HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / hfsplus / wrapper.c
blobcc623567143769b95d60a45a46b2f17e889773d0
1 /*
2 * linux/fs/hfsplus/wrapper.c
4 * Copyright (C) 2001
5 * Brad Boyer (flar@allandria.com)
6 * (C) 2003 Ardis Technologies <roman@ardistech.com>
8 * Handling of HFS wrappers around HFS+ volumes
9 */
11 #include <linux/fs.h>
12 #include <linux/blkdev.h>
13 #include <linux/cdrom.h>
14 #include <linux/genhd.h>
15 #include <asm/unaligned.h>
17 #include "hfsplus_fs.h"
18 #include "hfsplus_raw.h"
20 struct hfsplus_wd {
21 u32 ablk_size;
22 u16 ablk_start;
23 u16 embed_start;
24 u16 embed_count;
27 /**
28 * hfsplus_submit_bio - Perform block I/O
29 * @sb: super block of volume for I/O
30 * @sector: block to read or write, for blocks of HFSPLUS_SECTOR_SIZE bytes
31 * @buf: buffer for I/O
32 * @data: output pointer for location of requested data
33 * @rw: direction of I/O
35 * The unit of I/O is hfsplus_min_io_size(sb), which may be bigger than
36 * HFSPLUS_SECTOR_SIZE, and @buf must be sized accordingly. On reads
37 * @data will return a pointer to the start of the requested sector,
38 * which may not be the same location as @buf.
40 * If @sector is not aligned to the bdev logical block size it will
41 * be rounded down. For writes this means that @buf should contain data
42 * that starts at the rounded-down address. As long as the data was
43 * read using hfsplus_submit_bio() and the same buffer is used things
44 * will work correctly.
46 int hfsplus_submit_bio(struct super_block *sb, sector_t sector,
47 void *buf, void **data, int rw)
49 struct bio *bio;
50 int ret = 0;
51 u64 io_size;
52 loff_t start;
53 int offset;
56 * Align sector to hardware sector size and find offset. We
57 * assume that io_size is a power of two, which _should_
58 * be true.
60 io_size = hfsplus_min_io_size(sb);
61 start = (loff_t)sector << HFSPLUS_SECTOR_SHIFT;
62 offset = start & (io_size - 1);
63 sector &= ~((io_size >> HFSPLUS_SECTOR_SHIFT) - 1);
65 bio = bio_alloc(GFP_NOIO, 1);
66 bio->bi_iter.bi_sector = sector;
67 bio->bi_bdev = sb->s_bdev;
69 if (!(rw & WRITE) && data)
70 *data = (u8 *)buf + offset;
72 while (io_size > 0) {
73 unsigned int page_offset = offset_in_page(buf);
74 unsigned int len = min_t(unsigned int, PAGE_SIZE - page_offset,
75 io_size);
77 ret = bio_add_page(bio, virt_to_page(buf), len, page_offset);
78 if (ret != len) {
79 ret = -EIO;
80 goto out;
82 io_size -= len;
83 buf = (u8 *)buf + len;
86 ret = submit_bio_wait(rw, bio);
87 out:
88 bio_put(bio);
89 return ret < 0 ? ret : 0;
92 static int hfsplus_read_mdb(void *bufptr, struct hfsplus_wd *wd)
94 u32 extent;
95 u16 attrib;
96 __be16 sig;
98 sig = *(__be16 *)(bufptr + HFSP_WRAPOFF_EMBEDSIG);
99 if (sig != cpu_to_be16(HFSPLUS_VOLHEAD_SIG) &&
100 sig != cpu_to_be16(HFSPLUS_VOLHEAD_SIGX))
101 return 0;
103 attrib = be16_to_cpu(*(__be16 *)(bufptr + HFSP_WRAPOFF_ATTRIB));
104 if (!(attrib & HFSP_WRAP_ATTRIB_SLOCK) ||
105 !(attrib & HFSP_WRAP_ATTRIB_SPARED))
106 return 0;
108 wd->ablk_size =
109 be32_to_cpu(*(__be32 *)(bufptr + HFSP_WRAPOFF_ABLKSIZE));
110 if (wd->ablk_size < HFSPLUS_SECTOR_SIZE)
111 return 0;
112 if (wd->ablk_size % HFSPLUS_SECTOR_SIZE)
113 return 0;
114 wd->ablk_start =
115 be16_to_cpu(*(__be16 *)(bufptr + HFSP_WRAPOFF_ABLKSTART));
117 extent = get_unaligned_be32(bufptr + HFSP_WRAPOFF_EMBEDEXT);
118 wd->embed_start = (extent >> 16) & 0xFFFF;
119 wd->embed_count = extent & 0xFFFF;
121 return 1;
124 static int hfsplus_get_last_session(struct super_block *sb,
125 sector_t *start, sector_t *size)
127 struct cdrom_multisession ms_info;
128 struct cdrom_tocentry te;
129 int res;
131 /* default values */
132 *start = 0;
133 *size = sb->s_bdev->bd_inode->i_size >> 9;
