xref: /openbmc/linux/fs/fat/dir.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  *  linux/fs/fat/dir.c
3  *
4  *  directory handling functions for fat-based filesystems
5  *
6  *  Written 1992,1993 by Werner Almesberger
7  *
8  *  Hidden files 1995 by Albert Cahalan <albert@ccs.neu.edu> <adc@coe.neu.edu>
9  *
10  *  VFAT extensions by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
11  *  Merged with msdos fs by Henrik Storner <storner@osiris.ping.dk>
12  *  Rewritten for constant inumbers. Plugged buffer overrun in readdir(). AV
13  *  Short name translation 1999, 2001 by Wolfram Pienkoss <wp@bszh.de>
14  */
15 
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/time.h>
19 #include <linux/msdos_fs.h>
20 #include <linux/dirent.h>
21 #include <linux/smp_lock.h>
22 #include <linux/buffer_head.h>
23 #include <linux/compat.h>
24 #include <asm/uaccess.h>
25 
26 static inline loff_t fat_make_i_pos(struct super_block *sb,
27 				    struct buffer_head *bh,
28 				    struct msdos_dir_entry *de)
29 {
30 	return ((loff_t)bh->b_blocknr << MSDOS_SB(sb)->dir_per_block_bits)
31 		| (de - (struct msdos_dir_entry *)bh->b_data);
32 }
33 
34 static inline void fat_dir_readahead(struct inode *dir, sector_t iblock,
35 				     sector_t phys)
36 {
37 	struct super_block *sb = dir->i_sb;
38 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
39 	struct buffer_head *bh;
40 	int sec;
41 
42 	/* This is not a first sector of cluster, or sec_per_clus == 1 */
43 	if ((iblock & (sbi->sec_per_clus - 1)) || sbi->sec_per_clus == 1)
44 		return;
45 	/* root dir of FAT12/FAT16 */
46 	if ((sbi->fat_bits != 32) && (dir->i_ino == MSDOS_ROOT_INO))
47 		return;
48 
49 	bh = sb_find_get_block(sb, phys);
50 	if (bh == NULL || !buffer_uptodate(bh)) {
51 		for (sec = 0; sec < sbi->sec_per_clus; sec++)
52 			sb_breadahead(sb, phys + sec);
53 	}
54 	brelse(bh);
55 }
56 
57 /* Returns the inode number of the directory entry at offset pos. If bh is
58    non-NULL, it is brelse'd before. Pos is incremented. The buffer header is
59    returned in bh.
60    AV. Most often we do it item-by-item. Makes sense to optimize.
61    AV. OK, there we go: if both bh and de are non-NULL we assume that we just
62    AV. want the next entry (took one explicit de=NULL in vfat/namei.c).
63    AV. It's done in fat_get_entry() (inlined), here the slow case lives.
64    AV. Additionally, when we return -1 (i.e. reached the end of directory)
65    AV. we make bh NULL.
66  */
67 static int fat__get_entry(struct inode *dir, loff_t *pos,
68 			  struct buffer_head **bh, struct msdos_dir_entry **de)
69 {
70 	struct super_block *sb = dir->i_sb;
71 	sector_t phys, iblock;
72 	unsigned long mapped_blocks;
73 	int err, offset;
74 
75 next:
76 	if (*bh)
77 		brelse(*bh);
78 
79 	*bh = NULL;
80 	iblock = *pos >> sb->s_blocksize_bits;
81 	err = fat_bmap(dir, iblock, &phys, &mapped_blocks);
82 	if (err || !phys)
83 		return -1;	/* beyond EOF or error */
84 
85 	fat_dir_readahead(dir, iblock, phys);
86 
87 	*bh = sb_bread(sb, phys);
88 	if (*bh == NULL) {
89 		printk(KERN_ERR "FAT: Directory bread(block %llu) failed\n",
90 		       (unsigned long long)phys);
91 		/* skip this block */
92 		*pos = (iblock + 1) << sb->s_blocksize_bits;
93 		goto next;
94 	}
95 
96 	offset = *pos & (sb->s_blocksize - 1);
97 	*pos += sizeof(struct msdos_dir_entry);
98 	*de = (struct msdos_dir_entry *)((*bh)->b_data + offset);
99 
100 	return 0;
101 }
102 
103 static inline int fat_get_entry(struct inode *dir, loff_t *pos,
104 				struct buffer_head **bh,
105 				struct msdos_dir_entry **de)
106 {
107 	/* Fast stuff first */
108 	if (*bh && *de &&
109 	    (*de - (struct msdos_dir_entry *)(*bh)->b_data) < MSDOS_SB(dir->i_sb)->dir_per_block - 1) {
110 		*pos += sizeof(struct msdos_dir_entry);
111 		(*de)++;
112 		return 0;
113 	}
114 	return fat__get_entry(dir, pos, bh, de);
115 }
116 
117 /*
118  * Convert Unicode 16 to UTF-8, translated Unicode, or ASCII.
119  * If uni_xlate is enabled and we can't get a 1:1 conversion, use a
120  * colon as an escape character since it is normally invalid on the vfat
121  * filesystem. The following four characters are the hexadecimal digits
122  * of Unicode value. This lets us do a full dump and restore of Unicode
123  * filenames. We could get into some trouble with long Unicode names,
124  * but ignore that right now.
125  * Ahem... Stack smashing in ring 0 isn't fun. Fixed.
126  */
127 static int uni16_to_x8(unsigned char *ascii, wchar_t *uni, int uni_xlate,
128 		       struct nls_table *nls)
129 {
130 	wchar_t *ip, ec;
131 	unsigned char *op, nc;
132 	int charlen;
133 	int k;
134 
135 	ip = uni;
136 	op = ascii;
137 
138 	while (*ip) {
139 		ec = *ip++;
140 		if ( (charlen = nls->uni2char(ec, op, NLS_MAX_CHARSET_SIZE)) > 0) {
141 			op += charlen;
142 		} else {
143 			if (uni_xlate == 1) {
144 				*op = ':';
145 				for (k = 4; k > 0; k--) {
146 					nc = ec & 0xF;
147 					op[k] = nc > 9	? nc + ('a' - 10)
148 							: nc + '0';
149 					ec >>= 4;
150 				}
151 				op += 5;
152 			} else {
153 				*op++ = '?';
154 			}
155 		}
156 		/* We have some slack there, so it's OK */
157 		if (op>ascii+256) {
158 			op = ascii + 256;
159 			break;
160 		}
161 	}
162 	*op = 0;
163 	return (op - ascii);
164 }
165 
166 static inline int
167 fat_short2uni(struct nls_table *t, unsigned char *c, int clen, wchar_t *uni)
168 {
169 	int charlen;
170 
171 	charlen = t->char2uni(c, clen, uni);
172 	if (charlen < 0) {
173 		*uni = 0x003f;	/* a question mark */
174 		charlen = 1;
175 	}
176 	return charlen;
177 }
178 
179 static inline int
180 fat_short2lower_uni(struct nls_table *t, unsigned char *c, int clen, wchar_t *uni)
181 {
182 	int charlen;
183 	wchar_t wc;
184 
185 	charlen = t->char2uni(c, clen, &wc);
186 	if (charlen < 0) {
187 		*uni = 0x003f;	/* a question mark */
188 		charlen = 1;
189 	} else if (charlen <= 1) {
190 		unsigned char nc = t->charset2lower[*c];
191 
192 		if (!nc)
193 			nc = *c;
194 
195 		if ( (charlen = t->char2uni(&nc, 1, uni)) < 0) {
196 			*uni = 0x003f;	/* a question mark */
197 			charlen = 1;
198 		}
199 	} else
200 		*uni = wc;
201 
202 	return charlen;
203 }
204 
205 static inline int
206 fat_shortname2uni(struct nls_table *nls, unsigned char *buf, int buf_size,
207 		  wchar_t *uni_buf, unsigned short opt, int lower)
208 {
209 	int len = 0;
210 
211 	if (opt & VFAT_SFN_DISPLAY_LOWER)
212 		len =  fat_short2lower_uni(nls, buf, buf_size, uni_buf);
213 	else if (opt & VFAT_SFN_DISPLAY_WIN95)
214 		len = fat_short2uni(nls, buf, buf_size, uni_buf);
215 	else if (opt & VFAT_SFN_DISPLAY_WINNT) {
216 		if (lower)
217 			len = fat_short2lower_uni(nls, buf, buf_size, uni_buf);
218 		else
219 			len = fat_short2uni(nls, buf, buf_size, uni_buf);
220 	} else
221 		len = fat_short2uni(nls, buf, buf_size, uni_buf);
222 
223 	return len;
224 }
225 
226 enum { PARSE_INVALID = 1, PARSE_NOT_LONGNAME, PARSE_EOF, };
227 
228 /**
229  * fat_parse_long - Parse extended directory entry.
230  *
231  * This function returns zero on success, negative value on error, or one of
232  * the following:
233  *
234  * %PARSE_INVALID - Directory entry is invalid.
235  * %PARSE_NOT_LONGNAME - Directory entry does not contain longname.
236  * %PARSE_EOF - Directory has no more entries.
237  */
238 static int fat_parse_long(struct inode *dir, loff_t *pos,
239 			  struct buffer_head **bh, struct msdos_dir_entry **de,
240 			  wchar_t **unicode, unsigned char *nr_slots)
241 {
242 	struct msdos_dir_slot *ds;
243 	unsigned char id, slot, slots, alias_checksum;
244 
245 	if (!*unicode) {
246 		*unicode = (wchar_t *)__get_free_page(GFP_KERNEL);
247 		if (!*unicode) {
248 			brelse(*bh);
249 			return -ENOMEM;
250 		}
251 	}
252 parse_long:
253 	slots = 0;
254 	ds = (struct msdos_dir_slot *)*de;
255 	id = ds->id;
256 	if (!(id & 0x40))
257 		return PARSE_INVALID;
258 	slots = id & ~0x40;
259 	if (slots > 20 || !slots)	/* ceil(256 * 2 / 26) */
260 		return PARSE_INVALID;
261 	*nr_slots = slots;
262 	alias_checksum = ds->alias_checksum;
263 
264 	slot = slots;
265 	while (1) {
266 		int offset;
267 
268 		slot--;
269 		offset = slot * 13;
270 		fat16_towchar(*unicode + offset, ds->name0_4, 5);
271 		fat16_towchar(*unicode + offset + 5, ds->name5_10, 6);
272 		fat16_towchar(*unicode + offset + 11, ds->name11_12, 2);
273 
274 		if (ds->id & 0x40)
275 			(*unicode)[offset + 13] = 0;
276 		if (fat_get_entry(dir, pos, bh, de) < 0)
277 			return PARSE_EOF;
278 		if (slot == 0)
279 			break;
280 		ds = (struct msdos_dir_slot *)*de;
281 		if (ds->attr != ATTR_EXT)
282 			return PARSE_NOT_LONGNAME;
283 		if ((ds->id & ~0x40) != slot)
284 			goto parse_long;
285 		if (ds->alias_checksum != alias_checksum)
286 			goto parse_long;
287 	}
288 	if ((*de)->name[0] == DELETED_FLAG)
289 		return PARSE_INVALID;
290 	if ((*de)->attr == ATTR_EXT)
291 		goto parse_long;
292 	if (IS_FREE((*de)->name) || ((*de)->attr & ATTR_VOLUME))
293 		return PARSE_INVALID;
294 	if (fat_checksum((*de)->name) != alias_checksum)
295 		*nr_slots = 0;
296 
297 	return 0;
298 }
299 
300 /*
301  * Return values: negative -> error, 0 -> not found, positive -> found,
302  * value is the total amount of slots, including the shortname entry.
