fs/ntfs3/fsntfs.c at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / fs / ntfs3 / fsntfs.c
at master 59 kB view raw
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 *
   4 * Copyright (C) 2019-2021 Paragon Software GmbH, All rights reserved.
   5 *
   6 */
   7
   8#include <linux/blkdev.h>
   9#include <linux/buffer_head.h>
  10#include <linux/fs.h>
  11#include <linux/kernel.h>
  12#include <linux/nls.h>
  13
  14#include "debug.h"
  15#include "ntfs.h"
  16#include "ntfs_fs.h"
  17
  18// clang-format off
  19const struct cpu_str NAME_MFT = {
  20	4, 0, { '$', 'M', 'F', 'T' },
  21};
  22const struct cpu_str NAME_MIRROR = {
  23	8, 0, { '$', 'M', 'F', 'T', 'M', 'i', 'r', 'r' },
  24};
  25const struct cpu_str NAME_LOGFILE = {
  26	8, 0, { '$', 'L', 'o', 'g', 'F', 'i', 'l', 'e' },
  27};
  28const struct cpu_str NAME_VOLUME = {
  29	7, 0, { '$', 'V', 'o', 'l', 'u', 'm', 'e' },
  30};
  31const struct cpu_str NAME_ATTRDEF = {
  32	8, 0, { '$', 'A', 't', 't', 'r', 'D', 'e', 'f' },
  33};
  34const struct cpu_str NAME_ROOT = {
  35	1, 0, { '.' },
  36};
  37const struct cpu_str NAME_BITMAP = {
  38	7, 0, { '$', 'B', 'i', 't', 'm', 'a', 'p' },
  39};
  40const struct cpu_str NAME_BOOT = {
  41	5, 0, { '$', 'B', 'o', 'o', 't' },
  42};
  43const struct cpu_str NAME_BADCLUS = {
  44	8, 0, { '$', 'B', 'a', 'd', 'C', 'l', 'u', 's' },
  45};
  46const struct cpu_str NAME_QUOTA = {
  47	6, 0, { '$', 'Q', 'u', 'o', 't', 'a' },
  48};
  49const struct cpu_str NAME_SECURE = {
  50	7, 0, { '$', 'S', 'e', 'c', 'u', 'r', 'e' },
  51};
  52const struct cpu_str NAME_UPCASE = {
  53	7, 0, { '$', 'U', 'p', 'C', 'a', 's', 'e' },
  54};
  55const struct cpu_str NAME_EXTEND = {
  56	7, 0, { '$', 'E', 'x', 't', 'e', 'n', 'd' },
  57};
  58const struct cpu_str NAME_OBJID = {
  59	6, 0, { '$', 'O', 'b', 'j', 'I', 'd' },
  60};
  61const struct cpu_str NAME_REPARSE = {
  62	8, 0, { '$', 'R', 'e', 'p', 'a', 'r', 's', 'e' },
  63};
  64const struct cpu_str NAME_USNJRNL = {
  65	8, 0, { '$', 'U', 's', 'n', 'J', 'r', 'n', 'l' },
  66};
  67const __le16 BAD_NAME[4] = {
  68	cpu_to_le16('$'), cpu_to_le16('B'), cpu_to_le16('a'), cpu_to_le16('d'),
  69};
  70const __le16 I30_NAME[4] = {
  71	cpu_to_le16('$'), cpu_to_le16('I'), cpu_to_le16('3'), cpu_to_le16('0'),
  72};
  73const __le16 SII_NAME[4] = {
  74	cpu_to_le16('$'), cpu_to_le16('S'), cpu_to_le16('I'), cpu_to_le16('I'),
  75};
  76const __le16 SDH_NAME[4] = {
  77	cpu_to_le16('$'), cpu_to_le16('S'), cpu_to_le16('D'), cpu_to_le16('H'),
  78};
  79const __le16 SDS_NAME[4] = {
  80	cpu_to_le16('$'), cpu_to_le16('S'), cpu_to_le16('D'), cpu_to_le16('S'),
  81};
  82const __le16 SO_NAME[2] = {
  83	cpu_to_le16('$'), cpu_to_le16('O'),
  84};
  85const __le16 SQ_NAME[2] = {
  86	cpu_to_le16('$'), cpu_to_le16('Q'),
  87};
  88const __le16 SR_NAME[2] = {
  89	cpu_to_le16('$'), cpu_to_le16('R'),
  90};
  91
  92#ifdef CONFIG_NTFS3_LZX_XPRESS
  93const __le16 WOF_NAME[17] = {
  94	cpu_to_le16('W'), cpu_to_le16('o'), cpu_to_le16('f'), cpu_to_le16('C'),
  95	cpu_to_le16('o'), cpu_to_le16('m'), cpu_to_le16('p'), cpu_to_le16('r'),
  96	cpu_to_le16('e'), cpu_to_le16('s'), cpu_to_le16('s'), cpu_to_le16('e'),
  97	cpu_to_le16('d'), cpu_to_le16('D'), cpu_to_le16('a'), cpu_to_le16('t'),
  98	cpu_to_le16('a'),
  99};
 100#endif
 101
 102static const __le16 CON_NAME[3] = {
 103	cpu_to_le16('C'), cpu_to_le16('O'), cpu_to_le16('N'),
 104};
 105
 106static const __le16 NUL_NAME[3] = {
 107	cpu_to_le16('N'), cpu_to_le16('U'), cpu_to_le16('L'),
 108};
 109
 110static const __le16 AUX_NAME[3] = {
 111	cpu_to_le16('A'), cpu_to_le16('U'), cpu_to_le16('X'),
 112};
 113
 114static const __le16 PRN_NAME[3] = {
 115	cpu_to_le16('P'), cpu_to_le16('R'), cpu_to_le16('N'),
 116};
 117
 118static const __le16 COM_NAME[3] = {
 119	cpu_to_le16('C'), cpu_to_le16('O'), cpu_to_le16('M'),
 120};
 121
 122static const __le16 LPT_NAME[3] = {
 123	cpu_to_le16('L'), cpu_to_le16('P'), cpu_to_le16('T'),
 124};
 125
 126// clang-format on
 127
 128/*
 129 * ntfs_fix_pre_write - Insert fixups into @rhdr before writing to disk.
 130 */
 131bool ntfs_fix_pre_write(struct NTFS_RECORD_HEADER *rhdr, size_t bytes)
 132{
 133	u16 *fixup, *ptr;
 134	u16 sample;
 135	u16 fo = le16_to_cpu(rhdr->fix_off);
 136	u16 fn = le16_to_cpu(rhdr->fix_num);
 137
 138	if ((fo & 1) || fo + fn * sizeof(short) > SECTOR_SIZE || !fn-- ||
 139	    fn * SECTOR_SIZE > bytes) {
 140		return false;
 141	}
 142
 143	/* Get fixup pointer. */
 144	fixup = Add2Ptr(rhdr, fo);
 145
 146	if (*fixup >= 0x7FFF)
 147		*fixup = 1;
 148	else
 149		*fixup += 1;
 150
 151	sample = *fixup;
 152
 153	ptr = Add2Ptr(rhdr, SECTOR_SIZE - sizeof(short));
 154
 155	while (fn--) {
 156		*++fixup = *ptr;
 157		*ptr = sample;
 158		ptr += SECTOR_SIZE / sizeof(short);
 159	}
 160	return true;
 161}
 162
 163/*
 164 * ntfs_fix_post_read - Remove fixups after reading from disk.
 165 *
 166 * Return: < 0 if error, 0 if ok, 1 if need to update fixups.
 167 */
 168int ntfs_fix_post_read(struct NTFS_RECORD_HEADER *rhdr, size_t bytes,
 169		       bool simple)
 170{
 171	int ret;
 172	u16 *fixup, *ptr;
 173	u16 sample, fo, fn;
 174
 175	fo = le16_to_cpu(rhdr->fix_off);
 176	fn = simple ? ((bytes >> SECTOR_SHIFT) + 1) :
 177		      le16_to_cpu(rhdr->fix_num);
 178
 179	/* Check errors. */
 180	if ((fo & 1) || fo + fn * sizeof(short) > SECTOR_SIZE || !fn-- ||
 181	    fn * SECTOR_SIZE > bytes) {
 182		return -E_NTFS_CORRUPT;
 183	}
 184
 185	/* Get fixup pointer. */
 186	fixup = Add2Ptr(rhdr, fo);
 187	sample = *fixup;
 188	ptr = Add2Ptr(rhdr, SECTOR_SIZE - sizeof(short));
 189	ret = 0;
 190
 191	while (fn--) {
 192		/* Test current word. */
 193		if (*ptr != sample) {
 194			/* Fixup does not match! Is it serious error? */
 195			ret = -E_NTFS_FIXUP;
 196		}
 197
 198		/* Replace fixup. */
 199		*ptr = *++fixup;
 200		ptr += SECTOR_SIZE / sizeof(short);
 201	}
 202
 203	return ret;
 204}
 205
 206/*
 207 * ntfs_extend_init - Load $Extend file.
 208 */
 209int ntfs_extend_init(struct ntfs_sb_info *sbi)
 210{
 211	int err;
 212	struct super_block *sb = sbi->sb;
 213	struct inode *inode, *inode2;
 214	struct MFT_REF ref;
 215
 216	if (sbi->volume.major_ver < 3) {
 217		ntfs_notice(sb, "Skip $Extend 'cause NTFS version");
 218		return 0;
 219	}
 220
 221	ref.low = cpu_to_le32(MFT_REC_EXTEND);
 222	ref.high = 0;
 223	ref.seq = cpu_to_le16(MFT_REC_EXTEND);
 224	inode = ntfs_iget5(sb, &ref, &NAME_EXTEND);
 225	if (IS_ERR(inode)) {
 226		err = PTR_ERR(inode);
 227		ntfs_err(sb, "Failed to load $Extend (%d).", err);
 228		inode = NULL;
 229		goto out;
 230	}
 231
 232	/* If ntfs_iget5() reads from disk it never returns bad inode. */
 233	if (!S_ISDIR(inode->i_mode)) {
 234		err = -EINVAL;
 235		goto out;
 236	}
 237
 238	/* Try to find $ObjId */
 239	inode2 = dir_search_u(inode, &NAME_OBJID, NULL);
 240	if (inode2 && !IS_ERR(inode2)) {
 241		if (is_bad_inode(inode2)) {
 242			iput(inode2);
 243		} else {
 244			sbi->objid.ni = ntfs_i(inode2);
 245			sbi->objid_no = inode2->i_ino;
 246		}
 247	}
 248
 249	/* Try to find $Quota */
 250	inode2 = dir_search_u(inode, &NAME_QUOTA, NULL);
 251	if (inode2 && !IS_ERR(inode2)) {
 252		sbi->quota_no = inode2->i_ino;
 253		iput(inode2);
 254	}
 255
 256	/* Try to find $Reparse */
 257	inode2 = dir_search_u(inode, &NAME_REPARSE, NULL);
 258	if (inode2 && !IS_ERR(inode2)) {
 259		sbi->reparse.ni = ntfs_i(inode2);
 260		sbi->reparse_no = inode2->i_ino;
 261	}
 262
 263	/* Try to find $UsnJrnl */
 264	inode2 = dir_search_u(inode, &NAME_USNJRNL, NULL);
 265	if (inode2 && !IS_ERR(inode2)) {
 266		sbi->usn_jrnl_no = inode2->i_ino;
 267		iput(inode2);
 268	}
 269
 270	err = 0;
 271out:
 272	iput(inode);
 273	return err;
 274}
 275
 276int ntfs_loadlog_and_replay(struct ntfs_inode *ni, struct ntfs_sb_info *sbi)
 277{
 278	int err = 0;
 279	struct super_block *sb = sbi->sb;
 280	bool initialized = false;
 281	struct MFT_REF ref;
 282	struct inode *inode;
 283
 284	/* Check for 4GB. */
 285	if (ni->vfs_inode.i_size >= 0x100000000ull) {
 286		ntfs_err(sb, "\x24LogFile is large than 4G.");
 287		err = -EINVAL;
 288		goto out;
 289	}
 290
 291	sbi->flags |= NTFS_FLAGS_LOG_REPLAYING;
 292
 293	ref.low = cpu_to_le32(MFT_REC_MFT);
 294	ref.high = 0;
 295	ref.seq = cpu_to_le16(1);
 296
 297	inode = ntfs_iget5(sb, &ref, NULL);
 298
 299	if (IS_ERR(inode))
 300		inode = NULL;
 301
 302	if (!inode) {
 303		/* Try to use MFT copy. */
 304		u64 t64 = sbi->mft.lbo;
 305
 306		sbi->mft.lbo = sbi->mft.lbo2;
 307		inode = ntfs_iget5(sb, &ref, NULL);
 308		sbi->mft.lbo = t64;
 309		if (IS_ERR(inode))
 310			inode = NULL;
 311	}
 312
 313	if (!inode) {
 314		err = -EINVAL;
 315		ntfs_err(sb, "Failed to load $MFT.");
 316		goto out;
 317	}
 318
 319	sbi->mft.ni = ntfs_i(inode);
 320
 321	/* LogFile should not contains attribute list. */
 322	err = ni_load_all_mi(sbi->mft.ni);
 323	if (!err)
 324		err = log_replay(ni, &initialized);
 325
 326	iput(inode);
 327	sbi->mft.ni = NULL;
 328
 329	sync_blockdev(sb->s_bdev);
 330	invalidate_bdev(sb->s_bdev);
 331
 332	if (sbi->flags & NTFS_FLAGS_NEED_REPLAY) {
 333		err = 0;
 334		goto out;
 335	}
 336
 337	if (sb_rdonly(sb) || !initialized)
 338		goto out;
 339
 340	/* Fill LogFile by '-1' if it is initialized. */
 341	err = ntfs_bio_fill_1(sbi, &ni->file.run);
 342
 343out:
 344	sbi->flags &= ~NTFS_FLAGS_LOG_REPLAYING;
 345
 346	return err;
 347}
 348
 349/*
 350 * ntfs_look_for_free_space - Look for a free space in bitmap.
 351 */
 352int ntfs_look_for_free_space(struct ntfs_sb_info *sbi, CLST lcn, CLST len,
 353			     CLST *new_lcn, CLST *new_len,
 354			     enum ALLOCATE_OPT opt)
 355{
 356	int err;
 357	CLST alen;
 358	struct super_block *sb = sbi->sb;
 359	size_t alcn, zlen, zeroes, zlcn, zlen2, ztrim, new_zlen;
 360	struct wnd_bitmap *wnd = &sbi->used.bitmap;
 361
 362	down_write_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS);
 363	if (opt & ALLOCATE_MFT) {
 364		zlen = wnd_zone_len(wnd);
 365
 366		if (!zlen) {
 367			err = ntfs_refresh_zone(sbi);
 368			if (err)
 369				goto up_write;
 370
 371			zlen = wnd_zone_len(wnd);
 372		}
 373
 374		if (!zlen) {
 375			ntfs_err(sbi->sb, "no free space to extend mft");
 376			err = -ENOSPC;
 377			goto up_write;
 378		}
 379
 380		lcn = wnd_zone_bit(wnd);
 381		alen = min_t(CLST, len, zlen);
 382
 383		wnd_zone_set(wnd, lcn + alen, zlen - alen);
 384
 385		err = wnd_set_used(wnd, lcn, alen);
 386		if (err)
 387			goto up_write;
 388
 389		alcn = lcn;
 390		goto space_found;
 391	}
 392	/*
 393	 * 'Cause cluster 0 is always used this value means that we should use
 394	 * cached value of 'next_free_lcn' to improve performance.
 395	 */
 396	if (!lcn)
 397		lcn = sbi->used.next_free_lcn;
 398
 399	if (lcn >= wnd->nbits)
 400		lcn = 0;
 401
 402	alen = wnd_find(wnd, len, lcn, BITMAP_FIND_MARK_AS_USED, &alcn);
 403	if (alen)
 404		goto space_found;
 405
 406	/* Try to use clusters from MftZone. */
 407	zlen = wnd_zone_len(wnd);
 408	zeroes = wnd_zeroes(wnd);
 409
 410	/* Check too big request */
 411	if (len > zeroes + zlen || zlen <= NTFS_MIN_MFT_ZONE) {
 412		err = -ENOSPC;
 413		goto up_write;
 414	}
 415
 416	/* How many clusters to cat from zone. */
 417	zlcn = wnd_zone_bit(wnd);
 418	zlen2 = zlen >> 1;
 419	ztrim = clamp_val(len, zlen2, zlen);
 420	new_zlen = max_t(size_t, zlen - ztrim, NTFS_MIN_MFT_ZONE);
 421
 422	wnd_zone_set(wnd, zlcn, new_zlen);
 423
 424	/* Allocate continues clusters. */
 425	alen = wnd_find(wnd, len, 0,
 426			BITMAP_FIND_MARK_AS_USED | BITMAP_FIND_FULL, &alcn);
 427	if (!alen) {
 428		err = -ENOSPC;
 429		goto up_write;
 430	}
 431
 432space_found:
 433	err = 0;
 434	*new_len = alen;
 435	*new_lcn = alcn;
 436
 437	ntfs_unmap_meta(sb, alcn, alen);
 438
 439	/* Set hint for next requests. */
 440	if (!(opt & ALLOCATE_MFT))
 441		sbi->used.next_free_lcn = alcn + alen;
 442up_write:
 443	up_write(&wnd->rw_lock);
 444	return err;
 445}
 446
 447/*
 448 * ntfs_check_for_free_space
 449 *
 450 * Check if it is possible to allocate 'clen' clusters and 'mlen' Mft records
 451 */
 452bool ntfs_check_for_free_space(struct ntfs_sb_info *sbi, CLST clen, CLST mlen)
 453{
 454	size_t free, zlen, avail;
 455	struct wnd_bitmap *wnd;
 456
 457	wnd = &sbi->used.bitmap;
 458	down_read_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS);
 459	free = wnd_zeroes(wnd);
 460	zlen = min_t(size_t, NTFS_MIN_MFT_ZONE, wnd_zone_len(wnd));
 461	up_read(&wnd->rw_lock);
 462
 463	if (free < zlen + clen)
 464		return false;
 465
 466	avail = free - (zlen + clen);
 467
 468	wnd = &sbi->mft.bitmap;
 469	down_read_nested(&wnd->rw_lock, BITMAP_MUTEX_MFT);
 470	free = wnd_zeroes(wnd);
 471	zlen = wnd_zone_len(wnd);
 472	up_read(&wnd->rw_lock);
 473
 474	if (free >= zlen + mlen)
 475		return true;
 476
 477	return avail >= bytes_to_cluster(sbi, mlen << sbi->record_bits);
 478}
 479
 480/*
 481 * ntfs_extend_mft - Allocate additional MFT records.
 482 *
 483 * sbi->mft.bitmap is locked for write.
 484 *
 485 * NOTE: recursive:
 486 *	ntfs_look_free_mft ->
 487 *	ntfs_extend_mft ->
 488 *	attr_set_size ->
 489 *	ni_insert_nonresident ->
 490 *	ni_insert_attr ->
 491 *	ni_ins_attr_ext ->
 492 *	ntfs_look_free_mft ->
 493 *	ntfs_extend_mft
 494 *
 495 * To avoid recursive always allocate space for two new MFT records
 496 * see attrib.c: "at least two MFT to avoid recursive loop".
 497 */
 498static int ntfs_extend_mft(struct ntfs_sb_info *sbi)
 499{
 500	int err;
 501	struct ntfs_inode *ni = sbi->mft.ni;
 502	size_t new_mft_total;
 503	u64 new_mft_bytes, new_bitmap_bytes;
 504	struct ATTRIB *attr;
 505	struct wnd_bitmap *wnd = &sbi->mft.bitmap;
 506
 507	new_mft_total = ALIGN(wnd->nbits + NTFS_MFT_INCREASE_STEP, 128);
 508	new_mft_bytes = (u64)new_mft_total << sbi->record_bits;
 509
 510	/* Step 1: Resize $MFT::DATA. */
 511	down_write(&ni->file.run_lock);
 512	err = attr_set_size(ni, ATTR_DATA, NULL, 0, &ni->file.run,
 513			    new_mft_bytes, NULL, false, &attr);
 514
 515	if (err) {
 516		up_write(&ni->file.run_lock);
 517		goto out;
 518	}
 519
 520	attr->nres.valid_size = attr->nres.data_size;
 521	new_mft_total = le64_to_cpu(attr->nres.alloc_size) >> sbi->record_bits;
 522	ni->mi.dirty = true;
 523
 524	/* Step 2: Resize $MFT::BITMAP. */
 525	new_bitmap_bytes = ntfs3_bitmap_size(new_mft_total);
 526
 527	err = attr_set_size(ni, ATTR_BITMAP, NULL, 0, &sbi->mft.bitmap.run,
 528			    new_bitmap_bytes, &new_bitmap_bytes, true, NULL);
 529
 530	/* Refresh MFT Zone if necessary. */
 531	down_write_nested(&sbi->used.bitmap.rw_lock, BITMAP_MUTEX_CLUSTERS);
 532
 533	ntfs_refresh_zone(sbi);
 534
 535	up_write(&sbi->used.bitmap.rw_lock);
 536	up_write(&ni->file.run_lock);
 537
 538	if (err)
 539		goto out;
 540
 541	err = wnd_extend(wnd, new_mft_total);
 542
 543	if (err)
 544		goto out;
 545
 546	ntfs_clear_mft_tail(sbi, sbi->mft.used, new_mft_total);
 547
 548	err = _ni_write_inode(&ni->vfs_inode, 0);
 549out:
 550	return err;
 551}
 552
 553/*
 554 * ntfs_look_free_mft - Look for a free MFT record.
 555 */
 556int ntfs_look_free_mft(struct ntfs_sb_info *sbi, CLST *rno, bool mft,
 557		       struct ntfs_inode *ni, struct mft_inode **mi)
 558{
 559	int err = 0;
 560	size_t zbit, zlen, from, to, fr;
 561	size_t mft_total;
 562	struct MFT_REF ref;
 563	struct super_block *sb = sbi->sb;
 564	struct wnd_bitmap *wnd = &sbi->mft.bitmap;
 565	u32 ir;
 566
 567	static_assert(sizeof(sbi->mft.reserved_bitmap) * 8 >=
 568		      MFT_REC_FREE - MFT_REC_RESERVED);
 569
 570	if (!mft)
 571		down_write_nested(&wnd->rw_lock, BITMAP_MUTEX_MFT);
 572
 573	zlen = wnd_zone_len(wnd);
 574
 575	/* Always reserve space for MFT. */
 576	if (zlen) {
 577		if (mft) {
 578			zbit = wnd_zone_bit(wnd);
 579			*rno = zbit;
 580			wnd_zone_set(wnd, zbit + 1, zlen - 1);
 581		}
 582		goto found;
 583	}
 584
 585	/* No MFT zone. Find the nearest to '0' free MFT. */
 586	if (!wnd_find(wnd, 1, MFT_REC_FREE, 0, &zbit)) {
 587		/* Resize MFT */
 588		mft_total = wnd->nbits;
 589
 590		err = ntfs_extend_mft(sbi);
 591		if (!err) {
 592			zbit = mft_total;
 593			goto reserve_mft;
 594		}
 595
 596		if (!mft || MFT_REC_FREE == sbi->mft.next_reserved)
 597			goto out;
 598
 599		err = 0;
 600
 601		/*
 602		 * Look for free record reserved area [11-16) ==
 603		 * [MFT_REC_RESERVED, MFT_REC_FREE ) MFT bitmap always
 604		 * marks it as used.
