summaryrefslogtreecommitdiffstats
path: root/fs/squashfs/squashfs_fs.h
Commit message (Collapse)AuthorAgeFilesLines
* Squashfs: fix handling and sanity checking of xattr_ids countPhillip Lougher2023-01-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer xattr_ids variable causes sign extension. This causes variable overflow in the SQUASHFS_XATTR_*(A) macros. The variable is first multiplied by sizeof(struct squashfs_xattr_id) where the type of the sizeof operator is "unsigned long". On a 64-bit system this is 64-bits in size, and causes the negative number to be sign extended and widened to 64-bits and then become unsigned. This produces the very large number 18446744073709548016 or 2^64 - 3600. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows and produces a length of 0 (stored in len). Flaw 2 (32-bit systems only): On a 32-bit system the integer variable is not widened by the unsigned long type of the sizeof operator (32-bits), and the signedness of the variable has no effect due it always being treated as unsigned. The above corrupted xattr_ids value of 4294967071, when multiplied overflows and produces the number 4294963696 or 2^32 - 3400. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows again and produces a length of 0. The effect of the 0 length computation: In conjunction with the corrupted xattr_ids field, the filesystem also has a corrupted xattr_table_start value, where it matches the end of filesystem value of 850. This causes the following sanity check code to fail because the incorrectly computed len of 0 matches the incorrect size of the table reported by the superblock (0 bytes). len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids); indexes = SQUASHFS_XATTR_BLOCKS(*xattr_ids); /* * The computed size of the index table (len bytes) should exactly * match the table start and end points */ start = table_start + sizeof(*id_table); end = msblk->bytes_used; if (len != (end - start)) return ERR_PTR(-EINVAL); Changing the xattr_ids variable to be "usigned int" fixes the flaw on a 64-bit system. This relies on the fact the computation is widened by the unsigned long type of the sizeof operator. Casting the variable to u64 in the above macro fixes this flaw on a 32-bit system. It also means 64-bit systems do not implicitly rely on the type of the sizeof operator to widen the computation. [1] https://lore.kernel.org/lkml/000000000000cd44f005f1a0f17f@google.com/ Link: https://lkml.kernel.org/r/20230127061842.10965-1-phillip@squashfs.org.uk Fixes: 506220d2ba21 ("squashfs: add more sanity checks in xattr id lookup") Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: <syzbot+082fa4af80a5bb1a9843@syzkaller.appspotmail.com> Cc: Alexey Khoroshilov <khoroshilov@ispras.ru> Cc: Fedor Pchelkin <pchelkin@ispras.ru> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
* squashfs: fix inode lookup sanity checksSean Nyekjaer2021-03-251-0/+1
| | | | | | | | | | | | | | | | When mouting a squashfs image created without inode compression it fails with: "unable to read inode lookup table" It turns out that the BLOCK_OFFSET is missing when checking the SQUASHFS_METADATA_SIZE agaist the actual size. Link: https://lkml.kernel.org/r/20210226092903.1473545-1-sean@geanix.com Fixes: eabac19e40c0 ("squashfs: add more sanity checks in inode lookup") Signed-off-by: Sean Nyekjaer <sean@geanix.com> Acked-by: Phillip Lougher <phillip@squashfs.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Squashfs: Replace zero-length array with flexible-arrayGustavo A. R. Silva2020-06-151-8/+8
| | | | | | | | | | | | There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://github.com/KSPP/linux/issues/21 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35Thomas Gleixner2019-05-241-14/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation 51 franklin street fifth floor boston ma 02110 1301 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 23 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190520170857.458548087@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* squashfs: be more careful about metadata corruptionLinus Torvalds2018-07-291-0/+6
| | | | | | | | | | | | | | | | | Anatoly Trosinenko reports that a corrupted squashfs image can cause a kernel oops. It turns out that squashfs can end up being confused about negative fragment lengths. The regular squashfs_read_data() does check for negative lengths, but squashfs_read_metadata() did not, and the fragment size code just blindly trusted the on-disk value. Fix both the fragment parsing and the metadata reading code. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Phillip Lougher <phillip@squashfs.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* squashfs: Add zstd supportSean Purcell2017-09-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add zstd compression and decompression support to SquashFS. zstd is a great fit for SquashFS because it can compress at ratios approaching xz, while decompressing twice as fast as zlib. For SquashFS in particular, it can decompress as fast as lzo and lz4. It also has the flexibility to turn down the compression ratio for faster compression times. The compression benchmark is run on the file tree from the SquashFS archive found in ubuntu-16.10-desktop-amd64.iso [1]. It uses `mksquashfs` with the default block size (128 KB) and and various compression algorithms/levels. xz and zstd are also benchmarked with 256 KB blocks. The decompression benchmark times how long it takes to `tar` the file tree into `/dev/null`. See the benchmark file in the upstream zstd source repository located under `contrib/linux-kernel/squashfs-benchmark.sh` [2] for details. I ran the benchmarks on a Ubuntu 14.04 VM with 2 cores and 4 GiB of RAM. The VM is running on a MacBook Pro with a 3.1 GHz Intel Core i7 processor, 16 GB of RAM, and a SSD. | Method | Ratio | Compression MB/s | Decompression MB/s | |----------------|-------|------------------|--------------------| | gzip | 2.92 | 15 | 128 | | lzo | 2.64 | 9.5 | 217 | | lz4 | 2.12 | 94 | 218 | | xz | 3.43 | 5.5 | 35 | | xz 256 KB | 3.53 | 5.4 | 40 | | zstd 1 | 2.71 | 96 | 210 | | zstd 5 | 2.93 | 69 | 198 | | zstd 10 | 3.01 | 41 | 225 | | zstd 15 | 3.13 | 11.4 | 224 | | zstd 16 256 KB | 3.24 | 8.1 | 210 | This patch was written by Sean Purcell <me@seanp.xyz>, but I will be taking over the submission process. [1] http://releases.ubuntu.com/16.10/ [2] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/squashfs-benchmark.sh zstd source repository: https://github.com/facebook/zstd Signed-off-by: Sean Purcell <me@seanp.xyz> Signed-off-by: Nick Terrell <terrelln@fb.com> Signed-off-by: Chris Mason <clm@fb.com> Acked-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: add LZ4 compression supportPhillip Lougher2014-11-271-0/+1