303  */
304 int fat_search_long(struct inode *inode, const unsigned char *name,
305 		    int name_len, struct fat_slot_info *sinfo)
306 {
307 	struct super_block *sb = inode->i_sb;
308 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
309 	struct buffer_head *bh = NULL;
310 	struct msdos_dir_entry *de;
311 	struct nls_table *nls_io = sbi->nls_io;
312 	struct nls_table *nls_disk = sbi->nls_disk;
313 	wchar_t bufuname[14];
314 	unsigned char xlate_len, nr_slots;
315 	wchar_t *unicode = NULL;
316 	unsigned char work[8], bufname[260];	/* 256 + 4 */
317 	int uni_xlate = sbi->options.unicode_xlate;
318 	int utf8 = sbi->options.utf8;
319 	int anycase = (sbi->options.name_check != 's');
320 	unsigned short opt_shortname = sbi->options.shortname;
321 	loff_t cpos = 0;
322 	int chl, i, j, last_u, err;
323 
324 	err = -ENOENT;
325 	while(1) {
326 		if (fat_get_entry(inode, &cpos, &bh, &de) == -1)
327 			goto EODir;
328 parse_record:
329 		nr_slots = 0;
330 		if (de->name[0] == DELETED_FLAG)
331 			continue;
332 		if (de->attr != ATTR_EXT && (de->attr & ATTR_VOLUME))
333 			continue;
334 		if (de->attr != ATTR_EXT && IS_FREE(de->name))
335 			continue;
336 		if (de->attr == ATTR_EXT) {
337 			int status = fat_parse_long(inode, &cpos, &bh, &de,
338 						    &unicode, &nr_slots);
339 			if (status < 0)
340 				return status;
341 			else if (status == PARSE_INVALID)
342 				continue;
343 			else if (status == PARSE_NOT_LONGNAME)
344 				goto parse_record;
345 			else if (status == PARSE_EOF)
346 				goto EODir;
347 		}
348 
349 		memcpy(work, de->name, sizeof(de->name));
350 		/* see namei.c, msdos_format_name */
351 		if (work[0] == 0x05)
352 			work[0] = 0xE5;
353 		for (i = 0, j = 0, last_u = 0; i < 8;) {
354 			if (!work[i]) break;
355 			chl = fat_shortname2uni(nls_disk, &work[i], 8 - i,
356 						&bufuname[j++], opt_shortname,
357 						de->lcase & CASE_LOWER_BASE);
358 			if (chl <= 1) {
359 				if (work[i] != ' ')
360 					last_u = j;
361 			} else {
362 				last_u = j;
363 			}
364 			i += chl;
365 		}
366 		j = last_u;
367 		fat_short2uni(nls_disk, ".", 1, &bufuname[j++]);
368 		for (i = 0; i < 3;) {
369 			if (!de->ext[i]) break;
370 			chl = fat_shortname2uni(nls_disk, &de->ext[i], 3 - i,
371 						&bufuname[j++], opt_shortname,
372 						de->lcase & CASE_LOWER_EXT);
373 			if (chl <= 1) {
374 				if (de->ext[i] != ' ')
375 					last_u = j;
376 			} else {
377 				last_u = j;
378 			}
379 			i += chl;
380 		}
381 		if (!last_u)
382 			continue;
383 
384 		bufuname[last_u] = 0x0000;
385 		xlate_len = utf8
386 			?utf8_wcstombs(bufname, bufuname, sizeof(bufname))
387 			:uni16_to_x8(bufname, bufuname, uni_xlate, nls_io);
388 		if (xlate_len == name_len)
389 			if ((!anycase && !memcmp(name, bufname, xlate_len)) ||
390 			    (anycase && !nls_strnicmp(nls_io, name, bufname,
391 								xlate_len)))
392 				goto Found;
393 
394 		if (nr_slots) {
395 			xlate_len = utf8
396 				?utf8_wcstombs(bufname, unicode, sizeof(bufname))
397 				:uni16_to_x8(bufname, unicode, uni_xlate, nls_io);
398 			if (xlate_len != name_len)
399 				continue;
400 			if ((!anycase && !memcmp(name, bufname, xlate_len)) ||
401 			    (anycase && !nls_strnicmp(nls_io, name, bufname,
402 								xlate_len)))
403 				goto Found;
404 		}
405 	}
406 
407 Found:
408 	nr_slots++;	/* include the de */
409 	sinfo->slot_off = cpos - nr_slots * sizeof(*de);
410 	sinfo->nr_slots = nr_slots;
411 	sinfo->de = de;
412 	sinfo->bh = bh;
413 	sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de);
414 	err = 0;
415 EODir:
416 	if (unicode)
417 		free_page((unsigned long)unicode);
418 
419 	return err;
420 }
421 
422 EXPORT_SYMBOL_GPL(fat_search_long);
423 
424 struct fat_ioctl_filldir_callback {
425 	void __user *dirent;
426 	int result;
427 	/* for dir ioctl */
428 	const char *longname;
429 	int long_len;
430 	const char *shortname;
431 	int short_len;
432 };
433 
434 static int __fat_readdir(struct inode *inode, struct file *filp, void *dirent,
435 			 filldir_t filldir, int short_only, int both)
436 {
437 	struct super_block *sb = inode->i_sb;
438 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
439 	struct buffer_head *bh;
440 	struct msdos_dir_entry *de;
441 	struct nls_table *nls_io = sbi->nls_io;
442 	struct nls_table *nls_disk = sbi->nls_disk;
443 	unsigned char long_slots;
444 	const char *fill_name;
445 	int fill_len;
446 	wchar_t bufuname[14];
447 	wchar_t *unicode = NULL;
448 	unsigned char c, work[8], bufname[56], *ptname = bufname;
449 	unsigned long lpos, dummy, *furrfu = &lpos;
450 	int uni_xlate = sbi->options.unicode_xlate;
451 	int isvfat = sbi->options.isvfat;
452 	int utf8 = sbi->options.utf8;
453 	int nocase = sbi->options.nocase;
454 	unsigned short opt_shortname = sbi->options.shortname;
455 	unsigned long inum;
456 	int chi, chl, i, i2, j, last, last_u, dotoffset = 0;
457 	loff_t cpos;
458 	int ret = 0;
459 
460 	lock_kernel();
461 
462 	cpos = filp->f_pos;
463 	/* Fake . and .. for the root directory. */
464 	if (inode->i_ino == MSDOS_ROOT_INO) {
465 		while (cpos < 2) {
466 			if (filldir(dirent, "..", cpos+1, cpos, MSDOS_ROOT_INO, DT_DIR) < 0)
467 				goto out;
468 			cpos++;
469 			filp->f_pos++;
470 		}
471 		if (cpos == 2) {
472 			dummy = 2;
473 			furrfu = &dummy;
