From: Richard Weinberger Date: Mon, 5 May 2014 10:11:54 +0000 (-0300) Subject: UBI: block: Avoid disk size integer overflow X-Git-Tag: firefly_0821_release~176^2~3411^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4df38926f337ff4de49a8fb512aa4a55df0c502d;p=firefly-linux-kernel-4.4.55.git UBI: block: Avoid disk size integer overflow This patch fixes the issue that on very large UBI volumes UBI block does not work correctly. Signed-off-by: Richard Weinberger Signed-off-by: Ezequiel Garcia Signed-off-by: Artem Bityutskiy --- diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c index 043919ad35e4..33c64955d4d7 100644 --- a/drivers/mtd/ubi/block.c +++ b/drivers/mtd/ubi/block.c @@ -378,9 +378,11 @@ int ubiblock_create(struct ubi_volume_info *vi) { struct ubiblock *dev; struct gendisk *gd; - int disk_capacity = (vi->size * vi->usable_leb_size) >> 9; + u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9; int ret; + if ((sector_t)disk_capacity != disk_capacity) + return -EFBIG; /* Check that the volume isn't already handled */ mutex_lock(&devices_mutex); if (find_dev_nolock(vi->ubi_num, vi->vol_id)) { @@ -500,8 +502,13 @@ int ubiblock_remove(struct ubi_volume_info *vi) static int ubiblock_resize(struct ubi_volume_info *vi) { struct ubiblock *dev; - int disk_capacity = (vi->size * vi->usable_leb_size) >> 9; + u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9; + if ((sector_t)disk_capacity != disk_capacity) { + ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)", + dev->gd->disk_name, vi->size); + return -EFBIG; + } /* * Need to lock the device list until we stop using the device, * otherwise the device struct might get released in