1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * usnjrnl.h - Defines for NTFS kernel transaction log ($UsnJrnl) handling.
4 * Part of the Linux-NTFS project.
5 *
6 * Copyright (c) 2005 Anton Altaparmakov
7 */
8
9#ifndef _LINUX_NTFS_USNJRNL_H
10#define _LINUX_NTFS_USNJRNL_H
11
12#ifdef NTFS_RW
13
14#include "types.h"
15#include "endian.h"
16#include "layout.h"
17#include "volume.h"
18
19/*
20 * Transaction log ($UsnJrnl) organization:
21 *
22 * The transaction log records whenever a file is modified in any way. So for
23 * example it will record that file "blah" was written to at a particular time
24 * but not what was written. If will record that a file was deleted or
25 * created, that a file was truncated, etc. See below for all the reason
26 * codes used.
27 *
28 * The transaction log is in the $Extend directory which is in the root
29 * directory of each volume. If it is not present it means transaction
30 * logging is disabled. If it is present it means transaction logging is
31 * either enabled or in the process of being disabled in which case we can
32 * ignore it as it will go away as soon as Windows gets its hands on it.
33 *
34 * To determine whether the transaction logging is enabled or in the process
35 * of being disabled, need to check the volume flags in the
36 * $VOLUME_INFORMATION attribute in the $Volume system file (which is present
37 * in the root directory and has a fixed mft record number, see layout.h).
38 * If the flag VOLUME_DELETE_USN_UNDERWAY is set it means the transaction log
39 * is in the process of being disabled and if this flag is clear it means the
40 * transaction log is enabled.
41 *
42 * The transaction log consists of two parts; the $DATA/$Max attribute as well
43 * as the $DATA/$J attribute. $Max is a header describing the transaction
44 * log whilst $J is the transaction log data itself as a sequence of variable
45 * sized USN_RECORDs (see below for all the structures).
46 *
47 * We do not care about transaction logging at this point in time but we still
48 * need to let windows know that the transaction log is out of date. To do
49 * this we need to stamp the transaction log. This involves setting the
50 * lowest_valid_usn field in the $DATA/$Max attribute to the usn to be used
51 * for the next added USN_RECORD to the $DATA/$J attribute as well as
52 * generating a new journal_id in $DATA/$Max.
53 *
54 * The journal_id is as of the current version (2.0) of the transaction log
55 * simply the 64-bit timestamp of when the journal was either created or last
56 * stamped.
57 *
58 * To determine the next usn there are two ways. The first is to parse
59 * $DATA/$J and to find the last USN_RECORD in it and to add its record_length
60 * to its usn (which is the byte offset in the $DATA/$J attribute). The
61 * second is simply to take the data size of the attribute. Since the usns
62 * are simply byte offsets into $DATA/$J, this is exactly the next usn. For
63 * obvious reasons we use the second method as it is much simpler and faster.
64 *
65 * As an aside, note that to actually disable the transaction log, one would
66 * need to set the VOLUME_DELETE_USN_UNDERWAY flag (see above), then go
67 * through all the mft records on the volume and set the usn field in their
68 * $STANDARD_INFORMATION attribute to zero. Once that is done, one would need
69 * to delete the transaction log file, i.e. \$Extent\$UsnJrnl, and finally,
70 * one would need to clear the VOLUME_DELETE_USN_UNDERWAY flag.
71 *
72 * Note that if a volume is unmounted whilst the transaction log is being
73 * disabled, the process will continue the next time the volume is mounted.
74 * This is why we can safely mount read-write when we see a transaction log
75 * in the process of being deleted.
76 */
77
78/* Some $UsnJrnl related constants. */
79#define UsnJrnlMajorVer 2
80#define UsnJrnlMinorVer 0
81
82/*
83 * $DATA/$Max attribute. This is (always?) resident and has a fixed size of
84 * 32 bytes. It contains the header describing the transaction log.
