HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / fat / fatent.c
blobbe8529739d23e9584d18c2b81ad83ff05e595f78
1 /*
2 * Copyright (C) 2004, OGAWA Hirofumi
3 * Released under GPL v2.
4 */
6 #include <linux/blkdev.h>
7 #include "fat.h"
9 struct fatent_operations {
10 void (*ent_blocknr)(struct super_block *, int, int *, sector_t *);
11 void (*ent_set_ptr)(struct fat_entry *, int);
12 int (*ent_bread)(struct super_block *, struct fat_entry *,
13 int, sector_t);
14 int (*ent_get)(struct fat_entry *);
15 void (*ent_put)(struct fat_entry *, int);
16 int (*ent_next)(struct fat_entry *);
19 static DEFINE_SPINLOCK(fat12_entry_lock);
21 static void fat12_ent_blocknr(struct super_block *sb, int entry,
22 int *offset, sector_t *blocknr)
24 struct msdos_sb_info *sbi = MSDOS_SB(sb);
25 int bytes = entry + (entry >> 1);
26 WARN_ON(!fat_valid_entry(sbi, entry));
27 *offset = bytes & (sb->s_blocksize - 1);
28 *blocknr = sbi->fat_start + (bytes >> sb->s_blocksize_bits);
31 static void fat_ent_blocknr(struct super_block *sb, int entry,
32 int *offset, sector_t *blocknr)
34 struct msdos_sb_info *sbi = MSDOS_SB(sb);
35 int bytes = (entry << sbi->fatent_shift);
36 WARN_ON(!fat_valid_entry(sbi, entry));
37 *offset = bytes & (sb->s_blocksize - 1);
38 *blocknr = sbi->fat_start + (bytes >> sb->s_blocksize_bits);
41 static void fat12_ent_set_ptr(struct fat_entry *fatent, int offset)
43 struct buffer_head **bhs = fatent->bhs;
44 if (fatent->nr_bhs == 1) {
45 WARN_ON(offset >= (bhs[0]->b_size - 1));
46 fatent->u.ent12_p[0] = bhs[0]->b_data + offset;
47 fatent->u.ent12_p[1] = bhs[0]->b_data + (offset + 1);
48 } else {
49 WARN_ON(offset != (bhs[0]->b_size - 1));
50 fatent->u.ent12_p[0] = bhs[0]->b_data + offset;
51 fatent->u.ent12_p[1] = bhs[1]->b_data;
55 static void fat16_ent_set_ptr(struct fat_entry *fatent, int offset)
57 WARN_ON(offset & (2 - 1));
58 fatent->u.ent16_p = (__le16 *)(fatent->bhs[0]->b_data + offset);
61 static void fat32_ent_set_ptr(struct fat_entry *fatent, int offset)
63 WARN_ON(offset & (4 - 1));
64 fatent->u.ent32_p = (__le32 *)(fatent->bhs[0]->b_data + offset);
67 static int fat12_ent_bread(struct super_block *sb, struct fat_entry *fatent,
68 int offset, sector_t blocknr)
70 struct buffer_head **bhs = fatent->bhs;
72 WARN_ON(blocknr < MSDOS_SB(sb)->fat_start);
73 fatent->fat_inode = MSDOS_SB(sb)->fat_inode;
75 bhs[0] = sb_bread(sb, blocknr);
76 if (!bhs[0])
77 goto err;
79 if ((offset + 1) < sb->s_blocksize)
80 fatent->nr_bhs = 1;
81 else {
82 /* This entry is block boundary, it needs the next block */
83 blocknr++;
84 bhs[1] = sb_bread(sb, blocknr);
85 if (!bhs[1])
86 goto err_brelse;
87 fatent->nr_bhs = 2;
89 fat12_ent_set_ptr(fatent, offset);
90 return 0;
92 err_brelse:
93 brelse(bhs[0]);
94 err:
95 fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)", (llu)blocknr);
96 return -EIO;
99 static int fat_ent_bread(struct super_block *sb, struct fat_entry *fatent,
100 int offset, sector_t blocknr)
102 struct fatent_operations *ops = MSDOS_SB(sb)->fatent_ops;
104 WARN_ON(blocknr < MSDOS_SB(sb)->fat_start);
105 fatent->fat_inode = MSDOS_SB(sb)->fat_inode;
106 fatent->bhs[0] = sb_bread(sb, blocknr);
107 if (!fatent->bhs[0]) {
108 fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
109 (llu)blocknr);
110 return -EIO;
112 fatent->nr_bhs = 1;
113 ops->ent_set_ptr(fatent, offset);
114 return 0;
117 static int fat12_ent_get(struct fat_entry *fatent)
119 u8 **ent12_p = fatent->u.ent12_p;
120 int next;
122 spin_lock(&fat12_entry_lock);
123 if (fatent->entry & 1)
124 next = (*ent12_p[0] >> 4) | (*ent12_p[1] << 4);
125 else
126 next = (*ent12_p[1] << 8) | *ent12_p[0];
127 spin_unlock(&fat12_entry_lock);
129 next &= 0x0fff;
130 if (next >= BAD_FAT12)
131 next = FAT_ENT_EOF;
132 return next;
135 static int fat16_ent_get(struct fat_entry *fatent)
137 int next = le16_to_cpu(*fatent->u.ent16_p);
138 WARN_ON((unsigned long)fatent->u.ent16_p & (2 - 1));
139 if (next >= BAD_FAT16)
140 next = FAT_ENT_EOF;
141 return next;
144 static int fat32_ent_get(struct fat_entry *fatent)
146 int next = le32_to_cpu(*fatent->u.ent32_p) & 0x0fffffff;
147 WARN_ON((unsigned long)fatent->u.ent32_p & (4 - 1));
148 if (next >= BAD_FAT32)
149 next = FAT_ENT_EOF;
150 return next;
153 static void fat12_ent_put(struct fat_entry *fatent, int new)
155 u8 **ent12_p = fatent->u.ent12_p;
157 if (new == FAT_ENT_EOF)
158 new = EOF_FAT12;
160 spin_lock(&fat12_entry_lock);
161 if (fatent->entry & 1) {
162 *ent12_p[0] = (new << 4) | (*ent12_p[0] & 0x0f);
163 *ent12_p[1] = new >> 4;
164 } else {
165 *ent12_p[0] = new & 0xff;
166 *ent12_p[1] = (*ent12_p[1] & 0xf0) | (new >> 8);
168 spin_unlock(&fat12_entry_lock);
170 mark_buffer_dirty_inode(fatent->bhs[0], fatent->fat_inode);
171 if (fatent->nr_bhs == 2)
172 mark_buffer_dirty_inode(fatent->bhs[1], fatent->fat_inode);
175 static void fat16_ent_put(struct fat_entry *fatent, int new)
177 if (new == FAT_ENT_EOF)
178 new = EOF_FAT16;
180 *fatent->u.ent16_p = cpu_to_le16(new);
181 mark_buffer_dirty_inode(fatent->bhs[0], fatent->fat_inode);
184 static void fat32_ent_put(struct fat_entry *fatent, int new)
186 WARN_ON(new & 0xf0000000);
187 new |= le32_to_cpu(*fatent->u.ent32_p) & ~0x0fffffff;
188 *fatent->u.ent32_p = cpu_to_le32(new);
189 mark_buffer_dirty_inode(fatent->bhs[0], fatent->fat_inode);
192 static int fat12_ent_next(struct fat_entry *fatent)
194 u8 **ent12_p = fatent->u.ent12_p;
195 struct buffer_head **bhs = fatent->bhs;
196 u8 *nextp = ent12_p[1] + 1 + (fatent->entry & 1);
198 fatent->entry++;
199 if (fatent->nr_bhs == 1) {
200 WARN_ON(ent12_p[0] > (u8 *)(bhs[0]->b_data +
201 (bhs[0]->b_size - 2)));
202 WARN_ON(ent12_p[1] > (u8 *)(bhs[0]->b_data +
203 (bhs[0]->b_size - 1)));
204 if (nextp < (u8 *)(bhs[0]->b_data + (bhs[0]->b_size - 1))) {
205 ent12_p[0] = nextp - 1;
206 ent12_p[1] = nextp;
207 return 1;
209 } else {
210 WARN_ON(ent12_p[0] != (u8 *)(bhs[0]->b_data +
211 (bhs[0]->b_size - 1)));
212 WARN_ON(ent12_p[1] != (u8 *)bhs[1]->b_data);
213 ent12_p[0] = nextp - 1;
214 ent12_p[1] = nextp;
215 brelse(bhs[0]);
216 bhs[0] = bhs[1];
217 fatent->nr_bhs = 1;
218 return 1;
220 ent12_p[0] = NULL;
221 ent12_p[1] = NULL;
222 return 0;
225 static int fat16_ent_next(struct fat_entry *fatent)
227 const struct buffer_head *bh = fatent->bhs[0];
228 fatent->entry++;
229 if (fatent->u.ent16_p < (__le16 *)(bh->b_data + (bh->b_size - 2))) {
230 fatent->u.ent16_p++;
231 return 1;
233 fatent->u.ent16_p = NULL;
234 return 0;
237 static int fat32_ent_next(struct fat_entry *fatent)
239 const struct buffer_head *bh = fatent->bhs[0];
240 fatent->entry++;
241 if (fatent->u.ent32_p < (__le32 *)(bh->b_data + (bh->b_size - 4))) {
242 fatent->u.ent32_p++;
243 return 1;
245 fatent->u.ent32_p = NULL;
246 return 0;
249 static struct fatent_operations fat12_ops = {
250 .ent_blocknr = fat12_ent_blocknr,
251 .ent_set_ptr = fat12_ent_set_ptr,
252 .ent_bread = fat12_ent_bread,
253 .ent_get = fat12_ent_get,
254 .ent_put = fat12_ent_put,
255 .ent_next = fat12_ent_next,
258 static struct fatent_operations fat16_ops = {
259 .ent_blocknr = fat_ent_blocknr,
260 .ent_set_ptr = fat16_ent_set_ptr,
261 .ent_bread = fat_ent_bread,
262 .ent_get = fat16_ent_get,
263 .ent_put = fat16_ent_put,
264 .ent_next = fat16_ent_next,
267 static struct fatent_operations fat32_ops = {
268 .ent_blocknr = fat_ent_blocknr,
269 .ent_set_ptr = fat32_ent_set_ptr,
270 .ent_bread = fat_ent_bread,
271 .ent_get = fat32_ent_get,
272 .ent_put = fat32_ent_put,
273 .ent_next = fat32_ent_next,
276 static inline void lock_fat(struct msdos_sb_info *sbi)
278 mutex_lock(&sbi->fat_lock);
281 static inline void unlock_fat(struct msdos_sb_info *sbi)
283 mutex_unlock(&sbi->fat_lock);
286 void fat_ent_access_init(struct super_block *sb)
288 struct msdos_sb_info *sbi = MSDOS_SB(sb);
290 mutex_init(&sbi->fat_lock);
292 switch (sbi->fat_bits) {
293 case 32:
294 sbi->fatent_shift = 2;
295 sbi->fatent_ops = &fat32_ops;
296 break;
297 case 16:
298 sbi->fatent_shift = 1;
299 sbi->fatent_ops = &fat16_ops;
300 break;
301 case 12:
302 sbi->fatent_shift = -1;
303 sbi->fatent_ops = &fat12_ops;
304 break;
308 static void mark_fsinfo_dirty(struct super_block *sb)
310 struct msdos_sb_info *sbi = MSDOS_SB(sb);
312 if (sb->s_flags & MS_RDONLY || sbi->fat_bits != 32)
313 return;
315 __mark_inode_dirty(sbi->fsinfo_inode, I_DIRTY_SYNC);
318 static inline int fat_ent_update_ptr(struct super_block *sb,
319 struct fat_entry *fatent,
320 int offset, sector_t blocknr)
322 struct msdos_sb_info *sbi = MSDOS_SB(sb);
323 struct fatent_operations *ops = sbi->fatent_ops;
324 struct buffer_head **bhs = fatent->bhs;
326 /* Is this fatent's blocks including this entry? */
327 if (!fatent->nr_bhs || bhs[0]->b_blocknr != blocknr)
328 return 0;
329 if (sbi->fat_bits == 12) {
330 if ((offset + 1) < sb->s_blocksize) {
331 /* This entry is on bhs[0]. */
332 if (fatent->nr_bhs == 2) {
