[Skiboot] [PATCH v2] flash: fix offset and size parameters check
Cédric Le Goater
clg at fr.ibm.com
Mon Jun 15 19:55:38 AEST 2015
Copying the flash from the host fails :
# cat /dev/mtd0 > pnor
cat: /dev/mtd0: Input/output error
and the kernel logs :
[ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1)
It seems that the check on the parameters in the opal_flash_op() routine
are bit excessive and we fail to write or read the last block.
Here is a fix below which should be enough to catch an out of bounds
operation.
Signed-off-by: Cédric Le Goater <clg at fr.ibm.com>
---
Change since V2 :
- kept the check for the overflow condition (J. Kerr)
core/flash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: skiboot.git/core/flash.c
===================================================================
--- skiboot.git.orig/core/flash.c
+++ skiboot.git/core/flash.c
@@ -312,7 +312,7 @@ static int64_t opal_flash_op(enum flash_
}
if (size >= flash->size || offset >= flash->size
- || offset + size >= flash->size) {
+ || offset + size > flash->size) {
rc = OPAL_PARAMETER;
goto err;
}
More information about the Skiboot
mailing list