kvmvapic: Catch invalid ROM size
[qemu-kvm.git] / block / dmg.c
blob3141cb5b889a4972eb40a3e09e761cac85db2bfa
1 /*
2 * QEMU Block driver for DMG images
4 * Copyright (c) 2004 Johannes E. Schindelin
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
24 #include "qemu-common.h"
25 #include "block/block_int.h"
26 #include "qemu/bswap.h"
27 #include "qemu/module.h"
28 #include <zlib.h>
30 typedef struct BDRVDMGState {
31 CoMutex lock;
32 /* each chunk contains a certain number of sectors,
33 * offsets[i] is the offset in the .dmg file,
34 * lengths[i] is the length of the compressed chunk,
35 * sectors[i] is the sector beginning at offsets[i],
36 * sectorcounts[i] is the number of sectors in that chunk,
37 * the sectors array is ordered
38 * 0<=i<n_chunks */
40 uint32_t n_chunks;
41 uint32_t* types;
42 uint64_t* offsets;
43 uint64_t* lengths;
44 uint64_t* sectors;
45 uint64_t* sectorcounts;
46 uint32_t current_chunk;
47 uint8_t *compressed_chunk;
48 uint8_t *uncompressed_chunk;
49 z_stream zstream;
50 } BDRVDMGState;
52 static int dmg_probe(const uint8_t *buf, int buf_size, const char *filename)
54 int len;
56 if (!filename) {
57 return 0;
60 len = strlen(filename);
61 if (len > 4 && !strcmp(filename + len - 4, ".dmg")) {
62 return 2;
64 return 0;
67 static int read_uint64(BlockDriverState *bs, int64_t offset, uint64_t *result)
69 uint64_t buffer;
70 int ret;
72 ret = bdrv_pread(bs->file, offset, &buffer, 8);
73 if (ret < 0) {
74 return ret;
77 *result = be64_to_cpu(buffer);
78 return 0;
81 static int read_uint32(BlockDriverState *bs, int64_t offset, uint32_t *result)
83 uint32_t buffer;
84 int ret;
86 ret = bdrv_pread(bs->file, offset, &buffer, 4);
87 if (ret < 0) {
88 return ret;
91 *result = be32_to_cpu(buffer);
92 return 0;
95 static int dmg_open(BlockDriverState *bs, QDict *options, int flags)
97 BDRVDMGState *s = bs->opaque;
98 uint64_t info_begin,info_end,last_in_offset,last_out_offset;
99 uint32_t count, tmp;
100 uint32_t max_compressed_size=1,max_sectors_per_chunk=1,i;
101 int64_t offset;
102 int ret;
104 bs->read_only = 1;
105 s->n_chunks = 0;
106 s->offsets = s->lengths = s->sectors = s->sectorcounts = NULL;
108 /* read offset of info blocks */
109 offset = bdrv_getlength(bs->file);
110 if (offset < 0) {
111 ret = offset;
112 goto fail;
114 offset -= 0x1d8;
116 ret = read_uint64(bs, offset, &info_begin);
117 if (ret < 0) {
118 goto fail;
119 } else if (info_begin == 0) {
120 ret = -EINVAL;
121 goto fail;
124 ret = read_uint32(bs, info_begin, &tmp);
125 if (ret < 0) {
126 goto fail;
127 } else if (tmp != 0x100) {
128 ret = -EINVAL;
129 goto fail;
132 ret = read_uint32(bs, info_begin + 4, &count);
133 if (ret < 0) {
134 goto fail;
135 } else if (count == 0) {
136 ret = -EINVAL;
137 goto fail;
139 info_end = info_begin + count;
141 offset = info_begin + 0x100;
143 /* read offsets */
144 last_in_offset = last_out_offset = 0;
145 while (offset < info_end) {
146 uint32_t type;
148 ret = read_uint32(bs, offset, &count);
149 if (ret < 0) {
150 goto fail;
151 } else if (count == 0) {
152 ret = -EINVAL;
153 goto fail;
155 offset += 4;
157 ret = read_uint32(bs, offset, &type);
158 if (ret < 0) {
159 goto fail;
162 if (type == 0x6d697368 && count >= 244) {
163 int new_size, chunk_count;
165 offset += 4;
166 offset += 200;
168 chunk_count = (count-204)/40;
169 new_size = sizeof(uint64_t) * (s->n_chunks + chunk_count);
170 s->types = g_realloc(s->types, new_size/2);
171 s->offsets = g_realloc(s->offsets, new_size);
172 s->lengths = g_realloc(s->lengths, new_size);
173 s->sectors = g_realloc(s->sectors, new_size);
174 s->sectorcounts = g_realloc(s->sectorcounts, new_size);
176 for (i = s->n_chunks; i < s->n_chunks + chunk_count; i++) {
177 ret = read_uint32(bs, offset, &s->types[i]);
178 if (ret < 0) {
179 goto fail;
181 offset += 4;
182 if(s->types[i]!=0x80000005 && s->types[i]!=1 && s->types[i]!=2) {
183 if(s->types[i]==0xffffffff) {
184 last_in_offset = s->offsets[i-1]+s->lengths[i-1];
185 last_out_offset = s->sectors[i-1]+s->sectorcounts[i-1];
187 chunk_count--;
188 i--;
189 offset += 36;
190 continue;
192 offset += 4;
194 ret = read_uint64(bs, offset, &s->sectors[i]);
195 if (ret < 0) {
196 goto fail;
198 s->sectors[i] += last_out_offset;
199 offset += 8;
201 ret = read_uint64(bs, offset, &s->sectorcounts[i]);
202 if (ret < 0) {
203 goto fail;
205 offset += 8;
207 ret = read_uint64(bs, offset, &s->offsets[i]);
208 if (ret < 0) {
209 goto fail;
211 s->offsets[i] += last_in_offset;
212 offset += 8;
214 ret = read_uint64(bs, offset, &s->lengths[i]);
215 if (ret < 0) {
216 goto fail;
218 offset += 8;
220 if(s->lengths[i]>max_compressed_size)
221 max_compressed_size = s->lengths[i];
222 if(s->sectorcounts[i]>max_sectors_per_chunk)
223 max_sectors_per_chunk = s->sectorcounts[i];
225 s->n_chunks+=chunk_count;
229 /* initialize zlib engine */
230 s->compressed_chunk = g_malloc(max_compressed_size+1);
231 s->uncompressed_chunk = g_malloc(512*max_sectors_per_chunk);
232 if(inflateInit(&s->zstream) != Z_OK) {
233 ret = -EINVAL;
234 goto fail;
237 s->current_chunk = s->n_chunks;
239 qemu_co_mutex_init(&s->lock);
240 return 0;
242 fail:
243 g_free(s->types);
244 g_free(s->offsets);
245 g_free(s->lengths);
246 g_free(s->sectors);
247 g_free(s->sectorcounts);
248 g_free(s->compressed_chunk);
249 g_free(s->uncompressed_chunk);
250 return ret;
253 static inline int is_sector_in_chunk(BDRVDMGState* s,
254 uint32_t chunk_num,int sector_num)
256 if(chunk_num>=s->n_chunks || s->sectors[chunk_num]>sector_num ||
257 s->sectors[chunk_num]+s->sectorcounts[chunk_num]<=sector_num)
258 return 0;
259 else
260 return -1;
263 static inline uint32_t search_chunk(BDRVDMGState* s,int sector_num)
265 /* binary search */
266 uint32_t chunk1=0,chunk2=s->n_chunks,chunk3;
267 while(chunk1!=chunk2) {
268 chunk3 = (chunk1+chunk2)/2;
269 if(s->sectors[chunk3]>sector_num)
270 chunk2 = chunk3;
271 else if(s->sectors[chunk3]+s->sectorcounts[chunk3]>sector_num)
