1  // SPDX-License-Identifier: GPL-2.0
2  /*
3   *
4   * Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
5   *
6   *  Directory handling functions for NTFS-based filesystems.
7   *
8   */
9  
10  #include <linux/fs.h>
11  #include <linux/nls.h>
12  
13  #include "debug.h"
14  #include "ntfs.h"
15  #include "ntfs_fs.h"
16  
17  /* Convert little endian UTF-16 to NLS string. */
ntfs_utf16_to_nls(struct ntfs_sb_info * sbi,const __le16 * name,u32 len,u8 * buf,int buf_len)18  int ntfs_utf16_to_nls(struct ntfs_sb_info *sbi, const __le16 *name, u32 len,
19  		      u8 *buf, int buf_len)
20  {
21  	int ret, warn;
22  	u8 *op;
23  	struct nls_table *nls = sbi->options->nls;
24  
25  	static_assert(sizeof(wchar_t) == sizeof(__le16));
26  
27  	if (!nls) {
28  		/* UTF-16 -> UTF-8 */
29  		ret = utf16s_to_utf8s((wchar_t *)name, len, UTF16_LITTLE_ENDIAN,
30  				      buf, buf_len);
31  		buf[ret] = '\0';
32  		return ret;
33  	}
34  
35  	op = buf;
36  	warn = 0;
37  
38  	while (len--) {
39  		u16 ec;
40  		int charlen;
41  		char dump[5];
42  
43  		if (buf_len < NLS_MAX_CHARSET_SIZE) {
44  			ntfs_warn(sbi->sb,
45  				  "filename was truncated while converting.");
46  			break;
47  		}
48  
49  		ec = le16_to_cpu(*name++);
50  		charlen = nls->uni2char(ec, op, buf_len);
51  
52  		if (charlen > 0) {
53  			op += charlen;
54  			buf_len -= charlen;
55  			continue;
56  		}
57  
58  		*op++ = '_';
59  		buf_len -= 1;
60  		if (warn)
61  			continue;
62  
63  		warn = 1;
64  		hex_byte_pack(&dump[0], ec >> 8);
65  		hex_byte_pack(&dump[2], ec);
66  		dump[4] = 0;
67  
68  		ntfs_err(sbi->sb, "failed to convert \"%s\" to %s", dump,
69  			 nls->charset);
70  	}
71  
72  	*op = '\0';
73  	return op - buf;
74  }
75  
76  // clang-format off
77  #define PLANE_SIZE	0x00010000
78  
79  #define SURROGATE_PAIR	0x0000d800
80  #define SURROGATE_LOW	0x00000400
81  #define SURROGATE_BITS	0x000003ff
82  // clang-format on
83  
84  /*
85   * put_utf16 - Modified version of put_utf16 from fs/nls/nls_base.c
86   *
87   * Function is sparse warnings free.
88   */
put_utf16(wchar_t * s,unsigned int c,enum utf16_endian endian)89  static inline void put_utf16(wchar_t *s, unsigned int c,
90  			     enum utf16_endian endian)
91  {
92  	static_assert(sizeof(wchar_t) == sizeof(__le16));
93  	static_assert(sizeof(wchar_t) == sizeof(__be16));
94  
95  	switch (endian) {
96  	default:
97  		*s = (wchar_t)c;
98  		break;
99  	case UTF16_LITTLE_ENDIAN:
100  		*(__le16 *)s = __cpu_to_le16(c);
101  		break;
102  	case UTF16_BIG_ENDIAN:
103  		*(__be16 *)s = __cpu_to_be16(c);
104  		break;
105  	}
106  }
107  
108  /*
109   * _utf8s_to_utf16s
110   *
111   * Modified version of 'utf8s_to_utf16s' allows to
112   * detect -ENAMETOOLONG without writing out of expected maximum.
