1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1991, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Keith Muller of the University of California, San Diego and Lance
9 * Visser of Convex Computer Corporation.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #include <sys/capsicum.h>
39 #include <sys/conf.h>
40 #include <sys/disklabel.h>
41 #include <sys/filio.h>
42 #include <sys/mtio.h>
43 #include <sys/time.h>
44
45 #include <assert.h>
46 #include <capsicum_helpers.h>
47 #include <ctype.h>
48 #include <err.h>
49 #include <errno.h>
50 #include <fcntl.h>
51 #include <inttypes.h>
52 #include <locale.h>
53 #include <signal.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <time.h>
58 #include <unistd.h>
59
60 #include "dd.h"
61 #include "extern.h"
62
63 static void dd_close(void);
64 static void dd_in(void);
65 static void getfdtype(IO *);
66 static void setup(void);
67
68 IO in, out; /* input/output state */
69 STAT st; /* statistics */
70 void (*cfunc)(void); /* conversion function */
71 uintmax_t cpy_cnt; /* # of blocks to copy */
72 static off_t pending = 0; /* pending seek if sparse */
73 uint64_t ddflags = 0; /* conversion options */
74 size_t cbsz; /* conversion block size */
75 uintmax_t files_cnt = 1; /* # of files to copy */
76 const u_char *ctab; /* conversion table */
77 char fill_char; /* Character to fill with if defined */
78 size_t speed = 0; /* maximum speed, in bytes per second */
79 volatile sig_atomic_t need_summary;
80 volatile sig_atomic_t need_progress;
81 volatile sig_atomic_t kill_signal;
82
83 int
main(int argc __unused,char * argv[])84 main(int argc __unused, char *argv[])
85 {
86 struct itimerval itv = { { 1, 0 }, { 1, 0 } }; /* SIGALARM every second, if needed */
87
88 prepare_io();
89
90 (void)setlocale(LC_CTYPE, "");
91 jcl(argv);
92 setup();
93
94 caph_cache_catpages();
95 if (caph_enter() < 0)
96 err(1, "unable to enter capability mode");
97
98 (void)signal(SIGINFO, siginfo_handler);
99 if (ddflags & C_PROGRESS) {
100 (void)signal(SIGALRM, sigalarm_handler);
101 setitimer(ITIMER_REAL, &itv, NULL);
102 }
103
104 atexit(summary);
105
106 while (files_cnt--)
107 dd_in();
108
109 dd_close();
110 /*
111 * Some devices such as cfi(4) may perform significant amounts
112 * of work when a write descriptor is closed. Close the out
113 * descriptor explicitly so that the summary handler (called
114 * from an atexit() hook) includes this work.
115 */
116 if (close(out.fd) == -1 && errno != EINTR)
117 err(1, "close");
118 exit(0);
119 }
120
121 static int
parity(u_char c)122 parity(u_char c)
123 {
124 int i;
125
126 i = c ^ (c >> 1) ^ (c >> 2) ^ (c >> 3) ^
127 (c >> 4) ^ (c >> 5) ^ (c >> 6) ^ (c >> 7);
128 return (i & 1);
129 }
130
131 static void
setup(void)132 setup(void)
133 {
134 u_int cnt;
135 int iflags, oflags;
136 cap_rights_t rights;
137 unsigned long cmds[] = { FIODTYPE, MTIOCTOP };
138
139 if (in.name == NULL) {
140 in.name = "stdin";
141 in.fd = STDIN_FILENO;
142 } else {
143 iflags = 0;
144 if (ddflags & C_IDIRECT)
145 iflags |= O_DIRECT;
146 before_io();
147 in.fd = open(in.name, O_RDONLY | iflags, 0);
148 after_io();
149 if (in.fd == -1)
150 err(1, "%s", in.name);
151 }
152
153 getfdtype(&in);
154
155 cap_rights_init(&rights, CAP_READ, CAP_SEEK);
156 if (caph_rights_limit(in.fd, &rights) == -1)
157 err(1, "unable to limit capability rights");
158
159 if (files_cnt > 1 && !(in.flags & ISTAPE))
