1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright 2021 Google LLC
4 * Author: Daeho Jeong <[email protected]>
5 */
6 #include <stdlib.h>
7 #include <getopt.h>
8 #include <time.h>
9 #include <utime.h>
10 #include <unistd.h>
11 #include <sys/stat.h>
12 #include "erofs/print.h"
13 #include "erofs/compress.h"
14 #include "erofs/decompress.h"
15 #include "erofs/dir.h"
16 #include "../lib/compressor.h"
17
18 static int erofsfsck_check_inode(erofs_nid_t pnid, erofs_nid_t nid);
19
20 struct erofsfsck_cfg {
21 u64 physical_blocks;
22 u64 logical_blocks;
23 char *extract_path;
24 size_t extract_pos;
25 mode_t umask;
26 bool superuser;
27 bool corrupted;
28 bool print_comp_ratio;
29 bool check_decomp;
30 bool force;
31 bool overwrite;
32 bool preserve_owner;
33 bool preserve_perms;
34 };
35 static struct erofsfsck_cfg fsckcfg;
36
37 static struct option long_options[] = {
38 {"version", no_argument, 0, 'V'},
39 {"help", no_argument, 0, 'h'},
40 {"extract", optional_argument, 0, 2},
41 {"device", required_argument, 0, 3},
42 {"force", no_argument, 0, 4},
43 {"overwrite", no_argument, 0, 5},
44 {"preserve", no_argument, 0, 6},
45 {"preserve-owner", no_argument, 0, 7},
46 {"preserve-perms", no_argument, 0, 8},
47 {"no-preserve", no_argument, 0, 9},
48 {"no-preserve-owner", no_argument, 0, 10},
49 {"no-preserve-perms", no_argument, 0, 11},
50 {"offset", required_argument, 0, 12},
51 {0, 0, 0, 0},
52 };
53
54 #define NR_HARDLINK_HASHTABLE 16384
55
56 struct erofsfsck_hardlink_entry {
57 struct list_head list;
58 erofs_nid_t nid;
59 char *path;
60 };
61
62 static struct list_head erofsfsck_link_hashtable[NR_HARDLINK_HASHTABLE];
63
print_available_decompressors(FILE * f,const char * delim)64 static void print_available_decompressors(FILE *f, const char *delim)
65 {
66 int i = 0;
67 bool comma = false;
68 const struct erofs_algorithm *s;
69
70 while ((s = z_erofs_list_available_compressors(&i)) != NULL) {
71 if (comma)
72 fputs(delim, f);
73 fputs(s->name, f);
74 comma = true;
75 }
76 fputc('\n', f);
77 }
78
usage(int argc,char ** argv)79 static void usage(int argc, char **argv)
80 {
81 // " 1 2 3 4 5 6 7 8 "
82 // "12345678901234567890123456789012345678901234567890123456789012345678901234567890\n"
83 printf(
84 "Usage: %s [OPTIONS] IMAGE\n"
85 "Check erofs filesystem compatibility and integrity of IMAGE.\n"
86 "\n"
87 "This version of fsck.erofs is capable of checking images that use any of the\n"
88 "following algorithms: ", argv[0]);
89 print_available_decompressors(stdout, ", ");
90 printf("\n"
91 "General options:\n"
92 " -V, --version print the version number of fsck.erofs and exit\n"
93 " -h, --help display this help and exit\n"
94 "\n"
95 " -d<0-9> set output verbosity; 0=quiet, 9=verbose (default=%i)\n"
96 " -p print total compression ratio of all files\n"
97 " --device=X specify an extra device to be used together\n"
98 " --extract[=X] check if all files are well encoded, optionally\n"
99 " extract to X\n"
100 " --offset=# skip # bytes at the beginning of IMAGE\n"
101 "\n"
102 " -a, -A, -y no-op, for compatibility with fsck of other filesystems\n"
103 "\n"
104 "Extraction options (--extract=X is required):\n"
105 " --force allow extracting to root\n"
106 " --overwrite overwrite files that already exist\n"
107 " --[no-]preserve same as --[no-]preserve-owner --[no-]preserve-perms\n"
108 " --[no-]preserve-owner whether to preserve the ownership from the\n"
109 " filesystem (default for superuser), or to extract as\n"
110 " yourself (default for ordinary users)\n"
