aboutsummaryrefslogtreecommitdiff
path: root/fs/udf/super.c
AgeCommit message (Collapse)Author
2020-10-24Merge branch 'work.misc' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc vfs updates from Al Viro: "Assorted stuff all over the place (the largest group here is Christoph's stat cleanups)" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: remove KSTAT_QUERY_FLAGS fs: remove vfs_stat_set_lookup_flags fs: move vfs_fstatat out of line fs: implement vfs_stat and vfs_lstat in terms of vfs_fstatat fs: remove vfs_statx_fd fs: omfs: use kmemdup() rather than kmalloc+memcpy [PATCH] reduce boilerplate in fsid handling fs: Remove duplicated flag O_NDELAY occurring twice in VALID_OPEN_FLAGS selftests: mount: add nosymfollow tests Add a "nosymfollow" mount option.
2020-09-29udf: Limit sparing table sizeJan Kara
Although UDF standard allows it, we don't support sparing table larger than a single block. Check it during mount so that we don't try to access memory beyond end of buffer. Reported-by: syzbot+9991561e714f597095da@syzkaller.appspotmail.com Signed-off-by: Jan Kara <jack@suse.cz>
2020-09-29udf: Remove pointless union in udf_inode_infoJan Kara
We use only a single member out of the i_ext union in udf_inode_info. Just remove the pointless union. Signed-off-by: Jan Kara <jack@suse.cz>
2020-09-22udf: Fix memory leak when mountingJan Kara
udf_process_sequence() allocates temporary array for processing partition descriptors on volume which it fails to free. Free the array when it is not needed anymore. Fixes: 7b78fd02fb19 ("udf: Fix handling of Partition Descriptors") CC: stable@vger.kernel.org Reported-by: syzbot+128f4dd6e796c98b3760@syzkaller.appspotmail.com Signed-off-by: Jan Kara <jack@suse.cz>
2020-09-22udf: Remove redundant initialization of variable retJing Xiangfeng
After commit 9293fcfbc181 ("udf: Remove struct ustr as non-needed intermediate storage"), the variable ret is being initialized with '-ENOMEM' that is meaningless. So remove it. Link: https://lore.kernel.org/r/20200922081322.70535-1-jingxiangfeng@huawei.com Signed-off-by: Jing Xiangfeng <jingxiangfeng@huawei.com> Signed-off-by: Jan Kara <jack@suse.cz>
2020-09-18[PATCH] reduce boilerplate in fsid handlingAl Viro
Get rid of boilerplate in most of ->statfs() instances... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-08-28udf: Use kvzalloc() in udf_sb_alloc_bitmap()Denis Efremov
Use kvzalloc() in udf_sb_alloc_bitmap() instead of open-coding it. Size computation wrapped in struct_size() macro to prevent potential integer overflows. Link: https://lore.kernel.org/r/20200827221652.64660-1-efremov@linux.com Signed-off-by: Denis Efremov <efremov@linux.com> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz>
2020-07-14udf: Replace HTTP links with HTTPS onesAlexander A. Klimov
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Link: https://lore.kernel.org/r/20200713200738.37800-1-grandmaster@al2klimov.de Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-20udf: Clarify meaning of f_files in udf_statfsJan Kara
UDF does not have separate preallocated table of inodes. So similarly to XFS we pretend that every free block is also a free inode in statfs(2) output. Clarify this in a comment. Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-20udf: Allow writing to 'Rewritable' partitionsJan Kara
UDF 2.60 standard states in section 2.2.14.2: A partition with Access Type 3 (rewritable) shall define a Freed Space Bitmap or a Freed Space Table, see 2.3.3. All other partitions shall not define a Freed Space Bitmap or a Freed Space Table. Rewritable partitions are used on media that require some form of preprocessing before re-writing data (for example legacy MO). Such partitions shall use Access Type 3. Overwritable partitions are used on media that do not require preprocessing before overwriting data (for example: CD-RW, DVD-RW, DVD+RW, DVD-RAM, BD-RE, HD DVD-Rewritable). Such partitions shall use Access Type 4. however older versions of the standard didn't have this wording and there are tools out there that create UDF filesystems with rewritable partitions but that don't contain a Freed Space Bitmap or a Freed Space Table on media that does not require pre-processing before overwriting a block. So instead of forcing media with rewritable partition read-only, base this decision on presence of a Freed Space Bitmap or a Freed Space Table. Reported-by: Pali Rohár <pali.rohar@gmail.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Fixes: b085fbe2ef7f ("udf: Fix crash during mount") Link: https://lore.kernel.org/linux-fsdevel/20200112144735.hj2emsoy4uwsouxz@pali Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-13udf: Disallow R/W mode for disk with Metadata partitionPali Rohár
