master.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * This file is part of UBIFS.
  4. *
  5. * Copyright (C) 2006-2008 Nokia Corporation.
  6. *
  7. * Authors: Artem Bityutskiy (Битюцкий Артём)
  8. * Adrian Hunter
  9. */
  10. /* This file implements reading and writing the master node */
  11. #include "ubifs.h"
  12. /**
  13. * ubifs_compare_master_node - compare two UBIFS master nodes
  14. * @c: UBIFS file-system description object
  15. * @m1: the first node
  16. * @m2: the second node
  17. *
  18. * This function compares two UBIFS master nodes. Returns 0 if they are equal
  19. * and nonzero if not.
  20. */
  21. int ubifs_compare_master_node(struct ubifs_info *c, void *m1, void *m2)
  22. {
  23. int ret;
  24. int behind;
  25. int hmac_offs = offsetof(struct ubifs_mst_node, hmac);
  26. /*
  27. * Do not compare the common node header since the sequence number and
  28. * hence the CRC are different.
  29. */
  30. ret = memcmp(m1 + UBIFS_CH_SZ, m2 + UBIFS_CH_SZ,
  31. hmac_offs - UBIFS_CH_SZ);
  32. if (ret)
  33. return ret;
  34. /*
  35. * Do not compare the embedded HMAC as well which also must be different
  36. * due to the different common node header.
  37. */
  38. behind = hmac_offs + UBIFS_MAX_HMAC_LEN;
  39. if (UBIFS_MST_NODE_SZ > behind)
  40. return memcmp(m1 + behind, m2 + behind, UBIFS_MST_NODE_SZ - behind);
  41. return 0;
  42. }
  43. /* mst_node_check_hash - Check hash of a master node
  44. * @c: UBIFS file-system description object
  45. * @mst: The master node
  46. * @expected: The expected hash of the master node
  47. *
  48. * This checks the hash of a master node against a given expected hash.
  49. * Note that we have two master nodes on a UBIFS image which have different
  50. * sequence numbers and consequently different CRCs. To be able to match
  51. * both master nodes we exclude the common node header containing the sequence
  52. * number and CRC from the hash.
  53. *
  54. * Returns 0 if the hashes are equal, a negative error code otherwise.
  55. */
  56. static int mst_node_check_hash(const struct ubifs_info *c,
  57. const struct ubifs_mst_node *mst,
  58. const u8 *expected)
  59. {
  60. u8 calc[UBIFS_MAX_HASH_LEN];
  61. const void *node = mst;
  62. int ret;
  63. ret = crypto_shash_tfm_digest(c->hash_tfm, node + sizeof(struct ubifs_ch),
  64. UBIFS_MST_NODE_SZ - sizeof(struct ubifs_ch),
  65. calc);
  66. if (ret)
  67. return ret;
  68. if (ubifs_check_hash(c, expected, calc))
  69. return -EPERM;
  70. return 0;
  71. }
  72. /**
  73. * scan_for_master - search the valid master node.
  74. * @c: UBIFS file-system description object
  75. *
  76. * This function scans the master node LEBs and search for the latest master
  77. * node. Returns zero in case of success, %-EUCLEAN if there master area is
  78. * corrupted and requires recovery, and a negative error code in case of
  79. * failure.
  80. */
  81. static int scan_for_master(struct ubifs_info *c)
  82. {
  83. struct ubifs_scan_leb *sleb;
  84. struct ubifs_scan_node *snod;
  85. int lnum, offs = 0, nodes_cnt, err;
  86. lnum = UBIFS_MST_LNUM;
  87. sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1);
  88. if (IS_ERR(sleb))
  89. return PTR_ERR(sleb);
  90. nodes_cnt = sleb->nodes_cnt;
  91. if (nodes_cnt > 0) {
  92. snod = list_entry(sleb->nodes.prev, struct ubifs_scan_node,
  93. list);
  94. if (snod->type != UBIFS_MST_NODE)
  95. goto out_dump;
  96. memcpy(c->mst_node, snod->node, snod->len);
  97. offs = snod->offs;
  98. }
  99. ubifs_scan_destroy(sleb);
  100. lnum += 1;
  101. sleb = ubifs_scan(c, lnum, 0, c->sbuf, 1);
  102. if (IS_ERR(sleb))
  103. return PTR_ERR(sleb);
  104. if (sleb->nodes_cnt != nodes_cnt)
  105. goto out;
  106. if (!sleb->nodes_cnt)
  107. goto out;
  108. snod = list_entry(sleb->nodes.prev, struct ubifs_scan_node, list);
  109. if (snod->type != UBIFS_MST_NODE)
  110. goto out_dump;
  111. if (snod->offs != offs)
  112. goto out;
  113. if (ubifs_compare_master_node(c, c->mst_node, snod->node))
  114. goto out;
  115. c->mst_offs = offs;
  116. ubifs_scan_destroy(sleb);
  117. if (!ubifs_authenticated(c))
  118. return 0;
  119. if (ubifs_hmac_zero(c, c->mst_node->hmac)) {
  120. err = mst_node_check_hash(c, c->mst_node,
  121. c->sup_node->hash_mst);
  122. if (err)
  123. ubifs_err(c, "Failed to verify master node hash");
  124. } else {
  125. err = ubifs_node_verify_hmac(c, c->mst_node,
  126. sizeof(struct ubifs_mst_node),
  127. offsetof(struct ubifs_mst_node, hmac));
  128. if (err)
  129. ubifs_err(c, "Failed to verify master node HMAC");
  130. }
  131. if (err)
  132. return -EPERM;
  133. return 0;
  134. out:
  135. ubifs_scan_destroy(sleb);
  136. return -EUCLEAN;
  137. out_dump:
  138. ubifs_err(c, "unexpected node type %d master LEB %d:%d",
  139. snod->type, lnum, snod->offs);
  140. ubifs_scan_destroy(sleb);
  141. return -EINVAL;
  142. }
  143. /**
  144. * validate_master - validate master node.
  145. * @c: UBIFS file-system description object
  146. *
  147. * This function validates data which was read from master node. Returns zero
  148. * if the data is all right and %-EINVAL if not.
  149. */
  150. static int validate_master(const struct ubifs_info *c)
  151. {
  152. long long main_sz;
  153. int err;
  154. if (c->max_sqnum >= SQNUM_WATERMARK) {
  155. err = 1;
  156. goto out;
  157. }
  158. if (c->cmt_no >= c->max_sqnum) {
  159. err = 2;
  160. goto out;
  161. }
  162. if (c->highest_inum >= INUM_WATERMARK) {
  163. err = 3;
  164. goto out;
  165. }
  166. if (c->lhead_lnum < UBIFS_LOG_LNUM ||
  167. c->lhead_lnum >= UBIFS_LOG_LNUM + c->log_lebs ||
  168. c->lhead_offs < 0 || c->lhead_offs >= c->leb_size ||
  169. c->lhead_offs & (c->min_io_size - 1)) {
  170. err = 4;
  171. goto out;
  172. }
  173. if (c->zroot.lnum >= c->leb_cnt || c->zroot.lnum < c->main_first ||
  174. c->zroot.offs >= c->leb_size || c->zroot.offs & 7) {
  175. err = 5;
  176. goto out;
  177. }
  178. if (c->zroot.len < c->ranges[UBIFS_IDX_NODE].min_len ||
  179. c->zroot.len > c->ranges[UBIFS_IDX_NODE].max_len) {
  180. err = 6;
  181. goto out;
  182. }
  183. if (c->gc_lnum >= c->leb_cnt || c->gc_lnum < c->main_first) {
  184. err = 7;
  185. goto out;
  186. }
  187. if (c->ihead_lnum >= c->leb_cnt || c->ihead_lnum < c->main_first ||
  188. c->ihead_offs % c->min_io_size || c->ihead_offs < 0 ||
  189. c->ihead_offs > c->leb_size || c->ihead_offs & 7) {
  190. err = 8;
  191. goto out;
  192. }
  193. main_sz = (long long)c->main_lebs * c->leb_size;
  194. if (c->bi.old_idx_sz & 7 || c->bi.old_idx_sz >= main_sz) {
  195. err = 9;
  196. goto out;
  197. }
  198. if (c->lpt_lnum < c->lpt_first || c->lpt_lnum > c->lpt_last ||
  199. c->lpt_offs < 0 || c->lpt_offs + c->nnode_sz > c->leb_size) {
  200. err = 10;
  201. goto out;
  202. }
  203. if (c->nhead_lnum < c->lpt_first || c->nhead_lnum > c->lpt_last ||
  204. c->nhead_offs < 0 || c->nhead_offs % c->min_io_size ||
  205. c->nhead_offs > c->leb_size) {
  206. err = 11;
  207. goto out;
  208. }
  209. if (c->ltab_lnum < c->lpt_first || c->ltab_lnum > c->lpt_last ||
  210. c->ltab_offs < 0 ||
  211. c->ltab_offs + c->ltab_sz > c->leb_size) {
  212. err = 12;
  213. goto out;
  214. }
  215. if (c->big_lpt && (c->lsave_lnum < c->lpt_first ||
  216. c->lsave_lnum > c->lpt_last || c->lsave_offs < 0 ||
  217. c->lsave_offs + c->lsave_sz > c->leb_size)) {
  218. err = 13;
  219. goto out;
  220. }
  221. if (c->lscan_lnum < c->main_first || c->lscan_lnum >= c->leb_cnt) {
  222. err = 14;
  223. goto out;
  224. }
  225. if (c->lst.empty_lebs < 0 || c->lst.empty_lebs > c->main_lebs - 2) {
  226. err = 15;
  227. goto out;
  228. }
  229. if (c->lst.idx_lebs < 0 || c->lst.idx_lebs > c->main_lebs - 1) {
  230. err = 16;
  231. goto out;
  232. }
  233. if (c->lst.total_free < 0 || c->lst.total_free > main_sz ||
  234. c->lst.total_free & 7) {
  235. err = 17;
  236. goto out;
  237. }
  238. if (c->lst.total_dirty < 0 || (c->lst.total_dirty & 7)) {
  239. err = 18;
  240. goto out;
  241. }
  242. if (c->lst.total_used < 0 || (c->lst.total_used & 7)) {
  243. err = 19;
