From f17828830df0d83c680f1703e491ac12703a3d19 Mon Sep 17 00:00:00 2001 From: Ma Haijun Date: Wed, 8 Jan 2014 06:49:43 +0800 Subject: fs/ext4: fix partition size get truncated in calculation It may cause file system corruption when do a write operation. This issue only affects boards that use 32 bit lbaint_t. Signed-off-by: Ma Haijun --- fs/ext4/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/ext4/dev.c b/fs/ext4/dev.c index 787e04133a..e0b513a4ef 100644 --- a/fs/ext4/dev.c +++ b/fs/ext4/dev.c @@ -41,7 +41,7 @@ void ext4fs_set_blk_dev(block_dev_desc_t *rbdd, disk_partition_t *info) get_fs()->dev_desc = rbdd; part_info = info; part_offset = info->start; - get_fs()->total_sect = (info->size * info->blksz) >> + get_fs()->total_sect = ((uint64_t)info->size * info->blksz) >> get_fs()->dev_desc->log2blksz; } -- cgit From 0550870b1c590be6beb09b57762ec43b5516f7d1 Mon Sep 17 00:00:00 2001 From: Ma Haijun Date: Wed, 8 Jan 2014 08:15:33 +0800 Subject: fs/ext4: fix calling put_ext4 with truncated offset Curently, we are using 32 bit multiplication to calculate the offset, so the result will always be 32 bit. This can silently cause file system corruption when performing a write operation on partition larger than 4 GiB. This patch address the issue by simply promoting the terms to 64 bit, and let compilers decide how to do the multiplication efficiently. Signed-off-by: Ma Haijun --- fs/ext4/ext4_common.c | 34 +++++++++++++++++----------------- fs/ext4/ext4_journal.c | 8 ++++---- fs/ext4/ext4_write.c | 14 +++++++------- 3 files changed, 28 insertions(+), 28 deletions(-) (limited to 'fs') diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c index 352943ec51..cff50d8c17 100644 --- a/fs/ext4/ext4_common.c +++ b/fs/ext4/ext4_common.c @@ -445,9 +445,9 @@ restart: goto fail; } put_ext4(((uint64_t) - (g_parent_inode->b. + ((uint64_t)g_parent_inode->b. blocks.dir_blocks[direct_blk_idx] * - fs->blksz)), zero_buffer, fs->blksz); + (uint64_t)fs->blksz)), zero_buffer, fs->blksz); g_parent_inode->size = g_parent_inode->size + fs->blksz; g_parent_inode->blockcnt = @@ -864,8 +864,8 @@ long int ext4fs_get_new_blk_no(void) for (i = 0; i < fs->no_blkgrp; i++) { if (bgd[i].free_blocks) { if (bgd[i].bg_flags & EXT4_BG_BLOCK_UNINIT) { - put_ext4(((uint64_t) (bgd[i].block_id * - fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)bgd[i].block_id * + (uint64_t)fs->blksz)), zero_buffer, fs->blksz); bgd[i].bg_flags = bgd[i]. @@ -929,8 +929,8 @@ restart: if (bgd[bg_idx].bg_flags & EXT4_BG_BLOCK_UNINIT) { memset(zero_buffer, '\0', fs->blksz); - put_ext4(((uint64_t) (bgd[bg_idx].block_id * - fs->blksz)), zero_buffer, fs->blksz); + put_ext4(((uint64_t) ((uint64_t)bgd[bg_idx].block_id * + (uint64_t)fs->blksz)), zero_buffer, fs->blksz); memcpy(fs->blk_bmaps[bg_idx], zero_buffer, fs->blksz); bgd[bg_idx].bg_flags = bgd[bg_idx].bg_flags & ~EXT4_BG_BLOCK_UNINIT; @@ -996,8 +996,8 @@ int ext4fs_get_new_inode_no(void) bgd[i].free_inodes; if (bgd[i].bg_flags & EXT4_BG_INODE_UNINIT) { put_ext4(((uint64_t) - (bgd[i].inode_id * - fs->blksz)), + ((uint64_t)bgd[i].inode_id * + (uint64_t)fs->blksz)), zero_buffer, fs->blksz); bgd[i].bg_flags = bgd[i].bg_flags & ~EXT4_BG_INODE_UNINIT; @@ -1037,8 +1037,8 @@ restart: ibmap_idx = fs->curr_inode_no / inodes_per_grp; if (bgd[ibmap_idx].bg_flags & EXT4_BG_INODE_UNINIT) { memset(zero_buffer, '\0', fs->blksz); - put_ext4(((uint64_t) (bgd[ibmap_idx].inode_id * - fs->blksz)), zero_buffer, + put_ext4(((uint64_t) ((uint64_t)bgd[ibmap_idx].inode_id * + (uint64_t)fs->blksz)), zero_buffer, fs->blksz); bgd[ibmap_idx].bg_flags = bgd[ibmap_idx].bg_flags & ~EXT4_BG_INODE_UNINIT; @@ -1143,7 +1143,7 @@ static void alloc_single_indirect_block(struct ext2_inode *file_inode, } /* write the block to disk */ - put_ext4(((uint64_t) (si_blockno * fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)si_blockno * (uint64_t)fs->blksz)), si_start_addr, fs->blksz); file_inode->b.blocks.indir_block = si_blockno; } @@ -1242,7 +1242,7 @@ static void alloc_double_indirect_block(struct ext2_inode *file_inode, break; } /* write the block table */ - put_ext4(((uint64_t) (di_blockno_child * fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)di_blockno_child * (uint64_t)fs->blksz)), di_child_buff_start, fs->blksz); free(di_child_buff_start); di_child_buff_start = NULL; @@ -1250,7 +1250,7 @@ static void alloc_double_indirect_block(struct ext2_inode *file_inode, if (*total_remaining_blocks == 0) break; } - put_ext4(((uint64_t) (di_blockno_parent * fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)di_blockno_parent * (uint64_t)fs->blksz)), di_block_start_addr, fs->blksz); file_inode->b.blocks.double_indir_block = di_blockno_parent; } @@ -1348,8 +1348,8 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, break; } /* write the child block */ - put_ext4(((uint64_t) (ti_child_blockno * - fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)ti_child_blockno * + (uint64_t)fs->blksz)), ti_cbuff_start_addr, fs->blksz); free(ti_cbuff_start_addr); @@ -1357,7 +1357,7 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, break; } /* write the parent block */ - put_ext4(((uint64_t) (ti_parent_blockno * fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)ti_parent_blockno * (uint64_t)fs->blksz)), ti_pbuff_start_addr, fs->blksz); free(ti_pbuff_start_addr); @@ -1365,7 +1365,7 @@ static void alloc_triple_indirect_block(struct ext2_inode *file_inode, break; } /* write the grand parent block */ - put_ext4(((uint64_t) (ti_gp_blockno * fs->blksz)), + put_ext4(((uint64_t) ((uint64_t)ti_gp_blockno * (uint64_t)fs->blksz)), ti_gp_buff_start_addr, fs->blksz); file_inode->b.blocks.triple_indir_block = ti_gp_blockno; } diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c index d4a46ed8b6..3f613351a4 100644 --- a/fs/ext4/ext4_journal.c +++ b/fs/ext4/ext4_journal.c @@ -371,7 +371,7 @@ void recover_transaction(int prev_desc_logical_no) blknr = read_allocated_block(&inode_journal, i); ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, fs->blksz, metadata_buff); - put_ext4((uint64_t)(be32_to_cpu(tag->block) * fs->blksz), + put_ext4((uint64_t)((uint64_t)be32_to_cpu(tag->block) * (uint64_t)fs->blksz), metadata_buff, (uint32_t) fs->blksz); } while (!(flags & EXT3_JOURNAL_FLAG_LAST_TAG)); fail: @@ -531,7 +531,7 @@ end: blknr = read_allocated_block(&inode_journal, EXT2_JOURNAL_SUPERBLOCK); - put_ext4((uint64_t) (blknr * fs->blksz), + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), (struct journal_superblock_t *)temp_buff, (uint32_t) fs->blksz); ext4fs_free_revoke_blks(); @@ -590,7 +590,7 @@ static void update_descriptor_block(long int blknr) tag.flags = cpu_to_be32(EXT3_JOURNAL_FLAG_LAST_TAG); memcpy(temp - sizeof(struct ext3_journal_block_tag), &tag, sizeof(struct ext3_journal_block_tag)); - put_ext4((uint64_t) (blknr * fs->blksz), buf, (uint32_t) fs->blksz); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), buf, (uint32_t) fs->blksz); free(temp_buff); free(buf); @@ -625,7 +625,7 @@ static void update_commit_block(long int blknr) return; } memcpy(buf, &jdb, sizeof(struct journal_header_t)); - put_ext4((uint64_t) (blknr * fs->blksz), buf, (uint32_t) fs->blksz); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), buf, (uint32_t) fs->blksz); free(temp_buff); free(buf); diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c index 1e1924c806..b674b6faeb 100644 --- a/fs/ext4/ext4_write.c +++ b/fs/ext4/ext4_write.c @@ -40,18 +40,18 @@ static void ext4fs_update(void) /* update block groups */ for (i = 0; i < fs->no_blkgrp; i++) { fs->bgd[i].bg_checksum = ext4fs_checksum_update(i); - put_ext4((uint64_t)(fs->bgd[i].block_id * fs->blksz), + put_ext4((uint64_t)((uint64_t)fs->bgd[i].block_id * (uint64_t)fs->blksz), fs->blk_bmaps[i], fs->blksz); } /* update inode table groups */ for (i = 0; i < fs->no_blkgrp; i++) { - put_ext4((uint64_t) (fs->bgd[i].inode_id * fs->blksz), + put_ext4((uint64_t) ((uint64_t)fs->bgd[i].inode_id * (uint64_t)fs->blksz), fs->inode_bmaps[i], fs->blksz); } /* update the block group descriptor table */ - put_ext4((uint64_t)(fs->gdtable_blkno * fs->blksz), + put_ext4((uint64_t)((uint64_t)fs->gdtable_blkno * (uint64_t)fs->blksz), (struct ext2_block_group *)fs->gdtable, (fs->blksz * fs->no_blk_pergdt)); @@ -709,7 +709,7 @@ void ext4fs_deinit(void) temp_buff); jsb = (struct journal_superblock_t *)temp_buff; jsb->s_start = cpu_to_be32(0); - put_ext4((uint64_t) (blknr * fs->blksz), + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), (struct journal_superblock_t *)temp_buff, fs->blksz); free(temp_buff); } @@ -793,7 +793,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, delayed_next += blockend >> log2blksz; } else { /* spill */ put_ext4((uint64_t) - (delayed_start << log2blksz), + ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); previous_block_number = blknr; @@ -814,7 +814,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, } else { if (previous_block_number != -1) { /* spill */ - put_ext4((uint64_t) (delayed_start << + put_ext4((uint64_t) ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); @@ -826,7 +826,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, } if (previous_block_number != -1) { /* spill */ - put_ext4((uint64_t) (delayed_start << log2blksz), + put_ext4((uint64_t) ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); previous_block_number = -1; } -- cgit From 470173274d9ceb18a7140ef93e20be6c2236e7d9 Mon Sep 17 00:00:00 2001 From: Ionut Nicu Date: Mon, 13 Jan 2014 11:59:24 +0100 Subject: ext4fs: use EXT2_BLOCK_SIZE instead of fs->blksz Using fs->blksz in ext4fs_get_extent_block() is not correct since fs->blksz is not initialized on the read path. Use EXT2_BLOCK_SIZE() instead which will produce the desired output. Signed-off-by: Ionut Nicu Signed-off-by: Mathias Rulf --- fs/ext4/ext4_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs') diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c index cff50d8c17..c5e654235a 100644 --- a/fs/ext4/ext4_common.c +++ b/fs/ext4/ext4_common.c @@ -1414,7 +1414,7 @@ static struct ext4_extent_header *ext4fs_get_extent_block { struct ext4_extent_idx *index; unsigned long long block; - struct ext_filesystem *fs = get_fs(); + int blksz = EXT2_BLOCK_SIZE(data); int i; while (1) { @@ -1438,7 +1438,7 @@ static struct ext4_extent_header *ext4fs_get_extent_block block = le16_to_cpu(index[i].ei_leaf_hi); block = (block << 32) + le32_to_cpu(index[i].ei_leaf_lo); - if (ext4fs_devread((lbaint_t)block << log2_blksz, 0, fs->blksz, + if (ext4fs_devread((lbaint_t)block << log2_blksz, 0, blksz, buf)) ext_block = (struct ext4_extent_header *)buf; else -- cgit From b5bbac1a9b07016602559ff483df265fef6c1f83 Mon Sep 17 00:00:00 2001 From: Ionut Nicu Date: Mon, 13 Jan 2014 12:00:08 +0100 Subject: ext4fs: fix "invalid extent block" error For files where we actually have extent indexes following an extent header (ext_block->eh_depth != 0), the do/while loop from ext4fs_get_extent_block() does not select the proper extent index structure. For example, if we have: ext_block->eh_depth = 1 ext_block->eh_entries = 1 fileblock = 0 index[0].ei_block = 0 the do/while loop will exit with i set to 0 and the ext4fs_get_extent_block() function will return 0, even if there was a valid extent index structure following the header. Signed-off-by: Ionut Nicu Signed-off-by: Mathias Rulf --- fs/ext4/ext4_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c index c5e654235a..02da75c084 100644 --- a/fs/ext4/ext4_common.c +++ b/fs/ext4/ext4_common.c @@ -1430,7 +1430,7 @@ static struct ext4_extent_header *ext4fs_get_extent_block i++; if (i >= le16_to_cpu(ext_block->eh_entries)) break; - } while (fileblock > le32_to_cpu(index[i].ei_block)); + } while (fileblock >= le32_to_cpu(index[i].ei_block)); if (--i < 0) return 0; -- cgit From 55283635a0f696cc2316120de49672be7a418735 Mon Sep 17 00:00:00 2001 From: Charles Manning Date: Mon, 20 Jan 2014 15:51:59 +1300 Subject: yaffs2: Remove block number check from summary verification The summary already has other verification. This one is not needed. The check caused summaries to be ignored if they were not on the numbered block. This caused problems when a summary was embedded in an image and the image is written to a flash with bad blocks. Signed-off-by: Charles Manning --- fs/yaffs2/yaffs_summary.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs') diff --git a/fs/yaffs2/yaffs_summary.c b/fs/yaffs2/yaffs_summary.c index 46e42f6d7d..e9e1b5d857 100644 --- a/fs/yaffs2/yaffs_summary.c +++ b/fs/yaffs2/yaffs_summary.c @@ -232,7 +232,6 @@ int yaffs_summary_read(struct yaffs_dev *dev, if (result == YAFFS_OK) { /* Verify header */ if (hdr.version != YAFFS_SUMMARY_VERSION || - hdr.block != blk || hdr.seq != bi->seq_number || hdr.sum != yaffs_summary_sum(dev)) result = YAFFS_FAIL; -- cgit