1 files changed, 105 insertions, 86 deletions

diff --git a/magic/Magdir/linux b/magic/Magdir/linux
index e2e84348cd9a..e7d0a15607e2 100644
--- a/magic/Magdir/linux
+++ b/magic/Magdir/linux
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: linux,v 1.68 2019/09/11 21:20:56 christos Exp $
+# $File: linux,v 1.72 2020/06/07 21:56:13 christos Exp $
 # linux:  file(1) magic for Linux files
 #
 # Values for Linux/i386 binaries, from Daniel Quinlan <quinlan@yggdrasil.com>
@@ -70,41 +70,69 @@
 >24	lelong		x		%d
 >28	lelong		x		\bx%d
 
-# Linux swap file, from Daniel Quinlan <quinlan@yggdrasil.com>
-4086	string		SWAP-SPACE	Linux/i386 swap file
-# From: Jeff Bailey <jbailey@ubuntu.com>
-# Linux swap file with swsusp1 image, from Jeff Bailey <jbailey@ubuntu.com>
-4076	string		SWAPSPACE2S1SUSPEND	Linux/i386 swap file (new style) with SWSUSP1 image
-# From: James Hunt <james.hunt@ubuntu.com>
-4076    string          SWAPSPACE2LINHIB0001    Linux/i386 swap file (new style) (compressed hibernate)
-# according to man page of mkswap (8) March 1999
-# volume label and UUID Russell Coker
-# https://etbe.coker.com.au/2008/07/08/label-vs-uuid-vs-device/
-4086	string		SWAPSPACE2	Linux/i386 swap file (new style),
->0x400	long		x		version %d (4K pages),
->0x404	long		x		size %d pages,
->1052	string		\0		no label,
->1052	string		>\0		LABEL=%s,
->0x40c	belong		x		UUID=%08x
->0x410	beshort		x		\b-%04x
->0x412	beshort		x		\b-%04x
->0x414	beshort		x		\b-%04x
->0x416	belong		x		\b-%08x
->0x41a	beshort		x		\b%04x
-# From Daniel Novotny <dnovotny@redhat.com>
-# swap file for PowerPC
-65526	string		SWAPSPACE2	Linux/ppc swap file
->0x400	long		x		version %d,
->0x404	long		x		size %d pages,
->1052	string		\0		no label,
->1052	string		>\0		LABEL=%s,
->0x40c	belong		x		UUID=%08x
->0x410	beshort		x		\b-%04x
->0x412	beshort		x		\b-%04x
->0x414	beshort		x		\b-%04x
->0x416	belong		x		\b-%08x
->0x41a	beshort		x		\b%04x
-16374	string		SWAPSPACE2	Linux/ia64 swap file
+# Linux swap and hibernate files
+# Linux kernel: include/linux/swap.h
+# util-linux: libblkid/src/superblocks/swap.c
+
+# format v0, unsupported since 2002
+0xff6	string		SWAP-SPACE	Linux old swap file, 4k page size
+0x1ff6	string		SWAP-SPACE	Linux old swap file, 8k page size
+0x3ff6	string		SWAP-SPACE	Linux old swap file, 16k page size
+0x7ff6	string		SWAP-SPACE	Linux old swap file, 32k page size
+0xfff6	string		SWAP-SPACE	Linux old swap file, 64k page size
+
+# format v1, supported since 1998
+0		name	linux-swap
+>0x400	lelong	1	little endian, version %u,
+>>0x404	lelong	x	size %u pages,
+>>0x408	lelong	x	%u bad pages,
+>0x400	belong	1	big endian, version %u,
+>>0x404	belong	x	size %u pages,
+>>0x408	belong	x	%u bad pages,
+>0x41c	string	\0	no label,
+>0x41c	string	>\0	LABEL=%s,
+>0x40c	belong	x	UUID=%08x
+>0x410	beshort	x	\b-%04x
+>0x412	beshort	x	\b-%04x
+>0x414	beshort	x	\b-%04x
+>0x416	belong	x	\b-%08x
+>0x41a	beshort	x	\b%04x
+
+0xff6	string		SWAPSPACE2	Linux swap file, 4k page size,
+>0		use			linux-swap
+0x1ff6	string		SWAPSPACE2	Linux swap file, 8k page size,
+>0		use			linux-swap
+0x3ff6	string		SWAPSPACE2	Linux swap file, 16k page size,
+>0		use			linux-swap
+0x7ff6	string		SWAPSPACE2	Linux swap file, 32k page size,
+>0		use			linux-swap
+0xfff6	string		SWAPSPACE2	Linux swap file, 64k page size,
+>0		use			linux-swap
+
+0	name	linux-hibernate
+>0	string	S1SUSPEND	\b, with SWSUSP1 image
+>0	string	S2SUSPEND	\b, with SWSUSP2 image
+>0	string	ULSUSPEND	\b, with uswsusp image
+>0	string	LINHIB0001	\b, with compressed hibernate image
+>0	string	\xed\xc3\x02\xe9\x98\x56\xe5\x0c	\b, with tuxonice image
+>0	default	x			\b, with unknown hibernate image
+
+0xfec	string		SWAPSPACE2	Linux swap file, 4k page size,
+>0		use			linux-swap
+>0xff6	use			linux-hibernate
+0x1fec	string		SWAPSPACE2	Linux swap file, 8k page size,
+>0		use			linux-swap
+>0x1ff6	use			linux-hibernate
+0x3fec	string		SWAPSPACE2	Linux swap file, 16k page size,
+>0		use			linux-swap
+>0x3ff6	use			linux-hibernate
+0x7fec	string		SWAPSPACE2	Linux swap file, 32k page size,
+>0		use			linux-swap
+>0x7ff6	use			linux-hibernate
+0xffec	string		SWAPSPACE2	Linux swap file, 64k page size,
+>0		use			linux-swap
+>0xfff6	use			linux-hibernate
+
 #
 # Linux kernel boot images, from Albert Cahalan <acahalan@cs.uml.edu>
 # and others such as Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de>
@@ -206,13 +234,29 @@
 >>&0 string \x80\x00\x20\x00\x00\x00\x00\x00 Z990 32bit kernel
 >>&0 string \x80\x00\x00\x00\x00\x00\x00\x00 Z900 32bit kernel
 
