summaryrefslogtreecommitdiff
path: root/fs/ext4
AgeCommit message (Collapse)Author
2017-11-20ext4: recover from filesystem corruption when readingIan Ray
Some fixes when reading EXT files and directory entries were identified after using e2fuzz to corrupt an EXT3 filesystem: - Stop reading directory entries if the offset becomes badly aligned. - Avoid overwriting memory by clamping the length used to zero the buffer in ext4fs_read_file. Also sanity check blocksize. Signed-off-by: Ian Ray <ian.ray@ge.com> Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk> Reviewed-by: Stefano Babic <sbabic@denx.de>
2017-10-06fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_lsTom Rini
As reported by Coverity, we did not free dirnode in the case of failure. Do so now. Reported-by: Coverity (CID: 131221) Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-10-06fs/ext4: Fix group descriptor checksum calculationTuomas Tynkkynen
The current code doesn't compute the group descriptor checksum correctly for the filesystems that e2fsprogs 1.43.4 creates (they have 'Group descriptor size: 64' as reported by tune2fs). Extend the checksum calculation to be done as ext4_group_desc_csum() does in Linux. This fixes these errors in dmesg from running fs-test.sh and makes it succeed again: [1671902.620699] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (35782!=10965) [1671902.620706] EXT4-fs (loop1): group descriptors corrupted! Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
2017-10-02fs: Create a common fs_devread for ext4/reiserfs/zfsMarek Behún
The ext4, reiserfs and zfs filesystems all have their own implementation of the same function, *_devread. Generalize this function into fs_devread and put the code into fs/fs_internal.c. Signed-off-by: Marek Behun <marek.behun@nic.cz> [trini: Move fs/fs_internal.o hunk to the end of fs/Makefile as all cases need it] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-08-26fs: ext4: Fix journal overrun issue reported by CoverityTom Rini
While &p_jdb[fs->blksz] is a valid expression (it points *one* char sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is invalid (according to the C standard (C99/C11)). Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs); Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 165117, 165110) Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2017-04-27ext4: Fix comparision of unsigned expression with < 0Lokesh Vutla
In file ext4fs.c funtion ext4fs_read_file() compares an unsigned expression with < 0 like below lbaint_t blknr; blknr = read_allocated_block(&(node->inode), i); if (blknr < 0) return -1; blknr is of type ulong/uint64_t. read_allocated_block() returns long int. So comparing blknr with < 0 will always be false. Instead declare blknr as long int. Similarly ext4/dev.c does a similar comparison. Drop the redundant comparison. Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-12-27fs/ext4: Initialize group descriptor size for revision level 0 filesystemsStefan Brüns
genext2fs creates revision level 0 filesystems, which are not readable by u-boot due to the initialized group descriptor size field. f798b1dda1c5de818b806189e523d1b75db7e72d Reported-by: Kever Yang <kever.yang@rock-chips.com> Reported-by: FrostyBytes@protonmail.com Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Tested-by: Kever Yang <kever.yang@rock-chips.com>
2016-11-21ext4: Allow reading files with non-zero offset, clamp read lenStefan Brüns
Support was already implemented, but not hooked up. This fixes several fails in the test cases. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Acked-by: Stephen Warren <swarren@wwwdotorg.org>
2016-11-21ext4: Fix handling of sparse filesStefan Brüns
A sparse file may have regions not mapped by any extents, at the start or at the end of the file, or anywhere between, thus not finding a matching extent region is never an error. Found by python filesystem tests. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-10-24ext4: Only write journal entries for modified blocks in unlink_filenameStefan Brüns
Instead of creating a journal entry for each directory block, even if the block is unmodified, only log the modified block. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-10-24ext4: Fix handling of direntlen in unlink_filenameStefan Brüns
The direntlen checks were quite bogus, i.e. the loop termination used "len + offset == blocksize" (exact match only), and checked for a direntlen less than 0. The latter can never happen as the len is unsigned, this has been reported by Coverity, CID 153384. Use the same code as in search_dir for directory traversal. This code has the correct checks for direntlen >= sizeof(struct dirent), and offset < blocksize. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reported-by: Coverity (CID: 153383, 153384) Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-10-24ext4: cleanup unlink_filename functionStefan Brüns
Use the same variable names as in search_dir, to make purpose of variables more obvious. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Tom Rini <trini@konsulko.com>
2016-09-23treewide: replace #include <asm/errno.h> with <linux/errno.h>Masahiro Yamada
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have the same content. (both just wrap <asm-generic/errno.h>) Replace all include directives for <asm/errno.h> with <linux/errno.h>. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> [trini: Fixup include/clk.] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-23ext4: Revert rejection of 64bit enabled ext4 fsStefan Brüns
Enable mounting of ext4 fs with 64bit feature, as it is supported now. These had been disabled in 6f94ab6656ceffb3f2a972c8de4c554502b6f2b7. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Respect group descriptor size when adjusting free countsStefan Brüns
Also adjust high 16/32 bits when free inode/block counts are modified. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Use helper function to access group descriptor and its fieldsStefan Brüns
The descriptor size is variable, thus array indices are not generically applicable. The larger group descriptors also contain e.g. high parts of block numbers, which have to be read and written. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Use correct descriptor size when reading the block group descriptorStefan Brüns
The correct descriptor size must be used when calculating offsets, and also to read the correct amount of data. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Add helper functions for block group descriptor field accessStefan Brüns
The helper functions encapsulate access of the block group descriptors, independent of group descriptor size. The helpers also deal with the endianess of the fields, and with split fields like free_blocks/ free_blocks_high. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: determine group descriptor size for 64bit featureStefan Brüns
If EXT4_FEATURE_INCOMPAT_64BIT is set, the descriptor can be read from the superblocks, otherwise it defaults to 32. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Fix memory leak of journal buffer if block is updated multiple timesStefan Brüns
If the same block is updated multiple times in a row during a single file system operation, gd_index is decremented to use the same journal entry again. Avoid loosing the already allocated buffer. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: Correct block number handling, empty block vs. error codeStefan Brüns
read_allocated block may return block number 0, which is just an indicator a chunk of the file is not backed by a block, i.e. it is sparse. During file deletions, just continue with the next logical block, for other operations treat blocknumber <= 0 as an error. For writes, blocknumber 0 should never happen, as U-Boot always allocates blocks for the whole file. Reading already handles this correctly, i.e. the read buffer is 0-fillled. Not treating block 0 as sparse block leads to FS corruption, e.g. ./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ; ext4write host 0 0 /2.5GB.file 1 ' The 2.5GB.file from the fs test is actually a sparse file. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: remove duplicated block release code for extentsStefan Brüns
The data blocks are identical for files using traditional direct/indirect block allocation scheme and extent trees, thus this code part can be common. Only the code to deallocate the indirect blocks to record the used blocks has to be seperate, respectively the code to release extent tree index blocks. Actually the code to release the extent tree index blocks is still missing, but at least add a FIXME at the appropriate place. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2016-09-23ext4: initialize full inode for inodes bigger than 128 bytesStefan Brüns
Make sure the the extra_isize field (offset 128) is initialized to 0, to mark any extra data as invalid. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Use correct value for inode size even on revision 0 filesystemsStefan Brüns
fs->inodesz is already correctly (i.e. dependent on fs revision) initialized in ext4fs_mount. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Fix memory leak in case of failureStefan Brüns
temp_ptr should always be freed, even if the function is left via goto fail. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Avoid out-of-bounds access of block bitmapStefan Brüns
If the blocksize is 1024, count is initialized with 1. Incrementing count by 8 will never match (count == fs->blksz * 8), and ptr may be incremented beyond the buffer end if the bitmap is filled. Add the startblock offset after the loop. Remove the second loop, as only the first iteration will be done. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: After completely filled group, scan next group from the beginningStefan Brüns