474 			cpos = 0;
475 		}
476 	}
477 	if (cpos & (sizeof(struct msdos_dir_entry)-1)) {
478 		ret = -ENOENT;
479 		goto out;
480 	}
481 
482 	bh = NULL;
483 GetNew:
484 	if (fat_get_entry(inode, &cpos, &bh, &de) == -1)
485 		goto EODir;
486 parse_record:
487 	long_slots = 0;
488 	/* Check for long filename entry */
489 	if (isvfat) {
490 		if (de->name[0] == DELETED_FLAG)
491 			goto RecEnd;
492 		if (de->attr != ATTR_EXT && (de->attr & ATTR_VOLUME))
493 			goto RecEnd;
494 		if (de->attr != ATTR_EXT && IS_FREE(de->name))
495 			goto RecEnd;
496 	} else {
497 		if ((de->attr & ATTR_VOLUME) || IS_FREE(de->name))
498 			goto RecEnd;
499 	}
500 
501 	if (isvfat && de->attr == ATTR_EXT) {
502 		int status = fat_parse_long(inode, &cpos, &bh, &de,
503 					    &unicode, &long_slots);
504 		if (status < 0) {
505 			filp->f_pos = cpos;
506 			ret = status;
507 			goto out;
508 		} else if (status == PARSE_INVALID)
509 			goto RecEnd;
510 		else if (status == PARSE_NOT_LONGNAME)
511 			goto parse_record;
512 		else if (status == PARSE_EOF)
513 			goto EODir;
514 	}
515 
516 	if (sbi->options.dotsOK) {
517 		ptname = bufname;
518 		dotoffset = 0;
519 		if (de->attr & ATTR_HIDDEN) {
520 			*ptname++ = '.';
521 			dotoffset = 1;
522 		}
523 	}
524 
525 	memcpy(work, de->name, sizeof(de->name));
526 	/* see namei.c, msdos_format_name */
527 	if (work[0] == 0x05)
528 		work[0] = 0xE5;
529 	for (i = 0, j = 0, last = 0, last_u = 0; i < 8;) {
530 		if (!(c = work[i])) break;
531 		chl = fat_shortname2uni(nls_disk, &work[i], 8 - i,
532 					&bufuname[j++], opt_shortname,
533 					de->lcase & CASE_LOWER_BASE);
534 		if (chl <= 1) {
535 			ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c;
536 			if (c != ' ') {
537 				last = i;
538 				last_u = j;
539 			}
540 		} else {
541 			last_u = j;
542 			for (chi = 0; chi < chl && i < 8; chi++) {
543 				ptname[i] = work[i];
544 				i++; last = i;
545 			}
546 		}
547 	}
548 	i = last;
549 	j = last_u;
550 	fat_short2uni(nls_disk, ".", 1, &bufuname[j++]);
551 	ptname[i++] = '.';
552 	for (i2 = 0; i2 < 3;) {
553 		if (!(c = de->ext[i2])) break;
554 		chl = fat_shortname2uni(nls_disk, &de->ext[i2], 3 - i2,
555 					&bufuname[j++], opt_shortname,
556 					de->lcase & CASE_LOWER_EXT);
557 		if (chl <= 1) {
558 			i2++;
559 			ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c;
560 			if (c != ' ') {
561 				last = i;
562 				last_u = j;
563 			}
564 		} else {
565 			last_u = j;
566 			for (chi = 0; chi < chl && i2 < 3; chi++) {
567 				ptname[i++] = de->ext[i2++];
568 				last = i;
569 			}
570 		}
571 	}
572 	if (!last)
573 		goto RecEnd;
574 
575 	i = last + dotoffset;
576 	j = last_u;
577 
578 	lpos = cpos - (long_slots+1)*sizeof(struct msdos_dir_entry);
579 	if (!memcmp(de->name, MSDOS_DOT, MSDOS_NAME))
580 		inum = inode->i_ino;
581 	else if (!memcmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) {
582 		inum = parent_ino(filp->f_path.dentry);
583 	} else {
584 		loff_t i_pos = fat_make_i_pos(sb, bh, de);
585 		struct inode *tmp = fat_iget(sb, i_pos);
586 		if (tmp) {
587 			inum = tmp->i_ino;
588 			iput(tmp);
589 		} else
590 			inum = iunique(sb, MSDOS_ROOT_INO);
591 	}
592 
593 	if (isvfat) {
594 		bufuname[j] = 0x0000;
595 		i = utf8 ? utf8_wcstombs(bufname, bufuname, sizeof(bufname))
596 			 : uni16_to_x8(bufname, bufuname, uni_xlate, nls_io);
597 	}
598 
599 	fill_name = bufname;
600 	fill_len = i;
601 	if (!short_only && long_slots) {
602 		/* convert the unicode long name. 261 is maximum size
603 		 * of unicode buffer. (13 * slots + nul) */
604 		void *longname = unicode + 261;
605 		int buf_size = PAGE_SIZE - (261 * sizeof(unicode[0]));
606 		int long_len = utf8
607 			? utf8_wcstombs(longname, unicode, buf_size)
608 			: uni16_to_x8(longname, unicode, uni_xlate, nls_io);
609 
610 		if (!both) {
611 			fill_name = longname;
612 			fill_len = long_len;
613 		} else {
614 			/* hack for fat_ioctl_filldir() */
615 			struct fat_ioctl_filldir_callback *p = dirent;
616 
617 			p->longname = longname;
618 			p->long_len = long_len;
619 			p->shortname = bufname;
620 			p->short_len = i;
621 			fill_name = NULL;
622 			fill_len = 0;
623 		}
624 	}
625 	if (filldir(dirent, fill_name, fill_len, *furrfu, inum,
626 		    (de->attr & ATTR_DIR) ? DT_DIR : DT_REG) < 0)
627 		goto FillFailed;
628 
629 RecEnd:
630 	furrfu = &lpos;
631 	filp->f_pos = cpos;
632 	goto GetNew;
633 EODir:
634 	filp->f_pos = cpos;
635 FillFailed:
636 	brelse(bh);
637 	if (unicode)
638 		free_page((unsigned long)unicode);
639 out:
640 	unlock_kernel();
641 	return ret;
642 }
643 
644 static int fat_readdir(struct file *filp, void *dirent, filldir_t filldir)
645 {
646 	struct inode *inode = filp->f_path.dentry->d_inode;
647 	return __fat_readdir(inode, filp, dirent, filldir, 0, 0);
648 }
649 
650 #define FAT_IOCTL_FILLDIR_FUNC(func, dirent_type)			   \
651 static int func(void *__buf, const char *name, int name_len,		   \
652 			     loff_t offset, u64 ino, unsigned int d_type)  \
653 {									   \
654 	struct fat_ioctl_filldir_callback *buf = __buf;			   \
655 	struct dirent_type __user *d1 = buf->dirent;			   \
656 	struct dirent_type __user *d2 = d1 + 1;				   \
657 									   \
658 	if (buf->result)						   \
659 		return -EINVAL;						   \
660 	buf->result++;							   \
661 									   \
662 	if (name != NULL) {						   \
663 		/* dirent has only short name */			   \
664 		if (name_len >= sizeof(d1->d_name))			   \
665 			name_len = sizeof(d1->d_name) - 1;		   \
666 									   \
667 		if (put_user(0, d2->d_name)			||	   \
668 		    put_user(0, &d2->d_reclen)			||	   \
669 		    copy_to_user(d1->d_name, name, name_len)	||	   \
670 		    put_user(0, d1->d_name + name_len)		||	   \
671 		    put_user(name_len, &d1->d_reclen))			   \
672 			goto efault;					   \
673 	} else {							   \
674 		/* dirent has short and long name */			   \
675 		const char *longname = buf->longname;			   \
676 		int long_len = buf->long_len;				   \
677 		const char *shortname = buf->shortname;			   \
678 		int short_len = buf->short_len;				   \
679 									   \
680 		if (long_len >= sizeof(d1->d_name))			   \
681 			long_len = sizeof(d1->d_name) - 1;		   \
682 		if (short_len >= sizeof(d1->d_name))			   \
683 			short_len = sizeof(d1->d_name) - 1;		   \
684 									   \
685 		if (copy_to_user(d2->d_name, longname, long_len)	|| \
686 		    put_user(0, d2->d_name + long_len)			|| \
687 		    put_user(long_len, &d2->d_reclen)			|| \
688 		    put_user(ino, &d2->d_ino)				|| \
689 		    put_user(offset, &d2->d_off)			|| \
690 		    copy_to_user(d1->d_name, shortname, short_len)	|| \
691 		    put_user(0, d1->d_name + short_len)			|| \
692 		    put_user(short_len, &d1->d_reclen))			   \
693 			goto efault;					   \
694 	}								   \
695 	return 0;							   \
696 efault:									   \
697 	buf->result = -EFAULT;						   \
698 	return -EFAULT;							   \
699 }
700 
701 FAT_IOCTL_FILLDIR_FUNC(fat_ioctl_filldir, dirent)
702 
703 static int fat_ioctl_readdir(struct inode *inode, struct file *filp,
704 			     void __user *dirent, filldir_t filldir,
705 			     int short_only, int both)
706 {
707 	struct fat_ioctl_filldir_callback buf;
708 	int ret;
709 
710 	buf.dirent = dirent;
711 	buf.result = 0;
712 	mutex_lock(&inode->i_mutex);
713 	ret = -ENOENT;
714 	if (!IS_DEADDIR(inode)) {
715 		ret = __fat_readdir(inode, filp, &buf, filldir,
716 				    short_only, both);
717 	}
718 	mutex_unlock(&inode->i_mutex);
719 	if (ret >= 0)
720 		ret = buf.result;
721 	return ret;
722 }
723 
724 static int fat_dir_ioctl(struct inode *inode, struct file *filp,
725 			 unsigned int cmd, unsigned long arg)
726 {
727 	struct dirent __user *d1 = (struct dirent __user *)arg;
728 	int short_only, both;
729 
730 	switch (cmd) {
731 	case VFAT_IOCTL_READDIR_SHORT:
732 		short_only = 1;
733 		both = 0;
734 		break;
735 	case VFAT_IOCTL_READDIR_BOTH:
736 		short_only = 0;
737 		both = 1;
738 		break;
739 	default:
740 		return fat_generic_ioctl(inode, filp, cmd, arg);
741 	}
742 
743 	if (!access_ok(VERIFY_WRITE, d1, sizeof(struct dirent[2])))
744 		return -EFAULT;
745 	/*
746 	 * Yes, we don't need this put_user() absolutely. However old
747 	 * code didn't return the right value. So, app use this value,
748 	 * in order to check whether it is EOF.
749 	 */
750 	if (put_user(0, &d1->d_reclen))
751 		return -EFAULT;
752 
753 	return fat_ioctl_readdir(inode, filp, d1, fat_ioctl_filldir,
754 				 short_only, both);
755 }
756 
757 #ifdef CONFIG_COMPAT
758 #define	VFAT_IOCTL_READDIR_BOTH32	_IOR('r', 1, struct compat_dirent[2])
759 #define	VFAT_IOCTL_READDIR_SHORT32	_IOR('r', 2, struct compat_dirent[2])
760 
761 FAT_IOCTL_FILLDIR_FUNC(fat_compat_ioctl_filldir, compat_dirent)
762 
763 static long fat_compat_dir_ioctl(struct file *filp, unsigned cmd,
764 				 unsigned long arg)
765 {
766 	struct inode *inode = filp->f_path.dentry->d_inode;
767 	struct compat_dirent __user *d1 = compat_ptr(arg);
768 	int short_only, both;
769 
770 	switch (cmd) {
771 	case VFAT_IOCTL_READDIR_SHORT32:
772 		short_only = 1;
773 		both = 0;
774 		break;
775 	case VFAT_IOCTL_READDIR_BOTH32:
776 		short_only = 0;
777 		both = 1;
778 		break;
779 	default:
780 		return -ENOIOCTLCMD;
781 	}
782 
783 	if (!access_ok(VERIFY_WRITE, d1, sizeof(struct compat_dirent[2])))
784 		return -EFAULT;
785 	/*
786 	 * Yes, we don't need this put_user() absolutely. However old
787 	 * code didn't return the right value. So, app use this value,
788 	 * in order to check whether it is EOF.
789 	 */
790 	if (put_user(0, &d1->d_reclen))
791 		return -EFAULT;
792 
793 	return fat_ioctl_readdir(inode, filp, d1, fat_compat_ioctl_filldir,
794 				 short_only, both);
795 }
796 #endif /* CONFIG_COMPAT */
797 
798 const struct file_operations fat_dir_operations = {
799 	.read		= generic_read_dir,
800 	.readdir	= fat_readdir,
801 	.ioctl		= fat_dir_ioctl,
802 #ifdef CONFIG_COMPAT
803 	.compat_ioctl	= fat_compat_dir_ioctl,
804 #endif
805 	.fsync		= file_fsync,
806 };
807 
808 static int fat_get_short_entry(struct inode *dir, loff_t *pos,
809 			       struct buffer_head **bh,
810 			       struct msdos_dir_entry **de)
811 {
812 	while (fat_get_entry(dir, pos, bh, de) >= 0) {
813 		/* free entry or long name entry or volume label */
814 		if (!IS_FREE((*de)->name) && !((*de)->attr & ATTR_VOLUME))
815 			return 0;
816 	}
817 	return -ENOENT;
818 }
819 
820 /*
821  * The ".." entry can not provide the "struct fat_slot_info" informations
822  * for inode. So, this function provide the some informations only.
823  */
824 int fat_get_dotdot_entry(struct inode *dir, struct buffer_head **bh,
825 			 struct msdos_dir_entry **de, loff_t *i_pos)
826 {
827 	loff_t offset;
828 
829 	offset = 0;
830 	*bh = NULL;
831 	while (fat_get_short_entry(dir, &offset, bh, de) >= 0) {
832 		if (!strncmp((*de)->name, MSDOS_DOTDOT, MSDOS_NAME)) {
833 			*i_pos = fat_make_i_pos(dir->i_sb, *bh, *de);
834 			return 0;
835 		}
836 	}
837 	return -ENOENT;
838 }
839 
840 EXPORT_SYMBOL_GPL(fat_get_dotdot_entry);
841 
842 /* See if directory is empty */
843 int fat_dir_empty(struct inode *dir)
844 {
845 	struct buffer_head *bh;
846 	struct msdos_dir_entry *de;
847 	loff_t cpos;
848 	int result = 0;
849 
850 	bh = NULL;
851 	cpos = 0;
852 	while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
853 		if (strncmp(de->name, MSDOS_DOT   , MSDOS_NAME) &&
854 		    strncmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) {
855 			result = -ENOTEMPTY;
856 			break;
857 		}
858 	}
859 	brelse(bh);
860 	return result;
861 }
862 
863 EXPORT_SYMBOL_GPL(fat_dir_empty);
864 
865 /*
866  * fat_subdirs counts the number of sub-directories of dir. It can be run
867  * on directories being created.
868  */
869 int fat_subdirs(struct inode *dir)
870 {
871 	struct buffer_head *bh;
872 	struct msdos_dir_entry *de;
873 	loff_t cpos;
874 	int count = 0;
875 
876 	bh = NULL;
877 	cpos = 0;
878 	while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) {
879 		if (de->attr & ATTR_DIR)
880 			count++;
881 	}
882 	brelse(bh);
883 	return count;
884 }
885 
886 /*
887  * Scans a directory for a given file (name points to its formatted name).
888  * Returns an error code or zero.
889  */
890 int fat_scan(struct inode *dir, const unsigned char *name,
891 	     struct fat_slot_info *sinfo)
892 {
893 	struct super_block *sb = dir->i_sb;
894 
895 	sinfo->slot_off = 0;
896 	sinfo->bh = NULL;
897 	while (fat_get_short_entry(dir, &sinfo->slot_off, &sinfo->bh,
898 				   &sinfo->de) >= 0) {
899 		if (!strncmp(sinfo->de->name, name, MSDOS_NAME)) {
900 			sinfo->slot_off -= sizeof(*sinfo->de);
901 			sinfo->nr_slots = 1;
902 			sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de);
903 			return 0;
904 		}
905 	}
906 	return -ENOENT;
907 }
908 
909 EXPORT_SYMBOL_GPL(fat_scan);
910 
911 static int __fat_remove_entries(struct inode *dir, loff_t pos, int nr_slots)
912 {
913 	struct super_block *sb = dir->i_sb;
914 	struct buffer_head *bh;
915 	struct msdos_dir_entry *de, *endp;
916 	int err = 0, orig_slots;
917 
918 	while (nr_slots) {
919 		bh = NULL;
920 		if (fat_get_entry(dir, &pos, &bh, &de) < 0) {
921 			err = -EIO;
922 			break;
923 		}
924 
925 		orig_slots = nr_slots;
926 		endp = (struct msdos_dir_entry *)(bh->b_data + sb->s_blocksize);
927 		while (nr_slots && de < endp) {
928 			de->name[0] = DELETED_FLAG;
929 			de++;
930 			nr_slots--;
931 		}
932 		mark_buffer_dirty(bh);
933 		if (IS_DIRSYNC(dir))
934 			err = sync_dirty_buffer(bh);
935 		brelse(bh);
936 		if (err)
937 			break;
938 
939 		/* pos is *next* de's position, so this does `- sizeof(de)' */
940 		pos += ((orig_slots - nr_slots) * sizeof(*de)) - sizeof(*de);
941 	}
942 
943 	return err;
944 }
945 
946 int fat_remove_entries(struct inode *dir, struct fat_slot_info *sinfo)
947 {
948 	struct msdos_dir_entry *de;
949 	struct buffer_head *bh;
950 	int err = 0, nr_slots;
951 
952 	/*
953 	 * First stage: Remove the shortname. By this, the directory
954 	 * entry is removed.
955 	 */
956 	nr_slots = sinfo->nr_slots;
957 	de = sinfo->de;
958 	sinfo->de = NULL;
959 	bh = sinfo->bh;
960 	sinfo->bh = NULL;
961 	while (nr_slots && de >= (struct msdos_dir_entry *)bh->b_data) {
962 		de->name[0] = DELETED_FLAG;
963 		de--;
964 		nr_slots--;
965 	}
966 	mark_buffer_dirty(bh);
967 	if (IS_DIRSYNC(dir))
968 		err = sync_dirty_buffer(bh);
969 	brelse(bh);
970 	if (err)
971 		return err;
972 	dir->i_version++;
973 
974 	if (nr_slots) {
975 		/*
976 		 * Second stage: remove the remaining longname slots.
