| Age | Commit message (Collapse) | Author |
|---|
|
This series from Timo tp Preißl <[email protected]> fixes some
(potential) interger overflows in some filesystems by using
__builtin_XXX_overflow helps to catch issues.
Link: https://lore.kernel.org/r/[email protected]
|
|
An integer overflow in gdsize_total calculation could lead
to under-allocation and heap buffer overflow.
Signed-off-by: Timo tp Preißl <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
If zalloc fails, one needs to free memory previously
allocated in the function. This commit makes sure that
we do not leak any memory.
Signed-off-by: Francois Berder <[email protected]>
Fixes: ed34f34dbaf2 ("ext4fs write support")
Acked-by: Quentin Schulz <[email protected]>
|
|
Add maximum ext4 journal entries to Kconfig. It is necessary since the
number of journal entries is proportional to disk capacity. For example,
an ext4 4TB HDD partition could require approximately 500 entries.
Signed-off-by: Tony Dinh <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Don't invoke ext4fs_deinit() in ext4fs_write() if the failure occurs
during initialization. It would result in a crash since ext4fs_init()
has already done that.
Signed-off-by: Tony Dinh <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Andrew Goodbody <[email protected]> says:
Smatch reported some issues in the ext4fs code. This includes a
suggestion to use an unwind goto, to not negate a return value and to
ensure that a NULL check happens before the pointer is dereferenced.
Link: https://lore.kernel.org/r/[email protected]
|
|
In the function put_ext4 there is a NULL check for fs->dev_desc but this
has already been derefenced twice before this happens. Refactor the code
a bit to put the NULL check first.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <[email protected]>
|
|
Ensure that allocated memory is freed on error exit replace the direct
return calls with 'goto fail'.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <[email protected]>
|
|
In ext4fs_readdir it calls ext4fs_read_file and checks the return value
for non-zero to detect an error. This return value should be returned as
is rather than being negated.
This issue found by Smatch
Signed-off-by: Andrew Goodbody <[email protected]>
|
|
Return ENOMEM in ext4fs_log_gdt when number of blocks per gdt is more than
number of allocated journal entries.
Signed-off-by: Tony Dinh <[email protected]>
|
|
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file().
Background:
blknr (block number) used in ext4fs_read_file() could be increased to a
very large value and causes a wrap around at 32 bit signed integer max,
thus becomes negative. This results in an out-of-normal range for sector
number (during the assignment delayed_start = blknr) where delayed_start
sector is typed uint64 lbaint_t. This causes the "Read outside partition"
error.
Looks like we also have this overflown problem in ext4_write.c that needs
to be addressed.
This patch was tested on the Synology DS116 (Armada 385) board, and a
4TB Seagate HDD.
Signed-off-by: Tony Dinh <[email protected]>
|
|
Prepare v2025.07-rc4
|
|
The issue here is that the function read_allocated_block() will report
problems via a negative return value. If we say the return value is
stored in an lbaint_t that can no longer happen (and Coverity discovered
this by reporting a no effect comparison and then dead code). The
problem being fixed by allowing for storing a larger block number will
have to be solved in some other manner.
This reverts commit df2ed552f0b05591090369a7fe7ddc92439dea5c.
Addresses-Coverity-ID: 131183
Signed-off-by: Tom Rini <[email protected]>
|
|
Prepare v2025.07-rc3
|
|
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file().
Background:
blknr (block number) used in ext4fs_read_file() could be increased to a
very large value and causes a wrap around at 32 bit signed integer max,
thus becomes negative. This results in an out-of-normal range for sector
number (during the assignment delayed_start = blknr) where delayed_start
sector is typed uint64 lbaint_t. This causes the "Read outside partition"
error.
This patch was tested on the Synology DS116 (Armada 385) board, and a
4TB Seagate HDD.
Signed-off-by: Tony Dinh <[email protected]>
|
|
CRC16 is used in ext4_common.c. Build fails without it.
PS:
This is my first patch sent to a mailing list.
If there is anything wrong with it (email format, whitespace, etc.)
please let me know.
Signed-off-by: Marius Dinu <[email protected]>
|
|
This file references rtc functions and implicitly includes <rtc.h>
today. Add this explicitly.
Signed-off-by: Tom Rini <[email protected]>
|
|
After calling strdup() check the returned pointer.
Avoid a memory leak if the directory is not found.
Reported-by: Michael Nazzareno Trimarchi <[email protected]>
Fixes: 22fdac381f98 ("fs: ext4: implement opendir, readdir, closedir")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Now that opendir, readir, closedir are implemented for ext4 we can use
fs_ls_generic() for implementing the ls command.
Adjust the unit tests:
* fs_ls_generic() produces more spaces between file size and name.
* The ext4 specific message "** Can not find directory. **\n" is not
written anymore.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
For accessing directories from the EFI sub-system a file system must
implement opendir, readdir, closedir. Provide the missing implementation.
With this patch the eficonfig command can be used to define load options
for the ext4 file system.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The directory retrieved in ext4fs_exists() should be freed to avoid a
memory leak.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Michael Trimarchi <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Remove copying a pointer with a cast to the very same type.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Michael Trimarchi <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Move this header to include/u-boot/ so that it can be used by external
tools.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Caleb Connolly <[email protected]>
|
|
Currently, zalloc() calls uncondtionally memset(),
if the allocation failes, memset() will write to a null pointer.
