* [PATCH] UBI: block: Avoid disk size integer overflow
@ 2014-03-19 14:57 Richard Weinberger
2014-03-19 23:44 ` Ezequiel Garcia
0 siblings, 1 reply; 2+ messages in thread
From: Richard Weinberger @ 2014-03-19 14:57 UTC (permalink / raw)
To: dedekind1
Cc: Richard Weinberger, linux-kernel, linux-mtd, ezequiel.garcia,
computersforpeace, dwmw2
This patch fixes the issue that on very large UBI volumes
UBI block does not work correctly.
Signed-off-by: Richard Weinberger <richard@nod.at>
---
drivers/mtd/ubi/block.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 9ef7df7..8887d4b 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -379,7 +379,7 @@ int ubiblock_create(struct ubi_volume_info *vi)
{
struct ubiblock *dev;
struct gendisk *gd;
- int disk_capacity;
+ u64 disk_capacity;
int ret;
/* Check that the volume isn't already handled */
@@ -413,7 +413,12 @@ int ubiblock_create(struct ubi_volume_info *vi)
gd->first_minor = dev->ubi_num * UBI_MAX_VOLUMES + dev->vol_id;
gd->private_data = dev;
sprintf(gd->disk_name, "ubiblock%d_%d", dev->ubi_num, dev->vol_id);
- disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+ disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+ if ((sector_t)disk_capacity != disk_capacity) {
+ ubi_err("block: disk capacity %llu too large", disk_capacity);
+ ret = -E2BIG;
+ goto out_free_dev;
+ }
set_capacity(gd, disk_capacity);
dev->gd = gd;
@@ -500,7 +505,7 @@ int ubiblock_remove(struct ubi_volume_info *vi)
static void ubiblock_resize(struct ubi_volume_info *vi)
{
struct ubiblock *dev;
- int disk_capacity;
+ u64 disk_capacity;
/*
* Need to lock the device list until we stop using the device,
@@ -515,7 +520,13 @@ static void ubiblock_resize(struct ubi_volume_info *vi)
}
mutex_lock(&dev->dev_mutex);
- disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+ disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+ if ((sector_t)disk_capacity != disk_capacity) {
+ ubi_err("block: disk capacity %llu too large", disk_capacity);
+ mutex_unlock(&dev->dev_mutex);
+ mutex_unlock(&devices_mutex);
+ return;
+ }
set_capacity(dev->gd, disk_capacity);
ubi_msg("%s resized to %d LEBs", dev->gd->disk_name, vi->size);
mutex_unlock(&dev->dev_mutex);
--
1.8.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] UBI: block: Avoid disk size integer overflow
2014-03-19 14:57 [PATCH] UBI: block: Avoid disk size integer overflow Richard Weinberger
@ 2014-03-19 23:44 ` Ezequiel Garcia
0 siblings, 0 replies; 2+ messages in thread
From: Ezequiel Garcia @ 2014-03-19 23:44 UTC (permalink / raw)
To: Richard Weinberger
Cc: linux-mtd, computersforpeace, dwmw2, linux-kernel, dedekind1
Hi Richard,
First of all, thanks a lot for tracking this down!
On Mar 19, Richard Weinberger wrote:
> This patch fixes the issue that on very large UBI volumes
> UBI block does not work correctly.
>
> Signed-off-by: Richard Weinberger <richard@nod.at>
> ---
> drivers/mtd/ubi/block.c | 19 +++++++++++++++----
> 1 file changed, 15 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
> index 9ef7df7..8887d4b 100644
> --- a/drivers/mtd/ubi/block.c
> +++ b/drivers/mtd/ubi/block.c
> @@ -379,7 +379,7 @@ int ubiblock_create(struct ubi_volume_info *vi)
> {
> struct ubiblock *dev;
> struct gendisk *gd;
> - int disk_capacity;
> + u64 disk_capacity;
> int ret;
>
Perhaps we can calculate the capacity before allocating the struct,
so the error is simpler?
> /* Check that the volume isn't already handled */
> @@ -413,7 +413,12 @@ int ubiblock_create(struct ubi_volume_info *vi)
> gd->first_minor = dev->ubi_num * UBI_MAX_VOLUMES + dev->vol_id;
> gd->private_data = dev;
> sprintf(gd->disk_name, "ubiblock%d_%d", dev->ubi_num, dev->vol_id);
> - disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
> + disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
> + if ((sector_t)disk_capacity != disk_capacity) {
> + ubi_err("block: disk capacity %llu too large", disk_capacity);
Do we absolutely need to print an error to the console (not all drivers
print errors on every error condition)? Isn't it clear enough from the errno?
If we really want to print something, I suggest something like:
"block: volume too large, cannot create", "block: volume too large to create".
> + ret = -E2BIG;
Should we use E2BIG (Parameter list too large) or EFBIG (File too large)?
I don't really like the error that's printed by ubiblock on the first case:
"Parameter list too large". Maybe "File too large" is a bit better?
> + goto out_free_dev;
> + }
> set_capacity(gd, disk_capacity);
> dev->gd = gd;
>
> @@ -500,7 +505,7 @@ int ubiblock_remove(struct ubi_volume_info *vi)
> static void ubiblock_resize(struct ubi_volume_info *vi)
> {
> struct ubiblock *dev;
> - int disk_capacity;
> + u64 disk_capacity;
>
> /*
> * Need to lock the device list until we stop using the device,
> @@ -515,7 +520,13 @@ static void ubiblock_resize(struct ubi_volume_info *vi)
> }
>
> mutex_lock(&dev->dev_mutex);
> - disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
> + disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
> + if ((sector_t)disk_capacity != disk_capacity) {
> + ubi_err("block: disk capacity %llu too large", disk_capacity);
> + mutex_unlock(&dev->dev_mutex);
We can get rid of this mutex_unlock if we take it after getting the capacity.
Maybe you can clean the locks first, and then do this fix?
--
Ezequiel García, Free Electrons
Embedded Linux, Kernel and Android Engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-03-19 23:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-19 14:57 [PATCH] UBI: block: Avoid disk size integer overflow Richard Weinberger
2014-03-19 23:44 ` Ezequiel Garcia
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).