security: filesystem capabilities refactor kernel code
[linux-2.6/mini2440.git] / fs / isofs / rock.c
blob6bd48f0a7047d7560f06492dfe57e53141be6a17
1 /*
2 * linux/fs/isofs/rock.c
4 * (C) 1992, 1993 Eric Youngdale
6 * Rock Ridge Extensions to iso9660
7 */
9 #include <linux/slab.h>
10 #include <linux/pagemap.h>
11 #include <linux/smp_lock.h>
13 #include "isofs.h"
14 #include "rock.h"
17 * These functions are designed to read the system areas of a directory record
18 * and extract relevant information. There are different functions provided
19 * depending upon what information we need at the time. One function fills
20 * out an inode structure, a second one extracts a filename, a third one
21 * returns a symbolic link name, and a fourth one returns the extent number
22 * for the file.
25 #define SIG(A,B) ((A) | ((B) << 8)) /* isonum_721() */
27 struct rock_state {
28 void *buffer;
29 unsigned char *chr;
30 int len;
31 int cont_size;
32 int cont_extent;
33 int cont_offset;
34 struct inode *inode;
38 * This is a way of ensuring that we have something in the system
39 * use fields that is compatible with Rock Ridge. Return zero on success.
42 static int check_sp(struct rock_ridge *rr, struct inode *inode)
44 if (rr->u.SP.magic[0] != 0xbe)
45 return -1;
46 if (rr->u.SP.magic[1] != 0xef)
47 return -1;
48 ISOFS_SB(inode->i_sb)->s_rock_offset = rr->u.SP.skip;
49 return 0;
52 static void setup_rock_ridge(struct iso_directory_record *de,
53 struct inode *inode, struct rock_state *rs)
55 rs->len = sizeof(struct iso_directory_record) + de->name_len[0];
56 if (rs->len & 1)
57 (rs->len)++;
58 rs->chr = (unsigned char *)de + rs->len;
59 rs->len = *((unsigned char *)de) - rs->len;
60 if (rs->len < 0)
61 rs->len = 0;
63 if (ISOFS_SB(inode->i_sb)->s_rock_offset != -1) {
64 rs->len -= ISOFS_SB(inode->i_sb)->s_rock_offset;
65 rs->chr += ISOFS_SB(inode->i_sb)->s_rock_offset;
66 if (rs->len < 0)
67 rs->len = 0;
71 static void init_rock_state(struct rock_state *rs, struct inode *inode)
73 memset(rs, 0, sizeof(*rs));
74 rs->inode = inode;
78 * Returns 0 if the caller should continue scanning, 1 if the scan must end
79 * and -ve on error.
81 static int rock_continue(struct rock_state *rs)
83 int ret = 1;
84 int blocksize = 1 << rs->inode->i_blkbits;
85 const int min_de_size = offsetof(struct rock_ridge, u);
87 kfree(rs->buffer);
88 rs->buffer = NULL;
90 if ((unsigned)rs->cont_offset > blocksize - min_de_size ||
91 (unsigned)rs->cont_size > blocksize ||
92 (unsigned)(rs->cont_offset + rs->cont_size) > blocksize) {
93 printk(KERN_NOTICE "rock: corrupted directory entry. "
94 "extent=%d, offset=%d, size=%d\n",
95 rs->cont_extent, rs->cont_offset, rs->cont_size);
96 ret = -EIO;
97 goto out;
100 if (rs->cont_extent) {
101 struct buffer_head *bh;
103 rs->buffer = kmalloc(rs->cont_size, GFP_KERNEL);
104 if (!rs->buffer) {
105 ret = -ENOMEM;
106 goto out;
108 ret = -EIO;
109 bh = sb_bread(rs->inode->i_sb, rs->cont_extent);
110 if (bh) {
111 memcpy(rs->buffer, bh->b_data + rs->cont_offset,
112 rs->cont_size);
113 put_bh(bh);
114 rs->chr = rs->buffer;
115 rs->len = rs->cont_size;
116 rs->cont_extent = 0;
117 rs->cont_size = 0;
118 rs->cont_offset = 0;
119 return 0;
121 printk("Unable to read rock-ridge attributes\n");
123 out:
124 kfree(rs->buffer);
125 rs->buffer = NULL;
126 return ret;
130 * We think there's a record of type `sig' at rs->chr. Parse the signature
131 * and make sure that there's really room for a record of that type.
