1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 *
4 * Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
5 *
6 * Directory handling functions for NTFS-based filesystems.
7 *
8 */
9
10 #include <linux/fs.h>
11 #include <linux/nls.h>
12
13 #include "debug.h"
14 #include "ntfs.h"
15 #include "ntfs_fs.h"
16
17 /* Convert little endian UTF-16 to NLS string. */
ntfs_utf16_to_nls(struct ntfs_sb_info * sbi,const __le16 * name,u32 len,u8 * buf,int buf_len)18 int ntfs_utf16_to_nls(struct ntfs_sb_info *sbi, const __le16 *name, u32 len,
19 u8 *buf, int buf_len)
20 {
21 int ret, warn;
22 u8 *op;
23 struct nls_table *nls = sbi->options->nls;
24
25 static_assert(sizeof(wchar_t) == sizeof(__le16));
26
27 if (!nls) {
28 /* UTF-16 -> UTF-8 */
29 ret = utf16s_to_utf8s((wchar_t *)name, len, UTF16_LITTLE_ENDIAN,
30 buf, buf_len);
31 buf[ret] = '\0';
32 return ret;
33 }
34
35 op = buf;
36 warn = 0;
37
38 while (len--) {
39 u16 ec;
40 int charlen;
41 char dump[5];
42
43 if (buf_len < NLS_MAX_CHARSET_SIZE) {
44 ntfs_warn(sbi->sb,
45 "filename was truncated while converting.");
46 break;
47 }
48
49 ec = le16_to_cpu(*name++);
50 charlen = nls->uni2char(ec, op, buf_len);
51
52 if (charlen > 0) {
53 op += charlen;
54 buf_len -= charlen;
55 continue;
56 }
57
58 *op++ = '_';
59 buf_len -= 1;
60 if (warn)
61 continue;
62
63 warn = 1;
64 hex_byte_pack(&dump[0], ec >> 8);
65 hex_byte_pack(&dump[2], ec);
66 dump[4] = 0;
67
68 ntfs_err(sbi->sb, "failed to convert \"%s\" to %s", dump,
69 nls->charset);
70 }
71
72 *op = '\0';
73 return op - buf;
74 }
75
76 // clang-format off
77 #define PLANE_SIZE 0x00010000
78
79 #define SURROGATE_PAIR 0x0000d800
80 #define SURROGATE_LOW 0x00000400
81 #define SURROGATE_BITS 0x000003ff
82 // clang-format on
83
84 /*
85 * put_utf16 - Modified version of put_utf16 from fs/nls/nls_base.c
86 *
87 * Function is sparse warnings free.
88 */
put_utf16(wchar_t * s,unsigned int c,enum utf16_endian endian)89 static inline void put_utf16(wchar_t *s, unsigned int c,
90 enum utf16_endian endian)
91 {
92 static_assert(sizeof(wchar_t) == sizeof(__le16));
93 static_assert(sizeof(wchar_t) == sizeof(__be16));
94
95 switch (endian) {
96 default:
97 *s = (wchar_t)c;
98 break;
99 case UTF16_LITTLE_ENDIAN:
100 *(__le16 *)s = __cpu_to_le16(c);
101 break;
102 case UTF16_BIG_ENDIAN:
103 *(__be16 *)s = __cpu_to_be16(c);
104 break;
105 }
106 }
107
108 /*
109 * _utf8s_to_utf16s
110 *
111 * Modified version of 'utf8s_to_utf16s' allows to
112 * detect -ENAMETOOLONG without writing out of expected maximum.
