From: Peng Fan <van.freenix@gmail.com>
To: linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
computersforpeace@gmail.com
Cc: van.freenix@gmail.com, David Woodhouse <dwmw2@infradead.org>
Subject: [PATCH v2] mtd: blktrans: fix multiplication overflow
Date: Fri, 11 Sep 2015 21:41:47 +0800 [thread overview]
Message-ID: <1441978907-19520-1-git-send-email-van.freenix@gmail.com> (raw)
In drivers/mtd/mtd_blkdevs.c:
406 set_capacity(gd, (new->size * tr->blksize) >> 9);
The type of new->size is unsigned long and the type of tr->blksize is int,
the result of 'new->size * tr->blksize' may exceed ULONG_MAX on 32bit
machines.
I use nand chip MT29F32G08CBADBWP which is 4GB and the parameters passed
to kernel is 'mtdparts=gpmi-nand:-(user)', the whole nand chip will be
treated as a 4GB mtd partition. new->size is 0x800000 and tr->blksize is
0x200, 'new->size * tr->blksize' however is 0. This is what we do not want
to see.
Using type cast u64 to fix the multiplication overflow issue.
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Brian Norris <computersforpeace@gmail.com>
---
Changes V2:
use type cast to avoid build break for platforms which does not support 64 bit multilplication.
drivers/mtd/mtd_blkdevs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index 44dc965..cb47d79 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -399,7 +399,7 @@ int add_mtd_blktrans_dev(struct mtd_blktrans_dev *new)
snprintf(gd->disk_name, sizeof(gd->disk_name),
"%s%d", tr->name, new->devnum);
- set_capacity(gd, (new->size * tr->blksize) >> 9);
+ set_capacity(gd, ((u64)new->size * tr->blksize) >> 9);
/* Create the request queue */
spin_lock_init(&new->queue_lock);
--
1.8.4
next reply other threads:[~2015-09-11 13:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-11 13:41 Peng Fan [this message]
2015-09-29 0:28 ` [PATCH v2] mtd: blktrans: fix multiplication overflow Brian Norris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1441978907-19520-1-git-send-email-van.freenix@gmail.com \
--to=van.freenix@gmail.com \
--cc=computersforpeace@gmail.com \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.