1// SPDX-License-Identifier: GPL-2.0
2/*
3 *  linux/fs/hpfs/map.c
4 *
5 *  Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999
6 *
7 *  mapping structures to memory with some minimal checks
8 */
9
10#include "hpfs_fn.h"
11
12__le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh)
13{
14	return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0);
15}
16
17__le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block,
18			 struct quad_buffer_head *qbh, char *id)
19{
20	secno sec;
21	__le32 *ret;
22	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
23	if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) {
24		hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id);
25		return NULL;
26	}
27	sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
28	if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) {
29		hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id);
30		return NULL;
31	}
32	ret = hpfs_map_4sectors(s, sec, qbh, 4);
33	if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1);
34	return ret;
35}
36
37void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block)
38{
39	unsigned to_prefetch, next_prefetch;
40	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
41	if (unlikely(bmp_block >= n_bands))
42		return;
43	to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
44	if (unlikely(bmp_block + 1 >= n_bands))
45		next_prefetch = 0;
46	else
47		next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]);
48	hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch));
49}
50
51/*
52 * Load first code page into kernel memory, return pointer to 256-byte array,
53 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are
54 * lowercasing table
55 */
56
57unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
58{
59	struct buffer_head *bh;
60	secno cpds;
61	unsigned cpi;
62	unsigned char *ptr;
63	unsigned char *cp_table;
64	int i;
65	struct code_page_data *cpd;
66	struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0);
67	if (!cp) return NULL;
68	if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) {
69		pr_err("Code page directory magic doesn't match (magic = %08x)\n",
70			le32_to_cpu(cp->magic));
71		brelse(bh);
72		return NULL;
73	}
74	if (!le32_to_cpu(cp->n_code_pages)) {
75		pr_err("n_code_pages == 0\n");
76		brelse(bh);
77		return NULL;
78	}
79	cpds = le32_to_cpu(cp->array[0].code_page_data);
80	cpi = le16_to_cpu(cp->array[0].index);
81	brelse(bh);
82
83	if (cpi >= 3) {
84		pr_err("Code page index out of array\n");
85		return NULL;
86	}
87
88	if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL;
89	if (le16_to_cpu(cpd->offs[cpi]) > 0x178) {
90		pr_err("Code page index out of sector\n");
91		brelse(bh);
92		return NULL;
93	}
94	ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6;
95	if (!(cp_table = kmalloc(256, GFP_KERNEL))) {
96		pr_err("out of memory for code page table\n");
97		brelse(bh);
98		return NULL;
99	}
100	memcpy(cp_table, ptr, 128);
101	brelse(bh);
102
103	/* Try to build lowercasing table from uppercasing one */
104
105	for (i=128; i<256; i++) cp_table[i]=i;
106	for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128)
107		cp_table[cp_table[i-128]] = i;
108
109	return cp_table;
110}
111
112__le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp)
113{
114	struct buffer_head *bh;
115	int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21;
116	int i;
117	__le32 *b;
118	if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) {
119		pr_err("can't allocate memory for bitmap directory\n");
120		return NULL;
121	}
122	for (i=0;i<n;i++) {
123		__le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1);
124		if (!d) {
125			kfree(b);
126			return NULL;
127		}
128		memcpy((char *)b + 512 * i, d, 512);
129		brelse(bh);
130	}
131	return b;
132}
133
134void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock)
135{
136	struct quad_buffer_head qbh;
137	__le32 *directory;
138	u32 n_hotfixes, n_used_hotfixes;
139	unsigned i;
140
141	n_hotfixes = le32_to_cpu(spareblock->n_spares);
142	n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used);
143
144	if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) {
145		hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes);
146		return;
147	}
148	if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) {
149		hpfs_error(s, "can't load hotfix map");
150		return;
151	}
152	for (i = 0; i < n_used_hotfixes; i++) {
153		hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]);
154		hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]);
155	}
156	hpfs_sb(s)->n_hotfixes = n_used_hotfixes;
157	hpfs_brelse4(&qbh);
158}
159
160/*
161 * Load fnode to memory
162 */
163
164struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp)
165{
166	struct fnode *fnode;
167	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) {
168		return NULL;
169	}
170	if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) {
171		if (hpfs_sb(s)->sb_chk) {
172			struct extended_attribute *ea;
173			struct extended_attribute *ea_end;
174			if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) {
