1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2019 Google LLC
5
 * Copyright (C) 1995, 1996, 1997 Wolfgang Solfrank
6
 * Copyright (c) 1995 Martin Husemann
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
18
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
 */
28

29

30
#include <sys/cdefs.h>
31
#ifndef lint
32
__RCSID("$NetBSD: fat.c,v 1.18 2006/06/05 16:51:18 christos Exp $");
33
#endif /* not lint */
34

35
#include <sys/endian.h>
36
#include <sys/queue.h>
37
#include <sys/limits.h>
38
#include <sys/mman.h>
39
#include <sys/param.h>
40

41
#include <assert.h>
42
#include <stdbool.h>
43
#include <stdlib.h>
44
#include <string.h>
45
#include <ctype.h>
46
#include <stdio.h>
47
#include <unistd.h>
48

49
#include "ext.h"
50
#include "fsutil.h"
51

52
static int _readfat(struct fat_descriptor *);
53
static inline struct bootblock* boot_of_(struct fat_descriptor *);
54
static inline int fd_of_(struct fat_descriptor *);
55
static inline bool valid_cl(struct fat_descriptor *, cl_t);
56

57

58
/*
59
 * Head bitmap for FAT scanning.
60
 *
61
 * FAT32 have up to 2^28 = 256M entries, and FAT16/12 have much less.
62
 * For each cluster, we use 1 bit to represent if it's a head cluster
63
 * (the first cluster of a cluster chain).
64
 *
65
 * Head bitmap
66
 * ===========
67
 * Initially, we set all bits to 1.  In readfat(), we traverse the
68
 * whole FAT and mark each cluster identified as "next" cluster as
69
 * 0.  After the scan, we have a bitmap with 1's to indicate the
70
 * corresponding cluster was a "head" cluster.
71
 *
72
 * We use head bitmap to identify lost chains: a head cluster that was
73
 * not being claimed by any file or directories is the head cluster of
74
 * a lost chain.
75
 *
76
 * Handle of lost chains
77
 * =====================
78
 * At the end of scanning, we can easily find all lost chain's heads
79
 * by finding out the 1's in the head bitmap.
80
 */
81

82
typedef struct long_bitmap {
83
	unsigned long	*map;
84
	size_t		 count;		/* Total set bits in the map */
85
} long_bitmap_t;
86

87
static inline void
88
bitmap_clear(long_bitmap_t *lbp, cl_t cl)
89
{
90
	cl_t i = cl / LONG_BIT;
91
	unsigned long clearmask = ~(1UL << (cl % LONG_BIT));
92

93
	assert((lbp->map[i] & ~clearmask) != 0);
94
	lbp->map[i] &= clearmask;
95
	lbp->count--;
96
}
97

98
static inline bool
99
bitmap_get(long_bitmap_t *lbp, cl_t cl)
100
{
101
	cl_t i = cl / LONG_BIT;
102
	unsigned long usedbit = 1UL << (cl % LONG_BIT);
103

104
	return ((lbp->map[i] & usedbit) == usedbit);
105
}
106

107
static inline bool
108
bitmap_none_in_range(long_bitmap_t *lbp, cl_t cl)
109
{
110
	cl_t i = cl / LONG_BIT;
111

112
	return (lbp->map[i] == 0);
113
}
114

115
static inline size_t
116
bitmap_count(long_bitmap_t *lbp)
117
{
118
	return (lbp->count);
119
}
120

121
static int
122
bitmap_ctor(long_bitmap_t *lbp, size_t bits, bool allone)
123
{
124
	size_t bitmap_size = roundup2(bits, LONG_BIT) / (LONG_BIT / 8);
125

126
	free(lbp->map);
127
	lbp->map = calloc(1, bitmap_size);
128
	if (lbp->map == NULL)
129
		return FSFATAL;
130

131
	if (allone) {
132
		memset(lbp->map, 0xff, bitmap_size);
133
		lbp->count = bits;
134
	} else {
135
		lbp->count = 0;
136
	}
137
	return FSOK;
138
}
139

140
static void
141
bitmap_dtor(long_bitmap_t *lbp)
142
{
143
	free(lbp->map);
144
	lbp->map = NULL;
145
}
146

147
/*
148
 * FAT32 can be as big as 256MiB (2^26 entries * 4 bytes), when we
149
 * can not ask the kernel to manage the access, use a simple LRU
150
 * cache with chunk size of 128 KiB to manage it.
151
 */
152
struct fat32_cache_entry {
153
	TAILQ_ENTRY(fat32_cache_entry)	entries;
154
	uint8_t			*chunk;		/* pointer to chunk */
155
	off_t			 addr;		/* offset */
156
	bool			 dirty;		/* dirty bit */
157
};
158

159
static const size_t	fat32_cache_chunk_size = 131072; /* MAXPHYS */
160
static const size_t	fat32_cache_size = 4194304;
161
static const size_t	fat32_cache_entries = 32; /* XXXgcc: cache_size / cache_chunk_size */
162

163
/*
164
 * FAT table descriptor, represents a FAT table that is already loaded
165
 * into memory.
166
 */
167
struct fat_descriptor {
168
	struct bootblock	*boot;
169
	uint8_t			*fatbuf;
170
	cl_t			(*get)(struct fat_descriptor *, cl_t);
171
	int			(*set)(struct fat_descriptor *, cl_t, cl_t);
172
	long_bitmap_t		 headbitmap;
173
	int			 fd;
174
	bool			 is_mmapped;
175
	bool			 use_cache;
176
	size_t		  	 fatsize;
177

178
	size_t			 fat32_cached_chunks;
179
	TAILQ_HEAD(cachehead, fat32_cache_entry)	fat32_cache_head;
180
	struct fat32_cache_entry	*fat32_cache_allentries;
181
	off_t			 fat32_offset;
182
	off_t			 fat32_lastaddr;
183
};
184

