From patchwork Fri Mar 19 08:55:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominique Martinet X-Patchwork-Id: 1455720 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2607:f8b0:4864:20::538; helo=mail-pg1-x538.google.com; envelope-from=swupdate+bncbcwivbv7sugrbfgo2gbamgqeakvxp7i@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=rfcxaGI5; dkim-atps=neutral Received: from mail-pg1-x538.google.com (mail-pg1-x538.google.com [IPv6:2607:f8b0:4864:20::538]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4F1yRB5fBpz9sRR for ; Fri, 19 Mar 2021 19:55:50 +1100 (AEDT) Received: by mail-pg1-x538.google.com with SMTP id y26sf24220551pga.10 for ; Fri, 19 Mar 2021 01:55:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1616144148; cv=pass; d=google.com; s=arc-20160816; b=kNr8sT0eU7rDtStMZpkrWCv/gQeONfK/LERvfZ+eUSFs1k2wY4KYoaupmhh/NfZSPh lVrmxtXRmrZlbaomDU45LH4e/U7lzPd2/WJOIR+giFDhaWpRw5L8jgATnHNN1yJyxP0S oqg5Oth8icmezhgJhm2KjCMOhBuXPcyBL8UBTfa/WwIoQggvN9wEfMZ+s2pWPPEJj7qI awfXH/+/WQOhazvLxz3/uq927HE0bWo0BNJwsz4O74zgzeANFkQbzKS0v9o3qM7PDeqt ET91EDCFh08h9Ae09aPswm3DI8kIOPtu2eTcbgnD+e+3v0H7vd+p6dCoRhAZAgn1GOkz bFBw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=BGUh5xFmWqefdqnTQgwys73H4VTKCR8uOY+8LH4WeQQ=; b=rDpXZUbip4yOtSg00Cg2dZvbv8t7Vkov2o+WblupJm4bk1v9NAhDpJG2Fc5xxUEN0m Txf3to4cOOACqWrXVXOiv15GA8XUWuY2ykL21PPbFtAoOkIeDDBvCZR2PG3sH5Xl+OYR i4F5+koLoSVsSZgPlaYuPLe3GKj8DD9EyJfYu5fPdlkzeSA8dVhETsAlttcCXFLBbUN/ NW0AgyDMc6hYE6pttNe3mj1Kk+fTN4RihBNUCepmTUPh9b81+mz7BaB0BxPYgzcE5ya4 MjT3nKkgQKQPy3gmgwTxZmH5vYlmdz0/jM/s+CL08lu5BZPuYTCSSPeXpQFIDCvYCxrS rqsg== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 13.115.124.170 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=BGUh5xFmWqefdqnTQgwys73H4VTKCR8uOY+8LH4WeQQ=; b=rfcxaGI5KnNQv9zm7tfrN/0APT6skbIP1n6LZgTN99FByR8NlR5WR1EXSgE4te0Mb/ Nc8vHw7cczfSgZRIxKFh3Y+Dkm5KeOuC5efitDOH7cI4FGExZdL27iAIPfIYQTdx8cPF C0+tY0S623TYSwH7Jj7mSRSsWVVJHv1wGboU7mf9TnMHcsSLfIYzrr79Ma4fTSaQkzLR 5Ns4LvLPt7IleCA/o75a0tV6KDV/JRVFM28BFhVH4PW8rUtx2sLIgWCQpzFoLvWxi9eL dw8+tmbkcm/G//13TBK4m2n6DKBQCfo2NqrmuHkGFc9IFOFyhjW08iV9/g6nlJw1/dlK +/8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=BGUh5xFmWqefdqnTQgwys73H4VTKCR8uOY+8LH4WeQQ=; b=qI8gV9tUkhOKw2tP32PzdZqOk9AIjl8sGb3S4lrfK45mdsennEO4A9ZMSZrRLAHkcd wR4lbDFCbevt1FenQbz+ehB7blTxdsIWDypMUKGka+ERzORdjGD1JZ6p4UHQ0xiklkAM l4tGrAqDWff6uFJikdtg+xH05RWohPNDlpFBJiQwYZJnYWNiblROvaVNQ4CRx9ckQxgy rVN49GBOgjcxZm1zMJxu7ES/dl5x4K5Ds9lyD1eDvsWklJdiABvlSq5KnPegb2/fhv43 0WPyYX20Bguz70c/XE2gOf4lYBG4Hg/HqHd4HsnCe1eDnwM0I+4yp4yhaCmbnaRCcc+C MnOQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOAM532BoOPgFfN5s/j3zMXQ4jJF+ORqqRxLUzAzHSSVszMSBof5zruJ 9PWn1xvYgMFuPOecHGq71RM= X-Google-Smtp-Source: ABdhPJzhC4tI1kzJLvgnLwydfdXkM18JjSKvLLL4TfeP0w1VaZy0XmpHrK5pL+ohwEWqwzhFHJFLsA== X-Received: by 2002:a17:90a:e60b:: with SMTP id j11mr8357881pjy.42.1616144148284; Fri, 19 Mar 2021 01:55:48 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a63:ef0b:: with SMTP id u11ls1772186pgh.4.gmail; Fri, 19 Mar 2021 01:55:47 -0700 (PDT) X-Received: by 2002:a63:3d2:: with SMTP id 201mr10180091pgd.359.1616144147340; Fri, 19 Mar 2021 01:55:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616144147; cv=none; d=google.com; s=arc-20160816; b=ZYFQr3As4P57ry51MGKtFDjbEOSuE173/0xPDzVU8xFcrMWAWgxbPeBM7HV3NxYDrL 5ILzP8Ni5qnzWiuGwbnHH54h7tB5J9LEnXctPsYVZfikb4kkhwAqNV1gWmP2aVS5VmpN Y9M1KoPvCQWd3LuTv+/nwUjmgQhutrZ7IaZnbEwxUH0GQgzoB2BmT+uaElclEv/UADdx MqtjJrOCUaqddbZTPpXK41uwh0EspSkSfH1QwfB1hizuqtWiGkoOesdg+ibCoHoUF7vB r2MfOwQsXei76EhX6emcpaWEmspVTJomNOOloe9pSl9fpitg4tStDVXQhIFPhJFTmi16 v3mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=uo2NSiJK/h2UKKc3xYnefrAFMLW/9xrzKlYNhW0/92E=; b=u61nm4fhbJuWyDf0xJrWCawh3hDBNgCaLW4j0mECBv1NrcREtnPYaaRpF4RhAaTXLt xW93hUkVeXcNu2idgEW4w/rac4OLhraBVyVEm2k8MPAhkTm3G4LM+QJAhopxsrWrKIkC 4jmb13gDk9JcY6wrZdlA/7IC586xpDBD7xSmi+A+6ngbshoEOTuRdN9F8wYQuD7+yQT0 Mxwxm3yjzTRoKuPGlru81zeNktg9Eq4Lm7vV6crvkCtjISLYsS8cR1DDjUMNuekkoWXk toLnLwb7YPbaKlzc/1ZlQxBVMalVsLKDNxlXbcNMR5+p/ZuXfDYVNw1pdoAoDUoGQbCr JL2Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 13.115.124.170 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com Received: from gw.atmark-techno.com (gw.atmark-techno.com. [13.115.124.170]) by gmr-mx.google.com with ESMTP id k3si293255pll.1.2021.03.19.01.55.47 for ; Fri, 19 Mar 2021 01:55:47 -0700 (PDT) Received-SPF: pass (google.com: domain of dominique.martinet@atmark-techno.com designates 13.115.124.170 as permitted sender) client-ip=13.115.124.170; Received: from gw.atmark-techno.com (localhost [127.0.0.1]) by gw.atmark-techno.com (Postfix) with ESMTP id 21A3B8046A for ; Fri, 19 Mar 2021 17:55:46 +0900 (JST) Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by gw.atmark-techno.com (Postfix) with ESMTPS id D30D88046A for ; Fri, 19 Mar 2021 17:55:45 +0900 (JST) Received: by mail-pg1-f197.google.com with SMTP id j4so24193559pgs.18 for ; Fri, 19 Mar 2021 01:55:45 -0700 (PDT) X-Received: by 2002:a17:90a:f28e:: with SMTP id fs14mr8609322pjb.100.1616144144482; Fri, 19 Mar 2021 01:55:44 -0700 (PDT) X-Received: by 2002:a17:90a:f28e:: with SMTP id fs14mr8609310pjb.100.1616144144322; Fri, 19 Mar 2021 01:55:44 -0700 (PDT) Received: from pc-0115 (117.209.187.35.bc.googleusercontent.com. [35.187.209.117]) by smtp.gmail.com with ESMTPSA id g12sm4535194pjd.57.2021.03.19.01.55.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Mar 2021 01:55:43 -0700 (PDT) Received: from martinet by pc-0115 with local (Exim 4.94) (envelope-from ) id 1lNAv0-004USe-5N; Fri, 19 Mar 2021 17:55:42 +0900 From: Dominique Martinet To: swupdate@googlegroups.com Cc: Dominique Martinet , Christian Storm Subject: [swupdate] [PATCH v2 3/3] core/stream_interface: add free space checks before writing file copies Date: Fri, 19 Mar 2021 17:55:31 +0900 Message-Id: <20210319085531.1070347-3-dominique.martinet@atmark-techno.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210319085531.1070347-1-dominique.martinet@atmark-techno.com> References: <20210319085531.1070347-1-dominique.martinet@atmark-techno.com> MIME-Version: 1.0 X-Original-Sender: dominique.martinet@atmark-techno.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 13.115.124.170 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , copyfile would normally fail with ENOSPC on write, but if we can know beforehand that the file will not fit it is better to error early and not disrupt whatever is running. The check reuses the existing get_output_size() helper which reads the decompressed-size or decrypted-size properties depending on the file type, and is skipped altogether if no size is set (if the file is uncompressed, the size is always its size in the cpio header) No actual check that the decompressed size matches the actual size is made unless the handler requires it later, and this only checks files that are not installed directly. Signed-off-by: Dominique Martinet Cc: Christian Storm Acked-by: Stefano Babic --- Changelog v1 -> v2: - use decompressed/decrypted size properties with the ubivol helper for compatibility - make freebsd use statfs instead of statvfs; looking at linux man page linux is better off with statvfs so I kept the linux code identical to v1. I downloaded a freeBSD image so I will at least compile test this early next week, didn't have time to yet -- I've only gone as far as linux tests (size not set, uncompressed file, compressed file with size set small enough to fit into partition incorrectly or big enough to be caught by statvfs) core/stream_interface.c | 2 ++ core/util.c | 47 +++++++++++++++++++++++++++++++++++++++++ include/util.h | 1 + 3 files changed, 50 insertions(+) diff --git a/core/stream_interface.c b/core/stream_interface.c index d459010886b5..574ed47634cb 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -222,6 +222,8 @@ static int extract_files(int fd, struct swupdate_cfg *software) fdout = openfileoutput(img->extract_file); if (fdout < 0) return -1; + if (!img_check_free_space(img, fdout)) + return -1; if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, img->sha256, false, NULL, NULL) < 0) { close(fdout); return -1; diff --git a/core/util.c b/core/util.c index 0e9ad14d5020..db34d0307699 100644 --- a/core/util.c +++ b/core/util.c @@ -24,6 +24,10 @@ #include #include +#if defined(__linux__) +#include +#endif + #include "swupdate.h" #include "util.h" #include "generated/autoconf.h" @@ -951,3 +955,46 @@ long long get_output_size(struct img_type *img, bool warn) return bytes; } + +static bool check_free_space(int fd, long long size, char *fname) +{ + /* This needs OS-specific implementation because + * linux's statfs f_bsize is optimal IO size vs. statvfs f_bsize fs block size, + * and freeBSD is the opposite... + * As everything else is the same down to field names work around + * this by just defining an alias + */ +#if defined(__FreeBSD__) +#define statvfs statfs +#define fstatvfs fstatfs +#endif +#if defined(__linux__) || defined(__FreeBSD__) + struct statvfs statvfs; + + if (fstatvfs(fd, &statvfs)) { + ERROR("Statfs failed on %s, skipping free space check", fname); + return true; + } + + if (statvfs.f_bfree * statvfs.f_bsize < size) { + ERROR("Not enough free space to extract %s (needed %llu, got %lu)", + fname, size, statvfs.f_bfree * statvfs.f_bsize); + return false; + } +#endif + + return true; +} + +bool img_check_free_space(struct img_type *img, int fd) +{ + long long size; + + size = get_output_size(img, true); + + if (size <= 0) + /* Skip check if no size found */ + return true; + + return check_free_space(fd, size, img->fname); +} diff --git a/include/util.h b/include/util.h index ef487fbed21c..7b5b2a85655d 100644 --- a/include/util.h +++ b/include/util.h @@ -219,6 +219,7 @@ void free_string_array(char **nodes); int read_lines_notify(int fd, char *buf, int buf_size, int *buf_offset, LOGLEVEL level); long long get_output_size(struct img_type *img, bool warn); +bool img_check_free_space(struct img_type *img, int fd); /* Decryption key functions */ int load_decryption_key(char *fname);