133 static int rock_check_overflow(struct rock_state *rs, int sig)
135 int len;
137 switch (sig) {
138 case SIG('S', 'P'):
139 len = sizeof(struct SU_SP_s);
140 break;
141 case SIG('C', 'E'):
142 len = sizeof(struct SU_CE_s);
143 break;
144 case SIG('E', 'R'):
145 len = sizeof(struct SU_ER_s);
146 break;
147 case SIG('R', 'R'):
148 len = sizeof(struct RR_RR_s);
149 break;
150 case SIG('P', 'X'):
151 len = sizeof(struct RR_PX_s);
152 break;
153 case SIG('P', 'N'):
154 len = sizeof(struct RR_PN_s);
155 break;
156 case SIG('S', 'L'):
157 len = sizeof(struct RR_SL_s);
158 break;
159 case SIG('N', 'M'):
160 len = sizeof(struct RR_NM_s);
161 break;
162 case SIG('C', 'L'):
163 len = sizeof(struct RR_CL_s);
164 break;
165 case SIG('P', 'L'):
166 len = sizeof(struct RR_PL_s);
167 break;
168 case SIG('T', 'F'):
169 len = sizeof(struct RR_TF_s);
170 break;
171 case SIG('Z', 'F'):
172 len = sizeof(struct RR_ZF_s);
173 break;
174 default:
175 len = 0;
176 break;
178 len += offsetof(struct rock_ridge, u);
179 if (len > rs->len) {
180 printk(KERN_NOTICE "rock: directory entry would overflow "
181 "storage\n");
182 printk(KERN_NOTICE "rock: sig=0x%02x, size=%d, remaining=%d\n",
183 sig, len, rs->len);
184 return -EIO;
186 return 0;
190 * return length of name field; 0: not found, -1: to be ignored
192 int get_rock_ridge_filename(struct iso_directory_record *de,
193 char *retname, struct inode *inode)
195 struct rock_state rs;
196 struct rock_ridge *rr;
197 int sig;
198 int retnamlen = 0;
199 int truncate = 0;
200 int ret = 0;
202 if (!ISOFS_SB(inode->i_sb)->s_rock)
203 return 0;
204 *retname = 0;
206 init_rock_state(&rs, inode);
207 setup_rock_ridge(de, inode, &rs);
208 repeat:
210 while (rs.len > 2) { /* There may be one byte for padding somewhere */
211 rr = (struct rock_ridge *)rs.chr;
212 if (rr->len < 3)
213 goto out; /* Something got screwed up here */
214 sig = isonum_721(rs.chr);
215 if (rock_check_overflow(&rs, sig))
216 goto eio;
217 rs.chr += rr->len;
218 rs.len -= rr->len;
219 if (rs.len < 0)
220 goto eio; /* corrupted isofs */
222 switch (sig) {
223 case SIG('R', 'R'):
224 if ((rr->u.RR.flags[0] & RR_NM) == 0)
225 goto out;
226 break;
227 case SIG('S', 'P'):
228 if (check_sp(rr, inode))
229 goto out;
230 break;
231 case SIG('C', 'E'):
232 rs.cont_extent = isonum_733(rr->u.CE.extent);
233 rs.cont_offset = isonum_733(rr->u.CE.offset);
234 rs.cont_size = isonum_733(rr->u.CE.size);
235 break;
236 case SIG('N', 'M'):
237 if (truncate)
238 break;
239 if (rr->len < 5)
240 break;
242 * If the flags are 2 or 4, this indicates '.' or '..'.