185
void
186
fat_clear_cl_head(struct fat_descriptor *fat, cl_t cl)
187
{
188
	bitmap_clear(&fat->headbitmap, cl);
189
}
190

191
bool
192
fat_is_cl_head(struct fat_descriptor *fat, cl_t cl)
193
{
194
	return (bitmap_get(&fat->headbitmap, cl));
195
}
196

197
static inline bool
198
fat_is_cl_head_in_range(struct fat_descriptor *fat, cl_t cl)
199
{
200
	return (!(bitmap_none_in_range(&fat->headbitmap, cl)));
201
}
202

203
static size_t
204
fat_get_head_count(struct fat_descriptor *fat)
205
{
206
	return (bitmap_count(&fat->headbitmap));
207
}
208

209
/*
210
 * FAT12 accessors.
211
 *
212
 * FAT12s are sufficiently small, expect it to always fit in the RAM.
213
 */
214
static inline uint8_t *
215
fat_get_fat12_ptr(struct fat_descriptor *fat, cl_t cl)
216
{
217
	return (fat->fatbuf + ((cl + (cl >> 1))));
218
}
219

220
static cl_t
221
fat_get_fat12_next(struct fat_descriptor *fat, cl_t cl)
222
{
223
	const uint8_t	*p;
224
	cl_t	retval;
225

226
	p = fat_get_fat12_ptr(fat, cl);
227
	retval = le16dec(p);
228
	/* Odd cluster: lower 4 bits belongs to the subsequent cluster */
229
	if ((cl & 1) == 1)
230
		retval >>= 4;
231
	retval &= CLUST12_MASK;
232

233
	if (retval >= (CLUST_BAD & CLUST12_MASK))
234
		retval |= ~CLUST12_MASK;
235

236
	return (retval);
237
}
238

239
static int
240
fat_set_fat12_next(struct fat_descriptor *fat, cl_t cl, cl_t nextcl)
241
{
242
	uint8_t	*p;
243

244
	/* Truncate 'nextcl' value, if needed */
245
	nextcl &= CLUST12_MASK;
246

247
	p = fat_get_fat12_ptr(fat, cl);
248

249
	/*
250
	 * Read in the 4 bits from the subsequent (for even clusters)
251
	 * or the preceding (for odd clusters) cluster and combine
252
	 * it to the nextcl value for encoding
253
	 */
254
	if ((cl & 1) == 0) {
255
		nextcl |= ((p[1] & 0xf0) << 8);
256
	} else {
257
		nextcl <<= 4;
258
		nextcl |= (p[0] & 0x0f);
259
	}
260

261
	le16enc(p, (uint16_t)nextcl);
262

263
	return (0);
264
}
265

266
/*
267
 * FAT16 accessors.
268
 *
269
 * FAT16s are sufficiently small, expect it to always fit in the RAM.
270
 */
271
static inline uint8_t *
272
fat_get_fat16_ptr(struct fat_descriptor *fat, cl_t cl)
273
{
274
	return (fat->fatbuf + (cl << 1));
275
}
276

277
static cl_t
278
fat_get_fat16_next(struct fat_descriptor *fat, cl_t cl)
279
{
280
	const uint8_t	*p;
281
	cl_t	retval;
282

283
	p = fat_get_fat16_ptr(fat, cl);
284
	retval = le16dec(p) & CLUST16_MASK;
285

286
	if (retval >= (CLUST_BAD & CLUST16_MASK))
287
		retval |= ~CLUST16_MASK;
288

289
	return (retval);
290
}
291

292
static int
293
fat_set_fat16_next(struct fat_descriptor *fat, cl_t cl, cl_t nextcl)
294
{
295
	uint8_t	*p;
296

297
	/* Truncate 'nextcl' value, if needed */
298
	nextcl &= CLUST16_MASK;
299

300
	p = fat_get_fat16_ptr(fat, cl);
301

302
	le16enc(p, (uint16_t)nextcl);
303

304
	return (0);
305
}
306

307
/*
308
 * FAT32 accessors.
309
 */
310
static inline uint8_t *
311
fat_get_fat32_ptr(struct fat_descriptor *fat, cl_t cl)
312
{
313
	return (fat->fatbuf + (cl << 2));
314
}
315

316
static cl_t
317
fat_get_fat32_next(struct fat_descriptor *fat, cl_t cl)
318
{
319
	const uint8_t	*p;
320
	cl_t	retval;
321

322
	p = fat_get_fat32_ptr(fat, cl);
323
	retval = le32dec(p) & CLUST32_MASK;
324

325
	if (retval >= (CLUST_BAD & CLUST32_MASK))
326
		retval |= ~CLUST32_MASK;
327

328
	return (retval);
329
}
330

331
static int
332
fat_set_fat32_next(struct fat_descriptor *fat, cl_t cl, cl_t nextcl)
333
{
334
	uint8_t	*p;
335

336
	/* Truncate 'nextcl' value, if needed */
337
	nextcl &= CLUST32_MASK;
338

339
	p = fat_get_fat32_ptr(fat, cl);
340

341
	le32enc(p, (uint32_t)nextcl);
342

343
	return (0);
344
}
345

346
static inline size_t
347
fat_get_iosize(struct fat_descriptor *fat, off_t address)
348
{
349

350
	if (address == fat->fat32_lastaddr) {
351
		return (fat->fatsize & ((off_t)fat32_cache_chunk_size - 1));
352
	} else {
353
		return (fat32_cache_chunk_size);
354
	}
355
}
356

357
static int
358
fat_flush_fat32_cache_entry(struct fat_descriptor *fat,
359
    struct fat32_cache_entry *entry)
360
{
361
	int fd;
362
	off_t fat_addr;
363
	size_t writesize;
364

365
	fd = fd_of_(fat);
366

367
	if (!entry->dirty)
368
		return (FSOK);
369

370
	writesize = fat_get_iosize(fat, entry->addr);
371

372
	fat_addr = fat->fat32_offset + entry->addr;
373
	if (lseek(fd, fat_addr, SEEK_SET) != fat_addr ||
374
	    (size_t)write(fd, entry->chunk, writesize) != writesize) {
375
			pfatal("Unable to write FAT");
376
			return (FSFATAL);
377
	}
378

379
	entry->dirty = false;
380
	return (FSOK);
381
}
382

383
static struct fat32_cache_entry *
384
fat_get_fat32_cache_entry(struct fat_descriptor *fat, off_t addr,
385
    bool writing)
386
{
387
	int fd;
388
	struct fat32_cache_entry *entry, *first;
389
	off_t	fat_addr;
390
	size_t	rwsize;
391

392
	addr &= ~(fat32_cache_chunk_size - 1);
393

394
	first = TAILQ_FIRST(&fat->fat32_cache_head);
395

396
	/*
397
	 * Cache hit: if we already have the chunk, move it to list head
398
	 */
399
	TAILQ_FOREACH(entry, &fat->fat32_cache_head, entries) {
400
		if (entry->addr == addr) {
401
			if (writing) {
402
				entry->dirty = true;
403
			}
404
			if (entry != first) {
405

406
				TAILQ_REMOVE(&fat->fat32_cache_head, entry, entries);
407
				TAILQ_INSERT_HEAD(&fat->fat32_cache_head, entry, entries);
408
			}
409
			return (entry);
410
		}
411
	}
412

413
	/*
414
	 * Cache miss: detach the chunk at tail of list, overwrite with
415
	 * the located chunk, and populate with data from disk.
416
	 */
417
	entry = TAILQ_LAST(&fat->fat32_cache_head, cachehead);
418
	TAILQ_REMOVE(&fat->fat32_cache_head, entry, entries);
419
	if (fat_flush_fat32_cache_entry(fat, entry) != FSOK) {
420
		return (NULL);
421
	}
422

423
	rwsize = fat_get_iosize(fat, addr);
424
	fat_addr = fat->fat32_offset + addr;
425
	entry->addr = addr;
426
	fd = fd_of_(fat);
427
	if (lseek(fd, fat_addr, SEEK_SET) != fat_addr ||
428
		(size_t)read(fd, entry->chunk, rwsize) != rwsize) {
429
		pfatal("Unable to read FAT");
430
		return (NULL);
431
	}
432
	if (writing) {
433
		entry->dirty = true;
434
	}
435
	TAILQ_INSERT_HEAD(&fat->fat32_cache_head, entry, entries);
436

437
	return (entry);
438
}
439

440
static inline uint8_t *
441
fat_get_fat32_cached_ptr(struct fat_descriptor *fat, cl_t cl, bool writing)
442
{
443
	off_t addr, off;
444
	struct fat32_cache_entry *entry;
445

446
	addr = cl << 2;
447
	entry = fat_get_fat32_cache_entry(fat, addr, writing);
448

449
	if (entry != NULL) {
450
		off = addr & (fat32_cache_chunk_size - 1);
451
		return (entry->chunk + off);
452
	} else {
453
		return (NULL);
454
	}
455
}
456

457

458
static cl_t
459
fat_get_fat32_cached_next(struct fat_descriptor *fat, cl_t cl)
460
{
461
	const uint8_t	*p;
462
	cl_t	retval;
463

464
	p = fat_get_fat32_cached_ptr(fat, cl, false);
465
	if (p != NULL) {
466
		retval = le32dec(p) & CLUST32_MASK;
467
		if (retval >= (CLUST_BAD & CLUST32_MASK))
468
			retval |= ~CLUST32_MASK;
469
	} else {
470
		retval = CLUST_DEAD;
471
	}
472

473
	return (retval);
474
}
475

476
static int
477
fat_set_fat32_cached_next(struct fat_descriptor *fat, cl_t cl, cl_t nextcl)
478
{
479
	uint8_t	*p;
480

481
	/* Truncate 'nextcl' value, if needed */
482
	nextcl &= CLUST32_MASK;
483

484
	p = fat_get_fat32_cached_ptr(fat, cl, true);
485
	if (p != NULL) {
486
		le32enc(p, (uint32_t)nextcl);
487
		return FSOK;
488
	} else {
489
		return FSFATAL;
490
	}
491
}
492

493
cl_t fat_get_cl_next(struct fat_descriptor *fat, cl_t cl)
494
{
495

496
	if (!valid_cl(fat, cl)) {
497
		pfatal("Invalid cluster: %ud", cl);
498
		return CLUST_DEAD;
499
	}
500

501
	return (fat->get(fat, cl));
502
}
503

504
int fat_set_cl_next(struct fat_descriptor *fat, cl_t cl, cl_t nextcl)
505
{
506

507
	if (rdonly) {
508
		pwarn(" (NO WRITE)\n");
509
		return FSFATAL;
510
	}
511

512
	if (!valid_cl(fat, cl)) {
513
		pfatal("Invalid cluster: %ud", cl);
514
		return FSFATAL;
515
	}
516

517
	return (fat->set(fat, cl, nextcl));
518
}
519

520
static inline struct bootblock*
521
boot_of_(struct fat_descriptor *fat) {
522

523
	return (fat->boot);
524
}
525

526
struct bootblock*
527
fat_get_boot(struct fat_descriptor *fat) {
528

529
	return (boot_of_(fat));
530
}
531

532
static inline int
533
fd_of_(struct fat_descriptor *fat)
534
{
535
	return (fat->fd);
536
}
537

538
int
539
fat_get_fd(struct fat_descriptor * fat)
540
{
541
	return (fd_of_(fat));
542
}
543

544
/*
545
 * Whether a cl is in valid data range.
546
 */
547
bool
548
fat_is_valid_cl(struct fat_descriptor *fat, cl_t cl)
549
{
550