111 " --[no-]preserve-perms whether to preserve the exact permissions from the\n"
112 " filesystem without applying umask (default for\n"
113 " superuser), or to modify the permissions by applying\n"
114 " umask (default for ordinary users)\n",
115 EROFS_WARN);
116 }
117
erofsfsck_print_version(void)118 static void erofsfsck_print_version(void)
119 {
120 printf("fsck.erofs (erofs-utils) %s\navailable decompressors: ",
121 cfg.c_version);
122 print_available_decompressors(stdout, ", ");
123 }
124
erofsfsck_parse_options_cfg(int argc,char ** argv)125 static int erofsfsck_parse_options_cfg(int argc, char **argv)
126 {
127 char *endptr;
128 int opt, ret;
129 bool has_opt_preserve = false;
130
131 while ((opt = getopt_long(argc, argv, "Vd:phaAy",
132 long_options, NULL)) != -1) {
133 switch (opt) {
134 case 'V':
135 erofsfsck_print_version();
136 exit(0);
137 case 'd':
138 ret = atoi(optarg);
139 if (ret < EROFS_MSG_MIN || ret > EROFS_MSG_MAX) {
140 erofs_err("invalid debug level %d", ret);
141 return -EINVAL;
142 }
143 cfg.c_dbg_lvl = ret;
144 break;
145 case 'p':
146 fsckcfg.print_comp_ratio = true;
147 break;
148 case 'h':
149 usage(argc, argv);
150 exit(0);
151 case 'a':
152 case 'A':
153 case 'y':
154 break;
155 case 2:
156 fsckcfg.check_decomp = true;
157 if (optarg) {
158 size_t len = strlen(optarg);
159
160 if (len == 0) {
161 erofs_err("empty value given for --extract=X");
162 return -EINVAL;
163 }
164
165 /* remove trailing slashes except root */
166 while (len > 1 && optarg[len - 1] == '/')
167 len--;
168
169 if (len >= PATH_MAX) {
170 erofs_err("target directory name too long!");
171 return -ENAMETOOLONG;
172 }
173
174 fsckcfg.extract_path = malloc(PATH_MAX);
175 if (!fsckcfg.extract_path)
176 return -ENOMEM;
177 strncpy(fsckcfg.extract_path, optarg, len);
178 fsckcfg.extract_path[len] = '\0';
179 /* if path is root, start writing from position 0 */
180 if (len == 1 && fsckcfg.extract_path[0] == '/')
181 len = 0;
182 fsckcfg.extract_pos = len;
183 }
184 break;
185 case 3:
186 ret = erofs_blob_open_ro(&g_sbi, optarg);
187 if (ret)
188 return ret;
189 ++g_sbi.extra_devices;
190 break;
191 case 4:
192 fsckcfg.force = true;
193 break;
194 case 5:
195 fsckcfg.overwrite = true;
196 break;
197 case 6:
198 fsckcfg.preserve_owner = fsckcfg.preserve_perms = true;
199 has_opt_preserve = true;
200 break;
201 case 7:
202 fsckcfg.preserve_owner = true;
203 has_opt_preserve = true;
204 break;
205 case 8:
206 fsckcfg.preserve_perms = true;
207 has_opt_preserve = true;
208 break;
209 case 9:
210 fsckcfg.preserve_owner = fsckcfg.preserve_perms = false;
211 has_opt_preserve = true;
212 break;
213 case 10:
214 fsckcfg.preserve_owner = false;
215 has_opt_preserve = true;
216 break;
217 case 11:
218 fsckcfg.preserve_perms = false;
219 has_opt_preserve = true;
220 break;
221 case 12:
222 g_sbi.bdev.offset = strtoull(optarg, &endptr, 0);
223 if (*endptr != '\0') {
224 erofs_err("invalid disk offset %s", optarg);
225 return -EINVAL;
226 }
227 break;
228 default:
229 return -EINVAL;
230 }
231 }
232
233 if (fsckcfg.extract_path) {
234 if (!fsckcfg.extract_pos && !fsckcfg.force) {
235 erofs_err("--extract=/ must be used together with --force");
236 return -EINVAL;
237 }
238 } else {
239 if (fsckcfg.force) {
240 erofs_err("--force must be used together with --extract=X");
241 return -EINVAL;
242 }
243 if (fsckcfg.overwrite) {
244 erofs_err("--overwrite must be used together with --extract=X");
245 return -EINVAL;
246 }
247 if (has_opt_preserve) {
248 erofs_err("--[no-]preserve[-owner/-perms] must be used together with --extract=X");
