For safety, I think it's always better for a filesystem to reject any
malformed data it can notice. Omap and free queue keys have a fixed
size, so the size check we run to prevent out-of-bounds reads, while
correct, should be made more strict. This is what we already do for most
record types these days, both keys and values.
Take this opportunity to improve the code style here and make it more
consistent.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
The driver is much closer to being usable, so I might start getting
subtler bug reports soon. To make them easier to handle, put error
messages all over the place. I should have done this from the beginning,
but I guess I didn't fully understand the need back then.
From now my general policy will be to use apfs_warn() for user errors or
unsupported features; apfs_err() for things that are probably corruption
or io errors; and apfs_alert() for things that are most likely bugs.
These last two should be rare, so the same error/alert will be thrown by
several layers in the callstack to provide as much information as
possible. Be careful and don't flood the console on normal situations.
Also, make messages with a log level lower than warning output their
function name and line number, which I think will help debugging more
than the actual messages.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Add suport for reads from sealed volumes. The main differences are that
catalog index nodes are bigger, and that file extents are kept in a
separate tree.
Writes could in theory be supported as well, as we do in our internal
tool. It would probably be a bit too hacky though, so I'll wait to see
if anybody asks for it.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Implement an ioctl that creates a snapshot for the current transaction.
A matching userland tool has already been added to apfsprogs.
Note that, at this point, snapshots won't be handled correctly on later
writes at all. Being able to actually create snapshots for testing is
only the first step in that direction.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
I've been trying to document functions in kernel-doc style since the
beginning, but I had never actually run the kernel-doc script. Fix two
issues with function parameters that were changed without updating the
comments. Also stop documenting multiple arguments in one line, which
doesn't seem to be allowed.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
The 'hashed' argument is never used by apfs_init_drec_key(), since we
can figure that out from the superblock. Get rid of it.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Profiling has shown that the module spends too much time inside
apfs_lookup(). I had never really checked if the dentry cache was
working, so naturally that turned out to be the problem: I had always
assumed that the strings inside qstr structures were null-terminated,
but they may actually be a single component in a pathname, terminated by
a forward slash. The result was that we always searched the cache for
full pathnames, which were naturally never found.
To fix this, always pass the filename length from qstr to the unicode
handlers, and make them work without assuming a null-termination.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Currently, the module can only append data to files; add support for
writes to other offsets.
Copy-on-write makes this all a bit tricky, and I'm not convinced of the
quality of my code, but I can go back to it and improve it once I have
xfstests running.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Check that none of the names being compared by apfs_keycmp() is NULL
before passing them to strcmp(), to avoid a null pointer dereference.
This was originally never supposed to happen, because keys that reach
this point in the comparison are of the same type; but it does happen
for dentry record insertions because of the hacky way we handle hash
collisions. We still need to properly support that.
[ernesto: added commit message]
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
The compiler is warning of a fallthrough in apfs_read_cat_key(). By pure
chance, this has no real consequences, but fix it.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Start a new out-of-tree repository, like linux-apfs-oot but with write
support.
To get the module to build independently, rewrite the Makefile and
add a definition for the APFS_SUPER_MAGIC macro. Since the intention is
to support a range of kernel versions, use preprocessor checks to handle
kernels without statx, without iversion, and without SB_RDONLY.
Provide a README file based on the original documentation, but with
additional build and mount instructions. Add a LICENSE file as well.
Signed-off-by: Ernesto A. Fernández <ernesto@corellium.com>
Ernesto A. Fernández
Stan Skowronek