HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / cramfs / inode.c
bloba6c9c2d66af1233928a204daa3b3ea8dd395c328
1 /*
2 * Compressed rom filesystem for Linux.
4 * Copyright (C) 1999 Linus Torvalds.
6 * This file is released under the GPL.
7 */
9 /*
10 * These are the VFS interfaces to the compressed rom filesystem.
11 * The actual compression is based on zlib, see the other files.
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
16 #include <linux/module.h>
17 #include <linux/fs.h>
18 #include <linux/pagemap.h>
19 #include <linux/init.h>
20 #include <linux/string.h>
21 #include <linux/blkdev.h>
22 #include <linux/slab.h>
23 #include <linux/vfs.h>
24 #include <linux/mutex.h>
25 #include <uapi/linux/cramfs_fs.h>
26 #include <linux/uaccess.h>
28 #include "internal.h"
31 * cramfs super-block data in memory
33 struct cramfs_sb_info {
34 unsigned long magic;
35 unsigned long size;
36 unsigned long blocks;
37 unsigned long files;
38 unsigned long flags;
41 static inline struct cramfs_sb_info *CRAMFS_SB(struct super_block *sb)
43 return sb->s_fs_info;
46 static const struct super_operations cramfs_ops;
47 static const struct inode_operations cramfs_dir_inode_operations;
48 static const struct file_operations cramfs_directory_operations;
49 static const struct address_space_operations cramfs_aops;
51 static DEFINE_MUTEX(read_mutex);
54 /* These macros may change in future, to provide better st_ino semantics. */
55 #define OFFSET(x) ((x)->i_ino)
57 static unsigned long cramino(const struct cramfs_inode *cino, unsigned int offset)
59 if (!cino->offset)
60 return offset + 1;
61 if (!cino->size)
62 return offset + 1;
65 * The file mode test fixes buggy mkcramfs implementations where
66 * cramfs_inode->offset is set to a non zero value for entries
67 * which did not contain data, like devices node and fifos.
69 switch (cino->mode & S_IFMT) {
70 case S_IFREG:
71 case S_IFDIR:
72 case S_IFLNK:
73 return cino->offset << 2;
74 default:
75 break;
77 return offset + 1;
80 static struct inode *get_cramfs_inode(struct super_block *sb,
81 const struct cramfs_inode *cramfs_inode, unsigned int offset)
83 struct inode *inode;
84 static struct timespec zerotime;
86 inode = iget_locked(sb, cramino(cramfs_inode, offset));
87 if (!inode)
88 return ERR_PTR(-ENOMEM);
89 if (!(inode->i_state & I_NEW))
90 return inode;
92 switch (cramfs_inode->mode & S_IFMT) {
93 case S_IFREG:
94 inode->i_fop = &generic_ro_fops;
95 inode->i_data.a_ops = &cramfs_aops;
96 break;
97 case S_IFDIR:
98 inode->i_op = &cramfs_dir_inode_operations;
99 inode->i_fop = &cramfs_directory_operations;
100 break;
101 case S_IFLNK:
102 inode->i_op = &page_symlink_inode_operations;
103 inode->i_data.a_ops = &cramfs_aops;
104 break;
105 default:
106 init_special_inode(inode, cramfs_inode->mode,
107 old_decode_dev(cramfs_inode->size));
110 inode->i_mode = cramfs_inode->mode;
111 i_uid_write(inode, cramfs_inode->uid);
112 i_gid_write(inode, cramfs_inode->gid);
114 /* if the lower 2 bits are zero, the inode contains data */
115 if (!(inode->i_ino & 3)) {
116 inode->i_size = cramfs_inode->size;
117 inode->i_blocks = (cramfs_inode->size - 1) / 512 + 1;
120 /* Struct copy intentional */
121 inode->i_mtime = inode->i_atime = inode->i_ctime = zerotime;
122 /* inode->i_nlink is left 1 - arguably wrong for directories,
123 but it's the best we can do without reading the directory
124 contents. 1 yields the right result in GNU find, even
125 without -noleaf option. */
127 unlock_new_inode(inode);
129 return inode;
133 * We have our own block cache: don't fill up the buffer cache
134 * with the rom-image, because the way the filesystem is set
135 * up the accesses should be fairly regular and cached in the
136 * page cache and dentry tree anyway..
138 * This also acts as a way to guarantee contiguous areas of up to
139 * BLKS_PER_BUF*PAGE_CACHE_SIZE, so that the caller doesn't need to
140 * worry about end-of-buffer issues even when decompressing a full
141 * page cache.
143 #define READ_BUFFERS (2)
144 /* NEXT_BUFFER(): Loop over [0..(READ_BUFFERS-1)]. */
145 #define NEXT_BUFFER(_ix) ((_ix) ^ 1)
148 * BLKS_PER_BUF_SHIFT should be at least 2 to allow for "compressed"
149 * data that takes up more space than the original and with unlucky
150 * alignment.
152 #define BLKS_PER_BUF_SHIFT (2)
153 #define BLKS_PER_BUF (1 << BLKS_PER_BUF_SHIFT)
154 #define BUFFER_SIZE (BLKS_PER_BUF*PAGE_CACHE_SIZE)
156 static unsigned char read_buffers[READ_BUFFERS][BUFFER_SIZE];
157 static unsigned buffer_blocknr[READ_BUFFERS];
158 static struct super_block *buffer_dev[READ_BUFFERS];
159 static int next_buffer;
162 * Returns a pointer to a buffer containing at least LEN bytes of
163 * filesystem starting at byte offset OFFSET into the filesystem.
165 static void *cramfs_read(struct super_block *sb, unsigned int offset, unsigned int len)
167 struct address_space *mapping = sb->s_bdev->bd_inode->i_mapping;
168 struct page *pages[BLKS_PER_BUF];
169 unsigned i, blocknr, buffer;
170 unsigned long devsize;
171 char *data;
173 if (!len)
174 return NULL;
175 blocknr = offset >> PAGE_CACHE_SHIFT;
176 offset &= PAGE_CACHE_SIZE - 1;
178 /* Check if an existing buffer already has the data.. */
179 for (i = 0; i < READ_BUFFERS; i++) {
180 unsigned int blk_offset;
182 if (buffer_dev[i] != sb)
183 continue;
184 if (blocknr < buffer_blocknr[i])
185 continue;
186 blk_offset = (blocknr - buffer_blocknr[i]) << PAGE_CACHE_SHIFT;
187 blk_offset += offset;
188 if (blk_offset > BUFFER_SIZE ||
189 blk_offset + len > BUFFER_SIZE)
190 continue;
191 return read_buffers[i] + blk_offset;
194 devsize = mapping->host->i_size >> PAGE_CACHE_SHIFT;
196 /* Ok, read in BLKS_PER_BUF pages completely first. */
197 for (i = 0; i < BLKS_PER_BUF; i++) {
198 struct page *page = NULL;
200 if (blocknr + i < devsize) {
201 page = read_mapping_page(mapping, blocknr + i, NULL);
202 /* synchronous error? */
203 if (IS_ERR(page))
204 page = NULL;
206 pages[i] = page;
209 for (i = 0; i < BLKS_PER_BUF; i++) {
210 struct page *page = pages[i];
212 if (page) {
213 wait_on_page_locked(page);
214 if (!PageUptodate(page)) {
215 /* asynchronous error */
216 page_cache_release(page);
217 pages[i] = NULL;
222 buffer = next_buffer;
223 next_buffer = NEXT_BUFFER(buffer);
224 buffer_blocknr[buffer] = blocknr;
225 buffer_dev[buffer] = sb;
227 data = read_buffers[buffer];
228 for (i = 0; i < BLKS_PER_BUF; i++) {
229 struct page *page = pages[i];
231 if (page) {
232 memcpy(data, kmap(page), PAGE_CACHE_SIZE);
233 kunmap(page);
234 page_cache_release(page);
235 } else
236 memset(data, 0, PAGE_CACHE_SIZE);
237 data += PAGE_CACHE_SIZE;
239 return read_buffers[buffer] + offset;
242 static void cramfs_kill_sb(struct super_block *sb)
244 struct cramfs_sb_info *sbi = CRAMFS_SB(sb);
246 kill_block_super(sb);
247 kfree(sbi);
250 static int cramfs_remount(struct super_block *sb, int *flags, char *data)
252 sync_filesystem(sb);
253 *flags |= MS_RDONLY;