Currently we do not support writing to UDF disks with Metadata partition. There is already check that disks with declared minimal write revision to UDF 2.50 or higher are mounted only in R/O mode but this does not cover situation when minimal write revision is set incorrectly (e.g. to 2.01). Link: https://lore.kernel.org/r/20200112144959.28104-1-pali.rohar@gmail.com Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-13udf: Fix meaning of ENTITYID_FLAGS_* macros to be really bitwise-or flagsPali Rohár
Currently ENTITYID_FLAGS_* macros definitions are written as hex numbers but their meaning is not bitwise-or flags. But rather bit position. This is unusual and could be misleading. So change meaning of ENTITYID_FLAGS_* macros definitions to be really bitwise-or flags. Link: https://lore.kernel.org/r/20200112221353.29711-1-pali.rohar@gmail.com Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-09udf: Fix free space reporting for metadata and virtual partitionsJan Kara
Free space on filesystems with metadata or virtual partition maps currently gets misreported. This is because these partitions are just remapped onto underlying real partitions from which keep track of free blocks. Take this remapping into account when counting free blocks as well. Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Reported-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2020-01-08udf: Move OSTA Identifier Suffix macros from ecma_167.h to osta_udf.hPali Rohár
Rename structure name and its members to match naming convention and fix endianity type for UDFRevision member. Also remove duplicate definition of UDF_ID_COMPLIANT which is already in osta_udf.h. Link: https://lore.kernel.org/r/20200107212904.30471-2-pali.rohar@gmail.com Signed-off-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-09-04fs-udf: Delete an unnecessary check before brelse()Markus Elfring
The brelse() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Link: https://lore.kernel.org/r/a254c1d1-0109-ab51-c67a-edc5c1c4b4cd@web.de Signed-off-by: Jan Kara <jack@suse.cz>
2019-09-04udf: Drop forward function declarationsJan Kara
Move some functions to make forward declarations unnecessary. Signed-off-by: Jan Kara <jack@suse.cz>
2019-09-04udf: Verify domain identifier fieldsJan Kara
OSTA UDF standard defines that domain identifier in logical volume descriptor and file set descriptor should contain a particular string and the identifier suffix contains flags possibly making media write-protected. Verify these constraints and allow only read-only mount if they are not met. Tested-by: Steven J. Magnani <steve@digidescorp.com> Reviewed-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-08-26udf: Use dynamic debug infrastructureJan Kara
Instead of relying on UDFFS_DEBUG define for debug printing, just use standard pr_debug() prints and rely on CONFIG_DYNAMIC_DEBUG infrastructure for enabling or disabling prints. Signed-off-by: Jan Kara <jack@suse.cz>
2019-08-26udf: reduce leakage of blocks related to named streamsSteven J. Magnani
Windows is capable of creating UDF files having named streams. One example is the "Zone.Identifier" stream attached automatically to files downloaded from a network. See: https://msdn.microsoft.com/en-us/library/dn392609.aspx Modification of a file having one or more named streams in Linux causes the stream directory to become detached from the file, essentially leaking all blocks pertaining to the file's streams. Fix by saving off information about an inode's streams when reading it, for later use when its on-disk data is updated. Link: https://lore.kernel.org/r/20190814125002.10869-1-steve@digidescorp.com Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-07-31udf: support 2048-byte spacing of VRS descriptors on 4K mediaSteven J. Magnani
Some UDF creators (specifically Microsoft, but perhaps others) mishandle the ECMA-167 corner case that requires descriptors within a Volume Recognition Sequence to be placed at 4096-byte intervals on media where the block size is 4K. Instead, the descriptors are placed at the 2048- byte interval mandated for media with smaller blocks. This nonconformity currently prevents Linux from recognizing the filesystem as UDF. Modify the driver to tolerate a misformatted VRS on 4K media. [JK: Simplified descriptor checking] Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Tested-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/20190711133852.16887-2-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz>
2019-07-31udf: refactor VRS descriptor identificationSteven J. Magnani
Extract code that parses a Volume Recognition Sequence descriptor (component), in preparation for calling it twice against different locations in a block. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/20190711133852.16887-1-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz>
2019-05-13Merge tag 'fs_for_v5.2-rc1' of ↵Linus Torvalds
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull misc filesystem updates from Jan Kara: "A couple of small bugfixes and cleanups for quota, udf, ext2, and reiserfs" * tag 'fs_for_v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: quota: check time limit when back out space/inode change fs/quota: erase unused but set variable warning quota: fix wrong indentation udf: fix an uninitialized read bug and remove dead code fs/reiserfs/journal.c: Make remove_journal_hash static quota: remove trailing whitespaces quota: code cleanup for __dquot_alloc_space() ext2: Adjust the comment of function ext2_alloc_branch udf: Explain handling of load_nls() failure
2019-05-01udf: switch to ->free_inode()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2019-03-26udf: Explain handling of load_nls() failureJan Kara
Add comment explaining that load_nls() failure gets handled back in udf_fill_super() to avoid false impression that it is unhandled. Signed-off-by: Jan Kara <jack@suse.cz>
2019-02-21udf: Drop pointless check from udf_sync_fs()Jan Kara
The check if (bh) in udf_sync_fs() is pointless as we cannot have sbi->s_lvid_dirty and !sbi->s_lvid_bh (as already asserted by udf_updated_lvid()). So just drop the pointless check. Reviewed-by: Steven J. Magnani <steve@digidescorp.com> Reported-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-02-11udf: disallow RW mount without valid integrity descriptorSteve Magnani
Refuse to mount a volume read-write without a coherent Logical Volume Integrity Descriptor, because we can't generate truly unique IDs without one. This fixes a bug where all inodes created on a UDF filesystem following mount without a coherent LVID are assigned unique ID 0 which can then confuse other UDF implementations. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-02-11udf: finalize integrity descriptor before writebackSteve Magnani
Make sure the CRC and tag checksum of the Logical Volume Integrity Descriptor are valid before the structure is written out to disk. Otherwise, unless the filesystem is unmounted gracefully, the on-disk LVID will be invalid - which is unnecessary filesystem damage. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2019-02-11udf: factor out LVID finalization for reuseSteve Magnani
Centralize timestamping and CRC/checksum updating of the in-core Logical Volume Integrity Descriptor, in preparation for adding a third site where this functionality is needed. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-11-19udf: Allow mounting volumes with incorrect identification stringsJan Kara
Commit c26f6c615788 ("udf: Fix conversion of 'dstring' fields to UTF8") started to be more strict when checking whether converted strings are properly formatted. Sudip reports that there are DVDs where the volume identification string is actually too long - UDF reports: [ 632.309320] UDF-fs: incorrect dstring lengths (32/32) during mount and fails the mount. This is mostly harmless failure as we don't need volume identification (and even less volume set identification) for anything. So just truncate the volume identification string if it is too long and replace it with 'Invalid' if we just cannot convert it for other reasons. This keeps slightly incorrect media still mountable. CC: stable@vger.kernel.org Fixes: c26f6c615788 ("udf: Fix conversion of 'dstring' fields to UTF8") Reported-and-tested-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-09-07udf: Drop freed bitmap / table supportJan Kara
We don't support Free Space Table and Free Space Bitmap as specified by UDF standard for writing as we don't support erasing blocks before overwriting them. Just drop the handling of these structures as partition descriptor checking code already makes sure such filesystems can be mounted only read-only. Signed-off-by: Jan Kara <jack@suse.cz>
2018-09-07udf: Fix crash during mountJan Kara
Fix a crash during an attempt to mount a filesystem that has both Unallocated Space Table and Unallocated Space Bitmap. Such filesystem actually violates the UDF standard so we just have to properly detect such situation and refuse to mount such filesystem read-write. When we are at it, verify also other constraints on the allocation information mandated by the standard. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-09-07udf: Prevent write-unsupported filesystem to be remounted read-writeJan Kara
There are certain filesystem features which we support for reading but not for writing. We properly refuse to mount such filesystems read-write however for some features (such as read-only partitions), we don't check for these features when remounting the filesystem from read-only to read-write. Thus such filesystems could be remounted read-write leading to strange behavior (most likely crashes). Fix the problem by marking in superblock whether the filesystem has some features that are supported in read-only mode and check this flag during remount. Signed-off-by: Jan Kara <jack@suse.cz>
2018-08-24udf: Fix mounting of Win7 created UDF filesystemsJan Kara
Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not handle this well as it incorrectly assumes that partition numbers will form mostly contiguous space of small numbers. This results in unmountable media due to errors like: UDF-fs: error (device dm-1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 UDF-fs: warning (device dm-1): udf_fill_super: No fileset found Fix the problem by handling partition descriptors in a way that sparse partition numbering does not matter. Reported-and-tested-by: jean-luc malet <jeanluc.malet@gmail.com> CC: stable@vger.kernel.org Fixes: 7b78fd02fb19530fd101ae137a1f46aa466d9bb6 Signed-off-by: Jan Kara <jack@suse.cz>
2018-08-24udf: Remove dead code from udf_find_fileset()Jan Kara
Remove dead code and slightly simplify code in udf_find_fileset(). Signed-off-by: Jan Kara <jack@suse.cz>
2018-06-27udf: convert inode stamps to timespec64Arnd Bergmann
The VFS structures are finally converted to always use 64-bit timestamps, and this file system can represent a long range of on-disk timestamps already, so now let's fit in the missing bits for udf. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jan Kara <jack@suse.cz>
2018-06-15Merge tag 'vfs-timespec64' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground Pull inode timestamps conversion to timespec64 from Arnd Bergmann: "This is a late set of changes from Deepa Dinamani doing an automated treewide conversion of the inode and iattr structures from 'timespec' to 'timespec64', to push the conversion from the VFS layer into the individual file systems. As Deepa writes: 'The series aims to switch vfs timestamps to use struct timespec64. Currently vfs uses struct timespec, which is not y2038 safe. The series involves the following: 1. Add vfs helper functions for supporting struct timepec64 timestamps. 2. Cast prints of vfs timestamps to avoid warnings after the switch. 3. Simplify code using vfs timestamps so that the actual replacement becomes easy. 4. Convert vfs timestamps to use struct timespec64 using a script. This is a flag day patch. Next steps: 1. Convert APIs that can handle timespec64, instead of converting timestamps at the boundaries. 2. Update internal data structures to avoid timestamp conversions' Thomas Gleixner adds: 'I think there is no point to drag that out for the next merge window. The whole thing needs to be done in one go for the core changes which means that you're going to play that catchup game forever. Let's get over with it towards the end of the merge window'" * tag 'vfs-timespec64' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground: pstore: Remove bogus format string definition vfs: change inode times to use struct timespec64 pstore: Convert internal records to timespec64 udf: Simplify calls to udf_disk_stamp_to_time fs: nfs: get rid of memcpys for inode times ceph: make inode time prints to be long long lustre: Use long long type to print inode time fs: add timespec64_truncate()
2018-06-12treewide: kzalloc() -> kcalloc()Kees Cook
The kzalloc() function has a 2-factor argument form, kcalloc(). This patch replaces cases of: kzalloc(a * b, gfp) with: kcalloc(a * b, gfp) as well as handling cases of: kzalloc(a * b * c, gfp) with: kzalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kzalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kzalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kzalloc( - sizeof(u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kzalloc( - sizeof(char) * COUNT + COUNT , ...) | kzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kzalloc + kcalloc ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kzalloc(C1 * C2 * C3, ...) | kzalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kzalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kzalloc(sizeof(THING) * C2, ...) | kzalloc(sizeof(TYPE) * C2, ...) | kzalloc(C1 * C2 * C3, ...) | kzalloc(C1 * C2, ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kzalloc + kcalloc ( - (E1) * E2 + E1, E2 , ...) | - kzalloc + kcalloc ( - (E1) * (E2) + E1, E2 , ...) | - kzalloc + kcalloc ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
2018-05-25udf: Simplify calls to udf_disk_stamp_to_timeDeepa Dinamani
Subsequent patches in the series convert inode timestamps to use struct timespec64 instead of struct timespec as part of solving the y2038 problem. commit fd3cfad374d4 ("udf: Convert udf_disk_stamp_to_time() to use mktime64()") eliminated the NULL return condition from udf_disk_stamp_to_time(). udf_time_to_disk_time() is always called with a valid dest pointer and the return value is ignored. Further, caller can as well check the dest pointer being passed in rather than return argument. Make both the functions return void. This will make the inode timestamp conversion simpler. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Cc: jack@suse.com ---- Changes from v1: * fixed the pointer error pointed by Jan
2018-04-19udf: Convert ident strings to proper charsetJan Kara
