+ if (!strncmp(field, "isize", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_ISIZE;
+ if (!strncmp(field, "nbytes", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_NBYTES;
+ if (!strncmp(field, "nlink", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_NLINK;
+ if (!strncmp(field, "generation", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_GENERATION;
+ if (!strncmp(field, "transid", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_TRANSID;
+ if (!strncmp(field, "block_group", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_BLOCK_GROUP;
+ if (!strncmp(field, "mode", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_MODE;
+ if (!strncmp(field, "uid", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_UID;
+ if (!strncmp(field, "gid", FIELD_BUF_LEN))
+ return BTRFS_INODE_FIELD_GID;
+ return BTRFS_INODE_FIELD_BAD;
+}
+
+static enum btrfs_file_extent_field convert_file_extent_field(char *field)
+{
+ if (!strncmp(field, "disk_bytenr", FIELD_BUF_LEN))
+ return BTRFS_FILE_EXTENT_DISK_BYTENR;
+ return BTRFS_FILE_EXTENT_BAD;
+}
+
+static enum btrfs_metadata_block_field
+convert_metadata_block_field(char *field)
+{
+ if (!strncmp(field, "generation", FIELD_BUF_LEN))
+ return BTRFS_METADATA_BLOCK_GENERATION;
+ if (!strncmp(field, "shift_items", FIELD_BUF_LEN))
+ return BTRFS_METADATA_BLOCK_SHIFT_ITEMS;
+ return BTRFS_METADATA_BLOCK_BAD;
+}
+
+static enum btrfs_key_field convert_key_field(char *field)
+{
+ if (!strncmp(field, "objectid", FIELD_BUF_LEN))
+ return BTRFS_KEY_OBJECTID;
+ if (!strncmp(field, "type", FIELD_BUF_LEN))
+ return BTRFS_KEY_TYPE;
+ if (!strncmp(field, "offset", FIELD_BUF_LEN))
+ return BTRFS_KEY_OFFSET;
+ return BTRFS_KEY_BAD;
+}
+
+static enum btrfs_item_field convert_item_field(char *field)
+{
+ if (!strncmp(field, "offset", FIELD_BUF_LEN))
+ return BTRFS_ITEM_OFFSET;
+ return BTRFS_ITEM_BAD;
+}
+
+static enum btrfs_dir_item_field convert_dir_item_field(char *field)
+{
+ if (!strncmp(field, "name", FIELD_BUF_LEN))
+ return BTRFS_DIR_ITEM_NAME;
+ if (!strncmp(field, "location_objectid", FIELD_BUF_LEN))
+ return BTRFS_DIR_ITEM_LOCATION_OBJECTID;
+ return BTRFS_DIR_ITEM_BAD;
+}
+
+static u64 generate_u64(u64 orig)
+{
+ u64 ret;
+ do {
+ ret = rand_u64();
+ } while (ret == orig);
+ return ret;
+}
+
+static u32 generate_u32(u32 orig)
+{
+ u32 ret;
+ do {
+ ret = rand_u32();
+ } while (ret == orig);
+ return ret;
+}
+
+static u8 generate_u8(u8 orig)
+{
+ u8 ret;
+ do {
+ ret = rand_u8();
+ } while (ret == orig);
+ return ret;
+}
+
+static int corrupt_key(struct btrfs_root *root, struct btrfs_key *key,
+ char *field)
+{
+ enum btrfs_key_field corrupt_field = convert_key_field(field);
+ struct btrfs_path *path;
+ struct btrfs_trans_handle *trans;
+ int ret;
+
+ root = root->fs_info->fs_root;
+ if (corrupt_field == BTRFS_KEY_BAD) {
+ fprintf(stderr, "Invalid field %s\n", field);
+ return -EINVAL;
+ }
+
+ path = btrfs_alloc_path();
+ if (!path)
+ return -ENOMEM;
+
+ trans = btrfs_start_transaction(root, 1);
+ if (IS_ERR(trans)) {
+ btrfs_free_path(path);
+ return PTR_ERR(trans);
+ }
+
+ ret = btrfs_search_slot(trans, root, key, path, 0, 1);
+ if (ret < 0)
+ goto out;
+ if (ret > 0) {
+ fprintf(stderr, "Couldn't find the key to corrupt\n");
+ ret = -ENOENT;
+ goto out;
+ }
+
+ switch (corrupt_field) {
+ case BTRFS_KEY_OBJECTID:
+ key->objectid = generate_u64(key->objectid);
+ break;
+ case BTRFS_KEY_TYPE:
+ key->type = generate_u8(key->type);
+ break;
+ case BTRFS_KEY_OFFSET:
+ key->offset = generate_u64(key->objectid);
