fix a >2 year old stack overflow in the mtd rootfs split patch which only caused issues on the orion platform on 2.6.30. also merge the squashfs4 fix into the rootfs split patch

SVN-Revision: 16944
lede-17.01
Felix Fietkau 2009-07-21 15:05:13 +00:00
parent 5df0606265
commit dffad9690f
4 changed files with 27 additions and 57 deletions

View File

@ -37,7 +37,7 @@
/* /*
* MTD methods which simply translate the effective address and pass through * MTD methods which simply translate the effective address and pass through
@@ -489,6 +491,148 @@ out_register: @@ -489,6 +491,147 @@ out_register:
return slave; return slave;
} }
@ -46,32 +46,31 @@
+#define ROOTFS_REMOVED_NAME "<removed>" +#define ROOTFS_REMOVED_NAME "<removed>"
+static int split_squashfs(struct mtd_info *master, int offset, int *split_offset) +static int split_squashfs(struct mtd_info *master, int offset, int *split_offset)
+{ +{
+ char buf[512]; + struct squashfs_super_block sb;
+ struct squashfs_super_block *sb = (struct squashfs_super_block *) buf;
+ int len, ret; + int len, ret;
+ +
+ ret = master->read(master, offset, sizeof(*sb), &len, buf); + ret = master->read(master, offset, sizeof(sb), &len, (void *) &sb);
+ if (ret || (len != sizeof(*sb))) { + if (ret || (len != sizeof(sb))) {
+ printk(KERN_ALERT "split_squashfs: error occured while reading " + printk(KERN_ALERT "split_squashfs: error occured while reading "
+ "from \"%s\"\n", master->name); + "from \"%s\"\n", master->name);
+ return -EINVAL; + return -EINVAL;
+ } + }
+ +
+ if (*((u32 *) buf) != SQUASHFS_MAGIC) { + if (sb.s_magic != SQUASHFS_MAGIC) {
+ printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ if (sb->bytes_used <= 0) { + if (sb.bytes_used <= 0) {
+ printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ len = (u32) sb->bytes_used; + len = (u32) sb.bytes_used;
+ len += (offset & 0x000fffff); + len += (offset & 0x000fffff);
+ len += (master->erasesize - 1); + len += (master->erasesize - 1);
+ len &= ~(master->erasesize - 1); + len &= ~(master->erasesize - 1);
@ -186,7 +185,7 @@
/* /*
* This function, given a master MTD object and a partition table, creates * This function, given a master MTD object and a partition table, creates
* and registers slave MTD objects which are bound to the master according to * and registers slave MTD objects which are bound to the master according to
@@ -502,14 +646,29 @@ int add_mtd_partitions(struct mtd_info * @@ -502,14 +645,29 @@ int add_mtd_partitions(struct mtd_info *
{ {
struct mtd_part *slave; struct mtd_part *slave;
u_int32_t cur_offset = 0; u_int32_t cur_offset = 0;
@ -219,7 +218,7 @@
cur_offset = slave->offset + slave->mtd.size; cur_offset = slave->offset + slave->mtd.size;
} }
@@ -517,6 +676,32 @@ int add_mtd_partitions(struct mtd_info * @@ -517,6 +675,32 @@ int add_mtd_partitions(struct mtd_info *
} }
EXPORT_SYMBOL(add_mtd_partitions); EXPORT_SYMBOL(add_mtd_partitions);

View File

@ -37,7 +37,7 @@
/* /*
* MTD methods which simply translate the effective address and pass through * MTD methods which simply translate the effective address and pass through
@@ -489,6 +491,148 @@ out_register: @@ -489,6 +491,147 @@ out_register:
return slave; return slave;
} }
@ -46,32 +46,31 @@
+#define ROOTFS_REMOVED_NAME "<removed>" +#define ROOTFS_REMOVED_NAME "<removed>"
+static int split_squashfs(struct mtd_info *master, int offset, int *split_offset) +static int split_squashfs(struct mtd_info *master, int offset, int *split_offset)
+{ +{
+ char buf[512]; + struct squashfs_super_block sb;
+ struct squashfs_super_block *sb = (struct squashfs_super_block *) buf;
+ int len, ret; + int len, ret;
+ +
+ ret = master->read(master, offset, sizeof(*sb), &len, buf); + ret = master->read(master, offset, sizeof(sb), &len, (void *) &sb);
+ if (ret || (len != sizeof(*sb))) { + if (ret || (len != sizeof(sb))) {
+ printk(KERN_ALERT "split_squashfs: error occured while reading " + printk(KERN_ALERT "split_squashfs: error occured while reading "
+ "from \"%s\"\n", master->name); + "from \"%s\"\n", master->name);
+ return -EINVAL; + return -EINVAL;
+ } + }
+ +
+ if (*((u32 *) buf) != SQUASHFS_MAGIC) { + if (sb.s_magic != SQUASHFS_MAGIC) {
+ printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ if (sb->bytes_used <= 0) { + if (sb.bytes_used <= 0) {
+ printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ len = (u32) sb->bytes_used; + len = (u32) sb.bytes_used;
+ len += (offset & 0x000fffff); + len += (offset & 0x000fffff);
+ len += (master->erasesize - 1); + len += (master->erasesize - 1);
+ len &= ~(master->erasesize - 1); + len &= ~(master->erasesize - 1);
@ -186,7 +185,7 @@
/* /*
* This function, given a master MTD object and a partition table, creates * This function, given a master MTD object and a partition table, creates
* and registers slave MTD objects which are bound to the master according to * and registers slave MTD objects which are bound to the master according to
@@ -502,14 +646,29 @@ int add_mtd_partitions(struct mtd_info * @@ -502,14 +645,29 @@ int add_mtd_partitions(struct mtd_info *
{ {
struct mtd_part *slave; struct mtd_part *slave;
u_int32_t cur_offset = 0; u_int32_t cur_offset = 0;
@ -219,7 +218,7 @@
cur_offset = slave->offset + slave->mtd.size; cur_offset = slave->offset + slave->mtd.size;
} }
@@ -517,6 +676,32 @@ int add_mtd_partitions(struct mtd_info * @@ -517,6 +675,32 @@ int add_mtd_partitions(struct mtd_info *
} }
EXPORT_SYMBOL(add_mtd_partitions); EXPORT_SYMBOL(add_mtd_partitions);

