summaryrefslogtreecommitdiff
path: root/fs/udf/dir.c
AgeCommit message (Collapse)AuthorFilesLines
2021-11-26udf: Fix crash after seekdirJan Kara1-2/+30
commit a48fc69fe6588b48d878d69de223b91a386a7cb4 upstream. udf_readdir() didn't validate the directory position it should start reading from. Thus when user uses lseek(2) on directory file descriptor it can trick udf_readdir() into reading from a position in the middle of directory entry which then upsets directory parsing code resulting in errors or even possible kernel crashes. Similarly when the directory is modified between two readdir calls, the directory position need not be valid anymore. Add code to validate current offset in the directory. This is actually rather expensive for UDF as we need to read from the beginning of the directory and parse all directory entries. This is because in UDF a directory is just a stream of data containing directory entries and since file names are fully under user's control we cannot depend on detecting magic numbers and checksums in the header of directory entry as a malicious attacker could fake them. We skip this step if we detect that nothing changed since the last readdir call. Reported-by: Nathan Wilson <nate@chickenbrittle.com> CC: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-17udf: Fix 64-bit sign extension issues affecting blocks > 0x7FFFFFFFSteve Magnani1-1/+1
Large (> 1 TiB) UDF filesystems appear subject to several problems when mounted on 64-bit systems: * readdir() can fail on a directory containing File Identifiers residing above 0x7FFFFFFF. This manifests as a 'ls' command failing with EIO. * FIBMAP on a file block located above 0x7FFFFFFF can return a negative value. The low 32 bits are correct, but applications that don't mask the high 32 bits of the result can perform incorrectly. Per suggestion by Jan Kara, introduce a udf_pblk_t type for representation of UDF block addresses. Ultimately, all driver functions that manipulate UDF block addresses should use this type; for now, deployment is limited to functions with actual or potential sign extension issues. Changes to udf_readdir() and udf_block_map() address the issues noted above; other changes address potential similar issues uncovered during audit of the driver code. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2016-11-01block,fs: untangle fs.h and blk_types.hChristoph Hellwig1-0/+1
Nothing in fs.h should require blk_types.h to be included. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
2016-07-21block: get rid of bio_rw and READAChristoph Hellwig1-1/+1
These two are confusing leftover of the old world order, combining values of the REQ_OP_ and REQ_ namespaces. For callers that don't special case we mostly just replace bi_rw with bio_data_dir or op_is_write, except for the few cases where a switch over the REQ_OP_ values makes more sense. Any check for READA is replaced with an explicit check for REQ_RAHEAD. Also remove the READA alias for REQ_RAHEAD. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Jens Axboe <axboe@fb.com>
2016-06-07fs: have ll_rw_block users pass in op and flags separatelyMike Christie1-1/+1
This has ll_rw_block users pass in the operation and flags separately, so ll_rw_block can setup the bio op and bi_rw flags on the bio that is submitted. Signed-off-by: Mike Christie <mchristi@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Jens Axboe <axboe@fb.com>
2016-05-09more trivial ->iterate_shared conversionsAl Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-02-09udf: Use separate buffer for copying split namesJan Kara1-2/+11
Code in udf_find_entry() and udf_readdir() used the same buffer for storing filename that was split among blocks and for the resulting filename in utf8. This worked because udf_get_filename() first internally copied the name into a different buffer and only then performed a conversion into the destination buffer. However we want to get rid of intermediate buffers so use separate buffer for converted name and name split between blocks so that we don't have the same source and destination buffer when converting split names. Signed-off-by: Jan Kara <jack@suse.cz>
2015-05-18udf: Make udf_get_filename() return error instead of 0 length file nameFabian Frederick1-1/+1
Zero length file name isn't really valid. So check the length of the final file name generated by udf_translate_to_linux() and return -EINVAL instead of zero length file name. Update caller of udf_get_filename() to not check for 0 return value. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2015-05-18udf: Return -ENOMEM when allocation fails in udf_get_filename()Fabian Frederick1-1/+1
Return -ENOMEM when allocation fails in udf_get_filename(). Update udf_pc_to_char(), udf_readdir(), and udf_find_entry() to handle the error appropriately. This allows us to pass appropriate error to userspace instead of corrupting symlink contents by omitting some path elements. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2015-03-14udf: remove redundant buffer_head.h includesFabian Frederick1-1/+0
buffer_head.h was already included in udfdecl.h Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
2014-12-22udf: Reduce repeated dereferencesJan Kara1-16/+16
Replace repeated dereferences like dir->i_sb by storing superblock pointer in a variable and using that. Signed-off-by: Jan Kara <jack@suse.cz>
2014-12-19udf: Check path length when reading symlinkJan Kara1-1/+2
Symlink reading code does not check whether the resulting path fits into the page provided by the generic code. This isn't as easy as just checking the symlink size because of various encoding conversions we perform on path. So we have to check whether there is still enough space in the buffer on the fly. CC: stable@vger.kernel.org Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> Signed-off-by: Jan Kara <jack@suse.cz>
2013-06-29[readdir] convert udfAl Viro1-37/+26
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-02-23new helper: file_inode(file)Al Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-06udf: Remove unnecessary bkl usagesAlessio Igor Bogani1-5/+0
The udf_readdir(), udf_lookup(), udf_create(), udf_mknod(), udf_mkdir(), udf_rmdir(), udf_link(), udf_get_parent() and udf_unlink() seems already adequately protected by i_mutex held by VFS invoking calls. The udf_rename() instead should be already protected by lock_rename again by VFS. The udf_ioctl(), udf_fill_super() and udf_evict_inode() don't requires any further protection. This work was supported by a hardware donation from the CE Linux Forum. Signed-off-by: Alessio Igor Bogani <abogani@texware.it> Signed-off-by: Jan Kara <jack@suse.cz>
