search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hfs / brec.c
blob85dab71bee74f0cc2e1a9e13674dfc9babf307a1
1 /*
2 * linux/fs/hfs/brec.c
3 *
4 * Copyright (C) 2001
5 * Brad Boyer (flar@allandria.com)
6 * (C) 2003 Ardis Technologies <roman@ardistech.com>
7 *
8 * Handle individual btree records
9 */
10
11 #include "btree.h"
12
13 static struct hfs_bnode *hfs_bnode_split(struct hfs_find_data *fd);
14 static int hfs_brec_update_parent(struct hfs_find_data *fd);
15 static int hfs_btree_inc_height(struct hfs_btree *tree);
16
17 /* Get the length and offset of the given record in the given node */
18 u16 hfs_brec_lenoff(struct hfs_bnode *node, u16 rec, u16 *off)
19 {
20 __be16 retval[2];
21 u16 dataoff;
22
23 dataoff = node->tree->node_size - (rec + 2) * 2;
24 hfs_bnode_read(node, retval, dataoff, 4);
25 *off = be16_to_cpu(retval[1]);
26 return be16_to_cpu(retval[0]) - *off;
27 }
28
29 /* Get the length of the key from a keyed record */
30 u16 hfs_brec_keylen(struct hfs_bnode *node, u16 rec)
31 {
32 u16 retval, recoff;
33
34 if (node->type != HFS_NODE_INDEX && node->type != HFS_NODE_LEAF)
35 return 0;
36
37 if ((node->type == HFS_NODE_INDEX) &&
38 !(node->tree->attributes & HFS_TREE_VARIDXKEYS)) {
39 if (node->tree->attributes & HFS_TREE_BIGKEYS)
40 retval = node->tree->max_key_len + 2;
41 else
42 retval = node->tree->max_key_len + 1;
43 } else {
44 recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec + 1) * 2);
45 if (!recoff)
46 return 0;
47 if (node->tree->attributes & HFS_TREE_BIGKEYS) {
48 retval = hfs_bnode_read_u16(node, recoff) + 2;
49 if (retval > node->tree->max_key_len + 2) {
50 pr_err("keylen %d too large\n", retval);
51 retval = 0;
52 }
53 } else {
54 retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
55 if (retval > node->tree->max_key_len + 1) {
56 pr_err("keylen %d too large\n", retval);
57 retval = 0;
58 }
59 }
60 }
61 return retval;
62 }
63
64 int hfs_brec_insert(struct hfs_find_data *fd, void *entry, int entry_len)
65 {
66 struct hfs_btree *tree;
67 struct hfs_bnode *node, *new_node;
68 int size, key_len, rec;
69 int data_off, end_off;
70 int idx_rec_off, data_rec_off, end_rec_off;
71 __be32 cnid;
72
73 tree = fd->tree;
74 if (!fd->bnode) {
75 if (!tree->root)
76 hfs_btree_inc_height(tree);
77 node = hfs_bnode_find(tree, tree->leaf_head);
78 if (IS_ERR(node))
79 return PTR_ERR(node);
80 fd->bnode = node;
81 fd->record = -1;
82 }
83 new_node = NULL;
84 key_len = (fd->search_key->key_len | 1) + 1;
85 again:
86 /* new record idx and complete record size */
87 rec = fd->record + 1;
88 size = key_len + entry_len;
89
90 node = fd->bnode;
91 hfs_bnode_dump(node);
92 /* get last offset */
93 end_rec_off = tree->node_size - (node->num_recs + 1) * 2;
94 end_off = hfs_bnode_read_u16(node, end_rec_off);
95 end_rec_off -= 2;
96 hfs_dbg(BNODE_MOD, "insert_rec: %d, %d, %d, %d\n",
97 rec, size, end_off, end_rec_off);
98 if (size > end_rec_off - end_off) {
99 if (new_node)
100 panic("not enough room!\n");
101 new_node = hfs_bnode_split(fd);
102 if (IS_ERR(new_node))
103 return PTR_ERR(new_node);
104 goto again;
105 }
106 if (node->type == HFS_NODE_LEAF) {
107 tree->leaf_count++;
108 mark_inode_dirty(tree->inode);
109 }
110 node->num_recs++;
111 /* write new last offset */
112 hfs_bnode_write_u16(node, offsetof(struct hfs_bnode_desc, num_recs), node->num_recs);
113 hfs_bnode_write_u16(node, end_rec_off, end_off + size);
114 data_off = end_off;
115 data_rec_off = end_rec_off + 2;
116 idx_rec_off = tree->node_size - (rec + 1) * 2;
117 if (idx_rec_off == data_rec_off)
118 goto skip;
119 /* move all following entries */
120 do {
121 data_off = hfs_bnode_read_u16(node, data_rec_off + 2);
122 hfs_bnode_write_u16(node, data_rec_off, data_off + size);
123 data_rec_off += 2;
124 } while (data_rec_off < idx_rec_off);
125
126 /* move data away */
127 hfs_bnode_move(node, data_off + size, data_off,
128 end_off - data_off);
129
130 skip:
131 hfs_bnode_write(node, fd->search_key, data_off, key_len);
132 hfs_bnode_write(node, entry, data_off + key_len, entry_len);
133 hfs_bnode_dump(node);
134
135 /*
136 * update parent key if we inserted a key
137 * at the start of the node and it is not the new node
138 */
139 if (!rec && new_node != node) {
140 hfs_bnode_read_key(node, fd->search_key, data_off + size);
141 hfs_brec_update_parent(fd);
142 }
143
144 if (new_node) {
145 hfs_bnode_put(fd->bnode);
146 if (!new_node->parent) {
147 hfs_btree_inc_height(tree);
148 new_node->parent = tree->root;
149 }
150 fd->bnode = hfs_bnode_find(tree, new_node->parent);
151
152 /* create index data entry */
153 cnid = cpu_to_be32(new_node->this);
154 entry = &cnid;
155 entry_len = sizeof(cnid);
156
157 /* get index key */
158 hfs_bnode_read_key(new_node, fd->search_key, 14);
159 __hfs_brec_find(fd->bnode, fd);
160
161 hfs_bnode_put(new_node);
162 new_node = NULL;
163
164 if (tree->attributes & HFS_TREE_VARIDXKEYS)
165 key_len = fd->search_key->key_len + 1;
166 else {
167 fd->search_key->key_len = tree->max_key_len;
168 key_len = tree->max_key_len + 1;
169 }
170 goto again;
171 }
172
173 return 0;
174 }
175
176 int hfs_brec_remove(struct hfs_find_data *fd)
177 {
178 struct hfs_btree *tree;
179 struct hfs_bnode *node, *parent;
180 int end_off, rec_off, data_off, size;
181
182 tree = fd->tree;
183 node = fd->bnode;
184 again:
185 rec_off = tree->node_size - (fd->record + 2) * 2;
186 end_off = tree->node_size - (node->num_recs + 1) * 2;
187
188 if (node->type == HFS_NODE_LEAF) {
189 tree->leaf_count--;
190 mark_inode_dirty(tree->inode);
191 }
192 hfs_bnode_dump(node);
193 hfs_dbg(BNODE_MOD, "remove_rec: %d, %d\n",
194 fd->record, fd->keylength + fd->entrylength);
195 if (!--node->num_recs) {
196 hfs_bnode_unlink(node);
197 if (!node->parent)
198 return 0;
199 parent = hfs_bnode_find(tree, node->parent);
200 if (IS_ERR(parent))
201 return PTR_ERR(parent);
202 hfs_bnode_put(node);
203 node = fd->bnode = parent;
204
205 __hfs_brec_find(node, fd);
206 goto again;
207 }
208 hfs_bnode_write_u16(node, offsetof(struct hfs_bnode_desc, num_recs), node->num_recs);
209
210 if (rec_off == end_off)
211 goto skip;
212 size = fd->keylength + fd->entrylength;