249 return -EINVAL;
250 }
251 }
252
253 if (optind >= argc) {
254 erofs_err("missing argument: IMAGE");
255 return -EINVAL;
256 }
257
258 cfg.c_img_path = strdup(argv[optind++]);
259 if (!cfg.c_img_path)
260 return -ENOMEM;
261
262 if (optind < argc) {
263 erofs_err("unexpected argument: %s", argv[optind]);
264 return -EINVAL;
265 }
266 return 0;
267 }
268
erofsfsck_set_attributes(struct erofs_inode * inode,char * path)269 static void erofsfsck_set_attributes(struct erofs_inode *inode, char *path)
270 {
271 int ret;
272
273 /* don't apply attributes when fsck is used without extraction */
274 if (!fsckcfg.extract_path)
275 return;
276
277 #ifdef HAVE_UTIMENSAT
278 if (utimensat(AT_FDCWD, path, (struct timespec []) {
279 [0] = { .tv_sec = inode->i_mtime,
280 .tv_nsec = inode->i_mtime_nsec },
281 [1] = { .tv_sec = inode->i_mtime,
282 .tv_nsec = inode->i_mtime_nsec },
283 }, AT_SYMLINK_NOFOLLOW) < 0)
284 #else
285 if (utime(path, &((struct utimbuf){.actime = inode->i_mtime,
286 .modtime = inode->i_mtime})) < 0)
287 #endif
288 erofs_warn("failed to set times: %s", path);
289
290 if (!S_ISLNK(inode->i_mode)) {
291 if (fsckcfg.preserve_perms)
292 ret = chmod(path, inode->i_mode);
293 else
294 ret = chmod(path, inode->i_mode & ~fsckcfg.umask);
295 if (ret < 0)
296 erofs_warn("failed to set permissions: %s", path);
297 }
298
299 if (fsckcfg.preserve_owner) {
300 ret = lchown(path, inode->i_uid, inode->i_gid);
301 if (ret < 0)
302 erofs_warn("failed to change ownership: %s", path);
303 }
304 }
305
erofs_check_sb_chksum(void)306 static int erofs_check_sb_chksum(void)
307 {
308 #ifndef FUZZING
309 u8 buf[EROFS_MAX_BLOCK_SIZE];
310 u32 crc;
311 struct erofs_super_block *sb;
312 int ret;
313
314 ret = erofs_blk_read(&g_sbi, 0, buf, 0, 1);
315 if (ret) {
316 erofs_err("failed to read superblock to check checksum: %d",
317 ret);
318 return -1;
319 }
320
321 sb = (struct erofs_super_block *)(buf + EROFS_SUPER_OFFSET);
322 sb->checksum = 0;
323
324 crc = erofs_crc32c(~0, (u8 *)sb, erofs_blksiz(&g_sbi) - EROFS_SUPER_OFFSET);
325 if (crc != g_sbi.checksum) {
326 erofs_err("superblock chksum doesn't match: saved(%08xh) calculated(%08xh)",
327 g_sbi.checksum, crc);
328 fsckcfg.corrupted = true;
329 return -1;
330 }
331 #endif
332 return 0;
333 }
334
erofs_verify_xattr(struct erofs_inode * inode)335 static int erofs_verify_xattr(struct erofs_inode *inode)
336 {
337 struct erofs_sb_info *sbi = inode->sbi;
338 unsigned int xattr_hdr_size = sizeof(struct erofs_xattr_ibody_header);
339 unsigned int xattr_entry_size = sizeof(struct erofs_xattr_entry);
340 erofs_off_t addr;
341 unsigned int ofs, xattr_shared_count;
342 struct erofs_xattr_ibody_header *ih;
343 struct erofs_xattr_entry *entry;
344 int i, remaining = inode->xattr_isize, ret = 0;
345 char buf[EROFS_MAX_BLOCK_SIZE];
346
347 if (inode->xattr_isize == xattr_hdr_size) {
348 erofs_err("xattr_isize %d of nid %llu is not supported yet",
349 inode->xattr_isize, inode->nid | 0ULL);
350 ret = -EFSCORRUPTED;
351 goto out;
352 } else if (inode->xattr_isize < xattr_hdr_size) {
353 if (inode->xattr_isize) {
354 erofs_err("bogus xattr ibody @ nid %llu",
355 inode->nid | 0ULL);
356 ret = -EFSCORRUPTED;
357 goto out;
358 }
359 }
360
361 addr = erofs_iloc(inode) + inode->inode_isize;
362 ret = erofs_dev_read(sbi, 0, buf, addr, xattr_hdr_size);
363 if (ret < 0) {
364 erofs_err("failed to read xattr header @ nid %llu: %d",
365 inode->nid | 0ULL, ret);
366 goto out;
367 }
368 ih = (struct erofs_xattr_ibody_header *)buf;
369 xattr_shared_count = ih->h_shared_count;
370
371 ofs = erofs_blkoff(sbi, addr) + xattr_hdr_size;
372 addr += xattr_hdr_size;
373 remaining -= xattr_hdr_size;
374 for (i = 0; i < xattr_shared_count; ++i) {
375 if (ofs >= erofs_blksiz(sbi)) {
376 if (ofs != erofs_blksiz(sbi)) {
377 erofs_err("unaligned xattr entry in xattr shared area @ nid %llu",
378 inode->nid | 0ULL);
379 ret = -EFSCORRUPTED;
380 goto out;
381 }
382 ofs = 0;
383 }
384 ofs += xattr_entry_size;
385 addr += xattr_entry_size;
386 remaining -= xattr_entry_size;
387 }
388
389 while (remaining > 0) {
390 unsigned int entry_sz;
391
392 ret = erofs_dev_read(sbi, 0, buf, addr, xattr_entry_size);
393 if (ret) {
394 erofs_err("failed to read xattr entry @ nid %llu: %d",
395 inode->nid | 0ULL, ret);
396 goto out;
397 }
398
399 entry = (struct erofs_xattr_entry *)buf;
400 entry_sz = erofs_xattr_entry_size(entry);
401 if (remaining < entry_sz) {
402 erofs_err("xattr on-disk corruption: xattr entry beyond xattr_isize @ nid %llu",
403 inode->nid | 0ULL);
404 ret = -EFSCORRUPTED;
405 goto out;
406 }
407 addr += entry_sz;
408 remaining -= entry_sz;
409 }
410 out:
411 return ret;
412 }
413
erofs_verify_inode_data(struct erofs_inode * inode,int outfd)414 static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd)
415 {
416 struct erofs_map_blocks map = {
417 .index = UINT_MAX,
418 };
419 int ret = 0;
420 bool compressed;
421 erofs_off_t pos = 0;
422 u64 pchunk_len = 0;
423 unsigned int raw_size = 0, buffer_size = 0;
424 char *raw = NULL, *buffer = NULL;
425
426 erofs_dbg("verify data chunk of nid(%llu): type(%d)",
427 inode->nid | 0ULL, inode->datalayout);
428
429 switch (inode->datalayout) {
430 case EROFS_INODE_FLAT_PLAIN:
431 case EROFS_INODE_FLAT_INLINE:
432 case EROFS_INODE_CHUNK_BASED:
433 compressed = false;
434 break;
435 case EROFS_INODE_COMPRESSED_FULL:
436 case EROFS_INODE_COMPRESSED_COMPACT:
437 compressed = true;
438 break;
439 default:
440 erofs_err("unknown datalayout");
441 return -EINVAL;
442 }
443
444 while (pos < inode->i_size) {
445 unsigned int alloc_rawsize;
446
447 map.m_la = pos;
448 if (compressed)
449 ret = z_erofs_map_blocks_iter(inode, &map,
450 EROFS_GET_BLOCKS_FIEMAP);
451 else
452 ret = erofs_map_blocks(inode, &map,
453 EROFS_GET_BLOCKS_FIEMAP);
454 if (ret)
455 goto out;
456
457 if (!compressed && map.m_llen != map.m_plen) {
458 erofs_err("broken chunk length m_la %" PRIu64 " m_llen %" PRIu64 " m_plen %" PRIu64,
459 map.m_la, map.m_llen, map.m_plen);
460 ret = -EFSCORRUPTED;
461 goto out;
462 }
463
464 /* the last lcluster can be divided into 3 parts */
465 if (map.m_la + map.m_llen > inode->i_size)
466 map.m_llen = inode->i_size - map.m_la;
467
468 pchunk_len += map.m_plen;
469 pos += map.m_llen;
470
471 /* should skip decomp? */
472 if (map.m_la >= inode->i_size || !fsckcfg.check_decomp)
473 continue;
474
475 if (outfd >= 0 && !(map.m_flags & EROFS_MAP_MAPPED)) {
476 ret = lseek(outfd, map.m_llen, SEEK_CUR);
477 if (ret < 0) {
478 ret = -errno;
479 goto out;
480 }
481 continue;
482 }
483
484 if (map.m_plen > Z_EROFS_PCLUSTER_MAX_SIZE) {
485 if (compressed) {
486 erofs_err("invalid pcluster size %" PRIu64 " @ offset %" PRIu64 " of nid %" PRIu64,
487 map.m_plen, map.m_la,
488 inode->nid | 0ULL);
489 ret = -EFSCORRUPTED;
490 goto out;
491 }
492 alloc_rawsize = Z_EROFS_PCLUSTER_MAX_SIZE;
493 } else {
494 alloc_rawsize = map.m_plen;
495 }
496
497 if (alloc_rawsize > raw_size) {
498 char *newraw = realloc(raw, alloc_rawsize);
499
500 if (!newraw) {
501 ret = -ENOMEM;
502 goto out;
503 }
504 raw = newraw;
505 raw_size = alloc_rawsize;
506 }
507
