aboutsummaryrefslogtreecommitdiffstats
path: root/fs/hpfs/map.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/hpfs/map.c')
-rw-r--r--fs/hpfs/map.c56
1 files changed, 30 insertions, 26 deletions
diff --git a/fs/hpfs/map.c b/fs/hpfs/map.c
index 840d033ecee8..a790821366a7 100644
--- a/fs/hpfs/map.c
+++ b/fs/hpfs/map.c
@@ -21,7 +21,7 @@ unsigned int *hpfs_map_bitmap(struct super_block *s, unsigned bmp_block,
21 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id); 21 hpfs_error(s, "hpfs_map_bitmap called with bad parameter: %08x at %s", bmp_block, id);
22 return NULL; 22 return NULL;
23 } 23 }
24 sec = hpfs_sb(s)->sb_bmp_dir[bmp_block]; 24 sec = le32_to_cpu(hpfs_sb(s)->sb_bmp_dir[bmp_block]);
25 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) { 25 if (!sec || sec > hpfs_sb(s)->sb_fs_size-4) {
26 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id); 26 hpfs_error(s, "invalid bitmap block pointer %08x -> %08x at %s", bmp_block, sec, id);
27 return NULL; 27 return NULL;
@@ -46,18 +46,18 @@ unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
46 struct code_page_data *cpd; 46 struct code_page_data *cpd;
47 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0); 47 struct code_page_directory *cp = hpfs_map_sector(s, cps, &bh, 0);
48 if (!cp) return NULL; 48 if (!cp) return NULL;
49 if (cp->magic != CP_DIR_MAGIC) { 49 if (le32_to_cpu(cp->magic) != CP_DIR_MAGIC) {
50 printk("HPFS: Code page directory magic doesn't match (magic = %08x)\n", cp->magic); 50 printk("HPFS: Code page directory magic doesn't match (magic = %08x)\n", le32_to_cpu(cp->magic));
51 brelse(bh); 51 brelse(bh);
52 return NULL; 52 return NULL;
53 } 53 }
54 if (!cp->n_code_pages) { 54 if (!le32_to_cpu(cp->n_code_pages)) {
55 printk("HPFS: n_code_pages == 0\n"); 55 printk("HPFS: n_code_pages == 0\n");
56 brelse(bh); 56 brelse(bh);
57 return NULL; 57 return NULL;
58 } 58 }
59 cpds = cp->array[0].code_page_data; 59 cpds = le32_to_cpu(cp->array[0].code_page_data);
60 cpi = cp->array[0].index; 60 cpi = le16_to_cpu(cp->array[0].index);
61 brelse(bh); 61 brelse(bh);
62 62
63 if (cpi >= 3) { 63 if (cpi >= 3) {
@@ -66,12 +66,12 @@ unsigned char *hpfs_load_code_page(struct super_block *s, secno cps)
66 } 66 }
67 67
68 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL; 68 if (!(cpd = hpfs_map_sector(s, cpds, &bh, 0))) return NULL;
69 if ((unsigned)cpd->offs[cpi] > 0x178) { 69 if (le16_to_cpu(cpd->offs[cpi]) > 0x178) {
70 printk("HPFS: Code page index out of sector\n"); 70 printk("HPFS: Code page index out of sector\n");
71 brelse(bh); 71 brelse(bh);
72 return NULL; 72 return NULL;
73 } 73 }
74 ptr = (unsigned char *)cpd + cpd->offs[cpi] + 6; 74 ptr = (unsigned char *)cpd + le16_to_cpu(cpd->offs[cpi]) + 6;
75 if (!(cp_table = kmalloc(256, GFP_KERNEL))) { 75 if (!(cp_table = kmalloc(256, GFP_KERNEL))) {
76 printk("HPFS: out of memory for code page table\n"); 76 printk("HPFS: out of memory for code page table\n");
77 brelse(bh); 77 brelse(bh);
@@ -125,7 +125,7 @@ struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_hea
125 if (hpfs_sb(s)->sb_chk) { 125 if (hpfs_sb(s)->sb_chk) {
126 struct extended_attribute *ea; 126 struct extended_attribute *ea;
127 struct extended_attribute *ea_end; 127 struct extended_attribute *ea_end;
