2 * Copyright (C) 2009 Oracle. All rights reserved.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public
6 * License v2 as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public
14 * License along with this program; if not, write to the
15 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
16 * Boston, MA 021110-1307, USA.
26 #include "kerncompat.h"
30 #include "print-tree.h"
31 #include "transaction.h"
35 #define FIELD_BUF_LEN 80
37 static int debug_corrupt_block(struct extent_buffer *eb,
38 struct btrfs_root *root, u64 bytenr, u32 blocksize, u64 copy)
42 struct btrfs_multi_bio *multi = NULL;
43 struct btrfs_device *device;
49 ret = btrfs_map_block(&root->fs_info->mapping_tree, READ,
50 eb->start, &length, &multi,
53 error("cannot map block %llu length %llu mirror %d: %d",
54 (unsigned long long)eb->start,
55 (unsigned long long)length,
59 device = multi->stripes[0].dev;
62 eb->dev_bytenr = multi->stripes[0].physical;
65 "mirror %d logical %llu physical %llu device %s\n",
66 mirror_num, (unsigned long long)bytenr,
67 (unsigned long long)eb->dev_bytenr, device->name);
70 if (!copy || mirror_num == copy) {
71 ret = read_extent_from_disk(eb, 0, eb->len);
73 error("cannot read eb bytenr %llu: %s",
74 (unsigned long long)eb->dev_bytenr,
78 printf("corrupting %llu copy %d\n", eb->start,
80 memset(eb->data, 0, eb->len);
81 ret = write_extent_to_disk(eb);
83 error("cannot write eb bytenr %llu: %s",
84 (unsigned long long)eb->dev_bytenr,
91 num_copies = btrfs_num_copies(&root->fs_info->mapping_tree,
97 if (mirror_num > num_copies)
104 static void print_usage(int ret)
106 printf("usage: btrfs-corrupt-block [options] device\n");
107 printf("\t-l Logical extent to be corrupted\n");
108 printf("\t-c Copy of the extent to be corrupted (usually 1 or 2, default: 0)\n");
109 printf("\t-b Number of bytes to be corrupted\n");
110 printf("\t-e Extent to be corrupted\n");
111 printf("\t-E The whole extent tree to be corrupted\n");
112 printf("\t-u Given chunk item to be corrupted\n");
113 printf("\t-U The whole chunk tree to be corrupted\n");
114 printf("\t-i The inode item to corrupt (must also specify the field to corrupt)\n");
115 printf("\t-x The file extent item to corrupt (must also specify -i for the inode and -f for the field to corrupt)\n");
116 printf("\t-m The metadata block to corrupt (must also specify -f for the field to corrupt)\n");
117 printf("\t-K The key to corrupt in the format <num>,<num>,<num> (must also specify -f for the field)\n");
118 printf("\t-f The field in the item to corrupt\n");
119 printf("\t-I An item to corrupt (must also specify the field to corrupt and a root+key for the item)\n");
120 printf("\t-D Corrupt a dir item, must specify key and field\n");
121 printf("\t-d Delete this item (must specify -K)\n");
122 printf("\t-r Operate on this root (only works with -d)\n");
123 printf("\t-C Delete a csum for the specified bytenr. When used with -b it'll delete that many bytes, otherwise it's just sectorsize\n");
127 static void corrupt_keys(struct btrfs_trans_handle *trans,
128 struct btrfs_root *root,
129 struct extent_buffer *eb)
134 struct btrfs_disk_key bad_key;;
136 nr = btrfs_header_nritems(eb);
140 slot = rand_range(nr);
141 bad_slot = rand_range(nr);
143 if (bad_slot == slot)
147 "corrupting keys in block %llu slot %d swapping with %d\n",
148 (unsigned long long)eb->start, slot, bad_slot);
150 if (btrfs_header_level(eb) == 0) {
151 btrfs_item_key(eb, &bad_key, bad_slot);