977 		 * (This directory entry is already removed, and so return
978 		 * the success)
979 		 */
980 		err = __fat_remove_entries(dir, sinfo->slot_off, nr_slots);
981 		if (err) {
982 			printk(KERN_WARNING
983 			       "FAT: Couldn't remove the long name slots\n");
984 		}
985 	}
986 
987 	dir->i_mtime = dir->i_atime = CURRENT_TIME_SEC;
988 	if (IS_DIRSYNC(dir))
989 		(void)fat_sync_inode(dir);
990 	else
991 		mark_inode_dirty(dir);
992 
993 	return 0;
994 }
995 
996 EXPORT_SYMBOL_GPL(fat_remove_entries);
997 
998 static int fat_zeroed_cluster(struct inode *dir, sector_t blknr, int nr_used,
999 			      struct buffer_head **bhs, int nr_bhs)
1000 {
1001 	struct super_block *sb = dir->i_sb;
1002 	sector_t last_blknr = blknr + MSDOS_SB(sb)->sec_per_clus;
1003 	int err, i, n;
1004 
1005 	/* Zeroing the unused blocks on this cluster */
1006 	blknr += nr_used;
1007 	n = nr_used;
1008 	while (blknr < last_blknr) {
1009 		bhs[n] = sb_getblk(sb, blknr);
1010 		if (!bhs[n]) {
1011 			err = -ENOMEM;
1012 			goto error;
1013 		}
1014 		memset(bhs[n]->b_data, 0, sb->s_blocksize);
1015 		set_buffer_uptodate(bhs[n]);
1016 		mark_buffer_dirty(bhs[n]);
1017 
1018 		n++;
1019 		blknr++;
1020 		if (n == nr_bhs) {
1021 			if (IS_DIRSYNC(dir)) {
1022 				err = fat_sync_bhs(bhs, n);
1023 				if (err)
1024 					goto error;
1025 			}
1026 			for (i = 0; i < n; i++)
1027 				brelse(bhs[i]);
1028 			n = 0;
1029 		}
1030 	}
1031 	if (IS_DIRSYNC(dir)) {
1032 		err = fat_sync_bhs(bhs, n);
1033 		if (err)
1034 			goto error;
1035 	}
1036 	for (i = 0; i < n; i++)
1037 		brelse(bhs[i]);
1038 
1039 	return 0;
1040 
1041 error:
1042 	for (i = 0; i < n; i++)
1043 		bforget(bhs[i]);
1044 	return err;
1045 }
1046 
1047 int fat_alloc_new_dir(struct inode *dir, struct timespec *ts)
1048 {
1049 	struct super_block *sb = dir->i_sb;
1050 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
1051 	struct buffer_head *bhs[MAX_BUF_PER_PAGE];
1052 	struct msdos_dir_entry *de;
1053 	sector_t blknr;
1054 	__le16 date, time;
1055 	int err, cluster;
1056 
1057 	err = fat_alloc_clusters(dir, &cluster, 1);
1058 	if (err)
1059 		goto error;
1060 
1061 	blknr = fat_clus_to_blknr(sbi, cluster);
1062 	bhs[0] = sb_getblk(sb, blknr);
1063 	if (!bhs[0]) {
1064 		err = -ENOMEM;
1065 		goto error_free;
1066 	}
1067 
1068 	fat_date_unix2dos(ts->tv_sec, &time, &date);
1069 
1070 	de = (struct msdos_dir_entry *)bhs[0]->b_data;
1071 	/* filling the new directory slots ("." and ".." entries) */
1072 	memcpy(de[0].name, MSDOS_DOT, MSDOS_NAME);
1073 	memcpy(de[1].name, MSDOS_DOTDOT, MSDOS_NAME);
1074 	de->attr = de[1].attr = ATTR_DIR;
1075 	de[0].lcase = de[1].lcase = 0;
1076 	de[0].time = de[1].time = time;
1077 	de[0].date = de[1].date = date;
1078 	de[0].ctime_cs = de[1].ctime_cs = 0;
1079 	if (sbi->options.isvfat) {
1080 		/* extra timestamps */
1081 		de[0].ctime = de[1].ctime = time;
1082 		de[0].adate = de[0].cdate = de[1].adate = de[1].cdate = date;
1083 	} else {
1084 		de[0].ctime = de[1].ctime = 0;
1085 		de[0].adate = de[0].cdate = de[1].adate = de[1].cdate = 0;
1086 	}
1087 	de[0].start = cpu_to_le16(cluster);
1088 	de[0].starthi = cpu_to_le16(cluster >> 16);
1089 	de[1].start = cpu_to_le16(MSDOS_I(dir)->i_logstart);
1090 	de[1].starthi = cpu_to_le16(MSDOS_I(dir)->i_logstart >> 16);
1091 	de[0].size = de[1].size = 0;
1092 	memset(de + 2, 0, sb->s_blocksize - 2 * sizeof(*de));
1093 	set_buffer_uptodate(bhs[0]);
1094 	mark_buffer_dirty(bhs[0]);
1095 
1096 	err = fat_zeroed_cluster(dir, blknr, 1, bhs, MAX_BUF_PER_PAGE);
1097 	if (err)
1098 		goto error_free;
1099 
1100 	return cluster;
1101 
1102 error_free:
1103 	fat_free_clusters(dir, cluster);
1104 error:
1105 	return err;
1106 }
1107 
1108 EXPORT_SYMBOL_GPL(fat_alloc_new_dir);
1109 
1110 static int fat_add_new_entries(struct inode *dir, void *slots, int nr_slots,
1111 			       int *nr_cluster, struct msdos_dir_entry **de,
1112 			       struct buffer_head **bh, loff_t *i_pos)
1113 {
1114 	struct super_block *sb = dir->i_sb;
1115 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
1116 	struct buffer_head *bhs[MAX_BUF_PER_PAGE];
1117 	sector_t blknr, start_blknr, last_blknr;
1118 	unsigned long size, copy;
1119 	int err, i, n, offset, cluster[2];
1120 
1121 	/*
1122 	 * The minimum cluster size is 512bytes, and maximum entry
1123 	 * size is 32*slots (672bytes).  So, iff the cluster size is
1124 	 * 512bytes, we may need two clusters.
1125 	 */
1126 	size = nr_slots * sizeof(struct msdos_dir_entry);
1127 	*nr_cluster = (size + (sbi->cluster_size - 1)) >> sbi->cluster_bits;
1128 	BUG_ON(*nr_cluster > 2);
1129 
1130 	err = fat_alloc_clusters(dir, cluster, *nr_cluster);
1131 	if (err)
1132 		goto error;
1133 
1134 	/*
1135 	 * First stage: Fill the directory entry.  NOTE: This cluster
1136 	 * is not referenced from any inode yet, so updates order is
1137 	 * not important.
