1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * 4 * Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved. 5 * 6 * Directory handling functions for NTFS-based filesystems. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/nls.h> 12 13 #include "debug.h" 14 #include "ntfs.h" 15 #include "ntfs_fs.h" 16 17 /* Convert little endian UTF-16 to NLS string. */ 18 int ntfs_utf16_to_nls(struct ntfs_sb_info *sbi, const __le16 *name, u32 len, 19 u8 *buf, int buf_len) 20 { 21 int ret, warn; 22 u8 *op; 23 struct nls_table *nls = sbi->options->nls; 24 25 static_assert(sizeof(wchar_t) == sizeof(__le16)); 26 27 if (!nls) { 28 /* UTF-16 -> UTF-8 */ 29 ret = utf16s_to_utf8s((wchar_t *)name, len, UTF16_LITTLE_ENDIAN, 30 buf, buf_len); 31 buf[ret] = '\0'; 32 return ret; 33 } 34 35 op = buf; 36 warn = 0; 37 38 while (len--) { 39 u16 ec; 40 int charlen; 41 char dump[5]; 42 43 if (buf_len < NLS_MAX_CHARSET_SIZE) { 44 ntfs_warn(sbi->sb, 45 "filename was truncated while converting."); 46 break; 47 } 48 49 ec = le16_to_cpu(*name++); 50 charlen = nls->uni2char(ec, op, buf_len); 51 52 if (charlen > 0) { 53 op += charlen; 54 buf_len -= charlen; 55 continue; 56 } 57 58 *op++ = '_'; 59 buf_len -= 1; 60 if (warn) 61 continue; 62 63 warn = 1; 64 hex_byte_pack(&dump[0], ec >> 8); 65 hex_byte_pack(&dump[2], ec); 66 dump[4] = 0; 67 68 ntfs_err(sbi->sb, "failed to convert \"%s\" to %s", dump, 69 nls->charset); 70 } 71 72 *op = '\0'; 73 return op - buf; 74 } 75 76 // clang-format off 77 #define PLANE_SIZE 0x00010000 78 79 #define SURROGATE_PAIR 0x0000d800 80 #define SURROGATE_LOW 0x00000400 81 #define SURROGATE_BITS 0x000003ff 82 // clang-format on 83 84 /* 85 * put_utf16 - Modified version of put_utf16 from fs/nls/nls_base.c 86 * 87 * Function is sparse warnings free. 88 */ 89 static inline void put_utf16(wchar_t *s, unsigned int c, 90 enum utf16_endian endian) 91 { 92 static_assert(sizeof(wchar_t) == sizeof(__le16)); 93 static_assert(sizeof(wchar_t) == sizeof(__be16)); 94 95 switch (endian) { 96 default: 97 *s = (wchar_t)c; 98 break; 99 case UTF16_LITTLE_ENDIAN: 100 *(__le16 *)s = __cpu_to_le16(c); 101 break; 102 case UTF16_BIG_ENDIAN: 103 *(__be16 *)s = __cpu_to_be16(c); 104 break; 105 } 106 } 107 108 /* 109 * _utf8s_to_utf16s 110 * 111 * Modified version of 'utf8s_to_utf16s' allows to 112 * detect -ENAMETOOLONG without writing out of expected maximum. 113 */ 114 static int _utf8s_to_utf16s(const u8 *s, int inlen, enum utf16_endian endian, 115 wchar_t *pwcs, int maxout) 116 { 117 u16 *op; 118 int size; 119 unicode_t u; 120 121 op = pwcs; 122 while (inlen > 0 && *s) { 123 if (*s & 0x80) { 124 size = utf8_to_utf32(s, inlen, &u); 125 if (size < 0) 126 return -EINVAL; 127 s += size; 128 inlen -= size; 129 130 if (u >= PLANE_SIZE) { 131 if (maxout < 2) 132 return -ENAMETOOLONG; 133 134 u -= PLANE_SIZE; 135 put_utf16(op++, 136 SURROGATE_PAIR | 137 ((u >> 10) & SURROGATE_BITS), 138 endian); 139 put_utf16(op++, 140 SURROGATE_PAIR | SURROGATE_LOW | 141 (u & SURROGATE_BITS), 142 endian); 143 maxout -= 2; 144 } else { 145 if (maxout < 1) 146 return -ENAMETOOLONG; 147 148 put_utf16(op++, u, endian); 149 maxout--; 150 } 151 } else { 152 if (maxout < 1) 153 return -ENAMETOOLONG; 154 155 put_utf16(op++, *s++, endian); 156 inlen--; 157 maxout--; 158 } 159 } 160 return op - pwcs; 161 } 162 163 /* 164 * ntfs_nls_to_utf16 - Convert input string to UTF-16. 165 * @name: Input name. 166 * @name_len: Input name length. 167 * @uni: Destination memory. 168 * @max_ulen: Destination memory. 169 * @endian: Endian of target UTF-16 string. 