cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

map.c (10020B)

      1// SPDX-License-Identifier: GPL-2.0
      2/*
      3 *  linux/fs/hpfs/map.c
      4 *
      5 *  Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999
      6 *
      7 *  mapping structures to memory with some minimal checks
      8 */
      9
     10#include "hpfs_fn.h"
     11
     12__le32 *hpfs_map_dnode_bitmap(struct super_block *s, struct quad_buffer_head *qbh)
     13{
     14	return hpfs_map_4sectors(s, hpfs_sb(s)->sb_dmap, qbh, 0);
     15}
     16
     17__le32 *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block,
     18			 struct quad_buffer_head *qbh, char *id)
     19{
     20	secno sec;
     21	__le32 *ret;
     22	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
     23	if (hpfs_sb(s)->sb_chk) if (bmp_block >= n_bands) {
     24		hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id);
     25		return NULL;
     26	}
     27	sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
     28	if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) {
     29		hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id);
     30		return NULL;
     31	}
     32	ret = hpfs_map_4sectors(s, sec, qbh, 4);
     33	if (ret) hpfs_prefetch_bitmap(s, bmp_block + 1);
     34	return ret;
     35}
     36
     37void hpfs_prefetch_bitmap(struct super_block *s, unsigned bmp_block)
     38{
     39	unsigned to_prefetch, next_prefetch;
     40	unsigned n_bands = (hpfs_sb(s)->sb_fs_size + 0x3fff) >> 14;
     41	if (unlikely(bmp_block >= n_bands))
     42		return;
     43	to_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
     44	if (unlikely(bmp_block + 1 >= n_bands))
     45		next_prefetch = 0;
     46	else
     47		next_prefetch = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block + 1]);
     48	hpfs_prefetch_sectors(s, to_prefetch, 4 + 4 * (to_prefetch + 4 == next_prefetch));
     49}
     50
     51/*
     52 * Load first code page into kernel memory, return pointer to 256-byte array,
     53 * first 128 bytes are uppercasing table for chars 128-255, next 128 bytes are
     54 * lowercasing table
     55 */
     56
     57unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
     58{
     59	struct buffer_head *bh;
     60	secno cpds;
     61	unsigned cpi;
     62	unsigned char *ptr;
     63	unsigned char *cp_table;
     64	int i;
     65	struct code_page_data *cpd;
     66	struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0);
     67	if (!cp) return NULL;
     68	if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) {
     69		pr_err("Code page directory magic doesn't match (magic = %08x)\n",
     70			le32_to_cpu(cp->magic));
     71		brelse(bh);
     72		return NULL;
     73	}
     74	if (!le32_to_cpu(cp->n_code_pages)) {
     75		pr_err("n_code_pages == 0\n");
     76		brelse(bh);
     77		return NULL;
     78	}
     79	cpds = le32_to_cpu(cp->array[0].code_page_data);
     80	cpi = le16_to_cpu(cp->array[0].index);
     81	brelse(bh);
     82
     83	if (cpi >= 3) {
     84		pr_err("Code page index out of array\n");
     85		return NULL;
     86	}
     87	
     88	if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL;
     89	if (le16_to_cpu(cpd->offs[cpi]) > 0x178) {
     90		pr_err("Code page index out of sector\n");
     91		brelse(bh);
     92		return NULL;
     93	}
     94	ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6;
     95	if (!(cp_table = kmalloc(256, GFP_KERNEL))) {
     96		pr_err("out of memory for code page table\n");
     97		brelse(bh);
     98		return NULL;
     99	}
    100	memcpy(cp_table, ptr, 128);
    101	brelse(bh);
    102
    103	/* Try to build lowercasing table from uppercasing one */
    104
    105	for (i=128; i<256; i++) cp_table[i]=i;
    106	for (i=128; i<256; i++) if (cp_table[i-128]!=i && cp_table[i-128]>=128)
    107		cp_table[cp_table[i-128]] = i;
    108	
    109	return cp_table;
    110}
    111
