HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hfsplus / dir.c
blob2b6e2ad57bf965d2f6946082f6decf602fc32034
1 /*
2 * linux/fs/hfsplus/dir.c
4 * Copyright (C) 2001
5 * Brad Boyer (flar@allandria.com)
6 * (C) 2003 Ardis Technologies <roman@ardistech.com>
8 * Handling of directories
9 */
11 #include <linux/errno.h>
12 #include <linux/fs.h>
13 #include <linux/slab.h>
14 #include <linux/random.h>
15 #include <linux/nls.h>
17 #include "hfsplus_fs.h"
18 #include "hfsplus_raw.h"
19 #include "xattr.h"
20 #include "acl.h"
22 static inline void hfsplus_instantiate(struct dentry *dentry,
23 struct inode *inode, u32 cnid)
25 dentry->d_fsdata = (void *)(unsigned long)cnid;
26 d_instantiate(dentry, inode);
29 /* Find the entry inside dir named dentry->d_name */
30 static struct dentry *hfsplus_lookup(struct inode *dir, struct dentry *dentry,
31 unsigned int flags)
33 struct inode *inode = NULL;
34 struct hfs_find_data fd;
35 struct super_block *sb;
36 hfsplus_cat_entry entry;
37 int err;
38 u32 cnid, linkid = 0;
39 u16 type;
41 sb = dir->i_sb;
43 dentry->d_fsdata = NULL;
44 err = hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd);
45 if (err)
46 return ERR_PTR(err);
47 err = hfsplus_cat_build_key(sb, fd.search_key, dir->i_ino,
48 &dentry->d_name);
49 if (unlikely(err < 0))
50 goto fail;
51 again:
52 err = hfs_brec_read(&fd, &entry, sizeof(entry));
53 if (err) {
54 if (err == -ENOENT) {
55 hfs_find_exit(&fd);
56 /* No such entry */
57 inode = NULL;
58 goto out;
60 goto fail;
62 type = be16_to_cpu(entry.type);
63 if (type == HFSPLUS_FOLDER) {
64 if (fd.entrylength < sizeof(struct hfsplus_cat_folder)) {
65 err = -EIO;
66 goto fail;
68 cnid = be32_to_cpu(entry.folder.id);
69 dentry->d_fsdata = (void *)(unsigned long)cnid;
70 } else if (type == HFSPLUS_FILE) {
71 if (fd.entrylength < sizeof(struct hfsplus_cat_file)) {
72 err = -EIO;
73 goto fail;
75 cnid = be32_to_cpu(entry.file.id);
76 if (entry.file.user_info.fdType ==
77 cpu_to_be32(HFSP_HARDLINK_TYPE) &&
78 entry.file.user_info.fdCreator ==
79 cpu_to_be32(HFSP_HFSPLUS_CREATOR) &&
80 HFSPLUS_SB(sb)->hidden_dir &&
81 (entry.file.create_date ==
82 HFSPLUS_I(HFSPLUS_SB(sb)->hidden_dir)->
83 create_date ||
84 entry.file.create_date ==
85 HFSPLUS_I(d_inode(sb->s_root))->
86 create_date)) {
87 struct qstr str;
88 char name[32];
90 if (dentry->d_fsdata) {
92 * We found a link pointing to another link,
93 * so ignore it and treat it as regular file.