113   */
_utf8s_to_utf16s(const u8 * s,int inlen,enum utf16_endian endian,wchar_t * pwcs,int maxout)114  static int _utf8s_to_utf16s(const u8 *s, int inlen, enum utf16_endian endian,
115  			    wchar_t *pwcs, int maxout)
116  {
117  	u16 *op;
118  	int size;
119  	unicode_t u;
120  
121  	op = pwcs;
122  	while (inlen > 0 && *s) {
123  		if (*s & 0x80) {
124  			size = utf8_to_utf32(s, inlen, &u);
125  			if (size < 0)
126  				return -EINVAL;
127  			s += size;
128  			inlen -= size;
129  
130  			if (u >= PLANE_SIZE) {
131  				if (maxout < 2)
132  					return -ENAMETOOLONG;
133  
134  				u -= PLANE_SIZE;
135  				put_utf16(op++,
136  					  SURROGATE_PAIR |
137  						  ((u >> 10) & SURROGATE_BITS),
138  					  endian);
139  				put_utf16(op++,
140  					  SURROGATE_PAIR | SURROGATE_LOW |
141  						  (u & SURROGATE_BITS),
142  					  endian);
143  				maxout -= 2;
144  			} else {
145  				if (maxout < 1)
146  					return -ENAMETOOLONG;
147  
148  				put_utf16(op++, u, endian);
149  				maxout--;
150  			}
151  		} else {
152  			if (maxout < 1)
153  				return -ENAMETOOLONG;
154  
155  			put_utf16(op++, *s++, endian);
156  			inlen--;
157  			maxout--;
158  		}
159  	}
160  	return op - pwcs;
161  }
162  
163  /*
164   * ntfs_nls_to_utf16 - Convert input string to UTF-16.
165   * @name:	Input name.
166   * @name_len:	Input name length.
167   * @uni:	Destination memory.
168   * @max_ulen:	Destination memory.
169   * @endian:	Endian of target UTF-16 string.
170   *
171   * This function is called:
172   * - to create NTFS name
173   * - to create symlink
174   *
175   * Return: UTF-16 string length or error (if negative).
176   */
ntfs_nls_to_utf16(struct ntfs_sb_info * sbi,const u8 * name,u32 name_len,struct cpu_str * uni,u32 max_ulen,enum utf16_endian endian)177  int ntfs_nls_to_utf16(struct ntfs_sb_info *sbi, const u8 *name, u32 name_len,
178  		      struct cpu_str *uni, u32 max_ulen,
179  		      enum utf16_endian endian)
180  {
181  	int ret, slen;
182  	const u8 *end;
183  	struct nls_table *nls = sbi->options->nls;
184  	u16 *uname = uni->name;
185  
186  	static_assert(sizeof(wchar_t) == sizeof(u16));
187  
188  	if (!nls) {
189  		/* utf8 -> utf16 */
190  		ret = _utf8s_to_utf16s(name, name_len, endian, uname, max_ulen);
191  		uni->len = ret;
192  		return ret;
193  	}
194  
195  	for (ret = 0, end = name + name_len; name < end; ret++, name += slen) {
196  		if (ret >= max_ulen)
197  			return -ENAMETOOLONG;
198  
199  		slen = nls->char2uni(name, end - name, uname + ret);
200  		if (!slen)
201  			return -EINVAL;
202  		if (slen < 0)
203  			return slen;
204  	}
205  
206  #ifdef __BIG_ENDIAN
207  	if (endian == UTF16_LITTLE_ENDIAN) {
208  		int i = ret;
209  
210  		while (i--) {
211  			__cpu_to_le16s(uname);
212  			uname++;
213  		}
214  	}
215  #else
216  	if (endian == UTF16_BIG_ENDIAN) {
217  		int i = ret;
218  
219  		while (i--) {
220  			__cpu_to_be16s(uname);
221  			uname++;
222  		}
223  	}
224  #endif
225  
226  	uni->len = ret;
227  	return ret;
228  }
229  
230  /*
231   * dir_search_u - Helper function.
