mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-12-27 08:45:26 -05:00
00c14a09a7
The syzbot reported KASAN out-of-bounds issue in
hfs_bnode_move():
[ 45.588165][ T9821] hfs: dst 14, src 65536, len -65536
[ 45.588895][ T9821] ==================================================================
[ 45.590114][ T9821] BUG: KASAN: out-of-bounds in hfs_bnode_move+0xfd/0x140
[ 45.591127][ T9821] Read of size 18446744073709486080 at addr ffff888035935400 by task repro/9821
[ 45.592207][ T9821]
[ 45.592420][ T9821] CPU: 0 UID: 0 PID: 9821 Comm: repro Not tainted 6.16.0-rc7-dirty #42 PREEMPT(full)
[ 45.592428][ T9821] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 45.592431][ T9821] Call Trace:
[ 45.592434][ T9821] <TASK>
[ 45.592437][ T9821] dump_stack_lvl+0x1c1/0x2a0
[ 45.592446][ T9821] ? __virt_addr_valid+0x1c8/0x5c0
[ 45.592454][ T9821] ? __pfx_dump_stack_lvl+0x10/0x10
[ 45.592461][ T9821] ? rcu_is_watching+0x15/0xb0
[ 45.592469][ T9821] ? lock_release+0x4b/0x3e0
[ 45.592476][ T9821] ? __virt_addr_valid+0x1c8/0x5c0
[ 45.592483][ T9821] ? __virt_addr_valid+0x4a5/0x5c0
[ 45.592491][ T9821] print_report+0x17e/0x7c0
[ 45.592497][ T9821] ? __virt_addr_valid+0x1c8/0x5c0
[ 45.592504][ T9821] ? __virt_addr_valid+0x4a5/0x5c0
[ 45.592511][ T9821] ? __phys_addr+0xd3/0x180
[ 45.592519][ T9821] ? hfs_bnode_move+0xfd/0x140
[ 45.592526][ T9821] kasan_report+0x147/0x180
[ 45.592531][ T9821] ? _printk+0xcf/0x120
[ 45.592537][ T9821] ? hfs_bnode_move+0xfd/0x140
[ 45.592544][ T9821] ? hfs_bnode_move+0xfd/0x140
[ 45.592552][ T9821] kasan_check_range+0x2b0/0x2c0
[ 45.592557][ T9821] ? hfs_bnode_move+0xfd/0x140
[ 45.592565][ T9821] __asan_memmove+0x29/0x70
[ 45.592572][ T9821] hfs_bnode_move+0xfd/0x140
[ 45.592580][ T9821] hfs_brec_remove+0x473/0x560
[ 45.592589][ T9821] hfs_cat_move+0x6fb/0x960
[ 45.592598][ T9821] ? __pfx_hfs_cat_move+0x10/0x10
[ 45.592607][ T9821] ? seqcount_lockdep_reader_access+0x122/0x1c0
[ 45.592614][ T9821] ? lockdep_hardirqs_on+0x9c/0x150
[ 45.592631][ T9821] ? __lock_acquire+0xaec/0xd80
[ 45.592641][ T9821] hfs_rename+0x1dc/0x2d0
[ 45.592649][ T9821] ? __pfx_hfs_rename+0x10/0x10
[ 45.592657][ T9821] vfs_rename+0xac6/0xed0
[ 45.592664][ T9821] ? __pfx_vfs_rename+0x10/0x10
[ 45.592670][ T9821] ? d_alloc+0x144/0x190
[ 45.592677][ T9821] ? bpf_lsm_path_rename+0x9/0x20
[ 45.592683][ T9821] ? security_path_rename+0x17d/0x490
[ 45.592691][ T9821] do_renameat2+0x890/0xc50
[ 45.592699][ T9821] ? __pfx_do_renameat2+0x10/0x10
[ 45.592707][ T9821] ? getname_flags+0x1e5/0x540
[ 45.592714][ T9821] __x64_sys_rename+0x82/0x90
[ 45.592720][ T9821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 45.592725][ T9821] do_syscall_64+0xf3/0x3a0
[ 45.592741][ T9821] ? exc_page_fault+0x9f/0xf0
[ 45.592748][ T9821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 45.592754][ T9821] RIP: 0033:0x7f7f73fe3fc9
[ 45.592760][ T9821] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48
[ 45.592765][ T9821] RSP: 002b:00007ffc7e116cf8 EFLAGS: 00000283 ORIG_RAX: 0000000000000052
[ 45.592772][ T9821] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f73fe3fc9
[ 45.592776][ T9821] RDX: 0000200000000871 RSI: 0000200000000780 RDI: 00002000000003c0
[ 45.592781][ T9821] RBP: 00007ffc7e116d00 R08: 0000000000000000 R09: 00007ffc7e116d30
[ 45.592784][ T9821] R10: fffffffffffffff0 R11: 0000000000000283 R12: 00005557e81f8250