170 * 171 * This function is called: 172 * - to create NTFS name 173 * - to create symlink 174 * 175 * Return: UTF-16 string length or error (if negative). 176 */ 177 int ntfs_nls_to_utf16(struct ntfs_sb_info *sbi, const u8 *name, u32 name_len, 178 struct cpu_str *uni, u32 max_ulen, 179 enum utf16_endian endian) 180 { 181 int ret, slen; 182 const u8 *end; 183 struct nls_table *nls = sbi->options->nls; 184 u16 *uname = uni->name; 185 186 static_assert(sizeof(wchar_t) == sizeof(u16)); 187 188 if (!nls) { 189 /* utf8 -> utf16 */ 190 ret = _utf8s_to_utf16s(name, name_len, endian, uname, max_ulen); 191 uni->len = ret; 192 return ret; 193 } 194 195 for (ret = 0, end = name + name_len; name < end; ret++, name += slen) { 196 if (ret >= max_ulen) 197 return -ENAMETOOLONG; 198 199 slen = nls->char2uni(name, end - name, uname + ret); 200 if (!slen) 201 return -EINVAL; 202 if (slen < 0) 203 return slen; 204 } 205 206 #ifdef __BIG_ENDIAN 207 if (endian == UTF16_LITTLE_ENDIAN) { 208 int i = ret; 209 210 while (i--) { 211 __cpu_to_le16s(uname); 212 uname++; 213 } 214 } 215 #else 216 if (endian == UTF16_BIG_ENDIAN) { 217 int i = ret; 218 219 while (i--) { 220 __cpu_to_be16s(uname); 221 uname++; 222 } 223 } 224 #endif 225 226 uni->len = ret; 227 return ret; 228 } 229 230 /* 231 * dir_search_u - Helper function. 232 */ 233 struct inode *dir_search_u(struct inode *dir, const struct cpu_str *uni, 234 struct ntfs_fnd *fnd) 235 { 236 int err = 0; 237 struct super_block *sb = dir->i_sb; 238 struct ntfs_sb_info *sbi = sb->s_fs_info; 239 struct ntfs_inode *ni = ntfs_i(dir); 240 struct NTFS_DE *e; 241 int diff; 242 struct inode *inode = NULL; 243 struct ntfs_fnd *fnd_a = NULL; 244 245 if (!fnd) { 246 fnd_a = fnd_get(); 247 if (!fnd_a) { 248 err = -ENOMEM; 249 goto out; 250 } 251 fnd = fnd_a; 252 } 253 254 err = indx_find(&ni->dir, ni, NULL, uni, 0, sbi, &diff, &e, fnd); 255 256 if (err) 257 goto out; 258 259 if (diff) { 260 err = -ENOENT; 261 goto out; 262 } 263 264 inode = ntfs_iget5(sb, &e->ref, uni); 265 if (!IS_ERR(inode) && is_bad_inode(inode)) { 266 iput(inode); 267 err = -EINVAL; 268 } 269 out: 270 fnd_put(fnd_a); 271 272 return err == -ENOENT ? NULL : err ? ERR_PTR(err) : inode; 273 } 274 275 /* 276 * returns false if 'ctx' if full 277 */ 278 static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi, 279 struct ntfs_inode *ni, const struct NTFS_DE *e, 280 u8 *name, struct dir_context *ctx) 281 { 282 const struct ATTR_FILE_NAME *fname; 283 unsigned long ino; 284 int name_len; 285 u32 dt_type; 286 287 fname = Add2Ptr(e, sizeof(struct NTFS_DE)); 288 289 if (fname->type == FILE_NAME_DOS) 290 return true; 291 292 if (!mi_is_ref(&ni->mi, &fname->home)) 293 return true; 294 295 ino = ino_get(&e->ref); 296 297 if (ino == MFT_REC_ROOT) 298 return true; 299 300 /* Skip meta files. Unless option to show metafiles is set. */ 301 if (!sbi->options->showmeta && ntfs_is_meta_file(sbi, ino)) 302 return true; 303 304 if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN)) 305 return true; 306 307 if (fname->name_len + sizeof(struct NTFS_DE) > le16_to_cpu(e->size)) 308 return true; 309 310 name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name, 311 PATH_MAX); 312 if (name_len <= 0) { 313 ntfs_warn(sbi->sb, "failed to convert name for inode %lx.", 314 ino); 315 return true; 316 } 317 318 /* 319 * NTFS: symlinks are "dir + reparse" or "file + reparse" 320 * Unfortunately reparse attribute is used for many purposes (several dozens). 321 * It is not possible here to know is this name symlink or not. 322 * To get exactly the type of name we should to open inode (read mft). 323 * getattr for opened file (fstat) correctly returns symlink. 