From patchwork Wed Oct 30 05:37:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominique Martinet X-Patchwork-Id: 2003983 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=fuRQyX6U; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2607:f8b0:4864:20::e3c; helo=mail-vs1-xe3c.google.com; envelope-from=swupdate+bncbcwivbv7sugrbnmmq64qmgqe5sp7f3i@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-vs1-xe3c.google.com (mail-vs1-xe3c.google.com [IPv6:2607:f8b0:4864:20::e3c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdbWL3nY2z1xwK for ; Wed, 30 Oct 2024 16:38:05 +1100 (AEDT) Received: by mail-vs1-xe3c.google.com with SMTP id ada2fe7eead31-4a48bae143dsf2484496137.3 for ; Tue, 29 Oct 2024 22:38:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1730266680; cv=pass; d=google.com; s=arc-20240605; b=NgT1GHld7rwLGV/uB8iJ3UubaiMJEnYwYPnIHRsWxbgUYbiMPTL97lyH8UZgM97tdj kepz4RKWzwv6R783U8FAihUC1b/FtQ1PKUEpP/zPXsk8CWOwszJmprYpW68FsQ6cNvEH 0xWdsbrRieJjvbNqMvGBtvzPASou8ek85VElGeg1gTSN3haWxR2BhU/KwMMfLGZXchCB jW9HxGlZdmhr8nU79sud9r0cqZP3HVccP/Y4giqFtIiDxtKMBWUY5pgfzEUsNEr2fe6O QNfzJIMogyBWrV8Zyk9K06+bcR1VZ4t8q6t+KLRWi/TUMqv8AlyDyWIIG0WAbKoW8WZj 2IrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=SLy1qtnHQeJhW857280x9yvTySTHupl2xEQdwE5Jqb0=; fh=UHI9COz9dua+nF9YdAz5oFpuYiDu3G3Cn8ziOQA0rAU=; b=CZTHNDac9IKbdog+A3O+tZ+ZEuSuETC9QvcW8vImYsxAKRjSYRF/OXyVpgJwFtfG31 nfAKbxW9G6kDfwF2GBzTFug8TYgwheI7p2+ucoAro2eAov3WnvcXz233VOgr34y8/SlU n9sId4kImEI4sbfQ5KHmMvQ5NrGh4A9R+401B0aPwsy4EI2uWbZCOuFpburwHVEtFM3g VnrpVN26pOZhcYCWnp5TpD4YVC7/61qGX6dogY+a2xb7yqJIIaQ+wNsS9nYL0CGF92xR h6Do/7ZDPzarupAlsGukuE7TwI9xoS6sNJQfMSefAjfTGwHPJr3B0iG2eLN41geInTqr 8NvA==; darn=patchwork.ozlabs.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@atmark-techno.com header.s=gw2_bookworm header.b=PiGaaGoZ; dkim=pass header.i=@atmark-techno.com header.s=google header.b=XTqeQFxf; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 35.74.137.57 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atmark-techno.com; dara=fail header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1730266680; x=1730871480; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=SLy1qtnHQeJhW857280x9yvTySTHupl2xEQdwE5Jqb0=; b=fuRQyX6Ul5EvCFKk1WNRG69fH3eLnBZ83qvlCa8pa6j86X2b8QMMiM9LD5Rb303FAF f5+QVVhtdISiRUPES5rw1bl0Sb2g1MaoSdtD5ZMB4eKHlBNIXqqYNUUL7yzQpODgOPM7 FHzJ16NbTT8GQVSqZ5CKTec1cP7QERDzS+M+bO3ZDjuRmtUqfU/lRg57+ojqmbB7woOB Z0/PCz17FIppeCIggNkVCPNUW3IAuh38uaEx+bYwe5H96b08uxBf313tFuljgq7dZdbw hsDgKvZhB5+dv7DdNUGG7Zw7CCtSQOkRRioJYIKteK7wajHXLR6bEuMXRjReWzXpFvD/ Uy/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730266680; x=1730871480; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=SLy1qtnHQeJhW857280x9yvTySTHupl2xEQdwE5Jqb0=; b=TQTgil3Ztogin+lL38gkKbVor51Tl2vKPK8NUukWR+T8UKl69rn7d60rHLpiZQ8WYp ssHhYnqcCE1mwtqgqkzvAU7J17BrKlimZc4kojhuk03gKgPz6KKFUBDbeEmaiAW/eLyc 7EmX/vWtZxXMm3yfyyIBnW38k47wXFOmUInrId5xObxjyyFMOqmVUOXpkalTFn6laL8h UpHoDQvEe+rGjuK51viqDuylU0C69/TCD8Ga7zXo8qjJ42rpfRktJzrj7ErgLc7bZT6M ec008FIwSVk8xqRSWjdQYE5vn321sCrRRquaR3S+mmORD4UPOdGDA7Q6lNDrpuiBVlR6 c/9g== Sender: swupdate@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVtwLIMA4KJkzew13kiAaZPnTvbYkAboodjK05vHi5FhkJRtp/hH+3REFilVPom0+srw/ArS1V+qQ==@patchwork.ozlabs.org X-Gm-Message-State: AOJu0Yw+trBrbCNf2atnLa5VlyXn1djZefhtbnxn7D4C4bogd+dtq0yk 8Qitc2xi19+WQA7Jg3OQ9nTx1oIQKN5yO+DP9qzp2qZM/pu1nmFE X-Google-Smtp-Source: AGHT+IEU6Zqz1cEww1cYtIWO++XXSw/kdWGJNKxbz9wxbiVzgwNYq0m5WzZUVJJqwTU6iPX1NYZ7Bw== X-Received: by 2002:a05:6102:942:b0:4a5:be31:b349 with SMTP id ada2fe7eead31-4a90109fb80mr2427168137.28.1730266678350; Tue, 29 Oct 2024 22:37:58 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:622a:1928:b0:461:2c82:a2ae with SMTP id d75a77b69052e-4612c82b29als102003441cf.0.