[ 45.592788][ T9821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 45.592795][ T9821] </TASK>
[ 45.592797][ T9821]
[ 45.619721][ T9821] The buggy address belongs to the physical page:
[ 45.620300][ T9821] page: refcount:1 mapcount:1 mapping:0000000000000000 index:0x559a88174 pfn:0x35935
[ 45.621150][ T9821] memcg:ffff88810a1d5b00
[ 45.621531][ T9821] anon flags: 0xfff60000020838(uptodate|dirty|lru|owner_2|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[ 45.622496][ T9821] raw: 00fff60000020838 ffffea0000d64d88 ffff888021753e10 ffff888029da0771
[ 45.623260][ T9821] raw: 0000000559a88174 0000000000000000 0000000100000000 ffff88810a1d5b00
[ 45.624030][ T9821] page dumped because: kasan: bad access detected
[ 45.624602][ T9821] page_owner tracks the page as allocated
[ 45.625115][ T9821] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO0
[ 45.626685][ T9821] post_alloc_hook+0x240/0x2a0
[ 45.627127][ T9821] get_page_from_freelist+0x2101/0x21e0
[ 45.627628][ T9821] __alloc_frozen_pages_noprof+0x274/0x380
[ 45.628154][ T9821] alloc_pages_mpol+0x241/0x4b0
[ 45.628593][ T9821] vma_alloc_folio_noprof+0xe4/0x210
[ 45.629066][ T9821] folio_prealloc+0x30/0x180
[ 45.629487][ T9821] __handle_mm_fault+0x34bd/0x5640
[ 45.629957][ T9821] handle_mm_fault+0x40e/0x8e0
[ 45.630392][ T9821] do_user_addr_fault+0xa81/0x1390
[ 45.630862][ T9821] exc_page_fault+0x76/0xf0
[ 45.631273][ T9821] asm_exc_page_fault+0x26/0x30
[ 45.631712][ T9821] page last free pid 5269 tgid 5269 stack trace:
[ 45.632281][ T9821] free_unref_folios+0xc73/0x14c0
[ 45.632740][ T9821] folios_put_refs+0x55b/0x640
[ 45.633177][ T9821] free_pages_and_swap_cache+0x26d/0x510
[ 45.633685][ T9821] tlb_flush_mmu+0x3a0/0x680
[ 45.634105][ T9821] tlb_finish_mmu+0xd4/0x200
[ 45.634525][ T9821] exit_mmap+0x44c/0xb70
[ 45.634914][ T9821] __mmput+0x118/0x420
[ 45.635286][ T9821] exit_mm+0x1da/0x2c0
[ 45.635659][ T9821] do_exit+0x652/0x2330
[ 45.636039][ T9821] do_group_exit+0x21c/0x2d0
[ 45.636457][ T9821] __x64_sys_exit_group+0x3f/0x40
[ 45.636915][ T9821] x64_sys_call+0x21ba/0x21c0
[ 45.637342][ T9821] do_syscall_64+0xf3/0x3a0
[ 45.637756][ T9821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 45.638290][ T9821] page has been migrated, last migrate reason: numa_misplaced
[ 45.638956][ T9821]
[ 45.639173][ T9821] Memory state around the buggy address:
[ 45.639677][ T9821] ffff888035935300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.640397][ T9821] ffff888035935380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.641117][ T9821] >ffff888035935400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.641837][ T9821] ^
[ 45.642207][ T9821] ffff888035935480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.642929][ T9821] ffff888035935500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.643650][ T9821] ==================================================================
This commit [1] fixes the issue if an offset inside of b-tree node
or length of the request is bigger than b-tree node. However,
this fix is still not ready for negative values
of the offset or length. Moreover, negative values of
the offset or length doesn't make sense for b-tree's
operations. Because we could try to access the memory address
outside of the beginning of memory page's addresses range.
