From patchwork Wed Mar 19 14:57:54 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Weinberger <richard@nod.at>
X-Patchwork-Id: 331758
Return-Path: 
 <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from casper.infradead.org (unknown [IPv6:2001:770:15f::2])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id EC9902C00A1
	for <incoming@patchwork.ozlabs.org>;
	Thu, 20 Mar 2014 01:58:47 +1100 (EST)
Received: from merlin.infradead.org ([2001:4978:20e::2])
	by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WQHwr-0001BH-B4; Wed, 19 Mar 2014 14:58:29 +0000
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WQHwp-00060l-Jo; Wed, 19 Mar 2014 14:58:27 +0000
Received: from b.ns.miles-group.at ([95.130.255.144] helo=radon.swed.at)
	by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WQHwm-000608-1v
	for linux-mtd@lists.infradead.org; Wed, 19 Mar 2014 14:58:25 +0000
Received: (qmail 11289 invoked by uid 89); 19 Mar 2014 14:58:00 -0000
Received: by simscan 1.3.1 ppid: 11281, pid: 11286, t: 0.1220s
	scanners: attach: 1.3.1 clamav: 0.96.5/m:
Received: from unknown (HELO azrael.ibk.sigmapriv.at)
	(richard@nod.at@212.186.22.124)
	by radon.swed.at with ESMTPA; 19 Mar 2014 14:58:00 -0000
From: Richard Weinberger <richard@nod.at>
To: dedekind1@gmail.com
Subject: [PATCH] UBI: block: Avoid disk size integer overflow
Date: Wed, 19 Mar 2014 15:57:54 +0100
Message-Id: <1395241074-15506-1-git-send-email-richard@nod.at>
X-Mailer: git-send-email 1.8.1.4
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20140319_105824_405385_8F72B6B7 
X-CRM114-Status: GOOD (  10.06  )
X-Spam-Score: -1.9 (-)
X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary:
	Content analysis details:   (-1.9 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
Cc: Richard Weinberger <richard@nod.at>, linux-kernel@vger.kernel.org,
	linux-mtd@lists.infradead.org, ezequiel.garcia@free-electrons.com,
	computersforpeace@gmail.com, dwmw2@infradead.org
X-BeenThere: linux-mtd@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-mtd/>
List-Post: <mailto:linux-mtd@lists.infradead.org>
List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This patch fixes the issue that on very large UBI volumes
UBI block does not work correctly.

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 drivers/mtd/ubi/block.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 9ef7df7..8887d4b 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -379,7 +379,7 @@ int ubiblock_create(struct ubi_volume_info *vi)
 {
 	struct ubiblock *dev;
 	struct gendisk *gd;
-	int disk_capacity;
+	u64 disk_capacity;
 	int ret;
 
 	/* Check that the volume isn't already handled */
@@ -413,7 +413,12 @@ int ubiblock_create(struct ubi_volume_info *vi)
 	gd->first_minor = dev->ubi_num * UBI_MAX_VOLUMES + dev->vol_id;
 	gd->private_data = dev;
 	sprintf(gd->disk_name, "ubiblock%d_%d", dev->ubi_num, dev->vol_id);
-	disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+	disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+	if ((sector_t)disk_capacity != disk_capacity) {
+		ubi_err("block: disk capacity %llu too large", disk_capacity);
+		ret = -E2BIG;
+		goto out_free_dev;
+	}
 	set_capacity(gd, disk_capacity);
 	dev->gd = gd;
 
@@ -500,7 +505,7 @@ int ubiblock_remove(struct ubi_volume_info *vi)
 static void ubiblock_resize(struct ubi_volume_info *vi)
 {
 	struct ubiblock *dev;
-	int disk_capacity;
+	u64 disk_capacity;
 
 	/*
 	 * Need to lock the device list until we stop using the device,
@@ -515,7 +520,13 @@ static void ubiblock_resize(struct ubi_volume_info *vi)
 	}
 
 	mutex_lock(&dev->dev_mutex);
-	disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+	disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
+	if ((sector_t)disk_capacity != disk_capacity) {
+		ubi_err("block: disk capacity %llu too large", disk_capacity);
+		mutex_unlock(&dev->dev_mutex);
+		mutex_unlock(&devices_mutex);
+		return;
+	}
 	set_capacity(dev->gd, disk_capacity);
 	ubi_msg("%s resized to %d LEBs", dev->gd->disk_name, vi->size);
 	mutex_unlock(&dev->dev_mutex);