diff mbox series

ubi: Refuse attaching if mtd's erasesize is 0

Message ID	20230423111041.684297-1-chengzhihao1@huawei.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Zhihao Cheng <chengzhihao1@huawei.com> To: <richard@nod.at>, <miquel.raynal@bootlin.com>, <vigneshr@ti.com>, <haver@vnet.ibm.com>, <s.hauer@pengutronix.de>, <yhao016@ucr.edu> CC: <linux-mtd@lists.infradead.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH] ubi: Refuse attaching if mtd's erasesize is 0 Date: Sun, 23 Apr 2023 19:10:41 +0800 Message-ID: <20230423111041.684297-1-chengzhihao1@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	ubi: Refuse attaching if mtd's erasesize is 0 \| ubi: Refuse attaching if mtd's erasesize is 0

Commit Message

Zhihao Cheng April 23, 2023, 11:10 a.m. UTC

  There exists mtd devices with zero erasesize, which will trigger a
divide-by-zero exception while attaching ubi device.
Fix it by refusing attaching if mtd's erasesize is 0.

Fixes: 801c135ce73d ("UBI: Unsorted Block Images")
Reported-by: Yu Hao <yhao016@ucr.edu>
Link: https://lore.kernel.org/lkml/977347543.226888.1682011999468.JavaMail.zimbra@nod.at/T/
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
---
 drivers/mtd/ubi/build.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Miquel Raynal May 2, 2023, 8:56 a.m. UTC | #1

Hello,

chengzhihao1@huawei.com wrote on Sun, 23 Apr 2023 19:10:41 +0800:

> There exists mtd devices with zero erasesize, which will trigger a
> divide-by-zero exception while attaching ubi device.
> Fix it by refusing attaching if mtd's erasesize is 0.
> 
> Fixes: 801c135ce73d ("UBI: Unsorted Block Images")

IMHO, this should be backported to keep the vulnerable area as
small as possible, so:

Cc: stable@vger.kernel.org

> Reported-by: Yu Hao <yhao016@ucr.edu>
> Link: https://lore.kernel.org/lkml/977347543.226888.1682011999468.JavaMail.zimbra@nod.at/T/
> Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>

Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>

> ---
>  drivers/mtd/ubi/build.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
> index 6a2d1ef8d43c..69e92c31ace0 100644
> --- a/drivers/mtd/ubi/build.c
> +++ b/drivers/mtd/ubi/build.c
> @@ -896,6 +896,13 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
>  		return -EINVAL;
>  	}
>  
> +	/* UBI cannot work on flashes with zero erasesize. */
> +	if (!mtd->erasesize) {
> +		pr_err("ubi: refuse attaching mtd%d - zero erasesize flash is not supported\n",
> +			mtd->index);
> +		return -EINVAL;
> +	}
> +
>  	if (ubi_num == UBI_DEV_NUM_AUTO) {
>  		/* Search for an empty slot in the @ubi_devices array */
>  		for (ubi_num = 0; ubi_num < UBI_MAX_DEVICES; ubi_num++)


Thanks,
Miquèl

diff mbox series

Patch

diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
index 6a2d1ef8d43c..69e92c31ace0 100644
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -896,6 +896,13 @@  int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
 		return -EINVAL;
 	}
 
+	/* UBI cannot work on flashes with zero erasesize. */
+	if (!mtd->erasesize) {
+		pr_err("ubi: refuse attaching mtd%d - zero erasesize flash is not supported\n",
+			mtd->index);
+		return -EINVAL;
+	}
+
 	if (ubi_num == UBI_DEV_NUM_AUTO) {
 		/* Search for an empty slot in the @ubi_devices array */
 		for (ubi_num = 0; ubi_num < UBI_MAX_DEVICES; ubi_num++)