85 */
86typedef struct {
87/*Ofs*/
88/* 0*/sle64 maximum_size; /* The maximum on-disk size of the $DATA/$J
89 attribute. */
90/* 8*/sle64 allocation_delta; /* Number of bytes by which to increase the
91 size of the $DATA/$J attribute. */
92/*0x10*/sle64 journal_id; /* Current id of the transaction log. */
93/*0x18*/leUSN lowest_valid_usn; /* Lowest valid usn in $DATA/$J for the
94 current journal_id. */
95/* sizeof() = 32 (0x20) bytes */
96} __attribute__ ((__packed__)) USN_HEADER;
97
98/*
99 * Reason flags (32-bit). Cumulative flags describing the change(s) to the
100 * file since it was last opened. I think the names speak for themselves but
101 * if you disagree check out the descriptions in the Linux NTFS project NTFS
102 * documentation: http://www.linux-ntfs.org/
103 */
104enum {
105 USN_REASON_DATA_OVERWRITE = cpu_to_le32(0x00000001),
106 USN_REASON_DATA_EXTEND = cpu_to_le32(0x00000002),
107 USN_REASON_DATA_TRUNCATION = cpu_to_le32(0x00000004),
108 USN_REASON_NAMED_DATA_OVERWRITE = cpu_to_le32(0x00000010),
109 USN_REASON_NAMED_DATA_EXTEND = cpu_to_le32(0x00000020),
110 USN_REASON_NAMED_DATA_TRUNCATION= cpu_to_le32(0x00000040),
111 USN_REASON_FILE_CREATE = cpu_to_le32(0x00000100),
112 USN_REASON_FILE_DELETE = cpu_to_le32(0x00000200),
113 USN_REASON_EA_CHANGE = cpu_to_le32(0x00000400),
114 USN_REASON_SECURITY_CHANGE = cpu_to_le32(0x00000800),
115 USN_REASON_RENAME_OLD_NAME = cpu_to_le32(0x00001000),
116 USN_REASON_RENAME_NEW_NAME = cpu_to_le32(0x00002000),
117 USN_REASON_INDEXABLE_CHANGE = cpu_to_le32(0x00004000),
118 USN_REASON_BASIC_INFO_CHANGE = cpu_to_le32(0x00008000),
119 USN_REASON_HARD_LINK_CHANGE = cpu_to_le32(0x00010000),
120 USN_REASON_COMPRESSION_CHANGE = cpu_to_le32(0x00020000),
121 USN_REASON_ENCRYPTION_CHANGE = cpu_to_le32(0x00040000),
122 USN_REASON_OBJECT_ID_CHANGE = cpu_to_le32(0x00080000),
123 USN_REASON_REPARSE_POINT_CHANGE = cpu_to_le32(0x00100000),
124 USN_REASON_STREAM_CHANGE = cpu_to_le32(0x00200000),
125 USN_REASON_CLOSE = cpu_to_le32(0x80000000),
126};
127
128typedef le32 USN_REASON_FLAGS;
129
130/*
131 * Source info flags (32-bit). Information about the source of the change(s)
132 * to the file. For detailed descriptions of what these mean, see the Linux
133 * NTFS project NTFS documentation:
134 * http://www.linux-ntfs.org/
135 */
136enum {
137 USN_SOURCE_DATA_MANAGEMENT = cpu_to_le32(0x00000001),
138 USN_SOURCE_AUXILIARY_DATA = cpu_to_le32(0x00000002),
139 USN_SOURCE_REPLICATION_MANAGEMENT = cpu_to_le32(0x00000004),
140};
141
142typedef le32 USN_SOURCE_INFO_FLAGS;
143
144/*
145 * $DATA/$J attribute. This is always non-resident, is marked as sparse, and
146 * is of variabled size. It consists of a sequence of variable size
147 * USN_RECORDS. The minimum allocated_size is allocation_delta as
148 * specified in $DATA/$Max. When the maximum_size specified in $DATA/$Max is
149 * exceeded by more than allocation_delta bytes, allocation_delta bytes are
150 * allocated and appended to the $DATA/$J attribute and an equal number of
151 * bytes at the beginning of the attribute are freed and made sparse. Note the
152 * making sparse only happens at volume checkpoints and hence the actual
153 * $DATA/$J size can exceed maximum_size + allocation_delta temporarily.
154 */
155typedef struct {
156/*Ofs*/
157/* 0*/le32 length; /* Byte size of this record (8-byte
158 aligned). */
159/* 4*/le16 major_ver; /* Major version of the transaction log used
160 for this record. */
161/* 6*/le16 minor_ver; /* Minor version of the transaction log used
162 for this record. */
163/* 8*/leMFT_REF mft_reference;/* The mft reference of the file (or
164 directory) described by this record. */
165/*0x10*/leMFT_REF parent_directory;/* The mft reference of the parent
166 directory of the file described by this
167 record. */
168/*0x18*/leUSN usn; /* The usn of this record. Equals the offset
169 within the $DATA/$J attribute. */
170/*0x20*/sle64 time; /* Time when this record was created. */
171/*0x28*/USN_REASON_FLAGS reason;/* Reason flags (see above). */
172/*0x2c*/USN_SOURCE_INFO_FLAGS source_info;/* Source info flags (see above). */
173/*0x30*/le32 security_id; /* File security_id copied from
174 $STANDARD_INFORMATION. */
175/*0x34*/FILE_ATTR_FLAGS file_attributes; /* File attributes copied from
176 $STANDARD_INFORMATION or $FILE_NAME (not
177 sure which). */
178/*0x38*/le16 file_name_size; /* Size of the file name in bytes. */
179/*0x3a*/le16 file_name_offset; /* Offset to the file name in bytes from the
180 start of this record. */
181/*0x3c*/ntfschar file_name[0]; /* Use when creating only. When reading use
182 file_name_offset to determine the location
183 of the name. */
184/* sizeof() = 60 (0x3c) bytes */
185} __attribute__ ((__packed__)) USN_RECORD;
186
187extern bool ntfs_stamp_usnjrnl(ntfs_volume *vol);
188
189#endif /* NTFS_RW */
190
191#endif /* _LINUX_NTFS_USNJRNL_H */
192

source code of linux/fs/ntfs/usnjrnl.h