152 btrfs_set_item_key(eb, &bad_key, slot);
154 btrfs_node_key(eb, &bad_key, bad_slot);
155 btrfs_set_node_key(eb, &bad_key, slot);
157 btrfs_mark_buffer_dirty(eb);
160 btrfs_super_csum_size(root->fs_info->super_copy);
161 csum_tree_block_size(eb, csum_size, 0);
162 write_extent_to_disk(eb);
167 static int corrupt_keys_in_block(struct btrfs_root *root, u64 bytenr)
169 struct extent_buffer *eb;
171 eb = read_tree_block(root, bytenr, root->nodesize, 0);
172 if (!extent_buffer_uptodate(eb))
175 corrupt_keys(NULL, root, eb);
176 free_extent_buffer(eb);
180 static int corrupt_extent(struct btrfs_trans_handle *trans,
181 struct btrfs_root *root, u64 bytenr, u64 copy)
183 struct btrfs_key key;
184 struct extent_buffer *leaf;
187 struct btrfs_path *path;
190 int should_del = rand_range(3);
192 path = btrfs_alloc_path();
196 key.objectid = bytenr;
198 key.offset = (u64)-1;
201 ret = btrfs_search_slot(trans, root->fs_info->extent_root,
207 if (path->slots[0] == 0)
212 leaf = path->nodes[0];
213 slot = path->slots[0];
214 btrfs_item_key_to_cpu(leaf, &key, slot);
215 if (key.objectid != bytenr)
218 if (key.type != BTRFS_EXTENT_ITEM_KEY &&
219 key.type != BTRFS_METADATA_ITEM_KEY &&
220 key.type != BTRFS_TREE_BLOCK_REF_KEY &&
221 key.type != BTRFS_EXTENT_DATA_REF_KEY &&
222 key.type != BTRFS_EXTENT_REF_V0_KEY &&
223 key.type != BTRFS_SHARED_BLOCK_REF_KEY &&
224 key.type != BTRFS_SHARED_DATA_REF_KEY)
229 "deleting extent record: key %llu %u %llu\n",
230 key.objectid, key.type, key.offset);
232 if (key.type == BTRFS_EXTENT_ITEM_KEY) {
233 /* make sure this extent doesn't get
234 * reused for other purposes */
235 btrfs_pin_extent(root->fs_info,
236 key.objectid, key.offset);
239 btrfs_del_item(trans, root, path);
242 "corrupting extent record: key %llu %u %llu\n",
243 key.objectid, key.type, key.offset);
244 ptr = btrfs_item_ptr_offset(leaf, slot);
245 item_size = btrfs_item_size_nr(leaf, slot);
246 memset_extent_buffer(leaf, 0, ptr, item_size);
247 btrfs_mark_buffer_dirty(leaf);
250 btrfs_release_path(path);
258 btrfs_free_path(path);
262 static void btrfs_corrupt_extent_leaf(struct btrfs_trans_handle *trans,
263 struct btrfs_root *root,
264 struct extent_buffer *eb)
266 u32 nr = btrfs_header_nritems(eb);
267 u32 victim = rand_range(nr);
269 struct btrfs_key key;
271 btrfs_item_key_to_cpu(eb, &key, victim);
272 objectid = key.objectid;
273 corrupt_extent(trans, root, objectid, 1);
276 static void btrfs_corrupt_extent_tree(struct btrfs_trans_handle *trans,
277 struct btrfs_root *root,
278 struct extent_buffer *eb)
285 if (btrfs_is_leaf(eb)) {
286 btrfs_corrupt_extent_leaf(trans, root, eb);
290 if (btrfs_header_level(eb) == 1 && eb != root->node) {
295 for (i = 0; i < btrfs_header_nritems(eb); i++) {
296 struct extent_buffer *next;
298 next = read_tree_block(root, btrfs_node_blockptr(eb, i),
300 btrfs_node_ptr_generation(eb, i));
301 if (!extent_buffer_uptodate(next))
303 btrfs_corrupt_extent_tree(trans, root, next);
304 free_extent_buffer(next);
308 enum btrfs_inode_field {
309 BTRFS_INODE_FIELD_ISIZE,
310 BTRFS_INODE_FIELD_NBYTES,
311 BTRFS_INODE_FIELD_NLINK,
312 BTRFS_INODE_FIELD_BAD,
315 enum btrfs_file_extent_field {
316 BTRFS_FILE_EXTENT_DISK_BYTENR,
317 BTRFS_FILE_EXTENT_BAD,
320 enum btrfs_dir_item_field {
322 BTRFS_DIR_ITEM_LOCATION_OBJECTID,
326 enum btrfs_metadata_block_field {
327 BTRFS_METADATA_BLOCK_GENERATION,
328 BTRFS_METADATA_BLOCK_SHIFT_ITEMS,
329 BTRFS_METADATA_BLOCK_BAD,
332 enum btrfs_item_field {
337 enum btrfs_key_field {
