From patchwork Wed May 9 09:57:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eugen Hristev X-Patchwork-Id: 910726 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=microchip.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 40gsLM4nv1z9s2t for ; Wed, 9 May 2018 20:00:43 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 1515BC220AF; Wed, 9 May 2018 10:00:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5516AC21E60; Wed, 9 May 2018 10:00:38 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 318AEC21E60; Wed, 9 May 2018 10:00:37 +0000 (UTC) Received: from esa6.microchip.iphmx.com (esa6.microchip.iphmx.com [216.71.154.253]) by lists.denx.de (Postfix) with ESMTPS id 2FBA8C21C3F for ; Wed, 9 May 2018 10:00:36 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.49,381,1520924400"; d="scan'208";a="11344656" Received: from smtpout.microchip.com (HELO email.microchip.com) ([198.175.253.82]) by esa6.microchip.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 May 2018 03:00:34 -0700 Received: from eh-station.mchp-main.com (10.10.76.4) by chn-sv-exch03.mchp-main.com (10.10.76.49) with Microsoft SMTP Server id 14.3.352.0; Wed, 9 May 2018 03:00:33 -0700 From: Eugen Hristev To: Date: Wed, 9 May 2018 12:57:35 +0300 Message-ID: <1525859855-9173-1-git-send-email-eugen.hristev@microchip.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Cc: nicolas.ferre@microchip.com, Tom Rini , =?utf-8?q?Stefan_Br=C3=BCns?= Subject: [U-Boot] [PATCH] fs: ext4: fix crash on ext4ls X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Found a crash while issuing ext4ls with a non-existent directory. Crash test: => ext4ls mmc 0 1 ** Can not find directory. ** data abort pc : [<3fd7c2ec>] lr : [<3fd93ed8>] reloc pc : [<26f142ec>] lr : [<26f2bed8>] sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370 r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68 r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002 Flags: nZCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig) Looks like crash is introduced by commit: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Issue is that dirnode is not initialized, and then freed if the call to ext4_ls fails. ext4_ls will not change the value of dirnode in this case thus we have a crash with data abort. I added initialization and a check for dirname being NULL. Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Cc: Stefan BrĂ¼ns Cc: Tom Rini Signed-off-by: Eugen Hristev --- Hello, Regarding this fix, I am not sure if we actually need to free the node, but according to commit "fa9ca8a" , it was added to fix Coverity case. So, I decided to keep the free call under if statement if variable is NULL. If a different fix is required, please advise and I can change and resend. Thanks ! fs/ext4/ext4fs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c index 4b36a3e..2a28031 100644 --- a/fs/ext4/ext4fs.c +++ b/fs/ext4/ext4fs.c @@ -164,7 +164,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, int ext4fs_ls(const char *dirname) { - struct ext2fs_node *dirnode; + struct ext2fs_node *dirnode = NULL; int status; if (dirname == NULL) @@ -174,7 +174,8 @@ int ext4fs_ls(const char *dirname) FILETYPE_DIRECTORY); if (status != 1) { printf("** Can not find directory. **\n"); - ext4fs_free_node(dirnode, &ext4fs_root->diropen); + if (dirnode) + ext4fs_free_node(dirnode, &ext4fs_root->diropen); return 1; }