GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/1632557/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 1632557,
    "url": "http://patchwork.ozlabs.org/api/patches/1632557/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20220517204528.7277-1-pali@kernel.org/",
    "project": {
        "id": 18,
        "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api",
        "name": "U-Boot",
        "link_name": "uboot",
        "list_id": "u-boot.lists.denx.de",
        "list_email": "u-boot@lists.denx.de",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20220517204528.7277-1-pali@kernel.org>",
    "list_archive_url": null,
    "date": "2022-05-17T20:45:28",
    "name": "ubifs: Fix lockup/crash when reading files",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "a09caea7f2fffd2ac0ce7eb53c7051fd15c0fb7a",
    "submitter": {
        "id": 78810,
        "url": "http://patchwork.ozlabs.org/api/people/78810/?format=api",
        "name": "Pali Rohár",
        "email": "pali@kernel.org"
    },
    "delegate": {
        "id": 3651,
        "url": "http://patchwork.ozlabs.org/api/users/3651/?format=api",
        "username": "trini",
        "first_name": "Tom",
        "last_name": "Rini",
        "email": "trini@ti.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20220517204528.7277-1-pali@kernel.org/mbox/",
    "series": [
        {
            "id": 300737,
            "url": "http://patchwork.ozlabs.org/api/series/300737/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=300737",
            "date": "2022-05-17T20:45:28",
            "name": "ubifs: Fix lockup/crash when reading files",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/300737/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/1632557/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/1632557/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<u-boot-bounces@lists.denx.de>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "bilbo.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=PkVOrdob;\n\tdkim-atps=neutral",
            "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)",
            "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=kernel.org",
            "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de",
            "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.b=\"PkVOrdob\";\n\tdkim-atps=neutral",
            "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=kernel.org",
            "phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org"
        ],
        "Received": [
            "from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby bilbo.ozlabs.org (Postfix) with ESMTPS id 4L2p8q0m1Xz9s0w\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 May 2022 06:47:37 +1000 (AEST)",
            "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 141568425D;\n\tTue, 17 May 2022 22:47:28 +0200 (CEST)",
            "by phobos.denx.de (Postfix, from userid 109)\n id 36D7084277; Tue, 17 May 2022 22:47:26 +0200 (CEST)",
            "from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 1DD0380762\n for <u-boot@lists.denx.de>; Tue, 17 May 2022 22:47:22 +0200 (CEST)",
            "from smtp.kernel.org (relay.kernel.org [52.25.139.140])\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n (No client certificate requested)\n by ams.source.kernel.org (Postfix) with ESMTPS id 8659EB81C1C;\n Tue, 17 May 2022 20:47:21 +0000 (UTC)",
            "by smtp.kernel.org (Postfix) with ESMTPSA id F3EB2C385B8;\n Tue, 17 May 2022 20:47:19 +0000 (UTC)",
            "by pali.im (Postfix)\n id 145267DA; Tue, 17 May 2022 22:47:17 +0200 (CEST)"
        ],
        "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,\n SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no\n version=3.4.2",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n s=k20201202; t=1652820440;\n bh=NLk4wktz6opg8hTKwpktpVFx/yNEKvCW+TmHxcqe0jA=;\n h=From:To:Cc:Subject:Date:From;\n b=PkVOrdob1mwAtM/cAizMDqaOrglyk9bPHlieH5qSvHPcWCuyULbt4bUzVOP+B1NCY\n yjuT9M066Ip5tzDjvHS/MYjKS4b7c1XLle44mLfIDeQMeXRkZ37MtHU+BYDdEbdaTq\n 8w6yQj7DNaD8qs7v0TWVvdzpSHLfyWMUE/72KIiTzmj/fTVOcu35FrW15eu4g8/4FE\n vsK+uECIePj+V3ejAubTfKq188oVEI02kyyuWfDkraBURluqfAOrdfgUX7VPbc0UuB\n Q8kbWhVOGQM17sbrEWpPlYT8Gkx7jO4jkv/W8eA3IBJG7NVq39WgUbldwpCkjnRl+3\n K7sCgMJiwXaRA==",
