| Age | Commit message (Collapse) | Author | 
|---|
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | For some command line flags, the argument string is copied. Simply
writing over the buffer leads to a resource leak if the same flag
is specified on the command line more than once.
This patch adds a free() call to the old buffer before overwriting
it with the new copy.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The existing code sets 'err' to -1 and breaks the readdir loop, but
the error state is never read. This patch modifies the readdir loop
to actualy jump to the error handling branch if readdir fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | What originally cought my attention was that gen_essiv_salt has a
size_t return type and error paths that return -1 on failure.
Further investigation revealed that the error value is never checked
for. The encrypt_block function doesn't use the return value in any
way and simply continues onward.
Furthermore, the gen_essiv_salt function has an error case that emits
an error message but returns success state.
This patch modifes gen_essiv_salt to return an error status in all
error branches, changes the return type to ssize_t and adds a check
to encrypt_block if gen_essiv_salt fails.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Sometimes there's a need to erase the whole device when
programming an image, and not just the area under the
image itself.
Therefore, option -A/--erase-all has been added which
erases the whole device before writing the image.
Signed-off-by: Andrij Abyzov <drolevar@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Using '?' as option did not work, and would be strange to pass anyway,
because it's a glob char for the shell and you would have to escape it
like ./ubihealthd -\? … use the more common -h/--help instead.
Note: this does not touch the output, just changes the options itself.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | `getopt_long()` requires a null terminated array, otherwise we get
segfaults when passing invalid options.
Fixes: 7f0e2dc21fb2 ("ubi-utils: Implement a ubihealthd")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | libubi_close(libubi) is called in the error handler if libubi is null.
Prevent that by handling the error case similar to the other ubi
executables.
Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | ubihealthd is a simple daemon which scans every PEB
of an UBI device in random order.
It helps to deal with read disturb on systems which either
reboot seldom, use fastmap or read few data.
To use this daemon you need Linux >= v5.1.
Signed-off-by: Richard Weinberger <richard@nod.at> | 
|  | This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.
To generate an authenticated image these options are necessary:
--hash-algo=NAME     hash algorithm to use for signed images
                     (Valid options include sha1, sha256, sha512)
--auth-key=FILE      filename or PKCS #11 uri containing the authentication key
                     for signing
--auth-cert=FILE     Authentication certificate filename for signing. Unused
                     when certificate is provided via PKCS #11
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This updates ubifs-media.h to Linux-5.3-rc3 which brings us the bits
and pieces necessary for UBIFS authentication and offline signing.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | "favor_lzo" uses "lzo" unless the space savings when using "zlib" are
big. The current wording got this wrong.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Fix a trivial typo to make sure that zstd.h is included only if
zstd is not disabled.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Support for ZSTD compression has been added recently through the ZSTD
library, which is famously known for its incredibly well designed and
stable API.
This patch removes usage of ZSTD_CLEVEL_DEFAULT, which isn't exposed
in older versions of the ZSTD library, and replaces it with with the
constant parameter 0. According to the documentation this should then
use a reasonable default (which is defined internally).
Other possible approachs include defining ZSTD_CLEVEL_DEFAULT to 3
(the value it _currently_ has) if it isn't defined. This patch chooses
the approach of passing 0 since this seems to be encouraged by the
existing documentation.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | ...specifically -1 in all of the new cases.
Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The value of fm_param should be 'fm_autoconvert' rather than 'fm_auto' when
fastmap is supported by kernel. Currently, following verbose will appear in
dmesg when fm_param is set to 'fm_auto':
  ubi: unknown parameter 'fm_auto' ignored
This patch replace 'fm_auto' with 'fm_autoconvert' for fm_param, so ubi
kernel module can receive correct parameters.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | UBI tests try to create too many volumes in mkvol_bad and mkvol_basic.
Currently mtd-utils allows return value 'ENFILE' from 'ubi_mkvol', that
works fine in most situations. But what if the number of PEBs equals to
the maximum count of volumes? For example, mkvol_basic test will fail in
a 64MiB flash with 512KiB PEB size.
