summaryrefslogtreecommitdiff
path: root/fs/ext4
AgeCommit message (Collapse)Author
2020-02-05dm: core: Create a new header file for 'compat' featuresSimon Glass
At present dm/device.h includes the linux-compatible features. This requires including linux/compat.h which in turn includes a lot of headers. One of these is malloc.h which we thus end up including in every file in U-Boot. Apart from the inefficiency of this, it is problematic for sandbox which needs to use the system malloc() in some files. Move the compatibility features into a separate header file. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-07-18CVE-2019-13106: ext4: fix out-of-bounds memsetPaul Emge
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of the destination memory region. This patch adds a check to disallow this. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18ext4: gracefully fail on divide-by-0Paul Emge
This patch checks for 0 in several ext4 headers and gracefully fails instead of raising a divide-by-0 exception. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18CVE-2019-13104: ext4: check for underflow in ext4fs_read_filePaul Emge
in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18CVE-2019-13105: ext4: fix double-free in ext4_cache_readPaul Emge
ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18ext4: add support for filesystems without JOURNALMarek Szyprowski
JOURNAL is optional for EXT4 (and EXT3) filesystems, so add support for skipping it. This fixes corrupting EXT4 volumes without JOURNAL after using uboot's 'ext4write' command. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-07-18ext4: fix calculating inode blkcount for non-512 blocksize filesystemsMarek Szyprowski
The block count entry in the EXT4 filesystem disk structures uses standard 512-bytes units for most of the typical files. The only exception are HUGE files, which use the filesystem block size, but those are not supported by uboot's EXT4 implementation anyway. This patch fixes the EXT4 code to use proper unit count for inode block count. This fixes errors reported by fsck.ext4 on disks with non-standard (i.e. 4KiB, in case of new flash drives) PHYSICAL block size after using 'ext4write' uboot's command. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Lukasz Majewski <lukma@denx.de>
2019-04-09Fix ext4 block group descriptor sizingBenjamin Lim
Ext4 allows for arbitrarily sized block group descriptors when 64-bit addressing is enabled, which was previously not properly supported. This patch dynamically allocates a chunk of memory of the correct size. Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com>
2019-04-09fs: ext4: Problem with ext4load and sparse filesGero Schumacher
Hi, when I try to load a sparse file via ext4load, I am getting the error message 'invalid extent' After a deeper look in the code, it seems to be an issue in the function ext4fs_get_extent_block in fs/ext4/ext4_common.c: The file starts with 1k of zeros. The blocksize is 1024. So the first extend block contains the following information: eh_entries: 1 eh_depth: 1 ei_block 1 When the upper layer (ext4fs_read_file) asks for fileblock 0, we are running in the 'invalid extent' error message. For me it seems, that the code is not prepared for handling a sparse block at the beginning of the file. The following change, solved my problem: I am really not an expert in ext4 filesystems. Can somebody please have a look at this issue and give me a feedback, if I am totally wrong or not?