508 if (compressed) {
509 if (map.m_llen > buffer_size) {
510 char *newbuffer;
511
512 buffer_size = map.m_llen;
513 newbuffer = realloc(buffer, buffer_size);
514 if (!newbuffer) {
515 ret = -ENOMEM;
516 goto out;
517 }
518 buffer = newbuffer;
519 }
520 ret = z_erofs_read_one_data(inode, &map, raw, buffer,
521 0, map.m_llen, false);
522 if (ret)
523 goto out;
524
525 if (outfd >= 0 && write(outfd, buffer, map.m_llen) < 0)
526 goto fail_eio;
527 } else {
528 u64 p = 0;
529
530 do {
531 u64 count = min_t(u64, alloc_rawsize,
532 map.m_llen);
533
534 ret = erofs_read_one_data(inode, &map, raw, p, count);
535 if (ret)
536 goto out;
537
538 if (outfd >= 0 && write(outfd, raw, count) < 0)
539 goto fail_eio;
540 map.m_llen -= count;
541 p += count;
542 } while (map.m_llen);
543 }
544 }
545
546 if (fsckcfg.print_comp_ratio) {
547 if (!erofs_is_packed_inode(inode))
548 fsckcfg.logical_blocks += BLK_ROUND_UP(inode->sbi, inode->i_size);
549 fsckcfg.physical_blocks += BLK_ROUND_UP(inode->sbi, pchunk_len);
550 }
551 out:
552 if (raw)
553 free(raw);
554 if (buffer)
555 free(buffer);
556 return ret < 0 ? ret : 0;
557
558 fail_eio:
559 erofs_err("I/O error occurred when verifying data chunk @ nid %llu",
560 inode->nid | 0ULL);
561 ret = -EIO;
562 goto out;
563 }
564
erofs_extract_dir(struct erofs_inode * inode)565 static inline int erofs_extract_dir(struct erofs_inode *inode)
566 {
567 int ret;
568
569 erofs_dbg("create directory %s", fsckcfg.extract_path);
570
571 /* verify data chunk layout */
572 ret = erofs_verify_inode_data(inode, -1);
573 if (ret)
574 return ret;
575
576 /*
577 * Make directory with default user rwx permissions rather than
578 * the permissions from the filesystem, as these may not have
579 * write/execute permission. These are fixed up later in
580 * erofsfsck_set_attributes().
581 */
582 if (mkdir(fsckcfg.extract_path, 0700) < 0) {
583 struct stat st;
584
585 if (errno != EEXIST) {
586 erofs_err("failed to create directory: %s (%s)",
587 fsckcfg.extract_path, strerror(errno));
588 return -errno;
589 }
590
591 if (lstat(fsckcfg.extract_path, &st) ||
592 !S_ISDIR(st.st_mode)) {
593 erofs_err("path is not a directory: %s",
594 fsckcfg.extract_path);
595 return -ENOTDIR;
596 }
597
598 /*
599 * Try to change permissions of existing directory so
600 * that we can write to it
601 */
602 if (chmod(fsckcfg.extract_path, 0700) < 0) {
603 erofs_err("failed to set permissions: %s (%s)",
604 fsckcfg.extract_path, strerror(errno));
605 return -errno;
606 }
607 }
608 return 0;
609 }
610
erofsfsck_hardlink_find(erofs_nid_t nid)611 static char *erofsfsck_hardlink_find(erofs_nid_t nid)
612 {
613 struct list_head *head =
614 &erofsfsck_link_hashtable[nid % NR_HARDLINK_HASHTABLE];
615 struct erofsfsck_hardlink_entry *entry;
616
617 list_for_each_entry(entry, head, list)
618 if (entry->nid == nid)
619 return entry->path;
620 return NULL;
621 }
622
erofsfsck_hardlink_insert(erofs_nid_t nid,const char * path)623 static int erofsfsck_hardlink_insert(erofs_nid_t nid, const char *path)
624 {
625 struct erofsfsck_hardlink_entry *entry;
626
627 entry = malloc(sizeof(*entry));
628 if (!entry)
629 return -ENOMEM;
630
631 entry->nid = nid;
632 entry->path = strdup(path);
633 if (!entry->path) {
634 free(entry);
635 return -ENOMEM;
636 }
637
638 list_add_tail(&entry->list,
639 &erofsfsck_link_hashtable[nid % NR_HARDLINK_HASHTABLE]);
640 return 0;
641 }
642
erofsfsck_hardlink_init(void)643 static void erofsfsck_hardlink_init(void)
644 {
645 unsigned int i;
646
647 for (i = 0; i < NR_HARDLINK_HASHTABLE; ++i)
