fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / libfs.c
blob71fd08fa410301deef23dcc563f9232c92081fa9
1 /*
2 * fs/libfs.c
3 * Library for filesystems writers.
4 */
6 #include <linux/module.h>
7 #include <linux/pagemap.h>
8 #include <linux/mount.h>
9 #include <linux/vfs.h>
10 #include <asm/uaccess.h>
12 int simple_getattr(struct vfsmount *mnt, struct dentry *dentry,
13 struct kstat *stat)
15 struct inode *inode = dentry->d_inode;
16 generic_fillattr(inode, stat);
17 stat->blocks = inode->i_mapping->nrpages << (PAGE_CACHE_SHIFT - 9);
18 return 0;
21 int simple_statfs(struct super_block *sb, struct kstatfs *buf)
23 buf->f_type = sb->s_magic;
24 buf->f_bsize = PAGE_CACHE_SIZE;
25 buf->f_namelen = NAME_MAX;
26 return 0;
30 * Retaining negative dentries for an in-memory filesystem just wastes
31 * memory and lookup time: arrange for them to be deleted immediately.
33 static int simple_delete_dentry(struct dentry *dentry)
35 return 1;
39 * Lookup the data. This is trivial - if the dentry didn't already
40 * exist, we know it is negative. Set d_op to delete negative dentries.
42 struct dentry *simple_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd)
44 static struct dentry_operations simple_dentry_operations = {
45 .d_delete = simple_delete_dentry,
48 if (dentry->d_name.len > NAME_MAX)
49 return ERR_PTR(-ENAMETOOLONG);
50 dentry->d_op = &simple_dentry_operations;
51 d_add(dentry, NULL);
52 return NULL;
55 int simple_sync_file(struct file * file, struct dentry *dentry, int datasync)
57 return 0;
60 int dcache_dir_open(struct inode *inode, struct file *file)
62 static struct qstr cursor_name = {.len = 1, .name = "."};
64 file->private_data = d_alloc(file->f_dentry, &cursor_name);
66 return file->private_data ? 0 : -ENOMEM;
69 int dcache_dir_close(struct inode *inode, struct file *file)
71 dput(file->private_data);
72 return 0;
75 loff_t dcache_dir_lseek(struct file *file, loff_t offset, int origin)
77 mutex_lock(&file->f_dentry->d_inode->i_mutex);
78 switch (origin) {
79 case 1:
80 offset += file->f_pos;
81 case 0:
82 if (offset >= 0)
83 break;
84 default:
85 mutex_unlock(&file->f_dentry->d_inode->i_mutex);
86 return -EINVAL;
88 if (offset != file->f_pos) {
89 file->f_pos = offset;
90 if (file->f_pos >= 2) {
91 struct list_head *p;
92 struct dentry *cursor = file->private_data;
93 loff_t n = file->f_pos - 2;
95 spin_lock(&dcache_lock);
96 list_del(&cursor->d_u.d_child);
97 p = file->f_dentry->d_subdirs.next;
98 while (n && p != &file->f_dentry->d_subdirs) {
99 struct dentry *next;
100 next = list_entry(p, struct dentry, d_u.d_child);
101 if (!d_unhashed(next) && next->d_inode)
102 n--;
103 p = p->next;
105 list_add_tail(&cursor->d_u.d_child, p);
106 spin_unlock(&dcache_lock);
109 mutex_unlock(&file->f_dentry->d_inode->i_mutex);
110 return offset;
113 /* Relationship between i_mode and the DT_xxx types */
114 static inline unsigned char dt_type(struct inode *inode)
116 return (inode->i_mode >> 12) & 15;
120 * Directory is locked and all positive dentries in it are safe, since
121 * for ramfs-type trees they can't go away without unlink() or rmdir(),
122 * both impossible due to the lock on directory.