344 static enum btrfs_inode_field convert_inode_field(char *field)
346 if (!strncmp(field, "isize", FIELD_BUF_LEN))
347 return BTRFS_INODE_FIELD_ISIZE;
348 if (!strncmp(field, "nbytes", FIELD_BUF_LEN))
349 return BTRFS_INODE_FIELD_NBYTES;
350 if (!strncmp(field, "nlink", FIELD_BUF_LEN))
351 return BTRFS_INODE_FIELD_NLINK;
352 return BTRFS_INODE_FIELD_BAD;
355 static enum btrfs_file_extent_field convert_file_extent_field(char *field)
357 if (!strncmp(field, "disk_bytenr", FIELD_BUF_LEN))
358 return BTRFS_FILE_EXTENT_DISK_BYTENR;
359 return BTRFS_FILE_EXTENT_BAD;
362 static enum btrfs_metadata_block_field
363 convert_metadata_block_field(char *field)
365 if (!strncmp(field, "generation", FIELD_BUF_LEN))
366 return BTRFS_METADATA_BLOCK_GENERATION;
367 if (!strncmp(field, "shift_items", FIELD_BUF_LEN))
368 return BTRFS_METADATA_BLOCK_SHIFT_ITEMS;
369 return BTRFS_METADATA_BLOCK_BAD;
372 static enum btrfs_key_field convert_key_field(char *field)
374 if (!strncmp(field, "objectid", FIELD_BUF_LEN))
375 return BTRFS_KEY_OBJECTID;
376 if (!strncmp(field, "type", FIELD_BUF_LEN))
377 return BTRFS_KEY_TYPE;
378 if (!strncmp(field, "offset", FIELD_BUF_LEN))
379 return BTRFS_KEY_OFFSET;
380 return BTRFS_KEY_BAD;
383 static enum btrfs_item_field convert_item_field(char *field)
385 if (!strncmp(field, "offset", FIELD_BUF_LEN))
386 return BTRFS_ITEM_OFFSET;
387 return BTRFS_ITEM_BAD;
390 static enum btrfs_dir_item_field convert_dir_item_field(char *field)
392 if (!strncmp(field, "name", FIELD_BUF_LEN))
393 return BTRFS_DIR_ITEM_NAME;
394 if (!strncmp(field, "location_objectid", FIELD_BUF_LEN))
395 return BTRFS_DIR_ITEM_LOCATION_OBJECTID;
396 return BTRFS_DIR_ITEM_BAD;
399 static u64 generate_u64(u64 orig)
404 } while (ret == orig);
408 static u32 generate_u32(u32 orig)
413 } while (ret == orig);
417 static u8 generate_u8(u8 orig)
422 } while (ret == orig);
426 static int corrupt_key(struct btrfs_root *root, struct btrfs_key *key,
429 enum btrfs_key_field corrupt_field = convert_key_field(field);
430 struct btrfs_path *path;
431 struct btrfs_trans_handle *trans;
434 root = root->fs_info->fs_root;
435 if (corrupt_field == BTRFS_KEY_BAD) {
436 fprintf(stderr, "Invalid field %s\n", field);
440 path = btrfs_alloc_path();
444 trans = btrfs_start_transaction(root, 1);
446 btrfs_free_path(path);
447 return PTR_ERR(trans);
450 ret = btrfs_search_slot(trans, root, key, path, 0, 1);
454 fprintf(stderr, "Couldn't find the key to corrupt\n");
459 switch (corrupt_field) {
460 case BTRFS_KEY_OBJECTID:
461 key->objectid = generate_u64(key->objectid);
464 key->type = generate_u8(key->type);
466 case BTRFS_KEY_OFFSET:
467 key->offset = generate_u64(key->objectid);
470 fprintf(stderr, "Invalid field %s, %d\n", field,
476 btrfs_set_item_key_unsafe(root, path, key);
478 btrfs_free_path(path);
479 btrfs_commit_transaction(trans, root);
483 static int corrupt_dir_item(struct btrfs_root *root, struct btrfs_key *key,
486 struct btrfs_trans_handle *trans;
487 struct btrfs_dir_item *di;
488 struct btrfs_path *path;
490 struct btrfs_key location;
491 struct btrfs_disk_key disk_key;
492 unsigned long name_ptr;
493 enum btrfs_dir_item_field corrupt_field =
494 convert_dir_item_field(field);
499 if (corrupt_field == BTRFS_DIR_ITEM_BAD) {
500 fprintf(stderr, "Invalid field %s\n", field);
504 path = btrfs_alloc_path();
508 trans = btrfs_start_transaction(root, 1);
510 btrfs_free_path(path);
511 return PTR_ERR(trans);
514 ret = btrfs_search_slot(trans, root, key, path, 0, 1);
