From patchwork Fri Jun 12 14:41:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9dric_Le_Goater?= X-Patchwork-Id: 483633 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id EACF214029E for ; Sat, 13 Jun 2015 00:40:58 +1000 (AEST) Received: from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id C5BA91A0AAA for ; Sat, 13 Jun 2015 00:40:58 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from e06smtp15.uk.ibm.com (e06smtp15.uk.ibm.com [195.75.94.111]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 5A8AB1A07BD for ; Sat, 13 Jun 2015 00:40:55 +1000 (AEST) Received: from /spool/local by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 12 Jun 2015 15:40:50 +0100 Received: from d06dlp01.portsmouth.uk.ibm.com (9.149.20.13) by e06smtp15.uk.ibm.com (192.168.101.145) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 12 Jun 2015 15:40:48 +0100 X-Helo: d06dlp01.portsmouth.uk.ibm.com X-MailFrom: clg@fr.ibm.com X-RcptTo: skiboot@lists.ozlabs.org Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by d06dlp01.portsmouth.uk.ibm.com (Postfix) with ESMTP id EAFA917D8059 for ; Fri, 12 Jun 2015 15:41:50 +0100 (BST) Received: from d06av04.portsmouth.uk.ibm.com (d06av04.portsmouth.uk.ibm.com [9.149.37.216]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t5CEemTU24379534 for ; Fri, 12 Jun 2015 14:40:48 GMT Received: from d06av04.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t5CEekwo014679 for ; Fri, 12 Jun 2015 08:40:47 -0600 Received: from hermes.kaod.org (sig-9-83-171-193.evts.uk.ibm.com [9.83.171.193]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id t5CEejis014633; Fri, 12 Jun 2015 08:40:45 -0600 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= To: skiboot@lists.ozlabs.org Date: Fri, 12 Jun 2015 16:41:11 +0200 Message-Id: <1434120071-4905-1-git-send-email-clg@fr.ibm.com> X-Mailer: git-send-email 1.7.10.4 MIME-Version: 1.0 X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15061214-0021-0000-0000-0000043F3CDB Subject: [Skiboot] [PATCH] flash: fix offset and size parameters check X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Cyril Bur Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Copying the flash from the host fails : # cat /dev/mtd0 > pnor cat: /dev/mtd0: Input/output error and the kernel logs : [ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1) It seems that the check on the parameters in the opal_flash_op() routine are bit excessive and we fail to write or read the last block. Here is a fix below which should be enough to catch an out of bounds operation. Signed-off-by: Cédric Le Goater --- core/flash.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: skiboot.git/core/flash.c =================================================================== --- skiboot.git.orig/core/flash.c +++ skiboot.git/core/flash.c @@ -311,8 +311,7 @@ static int64_t opal_flash_op(enum flash_ goto err; } - if (size >= flash->size || offset >= flash->size - || offset + size >= flash->size) { + if (offset + size > flash->size) { rc = OPAL_PARAMETER; goto err; }