648 init_list_head(&erofsfsck_link_hashtable[i]);
649 }
650
erofsfsck_hardlink_exit(void)651 static void erofsfsck_hardlink_exit(void)
652 {
653 struct erofsfsck_hardlink_entry *entry, *n;
654 struct list_head *head;
655 unsigned int i;
656
657 for (i = 0; i < NR_HARDLINK_HASHTABLE; ++i) {
658 head = &erofsfsck_link_hashtable[i];
659
660 list_for_each_entry_safe(entry, n, head, list) {
661 if (entry->path)
662 free(entry->path);
663 free(entry);
664 }
665 }
666 }
667
erofs_extract_file(struct erofs_inode * inode)668 static inline int erofs_extract_file(struct erofs_inode *inode)
669 {
670 bool tryagain = true;
671 int ret, fd;
672
673 erofs_dbg("extract file to path: %s", fsckcfg.extract_path);
674
675 again:
676 fd = open(fsckcfg.extract_path,
677 O_WRONLY | O_CREAT | O_NOFOLLOW |
678 (fsckcfg.overwrite ? O_TRUNC : O_EXCL), 0700);
679 if (fd < 0) {
680 if (fsckcfg.overwrite && tryagain) {
681 if (errno == EISDIR) {
682 erofs_warn("try to forcely remove directory %s",
683 fsckcfg.extract_path);
684 if (rmdir(fsckcfg.extract_path) < 0) {
685 erofs_err("failed to remove: %s (%s)",
686 fsckcfg.extract_path, strerror(errno));
687 return -EISDIR;
688 }
689 } else if (errno == EACCES &&
690 chmod(fsckcfg.extract_path, 0700) < 0) {
691 erofs_err("failed to set permissions: %s (%s)",
692 fsckcfg.extract_path, strerror(errno));
693 return -errno;
694 }
695 tryagain = false;
696 goto again;
697 }
698 erofs_err("failed to open: %s (%s)", fsckcfg.extract_path,
699 strerror(errno));
700 return -errno;
701 }
702
703 /* verify data chunk layout */
704 ret = erofs_verify_inode_data(inode, fd);
705 close(fd);
706 return ret;
707 }
708
erofs_extract_symlink(struct erofs_inode * inode)709 static inline int erofs_extract_symlink(struct erofs_inode *inode)
710 {
711 bool tryagain = true;
712 int ret;
713 char *buf = NULL;
714
715 erofs_dbg("extract symlink to path: %s", fsckcfg.extract_path);
716
717 /* verify data chunk layout */
718 ret = erofs_verify_inode_data(inode, -1);
719 if (ret)
720 return ret;
721
722 buf = malloc(inode->i_size + 1);
723 if (!buf) {
724 ret = -ENOMEM;
725 goto out;
726 }
727
728 ret = erofs_pread(inode, buf, inode->i_size, 0);
729 if (ret) {
730 erofs_err("I/O error occurred when reading symlink @ nid %llu: %d",
731 inode->nid | 0ULL, ret);
732 goto out;
733 }
734
735 buf[inode->i_size] = '\0';
736 again:
737 if (symlink(buf, fsckcfg.extract_path) < 0) {
738 if (errno == EEXIST && fsckcfg.overwrite && tryagain) {
739 erofs_warn("try to forcely remove file %s",
740 fsckcfg.extract_path);
741 if (unlink(fsckcfg.extract_path) < 0) {
742 erofs_err("failed to remove: %s",
743 fsckcfg.extract_path);
744 ret = -errno;
745 goto out;
746 }
747 tryagain = false;
748 goto again;
749 }
750 erofs_err("failed to create symlink: %s",
751 fsckcfg.extract_path);
752 ret = -errno;
753 }
754 out:
755 if (buf)
756 free(buf);
757 return ret;
758 }
759
erofs_extract_special(struct erofs_inode * inode)760 static int erofs_extract_special(struct erofs_inode *inode)
761 {
762 bool tryagain = true;
763 int ret;
764
765 erofs_dbg("extract special to path: %s", fsckcfg.extract_path);
766
767 /* verify data chunk layout */
768 ret = erofs_verify_inode_data(inode, -1);
769 if (ret)
770 return ret;
771
772 again:
773 if (mknod(fsckcfg.extract_path, inode->i_mode, inode->u.i_rdev) < 0) {
774 if (errno == EEXIST && fsckcfg.overwrite && tryagain) {
775 erofs_warn("try to forcely remove file %s",
776 fsckcfg.extract_path);
777 if (unlink(fsckcfg.extract_path) < 0) {
778 erofs_err("failed to remove: %s",
779 fsckcfg.extract_path);
780 return -errno;
781 }
782 tryagain = false;
783 goto again;
784 }
785 if (errno == EEXIST || fsckcfg.superuser) {
786 erofs_err("failed to create special file: %s",
787 fsckcfg.extract_path);
788 ret = -errno;
789 } else {
790 erofs_warn("failed to create special file: %s, skipped",
791 fsckcfg.extract_path);
792 ret = -ECANCELED;
793 }
794 }
795 return ret;
796 }
797
erofsfsck_dirent_iter(struct erofs_dir_context * ctx)798 static int erofsfsck_dirent_iter(struct erofs_dir_context *ctx)
799 {
800 int ret;
801 size_t prev_pos, curr_pos;
802
803 if (ctx->dot_dotdot)
804 return 0;
805
806 prev_pos = fsckcfg.extract_pos;
807 curr_pos = prev_pos;
808
809 if (prev_pos + ctx->de_namelen >= PATH_MAX) {
810 erofs_err("unable to fsck since the path is too long (%u)",
811 curr_pos + ctx->de_namelen);
812 return -EOPNOTSUPP;
813 }
814
815 if (fsckcfg.extract_path) {
816 fsckcfg.extract_path[curr_pos++] = '/';
817 strncpy(fsckcfg.extract_path + curr_pos, ctx->dname,
818 ctx->de_namelen);
819 curr_pos += ctx->de_namelen;
820 fsckcfg.extract_path[curr_pos] = '\0';
821 } else {
822 curr_pos += ctx->de_namelen;
823 }
824 fsckcfg.extract_pos = curr_pos;
825 ret = erofsfsck_check_inode(ctx->dir->nid, ctx->de_nid);
826
827 if (fsckcfg.extract_path)
828 fsckcfg.extract_path[prev_pos] = '\0';
829 fsckcfg.extract_pos = prev_pos;
830 return ret;
831 }
832
erofsfsck_extract_inode(struct erofs_inode * inode)833 static int erofsfsck_extract_inode(struct erofs_inode *inode)
834 {
835 int ret;
836 char *oldpath;
837
838 if (!fsckcfg.extract_path) {
839 verify:
840 /* verify data chunk layout */
841 return erofs_verify_inode_data(inode, -1);
842 }
843
844 oldpath = erofsfsck_hardlink_find(inode->nid);
845 if (oldpath) {
846 if (link(oldpath, fsckcfg.extract_path) == -1) {
847 erofs_err("failed to extract hard link: %s (%s)",
848 fsckcfg.extract_path, strerror(errno));
849 return -errno;
850 }
851 return 0;
852 }
853
854 switch (inode->i_mode & S_IFMT) {
855 case S_IFDIR:
856 ret = erofs_extract_dir(inode);
857 break;
858 case S_IFREG:
859 if (erofs_is_packed_inode(inode))
860 goto verify;
861 ret = erofs_extract_file(inode);
862 break;
863 case S_IFLNK:
864 ret = erofs_extract_symlink(inode);
865 break;
866 case S_IFCHR:
867 case S_IFBLK:
868 case S_IFIFO:
869 case S_IFSOCK:
870 ret = erofs_extract_special(inode);
871 break;
872 default:
873 /* TODO */
874 goto verify;
875 }
876 if (ret && ret != -ECANCELED)
877 return ret;
878
879 /* record nid and old path for hardlink */
880 if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode))
881 ret = erofsfsck_hardlink_insert(inode->nid,
882 fsckcfg.extract_path);
883 return ret;
884 }
885
erofsfsck_check_inode(erofs_nid_t pnid,erofs_nid_t nid)886 static int erofsfsck_check_inode(erofs_nid_t pnid, erofs_nid_t nid)
887 {
888 int ret;
889 struct erofs_inode inode;
890
891 erofs_dbg("check inode: nid(%llu)", nid | 0ULL);
892
893 inode.nid = nid;
894 inode.sbi = &g_sbi;
895 ret = erofs_read_inode_from_disk(&inode);
896 if (ret) {
897 if (ret == -EIO)
898 erofs_err("I/O error occurred when reading nid(%llu)",
899 nid | 0ULL);
900 goto out;
901 }
902
903 /* verify xattr field */
904 ret = erofs_verify_xattr(&inode);
905 if (ret)
906 goto out;
907
908 ret = erofsfsck_extract_inode(&inode);
909 if (ret && ret != -ECANCELED)
910 goto out;
911
912 /* XXXX: the dir depth should be restricted in order to avoid loops */
913 if (S_ISDIR(inode.i_mode)) {
914 struct erofs_dir_context ctx = {
915 .flags = EROFS_READDIR_VALID_PNID,
916 .pnid = pnid,
917 .dir = &inode,