518 fprintf(stderr, "Error searching for dir item %d\n", ret);
522 di = btrfs_item_ptr(path->nodes[0], path->slots[0],
523 struct btrfs_dir_item);
525 switch (corrupt_field) {
526 case BTRFS_DIR_ITEM_NAME:
527 name_len = btrfs_dir_name_len(path->nodes[0], di);
528 name_ptr = (unsigned long)(di + 1);
529 read_extent_buffer(path->nodes[0], name, name_ptr, name_len);
531 write_extent_buffer(path->nodes[0], name, name_ptr, name_len);
532 btrfs_mark_buffer_dirty(path->nodes[0]);
534 case BTRFS_DIR_ITEM_LOCATION_OBJECTID:
535 btrfs_dir_item_key_to_cpu(path->nodes[0], di, &location);
536 bogus = generate_u64(location.objectid);
537 location.objectid = bogus;
538 btrfs_cpu_key_to_disk(&disk_key, &location);
539 btrfs_set_dir_item_key(path->nodes[0], di, &disk_key);
540 btrfs_mark_buffer_dirty(path->nodes[0]);
547 btrfs_commit_transaction(trans, root);
548 btrfs_free_path(path);
552 static int corrupt_inode(struct btrfs_trans_handle *trans,
553 struct btrfs_root *root, u64 inode, char *field)
555 struct btrfs_inode_item *ei;
556 struct btrfs_path *path;
557 struct btrfs_key key;
558 enum btrfs_inode_field corrupt_field = convert_inode_field(field);
563 if (corrupt_field == BTRFS_INODE_FIELD_BAD) {
564 fprintf(stderr, "Invalid field %s\n", field);
568 key.objectid = inode;
569 key.type = BTRFS_INODE_ITEM_KEY;
570 key.offset = (u64)-1;
572 path = btrfs_alloc_path();
576 ret = btrfs_search_slot(trans, root, &key, path, 0, 1);
580 if (!path->slots[0]) {
581 fprintf(stderr, "Couldn't find inode %Lu\n", inode);
589 btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]);
590 if (key.objectid != inode) {
591 fprintf(stderr, "Couldn't find inode %Lu\n", inode);
596 ei = btrfs_item_ptr(path->nodes[0], path->slots[0],
597 struct btrfs_inode_item);
598 switch (corrupt_field) {
599 case BTRFS_INODE_FIELD_ISIZE:
600 orig = btrfs_inode_size(path->nodes[0], ei);
601 bogus = generate_u64(orig);
602 btrfs_set_inode_size(path->nodes[0], ei, bogus);
604 case BTRFS_INODE_FIELD_NBYTES:
605 orig = btrfs_inode_nbytes(path->nodes[0], ei);
606 bogus = generate_u64(orig);
607 btrfs_set_inode_nbytes(path->nodes[0], ei, bogus);
609 case BTRFS_INODE_FIELD_NLINK:
610 orig = btrfs_inode_nlink(path->nodes[0], ei);
611 bogus = generate_u32(orig);
612 btrfs_set_inode_nlink(path->nodes[0], ei, bogus);
618 btrfs_mark_buffer_dirty(path->nodes[0]);
620 btrfs_free_path(path);
624 static int corrupt_file_extent(struct btrfs_trans_handle *trans,
625 struct btrfs_root *root, u64 inode, u64 extent,
628 struct btrfs_file_extent_item *fi;
629 struct btrfs_path *path;
630 struct btrfs_key key;
631 enum btrfs_file_extent_field corrupt_field;
636 corrupt_field = convert_file_extent_field(field);
637 if (corrupt_field == BTRFS_FILE_EXTENT_BAD) {
638 fprintf(stderr, "Invalid field %s\n", field);
642 key.objectid = inode;
643 key.type = BTRFS_EXTENT_DATA_KEY;
646 path = btrfs_alloc_path();
650 ret = btrfs_search_slot(trans, root, &key, path, 0, 1);
654 fprintf(stderr, "Couldn't find extent %llu for inode %llu\n",
660 fi = btrfs_item_ptr(path->nodes[0], path->slots[0],
661 struct btrfs_file_extent_item);
662 switch (corrupt_field) {
663 case BTRFS_FILE_EXTENT_DISK_BYTENR:
664 orig = btrfs_file_extent_disk_bytenr(path->nodes[0], fi);
665 bogus = generate_u64(orig);
666 btrfs_set_file_extent_disk_bytenr(path->nodes[0], fi, bogus);
672 btrfs_mark_buffer_dirty(path->nodes[0]);
674 btrfs_free_path(path);
678 static void shift_items(struct btrfs_root *root, struct extent_buffer *eb)
