Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 130859
b: refs/heads/master
c: 6f7ab6d
h: refs/heads/master
i:
  130857: fa1b99f
  130855: 638bb7b
v: v3
  • Loading branch information
Artem Bityutskiy authored and Artem Bityutskiy committed Jan 27, 2009
1 parent aa1fb79 commit 9a20f33
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 14 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 6ba87c9b920bea8c2703308d31eb7de925242c30
refs/heads/master: 6f7ab6d458bbfc2f55d295fa3e6b9e69cdb1d517
22 changes: 14 additions & 8 deletions trunk/fs/ubifs/io.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
* would have been wasted for padding to the nearest minimal I/O unit boundary.
* Instead, data first goes to the write-buffer and is flushed when the
* buffer is full or when it is not used for some time (by timer). This is
* similarto the mechanism is used by JFFS2.
* similar to the mechanism is used by JFFS2.
*
* Write-buffers are defined by 'struct ubifs_wbuf' objects and protected by
* mutexes defined inside these objects. Since sometimes upper-level code
Expand Down Expand Up @@ -75,19 +75,25 @@ void ubifs_ro_mode(struct ubifs_info *c, int err)
* @lnum: logical eraseblock number
* @offs: offset within the logical eraseblock
* @quiet: print no messages
* @chk_crc: indicates whether to always check the CRC
* @must_chk_crc: indicates whether to always check the CRC
*
* This function checks node magic number and CRC checksum. This function also
* validates node length to prevent UBIFS from becoming crazy when an attacker
* feeds it a file-system image with incorrect nodes. For example, too large
* node length in the common header could cause UBIFS to read memory outside of
* allocated buffer when checking the CRC checksum.
*
* This function returns zero in case of success %-EUCLEAN in case of bad CRC
* or magic.
* This function may skip data nodes CRC checking if @c->no_chk_data_crc is
* true, which is controlled by corresponding UBIFS mount option. However, if
* @must_chk_crc is true, then @c->no_chk_data_crc is ignored and CRC is
* checked. Similarly, if @c->always_chk_crc is true, @c->no_chk_data_crc is
* ignored and CRC is checked.
*
* This function returns zero in case of success and %-EUCLEAN in case of bad
* CRC or magic.
*/
int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum,
int offs, int quiet, int chk_crc)
int offs, int quiet, int must_chk_crc)
{
int err = -EINVAL, type, node_len;
uint32_t crc, node_crc, magic;
Expand Down Expand Up @@ -123,9 +129,9 @@ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum,
node_len > c->ranges[type].max_len)
goto out_len;

if (!chk_crc && type == UBIFS_DATA_NODE && !c->always_chk_crc)
if (c->no_chk_data_crc)
return 0;
if (!must_chk_crc && type == UBIFS_DATA_NODE && !c->always_chk_crc &&
c->no_chk_data_crc)
return 0;

crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8);
node_crc = le32_to_cpu(ch->crc);
Expand Down
12 changes: 8 additions & 4 deletions trunk/fs/ubifs/tnc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,6 +443,11 @@ static int tnc_read_node_nm(struct ubifs_info *c, struct ubifs_zbranch *zbr,
* This function performs that same function as ubifs_read_node except that
* it does not require that there is actually a node present and instead
* the return code indicates if a node was read.
*
* Note, this function does not check CRC of data nodes if @c->no_chk_data_crc
* is true (it is controlled by corresponding mount option). However, if
* @c->always_chk_crc is true, @c->no_chk_data_crc is ignored and CRC is always
* checked.
*/
static int try_read_node(const struct ubifs_info *c, void *buf, int type,
int len, int lnum, int offs)
Expand Down Expand Up @@ -470,9 +475,8 @@ static int try_read_node(const struct ubifs_info *c, void *buf, int type,
if (node_len != len)
return 0;

if (type == UBIFS_DATA_NODE && !c->always_chk_crc)
if (c->no_chk_data_crc)
return 0;
if (type == UBIFS_DATA_NODE && !c->always_chk_crc && c->no_chk_data_crc)
return 1;

crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8);
node_crc = le32_to_cpu(ch->crc);
Expand Down Expand Up @@ -1506,7 +1510,7 @@ int ubifs_tnc_locate(struct ubifs_info *c, const union ubifs_key *key,
*
* Note, if the bulk-read buffer length (@bu->buf_len) is known, this function
* makes sure bulk-read nodes fit the buffer. Otherwise, this function prepares
* maxumum possible amount of nodes for bulk-read.
* maximum possible amount of nodes for bulk-read.
*/
int ubifs_tnc_get_bu_keys(struct ubifs_info *c, struct bu_info *bu)
{
Expand Down
2 changes: 1 addition & 1 deletion trunk/fs/ubifs/ubifs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1428,7 +1428,7 @@ int ubifs_read_node_wbuf(struct ubifs_wbuf *wbuf, void *buf, int type, int len,
int ubifs_write_node(struct ubifs_info *c, void *node, int len, int lnum,
int offs, int dtype);
int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum,
int offs, int quiet, int chk_crc);
int offs, int quiet, int must_chk_crc);
void ubifs_prepare_node(struct ubifs_info *c, void *buf, int len, int pad);
void ubifs_prep_grp_node(struct ubifs_info *c, void *node, int len, int last);
int ubifs_io_init(struct ubifs_info *c);
Expand Down

0 comments on commit 9a20f33

Please sign in to comment.