+ For ndctl to work CONFIG_DEV_DAX needs to be enabled as well. For most

+ for filesystems like NFS and for the flock() system

+ call. Disabling this option saves about 11k.

+ raid6_gen_syndrome(rbio->real_stripes, step, pointers);

+ raid6_recov_datap(rbio->real_stripes, step,

+ raid6_recov_2data(rbio->real_stripes, step,

+ raid6_gen_syndrome(rbio->real_stripes, step, pointers);

+static void fat_clus_to_blknr_test(struct kunit *test)

+{

+ struct msdos_sb_info sbi = {

+ .sec_per_clus = 4,

+ .data_start = 100,

+ };

+

+ KUNIT_EXPECT_EQ(test, (sector_t)100,

+ fat_clus_to_blknr(&sbi, FAT_START_ENT));

+ KUNIT_EXPECT_EQ(test, (sector_t)112, fat_clus_to_blknr(&sbi, 5));

+}

+

+static void fat_get_blknr_offset_test(struct kunit *test)

+{

+ struct msdos_sb_info sbi = {

+ .dir_per_block = 16,

+ .dir_per_block_bits = 4,

+ };

+

+ sector_t blknr;

+ int offset;

+

+ fat_get_blknr_offset(&sbi, 0, &blknr, &offset);

+ KUNIT_EXPECT_EQ(test, (sector_t)0, blknr);

+ KUNIT_EXPECT_EQ(test, 0, offset);

+

+ fat_get_blknr_offset(&sbi, (10 << 4) | 7, &blknr, &offset);

+ KUNIT_EXPECT_EQ(test, (sector_t)10, blknr);

+ KUNIT_EXPECT_EQ(test, 7, offset);

+}

+

+ KUNIT_CASE(fat_clus_to_blknr_test),

+ KUNIT_CASE(fat_get_blknr_offset_test),

+ /*

+ * On local mounts ocfs2_inode_lock_update() skips the inode

+ * refresh path, so truncation still needs to reject an inode

+ * state that no longer matches di_bh.

+ */

+ if (unlikely(le64_to_cpu(fe->i_size) != i_size_read(inode))) {

+ status = ocfs2_error(inode->i_sb,

+ "Inode %llu has inconsistent i_size: inode = %lld, dinode = %llu, i_flags = 0x%x\n",

+ (unsigned long long)OCFS2_I(inode)->ip_blkno,

+ i_size_read(inode),

+ (unsigned long long)le64_to_cpu(fe->i_size),

+ le32_to_cpu(fe->i_flags));

+ goto bail;

+ }

+#include <linux/fs_dirent.h>

+ struct buffer_head *bh);

+

+static bool ocfs2_valid_inode_mode(umode_t mode)

+{

+ return fs_umode_to_ftype(mode) != FT_UNKNOWN;

+}

+

+static bool ocfs2_dinode_has_unexpected_rdev(struct ocfs2_dinode *di)

+{

+ umode_t mode = le16_to_cpu(di->i_mode);

+

+ if (le32_to_cpu(di->i_flags) & OCFS2_SYSTEM_FL)

+ return false;

+

+ return !S_ISCHR(mode) && !S_ISBLK(mode) && di->id1.dev1.i_rdev != 0;

+}

+

+static bool ocfs2_dinode_has_size_without_clusters(struct super_block *sb,

+ struct ocfs2_dinode *di)

+{

+ umode_t mode = le16_to_cpu(di->i_mode);

+

+ if (le32_to_cpu(di->i_flags) & OCFS2_SYSTEM_FL)

+ return false;

+ if (le16_to_cpu(di->i_dyn_features) & OCFS2_INLINE_DATA_FL)

+ return false;

+ if (!le64_to_cpu(di->i_size) || le32_to_cpu(di->i_clusters))

+ return false;

+

+ if (S_ISDIR(mode))

+ return true;

+

+ return !ocfs2_sparse_alloc(OCFS2_SB(sb)) && S_ISREG(mode);

+}

+ /*

+ * Reject dinodes whose i_mode does not name one of the seven

+ * canonical POSIX file types. ocfs2_populate_inode() copies

+ * i_mode verbatim into inode->i_mode and then dispatches via

+ * switch (mode & S_IFMT) to file/dir/symlink/special_file iops;

+ * an unrecognised type falls into ocfs2_special_file_iops with

+ * init_special_inode(), which interprets i_rdev. Constrain the

+ * type here so the dispatch only ever sees a value mkfs.ocfs2 /

+ * VFS can produce.

