Currently, zalloc() calls uncondtionally memset(),
if the allocation failes, memset() will write to a null pointer.
Fix by using kzalloc().
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff
and as consequence zalloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.
Signed-off-by: Richard Weinberger <richard@nod.at>
Evaluate the filesystem incompat and ro_compat bit fields to judge
whether the filesystem can be read or written.
For the read side only a scary warning is shown so far.
I'd love to abort mounting too, but I fear this will break some setups
where the driver works by chance.
Signed-off-by: Richard Weinberger <richard@nod.at>
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
U-Boot only knows absolute file paths. It is inconsistent to require that
saving to an ext4 file system should use a leading '/' while reading does
not. Remove the superfluous check.
Reported-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Patrice Chotard <patrice.chotard@foss.st.com>
When accessing an ext2 system the message "File System is consistent\n" is
shown after each write. This is superfluous noise. Only write a debug
message.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When a file is created in the linux and corresponding file permission
is set, if the file needs to be modified in uboot during the startup
process, the modified file permission will be reset to 755. Therefore,
when the ext4fs_write() function is called, if the file already exists,
the file permission of the new file is equal to the file permission of
the existing file.
While fat_exists() reports directories and files as existing
ext4fs_exists() only recognizes files. This lead to errors
when using systemd-boot with an ext4 file-system.
Change ext4fs_exists() to find any type of inode:
files, directories, symbolic links.
Fixes: a1596438a689 ("ext4fs ls load support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This check breaks small partitions (under 1024 blocks) because part_length
is in units of part.blksz and not bytes. Given the purpose of this
function, we really want to make sure the partition is SUPERBLOCK_START +
SUPERBLOCK_SIZE (2048) bytes so we can call ext4_read_superblock without
error.
The obvious solution is to convert callers from things like
ext4fs_mount(part_info.size)
to
ext4fs_mount(part_info.size * part_info.blksz);
However, I'm not really a fan of the bloat that would cause, especially
since the error is now suppressed. I think the best course of action here
is to just revert the patch.
This reverts commit 9905cae65e03335aefcb1ebfab5b7ee62d89f64e.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The deletion process handles special case for symlinks whose target are
small enough that it fits in struct ext2_inode.b.symlink. So no block had
been allocated. But the check of file type wrongly considered regular
files as symlink. So, no block was freed. So, the EXT4 partition could be
corrupted because of no free block available.
Signed-off-by: Corentin GUILLEVIC <corentin.guillevic@smile.fr>
No need to mount a too small partition to handle a EXT4 file system.
This patch add a test on partition size before to read the
SUPERBLOCK_SIZE buffer and avoid error latter in fs_devread() function.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The 'depth_dirname', 'ptr', 'parent_inode' and 'first_inode' pointers
may be null. Thus, it is necessary to check them before using free() to
avoid free(NULL) cases.
Fixes: 934b14f2bb30 ("ext4: free allocations by parse_path()")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
When looking for a filesystem on a partition we should do so quietly. At
present if the filesystem is very small (e.g. 512 bytes) we get a host of
messages.
Update these to only show when debugging.
Signed-off-by: Simon Glass <sjg@chromium.org>
Implementation in linux/crc16.h provides standard CRC-16 algorithm with
polynomial x^16 + x^15 + x^2 + 1. Use it and remove duplicate ext4 CRC-16
specific code.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
As u-boot doesn't support the metadata_csum feature, writing to a
filesystem with this feature enabled will fail, as expected. However,
during the process, a journal state check is performed, which could
result in:
- a fs recovery if the fs wasn't umounted properly
- the fs being marked dirty
Both these cases result in a superblock change, leading to a mismatch
between the superblock checksum and its contents. Therefore, Linux will
consider the filesystem heavily corrupted and will require e2fsck to be
run manually to boot.
By bypassing the journal state check, this patch ensures the superblock
won't be corrupted if the filesystem has metadata_csum feature enabled.
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
We need to align the cache buffer to ARCH_DMA_MINALIGN in order to avoid
access errors like
CACHE: Misaligned operation at range [be0231e0, be0235e0]
seen on the MCIMX7SABRE.
Fixes: d5aee659f217 ("fs: ext4: cache extent data")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
the destination memory region. This patch adds a check to disallow
this.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
This patch checks for 0 in several ext4 headers and gracefully
fails instead of raising a divide-by-0 exception.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.
Signed-off-by: Paul Emge <paulemge@forallsecure.com>
JOURNAL is optional for EXT4 (and EXT3) filesystems, so add support for
skipping it. This fixes corrupting EXT4 volumes without JOURNAL after
using uboot's 'ext4write' command.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
The block count entry in the EXT4 filesystem disk structures uses
standard 512-bytes units for most of the typical files. The only
exception are HUGE files, which use the filesystem block size, but those
are not supported by uboot's EXT4 implementation anyway. This patch fixes
the EXT4 code to use proper unit count for inode block count. This fixes
errors reported by fsck.ext4 on disks with non-standard (i.e. 4KiB, in
case of new flash drives) PHYSICAL block size after using 'ext4write'
uboot's command.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Ext4 allows for arbitrarily sized block group descriptors when 64-bit
addressing is enabled, which was previously not properly supported. This
patch dynamically allocates a chunk of memory of the correct size.
Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com>
Hi,
when I try to load a sparse file via ext4load, I am getting the error message
'invalid extent'
After a deeper look in the code, it seems to be an issue in the function ext4fs_get_extent_block in fs/ext4/ext4_common.c:
The file starts with 1k of zeros. The blocksize is 1024. So the first extend block contains the following information:
eh_entries: 1
eh_depth: 1
ei_block 1
When the upper layer (ext4fs_read_file) asks for fileblock 0, we are running in the 'invalid extent' error message.
For me it seems, that the code is not prepared for handling a sparse block at the beginning of the file. The following change, solved my problem:
I am really not an expert in ext4 filesystems. Can somebody please have a look at this issue and give me a feedback, if I am totally wrong or not?
Re-use the functions used to write/create a file, to support creation of a
symbolic link.
The difference with a regular file are small:
- The inode mode is flagged with S_IFLNK instead of S_IFREG
- The ext2_dirent's filetype is FILETYPE_SYMLINK instead of FILETYPE_REG
- Instead of storing the content of a file in allocated blocks, the path
to the target is stored. And if the target's path is short enough, no block
is allocated and the target's path is stored in ext2_inode.b.symlink
As with regulars files, if a file/symlink with the same name exits, it is
unlinked first and then re-created.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix ext4 env code]
Signed-off-by: Tom Rini <trini@konsulko.com>
There is no need to modify the buffer passed to ext4fs_write_file().
The memset() call is not required here and was likely copied from the
equivalent part of the ext4fs_read_file() function where we do need it.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
When a file contains extents, U-Boot currently reads extent-related data
for each block in the file, even if that data is located in the same
block each time. This significantly slows down loading of files that use
extents. Implement a very dumb cache to prevent repeatedly reading the
same block. Files with extents now load as fast as files without.
Note: There are many cases where read_allocated_block() is called. This
patch only addresses one of those places; all others still read redundant
data in any case they did before. This is a minimal patch to fix the
load command; other cases aren't fixed.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
U-Boot doesn't support metadata_csum feature. Writing to filesystem with
metadata_csum feature makes the filesystem corrupted and unbootable by
Linux:
[ 2.527495] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 0 failed (52188!=0)
[ 2.537421] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 1 failed (5262!=0)
...
[ 2.653308] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 14 failed (42611!=0)
[ 2.662179] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 15 failed (21527!=0)
[ 2.687920] JBD2: journal checksum error
[ 2.691982] EXT4-fs (mmcblk0p2): error loading journal
[ 2.698292] VFS: Cannot open root device "mmcblk0p2" or unknown-block(179,2): error -74
Don't write to filesystem with meatadata_csum feature to not corrupt the
filesystem.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
In int-ll64.h, we always use the following typedefs:
typedef unsigned int u32;
typedef unsigned long uintptr_t;
typedef unsigned long long u64;
This does not need to match to the compiler's <inttypes.h>.
Do not include it.
The use of PRI* makes the code super-ugly. You can simply use
"l" for printing uintptr_t, "ll" for u64, and no modifier for u32.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Found a crash while issuing ext4ls with a non-existent directory.
Crash test:
=> ext4ls mmc 0 1
** Can not find directory. **
data abort
pc : [<3fd7c2ec>] lr : [<3fd93ed8>]
reloc pc : [<26f142ec>] lr : [<26f2bed8>]
sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370
r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68
r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c
r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)
Looks like crash is introduced by commit:
"fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Issue is that dirnode is not initialized, and then freed if the call
to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
thus we have a crash with data abort.
I added initialization and a check for dirname being NULL.
Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Migrate the following symbols to Kconfig:
CONFIG_FS_EXT4
CONFIG_EXT4_WRITE
The definitions in config_fallbacks.h can now be expressed in Kconfig.
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:
- Stop reading directory entries if the offset becomes badly aligned.
- Avoid overwriting memory by clamping the length used to zero the buffer
in ext4fs_read_file. Also sanity check blocksize.
Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
Reviewed-by: Stefano Babic <sbabic@denx.de>
As reported by Coverity, we did not free dirnode in the case of failure.
Do so now.
Reported-by: Coverity (CID: 131221)
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
The current code doesn't compute the group descriptor checksum correctly
for the filesystems that e2fsprogs 1.43.4 creates (they have
'Group descriptor size: 64' as reported by tune2fs). Extend the checksum
calculation to be done as ext4_group_desc_csum() does in Linux.
This fixes these errors in dmesg from running fs-test.sh and makes it
succeed again:
[1671902.620699] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (35782!=10965)
[1671902.620706] EXT4-fs (loop1): group descriptors corrupted!
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
The ext4, reiserfs and zfs filesystems all have their own implementation
of the same function, *_devread. Generalize this function into fs_devread
and put the code into fs/fs_internal.c.
Signed-off-by: Marek Behun <marek.behun@nic.cz>
[trini: Move fs/fs_internal.o hunk to the end of fs/Makefile as all
cases need it]
Signed-off-by: Tom Rini <trini@konsulko.com>
While &p_jdb[fs->blksz] is a valid expression (it points *one* char
sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
invalid (according to the C standard (C99/C11)).
Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reported-by: Coverity (CID: 165117, 165110)
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
In file ext4fs.c funtion ext4fs_read_file() compares an
unsigned expression with < 0 like below
lbaint_t blknr;
blknr = read_allocated_block(&(node->inode), i);
if (blknr < 0)
return -1;
blknr is of type ulong/uint64_t. read_allocated_block() returns
long int. So comparing blknr with < 0 will always be false. Instead
declare blknr as long int.
Similarly ext4/dev.c does a similar comparison. Drop the redundant
comparison.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>