 605		 */
 606		if (!sbi->mft.reserved_bitmap) {
 607			/* Once per session create internal bitmap for 5 bits. */
 608			sbi->mft.reserved_bitmap = 0xFF;
 609
 610			ref.high = 0;
 611			for (ir = MFT_REC_RESERVED; ir < MFT_REC_FREE; ir++) {
 612				struct inode *i;
 613				struct ntfs_inode *ni;
 614				struct MFT_REC *mrec;
 615
 616				ref.low = cpu_to_le32(ir);
 617				ref.seq = cpu_to_le16(ir);
 618
 619				i = ntfs_iget5(sb, &ref, NULL);
 620				if (IS_ERR(i)) {
 621next:
 622					ntfs_notice(
 623						sb,
 624						"Invalid reserved record %x",
 625						ref.low);
 626					continue;
 627				}
 628				if (is_bad_inode(i)) {
 629					iput(i);
 630					goto next;
 631				}
 632
 633				ni = ntfs_i(i);
 634
 635				mrec = ni->mi.mrec;
 636
 637				if (!is_rec_base(mrec))
 638					goto next;
 639
 640				if (mrec->hard_links)
 641					goto next;
 642
 643				if (!ni_std(ni))
 644					goto next;
 645
 646				if (ni_find_attr(ni, NULL, NULL, ATTR_NAME,
 647						 NULL, 0, NULL, NULL))
 648					goto next;
 649
 650				__clear_bit(ir - MFT_REC_RESERVED,
 651					    &sbi->mft.reserved_bitmap);
 652			}
 653		}
 654
 655		/* Scan 5 bits for zero. Bit 0 == MFT_REC_RESERVED */
 656		zbit = find_next_zero_bit(&sbi->mft.reserved_bitmap,
 657					  MFT_REC_FREE, MFT_REC_RESERVED);
 658		if (zbit >= MFT_REC_FREE) {
 659			sbi->mft.next_reserved = MFT_REC_FREE;
 660			goto out;
 661		}
 662
 663		zlen = 1;
 664		sbi->mft.next_reserved = zbit;
 665	} else {
 666reserve_mft:
 667		zlen = zbit == MFT_REC_FREE ? (MFT_REC_USER - MFT_REC_FREE) : 4;
 668		if (zbit + zlen > wnd->nbits)
 669			zlen = wnd->nbits - zbit;
 670
 671		while (zlen > 1 && !wnd_is_free(wnd, zbit, zlen))
 672			zlen -= 1;
 673
 674		/* [zbit, zbit + zlen) will be used for MFT itself. */
 675		from = sbi->mft.used;
 676		if (from < zbit)
 677			from = zbit;
 678		to = zbit + zlen;
 679		if (from < to) {
 680			ntfs_clear_mft_tail(sbi, from, to);
 681			sbi->mft.used = to;
 682		}
 683	}
 684
 685	if (mft) {
 686		*rno = zbit;
 687		zbit += 1;
 688		zlen -= 1;
 689	}
 690
 691	wnd_zone_set(wnd, zbit, zlen);
 692
 693found:
 694	if (!mft) {
 695		/* The request to get record for general purpose. */
 696		if (sbi->mft.next_free < MFT_REC_USER)
 697			sbi->mft.next_free = MFT_REC_USER;
 698
 699		for (;;) {
 700			if (sbi->mft.next_free >= sbi->mft.bitmap.nbits) {
 701			} else if (!wnd_find(wnd, 1, MFT_REC_USER, 0, &fr)) {
 702				sbi->mft.next_free = sbi->mft.bitmap.nbits;
 703			} else {
 704				*rno = fr;
 705				sbi->mft.next_free = *rno + 1;
 706				break;
 707			}
 708
 709			err = ntfs_extend_mft(sbi);
 710			if (err)
 711				goto out;
 712		}
 713	}
 714
 715	if (ni && !ni_add_subrecord(ni, *rno, mi)) {
 716		err = -ENOMEM;
 717		goto out;
 718	}
 719
 720	/* We have found a record that are not reserved for next MFT. */
 721	if (*rno >= MFT_REC_FREE)
 722		wnd_set_used(wnd, *rno, 1);
 723	else if (*rno >= MFT_REC_RESERVED && sbi->mft.reserved_bitmap_inited)
 724		__set_bit(*rno - MFT_REC_RESERVED, &sbi->mft.reserved_bitmap);
 725
 726out:
 727	if (!mft)
 728		up_write(&wnd->rw_lock);
 729
 730	return err;
 731}
 732
 733/*
 734 * ntfs_mark_rec_free - Mark record as free.
 735 * is_mft - true if we are changing MFT
 736 */
 737void ntfs_mark_rec_free(struct ntfs_sb_info *sbi, CLST rno, bool is_mft)
 738{
 739	struct wnd_bitmap *wnd = &sbi->mft.bitmap;
 740
 741	if (!is_mft)
 742		down_write_nested(&wnd->rw_lock, BITMAP_MUTEX_MFT);
 743	if (rno >= wnd->nbits)
 744		goto out;
 745
 746	if (rno >= MFT_REC_FREE) {
 747		if (!wnd_is_used(wnd, rno, 1))
 748			ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 749		else
 750			wnd_set_free(wnd, rno, 1);
 751	} else if (rno >= MFT_REC_RESERVED && sbi->mft.reserved_bitmap_inited) {
 752		__clear_bit(rno - MFT_REC_RESERVED, &sbi->mft.reserved_bitmap);
 753	}
 754
 755	if (rno < wnd_zone_bit(wnd))
 756		wnd_zone_set(wnd, rno, 1);
 757	else if (rno < sbi->mft.next_free && rno >= MFT_REC_USER)
 758		sbi->mft.next_free = rno;
 759
 760out:
 761	if (!is_mft)
 762		up_write(&wnd->rw_lock);
 763}
 764
 765/*
 766 * ntfs_clear_mft_tail - Format empty records [from, to).
 767 *
 768 * sbi->mft.bitmap is locked for write.
 769 */
 770int ntfs_clear_mft_tail(struct ntfs_sb_info *sbi, size_t from, size_t to)
 771{
 772	int err;
 773	u32 rs;
 774	u64 vbo;
 775	struct runs_tree *run;
 776	struct ntfs_inode *ni;
 777
 778	if (from >= to)
 779		return 0;
 780
 781	rs = sbi->record_size;
 782	ni = sbi->mft.ni;
 783	run = &ni->file.run;
 784
 785	down_read(&ni->file.run_lock);
 786	vbo = (u64)from * rs;
 787	for (; from < to; from++, vbo += rs) {
 788		struct ntfs_buffers nb;
 789
 790		err = ntfs_get_bh(sbi, run, vbo, rs, &nb);
 791		if (err)
 792			goto out;
 793
 794		err = ntfs_write_bh(sbi, &sbi->new_rec->rhdr, &nb, 0);
 795		nb_put(&nb);
 796		if (err)
 797			goto out;
 798	}
 799
 800out:
 801	sbi->mft.used = from;
 802	up_read(&ni->file.run_lock);
 803	return err;
 804}
 805
 806/*
 807 * ntfs_refresh_zone - Refresh MFT zone.
 808 *
 809 * sbi->used.bitmap is locked for rw.
 810 * sbi->mft.bitmap is locked for write.
 811 * sbi->mft.ni->file.run_lock for write.
 812 */
 813int ntfs_refresh_zone(struct ntfs_sb_info *sbi)
 814{
 815	CLST lcn, vcn, len;
 816	size_t lcn_s, zlen;
 817	struct wnd_bitmap *wnd = &sbi->used.bitmap;
 818	struct ntfs_inode *ni = sbi->mft.ni;
 819
 820	/* Do not change anything unless we have non empty MFT zone. */
 821	if (wnd_zone_len(wnd))
 822		return 0;
 823
 824	vcn = bytes_to_cluster(sbi,
 825			       (u64)sbi->mft.bitmap.nbits << sbi->record_bits);
 826
 827	if (!run_lookup_entry(&ni->file.run, vcn - 1, &lcn, &len, NULL))
 828		lcn = SPARSE_LCN;
 829
 830	/* We should always find Last Lcn for MFT. */
 831	if (lcn == SPARSE_LCN)
 832		return -EINVAL;
 833
 834	lcn_s = lcn + 1;
 835
 836	/* Try to allocate clusters after last MFT run. */
 837	zlen = wnd_find(wnd, sbi->zone_max, lcn_s, 0, &lcn_s);
 838	wnd_zone_set(wnd, lcn_s, zlen);
 839
 840	return 0;
 841}
 842
 843/*
 844 * ntfs_update_mftmirr - Update $MFTMirr data.
 845 */
 846void ntfs_update_mftmirr(struct ntfs_sb_info *sbi, int wait)
 847{
 848	int err;
 849	struct super_block *sb = sbi->sb;
 850	u32 blocksize, bytes;
 851	sector_t block1, block2;
 852
 853	/*
 854	 * sb can be NULL here. In this case sbi->flags should be 0 too.
 855	 */
 856	if (!sb || !(sbi->flags & NTFS_FLAGS_MFTMIRR) ||
 857	    unlikely(ntfs3_forced_shutdown(sb)))
 858		return;
 859
 860	blocksize = sb->s_blocksize;
 861	bytes = sbi->mft.recs_mirr << sbi->record_bits;
 862	block1 = sbi->mft.lbo >> sb->s_blocksize_bits;
 863	block2 = sbi->mft.lbo2 >> sb->s_blocksize_bits;
 864
 865	for (; bytes >= blocksize; bytes -= blocksize) {
 866		struct buffer_head *bh1, *bh2;
 867
 868		bh1 = sb_bread(sb, block1++);
 869		if (!bh1)
 870			return;
 871
 872		bh2 = sb_getblk(sb, block2++);
 873		if (!bh2) {
 874			put_bh(bh1);
 875			return;
 876		}
 877
 878		if (buffer_locked(bh2))
 879			__wait_on_buffer(bh2);
 880
 881		lock_buffer(bh2);
 882		memcpy(bh2->b_data, bh1->b_data, blocksize);
 883		set_buffer_uptodate(bh2);
 884		mark_buffer_dirty(bh2);
 885		unlock_buffer(bh2);
 886
 887		put_bh(bh1);
 888		bh1 = NULL;
 889
 890		err = wait ? sync_dirty_buffer(bh2) : 0;
 891
 892		put_bh(bh2);
 893		if (err)
 894			return;
 895	}
 896
 897	sbi->flags &= ~NTFS_FLAGS_MFTMIRR;
 898}
 899
 900/*
 901 * ntfs_bad_inode
 902 *
 903 * Marks inode as bad and marks fs as 'dirty'
 904 */
 905void ntfs_bad_inode(struct inode *inode, const char *hint)
 906{
 907	struct ntfs_sb_info *sbi = inode->i_sb->s_fs_info;
 908	struct ntfs_inode *ni = ntfs_i(inode);
 909
 910	ntfs_inode_err(inode, "%s", hint);
 911
 912	/* Do not call make_bad_inode()! */
 913	ni->ni_bad = true;
 914
 915	/* Avoid recursion if bad inode is $Volume. */
 916	if (inode->i_ino != MFT_REC_VOL &&
 917	    !(sbi->flags & NTFS_FLAGS_LOG_REPLAYING)) {
 918		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 919	}
 920}
 921
 922/*
 923 * ntfs_set_state
 924 *
 925 * Mount: ntfs_set_state(NTFS_DIRTY_DIRTY)
 926 * Umount: ntfs_set_state(NTFS_DIRTY_CLEAR)
 927 * NTFS error: ntfs_set_state(NTFS_DIRTY_ERROR)
 928 */
 929int ntfs_set_state(struct ntfs_sb_info *sbi, enum NTFS_DIRTY_FLAGS dirty)
 930{
 931	int err;
 932	struct ATTRIB *attr;
 933	struct VOLUME_INFO *info;
 934	struct mft_inode *mi;
 935	struct ntfs_inode *ni;
 936	__le16 info_flags;
 937
 938	/*
 939	 * Do not change state if fs was real_dirty.
 940	 * Do not change state if fs already dirty(clear).
 941	 * Do not change any thing if mounted read only.