  244. goto out;
  245. }
  246. if (c->lst.total_free + c->lst.total_dirty +
  247. c->lst.total_used > main_sz) {
  248. err = 20;
  249. goto out;
  250. }
  251. if (c->lst.total_dead + c->lst.total_dark +
  252. c->lst.total_used + c->bi.old_idx_sz > main_sz) {
  253. err = 21;
  254. goto out;
  255. }
  256. if (c->lst.total_dead < 0 ||
  257. c->lst.total_dead > c->lst.total_free + c->lst.total_dirty ||
  258. c->lst.total_dead & 7) {
  259. err = 22;
  260. goto out;
  261. }
  262. if (c->lst.total_dark < 0 ||
  263. c->lst.total_dark > c->lst.total_free + c->lst.total_dirty ||
  264. c->lst.total_dark & 7) {
  265. err = 23;
  266. goto out;
  267. }
  268. return 0;
  269. out:
  270. ubifs_err(c, "bad master node at offset %d error %d", c->mst_offs, err);
  271. ubifs_dump_node(c, c->mst_node, c->mst_node_alsz);
  272. return -EINVAL;
  273. }
  274. /**
  275. * ubifs_read_master - read master node.
  276. * @c: UBIFS file-system description object
  277. *
  278. * This function finds and reads the master node during file-system mount. If
  279. * the flash is empty, it creates default master node as well. Returns zero in
  280. * case of success and a negative error code in case of failure.
  281. */
  282. int ubifs_read_master(struct ubifs_info *c)
  283. {
  284. int err, old_leb_cnt;
  285. c->mst_node = kzalloc(c->mst_node_alsz, GFP_KERNEL);
  286. if (!c->mst_node)
  287. return -ENOMEM;
  288. err = scan_for_master(c);
  289. if (err) {
  290. if (err == -EUCLEAN)
  291. err = ubifs_recover_master_node(c);
  292. if (err)
  293. /*
  294. * Note, we do not free 'c->mst_node' here because the
  295. * unmount routine will take care of this.
  296. */
  297. return err;
  298. }
  299. /* Make sure that the recovery flag is clear */
  300. c->mst_node->flags &= cpu_to_le32(~UBIFS_MST_RCVRY);
  301. c->max_sqnum = le64_to_cpu(c->mst_node->ch.sqnum);
  302. c->highest_inum = le64_to_cpu(c->mst_node->highest_inum);
  303. c->cmt_no = le64_to_cpu(c->mst_node->cmt_no);
  304. c->zroot.lnum = le32_to_cpu(c->mst_node->root_lnum);
  305. c->zroot.offs = le32_to_cpu(c->mst_node->root_offs);
  306. c->zroot.len = le32_to_cpu(c->mst_node->root_len);
  307. c->lhead_lnum = le32_to_cpu(c->mst_node->log_lnum);
  308. c->gc_lnum = le32_to_cpu(c->mst_node->gc_lnum);
  309. c->ihead_lnum = le32_to_cpu(c->mst_node->ihead_lnum);
  310. c->ihead_offs = le32_to_cpu(c->mst_node->ihead_offs);
  311. c->bi.old_idx_sz = le64_to_cpu(c->mst_node->index_size);
  312. c->lpt_lnum = le32_to_cpu(c->mst_node->lpt_lnum);
  313. c->lpt_offs = le32_to_cpu(c->mst_node->lpt_offs);
  314. c->nhead_lnum = le32_to_cpu(c->mst_node->nhead_lnum);
  315. c->nhead_offs = le32_to_cpu(c->mst_node->nhead_offs);
  316. c->ltab_lnum = le32_to_cpu(c->mst_node->ltab_lnum);
  317. c->ltab_offs = le32_to_cpu(c->mst_node->ltab_offs);
  318. c->lsave_lnum = le32_to_cpu(c->mst_node->lsave_lnum);
  319. c->lsave_offs = le32_to_cpu(c->mst_node->lsave_offs);
  320. c->lscan_lnum = le32_to_cpu(c->mst_node->lscan_lnum);
  321. c->lst.empty_lebs = le32_to_cpu(c->mst_node->empty_lebs);
  322. c->lst.idx_lebs = le32_to_cpu(c->mst_node->idx_lebs);
