1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1991, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Keith Muller of the University of California, San Diego and Lance 9 * Visser of Convex Computer Corporation. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <sys/param.h> 37#include <sys/stat.h> 38#include <sys/capsicum.h> 39#include <sys/conf.h> 40#include <sys/disklabel.h> 41#include <sys/filio.h> 42#include <sys/mtio.h> 43#include <sys/time.h> 44 45#include <assert.h> 46#include <capsicum_helpers.h> 47#include <ctype.h> 48#include <err.h> 49#include <errno.h> 50#include <fcntl.h> 51#include <inttypes.h> 52#include <locale.h> 53#include <signal.h> 54#include <stdio.h> 55#include <stdlib.h> 56#include <string.h> 57#include <time.h> 58#include <unistd.h> 59 60#include "dd.h" 61#include "extern.h" 62 63static void dd_close(void); 64static void dd_in(void); 65static void getfdtype(IO *); 66static void setup(void); 67 68IO in, out; /* input/output state */ 69STAT st; /* statistics */ 70void (*cfunc)(void); /* conversion function */ 71uintmax_t cpy_cnt; /* # of blocks to copy */ 72static off_t pending = 0; /* pending seek if sparse */ 73uint64_t ddflags = 0; /* conversion options */ 74size_t cbsz; /* conversion block size */ 75uintmax_t files_cnt = 1; /* # of files to copy */ 76const u_char *ctab; /* conversion table */ 77char fill_char; /* Character to fill with if defined */ 78size_t speed = 0; /* maximum speed, in bytes per second */ 79volatile sig_atomic_t need_summary; 80volatile sig_atomic_t need_progress; 81volatile sig_atomic_t kill_signal; 82 83int 84main(int argc __unused, char *argv[]) 85{ 86 struct itimerval itv = { { 1, 0 }, { 1, 0 } }; /* SIGALARM every second, if needed */ 87 88 prepare_io(); 89 90 (void)setlocale(LC_CTYPE, ""); 91 jcl(argv); 92 setup(); 93 94 caph_cache_catpages(); 95 if (caph_enter() < 0) 96 err(1, "unable to enter capability mode"); 97 98 (void)signal(SIGINFO, siginfo_handler); 99 if (ddflags & C_PROGRESS) { 100 (void)signal(SIGALRM, sigalarm_handler); 101 setitimer(ITIMER_REAL, &itv, NULL); 102 } 103 104 atexit(summary); 105 106 while (files_cnt--) 107 dd_in(); 108 109 dd_close(); 110 /* 111 * Some devices such as cfi(4) may perform significant amounts 112 * of work when a write descriptor is closed. Close the out 113 * descriptor explicitly so that the summary handler (called 114 * from an atexit() hook) includes this work. 115 */ 116 if (close(out.fd) == -1 && errno != EINTR) 117 err(1, "close"); 118 exit(0); 119} 120 121static int 122parity(u_char c) 123{ 124 int i; 125 126 i = c ^ (c >> 1) ^ (c >> 2) ^ (c >> 3) ^ 127 (c >> 4) ^ (c >> 5) ^ (c >> 6) ^ (c >> 7); 128 return (i & 1); 129} 130 131static void 132setup(void) 133{ 134 u_int cnt; 135 int iflags, oflags; 136 cap_rights_t rights; 137 unsigned long cmds[] = { FIODTYPE, MTIOCTOP }; 138 139 if (in.name == NULL) { 140 in.name = "stdin"; 141 in.fd = STDIN_FILENO; 142 } else { 143 iflags = 0; 144 if (ddflags & C_IDIRECT) 145 iflags |= O_DIRECT; 146 before_io(); 147 in.fd = open(in.name, O_RDONLY | iflags, 0); 148 after_io(); 149 if (in.fd == -1) 150 err(1, "%s", in.name); 151 } 152 153 getfdtype(&in); 154 155 cap_rights_init(&rights, CAP_READ, CAP_SEEK); 156 if (caph_rights_limit(in.fd, &rights) == -1) 157 err(1, "unable to limit capability rights"); 158 159 if (files_cnt > 1 && !