Re: [PATCH] mtd: ubi: Added a check for ubi_num
From: Zhihao Cheng
Date: Mon Nov 25 2024 - 08:42:09 EST
在 2024/11/25 21:23, Denis Arefev 写道:
Added a check for ubi_num for negative numbers
If the variable ubi_num takes negative values then we get:
qemu-system-arm ... -append "ubi.mtd=0,0,0,-22222345" ...
[ 0.745065] ubi_attach_mtd_dev from ubi_init+0x178/0x218
[ 0.745230] ubi_init from do_one_initcall+0x70/0x1ac
[ 0.745344] do_one_initcall from kernel_init_freeable+0x198/0x224
[ 0.745474] kernel_init_freeable from kernel_init+0x18/0x134
[ 0.745600] kernel_init from ret_from_fork+0x14/0x28
[ 0.745727] Exception stack(0x90015fb0 to 0x90015ff8)
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 897a316c9e6f ("UBI: handle attach ioctl")
Hi Denis,
I think the problem is imported by
83ff59a066637a6c28844bbf43009459408240f4("UBI: support ubi_num on
mtd.ubi command line").
Signed-off-by: Denis Arefev <arefev@xxxxxxxxx>
---
drivers/mtd/ubi/build.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
index 30be4ed68fad..dae569f48b87 100644
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -920,7 +920,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
return -ENFILE;
}
} else {
- if (ubi_num >= UBI_MAX_DEVICES)
+ if (ubi_num < UBI_DEV_NUM_AUTO || ubi_num >= UBI_MAX_DEVICES)
return -EINVAL;
The ioctl(UBI_IOCATT) already checks the 'ubi_num', so I prefer to add
the missing check in ubi_mtd_param_parse().
/* Make sure ubi_num is not busy */