xref: /openbmc/linux/fs/ntfs/dir.c (revision 2f0f2441b4a10948e2ec042b48fef13680387f7c)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /**
3  * dir.c - NTFS kernel directory operations. Part of the Linux-NTFS project.
4  *
5  * Copyright (c) 2001-2007 Anton Altaparmakov
6  * Copyright (c) 2002 Richard Russon
7  */
8 
9 #include <linux/buffer_head.h>
10 #include <linux/slab.h>
11 
12 #include "dir.h"
13 #include "aops.h"
14 #include "attrib.h"
15 #include "mft.h"
16 #include "debug.h"
17 #include "ntfs.h"
18 
19 /**
20  * The little endian Unicode string $I30 as a global constant.
21  */
22 ntfschar I30[5] = { cpu_to_le16('$'), cpu_to_le16('I'),
23 		cpu_to_le16('3'),	cpu_to_le16('0'), 0 };
24 
25 /**
26  * ntfs_lookup_inode_by_name - find an inode in a directory given its name
27  * @dir_ni:	ntfs inode of the directory in which to search for the name
28  * @uname:	Unicode name for which to search in the directory
29  * @uname_len:	length of the name @uname in Unicode characters
30  * @res:	return the found file name if necessary (see below)
31  *
32  * Look for an inode with name @uname in the directory with inode @dir_ni.
33  * ntfs_lookup_inode_by_name() walks the contents of the directory looking for
34  * the Unicode name. If the name is found in the directory, the corresponding
35  * inode number (>= 0) is returned as a mft reference in cpu format, i.e. it
36  * is a 64-bit number containing the sequence number.
37  *
38  * On error, a negative value is returned corresponding to the error code. In
39  * particular if the inode is not found -ENOENT is returned. Note that you
40  * can't just check the return value for being negative, you have to check the
41  * inode number for being negative which you can extract using MREC(return
42  * value).
43  *
44  * Note, @uname_len does not include the (optional) terminating NULL character.
45  *
46  * Note, we look for a case sensitive match first but we also look for a case
47  * insensitive match at the same time. If we find a case insensitive match, we
48  * save that for the case that we don't find an exact match, where we return
49  * the case insensitive match and setup @res (which we allocate!) with the mft
50  * reference, the file name type, length and with a copy of the little endian
51  * Unicode file name itself. If we match a file name which is in the DOS name
52  * space, we only return the mft reference and file name type in @res.
53  * ntfs_lookup() then uses this to find the long file name in the inode itself.
54  * This is to avoid polluting the dcache with short file names. We want them to
55  * work but we don't care for how quickly one can access them. This also fixes
56  * the dcache aliasing issues.
57  *
58  * Locking:  - Caller must hold i_mutex on the directory.
59  *	     - Each page cache page in the index allocation mapping must be
60  *	       locked whilst being accessed otherwise we may find a corrupt
61  *	       page due to it being under ->writepage at the moment which
62  *	       applies the mst protection fixups before writing out and then
63  *	       removes them again after the write is complete after which it
64  *	       unlocks the page.
65  */
66 MFT_REF ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const ntfschar *uname,
67 		const int uname_len, ntfs_name **res)
68 {
69 	ntfs_volume *vol = dir_ni->vol;
70 	struct super_block *sb = vol->sb;
71 	MFT_RECORD *m;
72 	INDEX_ROOT *ir;
73 	INDEX_ENTRY *ie;
74 	INDEX_ALLOCATION *ia;
75 	u8 *index_end;
76 	u64 mref;
77 	ntfs_attr_search_ctx *ctx;
78 	int err, rc;
79 	VCN vcn, old_vcn;
80 	struct address_space *ia_mapping;
81 	struct page *page;
82 	u8 *kaddr;
83 	ntfs_name *name = NULL;
84 
85 	BUG_ON(!S_ISDIR(VFS_I(dir_ni)->i_mode));
86 	BUG_ON(NInoAttr(dir_ni));
87 	/* Get hold of the mft record for the directory. */
88 	m = map_mft_record(dir_ni);
89 	if (IS_ERR(m)) {
90 		ntfs_error(sb, "map_mft_record() failed with error code %ld.",
91 				-PTR_ERR(m));
92 		return ERR_MREF(PTR_ERR(m));
93 	}
94 	ctx = ntfs_attr_get_search_ctx(dir_ni, m);
95 	if (unlikely(!ctx)) {
96 		err = -ENOMEM;
97 		goto err_out;
98 	}
99 	/* Find the index root attribute in the mft record. */
100 	err = ntfs_attr_lookup(AT_INDEX_ROOT, I30, 4, CASE_SENSITIVE, 0, NULL,
101 			0, ctx);
102 	if (unlikely(err)) {
103 		if (err == -ENOENT) {
104 			ntfs_error(sb, "Index root attribute missing in "
105 					"directory inode 0x%lx.",
106 					dir_ni->mft_no);
107 			err = -EIO;
108 		}
109 		goto err_out;
110 	}
111 	/* Get to the index root value (it's been verified in read_inode). */
112 	ir = (INDEX_ROOT*)((u8*)ctx->attr +
113 			le16_to_cpu(ctx->attr->data.resident.value_offset));
114 	index_end = (u8*)&ir->index + le32_to_cpu(ir->index.index_length);
115 	/* The first index entry. */
116 	ie = (INDEX_ENTRY*)((u8*)&ir->index +
117 			le32_to_cpu(ir->index.entries_offset));
118 	/*
119 	 * Loop until we exceed valid memory (corruption case) or until we
120 	 * reach the last entry.
121 	 */
122 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
123 		/* Bounds checks. */
124 		if ((u8*)ie < (u8*)ctx->mrec || (u8*)ie +
125 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
126 				(u8*)ie + le16_to_cpu(ie->key_length) >
127 				index_end)
128 			goto dir_err_out;
129 		/*
130 		 * The last entry cannot contain a name. It can however contain
131 		 * a pointer to a child node in the B+tree so we just break out.
132 		 */
133 		if (ie->flags & INDEX_ENTRY_END)
134 			break;
135 		/*
136 		 * We perform a case sensitive comparison and if that matches
137 		 * we are done and return the mft reference of the inode (i.e.
138 		 * the inode number together with the sequence number for
139 		 * consistency checking). We convert it to cpu format before
140 		 * returning.
141 		 */
142 		if (ntfs_are_names_equal(uname, uname_len,
143 				(ntfschar*)&ie->key.file_name.file_name,
144 				ie->key.file_name.file_name_length,
145 				CASE_SENSITIVE, vol->upcase, vol->upcase_len)) {
146 found_it:
147 			/*
148 			 * We have a perfect match, so we don't need to care
149 			 * about having matched imperfectly before, so we can
150 			 * free name and set *res to NULL.
151 			 * However, if the perfect match is a short file name,
152 			 * we need to signal this through *res, so that
153 			 * ntfs_lookup() can fix dcache aliasing issues.
154 			 * As an optimization we just reuse an existing
155 			 * allocation of *res.
156 			 */
157 			if (ie->key.file_name.file_name_type == FILE_NAME_DOS) {
158 				if (!name) {
159 					name = kmalloc(sizeof(ntfs_name),
160 							GFP_NOFS);
161 					if (!name) {
162 						err = -ENOMEM;
163 						goto err_out;
164 					}
165 				}
166 				name->mref = le64_to_cpu(
167 						ie->data.dir.indexed_file);
168 				name->type = FILE_NAME_DOS;
169 				name->len = 0;
170 				*res = name;
171 			} else {
172 				kfree(name);
173 				*res = NULL;
174 			}
175 			mref = le64_to_cpu(ie->data.dir.indexed_file);
176 			ntfs_attr_put_search_ctx(ctx);
177 			unmap_mft_record(dir_ni);
178 			return mref;
179 		}
180 		/*
181 		 * For a case insensitive mount, we also perform a case
182 		 * insensitive comparison (provided the file name is not in the
183 		 * POSIX namespace). If the comparison matches, and the name is
184 		 * in the WIN32 namespace, we cache the filename in *res so
185 		 * that the caller, ntfs_lookup(), can work on it. If the
186 		 * comparison matches, and the name is in the DOS namespace, we
187 		 * only cache the mft reference and the file name type (we set
188 		 * the name length to zero for simplicity).
