1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * 4 * Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved. 5 * 6 * Directory handling functions for NTFS-based filesystems. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/filelock.h> 12 #include <linux/nls.h> 13 14 #include "debug.h" 15 #include "ntfs.h" 16 #include "ntfs_fs.h" 17 18 /* Convert little endian UTF-16 to NLS string. */ 19 int ntfs_utf16_to_nls(struct ntfs_sb_info *sbi, const __le16 *name, u32 len, 20 u8 *buf, int buf_len) 21 { 22 int ret, warn; 23 u8 *op; 24 struct nls_table *nls = sbi->options->nls; 25 26 static_assert(sizeof(wchar_t) == sizeof(__le16)); 27 28 if (!nls) { 29 /* UTF-16 -> UTF-8 */ 30 ret = utf16s_to_utf8s((wchar_t *)name, len, UTF16_LITTLE_ENDIAN, 31 buf, buf_len); 32 buf[ret] = '\0'; 33 return ret; 34 } 35 36 op = buf; 37 warn = 0; 38 39 while (len--) { 40 u16 ec; 41 int charlen; 42 char dump[5]; 43 44 if (buf_len < NLS_MAX_CHARSET_SIZE) { 45 ntfs_warn(sbi->sb, 46 "filename was truncated while converting."); 47 break; 48 } 49 50 ec = le16_to_cpu(*name++); 51 charlen = nls->uni2char(ec, op, buf_len); 52 53 if (charlen > 0) { 54 op += charlen; 55 buf_len -= charlen; 56 continue; 57 } 58 59 *op++ = '_'; 60 buf_len -= 1; 61 if (warn) 62 continue; 63 64 warn = 1; 65 hex_byte_pack(&dump[0], ec >> 8); 66 hex_byte_pack(&dump[2], ec); 67 dump[4] = 0; 68 69 ntfs_err(sbi->sb, "failed to convert \"%s\" to %s", dump, 70 nls->charset); 71 } 72 73 *op = '\0'; 74 return op - buf; 75 } 76 77 // clang-format off 78 #define PLANE_SIZE 0x00010000 79 80 #define SURROGATE_PAIR 0x0000d800 81 #define SURROGATE_LOW 0x00000400 82 #define SURROGATE_BITS 0x000003ff 83 // clang-format on 84 85 /* 86 * put_utf16 - Modified version of put_utf16 from fs/nls/nls_base.c 87 * 88 * Function is sparse warnings free. 89 */ 90 static inline void put_utf16(wchar_t *s, unsigned int c, 91 enum utf16_endian endian) 92 { 93 static_assert(sizeof(wchar_t) == sizeof(__le16)); 94 static_assert(sizeof(wchar_t) == sizeof(__be16)); 95 96 switch (endian) { 97 default: 98 *s = (wchar_t)c; 99 break; 100 case UTF16_LITTLE_ENDIAN: 101 *(__le16 *)s = __cpu_to_le16(c); 102 break; 103 case UTF16_BIG_ENDIAN: 104 *(__be16 *)s = __cpu_to_be16(c); 105 break; 106 } 107 } 108 109 /* 110 * _utf8s_to_utf16s 111 * 112 * Modified version of 'utf8s_to_utf16s' allows to 113 * detect -ENAMETOOLONG without writing out of expected maximum. 114 */ 115 static int _utf8s_to_utf16s(const u8 *s, int inlen, enum utf16_endian endian, 116 wchar_t *pwcs, int maxout) 117 { 118 u16 *op; 119 int size; 120 unicode_t u; 121 122 op = pwcs; 123 while (inlen > 0 && *s) { 124 if (*s & 0x80) { 125 size = utf8_to_utf32(s, inlen, &u); 126 if (size < 0) 127 return -EINVAL; 128 s += size; 129 inlen -= size; 130 131 if (u >= PLANE_SIZE) { 132 if (maxout < 2) 133 return -ENAMETOOLONG; 134 135 u -= PLANE_SIZE; 136 put_utf16(op++, 137 SURROGATE_PAIR | 138 ((u >> 10) & SURROGATE_BITS), 139 endian); 140 put_utf16(op++, 141 SURROGATE_PAIR | SURROGATE_LOW | 142 (u & SURROGATE_BITS), 143 endian); 144 maxout -= 2; 145 } else { 146 if (maxout < 1) 147 return -ENAMETOOLONG; 148 149 put_utf16(op++, u, endian); 150 maxout--; 151 } 152 } else { 153 if (maxout < 1) 154 return -ENAMETOOLONG; 155 156 put_utf16(op++, *s++, endian); 157 inlen--; 158 maxout--; 159 } 160 } 161 return op - pwcs; 162 } 163 164 /* 165 * ntfs_nls_to_utf16 - Convert input string to UTF-16. 