254 return 0;
257 static int cramfs_fill_super(struct super_block *sb, void *data, int silent)
259 int i;
260 struct cramfs_super super;
261 unsigned long root_offset;
262 struct cramfs_sb_info *sbi;
263 struct inode *root;
265 sb->s_flags |= MS_RDONLY;
267 sbi = kzalloc(sizeof(struct cramfs_sb_info), GFP_KERNEL);
268 if (!sbi)
269 return -ENOMEM;
270 sb->s_fs_info = sbi;
272 /* Invalidate the read buffers on mount: think disk change.. */
273 mutex_lock(&read_mutex);
274 for (i = 0; i < READ_BUFFERS; i++)
275 buffer_blocknr[i] = -1;
277 /* Read the first block and get the superblock from it */
278 memcpy(&super, cramfs_read(sb, 0, sizeof(super)), sizeof(super));
279 mutex_unlock(&read_mutex);
281 /* Do sanity checks on the superblock */
282 if (super.magic != CRAMFS_MAGIC) {
283 /* check for wrong endianness */
284 if (super.magic == CRAMFS_MAGIC_WEND) {
285 if (!silent)
286 pr_err("wrong endianness\n");
287 return -EINVAL;
290 /* check at 512 byte offset */
291 mutex_lock(&read_mutex);
292 memcpy(&super, cramfs_read(sb, 512, sizeof(super)), sizeof(super));
293 mutex_unlock(&read_mutex);
294 if (super.magic != CRAMFS_MAGIC) {
295 if (super.magic == CRAMFS_MAGIC_WEND && !silent)
296 pr_err("wrong endianness\n");
297 else if (!silent)
298 pr_err("wrong magic\n");
299 return -EINVAL;
303 /* get feature flags first */
304 if (super.flags & ~CRAMFS_SUPPORTED_FLAGS) {
305 pr_err("unsupported filesystem features\n");
306 return -EINVAL;
309 /* Check that the root inode is in a sane state */
310 if (!S_ISDIR(super.root.mode)) {
311 pr_err("root is not a directory\n");
312 return -EINVAL;
314 /* correct strange, hard-coded permissions of mkcramfs */
315 super.root.mode |= (S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
317 root_offset = super.root.offset << 2;
318 if (super.flags & CRAMFS_FLAG_FSID_VERSION_2) {
319 sbi->size = super.size;
320 sbi->blocks = super.fsid.blocks;
321 sbi->files = super.fsid.files;
322 } else {
323 sbi->size = 1<<28;
324 sbi->blocks = 0;
325 sbi->files = 0;
327 sbi->magic = super.magic;
328 sbi->flags = super.flags;
329 if (root_offset == 0)
330 pr_info("empty filesystem");
331 else if (!(super.flags & CRAMFS_FLAG_SHIFTED_ROOT_OFFSET) &&
332 ((root_offset != sizeof(struct cramfs_super)) &&
333 (root_offset != 512 + sizeof(struct cramfs_super))))
335 pr_err("bad root offset %lu\n", root_offset);
336 return -EINVAL;
339 /* Set it all up.. */
340 sb->s_op = &cramfs_ops;
341 root = get_cramfs_inode(sb, &super.root, 0);
342 if (IS_ERR(root))
343 return PTR_ERR(root);
344 sb->s_root = d_make_root(root);
345 if (!sb->s_root)
346 return -ENOMEM;
347 return 0;
350 static int cramfs_statfs(struct dentry *dentry, struct kstatfs *buf)
352 struct super_block *sb = dentry->d_sb;
353 u64 id = huge_encode_dev(sb->s_bdev->bd_dev);
355 buf->f_type = CRAMFS_MAGIC;
356 buf->f_bsize = PAGE_CACHE_SIZE;
357 buf->f_blocks = CRAMFS_SB(sb)->blocks;
358 buf->f_bfree = 0;
359 buf->f_bavail = 0;
360 buf->f_files = CRAMFS_SB(sb)->files;
361 buf->f_ffree = 0;
362 buf->f_fsid.val[0] = (u32)id;
363 buf->f_fsid.val[1] = (u32)(id >> 32);
364 buf->f_namelen = CRAMFS_MAXPATHLEN;
365 return 0;
369 * Read a cramfs directory entry.