189 		 */
190 		if (!NVolCaseSensitive(vol) &&
191 				ie->key.file_name.file_name_type &&
192 				ntfs_are_names_equal(uname, uname_len,
193 				(ntfschar*)&ie->key.file_name.file_name,
194 				ie->key.file_name.file_name_length,
195 				IGNORE_CASE, vol->upcase, vol->upcase_len)) {
196 			int name_size = sizeof(ntfs_name);
197 			u8 type = ie->key.file_name.file_name_type;
198 			u8 len = ie->key.file_name.file_name_length;
199 
200 			/* Only one case insensitive matching name allowed. */
201 			if (name) {
202 				ntfs_error(sb, "Found already allocated name "
203 						"in phase 1. Please run chkdsk "
204 						"and if that doesn't find any "
205 						"errors please report you saw "
206 						"this message to "
207 						"linux-ntfs-dev@lists."
208 						"sourceforge.net.");
209 				goto dir_err_out;
210 			}
211 
212 			if (type != FILE_NAME_DOS)
213 				name_size += len * sizeof(ntfschar);
214 			name = kmalloc(name_size, GFP_NOFS);
215 			if (!name) {
216 				err = -ENOMEM;
217 				goto err_out;
218 			}
219 			name->mref = le64_to_cpu(ie->data.dir.indexed_file);
220 			name->type = type;
221 			if (type != FILE_NAME_DOS) {
222 				name->len = len;
223 				memcpy(name->name, ie->key.file_name.file_name,
224 						len * sizeof(ntfschar));
225 			} else
226 				name->len = 0;
227 			*res = name;
228 		}
229 		/*
230 		 * Not a perfect match, need to do full blown collation so we
231 		 * know which way in the B+tree we have to go.
232 		 */
233 		rc = ntfs_collate_names(uname, uname_len,
234 				(ntfschar*)&ie->key.file_name.file_name,
235 				ie->key.file_name.file_name_length, 1,
236 				IGNORE_CASE, vol->upcase, vol->upcase_len);
237 		/*
238 		 * If uname collates before the name of the current entry, there
239 		 * is definitely no such name in this index but we might need to
240 		 * descend into the B+tree so we just break out of the loop.
241 		 */
242 		if (rc == -1)
243 			break;
244 		/* The names are not equal, continue the search. */
245 		if (rc)
246 			continue;
247 		/*
248 		 * Names match with case insensitive comparison, now try the
249 		 * case sensitive comparison, which is required for proper
250 		 * collation.
251 		 */
252 		rc = ntfs_collate_names(uname, uname_len,
253 				(ntfschar*)&ie->key.file_name.file_name,
254 				ie->key.file_name.file_name_length, 1,
255 				CASE_SENSITIVE, vol->upcase, vol->upcase_len);
256 		if (rc == -1)
257 			break;
258 		if (rc)
259 			continue;
260 		/*
261 		 * Perfect match, this will never happen as the
262 		 * ntfs_are_names_equal() call will have gotten a match but we
263 		 * still treat it correctly.
264 		 */
265 		goto found_it;
266 	}
267 	/*
268 	 * We have finished with this index without success. Check for the
269 	 * presence of a child node and if not present return -ENOENT, unless
270 	 * we have got a matching name cached in name in which case return the
271 	 * mft reference associated with it.
272 	 */
273 	if (!(ie->flags & INDEX_ENTRY_NODE)) {
274 		if (name) {
275 			ntfs_attr_put_search_ctx(ctx);
276 			unmap_mft_record(dir_ni);
277 			return name->mref;
278 		}
279 		ntfs_debug("Entry not found.");
280 		err = -ENOENT;
281 		goto err_out;
282 	} /* Child node present, descend into it. */
283 	/* Consistency check: Verify that an index allocation exists. */
284 	if (!NInoIndexAllocPresent(dir_ni)) {
285 		ntfs_error(sb, "No index allocation attribute but index entry "
286 				"requires one. Directory inode 0x%lx is "
287 				"corrupt or driver bug.", dir_ni->mft_no);
288 		goto err_out;
289 	}
290 	/* Get the starting vcn of the index_block holding the child node. */
291 	vcn = sle64_to_cpup((sle64*)((u8*)ie + le16_to_cpu(ie->length) - 8));
292 	ia_mapping = VFS_I(dir_ni)->i_mapping;
293 	/*
294 	 * We are done with the index root and the mft record. Release them,
295 	 * otherwise we deadlock with ntfs_map_page().
296 	 */
297 	ntfs_attr_put_search_ctx(ctx);
298 	unmap_mft_record(dir_ni);
299 	m = NULL;
300 	ctx = NULL;
301 descend_into_child_node:
302 	/*
303 	 * Convert vcn to index into the index allocation attribute in units
304 	 * of PAGE_SIZE and map the page cache page, reading it from
305 	 * disk if necessary.
306 	 */
307 	page = ntfs_map_page(ia_mapping, vcn <<
308 			dir_ni->itype.index.vcn_size_bits >> PAGE_SHIFT);
309 	if (IS_ERR(page)) {
310 		ntfs_error(sb, "Failed to map directory index page, error %ld.",
311 				-PTR_ERR(page));
312 		err = PTR_ERR(page);
313 		goto err_out;
314 	}
315 	lock_page(page);
316 	kaddr = (u8*)page_address(page);
317 fast_descend_into_child_node:
318 	/* Get to the index allocation block. */
319 	ia = (INDEX_ALLOCATION*)(kaddr + ((vcn <<
320 			dir_ni->itype.index.vcn_size_bits) & ~PAGE_MASK));
321 	/* Bounds checks. */
322 	if ((u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_SIZE) {
323 		ntfs_error(sb, "Out of bounds check failed. Corrupt directory "
324 				"inode 0x%lx or driver bug.", dir_ni->mft_no);
325 		goto unm_err_out;
326 	}
327 	/* Catch multi sector transfer fixup errors. */
328 	if (unlikely(!ntfs_is_indx_record(ia->magic))) {
329 		ntfs_error(sb, "Directory index record with vcn 0x%llx is "
330 				"corrupt.  Corrupt inode 0x%lx.  Run chkdsk.",
331 				(unsigned long long)vcn, dir_ni->mft_no);
332 		goto unm_err_out;
333 	}
334 	if (sle64_to_cpu(ia->index_block_vcn) != vcn) {
335 		ntfs_error(sb, "Actual VCN (0x%llx) of index buffer is "
336 				"different from expected VCN (0x%llx). "
337 				"Directory inode 0x%lx is corrupt or driver "
338 				"bug.", (unsigned long long)
339 				sle64_to_cpu(ia->index_block_vcn),
340 				(unsigned long long)vcn, dir_ni->mft_no);
341 		goto unm_err_out;
342 	}
343 	if (le32_to_cpu(ia->index.allocated_size) + 0x18 !=
344 			dir_ni->itype.index.block_size) {
345 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
346 				"0x%lx has a size (%u) differing from the "
347 				"directory specified size (%u). Directory "
348 				"inode is corrupt or driver bug.",
349 				(unsigned long long)vcn, dir_ni->mft_no,
350 				le32_to_cpu(ia->index.allocated_size) + 0x18,
351 				dir_ni->itype.index.block_size);
352 		goto unm_err_out;
353 	}
354 	index_end = (u8*)ia + dir_ni->itype.index.block_size;
355 	if (index_end > kaddr + PAGE_SIZE) {
356 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
357 				"0x%lx crosses page boundary. Impossible! "
358 				"Cannot access! This is probably a bug in the "
359 				"driver.", (unsigned long long)vcn,
360 				dir_ni->mft_no);
361 		goto unm_err_out;
362 	}
363 	index_end = (u8*)&ia->index + le32_to_cpu(ia->index.index_length);
364 	if (index_end > (u8*)ia + dir_ni->itype.index.block_size) {
365 		ntfs_error(sb, "Size of index buffer (VCN 0x%llx) of directory "
366 				"inode 0x%lx exceeds maximum size.",
367 				(unsigned long long)vcn, dir_ni->mft_no);
368 		goto unm_err_out;
369 	}
370 	/* The first index entry. */
371 	ie = (INDEX_ENTRY*)((u8*)&ia->index +
372 			le32_to_cpu(ia->index.entries_offset));
373 	/*
374 	 * Iterate similar to above big loop but applied to index buffer, thus
375 	 * loop until we exceed valid memory (corruption case) or until we
376 	 * reach the last entry.
377 	 */
378 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
379 		/* Bounds check. */
380 		if ((u8*)ie < (u8*)ia || (u8*)ie +
381 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
382 				(u8*)ie + le16_to_cpu(ie->key_length) >
383 				index_end) {
384 			ntfs_error(sb, "Index entry out of bounds in "
385 					"directory inode 0x%lx.",
386 					dir_ni->mft_no);
387 			goto unm_err_out;
388 		}
389 		/*
390 		 * The last entry cannot contain a name. It can however contain
391 		 * a pointer to a child node in the B+tree so we just break out.