135 if (HFSPLUS_SB(sb)->session >= 0) {
136 te.cdte_track = HFSPLUS_SB(sb)->session;
137 te.cdte_format = CDROM_LBA;
138 res = ioctl_by_bdev(sb->s_bdev,
139 CDROMREADTOCENTRY, (unsigned long)&te);
140 if (!res && (te.cdte_ctrl & CDROM_DATA_TRACK) == 4) {
141 *start = (sector_t)te.cdte_addr.lba << 2;
142 return 0;
144 pr_err("invalid session number or type of track\n");
145 return -EINVAL;
147 ms_info.addr_format = CDROM_LBA;
148 res = ioctl_by_bdev(sb->s_bdev, CDROMMULTISESSION,
149 (unsigned long)&ms_info);
150 if (!res && ms_info.xa_flag)
151 *start = (sector_t)ms_info.addr.lba << 2;
152 return 0;
155 /* Find the volume header and fill in some minimum bits in superblock */
156 /* Takes in super block, returns true if good data read */
157 int hfsplus_read_wrapper(struct super_block *sb)
159 struct hfsplus_sb_info *sbi = HFSPLUS_SB(sb);
160 struct hfsplus_wd wd;
161 sector_t part_start, part_size;
162 u32 blocksize;
163 int error = 0;
165 error = -EINVAL;
166 blocksize = sb_min_blocksize(sb, HFSPLUS_SECTOR_SIZE);
167 if (!blocksize)
168 goto out;
170 if (hfsplus_get_last_session(sb, &part_start, &part_size))
171 goto out;
173 error = -ENOMEM;
174 sbi->s_vhdr_buf = kmalloc(hfsplus_min_io_size(sb), GFP_KERNEL);
175 if (!sbi->s_vhdr_buf)
176 goto out;
177 sbi->s_backup_vhdr_buf = kmalloc(hfsplus_min_io_size(sb), GFP_KERNEL);
178 if (!sbi->s_backup_vhdr_buf)
179 goto out_free_vhdr;
181 reread:
182 error = hfsplus_submit_bio(sb, part_start + HFSPLUS_VOLHEAD_SECTOR,
183 sbi->s_vhdr_buf, (void **)&sbi->s_vhdr,
184 READ);
185 if (error)
186 goto out_free_backup_vhdr;
188 error = -EINVAL;
189 switch (sbi->s_vhdr->signature) {
190 case cpu_to_be16(HFSPLUS_VOLHEAD_SIGX):
191 set_bit(HFSPLUS_SB_HFSX, &sbi->flags);
192 /*FALLTHRU*/
193 case cpu_to_be16(HFSPLUS_VOLHEAD_SIG):
194 break;
195 case cpu_to_be16(HFSP_WRAP_MAGIC):
196 if (!hfsplus_read_mdb(sbi->s_vhdr, &wd))
197 goto out_free_backup_vhdr;
198 wd.ablk_size >>= HFSPLUS_SECTOR_SHIFT;
199 part_start += (sector_t)wd.ablk_start +
200 (sector_t)wd.embed_start * wd.ablk_size;
201 part_size = (sector_t)wd.embed_count * wd.ablk_size;
202 goto reread;
203 default:
205 * Check for a partition block.
207 * (should do this only for cdrom/loop though)
209 if (hfs_part_find(sb, &part_start, &part_size))
210 goto out_free_backup_vhdr;
211 goto reread;
214 error = hfsplus_submit_bio(sb, part_start + part_size - 2,
215 sbi->s_backup_vhdr_buf,
216 (void **)&sbi->s_backup_vhdr, READ);
217 if (error)
218 goto out_free_backup_vhdr;
220 error = -EINVAL;
221 if (sbi->s_backup_vhdr->signature != sbi->s_vhdr->signature) {
222 pr_warn("invalid secondary volume header\n");
223 goto out_free_backup_vhdr;
226 blocksize = be32_to_cpu(sbi->s_vhdr->blocksize);
229 * Block size must be at least as large as a sector and a multiple of 2.
231 if (blocksize < HFSPLUS_SECTOR_SIZE || ((blocksize - 1) & blocksize))
232 goto out_free_backup_vhdr;
233 sbi->alloc_blksz = blocksize;
234 sbi->alloc_blksz_shift = ilog2(blocksize);
235 blocksize = min_t(u32, sbi->alloc_blksz, PAGE_SIZE);
238 * Align block size to block offset.
240 while (part_start & ((blocksize >> HFSPLUS_SECTOR_SHIFT) - 1))
241 blocksize >>= 1;
243 if (sb_set_blocksize(sb, blocksize) != blocksize) {
244 pr_err("unable to set blocksize to %u!\n", blocksize);
245 goto out_free_backup_vhdr;
248 sbi->blockoffset =
249 part_start >> (sb->s_blocksize_bits - HFSPLUS_SECTOR_SHIFT);
250 sbi->part_start = part_start;
251 sbi->sect_count = part_size;
252 sbi->fs_shift = sbi->alloc_blksz_shift - sb->s_blocksize_bits;
253 return 0;
255 out_free_backup_vhdr:
256 kfree(sbi->s_backup_vhdr_buf);
257 out_free_vhdr:
258 kfree(sbi->s_vhdr_buf);
259 out:
260 return error;