  323. old_leb_cnt = le32_to_cpu(c->mst_node->leb_cnt);
  324. c->lst.total_free = le64_to_cpu(c->mst_node->total_free);
  325. c->lst.total_dirty = le64_to_cpu(c->mst_node->total_dirty);
  326. c->lst.total_used = le64_to_cpu(c->mst_node->total_used);
  327. c->lst.total_dead = le64_to_cpu(c->mst_node->total_dead);
  328. c->lst.total_dark = le64_to_cpu(c->mst_node->total_dark);
  329. ubifs_copy_hash(c, c->mst_node->hash_root_idx, c->zroot.hash);
  330. c->calc_idx_sz = c->bi.old_idx_sz;
  331. if (c->mst_node->flags & cpu_to_le32(UBIFS_MST_NO_ORPHS))
  332. c->no_orphs = 1;
  333. if (old_leb_cnt != c->leb_cnt) {
  334. /* The file system has been resized */
  335. int growth = c->leb_cnt - old_leb_cnt;
  336. if (c->leb_cnt < old_leb_cnt ||
  337. c->leb_cnt < UBIFS_MIN_LEB_CNT) {
  338. ubifs_err(c, "bad leb_cnt on master node");
  339. ubifs_dump_node(c, c->mst_node, c->mst_node_alsz);
  340. return -EINVAL;
  341. }
  342. dbg_mnt("Auto resizing (master) from %d LEBs to %d LEBs",
  343. old_leb_cnt, c->leb_cnt);
  344. c->lst.empty_lebs += growth;
  345. c->lst.total_free += growth * (long long)c->leb_size;
  346. c->lst.total_dark += growth * (long long)c->dark_wm;
  347. /*
  348. * Reflect changes back onto the master node. N.B. the master
  349. * node gets written immediately whenever mounting (or
  350. * remounting) in read-write mode, so we do not need to write it
  351. * here.
  352. */
  353. c->mst_node->leb_cnt = cpu_to_le32(c->leb_cnt);
  354. c->mst_node->empty_lebs = cpu_to_le32(c->lst.empty_lebs);
  355. c->mst_node->total_free = cpu_to_le64(c->lst.total_free);
  356. c->mst_node->total_dark = cpu_to_le64(c->lst.total_dark);
  357. }
  358. err = validate_master(c);
  359. if (err)
  360. return err;
  361. err = dbg_old_index_check_init(c, &c->zroot);
  362. return err;
  363. }
  364. /**
  365. * ubifs_write_master - write master node.
  366. * @c: UBIFS file-system description object
  367. *
  368. * This function writes the master node. Returns zero in case of success and a
  369. * negative error code in case of failure. The master node is written twice to
  370. * enable recovery.
  371. */
  372. int ubifs_write_master(struct ubifs_info *c)
  373. {
  374. int err, lnum, offs, len;
  375. ubifs_assert(c, !c->ro_media && !c->ro_mount);
  376. if (c->ro_error)
  377. return -EROFS;
  378. lnum = UBIFS_MST_LNUM;
  379. offs = c->mst_offs + c->mst_node_alsz;
  380. len = UBIFS_MST_NODE_SZ;
  381. if (offs + UBIFS_MST_NODE_SZ > c->leb_size) {
  382. err = ubifs_leb_unmap(c, lnum);
  383. if (err)
  384. return err;
  385. offs = 0;
  386. }
  387. c->mst_offs = offs;
  388. c->mst_node->highest_inum = cpu_to_le64(c->highest_inum);
  389. ubifs_copy_hash(c, c->zroot.hash, c->mst_node->hash_root_idx);
  390. err = ubifs_write_node_hmac(c, c->mst_node, len, lnum, offs,
  391. offsetof(struct ubifs_mst_node, hmac));
  392. if (err)
  393. return err;
  394. lnum += 1;
  395. if (offs == 0) {
  396. err = ubifs_leb_unmap(c, lnum);
  397. if (err)
  398. return err;
  399. }
  400. err = ubifs_write_node_hmac(c, c->mst_node, len, lnum, offs,
  401. offsetof(struct ubifs_mst_node, hmac));
  402. return err;
  403. }