        "From": "=?utf-8?q?Pali_Roh=C3=A1r?= <pali@kernel.org>",
        "To": "Stefan Roese <sr@denx.de>",
        "Cc": "u-boot@lists.denx.de",
        "Subject": "[PATCH] ubifs: Fix lockup/crash when reading files",
        "Date": "Tue, 17 May 2022 22:45:28 +0200",
        "Message-Id": "<20220517204528.7277-1-pali@kernel.org>",
        "X-Mailer": "git-send-email 2.20.1",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=UTF-8",
        "Content-Transfer-Encoding": "8bit",
        "X-BeenThere": "u-boot@lists.denx.de",
        "X-Mailman-Version": "2.1.39",
        "Precedence": "list",
        "List-Id": "U-Boot discussion <u-boot.lists.denx.de>",
        "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>",
        "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>",
        "List-Post": "<mailto:u-boot@lists.denx.de>",
        "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>",
        "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>",
        "Errors-To": "u-boot-bounces@lists.denx.de",
        "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>",
        "X-Virus-Scanned": "clamav-milter 0.103.5 at phobos.denx.de",
        "X-Virus-Status": "Clean"
    },
    "content": "Commit b1a14f8a1c2e (\"UBIFS: Change ubifsload to not read beyond the\nrequested size\") added optimization to do not read more bytes than it is\nreally needed. But this commit introduced incorrect handling of the hole at\nthe end of file. This logic cause U-Boot to crash or lockup when trying to\nread from the ubifs filesystem.\n\nWhen read_block() call returns -ENOENT error (not an error, but the hole)\nthen dn-> structure is not filled and contain garbage. So using of dn->size\nfor memcpy() argument cause that U-Boot tries to copy unspecified amount of\nbytes from possible unmapped memory. Which randomly cause lockup of P2020\nCPU.\n\nFix this issue by copying UBIFS_BLOCK_SIZE bytes from read buffer when\ndn->size is not available. UBIFS_BLOCK_SIZE is the size of the buffer\nitself and read_block() fills buffer by zeros when it returns -ENOENT.\n\nThis patch fixes ubifsload on P2020.\n\nFixes: b1a14f8a1c2e (\"UBIFS: Change ubifsload to not read beyond the requested size\")\nSigned-off-by: Pali Rohár <pali@kernel.org>\n---\n\nStefan, could you please look at this patch? Mentioned commit was\nintroduced by you more than 11 years ago. I'm surprised that nobody hit\nthis issue yet, but it looks like older U-Boot versions somehow filled\nsmall garbage number into dn->size and did not cause U-Boot\nlockup/crash.\n---\n fs/ubifs/ubifs.c | 2 ++\n 1 file changed, 2 insertions(+)",
    "diff": "diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c\nindex d6be5c947d7e..d3026e310168 100644\n--- a/fs/ubifs/ubifs.c\n+++ b/fs/ubifs/ubifs.c\n@@ -771,40 +771,42 @@ static int do_readpage(struct ubifs_info *c, struct inode *inode,\n \t\t\t\tbuff = malloc_cache_aligned(UBIFS_BLOCK_SIZE);\n \t\t\t\tif (!buff) {\n \t\t\t\t\tprintf(\"%s: Error, malloc fails!\\n\",\n \t\t\t\t\t       __func__);\n \t\t\t\t\terr = -ENOMEM;\n \t\t\t\t\tbreak;\n \t\t\t\t}\n \n \t\t\t\t/* Read block-size into temp buffer */\n \t\t\t\tret = read_block(inode, buff, block, dn);\n \t\t\t\tif (ret) {\n \t\t\t\t\terr = ret;\n \t\t\t\t\tif (err != -ENOENT) {\n \t\t\t\t\t\tfree(buff);\n \t\t\t\t\t\tbreak;\n \t\t\t\t\t}\n \t\t\t\t}\n \n \t\t\t\tif (last_block_size)\n \t\t\t\t\tdlen = last_block_size;\n+\t\t\t\telse if (ret)\n+\t\t\t\t\tdlen = UBIFS_BLOCK_SIZE;\n \t\t\t\telse\n \t\t\t\t\tdlen = le32_to_cpu(dn->size);\n \n \t\t\t\t/* Now copy required size back to dest */\n \t\t\t\tmemcpy(addr, buff, dlen);\n \n \t\t\t\tfree(buff);\n \t\t\t} else {\n \t\t\t\tret = read_block(inode, addr, block, dn);\n \t\t\t\tif (ret) {\n \t\t\t\t\terr = ret;\n \t\t\t\t\tif (err != -ENOENT)\n \t\t\t\t\t\tbreak;\n \t\t\t\t}\n \t\t\t}\n \t\t}\n \t\tif (++i >= UBIFS_BLOCKS_PER_PAGE)\n \t\t\tbreak;\n \t\tblock += 1;\n \t\taddr += UBIFS_BLOCK_SIZE;\n",
    "prefixes": []
}