551
	return (valid_cl(fat, cl));
552
}
553

554
static inline bool
555
valid_cl(struct fat_descriptor *fat, cl_t cl)
556
{
557
	const struct bootblock *boot = boot_of_(fat);
558

559
	return (cl >= CLUST_FIRST && cl < boot->NumClusters);
560
}
561

562
/*
563
 * The first 2 FAT entries contain pseudo-cluster numbers with the following
564
 * layout:
565
 *
566
 * 31...... ........ ........ .......0
567
 * rrrr1111 11111111 11111111 mmmmmmmm         FAT32 entry 0
568
 * rrrrsh11 11111111 11111111 11111xxx         FAT32 entry 1
569
 *
570
 *                   11111111 mmmmmmmm         FAT16 entry 0
571
 *                   sh111111 11111xxx         FAT16 entry 1
572
 *
573
 * r = reserved
574
 * m = BPB media ID byte
575
 * s = clean flag (1 = dismounted; 0 = still mounted)
576
 * h = hard error flag (1 = ok; 0 = I/O error)
577
 * x = any value ok
578
 */
579
int
580
checkdirty(int fs, struct bootblock *boot)
581
{
582
	off_t off;
583
	u_char *buffer;
584
	int ret = 0;
585
	size_t len;
586

587
	if (boot->ClustMask != CLUST16_MASK && boot->ClustMask != CLUST32_MASK)
588
		return 0;
589

590
	off = boot->bpbResSectors;
591
	off *= boot->bpbBytesPerSec;
592

593
	buffer = malloc(len = boot->bpbBytesPerSec);
594
	if (buffer == NULL) {
595
		perr("No space for FAT sectors (%zu)", len);
596
		return 1;
597
	}
598

599
	if (lseek(fs, off, SEEK_SET) != off) {
600
		perr("Unable to read FAT");
601
		goto err;
602
	}
603

604
	if ((size_t)read(fs, buffer, boot->bpbBytesPerSec) !=
605
	    boot->bpbBytesPerSec) {
606
		perr("Unable to read FAT");
607
		goto err;
608
	}
609

610
	/*
611
	 * If we don't understand the FAT, then the file system must be
612
	 * assumed to be unclean.
613
	 */
614
	if (buffer[0] != boot->bpbMedia || buffer[1] != 0xff)
615
		goto err;
616
	if (boot->ClustMask == CLUST16_MASK) {
617
		if ((buffer[2] & 0xf8) != 0xf8 || (buffer[3] & 0x3f) != 0x3f)
618
			goto err;
619
	} else {
620
		if (buffer[2] != 0xff || (buffer[3] & 0x0f) != 0x0f
621
		    || (buffer[4] & 0xf8) != 0xf8 || buffer[5] != 0xff
622
		    || buffer[6] != 0xff || (buffer[7] & 0x03) != 0x03)
623
			goto err;
624
	}
625

626
	/*
627
	 * Now check the actual clean flag (and the no-error flag).
628
	 */
629
	if (boot->ClustMask == CLUST16_MASK) {
630
		if ((buffer[3] & 0xc0) == 0xc0)
631
			ret = 1;
632
	} else {
633
		if ((buffer[7] & 0x0c) == 0x0c)
634
			ret = 1;
635
	}
636

637
err:
638
	free(buffer);
639
	return ret;
640
}
641

642
int
643
cleardirty(struct fat_descriptor *fat)
644
{
645
	int fd, ret = FSERROR;
646
	struct bootblock *boot;
647
	u_char *buffer;
648
	size_t len;
649
	off_t off;
650

651
	boot = boot_of_(fat);
652
	fd = fd_of_(fat);
653

654
	if (boot->ClustMask != CLUST16_MASK && boot->ClustMask != CLUST32_MASK)
655
		return 0;
656

657
	off = boot->bpbResSectors;
658
	off *= boot->bpbBytesPerSec;
659

660
	buffer = malloc(len = boot->bpbBytesPerSec);
661
	if (buffer == NULL) {
662
		perr("No memory for FAT sectors (%zu)", len);
663
		return 1;
664
	}
665

666
	if ((size_t)pread(fd, buffer, len, off) != len) {
667
		perr("Unable to read FAT");
668
		goto err;
669
	}
670

671
	if (boot->ClustMask == CLUST16_MASK) {
672
		buffer[3] |= 0x80;
673
	} else {
674
		buffer[7] |= 0x08;
675
	}
676

677
	if ((size_t)pwrite(fd, buffer, len, off) != len) {
678
		perr("Unable to write FAT");
679
		goto err;
680
	}
681

682
	ret = FSOK;
683

684
err:
685
	free(buffer);
686
	return ret;
687
}
688

689
/*
690
 * Read a FAT from disk. Returns 1 if successful, 0 otherwise.
691
 */
692
static int
693
_readfat(struct fat_descriptor *fat)
694
{
695
	int fd;
696
	size_t i;
697
	off_t off;
698
	size_t readsize;
699
	struct bootblock *boot;
700
	struct fat32_cache_entry *entry;
701

702
	boot = boot_of_(fat);
703
	fd = fd_of_(fat);
704
	fat->fatsize = boot->FATsecs * boot->bpbBytesPerSec;
705

706
	off = boot->bpbResSectors;
707
	off *= boot->bpbBytesPerSec;
708

709
	fat->is_mmapped = false;
710
	fat->use_cache = false;
711

712
	/* Attempt to mmap() first */
713
	if (allow_mmap) {
714
		fat->fatbuf = mmap(NULL, fat->fatsize,
715
				PROT_READ | (rdonly ? 0 : PROT_WRITE),
716
				MAP_SHARED, fd_of_(fat), off);
717
		if (fat->fatbuf != MAP_FAILED) {
718
			fat->is_mmapped = true;
719
			return 1;
720
		}
721
	}
722