1138 	 */
1139 	i = n = copy = 0;
1140 	do {
1141 		start_blknr = blknr = fat_clus_to_blknr(sbi, cluster[i]);
1142 		last_blknr = start_blknr + sbi->sec_per_clus;
1143 		while (blknr < last_blknr) {
1144 			bhs[n] = sb_getblk(sb, blknr);
1145 			if (!bhs[n]) {
1146 				err = -ENOMEM;
1147 				goto error_nomem;
1148 			}
1149 
1150 			/* fill the directory entry */
1151 			copy = min(size, sb->s_blocksize);
1152 			memcpy(bhs[n]->b_data, slots, copy);
1153 			slots += copy;
1154 			size -= copy;
1155 			set_buffer_uptodate(bhs[n]);
1156 			mark_buffer_dirty(bhs[n]);
1157 			if (!size)
1158 				break;
1159 			n++;
1160 			blknr++;
1161 		}
1162 	} while (++i < *nr_cluster);
1163 
1164 	memset(bhs[n]->b_data + copy, 0, sb->s_blocksize - copy);
1165 	offset = copy - sizeof(struct msdos_dir_entry);
1166 	get_bh(bhs[n]);
1167 	*bh = bhs[n];
1168 	*de = (struct msdos_dir_entry *)((*bh)->b_data + offset);
1169 	*i_pos = fat_make_i_pos(sb, *bh, *de);
1170 
1171 	/* Second stage: clear the rest of cluster, and write outs */
1172 	err = fat_zeroed_cluster(dir, start_blknr, ++n, bhs, MAX_BUF_PER_PAGE);
1173 	if (err)
1174 		goto error_free;
1175 
1176 	return cluster[0];
1177 
1178 error_free:
1179 	brelse(*bh);
1180 	*bh = NULL;
1181 	n = 0;
1182 error_nomem:
1183 	for (i = 0; i < n; i++)
1184 		bforget(bhs[i]);
1185 	fat_free_clusters(dir, cluster[0]);
1186 error:
1187 	return err;
1188 }
1189 
1190 int fat_add_entries(struct inode *dir, void *slots, int nr_slots,
1191 		    struct fat_slot_info *sinfo)
1192 {
1193 	struct super_block *sb = dir->i_sb;
1194 	struct msdos_sb_info *sbi = MSDOS_SB(sb);
1195 	struct buffer_head *bh, *prev, *bhs[3]; /* 32*slots (672bytes) */
1196 	struct msdos_dir_entry *de;
1197 	int err, free_slots, i, nr_bhs;
1198 	loff_t pos, i_pos;
1199 
1200 	sinfo->nr_slots = nr_slots;
1201 
1202 	/* First stage: search free direcotry entries */
1203 	free_slots = nr_bhs = 0;
1204 	bh = prev = NULL;
1205 	pos = 0;
1206 	err = -ENOSPC;
1207 	while (fat_get_entry(dir, &pos, &bh, &de) > -1) {
1208 		/* check the maximum size of directory */
1209 		if (pos >= FAT_MAX_DIR_SIZE)
1210 			goto error;
1211 
1212 		if (IS_FREE(de->name)) {
1213 			if (prev != bh) {
1214 				get_bh(bh);
1215 				bhs[nr_bhs] = prev = bh;
1216 				nr_bhs++;
1217 			}
1218 			free_slots++;
1219 			if (free_slots == nr_slots)
1220 				goto found;
1221 		} else {
1222 			for (i = 0; i < nr_bhs; i++)
1223 				brelse(bhs[i]);
1224 			prev = NULL;
1225 			free_slots = nr_bhs = 0;
1226 		}
1227 	}
1228 	if (dir->i_ino == MSDOS_ROOT_INO) {
1229 		if (sbi->fat_bits != 32)
1230 			goto error;
1231 	} else if (MSDOS_I(dir)->i_start == 0) {
1232 		printk(KERN_ERR "FAT: Corrupted directory (i_pos %lld)\n",
1233 		       MSDOS_I(dir)->i_pos);
1234 		err = -EIO;
1235 		goto error;
1236 	}
1237 
1238 found:
1239 	err = 0;
1240 	pos -= free_slots * sizeof(*de);
1241 	nr_slots -= free_slots;
1242 	if (free_slots) {
1243 		/*
1244 		 * Second stage: filling the free entries with new entries.
1245 		 * NOTE: If this slots has shortname, first, we write
1246 		 * the long name slots, then write the short name.
1247 		 */
1248 		int size = free_slots * sizeof(*de);
1249 		int offset = pos & (sb->s_blocksize - 1);
1250 		int long_bhs = nr_bhs - (nr_slots == 0);
1251 
1252 		/* Fill the long name slots. */
1253 		for (i = 0; i < long_bhs; i++) {
1254 			int copy = min_t(int, sb->s_blocksize - offset, size);
1255 			memcpy(bhs[i]->b_data + offset, slots, copy);
1256 			mark_buffer_dirty(bhs[i]);
1257 			offset = 0;
1258 			slots += copy;
1259 			size -= copy;
1260 		}
1261 		if (long_bhs && IS_DIRSYNC(dir))
1262 			err = fat_sync_bhs(bhs, long_bhs);
1263 		if (!err && i < nr_bhs) {
1264 			/* Fill the short name slot. */
1265 			int copy = min_t(int, sb->s_blocksize - offset, size);
1266 			memcpy(bhs[i]->b_data + offset, slots, copy);
1267 			mark_buffer_dirty(bhs[i]);
1268 			if (IS_DIRSYNC(dir))
1269 				err = sync_dirty_buffer(bhs[i]);
1270 		}
1271 		for (i = 0; i < nr_bhs; i++)
1272 			brelse(bhs[i]);
1273 		if (err)
1274 			goto error_remove;
1275 	}
1276 
1277 	if (nr_slots) {
1278 		int cluster, nr_cluster;
1279 
1280 		/*
1281 		 * Third stage: allocate the cluster for new entries.
1282 		 * And initialize the cluster with new entries, then
1283 		 * add the cluster to dir.
1284 		 */
1285 		cluster = fat_add_new_entries(dir, slots, nr_slots, &nr_cluster,
1286 					      &de, &bh, &i_pos);
1287 		if (cluster < 0) {
1288 			err = cluster;
1289 			goto error_remove;
1290 		}
1291 		err = fat_chain_add(dir, cluster, nr_cluster);
1292 		if (err) {
1293 			fat_free_clusters(dir, cluster);
1294 			goto error_remove;
1295 		}
1296 		if (dir->i_size & (sbi->cluster_size - 1)) {
1297 			fat_fs_panic(sb, "Odd directory size");
1298 			dir->i_size = (dir->i_size + sbi->cluster_size - 1)
1299 				& ~((loff_t)sbi->cluster_size - 1);
1300 		}
1301 		dir->i_size += nr_cluster << sbi->cluster_bits;
1302 		MSDOS_I(dir)->mmu_private += nr_cluster << sbi->cluster_bits;
1303 	}
1304 	sinfo->slot_off = pos;
1305 	sinfo->de = de;
1306 	sinfo->bh = bh;
1307 	sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de);
1308 
1309 	return 0;
1310 
1311 error:
1312 	brelse(bh);
1313 	for (i = 0; i < nr_bhs; i++)
1314 		brelse(bhs[i]);
1315 	return err;
1316 
1317 error_remove:
1318 	brelse(bh);
1319 	if (free_slots)
1320 		__fat_remove_entries(dir, pos, free_slots);
1321 	return err;
1322 }
1323 
1324 EXPORT_SYMBOL_GPL(fat_add_entries);
1325