+ break;
+ default:
+ fprintf(stderr, "Invalid field %s, %d\n", field,
+ corrupt_field);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ btrfs_set_item_key_unsafe(root, path, key);
+out:
+ btrfs_free_path(path);
+ btrfs_commit_transaction(trans, root);
+ return ret;
+}
+
+static int corrupt_dir_item(struct btrfs_root *root, struct btrfs_key *key,
+ char *field)
+{
+ struct btrfs_trans_handle *trans;
+ struct btrfs_dir_item *di;
+ struct btrfs_path *path;
+ char name[PATH_MAX];
+ struct btrfs_key location;
+ struct btrfs_disk_key disk_key;
+ unsigned long name_ptr;
+ enum btrfs_dir_item_field corrupt_field =
+ convert_dir_item_field(field);
+ u64 bogus;
+ u16 name_len;
+ int ret;
+
+ if (corrupt_field == BTRFS_DIR_ITEM_BAD) {
+ fprintf(stderr, "Invalid field %s\n", field);
+ return -EINVAL;
+ }
+
+ path = btrfs_alloc_path();
+ if (!path)
+ return -ENOMEM;
+
+ trans = btrfs_start_transaction(root, 1);
+ if (IS_ERR(trans)) {
+ btrfs_free_path(path);
+ return PTR_ERR(trans);
+ }
+
+ ret = btrfs_search_slot(trans, root, key, path, 0, 1);
+ if (ret) {
+ if (ret > 0)
+ ret = -ENOENT;
+ fprintf(stderr, "Error searching for dir item %d\n", ret);
+ goto out;
+ }
+
+ di = btrfs_item_ptr(path->nodes[0], path->slots[0],
+ struct btrfs_dir_item);
+
+ switch (corrupt_field) {
+ case BTRFS_DIR_ITEM_NAME:
+ name_len = btrfs_dir_name_len(path->nodes[0], di);
+ name_ptr = (unsigned long)(di + 1);
+ read_extent_buffer(path->nodes[0], name, name_ptr, name_len);
+ name[0]++;
+ write_extent_buffer(path->nodes[0], name, name_ptr, name_len);
+ btrfs_mark_buffer_dirty(path->nodes[0]);
+ goto out;
+ case BTRFS_DIR_ITEM_LOCATION_OBJECTID:
+ btrfs_dir_item_key_to_cpu(path->nodes[0], di, &location);
+ bogus = generate_u64(location.objectid);
+ location.objectid = bogus;
+ btrfs_cpu_key_to_disk(&disk_key, &location);
+ btrfs_set_dir_item_key(path->nodes[0], di, &disk_key);
+ btrfs_mark_buffer_dirty(path->nodes[0]);
+ goto out;
+ default:
+ ret = -EINVAL;
+ goto out;
+ }
+out:
+ btrfs_commit_transaction(trans, root);
+ btrfs_free_path(path);
+ return ret;
+}
+
+static int corrupt_inode(struct btrfs_trans_handle *trans,
+ struct btrfs_root *root, u64 inode, char *field)
+{
+ struct btrfs_inode_item *ei;
+ struct btrfs_path *path;
+ struct btrfs_key key;
+ enum btrfs_inode_field corrupt_field = convert_inode_field(field);
+ u64 bogus;
+ u64 orig;
+ int ret;
+
+ if (corrupt_field == BTRFS_INODE_FIELD_BAD) {
+ fprintf(stderr, "Invalid field %s\n", field);
+ return -EINVAL;
+ }
+
+ key.objectid = inode;
+ key.type = BTRFS_INODE_ITEM_KEY;
+ key.offset = (u64)-1;
+
+ path = btrfs_alloc_path();
+ if (!path)
+ return -ENOMEM;
+
+ ret = btrfs_search_slot(trans, root, &key, path, 0, 1);
+ if (ret < 0)
+ goto out;
+ if (ret) {
+ if (!path->slots[0]) {
+ fprintf(stderr, "Couldn't find inode %Lu\n", inode);
+ ret = -ENOENT;
+ goto out;
+ }
+ path->slots[0]--;
+ ret = 0;
+ }
+
+ btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]);
+ if (key.objectid != inode) {
+ fprintf(stderr, "Couldn't find inode %Lu\n", inode);
+ ret = -ENOENT;
+ goto out;
+ }
+
+ ei = btrfs_item_ptr(path->nodes[0], path->slots[0],
+ struct btrfs_inode_item);
+ switch (corrupt_field) {
+ case BTRFS_INODE_FIELD_ISIZE:
+ orig = btrfs_inode_size(path->nodes[0], ei);
+ bogus = generate_u64(orig);
+ btrfs_set_inode_size(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_NBYTES:
+ orig = btrfs_inode_nbytes(path->nodes[0], ei);
+ bogus = generate_u64(orig);
+ btrfs_set_inode_nbytes(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_NLINK:
+ orig = btrfs_inode_nlink(path->nodes[0], ei);
+ bogus = generate_u32(orig);
+ btrfs_set_inode_nlink(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_GENERATION:
+ orig = btrfs_inode_generation(path->nodes[0], ei);
+ bogus = generate_u64(orig);
+ btrfs_set_inode_generation(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_TRANSID:
+ orig = btrfs_inode_transid(path->nodes[0], ei);
+ bogus = generate_u64(orig);
+ btrfs_set_inode_transid(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_BLOCK_GROUP:
+ orig = btrfs_inode_block_group(path->nodes[0], ei);
+ bogus = generate_u64(orig);
+ btrfs_set_inode_block_group(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_MODE:
+ orig = btrfs_inode_mode(path->nodes[0], ei);
+ bogus = generate_u32(orig);
+ btrfs_set_inode_mode(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_UID:
+ orig = btrfs_inode_uid(path->nodes[0], ei);
+ bogus = generate_u32(orig);
+ btrfs_set_inode_uid(path->nodes[0], ei, bogus);
+ break;
+ case BTRFS_INODE_FIELD_GID:
+ orig = btrfs_inode_gid(path->nodes[0], ei);
+ bogus = generate_u32(orig);
+ btrfs_set_inode_gid(path->nodes[0], ei, bogus);
+ break;
+ default:
+ ret = -EINVAL;
+ break;
+ }
+ btrfs_mark_buffer_dirty(path->nodes[0]);
+out:
+ btrfs_free_path(path);
+ return ret;
+}
+
+static int corrupt_file_extent(struct btrfs_trans_handle *trans,
+ struct btrfs_root *root, u64 inode, u64 extent,
+ char *field)
+{
+ struct btrfs_file_extent_item *fi;
+ struct btrfs_path *path;
+ struct btrfs_key key;
+ enum btrfs_file_extent_field corrupt_field;
+ u64 bogus;
+ u64 orig;
+ int ret = 0;
+
+ corrupt_field = convert_file_extent_field(field);
+ if (corrupt_field == BTRFS_FILE_EXTENT_BAD) {
+ fprintf(stderr, "Invalid field %s\n", field);
+ return -EINVAL;
+ }
+
+ key.objectid = inode;
+ key.type = BTRFS_EXTENT_DATA_KEY;
+ key.offset = extent;
+
+ path = btrfs_alloc_path();
+ if (!path)
+ return -ENOMEM;
+
+ ret = btrfs_search_slot(trans, root, &key, path, 0, 1);
+ if (ret < 0)
+ goto out;
+ if (ret) {
+ fprintf(stderr, "Couldn't find extent %llu for inode %llu\n",
+ extent, inode);
+ ret = -ENOENT;
+ goto out;
+ }
+
+ fi = btrfs_item_ptr(path->nodes[0], path->slots[0],
+ struct btrfs_file_extent_item);
+ switch (corrupt_field) {
+ case BTRFS_FILE_EXTENT_DISK_BYTENR:
+ orig = btrfs_file_extent_disk_bytenr(path->nodes[0], fi);
+ bogus = generate_u64(orig);
+ btrfs_set_file_extent_disk_bytenr(path->nodes[0], fi, bogus);
+ break;
+ default:
+ ret = -EINVAL;
+ break;
+ }
+ btrfs_mark_buffer_dirty(path->nodes[0]);
+out:
+ btrfs_free_path(path);
+ return ret;
+}
+
+static void shift_items(struct btrfs_root *root, struct extent_buffer *eb)
+{
+ int nritems = btrfs_header_nritems(eb);
+ int shift_space = btrfs_leaf_free_space(root, eb) / 2;
+ int slot = nritems / 2;
+ int i = 0;
+ unsigned int data_end = btrfs_item_offset_nr(eb, nritems - 1);
+
+ /* Shift the item data up to and including slot back by shift space */
+ memmove_extent_buffer(eb, btrfs_leaf_data(eb) + data_end - shift_space,
+ btrfs_leaf_data(eb) + data_end,
+ btrfs_item_offset_nr(eb, slot - 1) - data_end);
+
+ /* Now update the item pointers. */
+ for (i = nritems - 1; i >= slot; i--) {
+ u32 offset = btrfs_item_offset_nr(eb, i);
+ offset -= shift_space;
+ btrfs_set_item_offset(eb, btrfs_item_nr(i), offset);
+ }
+}
+
+static int corrupt_metadata_block(struct btrfs_fs_info *fs_info, u64 block,
+ char *field)
+{
+ struct btrfs_trans_handle *trans;