[openwrt/openwrt] generic: deny write to uImage.FIT sub-image partitions

LEDE Commits lede-commits at lists.infradead.org
Mon Jan 10 16:07:05 PST 2022 

dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/f2c3875dfcbf82d993ebe20f9563125c5fde2c60

commit f2c3875dfcbf82d993ebe20f9563125c5fde2c60
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Tue Jan 11 00:00:36 2022 +0000

    generic: deny write to uImage.FIT sub-image partitions
    
    Set policy bit to force read-only mode on uImage.FIT filesystem
    sub-images mapped as block partitions by the FIT partition parser.
    
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 target/linux/generic/files/block/partitions/fit.c              |  2 +-
 .../generic/hack-5.10/410-block-fit-partition-parser.patch     | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/target/linux/generic/files/block/partitions/fit.c b/target/linux/generic/files/block/partitions/fit.c
index a0aa0eadf5..fa73e64af8 100644
--- a/target/linux/generic/files/block/partitions/fit.c
+++ b/target/linux/generic/files/block/partitions/fit.c
@@ -230,7 +230,7 @@ int parse_fit_partitions(struct parsed_partitions *state, u64 fit_start_sector,
 		strlcat(state->pp_buf, tmp, PAGE_SIZE);
 
 		state->parts[*slot].has_info = true;
-
+		state->parts[*slot].flags |= ADDPART_FLAG_READONLY;
 		if (config_loadables && !strcmp(image_name, config_loadables)) {
 			printk(KERN_DEBUG "FIT: selecting configured loadable \"%s\" to be root filesystem\n", image_name);
 			state->parts[*slot].flags |= ADDPART_FLAG_ROOTDEV;
diff --git a/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch b/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch
index c0b3c25339..bc48296d9c 100644
--- a/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch
+++ b/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch
@@ -1,10 +1,11 @@
 --- a/block/blk.h
 +++ b/block/blk.h
-@@ -361,6 +361,7 @@ char *disk_name(struct gendisk *hd, int
+@@ -361,6 +361,8 @@ char *disk_name(struct gendisk *hd, int
  #define ADDPART_FLAG_NONE	0
  #define ADDPART_FLAG_RAID	1
  #define ADDPART_FLAG_WHOLEDISK	2
-+#define ADDPART_FLAG_ROOTDEV	4
++#define ADDPART_FLAG_READONLY	4
++#define ADDPART_FLAG_ROOTDEV	8
  void delete_partition(struct hd_struct *part);
  int bdev_add_partition(struct block_device *bdev, int partno,
  		sector_t start, sector_t length);
@@ -73,13 +74,16 @@
  #ifdef CONFIG_SGI_PARTITION
  	sgi_partition,
  #endif
-@@ -694,6 +701,11 @@ static bool blk_add_partition(struct gen
+@@ -694,6 +701,14 @@ static bool blk_add_partition(struct gen
  	    (state->parts[p].flags & ADDPART_FLAG_RAID))
  		md_autodetect_dev(part_to_dev(part)->devt);
  
 +#ifdef CONFIG_FIT_PARTITION
 +	if ((state->parts[p].flags & ADDPART_FLAG_ROOTDEV) && ROOT_DEV == 0)
 +		ROOT_DEV = part_to_dev(part)->devt;
++
++	if (state->parts[p].flags & ADDPART_FLAG_READONLY)
++		part->policy = true;
 +#endif
 +
  	return true;

More information about the lede-commits mailing list