ip6_tunnel: better validate user provided tunnel names
[linux/fpc-iii.git] / fs / ubifs / scan.c
blobaab87340d3de8883c12bd888056d51efe454b9c8
1 /*
2 * This file is part of UBIFS.
4 * Copyright (C) 2006-2008 Nokia Corporation
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published by
8 * the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 * Authors: Adrian Hunter
20 * Artem Bityutskiy (Битюцкий Артём)
24 * This file implements the scan which is a general-purpose function for
25 * determining what nodes are in an eraseblock. The scan is used to replay the
26 * journal, to do garbage collection. for the TNC in-the-gaps method, and by
27 * debugging functions.
30 #include "ubifs.h"
32 /**
33 * scan_padding_bytes - scan for padding bytes.
34 * @buf: buffer to scan
35 * @len: length of buffer
37 * This function returns the number of padding bytes on success and
38 * %SCANNED_GARBAGE on failure.
40 static int scan_padding_bytes(void *buf, int len)
42 int pad_len = 0, max_pad_len = min_t(int, UBIFS_PAD_NODE_SZ, len);
43 uint8_t *p = buf;
45 dbg_scan("not a node");
47 while (pad_len < max_pad_len && *p++ == UBIFS_PADDING_BYTE)
48 pad_len += 1;
50 if (!pad_len || (pad_len & 7))
51 return SCANNED_GARBAGE;
53 dbg_scan("%d padding bytes", pad_len);
55 return pad_len;
58 /**
59 * ubifs_scan_a_node - scan for a node or padding.
60 * @c: UBIFS file-system description object
61 * @buf: buffer to scan
62 * @len: length of buffer
63 * @lnum: logical eraseblock number
64 * @offs: offset within the logical eraseblock
65 * @quiet: print no messages
67 * This function returns a scanning code to indicate what was scanned.
69 int ubifs_scan_a_node(const struct ubifs_info *c, void *buf, int len, int lnum,
70 int offs, int quiet)
72 struct ubifs_ch *ch = buf;
73 uint32_t magic;
75 magic = le32_to_cpu(ch->magic);
77 if (magic == 0xFFFFFFFF) {
78 dbg_scan("hit empty space at LEB %d:%d", lnum, offs);
79 return SCANNED_EMPTY_SPACE;
82 if (magic != UBIFS_NODE_MAGIC)
83 return scan_padding_bytes(buf, len);
85 if (len < UBIFS_CH_SZ)
86 return SCANNED_GARBAGE;
88 dbg_scan("scanning %s at LEB %d:%d",
89 dbg_ntype(ch->node_type), lnum, offs);
91 if (ubifs_check_node(c, buf, lnum, offs, quiet, 1))
92 return SCANNED_A_CORRUPT_NODE;
94 if (ch->node_type == UBIFS_PAD_NODE) {
95 struct ubifs_pad_node *pad = buf;
96 int pad_len = le32_to_cpu(pad->pad_len);
97 int node_len = le32_to_cpu(ch->len);
99 /* Validate the padding node */
100 if (pad_len < 0 ||
101 offs + node_len + pad_len > c->leb_size) {
102 if (!quiet) {
103 ubifs_err(c, "bad pad node at LEB %d:%d",
104 lnum, offs);
105 ubifs_dump_node(c, pad);
107 return SCANNED_A_BAD_PAD_NODE;
110 /* Make the node pads to 8-byte boundary */
111 if ((node_len + pad_len) & 7) {
112 if (!quiet)
113 ubifs_err(c, "bad padding length %d - %d",
114 offs, offs + node_len + pad_len);
115 return SCANNED_A_BAD_PAD_NODE;
118 dbg_scan("%d bytes padded at LEB %d:%d, offset now %d", pad_len,
119 lnum, offs, ALIGN(offs + node_len + pad_len, 8));
121 return node_len + pad_len;
124 return SCANNED_A_NODE;
128 * ubifs_start_scan - create LEB scanning information at start of scan.
129 * @c: UBIFS file-system description object
130 * @lnum: logical eraseblock number
131 * @offs: offset to start at (usually zero)
132 * @sbuf: scan buffer (must be c->leb_size)
134 * This function returns the scanned information on success and a negative error
135 * code on failure.
137 struct ubifs_scan_leb *ubifs_start_scan(const struct ubifs_info *c, int lnum,
138 int offs, void *sbuf)
140 struct ubifs_scan_leb *sleb;
141 int err;
143 dbg_scan("scan LEB %d:%d", lnum, offs);
145 sleb = kzalloc(sizeof(struct ubifs_scan_leb), GFP_NOFS);
146 if (!sleb)
147 return ERR_PTR(-ENOMEM);
149 sleb->lnum = lnum;
150 INIT_LIST_HEAD(&sleb->nodes);
151 sleb->buf = sbuf;
153 err = ubifs_leb_read(c, lnum, sbuf + offs, offs, c->leb_size - offs, 0);
154 if (err && err != -EBADMSG) {
155 ubifs_err(c, "cannot read %d bytes from LEB %d:%d, error %d",
156 c->leb_size - offs, lnum, offs, err);
157 kfree(sleb);
158 return ERR_PTR(err);
162 * Note, we ignore integrity errors (EBASMSG) because all the nodes are
163 * protected by CRC checksums.
165 return sleb;
169 * ubifs_end_scan - update LEB scanning information at end of scan.
170 * @c: UBIFS file-system description object
171 * @sleb: scanning information
172 * @lnum: logical eraseblock number
173 * @offs: offset to start at (usually zero)
175 void ubifs_end_scan(const struct ubifs_info *c, struct ubifs_scan_leb *sleb,
176 int lnum, int offs)
178 lnum = lnum;
179 dbg_scan("stop scanning LEB %d at offset %d", lnum, offs);
180 ubifs_assert(offs % c->min_io_size == 0);
182 sleb->endpt = ALIGN(offs, c->min_io_size);
186 * ubifs_add_snod - add a scanned node to LEB scanning information.
187 * @c: UBIFS file-system description object
188 * @sleb: scanning information
189 * @buf: buffer containing node
190 * @offs: offset of node on flash
192 * This function returns %0 on success and a negative error code on failure.
194 int ubifs_add_snod(const struct ubifs_info *c, struct ubifs_scan_leb *sleb,
195 void *buf, int offs)
197 struct ubifs_ch *ch = buf;
198 struct ubifs_ino_node *ino = buf;
199 struct ubifs_scan_node *snod;
201 snod = kmalloc(sizeof(struct ubifs_scan_node), GFP_NOFS);
202 if (!snod)
203 return -ENOMEM;
205 snod->sqnum = le64_to_cpu(ch->sqnum);
206 snod->type = ch->node_type;
207 snod->offs = offs;
208 snod->len = le32_to_cpu(ch->len);
209 snod->node = buf;
211 switch (ch->node_type) {
212 case UBIFS_INO_NODE:
213 case UBIFS_DENT_NODE:
214 case UBIFS_XENT_NODE:
215 case UBIFS_DATA_NODE:
217 * The key is in the same place in all keyed
218 * nodes.
220 key_read(c, &ino->key, &snod->key);
221 break;
222 default:
223 invalid_key_init(c, &snod->key);
224 break;
226 list_add_tail(&snod->list, &sleb->nodes);
227 sleb->nodes_cnt += 1;
228 return 0;
232 * ubifs_scanned_corruption - print information after UBIFS scanned corruption.
233 * @c: UBIFS file-system description object
234 * @lnum: LEB number of corruption
235 * @offs: offset of corruption
236 * @buf: buffer containing corruption
238 void ubifs_scanned_corruption(const struct ubifs_info *c, int lnum, int offs,
239 void *buf)
241 int len;
243 ubifs_err(c, "corruption at LEB %d:%d", lnum, offs);
244 len = c->leb_size - offs;
245 if (len > 8192)
246 len = 8192;
247 ubifs_err(c, "first %d bytes from LEB %d:%d", len, lnum, offs);
248 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 4, buf, len, 1);
252 * ubifs_scan - scan a logical eraseblock.
253 * @c: UBIFS file-system description object
254 * @lnum: logical eraseblock number
255 * @offs: offset to start at (usually zero)
256 * @sbuf: scan buffer (must be of @c->leb_size bytes in size)
257 * @quiet: print no messages
259 * This function scans LEB number @lnum and returns complete information about
260 * its contents. Returns the scanned information in case of success and,
261 * %-EUCLEAN if the LEB neads recovery, and other negative error codes in case
262 * of failure.
264 * If @quiet is non-zero, this function does not print large and scary
265 * error messages and flash dumps in case of errors.
267 struct ubifs_scan_leb *ubifs_scan(const struct ubifs_info *c, int lnum,
268 int offs, void *sbuf, int quiet)
270 void *buf = sbuf + offs;
271 int err, len = c->leb_size - offs;
272 struct ubifs_scan_leb *sleb;
274 sleb = ubifs_start_scan(c, lnum, offs, sbuf);
275 if (IS_ERR(sleb))
276 return sleb;
278 while (len >= 8) {
279 struct ubifs_ch *ch = buf;
280 int node_len, ret;
282 dbg_scan("look at LEB %d:%d (%d bytes left)",
283 lnum, offs, len);
285 cond_resched();
287 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, quiet);
288 if (ret > 0) {
289 /* Padding bytes or a valid padding node */
290 offs += ret;
291 buf += ret;
292 len -= ret;
293 continue;
296 if (ret == SCANNED_EMPTY_SPACE)
297 /* Empty space is checked later */
298 break;
300 switch (ret) {
301 case SCANNED_GARBAGE:
302 ubifs_err(c, "garbage");
303 goto corrupted;
304 case SCANNED_A_NODE:
305 break;
306 case SCANNED_A_CORRUPT_NODE:
307 case SCANNED_A_BAD_PAD_NODE:
308 ubifs_err(c, "bad node");
309 goto corrupted;
310 default:
311 ubifs_err(c, "unknown");
312 err = -EINVAL;
313 goto error;
316 err = ubifs_add_snod(c, sleb, buf, offs);
317 if (err)
318 goto error;
320 node_len = ALIGN(le32_to_cpu(ch->len), 8);
321 offs += node_len;
322 buf += node_len;
323 len -= node_len;
326 if (offs % c->min_io_size) {
327 if (!quiet)
328 ubifs_err(c, "empty space starts at non-aligned offset %d",
329 offs);
330 goto corrupted;
333 ubifs_end_scan(c, sleb, lnum, offs);
335 for (; len > 4; offs += 4, buf = buf + 4, len -= 4)
336 if (*(uint32_t *)buf != 0xffffffff)
337 break;
338 for (; len; offs++, buf++, len--)
339 if (*(uint8_t *)buf != 0xff) {
340 if (!quiet)
341 ubifs_err(c, "corrupt empty space at LEB %d:%d",
342 lnum, offs);
343 goto corrupted;
346 return sleb;
348 corrupted:
349 if (!quiet) {
350 ubifs_scanned_corruption(c, lnum, offs, buf);
351 ubifs_err(c, "LEB %d scanning failed", lnum);
353 err = -EUCLEAN;
354 ubifs_scan_destroy(sleb);
355 return ERR_PTR(err);
357 error:
358 ubifs_err(c, "LEB %d scanning failed, error %d", lnum, err);
359 ubifs_scan_destroy(sleb);
360 return ERR_PTR(err);
364 * ubifs_scan_destroy - destroy LEB scanning information.
365 * @sleb: scanning information to free
367 void ubifs_scan_destroy(struct ubifs_scan_leb *sleb)
369 struct ubifs_scan_node *node;
370 struct list_head *head;
372 head = &sleb->nodes;
373 while (!list_empty(head)) {
374 node = list_entry(head->next, struct ubifs_scan_node, list);
375 list_del(&node->list);
376 kfree(node);
378 kfree(sleb);