Following is the output of mkvol_basic test:
  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 64MiB, PEB size 512KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  [mkvol_basic] mkvol_multiple():182: function ubi_mkvol() failed with
  error 28 (No space left on device)
  [mkvol_basic] mkvol_multiple():183: vol_id 122
  Error: mkvol_basic failed
  FAILURE
The reason is that there is no available PEB to support a new volume. We
can see following verbose in dmesg:
  ubi0: attached mtd0 (name "mtdram test device", size 64 MiB)
  ubi0: user volume: 0, internal volumes: 1, max. volumes count: 128
  ubi0: available PEBs: 122, total reserved PEBs: 6, PEBs reserved for
  bad PEB handling: 0
The maximum count of volumes is 128, so we can create 128 volumes
theoretically. But there are 122 available PEBs becauese of existence of
reserved PEBs. In addition, a volume occupies at least one PEB. Actually,
we can only create 122 volumes, Therefore, 'ubi_mkvol' returns 'ENOSPC'
when mkvol_basic tries to create 123rd volume. And we can see
corresponding error message in dmesg:
  ubi0 error: ubi_create_volume [ubi]: not enough PEBs, only 0 available
  ubi0 error: ubi_create_volume [ubi]: cannot create volume 122, error -28
So, 'ENOSPC' can happen before 'ENFILE' in flash with a small amount of
PEBs. This patch checks return value 'ENOSPC' for 'ubi_mkvol' when mkvol
test is trying to create too many volumes.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | There are many different offset values passed in 'lseek' during io_read
testing of ubi test. The offset value maybe a negative number or a big
number that exceeds the volume data size, which can lead to ubi tests
failure by passing invalid offset value to 'lseek'. For example:
Example 1: The data size of volume is 39525 bytes, offset = (sz) -
MAX_NAND_PAGE_SIZE - 1, where MAX_NAND_PAGE_SIZE is 65536. Here, offset
is a negative value passed to 'lseek', which leads to fail in io_read.
  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 16MiB, PEB size 16KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  Running mkvol_bad /dev/ubi0
  Running mkvol_paral /dev/ubi0
  Running rsvol /dev/ubi0
  Running io_basic /dev/ubi0
  Running io_read /dev/ubi0
  [io_basic] test_read3():189: function seek() failed with error 22
  (Invalid argument)
  [io_basic] test_read3():190: len = 1
  [io_basic] test_read2():237: offset = -26012
  [io_basic] test_read1():303: length = 1
  [io_basic] test_read():362: alignment = 7905
  Error: io_read failed
  FAILURE
Example 2: The data size of volume is 79035 bytes, offset = 2 *
MAX_NAND_PAGE_SIZE, where MAX_NAND_PAGE_SIZE is 65536. Here, offset is a
value exceeds volume size, which leads to fail in io_read.
  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 16MiB, PEB size 16KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  Running mkvol_bad /dev/ubi0
  Running mkvol_paral /dev/ubi0
  Running rsvol /dev/ubi0
  Running io_basic /dev/ubi0
  Running io_read /dev/ubi0
  [io_basic] test_read3():185: function seek() failed with error 22
  (Invalid argument)
  [io_basic] test_read3():186: len = 1
  [io_basic] test_read2():233: offset = 131072
  [io_basic] test_read1():299: length = 1
  [io_basic] test_read():358: alignment = 3
  Error: io_read failed
  FAILURE
This patch checks offset value before executing 'lseek', invalid offset
values are filtered.
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | 'struct ubi_mkvol_request req' is one parameter of the function 'ubi_mkvol'
, this parameter will be passed to kernel and then be checked. It acts as a
local variable in many ubi tests, such as io_basic, io_read, mkvol_bad,
mkvol_basic, etc.