175				hpfs_error(s, "bad magic on fnode %08lx",
176					(unsigned long)ino);
177				goto bail;
178			}
179			if (!fnode_is_dir(fnode)) {
180				if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes !=
181				    (bp_internal(&fnode->btree) ? 12 : 8)) {
182					hpfs_error(s,
183					   "bad number of nodes in fnode %08lx",
184					    (unsigned long)ino);
185					goto bail;
186				}
187				if (le16_to_cpu(fnode->btree.first_free) !=
188				    8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) {
189					hpfs_error(s,
190					    "bad first_free pointer in fnode %08lx",
191					    (unsigned long)ino);
192					goto bail;
193				}
194			}
195			if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 ||
196			   le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) {
197				hpfs_error(s,
198					"bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x",
199					(unsigned long)ino,
200					le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s));
201				goto bail;
202			}
203			ea = fnode_ea(fnode);
204			ea_end = fnode_end_ea(fnode);
205			while (ea != ea_end) {
206				if (ea > ea_end) {
207					hpfs_error(s, "bad EA in fnode %08lx",
208						(unsigned long)ino);
209					goto bail;
210				}
211				ea = next_ea(ea);
212			}
213		}
214	}
215	return fnode;
216	bail:
217	brelse(*bhp);
218	return NULL;
219}
220
221struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp)
222{
223	struct anode *anode;
224	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL;
225	if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD)))
226		if (hpfs_sb(s)->sb_chk) {
227			if (le32_to_cpu(anode->magic) != ANODE_MAGIC) {
228				hpfs_error(s, "bad magic on anode %08x", ano);
229				goto bail;
230			}
231			if (le32_to_cpu(anode->self) != ano) {
232				hpfs_error(s, "self pointer invalid on anode %08x", ano);
233				goto bail;
234			}
235			if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes !=
236			    (bp_internal(&anode->btree) ? 60 : 40)) {
237				hpfs_error(s, "bad number of nodes in anode %08x", ano);
238				goto bail;
239			}
240			if (le16_to_cpu(anode->btree.first_free) !=
241			    8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) {
242				hpfs_error(s, "bad first_free pointer in anode %08x", ano);
243				goto bail;
244			}
245		}
246	return anode;
247	bail:
248	brelse(*bhp);
249	return NULL;
250}
251
252/*
253 * Load dnode to memory and do some checks
254 */
255
256struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
257			     struct quad_buffer_head *qbh)
258{
259	struct dnode *dnode;
260	if (hpfs_sb(s)->sb_chk) {
261		if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL;
262		if (secno & 3) {
263			hpfs_error(s, "dnode %08x not byte-aligned", secno);
264			return NULL;
265		}
266	}
267	if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD)))
268		if (hpfs_sb(s)->sb_chk) {
269			unsigned p, pp = 0;
270			unsigned char *d = (unsigned char *)dnode;
271			int b = 0;
272			if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) {
273				hpfs_error(s, "bad magic on dnode %08x", secno);
274				goto bail;
275			}
276			if (le32_to_cpu(dnode->self) != secno)
277				hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self));
278			/* Check dirents - bad dirents would cause infinite
279			   loops or shooting to memory */
280			if (le32_to_cpu(dnode->first_free) > 2048) {
281				hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free));
282				goto bail;
283			}
284			for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) {
285				struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p);
286				if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) {
287					hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
288					goto bail;
289				}
290				if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) {
291					if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & SB_RDONLY) goto ok;
292					hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
293					goto bail;
294				}
295				ok:
296				if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down;
297				if (de->down) if (de_down_pointer(de) < 0x10) {
298					hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp);
299					goto bail;
300				}
301				pp = p;
302
303			}
304			if (p != le32_to_cpu(dnode->first_free)) {
305				hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno);
306				goto bail;
307			}
308			if (d[pp + 30] != 1 || d[pp + 31] != 255) {
309				hpfs_error(s, "dnode %08x does not end with \\377 entry", secno);
310				goto bail;
311			}
312			if (b == 3)
313				pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n",
314					secno);
315		}
316	return dnode;
317	bail:
318	hpfs_brelse4(qbh);
319	return NULL;
320}
321
322dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino)
323{
324	struct buffer_head *bh;
325	struct fnode *fnode;
326	dnode_secno dno;
327
328	fnode = hpfs_map_fnode(s, ino, &bh);
329	if (!fnode)
330		return 0;
331
332	dno = le32_to_cpu(fnode->u.external[0].disk_secno);
333	brelse(bh);
334	return dno;
335}
336