From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 00E85EBD for ; Fri, 7 Oct 2022 11:55:43 +0000 (UTC) Received: by mail-wr1-f43.google.com with SMTP id u10so6954273wrq.2 for ; Fri, 07 Oct 2022 04:55:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=1aFea0r2fAo46iHuuD/8q5QBNTkdkO/FbrfoD+Dc6iI=; b=HCKnImP9tEb00wIe5Ke0GA0rbK8jB60XbKmTckTIQWcpeZ2Vri1WDA5jMQY/vV3gD3 a+xizNlkAQLfAvI8VEtuj3PoD/a+wH5DsdYEGJwacISicWTtk6zN0xC4ZdHUN4mAs1jE fGzaW3af2kq9WtJdDqanA2nxIvq6dJbYnYIR9fXyoOTMosEXcioxL3kzdbsRoCOY6rOL SeMOXbD8j5YLeveanmE4Cg0G0g+Akh6IpqhtM1VvYO1bNNtMxrIa3qMpWEyLG9Z8eHrv /FEYzX+CpmwzORksXPqs4juxABLnzl4bfi2JpID9nacDP6lMy+ZedhLeFtcT2aY+HZrz Idrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1aFea0r2fAo46iHuuD/8q5QBNTkdkO/FbrfoD+Dc6iI=; b=1oLj/Dcyn8OXQBtfRJzJBWmR+fhiIW4FGGzQwuSOVxC1mEBJi+EShRNJJbNec1xA/w bhW/egSPdlk3vb6mjoGZc0kg9IyxOKO8BNt2xGVoCLPSqabIY1ghUG7FaF6TAyKx1SIG jshYuDpHs5y8iZlQ0QVKeGnQUIvuQGsFfY5KgU/u0kDXxqMmuFsn7YnCAB5kUhnakStK UcKgiP5af8ELYIUYFomphkRlFfjcu7FOxHR4AeCRX7cIHsROuV5S8kZ6zjBhoFbvqsAT ploFJP/PkYqyDmR1HOhTeE0hm2JRpsN/2uR3TqdUOjsKiArTL4c2WCsp7HMk2qZYcZIf oOJQ== X-Gm-Message-State: ACrzQf3sv+MjWxQy5ZbGVE3T3qinq/ZBXSUsvn4xSF5CCbq6eypiop5f rMvZCMfE1qc8E1Xj2LS8fu8DAqqtrw0= X-Google-Smtp-Source: AMsMyM73AuF2+zaFLwxsJuiWZF1QmbOQkFF/DyU978CnC3NkiPnwzgGlsTBfeBo316oPkJOQ8GAsyw== X-Received: by 2002:a5d:4f12:0:b0:22e:3920:a09c with SMTP id c18-20020a5d4f12000000b0022e3920a09cmr2875359wru.95.1665143742043; Fri, 07 Oct 2022 04:55:42 -0700 (PDT) Received: from [192.168.42.102] (mo-217-129-7-245.netvisao.pt. [217.129.7.245]) by smtp.gmail.com with ESMTPSA id c8-20020a05600c0a4800b003b4fdbb6319sm8722340wmq.21.2022.10.07.04.55.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 07 Oct 2022 04:55:41 -0700 (PDT) Message-ID: Date: Fri, 7 Oct 2022 12:55:40 +0100 Precedence: bulk X-Mailing-List: ntfs3@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Content-Language: en-US To: Konstantin Komarov , ntfs3@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org From: Daniel Pinto Subject: [PATCH] fs/ntfs3: Add windows_names mount option Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit When enabled, the windows_names mount option prevents the creation of files or directories with names not allowed by Windows. Use the same option name as NTFS-3G for compatibility. Signed-off-by: Daniel Pinto --- fs/ntfs3/frecord.c | 7 ++- fs/ntfs3/fsntfs.c | 104 +++++++++++++++++++++++++++++++++++++++++++++ fs/ntfs3/inode.c | 7 +++ fs/ntfs3/ntfs_fs.h | 2 + fs/ntfs3/super.c | 7 +++ 5 files changed, 126 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 70a80f9412f7..ce5e8f3b1aca 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -3011,6 +3011,7 @@ int ni_add_name(struct ntfs_inode *dir_ni, struct ntfs_inode *ni, struct NTFS_DE *de) { int err; + struct ntfs_sb_info *sbi = ni->mi.sbi; struct ATTRIB *attr; struct ATTR_LIST_ENTRY *le; struct mft_inode *mi; @@ -3018,6 +3019,10 @@ int ni_add_name(struct ntfs_inode *dir_ni, struct ntfs_inode *ni, struct ATTR_FILE_NAME *de_name = (struct ATTR_FILE_NAME *)(de + 1); u16 de_key_size = le16_to_cpu(de->key_size); + if (sbi->options->windows_names && + !valid_windows_name(sbi, (struct le_str *)&de_name->name_len)) + return -EINVAL; + mi_get_ref(&ni->mi, &de->ref); mi_get_ref(&dir_ni->mi, &de_name->home); @@ -3036,7 +3041,7 @@ int ni_add_name(struct ntfs_inode *dir_ni, struct ntfs_inode *ni, memcpy(Add2Ptr(attr, SIZEOF_RESIDENT), de_name, de_key_size); /* Insert new name into directory. */ - err = indx_insert_entry(&dir_ni->dir, dir_ni, de, ni->mi.sbi, NULL, 0); + err = indx_insert_entry(&dir_ni->dir, dir_ni, de, sbi, NULL, 0); if (err) ni_remove_attr_le(ni, attr, mi, le); diff --git a/fs/ntfs3/fsntfs.c b/fs/ntfs3/fsntfs.c index 4ed15f64b17f..674b644e1070 100644 --- a/fs/ntfs3/fsntfs.c +++ b/fs/ntfs3/fsntfs.c @@ -98,6 +98,30 @@ const __le16 WOF_NAME[17] = { }; #endif +static const __le16 CON_NAME[3] = { + cpu_to_le16('C'), cpu_to_le16('O'), cpu_to_le16('N'), +}; + +static const __le16 NUL_NAME[3] = { + cpu_to_le16('N'), cpu_to_le16('U'), cpu_to_le16('L'), +}; + +static const __le16 AUX_NAME[3] = { + cpu_to_le16('A'), cpu_to_le16('U'), cpu_to_le16('X'), +}; + +static const __le16 PRN_NAME[3] = { + cpu_to_le16('P'), cpu_to_le16('R'), cpu_to_le16('N'), +}; + +static const __le16 COM_NAME[3] = { + cpu_to_le16('C'), cpu_to_le16('O'), cpu_to_le16('M'), +}; + +static const __le16 LPT_NAME[3] = { + cpu_to_le16('L'), cpu_to_le16('P'), cpu_to_le16('T'), +}; + // clang-format on /* @@ -2502,3 +2526,83 @@ int run_deallocate(struct ntfs_sb_info *sbi, struct runs_tree *run, bool trim) return 0; } + +static inline bool name_has_forbidden_chars(const struct le_str *fname) +{ + int i, ch; + + /* check for forbidden chars */ + for (i = 0; i < fname->len; ++i) { + ch = le16_to_cpu(fname->name[i]); + + /* control chars */ + if (ch < 0x20) + return true; + + switch (ch) { + /* disallowed by Windows */ + case '\\': + case '/': + case ':': + case '*': + case '?': + case '<': + case '>': + case '|': + case '\"': + return true; + + default: + /* allowed char */ + break; + } + } + + /* file names cannot end with space or . */ + if (fname->len > 0) { + ch = le16_to_cpu(fname->name[fname->len - 1]); + if (ch == ' ' || ch == '.') + return true; + } + + return false; +} + +static inline bool is_reserved_name(struct ntfs_sb_info *sbi, + const struct le_str *fname) +{ + int port_digit; + const __le16 *name = fname->name; + int len = fname->len; + u16 *upcase = sbi->upcase; + + /* check for 3 chars reserved names (device names) */ + /* name by itself or with any extension is forbidden */ + if (len == 3 || (len > 3 && le16_to_cpu(name[3]) == '.')) + if (!ntfs_cmp_names(name, 3, CON_NAME, 3, upcase, false) || + !ntfs_cmp_names(name, 3, NUL_NAME, 3, upcase, false) || + !ntfs_cmp_names(name, 3, AUX_NAME, 3, upcase, false) || + !ntfs_cmp_names(name, 3, PRN_NAME, 3, upcase, false)) + return true; + + /* check for 4 chars reserved names (port name followed by 1..9) */ + /* name by itself or with any extension is forbidden */ + if (len == 4 || (len > 4 && le16_to_cpu(name[4]) == '.')) { + port_digit = le16_to_cpu(name[3]); + if (port_digit >= '1' && port_digit <= '9') + if (!ntfs_cmp_names(name, 3, COM_NAME, 3, upcase, false) || + !ntfs_cmp_names(name, 3, LPT_NAME, 3, upcase, false)) + return