333 brelse(bhs[1]);
334 fatent->nr_bhs = 1;
336 } else {
337 /* This entry needs the next block. */
338 if (fatent->nr_bhs != 2)
339 return 0;
340 if (bhs[1]->b_blocknr != (blocknr + 1))
341 return 0;
344 ops->ent_set_ptr(fatent, offset);
345 return 1;
348 int fat_ent_read(struct inode *inode, struct fat_entry *fatent, int entry)
350 struct super_block *sb = inode->i_sb;
351 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb);
352 struct fatent_operations *ops = sbi->fatent_ops;
353 int err, offset;
354 sector_t blocknr;
356 if (!fat_valid_entry(sbi, entry)) {
357 fatent_brelse(fatent);
358 fat_fs_error(sb, "invalid access to FAT (entry 0x%08x)", entry);
359 return -EIO;
362 fatent_set_entry(fatent, entry);
363 ops->ent_blocknr(sb, entry, &offset, &blocknr);
365 if (!fat_ent_update_ptr(sb, fatent, offset, blocknr)) {
366 fatent_brelse(fatent);
367 err = ops->ent_bread(sb, fatent, offset, blocknr);
368 if (err)
369 return err;
371 return ops->ent_get(fatent);
374 /* FIXME: We can write the blocks as more big chunk. */
375 static int fat_mirror_bhs(struct super_block *sb, struct buffer_head **bhs,
376 int nr_bhs)
378 struct msdos_sb_info *sbi = MSDOS_SB(sb);
379 struct buffer_head *c_bh;
380 int err, n, copy;
382 err = 0;
383 for (copy = 1; copy < sbi->fats; copy++) {
384 sector_t backup_fat = sbi->fat_length * copy;
386 for (n = 0; n < nr_bhs; n++) {
387 c_bh = sb_getblk(sb, backup_fat + bhs[n]->b_blocknr);
388 if (!c_bh) {
389 err = -ENOMEM;
390 goto error;
392 /* Avoid race with userspace read via bdev */
393 lock_buffer(c_bh);
394 memcpy(c_bh->b_data, bhs[n]->b_data, sb->s_blocksize);
395 set_buffer_uptodate(c_bh);
396 unlock_buffer(c_bh);
397 mark_buffer_dirty_inode(c_bh, sbi->fat_inode);
398 if (sb->s_flags & MS_SYNCHRONOUS)
399 err = sync_dirty_buffer(c_bh);
400 brelse(c_bh);
401 if (err)
402 goto error;
405 error:
406 return err;
409 int fat_ent_write(struct inode *inode, struct fat_entry *fatent,
410 int new, int wait)
412 struct super_block *sb = inode->i_sb;
413 struct fatent_operations *ops = MSDOS_SB(sb)->fatent_ops;
414 int err;
416 ops->ent_put(fatent, new);
417 if (wait) {
418 err = fat_sync_bhs(fatent->bhs, fatent->nr_bhs);
419 if (err)
420 return err;
422 return fat_mirror_bhs(sb, fatent->bhs, fatent->nr_bhs);
425 static inline int fat_ent_next(struct msdos_sb_info *sbi,
426 struct fat_entry *fatent)
428 if (sbi->fatent_ops->ent_next(fatent)) {
429 if (fatent->entry < sbi->max_cluster)
430 return 1;
432 return 0;
435 static inline int fat_ent_read_block(struct super_block *sb,
436 struct fat_entry *fatent)
438 struct fatent_operations *ops = MSDOS_SB(sb)->fatent_ops;
439 sector_t blocknr;
440 int offset;
442 fatent_brelse(fatent);
443 ops->ent_blocknr(sb, fatent->entry, &offset, &blocknr);
444 return ops->ent_bread(sb, fatent, offset, blocknr);
447 static void fat_collect_bhs(struct buffer_head **bhs, int *nr_bhs,
448 struct fat_entry *fatent)
450 int n, i;
