Commit graph

879 commits

Author SHA1 Message Date
Ben Dooks
b46cec4166 ubifs: allow loading to above 4GiB
The ubifsload command is truncating any address above 4GiB as it casts
this address to an u32, instead of using an unsigned long which most of
the other load commands do. Change this to an unsigned long to allow
loading into high memory for boards which use these areas.

Fixes the following error:

=> ubifsload 0x2100000000 /boot/Image.lzma
Loading file '/boot/Image.lzma' to addr 0x00000000...
Unhandled exception: Store/AMO access fault

Signed-off-by: Ben Dooks <ben.dooks@sifive.com>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
2023-06-06 10:37:25 +02:00
Dominique Martinet
b1d3013d02 btrfs: fix offset when reading compressed extents
btrfs_read_extent_reg correctly computed the extent offset in the
BTRFS_COMPRESS_NONE case, but did not account for the 'offset - key.offset'
part correctly in the compressed case, making the function read
incorrect data.

In the case I examined, the last 4k of a file was corrupted and
contained data from a few blocks prior, e.g. reading a 10k file with a
single extent:
btrfs_file_read()
 -> btrfs_read_extent_reg
    (aligned part loop, until 8k)
 -> read_and_truncate_page
   -> btrfs_read_extent_reg
      (re-reads the last extent from 8k to the end,
      incorrectly reading the first 2k of data)

This can be reproduced as follow:
$ truncate -s 200M btr
$ mount btr -o compress /mnt
$ pat() { dd if=/dev/zero bs=1M count=$1 iflag=count_bytes status=none | tr '\0' "\\$2"; }
$ { pat 4K 1; pat 4K 2; pat 2K 3; }  > /mnt/file
$ sync
$ filefrag -v /mnt/file
File size of /mnt/file is 10240 (3 blocks of 4096 bytes)
 ext:     logical_offset:        physical_offset: length:   expected: flags:
   0:        0..       2:       3328..      3330:      3:             last,encoded,eof
$ umount /mnt

Then in u-boot:
=> load scsi 0 2000000 file
10240 bytes read in 3 ms (3.3 MiB/s)
=> md 2001ff0
02001ff0: 02020202 02020202 02020202 02020202  ................
02002000: 01010101 01010101 01010101 01010101  ................
02002010: 01010101 01010101 01010101 01010101  ................

(02002000 onwards should contain '03' pattern but went back to 01,
start of the extent)

After patch, data is read properly:
=> md 2001ff0
02001ff0: 02020202 02020202 02020202 02020202  ................
02002000: 03030303 03030303 03030303 03030303  ................
02002010: 03030303 03030303 03030303 03030303  ................

Note that the code previously (before commit e3427184f3 ("fs: btrfs:
Implement btrfs_file_read()")) did not split that read in two, so
this is a regression even if the previous code might not have been
handling offsets correctly either (something that booted now fails to
boot)

Fixes: a26a6bedaf ("fs: btrfs: Introduce btrfs_read_extent_inline() and btrfs_read_extent_reg()")
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
2023-05-08 09:23:53 -04:00
Bin Meng
142155103d fs: yaffs2: Make yaffsfs_deviceList static
yaffsfs_deviceList is only referenced in yaffsfs.c

Signed-off-by: Bin Meng <bmeng@tinylab.org>
2023-04-25 15:31:27 -04:00
Corentin GUILLEVIC
39409fac2c fs: ext4: fix files seen as symlink during deletion
The deletion process handles special case for symlinks whose target are
small enough that it fits in struct ext2_inode.b.symlink. So no block had
been allocated. But the check of file type wrongly considered regular
files as symlink. So, no block was freed. So, the EXT4 partition could be
corrupted because of no free block available.

Signed-off-by: Corentin GUILLEVIC <corentin.guillevic@smile.fr>
2023-03-30 15:09:59 -04:00
Stefan Herbrechtsmeier
fefd949157 fs: fat: do not mangle short filenames
Do not mangle lower or mixed case filenames which fit into the upper
case 8.3 short filename. This ensures FAT standard compatible short
filenames (SFN) to support systems without long filename (LFN) support
like boot roms (ex. SFN BOOT.BIN instead of BOOT~1.BIN for LFN
boot.bin).

