diff options
| author | Vinit Agnihotri <vinit.agnihotri@gmail.com> | 2007-07-10 06:04:59 -0400 |
|---|---|---|
| committer | Artem Bityutskiy <Artem.Bityutskiy@nokia.com> | 2007-07-18 09:58:12 -0400 |
| commit | d08c3b78b8c46a01b8fa59037a0d9fbb777fb465 (patch) | |
| tree | c27d7d436864175107fe8e2b1de3a11b928c975a /drivers/mtd/ubi | |
| parent | 2f3cdb55eef4fa1398965e893f731fb6e6312d34 (diff) | |
UBI: fix overflow bug
I was experiencing overflows in multiplications for
volume->used_bytes in vmt.c & vtbl.c, while creating & resizing large volumes.
vol->used_bytes is long long however its 2 operands vol->used_ebs &
vol->usable_leb_size
are int. So their multiplication for larger values causes integer overflows.
Typecasting them solves the problem.
My machine & flash details:
64Bit dual-core AMD opteron, 1 GB RAM, linux 2.6.18.3.
mtd size = 6GB, volume size= 5GB, peb_size = 4MB.
heres patch which does the fix.
Signed-off-by: Vinit Agnihotri <vinit.agnihotri@gmail.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Diffstat (limited to 'drivers/mtd/ubi')
| -rw-r--r-- | drivers/mtd/ubi/vmt.c | 8 | ||||
| -rw-r--r-- | drivers/mtd/ubi/vtbl.c | 9 |
2 files changed, 11 insertions, 6 deletions
diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c index d62dac90e108..ea0d5c825ab4 100644 --- a/drivers/mtd/ubi/vmt.c +++ b/drivers/mtd/ubi/vmt.c | |||
| @@ -280,7 +280,8 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) | |||
| 280 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { | 280 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { |
| 281 | vol->used_ebs = vol->reserved_pebs; | 281 | vol->used_ebs = vol->reserved_pebs; |
| 282 | vol->last_eb_bytes = vol->usable_leb_size; | 282 | vol->last_eb_bytes = vol->usable_leb_size; |
| 283 | vol->used_bytes = vol->used_ebs * vol->usable_leb_size; | 283 | vol->used_bytes = |
| 284 | (long long)vol->used_ebs * vol->usable_leb_size; | ||
| 284 | } else { | 285 | } else { |
| 285 | bytes = vol->used_bytes; | 286 | bytes = vol->used_bytes; |
| 286 | vol->last_eb_bytes = do_div(bytes, vol->usable_leb_size); | 287 | vol->last_eb_bytes = do_div(bytes, vol->usable_leb_size); |
| @@ -538,7 +539,8 @@ int ubi_resize_volume(struct ubi_volume_desc *desc, int reserved_pebs) | |||
| 538 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { | 539 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { |
| 539 | vol->used_ebs = reserved_pebs; | 540 | vol->used_ebs = reserved_pebs; |
| 540 | vol->last_eb_bytes = vol->usable_leb_size; | 541 | vol->last_eb_bytes = vol->usable_leb_size; |
| 541 | vol->used_bytes = vol->used_ebs * vol->usable_leb_size; | 542 | vol->used_bytes = |
| 543 | (long long)vol->used_ebs * vol->usable_leb_size; | ||
| 542 | } | 544 | } |
| 543 | 545 | ||
| 544 | paranoid_check_volumes(ubi); | 546 | paranoid_check_volumes(ubi); |
| @@ -739,7 +741,7 @@ static void paranoid_check_volume(struct ubi_device *ubi, int vol_id) | |||
| 739 | goto fail; | 741 | goto fail; |
| 740 | } | 742 | } |
| 741 | 743 | ||
| 742 | n = vol->used_ebs * vol->usable_leb_size; | 744 | n = (long long)vol->used_ebs * vol->usable_leb_size; |
| 743 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { | 745 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { |
| 744 | if (vol->corrupted != 0) { | 746 | if (vol->corrupted != 0) { |
| 745 | ubi_err("corrupted dynamic volume"); | 747 | ubi_err("corrupted dynamic volume"); |
diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c index 1f48c76cf6fe..bc5df50813d6 100644 --- a/drivers/mtd/ubi/vtbl.c +++ b/drivers/mtd/ubi/vtbl.c | |||
| @@ -531,7 +531,8 @@ static int init_volumes(struct ubi_device *ubi, const struct ubi_scan_info *si, | |||
| 531 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { | 531 | if (vol->vol_type == UBI_DYNAMIC_VOLUME) { |
| 532 | vol->used_ebs = vol->reserved_pebs; | 532 | vol->used_ebs = vol->reserved_pebs; |
| 533 | vol->last_eb_bytes = vol->usable_leb_size; | 533 | vol->last_eb_bytes = vol->usable_leb_size; |
| 534 | vol->used_bytes = vol->used_ebs * vol->usable_leb_size; | 534 | vol->used_bytes = |
| 535 | (long long)vol->used_ebs * vol->usable_leb_size; | ||
| 535 | continue; | 536 | continue; |
| 536 | } | 537 | } |
| 537 | 538 | ||
| @@ -561,7 +562,8 @@ static int init_volumes(struct ubi_device *ubi, const struct ubi_scan_info *si, | |||
| 561 | } | 562 | } |
| 562 | 563 | ||
| 563 | vol->used_ebs = sv->used_ebs; | 564 | vol->used_ebs = sv->used_ebs; |
| 564 | vol->used_bytes = (vol->used_ebs - 1) * vol->usable_leb_size; | 565 | vol->used_bytes = |
| 566 | (long long)(vol->used_ebs - 1) * vol->usable_leb_size; | ||
| 565 | vol->used_bytes += sv->last_data_size; | 567 | vol->used_bytes += sv->last_data_size; |
| 566 | vol->last_eb_bytes = sv->last_data_size; | 568 | vol->last_eb_bytes = sv->last_data_size; |
| 567 | } | 569 | } |
| @@ -578,7 +580,8 @@ static int init_volumes(struct ubi_device *ubi, const struct ubi_scan_info *si, | |||
| 578 | vol->usable_leb_size = ubi->leb_size; | 580 | vol->usable_leb_size = ubi->leb_size; |
| 579 | vol->used_ebs = vol->reserved_pebs; | 581 | vol->used_ebs = vol->reserved_pebs; |
| 580 | vol->last_eb_bytes = vol->reserved_pebs; | 582 | vol->last_eb_bytes = vol->reserved_pebs; |
| 581 | vol->used_bytes = vol->used_ebs * (ubi->leb_size - vol->data_pad); | 583 | vol->used_bytes = |
| 584 | (long long)vol->used_ebs * (ubi->leb_size - vol->data_pad); | ||
| 582 | vol->vol_id = UBI_LAYOUT_VOL_ID; | 585 | vol->vol_id = UBI_LAYOUT_VOL_ID; |
| 583 | 586 | ||
| 584 | ubi_assert(!ubi->volumes[i]); | 587 | ubi_assert(!ubi->volumes[i]); |