272 return chunk3;
273 else
274 chunk1 = chunk3;
276 return s->n_chunks; /* error */
279 static inline int dmg_read_chunk(BlockDriverState *bs, int sector_num)
281 BDRVDMGState *s = bs->opaque;
283 if(!is_sector_in_chunk(s,s->current_chunk,sector_num)) {
284 int ret;
285 uint32_t chunk = search_chunk(s,sector_num);
287 if(chunk>=s->n_chunks)
288 return -1;
290 s->current_chunk = s->n_chunks;
291 switch(s->types[chunk]) {
292 case 0x80000005: { /* zlib compressed */
293 int i;
295 /* we need to buffer, because only the chunk as whole can be
296 * inflated. */
297 i=0;
298 do {
299 ret = bdrv_pread(bs->file, s->offsets[chunk] + i,
300 s->compressed_chunk+i, s->lengths[chunk]-i);
301 if(ret<0 && errno==EINTR)
302 ret=0;
303 i+=ret;
304 } while(ret>=0 && ret+i<s->lengths[chunk]);
306 if (ret != s->lengths[chunk])
307 return -1;
309 s->zstream.next_in = s->compressed_chunk;
310 s->zstream.avail_in = s->lengths[chunk];
311 s->zstream.next_out = s->uncompressed_chunk;
312 s->zstream.avail_out = 512*s->sectorcounts[chunk];
313 ret = inflateReset(&s->zstream);
314 if(ret != Z_OK)
315 return -1;
316 ret = inflate(&s->zstream, Z_FINISH);
317 if(ret != Z_STREAM_END || s->zstream.total_out != 512*s->sectorcounts[chunk])
318 return -1;
319 break; }
320 case 1: /* copy */
321 ret = bdrv_pread(bs->file, s->offsets[chunk],
322 s->uncompressed_chunk, s->lengths[chunk]);
323 if (ret != s->lengths[chunk])
324 return -1;
325 break;
326 case 2: /* zero */
327 memset(s->uncompressed_chunk, 0, 512*s->sectorcounts[chunk]);
328 break;
330 s->current_chunk = chunk;
332 return 0;
335 static int dmg_read(BlockDriverState *bs, int64_t sector_num,
336 uint8_t *buf, int nb_sectors)
338 BDRVDMGState *s = bs->opaque;
339 int i;
341 for(i=0;i<nb_sectors;i++) {
342 uint32_t sector_offset_in_chunk;
343 if(dmg_read_chunk(bs, sector_num+i) != 0)
344 return -1;
345 sector_offset_in_chunk = sector_num+i-s->sectors[s->current_chunk];
346 memcpy(buf+i*512,s->uncompressed_chunk+sector_offset_in_chunk*512,512);
348 return 0;
351 static coroutine_fn int dmg_co_read(BlockDriverState *bs, int64_t sector_num,
352 uint8_t *buf, int nb_sectors)
354 int ret;
355 BDRVDMGState *s = bs->opaque;
356 qemu_co_mutex_lock(&s->lock);
357 ret = dmg_read(bs, sector_num, buf, nb_sectors);
358 qemu_co_mutex_unlock(&s->lock);
359 return ret;
362 static void dmg_close(BlockDriverState *bs)
364 BDRVDMGState *s = bs->opaque;
366 g_free(s->types);
367 g_free(s->offsets);
368 g_free(s->lengths);
369 g_free(s->sectors);
370 g_free(s->sectorcounts);
371 g_free(s->compressed_chunk);
372 g_free(s->uncompressed_chunk);
374 inflateEnd(&s->zstream);
377 static BlockDriver bdrv_dmg = {
378 .format_name = "dmg",
379 .instance_size = sizeof(BDRVDMGState),
380 .bdrv_probe = dmg_probe,
381 .bdrv_open = dmg_open,
382 .bdrv_read = dmg_co_read,
383 .bdrv_close = dmg_close,
386 static void bdrv_dmg_init(void)
388 bdrv_register(&bdrv_dmg);
391 block_init(bdrv_dmg_init);