After commit c355aa465fce ("ubi: expose the volume CRC check skip flag") in
linux-stable, 'struct ubi_mkvol_request' supports a new configuration named
'flags', and req.flags will be checked in kernel function
'verify_mkvol_req'. Currently, there is no initialization for req.flags
before 'ubi_mkvol' invoked. So, req.flags can be an arbitrary number passed
to kernel. When we run ubi tests in qemu (x86_64, kernel image: 5.2.0-rc4),
the following errors may occur:
  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 16MiB, PEB size 16KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  Running mkvol_bad /dev/ubi0
  [mkvol_bad] test_mkvol():105: ubi_mkvol failed with error 22
  (Invalid argument), expected 28 (No space left on device)
  [mkvol_bad] test_mkvol():105: bytes = 16060929
  Error: mkvol_bad failed
  FAILURE
This patch fully initializes every 'struct ubi_mkvol_request req' passed to
'ubi_mkvol', which can fix the bug that the ubi test failed caused by that
req.flags was not initialized. And it is still compatible with old kernel
before kernel commit c355aa465fce ("ubi: expose the volume CRC check skip
flag").
----------------------------------------
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | I added ZSTD support to mkfs.ubifs and compared the ZSTD results with
zlib/lzo and the available ZSTD compression levels. The results are in
the following table:
Comp    image MiB        time  image2 MiB        time
none          271   0m 0,723s         223   0m 0,589s
lzo           164   0m13,705s         116   0m11,636s
zlib          150   0m 7,654s         103   0m 6,347s
favor-lzo     158   0m21,137s         110   0m17,764s
zstd-01       154   0m 1,607s         106   0m 1,429s
zstd-02       153   0m 1,704s         105   0m 1,479s
zstd-03*      152   0m 1,888s         104   0m 1,668s
zstd-04       151   0m 2,741s         103   0m 2,391s
zstd-05       150   0m 3,257s         102   0m 2,916s
zstd-06       150   0m 3,735s         102   0m 3,356s
zstd-07       150   0m 4,066s         102   0m 3,705s
zstd-08       152   0m 1,857s         104   0m 1,644s
zstd-09       152   0m 1,855s         104   0m 1,639s
zstd-10       150   0m 6,654s         102   0m 6,195s
zstd-11       150   0m10,027s         102   0m 9,130s
zstd-12       149   0m14,724s         101   0m13,415s
zstd-13       148   0m18,232s         100   0m16,719s
zstd-14       148   0m20,859s         100   0m19,554s
zstd-15       148   0m25,033s         100   0m23,186s
zstd-16       148   0m38,837s         100   0m36,543s
zstd-17       148   0m46,051s         100   0m43,120s
zstd-18       148   0m49,157s         100   0m45,807s
zstd-19       148   0m49,421s         100   0m45,951s
zstd-20       148   0m51,271s         100   0m48,030s
zstd-21       148   0m51,015s         100   0m48,676s
zstd-22       148   0m52,575s         100   0m50,013s
The UBIFS image was created via
  mkfs.ubifs -x $Comp -m 512 -e 128KiB -c 2200 -r $image $out
I used "debootstrap sid" to create a basic RFS and the results are in
the `image' column. The image2 column denotes the results for the same
image but with .deb files removed.
The time column contains the output of the run time of the command.
ZSTD's compression level three is currently default. Based on the
compression results (for the default level) it outperforms LZO in
run time and compression and is almost as good as ZLIB in terms of
compression but quicker.
The higher compression levels make almost no difference in compression
but take a lot of time.
The compression level used is the default offered by ZSTD. It does not
make sense the higher levels.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Image sequence number for the UBI header can be specified for the
ubiformat tool according to the documentation and the help message for
ubiformat. The CLI option --image-seq for image sequence number is not
supported. -Q option for image sequence number is silently ignored.
This patch adds the CLI support for image sequence number.
Signed-off-by: Amol Vengurlekar <amol.sven@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The function insert_biterror should be designed to insert error at
the first '1' bit starting at offset byte.
But now, only bit 7 of each byte is checked, because checking mask
is always 0x80.
So, do right shift for checking mask after each checking to check
the whole 8 bits of each bytes.
