UBI: block: Avoid disk size integer overflow

This patch fixes the issue that on very large UBI volumes
UBI block does not work correctly.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 043919ad35e4a1b010b8495a26ab161f06faba9a..33c64955d4d7b3e4bd1d9fc09b08b42b1113db34 100644 (file)
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -378,9 +378,11 @@ int ubiblock_create(struct ubi_volume_info *vi)
 {
        struct ubiblock *dev;
        struct gendisk *gd;
-       int disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+       u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
        int ret;
 
+       if ((sector_t)disk_capacity != disk_capacity)
+               return -EFBIG;
        /* Check that the volume isn't already handled */
        mutex_lock(&devices_mutex);
        if (find_dev_nolock(vi->ubi_num, vi->vol_id)) {
@@ -500,8 +502,13 @@ int ubiblock_remove(struct ubi_volume_info *vi)
 static int ubiblock_resize(struct ubi_volume_info *vi)
 {
        struct ubiblock *dev;
-       int disk_capacity = (vi->size * vi->usable_leb_size) >> 9;
+       u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
 
+       if ((sector_t)disk_capacity != disk_capacity) {
+               ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
+                        dev->gd->disk_name, vi->size);
+               return -EFBIG;
+       }
        /*
         * Need to lock the device list until we stop using the device,
         * otherwise the device struct might get released in