1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/fs/hpfs/map.c
4  *
5  *  Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999
6  *
7  *  mapping structures to memory with some minimal checks
8  */
9 
10 #include "hpfs_fn.h"
11 
hpfs_map_dnode_bitmap(struct super_block * s,struct quad_buffer_head * qbh)12 __le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh)
13 {
14 	return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0);
15 }
16 
hpfs_map_bitmap(struct super_block * s,unsigned bmp_block,struct quad_buffer_head * qbh,char * id)17 __le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block,
18 			 struct quad_buffer_head *qbh, char *id)
19 {
20 	secno sec;
21 	__le32 *ret;
22 	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
23 	if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) {
24 		hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id);
25 		return NULL;
26 	}
27 	sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
28 	if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) {
29 		hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id);
30 		return NULL;
31 	}
32 	ret = hpfs_map_4sectors(s, sec, qbh, 4);
33 	if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1);
34 	return ret;
35 }
36 
hpfs_prefetch_bitmap(struct super_block * s,unsigned bmp_block)37 void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block)
38 {
39 	unsigned to_prefetch, next_prefetch;
40 	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
41 	if (unlikely(bmp_block >= n_bands))
42 		return;
43 	to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
44 	if (unlikely(bmp_block + 1 >= n_bands))
45 		next_prefetch = 0;
46 	else
47 		next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]);
48 	hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch));
49 }
50 
51 /*
52  * Load first code page into kernel memory, return pointer to 256-byte array,
53  * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are
54  * lowercasing table
55  */
56 
hpfs_load_code_page(struct super_block * s,secno cps)57 unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
58 {
59 	struct buffer_head *bh;
60 	secno cpds;
61 	unsigned cpi;
62 	unsigned char *ptr;
63 	unsigned char *cp_table;
64 	int i;
65 	struct code_page_data *cpd;
66 	struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0);
67 	if (!cp) return NULL;
68 	if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) {
69 		pr_err("Code page directory magic doesn't match (magic = %08x)\n",
70 			le32_to_cpu(cp->magic));
71 		brelse(bh);
72 		return NULL;
73 	}
74 	if (!le32_to_cpu(cp->n_code_pages)) {
75 		pr_err("n_code_pages == 0\n");
76 		brelse(bh);
77 		return NULL;
78 	}
79 	cpds = le32_to_cpu(cp->array[0].code_page_data);
80 	cpi = le16_to_cpu(cp->array[0].index);
81 	brelse(bh);
82 
83 	if (cpi >= 3) {
84 		pr_err("Code page index out of array\n");
85 		return NULL;
86 	}
87 
88 	if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL;
89 	if (le16_to_cpu(cpd->offs[cpi]) > 0x178) {
90 		pr_err("Code page index out of sector\n");
91 		brelse(bh);
92 		return NULL;
93 	}
94 	ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6;
95 	if (!(cp_table = kmalloc(256, GFP_KERNEL))) {
96 		pr_err("out of memory for code page table\n");
97 		brelse(bh);
98 		return NULL;
99 	}
100 	memcpy(cp_table, ptr, 128);
101 	brelse(bh);
102 
103 	/* Try to build lowercasing table from uppercasing one */
104 
105 	for (i=128; i<256; i++) cp_table[i]=i;
106 	for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128)
107 		cp_table[cp_table[i-128]] = i;
108 
109 	return cp_table;
110 }
111 
hpfs_load_bitmap_directory(struct super_block * s,secno bmp)112 __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp)
113 {
114 	struct buffer_head *bh;
115 	int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21;
116 	int i;
117 	__le32 *b;
118 	if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) {
119 		pr_err("can't allocate memory for bitmap directory\n");
120 		return NULL;
121 	}
122 	for (i=0;i<n;i++) {
123 		__le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1);
124 		if (!d) {
125 			kfree(b);
126 			return NULL;
127 		}
128 		memcpy((char *)b + 512 * i, d, 512);
129 		brelse(bh);
130 	}
131 	return b;
132 }
133 
hpfs_load_hotfix_map(struct super_block * s,struct hpfs_spare_block * spareblock)134 void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock)
135 {
136 	struct quad_buffer_head qbh;
137 	__le32 *directory;
138 	u32 n_hotfixes, n_used_hotfixes;
139 	unsigned i;
140 
141 	n_hotfixes = le32_to_cpu(spareblock->n_spares);
142 	n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used);
143 
144 	if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) {
145 		hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes);
146 		return;
147 	}
148 	if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) {
149 		hpfs_error(s, "can't load hotfix map");
150 		return;
151 	}
152 	for (i = 0; i < n_used_hotfixes; i++) {
153 		hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]);
154 		hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]);
155 	}
156 	hpfs_sb(s)->n_hotfixes = n_used_hotfixes;
157 	hpfs_brelse4(&qbh);
158 }
159 
160 /*
161  * Load fnode to memory
162  */
163 
hpfs_map_fnode(struct super_block * s,ino_t ino,struct buffer_head ** bhp)164 struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp)
165 {
166 	struct fnode *fnode;
167 	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) {
168 		return NULL;
169 	}
170 	if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) {
171 		if (hpfs_sb(s)->sb_chk) {
