linux-stable/fs/hfsplus/attributes.c
Hin-Tak Leung bf29e886b2 hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes
HFSPLUS_ATTR_MAX_STRLEN (=127) is the limit of attribute names for the
number of unicode character (UTF-16BE) storable in the HFS+ file system.
Almost all the current usage of it is wrong, in relation to NLS to
on-disk conversion.

Except for one use calling hfsplus_asc2uni (which should stay the same)
and its uses in calling hfsplus_uni2asc (which was corrected in the
earlier patch in this series concerning usage of hfsplus_uni2asc), all
the other uses are of the forms:

- char buffer[size]

- bound check: "if (namespace_adjusted_input_length > size) return failure;"

Conversion between on-disk unicode representation and NLS char strings
(in whichever direction) always needs to accommodate the worst-case NLS
conversion, so all char buffers of that size need to have a
NLS_MAX_CHARSET_SIZE x .

The bound checks are all wrong, since they compare nls_length derived
from strlen() to a unicode length limit.

It turns out that all the bound-checks do is to protect
hfsplus_asc2uni(), which can fail if the input is too large.

There is only one usage of it as far as attributes are concerned, in
hfsplus_attr_build_key().  It is in turn used by hfsplus_find_attr(),
hfsplus_create_attr(), hfsplus_delete_attr().  Thus making sure that
errors from hfsplus_asc2uni() is caught in hfsplus_attr_build_key() and
propagated is sufficient to replace all the bound checks.

Unpropagated errors from hfsplus_asc2uni() in the file catalog code was
addressed recently in an independent patch "hfsplus: fix longname
handling" by Sougata Santra.

Before this patch, trying to set a 55 CJK character (in a UTF-8 locale,
> 127/3=42) attribute plus user prefix fails with:

    $ setfattr -n user.`cat testing-string` -v `cat testing-string` \
        testing-string
    setfattr: testing-string: Operation not supported

and retrieving a stored long attributes is particular ugly(!):

    find /mnt/* -type f -exec getfattr -d {} \;
    getfattr: /mnt/testing-string: Input/output error

with console log:
    [268008.389781] hfsplus: unicode conversion failed

After the patch, both of the above works.

FYI, the test attribute string is prepared with:

echo -e -n \
"\xe9\x80\x99\xe6\x98\xaf\xe4\xb8\x80\xe5\x80\x8b\xe9\x9d\x9e\xe5" \
"\xb8\xb8\xe6\xbc\xab\xe9\x95\xb7\xe8\x80\x8c\xe6\xa5\xb5\xe5\x85" \
"\xb6\xe4\xb9\x8f\xe5\x91\xb3\xe5\x92\x8c\xe7\x9b\xb8\xe7\x95\xb6" \
"\xe7\x84\xa1\xe8\xb6\xa3\xe3\x80\x81\xe4\xbb\xa5\xe5\x8f\x8a\xe7" \
"\x84\xa1\xe7\x94\xa8\xe7\x9a\x84\xe3\x80\x81\xe5\x86\x8d\xe5\x8a" \
"\xa0\xe4\xb8\x8a\xe6\xaf\xab\xe7\x84\xa1\xe6\x84\x8f\xe7\xbe\xa9" \
"\xe7\x9a\x84\xe6\x93\xb4\xe5\xb1\x95\xe5\xb1\xac\xe6\x80\xa7\xef" \
"\xbc\x8c\xe8\x80\x8c\xe5\x85\xb6\xe5\x94\xaf\xe4\xb8\x80\xe5\x89" \
"\xb5\xe5\xbb\xba\xe7\x9b\xae\xe7\x9a\x84\xe5\x83\x85\xe6\x98\xaf" \
"\xe7\x82\xba\xe4\xba\x86\xe6\xb8\xac\xe8\xa9\xa6\xe4\xbd\x9c\xe7" \
"\x94\xa8\xe3\x80\x82" | tr -d ' '

(= "pointlessly long attribute for testing", elaborate Chinese in
UTF-8 enoding).