160 errx(1, "files is not supported for non-tape devices");
161
162 cap_rights_set(&rights, CAP_FTRUNCATE, CAP_IOCTL, CAP_WRITE);
163 if (ddflags & (C_FDATASYNC | C_FSYNC))
164 cap_rights_set(&rights, CAP_FSYNC);
165 if (out.name == NULL) {
166 /* No way to check for read access here. */
167 out.fd = STDOUT_FILENO;
168 out.name = "stdout";
169 if (ddflags & C_OFSYNC) {
170 oflags = fcntl(out.fd, F_GETFL);
171 if (oflags == -1)
172 err(1, "unable to get fd flags for stdout");
173 oflags |= O_FSYNC;
174 if (fcntl(out.fd, F_SETFL, oflags) == -1)
175 err(1, "unable to set fd flags for stdout");
176 }
177 } else {
178 oflags = O_CREAT;
179 if (!(ddflags & (C_SEEK | C_NOTRUNC)))
180 oflags |= O_TRUNC;
181 if (ddflags & C_OFSYNC)
182 oflags |= O_FSYNC;
183 if (ddflags & C_ODIRECT)
184 oflags |= O_DIRECT;
185 before_io();
186 out.fd = open(out.name, O_RDWR | oflags, DEFFILEMODE);
187 after_io();
188 /*
189 * May not have read access, so try again with write only.
190 * Without read we may have a problem if output also does
191 * not support seeks.
192 */
193 if (out.fd == -1) {
194 before_io();
195 out.fd = open(out.name, O_WRONLY | oflags, DEFFILEMODE);
196 after_io();
197 out.flags |= NOREAD;
198 cap_rights_clear(&rights, CAP_READ);
199 }
200 if (out.fd == -1)
201 err(1, "%s", out.name);
202 }
203
204 getfdtype(&out);
205
206 if (caph_rights_limit(out.fd, &rights) == -1)
207 err(1, "unable to limit capability rights");
208 if (caph_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1)
209 err(1, "unable to limit capability rights");
210
211 if (in.fd != STDIN_FILENO && out.fd != STDIN_FILENO) {
212 if (caph_limit_stdin() == -1)
213 err(1, "unable to limit capability rights");
214 }
215
216 if (in.fd != STDOUT_FILENO && out.fd != STDOUT_FILENO) {
217 if (caph_limit_stdout() == -1)
218 err(1, "unable to limit capability rights");
219 }
220
221 if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) {
222 if (caph_limit_stderr() == -1)
223 err(1, "unable to limit capability rights");
224 }
225
226 /*
227 * Allocate space for the input and output buffers. If not doing
228 * record oriented I/O, only need a single buffer.
229 */
230 if (!(ddflags & (C_BLOCK | C_UNBLOCK))) {
231 if ((in.db = malloc((size_t)out.dbsz + in.dbsz - 1)) == NULL)
232 err(1, "input buffer");
233 out.db = in.db;
234 } else if ((in.db = malloc(MAX((size_t)in.dbsz, cbsz) + cbsz)) == NULL ||
235 (out.db = malloc(out.dbsz + cbsz)) == NULL)
236 err(1, "output buffer");
237
238 /* dbp is the first free position in each buffer. */
239 in.dbp = in.db;
240 out.dbp = out.db;
241
242 /* Position the input/output streams. */
243 if (in.offset)
244 pos_in();
245 if (out.offset)
246 pos_out();
247
248 /*
249 * Truncate the output file. If it fails on a type of output file
250 * that it should _not_ fail on, error out.
251 */
252 if ((ddflags & (C_OF | C_SEEK | C_NOTRUNC)) == (C_OF | C_SEEK) &&
253 out.flags & ISTRUNC)
254 if (ftruncate(out.fd, out.offset * out.dbsz) == -1)
255 err(1, "truncating %s", out.name);
256
257 if (ddflags & (C_LCASE | C_UCASE | C_ASCII | C_EBCDIC | C_PARITY)) {
258 if (ctab != NULL) {
259 for (cnt = 0; cnt <= 0377; ++cnt)
260 casetab[cnt] = ctab[cnt];
261 } else {
262 for (cnt = 0; cnt <= 0377; ++cnt)
263 casetab[cnt] = cnt;
264 }
265 if ((ddflags & C_PARITY) && !(ddflags & C_ASCII)) {
266 /*
267 * If the input is not EBCDIC, and we do parity
268 * processing, strip input parity.
269 */
270 for (cnt = 200; cnt <= 0377; ++cnt)
271 casetab[cnt] = casetab[cnt & 0x7f];
272 }
273 if (ddflags & C_LCASE) {
274 for (cnt = 0; cnt <= 0377; ++cnt)
275 casetab[cnt] = tolower(casetab[cnt]);
276 } else if (ddflags & C_UCASE) {
277 for (cnt = 0; cnt <= 0377; ++cnt)
278 casetab[cnt] = toupper(casetab[cnt]);
279 }
280 if ((ddflags & C_PARITY)) {
281 /*
282 * This should strictly speaking be a no-op, but I
283 * wonder what funny LANG settings could get us.
284 */
285 for (cnt = 0; cnt <= 0377; ++cnt)
286 casetab[cnt] = casetab[cnt] & 0x7f;
287 }
288 if ((ddflags & C_PARSET)) {
289 for (cnt = 0; cnt <= 0377; ++cnt)
290 casetab[cnt] = casetab[cnt] | 0x80;
291 }
292 if ((ddflags & C_PAREVEN)) {
293 for (cnt = 0; cnt <= 0377; ++cnt)
294 if (parity(casetab[cnt]))
295 casetab[cnt] = casetab[cnt] | 0x80;
296 }
297 if ((ddflags & C_PARODD)) {
298 for (cnt = 0; cnt <= 0377; ++cnt)
299 if (!parity(casetab[cnt]))
300 casetab[cnt] = casetab[cnt] | 0x80;
301 }
302
303 ctab = casetab;
304 }
305
306 if (clock_gettime(CLOCK_MONOTONIC, &st.start))
307 err(1, "clock_gettime");
308 }
309
310 static void
getfdtype(IO * io)311 getfdtype(IO *io)
312 {
313 struct stat sb;
314 int type;
315
316 if (fstat(io->fd, &sb) == -1)
317 err(1, "%s", io->name);
318 if (S_ISREG(sb.st_mode))
319 io->flags |= ISTRUNC;
320 if (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode)) {
321 if (ioctl(io->fd, FIODTYPE, &type) == -1) {
322 err(1, "%s", io->name);
323 } else {
324 if (type & D_TAPE)
325 io->flags |= ISTAPE;
326 else if (type & (D_DISK | D_MEM))
327 io->flags |= ISSEEK;
328 if (S_ISCHR(sb.st_mode) && (type & D_TAPE) == 0)
329 io->flags |= ISCHR;
330 }
331 return;
332 }
333 errno = 0;
334 if (lseek(io->fd, (off_t)0, SEEK_CUR) == -1 && errno == ESPIPE)
335 io->flags |= ISPIPE;
336 else
337 io->flags |= ISSEEK;
338 }
339
340 /*
341 * Limit the speed by adding a delay before every block read.
342 * The delay (t_usleep) is equal to the time computed from block
343 * size and the specified speed limit (t_target) minus the time
344 * spent on actual read and write operations (t_io).
345 */
346 static void
speed_limit(void)347 speed_limit(void)
348 {
349 static double t_prev, t_usleep;
350 double t_now, t_io, t_target;
351
352 t_now = secs_elapsed();
353 t_io = t_now - t_prev - t_usleep;
354 t_target = (double)in.dbsz / (double)speed;
355 t_usleep = t_target - t_io;
356 if (t_usleep > 0)
357 usleep(t_usleep * 1000000);
358 else
359 t_usleep = 0;
360 t_prev = t_now;
361 }
362
363 static void
swapbytes(void * v,size_t len)364 swapbytes(void *v, size_t len)
365 {
366 unsigned char *p = v;
367 unsigned char t;
368
369 while (len > 1) {
370 t = p[0];
371 p[0] = p[1];
372 p[1] = t;
373 p += 2;
374 len -= 2;
375 }
376 }
377
378 static void
dd_in(void)379 dd_in(void)
380 {
381 ssize_t n;
382
383 for (;;) {
384 switch (cpy_cnt) {
385 case -1: /* count=0 was specified */
386 return;
387 case 0:
388 break;
389 default:
390 if (st.in_full + st.in_part >= (uintmax_t)cpy_cnt)
391 return;
392 break;
393 }
394
395 if (speed > 0)
396 speed_limit();
397
398 /*
399 * Zero the buffer first if sync; if doing block operations,
400 * use spaces.
