summaryrefslogtreecommitdiff
path: root/fs/udf/balloc.c
AgeCommit message (Collapse)AuthorFilesLines
2019-07-31udf: prevent allocation beyond UDF partitionSteve Magnani1-0/+11
The UDF bitmap allocation code assumes that a recorded Unallocated Space Bitmap is compliant with ECMA-167 4/13, which requires that pad bytes between the end of the bitmap and the end of a logical block are all zero. When a recorded bitmap does not comply with this requirement, for example one padded with FF to the block boundary instead of 00, the allocator may "allocate" blocks that are outside the UDF partition extent. This can result in UDF volume descriptors being overwritten by file data or by partition-level descriptors, and in extreme cases, even in scribbling on a subsequent disk partition. Add a check that the block selected by the allocator actually resides within the UDF partition extent. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/1564341552-129750-1-git-send-email-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz>
2018-09-07udf: Drop freed bitmap / table supportJan Kara1-24/+0
We don't support Free Space Table and Free Space Bitmap as specified by UDF standard for writing as we don't support erasing blocks before overwriting them. Just drop the handling of these structures as partition descriptor checking code already makes sure such filesystems can be mounted only read-only. Signed-off-by: Jan Kara <jack@suse.cz>
2018-09-03udf: remove unused variables group_start and nr_groupsColin Ian King1-4/+2
Variables group_start and nr_groups are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warning: variable 'group_start' set but not used [-Wunused-but-set-variable] variable 'nr_groups' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-06-20udf: Drop unused arguments of udf_delete_aext()Jan Kara1-3/+2
udf_delete_aext() uses its last two arguments only as local variables. Drop them. Signed-off-by: Jan Kara <jack@suse.cz>
2017-10-17udf: Fix signed/unsigned format specifiersSteve Magnani1-6/+6
Fix problems noted in compilion with -Wformat=2 -Wformat-signedness. In particular, a mismatch between the signedness of a value and the signedness of its format specifier can result in unsigned values being printed as negative numbers, e.g.: Partition (0 type 1511) starts at physical 460, block length -1779968542 ...which occurs when mounting a large (> 1 TiB) UDF partition. Changes since V1: * Fixed additional issues noted in udf_bitmap_free_blocks(), udf_get_fileident(), udf_show_options() Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2017-10-17udf: Fix 64-bit sign extension issues affecting blocks > 0x7FFFFFFFSteve Magnani1-7/+10
Large (> 1 TiB) UDF filesystems appear subject to several problems when mounted on 64-bit systems: * readdir() can fail on a directory containing File Identifiers residing above 0x7FFFFFFF. This manifests as a 'ls' command failing with EIO. * FIBMAP on a file block located above 0x7FFFFFFF can return a negative value. The low 32 bits are correct, but applications that don't mask the high 32 bits of the result can perform incorrectly. Per suggestion by Jan Kara, introduce a udf_pblk_t type for representation of UDF block addresses. Ultimately, all driver functions that manipulate UDF block addresses should use this type; for now, deployment is limited to functions with actual or potential sign extension issues. Changes to udf_readdir() and udf_block_map() address the issues noted above; other changes address potential similar issues uncovered during audit of the driver code. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2015-12-23udf: Factor out code for creating indirect extentJan Kara1-93/+5
Factor out code for creating indirect extent from udf_add_aext(). It was mostly duplicated in two places. Also remove some opencoded versions of udf_write_aext(). Signed-off-by: Jan Kara <jack@suse.cz>
2015-03-16udf: use int for allocated blocks instead of sector_tFabian Frederick1-1/+1
Fix the following warnings: fs/udf/balloc.c:768:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:773:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:778:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:783:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:791:26: warning: conversion to 'loff_t' from 'sector_t' may change the sign of the result [-Wsign-conversion] inode_add_bytes(inode, allocated << sb->s_blocksize_bits); ^ fs/udf/balloc.c:792:2: warning: conversion to 'int' from 'sector_t' may alter its value [-Wconversion] return allocated; Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2015-03-14udf: remove redundant buffer_head.h includesFabian Frederick1-1/+0
