UPSTREAM: ext4: recover from filesystem corruption when reading

Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:

- Stop rea

UPSTREAM: ext4: recover from filesystem corruption when reading

Some fixes when reading EXT files and directory entries were identified
after using e2fuzz to corrupt an EXT3 filesystem:

- Stop reading directory entries if the offset becomes badly aligned.

- Avoid overwriting memory by clamping the length used to zero the buffer
in ext4fs_read_file. Also sanity check blocksize.

Change-Id: Ic1dafbde2f375784ef1f30746bd5cfa847356b6a
Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
(cherry picked from commit ecdfb4195b20eb2dcde3c4083170016c13c69e8b)

show more ...

UPSTREAM: fs/ext4: Fix group descriptor checksum calculation

The current code doesn't compute the group descriptor checksum correctly
for the filesystems that e2fsprogs 1.43.4 creates (they have
'Gr

UPSTREAM: fs/ext4: Fix group descriptor checksum calculation

The current code doesn't compute the group descriptor checksum correctly
for the filesystems that e2fsprogs 1.43.4 creates (they have
'Group descriptor size: 64' as reported by tune2fs). Extend the checksum
calculation to be done as ext4_group_desc_csum() does in Linux.

This fixes these errors in dmesg from running fs-test.sh and makes it
succeed again:

[1671902.620699] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (35782!=10965)
[1671902.620706] EXT4-fs (loop1): group descriptors corrupted!

Change-Id: I362747a60cc16886c1a215867471b0a83fcf5e47
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
(cherry picked from commit 385b73185596cfc9e2acb74ab66abe91c06177f3)

show more ...

fs/ext4: Initialize group descriptor size for revision level 0 filesystems

genext2fs creates revision level 0 filesystems, which are not readable
by u-boot due to the initialized group descriptor si

fs/ext4: Initialize group descriptor size for revision level 0 filesystems

genext2fs creates revision level 0 filesystems, which are not readable
by u-boot due to the initialized group descriptor size field.
f798b1dda1c5de818b806189e523d1b75db7e72d

Reported-by: Kever Yang <kever.yang@rock-chips.com>
Reported-by: FrostyBytes@protonmail.com
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Tested-by: Kever Yang <kever.yang@rock-chips.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

ext4: Fix handling of sparse files

A sparse file may have regions not mapped by any extents, at the start
or at the end of the file, or anywhere between, thus not finding a
matching extent region is

ext4: Fix handling of sparse files

A sparse file may have regions not mapped by any extents, at the start
or at the end of the file, or anywhere between, thus not finding a
matching extent region is never an error.

Found by python filesystem tests.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Only write journal entries for modified blocks in unlink_filename

Instead of creating a journal entry for each directory block, even
if the block is unmodified, only log the modified block.

S

ext4: Only write journal entries for modified blocks in unlink_filename

Instead of creating a journal entry for each directory block, even
if the block is unmodified, only log the modified block.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Fix handling of direntlen in unlink_filename

The direntlen checks were quite bogus, i.e. the loop termination used
"len + offset == blocksize" (exact match only), and checked for a
direntlen l

ext4: Fix handling of direntlen in unlink_filename

The direntlen checks were quite bogus, i.e. the loop termination used
"len + offset == blocksize" (exact match only), and checked for a
direntlen less than 0. The latter can never happen as the len is
unsigned, this has been reported by Coverity, CID 153384.

Use the same code as in search_dir for directory traversal. This code
has the correct checks for direntlen >= sizeof(struct dirent), and
offset < blocksize.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reported-by: Coverity (CID: 153383, 153384)
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: cleanup unlink_filename function

Use the same variable names as in search_dir, to make purpose of variables
more obvious.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-b

ext4: cleanup unlink_filename function

Use the same variable names as in search_dir, to make purpose of variables
more obvious.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Tom Rini <trini@konsulko.com>

show more ...

ext4: Revert rejection of 64bit enabled ext4 fs

Enable mounting of ext4 fs with 64bit feature, as it is supported now.
These had been disabled in 6f94ab6656ceffb3f2a972c8de4c554502b6f2b7.

