Fix filesystem corruption #19
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LittleFS bindings reported too big lookahead cache size which resulted in corrupting adjacent structures (read and prog buffer, other data), which in turn resulted in filesystem corruption either by reallocating an already allocated causing cycle or by corrupting data before writing it to disk.
arturkow2000
force-pushed
the
fs-corruption-fix
branch
from
3a47070
to
7514184
Compare
|
Hi @arturkow2000 ! Thank you for the fix! It fixes the FS corruption I encountered too. Hi @nickray, Please, merge the fix, thank you! |
|
@nickray are you still maintaining this? Not to hassle you but this seems like a fairly critical issue. Perhaps it might be helpful to add more maintainers if you don't have much time at the moment? |
|
Note that this change also requires a change to the https://github.com/littlefs-project/littlefs/blob/6a53d76e90af33f0656333c1db09bd337fa75d23/lfs.h#L226-L230 I’m not sure where the factor 4 comes from here. Wouldn’t it make more sense to use 8 directly? |
Ah, figured it out: The lookahead buffer uses u32, not u64. So the factor is 32 / 8 = 4. In the future, we should change that so that users cannot specify invalid lookahead sizes. |
@svenstaro These littlefs bindings are now moved under the Trussed org, where Nitrokey can co-maintain. |
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this pull request
Jan 26, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this pull request
Jan 27, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this pull request
Feb 3, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this pull request
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this pull request
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
that referenced
this pull request
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: #19 Nitrokey#1 Fixes: #16
|
Included in #24. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
LittleFS bindings reported too big lookahead cache size which resulted
in corrupting adjacent structures (read and prog buffer), which in turn
resulted in filesystem corruption either by reallocating an already
allocated causing cycle or by corrupting data before writing it to disk.
Fixes: https://github.com/nickray/littlefs2/issues/16