392 		 */
393 		if (ie->flags & INDEX_ENTRY_END)
394 			break;
395 		/*
396 		 * We perform a case sensitive comparison and if that matches
397 		 * we are done and return the mft reference of the inode (i.e.
398 		 * the inode number together with the sequence number for
399 		 * consistency checking). We convert it to cpu format before
400 		 * returning.
401 		 */
402 		if (ntfs_are_names_equal(uname, uname_len,
403 				(ntfschar*)&ie->key.file_name.file_name,
404 				ie->key.file_name.file_name_length,
405 				CASE_SENSITIVE, vol->upcase, vol->upcase_len)) {
406 found_it2:
407 			/*
408 			 * We have a perfect match, so we don't need to care
409 			 * about having matched imperfectly before, so we can
410 			 * free name and set *res to NULL.
411 			 * However, if the perfect match is a short file name,
412 			 * we need to signal this through *res, so that
413 			 * ntfs_lookup() can fix dcache aliasing issues.
414 			 * As an optimization we just reuse an existing
415 			 * allocation of *res.
416 			 */
417 			if (ie->key.file_name.file_name_type == FILE_NAME_DOS) {
418 				if (!name) {
419 					name = kmalloc(sizeof(ntfs_name),
420 							GFP_NOFS);
421 					if (!name) {
422 						err = -ENOMEM;
423 						goto unm_err_out;
424 					}
425 				}
426 				name->mref = le64_to_cpu(
427 						ie->data.dir.indexed_file);
428 				name->type = FILE_NAME_DOS;
429 				name->len = 0;
430 				*res = name;
431 			} else {
432 				kfree(name);
433 				*res = NULL;
434 			}
435 			mref = le64_to_cpu(ie->data.dir.indexed_file);
436 			unlock_page(page);
437 			ntfs_unmap_page(page);
438 			return mref;
439 		}
440 		/*
441 		 * For a case insensitive mount, we also perform a case
442 		 * insensitive comparison (provided the file name is not in the
443 		 * POSIX namespace). If the comparison matches, and the name is
444 		 * in the WIN32 namespace, we cache the filename in *res so
445 		 * that the caller, ntfs_lookup(), can work on it. If the
446 		 * comparison matches, and the name is in the DOS namespace, we
447 		 * only cache the mft reference and the file name type (we set
448 		 * the name length to zero for simplicity).
449 		 */
450 		if (!NVolCaseSensitive(vol) &&
451 				ie->key.file_name.file_name_type &&
452 				ntfs_are_names_equal(uname, uname_len,
453 				(ntfschar*)&ie->key.file_name.file_name,
454 				ie->key.file_name.file_name_length,
455 				IGNORE_CASE, vol->upcase, vol->upcase_len)) {
456 			int name_size = sizeof(ntfs_name);
457 			u8 type = ie->key.file_name.file_name_type;
458 			u8 len = ie->key.file_name.file_name_length;
459 
460 			/* Only one case insensitive matching name allowed. */
461 			if (name) {
462 				ntfs_error(sb, "Found already allocated name "
463 						"in phase 2. Please run chkdsk "
464 						"and if that doesn't find any "
465 						"errors please report you saw "
466 						"this message to "
467 						"linux-ntfs-dev@lists."
468 						"sourceforge.net.");
469 				unlock_page(page);
470 				ntfs_unmap_page(page);
471 				goto dir_err_out;
472 			}
473 
474 			if (type != FILE_NAME_DOS)
475 				name_size += len * sizeof(ntfschar);
476 			name = kmalloc(name_size, GFP_NOFS);
477 			if (!name) {
478 				err = -ENOMEM;
479 				goto unm_err_out;
480 			}
481 			name->mref = le64_to_cpu(ie->data.dir.indexed_file);
482 			name->type = type;
483 			if (type != FILE_NAME_DOS) {
484 				name->len = len;
485 				memcpy(name->name, ie->key.file_name.file_name,
486 						len * sizeof(ntfschar));
487 			} else
488 				name->len = 0;
489 			*res = name;
490 		}
491 		/*
492 		 * Not a perfect match, need to do full blown collation so we
493 		 * know which way in the B+tree we have to go.
494 		 */
495 		rc = ntfs_collate_names(uname, uname_len,
496 				(ntfschar*)&ie->key.file_name.file_name,
497 				ie->key.file_name.file_name_length, 1,
498 				IGNORE_CASE, vol->upcase, vol->upcase_len);
499 		/*
500 		 * If uname collates before the name of the current entry, there
501 		 * is definitely no such name in this index but we might need to
502 		 * descend into the B+tree so we just break out of the loop.
503 		 */
504 		if (rc == -1)
505 			break;
506 		/* The names are not equal, continue the search. */
507 		if (rc)
508 			continue;
509 		/*
510 		 * Names match with case insensitive comparison, now try the
511 		 * case sensitive comparison, which is required for proper
512 		 * collation.
513 		 */
514 		rc = ntfs_collate_names(uname, uname_len,
515 				(ntfschar*)&ie->key.file_name.file_name,
516 				ie->key.file_name.file_name_length, 1,
517 				CASE_SENSITIVE, vol->upcase, vol->upcase_len);
518 		if (rc == -1)
519 			break;
520 		if (rc)
521 			continue;
522 		/*
523 		 * Perfect match, this will never happen as the
524 		 * ntfs_are_names_equal() call will have gotten a match but we
525 		 * still treat it correctly.
526 		 */
527 		goto found_it2;
528 	}
529 	/*
530 	 * We have finished with this index buffer without success. Check for
531 	 * the presence of a child node.
532 	 */
533 	if (ie->flags & INDEX_ENTRY_NODE) {
534 		if ((ia->index.flags & NODE_MASK) == LEAF_NODE) {
535 			ntfs_error(sb, "Index entry with child node found in "
536 					"a leaf node in directory inode 0x%lx.",
537 					dir_ni->mft_no);
538 			goto unm_err_out;
539 		}
540 		/* Child node present, descend into it. */
541 		old_vcn = vcn;
542 		vcn = sle64_to_cpup((sle64*)((u8*)ie +
543 				le16_to_cpu(ie->length) - 8));
544 		if (vcn >= 0) {
545 			/* If vcn is in the same page cache page as old_vcn we
546 			 * recycle the mapped page. */
547 			if (old_vcn << vol->cluster_size_bits >>
548 					PAGE_SHIFT == vcn <<
549 					vol->cluster_size_bits >>
550 					PAGE_SHIFT)
551 				goto fast_descend_into_child_node;
552 			unlock_page(page);
553 			ntfs_unmap_page(page);
554 			goto descend_into_child_node;
555 		}
556 		ntfs_error(sb, "Negative child node vcn in directory inode "
557 				"0x%lx.", dir_ni->mft_no);
558 		goto unm_err_out;
559 	}
560 	/*
561 	 * No child node present, return -ENOENT, unless we have got a matching
562 	 * name cached in name in which case return the mft reference
563 	 * associated with it.
564 	 */
565 	if (name) {
566 		unlock_page(page);
567 		ntfs_unmap_page(page);
568 		return name->mref;
569 	}
570 	ntfs_debug("Entry not found.");
571 	err = -ENOENT;
572 unm_err_out:
573 	unlock_page(page);
574 	ntfs_unmap_page(page);
575 err_out:
576 	if (!err)
577 		err = -EIO;
578 	if (ctx)
579 		ntfs_attr_put_search_ctx(ctx);
580 	if (m)
581 		unmap_mft_record(dir_ni);
582 	if (name) {
583 		kfree(name);
584 		*res = NULL;
585 	}
586 	return ERR_MREF(err);
587 dir_err_out:
588 	ntfs_error(sb, "Corrupt directory.  Aborting lookup.");
589 	goto err_out;
590 }
591 
592 #if 0
593 
594 // TODO: (AIA)
595 // The algorithm embedded in this code will be required for the time when we
596 // want to support adding of entries to directories, where we require correct
597 // collation of file names in order not to cause corruption of the filesystem.
598 
599 /**
600  * ntfs_lookup_inode_by_name - find an inode in a directory given its name
601  * @dir_ni:	ntfs inode of the directory in which to search for the name
602  * @uname:	Unicode name for which to search in the directory
603  * @uname_len:	length of the name @uname in Unicode characters
604  *
605  * Look for an inode with name @uname in the directory with inode @dir_ni.
606  * ntfs_lookup_inode_by_name() walks the contents of the directory looking for
607  * the Unicode name. If the name is found in the directory, the corresponding
608  * inode number (>= 0) is returned as a mft reference in cpu format, i.e. it
609  * is a 64-bit number containing the sequence number.
610  *
611  * On error, a negative value is returned corresponding to the error code. In
612  * particular if the inode is not found -ENOENT is returned. Note that you
613  * can't just check the return value for being negative, you have to check the
614  * inode number for being negative which you can extract using MREC(return
615  * value).
