1);
2027 break;
2028 }
2029
2030 if (c > max_extent_size) {
2031 /*
2032 * since we are only processing non-data extents,
2033 * large numbers of blocks in a metadata extent is
2034 * extremely rare and more than likely to be corrupt.
2035 */
2036 if (show_warnings)
2037 print_warning("suspicious count %u in bmap "
2038 "extent %d in %s ino %llu", c, i,
2039 typtab[btype].name, (long long)cur_ino);
2040 break;
2041 }
2042
2043 op = o;
2044 cp = c;
2045
2046 agno = XFS_FSB_TO_AGNO(mp, s);
2047 agbno = XFS_FSB_TO_AGBNO(mp, s);
2048
2049 if (!valid_bno(agno, agbno)) {
2050 if (show_warnings)
2051 print_warning("invalid block number %u/%u "
2052 "(%llu) in bmap extent %d in %s ino "
2053 "%llu", agno, agbno, s, i,
2054 typtab[btype].name, (long long)cur_ino);
2055 break;
2056 }
2057
2058 if (!valid_bno(agno, agbno + c - 1)) {
2059 if (show_warnings)
2060 print_warning("bmap extent %i in %s inode %llu "
2061 "overflows AG (end is %u/%u)", i,
2062 typtab[btype].name, (long long)cur_ino,
2063 agno, agbno + c - 1);
2064 break;
2065 }
2066
2067 /* multi-extent blocks require special handling */
2068 if (btype != TYP_DIR2 || mp->m_dir_geo->fsbcount == 1) {
2069 error = process_single_fsb_objects(o, s, c, btype, last);
2070 } else {
2071 error = process_multi_fsb_objects(o, s, c, btype, last);
2072 }
2073 if (error)
2074 return 0;
2075 }
2076
2077 return 1;
2078 }
2079
2080 static int
2081 scanfunc_bmap(
2082 struct xfs_btree_block *block,
2083 xfs_agnumber_t agno,
2084 xfs_agblock_t agbno,
2085 int level,
2086 typnm_t btype,
2087 void *arg) /* ptr to itype */
2088 {
2089 int i;
2090 xfs_bmbt_ptr_t *pp;
2091 int nrecs;
2092
2093 nrecs = be16_to_cpu(block->bb_numrecs);
2094
2095 if (level == 0) {
2096 if (nrecs > mp->m_bmap_dmxr[0]) {
2097 if (show_warnings)
2098 print_warning("invalid numrecs (%u) in %s "
2099 "block %u/%u", nrecs,
2100 typtab[btype].name, agno, agbno);
2101 return 1;
2102 }
2103 return process_bmbt_reclist(XFS_BMBT_REC_ADDR(mp, block, 1),
2104 nrecs, *(typnm_t*)arg);
2105 }
2106
2107 if (nrecs > mp->m_bmap_dmxr[1]) {
2108 if (show_warnings)
2109 print_warning("invalid numrecs (%u) in %s block %u/%u",
2110 nrecs, typtab[btype].name, agno, agbno);
2111 return 1;
2112 }
2113 pp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[1]);
2114 for (i = 0; i < nrecs; i++) {
2115 xfs_agnumber_t ag;
2116 xfs_agblock_t bno;
2117
2118 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2119 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2120
2121 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2122 ag > mp->m_sb.sb_agcount) {
2123 if (show_warnings)
2124 print_warning("invalid block number (%u/%u) "
2125 "in %s block %u/%u", ag, bno,
2126 typtab[btype].name, agno, agbno);
2127 continue;
2128 }
2129
2130 if (!scan_btree(ag, bno, level, btype, arg, scanfunc_bmap))
2131 return 0;
2132 }
2133 return 1;
2134 }
2135
2136 static int
2137 process_btinode(
2138 xfs_dinode_t *dip,
2139 typnm_t itype)
2140 {
2141 xfs_bmdr_block_t *dib;
2142 int i;
2143 xfs_bmbt_ptr_t *pp;
2144 int level;
2145 int nrecs;
2146 int maxrecs;
2147 int whichfork;
2148 typnm_t btype;
2149
2150 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2151 btype = (itype == TYP_ATTR) ? TYP_BMAPBTA : TYP_BMAPBTD;
2152
2153 dib = (xfs_bmdr_block_t *)XFS_DFORK_PTR(dip, whichfork);