    112__le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp)
    113{
    114	struct buffer_head *bh;
    115	int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21;
    116	int i;
    117	__le32 *b;
    118	if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) {
    119		pr_err("can't allocate memory for bitmap directory\n");
    120		return NULL;
    121	}	
    122	for (i=0;i<n;i++) {
    123		__le32 *d = hpfs_map_sector(s, bmp+i, &bh, n - i - 1);
    124		if (!d) {
    125			kfree(b);
    126			return NULL;
    127		}
    128		memcpy((char *)b + 512 * i, d, 512);
    129		brelse(bh);
    130	}
    131	return b;
    132}
    133
    134void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock)
    135{
    136	struct quad_buffer_head qbh;
    137	__le32 *directory;
    138	u32 n_hotfixes, n_used_hotfixes;
    139	unsigned i;
    140
    141	n_hotfixes = le32_to_cpu(spareblock->n_spares);
    142	n_used_hotfixes = le32_to_cpu(spareblock->n_spares_used);
    143
    144	if (n_hotfixes > 256 || n_used_hotfixes > n_hotfixes) {
    145		hpfs_error(s, "invalid number of hotfixes: %u, used: %u", n_hotfixes, n_used_hotfixes);
    146		return;
    147	}
    148	if (!(directory = hpfs_map_4sectors(s, le32_to_cpu(spareblock->hotfix_map), &qbh, 0))) {
    149		hpfs_error(s, "can't load hotfix map");
    150		return;
    151	}
    152	for (i = 0; i < n_used_hotfixes; i++) {
    153		hpfs_sb(s)->hotfix_from[i] = le32_to_cpu(directory[i]);
    154		hpfs_sb(s)->hotfix_to[i] = le32_to_cpu(directory[n_hotfixes + i]);
    155	}
    156	hpfs_sb(s)->n_hotfixes = n_used_hotfixes;
    157	hpfs_brelse4(&qbh);
    158}
    159
    160/*
    161 * Load fnode to memory
    162 */
    163
    164struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_head **bhp)
    165{
    166	struct fnode *fnode;
    167	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ino, 1, "fnode")) {
    168		return NULL;
    169	}
    170	if ((fnode = hpfs_map_sector(s, ino, bhp, FNODE_RD_AHEAD))) {
    171		if (hpfs_sb(s)->sb_chk) {
    172			struct extended_attribute *ea;
    173			struct extended_attribute *ea_end;
    174			if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) {
    175				hpfs_error(s, "bad magic on fnode %08lx",
    176					(unsigned long)ino);
    177				goto bail;
    178			}
    179			if (!fnode_is_dir(fnode)) {
    180				if ((unsigned)fnode->btree.n_used_nodes + (unsigned)fnode->btree.n_free_nodes !=
    181				    (bp_internal(&fnode->btree) ? 12 : 8)) {
    182					hpfs_error(s,
    183					   "bad number of nodes in fnode %08lx",
    184					    (unsigned long)ino);
    185					goto bail;
    186				}
    187				if (le16_to_cpu(fnode->btree.first_free) !=
    188				    8 + fnode->btree.n_used_nodes * (bp_internal(&fnode->btree) ? 8 : 12)) {
    189					hpfs_error(s,
    190					    "bad first_free pointer in fnode %08lx",
    191					    (unsigned long)ino);
    192					goto bail;
    193				}
    194			}
    195			if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 ||
    196			   le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) {
    197				hpfs_error(s,
    198					"bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x",
    199					(unsigned long)ino,
    200					le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s));
    201				goto bail;
    202			}
    203			ea = fnode_ea(fnode);
    204			ea_end = fnode_end_ea(fnode);
    205			while (ea != ea_end) {
    206				if (ea > ea_end) {
    207					hpfs_error(s, "bad EA in fnode %08lx",
    208						(unsigned long)ino);
    209					goto bail;
    210				}
    211				ea = next_ea(ea);
    212			}
    213		}
    214	}
    215	return fnode;
    216	bail:
    217	brelse(*bhp);
    218	return NULL;
    219}
    220
    221struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buffer_head **bhp)
    222{
    223	struct anode *anode;
    224	if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL;
    225	if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD)))
