linux.git/fs/udf, branch v5.4 Linux kernel source tree fs-udf: Delete an unnecessary check before brelse() 2019-09-04T16:19:43+00:00 Markus Elfring elfring@users.sourceforge.net 2019-09-03T19:12:09+00:00 4eb09e1112180672795f4238e9252531f607c7a7 The brelse() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Link: https://lore.kernel.org/r/a254c1d1-0109-ab51-c67a-edc5c1c4b4cd@web.de Signed-off-by: Jan Kara <jack@suse.cz> 
The brelse() function tests whether its argument is NULL
and then returns immediately.
Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Link: https://lore.kernel.org/r/a254c1d1-0109-ab51-c67a-edc5c1c4b4cd@web.de
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Drop forward function declarations 2019-09-04T16:19:43+00:00 Jan Kara jack@suse.cz 2019-08-29T12:19:30+00:00 8b47ea6c21cbf169c4c41ad6de1ac12fba5ddd8e Move some functions to make forward declarations unnecessary. Signed-off-by: Jan Kara <jack@suse.cz> 
Move some functions to make forward declarations unnecessary.

Signed-off-by: Jan Kara <jack@suse.cz>
udf: Verify domain identifier fields 2019-09-04T16:19:25+00:00 Jan Kara jack@suse.cz 2019-08-29T12:11:54+00:00 2dee5aac05565933c5bf6ad4acd4f9bcd6ea2ff7 OSTA UDF standard defines that domain identifier in logical volume descriptor and file set descriptor should contain a particular string and the identifier suffix contains flags possibly making media write-protected. Verify these constraints and allow only read-only mount if they are not met. Tested-by: Steven J. Magnani <steve@digidescorp.com> Reviewed-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz> 
OSTA UDF standard defines that domain identifier in logical volume
descriptor and file set descriptor should contain a particular string
and the identifier suffix contains flags possibly making media
write-protected. Verify these constraints and allow only read-only mount
if they are not met.

Tested-by: Steven J. Magnani <steve@digidescorp.com>
Reviewed-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: augment UDF permissions on new inodes 2019-08-27T13:38:46+00:00 Steven J. Magnani steve.magnani@digidescorp.com 2019-08-27T12:13:59+00:00 c3367a1b47d590f97109cd4b5189e750fb26c0f1 Windows presents files created within Linux as read-only, even when permissions in Linux indicate the file should be writable. UDF defines a slightly different set of basic file permissions than Linux. Specifically, UDF has "delete" and "change attribute" permissions for each access class (user/group/other). Linux has no equivalents for these. When the Linux UDF driver creates a file (or directory), no UDF delete or change attribute permissions are granted. The lack of delete permission appears to cause Windows to mark an item read-only when its permissions otherwise indicate that it should be read-write. Fix this by having UDF delete permissions track Linux write permissions. Also grant UDF change attribute permission to the owner when creating a new inode. Reported by: Ty Young Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/20190827121359.9954-1-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz> 
Windows presents files created within Linux as read-only, even when
permissions in Linux indicate the file should be writable.

UDF defines a slightly different set of basic file permissions than Linux.
Specifically, UDF has "delete" and "change attribute" permissions for each
access class (user/group/other). Linux has no equivalents for these.

When the Linux UDF driver creates a file (or directory), no UDF delete or
change attribute permissions are granted. The lack of delete permission
appears to cause Windows to mark an item read-only when its permissions
otherwise indicate that it should be read-write.

Fix this by having UDF delete permissions track Linux write permissions.
Also grant UDF change attribute permission to the owner when creating a
new inode.

Reported by: Ty Young
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Link: https://lore.kernel.org/r/20190827121359.9954-1-steve@digidescorp.com
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Use dynamic debug infrastructure 2019-08-26T09:36:19+00:00 Jan Kara jack@suse.cz 2019-08-26T09:36:19+00:00 8cbd9af9d208b1f015cf8a4645602f0a007270a8 Instead of relying on UDFFS_DEBUG define for debug printing, just use standard pr_debug() prints and rely on CONFIG_DYNAMIC_DEBUG infrastructure for enabling or disabling prints. Signed-off-by: Jan Kara <jack@suse.cz> 
Instead of relying on UDFFS_DEBUG define for debug printing, just use
standard pr_debug() prints and rely on CONFIG_DYNAMIC_DEBUG
infrastructure for enabling or disabling prints.