(in.flags & ISTAPE)) 160 errx(1, "files is not supported for non-tape devices"); 161 162 cap_rights_set(&rights, CAP_FTRUNCATE, CAP_IOCTL, CAP_WRITE); 163 if (ddflags & (C_FDATASYNC | C_FSYNC)) 164 cap_rights_set(&rights, CAP_FSYNC); 165 if (out.name == NULL) { 166 /* No way to check for read access here. */ 167 out.fd = STDOUT_FILENO; 168 out.name = "stdout"; 169 if (ddflags & C_OFSYNC) { 170 oflags = fcntl(out.fd, F_GETFL); 171 if (oflags == -1) 172 err(1, "unable to get fd flags for stdout"); 173 oflags |= O_FSYNC; 174 if (fcntl(out.fd, F_SETFL, oflags) == -1) 175 err(1, "unable to set fd flags for stdout"); 176 } 177 } else { 178 oflags = O_CREAT; 179 if (!(ddflags & (C_SEEK | C_NOTRUNC))) 180 oflags |= O_TRUNC; 181 if (ddflags & C_OFSYNC) 182 oflags |= O_FSYNC; 183 if (ddflags & C_ODIRECT) 184 oflags |= O_DIRECT; 185 before_io(); 186 out.fd = open(out.name, O_RDWR | oflags, DEFFILEMODE); 187 after_io(); 188 /* 189 * May not have read access, so try again with write only. 190 * Without read we may have a problem if output also does 191 * not support seeks. 192 */ 193 if (out.fd == -1) { 194 before_io(); 195 out.fd = open(out.name, O_WRONLY | oflags, DEFFILEMODE); 196 after_io(); 197 out.flags |= NOREAD; 198 cap_rights_clear(&rights, CAP_READ); 199 } 200 if (out.fd == -1) 201 err(1, "%s", out.name); 202 } 203 204 getfdtype(&out); 205 206 if (caph_rights_limit(out.fd, &rights) == -1) 207 err(1, "unable to limit capability rights"); 208 if (caph_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1) 209 err(1, "unable to limit capability rights"); 210 211 if (in.fd != STDIN_FILENO && out.fd != STDIN_FILENO) { 212 if (caph_limit_stdin() == -1) 213 err(1, "unable to limit capability rights"); 214 } 215 216 if (in.fd != STDOUT_FILENO && out.fd != STDOUT_FILENO) { 217 if (caph_limit_stdout() == -1) 218 err(1, "unable to limit capability rights"); 219 } 220 221 if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) { 222 if (caph_limit_stderr() == -1) 223 err(1, "unable to limit capability rights"); 224 } 225 226 /* 227 * Allocate space for the input and output buffers. If not doing 228 * record oriented I/O, only need a single buffer. 229 */ 230 if (!(ddflags & (C_BLOCK | C_UNBLOCK))) { 231 if ((in.db = malloc((size_t)out.dbsz + in.dbsz - 1)) == NULL) 232 err(1, "input buffer"); 233 out.db = in.db; 234 } else if ((in.db = malloc(MAX((size_t)in.dbsz, cbsz) + cbsz)) == NULL || 235 (out.db = malloc(out.dbsz + cbsz)) == NULL) 236 err(1, "output buffer"); 237 238 /* dbp is the first free position in each buffer. */ 239 in.dbp = in.db; 240 out.dbp = out.db; 241 242 /* Position the input/output streams. */ 243 if (in.offset) 244 pos_in(); 245 if (out.offset) 246 pos_out(); 247 248 /* 249 * Truncate the output file. If it fails on a type of output file 250 * that it should _not_ fail on, error out. 251 */ 252 if ((ddflags & (C_OF | C_SEEK | C_NOTRUNC)) == (C_OF | C_SEEK) && 253 out.flags & ISTRUNC) 254 if (ftruncate(out.fd, out.offset * out.dbsz) == -1) 255 err(1, "truncating %s", out.name); 256 257 if (ddflags & (C_LCASE | C_UCASE | C_ASCII | C_EBCDIC | C_PARITY)) { 258 if (ctab != NULL) { 259 for (cnt = 0; cnt <= 0377; ++cnt) 260 casetab[cnt] = ctab[cnt]; 261 } else { 262 for (cnt = 0; cnt <= 0377; ++cnt) 263 casetab[cnt] = cnt; 264 } 265 if ((ddflags & C_PARITY) && !(ddflags & C_ASCII)) { 266 /* 267 * If the input is not EBCDIC, and we do parity 268 * processing, strip input parity. 269 */ 270 for (cnt = 200; cnt <= 0377; ++cnt) 271 casetab[cnt] = casetab[cnt & 0x7f]; 272 } 273 if (ddflags & C_LCASE) { 274 for (cnt = 0; cnt <= 0377; ++cnt) 275 casetab[cnt] = tolower(casetab[cnt]); 276 } else if (ddflags & C_UCASE) { 277 for (cnt = 0; cnt <= 0377; ++cnt) 278 casetab[cnt] = toupper(casetab[cnt]); 279 } 280 if ((ddflags & C_PARITY)) { 281 /* 282 * This should strictly speaking be a no-op, but I 283 * wonder what funny LANG settings could get us. 284 */ 285 for (cnt = 0; cnt <= 0377; ++cnt) 286 casetab[cnt] = casetab[cnt] & 0x7f; 287 } 288 if ((ddflags & C_PARSET)) { 289 for (cnt = 0; cnt <= 0377; ++cnt) 290 casetab[cnt] = casetab[cnt] | 0x80; 291 } 292 if ((ddflags & C_PAREVEN)) { 293 for (cnt = 0; cnt <= 0377; ++cnt) 294 if (parity(casetab[cnt])) 295 casetab[cnt] = casetab[cnt] | 0x80; 296 } 297 if ((ddflags & C_PARODD)) { 298 for (cnt = 0; cnt <= 0377; ++cnt) 299 if (!parity(casetab[cnt])) 300 casetab[cnt] = casetab[cnt] | 0x80; 301 } 302 303 ctab = casetab; 304 } 305 306 if (clock_gettime(CLOCK_MONOTONIC, &st.start)) 307 err(1, "clock_gettime"); 308} 309 310static void 311getfdtype(IO *io) 312{ 313 struct stat sb; 314 int type; 315 316 if (fstat(io->fd, &sb) == -1) 317 err(1, "%s", io->name); 318 if (S_ISREG(sb.st_mode)) 319 io->flags |= ISTRUNC; 320 if (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode)) { 321 if (ioctl(io->fd, FIODTYPE, &type) == -1) { 322 err(1, "%s", io->name); 323 } else { 324 if (type & D_TAPE) 325 io->flags |= ISTAPE; 326 else if (type & (D_DISK | D_MEM)) 327 io->flags |= ISSEEK; 328 if (S_ISCHR(sb.st_mode) && (type & D_TAPE) == 0) 329 io->flags |= ISCHR; 330 } 331 return; 332 } 333 errno = 0; 334 if (lseek(io->fd, (off_t)0, SEEK_CUR) == -1 && errno == ESPIPE) 335 io->flags |= ISPIPE; 336 else 337 io->flags |= ISSEEK; 338} 339 340/* 341 * Limit the speed by adding a delay before every block read. 342 * The delay (t_usleep) is equal to the time computed from block 343 * size and the specified speed limit (t_target) minus the time 344 * spent on actual read and write operations (t_io). 345 */ 346static void 347speed_limit(void) 348{ 349 static double t_prev, t_usleep; 350 double t_now, t_io, t_target; 351 352 t_now = secs_elapsed(); 353 t_io = t_now - t_prev - t_usleep; 354 t_target = (double)in.dbsz / (double)speed; 355 t_usleep = t_target - t_io; 356 if (t_usleep > 0) 357 usleep(t_usleep * 1000000); 358 else 359 t_usleep = 0; 360 t_prev = t_now; 361} 362 363static void 364swapbytes(void *v, size_t len) 365{ 366 unsigned char *p = v; 367 unsigned char t; 368 369 while (len > 1) { 370 t = p[0]; 371 p[0] = p[1]; 372 p[1] = t; 373 p += 2; 374 len -= 2; 375 } 376} 377 378static void 379dd_in(void) 380{ 381 ssize_t n; 382 383 for (;;) { 384 switch (cpy_cnt) { 385 case -1: /* count=0 was specified */ 386 return; 387 case 0: 388 break; 389 default: 390 if (st.in_full + st.in_part >= (uintmax_t)cpy_cnt) 391 return; 392 break; 393 } 394 395 if (speed > 0) 396 speed_limit(); 397 398 /* 399 * Zero the buffer first if sync; if doing block operations, 400 * use spaces. 