u-boot.git/fs/squashfs, branch next Unnamed repository; edit this file 'description' to name the repository. spl: add squashfs support 2026-03-26T17:04:28+00:00 Richard Genoud richard.genoud@bootlin.com 2026-03-13T10:42:26+00:00 6494e823b46ced400764b6203d7480c9e3badc20 Implement spl_load_image_sqfs() in spl code. This will be used in MMC to read a file from a squashfs partition. Also, loosen squashfs read checks on file size by not failing when a bigger size than the actual file size is requested. (Just read the file) This is needed for FIT loading, because the length is ALIGNed. Signed-off-by: Richard Genoud <richard.genoud@bootlin.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com> 
Implement spl_load_image_sqfs() in spl code.

This will be used in MMC to read a file from a squashfs partition.

Also, loosen squashfs read checks on file size by not failing when a
bigger size than the actual file size is requested. (Just read the file)
This is needed for FIT loading, because the length is ALIGNed.

Signed-off-by: Richard Genoud <richard.genoud@bootlin.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
fs/squashfs: sqfs_decompressor: simplify code 2026-03-26T17:04:28+00:00 Richard Genoud richard.genoud@bootlin.com 2026-03-13T10:42:24+00:00 0fe2801730edb99e24b601b043ec5595af319274 Switch to if (CONFIG_IS_ENABLED()) instead of #if when possible and remove unnecessary cases. Signed-off-by: Richard Genoud <richard.genoud@bootlin.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com> 
Switch to if (CONFIG_IS_ENABLED()) instead of #if when possible and
remove unnecessary cases.

Signed-off-by: Richard Genoud <richard.genoud@bootlin.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
fs/squashfs: fix sqfs_decompressor.c build in SPL 2026-03-26T17:04:28+00:00 Richard Genoud richard.genoud@bootlin.com 2026-03-13T10:42:23+00:00 f0b4f502bdd5f17da58aca9ebf86e16e96e0d347 CONFIG_IS_ENABLED() must be used in place of IS_ENABLED() for config options that have a _SPL_ counterpart. Signed-off-by: Richard Genoud <richard.genoud@bootlin.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com> 
CONFIG_IS_ENABLED() must be used in place of IS_ENABLED() for config
options that have a _SPL_ counterpart.

Signed-off-by: Richard Genoud <richard.genoud@bootlin.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
fs/squashfs: fix heap buffer overflow in sqfs_frag_lookup() 2026-02-23T18:45:50+00:00 Eric Kilmer eric.kilmer@trailofbits.com 2026-02-20T19:48:08+00:00 e365a269df5d01307390bdf7d6a1081d94b06470 sqfs_frag_lookup() reads a 16-bit metadata block header whose lower 15 bits encode the data size. Unlike sqfs_read_metablock() in sqfs_inode.c, this function does not validate that the decoded size is within SQFS_METADATA_BLOCK_SIZE (8192). A malformed SquashFS image can set the size field to any value up to 32767, causing memcpy to write past the 8192-byte 'entries' heap buffer. Add the same bounds check used by sqfs_read_metablock(): reject any metadata block header with SQFS_METADATA_SIZE(header) exceeding SQFS_METADATA_BLOCK_SIZE. Found by fuzzing with libFuzzer + AddressSanitizer. Signed-off-by: Eric Kilmer <eric.kilmer@trailofbits.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> 
sqfs_frag_lookup() reads a 16-bit metadata block header whose lower
15 bits encode the data size. Unlike sqfs_read_metablock() in
sqfs_inode.c, this function does not validate that the decoded size is
within SQFS_METADATA_BLOCK_SIZE (8192). A malformed SquashFS image can
set the size field to any value up to 32767, causing memcpy to write
past the 8192-byte 'entries' heap buffer.

Add the same bounds check used by sqfs_read_metablock(): reject any
metadata block header with SQFS_METADATA_SIZE(header) exceeding
SQFS_METADATA_BLOCK_SIZE.

Found by fuzzing with libFuzzer + AddressSanitizer.