324 */ 325 dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG; 326 327 /* 328 * It is not reliable to detect the type of name using duplicated information 329 * stored in parent directory. 330 * The only correct way to get the type of name - read MFT record and find ATTR_STD. 331 * The code below is not good idea. 332 * It does additional locks/reads just to get the type of name. 333 * Should we use additional mount option to enable branch below? 334 */ 335 if (fname->dup.extend_data && 336 ino != ni->mi.rno) { 337 struct inode *inode = ntfs_iget5(sbi->sb, &e->ref, NULL); 338 if (!IS_ERR_OR_NULL(inode)) { 339 dt_type = fs_umode_to_dtype(inode->i_mode); 340 iput(inode); 341 } 342 } 343 344 return dir_emit(ctx, (s8 *)name, name_len, ino, dt_type); 345 } 346 347 /* 348 * ntfs_read_hdr - Helper function for ntfs_readdir(). 349 * 350 * returns 0 if ok. 351 * returns -EINVAL if directory is corrupted. 352 * returns +1 if 'ctx' is full. 353 */ 354 static int ntfs_read_hdr(struct ntfs_sb_info *sbi, struct ntfs_inode *ni, 355 const struct INDEX_HDR *hdr, u64 vbo, u64 pos, 356 u8 *name, struct dir_context *ctx) 357 { 358 const struct NTFS_DE *e; 359 u32 e_size; 360 u32 end = le32_to_cpu(hdr->used); 361 u32 off = le32_to_cpu(hdr->de_off); 362 363 for (;; off += e_size) { 364 if (off + sizeof(struct NTFS_DE) > end) 365 return -EINVAL; 366 367 e = Add2Ptr(hdr, off); 368 e_size = le16_to_cpu(e->size); 369 if (e_size < sizeof(struct NTFS_DE) || off + e_size > end) 370 return -EINVAL; 371 372 if (de_is_last(e)) 373 return 0; 374 375 /* Skip already enumerated. */ 376 if (vbo + off < pos) 377 continue; 378 379 if (le16_to_cpu(e->key_size) < SIZEOF_ATTRIBUTE_FILENAME) 380 return -EINVAL; 381 382 ctx->pos = vbo + off; 383 384 /* Submit the name to the filldir callback. */ 385 if (!ntfs_dir_emit(sbi, ni, e, name, ctx)) { 386 /* ctx is full. */ 387 return +1; 388 } 389 } 390 } 391 392 /* 393 * ntfs_readdir - file_operations::iterate_shared 394 * 395 * Use non sorted enumeration. 396 * We have an example of broken volume where sorted enumeration 397 * counts each name twice. 398 */ 399 static int ntfs_readdir(struct file *file, struct dir_context *ctx) 400 { 401 const struct INDEX_ROOT *root; 402 u64 vbo; 403 size_t bit; 404 loff_t eod; 405 int err = 0; 406 struct inode *dir = file_inode(file); 407 struct ntfs_inode *ni = ntfs_i(dir); 408 struct super_block *sb = dir->i_sb; 409 struct ntfs_sb_info *sbi = sb->s_fs_info; 410 loff_t i_size = i_size_read(dir); 411 u32 pos = ctx->pos; 412 u8 *name = NULL; 413 struct indx_node *node = NULL; 414 u8 index_bits = ni->dir.index_bits; 415 416 /* Name is a buffer of PATH_MAX length. */ 417 static_assert(NTFS_NAME_LEN * 4 < PATH_MAX); 418 419 eod = i_size + sbi->record_size; 420 421 if (pos >= eod) 422 return 0; 423 424 if (!dir_emit_dots(file, ctx)) 425 return 0; 426 427 /* Allocate PATH_MAX bytes. */ 428 name = __getname(); 429 if (!name) 430 return -ENOMEM; 431 432 if (!ni->mi_loaded && ni->attr_list.size) { 433 /* 434 * Directory inode is locked for read. 435 * Load all subrecords to avoid 'write' access to 'ni' during 436 * directory reading. 