reiserfs: fix kernel panic on corrupted directory
[linux-2.6.git] / fs / reiserfs / dir.c
1 /*
2  * Copyright 2000 by Hans Reiser, licensing governed by reiserfs/README
3  */
4
5 #include <linux/string.h>
6 #include <linux/errno.h>
7 #include <linux/fs.h>
8 #include <linux/reiserfs_fs.h>
9 #include <linux/stat.h>
10 #include <linux/buffer_head.h>
11 #include <asm/uaccess.h>
12
13 extern const struct reiserfs_key MIN_KEY;
14
15 static int reiserfs_readdir(struct file *, void *, filldir_t);
16 static int reiserfs_dir_fsync(struct file *filp, struct dentry *dentry,
17                               int datasync);
18
19 const struct file_operations reiserfs_dir_operations = {
20         .read = generic_read_dir,
21         .readdir = reiserfs_readdir,
22         .fsync = reiserfs_dir_fsync,
23         .ioctl = reiserfs_ioctl,
24 #ifdef CONFIG_COMPAT
25         .compat_ioctl = reiserfs_compat_ioctl,
26 #endif
27 };
28
29 static int reiserfs_dir_fsync(struct file *filp, struct dentry *dentry,
30                               int datasync)
31 {
32         struct inode *inode = dentry->d_inode;
33         int err;
34         reiserfs_write_lock(inode->i_sb);
35         err = reiserfs_commit_for_inode(inode);
36         reiserfs_write_unlock(inode->i_sb);
37         if (err < 0)
38                 return err;
39         return 0;
40 }
41
42 #define store_ih(where,what) copy_item_head (where, what)
43
44 //
45 static int reiserfs_readdir(struct file *filp, void *dirent, filldir_t filldir)
46 {
47         struct inode *inode = filp->f_path.dentry->d_inode;
48         struct cpu_key pos_key; /* key of current position in the directory (key of directory entry) */
49         INITIALIZE_PATH(path_to_entry);
50         struct buffer_head *bh;
51         int item_num, entry_num;
52         const struct reiserfs_key *rkey;
53         struct item_head *ih, tmp_ih;
54         int search_res;
55         char *local_buf;
56         loff_t next_pos;
57         char small_buf[32];     /* avoid kmalloc if we can */
58         struct reiserfs_dir_entry de;
59         int ret = 0;
60
61         reiserfs_write_lock(inode->i_sb);
62
63         reiserfs_check_lock_depth(inode->i_sb, "readdir");
64
65         /* form key for search the next directory entry using f_pos field of
66            file structure */
67         make_cpu_key(&pos_key, inode,
68                      (filp->f_pos) ? (filp->f_pos) : DOT_OFFSET, TYPE_DIRENTRY,
69                      3);
70         next_pos = cpu_key_k_offset(&pos_key);
71
72         /*  reiserfs_warning (inode->i_sb, "reiserfs_readdir 1: f_pos = %Ld", filp->f_pos); */
73
74         path_to_entry.reada = PATH_READA;
75         while (1) {
76               research:
77                 /* search the directory item, containing entry with specified key */
78                 search_res =
79                     search_by_entry_key(inode->i_sb, &pos_key, &path_to_entry,
80                                         &de);
81                 if (search_res == IO_ERROR) {
82                         // FIXME: we could just skip part of directory which could
83                         // not be read
84                         ret = -EIO;
85                         goto out;
86                 }
87                 entry_num = de.de_entry_num;
88                 bh = de.de_bh;
89                 item_num = de.de_item_num;
90                 ih = de.de_ih;
91                 store_ih(&tmp_ih, ih);
92
93                 /* we must have found item, that is item of this directory, */
94                 RFALSE(COMP_SHORT_KEYS(&(ih->ih_key), &pos_key),
95                        "vs-9000: found item %h does not match to dir we readdir %K",
96                        ih, &pos_key);
97                 RFALSE(item_num > B_NR_ITEMS(bh) - 1,
98                        "vs-9005 item_num == %d, item amount == %d",
99                        item_num, B_NR_ITEMS(bh));
100
101                 /* and entry must be not more than number of entries in the item */
102                 RFALSE(I_ENTRY_COUNT(ih) < entry_num,
103                        "vs-9010: entry number is too big %d (%d)",
104                        entry_num, I_ENTRY_COUNT(ih));
105
106                 if (search_res == POSITION_FOUND
107                     || entry_num < I_ENTRY_COUNT(ih)) {
108                         /* go through all entries in the directory item beginning from the entry, that has been found */
109                         struct reiserfs_de_head *deh =
110                             B_I_DEH(bh, ih) + entry_num;
111
112                         for (; entry_num < I_ENTRY_COUNT(ih);
113                              entry_num++, deh++) {
114                                 int d_reclen;
115                                 char *d_name;
116                                 off_t d_off;
117                                 ino_t d_ino;
118
119                                 if (!de_visible(deh))
120                                         /* it is hidden entry */
121                                         continue;
122                                 d_reclen = entry_length(bh, ih, entry_num);
123                                 d_name = B_I_DEH_ENTRY_FILE_NAME(bh, ih, deh);
124
125                                 if (d_reclen <= 0 ||
126                                     d_name + d_reclen > bh->b_data + bh->b_size) {
127                                         /* There is corrupted data in entry,
128                                          * We'd better stop here */
129                                         pathrelse(&path_to_entry);
130                                         ret = -EIO;
131                                         goto out;
132                                 }
133
134                                 if (!d_name[d_reclen - 1])
135                                         d_reclen = strlen(d_name);
136
137                                 if (d_reclen >
138                                     REISERFS_MAX_NAME(inode->i_sb->
139                                                       s_blocksize)) {
140                                         /* too big to send back to VFS */
141                                         continue;
142                                 }
143
144                                 /* Ignore the .reiserfs_priv entry */
145                                 if (reiserfs_xattrs(inode->i_sb) &&
146                                     !old_format_only(inode->i_sb) &&
147                                     filp->f_path.dentry == inode->i_sb->s_root &&
148                                     REISERFS_SB(inode->i_sb)->priv_root &&
149                                     REISERFS_SB(inode->i_sb)->priv_root->d_inode
150                                     && deh_objectid(deh) ==
151                                     le32_to_cpu(INODE_PKEY
152                                                 (REISERFS_SB(inode->i_sb)->
153                                                  priv_root->d_inode)->
154                                                 k_objectid)) {
155                                         continue;
156                                 }
157
158                                 d_off = deh_offset(deh);
159                                 filp->f_pos = d_off;
160                                 d_ino = deh_objectid(deh);
161                                 if (d_reclen <= 32) {
162                                         local_buf = small_buf;
163                                 } else {
164                                         local_buf = kmalloc(d_reclen,
165                                                             GFP_NOFS);
166                                         if (!local_buf) {
167                                                 pathrelse(&path_to_entry);
168                                                 ret = -ENOMEM;
169                                                 goto out;
170                                         }
171                                         if (item_moved(&tmp_ih, &path_to_entry)) {
172                                                 kfree(local_buf);
173                                                 goto research;
174                                         }
175                                 }
176                                 // Note, that we copy name to user space via temporary
177                                 // buffer (local_buf) because filldir will block if
178                                 // user space buffer is swapped out. At that time
179                                 // entry can move to somewhere else
180                                 memcpy(local_buf, d_name, d_reclen);
181                                 if (filldir
182                                     (dirent, local_buf, d_reclen, d_off, d_ino,
183                                      DT_UNKNOWN) < 0) {
184                                         if (local_buf != small_buf) {
185                                                 kfree(local_buf);
186                                         }
187                                         goto end;
188                                 }
189                                 if (local_buf != small_buf) {
190                                         kfree(local_buf);
191                                 }
192                                 // next entry should be looked for with such offset
193                                 next_pos = deh_offset(deh) + 1;
194
195                                 if (item_moved(&tmp_ih, &path_to_entry)) {
196                                         goto research;
197                                 }
198                         }       /* for */
199                 }
200
201                 if (item_num != B_NR_ITEMS(bh) - 1)
202                         // end of directory has been reached
203                         goto end;
204
205                 /* item we went through is last item of node. Using right
206                    delimiting key check is it directory end */
207                 rkey = get_rkey(&path_to_entry, inode->i_sb);
208                 if (!comp_le_keys(rkey, &MIN_KEY)) {
209                         /* set pos_key to key, that is the smallest and greater
210                            that key of the last entry in the item */
211                         set_cpu_key_k_offset(&pos_key, next_pos);
212                         continue;
213                 }
214
215                 if (COMP_SHORT_KEYS(rkey, &pos_key)) {
216                         // end of directory has been reached
217                         goto end;
218                 }
219
220                 /* directory continues in the right neighboring block */
221                 set_cpu_key_k_offset(&pos_key,
222                                      le_key_k_offset(KEY_FORMAT_3_5, rkey));
223
224         }                       /* while */
225
226       end:
227         filp->f_pos = next_pos;
228         pathrelse(&path_to_entry);
229         reiserfs_check_path(&path_to_entry);
230       out:
231         reiserfs_write_unlock(inode->i_sb);
232         return ret;
233 }
234
235 /* compose directory item containing "." and ".." entries (entries are
236    not aligned to 4 byte boundary) */
237 /* the last four params are LE */
238 void make_empty_dir_item_v1(char *body, __le32 dirid, __le32 objid,
239                             __le32 par_dirid, __le32 par_objid)
240 {
241         struct reiserfs_de_head *deh;
242
243         memset(body, 0, EMPTY_DIR_SIZE_V1);
244         deh = (struct reiserfs_de_head *)body;
245
246         /* direntry header of "." */
247         put_deh_offset(&(deh[0]), DOT_OFFSET);
248         /* these two are from make_le_item_head, and are are LE */
249         deh[0].deh_dir_id = dirid;
250         deh[0].deh_objectid = objid;
251         deh[0].deh_state = 0;   /* Endian safe if 0 */
252         put_deh_location(&(deh[0]), EMPTY_DIR_SIZE_V1 - strlen("."));
253         mark_de_visible(&(deh[0]));
254
255         /* direntry header of ".." */
256         put_deh_offset(&(deh[1]), DOT_DOT_OFFSET);
257         /* key of ".." for the root directory */
258         /* these two are from the inode, and are are LE */
259         deh[1].deh_dir_id = par_dirid;
260         deh[1].deh_objectid = par_objid;
261         deh[1].deh_state = 0;   /* Endian safe if 0 */
262         put_deh_location(&(deh[1]), deh_location(&(deh[0])) - strlen(".."));
263         mark_de_visible(&(deh[1]));
264
265         /* copy ".." and "." */
266         memcpy(body + deh_location(&(deh[0])), ".", 1);
267         memcpy(body + deh_location(&(deh[1])), "..", 2);
268 }
269
270 /* compose directory item containing "." and ".." entries */
271 void make_empty_dir_item(char *body, __le32 dirid, __le32 objid,
272                          __le32 par_dirid, __le32 par_objid)
273 {
274         struct reiserfs_de_head *deh;
275
276         memset(body, 0, EMPTY_DIR_SIZE);
277         deh = (struct reiserfs_de_head *)body;
278
279         /* direntry header of "." */
280         put_deh_offset(&(deh[0]), DOT_OFFSET);
281         /* these two are from make_le_item_head, and are are LE */
282         deh[0].deh_dir_id = dirid;
283         deh[0].deh_objectid = objid;
284         deh[0].deh_state = 0;   /* Endian safe if 0 */
285         put_deh_location(&(deh[0]), EMPTY_DIR_SIZE - ROUND_UP(strlen(".")));
286         mark_de_visible(&(deh[0]));
287
288         /* direntry header of ".." */
289         put_deh_offset(&(deh[1]), DOT_DOT_OFFSET);
290         /* key of ".." for the root directory */
291         /* these two are from the inode, and are are LE */
292         deh[1].deh_dir_id = par_dirid;
293         deh[1].deh_objectid = par_objid;
294         deh[1].deh_state = 0;   /* Endian safe if 0 */
295         put_deh_location(&(deh[1]),
296                          deh_location(&(deh[0])) - ROUND_UP(strlen("..")));
297         mark_de_visible(&(deh[1]));
298
299         /* copy ".." and "." */
300         memcpy(body + deh_location(&(deh[0])), ".", 1);
301         memcpy(body + deh_location(&(deh[1])), "..", 2);
302 }