u-boot.git/fs, branch v2024.10 Unnamed repository; edit this file 'description' to name the repository. ubifs: Call ubifs_iput when ubifs_iget is used 2024-08-11T04:52:15+00:00 Michael Trimarchi michael@amarulasolutions.com 2024-08-10T12:57:44+00:00 d16bda85ff0762aa96e36fa65d2e3b5342d73d7a The inode should be freed after a reference is get to avoid memory leak Tested-by: Alexander Dahl <ada@thorsis.com> Link: https://lore.kernel.org/u-boot/b698ec3e-d857-6512-8cc9-4edcab0a41b9@denx.de/T/#t Link: https://lore.kernel.org/all/8f3a7059-6330-f332-8e9f-729b853e001e@denx.de/T/ Co-developed-by: Heiko Schocher <hs@denx.de> Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com> 
The inode should be freed after a reference is get to avoid
memory leak

Tested-by: Alexander Dahl <ada@thorsis.com>
Link: https://lore.kernel.org/u-boot/b698ec3e-d857-6512-8cc9-4edcab0a41b9@denx.de/T/#t
Link: https://lore.kernel.org/all/8f3a7059-6330-f332-8e9f-729b853e001e@denx.de/T/
Co-developed-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
ubifs: mount fails after power cycle 2024-08-10T09:56:53+00:00 Ravi Minnikanti rminnikanti@marvell.com 2024-07-30T09:14:57+00:00 cf7ea719ce60cd885cce5023dfaf7833d9fc1442 When kernel uses file system encryption, fscrypt on UBIFS v5, after a hard power cycle UBIFS journal replay fails which results in mount failure. Failure logs: UBIFS: recovery needed UBIFS error (pid 0): ubifs_validate_entry: bad directory entry node UBIFS error (pid 0): replay_bud: bad node is at LEB 890:24576 UBIFS error (pid 0): ubifs_mount: Error reading superblock on volume 'ubi0:rootfs' errno=-22! This change is ported from kernel: commit id: 304790c038bc4af4f19774705409db27eafb09fc Kernel commit description: Kernel commit description: ubifs: Relax checks in ubifs_validate_entry() With encrypted filenames we store raw binary data, doing string tests is no longer possible. Signed-off-by: rminnikanti <rminnikanti@marvell.com> Reviewed-by: Heiko Schocher <hs@denx.de> 
When kernel uses file system encryption, fscrypt on UBIFS v5,
after a hard power cycle UBIFS journal replay fails which results in mount failure.

Failure logs:
UBIFS: recovery needed
UBIFS error (pid 0): ubifs_validate_entry: bad directory entry node
UBIFS error (pid 0): replay_bud: bad node is at LEB 890:24576
UBIFS error (pid 0): ubifs_mount: Error reading superblock on volume 'ubi0:rootfs' errno=-22!

This change is ported from kernel:
commit id: 304790c038bc4af4f19774705409db27eafb09fc

Kernel commit description:
    Kernel commit description:
    ubifs: Relax checks in ubifs_validate_entry()

    With encrypted filenames we store raw binary data, doing
    string tests is no longer possible.

Signed-off-by: rminnikanti <rminnikanti@marvell.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
fs: ubifs: Add volume mounted check 2024-08-10T09:54:28+00:00 Alexander Dahl ada@thorsis.com 2024-07-03T10:12:58+00:00 ca1f11d8c11dacd91c3bfd8e39d41db349e83f8b Safety guard in the U-Boot filesystem glue code, because these functions are called from different parts of the codebase. For generic filesystem handling this should have been checked in blk_get_device_part_str() already. Commands from cmd/ubifs.c should also check this before calling those functions, but you never know?! Signed-off-by: Alexander Dahl <ada@thorsis.com> 
Safety guard in the U-Boot filesystem glue code, because these functions
are called from different parts of the codebase.  For generic filesystem
handling this should have been checked in blk_get_device_part_str()
already.  Commands from cmd/ubifs.c should also check this before
calling those functions, but you never know?!