401 */ 402 if (ddflags & C_SYNC) { 403 if (ddflags & C_FILL) 404 memset(in.dbp, fill_char, in.dbsz); 405 else if (ddflags & (C_BLOCK | C_UNBLOCK)) 406 memset(in.dbp, ' ', in.dbsz); 407 else 408 memset(in.dbp, 0, in.dbsz); 409 } 410 411 in.dbrcnt = 0; 412fill: 413 before_io(); 414 n = read(in.fd, in.dbp + in.dbrcnt, in.dbsz - in.dbrcnt); 415 after_io(); 416 417 /* EOF */ 418 if (n == 0 && in.dbrcnt == 0) 419 return; 420 421 /* Read error */ 422 if (n == -1) { 423 /* 424 * If noerror not specified, die. POSIX requires that 425 * the warning message be followed by an I/O display. 426 */ 427 if (!(ddflags & C_NOERROR)) 428 err(1, "%s", in.name); 429 warn("%s", in.name); 430 summary(); 431 432 /* 433 * If it's a seekable file descriptor, seek past the 434 * error. If your OS doesn't do the right thing for 435 * raw disks this section should be modified to re-read 436 * in sector size chunks. 437 */ 438 if (in.flags & ISSEEK && 439 lseek(in.fd, (off_t)in.dbsz, SEEK_CUR)) 440 warn("%s", in.name); 441 442 /* If sync not specified, omit block and continue. */ 443 if (!(ddflags & C_SYNC)) 444 continue; 445 } 446 447 /* If conv=sync, use the entire block. */ 448 if (ddflags & C_SYNC) 449 n = in.dbsz; 450 451 /* Count the bytes read for this block. */ 452 in.dbrcnt += n; 453 454 /* Count the number of full and partial blocks. */ 455 if (in.dbrcnt == in.dbsz) 456 ++st.in_full; 457 else if (ddflags & C_IFULLBLOCK && n != 0) 458 goto fill; /* these don't count */ 459 else 460 ++st.in_part; 461 462 /* Count the total bytes read for this file. */ 463 in.dbcnt += in.dbrcnt; 464 465 /* 466 * POSIX states that if bs is set and no other conversions 467 * than noerror, notrunc or sync are specified, the block 468 * is output without buffering as it is read. 469 */ 470 if ((ddflags & ~(C_NOERROR | C_NOTRUNC | C_SYNC)) == C_BS) { 471 out.dbcnt = in.dbcnt; 472 dd_out(1); 473 in.dbcnt = 0; 474 continue; 475 } 476 477 if (ddflags & C_SWAB) { 478 if ((n = in.dbrcnt) & 1) { 479 ++st.swab; 480 --n; 481 } 482 swapbytes(in.dbp, (size_t)n); 483 } 484 485 /* Advance to the next block. */ 486 in.dbp += in.dbrcnt; 487 (*cfunc)(); 488 if (need_summary) 489 summary(); 490 if (need_progress) 491 progress(); 492 } 493} 494 495/* 496 * Clean up any remaining I/O and flush output. If necessary, the output file 497 * is truncated. 498 */ 499static void 500dd_close(void) 501{ 502 if (cfunc == def) 503 def_close(); 504 else if (cfunc == block) 505 block_close(); 506 else if (cfunc == unblock) 507 unblock_close(); 508 if (ddflags & C_OSYNC && out.dbcnt && out.dbcnt < out.dbsz) { 509 if (ddflags & C_FILL) 510 memset(out.dbp, fill_char, out.dbsz - out.dbcnt); 511 else if (ddflags & (C_BLOCK | C_UNBLOCK)) 512 memset(out.dbp, ' ', out.dbsz - out.dbcnt); 513 else 514 memset(out.dbp, 0, out.dbsz - out.dbcnt); 515 out.dbcnt = out.dbsz; 516 } 517 if (out.dbcnt || pending) 518 dd_out(1); 519 520 /* 521 * If the file ends with a hole, ftruncate it to extend its size 522 * up to the end of the hole (without having to write any data). 