+############################################################################
 # Linux ARM compressed kernel image
 # From: Kevin Cernekee <cernekee@gmail.com>
 # Update: Joerg Jenderek
-36	lelong	0x016f2818	Linux kernel ARM boot executable zImage (little-endian)
+0x24	lelong	0x016f2818	Linux kernel ARM boot executable zImage
+# There are three posible situations: LE, BE with LE bootloader and pure BE.
+# In order to aid telling these apart a new endian flag was added. In order
+# to support kernels before the flag and BE with LE bootloader was added we'll
+# do a negative check against the BE variant of the flag when we see a LE magic.
+>0x30	belong	!0x04030201	(little-endian)
+>0x30	belong	0x04030201	(big-endian)
 # raspian "kernel7.img", Vu+ Ultimo4K "kernel_auto.bin"
 !:ext	img/bin
-36	belong	0x016f2818	Linux kernel ARM boot executable zImage (big-endian)
+0x24	belong	0x016f2818	Linux kernel ARM boot executable zImage (big-endian)
+
+############################################################################
+# Linux AARCH64 kernel image
+0x38    lelong  0x644d5241  Linux kernel ARM64 boot executable Image
+>0x18   lelong  ^1          \b, little-endian
+>0x18   lelong  &1          \b, big-endian
+>0x18   lelong  &2          \b, 4K pages
+>0x18   lelong  &4          \b, 16K pages
+>0x18   lelong  &6          \b, 32K pages
 