+ */

+ if (!ocfs2_valid_inode_mode(le16_to_cpu(di->i_mode))) {

+ rc = ocfs2_error(sb,

+ "Invalid dinode #%llu: mode 0%o has unknown file type\n",

+ (unsigned long long)bh->b_blocknr,

+ le16_to_cpu(di->i_mode));

+ goto bail;

+ }

+

+ /*

+ * id1.dev1.i_rdev is the device-number arm of the id1 union and

+ * is only meaningful for character and block device inodes. For

+ * any other regular user-visible file type the on-disk value

+ * must be zero. ocfs2_populate_inode() currently runs

+ *

+ * inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));

+ *

+ * unconditionally, before the S_IFMT switch decides whether the

+ * inode is a special file. As a result, an i_rdev value present

+ * on a non-device inode is silently published into the in-core

+ * inode; a subsequent forced re-read or in-core mode mutation

+ * (cluster peer with raw write access to the shared LUN,

+ * on-disk corruption, or a separately forged dinode) can then

+ * expose the attacker-controlled device number to

+ * init_special_inode() without ever showing an unusual i_mode

+ * at validation time.

+ *

+ * System inodes (OCFS2_SYSTEM_FL) legitimately use the bitmap1

+ * and journal1 arms of the same union (allocator i_used /

+ * i_total counters and the journal ij_flags /

+ * ij_recovery_generation pair); those bytes are not an i_rdev

+ * and must not be checked here. Restrict the cross-check to

+ * non-system inodes, which is the full attacker-controllable

+ * surface.

+ */

+ if (ocfs2_dinode_has_unexpected_rdev(di)) {

+ rc = ocfs2_error(sb,

+ "Invalid dinode #%llu: non-device mode 0%o with i_rdev %llu\n",

+ (unsigned long long)bh->b_blocknr,

+ le16_to_cpu(di->i_mode),

+ (unsigned long long)le64_to_cpu(di->id1.dev1.i_rdev));

+ goto bail;

+ }

+

+ /*

+ * Non-inline directories must not have i_size without allocated

+ * clusters: directory growth adds storage before advancing i_size,

+ * and readdir walks i_size block-by-block. A forged directory

+ * with zero clusters and a huge i_size would repeatedly fault on

+ * holes while advancing through the claimed size.

+ *

+ * Non-inline regular files have the same invariant on non-sparse

+ * volumes. Sparse regular files are different: truncate can

+ * legitimately grow i_size without allocating clusters, so keep

+ * the sparse-alloc carveout for S_IFREG only. System inodes and

+ * inline-data dinodes have their own storage rules.

+ */

+ if (ocfs2_dinode_has_size_without_clusters(sb, di)) {

+ if (S_ISDIR(le16_to_cpu(di->i_mode)))

+ rc = ocfs2_error(sb,

+ "Invalid dinode #%llu: directory i_size %llu with i_clusters 0 and no inline-data flag\n",

+ (unsigned long long)bh->b_blocknr,

+ (unsigned long long)le64_to_cpu(di->i_size));

+ else

+ rc = ocfs2_error(sb,

+ "Invalid dinode #%llu: regular file i_size %llu with i_clusters 0 and no inline-data flag on non-sparse volume\n",

+ (unsigned long long)bh->b_blocknr,

+ (unsigned long long)le64_to_cpu(di->i_size));

+ goto bail;

+ }

+

+ goto bail;

+ }

+

+ if (!ocfs2_valid_inode_mode(le16_to_cpu(di->i_mode))) {

+ mlog(ML_ERROR,

+ "Filecheck: invalid dinode #%llu: mode 0%o has unknown file type\n",

+ (unsigned long long)bh->b_blocknr,

+ le16_to_cpu(di->i_mode));

+ rc = -OCFS2_FILECHECK_ERR_INVALIDINO;

+ goto bail;

+ }

+

+ if (ocfs2_dinode_has_unexpected_rdev(di)) {

+ mlog(ML_ERROR,

+ "Filecheck: invalid dinode #%llu: non-device mode 0%o with i_rdev %llu\n",

+ (unsigned long long)bh->b_blocknr,

+ le16_to_cpu(di->i_mode),

+ (unsigned long long)le64_to_cpu(di->id1.dev1.i_rdev));

+ rc = -OCFS2_FILECHECK_ERR_INVALIDINO;

+ goto bail;

+ }

+

+ if (ocfs2_dinode_has_size_without_clusters(sb, di)) {

+ if (S_ISDIR(le16_to_cpu(di->i_mode)))

+ mlog(ML_ERROR,

+ "Filecheck: invalid dinode #%llu: directory i_size %llu with i_clusters 0 and no inline-data flag\n",

+ (unsigned long long)bh->b_blocknr,

+ (unsigned long long)le64_to_cpu(di->i_size));