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
2023-03-30 15:09:59 -04:00
Patrick Delaunay
9905cae65e fs: ext4: check the minimal partition size to mount
No need to mount a too small partition to handle a EXT4 file system.

This patch add a test on partition size before to read the
SUPERBLOCK_SIZE buffer and avoid error latter in fs_devread() function.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2023-03-22 12:51:14 -04:00
Qu Wenruo
511a1303c9 fs: btrfs: limit the mapped length to the original length
[BUG]
There is a bug report that btrfs driver caused hang during file read:

  This breaks btrfs on the HiFive Unmatched.

  => pci enum
  PCIE-0: Link up (Gen1-x8, Bus0)
  => nvme scan
  => load nvme 0:2 0x8c000000 /boot/dtb/sifive/hifive-unmatched-a00.dtb
  [hangs]

[CAUSE]
The reporter provided some debug output:

  read_extent_data: cur=615817216, orig_len=16384, cur_len=16384
  read_extent_data: btrfs_map_block: cur_len=479944704; ret=0
  read_extent_data: ret=0
  read_extent_data: cur=615833600, orig_len=4096, cur_len=4096
  read_extent_data: btrfs_map_block: cur_len=479928320; ret=0

Note the second and the last line, the @cur_len is 450+MiB, which is
almost a chunk size.

And inside __btrfs_map_block(), we limits the returned value to stripe
length, but that's depending on the chunk type:

	if (map->type & (BTRFS_BLOCK_GROUP_RAID0 | BTRFS_BLOCK_GROUP_RAID1 |
			 BTRFS_BLOCK_GROUP_RAID1C3 | BTRFS_BLOCK_GROUP_RAID1C4 |
			 BTRFS_BLOCK_GROUP_RAID5 | BTRFS_BLOCK_GROUP_RAID6 |
			 BTRFS_BLOCK_GROUP_RAID10 |
			 BTRFS_BLOCK_GROUP_DUP)) {
		/* we limit the length of each bio to what fits in a stripe */
		*length = min_t(u64, ce->size - offset,
			      map->stripe_len - stripe_offset);
	} else {
		*length = ce->size - offset;
	}

This means, if the chunk is SINGLE profile, then we don't limit the
returned length at all, and even for other profiles, we can still return
a length much larger than the requested one.

[FIX]
Properly clamp the returned length, preventing it from returning a much
larger range than expected.

Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Qu Wenruo <wqu@suse.com>
2023-02-23 13:29:19 -05:00
Simon Glass
0e56bc1668 Correct SPL use of FS_EROFS
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_FS_EROFS defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Huang Jianan <jnhuang95@gmail.com>
2023-02-10 07:41:39 -05:00
Simon Glass
4f6daaca0f log: Add a category for filesystems
Sometimes it is useful to log things related to filesystems. Add a new
category and place it at the top of one of the FAT files.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-02-06 13:04:53 -05:00
Heinrich Schuchardt
de9433550b fs/fat: avoid noisy message fat_read_file()
UEFI applications call file system functions to determine if a file exists.
The return codes are evaluated to show appropriate messages.
U-Boot's file system layer should not interfere with the output.

Rename file_fat_read_at() to fat_read_file() adjusting the parameter
sequence and names and eliminate the old wrapper function.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-01-20 16:38:52 +01:00
Brandon Maier
4b9b25d943 lib: zstd: update to latest Linux zstd 1.5.2
Update the zstd implementation to match Linux zstd 1.5.2 from commit
2aa14b1ab2.

This was motivated by running into decompression corruption issues when
trying to uncompress files compressed with newer versions of zstd. zstd
users also claim significantly improved decompression times with newer
zstd versions which is a side benefit.

Original zstd code was copied from Linux commit 2aa14b1ab2 which is a
custom-built implementation based on zstd 1.3.1. Linux switched to an
implementation that is a copy of the upstream zstd code in Linux commit
e0c1b49f5b, this results in a large code diff. However this should make
future updates easier along with other benefits[1].