95 cnid = (unsigned long)dentry->d_fsdata;
96 linkid = 0;
97 } else {
98 dentry->d_fsdata = (void *)(unsigned long)cnid;
99 linkid =
100 be32_to_cpu(entry.file.permissions.dev);
101 str.len = sprintf(name, "iNode%d", linkid);
102 str.name = name;
103 err = hfsplus_cat_build_key(sb, fd.search_key,
104 HFSPLUS_SB(sb)->hidden_dir->i_ino,
105 &str);
106 if (unlikely(err < 0))
107 goto fail;
108 goto again;
110 } else if (!dentry->d_fsdata)
111 dentry->d_fsdata = (void *)(unsigned long)cnid;
112 } else {
113 pr_err("invalid catalog entry type in lookup\n");
114 err = -EIO;
115 goto fail;
117 hfs_find_exit(&fd);
118 inode = hfsplus_iget(dir->i_sb, cnid);
119 if (IS_ERR(inode))
120 return ERR_CAST(inode);
121 if (S_ISREG(inode->i_mode))
122 HFSPLUS_I(inode)->linkid = linkid;
123 out:
124 d_add(dentry, inode);
125 return NULL;
126 fail:
127 hfs_find_exit(&fd);
128 return ERR_PTR(err);
131 static int hfsplus_readdir(struct file *file, struct dir_context *ctx)
133 struct inode *inode = file_inode(file);
134 struct super_block *sb = inode->i_sb;
135 int len, err;
136 char *strbuf;
137 hfsplus_cat_entry entry;
138 struct hfs_find_data fd;
139 struct hfsplus_readdir_data *rd;
140 u16 type;
142 if (file->f_pos >= inode->i_size)
143 return 0;
145 err = hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd);
146 if (err)
147 return err;
148 strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_MAX_STRLEN + 1, GFP_KERNEL);
149 if (!strbuf) {
150 err = -ENOMEM;
151 goto out;
153 hfsplus_cat_build_key_with_cnid(sb, fd.search_key, inode->i_ino);
154 err = hfs_brec_find(&fd, hfs_find_rec_by_key);
155 if (err)
156 goto out;
158 if (ctx->pos == 0) {
159 /* This is completely artificial... */
160 if (!dir_emit_dot(file, ctx))
161 goto out;
162 ctx->pos = 1;
164 if (ctx->pos == 1) {
165 if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) {
166 err = -EIO;
167 goto out;
170 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
171 fd.entrylength);
172 if (be16_to_cpu(entry.type) != HFSPLUS_FOLDER_THREAD) {
173 pr_err("bad catalog folder thread\n");
174 err = -EIO;
175 goto out;
177 if (fd.entrylength < HFSPLUS_MIN_THREAD_SZ) {
178 pr_err("truncated catalog thread\n");
179 err = -EIO;
180 goto out;
182 if (!dir_emit(ctx, "..", 2,
183 be32_to_cpu(entry.thread.parentID), DT_DIR))
184 goto out;
185 ctx->pos = 2;
187 if (ctx->pos >= inode->i_size)
188 goto out;
189 err = hfs_brec_goto(&fd, ctx->pos - 1);
190 if (err)
191 goto out;
192 for (;;) {
193 if (be32_to_cpu(fd.key->cat.parent) != inode->i_ino) {
194 pr_err("walked past end of dir\n");
195 err = -EIO;
196 goto out;
199 if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) {
200 err = -EIO;
201 goto out;
204 hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
205 fd.entrylength);
206 type = be16_to_cpu(entry.type);
207 len = NLS_MAX_CHARSET_SIZE * HFSPLUS_MAX_STRLEN;
208 err = hfsplus_uni2asc(sb, &fd.key->cat.name, strbuf, &len);
209 if (err)
210 goto out;
211 if (type == HFSPLUS_FOLDER) {
212 if (fd.entrylength <
213 sizeof(struct hfsplus_cat_folder)) {
