1 /* 2 * linux/fs/hpfs/map.c 3 * 4 * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999 5 * 6 * mapping structures to memory with some minimal checks 7 */ 8 9 #include "hpfs_fn.h" 10 11 __le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh) 12 { 13 return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0); 14 } 15 16 __le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block, 17 struct quad_buffer_head *qbh, char *id) 18 { 19 secno sec; 20 __le32 *ret; 21 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 22 if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) { 23 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id); 24 return NULL; 25 } 26 sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 27 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) { 28 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id); 29 return NULL; 30 } 31 ret = hpfs_map_4sectors(s, sec, qbh, 4); 32 if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1); 33 return ret; 34 } 35 36 void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block) 37 { 38 unsigned to_prefetch, next_prefetch; 39 unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14; 40 if (unlikely(bmp_block >= n_bands)) 41 return; 42 to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]); 43 if (unlikely(bmp_block + 1 >= n_bands)) 44 next_prefetch = 0; 45 else 46 next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]); 47 hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch)); 48 } 49 50 /* 51 * Load first code page into kernel memory, return pointer to 256-byte array, 52 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are 53 * lowercasing table 54 */ 55 56 unsigned char *hpfs_load_code_page(struct super_block *s, secno cps) 57 { 58 struct buffer_head *bh; 59 secno cpds; 60 unsigned cpi; 61 unsigned char *ptr; 62 unsigned char *cp_table; 63 int i; 64 struct code_page_data *cpd; 65 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0); 66 if (!cp) return NULL; 67 if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) { 68 pr_err("Code page directory magic doesn't match (magic = %08x)\n", 69 le32_to_cpu(cp->magic)); 70 brelse(bh); 71 return NULL; 72 } 73 if (!le32_to_cpu(cp->n_code_pages)) { 74 pr_err("n_code_pages == 0\n"); 75 brelse(bh); 76 return NULL; 77 } 78 cpds = le32_to_cpu(cp->array[0].code_page_data); 79 cpi = le16_to_cpu(cp->array[0].index); 80 brelse(bh); 81 82 if (cpi >= 3) { 83 pr_err("Code page index out of array\n"); 84 return NULL; 85 } 86 87 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL; 88 if (le16_to_cpu(cpd->offs[cpi]) > 0x178) { 89 pr_err("Code page index out of sector\n"); 90 brelse(bh); 91 return NULL; 92 } 93 ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6; 94 if (!(cp_table = kmalloc(256, GFP_KERNEL))) { 95 pr_err("out of memory for code page table\n"); 96 brelse(bh); 97 return NULL; 98 } 99 memcpy(cp_table, ptr, 128); 100 brelse(bh); 101 102 /* Try to build lowercasing table from uppercasing one */ 103 104 for (i=128; i<256; i++) cp_table[i]=i; 105 for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128) 106 cp_table[cp_table[i-128]] = i; 107 108 return cp_table; 109 } 110 111 __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp) 112 { 113 struct buffer_head *bh; 114 int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21; 115 int i; 116 __le32 *b; 117 if (!(b = kmalloc(n * 512, GFP_KERNEL))) { 118 pr_err("can't allocate memory for bitmap directory\n"); 119 return NULL; 120 } 121 for (i=0;i<n;i++) { 122 __le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1); 123 if (!d) { 124 kfree(b); 125 return NULL; 126 } 127 memcpy((char *)b + 512 * i, d, 512); 128 brelse(bh); 129 } 130 return b; 131 } 132 133 void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock) 134 { 135 struct quad_buffer_head qbh; 136 u32 *directory; 137 u32 n_hotfixes, n_used_hotfixes; 138 unsigned i; 139 140 n_hotfixes = le32_to_cpu(spareblock->n_spares); 141 n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used); 142 143 if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) { 144 hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes); 145 return; 146 } 147 if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) { 148 hpfs_error(s, "can't load hotfix map"); 149 return; 150 } 151 for (i = 0; i < n_used_hotfixes; i++) { 152 hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]); 153 hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]); 154 } 155 hpfs_sb(s)->n_hotfixes = n_used_hotfixes; 156 hpfs_brelse4(&qbh); 157 } 158 159 /* 160 * Load fnode to memory 161 */ 162 163 struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp) 164 { 165 struct fnode *fnode; 166 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) { 167 return NULL; 168 } 169 if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) { 170 if (hpfs_sb(s)->sb_chk) { 171 struct extended_attribute *ea; 172 struct extended_attribute *ea_end; 173 if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) { 174 hpfs_error(s, "bad magic on fnode %08lx", 175 (unsigned long)ino); 176 goto bail; 177 } 178 if (!fnode_is_dir(fnode)) { 179 if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes != 180 (bp_internal(&fnode->btree) ? 