This commit is a straight mirror of the Linux zstd code, except to:
- update a few #include that do not translate cleanly
  - linux/swab.h -> asm/byteorder.h
  - linux/limits.h -> linux/kernel.h
  - linux/module.h -> linux/compat.h
- remove assert() from debug.h so it doesn't conflict with u-boot's
  assert()
- strip out the compressor code as was done in the previous u-boot zstd
- update existing zstd users to the new Linux zstd API
- change the #define for MEM_STATIC to use INLINE_KEYWORD for codesize
- add a new KConfig option that sets zstd build options to minify code
  based on zstd's ZSTD_LIB_MINIFY[2].

These changes were tested by booting a zstd 1.5.2 compressed kernel inside a
FIT. And the squashfs changes by loading a file from zstd compressed squashfs
with sqfsload. buildman was used to compile test other boards and check for
binary bloat, as follows:

> $ buildman -b zstd2 --boards dh_imx6,m53menlo,mvebu_espressobin-88f3720,sandbox,sandbox64,stm32mp15_dhcom_basic,stm32mp15_dhcor_basic,turris_mox,turris_omnia -sS
> Summary of 6 commits for 9 boards (8 threads, 1 job per thread)
> 01: Merge branch '2023-01-10-platform-updates'
>        arm:  w+   m53menlo dh_imx6
> 02: lib: zstd: update to latest Linux zstd 1.5.2
>    aarch64: (for 2/2 boards) all -3186.0 rodata +920.0 text -4106.0
>        arm: (for 5/5 boards) all +1254.4 rodata +940.0 text +314.4
>    sandbox: (for 2/2 boards) all -4452.0 data -16.0 rodata +640.0 text -5076.0

[1] e0c1b49f5b
[2] f302ad8811/lib/libzstd.mk (L31)

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
[trini: Set ret to -EINVAL for the error of "failed to detect
compressed" to fix warning, drop ZSTD_SRCSIZEHINT_MAX for non-Linux host
tool builds]
Signed-off-by: Tom Rini <trini@konsulko.com>
2023-01-18 19:04:17 -05:00
Qu Wenruo
11d5670125 fs/btrfs: handle data extents, which crosss stripe boundaries, correctly
[BUG]
Since btrfs supports single device RAID0 at mkfs time after btrfs-progs
v5.14, if we create a single device raid0 btrfs, and created a file
crossing stripe boundary:

  # mkfs.btrfs -m dup -d raid0 test.img
  # mount test.img mnt
  # xfs_io -f -c "pwrite 0 128K" mnt/file
  # umount mnt

Since btrfs is using 64K as stripe length, above 128K data write is
definitely going to cross at least one stripe boundary.

Then u-boot would fail to read above 128K file:

 => host bind 0 /home/adam/test.img
 => ls host 0
 <   >     131072  Fri Dec 30 00:18:25 2022  file
 => load host 0 0 file
 BTRFS: An error occurred while reading file file
 Failed to load 'file'

[CAUSE]
Unlike tree blocks read, data extent reads doesn't consider cases in which
one data extent can cross stripe boundary.

In read_data_extent(), we just call btrfs_map_block() once and read the
first mapped range.

And if the first mapped range is smaller than the desired range, it
would return error.

But since even single device btrfs can utilize RAID0 profiles, the first
mapped range can only be at most 64K for RAID0 profiles, and cause false
error.

[FIX]
Just like read_whole_eb(), we should call btrfs_map_block() in a loop
until we read all data.

Since we're here, also add extra error messages for the following cases:

- btrfs_map_block() failure
  We already have the error message for it.

- Missing device
  This should not happen, as we only support single device for now.

- __btrfs_devread() failure

With this bug fixed, btrfs driver of u-boot can properly read the above
128K file, and have the correct content:

 => host bind 0 /home/adam/test.img
 => ls host 0
 <   >     131072  Fri Dec 30 00:18:25 2022  file
 => load host 0 0 file
 131072 bytes read in 0 ms
 => md5sum 0 0x20000
 md5 for 00000000 ... 0001ffff ==> d48858312a922db7eb86377f638dbc9f
 ^^^ Above md5sum also matches.