2154 level = be16_to_cpu(dib->bb_level);
2155 nrecs = be16_to_cpu(dib->bb_numrecs);
2156
2157 if (level > XFS_BM_MAXLEVELS(mp, whichfork)) {
2158 if (show_warnings)
2159 print_warning("invalid level (%u) in inode %lld %s "
2160 "root", level, (long long)cur_ino,
2161 typtab[btype].name);
2162 return 1;
2163 }
2164
2165 if (level == 0) {
2166 return process_bmbt_reclist(XFS_BMDR_REC_ADDR(dib, 1),
2167 nrecs, itype);
2168 }
2169
2170 maxrecs = libxfs_bmdr_maxrecs(XFS_DFORK_SIZE(dip, mp, whichfork), 0);
2171 if (nrecs > maxrecs) {
2172 if (show_warnings)
2173 print_warning("invalid numrecs (%u) in inode %lld %s "
2174 "root", nrecs, (long long)cur_ino,
2175 typtab[btype].name);
2176 return 1;
2177 }
2178
2179 pp = XFS_BMDR_PTR_ADDR(dib, 1, maxrecs);
2180
2181 if (zero_stale_data) {
2182 char *top;
2183
2184 /* Unused btree key space */
2185 top = (char*)XFS_BMDR_KEY_ADDR(dib, nrecs + 1);
2186 memset(top, 0, (char*)pp - top);
2187
2188 /* Unused btree ptr space */
2189 top = (char*)&pp[nrecs];
2190 memset(top, 0, (char*)dib + XFS_DFORK_SIZE(dip, mp, whichfork) - top);
2191 }
2192
2193 for (i = 0; i < nrecs; i++) {
2194 xfs_agnumber_t ag;
2195 xfs_agblock_t bno;
2196
2197 ag = XFS_FSB_TO_AGNO(mp, get_unaligned_be64(&pp[i]));
2198 bno = XFS_FSB_TO_AGBNO(mp, get_unaligned_be64(&pp[i]));
2199
2200 if (bno == 0 || bno > mp->m_sb.sb_agblocks ||
2201 ag > mp->m_sb.sb_agcount) {
2202 if (show_warnings)
2203 print_warning("invalid block number (%u/%u) "
2204 "in inode %llu %s root", ag,
2205 bno, (long long)cur_ino,
2206 typtab[btype].name);
2207 continue;
2208 }
2209
2210 if (!scan_btree(ag, bno, level, btype, &itype, scanfunc_bmap))
2211 return 0;
2212 }
2213 return 1;
2214 }
2215
2216 static int
2217 process_exinode(
2218 xfs_dinode_t *dip,
2219 typnm_t itype)
2220 {
2221 int whichfork;
2222 int used;
2223 xfs_extnum_t nex;
2224
2225 whichfork = (itype == TYP_ATTR) ? XFS_ATTR_FORK : XFS_DATA_FORK;
2226
2227 nex = XFS_DFORK_NEXTENTS(dip, whichfork);
2228 used = nex * sizeof(xfs_bmbt_rec_t);
2229 if (nex < 0 || used > XFS_DFORK_SIZE(dip, mp, whichfork)) {
2230 if (show_warnings)
2231 print_warning("bad number of extents %d in inode %lld",
2232 nex, (long long)cur_ino);
2233 return 1;
2234 }
2235
2236 /* Zero unused data fork past used extents */
2237 if (zero_stale_data && (used < XFS_DFORK_SIZE(dip, mp, whichfork)))
2238 memset(XFS_DFORK_PTR(dip, whichfork) + used, 0,
2239 XFS_DFORK_SIZE(dip, mp, whichfork) - used);
2240
2241
2242 return process_bmbt_reclist((xfs_bmbt_rec_t *)XFS_DFORK_PTR(dip,
2243 whichfork), nex, itype);
2244 }
2245
2246 static int
2247 process_inode_data(
2248 xfs_dinode_t *dip,
2249 typnm_t itype)
2250 {
2251 switch (dip->di_format) {
2252 case XFS_DINODE_FMT_LOCAL:
2253 if (obfuscate || zero_stale_data)
2254 switch (itype) {
2255 case TYP_DIR2:
2256 process_sf_dir(dip);
2257 break;
2258
2259 case TYP_SYMLINK:
2260 process_sf_symlink(dip);
2261 break;
2262
2263 default: ;
2264 }
2265 break;
2266
2267 case XFS_DINODE_FMT_EXTENTS:
2268 return process_exinode(dip, itype);
2269
2270 case XFS_DINODE_FMT_BTREE:
2271 return process_btinode(dip, itype);
2272 }
2273 return 1;
2274 }
2275
2276 /*
2277 * when we process the inode, we may change the data in the data and/or
2278 * attribute fork if they are in short form and we are obfuscating names.