The last free block of a block group may be in its middle. After it has been allocated, the next block group should be scanned from its beginning. The following command triggers the bad behaviour (on a blocksize 1024 fs): ./sandbox/u-boot -c 'i=0; host bind 0 ./disk.raw ; while test $i -lt 260 ; do echo $i; setexpr i $i + 1; ext4write host 0:2 0 /X${i} 0x1450; done ; ext4write host 0:2 0 /X240 0x2000 ; ' When 'X240' is extended from 5200 byte to 8192 byte, the new blocks should start from the first free block (8811), but it uses the blocks 8098-8103 and 16296-16297 -- 8103 + 1 + 8192 = 16296. This can be shown with debugfs, commands 'ffb' and 'stat X240'. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Do not clear zalloc'ed buffers a second timeStefan Brüns
zero_buffer is never written, thus clearing it is pointless. journal_buffer is completely initialized by ext4fs_devread (or in case of failure, not used). Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Only update number of of unused inodes if GDT_CSUM feature is setStefan Brüns
e2fsck warns about "Group descriptor 0 marked uninitialized without feature set." The bg_itable_unused field is only defined if FEATURE_RO_COMPAT_GDT_CSUM is set, and should be set (kept) zero otherwise. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Scan all directory blocks when looking up an entryStefan Brüns
Scanning only the direct blocks of the directory file may falsely report an existing file as nonexisting, and worse can also lead to creation of a duplicate entry on file creation. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Avoid corruption of directories with hash tree indexesStefan Brüns
While directories can be read using the old linear scan method, adding a new file would require updating the index tree (alternatively, the whole tree could be removed). Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Scan all directory blocks for space when inserting a new entryStefan Brüns
Previously, only the last directory block was scanned for available space. Instead, scan all blocks back to front, and if no sufficient space is found, eventually append a new block. Blocks are only appended if the directory does not use extents or the new block would require insertion of indirect blocks, as the old code does. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: Do not crash when trying to grow a directory using extentsStefan Brüns
The following command crashes u-boot: ./sandbox/u-boot -c 'i=0; host bind 0 ./sandbox/test/fs/3GB.ext4.img ; while test $i -lt 200 ; do echo $i; setexpr i $i + 1; ext4write host 0 0 /foobar${i} 0; done' Previously, the code updated the direct_block even for extents, and fortunately crashed before pushing garbage to the disk. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: propagate error if creation of directory entry failsStefan Brüns
In case the dir entry creation failed, ext4fs_write would later overwrite a random inode, as inodeno was never initialized. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: fix possible crash on directory traversal, ignore deleted entriesStefan Brüns
The following command triggers a segfault in search_dir: ./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ; ext4write host 0 0 /./foo 0x10' The following command triggers a segfault in check_filename: ./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ; ext4write host 0 0 /. 0x10' "." is the first entry in the directory, thus previous_dir is NULL. The whole previous_dir block in search_dir seems to be a bad copy from check_filename(...). As the changed data is not written to disk, the statement is mostly harmless, save the possible NULL-ptr reference. Typically a file is unlinked by extending the direntlen of the previous entry. If the entry is the first entry in the directory block, it is invalidated by setting inode=0. The inode==0 case is hard to trigger without crafted filesystems. It only hits if the first entry in a directory block is deleted and later a lookup for the entry (by name) is done. Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2016-09-23ext4: fix wrong usage of le32_to_cpu()Michael Walle
le32_to_cpu() must only convert the revision_level and not the boolean result. Signed-off-by: Michael Walle <michael@walle.cc>
2016-09-23ext4: fix endianess problems in ext4 write supportMichael Walle
All fields were accessed directly instead of using the proper byte swap functions. Thus, ext4 write support was only usable on little-endian architectures. Fix this. Signed-off-by: Michael Walle <michael@walle.cc>
2016-09-23ext4: use kernel names for byte swapsMichael Walle
Instead of __{be,le}{16,32}_to_cpu use {be,le}{16,32}_to_cpu. Signed-off-by: Michael Walle <michael@walle.cc>
2016-09-23ext4: change structure fields to __le/__be typesMichael Walle
Change all the types of ext2/4 fields to little endian types and all the JBD fields to big endian types. Now we can use sparse (make C=1) to check for statements where we need byteswaps. Signed-off-by: Michael Walle <michael@walle.cc>
2016-08-05ext4: Refuse to mount filesystems with 64bit feature setTom Rini