Reported-by: Sam Winchenbach <swichenbach@tethers.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
2023-01-11 15:02:24 -05:00
David Oberhollenzer
bf48dde80a fs/squashfs: Only use export table if available
For a squashfs filesystem, the fragment table is followed by
the following tables: NFS export table, ID table, xattr table.

The export and xattr tables are both completely optional, but
the ID table is mandatory. The Linux implementation refuses to
mount the image if the ID table is missing. Tables that are no
present have their location in the super block set
to 0xFFFFFFFFFFFFFFFF.

The u-boot implementation previously assumed that it can always
rely on the export table location as an upper bound for the fragment
table, trying (and failing) to read past filesystem bounds if it
is not present.

This patch changes the driver to use the ID table instead and only
use the export table location if it lies between the two.

Signed-off-by: David Oberhollenzer <goliath@infraroot.at>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
2023-01-11 15:02:24 -05:00
Kasper Revsbech
aeea67f9a0 fs/squashfs: use lldiv function for math
When compling for x86:
u-boot/fs/squashfs/sqfs.c:90: undefined reference to `__udivmoddi4'

Signed-off-by: Kasper Revsbech <kasper.revsbech.ext@siemensgamesa.com>
Tested-by: Sean Nyekjaer <sean@geanix.com>
2022-12-08 09:29:02 -05:00
Mikhail Ilin
04e6332ec0 fs: ext4: Fix free(NULL)
The 'depth_dirname', 'ptr', 'parent_inode' and 'first_inode' pointers
may be null. Thus, it is necessary to check them before using free() to
avoid free(NULL) cases.

Fixes: 934b14f2bb ("ext4: free allocations by parse_path()")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
2022-12-08 09:28:31 -05:00
Pali Rohár
6b752c729e ubifs: Allow to silence debug dumps
Debug dump logs are not always required. Add a new config option
UBIFS_SILENCE_DEBUG_DUMP to silence all debug dumps. On powerpc/mpc85xx
when enabled this will decrease size of U-Boot binary by 11 kB.

Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Tony Dinh <mibodhi@gmail.com>
2022-11-23 13:06:12 -05:00
Tom Rini
3b677dcd9d fs: jffs2: Move SYS_JFFS2_SORT_FRAGMENTS to Kconfig
Move the symbol SYS_JFFS2_SORT_FRAGMENTS to Kconfig and use the only
remaining part of doc/README.JFFS2 that is still relevant and useful to
the help for this option.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-10 09:45:54 -05:00
Simon Glass
f337fb9ea8 fs: Quieten down the filesystems more
When looking for a filesystem on a partition we should do so quietly. At
present if the filesystem is very small (e.g. 512 bytes) we get a host of
messages.

Update these to only show when debugging.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-10-17 21:17:12 -06:00
Tom Rini
2d45913534 Merge branch 'next' 2022-10-03 15:39:46 -04:00
Pankaj Raghav
34d5feaefe fs: btrfs: remove the usage of undeclared fs_mutex variable
This line probably got in by mistake as there is no fs_mutex member in
the btrfs_fs_info struct.

Signed-off-by: Pankaj Raghav <p.raghav@samsung.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
2022-09-29 10:10:39 -04:00
Simon Glass
8149b1500d blk: Rename if_type to uclass_id
Use the word 'uclass' instead of 'if_type' to complete the conversion.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-25 08:30:05 -06:00
Stefan Roese
29caf9305b cyclic: Use schedule() instead of WATCHDOG_RESET()
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
2022-09-18 10:26:33 +02:00
Simon Glass
a51eb8de31 blk: Use a function for whether block devices are available
At present we use HAVE_BLOCK_DEVICE to indicate when block devices are
available.

This is a very strange option, since it partially duplicates the BLK
option used by driver model. It also covers both U-Boot proper and SPL,
even though one might have block devices and another not.

As a first step towards correcting this, create a new inline function
called blk_enabled() which indicates if block devices are available.
This cannot be used in Makefiles, or #if clauses, but can be used in C
code.

