summaryrefslogtreecommitdiff
path: root/fs/ext4
AgeCommit message (Collapse)Author
2025-07-11Merge patch series "fs: ext4fs: Fix some issues found by Smatch"Tom Rini
Andrew Goodbody <andrew.goodbody@linaro.org> says: Smatch reported some issues in the ext4fs code. This includes a suggestion to use an unwind goto, to not negate a return value and to ensure that a NULL check happens before the pointer is dereferenced. Link: https://lore.kernel.org/r/20250704-ext4fs_fix-v1-0-5c6acf4bf839@linaro.org
2025-07-11fs: ext4fs: Perform NULL check before dereferenceAndrew Goodbody
In the function put_ext4 there is a NULL check for fs->dev_desc but this has already been derefenced twice before this happens. Refactor the code a bit to put the NULL check first. This issue found by Smatch. Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
2025-07-11fs: ext4fs: Use unwind goto to free memory on errorAndrew Goodbody
Ensure that allocated memory is freed on error exit replace the direct return calls with 'goto fail'. This issue found by Smatch. Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
2025-07-11fs: ext4fs: Do not negate error before returning itAndrew Goodbody
In ext4fs_readdir it calls ext4fs_read_file and checks the return value for non-zero to detect an error. This return value should be returned as is rather than being negated. This issue found by Smatch Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
2025-06-25fs: ext4fs: Fix: Data abort in ext4fs_log_gdt()Tony Dinh
Return ENOMEM in ext4fs_log_gdt when number of blocks per gdt is more than number of allocated journal entries. Signed-off-by: Tony Dinh <mibodhi@gmail.com>
2025-06-12ext4fs: Fix: Read outside partition error (take 2)Tony Dinh
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file(). Background: blknr (block number) used in ext4fs_read_file() could be increased to a very large value and causes a wrap around at 32 bit signed integer max, thus becomes negative. This results in an out-of-normal range for sector number (during the assignment delayed_start = blknr) where delayed_start sector is typed uint64 lbaint_t. This causes the "Read outside partition" error. Looks like we also have this overflown problem in ext4_write.c that needs to be addressed. This patch was tested on the Synology DS116 (Armada 385) board, and a 4TB Seagate HDD. Signed-off-by: Tony Dinh <mibodhi@gmail.com>
2025-06-09Merge tag 'v2025.07-rc4' into nextTom Rini
Prepare v2025.07-rc4
2025-05-27Revert "ext4fs: Fix: Read outside partition error"Tom Rini
The issue here is that the function read_allocated_block() will report problems via a negative return value. If we say the return value is stored in an lbaint_t that can no longer happen (and Coverity discovered this by reporting a no effect comparison and then dead code). The problem being fixed by allowing for storing a larger block number will have to be solved in some other manner. This reverts commit df2ed552f0b05591090369a7fe7ddc92439dea5c. Addresses-Coverity-ID: 131183 Signed-off-by: Tom Rini <trini@konsulko.com>
2025-05-26Merge tag 'v2025.07-rc3' into nextTom Rini
Prepare v2025.07-rc3
2025-05-23ext4fs: Fix: Read outside partition errorTony Dinh
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file(). Background: blknr (block number) used in ext4fs_read_file() could be increased to a very large value and causes a wrap around at 32 bit signed integer max, thus becomes negative. This results in an out-of-normal range for sector number (during the assignment delayed_start = blknr) where delayed_start sector is typed uint64 lbaint_t. This causes the "Read outside partition" error. This patch was tested on the Synology DS116 (Armada 385) board, and a 4TB Seagate HDD. Signed-off-by: Tony Dinh <mibodhi@gmail.com>
2025-05-23EXT4: add CRC16 dependencyMarius Dinu
CRC16 is used in ext4_common.c. Build fails without it. PS: This is my first patch sent to a mailing list. If there is anything wrong with it (email format, whitespace, etc.) please let me know. Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
2025-05-13ext4fs.c: Add missing includeTom Rini
This file references rtc functions and implicitly includes <rtc.h> today. Add this explicitly. Signed-off-by: Tom Rini <trini@konsulko.com>
2024-11-13fs: ext4: correct error handlingHeinrich Schuchardt
After calling strdup() check the returned pointer. Avoid a memory leak if the directory is not found. Reported-by: Michael Nazzareno Trimarchi <michael@amarulasolutions.com> Fixes: 22fdac381f98 ("fs: ext4: implement opendir, readdir, closedir") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-11-01fs: ext4: use fs_ls_genericHeinrich Schuchardt
