Age | Commit message (Collapse) | Author |
|
First, there is no option named of X509_OPTION. It was presumably
changed during development to AUTH_CERT_OPTION. This commit fixes
the name in the !WITH_CRYPTO branch.
Similarly, '}' got moved into the WITH_CRYPTO branch, but not into
else branch, resulting in tons of errors if fscrypt is disabled.
This commit pulls it back out of both branches.
Fixes: a739b59e ("mkfs.ubifs: Add authentication support")
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This commit fixes some uses of strncpy that could leave the destination
buffer unterminated.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The function reads file data into a buffer and then checks if we
actually are at the end-of-file by trying to read one more byte.
For whatever reason, the code uses an int instead of a char. It's
not pretty but works. But again, this is something that every
static analysis tool barks at.
Further more, the error messages are inverted. "We aren't at EOF yet"
is printed on failure and something like "read error %m" is printed
on success.
This patch fixes all of the above.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Some temporary buffers are allocated with "sizeof(pointer) * count" as
size argument, which cannot possibly be correct.
Assuming what was meant was "sizeof(pointer[0]) * count" makes sense
in the context of how the buffers are used, but is actually pretty
pointless, since the buffers are unsigend char.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This patch modifies the internal helpers to read and parse integers
from sysfs files by initializing them first and removes turns an
obscure "a = open(...) if (a >= 0) {...} if (a == -1) {...}" inside
recv_image into a more straight forward if/else branch.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This patch restructures various code parts that follow the pattern
of "stat(x, &sb) ... makes_sense(&sb) ... open(x)".
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Many tools open a file descriptor, close it a the end and have some
form of error path in between that jumps to the end.
In some cases, if opening the file fails the error path is taken and
the utility ends up closing one or more invalid file descriptors. It's
technically not a real issue but something that pretty much any static
analysis tool barks at.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubi.h includes ubi-media.h which was made private in the kernel a
long time ago. There are users of libubi.h, e.g. swupdate, which have to
have ubi-media.h available at build time with this inclusion.
However, libubi.h uses only one symbol from ubi-media.h. Define that symbol
in the header to enable using libubi.h without installing ubi-media.h.
Make up for the transitive symbol use in ubiformat.c by including ubi-media.h.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubigen.h does not use any symbol from mtd/ubi-media.h,
so remove it from includes.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This changeset fixes a feature regression in ubiformat. Older versions of
ubiformat, when invoked with a flash-image, would return 0 in the case no error
was encountered. Upon upgrading to latest, it was discovered that ubiformat
returned 255 even without encountering an error condition.
This changeset corrects the above issue and causes ubiformat, when given an
image file, to return 0 when no errors are detected.
Tested by running through my loading scripts and verifying ubiformat returned
0.
Signed-off-by: Barry Grussling <barry@grussling.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
There are flashes which have gaps between OTP regions and flashes where
the regions don't start at 0 (for example the Winbond 25Q series, which
has three 256 bytes OTP regions starting at 0x1000, 0x2000 and 0x3000).
At the moment it is impossible to dump the OTP memory. Fix it by passing
an optional offset parameter.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The ubihealthd depends on sys/random.h , which is not present on some
older systems. Build ubihealthd only if sys/random.h is present.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The value 0 is a valid file descriptor. The existing error handling
would not only treat that as an error, but subsequently leak the
file descriptor in the error handling path.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The existing code had multiple error handling labels and did things
like checking if a buffer is not NULL before freeing it.
This patch collapses all of this into a single label. We can do this,
because the standard guarantees us that it is safe to call free() with
a NULL pointer.
This also has the side effect of removing the possibility of using the
wrong error label and accidentally leaking something.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
For some command line flags, the argument string is copied. Simply
writing over the buffer leads to a resource leak if the same flag
is specified on the command line more than once.
This patch adds a free() call to the old buffer before overwriting
it with the new copy.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The original code had a 'goto out_close' directly after a return error
code, which is obviously not what was intended.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
For some command line flags, the argument string is copied. Simply
writing over the buffer leads to a resource leak if the same flag
is specified on the command line more than once.
This patch adds a free() call to the old buffer before overwriting
it with the new copy.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The existing code sets 'err' to -1 and breaks the readdir loop, but
the error state is never read. This patch modifies the readdir loop
to actualy jump to the error handling branch if readdir fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
What originally cought my attention was that gen_essiv_salt has a
size_t return type and error paths that return -1 on failure.
Further investigation revealed that the error value is never checked
for. The encrypt_block function doesn't use the return value in any
way and simply continues onward.
Furthermore, the gen_essiv_salt function has an error case that emits
an error message but returns success state.
This patch modifes gen_essiv_salt to return an error status in all
error branches, changes the return type to ssize_t and adds a check
to encrypt_block if gen_essiv_salt fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Sometimes there's a need to erase the whole device when
programming an image, and not just the area under the
image itself.
Therefore, option -A/--erase-all has been added which
erases the whole device before writing the image.
Signed-off-by: Andrij Abyzov <drolevar@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Using '?' as option did not work, and would be strange to pass anyway,
because it's a glob char for the shell and you would have to escape it
like ./ubihealthd -\? … use the more common -h/--help instead.
Note: this does not touch the output, just changes the options itself.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
`getopt_long()` requires a null terminated array, otherwise we get
segfaults when passing invalid options.
Fixes: 7f0e2dc21fb2 ("ubi-utils: Implement a ubihealthd")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubi_close(libubi) is called in the error handler if libubi is null.
Prevent that by handling the error case similar to the other ubi
executables.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
ubihealthd is a simple daemon which scans every PEB
of an UBI device in random order.
It helps to deal with read disturb on systems which either
reboot seldom, use fastmap or read few data.
To use this daemon you need Linux >= v5.1.
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME hash algorithm to use for signed images
(Valid options include sha1, sha256, sha512)
--auth-key=FILE filename or PKCS #11 uri containing the authentication key
for signing
--auth-cert=FILE Authentication certificate filename for signing. Unused
when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This updates ubifs-media.h to Linux-5.3-rc3 which brings us the bits
and pieces necessary for UBIFS authentication and offline signing.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
"favor_lzo" uses "lzo" unless the space savings when using "zlib" are
big. The current wording got this wrong.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Fix a trivial typo to make sure that zstd.h is included only if
zstd is not disabled.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Support for ZSTD compression has been added recently through the ZSTD
library, which is famously known for its incredibly well designed and
stable API.
This patch removes usage of ZSTD_CLEVEL_DEFAULT, which isn't exposed
in older versions of the ZSTD library, and replaces it with with the
constant parameter 0. According to the documentation this should then
use a reasonable default (which is defined internally).
Other possible approachs include defining ZSTD_CLEVEL_DEFAULT to 3
(the value it _currently_ has) if it isn't defined. This patch chooses
the approach of passing 0 since this seems to be encouraged by the
existing documentation.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
...specifically -1 in all of the new cases.
Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The value of fm_param should be 'fm_autoconvert' rather than 'fm_auto' when
fastmap is supported by kernel. Currently, following verbose will appear in
dmesg when fm_param is set to 'fm_auto':
ubi: unknown parameter 'fm_auto' ignored
This patch replace 'fm_auto' with 'fm_autoconvert' for fm_param, so ubi
kernel module can receive correct parameters.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
UBI tests try to create too many volumes in mkvol_bad and mkvol_basic.
Currently mtd-utils allows return value 'ENFILE' from 'ubi_mkvol', that
works fine in most situations. But what if the number of PEBs equals to
the maximum count of volumes? For example, mkvol_basic test will fail in
a 64MiB flash with 512KiB PEB size.
Following is the output of mkvol_basic test:
======================================================================
======================================================================
======================================================================
Test on mtdram, fastmap enabled, VID header offset factor 1
======================================================================
======================================================================
======================================================================
mtdram: 64MiB, PEB size 512KiB, fastmap enabled
Running mkvol_basic /dev/ubi0
[mkvol_basic] mkvol_multiple():182: function ubi_mkvol() failed with
error 28 (No space left on device)
[mkvol_basic] mkvol_multiple():183: vol_id 122
Error: mkvol_basic failed
FAILURE
The reason is that there is no available PEB to support a new volume. We
can see following verbose in dmesg:
ubi0: attached mtd0 (name "mtdram test device", size 64 MiB)
ubi0: user volume: 0, internal volumes: 1, max. volumes count: 128
ubi0: available PEBs: 122, total reserved PEBs: 6, PEBs reserved for
bad PEB handling: 0
The maximum count of volumes is 128, so we can create 128 volumes
theoretically. But there are 122 available PEBs becauese of existence of
reserved PEBs. In addition, a volume occupies at least one PEB. Actually,
we can only create 122 volumes, Therefore, 'ubi_mkvol' returns 'ENOSPC'
when mkvol_basic tries to create 123rd volume. And we can see
corresponding error message in dmesg:
ubi0 error: ubi_create_volume [ubi]: not enough PEBs, only 0 available
ubi0 error: ubi_create_volume [ubi]: cannot create volume 122, error -28
So, 'ENOSPC' can happen before 'ENFILE' in flash with a small amount of
PEBs. This patch checks return value 'ENOSPC' for 'ubi_mkvol' when mkvol
test is trying to create too many volumes.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
There are many different offset values passed in 'lseek' during io_read
testing of ubi test. The offset value maybe a negative number or a big
number that exceeds the volume data size, which can lead to ubi tests
failure by passing invalid offset value to 'lseek'. For example:
Example 1: The data size of volume is 39525 bytes, offset = (sz) -
MAX_NAND_PAGE_SIZE - 1, where MAX_NAND_PAGE_SIZE is 65536. Here, offset
is a negative value passed to 'lseek', which leads to fail in io_read.
======================================================================
======================================================================
======================================================================
Test on mtdram, fastmap enabled, VID header offset factor 1
======================================================================
======================================================================
======================================================================
mtdram: 16MiB, PEB size 16KiB, fastmap enabled
Running mkvol_basic /dev/ubi0
Running mkvol_bad /dev/ubi0
Running mkvol_paral /dev/ubi0
Running rsvol /dev/ubi0
Running io_basic /dev/ubi0
Running io_read /dev/ubi0
[io_basic] test_read3():189: function seek() failed with error 22
(Invalid argument)
[io_basic] test_read3():190: len = 1
[io_basic] test_read2():237: offset = -26012
[io_basic] test_read1():303: length = 1
[io_basic] test_read():362: alignment = 7905
Error: io_read failed
FAILURE
Example 2: The data size of volume is 79035 bytes, offset = 2 *
MAX_NAND_PAGE_SIZE, where MAX_NAND_PAGE_SIZE is 65536. Here, offset is a
value exceeds volume size, which leads to fail in io_read.
======================================================================
======================================================================
======================================================================
Test on mtdram, fastmap enabled, VID header offset factor 1
======================================================================
======================================================================
======================================================================
mtdram: 16MiB, PEB size 16KiB, fastmap enabled
Running mkvol_basic /dev/ubi0
Running mkvol_bad /dev/ubi0
Running mkvol_paral /dev/ubi0
Running rsvol /dev/ubi0
Running io_basic /dev/ubi0
Running io_read /dev/ubi0
[io_basic] test_read3():185: function seek() failed with error 22
(Invalid argument)
[io_basic] test_read3():186: len = 1
[io_basic] test_read2():233: offset = 131072
[io_basic] test_read1():299: length = 1
[io_basic] test_read():358: alignment = 3
Error: io_read failed
FAILURE
This patch checks offset value before executing 'lseek', invalid offset
values are filtered.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
'struct ubi_mkvol_request req' is one parameter of the function 'ubi_mkvol'
, this parameter will be passed to kernel and then be checked. It acts as a
local variable in many ubi tests, such as io_basic, io_read, mkvol_bad,
mkvol_basic, etc.
After commit c355aa465fce ("ubi: expose the volume CRC check skip flag") in
linux-stable, 'struct ubi_mkvol_request' supports a new configuration named
'flags', and req.flags will be checked in kernel function
'verify_mkvol_req'. Currently, there is no initialization for req.flags
before 'ubi_mkvol' invoked. So, req.flags can be an arbitrary number passed
to kernel. When we run ubi tests in qemu (x86_64, kernel image: 5.2.0-rc4),
the following errors may occur:
======================================================================
======================================================================
======================================================================
Test on mtdram, fastmap enabled, VID header offset factor 1
======================================================================
======================================================================
======================================================================
mtdram: 16MiB, PEB size 16KiB, fastmap enabled
Running mkvol_basic /dev/ubi0
Running mkvol_bad /dev/ubi0
[mkvol_bad] test_mkvol():105: ubi_mkvol failed with error 22
(Invalid argument), expected 28 (No space left on device)
[mkvol_bad] test_mkvol():105: bytes = 16060929
Error: mkvol_bad failed
FAILURE
This patch fully initializes every 'struct ubi_mkvol_request req' passed to
'ubi_mkvol', which can fix the bug that the ubi test failed caused by that
req.flags was not initialized. And it is still compatible with old kernel
before kernel commit c355aa465fce ("ubi: expose the volume CRC check skip
flag").
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
I added ZSTD support to mkfs.ubifs and compared the ZSTD results with
zlib/lzo and the available ZSTD compression levels. The results are in
the following table:
Comp image MiB time image2 MiB time
none 271 0m 0,723s 223 0m 0,589s
lzo 164 0m13,705s 116 0m11,636s
zlib 150 0m 7,654s 103 0m 6,347s
favor-lzo 158 0m21,137s 110 0m17,764s
zstd-01 154 0m 1,607s 106 0m 1,429s
zstd-02 153 0m 1,704s 105 0m 1,479s
zstd-03* 152 0m 1,888s 104 0m 1,668s
zstd-04 151 0m 2,741s 103 0m 2,391s
zstd-05 150 0m 3,257s 102 0m 2,916s
zstd-06 150 0m 3,735s 102 0m 3,356s
zstd-07 150 0m 4,066s 102 0m 3,705s
zstd-08 152 0m 1,857s 104 0m 1,644s
zstd-09 152 0m 1,855s 104 0m 1,639s
zstd-10 150 0m 6,654s 102 0m 6,195s
zstd-11 150 0m10,027s 102 0m 9,130s
zstd-12 149 0m14,724s 101 0m13,415s
zstd-13 148 0m18,232s 100 0m16,719s
zstd-14 148 0m20,859s 100 0m19,554s
zstd-15 148 0m25,033s 100 0m23,186s
zstd-16 148 0m38,837s 100 0m36,543s
zstd-17 148 0m46,051s 100 0m43,120s
zstd-18 148 0m49,157s 100 0m45,807s
zstd-19 148 0m49,421s 100 0m45,951s
zstd-20 148 0m51,271s 100 0m48,030s
zstd-21 148 0m51,015s 100 0m48,676s
zstd-22 148 0m52,575s 100 0m50,013s
The UBIFS image was created via
mkfs.ubifs -x $Comp -m 512 -e 128KiB -c 2200 -r $image $out
I used "debootstrap sid" to create a basic RFS and the results are in
the `image' column. The image2 column denotes the results for the same
image but with .deb files removed.
The time column contains the output of the run time of the command.
ZSTD's compression level three is currently default. Based on the
compression results (for the default level) it outperforms LZO in
run time and compression and is almost as good as ZLIB in terms of
compression but quicker.
The higher compression levels make almost no difference in compression
but take a lot of time.
The compression level used is the default offered by ZSTD. It does not
make sense the higher levels.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Image sequence number for the UBI header can be specified for the
ubiformat tool according to the documentation and the help message for
ubiformat. The CLI option --image-seq for image sequence number is not
supported. -Q option for image sequence number is silently ignored.
This patch adds the CLI support for image sequence number.
Signed-off-by: Amol Vengurlekar <amol.sven@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|