Fixed script issue with bash expansion inside makefile parameter

This was causing code sizes to be reported with several of the logging functions still built in. A useful number, but not the minimum achievable code size.
Fixed information leaks through reused caches
2025-11-01 08:48:31 +01:00 · 2018-07-10 10:43:58 -05:00 · 2018-07-10 11:18:46 -05:00 · 2018-07-10 11:17:50 -05:00 · 2018-07-02 12:01:34 -05:00 · 2018-07-02 10:29:19 -05:00
6 changed files with 49 additions and 24 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,7 +27,7 @@ script:
  # compile and find the code size with the smallest configuration
  - make clean size
        OBJ="$(ls lfs*.o | tr '\n' ' ')"
-        CFLAGS+="-DLFS_NO{ASSERT,DEBUG,WARN,ERROR}"
+        CFLAGS+="-DLFS_NO_ASSERT -DLFS_NO_DEBUG -DLFS_NO_WARN -DLFS_NO_ERROR"
        | tee sizes

  # update status if we succeeded, compare with master if possible
--- a/11
+++ b/11
@@ -1,4 +1,7 @@
-TARGET = lfs
+TARGET = lfs.a
+ifneq ($(wildcard test.c main.c),)
+override TARGET = lfs
+endif

 CC ?= gcc
 AR ?= ar
@@ -22,7 +25,7 @@ ifdef WORD
 override CFLAGS += -m$(WORD)
 endif
 override CFLAGS += -I.
-override CFLAGS += -std=c99 -Wall -pedantic
+override CFLAGS += -std=c99 -Wall -pedantic -Wshadow -Wunused-parameter


 all: $(TARGET)
@@ -35,7 +38,9 @@ size: $(OBJ)
 .SUFFIXES:
 test: test_format test_dirs test_files test_seek test_truncate \
 	test_interspersed test_alloc test_paths test_orphan test_move test_corrupt
+	@rm test.c
 test_%: tests/test_%.sh
+
 ifdef QUIET
 	@./$< | sed -n '/^[-=]/p'
 else
@@ -44,7 +49,7 @@ endif

 -include $(DEP)

-$(TARGET): $(OBJ)
+lfs: $(OBJ)
 	$(CC) $(CFLAGS) $^ $(LFLAGS) -o $@

 %.a: $(OBJ)
--- a/lfs.c
+++ b/lfs.c
@@ -107,6 +107,19 @@ static int lfs_cache_crc(lfs_t *lfs, lfs_cache_t *rcache,
    return 0;
 }

+static inline void lfs_cache_drop(lfs_t *lfs, lfs_cache_t *rcache) {
+    // do not zero, cheaper if cache is readonly or only going to be
+    // written with identical data (during relocates)
+    (void)lfs;
+    rcache->block = 0xffffffff;
+}
+
+static inline void lfs_cache_zero(lfs_t *lfs, lfs_cache_t *pcache) {
+    // zero to avoid information leak
+    memset(pcache->buffer, 0xff, lfs->cfg->prog_size);
+    pcache->block = 0xffffffff;
+}
+
 static int lfs_cache_flush(lfs_t *lfs,
        lfs_cache_t *pcache, lfs_cache_t *rcache) {
    if (pcache->block != 0xffffffff) {
@@ -128,7 +141,7 @@ static int lfs_cache_flush(lfs_t *lfs,
            }
        }

-        pcache->block = 0xffffffff;
+        lfs_cache_zero(lfs, pcache);
    }

    return 0;
@@ -233,7 +246,7 @@ static int lfs_bd_erase(lfs_t *lfs, lfs_block_t block) {
 }

 static int lfs_bd_sync(lfs_t *lfs) {
-    lfs->rcache.block = 0xffffffff;
+    lfs_cache_drop(lfs, &lfs->rcache);

    int err = lfs_cache_flush(lfs, &lfs->pcache, NULL);
    if (err) {
@@ -592,7 +605,7 @@ relocate:

        // drop caches and prepare to relocate block
        relocated = true;
-        lfs->pcache.block = 0xffffffff;
+        lfs_cache_drop(lfs, &lfs->pcache);

        // can't relocate superblock, filesystem is now frozen
        if (lfs_paircmp(oldpair, (const lfs_block_t[2]){0, 1}) == 0) {
@@ -836,7 +849,7 @@ nextname:

        // find entry matching name
        while (true) {
-            int err = lfs_dir_next(lfs, dir, entry);
+            err = lfs_dir_next(lfs, dir, entry);
            if (err) {
                return err;
            }
@@ -1217,7 +1230,7 @@ relocate:
        LFS_DEBUG("Bad block at %d", nblock);