616  *
617  * Note, @uname_len does not include the (optional) terminating NULL character.
618  */
619 u64 ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const ntfschar *uname,
620 		const int uname_len)
621 {
622 	ntfs_volume *vol = dir_ni->vol;
623 	struct super_block *sb = vol->sb;
624 	MFT_RECORD *m;
625 	INDEX_ROOT *ir;
626 	INDEX_ENTRY *ie;
627 	INDEX_ALLOCATION *ia;
628 	u8 *index_end;
629 	u64 mref;
630 	ntfs_attr_search_ctx *ctx;
631 	int err, rc;
632 	IGNORE_CASE_BOOL ic;
633 	VCN vcn, old_vcn;
634 	struct address_space *ia_mapping;
635 	struct page *page;
636 	u8 *kaddr;
637 
638 	/* Get hold of the mft record for the directory. */
639 	m = map_mft_record(dir_ni);
640 	if (IS_ERR(m)) {
641 		ntfs_error(sb, "map_mft_record() failed with error code %ld.",
642 				-PTR_ERR(m));
643 		return ERR_MREF(PTR_ERR(m));
644 	}
645 	ctx = ntfs_attr_get_search_ctx(dir_ni, m);
646 	if (!ctx) {
647 		err = -ENOMEM;
648 		goto err_out;
649 	}
650 	/* Find the index root attribute in the mft record. */
651 	err = ntfs_attr_lookup(AT_INDEX_ROOT, I30, 4, CASE_SENSITIVE, 0, NULL,
652 			0, ctx);
653 	if (unlikely(err)) {
654 		if (err == -ENOENT) {
655 			ntfs_error(sb, "Index root attribute missing in "
656 					"directory inode 0x%lx.",
657 					dir_ni->mft_no);
658 			err = -EIO;
659 		}
660 		goto err_out;
661 	}
662 	/* Get to the index root value (it's been verified in read_inode). */
663 	ir = (INDEX_ROOT*)((u8*)ctx->attr +
664 			le16_to_cpu(ctx->attr->data.resident.value_offset));
665 	index_end = (u8*)&ir->index + le32_to_cpu(ir->index.index_length);
666 	/* The first index entry. */
667 	ie = (INDEX_ENTRY*)((u8*)&ir->index +
668 			le32_to_cpu(ir->index.entries_offset));
669 	/*
670 	 * Loop until we exceed valid memory (corruption case) or until we
671 	 * reach the last entry.
672 	 */
673 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
674 		/* Bounds checks. */
675 		if ((u8*)ie < (u8*)ctx->mrec || (u8*)ie +
676 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
677 				(u8*)ie + le16_to_cpu(ie->key_length) >
678 				index_end)
679 			goto dir_err_out;
680 		/*
681 		 * The last entry cannot contain a name. It can however contain
682 		 * a pointer to a child node in the B+tree so we just break out.
683 		 */
684 		if (ie->flags & INDEX_ENTRY_END)
685 			break;
686 		/*
687 		 * If the current entry has a name type of POSIX, the name is
688 		 * case sensitive and not otherwise. This has the effect of us
689 		 * not being able to access any POSIX file names which collate
690 		 * after the non-POSIX one when they only differ in case, but
691 		 * anyone doing screwy stuff like that deserves to burn in
692 		 * hell... Doing that kind of stuff on NT4 actually causes
693 		 * corruption on the partition even when using SP6a and Linux
694 		 * is not involved at all.
695 		 */
696 		ic = ie->key.file_name.file_name_type ? IGNORE_CASE :
697 				CASE_SENSITIVE;
698 		/*
699 		 * If the names match perfectly, we are done and return the
700 		 * mft reference of the inode (i.e. the inode number together
701 		 * with the sequence number for consistency checking. We
702 		 * convert it to cpu format before returning.
703 		 */
704 		if (ntfs_are_names_equal(uname, uname_len,
705 				(ntfschar*)&ie->key.file_name.file_name,
706 				ie->key.file_name.file_name_length, ic,
707 				vol->upcase, vol->upcase_len)) {
708 found_it:
709 			mref = le64_to_cpu(ie->data.dir.indexed_file);
710 			ntfs_attr_put_search_ctx(ctx);
711 			unmap_mft_record(dir_ni);
712 			return mref;
713 		}
714 		/*
715 		 * Not a perfect match, need to do full blown collation so we
716 		 * know which way in the B+tree we have to go.
717 		 */
718 		rc = ntfs_collate_names(uname, uname_len,
719 				(ntfschar*)&ie->key.file_name.file_name,
720 				ie->key.file_name.file_name_length, 1,
721 				IGNORE_CASE, vol->upcase, vol->upcase_len);
722 		/*
723 		 * If uname collates before the name of the current entry, there
724 		 * is definitely no such name in this index but we might need to
725 		 * descend into the B+tree so we just break out of the loop.
726 		 */
727 		if (rc == -1)
728 			break;
729 		/* The names are not equal, continue the search. */
730 		if (rc)
731 			continue;
732 		/*
733 		 * Names match with case insensitive comparison, now try the
734 		 * case sensitive comparison, which is required for proper
735 		 * collation.
736 		 */
737 		rc = ntfs_collate_names(uname, uname_len,
738 				(ntfschar*)&ie->key.file_name.file_name,
739 				ie->key.file_name.file_name_length, 1,
740 				CASE_SENSITIVE, vol->upcase, vol->upcase_len);
741 		if (rc == -1)
742 			break;
743 		if (rc)
744 			continue;
745 		/*
746 		 * Perfect match, this will never happen as the
747 		 * ntfs_are_names_equal() call will have gotten a match but we
748 		 * still treat it correctly.
749 		 */
750 		goto found_it;
751 	}
752 	/*
753 	 * We have finished with this index without success. Check for the
754 	 * presence of a child node.
755 	 */
756 	if (!(ie->flags & INDEX_ENTRY_NODE)) {
757 		/* No child node, return -ENOENT. */
758 		err = -ENOENT;
759 		goto err_out;
760 	} /* Child node present, descend into it. */
761 	/* Consistency check: Verify that an index allocation exists. */
762 	if (!NInoIndexAllocPresent(dir_ni)) {
763 		ntfs_error(sb, "No index allocation attribute but index entry "
764 				"requires one. Directory inode 0x%lx is "
765 				"corrupt or driver bug.", dir_ni->mft_no);
766 		goto err_out;
767 	}
768 	/* Get the starting vcn of the index_block holding the child node. */
769 	vcn = sle64_to_cpup((u8*)ie + le16_to_cpu(ie->length) - 8);
770 	ia_mapping = VFS_I(dir_ni)->i_mapping;
771 	/*
772 	 * We are done with the index root and the mft record. Release them,
773 	 * otherwise we deadlock with ntfs_map_page().
774 	 */
775 	ntfs_attr_put_search_ctx(ctx);
776 	unmap_mft_record(dir_ni);
777 	m = NULL;
778 	ctx = NULL;
779 descend_into_child_node:
780 	/*
781 	 * Convert vcn to index into the index allocation attribute in units
782 	 * of PAGE_SIZE and map the page cache page, reading it from
783 	 * disk if necessary.