214 pr_err("small dir entry\n");
215 err = -EIO;
216 goto out;
218 if (HFSPLUS_SB(sb)->hidden_dir &&
219 HFSPLUS_SB(sb)->hidden_dir->i_ino ==
220 be32_to_cpu(entry.folder.id))
221 goto next;
222 if (!dir_emit(ctx, strbuf, len,
223 be32_to_cpu(entry.folder.id), DT_DIR))
224 break;
225 } else if (type == HFSPLUS_FILE) {
226 u16 mode;
227 unsigned type = DT_UNKNOWN;
229 if (fd.entrylength < sizeof(struct hfsplus_cat_file)) {
230 pr_err("small file entry\n");
231 err = -EIO;
232 goto out;
235 mode = be16_to_cpu(entry.file.permissions.mode);
236 if (S_ISREG(mode))
237 type = DT_REG;
238 else if (S_ISLNK(mode))
239 type = DT_LNK;
240 else if (S_ISFIFO(mode))
241 type = DT_FIFO;
242 else if (S_ISCHR(mode))
243 type = DT_CHR;
244 else if (S_ISBLK(mode))
245 type = DT_BLK;
246 else if (S_ISSOCK(mode))
247 type = DT_SOCK;
249 if (!dir_emit(ctx, strbuf, len,
250 be32_to_cpu(entry.file.id), type))
251 break;
252 } else {
253 pr_err("bad catalog entry type\n");
254 err = -EIO;
255 goto out;
257 next:
258 ctx->pos++;
259 if (ctx->pos >= inode->i_size)
260 goto out;
261 err = hfs_brec_goto(&fd, 1);
262 if (err)
263 goto out;
265 rd = file->private_data;
266 if (!rd) {
267 rd = kmalloc(sizeof(struct hfsplus_readdir_data), GFP_KERNEL);
268 if (!rd) {
269 err = -ENOMEM;
270 goto out;
272 file->private_data = rd;
273 rd->file = file;
274 list_add(&rd->list, &HFSPLUS_I(inode)->open_dir_list);
276 memcpy(&rd->key, fd.key, sizeof(struct hfsplus_cat_key));
277 out:
278 kfree(strbuf);
279 hfs_find_exit(&fd);
280 return err;
283 static int hfsplus_dir_release(struct inode *inode, struct file *file)
285 struct hfsplus_readdir_data *rd = file->private_data;
286 if (rd) {
287 mutex_lock(&inode->i_mutex);
288 list_del(&rd->list);
289 mutex_unlock(&inode->i_mutex);
290 kfree(rd);
292 return 0;
295 static int hfsplus_link(struct dentry *src_dentry, struct inode *dst_dir,
296 struct dentry *dst_dentry)
298 struct hfsplus_sb_info *sbi = HFSPLUS_SB(dst_dir->i_sb);
299 struct inode *inode = d_inode(src_dentry);
300 struct inode *src_dir = d_inode(src_dentry->d_parent);
301 struct qstr str;
302 char name[32];
303 u32 cnid, id;
304 int res;
306 if (HFSPLUS_IS_RSRC(inode))
307 return -EPERM;
308 if (!S_ISREG(inode->i_mode))
309 return -EPERM;
311 mutex_lock(&sbi->vh_mutex);
312 if (inode->i_ino == (u32)(unsigned long)src_dentry->d_fsdata) {
313 for (;;) {
314 get_random_bytes(&id, sizeof(cnid));
315 id &= 0x3fffffff;
316 str.name = name;
317 str.len = sprintf(name, "iNode%d", id);
318 res = hfsplus_rename_cat(inode->i_ino,
319 src_dir, &src_dentry->d_name,
320 sbi->hidden_dir, &str);
321 if (!res)
322 break;
323 if (res != -EEXIST)
324 goto out;
326 HFSPLUS_I(inode)->linkid = id;
327 cnid = sbi->next_cnid++;
328 src_dentry->d_fsdata = (void *)(unsigned long)cnid;
329 res = hfsplus_create_cat(cnid, src_dir,
330 &src_dentry->d_name, inode);
331 if (res)
332 /* panic? */
333 goto out;
334 sbi->file_count++;
336 cnid = sbi->next_cnid++;
337 res = hfsplus_create_cat(cnid, dst_dir, &dst_dentry->d_name, inode);
338 if (res)
339 goto out;
341 inc_nlink(inode);