        // just clear cache and try a new block
-        pcache->block = 0xffffffff;
+        lfs_cache_drop(lfs, &lfs->pcache);
    }
 }

@@ -1322,7 +1335,6 @@ int lfs_file_open(lfs_t *lfs, lfs_file_t *file,
    }

    // allocate buffer if needed
-    file->cache.block = 0xffffffff;
    if (lfs->cfg->file_buffer) {
        if (lfs->files) {
            // already in use
@@ -1341,6 +1353,9 @@ int lfs_file_open(lfs_t *lfs, lfs_file_t *file,
        }
    }

+    // zero to avoid information leak
+    lfs_cache_zero(lfs, &file->cache);
+
    // add to list of files
    file->next = lfs->files;
    lfs->files = file;
@@ -1409,7 +1424,7 @@ relocate:
    memcpy(file->cache.buffer, lfs->pcache.buffer, lfs->cfg->prog_size);
    file->cache.block = lfs->pcache.block;
    file->cache.off = lfs->pcache.off;
-    lfs->pcache.block = 0xffffffff;
+    lfs_cache_zero(lfs, &lfs->pcache);

    file->block = nblock;
    return 0;
@@ -1418,7 +1433,7 @@ relocate:
 static int lfs_file_flush(lfs_t *lfs, lfs_file_t *file) {
    if (file->flags & LFS_F_READING) {
        // just drop read cache
-        file->cache.block = 0xffffffff;
+        lfs_cache_drop(lfs, &file->cache);
        file->flags &= ~LFS_F_READING;
    }

@@ -1433,7 +1448,7 @@ static int lfs_file_flush(lfs_t *lfs, lfs_file_t *file) {
            .pos = file->pos,
            .cache = lfs->rcache,
        };
-        lfs->rcache.block = 0xffffffff;
+        lfs_cache_drop(lfs, &lfs->rcache);

        while (file->pos < file->size) {
            // copy over a byte at a time, leave it up to caching
@@ -1451,8 +1466,8 @@ static int lfs_file_flush(lfs_t *lfs, lfs_file_t *file) {

            // keep our reference to the rcache in sync
            if (lfs->rcache.block != 0xffffffff) {
-                orig.cache.block = 0xffffffff;
-                lfs->rcache.block = 0xffffffff;
+                lfs_cache_drop(lfs, &orig.cache);
+                lfs_cache_drop(lfs, &lfs->rcache);
            }
        }

@@ -1630,7 +1645,7 @@ lfs_ssize_t lfs_file_write(lfs_t *lfs, lfs_file_t *file,
                }

                // mark cache as dirty since we may have read data into it
-                file->cache.block = 0xffffffff;
+                lfs_cache_zero(lfs, &file->cache);
            }

            // extend file with new blocks
@@ -1981,7 +1996,6 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
    lfs->cfg = cfg;

    // setup read cache
-    lfs->rcache.block = 0xffffffff;
    if (lfs->cfg->read_buffer) {
        lfs->rcache.buffer = lfs->cfg->read_buffer;
    } else {
@@ -1992,7 +2006,6 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
    }

    // setup program cache
-    lfs->pcache.block = 0xffffffff;
    if (lfs->cfg->prog_buffer) {
        lfs->pcache.buffer = lfs->cfg->prog_buffer;
    } else {
@@ -2002,6 +2015,10 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
        }
    }

+    // zero to avoid information leaks
+    lfs_cache_zero(lfs, &lfs->rcache);
+    lfs_cache_zero(lfs, &lfs->pcache);
+
    // setup lookahead, round down to nearest 32-bits
    LFS_ASSERT(lfs->cfg->lookahead % 32 == 0);
    LFS_ASSERT(lfs->cfg->lookahead > 0);
--- a/lfs_util.h
+++ b/lfs_util.h
@@ -158,6 +158,7 @@ static inline void *lfs_malloc(size_t size) {
 #ifndef LFS_NO_MALLOC
    return malloc(size);
 #else
+    (void)size;
    return NULL;
 #endif
 }
@@ -166,6 +167,8 @@ static inline void *lfs_malloc(size_t size) {
 static inline void lfs_free(void *p) {
 #ifndef LFS_NO_MALLOC
    free(p);
+#else
+    (void)p;
 #endif
 }

