From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54])
 by mx.groups.io with SMTP id smtpd.web11.11448.1675332960986674007
 for <devel@edk2.groups.io>;
 Thu, 02 Feb 2023 02:16:01 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=Pt+y0wTj;
 spf=pass (domain: gmail.com, ip: 209.85.167.54, mailfrom: savvamtr@gmail.com)
Received: by mail-lf1-f54.google.com with SMTP id bi36so2222776lfb.8
        for <devel@edk2.groups.io>; Thu, 02 Feb 2023 02:16:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=xLOY7r+1V43BP9xnOlNRKkx3snnHGlzfbfXrtmEKSQE=;
        b=Pt+y0wTjH2szRFSXA4IlwubxZ8b3q7lCw13Ndrq7v6rj5TDd9ULE14aE6KzIuES9QD
         cel5Y+WwCe6yEI4F+9mj5dPz23Mv8H6/maiM6hJNJJUx0CmQCAYTwvkTr02DwpcHdber
         tw3ICWlBZCR6FO5fOBks8h6zjgPdBLNrh9J79K92hsdSkWwB/dEoxXu7v4CBXSXb6n1P
         GhHhKtN/X4Myijh0JgH5rOgHsYG8xWEXF2GQ2xyLqhYqunIZewReGYwaJGrdWbve3frX
         YPXNILCTACNnl8b6/6AvryPi9Rf/L1bWaoRbVda+x+byWLg1yTXD+mbPYDMb8WyagmJV
         /0pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xLOY7r+1V43BP9xnOlNRKkx3snnHGlzfbfXrtmEKSQE=;
        b=21jgFcO4e5OKB8ynniTKfTcflBdg2VAQGgdGjyhTovMLUmOzEw1EIJZQ9RL4MzadrW
         fooceB03Vzt0E7bc/hxgy9NuH9ATbI+JQZrM5spFMs0YsmZYeQ9Fs+vFMElnND1uHQAA
         OJMS5YFKsN5ca0o4xk+RBxt/B1U1V+HEigL4iRPBMBWC/LO8EMktxVp5F/0HC904Tc4q
         Tx3j71WMeZ6qH5NW0RzSHFnYaMJYEmg0OdGUxEEeYPX52DrB9MGfyPdB9q+ybkYFaa1g
         IkdoAxzGAhitpOiF9B9oJdyeIYecs8vbUL+NF3prlyQgtLynWkzaGLbVEuCj6Imga29a
         B7ug==
X-Gm-Message-State: AO0yUKV3gQEOUX9mXyxlw1P2ocWbKcFxkYrRq2ZLv/vprIuVm4ydmqev
	WQIY4tgzczXWeNj9Y/QgBVU=
X-Google-Smtp-Source: AK7set8tHHoKaMO1rMUfgM1vO1IwnxcRxzWV5KdWnzZv4/KK5Mm7u802Ie3LycgQ++La3v8r3TasEg==
X-Received: by 2002:ac2:522f:0:b0:4cb:449a:31f8 with SMTP id i15-20020ac2522f000000b004cb449a31f8mr1279109lfl.35.1675332959125;
        Thu, 02 Feb 2023 02:15:59 -0800 (PST)
Return-Path: <savvamtr@gmail.com>
Received: from smtpclient.apple ([176.62.67.29])
        by smtp.gmail.com with ESMTPSA id x25-20020a056512047900b004cc7026d95asm1331808lfd.259.2023.02.02.02.15.58
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 02 Feb 2023 02:15:58 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\))
Subject: Re: [edk2-platforms][PATCH v3 04/11] Ext4Pkg: Add inode number validity check
From: "Savva Mitrofanov" <savvamtr@gmail.com>
In-Reply-To: <CAKbZUD3FhEonho+VrWGdrjuroCmVc_g8mppyNUOeLoxbJv5Erg@mail.gmail.com>
Date: Thu, 2 Feb 2023 16:15:56 +0600
Cc: devel@edk2.groups.io,
 =?utf-8?Q?Marvin_H=C3=A4user?= <mhaeuser@posteo.de>,
 =?utf-8?B?0JLQuNGC0LDQu9C40Lkg0K7RgNGM0LXQstC40Ycg0KfQtdC/0YbQvtCy?= <vit9696@protonmail.com>
Message-Id: <76BD8D12-5AB4-4F31-9243-0F4C656C431F@gmail.com>
References: <20230127092945.94389-1-savvamtr@gmail.com>
 <20230127092945.94389-5-savvamtr@gmail.com>
 <CAKbZUD3FhEonho+VrWGdrjuroCmVc_g8mppyNUOeLoxbJv5Erg@mail.gmail.com>
To: Pedro Falcato <pedro.falcato@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.2)
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

Yes, I checked this out. Your UTF8 patches and latest patch
which redirects '..' folder to proper '/' with my directory entry '\0' =
patch solves the problem.
However, we need to perform inode number validation at least in =
Ext4ReadInode.
As we discussed, we can do this in a simplified way. These changes will =
be in v4

Thanks!