-pod-prod-01-us; Tue, 29 Oct 2024 22:37:56 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUlEOCA79MTTG5uazFUsIoP1pjpERIsWfrm3/lbdwxZRd9a4D84ZrhZSVX/WXwTMDzgD9BAsQcdyQ==@googlegroups.com X-Received: by 2002:a05:620a:f06:b0:7b1:560d:1a39 with SMTP id af79cd13be357-7b1aee582d4mr240150285a.62.1730266676496; Tue, 29 Oct 2024 22:37:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1730266676; cv=none; d=google.com; s=arc-20240605; b=lPCCYJeHQl+U2byUviZBraQ1RA74GkfKYQjcYfh+OvQ/iXonSZBngSMstQd497ukmG 9pO7m5F3ftk2wGtr3j2vQA11fRhKmbSnwl7OnD4+a+xuNDp8guZBnN2UTFMCPPNoDiC5 feub7ZewEWm2I+gx/0DPivjOJow+Rj5dB1O52U63HiYSN0QEJODB9lRY6qhDy9CT2wxj 5fvgefVY8PQoEgUihhYrDOu8d3cE3sCMkHHtOKwe+nl6tt4RM6OQgtwy3hpfyttUMdtn 7QomRYC/SWFyVX+ahxtcR1LaZZXeVasyTOeWKvdXy5WbSRhcccLFPO0osiJ1AnGISgx7 ubyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:dkim-signature; bh=f6r8ZRs4a684F3wYtdB7/jsOeAPa7cUbR1RQTX7Gkvs=; fh=jqirWj+oeGcDI/NelbmDYXYZSn4rQvWUnEbecAFDFzg=; b=Q1WFQSngSmiSB1cLYVC+0eZ8P8cT6ZjRNhuPg7S6QDgBrCuE19HPFEorNY4ZDjVl/S BdJ8qSXMnXbg+xRdvXO/atvmZWdkE5no/Wi8yNoMSfGDInllLZN2EFMUZ55WZUfGxpCQ 4Vx/kO3lG6DKdCYs/U85JqFCjOmxqxsHJLbSPfMbI1ELwH6gOlBJZTqvg/VYj1CztT7/ QqI4jh3czUQJykgcEvj3tw3p+UG+gVEDuuHmTV+dEz5uQR2Zg54iwpZhyFjIZdnWPAAD RiGWgrKSoqJ+jKFhOCT+g6V+PJ3QWdRvy4rsX7fNWZKaJXCFpVx3LXnLqbowk4EsL/6w sUYQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@atmark-techno.com header.s=gw2_bookworm header.b=PiGaaGoZ; dkim=pass header.i=@atmark-techno.com header.s=google header.b=XTqeQFxf; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 35.74.137.57 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atmark-techno.com; dara=fail header.i=@googlegroups.com Received: from gw2.atmark-techno.com (gw2.atmark-techno.com. [35.74.137.57]) by gmr-mx.google.com with ESMTPS id af79cd13be357-7b18d331fbbsi46352485a.4.2024.10.29.22.37.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 22:37:56 -0700 (PDT) Received-SPF: pass (google.com: domain of dominique.martinet@atmark-techno.com designates 35.74.137.57 as permitted sender) client-ip=35.74.137.57; Received: from gw2.atmark-techno.com (localhost [127.0.0.1]) by gw2.atmark-techno.com (Postfix) with ESMTP id D271E91B for ; Wed, 30 Oct 2024 14:37:53 +0900 (JST) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by gw2.atmark-techno.com (Postfix) with ESMTPS id 843DE62E for ; Wed, 30 Oct 2024 14:37:53 +0900 (JST) Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-20e67b82aa3so50785575ad.0 for ; Tue, 29 Oct 2024 22:37:53 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWs6sqoBkyOmRu5d9toaw1+XRbkcUF+wuGR9Tcr3fG7KLkKKgQWvgGa9Jj3n4wCHcDkDRXN++5N3A==@googlegroups.com X-Received: by 2002:a17:902:dace:b0:20c:5cdd:a91 with SMTP id d9443c01a7336-210f76d6870mr25366235ad.41.1730266672471; Tue, 29 Oct 2024 22:37:52 -0700 (PDT) X-Received: by 2002:a17:902:dace:b0:20c:5cdd:a91 with SMTP id d9443c01a7336-210f76d6870mr25366025ad.41.1730266672110; Tue, 29 Oct 2024 22:37:52 -0700 (PDT) Received: from localhost (76.125.194.35.bc.googleusercontent.com. [35.194.125.76]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-210bbf4418esm75005375ad.15.2024.10.29.22.37.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Oct 2024 22:37:51 -0700 (PDT) From: Dominique Martinet To: stefano.babic@swupdate.org, swupdate@googlegroups.com Cc: Dominique Martinet Subject: [swupdate] [PATCH] core/parser: add 'size' attribute to sw-description Date: Wed, 30 Oct 2024 14:37:47 +0900 Message-Id: <20241030053747.3905143-1-dominique.martinet@atmark-techno.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-Original-Sender: dominique.martinet@atmark-techno.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@atmark-techno.com header.s=gw2_bookworm header.b=PiGaaGoZ; dkim=pass header.i=@atmark-techno.com header.s=google header.b=XTqeQFxf; spf=pass (google.com: domain of dominique.martinet@atmark-techno.com designates 35.74.137.57 as permitted sender) smtp.mailfrom=dominique.martinet@atmark-techno.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atmark-techno.com; dara=fail header.i=@googlegroups.