Commit Graph

34 Commits

Author SHA1 Message Date
Paul Emge
e205896c53 CVE-2019-13106: ext4: fix out-of-bounds memset
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
the destination memory region. This patch adds a check to disallow
this.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18 11:31:29 -04:00
Paul Emge
878269dbe7 CVE-2019-13104: ext4: check for underflow in ext4fs_read_file
in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18 11:31:29 -04:00
Paul Emge
6e5a79de65 CVE-2019-13105: ext4: fix double-free in ext4_cache_read
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18 11:31:28 -04:00
Stephen Warren
d5aee659f2 fs: ext4: cache extent data
When a file contains extents, U-Boot currently reads extent-related data
for each block in the file, even if that data is located in the same
block each time. This significantly slows down loading of files that use
extents. Implement a very dumb cache to prevent repeatedly reading the
same block. Files with extents now load as fast as files without.

Note: There are many cases where read_allocated_block() is called. This
patch only addresses one of those places; all others still read redundant
data in any case they did before. This is a minimal patch to fix the
load command; other cases aren't fixed.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2019-04-09 15:34:15 -04:00
Eugen Hristev
e71a969cea fs: ext4: fix crash on ext4ls
Found a crash while issuing ext4ls with a non-existent directory.
Crash test:

=> ext4ls mmc 0 1
** Can not find directory. **
data abort
pc : [<3fd7c2ec>]          lr : [<3fd93ed8>]
reloc pc : [<26f142ec>]    lr : [<26f2bed8>]
sp : 3f963338  ip : 3fdc3dc4     fp : 3fd6b370
r10: 00000004  r9 : 3f967ec0     r8 : 3f96db68
r7 : 3fdc99b4  r6 : 00000000     r5 : 3f96dc88  r4 : 3fdcbc8c
r3 : fffffffa  r2 : 00000000     r1 : 3f96e0bc  r0 : 00000002
Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
Resetting CPU ...

resetting ...

Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)

Looks like crash is introduced by commit:
"fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls

Issue is that dirnode is not initialized, and then freed if the call
to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
thus we have a crash with data abort.

I added initialization and a check for dirname being NULL.

Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-05-23 17:30:04 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Ian Ray
ecdfb4195b ext4: recover from filesystem corruption when reading
Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:

 - Stop reading directory entries if the offset becomes badly aligned.

 - Avoid overwriting memory by clamping the length used to zero the buffer
   in ext4fs_read_file.  Also sanity check blocksize.

Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
Reviewed-by: Stefano Babic <sbabic@denx.de>
2017-11-20 09:58:31 +01:00
Tom Rini
fa9ca8a5d2 fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
As reported by Coverity, we did not free dirnode in the case of failure.
Do so now.

Reported-by: Coverity (CID: 131221)
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-10-06 11:28:22 -04:00
Lokesh Vutla
509b498a50 ext4: Fix comparision of unsigned expression with < 0
In file ext4fs.c funtion ext4fs_read_file() compares an
unsigned expression with < 0 like below

	lbaint_t blknr;
	blknr = read_allocated_block(&(node->inode), i);
	if (blknr < 0)
		return -1;

blknr is of type ulong/uint64_t. read_allocated_block() returns
long int. So comparing blknr with < 0 will always be false. Instead
declare blknr as long int.

Similarly ext4/dev.c does a similar comparison. Drop the redundant
comparison.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2017-04-27 16:49:09 -04:00
Stefan Brüns
66a47ff2d8 ext4: Allow reading files with non-zero offset, clamp read len
Support was already implemented, but not hooked up. This fixes several
fails in the test cases.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Acked-by: Stephen Warren <swarren@wwwdotorg.org>
2016-11-21 14:07:27 -05:00
Michael Walle
7f101be314 ext4: use kernel names for byte swaps
Instead of __{be,le}{16,32}_to_cpu use {be,le}{16,32}_to_cpu.

Signed-off-by: Michael Walle <michael@walle.cc>
2016-09-23 09:02:02 -04:00
Simon Glass
4101f68792 dm: Drop the block_dev_desc_t typedef
Use 'struct' instead of a typdef. Also since 'struct block_dev_desc' is long
and causes 80-column violations, rename it to struct blk_desc.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
2016-03-14 15:34:50 -06:00
Tom Rini
9e374e7b72 fs/ext4/ext4fs.c, fs/fs.c fs/fat/fat_write.c: Adjust 64bit math methods
The changes to introduce loff_t into filesize means that we need to do
64bit math on 32bit platforms.  Make sure we use the right wrappers for
these operations.

Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Cc: Suriyan Ramasami <suriyan.r@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@ti.com>
Tested-by: Pierre Aubert <p.aubert@staubli.com>
2014-12-01 15:21:57 -05:00
Suriyan Ramasami
d455d8789d fs: API changes enabling extra parameter to return size of type loff_t
The sandbox/ext4/fat/generic fs commands do not gracefully deal with files
greater than 2GB. Negative values are returned in such cases.

