Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp1913124ybm;
        Sun, 31 May 2020 02:35:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy8oW3cGt9Q3ReNwPw659/Nli0Z1iFp9QO/SonPXy/3L40cDIiRrRAksqHkkUYWUi9m8kZE
X-Received: by 2002:a17:906:fc13:: with SMTP id ov19mr3526617ejb.212.1590917707359;
        Sun, 31 May 2020 02:35:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590917707; cv=none;
        d=google.com; s=arc-20160816;
        b=zLYt70CREnMniaAQLBoXrNx4329D0eBgs2/iYAYZhLuoiSH1nMYu4Jf+KwdLWhSLG9
         iUlU2QJwtHK6o6dG8squh1sbwWz7/EhIF2itt/cQuzsnxl7/67cNa/UzRQhlq/oYL56t
         SjbhMKdjTJTX8QSVBGqtcrKdNjn5Yf1Bvoahehot8kWH7qCK1AjeLGTNcoGZ9iKqWidF
         Z6F4zPNs0fLbYUhXtKotNza71eA2eWUSQHqtxY/YJcwQiMKyc18AEbqaYfjXnk7VZvvK
         UvHRMLTHfWIZgCcXgJln8Am65azJSHjSPX1ZVboE8paDYiPFhWrF4a9yKIVZrr4Q0Qr2
         3TBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=VAG8TaT+2P5xmIws2CpHpkpVUo5ktRCdXi0mFy5w2p0=;
        b=PY0VxKwtZ6Tlq/5DvnxfaJ3DZpDcSrbv/bFwfL+lst+N40bmPXj0Y28jpjGa2D0ScF
         Vm2S61I9FgO8FIkONGgRVpPhTEiHqlsgMgA57l+j905NA/jvC1E/m4tmMBMYlm2SD7X3
         IgZRlRnBtjRRll2Fn+LkW1TZ0UaZqlkCpUCx11OYQ1ipeNCA0iQreb+kERNKjvkXoZha
         fbdKrx32bWRh1+xcAmJiPvAI6AP91+oYLsO5lxtn+syszYjMW0CJBgAotmjRhC3Ll7So
         EdOErYQvXcCFn5CPsvhajeocW34raSyUpPZZh6eRxEE71PofflwY0VXLEF1HnMlhWZL4
         /T9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="I/amNDxU";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q3si9027689edc.174.2020.05.31.02.34.42;
        Sun, 31 May 2020 02:35:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="I/amNDxU";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727936AbgEaJa0 (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Sun, 31 May 2020 05:30:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45858 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725813AbgEaJa0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 31 May 2020 05:30:26 -0400
Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com [IPv6:2607:f8b0:4864:20::543])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10583C061A0E;
        Sun, 31 May 2020 02:30:26 -0700 (PDT)
Received: by mail-pg1-x543.google.com with SMTP id s10so2128545pgm.0;
        Sun, 31 May 2020 02:30:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=VAG8TaT+2P5xmIws2CpHpkpVUo5ktRCdXi0mFy5w2p0=;
        b=I/amNDxUiEx15hrLjE/jkQEp4cTYoUQcRshnczYAQ3YcbTg1qVSvSWpczx5zDGXWN0
         IMfLe8KDoKvT4diDZ7TWFJ5czYX2Z6SctkNDgydq58GLXEv8skcJHUVkcbApMEdvtdhR
         nF92za3zy5AKTzKq+7Kaj1o2LIzcd/aSRw53y6BbqK83S46/OWYPlgHD3PwvTtH1dqmT
         FVq7za7ZlauCspMkYulhc5AadzBX6+LLNGRMdlxxFRINwiepodfsViAKAr4ZgKWkQ/el
         n8WyyFgEcViOqWF5CsziMB05jZ+8S1Th8vKGYTC77SiXSnOHHLWkLV2fEfGiXk18ZPsv
         RyoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=VAG8TaT+2P5xmIws2CpHpkpVUo5ktRCdXi0mFy5w2p0=;
        b=Vui5hkxxtDZrlO3HcDIg1pAAGy6wyQQCB4ZOW96Yh020wJBa69oio8yWOf+Kwk3Ppp
         GQ5aAJHnGAw1+BZ7q4mVNxhZYB63Z5nB/HufDYnsbS1Bk1eeno6S5l/2Px3egOJpUTpR
         p2IooBXL4eiabpyfso4l0R68YIO9Ym5g51NiRmAhkeROiGIxJ84afIBwr+Afa7calexo
         2YO2lwsoiCsWkXnZELvWmsTFPbv1DASFVwoEna3zqXxXnoZwZ7WvvSMXBoHbIVU+mpjS
         GAGCiBe7N0fhRdKzGicnYiE8Lstigi/Q+xR5lFVdPDgb8M3N64jGPfSSqKwMJerscp8i
         Z64Q==
X-Gm-Message-State: AOAM532F44weKWburVTVujVtRKhXJudr2RjyHFzdpDsae3IzTdjamNcf
        SUT6cSyFFQUZpAMupyYge8wU/zH4otw=
X-Received: by 2002:a62:1c93:: with SMTP id c141mr16209862pfc.289.1590917424454;
        Sun, 31 May 2020 02:30:24 -0700 (PDT)
Received: from dc803.flets-west.jp ([2404:7a87:83e0:f800:181d:bb76:cc02:958c])
        by smtp.gmail.com with ESMTPSA id q44sm4538436pja.29.2020.05.31.02.30.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 31 May 2020 02:30:23 -0700 (PDT)
From:   Tetsuhiro Kohada <kohada.t2@gmail.com>
To:     kohada.t2@gmail.com
Cc:     kohada.tetsuhiro@dc.mitsubishielectric.co.jp,
        mori.takahiro@ab.mitsubishielectric.co.jp,
        motai.hirotaka@aj.mitsubishielectric.co.jp,
        Namjae Jeon <namjae.jeon@samsung.com>,
        Sungjong Seo <sj1557.seo@samsung.com>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 3/4 v4] exfat: add boot region verification
Date:   Sun, 31 May 2020 18:30:17 +0900
Message-Id: <20200531093017.12318-1-kohada.t2@gmail.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Add Boot-Regions verification specified in exFAT specification.
Note that the checksum type is strongly related to the raw structure,
so the'u32 'type is used to clarify the number of bits.

Signed-off-by: Tetsuhiro Kohada <kohada.t2@gmail.com>
---
Changes in v2:
 - rebase with patch 'optimize dir-cache' applied
 - just print a warning when invalid exboot-signature detected
 - print additional information when invalid boot-checksum detected
Changes in v3:
 - based on '[PATCH 2/4 v3] exfat: separate the boot sector analysis'
Changes in v4:
 - fix type of p_sig/p_chksum to __le32

 fs/exfat/exfat_fs.h |  1 +
 fs/exfat/misc.c     | 14 +++++++++++++
 fs/exfat/super.c    | 50 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 65 insertions(+)

diff --git a/fs/exfat/exfat_fs.h b/fs/exfat/exfat_fs.h
index 9673e2d31045..eebbe5a84b2b 100644
--- a/fs/exfat/exfat_fs.h
+++ b/fs/exfat/exfat_fs.h
@@ -514,6 +514,7 @@ void exfat_set_entry_time(struct exfat_sb_info *sbi, struct timespec64 *ts,
 		u8 *tz, __le16 *time, __le16 *date, u8 *time_cs);
 unsigned short exfat_calc_chksum_2byte(void *data, int len,
 		unsigned short chksum, int type);
+u32 exfat_calc_chksum32(void *data, int len, u32 chksum, int type);
 void exfat_update_bh(struct super_block *sb, struct buffer_head *bh, int sync);
 void exfat_chain_set(struct exfat_chain *ec, unsigned int dir,
 		unsigned int size, unsigned char flags);
diff --git a/fs/exfat/misc.c b/fs/exfat/misc.c
index ab7f88b1f6d3..b82d2dd5bd7c 100644
--- a/fs/exfat/misc.c
+++ b/fs/exfat/misc.c
@@ -151,6 +151,20 @@ unsigned short exfat_calc_chksum_2byte(void *data, int len,
 	return chksum;
 }
 
+u32 exfat_calc_chksum32(void *data, int len, u32 chksum, int type)
+{
+	int i;
+	u8 *c = (u8 *)data;
+
+	for (i = 0; i < len; i++, c++) {
+		if (unlikely(type == CS_BOOT_SECTOR &&
+			     (i == 106 || i == 107 || i == 112)))
+			continue;
+		chksum = ((chksum << 31) | (chksum >> 1)) + *c;
+	}
+	return chksum;
+}
+
 void exfat_update_bh(struct super_block *sb, struct buffer_head *bh, int sync)
 {
 	set_bit(EXFAT_SB_DIRTY, &EXFAT_SB(sb)->s_state);
diff --git a/fs/exfat/super.c b/fs/exfat/super.c
index 6a1330be5a9a..405717e4e3ea 100644
--- a/fs/exfat/super.c
+++ b/fs/exfat/super.c
@@ -491,6 +491,50 @@ static int exfat_read_boot_sector(struct super_block *sb)
 	return 0;
 }
 
+static int exfat_verify_boot_region(struct super_block *sb)
+{
+	struct buffer_head *bh = NULL;
+	u32 chksum = 0;
+	__le32 *p_sig, *p_chksum;
+	int sn, i;
+
+	/* read boot sector sub-regions */
+	for (sn = 0; sn < 11; sn++) {
+		bh = sb_bread(sb, sn);
+		if (!bh)
+			return -EIO;
+
+		if (sn != 0 && sn <= 8) {
+			/* extended boot sector sub-regions */
+			p_sig = (__le32 *)&bh->b_data[sb->s_blocksize - 4];
+			if (le32_to_cpu(*p_sig) != EXBOOT_SIGNATURE)
+				exfat_warn(sb, "Invalid exboot-signature(sector = %d): 0x%08x",
+					   sn, le32_to_cpu(*p_sig));
+		}
+
+		chksum = exfat_calc_chksum32(bh->b_data, sb->s_blocksize,
+			chksum, sn ? CS_DEFAULT : CS_BOOT_SECTOR);
+		brelse(bh);
+	}
+
+	/* boot checksum sub-regions */
+	bh = sb_bread(sb, sn);
+	if (!bh)
+		return -EIO;
+
+	for (i = 0; i < sb->s_blocksize; i += sizeof(u32)) {
+		p_chksum = (__le32 *)&bh->b_data[i];
+		if (le32_to_cpu(*p_chksum) != chksum) {
+			exfat_err(sb, "Invalid boot checksum (boot checksum : 0x%08x, checksum : 0x%08x)",
+				  le32_to_cpu(*p_chksum), chksum);
+			brelse(bh);
+			return -EINVAL;
+		}
+	}
+	brelse(bh);
+	return 0;
+}
+
 /* mount the file system volume */
 static int __exfat_fill_super(struct super_block *sb)
 {
@@ -503,6 +547,12 @@ static int __exfat_fill_super(struct super_block *sb)
 		goto free_bh;
 	}
 
+	ret = exfat_verify_boot_region(sb);
+	if (ret) {
+		exfat_err(sb, "invalid boot region");
+		goto free_bh;
+	}
+
 	ret = exfat_create_upcase_table(sb);
 	if (ret) {
 		exfat_err(sb, "failed to load upcase table");
-- 
2.25.1