Also, using of negative values make logic very complicated,
unpredictable, and we could access the wrong item(s)
in the b-tree node.
This patch changes b-tree interface by means of converting
signed integer arguments of offset and length on u32 type.
Such conversion has goal to prevent of using negative values
unintentionally or by mistake in b-tree operations.
[1] 'commit a431930c9b ("hfs: fix slab-out-of-bounds in hfs_bnode_read()")'
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
cc: Yangtao Li <frank.li@vivo.com>
cc: linux-fsdevel@vger.kernel.org
Link: https://lore.kernel.org/r/20251002200020.2578311-1-slava@dubeyko.com
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
519 lines
12 KiB
C
519 lines
12 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* linux/fs/hfsplus/btree.c
|
|
*
|
|
* Copyright (C) 2001
|
|
* Brad Boyer (flar@allandria.com)
|
|
* (C) 2003 Ardis Technologies <roman@ardistech.com>
|
|
*
|
|
* Handle opening/closing btree
|
|
*/
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/log2.h>
|
|
|
|
#include "hfsplus_fs.h"
|
|
#include "hfsplus_raw.h"
|
|
|
|
/*
|
|
* Initial source code of clump size calculation is gotten
|
|
* from http://opensource.apple.com/tarballs/diskdev_cmds/
|
|
*/
|
|
#define CLUMP_ENTRIES 15
|
|
|
|
static short clumptbl[CLUMP_ENTRIES * 3] = {
|
|
/*
|
|
* Volume Attributes Catalog Extents
|
|
* Size Clump (MB) Clump (MB) Clump (MB)
|
|
*/
|
|
/* 1GB */ 4, 4, 4,
|
|
/* 2GB */ 6, 6, 4,
|
|
/* 4GB */ 8, 8, 4,
|
|
/* 8GB */ 11, 11, 5,
|
|
/*
|
|
* For volumes 16GB and larger, we want to make sure that a full OS
|
|
* install won't require fragmentation of the Catalog or Attributes
|
|
* B-trees. We do this by making the clump sizes sufficiently large,
|
|
* and by leaving a gap after the B-trees for them to grow into.
|
|
*
|
|
* For SnowLeopard 10A298, a FullNetInstall with all packages selected
|
|
* results in:
|
|
* Catalog B-tree Header
|
|
* nodeSize: 8192
|
|
* totalNodes: 31616
|
|
* freeNodes: 1978
|
|
* (used = 231.55 MB)
|
|
* Attributes B-tree Header
|
|
* nodeSize: 8192
|
|
* totalNodes: 63232
|
|
* freeNodes: 958
|
|
* (used = 486.52 MB)
|
|
*
|
|
* We also want Time Machine backup volumes to have a sufficiently
|
|
* large clump size to reduce fragmentation.
|
|
*
|
|
* The series of numbers for Catalog and Attribute form a geometric
|
|
* series. For Catalog (16GB to 512GB), each term is 8**(1/5) times
|
|
* the previous term. For Attributes (16GB to 512GB), each term is
|
|
* 4**(1/5) times the previous term. For 1TB to 16TB, each term is
|
|
* 2**(1/5) times the previous term.
|
|
*/
|
|
/* 16GB */ 64, 32, 5,
|
|
/* 32GB */ 84, 49, 6,
|
|
/* 64GB */ 111, 74, 7,
|
|
/* 128GB */ 147, 111, 8,
|
|
/* 256GB */ 194, 169, 9,
|
|
/* 512GB */ 256, 256, 11,
|
|
/* 1TB */ 294, 294, 14,
|
|
/* 2TB */ 338, 338, 16,
|
|
/* 4TB */ 388, 388, 20,
|
|
/* 8TB */ 446, 446, 25,
|
|
/* 16TB */ 512, 512, 32
|
|
};
|
|
|
|
u32 hfsplus_calc_btree_clump_size(u32 block_size, u32 node_size,
|
|
u64 sectors, int file_id)
|
|
{
|
|
u32 mod = max(node_size, block_size);
|
|
u32 clump_size;
|
|
int column;
|
|
int i;
|
|
|
|
/* Figure out which column of the above table to use for this file. */
|
|
switch (file_id) {
|
|
case HFSPLUS_ATTR_CNID:
|
|
column = 0;
|
|
break;
|
|
case HFSPLUS_CAT_CNID:
|
|
column = 1;
|
|
break;
|
|
default:
|
|
column = 2;
|
|
break;
|
|
}
|
|
|
|
/*
|
|
* The default clump size is 0.8% of the volume size. And
|
|
* it must also be a multiple of the node and block size.
