search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hfs / btree.c
blob9e9b02f5134b09132002c13b68777b4f3ff9a928
1 /*
2 * linux/fs/hfs/btree.c
3 *
4 * Copyright (C) 2001
5 * Brad Boyer (flar@allandria.com)
6 * (C) 2003 Ardis Technologies <roman@ardistech.com>
7 *
8 * Handle opening/closing btree
9 */
10
11 #include <linux/pagemap.h>
12 #include <linux/slab.h>
13 #include <linux/log2.h>
14
15 #include "btree.h"
16
17 /* Get a reference to a B*Tree and do some initial checks */
18 struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp keycmp)
19 {
20 struct hfs_btree *tree;
21 struct hfs_btree_header_rec *head;
22 struct address_space *mapping;
23 struct page *page;
24 unsigned int size;
25
26 tree = kzalloc(sizeof(*tree), GFP_KERNEL);
27 if (!tree)
28 return NULL;
29
30 mutex_init(&tree->tree_lock);
31 spin_lock_init(&tree->hash_lock);
32 /* Set the correct compare function */
33 tree->sb = sb;
34 tree->cnid = id;
35 tree->keycmp = keycmp;
36
37 tree->inode = iget_locked(sb, id);
38 if (!tree->inode)
39 goto free_tree;
40 BUG_ON(!(tree->inode->i_state & I_NEW));
41 {
42 struct hfs_mdb *mdb = HFS_SB(sb)->mdb;
43 HFS_I(tree->inode)->flags = 0;
44 mutex_init(&HFS_I(tree->inode)->extents_lock);
45 switch (id) {
46 case HFS_EXT_CNID:
47 hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize,
48 mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz));
49 if (HFS_I(tree->inode)->alloc_blocks >
50 HFS_I(tree->inode)->first_blocks) {
51 pr_err("invalid btree extent records\n");
52 unlock_new_inode(tree->inode);
53 goto free_inode;
54 }
55
56 tree->inode->i_mapping->a_ops = &hfs_btree_aops;
57 break;
58 case HFS_CAT_CNID:
59 hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize,
60 mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz));
61
62 if (!HFS_I(tree->inode)->first_blocks) {
63 pr_err("invalid btree extent records (0 size)\n");
64 unlock_new_inode(tree->inode);
65 goto free_inode;
66 }
67
68 tree->inode->i_mapping->a_ops = &hfs_btree_aops;
69 break;
70 default:
71 BUG();
72 }
73 }
74 unlock_new_inode(tree->inode);
75
76 mapping = tree->inode->i_mapping;
77 page = read_mapping_page(mapping, 0, NULL);
78 if (IS_ERR(page))
79 goto free_inode;
80
81 /* Load the header */
82 head = (struct hfs_btree_header_rec *)(kmap(page) + sizeof(struct hfs_bnode_desc));
83 tree->root = be32_to_cpu(head->root);
84 tree->leaf_count = be32_to_cpu(head->leaf_count);
85 tree->leaf_head = be32_to_cpu(head->leaf_head);
86 tree->leaf_tail = be32_to_cpu(head->leaf_tail);
87 tree->node_count = be32_to_cpu(head->node_count);
88 tree->free_nodes = be32_to_cpu(head->free_nodes);
89 tree->attributes = be32_to_cpu(head->attributes);
90 tree->node_size = be16_to_cpu(head->node_size);
91 tree->max_key_len = be16_to_cpu(head->max_key_len);
92 tree->depth = be16_to_cpu(head->depth);
93
94 size = tree->node_size;
95 if (!is_power_of_2(size))
96 goto fail_page;
97 if (!tree->node_count)
98 goto fail_page;
99 switch (id) {
100 case HFS_EXT_CNID:
101 if (tree->max_key_len != HFS_MAX_EXT_KEYLEN) {
102 pr_err("invalid extent max_key_len %d\n",
103 tree->max_key_len);
104 goto fail_page;
105 }
106 break;
107 case HFS_CAT_CNID:
108 if (tree->max_key_len != HFS_MAX_CAT_KEYLEN) {
109 pr_err("invalid catalog max_key_len %d\n",
110 tree->max_key_len);
111 goto fail_page;
112 }
113 break;
114 default:
115 BUG();
116 }