125 int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
127 struct dentry *dentry = filp->f_dentry;
128 struct dentry *cursor = filp->private_data;
129 struct list_head *p, *q = &cursor->d_u.d_child;
130 ino_t ino;
131 int i = filp->f_pos;
133 switch (i) {
134 case 0:
135 ino = dentry->d_inode->i_ino;
136 if (filldir(dirent, ".", 1, i, ino, DT_DIR) < 0)
137 break;
138 filp->f_pos++;
139 i++;
140 /* fallthrough */
141 case 1:
142 ino = parent_ino(dentry);
143 if (filldir(dirent, "..", 2, i, ino, DT_DIR) < 0)
144 break;
145 filp->f_pos++;
146 i++;
147 /* fallthrough */
148 default:
149 spin_lock(&dcache_lock);
150 if (filp->f_pos == 2) {
151 list_del(q);
152 list_add(q, &dentry->d_subdirs);
154 for (p=q->next; p != &dentry->d_subdirs; p=p->next) {
155 struct dentry *next;
156 next = list_entry(p, struct dentry, d_u.d_child);
157 if (d_unhashed(next) || !next->d_inode)
158 continue;
160 spin_unlock(&dcache_lock);
161 if (filldir(dirent, next->d_name.name, next->d_name.len, filp->f_pos, next->d_inode->i_ino, dt_type(next->d_inode)) < 0)
162 return 0;
163 spin_lock(&dcache_lock);
164 /* next is still alive */
165 list_del(q);
166 list_add(q, p);
167 p = q;
168 filp->f_pos++;
170 spin_unlock(&dcache_lock);
172 return 0;
175 ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t *ppos)
177 return -EISDIR;
180 struct file_operations simple_dir_operations = {
181 .open = dcache_dir_open,
182 .release = dcache_dir_close,
183 .llseek = dcache_dir_lseek,
184 .read = generic_read_dir,
185 .readdir = dcache_readdir,
186 .fsync = simple_sync_file,
189 struct inode_operations simple_dir_inode_operations = {
190 .lookup = simple_lookup,
194 * Common helper for pseudo-filesystems (sockfs, pipefs, bdev - stuff that
195 * will never be mountable)
197 struct super_block *
198 get_sb_pseudo(struct file_system_type *fs_type, char *name,
199 struct super_operations *ops, unsigned long magic)
201 struct super_block *s = sget(fs_type, NULL, set_anon_super, NULL);
202 static struct super_operations default_ops = {.statfs = simple_statfs};
203 struct dentry *dentry;
204 struct inode *root;
205 struct qstr d_name = {.name = name, .len = strlen(name)};
207 if (IS_ERR(s))
208 return s;
210 s->s_flags = MS_NOUSER;
211 s->s_maxbytes = ~0ULL;
212 s->s_blocksize = 1024;
213 s->s_blocksize_bits = 10;
214 s->s_magic = magic;
215 s->s_op = ops ? ops : &default_ops;
216 s->s_time_gran = 1;
217 root = new_inode(s);
218 if (!root)
219 goto Enomem;
220 root->i_mode = S_IFDIR | S_IRUSR | S_IWUSR;
221 root->i_uid = root->i_gid = 0;
222 root->i_atime = root->i_mtime = root->i_ctime = CURRENT_TIME;
223 dentry = d_alloc(NULL, &d_name);
224 if (!dentry) {
225 iput(root);
226 goto Enomem;
228 dentry->d_sb = s;
229 dentry->d_parent = dentry;
230 d_instantiate(dentry, root);
231 s->s_root = dentry;
232 s->s_flags |= MS_ACTIVE;
233 return s;
235 Enomem:
236 up_write(&s->s_umount);
237 deactivate_super(s);
238 return ERR_PTR(-ENOMEM);
241 int simple_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry)
243 struct inode *inode = old_dentry->d_inode;
245 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
246 inode->i_nlink++;
247 atomic_inc(&inode->i_count);
248 dget(dentry);
249 d_instantiate(dentry, inode);
250 return 0;
253 static inline int simple_positive(struct dentry *dentry)
255 return dentry->d_inode && !d_unhashed(dentry);
