Skip to content

extmod: Check vfs block device invalid return values, increase error handling #13572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dpgeorge merged 2 commits into from
Sep 26, 2024
Merged

extmod: Check vfs block device invalid return values, increase error handling #13572

dpgeorge merged 2 commits into from
Sep 26, 2024

Conversation

@projectgus
Copy link
Contributor

@projectgus projectgus commented Jan 31, 2024
edited
Loading

Summary

Two fixes, currently in two commits as the second one is more complex than the first:

  • Force results of mp_vfs_blockdev_read_ext/mp_vfs_blockdev_write_ext to be 0 or a negative integer. Returning positive integers here confuses littlefs (see lfs1.c:66 for example). Adds a unit test for an invalid block device of this kind. Closes heap-buffer-overflow: from integer overflow at mp_stream_rw #13046.
  • Refactors vfs_blockdev.c to combine very similar read/write code paths. This reduces code size, but also has the side effect of adding error handling to the simple read & write functions (resolving a long-standing TODO). A failure in the block device level is now propagated back to the VFS filesystem.

EDIT: There was previously a semi-related fix for the "stream" part of the linked issue in this PR, but it was impossible to test and only necessary if the underlying stream (in C) violated its API contract. The block device fix in this PR already prevents this from happening in the one known case.

Trade-offs and Alternatives

There is a risk that an old implementation of BlockDev readblocks/writeblocks somewhere returns a non-zero integer or other value on success and will now fail as the result is checked. I think this is unlikely though, as the same function is called for the _ext variants and those results have always been checked.

Testing

Ran the vfs tests on both unix port and rp2 port.

This work was funded through GitHub Sponsors.

@projectgus projectgus added the bug label Jan 31, 2024
@github-actions
Copy link

github-actions bot commented Jan 31, 2024
edited
Loading

Code size report:

   bare-arm:    +0 +0.000% 
minimal x86:    +0 +0.000% 
   unix x64:  -280 -0.033% standard
      stm32:   -80 -0.020% PYBV10
     mimxrt:   -72 -0.020% TEENSY40
        rp2:   -72 -0.008% RPI_PICO_W
       samd:   -72 -0.027% ADAFRUIT_ITSYBITSY_M4_EXPRESS
  qemu rv32:    +0 +0.000% VIRT_RV32

@codecov
Copy link

codecov bot commented Jan 31, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.57%. Comparing base (a2475ee) to head (f4ab9d9).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13572      +/-   ##
==========================================
- Coverage   98.57%   98.57%   -0.01%     
==========================================
  Files         164      164              
  Lines       21341    21330      -11     
==========================================
- Hits        21036    21025      -11     
  Misses        305      305

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Gadgetoid Gadgetoid mentioned this pull request Feb 29, 2024
Merged
@projectgus

This comment was marked as resolved.

Sign in to view
@projectgus projectgus force-pushed the bugfix/stream_read_invalid branch from 1a178bc to d278b46 Compare March 13, 2024 06:48
projectgus
projectgus commented Sep 3, 2024
View reviewed changes
@dpgeorge dpgeorge added this to the release-1.24.0 milestone Sep 3, 2024
@projectgus projectgus force-pushed the bugfix/stream_read_invalid branch from d278b46 to 4bc7276 Compare September 4, 2024 05:02
@projectgus projectgus changed the title py/stream: Check for stream read function returning too many bytes. extmod: Check vfs block device invalid return values, increase error handling Sep 4, 2024
@projectgus projectgus force-pushed the bugfix/stream_read_invalid branch from 7f74230 to 7eb2fbb Compare September 4, 2024 06:15
@projectgus projectgus added the extmod Relates to extmod/ directory in source label Sep 4, 2024
@projectgus projectgus requested a review from dpgeorge September 4, 2024 06:47
@dpgeorge
Copy link
Member

dpgeorge commented Sep 6, 2024

This is awesome! We get a bug fix, better error handling, remove a TODO, de-duplicated code, and code size reduction!

dpgeorge
dpgeorge reviewed Sep 6, 2024
View reviewed changes
@projectgus projectgus force-pushed the bugfix/stream_read_invalid branch from 7eb2fbb to a6cae89 Compare September 10, 2024 01:25
@dpgeorge dpgeorge mentioned this pull request Sep 24, 2024
Merged
@projectgus projectgus force-pushed the bugfix/stream_read_invalid branch from a6cae89 to c893f2e Compare September 26, 2024 04:37
@projectgus
Copy link
Contributor Author

projectgus commented Sep 26, 2024

Rebased, fixed inconsistent commit message prefixes. 😁

@projectgus @dpgeorge
extmod/vfs_blockdev: Check block device function positive results.
4f6d4b2 
A positive result here can result in eventual memory corruption
as littlefs expects the result of a cache read/write function to be
0 or a negative integer for an error.

Closes micropython#13046

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton <[email protected]>
@projectgus @dpgeorge
extmod/vfs_blockdev: Implement common helper for read and write.
f4ab9d9 
- Code size saving as all of these functions are very similar.
- Resolves the "TODO" of the plain read and write functions not propagating
  errors. An error in the underlying block device now causes VFatFs to
  return EIO, for example.

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton <[email protected]>
@dpgeorge dpgeorge force-pushed the bugfix/stream_read_invalid branch from c893f2e to f4ab9d9 Compare September 26, 2024 12:10
@dpgeorge dpgeorge merged commit f4ab9d9 into micropython:master Sep 26, 2024
@dpgeorge
Copy link
Member

dpgeorge commented Sep 26, 2024

Thanks, now merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dpgeorge dpgeorge dpgeorge approved these changes

Assignees

No one assigned

Labels

bug extmod Relates to extmod/ directory in source

Projects

None yet

Milestone

release-1.24.0

Development

Successfully merging this pull request may close these issues.

heap-buffer-overflow: from integer overflow at mp_stream_rw

3 participants

@projectgus @dpgeorge @iabdalkader