tmp_suning_uos_patched/fs/adfs/dir_fplus.c
Dan Carpenter 587065dcac fs/adfs: bigdir: Fix an error code in adfs_fplus_read()
This code accidentally returns success, but it should return the
-EIO error code from adfs_fplus_validate_header().

Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Fixes: d79288b4f6 ("fs/adfs: bigdir: calculate and validate directory checkbyte")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-01-25 11:31:59 -05:00

288 lines
7.1 KiB
C

// SPDX-License-Identifier: GPL-2.0-only
/*
* linux/fs/adfs/dir_fplus.c
*
* Copyright (C) 1997-1999 Russell King
*/
#include "adfs.h"
#include "dir_fplus.h"
/* Return the byte offset to directory entry pos */
static unsigned int adfs_fplus_offset(const struct adfs_bigdirheader *h,
unsigned int pos)
{
return offsetof(struct adfs_bigdirheader, bigdirname) +
ALIGN(le32_to_cpu(h->bigdirnamelen), 4) +
pos * sizeof(struct adfs_bigdirentry);
}
static int adfs_fplus_validate_header(const struct adfs_bigdirheader *h)
{
unsigned int size = le32_to_cpu(h->bigdirsize);
unsigned int len;
if (h->bigdirversion[0] != 0 || h->bigdirversion[1] != 0 ||
h->bigdirversion[2] != 0 ||
h->bigdirstartname != cpu_to_le32(BIGDIRSTARTNAME) ||
!size || size & 2047 || size > SZ_4M)
return -EIO;
size -= sizeof(struct adfs_bigdirtail) +
offsetof(struct adfs_bigdirheader, bigdirname);
/* Check that bigdirnamelen fits within the directory */
len = ALIGN(le32_to_cpu(h->bigdirnamelen), 4);
if (len > size)
return -EIO;
size -= len;
/* Check that bigdirnamesize fits within the directory */
len = le32_to_cpu(h->bigdirnamesize);
if (len > size)
return -EIO;
size -= len;
/*
* Avoid division, we know that absolute maximum number of entries
* can not be so large to cause overflow of the multiplication below.
*/
len = le32_to_cpu(h->bigdirentries);
if (len > SZ_4M / sizeof(struct adfs_bigdirentry) ||
len * sizeof(struct adfs_bigdirentry) > size)
return -EIO;
return 0;
}
static int adfs_fplus_validate_tail(const struct adfs_bigdirheader *h,
const struct adfs_bigdirtail *t)
{
if (t->bigdirendname != cpu_to_le32(BIGDIRENDNAME) ||
t->bigdirendmasseq != h->startmasseq ||
t->reserved[0] != 0 || t->reserved[1] != 0)
return -EIO;
return 0;
}
static u8 adfs_fplus_checkbyte(struct adfs_dir *dir)
{
struct adfs_bigdirheader *h = dir->bighead;
struct adfs_bigdirtail *t = dir->bigtail;
unsigned int end, bs, bi, i;
__le32 *bp;
u32 dircheck;
end = adfs_fplus_offset(h, le32_to_cpu(h->bigdirentries)) +
le32_to_cpu(h->bigdirnamesize);
/* Accumulate the contents of the header, entries and names */
for (dircheck = 0, bi = 0; end; bi++) {
bp = (void *)dir->bhs[bi]->b_data;
bs = dir->bhs[bi]->b_size;
if (bs > end)
bs = end;
for (i = 0; i < bs; i += sizeof(u32))
dircheck = ror32(dircheck, 13) ^ le32_to_cpup(bp++);
end -= bs;
}
/* Accumulate the contents of the tail except for the check byte */
dircheck = ror32(dircheck, 13) ^ le32_to_cpu(t->bigdirendname);
dircheck = ror32(dircheck, 13) ^ t->bigdirendmasseq;
dircheck = ror32(dircheck, 13) ^ t->reserved[0];
dircheck = ror32(dircheck, 13) ^ t->reserved[1];
return dircheck ^ dircheck >> 8 ^ dircheck >> 16 ^ dircheck >> 24;
}
static int adfs_fplus_read(struct super_block *sb, u32 indaddr,
unsigned int size, struct adfs_dir *dir)
{
struct adfs_bigdirheader *h;
struct adfs_bigdirtail *t;
unsigned int dirsize;
int ret;
/* Read first buffer */
ret = adfs_dir_read_buffers(sb, indaddr, sb->s_blocksize, dir);
if (ret)
return ret;
dir->bighead = h = (void *)dir->bhs[0]->b_data;
ret = adfs_fplus_validate_header(h);
if (ret) {
adfs_error(sb, "dir %06x has malformed header", indaddr);
goto out;
}
dirsize = le32_to_cpu(h->bigdirsize);
if (size && dirsize != size) {
adfs_msg(sb, KERN_WARNING,
"dir %06x header size %X does not match directory size %X",
indaddr, dirsize, size);
}
/* Read remaining buffers */
ret = adfs_dir_read_buffers(sb, indaddr, dirsize, dir);
if (ret)
return ret;
dir->bigtail = t = (struct adfs_bigdirtail *)
(dir->bhs[dir->nr_buffers - 1]->b_data + (sb->s_blocksize - 8));
ret = adfs_fplus_validate_tail(h, t);
if (ret) {
adfs_error(sb, "dir %06x has malformed tail", indaddr);
goto out;
}
if (adfs_fplus_checkbyte(dir) != t->bigdircheckbyte) {
adfs_error(sb, "dir %06x checkbyte mismatch\n", indaddr);
goto out;
}
dir->parent_id = le32_to_cpu(h->bigdirparent);
return 0;
out:
adfs_dir_relse(dir);
return ret;
}
static int
adfs_fplus_setpos(struct adfs_dir *dir, unsigned int fpos)
{
int ret = -ENOENT;
if (fpos <= le32_to_cpu(dir->bighead->bigdirentries)) {
dir->pos = fpos;
ret = 0;
}
return ret;
}
static int
adfs_fplus_getnext(struct adfs_dir *dir, struct object_info *obj)
{
struct adfs_bigdirheader *h = dir->bighead;
struct adfs_bigdirentry bde;
unsigned int offset;
int ret;
if (dir->pos >= le32_to_cpu(h->bigdirentries))
return -ENOENT;
offset = adfs_fplus_offset(h, dir->pos);
ret = adfs_dir_copyfrom(&bde, dir, offset,
sizeof(struct adfs_bigdirentry));
if (ret)
return ret;
obj->loadaddr = le32_to_cpu(bde.bigdirload);
obj->execaddr = le32_to_cpu(bde.bigdirexec);
obj->size = le32_to_cpu(bde.bigdirlen);
obj->indaddr = le32_to_cpu(bde.bigdirindaddr);
obj->attr = le32_to_cpu(bde.bigdirattr);
obj->name_len = le32_to_cpu(bde.bigdirobnamelen);
offset = adfs_fplus_offset(h, le32_to_cpu(h->bigdirentries));
offset += le32_to_cpu(bde.bigdirobnameptr);
ret = adfs_dir_copyfrom(obj->name, dir, offset, obj->name_len);
if (ret)
return ret;
adfs_object_fixup(dir, obj);
dir->pos += 1;
return 0;
}
static int adfs_fplus_iterate(struct adfs_dir *dir, struct dir_context *ctx)
{
struct object_info obj;
if ((ctx->pos - 2) >> 32)
return 0;
if (adfs_fplus_setpos(dir, ctx->pos - 2))
return 0;
while (!adfs_fplus_getnext(dir, &obj)) {
if (!dir_emit(ctx, obj.name, obj.name_len,
obj.indaddr, DT_UNKNOWN))
break;
ctx->pos++;
}
return 0;
}
static int adfs_fplus_update(struct adfs_dir *dir, struct object_info *obj)
{
struct adfs_bigdirheader *h = dir->bighead;
struct adfs_bigdirentry bde;
int offset, end, ret;
offset = adfs_fplus_offset(h, 0) - sizeof(bde);
end = adfs_fplus_offset(h, le32_to_cpu(h->bigdirentries));
do {
offset += sizeof(bde);
if (offset >= end) {
adfs_error(dir->sb, "unable to locate entry to update");
return -ENOENT;
}
ret = adfs_dir_copyfrom(&bde, dir, offset, sizeof(bde));
if (ret) {
adfs_error(dir->sb, "error reading directory entry");
return -ENOENT;
}
} while (le32_to_cpu(bde.bigdirindaddr) != obj->indaddr);
bde.bigdirload = cpu_to_le32(obj->loadaddr);
bde.bigdirexec = cpu_to_le32(obj->execaddr);
bde.bigdirlen = cpu_to_le32(obj->size);
bde.bigdirindaddr = cpu_to_le32(obj->indaddr);
bde.bigdirattr = cpu_to_le32(obj->attr);
return adfs_dir_copyto(dir, offset, &bde, sizeof(bde));
}
static int adfs_fplus_commit(struct adfs_dir *dir)
{
int ret;
/* Increment directory sequence number */
dir->bighead->startmasseq += 1;
dir->bigtail->bigdirendmasseq += 1;
/* Update directory check byte */
dir->bigtail->bigdircheckbyte = adfs_fplus_checkbyte(dir);
/* Make sure the directory still validates correctly */
ret = adfs_fplus_validate_header(dir->bighead);
if (ret == 0)
ret = adfs_fplus_validate_tail(dir->bighead, dir->bigtail);
return ret;
}
const struct adfs_dir_ops adfs_fplus_dir_ops = {
.read = adfs_fplus_read,
.iterate = adfs_fplus_iterate,
.setpos = adfs_fplus_setpos,
.getnext = adfs_fplus_getnext,
.update = adfs_fplus_update,
.commit = adfs_fplus_commit,
};