xref: /openbmc/qemu/block/vvfat.c (revision 795c40b8)
1 /* vim:set shiftwidth=4 ts=4: */
2 /*
3  * QEMU Block driver for virtual VFAT (shadows a local directory)
4  *
5  * Copyright (c) 2004,2005 Johannes E. Schindelin
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 #include "qemu/osdep.h"
26 #include <dirent.h>
27 #include "qapi/error.h"
28 #include "block/block_int.h"
29 #include "qemu/module.h"
30 #include "qemu/bswap.h"
31 #include "migration/blocker.h"
32 #include "qapi/qmp/qint.h"
33 #include "qapi/qmp/qbool.h"
34 #include "qapi/qmp/qstring.h"
35 #include "qemu/cutils.h"
36 
37 #ifndef S_IWGRP
38 #define S_IWGRP 0
39 #endif
40 #ifndef S_IWOTH
41 #define S_IWOTH 0
42 #endif
43 
44 /* TODO: add ":bootsector=blabla.img:" */
45 /* LATER TODO: add automatic boot sector generation from
46     BOOTEASY.ASM and Ranish Partition Manager
47     Note that DOS assumes the system files to be the first files in the
48     file system (test if the boot sector still relies on that fact)! */
49 /* MAYBE TODO: write block-visofs.c */
50 /* TODO: call try_commit() only after a timeout */
51 
52 /* #define DEBUG */
53 
54 #ifdef DEBUG
55 
56 #define DLOG(a) a
57 
58 static void checkpoint(void);
59 
60 #ifdef __MINGW32__
61 void nonono(const char* file, int line, const char* msg) {
62     fprintf(stderr, "Nonono! %s:%d %s\n", file, line, msg);
63     exit(-5);
64 }
65 #undef assert
66 #define assert(a) do {if (!(a)) nonono(__FILE__, __LINE__, #a);}while(0)
67 #endif
68 
69 #else
70 
71 #define DLOG(a)
72 
73 #endif
74 
75 /* dynamic array functions */
76 typedef struct array_t {
77     char* pointer;
78     unsigned int size,next,item_size;
79 } array_t;
80 
81 static inline void array_init(array_t* array,unsigned int item_size)
82 {
83     array->pointer = NULL;
84     array->size=0;
85     array->next=0;
86     array->item_size=item_size;
87 }
88 
89 static inline void array_free(array_t* array)
90 {
91     g_free(array->pointer);
92     array->size=array->next=0;
93 }
94 
95 /* does not automatically grow */
96 static inline void* array_get(array_t* array,unsigned int index) {
97     assert(index < array->next);
98     return array->pointer + index * array->item_size;
99 }
100 
101 static inline int array_ensure_allocated(array_t* array, int index)
102 {
103     if((index + 1) * array->item_size > array->size) {
104 	int new_size = (index + 32) * array->item_size;
105 	array->pointer = g_realloc(array->pointer, new_size);
106 	if (!array->pointer)
107 	    return -1;
108 	array->size = new_size;
109 	array->next = index + 1;
110     }
111 
112     return 0;
113 }
114 
115 static inline void* array_get_next(array_t* array) {
116     unsigned int next = array->next;
117 
118     if (array_ensure_allocated(array, next) < 0)
119 	return NULL;
120 
121     array->next = next + 1;
122     return array_get(array, next);
123 }
124 
125 static inline void* array_insert(array_t* array,unsigned int index,unsigned int count) {
126     if((array->next+count)*array->item_size>array->size) {
127 	int increment=count*array->item_size;
128 	array->pointer=g_realloc(array->pointer,array->size+increment);
129 	if(!array->pointer)
130             return NULL;
131 	array->size+=increment;
132     }
133     memmove(array->pointer+(index+count)*array->item_size,
134 		array->pointer+index*array->item_size,
135 		(array->next-index)*array->item_size);
136     array->next+=count;
137     return array->pointer+index*array->item_size;
138 }
139 
140 /* this performs a "roll", so that the element which was at index_from becomes
141  * index_to, but the order of all other elements is preserved. */
142 static inline int array_roll(array_t* array,int index_to,int index_from,int count)
143 {
144     char* buf;
145     char* from;
146     char* to;
147     int is;
148 
149     if(!array ||
150 	    index_to<0 || index_to>=array->next ||
151 	    index_from<0 || index_from>=array->next)
152 	return -1;
153 
154     if(index_to==index_from)
155 	return 0;
156 
157     is=array->item_size;
158     from=array->pointer+index_from*is;
159     to=array->pointer+index_to*is;
160     buf=g_malloc(is*count);
161     memcpy(buf,from,is*count);
162 
163     if(index_to<index_from)
164 	memmove(to+is*count,to,from-to);
165     else
166 	memmove(from,from+is*count,to-from);
167 
168     memcpy(to,buf,is*count);
169 
170     g_free(buf);
171 
172     return 0;
173 }
174 
175 static inline int array_remove_slice(array_t* array,int index, int count)
176 {
177     assert(index >=0);
178     assert(count > 0);
179     assert(index + count <= array->next);
180     if(array_roll(array,array->next-1,index,count))
181 	return -1;
182     array->next -= count;
183     return 0;
184 }
185 
186 static int array_remove(array_t* array,int index)
187 {
188     return array_remove_slice(array, index, 1);
189 }
190 
191 /* return the index for a given member */
192 static int array_index(array_t* array, void* pointer)
193 {
194     size_t offset = (char*)pointer - array->pointer;
195     assert((offset % array->item_size) == 0);
196     assert(offset/array->item_size < array->next);
197     return offset/array->item_size;
198 }
199 
200 /* These structures are used to fake a disk and the VFAT filesystem.
201  * For this reason we need to use QEMU_PACKED. */
202 
203 typedef struct bootsector_t {
204     uint8_t jump[3];
205     uint8_t name[8];
206     uint16_t sector_size;
207     uint8_t sectors_per_cluster;
208     uint16_t reserved_sectors;
209     uint8_t number_of_fats;
210     uint16_t root_entries;
211     uint16_t total_sectors16;
212     uint8_t media_type;
213     uint16_t sectors_per_fat;
214     uint16_t sectors_per_track;
215     uint16_t number_of_heads;
216     uint32_t hidden_sectors;
217     uint32_t total_sectors;
218     union {
219         struct {
220 	    uint8_t drive_number;
221 	    uint8_t current_head;
222 	    uint8_t signature;
223 	    uint32_t id;
224 	    uint8_t volume_label[11];
225 	} QEMU_PACKED fat16;
226 	struct {
227 	    uint32_t sectors_per_fat;
228 	    uint16_t flags;
229 	    uint8_t major,minor;
230 	    uint32_t first_cluster_of_root_directory;
231 	    uint16_t info_sector;
232 	    uint16_t backup_boot_sector;
233 	    uint16_t ignored;
234 	} QEMU_PACKED fat32;
235     } u;
236     uint8_t fat_type[8];
237     uint8_t ignored[0x1c0];
238     uint8_t magic[2];
239 } QEMU_PACKED bootsector_t;
240 
241 typedef struct {
242     uint8_t head;
243     uint8_t sector;
244     uint8_t cylinder;
245 } mbr_chs_t;
246 
247 typedef struct partition_t {
248     uint8_t attributes; /* 0x80 = bootable */
249     mbr_chs_t start_CHS;
250     uint8_t   fs_type; /* 0x1 = FAT12, 0x6 = FAT16, 0xe = FAT16_LBA, 0xb = FAT32, 0xc = FAT32_LBA */
251     mbr_chs_t end_CHS;
252     uint32_t start_sector_long;
253     uint32_t length_sector_long;
254 } QEMU_PACKED partition_t;
255 
256 typedef struct mbr_t {
257     uint8_t ignored[0x1b8];
258     uint32_t nt_id;
259     uint8_t ignored2[2];
260     partition_t partition[4];
261     uint8_t magic[2];
262 } QEMU_PACKED mbr_t;
263 
264 typedef struct direntry_t {
265     uint8_t name[8 + 3];
266     uint8_t attributes;
267     uint8_t reserved[2];
268     uint16_t ctime;
269     uint16_t cdate;
270     uint16_t adate;
271     uint16_t begin_hi;
272     uint16_t mtime;
273     uint16_t mdate;
274     uint16_t begin;
275     uint32_t size;
276 } QEMU_PACKED direntry_t;
277 
278 /* this structure are used to transparently access the files */
279 
280 typedef struct mapping_t {
281     /* begin is the first cluster, end is the last+1 */
282     uint32_t begin,end;
283     /* as s->directory is growable, no pointer may be used here */
284     unsigned int dir_index;
285     /* the clusters of a file may be in any order; this points to the first */
286     int first_mapping_index;
287     union {
288 	/* offset is
289 	 * - the offset in the file (in clusters) for a file, or
290 	 * - the next cluster of the directory for a directory, and
291 	 * - the address of the buffer for a faked entry
292 	 */
293 	struct {
294 	    uint32_t offset;
295 	} file;
296 	struct {
297 	    int parent_mapping_index;
298 	    int first_dir_index;
299 	} dir;
300     } info;
301     /* path contains the full path, i.e. it always starts with s->path */
302     char* path;
303 
304     enum { MODE_UNDEFINED = 0, MODE_NORMAL = 1, MODE_MODIFIED = 2,
305 	MODE_DIRECTORY = 4, MODE_FAKED = 8,
306 	MODE_DELETED = 16, MODE_RENAMED = 32 } mode;
307     int read_only;
308 } mapping_t;
309 
310 #ifdef DEBUG
311 static void print_direntry(const struct direntry_t*);
312 static void print_mapping(const struct mapping_t* mapping);
313 #endif
314 
315 /* here begins the real VVFAT driver */
316 
317 typedef struct BDRVVVFATState {
318     CoMutex lock;
319     BlockDriverState* bs; /* pointer to parent */
320     unsigned int first_sectors_number; /* 1 for a single partition, 0x40 for a disk with partition table */
321     unsigned char first_sectors[0x40*0x200];
322 
323     int fat_type; /* 16 or 32 */
324     array_t fat,directory,mapping;
325     char volume_label[11];
326 
327     unsigned int cluster_size;
328     unsigned int sectors_per_cluster;
329     unsigned int sectors_per_fat;
330     unsigned int sectors_of_root_directory;
331     uint32_t last_cluster_of_root_directory;
332     unsigned int faked_sectors; /* how many sectors are faked before file data */
333     uint32_t sector_count; /* total number of sectors of the partition */
334     uint32_t cluster_count; /* total number of clusters of this partition */
335     uint32_t max_fat_value;
336 
337     int current_fd;
338     mapping_t* current_mapping;
339     unsigned char* cluster; /* points to current cluster */
340     unsigned char* cluster_buffer; /* points to a buffer to hold temp data */
341     unsigned int current_cluster;
342 
343     /* write support */
344     char* qcow_filename;
345     BdrvChild* qcow;
346     void* fat2;
347     char* used_clusters;
348     array_t commits;
349     const char* path;
350     int downcase_short_names;
351 
352     Error *migration_blocker;
353 } BDRVVVFATState;
354 
355 /* take the sector position spos and convert it to Cylinder/Head/Sector position
356  * if the position is outside the specified geometry, fill maximum value for CHS
357  * and return 1 to signal overflow.
358  */
359 static int sector2CHS(mbr_chs_t *chs, int spos, int cyls, int heads, int secs)
360 {
361     int head,sector;
362     sector   = spos % secs;  spos /= secs;
363     head     = spos % heads; spos /= heads;
364     if (spos >= cyls) {
365         /* Overflow,
366         it happens if 32bit sector positions are used, while CHS is only 24bit.
367         Windows/Dos is said to take 1023/255/63 as nonrepresentable CHS */
368         chs->head     = 0xFF;
369         chs->sector   = 0xFF;
370         chs->cylinder = 0xFF;
371         return 1;
372     }
373     chs->head     = (uint8_t)head;
374     chs->sector   = (uint8_t)( (sector+1) | ((spos>>8)<<6) );
375     chs->cylinder = (uint8_t)spos;
376     return 0;
377 }
378 
379 static void init_mbr(BDRVVVFATState *s, int cyls, int heads, int secs)
380 {
381     /* TODO: if the files mbr.img and bootsect.img exist, use them */
382     mbr_t* real_mbr=(mbr_t*)s->first_sectors;
383     partition_t* partition = &(real_mbr->partition[0]);
384     int lba;
385 
386     memset(s->first_sectors,0,512);
387 
388     /* Win NT Disk Signature */
389     real_mbr->nt_id= cpu_to_le32(0xbe1afdfa);
390 
391     partition->attributes=0x80; /* bootable */
392 
393     /* LBA is used when partition is outside the CHS geometry */
394     lba  = sector2CHS(&partition->start_CHS, s->first_sectors_number - 1,
395                      cyls, heads, secs);
396     lba |= sector2CHS(&partition->end_CHS,   s->bs->total_sectors - 1,
397                      cyls, heads, secs);
398 
399     /*LBA partitions are identified only by start/length_sector_long not by CHS*/
400     partition->start_sector_long  = cpu_to_le32(s->first_sectors_number - 1);
401     partition->length_sector_long = cpu_to_le32(s->bs->total_sectors
402                                                 - s->first_sectors_number + 1);
403 
404     /* FAT12/FAT16/FAT32 */
405     /* DOS uses different types when partition is LBA,
406        probably to prevent older versions from using CHS on them */
407     partition->fs_type= s->fat_type==12 ? 0x1:
408                         s->fat_type==16 ? (lba?0xe:0x06):
409                          /*fat_tyoe==32*/ (lba?0xc:0x0b);
410 
411     real_mbr->magic[0]=0x55; real_mbr->magic[1]=0xaa;
412 }
413 
414 /* direntry functions */
415 
416 /* dest is assumed to hold 258 bytes, and pads with 0xffff up to next multiple of 26 */
417 static inline int short2long_name(char* dest,const char* src)
418 {
419     int i;
420     int len;
421     for(i=0;i<129 && src[i];i++) {
422         dest[2*i]=src[i];
423 	dest[2*i+1]=0;
424     }
425     len=2*i;
426     dest[2*i]=dest[2*i+1]=0;
427     for(i=2*i+2;(i%26);i++)
428 	dest[i]=0xff;
429     return len;
430 }
431 
432 static inline direntry_t* create_long_filename(BDRVVVFATState* s,const char* filename)
433 {
434     char buffer[258];
435     int length=short2long_name(buffer,filename),
436         number_of_entries=(length+25)/26,i;
437     direntry_t* entry;
438 
439     for(i=0;i<number_of_entries;i++) {
440 	entry=array_get_next(&(s->directory));
441 	entry->attributes=0xf;
442 	entry->reserved[0]=0;
443 	entry->begin=0;
444 	entry->name[0]=(number_of_entries-i)|(i==0?0x40:0);
445     }
446     for(i=0;i<26*number_of_entries;i++) {
447 	int offset=(i%26);
448 	if(offset<10) offset=1+offset;
449 	else if(offset<22) offset=14+offset-10;
450 	else offset=28+offset-22;
451 	entry=array_get(&(s->directory),s->directory.next-1-(i/26));
452 	entry->name[offset]=buffer[i];
453     }
454     return array_get(&(s->directory),s->directory.next-number_of_entries);
455 }
456 
457 static char is_free(const direntry_t* direntry)
458 {
459     return direntry->name[0]==0xe5 || direntry->name[0]==0x00;
460 }
461 
462 static char is_volume_label(const direntry_t* direntry)
463 {
464     return direntry->attributes == 0x28;
465 }
466 
467 static char is_long_name(const direntry_t* direntry)
468 {
469     return direntry->attributes == 0xf;
470 }
471 
472 static char is_short_name(const direntry_t* direntry)
473 {
474     return !is_volume_label(direntry) && !is_long_name(direntry)
475 	&& !is_free(direntry);
476 }
477 
478 static char is_directory(const direntry_t* direntry)
479 {
480     return direntry->attributes & 0x10 && direntry->name[0] != 0xe5;
481 }
482 
483 static inline char is_dot(const direntry_t* direntry)
484 {
485     return is_short_name(direntry) && direntry->name[0] == '.';
486 }
487 
488 static char is_file(const direntry_t* direntry)
489 {
490     return is_short_name(direntry) && !is_directory(direntry);
491 }
492 
493 static inline uint32_t begin_of_direntry(const direntry_t* direntry)
494 {
495     return le16_to_cpu(direntry->begin)|(le16_to_cpu(direntry->begin_hi)<<16);
496 }
497 
498 static inline uint32_t filesize_of_direntry(const direntry_t* direntry)
499 {
500     return le32_to_cpu(direntry->size);
501 }
502 
503 static void set_begin_of_direntry(direntry_t* direntry, uint32_t begin)
504 {
505     direntry->begin = cpu_to_le16(begin & 0xffff);
506     direntry->begin_hi = cpu_to_le16((begin >> 16) & 0xffff);
507 }
508 
509 /* fat functions */
510 
511 static inline uint8_t fat_chksum(const direntry_t* entry)
512 {
513     uint8_t chksum=0;
514     int i;
515 
516     for (i = 0; i < ARRAY_SIZE(entry->name); i++) {
517         chksum = (((chksum & 0xfe) >> 1) |
518                   ((chksum & 0x01) ? 0x80 : 0)) + entry->name[i];
519     }
520 
521     return chksum;
522 }
523 
524 /* if return_time==0, this returns the fat_date, else the fat_time */
525 static uint16_t fat_datetime(time_t time,int return_time) {
526     struct tm* t;
527     struct tm t1;
528     t = &t1;
529     localtime_r(&time,t);
530     if(return_time)
531 	return cpu_to_le16((t->tm_sec/2)|(t->tm_min<<5)|(t->tm_hour<<11));
532     return cpu_to_le16((t->tm_mday)|((t->tm_mon+1)<<5)|((t->tm_year-80)<<9));
533 }
534 
535 static inline void fat_set(BDRVVVFATState* s,unsigned int cluster,uint32_t value)
536 {
537     if(s->fat_type==32) {
538 	uint32_t* entry=array_get(&(s->fat),cluster);
539 	*entry=cpu_to_le32(value);
540     } else if(s->fat_type==16) {
541 	uint16_t* entry=array_get(&(s->fat),cluster);
542 	*entry=cpu_to_le16(value&0xffff);
543     } else {
544 	int offset = (cluster*3/2);
545 	unsigned char* p = array_get(&(s->fat), offset);
546         switch (cluster&1) {
547 	case 0:
548 		p[0] = value&0xff;
549 		p[1] = (p[1]&0xf0) | ((value>>8)&0xf);
550 		break;
551 	case 1:
552 		p[0] = (p[0]&0xf) | ((value&0xf)<<4);
553 		p[1] = (value>>4);
554 		break;
555 	}
556     }
557 }
558 
559 static inline uint32_t fat_get(BDRVVVFATState* s,unsigned int cluster)
560 {
561     if(s->fat_type==32) {
562 	uint32_t* entry=array_get(&(s->fat),cluster);
563 	return le32_to_cpu(*entry);
564     } else if(s->fat_type==16) {
565 	uint16_t* entry=array_get(&(s->fat),cluster);
566 	return le16_to_cpu(*entry);
567     } else {
568 	const uint8_t* x=(uint8_t*)(s->fat.pointer)+cluster*3/2;
569 	return ((x[0]|(x[1]<<8))>>(cluster&1?4:0))&0x0fff;
570     }
571 }
572 
573 static inline int fat_eof(BDRVVVFATState* s,uint32_t fat_entry)
574 {
575     if(fat_entry>s->max_fat_value-8)
576 	return -1;
577     return 0;
578 }
579 
580 static inline void init_fat(BDRVVVFATState* s)
581 {
582     if (s->fat_type == 12) {
583 	array_init(&(s->fat),1);
584 	array_ensure_allocated(&(s->fat),
585 		s->sectors_per_fat * 0x200 * 3 / 2 - 1);
586     } else {
587 	array_init(&(s->fat),(s->fat_type==32?4:2));
588 	array_ensure_allocated(&(s->fat),
589 		s->sectors_per_fat * 0x200 / s->fat.item_size - 1);
590     }
591     memset(s->fat.pointer,0,s->fat.size);
592 
593     switch(s->fat_type) {
594 	case 12: s->max_fat_value=0xfff; break;
595 	case 16: s->max_fat_value=0xffff; break;
596 	case 32: s->max_fat_value=0x0fffffff; break;
597 	default: s->max_fat_value=0; /* error... */
598     }
599 
600 }
601 
602 /* TODO: in create_short_filename, 0xe5->0x05 is not yet handled! */
603 /* TODO: in parse_short_filename, 0x05->0xe5 is not yet handled! */
604 static inline direntry_t* create_short_and_long_name(BDRVVVFATState* s,
605 	unsigned int directory_start, const char* filename, int is_dot)
606 {
607     int i,j,long_index=s->directory.next;
608     direntry_t* entry = NULL;
609     direntry_t* entry_long = NULL;
610 
611     if(is_dot) {
612 	entry=array_get_next(&(s->directory));
613         memset(entry->name, 0x20, sizeof(entry->name));
614 	memcpy(entry->name,filename,strlen(filename));
615 	return entry;
616     }
617 
618     entry_long=create_long_filename(s,filename);
619 
620     i = strlen(filename);
621     for(j = i - 1; j>0  && filename[j]!='.';j--);
622     if (j > 0)
623 	i = (j > 8 ? 8 : j);
624     else if (i > 8)
625 	i = 8;
626 
627     entry=array_get_next(&(s->directory));
628     memset(entry->name, 0x20, sizeof(entry->name));
629     memcpy(entry->name, filename, i);
630 
631     if (j > 0) {
632         for (i = 0; i < 3 && filename[j + 1 + i]; i++) {
633             entry->name[8 + i] = filename[j + 1 + i];
634         }
635     }
636 
637     /* upcase & remove unwanted characters */
638     for(i=10;i>=0;i--) {
639 	if(i==10 || i==7) for(;i>0 && entry->name[i]==' ';i--);
640 	if(entry->name[i]<=' ' || entry->name[i]>0x7f
641 		|| strchr(".*?<>|\":/\\[];,+='",entry->name[i]))
642 	    entry->name[i]='_';
643         else if(entry->name[i]>='a' && entry->name[i]<='z')
644             entry->name[i]+='A'-'a';
645     }
646 
647     /* mangle duplicates */
648     while(1) {
649 	direntry_t* entry1=array_get(&(s->directory),directory_start);
650 	int j;
651 
652 	for(;entry1<entry;entry1++)
653 	    if(!is_long_name(entry1) && !memcmp(entry1->name,entry->name,11))
654 		break; /* found dupe */
655 	if(entry1==entry) /* no dupe found */
656 	    break;
657 
658 	/* use all 8 characters of name */
659 	if(entry->name[7]==' ') {
660 	    int j;
661 	    for(j=6;j>0 && entry->name[j]==' ';j--)
662 		entry->name[j]='~';
663 	}
664 
665 	/* increment number */
666 	for(j=7;j>0 && entry->name[j]=='9';j--)
667 	    entry->name[j]='0';
668 	if(j>0) {
669 	    if(entry->name[j]<'0' || entry->name[j]>'9')
670 	        entry->name[j]='0';
671 	    else
672 	        entry->name[j]++;
673 	}
674     }
675 
676     /* calculate checksum; propagate to long name */
677     if(entry_long) {
678         uint8_t chksum=fat_chksum(entry);
679 
680 	/* calculate anew, because realloc could have taken place */
681 	entry_long=array_get(&(s->directory),long_index);
682 	while(entry_long<entry && is_long_name(entry_long)) {
683 	    entry_long->reserved[1]=chksum;
684 	    entry_long++;
685 	}
686     }
687 
688     return entry;
689 }
690 
691 /*
692  * Read a directory. (the index of the corresponding mapping must be passed).
693  */
694 static int read_directory(BDRVVVFATState* s, int mapping_index)
695 {
696     mapping_t* mapping = array_get(&(s->mapping), mapping_index);
697     direntry_t* direntry;
698     const char* dirname = mapping->path;
699     int first_cluster = mapping->begin;
700     int parent_index = mapping->info.dir.parent_mapping_index;
701     mapping_t* parent_mapping = (mapping_t*)
702         (parent_index >= 0 ? array_get(&(s->mapping), parent_index) : NULL);
703     int first_cluster_of_parent = parent_mapping ? parent_mapping->begin : -1;
704 
705     DIR* dir=opendir(dirname);
706     struct dirent* entry;
707     int i;
708 
709     assert(mapping->mode & MODE_DIRECTORY);
710 
711     if(!dir) {
712 	mapping->end = mapping->begin;
713 	return -1;
714     }
715 
716     i = mapping->info.dir.first_dir_index =
717 	    first_cluster == 0 ? 0 : s->directory.next;
718 
719     /* actually read the directory, and allocate the mappings */
720     while((entry=readdir(dir))) {
721 	unsigned int length=strlen(dirname)+2+strlen(entry->d_name);
722         char* buffer;
723 	direntry_t* direntry;
724         struct stat st;
725 	int is_dot=!strcmp(entry->d_name,".");
726 	int is_dotdot=!strcmp(entry->d_name,"..");
727 
728 	if(first_cluster == 0 && (is_dotdot || is_dot))
729 	    continue;
730 
731 	buffer = g_malloc(length);
732 	snprintf(buffer,length,"%s/%s",dirname,entry->d_name);
733 
734 	if(stat(buffer,&st)<0) {
735             g_free(buffer);
736             continue;
737 	}
738 
739 	/* create directory entry for this file */
740 	direntry=create_short_and_long_name(s, i, entry->d_name,
741 		is_dot || is_dotdot);
742 	direntry->attributes=(S_ISDIR(st.st_mode)?0x10:0x20);
743 	direntry->reserved[0]=direntry->reserved[1]=0;
744 	direntry->ctime=fat_datetime(st.st_ctime,1);
745 	direntry->cdate=fat_datetime(st.st_ctime,0);
746 	direntry->adate=fat_datetime(st.st_atime,0);
747 	direntry->begin_hi=0;
748 	direntry->mtime=fat_datetime(st.st_mtime,1);
749 	direntry->mdate=fat_datetime(st.st_mtime,0);
750 	if(is_dotdot)
751 	    set_begin_of_direntry(direntry, first_cluster_of_parent);
752 	else if(is_dot)
753 	    set_begin_of_direntry(direntry, first_cluster);
754 	else
755 	    direntry->begin=0; /* do that later */
756         if (st.st_size > 0x7fffffff) {
757 	    fprintf(stderr, "File %s is larger than 2GB\n", buffer);
758             g_free(buffer);
759             closedir(dir);
760 	    return -2;
761         }
762 	direntry->size=cpu_to_le32(S_ISDIR(st.st_mode)?0:st.st_size);
763 
764 	/* create mapping for this file */
765 	if(!is_dot && !is_dotdot && (S_ISDIR(st.st_mode) || st.st_size)) {
766 	    s->current_mapping = array_get_next(&(s->mapping));
767 	    s->current_mapping->begin=0;
768 	    s->current_mapping->end=st.st_size;
769 	    /*
770 	     * we get the direntry of the most recent direntry, which
771 	     * contains the short name and all the relevant information.
772 	     */
773 	    s->current_mapping->dir_index=s->directory.next-1;
774 	    s->current_mapping->first_mapping_index = -1;
775 	    if (S_ISDIR(st.st_mode)) {
776 		s->current_mapping->mode = MODE_DIRECTORY;
777 		s->current_mapping->info.dir.parent_mapping_index =
778 		    mapping_index;
779 	    } else {
780 		s->current_mapping->mode = MODE_UNDEFINED;
781 		s->current_mapping->info.file.offset = 0;
782 	    }
783 	    s->current_mapping->path=buffer;
784 	    s->current_mapping->read_only =
785 		(st.st_mode & (S_IWUSR | S_IWGRP | S_IWOTH)) == 0;
786         } else {
787             g_free(buffer);
788         }
789     }
790     closedir(dir);
791 
792     /* fill with zeroes up to the end of the cluster */
793     while(s->directory.next%(0x10*s->sectors_per_cluster)) {
794 	direntry_t* direntry=array_get_next(&(s->directory));
795 	memset(direntry,0,sizeof(direntry_t));
796     }
797 
798 /* TODO: if there are more entries, bootsector has to be adjusted! */
799 #define ROOT_ENTRIES (0x02 * 0x10 * s->sectors_per_cluster)
800     if (mapping_index == 0 && s->directory.next < ROOT_ENTRIES) {
801 	/* root directory */
802 	int cur = s->directory.next;
803 	array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1);
804 	s->directory.next = ROOT_ENTRIES;
805 	memset(array_get(&(s->directory), cur), 0,
806 		(ROOT_ENTRIES - cur) * sizeof(direntry_t));
807     }
808 
809      /* reget the mapping, since s->mapping was possibly realloc()ed */
810     mapping = array_get(&(s->mapping), mapping_index);
811     first_cluster += (s->directory.next - mapping->info.dir.first_dir_index)
812 	* 0x20 / s->cluster_size;
813     mapping->end = first_cluster;
814 
815     direntry = array_get(&(s->directory), mapping->dir_index);
816     set_begin_of_direntry(direntry, mapping->begin);
817 
818     return 0;
819 }
820 
821 static inline uint32_t sector2cluster(BDRVVVFATState* s,off_t sector_num)
822 {
823     return (sector_num-s->faked_sectors)/s->sectors_per_cluster;
824 }
825 
826 static inline off_t cluster2sector(BDRVVVFATState* s, uint32_t cluster_num)
827 {
828     return s->faked_sectors + s->sectors_per_cluster * cluster_num;
829 }
830 
831 static int init_directories(BDRVVVFATState* s,
832                             const char *dirname, int heads, int secs,
833                             Error **errp)
834 {
835     bootsector_t* bootsector;
836     mapping_t* mapping;
837     unsigned int i;
838     unsigned int cluster;
839 
840     memset(&(s->first_sectors[0]),0,0x40*0x200);
841 
842     s->cluster_size=s->sectors_per_cluster*0x200;
843     s->cluster_buffer=g_malloc(s->cluster_size);
844 
845     /*
846      * The formula: sc = spf+1+spf*spc*(512*8/fat_type),
847      * where sc is sector_count,
848      * spf is sectors_per_fat,
849      * spc is sectors_per_clusters, and
850      * fat_type = 12, 16 or 32.
851      */
852     i = 1+s->sectors_per_cluster*0x200*8/s->fat_type;
853     s->sectors_per_fat=(s->sector_count+i)/i; /* round up */
854 
855     array_init(&(s->mapping),sizeof(mapping_t));
856     array_init(&(s->directory),sizeof(direntry_t));
857 
858     /* add volume label */
859     {
860 	direntry_t* entry=array_get_next(&(s->directory));
861 	entry->attributes=0x28; /* archive | volume label */
862         memcpy(entry->name, s->volume_label, sizeof(entry->name));
863     }
864 
865     /* Now build FAT, and write back information into directory */
866     init_fat(s);
867 
868     s->faked_sectors=s->first_sectors_number+s->sectors_per_fat*2;
869     s->cluster_count=sector2cluster(s, s->sector_count);
870 
871     mapping = array_get_next(&(s->mapping));
872     mapping->begin = 0;
873     mapping->dir_index = 0;
874     mapping->info.dir.parent_mapping_index = -1;
875     mapping->first_mapping_index = -1;
876     mapping->path = g_strdup(dirname);
877     i = strlen(mapping->path);
878     if (i > 0 && mapping->path[i - 1] == '/')
879 	mapping->path[i - 1] = '\0';
880     mapping->mode = MODE_DIRECTORY;
881     mapping->read_only = 0;
882     s->path = mapping->path;
883 
884     for (i = 0, cluster = 0; i < s->mapping.next; i++) {
885 	/* MS-DOS expects the FAT to be 0 for the root directory
886 	 * (except for the media byte). */
887 	/* LATER TODO: still true for FAT32? */
888 	int fix_fat = (i != 0);
889 	mapping = array_get(&(s->mapping), i);
890 
891         if (mapping->mode & MODE_DIRECTORY) {
892 	    mapping->begin = cluster;
893 	    if(read_directory(s, i)) {
894                 error_setg(errp, "Could not read directory %s",
895                            mapping->path);
896 		return -1;
897 	    }
898 	    mapping = array_get(&(s->mapping), i);
899 	} else {
900 	    assert(mapping->mode == MODE_UNDEFINED);
901 	    mapping->mode=MODE_NORMAL;
902 	    mapping->begin = cluster;
903 	    if (mapping->end > 0) {
904 		direntry_t* direntry = array_get(&(s->directory),
905 			mapping->dir_index);
906 
907 		mapping->end = cluster + 1 + (mapping->end-1)/s->cluster_size;
908 		set_begin_of_direntry(direntry, mapping->begin);
909 	    } else {
910 		mapping->end = cluster + 1;
911 		fix_fat = 0;
912 	    }
913 	}
914 
915 	assert(mapping->begin < mapping->end);
916 
917 	/* next free cluster */
918 	cluster = mapping->end;
919 
920 	if(cluster > s->cluster_count) {
921             error_setg(errp,
922                        "Directory does not fit in FAT%d (capacity %.2f MB)",
923                        s->fat_type, s->sector_count / 2000.0);
924             return -1;
925 	}
926 
927 	/* fix fat for entry */
928 	if (fix_fat) {
929 	    int j;
930 	    for(j = mapping->begin; j < mapping->end - 1; j++)
931 		fat_set(s, j, j+1);
932 	    fat_set(s, mapping->end - 1, s->max_fat_value);
933 	}
934     }
935 
936     mapping = array_get(&(s->mapping), 0);
937     s->sectors_of_root_directory = mapping->end * s->sectors_per_cluster;
938     s->last_cluster_of_root_directory = mapping->end;
939 
940     /* the FAT signature */
941     fat_set(s,0,s->max_fat_value);
942     fat_set(s,1,s->max_fat_value);
943 
944     s->current_mapping = NULL;
945 
946     bootsector=(bootsector_t*)(s->first_sectors+(s->first_sectors_number-1)*0x200);
947     bootsector->jump[0]=0xeb;
948     bootsector->jump[1]=0x3e;
949     bootsector->jump[2]=0x90;
950     memcpy(bootsector->name,"QEMU    ",8);
951     bootsector->sector_size=cpu_to_le16(0x200);
952     bootsector->sectors_per_cluster=s->sectors_per_cluster;
953     bootsector->reserved_sectors=cpu_to_le16(1);
954     bootsector->number_of_fats=0x2; /* number of FATs */
955     bootsector->root_entries=cpu_to_le16(s->sectors_of_root_directory*0x10);
956     bootsector->total_sectors16=s->sector_count>0xffff?0:cpu_to_le16(s->sector_count);
957     bootsector->media_type=(s->first_sectors_number>1?0xf8:0xf0); /* media descriptor (f8=hd, f0=3.5 fd)*/
958     s->fat.pointer[0] = bootsector->media_type;
959     bootsector->sectors_per_fat=cpu_to_le16(s->sectors_per_fat);
960     bootsector->sectors_per_track = cpu_to_le16(secs);
961     bootsector->number_of_heads = cpu_to_le16(heads);
962     bootsector->hidden_sectors=cpu_to_le32(s->first_sectors_number==1?0:0x3f);
963     bootsector->total_sectors=cpu_to_le32(s->sector_count>0xffff?s->sector_count:0);
964 
965     /* LATER TODO: if FAT32, this is wrong */
966     bootsector->u.fat16.drive_number=s->first_sectors_number==1?0:0x80; /* fda=0, hda=0x80 */
967     bootsector->u.fat16.current_head=0;
968     bootsector->u.fat16.signature=0x29;
969     bootsector->u.fat16.id=cpu_to_le32(0xfabe1afd);
970 
971     memcpy(bootsector->u.fat16.volume_label, s->volume_label,
972            sizeof(bootsector->u.fat16.volume_label));
973     memcpy(bootsector->fat_type,(s->fat_type==12?"FAT12   ":s->fat_type==16?"FAT16   ":"FAT32   "),8);
974     bootsector->magic[0]=0x55; bootsector->magic[1]=0xaa;
975 
976     return 0;
977 }
978 
979 #ifdef DEBUG
980 static BDRVVVFATState *vvv = NULL;
981 #endif
982 
983 static int enable_write_target(BlockDriverState *bs, Error **errp);
984 static int is_consistent(BDRVVVFATState *s);
985 
986 static QemuOptsList runtime_opts = {
987     .name = "vvfat",
988     .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
989     .desc = {
990         {
991             .name = "dir",
992             .type = QEMU_OPT_STRING,
993             .help = "Host directory to map to the vvfat device",
994         },
995         {
996             .name = "fat-type",
997             .type = QEMU_OPT_NUMBER,
998             .help = "FAT type (12, 16 or 32)",
999         },
1000         {
1001             .name = "floppy",
1002             .type = QEMU_OPT_BOOL,
1003             .help = "Create a floppy rather than a hard disk image",
1004         },
1005         {
1006             .name = "label",
1007             .type = QEMU_OPT_STRING,
1008             .help = "Use a volume label other than QEMU VVFAT",
1009         },
1010         {
1011             .name = "rw",
1012             .type = QEMU_OPT_BOOL,
1013             .help = "Make the image writable",
1014         },
1015         { /* end of list */ }
1016     },
1017 };
1018 
1019 static void vvfat_parse_filename(const char *filename, QDict *options,
1020                                  Error **errp)
1021 {
1022     int fat_type = 0;
1023     bool floppy = false;
1024     bool rw = false;
1025     int i;
1026 
1027     if (!strstart(filename, "fat:", NULL)) {
1028         error_setg(errp, "File name string must start with 'fat:'");
1029         return;
1030     }
1031 
1032     /* Parse options */
1033     if (strstr(filename, ":32:")) {
1034         fat_type = 32;
1035     } else if (strstr(filename, ":16:")) {
1036         fat_type = 16;
1037     } else if (strstr(filename, ":12:")) {
1038         fat_type = 12;
1039     }
1040 
1041     if (strstr(filename, ":floppy:")) {
1042         floppy = true;
1043     }
1044 
1045     if (strstr(filename, ":rw:")) {
1046         rw = true;
1047     }
1048 
1049     /* Get the directory name without options */
1050     i = strrchr(filename, ':') - filename;
1051     assert(i >= 3);
1052     if (filename[i - 2] == ':' && qemu_isalpha(filename[i - 1])) {
1053         /* workaround for DOS drive names */
1054         filename += i - 1;
1055     } else {
1056         filename += i + 1;
1057     }
1058 
1059     /* Fill in the options QDict */
1060     qdict_put_str(options, "dir", filename);
1061     qdict_put_int(options, "fat-type", fat_type);
1062     qdict_put_bool(options, "floppy", floppy);
1063     qdict_put_bool(options, "rw", rw);
1064 }
1065 
1066 static int vvfat_open(BlockDriverState *bs, QDict *options, int flags,
1067                       Error **errp)
1068 {
1069     BDRVVVFATState *s = bs->opaque;
1070     int cyls, heads, secs;
1071     bool floppy;
1072     const char *dirname, *label;
1073     QemuOpts *opts;
1074     Error *local_err = NULL;
1075     int ret;
1076 
1077 #ifdef DEBUG
1078     vvv = s;
1079 #endif
1080 
1081     opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
1082     qemu_opts_absorb_qdict(opts, options, &local_err);
1083     if (local_err) {
1084         error_propagate(errp, local_err);
1085         ret = -EINVAL;
1086         goto fail;
1087     }
1088 
1089     dirname = qemu_opt_get(opts, "dir");
1090     if (!dirname) {
1091         error_setg(errp, "vvfat block driver requires a 'dir' option");
1092         ret = -EINVAL;
1093         goto fail;
1094     }
1095 
1096     s->fat_type = qemu_opt_get_number(opts, "fat-type", 0);
1097     floppy = qemu_opt_get_bool(opts, "floppy", false);
1098 
1099     memset(s->volume_label, ' ', sizeof(s->volume_label));
1100     label = qemu_opt_get(opts, "label");
1101     if (label) {
1102         size_t label_length = strlen(label);
1103         if (label_length > 11) {
1104             error_setg(errp, "vvfat label cannot be longer than 11 bytes");
1105             ret = -EINVAL;
1106             goto fail;
1107         }
1108         memcpy(s->volume_label, label, label_length);
1109     } else {
1110         memcpy(s->volume_label, "QEMU VVFAT", 10);
1111     }
1112 
1113     if (floppy) {
1114         /* 1.44MB or 2.88MB floppy.  2.88MB can be FAT12 (default) or FAT16. */
1115         if (!s->fat_type) {
1116             s->fat_type = 12;
1117             secs = 36;
1118             s->sectors_per_cluster = 2;
1119         } else {
1120             secs = s->fat_type == 12 ? 18 : 36;
1121             s->sectors_per_cluster = 1;
1122         }
1123         s->first_sectors_number = 1;
1124         cyls = 80;
1125         heads = 2;
1126     } else {
1127         /* 32MB or 504MB disk*/
1128         if (!s->fat_type) {
1129             s->fat_type = 16;
1130         }
1131         s->first_sectors_number = 0x40;
1132         cyls = s->fat_type == 12 ? 64 : 1024;
1133         heads = 16;
1134         secs = 63;
1135     }
1136 
1137     switch (s->fat_type) {
1138     case 32:
1139 	    fprintf(stderr, "Big fat greek warning: FAT32 has not been tested. "
1140                 "You are welcome to do so!\n");
1141         break;
1142     case 16:
1143     case 12:
1144         break;
1145     default:
1146         error_setg(errp, "Valid FAT types are only 12, 16 and 32");
1147         ret = -EINVAL;
1148         goto fail;
1149     }
1150 
1151 
1152     s->bs = bs;
1153 
1154     /* LATER TODO: if FAT32, adjust */
1155     s->sectors_per_cluster=0x10;
1156 
1157     s->current_cluster=0xffffffff;
1158 
1159     s->qcow = NULL;
1160     s->qcow_filename = NULL;
1161     s->fat2 = NULL;
1162     s->downcase_short_names = 1;
1163 
1164     fprintf(stderr, "vvfat %s chs %d,%d,%d\n",
1165             dirname, cyls, heads, secs);
1166 
1167     s->sector_count = cyls * heads * secs - (s->first_sectors_number - 1);
1168 
1169     if (qemu_opt_get_bool(opts, "rw", false)) {
1170         if (!bdrv_is_read_only(bs)) {
1171             ret = enable_write_target(bs, errp);
1172             if (ret < 0) {
1173                 goto fail;
1174             }
1175         } else {
1176             ret = -EPERM;
1177             error_setg(errp,
1178                        "Unable to set VVFAT to 'rw' when drive is read-only");
1179             goto fail;
1180         }
1181     } else  {
1182         /* read only is the default for safety */
1183         ret = bdrv_set_read_only(bs, true, &local_err);
1184         if (ret < 0) {
1185             error_propagate(errp, local_err);
1186             goto fail;
1187         }
1188     }
1189 
1190     bs->total_sectors = cyls * heads * secs;
1191 
1192     if (init_directories(s, dirname, heads, secs, errp)) {
1193         ret = -EIO;
1194         goto fail;
1195     }
1196 
1197     s->sector_count = s->faked_sectors + s->sectors_per_cluster*s->cluster_count;
1198 
1199     /* Disable migration when vvfat is used rw */
1200     if (s->qcow) {
1201         error_setg(&s->migration_blocker,
1202                    "The vvfat (rw) format used by node '%s' "
1203                    "does not support live migration",
1204                    bdrv_get_device_or_node_name(bs));
1205         ret = migrate_add_blocker(s->migration_blocker, &local_err);
1206         if (local_err) {
1207             error_propagate(errp, local_err);
1208             error_free(s->migration_blocker);
1209             goto fail;
1210         }
1211     }
1212 
1213     if (s->first_sectors_number == 0x40) {