Signed-off-by: Eric Kilmer <eric.kilmer@trailofbits.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
fs: prevent integer overflow in sqfs_concat 2026-01-16T19:04:40+00:00 Timo tp Preißl t.preissl@proton.me 2026-01-09T11:24:59+00:00 870aff99a279ed428c5a2560b2441b3079ddb34b An integer overflow in length calculation could lead to under-allocation and buffer overcopy. Signed-off-by: Timo tp Preißl <t.preissl@proton.me> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com> 
An integer overflow in length calculation could lead to
under-allocation and buffer overcopy.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
fs/squashfs: Ensure memory is freed by using unwind goto 2025-10-10T20:27:49+00:00 Andrew Goodbody andrew.goodbody@linaro.org 2025-10-02T10:36:09+00:00 87b7eaf3244e1a991404602c3422a4ce06bfae55 Returning immediately from sqfs_read_nest is not consistent with other error checks in this function and can lead to memory leaks. Instead use the unwind goto used elsewhere to ensure that the memory is freed. This issue was found by Smatch. Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Acked-by: Quentin Schulz <quentin.schulz@cherry.de> Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> 
Returning immediately from sqfs_read_nest is not consistent with other
error checks in this function and can lead to memory leaks. Instead use
the unwind goto used elsewhere to ensure that the memory is freed.

This issue was found by Smatch.

Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
fs/squashfs: avoid illegal free() in sqfs_opendir() 2025-04-21T17:08:03+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2025-04-14T13:19:24+00:00 185fdf5e94731df05748b1c576effb52ff7a3ec5 * Use calloc() to allocate token_list. This avoids an illegal free if sqfs_tokenize() fails. * Do not iterate over token_list if it has not been allocated. Addresses-Coverity-ID: 510453: Null pointer dereferences (FORWARD_NULL) Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com> 
* Use calloc() to allocate token_list. This avoids an illegal free if
  sqfs_tokenize() fails.
* Do not iterate over token_list if it has not been allocated.

Addresses-Coverity-ID: 510453:  Null pointer dereferences  (FORWARD_NULL)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Kbuild: Always use $(PHASE_) 2025-04-11T18:16:44+00:00 Tom Rini trini@konsulko.com 2025-04-01T22:55:23+00:00 302b41d5397e9f821d360a74335e8821d4513970 It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our Makefiles as part of the macros to determine when to do something in our Makefiles based on what phase of the build we are in. For consistency, bring this down to a single macro and use "$(PHASE_)" only. Signed-off-by: Tom Rini <trini@konsulko.com> 
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.

Signed-off-by: Tom Rini <trini@konsulko.com>
fs/squashfs: Fix memory leak in sqfs_size_nest() 2025-03-05T18:14:31+00:00 Andrea della Porta andrea.porta@suse.com 2025-03-02T18:29:31+00:00 e22b2d778106256b44e8ed32e6ad7a5d8fff3ebd In case MAX_SYMLINK_NEST is reached while determining the size on a symlink node, the function returns immediately. This would not free the resources after the free_strings: label causing a memory leak. Set the ret value and just break out of the switch to fix this. Signed-off-by: Andrea della Porta <andrea.porta@suse.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> 
In case MAX_SYMLINK_NEST is reached while determining the size
on a symlink node, the function returns immediately.
This would not free the resources after the free_strings: label
causing a memory leak.

Set the ret value and just break out of the switch to fix this.

Signed-off-by: Andrea della Porta <andrea.porta@suse.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
fs/squashfs: fix potential integer overflows 2025-02-24T14:49:04+00:00 Joao Marcos Costa joaomarcos.costa@bootlin.com 2025-02-19T10:16:33+00:00 59fd62d71c6a04b3ab9db848414a7c386cfd2cfb The length of buffers used to read inode tables, directory tables, and reading a file are calculated as: number of blocks * block size, and such plain multiplication is prone to overflowing (thus unsafe). Replace it by __builtin_mul_overflow, i.e. safe math. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com> 
The length of buffers used to read inode tables, directory tables, and
reading a file are calculated as: number of blocks * block size, and
such plain multiplication is prone to overflowing (thus unsafe).

Replace it by __builtin_mul_overflow, i.e. safe math.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>