xref: /freebsd/bin/dd/dd.c (revision 46c599340f187db577b9212ab18022f3c7380c68)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1991, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Keith Muller of the University of California, San Diego and Lance
9  * Visser of Convex Computer Corporation.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 3. Neither the name of the University nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include <sys/param.h>
37 #include <sys/stat.h>
38 #include <sys/capsicum.h>
39 #include <sys/conf.h>
40 #include <sys/disklabel.h>
41 #include <sys/filio.h>
42 #include <sys/mtio.h>
43 #include <sys/time.h>
44 
45 #include <assert.h>
46 #include <capsicum_helpers.h>
47 #include <ctype.h>
48 #include <err.h>
49 #include <errno.h>
50 #include <fcntl.h>
51 #include <inttypes.h>
52 #include <locale.h>
53 #include <signal.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <time.h>
58 #include <unistd.h>
59 
60 #include "dd.h"
61 #include "extern.h"
62 
63 static void dd_close(void);
64 static void dd_in(void);
65 static void getfdtype(IO *);
66 static void setup(void);
67 
68 IO	in, out;		/* input/output state */
69 STAT	st;			/* statistics */
70 void	(*cfunc)(void);		/* conversion function */
71 uintmax_t cpy_cnt;		/* # of blocks to copy */
72 static off_t	pending = 0;	/* pending seek if sparse */
73 uint64_t	ddflags = 0;	/* conversion options */
74 size_t	cbsz;			/* conversion block size */
75 uintmax_t files_cnt = 1;	/* # of files to copy */
76 const	u_char *ctab;		/* conversion table */
77 char	fill_char;		/* Character to fill with if defined */
78 size_t	speed = 0;		/* maximum speed, in bytes per second */
79 volatile sig_atomic_t need_summary;
80 volatile sig_atomic_t need_progress;
81 volatile sig_atomic_t kill_signal;
82 
83 int
84 main(int argc __unused, char *argv[])
85 {
86 	struct itimerval itv = { { 1, 0 }, { 1, 0 } }; /* SIGALARM every second, if needed */
87 
88 	prepare_io();
89 
90 	(void)setlocale(LC_CTYPE, "");
91 	jcl(argv);
92 	setup();
93 
94 	caph_cache_catpages();
95 	if (caph_enter() < 0)
96 		err(1, "unable to enter capability mode");
97 
98 	(void)signal(SIGINFO, siginfo_handler);
99 	if (ddflags & C_PROGRESS) {
100 		(void)signal(SIGALRM, sigalarm_handler);
101 		setitimer(ITIMER_REAL, &itv, NULL);
102 	}
103 
104 	atexit(summary);
105 
106 	while (files_cnt--)
107 		dd_in();
108 
109 	dd_close();
110 	/*
111 	 * Some devices such as cfi(4) may perform significant amounts
112 	 * of work when a write descriptor is closed.  Close the out
113 	 * descriptor explicitly so that the summary handler (called
114 	 * from an atexit() hook) includes this work.
115 	 */
116 	if (close(out.fd) == -1 && errno != EINTR)
117 		err(1, "close");
118 	exit(0);
119 }
120 
121 static int
122 parity(u_char c)
123 {
124 	int i;
125 
126 	i = c ^ (c >> 1) ^ (c >> 2) ^ (c >> 3) ^
127 	    (c >> 4) ^ (c >> 5) ^ (c >> 6) ^ (c >> 7);
128 	return (i & 1);
129 }
130 
131 static void
132 setup(void)
133 {
134 	u_int cnt;
135 	int iflags, oflags;
136 	cap_rights_t rights;
137 	unsigned long cmds[] = { FIODTYPE, MTIOCTOP };
138 
139 	if (in.name == NULL) {
140 		in.name = "stdin";
141 		in.fd = STDIN_FILENO;
142 	} else {
143 		iflags = 0;
144 		if (ddflags & C_IDIRECT)
145 			iflags |= O_DIRECT;
146 		before_io();
147 		in.fd = open(in.name, O_RDONLY | iflags, 0);
148 		after_io();
149 		if (in.fd == -1)
150 			err(1, "%s", in.name);
151 	}
152 
153 	getfdtype(&in);
154 
155 	cap_rights_init(&rights, CAP_READ, CAP_SEEK);
156 	if (caph_rights_limit(in.fd, &rights) == -1)
157 		err(1, "unable to limit capability rights");
158 
159 	if (files_cnt > 1 && !(in.flags & ISTAPE))
