Bug#751704: libparted ped_disk_clobber() overwrites firmware on some arm systems

2014-08-30 Thread Karsten Merker 
Control: tags -1 pending
thanks

On Thu, Aug 28, 2014 at 10:31:43PM +0200, Karsten Merker wrote:

 as libparted upstream has now confirmed that modifying
 PedDisk.needs_clobber from within the calling application is
 ok, I would like to apply the following patch to partman-base
 unless somebody has further objections against it.
 
 Functionally it is the same patch that I had posted earlier
 already, just with some coding style cleanups.

The patch has been committed to the partman-base git repository.

Regards,
Karsten
-- 
Gem. Par. 28 Abs. 4 Bundesdatenschutzgesetz widerspreche ich der Nutzung
sowie der Weitergabe meiner personenbezogenen Daten für Zwecke der
Werbung sowie der Markt- oder Meinungsforschung.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#751704: libparted ped_disk_clobber() overwrites firmware on some arm systems

2014-08-28 Thread Karsten Merker 
Hello,

as libparted upstream has now confirmed that modifying
PedDisk.needs_clobber from within the calling application is
ok, I would like to apply the following patch to partman-base
unless somebody has further objections against it.

Functionally it is the same patch that I had posted earlier
already, just with some coding style cleanups.

Regards,
Karsten

From bd3e4f79ea620fefb48c768dec22a3f7d1ad31a2 Mon Sep 17 00:00:00 2001
From: Karsten Merker mer...@debian.org
Date: Thu, 28 Aug 2014 20:38:12 +0200
Subject: [PATCH] Take care of the firmware area on sunxi-based systems

By default partman calls ped_disk_clobber when writing a new
partition table, but on the MMC device of sunxi-based systems this
would overwrite the firmware area, resulting in an unbootable system
(see bug #751704). Handle this as a special case in command_commit().
---
 parted_server.c | 33 +
 1 file changed, 33 insertions(+)

diff --git a/parted_server.c b/parted_server.c
index 55cf151..a6283f6 100644
--- a/parted_server.c
+++ b/parted_server.c
@@ -1330,6 +1330,25 @@ command_dump()
 oprintf(OK\n);
 }
 
+/* Check whether we are running on a sunxi-based system. */
+int
+is_sunxi_system()
+{
+int cpuinfo_handle;
+int result = 0;
+char buf[4096];
+int length;
+
+if ((cpuinfo_handle = open(/proc/cpuinfo, O_RDONLY)) != -1) {
+length = read(cpuinfo_handle, buf, sizeof(buf)-1);
+buf[length]='\0';
+if (strstr(buf, Allwinner) != NULL)
+result = 1;
+close(cpuinfo_handle);
+}
+return result;
+}
+
 void
 command_commit()
 {
@@ -1337,6 +1356,20 @@ command_commit()
 if (dev == NULL)
 critical_error(The device %s is not opened., device_name);
 log(command_commit());
+
+/* The boot device on sunxi-based systems needs special handling.
+ * By default partman calls ped_disk_clobber when writing the
+ * partition table, but on sunxi-based systems this would overwrite
+ * the firmware area, resulting in an unbootable system (see
+ * bug #751704).
+ */
+if (is_sunxi_system()  !strcmp(disk-dev-path, /dev/mmcblk0)) {
+disk-needs_clobber = 0;
+log(Sunxi platform detected. Disabling ped_disk_clobber  \
+for the boot device %s to protect the firmware  \
+area., disk-dev-path);
+}
+
 open_out();
 if (disk != NULL  named_is_changed(device_name))
 ped_disk_commit(disk);
-- 
2.1.0


-- 
Gem. Par. 28 Abs. 4 Bundesdatenschutzgesetz widerspreche ich der Nutzung
sowie der Weitergabe meiner personenbezogenen Daten für Zwecke der
Werbung sowie der Markt- oder Meinungsforschung.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#751704: libparted ped_disk_clobber() overwrites firmware on some arm systems

2014-08-18 Thread Karsten Merker 
Hello,

the following is a discussion from the Debian bugtracking system regarding
Debian Bug#751704 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751704).
It needs involvement from parted upstream, therefore I am forwarding it to 
bug-par...@gnu.org.