258 int simple_empty(struct dentry *dentry)
260 struct dentry *child;
261 int ret = 0;
263 spin_lock(&dcache_lock);
264 list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child)
265 if (simple_positive(child))
266 goto out;
267 ret = 1;
268 out:
269 spin_unlock(&dcache_lock);
270 return ret;
273 int simple_unlink(struct inode *dir, struct dentry *dentry)
275 struct inode *inode = dentry->d_inode;
277 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
278 inode->i_nlink--;
279 dput(dentry);
280 return 0;
283 int simple_rmdir(struct inode *dir, struct dentry *dentry)
285 if (!simple_empty(dentry))
286 return -ENOTEMPTY;
288 dentry->d_inode->i_nlink--;
289 simple_unlink(dir, dentry);
290 dir->i_nlink--;
291 return 0;
294 int simple_rename(struct inode *old_dir, struct dentry *old_dentry,
295 struct inode *new_dir, struct dentry *new_dentry)
297 struct inode *inode = old_dentry->d_inode;
298 int they_are_dirs = S_ISDIR(old_dentry->d_inode->i_mode);
300 if (!simple_empty(new_dentry))
301 return -ENOTEMPTY;
303 if (new_dentry->d_inode) {
304 simple_unlink(new_dir, new_dentry);
305 if (they_are_dirs)
306 old_dir->i_nlink--;
307 } else if (they_are_dirs) {
308 old_dir->i_nlink--;
309 new_dir->i_nlink++;
312 old_dir->i_ctime = old_dir->i_mtime = new_dir->i_ctime =
313 new_dir->i_mtime = inode->i_ctime = CURRENT_TIME;
315 return 0;
318 int simple_readpage(struct file *file, struct page *page)
320 void *kaddr;
322 if (PageUptodate(page))
323 goto out;
325 kaddr = kmap_atomic(page, KM_USER0);
326 memset(kaddr, 0, PAGE_CACHE_SIZE);
327 kunmap_atomic(kaddr, KM_USER0);
328 flush_dcache_page(page);
329 SetPageUptodate(page);
330 out:
331 unlock_page(page);
332 return 0;
335 int simple_prepare_write(struct file *file, struct page *page,
336 unsigned from, unsigned to)
338 if (!PageUptodate(page)) {
339 if (to - from != PAGE_CACHE_SIZE) {
340 void *kaddr = kmap_atomic(page, KM_USER0);
341 memset(kaddr, 0, from);
342 memset(kaddr + to, 0, PAGE_CACHE_SIZE - to);
343 flush_dcache_page(page);
344 kunmap_atomic(kaddr, KM_USER0);
346 SetPageUptodate(page);
348 return 0;
351 int simple_commit_write(struct file *file, struct page *page,
352 unsigned offset, unsigned to)
354 struct inode *inode = page->mapping->host;
355 loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to;
358 * No need to use i_size_read() here, the i_size
359 * cannot change under us because we hold the i_mutex.
361 if (pos > inode->i_size)
362 i_size_write(inode, pos);
363 set_page_dirty(page);
364 return 0;
367 int simple_fill_super(struct super_block *s, int magic, struct tree_descr *files)
369 static struct super_operations s_ops = {.statfs = simple_statfs};
370 struct inode *inode;
371 struct dentry *root;
372 struct dentry *dentry;
373 int i;
375 s->s_blocksize = PAGE_CACHE_SIZE;
376 s->s_blocksize_bits = PAGE_CACHE_SHIFT;
377 s->s_magic = magic;
378 s->s_op = &s_ops;
379 s->s_time_gran = 1;
381 inode = new_inode(s);
382 if (!inode)
383 return -ENOMEM;
384 inode->i_mode = S_IFDIR | 0755;
385 inode->i_uid = inode->i_gid = 0;
386 inode->i_blksize = PAGE_CACHE_SIZE;
387 inode->i_blocks = 0;
388 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
389 inode->i_op = &simple_dir_inode_operations;
390 inode->i_fop = &simple_dir_operations;
391 inode->i_nlink = 2;
392 root = d_alloc_root(inode);
393 if (!root) {