Signed-off-by: Alexander Dahl <ada@thorsis.com>
fs: ubifs: Make k(z)alloc/kfree symmetric 2024-08-10T09:54:20+00:00 Alexander Dahl ada@thorsis.com 2024-07-03T10:12:57+00:00 0989033d0968878bd8f5d42d4f507dc9a806cfe4 Although kfree() is in fact only a slim wrapper to free() in U-Boot, use kfree() here, because those structs where allocated with kalloc() or kzalloc(). Signed-off-by: Alexander Dahl <ada@thorsis.com> 
Although kfree() is in fact only a slim wrapper to free() in U-Boot, use
kfree() here, because those structs where allocated with kalloc() or
kzalloc().

Signed-off-by: Alexander Dahl <ada@thorsis.com>
fs: ubifs: Set pointers to NULL after free 2024-08-10T09:54:10+00:00 Alexander Dahl ada@thorsis.com 2024-07-03T10:12:56+00:00 573dae50f5fe2c84ff8329bd8dbf54d234952579 Global superblock pointer 'ubifs_sb' and volume pointer 'ubi' of type struct ubi_volume_desc in private member sb->s_fs_info of type struct ubifs_info, can be allocated and freed at runtime, and allocated and freed again, depending which console or script commands are run. In some cases ubifs_sb is even tested to determine if the filesystem is mounted. Reset those pointers to NULL after free to clearly mark them as not valid. This avoids potential double free on invalid pointers. (The ubifs_sb pointer was already reset, but that statement was moved now to directly after the free() to make it easier to understand.) Signed-off-by: Alexander Dahl <ada@thorsis.com> 
Global superblock pointer 'ubifs_sb' and volume pointer 'ubi' of type
struct ubi_volume_desc in private member sb->s_fs_info of type struct
ubifs_info, can be allocated and freed at runtime, and allocated and
freed again, depending which console or script commands are run.  In
some cases ubifs_sb is even tested to determine if the filesystem is
mounted.  Reset those pointers to NULL after free to clearly mark them
as not valid.  This avoids potential double free on invalid pointers.

(The ubifs_sb pointer was already reset, but that statement was moved
now to directly after the free() to make it easier to understand.)

Signed-off-by: Alexander Dahl <ada@thorsis.com>
fs: ubifs: Fix memleak and double free in u-boot wrapper functions 2024-08-10T09:54:02+00:00 Alexander Dahl ada@thorsis.com 2024-07-03T10:12:55+00:00 df86e81f0a0fdcf958160e6fe3044f69a78df638 When mounting ubifs e.g. through command 'ubifsmount' one global static superblock 'ubifs_sb' is used _and_ the requested volume is opened (like in Linux). The pointer returned by 'ubifs_open_volume()' is stored in that superblock struct and freed later on cmd 'ubifsumount' or another call to 'ubifsmount' with a different volume, through ubifs_umount() and ubi_close_volume(). In ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() the volume was opened again, which is technically no problem with regard to refcounting, but here the still valid pointer in sb was overwritten, leading to a memory leak. Even worse, when using one of those functions and calling ubifsumount later, ubi_close_volume() was called again but now on an already freed pointer, leading to a double free. This actually crashed with different invalid memory accesses on a board using the old distro boot and a rather long script handling RAUC updates. Example: > ubi part UBI > ubifsmount ubi0:boot > test -e ubi ubi0:boot /boot.scr.uimg > ubifsumount The ubifs specific commands 'ubifsls' and 'ubifsload' check for a mounted volume by themselves, for the generic fs variants 'ls', 'load', (and 'size', and 'test -e') this is covered by special ubifs handling in fs_set_blk_dev() and deeper down blk_get_device_part_str() then. So for ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() we can be sure the volume is opened and the necessary struct pointer in sb is valid, so it is not needed to open volume again. Fixes: 9eefe2a2b37 ("UBIFS: Implement read-only UBIFS support in U-Boot") Fixes: 29cc5bcadfc ("ubifs: Add functions for generic fs use") Signed-off-by: Alexander Dahl <ada@thorsis.com> 
When mounting ubifs e.g. through command 'ubifsmount' one global static
superblock 'ubifs_sb' is used _and_ the requested volume is opened (like
in Linux).  The pointer returned by 'ubifs_open_volume()' is stored in
that superblock struct and freed later on cmd 'ubifsumount' or another
call to 'ubifsmount' with a different volume, through ubifs_umount() and
ubi_close_volume().

In ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() the volume
was opened again, which is technically no problem with regard to
refcounting, but here the still valid pointer in sb was overwritten,
leading to a memory leak.  Even worse, when using one of those
functions and calling ubifsumount later, ubi_close_volume() was called
again but now on an already freed pointer, leading to a double free.
This actually crashed with different invalid memory accesses on a board
using the old distro boot and a rather long script handling RAUC
updates.

Example:

    > ubi part UBI
    > ubifsmount ubi0:boot
    > test -e ubi ubi0:boot /boot.scr.uimg
    > ubifsumount

The ubifs specific commands 'ubifsls' and 'ubifsload' check for a
mounted volume by themselves, for the generic fs variants 'ls', 'load',
(and 'size', and 'test -e') this is covered by special ubifs handling in
fs_set_blk_dev() and deeper down blk_get_device_part_str() then.  So for
ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() we can be
sure the volume is opened and the necessary struct pointer in sb is
valid, so it is not needed to open volume again.

Fixes: 9eefe2a2b37 ("UBIFS: Implement read-only UBIFS support in U-Boot")
Fixes: 29cc5bcadfc ("ubifs: Add functions for generic fs use")
Signed-off-by: Alexander Dahl <ada@thorsis.com>
fs: Remove duplicate newlines 2024-07-15T18:12:17+00:00 Marek Vasut marek.vasut+renesas@mailbox.org 2024-07-13T13:19:21+00:00 dc5e2057131fd90bb62bb8c6b92abdb86ae32624 Drop all duplicate newlines. No functional change. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> 
Drop all duplicate newlines. No functional change.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
fs: ubifs: Add support for ZSTD decompression 2024-07-03T06:01:31+00:00 Piotr Wojtaszczyk piotr.wojtaszczyk@timesys.com 2024-05-28T15:05:28+00:00 fd083246324f583d46b3863194a8968b972f7d7f ZSTD can be a better tradeoff between NAND IO operations and decompression speed giving a better boot time. Signed-off-by: Piotr Wojtaszczyk <piotr.wojtaszczyk@timesys.com> Reviewed-by: Heiko Schocher <hs@denx.de> 
ZSTD can be a better tradeoff between NAND IO operations and decompression
speed giving a better boot time.

Signed-off-by: Piotr Wojtaszczyk <piotr.wojtaszczyk@timesys.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
fs: btrfs: fix out of bounds write 2024-06-26T15:55:53+00:00 Alex Shumsky alexthreed@gmail.com 2024-06-18T21:41:38+00:00 ee1941e4fec601a8444f49c7dad04ad700d501a6 Fix btrfs_read/read_and_truncate_page write out of bounds of destination buffer. Old behavior break bootstd malloc'd buffers of exact file size. Previously this OOB write have not been noticed because distroboot usually read files into huge static memory areas. Signed-off-by: Alex Shumsky <alexthreed@gmail.com> Fixes: e342718 ("fs: btrfs: Implement btrfs_file_read()") Reviewed-by: Qu Wenruo <wqu@suse.com> 
Fix btrfs_read/read_and_truncate_page write out of bounds of destination
buffer. Old behavior break bootstd malloc'd buffers of exact file size.
Previously this OOB write have not been noticed because distroboot usually
read files into huge static memory areas.

Signed-off-by: Alex Shumsky <alexthreed@gmail.com>
Fixes: e342718 ("fs: btrfs: Implement btrfs_file_read()")
Reviewed-by: Qu Wenruo <wqu@suse.com>
fs/erofs: fix an overflow issue of unmapped extents 2024-06-14T18:59:06+00:00 Jianan Huang jnhuang95@gmail.com 2024-06-05T14:05:54+00:00 2c9690e79c76807468e34f34d2065ade2d727227 Here the size should be `length - skip`, otherwise it could cause the destination buffer overflow. Reported-by: jianqiang wang <wjq.sec@gmail.com> Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support") Signed-off-by: Jianan Huang <jnhuang95@gmail.com> Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com> 
Here the size should be `length - skip`, otherwise it could cause
the destination buffer overflow.

Reported-by: jianqiang wang <wjq.sec@gmail.com>
Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support")
Signed-off-by: Jianan Huang <jnhuang95@gmail.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>