Extended mount to check all metadata-pairs

The most common issue with using littlefs in mbed-os is when users change from littlefs->FAT->littlefs (or with MBR or similar). When this corrupts the superblock, littlefs tries to fall back to the backup superblock. However, at this point in the time the old superblock may be very out-of-date and pointing to an incorrect filesystem. There's no complete solution to a malicious modification of the filesystem (short of checking all metadata+data, a very expensive operation), but we can at least expand our validation to all of the metadata for the filesystem. This at least catches the common issues with changing between different filesystems.
2019-01-17 00:43:58 -06:00 · 2019-01-17 00:43:58 -06:00 · 9d6e309432
parent 1a8844e8ed
commit 9d6e309432
1 changed files with 13 additions and 1 deletions
--- a/features/storage/filesystem/littlefs/littlefs/lfs.c
+++ b/features/storage/filesystem/littlefs/littlefs/lfs.c
@ -2206,6 +2206,10 @@ int lfs_mount(lfs_t *lfs, const struct lfs_config *cfg) {

        lfs->root[0] = superblock.d.root[0];
        lfs->root[1] = superblock.d.root[1];
+        if (lfs_paircmp(lfs->root, dir.d.tail) != 0) {
+            err = LFS_ERR_CORRUPT;
+            goto cleanup;
+        }
    }

    if (err || memcmp(superblock.d.magic, "littlefs", 8) != 0) {
@ -2223,10 +2227,18 @@ int lfs_mount(lfs_t *lfs, const struct lfs_config *cfg) {
        goto cleanup;
    }

+    // verify that no metadata pairs are corrupt
+    while (!lfs_pairisnull(dir.d.tail)) {
+        err = lfs_dir_fetch(lfs, &dir, dir.d.tail);
+        if (err) {
+            goto cleanup;
+        }
+    }
+
+    // succuessfully mounted
    return 0;

 cleanup:
-
    lfs_deinit(lfs);
    return err;
 }