Fix by using kzalloc().
Signed-off-by: Richard Weinberger <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff
and as consequence zalloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker can overwrite memory.
Avoid the overflow by using the __builtin_add_overflow() helper.
Signed-off-by: Richard Weinberger <[email protected]>
|
|
Evaluate the filesystem incompat and ro_compat bit fields to judge
whether the filesystem can be read or written.
For the read side only a scary warning is shown so far.
I'd love to abort mounting too, but I fear this will break some setups
where the driver works by chance.
Signed-off-by: Richard Weinberger <[email protected]>
|
|
Drop all duplicate newlines. No functional change.
Signed-off-by: Marek Vasut <[email protected]>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Remove <common.h> from all "fs/" files and when needed add
missing include files directly.
Signed-off-by: Tom Rini <[email protected]>
|
|
U-Boot only knows absolute file paths. It is inconsistent to require that
saving to an ext4 file system should use a leading '/' while reading does
not. Remove the superfluous check.
Reported-by: Patrice Chotard <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Patrice Chotard <[email protected]>
|
|
When accessing an ext2 system the message "File System is consistent\n" is
shown after each write. This is superfluous noise. Only write a debug
message.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
When a file is created in the linux and corresponding file permission
is set, if the file needs to be modified in uboot during the startup
process, the modified file permission will be reset to 755. Therefore,
when the ext4fs_write() function is called, if the file already exists,
the file permission of the new file is equal to the file permission of
the existing file.
|
|
While fat_exists() reports directories and files as existing
ext4fs_exists() only recognizes files. This lead to errors
when using systemd-boot with an ext4 file-system.
Change ext4fs_exists() to find any type of inode:
files, directories, symbolic links.
Fixes: a1596438a689 ("ext4fs ls load support")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The part_length parameter is not used. Remove it.
Signed-off-by: Sean Anderson <[email protected]>
|
|
This check breaks small partitions (under 1024 blocks) because part_length
is in units of part.blksz and not bytes. Given the purpose of this
function, we really want to make sure the partition is SUPERBLOCK_START +
SUPERBLOCK_SIZE (2048) bytes so we can call ext4_read_superblock without
error.
The obvious solution is to convert callers from things like
ext4fs_mount(part_info.size)
to
ext4fs_mount(part_info.size * part_info.blksz);
However, I'm not really a fan of the bloat that would cause, especially
since the error is now suppressed. I think the best course of action here
is to just revert the patch.
This reverts commit 9905cae65e03335aefcb1ebfab5b7ee62d89f64e.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Patrick Delaunay <[email protected]>
|
|
The deletion process handles special case for symlinks whose target are
small enough that it fits in struct ext2_inode.b.symlink. So no block had
been allocated. But the check of file type wrongly considered regular
files as symlink. So, no block was freed. So, the EXT4 partition could be
corrupted because of no free block available.
Signed-off-by: Corentin GUILLEVIC <[email protected]>
|
|
No need to mount a too small partition to handle a EXT4 file system.
This patch add a test on partition size before to read the
SUPERBLOCK_SIZE buffer and avoid error latter in fs_devread() function.
Signed-off-by: Patrick Delaunay <[email protected]>
|
|
The 'depth_dirname', 'ptr', 'parent_inode' and 'first_inode' pointers
may be null. Thus, it is necessary to check them before using free() to
avoid free(NULL) cases.
Fixes: 934b14f2bb30 ("ext4: free allocations by parse_path()")
Signed-off-by: Mikhail Ilin <[email protected]>
|
|
When looking for a filesystem on a partition we should do so quietly. At
present if the filesystem is very small (e.g. 512 bytes) we get a host of
messages.
Update these to only show when debugging.
Signed-off-by: Simon Glass <[email protected]>
|
|
Implementation in linux/crc16.h provides standard CRC-16 algorithm with
polynomial x^16 + x^15 + x^2 + 1. Use it and remove duplicate ext4 CRC-16
specific code.
Signed-off-by: Pali Rohár <[email protected]>
Reviewed-by: Stefan Roese <[email protected]>
|
|
Move this header out of the common header.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <[email protected]>
|
|
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <[email protected]>
|
|
free() checks if its argument is NULL. Don't duplicate this in the calling
code.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
As u-boot doesn't support the metadata_csum feature, writing to a
filesystem with this feature enabled will fail, as expected. However,
during the process, a journal state check is performed, which could
result in:
- a fs recovery if the fs wasn't umounted properly
- the fs being marked dirty
Both these cases result in a superblock change, leading to a mismatch
between the superblock checksum and its contents. Therefore, Linux will
consider the filesystem heavily corrupted and will require e2fsck to be
run manually to boot.
By bypassing the journal state check, this patch ensures the superblock
won't be corrupted if the filesystem has metadata_csum feature enabled.
Signed-off-by: Arnaud Ferraris <[email protected]>
|
|
We need to align the cache buffer to ARCH_DMA_MINALIGN in order to avoid
access errors like
CACHE: Misaligned operation at range [be0231e0, be0235e0]
seen on the MCIMX7SABRE.
Fixes: d5aee659f217 ("fs: ext4: cache extent data")
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Stephen Warren <[email protected]>
Tested-by: Peter Robinson <[email protected]>
|
|
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <[email protected]>
|