723
	/*
724
	 * Unfortunately, we were unable to mmap().
725
	 *
726
	 * Only use the cache manager when it's necessary, that is,
727
	 * when the FAT is sufficiently large; in that case, only
728
	 * read in the first 4 MiB of FAT into memory, and split the
729
	 * buffer into chunks and insert to the LRU queue to populate
730
	 * the cache with data.
731
	 */
732
	if (boot->ClustMask == CLUST32_MASK &&
733
	    fat->fatsize >= fat32_cache_size) {
734
		readsize = fat32_cache_size;
735
		fat->use_cache = true;
736

737
		fat->fat32_offset = boot->bpbResSectors * boot->bpbBytesPerSec;
738
		fat->fat32_lastaddr = fat->fatsize & ~(fat32_cache_chunk_size);
739
	} else {
740
		readsize = fat->fatsize;
741
	}
742
	fat->fatbuf = malloc(readsize);
743
	if (fat->fatbuf == NULL) {
744
		perr("No space for FAT (%zu)", readsize);
745
		return 0;
746
	}
747

748
	if (lseek(fd, off, SEEK_SET) != off) {
749
		perr("Unable to read FAT");
750
		goto err;
751
	}
752
	if ((size_t)read(fd, fat->fatbuf, readsize) != readsize) {
753
		perr("Unable to read FAT");
754
		goto err;
755
	}
756

757
	/*
758
	 * When cache is used, split the buffer into chunks, and
759
	 * connect the buffer into the cache.
760
	 */
761
	if (fat->use_cache) {
762
		TAILQ_INIT(&fat->fat32_cache_head);
763
		entry = calloc(fat32_cache_entries, sizeof(*entry));
764
		if (entry == NULL) {
765
			perr("No space for FAT cache (%zu of %zu)",
766
			    fat32_cache_entries, sizeof(entry));
767
			goto err;
768
		}
769
		for (i = 0; i < fat32_cache_entries; i++) {
770
			entry[i].addr = fat32_cache_chunk_size * i;
771
			entry[i].chunk = &fat->fatbuf[entry[i].addr];
772
			TAILQ_INSERT_TAIL(&fat->fat32_cache_head,
773
			    &entry[i], entries);
774
		}
775
		fat->fat32_cache_allentries = entry;
776
	}
777

778
	return 1;
779

780
err:
781
	free(fat->fatbuf);
782
	fat->fatbuf = NULL;
783
	return 0;
784
}
785

786
static void
787
releasefat(struct fat_descriptor *fat)
788
{
789
	if (fat->is_mmapped) {
790
		munmap(fat->fatbuf, fat->fatsize);
791
	} else {
792
		if (fat->use_cache) {
793
			free(fat->fat32_cache_allentries);
794
			fat->fat32_cache_allentries = NULL;
795
		}
796
		free(fat->fatbuf);
797
	}
798
	fat->fatbuf = NULL;
799
	bitmap_dtor(&fat->headbitmap);
800
}
801

802
/*
803
 * Read or map a FAT and populate head bitmap
804
 */
805
int
806
readfat(int fs, struct bootblock *boot, struct fat_descriptor **fp)
807
{
808
	struct fat_descriptor *fat;
809
	u_char *buffer, *p;
810
	cl_t cl, nextcl;
811
	int ret = FSOK;
812

813
	boot->NumFree = boot->NumBad = 0;
814

815
	fat = calloc(1, sizeof(struct fat_descriptor));
816
	if (fat == NULL) {
817
		perr("No space for FAT descriptor");
818
		return FSFATAL;
819
	}
820

821
	fat->fd = fs;
822
	fat->boot = boot;
823

824
	if (!_readfat(fat)) {
825
		free(fat);
826
		return FSFATAL;
827
	}
828
	buffer = fat->fatbuf;
829

830
	/* Populate accessors */
831
	switch(boot->ClustMask) {
832
	case CLUST12_MASK:
833
		fat->get = fat_get_fat12_next;
834
		fat->set = fat_set_fat12_next;
835
		break;
836
	case CLUST16_MASK:
837
		fat->get = fat_get_fat16_next;
838
		fat->set = fat_set_fat16_next;
839
		break;
840
	case CLUST32_MASK:
841
		if (fat->is_mmapped || !fat->use_cache) {
842
			fat->get = fat_get_fat32_next;
843
			fat->set = fat_set_fat32_next;
844
		} else {
845
			fat->get = fat_get_fat32_cached_next;
846
			fat->set = fat_set_fat32_cached_next;
847
		}
848
		break;
849
	default:
850
		pfatal("Invalid ClustMask: %d", boot->ClustMask);
851
		releasefat(fat);
852
		free(fat);
853
		return FSFATAL;
854
	}
855

856
	if (bitmap_ctor(&fat->headbitmap, boot->NumClusters,
857
	    true) != FSOK) {
858
		perr("No space for head bitmap for FAT clusters (%zu)",
859
		    (size_t)boot->NumClusters);
860
		releasefat(fat);
861
		free(fat);
862
		return FSFATAL;
863
	}
864

865
	if (buffer[0] != boot->bpbMedia
866
	    || buffer[1] != 0xff || buffer[2] != 0xff
867
	    || (boot->ClustMask == CLUST16_MASK && buffer[3] != 0xff)
868
	    || (boot->ClustMask == CLUST32_MASK
869
		&& ((buffer[3]&0x0f) != 0x0f
870
		    || buffer[4] != 0xff || buffer[5] != 0xff
871
		    || buffer[6] != 0xff || (buffer[7]&0x0f) != 0x0f))) {
872