View File

@ -37,7 +37,7 @@
/* /*
* MTD methods which simply translate the effective address and pass through * MTD methods which simply translate the effective address and pass through
@@ -512,6 +514,156 @@ out_register: @@ -512,6 +514,155 @@ out_register:
return slave; return slave;
} }
@ -54,32 +54,31 @@
+ +
+static int split_squashfs(struct mtd_info *master, int offset, int *split_offset) +static int split_squashfs(struct mtd_info *master, int offset, int *split_offset)
+{ +{
+ char buf[512]; + struct squashfs_super_block sb;
+ struct squashfs_super_block *sb = (struct squashfs_super_block *) buf;
+ int len, ret; + int len, ret;
+ +
+ ret = master->read(master, offset, sizeof(*sb), &len, buf); + ret = master->read(master, offset, sizeof(sb), &len, (void *) &sb);
+ if (ret || (len != sizeof(*sb))) { + if (ret || (len != sizeof(sb))) {
+ printk(KERN_ALERT "split_squashfs: error occured while reading " + printk(KERN_ALERT "split_squashfs: error occured while reading "
+ "from \"%s\"\n", master->name); + "from \"%s\"\n", master->name);
+ return -EINVAL; + return -EINVAL;
+ } + }
+ +
+ if (*((u32 *) buf) != SQUASHFS_MAGIC) { + if (SQUASHFS_MAGIC != le32_to_cpu(sb.s_magic) ) {
+ printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ if (sb->bytes_used <= 0) { + if (le64_to_cpu((sb.bytes_used)) <= 0) {
+ printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n", + printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n",
+ master->name); + master->name);
+ *split_offset = 0; + *split_offset = 0;
+ return 0; + return 0;
+ } + }
+ +
+ len = (u32) sb->bytes_used; + len = (u32) le64_to_cpu(sb.bytes_used);
+ len += (offset & 0x000fffff); + len += (offset & 0x000fffff);
+ len += (master->erasesize - 1); + len += (master->erasesize - 1);
+ len &= ~(master->erasesize - 1); + len &= ~(master->erasesize - 1);
@ -194,7 +193,7 @@
/* /*
* This function, given a master MTD object and a partition table, creates * This function, given a master MTD object and a partition table, creates
* and registers slave MTD objects which are bound to the master according to * and registers slave MTD objects which are bound to the master according to
@@ -527,14 +679,29 @@ int add_mtd_partitions(struct mtd_info * @@ -527,14 +678,29 @@ int add_mtd_partitions(struct mtd_info *
{ {
struct mtd_part *slave; struct mtd_part *slave;
uint64_t cur_offset = 0; uint64_t cur_offset = 0;
@ -227,7 +226,7 @@
cur_offset = slave->offset + slave->mtd.size; cur_offset = slave->offset + slave->mtd.size;
} }
@@ -542,6 +709,32 @@ int add_mtd_partitions(struct mtd_info * @@ -542,6 +708,32 @@ int add_mtd_partitions(struct mtd_info *
} }
EXPORT_SYMBOL(add_mtd_partitions); EXPORT_SYMBOL(add_mtd_partitions);

View File

@ -1,27 +0,0 @@
--- a/drivers/mtd/mtdpart.c
+++ b/drivers/mtd/mtdpart.c
@@ -538,21 +538,21 @@ static int split_squashfs(struct mtd_inf
return -EINVAL;
}
- if (*((u32 *) buf) != SQUASHFS_MAGIC) {
+ if (SQUASHFS_MAGIC != le32_to_cpu(sb->s_magic) ) {
printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n",
master->name);
*split_offset = 0;
return 0;
}
- if (sb->bytes_used <= 0) {
+ if (le64_to_cpu((sb->bytes_used)) <= 0) {
printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n",
master->name);
*split_offset = 0;
return 0;
}
- len = (u32) sb->bytes_used;
+ len = (u32) le64_to_cpu(sb->bytes_used);
len += (offset & 0x000fffff);
len += (master->erasesize - 1);
len &= ~(master->erasesize - 1);