1214         init_mbr(s, cyls, heads, secs);
1215     }
1216 
1217     qemu_co_mutex_init(&s->lock);
1218 
1219     ret = 0;
1220 fail:
1221     qemu_opts_del(opts);
1222     return ret;
1223 }
1224 
1225 static void vvfat_refresh_limits(BlockDriverState *bs, Error **errp)
1226 {
1227     bs->bl.request_alignment = BDRV_SECTOR_SIZE; /* No sub-sector I/O */
1228 }
1229 
1230 static inline void vvfat_close_current_file(BDRVVVFATState *s)
1231 {
1232     if(s->current_mapping) {
1233 	s->current_mapping = NULL;
1234 	if (s->current_fd) {
1235 		qemu_close(s->current_fd);
1236 		s->current_fd = 0;
1237 	}
1238     }
1239     s->current_cluster = -1;
1240 }
1241 
1242 /* mappings between index1 and index2-1 are supposed to be ordered
1243  * return value is the index of the last mapping for which end>cluster_num
1244  */
1245 static inline int find_mapping_for_cluster_aux(BDRVVVFATState* s,int cluster_num,int index1,int index2)
1246 {
1247     while(1) {
1248         int index3;
1249 	mapping_t* mapping;
1250 	index3=(index1+index2)/2;
1251 	mapping=array_get(&(s->mapping),index3);
1252 	assert(mapping->begin < mapping->end);
1253 	if(mapping->begin>=cluster_num) {
1254 	    assert(index2!=index3 || index2==0);
1255 	    if(index2==index3)
1256 		return index1;
1257 	    index2=index3;
1258 	} else {
1259 	    if(index1==index3)
1260 		return mapping->end<=cluster_num ? index2 : index1;
1261 	    index1=index3;
1262 	}
1263 	assert(index1<=index2);
1264 	DLOG(mapping=array_get(&(s->mapping),index1);
1265 	assert(mapping->begin<=cluster_num);
1266 	assert(index2 >= s->mapping.next ||
1267 		((mapping = array_get(&(s->mapping),index2)) &&
1268 		mapping->end>cluster_num)));
1269     }
1270 }
1271 
1272 static inline mapping_t* find_mapping_for_cluster(BDRVVVFATState* s,int cluster_num)
1273 {
1274     int index=find_mapping_for_cluster_aux(s,cluster_num,0,s->mapping.next);
1275     mapping_t* mapping;
1276     if(index>=s->mapping.next)
1277         return NULL;
1278     mapping=array_get(&(s->mapping),index);
1279     if(mapping->begin>cluster_num)
1280         return NULL;
1281     assert(mapping->begin<=cluster_num && mapping->end>cluster_num);
1282     return mapping;
1283 }
1284 
1285 static int open_file(BDRVVVFATState* s,mapping_t* mapping)
1286 {
1287     if(!mapping)
1288 	return -1;
1289     if(!s->current_mapping ||
1290 	    strcmp(s->current_mapping->path,mapping->path)) {
1291 	/* open file */
1292 	int fd = qemu_open(mapping->path, O_RDONLY | O_BINARY | O_LARGEFILE);
1293 	if(fd<0)
1294 	    return -1;
1295 	vvfat_close_current_file(s);
1296 	s->current_fd = fd;
1297 	s->current_mapping = mapping;
1298     }
1299     return 0;
1300 }
1301 
1302 static inline int read_cluster(BDRVVVFATState *s,int cluster_num)
1303 {
1304     if(s->current_cluster != cluster_num) {
1305 	int result=0;
1306 	off_t offset;
1307 	assert(!s->current_mapping || s->current_fd || (s->current_mapping->mode & MODE_DIRECTORY));
1308 	if(!s->current_mapping
1309 		|| s->current_mapping->begin>cluster_num
1310 		|| s->current_mapping->end<=cluster_num) {
1311 	    /* binary search of mappings for file */
1312 	    mapping_t* mapping=find_mapping_for_cluster(s,cluster_num);
1313 
1314 	    assert(!mapping || (cluster_num>=mapping->begin && cluster_num<mapping->end));
1315 
1316 	    if (mapping && mapping->mode & MODE_DIRECTORY) {
1317 		vvfat_close_current_file(s);
1318 		s->current_mapping = mapping;
1319 read_cluster_directory:
1320 		offset = s->cluster_size*(cluster_num-s->current_mapping->begin);
1321 		s->cluster = (unsigned char*)s->directory.pointer+offset
1322 			+ 0x20*s->current_mapping->info.dir.first_dir_index;
1323 		assert(((s->cluster-(unsigned char*)s->directory.pointer)%s->cluster_size)==0);
1324 		assert((char*)s->cluster+s->cluster_size <= s->directory.pointer+s->directory.next*s->directory.item_size);
1325 		s->current_cluster = cluster_num;
1326 		return 0;
1327 	    }
1328 
1329 	    if(open_file(s,mapping))
1330 		return -2;
1331 	} else if (s->current_mapping->mode & MODE_DIRECTORY)
1332 	    goto read_cluster_directory;
1333 
1334 	assert(s->current_fd);
1335 
1336 	offset=s->cluster_size*(cluster_num-s->current_mapping->begin)+s->current_mapping->info.file.offset;
1337 	if(lseek(s->current_fd, offset, SEEK_SET)!=offset)
1338 	    return -3;
1339 	s->cluster=s->cluster_buffer;
1340 	result=read(s->current_fd,s->cluster,s->cluster_size);
1341 	if(result<0) {
1342 	    s->current_cluster = -1;
1343 	    return -1;
1344 	}
1345 	s->current_cluster = cluster_num;
1346     }
1347     return 0;
1348 }
1349 
1350 #ifdef DEBUG
1351 static void print_direntry(const direntry_t* direntry)
1352 {
1353     int j = 0;
1354     char buffer[1024];
1355 
1356     fprintf(stderr, "direntry %p: ", direntry);
1357     if(!direntry)
1358 	return;
1359     if(is_long_name(direntry)) {
1360 	unsigned char* c=(unsigned char*)direntry;
1361 	int i;
1362 	for(i=1;i<11 && c[i] && c[i]!=0xff;i+=2)
1363 #define ADD_CHAR(c) {buffer[j] = (c); if (buffer[j] < ' ') buffer[j] = 0xb0; j++;}
1364 	    ADD_CHAR(c[i]);
1365 	for(i=14;i<26 && c[i] && c[i]!=0xff;i+=2)
1366 	    ADD_CHAR(c[i]);
1367 	for(i=28;i<32 && c[i] && c[i]!=0xff;i+=2)
1368 	    ADD_CHAR(c[i]);
1369 	buffer[j] = 0;
1370 	fprintf(stderr, "%s\n", buffer);
1371     } else {
1372 	int i;
1373 	for(i=0;i<11;i++)
1374 	    ADD_CHAR(direntry->name[i]);
1375 	buffer[j] = 0;
1376 	fprintf(stderr,"%s attributes=0x%02x begin=%d size=%d\n",
1377 		buffer,
1378 		direntry->attributes,
1379 		begin_of_direntry(direntry),le32_to_cpu(direntry->size));
1380     }
1381 }
1382 
1383 static void print_mapping(const mapping_t* mapping)
1384 {
1385     fprintf(stderr, "mapping (%p): begin, end = %d, %d, dir_index = %d, "
1386         "first_mapping_index = %d, name = %s, mode = 0x%x, " ,
1387         mapping, mapping->begin, mapping->end, mapping->dir_index,
1388         mapping->first_mapping_index, mapping->path, mapping->mode);
1389 
1390     if (mapping->mode & MODE_DIRECTORY)
1391 	fprintf(stderr, "parent_mapping_index = %d, first_dir_index = %d\n", mapping->info.dir.parent_mapping_index, mapping->info.dir.first_dir_index);
1392     else
1393 	fprintf(stderr, "offset = %d\n", mapping->info.file.offset);
1394 }
1395 #endif
1396 
1397 static int vvfat_read(BlockDriverState *bs, int64_t sector_num,
1398                     uint8_t *buf, int nb_sectors)
1399 {
1400     BDRVVVFATState *s = bs->opaque;
1401     int i;
1402 
1403     for(i=0;i<nb_sectors;i++,sector_num++) {
1404 	if (sector_num >= bs->total_sectors)
1405 	   return -1;
1406 	if (s->qcow) {
1407 	    int n;
1408             int ret;
1409             ret = bdrv_is_allocated(s->qcow->bs, sector_num,
1410                                     nb_sectors - i, &n);
1411             if (ret < 0) {
1412                 return ret;
1413             }
1414             if (ret) {
1415                 DLOG(fprintf(stderr, "sectors %d+%d allocated\n",
1416                              (int)sector_num, n));
1417                 if (bdrv_read(s->qcow, sector_num, buf + i * 0x200, n)) {
1418                     return -1;
1419                 }
1420                 i += n - 1;
1421                 sector_num += n - 1;
1422                 continue;
1423             }
1424 DLOG(fprintf(stderr, "sector %d not allocated\n", (int)sector_num));
1425 	}
1426 	if(sector_num<s->faked_sectors) {
1427 	    if(sector_num<s->first_sectors_number)
1428 		memcpy(buf+i*0x200,&(s->first_sectors[sector_num*0x200]),0x200);
1429 	    else if(sector_num-s->first_sectors_number<s->sectors_per_fat)
1430 		memcpy(buf+i*0x200,&(s->fat.pointer[(sector_num-s->first_sectors_number)*0x200]),0x200);
1431 	    else if(sector_num-s->first_sectors_number-s->sectors_per_fat<s->sectors_per_fat)
1432 		memcpy(buf+i*0x200,&(s->fat.pointer[(sector_num-s->first_sectors_number-s->sectors_per_fat)*0x200]),0x200);
1433 	} else {
1434 	    uint32_t sector=sector_num-s->faked_sectors,
1435 	    sector_offset_in_cluster=(sector%s->sectors_per_cluster),
1436 	    cluster_num=sector/s->sectors_per_cluster;
1437 	    if(cluster_num > s->cluster_count || read_cluster(s, cluster_num) != 0) {
1438 		/* LATER TODO: strict: return -1; */
1439 		memset(buf+i*0x200,0,0x200);
1440 		continue;
1441 	    }
1442 	    memcpy(buf+i*0x200,s->cluster+sector_offset_in_cluster*0x200,0x200);
1443 	}
1444     }
1445     return 0;
1446 }
1447 
1448 static int coroutine_fn
1449 vvfat_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
1450                 QEMUIOVector *qiov, int flags)
1451 {
1452     int ret;
1453     BDRVVVFATState *s = bs->opaque;
1454     uint64_t sector_num = offset >> BDRV_SECTOR_BITS;
1455     int nb_sectors = bytes >> BDRV_SECTOR_BITS;
1456     void *buf;
1457 
1458     assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
1459     assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
1460 
1461     buf = g_try_malloc(bytes);
1462     if (bytes && buf == NULL) {
1463         return -ENOMEM;
1464     }
1465 
1466     qemu_co_mutex_lock(&s->lock);
1467     ret = vvfat_read(bs, sector_num, buf, nb_sectors);
1468     qemu_co_mutex_unlock(&s->lock);
1469 
1470     qemu_iovec_from_buf(qiov, 0, buf, bytes);
1471     g_free(buf);
1472 
1473     return ret;
1474 }
1475 
1476 /* LATER TODO: statify all functions */
1477 
1478 /*
1479  * Idea of the write support (use snapshot):
1480  *
1481  * 1. check if all data is consistent, recording renames, modifications,
1482  *    new files and directories (in s->commits).
1483  *
1484  * 2. if the data is not consistent, stop committing
1485  *
1486  * 3. handle renames, and create new files and directories (do not yet
1487  *    write their contents)
1488  *
1489  * 4. walk the directories, fixing the mapping and direntries, and marking
1490  *    the handled mappings as not deleted
1491  *
1492  * 5. commit the contents of the files
1493  *
1494  * 6. handle deleted files and directories
1495  *
1496  */
1497 
1498 typedef struct commit_t {
1499     char* path;
1500     union {
1501 	struct { uint32_t cluster; } rename;
1502 	struct { int dir_index; uint32_t modified_offset; } writeout;
1503 	struct { uint32_t first_cluster; } new_file;
1504 	struct { uint32_t cluster; } mkdir;
1505     } param;
1506     /* DELETEs and RMDIRs are handled differently: see handle_deletes() */
1507     enum {
1508 	ACTION_RENAME, ACTION_WRITEOUT, ACTION_NEW_FILE, ACTION_MKDIR
1509     } action;
1510 } commit_t;
1511 
1512 static void clear_commits(BDRVVVFATState* s)
1513 {
1514     int i;
1515 DLOG(fprintf(stderr, "clear_commits (%d commits)\n", s->commits.next));
1516     for (i = 0; i < s->commits.next; i++) {
1517 	commit_t* commit = array_get(&(s->commits), i);
1518 	assert(commit->path || commit->action == ACTION_WRITEOUT);
1519 	if (commit->action != ACTION_WRITEOUT) {
1520 	    assert(commit->path);
1521             g_free(commit->path);
1522 	} else
1523 	    assert(commit->path == NULL);
1524     }
1525     s->commits.next = 0;
1526 }
1527 
1528 static void schedule_rename(BDRVVVFATState* s,
1529 	uint32_t cluster, char* new_path)
1530 {
1531     commit_t* commit = array_get_next(&(s->commits));
1532     commit->path = new_path;
1533     commit->param.rename.cluster = cluster;
1534     commit->action = ACTION_RENAME;
1535 }
1536 
1537 static void schedule_writeout(BDRVVVFATState* s,
1538 	int dir_index, uint32_t modified_offset)
1539 {
1540     commit_t* commit = array_get_next(&(s->commits));
1541     commit->path = NULL;
1542     commit->param.writeout.dir_index = dir_index;
1543     commit->param.writeout.modified_offset = modified_offset;
1544     commit->action = ACTION_WRITEOUT;
1545 }
1546 
1547 static void schedule_new_file(BDRVVVFATState* s,
1548 	char* path, uint32_t first_cluster)
1549 {
1550     commit_t* commit = array_get_next(&(s->commits));
1551     commit->path = path;
1552     commit->param.new_file.first_cluster = first_cluster;
1553     commit->action = ACTION_NEW_FILE;
1554 }
1555 
1556 static void schedule_mkdir(BDRVVVFATState* s, uint32_t cluster, char* path)
1557 {
1558     commit_t* commit = array_get_next(&(s->commits));
1559     commit->path = path;
1560     commit->param.mkdir.cluster = cluster;
1561     commit->action = ACTION_MKDIR;
1562 }
1563 
1564 typedef struct {
1565     /*
1566      * Since the sequence number is at most 0x3f, and the filename
1567      * length is at most 13 times the sequence number, the maximal
1568      * filename length is 0x3f * 13 bytes.