12 : 8)) { 181 hpfs_error(s, 182 "bad number of nodes in fnode %08lx", 183 (unsigned long)ino); 184 goto bail; 185 } 186 if (le16_to_cpu(fnode->btree.first_free) != 187 8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) { 188 hpfs_error(s, 189 "bad first_free pointer in fnode %08lx", 190 (unsigned long)ino); 191 goto bail; 192 } 193 } 194 if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 || 195 le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) { 196 hpfs_error(s, 197 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x", 198 (unsigned long)ino, 199 le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s)); 200 goto bail; 201 } 202 ea = fnode_ea(fnode); 203 ea_end = fnode_end_ea(fnode); 204 while (ea != ea_end) { 205 if (ea > ea_end) { 206 hpfs_error(s, "bad EA in fnode %08lx", 207 (unsigned long)ino); 208 goto bail; 209 } 210 ea = next_ea(ea); 211 } 212 } 213 } 214 return fnode; 215 bail: 216 brelse(*bhp); 217 return NULL; 218 } 219 220 struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp) 221 { 222 struct anode *anode; 223 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL; 224 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD))) 225 if (hpfs_sb(s)->sb_chk) { 226 if (le32_to_cpu(anode->magic) != ANODE_MAGIC) { 227 hpfs_error(s, "bad magic on anode %08x", ano); 228 goto bail; 229 } 230 if (le32_to_cpu(anode->self) != ano) { 231 hpfs_error(s, "self pointer invalid on anode %08x", ano); 232 goto bail; 233 } 234 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes != 235 (bp_internal(&anode->btree) ? 60 : 40)) { 236 hpfs_error(s, "bad number of nodes in anode %08x", ano); 237 goto bail; 238 } 239 if (le16_to_cpu(anode->btree.first_free) != 240 8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) { 241 hpfs_error(s, "bad first_free pointer in anode %08x", ano); 242 goto bail; 243 } 244 } 245 return anode; 246 bail: 247 brelse(*bhp); 248 return NULL; 249 } 250 251 /* 252 * Load dnode to memory and do some checks 253 */ 254 255 struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno, 256 struct quad_buffer_head *qbh) 257 { 258 struct dnode *dnode; 259 if (hpfs_sb(s)->sb_chk) { 260 if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL; 261 if (secno & 3) { 262 hpfs_error(s, "dnode %08x not byte-aligned", secno); 263 return NULL; 264 } 265 } 266 if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD))) 267 if (hpfs_sb(s)->sb_chk) { 268 unsigned p, pp = 0; 269 unsigned char *d = (unsigned char *)dnode; 270 int b = 0; 271 if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) { 272 hpfs_error(s, "bad magic on dnode %08x", secno); 273 goto bail; 274 } 275 if (le32_to_cpu(dnode->self) != secno) 276 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self)); 277 /* Check dirents - bad dirents would cause infinite 278 loops or shooting to memory */ 279 if (le32_to_cpu(dnode->first_free) > 2048) { 280 hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free)); 281 goto bail; 282 } 283 for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) { 284 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p); 285 if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) { 286 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 287 goto bail; 288 } 289 if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) { 290 if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & MS_RDONLY) goto ok; 291 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 292 goto bail; 293 } 294 ok: 295 if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down; 296 if (de->down) if (de_down_pointer(de) < 0x10) { 297 hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp); 298 goto bail; 299 } 300 pp = p; 301 302 } 303 if (p != le32_to_cpu(dnode->first_free)) { 304 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno); 305 goto bail; 306 } 307 if (d[pp + 30] != 1 || d[pp + 31] != 255) { 308 hpfs_error(s, "dnode %08x does not end with \\377 entry", secno); 309 goto bail; 310 } 311 if (b == 3) 312 pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n", 313 secno); 314 } 315 return dnode; 316 bail: 317 hpfs_brelse4(qbh); 318 return NULL; 319 } 320 321 dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino) 322 { 323 struct buffer_head *bh; 324 struct fnode *fnode; 325 dnode_secno dno; 326 327 fnode = hpfs_map_fnode(s, ino, &bh); 328 if (!fnode) 329 return 0; 330 331 dno = le32_to_cpu(fnode->u.external[0].disk_secno); 332 brelse(bh); 333 return dno; 334 } 335