166 * @name: Input name. 167 * @name_len: Input name length. 168 * @uni: Destination memory. 169 * @max_ulen: Destination memory. 170 * @endian: Endian of target UTF-16 string. 171 * 172 * This function is called: 173 * - to create NTFS name 174 * - to create symlink 175 * 176 * Return: UTF-16 string length or error (if negative). 177 */ 178 int ntfs_nls_to_utf16(struct ntfs_sb_info *sbi, const u8 *name, u32 name_len, 179 struct cpu_str *uni, u32 max_ulen, 180 enum utf16_endian endian) 181 { 182 int ret, slen; 183 const u8 *end; 184 struct nls_table *nls = sbi->options->nls; 185 u16 *uname = uni->name; 186 187 static_assert(sizeof(wchar_t) == sizeof(u16)); 188 189 if (!nls) { 190 /* utf8 -> utf16 */ 191 ret = _utf8s_to_utf16s(name, name_len, endian, uname, max_ulen); 192 uni->len = ret; 193 return ret; 194 } 195 196 for (ret = 0, end = name + name_len; name < end; ret++, name += slen) { 197 if (ret >= max_ulen) 198 return -ENAMETOOLONG; 199 200 slen = nls->char2uni(name, end - name, uname + ret); 201 if (!slen) 202 return -EINVAL; 203 if (slen < 0) 204 return slen; 205 } 206 207 #ifdef __BIG_ENDIAN 208 if (endian == UTF16_LITTLE_ENDIAN) { 209 int i = ret; 210 211 while (i--) { 212 __cpu_to_le16s(uname); 213 uname++; 214 } 215 } 216 #else 217 if (endian == UTF16_BIG_ENDIAN) { 218 int i = ret; 219 220 while (i--) { 221 __cpu_to_be16s(uname); 222 uname++; 223 } 224 } 225 #endif 226 227 uni->len = ret; 228 return ret; 229 } 230 231 /* 232 * dir_search_u - Helper function. 233 */ 234 struct inode *dir_search_u(struct inode *dir, const struct cpu_str *uni, 235 struct ntfs_fnd *fnd) 236 { 237 int err = 0; 238 struct super_block *sb = dir->i_sb; 239 struct ntfs_sb_info *sbi = sb->s_fs_info; 240 struct ntfs_inode *ni = ntfs_i(dir); 241 struct NTFS_DE *e; 242 int diff; 243 struct inode *inode = NULL; 244 struct ntfs_fnd *fnd_a = NULL; 245 246 if (!fnd) { 247 fnd_a = fnd_get(); 248 if (!fnd_a) { 249 err = -ENOMEM; 250 goto out; 251 } 252 fnd = fnd_a; 253 } 254 255 err = indx_find(&ni->dir, ni, NULL, uni, 0, sbi, &diff, &e, fnd); 256 257 if (err) 258 goto out; 259 260 if (diff) { 261 err = -ENOENT; 262 goto out; 263 } 264 265 inode = ntfs_iget5(sb, &e->ref, uni); 266 if (!IS_ERR(inode) && is_bad_inode(inode)) { 267 iput(inode); 268 err = -EINVAL; 269 } 270 out: 271 fnd_put(fnd_a); 272 273 return err == -ENOENT ? NULL : err ? ERR_PTR(err) : inode; 274 } 275 276 /* 277 * returns false if 'ctx' if full 278 */ 279 static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi, 280 struct ntfs_inode *ni, const struct NTFS_DE *e, 281 u8 *name, struct dir_context *ctx) 282 { 283 const struct ATTR_FILE_NAME *fname; 284 unsigned long ino; 285 int name_len; 286 u32 dt_type; 287 288 fname = Add2Ptr(e, sizeof(struct NTFS_DE)); 289 290 if (fname->type == FILE_NAME_DOS) 291 return true; 292 293 if (!mi_is_ref(&ni->mi, &fname->home)) 294 return true; 295 296 ino = ino_get(&e->ref); 297 298 if (ino == MFT_REC_ROOT) 299 return true; 300 301 /* Skip meta files. Unless option to show metafiles is set. */ 302 if (!sbi->options->showmeta && ntfs_is_meta_file(sbi, ino)) 303 return true; 304 305 if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN)) 306 return true; 307 308 if (fname->name_len + sizeof(struct NTFS_DE) > le16_to_cpu(e->size)) 309 return true; 310 311 name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name, 312 PATH_MAX); 313 if (name_len <= 0) { 314 ntfs_warn(sbi->sb, "failed to convert name for inode %lx.", 315 ino); 316 return true; 317 } 318 319 /* 320 * NTFS: symlinks are "dir + reparse" or "file + reparse" 321 * Unfortunately reparse attribute is used for many purposes (several dozens). 