generic: deny write to uImage.FIT sub-image partitions

Set policy bit to force read-only mode on uImage.FIT filesystem sub-images mapped as block partitions by the FIT partition parser. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2025-04-15 18:03:30 +00:00 · 2022-01-11 00:00:36 +00:00 · 2022-01-11 00:00:36 +00:00 · 9072333533
commit 9072333533
parent 9ea2a9923a
3 changed files with 15 additions and 7 deletions
--- a/target/linux/generic/files/block/partitions/fit.c
+++ b/target/linux/generic/files/block/partitions/fit.c
@ -233,7 +233,7 @@ int parse_fit_partitions(struct parsed_partitions *state, u64 fit_start_sector,
 		strlcat(state->pp_buf, tmp, PAGE_SIZE);

 		state->parts[*slot].has_info = true;
-
+		state->parts[*slot].flags |= ADDPART_FLAG_READONLY;
 		if (config_loadables && !strcmp(image_name, config_loadables)) {
 			printk(KERN_DEBUG "FIT: selecting configured loadable \"%s\" to be root filesystem\n", image_name);
 			state->parts[*slot].flags |= ADDPART_FLAG_ROOTDEV;
--- a/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch
+++ b/target/linux/generic/hack-5.10/410-block-fit-partition-parser.patch
@ -1,10 +1,11 @@
 --- a/block/blk.h
 +++ b/block/blk.h
-@@ -361,6 +361,7 @@ char *disk_name(struct gendisk *hd, int
+@@ -361,6 +361,8 @@ char *disk_name(struct gendisk *hd, int
 #define ADDPART_FLAG_NONE	0
 #define ADDPART_FLAG_RAID	1
 #define ADDPART_FLAG_WHOLEDISK	2
-+#define ADDPART_FLAG_ROOTDEV	4
+#define ADDPART_FLAG_READONLY	4
+#define ADDPART_FLAG_ROOTDEV	8
 void delete_partition(struct hd_struct *part);
 int bdev_add_partition(struct block_device *bdev, int partno,
 		sector_t start, sector_t length);
@ -108,13 +109,16 @@
 #ifdef CONFIG_FAIL_MAKE_REQUEST
 	&dev_attr_fail.attr,
 #endif
-@@ -701,6 +722,11 @@ static bool blk_add_partition(struct gen
+@@ -701,6 +722,14 @@ static bool blk_add_partition(struct gen
 	    (state->parts[p].flags & ADDPART_FLAG_RAID))
 		md_autodetect_dev(part_to_dev(part)->devt);
 
 +#ifdef CONFIG_FIT_PARTITION
 +	if ((state->parts[p].flags & ADDPART_FLAG_ROOTDEV) && ROOT_DEV == 0)
 +		ROOT_DEV = part_to_dev(part)->devt;
+
+	if (state->parts[p].flags & ADDPART_FLAG_READONLY)
+		part->policy = true;
 +#endif
 +
 	return true;
--- a/target/linux/generic/hack-5.4/400-block-fit-partition-parser.patch
+++ b/target/linux/generic/hack-5.4/400-block-fit-partition-parser.patch
@ -91,13 +91,16 @@
 #ifdef CONFIG_FAIL_MAKE_REQUEST
 	&dev_attr_fail.attr,
 #endif
-@@ -641,6 +659,10 @@ rescan:
+@@ -641,6 +659,13 @@ rescan:
 		if (state->parts[p].flags & ADDPART_FLAG_RAID)
 			md_autodetect_dev(part_to_dev(part)->devt);
 #endif
 +#ifdef CONFIG_FIT_PARTITION
 +		if ((state->parts[p].flags & ADDPART_FLAG_ROOTDEV) && ROOT_DEV == 0)
 +			ROOT_DEV = part_to_dev(part)->devt;
+
+		if (state->parts[p].flags & ADDPART_FLAG_READONLY)
+			part->policy = true;
 +#endif
 	}
 	free_partitions(state);
@ -124,11 +127,12 @@
 #endif
 --- a/include/linux/genhd.h
 +++ b/include/linux/genhd.h
-@@ -614,6 +614,7 @@ struct unixware_disklabel {
+@@ -614,6 +614,8 @@ struct unixware_disklabel {
 #define ADDPART_FLAG_NONE	0
 #define ADDPART_FLAG_RAID	1
 #define ADDPART_FLAG_WHOLEDISK	2
-+#define ADDPART_FLAG_ROOTDEV	4
+#define ADDPART_FLAG_READONLY	4
+#define ADDPART_FLAG_ROOTDEV	8
 
 extern int blk_alloc_devt(struct hd_struct *part, dev_t *devt);
 extern void blk_free_devt(dev_t devt);