394 iput(inode);
395 return -ENOMEM;
397 for (i = 0; !files->name || files->name[0]; i++, files++) {
398 if (!files->name)
399 continue;
400 dentry = d_alloc_name(root, files->name);
401 if (!dentry)
402 goto out;
403 inode = new_inode(s);
404 if (!inode)
405 goto out;
406 inode->i_mode = S_IFREG | files->mode;
407 inode->i_uid = inode->i_gid = 0;
408 inode->i_blksize = PAGE_CACHE_SIZE;
409 inode->i_blocks = 0;
410 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
411 inode->i_fop = files->ops;
412 inode->i_ino = i;
413 d_add(dentry, inode);
415 s->s_root = root;
416 return 0;
417 out:
418 d_genocide(root);
419 dput(root);
420 return -ENOMEM;
423 static DEFINE_SPINLOCK(pin_fs_lock);
425 int simple_pin_fs(char *name, struct vfsmount **mount, int *count)
427 struct vfsmount *mnt = NULL;
428 spin_lock(&pin_fs_lock);
429 if (unlikely(!*mount)) {
430 spin_unlock(&pin_fs_lock);
431 mnt = do_kern_mount(name, 0, name, NULL);
432 if (IS_ERR(mnt))
433 return PTR_ERR(mnt);
434 spin_lock(&pin_fs_lock);
435 if (!*mount)
436 *mount = mnt;
438 mntget(*mount);
439 ++*count;
440 spin_unlock(&pin_fs_lock);
441 mntput(mnt);
442 return 0;
445 void simple_release_fs(struct vfsmount **mount, int *count)
447 struct vfsmount *mnt;
448 spin_lock(&pin_fs_lock);
449 mnt = *mount;
450 if (!--*count)
451 *mount = NULL;
452 spin_unlock(&pin_fs_lock);
453 mntput(mnt);
456 ssize_t simple_read_from_buffer(void __user *to, size_t count, loff_t *ppos,
457 const void *from, size_t available)
459 loff_t pos = *ppos;
460 if (pos < 0)
461 return -EINVAL;
462 if (pos >= available)
463 return 0;
464 if (count > available - pos)
465 count = available - pos;
466 if (copy_to_user(to, from + pos, count))
467 return -EFAULT;
468 *ppos = pos + count;
469 return count;
473 * Transaction based IO.
474 * The file expects a single write which triggers the transaction, and then
475 * possibly a read which collects the result - which is stored in a
476 * file-local buffer.
478 char *simple_transaction_get(struct file *file, const char __user *buf, size_t size)
480 struct simple_transaction_argresp *ar;
481 static DEFINE_SPINLOCK(simple_transaction_lock);
483 if (size > SIMPLE_TRANSACTION_LIMIT - 1)
484 return ERR_PTR(-EFBIG);
486 ar = (struct simple_transaction_argresp *)get_zeroed_page(GFP_KERNEL);
487 if (!ar)
488 return ERR_PTR(-ENOMEM);
490 spin_lock(&simple_transaction_lock);
492 /* only one write allowed per open */
493 if (file->private_data) {
494 spin_unlock(&simple_transaction_lock);
495 free_page((unsigned long)ar);
496 return ERR_PTR(-EBUSY);
499 file->private_data = ar;
501 spin_unlock(&simple_transaction_lock);
503 if (copy_from_user(ar->data, buf, size))
504 return ERR_PTR(-EFAULT);
506 return ar->data;
509 ssize_t simple_transaction_read(struct file *file, char __user *buf, size_t size, loff_t *pos)
511 struct simple_transaction_argresp *ar = file->private_data;
513 if (!ar)
514 return 0;
515 return simple_read_from_buffer(buf, size, pos, ar->data, ar->size);
518 int simple_transaction_release(struct inode *inode, struct file *file)
520 free_page((unsigned long)file->private_data);
521 return 0;
524 /* Simple attribute files */
526 struct simple_attr {
527 u64 (*get)(void *);
528 void (*set)(void *, u64);
529 char get_buf[24]; /* enough to store a u64 and "\n\0" */
530 char set_buf[24];
531 void *data;