 942	 */
 943	if (sbi->volume.real_dirty || sb_rdonly(sbi->sb))
 944		return 0;
 945
 946	/* Check cached value. */
 947	if ((dirty == NTFS_DIRTY_CLEAR ? 0 : VOLUME_FLAG_DIRTY) ==
 948	    (sbi->volume.flags & VOLUME_FLAG_DIRTY))
 949		return 0;
 950
 951	ni = sbi->volume.ni;
 952	if (!ni)
 953		return -EINVAL;
 954
 955	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_DIRTY);
 956
 957	attr = ni_find_attr(ni, NULL, NULL, ATTR_VOL_INFO, NULL, 0, NULL, &mi);
 958	if (!attr) {
 959		err = -EINVAL;
 960		goto out;
 961	}
 962
 963	info = resident_data_ex(attr, SIZEOF_ATTRIBUTE_VOLUME_INFO);
 964	if (!info) {
 965		err = -EINVAL;
 966		goto out;
 967	}
 968
 969	info_flags = info->flags;
 970
 971	switch (dirty) {
 972	case NTFS_DIRTY_ERROR:
 973		ntfs_notice(sbi->sb, "Mark volume as dirty due to NTFS errors");
 974		sbi->volume.real_dirty = true;
 975		fallthrough;
 976	case NTFS_DIRTY_DIRTY:
 977		info->flags |= VOLUME_FLAG_DIRTY;
 978		break;
 979	case NTFS_DIRTY_CLEAR:
 980		info->flags &= ~VOLUME_FLAG_DIRTY;
 981		break;
 982	}
 983	/* Cache current volume flags. */
 984	if (info_flags != info->flags) {
 985		sbi->volume.flags = info->flags;
 986		mi->dirty = true;
 987	}
 988	err = 0;
 989
 990out:
 991	ni_unlock(ni);
 992	if (err)
 993		return err;
 994
 995	mark_inode_dirty_sync(&ni->vfs_inode);
 996	/* verify(!ntfs_update_mftmirr()); */
 997
 998	/* write mft record on disk. */
 999	err = _ni_write_inode(&ni->vfs_inode, 1);
1000
1001	return err;
1002}
1003
1004/*
1005 * security_hash - Calculates a hash of security descriptor.
1006 */
1007static inline __le32 security_hash(const void *sd, size_t bytes)
1008{
1009	u32 hash = 0;
1010	const __le32 *ptr = sd;
1011
1012	bytes >>= 2;
1013	while (bytes--)
1014		hash = ((hash >> 0x1D) | (hash << 3)) + le32_to_cpu(*ptr++);
1015	return cpu_to_le32(hash);
1016}
1017
1018/*
1019 * simple wrapper for sb_bread_unmovable.
1020 */
1021struct buffer_head *ntfs_bread(struct super_block *sb, sector_t block)
1022{
1023	struct ntfs_sb_info *sbi = sb->s_fs_info;
1024	struct buffer_head *bh;
1025
1026	if (unlikely(block >= sbi->volume.blocks)) {
1027		/* prevent generic message "attempt to access beyond end of device" */
1028		ntfs_err(sb, "try to read out of volume at offset 0x%llx",
1029			 (u64)block << sb->s_blocksize_bits);
1030		return NULL;
1031	}
1032
1033	bh = sb_bread_unmovable(sb, block);
1034	if (bh)
1035		return bh;
1036
1037	ntfs_err(sb, "failed to read volume at offset 0x%llx",
1038		 (u64)block << sb->s_blocksize_bits);
1039	return NULL;
1040}
1041
1042int ntfs_sb_write(struct super_block *sb, u64 lbo, size_t bytes,
1043		  const void *buf, int wait)
1044{
1045	u32 blocksize = sb->s_blocksize;
1046	struct block_device *bdev = sb->s_bdev;
1047	sector_t block = lbo >> sb->s_blocksize_bits;
1048	u32 off = lbo & (blocksize - 1);
1049	u32 op = blocksize - off;
1050	struct buffer_head *bh;
1051
1052	if (!wait && (sb->s_flags & SB_SYNCHRONOUS))
1053		wait = 1;
1054
1055	for (; bytes; block += 1, off = 0, op = blocksize) {
1056		if (op > bytes)
1057			op = bytes;
1058
1059		if (op < blocksize) {
1060			bh = __bread(bdev, block, blocksize);
1061			if (!bh) {
1062				ntfs_err(sb, "failed to read block %llx",
1063					 (u64)block);
1064				return -EIO;
1065			}
1066		} else {
1067			bh = __getblk(bdev, block, blocksize);
1068			if (!bh)
1069				return -ENOMEM;
1070		}
1071
1072		if (buffer_locked(bh))
1073			__wait_on_buffer(bh);
1074
1075		lock_buffer(bh);
1076		if (buf) {
1077			memcpy(bh->b_data + off, buf, op);
1078			buf = Add2Ptr(buf, op);
1079		} else {
1080			memset(bh->b_data + off, -1, op);
1081		}
1082
1083		set_buffer_uptodate(bh);
1084		mark_buffer_dirty(bh);
1085		unlock_buffer(bh);
1086
1087		if (wait) {
1088			int err = sync_dirty_buffer(bh);
1089
1090			if (err) {
1091				ntfs_err(
1092					sb,
1093					"failed to sync buffer at block %llx, error %d",
1094					(u64)block, err);
1095				put_bh(bh);
1096				return err;
1097			}
1098		}
1099
1100		put_bh(bh);
1101
1102		bytes -= op;
1103	}
1104	return 0;
1105}
1106
1107int ntfs_sb_write_run(struct ntfs_sb_info *sbi, const struct runs_tree *run,
1108		      u64 vbo, const void *buf, size_t bytes, int sync)
1109{
1110	struct super_block *sb = sbi->sb;
1111	u8 cluster_bits = sbi->cluster_bits;
1112	u32 off = vbo & sbi->cluster_mask;
1113	CLST lcn, clen, vcn = vbo >> cluster_bits, vcn_next;
1114	u64 lbo, len;
1115	size_t idx;
1116
1117	if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx))
1118		return -ENOENT;
1119
1120	if (lcn == SPARSE_LCN)
1121		return -EINVAL;
1122
1123	lbo = ((u64)lcn << cluster_bits) + off;
1124	len = ((u64)clen << cluster_bits) - off;
1125
1126	for (;;) {
1127		u32 op = min_t(u64, len, bytes);
1128		int err = ntfs_sb_write(sb, lbo, op, buf, sync);
1129
1130		if (err)
1131			return err;
1132
1133		bytes -= op;
1134		if (!bytes)
1135			break;
1136
1137		vcn_next = vcn + clen;
1138		if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
1139		    vcn != vcn_next)
1140			return -ENOENT;
1141
1142		if (lcn == SPARSE_LCN)
1143			return -EINVAL;
1144
1145		if (buf)
1146			buf = Add2Ptr(buf, op);
1147
1148		lbo = ((u64)lcn << cluster_bits);
1149		len = ((u64)clen << cluster_bits);
1150	}
1151
1152	return 0;
1153}
1154
1155struct buffer_head *ntfs_bread_run(struct ntfs_sb_info *sbi,
1156				   const struct runs_tree *run, u64 vbo)
1157{
1158	struct super_block *sb = sbi->sb;
1159	u8 cluster_bits = sbi->cluster_bits;
1160	CLST lcn;
1161	u64 lbo;
1162
1163	if (!run_lookup_entry(run, vbo >> cluster_bits, &lcn, NULL, NULL))
1164		return ERR_PTR(-ENOENT);
1165
1166	lbo = ((u64)lcn << cluster_bits) + (vbo & sbi->cluster_mask);
1167
1168	return ntfs_bread(sb, lbo >> sb->s_blocksize_bits);
1169}
1170
1171int ntfs_read_run_nb(struct ntfs_sb_info *sbi, const struct runs_tree *run,
1172		     u64 vbo, void *buf, u32 bytes, struct ntfs_buffers *nb)
1173{
1174	int err;
1175	struct super_block *sb = sbi->sb;
1176	u32 blocksize = sb->s_blocksize;
1177	u8 cluster_bits = sbi->cluster_bits;
1178	u32 off = vbo & sbi->cluster_mask;
1179	u32 nbh = 0;
1180	CLST vcn_next, vcn = vbo >> cluster_bits;
1181	CLST lcn, clen;
1182	u64 lbo, len;
1183	size_t idx;
1184	struct buffer_head *bh;
1185
1186	if (!run) {
1187		/* First reading of $Volume + $MFTMirr + $LogFile goes here. */
1188		if (vbo > MFT_REC_VOL * sbi->record_size) {
1189			err = -ENOENT;
1190			goto out;
1191		}
1192
1193		/* Use absolute boot's 'MFTCluster' to read record. */
1194		lbo = vbo + sbi->mft.lbo;
1195		len = sbi->record_size;
1196	} else if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx)) {
1197		err = -ENOENT;
1198		goto out;
1199	} else {
1200		if (lcn == SPARSE_LCN) {
1201			err = -EINVAL;
1202			goto out;
1203		}
1204
1205		lbo = ((u64)lcn << cluster_bits) + off;
1206		len = ((u64)clen << cluster_bits) - off;
1207	}
1208
1209	off = lbo & (blocksize - 1);
1210	if (nb) {
1211		nb->off = off;
1212		nb->bytes = bytes;
1213	}
1214
1215	for (;;) {
1216		u32 len32 = len >= bytes ? bytes : len;
1217		sector_t block = lbo >> sb->s_blocksize_bits;
1218
1219		do {
1220			u32 op = blocksize - off;
1221
1222			if (op > len32)
1223				op = len32;
1224
1225			bh = ntfs_bread(sb, block);
1226			if (!bh) {
1227				err = -EIO;
1228				goto out;
1229			}
1230
1231			if (buf) {
1232				memcpy(buf, bh->b_data + off, op);
1233				buf = Add2Ptr(buf, op);
1234			}
1235
1236			if (!nb) {
1237				put_bh(bh);
1238			} else if (nbh >= ARRAY_SIZE(nb->bh)) {
1239				err = -EINVAL;
1240				goto out;
1241			} else {
1242				nb->bh[nbh++] = bh;
1243				nb->nbufs = nbh;
1244			}
1245
1246			bytes -= op;
1247			if (!bytes)
1248				return 0;
1249			len32 -= op;
1250			block += 1;
1251			off = 0;
1252
1253		} while (len32);
1254
1255		vcn_next = vcn + clen;
1256		if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
1257		    vcn != vcn_next) {
1258			err = -ENOENT;
1259			goto out;
1260		}
1261
1262		if (lcn == SPARSE_LCN) {
1263			err = -EINVAL;
1264			goto out;
1265		}
1266
1267		lbo = ((u64)lcn << cluster_bits);
1268		len = ((u64)clen << cluster_bits);
1269	}
1270
1271out:
1272	if (!nbh)
1273		return err;
1274
1275	while (nbh) {
1276		put_bh(nb->bh[--nbh]);
1277		nb->bh[nbh] = NULL;
1278	}
1279
1280	nb->nbufs = 0;
1281	return err;
1282}
1283
1284/*
1285 * ntfs_read_bh
1286 *
1287 * Return: < 0 if error, 0 if ok, -E_NTFS_FIXUP if need to update fixups.
