[PATCH] mtd: nand: warn if hamming layout is used with too large ECC
Stefan Agner
stefan at agner.ch
Fri Feb 9 03:55:49 PST 2018
On 09.02.2018 10:58, Boris Brezillon wrote:
> On Fri, 09 Feb 2018 10:20:37 +0100
> Stefan Agner <stefan at agner.ch> wrote:
>
>>
>> But some kind of sanity check somewhere might be worthwhile, I was a bit
>> surprised that this overflowing happens on a driver in operational use
>> and goes unnoticed. I realize that this patch is not ideal. Maybe making
>> length signed, then we could sanity check in
>> mtd_ooblayout_count_bytes...
>
> Something like that should help us detect this unexpected case:
>
It is less generic than making length signed and checking for positive
length, but fine for me.
--
Stefan
> --->8---
> diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
> index 66b67014508f..ada2e709743f 100644
> --- a/drivers/mtd/nand/nand_base.c
> +++ b/drivers/mtd/nand/nand_base.c
> @@ -201,6 +201,9 @@ static int nand_ooblayout_free_lp_hamming(struct
> mtd_info *mtd, int section, oobregion->offset = 2;
> oobregion->length = ecc_offset - 2;
> } else {
> + if (ecc_offset + ecc->total > mtd->oobsize)
> + return -EINVAL;
> +
> oobregion->offset = ecc_offset + ecc->total;
> oobregion->length = mtd->oobsize - oobregion->offset;
> }
More information about the linux-mtd
mailing list