HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hfsplus / brec.c
blob20ce698251ad1d9529d880ffcaf68e170809f79e
1 /*
2 * linux/fs/hfsplus/brec.c
4 * Copyright (C) 2001
5 * Brad Boyer (flar@allandria.com)
6 * (C) 2003 Ardis Technologies <roman@ardistech.com>
8 * Handle individual btree records
9 */
11 #include "hfsplus_fs.h"
12 #include "hfsplus_raw.h"
14 static struct hfs_bnode *hfs_bnode_split(struct hfs_find_data *fd);
15 static int hfs_brec_update_parent(struct hfs_find_data *fd);
16 static int hfs_btree_inc_height(struct hfs_btree *);
18 /* Get the length and offset of the given record in the given node */
19 u16 hfs_brec_lenoff(struct hfs_bnode *node, u16 rec, u16 *off)
21 __be16 retval[2];
22 u16 dataoff;
24 dataoff = node->tree->node_size - (rec + 2) * 2;
25 hfs_bnode_read(node, retval, dataoff, 4);
26 *off = be16_to_cpu(retval[1]);
27 return be16_to_cpu(retval[0]) - *off;
30 /* Get the length of the key from a keyed record */
31 u16 hfs_brec_keylen(struct hfs_bnode *node, u16 rec)
33 u16 retval, recoff;
35 if (node->type != HFS_NODE_INDEX && node->type != HFS_NODE_LEAF)
36 return 0;
38 if ((node->type == HFS_NODE_INDEX) &&
39 !(node->tree->attributes & HFS_TREE_VARIDXKEYS) &&
40 (node->tree->cnid != HFSPLUS_ATTR_CNID)) {
41 retval = node->tree->max_key_len + 2;
42 } else {
43 recoff = hfs_bnode_read_u16(node,
44 node->tree->node_size - (rec + 1) * 2);
45 if (!recoff)
46 return 0;
47 if (recoff > node->tree->node_size - 2) {
48 pr_err("recoff %d too large\n", recoff);
49 return 0;
52 retval = hfs_bnode_read_u16(node, recoff) + 2;
53 if (retval > node->tree->max_key_len + 2) {
54 pr_err("keylen %d too large\n",
55 retval);
56 retval = 0;
59 return retval;
62 int hfs_brec_insert(struct hfs_find_data *fd, void *entry, int entry_len)
64 struct hfs_btree *tree;
65 struct hfs_bnode *node, *new_node;
66 int size, key_len, rec;
67 int data_off, end_off;
68 int idx_rec_off, data_rec_off, end_rec_off;
69 __be32 cnid;
71 tree = fd->tree;
72 if (!fd->bnode) {
73 if (!tree->root)
74 hfs_btree_inc_height(tree);
75 fd->bnode = hfs_bnode_find(tree, tree->leaf_head);
76 if (IS_ERR(fd->bnode))
77 return PTR_ERR(fd->bnode);
78 fd->record = -1;
80 new_node = NULL;
81 key_len = be16_to_cpu(fd->search_key->key_len) + 2;
82 again:
83 /* new record idx and complete record size */
84 rec = fd->record + 1;
85 size = key_len + entry_len;
87 node = fd->bnode;
88 hfs_bnode_dump(node);
89 /* get last offset */
90 end_rec_off = tree->node_size - (node->num_recs + 1) * 2;
91 end_off = hfs_bnode_read_u16(node, end_rec_off);
92 end_rec_off -= 2;
93 hfs_dbg(BNODE_MOD, "insert_rec: %d, %d, %d, %d\n",
94 rec, size, end_off, end_rec_off);
95 if (size > end_rec_off - end_off) {
96 if (new_node)
97 panic("not enough room!\n");
98 new_node = hfs_bnode_split(fd);
99 if (IS_ERR(new_node))
100 return PTR_ERR(new_node);
101 goto again;
103 if (node->type == HFS_NODE_LEAF) {
104 tree->leaf_count++;
105 mark_inode_dirty(tree->inode);
107 node->num_recs++;
108 /* write new last offset */
109 hfs_bnode_write_u16(node,
110 offsetof(struct hfs_bnode_desc, num_recs),
111 node->num_recs);
112 hfs_bnode_write_u16(node, end_rec_off, end_off + size);
113 data_off = end_off;
114 data_rec_off = end_rec_off + 2;
115 idx_rec_off = tree->node_size - (rec + 1) * 2;
116 if (idx_rec_off == data_rec_off)
117 goto skip;
118 /* move all following entries */
119 do {
120 data_off = hfs_bnode_read_u16(node, data_rec_off + 2);
121 hfs_bnode_write_u16(node, data_rec_off, data_off + size);
122 data_rec_off += 2;
123 } while (data_rec_off < idx_rec_off);
125 /* move data away */
126 hfs_bnode_move(node, data_off + size, data_off,
127 end_off - data_off);
129 skip:
130 hfs_bnode_write(node, fd->search_key, data_off, key_len);
131 hfs_bnode_write(node, entry, data_off + key_len, entry_len);
132 hfs_bnode_dump(node);
135 * update parent key if we inserted a key
136 * at the start of the node and it is not the new node
138 if (!rec && new_node != node) {
139 hfs_bnode_read_key(node, fd->search_key, data_off + size);
140 hfs_brec_update_parent(fd);
143 if (new_node) {
144 hfs_bnode_put(fd->bnode);
145 if (!new_node->parent) {
146 hfs_btree_inc_height(tree);
147 new_node->parent = tree->root;
149 fd->bnode = hfs_bnode_find(tree, new_node->parent);
151 /* create index data entry */
152 cnid = cpu_to_be32(new_node->this);
153 entry = &cnid;
154 entry_len = sizeof(cnid);
156 /* get index key */
157 hfs_bnode_read_key(new_node, fd->search_key, 14);
158 __hfs_brec_find(fd->bnode, fd, hfs_find_rec_by_key);
160 hfs_bnode_put(new_node);
161 new_node = NULL;
163 if ((tree->attributes & HFS_TREE_VARIDXKEYS) ||
164 (tree->cnid == HFSPLUS_ATTR_CNID))
165 key_len = be16_to_cpu(fd->search_key->key_len) + 2;
166 else {
167 fd->search_key->key_len =
168 cpu_to_be16(tree->max_key_len);
169 key_len = tree->max_key_len + 2;
171 goto again;
174 return 0;
177 int hfs_brec_remove(struct hfs_find_data *fd)
179 struct hfs_btree *tree;
180 struct hfs_bnode *node, *parent;
181 int end_off, rec_off, data_off, size;
183 tree = fd->tree;
184 node = fd->bnode;
185 again:
186 rec_off = tree->node_size - (fd->record + 2) * 2;
187 end_off = tree->node_size - (node->num_recs + 1) * 2;
189 if (node->type == HFS_NODE_LEAF) {
190 tree->leaf_count--;
191 mark_inode_dirty(tree->inode);
193 hfs_bnode_dump(node);
194 hfs_dbg(BNODE_MOD, "remove_rec: %d, %d\n",
195 fd->record, fd->keylength + fd->entrylength);
196 if (!--node->num_recs) {
197 hfs_bnode_unlink(node);
198 if (!node->parent)
199 return 0;
200 parent = hfs_bnode_find(tree, node->parent);
201 if (IS_ERR(parent))
202 return PTR_ERR(parent);
203 hfs_bnode_put(node);
204 node = fd->bnode = parent;
206 __hfs_brec_find(node, fd, hfs_find_rec_by_key);
207 goto again;
209 hfs_bnode_write_u16(node,
210 offsetof(struct hfs_bnode_desc, num_recs),
211 node->num_recs);
213 if (rec_off == end_off)
214 goto skip;
215 size = fd->keylength + fd->entrylength;
217 do {
218 data_off = hfs_bnode_read_u16(node, rec_off);
219 hfs_bnode_write_u16(node, rec_off + 2, data_off - size);
220 rec_off -= 2;
221 } while (rec_off >= end_off);
223 /* fill hole */
224 hfs_bnode_move(node, fd->keyoffset, fd->keyoffset + size,
225 data_off - fd->keyoffset - size);
226 skip:
227 hfs_bnode_dump(node);
228 if (!fd->record)
229 hfs_brec_update_parent(fd);
230 return 0;
233 static struct hfs_bnode *hfs_bnode_split(struct hfs_find_data *fd)
235 struct hfs_btree *tree;
236 struct hfs_bnode *node, *new_node, *next_node;
237 struct hfs_bnode_desc node_desc;
238 int num_recs, new_rec_off, new_off, old_rec_off;
239 int data_start, data_end, size;
241 tree = fd->tree;
242 node = fd->bnode;
243 new_node = hfs_bmap_alloc(tree);
244 if (IS_ERR(new_node))
245 return new_node;
246 hfs_bnode_get(node);
247 hfs_dbg(BNODE_MOD, "split_nodes: %d - %d - %d\n",
248 node->this, new_node->this, node->next);
249 new_node->next = node->next;
250 new_node->prev = node->this;
251 new_node->parent = node->parent;
252 new_node->type = node->type;
253 new_node->height = node->height;
255 if (node->next)
256 next_node = hfs_bnode_find(tree, node->next);
257 else
258 next_node = NULL;
260 if (IS_ERR(next_node)) {
261 hfs_bnode_put(node);
262 hfs_bnode_put(new_node);
263 return next_node;
266 size = tree->node_size / 2 - node->num_recs * 2 - 14;
267 old_rec_off = tree->node_size - 4;
268 num_recs = 1;
269 for (;;) {
270 data_start = hfs_bnode_read_u16(node, old_rec_off);
271 if (data_start > size)
272 break;
273 old_rec_off -= 2;
274 if (++num_recs < node->num_recs)
275 continue;
276 /* panic? */
277 hfs_bnode_put(node);
278 hfs_bnode_put(new_node);
279 if (next_node)
280 hfs_bnode_put(next_node);
281 return ERR_PTR(-ENOSPC);
284 if (fd->record + 1 < num_recs) {
285 /* new record is in the lower half,
286 * so leave some more space there
288 old_rec_off += 2;
289 num_recs--;
290 data_start = hfs_bnode_read_u16(node, old_rec_off);
291 } else {
292 hfs_bnode_put(node);
293 hfs_bnode_get(new_node);
294 fd->bnode = new_node;
295 fd->record -= num_recs;
296 fd->keyoffset -= data_start - 14;
297 fd->entryoffset -= data_start - 14;
299 new_node->num_recs = node->num_recs - num_recs;
300 node->num_recs = num_recs;
302 new_rec_off = tree->node_size - 2;
303 new_off = 14;
304 size = data_start - new_off;
305 num_recs = new_node->num_recs;
306 data_end = data_start;
307 while (num_recs) {
308 hfs_bnode_write_u16(new_node, new_rec_off, new_off);
309 old_rec_off -= 2;
310 new_rec_off -= 2;
311 data_end = hfs_bnode_read_u16(node, old_rec_off);
312 new_off = data_end - size;
313 num_recs--;
315 hfs_bnode_write_u16(new_node, new_rec_off, new_off);
316 hfs_bnode_copy(new_node, 14, node, data_start, data_end - data_start);
318 /* update new bnode header */
319 node_desc.next = cpu_to_be32(new_node->next);
320 node_desc.prev = cpu_to_be32(new_node->prev);
321 node_desc.type = new_node->type;
322 node_desc.height = new_node->height;
