From 33404a159828a97fefada0d8f4cf910873b8e9f1 Mon Sep 17 00:00:00 2001

From: Tetsuhiro Kohada <kohada.t2@gmail.com>

Date: Fri, 29 May 2020 19:14:57 +0900

Subject: [Backport 33404a159828] exfat: separate the boot sector analysis

Separate the boot sector analysis to read_boot_sector().

And add a check for the fs_name field.

Furthermore, add a strict consistency check, because overlapping areas

can cause serious corruption.

Signed-off-by: Tetsuhiro Kohada <kohada.t2@gmail.com>

Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>

---

 src/exfat_raw.h |  2 +

 src/super.c     | 97 ++++++++++++++++++++++++--------------------

 2 files changed, 56 insertions(+), 43 deletions(-)

diff --git a/src/exfat_raw.h b/src/exfat_raw.h

index 07f74190df44b215128d4dcf2a8ee33d32a7cf21..350ce59cc32478919d9ffb9823726b8b9015de48 100644

--- a/src/exfat_raw.h

+++ b/src/exfat_raw.h

@@ -10,11 +10,13 @@

 #define BOOT_SIGNATURE		0xAA55

 #define EXBOOT_SIGNATURE	0xAA550000

+#define STR_EXFAT		"EXFAT   "	/* size should be 8 */

 #define EXFAT_MAX_FILE_LEN	255

 #define VOL_CLEAN		0x0000

 #define VOL_DIRTY		0x0002

+#define ERR_MEDIUM		0x0004

 #define EXFAT_EOF_CLUSTER	0xFFFFFFFFu

 #define EXFAT_BAD_CLUSTER	0xFFFFFFF7u

diff --git a/src/super.c b/src/super.c

index e60d28e73ff007b85eafc751693d332911fbcfd3..6a1330be5a9a4b58e2a39b197788f139bfbaba4f 100644

--- a/src/super.c

+++ b/src/super.c

@@ -366,25 +366,20 @@ static int exfat_read_root(struct inode *inode)

 	return 0;

 }

-static struct boot_sector *exfat_read_boot_with_logical_sector(

-		struct super_block *sb)

+static int exfat_calibrate_blocksize(struct super_block *sb, int logical_sect)

 {

 	struct exfat_sb_info *sbi = EXFAT_SB(sb);

-	struct boot_sector *p_boot = (struct boot_sector *)sbi->boot_bh->b_data;

-	unsigned short logical_sect = 0;

-

-	logical_sect = 1 << p_boot->sect_size_bits;

 	if (!is_power_of_2(logical_sect) ||

 	    logical_sect < 512 || logical_sect > 4096) {

 		exfat_err(sb, "bogus logical sector size %u", logical_sect);

-		return NULL;

+		return -EIO;

 	}

 	if (logical_sect < sb->s_blocksize) {

 		exfat_err(sb, "logical sector size too small for device (logical sector size = %u)",

 			  logical_sect);

-		return NULL;

+		return -EIO;

 	}

 	if (logical_sect > sb->s_blocksize) {

@@ -394,24 +389,20 @@ static struct boot_sector *exfat_read_boot_with_logical_sector(

 		if (!sb_set_blocksize(sb, logical_sect)) {

 			exfat_err(sb, "unable to set blocksize %u",

 				  logical_sect);

-			return NULL;

+			return -EIO;

 		}

 		sbi->boot_bh = sb_bread(sb, 0);

 		if (!sbi->boot_bh) {

 			exfat_err(sb, "unable to read boot sector (logical sector size = %lu)",

 				  sb->s_blocksize);

-			return NULL;

+			return -EIO;

 		}

-

-		p_boot = (struct boot_sector *)sbi->boot_bh->b_data;

 	}

-	return p_boot;

+	return 0;

 }

-/* mount the file system volume */

-static int __exfat_fill_super(struct super_block *sb)

+static int exfat_read_boot_sector(struct super_block *sb)

 {

-	int ret;

 	struct boot_sector *p_boot;

 	struct exfat_sb_info *sbi = EXFAT_SB(sb);

@@ -424,51 +415,41 @@ static int __exfat_fill_super(struct super_block *sb)

 		exfat_err(sb, "unable to read boot sector");

 		return -EIO;

 	}

-

-	/* PRB is read */

 	p_boot = (struct boot_sector *)sbi->boot_bh->b_data;

 	/* check the validity of BOOT */

 	if (le16_to_cpu((p_boot->signature)) != BOOT_SIGNATURE) {

 		exfat_err(sb, "invalid boot record signature");

-		ret = -EINVAL;

-		goto free_bh;

+		return -EINVAL;

 	}

-

-	/* check logical sector size */

-	p_boot = exfat_read_boot_with_logical_sector(sb);

-	if (!p_boot) {

-		ret = -EIO;

-		goto free_bh;

+	if (memcmp(p_boot->fs_name, STR_EXFAT, BOOTSEC_FS_NAME_LEN)) {

+		exfat_err(sb, "invalid fs_name"); /* fs_name may unprintable */

+		return -EINVAL;

 	}

 	/*

-	 * res_zero field must be filled with zero to prevent mounting

+	 * must_be_zero field must be filled with zero to prevent mounting

 	 * from FAT volume.

 	 */

-	if (memchr_inv(p_boot->must_be_zero, 0,

-			sizeof(p_boot->must_be_zero))) {

-		ret = -EINVAL;

-		goto free_bh;

-	}

+	if (memchr_inv(p_boot->must_be_zero, 0, sizeof(p_boot->must_be_zero)))

+		return -EINVAL;

-	p_boot = (struct boot_sector *)p_boot;

-	if (!p_boot->num_fats) {

+	if (p_boot->num_fats != 1 && p_boot->num_fats != 2) {

 		exfat_err(sb, "bogus number of FAT structure");

-		ret = -EINVAL;

-		goto free_bh;

+		return -EINVAL;

 	}

 	sbi->sect_per_clus = 1 << p_boot->sect_per_clus_bits;

 	sbi->sect_per_clus_bits = p_boot->sect_per_clus_bits;

-	sbi->cluster_size_bits = sbi->sect_per_clus_bits + sb->s_blocksize_bits;

+	sbi->cluster_size_bits = p_boot->sect_per_clus_bits +

+		p_boot->sect_size_bits;

 	sbi->cluster_size = 1 << sbi->cluster_size_bits;

 	sbi->num_FAT_sectors = le32_to_cpu(p_boot->fat_length);

 	sbi->FAT1_start_sector = le32_to_cpu(p_boot->fat_offset);

-	sbi->FAT2_start_sector = p_boot->num_fats == 1 ?

-		sbi->FAT1_start_sector :

-			sbi->FAT1_start_sector + sbi->num_FAT_sectors;

+	sbi->FAT2_start_sector = le32_to_cpu(p_boot->fat_offset);

+	if (p_boot->num_fats == 2)

+		sbi->FAT2_start_sector += sbi->num_FAT_sectors;

 	sbi->data_start_sector = le32_to_cpu(p_boot->clu_offset);

 	sbi->num_sectors = le64_to_cpu(p_boot->vol_length);

 	/* because the cluster index starts with 2 */

@@ -483,15 +464,45 @@ static int __exfat_fill_super(struct super_block *sb)

 	sbi->clu_srch_ptr = EXFAT_FIRST_CLUSTER;

 	sbi->used_clusters = EXFAT_CLUSTERS_UNTRACKED;

-	if (le16_to_cpu(p_boot->vol_flags) & VOL_DIRTY) {

-		sbi->vol_flag |= VOL_DIRTY;

-		exfat_warn(sb, "Volume was not properly unmounted. Some data may be corrupt. Please run fsck.");

+	/* check consistencies */

+	if (sbi->num_FAT_sectors << p_boot->sect_size_bits <

+	    sbi->num_clusters * 4) {

+		exfat_err(sb, "bogus fat length");

+		return -EINVAL;

+	}

+	if (sbi->data_start_sector <

+	    sbi->FAT1_start_sector + sbi->num_FAT_sectors * p_boot->num_fats) {

+		exfat_err(sb, "bogus data start sector");

+		return -EINVAL;

 	}

+	if (sbi->vol_flag & VOL_DIRTY)

+		exfat_warn(sb, "Volume was not properly unmounted. Some data may be corrupt. Please run fsck.");

+	if (sbi->vol_flag & ERR_MEDIUM)

+		exfat_warn(sb, "Medium has reported failures. Some data may be lost.");

 	/* exFAT file size is limited by a disk volume size */

 	sb->s_maxbytes = (u64)(sbi->num_clusters - EXFAT_RESERVED_CLUSTERS) <<

 		sbi->cluster_size_bits;

+	/* check logical sector size */

+	if (exfat_calibrate_blocksize(sb, 1 << p_boot->sect_size_bits))

+		return -EIO;

+

+	return 0;

+}

+

+/* mount the file system volume */

+static int __exfat_fill_super(struct super_block *sb)

+{

+	int ret;

+	struct exfat_sb_info *sbi = EXFAT_SB(sb);

+

+	ret = exfat_read_boot_sector(sb);

+	if (ret) {

+		exfat_err(sb, "failed to read boot sector");

+		goto free_bh;

+	}

+

 	ret = exfat_create_upcase_table(sb);

 	if (ret) {

 		exfat_err(sb, "failed to load upcase table");

-- 

2.31.1