371 static int cramfs_readdir(struct file *file, struct dir_context *ctx)
373 struct inode *inode = file_inode(file);
374 struct super_block *sb = inode->i_sb;
375 char *buf;
376 unsigned int offset;
378 /* Offset within the thing. */
379 if (ctx->pos >= inode->i_size)
380 return 0;
381 offset = ctx->pos;
382 /* Directory entries are always 4-byte aligned */
383 if (offset & 3)
384 return -EINVAL;
386 buf = kmalloc(CRAMFS_MAXPATHLEN, GFP_KERNEL);
387 if (!buf)
388 return -ENOMEM;
390 while (offset < inode->i_size) {
391 struct cramfs_inode *de;
392 unsigned long nextoffset;
393 char *name;
394 ino_t ino;
395 umode_t mode;
396 int namelen;
398 mutex_lock(&read_mutex);
399 de = cramfs_read(sb, OFFSET(inode) + offset, sizeof(*de)+CRAMFS_MAXPATHLEN);
400 name = (char *)(de+1);
403 * Namelengths on disk are shifted by two
404 * and the name padded out to 4-byte boundaries
405 * with zeroes.
407 namelen = de->namelen << 2;
408 memcpy(buf, name, namelen);
409 ino = cramino(de, OFFSET(inode) + offset);
410 mode = de->mode;
411 mutex_unlock(&read_mutex);
412 nextoffset = offset + sizeof(*de) + namelen;
413 for (;;) {
414 if (!namelen) {
415 kfree(buf);
416 return -EIO;
418 if (buf[namelen-1])
419 break;
420 namelen--;
422 if (!dir_emit(ctx, buf, namelen, ino, mode >> 12))
423 break;
425 ctx->pos = offset = nextoffset;
427 kfree(buf);
428 return 0;
432 * Lookup and fill in the inode data..
434 static struct dentry *cramfs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
436 unsigned int offset = 0;
437 struct inode *inode = NULL;
438 int sorted;
440 mutex_lock(&read_mutex);
441 sorted = CRAMFS_SB(dir->i_sb)->flags & CRAMFS_FLAG_SORTED_DIRS;
442 while (offset < dir->i_size) {
443 struct cramfs_inode *de;
444 char *name;
445 int namelen, retval;
446 int dir_off = OFFSET(dir) + offset;
448 de = cramfs_read(dir->i_sb, dir_off, sizeof(*de)+CRAMFS_MAXPATHLEN);
449 name = (char *)(de+1);
451 /* Try to take advantage of sorted directories */
452 if (sorted && (dentry->d_name.name[0] < name[0]))
453 break;
455 namelen = de->namelen << 2;
456 offset += sizeof(*de) + namelen;
458 /* Quick check that the name is roughly the right length */
459 if (((dentry->d_name.len + 3) & ~3) != namelen)
460 continue;
462 for (;;) {
463 if (!namelen) {
464 inode = ERR_PTR(-EIO);
465 goto out;
467 if (name[namelen-1])
468 break;
469 namelen--;
471 if (namelen != dentry->d_name.len)
472 continue;
473 retval = memcmp(dentry->d_name.name, name, namelen);
474 if (retval > 0)
475 continue;
476 if (!retval) {
477 inode = get_cramfs_inode(dir->i_sb, de, dir_off);
478 break;
480 /* else (retval < 0) */
481 if (sorted)
482 break;
484 out:
485 mutex_unlock(&read_mutex);
486 if (IS_ERR(inode))
487 return ERR_CAST(inode);
488 d_add(dentry, inode);
489 return NULL;
492 static int cramfs_readpage(struct file *file, struct page *page)