Signed-off-by: Xiaolei Li <xiaolei.li@mediatek.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The unittest suite actually makes use of some _GNU extensions during the
build (loff_t for example). So lets enable this in the makefile.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The test library for the mtd unit tests include various type's and
macro's that officially live in fcntl. Each file and header should
always properly include what they use, so lets add the fcntl headers.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The macro _IOC_SIZE is not part of sys/ioctl.h but lives in asm/ioctl.h
so we should include the proper header. If we do not, some systems
complain during linking that they cannot find the symbol _IOC_SIZE()
which was not expanded by the pre-compiler.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Commit a767dd30 added a check to add_inode that bails when trying to
store extra data in anything other than a symlink. The symlink
encryption support added by that commit relies on the assumption.
Unfortionately it was overlooked that device special files also store
the device number as additional data in the inode. The check added in
commit a767dd30 broke support for device files in mkfs.ubifs.
This commit adds a quick and dirty fix, moving the check into the
fscrypt branch, breaking only the fscrypt version but restoring old
functionality for unencrypted file systems.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Exclude openssl headers when WITH_CRYPTO is not defined.
Fixes this build failure:
In file included from ubifs-utils/mkfs.ubifs/mkfs.ubifs.c:25:0:
ubifs-utils/mkfs.ubifs/mkfs.ubifs.h:49:10: fatal error: openssl/rand.h: No such file or directory
 #include <openssl/rand.h>
          ^~~~~~~~~~~~~~~~
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | flashcp was always showing 0% progress due to incorrect
printf format specifier.
Signed-off-by: Andrij Abyzov <drolevar@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | In inode_add_xattr(), it malloc a buffer for name, and then passes
the bufffer ptr to add_xattr(). The ptr will be used to create a new
idx_entry in add_to_index().
However, inode_add_xattr() will free the buffer before return.
which can cause double free in write_index(): free(idx_ptr[i]->name)
*** Error in `./mkfs.ubifs': double free or corruption (fasttop): 0x0000000000aae220 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7cbac)[0x7f4881ff5bac]
/lib64/libc.so.6(+0x87a59)[0x7f4882000a59]
/lib64/libc.so.6(cfree+0x16e)[0x7f48820063be]
./mkfs.ubifs[0x402fbf]
/lib64/libc.so.6(__libc_start_main+0xea)[0x7f4881f9988a]
./mkfs.ubifs[0x40356a]
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | When we create a ubi image by ubinize, a UBI_LAYOUT_VOLUME_ID
volume will be created by ubigen_write_layout_vol().
However, after the commit 4c00cf2c5816 (ubiformat: remove
no-volume-table option), ubiformat remove novtbl args in format().
As a result, it will also create a layout volume.
When we attempt to do ubiattach, it will fail for ubi_compare_lebs error:
ubi0 error: ubi_compare_lebs: unsupported on-flash UBI format
ubi0 error: ubi_attach_mtd_dev: failed to attach mtd1, error -22
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | AES-256-XTS is the default since dd0d9c623e22 ("mkfs.ubifs: Use AES-256-XTS as default"),
we want that to be correctly reflected in the help output as well.
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Encryption and compression are not friends.
Enable compression in encryption mode only if the user explicitly
sets a compressor.
Signed-off-by: Richard Weinberger <richard@nod.at>
Tested-by: Heiko Schocher <hsdenx.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | compr_size has to be in LE16.
Signed-off-by: Richard Weinberger <richard@nod.at>
Tested-by: Heiko Schocher <hsdenx.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | We need to check for AES being in 128-cbc mode and not 256-cbc.
fscrypt supports only 128-cbc and 256-xts so far.
Signed-off-by: Richard Weinberger <richard@nod.at>
Tested-by: Heiko Schocher <hsdenx.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | AES-128-CBC should only being used when 256-XTS is too slow
on low end hardware.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | fscryptctl reads up to FS_MAX_KEY_SIZE bytes from the source key
to compute the descriptor.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | normsg() sucks.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | ...if none is given. To be compatible with fscryptctl.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | In XTS mode we don't need ESSIV, just use the block number
as tweak.
Also apply EVP_EncryptFinal().
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | This works currently by chance since the sizes match, but
that might change with different cipher setups.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | No longer hard code AES-128-CBC, we support AES-256-XTS too.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | The key length can be very long, for example in xts mode.
So we have to use the right sizes for block and iv lengths.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 
|  | Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at> |