iocharset= mount option specifies the character set used on *console* (not on disk). So even dstrings from VRS need to be converted from CS0 to the specified charset and not always UTF-8. This is barely user visible as those strings are shown only in UDF debug messages. CC: Andrew Gabbasov <andrew_gabbasov@mentor.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-04-19udf: Always require NLS supportJan Kara
UDF needs to convert strings between OSTA CS0 charset and standard UTF8. Currently we implement our own utf-16 <-> utf-8 translations which is unnecessary code duplication. Always select NLS so that we can use translation functions from there. Signed-off-by: Jan Kara <jack@suse.cz>
2018-03-02udf: fix potential refcnt problem of nls moduleChengguang Xu
When specifiying iocharset multiple times in a mount or once/multiple in a remount, current option parsing may cause inaccurate refcount of nls module. Also, in the failure cleanup of option parsing, the condition of calling unload_nls is not sufficient. Signed-off-by: Chengguang Xu <cgxu519@icloud.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-03-02udf: Do not mark possibly inconsistent filesystems as closedJan Kara
If logical volume integrity descriptor contains non-closed integrity type when mounting the volume, there are high chances that the volume is not consistent (device was detached before the filesystem was unmounted). Don't touch integrity type of such volume so that fsck can recognize it and check such filesystem. Reported-by: Pali Rohár <pali.rohar@gmail.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-27udf: Remove never implemented mount optionsJan Kara
Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-27udf: Provide saner default for invalid uid / gidJan Kara
Currently when UDF filesystem is recorded without uid / gid (ids are set to -1), we will assign INVALID_[UG]ID to vfs inode unless user uses uid= and gid= mount options. In such case filesystem could not be modified in any way as VFS refuses to modify files with invalid ids (even by root). This is confusing to users and not very useful default since such media mode is generally used for removable media. Use overflow[ug]id instead so that at least root can modify the filesystem. Reported-by: Steve Kenton <skenton@ou.edu> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-27udf: Ignore [ug]id=ignore mount optionsJan Kara
Currently uid=ignore and gid=ignore make no sense without uid=<number> and gid=<number> respectively as they result in all files having invalid uid / gid which then doesn't allow even root to modify files and thus causes confusion. And since commit ca76d2d8031f "UDF: fix UID and GID mount option ignorance" (from over 10 years ago) uid=<number> overrides all uids on disk as uid=ignore does. So just silently ignore uid=ignore mount option. Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-27udf: Fix handling of Partition DescriptorsJan Kara
Current handling of Partition Descriptors in Volume Descriptor Sequence is buggy in several ways. Firstly, it does not take descriptor sequence numbers into account at all, thus any volume making serious use of them would be unmountable. Secondly, it does not handle Volume Descriptor Pointers or Volume Descriptor Sequence without Terminating Descriptor. Fix these problems by properly remembering all Partition Descriptors in the Volume Descriptor Sequence and their sequence numbers. This is made more complicated by the fact that we don't know number of partitions in advance and sequence numbers have to be tracked on per-partition basis. Reported-by: Pali Rohár <pali.rohar@gmail.com> Acked-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-27udf: Unify common handling of descriptorsJan Kara
When scanning Volume Descriptor Sequence, several descriptors have exactly the same handling. Unify it. Acked-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-16udf: Convert descriptor index definitions to enumJan Kara
Convert index definitions from defines to enum. It is a shorter description and easier to modify. Also remove VDS_POS_VOL_DESC_PTR since it is unused. Acked-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-16udf: Allow volume descriptor sequence to be terminated by unrecorded blockJan Kara
According to ECMA-167 3/8.4.2 a volume descriptor sequence can be terminated also by an unrecorded block within the extent of volume descriptor sequence. Currently we errored out in such case making such volumes unmountable. Handle that case by treating any invalid block as a block terminating the sequence. Reported-by: Pali Rohár <pali.rohar@gmail.com> Acked-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
2018-02-16udf: Simplify handling of Volume Descriptor PointersJan Kara
According to ECMA-167 3/8.4.2 Volume Descriptor Pointer is terminating current extent of Volume Descriptor Sequence. Also according to ECMA-167 3/8.4.3 Volume Descriptor Sequence Number is not significant for Volume Descriptor Pointers. Simplify the handling of Volume Descriptor Pointers to take this into account. Acked-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>