| Age | Commit message (Collapse) | Author |
|---|
|
Smatch reported a possible buffer overflow in exfat_set_label but it
turns out that this code is unused so just guard the function with
'#ifndef __UBOOT__' as well as exfat_get_label that is also unused and
the helper static find_label.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
Andrew Goodbody <andrew.goodbody@linaro.org> says:
Smatch reported issues with variables being dereferenced before NULL
checks and also testing an unsigned variable for being negative.
Link: https://lore.kernel.org/r/20250707-exfat_fix-v1-0-e5783978cd11@linaro.org
|
|
In exfat_generic_pread and exfat_generic_pwrite offset is passed in as a
off_t type which is defined as 'unsigned long long' so there is no need
to create the variable uoffset as a uint64_t as this is just a direct
copy of offset. Also remove the impossible test of 'offset < 0' as this
is always false due to offset being unsigned.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
In the functions exfat_pread and exfat_pwrite there is a NULL check for
ctxt.cur_dev but this has already been derefenced twice before this
happens.
Refactor the code a bit to put the NULL check first.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
multi is guaranteed to be NULL in the first two error exit paths so the
attempt to free it is not needed. Remove those calls.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
The assignments to sect and off use the pointer from ctxt.cur_dev but
that has not been NULL checked before this is done. So instead move the
assignments after the NULL check.
This issue found by Smatch
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Gao Xiang <xiang@kernel.org>
|
|
Andrew Goodbody <andrew.goodbody@linaro.org> says:
Smatch reported some issues in the ext4fs code. This includes a
suggestion to use an unwind goto, to not negate a return value and to
ensure that a NULL check happens before the pointer is dereferenced.
Link: https://lore.kernel.org/r/20250704-ext4fs_fix-v1-0-5c6acf4bf839@linaro.org
|
|
In the function put_ext4 there is a NULL check for fs->dev_desc but this
has already been derefenced twice before this happens. Refactor the code
a bit to put the NULL check first.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
Ensure that allocated memory is freed on error exit replace the direct
return calls with 'goto fail'.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
In ext4fs_readdir it calls ext4fs_read_file and checks the return value
for non-zero to detect an error. This return value should be returned as
is rather than being negated.
This issue found by Smatch
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
|
|
Return ENOMEM in ext4fs_log_gdt when number of blocks per gdt is more than
number of allocated journal entries.
Signed-off-by: Tony Dinh <mibodhi@gmail.com>
|
|
There currently are multiple allocation API's in the LMB module. There
are a couple of API's for allocating memory(lmb_alloc() and
lmb_alloc_base()), and then there are two for requesting a reservation
for a particular memory region (lmb_reserve() and
lmb_alloc_addr()). Introduce a single API lmb_alloc_mem() which will
cater to all types of allocation requests and replace lmb_reserve()
and lmb_alloc_addr() with the new API.
Moreover, the lmb_reserve() API is pretty similar to the
lmb_alloc_addr() API, with the one difference being that the
lmb_reserve() API allows for reserving any address passed to it --
the address need not be part of the LMB memory map. The
lmb_alloc_addr() does check that the address being requested is
actually part of the LMB memory map.
There is no need to support reserving memory regions which are outside
the LMB memory map. Remove the lmb_reserve() API functionality and use
the functionality provided by lmb_alloc_addr() instead. The
lmb_alloc_addr() will check if the requested address is part of the
LMB memory map and return an error if not.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file().
Background:
blknr (block number) used in ext4fs_read_file() could be increased to a
very large value and causes a wrap around at 32 bit signed integer max,
thus becomes negative. This results in an out-of-normal range for sector
number (during the assignment delayed_start = blknr) where delayed_start
sector is typed uint64 lbaint_t. This causes the "Read outside partition"
error.
Looks like we also have this overflown problem in ext4_write.c that needs
to be addressed.
This patch was tested on the Synology DS116 (Armada 385) board, and a
4TB Seagate HDD.
Signed-off-by: Tony Dinh <mibodhi@gmail.com>
|
|
Prepare v2025.07-rc4
|
|
The issue here is that the function read_allocated_block() will report
problems via a negative return value. If we say the return value is
stored in an lbaint_t that can no longer happen (and Coverity discovered
this by reporting a no effect comparison and then dead code). The
problem being fixed by allowing for storing a larger block number will
have to be solved in some other manner.
This reverts commit df2ed552f0b05591090369a7fe7ddc92439dea5c.
