From patchwork Wed Jun 28 23:38:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cyril Bur X-Patchwork-Id: 781964 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wyfPc42Gmz9s7B for ; Thu, 29 Jun 2017 09:38:44 +1000 (AEST) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3wyfPc29wHzDr46 for ; Thu, 29 Jun 2017 09:38:44 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3wyfPW1CYmzDr1b for ; Thu, 29 Jun 2017 09:38:39 +1000 (AEST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5SNYHCN118722 for ; Wed, 28 Jun 2017 19:38:37 -0400 Received: from e23smtp08.au.ibm.com (e23smtp08.au.ibm.com [202.81.31.141]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bcnxrrjfj-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 28 Jun 2017 19:38:36 -0400 Received: from localhost by e23smtp08.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 09:38:34 +1000 Received: from d23relay07.au.ibm.com (202.81.31.226) by e23smtp08.au.ibm.com (202.81.31.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 09:38:31 +1000 Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96]) by d23relay07.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5SNcVaY6226228 for ; Thu, 29 Jun 2017 09:38:31 +1000 Received: from d23av01.au.ibm.com (localhost [127.0.0.1]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v5SNcUVS029134 for ; Thu, 29 Jun 2017 09:38:30 +1000 Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.192.253.14]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v5SNcUYA029131; Thu, 29 Jun 2017 09:38:30 +1000 Received: from camb691.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 94B3CA01B5; Thu, 29 Jun 2017 09:38:30 +1000 (AEST) From: Cyril Bur To: skiboot@lists.ozlabs.org Date: Thu, 29 Jun 2017 09:38:01 +1000 X-Mailer: git-send-email 2.13.2 X-TM-AS-MML: disable x-cbid: 17062823-0048-0000-0000-0000024BEDA8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062823-0049-0000-0000-000047FCD320 Message-Id: <20170628233804.18412-1-cyril.bur@au1.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-28_15:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706280375 Subject: [Skiboot] [PATCH 1/4] core/flash: Allow OPAL flash calls for size equal to flash X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: alistair@popple.id.au, sam@mendozajonas.com MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" A bounds checking mistake prevents opal_flash_{read,write,erase} calls from having a length equal to the size of the flash. This bug has been present since the beginning (e7d1f60e core/flash: Add flash API) of these calls. Until before d6a5b53f libflash/blocklevel: Add blocklevel_smart_erase() 6/4/2017 none of our tools would have performed a single command for the full size of the flash. It would still have be possible to persuade `dd` to do this by using a block size equal to the size of the flash or other mtd related tools. Any pflash built with blocklevel_smart_erase() will perform one call to Linux and then Skiboot for the size of flash. Signed-off-by: Cyril Bur Reviewed-by: Alistair Popple --- core/flash.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/flash.c b/core/flash.c index 8a908e5b..f0390394 100644 --- a/core/flash.c +++ b/core/flash.c @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -342,8 +343,10 @@ static int64_t opal_flash_op(enum flash_op op, uint64_t id, uint64_t offset, goto err; } - if (size >= flash->size || offset >= flash->size + if (size > flash->size || offset >= flash->size || offset + size > flash->size) { + prlog(PR_DEBUG, "Requested flash op %d beyond flash size %" PRIu64 "\n", + op, flash->size); rc = OPAL_PARAMETER; goto err; }