Now that opendir, readir, closedir are implemented for ext4 we can use fs_ls_generic() for implementing the ls command. Adjust the unit tests: * fs_ls_generic() produces more spaces between file size and name. * The ext4 specific message "** Can not find directory. **\n" is not written anymore. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2024-11-01fs: ext4: implement opendir, readdir, closedirHeinrich Schuchardt
For accessing directories from the EFI sub-system a file system must implement opendir, readdir, closedir. Provide the missing implementation. With this patch the eficonfig command can be used to define load options for the ext4 file system. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2024-11-01fs: ext4: free directory node in ext4fs_exists()Heinrich Schuchardt
The directory retrieved in ext4fs_exists() should be freed to avoid a memory leak. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-11-01fs: ext4: simplify ext4fs_iterate_dir()Heinrich Schuchardt
Remove copying a pointer with a cast to the very same type. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2024-09-12include: export uuid.hCaleb Connolly
Move this header to include/u-boot/ so that it can be used by external tools. Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
2024-08-15ext4: Fix zalloc()Richard Weinberger
Currently, zalloc() calls uncondtionally memset(), if the allocation failes, memset() will write to a null pointer. Fix by using kzalloc(). Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2024-08-15ext4: Fix integer overflow in ext4fs_read_symlink()Richard Weinberger
While zalloc() takes a size_t type, adding 1 to the le32 variable will overflow. A carefully crafted ext4 filesystem can exhibit an inode size of 0xffffffff and as consequence zalloc() will do a zero allocation. Later in the function the inode size is again used for copying data. So an attacker can overwrite memory. Avoid the overflow by using the __builtin_add_overflow() helper. Signed-off-by: Richard Weinberger <richard@nod.at>
2024-08-15ext4: Improve feature checkingRichard Weinberger
Evaluate the filesystem incompat and ro_compat bit fields to judge whether the filesystem can be read or written. For the read side only a scary warning is shown so far. I'd love to abort mounting too, but I fear this will break some setups where the driver works by chance. Signed-off-by: Richard Weinberger <richard@nod.at>
2024-07-15fs: Remove duplicate newlinesMarek Vasut
Drop all duplicate newlines. No functional change. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
2024-05-20Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"Tom Rini
As part of bringing the master branch back in to next, we need to allow for all of these changes to exist here. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-19Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""Tom Rini
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"' I failed to notice that b4 noticed it was based on next and so took that as the base commit and merged that part of next to master. This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-06fs: Remove <common.h> and add needed includesTom Rini
Remove <common.h> from all "fs/" files and when needed add missing include files directly. Signed-off-by: Tom Rini <trini@konsulko.com>
2024-04-10fs: ext4: all file paths are absoluteHeinrich Schuchardt
U-Boot only knows absolute file paths. It is inconsistent to require that saving to an ext4 file system should use a leading '/' while reading does not. Remove the superfluous check. Reported-by: Patrice Chotard <patrice.chotard@foss.st.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Patrice Chotard <patrice.chotard@foss.st.com>
2024-04-10fs: ext4: make "File System is consistent\n" a debug messageHeinrich Schuchardt
When accessing an ext2 system the message "File System is consistent\n" is shown after each write. This is superfluous noise. Only write a debug message. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2024-04-10fs: ext4: Change the Settings of file permissionsJixiong Hu
When a file is created in the linux and corresponding file permission is set, if the file needs to be modified in uboot during the startup process, the modified file permission will be reset to 755. Therefore, when the ext4fs_write() function is called, if the file already exists, the file permission of the new file is equal to the file permission of the existing file.
