答复: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

From: chengzhihao <chengzhihao1@huawei.com>
To: Richard Weinberger <richard.weinberger@gmail.com>
Cc: "zhangyi \(F\)" <yi.zhang@huawei.com>,
	Richard Weinberger <richard@nod.at>,
	Sascha Hauer <s.hauer@pengutronix.de>,
	Artem Bityutskiy <dedekind1@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Subject: 答复: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
Date: Fri, 16 Aug 2019 08:00:42 +0000	[thread overview]
Message-ID: <0B80F9D4116B2F4484E7279D5A66984F7C0325@dggemi524-mbx.china.huawei.com> (raw)
In-Reply-To: CAFLxGvz__aw+BnfmGS3XXGqT6n6q-9miLPoVcL9KuvaZ2QbVUQ@mail.gmail.com

[-- Attachment #1: Type: text/plain, Size: 1701 bytes --]

>  ubifs_assert(c, p < c->gap_lebs + c->lst.idx_lebs);

I've done 50 problem reproduces on different flash devices and made sure that the assertion was not triggered. See record.txt for details.

-----邮件原件-----
发件人: chengzhihao 
发送时间: 2019年8月14日 9:20
收件人: 'Richard Weinberger' <richard.weinberger@gmail.com>
抄送: Richard Weinberger <richard@nod.at>; Sascha Hauer <s.hauer@pengutronix.de>; Artem Bityutskiy <dedekind1@gmail.com>; zhangyi (F) <yi.zhang@huawei.com>; linux-mtd@lists.infradead.org; LKML <linux-kernel@vger.kernel.org>
主题: 答复: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

Sure, I'll do more tests on different machines to check the assertion. I'm trying to understand when this assertion will be triggered. Although I haven't found this assertion be triggered so far in several tests on x86_64(qemu).

-----邮件原件-----
发件人: Richard Weinberger [mailto:richard.weinberger@gmail.com] 
发送时间: 2019年8月14日 5:44
收件人: chengzhihao <chengzhihao1@huawei.com>
抄送: Richard Weinberger <richard@nod.at>; Sascha Hauer <s.hauer@pengutronix.de>; Artem Bityutskiy <dedekind1@gmail.com>; zhangyi (F) <yi.zhang@huawei.com>; linux-mtd@lists.infradead.org; LKML <linux-kernel@vger.kernel.org>
主题: Re: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

On Tue, Jul 30, 2019 at 3:21 AM chengzhihao <chengzhihao1@huawei.com> wrote:
>
> OK, that's fine, and I will continue to understand more implementation code related to this part.

I think we can go with the realloc() approach for now.
Can you please check whether the assert() triggers?

-- 
Thanks,
//richard

[-- Attachment #2: record.txt --]
[-- Type: text/plain, Size: 8397 bytes --]

No												Log																			Config
1		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
2		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
3		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
4		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
5		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
6		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
7		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
8		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
9		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
10		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
11		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
12		c->lst.idx_lebs[origin] = 3, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 10 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
13		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
14		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
15		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
16		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
17		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
18		c->lst.idx_lebs[origin] = 6, c->lst.idx_lebs[curr] = 13, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
19		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
20		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
21		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
22		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
23		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
24		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
25		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
26		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
27		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
28		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
29		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
30		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
31		c->lst.idx_lebs[origin] = 6, c->lst.idx_lebs[curr] = 13, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
32		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
33		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
34		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
35		c->lst.idx_lebs[origin] = 15, c->lst.idx_lebs[curr] = 19, p - c->gap_lebs = 16 ====		mtdram: 32MiB, PEB size 16KiB, fastmap enabled, volume size 22MiB
36		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
37		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
38		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
39		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== 		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
40		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
41		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
42		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
43		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
44		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
45		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
46		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
47		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
48		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
49		c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ====		nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
50		c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ====		mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB

[-- Attachment #3: Type: text/plain, Size: 144 bytes --]

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/