113 */
_utf8s_to_utf16s(const u8 * s,int inlen,enum utf16_endian endian,wchar_t * pwcs,int maxout)114 static int _utf8s_to_utf16s(const u8 *s, int inlen, enum utf16_endian endian,
115 wchar_t *pwcs, int maxout)
116 {
117 u16 *op;
118 int size;
119 unicode_t u;
120
121 op = pwcs;
122 while (inlen > 0 && *s) {
123 if (*s & 0x80) {
124 size = utf8_to_utf32(s, inlen, &u);
125 if (size < 0)
126 return -EINVAL;
127 s += size;
128 inlen -= size;
129
130 if (u >= PLANE_SIZE) {
131 if (maxout < 2)
132 return -ENAMETOOLONG;
133
134 u -= PLANE_SIZE;
135 put_utf16(op++,
136 SURROGATE_PAIR |
137 ((u >> 10) & SURROGATE_BITS),
138 endian);
139 put_utf16(op++,
140 SURROGATE_PAIR | SURROGATE_LOW |
141 (u & SURROGATE_BITS),
142 endian);
143 maxout -= 2;
144 } else {
145 if (maxout < 1)
146 return -ENAMETOOLONG;
147
148 put_utf16(op++, u, endian);
149 maxout--;
150 }
151 } else {
152 if (maxout < 1)
153 return -ENAMETOOLONG;
154
155 put_utf16(op++, *s++, endian);
156 inlen--;
157 maxout--;
158 }
159 }
160 return op - pwcs;
161 }
162
163 /*
164 * ntfs_nls_to_utf16 - Convert input string to UTF-16.
165 * @name: Input name.
166 * @name_len: Input name length.
167 * @uni: Destination memory.
168 * @max_ulen: Destination memory.
169 * @endian: Endian of target UTF-16 string.
170 *
171 * This function is called:
172 * - to create NTFS name
173 * - to create symlink
174 *
175 * Return: UTF-16 string length or error (if negative).
176 */
ntfs_nls_to_utf16(struct ntfs_sb_info * sbi,const u8 * name,u32 name_len,struct cpu_str * uni,u32 max_ulen,enum utf16_endian endian)177 int ntfs_nls_to_utf16(struct ntfs_sb_info *sbi, const u8 *name, u32 name_len,
178 struct cpu_str *uni, u32 max_ulen,
179 enum utf16_endian endian)
180 {
181 int ret, slen;
182 const u8 *end;
183 struct nls_table *nls = sbi->options->nls;
184 u16 *uname = uni->name;
185
186 static_assert(sizeof(wchar_t) == sizeof(u16));
187
188 if (!nls) {
189 /* utf8 -> utf16 */
190 ret = _utf8s_to_utf16s(name, name_len, endian, uname, max_ulen);
191 uni->len = ret;
192 return ret;
193 }
194
195 for (ret = 0, end = name + name_len; name < end; ret++, name += slen) {
196 if (ret >= max_ulen)
197 return -ENAMETOOLONG;
198
199 slen = nls->char2uni(name, end - name, uname + ret);
200 if (!slen)
201 return -EINVAL;
202 if (slen < 0)
203 return slen;
204 }
205
206 #ifdef __BIG_ENDIAN
207 if (endian == UTF16_LITTLE_ENDIAN) {
208 int i = ret;
209
210 while (i--) {
211 __cpu_to_le16s(uname);
212 uname++;
213 }
214 }
215 #else
216 if (endian == UTF16_BIG_ENDIAN) {
217 int i = ret;
218
219 while (i--) {
220 __cpu_to_be16s(uname);
221 uname++;
222 }
223 }
224 #endif
225
226 uni->len = ret;
227 return ret;
228 }
229
230 /*
231 * dir_search_u - Helper function.
232 */
dir_search_u(struct inode * dir,const struct cpu_str * uni,struct ntfs_fnd * fnd)233 struct inode *dir_search_u(struct inode *dir, const struct cpu_str *uni,
234 struct ntfs_fnd *fnd)
235 {
236 int err = 0;
237 struct super_block *sb = dir->i_sb;
238 struct ntfs_sb_info *sbi = sb->s_fs_info;
239 struct ntfs_inode *ni = ntfs_i(dir);
240 struct NTFS_DE *e;
241 int diff;
242 struct inode *inode = NULL;
243 struct ntfs_fnd *fnd_a = NULL;
244
245 if (!fnd) {
246 fnd_a = fnd_get();
247 if (!fnd_a) {
248 err = -ENOMEM;
249 goto out;
250 }
251 fnd = fnd_a;
252 }
253
254 err = indx_find(&ni->dir, ni, NULL, uni, 0, sbi, &diff, &e, fnd);
255
256 if (err)
257 goto out;
258
259 if (diff) {
260 err = -ENOENT;
261 goto out;
262 }
263
264 inode = ntfs_iget5(sb, &e->ref, uni);
265 if (!IS_ERR(inode) && is_bad_inode(inode)) {
266 iput(inode);
267 err = -EINVAL;
268 }
269 out:
270 fnd_put(fnd_a);
271
272 return err == -ENOENT ? NULL : err ? ERR_PTR(err) : inode;
273 }
274
275 /*
276 * returns false if 'ctx' if full
277 */
ntfs_dir_emit(struct ntfs_sb_info * sbi,struct ntfs_inode * ni,const struct NTFS_DE * e,u8 * name,struct dir_context * ctx)278 static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi,
279 struct ntfs_inode *ni, const struct NTFS_DE *e,
280 u8 *name, struct dir_context *ctx)
281 {
282 const struct ATTR_FILE_NAME *fname;
283 unsigned long ino;
284 int name_len;
285 u32 dt_type;
286
287 fname = Add2Ptr(e, sizeof(struct NTFS_DE));
288
289 if (fname->type == FILE_NAME_DOS)
290 return true;
291
292 if (!mi_is_ref(&ni->mi, &fname->home))
293 return true;
294
295 ino = ino_get(&e->ref);
296
297 if (ino == MFT_REC_ROOT)
298 return true;
299
300 /* Skip meta files. Unless option to show metafiles is set. */
301 if (!sbi->options->showmeta && ntfs_is_meta_file(sbi, ino))
302 return true;
303
304 if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN))
305 return true;
306
307 if (fname->name_len + sizeof(struct NTFS_DE) > le16_to_cpu(e->size))
308 return true;
309
310 name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name,
311 PATH_MAX);
312 if (name_len <= 0) {
313 ntfs_warn(sbi->sb, "failed to convert name for inode %lx.",
314 ino);
315 return true;
316 }
317
318 /*
319 * NTFS: symlinks are "dir + reparse" or "file + reparse"
320 * Unfortunately reparse attribute is used for many purposes (several dozens).
321 * It is not possible here to know is this name symlink or not.
322 * To get exactly the type of name we should to open inode (read mft).
323 * getattr for opened file (fstat) correctly returns symlink.
324 */
325 dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG;
326
327 /*
328 * It is not reliable to detect the type of name using duplicated information
329 * stored in parent directory.
330 * The only correct way to get the type of name - read MFT record and find ATTR_STD.
331 * The code below is not good idea.
332 * It does additional locks/reads just to get the type of name.
333 * Should we use additional mount option to enable branch below?
334 */
335 if (((fname->dup.fa & FILE_ATTRIBUTE_REPARSE_POINT) ||
336 fname->dup.ea_size) &&
337 ino != ni->mi.rno) {
338 struct inode *inode = ntfs_iget5(sbi->sb, &e->ref, NULL);
339 if (!IS_ERR_OR_NULL(inode)) {
340 dt_type = fs_umode_to_dtype(inode->i_mode);
341 iput(inode);
342 }
343 }
344
345 return dir_emit(ctx, (s8 *)name, name_len, ino, dt_type);
346 }
347
348 /*
349 * ntfs_read_hdr - Helper function for ntfs_readdir().
350 *
351 * returns 0 if ok.
352 * returns -EINVAL if directory is corrupted.
353 * returns +1 if 'ctx' is full.
354 */
ntfs_read_hdr(struct ntfs_sb_info * sbi,struct ntfs_inode * ni,const struct INDEX_HDR * hdr,u64 vbo,u64 pos,u8 * name,struct dir_context * ctx)355 static int ntfs_read_hdr(struct ntfs_sb_info *sbi, struct ntfs_inode *ni,
356 const struct INDEX_HDR *hdr, u64 vbo, u64 pos,
357 u8 *name, struct dir_context *ctx)
358 {
359 const struct NTFS_DE *e;
360 u32 e_size;
361 u32 end = le32_to_cpu(hdr->used);
362 u32 off = le32_to_cpu(hdr->de_off);
363
364 for (;; off += e_size) {
365 if (off + sizeof(struct NTFS_DE) > end)
366 return -EINVAL;
367
368 e = Add2Ptr(hdr, off);
369 e_size = le16_to_cpu(e->size);
370 if (e_size < sizeof(struct NTFS_DE) || off + e_size > end)
371 return -EINVAL;
372
373 if (de_is_last(e))
374 return 0;
375
376 /* Skip already enumerated. */
377 if (vbo + off < pos)
378 continue;
379
380 if (le16_to_cpu(e->key_size) < SIZEOF_ATTRIBUTE_FILENAME)
381 return -EINVAL;
382
383 ctx->pos = vbo + off;
384
385 /* Submit the name to the filldir callback. */
386 if (!ntfs_dir_emit(sbi, ni, e, name, ctx)) {
387 /* ctx is full. */
388 return +1;
389 }
390 }
391 }
392
393 /*
394 * ntfs_readdir - file_operations::iterate_shared
395 *
396 * Use non sorted enumeration.
397 * We have an example of broken volume where sorted enumeration
398 * counts each name twice.
399 */
ntfs_readdir(struct file * file,struct dir_context * ctx)400 static int ntfs_readdir(struct file *file, struct dir_context *ctx)
401 {
402 const struct INDEX_ROOT *root;
403 u64 vbo;
404 size_t bit;
405 loff_t eod;
406 int err = 0;
407 struct inode *dir = file_inode(file);
408 struct ntfs_inode *ni = ntfs_i(dir);
409 struct super_block *sb = dir->i_sb;
410 struct ntfs_sb_info *sbi = sb->s_fs_info;
411 loff_t i_size = i_size_read(dir);
412 u32 pos = ctx->pos;
413 u8 *name = NULL;
414 struct indx_node *node = NULL;
415 u8 index_bits = ni->dir.index_bits;
416
417 /* Name is a buffer of PATH_MAX length. */
418 static_assert(NTFS_NAME_LEN * 4 < PATH_MAX);
419
420 eod = i_size + sbi->record_size;
421
422 if (pos >= eod)
423 return 0;
424
425 if (!dir_emit_dots(file, ctx))
426 return 0;
427
428 /* Allocate PATH_MAX bytes. */
429 name = __getname();
430 if (!name)
431 return -ENOMEM;
432
433 if (!ni->mi_loaded && ni->attr_list.size) {
434 /*
435 * Directory inode is locked for read.
436 * Load all subrecords to avoid 'write' access to 'ni' during
437 * directory reading.
438 */
439 ni_lock(ni);
440 if (!ni->mi_loaded && ni->attr_list.size) {
441 err = ni_load_all_mi(ni);
442 if (!err)
443 ni->mi_loaded = true;
444 }
445 ni_unlock(ni);
446 if (err)
447 goto out;
448 }
449
450 root = indx_get_root(&ni->dir, ni, NULL, NULL);
451 if (!root) {
452 err = -EINVAL;
453 goto out;
454 }
455
456 if (pos >= sbi->record_size) {
457 bit = (pos - sbi->record_size) >> index_bits;
458 } else {
459 err = ntfs_read_hdr(sbi, ni, &root->ihdr, 0, pos, name, ctx);
460 if (err)
461 goto out;
462 bit = 0;
463 }
464
465 if (!i_size) {
466 ctx->pos = eod;
467 goto out;
468 }
469
470 for (;;) {
471 vbo = (u64)bit << index_bits;
472 if (vbo >= i_size) {
473 ctx->pos = eod;
474 goto out;
475 }
476
477 err = indx_used_bit(&ni->dir, ni, &bit);
478 if (err)
479 goto out;
480
481 if (bit == MINUS_ONE_T) {
482 ctx->pos = eod;
483 goto out;
484 }
485
486 vbo = (u64)bit << index_bits;
487 if (vbo >= i_size) {
488 err = -EINVAL;
489 goto out;
