1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/hpfs/map.c
4 *
5 * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999
6 *
7 * mapping structures to memory with some minimal checks
8 */
9
10 #include "hpfs_fn.h"
11
hpfs_map_dnode_bitmap(struct super_block * s,struct quad_buffer_head * qbh)12 __le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh)
13 {
14 return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0);
15 }
16
hpfs_map_bitmap(struct super_block * s,unsigned bmp_block,struct quad_buffer_head * qbh,char * id)17 __le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block,
18 struct quad_buffer_head *qbh, char *id)
19 {
20 secno sec;
21 __le32 *ret;
22 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
23 if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) {
24 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id);
25 return NULL;
26 }
27 sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
28 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) {
29 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id);
30 return NULL;
31 }
32 ret = hpfs_map_4sectors(s, sec, qbh, 4);
33 if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1);
34 return ret;
35 }
36
hpfs_prefetch_bitmap(struct super_block * s,unsigned bmp_block)37 void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block)
38 {
39 unsigned to_prefetch, next_prefetch;
40 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
41 if (unlikely(bmp_block >= n_bands))
42 return;
43 to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
44 if (unlikely(bmp_block + 1 >= n_bands))
45 next_prefetch = 0;
46 else
47 next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]);
48 hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch));
49 }
50
51 /*
52 * Load first code page into kernel memory, return pointer to 256-byte array,
53 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are
54 * lowercasing table
55 */
56
hpfs_load_code_page(struct super_block * s,secno cps)57 unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
58 {
59 struct buffer_head *bh;
60 secno cpds;
61 unsigned cpi;
62 unsigned char *ptr;
63 unsigned char *cp_table;
64 int i;
65 struct code_page_data *cpd;
66 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0);
67 if (!cp) return NULL;
68 if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) {
69 pr_err("Code page directory magic doesn't match (magic = %08x)\n",
70 le32_to_cpu(cp->magic));
71 brelse(bh);
72 return NULL;
73 }
74 if (!le32_to_cpu(cp->n_code_pages)) {
75 pr_err("n_code_pages == 0\n");
76 brelse(bh);
77 return NULL;
78 }
79 cpds = le32_to_cpu(cp->array[0].code_page_data);
80 cpi = le16_to_cpu(cp->array[0].index);
81 brelse(bh);
82
83 if (cpi >= 3) {
84 pr_err("Code page index out of array\n");
85 return NULL;
86 }
87
88 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL;
89 if (le16_to_cpu(cpd->offs[cpi]) > 0x178) {
90 pr_err("Code page index out of sector\n");
91 brelse(bh);
92 return NULL;
93 }
94 ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6;
95 if (!(cp_table = kmalloc(256, GFP_KERNEL))) {
96 pr_err("out of memory for code page table\n");
97 brelse(bh);
98 return NULL;
99 }
100 memcpy(cp_table, ptr, 128);
101 brelse(bh);
102
103 /* Try to build lowercasing table from uppercasing one */
104
105 for (i=128; i<256; i++) cp_table[i]=i;
106 for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128)
107 cp_table[cp_table[i-128]] = i;
108
109 return cp_table;
110 }
111
hpfs_load_bitmap_directory(struct super_block * s,secno bmp)112 __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp)
113 {
114 struct buffer_head *bh;
115 int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21;
116 int i;
117 __le32 *b;
118 if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) {
119 pr_err("can't allocate memory for bitmap directory\n");
120 return NULL;
121 }
122 for (i=0;i<n;i++) {
123 __le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1);
124 if (!d) {
125 kfree(b);
126 return NULL;
127 }
128 memcpy((char *)b + 512 * i, d, 512);
129 brelse(bh);
130 }
131 return b;
132 }
133
hpfs_load_hotfix_map(struct super_block * s,struct hpfs_spare_block * spareblock)134 void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock)
135 {
136 struct quad_buffer_head qbh;
137 __le32 *directory;
138 u32 n_hotfixes, n_used_hotfixes;
139 unsigned i;
140
141 n_hotfixes = le32_to_cpu(spareblock->n_spares);
142 n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used);
143
144 if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) {
145 hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes);
146 return;
147 }
148 if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) {
149 hpfs_error(s, "can't load hotfix map");
150 return;
151 }
152 for (i = 0; i < n_used_hotfixes; i++) {
153 hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]);
154 hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]);
155 }
156 hpfs_sb(s)->n_hotfixes = n_used_hotfixes;
157 hpfs_brelse4(&qbh);
158 }
159
160 /*
161 * Load fnode to memory
162 */
163
hpfs_map_fnode(struct super_block * s,ino_t ino,struct buffer_head ** bhp)164 struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp)
165 {
166 struct fnode *fnode;