401 */
402 if (ddflags & C_SYNC) {
403 if (ddflags & C_FILL)
404 memset(in.dbp, fill_char, in.dbsz);
405 else if (ddflags & (C_BLOCK | C_UNBLOCK))
406 memset(in.dbp, ' ', in.dbsz);
407 else
408 memset(in.dbp, 0, in.dbsz);
409 }
410
411 in.dbrcnt = 0;
412 fill:
413 before_io();
414 n = read(in.fd, in.dbp + in.dbrcnt, in.dbsz - in.dbrcnt);
415 after_io();
416
417 /* EOF */
418 if (n == 0 && in.dbrcnt == 0)
419 return;
420
421 /* Read error */
422 if (n == -1) {
423 /*
424 * If noerror not specified, die. POSIX requires that
425 * the warning message be followed by an I/O display.
426 */
427 if (!(ddflags & C_NOERROR))
428 err(1, "%s", in.name);
429 warn("%s", in.name);
430 summary();
431
432 /*
433 * If it's a seekable file descriptor, seek past the
434 * error. If your OS doesn't do the right thing for
435 * raw disks this section should be modified to re-read
436 * in sector size chunks.
437 */
438 if (in.flags & ISSEEK &&
439 lseek(in.fd, (off_t)in.dbsz, SEEK_CUR))
440 warn("%s", in.name);
441
442 /* If sync not specified, omit block and continue. */
443 if (!(ddflags & C_SYNC))
444 continue;
445 }
446
447 /* If conv=sync, use the entire block. */
448 if (ddflags & C_SYNC)
449 n = in.dbsz;
450
451 /* Count the bytes read for this block. */
452 in.dbrcnt += n;
453
454 /* Count the number of full and partial blocks. */
455 if (in.dbrcnt == in.dbsz)
456 ++st.in_full;
457 else if (ddflags & C_IFULLBLOCK && n != 0)
458 goto fill; /* these don't count */
459 else
460 ++st.in_part;
461
462 /* Count the total bytes read for this file. */
463 in.dbcnt += in.dbrcnt;
464
465 /*
466 * POSIX states that if bs is set and no other conversions
467 * than noerror, notrunc or sync are specified, the block
468 * is output without buffering as it is read.
469 */
470 if ((ddflags & ~(C_NOERROR | C_NOTRUNC | C_SYNC)) == C_BS) {
471 out.dbcnt = in.dbcnt;
472 dd_out(1);
473 in.dbcnt = 0;
474 continue;
475 }
476
477 if (ddflags & C_SWAB) {
478 if ((n = in.dbrcnt) & 1) {
479 ++st.swab;
480 --n;
481 }
482 swapbytes(in.dbp, (size_t)n);
483 }
484
485 /* Advance to the next block. */
486 in.dbp += in.dbrcnt;
487 (*cfunc)();
488 if (need_summary)
489 summary();
490 if (need_progress)
491 progress();
492 }
493 }
494
495 /*
496 * Clean up any remaining I/O and flush output. If necessary, the output file
497 * is truncated.
498 */
499 static void
dd_close(void)500 dd_close(void)
501 {
502 if (cfunc == def)
503 def_close();
504 else if (cfunc == block)
505 block_close();
506 else if (cfunc == unblock)
507 unblock_close();
508 if (ddflags & C_OSYNC && out.dbcnt && out.dbcnt < out.dbsz) {
509 if (ddflags & C_FILL)
510 memset(out.dbp, fill_char, out.dbsz - out.dbcnt);
511 else if (ddflags & (C_BLOCK | C_UNBLOCK))
512 memset(out.dbp, ' ', out.dbsz - out.dbcnt);
513 else
514 memset(out.dbp, 0, out.dbsz - out.dbcnt);
515 out.dbcnt = out.dbsz;
516 }
517 if (out.dbcnt || pending)
518 dd_out(1);
519
520 /*
521 * If the file ends with a hole, ftruncate it to extend its size
522 * up to the end of the hole (without having to write any data).
