From nobody Mon Feb  9 16:51:39 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97266+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97266+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1670856427; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gFDJ3VKyjkvazE9msMs6JRDJWDCO7nLTSle44JBSBwbN/e3GHNNucrwVIMTIMR02NIoVoSh+GLyoRqOPNodCTw/L8liV0GgvCwa1Wm3BfFHuS59w79xy7u860FF/2lN4WmZFL/EPbjy9M6YN/C3RKkzQZKvgyuC7+X8N/6dTKLU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670856427;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=9M63b23P2F4wl+BRnMiugC2bp8Z2crJAFLhg1hxvsyg=;
	b=Xkx7Y3uUM5uLbuIn7l4VYqemy/7ROANAfNk3DZEP//fta6kcP1End5QlO9HQ7VgRU3bcfiQb28OZtwIfd06U1RLc+PSUcN9aj4OdMkN7ECgLZEVtPzMH+BjqWv9R77g69azzbPz9pNKMisOLtBlSv6TO6QO+VR5SazkjzzCoOuk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+97266+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1670856427437177.64137518820155;
 Mon, 12 Dec 2022 06:47:07 -0800 (PST)
Return-Path: <bounce+27952+97266+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id TWscYY1788612xuV7eC5iBVA;
 Mon, 12 Dec 2022 06:47:06 -0800
X-Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com
 [209.85.167.53])
 by mx.groups.io with SMTP id smtpd.web11.45003.1670856424392905373
 for <devel@edk2.groups.io>;
 Mon, 12 Dec 2022 06:47:06 -0800
X-Received: by mail-lf1-f53.google.com with SMTP id p36so18957318lfa.12
        for <devel@edk2.groups.io>; Mon, 12 Dec 2022 06:47:05 -0800 (PST)
X-Gm-Message-State: PVpUzr6mMcmREwCtywu9Ujmgx1787277AA=
X-Google-Smtp-Source: 
 AA0mqf5ra5gAQLyRTXs5HX42VD9Mc0W+kes90AqqAS/cNOWANBeL1wL9mQ/B6lPXrBjmszoqsIFYaQ==
X-Received: by 2002:a05:6512:2293:b0:4b5:5dea:ec68 with SMTP id
 f19-20020a056512229300b004b55deaec68mr5656846lfu.44.1670856424845;
        Mon, 12 Dec 2022 06:47:04 -0800 (PST)
X-Received: from localhost.localdomain ([77.221.215.144])
        by smtp.gmail.com with ESMTPSA id
 t4-20020a056512030400b0049c29292250sm1643313lfp.149.2022.12.12.06.47.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Dec 2022 06:47:04 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v2 06/11] Ext4Pkg: Add inode
 number validity check
Date: Mon, 12 Dec 2022 20:46:49 +0600
Message-Id: <20221212144654.2650-7-savvamtr@gmail.com>
In-Reply-To: <20221212144654.2650-1-savvamtr@gmail.com>
References: <20221212144654.2650-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1670856426;
 bh=A4Ldssa0ol/RQUeoojnZ+5+a0/YR2xAWmHX2TsieAks=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=Ic4wzvCDE4y8sugHavBh3VKzuIRumRxH4sgyFmeQcpb6eZBw30vvNp59aD536pigfyF
 +NpHIwZQpdfMC4ePYgZp4n4Wu4moueaZoPQe4LiwbmnMB1wTPgBbJL348MnhJTrd4W7cB
 /ZzSieYfKhirtWuKJfUc1N9uJcMZ31enN6s=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1670856428294100024
Content-Type: text/plain; charset="utf-8"

We need to validate inode number to prevent possible null-pointer
dereference of directory parent in Ext4OpenDirent. Also checks that
inode number valid across opened partition before we read it in
Ext4ReadInode.

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h   | 15 +++++++++---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 25 ++++++++++++++++++++
 Features/Ext4Pkg/Ext4Dxe/BlockGroup.c |  5 ++++
 Features/Ext4Pkg/Ext4Dxe/Directory.c  | 10 ++++++++
 4 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h b/Features/Ext4Pkg/Ext4Dxe=
/Ext4Disk.h
index 1285644dcb25..6b56ce6813fc 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h
@@ -397,7 +397,7 @@ typedef struct _Ext4Inode {
   UINT32       i_projid;

 } EXT4_INODE;

=20

-#define EXT4_NAME_MAX 255

+#define EXT4_NAME_MAX  255

=20

 typedef struct {

   UINT32    inode;

@@ -469,8 +469,17 @@ typedef UINT64  EXT4_BLOCK_NR;
 typedef UINT32  EXT2_BLOCK_NR;

 typedef UINT32  EXT4_INO_NR;