1569      */
1570     unsigned char name[0x3f * 13 + 1];
1571     int checksum, len;
1572     int sequence_number;
1573 } long_file_name;
1574 
1575 static void lfn_init(long_file_name* lfn)
1576 {
1577    lfn->sequence_number = lfn->len = 0;
1578    lfn->checksum = 0x100;
1579 }
1580 
1581 /* return 0 if parsed successfully, > 0 if no long name, < 0 if error */
1582 static int parse_long_name(long_file_name* lfn,
1583 	const direntry_t* direntry)
1584 {
1585     int i, j, offset;
1586     const unsigned char* pointer = (const unsigned char*)direntry;
1587 
1588     if (!is_long_name(direntry))
1589 	return 1;
1590 
1591     if (pointer[0] & 0x40) {
1592 	lfn->sequence_number = pointer[0] & 0x3f;
1593 	lfn->checksum = pointer[13];
1594 	lfn->name[0] = 0;
1595 	lfn->name[lfn->sequence_number * 13] = 0;
1596     } else if ((pointer[0] & 0x3f) != --lfn->sequence_number)
1597 	return -1;
1598     else if (pointer[13] != lfn->checksum)
1599 	return -2;
1600     else if (pointer[12] || pointer[26] || pointer[27])
1601 	return -3;
1602 
1603     offset = 13 * (lfn->sequence_number - 1);
1604     for (i = 0, j = 1; i < 13; i++, j+=2) {
1605 	if (j == 11)
1606 	    j = 14;
1607 	else if (j == 26)
1608 	    j = 28;
1609 
1610 	if (pointer[j+1] == 0)
1611 	    lfn->name[offset + i] = pointer[j];
1612 	else if (pointer[j+1] != 0xff || (pointer[0] & 0x40) == 0)
1613 	    return -4;
1614 	else
1615 	    lfn->name[offset + i] = 0;
1616     }
1617 
1618     if (pointer[0] & 0x40)
1619 	lfn->len = offset + strlen((char*)lfn->name + offset);
1620 
1621     return 0;
1622 }
1623 
1624 /* returns 0 if successful, >0 if no short_name, and <0 on error */
1625 static int parse_short_name(BDRVVVFATState* s,
1626 	long_file_name* lfn, direntry_t* direntry)
1627 {
1628     int i, j;
1629 
1630     if (!is_short_name(direntry))
1631 	return 1;
1632 
1633     for (j = 7; j >= 0 && direntry->name[j] == ' '; j--);
1634     for (i = 0; i <= j; i++) {
1635 	if (direntry->name[i] <= ' ' || direntry->name[i] > 0x7f)
1636 	    return -1;
1637 	else if (s->downcase_short_names)
1638 	    lfn->name[i] = qemu_tolower(direntry->name[i]);
1639 	else
1640 	    lfn->name[i] = direntry->name[i];
1641     }
1642 
1643     for (j = 2; j >= 0 && direntry->name[8 + j] == ' '; j--) {
1644     }
1645     if (j >= 0) {
1646 	lfn->name[i++] = '.';
1647 	lfn->name[i + j + 1] = '\0';
1648 	for (;j >= 0; j--) {
1649             uint8_t c = direntry->name[8 + j];
1650             if (c <= ' ' || c > 0x7f) {
1651                 return -2;
1652             } else if (s->downcase_short_names) {
1653                 lfn->name[i + j] = qemu_tolower(c);
1654             } else {
1655                 lfn->name[i + j] = c;
1656             }
1657 	}
1658     } else
1659 	lfn->name[i + j + 1] = '\0';
1660 
1661     lfn->len = strlen((char*)lfn->name);
1662 
1663     return 0;
1664 }
1665 
1666 static inline uint32_t modified_fat_get(BDRVVVFATState* s,
1667 	unsigned int cluster)
1668 {
1669     if (cluster < s->last_cluster_of_root_directory) {
1670 	if (cluster + 1 == s->last_cluster_of_root_directory)
1671 	    return s->max_fat_value;
1672 	else
1673 	    return cluster + 1;
1674     }
1675 
1676     if (s->fat_type==32) {
1677         uint32_t* entry=((uint32_t*)s->fat2)+cluster;
1678         return le32_to_cpu(*entry);
1679     } else if (s->fat_type==16) {
1680         uint16_t* entry=((uint16_t*)s->fat2)+cluster;
1681         return le16_to_cpu(*entry);
1682     } else {
1683         const uint8_t* x=s->fat2+cluster*3/2;
1684         return ((x[0]|(x[1]<<8))>>(cluster&1?4:0))&0x0fff;
1685     }
1686 }
1687 
1688 static inline bool cluster_was_modified(BDRVVVFATState *s,
1689                                         uint32_t cluster_num)
1690 {
1691     int was_modified = 0;
1692     int i, dummy;
1693 
1694     if (s->qcow == NULL) {
1695         return 0;
1696     }
1697 
1698     for (i = 0; !was_modified && i < s->sectors_per_cluster; i++) {
1699         was_modified = bdrv_is_allocated(s->qcow->bs,
1700                                          cluster2sector(s, cluster_num) + i,
1701                                          1, &dummy);
1702     }
1703 
1704     /*
1705      * Note that this treats failures to learn allocation status the
1706      * same as if an allocation has occurred.  It's as safe as
1707      * anything else, given that a failure to learn allocation status
1708      * will probably result in more failures.
1709      */
1710     return !!was_modified;
1711 }
1712 
1713 static const char* get_basename(const char* path)
1714 {
1715     char* basename = strrchr(path, '/');
1716     if (basename == NULL)
1717 	return path;
1718     else
1719 	return basename + 1; /* strip '/' */
1720 }
1721 
1722 /*
1723  * The array s->used_clusters holds the states of the clusters. If it is
1724  * part of a file, it has bit 2 set, in case of a directory, bit 1. If it
1725  * was modified, bit 3 is set.
1726  * If any cluster is allocated, but not part of a file or directory, this
1727  * driver refuses to commit.
1728  */
1729 typedef enum {
1730      USED_DIRECTORY = 1, USED_FILE = 2, USED_ANY = 3, USED_ALLOCATED = 4
1731 } used_t;
1732 
1733 /*
1734  * get_cluster_count_for_direntry() not only determines how many clusters
1735  * are occupied by direntry, but also if it was renamed or modified.
1736  *
1737  * A file is thought to be renamed *only* if there already was a file with
1738  * exactly the same first cluster, but a different name.
1739  *
1740  * Further, the files/directories handled by this function are
1741  * assumed to be *not* deleted (and *only* those).
1742  */
1743 static uint32_t get_cluster_count_for_direntry(BDRVVVFATState* s,
1744 	direntry_t* direntry, const char* path)
1745 {
1746     /*
1747      * This is a little bit tricky:
1748      * IF the guest OS just inserts a cluster into the file chain,
1749      * and leaves the rest alone, (i.e. the original file had clusters
1750      * 15 -> 16, but now has 15 -> 32 -> 16), then the following happens:
1751      *
1752      * - do_commit will write the cluster into the file at the given
1753      *   offset, but
1754      *
1755      * - the cluster which is overwritten should be moved to a later
1756      *   position in the file.
1757      *
1758      * I am not aware that any OS does something as braindead, but this
1759      * situation could happen anyway when not committing for a long time.
1760      * Just to be sure that this does not bite us, detect it, and copy the
1761      * contents of the clusters to-be-overwritten into the qcow.
1762      */
1763     int copy_it = 0;
1764     int was_modified = 0;
1765     int32_t ret = 0;
1766 
1767     uint32_t cluster_num = begin_of_direntry(direntry);
1768     uint32_t offset = 0;
1769     int first_mapping_index = -1;
1770     mapping_t* mapping = NULL;
1771     const char* basename2 = NULL;
1772 
1773     vvfat_close_current_file(s);
1774 
1775     /* the root directory */
1776     if (cluster_num == 0)
1777 	return 0;
1778 
1779     /* write support */
1780     if (s->qcow) {
1781 	basename2 = get_basename(path);
1782 
1783 	mapping = find_mapping_for_cluster(s, cluster_num);
1784 
1785 	if (mapping) {
1786 	    const char* basename;
1787 
1788 	    assert(mapping->mode & MODE_DELETED);
1789 	    mapping->mode &= ~MODE_DELETED;
1790 
1791 	    basename = get_basename(mapping->path);
1792 
1793 	    assert(mapping->mode & MODE_NORMAL);
1794 
1795 	    /* rename */
1796 	    if (strcmp(basename, basename2))
1797 		schedule_rename(s, cluster_num, g_strdup(path));
1798 	} else if (is_file(direntry))
1799 	    /* new file */
1800 	    schedule_new_file(s, g_strdup(path), cluster_num);
1801 	else {
1802             abort();
1803 	    return 0;
1804 	}
1805     }
1806 
1807     while(1) {
1808 	if (s->qcow) {
1809 	    if (!copy_it && cluster_was_modified(s, cluster_num)) {
1810 		if (mapping == NULL ||
1811 			mapping->begin > cluster_num ||
1812 			mapping->end <= cluster_num)
1813 		mapping = find_mapping_for_cluster(s, cluster_num);
1814 
1815 
1816 		if (mapping &&
1817 			(mapping->mode & MODE_DIRECTORY) == 0) {
1818 
1819 		    /* was modified in qcow */
1820 		    if (offset != mapping->info.file.offset + s->cluster_size
1821 			    * (cluster_num - mapping->begin)) {
1822 			/* offset of this cluster in file chain has changed */
1823                         abort();
1824 			copy_it = 1;
1825 		    } else if (offset == 0) {
1826 			const char* basename = get_basename(mapping->path);
1827 
1828 			if (strcmp(basename, basename2))
1829 			    copy_it = 1;
1830 			first_mapping_index = array_index(&(s->mapping), mapping);
1831 		    }
1832 
1833 		    if (mapping->first_mapping_index != first_mapping_index
1834 			    && mapping->info.file.offset > 0) {
1835                         abort();
1836 			copy_it = 1;
1837 		    }
1838 
1839 		    /* need to write out? */
1840 		    if (!was_modified && is_file(direntry)) {
1841 			was_modified = 1;
1842 			schedule_writeout(s, mapping->dir_index, offset);
1843 		    }
1844 		}
1845 	    }
1846 
1847 	    if (copy_it) {
1848 		int i, dummy;
1849 		/*
1850 		 * This is horribly inefficient, but that is okay, since
1851 		 * it is rarely executed, if at all.
1852 		 */
1853 		int64_t offset = cluster2sector(s, cluster_num);
1854 
1855 		vvfat_close_current_file(s);
1856                 for (i = 0; i < s->sectors_per_cluster; i++) {
1857                     int res;
1858 
1859                     res = bdrv_is_allocated(s->qcow->bs, offset + i, 1, &dummy);
1860                     if (res < 0) {
1861                         return -1;
1862                     }
1863                     if (!res) {
1864                         res = vvfat_read(s->bs, offset, s->cluster_buffer, 1);
1865                         if (res) {
1866                             return -1;
1867                         }
1868                         res = bdrv_write(s->qcow, offset, s->cluster_buffer, 1);
1869                         if (res) {
1870                             return -2;
1871                         }
1872                     }
1873                 }
1874 	    }
1875 	}
1876 
1877 	ret++;
1878 	if (s->used_clusters[cluster_num] & USED_ANY)
1879 	    return 0;
1880 	s->used_clusters[cluster_num] = USED_FILE;
1881 
1882 	cluster_num = modified_fat_get(s, cluster_num);
1883 
1884 	if (fat_eof(s, cluster_num))
1885 	    return ret;
1886 	else if (cluster_num < 2 || cluster_num > s->max_fat_value - 16)
1887 	    return -1;
1888 
1889 	offset += s->cluster_size;
1890     }
1891 }
1892 
1893 /*
1894  * This function looks at the modified data (qcow).
1895  * It returns 0 upon inconsistency or error, and the number of clusters
1896  * used by the directory, its subdirectories and their files.
1897  */
1898 static int check_directory_consistency(BDRVVVFATState *s,
1899 	int cluster_num, const char* path)
1900 {
1901     int ret = 0;
1902     unsigned char* cluster = g_malloc(s->cluster_size);
1903     direntry_t* direntries = (direntry_t*)cluster;
1904     mapping_t* mapping = find_mapping_for_cluster(s, cluster_num);
1905 
1906     long_file_name lfn;
1907     int path_len = strlen(path);
1908     char path2[PATH_MAX + 1];
1909 
1910     assert(path_len < PATH_MAX); /* len was tested before! */
1911     pstrcpy(path2, sizeof(path2), path);
1912     path2[path_len] = '/';
1913     path2[path_len + 1] = '\0';
1914 
1915     if (mapping) {
1916 	const char* basename = get_basename(mapping->path);
1917 	const char* basename2 = get_basename(path);
1918 
1919 	assert(mapping->mode & MODE_DIRECTORY);
1920 
1921 	assert(mapping->mode & MODE_DELETED);
1922 	mapping->mode &= ~MODE_DELETED;
1923 
1924 	if (strcmp(basename, basename2))
1925 	    schedule_rename(s, cluster_num, g_strdup(path));
1926     } else
1927 	/* new directory */
1928 	schedule_mkdir(s, cluster_num, g_strdup(path));
1929 
1930     lfn_init(&lfn);
1931     do {
1932 	int i;
1933 	int subret = 0;
1934 
1935 	ret++;
1936 
1937 	if (s->used_clusters[cluster_num] & USED_ANY) {
1938 	    fprintf(stderr, "cluster %d used more than once\n", (int)cluster_num);
1939             goto fail;
1940 	}
1941 	s->used_clusters[cluster_num] = USED_DIRECTORY;
1942 
1943 DLOG(fprintf(stderr, "read cluster %d (sector %d)\n", (int)cluster_num, (int)cluster2sector(s, cluster_num)));
1944 	subret = vvfat_read(s->bs, cluster2sector(s, cluster_num), cluster,
1945 		s->sectors_per_cluster);
1946 	if (subret) {
1947 	    fprintf(stderr, "Error fetching direntries\n");
1948 	fail:
1949             g_free(cluster);
1950 	    return 0;
1951 	}
1952 
1953 	for (i = 0; i < 0x10 * s->sectors_per_cluster; i++) {
1954 	    int cluster_count = 0;
1955 
1956 DLOG(fprintf(stderr, "check direntry %d:\n", i); print_direntry(direntries + i));
1957 	    if (is_volume_label(direntries + i) || is_dot(direntries + i) ||
1958 		    is_free(direntries + i))
1959 		continue;
1960 
1961 	    subret = parse_long_name(&lfn, direntries + i);
1962 	    if (subret < 0) {
1963 		fprintf(stderr, "Error in long name\n");
1964 		goto fail;
1965 	    }
1966 	    if (subret == 0 || is_free(direntries + i))
1967 		continue;
1968 
1969 	    if (fat_chksum(direntries+i) != lfn.checksum) {
1970 		subret = parse_short_name(s, &lfn, direntries + i);
1971 		if (subret < 0) {
1972 		    fprintf(stderr, "Error in short name (%d)\n", subret);
1973 		    goto fail;
1974 		}
1975 		if (subret > 0 || !strcmp((char*)lfn.name, ".")
1976 			|| !strcmp((char*)lfn.name, ".."))
1977 		    continue;
1978 	    }
1979 	    lfn.checksum = 0x100; /* cannot use long name twice */
1980 
1981 	    if (path_len + 1 + lfn.len >= PATH_MAX) {
1982 		fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);
1983 		goto fail;
1984 	    }
1985             pstrcpy(path2 + path_len + 1, sizeof(path2) - path_len - 1,
1986                     (char*)lfn.name);
1987 
1988 	    if (is_directory(direntries + i)) {
1989 		if (begin_of_direntry(direntries + i) == 0) {
1990 		    DLOG(fprintf(stderr, "invalid begin for directory: %s\n", path2); print_direntry(direntries + i));
1991 		    goto fail;
1992 		}
1993 		cluster_count = check_directory_consistency(s,
1994 			begin_of_direntry(direntries + i), path2);
1995 		if (cluster_count == 0) {
1996 		    DLOG(fprintf(stderr, "problem in directory %s:\n", path2); print_direntry(direntries + i));
1997 		    goto fail;
1998 		}
1999 	    } else if (is_file(direntries + i)) {
2000 		/* check file size with FAT */
2001 		cluster_count = get_cluster_count_for_direntry(s, direntries + i, path2);
2002 		if (cluster_count !=
2003             DIV_ROUND_UP(le32_to_cpu(direntries[i].size), s->cluster_size)) {
2004 		    DLOG(fprintf(stderr, "Cluster count mismatch\n"));
2005 		    goto fail;
2006 		}
2007 	    } else
2008                 abort(); /* cluster_count = 0; */
2009 
2010 	    ret += cluster_count;
2011 	}
2012 
2013 	cluster_num = modified_fat_get(s, cluster_num);
2014     } while(!fat_eof(s, cluster_num));
2015 
2016     g_free(cluster);
2017     return ret;
2018 }
2019 
2020 /* returns 1 on success */
2021 static int is_consistent(BDRVVVFATState* s)
2022 {
2023     int i, check;
2024     int used_clusters_count = 0;
2025 
2026 DLOG(checkpoint());
2027     /*
2028      * - get modified FAT
2029      * - compare the two FATs (TODO)
2030      * - get buffer for marking used clusters
2031      * - recurse direntries from root (using bs->bdrv_read to make
2032      *    sure to get the new data)
2033      *   - check that the FAT agrees with the size
2034      *   - count the number of clusters occupied by this directory and
2035      *     its files
2036      * - check that the cumulative used cluster count agrees with the
2037      *   FAT
2038      * - if all is fine, return number of used clusters
2039      */
2040     if (s->fat2 == NULL) {
2041 	int size = 0x200 * s->sectors_per_fat;
2042 	s->fat2 = g_malloc(size);
2043 	memcpy(s->fat2, s->fat.pointer, size);
2044     }
2045     check = vvfat_read(s->bs,
2046 	    s->first_sectors_number, s->fat2, s->sectors_per_fat);
2047     if (check) {
2048 	fprintf(stderr, "Could not copy fat\n");
2049 	return 0;
2050     }
2051     assert (s->used_clusters);
2052     for (i = 0; i < sector2cluster(s, s->sector_count); i++)
2053 	s->used_clusters[i] &= ~USED_ANY;
2054 
2055     clear_commits(s);
2056 
2057     /* mark every mapped file/directory as deleted.
2058      * (check_directory_consistency() will unmark those still present). */
2059     if (s->qcow)
2060 	for (i = 0; i < s->mapping.next; i++) {
2061 	    mapping_t* mapping = array_get(&(s->mapping), i);
2062 	    if (mapping->first_mapping_index < 0)
2063 		mapping->mode |= MODE_DELETED;
2064 	}
2065 
2066     used_clusters_count = check_directory_consistency(s, 0, s->path);
2067     if (used_clusters_count <= 0) {
2068 	DLOG(fprintf(stderr, "problem in directory\n"));
2069 	return 0;
2070     }
2071 
2072     check = s->last_cluster_of_root_directory;
2073     for (i = check; i < sector2cluster(s, s->sector_count); i++) {
2074 	if (modified_fat_get(s, i)) {
2075 	    if(!s->used_clusters[i]) {
2076 		DLOG(fprintf(stderr, "FAT was modified (%d), but cluster is not used?\n", i));
2077 		return 0;
2078 	    }
2079 	    check++;
2080 	}
2081 
2082 	if (s->used_clusters[i] == USED_ALLOCATED) {
2083 	    /* allocated, but not used... */
2084 	    DLOG(fprintf(stderr, "unused, modified cluster: %d\n", i));
2085 	    return 0;
2086 	}
2087     }
2088 
2089     if (check != used_clusters_count)
2090 	return 0;
2091 
2092     return used_clusters_count;
2093 }
2094 
2095 static inline void adjust_mapping_indices(BDRVVVFATState* s,
2096 	int offset, int adjust)
2097 {
2098     int i;
2099 
2100     for (i = 0; i < s->mapping.next; i++) {
2101 	mapping_t* mapping = array_get(&(s->mapping), i);
2102 
2103 #define ADJUST_MAPPING_INDEX(name) \
2104 	if (mapping->name >= offset) \
2105 	    mapping->name += adjust
2106 
2107 	ADJUST_MAPPING_INDEX(first_mapping_index);
2108 	if (mapping->mode & MODE_DIRECTORY)
2109 	    ADJUST_MAPPING_INDEX(info.dir.parent_mapping_index);
2110     }
2111 }
2112 
2113 /* insert or update mapping */
2114 static mapping_t* insert_mapping(BDRVVVFATState* s,
2115 	uint32_t begin, uint32_t end)
2116 {
2117     /*
2118      * - find mapping where mapping->begin >= begin,
2119      * - if mapping->begin > begin: insert
2120      *   - adjust all references to mappings!
2121      * - else: adjust
2122      * - replace name
2123      */
2124     int index = find_mapping_for_cluster_aux(s, begin, 0, s->mapping.next);
2125     mapping_t* mapping = NULL;
2126     mapping_t* first_mapping = array_get(&(s->mapping), 0);
2127 
2128     if (index < s->mapping.next && (mapping = array_get(&(s->mapping), index))
2129 	    && mapping->begin < begin) {
2130 	mapping->end = begin;
2131 	index++;
2132 	mapping = array_get(&(s->mapping), index);
2133     }
2134     if (index >= s->mapping.next || mapping->begin > begin) {
2135 	mapping = array_insert(&(s->mapping), index, 1);
2136 	mapping->path = NULL;
2137 	adjust_mapping_indices(s, index, +1);
2138     }
2139 
2140     mapping->begin = begin;
2141     mapping->end = end;
2142 
2143 DLOG(mapping_t* next_mapping;
2144 assert(index + 1 >= s->mapping.next ||
2145 ((next_mapping = array_get(&(s->mapping), index + 1)) &&
2146  next_mapping->begin >= end)));
2147 
2148     if (s->current_mapping && first_mapping != (mapping_t*)s->mapping.pointer)
2149 	s->current_mapping = array_get(&(s->mapping),
2150 		s->current_mapping - first_mapping);
2151 
2152     return mapping;
2153 }
2154 
2155 static int remove_mapping(BDRVVVFATState* s, int mapping_index)
2156 {
2157     mapping_t* mapping = array_get(&(s->mapping), mapping_index);
2158     mapping_t* first_mapping = array_get(&(s->mapping), 0);
2159 
2160     /* free mapping */
2161     if (mapping->first_mapping_index < 0) {
2162         g_free(mapping->path);
2163     }
2164 
2165     /* remove from s->mapping */
2166     array_remove(&(s->mapping), mapping_index);
2167 
2168     /* adjust all references to mappings */
2169     adjust_mapping_indices(s, mapping_index, -1);
2170 
2171     if (s->current_mapping && first_mapping != (mapping_t*)s->mapping.pointer)
2172 	s->current_mapping = array_get(&(s->mapping),
2173 		s->current_mapping - first_mapping);
2174 
2175     return 0;
2176 }
2177 
2178 static void adjust_dirindices(BDRVVVFATState* s, int offset, int adjust)
2179 {
2180     int i;
2181     for (i = 0; i < s->mapping.next; i++) {
2182 	mapping_t* mapping = array_get(&(s->mapping), i);
2183 	if (mapping->dir_index >= offset)
2184 	    mapping->dir_index += adjust;
2185 	if ((mapping->mode & MODE_DIRECTORY) &&
2186 		mapping->info.dir.first_dir_index >= offset)
2187 	    mapping->info.dir.first_dir_index += adjust;
2188     }
2189 }
2190 
2191 static direntry_t* insert_direntries(BDRVVVFATState* s,
2192 	int dir_index, int count)
2193 {
2194     /*
2195      * make room in s->directory,
2196      * adjust_dirindices
2197      */
2198     direntry_t* result = array_insert(&(s->directory), dir_index, count);
2199     if (result == NULL)
2200 	return NULL;
2201     adjust_dirindices(s, dir_index, count);
2202     return result;
2203 }
2204 
2205 static int remove_direntries(BDRVVVFATState* s, int dir_index, int count)
2206 {
2207     int ret = array_remove_slice(&(s->directory), dir_index, count);
2208     if (ret)
2209 	return ret;
2210     adjust_dirindices(s, dir_index, -count);
2211     return 0;
2212 }
2213 
2214 /*
2215  * Adapt the mappings of the cluster chain starting at first cluster
2216  * (i.e. if a file starts at first_cluster, the chain is followed according
2217  * to the modified fat, and the corresponding entries in s->mapping are
2218  * adjusted)
2219  */
2220 static int commit_mappings(BDRVVVFATState* s,
2221 	uint32_t first_cluster, int dir_index)
2222 {
2223     mapping_t* mapping = find_mapping_for_cluster(s, first_cluster);
2224     direntry_t* direntry = array_get(&(s->directory), dir_index);
2225     uint32_t cluster = first_cluster;
2226 
2227     vvfat_close_current_file(s);
2228 
2229     assert(mapping);
2230     assert(mapping->begin == first_cluster);
2231     mapping->first_mapping_index = -1;
2232     mapping->dir_index = dir_index;
2233     mapping->mode = (dir_index <= 0 || is_directory(direntry)) ?
2234 	MODE_DIRECTORY : MODE_NORMAL;
2235 
2236     while (!fat_eof(s, cluster)) {
2237 	uint32_t c, c1;
2238 
2239 	for (c = cluster, c1 = modified_fat_get(s, c); c + 1 == c1;
2240 		c = c1, c1 = modified_fat_get(s, c1));
2241 
2242 	c++;
2243 	if (c > mapping->end) {
2244 	    int index = array_index(&(s->mapping), mapping);
2245 	    int i, max_i = s->mapping.next - index;
2246 	    for (i = 1; i < max_i && mapping[i].begin < c; i++);
2247 	    while (--i > 0)
2248 		remove_mapping(s, index + 1);
2249 	}
2250 	assert(mapping == array_get(&(s->mapping), s->mapping.next - 1)
2251 		|| mapping[1].begin >= c);
2252 	mapping->end = c;
2253 
2254 	if (!fat_eof(s, c1)) {
2255 	    int i = find_mapping_for_cluster_aux(s, c1, 0, s->mapping.next);
2256 	    mapping_t* next_mapping = i >= s->mapping.next ? NULL :
2257 		array_get(&(s->mapping), i);
2258 
2259 	    if (next_mapping == NULL || next_mapping->begin > c1) {
2260 		int i1 = array_index(&(s->mapping), mapping);
2261 
2262 		next_mapping = insert_mapping(s, c1, c1+1);
2263 
2264 		if (c1 < c)
2265 		    i1++;
2266 		mapping = array_get(&(s->mapping), i1);
2267 	    }
2268 
2269 	    next_mapping->dir_index = mapping->dir_index;
2270 	    next_mapping->first_mapping_index =
2271 		mapping->first_mapping_index < 0 ?
2272 		array_index(&(s->mapping), mapping) :
2273 		mapping->first_mapping_index;
2274 	    next_mapping->path = mapping->path;
2275 	    next_mapping->mode = mapping->mode;
2276 	    next_mapping->read_only = mapping->read_only;
2277 	    if (mapping->mode & MODE_DIRECTORY) {
2278 		next_mapping->info.dir.parent_mapping_index =
2279 			mapping->info.dir.parent_mapping_index;
2280 		next_mapping->info.dir.first_dir_index =
2281 			mapping->info.dir.first_dir_index +
2282 			0x10 * s->sectors_per_cluster *
2283 			(mapping->end - mapping->begin);
2284 	    } else
2285 		next_mapping->info.file.offset = mapping->info.file.offset +
2286 			mapping->end - mapping->begin;
2287 
2288 	    mapping = next_mapping;
2289 	}
2290 
2291 	cluster = c1;
2292     }
2293 
2294     return 0;
2295 }
2296 
2297 static int commit_direntries(BDRVVVFATState* s,
2298 	int dir_index, int parent_mapping_index)
2299 {
2300     direntry_t* direntry = array_get(&(s->directory), dir_index);
2301     uint32_t first_cluster = dir_index == 0 ? 0 : begin_of_direntry(direntry);
2302     mapping_t* mapping = find_mapping_for_cluster(s, first_cluster);
2303 
2304     int factor = 0x10 * s->sectors_per_cluster;
2305     int old_cluster_count, new_cluster_count;
2306     int current_dir_index = mapping->info.dir.first_dir_index;
2307     int first_dir_index = current_dir_index;
2308     int ret, i;
2309     uint32_t c;
2310 
2311 DLOG(fprintf(stderr, "commit_direntries for %s, parent_mapping_index %d\n", mapping->path, parent_mapping_index));
2312 
2313     assert(direntry);
2314     assert(mapping);
2315     assert(mapping->begin == first_cluster);
2316     assert(mapping->info.dir.first_dir_index < s->directory.next);
2317     assert(mapping->mode & MODE_DIRECTORY);
2318     assert(dir_index == 0 || is_directory(direntry));
2319 
2320     mapping->info.dir.parent_mapping_index = parent_mapping_index;
2321 
2322     if (first_cluster == 0) {
2323 	old_cluster_count = new_cluster_count =
2324 	    s->last_cluster_of_root_directory;
2325     } else {
2326 	for (old_cluster_count = 0, c = first_cluster; !fat_eof(s, c);
2327 		c = fat_get(s, c))
2328 	    old_cluster_count++;
2329 
2330 	for (new_cluster_count = 0, c = first_cluster; !fat_eof(s, c);
2331 		c = modified_fat_get(s, c))
2332 	    new_cluster_count++;
2333     }
2334 
2335     if (new_cluster_count > old_cluster_count) {
2336 	if (insert_direntries(s,
2337 		current_dir_index + factor * old_cluster_count,
2338 		factor * (new_cluster_count - old_cluster_count)) == NULL)
2339 	    return -1;
2340     } else if (new_cluster_count < old_cluster_count)
2341 	remove_direntries(s,
2342 		current_dir_index + factor * new_cluster_count,
2343 		factor * (old_cluster_count - new_cluster_count));
2344 
2345     for (c = first_cluster; !fat_eof(s, c); c = modified_fat_get(s, c)) {
2346         direntry_t *first_direntry;
2347 	void* direntry = array_get(&(s->directory), current_dir_index);
2348 	int ret = vvfat_read(s->bs, cluster2sector(s, c), direntry,
2349 		s->sectors_per_cluster);
2350 	if (ret)
2351 	    return ret;
2352 
2353         /* The first directory entry on the filesystem is the volume name */
2354         first_direntry = (direntry_t*) s->directory.pointer;
2355         assert(!memcmp(first_direntry->name, s->volume_label, 11));
2356 
2357 	current_dir_index += factor;
2358     }
2359 
2360     ret = commit_mappings(s, first_cluster, dir_index);
2361     if (ret)
2362 	return ret;
2363 
2364     /* recurse */
2365     for (i = 0; i < factor * new_cluster_count; i++) {
2366 	direntry = array_get(&(s->directory), first_dir_index + i);
2367 	if (is_directory(direntry) && !is_dot(direntry)) {
2368 	    mapping = find_mapping_for_cluster(s, first_cluster);
2369 	    assert(mapping->mode & MODE_DIRECTORY);
2370 	    ret = commit_direntries(s, first_dir_index + i,
2371 		array_index(&(s->mapping), mapping));
2372 	    if (ret)
2373 		return ret;
2374 	}
2375     }
2376 
2377     return 0;
2378 }
2379 
2380 /* commit one file (adjust contents, adjust mapping),
2381    return first_mapping_index */
2382 static int commit_one_file(BDRVVVFATState* s,
2383 	int dir_index, uint32_t offset)
2384 {
2385     direntry_t* direntry = array_get(&(s->directory), dir_index);
2386     uint32_t c = begin_of_direntry(direntry);
2387     uint32_t first_cluster = c;
2388     mapping_t* mapping = find_mapping_for_cluster(s, c);
2389     uint32_t size = filesize_of_direntry(direntry);
2390     char* cluster = g_malloc(s->cluster_size);
2391     uint32_t i;
2392     int fd = 0;
2393 
2394     assert(offset < size);
2395     assert((offset % s->cluster_size) == 0);
2396 
2397     for (i = s->cluster_size; i < offset; i += s->cluster_size)
2398 	c = modified_fat_get(s, c);
2399 
2400     fd = qemu_open(mapping->path, O_RDWR | O_CREAT | O_BINARY, 0666);
2401     if (fd < 0) {
2402 	fprintf(stderr, "Could not open %s... (%s, %d)\n", mapping->path,
2403 		strerror(errno), errno);
2404         g_free(cluster);
2405 	return fd;
2406     }
2407     if (offset > 0) {
2408         if (lseek(fd, offset, SEEK_SET) != offset) {
2409             qemu_close(fd);
2410             g_free(cluster);
2411             return -3;
2412         }
2413     }
2414 
2415     while (offset < size) {
2416 	uint32_t c1;
2417 	int rest_size = (size - offset > s->cluster_size ?