243 * We don't want to do anything with this, because it
244 * screws up the code that calls us. We don't really
245 * care anyways, since we can just use the non-RR
246 * name.
248 if (rr->u.NM.flags & 6)
249 break;
251 if (rr->u.NM.flags & ~1) {
252 printk("Unsupported NM flag settings (%d)\n",
253 rr->u.NM.flags);
254 break;
256 if ((strlen(retname) + rr->len - 5) >= 254) {
257 truncate = 1;
258 break;
260 strncat(retname, rr->u.NM.name, rr->len - 5);
261 retnamlen += rr->len - 5;
262 break;
263 case SIG('R', 'E'):
264 kfree(rs.buffer);
265 return -1;
266 default:
267 break;
270 ret = rock_continue(&rs);
271 if (ret == 0)
272 goto repeat;
273 if (ret == 1)
274 return retnamlen; /* If 0, this file did not have a NM field */
275 out:
276 kfree(rs.buffer);
277 return ret;
278 eio:
279 ret = -EIO;
280 goto out;
283 static int
284 parse_rock_ridge_inode_internal(struct iso_directory_record *de,
285 struct inode *inode, int regard_xa)
287 int symlink_len = 0;
288 int cnt, sig;
289 struct inode *reloc;
290 struct rock_ridge *rr;
291 int rootflag;
292 struct rock_state rs;
293 int ret = 0;
295 if (!ISOFS_SB(inode->i_sb)->s_rock)
296 return 0;
298 init_rock_state(&rs, inode);
299 setup_rock_ridge(de, inode, &rs);
300 if (regard_xa) {
301 rs.chr += 14;
302 rs.len -= 14;
303 if (rs.len < 0)
304 rs.len = 0;
307 repeat:
308 while (rs.len > 2) { /* There may be one byte for padding somewhere */
309 rr = (struct rock_ridge *)rs.chr;
310 if (rr->len < 3)
311 goto out; /* Something got screwed up here */
312 sig = isonum_721(rs.chr);
313 if (rock_check_overflow(&rs, sig))
314 goto eio;
315 rs.chr += rr->len;
316 rs.len -= rr->len;
317 if (rs.len < 0)
318 goto eio; /* corrupted isofs */
320 switch (sig) {
321 #ifndef CONFIG_ZISOFS /* No flag for SF or ZF */
322 case SIG('R', 'R'):
323 if ((rr->u.RR.flags[0] &
324 (RR_PX | RR_TF | RR_SL | RR_CL)) == 0)
325 goto out;
326 break;
327 #endif
328 case SIG('S', 'P'):
329 if (check_sp(rr, inode))
330 goto out;
331 break;
332 case SIG('C', 'E'):
333 rs.cont_extent = isonum_733(rr->u.CE.extent);
334 rs.cont_offset = isonum_733(rr->u.CE.offset);
335 rs.cont_size = isonum_733(rr->u.CE.size);
336 break;
337 case SIG('E', 'R'):
338 ISOFS_SB(inode->i_sb)->s_rock = 1;
339 printk(KERN_DEBUG "ISO 9660 Extensions: ");
341 int p;
342 for (p = 0; p < rr->u.ER.len_id; p++)
343 printk("%c", rr->u.ER.data[p]);
345 printk("\n");
346 break;
347 case SIG('P', 'X'):
348 inode->i_mode = isonum_733(rr->u.PX.mode);
349 inode->i_nlink = isonum_733(rr->u.PX.n_links);
350 inode->i_uid = isonum_733(rr->u.PX.uid);
351 inode->i_gid = isonum_733(rr->u.PX.gid);
352 break;
353 case SIG('P', 'N'):
355 int high, low;
356 high = isonum_733(rr->u.PN.dev_high);
357 low = isonum_733(rr->u.PN.dev_low);
359 * The Rock Ridge standard specifies that if
360 * sizeof(dev_t) <= 4, then the high field is
361 * unused, and the device number is completely
362 * stored in the low field. Some writers may
363 * ignore this subtlety,
364 * and as a result we test to see if the entire
365 * device number is
366 * stored in the low field, and use that.