452 for (n = 0; n < fatent->nr_bhs; n++) {
453 for (i = 0; i < *nr_bhs; i++) {
454 if (fatent->bhs[n] == bhs[i])
455 break;
457 if (i == *nr_bhs) {
458 get_bh(fatent->bhs[n]);
459 bhs[i] = fatent->bhs[n];
460 (*nr_bhs)++;
465 int fat_alloc_clusters(struct inode *inode, int *cluster, int nr_cluster)
467 struct super_block *sb = inode->i_sb;
468 struct msdos_sb_info *sbi = MSDOS_SB(sb);
469 struct fatent_operations *ops = sbi->fatent_ops;
470 struct fat_entry fatent, prev_ent;
471 struct buffer_head *bhs[MAX_BUF_PER_PAGE];
472 int i, count, err, nr_bhs, idx_clus;
474 BUG_ON(nr_cluster > (MAX_BUF_PER_PAGE / 2)); /* fixed limit */
476 lock_fat(sbi);
477 if (sbi->free_clusters != -1 && sbi->free_clus_valid &&
478 sbi->free_clusters < nr_cluster) {
479 unlock_fat(sbi);
480 return -ENOSPC;
483 err = nr_bhs = idx_clus = 0;
484 count = FAT_START_ENT;
485 fatent_init(&prev_ent);
486 fatent_init(&fatent);
487 fatent_set_entry(&fatent, sbi->prev_free + 1);
488 while (count < sbi->max_cluster) {
489 if (fatent.entry >= sbi->max_cluster)
490 fatent.entry = FAT_START_ENT;
491 fatent_set_entry(&fatent, fatent.entry);
492 err = fat_ent_read_block(sb, &fatent);
493 if (err)
494 goto out;
496 /* Find the free entries in a block */
497 do {
498 if (ops->ent_get(&fatent) == FAT_ENT_FREE) {
499 int entry = fatent.entry;
501 /* make the cluster chain */
502 ops->ent_put(&fatent, FAT_ENT_EOF);
503 if (prev_ent.nr_bhs)
504 ops->ent_put(&prev_ent, entry);
506 fat_collect_bhs(bhs, &nr_bhs, &fatent);
508 sbi->prev_free = entry;
509 if (sbi->free_clusters != -1)
510 sbi->free_clusters--;
512 cluster[idx_clus] = entry;
513 idx_clus++;
514 if (idx_clus == nr_cluster)
515 goto out;
518 * fat_collect_bhs() gets ref-count of bhs,
519 * so we can still use the prev_ent.
521 prev_ent = fatent;
523 count++;
524 if (count == sbi->max_cluster)
525 break;
526 } while (fat_ent_next(sbi, &fatent));
529 /* Couldn't allocate the free entries */
530 sbi->free_clusters = 0;
531 sbi->free_clus_valid = 1;
532 err = -ENOSPC;
534 out:
535 unlock_fat(sbi);
536 mark_fsinfo_dirty(sb);
537 fatent_brelse(&fatent);
538 if (!err) {
539 if (inode_needs_sync(inode))
540 err = fat_sync_bhs(bhs, nr_bhs);
541 if (!err)
542 err = fat_mirror_bhs(sb, bhs, nr_bhs);
544 for (i = 0; i < nr_bhs; i++)
545 brelse(bhs[i]);
547 if (err && idx_clus)
548 fat_free_clusters(inode, cluster[0]);
550 return err;
553 int fat_free_clusters(struct inode *inode, int cluster)
555 struct super_block *sb = inode->i_sb;
556 struct msdos_sb_info *sbi = MSDOS_SB(sb);
557 struct fatent_operations *ops = sbi->fatent_ops;
558 struct fat_entry fatent;
559 struct buffer_head *bhs[MAX_BUF_PER_PAGE];
560 int i, err, nr_bhs;
561 int first_cl = cluster, dirty_fsinfo = 0;
563 nr_bhs = 0;
564 fatent_init(&fatent);
565 lock_fat(sbi);
566 do {
567 cluster = fat_ent_read(inode, &fatent, cluster);
568 if (cluster < 0) {
569 err = cluster;
570 goto error;
571 } else if (cluster == FAT_ENT_FREE) {