 ############################################################################
 # Linux 8086 executable
@@ -267,11 +311,11 @@
 #
 # LVM1
 #
-0x0	string	HM\001		LVM1 (Linux Logical Volume Manager), version 1
->0x12c	string	>\0		, System ID: %s
+0x0	string/b	HM\001		LVM1 (Linux Logical Volume Manager), version 1
+>0x12c	string/b	>\0		, System ID: %s
 
-0x0	string	HM\002		LVM1 (Linux Logical Volume Manager), version 2
->0x12c	string	>\0		, System ID: %s
+0x0	string/b	HM\002		LVM1 (Linux Logical Volume Manager), version 2
+>0x12c	string/b	>\0		, System ID: %s
 
 #  LVM2
 #
@@ -279,56 +323,31 @@
 # of the disk... (from _find_labeller in lib/label/label.c of LVM2)
 #
 # 0x200 seems to be the common case
+0		name	lvm2
+# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
+>0x0          string  >\x2f          \b, UUID: %.6s
+>0x6          string  >\x2f          \b-%.4s
+>0xa          string  >\x2f          \b-%.4s
+>0xe          string  >\x2f          \b-%.4s
+>0x12         string  >\x2f          \b-%.4s
+>0x16         string  >\x2f          \b-%.4s
+>0x1a         string  >\x2f          \b-%.6s
+>0x20         lequad  x              \b, size: %lld
+
 
-0x218           string  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
 # read the offset to add to the start of the header, and the header
 # start in 0x200
->&(&-12.l-0x21) byte    x
-# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
->>&0x0          string  >\x2f          \b, UUID: %.6s
->>&0x6          string  >\x2f          \b-%.4s
->>&0xa          string  >\x2f          \b-%.4s
->>&0xe          string  >\x2f          \b-%.4s
->>&0x12         string  >\x2f          \b-%.4s
->>&0x16         string  >\x2f          \b-%.4s
->>&0x1a         string  >\x2f          \b-%.6s
->>&0x20         lequad  x              \b, size: %lld
+0x218           string/b  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use	lvm2
 
-0x018           string  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
->&(&-12.l-0x21) byte    x
-# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
->>&0x0          string  >\x2f          \b, UUID: %.6s
->>&0x6          string  >\x2f          \b-%.4s
->>&0xa          string  >\x2f          \b-%.4s
->>&0xe          string  >\x2f          \b-%.4s
->>&0x12         string  >\x2f          \b-%.4s
->>&0x16         string  >\x2f          \b-%.4s
->>&0x1a         string  >\x2f          \b-%.6s
->>&0x20         lequad  x              \b, size: %lld
+0x018           string/b  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use	lvm2
 
-0x418           string  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
->&(&-12.l-0x21) byte    x
-# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
->>&0x0          string  >\x2f          \b, UUID: %.6s
->>&0x6          string  >\x2f          \b-%.4s
->>&0xa          string  >\x2f          \b-%.4s
->>&0xe          string  >\x2f          \b-%.4s
->>&0x12         string  >\x2f          \b-%.4s
->>&0x16         string  >\x2f          \b-%.4s
->>&0x1a         string  >\x2f          \b-%.6s
->>&0x20         lequad  x              \b, size: %lld
+0x418           string/b  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use	lvm2
 
-0x618           string  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
->&(&-12.l-0x21) byte    x
-# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
->>&0x0          string  >\x2f          \b, UUID: %.6s
->>&0x6          string  >\x2f          \b-%.4s
->>&0xa          string  >\x2f          \b-%.4s
->>&0xe          string  >\x2f          \b-%.4s
->>&0x12         string  >\x2f          \b-%.4s
->>&0x16         string  >\x2f          \b-%.4s
->>&0x1a         string  >\x2f          \b-%.6s
->>&0x20         lequad  x              \b, size: %lld
+0x618           string/b  LVM2\ 001      LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use	lvm2
 
 # LVM snapshot
 # from Jason Farrel