From patchwork Mon Jun 15 09:55:38 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9dric_Le_Goater?= X-Patchwork-Id: 484197 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id E1A17140218 for ; Mon, 15 Jun 2015 19:55:23 +1000 (AEST) Received: from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id CCDD01A0E70 for ; Mon, 15 Jun 2015 19:55:23 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 88FFF1A0E34 for ; Mon, 15 Jun 2015 19:55:19 +1000 (AEST) Received: from /spool/local by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 15 Jun 2015 10:55:15 +0100 Received: from d06dlp01.portsmouth.uk.ibm.com (9.149.20.13) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 15 Jun 2015 10:55:14 +0100 X-Helo: d06dlp01.portsmouth.uk.ibm.com X-MailFrom: clg@fr.ibm.com X-RcptTo: skiboot@lists.ozlabs.org Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by d06dlp01.portsmouth.uk.ibm.com (Postfix) with ESMTP id 689BA17D8059 for ; Mon, 15 Jun 2015 10:56:18 +0100 (BST) Received: from d06av04.portsmouth.uk.ibm.com (d06av04.portsmouth.uk.ibm.com [9.149.37.216]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t5F9tEsx15204498 for ; Mon, 15 Jun 2015 09:55:14 GMT Received: from d06av04.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t5F9tC1j008021 for ; Mon, 15 Jun 2015 03:55:13 -0600 Received: from hermes.kaod.org (sig-9-83-170-69.evts.uk.ibm.com [9.83.170.69]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id t5F9tArb007925; Mon, 15 Jun 2015 03:55:11 -0600 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= To: skiboot@lists.ozlabs.org Date: Mon, 15 Jun 2015 11:55:38 +0200 Message-Id: <1434362138-21272-1-git-send-email-clg@fr.ibm.com> X-Mailer: git-send-email 1.7.10.4 MIME-Version: 1.0 X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15061509-0041-0000-0000-000004C47FB2 Subject: [Skiboot] [PATCH v2] flash: fix offset and size parameters check X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Cyril Bur Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Copying the flash from the host fails : # cat /dev/mtd0 > pnor cat: /dev/mtd0: Input/output error and the kernel logs : [ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1) It seems that the check on the parameters in the opal_flash_op() routine are bit excessive and we fail to write or read the last block. Here is a fix below which should be enough to catch an out of bounds operation. Signed-off-by: Cédric Le Goater Acked-by: Jeremy Kerr --- Change since V2 : - kept the check for the overflow condition (J. Kerr) core/flash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: skiboot.git/core/flash.c =================================================================== --- skiboot.git.orig/core/flash.c +++ skiboot.git/core/flash.c @@ -312,7 +312,7 @@ static int64_t opal_flash_op(enum flash_ } if (size >= flash->size || offset >= flash->size - || offset + size >= flash->size) { + || offset + size > flash->size) { rc = OPAL_PARAMETER; goto err; }