buffer_head.h was already included in udfdecl.h Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2015-03-14udf: remove else after return in __load_block_bitmap()Fabian Frederick1-8/+7
else after return is not needed. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2015-03-14udf: remove unused variable in udf_table_free_blocks()Fabian Frederick1-2/+0
Fix set but not used warning. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2012-03-01udf: Fix handling of i_blocksJan Kara1-38/+46
Commit 36350462 removed unused quota support from UDF. As an unfortunate sideeffect it also removed updates of i_blocks so all files had i_block == 0. Fix the problem by returning updates of file space back to UDF allocation and freeing functions. Signed-off-by: Jan Kara <jack@suse.cz>
2011-11-01udf: Neaten udf_debug usesJoe Perches1-6/+8
Just whitespace and argument alignment. Introduce some checkpatch warnings that deserve to be ignored. Reviewed-by: NamJae Jeon <linkinjeon@gmail.com> Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jan Kara <jack@suse.cz>
2011-03-24udf: use little-endian bitopsAkinobu Mita1-5/+4
As a preparation for removing ext2 non-atomic bit operations from asm/bitops.h. This converts ext2 non-atomic bit operations to little-endian bit operations. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-02-23UDF: Fix compiler warningDirk Behme1-2/+2
Fix compiler warning fs/udf/balloc.c: In function 'udf_bitmap_new_block': fs/udf/balloc.c:273: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:285: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:311: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:325: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type The main fix is to add a cast in ext2_find_next_bit(). As all other usage locations of udf_find_next_one_bit() directly use bh->b_data (which is a char *), the useless (char *) cast in line 311 can be removed, too. Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com> Signed-off-by: George G. Davis <gdavis@mvista.com> Signed-off-by: Jan Kara <jack@suse.cz>
2011-01-06udf: Call udf_add_free_space() for more blocks at once in udf_free_blocks()Jan Kara1-2/+1
There's no need to call udf_add_free_space() for one block at a time. It saves us noticeable amount of work and yields different result from the original code only if the filesystem is corrupted and bitmap bit is already cleared. In such case counter of free blocks is probably wrong anyways so the change does not matter. Signed-off-by: Jan Kara <jack@suse.cz>
2010-05-24udf: Remove dead quota codeJan Kara1-41/+2
Quota on UDF is non-functional at least since 2.6.16 (I'm too lazy to do more archeology) because it does not provide .quota_write and .quota_read functions and thus quotaon(8) just returns EINVAL. Since nobody complained for all those years and quota support is not even in UDF standard just nuke it. Signed-off-by: Jan Kara <jack@suse.cz>
2010-04-08udf: potential integer overflowDan Carpenter1-6/+4
bloc->logicalBlockNum is unsigned so it's never less than zero. When I saw that, it made me worry that "bloc->logicalBlockNum + count" could overflow. That's why I changed the check for less than zero to an overflow check. (The test works because "count" is also unsigned.) Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2010-03-09udf: use ext2_find_next_bitAkinobu Mita1-48/+1
Use ext2_find_next_bit (generic_find_next_le_bit) to find the set bit in little endian bitmap region. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2010-03-06Merge branch 'for_linus' of ↵Linus Torvalds1-15/+20