232   */
dir_search_u(struct inode * dir,const struct cpu_str * uni,struct ntfs_fnd * fnd)233  struct inode *dir_search_u(struct inode *dir, const struct cpu_str *uni,
234  			   struct ntfs_fnd *fnd)
235  {
236  	int err = 0;
237  	struct super_block *sb = dir->i_sb;
238  	struct ntfs_sb_info *sbi = sb->s_fs_info;
239  	struct ntfs_inode *ni = ntfs_i(dir);
240  	struct NTFS_DE *e;
241  	int diff;
242  	struct inode *inode = NULL;
243  	struct ntfs_fnd *fnd_a = NULL;
244  
245  	if (!fnd) {
246  		fnd_a = fnd_get();
247  		if (!fnd_a) {
248  			err = -ENOMEM;
249  			goto out;
250  		}
251  		fnd = fnd_a;
252  	}
253  
254  	err = indx_find(&ni->dir, ni, NULL, uni, 0, sbi, &diff, &e, fnd);
255  
256  	if (err)
257  		goto out;
258  
259  	if (diff) {
260  		err = -ENOENT;
261  		goto out;
262  	}
263  
264  	inode = ntfs_iget5(sb, &e->ref, uni);
265  	if (!IS_ERR(inode) && is_bad_inode(inode)) {
266  		iput(inode);
267  		err = -EINVAL;
268  	}
269  out:
270  	fnd_put(fnd_a);
271  
272  	return err == -ENOENT ? NULL : err ? ERR_PTR(err) : inode;
273  }
274  
275  /*
276   * returns false if 'ctx' if full
277   */
ntfs_dir_emit(struct ntfs_sb_info * sbi,struct ntfs_inode * ni,const struct NTFS_DE * e,u8 * name,struct dir_context * ctx)278  static inline bool ntfs_dir_emit(struct ntfs_sb_info *sbi,
279  				 struct ntfs_inode *ni, const struct NTFS_DE *e,
280  				 u8 *name, struct dir_context *ctx)
281  {
282  	const struct ATTR_FILE_NAME *fname;
283  	unsigned long ino;
284  	int name_len;
285  	u32 dt_type;
286  
287  	fname = Add2Ptr(e, sizeof(struct NTFS_DE));
288  
289  	if (fname->type == FILE_NAME_DOS)
290  		return true;
291  
292  	if (!mi_is_ref(&ni->mi, &fname->home))
293  		return true;
294  
295  	ino = ino_get(&e->ref);
296  
297  	if (ino == MFT_REC_ROOT)
298  		return true;
299  
300  	/* Skip meta files. Unless option to show metafiles is set. */
301  	if (!sbi->options->showmeta && ntfs_is_meta_file(sbi, ino))
302  		return true;
303  
304  	if (sbi->options->nohidden && (fname->dup.fa & FILE_ATTRIBUTE_HIDDEN))
305  		return true;
306  
307  	name_len = ntfs_utf16_to_nls(sbi, fname->name, fname->name_len, name,
308  				     PATH_MAX);
309  	if (name_len <= 0) {
310  		ntfs_warn(sbi->sb, "failed to convert name for inode %lx.",
311  			  ino);
312  		return true;
313  	}
314  
315  	/*
316  	 * NTFS: symlinks are "dir + reparse" or "file + reparse"
317  	 * Unfortunately reparse attribute is used for many purposes (several dozens).
318  	 * It is not possible here to know is this name symlink or not.
319  	 * To get exactly the type of name we should to open inode (read mft).
320  	 * getattr for opened file (fstat) correctly returns symlink.
321  	 */
322  	dt_type = (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY) ? DT_DIR : DT_REG;
323  
324  	/*
325  	 * It is not reliable to detect the type of name using duplicated information
326  	 * stored in parent directory.
327  	 * The only correct way to get the type of name - read MFT record and find ATTR_STD.
328  	 * The code below is not good idea.
329  	 * It does additional locks/reads just to get the type of name.
330  	 * Should we use additional mount option to enable branch below?
331  	 */
332  	if (((fname->dup.fa & FILE_ATTRIBUTE_REPARSE_POINT) ||
333  	     fname->dup.ea_size) &&
334  	    ino != ni->mi.rno) {
335  		struct inode *inode = ntfs_iget5(sbi->sb, &e->ref, NULL);
336  		if (!IS_ERR_OR_NULL(inode)) {
337  			dt_type = fs_umode_to_dtype(inode->i_mode);
338  			iput(inode);
339  		}
340  	}
341  
342  	return dir_emit(ctx, (s8 *)name, name_len, ino, dt_type);
343  }
344  
345  /*
346   * ntfs_read_hdr - Helper function for ntfs_readdir().
347   *
348   * returns 0 if ok.
349   * returns -EINVAL if directory is corrupted.
350   * returns +1 if 'ctx' is full.
