summaryrefslogtreecommitdiffstats
path: root/fs/udf
Commit message (Collapse)AuthorAgeFilesLines
* udf: Check output buffer length when converting name to CS0Andrew Gabbasov2016-02-251-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | commit bb00c898ad1ce40c4bb422a8207ae562e9aea7ae upstream. If a name contains at least some characters with Unicode values exceeding single byte, the CS0 output should have 2 bytes per character. And if other input characters have single byte Unicode values, then the single input byte is converted to 2 output bytes, and the length of output becomes larger than the length of input. And if the input name is long enough, the output length may exceed the allocated buffer length. All this means that conversion from UTF8 or NLS to CS0 requires checking of output length in order to stop when it exceeds the given output buffer size. [JK: Make code return -ENAMETOOLONG instead of silently truncating the name] Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* udf: Prevent buffer overrun with multi-byte charactersAndrew Gabbasov2016-02-251-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | commit ad402b265ecf6fa22d04043b41444cdfcdf4f52d upstream. udf_CS0toUTF8 function stops the conversion when the output buffer length reaches UDF_NAME_LEN-2, which is correct maximum name length, but, when checking, it leaves the space for a single byte only, while multi-bytes output characters can take more space, causing buffer overflow. Similar error exists in udf_CS0toNLS function, that restricts the output length to UDF_NAME_LEN, while actual maximum allowed length is UDF_NAME_LEN-2. In these cases the output can override not only the current buffer length field, causing corruption of the name buffer itself, but also following allocation structures, causing kernel crash. Adjust the output length checks in both functions to prevent buffer overruns in case of multi-bytes UTF8 or NLS characters. Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* udf: limit the maximum number of indirect extents in a rowVegard Nossum2016-02-251-0/+15
| | | | | | | | | | | | | | | | | | commit b0918d9f476a8434b055e362b83fa4fd1d462c3f upstream. udf_next_aext() just follows extent pointers while extents are marked as indirect. This can loop forever for corrupted filesystem. Limit number the of indirect extents we are willing to follow in a row. [JK: Updated changelog, limit, style] Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Jan Kara <jack@suse.com> Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* udf: Don't modify filesystem for read-only mountsJan Kara2015-08-201-2/+5
| | | | | | | | | | | | | | | When read-write mount of a filesystem is requested but we find out we can mount the filesystem only in read-only mode, we still modify LVID in udf_close_lvid(). That is both unnecessary and contrary to expectation that when we fall back to read-only mount we don't modify the filesystem. Make sure we call udf_close_lvid() only if we called udf_open_lvid() so that filesystem gets modified only if we verified we are allowed to write to it. Reported-by: Karel Zak <kzak@redhat.com> Signed-off-by: Jan Kara <jack@suse.com>
* udf: Don't corrupt unalloc spacetable when writing itSteven J. Magnani2015-07-091-12/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For a UDF filesystem configured with an Unallocated Space Table, a filesystem operation that triggers an update to the table results in on-disk corruption that prevents remounting: udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 274 For example: 1. Create a filesystem $ mkudffs --media-type=hd --blocksize=512 --lvid=BUGTEST \ --vid=BUGTEST --fsid=BUGTEST --space=unalloctable \ /dev/mmcblk0 2. Mount it # mount /dev/mmcblk0 /mnt 3. Create a file $ echo "No corruption, please" > /mnt/new.file 4. Umount # umount /mnt 5. Attempt remount # mount /dev/mmcblk0 /mnt This appears to be a longstanding bug caused by zero-initialization of the Unallocated Space Entry block buffer and only partial repopulation of required fields before writing to disk. Commit 0adfb339fd64 ("udf: Fix unalloc space handling in udf_update_inode") addressed one such field, but several others are required. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.com>
* Merge branch 'for-linus' of ↵Linus Torvalds2015-07-041-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull more vfs updates from Al Viro: "Assorted VFS fixes and related cleanups (IMO the most interesting in that part are f_path-related things and Eric's descriptor-related stuff). UFS regression fixes (it got broken last cycle). 9P fixes. fs-cache series, DAX patches, Jan's file_remove_suid() work" [ I'd say this is much more than "fixes and related cleanups". The file_table locking rule change by Eric Dumazet is a rather big and fundamental update even if the patch isn't huge. - Linus ] * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (49 commits) 9p: cope with bogus responses from server in p9_client_{read,write} p9_client_write(): avoid double p9_free_req() 9p: forgetting to cancel request on interrupted zero-copy RPC dax: bdev_direct_access() may sleep block: Add support for DAX reads/writes to block devices dax: Use copy_from_iter_nocache dax: Add block size note to documentation fs/file.c: __fget() and dup2() atomicity rules fs/file.c: don't acquire files->file_lock in fd_install() fs:super:get_anon_bdev: fix race condition could cause dev exceed its upper limitation vfs: avoid creation of inode number 0 in get_next_ino namei: make set_root_rcu() return void make simple_positive() public ufs: use dir_pages instead of ufs_dir_pages() pagemap.h: move dir_pages() over there remove the pointless include of lglock.h fs: cleanup slight list_entry abuse xfs: Correctly lock inode when removing suid and file capabilities fs: Call security_ops->inode_killpriv on truncate fs: Provide function telling whether file_remove_privs() will do anything ...