342 hfsplus_instantiate(dst_dentry, inode, cnid);
343 ihold(inode);
344 inode->i_ctime = CURRENT_TIME_SEC;
345 mark_inode_dirty(inode);
346 sbi->file_count++;
347 hfsplus_mark_mdb_dirty(dst_dir->i_sb);
348 out:
349 mutex_unlock(&sbi->vh_mutex);
350 return res;
353 static int hfsplus_unlink(struct inode *dir, struct dentry *dentry)
355 struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
356 struct inode *inode = d_inode(dentry);
357 struct qstr str;
358 char name[32];
359 u32 cnid;
360 int res;
362 if (HFSPLUS_IS_RSRC(inode))
363 return -EPERM;
365 mutex_lock(&sbi->vh_mutex);
366 cnid = (u32)(unsigned long)dentry->d_fsdata;
367 if (inode->i_ino == cnid &&
368 atomic_read(&HFSPLUS_I(inode)->opencnt)) {
369 str.name = name;
370 str.len = sprintf(name, "temp%lu", inode->i_ino);
371 res = hfsplus_rename_cat(inode->i_ino,
372 dir, &dentry->d_name,
373 sbi->hidden_dir, &str);
374 if (!res) {
375 inode->i_flags |= S_DEAD;
376 drop_nlink(inode);
378 goto out;
380 res = hfsplus_delete_cat(cnid, dir, &dentry->d_name);
381 if (res)
382 goto out;
384 if (inode->i_nlink > 0)
385 drop_nlink(inode);
386 if (inode->i_ino == cnid)
387 clear_nlink(inode);
388 if (!inode->i_nlink) {
389 if (inode->i_ino != cnid) {
390 sbi->file_count--;
391 if (!atomic_read(&HFSPLUS_I(inode)->opencnt)) {
392 res = hfsplus_delete_cat(inode->i_ino,
393 sbi->hidden_dir,
394 NULL);
395 if (!res)
396 hfsplus_delete_inode(inode);
397 } else
398 inode->i_flags |= S_DEAD;
399 } else
400 hfsplus_delete_inode(inode);
401 } else
402 sbi->file_count--;
403 inode->i_ctime = CURRENT_TIME_SEC;
404 mark_inode_dirty(inode);
405 out:
406 mutex_unlock(&sbi->vh_mutex);
407 return res;
410 static int hfsplus_rmdir(struct inode *dir, struct dentry *dentry)
412 struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
413 struct inode *inode = d_inode(dentry);
414 int res;
416 if (inode->i_size != 2)
417 return -ENOTEMPTY;
419 mutex_lock(&sbi->vh_mutex);
420 res = hfsplus_delete_cat(inode->i_ino, dir, &dentry->d_name);
421 if (res)
422 goto out;
423 clear_nlink(inode);
424 inode->i_ctime = CURRENT_TIME_SEC;
425 hfsplus_delete_inode(inode);
426 mark_inode_dirty(inode);
427 out:
428 mutex_unlock(&sbi->vh_mutex);
429 return res;
432 static int hfsplus_symlink(struct inode *dir, struct dentry *dentry,
433 const char *symname)
435 struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
436 struct inode *inode;
437 int res = -ENOMEM;
439 mutex_lock(&sbi->vh_mutex);
440 inode = hfsplus_new_inode(dir->i_sb, S_IFLNK | S_IRWXUGO);
441 if (!inode)
442 goto out;
444 res = page_symlink(inode, symname, strlen(symname) + 1);
445 if (res)
446 goto out_err;
448 res = hfsplus_create_cat(inode->i_ino, dir, &dentry->d_name, inode);
449 if (res)
450 goto out_err;
452 res = hfsplus_init_inode_security(inode, dir, &dentry->d_name);
453 if (res == -EOPNOTSUPP)
454 res = 0; /* Operation is not supported. */
455 else if (res) {
456 /* Try to delete anyway without error analysis. */
457 hfsplus_delete_cat(inode->i_ino, dir, &dentry->d_name);
458 goto out_err;
461 hfsplus_instantiate(dentry, inode, inode->i_ino);