    226		if (hpfs_sb(s)->sb_chk) {
    227			if (le32_to_cpu(anode->magic) != ANODE_MAGIC) {
    228				hpfs_error(s, "bad magic on anode %08x", ano);
    229				goto bail;
    230			}
    231			if (le32_to_cpu(anode->self) != ano) {
    232				hpfs_error(s, "self pointer invalid on anode %08x", ano);
    233				goto bail;
    234			}
    235			if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes !=
    236			    (bp_internal(&anode->btree) ? 60 : 40)) {
    237				hpfs_error(s, "bad number of nodes in anode %08x", ano);
    238				goto bail;
    239			}
    240			if (le16_to_cpu(anode->btree.first_free) !=
    241			    8 + anode->btree.n_used_nodes * (bp_internal(&anode->btree) ? 8 : 12)) {
    242				hpfs_error(s, "bad first_free pointer in anode %08x", ano);
    243				goto bail;
    244			}
    245		}
    246	return anode;
    247	bail:
    248	brelse(*bhp);
    249	return NULL;
    250}
    251
    252/*
    253 * Load dnode to memory and do some checks
    254 */
    255
    256struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
    257			     struct quad_buffer_head *qbh)
    258{
    259	struct dnode *dnode;
    260	if (hpfs_sb(s)->sb_chk) {
    261		if (hpfs_chk_sectors(s, secno, 4, "dnode")) return NULL;
    262		if (secno & 3) {
    263			hpfs_error(s, "dnode %08x not byte-aligned", secno);
    264			return NULL;
    265		}	
    266	}
    267	if ((dnode = hpfs_map_4sectors(s, secno, qbh, DNODE_RD_AHEAD)))
    268		if (hpfs_sb(s)->sb_chk) {
    269			unsigned p, pp = 0;
    270			unsigned char *d = (unsigned char *)dnode;
    271			int b = 0;
    272			if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) {
    273				hpfs_error(s, "bad magic on dnode %08x", secno);
    274				goto bail;
    275			}
    276			if (le32_to_cpu(dnode->self) != secno)
    277				hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self));
    278			/* Check dirents - bad dirents would cause infinite
    279			   loops or shooting to memory */
    280			if (le32_to_cpu(dnode->first_free) > 2048) {
    281				hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free));
    282				goto bail;
    283			}
    284			for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) {
    285				struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p);
    286				if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) {
    287					hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
    288					goto bail;
    289				}
    290				if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) {
    291					if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & SB_RDONLY) goto ok;
    292					hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
    293					goto bail;
    294				}
    295				ok:
    296				if (hpfs_sb(s)->sb_chk >= 2) b |= 1 << de->down;
    297				if (de->down) if (de_down_pointer(de) < 0x10) {
    298					hpfs_error(s, "bad down pointer in dnode %08x, dirent %03x, last %03x", secno, p, pp);
    299					goto bail;
    300				}
    301				pp = p;
    302				
    303			}
    304			if (p != le32_to_cpu(dnode->first_free)) {
    305				hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno);
    306				goto bail;
    307			}
    308			if (d[pp + 30] != 1 || d[pp + 31] != 255) {
    309				hpfs_error(s, "dnode %08x does not end with \\377 entry", secno);
    310				goto bail;
    311			}
    312			if (b == 3)
    313				pr_err("unbalanced dnode tree, dnode %08x; see hpfs.txt 4 more info\n",
    314					secno);
    315		}
    316	return dnode;
    317	bail:
    318	hpfs_brelse4(qbh);
    319	return NULL;
    320}
    321
    322dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino)
    323{
    324	struct buffer_head *bh;
    325	struct fnode *fnode;
    326	dnode_secno dno;
    327
    328	fnode = hpfs_map_fnode(s, ino, &bh);
    329	if (!fnode)
    330		return 0;
    331
    332	dno = le32_to_cpu(fnode->u.external[0].disk_secno);
    333	brelse(bh);
    334	return dno;
    335}