Age | Commit message (Collapse) | Author |
|
The concept of erase blocks doesn't apply to mtd-ram devices. Such
devices set MTD_NO_ERASE to indicate this and some report 0 for the
erase block size. Avoid a divide by zero when calculating the erase
block count for such devices.
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The "need_getrandom" check and result is used only for the "ubihealthd".
This tool is very important to have it around at run-time, while the
corresponding "mkfs.ubifs" tool is still optional (think about offline
generated ubifs images).
Since compiling "mkfs.ubifs" adds more dependencies (various shared
libraries), buildsystems for embedded devices will add these shared
libraries to the root filesystem even if "mkfs.ubifs" isn't used or
installed.
Thus, handling both tools independently makes sense. The previous behavior
is kept, e.g. if UBIFS support is enabled, it enables "ubihealthd" as well.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This abstracts away attaching of the right ubi and then selecting the right
ubi device and volume to mount.
As described in the comment at the top this allows to mount ubifs volumes
directly from /etc/fstab without having to use hardcoded numbers (which
depend on mount order and so are unreliable) and extra magic to care for
attaching.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Especially for the pkcs11 engine, a configuration is required
because the provider has to be configured.
Its not clear why OPENSSL_no_config() is called.
Remove OPENSSL_no_config() and call OPENSSL_config(NULL)
instead.
Signed-off-by: Torben Hohn <torben.hohn@linutronix.de>
Signed-off-by: Bastian Germann <bage@linutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The nandflipbits tool is intended to be used when one need to flip one or
several specific bits on a NAND media.
It can be useful to manually recover from an unexpected bit flip on a flash
device, though the main purpose of this tool is to provide a way to test
ECC algorithms robustness.
One typical example I used this tool for is testing HW ECC engines behavior
when bitflips occur in an erased page: most HW engines do not correctly
handle this case, because, most of the time, ECC bits generated for an
empty page are not all 1s, and, empty page detection embedded in such
engines is only validating that all bits are set to 1s (which is not true
when a bit-flip has occurred).
Another use of this tool is replacing nandbiterrs test which
absolutely do not work with MLC-like chips because of the rewriting of
the pages in raw mode to toggle ones into zeroes.
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
[miquel: Took Boris' work from 2014, addressed comments from Brian made
in 2015, updated it, tested more extensively and fixed issues]
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
8f627247f6("mtd-utils: move libmtd source files to lib/ subdirectory")
removed fectest.c from the build system 10 years ago. Add it again.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
In v2.1.0, SELinux support was introduced. It never compiled with ubifs
because it uses the old add_xattr signature that also changed in v2.1.0
with a1bd316e23("mkfs.ubifs: Implement fscrypto context store as xattr").
Add the ubifs_ino_node and name to the call and remove the nm that is
contructed in the new function version.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
default paths
Signed-off-by: Rolf Eike Beer <eb@emlix.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The sign.h header added by the authentication patch set was omitted
from the automake file and thus not added to the distribution tarball.
The resulting tarballs were unable to be compiled.
Fixes: a739b59 ("mkfs.ubifs: Add authentication support")
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
First, there is no option named of X509_OPTION. It was presumably
changed during development to AUTH_CERT_OPTION. This commit fixes
the name in the !WITH_CRYPTO branch.
Similarly, '}' got moved into the WITH_CRYPTO branch, but not into
else branch, resulting in tons of errors if fscrypt is disabled.
This commit pulls it back out of both branches.
Fixes: a739b59e ("mkfs.ubifs: Add authentication support")
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This commit fixes some uses of strncpy that could leave the destination
buffer unterminated.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The function reads file data into a buffer and then checks if we
actually are at the end-of-file by trying to read one more byte.
For whatever reason, the code uses an int instead of a char. It's
not pretty but works. But again, this is something that every
static analysis tool barks at.
Further more, the error messages are inverted. "We aren't at EOF yet"
is printed on failure and something like "read error %m" is printed
on success.
This patch fixes all of the above.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Some temporary buffers are allocated with "sizeof(pointer) * count" as
size argument, which cannot possibly be correct.
Assuming what was meant was "sizeof(pointer[0]) * count" makes sense
in the context of how the buffers are used, but is actually pretty
pointless, since the buffers are unsigend char.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This patch modifies the internal helpers to read and parse integers
from sysfs files by initializing them first and removes turns an
obscure "a = open(...) if (a >= 0) {...} if (a == -1) {...}" inside
recv_image into a more straight forward if/else branch.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This patch restructures various code parts that follow the pattern
of "stat(x, &sb) ... makes_sense(&sb) ... open(x)".
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Many tools open a file descriptor, close it a the end and have some
form of error path in between that jumps to the end.
In some cases, if opening the file fails the error path is taken and
the utility ends up closing one or more invalid file descriptors. It's
technically not a real issue but something that pretty much any static
analysis tool barks at.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubi.h includes ubi-media.h which was made private in the kernel a
long time ago. There are users of libubi.h, e.g. swupdate, which have to
have ubi-media.h available at build time with this inclusion.
However, libubi.h uses only one symbol from ubi-media.h. Define that symbol
in the header to enable using libubi.h without installing ubi-media.h.
Make up for the transitive symbol use in ubiformat.c by including ubi-media.h.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubigen.h does not use any symbol from mtd/ubi-media.h,
so remove it from includes.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This changeset fixes a feature regression in ubiformat. Older versions of
ubiformat, when invoked with a flash-image, would return 0 in the case no error
was encountered. Upon upgrading to latest, it was discovered that ubiformat
returned 255 even without encountering an error condition.
This changeset corrects the above issue and causes ubiformat, when given an
image file, to return 0 when no errors are detected.
Tested by running through my loading scripts and verifying ubiformat returned
0.
Signed-off-by: Barry Grussling <barry@grussling.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
There are flashes which have gaps between OTP regions and flashes where
the regions don't start at 0 (for example the Winbond 25Q series, which
has three 256 bytes OTP regions starting at 0x1000, 0x2000 and 0x3000).
At the moment it is impossible to dump the OTP memory. Fix it by passing
an optional offset parameter.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The ubihealthd depends on sys/random.h , which is not present on some
older systems. Build ubihealthd only if sys/random.h is present.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The value 0 is a valid file descriptor. The existing error handling
would not only treat that as an error, but subsequently leak the
file descriptor in the error handling path.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The existing code had multiple error handling labels and did things
like checking if a buffer is not NULL before freeing it.
This patch collapses all of this into a single label. We can do this,
because the standard guarantees us that it is safe to call free() with
a NULL pointer.
This also has the side effect of removing the possibility of using the
wrong error label and accidentally leaking something.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
For some command line flags, the argument string is copied. Simply
writing over the buffer leads to a resource leak if the same flag
is specified on the command line more than once.
This patch adds a free() call to the old buffer before overwriting
it with the new copy.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The original code had a 'goto out_close' directly after a return error
code, which is obviously not what was intended.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
For some command line flags, the argument string is copied. Simply
writing over the buffer leads to a resource leak if the same flag
is specified on the command line more than once.
This patch adds a free() call to the old buffer before overwriting
it with the new copy.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The existing code sets 'err' to -1 and breaks the readdir loop, but
the error state is never read. This patch modifies the readdir loop
to actualy jump to the error handling branch if readdir fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
What originally cought my attention was that gen_essiv_salt has a
size_t return type and error paths that return -1 on failure.
Further investigation revealed that the error value is never checked
for. The encrypt_block function doesn't use the return value in any
way and simply continues onward.
Furthermore, the gen_essiv_salt function has an error case that emits
an error message but returns success state.
This patch modifes gen_essiv_salt to return an error status in all
error branches, changes the return type to ssize_t and adds a check
to encrypt_block if gen_essiv_salt fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Sometimes there's a need to erase the whole device when
programming an image, and not just the area under the
image itself.
Therefore, option -A/--erase-all has been added which
erases the whole device before writing the image.
Signed-off-by: Andrij Abyzov <drolevar@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Using '?' as option did not work, and would be strange to pass anyway,
because it's a glob char for the shell and you would have to escape it
like ./ubihealthd -\? … use the more common -h/--help instead.
Note: this does not touch the output, just changes the options itself.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
`getopt_long()` requires a null terminated array, otherwise we get
segfaults when passing invalid options.
Fixes: 7f0e2dc21fb2 ("ubi-utils: Implement a ubihealthd")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
libubi_close(libubi) is called in the error handler if libubi is null.
Prevent that by handling the error case similar to the other ubi
executables.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
ubihealthd is a simple daemon which scans every PEB
of an UBI device in random order.
It helps to deal with read disturb on systems which either
reboot seldom, use fastmap or read few data.
To use this daemon you need Linux >= v5.1.
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME hash algorithm to use for signed images
(Valid options include sha1, sha256, sha512)
--auth-key=FILE filename or PKCS #11 uri containing the authentication key
for signing
--auth-cert=FILE Authentication certificate filename for signing. Unused
when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This updates ubifs-media.h to Linux-5.3-rc3 which brings us the bits
and pieces necessary for UBIFS authentication and offline signing.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|