494 struct inode *inode = page->mapping->host;
495 u32 maxblock;
496 int bytes_filled;
497 void *pgdata;
499 maxblock = (inode->i_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
500 bytes_filled = 0;
501 pgdata = kmap(page);
503 if (page->index < maxblock) {
504 struct super_block *sb = inode->i_sb;
505 u32 blkptr_offset = OFFSET(inode) + page->index*4;
506 u32 start_offset, compr_len;
508 start_offset = OFFSET(inode) + maxblock*4;
509 mutex_lock(&read_mutex);
510 if (page->index)
511 start_offset = *(u32 *) cramfs_read(sb, blkptr_offset-4,
513 compr_len = (*(u32 *) cramfs_read(sb, blkptr_offset, 4) -
514 start_offset);
515 mutex_unlock(&read_mutex);
517 if (compr_len == 0)
518 ; /* hole */
519 else if (unlikely(compr_len > (PAGE_CACHE_SIZE << 1))) {
520 pr_err("bad compressed blocksize %u\n",
521 compr_len);
522 goto err;
523 } else {
524 mutex_lock(&read_mutex);
525 bytes_filled = cramfs_uncompress_block(pgdata,
526 PAGE_CACHE_SIZE,
527 cramfs_read(sb, start_offset, compr_len),
528 compr_len);
529 mutex_unlock(&read_mutex);
530 if (unlikely(bytes_filled < 0))
531 goto err;
535 memset(pgdata + bytes_filled, 0, PAGE_CACHE_SIZE - bytes_filled);
536 flush_dcache_page(page);
537 kunmap(page);
538 SetPageUptodate(page);
539 unlock_page(page);
540 return 0;
542 err:
543 kunmap(page);
544 ClearPageUptodate(page);
545 SetPageError(page);
546 unlock_page(page);
547 return 0;
550 static const struct address_space_operations cramfs_aops = {
551 .readpage = cramfs_readpage
555 * Our operations:
559 * A directory can only readdir
561 static const struct file_operations cramfs_directory_operations = {
562 .llseek = generic_file_llseek,
563 .read = generic_read_dir,
564 .iterate = cramfs_readdir,
567 static const struct inode_operations cramfs_dir_inode_operations = {
568 .lookup = cramfs_lookup,
571 static const struct super_operations cramfs_ops = {
572 .remount_fs = cramfs_remount,
573 .statfs = cramfs_statfs,
576 static struct dentry *cramfs_mount(struct file_system_type *fs_type,
577 int flags, const char *dev_name, void *data)
579 return mount_bdev(fs_type, flags, dev_name, data, cramfs_fill_super);
582 static struct file_system_type cramfs_fs_type = {
583 .owner = THIS_MODULE,
584 .name = "cramfs",
585 .mount = cramfs_mount,
586 .kill_sb = cramfs_kill_sb,
587 .fs_flags = FS_REQUIRES_DEV,
589 MODULE_ALIAS_FS("cramfs");
591 static int __init init_cramfs_fs(void)
593 int rv;
595 rv = cramfs_uncompress_init();
596 if (rv < 0)
597 return rv;
598 rv = register_filesystem(&cramfs_fs_type);
599 if (rv < 0)
600 cramfs_uncompress_exit();
601 return rv;
604 static void __exit exit_cramfs_fs(void)
606 cramfs_uncompress_exit();
607 unregister_filesystem(&cramfs_fs_type);
610 module_init(init_cramfs_fs)
611 module_exit(exit_cramfs_fs)
612 MODULE_LICENSE("GPL");