However, it is not possible to set double the size (110 + 5 is still
under 127) in a UTF-8 locale:

    $setfattr -n user.`cat testing-string testing-string` -v \
        `cat testing-string testing-string` testing-string
    setfattr: testing-string: Numerical result out of range

110 CJK char in UTF-8 is 330 bytes - the generic get/set attribute
system call code in linux/fs/xattr.c imposes a 255 byte limit.  One can
use a combination of iconv to encode content, changing terminal locale
for viewing, and an nls=cp932/cp936/cp949/cp950 mount option to fully
use 127-unicode attribute in a double-byte locale.

Also, as an additional information, it is possible to (mis-)use unicode
half-width/full-width forms (U+FFxx) to write attributes which looks
like english but not actually ascii.

Thanks Anton Altaparmakov for reviewing the earlier ideas behind this
change.

[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: fix build]
Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Vyacheslav Dubeyko <slava@dubeyko.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Sougata Santra <sougata@tuxera.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-06-06 16:08:09 -07:00

397 lines
9.0 KiB
C

/*
* linux/fs/hfsplus/attributes.c
*
* Vyacheslav Dubeyko <slava@dubeyko.com>
*
* Handling of records in attributes tree
*/
#include "hfsplus_fs.h"
#include "hfsplus_raw.h"
static struct kmem_cache *hfsplus_attr_tree_cachep;
int __init hfsplus_create_attr_tree_cache(void)
{
if (hfsplus_attr_tree_cachep)
return -EEXIST;
hfsplus_attr_tree_cachep =
kmem_cache_create("hfsplus_attr_cache",
sizeof(hfsplus_attr_entry), 0,
SLAB_HWCACHE_ALIGN, NULL);
if (!hfsplus_attr_tree_cachep)
return -ENOMEM;
return 0;
}
void hfsplus_destroy_attr_tree_cache(void)
{
kmem_cache_destroy(hfsplus_attr_tree_cachep);
}
int hfsplus_attr_bin_cmp_key(const hfsplus_btree_key *k1,
const hfsplus_btree_key *k2)
{
__be32 k1_cnid, k2_cnid;
k1_cnid = k1->attr.cnid;
k2_cnid = k2->attr.cnid;
if (k1_cnid != k2_cnid)
return be32_to_cpu(k1_cnid) < be32_to_cpu(k2_cnid) ? -1 : 1;
return hfsplus_strcmp(
(const struct hfsplus_unistr *)&k1->attr.key_name,
(const struct hfsplus_unistr *)&k2->attr.key_name);
}
int hfsplus_attr_build_key(struct super_block *sb, hfsplus_btree_key *key,
u32 cnid, const char *name)
{
int len;
memset(key, 0, sizeof(struct hfsplus_attr_key));
key->attr.cnid = cpu_to_be32(cnid);
if (name) {
int res = hfsplus_asc2uni(sb,
(struct hfsplus_unistr *)&key->attr.key_name,
HFSPLUS_ATTR_MAX_STRLEN, name, strlen(name));
if (res)
return res;
len = be16_to_cpu(key->attr.key_name.length);
} else {
key->attr.key_name.length = 0;
len = 0;
}
/* The length of the key, as stored in key_len field, does not include
* the size of the key_len field itself.
* So, offsetof(hfsplus_attr_key, key_name) is a trick because
* it takes into consideration key_len field (__be16) of
* hfsplus_attr_key structure instead of length field (__be16) of
* hfsplus_attr_unistr structure.
*/
key->key_len =
cpu_to_be16(offsetof(struct hfsplus_attr_key, key_name) +
2 * len);
return 0;
}
void hfsplus_attr_build_key_uni(hfsplus_btree_key *key,
u32 cnid,
struct hfsplus_attr_unistr *name)
{
int ustrlen;
memset(key, 0, sizeof(struct hfsplus_attr_key));
ustrlen = be16_to_cpu(name->length);
key->attr.cnid = cpu_to_be32(cnid);
