1 /* 2 * linux/fs/hpfs/map.c 3 * 4 * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999 5 * 6 * mapping structures to memory with some minimal checks 7 */ 8 9 #include "hpfs_fn.h" 10 11 __le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh) 12 { 13 return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0); 14 } 15 16 __le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block, 17 struct quad_buffer_head *qbh, char *id) 18 { 19 secno sec; 20 __le32 *ret; 21 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 22 if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) { 23 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id); 24 return NULL; 25 } 26 sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 27 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) { 28 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id); 29 return NULL; 30 } 31 ret = hpfs_map_4sectors(s, sec, qbh, 4); 32 if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1); 33 return ret; 34 } 35 36 void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block) 37 { 38 unsigned to_prefetch, next_prefetch; 39 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 40 if (unlikely(bmp_block >= n_bands)) 41 return; 42 to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 43 if (unlikely(bmp_block + 1 >= n_bands)) 44 next_prefetch = 0; 45 else 46 next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]); 47 hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch)); 48 } 49 50 /* 51 * Load first code page into kernel memory, return pointer to 256-byte array, 52 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are 53 * lowercasing table 54 */ 55 56 unsigned char *hpfs_load_code_page(struct super_block *s, secno cps) 57 { 58 struct buffer_head *bh; 59 secno cpds; 60 unsigned cpi; 61 unsigned char *ptr; 62 unsigned char *cp_table; 63 int i; 64 struct code_page_data *cpd; 65 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0); 66 if (!cp) return NULL; 67 if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) { 68 pr_err("Code page directory magic doesn't match (magic = %08x)\n", 69 le32_to_cpu(cp->magic)); 70 brelse(bh); 71 return NULL; 72 } 73 if (!le32_to_cpu(cp->n_code_pages)) { 74 pr_err("n_code_pages == 0\n"); 75 brelse(bh); 76 return NULL; 77 } 78 cpds = le32_to_cpu(cp->array[0].code_page_data); 79 cpi = le16_to_cpu(cp->array[0].index); 80 brelse(bh); 81 82 if (cpi >= 3) { 83 pr_err("Code page index out of array\n"); 84 return NULL; 85 } 86 87 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL; 88 if (le16_to_cpu(cpd->offs[cpi]) > 0x178) { 89 pr_err("Code page index out of sector\n"); 90 brelse(bh); 91 return NULL; 92 } 93 ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6; 94 if (!(cp_table = kmalloc(256, GFP_KERNEL))) { 95 pr_err("out of memory for code page table\n"); 96 brelse(bh); 97 return NULL; 98 } 99 memcpy(cp_table, ptr, 128); 100 brelse(bh); 101 102 /* Try to build lowercasing table from uppercasing one */ 103 104 for (i=128; i<256; i++) cp_table[i]=i; 105 for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128) 106 cp_table[cp_table[i-128]] = i; 107 108 return cp_table; 109 } 110 111 __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp) 112 { 113 struct buffer_head *bh; 114 int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21; 115 int i; 116 __le32 *b; 117 if (!(b = kmalloc(n * 512, GFP_KERNEL))) { 118 pr_err("can't allocate memory for bitmap directory\n"); 119 return NULL; 120 } 121 for (i=0;i<n;i++) { 122 __le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1); 123 if (!d) { 124 kfree(b); 125 return NULL; 126 } 127 memcpy((char *)b + 512 * i, d, 512); 128 brelse(bh); 129 } 130 return b; 131 } 132 133 /* 134 * Load fnode to memory 135 */ 136 137 struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp) 138 { 139 struct fnode *fnode; 140 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) { 141 return NULL; 142 } 143 if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) { 144 if (hpfs_sb(s)->sb_chk) { 145 struct extended_attribute *ea; 146 struct extended_attribute *ea_end; 147 if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) { 148 hpfs_error(s, "bad magic on fnode %08lx", 149 (unsigned long)ino); 150 goto bail; 151 } 152 if (!fnode_is_dir(fnode)) { 153 if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes != 154 (bp_internal(&fnode->btree) ? 