fs: udf: Replace GPL 2.0 boilerplate license notice with SPDX identifier The notice refers to full GPL 2.0 text on now defunct MIT FTP site [1]. Replace it with appropriate SPDX license identifier. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Pali Rohár <pali@kernel.org> Link: https://web.archive.org/web/20020809115410/ftp://prep.ai.mit.edu/pub/gnu/GPL [1] Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <20230522005434.22133-2-bagasdotme@gmail.com>
udf: Check consistency of Space Bitmap Descriptor Bits, which are related to Bitmap Descriptor logical blocks, are not reset when buffer headers are allocated for them. As the result, these logical blocks can be treated as free and be used for other blocks.This can cause usage of one buffer header for several types of data. UDF issues WARNING in this situation: WARNING: CPU: 0 PID: 2703 at fs/udf/inode.c:2014 __udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014 RIP: 0010:__udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014 Call Trace: udf_setup_indirect_aext+0x573/0x880 fs/udf/inode.c:1980 udf_add_aext+0x208/0x2e0 fs/udf/inode.c:2067 udf_insert_aext fs/udf/inode.c:2233 [inline] udf_update_extents fs/udf/inode.c:1181 [inline] inode_getblk+0x1981/0x3b70 fs/udf/inode.c:885 Found by Linux Verification Center (linuxtesting.org) with syzkaller. [JK: Somewhat cleaned up the boundary checks] Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Drop VARCONV support UDF was supporting a strange mode where the media was containing 7 blocks of unknown data for every 32 blocks of the filesystem. I have yet to see the media that would need such conversion (maybe it comes from packet writing times) and the conversions have been inconsistent in the code. In particular any write will write to a wrong block and corrupt the media. This is an indication and no user actually needs this so let's just drop the support instead of trying to fix it. Signed-off-by: Jan Kara <jack@suse.cz>
treewide: Remove uninitialized_var() usage Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org>
udf: prevent allocation beyond UDF partition The UDF bitmap allocation code assumes that a recorded Unallocated Space Bitmap is compliant with ECMA-167 4/13, which requires that pad bytes between the end of the bitmap and the end of a logical block are all zero. When a recorded bitmap does not comply with this requirement, for example one padded with FF to the block boundary instead of 00, the allocator may "allocate" blocks that are outside the UDF partition extent. This can result in UDF volume descriptors being overwritten by file data or by partition-level descriptors, and in extreme cases, even in scribbling on a subsequent disk partition. Add a check that the block selected by the allocator actually resides within the UDF partition extent. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/1564341552-129750-1-git-send-email-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz>
udf: Drop freed bitmap / table support We don't support Free Space Table and Free Space Bitmap as specified by UDF standard for writing as we don't support erasing blocks before overwriting them. Just drop the handling of these structures as partition descriptor checking code already makes sure such filesystems can be mounted only read-only. Signed-off-by: Jan Kara <jack@suse.cz>
udf: remove unused variables group_start and nr_groups Variables group_start and nr_groups are being assigned but are never used hence they are redundant and can be removed. Cleans up clang warning: variable 'group_start' set but not used [-Wunused-but-set-variable] variable 'nr_groups' set but not used [-Wunused-but-set-variable] Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Drop unused arguments of udf_delete_aext() udf_delete_aext() uses its last two arguments only as local variables. Drop them. Signed-off-by: Jan Kara <jack@suse.cz>
udf: Fix signed/unsigned format specifiers Fix problems noted in compilion with -Wformat=2 -Wformat-signedness. In particular, a mismatch between the signedness of a value and the signedness of its format specifier can result in unsigned values being printed as negative numbers, e.g.: Partition (0 type 1511) starts at physical 460, block length -1779968542 ...which occurs when mounting a large (> 1 TiB) UDF partition. Changes since V1: * Fixed additional issues noted in udf_bitmap_free_blocks(), udf_get_fileident(), udf_show_options() Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Fix 64-bit sign extension issues affecting blocks > 0x7FFFFFFF Large (> 1 TiB) UDF filesystems appear subject to several problems when mounted on 64-bit systems: * readdir() can fail on a directory containing File Identifiers residing above 0x7FFFFFFF. This manifests as a 'ls' command failing with EIO. * FIBMAP on a file block located above 0x7FFFFFFF can return a negative value. The low 32 bits are correct, but applications that don't mask the high 32 bits of the result can perform incorrectly. Per suggestion by Jan Kara, introduce a udf_pblk_t type for representation of UDF block addresses. Ultimately, all driver functions that manipulate UDF block addresses should use this type; for now, deployment is limited to functions with actual or potential sign extension issues. Changes to udf_readdir() and udf_block_map() address the issues noted above; other changes address potential similar issues uncovered during audit of the driver code. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Factor out code for creating indirect extent Factor out code for creating indirect extent from udf_add_aext(). It was mostly duplicated in two places. Also remove some opencoded versions of udf_write_aext(). Signed-off-by: Jan Kara <jack@suse.cz>
udf: use int for allocated blocks instead of sector_t Fix the following warnings: fs/udf/balloc.c:768:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:773:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:778:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_bitmap_prealloc_blocks(sb, ^ fs/udf/balloc.c:783:15: warning: conversion to 'sector_t' from 'int' may change the sign of the result [-Wsign-conversion] allocated = udf_table_prealloc_blocks(sb, ^ fs/udf/balloc.c:791:26: warning: conversion to 'loff_t' from 'sector_t' may change the sign of the result [-Wsign-conversion] inode_add_bytes(inode, allocated << sb->s_blocksize_bits); ^ fs/udf/balloc.c:792:2: warning: conversion to 'int' from 'sector_t' may alter its value [-Wconversion] return allocated; Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
udf: remove redundant buffer_head.h includes buffer_head.h was already included in udfdecl.h Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
udf: remove else after return in __load_block_bitmap() else after return is not needed. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
udf: remove unused variable in udf_table_free_blocks() Fix set but not used warning. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Fix handling of i_blocks Commit 36350462 removed unused quota support from UDF. As an unfortunate sideeffect it also removed updates of i_blocks so all files had i_block == 0. Fix the problem by returning updates of file space back to UDF allocation and freeing functions. Signed-off-by: Jan Kara <jack@suse.cz>
udf: Neaten udf_debug uses Just whitespace and argument alignment. Introduce some checkpatch warnings that deserve to be ignored. Reviewed-by: NamJae Jeon <linkinjeon@gmail.com> Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jan Kara <jack@suse.cz>
udf: use little-endian bitops As a preparation for removing ext2 non-atomic bit operations from asm/bitops.h. This converts ext2 non-atomic bit operations to little-endian bit operations. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
UDF: Fix compiler warning Fix compiler warning fs/udf/balloc.c: In function 'udf_bitmap_new_block': fs/udf/balloc.c:273: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:285: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:311: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type fs/udf/balloc.c:325: warning: passing argument 1 of '_find_next_bit_le' from incompatible pointer type The main fix is to add a cast in ext2_find_next_bit(). As all other usage locations of udf_find_next_one_bit() directly use bh->b_data (which is a char *), the useless (char *) cast in line 311 can be removed, too. Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com> Signed-off-by: George G. Davis <gdavis@mvista.com> Signed-off-by: Jan Kara <jack@suse.cz>
udf: Call udf_add_free_space() for more blocks at once in udf_free_blocks() There's no need to call udf_add_free_space() for one block at a time. It saves us noticeable amount of work and yields different result from the original code only if the filesystem is corrupted and bitmap bit is already cleared. In such case counter of free blocks is probably wrong anyways so the change does not matter. Signed-off-by: Jan Kara <jack@suse.cz>