Kernel oops if CFI probe finds a device larger than map->size
Andre
andre at armcc.org
Tue Oct 18 12:59:56 EDT 2005
genprobe_ident_chips() doesn't enforce a lower limit on the value
calculated for 'max_chips'. If the device found during initial probing is
larger than map->size, max_chips will end up being 0 (which causes all
sorts of bad things to happen...).
The following patch seems to fix things for me:
diff -ru mtd_orig/drivers/mtd/chips/gen_probe.c
mtd/drivers/mtd/chips/gen_probe.c
--- mtd_orig/drivers/mtd/chips/gen_probe.c 2005-09-15
05:17:56.000000000 -0700
+++ mtd/drivers/mtd/chips/gen_probe.c 2005-10-18 10:02:01.000000000 -0700
@@ -98,8 +98,12 @@
/*
* Allocate memory for bitmap of valid chips.
* Align bitmap storage size to full byte.
+ * Ensure we probe at least one chip, even if device
+ * is larger than map->size.
*/
max_chips = map->size >> cfi.chipshift;
+ if (max_chips == 0)
+ max_chips = 1;
mapsize = (max_chips / 8) + ((max_chips % 8) ? 1 : 0);
chip_map = kmalloc(mapsize, GFP_KERNEL);
if (!chip_map) {
Andre McCurdy
--
More information about the linux-mtd
mailing list