784 	 */
785 	page = ntfs_map_page(ia_mapping, vcn <<
786 			dir_ni->itype.index.vcn_size_bits >> PAGE_SHIFT);
787 	if (IS_ERR(page)) {
788 		ntfs_error(sb, "Failed to map directory index page, error %ld.",
789 				-PTR_ERR(page));
790 		err = PTR_ERR(page);
791 		goto err_out;
792 	}
793 	lock_page(page);
794 	kaddr = (u8*)page_address(page);
795 fast_descend_into_child_node:
796 	/* Get to the index allocation block. */
797 	ia = (INDEX_ALLOCATION*)(kaddr + ((vcn <<
798 			dir_ni->itype.index.vcn_size_bits) & ~PAGE_MASK));
799 	/* Bounds checks. */
800 	if ((u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_SIZE) {
801 		ntfs_error(sb, "Out of bounds check failed. Corrupt directory "
802 				"inode 0x%lx or driver bug.", dir_ni->mft_no);
803 		goto unm_err_out;
804 	}
805 	/* Catch multi sector transfer fixup errors. */
806 	if (unlikely(!ntfs_is_indx_record(ia->magic))) {
807 		ntfs_error(sb, "Directory index record with vcn 0x%llx is "
808 				"corrupt.  Corrupt inode 0x%lx.  Run chkdsk.",
809 				(unsigned long long)vcn, dir_ni->mft_no);
810 		goto unm_err_out;
811 	}
812 	if (sle64_to_cpu(ia->index_block_vcn) != vcn) {
813 		ntfs_error(sb, "Actual VCN (0x%llx) of index buffer is "
814 				"different from expected VCN (0x%llx). "
815 				"Directory inode 0x%lx is corrupt or driver "
816 				"bug.", (unsigned long long)
817 				sle64_to_cpu(ia->index_block_vcn),
818 				(unsigned long long)vcn, dir_ni->mft_no);
819 		goto unm_err_out;
820 	}
821 	if (le32_to_cpu(ia->index.allocated_size) + 0x18 !=
822 			dir_ni->itype.index.block_size) {
823 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
824 				"0x%lx has a size (%u) differing from the "
825 				"directory specified size (%u). Directory "
826 				"inode is corrupt or driver bug.",
827 				(unsigned long long)vcn, dir_ni->mft_no,
828 				le32_to_cpu(ia->index.allocated_size) + 0x18,
829 				dir_ni->itype.index.block_size);
830 		goto unm_err_out;
831 	}
832 	index_end = (u8*)ia + dir_ni->itype.index.block_size;
833 	if (index_end > kaddr + PAGE_SIZE) {
834 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
835 				"0x%lx crosses page boundary. Impossible! "
836 				"Cannot access! This is probably a bug in the "
837 				"driver.", (unsigned long long)vcn,
838 				dir_ni->mft_no);
839 		goto unm_err_out;
840 	}
841 	index_end = (u8*)&ia->index + le32_to_cpu(ia->index.index_length);
842 	if (index_end > (u8*)ia + dir_ni->itype.index.block_size) {
843 		ntfs_error(sb, "Size of index buffer (VCN 0x%llx) of directory "
844 				"inode 0x%lx exceeds maximum size.",
845 				(unsigned long long)vcn, dir_ni->mft_no);
846 		goto unm_err_out;
847 	}
848 	/* The first index entry. */
849 	ie = (INDEX_ENTRY*)((u8*)&ia->index +
850 			le32_to_cpu(ia->index.entries_offset));
851 	/*
852 	 * Iterate similar to above big loop but applied to index buffer, thus
853 	 * loop until we exceed valid memory (corruption case) or until we
854 	 * reach the last entry.
855 	 */
856 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
857 		/* Bounds check. */
858 		if ((u8*)ie < (u8*)ia || (u8*)ie +
859 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
860 				(u8*)ie + le16_to_cpu(ie->key_length) >
861 				index_end) {
862 			ntfs_error(sb, "Index entry out of bounds in "
863 					"directory inode 0x%lx.",
864 					dir_ni->mft_no);
865 			goto unm_err_out;
866 		}
867 		/*
868 		 * The last entry cannot contain a name. It can however contain
869 		 * a pointer to a child node in the B+tree so we just break out.
870 		 */
871 		if (ie->flags & INDEX_ENTRY_END)
872 			break;
873 		/*
874 		 * If the current entry has a name type of POSIX, the name is
875 		 * case sensitive and not otherwise. This has the effect of us
876 		 * not being able to access any POSIX file names which collate
877 		 * after the non-POSIX one when they only differ in case, but
878 		 * anyone doing screwy stuff like that deserves to burn in
879 		 * hell... Doing that kind of stuff on NT4 actually causes
880 		 * corruption on the partition even when using SP6a and Linux
881 		 * is not involved at all.
882 		 */
883 		ic = ie->key.file_name.file_name_type ? IGNORE_CASE :
884 				CASE_SENSITIVE;
885 		/*
886 		 * If the names match perfectly, we are done and return the
887 		 * mft reference of the inode (i.e. the inode number together
888 		 * with the sequence number for consistency checking. We
889 		 * convert it to cpu format before returning.
890 		 */
891 		if (ntfs_are_names_equal(uname, uname_len,
892 				(ntfschar*)&ie->key.file_name.file_name,
893 				ie->key.file_name.file_name_length, ic,
894 				vol->upcase, vol->upcase_len)) {
895 found_it2:
896 			mref = le64_to_cpu(ie->data.dir.indexed_file);
897 			unlock_page(page);
898 			ntfs_unmap_page(page);
899 			return mref;
900 		}
901 		/*
902 		 * Not a perfect match, need to do full blown collation so we
903 		 * know which way in the B+tree we have to go.
904 		 */
905 		rc = ntfs_collate_names(uname, uname_len,
906 				(ntfschar*)&ie->key.file_name.file_name,
907 				ie->key.file_name.file_name_length, 1,
908 				IGNORE_CASE, vol->upcase, vol->upcase_len);
909 		/*
910 		 * If uname collates before the name of the current entry, there
911 		 * is definitely no such name in this index but we might need to
912 		 * descend into the B+tree so we just break out of the loop.
913 		 */
914 		if (rc == -1)
915 			break;
916 		/* The names are not equal, continue the search. */
917 		if (rc)
918 			continue;
919 		/*
920 		 * Names match with case insensitive comparison, now try the
921 		 * case sensitive comparison, which is required for proper
922 		 * collation.
923 		 */
924 		rc = ntfs_collate_names(uname, uname_len,
925 				(ntfschar*)&ie->key.file_name.file_name,
926 				ie->key.file_name.file_name_length, 1,
927 				CASE_SENSITIVE, vol->upcase, vol->upcase_len);
928 		if (rc == -1)
929 			break;
930 		if (rc)
931 			continue;
932 		/*
933 		 * Perfect match, this will never happen as the
934 		 * ntfs_are_names_equal() call will have gotten a match but we
935 		 * still treat it correctly.
936 		 */
937 		goto found_it2;
938 	}
939 	/*
940 	 * We have finished with this index buffer without success. Check for
941 	 * the presence of a child node.
942 	 */
943 	if (ie->flags & INDEX_ENTRY_NODE) {
944 		if ((ia->index.flags & NODE_MASK) == LEAF_NODE) {
945 			ntfs_error(sb, "Index entry with child node found in "
946 					"a leaf node in directory inode 0x%lx.",
947 					dir_ni->mft_no);
948 			goto unm_err_out;
949 		}
950 		/* Child node present, descend into it. */
951 		old_vcn = vcn;
952 		vcn = sle64_to_cpup((u8*)ie + le16_to_cpu(ie->length) - 8);
953 		if (vcn >= 0) {
954 			/* If vcn is in the same page cache page as old_vcn we
955 			 * recycle the mapped page. */
956 			if (old_vcn << vol->cluster_size_bits >>
957 					PAGE_SHIFT == vcn <<
958 					vol->cluster_size_bits >>
959 					PAGE_SHIFT)
960 				goto fast_descend_into_child_node;
961 			unlock_page(page);
962 			ntfs_unmap_page(page);
963 			goto descend_into_child_node;
964 		}
965 		ntfs_error(sb, "Negative child node vcn in directory inode "
966 				"0x%lx.", dir_ni->mft_no);
967 		goto unm_err_out;
968 	}
969 	/* No child node, return -ENOENT. */
970 	ntfs_debug("Entry not found.");
971 	err = -ENOENT;
972 unm_err_out:
973 	unlock_page(page);
974 	ntfs_unmap_page(page);
975 err_out:
976 	if (!err)
977 		err = -EIO;
978 	if (ctx)
979 		ntfs_attr_put_search_ctx(ctx);
980 	if (m)
981 		unmap_mft_record(dir_ni);
982 	return ERR_MREF(err);
983 dir_err_out:
984 	ntfs_error(sb, "Corrupt directory. Aborting lookup.");
985 	goto err_out;
986 }
987 
988 #endif
989 
990 /**
991  * ntfs_filldir - ntfs specific filldir method
992  * @vol:	current ntfs volume
993  * @ndir:	ntfs inode of current directory
994  * @ia_page:	page in which the index allocation buffer @ie is in resides
995  * @ie:		current index entry
996  * @name:	buffer to use for the converted name
997  * @actor:	what to feed the entries to
998  *
999  * Convert the Unicode @name to the loaded NLS and pass it to the @filldir
1000  * callback.
1001  *
1002  * If @ia_page is not NULL it is the locked page containing the index
1003  * allocation block containing the index entry @ie.
1004  *
1005  * Note, we drop (and then reacquire) the page lock on @ia_page across the
1006  * @filldir() call otherwise we would deadlock with NFSd when it calls ->lookup
1007  * since ntfs_lookup() will lock the same page.  As an optimization, we do not
1008  * retake the lock if we are returning a non-zero value as ntfs_readdir()
1009  * would need to drop the lock immediately anyway.