1288 */
1289int ntfs_read_bh(struct ntfs_sb_info *sbi, const struct runs_tree *run, u64 vbo,
1290		 struct NTFS_RECORD_HEADER *rhdr, u32 bytes,
1291		 struct ntfs_buffers *nb)
1292{
1293	int err = ntfs_read_run_nb(sbi, run, vbo, rhdr, bytes, nb);
1294
1295	if (err)
1296		return err;
1297	return ntfs_fix_post_read(rhdr, nb->bytes, true);
1298}
1299
1300int ntfs_get_bh(struct ntfs_sb_info *sbi, const struct runs_tree *run, u64 vbo,
1301		u32 bytes, struct ntfs_buffers *nb)
1302{
1303	int err = 0;
1304	struct super_block *sb = sbi->sb;
1305	u32 blocksize = sb->s_blocksize;
1306	u8 cluster_bits = sbi->cluster_bits;
1307	CLST vcn_next, vcn = vbo >> cluster_bits;
1308	u32 off;
1309	u32 nbh = 0;
1310	CLST lcn, clen;
1311	u64 lbo, len;
1312	size_t idx;
1313
1314	nb->bytes = bytes;
1315
1316	if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx)) {
1317		err = -ENOENT;
1318		goto out;
1319	}
1320
1321	off = vbo & sbi->cluster_mask;
1322	lbo = ((u64)lcn << cluster_bits) + off;
1323	len = ((u64)clen << cluster_bits) - off;
1324
1325	nb->off = off = lbo & (blocksize - 1);
1326
1327	for (;;) {
1328		u32 len32 = min_t(u64, len, bytes);
1329		sector_t block = lbo >> sb->s_blocksize_bits;
1330
1331		do {
1332			u32 op;
1333			struct buffer_head *bh;
1334
1335			if (nbh >= ARRAY_SIZE(nb->bh)) {
1336				err = -EINVAL;
1337				goto out;
1338			}
1339
1340			op = blocksize - off;
1341			if (op > len32)
1342				op = len32;
1343
1344			if (op == blocksize) {
1345				bh = sb_getblk(sb, block);
1346				if (!bh) {
1347					err = -ENOMEM;
1348					goto out;
1349				}
1350				if (buffer_locked(bh))
1351					__wait_on_buffer(bh);
1352
1353				lock_buffer(bh);
1354				if (!buffer_uptodate(bh))
1355				{
1356					memset(bh->b_data, 0, blocksize);
1357					set_buffer_uptodate(bh);
1358				}
1359				unlock_buffer(bh);
1360			} else {
1361				bh = ntfs_bread(sb, block);
1362				if (!bh) {
1363					err = -EIO;
1364					goto out;
1365				}
1366			}
1367
1368			nb->bh[nbh++] = bh;
1369			bytes -= op;
1370			if (!bytes) {
1371				nb->nbufs = nbh;
1372				return 0;
1373			}
1374
1375			block += 1;
1376			len32 -= op;
1377			off = 0;
1378		} while (len32);
1379
1380		vcn_next = vcn + clen;
1381		if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
1382		    vcn != vcn_next) {
1383			err = -ENOENT;
1384			goto out;
1385		}
1386
1387		lbo = ((u64)lcn << cluster_bits);
1388		len = ((u64)clen << cluster_bits);
1389	}
1390
1391out:
1392	while (nbh) {
1393		put_bh(nb->bh[--nbh]);
1394		nb->bh[nbh] = NULL;
1395	}
1396
1397	nb->nbufs = 0;
1398
1399	return err;
1400}
1401
1402int ntfs_write_bh(struct ntfs_sb_info *sbi, struct NTFS_RECORD_HEADER *rhdr,
1403		  struct ntfs_buffers *nb, int sync)
1404{
1405	int err = 0;
1406	struct super_block *sb = sbi->sb;
1407	u32 block_size = sb->s_blocksize;
1408	u32 bytes = nb->bytes;
1409	u32 off = nb->off;
1410	u16 fo = le16_to_cpu(rhdr->fix_off);
1411	u16 fn = le16_to_cpu(rhdr->fix_num);
1412	u32 idx;
1413	__le16 *fixup;
1414	__le16 sample;
1415
1416	if ((fo & 1) || fo + fn * sizeof(short) > SECTOR_SIZE || !fn-- ||
1417	    fn * SECTOR_SIZE > bytes) {
1418		return -EINVAL;
1419	}
1420
1421	for (idx = 0; bytes && idx < nb->nbufs; idx += 1, off = 0) {
1422		u32 op = block_size - off;
1423		char *bh_data;
1424		struct buffer_head *bh = nb->bh[idx];
1425		__le16 *ptr, *end_data;
1426
1427		if (op > bytes)
1428			op = bytes;
1429
1430		if (buffer_locked(bh))
1431			__wait_on_buffer(bh);
1432
1433		lock_buffer(bh);
1434
1435		bh_data = bh->b_data + off;
1436		end_data = Add2Ptr(bh_data, op);
1437		memcpy(bh_data, rhdr, op);
1438
1439		if (!idx) {
1440			u16 t16;
1441
1442			fixup = Add2Ptr(bh_data, fo);
1443			sample = *fixup;
1444			t16 = le16_to_cpu(sample);
1445			if (t16 >= 0x7FFF) {
1446				sample = *fixup = cpu_to_le16(1);
1447			} else {
1448				sample = cpu_to_le16(t16 + 1);
1449				*fixup = sample;
1450			}
1451
1452			*(__le16 *)Add2Ptr(rhdr, fo) = sample;
1453		}
1454
1455		ptr = Add2Ptr(bh_data, SECTOR_SIZE - sizeof(short));
1456
1457		do {
1458			*++fixup = *ptr;
1459			*ptr = sample;
1460			ptr += SECTOR_SIZE / sizeof(short);
1461		} while (ptr < end_data);
1462
1463		set_buffer_uptodate(bh);
1464		mark_buffer_dirty(bh);
1465		unlock_buffer(bh);
1466
1467		if (sync) {
1468			int err2 = sync_dirty_buffer(bh);
1469
1470			if (!err && err2)
1471				err = err2;
1472		}
1473
1474		bytes -= op;
1475		rhdr = Add2Ptr(rhdr, op);
1476	}
1477
1478	return err;
1479}
1480
1481/*
1482 * ntfs_read_write_run - Read/Write disk's page cache.
1483 */
1484int ntfs_read_write_run(struct ntfs_sb_info *sbi, const struct runs_tree *run,
1485			void *buf, u64 vbo, size_t bytes, int wr)
1486{
1487	struct super_block *sb = sbi->sb;
1488	struct address_space *mapping = sb->s_bdev->bd_mapping;
1489	u8 cluster_bits = sbi->cluster_bits;
1490	CLST vcn_next, vcn = vbo >> cluster_bits;
1491	CLST lcn, clen;
1492	u64 lbo, len;
1493	size_t idx;
1494	u32 off, op;
1495	struct folio *folio;
1496	char *kaddr;
1497
1498	if (!bytes)
1499		return 0;
1500
1501	if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx))
1502		return -ENOENT;
1503
1504	if (lcn == SPARSE_LCN)
1505		return -EINVAL;
1506
1507	off = vbo & sbi->cluster_mask;
1508	lbo = ((u64)lcn << cluster_bits) + off;
1509	len = ((u64)clen << cluster_bits) - off;
1510
1511	for (;;) {
1512		/* Read range [lbo, lbo+len). */
1513		folio = read_mapping_folio(mapping, lbo >> PAGE_SHIFT, NULL);
1514
1515		if (IS_ERR(folio))
1516			return PTR_ERR(folio);
1517
1518		off = offset_in_page(lbo);
1519		op = PAGE_SIZE - off;
1520
1521		if (op > len)
1522			op = len;
1523		if (op > bytes)
1524			op = bytes;
1525
1526		kaddr = kmap_local_folio(folio, 0);
1527		if (wr) {
1528			memcpy(kaddr + off, buf, op);
1529			folio_mark_dirty(folio);
1530		} else {
1531			memcpy(buf, kaddr + off, op);
1532			flush_dcache_folio(folio);
1533		}
1534		kunmap_local(kaddr);
1535		folio_put(folio);
1536
1537		bytes -= op;
1538		if (!bytes)
1539			return 0;
1540
1541		buf += op;
1542		len -= op;
1543		if (len) {
1544			/* next volume's page. */
1545			lbo += op;
1546			continue;
1547		}
1548
1549		/* get next range. */
1550		vcn_next = vcn + clen;
1551		if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
1552		    vcn != vcn_next) {
1553			return -ENOENT;
1554		}
1555
1556		if (lcn == SPARSE_LCN)
1557			return -EINVAL;
1558
1559		lbo = ((u64)lcn << cluster_bits);
1560		len = ((u64)clen << cluster_bits);
1561	}
1562}
1563
1564/*
1565 * ntfs_bio_fill_1 - Helper for ntfs_loadlog_and_replay().
1566 *
1567 * Fill on-disk logfile range by (-1)
1568 * this means empty logfile.
1569 */
1570int ntfs_bio_fill_1(struct ntfs_sb_info *sbi, const struct runs_tree *run)
1571{
1572	int err = 0;
1573	struct super_block *sb = sbi->sb;
1574	struct block_device *bdev = sb->s_bdev;
1575	u8 cluster_bits = sbi->cluster_bits;
1576	struct bio *new, *bio = NULL;
1577	CLST lcn, clen;
1578	u64 lbo, len;
1579	size_t run_idx;
1580	struct page *fill;
1581	void *kaddr;
1582	struct blk_plug plug;
1583
1584	fill = alloc_page(GFP_KERNEL);
1585	if (!fill)
1586		return -ENOMEM;
1587
1588	kaddr = kmap_atomic(fill);
1589	memset(kaddr, -1, PAGE_SIZE);
1590	kunmap_atomic(kaddr);
1591	flush_dcache_page(fill);
1592	lock_page(fill);
1593
1594	if (!run_lookup_entry(run, 0, &lcn, &clen, &run_idx)) {
1595		err = -ENOENT;
1596		goto out;
1597	}
1598
1599	/*
1600	 * TODO: Try blkdev_issue_write_same.
1601	 */
1602	blk_start_plug(&plug);
1603	do {
1604		lbo = (u64)lcn << cluster_bits;
1605		len = (u64)clen << cluster_bits;
1606new_bio:
1607		new = bio_alloc(bdev, BIO_MAX_VECS, REQ_OP_WRITE, GFP_NOFS);
1608		if (bio) {
1609			bio_chain(bio, new);
1610			submit_bio(bio);
1611		}
1612		bio = new;
1613		bio->bi_iter.bi_sector = lbo >> 9;
1614
1615		for (;;) {
1616			u32 add = len > PAGE_SIZE ? PAGE_SIZE : len;
1617
1618			if (bio_add_page(bio, fill, add, 0) < add)
1619				goto new_bio;
1620
1621			lbo += add;
1622			if (len <= add)
1623				break;
1624			len -= add;
1625		}
1626	} while (run_get_entry(run, ++run_idx, NULL, &lcn, &clen));
1627
1628	if (!err)
1629		err = submit_bio_wait(bio);
1630	bio_put(bio);
1631
1632	blk_finish_plug(&plug);
1633out:
1634	unlock_page(fill);
1635	put_page(fill);
1636
1637	return err;
1638}
1639
1640int ntfs_vbo_to_lbo(struct ntfs_sb_info *sbi, const struct runs_tree *run,
1641		    u64 vbo, u64 *lbo, u64 *bytes)
1642{
1643	u32 off;
1644	CLST lcn, len;
1645	u8 cluster_bits = sbi->cluster_bits;
1646
1647	if (!run_lookup_entry(run, vbo >> cluster_bits, &lcn, &len, NULL))
1648		return -ENOENT;
1649
1650	off = vbo & sbi->cluster_mask;
1651	*lbo = lcn == SPARSE_LCN ? -1 : (((u64)lcn << cluster_bits) + off);
1652	*bytes = ((u64)len << cluster_bits) - off;
1653
1654	return 0;
1655}
1656
1657struct ntfs_inode *ntfs_new_inode(struct ntfs_sb_info *sbi, CLST rno,
1658				  enum RECORD_FLAG flag)
1659{
1660	int err = 0;
1661	struct super_block *sb = sbi->sb;
1662	struct inode *inode = new_inode(sb);
1663	struct ntfs_inode *ni;
1664
1665	if (!inode)
1666		return ERR_PTR(-ENOMEM);
1667
1668	ni = ntfs_i(inode);
1669
1670	err = mi_format_new(&ni->mi, sbi, rno, flag, false);
1671	if (err)
1672		goto out;
1673
1674	inode->i_ino = rno;
1675	if (insert_inode_locked(inode) < 0) {
1676		err = -EIO;
1677		goto out;
1678	}
1679
1680out:
1681	if (err) {
1682		make_bad_inode(inode);
1683		iput(inode);
1684		ni = ERR_PTR(err);
1685	}
1686	return ni;
1687}
1688
1689/*
1690 * O:BAG:BAD:(A;OICI;FA;;;WD)
1691 * Owner S-1-5-32-544 (Administrators)
1692 * Group S-1-5-32-544 (Administrators)
1693 * ACE: allow S-1-1-0 (Everyone) with FILE_ALL_ACCESS
1694 */
1695const u8 s_default_security[] __aligned(8) = {
1696	0x01, 0x00, 0x04, 0x80, 0x30, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
1697	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0x1C, 0x00,
1698	0x01, 0x00, 0x00, 0x00, 0x00, 0x03, 0x14, 0x00, 0xFF, 0x01, 0x1F, 0x00,
1699	0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
1700	0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00,
1701	0x20, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
1702	0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00,
1703};
1704
1705static_assert(sizeof(s_default_security) == 0x50);
1706
1707static inline u32 sid_length(const struct SID *sid)
1708{
1709	return struct_size(sid, SubAuthority, sid->SubAuthorityCount);
1710}
1711
1712/*
1713 * is_acl_valid
1714 *
1715 * Thanks Mark Harmstone for idea.