117
118 tree->node_size_shift = ffs(size) - 1;
119 tree->pages_per_bnode = (tree->node_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
120
121 kunmap(page);
122 page_cache_release(page);
123 return tree;
124
125 fail_page:
126 page_cache_release(page);
127 free_inode:
128 tree->inode->i_mapping->a_ops = &hfs_aops;
129 iput(tree->inode);
130 free_tree:
131 kfree(tree);
132 return NULL;
133 }
134
135 /* Release resources used by a btree */
136 void hfs_btree_close(struct hfs_btree *tree)
137 {
138 struct hfs_bnode *node;
139 int i;
140
141 if (!tree)
142 return;
143
144 for (i = 0; i < NODE_HASH_SIZE; i++) {
145 while ((node = tree->node_hash[i])) {
146 tree->node_hash[i] = node->next_hash;
147 if (atomic_read(&node->refcnt))
148 pr_err("node %d:%d still has %d user(s)!\n",
149 node->tree->cnid, node->this,
150 atomic_read(&node->refcnt));
151 hfs_bnode_free(node);
152 tree->node_hash_cnt--;
153 }
154 }
155 iput(tree->inode);
156 kfree(tree);
157 }
158
159 void hfs_btree_write(struct hfs_btree *tree)
160 {
161 struct hfs_btree_header_rec *head;
162 struct hfs_bnode *node;
163 struct page *page;
164
165 node = hfs_bnode_find(tree, 0);
166 if (IS_ERR(node))
167 /* panic? */
168 return;
169 /* Load the header */
170 page = node->page[0];
171 head = (struct hfs_btree_header_rec *)(kmap(page) + sizeof(struct hfs_bnode_desc));
172
173 head->root = cpu_to_be32(tree->root);
174 head->leaf_count = cpu_to_be32(tree->leaf_count);
175 head->leaf_head = cpu_to_be32(tree->leaf_head);
176 head->leaf_tail = cpu_to_be32(tree->leaf_tail);
177 head->node_count = cpu_to_be32(tree->node_count);
178 head->free_nodes = cpu_to_be32(tree->free_nodes);
179 head->attributes = cpu_to_be32(tree->attributes);
180 head->depth = cpu_to_be16(tree->depth);
181
182 kunmap(page);
183 set_page_dirty(page);
184 hfs_bnode_put(node);
185 }
186
187 static struct hfs_bnode *hfs_bmap_new_bmap(struct hfs_bnode *prev, u32 idx)
188 {
189 struct hfs_btree *tree = prev->tree;
190 struct hfs_bnode *node;
191 struct hfs_bnode_desc desc;
192 __be32 cnid;
193
194 node = hfs_bnode_create(tree, idx);
195 if (IS_ERR(node))
196 return node;
197
198 if (!tree->free_nodes)
199 panic("FIXME!!!");
200 tree->free_nodes--;
201 prev->next = idx;
202 cnid = cpu_to_be32(idx);
203 hfs_bnode_write(prev, &cnid, offsetof(struct hfs_bnode_desc, next), 4);
204
205 node->type = HFS_NODE_MAP;
206 node->num_recs = 1;
207 hfs_bnode_clear(node, 0, tree->node_size);
208 desc.next = 0;
209 desc.prev = 0;
210 desc.type = HFS_NODE_MAP;
211 desc.height = 0;
212 desc.num_recs = cpu_to_be16(1);
213 desc.reserved = 0;
214 hfs_bnode_write(node, &desc, 0, sizeof(desc));
215 hfs_bnode_write_u16(node, 14, 0x8000);
216 hfs_bnode_write_u16(node, tree->node_size - 2, 14);
217 hfs_bnode_write_u16(node, tree->node_size - 4, tree->node_size - 6);
218
219 return node;
220 }
221
222 /* Make sure @tree has enough space for the @rsvd_nodes */
223 int hfs_bmap_reserve(struct hfs_btree *tree, int rsvd_nodes)
224 {
225 struct inode *inode = tree->inode;
226 u32 count;
227 int res;
228
229 while (tree->free_nodes < rsvd_nodes) {
230 res = hfs_extend_file(inode);
231 if (res)
232 return res;
233 HFS_I(inode)->phys_size = inode->i_size =
234 (loff_t)HFS_I(inode)->alloc_blocks *
235 HFS_SB(tree->sb)->alloc_blksz;
236 HFS_I(inode)->fs_blocks = inode->i_size >>
237 tree->sb->s_blocksize_bits;
238 inode_set_bytes(inode, inode->i_size);
239 count = inode->i_size >> tree->node_size_shift;
240 tree->free_nodes += count - tree->node_count;
241 tree->node_count = count;
242 }
243 return 0;
244 }
245
246 struct hfs_bnode *hfs_bmap_alloc(struct hfs_btree *tree)
247 {
248 struct hfs_bnode *node, *next_node;
249 struct page **pagep;
250 u32 nidx, idx;
251 unsigned off;
252 u16 off16;
253 u16 len;
254 u8 *data, byte, m;
255 int i, res;
256
257 res = hfs_bmap_reserve(tree, 1);
258 if (res)
259 return ERR_PTR(res);
260
261 nidx = 0;
262 node = hfs_bnode_find(tree, nidx);
263 if (IS_ERR(node))
264 return node;
265 len = hfs_brec_lenoff(node, 2, &off16);
266 off = off16;
267
268 off += node->page_offset;
269 pagep = node->page + (off >> PAGE_CACHE_SHIFT);
270 data = kmap(*pagep);
271 off &= ~PAGE_CACHE_MASK;
272 idx = 0;
273
274 for (;;) {
275 while (len) {
276 byte = data[off];
277 if (byte != 0xff) {
278 for (m = 0x80, i = 0; i < 8; m >>= 1, i++) {
279 if (!(byte & m)) {
280 idx += i;
281 data[off] |= m;
282 set_page_dirty(*pagep);
283 kunmap(*pagep);
284 tree->free_nodes--;
285 mark_inode_dirty(tree->inode);
286 hfs_bnode_put(node);
287 return hfs_bnode_create(tree, idx);
288 }
289 }
290 }
291 if (++off >= PAGE_CACHE_SIZE) {
292 kunmap(*pagep);
293 data = kmap(*++pagep);
294 off = 0;
295 }
296 idx += 8;
297 len--;
298 }
299 kunmap(*pagep);
300 nidx = node->next;
301 if (!nidx) {
302 printk(KERN_DEBUG "create new bmap node...\n");
303 next_node = hfs_bmap_new_bmap(node, idx);
304 } else
305 next_node = hfs_bnode_find(tree, nidx);
306 hfs_bnode_put(node);
307 if (IS_ERR(next_node))
308 return next_node;
309 node = next_node;
310
311 len = hfs_brec_lenoff(node, 0, &off16);
312 off = off16;
313 off += node->page_offset;
314 pagep = node->page + (off >> PAGE_CACHE_SHIFT);
315 data = kmap(*pagep);
316 off &= ~PAGE_CACHE_MASK;
317 }
318 }
319
320 void hfs_bmap_free(struct hfs_bnode *node)
321 {
322 struct hfs_btree *tree;
323 struct page *page;
324 u16 off, len;
325 u32 nidx;
326 u8 *data, byte, m;
327
328 hfs_dbg(BNODE_MOD, "btree_free_node: %u\n", node->this);
329 tree = node->tree;
330 nidx = node->this;
331 node = hfs_bnode_find(tree, 0);
332 if (IS_ERR(node))
333 return;
334 len = hfs_brec_lenoff(node, 2, &off);
335 while (nidx >= len * 8) {
336 u32 i;
337
338 nidx -= len * 8;
339 i = node->next;
340 if (!i) {
341 /* panic */;
342 pr_crit("unable to free bnode %u. bmap not found!\n",
343 node->this);
344 hfs_bnode_put(node);
345 return;
346 }
347 hfs_bnode_put(node);
348 node = hfs_bnode_find(tree, i);
349 if (IS_ERR(node))
350 return;
351 if (node->type != HFS_NODE_MAP) {
352 /* panic */;
353 pr_crit("invalid bmap found! (%u,%d)\n",
354 node->this, node->type);
355 hfs_bnode_put(node);
356 return;
357 }
358 len = hfs_brec_lenoff(node, 0, &off);
359 }
360 off += node->page_offset + nidx / 8;
361 page = node->page[off >> PAGE_CACHE_SHIFT];
362 data = kmap(page);
363 off &= ~PAGE_CACHE_MASK;
364 m = 1 << (~nidx & 7);
365 byte = data[off];
366 if (!(byte & m)) {
367 pr_crit("trying to free free bnode %u(%d)\n",
368 node->this, node->type);
369 kunmap(page);
370 hfs_bnode_put(node);
371 return;
372 }
373 data[off] = byte & ~m;
374 set_page_dirty(page);
375 kunmap(page);
376 hfs_bnode_put(node);
377 tree->free_nodes++;
378 mark_inode_dirty(tree->inode);
379 }
Linux with added FPC-III support