128 if (fnode->magic != FNODE_MAGIC) { 128 if (le32_to_cpu(fnode->magic) != FNODE_MAGIC) {
129 hpfs_error(s, "bad magic on fnode %08lx", 129 hpfs_error(s, "bad magic on fnode %08lx",
130 (unsigned long)ino); 130 (unsigned long)ino);
131 goto bail; 131 goto bail;
@@ -138,7 +138,7 @@ struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_hea
138 (unsigned long)ino); 138 (unsigned long)ino);
139 goto bail; 139 goto bail;
140 } 140 }
141 if (fnode->btree.first_free != 141 if (le16_to_cpu(fnode->btree.first_free) !=
142 8 + fnode->btree.n_used_nodes * (fnode->btree.internal ? 8 : 12)) { 142 8 + fnode->btree.n_used_nodes * (fnode->btree.internal ? 8 : 12)) {
143 hpfs_error(s, 143 hpfs_error(s,
144 "bad first_free pointer in fnode %08lx", 144 "bad first_free pointer in fnode %08lx",
@@ -146,12 +146,12 @@ struct fnode *hpfs_map_fnode(struct super_block *s, ino_t ino, struct buffer_hea
146 goto bail; 146 goto bail;
147 } 147 }
148 } 148 }
149 if (fnode->ea_size_s && ((signed int)fnode->ea_offs < 0xc4 || 149 if (le16_to_cpu(fnode->ea_size_s) && (le16_to_cpu(fnode->ea_offs) < 0xc4 ||
150 (signed int)fnode->ea_offs + fnode->acl_size_s + fnode->ea_size_s > 0x200)) { 150 le16_to_cpu(fnode->ea_offs) + le16_to_cpu(fnode->acl_size_s) + le16_to_cpu(fnode->ea_size_s) > 0x200)) {
151 hpfs_error(s, 151 hpfs_error(s,
152 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x", 152 "bad EA info in fnode %08lx: ea_offs == %04x ea_size_s == %04x",
153 (unsigned long)ino, 153 (unsigned long)ino,
154 fnode->ea_offs, fnode->ea_size_s); 154 le16_to_cpu(fnode->ea_offs), le16_to_cpu(fnode->ea_size_s));
155 goto bail; 155 goto bail;
156 } 156 }
157 ea = fnode_ea(fnode); 157 ea = fnode_ea(fnode);
@@ -178,16 +178,20 @@ struct anode *hpfs_map_anode(struct super_block *s, anode_secno ano, struct buff
178 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL; 178 if (hpfs_sb(s)->sb_chk) if (hpfs_chk_sectors(s, ano, 1, "anode")) return NULL;
179 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD))) 179 if ((anode = hpfs_map_sector(s, ano, bhp, ANODE_RD_AHEAD)))
180 if (hpfs_sb(s)->sb_chk) { 180 if (hpfs_sb(s)->sb_chk) {
181 if (anode->magic != ANODE_MAGIC || anode->self != ano) { 181 if (le32_to_cpu(anode->magic) != ANODE_MAGIC) {
182 hpfs_error(s, "bad magic on anode %08x", ano); 182 hpfs_error(s, "bad magic on anode %08x", ano);
183 goto bail; 183 goto bail;
184 } 184 }
185 if (le32_to_cpu(anode->self) != ano) {
186 hpfs_error(s, "self pointer invalid on anode %08x", ano);
187 goto bail;
188 }
185 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes != 189 if ((unsigned)anode->btree.n_used_nodes + (unsigned)anode->btree.n_free_nodes !=
186 (anode->btree.internal ? 60 : 40)) { 190 (anode->btree.internal ? 60 : 40)) {
187 hpfs_error(s, "bad number of nodes in anode %08x", ano); 191 hpfs_error(s, "bad number of nodes in anode %08x", ano);
188 goto bail; 192 goto bail;
189 } 193 }
190 if (anode->btree.first_free != 194 if (le16_to_cpu(anode->btree.first_free) !=
191 8 + anode->btree.n_used_nodes * (anode->btree.internal ? 8 : 12)) { 195 8 + anode->btree.n_used_nodes * (anode->btree.internal ? 8 : 12)) {
192 hpfs_error(s, "bad first_free pointer in anode %08x", ano); 196 hpfs_error(s, "bad first_free pointer in anode %08x", ano);
193 goto bail; 197 goto bail;