2019-04-09fs: ext4: Add support for the creation of symbolic linksJean-Jacques Hiblot
Re-use the functions used to write/create a file, to support creation of a symbolic link. The difference with a regular file are small: - The inode mode is flagged with S_IFLNK instead of S_IFREG - The ext2_dirent's filetype is FILETYPE_SYMLINK instead of FILETYPE_REG - Instead of storing the content of a file in allocated blocks, the path to the target is stored. And if the target's path is short enough, no block is allocated and the target's path is stored in ext2_inode.b.symlink As with regulars files, if a file/symlink with the same name exits, it is unlinked first and then re-created. Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> [trini: Fix ext4 env code] Signed-off-by: Tom Rini <trini@konsulko.com>
2019-04-09fs: ext4: constify the buffer passed to write functionsJean-Jacques Hiblot
There is no need to modify the buffer passed to ext4fs_write_file(). The memset() call is not required here and was likely copied from the equivalent part of the ext4fs_read_file() function where we do need it. Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-04-09fs: ext4: cache extent dataStephen Warren
When a file contains extents, U-Boot currently reads extent-related data for each block in the file, even if that data is located in the same block each time. This significantly slows down loading of files that use extents. Implement a very dumb cache to prevent repeatedly reading the same block. Files with extents now load as fast as files without. Note: There are many cases where read_allocated_block() is called. This patch only addresses one of those places; all others still read redundant data in any case they did before. This is a minimal patch to fix the load command; other cases aren't fixed. Signed-off-by: Stephen Warren <swarren@nvidia.com>
2019-03-22fs: ext4: do not write on filesystem with metadata_csum featureSébastien Szymanski
U-Boot doesn't support metadata_csum feature. Writing to filesystem with metadata_csum feature makes the filesystem corrupted and unbootable by Linux: [ 2.527495] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 0 failed (52188!=0) [ 2.537421] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 1 failed (5262!=0) ... [ 2.653308] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 14 failed (42611!=0) [ 2.662179] EXT4-fs (mmcblk0p2): ext4_check_descriptors: Checksum for group 15 failed (21527!=0) [ 2.687920] JBD2: journal checksum error [ 2.691982] EXT4-fs (mmcblk0p2): error loading journal [ 2.698292] VFS: Cannot open root device "mmcblk0p2" or unknown-block(179,2): error -74 Don't write to filesystem with meatadata_csum feature to not corrupt the filesystem. Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
2018-09-10Remove <inttypes.h> includes and PRI* usages in printf() entirelyMasahiro Yamada
In int-ll64.h, we always use the following typedefs: typedef unsigned int u32; typedef unsigned long uintptr_t; typedef unsigned long long u64; This does not need to match to the compiler's <inttypes.h>. Do not include it. The use of PRI* makes the code super-ugly. You can simply use "l" for printing uintptr_t, "ll" for u64, and no modifier for u32. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-05-23fs: ext4: fix crash on ext4lsEugen Hristev
Found a crash while issuing ext4ls with a non-existent directory. Crash test: => ext4ls mmc 0 1 ** Can not find directory. ** data abort pc : [<3fd7c2ec>] lr : [<3fd93ed8>] reloc pc : [<26f142ec>] lr : [<26f2bed8>] sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370 r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68 r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002 Flags: nZCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig) Looks like crash is introduced by commit: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Issue is that dirnode is not initialized, and then freed if the call to ext4_ls fails. ext4_ls will not change the value of dirnode in this case thus we have a crash with data abort. I added initialization and a check for dirname being NULL. Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Cc: Tom Rini <trini@konsulko.com> Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-03-09fs: ext4: Do not print mount fail message when not ext4 filesystemMarek Behún
Other filesystem drivers don't do this. Signed-off-by: Marek Behun <marek.behun@nic.cz>
2018-01-22fs: Migrate ext4 to KconfigTuomas Tynkkynen
Migrate the following symbols to Kconfig: CONFIG_FS_EXT4 CONFIG_EXT4_WRITE The definitions in config_fallbacks.h can now be expressed in Kconfig. Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2017-11-20ext4: recover from filesystem corruption when readingIan Ray
Some fixes when reading EXT files and directory entries were identified after using e2fuzz to corrupt an EXT3 filesystem: - Stop reading directory entries if the offset becomes badly aligned. - Avoid overwriting memory by clamping the length used to zero the buffer in ext4fs_read_file. Also sanity check blocksize. Signed-off-by: Ian Ray <ian.ray@ge.com> Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk> Reviewed-by: Stefano Babic <sbabic@denx.de>
2017-10-06fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_lsTom Rini
As reported by Coverity, we did not free dirnode in the case of failure. Do so now. Reported-by: Coverity (CID: 131221) Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-10-06fs/ext4: Fix group descriptor checksum calculationTuomas Tynkkynen