Addresses-Coverity-ID: 131183
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Prepare v2025.07-rc3
|
|
Use lbaint_t for blknr to avoid overflow in ext4fs_read_file().
Background:
blknr (block number) used in ext4fs_read_file() could be increased to a
very large value and causes a wrap around at 32 bit signed integer max,
thus becomes negative. This results in an out-of-normal range for sector
number (during the assignment delayed_start = blknr) where delayed_start
sector is typed uint64 lbaint_t. This causes the "Read outside partition"
error.
This patch was tested on the Synology DS116 (Armada 385) board, and a
4TB Seagate HDD.
Signed-off-by: Tony Dinh <mibodhi@gmail.com>
|
|
Log the error if fs_devread() fails when trying to reading outside
partition. This will make bug reporting easier.
Signed-off-by: Tony Dinh <mibodhi@gmail.com>
|
|
CRC16 is used in ext4_common.c. Build fails without it.
PS:
This is my first patch sent to a mailing list.
If there is anything wrong with it (email format, whitespace, etc.)
please let me know.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
|
|
This file references rtc functions and implicitly includes <rtc.h>
today. Add this explicitly.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
This file references rtc functions and implicitly includes <rtc.h>
today. Add this explicitly.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Make sure unused exfat_humanize_bytes() and exfat_print_info()
functions are not compiled into U-Boot code base. This also removes
CID 550300: Integer handling issues (INTEGER_OVERFLOW)
in exfat_humanize_bytes() , which is now surely unreachable.
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
In case the filename is too long, longer than PATH_MAX - 1, it
would overflow dirs->dirname array. Add missing check and also
use strncpy() to prevent the overflow in any case.
Fixes CID 550305: Security best practices violations (STRING_OVERFLOW)
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
* Use calloc() to allocate token_list. This avoids an illegal free if
sqfs_tokenize() fails.
* Do not iterate over token_list if it has not been allocated.
Addresses-Coverity-ID: 510453: Null pointer dereferences (FORWARD_NULL)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
|
|
Implement exfat_fs_rename() to rename or move files. This is used
by the 'mv' generic FS interface command. The rename implementation
for other filesystems was added recently and was not part of exfat
porting layer due to merge issue, which made 'mv' command crash,
fix this by adding the missing implementation.
Fixes: b86a651b646c ("fs: exfat: Add U-Boot porting layer")
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
The exfat_fs_exists() should return 0 in case the path does not exist,
and 1 in case the path does exist. Fix the inverted return value. This
fixes 'test -e' command with exfat.
Fixes: b86a651b646c ("fs: exfat: Add U-Boot porting layer")
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
The exfat_fs_readdir() depends on state created in exfat_fs_opendir(),
but that state may be disrupted by fs_close() called by the FS layer
in fs_opendir(), because exfat porting layer unmounts the filesystem
in ->close() callback.
To avoid this disruption, avoid creating state in exfat_fs_opendir(),
cache only the directory name to list there, and rework exfat_fs_readdir()
to work in a similar way to exfat_fs_ls(). That is, make exfat_fs_readdir()
open the directory, look up specific entry, extract its properties to be
reported to FS layer, and close the directory. This is slow, but avoids
the disruption. The slowness does not affect regular 'ls' command, which
uses exfat_fs_ls() fast path.
Fixes: b86a651b646c ("fs: exfat: Add U-Boot porting layer")
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Write into a bogus file, like '/.', triggers an "impossible"
print from the exfat core code. That should not be printed
in U-Boot, because U-Boot prints its own error message sooner.
Inhibit this error message.
The following command triggers the bogus print:
"
=> save host 0:0 1000008 /. 0x10
"
Fixes: b86a651b646c ("fs: exfat: Add U-Boot porting layer")
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Make sure the node is never dirty before being released, flush
the node first using exfat_flush_node() and only then release
the node using exfat_put_node(). This now matches the behavior
of exfat_fs_write() too.
Fixes: b86a651b646c ("fs: exfat: Add U-Boot porting layer")
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Tom Rini <trini@konsulko.com> says:
This series switches to always using $(PHASE_) in Makefiles when
building rather than $(PHASE_) or $(XPL_). It also starts on documenting
this part of the build, but as a follow-up we need to rename
doc/develop/spl.rst and expand on explaining things a bit.
Link: https://lore.kernel.org/r/20250401225851.1125678-1-trini@konsulko.com
|
|
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Marek Vasut <marex@denx.de> says:
Import exfat-fuse libexfat, add U-Boot filesystem layer porting glue
code and wire exfat support into generic filesystem support code. This
adds exfat support to U-Boot.
