diff options
author | Cédric Le Goater <clg@fr.ibm.com> | 2015-06-15 11:55:38 +0200 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2015-06-16 07:07:17 +1000 |
commit | d16001878132fee6b3e6f82427191ae187a0a4a3 (patch) | |
tree | d0229dbb202d7ace89b5cc66425f3787d1a2d90c /core/flash.c | |
parent | 694fe1053fd163ab07af4b93ab4aee5757443f47 (diff) | |
download | skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.zip skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.gz skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.bz2 |
flash: fix offset and size parameters check
Copying the flash from the host fails :
# cat /dev/mtd0 > pnor
cat: /dev/mtd0: Input/output error
and the kernel logs :
[ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1)
It seems that the check on the parameters in the opal_flash_op() routine
are bit excessive and we fail to write or read the last block.
Here is a fix below which should be enough to catch an out of bounds
operation.
Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'core/flash.c')
-rw-r--r-- | core/flash.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/flash.c b/core/flash.c index 7cd9153..bea5160 100644 --- a/core/flash.c +++ b/core/flash.c @@ -312,7 +312,7 @@ static int64_t opal_flash_op(enum flash_op op, uint64_t id, uint64_t offset, } if (size >= flash->size || offset >= flash->size - || offset + size >= flash->size) { + || offset + size > flash->size) { rc = OPAL_PARAMETER; goto err; } |