From: Przemyslaw Marczak <p.marczak@samsung.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/4] usb: ums: fix bug in partition capacity computation.
Date: Fri, 18 Oct 2013 17:05:45 +0200 [thread overview]
Message-ID: <52614E49.8010109@samsung.com> (raw)
In-Reply-To: <201310171941.20573.marex@denx.de>
Hi Marek,
On 10/17/2013 07:41 PM, Marek Vasut wrote:
> Dear Przemyslaw Marczak,
>
>> Before this change ums disk capacity was miscalculated because
>> of integer overflow.
>>
>> Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
>> Cc: Marek Vasut <marex@denx.de>
>> ---
>> board/samsung/common/ums.c | 16 ++++++++++++----
>> 1 file changed, 12 insertions(+), 4 deletions(-)
>>
>> diff --git a/board/samsung/common/ums.c b/board/samsung/common/ums.c
>> index 1f28590..6c4e6c4 100644
>> --- a/board/samsung/common/ums.c
>> +++ b/board/samsung/common/ums.c
>> @@ -37,11 +37,19 @@ static int ums_write_sector(struct ums *ums_dev,
>>
>> static void ums_get_capacity(struct ums *ums_dev, long long int *capacity)
>> {
>> - long long int tmp_capacity;
>> + int64_t mmc_capacity = (int64_t)ums_dev->mmc->capacity;
>
> Why are these casts here?
>
>> + int64_t ums_capacity = (int64_t)ums_dev->part_size * SECTOR_SIZE;
>> + int64_t ums_offset = (int64_t)ums_dev->offset * SECTOR_SIZE;
>
> And here all around? And why are these values signed, can there ever be negative
> value in them?
>
I tried to fix it without changes in ums driver because it works fine.
Of course capacity can't be a negative value.
When we set some offset and some part size we have an integer overflow
at this line, just before cast to long long int:
>> - tmp_capacity = (long long int)((ums_dev->offset + ums_dev->part_size)
>> - * SECTOR_SIZE);
>> - *capacity = ums_dev->mmc->capacity - tmp_capacity;
In the best case of overflow - ums partition capacity will have the same
value as mmc cap, but if offset was set, then the partition size will be
exceeded.
>> + if (ums_capacity && ((ums_capacity + ums_offset) < mmc_capacity))
>> + *capacity = ums_capacity;
>> + else
>> + *capacity = mmc_capacity - ums_offset;
>
> Urgh, what exactly does this code achieve again?
This code above avoids situation when tmp_capacity value is bigger than
real mmc capacity. I don't check next the offset but this is also the
reason why I put printf here. I assume that developer should know how to
define UMS_START_BLOCK and UMS_PART_SIZE if no, some information will be
printed.
>
>> + printf("UMS: partition capacity: %#llx blocks\n"
>> + "UMS: partition start block: %#x\n",
>> + *capacity / SECTOR_SIZE,
>> + ums_dev->offset);
>> }
>>
>> static struct ums ums_dev = {
>
> Best regards,
> Marek Vasut
>
In summary I will change signed variables to unsigned here and few in
the ums gadget driver.
Moreover now I think that it will be better to replace part_size from
the struct ums_dev with part_blk_num and compute its value at ums_init
function. And then pointer to ums_get_capacity is not needed in ums
structure.
What do you think about this?
--
Przemyslaw Marczak
Samsung R&D Institute Poland
Samsung Electronics
p.marczak at samsung.com
next prev parent reply other threads:[~2013-10-18 15:05 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-16 13:21 [U-Boot] [PATCH 0/4] USB: UMS: code refactoring and usage improvement Przemyslaw Marczak
2013-10-16 13:21 ` [U-Boot] [PATCH 1/4] usb: ums: move ums code from trats to Samsung common directory Przemyslaw Marczak
2013-10-17 17:39 ` Marek Vasut
2013-10-18 11:38 ` Przemyslaw Marczak
2013-10-18 13:58 ` Marek Vasut
2013-10-16 13:21 ` [U-Boot] [PATCH 2/4] usb: ums: code refactoring to improve reusability at other boards Przemyslaw Marczak
2013-10-16 13:21 ` [U-Boot] [PATCH 3/4] usb: ums: fix bug in partition capacity computation Przemyslaw Marczak
2013-10-17 17:41 ` Marek Vasut
2013-10-18 15:05 ` Przemyslaw Marczak [this message]
2013-10-19 0:57 ` Marek Vasut
2013-10-22 11:04 ` Przemyslaw Marczak
2013-10-16 13:21 ` [U-Boot] [PATCH 4/4] usb: ums: add ums exit feature by ctrl+c or by detach usb cable Przemyslaw Marczak
2013-10-17 17:43 ` Marek Vasut
2013-10-23 12:30 ` [U-Boot] [PATCH v2 0/5] USB: UMS: code refactoring and usage improvement Przemyslaw Marczak
2013-10-23 12:30 ` [U-Boot] [PATCH v2 1/5] usb: ums: code refactoring to improve reusability on other boards Przemyslaw Marczak
2013-10-27 18:18 ` Marek Vasut
2013-10-28 7:38 ` Lukasz Majewski
2013-10-28 8:47 ` Marek Vasut
2013-10-23 12:30 ` [U-Boot] [PATCH v2 2/5] usb: ums: allows using every mmc device with ums Przemyslaw Marczak
2013-10-23 12:30 ` [U-Boot] [PATCH v2 3/5] usb: ums: fix disk capacity miscalculation and code cleanup Przemyslaw Marczak
2013-10-23 12:30 ` [U-Boot] [PATCH v2 4/5] usb: ums: move ums code from trats to Samsung common directory Przemyslaw Marczak
2013-10-23 12:30 ` [U-Boot] [PATCH v2 5/5] usb: ums: add ums exit feature by ctrl+c or by detach usb cable Przemyslaw Marczak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52614E49.8010109@samsung.com \
--to=p.marczak@samsung.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox