[PATCH] block2mtd oops in erase function.
Jörn Engel
joern at lazybastard.org
Mon Feb 19 17:20:41 EST 2007
On Mon, 19 February 2007 22:29:39 +0100, Felix Fietkau wrote:
>
> Hi, I have a small fix for a crash that happened when I was using jffs2
> in combination with block2mtd.c
>
> In the erase function when checking the block to see if it's already
> erased, the limit is to be set to the page_address(page) + PAGE_SIZE,
> but because the variable has the type (ulong *), it gets set to
> PAGE_SIZE*sizeof(ulong), which makes the kernel oops when the page is
> very close to the end of RAM.
Good catch! What a twisted little piece of code you've found.
> Signed-off-by: Felix Fietkau <nbd at openwrt.org>
>
> --- linux.dev/drivers/mtd/devices/block2mtd.c.old 2007-02-18 14:08:59.519952312 +0100
> +++ linux.dev/drivers/mtd/devices/block2mtd.c 2007-02-18 14:09:04.219237912 +0100
> @@ -111,7 +111,7 @@
> if (IS_ERR(page))
> return PTR_ERR(page);
>
> - max = (u_long*)page_address(page) + PAGE_SIZE;
> + max = (u_long*) ((u8 *) page_address(page) + PAGE_SIZE);
> for (p=(u_long*)page_address(page); p<max; p++)
> if (*p != -1UL) {
> lock_page(page);
The proper fix would be to remove the cast instead of adding yet
another. I wonder when those got added.
Jörn
--
He who knows others is wise.
He who knows himself is enlightened.
-- Lao Tsu
More information about the linux-mtd
mailing list