2279 * In this case we need to recalculate the CRC of the inode, but we should
2280 * only do that if the CRC in the inode is good to begin with. If the crc
2281 * is not ok, we just leave it alone.
2282 */
2283 static int
2284 process_inode(
2285 xfs_agnumber_t agno,
2286 xfs_agino_t agino,
2287 xfs_dinode_t *dip,
2288 bool free_inode)
2289 {
2290 int success;
2291 bool crc_was_ok = false; /* no recalc by default */
2292 bool need_new_crc = false;
2293
2294 success = 1;
2295 cur_ino = XFS_AGINO_TO_INO(mp, agno, agino);
2296
2297 /* we only care about crc recalculation if we will modify the inode. */
2298 if (obfuscate || zero_stale_data) {
2299 crc_was_ok = libxfs_verify_cksum((char *)dip,
2300 mp->m_sb.sb_inodesize,
2301 offsetof(struct xfs_dinode, di_crc));
2302 }
2303
2304 if (free_inode) {
2305 if (zero_stale_data) {
2306 /* Zero all of the inode literal area */
2307 memset(XFS_DFORK_DPTR(dip), 0,
2308 XFS_LITINO(mp, dip->di_version));
2309 }
2310 goto done;
2311 }
2312
2313 /* copy appropriate data fork metadata */
2314 switch (be16_to_cpu(dip->di_mode) & S_IFMT) {
2315 case S_IFDIR:
2316 success = process_inode_data(dip, TYP_DIR2);
2317 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2318 need_new_crc = 1;
2319 break;
2320 case S_IFLNK:
2321 success = process_inode_data(dip, TYP_SYMLINK);
2322 if (dip->di_format == XFS_DINODE_FMT_LOCAL)
2323 need_new_crc = 1;
2324 break;
2325 case S_IFREG:
2326 success = process_inode_data(dip, TYP_DATA);
2327 break;
2328 default: ;
2329 }
2330 nametable_clear();
2331
2332 /* copy extended attributes if they exist and forkoff is valid */
2333 if (success &&
2334 XFS_DFORK_DSIZE(dip, mp) < XFS_LITINO(mp, dip->di_version)) {
2335 attr_data.remote_val_count = 0;
2336 switch (dip->di_aformat) {
2337 case XFS_DINODE_FMT_LOCAL:
2338 need_new_crc = 1;
2339 if (obfuscate || zero_stale_data)
2340 process_sf_attr(dip);
2341 break;
2342
2343 case XFS_DINODE_FMT_EXTENTS:
2344 success = process_exinode(dip, TYP_ATTR);
2345 break;
2346
2347 case XFS_DINODE_FMT_BTREE:
2348 success = process_btinode(dip, TYP_ATTR);
2349 break;
2350 }
2351 nametable_clear();
2352 }
2353
2354 done:
2355 /* Heavy handed but low cost; just do it as a catch-all. */
2356 if (zero_stale_data)
2357 need_new_crc = 1;
2358
2359 if (crc_was_ok && need_new_crc)
2360 libxfs_dinode_calc_crc(mp, dip);
2361 return success;
2362 }
2363
2364 static uint32_t inodes_copied;
2365
2366 static int
2367 copy_inode_chunk(
2368 xfs_agnumber_t agno,
2369 xfs_inobt_rec_t *rp)
2370 {
2371 xfs_agino_t agino;
2372 int off;
2373 xfs_agblock_t agbno;
2374 xfs_agblock_t end_agbno;
2375 int i;
2376 int rval = 0;
2377 int blks_per_buf;
2378 int inodes_per_buf;
2379 int ioff;
2380
2381 agino = be32_to_cpu(rp->ir_startino);
2382 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2383 end_agbno = agbno + mp->m_ialloc_blks;
2384 off = XFS_INO_TO_OFFSET(mp, agino);
2385
2386 /*
2387 * If the fs supports sparse inode records, we must process inodes a
2388 * cluster at a time because that is the sparse allocation granularity.
2389 * Otherwise, we risk CRC corruption errors on reads of inode chunks.
2390 *
2391 * Also make sure that that we don't process more than the single record
2392 * we've been passed (large block sizes can hold multiple inode chunks).
2393 */
2394 if (xfs_sb_version_hassparseinodes(&mp->m_sb))
2395 blks_per_buf = xfs_icluster_size_fsb(mp);
2396 else
2397 blks_per_buf = mp->m_ialloc_blks;
2398 inodes_per_buf = min(blks_per_buf << mp->m_sb.sb_inopblog,
2399 XFS_INODES_PER_CHUNK);
2400
2401 /*
2402 * Sanity check that we only process a single buffer if ir_startino has
2403 * a buffer offset. A non-zero offset implies that the entire chunk lies
2404 * within a block.