1010  */
1011 static inline int ntfs_filldir(ntfs_volume *vol,
1012 		ntfs_inode *ndir, struct page *ia_page, INDEX_ENTRY *ie,
1013 		u8 *name, struct dir_context *actor)
1014 {
1015 	unsigned long mref;
1016 	int name_len;
1017 	unsigned dt_type;
1018 	FILE_NAME_TYPE_FLAGS name_type;
1019 
1020 	name_type = ie->key.file_name.file_name_type;
1021 	if (name_type == FILE_NAME_DOS) {
1022 		ntfs_debug("Skipping DOS name space entry.");
1023 		return 0;
1024 	}
1025 	if (MREF_LE(ie->data.dir.indexed_file) == FILE_root) {
1026 		ntfs_debug("Skipping root directory self reference entry.");
1027 		return 0;
1028 	}
1029 	if (MREF_LE(ie->data.dir.indexed_file) < FILE_first_user &&
1030 			!NVolShowSystemFiles(vol)) {
1031 		ntfs_debug("Skipping system file.");
1032 		return 0;
1033 	}
1034 	name_len = ntfs_ucstonls(vol, (ntfschar*)&ie->key.file_name.file_name,
1035 			ie->key.file_name.file_name_length, &name,
1036 			NTFS_MAX_NAME_LEN * NLS_MAX_CHARSET_SIZE + 1);
1037 	if (name_len <= 0) {
1038 		ntfs_warning(vol->sb, "Skipping unrepresentable inode 0x%llx.",
1039 				(long long)MREF_LE(ie->data.dir.indexed_file));
1040 		return 0;
1041 	}
1042 	if (ie->key.file_name.file_attributes &
1043 			FILE_ATTR_DUP_FILE_NAME_INDEX_PRESENT)
1044 		dt_type = DT_DIR;
1045 	else
1046 		dt_type = DT_REG;
1047 	mref = MREF_LE(ie->data.dir.indexed_file);
1048 	/*
1049 	 * Drop the page lock otherwise we deadlock with NFS when it calls
1050 	 * ->lookup since ntfs_lookup() will lock the same page.
1051 	 */
1052 	if (ia_page)
1053 		unlock_page(ia_page);
1054 	ntfs_debug("Calling filldir for %s with len %i, fpos 0x%llx, inode "
1055 			"0x%lx, DT_%s.", name, name_len, actor->pos, mref,
1056 			dt_type == DT_DIR ? "DIR" : "REG");
1057 	if (!dir_emit(actor, name, name_len, mref, dt_type))
1058 		return 1;
1059 	/* Relock the page but not if we are aborting ->readdir. */
1060 	if (ia_page)
1061 		lock_page(ia_page);
1062 	return 0;
1063 }
1064 
1065 /*
1066  * We use the same basic approach as the old NTFS driver, i.e. we parse the
1067  * index root entries and then the index allocation entries that are marked
1068  * as in use in the index bitmap.
1069  *
1070  * While this will return the names in random order this doesn't matter for
1071  * ->readdir but OTOH results in a faster ->readdir.
1072  *
1073  * VFS calls ->readdir without BKL but with i_mutex held. This protects the VFS
1074  * parts (e.g. ->f_pos and ->i_size, and it also protects against directory
1075  * modifications).
1076  *
1077  * Locking:  - Caller must hold i_mutex on the directory.
1078  *	     - Each page cache page in the index allocation mapping must be
1079  *	       locked whilst being accessed otherwise we may find a corrupt
1080  *	       page due to it being under ->writepage at the moment which
1081  *	       applies the mst protection fixups before writing out and then
1082  *	       removes them again after the write is complete after which it
1083  *	       unlocks the page.
1084  */
1085 static int ntfs_readdir(struct file *file, struct dir_context *actor)
1086 {
1087 	s64 ia_pos, ia_start, prev_ia_pos, bmp_pos;
1088 	loff_t i_size;
1089 	struct inode *bmp_vi, *vdir = file_inode(file);
1090 	struct super_block *sb = vdir->i_sb;
1091 	ntfs_inode *ndir = NTFS_I(vdir);
1092 	ntfs_volume *vol = NTFS_SB(sb);
1093 	MFT_RECORD *m;
1094 	INDEX_ROOT *ir = NULL;
1095 	INDEX_ENTRY *ie;
1096 	INDEX_ALLOCATION *ia;
1097 	u8 *name = NULL;
1098 	int rc, err, ir_pos, cur_bmp_pos;
1099 	struct address_space *ia_mapping, *bmp_mapping;
1100 	struct page *bmp_page = NULL, *ia_page = NULL;
1101 	u8 *kaddr, *bmp, *index_end;
1102 	ntfs_attr_search_ctx *ctx;
1103 
1104 	ntfs_debug("Entering for inode 0x%lx, fpos 0x%llx.",
1105 			vdir->i_ino, actor->pos);
1106 	rc = err = 0;
1107 	/* Are we at end of dir yet? */
1108 	i_size = i_size_read(vdir);
1109 	if (actor->pos >= i_size + vol->mft_record_size)
1110 		return 0;
1111 	/* Emulate . and .. for all directories. */
1112 	if (!dir_emit_dots(file, actor))
1113 		return 0;
1114 	m = NULL;
1115 	ctx = NULL;
1116 	/*
1117 	 * Allocate a buffer to store the current name being processed
1118 	 * converted to format determined by current NLS.
1119 	 */
1120 	name = kmalloc(NTFS_MAX_NAME_LEN * NLS_MAX_CHARSET_SIZE + 1, GFP_NOFS);
1121 	if (unlikely(!name)) {
1122 		err = -ENOMEM;
1123 		goto err_out;
1124 	}
1125 	/* Are we jumping straight into the index allocation attribute? */
1126 	if (actor->pos >= vol->mft_record_size)
1127 		goto skip_index_root;
1128 	/* Get hold of the mft record for the directory. */
1129 	m = map_mft_record(ndir);
1130 	if (IS_ERR(m)) {
1131 		err = PTR_ERR(m);
1132 		m = NULL;
1133 		goto err_out;
1134 	}
1135 	ctx = ntfs_attr_get_search_ctx(ndir, m);
1136 	if (unlikely(!ctx)) {
1137 		err = -ENOMEM;
1138 		goto err_out;
1139 	}
1140 	/* Get the offset into the index root attribute. */
1141 	ir_pos = (s64)actor->pos;
1142 	/* Find the index root attribute in the mft record. */
1143 	err = ntfs_attr_lookup(AT_INDEX_ROOT, I30, 4, CASE_SENSITIVE, 0, NULL,
1144 			0, ctx);
1145 	if (unlikely(err)) {
1146 		ntfs_error(sb, "Index root attribute missing in directory "
1147 				"inode 0x%lx.", vdir->i_ino);
1148 		goto err_out;
1149 	}
1150 	/*
1151 	 * Copy the index root attribute value to a buffer so that we can put
1152 	 * the search context and unmap the mft record before calling the
1153 	 * filldir() callback.  We need to do this because of NFSd which calls
1154 	 * ->lookup() from its filldir callback() and this causes NTFS to
1155 	 * deadlock as ntfs_lookup() maps the mft record of the directory and
1156 	 * we have got it mapped here already.  The only solution is for us to
1157 	 * unmap the mft record here so that a call to ntfs_lookup() is able to
1158 	 * map the mft record without deadlocking.
1159 	 */
1160 	rc = le32_to_cpu(ctx->attr->data.resident.value_length);
1161 	ir = kmalloc(rc, GFP_NOFS);
1162 	if (unlikely(!ir)) {
1163 		err = -ENOMEM;
1164 		goto err_out;
1165 	}
1166 	/* Copy the index root value (it has been verified in read_inode). */
1167 	memcpy(ir, (u8*)ctx->attr +
1168 			le16_to_cpu(ctx->attr->data.resident.value_offset), rc);
1169 	ntfs_attr_put_search_ctx(ctx);
1170 	unmap_mft_record(ndir);
1171 	ctx = NULL;
1172 	m = NULL;
1173 	index_end = (u8*)&ir->index + le32_to_cpu(ir->index.index_length);
1174 	/* The first index entry. */
1175 	ie = (INDEX_ENTRY*)((u8*)&ir->index +
1176 			le32_to_cpu(ir->index.entries_offset));
1177 	/*
1178 	 * Loop until we exceed valid memory (corruption case) or until we
1179 	 * reach the last entry or until filldir tells us it has had enough
1180 	 * or signals an error (both covered by the rc test).