|
|
*/
|
|
if (sectors < 0x200000) {
|
|
clump_size = sectors << 2; /* 0.8 % */
|
|
if (clump_size < (8 * node_size))
|
|
clump_size = 8 * node_size;
|
|
} else {
|
|
/* turn exponent into table index... */
|
|
for (i = 0, sectors = sectors >> 22;
|
|
sectors && (i < CLUMP_ENTRIES - 1);
|
|
++i, sectors = sectors >> 1) {
|
|
/* empty body */
|
|
}
|
|
|
|
clump_size = clumptbl[column + (i) * 3] * 1024 * 1024;
|
|
}
|
|
|
|
/*
|
|
* Round the clump size to a multiple of node and block size.
|
|
* NOTE: This rounds down.
|
|
*/
|
|
clump_size /= mod;
|
|
clump_size *= mod;
|
|
|
|
/*
|
|
* Rounding down could have rounded down to 0 if the block size was
|
|
* greater than the clump size. If so, just use one block or node.
|
|
*/
|
|
if (clump_size == 0)
|
|
clump_size = mod;
|
|
|
|
return clump_size;
|
|
}
|
|
|
|
/* Get a reference to a B*Tree and do some initial checks */
|
|
struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id)
|
|
{
|
|
struct hfs_btree *tree;
|
|
struct hfs_btree_header_rec *head;
|
|
struct address_space *mapping;
|
|
struct inode *inode;
|
|
struct page *page;
|
|
unsigned int size;
|
|
|
|
tree = kzalloc(sizeof(*tree), GFP_KERNEL);
|
|
if (!tree)
|
|
return NULL;
|
|
|
|
mutex_init(&tree->tree_lock);
|
|
spin_lock_init(&tree->hash_lock);
|
|
tree->sb = sb;
|
|
tree->cnid = id;
|
|
inode = hfsplus_iget(sb, id);
|
|
if (IS_ERR(inode))
|
|
goto free_tree;
|
|
tree->inode = inode;
|
|
|
|
if (!HFSPLUS_I(tree->inode)->first_blocks) {
|
|
pr_err("invalid btree extent records (0 size)\n");
|
|
goto free_inode;
|
|
}
|
|
|
|
mapping = tree->inode->i_mapping;
|
|
page = read_mapping_page(mapping, 0, NULL);
|
|
if (IS_ERR(page))
|
|
goto free_inode;
|
|
|
|
/* Load the header */
|
|
head = (struct hfs_btree_header_rec *)(kmap_local_page(page) +
|
|
sizeof(struct hfs_bnode_desc));
|
|
tree->root = be32_to_cpu(head->root);
|
|
tree->leaf_count = be32_to_cpu(head->leaf_count);
|
|
tree->leaf_head = be32_to_cpu(head->leaf_head);
|
|
tree->leaf_tail = be32_to_cpu(head->leaf_tail);
|
|
tree->node_count = be32_to_cpu(head->node_count);
|
|
tree->free_nodes = be32_to_cpu(head->free_nodes);
|
|
tree->attributes = be32_to_cpu(head->attributes);
|
|
tree->node_size = be16_to_cpu(head->node_size);
|
|
tree->max_key_len = be16_to_cpu(head->max_key_len);
|
|
tree->depth = be16_to_cpu(head->depth);
|
|
|
|
/* Verify the tree and set the correct compare function */
|
|
switch (id) {
|
|
case HFSPLUS_EXT_CNID:
|
|
if (tree->max_key_len != HFSPLUS_EXT_KEYLEN - sizeof(u16)) {
|
|
pr_err("invalid extent max_key_len %d\n",
|
|
tree->max_key_len);
|
|
goto fail_page;
|
|
}
|
|
if (tree->attributes & HFS_TREE_VARIDXKEYS) {
|
|
pr_err("invalid extent btree flag\n");
|
|
goto fail_page;
|
|
}
|
|
|
|