true; + } + + return false; +} + +/* + * valid_windows_name - Check if a file name is valid in Windows. + */ +bool valid_windows_name(struct ntfs_sb_info *sbi, const struct le_str *fname) +{ + return !name_has_forbidden_chars(fname) && + !is_reserved_name(sbi, fname); +} diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index e9cf00d14733..4eb298e2ee98 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -1361,6 +1361,13 @@ struct inode *ntfs_create_inode(struct user_namespace *mnt_userns, mi_get_ref(&ni->mi, &new_de->ref); fname = (struct ATTR_FILE_NAME *)(new_de + 1); + + if (sbi->options->windows_names && + !valid_windows_name(sbi, (struct le_str *)&fname->name_len)) { + err = -EINVAL; + goto out4; + } + mi_get_ref(&dir_ni->mi, &fname->home); fname->dup.cr_time = fname->dup.m_time = fname->dup.c_time = fname->dup.a_time = std5->cr_time; diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 6c1c7ef3b2d6..ebfb720fc4fd 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -98,6 +98,7 @@ struct ntfs_mount_options { unsigned showmeta : 1; /* Show meta files. */ unsigned nohidden : 1; /* Do not show hidden files. */ unsigned hide_dot_files : 1; /* Set hidden flag on dot files. */ + unsigned windows_names : 1; /* Disallow names forbidden by Windows. */ unsigned force : 1; /* RW mount dirty volume. */ unsigned noacsrules : 1; /* Exclude acs rules. */ unsigned prealloc : 1; /* Preallocate space when file is growing. */ @@ -645,6 +646,7 @@ int ntfs_remove_reparse(struct ntfs_sb_info *sbi, __le32 rtag, const struct MFT_REF *ref); void mark_as_free_ex(struct ntfs_sb_info *sbi, CLST lcn, CLST len, bool trim); int run_deallocate(struct ntfs_sb_info *sbi, struct runs_tree *run, bool trim); +bool valid_windows_name(struct ntfs_sb_info *sbi, const struct le_str *name); /* Globals from index.c */ int indx_used_bit(struct ntfs_index *indx, struct ntfs_inode *ni, size_t *bit); diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 1e2c04e48f98..6f3485fad417 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -248,6 +248,7 @@ enum Opt { Opt_sparse, Opt_nohidden, Opt_hide_dot_files, + Opt_windows_names, Opt_showmeta, Opt_acl, Opt_iocharset, @@ -269,6 +270,7 @@ static const struct fs_parameter_spec ntfs_fs_parameters[] = { fsparam_flag_no("sparse", Opt_sparse), fsparam_flag_no("hidden", Opt_nohidden), fsparam_flag_no("hidedotfiles", Opt_hide_dot_files), + fsparam_flag_no("windows_names", Opt_windows_names), fsparam_flag_no("acl", Opt_acl), fsparam_flag_no("showmeta", Opt_showmeta), fsparam_flag_no("prealloc", Opt_prealloc), @@ -361,6 +363,9 @@ static int ntfs_fs_parse_param(struct fs_context *fc, case Opt_hide_dot_files: opts->hide_dot_files = result.negated ? 1 : 0; break; + case Opt_windows_names: + opts->windows_names = result.negated ? 0 : 1; + break; case Opt_acl: if (!result.negated) #ifdef CONFIG_NTFS3_FS_POSIX_ACL @@ -561,6 +566,8 @@ static int ntfs_show_options(struct seq_file *m, struct dentry *root) seq_puts(m, ",showmeta"); if (opts->nohidden) seq_puts(m, ",nohidden"); + if (opts->windows_names) + seq_puts(m, ",windows_names"); if (opts->force) seq_puts(m, ",force"); if (opts->noacsrules)