--- a/tests/test_files.sh
+++ b/tests/test_files.sh
@@ -30,7 +30,7 @@ TEST

 w_test() {
 tests/test.py << TEST
-    lfs_size_t size = $1;
+    size = $1;
    lfs_size_t chunk = 31;
    srand(0);
    lfs_mount(&lfs, &cfg) => 0;
@@ -50,7 +50,7 @@ TEST

 r_test() {
 tests/test.py << TEST
-    lfs_size_t size = $1;
+    size = $1;
    lfs_size_t chunk = 29;
    srand(0);
    lfs_mount(&lfs, &cfg) => 0;
--- a/tests/test_seek.sh
+++ b/tests/test_seek.sh
@@ -153,7 +153,7 @@ tests/test.py << TEST
    lfs_file_read(&lfs, &file[0], buffer, size) => size;
    memcmp(buffer, "kittycatcat", size) => 0;

-    lfs_size_t size = lfs_file_size(&lfs, &file[0]);
+    size = lfs_file_size(&lfs, &file[0]);
    lfs_file_seek(&lfs, &file[0], 0, LFS_SEEK_CUR) => size;

    lfs_file_close(&lfs, &file[0]) => 0;
@@ -202,7 +202,7 @@ tests/test.py << TEST
    lfs_file_read(&lfs, &file[0], buffer, size) => size;
    memcmp(buffer, "kittycatcat", size) => 0;

-    lfs_size_t size = lfs_file_size(&lfs, &file[0]);
+    size = lfs_file_size(&lfs, &file[0]);
    lfs_file_seek(&lfs, &file[0], 0, LFS_SEEK_CUR) => size;

    lfs_file_close(&lfs, &file[0]) => 0;
@@ -243,7 +243,7 @@ tests/test.py << TEST
    lfs_file_read(&lfs, &file[0], buffer, size) => size;
    memcmp(buffer, "kittycatcat", size) => 0;

-    lfs_size_t size = lfs_file_size(&lfs, &file[0]);
+    size = lfs_file_size(&lfs, &file[0]);
    lfs_file_seek(&lfs, &file[0], 0, LFS_SEEK_CUR) => size;

    lfs_file_close(&lfs, &file[0]) => 0;
@@ -286,7 +286,7 @@ tests/test.py << TEST
    lfs_file_read(&lfs, &file[0], buffer, size) => size;
    memcmp(buffer, "kittycatcat", size) => 0;

-    lfs_size_t size = lfs_file_size(&lfs, &file[0]);
+    size = lfs_file_size(&lfs, &file[0]);
    lfs_file_seek(&lfs, &file[0], 0, LFS_SEEK_CUR) => size;

    lfs_file_close(&lfs, &file[0]) => 0;
Author	SHA1	Message	Date
Christopher Haster	b1c15c1768	Fixed script issue with bash expansion inside makefile parameter This was causing code sizes to be reported with several of the logging functions still built in. A useful number, but not the minimum achievable code size.	2018-07-10 10:43:58 -05:00
Christopher Haster	eed1eec5fd	Fixed information leaks through reused caches As a shortcut, littlefs never bother to zero any of the buffers is used. It didn't need to because it would always write out the entirety of the data it needed. Unfortunately, this, combined with the extra padding used to align buffers to the nearest prog size, would lead to uninitialized data getting written out to disk. This means unrelated file data could be written to different parts of storage, or worse, information leaked from the malloc calls could be written out to disk unnecessarily. found by rojer	2018-07-10 11:18:46 -05:00
Christopher Haster	4a86370327	Added quality of life improvements for main.c/test.c issues 1. Added check for main.c and test.c to decide compilation target 2. Added step to remove test.c after successful test completion The test.c file, which contains the expanded test main, is useful when debugging why tests are failing. However, keeping the test.c file around causes problems when a later attempt is made to compile a larger project containing the littlefs directory. Under (hopefully) normal operation, tests always pass. So it should be ok to remove the test.c file after a successful test run. Hopefully this behaviour doesn't cause too much confusion for contributors using the tests. On the other side of things, compiling the library with no main ends (successfully) with the "main not found" error message. By defaulting to lfs.a if neither test.c/main.c is avoid this in the common cases found by armijnhemel and Sim4n6	2018-07-10 11:17:50 -05:00
Christopher Haster	ba4f17173f	Merge pull request #57 from dpgeorge/fix-warnings Fix some compiler warnings: shadowed variable and unused parameters	2018-07-02 12:01:34 -05:00
Damien George	51346b8bf4	Fixed shadowed variable warnings - Fixed shadowed variable warnings in lfs_dir_find. - Fixed unused parameter warnings when LFS_NO_MALLOC is enabled. - Added extra warning flags to CFLAGS. - Updated tests so they don't shadow the "size" variable for -Wshadow	2018-07-02 10:29:19 -05:00
Christopher Haster	93a2e0bbe5	Merge pull request #62 from ARMmbed/license-bsd-3 v1.4 - Change license to BSD-3-Clause	2018-06-21 13:10:57 -05:00