873
		/* Windows 95 OSR2 (and possibly any later) changes
874
		 * the FAT signature to 0xXXffff7f for FAT16 and to
875
		 * 0xXXffff0fffffff07 for FAT32 upon boot, to know that the
876
		 * file system is dirty if it doesn't reboot cleanly.
877
		 * Check this special condition before errorring out.
878
		 */
879
		if (buffer[0] == boot->bpbMedia && buffer[1] == 0xff
880
		    && buffer[2] == 0xff
881
		    && ((boot->ClustMask == CLUST16_MASK && buffer[3] == 0x7f)
882
			|| (boot->ClustMask == CLUST32_MASK
883
			    && buffer[3] == 0x0f && buffer[4] == 0xff
884
			    && buffer[5] == 0xff && buffer[6] == 0xff
885
			    && buffer[7] == 0x07)))
886
			ret |= FSDIRTY;
887
		else {
888
			/* just some odd byte sequence in FAT */
889

890
			switch (boot->ClustMask) {
891
			case CLUST32_MASK:
892
				pwarn("%s (%02x%02x%02x%02x%02x%02x%02x%02x)\n",
893
				      "FAT starts with odd byte sequence",
894
				      buffer[0], buffer[1], buffer[2], buffer[3],
895
				      buffer[4], buffer[5], buffer[6], buffer[7]);
896
				break;
897
			case CLUST16_MASK:
898
				pwarn("%s (%02x%02x%02x%02x)\n",
899
				    "FAT starts with odd byte sequence",
900
				    buffer[0], buffer[1], buffer[2], buffer[3]);
901
				break;
902
			default:
903
				pwarn("%s (%02x%02x%02x)\n",
904
				    "FAT starts with odd byte sequence",
905
				    buffer[0], buffer[1], buffer[2]);
906
				break;
907
			}
908

909
			if (ask(1, "Correct")) {
910
				ret |= FSFATMOD;
911
				p = buffer;
912

913
				*p++ = (u_char)boot->bpbMedia;
914
				*p++ = 0xff;
915
				*p++ = 0xff;
916
				switch (boot->ClustMask) {
917
				case CLUST16_MASK:
918
					*p++ = 0xff;
919
					break;
920
				case CLUST32_MASK:
921
					*p++ = 0x0f;
922
					*p++ = 0xff;
923
					*p++ = 0xff;
924
					*p++ = 0xff;
925
					*p++ = 0x0f;
926
					break;
927
				default:
928
					break;
929
				}
930
			}
931
		}
932
	}
933

934
	/*
935
	 * Traverse the FAT table and populate head map.  Initially, we
936
	 * consider all clusters as possible head cluster (beginning of
937
	 * a file or directory), and traverse the whole allocation table
938
	 * by marking every non-head nodes as such (detailed below) and
939
	 * fix obvious issues while we walk.
940
	 *
941
	 * For each "next" cluster, the possible values are:
942
	 *
943
	 * a) CLUST_FREE or CLUST_BAD.  The *current* cluster can't be a
944
	 *    head node.
945
	 * b) An out-of-range value. The only fix would be to truncate at
946
	 *    the cluster.
947
	 * c) A valid cluster.  It means that cluster (nextcl) is not a
948
	 *    head cluster.  Note that during the scan, every cluster is
949
	 *    expected to be seen for at most once, and when we saw them
950
	 *    twice, it means a cross-linked chain which should be
951
	 *    truncated at the current cluster.
952
	 *
953
	 * After scan, the remaining set bits indicates all possible
954
	 * head nodes, because they were never claimed by any other
955
	 * node as the next node, but we do not know if these chains
956
	 * would end with a valid EOF marker.  We will check that in
957
	 * checkchain() at a later time when checking directories,
958
	 * where these head nodes would be marked as non-head.
959
	 *
960
	 * In the final pass, all head nodes should be cleared, and if
961
	 * there is still head nodes, these would be leaders of lost
962
	 * chain.
963
	 */
964
	for (cl = CLUST_FIRST; cl < boot->NumClusters; cl++) {
965
		nextcl = fat_get_cl_next(fat, cl);
966

967
		/* Check if the next cluster number is valid */
968
		if (nextcl == CLUST_FREE) {
969
			/* Save a hint for next free cluster */
970
			if (boot->FSNext == 0) {
971
				boot->FSNext = cl;
972
			}
973
			if (fat_is_cl_head(fat, cl)) {
974
				fat_clear_cl_head(fat, cl);
975
			}
976
			boot->NumFree++;
977
		} else if (nextcl == CLUST_BAD) {
978
			if (fat_is_cl_head(fat, cl)) {
979
				fat_clear_cl_head(fat, cl);
980
			}
981
			boot->NumBad++;
982
		} else if (!valid_cl(fat, nextcl) && nextcl < CLUST_RSRVD) {
983
			pwarn("Cluster %u continues with out of range "
984
			    "cluster number %u\n",
985
			    cl,
986
			    nextcl & boot->ClustMask);
987
			if (ask(0, "Truncate")) {
988
				ret |= fat_set_cl_next(fat, cl, CLUST_EOF);
989
				ret |= FSFATMOD;
990
			}
991
		} else if (valid_cl(fat, nextcl)) {
992
			if (fat_is_cl_head(fat, nextcl)) {
993
				fat_clear_cl_head(fat, nextcl);
994
			} else {
995
				pwarn("Cluster %u crossed another chain at %u\n",
996
				    cl, nextcl);
997
				if (ask(0, "Truncate")) {
998
					ret |= fat_set_cl_next(fat, cl, CLUST_EOF);
999
					ret |= FSFATMOD;
1000
				}
1001
			}
1002
		}
1003

1004
	}
1005

1006
	if (ret & FSFATAL) {
1007
		releasefat(fat);
1008
		free(fat);
1009
		*fp = NULL;
1010
	} else
1011
		*fp = fat;
1012
	return ret;
1013
}
1014

1015
/*
1016
 * Get type of reserved cluster
1017
 */
1018
const char *
1019
rsrvdcltype(cl_t cl)
1020
{
1021
	if (cl == CLUST_FREE)
1022
		return "free";
1023
	if (cl < CLUST_BAD)
1024
		return "reserved";
1025
	if (cl > CLUST_BAD)
1026
		return "as EOF";
1027
	return "bad";
1028
}
1029