2405 */
2406 if (off && inodes_per_buf != XFS_INODES_PER_CHUNK) {
2407 print_warning("bad starting inode offset %d", off);
2408 return 0;
2409 }
2410
2411 if (agino == 0 || agino == NULLAGINO || !valid_bno(agno, agbno) ||
2412 !valid_bno(agno, XFS_AGINO_TO_AGBNO(mp,
2413 agino + XFS_INODES_PER_CHUNK - 1))) {
2414 if (show_warnings)
2415 print_warning("bad inode number %llu (%u/%u)",
2416 XFS_AGINO_TO_INO(mp, agno, agino), agno, agino);
2417 return 1;
2418 }
2419
2420 /*
2421 * check for basic assumptions about inode chunks, and if any
2422 * assumptions fail, don't process the inode chunk.
2423 */
2424 if ((mp->m_sb.sb_inopblock <= XFS_INODES_PER_CHUNK && off != 0) ||
2425 (mp->m_sb.sb_inopblock > XFS_INODES_PER_CHUNK &&
2426 off % XFS_INODES_PER_CHUNK != 0) ||
2427 (xfs_sb_version_hasalign(&mp->m_sb) &&
2428 mp->m_sb.sb_inoalignmt != 0 &&
2429 agbno % mp->m_sb.sb_inoalignmt != 0)) {
2430 if (show_warnings)
2431 print_warning("badly aligned inode (start = %llu)",
2432 XFS_AGINO_TO_INO(mp, agno, agino));
2433 return 1;
2434 }
2435
2436 push_cur();
2437 ioff = 0;
2438 while (agbno < end_agbno && ioff < XFS_INODES_PER_CHUNK) {
2439 if (xfs_inobt_is_sparse_disk(rp, ioff))
2440 goto next_bp;
2441
2442 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2443 XFS_FSB_TO_BB(mp, blks_per_buf), DB_RING_IGN, NULL);
2444 if (iocur_top->data == NULL) {
2445 print_warning("cannot read inode block %u/%u",
2446 agno, agbno);
2447 rval = !stop_on_read_error;
2448 goto pop_out;
2449 }
2450
2451 for (i = 0; i < inodes_per_buf; i++) {
2452 xfs_dinode_t *dip;
2453
2454 dip = (xfs_dinode_t *)((char *)iocur_top->data +
2455 ((off + i) << mp->m_sb.sb_inodelog));
2456
2457 /* process_inode handles free inodes, too */
2458 if (!process_inode(agno, agino + ioff + i, dip,
2459 XFS_INOBT_IS_FREE_DISK(rp, ioff + i)))
2460 goto pop_out;
2461
2462 inodes_copied++;
2463 }
2464
2465 if (write_buf(iocur_top))
2466 goto pop_out;
2467
2468 next_bp:
2469 agbno += blks_per_buf;
2470 ioff += inodes_per_buf;
2471 }
2472
2473 if (show_progress)
2474 print_progress("Copied %u of %u inodes (%u of %u AGs)",
2475 inodes_copied, mp->m_sb.sb_icount, agno,
2476 mp->m_sb.sb_agcount);
2477 rval = 1;
2478 pop_out:
2479 pop_cur();
2480 return rval;
2481 }
2482
2483 static int
2484 scanfunc_ino(
2485 struct xfs_btree_block *block,
2486 xfs_agnumber_t agno,
2487 xfs_agblock_t agbno,
2488 int level,
2489 typnm_t btype,
2490 void *arg)
2491 {
2492 xfs_inobt_rec_t *rp;
2493 xfs_inobt_ptr_t *pp;
2494 int i;
2495 int numrecs;
2496 int finobt = *(int *) arg;
2497
2498 numrecs = be16_to_cpu(block->bb_numrecs);
2499
2500 if (level == 0) {
2501 if (numrecs > mp->m_inobt_mxr[0]) {
2502 if (show_warnings)
2503 print_warning("invalid numrecs %d in %s "
2504 "block %u/%u", numrecs,
2505 typtab[btype].name, agno, agbno);
2506 numrecs = mp->m_inobt_mxr[0];
2507 }
2508
2509 /*
2510 * Only copy the btree blocks for the finobt. The inobt scan
2511 * copies the inode chunks.