213
214 do {
215 data_off = hfs_bnode_read_u16(node, rec_off);
216 hfs_bnode_write_u16(node, rec_off + 2, data_off - size);
217 rec_off -= 2;
218 } while (rec_off >= end_off);
219
220 /* fill hole */
221 hfs_bnode_move(node, fd->keyoffset, fd->keyoffset + size,
222 data_off - fd->keyoffset - size);
223 skip:
224 hfs_bnode_dump(node);
225 if (!fd->record)
226 hfs_brec_update_parent(fd);
227 return 0;
228 }
229
230 static struct hfs_bnode *hfs_bnode_split(struct hfs_find_data *fd)
231 {
232 struct hfs_btree *tree;
233 struct hfs_bnode *node, *new_node, *next_node;
234 struct hfs_bnode_desc node_desc;
235 int num_recs, new_rec_off, new_off, old_rec_off;
236 int data_start, data_end, size;
237
238 tree = fd->tree;
239 node = fd->bnode;
240 new_node = hfs_bmap_alloc(tree);
241 if (IS_ERR(new_node))
242 return new_node;
243 hfs_bnode_get(node);
244 hfs_dbg(BNODE_MOD, "split_nodes: %d - %d - %d\n",
245 node->this, new_node->this, node->next);
246 new_node->next = node->next;
247 new_node->prev = node->this;
248 new_node->parent = node->parent;
249 new_node->type = node->type;
250 new_node->height = node->height;
251
252 if (node->next)
253 next_node = hfs_bnode_find(tree, node->next);
254 else
255 next_node = NULL;
256
257 if (IS_ERR(next_node)) {
258 hfs_bnode_put(node);
259 hfs_bnode_put(new_node);
260 return next_node;
261 }
262
263 size = tree->node_size / 2 - node->num_recs * 2 - 14;
264 old_rec_off = tree->node_size - 4;
265 num_recs = 1;
266 for (;;) {
267 data_start = hfs_bnode_read_u16(node, old_rec_off);
268 if (data_start > size)
269 break;
270 old_rec_off -= 2;
271 if (++num_recs < node->num_recs)
272 continue;
273 /* panic? */
274 hfs_bnode_put(node);
275 hfs_bnode_put(new_node);
276 if (next_node)
277 hfs_bnode_put(next_node);
278 return ERR_PTR(-ENOSPC);
279 }
280
281 if (fd->record + 1 < num_recs) {
282 /* new record is in the lower half,
283 * so leave some more space there
284 */
285 old_rec_off += 2;
286 num_recs--;
287 data_start = hfs_bnode_read_u16(node, old_rec_off);
288 } else {
289 hfs_bnode_put(node);
290 hfs_bnode_get(new_node);
291 fd->bnode = new_node;
292 fd->record -= num_recs;
293 fd->keyoffset -= data_start - 14;
294 fd->entryoffset -= data_start - 14;
295 }
296 new_node->num_recs = node->num_recs - num_recs;
297 node->num_recs = num_recs;
298
299 new_rec_off = tree->node_size - 2;
300 new_off = 14;
301 size = data_start - new_off;
302 num_recs = new_node->num_recs;
303 data_end = data_start;
304 while (num_recs) {
305 hfs_bnode_write_u16(new_node, new_rec_off, new_off);
306 old_rec_off -= 2;
307 new_rec_off -= 2;
308 data_end = hfs_bnode_read_u16(node, old_rec_off);
309 new_off = data_end - size;
310 num_recs--;
311 }
312 hfs_bnode_write_u16(new_node, new_rec_off, new_off);
313 hfs_bnode_copy(new_node, 14, node, data_start, data_end - data_start);
314
315 /* update new bnode header */
316 node_desc.next = cpu_to_be32(new_node->next);
317 node_desc.prev = cpu_to_be32(new_node->prev);
318 node_desc.type = new_node->type;
319 node_desc.height = new_node->height;