A function is useful because we cannot use CONFIG_IS_ENABLED(BLK) to
decide if block devices are needed, since we must consider the legacy
block interface, enabled by HAVE_BLOCK_DEVICE

Update a few places where it can be used and drop some unnecessary #if
checks around some functions in disk/part.c - rely on the compiler's
dead-code elimination instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:00 -04:00
Stefan Roese
661cdaa79d cyclic: Integrate cyclic infrastructure into WATCHDOG_RESET
This patch integrates the main function responsible for calling all
registered cyclic functions cyclic_run() into the common WATCHDOG_RESET
macro. This guarantees that cyclic_run() is executed very often, which
is necessary for the cyclic functions to get scheduled and executed at
their configured periods.

If CONFIG_WATCHDOG is not enabled, only cyclic_run() without calling
watchdog_reset(). This guarantees that the cyclic functionality does not
rely on CONFIG_WATCHDOG being enabled.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-13 16:01:43 -04:00
Heinrich Schuchardt
f508fad36d fs/erofs: silence erofs_probe()
fs_set_blk_dev() probes all file-systems until it finds one that matches
the volume. We do not expect any console output for non-matching
file-systems.

Convert error messages in erofs_read_superblock() to debug output.

Fixes: 830613f8f5 ("fs/erofs: add erofs filesystem support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Huang Jianan <jnhuang95@gmail.com>
2022-08-13 11:09:49 +02:00
Simon Glass
4e4bf9449b common: Drop display_options.h from common header
Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-10 13:46:55 -04:00
Tom Rini
17ead040d4 Audit <flash.h> inclusion
A large number of files include <flash.h> as it used to be how various
SPI flash related functions were found, or for other reasons entirely.
In order to migrate some further CONFIG symbols to Kconfig we need to
not include flash.h in cases where we don't have a NOR flash of some
sort enabled.  Furthermore, in cases where we are in common code and it
doesn't make sense to try and further refactor the code itself in to new
files we need to guard this inclusion.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-08-04 16:18:47 -04:00
Marek Behún
61143f741e treewide: Fix Marek's name and change my e-mail address
Fix diacritics in some instances of my name and change my e-mail address
to kabel@kernel.org.

Add corresponding .mailmap entries.

Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-07-21 10:14:04 +02:00
Pali Rohár
e2e6caa01b ubifs: Use U-Boot assert() from <log.h> in UBI/UBIFS code
U-Boot already provides assert function, so it use also in ubi and ubifs code.

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-07-20 05:50:13 +02:00
Pali Rohár
b4f210563e ubifs: Fix ubifs_assert_cmt_locked()
U-Boot does not implement down_write_trylock() and its stub always returns
true that lock was acquired. Therefore ubifs_assert_cmt_locked() assert
currently always fails.

Fix this issue by redefining ubifs_assert_cmt_locked() to just empty stub
as there is nothing to assert.

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-07-20 05:49:57 +02:00
Tom Rini
36b661dc91 Merge branch 'next' 2022-07-11 14:58:57 -04:00
Pali Rohár
69ca709d0f ubifs: Fix reference count leak in ubifsumount
Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:

  => ubi part mtd2
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. Note that when ubifs_umount() is not called then during error
handling is still needed to call ubi_close_volume() and mutex_unlock.

With this change ubifsumount command does not throw that error anymore:

  => ubi part rootfs
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-07-08 09:05:47 -04:00
Tom Rini
b340199f82 spl: Ensure all SPL symbols in Kconfig have some SPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-07-07 09:29:08 -04:00
Miquel Raynal
7f7fb9937c fs/squashfs: Use kcalloc when relevant
A crafted squashfs image could embed a huge number of empty metadata
blocks in order to make the amount of malloc()'d memory overflow and be
much smaller than expected. Because of this flaw, any random code
positioned at the right location in the squashfs image could be memcpy'd
from the squashfs structures into U-Boot code location while trying to
access the rearmost blocks, before being executed.

In order to prevent this vulnerability from being exploited in eg. a
secure boot environment, let's add a check over the amount of data
that is going to be allocated. Such a check could look like:

if (!elem_size || n > SIZE_MAX / elem_size)
	return NULL;

The right way to do it would be to enhance the calloc() implementation
but this is quite an impacting change for such a small fix. Another
solution would be to add the check before the malloc call in the
squashfs implementation, but this does not look right. So for now, let's
use the kcalloc() compatibility function from Linux, which has this
check.

Fixes: c510061303 ("fs/squashfs: new filesystem")
Reported-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com>
2022-06-28 15:51:56 -04:00
Tom Rini
52af0101be Merge branch 'master' into next
Merge in v2022.07-rc5.
2022-06-20 14:40:59 -04:00
Miquel Raynal
2ac0baab4a fs/squashfs: sqfs_read: Prevent arbitrary code execution
Following Jincheng's report, an out-of-band write leading to arbitrary
code execution is possible because on one side the squashfs logic
accepts directory names up to 65535 bytes (u16), while U-Boot fs logic
accepts directory names up to 255 bytes long.

Prevent such an exploit from happening by capping directory name sizes
to 255. Use a define for this purpose so that developers can link the
limitation to its source and eventually kill it some day by dynamically
allocating this array (if ever desired).

Link: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com
Reported-by: Jincheng Wang <jc.w4ng@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Jincheng Wang <jc.w4ng@gmail.com>
2022-06-16 15:22:55 -04:00
Heinrich Schuchardt
84378d5c86 fs/squashfs: fix sqfs_read_sblk()
Setting sblk = NULL has no effect on the caller.
We want to set *sblk = NULL if an error occurrs to avoid usage after free.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-06 17:47:17 -04:00
Heinrich Schuchardt
89ab1e2817 btrfs: simplify lookup_data_extent()
After returning if ret <= 0 we know that ret > 0. No need to check it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Anand Jain <anand.jain>
2022-06-06 17:47:17 -04:00
Pali Rohár
9320db0926 squashfs: Fix compilation on big endian systems
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
2022-06-03 11:15:24 -04:00
Pali Rohár
339f652992 ubifs: Fix lockup/crash when reading files
Commit b1a14f8a1c ("UBIFS: Change ubifsload to not read beyond the
requested size") added optimization to do not read more bytes than it is
really needed. But this commit introduced incorrect handling of the hole at
the end of file. This logic cause U-Boot to crash or lockup when trying to
read from the ubifs filesystem.

When read_block() call returns -ENOENT error (not an error, but the hole)
then dn-> structure is not filled and contain garbage. So using of dn->size
for memcpy() argument cause that U-Boot tries to copy unspecified amount of
bytes from possible unmapped memory. Which randomly cause lockup of P2020
CPU.

Fix this issue by copying UBIFS_BLOCK_SIZE bytes from read buffer when
dn->size is not available. UBIFS_BLOCK_SIZE is the size of the buffer
itself and read_block() fills buffer by zeros when it returns -ENOENT.

This patch fixes ubifsload on P2020.

Fixes: b1a14f8a1c ("UBIFS: Change ubifsload to not read beyond the requested size")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-06-03 10:23:22 -04:00
Sean Nyekjaer
92080c6ef6 fs/squashfs: use lldiv function for math
When compling for x86:
ld.bfd: fs/squashfs/sqfs.o: in function `sqfs_read':
u-boot/fs/squashfs/sqfs.c:1443: undefined reference to `__udivmoddi4'
ld.bfd: u-boot/fs/squashfs/sqfs.c:1521: undefined reference to `__udivmoddi4'

Signed-off-by: Sean Nyekjaer <sean.nyekjaer.ext@siemensgamesa.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Pali Rohár <pali@kernel.org>
2022-05-23 09:33:10 -04:00
Simon Glass
7d0478d241 bootstd: sandbox: Add a hostfs bootdev
It is helpful to be able to try out bootstd on sandbox, using host files.
This is easier than using a block device, which must have a filesystem,
partition table, etc.

Add a new driver which provides this feature. For now it is not used in
tests, but it is likely to be useful.