1716 */
1717static bool is_acl_valid(const struct ACL *acl, u32 len)
1718{
1719	const struct ACE_HEADER *ace;
1720	u32 i;
1721	u16 ace_count, ace_size;
1722
1723	if (acl->AclRevision != ACL_REVISION &&
1724	    acl->AclRevision != ACL_REVISION_DS) {
1725		/*
1726		 * This value should be ACL_REVISION, unless the ACL contains an
1727		 * object-specific ACE, in which case this value must be ACL_REVISION_DS.
1728		 * All ACEs in an ACL must be at the same revision level.
1729		 */
1730		return false;
1731	}
1732
1733	if (acl->Sbz1)
1734		return false;
1735
1736	if (le16_to_cpu(acl->AclSize) > len)
1737		return false;
1738
1739	if (acl->Sbz2)
1740		return false;
1741
1742	len -= sizeof(struct ACL);
1743	ace = (struct ACE_HEADER *)&acl[1];
1744	ace_count = le16_to_cpu(acl->AceCount);
1745
1746	for (i = 0; i < ace_count; i++) {
1747		if (len < sizeof(struct ACE_HEADER))
1748			return false;
1749
1750		ace_size = le16_to_cpu(ace->AceSize);
1751		if (len < ace_size)
1752			return false;
1753
1754		len -= ace_size;
1755		ace = Add2Ptr(ace, ace_size);
1756	}
1757
1758	return true;
1759}
1760
1761bool is_sd_valid(const struct SECURITY_DESCRIPTOR_RELATIVE *sd, u32 len)
1762{
1763	u32 sd_owner, sd_group, sd_sacl, sd_dacl;
1764
1765	if (len < sizeof(struct SECURITY_DESCRIPTOR_RELATIVE))
1766		return false;
1767
1768	if (sd->Revision != 1)
1769		return false;
1770
1771	if (sd->Sbz1)
1772		return false;
1773
1774	if (!(sd->Control & SE_SELF_RELATIVE))
1775		return false;
1776
1777	sd_owner = le32_to_cpu(sd->Owner);
1778	if (sd_owner) {
1779		const struct SID *owner = Add2Ptr(sd, sd_owner);
1780
1781		if (sd_owner + offsetof(struct SID, SubAuthority) > len)
1782			return false;
1783
1784		if (owner->Revision != 1)
1785			return false;
1786
1787		if (sd_owner + sid_length(owner) > len)
1788			return false;
1789	}
1790
1791	sd_group = le32_to_cpu(sd->Group);
1792	if (sd_group) {
1793		const struct SID *group = Add2Ptr(sd, sd_group);
1794
1795		if (sd_group + offsetof(struct SID, SubAuthority) > len)
1796			return false;
1797
1798		if (group->Revision != 1)
1799			return false;
1800
1801		if (sd_group + sid_length(group) > len)
1802			return false;
1803	}
1804
1805	sd_sacl = le32_to_cpu(sd->Sacl);
1806	if (sd_sacl) {
1807		const struct ACL *sacl = Add2Ptr(sd, sd_sacl);
1808
1809		if (sd_sacl + sizeof(struct ACL) > len)
1810			return false;
1811
1812		if (!is_acl_valid(sacl, len - sd_sacl))
1813			return false;
1814	}
1815
1816	sd_dacl = le32_to_cpu(sd->Dacl);
1817	if (sd_dacl) {
1818		const struct ACL *dacl = Add2Ptr(sd, sd_dacl);
1819
1820		if (sd_dacl + sizeof(struct ACL) > len)
1821			return false;
1822
1823		if (!is_acl_valid(dacl, len - sd_dacl))
1824			return false;
1825	}
1826
1827	return true;
1828}
1829
1830/*
1831 * ntfs_security_init - Load and parse $Secure.
1832 */
1833int ntfs_security_init(struct ntfs_sb_info *sbi)
1834{
1835	int err;
1836	struct super_block *sb = sbi->sb;
1837	struct inode *inode;
1838	struct ntfs_inode *ni;
1839	struct MFT_REF ref;
1840	struct ATTRIB *attr;
1841	struct ATTR_LIST_ENTRY *le;
1842	u64 sds_size;
1843	size_t off;
1844	struct NTFS_DE *ne;
1845	struct NTFS_DE_SII *sii_e;
1846	struct ntfs_fnd *fnd_sii = NULL;
1847	const struct INDEX_ROOT *root_sii;
1848	const struct INDEX_ROOT *root_sdh;
1849	struct ntfs_index *indx_sdh = &sbi->security.index_sdh;
1850	struct ntfs_index *indx_sii = &sbi->security.index_sii;
1851
1852	ref.low = cpu_to_le32(MFT_REC_SECURE);
1853	ref.high = 0;
1854	ref.seq = cpu_to_le16(MFT_REC_SECURE);
1855
1856	inode = ntfs_iget5(sb, &ref, &NAME_SECURE);
1857	if (IS_ERR(inode)) {
1858		err = PTR_ERR(inode);
1859		ntfs_err(sb, "Failed to load $Secure (%d).", err);
1860		inode = NULL;
1861		goto out;
1862	}
1863
1864	ni = ntfs_i(inode);
1865
1866	le = NULL;
1867
1868	attr = ni_find_attr(ni, NULL, &le, ATTR_ROOT, SDH_NAME,
1869			    ARRAY_SIZE(SDH_NAME), NULL, NULL);
1870	if (!attr ||
1871	    !(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
1872	    root_sdh->type != ATTR_ZERO ||
1873	    root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||
1874	    offsetof(struct INDEX_ROOT, ihdr) +
1875			    le32_to_cpu(root_sdh->ihdr.used) >
1876		    le32_to_cpu(attr->res.data_size)) {
1877		ntfs_err(sb, "$Secure::$SDH is corrupted.");
1878		err = -EINVAL;
1879		goto out;
1880	}
1881
1882	err = indx_init(indx_sdh, sbi, attr, INDEX_MUTEX_SDH);
1883	if (err) {
1884		ntfs_err(sb, "Failed to initialize $Secure::$SDH (%d).", err);
1885		goto out;
1886	}
1887
1888	attr = ni_find_attr(ni, attr, &le, ATTR_ROOT, SII_NAME,
1889			    ARRAY_SIZE(SII_NAME), NULL, NULL);
1890	if (!attr ||
1891	    !(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
1892	    root_sii->type != ATTR_ZERO ||
1893	    root_sii->rule != NTFS_COLLATION_TYPE_UINT ||
1894	    offsetof(struct INDEX_ROOT, ihdr) +
1895			    le32_to_cpu(root_sii->ihdr.used) >
1896		    le32_to_cpu(attr->res.data_size)) {
1897		ntfs_err(sb, "$Secure::$SII is corrupted.");
1898		err = -EINVAL;
1899		goto out;
1900	}
1901
1902	err = indx_init(indx_sii, sbi, attr, INDEX_MUTEX_SII);
1903	if (err) {
1904		ntfs_err(sb, "Failed to initialize $Secure::$SII (%d).", err);
1905		goto out;
1906	}
1907
1908	fnd_sii = fnd_get();
1909	if (!fnd_sii) {
1910		err = -ENOMEM;
1911		goto out;
1912	}
1913
1914	sds_size = inode->i_size;
1915
1916	/* Find the last valid Id. */
1917	sbi->security.next_id = SECURITY_ID_FIRST;
1918	/* Always write new security at the end of bucket. */
1919	sbi->security.next_off =
1920		ALIGN(sds_size - SecurityDescriptorsBlockSize, 16);
1921
1922	off = 0;
1923	ne = NULL;
1924
1925	for (;;) {
1926		u32 next_id;
1927
1928		err = indx_find_raw(indx_sii, ni, root_sii, &ne, &off, fnd_sii);
1929		if (err || !ne)
1930			break;
1931
1932		sii_e = (struct NTFS_DE_SII *)ne;
1933		if (le16_to_cpu(ne->view.data_size) < sizeof(sii_e->sec_hdr))
1934			continue;
1935
1936		next_id = le32_to_cpu(sii_e->sec_id) + 1;
1937		if (next_id >= sbi->security.next_id)
1938			sbi->security.next_id = next_id;
1939	}
1940
1941	sbi->security.ni = ni;
1942	inode = NULL;
1943out:
1944	iput(inode);
1945	fnd_put(fnd_sii);
1946
1947	return err;
1948}
1949
1950/*
1951 * ntfs_get_security_by_id - Read security descriptor by id.
1952 */
1953int ntfs_get_security_by_id(struct ntfs_sb_info *sbi, __le32 security_id,
1954			    struct SECURITY_DESCRIPTOR_RELATIVE **sd,
1955			    size_t *size)
1956{
1957	int err;
1958	int diff;
1959	struct ntfs_inode *ni = sbi->security.ni;
1960	struct ntfs_index *indx = &sbi->security.index_sii;
1961	void *p = NULL;
1962	struct NTFS_DE_SII *sii_e;
1963	struct ntfs_fnd *fnd_sii;
1964	struct SECURITY_HDR d_security;
1965	const struct INDEX_ROOT *root_sii;
1966	u32 t32;
1967
1968	*sd = NULL;
1969
1970	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_SECURITY);
1971
1972	fnd_sii = fnd_get();
1973	if (!fnd_sii) {
1974		err = -ENOMEM;
1975		goto out;
1976	}
1977
1978	root_sii = indx_get_root(indx, ni, NULL, NULL);
1979	if (!root_sii) {
1980		err = -EINVAL;
1981		goto out;
1982	}
1983
1984	/* Try to find this SECURITY descriptor in SII indexes. */
1985	err = indx_find(indx, ni, root_sii, &security_id, sizeof(security_id),
1986			NULL, &diff, (struct NTFS_DE **)&sii_e, fnd_sii);
1987	if (err)
1988		goto out;
1989
1990	if (diff)
1991		goto out;
1992
1993	t32 = le32_to_cpu(sii_e->sec_hdr.size);
1994	if (t32 < sizeof(struct SECURITY_HDR)) {
1995		err = -EINVAL;
1996		goto out;
1997	}
1998
1999	if (t32 > sizeof(struct SECURITY_HDR) + 0x10000) {
2000		/* Looks like too big security. 0x10000 - is arbitrary big number. */
2001		err = -EFBIG;
2002		goto out;
2003	}
2004
2005	*size = t32 - sizeof(struct SECURITY_HDR);
2006
2007	p = kmalloc(*size, GFP_NOFS);
2008	if (!p) {
2009		err = -ENOMEM;
2010		goto out;
2011	}
2012
2013	err = ntfs_read_run_nb(sbi, &ni->file.run,
2014			       le64_to_cpu(sii_e->sec_hdr.off), &d_security,
2015			       sizeof(d_security), NULL);
2016	if (err)
2017		goto out;
2018
2019	if (memcmp(&d_security, &sii_e->sec_hdr, sizeof(d_security))) {
2020		err = -EINVAL;
2021		goto out;
2022	}
2023
2024	err = ntfs_read_run_nb(sbi, &ni->file.run,
2025			       le64_to_cpu(sii_e->sec_hdr.off) +
2026				       sizeof(struct SECURITY_HDR),
2027			       p, *size, NULL);
2028	if (err)
2029		goto out;
2030
2031	*sd = p;
2032	p = NULL;
2033
2034out:
2035	kfree(p);
2036	fnd_put(fnd_sii);
2037	ni_unlock(ni);
2038
2039	return err;
2040}
2041
2042/*
2043 * ntfs_insert_security - Insert security descriptor into $Secure::SDS.