tree->keycmp = hfsplus_ext_cmp_key;
|
|
break;
|
|
case HFSPLUS_CAT_CNID:
|
|
if (tree->max_key_len != HFSPLUS_CAT_KEYLEN - sizeof(u16)) {
|
|
pr_err("invalid catalog max_key_len %d\n",
|
|
tree->max_key_len);
|
|
goto fail_page;
|
|
}
|
|
if (!(tree->attributes & HFS_TREE_VARIDXKEYS)) {
|
|
pr_err("invalid catalog btree flag\n");
|
|
goto fail_page;
|
|
}
|
|
|
|
if (test_bit(HFSPLUS_SB_HFSX, &HFSPLUS_SB(sb)->flags) &&
|
|
(head->key_type == HFSPLUS_KEY_BINARY))
|
|
tree->keycmp = hfsplus_cat_bin_cmp_key;
|
|
else {
|
|
tree->keycmp = hfsplus_cat_case_cmp_key;
|
|
set_bit(HFSPLUS_SB_CASEFOLD, &HFSPLUS_SB(sb)->flags);
|
|
}
|
|
break;
|
|
case HFSPLUS_ATTR_CNID:
|
|
if (tree->max_key_len != HFSPLUS_ATTR_KEYLEN - sizeof(u16)) {
|
|
pr_err("invalid attributes max_key_len %d\n",
|
|
tree->max_key_len);
|
|
goto fail_page;
|
|
}
|
|
tree->keycmp = hfsplus_attr_bin_cmp_key;
|
|
break;
|
|
default:
|
|
pr_err("unknown B*Tree requested\n");
|
|
goto fail_page;
|
|
}
|
|
|
|
if (!(tree->attributes & HFS_TREE_BIGKEYS)) {
|
|
pr_err("invalid btree flag\n");
|
|
goto fail_page;
|
|
}
|
|
|
|
size = tree->node_size;
|
|
if (!is_power_of_2(size))
|
|
goto fail_page;
|
|
if (!tree->node_count)
|
|
goto fail_page;
|
|
|
|
tree->node_size_shift = ffs(size) - 1;
|
|
|
|
tree->pages_per_bnode =
|
|
(tree->node_size + PAGE_SIZE - 1) >>
|
|
PAGE_SHIFT;
|
|
|
|
kunmap_local(head);
|
|
put_page(page);
|
|
return tree;
|
|
|
|
fail_page:
|
|
kunmap_local(head);
|
|
put_page(page);
|
|
free_inode:
|
|
tree->inode->i_mapping->a_ops = &hfsplus_aops;
|
|
iput(tree->inode);
|
|
free_tree:
|
|
kfree(tree);
|
|
return NULL;
|
|
}
|
|
|
|
/* Release resources used by a btree */
|
|
void hfs_btree_close(struct hfs_btree *tree)
|
|
{
|
|
struct hfs_bnode *node;
|
|
int i;
|
|
|
|
if (!tree)
|
|
return;
|
|
|
|
for (i = 0; i < NODE_HASH_SIZE; i++) {
|
|
while ((node = tree->node_hash[i])) {
|
|
tree->node_hash[i] = node->next_hash;
|
|
if (atomic_read(&node->refcnt))
|
|
pr_crit("node %d:%d "
|
|
"still has %d user(s)!\n",
|
|
node->tree->cnid, node->this,
|
|
atomic_read(&node->refcnt));
|
|
hfs_bnode_free(node);
|
|
tree->node_hash_cnt--;
|
|
}
|
|
}
|
|
iput(tree->inode);
|
|
kfree(tree);
|
|
}
|
|
|
|
int hfs_btree_write(struct hfs_btree *tree)
|
|
{
|
|
struct hfs_btree_header_rec *head;
|
|
struct hfs_bnode *node;
|
|
struct page *page;
|
|
|
|
node = hfs_bnode_find(tree, 0);
|
|
if (IS_ERR(node))
|
|
/* panic? */
|
|
return -EIO;
|
|
/* Load the header */
|
|
page = node->page[0];
|
|
head = (struct hfs_btree_header_rec *)(kmap_local_page(page) +
|
|
sizeof(struct hfs_bnode_desc));
|
|
|
|
head->root = cpu_to_be32(tree->root);
|
|
head->leaf_count = cpu_to_be32(tree->leaf_count);
|
|
head->leaf_head = cpu_to_be32(tree->leaf_head);