Add notes in the devicetree also, but don't disturb the tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:04 -04:00
Simon Glass
c24e58f599 fs: Add a function to set the filesystem type
When sandbox is used with hostfs we won't have a block device, but still
must set up the filesystem type before any filesystem operation, such as
loading a file. Add a function to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Pali Rohár
4f0e77f8f0 fs: ext4: Use CRC-16 implementation from linux/crc16.h
Implementation in linux/crc16.h provides standard CRC-16 algorithm with
polynomial x^16 + x^15 + x^2 + 1. Use it and remove duplicate ext4 CRC-16
specific code.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
1a47e6d47c crc16: Move standard CRC-16 implementation from ubifs to lib
This implementation provides standard CRC-16 algorithm with polynomial
x^16 + x^15 + x^2 + 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
e523f5d181 crc16: Rename fs/ubifs/crc16.h to include/linux/crc16.h
File fs/ubifs/crc16.h is standard linux's crc16.h include file. So move it
from fs/ubifs to include/linux where are also other linux include files.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
f362deaefb fs: Allow to compile FS_SQUASHFS only for proper U-Boot
CONFIG_SPL_FS_SQUASHFS cannot be disabled when CONFIG_FS_SQUASHFS is
enabled. Fix it.

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-04-21 09:08:57 -04:00
Pali Rohár
b8a7916467 fs: Allow to compile FS_BTRFS when SPL is enabled
Currently there is no btrfs support in SPL. But macro CONFIG_FS_BTRFS is
defined also when building SPL. When both FS_BTRFS and SPL are enabled
then build process throw compile error.

Fix check for btrfs code in fstypes[] to allow compiling FS_BTRFS only in
proper U-Boot.

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-04-19 14:54:15 -04:00
Pali Rohár
c4bbbed371 btrfs: Fix compilation on big endian systems
Fix following two compile errors on big endian systems:

  CC      fs/btrfs/btrfs.o
In file included from include/linux/byteorder/big_endian.h:107,
                 from ./arch/powerpc/include/asm/byteorder.h:82,
                 from ./arch/powerpc/include/asm/bitops.h:8,
                 from include/linux/bitops.h:152,
                 from include/uuid.h:9,
                 from fs/btrfs/btrfs.c:10:
fs/btrfs/conv-funcs.h: In function ‘btrfs_key_to_disk’:
include/linux/byteorder/generic.h:90:21: error: ‘__cpu_to_le16’ undeclared (first use in this function); did you mean ‘__cpu_to_le16p’?
 #define cpu_to_le16 __cpu_to_le16
                     ^~~~~~~~~~~~~
fs/btrfs/conv-funcs.h:79:10: note: in expansion of macro ‘cpu_to_le16’
   __u16: cpu_to_le16,     \
          ^~~~~~~~~~~

  CC      fs/btrfs/compression.o
In file included from ./arch/powerpc/include/asm/unaligned.h:9,
                 from fs/btrfs/compression.c:16:
include/linux/unaligned/access_ok.h:6:19: error: redefinition of ‘get_unaligned_le16’
 static inline u16 get_unaligned_le16(const void *p)
                   ^~~~~~~~~~~~~~~~~~
In file included from fs/btrfs/ctree.h:16,
                 from fs/btrfs/btrfs.h:12,
                 from fs/btrfs/compression.c:8:
include/linux/unaligned/le_byteshift.h:40:19: note: previous definition of ‘get_unaligned_le16’ was here
 static inline u16 get_unaligned_le16(const void *p)
                   ^~~~~~~~~~~~~~~~~~

Include file asm/unaligned.h contains arch specific macros and functions
for unaligned access as opposite to linux/unaligned le_byteshift.h which
contains macros and functions specific to little endian systems only.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Qu Wenruo <wqu@suse.com>
2022-04-19 14:52:34 -04:00
Heinrich Schuchardt
9bd89bbd71 fs/squashfs: simplify sqfs_read()
* Don't check argument of free(). Free does this itself.
* Reduce scope of data_buffer. Remove duplicate free().
* Avoid superfluous NULL assignment.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
2022-04-19 14:51:11 -04:00