HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / xfs / xfs_dir2_readdir.c
blob2fbf643fa10af767603ffa3cc3f8c2795bda30c0
1 /*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * Copyright (c) 2013 Red Hat, Inc.
4 * All Rights Reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it would be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 #include "xfs.h"
20 #include "xfs_fs.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
24 #include "xfs_bit.h"
25 #include "xfs_mount.h"
26 #include "xfs_da_format.h"
27 #include "xfs_da_btree.h"
28 #include "xfs_inode.h"
29 #include "xfs_dir2.h"
30 #include "xfs_dir2_priv.h"
31 #include "xfs_error.h"
32 #include "xfs_trace.h"
33 #include "xfs_bmap.h"
34 #include "xfs_trans.h"
37 * Directory file type support functions
39 static unsigned char xfs_dir3_filetype_table[] = {
40 DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK,
41 DT_FIFO, DT_SOCK, DT_LNK, DT_WHT,
44 static unsigned char
45 xfs_dir3_get_dtype(
46 struct xfs_mount *mp,
47 __uint8_t filetype)
49 if (!xfs_sb_version_hasftype(&mp->m_sb))
50 return DT_UNKNOWN;
52 if (filetype >= XFS_DIR3_FT_MAX)
53 return DT_UNKNOWN;
55 return xfs_dir3_filetype_table[filetype];
58 STATIC int
59 xfs_dir2_sf_getdents(
60 struct xfs_da_args *args,
61 struct dir_context *ctx)
63 int i; /* shortform entry number */
64 struct xfs_inode *dp = args->dp; /* incore directory inode */
65 xfs_dir2_dataptr_t off; /* current entry's offset */
66 xfs_dir2_sf_entry_t *sfep; /* shortform directory entry */
67 xfs_dir2_sf_hdr_t *sfp; /* shortform structure */
68 xfs_dir2_dataptr_t dot_offset;
69 xfs_dir2_dataptr_t dotdot_offset;
70 xfs_ino_t ino;
71 struct xfs_da_geometry *geo = args->geo;
73 ASSERT(dp->i_df.if_flags & XFS_IFINLINE);
75 * Give up if the directory is way too short.
77 if (dp->i_d.di_size < offsetof(xfs_dir2_sf_hdr_t, parent)) {
78 ASSERT(XFS_FORCED_SHUTDOWN(dp->i_mount));
79 return -EIO;
82 ASSERT(dp->i_df.if_bytes == dp->i_d.di_size);
83 ASSERT(dp->i_df.if_u1.if_data != NULL);
85 sfp = (xfs_dir2_sf_hdr_t *)dp->i_df.if_u1.if_data;
87 ASSERT(dp->i_d.di_size >= xfs_dir2_sf_hdr_size(sfp->i8count));
90 * If the block number in the offset is out of range, we're done.
92 if (xfs_dir2_dataptr_to_db(geo, ctx->pos) > geo->datablk)
93 return 0;
96 * Precalculate offsets for . and .. as we will always need them.
98 * XXX(hch): the second argument is sometimes 0 and sometimes
99 * geo->datablk
101 dot_offset = xfs_dir2_db_off_to_dataptr(geo, geo->datablk,
102 dp->d_ops->data_dot_offset);
103 dotdot_offset = xfs_dir2_db_off_to_dataptr(geo, geo->datablk,
104 dp->d_ops->data_dotdot_offset);
107 * Put . entry unless we're starting past it.
109 if (ctx->pos <= dot_offset) {
110 ctx->pos = dot_offset & 0x7fffffff;
111 if (!dir_emit(ctx, ".", 1, dp->i_ino, DT_DIR))
112 return 0;
116 * Put .. entry unless we're starting past it.
118 if (ctx->pos <= dotdot_offset) {
119 ino = dp->d_ops->sf_get_parent_ino(sfp);
120 ctx->pos = dotdot_offset & 0x7fffffff;
121 if (!dir_emit(ctx, "..", 2, ino, DT_DIR))
122 return 0;
126 * Loop while there are more entries and put'ing works.
