BUG: divide error in ubi_attach_mtd_dev
Richard Weinberger
richard at nod.at
Sun Apr 23 01:02:20 PDT 2023
----- Ursprüngliche Mail -----
> Von: "chengzhihao1" <chengzhihao1 at huawei.com>
>>> root at syzkaller:~# cat /proc/mtd
>>> dev: size erasesize name
>>> mtd0: 00020000 00001000 “mtdram test device”
>>
>> Hmm, mtdram should be fine, erasesize is not zero.
>>
>
> I guess the zero-erasesize mtd device is dynamically generated in
> runtime, after looking through the code, I find erasesize is
> initiallized in specific flash driver and it won't be updated later(eg.
> ioctl\sysctl). And some mtd devices may have zero erasesize, eg.
> drivers/mtd/devices/mchp23k256.c[1]. Unfortunately, I don't know how to
> load/simulate this mtd, maybe it requires a real device? If we load this
> mtd device as ubi, it will trigger the problem?
Indeed. I guess qemu can emulate such chips.
So better fix UBI to reject attaching of mtd's with erasesize being 0.
(Please note, we cannot test for MTD_NO_ERASE, this one means there is no
erase method).
Thanks,
//richard
More information about the linux-mtd
mailing list