HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hpfs / inode.c
blob933c73780813198b8953376eaa1e595d786e36e1
1 /*
2 * linux/fs/hpfs/inode.c
4 * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999
6 * inode VFS functions
7 */
9 #include <linux/slab.h>
10 #include <linux/user_namespace.h>
11 #include "hpfs_fn.h"
13 void hpfs_init_inode(struct inode *i)
15 struct super_block *sb = i->i_sb;
16 struct hpfs_inode_info *hpfs_inode = hpfs_i(i);
18 i->i_uid = hpfs_sb(sb)->sb_uid;
19 i->i_gid = hpfs_sb(sb)->sb_gid;
20 i->i_mode = hpfs_sb(sb)->sb_mode;
21 i->i_size = -1;
22 i->i_blocks = -1;
24 hpfs_inode->i_dno = 0;
25 hpfs_inode->i_n_secs = 0;
26 hpfs_inode->i_file_sec = 0;
27 hpfs_inode->i_disk_sec = 0;
28 hpfs_inode->i_dpos = 0;
29 hpfs_inode->i_dsubdno = 0;
30 hpfs_inode->i_ea_mode = 0;
31 hpfs_inode->i_ea_uid = 0;
32 hpfs_inode->i_ea_gid = 0;
33 hpfs_inode->i_ea_size = 0;
35 hpfs_inode->i_rddir_off = NULL;
36 hpfs_inode->i_dirty = 0;
38 i->i_ctime.tv_sec = i->i_ctime.tv_nsec = 0;
39 i->i_mtime.tv_sec = i->i_mtime.tv_nsec = 0;
40 i->i_atime.tv_sec = i->i_atime.tv_nsec = 0;
43 void hpfs_read_inode(struct inode *i)
45 struct buffer_head *bh;
46 struct fnode *fnode;
47 struct super_block *sb = i->i_sb;
48 struct hpfs_inode_info *hpfs_inode = hpfs_i(i);
49 void *ea;
50 int ea_size;
52 if (!(fnode = hpfs_map_fnode(sb, i->i_ino, &bh))) {
53 /*i->i_mode |= S_IFREG;
54 i->i_mode &= ~0111;
55 i->i_op = &hpfs_file_iops;
56 i->i_fop = &hpfs_file_ops;
57 clear_nlink(i);*/
58 make_bad_inode(i);
59 return;
61 if (hpfs_sb(i->i_sb)->sb_eas) {
62 if ((ea = hpfs_get_ea(i->i_sb, fnode, "UID", &ea_size))) {
63 if (ea_size == 2) {
64 i_uid_write(i, le16_to_cpu(*(__le16*)ea));
65 hpfs_inode->i_ea_uid = 1;
67 kfree(ea);
69 if ((ea = hpfs_get_ea(i->i_sb, fnode, "GID", &ea_size))) {
70 if (ea_size == 2) {
71 i_gid_write(i, le16_to_cpu(*(__le16*)ea));
72 hpfs_inode->i_ea_gid = 1;
74 kfree(ea);
76 if ((ea = hpfs_get_ea(i->i_sb, fnode, "SYMLINK", &ea_size))) {
77 kfree(ea);
78 i->i_mode = S_IFLNK | 0777;
79 i->i_op = &page_symlink_inode_operations;
80 i->i_data.a_ops = &hpfs_symlink_aops;
81 set_nlink(i, 1);
82 i->i_size = ea_size;
83 i->i_blocks = 1;
84 brelse(bh);
85 return;
87 if ((ea = hpfs_get_ea(i->i_sb, fnode, "MODE", &ea_size))) {
88 int rdev = 0;
89 umode_t mode = hpfs_sb(sb)->sb_mode;
90 if (ea_size == 2) {
91 mode = le16_to_cpu(*(__le16*)ea);
92 hpfs_inode->i_ea_mode = 1;
94 kfree(ea);
95 i->i_mode = mode;
96 if (S_ISBLK(mode) || S_ISCHR(mode)) {
97 if ((ea = hpfs_get_ea(i->i_sb, fnode, "DEV", &ea_size))) {
98 if (ea_size == 4)
99 rdev = le32_to_cpu(*(__le32*)ea);
100 kfree(ea);
103 if (S_ISBLK(mode) || S_ISCHR(mode) || S_ISFIFO(mode) || S_ISSOCK(mode)) {
104 brelse(bh);
105 set_nlink(i, 1);
106 i->i_size = 0;
107 i->i_blocks = 1;
108 init_special_inode(i, mode,
109 new_decode_dev(rdev));
110 return;
114 if (fnode_is_dir(fnode)) {
115 int n_dnodes, n_subdirs;
116 i->i_mode |= S_IFDIR;
117 i->i_op = &hpfs_dir_iops;
118 i->i_fop = &hpfs_dir_ops;
119 hpfs_inode->i_parent_dir = le32_to_cpu(fnode->up);
120 hpfs_inode->i_dno = le32_to_cpu(fnode->u.external[0].disk_secno);
