u-boot.git/fs/ext4, branch v2020.01 Unnamed repository; edit this file 'description' to name the repository. CVE-2019-13106: ext4: fix out-of-bounds memset 2019-07-18T15:31:29+00:00 Paul Emge paulemge@forallsecure.com 2019-07-08T23:37:07+00:00 e205896c5383c938274262524adceb2775fb03ba In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of the destination memory region. This patch adds a check to disallow this. Signed-off-by: Paul Emge <paulemge@forallsecure.com> 
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
the destination memory region. This patch adds a check to disallow
this.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
ext4: gracefully fail on divide-by-0 2019-07-18T15:31:29+00:00 Paul Emge paulemge@forallsecure.com 2019-07-08T23:37:06+00:00 084be43b751df7133c94c6bf556bc61bd6297406 This patch checks for 0 in several ext4 headers and gracefully fails instead of raising a divide-by-0 exception. Signed-off-by: Paul Emge <paulemge@forallsecure.com> 
This patch checks for 0 in several ext4 headers and gracefully
fails instead of raising a divide-by-0 exception.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
CVE-2019-13104: ext4: check for underflow in ext4fs_read_file 2019-07-18T15:31:29+00:00 Paul Emge paulemge@forallsecure.com 2019-07-08T23:37:05+00:00 878269dbe74229005dd7f27aca66c554e31dad8e in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge <paulemge@forallsecure.com> 
in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
CVE-2019-13105: ext4: fix double-free in ext4_cache_read 2019-07-18T15:31:28+00:00 Paul Emge paulemge@forallsecure.com 2019-07-08T23:37:04+00:00 6e5a79de658cb1c8012c86e0837379aa6eabd024 ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge <paulemge@forallsecure.com> 
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
ext4: add support for filesystems without JOURNAL 2019-07-18T15:31:24+00:00 Marek Szyprowski m.szyprowski@samsung.com 2019-06-21T13:35:35+00:00 bd8fbd8a13b8a696aed312753f46432b19b61fd6 JOURNAL is optional for EXT4 (and EXT3) filesystems, so add support for skipping it. This fixes corrupting EXT4 volumes without JOURNAL after using uboot's 'ext4write' command. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Lukasz Majewski <lukma@denx.de> 
JOURNAL is optional for EXT4 (and EXT3) filesystems, so add support for
skipping it. This fixes corrupting EXT4 volumes without JOURNAL after
using uboot's 'ext4write' command.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
ext4: fix calculating inode blkcount for non-512 blocksize filesystems 2019-07-18T15:31:24+00:00 Marek Szyprowski m.szyprowski@samsung.com 2019-06-21T13:32:51+00:00 1c9f8f6412de4447c4f6fadeac1919c89de005f7 The block count entry in the EXT4 filesystem disk structures uses standard 512-bytes units for most of the typical files. The only exception are HUGE files, which use the filesystem block size, but those are not supported by uboot's EXT4 implementation anyway. This patch fixes the EXT4 code to use proper unit count for inode block count. This fixes errors reported by fsck.ext4 on disks with non-standard (i.e. 4KiB, in case of new flash drives) PHYSICAL block size after using 'ext4write' uboot's command. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Lukasz Majewski <lukma@denx.de> 
The block count entry in the EXT4 filesystem disk structures uses
standard 512-bytes units for most of the typical files. The only
exception are HUGE files, which use the filesystem block size, but those
are not supported by uboot's EXT4 implementation anyway. This patch fixes
the EXT4 code to use proper unit count for inode block count. This fixes
errors reported by fsck.ext4 on disks with non-standard (i.e. 4KiB, in
case of new flash drives) PHYSICAL block size after using 'ext4write'
uboot's command.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Fix ext4 block group descriptor sizing 2019-04-10T00:04:06+00:00 Benjamin Lim jarsp.ctf@gmail.com 2019-03-29T11:29:45+00:00 febbc583319b567fe3d83e521cc2ace9be8d1501 Ext4 allows for arbitrarily sized block group descriptors when 64-bit addressing is enabled, which was previously not properly supported. This patch dynamically allocates a chunk of memory of the correct size. Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com> 
Ext4 allows for arbitrarily sized block group descriptors when 64-bit
addressing is enabled, which was previously not properly supported. This
patch dynamically allocates a chunk of memory of the correct size.

Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com>
fs: ext4: Problem with ext4load and sparse files 2019-04-10T00:04:03+00:00 Gero Schumacher Gero.Schumacher@peiker-cee.de 2019-02-26T15:45:22+00:00 1c48fda3e5a88159130b4d4805fbdf367212afab Hi, when I try to load a sparse file via ext4load, I am getting the error message 'invalid extent' After a deeper look in the code, it seems to be an issue in the function ext4fs_get_extent_block in fs/ext4/ext4_common.c: The file starts with 1k of zeros. The blocksize is 1024. So the first extend block contains the following information: eh_entries: 1 eh_depth: 1 ei_block 1 When the upper layer (ext4fs_read_file) asks for fileblock 0, we are running in the 'invalid extent' error message. For me it seems, that the code is not prepared for handling a sparse block at the beginning of the file. The following change, solved my problem: I am really not an expert in ext4 filesystems. Can somebody please have a look at this issue and give me a feedback, if I am totally wrong or not? 
Hi,

when I try to load a sparse file via ext4load, I am getting the error message
'invalid extent'

After a deeper look in the code, it seems to be an issue in the function ext4fs_get_extent_block in fs/ext4/ext4_common.c:

The file starts with 1k of zeros. The blocksize is 1024. So the first extend block contains the following information:

eh_entries: 1
eh_depth: 1
ei_block 1

When the upper layer (ext4fs_read_file) asks for fileblock 0, we are running in the 'invalid extent' error message.
For me it seems, that the code is not prepared for handling a sparse block at the beginning of the file. The following change, solved my problem:

I am really not an expert in ext4 filesystems. Can somebody please have a look at this issue and give me a feedback, if I am totally wrong or not?
fs: ext4: Add support for the creation of symbolic links 2019-04-10T00:03:30+00:00 Jean-Jacques Hiblot jjhiblot@ti.com 2019-02-13T11:15:25+00:00 5efc0686eebc0c0daabfbfc2c403f8251b468526 Re-use the functions used to write/create a file, to support creation of a symbolic link. The difference with a regular file are small: - The inode mode is flagged with S_IFLNK instead of S_IFREG - The ext2_dirent's filetype is FILETYPE_SYMLINK instead of FILETYPE_REG - Instead of storing the content of a file in allocated blocks, the path to the target is stored. And if the target's path is short enough, no block is allocated and the target's path is stored in ext2_inode.b.symlink As with regulars files, if a file/symlink with the same name exits, it is unlinked first and then re-created. Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> [trini: Fix ext4 env code] Signed-off-by: Tom Rini <trini@konsulko.com> 
Re-use the functions used to write/create a file, to support creation of a
symbolic link.
The difference with a regular file are small:
- The inode mode is flagged with S_IFLNK instead of S_IFREG
- The ext2_dirent's filetype is FILETYPE_SYMLINK instead of FILETYPE_REG
- Instead of storing the content of a file in allocated blocks, the path
to the target is stored. And if the target's path is short enough, no block
is allocated and the target's path is stored in ext2_inode.b.symlink

As with regulars files, if a file/symlink with the same name exits, it is
unlinked first and then re-created.

Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix ext4 env code]
Signed-off-by: Tom Rini <trini@konsulko.com>
fs: ext4: constify the buffer passed to write functions 2019-04-09T19:34:15+00:00 Jean-Jacques Hiblot jjhiblot@ti.com 2019-02-13T11:15:24+00:00 b000180b0f467851525aae3d0dfb8ab3a9dbcf8f There is no need to modify the buffer passed to ext4fs_write_file(). The memset() call is not required here and was likely copied from the equivalent part of the ext4fs_read_file() function where we do need it. Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
There is no need to modify the buffer passed to ext4fs_write_file().
The memset() call is not required here and was likely copied from the
equivalent part of the ext4fs_read_file() function where we do need it.

Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>