1. Patchew
  2. EDK2
  3. [edk2-devel] [edk2-platforms][PATCH v3 00/11] Ext4Pkg: Code correctness and security improvements
  4. View patch

[edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock

Savva Mitrofanov posted 11 patches 3 years ago
There is a newer version of this series
[edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
Posted by Savva Mitrofanov 3 years ago 
Missing check for wrong s_log_block_size exponent leads to shift out of
bounds. Limit block size to 2 MiB

Cc: Marvin Häuser <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
 Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
 2 files changed, 19 insertions(+)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
index 2e489ce4dd86..a23323319a59 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -40,6 +40,20 @@
 #define EXT4_EFI_PATH_MAX    4096

 #define EXT4_DRIVER_VERSION  0x0000

 

+//

+// The EXT4 Specification doesn't strictly limit block size and this value could be up to 2^31,

+// but in practice it is limited by PAGE_SIZE due to performance significant impact.

+// Many EXT4 implementations have size of block limited to PAGE_SIZE. In many cases it's limited

+// to 4096, which is a commonly supported page size on most MMU-capable hardware, and up to 65536.

+// So, to take a balance between compatibility and security measures, it is decided to use the

+// value of 2MiB as the limit, which is equal to page size on new hardware.

+// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called BIGALLOC, which changes

+// EXT4 to use clustered allocation, so that each bit in the ext4 block allocation bitmap addresses

+// a power of two number of blocks. So it would be wiser to implement and use this feature

+// if there is such a need instead of big block size.

+//

+#define EXT4_LOG_BLOCK_SIZE_MAX  11

+

 /**

    Opens an ext4 partition and installs the Simple File System protocol.

 

diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
index be3527e4d618..3f56de93c105 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
@@ -248,6 +248,11 @@ Ext4OpenSuperblock (
     return EFI_VOLUME_CORRUPTED;

   }

 

+  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {

+    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too big\n", Sb->s_log_block_size));

+    return EFI_UNSUPPORTED;

+  }

+

   Partition->BlockSize = (UINT32)LShiftU64 (1024, Sb->s_log_block_size);

 

   // The size of a block group can also be calculated as 8 * Partition->BlockSize

-- 
2.39.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99142): https://edk2.groups.io/g/devel/message/99142
Mute This Topic: https://groups.io/mt/96562695/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
Posted by Pedro Falcato 3 years ago 
On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov <savvamtr@gmail.com> wrote:
>
> Missing check for wrong s_log_block_size exponent leads to shift out of
> bounds. Limit block size to 2 MiB
>
> Cc: Marvin Häuser <mhaeuser@posteo.de>
> Cc: Pedro Falcato <pedro.falcato@gmail.com>
> Cc: Vitaly Cheptsov <vit9696@protonmail.com>
> Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
> Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
> ---
>  Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
>  Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
>  2 files changed, 19 insertions(+)
>
> diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
> index 2e489ce4dd86..a23323319a59 100644
> --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
> +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
> @@ -40,6 +40,20 @@
>  #define EXT4_EFI_PATH_MAX    4096
>  #define EXT4_DRIVER_VERSION  0x0000
>
> +//
> +// The EXT4 Specification doesn't strictly limit block size and this value could be up to 2^31,
> +// but in practice it is limited by PAGE_SIZE due to performance significant impact.
> +// Many EXT4 implementations have size of block limited to PAGE_SIZE. In many cases it's limited
> +// to 4096, which is a commonly supported page size on most MMU-capable hardware, and up to 65536.
> +// So, to take a balance between compatibility and security measures, it is decided to use the
> +// value of 2MiB as the limit, which is equal to page size on new hardware.
Nit: s/page size/large page size/
I can change this for you when pushing, no need for a v4 on this one.
> +// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called BIGALLOC, which changes
> +// EXT4 to use clustered allocation, so that each bit in the ext4 block allocation bitmap addresses
> +// a power of two number of blocks. So it would be wiser to implement and use this feature
> +// if there is such a need instead of big block size.
> +//
> +#define EXT4_LOG_BLOCK_SIZE_MAX  11
> +
>  /**
>     Opens an ext4 partition and installs the Simple File System protocol.
>
> diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
> index be3527e4d618..3f56de93c105 100644
> --- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
> +++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
> @@ -248,6 +248,11 @@ Ext4OpenSuperblock (
>      return EFI_VOLUME_CORRUPTED;
>    }
>
> +  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {
> +    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too big\n", Sb->s_log_block_size));
> +    return EFI_UNSUPPORTED;
> +  }
> +
>    Partition->BlockSize = (UINT32)LShiftU64 (1024, Sb->s_log_block_size);
>
>    // The size of a block group can also be calculated as 8 * Partition->BlockSize
> --
> 2.39.0
>

Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>

-- 
Pedro


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99166): https://edk2.groups.io/g/devel/message/99166
Mute This Topic: https://groups.io/mt/96562695/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
Posted by Savva Mitrofanov 3 years ago 
Thanks, I corrected this in the referenced repository fork.
Will be included in v4.

