From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) by mx.groups.io with SMTP id smtpd.web10.11489.1675333302793373515 for ; Thu, 02 Feb 2023 02:21:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=REReGilI; spf=pass (domain: gmail.com, ip: 209.85.218.54, mailfrom: savvamtr@gmail.com) Received: by mail-ej1-f54.google.com with SMTP id lu11so4593922ejb.3 for ; Thu, 02 Feb 2023 02:21:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EEYCIQdLqA9ex0E2X4HeSVCJ+zUeGRV4s8F9n8u80Js=; b=REReGilIXAFYx3sr1YYcjMsshRPZJ7phph591SxSffwy9HWHoXIcKum4M3ygHZrio1 S5K466M1QenA4GUQlXppruX40pO8gDY0DVcur/SNFa+VavnxIHEYlbuVP6xZfm+wITaM XAk9EMAC86mz/yFDM9A6xvbkA5AhxvlWoBTehZc/sI7yxHYVXiRPlnjsHwrWWfDvl5eL osvjiQTgvSC0QdWbVEknbavrdYv9fSxUA/GfJokrnth6AeOwdq73fLlDSXI2h7MIqwod LAK7Z56pTNBHB2KuZENh2tQCF6+1yiqDKCNQkf6m9kC0rne283RqKcZKUP9aLR9Rxaxa /uqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EEYCIQdLqA9ex0E2X4HeSVCJ+zUeGRV4s8F9n8u80Js=; b=qBXtHBwJrkS2NcM8N97X38l0kU1Qu54wiseXBo2qTP5b4a3S7e3DSb3dl0bXux626f SssdK4QF7lwfD4pQLqpkXD4Kwqj4XyJpPr67+9K2gAakrIVWXN4JZLjoVBo9Zv6TRKhW 3honHRm+9cjqhWFGH3oN+0Kk+oef3n+L/a/CRuo69jpgCJsyV4mK+j/+O/BzEOhEtH4k iRmS4nZqbH2RZIcxe5pwC5kIDnAV4GCbWapTjivvkpUCbLEg1LmJ7J2O5dnjHLXCCv6j Ce5TJwq+kaer5O7cVoy7U7AA9gLRaWjxjii3RrwWU5P7tyI2v7B4fQDtbicHe8DKP5ds PFxA== X-Gm-Message-State: AO0yUKWZ4QfGh43Go2CUzp3qwotS+cCGguwayD4PzDD3CjYlup04+ZHf 8PuhpkVgJGEipKFugmd5vpLZiEairGplUw== X-Google-Smtp-Source: AK7set9Fjhy+2D2mNmqv7fqJCNLYEPfB7WoY06djLMbtdFEu42KFcFBxaWj6sKtj6gymj5/C7ZQUgA== X-Received: by 2002:a17:906:16c2:b0:888:33a:e359 with SMTP id t2-20020a17090616c200b00888033ae359mr5617887ejd.38.1675333301212; Thu, 02 Feb 2023 02:21:41 -0800 (PST) Return-Path: Received: from localhost.localdomain ([176.62.67.29]) by smtp.gmail.com with ESMTPSA id ci22-20020a170906c35600b0087bcda2b07bsm10013121ejb.202.2023.02.02.02.21.40 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 02 Feb 2023 02:21:40 -0800 (PST) From: "Savva Mitrofanov" To: devel@edk2.groups.io Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= , Pedro Falcato , Vitaly Cheptsov Subject: [edk2-platforms][PATCH v4 04/12] Ext4Pkg: Add inode number validity check Date: Thu, 2 Feb 2023 16:21:25 +0600 Message-Id: <20230202102133.51606-5-savvamtr@gmail.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230202102133.51606-1-savvamtr@gmail.com> References: <20230202102133.51606-1-savvamtr@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable We need to validate inode number to prevent reading non-existent and incorrect inodes so we checks that inode number valid across opened partition before we read it in Ext4ReadInode. Cc: Marvin H=C3=A4user Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.") Signed-off-by: Savva Mitrofanov --- Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h | 13 +++++++++++-- Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h | 12 ++++++++++++ Features/Ext4Pkg/Ext4Dxe/BlockGroup.c | 5 +++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h b/Features/Ext4Pkg/Ext4Dxe= /Ext4Disk.h index d0a455d0e572..70cb6c3209dd 100644 --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h @@ -484,8 +484,17 @@ typedef UINT64 EXT4_BLOCK_NR; typedef UINT32 EXT2_BLOCK_NR;=0D typedef UINT32 EXT4_INO_NR;=0D =0D -// 2 is always the root inode number in ext4=0D -#define EXT4_ROOT_INODE_NR 2=0D +/* Special inode numbers */=0D +#define EXT4_ROOT_INODE_NR 2=0D +#define EXT4_USR_QUOTA_INODE_NR 3=0D +#define EXT4_GRP_QUOTA_INODE_NR 4=0D +#define EXT4_BOOT_LOADER_INODE_NR 5=0D +#define EXT4_UNDEL_DIR_INODE_NR 6=0D +#define EXT4_RESIZE_INODE_NR 7=0D +#define EXT4_JOURNAL_INODE_NR 8=0D +=0D +/* First non-reserved inode for old ext4 filesystems */=0D +#define EXT4_GOOD_OLD_FIRST_INODE_NR 11=0D =0D #define EXT4_BLOCK_FILE_HOLE 0=0D =0D diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/= Ext4Dxe.h index f608def7c9eb..c977a97ca5c2 100644 --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h @@ -287,6 +287,18 @@ Ext4GetBlockGroupDesc ( IN UINT32 BlockGroup=0D );=0D =0D +/**=0D + Checks inode number validity across superblock of the opened partition.= =0D + Currently we don't have logic to process defective blocks with=0D + inode number equal 1, so we don't reject them at this point=0D +=0D + @param[in] Partition Pointer to the opened ext4 partition.=0D +=0D + @return TRUE if inode number is valid.=0D +**/=0D +#define EXT4_IS_VALID_INODE_NR(Partition, InodeNum) = \=0D + (((InodeNum) > 0) && (InodeNum) <=3D (Partition->SuperBlock.s_inodes_cou= nt))=0D +=0D /**=0D Reads an inode from disk.=0D =0D diff --git a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c b/Features/Ext4Pkg/Ext4D= xe/BlockGroup.c index cba96cd95afc..f34cdc5dbad7 100644 --- a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c +++ b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c @@ -50,6 +50,11 @@ Ext4ReadInode ( EXT4_BLOCK_NR InodeTableStart;=0D EFI_STATUS Status;=0D =0D + if (!EXT4_IS_VALID_INODE_NR (Partition, InodeNum)) {=0D + DEBUG ((DEBUG_ERROR, "[ext4] Error reading inode: inode number %lu isn= 't valid\n", InodeNum));=0D + return EFI_VOLUME_CORRUPTED;=0D + }=0D +=0D BlockGroupNumber =3D (UINT32)DivU64x64Remainder (=0D InodeNum - 1,=0D Partition->SuperBlock.s_inodes_per_group,=0D --=20 2.39.1