1030
/*
1031
 * Examine a cluster chain for errors and count its size.
1032
 */
1033
int
1034
checkchain(struct fat_descriptor *fat, cl_t head, size_t *chainsize)
1035
{
1036
	cl_t prev_cl, current_cl, next_cl;
1037
	const char *op;
1038

1039
	/*
1040
	 * We expect that the caller to give us a real, unvisited 'head'
1041
	 * cluster, and it must be a valid cluster.  While scanning the
1042
	 * FAT table, we already excluded all clusters that was claimed
1043
	 * as a "next" cluster.  Assert all the three conditions.
1044
	 */
1045
	assert(valid_cl(fat, head));
1046
	assert(fat_is_cl_head(fat, head));
1047

1048
	/*
1049
	 * Immediately mark the 'head' cluster that we are about to visit.
1050
	 */
1051
	fat_clear_cl_head(fat, head);
1052

1053
	/*
1054
	 * The allocation of a non-zero sized file or directory is
1055
	 * represented as a singly linked list, and the tail node
1056
	 * would be the EOF marker (>=CLUST_EOFS).
1057
	 *
1058
	 * With a valid head node at hand, we expect all subsequent
1059
	 * cluster to be either a not yet seen and valid cluster (we
1060
	 * would continue counting), or the EOF marker (we conclude
1061
	 * the scan of this chain).
1062
	 *
1063
	 * For all other cases, the chain is invalid, and the only
1064
	 * viable fix would be to truncate at the current node (mark
1065
	 * it as EOF) when the next node violates that.
1066
	 */
1067
	*chainsize = 0;
1068
	prev_cl = current_cl = head;
1069
	for (next_cl = fat_get_cl_next(fat, current_cl);
1070
	    valid_cl(fat, next_cl);
1071
	    prev_cl = current_cl, current_cl = next_cl, next_cl = fat_get_cl_next(fat, current_cl))
1072
		(*chainsize)++;
1073

1074
	/* A natural end */
1075
	if (next_cl >= CLUST_EOFS) {
1076
		(*chainsize)++;
1077
		return FSOK;
1078
	}
1079

1080
	/*
1081
	 * The chain ended with an out-of-range cluster number.
1082
	 *
1083
	 * If the current node is e.g. CLUST_FREE, CLUST_BAD, etc.,
1084
	 * it should not be present in a chain and we has to truncate
1085
	 * at the previous node.
1086
	 *
1087
	 * If the current cluster points to an invalid cluster, the
1088
	 * current cluster might have useful data and we truncate at
1089
	 * the current cluster instead.
1090
	 */
1091
	if (next_cl == CLUST_FREE || next_cl >= CLUST_RSRVD) {
1092
		pwarn("Cluster chain starting at %u ends with cluster marked %s\n",
1093
		    head, rsrvdcltype(next_cl));
1094
		current_cl = prev_cl;
1095
	} else {
1096
		pwarn("Cluster chain starting at %u ends with cluster out of range (%u)\n",
1097
		    head,
1098
		    next_cl & boot_of_(fat)->ClustMask);
1099
		(*chainsize)++;
1100
	}
1101

1102
	if (*chainsize > 0) {
1103
		op = "Truncate";
1104
		next_cl = CLUST_EOF;
1105
	} else {
1106
		op = "Clear";
1107
		next_cl = CLUST_FREE;
1108
	}
1109
	if (ask(0, "%s", op)) {
1110
		return (fat_set_cl_next(fat, current_cl, next_cl) | FSFATMOD);
1111
	} else {
1112
		return (FSERROR);
1113
	}
1114
}
1115

1116
/*
1117
 * Clear cluster chain from head.
1118
 */
1119
void
1120
clearchain(struct fat_descriptor *fat, cl_t head)
1121
{
1122
	cl_t current_cl, next_cl;
1123
	struct bootblock *boot = boot_of_(fat);
1124

1125
	current_cl = head;
1126

1127
	while (valid_cl(fat, current_cl)) {
1128
		next_cl = fat_get_cl_next(fat, current_cl);
1129
		(void)fat_set_cl_next(fat, current_cl, CLUST_FREE);
1130
		boot->NumFree++;
1131
		current_cl = next_cl;
1132
	}
1133

1134
}
1135

1136
/*
1137
 * Overwrite the n-th FAT with FAT0
1138
 */
1139
static int
1140
copyfat(struct fat_descriptor *fat, int n)
1141
{
1142
	size_t	rwsize, tailsize, blobs, i;
1143
	off_t	dst_off, src_off;
1144
	struct bootblock *boot;
1145
	int ret, fd;
1146

1147
	ret = FSOK;
1148
	fd = fd_of_(fat);
1149
	boot = boot_of_(fat);
1150

1151
	blobs = howmany(fat->fatsize, fat32_cache_size);
1152
	tailsize = fat->fatsize % fat32_cache_size;
1153
	if (tailsize == 0) {
1154
		tailsize = fat32_cache_size;
1155
	}
1156
	rwsize = fat32_cache_size;
1157

1158
	src_off = fat->fat32_offset;
1159
	dst_off = boot->bpbResSectors + n * boot->FATsecs;
1160
	dst_off *= boot->bpbBytesPerSec;
1161

1162
	for (i = 0; i < blobs;
1163
	    i++, src_off += fat32_cache_size, dst_off += fat32_cache_size) {
1164
		if (i == blobs - 1) {
1165
			rwsize = tailsize;
1166
		}
1167
		if ((lseek(fd, src_off, SEEK_SET) != src_off ||
1168
		    (size_t)read(fd, fat->fatbuf, rwsize) != rwsize) &&
1169
		    ret == FSOK) {
1170
			perr("Unable to read FAT0");
1171
			ret = FSFATAL;
1172
			continue;
1173
		}
1174
		if ((lseek(fd, dst_off, SEEK_SET) != dst_off ||
1175
			(size_t)write(fd, fat->fatbuf, rwsize) != rwsize) &&
1176
			ret == FSOK) {
1177
			perr("Unable to write FAT %d", n);
1178
			ret = FSERROR;
1179
		}
1180
	}
1181
	return (ret);
1182
}
1183