2024-03-04ext4: detect directories in ext4fs_exists()Heinrich Schuchardt
While fat_exists() reports directories and files as existing ext4fs_exists() only recognizes files. This lead to errors when using systemd-boot with an ext4 file-system. Change ext4fs_exists() to find any type of inode: files, directories, symbolic links. Fixes: a1596438a689 ("ext4fs ls load support") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-11-16fs: ext4: Remove unused parameter from ext4_mountSean Anderson
The part_length parameter is not used. Remove it. Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17Revert "fs: ext4: check the minimal partition size to mount"Sean Anderson
This check breaks small partitions (under 1024 blocks) because part_length is in units of part.blksz and not bytes. Given the purpose of this function, we really want to make sure the partition is SUPERBLOCK_START + SUPERBLOCK_SIZE (2048) bytes so we can call ext4_read_superblock without error. The obvious solution is to convert callers from things like ext4fs_mount(part_info.size) to ext4fs_mount(part_info.size * part_info.blksz); However, I'm not really a fan of the bloat that would cause, especially since the error is now suppressed. I think the best course of action here is to just revert the patch. This reverts commit 9905cae65e03335aefcb1ebfab5b7ee62d89f64e. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2023-03-30fs: ext4: fix files seen as symlink during deletionCorentin GUILLEVIC
The deletion process handles special case for symlinks whose target are small enough that it fits in struct ext2_inode.b.symlink. So no block had been allocated. But the check of file type wrongly considered regular files as symlink. So, no block was freed. So, the EXT4 partition could be corrupted because of no free block available. Signed-off-by: Corentin GUILLEVIC <corentin.guillevic@smile.fr>
2023-03-22fs: ext4: check the minimal partition size to mountPatrick Delaunay
No need to mount a too small partition to handle a EXT4 file system. This patch add a test on partition size before to read the SUPERBLOCK_SIZE buffer and avoid error latter in fs_devread() function. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2022-12-08fs: ext4: Fix free(NULL)Mikhail Ilin
The 'depth_dirname', 'ptr', 'parent_inode' and 'first_inode' pointers may be null. Thus, it is necessary to check them before using free() to avoid free(NULL) cases. Fixes: 934b14f2bb30 ("ext4: free allocations by parse_path()") Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
2022-10-17fs: Quieten down the filesystems moreSimon Glass
When looking for a filesystem on a partition we should do so quietly. At present if the filesystem is very small (e.g. 512 bytes) we get a host of messages. Update these to only show when debugging. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-21fs: ext4: Use CRC-16 implementation from linux/crc16.hPali Rohár
Implementation in linux/crc16.h provides standard CRC-16 algorithm with polynomial x^16 + x^15 + x^2 + 1. Use it and remove duplicate ext4 CRC-16 specific code. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
2020-05-18common: Drop log.h from common headerSimon Glass
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop part.h from common headerSimon Glass
Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18part: Drop disk_partition_t typedefSimon Glass
We should not be using typedefs and these make it harder to use forward declarations (to reduce header file inclusions). Drop the typedef. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop net.h from common headerSimon Glass
Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop uuid.h from common headerSimon Glass
Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-01fs: ext4: avoid NULL check before free()Heinrich Schuchardt
free() checks if its argument is NULL. Don't duplicate this in the calling code. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-27fs: ext4: skip journal state if fs has metadata_csumArnaud Ferraris
As u-boot doesn't support the metadata_csum feature, writing to a filesystem with this feature enabled will fail, as expected. However, during the process, a journal state check is performed, which could result in: - a fs recovery if the fs wasn't umounted properly - the fs being marked dirty Both these cases result in a superblock change, leading to a mismatch between the superblock checksum and its contents. Therefore, Linux will consider the filesystem heavily corrupted and will require e2fsck to be run manually to boot. By bypassing the journal state check, this patch ensures the superblock won't be corrupted if the filesystem has metadata_csum feature enabled. Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
2020-03-27fs: ext4: Fix alignment of cache buffersJan Kiszka
We need to align the cache buffer to ARCH_DMA_MINALIGN in order to avoid access errors like CACHE: Misaligned operation at range [be0231e0, be0235e0] seen on the MCIMX7SABRE. Fixes: d5aee659f217 ("fs: ext4: cache extent data") Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Stephen Warren <swarren@nvidia.com> Tested-by: Peter Robinson <pbrobinson@gmail.com>
2020-02-05dm: core: Create a new header file for 'compat' featuresSimon Glass
At present dm/device.h includes the linux-compatible features. This requires including linux/compat.h which in turn includes a lot of headers. One of these is malloc.h which we thus end up including in every file in U-Boot. Apart from the inefficiency of this, it is problematic for sandbox which needs to use the system malloc() in some files. Move the compatibility features into a separate header file. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-07-18CVE-2019-13106: ext4: fix out-of-bounds memsetPaul Emge
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of the destination memory region. This patch adds a check to disallow this. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18ext4: gracefully fail on divide-by-0Paul Emge
This patch checks for 0 in several ext4 headers and gracefully fails instead of raising a divide-by-0 exception. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18CVE-2019-13104: ext4: check for underflow in ext4fs_read_filePaul Emge
in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18CVE-2019-13105: ext4: fix double-free in ext4_cache_readPaul Emge
ext_cache_read doesn't null cache->buf, after freeing, which results in a later function double-freeing it. This patch fixes ext_cache_read to call ext_cache_fini instead of free. Signed-off-by: Paul Emge <paulemge@forallsecure.com>
2019-07-18ext4: add support for filesystems without JOURNALMarek Szyprowski
JOURNAL is optional for EXT4 (and EXT3) filesystems, so add support for skipping it. This fixes corrupting EXT4 volumes without JOURNAL after using uboot's 'ext4write' command. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Lukasz Majewski <lukma@denx.de>