128 sfep = xfs_dir2_sf_firstentry(sfp);
129 for (i = 0; i < sfp->count; i++) {
130 __uint8_t filetype;
132 off = xfs_dir2_db_off_to_dataptr(geo, geo->datablk,
133 xfs_dir2_sf_get_offset(sfep));
135 if (ctx->pos > off) {
136 sfep = dp->d_ops->sf_nextentry(sfp, sfep);
137 continue;
140 ino = dp->d_ops->sf_get_ino(sfp, sfep);
141 filetype = dp->d_ops->sf_get_ftype(sfep);
142 ctx->pos = off & 0x7fffffff;
143 if (!dir_emit(ctx, (char *)sfep->name, sfep->namelen, ino,
144 xfs_dir3_get_dtype(dp->i_mount, filetype)))
145 return 0;
146 sfep = dp->d_ops->sf_nextentry(sfp, sfep);
149 ctx->pos = xfs_dir2_db_off_to_dataptr(geo, geo->datablk + 1, 0) &
150 0x7fffffff;
151 return 0;
155 * Readdir for block directories.
157 STATIC int
158 xfs_dir2_block_getdents(
159 struct xfs_da_args *args,
160 struct dir_context *ctx)
162 struct xfs_inode *dp = args->dp; /* incore directory inode */
163 xfs_dir2_data_hdr_t *hdr; /* block header */
164 struct xfs_buf *bp; /* buffer for block */
165 xfs_dir2_block_tail_t *btp; /* block tail */
166 xfs_dir2_data_entry_t *dep; /* block data entry */
167 xfs_dir2_data_unused_t *dup; /* block unused entry */
168 char *endptr; /* end of the data entries */
169 int error; /* error return value */
170 char *ptr; /* current data entry */
171 int wantoff; /* starting block offset */
172 xfs_off_t cook;
173 struct xfs_da_geometry *geo = args->geo;
174 int lock_mode;
177 * If the block number in the offset is out of range, we're done.
179 if (xfs_dir2_dataptr_to_db(geo, ctx->pos) > geo->datablk)
180 return 0;
182 lock_mode = xfs_ilock_data_map_shared(dp);
183 error = xfs_dir3_block_read(NULL, dp, &bp);
184 xfs_iunlock(dp, lock_mode);
185 if (error)
186 return error;
189 * Extract the byte offset we start at from the seek pointer.
190 * We'll skip entries before this.
192 wantoff = xfs_dir2_dataptr_to_off(geo, ctx->pos);
193 hdr = bp->b_addr;
194 xfs_dir3_data_check(dp, bp);
196 * Set up values for the loop.
198 btp = xfs_dir2_block_tail_p(geo, hdr);
199 ptr = (char *)dp->d_ops->data_entry_p(hdr);
200 endptr = (char *)xfs_dir2_block_leaf_p(btp);
203 * Loop over the data portion of the block.
204 * Each object is a real entry (dep) or an unused one (dup).
206 while (ptr < endptr) {
207 __uint8_t filetype;
209 dup = (xfs_dir2_data_unused_t *)ptr;
211 * Unused, skip it.
213 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
214 ptr += be16_to_cpu(dup->length);
215 continue;
218 dep = (xfs_dir2_data_entry_t *)ptr;
221 * Bump pointer for the next iteration.
223 ptr += dp->d_ops->data_entsize(dep->namelen);
225 * The entry is before the desired starting point, skip it.
227 if ((char *)dep - (char *)hdr < wantoff)
228 continue;
230 cook = xfs_dir2_db_off_to_dataptr(geo, geo->datablk,
231 (char *)dep - (char *)hdr);
233 ctx->pos = cook & 0x7fffffff;
234 filetype = dp->d_ops->data_get_ftype(dep);
236 * If it didn't fit, set the final offset to here & return.
238 if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
239 be64_to_cpu(dep->inumber),
240 xfs_dir3_get_dtype(dp->i_mount, filetype))) {
241 xfs_trans_brelse(NULL, bp);
242 return 0;
247 * Reached the end of the block.
248 * Set the offset to a non-existent block 1 and return.
250 ctx->pos = xfs_dir2_db_off_to_dataptr(geo, geo->datablk + 1, 0) &
251 0x7fffffff;
252 xfs_trans_brelse(NULL, bp);
253 return 0;
256 struct xfs_dir2_leaf_map_info {
257 xfs_extlen_t map_blocks; /* number of fsbs in map */
258 xfs_dablk_t map_off; /* last mapped file offset */
259 int map_size; /* total entries in *map */
260 int map_valid; /* valid entries in *map */
261 int nmap; /* mappings to ask xfs_bmapi */
262 xfs_dir2_db_t curdb; /* db for current block */
263 int ra_current; /* number of read-ahead blks */
264 int ra_index; /* *map index for read-ahead */
265 int ra_offset; /* map entry offset for ra */
266 int ra_want; /* readahead count wanted */
267 struct xfs_bmbt_irec map[]; /* map vector for blocks */
270 STATIC int
271 xfs_dir2_leaf_readbuf(
272 struct xfs_da_args *args,
273 size_t bufsize,
274 struct xfs_dir2_leaf_map_info *mip,
275 xfs_dir2_off_t *curoff,
276 struct xfs_buf **bpp)
278 struct xfs_inode *dp = args->dp;
279 struct xfs_buf *bp = *bpp;
280 struct xfs_bmbt_irec *map = mip->map;
281 struct blk_plug plug;
282 int error = 0;
283 int length;
284 int i;
285 int j;
286 struct xfs_da_geometry *geo = args->geo;
289 * If we have a buffer, we need to release it and
290 * take it out of the mapping.