2418 		s->cluster_size : size - offset);
2419 	int ret;
2420 
2421 	c1 = modified_fat_get(s, c);
2422 
2423 	assert((size - offset == 0 && fat_eof(s, c)) ||
2424 		(size > offset && c >=2 && !fat_eof(s, c)));
2425 
2426 	ret = vvfat_read(s->bs, cluster2sector(s, c),
2427 	    (uint8_t*)cluster, (rest_size + 0x1ff) / 0x200);
2428 
2429         if (ret < 0) {
2430             qemu_close(fd);
2431             g_free(cluster);
2432             return ret;
2433         }
2434 
2435         if (write(fd, cluster, rest_size) < 0) {
2436             qemu_close(fd);
2437             g_free(cluster);
2438             return -2;
2439         }
2440 
2441 	offset += rest_size;
2442 	c = c1;
2443     }
2444 
2445     if (ftruncate(fd, size)) {
2446         perror("ftruncate()");
2447         qemu_close(fd);
2448         g_free(cluster);
2449         return -4;
2450     }
2451     qemu_close(fd);
2452     g_free(cluster);
2453 
2454     return commit_mappings(s, first_cluster, dir_index);
2455 }
2456 
2457 #ifdef DEBUG
2458 /* test, if all mappings point to valid direntries */
2459 static void check1(BDRVVVFATState* s)
2460 {
2461     int i;
2462     for (i = 0; i < s->mapping.next; i++) {
2463 	mapping_t* mapping = array_get(&(s->mapping), i);
2464 	if (mapping->mode & MODE_DELETED) {
2465 	    fprintf(stderr, "deleted\n");
2466 	    continue;
2467 	}
2468 	assert(mapping->dir_index < s->directory.next);
2469 	direntry_t* direntry = array_get(&(s->directory), mapping->dir_index);
2470 	assert(mapping->begin == begin_of_direntry(direntry) || mapping->first_mapping_index >= 0);
2471 	if (mapping->mode & MODE_DIRECTORY) {
2472 	    assert(mapping->info.dir.first_dir_index + 0x10 * s->sectors_per_cluster * (mapping->end - mapping->begin) <= s->directory.next);
2473 	    assert((mapping->info.dir.first_dir_index % (0x10 * s->sectors_per_cluster)) == 0);
2474 	}
2475     }
2476 }
2477 
2478 /* test, if all direntries have mappings */
2479 static void check2(BDRVVVFATState* s)
2480 {
2481     int i;
2482     int first_mapping = -1;
2483 
2484     for (i = 0; i < s->directory.next; i++) {
2485 	direntry_t* direntry = array_get(&(s->directory), i);
2486 
2487 	if (is_short_name(direntry) && begin_of_direntry(direntry)) {
2488 	    mapping_t* mapping = find_mapping_for_cluster(s, begin_of_direntry(direntry));
2489 	    assert(mapping);
2490 	    assert(mapping->dir_index == i || is_dot(direntry));
2491 	    assert(mapping->begin == begin_of_direntry(direntry) || is_dot(direntry));
2492 	}
2493 
2494 	if ((i % (0x10 * s->sectors_per_cluster)) == 0) {
2495 	    /* cluster start */
2496 	    int j, count = 0;
2497 
2498 	    for (j = 0; j < s->mapping.next; j++) {
2499 		mapping_t* mapping = array_get(&(s->mapping), j);
2500 		if (mapping->mode & MODE_DELETED)
2501 		    continue;
2502 		if (mapping->mode & MODE_DIRECTORY) {
2503 		    if (mapping->info.dir.first_dir_index <= i && mapping->info.dir.first_dir_index + 0x10 * s->sectors_per_cluster > i) {
2504 			assert(++count == 1);
2505 			if (mapping->first_mapping_index == -1)
2506 			    first_mapping = array_index(&(s->mapping), mapping);
2507 			else
2508 			    assert(first_mapping == mapping->first_mapping_index);
2509 			if (mapping->info.dir.parent_mapping_index < 0)
2510 			    assert(j == 0);
2511 			else {
2512 			    mapping_t* parent = array_get(&(s->mapping), mapping->info.dir.parent_mapping_index);
2513 			    assert(parent->mode & MODE_DIRECTORY);
2514 			    assert(parent->info.dir.first_dir_index < mapping->info.dir.first_dir_index);
2515 			}
2516 		    }
2517 		}
2518 	    }
2519 	    if (count == 0)
2520 		first_mapping = -1;
2521 	}
2522     }
2523 }
2524 #endif
2525 
2526 static int handle_renames_and_mkdirs(BDRVVVFATState* s)
2527 {
2528     int i;
2529 
2530 #ifdef DEBUG
2531     fprintf(stderr, "handle_renames\n");
2532     for (i = 0; i < s->commits.next; i++) {
2533 	commit_t* commit = array_get(&(s->commits), i);
2534 	fprintf(stderr, "%d, %s (%d, %d)\n", i, commit->path ? commit->path : "(null)", commit->param.rename.cluster, commit->action);
2535     }
2536 #endif
2537 
2538     for (i = 0; i < s->commits.next;) {
2539 	commit_t* commit = array_get(&(s->commits), i);
2540 	if (commit->action == ACTION_RENAME) {
2541 	    mapping_t* mapping = find_mapping_for_cluster(s,
2542 		    commit->param.rename.cluster);
2543 	    char* old_path = mapping->path;
2544 
2545 	    assert(commit->path);
2546 	    mapping->path = commit->path;
2547 	    if (rename(old_path, mapping->path))
2548 		return -2;
2549 
2550 	    if (mapping->mode & MODE_DIRECTORY) {
2551 		int l1 = strlen(mapping->path);
2552 		int l2 = strlen(old_path);
2553 		int diff = l1 - l2;
2554 		direntry_t* direntry = array_get(&(s->directory),
2555 			mapping->info.dir.first_dir_index);
2556 		uint32_t c = mapping->begin;
2557 		int i = 0;
2558 
2559 		/* recurse */
2560 		while (!fat_eof(s, c)) {
2561 		    do {
2562 			direntry_t* d = direntry + i;
2563 
2564 			if (is_file(d) || (is_directory(d) && !is_dot(d))) {
2565 			    mapping_t* m = find_mapping_for_cluster(s,
2566 				    begin_of_direntry(d));
2567 			    int l = strlen(m->path);
2568 			    char* new_path = g_malloc(l + diff + 1);
2569 
2570 			    assert(!strncmp(m->path, mapping->path, l2));
2571 
2572                             pstrcpy(new_path, l + diff + 1, mapping->path);
2573                             pstrcpy(new_path + l1, l + diff + 1 - l1,
2574                                     m->path + l2);
2575 
2576 			    schedule_rename(s, m->begin, new_path);
2577 			}
2578 			i++;
2579 		    } while((i % (0x10 * s->sectors_per_cluster)) != 0);
2580 		    c = fat_get(s, c);
2581 		}
2582 	    }
2583 
2584             g_free(old_path);
2585 	    array_remove(&(s->commits), i);
2586 	    continue;
2587 	} else if (commit->action == ACTION_MKDIR) {
2588 	    mapping_t* mapping;
2589 	    int j, parent_path_len;
2590 
2591 #ifdef __MINGW32__
2592             if (mkdir(commit->path))
2593                 return -5;
2594 #else
2595             if (mkdir(commit->path, 0755))
2596                 return -5;
2597 #endif
2598 
2599 	    mapping = insert_mapping(s, commit->param.mkdir.cluster,
2600 		    commit->param.mkdir.cluster + 1);
2601 	    if (mapping == NULL)
2602 		return -6;
2603 
2604 	    mapping->mode = MODE_DIRECTORY;
2605 	    mapping->read_only = 0;
2606 	    mapping->path = commit->path;
2607 	    j = s->directory.next;
2608 	    assert(j);
2609 	    insert_direntries(s, s->directory.next,
2610 		    0x10 * s->sectors_per_cluster);
2611 	    mapping->info.dir.first_dir_index = j;
2612 
2613 	    parent_path_len = strlen(commit->path)
2614 		- strlen(get_basename(commit->path)) - 1;
2615 	    for (j = 0; j < s->mapping.next; j++) {
2616 		mapping_t* m = array_get(&(s->mapping), j);
2617 		if (m->first_mapping_index < 0 && m != mapping &&
2618 			!strncmp(m->path, mapping->path, parent_path_len) &&
2619 			strlen(m->path) == parent_path_len)
2620 		    break;
2621 	    }
2622 	    assert(j < s->mapping.next);
2623 	    mapping->info.dir.parent_mapping_index = j;
2624 
2625 	    array_remove(&(s->commits), i);
2626 	    continue;
2627 	}
2628 
2629 	i++;
2630     }
2631     return 0;
2632 }
2633 
2634 /*
2635  * TODO: make sure that the short name is not matching *another* file
2636  */
2637 static int handle_commits(BDRVVVFATState* s)
2638 {
2639     int i, fail = 0;
2640 
2641     vvfat_close_current_file(s);
2642 
2643     for (i = 0; !fail && i < s->commits.next; i++) {
2644 	commit_t* commit = array_get(&(s->commits), i);
2645 	switch(commit->action) {
2646 	case ACTION_RENAME: case ACTION_MKDIR:
2647             abort();
2648 	    fail = -2;
2649 	    break;
2650 	case ACTION_WRITEOUT: {
2651 #ifndef NDEBUG
2652             /* these variables are only used by assert() below */
2653 	    direntry_t* entry = array_get(&(s->directory),
2654 		    commit->param.writeout.dir_index);
2655 	    uint32_t begin = begin_of_direntry(entry);
2656 	    mapping_t* mapping = find_mapping_for_cluster(s, begin);
2657 #endif
2658 
2659 	    assert(mapping);
2660 	    assert(mapping->begin == begin);
2661 	    assert(commit->path == NULL);
2662 
2663 	    if (commit_one_file(s, commit->param.writeout.dir_index,
2664 			commit->param.writeout.modified_offset))
2665 		fail = -3;
2666 
2667 	    break;
2668 	}
2669 	case ACTION_NEW_FILE: {
2670 	    int begin = commit->param.new_file.first_cluster;
2671 	    mapping_t* mapping = find_mapping_for_cluster(s, begin);
2672 	    direntry_t* entry;
2673 	    int i;
2674 
2675 	    /* find direntry */
2676 	    for (i = 0; i < s->directory.next; i++) {
2677 		entry = array_get(&(s->directory), i);
2678 		if (is_file(entry) && begin_of_direntry(entry) == begin)
2679 		    break;
2680 	    }
2681 
2682 	    if (i >= s->directory.next) {
2683 		fail = -6;
2684 		continue;
2685 	    }
2686 
2687 	    /* make sure there exists an initial mapping */
2688 	    if (mapping && mapping->begin != begin) {
2689 		mapping->end = begin;
2690 		mapping = NULL;
2691 	    }
2692 	    if (mapping == NULL) {
2693 		mapping = insert_mapping(s, begin, begin+1);
2694 	    }
2695 	    /* most members will be fixed in commit_mappings() */
2696 	    assert(commit->path);
2697 	    mapping->path = commit->path;
2698 	    mapping->read_only = 0;
2699 	    mapping->mode = MODE_NORMAL;
2700 	    mapping->info.file.offset = 0;
2701 
2702 	    if (commit_one_file(s, i, 0))
2703 		fail = -7;
2704 
2705 	    break;
2706 	}
2707 	default:
2708             abort();
2709 	}
2710     }
2711     if (i > 0 && array_remove_slice(&(s->commits), 0, i))
2712 	return -1;
2713     return fail;
2714 }
2715 
2716 static int handle_deletes(BDRVVVFATState* s)
2717 {
2718     int i, deferred = 1, deleted = 1;
2719 
2720     /* delete files corresponding to mappings marked as deleted */
2721     /* handle DELETEs and unused mappings (modified_fat_get(s, mapping->begin) == 0) */
2722     while (deferred && deleted) {
2723 	deferred = 0;
2724 	deleted = 0;
2725 
2726 	for (i = 1; i < s->mapping.next; i++) {
2727 	    mapping_t* mapping = array_get(&(s->mapping), i);
2728 	    if (mapping->mode & MODE_DELETED) {
2729 		direntry_t* entry = array_get(&(s->directory),
2730 			mapping->dir_index);
2731 
2732 		if (is_free(entry)) {
2733 		    /* remove file/directory */
2734 		    if (mapping->mode & MODE_DIRECTORY) {
2735 			int j, next_dir_index = s->directory.next,
2736 			first_dir_index = mapping->info.dir.first_dir_index;
2737 
2738 			if (rmdir(mapping->path) < 0) {
2739 			    if (errno == ENOTEMPTY) {
2740 				deferred++;
2741 				continue;
2742 			    } else
2743 				return -5;
2744 			}
2745 
2746 			for (j = 1; j < s->mapping.next; j++) {
2747 			    mapping_t* m = array_get(&(s->mapping), j);
2748 			    if (m->mode & MODE_DIRECTORY &&
2749 				    m->info.dir.first_dir_index >
2750 				    first_dir_index &&
2751 				    m->info.dir.first_dir_index <
2752 				    next_dir_index)
2753 				next_dir_index =
2754 				    m->info.dir.first_dir_index;
2755 			}
2756 			remove_direntries(s, first_dir_index,
2757 				next_dir_index - first_dir_index);
2758 
2759 			deleted++;
2760 		    }
2761 		} else {
2762 		    if (unlink(mapping->path))
2763 			return -4;
2764 		    deleted++;
2765 		}
2766 		DLOG(fprintf(stderr, "DELETE (%d)\n", i); print_mapping(mapping); print_direntry(entry));
2767 		remove_mapping(s, i);
2768 	    }
2769 	}
2770     }
2771 
2772     return 0;
2773 }
2774 
2775 /*
2776  * synchronize mapping with new state:
2777  *
2778  * - copy FAT (with bdrv_read)
2779  * - mark all filenames corresponding to mappings as deleted
2780  * - recurse direntries from root (using bs->bdrv_read)
2781  * - delete files corresponding to mappings marked as deleted
2782  */
2783 static int do_commit(BDRVVVFATState* s)
2784 {
2785     int ret = 0;
2786 
2787     /* the real meat are the commits. Nothing to do? Move along! */
2788     if (s->commits.next == 0)
2789 	return 0;
2790 
2791     vvfat_close_current_file(s);
2792 
2793     ret = handle_renames_and_mkdirs(s);
2794     if (ret) {