437 */ 438 ni_lock(ni); 439 if (!ni->mi_loaded && ni->attr_list.size) { 440 err = ni_load_all_mi(ni); 441 if (!err) 442 ni->mi_loaded = true; 443 } 444 ni_unlock(ni); 445 if (err) 446 goto out; 447 } 448 449 root = indx_get_root(&ni->dir, ni, NULL, NULL); 450 if (!root) { 451 err = -EINVAL; 452 goto out; 453 } 454 455 if (pos >= sbi->record_size) { 456 bit = (pos - sbi->record_size) >> index_bits; 457 } else { 458 err = ntfs_read_hdr(sbi, ni, &root->ihdr, 0, pos, name, ctx); 459 if (err) 460 goto out; 461 bit = 0; 462 } 463 464 if (!i_size) { 465 ctx->pos = eod; 466 goto out; 467 } 468 469 for (;;) { 470 vbo = (u64)bit << index_bits; 471 if (vbo >= i_size) { 472 ctx->pos = eod; 473 goto out; 474 } 475 476 err = indx_used_bit(&ni->dir, ni, &bit); 477 if (err) 478 goto out; 479 480 if (bit == MINUS_ONE_T) { 481 ctx->pos = eod; 482 goto out; 483 } 484 485 vbo = (u64)bit << index_bits; 486 if (vbo >= i_size) { 487 err = -EINVAL; 488 goto out; 489 } 490 491 err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits, 492 &node); 493 if (err) 494 goto out; 495 496 err = ntfs_read_hdr(sbi, ni, &node->index->ihdr, 497 vbo + sbi->record_size, pos, name, ctx); 498 if (err) 499 goto out; 500 501 bit += 1; 502 } 503 504 out: 505 506 __putname(name); 507 put_indx_node(node); 508 509 if (err == 1) { 510 /* 'ctx' is full. */ 511 err = 0; 512 } else if (err == -ENOENT) { 513 err = 0; 514 ctx->pos = pos; 515 } else if (err < 0) { 516 if (err == -EINVAL) 517 _ntfs_bad_inode(dir); 518 ctx->pos = eod; 519 } 520 521 return err; 522 } 523 524 static int ntfs_dir_count(struct inode *dir, bool *is_empty, size_t *dirs, 525 size_t *files) 526 { 527 int err = 0; 528 struct ntfs_inode *ni = ntfs_i(dir); 529 struct NTFS_DE *e = NULL; 530 struct INDEX_ROOT *root; 531 struct INDEX_HDR *hdr; 532 const struct ATTR_FILE_NAME *fname; 533 u32 e_size, off, end; 534 size_t drs = 0, fles = 0, bit = 0; 535 struct indx_node *node = NULL; 536 size_t max_indx = i_size_read(&ni->vfs_inode) >> ni->dir.index_bits; 537 538 if (is_empty) 539 *is_empty = true; 540 541 root = indx_get_root(&ni->dir, ni, NULL, NULL); 542 if (!root) 543 return -EINVAL; 544 545 hdr = &root->ihdr; 546 547 for (;;) { 548 end = le32_to_cpu(hdr->used); 549 off = le32_to_cpu(hdr->de_off); 550 551 for (; off + sizeof(struct NTFS_DE) <= end; off += e_size) { 552 e = Add2Ptr(hdr, off); 553 e_size = le16_to_cpu(e->size); 554 if (e_size < sizeof(struct NTFS_DE) || 555 off + e_size > end) { 556 /* Looks like corruption. */ 557 break; 558 } 559 560 if (de_is_last(e)) 561 break; 562 563 fname = de_get_fname(e); 564 if (!fname) 565 continue; 566 567 if (fname->type == FILE_NAME_DOS) 568 continue; 569 570 if (is_empty) { 571 *is_empty = false; 572 if (!dirs && !files) 573 goto out; 574 } 575 576 if (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) 577 drs += 1; 578 else 579 fles += 1; 580 } 581 582 if (bit >= max_indx) 583 goto out; 584 585 err = indx_used_bit(&ni->dir, ni, &bit); 586 if (err) 587 goto out; 588 589 if (bit == MINUS_ONE_T) 590 goto out; 591 592 if (bit >= max_indx) 593 goto out; 594 595 err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits, 596 &node); 597 if (err) 598 goto out; 599 600 hdr = &node->index->ihdr; 601 bit += 1; 602 } 603 604 out: 605 put_indx_node(node); 606 if (dirs) 607 *dirs = drs; 608 if (files) 609 *files = fles; 610 611 return err; 612 } 613 614 bool dir_is_empty(struct inode *dir) 615 { 616 bool is_empty = false; 617 618 ntfs_dir_count(dir, &is_empty, NULL, NULL); 619 620 return is_empty; 621 } 622 623 // clang-format off 624 const struct file_operations ntfs_dir_operations = { 625 .llseek = generic_file_llseek, 626 .read = generic_read_dir, 627 .iterate_shared = ntfs_readdir, 628 .fsync = generic_file_fsync, 629 .open = ntfs_file_open, 630 .unlocked_ioctl = ntfs_ioctl, 631 #ifdef CONFIG_COMPAT 632 .compat_ioctl = ntfs_compat_ioctl, 633 #endif 634 }; 635 636 #if IS_ENABLED(CONFIG_NTFS_FS) 637 const struct file_operations ntfs_legacy_dir_operations = { 638 .llseek = generic_file_llseek, 639 .read = generic_read_dir, 640 .iterate_shared = ntfs_readdir, 641 .open = ntfs_file_open, 642 }; 643 #endif 644 // clang-format on 645