680 int nritems = btrfs_header_nritems(eb);
681 int shift_space = btrfs_leaf_free_space(root, eb) / 2;
682 int slot = nritems / 2;
684 unsigned int data_end = btrfs_item_offset_nr(eb, nritems - 1);
686 /* Shift the item data up to and including slot back by shift space */
687 memmove_extent_buffer(eb, btrfs_leaf_data(eb) + data_end - shift_space,
688 btrfs_leaf_data(eb) + data_end,
689 btrfs_item_offset_nr(eb, slot - 1) - data_end);
691 /* Now update the item pointers. */
692 for (i = nritems - 1; i >= slot; i--) {
693 u32 offset = btrfs_item_offset_nr(eb, i);
694 offset -= shift_space;
695 btrfs_set_item_offset(eb, btrfs_item_nr(i), offset);
699 static int corrupt_metadata_block(struct btrfs_root *root, u64 block,
702 struct btrfs_trans_handle *trans;
703 struct btrfs_path *path;
704 struct extent_buffer *eb;
705 struct btrfs_key key, root_key;
706 enum btrfs_metadata_block_field corrupt_field;
712 corrupt_field = convert_metadata_block_field(field);
713 if (corrupt_field == BTRFS_METADATA_BLOCK_BAD) {
714 fprintf(stderr, "Invalid field %s\n", field);
718 eb = read_tree_block(root, block, root->nodesize, 0);
719 if (!extent_buffer_uptodate(eb)) {
720 fprintf(stderr, "Couldn't read in tree block %s\n", field);
723 root_objectid = btrfs_header_owner(eb);
724 level = btrfs_header_level(eb);
726 btrfs_node_key_to_cpu(eb, &key, 0);
728 btrfs_item_key_to_cpu(eb, &key, 0);
729 free_extent_buffer(eb);
731 root_key.objectid = root_objectid;
732 root_key.type = BTRFS_ROOT_ITEM_KEY;
733 root_key.offset = (u64)-1;
735 root = btrfs_read_fs_root(root->fs_info, &root_key);
737 fprintf(stderr, "Couldn't find owner root %llu\n",
739 return PTR_ERR(root);
742 path = btrfs_alloc_path();
746 trans = btrfs_start_transaction(root, 1);
748 btrfs_free_path(path);
749 fprintf(stderr, "Couldn't start transaction %ld\n",
751 return PTR_ERR(trans);
754 path->lowest_level = level;
755 ret = btrfs_search_slot(trans, root, &key, path, 0, 1);
757 fprintf(stderr, "Error searching to node %d\n", ret);
760 eb = path->nodes[level];
763 switch (corrupt_field) {
764 case BTRFS_METADATA_BLOCK_GENERATION:
765 orig = btrfs_header_generation(eb);
766 bogus = generate_u64(orig);
767 btrfs_set_header_generation(eb, bogus);
769 case BTRFS_METADATA_BLOCK_SHIFT_ITEMS:
770 shift_items(root, path->nodes[level]);
776 btrfs_mark_buffer_dirty(path->nodes[level]);
778 btrfs_commit_transaction(trans, root);
779 btrfs_free_path(path);
783 static int corrupt_btrfs_item(struct btrfs_root *root, struct btrfs_key *key,
786 struct btrfs_trans_handle *trans;
787 struct btrfs_path *path;
788 enum btrfs_item_field corrupt_field;
792 corrupt_field = convert_item_field(field);
793 if (corrupt_field == BTRFS_ITEM_BAD) {
794 fprintf(stderr, "Invalid field %s\n", field);
798 path = btrfs_alloc_path();
802 trans = btrfs_start_transaction(root, 1);
804 btrfs_free_path(path);
805 fprintf(stderr, "Couldn't start transaction %ld\n",
807 return PTR_ERR(trans);
810 ret = btrfs_search_slot(trans, root, key, path, 0, 1);
812 fprintf(stderr, "Error searching to node %d\n", ret);
817 switch (corrupt_field) {
818 case BTRFS_ITEM_OFFSET:
819 orig = btrfs_item_offset_nr(path->nodes[0], path->slots[0]);
820 bogus = generate_u32(orig);
821 btrfs_set_item_offset(path->nodes[0],
822 btrfs_item_nr(path->slots[0]), bogus);
828 btrfs_mark_buffer_dirty(path->nodes[0]);
830 btrfs_commit_transaction(trans, root);
831 btrfs_free_path(path);
835 static int delete_item(struct btrfs_root *root, struct btrfs_key *key)
