From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) by mx.groups.io with SMTP id smtpd.web11.11510.1675333303821052017 for ; Thu, 02 Feb 2023 02:21:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=agDsy2HG; spf=pass (domain: gmail.com, ip: 209.85.218.51, mailfrom: savvamtr@gmail.com) Received: by mail-ej1-f51.google.com with SMTP id lu11so4594031ejb.3 for ; Thu, 02 Feb 2023 02:21:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HJAJbZsMqSF6fSMNFtm6lde8m7ItWnWoyCRTIcD5Ppg=; b=agDsy2HG/GzLESd2C+AavQHcHzZEM3hRuM5jeLcJWFUjZefA8BzpNyUJ9zMnMNUK+g nrQUIGIsDRUJDWZzrXJFJUCVUYRfRyJuqG4BVGqxd7mZzM4wHsqn+jhvRmxQFdSP6/P7 JlxBKpyKH8CIqywf6xOork0W5qYyoMUQd0V9ZS73fOY2sDitvIQUgM/BNtwBTm5R42lW Nn8Su97VnY3l1hn8chKvWCSvTsTo2osuQP/G/eeZF9D+XbWWJTSlTJqkV/6+szH1e2dB sqbyoknmq5BzQa7i9WW59UWcjl7+ZzPg8a5tEcQFFds8pyH6tv+M6DUnnf+YSl1QuDiQ s01w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HJAJbZsMqSF6fSMNFtm6lde8m7ItWnWoyCRTIcD5Ppg=; b=Fr7toXjOeOpahfLDQEOrwcd4WBguE+ROLh4p7PREMDEF4/nt5BeitQh0O9KFn64Pjs ILuaFS+dvRDljyVoRZPAxf0kqqjtYNmL21/V7zUKBu8yfu6GggZXuhnqI2Z1ZvVpcshs Venw5TiSq14y/FVIZAjdrKEKEUOTaskAV/QjSIm175IM62ox4Ig4W9lFqLmf9ohMny+X PtPW0uvn6BcIAzkwMWT4GYML5UNKBJoLECnr064woKNWWpgaiwMrjqXhoR1P6MOhNawC HibbPrbL7UlxmxoblJo1Oh7bYxWMuVZgvZNTJCdGcFHMXAxcACHpD/54gguiNoe9+Xa0 J/OA== X-Gm-Message-State: AO0yUKUDHcfq6k1+Srx1mcPOKGhGzpJsysq5Ezh5U77Z/7ivMxqrxgHu wP5T0n/I0emRxKAgikpjOuj+YTwJhhh/fQ== X-Google-Smtp-Source: AK7set+VsmaYLx3gnMXHOozmbc90+OU0ha20K8XoNsoVIVH2HZYJQS58dBV0qj0AO9n+9kbM8zMbdw== X-Received: by 2002:a17:906:b4b:b0:878:71fe:2f12 with SMTP id v11-20020a1709060b4b00b0087871fe2f12mr6334582ejg.50.1675333302240; Thu, 02 Feb 2023 02:21:42 -0800 (PST) Return-Path: Received: from localhost.localdomain ([176.62.67.29]) by smtp.gmail.com with ESMTPSA id ci22-20020a170906c35600b0087bcda2b07bsm10013121ejb.202.2023.02.02.02.21.41 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 02 Feb 2023 02:21:42 -0800 (PST) From: "Savva Mitrofanov" To: devel@edk2.groups.io Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= , Pedro Falcato , Vitaly Cheptsov Subject: [edk2-platforms][PATCH v4 05/12] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock Date: Thu, 2 Feb 2023 16:21:26 +0600 Message-Id: <20230202102133.51606-6-savvamtr@gmail.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230202102133.51606-1-savvamtr@gmail.com> References: <20230202102133.51606-1-savvamtr@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Missing check for wrong s_log_block_size exponent leads to shift out of bounds. Limit block size to 2 MiB Cc: Marvin H=C3=A4user Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.") Signed-off-by: Savva Mitrofanov Reviewed-by: Pedro Falcato Reviewed-by: Marvin H=C3=A4user --- Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h | 14 ++++++++++++++ Features/Ext4Pkg/Ext4Dxe/Superblock.c | 5 +++++ 2 files changed, 19 insertions(+) diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/= Ext4Dxe.h index c977a97ca5c2..d3f72a98d7f8 100644 --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h @@ -40,6 +40,20 @@ #define EXT4_EFI_PATH_MAX 4096=0D #define EXT4_DRIVER_VERSION 0x0000=0D =0D +//=0D +// The EXT4 Specification doesn't strictly limit block size and this value= could be up to 2^31,=0D +// but in practice it is limited by PAGE_SIZE due to performance significa= nt impact.=0D +// Many EXT4 implementations have size of block limited to PAGE_SIZE. In m= any cases it's limited=0D +// to 4096, which is a commonly supported page size on most MMU-capable ha= rdware, and up to 65536.=0D +// So, to take a balance between compatibility and security measures, it i= s decided to use the=0D +// value of 2MiB as the limit, which is equal to large page size on new ha= rdware.=0D +// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called = BIGALLOC, which changes=0D +// EXT4 to use clustered allocation, so that each bit in the ext4 block al= location bitmap addresses=0D +// a power of two number of blocks. So it would be wiser to implement and = use this feature=0D +// if there is such a need instead of big block size.=0D +//=0D +#define EXT4_LOG_BLOCK_SIZE_MAX 11=0D +=0D /**=0D Opens an ext4 partition and installs the Simple File System protocol.=0D =0D diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4D= xe/Superblock.c index be3527e4d618..3f56de93c105 100644 --- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c +++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c @@ -248,6 +248,11 @@ Ext4OpenSuperblock ( return EFI_VOLUME_CORRUPTED;=0D }=0D =0D + if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {=0D + DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too bi= g\n", Sb->s_log_block_size));=0D + return EFI_UNSUPPORTED;=0D + }=0D +=0D Partition->BlockSize =3D (UINT32)LShiftU64 (1024, Sb->s_log_block_size);= =0D =0D // The size of a block group can also be calculated as 8 * Partition->Bl= ockSize=0D --=20 2.39.1