-
-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LittleFS corruption problem #16
Comments
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this issue
Jan 26, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this issue
Jan 27, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this issue
Feb 3, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this issue
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
to Nitrokey/littlefs2
that referenced
this issue
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: trussed-dev#19 #1 Fixes: trussed-dev#16
robin-nitrokey
added a commit
that referenced
this issue
Feb 7, 2023
Previously, we reported the lookahead buffer size in bytes but littlefs2-sys expects the lookahead buffer size as a multiple of 8 bytes. This could lead to a buffer overflow causing filesystem corruption. This patch fixes the reported lookahead buffer size. Note that Storage::LOOKAHEAD_WORDS_SIZE allows users to set invalid values (as it is measured in 4 bytes, not in 8 bytes). Invalid values that were previously accepted because of the wrong buffer size calculation can now be rejected by littlefs2-sys. This is a combination of two previous patches: #19 Nitrokey#1 Fixes: #16
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I've got problem with LittleFS corrupting itself when creating directories.
I want to create following directory structure
7415985b61e40e9ef347b1617e4c52161b657cdbbc15cbd4566f4f18f3911375
is a filewith 855 bytes of data. It has one xattr attached: ID 0, data 0x01 (1 byte).
At that point creating
trussed
directory will corrupt filesystem.Test described below have been done on latest LittleFS release (
v2.4.2
,bindings updated, trussed-dev/littlefs2-sys#4), however this
problem is present with latest binding release too. I was unable to reproduce
this issue when using raw C API.
Reproduction:
take lfs tool
(from
littlefs_fix
branch for latest LittleFS version)build it, doesn't make difference whether it is debug or release
run the following commands
whether corruption happens depends certificate used - it is 100% reproducible
for
bad_cert.pem
, so far never happened withgood_cert.pem
. Bothcertificates have the same size, but contents differ which affects name of
created file (hash of file contents).
for the problem to occur certificate installation must be done in one run
which suggests corruption of in-memory state. If steps are split each into
separate commands it works:
Problem does not occur if
--trusted
flag is omitted frominstall-certificate
command, even for bad certificate. Removing--trusted
flag skips
set-attr
stage. Looks like the problem is triggered by writing toa file and immediatelly setting custom attribute on that file.
This is the dump of
flash_bin_cert_rust.bin
(usingreadtree.py
script fromlittlefs repo) with bad certificate installed, and marked as trusted.
This is what happens after creating
trussed
directory.This problem occurs only when marking certificate as trusted and this is the
difference beetween image with trusted certificate (corrupted) and untrusted
certificate
same thing from
readtree.py
perspectiveLooks like presence of user attribute causes mkdir to corrupt filesystem, what
puzzles me more is the connection with file contents (corruption doesn't happen
with "good" certificate). Also there are some differences in behaviour between C
and Rust - Rust code starts block allocation from the last 2 blocks (except root
directory which is always at {1, 0}),
fobnail_client
directory is allocated at{30, 31} in case of Rust and {10, 11} in case of C. Shouldn't LittleFS allocate
the same block?
I upload here both good and bad certificates as well as various images: with
trusted and untrusted bad certificate, example of corrupted image and C code
(which does the same but without corrupting fs).
lfs_c.zip
images.zip
The text was updated successfully, but these errors were encountered: