u-boot/fs/ext4/ext4fs.c
Eugen Hristev e71a969cea fs: ext4: fix crash on ext4ls
Found a crash while issuing ext4ls with a non-existent directory.
Crash test:

=> ext4ls mmc 0 1
** Can not find directory. **
data abort
pc : [<3fd7c2ec>]          lr : [<3fd93ed8>]
reloc pc : [<26f142ec>]    lr : [<26f2bed8>]
sp : 3f963338  ip : 3fdc3dc4     fp : 3fd6b370
r10: 00000004  r9 : 3f967ec0     r8 : 3f96db68
r7 : 3fdc99b4  r6 : 00000000     r5 : 3f96dc88  r4 : 3fdcbc8c
r3 : fffffffa  r2 : 00000000     r1 : 3f96e0bc  r0 : 00000002
Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
Resetting CPU ...

resetting ...

Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)

Looks like crash is introduced by commit:
"fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls

Issue is that dirnode is not initialized, and then freed if the call
to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
thus we have a crash with data abort.

I added initialization and a check for dirname being NULL.

Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-05-23 17:30:04 -04:00

254 lines
5.7 KiB
C

// SPDX-License-Identifier: GPL-2.0+
/*
* (C) Copyright 2011 - 2012 Samsung Electronics
* EXT4 filesystem implementation in Uboot by
* Uma Shankar <uma.shankar@samsung.com>
* Manjunatha C Achar <a.manjunatha@samsung.com>
*
* ext4ls and ext4load : Based on ext2 ls and load support in Uboot.
* Ext4 read optimization taken from Open-Moko
* Qi bootloader
*
* (C) Copyright 2004
* esd gmbh <www.esd-electronics.com>
* Reinhard Arlt <reinhard.arlt@esd-electronics.com>
*
* based on code from grub2 fs/ext2.c and fs/fshelp.c by
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
*
* ext4write : Based on generic ext4 protocol.
*/
#include <common.h>
#include <ext_common.h>
#include <ext4fs.h>
#include "ext4_common.h"
#include <div64.h>
int ext4fs_symlinknest;
struct ext_filesystem ext_fs;
struct ext_filesystem *get_fs(void)
{
return &ext_fs;
}
void ext4fs_free_node(struct ext2fs_node *node, struct ext2fs_node *currroot)
{
if ((node != &ext4fs_root->diropen) && (node != currroot))
free(node);
}
/*
* Taken from openmoko-kernel mailing list: By Andy green
* Optimized read file API : collects and defers contiguous sector
* reads into one potentially more efficient larger sequential read action
*/
int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
loff_t len, char *buf, loff_t *actread)
{
struct ext_filesystem *fs = get_fs();
int i;
lbaint_t blockcnt;
int log2blksz = fs->dev_desc->log2blksz;
int log2_fs_blocksize = LOG2_BLOCK_SIZE(node->data) - log2blksz;
int blocksize = (1 << (log2_fs_blocksize + log2blksz));
unsigned int filesize = le32_to_cpu(node->inode.size);
lbaint_t previous_block_number = -1;
lbaint_t delayed_start = 0;
lbaint_t delayed_extent = 0;
lbaint_t delayed_skipfirst = 0;
lbaint_t delayed_next = 0;
char *delayed_buf = NULL;
short status;
if (blocksize <= 0)
return -1;
/* Adjust len so it we can't read past the end of the file. */
if (len + pos > filesize)
len = (filesize - pos);
blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
long int blknr;
int blockoff = pos - (blocksize * i);
int blockend = blocksize;
int skipfirst = 0;
blknr = read_allocated_block(&(node->inode), i);
