[Skiboot] [PATCH] flash: fix offset and size parameters check
Cédric Le Goater
clg at fr.ibm.com
Sat Jun 13 00:41:11 AEST 2015
Copying the flash from the host fails :
# cat /dev/mtd0 > pnor
cat: /dev/mtd0: Input/output error
and the kernel logs :
[ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1)
It seems that the check on the parameters in the opal_flash_op() routine
are bit excessive and we fail to write or read the last block.
Here is a fix below which should be enough to catch an out of bounds
operation.
Signed-off-by: Cédric Le Goater <clg at fr.ibm.com>
---
core/flash.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: skiboot.git/core/flash.c
===================================================================
--- skiboot.git.orig/core/flash.c
+++ skiboot.git/core/flash.c
@@ -311,8 +311,7 @@ static int64_t opal_flash_op(enum flash_
goto err;
}
- if (size >= flash->size || offset >= flash->size
- || offset + size >= flash->size) {
+ if (offset + size > flash->size) {
rc = OPAL_PARAMETER;
goto err;
}
More information about the Skiboot
mailing list