918 .cb = erofsfsck_dirent_iter,
919 };
920
921 ret = erofs_iterate_dir(&ctx, true);
922 }
923
924 if (!ret && !erofs_is_packed_inode(&inode))
925 erofsfsck_set_attributes(&inode, fsckcfg.extract_path);
926
927 if (ret == -ECANCELED)
928 ret = 0;
929 out:
930 if (ret && ret != -EIO)
931 fsckcfg.corrupted = true;
932 return ret;
933 }
934
935 #ifdef FUZZING
erofsfsck_fuzz_one(int argc,char * argv[])936 int erofsfsck_fuzz_one(int argc, char *argv[])
937 #else
938 int main(int argc, char *argv[])
939 #endif
940 {
941 int err;
942
943 erofs_init_configure();
944
945 fsckcfg.physical_blocks = 0;
946 fsckcfg.logical_blocks = 0;
947 fsckcfg.extract_path = NULL;
948 fsckcfg.extract_pos = 0;
949 fsckcfg.umask = umask(0);
950 fsckcfg.superuser = geteuid() == 0;
951 fsckcfg.corrupted = false;
952 fsckcfg.print_comp_ratio = false;
953 fsckcfg.check_decomp = false;
954 fsckcfg.force = false;
955 fsckcfg.overwrite = false;
956 fsckcfg.preserve_owner = fsckcfg.superuser;
957 fsckcfg.preserve_perms = fsckcfg.superuser;
958
959 err = erofsfsck_parse_options_cfg(argc, argv);
960 if (err) {
961 if (err == -EINVAL)
962 fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]);
963 goto exit;
964 }
965
966 #ifdef FUZZING
967 cfg.c_dbg_lvl = -1;
968 #endif
969
970 err = erofs_dev_open(&g_sbi, cfg.c_img_path, O_RDONLY);
971 if (err) {
972 erofs_err("failed to open image file");
973 goto exit;
974 }
975
976 err = erofs_read_superblock(&g_sbi);
977 if (err) {
978 erofs_err("failed to read superblock");
979 goto exit_dev_close;
980 }
981
982 if (erofs_sb_has_sb_chksum(&g_sbi) && erofs_check_sb_chksum()) {
983 erofs_err("failed to verify superblock checksum");
984 goto exit_put_super;
985 }
986
987 if (fsckcfg.extract_path)
988 erofsfsck_hardlink_init();
989
990 if (erofs_sb_has_fragments(&g_sbi) && g_sbi.packed_nid > 0) {
991 err = erofsfsck_check_inode(g_sbi.packed_nid, g_sbi.packed_nid);
992 if (err) {
993 erofs_err("failed to verify packed file");
994 goto exit_hardlink;
995 }
996 }
997
998 err = erofsfsck_check_inode(g_sbi.root_nid, g_sbi.root_nid);
999 if (fsckcfg.corrupted) {
1000 if (!fsckcfg.extract_path)
1001 erofs_err("Found some filesystem corruption");
1002 else
1003 erofs_err("Failed to extract filesystem");
1004 err = -EFSCORRUPTED;
1005 } else if (!err) {
1006 if (!fsckcfg.extract_path)
1007 erofs_info("No errors found");
1008 else
1009 erofs_info("Extracted filesystem successfully");
1010
1011 if (fsckcfg.print_comp_ratio) {
1012 double comp_ratio =
1013 (double)fsckcfg.physical_blocks * 100 /
1014 (double)fsckcfg.logical_blocks;
1015
1016 erofs_info("Compression ratio: %.2f(%%)", comp_ratio);
1017 }
1018 }
1019
1020 exit_hardlink:
1021 if (fsckcfg.extract_path)
1022 erofsfsck_hardlink_exit();
1023 exit_put_super:
1024 erofs_put_super(&g_sbi);
1025 exit_dev_close:
1026 erofs_dev_close(&g_sbi);
1027 exit:
1028 erofs_blob_closeall(&g_sbi);
1029 erofs_exit_configure();
1030 return err ? 1 : 0;
1031 }
1032
1033 #ifdef FUZZING
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)1034 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
1035 {
1036 int fd, ret;
1037 char filename[] = "/tmp/erofsfsck_libfuzzer_XXXXXX";
1038 char *argv[] = {
1039 "fsck.erofs",
1040 "--extract",
1041 filename,
1042 };
1043
1044 fd = mkstemp(filename);
1045 if (fd < 0)
1046 return -errno;
1047 if (write(fd, Data, Size) != Size) {
1048 close(fd);
1049 return -EIO;
1050 }
1051 close(fd);
1052 ret = erofsfsck_fuzz_one(ARRAY_SIZE(argv), argv);
1053 unlink(filename);
1054 return ret ? -1 : 0;
1055 }
1056 #endif
1057