+ else

+ mlog(ML_ERROR,

+ "Filecheck: invalid dinode #%llu: regular file i_size %llu with i_clusters 0 and no inline-data flag on non-sparse volume\n",

+ (unsigned long long)bh->b_blocknr,

+ (unsigned long long)le64_to_cpu(di->i_size));

+ rc = -OCFS2_FILECHECK_ERR_INVALIDINO;

+ if (WARN_ON(!OCFS2_IS_VALID_DINODE(fe)))

+ return -EIO;

+ rc->rc_bitmap = kzalloc(sb->s_blocksize, GFP_NOFS);

+ if (inode && arr && !*arr && !cmpxchg(&(*arr), NULL, inode)) {

+ inode = igrab(inode);

+ BUG_ON(!inode);

+static int ocfs2_xattr_ibody_lookup_header(struct inode *inode,

+ struct ocfs2_dinode *di,

+ struct ocfs2_xattr_header **header)

+{

+ u16 xattr_count;

+ size_t max_entries;

+ u16 inline_size = le16_to_cpu(di->i_xattr_inline_size);

+

+ if (inline_size > inode->i_sb->s_blocksize ||

+ inline_size < sizeof(struct ocfs2_xattr_header)) {

+ ocfs2_error(inode->i_sb,

+ "Invalid xattr inline size %u in inode %llu\n",

+ inline_size,

+ (unsigned long long)OCFS2_I(inode)->ip_blkno);

+ return -EFSCORRUPTED;

+ }

+

+ *header = (struct ocfs2_xattr_header *)

+ ((void *)di + inode->i_sb->s_blocksize - inline_size);

+

+ xattr_count = le16_to_cpu((*header)->xh_count);

+ max_entries = (inline_size - sizeof(struct ocfs2_xattr_header)) /

+ sizeof(struct ocfs2_xattr_entry);

+

+ if (xattr_count > max_entries) {

+ ocfs2_error(inode->i_sb,

+ "xattr entry count %u exceeds maximum %zu in inode %llu\n",

+ xattr_count, max_entries,

+ (unsigned long long)OCFS2_I(inode)->ip_blkno);

+ return -EFSCORRUPTED;

+ }

+

+ return 0;

+}

+

+ int ret;

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &xh);

+ if (ret)

+ return 1;

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &header);

+ if (ret)

+ return ret;

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &xs->header);

+ if (ret)

+ return ret;

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &header);

+ if (ret)

+ return ret;

+ if (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL) {

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &xs->header);

+ if (ret)

+ return ret;

+ } else {

+ }

+ struct ocfs2_xattr_header *header;

+ int ret;

+ ret = ocfs2_xattr_ibody_lookup_header(inode, di, &header);

+ if (ret)

+ return ret;

+

+ int inline_size;

+ int header_off;

+ struct ocfs2_xattr_header *xh;

+ struct ocfs2_xattr_header *new_xh;

+ ret = ocfs2_xattr_ibody_lookup_header(args->old_inode, di, &xh);

+ if (ret)

+ goto out;

+

+ inline_size = le16_to_cpu(di->i_xattr_inline_size);

+ header_off = osb->sb->s_blocksize - inline_size;

+ new_xh = (struct ocfs2_xattr_header *)

+ (args->new_bh->b_data + header_off);

+

+ struct pid_namespace *const pid_ns;

+

+static struct tgid_iter

+make_tgid_iter(unsigned int init_tgid, struct pid_namespace *pid_ns)

+ return (struct tgid_iter){

+ .tgid = init_tgid - 1,

+ .pid_ns = pid_ns,

+ };

+}

+

+static bool next_tgid(struct tgid_iter *it)

+{

+ if (it->task) {

+ put_task_struct(it->task);

+ it->task = NULL;

+ }

+ while (1) {

+ it->tgid += 1;

+ const auto pid = find_ge_pid(it->tgid, it->pid_ns);

+ if (pid) {

+ it->tgid = pid_nr_ns(pid, it->pid_ns);

+ it->task = pid_task(pid, PIDTYPE_TGID);

+ if (it->task) {

+ get_task_struct(it->task);

+ rcu_read_unlock();

+ return true;

+ }

+ } else {

+ rcu_read_unlock();

+ return false;

+ struct pid_namespace *pid_ns = proc_pid_ns(file_inode(file)->i_sb);

+

+ auto iter = make_tgid_iter(pos - TGID_OFFSET, pid_ns);

+ while (next_tgid(&iter)) {

+ qstr.len = strnlen(fn, NAME_MAX + 1);

+ if (qstr.len == 0) {

+ WARN(1, "empty name\n");

+ return NULL;

+ }

+ if (qstr.len > NAME_MAX) {

+ WARN(1, "name too long\n");