2044 *
2045 * SECURITY Descriptor Stream data is organized into chunks of 256K bytes
2046 * and it contains a mirror copy of each security descriptor.  When writing
2047 * to a security descriptor at location X, another copy will be written at
2048 * location (X+256K).
2049 * When writing a security descriptor that will cross the 256K boundary,
2050 * the pointer will be advanced by 256K to skip
2051 * over the mirror portion.
2052 */
2053int ntfs_insert_security(struct ntfs_sb_info *sbi,
2054			 const struct SECURITY_DESCRIPTOR_RELATIVE *sd,
2055			 u32 size_sd, __le32 *security_id, bool *inserted)
2056{
2057	int err, diff;
2058	struct ntfs_inode *ni = sbi->security.ni;
2059	struct ntfs_index *indx_sdh = &sbi->security.index_sdh;
2060	struct ntfs_index *indx_sii = &sbi->security.index_sii;
2061	struct NTFS_DE_SDH *e;
2062	struct NTFS_DE_SDH sdh_e;
2063	struct NTFS_DE_SII sii_e;
2064	struct SECURITY_HDR *d_security;
2065	u32 new_sec_size = size_sd + sizeof(struct SECURITY_HDR);
2066	u32 aligned_sec_size = ALIGN(new_sec_size, 16);
2067	struct SECURITY_KEY hash_key;
2068	struct ntfs_fnd *fnd_sdh = NULL;
2069	const struct INDEX_ROOT *root_sdh;
2070	const struct INDEX_ROOT *root_sii;
2071	u64 mirr_off, new_sds_size;
2072	u32 next, left;
2073
2074	static_assert((1 << Log2OfSecurityDescriptorsBlockSize) ==
2075		      SecurityDescriptorsBlockSize);
2076
2077	hash_key.hash = security_hash(sd, size_sd);
2078	hash_key.sec_id = SECURITY_ID_INVALID;
2079
2080	if (inserted)
2081		*inserted = false;
2082	*security_id = SECURITY_ID_INVALID;
2083
2084	/* Allocate a temporal buffer. */
2085	d_security = kzalloc(aligned_sec_size, GFP_NOFS);
2086	if (!d_security)
2087		return -ENOMEM;
2088
2089	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_SECURITY);
2090
2091	fnd_sdh = fnd_get();
2092	if (!fnd_sdh) {
2093		err = -ENOMEM;
2094		goto out;
2095	}
2096
2097	root_sdh = indx_get_root(indx_sdh, ni, NULL, NULL);
2098	if (!root_sdh) {
2099		err = -EINVAL;
2100		goto out;
2101	}
2102
2103	root_sii = indx_get_root(indx_sii, ni, NULL, NULL);
2104	if (!root_sii) {
2105		err = -EINVAL;
2106		goto out;
2107	}
2108
2109	/*
2110	 * Check if such security already exists.
2111	 * Use "SDH" and hash -> to get the offset in "SDS".
2112	 */
2113	err = indx_find(indx_sdh, ni, root_sdh, &hash_key, sizeof(hash_key),
2114			&d_security->key.sec_id, &diff, (struct NTFS_DE **)&e,
2115			fnd_sdh);
2116	if (err)
2117		goto out;
2118
2119	while (e) {
2120		if (le32_to_cpu(e->sec_hdr.size) == new_sec_size) {
2121			err = ntfs_read_run_nb(sbi, &ni->file.run,
2122					       le64_to_cpu(e->sec_hdr.off),
2123					       d_security, new_sec_size, NULL);
2124			if (err)
2125				goto out;
2126
2127			if (le32_to_cpu(d_security->size) == new_sec_size &&
2128			    d_security->key.hash == hash_key.hash &&
2129			    !memcmp(d_security + 1, sd, size_sd)) {
2130				/* Such security already exists. */
2131				*security_id = d_security->key.sec_id;
2132				err = 0;
2133				goto out;
2134			}
2135		}
2136
2137		err = indx_find_sort(indx_sdh, ni, root_sdh,
2138				     (struct NTFS_DE **)&e, fnd_sdh);
2139		if (err)
2140			goto out;
2141
2142		if (!e || e->key.hash != hash_key.hash)
2143			break;
2144	}
2145
2146	/* Zero unused space. */
2147	next = sbi->security.next_off & (SecurityDescriptorsBlockSize - 1);
2148	left = SecurityDescriptorsBlockSize - next;
2149
2150	/* Zero gap until SecurityDescriptorsBlockSize. */
2151	if (left < new_sec_size) {
2152		/* Zero "left" bytes from sbi->security.next_off. */
2153		sbi->security.next_off += SecurityDescriptorsBlockSize + left;
2154	}
2155
2156	/* Zero tail of previous security. */
2157	//used = ni->vfs_inode.i_size & (SecurityDescriptorsBlockSize - 1);
2158
2159	/*
2160	 * Example:
2161	 * 0x40438 == ni->vfs_inode.i_size
2162	 * 0x00440 == sbi->security.next_off
2163	 * need to zero [0x438-0x440)
2164	 * if (next > used) {
2165	 *  u32 tozero = next - used;
2166	 *  zero "tozero" bytes from sbi->security.next_off - tozero
2167	 */
2168
2169	/* Format new security descriptor. */
2170	d_security->key.hash = hash_key.hash;
2171	d_security->key.sec_id = cpu_to_le32(sbi->security.next_id);
2172	d_security->off = cpu_to_le64(sbi->security.next_off);
2173	d_security->size = cpu_to_le32(new_sec_size);
2174	memcpy(d_security + 1, sd, size_sd);
2175
2176	/* Write main SDS bucket. */
2177	err = ntfs_sb_write_run(sbi, &ni->file.run, sbi->security.next_off,
2178				d_security, aligned_sec_size, 0);
2179
2180	if (err)
2181		goto out;
2182
2183	mirr_off = sbi->security.next_off + SecurityDescriptorsBlockSize;
2184	new_sds_size = mirr_off + aligned_sec_size;
2185
2186	if (new_sds_size > ni->vfs_inode.i_size) {
2187		err = attr_set_size(ni, ATTR_DATA, SDS_NAME,
2188				    ARRAY_SIZE(SDS_NAME), &ni->file.run,
2189				    new_sds_size, &new_sds_size, false, NULL);
2190		if (err)
2191			goto out;
2192	}
2193
2194	/* Write copy SDS bucket. */
2195	err = ntfs_sb_write_run(sbi, &ni->file.run, mirr_off, d_security,
2196				aligned_sec_size, 0);
2197	if (err)
2198		goto out;
2199
2200	/* Fill SII entry. */
2201	sii_e.de.view.data_off =
2202		cpu_to_le16(offsetof(struct NTFS_DE_SII, sec_hdr));
2203	sii_e.de.view.data_size = cpu_to_le16(sizeof(struct SECURITY_HDR));
2204	sii_e.de.view.res = 0;
2205	sii_e.de.size = cpu_to_le16(sizeof(struct NTFS_DE_SII));
2206	sii_e.de.key_size = cpu_to_le16(sizeof(d_security->key.sec_id));
2207	sii_e.de.flags = 0;
2208	sii_e.de.res = 0;
2209	sii_e.sec_id = d_security->key.sec_id;
2210	memcpy(&sii_e.sec_hdr, d_security, sizeof(struct SECURITY_HDR));
2211
2212	err = indx_insert_entry(indx_sii, ni, &sii_e.de, NULL, NULL, 0);
2213	if (err)
2214		goto out;
2215
2216	/* Fill SDH entry. */
2217	sdh_e.de.view.data_off =
2218		cpu_to_le16(offsetof(struct NTFS_DE_SDH, sec_hdr));
2219	sdh_e.de.view.data_size = cpu_to_le16(sizeof(struct SECURITY_HDR));
2220	sdh_e.de.view.res = 0;
2221	sdh_e.de.size = cpu_to_le16(SIZEOF_SDH_DIRENTRY);
2222	sdh_e.de.key_size = cpu_to_le16(sizeof(sdh_e.key));
2223	sdh_e.de.flags = 0;
2224	sdh_e.de.res = 0;
2225	sdh_e.key.hash = d_security->key.hash;
2226	sdh_e.key.sec_id = d_security->key.sec_id;
2227	memcpy(&sdh_e.sec_hdr, d_security, sizeof(struct SECURITY_HDR));
2228	sdh_e.magic[0] = cpu_to_le16('I');
2229	sdh_e.magic[1] = cpu_to_le16('I');
2230
2231	fnd_clear(fnd_sdh);
2232	err = indx_insert_entry(indx_sdh, ni, &sdh_e.de, (void *)(size_t)1,
2233				fnd_sdh, 0);
2234	if (err)
2235		goto out;
2236
2237	*security_id = d_security->key.sec_id;
2238	if (inserted)
2239		*inserted = true;
2240
2241	/* Update Id and offset for next descriptor. */
2242	sbi->security.next_id += 1;
2243	sbi->security.next_off += aligned_sec_size;
2244
2245out:
2246	fnd_put(fnd_sdh);
2247	mark_inode_dirty(&ni->vfs_inode);
2248	ni_unlock(ni);
2249	kfree(d_security);
2250
2251	return err;
2252}
2253
2254/*
2255 * ntfs_reparse_init - Load and parse $Extend/$Reparse.
2256 */
2257int ntfs_reparse_init(struct ntfs_sb_info *sbi)
2258{
2259	int err;
2260	struct ntfs_inode *ni = sbi->reparse.ni;
2261	struct ntfs_index *indx = &sbi->reparse.index_r;
2262	struct ATTRIB *attr;
2263	struct ATTR_LIST_ENTRY *le;
2264	const struct INDEX_ROOT *root_r;
2265
2266	if (!ni)
2267		return 0;
2268
2269	le = NULL;
2270	attr = ni_find_attr(ni, NULL, &le, ATTR_ROOT, SR_NAME,
2271			    ARRAY_SIZE(SR_NAME), NULL, NULL);
2272	if (!attr) {
2273		err = -EINVAL;
2274		goto out;
2275	}
2276
2277	root_r = resident_data(attr);
2278	if (root_r->type != ATTR_ZERO ||
2279	    root_r->rule != NTFS_COLLATION_TYPE_UINTS) {
2280		err = -EINVAL;
2281		goto out;
2282	}
2283
2284	err = indx_init(indx, sbi, attr, INDEX_MUTEX_SR);
2285	if (err)
2286		goto out;
2287
2288out:
2289	return err;
2290}
2291
2292/*
2293 * ntfs_objid_init - Load and parse $Extend/$ObjId.