322 * It is not possible here to know is this name symlink or not. 323 * To get exactly the type of name we should to open inode (read mft). 324 * getattr for opened file (fstat) correctly returns symlink. 325 */ 326 dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG; 327 328 /* 329 * It is not reliable to detect the type of name using duplicated information 330 * stored in parent directory. 331 * The only correct way to get the type of name - read MFT record and find ATTR_STD. 332 * The code below is not good idea. 333 * It does additional locks/reads just to get the type of name. 334 * Should we use additional mount option to enable branch below? 335 */ 336 if (fname->dup.extend_data && ino != ni->mi.rno) { 337 struct inode *inode = ntfs_iget5(sbi->sb, &e->ref, NULL); 338 if (!IS_ERR_OR_NULL(inode)) { 339 dt_type = fs_umode_to_dtype(inode->i_mode); 340 iput(inode); 341 } 342 } 343 344 return dir_emit(ctx, (s8 *)name, name_len, ino, dt_type); 345 } 346 347 /* 348 * ntfs_read_hdr - Helper function for ntfs_readdir(). 349 * 350 * returns 0 if ok. 351 * returns -EINVAL if directory is corrupted. 352 * returns +1 if 'ctx' is full. 353 */ 354 static int ntfs_read_hdr(struct ntfs_sb_info *sbi, struct ntfs_inode *ni, 355 const struct INDEX_HDR *hdr, u64 vbo, u64 pos, 356 u8 *name, struct dir_context *ctx) 357 { 358 const struct NTFS_DE *e; 359 u32 e_size; 360 u32 end = le32_to_cpu(hdr->used); 361 u32 off = le32_to_cpu(hdr->de_off); 362 363 for (;; off += e_size) { 364 if (off + sizeof(struct NTFS_DE) > end) 365 return -EINVAL; 366 367 e = Add2Ptr(hdr, off); 368 e_size = le16_to_cpu(e->size); 369 if (e_size < sizeof(struct NTFS_DE) || off + e_size > end) 370 return -EINVAL; 371 372 if (de_is_last(e)) 373 return 0; 374 375 /* Skip already enumerated. */ 376 if (vbo + off < pos) 377 continue; 378 379 if (le16_to_cpu(e->key_size) < SIZEOF_ATTRIBUTE_FILENAME) 380 return -EINVAL; 381 382 ctx->pos = vbo + off; 383 384 /* Submit the name to the filldir callback. */ 385 if (!ntfs_dir_emit(sbi, ni, e, name, ctx)) { 386 /* ctx is full. */ 387 return +1; 388 } 389 } 390 } 391 392 /* 393 * ntfs_readdir - file_operations::iterate_shared 394 * 395 * Use non sorted enumeration. 396 * Sorted enumeration may result infinite loop if names tree contains loop. 397 */ 398 static int ntfs_readdir(struct file *file, struct dir_context *ctx) 399 { 400 const struct INDEX_ROOT *root; 401 size_t bit; 402 int err = 0; 403 struct inode *dir = file_inode(file); 404 struct ntfs_inode *ni = ntfs_i(dir); 405 struct super_block *sb = dir->i_sb; 406 struct ntfs_sb_info *sbi = sb->s_fs_info; 407 loff_t i_size = i_size_read(dir); 408 u64 pos = ctx->pos; 409 u8 *name = NULL; 410 struct indx_node *node = NULL; 411 u8 index_bits = ni->dir.index_bits; 412 size_t max_bit = i_size >> ni->dir.index_bits; 413 loff_t eod = i_size + sbi->record_size; 414 415 /* Name is a buffer of PATH_MAX length. */ 416 static_assert(NTFS_NAME_LEN * 4 < PATH_MAX); 417 418 if (!pos) { 419 /* 420 * ni->dir.version increments each directory change. 