From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web10.102924.1674829155307766969 for ; Fri, 27 Jan 2023 06:19:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Mbo2EM15; spf=pass (domain: gmail.com, ip: 209.85.215.170, mailfrom: pedro.falcato@gmail.com) Received: by mail-pg1-f170.google.com with SMTP id 78so3293403pgb.8 for ; Fri, 27 Jan 2023 06:19:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=YcQSfPvEbFPuWGi/JYJDq8GVw7sD+J6VnMU9wyNBrJE=; b=Mbo2EM15dhgv/wqlMs90ohFmRVKEH1vJVIBYXXJvycxdj3NJc4wR9oSo8/p9I/WKxh u2kpPHLCFAP72ZhKuC4qRuam5poDa/6cAaVMdn9eBTfBDVaEpUadYLVK6Ix82pMixS/1 /QGNI6vSwvp6oP6izd7/GmL4Tux/UGQzQceG8wq2ZBmrAai7E5w1p6PVovjGodHEZ5Lt K0BrBftHVD6BS30HTmcE2niTGl/MFBQixRbd9UsBbAOMdRyOOkmrCfJUvfdZqQ00dDuQ Np5W/JUkmj5p+oPcCuCdol0hx4jPb38QumLnmp6vNZS4M7vT3EcV24jwlLHPPN3r7z8K +CeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YcQSfPvEbFPuWGi/JYJDq8GVw7sD+J6VnMU9wyNBrJE=; b=w6M0EBDTpEJ0PpVBiOc64XcGYXUb3en1Iv+jdxP7bJL1Q+e1+2YyTO143lsHoStf2a mNCLnUlOxUjaofLkn8Pzl85d+yMQqCaeo6NY3YBr+AJ70kRilTcZWak4fOFDOBnFQwo1 yCvNnrNBHT1UDRNw0+CLC1hB+EzYUpV3JjCEMoM3YenU+3vfCgAnocr7a2UM4NBAlX8F 7VX2urEZxuRDq8qqiNj60APSDB7+maML5zRglmYPocOE6aqVCR8fEtBvcpVwFqT5oW1u En1zhEFMMPRS/iNd8LtPhcZAozAn8Twedw/+HxbgZOTMSdwBuCfGcVrMzFXhf+UavMLV km1g== X-Gm-Message-State: AO0yUKXJAvZzV4ZnPimWMpC3aWUVk5D+I8p+3lzNIiSbVGaey8Jy1uPQ /CNj/FymceNZCxCVmyLHm6L03o09uyGXadQs0rM= X-Google-Smtp-Source: AK7set/FYgsOh2nU+ZI/KGG3S+pvFdbMxIFuqyXeF5zijiOYePGgBDQ3I5PTYiERn6GpKiUroPqJoG+4RhkQzICr7Qo= X-Received: by 2002:a63:1c1a:0:b0:4da:7adc:4264 with SMTP id c26-20020a631c1a000000b004da7adc4264mr1072925pgc.65.1674829154643; Fri, 27 Jan 2023 06:19:14 -0800 (PST) MIME-Version: 1.0 References: <20230127092945.94389-1-savvamtr@gmail.com> <20230127092945.94389-5-savvamtr@gmail.com> In-Reply-To: <20230127092945.94389-5-savvamtr@gmail.com> From: "Pedro Falcato" Date: Fri, 27 Jan 2023 14:19:03 +0000 Message-ID: Subject: Re: [edk2-platforms][PATCH v3 04/11] Ext4Pkg: Add inode number validity check To: Savva Mitrofanov Cc: devel@edk2.groups.io, =?UTF-8?Q?Marvin_H=C3=A4user?= , Vitaly Cheptsov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov wrote= : > > We need to validate inode number to prevent possible null-pointer > dereference of directory parent in Ext4OpenDirent. Also checks that > inode number valid across opened partition before we read it in > Ext4ReadInode. > > Cc: Marvin H=C3=A4user > Cc: Pedro Falcato > Cc: Vitaly Cheptsov > Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.") > Signed-off-by: Savva Mitrofanov > --- > Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h | 13 ++++++++-- > Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h | 25 ++++++++++++++++++++ > Features/Ext4Pkg/Ext4Dxe/BlockGroup.c | 5 ++++ > Features/Ext4Pkg/Ext4Dxe/Directory.c | 10 ++++++++ > 4 files changed, 51 insertions(+), 2 deletions(-) > > diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h