[PATCH v3 8/9] fs: Report errors for out-of-bounds protect operations

Sascha Hauer s.hauer at pengutronix.de
Wed Jun 25 00:11:37 PDT 2025


On Wed, Jun 25, 2025 at 07:45:39AM +0200, Ahmad Fatoum wrote:
> Hi,
> 
> On 17.06.25 09:56, Sascha Hauer wrote:
> >> -	if (count > f->f_size - offset)
> >> -		count = f->f_size - offset;
> >> +		return errno_set(-ENXIO);
> >> +	if (!count  || count > f->f_size - offset)
> >> +		return errno_set(-EINVAL);
> > 
> > This breaks the saveenv command which does a
> > 
> > 	ret = protect(envfd, ~0, 0, 0);
> > 
> > to unprotect the environment sector. Try on a board with environment in
> > SPI flash.
> 
> Just ran into this as well. It's easy to reproduce with QEMU.

Nah, I shouldn't have applied this series. Oleksij sending two
additional patches somehow trapped me into thinking that with these two
patches that with these everything would be fine.

For now I have dropped this particular patch from -next.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list