160 		errx(1, "files is not supported for non-tape devices");
161 
162 	cap_rights_set(&rights, CAP_FTRUNCATE, CAP_IOCTL, CAP_WRITE);
163 	if (ddflags & (C_FDATASYNC | C_FSYNC))
164 		cap_rights_set(&rights, CAP_FSYNC);
165 	if (out.name == NULL) {
166 		/* No way to check for read access here. */
167 		out.fd = STDOUT_FILENO;
168 		out.name = "stdout";
169 		if (ddflags & C_OFSYNC) {
170 			oflags = fcntl(out.fd, F_GETFL);
171 			if (oflags == -1)
172 				err(1, "unable to get fd flags for stdout");
173 			oflags |= O_FSYNC;
174 			if (fcntl(out.fd, F_SETFL, oflags) == -1)
175 				err(1, "unable to set fd flags for stdout");
176 		}
177 	} else {
178 		oflags = O_CREAT;
179 		if (!(ddflags & (C_SEEK | C_NOTRUNC)))
180 			oflags |= O_TRUNC;
181 		if (ddflags & C_OFSYNC)
182 			oflags |= O_FSYNC;
183 		if (ddflags & C_ODIRECT)
184 			oflags |= O_DIRECT;
185 		before_io();
186 		out.fd = open(out.name, O_RDWR | oflags, DEFFILEMODE);
187 		after_io();
188 		/*
189 		 * May not have read access, so try again with write only.
190 		 * Without read we may have a problem if output also does
191 		 * not support seeks.
192 		 */
193 		if (out.fd == -1) {
194 			before_io();
195 			out.fd = open(out.name, O_WRONLY | oflags, DEFFILEMODE);
196 			after_io();
197 			out.flags |= NOREAD;
198 			cap_rights_clear(&rights, CAP_READ);
199 		}
200 		if (out.fd == -1)
201 			err(1, "%s", out.name);
202 	}
203 
204 	getfdtype(&out);
205 
206 	if (caph_rights_limit(out.fd, &rights) == -1)
207 		err(1, "unable to limit capability rights");
208 	if (caph_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1)
209 		err(1, "unable to limit capability rights");
210 
211 	if (in.fd != STDIN_FILENO && out.fd != STDIN_FILENO) {
212 		if (caph_limit_stdin() == -1)
213 			err(1, "unable to limit capability rights");
214 	}
215 
216 	if (in.fd != STDOUT_FILENO && out.fd != STDOUT_FILENO) {
217 		if (caph_limit_stdout() == -1)
218 			err(1, "unable to limit capability rights");
219 	}
220 
221 	if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) {
222 		if (caph_limit_stderr() == -1)
223 			err(1, "unable to limit capability rights");
224 	}
225 
226 	/*
227 	 * Allocate space for the input and output buffers.  If not doing
228 	 * record oriented I/O, only need a single buffer.
229 	 */
230 	if (!(ddflags & (C_BLOCK | C_UNBLOCK))) {
231 		if ((in.db = malloc((size_t)out.dbsz + in.dbsz - 1)) == NULL)
232 			err(1, "input buffer");
233 		out.db = in.db;
234 	} else if ((in.db = malloc(MAX((size_t)in.dbsz, cbsz) + cbsz)) == NULL ||
235 	    (out.db = malloc(out.dbsz + cbsz)) == NULL)
236 		err(1, "output buffer");
237 
238 	/* dbp is the first free position in each buffer. */
239 	in.dbp = in.db;
240 	out.dbp = out.db;
241 
242 	/* Position the input/output streams. */
243 	if (in.offset)
244 		pos_in();
245 	if (out.offset)
246 		pos_out();
247 
248 	/*
249 	 * Truncate the output file.  If it fails on a type of output file
250 	 * that it should _not_ fail on, error out.
251 	 */
252 	if ((ddflags & (C_OF | C_SEEK | C_NOTRUNC)) == (C_OF | C_SEEK) &&
253 	    out.flags & ISTRUNC)
254 		if (ftruncate(out.fd, out.offset * out.dbsz) == -1)
255 			err(1, "truncating %s", out.name);
256 
257 	if (ddflags & (C_LCASE  | C_UCASE | C_ASCII | C_EBCDIC | C_PARITY)) {
258 		if (ctab != NULL) {
259 			for (cnt = 0; cnt <= 0377; ++cnt)
260 				casetab[cnt] = ctab[cnt];
261 		} else {
262 			for (cnt = 0; cnt <= 0377; ++cnt)
263 				casetab[cnt] = cnt;
264 		}
265 		if ((ddflags & C_PARITY) && !(ddflags & C_ASCII)) {
266 			/*
267 			 * If the input is not EBCDIC, and we do parity
268 			 * processing, strip input parity.
269 			 */
270 			for (cnt = 200; cnt <= 0377; ++cnt)
271 				casetab[cnt] = casetab[cnt & 0x7f];
272 		}
273 		if (ddflags & C_LCASE) {
274 			for (cnt = 0; cnt <= 0377; ++cnt)
275 				casetab[cnt] = tolower(casetab[cnt]);
276 		} else if (ddflags & C_UCASE) {
277 			for (cnt = 0; cnt <= 0377; ++cnt)
278 				casetab[cnt] = toupper(casetab[cnt]);
279 		}
280 		if ((ddflags & C_PARITY)) {
281 			/*
282 			 * This should strictly speaking be a no-op, but I
283 			 * wonder what funny LANG settings could get us.
284 			 */
285 			for (cnt = 0; cnt <= 0377; ++cnt)
286 				casetab[cnt] = casetab[cnt] & 0x7f;
287 		}
288 		if ((ddflags & C_PARSET)) {
289 			for (cnt = 0; cnt <= 0377; ++cnt)
290 				casetab[cnt] = casetab[cnt] | 0x80;
291 		}
292 		if ((ddflags & C_PAREVEN)) {
293 			for (cnt = 0; cnt <= 0377; ++cnt)
294 				if (parity(casetab[cnt]))
295 					casetab[cnt] = casetab[cnt] | 0x80;
296 		}
297 		if ((ddflags & C_PARODD)) {
298 			for (cnt = 0; cnt <= 0377; ++cnt)
299 				if (!parity(casetab[cnt]))
300 					casetab[cnt] = casetab[cnt] | 0x80;
301 		}
302 
303 		ctab = casetab;
304 	}
305 
306 	if (clock_gettime(CLOCK_MONOTONIC, &st.start))
307 		err(1, "clock_gettime");
308 }
309 
310 static void
311 getfdtype(IO *io)
312 {
313 	struct stat sb;
314 	int type;
315 
316 	if (fstat(io->fd, &sb) == -1)
317 		err(1, "%s", io->name);
318 	if (S_ISREG(sb.st_mode))
319 		io->flags |= ISTRUNC;
320 	if (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode)) {
321 		if (ioctl(io->fd, FIODTYPE, &type) == -1) {
322 			err(1, "%s", io->name);
323 		} else {
324 			if (type & D_TAPE)
325 				io->flags |= ISTAPE;
326 			else if (type & (D_DISK | D_MEM))
327 				io->flags |= ISSEEK;
328 			if (S_ISCHR(sb.st_mode) && (type & D_TAPE) == 0)
329 				io->flags |= ISCHR;
330 		}
331 		return;
332 	}
333 	errno = 0;
334 	if (lseek(io->fd, (off_t)0, SEEK_CUR) == -1 && errno == ESPIPE)
335 		io->flags |= ISPIPE;
336 	else
337 		io->flags |= ISSEEK;
338 }
339 
340 /*
341  * Limit the speed by adding a delay before every block read.
342  * The delay (t_usleep) is equal to the time computed from block
343  * size and the specified speed limit (t_target) minus the time
344  * spent on actual read and write operations (t_io).
345  */
346 static void
347 speed_limit(void)
348 {
349 	static double t_prev, t_usleep;
350 	double t_now, t_io, t_target;
351 
352 	t_now = secs_elapsed();
353 	t_io = t_now - t_prev - t_usleep;
354 	t_target = (double)in.dbsz / (double)speed;
355 	t_usleep = t_target - t_io;
356 	if (t_usleep > 0)
357 		usleep(t_usleep * 1000000);
358 	else
359 		t_usleep = 0;
360 	t_prev = t_now;
361 }
362 
363 static void
364 swapbytes(void *v, size_t len)
365 {
366 	unsigned char *p = v;
367 	unsigned char t;
368 
369 	while (len > 1) {
370 		t = p[0];
371 		p[0] = p[1];
372 		p[1] = t;
373 		p += 2;
374 		len -= 2;
375 	}
376 }
377 
378 static void
379 dd_in(void)
380 {
381 	ssize_t n;
382 
383 	for (;;) {
384 		switch (cpy_cnt) {
385 		case -1:			/* count=0 was specified */
386 			return;
387 		case 0:
388 			break;
389 		default:
390 			if (st.in_full + st.in_part >= (uintmax_t)cpy_cnt)
391 				return;
392 			break;
393 		}
394 
395 		if (speed > 0)
396 			speed_limit();
397 
398 		/*
399 		 * Zero the buffer first if sync; if doing block operations,
400 		 * use spaces.
401 		 */
402 		if (ddflags & C_SYNC) {
403 			if (ddflags & C_FILL)
404 				memset(in.dbp, fill_char, in.dbsz);
405 			else if (ddflags & (C_BLOCK | C_UNBLOCK))
406 				memset(in.dbp, ' ', in.dbsz);
407 			else
408 				memset(in.dbp, 0, in.dbsz);
409 		}
410 
411 		in.dbrcnt = 0;
412 fill:
413 		before_io();
414 		n = read(in.fd, in.dbp + in.dbrcnt, in.dbsz - in.dbrcnt);
415 		after_io();
416 
417 		/* EOF */
418 		if (n == 0 && in.dbrcnt == 0)
419 			return;
420 
421 		/* Read error */
422 		if (n == -1) {
423 			/*
424 			 * If noerror not specified, die.  POSIX requires that
425 			 * the warning message be followed by an I/O display.
426 			 */
427 			if (!(ddflags & C_NOERROR))
428 				err(1, "%s", in.name);
429 			warn("%s", in.name);
430 			summary();
431 
432 			/*
433 			 * If it's a seekable file descriptor, seek past the
434 			 * error.  If your OS doesn't do the right thing for
435 			 * raw disks this section should be modified to re-read
436 			 * in sector size chunks.
437 			 */
438 			if (in.flags & ISSEEK &&
439 			    lseek(in.fd, (off_t)in.dbsz, SEEK_CUR))
440 				warn("%s", in.name);
441 
442 			/* If sync not specified, omit block and continue. */
443 			if (!(ddflags & C_SYNC))
444 				continue;
445 		}
446 
447 		/* If conv=sync, use the entire block. */
448 		if (ddflags & C_SYNC)
449 			n = in.dbsz;
450 
451 		/* Count the bytes read for this block. */
452 		in.dbrcnt += n;
453 
454 		/* Count the number of full and partial blocks. */
455 		if (in.dbrcnt == in.dbsz)
456 			++st.in_full;
457 		else if (ddflags & C_IFULLBLOCK && n != 0)
458 			goto fill; /* these don't count */
459 		else
460 			++st.in_part;
461 
462 		/* Count the total bytes read for this file. */
463 		in.dbcnt += in.dbrcnt;
464 
465 		/*
466 		 * POSIX states that if bs is set and no other conversions
467 		 * than noerror, notrunc or sync are specified, the block
468 		 * is output without buffering as it is read.
469 		 */
470 		if ((ddflags & ~(C_NOERROR | C_NOTRUNC | C_SYNC)) == C_BS) {
471 			out.dbcnt = in.dbcnt;
472 			dd_out(1);
473 			in.dbcnt = 0;
474 			continue;
475 		}
476 
477 		if (ddflags & C_SWAB) {
478 			if ((n = in.dbrcnt) & 1) {
479 				++st.swab;
480 				--n;
481 			}
482 			swapbytes(in.dbp, (size_t)n);
483 		}
484 
485 		/* Advance to the next block. */
486 		in.dbp += in.dbrcnt;
487 		(*cfunc)();
488 		if (need_summary)
489 			summary();
490 		if (need_progress)
491 			progress();
492 	}
493 }
494 
495 /*
496  * Clean up any remaining I/O and flush output.  If necessary, the output file
497  * is truncated.
498  */
499 static void
500 dd_close(void)
501 {
502 	if (cfunc == def)
503 		def_close();
504 	else if (cfunc == block)
505 		block_close();
506 	else if (cfunc == unblock)
507 		unblock_close();
508 	if (ddflags & C_OSYNC && out.dbcnt && out.dbcnt < out.dbsz) {
509 		if (ddflags & C_FILL)
510 			memset(out.dbp, fill_char, out.dbsz - out.dbcnt);
511 		else if (ddflags & (C_BLOCK | C_UNBLOCK))
512 			memset(out.dbp, ' ', out.dbsz - out.dbcnt);
513 		else
514 			memset(out.dbp, 0, out.dbsz - out.dbcnt);
515 		out.dbcnt = out.dbsz;
516 	}
517 	if (out.dbcnt || pending)
518 		dd_out(1);
519 
520 	/*
521 	 * If the file ends with a hole, ftruncate it to extend its size
522 	 * up to the end of the hole (without having to write any data).
523 	 */
524 	if (out.seek_offset > 0 && (out.flags & ISTRUNC)) {
525 		if (ftruncate(out.fd, out.seek_offset) == -1)
526 			err(1, "truncating %s", out.name);
527 	}
528 
529 	if (ddflags & C_FSYNC) {
530 		if (fsync(out.fd) == -1)
531 			err(1, "fsyncing %s", out.name);
532 	} else if (ddflags & C_FDATASYNC) {
533 		if (fdatasync(out.fd) == -1)
534 			err(1, "fdatasyncing %s", out.name);
535 	}
536 }
537 
538 void
539 dd_out(int force)
540 {
541 	u_char *outp;
542 	size_t cnt, n;
543 	ssize_t nw;
544 	static int warned;
545 	int sparse;
546 
547 	/*
548 	 * Write one or more blocks out.  The common case is writing a full
549 	 * output block in a single write; increment the full block stats.
550 	 * Otherwise, we're into partial block writes.  If a partial write,
551 	 * and it's a character device, just warn.  If a tape device, quit.
552 	 *
553 	 * The partial writes represent two cases.  1: Where the input block
554 	 * was less than expected so the output block was less than expected.
555 	 * 2: Where the input block was the right size but we were forced to
556 	 * write the block in multiple chunks.  The original versions of dd(1)
557 	 * never wrote a block in more than a single write, so the latter case
558 	 * never happened.
559 	 *
560 	 * One special case is if we're forced to do the write -- in that case
561 	 * we play games with the buffer size, and it's usually a partial write.
562 	 */
563 	outp = out.db;
564 
565 	/*
566 	 * If force, first try to write all pending data, else try to write
567 	 * just one block. Subsequently always write data one full block at
568 	 * a time at most.
569 	 */
570 	for (n = force ? out.dbcnt : out.dbsz;; n = out.dbsz) {
571 		cnt = n;
572 		do {
573 			sparse = 0;
574 			if (ddflags & C_SPARSE) {
575 				/* Is buffer sparse? */
576 				sparse = BISZERO(outp, cnt);
577 			}
578 			if (sparse && !force) {
579 				pending += cnt;
580 				nw = cnt;
581 			} else {
582 				if (pending != 0) {
583 					/*
584 					 * Seek past hole.  Note that we need to record the
585 					 * reached offset, because we might have no more data
586 					 * to write, in which case we'll need to call
587 					 * ftruncate to extend the file size.
588 					 */
589 					out.seek_offset = lseek(out.fd, pending, SEEK_CUR);
590 					if (out.seek_offset == -1)
591 						err(2, "%s: seek error creating sparse file",
592 						    out.name);
593 					pending = 0;
594 				}
595 				if (cnt) {
596 					before_io();
597 					nw = write(out.fd, outp, cnt);
598 					after_io();
599 					out.seek_offset = 0;
600 				} else {
601 					return;
602 				}
603 			}
604 
605 			if (nw <= 0) {
606 				if (nw == 0)
607 					errx(1, "%s: end of device", out.name);
608 				if (errno != EINTR)
609 					err(1, "%s", out.name);
610 				nw = 0;
611 			}
612 
613 			outp += nw;
614 			st.bytes += nw;
615 
616 			if ((size_t)nw == n && n == (size_t)out.dbsz)
617 				++st.out_full;
618 			else
619 				++st.out_part;
620 
621 			if ((size_t) nw != cnt) {
622 				if (out.flags & ISTAPE)
623 					errx(1, "%s: short write on tape device",
624 				    	out.name);
625 				if (out.flags & ISCHR && !warned) {
626 					warned = 1;
627 					warnx("%s: short write on character device",
628 				    	out.name);
629 				}
630 			}
631 
632 			cnt -= nw;
633 		} while (cnt != 0);
634 
635 		if ((out.dbcnt -= n) < out.dbsz)
636 			break;
637 	}
638 
639 	/* Reassemble the output block. */
640 	if (out.dbcnt)
641 		(void)memmove(out.db, out.dbp - out.dbcnt, out.dbcnt);
642 	out.dbp = out.db + out.dbcnt;
643 }
644