837 struct btrfs_trans_handle *trans;
838 struct btrfs_path *path;
841 path = btrfs_alloc_path();
845 trans = btrfs_start_transaction(root, 1);
847 btrfs_free_path(path);
848 fprintf(stderr, "Couldn't start transaction %ld\n",
850 return PTR_ERR(trans);
853 ret = btrfs_search_slot(trans, root, key, path, -1, 1);
857 fprintf(stderr, "Error searching to node %d\n", ret);
860 ret = btrfs_del_item(trans, root, path);
861 btrfs_mark_buffer_dirty(path->nodes[0]);
863 btrfs_commit_transaction(trans, root);
864 btrfs_free_path(path);
868 static int delete_csum(struct btrfs_root *root, u64 bytenr, u64 bytes)
870 struct btrfs_trans_handle *trans;
873 root = root->fs_info->csum_root;
874 trans = btrfs_start_transaction(root, 1);
876 fprintf(stderr, "Couldn't start transaction %ld\n",
878 return PTR_ERR(trans);
881 ret = btrfs_del_csums(trans, root, bytenr, bytes);
883 fprintf(stderr, "Error deleting csums %d\n", ret);
884 btrfs_commit_transaction(trans, root);
888 /* corrupt item using NO cow.
889 * Because chunk recover will recover based on whole partition scanning,
890 * If using COW, chunk recover will use the old item to recover,
891 * which is still OK but we want to check the ability to rebuild chunk
892 * not only restore the old ones */
893 static int corrupt_item_nocow(struct btrfs_trans_handle *trans,
894 struct btrfs_root *root, struct btrfs_path *path,
898 struct btrfs_key key;
899 struct extent_buffer *leaf;
904 leaf = path->nodes[0];
905 slot = path->slots[0];
906 /* Not deleting the first item of a leaf to keep leaf structure */
909 /* Only accept valid eb */
910 if (slot >= btrfs_header_nritems(leaf)) {
911 error("invalid eb: no data or slot out of range: %d >= %d",
912 slot, btrfs_header_nritems(leaf));
915 btrfs_item_key_to_cpu(leaf, &key, slot);
917 fprintf(stdout, "Deleting key and data [%llu, %u, %llu].\n",
918 key.objectid, key.type, key.offset);
919 btrfs_del_item(trans, root, path);
921 fprintf(stdout, "Corrupting key and data [%llu, %u, %llu].\n",
922 key.objectid, key.type, key.offset);
923 ptr = btrfs_item_ptr_offset(leaf, slot);
924 item_size = btrfs_item_size_nr(leaf, slot);
925 memset_extent_buffer(leaf, 0, ptr, item_size);
926 btrfs_mark_buffer_dirty(leaf);
930 static int corrupt_chunk_tree(struct btrfs_trans_handle *trans,
931 struct btrfs_root *root)
936 struct btrfs_path *path;
937 struct btrfs_key key;
938 struct btrfs_key found_key;
939 struct extent_buffer *leaf;
941 path = btrfs_alloc_path();
945 key.objectid = (u64)-1;
946 key.offset = (u64)-1;
949 /* Here, cow and ins_len must equals 0 for the following reasons:
950 * 1) chunk recover is based on disk scanning, so COW should be
951 * disabled in case the original chunk being scanned and
952 * recovered using the old chunk.
953 * 2) if cow = 0, ins_len must also be set to 0, or BUG_ON will be
956 ret = btrfs_search_slot(trans, root, &key, path, 0, 0);
959 fprintf(stderr, "Error searching tree\n");
962 /* corrupt/del dev_item first */
963 while (!btrfs_previous_item(root, path, 0, BTRFS_DEV_ITEM_KEY)) {
964 slot = path->slots[0];
965 leaf = path->nodes[0];
967 /* Never delete the first item to keep the leaf structure */
968 if (path->slots[0] == 0)
970 ret = corrupt_item_nocow(trans, root, path, del);
974 btrfs_release_path(path);
976 /* Here, cow and ins_len must equals 0 for the following reasons:
977 * 1) chunk recover is based on disk scanning, so COW should be
978 * disabled in case the original chunk being scanned and
979 * recovered using the old chunk.