Signed-off-by: Jan Kara <jack@suse.cz>
udf: reduce leakage of blocks related to named streams 2019-08-26T09:17:55+00:00 Steven J. Magnani steve.magnani@digidescorp.com 2019-08-14T12:50:02+00:00 ab9a3a737284b3d9e1d2ba43a0ef31b3ef2e2417 Windows is capable of creating UDF files having named streams. One example is the "Zone.Identifier" stream attached automatically to files downloaded from a network. See: https://msdn.microsoft.com/en-us/library/dn392609.aspx Modification of a file having one or more named streams in Linux causes the stream directory to become detached from the file, essentially leaking all blocks pertaining to the file's streams. Fix by saving off information about an inode's streams when reading it, for later use when its on-disk data is updated. Link: https://lore.kernel.org/r/20190814125002.10869-1-steve@digidescorp.com Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Jan Kara <jack@suse.cz> 
Windows is capable of creating UDF files having named streams.
One example is the "Zone.Identifier" stream attached automatically
to files downloaded from a network. See:
  https://msdn.microsoft.com/en-us/library/dn392609.aspx

Modification of a file having one or more named streams in Linux causes
the stream directory to become detached from the file, essentially leaking
all blocks pertaining to the file's streams.

Fix by saving off information about an inode's streams when reading it,
for later use when its on-disk data is updated.

Link: https://lore.kernel.org/r/20190814125002.10869-1-steve@digidescorp.com
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: prevent allocation beyond UDF partition 2019-07-31T16:41:37+00:00 Steve Magnani steve.magnani@digidescorp.com 2019-07-28T19:19:12+00:00 56db1991690f076c2a7e3b2a226629cd10901690 The UDF bitmap allocation code assumes that a recorded Unallocated Space Bitmap is compliant with ECMA-167 4/13, which requires that pad bytes between the end of the bitmap and the end of a logical block are all zero. When a recorded bitmap does not comply with this requirement, for example one padded with FF to the block boundary instead of 00, the allocator may "allocate" blocks that are outside the UDF partition extent. This can result in UDF volume descriptors being overwritten by file data or by partition-level descriptors, and in extreme cases, even in scribbling on a subsequent disk partition. Add a check that the block selected by the allocator actually resides within the UDF partition extent. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/1564341552-129750-1-git-send-email-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz> 
The UDF bitmap allocation code assumes that a recorded
Unallocated Space Bitmap is compliant with ECMA-167 4/13,
which requires that pad bytes between the end of the bitmap
and the end of a logical block are all zero.

When a recorded bitmap does not comply with this requirement,
for example one padded with FF to the block boundary instead
of 00, the allocator may "allocate" blocks that are outside
the UDF partition extent. This can result in UDF volume descriptors
being overwritten by file data or by partition-level descriptors,
and in extreme cases, even in scribbling on a subsequent disk partition.

Add a check that the block selected by the allocator actually
resides within the UDF partition extent.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>

Link: https://lore.kernel.org/r/1564341552-129750-1-git-send-email-steve@digidescorp.com
Signed-off-by: Jan Kara <jack@suse.cz>
udf: support 2048-byte spacing of VRS descriptors on 4K media 2019-07-31T10:04:42+00:00 Steven J. Magnani steve.magnani@digidescorp.com 2019-07-11T13:38:52+00:00 6fbacb8539a6659d446a9efabb538cfc007c1427 Some UDF creators (specifically Microsoft, but perhaps others) mishandle the ECMA-167 corner case that requires descriptors within a Volume Recognition Sequence to be placed at 4096-byte intervals on media where the block size is 4K. Instead, the descriptors are placed at the 2048- byte interval mandated for media with smaller blocks. This nonconformity currently prevents Linux from recognizing the filesystem as UDF. Modify the driver to tolerate a misformatted VRS on 4K media. [JK: Simplified descriptor checking] Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Tested-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/20190711133852.16887-2-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz> 
Some UDF creators (specifically Microsoft, but perhaps others) mishandle
the ECMA-167 corner case that requires descriptors within a Volume
Recognition Sequence to be placed at 4096-byte intervals on media where
the block size is 4K. Instead, the descriptors are placed at the 2048-
byte interval mandated for media with smaller blocks. This nonconformity
currently prevents Linux from recognizing the filesystem as UDF.