523 */
524 if (out.seek_offset > 0 && (out.flags & ISTRUNC)) {
525 if (ftruncate(out.fd, out.seek_offset) == -1)
526 err(1, "truncating %s", out.name);
527 }
528
529 if (ddflags & C_FSYNC) {
530 if (fsync(out.fd) == -1)
531 err(1, "fsyncing %s", out.name);
532 } else if (ddflags & C_FDATASYNC) {
533 if (fdatasync(out.fd) == -1)
534 err(1, "fdatasyncing %s", out.name);
535 }
536 }
537
538 void
dd_out(int force)539 dd_out(int force)
540 {
541 u_char *outp;
542 size_t cnt, n;
543 ssize_t nw;
544 static int warned;
545 int sparse;
546
547 /*
548 * Write one or more blocks out. The common case is writing a full
549 * output block in a single write; increment the full block stats.
550 * Otherwise, we're into partial block writes. If a partial write,
551 * and it's a character device, just warn. If a tape device, quit.
552 *
553 * The partial writes represent two cases. 1: Where the input block
554 * was less than expected so the output block was less than expected.
555 * 2: Where the input block was the right size but we were forced to
556 * write the block in multiple chunks. The original versions of dd(1)
557 * never wrote a block in more than a single write, so the latter case
558 * never happened.
559 *
560 * One special case is if we're forced to do the write -- in that case
561 * we play games with the buffer size, and it's usually a partial write.
562 */
563 outp = out.db;
564
565 /*
566 * If force, first try to write all pending data, else try to write
567 * just one block. Subsequently always write data one full block at
568 * a time at most.
569 */
570 for (n = force ? out.dbcnt : out.dbsz;; n = out.dbsz) {
571 cnt = n;
572 do {
573 sparse = 0;
574 if (ddflags & C_SPARSE) {
575 /* Is buffer sparse? */
576 sparse = BISZERO(outp, cnt);
577 }
578 if (sparse && !force) {
579 pending += cnt;
580 nw = cnt;
581 } else {
582 if (pending != 0) {
583 /*
584 * Seek past hole. Note that we need to record the
585 * reached offset, because we might have no more data
586 * to write, in which case we'll need to call
587 * ftruncate to extend the file size.
588 */
589 out.seek_offset = lseek(out.fd, pending, SEEK_CUR);
590 if (out.seek_offset == -1)
591 err(2, "%s: seek error creating sparse file",
592 out.name);
593 pending = 0;
594 }
595 if (cnt) {
596 before_io();
597 nw = write(out.fd, outp, cnt);
598 after_io();
599 out.seek_offset = 0;
600 } else {
601 return;
602 }
603 }
604
605 if (nw <= 0) {
606 if (nw == 0)
607 errx(1, "%s: end of device", out.name);
608 if (errno != EINTR)
609 err(1, "%s", out.name);
610 nw = 0;
611 }
612
613 outp += nw;
614 st.bytes += nw;
615
616 if ((size_t)nw == n && n == (size_t)out.dbsz)
617 ++st.out_full;
618 else
619 ++st.out_part;
620
621 if ((size_t) nw != cnt) {
622 if (out.flags & ISTAPE)
623 errx(1, "%s: short write on tape device",
624 out.name);
625 if (out.flags & ISCHR && !warned) {
626 warned = 1;
627 warnx("%s: short write on character device",
628 out.name);
629 }
630 }
631
632 cnt -= nw;
633 } while (cnt != 0);
634
635 if ((out.dbcnt -= n) < out.dbsz)
636 break;
637 }
638
639 /* Reassemble the output block. */
640 if (out.dbcnt)
641 (void)memmove(out.db, out.dbp - out.dbcnt, out.dbcnt);
642 out.dbp = out.db + out.dbcnt;
643 }
644