980 * 2) if cow = 0, ins_len must also be set to 0, or BUG_ON will be
983 ret = btrfs_search_slot(trans, root, &key, path, 0, 0);
986 fprintf(stderr, "Error searching tree\n");
989 /* corrupt/del chunk then*/
990 while (!btrfs_previous_item(root, path, 0, BTRFS_CHUNK_ITEM_KEY)) {
991 slot = path->slots[0];
992 leaf = path->nodes[0];
994 btrfs_item_key_to_cpu(leaf, &found_key, slot);
995 ret = corrupt_item_nocow(trans, root, path, del);
1000 btrfs_free_path(path);
1003 static int find_chunk_offset(struct btrfs_root *root,
1004 struct btrfs_path *path, u64 offset)
1006 struct btrfs_key key;
1009 key.objectid = BTRFS_FIRST_CHUNK_TREE_OBJECTID;
1010 key.type = BTRFS_CHUNK_ITEM_KEY;
1011 key.offset = offset;
1013 /* Here, cow and ins_len must equals 0 for following reasons:
1014 * 1) chunk recover is based on disk scanning, so COW should
1015 * be disabled in case the original chunk being scanned
1016 * and recovered using the old chunk.
1017 * 2) if cow = 0, ins_len must also be set to 0, or BUG_ON
1018 * will be triggered.
1020 ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
1022 fprintf(stderr, "Can't find chunk with given offset %llu\n",
1027 fprintf(stderr, "Error searching chunk\n");
1034 int main(int argc, char **argv)
1036 struct cache_tree root_cache;
1037 struct btrfs_key key;
1038 struct btrfs_root *root;
1040 /* chunk offset can be 0,so change to (u64)-1 */
1041 u64 logical = (u64)-1;
1046 int extent_tree = 0;
1047 int corrupt_block_keys = 0;
1050 int corrupt_item = 0;
1053 u64 metadata_block = 0;
1055 u64 file_extent = (u64)-1;
1056 u64 root_objectid = 0;
1057 u64 csum_bytenr = 0;
1058 char field[FIELD_BUF_LEN];
1061 memset(&key, 0, sizeof(key));
1065 static const struct option long_options[] = {
1066 /* { "byte-count", 1, NULL, 'b' }, */
1067 { "logical", required_argument, NULL, 'l' },
1068 { "copy", required_argument, NULL, 'c' },
1069 { "bytes", required_argument, NULL, 'b' },
1070 { "extent-record", no_argument, NULL, 'e' },
1071 { "extent-tree", no_argument, NULL, 'E' },
1072 { "keys", no_argument, NULL, 'k' },
1073 { "chunk-record", no_argument, NULL, 'u' },
1074 { "chunk-tree", no_argument, NULL, 'U' },
1075 { "inode", required_argument, NULL, 'i'},
1076 { "file-extent", required_argument, NULL, 'x'},
1077 { "metadata-block", required_argument, NULL, 'm'},
1078 { "field", required_argument, NULL, 'f'},
1079 { "key", required_argument, NULL, 'K'},
1080 { "item", no_argument, NULL, 'I'},
1081 { "dir-item", no_argument, NULL, 'D'},
1082 { "delete", no_argument, NULL, 'd'},
1083 { "root", no_argument, NULL, 'r'},
1084 { "csum", required_argument, NULL, 'C'},
1085 { "help", no_argument, NULL, GETOPT_VAL_HELP},
1086 { NULL, 0, NULL, 0 }
1089 c = getopt_long(argc, argv, "l:c:b:eEkuUi:f:x:m:K:IDdr:C:",
1090 long_options, NULL);
1095 logical = arg_strtou64(optarg);
1098 copy = arg_strtou64(optarg);
1101 bytes = arg_strtou64(optarg);
1110 corrupt_block_keys = 1;
1119 inode = arg_strtou64(optarg);
1122 strncpy(field, optarg, FIELD_BUF_LEN);
1125 file_extent = arg_strtou64(optarg);
1128 metadata_block = arg_strtou64(optarg);
1131 ret = sscanf(optarg, "%llu,%u,%llu",
1133 (unsigned int *)&key.type,
1136 fprintf(stderr, "error reading key "
1151 root_objectid = arg_strtou64(optarg);
1154 csum_bytenr = arg_strtou64(optarg);
1156 case GETOPT_VAL_HELP:
1158 print_usage(c != GETOPT_VAL_HELP);
