flash: fix offset and size parameters check

Copying the flash from the host fails : # cat /dev/mtd0 > pnor cat: /dev/mtd0: Input/output error and the kernel logs : [ 1357.866996] mtd mtd0: opal_flash_async_op(op=0) failed (rc -1) It seems that the check on the parameters in the opal_flash_op() routine are bit excessive and we fail to write or read the last block. Here is a fix below which should be enough to catch an out of bounds operation. Signed-off-by: Cédric Le Goater <clg@fr.ibm.com> Acked-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
author: Cédric Le Goater <clg@fr.ibm.com> 2015-06-15 11:55:38 +0200
committer: Stewart Smith <stewart@linux.vnet.ibm.com> 2015-06-16 07:07:17 +1000
commit: d16001878132fee6b3e6f82427191ae187a0a4a3 (patch)
tree: d0229dbb202d7ace89b5cc66425f3787d1a2d90c /core/flash.c
parent: 694fe1053fd163ab07af4b93ab4aee5757443f47 (diff)
download: skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.zip
skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.gz
skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/flash.c b/core/flash.c
index 7cd9153..bea5160 100644
--- a/core/flash.c
+++ b/core/flash.c
@@ -312,7 +312,7 @@ static int64_t opal_flash_op(enum flash_op op, uint64_t id, uint64_t offset,
 	}
 
 	if (size >= flash->size || offset >= flash->size
-			|| offset + size >= flash->size) {
+			|| offset + size > flash->size) {
 		rc = OPAL_PARAMETER;
 		goto err;
 	}
author	Cédric Le Goater <clg@fr.ibm.com>	2015-06-15 11:55:38 +0200
committer	Stewart Smith <stewart@linux.vnet.ibm.com>	2015-06-16 07:07:17 +1000
commit	d16001878132fee6b3e6f82427191ae187a0a4a3 (patch)
tree	d0229dbb202d7ace89b5cc66425f3787d1a2d90c /core/flash.c
parent	694fe1053fd163ab07af4b93ab4aee5757443f47 (diff)
download	skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.zip skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.gz skiboot-d16001878132fee6b3e6f82427191ae187a0a4a3.tar.bz2