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6: (33 commits) quota: stop using QUOTA_OK / NO_QUOTA dquot: cleanup dquot initialize routine dquot: move dquot initialization responsibility into the filesystem dquot: cleanup dquot drop routine dquot: move dquot drop responsibility into the filesystem dquot: cleanup dquot transfer routine dquot: move dquot transfer responsibility into the filesystem dquot: cleanup inode allocation / freeing routines dquot: cleanup space allocation / freeing routines ext3: add writepage sanity checks ext3: Truncate allocated blocks if direct IO write fails to update i_size quota: Properly invalidate caches even for filesystems with blocksize < pagesize quota: generalize quota transfer interface quota: sb_quota state flags cleanup jbd: Delay discarding buffers in journal_unmap_buffer ext3: quota_write cross block boundary behaviour quota: drop permission checks from xfs_fs_set_xstate/xfs_fs_set_xquota quota: split out compat_sys_quotactl support from quota.c quota: split out netlink notification support from quota.c quota: remove invalid optimization from quota_sync_all ... Fixed trivial conflicts in fs/namei.c and fs/ufs/inode.c
2010-03-05dquot: cleanup space allocation / freeing routinesChristoph Hellwig1-15/+20
Get rid of the alloc_space, free_space, reserve_space, claim_space and release_rsv dquot operations - they are always called from the filesystem and if a filesystem really needs their own (which none currently does) it can just call into it's own routine directly. Move shared logic into the common __dquot_alloc_space, dquot_claim_space_nodirty and __dquot_free_space low-level methods, and rationalize the wrappers around it to move as much as possible code into the common block for CONFIG_QUOTA vs not. Also rename all these helpers to be named dquot_* instead of vfs_dq_*. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz>
2010-03-03sanitize const/signedness for udfAl Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-12-14udf: Fix compilation with UDFFS_DEBUG enabledJan Kara1-1/+1
Signed-off-by: Jan Kara <jack@suse.cz>
2009-06-24udf: remove redundant tests on unsignedRoel Kluin1-5/+4
first_block and goal are unsigned. When negative they are wrapped and caught by the other test. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2009-04-02udf: Don't write integrity descriptor too oftenJan Kara1-25/+12
We update information in logical volume integrity descriptor after each allocation (as LVID contains free space, number of directories and files on disk etc.). If the filesystem is on some phase change media, this leads to its quick degradation as such media is able to handle only 10000 overwrites or so. We solve the problem by writing new information into LVID only on umount, remount-ro and sync. This solves the problem at the price of longer media inconsistency (previously media became consistent after pdflush flushed dirty LVID buffer) but that should be acceptable. Report by and patch written in cooperation with Rich Coe <Richard.Coe@med.ge.com>. Signed-off-by: Jan Kara <jack@suse.cz>
2009-04-02udf: fix sparse warnings:Jan Kara1-14/+8
Fix sparse warnings: fs/udf/balloc.c:843:3: warning: returning void-valued expression fs/udf/balloc.c:847:3: warning: returning void-valued expression fs/udf/balloc.c:851:3: warning: returning void-valued expression fs/udf/balloc.c:855:3: warning: returning void-valued expression Reported-by: Hannes Eder <hannes@hanneseder.net> Signed-off-by: Jan Kara <jack@suse.cz>
2009-04-02Fix the udf code not to pass structs on stack where possible.Pekka Enberg1-28/+31
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
2009-04-02Remove struct typedefs from fs/udf/ecma_167.h et al.Pekka Enberg1-19/+19
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
2009-03-26udf: Use lowercase names of quota functionsJan Kara1-7/+7
Use lowercase names of quota functions instead of old uppercase ones. Signed-off-by: Jan Kara <jack@suse.cz>
2008-04-17udf: replace all adds to little endians variables with le*_add_cpumarcin.slusarz@gmail.com1-9/+4
replace all: little_endian_variable = cpu_to_leX(leX_to_cpu(little_endian_variable) + expression_in_cpu_byteorder); with: leX_add_cpu(&little_endian_variable, expression_in_cpu_byteorder); sparse didn't generate any new warning with this patch Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com Signed-off-by: Jan Kara <jack@suse.cz>
2008-02-14udf: fix udf_add_free_spaceMarcin Slusarz1-1/+1
In commit 742ba02a51c8d0bf5446b154531179760c1ed0a2 (udf: create common function for changing free space counter) by accident I reversed safety condition which lead to null pointer dereference in case of media error and wrong counting of free space in normal situation Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Jan Kara <jack@suse.cz> Acked-by: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: cache struct udf_inode_infoMarcin Slusarz1-15/+20