1162 if (check_argc_min(argc - optind, 1))
1167 cache_tree_init(&root_cache);
1169 root = open_ctree(dev, 0, OPEN_CTREE_WRITES);
1171 fprintf(stderr, "Open ctree failed\n");
1175 struct btrfs_trans_handle *trans;
1177 if (logical == (u64)-1)
1179 trans = btrfs_start_transaction(root, 1);
1180 ret = corrupt_extent (trans, root, logical, 0);
1181 btrfs_commit_transaction(trans, root);
1185 struct btrfs_trans_handle *trans;
1186 trans = btrfs_start_transaction(root, 1);
1187 btrfs_corrupt_extent_tree(trans, root->fs_info->extent_root,
1188 root->fs_info->extent_root->node);
1189 btrfs_commit_transaction(trans, root);
1193 struct btrfs_trans_handle *trans;
1194 struct btrfs_path *path;
1197 if (logical == (u64)-1)
1199 del = rand_range(3);
1200 path = btrfs_alloc_path();
1202 fprintf(stderr, "path allocation failed\n");
1206 if (find_chunk_offset(root->fs_info->chunk_root, path,
1208 btrfs_free_path(path);
1211 trans = btrfs_start_transaction(root, 1);
1212 ret = corrupt_item_nocow(trans, root->fs_info->chunk_root,
1215 fprintf(stderr, "Failed to corrupt chunk record\n");
1216 btrfs_commit_transaction(trans, root);
1220 struct btrfs_trans_handle *trans;
1221 trans = btrfs_start_transaction(root, 1);
1222 ret = corrupt_chunk_tree(trans, root->fs_info->chunk_root);
1224 fprintf(stderr, "Failed to corrupt chunk tree\n");
1225 btrfs_commit_transaction(trans, root);
1229 struct btrfs_trans_handle *trans;
1234 trans = btrfs_start_transaction(root, 1);
1235 if (file_extent == (u64)-1) {
1236 printf("corrupting inode\n");
1237 ret = corrupt_inode(trans, root, inode, field);
1239 printf("corrupting file extent\n");
1240 ret = corrupt_file_extent(trans, root, inode,
1241 file_extent, field);
1243 btrfs_commit_transaction(trans, root);
1246 if (metadata_block) {
1249 ret = corrupt_metadata_block(root, metadata_block, field);
1253 if (!key.objectid || *field == 0)
1255 ret = corrupt_dir_item(root, &key, field);
1259 ret = delete_csum(root, csum_bytenr, bytes);
1265 ret = corrupt_btrfs_item(root, &key, field);
1268 struct btrfs_root *target = root;
1272 if (root_objectid) {
1273 struct btrfs_key root_key;
1275 root_key.objectid = root_objectid;
1276 root_key.type = BTRFS_ROOT_ITEM_KEY;
1277 root_key.offset = (u64)-1;
1279 target = btrfs_read_fs_root(root->fs_info, &root_key);
1280 if (IS_ERR(target)) {
1281 fprintf(stderr, "Couldn't find root %llu\n",
1282 (unsigned long long)root_objectid);
1286 ret = delete_item(target, &key);
1289 if (key.objectid || key.offset || key.type) {
1292 ret = corrupt_key(root, &key, field);
1296 * If we made it here and we have extent set then we didn't specify
1297 * inode and we're screwed.
1299 if (file_extent != (u64)-1)
1302 if (logical == (u64)-1)
1306 bytes = root->sectorsize;
1308 bytes = (bytes + root->sectorsize - 1) / root->sectorsize;
1309 bytes *= root->sectorsize;
1312 if (corrupt_block_keys) {
1313 corrupt_keys_in_block(root, logical);
1315 struct extent_buffer *eb;
1317 eb = btrfs_find_create_tree_block(root->fs_info,
1318 logical, root->sectorsize);
1321 "not enough memory to allocate extent buffer for bytenr %llu",
1322 (unsigned long long)logical);
1327 debug_corrupt_block(eb, root, logical, root->sectorsize,
1329 free_extent_buffer(eb);
1331 logical += root->sectorsize;
1332 bytes -= root->sectorsize;
projects / platform / upstream / btrfs-progs.git / blob