aboutsummaryrefslogtreecommitdiffstats
path: root/com32/chain/partiter.c
blob: 1eb5350dd16503403063a6e3d23c264c523fd35e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
/* ----------------------------------------------------------------------- *
 *
 *   Copyright 2003-2009 H. Peter Anvin - All Rights Reserved
 *   Copyright 2009-2010 Intel Corporation; author: H. Peter Anvin
 *   Copyright 2010 Shao Miller
 *   Copyright 2010-2012 Michal Soltys
 *
 *   Permission is hereby granted, free of charge, to any person
 *   obtaining a copy of this software and associated documentation
 *   files (the "Software"), to deal in the Software without
 *   restriction, including without limitation the rights to use,
 *   copy, modify, merge, publish, distribute, sublicense, and/or
 *   sell copies of the Software, and to permit persons to whom
 *   the Software is furnished to do so, subject to the following
 *   conditions:
 *
 *   The above copyright notice and this permission notice shall
 *   be included in all copies or substantial portions of the Software.
 *
 *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
 *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 *   OTHER DEALINGS IN THE SOFTWARE.
 *
 * ----------------------------------------------------------------------- */

/*
 * partiter.c
 *
 * Provides disk / partition iteration.
 */

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include <zlib.h>
#include <syslinux/disk.h>
#include "partiter.h"
#include "utility.h"

#define ost_is_ext(type) ((type) == 0x05 || (type) == 0x0F || (type) == 0x85)
#define ost_is_nondata(type) (ost_is_ext(type) || (type) == 0x00)
#define sane(s,l) ((s)+(l) > (s))

/* virtual forwards */

static void pi_dtor_(struct part_iter *);
static int  pi_next_(struct part_iter *);
static int  pi_dos_next(struct part_iter *);
static int  pi_gpt_next(struct part_iter *);

/* vtab and types */

static struct itertype types[] = {
   [0] = {
	.dtor = &pi_dtor_,
	.next = &pi_dos_next,
}, [1] = {
	.dtor = &pi_dtor_,
	.next = &pi_gpt_next,
}, [2] = {
	.dtor = &pi_dtor_,
	.next = &pi_next_,
}};

const struct itertype * const typedos = types;
const struct itertype * const typegpt = types+1;
const struct itertype * const typeraw = types+2;

/* pi_dtor_() - common/raw iterator cleanup */
static void pi_dtor_(struct part_iter *iter)
{
    /* syslinux's free is null resilient */
    free(iter->data);
}

/* pi_ctor() - common/raw iterator initialization */
static int pi_ctor(struct part_iter *iter,
	const struct disk_info *di, int flags
)
{
    memcpy(&iter->di, di, sizeof *di);
    iter->flags = flags;
    iter->index0 = -1;
    iter->length = di->lbacnt;

    iter->type = typeraw;
    return 0;
}

/* pi_dos_ctor() - MBR/EBR iterator specific initialization */
static int pi_dos_ctor(struct part_iter *iter,
	const struct disk_info *di, int flags,
	const struct disk_dos_mbr *mbr
)
{
    if (pi_ctor(iter, di, flags))
	return -1;

    if (!(iter->data = malloc(sizeof *mbr))) {
	critm();
	goto bail;
    }

    memcpy(iter->data, mbr, sizeof *mbr);

    iter->dos.bebr_index0 = -1;
    iter->dos.disk_sig = mbr->disk_sig;

    iter->type = typedos;
    return 0;
bail:
    pi_dtor_(iter);
    return -1;
}

/* pi_gpt_ctor() - GPT iterator specific initialization */
static int pi_gpt_ctor(struct part_iter *iter,
	const struct disk_info *di, int flags,
	const struct disk_gpt_header *gpth, const struct disk_gpt_part_entry *gptl
)
{
    uint64_t siz;

    if (pi_ctor(iter, di, flags))
	return -1;

    siz = (uint64_t)gpth->part_count * gpth->part_size;

    if (!(iter->data = malloc((size_t)siz))) {
	critm();
	goto bail;
    }

    memcpy(iter->data, gptl, (size_t)siz);

    iter->gpt.pe_count = (int)gpth->part_count;
    iter->gpt.pe_size = (int)gpth->part_size;
    iter->gpt.ufirst = gpth->lba_first_usable;
    iter->gpt.ulast = gpth->lba_last_usable;

    memcpy(&iter->gpt.disk_guid, &gpth->disk_guid, sizeof gpth->disk_guid);
    memcpy(&iter->gpt.part_guid, &gpth->disk_guid, sizeof gpth->disk_guid);

    iter->type = typegpt;
    return 0;
bail:
    pi_dtor_(iter);
    return -1;
}

/* Logical partition must be sane, meaning:
 * - must be data or empty
 * - must have non-0 start and length
 * - values must not wrap around 32bit
 * - must be inside current EBR frame
 */

static int notsane_logical(const struct part_iter *iter)
{
    const struct disk_dos_part_entry *dp;
    uint32_t end_log;

    dp = ((struct disk_dos_mbr *)iter->data)->table;

    if (!dp[0].ostype)
	return 0;

    if (ost_is_ext(dp[0].ostype)) {
	error("The 1st EBR entry must be data or empty.");
	return -1;
    }

    if (iter->flags & PIF_RELAX)
	return 0;

    end_log = dp[0].start_lba + dp[0].length;

    if (!dp[0].start_lba ||
	!dp[0].length ||
	!sane(dp[0].start_lba, dp[0].length) ||
	end_log > iter->dos.nebr_siz) {

	error("Logical partition (in EBR) with invalid offset and/or length.");
	return -1;
    }

    return 0;
}

/* Extended partition must be sane, meaning:
 * - must be extended or empty
 * - must have non-0 start and length
 * - values must not wrap around 32bit
 * - must be inside base EBR frame
 */

static int notsane_extended(const struct part_iter *iter)
{
    const struct disk_dos_part_entry *dp;
    uint32_t end_ebr;

    dp = ((struct disk_dos_mbr *)iter->data)->table;

    if (!dp[1].ostype)
	return 0;

    if (!ost_is_nondata(dp[1].ostype)) {
	error("The 2nd EBR entry must be extended or empty.");
	return -1;
    }

    if (iter->flags & PIF_RELAX)
	return 0;

    end_ebr = dp[1].start_lba + dp[1].length;

    if (!dp[1].start_lba ||
	!dp[1].length ||
	!sane(dp[1].start_lba, dp[1].length) ||
	end_ebr > iter->dos.bebr_siz) {

	error("Extended partition (EBR) with invalid offset and/or length.");
	return -1;
    }

    return 0;
}

/* Primary partition must be sane, meaning:
 * - must have non-0 start and length
 * - values must not wrap around 32bit
 */

static int notsane_primary(const struct part_iter *iter)
{
    const struct disk_dos_part_entry *dp;
    dp = ((struct disk_dos_mbr *)iter->data)->table + iter->index0;

    if (!dp->ostype)
	return 0;

    if (iter->flags & PIF_RELAX)
	return 0;

    if (!dp->start_lba ||
	!dp->length ||
	!sane(dp->start_lba, dp->length) ||
	dp->start_lba + dp->length > iter->di.lbacnt) {
	error("Primary partition (in MBR) with invalid offset and/or length.");
	return -1;
    }

    return 0;
}

static int notsane_gpt(const struct part_iter *iter)
{
    const struct disk_gpt_part_entry *gp;
    gp = (const struct disk_gpt_part_entry *)
	(iter->data + iter->index0 * iter->gpt.pe_size);

    if (guid_is0(&gp->type))
	return 0;

    if (iter->flags & PIF_RELAX)
	return 0;

    if (gp->lba_first < iter->gpt.ufirst ||
	gp->lba_last > iter->gpt.ulast) {
	error("LBA sectors of GPT partition are beyond the range allowed in GPT header.");
	return -1;
    }

    return 0;
}

static int dos_next_mbr(struct part_iter *iter, uint32_t *lba,
			    struct disk_dos_part_entry **_dp)
{
    struct disk_dos_part_entry *dp;

    while (++iter->index0 < 4) {
	dp = ((struct disk_dos_mbr *)iter->data)->table + iter->index0;

	if (notsane_primary(iter)) {
	    iter->status = PI_INSANE;
	    return -1;
	}

	if (ost_is_ext(dp->ostype)) {
	    if (iter->dos.bebr_index0 >= 0) {
		error("More than 1 extended partition.");
		iter->status = PI_INSANE;
		return -1;
	    }
	    /* record base EBR index */
	    iter->dos.bebr_index0 = iter->index0;
	}
	if (!ost_is_nondata(dp->ostype) || (iter->flags & PIF_STEPALL)) {
	    *lba = dp->start_lba;
	    *_dp = dp;
	    break;
	}
    }

    return 0;
}

static int prep_base_ebr(struct part_iter *iter)
{
    struct disk_dos_part_entry *dp;

    if (iter->dos.bebr_index0 < 0)	/* if we don't have base extended partition at all */
	return -1;
    else if (!iter->dos.bebr_lba) { /* if not initialized yet */
	dp = ((struct disk_dos_mbr *)iter->data)->table + iter->dos.bebr_index0;

	iter->dos.bebr_lba = dp->start_lba;
	iter->dos.bebr_siz = dp->length;

	iter->dos.nebr_lba = dp->start_lba;
	iter->dos.nebr_siz = dp->length;

	iter->index0--;
    }
    return 0;
}

static int dos_next_ebr(struct part_iter *iter, uint32_t *lba,
			    struct disk_dos_part_entry **_dp)
{
    struct disk_dos_part_entry *dp;

    if (prep_base_ebr(iter) < 0) {
	iter->status = PI_DONE;
	return -1;
    }

    while (++iter->index0 < 1024 && iter->dos.nebr_lba) {
	free(iter->data);
	if (!(iter->data =
		    disk_read_sectors(&iter->di, iter->dos.nebr_lba, 1))) {
	    error("Couldn't load EBR.");
	    iter->status = PI_ERRLOAD;
	    return -1;
	}

	/* check sanity of loaded data */
	if (notsane_logical(iter) || notsane_extended(iter)) {
	    iter->status = PI_INSANE;
	    return -1;
	}

	dp = ((struct disk_dos_mbr *)iter->data)->table;

	iter->dos.cebr_lba = iter->dos.nebr_lba;
	iter->dos.cebr_siz = iter->dos.nebr_siz;

	/* setup next frame values */
	if (dp[1].ostype) {
	    iter->dos.nebr_lba = iter->dos.bebr_lba + dp[1].start_lba;
	    iter->dos.nebr_siz = dp[1].length;
	} else {
	    iter->dos.nebr_lba = 0;
	    iter->dos.nebr_siz = 0;
	}

	if (!dp[0].ostype)
	    iter->dos.logskipcnt++;

	if (dp[0].ostype || (iter->flags & PIF_STEPALL)) {
	    *lba = dp[0].start_lba ? iter->dos.cebr_lba + dp[0].start_lba : 0;
	    *_dp = dp;
	    return 0;
	}
	/*
	 * This way it's possible to continue, if some crazy soft left a "hole"
	 * - EBR with a valid extended partition without a logical one. In
	 * such case, linux will not reserve a number for such hole - so we
	 * don't increase index0. If PIF_STEPALL flag is set, we will never
	 * reach this place.
	 */
    }
    iter->status = PI_DONE;
    return -1;
}

static void gpt_conv_label(struct part_iter *iter)
{
    const struct disk_gpt_part_entry *gp;
    const int16_t *orig_lab;

    gp = (const struct disk_gpt_part_entry *)
	(iter->data + iter->index0 * iter->gpt.pe_size);
    orig_lab = (const int16_t *)gp->name;

    /* caveat: this is very crude conversion */
    for (int i = 0; i < PI_GPTLABSIZE/2; i++) {
	iter->gpt.part_label[i] = (char)orig_lab[i];
    }
    iter->gpt.part_label[PI_GPTLABSIZE/2] = 0;
}

static inline int valid_crc(uint32_t crc, const uint8_t *buf, unsigned int siz)
{
    return crc == crc32(crc32(0, NULL, 0), buf, siz);
}

static int gpt_check_hdr_crc(const struct disk_info * const diskinfo, struct disk_gpt_header **_gh)
{
    struct disk_gpt_header *gh = *_gh;
    uint64_t lba_alt;
    uint32_t hold_crc32;

    hold_crc32 = gh->chksum;
    gh->chksum = 0;
    if (!valid_crc(hold_crc32, (const uint8_t *)gh, gh->hdr_size)) {
	warn("Primary GPT header checksum invalid.");
	/* retry with backup */
	lba_alt = gh->lba_alt;
	free(gh);
	if (!(gh = *_gh = disk_read_sectors(diskinfo, lba_alt, 1))) {
	    error("Couldn't read backup GPT header.");
	    return -1;
	}
	hold_crc32 = gh->chksum;
	gh->chksum = 0;
	if (!valid_crc(hold_crc32, (const uint8_t *)gh, gh->hdr_size)) {
	    error("Secondary GPT header checksum invalid.");
	    return -1;
	}
    }
    /* restore old checksum */
    gh->chksum = hold_crc32;

    return 0;
}

static int pi_next_(struct part_iter *iter)
{
    iter->status = PI_DONE;
    return iter->status;
}

static int pi_dos_next(struct part_iter *iter)
{
    uint32_t abs_lba = 0;
    struct disk_dos_part_entry *dos_part = NULL;

    if (iter->status)
	return iter->status;

    /* look for primary partitions */
    if (iter->index0 < 4 &&
	    dos_next_mbr(iter, &abs_lba, &dos_part) < 0)
	return iter->status;

    /* look for logical partitions */
    if (iter->index0 >= 4 &&
	    dos_next_ebr(iter, &abs_lba, &dos_part) < 0)
	return iter->status;

    /*
     * note special index handling:
     * in case PIF_STEPALL is set - this makes the index consistent with
     * non-PIF_STEPALL iterators
     */

    if (!dos_part->ostype)
	iter->index = -1;
    else
	iter->index = iter->index0 + 1 - iter->dos.logskipcnt;
    iter->abs_lba = abs_lba;
    iter->length = dos_part->length;
    iter->record = (char *)dos_part;

#ifdef DEBUG
    disk_dos_part_dump(dos_part);
#endif

    return iter->status;
}

static int pi_gpt_next(struct part_iter *iter)
{
    const struct disk_gpt_part_entry *gpt_part = NULL;

    if (iter->status)
	return iter->status;

    while (++iter->index0 < iter->gpt.pe_count) {
	gpt_part = (const struct disk_gpt_part_entry *)
	    (iter->data + iter->index0 * iter->gpt.pe_size);

	if (notsane_gpt(iter)) {
	    iter->status = PI_INSANE;
	    return iter->status;
	}

	if (!guid_is0(&gpt_part->type) || (iter->flags & PIF_STEPALL))
	    break;
    }
    /* no more partitions ? */
    if (iter->index0 == iter->gpt.pe_count) {
	iter->status = PI_DONE;
	return iter->status;
    }
    /* gpt_part is guaranteed to be valid here */
    iter->index = iter->index0 + 1;
    iter->abs_lba = gpt_part->lba_first;
    iter->length = gpt_part->lba_last - gpt_part->lba_first + 1;
    iter->record = (char *)gpt_part;
    memcpy(&iter->gpt.part_guid, &gpt_part->uid, sizeof(struct guid));
    gpt_conv_label(iter);

#ifdef DEBUG
    disk_gpt_part_dump(gpt_part);
#endif

    return iter->status;
}

static struct part_iter *pi_alloc(void)
{
    struct part_iter *iter;
    if (!(iter = malloc(sizeof *iter)))
	critm();
    else
	memset(iter, 0, sizeof *iter);
    return iter;
}

/* pi_del() - delete iterator */
void pi_del(struct part_iter **_iter)
{
    if(!_iter || !*_iter)
	return;
    pi_dtor(*_iter);
    free(*_iter);
    *_iter = NULL;
}

/* pi_begin() - validate and and get proper iterator for a disk described by di */
struct part_iter *pi_begin(const struct disk_info *di, int flags)
{
    int gptprot, ret = -1;
    struct part_iter *iter;
    struct disk_dos_mbr *mbr = NULL;
    struct disk_gpt_header *gpth = NULL;
    struct disk_gpt_part_entry *gptl = NULL;