368 if ((low & ~0xff) && high == 0) {
369 inode->i_rdev =
370 MKDEV(low >> 8, low & 0xff);
371 } else {
372 inode->i_rdev =
373 MKDEV(high, low);
376 break;
377 case SIG('T', 'F'):
379 * Some RRIP writers incorrectly place ctime in the
380 * TF_CREATE field. Try to handle this correctly for
381 * either case.
383 /* Rock ridge never appears on a High Sierra disk */
384 cnt = 0;
385 if (rr->u.TF.flags & TF_CREATE) {
386 inode->i_ctime.tv_sec =
387 iso_date(rr->u.TF.times[cnt++].time,
389 inode->i_ctime.tv_nsec = 0;
391 if (rr->u.TF.flags & TF_MODIFY) {
392 inode->i_mtime.tv_sec =
393 iso_date(rr->u.TF.times[cnt++].time,
395 inode->i_mtime.tv_nsec = 0;
397 if (rr->u.TF.flags & TF_ACCESS) {
398 inode->i_atime.tv_sec =
399 iso_date(rr->u.TF.times[cnt++].time,
401 inode->i_atime.tv_nsec = 0;
403 if (rr->u.TF.flags & TF_ATTRIBUTES) {
404 inode->i_ctime.tv_sec =
405 iso_date(rr->u.TF.times[cnt++].time,
407 inode->i_ctime.tv_nsec = 0;
409 break;
410 case SIG('S', 'L'):
412 int slen;
413 struct SL_component *slp;
414 struct SL_component *oldslp;
415 slen = rr->len - 5;
416 slp = &rr->u.SL.link;
417 inode->i_size = symlink_len;
418 while (slen > 1) {
419 rootflag = 0;
420 switch (slp->flags & ~1) {
421 case 0:
422 inode->i_size +=
423 slp->len;
424 break;
425 case 2:
426 inode->i_size += 1;
427 break;
428 case 4:
429 inode->i_size += 2;
430 break;
431 case 8:
432 rootflag = 1;
433 inode->i_size += 1;
434 break;
435 default:
436 printk("Symlink component flag "
437 "not implemented\n");
439 slen -= slp->len + 2;
440 oldslp = slp;
441 slp = (struct SL_component *)
442 (((char *)slp) + slp->len + 2);
444 if (slen < 2) {
445 if (((rr->u.SL.
446 flags & 1) != 0)
448 ((oldslp->
449 flags & 1) == 0))
450 inode->i_size +=
452 break;
456 * If this component record isn't
457 * continued, then append a '/'.