121 if (hpfs_sb(sb)->sb_chk >= 2) {
122 struct buffer_head *bh0;
123 if (hpfs_map_fnode(sb, hpfs_inode->i_parent_dir, &bh0)) brelse(bh0);
125 n_dnodes = 0; n_subdirs = 0;
126 hpfs_count_dnodes(i->i_sb, hpfs_inode->i_dno, &n_dnodes, &n_subdirs, NULL);
127 i->i_blocks = 4 * n_dnodes;
128 i->i_size = 2048 * n_dnodes;
129 set_nlink(i, 2 + n_subdirs);
130 } else {
131 i->i_mode |= S_IFREG;
132 if (!hpfs_inode->i_ea_mode) i->i_mode &= ~0111;
133 i->i_op = &hpfs_file_iops;
134 i->i_fop = &hpfs_file_ops;
135 set_nlink(i, 1);
136 i->i_size = le32_to_cpu(fnode->file_size);
137 i->i_blocks = ((i->i_size + 511) >> 9) + 1;
138 i->i_data.a_ops = &hpfs_aops;
139 hpfs_i(i)->mmu_private = i->i_size;
141 brelse(bh);
144 static void hpfs_write_inode_ea(struct inode *i, struct fnode *fnode)
146 struct hpfs_inode_info *hpfs_inode = hpfs_i(i);
147 /*if (le32_to_cpu(fnode->acl_size_l) || le16_to_cpu(fnode->acl_size_s)) {
148 Some unknown structures like ACL may be in fnode,
149 we'd better not overwrite them
150 hpfs_error(i->i_sb, "fnode %08x has some unknown HPFS386 structures", i->i_ino);
151 } else*/ if (hpfs_sb(i->i_sb)->sb_eas >= 2) {
152 __le32 ea;
153 if (!uid_eq(i->i_uid, hpfs_sb(i->i_sb)->sb_uid) || hpfs_inode->i_ea_uid) {
154 ea = cpu_to_le32(i_uid_read(i));
155 hpfs_set_ea(i, fnode, "UID", (char*)&ea, 2);
156 hpfs_inode->i_ea_uid = 1;
158 if (!gid_eq(i->i_gid, hpfs_sb(i->i_sb)->sb_gid) || hpfs_inode->i_ea_gid) {
159 ea = cpu_to_le32(i_gid_read(i));
160 hpfs_set_ea(i, fnode, "GID", (char *)&ea, 2);
161 hpfs_inode->i_ea_gid = 1;
163 if (!S_ISLNK(i->i_mode))
164 if ((i->i_mode != ((hpfs_sb(i->i_sb)->sb_mode & ~(S_ISDIR(i->i_mode) ? 0 : 0111))
165 | (S_ISDIR(i->i_mode) ? S_IFDIR : S_IFREG))
166 && i->i_mode != ((hpfs_sb(i->i_sb)->sb_mode & ~(S_ISDIR(i->i_mode) ? 0222 : 0333))
167 | (S_ISDIR(i->i_mode) ? S_IFDIR : S_IFREG))) || hpfs_inode->i_ea_mode) {
168 ea = cpu_to_le32(i->i_mode);
169 /* sick, but legal */
170 hpfs_set_ea(i, fnode, "MODE", (char *)&ea, 2);
171 hpfs_inode->i_ea_mode = 1;
173 if (S_ISBLK(i->i_mode) || S_ISCHR(i->i_mode)) {
174 ea = cpu_to_le32(new_encode_dev(i->i_rdev));
175 hpfs_set_ea(i, fnode, "DEV", (char *)&ea, 4);
180 void hpfs_write_inode(struct inode *i)
182 struct hpfs_inode_info *hpfs_inode = hpfs_i(i);
183 struct inode *parent;
184 if (i->i_ino == hpfs_sb(i->i_sb)->sb_root) return;
185 if (hpfs_inode->i_rddir_off && !atomic_read(&i->i_count)) {
186 if (*hpfs_inode->i_rddir_off)
187 pr_err("write_inode: some position still there\n");
188 kfree(hpfs_inode->i_rddir_off);
189 hpfs_inode->i_rddir_off = NULL;
191 if (!i->i_nlink) {
192 return;
194 parent = iget_locked(i->i_sb, hpfs_inode->i_parent_dir);
195 if (parent) {
196 hpfs_inode->i_dirty = 0;
197 if (parent->i_state & I_NEW) {
198 hpfs_init_inode(parent);
199 hpfs_read_inode(parent);
200 unlock_new_inode(parent);
202 hpfs_write_inode_nolock(i);
203 iput(parent);
207 void hpfs_write_inode_nolock(struct inode *i)
209 struct hpfs_inode_info *hpfs_inode = hpfs_i(i);
210 struct buffer_head *bh;
211 struct fnode *fnode;
212 struct quad_buffer_head qbh;
213 struct hpfs_dirent *de;