293 if (bp) {
294 xfs_trans_brelse(NULL, bp);
295 bp = NULL;
296 mip->map_blocks -= geo->fsbcount;
298 * Loop to get rid of the extents for the
299 * directory block.
301 for (i = geo->fsbcount; i > 0; ) {
302 j = min_t(int, map->br_blockcount, i);
303 map->br_blockcount -= j;
304 map->br_startblock += j;
305 map->br_startoff += j;
307 * If mapping is done, pitch it from
308 * the table.
310 if (!map->br_blockcount && --mip->map_valid)
311 memmove(&map[0], &map[1],
312 sizeof(map[0]) * mip->map_valid);
313 i -= j;
318 * Recalculate the readahead blocks wanted.
320 mip->ra_want = howmany(bufsize + geo->blksize, (1 << geo->fsblog)) - 1;
321 ASSERT(mip->ra_want >= 0);
324 * If we don't have as many as we want, and we haven't
325 * run out of data blocks, get some more mappings.
327 if (1 + mip->ra_want > mip->map_blocks &&
328 mip->map_off < xfs_dir2_byte_to_da(geo, XFS_DIR2_LEAF_OFFSET)) {
330 * Get more bmaps, fill in after the ones
331 * we already have in the table.
333 mip->nmap = mip->map_size - mip->map_valid;
334 error = xfs_bmapi_read(dp, mip->map_off,
335 xfs_dir2_byte_to_da(geo, XFS_DIR2_LEAF_OFFSET) -
336 mip->map_off,
337 &map[mip->map_valid], &mip->nmap, 0);
340 * Don't know if we should ignore this or try to return an
341 * error. The trouble with returning errors is that readdir
342 * will just stop without actually passing the error through.
344 if (error)
345 goto out; /* XXX */
348 * If we got all the mappings we asked for, set the final map
349 * offset based on the last bmap value received. Otherwise,
350 * we've reached the end.
352 if (mip->nmap == mip->map_size - mip->map_valid) {
353 i = mip->map_valid + mip->nmap - 1;
354 mip->map_off = map[i].br_startoff + map[i].br_blockcount;
355 } else
356 mip->map_off = xfs_dir2_byte_to_da(geo,
357 XFS_DIR2_LEAF_OFFSET);
360 * Look for holes in the mapping, and eliminate them. Count up
361 * the valid blocks.
363 for (i = mip->map_valid; i < mip->map_valid + mip->nmap; ) {
364 if (map[i].br_startblock == HOLESTARTBLOCK) {
365 mip->nmap--;
366 length = mip->map_valid + mip->nmap - i;
367 if (length)
368 memmove(&map[i], &map[i + 1],
369 sizeof(map[i]) * length);
370 } else {
371 mip->map_blocks += map[i].br_blockcount;
372 i++;
375 mip->map_valid += mip->nmap;
379 * No valid mappings, so no more data blocks.
381 if (!mip->map_valid) {
382 *curoff = xfs_dir2_da_to_byte(geo, mip->map_off);
383 goto out;
387 * Read the directory block starting at the first mapping.
389 mip->curdb = xfs_dir2_da_to_db(geo, map->br_startoff);
390 error = xfs_dir3_data_read(NULL, dp, map->br_startoff,
391 map->br_blockcount >= geo->fsbcount ?
392 XFS_FSB_TO_DADDR(dp->i_mount, map->br_startblock) :
393 -1, &bp);
395 * Should just skip over the data block instead of giving up.
397 if (error)
398 goto out; /* XXX */
401 * Adjust the current amount of read-ahead: we just read a block that
402 * was previously ra.
404 if (mip->ra_current)
405 mip->ra_current -= geo->fsbcount;
408 * Do we need more readahead?
409 * Each loop tries to process 1 full dir blk; last may be partial.
411 blk_start_plug(&plug);
412 for (mip->ra_index = mip->ra_offset = i = 0;
413 mip->ra_want > mip->ra_current && i < mip->map_blocks;
414 i += geo->fsbcount) {
415 ASSERT(mip->ra_index < mip->map_valid);
417 * Read-ahead a contiguous directory block.
419 if (i > mip->ra_current &&
420 (map[mip->ra_index].br_blockcount - mip->ra_offset) >=
421 geo->fsbcount) {
422 xfs_dir3_data_readahead(dp,
423 map[mip->ra_index].br_startoff + mip->ra_offset,
424 XFS_FSB_TO_DADDR(dp->i_mount,
425 map[mip->ra_index].br_startblock +
426 mip->ra_offset));
427 mip->ra_current = i;
431 * Read-ahead a non-contiguous directory block. This doesn't
432 * use our mapping, but this is a very rare case.
434 else if (i > mip->ra_current) {
435 xfs_dir3_data_readahead(dp,
436 map[mip->ra_index].br_startoff +
437 mip->ra_offset, -1);
438 mip->ra_current = i;
442 * Advance offset through the mapping table, processing a full
443 * dir block even if it is fragmented into several extents.
444 * But stop if we have consumed all valid mappings, even if
445 * it's not yet a full directory block.
447 for (j = 0;
448 j < geo->fsbcount && mip->ra_index < mip->map_valid;
449 j += length ) {
451 * The rest of this extent but not more than a dir
452 * block.
454 length = min_t(int, geo->fsbcount - j,
455 map[mip->ra_index].br_blockcount -
456 mip->ra_offset);
457 mip->ra_offset += length;
460 * Advance to the next mapping if this one is used up.
462 if (mip->ra_offset == map[mip->ra_index].br_blockcount) {
463 mip->ra_offset = 0;
464 mip->ra_index++;
468 blk_finish_plug(&plug);
470 out:
471 *bpp = bp;
472 return error;
476 * Getdents (readdir) for leaf and node directories.
477 * This reads the data blocks only, so is the same for both forms.
479 STATIC int
480 xfs_dir2_leaf_getdents(
481 struct xfs_da_args *args,
482 struct dir_context *ctx,
483 size_t bufsize)
485 struct xfs_inode *dp = args->dp;
486 struct xfs_buf *bp = NULL; /* data block buffer */
487 xfs_dir2_data_hdr_t *hdr; /* data block header */
488 xfs_dir2_data_entry_t *dep; /* data entry */
489 xfs_dir2_data_unused_t *dup; /* unused entry */
490 int error = 0; /* error return value */
491 int length; /* temporary length value */
492 int byteoff; /* offset in current block */
493 xfs_dir2_off_t curoff; /* current overall offset */
494 xfs_dir2_off_t newoff; /* new curoff after new blk */
495 char *ptr = NULL; /* pointer to current data */
496 struct xfs_dir2_leaf_map_info *map_info;
497 struct xfs_da_geometry *geo = args->geo;
500 * If the offset is at or past the largest allowed value,
501 * give up right away.
503 if (ctx->pos >= XFS_DIR2_MAX_DATAPTR)
504 return 0;
507 * Set up to bmap a number of blocks based on the caller's
508 * buffer size, the directory block size, and the filesystem
509 * block size.
511 length = howmany(bufsize + geo->blksize, (1 << geo->fsblog));
512 map_info = kmem_zalloc(offsetof(struct xfs_dir2_leaf_map_info, map) +
513 (length * sizeof(struct xfs_bmbt_irec)),
514 KM_SLEEP | KM_NOFS);
515 map_info->map_size = length;
518 * Inside the loop we keep the main offset value as a byte offset
519 * in the directory file.
521 curoff = xfs_dir2_dataptr_to_byte(ctx->pos);
524 * Force this conversion through db so we truncate the offset
525 * down to get the start of the data block.
527 map_info->map_off = xfs_dir2_db_to_da(geo,
528 xfs_dir2_byte_to_db(geo, curoff));
531 * Loop over directory entries until we reach the end offset.
532 * Get more blocks and readahead as necessary.
534 while (curoff < XFS_DIR2_LEAF_OFFSET) {
535 __uint8_t filetype;
538 * If we have no buffer, or we're off the end of the
539 * current buffer, need to get another one.
541 if (!bp || ptr >= (char *)bp->b_addr + geo->blksize) {
542 int lock_mode;
544 lock_mode = xfs_ilock_data_map_shared(dp);
545 error = xfs_dir2_leaf_readbuf(args, bufsize, map_info,
546 &curoff, &bp);
547 xfs_iunlock(dp, lock_mode);
548 if (error || !map_info->map_valid)
549 break;
552 * Having done a read, we need to set a new offset.
554 newoff = xfs_dir2_db_off_to_byte(geo,
555 map_info->curdb, 0);
557 * Start of the current block.
559 if (curoff < newoff)
560 curoff = newoff;
562 * Make sure we're in the right block.
564 else if (curoff > newoff)
565 ASSERT(xfs_dir2_byte_to_db(geo, curoff) ==
566 map_info->curdb);
567 hdr = bp->b_addr;
568 xfs_dir3_data_check(dp, bp);
570 * Find our position in the block.
572 ptr = (char *)dp->d_ops->data_entry_p(hdr);
573 byteoff = xfs_dir2_byte_to_off(geo, curoff);
575 * Skip past the header.
577 if (byteoff == 0)
578 curoff += dp->d_ops->data_entry_offset;
580 * Skip past entries until we reach our offset.
582 else {
583 while ((char *)ptr - (char *)hdr < byteoff) {
584 dup = (xfs_dir2_data_unused_t *)ptr;
586 if (be16_to_cpu(dup->freetag)
587 == XFS_DIR2_DATA_FREE_TAG) {
589 length = be16_to_cpu(dup->length);
590 ptr += length;
591 continue;
593 dep = (xfs_dir2_data_entry_t *)ptr;
594 length =
595 dp->d_ops->data_entsize(dep->namelen);
596 ptr += length;
599 * Now set our real offset.
601 curoff =
602 xfs_dir2_db_off_to_byte(geo,
603 xfs_dir2_byte_to_db(geo, curoff),
604 (char *)ptr - (char *)hdr);
605 if (ptr >= (char *)hdr + geo->blksize) {
606 continue;
611 * We have a pointer to an entry.
612 * Is it a live one?
614 dup = (xfs_dir2_data_unused_t *)ptr;
616 * No, it's unused, skip over it.
618 if (be16_to_cpu(dup->freetag) == XFS_DIR2_DATA_FREE_TAG) {
619 length = be16_to_cpu(dup->length);
620 ptr += length;
621 curoff += length;
622 continue;
625 dep = (xfs_dir2_data_entry_t *)ptr;
626 length = dp->d_ops->data_entsize(dep->namelen);
627 filetype = dp->d_ops->data_get_ftype(dep);
629 ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
630 if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
631 be64_to_cpu(dep->inumber),
632 xfs_dir3_get_dtype(dp->i_mount, filetype)))
633 break;
636 * Advance to next entry in the block.
638 ptr += length;
639 curoff += length;
640 /* bufsize may have just been a guess; don't go negative */
641 bufsize = bufsize > length ? bufsize - length : 0;
645 * All done. Set output offset value to current offset.
647 if (curoff > xfs_dir2_dataptr_to_byte(XFS_DIR2_MAX_DATAPTR))
648 ctx->pos = XFS_DIR2_MAX_DATAPTR & 0x7fffffff;
649 else
650 ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
651 kmem_free(map_info);
652 if (bp)
653 xfs_trans_brelse(NULL, bp);
654 return error;
658 * Read a directory.
661 xfs_readdir(
662 struct xfs_inode *dp,
663 struct dir_context *ctx,
664 size_t bufsize)
666 struct xfs_da_args args = { NULL };
667 int rval;
668 int v;
670 trace_xfs_readdir(dp);
672 if (XFS_FORCED_SHUTDOWN(dp->i_mount))
673 return -EIO;
675 ASSERT(S_ISDIR(dp->i_d.di_mode));
676 XFS_STATS_INC(dp->i_mount, xs_dir_getdents);
678 args.dp = dp;
679 args.geo = dp->i_mount->m_dir_geo;
681 xfs_ilock(dp, XFS_IOLOCK_SHARED);
682 if (dp->i_d.di_format == XFS_DINODE_FMT_LOCAL)
683 rval = xfs_dir2_sf_getdents(&args, ctx);
684 else if ((rval = xfs_dir2_isblock(&args, &v)))
686 else if (v)
687 rval = xfs_dir2_block_getdents(&args, ctx);
688 else
689 rval = xfs_dir2_leaf_getdents(&args, ctx, bufsize);
690 xfs_iunlock(dp, XFS_IOLOCK_SHARED);
692 return rval;