459 if (!rootflag
460 && (oldslp->flags & 1) == 0)
461 inode->i_size += 1;
464 symlink_len = inode->i_size;
465 break;
466 case SIG('R', 'E'):
467 printk(KERN_WARNING "Attempt to read inode for "
468 "relocated directory\n");
469 goto out;
470 case SIG('C', 'L'):
471 ISOFS_I(inode)->i_first_extent =
472 isonum_733(rr->u.CL.location);
473 reloc =
474 isofs_iget(inode->i_sb,
475 ISOFS_I(inode)->i_first_extent,
477 if (IS_ERR(reloc)) {
478 ret = PTR_ERR(reloc);
479 goto out;
481 inode->i_mode = reloc->i_mode;
482 inode->i_nlink = reloc->i_nlink;
483 inode->i_uid = reloc->i_uid;
484 inode->i_gid = reloc->i_gid;
485 inode->i_rdev = reloc->i_rdev;
486 inode->i_size = reloc->i_size;
487 inode->i_blocks = reloc->i_blocks;
488 inode->i_atime = reloc->i_atime;
489 inode->i_ctime = reloc->i_ctime;
490 inode->i_mtime = reloc->i_mtime;
491 iput(reloc);
492 break;
493 #ifdef CONFIG_ZISOFS
494 case SIG('Z', 'F'): {
495 int algo;
497 if (ISOFS_SB(inode->i_sb)->s_nocompress)
498 break;
499 algo = isonum_721(rr->u.ZF.algorithm);
500 if (algo == SIG('p', 'z')) {
501 int block_shift =
502 isonum_711(&rr->u.ZF.parms[1]);
503 if (block_shift < PAGE_CACHE_SHIFT
504 || block_shift > 17) {
505 printk(KERN_WARNING "isofs: "
506 "Can't handle ZF block "
507 "size of 2^%d\n",
508 block_shift);
509 } else {
511 * Note: we don't change
512 * i_blocks here
514 ISOFS_I(inode)->i_file_format =
515 isofs_file_compressed;
517 * Parameters to compression
518 * algorithm (header size,
519 * block size)
521 ISOFS_I(inode)->i_format_parm[0] =
522 isonum_711(&rr->u.ZF.parms[0]);
523 ISOFS_I(inode)->i_format_parm[1] =
524 isonum_711(&rr->u.ZF.parms[1]);
525 inode->i_size =
526 isonum_733(rr->u.ZF.
527 real_size);
529 } else {
530 printk(KERN_WARNING
531 "isofs: Unknown ZF compression "
532 "algorithm: %c%c\n",
533 rr->u.ZF.algorithm[0],
534 rr->u.ZF.algorithm[1]);
536 break;
538 #endif
539 default:
540 break;
543 ret = rock_continue(&rs);
544 if (ret == 0)
545 goto repeat;
546 if (ret == 1)
547 ret = 0;
548 out:
549 kfree(rs.buffer);
550 return ret;
551 eio:
552 ret = -EIO;
553 goto out;
556 static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
558 int slen;
559 int rootflag;
560 struct SL_component *oldslp;
561 struct SL_component *slp;
562 slen = rr->len - 5;
563 slp = &rr->u.SL.link;
564 while (slen > 1) {
565 rootflag = 0;
566 switch (slp->flags & ~1) {
567 case 0:
568 if (slp->len > plimit - rpnt)
569 return NULL;
570 memcpy(rpnt, slp->text, slp->len);
571 rpnt += slp->len;
572 break;
573 case 2:
574 if (rpnt >= plimit)
575 return NULL;
576 *rpnt++ = '.';
577 break;
578 case 4:
579 if (2 > plimit - rpnt)
580 return NULL;
581 *rpnt++ = '.';
582 *rpnt++ = '.';
583 break;
584 case 8:
585 if (rpnt >= plimit)
586 return NULL;
587 rootflag = 1;
588 *rpnt++ = '/';
589 break;
590 default:
591 printk("Symlink component flag not implemented (%d)\n",
592 slp->flags);
594 slen -= slp->len + 2;
595 oldslp = slp;
596 slp = (struct SL_component *)((char *)slp + slp->len + 2);
598 if (slen < 2) {
600 * If there is another SL record, and this component
601 * record isn't continued, then add a slash.
603 if ((!rootflag) && (rr->u.SL.flags & 1) &&
604 !(oldslp->flags & 1)) {
605 if (rpnt >= plimit)
606 return NULL;
607 *rpnt++ = '/';
609 break;
613 * If this component record isn't continued, then append a '/'.