key->attr.key_name.length = cpu_to_be16(ustrlen);
ustrlen *= 2;
memcpy(key->attr.key_name.unicode, name->unicode, ustrlen);
/* The length of the key, as stored in key_len field, does not include
* the size of the key_len field itself.
* So, offsetof(hfsplus_attr_key, key_name) is a trick because
* it takes into consideration key_len field (__be16) of
* hfsplus_attr_key structure instead of length field (__be16) of
* hfsplus_attr_unistr structure.
*/
key->key_len =
cpu_to_be16(offsetof(struct hfsplus_attr_key, key_name) +
ustrlen);
}
hfsplus_attr_entry *hfsplus_alloc_attr_entry(void)
{
return kmem_cache_alloc(hfsplus_attr_tree_cachep, GFP_KERNEL);
}
void hfsplus_destroy_attr_entry(hfsplus_attr_entry *entry)
{
if (entry)
kmem_cache_free(hfsplus_attr_tree_cachep, entry);
}
#define HFSPLUS_INVALID_ATTR_RECORD -1
static int hfsplus_attr_build_record(hfsplus_attr_entry *entry, int record_type,
u32 cnid, const void *value, size_t size)
{
if (record_type == HFSPLUS_ATTR_FORK_DATA) {
/*
* Mac OS X supports only inline data attributes.
* Do nothing
*/
memset(entry, 0, sizeof(*entry));
return sizeof(struct hfsplus_attr_fork_data);
} else if (record_type == HFSPLUS_ATTR_EXTENTS) {
/*
* Mac OS X supports only inline data attributes.
* Do nothing.
*/
memset(entry, 0, sizeof(*entry));
return sizeof(struct hfsplus_attr_extents);
} else if (record_type == HFSPLUS_ATTR_INLINE_DATA) {
u16 len;
memset(entry, 0, sizeof(struct hfsplus_attr_inline_data));
entry->inline_data.record_type = cpu_to_be32(record_type);
if (size <= HFSPLUS_MAX_INLINE_DATA_SIZE)
len = size;
else
return HFSPLUS_INVALID_ATTR_RECORD;
entry->inline_data.length = cpu_to_be16(len);
memcpy(entry->inline_data.raw_bytes, value, len);
/*
* Align len on two-byte boundary.
* It needs to add pad byte if we have odd len.
*/
len = round_up(len, 2);
return offsetof(struct hfsplus_attr_inline_data, raw_bytes) +
len;
} else /* invalid input */
memset(entry, 0, sizeof(*entry));
return HFSPLUS_INVALID_ATTR_RECORD;
}
int hfsplus_find_attr(struct super_block *sb, u32 cnid,
const char *name, struct hfs_find_data *fd)
{
int err = 0;
hfs_dbg(ATTR_MOD, "find_attr: %s,%d\n", name ? name : NULL, cnid);
if (!HFSPLUS_SB(sb)->attr_tree) {
pr_err("attributes file doesn't exist\n");
return -EINVAL;
}
if (name) {
err = hfsplus_attr_build_key(sb, fd->search_key, cnid, name);
if (err)
goto failed_find_attr;
err = hfs_brec_find(fd, hfs_find_rec_by_key);
if (err)
goto failed_find_attr;
} else {
err = hfsplus_attr_build_key(sb, fd->search_key, cnid, NULL);
if (err)
goto failed_find_attr;
err = hfs_brec_find(fd, hfs_find_1st_rec_by_cnid);
if (err)
goto failed_find_attr;
}
failed_find_attr:
return err;
}
int hfsplus_attr_exists(struct inode *inode, const char *name)
{
int err = 0;
struct super_block *sb = inode->i_sb;
struct hfs_find_data fd;
if (!HFSPLUS_SB(sb)->attr_tree)
return 0;
err = hfs_find_init(HFSPLUS_SB(sb)->attr_tree, &fd);
if (err)
return 0;
err = hfsplus_find_attr(sb, inode->i_ino, name, &fd);
if (err)
goto attr_not_found;
hfs_find_exit(&fd);
return 1;
attr_not_found:
hfs_find_exit(&fd);
return 0;
}
int hfsplus_create_attr(struct inode *inode,
const char *name,
const void *value, size_t size)
{
struct super_block *sb = inode->i_sb;
struct hfs_find_data fd;
hfsplus_attr_entry *entry_ptr;
int entry_size;