@@ -219,26 +223,26 @@ struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
219 unsigned p, pp = 0; 223 unsigned p, pp = 0;
220 unsigned char *d = (unsigned char *)dnode; 224 unsigned char *d = (unsigned char *)dnode;
221 int b = 0; 225 int b = 0;
222 if (dnode->magic != DNODE_MAGIC) { 226 if (le32_to_cpu(dnode->magic) != DNODE_MAGIC) {
223 hpfs_error(s, "bad magic on dnode %08x", secno); 227 hpfs_error(s, "bad magic on dnode %08x", secno);
224 goto bail; 228 goto bail;
225 } 229 }
226 if (dnode->self != secno) 230 if (le32_to_cpu(dnode->self) != secno)
227 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, dnode->self); 231 hpfs_error(s, "bad self pointer on dnode %08x self = %08x", secno, le32_to_cpu(dnode->self));
228 /* Check dirents - bad dirents would cause infinite 232 /* Check dirents - bad dirents would cause infinite
229 loops or shooting to memory */ 233 loops or shooting to memory */
230 if (dnode->first_free > 2048/* || dnode->first_free < 84*/) { 234 if (le32_to_cpu(dnode->first_free) > 2048) {
231 hpfs_error(s, "dnode %08x has first_free == %08x", secno, dnode->first_free); 235 hpfs_error(s, "dnode %08x has first_free == %08x", secno, le32_to_cpu(dnode->first_free));
232 goto bail; 236 goto bail;
233 } 237 }
234 for (p = 20; p < dnode->first_free; p += d[p] + (d[p+1] << 8)) { 238 for (p = 20; p < le32_to_cpu(dnode->first_free); p += d[p] + (d[p+1] << 8)) {
235 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p); 239 struct hpfs_dirent *de = (struct hpfs_dirent *)((char *)dnode + p);
236 if (de->length > 292 || (de->length < 32) || (de->length & 3) || p + de->length > 2048) { 240 if (le16_to_cpu(de->length) > 292 || (le16_to_cpu(de->length) < 32) || (le16_to_cpu(de->length) & 3) || p + le16_to_cpu(de->length) > 2048) {
237 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 241 hpfs_error(s, "bad dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
238 goto bail; 242 goto bail;
239 } 243 }
240 if (((31 + de->namelen + de->down*4 + 3) & ~3) != de->length) { 244 if (((31 + de->namelen + de->down*4 + 3) & ~3) != le16_to_cpu(de->length)) {
241 if (((31 + de->namelen + de->down*4 + 3) & ~3) < de->length && s->s_flags & MS_RDONLY) goto ok; 245 if (((31 + de->namelen + de->down*4 + 3) & ~3) < le16_to_cpu(de->length) && s->s_flags & MS_RDONLY) goto ok;
242 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp); 246 hpfs_error(s, "namelen does not match dirent size in dnode %08x, dirent %03x, last %03x", secno, p, pp);
243 goto bail; 247 goto bail;
244 } 248 }
@@ -251,7 +255,7 @@ struct dnode *hpfs_map_dnode(struct super_block *s, unsigned secno,
251 pp = p; 255 pp = p;
252 256
253 } 257 }
254 if (p != dnode->first_free) { 258 if (p != le32_to_cpu(dnode->first_free)) {
255 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno); 259 hpfs_error(s, "size on last dirent does not match first_free; dnode %08x", secno);
256 goto bail; 260 goto bail;
257 } 261 }
@@ -277,7 +281,7 @@ dnode_secno hpfs_fnode_dno(struct super_block *s, ino_t ino)
277 if (!fnode) 281 if (!fnode)
278 return 0; 282 return 0;
279 283
280 dno = fnode->u.external[0].disk_secno; 284 dno = le32_to_cpu(fnode->u.external[0].disk_secno);
281 brelse(bh); 285 brelse(bh);
282 return dno; 286 return dno;
283} 287}
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-27 20:23:26 -0400