| | | | | | | | | Add support for reading file systems compressed with the LZ4 compression algorithm. This patch adds the LZ4 decompressor wrapper code. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: add corruption check for type in squashfs_readdir()Phillip Lougher2013-09-061-1/+4
| | | | | | | | We read the type field from disk. This value should be sanity checked for correctness to avoid an out of bounds access when reading the squashfs_filetype_table array. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: get rid of obsolete definitions in header filePhillip Lougher2012-03-101-16/+0
| | | | | | | | Most of these were never used by the kernel code, but belong to the time when the header file was used by both the kernel code and the user space tools. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: use define instead of constantAjeet Yadav2012-03-101-0/+3
| | | | | | | Its better to use defined name instead of constant Signed-off-by: Ajeet Yadav <ajeet.yadav.77@gmail.com> Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: Add an option to set dev block size to 4KPhillip Lougher2011-11-021-0/+7
| | | | | | | | | | | | | | | | | | | This commit adds an option to set the device block size used to 4K. By default Squashfs sets the device block size (sb_min_blocksize) to 1K or the smallest block size supported by the block device (if larger). This, because blocks are packed together and unaligned in Squashfs, should reduce latency. This, however, gives poor performance on MTD NAND devices where the optimal I/O size is 4K (even though the devices can support smaller block sizes). Using a 4K device block size may also improve overall I/O performance for some file access patterns (e.g. sequential accesses of files in filesystem order) on all media. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
* Squashfs: update email addressPhillip Lougher2011-05-261-1/+1
| | | | | | | My existing email address may stop working in a month or two, so update email to one that will continue working. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* Squashfs: extend decompressor framework to handle compression optionsPhillip Lougher2011-02-281-0/+4
| | | | | | | | | | | | | | | | Extend decompressor framework to handle compression options stored in the filesystem. These options can be used by the relevant decompressor at initialisation time to over-ride defaults. The presence of compression options in the filesystem is indicated by the COMP_OPT filesystem flag. If present the data is read from the filesystem and passed to the decompressor init function. The decompressor init function signature has been extended to take this data. Also update the init function signature in the glib, lzo and xz decompressor wrappers. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* Squashfs: add XZ compression supportPhillip Lougher2011-01-131-0/+1
| | | | | | | | | Add support for reading file systems compressed with the XZ compression algorithm. This patch adds the XZ decompressor wrapper code. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* Squashfs: fix checkpatch.pl warningsPhillip Lougher2010-08-081-10/+10
| | | | | | Checkpatch.pl in 2.6.34 added a check for spaces between tabs. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* squashfs: add new extended inode typesPhillip Lougher2010-05-171-0/+25
| | | | | | | Add new extended inode types that store the xattr_id field. Also add the necessary code changes to make xattrs visibile. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* squashfs: add support for xattr readingPhillip Lougher2010-05-171-0/+19
| | | | | | Add support for listxattr and getxattr. Also add xattr definitions. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* squashfs: add xattr id supportPhillip Lougher2010-05-171-1/+31
| | | | | | | This patch adds support for mapping xattr ids (stored in inodes) into the on-disk location of the xattrs themselves. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* Squashfs: get rid of obsolete definition in header filePhillip Lougher2010-03-051-2/+0
| | | | Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* Squashfs: add decompressor entries for lzma and lzoPhillip Lougher2010-01-201-1/+3
| | | | | | | | | Add knowledge of lzma/lzo compression formats to the decompressor framework. For now these are added as unsupported. Without these entries lzma/lzo compressed filesystems will be flagged as having unknown compression which is undesirable. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
* btrfs & squashfs: Move btrfs and squashfsto's magic number to <linux/magic.h>Qinghuang Feng2009-01-151-1/+0
| | | | | | | | | | Use the standard magic.h for btrfs and squashfs. Signed-off-by: Qinghuang Feng <qhfeng.kernel@gmail.com> Cc: Phillip Lougher <phillip@lougher.demon.co.uk> Cc: Chris Mason <chris.mason@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Squashfs: header filesPhillip Lougher2009-01-051-0/+381
Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>