214 if (i->i_ino == hpfs_sb(i->i_sb)->sb_root) return;
215 if (!(fnode = hpfs_map_fnode(i->i_sb, i->i_ino, &bh))) return;
216 if (i->i_ino != hpfs_sb(i->i_sb)->sb_root && i->i_nlink) {
217 if (!(de = map_fnode_dirent(i->i_sb, i->i_ino, fnode, &qbh))) {
218 brelse(bh);
219 return;
221 } else de = NULL;
222 if (S_ISREG(i->i_mode)) {
223 fnode->file_size = cpu_to_le32(i->i_size);
224 if (de) de->file_size = cpu_to_le32(i->i_size);
225 } else if (S_ISDIR(i->i_mode)) {
226 fnode->file_size = cpu_to_le32(0);
227 if (de) de->file_size = cpu_to_le32(0);
229 hpfs_write_inode_ea(i, fnode);
230 if (de) {
231 de->write_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_mtime.tv_sec));
232 de->read_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_atime.tv_sec));
233 de->creation_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_ctime.tv_sec));
234 de->read_only = !(i->i_mode & 0222);
235 de->ea_size = cpu_to_le32(hpfs_inode->i_ea_size);
236 hpfs_mark_4buffers_dirty(&qbh);
237 hpfs_brelse4(&qbh);
239 if (S_ISDIR(i->i_mode)) {
240 if ((de = map_dirent(i, hpfs_inode->i_dno, "\001\001", 2, NULL, &qbh))) {
241 de->write_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_mtime.tv_sec));
242 de->read_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_atime.tv_sec));
243 de->creation_date = cpu_to_le32(gmt_to_local(i->i_sb, i->i_ctime.tv_sec));
244 de->read_only = !(i->i_mode & 0222);
245 de->ea_size = cpu_to_le32(/*hpfs_inode->i_ea_size*/0);
246 de->file_size = cpu_to_le32(0);
247 hpfs_mark_4buffers_dirty(&qbh);
248 hpfs_brelse4(&qbh);
249 } else
250 hpfs_error(i->i_sb,
251 "directory %08lx doesn't have '.' entry",
252 (unsigned long)i->i_ino);
254 mark_buffer_dirty(bh);
255 brelse(bh);
258 int hpfs_setattr(struct dentry *dentry, struct iattr *attr)
260 struct inode *inode = d_inode(dentry);
261 int error = -EINVAL;
263 hpfs_lock(inode->i_sb);
264 if (inode->i_ino == hpfs_sb(inode->i_sb)->sb_root)
265 goto out_unlock;
266 if ((attr->ia_valid & ATTR_UID) &&
267 from_kuid(&init_user_ns, attr->ia_uid) >= 0x10000)
268 goto out_unlock;
269 if ((attr->ia_valid & ATTR_GID) &&
270 from_kgid(&init_user_ns, attr->ia_gid) >= 0x10000)
271 goto out_unlock;
272 if ((attr->ia_valid & ATTR_SIZE) && attr->ia_size > inode->i_size)
273 goto out_unlock;
275 error = inode_change_ok(inode, attr);
276 if (error)
277 goto out_unlock;
279 if ((attr->ia_valid & ATTR_SIZE) &&
280 attr->ia_size != i_size_read(inode)) {
281 error = inode_newsize_ok(inode, attr->ia_size);
282 if (error)
283 goto out_unlock;
285 truncate_setsize(inode, attr->ia_size);
286 hpfs_truncate(inode);
289 setattr_copy(inode, attr);
291 hpfs_write_inode(inode);
293 out_unlock:
294 hpfs_unlock(inode->i_sb);
295 return error;
298 void hpfs_write_if_changed(struct inode *inode)
300 struct hpfs_inode_info *hpfs_inode = hpfs_i(inode);
302 if (hpfs_inode->i_dirty)
303 hpfs_write_inode(inode);
306 void hpfs_evict_inode(struct inode *inode)
308 truncate_inode_pages_final(&inode->i_data);
309 clear_inode(inode);
310 if (!inode->i_nlink) {
311 hpfs_lock(inode->i_sb);
312 hpfs_remove_fnode(inode->i_sb, inode->i_ino);
313 hpfs_unlock(inode->i_sb);