u-boot.git/fs, branch v2026.04-rc1 Unnamed repository; edit this file 'description' to name the repository. Merge patch series "fix integer overflows in filesystem code" 2026-01-16T19:04:47+00:00 Tom Rini trini@konsulko.com 2026-01-16T19:04:47+00:00 adccdb22ebd799a7d964892d4a7e7454ed3c239c This series from Timo tp Preißl <t.preissl@proton.me> fixes some (potential) interger overflows in some filesystems by using __builtin_XXX_overflow helps to catch issues. Link: https://lore.kernel.org/r/20260109112428.262793-1-t.preissl@proton.me 
This series from Timo tp Preißl <t.preissl@proton.me> fixes some
(potential) interger overflows in some filesystems by using
__builtin_XXX_overflow helps to catch issues.

Link: https://lore.kernel.org/r/20260109112428.262793-1-t.preissl@proton.me
fs: prevent integer overflow in ext4fs_get_bgdtable 2026-01-16T19:04:40+00:00 Timo tp Preißl t.preissl@proton.me 2026-01-09T11:25:07+00:00 fc16c847a1c9c6e0ee1f605849cc500a04c21602 An integer overflow in gdsize_total calculation could lead to under-allocation and heap buffer overflow. Signed-off-by: Timo tp Preißl <t.preissl@proton.me> Reviewed-by: Simon Glass <simon.glass@canonical.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
fs: prevent integer overflow in sqfs_concat 2026-01-16T19:04:40+00:00 Timo tp Preißl t.preissl@proton.me 2026-01-09T11:24:59+00:00 870aff99a279ed428c5a2560b2441b3079ddb34b An integer overflow in length calculation could lead to under-allocation and buffer overcopy. Signed-off-by: Timo tp Preißl <t.preissl@proton.me> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <simon.glass@canonical.com> Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com> 
An integer overflow in length calculation could lead to
under-allocation and buffer overcopy.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
fs: prevent integer overflow in zfs_nvlist_lookup 2026-01-16T19:04:40+00:00 Timo tp Preißl t.preissl@proton.me 2026-01-09T11:24:51+00:00 c8f0294285f6588322363e1711bc57118e6fc9a3 An integer overflow in nvlist size calculation could lead to under-allocation and heap buffer overflow. Signed-off-by: Timo tp Preißl <t.preissl@proton.me> Reviewed-by: Simon Glass <simon.glass@canonical.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
An integer overflow in nvlist size calculation could lead
to under-allocation and heap buffer overflow.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
fs: prevent integer overflow in fs.c do_mv 2026-01-16T19:04:40+00:00 Timo tp Preißl t.preissl@proton.me 2026-01-09T11:24:45+00:00 99416665f006b925db12f6c02b11f9da02c10c5a An integer overflow in size calculations could lead to under-allocation and potential heap buffer overflow. Signed-off-by: Timo tp Preißl <t.preissl@proton.me> Reviewed-by: Simon Glass <simon.glass@canonical.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
An integer overflow in size calculations could lead to
under-allocation and potential heap buffer overflow.

Signed-off-by: Timo tp Preißl <t.preissl@proton.me>
Reviewed-by: Simon Glass <simon.glass@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
fs: ext4fs: Free memory while handling errors 2026-01-02T21:51:54+00:00 Francois Berder fberder@outlook.fr 2025-12-15T11:34:16+00:00 cec36b777a56b61c347447c12e61a9d1c425f396 If zalloc fails, one needs to free memory previously allocated in the function. This commit makes sure that we do not leak any memory. Signed-off-by: Francois Berder <fberder@outlook.fr> Fixes: ed34f34dbaf2 ("ext4fs write support") Acked-by: Quentin Schulz <quentin.schulz@cherry.de> 
If zalloc fails, one needs to free memory previously
allocated in the function. This commit makes sure that
we do not leak any memory.