2512 */
2513 if (finobt)
2514 return 1;
2515
2516 rp = XFS_INOBT_REC_ADDR(mp, block, 1);
2517 for (i = 0; i < numrecs; i++, rp++) {
2518 if (!copy_inode_chunk(agno, rp))
2519 return 0;
2520 }
2521 return 1;
2522 }
2523
2524 if (numrecs > mp->m_inobt_mxr[1]) {
2525 if (show_warnings)
2526 print_warning("invalid numrecs %d in %s block %u/%u",
2527 numrecs, typtab[btype].name, agno, agbno);
2528 numrecs = mp->m_inobt_mxr[1];
2529 }
2530
2531 pp = XFS_INOBT_PTR_ADDR(mp, block, 1, mp->m_inobt_mxr[1]);
2532 for (i = 0; i < numrecs; i++) {
2533 if (!valid_bno(agno, be32_to_cpu(pp[i]))) {
2534 if (show_warnings)
2535 print_warning("invalid block number (%u/%u) "
2536 "in %s block %u/%u",
2537 agno, be32_to_cpu(pp[i]),
2538 typtab[btype].name, agno, agbno);
2539 continue;
2540 }
2541 if (!scan_btree(agno, be32_to_cpu(pp[i]), level,
2542 btype, arg, scanfunc_ino))
2543 return 0;
2544 }
2545 return 1;
2546 }
2547
2548 static int
2549 copy_inodes(
2550 xfs_agnumber_t agno,
2551 xfs_agi_t *agi)
2552 {
2553 xfs_agblock_t root;
2554 int levels;
2555 int finobt = 0;
2556
2557 root = be32_to_cpu(agi->agi_root);
2558 levels = be32_to_cpu(agi->agi_level);
2559
2560 /* validate root and levels before processing the tree */
2561 if (root == 0 || root > mp->m_sb.sb_agblocks) {
2562 if (show_warnings)
2563 print_warning("invalid block number (%u) in inobt "
2564 "root in agi %u", root, agno);
2565 return 1;
2566 }
2567 if (levels >= XFS_BTREE_MAXLEVELS) {
2568 if (show_warnings)
2569 print_warning("invalid level (%u) in inobt root "
2570 "in agi %u", levels, agno);
2571 return 1;
2572 }
2573
2574 if (!scan_btree(agno, root, levels, TYP_INOBT, &finobt, scanfunc_ino))
2575 return 0;
2576
2577 if (xfs_sb_version_hasfinobt(&mp->m_sb)) {
2578 root = be32_to_cpu(agi->agi_free_root);
2579 levels = be32_to_cpu(agi->agi_free_level);
2580
2581 finobt = 1;
2582 if (!scan_btree(agno, root, levels, TYP_INOBT, &finobt,
2583 scanfunc_ino))
2584 return 0;
2585 }
2586
2587 return 1;
2588 }
2589
2590 static int
2591 scan_ag(
2592 xfs_agnumber_t agno)
2593 {
2594 xfs_agf_t *agf;
2595 xfs_agi_t *agi;
2596 int stack_count = 0;
2597 int rval = 0;
2598
2599 /* copy the superblock of the AG */
2600 push_cur();
2601 stack_count++;
2602 set_cur(&typtab[TYP_SB], XFS_AG_DADDR(mp, agno, XFS_SB_DADDR),
2603 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2604 if (!iocur_top->data) {
2605 print_warning("cannot read superblock for ag %u", agno);
2606 if (stop_on_read_error)
2607 goto pop_out;
2608 } else {
2609 /* Replace any filesystem label with "L's" */
2610 if (obfuscate) {
2611 struct xfs_sb *sb = iocur_top->data;
2612 memset(sb->sb_fname, 'L',
2613 min(strlen(sb->sb_fname), sizeof(sb->sb_fname)));
2614 iocur_top->need_crc = 1;
2615 }
2616 if (write_buf(iocur_top))
2617 goto pop_out;
2618 }
2619
2620 /* copy the AG free space btree root */
2621 push_cur();
2622 stack_count++;
2623 set_cur(&typtab[TYP_AGF], XFS_AG_DADDR(mp, agno, XFS_AGF_DADDR(mp)),
2624 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2625 agf = iocur_top->data;
2626 if (iocur_top->data == NULL) {
2627 print_warning("cannot read agf block for ag %u", agno);
2628 if (stop_on_read_error)
2629 goto pop_out;
2630 } else {
2631 if (write_buf(iocur_top))
2632 goto pop_out;
2633 }
2634
2635 /* copy the AG inode btree root */
2636 push_cur();
2637 stack_count++;
2638 set_cur(&typtab[TYP_AGI], XFS_AG_DADDR(mp, agno, XFS_AGI_DADDR(mp)),
2639 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2640 agi = iocur_top->data;
