mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH 1/2] mtd: mtd_[read|write|erase]: check for valid input data
@ 2016-03-04  7:33 Sascha Hauer
  2016-03-04  7:33 ` [PATCH 2/2] mtd: nand: default bitflip-reporting threshold to 75% of correction strength Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Sascha Hauer @ 2016-03-04  7:33 UTC (permalink / raw)
  To: Barebox List

mtd_[read|write|erase] are input functions to the mtd subsystem, so
check for valid input data here rather than relying on the drivers doing
this. The checks are copied from the Kernel as of 4.5-rc5

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 drivers/mtd/core.c      | 22 ++++++++++++++++++++++
 include/linux/mtd/mtd.h |  2 ++
 2 files changed, 24 insertions(+)

diff --git a/drivers/mtd/core.c b/drivers/mtd/core.c
index e35571d..161c6ad 100644
--- a/drivers/mtd/core.c
+++ b/drivers/mtd/core.c
@@ -326,6 +326,11 @@ int mtd_read(struct mtd_info *mtd, loff_t from, size_t len, size_t *retlen,
 	int ret_code;
 	*retlen = 0;
 
+	if (from < 0 || from >= mtd->size || len > mtd->size - from)
+		return -EINVAL;
+	if (!len)
+		return 0;
+
 	/*
 	 * In the absence of an error, drivers return a non-negative integer
 	 * representing the maximum number of bitflips that were corrected on
@@ -344,11 +349,28 @@ int mtd_write(struct mtd_info *mtd, loff_t to, size_t len, size_t *retlen,
 {
 	*retlen = 0;
 
+	if (to < 0 || to >= mtd->size || len > mtd->size - to)
+		return -EINVAL;
+	if (!mtd->write || !(mtd->flags & MTD_WRITEABLE))
+		return -EROFS;
+	if (!len)
+		return 0;
+
 	return mtd->write(mtd, to, len, retlen, buf);
 }
 
 int mtd_erase(struct mtd_info *mtd, struct erase_info *instr)
 {
+	if (instr->addr >= mtd->size || instr->len > mtd->size - instr->addr)
+		return -EINVAL;
+	if (!(mtd->flags & MTD_WRITEABLE))
+		return -EROFS;
+	instr->fail_addr = MTD_FAIL_ADDR_UNKNOWN;
+	if (!instr->len) {
+		instr->state = MTD_ERASE_DONE;
+		mtd_erase_callback(instr);
+		return 0;
+	}
 	return mtd->erase(mtd, instr);
 }
 
diff --git a/include/linux/mtd/mtd.h b/include/linux/mtd/mtd.h
index e430217..421a941 100644
--- a/include/linux/mtd/mtd.h
+++ b/include/linux/mtd/mtd.h
@@ -26,6 +26,8 @@
 #define MTD_ERASE_DONE          0x08
 #define MTD_ERASE_FAILED        0x10
 
+#define MTD_FAIL_ADDR_UNKNOWN -1LL
+
 /* If the erase fails, fail_addr might indicate exactly which block failed.  If
    fail_addr = 0xffffffff, the failure was not at the device level or was not
    specific to any particular block. */
-- 
2.7.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-03-04  7:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-04  7:33 [PATCH 1/2] mtd: mtd_[read|write|erase]: check for valid input data Sascha Hauer
2016-03-04  7:33 ` [PATCH 2/2] mtd: nand: default bitflip-reporting threshold to 75% of correction strength Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox