summaryrefslogtreecommitdiffstats
path: root/fs/udf/directory.c
Commit message (Collapse)AuthorAgeFilesLines
* udf: Fix -Wstringop-overflow warningsGustavo A. R. Silva2023-07-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use unsigned type in call to macro mint_t(). This avoids confusing the compiler about possible negative values that would cause the value in _len_ to wrap around. Fixes the following -Wstringop-warnings seen when building ARM architecture with allyesconfig (GCC 13): fs/udf/directory.c: In function 'udf_copy_fi': include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); | ^~~~~~ include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); | ^~~~~~ AR fs/udf/built-in.a This helps with the ongoing efforts to globally enable -Wstringop-overflow. Link: https://github.com/KSPP/linux/issues/329 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <ZK7wKS0NgZPfqrZu@work>
* fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifierBagas Sanjaya2023-05-301-5/+1
| | | | | | | | | | | | The notice refers to full GPL 2.0 text on now defunct MIT FTP site [1]. Replace it with appropriate SPDX license identifier. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Pali Rohár <pali@kernel.org> Link: https://web.archive.org/web/20020809115410/ftp://prep.ai.mit.edu/pub/gnu/GPL [1] Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <20230522005434.22133-2-bagasdotme@gmail.com>
* udf: Avoid directory type conversion failure due to ENOMEMJan Kara2023-02-091-3/+6
| | | | | | | | | | | | | When converting directory from in-ICB to normal format, the last iteration through the directory fixing up directory enteries can fail due to ENOMEM. We do not expect this iteration to fail since the directory is already verified to be correct and it is difficult to undo the conversion at this point. So just use GFP_NOFAIL to make sure the small allocation cannot fail. Reported-by: syzbot+111eaa994ff74f8d440f@syzkaller.appspotmail.com Fixes: 0aba4860b0d0 ("udf: Allocate name buffer in directory iterator on heap") Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Use unsigned variables for size calculationsKees Cook2023-02-071-2/+3
| | | | | | | | | | | | | | | | | | | | To avoid confusing the compiler about possible negative sizes, switch various size variables that can never be negative from int to u32. Seen with GCC 13: ../fs/udf/directory.c: In function 'udf_copy_fi': ../include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' pointer overflow between offset 80 and size [-2147483648, -1] [-Warray-bounds=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ ... ../fs/udf/directory.c:102:9: note: in expansion of macro 'memcpy' 102 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); | ^~~~~~ Cc: Jan Kara <jack@suse.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <20230204183427.never.856-kees@kernel.org>
* udf: Drop VARCONV supportJan Kara2023-01-261-2/+2
| | | | | | | | | | | | UDF was supporting a strange mode where the media was containing 7 blocks of unknown data for every 32 blocks of the filesystem. I have yet to see the media that would need such conversion (maybe it comes from packet writing times) and the conversions have been inconsistent in the code. In particular any write will write to a wrong block and corrupt the media. This is an indication and no user actually needs this so let's just drop the support instead of trying to fix it. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Fix directory iteration for longer tail extentsJan Kara2023-01-261-1/+1
| | | | | | | | | When directory's last extent has more that one block and its length is not multiple of a block side, the code wrongly decided to move to the next extent instead of processing the last partial block. This led to directory corruption. Fix the rounding issue. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Propagate errors from udf_advance_blk()Jan Kara2023-01-261-2/+6
| | | | | | | | | When we spot directory corruption when trying to load next directory extent, we didn't propagate the error up properly, leading to possibly indefinite looping on corrupted directories. Fix the problem by propagating the error properly. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Zero udf name paddingJan Kara2023-01-261-1/+7
| | | | | | Padding of name in the directory entry needs to be zeroed out. Fix it. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Fix spelling mistake "lenght" -> "length"Colin Ian King2023-01-091-1/+1
| | | | | | | | There is a spelling mistake in a udf_err message. Fix it. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <20221230231452.5821-1-colin.i.king@gmail.com>
* udf: Allocate name buffer in directory iterator on heapJan Kara2023-01-091-8/+15
| | | | | | | | | | | | | Currently we allocate name buffer in directory iterators (struct udf_fileident_iter) on stack. These structures are relatively large (some 360 bytes on 64-bit architectures). For udf_rename() which needs to keep three of these structures in parallel the stack usage becomes rather heavy - 1536 bytes in total. Allocate the name buffer in the iterator from heap to avoid excessive stack usage. Link: https://lore.kernel.org/all/202212200558.lK9x1KW0-lkp@intel.com Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Remove old directory iteration codeJan Kara2023-01-091-178/+0
| | | | | | Remove old directory iteration code that is now unused. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Implement adding of dir entries using new iteration codeJan Kara2023-01-091-0/+57
| | | | | | | Implement function udf_fiiter_add_entry() adding new directory entries using new directory iteration code. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: New directory iteration codeJan Kara2023-01-091-0/+395
| | | | | | | | Add new support code for iterating directory entries. The code is also more carefully verifying validity of on-disk directory entries to avoid crashes on malicious media. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: replace ll_rw_block()Zhang Yi2022-09-111-1/+1
| | | | | | | | | | | | | ll_rw_block() is not safe for the sync read path because it cannot guarantee that submitting read IO if the buffer has been locked. We could get false positive EIO after wait_on_buffer() if the buffer has been locked by others. So stop using ll_rw_block(). We also switch to new bh_readahead_batch() helper for the buffer array readahead path. Link: https://lkml.kernel.org/r/20220901133505.2510834-11-yi.zhang@huawei.com Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
* fs/buffer: Combine two submit_bh() and ll_rw_block() argumentsBart Van Assche2022-07-141-1/+1
| | | | | | | | | | | | | | Both submit_bh() and ll_rw_block() accept a request operation type and request flags as their first two arguments. Micro-optimize these two functions by combining these first two arguments into a single argument. This patch does not change the behavior of any of the modified code. Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Jan Kara <jack@suse.cz> Acked-by: Song Liu <song@kernel.org> (for the md changes) Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20220714180729.1065367-48-bvanassche@acm.org Signed-off-by: Jens Axboe <axboe@kernel.dk>
* udf: Remove pointless union in udf_inode_infoJan Kara2020-09-291-1/+1
| | | | | | | We use only a single member out of the i_ext union in udf_inode_info. Just remove the pointless union. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Provide function for calculating dir entry lengthJan Kara2018-06-201-4/+1
| | | | | | | Provide function for calculating directory entry length and use to reduce code duplication. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Detect incorrect directory sizeJan Kara2018-06-201-0/+3
| | | | | | | | | | | | Detect when a directory entry is (possibly partially) beyond directory size and return EIO in that case since it means the filesystem is corrupted. Otherwise directory operations can further corrupt the directory and possibly also oops the kernel. CC: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> CC: stable@vger.kernel.org Reported-and-tested-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Fix some sign-conversion warningsSteve Magnani2017-10-171-2/+2
| | | | | | | | | Fix some warnings that appear when compiling with -Wconversion. A sub-optimal choice of variable type leads to warnings about conversion in both directions between unsigned and signed. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Fix signed/unsigned format specifiersSteve Magnani2017-10-171-1/+1
| | | | | | | | | | | | | | | | | | Fix problems noted in compilion with -Wformat=2 -Wformat-signedness. In particular, a mismatch between the signedness of a value and the signedness of its format specifier can result in unsigned values being printed as negative numbers, e.g.: Partition (0 type 1511) starts at physical 460, block length -1779968542 ...which occurs when mounting a large (> 1 TiB) UDF partition. Changes since V1: * Fixed additional issues noted in udf_bitmap_free_blocks(), udf_get_fileident(), udf_show_options() Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Fix 64-bit sign extension issues affecting blocks > 0x7FFFFFFFSteve Magnani2017-10-171-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Large (> 1 TiB) UDF filesystems appear subject to several problems when mounted on 64-bit systems: * readdir() can fail on a directory containing File Identifiers residing above 0x7FFFFFFF. This manifests as a 'ls' command failing with EIO. * FIBMAP on a file block located above 0x7FFFFFFF can return a negative value. The low 32 bits are correct, but applications that don't mask the high 32 bits of the result can perform incorrectly. Per suggestion by Jan Kara, introduce a udf_pblk_t type for representation of UDF block addresses. Ultimately, all driver functions that manipulate UDF block addresses should use this type; for now, deployment is limited to functions with actual or potential sign extension issues. Changes to udf_readdir() and udf_block_map() address the issues noted above; other changes address potential similar issues uncovered during audit of the driver code. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
* block,fs: untangle fs.h and blk_types.hChristoph Hellwig2016-11-011-0/+1
| | | | | | | Nothing in fs.h should require blk_types.h to be included. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
* block: get rid of bio_rw and READAChristoph Hellwig2016-07-201-1/+1
| | | | | | | | | | | | | | | These two are confusing leftover of the old world order, combining values of the REQ_OP_ and REQ_ namespaces. For callers that don't special case we mostly just replace bi_rw with bio_data_dir or op_is_write, except for the few cases where a switch over the REQ_OP_ values makes more sense. Any check for READA is replaced with an explicit check for REQ_RAHEAD. Also remove the READA alias for REQ_RAHEAD. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Jens Axboe <axboe@fb.com>
* fs: have ll_rw_block users pass in op and flags separatelyMike Christie2016-06-071-1/+1
| | | | | | | | | | | This has ll_rw_block users pass in the operation and flags separately, so ll_rw_block can setup the bio op and bi_rw flags on the bio that is submitted. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Jens Axboe <axboe@fb.com>
* udf: remove redundant buffer_head.h includesFabian Frederick2015-03-141-1/+0
| | | | | | | buffer_head.h was already included in udfdecl.h Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Neaten udf_debug usesJoe Perches2011-10-311-2/+2
| | | | | | | | | Just whitespace and argument alignment. Introduce some checkpatch warnings that deserve to be ignored. Reviewed-by: NamJae Jeon <linkinjeon@gmail.com> Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Convert printks to pr_<level>Joe Perches2011-10-311-2/+2
| | | | | | | | | | | | | Use the current logging styles. Convert a few printks that should have been udf_warn and udf_err. Coalesce formats. Add #define pr_fmt. Move an #include "udfdecls.h" above other includes in udftime.c so pr_fmt works correctly. Strip prefixes from conversions as appropriate. Reorder logging definitions in udfdecl.h Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Remove dead codeJan Kara2009-09-141-86/+0
| | | | | | Remove code that gets never used. Signed-off-by: Jan Kara <jack@suse.cz>
* Fix the udf code not to pass structs on stack where possible.Pekka Enberg2009-04-021-3/+3
| | | | | Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
* Remove struct typedefs from fs/udf/ecma_167.h et al.Pekka Enberg2009-04-021-16/+16
| | | | | Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: cleanup directory offset handlingJan Kara2008-02-081-4/+3
| | | | | | | | | | | | Position in directory returned by readdir is offset of directory entry divided by four (don't ask me why). Make this conversion only when reading f_pos from userspace / writing it there and internally work in bytes. It makes things more easily readable and also fixes a bug (we forgot to divide length of the entry by 4 when advancing f_pos in udf_add_entry()). Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: fix 3 signedness & 1 unitialized variable warningsMarcin Slusarz2008-02-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sparse generated: fs/udf/inode.c:324:41: warning: incorrect type in argument 4 (different signedness) fs/udf/inode.c:324:41: expected long *<noident> fs/udf/inode.c:324:41: got unsigned long *<noident> inode_getblk always set 4th argument to uint32_t value 3rd parameter of map_bh is sector_t (which is unsigned long or u64) so convert phys value to sector_t fs/udf/inode.c:1818:47: warning: incorrect type in argument 3 (different signedness) fs/udf/inode.c:1818:47: expected int *<noident> fs/udf/inode.c:1818:47: got unsigned int *<noident> fs/udf/inode.c:1826:46: warning: incorrect type in argument 3 (different signedness) fs/udf/inode.c:1826:46: expected int *<noident> fs/udf/inode.c:1826:46: got unsigned int *<noident> udf_get_filelongad and udf_get_shortad are called always for uint32_t values (struct extent_position->offset), so it's safe to convert offset parameter to uint32_t gcc warned: fs/udf/inode.c: In function 'udf_get_block': fs/udf/inode.c:299: warning: 'phys' may be used uninitialized in this function initialize it to 0 (if someday someone will break inode_getblk we will catch it immediately) Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Ben Fennema <bfennema@falcon.csc.calpoly.edu> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: cache struct udf_inode_infoMarcin Slusarz2008-02-081-3/+4
| | | | | | | | | | | cache UDF_I(struct inode *) return values when there are at least 2 uses in one function Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: remove UDF_I_* macros and open code themMarcin Slusarz2008-02-081-3/+3
| | | | | | | | Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: convert byte order of constant instead of variableMarcin Slusarz2008-02-081-2/+2
| | | | | | | | | | | convert byte order of constant instead of variable, which can be done at compile time (vs run time) Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: fix coding styleMarcin Slusarz2008-02-081-32/+48
| | | | | | | | | | | | | | | | | | | fix coding style errors found by checkpatch: - assignments in if conditions - braces {} around single statement blocks - no spaces after commas - printks without KERN_* - lines longer than 80 characters - spaces between "type *" and variable name before: 192 errors, 561 warnings, 8987 lines checked after: 1 errors, 38 warnings, 9468 lines checked Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* UDF: coding style conversion - lindent fixupsCyrill Gorcunov2007-07-211-41/+27
| | | | | | | | | This patch fixes up sources after conversion by Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* UDF: coding style conversion - lindentCyrill Gorcunov2007-07-191-108/+99
| | | | | | | | | This patch converts UDF coding style to kernel coding style using Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: use get_bh()Jan Kara2007-05-081-5/+5
| | | | | | | | | | Make UDF use get_bh() instead of directly accessing b_count and use brelse() instead of udf_release_data() which does just brelse()... Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* UDF: introduce struct extent_positionJan Kara2007-05-081-12/+8
| | | | | | | | | | Introduce a structure extent_position to store a position of an extent and the corresponding buffer_head in one place. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* udf: use sector_t and loff_t for file offsetsJan Kara2007-05-081-1/+1
| | | | | | | | | | | | Use sector_t and loff_t for file offsets in UDF filesystem. Otherwise an overflow may occur for long files. Also make inode_bmap() return offset in the extent in number of blocks instead of number of bytes - for most callers this is more convenient. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* remove pointers to the defunct UDF mailing listAdrian Bunk2006-01-031-5/+0
| | | | | | This patch removes pointers to the defunct UDF mailing list. Signed-off-by: Adrian Bunk <bunk@stusta.de>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+343
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!