if (blknr < 0)
return -1;
blknr = blknr << log2_fs_blocksize;
/* Last block. */
if (i == blockcnt - 1) {
blockend = (len + pos) - (blocksize * i);
/* The last portion is exactly blocksize. */
if (!blockend)
blockend = blocksize;
}
/* First block. */
if (i == lldiv(pos, blocksize)) {
skipfirst = blockoff;
blockend -= skipfirst;
}
if (blknr) {
int status;
if (previous_block_number != -1) {
if (delayed_next == blknr) {
delayed_extent += blockend;
delayed_next += blockend >> log2blksz;
} else { /* spill */
status = ext4fs_devread(delayed_start,
delayed_skipfirst,
delayed_extent,
delayed_buf);
if (status == 0)
return -1;
previous_block_number = blknr;
delayed_start = blknr;
delayed_extent = blockend;
delayed_skipfirst = skipfirst;
delayed_buf = buf;
delayed_next = blknr +
(blockend >> log2blksz);
}
} else {
previous_block_number = blknr;
delayed_start = blknr;
delayed_extent = blockend;
delayed_skipfirst = skipfirst;
delayed_buf = buf;
delayed_next = blknr +
(blockend >> log2blksz);
}
} else {
int n;
if (previous_block_number != -1) {
/* spill */
status = ext4fs_devread(delayed_start,
delayed_skipfirst,
delayed_extent,
delayed_buf);
if (status == 0)
return -1;
previous_block_number = -1;
}
/* Zero no more than `len' bytes. */
n = blocksize - skipfirst;
if (n > len)
n = len;
memset(buf, 0, n);
}
buf += blocksize - skipfirst;
}
if (previous_block_number != -1) {
/* spill */
status = ext4fs_devread(delayed_start,
delayed_skipfirst, delayed_extent,
delayed_buf);
if (status == 0)
return -1;
previous_block_number = -1;
}
*actread = len;
return 0;
}
int ext4fs_ls(const char *dirname)
{
struct ext2fs_node *dirnode = NULL;
int status;
if (dirname == NULL)
return 0;
status = ext4fs_find_file(dirname, &ext4fs_root->diropen, &dirnode,
FILETYPE_DIRECTORY);
if (status != 1) {
printf("** Can not find directory. **\n");
if (dirnode)
ext4fs_free_node(dirnode, &ext4fs_root->diropen);
return 1;
}
ext4fs_iterate_dir(dirnode, NULL, NULL, NULL);
ext4fs_free_node(dirnode, &ext4fs_root->diropen);
return 0;
}
int ext4fs_exists(const char *filename)
{
loff_t file_len;
int ret;
ret = ext4fs_open(filename, &file_len);
return ret == 0;
}
int ext4fs_size(const char *filename, loff_t *size)
{
return ext4fs_open(filename, size);
}
int ext4fs_read(char *buf, loff_t offset, loff_t len, loff_t *actread)
{
if (ext4fs_root == NULL || ext4fs_file == NULL)
return -1;
return ext4fs_read_file(ext4fs_file, offset, len, buf, actread);
}
int ext4fs_probe(struct blk_desc *fs_dev_desc,
disk_partition_t *fs_partition)
{
ext4fs_set_blk_dev(fs_dev_desc, fs_partition);
if (!ext4fs_mount(fs_partition->size)) {
ext4fs_close();
return -1;
}
return 0;
}
int ext4_read_file(const char *filename, void *buf, loff_t offset, loff_t len,
loff_t *len_read)
{
loff_t file_len;
int ret;
ret = ext4fs_open(filename, &file_len);
if (ret < 0) {
printf("** File not found %s **\n", filename);
return -1;
}
if (len == 0)
len = file_len;
return ext4fs_read(buf, offset, len, len_read);
}
int ext4fs_uuid(char *uuid_str)
{
if (ext4fs_root == NULL)
return -1;
#ifdef CONFIG_LIB_UUID
uuid_bin_to_str((unsigned char *)ext4fs_root->sblock.unique_id,
uuid_str, UUID_STR_FORMAT_STD);
return 0;
#else
return -ENOSYS;
#endif
}