421 * Save the initial value of ni->dir.version. 422 */ 423 file->private_data = (void *)ni->dir.version; 424 } 425 426 if (pos >= eod) { 427 if (file->private_data == (void *)ni->dir.version) { 428 /* No changes since first readdir. */ 429 return 0; 430 } 431 432 /* 433 * Handle directories that changed after the initial readdir(). 434 * 435 * Some user space code implements recursive removal like this instead 436 * of calling rmdir(2) directly: 437 * 438 * fd = opendir(path); 439 * while ((dent = readdir(fd))) 440 * unlinkat(dirfd(fd), dent->d_name, 0); 441 * closedir(fd); 442 * 443 * POSIX leaves unspecified what readdir() should return once the 444 * directory has been modified after opendir()/rewinddir(), so this 445 * pattern is not guaranteed to work on all filesystems or platforms. 446 * 447 * In ntfs3 the internal name tree may be reshaped while entries are 448 * being removed, so there is no stable anchor for continuing a 449 * single-pass walk based on the original readdir() order. 450 * 451 * In practice some widely used tools (for example certain rm(1) 452 * implementations) have used this readdir()/unlink() loop, and some 453 * filesystems behave in a way that effectively makes it work in the 454 * common case. 455 * 456 * The code below follows that practice and tries to provide 457 * "rmdir-like" behaviour for such callers on ntfs3, even though the 458 * situation is not strictly defined by the APIs. 459 * 460 * Apple documents the same readdir()/unlink() issue and a workaround 461 * for HFS file systems in: 462 * https://web.archive.org/web/20220122122948/https:/support.apple.com/kb/TA21420?locale=en_US 463 */ 464 ctx->pos = pos = 3; 465 file->private_data = (void *)ni->dir.version; 466 } 467 468 if (!dir_emit_dots(file, ctx)) 469 return 0; 470 471 name = kmalloc(PATH_MAX, GFP_KERNEL); 472 if (!name) 473 return -ENOMEM; 474 475 if (!ni->mi_loaded && ni->attr_list.size) { 476 /* 477 * Directory inode is locked for read. 478 * Load all subrecords to avoid 'write' access to 'ni' during 479 * directory reading. 480 */ 481 ni_lock(ni); 482 if (!ni->mi_loaded && ni->attr_list.size) { 483 err = ni_load_all_mi(ni); 484 if (!err) 485 ni->mi_loaded = true; 486 } 487 ni_unlock(ni); 488 if (err) 489 goto out; 490 } 491 492 root = indx_get_root(&ni->dir, ni, NULL, NULL); 493 if (!root) { 494 err = -EINVAL; 495 goto out; 496 } 497 498 if (pos >= sbi->record_size) { 499 bit = (pos - sbi->record_size) >> index_bits; 500 } else { 501 /* 502 * Add each name from root in 'ctx'. 503 */ 504 err = ntfs_read_hdr(sbi, ni, &root->ihdr, 0, pos, name, ctx); 505 if (err) 506 goto out; 507 bit = 0; 508 } 509 510 /* 511 * Enumerate indexes until the end of dir. 512 */ 513 for (; bit < max_bit; bit += 1) { 514 /* Get the next used index. */ 515 err = indx_used_bit(&ni->dir, ni, &bit); 516 if (err) 517 goto out; 518 519 if (bit == MINUS_ONE_T) { 520 /* no more used indexes. end of dir. */ 521 break; 522 } 523 524 if (bit >= max_bit) { 525 /* Corrupted directory. */ 526 err = -EINVAL; 527 goto out; 528 } 529 530 err = indx_read_ra(&ni->dir, ni, bit << ni->dir.idx2vbn_bits, 531 &node, &file->f_ra); 532 if (err) 533 goto out; 534 535 /* 536 * Add each name from index in 'ctx'. 537 */ 538 err = ntfs_read_hdr(sbi, ni, &node->index->ihdr, 539 ((u64)bit << index_bits) + sbi->record_size, 540 pos, name, ctx); 541 if (err) 542 goto out; 543 } 544 545 out: 546 kfree(name); 547 put_indx_node(node); 548 549 if (!err) { 550 /* End of directory. */ 551 ctx->pos = eod; 552 } else if (err == 1) { 553 /* 'ctx' is full. */ 554 err = 0; 555 } else if (err == -ENOENT) { 556 err = 0; 557 ctx->pos = pos; 558 } else if (err < 0) { 559 if (err == -EINVAL) 560 _ntfs_bad_inode(dir); 561 ctx->pos = eod; 562 } 563 564 return err; 565 } 566 567 static int ntfs_dir_count(struct inode *dir, bool *is_empty, size_t *dirs, 568 size_t *files) 569 { 570 int err = 0; 571 struct ntfs_inode *ni = ntfs_i(dir); 572 struct NTFS_DE *e = NULL; 573 struct INDEX_ROOT *root; 574 struct INDEX_HDR *hdr; 575 const struct ATTR_FILE_NAME *fname; 576 u32 e_size, off, end; 577 size_t drs = 0, fles = 0, bit = 0; 578 struct indx_node *node = NULL; 579 size_t max_indx = i_size_read(&ni->vfs_inode) >> ni->dir.index_bits; 580 581 if (is_empty) 582 *is_empty = true; 583 584 root = indx_get_root(&ni->dir, ni, NULL, NULL); 585 if (!root) 586 return -EINVAL; 587 588 hdr = &root->ihdr; 589 590 for (;;) { 591 end = le32_to_cpu(hdr->used); 592 off = le32_to_cpu(hdr->de_off); 593 594 for (; off + sizeof(struct NTFS_DE) <= end; off += e_size) { 595 e = Add2Ptr(hdr, off); 596 e_size = le16_to_cpu(e->size); 597 if (e_size < sizeof(struct NTFS_DE) || 598 off + e_size > end) { 599 /* Looks like corruption. */ 600 break; 601 } 602 603 if (de_is_last(e)) 604 break; 605 606 fname = de_get_fname(e); 607 if (!fname) 608 continue; 609 610 if (fname->type == FILE_NAME_DOS) 611 continue; 612 613 if (is_empty) { 614 *is_empty = false; 615 if (!dirs && !files) 616 goto out; 617 } 618 619 if (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) 620 drs += 1; 621 else 622 fles += 1; 623 } 624 625 if (bit >= max_indx) 626 goto out; 627 628 err = indx_used_bit(&ni->dir, ni, &bit); 629 if (err) 630 goto out; 631 632 if (bit == MINUS_ONE_T) 633 goto out; 634 635 if (bit >= max_indx) 636 goto out; 637 638 err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits, 639 &node); 640 if (err) 641 goto out; 642 643 hdr = &node->index->ihdr; 644 bit += 1; 645 } 646 647 out: 648 put_indx_node(node); 649 if (dirs) 650 *dirs = drs; 651 if (files) 652 *files = fles; 653 654 return err; 655 } 656 657 bool dir_is_empty(struct inode *dir) 658 { 659 bool is_empty = false; 660 661 ntfs_dir_count(dir, &is_empty, NULL, NULL); 662 663 return is_empty; 664 } 665 666 // clang-format off 667 const struct file_operations ntfs_dir_operations = { 668 .llseek = generic_file_llseek, 669 .read = generic_read_dir, 670 .iterate_shared = ntfs_readdir, 671 .fsync = ntfs_file_fsync, 672 .open = ntfs_file_open, 673 .unlocked_ioctl = ntfs_ioctl, 674 #ifdef CONFIG_COMPAT 675 .compat_ioctl = ntfs_compat_ioctl, 676 #endif 677 .setlease = generic_setlease, 678 }; 679 680 #if IS_ENABLED(CONFIG_NTFS_FS) 681 const struct file_operations ntfs_legacy_dir_operations = { 682 .llseek = generic_file_llseek, 683 .read = generic_read_dir, 684 .iterate_shared = ntfs_readdir, 685 .open = ntfs_file_open, 686 .setlease = generic_setlease, 687 }; 688 #endif 689 // clang-format on 690