The current code doesn't compute the group descriptor checksum correctly for the filesystems that e2fsprogs 1.43.4 creates (they have 'Group descriptor size: 64' as reported by tune2fs). Extend the checksum calculation to be done as ext4_group_desc_csum() does in Linux. This fixes these errors in dmesg from running fs-test.sh and makes it succeed again: [1671902.620699] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (35782!=10965) [1671902.620706] EXT4-fs (loop1): group descriptors corrupted! Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
2017-10-02fs: Create a common fs_devread for ext4/reiserfs/zfsMarek Behún
The ext4, reiserfs and zfs filesystems all have their own implementation of the same function, *_devread. Generalize this function into fs_devread and put the code into fs/fs_internal.c. Signed-off-by: Marek Behun <marek.behun@nic.cz> [trini: Move fs/fs_internal.o hunk to the end of fs/Makefile as all cases need it] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-08-26fs: ext4: Fix journal overrun issue reported by CoverityTom Rini
While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2017-04-27ext4: Fix comparision of unsigned expression with < 0Lokesh Vutla
In file ext4fs.c funtion ext4fs_read_file() compares an unsigned expression with < 0 like below lbaint_t blknr; blknr = read_allocated_block(&(node->inode), i); if (blknr < 0) return -1; blknr is of type ulong/uint64_t. read_allocated_block() returns long int. So comparing blknr with < 0 will always be false. Instead declare blknr as long int. Similarly ext4/dev.c does a similar comparison. Drop the redundant comparison. Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-12-27fs/ext4: Initialize group descriptor size for revision level 0 filesystemsStefan Brüns
genext2fs creates revision level 0 filesystems, which are not readable by u-boot due to the initialized group descriptor size field. f798b1dda1c5de818b806189e523d1b75db7e72d Reported-by: Kever Yang <kever.yang@rock-chips.com> Reported-by: FrostyBytes@protonmail.com Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Tested-by: Kever Yang <kever.yang@rock-chips.com>
2016-11-21ext4: Allow reading files with non-zero offset, clamp read lenStefan Brüns
Support was already implemented, but not hooked up. This fixes several fails in the test cases. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Acked-by: Stephen Warren <swarren@wwwdotorg.org>
2016-11-21ext4: Fix handling of sparse filesStefan Brüns
A sparse file may have regions not mapped by any extents, at the start or at the end of the file, or anywhere between, thus not finding a matching extent region is never an error. Found by python filesystem tests. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-10-24ext4: Only write journal entries for modified blocks in unlink_filenameStefan Brüns
Instead of creating a journal entry for each directory block, even if the block is unmodified, only log the modified block. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-10-24ext4: Fix handling of direntlen in unlink_filenameStefan Brüns
The direntlen checks were quite bogus, i.e. the loop termination used "len + offset == blocksize" (exact match only), and checked for a direntlen less than 0. The latter can never happen as the len is unsigned, this has been reported by Coverity, CID 153384. Use the same code as in search_dir for directory traversal. This code has the correct checks for direntlen >= sizeof(struct dirent), and offset < blocksize. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 153383, 153384) Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-10-24ext4: cleanup unlink_filename functionStefan Brüns
Use the same variable names as in search_dir, to make purpose of variables more obvious. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-09-23treewide: replace #include <asm/errno.h> with <linux/errno.h>Masahiro Yamada
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have the same content. (both just wrap <asm-generic/errno.h>) Replace all include directives for <asm/errno.h> with <linux/errno.h>. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> [trini: Fixup include/clk.] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-23ext4: Revert rejection of 64bit enabled ext4 fsStefan Brüns
Enable mounting of ext4 fs with 64bit feature, as it is supported now. These had been disabled in 6f94ab6656ceffb3f2a972c8de4c554502b6f2b7. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Respect group descriptor size when adjusting free countsStefan Brüns
Also adjust high 16/32 bits when free inode/block counts are modified. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Use helper function to access group descriptor and its fieldsStefan Brüns
The descriptor size is variable, thus array indices are not generically applicable. The larger group descriptors also contain e.g. high parts of block numbers, which have to be read and written. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Use correct descriptor size when reading the block group descriptorStefan Brüns
The correct descriptor size must be used when calculating offsets, and also to read the correct amount of data. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Add helper functions for block group descriptor field accessStefan Brüns
