On Tue, May 17, 2022 at 10:45:28PM +0200, Pali Rohár wrote:
> Commit b1a14f8a1c2e ("UBIFS: Change ubifsload to not read beyond the
> requested size") added optimization to do not read more bytes than it is
> really needed. But this commit introduced incorrect handling of the hole at
> the end of file. This logic cause U-Boot to crash or lockup when trying to
> read from the ubifs filesystem.
>
> When read_block() call returns -ENOENT error (not an error, but the hole)
> then dn-> structure is not filled and contain garbage. So using of dn->size
> for memcpy() argument cause that U-Boot tries to copy unspecified amount of
> bytes from possible unmapped memory. Which randomly cause lockup of P2020
> CPU.
>
> Fix this issue by copying UBIFS_BLOCK_SIZE bytes from read buffer when
> dn->size is not available. UBIFS_BLOCK_SIZE is the size of the buffer
> itself and read_block() fills buffer by zeros when it returns -ENOENT.
>
> This patch fixes ubifsload on P2020.
>
> Fixes: b1a14f8a1c2e ("UBIFS: Change ubifsload to not read beyond the
> requested size")
> Signed-off-by: Pali Rohár <p...@kernel.org>
> Reviewed-by: Stefan Roese <s...@denx.de>Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