1184
/*
1185
 * Write out FAT
1186
 */
1187
int
1188
writefat(struct fat_descriptor *fat)
1189
{
1190
	u_int i;
1191
	size_t writesz;
1192
	off_t dst_base;
1193
	int ret = FSOK, fd;
1194
	struct bootblock *boot;
1195
	struct fat32_cache_entry *entry;
1196

1197
	boot = boot_of_(fat);
1198
	fd = fd_of_(fat);
1199

1200
	if (fat->use_cache) {
1201
		/*
1202
		 * Attempt to flush all in-flight cache, and bail out
1203
		 * if we encountered an error (but only emit error
1204
		 * message once).  Stop proceeding with copyfat()
1205
		 * if any flush failed.
1206
		 */
1207
		TAILQ_FOREACH(entry, &fat->fat32_cache_head, entries) {
1208
			if (fat_flush_fat32_cache_entry(fat, entry) != FSOK) {
1209
				if (ret == FSOK) {
1210
					perr("Unable to write FAT");
1211
					ret = FSFATAL;
1212
				}
1213
			}
1214
		}
1215
		if (ret != FSOK)
1216
			return (ret);
1217

1218
		/* Update backup copies of FAT, error is not fatal */
1219
		for (i = 1; i < boot->bpbFATs; i++) {
1220
			if (copyfat(fat, i) != FSOK)
1221
				ret = FSERROR;
1222
		}
1223
	} else {
1224
		writesz = fat->fatsize;
1225

1226
		for (i = fat->is_mmapped ? 1 : 0; i < boot->bpbFATs; i++) {
1227
			dst_base = boot->bpbResSectors + i * boot->FATsecs;
1228
			dst_base *= boot->bpbBytesPerSec;
1229
			if ((lseek(fd, dst_base, SEEK_SET) != dst_base ||
1230
			    (size_t)write(fd, fat->fatbuf, writesz) != writesz) &&
1231
			    ret == FSOK) {
1232
				perr("Unable to write FAT %d", i);
1233
				ret = ((i == 0) ? FSFATAL : FSERROR);
1234
			}
1235
		}
1236
	}
1237

1238
	return ret;
1239
}
1240

1241
/*
1242
 * Check a complete in-memory FAT for lost cluster chains
1243
 */
1244
int
1245
checklost(struct fat_descriptor *fat)
1246
{
1247
	cl_t head;
1248
	int mod = FSOK;
1249
	int dosfs, ret;
1250
	size_t chains, chainlength;
1251
	struct bootblock *boot;
1252

1253
	dosfs = fd_of_(fat);
1254
	boot = boot_of_(fat);
1255

1256
	/*
1257
	 * At this point, we have already traversed all directories.
1258
	 * All remaining chain heads in the bitmap are heads of lost
1259
	 * chains.
1260
	 */
1261
	chains = fat_get_head_count(fat);
1262
	for (head = CLUST_FIRST;
1263
	    chains > 0 && head < boot->NumClusters;
1264
	    ) {
1265
		/*
1266
		 * We expect the bitmap to be very sparse, so skip if
1267
		 * the range is full of 0's
1268
		 */
1269
		if (head % LONG_BIT == 0 &&
1270
		    !fat_is_cl_head_in_range(fat, head)) {
1271
			head += LONG_BIT;
1272
			continue;
1273
		}
1274
		if (fat_is_cl_head(fat, head)) {
1275
			ret = checkchain(fat, head, &chainlength);
1276
			if (ret != FSERROR && chainlength > 0) {
1277
				pwarn("Lost cluster chain at cluster %u\n"
1278
				    "%zd Cluster(s) lost\n",
1279
				    head, chainlength);
1280
				mod |= ret = reconnect(fat, head,
1281
				    chainlength);
1282
			}
1283
			if (mod & FSFATAL)
1284
				break;
1285
			if (ret == FSERROR && ask(0, "Clear")) {
1286
				clearchain(fat, head);
1287
				mod |= FSFATMOD;
1288
			}
1289
			chains--;
1290
		}
1291
		head++;
1292
	}
1293

1294
	finishlf();
1295

1296
	if (boot->bpbFSInfo) {
1297
		ret = 0;
1298
		if (boot->FSFree != 0xffffffffU &&
1299
		    boot->FSFree != boot->NumFree) {
1300
			pwarn("Free space in FSInfo block (%u) not correct (%u)\n",
1301
			      boot->FSFree, boot->NumFree);
1302
			if (ask(1, "Fix")) {
1303
				boot->FSFree = boot->NumFree;
1304
				ret = 1;
1305
			}
1306
		}
1307
		if (boot->FSNext != 0xffffffffU &&
1308
		    (boot->FSNext >= boot->NumClusters ||
1309
		    (boot->NumFree && fat_get_cl_next(fat, boot->FSNext) != CLUST_FREE))) {
1310
			pwarn("Next free cluster in FSInfo block (%u) %s\n",
1311
			      boot->FSNext,
1312
			      (boot->FSNext >= boot->NumClusters) ? "invalid" : "not free");
1313
			if (ask(1, "Fix"))
1314
				for (head = CLUST_FIRST; head < boot->NumClusters; head++)
1315
					if (fat_get_cl_next(fat, head) == CLUST_FREE) {
1316
						boot->FSNext = head;
1317
						ret = 1;
1318
						break;
1319
					}
1320
		}
1321
		if (ret)
1322
			mod |= writefsinfo(dosfs, boot);
1323
	}
1324

1325
	return mod;
1326
}
1327

1328