2641 if (iocur_top->data == NULL) {
2642 print_warning("cannot read agi block for ag %u", agno);
2643 if (stop_on_read_error)
2644 goto pop_out;
2645 } else {
2646 if (write_buf(iocur_top))
2647 goto pop_out;
2648 }
2649
2650 /* copy the AG free list header */
2651 push_cur();
2652 stack_count++;
2653 set_cur(&typtab[TYP_AGFL], XFS_AG_DADDR(mp, agno, XFS_AGFL_DADDR(mp)),
2654 XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
2655 if (iocur_top->data == NULL) {
2656 print_warning("cannot read agfl block for ag %u", agno);
2657 if (stop_on_read_error)
2658 goto pop_out;
2659 } else {
2660 if (agf && zero_stale_data) {
2661 /* Zero out unused bits of agfl */
2662 int i;
2663 __be32 *agfl_bno;
2664
2665 agfl_bno = XFS_BUF_TO_AGFL_BNO(mp, iocur_top->bp);
2666 i = be32_to_cpu(agf->agf_fllast);
2667
2668 for (;;) {
2669 if (++i == libxfs_agfl_size(mp))
2670 i = 0;
2671 if (i == be32_to_cpu(agf->agf_flfirst))
2672 break;
2673 agfl_bno[i] = cpu_to_be32(NULLAGBLOCK);
2674 }
2675 iocur_top->need_crc = 1;
2676 }
2677 if (write_buf(iocur_top))
2678 goto pop_out;
2679 }
2680
2681 /* copy AG free space btrees */
2682 if (agf) {
2683 if (show_progress)
2684 print_progress("Copying free space trees of AG %u",
2685 agno);
2686 if (!copy_free_bno_btree(agno, agf))
2687 goto pop_out;
2688 if (!copy_free_cnt_btree(agno, agf))
2689 goto pop_out;
2690 if (!copy_rmap_btree(agno, agf))
2691 goto pop_out;
2692 if (!copy_refcount_btree(agno, agf))
2693 goto pop_out;
2694 }
2695
2696 /* copy inode btrees and the inodes and their associated metadata */
2697 if (agi) {
2698 if (!copy_inodes(agno, agi))
2699 goto pop_out;
2700 }
2701 rval = 1;
2702 pop_out:
2703 while (stack_count--)
2704 pop_cur();
2705 return rval;
2706 }
2707
2708 static int
2709 copy_ino(
2710 xfs_ino_t ino,
2711 typnm_t itype)
2712 {
2713 xfs_agnumber_t agno;
2714 xfs_agblock_t agbno;
2715 xfs_agino_t agino;
2716 int offset;
2717 int rval = 0;
2718
2719 if (ino == 0 || ino == NULLFSINO)
2720 return 1;
2721
2722 agno = XFS_INO_TO_AGNO(mp, ino);
2723 agino = XFS_INO_TO_AGINO(mp, ino);
2724 agbno = XFS_AGINO_TO_AGBNO(mp, agino);
2725 offset = XFS_AGINO_TO_OFFSET(mp, agino);
2726
2727 if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
2728 offset >= mp->m_sb.sb_inopblock) {
2729 if (show_warnings)
2730 print_warning("invalid %s inode number (%lld)",
2731 typtab[itype].name, (long long)ino);
2732 return 1;
2733 }
2734
2735 push_cur();
2736 set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, agbno),
2737 blkbb, DB_RING_IGN, NULL);
2738 if (iocur_top->data == NULL) {
2739 print_warning("cannot read %s inode %lld",
2740 typtab[itype].name, (long long)ino);
2741 rval = !stop_on_read_error;
2742 goto pop_out;
2743 }
2744 off_cur(offset << mp->m_sb.sb_inodelog, mp->m_sb.sb_inodesize);
2745
2746 cur_ino = ino;
2747 rval = process_inode_data(iocur_top->data, itype);
2748 pop_out:
2749 pop_cur();
2750 return rval;
2751 }
2752
2753
2754 static int
2755 copy_sb_inodes(void)
2756 {
2757 if (!copy_ino(mp->m_sb.sb_rbmino, TYP_RTBITMAP))
2758 return 0;
2759
2760 if (!copy_ino(mp->m_sb.sb_rsumino, TYP_RTSUMMARY))
2761 return 0;
2762
2763 if (!copy_ino(mp->m_sb.sb_uquotino, TYP_DQBLK))
2764 return 0;
2765
2766 if (!copy_ino(mp->m_sb.sb_gquotino, TYP_DQBLK))
2767 return 0;
2768
2769 return copy_ino(mp->m_sb.sb_pquotino, TYP_DQBLK);
2770 }
2771
2772 static int
2773 copy_log(void)
2774 {
2775 struct xlog log;
2776 int dirty;
2777 xfs_daddr_t logstart;
2778 int logblocks;
2779 int logversion;
2780 int cycle = XLOG_INIT_CYCLE;
2781