490 }
491
492 err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits,
493 &node);
494 if (err)
495 goto out;
496
497 err = ntfs_read_hdr(sbi, ni, &node->index->ihdr,
498 vbo + sbi->record_size, pos, name, ctx);
499 if (err)
500 goto out;
501
502 bit += 1;
503 }
504
505 out:
506
507 __putname(name);
508 put_indx_node(node);
509
510 if (err == 1) {
511 /* 'ctx' is full. */
512 err = 0;
513 } else if (err == -ENOENT) {
514 err = 0;
515 ctx->pos = pos;
516 } else if (err < 0) {
517 if (err == -EINVAL)
518 _ntfs_bad_inode(dir);
519 ctx->pos = eod;
520 }
521
522 return err;
523 }
524
ntfs_dir_count(struct inode * dir,bool * is_empty,size_t * dirs,size_t * files)525 static int ntfs_dir_count(struct inode *dir, bool *is_empty, size_t *dirs,
526 size_t *files)
527 {
528 int err = 0;
529 struct ntfs_inode *ni = ntfs_i(dir);
530 struct NTFS_DE *e = NULL;
531 struct INDEX_ROOT *root;
532 struct INDEX_HDR *hdr;
533 const struct ATTR_FILE_NAME *fname;
534 u32 e_size, off, end;
535 size_t drs = 0, fles = 0, bit = 0;
536 struct indx_node *node = NULL;
537 size_t max_indx = i_size_read(&ni->vfs_inode) >> ni->dir.index_bits;
538
539 if (is_empty)
540 *is_empty = true;
541
542 root = indx_get_root(&ni->dir, ni, NULL, NULL);
543 if (!root)
544 return -EINVAL;
545
546 hdr = &root->ihdr;
547
548 for (;;) {
549 end = le32_to_cpu(hdr->used);
550 off = le32_to_cpu(hdr->de_off);
551
552 for (; off + sizeof(struct NTFS_DE) <= end; off += e_size) {
553 e = Add2Ptr(hdr, off);
554 e_size = le16_to_cpu(e->size);
555 if (e_size < sizeof(struct NTFS_DE) ||
556 off + e_size > end) {
557 /* Looks like corruption. */
558 break;
559 }
560
561 if (de_is_last(e))
562 break;
563
564 fname = de_get_fname(e);
565 if (!fname)
566 continue;
567
568 if (fname->type == FILE_NAME_DOS)
569 continue;
570
571 if (is_empty) {
572 *is_empty = false;
573 if (!dirs && !files)
574 goto out;
575 }
576
577 if (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY)
578 drs += 1;
579 else
580 fles += 1;
581 }
582
583 if (bit >= max_indx)
584 goto out;
585
586 err = indx_used_bit(&ni->dir, ni, &bit);
587 if (err)
588 goto out;
589
590 if (bit == MINUS_ONE_T)
591 goto out;
592
593 if (bit >= max_indx)
594 goto out;
595
596 err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits,
597 &node);
598 if (err)
599 goto out;
600
601 hdr = &node->index->ihdr;
602 bit += 1;
603 }
604
605 out:
606 put_indx_node(node);
607 if (dirs)
608 *dirs = drs;
609 if (files)
610 *files = fles;
611
612 return err;
613 }
614
dir_is_empty(struct inode * dir)615 bool dir_is_empty(struct inode *dir)
616 {
617 bool is_empty = false;
618
619 ntfs_dir_count(dir, &is_empty, NULL, NULL);
620
621 return is_empty;
622 }
623
624 // clang-format off
625 const struct file_operations ntfs_dir_operations = {
626 .llseek = generic_file_llseek,
627 .read = generic_read_dir,
628 .iterate_shared = ntfs_readdir,
629 .fsync = generic_file_fsync,
630 .open = ntfs_file_open,
631 .unlocked_ioctl = ntfs_ioctl,
632 #ifdef CONFIG_COMPAT
633 .compat_ioctl = ntfs_compat_ioctl,
634 #endif
635 };
636
637 #if IS_ENABLED(CONFIG_NTFS_FS)
638 const struct file_operations ntfs_legacy_dir_operations = {
639 .llseek = generic_file_llseek,
640 .read = generic_read_dir,
641 .iterate_shared = ntfs_readdir,
642 .open = ntfs_file_open,
643 };
644 #endif
645 // clang-format on
646