351   */
ntfs_read_hdr(struct ntfs_sb_info * sbi,struct ntfs_inode * ni,const struct INDEX_HDR * hdr,u64 vbo,u64 pos,u8 * name,struct dir_context * ctx)352  static int ntfs_read_hdr(struct ntfs_sb_info *sbi, struct ntfs_inode *ni,
353  			 const struct INDEX_HDR *hdr, u64 vbo, u64 pos,
354  			 u8 *name, struct dir_context *ctx)
355  {
356  	const struct NTFS_DE *e;
357  	u32 e_size;
358  	u32 end = le32_to_cpu(hdr->used);
359  	u32 off = le32_to_cpu(hdr->de_off);
360  
361  	for (;; off += e_size) {
362  		if (off + sizeof(struct NTFS_DE) > end)
363  			return -EINVAL;
364  
365  		e = Add2Ptr(hdr, off);
366  		e_size = le16_to_cpu(e->size);
367  		if (e_size < sizeof(struct NTFS_DE) || off + e_size > end)
368  			return -EINVAL;
369  
370  		if (de_is_last(e))
371  			return 0;
372  
373  		/* Skip already enumerated. */
374  		if (vbo + off < pos)
375  			continue;
376  
377  		if (le16_to_cpu(e->key_size) < SIZEOF_ATTRIBUTE_FILENAME)
378  			return -EINVAL;
379  
380  		ctx->pos = vbo + off;
381  
382  		/* Submit the name to the filldir callback. */
383  		if (!ntfs_dir_emit(sbi, ni, e, name, ctx)) {
384  			/* ctx is full. */
385  			return +1;
386  		}
387  	}
388  }
389  
390  /*
391   * ntfs_readdir - file_operations::iterate_shared
392   *
393   * Use non sorted enumeration.
394   * We have an example of broken volume where sorted enumeration
395   * counts each name twice.
396   */
ntfs_readdir(struct file * file,struct dir_context * ctx)397  static int ntfs_readdir(struct file *file, struct dir_context *ctx)
398  {
399  	const struct INDEX_ROOT *root;
400  	u64 vbo;
401  	size_t bit;
402  	loff_t eod;
403  	int err = 0;
404  	struct inode *dir = file_inode(file);
405  	struct ntfs_inode *ni = ntfs_i(dir);
406  	struct super_block *sb = dir->i_sb;
407  	struct ntfs_sb_info *sbi = sb->s_fs_info;
408  	loff_t i_size = i_size_read(dir);
409  	u32 pos = ctx->pos;
410  	u8 *name = NULL;
411  	struct indx_node *node = NULL;
412  	u8 index_bits = ni->dir.index_bits;
413  
414  	/* Name is a buffer of PATH_MAX length. */
415  	static_assert(NTFS_NAME_LEN * 4 < PATH_MAX);
416  
417  	eod = i_size + sbi->record_size;
418  
419  	if (pos >= eod)
420  		return 0;
421  
422  	if (!dir_emit_dots(file, ctx))
423  		return 0;
424  
425  	/* Allocate PATH_MAX bytes. */
426  	name = __getname();
427  	if (!name)
428  		return -ENOMEM;
429  
430  	if (!ni->mi_loaded && ni->attr_list.size) {
431  		/*
432  		 * Directory inode is locked for read.
433  		 * Load all subrecords to avoid 'write' access to 'ni' during
434  		 * directory reading.
435  		 */
436  		ni_lock(ni);
437  		if (!ni->mi_loaded && ni->attr_list.size) {
438  			err = ni_load_all_mi(ni);
439  			if (!err)
440  				ni->mi_loaded = true;
441  		}
442  		ni_unlock(ni);
443  		if (err)
444  			goto out;
445  	}
446  
447  	root = indx_get_root(&ni->dir, ni, NULL, NULL);
448  	if (!root) {
449  		err = -EINVAL;
450  		goto out;
451  	}
452  
453  	if (pos >= sbi->record_size) {
454  		bit = (pos - sbi->record_size) >> index_bits;
455  	} else {
456  		err = ntfs_read_hdr(sbi, ni, &root->ihdr, 0, pos, name, ctx);
457  		if (err)
458  			goto out;
459  		bit = 0;
460  	}
461  
462  	if (!i_size) {
463  		ctx->pos = eod;
464  		goto out;
465  	}
466  
467  	for (;;) {
468  		vbo = (u64)bit << index_bits;
469  		if (vbo >= i_size) {
470  			ctx->pos = eod;
471  			goto out;
472  		}
473  
474  		err = indx_used_bit(&ni->dir, ni, &bit);
475  		if (err)
476  			goto out;
477  
478  		if (bit == MINUS_ONE_T) {
479  			ctx->pos = eod;
480  			goto out;
481  		}
482  
483  		vbo = (u64)bit << index_bits;
484  		if (vbo >= i_size) {
485  			err = -EINVAL;
486  			goto out;
487  		}
488  