|
|
head->leaf_tail = cpu_to_be32(tree->leaf_tail);
|
|
head->node_count = cpu_to_be32(tree->node_count);
|
|
head->free_nodes = cpu_to_be32(tree->free_nodes);
|
|
head->attributes = cpu_to_be32(tree->attributes);
|
|
head->depth = cpu_to_be16(tree->depth);
|
|
|
|
kunmap_local(head);
|
|
set_page_dirty(page);
|
|
hfs_bnode_put(node);
|
|
return 0;
|
|
}
|
|
|
|
static struct hfs_bnode *hfs_bmap_new_bmap(struct hfs_bnode *prev, u32 idx)
|
|
{
|
|
struct hfs_btree *tree = prev->tree;
|
|
struct hfs_bnode *node;
|
|
struct hfs_bnode_desc desc;
|
|
__be32 cnid;
|
|
|
|
node = hfs_bnode_create(tree, idx);
|
|
if (IS_ERR(node))
|
|
return node;
|
|
|
|
tree->free_nodes--;
|
|
prev->next = idx;
|
|
cnid = cpu_to_be32(idx);
|
|
hfs_bnode_write(prev, &cnid, offsetof(struct hfs_bnode_desc, next), 4);
|
|
|
|
node->type = HFS_NODE_MAP;
|
|
node->num_recs = 1;
|
|
hfs_bnode_clear(node, 0, tree->node_size);
|
|
desc.next = 0;
|
|
desc.prev = 0;
|
|
desc.type = HFS_NODE_MAP;
|
|
desc.height = 0;
|
|
desc.num_recs = cpu_to_be16(1);
|
|
desc.reserved = 0;
|
|
hfs_bnode_write(node, &desc, 0, sizeof(desc));
|
|
hfs_bnode_write_u16(node, 14, 0x8000);
|
|
hfs_bnode_write_u16(node, tree->node_size - 2, 14);
|
|
hfs_bnode_write_u16(node, tree->node_size - 4, tree->node_size - 6);
|
|
|
|
return node;
|
|
}
|
|
|
|
/* Make sure @tree has enough space for the @rsvd_nodes */
|
|
int hfs_bmap_reserve(struct hfs_btree *tree, u32 rsvd_nodes)
|
|
{
|
|
struct inode *inode = tree->inode;
|
|
struct hfsplus_inode_info *hip = HFSPLUS_I(inode);
|
|
u32 count;
|
|
int res;
|
|
|
|
if (rsvd_nodes <= 0)
|
|
return 0;
|
|
|
|
while (tree->free_nodes < rsvd_nodes) {
|
|
res = hfsplus_file_extend(inode, hfs_bnode_need_zeroout(tree));
|
|
if (res)
|
|
return res;
|
|
hip->phys_size = inode->i_size =
|
|
(loff_t)hip->alloc_blocks <<
|
|
HFSPLUS_SB(tree->sb)->alloc_blksz_shift;
|
|
hip->fs_blocks =
|
|
hip->alloc_blocks << HFSPLUS_SB(tree->sb)->fs_shift;
|
|
inode_set_bytes(inode, inode->i_size);
|
|
count = inode->i_size >> tree->node_size_shift;
|
|
tree->free_nodes += count - tree->node_count;
|
|
tree->node_count = count;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
struct hfs_bnode *hfs_bmap_alloc(struct hfs_btree *tree)
|
|
{
|
|
struct hfs_bnode *node, *next_node;
|
|
struct page **pagep;
|
|
u32 nidx, idx;
|
|
unsigned off;
|
|
u16 off16;
|
|
u16 len;
|
|
u8 *data, byte, m;
|
|
int i, res;
|
|
|
|
res = hfs_bmap_reserve(tree, 1);
|
|
if (res)
|
|
return ERR_PTR(res);
|
|
|
|
nidx = 0;
|
|
node = hfs_bnode_find(tree, nidx);
|
|
if (IS_ERR(node))
|
|
return node;
|
|
len = hfs_brec_lenoff(node, 2, &off16);
|
|
off = off16;
|
|
|
|
if (!is_bnode_offset_valid(node, off)) {
|
|
hfs_bnode_put(node);
|
|
return ERR_PTR(-EIO);