    /* Preallocate iterator */
    if (!(iter = pi_alloc()))
	goto bail;

    /* Read MBR */
    if (!(mbr = disk_read_sectors(di, 0, 1))) {
	error("Couldn't read the first disk sector.");
	goto bail;
    }

    /* Check for MBR magic */
    if (mbr->sig != disk_mbr_sig_magic) {
	warn("No MBR magic, treating disk as raw.");
	/* looks like RAW */
	ret = pi_ctor(iter, di, flags);
	goto bail;
    }

    /* Check for GPT protective MBR */
    gptprot = 0;
    for (size_t i = 0; i < 4; i++)
	gptprot |= (mbr->table[i].ostype == 0xEE);
    if (gptprot && !(flags & PIF_PREFMBR)) {
	if (!(gpth = disk_read_sectors(di, 1, 1))) {
	    error("Couldn't read potential GPT header.");
	    goto bail;
	}
    }

    if (gpth && gpth->rev.uint32 == 0x00010000 &&
	    !memcmp(gpth->sig, disk_gpt_sig_magic, sizeof gpth->sig)) {
	/* looks like GPT v1.0 */
	uint64_t gpt_loff;	    /* offset to GPT partition list in sectors */
	uint64_t gpt_lsiz;	    /* size of GPT partition list in bytes */
	uint64_t gpt_lcnt;	    /* size of GPT partition in sectors */
#ifdef DEBUG
	dprintf("Looks like a GPT v1.0 disk.\n");
	disk_gpt_header_dump(gpth);
#endif
	/* Verify checksum, fallback to backup, then bail if invalid */
	if (gpt_check_hdr_crc(di, &gpth))
	    goto bail;

	gpt_loff = gpth->lba_table;
	gpt_lsiz = (uint64_t)gpth->part_size * gpth->part_count;
	gpt_lcnt = (gpt_lsiz + di->bps - 1) / di->bps;

	/*
	 * disk_read_sectors allows reading of max 255 sectors, so we use
	 * it as a sanity check base. EFI doesn't specify max (AFAIK).
	 * Apart from that, some extensive sanity checks.
	 */
	if (!(flags & PIF_RELAX) && (
		!gpt_loff || !gpt_lsiz || gpt_lcnt > 255u ||
		gpth->lba_first_usable > gpth->lba_last_usable ||
		!sane(gpt_loff, gpt_lcnt) ||
		gpt_loff + gpt_lcnt > gpth->lba_first_usable ||
		!sane(gpth->lba_last_usable, gpt_lcnt) ||
		gpth->lba_last_usable + gpt_lcnt >= gpth->lba_alt ||
		gpth->lba_alt >= di->lbacnt ||
		gpth->part_size < sizeof *gptl)) {
	    error("Invalid GPT header's values.");
	    goto bail;
	}
	if (!(gptl = disk_read_sectors(di, gpt_loff, gpt_lcnt))) {
	    error("Couldn't read GPT partition list.");
	    goto bail;
	}
	/* Check array checksum(s). */
	if (!valid_crc(gpth->table_chksum, (const uint8_t *)gptl, (unsigned int)gpt_lsiz)) {
	    warn("Checksum of the main GPT partition list is invalid, trying backup.");
	    free(gptl);
	    /* secondary array directly precedes secondary header */
	    if (!(gptl = disk_read_sectors(di, gpth->lba_alt - gpt_lcnt, gpt_lcnt))) {
		error("Couldn't read backup GPT partition list.");
		goto bail;
	    }
	    if (!valid_crc(gpth->table_chksum, (const uint8_t *)gptl, gpt_lsiz)) {
		error("Checksum of the backup GPT partition list is invalid, giving up.");
		goto bail;
	    }
	}
	/* looks like GPT */
	ret = pi_gpt_ctor(iter, di, flags, gpth, gptl);
    } else {
	/* looks like MBR */
	ret = pi_dos_ctor(iter, di, flags, mbr);
    }
bail:
    if (ret < 0)
	free(iter);
    free(mbr);
    free(gpth);
    free(gptl);

    return iter;
}

/* vim: set ts=8 sts=4 sw=4 noet: */