OSCL-LXR |
|
|
|
|||
0001 /* SPDX-License-Identifier: GPL-2.0-or-later */ 0002 /* 0003 * usnjrnl.h - Defines for NTFS kernel transaction log ($UsnJrnl) handling. 0004 * Part of the Linux-NTFS project. 0005 * 0006 * Copyright (c) 2005 Anton Altaparmakov 0007 */ 0008 0009 #ifndef _LINUX_NTFS_USNJRNL_H 0010 #define _LINUX_NTFS_USNJRNL_H 0011 0012 #ifdef NTFS_RW 0013 0014 #include "types.h" 0015 #include "endian.h" 0016 #include "layout.h" 0017 #include "volume.h" 0018 0019 /* 0020 * Transaction log ($UsnJrnl) organization: 0021 * 0022 * The transaction log records whenever a file is modified in any way. So for 0023 * example it will record that file "blah" was written to at a particular time 0024 * but not what was written. If will record that a file was deleted or 0025 * created, that a file was truncated, etc. See below for all the reason 0026 * codes used. 0027 * 0028 * The transaction log is in the $Extend directory which is in the root 0029 * directory of each volume. If it is not present it means transaction 0030 * logging is disabled. If it is present it means transaction logging is 0031 * either enabled or in the process of being disabled in which case we can 0032 * ignore it as it will go away as soon as Windows gets its hands on it. 0033 * 0034 * To determine whether the transaction logging is enabled or in the process 0035 * of being disabled, need to check the volume flags in the 0036 * $VOLUME_INFORMATION attribute in the $Volume system file (which is present 0037 * in the root directory and has a fixed mft record number, see layout.h). 0038 * If the flag VOLUME_DELETE_USN_UNDERWAY is set it means the transaction log 0039 * is in the process of being disabled and if this flag is clear it means the 0040 * transaction log is enabled. 0041 * 0042 * The transaction log consists of two parts; the $DATA/$Max attribute as well 0043 * as the $DATA/$J attribute. $Max is a header describing the transaction 0044 * log whilst $J is the transaction log data itself as a sequence of variable 0045 * sized USN_RECORDs (see below for all the structures). 0046 * 0047 * We do not care about transaction logging at this point in time but we still 0048 * need to let windows know that the transaction log is out of date. To do 0049 * this we need to stamp the transaction log. This involves setting the 0050 * lowest_valid_usn field in the $DATA/$Max attribute to the usn to be used 0051 * for the next added USN_RECORD to the $DATA/$J attribute as well as 0052 * generating a new journal_id in $DATA/$Max. 0053 * 0054 * The journal_id is as of the current version (2.0) of the transaction log 0055 * simply the 64-bit timestamp of when the journal was either created or last 0056 * stamped. 0057 * 0058 * To determine the next usn there are two ways. The first is to parse 0059 * $DATA/$J and to find the last USN_RECORD in it and to add its record_length 0060 * to its usn (which is the byte offset in the $DATA/$J attribute). The 0061 * second is simply to take the data size of the attribute. Since the usns 0062 * are simply byte offsets into $DATA/$J, this is exactly the next usn. For 0063 * obvious reasons we use the second method as it is much simpler and faster. 0064 * 0065 * As an aside, note that to actually disable the transaction log, one would 0066 * need to set the VOLUME_DELETE_USN_UNDERWAY flag (see above), then go 0067 * through all the mft records on the volume and set the usn field in their 0068 * $STANDARD_INFORMATION attribute to zero. Once that is done, one would need 0069 * to delete the transaction log file, i.e. \$Extent\$UsnJrnl, and finally, 0070 * one would need to clear the VOLUME_DELETE_USN_UNDERWAY flag. 0071 * 0072 * Note that if a volume is unmounted whilst the transaction log is being 0073 * disabled, the process will continue the next time the volume is mounted. 0074 * This is why we can safely mount read-write when we see a transaction log 0075 * in the process of being deleted. 0076 */ 0077 0078 /* Some $UsnJrnl related constants. */ 0079 #define UsnJrnlMajorVer 2 0080 #define UsnJrnlMinorVer 0 0081 0082 /* 0083 * $DATA/$Max attribute. This is (always?) resident and has a fixed size of 0084 * 32 bytes. It contains the header describing the transaction log. 0085 */ 0086 typedef struct { 0087 /*Ofs*/ 0088 /* 0*/sle64 maximum_size; /* The maximum on-disk size of the $DATA/$J 0089 attribute. */ 0090 /* 8*/sle64 allocation_delta; /* Number of bytes by which to increase the 0091 size of the $DATA/$J attribute. */ 0092 /*0x10*/sle64 journal_id; /* Current id of the transaction log. */ 0093 /*0x18*/leUSN lowest_valid_usn; /* Lowest valid usn in $DATA/$J for the 0094 current journal_id. */ 0095 /* sizeof() = 32 (0x20) bytes */ 0096 } __attribute__ ((__packed__)) USN_HEADER; 0097 0098 /* 0099 * Reason flags (32-bit). Cumulative flags describing the change(s) to the 0100 * file since it was last opened. I think the names speak for themselves but 0101 * if you disagree check out the descriptions in the Linux NTFS project NTFS 0102 * documentation: http://www.linux-ntfs.org/ 0103 */ 0104 enum { 0105 USN_REASON_DATA_OVERWRITE = cpu_to_le32(0x00000001), 0106 USN_REASON_DATA_EXTEND = cpu_to_le32(0x00000002), 0107 USN_REASON_DATA_TRUNCATION = cpu_to_le32(0x00000004), 0108 USN_REASON_NAMED_DATA_OVERWRITE = cpu_to_le32(0x00000010), 0109 USN_REASON_NAMED_DATA_EXTEND = cpu_to_le32(0x00000020), 0110 USN_REASON_NAMED_DATA_TRUNCATION= cpu_to_le32(0x00000040), 0111 USN_REASON_FILE_CREATE = cpu_to_le32(0x00000100), 0112 USN_REASON_FILE_DELETE = cpu_to_le32(0x00000200), 0113 USN_REASON_EA_CHANGE = cpu_to_le32(0x00000400), 0114 USN_REASON_SECURITY_CHANGE = cpu_to_le32(0x00000800), 0115 USN_REASON_RENAME_OLD_NAME = cpu_to_le32(0x00001000), 0116 USN_REASON_RENAME_NEW_NAME = cpu_to_le32(0x00002000), 0117 USN_REASON_INDEXABLE_CHANGE = cpu_to_le32(0x00004000), 0118 USN_REASON_BASIC_INFO_CHANGE = cpu_to_le32(0x00008000), 0119 USN_REASON_HARD_LINK_CHANGE = cpu_to_le32(0x00010000), 0120 USN_REASON_COMPRESSION_CHANGE = cpu_to_le32(0x00020000), 0121 USN_REASON_ENCRYPTION_CHANGE = cpu_to_le32(0x00040000), 0122 USN_REASON_OBJECT_ID_CHANGE = cpu_to_le32(0x00080000), 0123 USN_REASON_REPARSE_POINT_CHANGE = cpu_to_le32(0x00100000), 0124 USN_REASON_STREAM_CHANGE = cpu_to_le32(0x00200000), 0125 USN_REASON_CLOSE = cpu_to_le32(0x80000000), 0126 }; 0127 0128 typedef le32 USN_REASON_FLAGS; 0129 0130 /* 0131 * Source info flags (32-bit). Information about the source of the change(s) 0132 * to the file. For detailed descriptions of what these mean, see the Linux 0133 * NTFS project NTFS documentation: 0134 * http://www.linux-ntfs.org/ 0135 */ 0136 enum { 0137 USN_SOURCE_DATA_MANAGEMENT = cpu_to_le32(0x00000001), 0138 USN_SOURCE_AUXILIARY_DATA = cpu_to_le32(0x00000002), 0139 USN_SOURCE_REPLICATION_MANAGEMENT = cpu_to_le32(0x00000004), 0140 }; 0141 0142 typedef le32 USN_SOURCE_INFO_FLAGS; 0143 0144 /* 0145 * $DATA/$J attribute. This is always non-resident, is marked as sparse, and 0146 * is of variabled size. It consists of a sequence of variable size 0147 * USN_RECORDS. The minimum allocated_size is allocation_delta as 0148 * specified in $DATA/$Max. When the maximum_size specified in $DATA/$Max is 0149 * exceeded by more than allocation_delta bytes, allocation_delta bytes are 0150 * allocated and appended to the $DATA/$J attribute and an equal number of 0151 * bytes at the beginning of the attribute are freed and made sparse. Note the 0152 * making sparse only happens at volume checkpoints and hence the actual 0153 * $DATA/$J size can exceed maximum_size + allocation_delta temporarily. 0154 */ 0155 typedef struct { 0156 /*Ofs*/ 0157 /* 0*/le32 length; /* Byte size of this record (8-byte 0158 aligned). */ 0159 /* 4*/le16 major_ver; /* Major version of the transaction log used 0160 for this record. */ 0161 /* 6*/le16 minor_ver; /* Minor version of the transaction log used 0162 for this record. */ 0163 /* 8*/leMFT_REF mft_reference;/* The mft reference of the file (or 0164 directory) described by this record. */ 0165 /*0x10*/leMFT_REF parent_directory;/* The mft reference of the parent 0166 directory of the file described by this 0167 record. */ 0168 /*0x18*/leUSN usn; /* The usn of this record. Equals the offset 0169 within the $DATA/$J attribute. */ 0170 /*0x20*/sle64 time; /* Time when this record was created. */ 0171 /*0x28*/USN_REASON_FLAGS reason;/* Reason flags (see above). */ 0172 /*0x2c*/USN_SOURCE_INFO_FLAGS source_info;/* Source info flags (see above). */ 0173 /*0x30*/le32 security_id; /* File security_id copied from 0174 $STANDARD_INFORMATION. */ 0175 /*0x34*/FILE_ATTR_FLAGS file_attributes; /* File attributes copied from 0176 $STANDARD_INFORMATION or $FILE_NAME (not 0177 sure which). */ 0178 /*0x38*/le16 file_name_size; /* Size of the file name in bytes. */ 0179 /*0x3a*/le16 file_name_offset; /* Offset to the file name in bytes from the 0180 start of this record. */ 0181 /*0x3c*/ntfschar file_name[0]; /* Use when creating only. When reading use 0182 file_name_offset to determine the location 0183 of the name. */ 0184 /* sizeof() = 60 (0x3c) bytes */ 0185 } __attribute__ ((__packed__)) USN_RECORD; 0186 0187 extern bool ntfs_stamp_usnjrnl(ntfs_volume *vol); 0188 0189 #endif /* NTFS_RW */ 0190 0191 #endif /* _LINUX_NTFS_USNJRNL_H */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.1.0 LXR engine. The LXR team |
|