2782 if (show_progress)
2783 print_progress("Copying log");
2784
2785 push_cur();
2786 set_cur(&typtab[TYP_LOG], XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2787 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2788 if (iocur_top->data == NULL) {
2789 pop_cur();
2790 print_warning("cannot read log");
2791 return !stop_on_read_error;
2792 }
2793
2794 /* If not obfuscating or zeroing, just copy the log as it is */
2795 if (!obfuscate && !zero_stale_data)
2796 goto done;
2797
2798 dirty = xlog_is_dirty(mp, &log, &x, 0);
2799
2800 switch (dirty) {
2801 case 0:
2802 /* clear out a clean log */
2803 if (show_progress)
2804 print_progress("Zeroing clean log");
2805
2806 logstart = XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart);
2807 logblocks = XFS_FSB_TO_BB(mp, mp->m_sb.sb_logblocks);
2808 logversion = xfs_sb_version_haslogv2(&mp->m_sb) ? 2 : 1;
2809 if (xfs_sb_version_hascrc(&mp->m_sb))
2810 cycle = log.l_curr_cycle + 1;
2811
2812 libxfs_log_clear(NULL, iocur_top->data, logstart, logblocks,
2813 &mp->m_sb.sb_uuid, logversion,
2814 mp->m_sb.sb_logsunit, XLOG_FMT, cycle, true);
2815 break;
2816 case 1:
2817 /* keep the dirty log */
2818 if (obfuscate)
2819 print_warning(
2820 _("Warning: log recovery of an obfuscated metadata image can leak "
2821 "unobfuscated metadata and/or cause image corruption. If possible, "
2822 "please mount the filesystem to clean the log, or disable obfuscation."));
2823 break;
2824 case -1:
2825 /* log detection error */
2826 if (obfuscate)
2827 print_warning(
2828 _("Could not discern log; image will contain unobfuscated metadata in log."));
2829 break;
2830 }
2831
2832 done:
2833 return !write_buf(iocur_top);
2834 }
2835
2836 static int
2837 metadump_f(
2838 int argc,
2839 char **argv)
2840 {
2841 xfs_agnumber_t agno;
2842 int c;
2843 int start_iocur_sp;
2844 int outfd = -1;
2845 int ret;
2846 char *p;
2847
2848 exitcode = 1;
2849 show_progress = 0;
2850 show_warnings = 0;
2851 stop_on_read_error = 0;
2852
2853 if (mp->m_sb.sb_magicnum != XFS_SB_MAGIC) {
2854 print_warning("bad superblock magic number %x, giving up",
2855 mp->m_sb.sb_magicnum);
2856 return 0;
2857 }
2858
2859 /*
2860 * on load, we sanity-checked agcount and possibly set to 1
2861 * if it was corrupted and large.
2862 */
2863 if (mp->m_sb.sb_agcount == 1 &&
2864 XFS_MAX_DBLOCKS(&mp->m_sb) < mp->m_sb.sb_dblocks) {
2865 print_warning("truncated agcount, giving up");
2866 return 0;
2867 }
2868
2869 while ((c = getopt(argc, argv, "aegm:ow")) != EOF) {
2870 switch (c) {
2871 case 'a':
2872 zero_stale_data = 0;
2873 break;
2874 case 'e':
2875 stop_on_read_error = 1;
2876 break;
2877 case 'g':
2878 show_progress = 1;
2879 break;
2880 case 'm':
2881 max_extent_size = (int)strtol(optarg, &p, 0);
2882 if (*p != '\0' || max_extent_size <= 0) {
2883 print_warning("bad max extent size %s",
2884 optarg);
2885 return 0;
2886 }
2887 break;
2888 case 'o':
2889 obfuscate = 0;
2890 break;
2891 case 'w':
2892 show_warnings = 1;
2893 break;
2894 default:
2895 print_warning("bad option for metadump command");
2896 return 0;
2897 }
2898 }
2899
2900 if (optind != argc - 1) {
2901 print_warning("too few options for metadump (no filename given)");
2902 return 0;
2903 }
2904
2905 metablock = (xfs_metablock_t *)calloc(BBSIZE + 1, BBSIZE);
2906 if (metablock == NULL) {
2907 print_warning("memory allocation failure");
2908 return 0;
2909 }
2910 metablock->mb_blocklog = BBSHIFT;
2911 metablock->mb_magic = cpu_to_be32(XFS_MD_MAGIC);
2912
2913 /* Set flags about state of metadump */