172 			struct extended_attribute *ea;
173 			struct extended_attribute *ea_end;
174 			if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) {
175 				hpfs_error(s, "bad magic on fnode %08lx",
176 					(unsigned long)ino);
177 				goto bail;
178 			}
179 			if (!fnode_is_dir(fnode)) {
180 				if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes !=
181 				    (bp_internal(GET_BTREE_PTR(&fnode->btree)) ? 12 : 8)) {
182 					hpfs_error(s,
183 					   "bad number of nodes in fnode %08lx",
184 					    (unsigned long)ino);
185 					goto bail;
186 				}
187 				if (le16_to_cpu(fnode->btree.first_free) !=
188 				    8 + fnode->btree.n_used_nodes * (bp_internal(GET_BTREE_PTR(&fnode->btree)) ? 8 : 12)) {
189 					hpfs_error(s,
190 					    "bad first_free pointer in fnode %08lx",
191 					    (unsigned long)ino);
192 					goto bail;
193 				}
194 			}
195 			if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 ||
196 			   le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) {
197 				hpfs_error(s,
198 					"bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x",
199 					(unsigned long)ino,
200 					le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s));
201 				goto bail;
202 			}
203 			ea = fnode_ea(fnode);
204 			ea_end = fnode_end_ea(fnode);
205 			while (ea != ea_end) {
206 				if (ea > ea_end) {
207 					hpfs_error(s, "bad EA in fnode %08lx",
208 						(unsigned long)ino);
209 					goto bail;
210 				}
211 				ea = next_ea(ea);
212 			}
213 		}
214 	}
215 	return fnode;
216 	bail:
217 	brelse(*bhp);
218 	return NULL;
219 }
220 
hpfs_map_anode(struct super_block * s,anode_secno ano,struct buffer_head ** bhp)221 struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp)
222 {
223 	struct anode *anode;
224 	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL;
225 	if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD)))
226 		if (hpfs_sb(s)->sb_chk) {
227 			if (le32_to_cpu(anode->magic) != ANODE_MAGIC) {
228 				hpfs_error(s, "bad magic on anode %08x", ano);
229 				goto bail;
230 			}
231 			if (le32_to_cpu(anode->self) != ano) {
232 				hpfs_error(s, "self pointer invalid on anode %08x", ano);
233 				goto bail;
234 			}
235 			if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes !=
236 			    (bp_internal(GET_BTREE_PTR(&anode->btree)) ? 60 : 40)) {
237 				hpfs_error(s, "bad number of nodes in anode %08x", ano);
238 				goto bail;
239 			}
240 			if (le16_to_cpu(anode->btree.first_free) !=
241 			    8 + anode->btree.n_used_nodes * (bp_internal(GET_BTREE_PTR(&anode->btree)) ? 8 : 12)) {
242 				hpfs_error(s, "bad first_free pointer in anode %08x", ano);
243 				goto bail;
244 			}
245 		}
246 	return anode;
247 	bail:
248 	brelse(*bhp);
249 	return NULL;
250 }
251 
252 /*
253  * Load dnode to memory and do some checks
254  */
255 
hpfs_map_dnode(struct super_block * s,unsigned secno,struct quad_buffer_head * qbh)256 struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
257 			     struct quad_buffer_head *qbh)
258 {
259 	struct dnode *dnode;
260 	if (hpfs_sb(s)->sb_chk) {
261 		if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL;
262 		if (secno & 3) {
263 			hpfs_error(s, "dnode %08x not byte-aligned", secno);
264 			return NULL;
265 		}
266 	}
267 	if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD)))
268 		if (hpfs_sb(s)->sb_chk) {
269 			unsigned p, pp = 0;
270 			unsigned char *d = (unsigned char *)dnode;
271 			int b = 0;
272 			if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) {
273 				hpfs_error(s, "bad magic on dnode %08x", secno);
274 				goto bail;
275 			}
276 			if (le32_to_cpu(dnode->self) != secno)
277 				hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self));
278 			/* Check dirents - bad dirents would cause infinite
279 			   loops or shooting to memory */
280 			if (le32_to_cpu(dnode->first_free) > 2048) {
281 				hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free));
282 				goto bail;
283 			}
284 			for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) {
285 				struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p);
286 				if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) {
287 					hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
288 					goto bail;
289 				}
290 				if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) {
291 					if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & SB_RDONLY) goto ok;
292 					hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
293 					goto bail;
294 				}
295 				ok:
296 				if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down;
297 				if (de->down) if (de_down_pointer(de) < 0x10) {
298 					hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp);
299 					goto bail;
300 				}
301 				pp = p;
302 
303 			}
304 			if (p != le32_to_cpu(dnode->first_free)) {
305 				hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno);
306 				goto bail;
307 			}
308 			if (d[pp + 30] != 1 || d[pp + 31] != 255) {
309 				hpfs_error(s, "dnode %08x does not end with \\377 entry", secno);
310 				goto bail;
311 			}
312 			if (b == 3)
313 				pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n",
314 					secno);
315 		}
316 	return dnode;
317 	bail:
318 	hpfs_brelse4(qbh);
319 	return NULL;
320 }
321 
hpfs_fnode_dno(struct super_block * s,ino_t ino)322 dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino)
323 {
324 	struct buffer_head *bh;
325 	struct fnode *fnode;
326 	dnode_secno dno;
327 
328 	fnode = hpfs_map_fnode(s, ino, &bh);
329 	if (!fnode)
330 		return 0;
331 
332 	dno = le32_to_cpu(fnode->u.external[0].disk_secno);
333 	brelse(bh);
334 	return dno;
335 }
336