diff options
| author | Kent Overstreet <kent.overstreet@gmail.com> | 2021-07-13 23:03:51 +0300 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-10-23 00:09:08 +0300 |
| commit | 8d3445878166ea726bc24326003ea7b9739cdc00 (patch) | |
| tree | f61f2cd9ca32d2f9b3cd174eedc6b4714956c6b6 /fs/bcachefs/varint.c | |
| parent | 2e655e6de202d891f0232cfd3c56b8f8c176cf99 (diff) | |
| download | linux-8d3445878166ea726bc24326003ea7b9739cdc00.tar.xz | |
bcachefs: Add safe versions of varint encode/decode
This adds safe versions of bch2_varint_(encode|decode) that don't read
or write past the end of the buffer, or varint being encoded.
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Diffstat (limited to 'fs/bcachefs/varint.c')
| -rw-r--r-- | fs/bcachefs/varint.c | 73 |
1 files changed, 72 insertions, 1 deletions
diff --git a/fs/bcachefs/varint.c b/fs/bcachefs/varint.c index 0f3d06a6a685..6955ff5dc19c 100644 --- a/fs/bcachefs/varint.c +++ b/fs/bcachefs/varint.c @@ -2,10 +2,18 @@ #include <linux/bitops.h> #include <linux/math.h> +#include <linux/string.h> #include <asm/unaligned.h> #include "varint.h" +/** + * bch2_varint_encode - encode a variable length integer + * @out - destination to encode to + * @v - unsigned integer to encode + * + * Returns the size in bytes of the encoded integer - at most 9 bytes + */ int bch2_varint_encode(u8 *out, u64 v) { unsigned bits = fls64(v|1); @@ -14,17 +22,80 @@ int bch2_varint_encode(u8 *out, u64 v) if (likely(bytes < 9)) { v <<= bytes; v |= ~(~0 << (bytes - 1)); + v = cpu_to_le64(v); + memcpy(out, &v, bytes); } else { *out++ = 255; bytes = 9; + put_unaligned_le64(v, out); } - put_unaligned_le64(v, out); return bytes; } +/** + * bch2_varint_decode - encode a variable length integer + * @in - varint to decode + * @end - end of buffer to decode from + * @out - on success, decoded integer + * + * Returns the size in bytes of the decoded integer - or -1 on failure (would + * have read past the end of the buffer) + */ int bch2_varint_decode(const u8 *in, const u8 *end, u64 *out) { + unsigned bytes = likely(in < end) + ? ffz(*in & 255) + 1 + : 1; + u64 v; + + if (unlikely(in + bytes > end)) + return -1; + + if (likely(bytes < 9)) { + v = 0; + memcpy(&v, in, bytes); + v = le64_to_cpu(v); + v >>= bytes; + } else { + v = get_unaligned_le64(++in); + } + + *out = v; + return bytes; +} + +/** + * bch2_varint_encode_fast - fast version of bch2_varint_encode + * + * This version assumes it's always safe to write 8 bytes to @out, even if the + * encoded integer would be smaller. + */ +int bch2_varint_encode_fast(u8 *out, u64 v) +{ + unsigned bits = fls64(v|1); + unsigned bytes = DIV_ROUND_UP(bits, 7); + + if (likely(bytes < 9)) { + v <<= bytes; + v |= ~(~0 << (bytes - 1)); + } else { + *out++ = 255; + bytes = 9; + } + + put_unaligned_le64(v, out); + return bytes; +} + +/** + * bch2_varint_decode_fast - fast version of bch2_varint_decode + * + * This version assumes that it is safe to read at most 8 bytes past the end of + * @end (we still return an error if the varint extends past @end). + */ +int bch2_varint_decode_fast(const u8 *in, const u8 *end, u64 *out) +{ u64 v = get_unaligned_le64(in); unsigned bytes = ffz(v & 255) + 1; |