Modify the driver to tolerate a misformatted VRS on 4K media.

[JK: Simplified descriptor checking]
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Tested-by: Steven J. Magnani <steve@digidescorp.com>
Link: https://lore.kernel.org/r/20190711133852.16887-2-steve@digidescorp.com
Signed-off-by: Jan Kara <jack@suse.cz>
udf: refactor VRS descriptor identification 2019-07-31T10:04:42+00:00 Steven J. Magnani steve.magnani@digidescorp.com 2019-07-11T13:38:51+00:00 ba54aef0313322d9eea0fca648170d5a3c906de4 Extract code that parses a Volume Recognition Sequence descriptor (component), in preparation for calling it twice against different locations in a block. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/20190711133852.16887-1-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz> 
Extract code that parses a Volume Recognition Sequence descriptor
(component), in preparation for calling it twice against different
locations in a block.

Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Link: https://lore.kernel.org/r/20190711133852.16887-1-steve@digidescorp.com
Signed-off-by: Jan Kara <jack@suse.cz>
Merge tag 'for_v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2019-07-11T03:27:07+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-07-11T03:27:07+00:00 682f7c5c465d7ac4107e51dbf2a847a026b384e8 Pull ext2, udf and quota updates from Jan Kara: - some ext2 fixes and cleanups - a fix of udf bug when extending files - a fix of quota Q_XGETQSTAT[V] handling * tag 'for_v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: udf: Fix incorrect final NOT_ALLOCATED (hole) extent length ext2: Use kmemdup rather than duplicating its implementation quota: honor quota type in Q_XGETQSTAT[V] calls ext2: Always brelse bh on failure in ext2_iget() ext2: add missing brelse() in ext2_iget() ext2: Fix a typo in ext2_getattr argument ext2: fix a typo in comment ext2: add missing brelse() in ext2_new_inode() ext2: optimize ext2_xattr_get() ext2: introduce new helper for xattr entry comparison ext2: merge xattr next entry check to ext2_xattr_entry_valid() ext2: code cleanup for ext2_preread_inode() ext2: code cleanup by using test_opt() and clear_opt() doc: ext2: update description of quota options for ext2 ext2: Strengthen xattr block checks ext2: Merge loops in ext2_xattr_set() ext2: introduce helper for xattr entry validation ext2: introduce helper for xattr header validation quota: add dqi_dirty_list description to comment of Dquot List Management 
Pull ext2, udf and quota updates from Jan Kara:

 - some ext2 fixes and cleanups

 - a fix of udf bug when extending files

 - a fix of quota Q_XGETQSTAT[V] handling

* tag 'for_v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
  ext2: Use kmemdup rather than duplicating its implementation
  quota: honor quota type in Q_XGETQSTAT[V] calls
  ext2: Always brelse bh on failure in ext2_iget()
  ext2: add missing brelse() in ext2_iget()
  ext2: Fix a typo in ext2_getattr argument
  ext2: fix a typo in comment
  ext2: add missing brelse() in ext2_new_inode()
  ext2: optimize ext2_xattr_get()
  ext2: introduce new helper for xattr entry comparison
  ext2: merge xattr next entry check to ext2_xattr_entry_valid()
  ext2: code cleanup for ext2_preread_inode()
  ext2: code cleanup by using test_opt() and clear_opt()
  doc: ext2: update description of quota options for ext2
  ext2: Strengthen xattr block checks
  ext2: Merge loops in ext2_xattr_set()
  ext2: introduce helper for xattr entry validation
  ext2: introduce helper for xattr header validation
  quota: add dqi_dirty_list description to comment of Dquot List Management