int err;
hfs_dbg(ATTR_MOD, "create_attr: %s,%ld\n",
name ? name : NULL, inode->i_ino);
if (!HFSPLUS_SB(sb)->attr_tree) {
pr_err("attributes file doesn't exist\n");
return -EINVAL;
}
entry_ptr = hfsplus_alloc_attr_entry();
if (!entry_ptr)
return -ENOMEM;
err = hfs_find_init(HFSPLUS_SB(sb)->attr_tree, &fd);
if (err)
goto failed_init_create_attr;
if (name) {
err = hfsplus_attr_build_key(sb, fd.search_key,
inode->i_ino, name);
if (err)
goto failed_create_attr;
} else {
err = -EINVAL;
goto failed_create_attr;
}
/* Mac OS X supports only inline data attributes. */
entry_size = hfsplus_attr_build_record(entry_ptr,
HFSPLUS_ATTR_INLINE_DATA,
inode->i_ino,
value, size);
if (entry_size == HFSPLUS_INVALID_ATTR_RECORD) {
err = -EINVAL;
goto failed_create_attr;
}
err = hfs_brec_find(&fd, hfs_find_rec_by_key);
if (err != -ENOENT) {
if (!err)
err = -EEXIST;
goto failed_create_attr;
}
err = hfs_brec_insert(&fd, entry_ptr, entry_size);
if (err)
goto failed_create_attr;
hfsplus_mark_inode_dirty(inode, HFSPLUS_I_ATTR_DIRTY);
failed_create_attr:
hfs_find_exit(&fd);
failed_init_create_attr:
hfsplus_destroy_attr_entry(entry_ptr);
return err;
}
static int __hfsplus_delete_attr(struct inode *inode, u32 cnid,
struct hfs_find_data *fd)
{
int err = 0;
__be32 found_cnid, record_type;
hfs_bnode_read(fd->bnode, &found_cnid,
fd->keyoffset +
offsetof(struct hfsplus_attr_key, cnid),
sizeof(__be32));
if (cnid != be32_to_cpu(found_cnid))
return -ENOENT;
hfs_bnode_read(fd->bnode, &record_type,
fd->entryoffset, sizeof(record_type));
switch (be32_to_cpu(record_type)) {
case HFSPLUS_ATTR_INLINE_DATA:
/* All is OK. Do nothing. */
break;
case HFSPLUS_ATTR_FORK_DATA:
case HFSPLUS_ATTR_EXTENTS:
pr_err("only inline data xattr are supported\n");
return -EOPNOTSUPP;
default:
pr_err("invalid extended attribute record\n");
return -ENOENT;
}
err = hfs_brec_remove(fd);
if (err)
return err;
hfsplus_mark_inode_dirty(inode, HFSPLUS_I_ATTR_DIRTY);
return err;
}
int hfsplus_delete_attr(struct inode *inode, const char *name)
{
int err = 0;
struct super_block *sb = inode->i_sb;
struct hfs_find_data fd;
hfs_dbg(ATTR_MOD, "delete_attr: %s,%ld\n",
name ? name : NULL, inode->i_ino);
if (!HFSPLUS_SB(sb)->attr_tree) {
pr_err("attributes file doesn't exist\n");
return -EINVAL;
}
err = hfs_find_init(HFSPLUS_SB(sb)->attr_tree, &fd);
if (err)
return err;
if (name) {
err = hfsplus_attr_build_key(sb, fd.search_key,
inode->i_ino, name);
if (err)
goto out;
} else {
pr_err("invalid extended attribute name\n");
err = -EINVAL;
goto out;
}
err = hfs_brec_find(&fd, hfs_find_rec_by_key);
if (err)
goto out;
err = __hfsplus_delete_attr(inode, inode->i_ino, &fd);
if (err)
goto out;
out:
hfs_find_exit(&fd);
return err;
}
int hfsplus_delete_all_attrs(struct inode *dir, u32 cnid)
{
int err = 0;
struct hfs_find_data fd;
hfs_dbg(ATTR_MOD, "delete_all_attrs: %d\n", cnid);
if (!HFSPLUS_SB(dir->i_sb)->attr_tree) {
pr_err("attributes file doesn't exist\n");
return -EINVAL;
}
err = hfs_find_init(HFSPLUS_SB(dir->i_sb)->attr_tree, &fd);
if (err)
return err;
for (;;) {
err = hfsplus_find_attr(dir->i_sb, cnid, NULL, &fd);
if (err) {
if (err != -ENOENT)
pr_err("xattr search failed\n");
goto end_delete_all;
}
err = __hfsplus_delete_attr(dir, cnid, &fd);
if (err)
goto end_delete_all;
}
end_delete_all:
hfs_find_exit(&fd);
return err;
}