523 */ 524 if (out.seek_offset > 0 && (out.flags & ISTRUNC)) { 525 if (ftruncate(out.fd, out.seek_offset) == -1) 526 err(1, "truncating %s", out.name); 527 } 528 529 if (ddflags & C_FSYNC) { 530 if (fsync(out.fd) == -1) 531 err(1, "fsyncing %s", out.name); 532 } else if (ddflags & C_FDATASYNC) { 533 if (fdatasync(out.fd) == -1) 534 err(1, "fdatasyncing %s", out.name); 535 } 536} 537 538void 539dd_out(int force) 540{ 541 u_char *outp; 542 size_t cnt, n; 543 ssize_t nw; 544 static int warned; 545 int sparse; 546 547 /* 548 * Write one or more blocks out. The common case is writing a full 549 * output block in a single write; increment the full block stats. 550 * Otherwise, we're into partial block writes. If a partial write, 551 * and it's a character device, just warn. If a tape device, quit. 552 * 553 * The partial writes represent two cases. 1: Where the input block 554 * was less than expected so the output block was less than expected. 555 * 2: Where the input block was the right size but we were forced to 556 * write the block in multiple chunks. The original versions of dd(1) 557 * never wrote a block in more than a single write, so the latter case 558 * never happened. 559 * 560 * One special case is if we're forced to do the write -- in that case 561 * we play games with the buffer size, and it's usually a partial write. 562 */ 563 outp = out.db; 564 565 /* 566 * If force, first try to write all pending data, else try to write 567 * just one block. Subsequently always write data one full block at 568 * a time at most. 569 */ 570 for (n = force ? out.dbcnt : out.dbsz;; n = out.dbsz) { 571 cnt = n; 572 do { 573 sparse = 0; 574 if (ddflags & C_SPARSE) { 575 /* Is buffer sparse? */ 576 sparse = BISZERO(outp, cnt); 577 } 578 if (sparse && !force) { 579 pending += cnt; 580 nw = cnt; 581 } else { 582 if (pending != 0) { 583 /* 584 * Seek past hole. Note that we need to record the 585 * reached offset, because we might have no more data 586 * to write, in which case we'll need to call 587 * ftruncate to extend the file size. 588 */ 589 out.seek_offset = lseek(out.fd, pending, SEEK_CUR); 590 if (out.seek_offset == -1) 591 err(2, "%s: seek error creating sparse file", 592 out.name); 593 pending = 0; 594 } 595 if (cnt) { 596 before_io(); 597 nw = write(out.fd, outp, cnt); 598 after_io(); 599 out.seek_offset = 0; 600 } else { 601 return; 602 } 603 } 604 605 if (nw <= 0) { 606 if (nw == 0) 607 errx(1, "%s: end of device", out.name); 608 if (errno != EINTR) 609 err(1, "%s", out.name); 610 nw = 0; 611 } 612 613 outp += nw; 614 st.bytes += nw; 615 616 if ((size_t)nw == n && n == (size_t)out.dbsz) 617 ++st.out_full; 618 else 619 ++st.out_part; 620 621 if ((size_t) nw != cnt) { 622 if (out.flags & ISTAPE) 623 errx(1, "%s: short write on tape device", 624 out.name); 625 if (out.flags & ISCHR && !warned) { 626 warned = 1; 627 warnx("%s: short write on character device", 628 out.name); 629 } 630 } 631 632 cnt -= nw; 633 } while (cnt != 0); 634 635 if ((out.dbcnt -= n) < out.dbsz) 636 break; 637 } 638 639 /* Reassemble the output block. */ 640 if (out.dbcnt) 641 (void)memmove(out.db, out.dbp - out.dbcnt, out.dbcnt); 642 out.dbp = out.db + out.dbcnt; 643} 644