mirror of
				https://source.denx.de/u-boot/u-boot.git
				synced 2025-10-25 14:31:21 +02:00 
			
		
		
		
	Found a crash while issuing ext4ls with a non-existent directory. Crash test: => ext4ls mmc 0 1 ** Can not find directory. ** data abort pc : [<3fd7c2ec>] lr : [<3fd93ed8>] reloc pc : [<26f142ec>] lr : [<26f2bed8>] sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370 r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68 r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002 Flags: nZCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig) Looks like crash is introduced by commit: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Issue is that dirnode is not initialized, and then freed if the call to ext4_ls fails. ext4_ls will not change the value of dirnode in this case thus we have a crash with data abort. I added initialization and a check for dirname being NULL. Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Cc: Tom Rini <trini@konsulko.com> Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com> Reviewed-by: Tom Rini <trini@konsulko.com>
		
			
				
	
	
		
			255 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			255 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0+
 | |
| /*
 | |
|  * (C) Copyright 2011 - 2012 Samsung Electronics
 | |
|  * EXT4 filesystem implementation in Uboot by
 | |
|  * Uma Shankar <uma.shankar@samsung.com>
 | |
|  * Manjunatha C Achar <a.manjunatha@samsung.com>
 | |
|  *
 | |
|  * ext4ls and ext4load : Based on ext2 ls and load support in Uboot.
 | |
|  *		       Ext4 read optimization taken from Open-Moko
 | |
|  *		       Qi bootloader
 | |
|  *
 | |
|  * (C) Copyright 2004
 | |
|  * esd gmbh <www.esd-electronics.com>
 | |
|  * Reinhard Arlt <reinhard.arlt@esd-electronics.com>
 | |
|  *
 | |
|  * based on code from grub2 fs/ext2.c and fs/fshelp.c by
 | |
|  * GRUB  --  GRand Unified Bootloader
 | |
|  * Copyright (C) 2003, 2004  Free Software Foundation, Inc.
 | |
|  *
 | |
|  * ext4write : Based on generic ext4 protocol.
 | |
|  */
 | |
| 
 | |
| #include <common.h>
 | |
| #include <ext_common.h>
 | |
| #include <ext4fs.h>
 | |
| #include "ext4_common.h"
 | |
| #include <div64.h>
 | |
| 
 | |
| int ext4fs_symlinknest;
 | |
| struct ext_filesystem ext_fs;
 | |
| 
 | |
| struct ext_filesystem *get_fs(void)
 | |
| {
 | |
| 	return &ext_fs;
 | |
| }
 | |
| 
 | |
| void ext4fs_free_node(struct ext2fs_node *node, struct ext2fs_node *currroot)
 | |
| {
 | |
| 	if ((node != &ext4fs_root->diropen) && (node != currroot))
 | |
| 		free(node);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Taken from openmoko-kernel mailing list: By Andy green
 | |
|  * Optimized read file API : collects and defers contiguous sector
 | |
|  * reads into one potentially more efficient larger sequential read action
 | |
|  */
 | |
| int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 | |
| 		loff_t len, char *buf, loff_t *actread)
 | |
| {
 | |
| 	struct ext_filesystem *fs = get_fs();
 | |
| 	int i;
 | |
| 	lbaint_t blockcnt;
 | |
| 	int log2blksz = fs->dev_desc->log2blksz;
 | |
| 	int log2_fs_blocksize = LOG2_BLOCK_SIZE(node->data) - log2blksz;
 | |
| 	int blocksize = (1 << (log2_fs_blocksize + log2blksz));
 | |
| 	unsigned int filesize = le32_to_cpu(node->inode.size);
 | |
| 	lbaint_t previous_block_number = -1;
 | |
| 	lbaint_t delayed_start = 0;
 | |
| 	lbaint_t delayed_extent = 0;
 | |
| 	lbaint_t delayed_skipfirst = 0;
 | |
| 	lbaint_t delayed_next = 0;
 | |
| 	char *delayed_buf = NULL;
 | |
| 	short status;
 | |
| 
 | |
| 	if (blocksize <= 0)
 | |
| 		return -1;
 | |
| 
 | |
| 	/* Adjust len so it we can't read past the end of the file. */
 | |
| 	if (len + pos > filesize)
 | |
| 		len = (filesize - pos);
 | |
| 
 | |
| 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
 | |
| 
 | |
| 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
 | |
| 		long int blknr;
 | |
| 		int blockoff = pos - (blocksize * i);
 | |
| 		int blockend = blocksize;
 | |
| 		int skipfirst = 0;
 | |
| 		blknr = read_allocated_block(&(node->inode), i);
 | |
| 		if (blknr < 0)
 | |
| 			return -1;
 | |
| 
 | |
| 		blknr = blknr << log2_fs_blocksize;
 | |
| 
 | |
| 		/* Last block.  */
 | |
| 		if (i == blockcnt - 1) {
 | |
| 			blockend = (len + pos) - (blocksize * i);
 | |
| 
 | |
| 			/* The last portion is exactly blocksize. */
 | |
| 			if (!blockend)
 | |
| 				blockend = blocksize;
 | |
| 		}
 | |
| 
 | |