> On 27 Jan 2023, at 20:19, Pedro Falcato <pedro.falcato@gmail.com> =
wrote:
>=20
> On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov <savvamtr@gmail.com> =
wrote:
>>=20
>> We need to validate inode number to prevent possible null-pointer
>> dereference of directory parent in Ext4OpenDirent. Also checks that
>> inode number valid across opened partition before we read it in
>> Ext4ReadInode.
>>=20
>> Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
>> Cc: Pedro Falcato <pedro.falcato@gmail.com>
>> Cc: Vitaly Cheptsov <vit9696@protonmail.com>
>> Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
>> Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
>> ---
>> Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h   | 13 ++++++++--
>> Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 25 ++++++++++++++++++++
>> Features/Ext4Pkg/Ext4Dxe/BlockGroup.c |  5 ++++
>> Features/Ext4Pkg/Ext4Dxe/Directory.c  | 10 ++++++++
>> 4 files changed, 51 insertions(+), 2 deletions(-)
>>=20
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h =
b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
>> index d0a455d0e572..70cb6c3209dd 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
>> @@ -484,8 +484,17 @@ typedef UINT64  EXT4_BLOCK_NR;
>> typedef UINT32  EXT2_BLOCK_NR;
>> typedef UINT32  EXT4_INO_NR;
>>=20
>> -// 2 is always the root inode number in ext4
>> -#define EXT4_ROOT_INODE_NR  2
>> +/* Special inode numbers */
>> +#define EXT4_ROOT_INODE_NR         2
>> +#define EXT4_USR_QUOTA_INODE_NR    3
>> +#define EXT4_GRP_QUOTA_INODE_NR    4
>> +#define EXT4_BOOT_LOADER_INODE_NR  5
>> +#define EXT4_UNDEL_DIR_INODE_NR    6
>> +#define EXT4_RESIZE_INODE_NR       7
>> +#define EXT4_JOURNAL_INODE_NR      8
>> +
>> +/* First non-reserved inode for old ext4 filesystems */
>> +#define EXT4_GOOD_OLD_FIRST_INODE_NR  11
>>=20
>> #define EXT4_BLOCK_FILE_HOLE  0
>>=20
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h =
b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> index f608def7c9eb..2e489ce4dd86 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> @@ -287,6 +287,31 @@ Ext4GetBlockGroupDesc (
>>   IN UINT32          BlockGroup
>>   );
>>=20
>> +/**
>> +   Retrieves the first usable non-reserved inode number from the =
superblock
>> +   of the opened partition.
>> +
>> +   @param[in]  Partition      Pointer to the opened ext4 partition.
>> +
>> +   @return The first usable inode number (non-reserved).
>> +**/
>> +#define EXT4_FIRST_INODE_NR(Partition)                               =
          \
>> +  ((Partition->SuperBlock.s_rev_level =3D=3D EXT4_GOOD_OLD_REV) ?    =
              \
>> +         EXT4_GOOD_OLD_FIRST_INODE_NR :                              =
          \
>> +         Partition->SuperBlock.s_first_ino)
>> +
>> +/**
>> +   Checks inode number validity across superblock of the opened =
partition.
>> +
>> +   @param[in]  Partition      Pointer to the opened ext4 partition.
>> +
>> +   @return TRUE if inode number is valid.
>> +**/
>> +#define EXT4_IS_VALID_INODE_NR(Partition, InodeNum)                  =
          \
>> +  (InodeNum =3D=3D EXT4_ROOT_INODE_NR ||                             =
              \
>> +        (InodeNum >=3D EXT4_FIRST_INODE_NR(Partition) &&             =
            \
>> +         InodeNum <=3D Partition->SuperBlock.s_inodes_count))
>> +
>> /**
>>    Reads an inode from disk.
>>=20
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c =
b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
>> index cba96cd95afc..f34cdc5dbad7 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
>> +++ b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
>> @@ -50,6 +50,11 @@ Ext4ReadInode (
>>   EXT4_BLOCK_NR          InodeTableStart;
>>   EFI_STATUS             Status;
>>=20
>> +  if (!EXT4_IS_VALID_INODE_NR (Partition, InodeNum)) {
>> +    DEBUG ((DEBUG_ERROR, "[ext4] Error reading inode: inode number =
%lu isn't valid\n", InodeNum));
>> +    return EFI_VOLUME_CORRUPTED;
>> +  }
>> +
>=20
> I don't know how to feel about this patch.
> I do not understand why we need this here (and below). Given
> Ext4OpenDirent, how is this deref'ing a NULL pointer without this
> check?
> Has this been handled by the UTF8 patches and your \0 patch?
>=20
> --=20
> Pedro