1181 	 */
1182 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
1183 		ntfs_debug("In index root, offset 0x%zx.", (u8*)ie - (u8*)ir);
1184 		/* Bounds checks. */
1185 		if (unlikely((u8*)ie < (u8*)ir || (u8*)ie +
1186 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
1187 				(u8*)ie + le16_to_cpu(ie->key_length) >
1188 				index_end))
1189 			goto err_out;
1190 		/* The last entry cannot contain a name. */
1191 		if (ie->flags & INDEX_ENTRY_END)
1192 			break;
1193 		/* Skip index root entry if continuing previous readdir. */
1194 		if (ir_pos > (u8*)ie - (u8*)ir)
1195 			continue;
1196 		/* Advance the position even if going to skip the entry. */
1197 		actor->pos = (u8*)ie - (u8*)ir;
1198 		/* Submit the name to the filldir callback. */
1199 		rc = ntfs_filldir(vol, ndir, NULL, ie, name, actor);
1200 		if (rc) {
1201 			kfree(ir);
1202 			goto abort;
1203 		}
1204 	}
1205 	/* We are done with the index root and can free the buffer. */
1206 	kfree(ir);
1207 	ir = NULL;
1208 	/* If there is no index allocation attribute we are finished. */
1209 	if (!NInoIndexAllocPresent(ndir))
1210 		goto EOD;
1211 	/* Advance fpos to the beginning of the index allocation. */
1212 	actor->pos = vol->mft_record_size;
1213 skip_index_root:
1214 	kaddr = NULL;
1215 	prev_ia_pos = -1LL;
1216 	/* Get the offset into the index allocation attribute. */
1217 	ia_pos = (s64)actor->pos - vol->mft_record_size;
1218 	ia_mapping = vdir->i_mapping;
1219 	ntfs_debug("Inode 0x%lx, getting index bitmap.", vdir->i_ino);
1220 	bmp_vi = ntfs_attr_iget(vdir, AT_BITMAP, I30, 4);
1221 	if (IS_ERR(bmp_vi)) {
1222 		ntfs_error(sb, "Failed to get bitmap attribute.");
1223 		err = PTR_ERR(bmp_vi);
1224 		goto err_out;
1225 	}
1226 	bmp_mapping = bmp_vi->i_mapping;
1227 	/* Get the starting bitmap bit position and sanity check it. */
1228 	bmp_pos = ia_pos >> ndir->itype.index.block_size_bits;
1229 	if (unlikely(bmp_pos >> 3 >= i_size_read(bmp_vi))) {
1230 		ntfs_error(sb, "Current index allocation position exceeds "
1231 				"index bitmap size.");
1232 		goto iput_err_out;
1233 	}
1234 	/* Get the starting bit position in the current bitmap page. */
1235 	cur_bmp_pos = bmp_pos & ((PAGE_SIZE * 8) - 1);
1236 	bmp_pos &= ~(u64)((PAGE_SIZE * 8) - 1);
1237 get_next_bmp_page:
1238 	ntfs_debug("Reading bitmap with page index 0x%llx, bit ofs 0x%llx",
1239 			(unsigned long long)bmp_pos >> (3 + PAGE_SHIFT),
1240 			(unsigned long long)bmp_pos &
1241 			(unsigned long long)((PAGE_SIZE * 8) - 1));
1242 	bmp_page = ntfs_map_page(bmp_mapping,
1243 			bmp_pos >> (3 + PAGE_SHIFT));
1244 	if (IS_ERR(bmp_page)) {
1245 		ntfs_error(sb, "Reading index bitmap failed.");
1246 		err = PTR_ERR(bmp_page);
1247 		bmp_page = NULL;
1248 		goto iput_err_out;
1249 	}
1250 	bmp = (u8*)page_address(bmp_page);
1251 	/* Find next index block in use. */
1252 	while (!(bmp[cur_bmp_pos >> 3] & (1 << (cur_bmp_pos & 7)))) {
1253 find_next_index_buffer:
1254 		cur_bmp_pos++;
1255 		/*
1256 		 * If we have reached the end of the bitmap page, get the next
1257 		 * page, and put away the old one.
1258 		 */
1259 		if (unlikely((cur_bmp_pos >> 3) >= PAGE_SIZE)) {
1260 			ntfs_unmap_page(bmp_page);
1261 			bmp_pos += PAGE_SIZE * 8;
1262 			cur_bmp_pos = 0;
1263 			goto get_next_bmp_page;
1264 		}
1265 		/* If we have reached the end of the bitmap, we are done. */
1266 		if (unlikely(((bmp_pos + cur_bmp_pos) >> 3) >= i_size))
1267 			goto unm_EOD;
1268 		ia_pos = (bmp_pos + cur_bmp_pos) <<
1269 				ndir->itype.index.block_size_bits;
1270 	}
1271 	ntfs_debug("Handling index buffer 0x%llx.",
1272 			(unsigned long long)bmp_pos + cur_bmp_pos);
1273 	/* If the current index buffer is in the same page we reuse the page. */
1274 	if ((prev_ia_pos & (s64)PAGE_MASK) !=
1275 			(ia_pos & (s64)PAGE_MASK)) {
1276 		prev_ia_pos = ia_pos;
1277 		if (likely(ia_page != NULL)) {
1278 			unlock_page(ia_page);
1279 			ntfs_unmap_page(ia_page);
1280 		}
1281 		/*
1282 		 * Map the page cache page containing the current ia_pos,
1283 		 * reading it from disk if necessary.
1284 		 */
1285 		ia_page = ntfs_map_page(ia_mapping, ia_pos >> PAGE_SHIFT);
1286 		if (IS_ERR(ia_page)) {
1287 			ntfs_error(sb, "Reading index allocation data failed.");
1288 			err = PTR_ERR(ia_page);
1289 			ia_page = NULL;
1290 			goto err_out;
1291 		}
1292 		lock_page(ia_page);
1293 		kaddr = (u8*)page_address(ia_page);
1294 	}
1295 	/* Get the current index buffer. */
1296 	ia = (INDEX_ALLOCATION*)(kaddr + (ia_pos & ~PAGE_MASK &
1297 					  ~(s64)(ndir->itype.index.block_size - 1)));
1298 	/* Bounds checks. */
1299 	if (unlikely((u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_SIZE)) {
1300 		ntfs_error(sb, "Out of bounds check failed. Corrupt directory "
1301 				"inode 0x%lx or driver bug.", vdir->i_ino);
1302 		goto err_out;
1303 	}
1304 	/* Catch multi sector transfer fixup errors. */
1305 	if (unlikely(!ntfs_is_indx_record(ia->magic))) {
1306 		ntfs_error(sb, "Directory index record with vcn 0x%llx is "
1307 				"corrupt.  Corrupt inode 0x%lx.  Run chkdsk.",
1308 				(unsigned long long)ia_pos >>
1309 				ndir->itype.index.vcn_size_bits, vdir->i_ino);
1310 		goto err_out;
1311 	}
1312 	if (unlikely(sle64_to_cpu(ia->index_block_vcn) != (ia_pos &
1313 			~(s64)(ndir->itype.index.block_size - 1)) >>
1314 			ndir->itype.index.vcn_size_bits)) {
1315 		ntfs_error(sb, "Actual VCN (0x%llx) of index buffer is "
1316 				"different from expected VCN (0x%llx). "
1317 				"Directory inode 0x%lx is corrupt or driver "
1318 				"bug. ", (unsigned long long)
1319 				sle64_to_cpu(ia->index_block_vcn),
1320 				(unsigned long long)ia_pos >>
1321 				ndir->itype.index.vcn_size_bits, vdir->i_ino);
1322 		goto err_out;
1323 	}
1324 	if (unlikely(le32_to_cpu(ia->index.allocated_size) + 0x18 !=
1325 			ndir->itype.index.block_size)) {
1326 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
1327 				"0x%lx has a size (%u) differing from the "
1328 				"directory specified size (%u). Directory "
1329 				"inode is corrupt or driver bug.",
1330 				(unsigned long long)ia_pos >>
1331 				ndir->itype.index.vcn_size_bits, vdir->i_ino,
1332 				le32_to_cpu(ia->index.allocated_size) + 0x18,
1333 				ndir->itype.index.block_size);
1334 		goto err_out;
1335 	}
1336 	index_end = (u8*)ia + ndir->itype.index.block_size;
1337 	if (unlikely(index_end > kaddr + PAGE_SIZE)) {
1338 		ntfs_error(sb, "Index buffer (VCN 0x%llx) of directory inode "
1339 				"0x%lx crosses page boundary. Impossible! "
1340 				"Cannot access! This is probably a bug in the "
1341 				"driver.", (unsigned long long)ia_pos >>
1342 				ndir->itype.index.vcn_size_bits, vdir->i_ino);
1343 		goto err_out;
1344 	}
1345 	ia_start = ia_pos & ~(s64)(ndir->itype.index.block_size - 1);
1346 	index_end = (u8*)&ia->index + le32_to_cpu(ia->index.index_length);
1347 	if (unlikely(index_end > (u8*)ia + ndir->itype.index.block_size)) {
1348 		ntfs_error(sb, "Size of index buffer (VCN 0x%llx) of directory "
1349 				"inode 0x%lx exceeds maximum size.",
1350 				(unsigned long long)ia_pos >>
1351 				ndir->itype.index.vcn_size_bits, vdir->i_ino);
1352 		goto err_out;
1353 	}
1354 	/* The first index entry in this index buffer. */
1355 	ie = (INDEX_ENTRY*)((u8*)&ia->index +
1356 			le32_to_cpu(ia->index.entries_offset));
1357 	/*
1358 	 * Loop until we exceed valid memory (corruption case) or until we
1359 	 * reach the last entry or until filldir tells us it has had enough
1360 	 * or signals an error (both covered by the rc test).