cache UDF_I(struct inode *) return values when there are at least 2 uses in one function Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: remove UDF_I_* macros and open code themMarcin Slusarz1-14/+16
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: replace loops coded with goto to real loopsMarcin Slusarz1-59/+59
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: create common function for changing free space counterMarcin Slusarz1-29/+20
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: fix coding styleMarcin Slusarz1-92/+139
fix coding style errors found by checkpatch: - assignments in if conditions - braces {} around single statement blocks - no spaces after commas - printks without KERN_* - lines longer than 80 characters - spaces between "type *" and variable name before: 192 errors, 561 warnings, 8987 lines checked after: 1 errors, 38 warnings, 9468 lines checked Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: move calculating of nr_groups into helper functionMarcin Slusarz1-3/+1
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Ben Fennema <bfennema@falcon.csc.calpoly.edu> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: remove some ugly macrosMarcin Slusarz1-62/+74
remove macros: - UDF_SB_PARTMAPS - UDF_SB_PARTTYPE - UDF_SB_PARTROOT - UDF_SB_PARTLEN - UDF_SB_PARTVSN - UDF_SB_PARTNUM - UDF_SB_TYPESPAR - UDF_SB_TYPEVIRT - UDF_SB_PARTFUNC - UDF_SB_PARTFLAGS - UDF_SB_VOLIDENT - UDF_SB_NUMPARTS - UDF_SB_PARTITION - UDF_SB_SESSION - UDF_SB_ANCHOR - UDF_SB_LASTBLOCK - UDF_SB_LVIDBH - UDF_SB_LVID - UDF_SB_UMASK - UDF_SB_GID - UDF_SB_UID - UDF_SB_RECORDTIME - UDF_SB_SERIALNUM - UDF_SB_UDFREV - UDF_SB_FLAGS - UDF_SB_VAT - UDF_UPDATE_UDFREV - UDF_SB_FREE and open code them convert UDF_SB_LVIDIU macro to udf_sb_lvidiu function rename some struct udf_sb_info fields: - s_volident to s_volume_ident - s_lastblock to s_last_block - s_lvidbh to s_lvid_bh - s_recordtime to s_record_time - s_serialnum to s_serial_number; - s_vat to s_vat_inode; Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Ben Fennema <bfennema@falcon.csc.calpoly.edu> Cc: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-10-17fs/udf/balloc.c: mark a variable as uninitialized_var()WANG Cong1-1/+1
Kill a may-be-used-uninitialized warning. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-31Fix possible NULL pointer dereference in udf_table_free_blocks()Jan Kara1-6/+4
Fix possible NULL pointer dereference when freeing blocks in case table of free space is used. Also fix handling of the case when we need to move extent from one block to another one to make space for indirect extent. BTW: Nobody seem to have ever used this code. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-22UDF: coding style conversion - lindent fixupsCyrill Gorcunov1-259/+161
This patch fixes up sources after conversion by Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19UDF: coding style conversion - lindentCyrill Gorcunov1-346/+363
This patch converts UDF coding style to kernel coding style using Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08udf: use get_bh()Jan Kara1-16/+19
Make UDF use get_bh() instead of directly accessing b_count and use brelse() instead of udf_release_data() which does just brelse()... Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08UDF: introduce struct extent_positionJan Kara1-89/+83
Introduce a structure extent_position to store a position of an extent and the corresponding buffer_head in one place. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006-03-23[PATCH] sem2mutex: UDFIngo Molnar1-18/+18
Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-03[PATCH] coverity: udf/balloc.c null deref fixKAMBAROV, ZAUR1-4/+3
It's doing if (obh) <stuff> else dereference obh So presumably `obh' is never null in there. This defect was found automatically by Coverity Prevent, a static analysis tool. Signed-off-by: Zaur Kambarov <zkambarov@coverity.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-09[PATCH] fs/udf/balloc.c: "extern inline" -> "static inline"Adrian Bunk1-1/+1
"extern inline" doesn't make much sense. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-03remove pointers to the defunct UDF mailing listAdrian Bunk1-5/+0
This patch removes pointers to the defunct UDF mailing list. Signed-off-by: Adrian Bunk <bunk@stusta.de>
2005-04-17Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+959
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!