Patch: Check eraseregion bounds in cfi_varsize_frob
Todd Poynor
tpoynor at mvista.com
Thu Sep 30 21:56:20 EDT 2004
cfi_varsize_frob checks for proper eraseregion index in a couple places,
but not in one other place. Although it only happens when the geometry
isn't setup right (chipshift or block size * numblocks), it can lockup
or cause other strange flash access that would be nice to avoid. Just
in case this sanity check would be considered a good thing. -- Todd
Index: drivers/mtd/chips/cfi_util.c
===================================================================
RCS file: /home/cvs/mtd/drivers/mtd/chips/cfi_util.c,v
retrieving revision 1.5
diff -u -r1.5 cfi_util.c
--- drivers/mtd/chips/cfi_util.c 12 Aug 2004 06:40:23 -0000 1.5
+++ drivers/mtd/chips/cfi_util.c 1 Oct 2004 01:42:37 -0000
@@ -168,9 +168,17 @@
len -= size;
chipmask = (1 << cfi->chipshift) - 1;
- if ((adr & chipmask) == ((regions[i].offset + size * regions[i].numblocks) & chipmask))
+ if ((adr & chipmask) == ((regions[i].offset + size * regions[i].numblocks) & chipmask)) {
i++;
+ if ((i >= mtd->numeraseregions) && len) {
+ printk(KERN_WARNING "Attempt to access illegal"
+ " erase region #%d on %s\n", i,
+ mtd->name);
+ return -EINVAL;
+ }
+ }
+
if (adr >> cfi->chipshift) {
adr = 0;
chipnum++;
More information about the linux-mtd
mailing list