572 fat_fs_error(sb, "%s: deleting FAT entry beyond EOF",
573 __func__);
574 err = -EIO;
575 goto error;
578 if (sbi->options.discard) {
580 * Issue discard for the sectors we no longer
581 * care about, batching contiguous clusters
582 * into one request
584 if (cluster != fatent.entry + 1) {
585 int nr_clus = fatent.entry - first_cl + 1;
587 sb_issue_discard(sb,
588 fat_clus_to_blknr(sbi, first_cl),
589 nr_clus * sbi->sec_per_clus,
590 GFP_NOFS, 0);
592 first_cl = cluster;
596 ops->ent_put(&fatent, FAT_ENT_FREE);
597 if (sbi->free_clusters != -1) {
598 sbi->free_clusters++;
599 dirty_fsinfo = 1;
602 if (nr_bhs + fatent.nr_bhs > MAX_BUF_PER_PAGE) {
603 if (sb->s_flags & MS_SYNCHRONOUS) {
604 err = fat_sync_bhs(bhs, nr_bhs);
605 if (err)
606 goto error;
608 err = fat_mirror_bhs(sb, bhs, nr_bhs);
609 if (err)
610 goto error;
611 for (i = 0; i < nr_bhs; i++)
612 brelse(bhs[i]);
613 nr_bhs = 0;
615 fat_collect_bhs(bhs, &nr_bhs, &fatent);
616 } while (cluster != FAT_ENT_EOF);
618 if (sb->s_flags & MS_SYNCHRONOUS) {
619 err = fat_sync_bhs(bhs, nr_bhs);
620 if (err)
621 goto error;
623 err = fat_mirror_bhs(sb, bhs, nr_bhs);
624 error:
625 fatent_brelse(&fatent);
626 for (i = 0; i < nr_bhs; i++)
627 brelse(bhs[i]);
628 unlock_fat(sbi);
629 if (dirty_fsinfo)
630 mark_fsinfo_dirty(sb);
632 return err;
634 EXPORT_SYMBOL_GPL(fat_free_clusters);
636 /* 128kb is the whole sectors for FAT12 and FAT16 */
637 #define FAT_READA_SIZE (128 * 1024)
639 static void fat_ent_reada(struct super_block *sb, struct fat_entry *fatent,
640 unsigned long reada_blocks)
642 struct fatent_operations *ops = MSDOS_SB(sb)->fatent_ops;
643 sector_t blocknr;
644 int i, offset;
646 ops->ent_blocknr(sb, fatent->entry, &offset, &blocknr);
648 for (i = 0; i < reada_blocks; i++)
649 sb_breadahead(sb, blocknr + i);
652 int fat_count_free_clusters(struct super_block *sb)
654 struct msdos_sb_info *sbi = MSDOS_SB(sb);
655 struct fatent_operations *ops = sbi->fatent_ops;
656 struct fat_entry fatent;
657 unsigned long reada_blocks, reada_mask, cur_block;
658 int err = 0, free;
660 lock_fat(sbi);
661 if (sbi->free_clusters != -1 && sbi->free_clus_valid)
662 goto out;
664 reada_blocks = FAT_READA_SIZE >> sb->s_blocksize_bits;
665 reada_mask = reada_blocks - 1;
666 cur_block = 0;
668 free = 0;
669 fatent_init(&fatent);
670 fatent_set_entry(&fatent, FAT_START_ENT);
671 while (fatent.entry < sbi->max_cluster) {
672 /* readahead of fat blocks */
673 if ((cur_block & reada_mask) == 0) {
674 unsigned long rest = sbi->fat_length - cur_block;
675 fat_ent_reada(sb, &fatent, min(reada_blocks, rest));
677 cur_block++;
679 err = fat_ent_read_block(sb, &fatent);
680 if (err)
681 goto out;
683 do {
684 if (ops->ent_get(&fatent) == FAT_ENT_FREE)
685 free++;
686 } while (fat_ent_next(sbi, &fatent));
687 cond_resched();
689 sbi->free_clusters = free;
690 sbi->free_clus_valid = 1;
691 mark_fsinfo_dirty(sb);
692 fatent_brelse(&fatent);
693 out:
694 unlock_fat(sbi);
695 return err;