Fill in generic filesystem interface for mkdir and rm commands.
Make filesystem tests test the generic interface as well as exfat,
to make sure this code does not fall apart.
Link: https://github.com/relan/exfat/commits/0b41c6d3560d ("CI: bump FreeBSD to 13.1.")
Link: https://lore.kernel.org/r/20250317031418.223019-1-marex@denx.de
|
|
Demote "exFAT file system is not found" message to debug(). This is
printed when U-Boot attempts to auto-detect the filesystem via generic
filesystem API by attempting to mount the device, and fails to do so
because there is another filesystem in place. The libexfat-fuse code
prints this an error, which interferes with 'test_gpt' test. Demote
the message to debug().
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Fix the following conversion overflow errors. The UTF8-to-UTF16
conversion is done through 32bit wchar_t, but U-Boot codebase is
built with -fshort-wchar which limits wchar_t to 16bit. Replace
the built-in wchar_t with u32 to assure the intermediate type is
32bit.
"
fs/exfat/utf.c: In function ‘utf8_to_wchar’:
fs/exfat/utf.c:165:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 18 & 1835008’ to ‘0’ [-Woverflow]
165 | *wc = ((wchar_t) input[0] & 0x07) << 18;
| ^
fs/exfat/utf.c:170:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 24 & 50331648’ to ‘0’ [-Woverflow]
170 | *wc = ((wchar_t) input[0] & 0x03) << 24;
| ^
fs/exfat/utf.c:175:23: warning: overflow in conversion from ‘int’ to ‘wchar_t’ {aka ‘short unsigned int’} changes value from ‘(int)(short unsigned int)*input << 30 & 1073741824’ to ‘0’ [-Woverflow]
175 | *wc = ((wchar_t) input[0] & 0x01) << 30;
| ^
"
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Add U-Boot adjustments to the libexfat code and integrate
the result into U-Boot filesystem layer. This provides full
read-write exfat support for U-Boot available via generic
filesystem interface.
FS_DIRENT_NAME_LEN is increased to 1024 in case exfat is
enabled, because EXFAT can use UTF16 names, which do not
fit into current FS_DIRENT_NAME_LEN. To avoid affecting
every configuration, increase FS_DIRENT_NAME_LEN only in
case EXFAT is enabled.
Example usage via sandbox, assuming disk.img with one exfat partition:
Drive info:
$ ./u-boot -Tc 'host bind 0 ../disk.img ; host info 0'
dev blocks blksz label path
0 262144 512 0 ../disk.img
List files:
$ ./u-boot -Tc 'host bind 0 ../disk.img ; ls host 0:1 /api'
475 Kconfig
230 Makefile
1873 README
...
10 file(s), 0 dir(s)
Load and checksum a file:
$ ./u-boot -Tc 'host bind 0 ../disk.img ; load host 0:1 $loadaddr .config ; \
crc32 $loadaddr $filesize'
56724 bytes read in 1 ms (54.1 MiB/s)
crc32 for 00000000 ... 0000dd93 ==> b2e847c9
$ crc32 .config
b2e847c9
Load .config file to RAM, store the file into FS as /newconfig,
load the /newconfig into RAM and checksum the file:
$ ./u-boot -Tc 'host bind 0 ../disk.img ; load host 0:1 $loadaddr .config ; \
save host 0:1 $loadaddr /newconfig $filesize ; \
load host 0:1 0x10000 /newconfig ; \
crc32 0x10000 $filesize'
56724 bytes read in 1 ms (54.1 MiB/s)
56724 bytes written in 0 ms
56724 bytes read in 0 ms
crc32 for 00010000 ... 0001dd93 ==> b2e847c9
Remove file 3.txt and create new directory /newdir:
$ ./u-boot -Tc 'host bind 0 ../disk.img ; ls host 0:1 / ; \
rm host 0:1 3.txt ; mkdir host 0:1 /newdir ; \
ls host 0:1 /'
...
0 1.txt
0 2.txt
0 3.txt
0 4.txt
0 5.txt
7 file(s), 4 dir(s)
...
0 1.txt
0 2.txt
newdir/
0 4.txt
0 5.txt
6 file(s), 5 dir(s)
Acked-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Import most of libexfat from [1] except for log.c verbatim. The code
does not even compile and further adjustments and integration into
U-Boot filesystem code is in the next patch.
[1] https://github.com/relan/exfat
0b41c6d3560d ("CI: bump FreeBSD to 13.1.")
Acked-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Add generic implementation of write into a block device to be used
by filesystem implementations. This is a pair function for already
existing fs_devread().
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Prepare v2025.04-rc5
|
|
Ben reports a failure to boot the kernel on hardware that starts its
physical memory from 0x0.
The reason is that lmb_alloc_addr(), which is supposed to reserve a
specific address, takes the address as the first argument, but then also
returns the address for success or failure and treats 0 as a failure.
Since we already know the address change the prototype to return an int.
Reported-by: Ben Schneider <ben@bens.haus>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ben Schneider <ben@bens.haus>
Reviewed-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
|
This uses Heinrich's merge of lib/efi_loader/efi_net.c which results in
no changes.
|
|
EFI_FILE_PROTOCOL.SetInfo()."
Gabriel Dalimonte <gabriel.dalimonte@gmail.com> says:
This series adds support for file renaming to EFI_FILE_PROTOCOL.SetInfo().
One of the use cases for renaming in EFI is to facilitate boot loader
boot counting.
No existing filesystems in U-Boot currently include file renaming,
resulting in support for renaming at the filesystem level and a
concrete implementation for the FAT filesystem.
Link: https://lore.kernel.org/r/20250217182648.31294-1-gabriel.dalimonte@gmail.com
|
|
POSIX filesystem functions that create or remove directory entries contain
text along the lines of "[function] shall mark for update the last data
modification and last file status change timestamps of the parent
directory of each file." [1][2][3] The common theme is these timestamp
updates occur when a directory entry is added or removed. The
create_link() and delete_dentry_link() functions have been changed to
update the modification timestamp on the directory where the direntry
change occurs. This differs slightly from Linux in the case of rename(),
where Linux will not update `new_path`'s parent directory's timestamp if
it is replacing an existing file. (via `vfat_add_entry` [4])
The timestamps are not updated if the build configuration does not support
RTCs. This is an effort to minimize introducing erratic timestamps where
they would go from [current date] -> 2000-01-01 (error timestamp in the
FAT driver). I would assume an unchanged timestamp would be more valuable
than a default timestamp in these cases.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/rename.html
[2] https://pubs.opengroup.org/onlinepubs/9799919799/functions/unlink.html
[3] https://pubs.opengroup.org/onlinepubs/9799919799/functions/open.html
[4] https://elixir.bootlin.com/linux/v6.12.6/source/fs/fat/namei_vfat.c#L682
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
|
|
The implementation roughly follows the POSIX specification for
rename() [1]. The ordering of operations attempting to minimize the chance
for data loss in unexpected circumstances.
The 'mv' command was implemented as a front end for the rename operation
as that is what most users are likely familiar with in terms of behavior.
The 'FAT_RENAME' Kconfig option was added to prevent code size increase on
size-oriented builds like SPL.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/rename.html
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
|
|
The selection for *rename as the name for the rename/move operation
derives from the POSIX specification where they name the function
rename/renameat. [1] This aligns with Linux where the syscalls for
renaming/moving also use the rename/renameat naming.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/rename.html
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The create_link() code was previously duplicated in two existing functions.
The two functions will be used in a future commit to achieve renaming.
Signed-off-by: Gabriel Dalimonte <gabriel.dalimonte@gmail.com>
|
|
In case MAX_SYMLINK_NEST is reached while determining the size
on a symlink node, the function returns immediately.
This would not free the resources after the free_strings: label
causing a memory leak.
Set the ret value and just break out of the switch to fix this.
Signed-off-by: Andrea della Porta <andrea.porta@suse.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
|
|
The length of buffers used to read inode tables, directory tables, and
reading a file are calculated as: number of blocks * block size, and
such plain multiplication is prone to overflowing (thus unsafe).
Replace it by __builtin_mul_overflow, i.e. safe math.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
|
|
See the original report [1], otherwise len + 1 will be overflowed.
Note that EROFS archive can record arbitary symlink sizes in principle,
so we don't assume a short number like 4096.
[1] https://lore.kernel.org/r/20250210164151.GN1233568@bill-the-cat
Fixes: 830613f8f5bb ("fs/erofs: add erofs filesystem support")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
|
|
Variable self assignment has been found by clang. But Linux kernel already
fixed this problem by commit 2a068daf5742 ("ubifs: Remove unnecessary
assignment") and commit ae4c8081eb77 ("ubifs: remove unnecessary
assignment").
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Alexander Dahl <ada@thorsis.com>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
|
|
Upstream development stopped 2012.
Linux eliminated YAFFS2 in 2010.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