323 node_desc.num_recs = cpu_to_be16(new_node->num_recs);
324 node_desc.reserved = 0;
325 hfs_bnode_write(new_node, &node_desc, 0, sizeof(node_desc));
327 /* update previous bnode header */
328 node->next = new_node->this;
329 hfs_bnode_read(node, &node_desc, 0, sizeof(node_desc));
330 node_desc.next = cpu_to_be32(node->next);
331 node_desc.num_recs = cpu_to_be16(node->num_recs);
332 hfs_bnode_write(node, &node_desc, 0, sizeof(node_desc));
334 /* update next bnode header */
335 if (next_node) {
336 next_node->prev = new_node->this;
337 hfs_bnode_read(next_node, &node_desc, 0, sizeof(node_desc));
338 node_desc.prev = cpu_to_be32(next_node->prev);
339 hfs_bnode_write(next_node, &node_desc, 0, sizeof(node_desc));
340 hfs_bnode_put(next_node);
341 } else if (node->this == tree->leaf_tail) {
342 /* if there is no next node, this might be the new tail */
343 tree->leaf_tail = new_node->this;
344 mark_inode_dirty(tree->inode);
347 hfs_bnode_dump(node);
348 hfs_bnode_dump(new_node);
349 hfs_bnode_put(node);
351 return new_node;
354 static int hfs_brec_update_parent(struct hfs_find_data *fd)
356 struct hfs_btree *tree;
357 struct hfs_bnode *node, *new_node, *parent;
358 int newkeylen, diff;
359 int rec, rec_off, end_rec_off;
360 int start_off, end_off;
362 tree = fd->tree;
363 node = fd->bnode;
364 new_node = NULL;
365 if (!node->parent)
366 return 0;
368 again:
369 parent = hfs_bnode_find(tree, node->parent);
370 if (IS_ERR(parent))
371 return PTR_ERR(parent);
372 __hfs_brec_find(parent, fd, hfs_find_rec_by_key);
373 if (fd->record < 0)
374 return -ENOENT;
375 hfs_bnode_dump(parent);
376 rec = fd->record;
378 /* size difference between old and new key */
379 if ((tree->attributes & HFS_TREE_VARIDXKEYS) ||
380 (tree->cnid == HFSPLUS_ATTR_CNID))
381 newkeylen = hfs_bnode_read_u16(node, 14) + 2;
382 else
383 fd->keylength = newkeylen = tree->max_key_len + 2;
384 hfs_dbg(BNODE_MOD, "update_rec: %d, %d, %d\n",
385 rec, fd->keylength, newkeylen);
387 rec_off = tree->node_size - (rec + 2) * 2;
388 end_rec_off = tree->node_size - (parent->num_recs + 1) * 2;
389 diff = newkeylen - fd->keylength;
390 if (!diff)
391 goto skip;
392 if (diff > 0) {
393 end_off = hfs_bnode_read_u16(parent, end_rec_off);
394 if (end_rec_off - end_off < diff) {
396 hfs_dbg(BNODE_MOD, "splitting index node\n");
397 fd->bnode = parent;
398 new_node = hfs_bnode_split(fd);
399 if (IS_ERR(new_node))
400 return PTR_ERR(new_node);
401 parent = fd->bnode;
402 rec = fd->record;
403 rec_off = tree->node_size - (rec + 2) * 2;
404 end_rec_off = tree->node_size -
405 (parent->num_recs + 1) * 2;
409 end_off = start_off = hfs_bnode_read_u16(parent, rec_off);
410 hfs_bnode_write_u16(parent, rec_off, start_off + diff);
411 start_off -= 4; /* move previous cnid too */
413 while (rec_off > end_rec_off) {
414 rec_off -= 2;
415 end_off = hfs_bnode_read_u16(parent, rec_off);
416 hfs_bnode_write_u16(parent, rec_off, end_off + diff);
418 hfs_bnode_move(parent, start_off + diff, start_off,
419 end_off - start_off);
420 skip:
421 hfs_bnode_copy(parent, fd->keyoffset, node, 14, newkeylen);
422 hfs_bnode_dump(parent);
424 hfs_bnode_put(node);
425 node = parent;
427 if (new_node) {
428 __be32 cnid;
430 if (!new_node->parent) {
431 hfs_btree_inc_height(tree);
432 new_node->parent = tree->root;
434 fd->bnode = hfs_bnode_find(tree, new_node->parent);
435 /* create index key and entry */
436 hfs_bnode_read_key(new_node, fd->search_key, 14);
437 cnid = cpu_to_be32(new_node->this);
439 __hfs_brec_find(fd->bnode, fd, hfs_find_rec_by_key);
440 hfs_brec_insert(fd, &cnid, sizeof(cnid));
441 hfs_bnode_put(fd->bnode);
442 hfs_bnode_put(new_node);
444 if (!rec) {
445 if (new_node == node)
446 goto out;
447 /* restore search_key */
448 hfs_bnode_read_key(node, fd->search_key, 14);
450 new_node = NULL;
453 if (!rec && node->parent)
454 goto again;
455 out:
456 fd->bnode = node;
457 return 0;
460 static int hfs_btree_inc_height(struct hfs_btree *tree)
462 struct hfs_bnode *node, *new_node;
463 struct hfs_bnode_desc node_desc;
464 int key_size, rec;
465 __be32 cnid;
467 node = NULL;
468 if (tree->root) {
469 node = hfs_bnode_find(tree, tree->root);
470 if (IS_ERR(node))
471 return PTR_ERR(node);
473 new_node = hfs_bmap_alloc(tree);
474 if (IS_ERR(new_node)) {
475 hfs_bnode_put(node);
476 return PTR_ERR(new_node);
479 tree->root = new_node->this;
480 if (!tree->depth) {
481 tree->leaf_head = tree->leaf_tail = new_node->this;
482 new_node->type = HFS_NODE_LEAF;
483 new_node->num_recs = 0;
484 } else {
485 new_node->type = HFS_NODE_INDEX;
486 new_node->num_recs = 1;
488 new_node->parent = 0;
489 new_node->next = 0;
490 new_node->prev = 0;
491 new_node->height = ++tree->depth;
493 node_desc.next = cpu_to_be32(new_node->next);
494 node_desc.prev = cpu_to_be32(new_node->prev);
495 node_desc.type = new_node->type;
496 node_desc.height = new_node->height;
497 node_desc.num_recs = cpu_to_be16(new_node->num_recs);
498 node_desc.reserved = 0;
499 hfs_bnode_write(new_node, &node_desc, 0, sizeof(node_desc));
501 rec = tree->node_size - 2;
502 hfs_bnode_write_u16(new_node, rec, 14);
504 if (node) {
505 /* insert old root idx into new root */
506 node->parent = tree->root;
507 if (node->type == HFS_NODE_LEAF ||
508 tree->attributes & HFS_TREE_VARIDXKEYS ||
509 tree->cnid == HFSPLUS_ATTR_CNID)
510 key_size = hfs_bnode_read_u16(node, 14) + 2;
511 else
512 key_size = tree->max_key_len + 2;
513 hfs_bnode_copy(new_node, 14, node, 14, key_size);
515 if (!(tree->attributes & HFS_TREE_VARIDXKEYS) &&
516 (tree->cnid != HFSPLUS_ATTR_CNID)) {
517 key_size = tree->max_key_len + 2;
518 hfs_bnode_write_u16(new_node, 14, tree->max_key_len);
520 cnid = cpu_to_be32(node->this);
521 hfs_bnode_write(new_node, &cnid, 14 + key_size, 4);
523 rec -= 2;
524 hfs_bnode_write_u16(new_node, rec, 14 + key_size + 4);
526 hfs_bnode_put(node);
528 hfs_bnode_put(new_node);
529 mark_inode_dirty(tree->inode);
531 return 0;