b/Features/Ext4Pkg/Ext4D= xe/Ext4Disk.h > index d0a455d0e572..70cb6c3209dd 100644 > --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h > +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h > @@ -484,8 +484,17 @@ typedef UINT64 EXT4_BLOCK_NR; > typedef UINT32 EXT2_BLOCK_NR; > typedef UINT32 EXT4_INO_NR; > > -// 2 is always the root inode number in ext4 > -#define EXT4_ROOT_INODE_NR 2 > +/* Special inode numbers */ > +#define EXT4_ROOT_INODE_NR 2 > +#define EXT4_USR_QUOTA_INODE_NR 3 > +#define EXT4_GRP_QUOTA_INODE_NR 4 > +#define EXT4_BOOT_LOADER_INODE_NR 5 > +#define EXT4_UNDEL_DIR_INODE_NR 6 > +#define EXT4_RESIZE_INODE_NR 7 > +#define EXT4_JOURNAL_INODE_NR 8 > + > +/* First non-reserved inode for old ext4 filesystems */ > +#define EXT4_GOOD_OLD_FIRST_INODE_NR 11 > > #define EXT4_BLOCK_FILE_HOLE 0 > > diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dx= e/Ext4Dxe.h > index f608def7c9eb..2e489ce4dd86 100644 > --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h > +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h > @@ -287,6 +287,31 @@ Ext4GetBlockGroupDesc ( > IN UINT32 BlockGroup > ); > > +/** > + Retrieves the first usable non-reserved inode number from the superbl= ock > + of the opened partition. > + > + @param[in] Partition Pointer to the opened ext4 partition. > + > + @return The first usable inode number (non-reserved). > +**/ > +#define EXT4_FIRST_INODE_NR(Partition) = \ > + ((Partition->SuperBlock.s_rev_level =3D=3D EXT4_GOOD_OLD_REV) ? = \ > + EXT4_GOOD_OLD_FIRST_INODE_NR : = \ > + Partition->SuperBlock.s_first_ino) > + > +/** > + Checks inode number validity across superblock of the opened partitio= n. > + > + @param[in] Partition Pointer to the opened ext4 partition. > + > + @return TRUE if inode number is valid. > +**/ > +#define EXT4_IS_VALID_INODE_NR(Partition, InodeNum) = \ > + (InodeNum =3D=3D EXT4_ROOT_INODE_NR || = \ > + (InodeNum >=3D EXT4_FIRST_INODE_NR(Partition) && = \ > + InodeNum <=3D Partition->SuperBlock.s_inodes_count)) > + > /** > Reads an inode from disk. > > diff --git a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c b/Features/Ext4Pkg/Ext= 4Dxe/BlockGroup.c > index cba96cd95afc..f34cdc5dbad7 100644 > --- a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c > +++ b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c > @@ -50,6 +50,11 @@ Ext4ReadInode ( > EXT4_BLOCK_NR InodeTableStart; > EFI_STATUS Status; > > + if (!EXT4_IS_VALID_INODE_NR (Partition, InodeNum)) { > + DEBUG ((DEBUG_ERROR, "[ext4] Error reading inode: inode number %lu i= sn't valid\n", InodeNum)); > + return EFI_VOLUME_CORRUPTED; > + } > + I don't know how to feel about this patch. I do not understand why we need this here (and below). Given Ext4OpenDirent, how is this deref'ing a NULL pointer without this check? Has this been handled by the UTF8 patches and your \0 patch? --=20 Pedro