Commit graph

38 commits

Author SHA1 Message Date
Campbell Suter
9dba07f143 Fix squashfs failing to load sparse files
SquashFS supports sprase blocks in files - that is, if a given block is
composed only of zeros, it's not written to the output file to save
space and it's on-disk length field is set to zero to indicate that.

Previously the squashfs driver did not recognise that, and would attempt
to read and decompress a zero-sized block, which obviously failed.

The following command may be used to create a file for testing:

cat <(dd if=/dev/urandom of=/dev/stdout bs=1M count=1) \
	<(dd if=/dev/zero of=/dev/stdout bs=1M count=1) \
	<(dd if=/dev/urandom of=/dev/stdout bs=1k count=200) >test_file

Signed-off-by: Campbell Suter <campbell@snapit.group>
2021-01-20 14:01:44 -05:00
Richard Genoud
7e932ac790 fs/squashfs: sqfs_close/sqfs_read_sblk: set ctxt.sblk to NULL after free
This will prevent a double free error if sqfs_close() is called twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-12-02 16:21:58 -05:00
Richard Genoud
dd4866b437 fs/squashfs: implement exists() function
This permits to find a file and use the distro_bootcmd

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
21b1b3bad5 fs/squashfs: sqfs_read: remove buggy offset functionality
offset is the offset in the file read, not the offset in the destination
buffer.
If the offset is not null, this will lead to a memory corruption.
So, for now, we are returning an error if the offset is used.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
cbd5e40ede fs/squashfs: sqfs_read: don't write beyond buffer size
The length of the buffer wasn't taken into account when writing to the
given buffer.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
6d25bd3e9c fs/squashfs: sqfs_probe: use sqfs_decompressor_init() return value
sqfs_decompressor_init() returns a value, so it's better to use it than
to force the return value to EINVAL (it could be ENOMEM)

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
56cf1ceee3 fs/squashfs: sqfs_probe: reset cur_dev/cur_part_info to NULL on error
Resetting the context on error will prevent some checks like:
if (!ctx.cur_dev)
To pass when the probe method has failed

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
ccd4c08a45 fs/squashfs: sqfs_probe: fix possible memory leak on error
If SquashFS magic number is invalid, there's a memory leak.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
571b67ee1d fs/squashfs: sqfs_read: fix memory leak on finfo.blk_sizes
finfo.blk_sizes may not be freed in case of error in the for loop
Setting it to null and freeing it at the end makes prevents that from
happening.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
33686804d2 fs/squashfs: sqfs_get_abs_path: fix possible memory leak on error
if  sqfs_tokenize(rel_tokens, rc, rel); fails, the function exits
without freeing the array base_tokens.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
53db0e24a8 fs/squashfs: sqfs_get_abs_path: fix error check
the return value of sqfs_tokenize(rel_tokens, rc, rel); wasn't checked.
(but "ret" value was !)
This is obviouly a typo.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
c9b8e86f8b fs/squashfs: sqfs_frag_lookup: simplify error handling
For consistency with other functions.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
555459e793 fs/squashfs: sqfs_read: fix another memory leak
data_buffer was allocated in a loop and freed only once.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
7ce9745cbe fs/squashfs: sqfs_read: fix memory leak
sqfs_closedir() should be called to free memory allocated by
sqfs_opendir()

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
b34949fe9b fs/squashfs: sqfs_read: remove useless sqfs_closedir()
as sqfs_opendir failed, there's no need to call sqfs_closedir

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
d1d8d75f69 fs/squashfs: sqfs_read: fix dangling pointer dirs->entry
dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
35475f83a1 fs/squashfs: sqfs_size: remove useless sqfs_closedir()
as sqfs_opendir failed, there's no need to call sqfs_closedir

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
508a9dc7f6 fs/squashfs: sqfs_size: fix dangling pointer dirs->entry
dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
dc3312c43c fs/squashfs: sqfs_concat_tokens: check if malloc succeeds
memory allocation should always be checked

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
4c83d27557 fs/squashfs: sqfs_read_inode_table: fix dangling pointer
inode_table should not be left dangling as it may be freed in sqfs_opendir

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
cd54591afd fs/squashfs: sqfs_search_dir: fix memory leaks
path, target, res, rem and sym_tokens were not free on error nor success.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
01e71ec61a fs/squashfs: sqfs_search_dir: fix dangling pointer
dirs->entry shouldn't be left dangling as it could be freed twice.

