From nobody Sat Feb  7 07:09:40 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+99142+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99142+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1674811795; cv=none;
	d=zohomail.com; s=zohoarc;
	b=b30fFL1YhCL4u5GORJ/ClDJJ/N+MfSEhHBwqmbuJtk+qwhNmXSQoG4RSS0J2Hl4QwAEPCaDQm9EK/8Ul9KSDOAr7u1h8Bjw2Cmp+aGSItOrrhTLW0MHuf95M7yP5jOqCdDeEIppWJ8BSuBBVAldlBHjhNZKPzSgRTXQuwY0V4iU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1674811795;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=6UoRfhl1z6zNMKxktXbjEXkuzyCm48lRax/gDvIJswc=;
	b=kG0D+8gdBCduu2VUbbdNBo/xXwo+7OgH9VrsRONX9knqFKDwePqqHYNs0I6LCvKnUGFujG190fTvs1MwPjoL5cu/I6ETwSEuSbcJKSY8B+igi7B1QUGS7Ey8QbCFOszAPBxKR5Rnad4Z20AwztnU6QIh9Y8YkhybaDV8zekTbXE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99142+1787277+3901457@groups.io;
	dmarc=fail header.from=<savvamtr@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1674811795476797.2286019128658;
 Fri, 27 Jan 2023 01:29:55 -0800 (PST)
Return-Path: <bounce+27952+99142+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id jPPRYY1788612xX1yuDga0sO;
 Fri, 27 Jan 2023 01:29:55 -0800
X-Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com
 [209.85.167.41])
 by mx.groups.io with SMTP id smtpd.web10.98480.1674811793804468085
 for <devel@edk2.groups.io>;
 Fri, 27 Jan 2023 01:29:54 -0800
X-Received: by mail-lf1-f41.google.com with SMTP id v17so1309963lfd.7
        for <devel@edk2.groups.io>; Fri, 27 Jan 2023 01:29:53 -0800 (PST)
X-Gm-Message-State: YYyQmKXB7MRaeyxCB9DXcPicx1787277AA=
X-Google-Smtp-Source: 
 AMrXdXvn1v+YYCFY25nwCK1x+xq+dGtbWTvVJ++dkaVcWYBB3WWOLxjteQlHrfwUQEbG5J7B7VdGaA==
X-Received: by 2002:ac2:55b0:0:b0:4d5:5b50:f8f0 with SMTP id
 y16-20020ac255b0000000b004d55b50f8f0mr10356242lfg.46.1674811791890;
        Fri, 27 Jan 2023 01:29:51 -0800 (PST)
X-Received: from localhost.localdomain ([176.62.67.29])
        by smtp.gmail.com with ESMTPSA id
 t11-20020a056512068b00b004cc8196a308sm229071lfe.98.2023.01.27.01.29.51
        (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
        Fri, 27 Jan 2023 01:29:51 -0800 (PST)
From: "Savva Mitrofanov" <savvamtr@gmail.com>
To: devel@edk2.groups.io
Cc: =?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>,
	Pedro Falcato <pedro.falcato@gmail.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [edk2-platforms][PATCH v3 05/11] Ext4Pkg: Fix shift out
 of bounds in Ext4OpenSuperblock
Date: Fri, 27 Jan 2023 15:29:39 +0600
Message-Id: <20230127092945.94389-6-savvamtr@gmail.com>
In-Reply-To: <20230127092945.94389-1-savvamtr@gmail.com>
References: <20230127092945.94389-1-savvamtr@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,savvamtr@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1674811795;
 bh=KP2SKZL4plVxpj05loIeeLP/4FAgT+E+HCvaXzqKk4s=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=cgV4O+EG08WV0xQ4VjF/zaWOO4dZ2jbT9J5SW5JALhvCwzCe56Bx17UYTvWtKbHcc3f
 KoDdBSq1MvZ51SzAHfaY558K7oS4n2bwKj9iu0h2PANPZZ+mcxKeiysDCs6Uk14xDLLXB
 liAhDUyGqpK1H0LLVplErQcwZsepEH8saq8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1674811796648100023
Content-Type: text/plain; charset="utf-8"

Missing check for wrong s_log_block_size exponent leads to shift out of
bounds. Limit block size to 2 MiB

Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
Cc: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Fixes: d9ceedca6c8f ("Ext4Pkg: Add Ext4Dxe driver.")
Signed-off-by: Savva Mitrofanov <savvamtr@gmail.com>
Reviewed-by: Marvin H=C3=A4user <mhaeuser@posteo.de>
Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
---
 Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h    | 14 ++++++++++++++
 Features/Ext4Pkg/Ext4Dxe/Superblock.c |  5 +++++
 2 files changed, 19 insertions(+)

diff --git a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h b/Features/Ext4Pkg/Ext4Dxe/=
Ext4Dxe.h
index 2e489ce4dd86..a23323319a59 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
+++ b/Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h
@@ -40,6 +40,20 @@
 #define EXT4_EFI_PATH_MAX    4096

 #define EXT4_DRIVER_VERSION  0x0000

=20

+//

+// The EXT4 Specification doesn't strictly limit block size and this value=
 could be up to 2^31,

+// but in practice it is limited by PAGE_SIZE due to performance significa=
nt impact.

+// Many EXT4 implementations have size of block limited to PAGE_SIZE. In m=
any cases it's limited

+// to 4096, which is a commonly supported page size on most MMU-capable ha=
rdware, and up to 65536.

+// So, to take a balance between compatibility and security measures, it i=
s decided to use the

+// value of 2MiB as the limit, which is equal to page size on new hardware.

+// As for supporting big block sizes, EXT4 has a RO_COMPAT_FEATURE called =
BIGALLOC, which changes

+// EXT4 to use clustered allocation, so that each bit in the ext4 block al=
location bitmap addresses

+// a power of two number of blocks. So it would be wiser to implement and =
use this feature

+// if there is such a need instead of big block size.

+//

+#define EXT4_LOG_BLOCK_SIZE_MAX  11

+

 /**

    Opens an ext4 partition and installs the Simple File System protocol.

=20

diff --git a/Features/Ext4Pkg/Ext4Dxe/Superblock.c b/Features/Ext4Pkg/Ext4D=
xe/Superblock.c
index be3527e4d618..3f56de93c105 100644
--- a/Features/Ext4Pkg/Ext4Dxe/Superblock.c
+++ b/Features/Ext4Pkg/Ext4Dxe/Superblock.c
@@ -248,6 +248,11 @@ Ext4OpenSuperblock (
     return EFI_VOLUME_CORRUPTED;

   }

=20

+  if (Sb->s_log_block_size > EXT4_LOG_BLOCK_SIZE_MAX) {

+    DEBUG ((DEBUG_ERROR, "[ext4] SuperBlock s_log_block_size %lu is too bi=
g\n", Sb->s_log_block_size));

+    return EFI_UNSUPPORTED;

+  }

+

   Partition->BlockSize =3D (UINT32)LShiftU64 (1024, Sb->s_log_block_size);

=20

   // The size of a block group can also be calculated as 8 * Partition->Bl=
ockSize

--=20
2.39.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99142): https://edk2.groups.io/g/devel/message/99142
Mute This Topic: https://groups.io/mt/96562695/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-