1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/hpfs/map.c 4 * 5 * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999 6 * 7 * mapping structures to memory with some minimal checks 8 */ 9 10 #include "hpfs_fn.h" 11 12 __le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh) 13 { 14 return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0); 15 } 16 17 __le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block, 18 struct quad_buffer_head *qbh, char *id) 19 { 20 secno sec; 21 __le32 *ret; 22 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 23 if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) { 24 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id); 25 return NULL; 26 } 27 sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 28 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) { 29 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id); 30 return NULL; 31 } 32 ret = hpfs_map_4sectors(s, sec, qbh, 4); 33 if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1); 34 return ret; 35 } 36 37 void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block) 38 { 39 unsigned to_prefetch, next_prefetch; 40 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 41 if (unlikely(bmp_block >= n_bands)) 42 return; 43 to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 44 if (unlikely(bmp_block + 1 >= n_bands)) 45 next_prefetch = 0; 46 else 47 next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]); 48 hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch)); 49 } 50 51 /* 52 * Load first code page into kernel memory, return pointer to 256-byte array, 53 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are 54 * lowercasing table 55 */ 56 57 unsigned char *hpfs_load_code_page(struct super_block *s, secno cps) 58 { 59 struct buffer_head *bh; 60 secno cpds; 61 unsigned cpi; 62 unsigned char *ptr; 63 unsigned char *cp_table; 64 int i; 65 struct code_page_data *cpd; 66 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0); 67 if (!cp) return NULL; 68 if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) { 69 pr_err("Code page directory magic doesn't match (magic = %08x)\n", 70 le32_to_cpu(cp->magic)); 71 brelse(bh); 72 return NULL; 73 } 74 if (!le32_to_cpu(cp->n_code_pages)) { 75 pr_err("n_code_pages == 0\n"); 76 brelse(bh); 77 return NULL; 78 } 79 cpds = le32_to_cpu(cp->array[0].code_page_data); 80 cpi = le16_to_cpu(cp->array[0].index); 81 brelse(bh); 82 83 if (cpi >= 3) { 84 pr_err("Code page index out of array\n"); 85 return NULL; 86 } 87 88 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL; 89 if (le16_to_cpu(cpd->offs[cpi]) > 0x178) { 90 pr_err("Code page index out of sector\n"); 91 brelse(bh); 92 return NULL; 93 } 94 ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6; 95 if (!(cp_table = kmalloc(256, GFP_KERNEL))) { 96 pr_err("out of memory for code page table\n"); 97 brelse(bh); 98 return NULL; 99 } 100 memcpy(cp_table, ptr, 128); 101 brelse(bh); 102 103 /* Try to build lowercasing table from uppercasing one */ 104 105 for (i=128; i<256; i++) cp_table[i]=i; 106 for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128) 107 cp_table[cp_table[i-128]] = i; 108 109 return cp_table; 110 } 111 112 __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp) 113 { 114 struct buffer_head *bh; 115 int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21; 116 int i; 117 __le32 *b; 118 if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) { 119 pr_err("can't allocate memory for bitmap directory\n"); 120 return NULL; 121 } 122 for (i=0;i<n;i++) { 123 __le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1); 124 if (!d) { 125 kfree(b); 126 return NULL; 127 } 128 memcpy((char *)b + 512 * i, d, 512); 129 brelse(bh); 130 } 131 return b; 132 } 133 134 void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock) 135 { 136 struct quad_buffer_head qbh; 137 __le32 *directory; 138 u32 n_hotfixes, n_used_hotfixes; 139 unsigned i; 140 141 n_hotfixes = le32_to_cpu(spareblock->n_spares); 142 n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used); 143 144 if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) { 145 hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes); 146 return; 147 } 148 if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) { 149 hpfs_error(s, "can't load hotfix map"); 150 return; 151 } 152 for (i = 0; i < n_used_hotfixes; i++) { 153 hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]); 154 hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]); 155 } 156 hpfs_sb(s)->n_hotfixes = n_used_hotfixes; 157 hpfs_brelse4(&qbh); 158 } 159 160 /* 161 * Load fnode to memory 162 */ 163 164 struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp) 165 { 166 struct fnode *fnode; 167 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) { 168 return NULL; 169 } 170 if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) { 171 if (hpfs_sb(s)->sb_chk) { 172 struct extended_attribute *ea; 173 struct extended_attribute *ea_end; 174 if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) { 175 hpfs_error(s, "bad magic on fnode %08lx", 176 (unsigned long)ino); 177 goto bail; 178 } 179 if (!fnode_is_dir(fnode)) { 180 if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes != 181 (bp_internal(&fnode->btree) ? 12 : 8)) { 182 hpfs_error(s, 183 "bad number of nodes in fnode %08lx", 184 (unsigned long)ino); 185 goto bail; 186 } 187 if (le16_to_cpu(fnode->btree.first_free) != 188 8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) { 189 hpfs_error(s, 190 "bad first_free pointer in fnode %08lx", 191 (unsigned long)ino); 192 goto bail; 193 } 194 } 195 if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 || 196 le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) { 197 hpfs_error(s, 198 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x", 199 (unsigned long)ino, 200 le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s)); 201 goto bail; 202 } 203 ea = fnode_ea(fnode); 204 ea_end = fnode_end_ea(fnode); 205 while (ea != ea_end) { 206 if (ea > ea_end) { 207 hpfs_error(s, "bad EA in fnode %08lx", 208 (unsigned long)ino); 209 goto bail; 210 } 211 ea = next_ea(ea); 212 } 213 } 214 } 215 return fnode; 216 bail: 217 brelse(*bhp); 218 return NULL; 219 } 220 221 struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp) 222 { 223 struct anode *anode; 224 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL; 225 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD))) 226 if (hpfs_sb(s)->sb_chk) { 227 if (le32_to_cpu(anode->magic) != ANODE_MAGIC) { 228 hpfs_error(s, "bad magic on anode %08x", ano); 229 goto bail; 230 } 231 if (le32_to_cpu(anode->self) != ano) { 232 hpfs_error(s, "self pointer invalid on anode %08x", ano); 233 goto bail; 234 } 235 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes != 236 (bp_internal(&anode->btree) ? 60 : 40)) { 237 hpfs_error(s, "bad number of nodes in anode %08x", ano); 238 goto bail; 239 } 240 if (le16_to_cpu(anode->btree.first_free) != 241 8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) { 242 hpfs_error(s, "bad first_free pointer in anode %08x", ano); 243 goto bail; 244 } 245 } 246 return anode; 247 bail: 248 brelse(*bhp); 249 return NULL; 250 } 251 252 /* 253 * Load dnode to memory and do some checks 254 */ 255 256 struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno, 257 struct quad_buffer_head *qbh) 258 { 259 struct dnode *dnode; 260 if (hpfs_sb(s)->sb_chk) { 261 if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL; 262 if (secno & 3) { 263 hpfs_error(s, "dnode %08x not byte-aligned", secno); 264 return NULL; 265 } 266 } 267 if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD))) 268 if (hpfs_sb(s)->sb_chk) { 269 unsigned p, pp = 0; 270 unsigned char *d = (unsigned char *)dnode; 271 int b = 0; 272 if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) { 273 hpfs_error(s, "bad magic on dnode %08x", secno); 274 goto bail; 275 } 276 if (le32_to_cpu(dnode->self) != secno) 277 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self)); 278 /* Check dirents - bad dirents would cause infinite 279 loops or shooting to memory */ 280 if (le32_to_cpu(dnode->first_free) > 2048) { 281 hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free)); 282 goto bail; 283 } 284 for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) { 285 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p); 286 if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) { 287 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 288 goto bail; 289 } 290 if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) { 291 if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & SB_RDONLY) goto ok; 292 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 293 goto bail; 294 } 295 ok: 296 if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down; 297 if (de->down) if (de_down_pointer(de) < 0x10) { 298 hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp); 299 goto bail; 300 } 301 pp = p; 302 303 } 304 if (p != le32_to_cpu(dnode->first_free)) { 305 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno); 306 goto bail; 307 } 308 if (d[pp + 30] != 1 || d[pp + 31] != 255) { 309 hpfs_error(s, "dnode %08x does not end with \\377 entry", secno); 310 goto bail; 311 } 312 if (b == 3) 313 pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n", 314 secno); 315 } 316 return dnode; 317 bail: 318 hpfs_brelse4(qbh); 319 return NULL; 320 } 321 322 dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino) 323 { 324 struct buffer_head *bh; 325 struct fnode *fnode; 326 dnode_secno dno; 327 328 fnode = hpfs_map_fnode(s, ino, &bh); 329 if (!fnode) 330 return 0; 331 332 dno = le32_to_cpu(fnode->u.external[0].disk_secno); 333 brelse(bh); 334 return dno; 335 } 336