With e2fsprogs after 1.43 the 64bit and metadata_csum features are enabled by default. The metadata_csum feature changes how ext4_group_desc->bg_checksum is calculated, which would break write support. The 64bit feature however introduces changes such that it cannot be read by implementations that do not support it. Since we do not support this, we must not mount it. Cc: Stephen Warren <swarren@nvidia.com> Cc: Simon Glass <sjg@chromium.org> Cc: Lukasz Majewski <l.majewski@samsung.com> Cc: Stefan Roese <sr@denx.de> Reported-by: Andrew Bradford <andrew.bradford@kodakalaris.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2016-05-02fs: ext4: fix symlink read functionRonald Zachariah
The function ext4fs_read_symlink was unable to handle a symlink which had target name of exactly 60 characters. Signed-off-by: Ronald Zachariah <rozachar@cisco.com> Signed-off-by: Stefan Roese <sr@denx.de> Reviewed-by: Stephen Warren <swarren@nvidia.com> Cc: Tom Rini <trini@konsulko.com>
2016-03-14dm: block: Adjust device calls to go through helpers functionSimon Glass
To ease conversion to driver model, add helper functions which deal with calling each block device method. With driver model we can reimplement these functions with the same arguments. Use inline functions to avoid increasing code size on some boards. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Stephen Warren <swarren@nvidia.com>
2016-03-14dm: Drop the block_dev_desc_t typedefSimon Glass
Use 'struct' instead of a typdef. Also since 'struct block_dev_desc' is long and causes 80-column violations, rename it to struct blk_desc. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Stephen Warren <swarren@nvidia.com>
2016-01-13ext4_common.c: Clean up failure cases in alloc_triple_indirect_blockTom Rini
As noted by Coverity, when we have an error in alloc_triple_indirect_block we will leak ti_pbuff_start_addr as it's not being freed. Further inspection here shows that we could also leak ti_cbuff_start_addr in one corner case so free that as well. Reported-by: Coverity (CID 131205, 131206) Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-13block: pass block dev not num to read/write/erase()Stephen Warren
This will allow the implementation to make use of data in the block_dev structure beyond the base device number. This will be useful so that eMMC block devices can encompass the HW partition ID rather than treating this out-of-band. Equally, the existence of the priv field is crying out for this patch to exist. Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2015-11-23fs: ext4: Prevent infinite loop in ext4fs_iterate_dirThomas Fitzsimmons
If the ext3 journal gets out of sync with what is written on disk, for example because of an unexpected power cut, ext4fs_read_file can return an all-zero directory entry. In that case, ext4fs_iterate_dir would infinite loop. This patch detects when a directory entry's direntlen member is 0 and returns a failure status, which breaks out of the infinite loop. As a result, U-Boot will not find files that may subsequently be recovered when the journal is replayed. This is better behaviour than hanging in an infinite loop, but as a further improvement maybe U-Boot could interpret the ext3 journal and actually find the unsynced entries. Signed-off-by: Thomas Fitzsimmons <fitzsim@cisco.com> Reviewed-by: Stefan Roese <sr@denx.de>
2015-09-11fs: ext4: fix symlink read functionGary Bisson
Since last API changes for files >2GB, the read of symlink is broken as ext4fs_read_file now returns 0 instead of the length of the actual read. Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
2015-09-11ext4: fix leak in check_filename()Stephen Warren
root_first_block_buffer should be free()d in all cases, not just when an error occurs. Fix the success exit path of the function to do this. Signed-off-by: Stephen Warren <swarren@nvidia.com> Acked-by: Lukasz Majewski <l.majewski@samsung.com> Tested-by: Lukasz Majewski <l.majewski@samsung.com>
2015-09-11ext4: free allocations by parse_path()Stephen Warren
parse_path() malloc()s the entries in the array it's passed. Those allocations must be free()d by the caller, ext4fs_get_parent_inode_num(). Add code to do this. For this to work, all the array entries must be dynamically allocated, rather than a mix of dynamic and static allocations. Fix parse_path() not to over-write arr[0] with a pointer to statically allocated data. Signed-off-by: Stephen Warren <swarren@nvidia.com> Acked-by: Lukasz Majewski <l.majewski@samsung.com> Tested-by: Lukasz Majewski <l.majewski@samsung.com>
2015-09-11ext4: avoid calling ext4fs_mount() twice, which leaksStephen Warren
ext4_write_file() is only called from the "fs" layer, which calls both ext4fs_mount() and ext4fs_close() before/after calling ext4_write_file(). Fix ext4_write_file() not to call ext4fs_mount() again, since the mount operation malloc()s some RAM which is leaked when a second mount call over-writes the pointer to that data, if no intervening close call is made. Signed-off-by: Stephen Warren <swarren@nvidia.com> Acked-by: Lukasz Majewski <l.majewski@samsung.com> Tested-by: Lukasz Majewski <l.majewski@samsung.com>