489  		err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits,
490  				&node);
491  		if (err)
492  			goto out;
493  
494  		err = ntfs_read_hdr(sbi, ni, &node->index->ihdr,
495  				    vbo + sbi->record_size, pos, name, ctx);
496  		if (err)
497  			goto out;
498  
499  		bit += 1;
500  	}
501  
502  out:
503  
504  	__putname(name);
505  	put_indx_node(node);
506  
507  	if (err == 1) {
508  		/* 'ctx' is full. */
509  		err = 0;
510  	} else if (err == -ENOENT) {
511  		err = 0;
512  		ctx->pos = pos;
513  	} else if (err < 0) {
514  		if (err == -EINVAL)
515  			ntfs_inode_err(dir, "directory corrupted");
516  		ctx->pos = eod;
517  	}
518  
519  	return err;
520  }
521  
ntfs_dir_count(struct inode * dir,bool * is_empty,size_t * dirs,size_t * files)522  static int ntfs_dir_count(struct inode *dir, bool *is_empty, size_t *dirs,
523  			  size_t *files)
524  {
525  	int err = 0;
526  	struct ntfs_inode *ni = ntfs_i(dir);
527  	struct NTFS_DE *e = NULL;
528  	struct INDEX_ROOT *root;
529  	struct INDEX_HDR *hdr;
530  	const struct ATTR_FILE_NAME *fname;
531  	u32 e_size, off, end;
532  	size_t drs = 0, fles = 0, bit = 0;
533  	struct indx_node *node = NULL;
534  	size_t max_indx = i_size_read(&ni->vfs_inode) >> ni->dir.index_bits;
535  
536  	if (is_empty)
537  		*is_empty = true;
538  
539  	root = indx_get_root(&ni->dir, ni, NULL, NULL);
540  	if (!root)
541  		return -EINVAL;
542  
543  	hdr = &root->ihdr;
544  
545  	for (;;) {
546  		end = le32_to_cpu(hdr->used);
547  		off = le32_to_cpu(hdr->de_off);
548  
549  		for (; off + sizeof(struct NTFS_DE) <= end; off += e_size) {
550  			e = Add2Ptr(hdr, off);
551  			e_size = le16_to_cpu(e->size);
552  			if (e_size < sizeof(struct NTFS_DE) ||
553  			    off + e_size > end) {
554  				/* Looks like corruption. */
555  				break;
556  			}
557  
558  			if (de_is_last(e))
559  				break;
560  
561  			fname = de_get_fname(e);
562  			if (!fname)
563  				continue;
564  
565  			if (fname->type == FILE_NAME_DOS)
566  				continue;
567  
568  			if (is_empty) {
569  				*is_empty = false;
570  				if (!dirs && !files)
571  					goto out;
572  			}
573  
574  			if (fname->dup.fa & FILE_ATTRIBUTE_DIRECTORY)
575  				drs += 1;
576  			else
577  				fles += 1;
578  		}
579  
580  		if (bit >= max_indx)
581  			goto out;
582  
583  		err = indx_used_bit(&ni->dir, ni, &bit);
584  		if (err)
585  			goto out;
586  
587  		if (bit == MINUS_ONE_T)
588  			goto out;
589  
590  		if (bit >= max_indx)
591  			goto out;
592  
593  		err = indx_read(&ni->dir, ni, bit << ni->dir.idx2vbn_bits,
594  				&node);
595  		if (err)
596  			goto out;
597  
598  		hdr = &node->index->ihdr;
599  		bit += 1;
600  	}
601  
602  out:
603  	put_indx_node(node);
604  	if (dirs)
605  		*dirs = drs;
606  	if (files)
607  		*files = fles;
608  
609  	return err;
610  }
611  
dir_is_empty(struct inode * dir)612  bool dir_is_empty(struct inode *dir)
613  {
614  	bool is_empty = false;
615  
616  	ntfs_dir_count(dir, &is_empty, NULL, NULL);
617  
618  	return is_empty;
619  }
620  
621  // clang-format off
622  const struct file_operations ntfs_dir_operations = {
623  	.llseek		= generic_file_llseek,
624  	.read		= generic_read_dir,
625  	.iterate_shared	= ntfs_readdir,
626  	.fsync		= generic_file_fsync,
627  	.open		= ntfs_file_open,
628  	.unlocked_ioctl = ntfs_ioctl,
629  #ifdef CONFIG_COMPAT
630  	.compat_ioctl   = ntfs_compat_ioctl,
631  #endif
632  };
633  
634  #if IS_ENABLED(CONFIG_NTFS_FS)
635  const struct file_operations ntfs_legacy_dir_operations = {
636  	.llseek		= generic_file_llseek,
637  	.read		= generic_read_dir,
638  	.iterate_shared	= ntfs_readdir,
639  	.open		= ntfs_file_open,
640  };
641  #endif
642  // clang-format on
643