Hei hei,
filesystem handling is different in U-Boot and beyond that UBI/UBIFS is
different from other filesystems in U-Boot. There's UBI and UBIFS code
ported from Linux (quite old already now, maybe someone wants to update
that?), and there's "glue code" or "wrapper code" to interface with
U-Boot scripts, commands, and filesystem handling. The fixes and
improvements in this patch series are for this U-Boot specific glue
code.
I'm no filesystem expert, but after days of debugging I'm quite sure the
bug is in U-Boot since UBIFS support was added in 2009, and it was
repeated in 2015 when generic filesystem support for UBIFS was added.
So please review carefully!
The crashes were not easily reproducible, only with boards using the old
distroboot _and_ a boot script inspired by (but not equal to) the one
proposed by RAUC [1], which basically boils down to:
ubifsmount ubi0:boot (from distroboot)
test -e (from distroboot)
ubifsmount ubi0:rootfs1 (this time from the boot script,
triggering a ubifs_umount)
Crashes can be triggered more easily, if patch order is changed and
patch 2 (resetting pointers to NULL after free) comes first, or if patch
2 is applied on its own only.
The fix is in the first patch, and on my boards I see no crashes
anymore. I also tested all kinds of combinations of calling `ubi part`,
`ubi detach`, `ubifsmount`, `ubifsumount`, `ubifsls`, `ubifsload`, `ls`,
`load`, `size`, and `test -e` and got no crashes anymore after the fix.
The three additional patches (2 to 4) are more or less safeguards and
improvements for the future, and come from me trying and my debugging
code done on the way, more or less optional, but I think nice to have.
Greets
Alex
[1] https://github.com/rauc/rauc/blob/master/contrib/uboot.sh
Alexander Dahl (4):
fs: ubifs: Fix memleak and double free in u-boot wrapper functions
fs: ubifs: Set pointers to NULL after free
fs: ubifs: Make k(z)alloc/kfree symmetric
fs: ubifs: Add volume mounted check
fs/ubifs/super.c | 8 ++++++--
fs/ubifs/ubifs.c | 31 +++++++++++++++++++------------
2 files changed, 25 insertions(+), 14 deletions(-)
base-commit: 65fbdab27224ee3943a89496b21862db83c34da2
--
2.39.2