2294 */
2295int ntfs_objid_init(struct ntfs_sb_info *sbi)
2296{
2297	int err;
2298	struct ntfs_inode *ni = sbi->objid.ni;
2299	struct ntfs_index *indx = &sbi->objid.index_o;
2300	struct ATTRIB *attr;
2301	struct ATTR_LIST_ENTRY *le;
2302	const struct INDEX_ROOT *root;
2303
2304	if (!ni)
2305		return 0;
2306
2307	le = NULL;
2308	attr = ni_find_attr(ni, NULL, &le, ATTR_ROOT, SO_NAME,
2309			    ARRAY_SIZE(SO_NAME), NULL, NULL);
2310	if (!attr) {
2311		err = -EINVAL;
2312		goto out;
2313	}
2314
2315	root = resident_data(attr);
2316	if (root->type != ATTR_ZERO ||
2317	    root->rule != NTFS_COLLATION_TYPE_UINTS) {
2318		err = -EINVAL;
2319		goto out;
2320	}
2321
2322	err = indx_init(indx, sbi, attr, INDEX_MUTEX_SO);
2323	if (err)
2324		goto out;
2325
2326out:
2327	return err;
2328}
2329
2330int ntfs_objid_remove(struct ntfs_sb_info *sbi, struct GUID *guid)
2331{
2332	int err;
2333	struct ntfs_inode *ni = sbi->objid.ni;
2334	struct ntfs_index *indx = &sbi->objid.index_o;
2335
2336	if (!ni)
2337		return -EINVAL;
2338
2339	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_OBJID);
2340
2341	err = indx_delete_entry(indx, ni, guid, sizeof(*guid), NULL);
2342
2343	mark_inode_dirty(&ni->vfs_inode);
2344	ni_unlock(ni);
2345
2346	return err;
2347}
2348
2349int ntfs_insert_reparse(struct ntfs_sb_info *sbi, __le32 rtag,
2350			const struct MFT_REF *ref)
2351{
2352	int err;
2353	struct ntfs_inode *ni = sbi->reparse.ni;
2354	struct ntfs_index *indx = &sbi->reparse.index_r;
2355	struct NTFS_DE_R re;
2356
2357	if (!ni)
2358		return -EINVAL;
2359
2360	memset(&re, 0, sizeof(re));
2361
2362	re.de.view.data_off = cpu_to_le16(offsetof(struct NTFS_DE_R, zero));
2363	re.de.size = cpu_to_le16(sizeof(struct NTFS_DE_R));
2364	re.de.key_size = cpu_to_le16(sizeof(re.key));
2365
2366	re.key.ReparseTag = rtag;
2367	memcpy(&re.key.ref, ref, sizeof(*ref));
2368
2369	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_REPARSE);
2370
2371	err = indx_insert_entry(indx, ni, &re.de, NULL, NULL, 0);
2372
2373	mark_inode_dirty(&ni->vfs_inode);
2374	ni_unlock(ni);
2375
2376	return err;
2377}
2378
2379int ntfs_remove_reparse(struct ntfs_sb_info *sbi, __le32 rtag,
2380			const struct MFT_REF *ref)
2381{
2382	int err, diff;
2383	struct ntfs_inode *ni = sbi->reparse.ni;
2384	struct ntfs_index *indx = &sbi->reparse.index_r;
2385	struct ntfs_fnd *fnd = NULL;
2386	struct REPARSE_KEY rkey;
2387	struct NTFS_DE_R *re;
2388	struct INDEX_ROOT *root_r;
2389
2390	if (!ni)
2391		return -EINVAL;
2392
2393	rkey.ReparseTag = rtag;
2394	rkey.ref = *ref;
2395
2396	mutex_lock_nested(&ni->ni_lock, NTFS_INODE_MUTEX_REPARSE);
2397
2398	if (rtag) {
2399		err = indx_delete_entry(indx, ni, &rkey, sizeof(rkey), NULL);
2400		goto out1;
2401	}
2402
2403	fnd = fnd_get();
2404	if (!fnd) {
2405		err = -ENOMEM;
2406		goto out1;
2407	}
2408
2409	root_r = indx_get_root(indx, ni, NULL, NULL);
2410	if (!root_r) {
2411		err = -EINVAL;
2412		goto out;
2413	}
2414
2415	/* 1 - forces to ignore rkey.ReparseTag when comparing keys. */
2416	err = indx_find(indx, ni, root_r, &rkey, sizeof(rkey), (void *)1, &diff,
2417			(struct NTFS_DE **)&re, fnd);
2418	if (err)
2419		goto out;
2420
2421	if (memcmp(&re->key.ref, ref, sizeof(*ref))) {
2422		/* Impossible. Looks like volume corrupt? */
2423		goto out;
2424	}
2425
2426	memcpy(&rkey, &re->key, sizeof(rkey));
2427
2428	fnd_put(fnd);
2429	fnd = NULL;
2430
2431	err = indx_delete_entry(indx, ni, &rkey, sizeof(rkey), NULL);
2432	if (err)
2433		goto out;
2434
2435out:
2436	fnd_put(fnd);
2437
2438out1:
2439	mark_inode_dirty(&ni->vfs_inode);
2440	ni_unlock(ni);
2441
2442	return err;
2443}
2444
2445static inline void ntfs_unmap_and_discard(struct ntfs_sb_info *sbi, CLST lcn,
2446					  CLST len)
2447{
2448	ntfs_unmap_meta(sbi->sb, lcn, len);
2449	ntfs_discard(sbi, lcn, len);
2450}
2451
2452void mark_as_free_ex(struct ntfs_sb_info *sbi, CLST lcn, CLST len, bool trim)
2453{
2454	CLST end, i, zone_len, zlen;
2455	struct wnd_bitmap *wnd = &sbi->used.bitmap;
2456	bool dirty = false;
2457
2458	down_write_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS);
2459	if (!wnd_is_used(wnd, lcn, len)) {
2460		/* mark volume as dirty out of wnd->rw_lock */
2461		dirty = true;
2462
2463		end = lcn + len;
2464		len = 0;
2465		for (i = lcn; i < end; i++) {
2466			if (wnd_is_used(wnd, i, 1)) {
2467				if (!len)
2468					lcn = i;
2469				len += 1;
2470				continue;
2471			}
2472
2473			if (!len)
2474				continue;
2475
2476			if (trim)
2477				ntfs_unmap_and_discard(sbi, lcn, len);
2478
2479			wnd_set_free(wnd, lcn, len);
2480			len = 0;
2481		}
2482
2483		if (!len)
2484			goto out;
2485	}
2486
2487	if (trim)
2488		ntfs_unmap_and_discard(sbi, lcn, len);
2489	wnd_set_free(wnd, lcn, len);
2490
2491	/* append to MFT zone, if possible. */
2492	zone_len = wnd_zone_len(wnd);
2493	zlen = min(zone_len + len, sbi->zone_max);
2494
2495	if (zlen == zone_len) {
2496		/* MFT zone already has maximum size. */
2497	} else if (!zone_len) {
2498		/* Create MFT zone only if 'zlen' is large enough. */
2499		if (zlen == sbi->zone_max)
2500			wnd_zone_set(wnd, lcn, zlen);
2501	} else {
2502		CLST zone_lcn = wnd_zone_bit(wnd);
2503
2504		if (lcn + len == zone_lcn) {
2505			/* Append into head MFT zone. */
2506			wnd_zone_set(wnd, lcn, zlen);
2507		} else if (zone_lcn + zone_len == lcn) {
2508			/* Append into tail MFT zone. */
2509			wnd_zone_set(wnd, zone_lcn, zlen);
2510		}
2511	}
2512
2513out:
2514	up_write(&wnd->rw_lock);
2515	if (dirty)
2516		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
2517}
2518
2519/*
2520 * run_deallocate - Deallocate clusters.
2521 */
2522int run_deallocate(struct ntfs_sb_info *sbi, const struct runs_tree *run,
2523		   bool trim)
2524{
2525	CLST lcn, len;
2526	size_t idx = 0;
2527
2528	while (run_get_entry(run, idx++, NULL, &lcn, &len)) {
2529		if (lcn == SPARSE_LCN)
2530			continue;
2531
2532		mark_as_free_ex(sbi, lcn, len, trim);
2533	}
2534
2535	return 0;
2536}
2537
2538static inline bool name_has_forbidden_chars(const struct le_str *fname)
2539{
2540	int i, ch;
2541
2542	/* check for forbidden chars */
2543	for (i = 0; i < fname->len; ++i) {
2544		ch = le16_to_cpu(fname->name[i]);
2545
2546		/* control chars */
2547		if (ch < 0x20)
2548			return true;
2549
2550		switch (ch) {
2551		/* disallowed by Windows */
2552		case '\\':
2553		case '/':
2554		case ':':
2555		case '*':
2556		case '?':
2557		case '<':
2558		case '>':
2559		case '|':
2560		case '\"':
2561			return true;
2562
2563		default:
2564			/* allowed char */
2565			break;
2566		}
2567	}
2568
2569	/* file names cannot end with space or . */
2570	if (fname->len > 0) {
2571		ch = le16_to_cpu(fname->name[fname->len - 1]);
2572		if (ch == ' ' || ch == '.')
2573			return true;
2574	}
2575
2576	return false;
2577}
2578
2579static inline bool is_reserved_name(const struct ntfs_sb_info *sbi,
2580				    const struct le_str *fname)
2581{
2582	int port_digit;
2583	const __le16 *name = fname->name;
2584	int len = fname->len;
2585	const u16 *upcase = sbi->upcase;
2586
2587	/* check for 3 chars reserved names (device names) */
2588	/* name by itself or with any extension is forbidden */
2589	if (len == 3 || (len > 3 && le16_to_cpu(name[3]) == '.'))
2590		if (!ntfs_cmp_names(name, 3, CON_NAME, 3, upcase, false) ||
2591		    !ntfs_cmp_names(name, 3, NUL_NAME, 3, upcase, false) ||
2592		    !ntfs_cmp_names(name, 3, AUX_NAME, 3, upcase, false) ||
2593		    !ntfs_cmp_names(name, 3, PRN_NAME, 3, upcase, false))
2594			return true;
2595
2596	/* check for 4 chars reserved names (port name followed by 1..9) */
2597	/* name by itself or with any extension is forbidden */
2598	if (len == 4 || (len > 4 && le16_to_cpu(name[4]) == '.')) {
2599		port_digit = le16_to_cpu(name[3]);
2600		if (port_digit >= '1' && port_digit <= '9')
2601			if (!ntfs_cmp_names(name, 3, COM_NAME, 3, upcase,
2602					    false) ||
2603			    !ntfs_cmp_names(name, 3, LPT_NAME, 3, upcase,
2604					    false))
2605				return true;
2606	}
2607
2608	return false;
2609}
2610
2611/*
2612 * valid_windows_name - Check if a file name is valid in Windows.
2613 */
2614bool valid_windows_name(struct ntfs_sb_info *sbi, const struct le_str *fname)
2615{
2616	return !name_has_forbidden_chars(fname) &&
2617	       !is_reserved_name(sbi, fname);
2618}
2619
2620/*
2621 * ntfs_set_label - updates current ntfs label.
2622 */
2623int ntfs_set_label(struct ntfs_sb_info *sbi, u8 *label, int len)
2624{
2625	int err;
2626	struct ATTRIB *attr;
2627	u32 uni_bytes;
2628	struct ntfs_inode *ni = sbi->volume.ni;
2629	/* Allocate PATH_MAX bytes. */
2630	struct cpu_str *uni = __getname();
2631
2632	if (!uni)
2633		return -ENOMEM;
2634
2635	err = ntfs_nls_to_utf16(sbi, label, len, uni, (PATH_MAX - 2) / 2,
2636				UTF16_LITTLE_ENDIAN);
2637	if (err < 0)
2638		goto out;
2639
2640	uni_bytes = uni->len * sizeof(u16);
2641	if (uni_bytes > NTFS_LABEL_MAX_LENGTH * sizeof(u16)) {
2642		ntfs_warn(sbi->sb, "new label is too long");
2643		err = -EFBIG;
2644		goto out;
2645	}
2646
2647	ni_lock(ni);
2648
2649	/* Ignore any errors. */
2650	ni_remove_attr(ni, ATTR_LABEL, NULL, 0, false, NULL);
2651
2652	err = ni_insert_resident(ni, uni_bytes, ATTR_LABEL, NULL, 0, &attr,
2653				 NULL, NULL);
2654	if (err < 0)
2655		goto unlock_out;
2656
2657	/* write new label in on-disk struct. */
2658	memcpy(resident_data(attr), uni->name, uni_bytes);
2659
2660	/* update cached value of current label. */
2661	if (len >= ARRAY_SIZE(sbi->volume.label))
2662		len = ARRAY_SIZE(sbi->volume.label) - 1;
2663	memcpy(sbi->volume.label, label, len);
2664	sbi->volume.label[len] = 0;
2665	mark_inode_dirty_sync(&ni->vfs_inode);
2666
2667unlock_out:
2668	ni_unlock(ni);
2669
2670	if (!err)
2671		err = _ni_write_inode(&ni->vfs_inode, 0);
2672
2673out:
2674	__putname(uni);
2675	return err;
2676}