=20

-// 2 is always the root inode number in ext4

-#define EXT4_ROOT_INODE_NR  2

+/* Special inode numbers */

+#define EXT4_ROOT_INODE_NR         2

+#define EXT4_USR_QUOTA_INODE_NR    3

+#define EXT4_GRP_QUOTA_INODE_NR    4

+#define EXT4_BOOT_LOADER_INODE_NR  5

+#define EXT4_UNDEL_DIR_INODE_NR    6

+#define EXT4_RESIZE_INODE_NR       7

+#define EXT4_JOURNAL_INODE_NR      8

+

+/* First non-reserved inode for old ext4 filesystems */

+#define EXT4_GOOD_OLD_FIRST_INODE_NR  11

=20

 #define EXT4_BLOCK_FILE_HOLE  0

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index 81ba568c5947..beceb9d60dcb 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -287,6 +287,31 @@ Ext4GetBlockGroupDesc (
   IN UINT32          BlockGroup

   );

=20

+/**

+   Retrieves the first usable non-reserved inode number from the superblock

+   of the opened partition.

+

+   @param[in]  Partition      Pointer to the opened ext4 partition.

+

+   @return The first usable inode number (non-reserved).

+**/

+#define EXT4_FIRST_INODE_NR(Partition)                                    =
     \

+  ((Partition->SuperBlock.s_rev_level =3D=3D EXT4_GOOD_OLD_REV) ?         =
         \

+         EXT4_GOOD_OLD_FIRST_INODE_NR :                                   =
     \

+         Partition->SuperBlock.s_first_ino)

+

+/**

+   Checks inode number validity across superblock of the opened partition.

+

+   @param[in]  Partition      Pointer to the opened ext4 partition.

+

+   @return TRUE if inode number is valid.

+**/

+#define EXT4_IS_VALID_INODE_NR(Partition, InodeNum)                       =
     \

+  (InodeNum =3D=3D EXT4_ROOT_INODE_NR ||                                  =
         \

+        (InodeNum >=3D EXT4_FIRST_INODE_NR(Partition) &&                  =
       \

+         InodeNum <=3D Partition->SuperBlock.s_inodes_count))

+

 /**

    Reads an inode from disk.

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c b/Features/Ext4Pkg/Ext4D=
xe/BlockGroup.c
index cba96cd95afc..f34cdc5dbad7 100644
--- a/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
+++ b/Features/Ext4Pkg/Ext4Dxe/BlockGroup.c
@@ -50,6 +50,11 @@ Ext4ReadInode (
   EXT4_BLOCK_NR          InodeTableStart;

   EFI_STATUS             Status;

=20

+  if (!EXT4_IS_VALID_INODE_NR (Partition, InodeNum)) {

+    DEBUG ((DEBUG_ERROR, "[ext4] Error reading inode: inode number %lu isn=
't valid\n", InodeNum));

+    return EFI_VOLUME_CORRUPTED;

+  }

+

   BlockGroupNumber =3D (UINT32)DivU64x64Remainder (

                                InodeNum - 1,

                                Partition->SuperBlock.s_inodes_per_group,

diff --git a/Features/Ext4Pkg/Ext4Dxe/Directory.c b/Features/Ext4Pkg/Ext4Dx=
e/Directory.c
index ffc0e8043076..ff476c8641e8 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Directory.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Directory.c
@@ -163,6 +163,10 @@ Ext4RetrieveDirent (
       if (Entry->inode =3D=3D 0) {

         BlockOffset +=3D Entry->rec_len;

         continue;

+      } else if (!EXT4_IS_VALID_INODE_NR (Partition, Entry->inode)) {

+        DEBUG ((DEBUG_ERROR, "[ext4] Ext4RetrieveDirent directory entry in=
ode number %u isn't valid\n", Entry->inode));

+        Status =3D EFI_VOLUME_CORRUPTED;

+        goto Out;

       }

=20

       Status =3D Ext4GetUcs2DirentName (Entry, DirentUcs2Name);

@@ -498,6 +502,12 @@ Ext4ReadDir (
     // When inode =3D 0, it's unused.

     ShouldSkip =3D Entry.inode =3D=3D 0 || IsDotOrDotDot;

=20

+    if ((Entry.inode !=3D 0) && !EXT4_IS_VALID_INODE_NR (Partition, Entry.=
inode)) {

+      DEBUG ((DEBUG_ERROR, "[ext4] Ext4ReadDir directory entry inode numbe=
r %u isn't valid\n", Entry.inode));

+      Status =3D EFI_VOLUME_CORRUPTED;

+      goto Out;

+    }

+

     if (ShouldSkip) {

       Offset +=3D Entry.rec_len;

       continue;

--=20
2.38.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97266): https://edk2.groups.io/g/devel/message/97266
Mute This Topic: https://groups.io/mt/95622334/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-