615 if (!rootflag && !(oldslp->flags & 1)) {
616 if (rpnt >= plimit)
617 return NULL;
618 *rpnt++ = '/';
621 return rpnt;
624 int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
626 int result = parse_rock_ridge_inode_internal(de, inode, 0);
629 * if rockridge flag was reset and we didn't look for attributes
630 * behind eventual XA attributes, have a look there
632 if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
633 && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
634 result = parse_rock_ridge_inode_internal(de, inode, 14);
636 return result;
640 * readpage() for symlinks: reads symlink contents into the page and either
641 * makes it uptodate and returns 0 or returns error (-EIO)
643 static int rock_ridge_symlink_readpage(struct file *file, struct page *page)
645 struct inode *inode = page->mapping->host;
646 struct iso_inode_info *ei = ISOFS_I(inode);
647 char *link = kmap(page);
648 unsigned long bufsize = ISOFS_BUFFER_SIZE(inode);
649 struct buffer_head *bh;
650 char *rpnt = link;
651 unsigned char *pnt;
652 struct iso_directory_record *raw_de;
653 unsigned long block, offset;
654 int sig;
655 struct rock_ridge *rr;
656 struct rock_state rs;
657 int ret;
659 if (!ISOFS_SB(inode->i_sb)->s_rock)
660 goto error;
662 init_rock_state(&rs, inode);
663 block = ei->i_iget5_block;
664 lock_kernel();
665 bh = sb_bread(inode->i_sb, block);
666 if (!bh)
667 goto out_noread;
669 offset = ei->i_iget5_offset;
670 pnt = (unsigned char *)bh->b_data + offset;
672 raw_de = (struct iso_directory_record *)pnt;
675 * If we go past the end of the buffer, there is some sort of error.
677 if (offset + *pnt > bufsize)
678 goto out_bad_span;
681 * Now test for possible Rock Ridge extensions which will override
682 * some of these numbers in the inode structure.
685 setup_rock_ridge(raw_de, inode, &rs);
687 repeat:
688 while (rs.len > 2) { /* There may be one byte for padding somewhere */
689 rr = (struct rock_ridge *)rs.chr;
690 if (rr->len < 3)
691 goto out; /* Something got screwed up here */
692 sig = isonum_721(rs.chr);
693 if (rock_check_overflow(&rs, sig))
694 goto out;
695 rs.chr += rr->len;
696 rs.len -= rr->len;
697 if (rs.len < 0)
698 goto out; /* corrupted isofs */
700 switch (sig) {
701 case SIG('R', 'R'):
702 if ((rr->u.RR.flags[0] & RR_SL) == 0)
703 goto out;
704 break;
705 case SIG('S', 'P'):
706 if (check_sp(rr, inode))
707 goto out;
708 break;
709 case SIG('S', 'L'):
710 rpnt = get_symlink_chunk(rpnt, rr,
711 link + (PAGE_SIZE - 1));
712 if (rpnt == NULL)
713 goto out;
714 break;
715 case SIG('C', 'E'):
716 /* This tells is if there is a continuation record */
717 rs.cont_extent = isonum_733(rr->u.CE.extent);
718 rs.cont_offset = isonum_733(rr->u.CE.offset);
719 rs.cont_size = isonum_733(rr->u.CE.size);
720 default:
721 break;
724 ret = rock_continue(&rs);
725 if (ret == 0)
726 goto repeat;
727 if (ret < 0)
728 goto fail;
730 if (rpnt == link)
731 goto fail;
732 brelse(bh);
733 *rpnt = '\0';
734 unlock_kernel();
735 SetPageUptodate(page);
736 kunmap(page);
737 unlock_page(page);
738 return 0;
740 /* error exit from macro */
741 out:
742 kfree(rs.buffer);
743 goto fail;
744 out_noread:
745 printk("unable to read i-node block");
746 goto fail;
747 out_bad_span:
748 printk("symlink spans iso9660 blocks\n");
749 fail:
750 brelse(bh);
751 unlock_kernel();
752 error:
753 SetPageError(page);
754 kunmap(page);
755 unlock_page(page);
756 return -EIO;
759 const struct address_space_operations isofs_symlink_aops = {
760 .readpage = rock_ridge_symlink_readpage