Signed-off-by: Francois Berder <fberder@outlook.fr>
Fixes: ed34f34dbaf2 ("ext4fs write support")
Acked-by: Quentin Schulz <quentin.schulz@cherry.de>
Merge tag 'u-boot-socfpga-next-20251217' of https://source.denx.de/u-boot/custodians/u-boot-socfpga into next 2025-12-18T14:06:10+00:00 Tom Rini trini@konsulko.com 2025-12-18T14:06:10+00:00 930eff5416ea98ebd09cec73f5d06a7033b4d52e This pull request brings together a set of fixes and enhancements across the SoCFPGA platform family, with a focus on MMC/SPL robustness, EFI boot enablement, and Agilex5 SD/eMMC support. CI: https://source.denx.de/u-boot/custodians/u-boot-socfpga/-/pipelines/28776 Highlights: * SPL / MMC: o Fix Kconfig handling for SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION_TYPE o Correct raw sector calculations and respect explicit sector values when loading U-Boot from MMC in SPL o Adjust raw MMC loading logic for SoCFPGA platforms * EFI boot: o Permit EFI booting on SoCFPGA platforms o Disable mkeficapsule tool build for Arria 10 where unsupported * Agilex5: o Upgrade SDHCI controller from SD4HC to SD6HC o Enable MMC and Cadence SDHCI support in defconfig o Add dedicated eMMC device tree and defconfig for Agilex5 SoCDK o Revert incorrect GPIO configuration for SDIO_SEL o Refine U-Boot DT handling for SD and eMMC boot variants * SPI: o Allow disabling the DesignWare SPI driver in SPL via Kconfig * Board / configuration fixes: o Enable random MAC address generation for Cyclone V o Fix DE0-Nano-SoC boot configuration o Remove obsolete or conflicting options from multiple legacy SoCFPGA defconfigs 
This pull request brings together a set of fixes and enhancements across
the SoCFPGA platform family, with a focus on MMC/SPL robustness, EFI
boot enablement, and Agilex5 SD/eMMC support.

CI: https://source.denx.de/u-boot/custodians/u-boot-socfpga/-/pipelines/28776

Highlights:

  *
    SPL / MMC:
      o
        Fix Kconfig handling for
        SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION_TYPE
      o
        Correct raw sector calculations and respect explicit sector values
        when loading U-Boot from MMC in SPL
      o
        Adjust raw MMC loading logic for SoCFPGA platforms
  *
    EFI boot:
      o
        Permit EFI booting on SoCFPGA platforms
      o
        Disable mkeficapsule tool build for Arria 10 where unsupported
  *
    Agilex5:
      o
        Upgrade SDHCI controller from SD4HC to SD6HC
      o
        Enable MMC and Cadence SDHCI support in defconfig
      o
        Add dedicated eMMC device tree and defconfig for Agilex5 SoCDK
      o
        Revert incorrect GPIO configuration for SDIO_SEL
      o
        Refine U-Boot DT handling for SD and eMMC boot variants
  *
    SPI:
      o
        Allow disabling the DesignWare SPI driver in SPL via Kconfig
  *
    Board / configuration fixes:
      o
        Enable random MAC address generation for Cyclone V
      o
        Fix DE0-Nano-SoC boot configuration
      o
        Remove obsolete or conflicting options from multiple legacy
        SoCFPGA defconfigs
fs: fat: Perform sanity checks on getsize in get_fatent() 2025-12-12T14:52:57+00:00 Tom Rini trini@konsulko.com 2025-12-09T21:23:01+00:00 87d85139a96a39429120cca838e739408ef971a2 We do not perform a check on the value of getsize in get_fatent to ensure that it will fit within the allocated buffer. For safety sake, add a check now and if the value exceeds FATBUFBLOCKS use that value instead. While not currently actively exploitable, it was in the past so adding this check is worthwhile. This addresses CVE-2025-24857 and was originally reported by Harvey Phillips of Amazon Element55. Signed-off-by: Tom Rini <trini@konsulko.com> 
We do not perform a check on the value of getsize in get_fatent to
ensure that it will fit within the allocated buffer. For safety sake,
add a check now and if the value exceeds FATBUFBLOCKS use that value
instead. While not currently actively exploitable, it was in the past so
adding this check is worthwhile.

This addresses CVE-2025-24857 and was originally reported by Harvey
Phillips of Amazon Element55.

Signed-off-by: Tom Rini <trini@konsulko.com>
fs/jffs2: Make depend on !64BIT 2025-12-10T17:59:38+00:00 Tom Rini trini@konsulko.com 2025-11-12T21:19:42+00:00 57ff26c4240c5050aa96f8cb2e8aaa6f55d71459 Building this code on 64bit platforms leads to warnings (and so errors in CI). Rather than rework the code, as this is a deprecated filesystem, don't try and disallow building on 64bit hosts. Signed-off-by: Tom Rini <trini@konsulko.com> 
Building this code on 64bit platforms leads to warnings (and so errors
in CI). Rather than rework the code, as this is a deprecated filesystem,
don't try and disallow building on 64bit hosts.

Signed-off-by: Tom Rini <trini@konsulko.com>
fs/erofs: Fix realloc error handling 2025-12-05T22:23:54+00:00 Francois Berder fberder@outlook.fr 2025-11-11T12:49:30+00:00 1c1be32c31cbec61d32f7aaa498ccc25567ae3e0 If realloc failed, raw was not freed and thus memory was leaked. Signed-off-by: Francois Berder <fberder@outlook.fr> 
If realloc failed, raw was not freed and thus memory
was leaked.

Signed-off-by: Francois Berder <fberder@outlook.fr>