| * fs: cleanup slight list_entry abuseRasmus Villemoes2015-06-231-1/+1
| | | | | | | | | | | | | | | | | | list_entry is just a wrapper for container_of, but it is arguably wrong (and slightly confusing) to use it when the pointed-to struct member is not a struct list_head. Use container_of directly instead. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | udf: fix udf_load_pvoldesc()Dan Carpenter2015-05-211-1/+2
| | | | | | | | | | | | | | | | | | There are some missing braces here which means this function never succeeds. Fixes: e9d4cf411f75 ('udf: improve error management in udf_CS0toUTF8()') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: remove double err declaration in udf_file_write_iter()Fabian Frederick2015-05-181-2/+0
| | | | | | | | | | | | | | Use first err declaration for generic_write_sync() return value. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | UDF: support NFSv2 exportNeilBrown2015-05-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The "fh_len" passed to ->fh_to_* is not guaranteed to be that same as that returned by encode_fh - it may be larger. With NFSv2, the filehandle is fixed length, so it may appear longer than expected and be zero-padded. So we must test that fh_len is at least some value, not exactly equal to it. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Return error from udf_find_entry()Fabian Frederick2015-05-181-20/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Return appropriate error from udf_find_entry() instead of just NULL. That way we can distinguish the fact that some error happened when looking up filename (and return error to userspace) from the fact that we just didn't find the filename. Also update callers of udf_find_entry() accordingly. [JK: Improved udf_find_entry() documentation] Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Make udf_get_filename() return error instead of 0 length file nameFabian Frederick2015-05-182-2/+5
| | | | | | | | | | | | | | | | | | | | Zero length file name isn't really valid. So check the length of the final file name generated by udf_translate_to_linux() and return -EINVAL instead of zero length file name. Update caller of udf_get_filename() to not check for 0 return value. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: bug on exotic flag in udf_get_filename()Fabian Frederick2015-05-181-1/+1
| | | | | | | | | | | | | | | | | | | | UDF volume is only mounted with UDF_FLAG_UTF8 or UDF_FLAG_NLS_MAP (see fill udf_fill_super(). BUG() if we have something different in udf_get_filename() Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: improve error management in udf_CS0toNLS()Fabian Frederick2015-05-181-3/+4
| | | | | | | | | | | | | | | | Only callsite udf_get_filename() now returns error code as well. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: improve error management in udf_CS0toUTF8()Fabian Frederick2015-05-182-12/+18
| | | | | | | | | | | | | | | | | | udf_CS0toUTF8() now returns -EINVAL on error. udf_load_pvoldesc() and udf_get_filename() do the same. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: unicode: update function name in commentsFabian Frederick2015-05-181-2/+2
| | | | | | | | | | Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: remove unnecessary test in udf_build_ustr_exact()Fabian Frederick2015-05-181-9/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can remove parameter checks: udf_build_ustr_exact() is only called by udf_get_filename() which now assures dest is not NULL udf_find_entry() and udf_readdir() call udf_get_filename() after checking sname udf_symlink_filler() calls udf_pc_to_char() with sname=kmap(page). udf_find_entry() and udf_readdir() call udf_get_filename with UDF_NAME_LEN udf_pc_to_char() with PAGE_SIZE Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Return -ENOMEM when allocation fails in udf_get_filename()Fabian Frederick2015-05-184-7/+12