The helper functions encapsulate access of the block group descriptors, independent of group descriptor size. The helpers also deal with the endianess of the fields, and with split fields like free_blocks/ free_blocks_high. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: determine group descriptor size for 64bit featureStefan Brüns
If EXT4_FEATURE_INCOMPAT_64BIT is set, the descriptor can be read from the superblocks, otherwise it defaults to 32. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Fix memory leak of journal buffer if block is updated multiple timesStefan Brüns
If the same block is updated multiple times in a row during a single file system operation, gd_index is decremented to use the same journal entry again. Avoid loosing the already allocated buffer. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Correct block number handling, empty block vs. error codeStefan Brüns
read_allocated block may return block number 0, which is just an indicator a chunk of the file is not backed by a block, i.e. it is sparse. During file deletions, just continue with the next logical block, for other operations treat blocknumber <= 0 as an error. For writes, blocknumber 0 should never happen, as U-Boot always allocates blocks for the whole file. Reading already handles this correctly, i.e. the read buffer is 0-fillled. Not treating block 0 as sparse block leads to FS corruption, e.g. ./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ; ext4write host 0 0 /2.5GB.file 1 ' The 2.5GB.file from the fs test is actually a sparse file. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: remove duplicated block release code for extentsStefan Brüns
The data blocks are identical for files using traditional direct/indirect block allocation scheme and extent trees, thus this code part can be common. Only the code to deallocate the indirect blocks to record the used blocks has to be seperate, respectively the code to release extent tree index blocks. Actually the code to release the extent tree index blocks is still missing, but at least add a FIXME at the appropriate place. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: initialize full inode for inodes bigger than 128 bytesStefan Brüns
Make sure the the extra_isize field (offset 128) is initialized to 0, to mark any extra data as invalid. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Use correct value for inode size even on revision 0 filesystemsStefan Brüns
fs->inodesz is already correctly (i.e. dependent on fs revision) initialized in ext4fs_mount. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Fix memory leak in case of failureStefan Brüns
temp_ptr should always be freed, even if the function is left via goto fail. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Avoid out-of-bounds access of block bitmapStefan Brüns
If the blocksize is 1024, count is initialized with 1. Incrementing count by 8 will never match (count == fs->blksz * 8), and ptr may be incremented beyond the buffer end if the bitmap is filled. Add the startblock offset after the loop. Remove the second loop, as only the first iteration will be done. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: After completely filled group, scan next group from the beginningStefan Brüns
The last free block of a block group may be in its middle. After it has been allocated, the next block group should be scanned from its beginning. The following command triggers the bad behaviour (on a blocksize 1024 fs): ./sandbox/u-boot -c 'i=0; host bind 0 ./disk.raw ; while test $i -lt 260 ; do echo $i; setexpr i $i + 1; ext4write host 0:2 0 /X${i} 0x1450; done ; ext4write host 0:2 0 /X240 0x2000 ; ' When 'X240' is extended from 5200 byte to 8192 byte, the new blocks should start from the first free block (8811), but it uses the blocks 8098-8103 and 16296-16297 -- 8103 + 1 + 8192 = 16296. This can be shown with debugfs, commands 'ffb' and 'stat X240'. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Do not clear zalloc'ed buffers a second timeStefan Brüns
zero_buffer is never written, thus clearing it is pointless. journal_buffer is completely initialized by ext4fs_devread (or in case of failure, not used). Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Only update number of of unused inodes if GDT_CSUM feature is setStefan Brüns
e2fsck warns about "Group descriptor 0 marked uninitialized without feature set." The bg_itable_unused field is only defined if FEATURE_RO_COMPAT_GDT_CSUM is set, and should be set (kept) zero otherwise. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Scan all directory blocks when looking up an entryStefan Brüns
Scanning only the direct blocks of the directory file may falsely report an existing file as nonexisting, and worse can also lead to creation of a duplicate entry on file creation. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Avoid corruption of directories with hash tree indexesStefan Brüns
While directories can be read using the old linear scan method, adding a new file would require updating the index tree (alternatively, the whole tree could be removed). Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Scan all directory blocks for space when inserting a new entryStefan Brüns
Previously, only the last directory block was scanned for available space. Instead, scan all blocks back to front, and if no sufficient space is found, eventually append a new block. Blocks are only appended if the directory does not use extents or the new block would require insertion of indirect blocks, as the old code does. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>