[PATCH] ubifs: Fix lockup/crash when reading files

Tom Rini trini at konsulko.com
Fri Jun 3 21:48:37 CEST 2022


On Tue, May 17, 2022 at 10:45:28PM +0200, Pali Rohár wrote:

> Commit b1a14f8a1c2e ("UBIFS: Change ubifsload to not read beyond the
> requested size") added optimization to do not read more bytes than it is
> really needed. But this commit introduced incorrect handling of the hole at
> the end of file. This logic cause U-Boot to crash or lockup when trying to
> read from the ubifs filesystem.
> 
> When read_block() call returns -ENOENT error (not an error, but the hole)
> then dn-> structure is not filled and contain garbage. So using of dn->size
> for memcpy() argument cause that U-Boot tries to copy unspecified amount of
> bytes from possible unmapped memory. Which randomly cause lockup of P2020
> CPU.
> 
> Fix this issue by copying UBIFS_BLOCK_SIZE bytes from read buffer when
> dn->size is not available. UBIFS_BLOCK_SIZE is the size of the buffer
> itself and read_block() fills buffer by zeros when it returns -ENOENT.
> 
> This patch fixes ubifsload on P2020.
> 
> Fixes: b1a14f8a1c2e ("UBIFS: Change ubifsload to not read beyond the requested size")
> Signed-off-by: Pali Rohár <pali at kernel.org>
> Reviewed-by: Stefan Roese <sr at denx.de>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220603/d3f8ca94/attachment.sig>


More information about the U-Boot mailing list