To handle this, the fs functions have been modified to take an additional
parameter of type "* loff_t" which is then populated. The return value
of the fs functions are used only for error conditions.

Signed-off-by: Suriyan Ramasami <suriyan.r@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Update board/gdsys/p1022/controlcenterd-id.c,
drivers/fpga/zynqpl.c for changes]
Signed-off-by: Tom Rini <trini@ti.com>
2014-11-23 06:49:04 -05:00
Suriyan Ramasami
9f12cd0e06 ext4: Prepare API change for files greater than 2GB
Change the internal EXT4 functions to use loff_t for offsets.

Signed-off-by: Suriyan Ramasami <suriyan.r@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Update common/spl/spl_ext.c]
Signed-off-by: Tom Rini <trini@ti.com>
2014-11-23 06:49:04 -05:00
Christian Gmeiner
59e890ef7b fs: make it possible to read the filesystem UUID
Some filesystems have a UUID stored in its superblock. To
allow using root=UUID=... for the kernel command line we
need a way to read-out the filesystem UUID.

changes rfc -> v1:
 - make the environment variable an option parameter. If not
   given, the UUID is printed out. If given, it is stored in the env
   variable.
 - corrected typos
 - return error codes

changes v1 -> v2:
 - fix return code of do_fs_uuid(..)
 - document do_fs_uuid(..)
 - implement fs_uuid_unsuported(..) be more consistent with the
   way other optional functionality works

changes v2 -> v3:
 - change ext4fs_uuid(..) to make use of #if .. #else .. #endif
   construct to get rid of unreachable code

Hit any key to stop autoboot:  0
=> fsuuid
fsuuid - Look up a filesystem UUID

Usage:
fsuuid <interface> <dev>:<part>
    - print filesystem UUID
fsuuid <interface> <dev>:<part> <varname>
    - set environment variable to filesystem UUID

=> fsuuid mmc 0:1
d9f9fc05-45ae-4a36-a616-fccce0e4f887
=> fsuuid mmc 0:2
eb3db83c-7b28-499f-95ce-9e0bb21cda81
=> fsuuid mmc 0:1 uuid1
=> fsuuid mmc 0:2 uuid2
=> printenv uuid1
uuid1=d9f9fc05-45ae-4a36-a616-fccce0e4f887
=> printenv uuid2
uuid2=eb3db83c-7b28-499f-95ce-9e0bb21cda81
=>

Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Acked-by: Stephen Warren <swarren@nvidia.com>
2014-11-23 06:49:01 -05:00
Stephen Warren
cf6598193a fs: implement size/fatsize/ext4size
These commands may be used to determine the size of a file without
actually reading the whole file content into memory. This may be used
to determine if the file will fit into the memory buffer that will
contain it. In particular, the DFU code will use it for this purpose
in the next commit.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2014-08-09 11:16:57 -04:00
Tom Rini
715b56fe2b Revert "ext4fs: Add ext4 extent cache for read operations"
This reverts commit fc0fc50f38.

The author has asked on the mailing list that we revert this for now as
it breaks write support.

Reported-by: Łukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Tom Rini <trini@ti.com>
2014-02-26 08:18:58 -05:00
Ionut Nicu
fc0fc50f38 ext4fs: Add ext4 extent cache for read operations
In an ext4 filesystem, the inode corresponding to a file has a 60-byte
area which contains an extent header structure and up to 4 extent
structures (5 x 12 bytes).

For files that need more than 4 extents to be represented (either files
larger than 4 x 128MB = 512MB or smaller files but very fragmented),
ext4 creates extent index structures. Each extent index points to a 4KB
physical block where one extent header and additional 340 extents could
be stored.

The current u-boot ext4 code is very inefficient when it tries to load a
file which has extent indexes. For each logical file block the code will
read over and over again the same blocks of 4096 bytes from the disk.

Since the extent tree in a file is always the same, we can cache the
extent structures in memory before actually starting to read the file.

This patch creates a simple linked list of structures holding information
about all the extents used to represent a file. The list is sorted by
the logical block number (ee_block) so that we can easily find the
proper extent information for any file block.

Without this patch, a 69MB file which had just one extent index pointing
to a block with another 6 extents was read in approximately 3 minutes.
With this patch applied the same file can be read in almost 20 seconds.

Signed-off-by: Ionut Nicu <ioan.nicu.ext@nsn.com>
2014-02-21 11:33:18 -05:00
Stephen Warren
55af5c9313 ext4: implement exists() for ext4fs
This hooks into the generic "file exists" support added in an earlier
patch, and provides an implementation for the ext4 filesystem.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-02-19 09:47:34 -05:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Frederic Leroy
04735e9c55 Fix ext2/ext4 filesystem accesses beyond 2TiB
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives

We now use lbaint_t for partition offset to reflect the lbaint_t change,
and access partitions beyond or crossing the 2.1TiB limit.
This required changes to signature of ext4fs_devread(), and type of all
variables relatives to block sector.

ext2/ext4 fs uses logical block represented by a 32 bit value. Logical
block is a multiple of device block sector. To avoid overflow problem
when calling ext4fs_devread(), we need to cast the sector parameter.