462 mark_inode_dirty(inode);
463 goto out;
465 out_err:
466 clear_nlink(inode);
467 hfsplus_delete_inode(inode);
468 iput(inode);
469 out:
470 mutex_unlock(&sbi->vh_mutex);
471 return res;
474 static int hfsplus_mknod(struct inode *dir, struct dentry *dentry,
475 umode_t mode, dev_t rdev)
477 struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
478 struct inode *inode;
479 int res = -ENOMEM;
481 mutex_lock(&sbi->vh_mutex);
482 inode = hfsplus_new_inode(dir->i_sb, mode);
483 if (!inode)
484 goto out;
486 if (S_ISBLK(mode) || S_ISCHR(mode) || S_ISFIFO(mode) || S_ISSOCK(mode))
487 init_special_inode(inode, mode, rdev);
489 res = hfsplus_create_cat(inode->i_ino, dir, &dentry->d_name, inode);
490 if (res)
491 goto failed_mknod;
493 res = hfsplus_init_inode_security(inode, dir, &dentry->d_name);
494 if (res == -EOPNOTSUPP)
495 res = 0; /* Operation is not supported. */
496 else if (res) {
497 /* Try to delete anyway without error analysis. */
498 hfsplus_delete_cat(inode->i_ino, dir, &dentry->d_name);
499 goto failed_mknod;
502 hfsplus_instantiate(dentry, inode, inode->i_ino);
503 mark_inode_dirty(inode);
504 goto out;
506 failed_mknod:
507 clear_nlink(inode);
508 hfsplus_delete_inode(inode);
509 iput(inode);
510 out:
511 mutex_unlock(&sbi->vh_mutex);
512 return res;
515 static int hfsplus_create(struct inode *dir, struct dentry *dentry, umode_t mode,
516 bool excl)
518 return hfsplus_mknod(dir, dentry, mode, 0);
521 static int hfsplus_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
523 return hfsplus_mknod(dir, dentry, mode | S_IFDIR, 0);
526 static int hfsplus_rename(struct inode *old_dir, struct dentry *old_dentry,
527 struct inode *new_dir, struct dentry *new_dentry)
529 int res;
531 /* Unlink destination if it already exists */
532 if (d_really_is_positive(new_dentry)) {
533 if (d_is_dir(new_dentry))
534 res = hfsplus_rmdir(new_dir, new_dentry);
535 else
536 res = hfsplus_unlink(new_dir, new_dentry);
537 if (res)
538 return res;
541 res = hfsplus_rename_cat((u32)(unsigned long)old_dentry->d_fsdata,
542 old_dir, &old_dentry->d_name,
543 new_dir, &new_dentry->d_name);
544 if (!res)
545 new_dentry->d_fsdata = old_dentry->d_fsdata;
546 return res;
549 const struct inode_operations hfsplus_dir_inode_operations = {
550 .lookup = hfsplus_lookup,
551 .create = hfsplus_create,
552 .link = hfsplus_link,
553 .unlink = hfsplus_unlink,
554 .mkdir = hfsplus_mkdir,
555 .rmdir = hfsplus_rmdir,
556 .symlink = hfsplus_symlink,
557 .mknod = hfsplus_mknod,
558 .rename = hfsplus_rename,
559 .setxattr = generic_setxattr,
560 .getxattr = generic_getxattr,
561 .listxattr = hfsplus_listxattr,
562 .removexattr = generic_removexattr,
563 #ifdef CONFIG_HFSPLUS_FS_POSIX_ACL
564 .get_acl = hfsplus_get_posix_acl,
565 .set_acl = hfsplus_set_posix_acl,
566 #endif
569 const struct file_operations hfsplus_dir_operations = {
570 .fsync = hfsplus_file_fsync,
571 .read = generic_read_dir,
572 .iterate = hfsplus_readdir,
573 .unlocked_ioctl = hfsplus_ioctl,
574 .llseek = generic_file_llseek,
575 .release = hfsplus_dir_release,