|/ | | | | | | | | | | Return -ENOMEM when allocation fails in udf_get_filename(). Update udf_pc_to_char(), udf_readdir(), and udf_find_entry() to handle the error appropriately. This allows us to pass appropriate error to userspace instead of corrupting symlink contents by omitting some path elements. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* Merge branch 'for-linus' of ↵Linus Torvalds2015-04-262-9/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull fourth vfs update from Al Viro: "d_inode() annotations from David Howells (sat in for-next since before the beginning of merge window) + four assorted fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: RCU pathwalk breakage when running into a symlink overmounting something fix I_DIO_WAKEUP definition direct-io: only inc/dec inode->i_dio_count for file systems fs/9p: fix readdir() VFS: assorted d_backing_inode() annotations VFS: fs/inode.c helpers: d_inode() annotations VFS: fs/cachefiles: d_backing_inode() annotations VFS: fs library helpers: d_inode() annotations VFS: assorted weird filesystems: d_inode() annotations VFS: normal filesystems (and lustre): d_inode() annotations VFS: security/: d_inode() annotations VFS: security/: d_backing_inode() annotations VFS: net/: d_inode() annotations VFS: net/unix: d_backing_inode() annotations VFS: kernel/: d_inode() annotations VFS: audit: d_backing_inode() annotations VFS: Fix up some ->d_inode accesses in the chelsio driver VFS: Cachefiles should perform fs modifications on the top layer only VFS: AF_UNIX sockets should call mknod on the top layer only
| * VFS: normal filesystems (and lustre): d_inode() annotationsDavid Howells2015-04-152-9/+9
| | | | | | | | | | | | | | that's the bulk of filesystem drivers dealing with inodes of their own Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge branch 'for-linus' of ↵Linus Torvalds2015-04-162-18/+14
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull third hunk of vfs changes from Al Viro: "This contains the ->direct_IO() changes from Omar + saner generic_write_checks() + dealing with fcntl()/{read,write}() races (mirroring O_APPEND/O_DIRECT into iocb->ki_flags and instead of repeatedly looking at ->f_flags, which can be changed by fcntl(2), check ->ki_flags - which cannot) + infrastructure bits for dhowells' d_inode annotations + Christophs switch of /dev/loop to vfs_iter_write()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (30 commits) block: loop: switch to VFS ITER_BVEC configfs: Fix inconsistent use of file_inode() vs file->f_path.dentry->d_inode VFS: Make pathwalk use d_is_reg() rather than S_ISREG() VFS: Fix up debugfs to use d_is_dir() in place of S_ISDIR() VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk NFS: Don't use d_inode as a variable name VFS: Impose ordering on accesses of d_inode and d_flags VFS: Add owner-filesystem positive/negative dentry checks nfs: generic_write_checks() shouldn't be done on swapout... ocfs2: use __generic_file_write_iter() mirror O_APPEND and O_DIRECT into iocb->ki_flags switch generic_write_checks() to iocb and iter ocfs2: move generic_write_checks() before the alignment checks ocfs2_file_write_iter: stop messing with ppos udf_file_write_iter: reorder and simplify fuse: ->direct_IO() doesn't need generic_write_checks() ext4_file_write_iter: move generic_write_checks() up xfs_file_aio_write_checks: switch to iocb/iov_iter generic_write_checks(): drop isblk argument blkdev_write_iter: expand generic_file_checks() call in there ...
| * switch generic_write_checks() to iocb and iterAl Viro2015-04-111-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | ... returning -E... upon error and amount of data left in iter after (possible) truncation upon success. Note, that normal case gives a non-zero (positive) return value, so any tests for != 0 _must_ be updated. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Conflicts: fs/ext4/file.c
| * udf_file_write_iter: reorder and simplifyAl Viro2015-04-111-20/+14
| | | | | | | | | | | | it's easier to do generic_write_checks() first Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * generic_write_checks(): drop isblk argumentAl Viro2015-04-111-1/+1
| | | | | | | | | | | | all remaining callers are passing 0; some just obscure that fact. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * lift generic_write_checks() into callers of __generic_file_write_iter()Al Viro2015-04-111-0/+10
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * direct_IO: remove rw from a_ops->direct_IO()Omar Sandoval2015-04-112-4/+2
| | | | | | | | | | | | | | Now that no one is using rw, remove it completely. Signed-off-by: Omar Sandoval <osandov@osandov.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * direct_IO: use iov_iter_rw() instead of rw everywhereOmar Sandoval2015-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | The rw parameter to direct_IO is redundant with iov_iter->type, and treated slightly differently just about everywhere it's used: some users do rw & WRITE, and others do rw == WRITE where they should be doing a bitwise check. Simplify this with the new iov_iter_rw() helper, which always returns either READ or WRITE. Signed-off-by: Omar Sandoval <osandov@osandov.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * Remove rw from {,__,do_}blockdev_direct_IO()Omar Sandoval2015-04-111-1/+1
| | | | | | | | | | | | | | | | Most filesystems call through to these at some point, so we'll start here. Signed-off-by: Omar Sandoval <osandov@osandov.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | Merge branch 'for_linus' of ↵Linus Torvalds2015-04-1611-25/+16
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull quota and udf updates from Jan Kara: "The pull contains quota changes which complete unification of XFS and VFS quota interfaces (so tools can use either interface to manipulate any filesystem). There's also a patch to support project quotas in VFS quota subsystem from Li Xi. Finally there's a bunch of UDF fixes and cleanups and tiny cleanup in reiserfs & ext3" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: (21 commits) udf: Update ctime and mtime when directory is modified udf: return correct errno for udf_update_inode() ext3: Remove useless condition in if statement. vfs: Add general support to enforce project quota limits reiserfs: fix __RASSERT format string udf: use int for allocated blocks instead of sector_t udf: remove redundant buffer_head.h includes udf: remove else after return in __load_block_bitmap() udf: remove unused variable in udf_table_free_blocks() quota: Fix maximum quota limit settings quota: reorder flags in quota state quota: paranoia: check quota tree root quota: optimize i_dquot access quota: Hook up Q_XSETQLIM for id 0 to ->set_info xfs: Add support for Q_SETINFO quota: Make ->set_info use structure with neccesary info to VFS and XFS quota: Remove ->get_xstate and ->get_xstatev callbacks gfs2: Convert to using ->get_state callback xfs: Convert to using ->get_state callback quota: Wire up Q_GETXSTATE and Q_GETXSTATV calls to work with ->get_state ...
| * udf: Update ctime and mtime when directory is modifiedJan Kara2015-04-011-2/+7
| | | | | | | | | | | | | | | | We failed to update ctime & mtime of a directory when new entry was created in it during rename, link, create, etc. Fix that. Reported-by: Taesoo Kim <tsgatesv@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
| * udf: return correct errno for udf_update_inode()Changwoo Min2015-04-011-1/+1
| | | | | | | | | | | | | | | | Instead of -ENOMEM, properly return -EIO udf_update_inode() error, similar/consistent to the rest of filesystems. Signed-off-by: Changwoo Min <changwoo.m@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
| * udf: use int for allocated blocks instead of sector_tFabian Frederick2015-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following warnings: fs/udf/balloc.c:768:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:773:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:778:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:783:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:791:26: warning: conversion to 'loff_t' from 'sector_t' may change the sign of the result [-Wsign-conversion] inode_add_bytes(inode, allocated << sb->s_blocksize_bits); ^ fs/udf/balloc.c:792:2: warning: conversion to 'int' from 'sector_t' may alter its value [-Wconversion] return allocated; Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
| * udf: remove redundant buffer_head.h includesFabian Frederick2015-03-1411-11/+0
| | | | | | | | | | | | | | buffer_head.h was already included in udfdecl.h Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
| * udf: remove else after return in __load_block_bitmap()Fabian Frederick2015-03-141-8/+7