Signed-off-by: Frédéric Leroy <fredo@starox.org>
2013-07-15 17:06:13 -04:00
Egbert Eich
50ce4c07df fs/ext4: Support device block sizes != 512 bytes
The 512 byte block size was hard coded in the ext4 file systems.
Large harddisks today support bigger block sizes typically 4096
bytes.
This patch removes this limitation.

Signed-off-by: Egbert Eich <eich@suse.com>
2013-05-10 08:16:33 -04:00
Simon Glass
e6d5241534 fs: Move ls and read methods into ext4, fat
It doesn't make a lot of sense to have these methods in fs.c. They are
filesystem-specific, not generic code. Add each to the relevant
filesystem and remove the associated #ifdefs in fs.c.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@ti.com>
2013-03-04 14:19:56 -05:00
Simon Glass
293d7fbd47 ext4: Split write support into its own file
This code seems to be entirely othogonal, so remove the #ifdef and put
the condition in the Makefile instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-03-04 14:19:56 -05:00
Łukasz Majewski
13d43555a9 fs:ext4:write: Initialize cache aligned filename buffer
The filename buffer is allocated dynamically. It must be cache aligned.
Moreover, it is necessary to erase its content before we use it for
file name operations.

This prevents from corruption of written file names.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
2012-12-07 08:47:53 -07:00
Łukasz Majewski
d429ca0d83 fs:ext4:fix: Code refactoring to suppress compiler warnings
Several fixes to suppress compiler's (eldk-5.[12].x  gcc 4.6)
warning  [-Wunused-but-set-variable]

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
2012-12-07 08:47:53 -07:00
Łukasz Majewski
32fc16d7e7 fs:ext4:write: Add lldiv and do_div to perform 64-32 bits division
The ext4write code has been using direct calls to 64-32 division
(/ and %).

Officially supported u-boot toolchains (eldk-5.[12].x) generate calls
to __aeabi_uldivmod(), which is niether defined in the toolchain libs
nor u-boot source tree.

Due to that, when the ext4write command has been executed, "undefined
instruction" execption was generated (since the __aeabi_uldivmod()
is not provided).

To fix this error, lldiv() for division and do_div() for modulo have
been used.

Those two functions are recommended for performing 64-32 bit number
division in u-boot.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
2012-12-07 08:47:52 -07:00
Stephen Warren
03e2ecf6b8 fs: separate CONFIG_FS_{FAT, EXT4} from CONFIG_CMD_{FAT, EXT*}
This makes the FAT and ext4 filesystem implementations build if
CONFIG_FS_{FAT,EXT4} are defined, rather than basing the build on
whether CONFIG_CMD_{FAT,EXT*} are defined. This will allow the
filesystems to be built separately from the filesystem-specific commands
that use them. This paves the way for the creation of filesystem-generic
commands that used the filesystems, without requiring the filesystem-
specific commands.

Minor documentation changes are made for this change.

The new config options are automatically selected by the old config
options to retain backwards-compatibility.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
2012-10-29 14:21:19 -07:00
Simon Glass
73c15c634d ext4: Rename block group descriptor table from gd to bgd
On x86 machines gd is unfortunately a #define, so we should avoid using
gd for anything. This patch changes uses of gd to bgd so that ext4fs
can be used on x86.

A better fix would be to remove the #define in x86, but I'm not sure
how to do that.

Signed-off-by: Simon Glass <sjg@chromium.org>
2012-10-03 18:21:33 -07:00
Rob Herring
81180819b8 cmd_extX: use common get_device_and_partition function
Convert ext2/4 load, ls, and write functions to use common device and
partition parsing function. With the common function "dev:part" can come
from the environment and a '-' can be used in that case.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
2012-09-25 14:46:55 -07:00
Rob Herring
9450106296 ext4: remove init_fs/deinit_fs
There's no real need to expose this and it can be removed by using a static
allocation.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
2012-09-25 14:46:35 -07:00
Uma Shankar
ed34f34dba ext4fs write support
Signed-off-by: Uma Shankar <uma.shankar@samsung.com>
Signed-off-by: Manjunatha C Achar <a.manjunatha@samsung.com>
Signed-off-by: Iqbal Shareef <iqbal.ams@samsung.com>
Signed-off-by: Hakgoo Lee <goodguy.lee@samsung.com>
2012-08-09 23:48:02 +02:00
Uma Shankar
a1596438a6 ext4fs ls load support
Signed-off-by: Uma Shankar <uma.shankar@samsung.com>
Signed-off-by: Manjunatha C Achar <a.manjunatha@samsung.com>
Signed-off-by: Iqbal Shareef <iqbal.ams@samsung.com>
Signed-off-by: Hakgoo Lee <goodguy.lee@samsung.com>
2012-08-09 23:47:43 +02:00