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , This allows specifying the size of each cpio file in the sw-description The motivation behind this change is that files are only verified as they are copied to temporary directory or streamed, but without the size information a file could be streamed forever and easily fill in the tmp directory by replacing the files of a valid (signed) SWU. This will be useful even if a chunked checksum is implemented, because while the chunked checksum implicitly also validates the files length it is not useful to include chunked checksums for files that have an intermediate copy stored, and it is more efficient and simpler to only have this size information. Implementation note: SEARCH_FILE (updated in swupdate.h) is only used in cpio_scan, itself never used anywhere in the current code, so this part of the patch has no way of being tested. Signed-off-by: Dominique Martinet Reviewed-by: Stefano Babic --- This is another point I had brought up in the discussions this summer. It is much simpler both conceptually and in the implementation than chunked checksums, so we can probably get this in more easily -- please let me know if you want me to fix something. core/cpio_utils.c | 6 ++++++ core/installer.c | 6 ++++++ doc/source/sw-description.rst | 5 +++++ include/swupdate.h | 1 - parser/parser.c | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 382b22c36434..7f642685b0d4 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -799,6 +799,12 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start) fdh.size, file_listed ? "REQUIRED" : "not required"); + if (img->size && img->size != fdh.size) { + ERROR("%s: size mismatch %llu / %lu", + img->fname, img->size, fdh.size); + return -1; + } + img->size = fdh.size; /* * use copyfile for checksum and hash verification, as we skip file * we do not have to provide fdout diff --git a/core/installer.c b/core/installer.c index 0cb06b2ca419..e3abfd30ddf6 100644 --- a/core/installer.c +++ b/core/installer.c @@ -58,6 +58,12 @@ swupdate_file_t check_if_required(struct imglist *list, struct filehdr *pfdh, if (strcmp(pfdh->filename, img->fname) == 0) { skip = COPY_FILE; img->provided = 1; + if (img->size && img->size != (unsigned int)pfdh->size) { + ERROR("Size in sw-description %llu does not match size in cpio %u", + img->size, (unsigned int)pfdh->size); + return -EINVAL; + + } img->size = (unsigned int)pfdh->size; if (snprintf(img->extract_file, diff --git a/doc/source/sw-description.rst b/doc/source/sw-description.rst index d4cb8971b4ed..7d13e1e65d18 100644 --- a/doc/source/sw-description.rst +++ b/doc/source/sw-description.rst @@ -1491,3 +1491,8 @@ There are 4 main sections inside sw-description: | | | | the mtd to update, instead of | | | | | specifying the devicenode | +-------------+----------+------------+---------------------------------------+ + | size | int64 | images | size of the file as it is expected | + | | | files | in the SWU. If set and the cpio size | + | | | scripts | does not match for some reason the | + | | | | update will fail with an error. | + +-------------+----------+------------+---------------------------------------+ diff --git a/include/swupdate.h b/include/swupdate.h index 7cf421047187..a68c0950dd3f 100644 --- a/include/swupdate.h +++ b/include/swupdate.h @@ -96,7 +96,6 @@ struct swupdate_cfg { found = 1; \ img->offset = offs; \ img->provided = 1; \ - img->size = fdh.size; \ } \ } \ if (!found) \ diff --git a/parser/parser.c b/parser/parser.c index f5113f94841b..52bee8cbf11d 100644 --- a/parser/parser.c +++ b/parser/parser.c @@ -420,6 +420,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im GET_FIELD_STRING(p, elem, "filesystem", image->filesystem); GET_FIELD_STRING(p, elem, "type", image->type); GET_FIELD_STRING(p, elem, "data", image->type_data); + GET_FIELD_INT64(p, elem, "size", &image->size); get_hash_value(p, elem, image->sha256); /*