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
7d23b2c5fb fs/squashfs: sqfs_read_directory_table: fix memory leak
pos_list wasn't freed on every error

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
5487477802 fs/squashfs: sqfs_split_path: fix memory leak and dangling pointers
*file and *dir were not freed on error

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
87d11e08e4 fs/squashfs: sqfs_closedir: fix memory leak
sqfs_dirs wasn't freed anywhere.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
ea1b1651c6 fs/squashfs: sqfs_opendir: simplify error handling
Using only one label permits to prevents bugs when moving code around.

Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Richard Genoud
f268768d43 fs/squashfs: sqfs_opendir: fix some memory leaks and dangling pointers
When trying to load an non-existing file, the cpu hangs!

Signed-off-by: Richard Genoud <richard.genoud@posteo.net>
2020-11-19 09:45:49 -05:00
Gerard Koskamp
c49b0eb034 fs/squashfs: Fix index off by 1 for inode SQFS_LDIR_TYPE
I've created a squashfs file system with Yocto (it use squashfs-tools)
and u-boot command sqfsls give the error:'Error while searching inode:
unknown type.'
After some digging in the code I found that the index is off by 1.
This patch fix this issue and I can successful use the sqfsls command.
After search for the squashfs format I found a link talk about a
similar issue but this time in the documentation. The link is:
https://github.com/AgentD/squashfs-tools-ng/commit/e6588526838caece9529

Signed-off-by: Gerard Koskamp <gerard.koskamp@nedap.com>
Tested-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-11-19 09:45:49 -05:00
Heinrich Schuchardt
0ed375ebb1 fs/squashfs: parameter check sqfs_read_metablock()
We should check if the incoming parameter file_mapping is not NULL instead
of checking after adding an offset.

Reported-by: Coverity CID 307210
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-29 13:19:08 -04:00
Joao Marcos Costa
a7dc37d38c fs/squashfs: Fix Coverity Scan defects
Fix control flow issues and null pointer dereferences.

Signed-off-by: Joao Marcos Costa <jmcosta944@gmail.com>
2020-09-18 16:19:58 -04:00
Joao Marcos Costa
c9875a5fe8 fs/squashfs: Fix Coverity Scan defects
Fix defects such as uninitialized variables and untrusted pointer
operations. Most part of the tainted variables and the related defects
actually comes from Linux's macro get_unaligned_le**, extensively used
in SquashFS code. Add sanity checks for those variables.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-24 14:11:31 -04:00
Joao Marcos Costa
6dfed163bd fs/squashfs: add support for LZO decompression
Add call to lzo's lzo1x_decompress_safe() into sqfs_decompress().

U-Boot's LZO sources may still have some unsolved issues that could make the
decompression crash when dealing with fragmented files, so those should be
avoided. The "-no-fragments" option can be passed to mksquashfs.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-24 14:11:31 -04:00
Joao Marcos Costa
9c948f536f fs/squashfs: add support for ZSTD decompression
Add call to ZSTD's ZSTD_decompressDCtx(). In this use case, the caller
can upper bound the decompressed size, which will be the SquashFS data
block (or metadata block) size, so there is no need to use streaming
API. Add ZSTD's worskpace to squashfs_ctxt structure.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-24 14:11:31 -04:00
Joao Marcos Costa
cdc114415c fs/squashfs: replace sqfs_decompress() parameter
Replace 'u16 comp_type' by a reference to squashfs_ctxt structure.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-24 14:11:31 -04:00
Joao Marcos Costa
10f7cf5f12 fs/squashfs: Add init and clean-up functions to decompression
Add sqfs_decompressor_init() and sqfs_decompressor_cleanup(). These
functions are called respectively in sqfs_probe() and sqfs_close(). For
now, only ZSTD requires an initialization logic. ZSTD support will be
added in a follow-up commit.

Move squashfs_ctxt definition to sqfs_filesystem.h. This structure is
passed to sqfs_decompressor_init() and sqfs_decompressor_cleanup(), so
it can no longer be local to sqfs.c.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-24 14:11:31 -04:00
Joao Marcos Costa
3634b35089 fs/squashfs: add support for zlib decompression
Add call to zlib's 'uncompress' function. Add function to display the
right error message depending on the decompression's return value.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-07 22:31:32 -04:00
Joao Marcos Costa
81014f73f0 include/u-boot, lib/zlib: add sources for zlib decompression
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-07 22:31:32 -04:00
Joao Marcos Costa
c510061303 fs/squashfs: new filesystem
Add support for SquashFS filesystem. Right now, it does not support
compression but support for zlib will be added in a follow-up commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-07 22:31:32 -04:00