532 const char *fmt; /* format for read operation */
533 struct semaphore sem; /* protects access to these buffers */
536 /* simple_attr_open is called by an actual attribute open file operation
537 * to set the attribute specific access operations. */
538 int simple_attr_open(struct inode *inode, struct file *file,
539 u64 (*get)(void *), void (*set)(void *, u64),
540 const char *fmt)
542 struct simple_attr *attr;
544 attr = kmalloc(sizeof(*attr), GFP_KERNEL);
545 if (!attr)
546 return -ENOMEM;
548 attr->get = get;
549 attr->set = set;
550 attr->data = inode->u.generic_ip;
551 attr->fmt = fmt;
552 init_MUTEX(&attr->sem);
554 file->private_data = attr;
556 return nonseekable_open(inode, file);
559 int simple_attr_close(struct inode *inode, struct file *file)
561 kfree(file->private_data);
562 return 0;
565 /* read from the buffer that is filled with the get function */
566 ssize_t simple_attr_read(struct file *file, char __user *buf,
567 size_t len, loff_t *ppos)
569 struct simple_attr *attr;
570 size_t size;
571 ssize_t ret;
573 attr = file->private_data;
575 if (!attr->get)
576 return -EACCES;
578 down(&attr->sem);
579 if (*ppos) /* continued read */
580 size = strlen(attr->get_buf);
581 else /* first read */
582 size = scnprintf(attr->get_buf, sizeof(attr->get_buf),
583 attr->fmt,
584 (unsigned long long)attr->get(attr->data));
586 ret = simple_read_from_buffer(buf, len, ppos, attr->get_buf, size);
587 up(&attr->sem);
588 return ret;
591 /* interpret the buffer as a number to call the set function with */
592 ssize_t simple_attr_write(struct file *file, const char __user *buf,
593 size_t len, loff_t *ppos)
595 struct simple_attr *attr;
596 u64 val;
597 size_t size;
598 ssize_t ret;
600 attr = file->private_data;
602 if (!attr->set)
603 return -EACCES;
605 down(&attr->sem);
606 ret = -EFAULT;
607 size = min(sizeof(attr->set_buf) - 1, len);
608 if (copy_from_user(attr->set_buf, buf, size))
609 goto out;
611 ret = len; /* claim we got the whole input */
612 attr->set_buf[size] = '\0';
613 val = simple_strtol(attr->set_buf, NULL, 0);
614 attr->set(attr->data, val);
615 out:
616 up(&attr->sem);
617 return ret;
620 EXPORT_SYMBOL(dcache_dir_close);
621 EXPORT_SYMBOL(dcache_dir_lseek);
622 EXPORT_SYMBOL(dcache_dir_open);
623 EXPORT_SYMBOL(dcache_readdir);
624 EXPORT_SYMBOL(generic_read_dir);
625 EXPORT_SYMBOL(get_sb_pseudo);
626 EXPORT_SYMBOL(simple_commit_write);
627 EXPORT_SYMBOL(simple_dir_inode_operations);
628 EXPORT_SYMBOL(simple_dir_operations);
629 EXPORT_SYMBOL(simple_empty);
630 EXPORT_SYMBOL(d_alloc_name);
631 EXPORT_SYMBOL(simple_fill_super);
632 EXPORT_SYMBOL(simple_getattr);
633 EXPORT_SYMBOL(simple_link);
634 EXPORT_SYMBOL(simple_lookup);
635 EXPORT_SYMBOL(simple_pin_fs);
636 EXPORT_SYMBOL(simple_prepare_write);
637 EXPORT_SYMBOL(simple_readpage);
638 EXPORT_SYMBOL(simple_release_fs);
639 EXPORT_SYMBOL(simple_rename);
640 EXPORT_SYMBOL(simple_rmdir);
641 EXPORT_SYMBOL(simple_statfs);
642 EXPORT_SYMBOL(simple_sync_file);
643 EXPORT_SYMBOL(simple_unlink);
644 EXPORT_SYMBOL(simple_read_from_buffer);
645 EXPORT_SYMBOL(simple_transaction_get);
646 EXPORT_SYMBOL(simple_transaction_read);
647 EXPORT_SYMBOL(simple_transaction_release);
648 EXPORT_SYMBOL_GPL(simple_attr_open);
649 EXPORT_SYMBOL_GPL(simple_attr_close);
650 EXPORT_SYMBOL_GPL(simple_attr_read);
651 EXPORT_SYMBOL_GPL(simple_attr_write);