12 : 8)) { 155 hpfs_error(s, 156 "bad number of nodes in fnode %08lx", 157 (unsigned long)ino); 158 goto bail; 159 } 160 if (le16_to_cpu(fnode->btree.first_free) != 161 8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) { 162 hpfs_error(s, 163 "bad first_free pointer in fnode %08lx", 164 (unsigned long)ino); 165 goto bail; 166 } 167 } 168 if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 || 169 le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) { 170 hpfs_error(s, 171 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x", 172 (unsigned long)ino, 173 le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s)); 174 goto bail; 175 } 176 ea = fnode_ea(fnode); 177 ea_end = fnode_end_ea(fnode); 178 while (ea != ea_end) { 179 if (ea > ea_end) { 180 hpfs_error(s, "bad EA in fnode %08lx", 181 (unsigned long)ino); 182 goto bail; 183 } 184 ea = next_ea(ea); 185 } 186 } 187 } 188 return fnode; 189 bail: 190 brelse(*bhp); 191 return NULL; 192 } 193 194 struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp) 195 { 196 struct anode *anode; 197 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL; 198 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD))) 199 if (hpfs_sb(s)->sb_chk) { 200 if (le32_to_cpu(anode->magic) != ANODE_MAGIC) { 201 hpfs_error(s, "bad magic on anode %08x", ano); 202 goto bail; 203 } 204 if (le32_to_cpu(anode->self) != ano) { 205 hpfs_error(s, "self pointer invalid on anode %08x", ano); 206 goto bail; 207 } 208 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes != 209 (bp_internal(&anode->btree) ? 60 : 40)) { 210 hpfs_error(s, "bad number of nodes in anode %08x", ano); 211 goto bail; 212 } 213 if (le16_to_cpu(anode->btree.first_free) != 214 8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) { 215 hpfs_error(s, "bad first_free pointer in anode %08x", ano); 216 goto bail; 217 } 218 } 219 return anode; 220 bail: 221 brelse(*bhp); 222 return NULL; 223 } 224 225 /* 226 * Load dnode to memory and do some checks 227 */ 228 229 struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno, 230 struct quad_buffer_head *qbh) 231 { 232 struct dnode *dnode; 233 if (hpfs_sb(s)->sb_chk) { 234 if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL; 235 if (secno & 3) { 236 hpfs_error(s, "dnode %08x not byte-aligned", secno); 237 return NULL; 238 } 239 } 240 if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD))) 241 if (hpfs_sb(s)->sb_chk) { 242 unsigned p, pp = 0; 243 unsigned char *d = (unsigned char *)dnode; 244 int b = 0; 245 if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) { 246 hpfs_error(s, "bad magic on dnode %08x", secno); 247 goto bail; 248 } 249 if (le32_to_cpu(dnode->self) != secno) 250 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self)); 251 /* Check dirents - bad dirents would cause infinite 252 loops or shooting to memory */ 253 if (le32_to_cpu(dnode->first_free) > 2048) { 254 hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free)); 255 goto bail; 256 } 257 for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) { 258 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p); 259 if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) { 260 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 261 goto bail; 262 } 263 if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) { 264 if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & MS_RDONLY) goto ok; 265 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 266 goto bail; 267 } 268 ok: 269 if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down; 270 if (de->down) if (de_down_pointer(de) < 0x10) { 271 hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp); 272 goto bail; 273 } 274 pp = p; 275 276 } 277 if (p != le32_to_cpu(dnode->first_free)) { 278 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno); 279 goto bail; 280 } 281 if (d[pp + 30] != 1 || d[pp + 31] != 255) { 282 hpfs_error(s, "dnode %08x does not end with \\377 entry", secno); 283 goto bail; 284 } 285 if (b == 3) 286 pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n", 287 secno); 288 } 289 return dnode; 290 bail: 291 hpfs_brelse4(qbh); 292 return NULL; 293 } 294 295 dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino) 296 { 297 struct buffer_head *bh; 298 struct fnode *fnode; 299 dnode_secno dno; 300 301 fnode = hpfs_map_fnode(s, ino, &bh); 302 if (!fnode) 303 return 0; 304 305 dno = le32_to_cpu(fnode->u.external[0].disk_secno); 306 brelse(bh); 307 return dno; 308 } 309