Kind regards,
Karsten

- Forwarded message from Jim Meyering j...@meyering.net -

Date: Sun, 17 Aug 2014 14:51:41 -0700
From: Jim Meyering j...@meyering.net
Subject: Bug#751704: libparted questions (was: Bug#751704: partman-base 173: 
partman overwrites
parts of u-boot)

On Wed, Aug 13, 2014 at 12:07 PM, Karsten Merker mer...@debian.org wrote:
 [CCing Otavio Salvador and Jim Meyering; the following is a short summary
  of the situation; the full history can be read in bug #751704:

  Debian-Installer uses partman for partitioning, which in turn is
  based on libparted. On sunxi-based systems, upon writing the partition
  table, partman/libparted overwrites parts of u-boot which are
  located between the end of the partition table and the beginning of the
  first partition which results in an unbootable system.
  An attempt to solve this problem has been to conditionally set
  PedDisk.needs_clobber to 0 in partman when it detects that it is
  trying to write to a boot device on sunxi-based systems.]

 Colin Watson cjwat...@debian.org wrote:
 PedDisk.needs_clobber is marked as office use only in parted; I
 interpret that as meaning that it really shouldn't be fiddled with
 outside parted, even though it's technically exposed.  Could you please
 look at fixing parted to avoid clobbering the firmware area instead?  I
 think that would be more correct.

 I have no idea what is really meant with the comment

   /* office use only ;-) */
   int needs_clobber;

 in /usr/include/parted/disk.h, so I would like to ask upstream
 for clarification. Otavio, Jim: you are listed as parted
 upstream maintainers on http://www.gnu.org/software/parted/ - could
 you shed some light on this? Is it ok for an application to fiddle
 with the needs_clobber element or is this to be considered
 strictly libparted-internal?


 @Colin: If the solution is to be completely encapsulated in
 libparted, I see a large problem in how to solve the conflict between
 space after the partition table being very differently used by
 firmware for different SoCs on one side, and libparted trying to make
 sure that there are no remains of other partition table formats in
 the respective area on the other side - at least with the
 prerequisite of keeping both the current defaults (clobbering) as
 well as keeping the libparted API unchanged.  With the current there
 is one erase size for all platforms method in ped_disk_clobber() in
 libparted/disk.c, we inevitably end up with conflicting requirements.
 An example: the source for ped_disk_clobber() states:

 /* How many sectors to zero out at each end.
This must be large enough to zero out the magic bytes
starting at offset 8KiB on a DASD partition table.
Doing the same from the end of the disk is probably
overkill, but at least on GPT, we do need to zero out
the final sector.  */

 So for at least one platform (according to Wikipedia DASD seems to be
 some s/390 format), the area at offset 8KiB has to be wiped out while
 for another (armhf/sunxi) it may not be wiped out as the u-boot SPL is
 located there and cannot be relocated because its sector address is
 hardcoded in the SoC.

 According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751704#25,
 similar problems (but at other offsets) come up for other SoCs.
 According to the examples listed there, for TI SoCs libparted would
 have to stop clobbering the GPT header after writing a DOS MBR, but
 could wipe the DASD area.  For a Freescale i.MX SoC libparted could
 legally clobber the GPT header, but would have to refrain from
 clobbering the areas behind it.  If you extrapolate this to the large
 number of different SoC families, to handle this completely inside
 libparted, the library would have to know what exactly is the target
 system for which it writes a partition table and special-case the
 handling for each of them.  While one might assume that the partition
 table is for an s/390 system when a DASD partition table is
 generated, this does not work as easily for the plethora of different
 architectures and systems that use DOS MBR partition tables.  This
 gets even more complicated by the fact that libparted may run on one
 platform but modify partition tables for another platform, such as
 when operating on disk images for use with emulators or when
 operating on hd-media images for different arm platforms (with
 different firmware/bootloader requirements) on one autobuild host, so
 trying to do runtime detection of the host system would still not cover
 all use cases. In the case of creating images from scratch, the problem
 can be circumvented by (re-)writing the