> On 27 Jan 2023, at 20:22, Pedro Falcato <pedro.falcato@gmail.com> wrote:
> 
> On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov <savvamtr@gmail.com> wrote:
>> 
>> Missing check for wrong s_log_block_size exponent leads to shift out of
>> bounds. Limit block size to 2 MiB
>> 
>> Cc: Marvin Häuser <mhaeuser@posteo.de>
>> Cc: Pedro Falcato <pedro.falcato@gmail.com>
>> Cc: Vitaly Cheptsov <vit9696@protonmail.com>
>> Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
>> Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
>> ---
>> Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
>> Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
>> 2 files changed, 19 insertions(+)
>> 
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> index 2e489ce4dd86..a23323319a59 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> @@ -40,6 +40,20 @@
>> #define EXT4_EFI_PATH_MAX    4096
>> #define EXT4_DRIVER_VERSION  0x0000
>> 
>> +//
>> +// The EXT4 Specification doesn't strictly limit block size and this value could be up to 2^31,
>> +// but in practice it is limited by PAGE_SIZE due to performance significant impact.
>> +// Many EXT4 implementations have size of block limited to PAGE_SIZE. In many cases it's limited
>> +// to 4096, which is a commonly supported page size on most MMU-capable hardware, and up to 65536.
>> +// So, to take a balance between compatibility and security measures, it is decided to use the
>> +// value of 2MiB as the limit, which is equal to page size on new hardware.
> Nit: s/page size/large page size/
> I can change this for you when pushing, no need for a v4 on this one.
>> +// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called BIGALLOC, which changes
>> +// EXT4 to use clustered allocation, so that each bit in the ext4 block allocation bitmap addresses
>> +// a power of two number of blocks. So it would be wiser to implement and use this feature
>> +// if there is such a need instead of big block size.
>> +//
>> +#define EXT4_LOG_BLOCK_SIZE_MAX  11
>> +
>> /**
>>    Opens an ext4 partition and installs the Simple File System protocol.
>> 
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> index be3527e4d618..3f56de93c105 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> @@ -248,6 +248,11 @@ Ext4OpenSuperblock (
>>     return EFI_VOLUME_CORRUPTED;
>>   }
>> 
>> +  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {
>> +    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too big\n", Sb->s_log_block_size));
>> +    return EFI_UNSUPPORTED;
>> +  }
>> +
>>   Partition->BlockSize = (UINT32)LShiftU64 (1024, Sb->s_log_block_size);
>> 
>>   // The size of a block group can also be calculated as 8 * Partition->BlockSize
>> --
>> 2.39.0
>> 
> 
> Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
> 
> -- 
> Pedro



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99180): https://edk2.groups.io/g/devel/message/99180
Mute This Topic: https://groups.io/mt/96562695/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock
Posted by Marvin Häuser 3 years ago 
Reviewed-by: Marvin Häuser <mhaeuser@posteo.de>

> On 27. Jan 2023, at 15:22, Pedro Falcato <pedro.falcato@gmail.com> wrote:
> 
> On Fri, Jan 27, 2023 at 9:29 AM Savva Mitrofanov <savvamtr@gmail.com <mailto:savvamtr@gmail.com>> wrote:
>> 
>> Missing check for wrong s_log_block_size exponent leads to shift out of
>> bounds. Limit block size to 2 MiB
>> 
>> Cc: Marvin Häuser <mhaeuser@posteo.de>
>> Cc: Pedro Falcato <pedro.falcato@gmail.com>
>> Cc: Vitaly Cheptsov <vit9696@protonmail.com>
>> Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
>> Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
>> ---
>> Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
>> Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
>> 2 files changed, 19 insertions(+)
>> 
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> index 2e489ce4dd86..a23323319a59 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
>> @@ -40,6 +40,20 @@
>> #define EXT4_EFI_PATH_MAX    4096
>> #define EXT4_DRIVER_VERSION  0x0000
>> 
>> +//
>> +// The EXT4 Specification doesn't strictly limit block size and this value could be up to 2^31,
>> +// but in practice it is limited by PAGE_SIZE due to performance significant impact.
>> +// Many EXT4 implementations have size of block limited to PAGE_SIZE. In many cases it's limited
>> +// to 4096, which is a commonly supported page size on most MMU-capable hardware, and up to 65536.
>> +// So, to take a balance between compatibility and security measures, it is decided to use the
>> +// value of 2MiB as the limit, which is equal to page size on new hardware.
> Nit: s/page size/large page size/
> I can change this for you when pushing, no need for a v4 on this one.
>> +// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called BIGALLOC, which changes
>> +// EXT4 to use clustered allocation, so that each bit in the ext4 block allocation bitmap addresses
>> +// a power of two number of blocks. So it would be wiser to implement and use this feature
>> +// if there is such a need instead of big block size.
>> +//
>> +#define EXT4_LOG_BLOCK_SIZE_MAX  11
>> +
>> /**
>>    Opens an ext4 partition and installs the Simple File System protocol.
>> 
>> diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> index be3527e4d618..3f56de93c105 100644
>> --- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> +++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
>> @@ -248,6 +248,11 @@ Ext4OpenSuperblock (
>>     return EFI_VOLUME_CORRUPTED;
>>   }
>> 
>> +  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {
>> +    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too big\n", Sb->s_log_block_size));
>> +    return EFI_UNSUPPORTED;
>> +  }
>> +
>>   Partition->BlockSize = (UINT32)LShiftU64 (1024, Sb->s_log_block_size);
>> 
>>   // The size of a block group can also be calculated as 8 * Partition->BlockSize
>> --
>> 2.39.0
>> 
> 
> Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com <mailto:pedro.falcato@gmail.com>>
> 
> -- 
> Pedro



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99167): https://edk2.groups.io/g/devel/message/99167
Mute This Topic: https://groups.io/mt/96562695/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.