Signed-of

ext4: Revert rejection of 64bit enabled ext4 fs

Enable mounting of ext4 fs with 64bit feature, as it is supported now.
These had been disabled in 6f94ab6656ceffb3f2a972c8de4c554502b6f2b7.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Respect group descriptor size when adjusting free counts

Also adjust high 16/32 bits when free inode/block counts are modified.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

ext4: Use helper function to access group descriptor and its fields

The descriptor size is variable, thus array indices are not generically
applicable. The larger group descriptors also contain e.g.

ext4: Use helper function to access group descriptor and its fields

The descriptor size is variable, thus array indices are not generically
applicable. The larger group descriptors also contain e.g. high parts
of block numbers, which have to be read and written.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Use correct descriptor size when reading the block group descriptor

The correct descriptor size must be used when calculating offsets, and
also to read the correct amount of data.

Signed-off-

ext4: Use correct descriptor size when reading the block group descriptor

The correct descriptor size must be used when calculating offsets, and
also to read the correct amount of data.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Add helper functions for block group descriptor field access

The helper functions encapsulate access of the block group descriptors,
independent of group descriptor size. The helpers also deal

ext4: Add helper functions for block group descriptor field access

The helper functions encapsulate access of the block group descriptors,
independent of group descriptor size. The helpers also deal with the
endianess of the fields, and with split fields like free_blocks/
free_blocks_high.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: determine group descriptor size for 64bit feature

If EXT4_FEATURE_INCOMPAT_64BIT is set, the descriptor can be read from
the superblocks, otherwise it defaults to 32.

Signed-off-by: Stefan Br

ext4: determine group descriptor size for 64bit feature

If EXT4_FEATURE_INCOMPAT_64BIT is set, the descriptor can be read from
the superblocks, otherwise it defaults to 32.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Correct block number handling, empty block vs. error code

read_allocated block may return block number 0, which is just an indicator
a chunk of the file is not backed by a block, i.e. it is sp

ext4: Correct block number handling, empty block vs. error code

read_allocated block may return block number 0, which is just an indicator
a chunk of the file is not backed by a block, i.e. it is sparse.

During file deletions, just continue with the next logical block, for other
operations treat blocknumber <= 0 as an error.

For writes, blocknumber 0 should never happen, as U-Boot always allocates
blocks for the whole file. Reading already handles this correctly, i.e. the
read buffer is 0-fillled.

Not treating block 0 as sparse block leads to FS corruption, e.g.
./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ;
ext4write host 0 0 /2.5GB.file 1 '
The 2.5GB.file from the fs test is actually a sparse file.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

show more ...

ext4: Avoid out-of-bounds access of block bitmap

If the blocksize is 1024, count is initialized with 1. Incrementing count
by 8 will never match (count == fs->blksz * 8), and ptr may be
incremented

ext4: Avoid out-of-bounds access of block bitmap

If the blocksize is 1024, count is initialized with 1. Incrementing count
by 8 will never match (count == fs->blksz * 8), and ptr may be
incremented beyond the buffer end if the bitmap is filled. Add the
startblock offset after the loop.

Remove the second loop, as only the first iteration will be done.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: After completely filled group, scan next group from the beginning

The last free block of a block group may be in its middle. After it has
been allocated, the next block group should be scanned

ext4: After completely filled group, scan next group from the beginning

The last free block of a block group may be in its middle. After it has
been allocated, the next block group should be scanned from its beginning.

The following command triggers the bad behaviour (on a blocksize 1024 fs):

./sandbox/u-boot -c 'i=0; host bind 0 ./disk.raw ;
while test $i -lt 260 ; do echo $i; setexpr i $i + 1;
ext4write host 0:2 0 /X${i} 0x1450; done ;
ext4write host 0:2 0 /X240 0x2000 ; '

When 'X240' is extended from 5200 byte to 8192 byte, the new blocks should
start from the first free block (8811), but it uses the blocks 8098-8103
and 16296-16297 -- 8103 + 1 + 8192 = 16296. This can be shown with
debugfs, commands 'ffb' and 'stat X240'.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Do not clear zalloc'ed buffers a second time

zero_buffer is never written, thus clearing it is pointless.
journal_buffer is completely initialized by ext4fs_devread (or in case
of failure, not

ext4: Do not clear zalloc'ed buffers a second time

zero_buffer is never written, thus clearing it is pointless.
journal_buffer is completely initialized by ext4fs_devread (or in case
of failure, not used).