| 		/* First block. */
 | |
| 		if (i == lldiv(pos, blocksize)) {
 | |
| 			skipfirst = blockoff;
 | |
| 			blockend -= skipfirst;
 | |
| 		}
 | |
| 		if (blknr) {
 | |
| 			int status;
 | |
| 
 | |
| 			if (previous_block_number != -1) {
 | |
| 				if (delayed_next == blknr) {
 | |
| 					delayed_extent += blockend;
 | |
| 					delayed_next += blockend >> log2blksz;
 | |
| 				} else {	/* spill */
 | |
| 					status = ext4fs_devread(delayed_start,
 | |
| 							delayed_skipfirst,
 | |
| 							delayed_extent,
 | |
| 							delayed_buf);
 | |
| 					if (status == 0)
 | |
| 						return -1;
 | |
| 					previous_block_number = blknr;
 | |
| 					delayed_start = blknr;
 | |
| 					delayed_extent = blockend;
 | |
| 					delayed_skipfirst = skipfirst;
 | |
| 					delayed_buf = buf;
 | |
| 					delayed_next = blknr +
 | |
| 						(blockend >> log2blksz);
 | |
| 				}
 | |
| 			} else {
 | |
| 				previous_block_number = blknr;
 | |
| 				delayed_start = blknr;
 | |
| 				delayed_extent = blockend;
 | |
| 				delayed_skipfirst = skipfirst;
 | |
| 				delayed_buf = buf;
 | |
| 				delayed_next = blknr +
 | |
| 					(blockend >> log2blksz);
 | |
| 			}
 | |
| 		} else {
 | |
| 			int n;
 | |
| 			if (previous_block_number != -1) {
 | |
| 				/* spill */
 | |
| 				status = ext4fs_devread(delayed_start,
 | |
| 							delayed_skipfirst,
 | |
| 							delayed_extent,
 | |
| 							delayed_buf);
 | |
| 				if (status == 0)
 | |
| 					return -1;
 | |
| 				previous_block_number = -1;
 | |
| 			}
 | |
| 			/* Zero no more than `len' bytes. */
 | |
| 			n = blocksize - skipfirst;
 | |
| 			if (n > len)
 | |
| 				n = len;
 | |
| 			memset(buf, 0, n);
 | |
| 		}
 | |
| 		buf += blocksize - skipfirst;
 | |
| 	}
 | |
| 	if (previous_block_number != -1) {
 | |
| 		/* spill */
 | |
| 		status = ext4fs_devread(delayed_start,
 | |
| 					delayed_skipfirst, delayed_extent,
 | |
| 					delayed_buf);
 | |
| 		if (status == 0)
 | |
| 			return -1;
 | |
| 		previous_block_number = -1;
 | |
| 	}
 | |
| 
 | |
| 	*actread  = len;
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| int ext4fs_ls(const char *dirname)
 | |
| {
 | |
| 	struct ext2fs_node *dirnode = NULL;
 | |
| 	int status;
 | |
| 
 | |
| 	if (dirname == NULL)
 | |
| 		return 0;
 | |
| 
 | |
| 	status = ext4fs_find_file(dirname, &ext4fs_root->diropen, &dirnode,
 | |
| 				  FILETYPE_DIRECTORY);
 | |
| 	if (status != 1) {
 | |
| 		printf("** Can not find directory. **\n");
 | |
| 		if (dirnode)
 | |
| 			ext4fs_free_node(dirnode, &ext4fs_root->diropen);
 | |
| 		return 1;
 | |
| 	}
 | |
| 
 | |
| 	ext4fs_iterate_dir(dirnode, NULL, NULL, NULL);
 | |
| 	ext4fs_free_node(dirnode, &ext4fs_root->diropen);
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| int ext4fs_exists(const char *filename)
 | |
| {
 | |
| 	loff_t file_len;
 | |
| 	int ret;
 | |
| 
 | |
| 	ret = ext4fs_open(filename, &file_len);
 | |
| 	return ret == 0;
 | |
| }
 | |
| 
 | |
| int ext4fs_size(const char *filename, loff_t *size)
 | |
| {
 | |
| 	return ext4fs_open(filename, size);
 | |
| }
 | |
| 
 | |
| int ext4fs_read(char *buf, loff_t offset, loff_t len, loff_t *actread)
 | |
| {
 | |
| 	if (ext4fs_root == NULL || ext4fs_file == NULL)
 | |
| 		return -1;
 | |
| 
 | |
| 	return ext4fs_read_file(ext4fs_file, offset, len, buf, actread);
 | |
| }
 | |
| 
 | |
| int ext4fs_probe(struct blk_desc *fs_dev_desc,
 | |
| 		 disk_partition_t *fs_partition)
 | |
| {
 | |
| 	ext4fs_set_blk_dev(fs_dev_desc, fs_partition);
 | |
| 
 | |
| 	if (!ext4fs_mount(fs_partition->size)) {
 | |
| 		ext4fs_close();
 | |
| 		return -1;
 | |
| 	}
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| int ext4_read_file(const char *filename, void *buf, loff_t offset, loff_t len,
 | |
| 		   loff_t *len_read)
 | |
| {
 | |
| 	loff_t file_len;
 | |
| 	int ret;
 | |
| 
 | |
| 	ret = ext4fs_open(filename, &file_len);
 | |
| 	if (ret < 0) {
 | |
| 		printf("** File not found %s **\n", filename);
 | |
| 		return -1;
 | |
| 	}
 | |
| 
 | |
| 	if (len == 0)
 | |
| 		len = file_len;
 | |
| 
 | |
| 	return ext4fs_read(buf, offset, len, len_read);
 | |
| }
 | |
| 
 | |
| int ext4fs_uuid(char *uuid_str)
 | |
| {
 | |
| 	if (ext4fs_root == NULL)
 | |
| 		return -1;
 | |
| 
 | |
| #ifdef CONFIG_LIB_UUID
 | |
| 	uuid_bin_to_str((unsigned char *)ext4fs_root->sblock.unique_id,
 | |
| 			uuid_str, UUID_STR_FORMAT_STD);
 | |
| 
 | |
| 	return 0;
 | |
| #else
 | |
| 	return -ENOSYS;
 | |
| #endif
 | |
| }
 |