|
|
}
|
|
len = check_and_correct_requested_length(node, off, len);
|
|
|
|
off += node->page_offset;
|
|
pagep = node->page + (off >> PAGE_SHIFT);
|
|
data = kmap_local_page(*pagep);
|
|
off &= ~PAGE_MASK;
|
|
idx = 0;
|
|
|
|
for (;;) {
|
|
while (len) {
|
|
byte = data[off];
|
|
if (byte != 0xff) {
|
|
for (m = 0x80, i = 0; i < 8; m >>= 1, i++) {
|
|
if (!(byte & m)) {
|
|
idx += i;
|
|
data[off] |= m;
|
|
set_page_dirty(*pagep);
|
|
kunmap_local(data);
|
|
tree->free_nodes--;
|
|
mark_inode_dirty(tree->inode);
|
|
hfs_bnode_put(node);
|
|
return hfs_bnode_create(tree,
|
|
idx);
|
|
}
|
|
}
|
|
}
|
|
if (++off >= PAGE_SIZE) {
|
|
kunmap_local(data);
|
|
data = kmap_local_page(*++pagep);
|
|
off = 0;
|
|
}
|
|
idx += 8;
|
|
len--;
|
|
}
|
|
kunmap_local(data);
|
|
nidx = node->next;
|
|
if (!nidx) {
|
|
hfs_dbg("create new bmap node\n");
|
|
next_node = hfs_bmap_new_bmap(node, idx);
|
|
} else
|
|
next_node = hfs_bnode_find(tree, nidx);
|
|
hfs_bnode_put(node);
|
|
if (IS_ERR(next_node))
|
|
return next_node;
|
|
node = next_node;
|
|
|
|
len = hfs_brec_lenoff(node, 0, &off16);
|
|
off = off16;
|
|
off += node->page_offset;
|
|
pagep = node->page + (off >> PAGE_SHIFT);
|
|
data = kmap_local_page(*pagep);
|
|
off &= ~PAGE_MASK;
|
|
}
|
|
}
|
|
|
|
void hfs_bmap_free(struct hfs_bnode *node)
|
|
{
|
|
struct hfs_btree *tree;
|
|
struct page *page;
|
|
u16 off, len;
|
|
u32 nidx;
|
|
u8 *data, byte, m;
|
|
|
|
hfs_dbg("node %u\n", node->this);
|
|
BUG_ON(!node->this);
|
|
tree = node->tree;
|
|
nidx = node->this;
|
|
node = hfs_bnode_find(tree, 0);
|
|
if (IS_ERR(node))
|
|
return;
|
|
len = hfs_brec_lenoff(node, 2, &off);
|
|
while (nidx >= len * 8) {
|
|
u32 i;
|
|
|
|
nidx -= len * 8;
|
|
i = node->next;
|
|
if (!i) {
|
|
/* panic */;
|
|
pr_crit("unable to free bnode %u. "
|
|
"bmap not found!\n",
|
|
node->this);
|
|
hfs_bnode_put(node);
|
|
return;
|
|
}
|
|
hfs_bnode_put(node);
|
|
node = hfs_bnode_find(tree, i);
|
|
if (IS_ERR(node))
|
|
return;
|
|
if (node->type != HFS_NODE_MAP) {
|
|
/* panic */;
|
|
pr_crit("invalid bmap found! "
|
|
"(%u,%d)\n",
|
|
node->this, node->type);
|
|
hfs_bnode_put(node);
|
|
return;
|
|
}
|
|
len = hfs_brec_lenoff(node, 0, &off);
|
|
}
|
|
off += node->page_offset + nidx / 8;
|
|
page = node->page[off >> PAGE_SHIFT];
|
|
data = kmap_local_page(page);
|
|
off &= ~PAGE_MASK;
|
|
m = 1 << (~nidx & 7);
|
|
byte = data[off];
|
|
if (!(byte & m)) {
|
|
pr_crit("trying to free free bnode "
|
|
"%u(%d)\n",
|
|
node->this, node->type);
|
|
kunmap_local(data);
|
|
hfs_bnode_put(node);
|
|
return;
|
|
}
|
|
data[off] = byte & ~m;
|
|
set_page_dirty(page);
|
|
kunmap_local(data);
|
|
hfs_bnode_put(node);
|
|
tree->free_nodes++;
|
|
mark_inode_dirty(tree->inode);
|
|
}
|