1361 	 */
1362 	for (;; ie = (INDEX_ENTRY*)((u8*)ie + le16_to_cpu(ie->length))) {
1363 		ntfs_debug("In index allocation, offset 0x%llx.",
1364 				(unsigned long long)ia_start +
1365 				(unsigned long long)((u8*)ie - (u8*)ia));
1366 		/* Bounds checks. */
1367 		if (unlikely((u8*)ie < (u8*)ia || (u8*)ie +
1368 				sizeof(INDEX_ENTRY_HEADER) > index_end ||
1369 				(u8*)ie + le16_to_cpu(ie->key_length) >
1370 				index_end))
1371 			goto err_out;
1372 		/* The last entry cannot contain a name. */
1373 		if (ie->flags & INDEX_ENTRY_END)
1374 			break;
1375 		/* Skip index block entry if continuing previous readdir. */
1376 		if (ia_pos - ia_start > (u8*)ie - (u8*)ia)
1377 			continue;
1378 		/* Advance the position even if going to skip the entry. */
1379 		actor->pos = (u8*)ie - (u8*)ia +
1380 				(sle64_to_cpu(ia->index_block_vcn) <<
1381 				ndir->itype.index.vcn_size_bits) +
1382 				vol->mft_record_size;
1383 		/*
1384 		 * Submit the name to the @filldir callback.  Note,
1385 		 * ntfs_filldir() drops the lock on @ia_page but it retakes it
1386 		 * before returning, unless a non-zero value is returned in
1387 		 * which case the page is left unlocked.
1388 		 */
1389 		rc = ntfs_filldir(vol, ndir, ia_page, ie, name, actor);
1390 		if (rc) {
1391 			/* @ia_page is already unlocked in this case. */
1392 			ntfs_unmap_page(ia_page);
1393 			ntfs_unmap_page(bmp_page);
1394 			iput(bmp_vi);
1395 			goto abort;
1396 		}
1397 	}
1398 	goto find_next_index_buffer;
1399 unm_EOD:
1400 	if (ia_page) {
1401 		unlock_page(ia_page);
1402 		ntfs_unmap_page(ia_page);
1403 	}
1404 	ntfs_unmap_page(bmp_page);
1405 	iput(bmp_vi);
1406 EOD:
1407 	/* We are finished, set fpos to EOD. */
1408 	actor->pos = i_size + vol->mft_record_size;
1409 abort:
1410 	kfree(name);
1411 	return 0;
1412 err_out:
1413 	if (bmp_page) {
1414 		ntfs_unmap_page(bmp_page);
1415 iput_err_out:
1416 		iput(bmp_vi);
1417 	}
1418 	if (ia_page) {
1419 		unlock_page(ia_page);
1420 		ntfs_unmap_page(ia_page);
1421 	}
1422 	kfree(ir);
1423 	kfree(name);
1424 	if (ctx)
1425 		ntfs_attr_put_search_ctx(ctx);
1426 	if (m)
1427 		unmap_mft_record(ndir);
1428 	if (!err)
1429 		err = -EIO;
1430 	ntfs_debug("Failed. Returning error code %i.", -err);
1431 	return err;
1432 }
1433 
1434 /**
1435  * ntfs_dir_open - called when an inode is about to be opened
1436  * @vi:		inode to be opened
1437  * @filp:	file structure describing the inode
1438  *
1439  * Limit directory size to the page cache limit on architectures where unsigned
1440  * long is 32-bits. This is the most we can do for now without overflowing the
1441  * page cache page index. Doing it this way means we don't run into problems
1442  * because of existing too large directories. It would be better to allow the
1443  * user to read the accessible part of the directory but I doubt very much
1444  * anyone is going to hit this check on a 32-bit architecture, so there is no
1445  * point in adding the extra complexity required to support this.
1446  *
1447  * On 64-bit architectures, the check is hopefully optimized away by the
1448  * compiler.
1449  */
1450 static int ntfs_dir_open(struct inode *vi, struct file *filp)
1451 {
1452 	if (sizeof(unsigned long) < 8) {
1453 		if (i_size_read(vi) > MAX_LFS_FILESIZE)
1454 			return -EFBIG;
1455 	}
1456 	return 0;
1457 }
1458 
1459 #ifdef NTFS_RW
1460 
1461 /**
1462  * ntfs_dir_fsync - sync a directory to disk
1463  * @filp:	directory to be synced
1464  * @dentry:	dentry describing the directory to sync
1465  * @datasync:	if non-zero only flush user data and not metadata
1466  *
1467  * Data integrity sync of a directory to disk.  Used for fsync, fdatasync, and
1468  * msync system calls.  This function is based on file.c::ntfs_file_fsync().
1469  *
1470  * Write the mft record and all associated extent mft records as well as the
1471  * $INDEX_ALLOCATION and $BITMAP attributes and then sync the block device.
1472  *
1473  * If @datasync is true, we do not wait on the inode(s) to be written out
1474  * but we always wait on the page cache pages to be written out.
1475  *
1476  * Note: In the past @filp could be NULL so we ignore it as we don't need it
1477  * anyway.
1478  *
1479  * Locking: Caller must hold i_mutex on the inode.
1480  *
1481  * TODO: We should probably also write all attribute/index inodes associated
1482  * with this inode but since we have no simple way of getting to them we ignore
1483  * this problem for now.  We do write the $BITMAP attribute if it is present
1484  * which is the important one for a directory so things are not too bad.
1485  */
1486 static int ntfs_dir_fsync(struct file *filp, loff_t start, loff_t end,
1487 			  int datasync)
1488 {
1489 	struct inode *bmp_vi, *vi = filp->f_mapping->host;
1490 	int err, ret;
1491 	ntfs_attr na;
1492 
1493 	ntfs_debug("Entering for inode 0x%lx.", vi->i_ino);
1494 
1495 	err = file_write_and_wait_range(filp, start, end);
1496 	if (err)
1497 		return err;
1498 	inode_lock(vi);
1499 
1500 	BUG_ON(!S_ISDIR(vi->i_mode));
1501 	/* If the bitmap attribute inode is in memory sync it, too. */
1502 	na.mft_no = vi->i_ino;
1503 	na.type = AT_BITMAP;
1504 	na.name = I30;
1505 	na.name_len = 4;
1506 	bmp_vi = ilookup5(vi->i_sb, vi->i_ino, (test_t)ntfs_test_inode, &na);
1507 	if (bmp_vi) {
1508  		write_inode_now(bmp_vi, !datasync);
1509 		iput(bmp_vi);
1510 	}
1511 	ret = __ntfs_write_inode(vi, 1);
1512 	write_inode_now(vi, !datasync);
1513 	err = sync_blockdev(vi->i_sb->s_bdev);
1514 	if (unlikely(err && !ret))
1515 		ret = err;
1516 	if (likely(!ret))
1517 		ntfs_debug("Done.");
1518 	else
1519 		ntfs_warning(vi->i_sb, "Failed to f%ssync inode 0x%lx.  Error "
1520 				"%u.", datasync ? "data" : "", vi->i_ino, -ret);
1521 	inode_unlock(vi);
1522 	return ret;
1523 }
1524 
1525 #endif /* NTFS_RW */
1526 
1527 const struct file_operations ntfs_dir_ops = {
1528 	.llseek		= generic_file_llseek,	/* Seek inside directory. */
1529 	.read		= generic_read_dir,	/* Return -EISDIR. */
1530 	.iterate	= ntfs_readdir,		/* Read directory contents. */
1531 #ifdef NTFS_RW
1532 	.fsync		= ntfs_dir_fsync,	/* Sync a directory to disk. */
1533 #endif /* NTFS_RW */
1534 	/*.ioctl	= ,*/			/* Perform function on the
1535 						   mounted filesystem. */
1536 	.open		= ntfs_dir_open,	/* Open directory. */
1537 };
1538