2010-05-28rename the generic fsync implementationsChristoph Hellwig1-1/+1
We don't name our generic fsync implementations very well currently. The no-op implementation for in-memory filesystems currently is called simple_sync_file which doesn't make too much sense to start with, the the generic one for simple filesystems is called simple_fsync which can lead to some confusion. This patch renames the generic file fsync method to generic_file_fsync to match the other generic_file_* routines it is supposed to be used with, and the no-op implementation to noop_fsync to make it obvious what to expect. In addition add some documentation for both methods. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2010-05-27fs/: do not fallback to default_llseek() when readdir() uses BKLjan Blunck1-0/+1
Do not use the fallback default_llseek() if the readdir operation of the filesystem still uses the big kernel lock. Since llseek() modifies file->f_pos of the directory directly it may need locking to not confuse readdir which usually uses file->f_pos directly as well Since the special characteristics of the BKL (unlocked on schedule) are not necessary in this case, the inode mutex can be used for locking as provided by generic_file_llseek(). This is only possible since all filesystems, except reiserfs, either use a directory as a flat file or with disk address offsets. Reiserfs on the other hand uses a 32bit hash off the filename as the offset so generic_file_llseek() can get used as well since the hash is always smaller than sb->s_maxbytes (= (512 << 32) - blocksize). Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Jan Kara <jack@suse.cz> Acked-by: Anders Larsen <al@alarsen.net> Cc: Frederic Weisbecker <fweisbec@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-05-05udf: BKL ioctl pushdownJohn Kacur1-1/+1
Convert udf_ioctl to an unlocked_ioctl and push the BKL down into it. Signed-off-by: John Kacur <jkacur@redhat.com Signed-off-by: Jan Kara <jack@suse.cz>
2010-03-03sanitize const/signedness for udfAl Viro1-2/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-06-12switch udf to simple_fsync()Al Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-04-02Fix the udf code not to pass structs on stack where possible.Pekka Enberg1-3/+3
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
2009-04-02Remove struct typedefs from fs/udf/ecma_167.h et al.Pekka Enberg1-4/+4
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Jan Kara <jack@suse.cz>
2008-04-17udf: Remove declarations of arrays of size UDF_NAME_LEN (256 bytes)Jan Kara1-30/+27
There are several places in UDF where we declared temporary arrays of UDF_NAME_LEN bytes on stack. This is not nice to stack usage so this patch changes those places to use kmalloc() instead. Also clean up bail-out paths in those functions when we are changing them. Signed-off-by: Jan Kara <jack@suse.cz>
2008-04-17udf: kill useless file header comments for vfs method implementationsChristoph Hellwig1-26/+0
There's not need to document vfs method invocation rules, we have Documentation/filesystems/vfs.txt and Documentation/filesystems/Locking for that. Also a lot of these comments where either plain wrong or horrible out of date. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz>
2008-02-14udf: fix directory offset handlingJan Kara1-7/+7
Patch cleaning up UDF directory offset handling missed modifications in dir.c (because I've submitted an old version :(). Fix it. Signed-off-by: Jan Kara <jack@suse.cz> Reported-by: Marcin Slusarz <marcin.slusarz@gmail.com> Tested-by: Marcin Slusarz <marcin.slusarz@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: remove wrong prototype of udf_readdirMarcin Slusarz1-62/+56
sparse generated: fs/udf/dir.c:78:5: warning: symbol 'udf_readdir' was not declared. Should it be static? there are 2 different prototypes of udf_readdir - remove them and move code around to make it still compile Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: cache struct udf_inode_infoMarcin Slusarz1-3/+5
cache UDF_I(struct inode *) return values when there are at least 2 uses in one function Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08udf: remove UDF_I_* macros and open code themMarcin Slusarz1-3/+4
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-22UDF: coding style conversion - lindent fixupsCyrill Gorcunov1-36/+24
This patch fixes up sources after conversion by Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19UDF: coding style conversion - lindentCyrill Gorcunov1-69/+63
This patch converts UDF coding style to kernel coding style using Lindent. Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08udf: use get_bh()Jan Kara1-11/+11
Make UDF use get_bh() instead of directly accessing b_count and use brelse() instead of udf_release_data() which does just brelse()... Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08UDF: introduce struct extent_positionJan Kara1-12/+13
Introduce a structure extent_position to store a position of an extent and the corresponding buffer_head in one place. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08udf: use sector_t and loff_t for file offsetsJan Kara1-2/+2
Use sector_t and loff_t for file offsets in UDF filesystem. Otherwise an overflow may occur for long files. Also make inode_bmap() return offset in the extent in number of blocks instead of number of bytes - for most callers this is more convenient. Signed-off-by: Jan Kara <jack@suse.cz> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006-12-08[PATCH] struct path: convert udfJosef Sipek1-2/+2
Signed-off-by: Josef Sipek <jsipek@fsl.cs.sunysb.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-28[PATCH] Make most file operations structs in fs/ constArjan van de Ven1-1/+1
This is a conversion to make the various file_operations structs in fs/ const. Basically a regexp job, with a few manual fixups The goal is both to increase correctness (harder to accidentally write to shared datastructures) and reducing the false sharing of cachelines with things that get dirty in .data (while .rodata is nicely read only and thus cache clean) Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-03remove pointers to the defunct UDF mailing listAdrian Bunk1-5/+0
This patch removes pointers to the defunct UDF mailing list. Signed-off-by: Adrian Bunk <bunk@stusta.de>
2005-04-17Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+268
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!