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Only update number of of unused inodes if GDT_CSUM feature is set

e2fsck warns about "Group descriptor 0 marked uninitialized without
feature set."
The bg_itable_unused field is only defined i

ext4: Only update number of of unused inodes if GDT_CSUM feature is set

e2fsck warns about "Group descriptor 0 marked uninitialized without
feature set."
The bg_itable_unused field is only defined if FEATURE_RO_COMPAT_GDT_CSUM
is set, and should be set (kept) zero otherwise.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Scan all directory blocks when looking up an entry

Scanning only the direct blocks of the directory file may falsely report
an existing file as nonexisting, and worse can also lead to creation

ext4: Scan all directory blocks when looking up an entry

Scanning only the direct blocks of the directory file may falsely report
an existing file as nonexisting, and worse can also lead to creation
of a duplicate entry on file creation.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Scan all directory blocks for space when inserting a new entry

Previously, only the last directory block was scanned for available space.
Instead, scan all blocks back to front, and if no suff

ext4: Scan all directory blocks for space when inserting a new entry

Previously, only the last directory block was scanned for available space.
Instead, scan all blocks back to front, and if no sufficient space is
found, eventually append a new block.
Blocks are only appended if the directory does not use extents or the new
block would require insertion of indirect blocks, as the old code does.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: Do not crash when trying to grow a directory using extents

The following command crashes u-boot:
./sandbox/u-boot -c 'i=0; host bind 0 ./sandbox/test/fs/3GB.ext4.img ;
while test $i -lt 200

ext4: Do not crash when trying to grow a directory using extents

The following command crashes u-boot:
./sandbox/u-boot -c 'i=0; host bind 0 ./sandbox/test/fs/3GB.ext4.img ;
while test $i -lt 200 ; do echo $i; setexpr i $i + 1;
ext4write host 0 0 /foobar${i} 0; done'

Previously, the code updated the direct_block even for extents, and
fortunately crashed before pushing garbage to the disk.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: propagate error if creation of directory entry fails

In case the dir entry creation failed, ext4fs_write would later overwrite
a random inode, as inodeno was never initialized.

Signed-off-by:

ext4: propagate error if creation of directory entry fails

In case the dir entry creation failed, ext4fs_write would later overwrite
a random inode, as inodeno was never initialized.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: fix possible crash on directory traversal, ignore deleted entries

The following command triggers a segfault in search_dir:
./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ;

ext4: fix possible crash on directory traversal, ignore deleted entries

The following command triggers a segfault in search_dir:
./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ;
ext4write host 0 0 /./foo 0x10'

The following command triggers a segfault in check_filename:
./sandbox/u-boot -c 'host bind 0 ./sandbox/test/fs/3GB.ext4.img ;
ext4write host 0 0 /. 0x10'

"." is the first entry in the directory, thus previous_dir is NULL. The
whole previous_dir block in search_dir seems to be a bad copy from
check_filename(...). As the changed data is not written to disk, the
statement is mostly harmless, save the possible NULL-ptr reference.

Typically a file is unlinked by extending the direntlen of the previous
entry. If the entry is the first entry in the directory block, it is
invalidated by setting inode=0.

The inode==0 case is hard to trigger without crafted filesystems. It only
hits if the first entry in a directory block is deleted and later a lookup
for the entry (by name) is done.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>

show more ...

ext4: fix wrong usage of le32_to_cpu()

le32_to_cpu() must only convert the revision_level and not the boolean
result.

Signed-off-by: Michael Walle <michael@walle.cc>