2914 metablock->mb_info = XFS_METADUMP_INFO_FLAGS;
2915 if (obfuscate)
2916 metablock->mb_info |= XFS_METADUMP_OBFUSCATED;
2917 if (!zero_stale_data)
2918 metablock->mb_info |= XFS_METADUMP_FULLBLOCKS;
2919
2920 /* If we'll copy the log, see if the log is dirty */
2921 if (mp->m_sb.sb_logstart) {
2922 push_cur();
2923 set_cur(&typtab[TYP_LOG],
2924 XFS_FSB_TO_DADDR(mp, mp->m_sb.sb_logstart),
2925 mp->m_sb.sb_logblocks * blkbb, DB_RING_IGN, NULL);
2926 if (iocur_top->data) { /* best effort */
2927 struct xlog log;
2928
2929 if (xlog_is_dirty(mp, &log, &x, 0))
2930 metablock->mb_info |= XFS_METADUMP_DIRTYLOG;
2931 }
2932 pop_cur();
2933 }
2934
2935 block_index = (__be64 *)((char *)metablock + sizeof(xfs_metablock_t));
2936 block_buffer = (char *)metablock + BBSIZE;
2937 num_indices = (BBSIZE - sizeof(xfs_metablock_t)) / sizeof(__be64);
2938
2939 /*
2940 * A metadump block can hold at most num_indices of BBSIZE sectors;
2941 * do not try to dump a filesystem with a sector size which does not
2942 * fit within num_indices (i.e. within a single metablock).
2943 */
2944 if (mp->m_sb.sb_sectsize > num_indices * BBSIZE) {
2945 print_warning("Cannot dump filesystem with sector size %u",
2946 mp->m_sb.sb_sectsize);
2947 free(metablock);
2948 return 0;
2949 }
2950
2951 cur_index = 0;
2952 start_iocur_sp = iocur_sp;
2953
2954 if (strcmp(argv[optind], "-") == 0) {
2955 if (isatty(fileno(stdout))) {
2956 print_warning("cannot write to a terminal");
2957 free(metablock);
2958 return 0;
2959 }
2960 /*
2961 * Redirect stdout to stderr for the duration of the
2962 * metadump operation so that dbprintf and other messages
2963 * are sent to the console instead of polluting the
2964 * metadump stream.
2965 *
2966 * We get to do this the hard way because musl doesn't
2967 * allow reassignment of stdout.
2968 */
2969 fflush(stdout);
2970 outfd = dup(STDOUT_FILENO);
2971 if (outfd < 0) {
2972 perror("opening dump stream");
2973 goto out;
2974 }
2975 ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2976 if (ret < 0) {
2977 perror("redirecting stdout");
2978 close(outfd);
2979 goto out;
2980 }
2981 outf = fdopen(outfd, "a");
2982 if (outf == NULL) {
2983 fprintf(stderr, "cannot create dump stream\n");
2984 dup2(outfd, STDOUT_FILENO);
2985 close(outfd);
2986 goto out;
2987 }
2988 stdout_metadump = true;
2989 } else {
2990 outf = fopen(argv[optind], "wb");
2991 if (outf == NULL) {
2992 print_warning("cannot create dump file");
2993 goto out;
2994 }
2995 }
2996
2997 exitcode = 0;
2998
2999 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) {
3000 if (!scan_ag(agno)) {
3001 exitcode = 1;
3002 break;
3003 }
3004 }
3005
3006 /* copy realtime and quota inode contents */
3007 if (!exitcode)
3008 exitcode = !copy_sb_inodes();
3009
3010 /* copy log if it's internal */
3011 if ((mp->m_sb.sb_logstart != 0) && !exitcode)
3012 exitcode = !copy_log();
3013
3014 /* write the remaining index */
3015 if (!exitcode)
3016 exitcode = write_index() < 0;
3017
3018 if (progress_since_warning)
3019 fputc('\n', stdout_metadump ? stderr : stdout);
3020
3021 if (stdout_metadump) {
3022 fflush(outf);
3023 fflush(stdout);
3024 ret = dup2(outfd, STDOUT_FILENO);
3025 if (ret < 0)
3026 perror("un-redirecting stdout");
3027 stdout_metadump = false;
3028 }
3029 fclose(outf);
3030
3031 /* cleanup iocur stack */
3032 while (iocur_sp > start_iocur_sp)
3033 pop_cur();
3034 out:
3035 free(metablock);
3036
3037 return 0;
3038 }
Unnamed repository; edit this file 'description' to name the repository.