167 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) {
168 return NULL;
169 }
170 if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) {
171 if (hpfs_sb(s)->sb_chk) {
172 struct extended_attribute *ea;
173 struct extended_attribute *ea_end;
174 if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) {
175 hpfs_error(s, "bad magic on fnode %08lx",
176 (unsigned long)ino);
177 goto bail;
178 }
179 if (!fnode_is_dir(fnode)) {
180 if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes !=
181 (bp_internal(&fnode->btree) ? 12 : 8)) {
182 hpfs_error(s,
183 "bad number of nodes in fnode %08lx",
184 (unsigned long)ino);
185 goto bail;
186 }
187 if (le16_to_cpu(fnode->btree.first_free) !=
188 8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) {
189 hpfs_error(s,
190 "bad first_free pointer in fnode %08lx",
191 (unsigned long)ino);
192 goto bail;
193 }
194 }
195 if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 ||
196 le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) {
197 hpfs_error(s,
198 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x",
199 (unsigned long)ino,
200 le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s));
201 goto bail;
202 }
203 ea = fnode_ea(fnode);
204 ea_end = fnode_end_ea(fnode);
205 while (ea != ea_end) {
206 if (ea > ea_end) {
207 hpfs_error(s, "bad EA in fnode %08lx",
208 (unsigned long)ino);
209 goto bail;
210 }
211 ea = next_ea(ea);
212 }
213 }
214 }
215 return fnode;
216 bail:
217 brelse(*bhp);
218 return NULL;
219 }
220
hpfs_map_anode(struct super_block * s,anode_secno ano,struct buffer_head ** bhp)221 struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp)
222 {
223 struct anode *anode;
224 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL;
225 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD)))
226 if (hpfs_sb(s)->sb_chk) {
227 if (le32_to_cpu(anode->magic) != ANODE_MAGIC) {
228 hpfs_error(s, "bad magic on anode %08x", ano);
229 goto bail;
230 }
231 if (le32_to_cpu(anode->self) != ano) {
232 hpfs_error(s, "self pointer invalid on anode %08x", ano);
233 goto bail;
234 }
235 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes !=
236 (bp_internal(&anode->btree) ? 60 : 40)) {
237 hpfs_error(s, "bad number of nodes in anode %08x", ano);
238 goto bail;
239 }
240 if (le16_to_cpu(anode->btree.first_free) !=
241 8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) {
242 hpfs_error(s, "bad first_free pointer in anode %08x", ano);
243 goto bail;
244 }
245 }
246 return anode;
247 bail:
248 brelse(*bhp);
249 return NULL;
250 }
251
252 /*
253 * Load dnode to memory and do some checks
254 */
255
hpfs_map_dnode(struct super_block * s,unsigned secno,struct quad_buffer_head * qbh)256 struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
257 struct quad_buffer_head *qbh)
258 {
259 struct dnode *dnode;
260 if (hpfs_sb(s)->sb_chk) {
261 if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL;
262 if (secno & 3) {
263 hpfs_error(s, "dnode %08x not byte-aligned", secno);
264 return NULL;
265 }
266 }
267 if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD)))
268 if (hpfs_sb(s)->sb_chk) {
269 unsigned p, pp = 0;
270 unsigned char *d = (unsigned char *)dnode;
271 int b = 0;
272 if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) {
273 hpfs_error(s, "bad magic on dnode %08x", secno);
274 goto bail;
275 }
276 if (le32_to_cpu(dnode->self) != secno)
277 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self));
278 /* Check dirents - bad dirents would cause infinite
279 loops or shooting to memory */
280 if (le32_to_cpu(dnode->first_free) > 2048) {
281 hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free));
282 goto bail;
283 }
284 for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) {
285 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p);
286 if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) {
287 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
288 goto bail;
289 }
290 if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) {
291 if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & SB_RDONLY) goto ok;
292 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
293 goto bail;
294 }
295 ok:
296 if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down;
297 if (de->down) if (de_down_pointer(de) < 0x10) {
298 hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp);
299 goto bail;
300 }
301 pp = p;
302
303 }
304 if (p != le32_to_cpu(dnode->first_free)) {
305 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno);
306 goto bail;
307 }
308 if (d[pp + 30] != 1 || d[pp + 31] != 255) {
309 hpfs_error(s, "dnode %08x does not end with \\377 entry", secno);
310 goto bail;
311 }
312 if (b == 3)
313 pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n",
314 secno);
315 }
316 return dnode;
317 bail:
318 hpfs_brelse4(qbh);
319 return NULL;
320 }
321
hpfs_fnode_dno(struct super_block * s,ino_t ino)322 dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino)
323 {
324 struct buffer_head *bh;
325 struct fnode *fnode;
326 dnode_secno dno;
327
328 fnode = hpfs_map_fnode(s, ino, &bh);
329 if (!fnode)
330 return 0;
331
332 dno = le32_to_cpu(fnode->u.external[0].disk_secno);
333 brelse(bh);
334 return dno;
335 }
336