[PATCH] mtd: ubi: Added a check for ubi_num
Zhihao Cheng
chengzhihao1 at huawei.com
Mon Nov 25 05:41:51 PST 2024
在 2024/11/25 21:23, Denis Arefev 写道:
> Added a check for ubi_num for negative numbers
> If the variable ubi_num takes negative values then we get:
>
> qemu-system-arm ... -append "ubi.mtd=0,0,0,-22222345" ...
> [ 0.745065] ubi_attach_mtd_dev from ubi_init+0x178/0x218
> [ 0.745230] ubi_init from do_one_initcall+0x70/0x1ac
> [ 0.745344] do_one_initcall from kernel_init_freeable+0x198/0x224
> [ 0.745474] kernel_init_freeable from kernel_init+0x18/0x134
> [ 0.745600] kernel_init from ret_from_fork+0x14/0x28
> [ 0.745727] Exception stack(0x90015fb0 to 0x90015ff8)
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 897a316c9e6f ("UBI: handle attach ioctl")
Hi Denis,
I think the problem is imported by
83ff59a066637a6c28844bbf43009459408240f4("UBI: support ubi_num on
mtd.ubi command line").
> Signed-off-by: Denis Arefev <arefev at swemel.ru>
> ---
> drivers/mtd/ubi/build.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
> index 30be4ed68fad..dae569f48b87 100644
> --- a/drivers/mtd/ubi/build.c
> +++ b/drivers/mtd/ubi/build.c
> @@ -920,7 +920,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
> return -ENFILE;
> }
> } else {
> - if (ubi_num >= UBI_MAX_DEVICES)
> + if (ubi_num < UBI_DEV_NUM_AUTO || ubi_num >= UBI_MAX_DEVICES)
> return -EINVAL;
The ioctl(UBI_IOCATT) already checks the 'ubi_num', so I prefer to add
the missing check in ubi_mtd_param_parse().
>
> /* Make sure ubi_num is not busy */
>
More information about the linux-mtd
mailing list