2795 	fprintf(stderr, "Error handling renames (%d)\n", ret);
2796         abort();
2797 	return ret;
2798     }
2799 
2800     /* copy FAT (with bdrv_read) */
2801     memcpy(s->fat.pointer, s->fat2, 0x200 * s->sectors_per_fat);
2802 
2803     /* recurse direntries from root (using bs->bdrv_read) */
2804     ret = commit_direntries(s, 0, -1);
2805     if (ret) {
2806 	fprintf(stderr, "Fatal: error while committing (%d)\n", ret);
2807         abort();
2808 	return ret;
2809     }
2810 
2811     ret = handle_commits(s);
2812     if (ret) {
2813 	fprintf(stderr, "Error handling commits (%d)\n", ret);
2814         abort();
2815 	return ret;
2816     }
2817 
2818     ret = handle_deletes(s);
2819     if (ret) {
2820 	fprintf(stderr, "Error deleting\n");
2821         abort();
2822 	return ret;
2823     }
2824 
2825     if (s->qcow->bs->drv->bdrv_make_empty) {
2826         s->qcow->bs->drv->bdrv_make_empty(s->qcow->bs);
2827     }
2828 
2829     memset(s->used_clusters, 0, sector2cluster(s, s->sector_count));
2830 
2831 DLOG(checkpoint());
2832     return 0;
2833 }
2834 
2835 static int try_commit(BDRVVVFATState* s)
2836 {
2837     vvfat_close_current_file(s);
2838 DLOG(checkpoint());
2839     if(!is_consistent(s))
2840 	return -1;
2841     return do_commit(s);
2842 }
2843 
2844 static int vvfat_write(BlockDriverState *bs, int64_t sector_num,
2845                     const uint8_t *buf, int nb_sectors)
2846 {
2847     BDRVVVFATState *s = bs->opaque;
2848     int i, ret;
2849 
2850 DLOG(checkpoint());
2851 
2852     /* Check if we're operating in read-only mode */
2853     if (s->qcow == NULL) {
2854         return -EACCES;
2855     }
2856 
2857     vvfat_close_current_file(s);
2858 
2859     /*
2860      * Some sanity checks:
2861      * - do not allow writing to the boot sector
2862      * - do not allow to write non-ASCII filenames
2863      */
2864 
2865     if (sector_num < s->first_sectors_number)
2866 	return -1;
2867 
2868     for (i = sector2cluster(s, sector_num);
2869 	    i <= sector2cluster(s, sector_num + nb_sectors - 1);) {
2870 	mapping_t* mapping = find_mapping_for_cluster(s, i);
2871 	if (mapping) {
2872 	    if (mapping->read_only) {
2873 		fprintf(stderr, "Tried to write to write-protected file %s\n",
2874 			mapping->path);
2875 		return -1;
2876 	    }
2877 
2878 	    if (mapping->mode & MODE_DIRECTORY) {
2879 		int begin = cluster2sector(s, i);
2880 		int end = begin + s->sectors_per_cluster, k;
2881 		int dir_index;
2882 		const direntry_t* direntries;
2883 		long_file_name lfn;
2884 
2885 		lfn_init(&lfn);
2886 
2887 		if (begin < sector_num)
2888 		    begin = sector_num;
2889 		if (end > sector_num + nb_sectors)
2890 		    end = sector_num + nb_sectors;
2891 		dir_index  = mapping->dir_index +
2892 		    0x10 * (begin - mapping->begin * s->sectors_per_cluster);
2893 		direntries = (direntry_t*)(buf + 0x200 * (begin - sector_num));
2894 
2895 		for (k = 0; k < (end - begin) * 0x10; k++) {
2896 		    /* do not allow non-ASCII filenames */
2897 		    if (parse_long_name(&lfn, direntries + k) < 0) {
2898 			fprintf(stderr, "Warning: non-ASCII filename\n");
2899 			return -1;
2900 		    }
2901 		    /* no access to the direntry of a read-only file */
2902 		    else if (is_short_name(direntries+k) &&
2903 			    (direntries[k].attributes & 1)) {
2904 			if (memcmp(direntries + k,
2905 				    array_get(&(s->directory), dir_index + k),
2906 				    sizeof(direntry_t))) {
2907 			    fprintf(stderr, "Warning: tried to write to write-protected file\n");
2908 			    return -1;
2909 			}
2910 		    }
2911 		}
2912 	    }
2913 	    i = mapping->end;
2914 	} else
2915 	    i++;
2916     }
2917 
2918     /*
2919      * Use qcow backend. Commit later.
2920      */
2921 DLOG(fprintf(stderr, "Write to qcow backend: %d + %d\n", (int)sector_num, nb_sectors));
2922     ret = bdrv_write(s->qcow, sector_num, buf, nb_sectors);
2923     if (ret < 0) {
2924 	fprintf(stderr, "Error writing to qcow backend\n");
2925 	return ret;
2926     }
2927 
2928     for (i = sector2cluster(s, sector_num);
2929 	    i <= sector2cluster(s, sector_num + nb_sectors - 1); i++)
2930 	if (i >= 0)
2931 	    s->used_clusters[i] |= USED_ALLOCATED;
2932 
2933 DLOG(checkpoint());
2934     /* TODO: add timeout */
2935     try_commit(s);
2936 
2937 DLOG(checkpoint());
2938     return 0;
2939 }
2940 
2941 static int coroutine_fn
2942 vvfat_co_pwritev(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
2943                  QEMUIOVector *qiov, int flags)
2944 {
2945     int ret;
2946     BDRVVVFATState *s = bs->opaque;
2947     uint64_t sector_num = offset >> BDRV_SECTOR_BITS;
2948     int nb_sectors = bytes >> BDRV_SECTOR_BITS;
2949     void *buf;
2950 
2951     assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
2952     assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
2953 
2954     buf = g_try_malloc(bytes);
2955     if (bytes && buf == NULL) {
2956         return -ENOMEM;
2957     }
2958     qemu_iovec_to_buf(qiov, 0, buf, bytes);
2959 
2960     qemu_co_mutex_lock(&s->lock);
2961     ret = vvfat_write(bs, sector_num, buf, nb_sectors);
2962     qemu_co_mutex_unlock(&s->lock);
2963 
2964     g_free(buf);
2965 
2966     return ret;
2967 }
2968 
2969 static int64_t coroutine_fn vvfat_co_get_block_status(BlockDriverState *bs,
2970 	int64_t sector_num, int nb_sectors, int *n, BlockDriverState **file)
2971 {
2972     BDRVVVFATState* s = bs->opaque;
2973     *n = s->sector_count - sector_num;
2974     if (*n > nb_sectors) {
2975         *n = nb_sectors;
2976     } else if (*n < 0) {
2977         return 0;
2978     }
2979     return BDRV_BLOCK_DATA;
2980 }
2981 
2982 static int coroutine_fn
2983 write_target_commit(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
2984                     QEMUIOVector *qiov, int flags)
2985 {
2986     BDRVVVFATState* s = *((BDRVVVFATState**) bs->opaque);
2987     return try_commit(s);
2988 }
2989 
2990 static void write_target_close(BlockDriverState *bs) {
2991     BDRVVVFATState* s = *((BDRVVVFATState**) bs->opaque);
2992     bdrv_unref_child(s->bs, s->qcow);
2993     g_free(s->qcow_filename);
2994 }
2995 
2996 static BlockDriver vvfat_write_target = {
2997     .format_name        = "vvfat_write_target",
2998     .instance_size      = sizeof(void*),
2999     .bdrv_co_pwritev    = write_target_commit,
3000     .bdrv_close         = write_target_close,
3001 };
3002 
3003 static void vvfat_qcow_options(int *child_flags, QDict *child_options,
3004                                int parent_flags, QDict *parent_options)
3005 {
3006     qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "off");
3007     *child_flags = BDRV_O_NO_FLUSH;
3008 }
3009 
3010 static const BdrvChildRole child_vvfat_qcow = {
3011     .inherit_options    = vvfat_qcow_options,
3012 };
3013 
3014 static int enable_write_target(BlockDriverState *bs, Error **errp)
3015 {
3016     BDRVVVFATState *s = bs->opaque;
3017     BlockDriver *bdrv_qcow = NULL;
3018     BlockDriverState *backing;
3019     QemuOpts *opts = NULL;
3020     int ret;
3021     int size = sector2cluster(s, s->sector_count);
3022     QDict *options;
3023 
3024     s->used_clusters = calloc(size, 1);
3025 
3026     array_init(&(s->commits), sizeof(commit_t));
3027 
3028     s->qcow_filename = g_malloc(PATH_MAX);
3029     ret = get_tmp_filename(s->qcow_filename, PATH_MAX);
3030     if (ret < 0) {
3031         error_setg_errno(errp, -ret, "can't create temporary file");
3032         goto err;
3033     }
3034 
3035     bdrv_qcow = bdrv_find_format("qcow");
3036     if (!bdrv_qcow) {
3037         error_setg(errp, "Failed to locate qcow driver");
3038         ret = -ENOENT;
3039         goto err;
3040     }
3041 
3042     opts = qemu_opts_create(bdrv_qcow->create_opts, NULL, 0, &error_abort);
3043     qemu_opt_set_number(opts, BLOCK_OPT_SIZE, s->sector_count * 512,
3044                         &error_abort);
3045     qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, "fat:", &error_abort);
3046 
3047     ret = bdrv_create(bdrv_qcow, s->qcow_filename, opts, errp);
3048     qemu_opts_del(opts);
3049     if (ret < 0) {
3050         goto err;
3051     }
3052 
3053     options = qdict_new();
3054     qdict_put_str(options, "write-target.driver", "qcow");
3055     s->qcow = bdrv_open_child(s->qcow_filename, options, "write-target", bs,
3056                               &child_vvfat_qcow, false, errp);
3057     QDECREF(options);
3058     if (!s->qcow) {
3059         ret = -EINVAL;
3060         goto err;
3061     }
3062 
3063 #ifndef _WIN32
3064     unlink(s->qcow_filename);
3065 #endif
3066 
3067     backing = bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALLOW_RDWR,
3068                                    &error_abort);
3069     *(void**) backing->opaque = s;
3070 
3071     bdrv_set_backing_hd(s->bs, backing, &error_abort);
3072     bdrv_unref(backing);
3073 
3074     return 0;
3075 
3076 err:
3077     g_free(s->qcow_filename);
3078     s->qcow_filename = NULL;
3079     return ret;
3080 }
3081 
3082 static void vvfat_child_perm(BlockDriverState *bs, BdrvChild *c,
3083                              const BdrvChildRole *role,
3084                              uint64_t perm, uint64_t shared,
3085                              uint64_t *nperm, uint64_t *nshared)
3086 {
3087     BDRVVVFATState *s = bs->opaque;
3088 
3089     assert(c == s->qcow || role == &child_backing);
3090 
3091     if (c == s->qcow) {
3092         /* This is a private node, nobody should try to attach to it */
3093         *nperm = BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE;
3094         *nshared = BLK_PERM_WRITE_UNCHANGED;
3095     } else {
3096         /* The backing file is there so 'commit' can use it. vvfat doesn't
3097          * access it in any way. */
3098         *nperm = 0;
3099         *nshared = BLK_PERM_ALL;
3100     }
3101 }
3102 
3103 static void vvfat_close(BlockDriverState *bs)
3104 {
3105     BDRVVVFATState *s = bs->opaque;
3106 
3107     vvfat_close_current_file(s);
3108     array_free(&(s->fat));
3109     array_free(&(s->directory));
3110     array_free(&(s->mapping));
3111     g_free(s->cluster_buffer);
3112 
3113     if (s->qcow) {
3114         migrate_del_blocker(s->migration_blocker);
3115         error_free(s->migration_blocker);
3116     }
3117 }
3118 
3119 static BlockDriver bdrv_vvfat = {
3120     .format_name            = "vvfat",
3121     .protocol_name          = "fat",
3122     .instance_size          = sizeof(BDRVVVFATState),
3123 
3124     .bdrv_parse_filename    = vvfat_parse_filename,
3125     .bdrv_file_open         = vvfat_open,
3126     .bdrv_refresh_limits    = vvfat_refresh_limits,
3127     .bdrv_close             = vvfat_close,
3128     .bdrv_child_perm        = vvfat_child_perm,
3129 
3130     .bdrv_co_preadv         = vvfat_co_preadv,
3131     .bdrv_co_pwritev        = vvfat_co_pwritev,
3132     .bdrv_co_get_block_status = vvfat_co_get_block_status,
3133 };
3134 
3135 static void bdrv_vvfat_init(void)
3136 {
3137     bdrv_register(&bdrv_vvfat);
3138 }
3139 
3140 block_init(bdrv_vvfat_init);
3141 
3142 #ifdef DEBUG
3143 static void checkpoint(void) {
3144     assert(((mapping_t*)array_get(&(vvv->mapping), 0))->end == 2);
3145     check1(vvv);
3146     check2(vvv);
3147     assert(!vvv->current_mapping || vvv->current_fd || (vvv->current_mapping->mode & MODE_DIRECTORY));
3148 #if 0
3149     if (((direntry_t*)vvv->directory.pointer)[1].attributes != 0xf)
3150 	fprintf(stderr, "Nonono!\n");
3151     mapping_t* mapping;
3152     direntry_t* direntry;
3153     assert(vvv->mapping.size >= vvv->mapping.item_size * vvv->mapping.next);
3154     assert(vvv->directory.size >= vvv->directory.item_size * vvv->directory.next);
3155     if (vvv->mapping.next<47)
3156 	return;
3157     assert((mapping = array_get(&(vvv->mapping), 47)));
3158     assert(mapping->dir_index < vvv->directory.next);
3159     direntry = array_get(&(vvv->directory), mapping->dir_index);
3160     assert(!memcmp(direntry->name, "USB     H  ", 11) || direntry->name[0]==0);
3161 #endif
3162 }
3163 #endif
3164