| | | | | | | | | | | | | | else after return is not needed. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
| * udf: remove unused variable in udf_table_free_blocks()Fabian Frederick2015-03-141-2/+0
| | | | | | | | | | | | | | Fix set but not used warning. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | make new_sync_{read,write}() staticAl Viro2015-04-111-2/+0
| | | | | | | | | | | | | | | | All places outside of core VFS that checked ->read and ->write for being NULL or called the methods directly are gone now, so NULL {read,write} with non-NULL {read,write}_iter will do the right thing in all cases. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | fs: move struct kiocb to fs.hChristoph Hellwig2015-03-252-2/+2
| | | | | | | | | | | | | | | | struct kiocb now is a generic I/O container, so move it to fs.h. Also do a #include diet for aio.h while we're at it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | fs: remove ki_nbytesChristoph Hellwig2015-03-121-1/+1
|/ | | | | | | | There is no need to pass the total request length in the kiocb, as we already get passed in through the iov_iter argument. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* udf: remove bool assignment to 0/1Fabian Frederick2015-02-051-2/+2
| | | | | | | | | | Fix the following coccinelle warnings: fs/udf/inode.c:753:2-13: WARNING: Assignment of bool to 0/1 fs/udf/inode.c:795:2-13: WARNING: Assignment of bool to 0/1 Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: use bool for doneFabian Frederick2015-02-051-2/+2
| | | | | | | variable 'done' is only used for true/false in loop. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* Merge branch 'for_linus' into for_nextJan Kara2015-01-301-1/+1
|\
| * udf: Release preallocation on last writeable closeJan Kara2015-01-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 6fb1ca92a640 "udf: Fix race between write(2) and close(2)" changed the condition when preallocation is released. The idea was that we don't want to release the preallocation for an inode on close when there are other writeable file descriptors for the inode. However the condition was written in the opposite way so we released preallocation only if there were other writeable file descriptors. Fix the problem by changing the condition properly. CC: stable@vger.kernel.org Fixes: 6fb1ca92a6409a9d5b0696447cd4997bc9aaf5a2 Reported-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: destroy sbi mutex in put_superFabian Frederick2015-01-121-0/+1
| | | | | | | | | | | | | | | | | | | | Call mutex_destroy() on superblock mutex in udf_put_super() otherwise mutex debugging code isn't able to detect that mutex is used after being freed. (thanks to Jan Kara for complete definition). Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Check length of extended attributes and allocation descriptorsJan Kara2015-01-071-0/+9
| | | | | | | | | | | | | | | | | | | | Check length of extended attributes and allocation descriptors when loading inodes from disk. Otherwise corrupted filesystems could confuse the code and make the kernel oops. Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> CC: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Remove repeated loads blocksizeJan Kara2015-01-071-11/+8
| | | | | | | | | | | | | | Store blocksize in a local variable in udf_fill_inode() since it is used a lot of times. Signed-off-by: Jan Kara <jack@suse.cz>
* | udf: Update Kconfig descriptionJan Kara2015-01-051-4/+6
|/ | | | | | | Update description of UDF in Kconfig to mention that UDF is also suitable for removable USB disks. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Reduce repeated dereferencesJan Kara2014-12-212-25/+25
| | | | | | | Replace repeated dereferences like dir->i_sb by storing superblock pointer in a variable and using that. Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Check component length before reading itJan Kara2014-12-211-2/+7
| | | | | | | | | | | Check that length specified in a component of a symlink fits in the input buffer we are reading. Also properly ignore component length for component types that do not use it. Otherwise we read memory after end of buffer for corrupted udf image. Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> CC: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Check path length when reading symlinkJan Kara2014-12-195-20/+48
| | | | | | | | | | | | Symlink reading code does not check whether the resulting path fits into the page provided by the generic code. This isn't as easy as just checking the symlink size because of various encoding conversions we perform on path. So we have to check whether there is still enough space in the buffer on the fly. CC: stable@vger.kernel.org Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> Signed-off-by: Jan Kara <jack@suse.cz>
* udf: Verify symlink size before loading itJan Kara2014-12-191-4/+13
| | | | | | | | | | UDF specification allows arbitrarily large symlinks. However we support only symlinks at most one block large. Check the length of the symlink so that we don't access memory beyond end of the symlink block. CC: stable@vger.kernel.org Reported-by: Carl Henrik Lunde <chlunde@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
OpenPOWER on IntegriCloud