320 node_desc.num_recs = cpu_to_be16(new_node->num_recs);
321 node_desc.reserved = 0;
322 hfs_bnode_write(new_node, &node_desc, 0, sizeof(node_desc));
323
324 /* update previous bnode header */
325 node->next = new_node->this;
326 hfs_bnode_read(node, &node_desc, 0, sizeof(node_desc));
327 node_desc.next = cpu_to_be32(node->next);
328 node_desc.num_recs = cpu_to_be16(node->num_recs);
329 hfs_bnode_write(node, &node_desc, 0, sizeof(node_desc));
330
331 /* update next bnode header */
332 if (next_node) {
333 next_node->prev = new_node->this;
334 hfs_bnode_read(next_node, &node_desc, 0, sizeof(node_desc));
335 node_desc.prev = cpu_to_be32(next_node->prev);
336 hfs_bnode_write(next_node, &node_desc, 0, sizeof(node_desc));
337 hfs_bnode_put(next_node);
338 } else if (node->this == tree->leaf_tail) {
339 /* if there is no next node, this might be the new tail */
340 tree->leaf_tail = new_node->this;
341 mark_inode_dirty(tree->inode);
342 }
343
344 hfs_bnode_dump(node);
345 hfs_bnode_dump(new_node);
346 hfs_bnode_put(node);
347
348 return new_node;
349 }
350
351 static int hfs_brec_update_parent(struct hfs_find_data *fd)
352 {
353 struct hfs_btree *tree;
354 struct hfs_bnode *node, *new_node, *parent;
355 int newkeylen, diff;
356 int rec, rec_off, end_rec_off;
357 int start_off, end_off;
358
359 tree = fd->tree;
360 node = fd->bnode;
361 new_node = NULL;
362 if (!node->parent)
363 return 0;
364
365 again:
366 parent = hfs_bnode_find(tree, node->parent);
367 if (IS_ERR(parent))
368 return PTR_ERR(parent);
369 __hfs_brec_find(parent, fd);
370 if (fd->record < 0)
371 return -ENOENT;
372 hfs_bnode_dump(parent);
373 rec = fd->record;
374
375 /* size difference between old and new key */
376 if (tree->attributes & HFS_TREE_VARIDXKEYS)
377 newkeylen = (hfs_bnode_read_u8(node, 14) | 1) + 1;
378 else
379 fd->keylength = newkeylen = tree->max_key_len + 1;
380 hfs_dbg(BNODE_MOD, "update_rec: %d, %d, %d\n",
381 rec, fd->keylength, newkeylen);
382
383 rec_off = tree->node_size - (rec + 2) * 2;
384 end_rec_off = tree->node_size - (parent->num_recs + 1) * 2;
385 diff = newkeylen - fd->keylength;
386 if (!diff)
387 goto skip;
388 if (diff > 0) {
389 end_off = hfs_bnode_read_u16(parent, end_rec_off);
390 if (end_rec_off - end_off < diff) {
391
392 printk(KERN_DEBUG "splitting index node...\n");
393 fd->bnode = parent;
394 new_node = hfs_bnode_split(fd);
395 if (IS_ERR(new_node))
396 return PTR_ERR(new_node);
397 parent = fd->bnode;
398 rec = fd->record;
399 rec_off = tree->node_size - (rec + 2) * 2;
400 end_rec_off = tree->node_size - (parent->num_recs + 1) * 2;
401 }
402 }
403
404 end_off = start_off = hfs_bnode_read_u16(parent, rec_off);
405 hfs_bnode_write_u16(parent, rec_off, start_off + diff);
406 start_off -= 4; /* move previous cnid too */
407
408 while (rec_off > end_rec_off) {
409 rec_off -= 2;
410 end_off = hfs_bnode_read_u16(parent, rec_off);
411 hfs_bnode_write_u16(parent, rec_off, end_off + diff);
412 }
413 hfs_bnode_move(parent, start_off + diff, start_off,
414 end_off - start_off);
415 skip:
416 hfs_bnode_copy(parent, fd->keyoffset, node, 14, newkeylen);
417 if (!(tree->attributes & HFS_TREE_VARIDXKEYS))
418 hfs_bnode_write_u8(parent, fd->keyoffset, newkeylen - 1);
419 hfs_bnode_dump(parent);
420
421 hfs_bnode_put(node);
422 node = parent;
423
424 if (new_node) {
425 __be32 cnid;
426
427 if (!new_node->parent) {
428 hfs_btree_inc_height(tree);
429 new_node->parent = tree->root;
430 }
431 fd->bnode = hfs_bnode_find(tree, new_node->parent);
432 /* create index key and entry */
433 hfs_bnode_read_key(new_node, fd->search_key, 14);
434 cnid = cpu_to_be32(new_node->this);
435
436 __hfs_brec_find(fd->bnode, fd);
437 hfs_brec_insert(fd, &cnid, sizeof(cnid));
438 hfs_bnode_put(fd->bnode);
439 hfs_bnode_put(new_node);
440
441 if (!rec) {
442 if (new_node == node)
443 goto out;
444 /* restore search_key */
445 hfs_bnode_read_key(node, fd->search_key, 14);
446 }
447 new_node = NULL;
448 }
449
450 if (!rec && node->parent)
451 goto again;
452 out:
453 fd->bnode = node;
454 return 0;
455 }
456
457 static int hfs_btree_inc_height(struct hfs_btree *tree)
458 {
459 struct hfs_bnode *node, *new_node;
460 struct hfs_bnode_desc node_desc;
461 int key_size, rec;
462 __be32 cnid;
463
464 node = NULL;
465 if (tree->root) {
466 node = hfs_bnode_find(tree, tree->root);
467 if (IS_ERR(node))
468 return PTR_ERR(node);
469 }
470 new_node = hfs_bmap_alloc(tree);
471 if (IS_ERR(new_node)) {
472 hfs_bnode_put(node);
473 return PTR_ERR(new_node);
474 }
475
476 tree->root = new_node->this;
477 if (!tree->depth) {
478 tree->leaf_head = tree->leaf_tail = new_node->this;
479 new_node->type = HFS_NODE_LEAF;
480 new_node->num_recs = 0;
481 } else {
482 new_node->type = HFS_NODE_INDEX;
483 new_node->num_recs = 1;
484 }
485 new_node->parent = 0;
486 new_node->next = 0;
487 new_node->prev = 0;
488 new_node->height = ++tree->depth;
489
490 node_desc.next = cpu_to_be32(new_node->next);
491 node_desc.prev = cpu_to_be32(new_node->prev);
492 node_desc.type = new_node->type;
493 node_desc.height = new_node->height;
494 node_desc.num_recs = cpu_to_be16(new_node->num_recs);
495 node_desc.reserved = 0;
496 hfs_bnode_write(new_node, &node_desc, 0, sizeof(node_desc));
497
498 rec = tree->node_size - 2;
499 hfs_bnode_write_u16(new_node, rec, 14);
500
501 if (node) {
502 /* insert old root idx into new root */
503 node->parent = tree->root;
504 if (node->type == HFS_NODE_LEAF ||
505 tree->attributes & HFS_TREE_VARIDXKEYS)
506 key_size = hfs_bnode_read_u8(node, 14) + 1;
507 else
508 key_size = tree->max_key_len + 1;
509 hfs_bnode_copy(new_node, 14, node, 14, key_size);
510
511 if (!(tree->attributes & HFS_TREE_VARIDXKEYS)) {
512 key_size = tree->max_key_len + 1;
513 hfs_bnode_write_u8(new_node, 14, tree->max_key_len);
514 }
515 key_size = (key_size + 1) & -2;
516 cnid = cpu_to_be32(node->this);
517 hfs_bnode_write(new_node, &cnid, 14 + key_size, 4);
518
519 rec -= 2;
520 hfs_bnode_write_u16(new_node, rec, 14 + key_size + 4);
521
522 hfs_bnode_put(node);
523 }
524 hfs_bnode_put(new_node);
525 mark_inode_dirty(tree->inode);
526
527 return 0;
528 }
Linux with added FPC-III support